{"fileInfo":{"companyName":"AppEsteem Corporation","lastUpdate":"260504","storePrefix":"https://appesteemstorage.blob.core.windows.net/apps/","usageInfo":"This API is licensed to you under the AppEsteem API Agreement (https://appesteemstorage.blob.core.windows.net/public-documents/api-license-agreement.pdf). The data accessed by the API is licensed to you under to the AppEsteem Terms of Use (https://appesteemstorage.blob.core.windows.net/public-documents/terms-of-use.pdf) (collectively with the API Agreement, the TERMS). Your use of the API and access of the data indicates your agreement to these TERMS on behalf of yourself and the entity you represent. If you do not agree to these TERMS or are not authorized to bind your entity, do not access or use the data or API.","website":"https://customer.appesteem.com","seeAlso":"/Home/Deceptor","cleanup":"/Home/DeceptorFix","template":"/Home/DeceptorTemplate"},"containsInfo":{"querySatisfied":true,"type":null,"returnCount":2826,"top":0,"skip":0,"queryCount":2826,"yyyymm":null,"tofix":false},"deceptors":[{"violations":{"ACR-010":"Installation package masquerading as application LetsVPN installer, with hidden components (files/programs) bundled that are not related with LetsVPN. The hidden components are dropped and installed during installation. The installer propagates malicious program (for example: SHA256: b82b706eee4acbb0eb103c253db9744cf5f374ab2c20b630a972d1a74a2ba6c5; SHA256:af96daf71620f14e90e8b2981046ec4903df2c84be5b55b1c29eb8bd45af20d9)\n","ACR-014":"Landing page and installation prompts present the fake information tricking user to download malicious program that masquerades as LetsVPN application.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"kuailian-vpn.exe","isInstaller":"True","companyName":"Letsgo Network Incorporated","productName":"LetsVPN","productVersion":"91.8.18.79","fileVersion":"91.8.18.79","hashMD5":"4ce6f37b4f67cd015f9ecc0dbeb334bf","hashSHA1":"94094667d670fc64d5a509fc5724709ead3fe095","hashSHA256":"b82b706eee4acbb0eb103c253db9744cf5f374ab2c20b630a972d1a74a2ba6c5","digitalCertThumbprint":"599922EC0A2FB1E4D1DC92392DF25782B16ED90A","digitalCertIssuer":"CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=四川迅游网络科技股份有限公司, O=四川迅游网络科技股份有限公司, L=成都市, S=四川省, C=CN, SERIALNUMBER=91510100677184972A, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=成都市, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"1","avBlockList":["360 Total Security (20260428)","Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","Dr.Web Security Space (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","Malwarebytes Premium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":[]},{"isRevoked":"False","fileName":"LetsVPN.msi","isInstaller":"True","hashMD5":"ae36251d84fe803f915cdc1df690572b","hashSHA1":"5a7752bbc02a01a96d8ff3b9aa0660bb143c1df0","hashSHA256":"d46993d5f962abcf8c7de245df1b6e60328823cebc879fc3642db6ef1dc50263","sourceIndex":"1","avBlockList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","COMODO Antivirus (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["Dr.Web Security Space (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","Trend Micro Internet Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"kuail.msi","isInstaller":"True","hashMD5":"65f69c1a9ab36667e6b1cf71a7de0693","hashSHA1":"569ce87199d61f112375a0072774ec94d36272d9","hashSHA256":"abd30ca94ca5060512e380c64105a145dd2f6e4e0ad5b6b9c371689a19c4f298","sourceIndex":"1","avBlockList":["360 Total Security (20251223)","Avast Premium Security (20251223)","AVG Internet Security (20251223)","Avira Internet Security (20251223)","Bitdefender Internet Security (20251223)","COMODO Antivirus (20251223)","ESET Internet Security (20251223)","FortectPremium (20251223)","G DATA INTERNET SECURITY (20251223)","K7 Total Security (20251223)","KasperskyPremium (20251223)","Malwarebytes Premium (20251223)","McAfee Total Protection (20251223)","Norton Security (20251223)","Panda Dome (20251223)","Sophos Home Premium (20251223)","SpyHunter5 (20251223)","Total AV Antivirus Pro (20251223)","VIPRE Advanced Security (20251223)","VirIT eXplorer PRO (20251223)","Webroot SecureAnywhere (20251223)","Windows Defender (20251223)"],"avAllowList":["Dr.Web Security Space (20251223)","Quick Heal Internet Security (20251223)","Trend Micro Internet Security (20251223)"]},{"isRevoked":"False","fileName":"lest_Install.msi","isInstaller":"True","hashMD5":"747f3a1aa1da94e3b04fc6a925ae93df","hashSHA1":"1161fe7d2cab3587660c7e54cc221716012f3902","hashSHA256":"cb767c9817631094d488d5c3d99ee0ef0ad8240dce99159ebfe4bdc12b4c351d","digitalCertThumbprint":"95981A0FE8299FCF215465B087C0F0E62D79048B","digitalCertIssuer":"CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Emurasoft, Inc.\", O=\"Emurasoft, Inc.\", S=Washington, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"1","avBlockList":["360 Total Security (20251225)","Avast Premium Security (20251225)","AVG Internet Security (20251225)","Avira Internet Security (20251225)","Bitdefender Internet Security (20251225)","COMODO Antivirus (20251225)","Dr.Web Security Space (20251225)","ESET Internet Security (20251225)","FortectPremium (20251225)","G DATA INTERNET SECURITY (20251225)","K7 Total Security (20251225)","KasperskyPremium (20251225)","Malwarebytes Premium (20251225)","McAfee Total Protection (20251225)","Norton Security (20251225)","Sophos Home Premium (20251225)","SpyHunter5 (20251225)","Total AV Antivirus Pro (20251225)","VIPRE Advanced Security (20251225)","VirIT eXplorer PRO (20251225)","Webroot SecureAnywhere (20251225)"],"avAllowList":["Panda Dome (20251225)","Quick Heal Internet Security (20251225)","Trend Micro Internet Security (20251225)","Windows Defender (20251225)"]},{"isRevoked":"False","fileName":"Windows.msi","isInstaller":"True","hashMD5":"af8997b5e50035d4e1bdb53df284da4f","hashSHA1":"896f898f2c1afe8e2e35e0cfe4df388bee1e106e","hashSHA256":"4cd7cdea70f6d1ad9ed82247e15ad2057723e247b9a3b2914f45cac1987705c5","sourceIndex":"1","avBlockList":["360 Total Security (20260423)","Avast Premium Security (20260423)","AVG Internet Security (20260423)","Avira Internet Security (20260423)","Bitdefender Internet Security (20260423)","COMODO Antivirus (20260423)","Dr.Web Security Space (20260423)","ESET Internet Security (20260423)","G DATA INTERNET SECURITY (20260423)","K7 Total Security (20260423)","KasperskyPremium (20260423)","Malwarebytes Premium (20260423)","McAfee Total Protection (20260423)","Norton Security (20260423)","Panda Dome (20260423)","Sophos Home Premium (20260423)","SpyHunter5 (20260423)","Total AV Antivirus Pro (20260423)","VIPRE Advanced Security (20260423)","VirIT eXplorer PRO (20260423)","Webroot SecureAnywhere (20260423)","Windows Defender (20260423)"],"avAllowList":["FortectPremium (20260423)","Quick Heal Internet Security (20260423)","Trend Micro Internet Security (20260423)"]},{"isRevoked":"False","fileName":"Win64%20-%20LetsProa1.1.msi","isInstaller":"True","hashMD5":"aee3c7e910fc5a89819a56b0ede0487c","hashSHA1":"a5e77399a7d0f17bccbada8e1e31be1a84fbd07f","hashSHA256":"fb88b8f1a1312d09424c028e2c1c577165648b0e6e9080887f5f6d0e4bc81de5","sourceIndex":"1","avBlockList":["360 Total Security (20251230)","Avast Premium Security (20251230)","AVG Internet Security (20251230)","Avira Internet Security (20251230)","Bitdefender Internet Security (20251230)","COMODO Antivirus (20251230)","Dr.Web Security Space (20251230)","ESET Internet Security (20251230)","FortectPremium (20251230)","G DATA INTERNET SECURITY (20251230)","K7 Total Security (20251230)","KasperskyPremium (20251230)","Malwarebytes Premium (20251230)","McAfee Total Protection (20251230)","Norton Security (20251230)","Panda Dome (20251230)","Quick Heal Internet Security (20251230)","Sophos Home Premium (20251230)","SpyHunter5 (20251230)","Total AV Antivirus Pro (20251230)","Trend Micro Internet Security (20251230)","VIPRE Advanced Security (20251230)","VirIT eXplorer PRO (20251230)","Webroot SecureAnywhere (20251230)","Windows Defender (20251230)"],"avAllowList":[]},{"isRevoked":"False","fileName":"letsvpn-latest.exe","isInstaller":"True","hashMD5":"3eabf7921c52a0ecbc11891722d7f0db","hashSHA1":"87ce495e38ed3ef10f519b4f667f6f158769e105","hashSHA256":"6a4100e29add30926d2fcbbeed4f0647f6fbee323d551390435d07af606bf774","digitalCertThumbprint":"20C98CD8E61F7B9E77DBD74242B7538FF410F57B","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=ShenZhen Thunder Networking Technologies Ltd., OU=Operate, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShenZhen Thunder Networking Technologies Ltd., L=Shenzhen, S=Guangdong, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"1","avBlockList":["Avast Premium Security (20260421)","AVG Internet Security (20260421)","Avira Internet Security (20260421)","Bitdefender Internet Security (20260421)","COMODO Antivirus (20260421)","ESET Internet Security (20260421)","FortectPremium (20260421)","G DATA INTERNET SECURITY (20260421)","K7 Total Security (20260421)","KasperskyPremium (20260421)","Malwarebytes Premium (20260421)","McAfee Total Protection (20260421)","Norton Security (20260421)","Panda Dome (20260421)","Quick Heal Internet Security (20260421)","Sophos Home Premium (20260421)","SpyHunter5 (20260421)","Total AV Antivirus Pro (20260421)","Trend Micro Internet Security (20260421)","VIPRE Advanced Security (20260421)","VirIT eXplorer PRO (20260421)","Webroot SecureAnywhere (20260421)","Windows Defender (20260421)"],"avAllowList":["360 Total Security (20260421)","Dr.Web Security Space (20260421)"]}],"additionalFiles":[],"sources":[{"howFound":"Spoofed LetsVPN","reference":"","landingPage":"https://www.kaovpn.com/","ipv4":"","ipv6":"","sourceIndex":"1"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.im/","ipv4":"","ipv6":"","sourceIndex":"2"},{"howFound":"","reference":"","landingPage":"https://www.letsvpnn.com/","ipv4":"","ipv6":"","sourceIndex":"3"},{"howFound":"","reference":"","landingPage":"https://kmvpn.com/index.html","ipv4":"","ipv6":"","sourceIndex":"4"},{"howFound":"","reference":"","landingPage":"https://www.kuailian-vpn.org.cn/","ipv4":"","ipv6":"","sourceIndex":"5"},{"howFound":"","reference":"","landingPage":"https://kmvpn.com/download.html","ipv4":"","ipv6":"","sourceIndex":"6"},{"howFound":"","reference":"","landingPage":"https://www.pc-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"7"},{"howFound":"","reference":"","landingPage":"https://www.kuaillan.com/","ipv4":"","ipv6":"","sourceIndex":"8"},{"howFound":"","reference":"","landingPage":"https://letsvnpn.com/index.html","ipv4":"","ipv6":"","sourceIndex":"9"},{"howFound":"","reference":"","landingPage":"https://www.kuaillian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"10"},{"howFound":"","reference":"","landingPage":"https://www.vpn-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"11"},{"howFound":"","reference":"","landingPage":"https://www.kuailian.im/","ipv4":"","ipv6":"","sourceIndex":"12"},{"howFound":"","reference":"","landingPage":"https://www.pugane.com/","ipv4":"","ipv6":"","sourceIndex":"13"},{"howFound":"","reference":"","landingPage":"https://gaojianzixun.com/","ipv4":"","ipv6":"","sourceIndex":"14"},{"howFound":"","reference":"","landingPage":"https://www.xalianao.com/","ipv4":"","ipv6":"","sourceIndex":"15"},{"howFound":"","reference":"","landingPage":"https://www.haomiaomiao.com/","ipv4":"","ipv6":"","sourceIndex":"16"},{"howFound":"","reference":"","landingPage":"https://www.kuailianlian.com.cn/xiazai/","ipv4":"","ipv6":"","sourceIndex":"17"},{"howFound":"","reference":"","landingPage":"https://www.kuailianquick.com/","ipv4":"","ipv6":"","sourceIndex":"18"},{"howFound":"","reference":"","landingPage":"https://kuailianup.com/","ipv4":"","ipv6":"","sourceIndex":"19"},{"howFound":"","reference":"","landingPage":"https://www.kuilian-china.com","ipv4":"","ipv6":"","sourceIndex":"20"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.im/","ipv4":"","ipv6":"","sourceIndex":"21"},{"howFound":"","reference":"","landingPage":"https://www.letsvpnn.com/","ipv4":"","ipv6":"","sourceIndex":"22"},{"howFound":"","reference":"","landingPage":"https://kmvpn.com/index.html","ipv4":"","ipv6":"","sourceIndex":"23"},{"howFound":"","reference":"","landingPage":"https://www.kuailian-vpn.org.cn/","ipv4":"","ipv6":"","sourceIndex":"24"},{"howFound":"","reference":"","landingPage":"https://kmvpn.com/download.html","ipv4":"","ipv6":"","sourceIndex":"25"},{"howFound":"","reference":"","landingPage":"https://www.pc-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"26"},{"howFound":"","reference":"","landingPage":"https://www.kuaillan.com/","ipv4":"","ipv6":"","sourceIndex":"27"},{"howFound":"","reference":"","landingPage":"https://letsvnpn.com/index.html","ipv4":"","ipv6":"","sourceIndex":"28"},{"howFound":"","reference":"","landingPage":"https://www.kuaillian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"29"},{"howFound":"","reference":"","landingPage":"https://www.vpn-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"30"},{"howFound":"","reference":"","landingPage":"https://www.kuailian.im/","ipv4":"","ipv6":"","sourceIndex":"31"},{"howFound":"","reference":"","landingPage":"https://www.pugane.com/","ipv4":"","ipv6":"","sourceIndex":"32"},{"howFound":"","reference":"","landingPage":"https://gaojianzixun.com/","ipv4":"","ipv6":"","sourceIndex":"33"},{"howFound":"","reference":"","landingPage":"https://www.xalianao.com/","ipv4":"","ipv6":"","sourceIndex":"34"},{"howFound":"","reference":"","landingPage":"https://www.haomiaomiao.com/","ipv4":"","ipv6":"","sourceIndex":"35"},{"howFound":"","reference":"","landingPage":"https://www.kuailianlian.com.cn/xiazai/","ipv4":"","ipv6":"","sourceIndex":"36"},{"howFound":"","reference":"","landingPage":"https://www.kuailianquick.com/","ipv4":"","ipv6":"","sourceIndex":"37"},{"howFound":"","reference":"","landingPage":"https://kuailianup.com/","ipv4":"","ipv6":"","sourceIndex":"38"},{"howFound":"","reference":"","landingPage":"https://www.kuilian-china.com/","ipv4":"","ipv6":"","sourceIndex":"39"},{"howFound":"","reference":"","landingPage":"https://www.kuailianppp.com.cn/","ipv4":"","ipv6":"","sourceIndex":"40"},{"howFound":"","reference":"","landingPage":"https://www.letsvpns.com/","ipv4":"","ipv6":"","sourceIndex":"41"},{"howFound":"","reference":"","landingPage":"https://www.cakuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"42"},{"howFound":"","reference":"","landingPage":"https://kualianvpn.com/","ipv4":"","ipv6":"","sourceIndex":"43"},{"howFound":"","reference":"","landingPage":"https://www.kuailianvo.com.cn/","ipv4":"","ipv6":"","sourceIndex":"44"},{"howFound":"","reference":"","landingPage":"https://www.kuailianui.com.cn/","ipv4":"","ipv6":"","sourceIndex":"45"},{"howFound":"","reference":"","landingPage":"https://www.kuailianchina.com/","ipv4":"","ipv6":"","sourceIndex":"46"},{"howFound":"","reference":"","landingPage":"https://tiaozhuan.hgjjwl.asia/Lets%20%E5%8A%A0%E9%80%9F%E5%99%A8.html?/","ipv4":"","ipv6":"","sourceIndex":"47"},{"howFound":"","reference":"","landingPage":"https://letsvpnaccess.cn/","ipv4":"","ipv6":"","sourceIndex":"48"},{"howFound":"","reference":"","landingPage":"https://kuainlin.com.cn/","ipv4":"","ipv6":"","sourceIndex":"49"},{"howFound":"","reference":"","landingPage":"https://letsvpn-kuailianvpn.com/enproduct/","ipv4":"","ipv6":"","sourceIndex":"50"},{"howFound":"","reference":"","landingPage":"https://letsvpn-service.com/","ipv4":"","ipv6":"","sourceIndex":"51"},{"howFound":"","reference":"","landingPage":"https://sites.google.com/view/wuyunseomv/home","ipv4":"","ipv6":"","sourceIndex":"52"},{"howFound":"","reference":"","landingPage":"https://sites.google.com/view/bfbdten/home","ipv4":"","ipv6":"","sourceIndex":"53"},{"howFound":"","reference":"","landingPage":"https://ssl-letsvpn.com/pricing.html","ipv4":"","ipv6":"","sourceIndex":"54"},{"howFound":"","reference":"","landingPage":"https://www.zh-letsvpn.com.cn/","ipv4":"","ipv6":"","sourceIndex":"55"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.dev/","ipv4":"","ipv6":"","sourceIndex":"56"},{"howFound":"","reference":"","landingPage":"https://letsvpn.us/","ipv4":"","ipv6":"","sourceIndex":"57"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.us/","ipv4":"","ipv6":"","sourceIndex":"58"},{"howFound":"","reference":"","landingPage":"https://letsvpn.hot/","ipv4":"","ipv6":"","sourceIndex":"59"},{"howFound":"","reference":"","landingPage":"https://www.klvpnn.com/","ipv4":"","ipv6":"","sourceIndex":"60"},{"howFound":"","reference":"","landingPage":"https://mwm.ai/apps/vpn/1471102783","ipv4":"","ipv6":"","sourceIndex":"61"},{"howFound":"","reference":"","landingPage":"https://www.letsilvpn.com/","ipv4":"","ipv6":"","sourceIndex":"62"},{"howFound":"","reference":"","landingPage":"https://kuailian-dd.com.cn/","ipv4":"","ipv6":"","sourceIndex":"63"},{"howFound":"","reference":"","landingPage":"https://www.sbrjnf.com/","ipv4":"","ipv6":"","sourceIndex":"64"},{"howFound":"","reference":"","landingPage":"https://link-kuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"65"},{"howFound":"","reference":"","landingPage":"https://kui.lsai2.top/","ipv4":"","ipv6":"","sourceIndex":"66"},{"howFound":"","reference":"","landingPage":"https://letswvpn.com/","ipv4":"","ipv6":"","sourceIndex":"67"},{"howFound":"","reference":"","landingPage":"https://tcfrvj.com/ maisondeco.cn/?clickId=d0ybm7e9fjsl&mt=1774191703&ip=115.60.149.173&uid=d0ybm7e9fjsl&source=SEO_CN&utm_source=www.maisondeco.cn&platform=Linux&utm_campaign=fapnetKuailianSeptember23&siteUrl=%2F&trafficSource=direct&utm_medium=direct","ipv4":"","ipv6":"","sourceIndex":"68"},{"howFound":"","reference":"","landingPage":"https://wj-letsvpn.com","ipv4":"","ipv6":"","sourceIndex":"69"},{"howFound":"","reference":"","landingPage":"https://letsvpnofficial.com/","ipv4":"","ipv6":"","sourceIndex":"70"},{"howFound":"","reference":"","landingPage":"https://m.mfioi.cn/","ipv4":"","ipv6":"","sourceIndex":"71"},{"howFound":"","reference":"","landingPage":"https://ues-letsvpn.com/","ipv4":"","ipv6":"","sourceIndex":"72"},{"howFound":"","reference":"","landingPage":"https://vdlkzx.com/","ipv4":"","ipv6":"","sourceIndex":"73"},{"howFound":"","reference":"","landingPage":"https://www.gwqpmh.com","ipv4":"","ipv6":"","sourceIndex":"74"},{"howFound":"","reference":"","landingPage":"https://kainglian.com.cn","ipv4":"","ipv6":"","sourceIndex":"75"},{"howFound":"","reference":"","landingPage":"https://kainlian.com.cn/index.html","ipv4":"","ipv6":"","sourceIndex":"76"},{"howFound":"","reference":"","landingPage":"https://kuailiangrp.com.cn/","ipv4":"","ipv6":"","sourceIndex":"77"},{"howFound":"","reference":"","landingPage":"https://m.mfioi.cn/","ipv4":"","ipv6":"","sourceIndex":"78"},{"howFound":"","reference":"","landingPage":"http://kuailianevpn.com.cn/","ipv4":"","ipv6":"","sourceIndex":"79"},{"howFound":"","reference":"","landingPage":"https://of-klian.com/","ipv4":"","ipv6":"","sourceIndex":"80"},{"howFound":"","reference":"","landingPage":"http://rkkuailian.com.cn/","ipv4":"","ipv6":"","sourceIndex":"81"},{"howFound":"","reference":"","landingPage":"https://qsyydnbxz.com/","ipv4":"","ipv6":"","sourceIndex":"82"},{"howFound":"","reference":"","landingPage":"https://letsvpnx.pro/","ipv4":"","ipv6":"","sourceIndex":"83"},{"howFound":"","reference":"","landingPage":"https://www.letscpvpn.com/","ipv4":"","ipv6":"","sourceIndex":"84"},{"howFound":"","reference":"","landingPage":"https://kuaihlian.com.cn/#","ipv4":"","ipv6":"","sourceIndex":"85"},{"howFound":"","reference":"","landingPage":"https://kuaillan.cn/","ipv4":"","ipv6":"","sourceIndex":"86"},{"howFound":"","reference":"","landingPage":"http://kuailianvan.com.cn/","ipv4":"","ipv6":"","sourceIndex":"87"},{"howFound":"","reference":"","landingPage":"https://kuailianvan.com.cn/","ipv4":"","ipv6":"","sourceIndex":"88"},{"howFound":"","reference":"","landingPage":"https://knkuailian.com.cn","ipv4":"","ipv6":"","sourceIndex":"89"},{"howFound":"","reference":"","landingPage":"https://nuyi.mobi/#","ipv4":"","ipv6":"","sourceIndex":"90"},{"howFound":"","reference":"","landingPage":"https://bsiqso.cn/","ipv4":"","ipv6":"","sourceIndex":"91"},{"howFound":"","reference":"","landingPage":"https://letsvpn-asia.com/","ipv4":"","ipv6":"","sourceIndex":"92"},{"howFound":"","reference":"","landingPage":"http://oilkxv.cn/","ipv4":"","ipv6":"","sourceIndex":"93"},{"howFound":"","reference":"","landingPage":"https://kuailian-vpn3.com/","ipv4":"","ipv6":"","sourceIndex":"94"},{"howFound":"","reference":"","landingPage":"https://kuailianng.com.cn/","ipv4":"","ipv6":"","sourceIndex":"95"},{"howFound":"","reference":"","landingPage":"http://www.shpsqir.xyz/","ipv4":"","ipv6":"","sourceIndex":"96"},{"howFound":"","reference":"","landingPage":"https://kuailianfast.com/","ipv4":"","ipv6":"","sourceIndex":"97"},{"howFound":"","reference":"","landingPage":"https://kuail.xiazte.com/","ipv4":"","ipv6":"","sourceIndex":"98"},{"howFound":"","reference":"","landingPage":"https://www.kknqi.cn/","ipv4":"","ipv6":"","sourceIndex":"99"},{"howFound":"","reference":"","landingPage":"https://www.zh-letsvpn.com.cn/","ipv4":"","ipv6":"","sourceIndex":"100"},{"howFound":"","reference":"","landingPage":"https://www.lets-vpn.dev/","ipv4":"","ipv6":"","sourceIndex":"101"},{"howFound":"","reference":"","landingPage":"https://www.letsvpn.dev/download","ipv4":"","ipv6":"","sourceIndex":"102"},{"howFound":"","reference":"","landingPage":"https://www.kuailianvpn123.com/","ipv4":"","ipv6":"","sourceIndex":"103"},{"howFound":"","reference":"","landingPage":"https://www.vbfxe.cn","ipv4":"","ipv6":"","sourceIndex":"104"},{"howFound":"","reference":"","landingPage":"https://kuailiansz.com.cn/","ipv4":"","ipv6":"","sourceIndex":"105"}],"sampleFiles":["260416/SpoofedVPN-250813/250813/Samples/kuailian-vpn.exe","260416/SpoofedVPN-250813/250813/Samples/LetsVPN.msi","260416/SpoofedVPN-250813/250813/Samples/kuail.msi","260416/SpoofedVPN-250813/250813/Samples/lest_Install.msi","260416/SpoofedVPN-250813/250813/Samples/Windows.msi","260416/SpoofedVPN-250813/250813/Samples/Win64%20-%20LetsProa1.1.msi","260416/SpoofedVPN-250813/250813/Samples/letsvpn-latest.exe"],"imageFiles":["260416/SpoofedVPN-250813/250813/Images/ACR-014/ACR-014_Install_1.png","260416/SpoofedVPN-250813/250813/Images/ACR-014/ACR-014_Install_2.png","260416/SpoofedVPN-250813/250813/Images/ACR-010/ACR-010_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"2bf2d7f5-d2e1-442b-be89-16b89c31ba5c_250813_1","appID":"SpoofedVPN-250813","dateAdded":"260416","deceptorType":"App","name":"SpoofedVPN","company":"Unknown","version":"250813","lastKnownStatus":"250813;250923;251001;260416","lastKnownDate":"260416","type":"Windows Executable","category":"Business Developer Tools","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2026-04-16T22:09:13.1430455+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":0},{"violations":{"ACR-006":"The app does not disclose that it is serving up Yahoo! search results.\n","ACR-104":"The search doesn't clearly attribute Yahoo and disclose that user queries will be processed through it.\n","ACR-118":"After uninstallation, some executable files remain on the device without the user’s knowledge.\n","ACR-039":"The app silently adds \"PDF\" and \"Shift Browser\" shortcuts to the desktop without clearly disclosing their relationship during installation and EULA.\n"},"nonDeceptorViolations":{"ACR-038":"App is not clear about what it is installing.\n","ACR-040":"App installs in hidden folder %AppData% without proper disclosure.\n","ACR-065":"The install does not display links to the EULA and Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"Shift%20-%20PDF_x85yyw.exe","isInstaller":"True","companyName":"Shift Technologies Inc.                                     ","productName":"Shift Browser","productVersion":"144.0.0","fileVersion":"144.0.0","hashMD5":"b2b2e7a5c11674651be2aeac2a40a3be","hashSHA1":"90185678b018d9585e3cc424a4ebb58458dfd947","hashSHA256":"b3e96b580142c74a132d38e54758d4d09697e6441d2b75531d6a2a5b82c8f55f","digitalCertThumbprint":"0C9A1B5FD117CB11BF7D5E624B20E458F6BCFBF4","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Shift Technologies Inc, O=Shift Technologies Inc, L=Victoria, S=British Columbia, C=CA, SERIALNUMBER=BC1497351, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"106","avBlockList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","COMODO Antivirus (20260430)","FortectPremium (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","Norton Security (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["Bitdefender Internet Security (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","G DATA INTERNET SECURITY (20260430)","McAfee Total Protection (20260430)","Panda Dome (20260430)","Trend Micro Internet Security (20260430)","VIPRE Advanced Security (20260430)","Windows Defender (20260421)"]}],"additionalFiles":[],"sources":[{"howFound":"filehippo.com Ads","reference":"","landingPage":"https://shift.com/","directDownloadingLink":"https://app.shift.com/shift/download/Shift%20-%20PDF_x85yyw.exe?key=x85yyw&installer=shift-v144.0.0-web.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://app.shift.com/shift/download/Shift%20-%20PDF_x85yyw.exe?key=x85yyw&installer=shift-v144.0.0-web.exe","sourceIndex":"106"}],"sampleFiles":["260416/Shift-260415/144.00.76/Samples/Shift%20-%20PDF_x85yyw.exe"],"imageFiles":["260416/Shift-260415/144.00.76/Images/ACR-039/ACR-039_Install_1.png","260416/Shift-260415/144.00.76/Images/ACR-039/ACR-039_Install_2.png","260416/Shift-260415/144.00.76/Images/ACR-104/ACR-104_Software_1.png","260416/Shift-260415/144.00.76/Images/ACR-104/ACR-104.mp4","260416/Shift-260415/144.00.76/Images/ACR-006/ACR-006.mp4","260416/Shift-260415/144.00.76/Images/ACR-006/ACR-006_Software_1.png","260416/Shift-260415/144.00.76/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["260416/Shift-260415/144.00.76/Images/ACR-040/ACR-040_Install_1.png","260416/Shift-260415/144.00.76/Images/ACR-038/ACR-038_Install_1.png","260416/Shift-260415/144.00.76/Images/ACR-065/ACR-065.mp4"],"guid":"fdb84a90-bf10-4225-b554-dddc28b9e4c8_144.00.76_1","appID":"Shift-260415","dateAdded":"260416","deceptorType":"App","name":"Shift","company":"Shift Technologies Inc.","version":"144.00.76","lastKnownDate":"260416","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2026-04-16T19:58:29.7314858+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1},{"violations":{"ACR-007":"App does not obtain informed user explicit consent to reduce the consumer's security posture caused by resource sharing.\n","ACR-084":"1. Application creates auto startup item without providing option for user to disable it.\n2. Application doesn't provide visible indication that resource sharing on status.\n","ACR-014":"The app misleads the user by stating \"unprotected\", while another VPN service is already active and running.\n"},"nonDeceptorViolations":{"ACR-123":"The auto startup item is not removed during uninstallation.\n"},"samples":[{"isRevoked":"False","fileName":"tuxlerVPNSetup.exe","isInstaller":"True","companyName":"Tuxler Privacy Technologies, Inc.                           ","productName":"tuxlerVPN","productVersion":"2.3.0.8","fileVersion":"2.3.0.8","hashMD5":"62cc56af16af9b1a6e5b860178c51233","hashSHA1":"d30e708a08bcd0697b70a1d9ef221fe347e385fa","hashSHA256":"3260ac9c8d4826b002558eb657f91c6ffae65c4dce5dde6e9149188387e14657","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"108","avBlockList":["360 Total Security (20260430)","Bitdefender Internet Security (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","COMODO Antivirus (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","Total AV Antivirus Pro (20260430)","Trend Micro Internet Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"tuxlerVPN.exe","companyName":"Tuxler Privacy Technologies, Inc.","productName":"tuxlerVPN Desktop Application","productVersion":"2.3.0.8","fileVersion":"2.3.0.8","hashMD5":"5194c88f7624c94201ee209802150de6","hashSHA1":"67a3c6f39ce2978bf9c4a1fbba401ca089aef171","hashSHA256":"767e030327d9f0cedcc88a974d674e27215ae5072c5d3e43241461c082e0bf6e","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"108","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing VPN","reference":"","landingPage":"https://www.tuxlervpn.com","directDownloadingLink":"https://www.tuxlervpn.com/download-windows/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.tuxlervpn.com/download-windows/","sourceIndex":"108"}],"sampleFiles":["260324/TuxlerVPN-251102/2.3.0.8 new/Samples/tuxlerVPNSetup.exe"],"imageFiles":["260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-007/ACR-007_Install_1.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-007/ACR-007_Install_3.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-007/ACR-007_Install_2.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-084/ACR-084_Software_1.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-084/ACR-084_Software_2.png","260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":["260324/TuxlerVPN-251102/2.3.0.8 new/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"24479c47-8ef1-44a7-8d26-618183d10a05_2.3.0.8 new_1","appID":"TuxlerVPN-251102","dateAdded":"260324","deceptorType":"App","name":"TuxlerVPN","company":"TUXLER PRIVACY TECHNOLOGIES, INC.","version":"2.3.0.8 new","lastKnownStatus":"2.3.0.8","lastKnownDate":"260324","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2026-03-24T21:24:13.9779893+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2},{"violations":{"ACR-007":"App does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing.\n","ACR-084":"1. Application creates auto startup item without providing option for user to disable it.\n2. Application doesn't provide visible indication that resource sharing on status.\n","ACR-014":"The app misleads the user by stating \"unprotected\", while another VPN service is already active and running.\n"},"nonDeceptorViolations":{"ACR-123":"The auto startup item is not removed during uninstallation.\n"},"samples":[{"isRevoked":"False","fileName":"tuxlerVPNSetup.exe","isInstaller":"True","companyName":"Tuxler Privacy Technologies, Inc.                           ","productName":"tuxlerVPN","productVersion":"2.3.0.8","fileVersion":"2.3.0.8","hashMD5":"ead351096aea7e698bae201db791d10e","hashSHA1":"3ec8d26ada98dfdef5044416d7dc3aa2cdfbf877","hashSHA256":"9188e5b848926666064d40c59a29744db173ed253ddd773883a601e20f3e87b1","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"152","avBlockList":["G DATA INTERNET SECURITY (20260326)","K7 Total Security (20260326)","KasperskyPremium (20260326)","Malwarebytes Premium (20260326)","McAfee Total Protection (20260326)","Panda Dome (20260326)","Quick Heal Internet Security (20260326)","Sophos Home Premium (20260326)","SpyHunter5 (20260326)","VIPRE Advanced Security (20260326)","VirIT eXplorer PRO (20260326)","Webroot SecureAnywhere (20260326)"],"avAllowList":["360 Total Security (20260326)","Avast Premium Security (20260326)","AVG Internet Security (20260326)","Avira Internet Security (20260326)","Bitdefender Internet Security (20260326)","COMODO Antivirus (20260326)","Dr.Web Security Space (20260326)","ESET Internet Security (20260326)","FortectPremium (20260326)","Norton Security (20260326)","Total AV Antivirus Pro (20260326)","Trend Micro Internet Security (20260326)","Windows Defender (20260326)"]},{"isRevoked":"False","fileName":"ExtensionHelperAppHelperTuxler.exe","companyName":"Tuxler Privacy Technologies, Inc.","productName":"Tuxler Extension Helper Application","productVersion":"1.1.5.0","fileVersion":"1.1.5.0","hashMD5":"a3b9bed64fc289c2aa00a975ec3f991e","hashSHA1":"cda27e2520f79059512627a02815c0b289cd9dcd","hashSHA256":"c0ece7053328d1cac78afa691d18a1629b7aa2c7a4b2dd55cd116b11d64bb14e","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"152","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"tuxlerVPN.exe","companyName":"Tuxler Privacy Technologies, Inc.","productName":"tuxlerVPN Desktop Application","productVersion":"2.3.0.8","fileVersion":"2.3.0.8","hashMD5":"09c5d9af8eb4b060f153629b41cf6d61","hashSHA1":"0719eacc918dca1b3d494eb79e5fbf4def603429","hashSHA256":"ddcad265e29749ac898d5ada4da81ee44fcd6c69b15b594f22d4ac37d3d39530","digitalCertThumbprint":"65BE23B6792FD8266CECFC35ED9AF1E2E98035A8","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=office@tuxler.com, CN=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", O=\"TUXLER PRIVACY TECHNOLOGIES, INC.\", L=Walnut Creek, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=5931368, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"152","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing VPN","reference":"","landingPage":"https://www.tuxlervpn.com","directDownloadingLink":"https://www.tuxlervpn.com/download-windows/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.tuxlervpn.com/download-windows/","sourceIndex":"152"}],"sampleFiles":["251103/TuxlerVPN-251102/2.3.0.8/Samples/tuxlerVPNSetup.exe"],"imageFiles":["251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-007/ACR-007_Install_1.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-007/ACR-007_Install_2.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-007/ACR-007_Install_3.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-084/ACR-084_Software_1.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-084/ACR-084_Software_2.png","251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":["251103/TuxlerVPN-251102/2.3.0.8/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"24479c47-8ef1-44a7-8d26-618183d10a05_2.3.0.8_1","appID":"TuxlerVPN-251102","dateAdded":"260324","deceptorType":"App","name":"TuxlerVPN","company":"TUXLER PRIVACY TECHNOLOGIES, INC.","version":"2.3.0.8","lastKnownStatus":"2.3.0.8","lastKnownDate":"260324","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2026-03-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":3},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-084":"On closing the app, the application doesn't exit completely. The process \"master_vpn-service.exe\" runs in the background, hiding the fact that it is active from the consumer without notifying the user. \n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the Trusted Root certificate even after uninstall.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.11.0.0","fileVersion":"3.11.0.0","hashMD5":"fe53db78e5bc1ae2cca41127c8f670bd","hashSHA1":"8a3ad2a93a5e53ae57b96d46c005844a59cbd737","hashSHA256":"20a451eedf0a0185c17b74783fb7c79fede6197db087329696558611047b4a96","digitalCertThumbprint":"07C3E4BF1A3B117D2C462418A99ED28CD41C7808","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1687","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.11.0.0","fileVersion":"3.11.0.0","hashMD5":"36375e821e4c129a7ca7e4375ccc218c","hashSHA1":"236e0586a954cb11f068b662a6e8e1bb719dba27","hashSHA256":"9c6d24999f901aec499102e0198aa02000047e6c2da27a043565b88330f119ef","digitalCertThumbprint":"07C3E4BF1A3B117D2C462418A99ED28CD41C7808","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1687","avBlockList":["360 Total Security (20220322)","Avira Internet Security (20220322)","Bitdefender Internet Security (20220322)","G DATA INTERNET SECURITY (20220322)","K7 Total Security (20220322)","Norton Security (20220322)","Panda Dome (20220322)","Sophos Home Premium (20220322)","SpyHunter5 (20220322)","Total AV Antivirus Pro (20220322)","VIPRE Advanced Security (20220322)","VirIT eXplorer PRO (20220322)","Webroot SecureAnywhere (20220322)","Windows Defender (20220322)"],"avAllowList":["Avast Premium Security (20220322)","AVG Internet Security (20220322)","COMODO Antivirus (20220322)","Dr.Web Security Space (20220322)","ESET Internet Security (20220322)","Kaspersky Internet Security (20220322)","Malwarebytes Premium (20220322)","McAfee Total Protection (20220322)","Quick Heal Internet Security (20220322)","Tencent PC Manager (20220322)","Trend Micro Internet Security (20220322)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"1687"}],"sampleFiles":["220310/VPNProxyMaster-220309/3.11.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-048/ACR-048_oftware_1.JPG"],"nonDeceptorImageFiles":["220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.jpg","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-123/ACR-123_Uninstall_Root_Certificate_Retained.JPG","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Info.jpg","220310/VPNProxyMaster-220309/3.11.0.0/Images/ACR-014/ACR-014_LandingPage_Misleading_Status.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.11.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.11.0.0","sigName":"Deceptor:Win32/VPNProxyMaster!043042007084048","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":12},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-084":"On closing the app, the application doesn't exit completely. The process \"master_vpn-service.exe\" runs in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"The Non-trusted root certificate installed by the application is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/home) does not display links to uninstall information.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.13.0.0","fileVersion":"3.13.0.0","hashMD5":"4e8e449725d983e249f3fe2677f12d10","hashSHA1":"6a818446411bd23b5d34eb5e49a9137a52372d61","hashSHA256":"f7231234c0c735bf5220093dcf4007b474b366c7966e00680fe08cd4c5df8b33","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1403","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"401c73812aa8c1904829c6408defcdea","hashSHA1":"b694fd4b8bdab555e6f8ca9ce5b719a0d631aef8","hashSHA256":"c4c69589d8df94319c7c8fe47434c03e9edd0731b83e9c21420eb347c6922d0e","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1403","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.13.0.0","fileVersion":"3.13.0.0","hashMD5":"9e60476466ae4ae51a5c6c0feaeb8598","hashSHA1":"5d9a42b1b5d99414b90c5ffa9a603b73b6e645b1","hashSHA256":"2861a0cea1c7eb406e3a5c470311b22398b54da0f7c40e954f36f1f71cf368ee","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1403","avBlockList":["Avast Premium Security (20230615)","AVG Internet Security (20230615)","Avira Internet Security (20230615)","K7 Total Security (20230615)","Malwarebytes Premium (20230615)","McAfee Total Protection (20230615)","Norton Security (20230615)","Panda Dome (20230615)","Sophos Home Premium (20230615)","SpyHunter5 (20230615)","Total AV Antivirus Pro (20230615)","VirIT eXplorer PRO (20230615)","Webroot SecureAnywhere (20230615)"],"avAllowList":["360 Total Security (20230615)","Bitdefender Internet Security (20230615)","COMODO Antivirus (20230615)","Dr.Web Security Space (20230615)","ESET Internet Security (20230615)","G DATA INTERNET SECURITY (20230615)","Kaspersky Internet Security (20230615)","Quick Heal Internet Security (20230615)","Trend Micro Internet Security (20230615)","VIPRE Advanced Security (20230615)","Windows Defender (20230615)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"1403"}],"sampleFiles":["220927/VPNProxyMaster-220309/3.13.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-043/ACR-043.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-042/ACR-042.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-007/ACR-007.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-084/ACR-084.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-048/ACR-048_1.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-048/ACR-048_2.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-048/ACR-048_3.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-045/ACR-045.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-099/ACR-099.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-099/ACR-099_LandingPage.JPG","220927/VPNProxyMaster-220309/3.13.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.13.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.13.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":10},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"The self signed trusted root certificate installed by the application is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download). \n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"2f8039f6f49b063dc37d2ff25725b0bb","hashSHA1":"545798b75639a5f6ad33941a90615bfd293624da","hashSHA256":"fc748b3352e385c4a274a267268154830aa749e2125873c2d6994dfdf3b543d7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1378","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.17.0.0","fileVersion":"3.17.0.0","hashMD5":"30620e8cc02ce9a8660d08a33a31dd9e","hashSHA1":"f3674ce85a4937f5915de61d5adadbc8978c736b","hashSHA256":"6fc9fa65402e119609e4e422688516d199db1265931cbcfc067bed0b1ad2a6e9","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1378","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.17.0.0","fileVersion":"3.17.0.0","hashMD5":"bda22f80dfdcc32f6b3dcba9ff72038c","hashSHA1":"d1a444c984027c970ef829c59bf93d043d1ab493","hashSHA256":"464829643a47166115404a107b5a855092d51adea6b7a4aae8911d2070b36755","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1378","avBlockList":["Avast Premium Security (20221027)","AVG Internet Security (20221027)","Avira Internet Security (20221027)","COMODO Antivirus (20221027)","K7 Total Security (20221027)","Malwarebytes Premium (20221027)","McAfee Total Protection (20221027)","Norton Security (20221027)","Panda Dome (20221027)","Sophos Home Premium (20221027)","SpyHunter5 (20221027)","Total AV Antivirus Pro (20221027)","VirIT eXplorer PRO (20221027)","Webroot SecureAnywhere (20221027)"],"avAllowList":["360 Total Security (20221027)","Bitdefender Internet Security (20221027)","Dr.Web Security Space (20221027)","ESET Internet Security (20221027)","G DATA INTERNET SECURITY (20221027)","Kaspersky Internet Security (20221027)","Quick Heal Internet Security (20221027)","Trend Micro Internet Security (20221027)","VIPRE Advanced Security (20221027)","Windows Defender (20221027)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://vpnproxymaster.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vpnproxymaster.com/download/windows","sourceIndex":"1378"}],"sampleFiles":["221011/VPNProxyMaster-220309/3.17.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-043/ACR-043.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-042/ACR-042.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-007/ACR-007.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-084/ACR-084.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-048/ACR-048_1.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-048/ACR-048_2.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-048/ACR-048_3.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-045/ACR-045.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-099/ACR-099.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-099/ACR-099_1.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-014/ACR-014.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-018/ACR-018_1.JPG","221011/VPNProxyMaster-220309/3.17.0.0/Images/ACR-018/ACR-018_2.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.17.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.17.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":9},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"The self signed trusted root certificate installed by the application is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the installed Trusted Root certificate even after uninstalling.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download). \n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"405b03d25f0d76ce76927a6a8c6e6e59","hashSHA1":"60381c1014551b8036fdb66125f6e3d2a7c57817","hashSHA256":"596982a66185ac8f77658e39d59af1ed787b7389ecab2f441392ce6432a3a2f4","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1292","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.18.0.0","fileVersion":"3.18.0.0","hashMD5":"e2a8b1fa14711151ea0520b7aa10b9ed","hashSHA1":"710c2b3f91048e71a3b885f8f1d707faa265f7b0","hashSHA256":"1834f79fdda30cf5e9907b0bc78cc1b90628b328f291914dcbf6eb74f1560c54","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1292","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.18.0.0","fileVersion":"3.18.0.0","hashMD5":"16bfe981cc33dc60d1c2c99d81ae6d44","hashSHA1":"cf14de9c0e4ad3d9cf57aa24e504e2ca068b86cb","hashSHA256":"8b76093340a228d2bff0693f8ec0742c52ac42ec363fa5047402fc7bedd0beb0","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1292","avBlockList":["Avast Premium Security (20230124)","AVG Internet Security (20230124)","Avira Internet Security (20230124)","K7 Total Security (20230124)","Malwarebytes Premium (20230124)","McAfee Total Protection (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Quick Heal Internet Security (20230124)","Sophos Home Premium (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VirIT eXplorer PRO (20230124)","Webroot SecureAnywhere (20230124)","Windows Defender (20230124)"],"avAllowList":["360 Total Security (20230124)","Bitdefender Internet Security (20230124)","COMODO Antivirus (20230124)","Dr.Web Security Space (20230124)","ESET Internet Security (20230124)","G DATA INTERNET SECURITY (20230124)","Kaspersky Internet Security (20230124)","Trend Micro Internet Security (20230124)","VIPRE Advanced Security (20230124)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"1292"}],"sampleFiles":["221122/VPNProxyMaster-220309/3.18.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-043/ACR-043.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-042/ACR-042.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-007/ACR-007.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-084/ACR-084.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-048/ACR-048.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-048/ACR-048_1.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-048/ACR-048_2.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-045/ACR-045.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-099/ACR-099_Software.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-123/ACR-123.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-014/ACR-014.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-018/ACR-018.JPG","221122/VPNProxyMaster-220309/3.18.0.0/Images/ACR-018/ACR-018_1.jpg"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.18.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.18.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":8},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-084":"On closing the app, the application doesn't exit completely. The processes \"master_vpn-service.exe\" and \"VPNMaster.exe\" run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"The Non-trusted root certificate installed by the application is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/home) does not display links to uninstall information.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"84d1b19c2468d0cf06561324a37a0e8c","hashSHA1":"6eca9bbdbe71e99ff4c1b819337d616007ca051f","hashSHA256":"481f9e150e7430426c47929e1012649738a3711cfe86f568dcefbe60bfbff54a","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1645","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\Startup.exe","companyName":"Innovative Connecting","productName":"Startup","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"f3f45056356461c1d767edfd031a1a61","hashSHA1":"7e5524af1af2eba562f4eb273d1ed466434f32b4","hashSHA256":"812c45bb0fb4416f2b2fa4ebc38ce2fa641d92a26c5af71ff3293d51f39b3f1f","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1645","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.12.0.0","fileVersion":"3.12.0.0","hashMD5":"01ea2be9762855597d72b259c181c341","hashSHA1":"b0154b49bb50737f1bf2a3968995f5363c43b4cd","hashSHA256":"52b8a3cfccfea086bba5db4ec021f43c6d2e876ab9d0dfa54e83a2bd562ea98c","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1645","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.12.0.0","fileVersion":"3.12.0.0","hashMD5":"da1b04e331d000ecd82f689be54fb6d1","hashSHA1":"cec3c2de6f1faa31c0b5adf15f80ce92a1442dc5","hashSHA256":"b604150ef74651e6d1a31c629bb978d3565ba291f5b4ba088c4ddf93f411e5d3","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1645","avBlockList":["Avira Internet Security (20220426)","K7 Total Security (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Quick Heal Internet Security (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Total AV Antivirus Pro (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)"],"avAllowList":["360 Total Security (20220426)","Avast Premium Security (20220426)","AVG Internet Security (20220426)","Bitdefender Internet Security (20220426)","COMODO Antivirus (20220426)","Dr.Web Security Space (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","Kaspersky Internet Security (20220426)","Malwarebytes Premium (20220426)","Tencent PC Manager (20220426)","Trend Micro Internet Security (20220426)","VIPRE Advanced Security (20220426)","Windows Defender (20220426)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"1645"}],"sampleFiles":["220413/VPNProxyMaster-220309/3.12.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-043/ACR-043_Install.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-043/ACR-043_Install_1.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-042/ACR-042_Install.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-042/ACR-042_Install_1.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-007/ACR-007_Install.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-007/ACR-007_Install_1.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-084/ACR-084_Software.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-118/ACR-118_Uninstall.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":["220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-099/ACR-099_Software.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","220413/VPNProxyMaster-220309/3.12.0.0/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.12.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.12.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":11},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-046":"The Subscription related disclosures are obscure & require scrolling and are presented in a way that is unclear and not easily readable. \n","ACR-048":"The app does not provide control to cancel the installation process.\nThe app does not provide control to disable the notifications. Application can be closed/exit completely.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the self-signed trusted root certificate without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the installed Trusted Root certificate even after uninstalling.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download).\n","ACR-011":"The Advertisement was not clearly labeled as an Ad and it was displayed as if it was part of the app.\n","ACR-014":"The app misleads by displaying status as \"Exposed\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"3fe3fd1ee9a5b02e65f4a4a93805bc6f","hashSHA1":"e015abcc8f066200b9c6b09eb4dc2cab99788fc8","hashSHA256":"e0fdfa93ba5eb500b68a223fd211ea0b22eb1795215afec03d022b707a2a119a","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1189","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.20.0.0","fileVersion":"3.20.0.0","hashMD5":"7793f1d57394094e29c5e5698f169b94","hashSHA1":"7888ebb9414b769c03ae35c51952e63683296f4d","hashSHA256":"feca8676ae42b94fc7f5015807027022da515593eecfee54f55cdffbd0a0e2dd","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1189","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.20.0.0","fileVersion":"3.20.0.0","hashMD5":"d0311e3aa9855d7406ade40c64af0caa","hashSHA1":"4525d4c96968293b5d5db343b30c53c2e4a75606","hashSHA256":"12af3f4d8b32f11d9a6925d4959b05464fac48c58dd4728ba58261dd61fb6172","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1189","avBlockList":["Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","Bitdefender Internet Security (20230504)","G DATA INTERNET SECURITY (20230504)","K7 Total Security (20230504)","Malwarebytes Premium (20230504)","McAfee Total Protection (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Quick Heal Internet Security (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","VIPRE Advanced Security (20230504)","VirIT eXplorer PRO (20230504)","Webroot SecureAnywhere (20230504)"],"avAllowList":["360 Total Security (20230504)","COMODO Antivirus (20230504)","Dr.Web Security Space (20230504)","ESET Internet Security (20230504)","Kaspersky Internet Security (20230504)","Trend Micro Internet Security (20230504)","Windows Defender (20230504)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://vpnproxymaster.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vpnproxymaster.com/download/windows","sourceIndex":"1189"}],"sampleFiles":["230328/VPNProxyMaster-220309/3.20.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-043/ACR-043.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-042/ACR-042.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-048/ACR-048.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-007/ACR-007.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-084/ACR-084.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-048/ACR-048_1.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-048/ACR-048_2.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-048/ACR-048_3.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-118/ACR-118_1.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-046/ACR-046.JPG"],"nonDeceptorImageFiles":["230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-045/ACR-045.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-099/ACR-099_Software.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-123/ACR-123.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-014/ACR-014.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-018/ACR-018.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-018/ACR-018_1.jpg","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-011/ACR-011.JPG","230328/VPNProxyMaster-220309/3.20.0.0/Images/ACR-011/ACR-011-1.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.20.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.20.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":6},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-046":"The Subscription related disclosures are obscure & require scrolling and are presented in a way that is unclear and not easily readable. \n","ACR-048":"The app does not provide control to cancel the installation process.\nThe app does not provide control to disable the notifications. Application process can't exit completely even user exit the app from systray\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the self-signed trusted root certificate without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-123":"The app does not remove the installed Trusted Root certificate even after uninstalling.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download).\n","ACR-011":"The Advertisement was not clearly labeled as an Ad and it was displayed as if it was part of the app.\n","ACR-014":"The app misleads by displaying status as \"Exposed\" on the landing pages (https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"4282a2635ae5801f6322bc52871bda7d","hashSHA1":"970e2182ecd29b456b8e9ce653ae503ca2fa09f6","hashSHA256":"5d2284a4d1e93afe3a97013d6ce887705302b8e00cd8af452cc7c0e0e5082687","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1114","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.21.0.0","fileVersion":"3.21.0.0","hashMD5":"568640a75afe06e46aaaaf95f5f778e2","hashSHA1":"99582ede98d8b47a1a32aa2451d367f3bb756e17","hashSHA256":"8e4cea578cce63e3e8b09093f112e7c344bf3e4078ab56d9e04ce02efb1473dc","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1114","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.21.0.0","fileVersion":"3.21.0.0","hashMD5":"5640727c164ee968d3938b381c930096","hashSHA1":"8b200e98498fe5ed91587d40769a65a86dee1df4","hashSHA256":"d754ec37b113d42c789a4e8fb9bd35fe26ae65f9f2711d920d39b343adca0c93","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1114","avBlockList":["Avast Premium Security (20260317)","AVG Internet Security (20260317)","Avira Internet Security (20260317)","Dr.Web Security Space (20260317)","ESET Internet Security (20260317)","G DATA INTERNET SECURITY (20260317)","Malwarebytes Premium (20260317)","McAfee Total Protection (20260317)","Norton Security (20260317)","Panda Dome (20260317)","Quick Heal Internet Security (20260317)","Sophos Home Premium (20260317)","SpyHunter5 (20260317)","Total AV Antivirus Pro (20260317)","VirIT eXplorer PRO (20260317)","Webroot SecureAnywhere (20260317)","FortectPremium (20260317)"],"avAllowList":["360 Total Security (20260317)","Bitdefender Internet Security (20260317)","COMODO Antivirus (20260317)","K7 Total Security (20260317)","Kaspersky Internet Security (20230518)","Trend Micro Internet Security (20260317)","VIPRE Advanced Security (20260317)","Windows Defender (20260317)","KasperskyPremium (20260317)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://vpnproxymaster.com/download/windows","directDownloadingLink":"https://vpnproxymaster.com/download/windows/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vpnproxymaster.com/download/windows/VPNMaster_setup.exe","sourceIndex":"1114"}],"sampleFiles":["230508/VPNProxyMaster-220309/3.21.0.0/Samples/VPNMaster_setup.exe"],"imageFiles":["230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-043/ACR-043.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-042/ACR-042.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-048/ACR-048_Install.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-007/ACR-007.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-084/ACR-084.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-048/ACR-048_1.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-048/ACR-048_2.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-048/ACR-048_3.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-118/ACR-118.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-046/ACR-046.JPG"],"nonDeceptorImageFiles":["230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-045/ACR-045.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-123/ACR-123.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-014/ACR-014.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-018/ACR-018.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-018/ACR-018_1.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-011/ACR-011.JPG","230508/VPNProxyMaster-220309/3.21.0.0/Images/ACR-011/ACR-011_1.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.21.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.21.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":5},{"violations":{"ACR-046":"The Subscription related disclosures are obscure & require scrolling and are presented in a way that is unclear and not easily readable. \n","ACR-048":"The app does not provide control to cancel the installation process.\nApplication process can't exit completely even user exit the app from systray. \n","ACR-084":"On closing the app, the application doesn't exit completely. Service process run in the background after app quits. Service process starts automatically when system starts, hiding the fact that it is active from the consumer without notifying the user. \n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://vpnproxymaster.com/what-is-vpn   and    https://vpnproxymaster.com/download).\n","ACR-014":"The app misleads by displaying status as \"Exposed\" on the landing pages (https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"VPNMaster_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.25.1.0","fileVersion":"3.25.1.0","hashMD5":"173dc870a38b3fd26e98bf14875803d0","hashSHA1":"f54182cbdf225b3e9720fed5b184f3092f25b936","hashSHA256":"e170cbee6bfb2953d3cd1443c464d922205446e89a06880e113658bf9c764570","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"111","avBlockList":["Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","Norton Security (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["360 Total Security (20260430)","COMODO Antivirus (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Trend Micro Internet Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"a9a605655ad81bd2dcc61f6bdea4ee4c","hashSHA1":"586b7bc10e9d670fe608984ec053ffbe7c0dc50b","hashSHA256":"e56053f445e5a3bdfb94bbe75740ab6272a59250cb445775cf86424740a773d2","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"111","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Startup.exe","companyName":"Innovative Connecting","productName":"Startup","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"081ff2134e746c2475b09a6a99a4c12f","hashSHA1":"dcb3b04fffe332cb102ffa59ef4321866a6c4fa8","hashSHA256":"555145bcd94abf4dc284e3b2b3b79c9b9e7f94ea2e2aa41d5bf419ccb76dd7b7","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"111","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.25.1.0","fileVersion":"3.25.1.0","hashMD5":"75a96027e2739504dc48cf2ea5aad851","hashSHA1":"fdb059e9367dcd020d1a531a6eabcb379f470f8c","hashSHA256":"0b1440414ac5c9109cf4c4714f5e7b23e19f8a572ddde6f3a4c3306d13a80ee9","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"111","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.fastpull.net/file/windows-master/VPNMaster_setup.exe","sourceIndex":"111"}],"sampleFiles":["260316/VPNProxyMaster-220309/3.25.1.0/Samples/VPNMaster_setup.exe"],"imageFiles":["260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-048/ACR-048_Install.JPG","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-084/ACR-084_Software_1.png","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-048/ACR-048_Software_1.png","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-048/ACR-048_Software_2.png","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-046/ACR-046_Internal offers_1.png"],"nonDeceptorImageFiles":["260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-014/ACR-014_Landing page_1.png","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-018/ACR-018.JPG","260316/VPNProxyMaster-220309/3.25.1.0/Images/ACR-018/ACR-018_1.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.25.1.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.25.1.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T21:02:16.5497851+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":4},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-046":"The Subscription related disclosures are obscure & require scrolling and are presented in a way that is unclear and not easily readable. \n","ACR-048":"The app does not provide control to cancel the installation process.\nThe app does not provide control to disable the notifications and remove its background processes completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. Some of the processes run in the background, hiding the fact that it is active from the consumer without notifying the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device along with the self-signed trusted root certificate without the consumer's consent or notifying the user.\n","ACR-119":"The app retains its monetization components after uninstall.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnproxymaster.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the installed Trusted Root certificate even after uninstalling.\n","ACR-011":"The Advertisement was not clearly labeled as an Ad and it was displayed as if it was part of the app.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages(https://vpnproxymaster.com/home), even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\master_vpn-service.exe","companyName":"Innovative Connecting","productName":"master_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"4928b7224ddc7aa64da414d5ed34f50d","hashSHA1":"a89c81c6c0f92502cbd6a44757bd0742abd66b66","hashSHA256":"9b512a9a4de388fe02b0b813641fbf6062bbbc191208545dbf8c588c7be607ca","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1190","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPNMaster\\VPNMaster.exe","companyName":"Innovative Connecting","productName":"VPNMaster","productVersion":"3.19.0.0","fileVersion":"3.19.0.0","hashMD5":"c8d0f50fbcdf2ded87708d1ff9f76d29","hashSHA1":"c3c07b2c628423528595b1576c332872c7a7e01e","hashSHA256":"61c8fad79d4fc76e29d4caefc08253e41817c8324a1e1f4785319f36fca7fafa","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1190","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPNMaster_setup_pad.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"VPNProxyMaster","productVersion":"3.15.0.0","fileVersion":"3.15.0.0","hashMD5":"1d9dc7a5be027c7b2959328f0eb8b3ab","hashSHA1":"e3165a8b4d61e9b86a3502560e96a345ad31ac9d","hashSHA256":"c8172a73775da92aaa61972edf7a079786e3c55d07e1a45fc29b6d269b3e6a3d","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1190","avBlockList":["Avast Premium Security (20230418)","AVG Internet Security (20230418)","Avira Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Quick Heal Internet Security (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["360 Total Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","Windows Defender (20230418)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnproxymaster.com/","directDownloadingLink":"https://download.freedownloadmanager.org/Windows-PC/VPN-Proxy-Master-Download-for-Windows/FREE-3.15.1.html?ac79f89","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.freedownloadmanager.org/Windows-PC/VPN-Proxy-Master-Download-for-Windows/FREE-3.15.1.html?ac79f89","sourceIndex":"1190"}],"sampleFiles":["230323/VPNProxyMaster-220309/3.19.0.0/Samples/VPNMaster_setup_pad.exe"],"imageFiles":["230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-043/ACR-043.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-042/ACR-042.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-048/ACR-048(1).JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-007/ACR-007.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-084/ACR-084.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-048/ACR-048.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-048/ACR-048_1.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-048/ACR-048_2.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-118/ACR-118.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-118/ACR-118_1.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-119/ACR-119.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-046/ACR-046.JPG"],"nonDeceptorImageFiles":["230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-045/ACR-045.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-099/ACR-099_Software.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-123/ACR-123.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-014/ACR-014.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-011/ACR-011.JPG","230323/VPNProxyMaster-220309/3.19.0.0/Images/ACR-011/ACR-011-1.JPG"],"guid":"48664530-708c-4287-a879-bf93eeb1bcd3_3.19.0.0_1","appID":"VPNProxyMaster-220309","dateAdded":"260316","deceptorType":"App","name":"VPN Proxy Master","company":"INNOVATIVE CONNECTING PTE","version":"3.19.0.0","lastKnownStatus":"3.11.0.0;3.12.0.0;3.13.0.0;3.17.0.0;3.18.0.0;3.19.0.0;3.20.0.0;3.21.0.0;3.25.1.0;3.25.1.0","lastKnownDate":"260316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":7},{"violations":{"ACR-046":"Application hides the unexpected behavior setting (may adjust browser setting) behind EULA link.\n","ACR-048":"A scheduled task was added without the user's knowledge and does not offer any option within an app settings to control it.\n","ACR-055":"The “Continue” button acts as acceptance of the app installation while concealing the part of the installation process that may alter the user’s default search engine settings under the EULA. Users are not clearly informed about what they are consenting to. The offer is presented in a vague and potentially misleading way and does not include a clear accept or decline option for the user.\n"},"nonDeceptorViolations":{"ACR-038":"App is missing identification information such as file version and vendor in the Control Panel.\n","ACR-040":"The app installs itself in a hidden folder %AppData% without proper disclosure.\n","ACR-092":"The application installer and main executable does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"ZapPDF-setup.exe","isInstaller":"True","productName":"Zapdf","productVersion":"1.0.0.11","fileVersion":"1.0.0.11","hashMD5":"735dc0470cb55040b5610cde35f4831e","hashSHA1":"270d62bd1590e2f5fad24dd0d745d8b73295cd10","hashSHA256":"84459f055a271cf9229ff0aa82981b47a2870f1ea6307a6078a30ae67eae1762","sourceIndex":"112","avBlockList":["360 Total Security (20260428)","Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","Dr.Web Security Space (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","Malwarebytes Premium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","Total AV Antivirus Pro (20260428)","VIPRE Advanced Security (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)"],"avAllowList":["COMODO Antivirus (20260428)","Trend Micro Internet Security (20260428)","Windows Defender (20260428)"]},{"isRevoked":"False","fileName":"Zapdf.exe","productName":"Zapdf","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"038556979e7af268c9337e7526074f70","hashSHA1":"0de44f327f9a3c6a56623ba13ef70ebc1d8e65cc","hashSHA256":"307d498f17702992fb3d6dc8e37de9b97baa4ee721fc703775b4e8ba3d44faa8","sourceIndex":"112","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.myzappdf.com/","directDownloadingLink":"https://yaminit.com/vreq/?entryAnchor=null&vHash=b2b403e5-1db8-4f1a-9384-0d5707a29b58&_ga=GA1.1.1308856916.1772794205&_ga_T777GNMCZ4=GS2.1.s1772794204%24o1%24g1%24t1772794238%24j24%24l0%24h160636201","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://yaminit.com/vreq/?entryAnchor=null&vHash=b2b403e5-1db8-4f1a-9384-0d5707a29b58&_ga=GA1.1.1308856916.1772794205&_ga_T777GNMCZ4=GS2.1.s1772794204%24o1%24g1%24t1772794238%24j24%24l0%24h160636201","sourceIndex":"112"}],"sampleFiles":["260309/ZapPDF-260306/1.0.0.11/Samples/ZapPDF-setup.exe","260309/ZapPDF-260306/1.0.0.11/Samples/Zapdf.exe"],"imageFiles":["260309/ZapPDF-260306/1.0.0.11/Images/ACR-046/ACR-046_Install_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-046/ACR-046_Install_2.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-055/ACR-055_Install_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-055/ACR-055_Install_2.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-055/ACR-055_Install_3.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":["260309/ZapPDF-260306/1.0.0.11/Images/ACR-038/ACR-038_Install_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-040/ACR-040_Install_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-092/ACR-092_Software_1.png","260309/ZapPDF-260306/1.0.0.11/Images/ACR-092/ACR-092_Software_2.png"],"guid":"bef04523-7840-453a-ba7d-d04b35c4c32c_1.0.0.11_1","appID":"ZapPDF-260306","dateAdded":"260309","deceptorType":"App","name":"Zap PDF","company":"ZapPDF","version":"1.0.0.11","lastKnownStatus":"1.0.0.11","lastKnownDate":"260309","type":"Windows Executable","category":"SysTools & Utilities","ageAppropriate":"12+ appropriate","monetization":"install offers,search","lastUpdate":"2026-03-09T18:12:39.067061+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":13},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rk_setup.exe\" without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt.\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation.\n","ACR-048":"Clicking the 'I Decline' button still downloads and executes rk_setup.exe, identified as a RelevantKnowledge file, which contradicts the expected user action.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation \n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"pgware_throttle.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"Throttle","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"ff6455885b6c2ac5fb6d5315dcb2c138","hashSHA1":"eac166acaba1ee938d45924b3127871ddecdcf1b","hashSHA256":"a10baa435e9e9326604d29377d73ab87c3f85d68e6a19ca86ab203de93824b4b","sourceIndex":"113","avBlockList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","Panda Dome (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","Trend Micro Internet Security (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)","Windows Defender (20260430)"],"avAllowList":["COMODO Antivirus (20260430)","Quick Heal Internet Security (20260430)"]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of PGWARE apps","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/pgware_throttle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pgware_throttle.exe","sourceIndex":"113"}],"sampleFiles":["260304/Throttle-211209/8.10.21.2024/Samples/pgware_throttle.exe"],"imageFiles":["260304/Throttle-211209/8.10.21.2024/Images/ACR-109/ACR-109_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-109/ACR-109_Install_2.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-043/ACR-043_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-042/ACR-042_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-048/ACR-048_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-048/ACR-048_Install_2.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-007/ACR-007_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-010/ACR-010_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-118/ACR-118_Uninstall_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-057/ACR-057_Internal offers_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-059/ACR-059_Internal offers_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-071/ACR-071_Internal offers_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-155/ACR-155_Bundler-made offers_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-013/ACR-013_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-060/ACR-060_Internal offers_1.png"],"nonDeceptorImageFiles":["260304/Throttle-211209/8.10.21.2024/Images/ACR-045/ACR-045_Install_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-106/ACR-106_Software_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-092/ACR-092_Software_1.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-092/ACR-092_Software_2.png","260304/Throttle-211209/8.10.21.2024/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"8ca23ddb-e7fd-42ec-b8da-1427412ff0cf_8.10.21.2024_1","appID":"Throttle-211209","dateAdded":"260304","deceptorType":"Bundler","name":"Throttle","company":"PGWARE LLC","version":"8.10.21.2024","lastKnownStatus":"Deceptor:8.8.23.2021;8.3.7.2022;8.10.21.2024","lastKnownDate":"260304","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-04T14:37:10.1371543+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":14},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation \n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"throttle.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"Throttle                                                    ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"5c49ba5981270d73974186fa53976231","hashSHA1":"502ee46ab5d8b79cc967dad5c58152ec11e7fc91","hashSHA256":"d8fd0230b84551fa3d43288791611a1e56ffc1405551820332e88d50762217dd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1099","avBlockList":["360 Total Security (20260305)","Avast Premium Security (20260305)","AVG Internet Security (20260305)","Avira Internet Security (20260305)","Bitdefender Internet Security (20260305)","COMODO Antivirus (20260305)","ESET Internet Security (20260305)","G DATA INTERNET SECURITY (20260305)","K7 Total Security (20260305)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20260305)","McAfee Total Protection (20260305)","Norton Security (20260305)","Panda Dome (20260305)","Sophos Home Premium (20260305)","SpyHunter5 (20260305)","Total AV Antivirus Pro (20260305)","Trend Micro Internet Security (20260305)","VIPRE Advanced Security (20260305)","VirIT eXplorer PRO (20260305)","Webroot SecureAnywhere (20260305)","Windows Defender (20260305)","FortectPremium (20260305)","KasperskyPremium (20260305)"],"avAllowList":["Dr.Web Security Space (20260305)","Quick Heal Internet Security (20260305)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PGWARE\\Throttle\\Throttle1.exe","companyName":"","productName":"Throttle","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"fd13b5940d01c8909fb32eed28d84996","hashSHA1":"8cf22d83fbaecfe6a96e6c778d4b46c7360ae8f3","hashSHA256":"4856616ced90e944500c5b294bd5c8d18421e04f71f06dc4818ed0da1469e75e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1099","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of PGWARE apps","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/throttle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/throttle.exe","sourceIndex":"1099"}],"sampleFiles":["230519/Throttle-211209/8.3.7.2022/Samples/throttle.exe"],"imageFiles":["230519/Throttle-211209/8.3.7.2022/Images/ACR-109/ACR-109.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-043/ACR-043.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-042/ACR-042.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-048/ACR-048.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-007/ACR-007.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-010/ACR-010.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-118/ACR-118.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-118/ACR-118_1.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-057/ACR-057.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-059/ACR-059.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-071/ACR-071.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-155/ACR-155.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-013/ACR-013.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230519/Throttle-211209/8.3.7.2022/Images/ACR-045/ACR-045.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-106/ACR-106.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-092/ACR-092.JPG","230519/Throttle-211209/8.3.7.2022/Images/ACR-123/ACR-123.JPG"],"guid":"8ca23ddb-e7fd-42ec-b8da-1427412ff0cf_8.3.7.2022_1","appID":"Throttle-211209","dateAdded":"260304","deceptorType":"Bundler","name":"Throttle","company":"PGWARE LLC","version":"8.3.7.2022","lastKnownStatus":"Deceptor:8.8.23.2021;8.3.7.2022;8.10.21.2024","lastKnownDate":"260304","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-04T14:37:40.5444934+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":15},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without waiting for user's decision and agreement. \n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":" Offer is designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Privacy Policy. \n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n","ACR-092":"The app does not provide a digital signature for the executables. \n","ACR-099":" The application has no link to a webpage that shows how to uninstall the app\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"throttle installer.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"Throttle","productVersion":"8.8.23.2021","fileVersion":"1.0","hashMD5":"ef30091a40abbd1ef6d1b453f7c5cf96","hashSHA1":"8e27a9dd980d653a8510321bc6993a64a2f0a365","hashSHA256":"866be8e23513f0745d4b4695062741593530fad0a3a4668e64e9a48f6854d00e","sourceIndex":"1769","avBlockList":["Avast Premium Security (20211223)","Avira Internet Security (20211223)","Bitdefender Internet Security (20211223)","ESET Internet Security (20211223)","G DATA INTERNET SECURITY (20211223)","K7 Total Security (20211223)","Kaspersky Internet Security (20211223)","Malwarebytes Premium (20211223)","McAfee Total Protection (20211223)","Norton Security (20211223)","Panda Dome (20211223)","Quick Heal Internet Security (20211223)","Sophos Home Premium (20211223)","SpyHunter5 (20211223)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20211223)","VIPRE Advanced Security (20211223)","VirIT eXplorer PRO (20211223)","Webroot SecureAnywhere (20211223)","Windows Defender (20211223)","AVG Internet Security (20211223)"],"avAllowList":["360 Total Security (20211223)","COMODO Antivirus (20211223)","Dr.Web Security Space (20211223)","Trend Micro Internet Security (20211223)"]},{"isRevoked":"False","fileName":"Throttle.exe","companyName":"PGWARE LLC    ","productName":"Throttle","productVersion":"8.8.23.2021","fileVersion":"1.0","hashMD5":"b01d61eb50b29558ec60473179a96ff1","hashSHA1":"b874d79f91d006ed953dde48a29a3e46051119cb","hashSHA256":"99dcd91bf5322a7ad92fd26358b72fe8984d01abf1a86c480bd56a0ec0d0c1f8","sourceIndex":"1769","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of PGWARE apps","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/throttle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/throttle.exe","sourceIndex":"1769"}],"sampleFiles":["211209/Throttle-211209/8.8.23.2021/Samples/throttle installer.exe","211209/Throttle-211209/8.8.23.2021/Samples/Throttle.exe"],"imageFiles":["211209/Throttle-211209/8.8.23.2021/Images/ACR-109/RK Files and Installation.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-059/RK install.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-155/RK install.png"],"nonDeceptorImageFiles":["211209/Throttle-211209/8.8.23.2021/Images/ACR-065/Throttle Install 1.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-065/Throttle About.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-065/PGWare Landing Page.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-065/PGWare Offer Page.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-106/RK install.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-092/Throttle File Properties.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-092/Throttle Installer File Properties.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-099/Throttle About.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-099/PGWare Landing Page.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-099/PGWare Offer Page.png","211209/Throttle-211209/8.8.23.2021/Images/ACR-167/PGWare Landing Page.png"],"guid":"8ca23ddb-e7fd-42ec-b8da-1427412ff0cf_8.8.23.2021_1","appID":"Throttle-211209","dateAdded":"260304","deceptorType":"Bundler","name":"Throttle","company":"PGWARE LLC","version":"8.8.23.2021","sigName":"Deceptor:Win32/Throttle!109059155","lastKnownStatus":"Deceptor:8.8.23.2021;8.3.7.2022;8.10.21.2024","lastKnownDate":"260304","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-03-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":16},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains a few components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not make it clear that the user can decline the offer. The \"Next\" button is grayed out if user selects \"I Decline\".\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n"},"samples":[{"isRevoked":"False","fileName":"setup_chrispc_free_vpn_connection_4_26_0207.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","productName":"ChrisPC Free VPN Connection","productVersion":"4.26.0207","fileVersion":"4.26.0207","hashMD5":"497f81d71982034eafea622ca2fc5a7b","hashSHA1":"19bc15a3abb8823a92a1223f6414df052b9f7561","hashSHA256":"23b6f78dce1bda8d797f51b41faed1814442083d2c91706f6f1ba9f8bd3744d1","digitalCertThumbprint":"A254821B41A59F465FFD306CBCBD337781B5A5AC","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, S=Cluj, C=RO","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"114","avBlockList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","COMODO Antivirus (20260430)","Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","Total AV Antivirus Pro (20260430)","VIPRE Advanced Security (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["Trend Micro Internet Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"rk_setup.exe","isInstaller":"True","companyName":"TMRG                                                        ","productName":"RelevantKnowledge Setup","productVersion":"1.1.0","fileVersion":"1.1.0","hashMD5":"9cfa0cb7a345bfe8278642eae69fbfa8","hashSHA1":"fe4f056af9c2e54e1ecb3b10ffd73311b23fb171","hashSHA256":"ed692e804c10483e0e6e1e50f34b9d5f9fbf43ab33357dbbedf5e7494b22872d","digitalCertThumbprint":"9E8BAD8B8FF388AE7C360DA59231961CC469F3A1","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"TMRG, Inc\", O=\"TMRG, Inc\", L=Reston, S=Virginia, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"114","avBlockList":["360 Total Security (20260428)","Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","COMODO Antivirus (20260428)","Dr.Web Security Space (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","Malwarebytes Premium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Panda Dome (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","Total AV Antivirus Pro (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)"],"avAllowList":["Bitdefender Internet Security (20260428)","Quick Heal Internet Security (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)","Windows Defender (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"new version of existing Deceptor","reference":"https://www.chris-pc.com/","landingPage":"https://free-vpn-connection.chris-pc.com/index.html","directDownloadingLink":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","sourceIndex":"114"}],"sampleFiles":["260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Samples/setup_chrispc_free_vpn_connection_4_26_0207.exe","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Samples/rk_setup.exe"],"imageFiles":["260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-109/ACR-109_Install_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-048/ACR-048_Install_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-010/ACR-010_Install_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-118/ACR-118_Uninstall_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-057/ACR-057_Bundler-made offers_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-057/ACR-057_Bundler-made offers_2.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-059/ACR-059_Bundler-made offers_1.png","260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["260303/ChrisPCFreeVPNConnection-210622/4.26.0207/Images/ACR-106/ACR-106_Software_1.png"],"guid":"19d8584b-78ed-449c-a664-5581f82c8d00_4.26.0207_1","appID":"ChrisPCFreeVPNConnection-210622","dateAdded":"260303","deceptorType":"Bundler","name":"ChrisPC – Free VPN Connection","company":"Chris P.C. srl.","version":"4.26.0207","lastKnownStatus":"2.17.22;2.23.15;4.26.0207","lastKnownDate":"260303","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2026-05-04T14:37:10.1670902+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":17},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"App still downloads and run “rkverify.exe”, a RelevantKnowledge file even user chose decline.\nOn minimizing the app, it gets directly minimized to system tray instead of task bar, thus limits consumer's control on app.\n","ACR-084":"On minimizing the app, it directly gets minimized to system tray instead of task bar, thus hiding the fact that it is active from the consumer.\n","ACR-103":"Unable to verify the app's value proposition as none of the region gets connected. \n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ChrisPC Free VPN Connection\\ChrisPCVPN.exe","companyName":"Chris P.C. srl","productName":"ChrisPC Free VPN Connection","productVersion":"2","fileVersion":"2.4.8.7","hashMD5":"4a94a3b5c47c528f3b2af4eae2af8f99","hashSHA1":"5604521bc05abd2c661a0987c5fcfd219355f388","hashSHA256":"65a29a335440c0ce1aa0093e665e668e3c4daecd6b0e994588c0a6fc2ca7aefd","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1770","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_free_vpn_connection_2_23_15.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","productName":"ChrisPC Free VPN Connection                                 ","productVersion":"2.23.15                                           ","fileVersion":"2.23.15             ","hashMD5":"97b0d0caab0ead9ad9d325cf91ddd9c6","hashSHA1":"69d9d6399a91bd01b6a203c508298f84bc24f845","hashSHA256":"c6265a770712cc364a40b4977400f9ab5a00673da0d1055b6dbc85b16481eecf","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1770","avBlockList":["360 Total Security (20260305)","Avast Premium Security (20260305)","AVG Internet Security (20260305)","Avira Internet Security (20260305)","Bitdefender Internet Security (20260305)","COMODO Antivirus (20260305)","Dr.Web Security Space (20260305)","ESET Internet Security (20260305)","G DATA INTERNET SECURITY (20260305)","K7 Total Security (20260305)","Kaspersky Internet Security (20220106)","Malwarebytes Premium (20260305)","McAfee Total Protection (20260305)","Norton Security (20260305)","Panda Dome (20260305)","Quick Heal Internet Security (20260305)","Sophos Home Premium (20260305)","SpyHunter5 (20260305)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20260305)","VIPRE Advanced Security (20260305)","VirIT eXplorer PRO (20260305)","Webroot SecureAnywhere (20260305)","Windows Defender (20260305)","FortectPremium (20260305)","KasperskyPremium (20260305)"],"avAllowList":["Trend Micro Internet Security (20260305)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://free-vpn-connection.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","sourceIndex":"1770"}],"sampleFiles":["211208/ChrisPCFreeVPNConnection-210622/2.23.15/Samples/setup_chrispc_free_vpn_connection_2_23_15.exe"],"imageFiles":["211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-109/ACR-109_Install_Downloads_RK.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-048/ACR-048_Install_No_Control.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-084/ACR-084_Software_Hides.mp4","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-103/ACR-103_Software_Value_Not_Met.mp4","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-048/ACR-048_Software_Hides.mp4","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-059/ACR-059_Bundler-MadeOffers_Offer_Not_Clear.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-065/ACR-065_Install_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-065/ACR-065_Software_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-099/ACR-099_Software_No_Uninstall_Information.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-035/ACR-035_Docs_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-036/ACR-036_Docs_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-037/ACR-037_Docs_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-065/ACR-065_LandingPage_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Information.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-065/ACR-065_InternalOffers_No_Docs.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Information.JPG","211208/ChrisPCFreeVPNConnection-210622/2.23.15/Images/ACR-161/ACR-161_InternalOffers_Unverifiable_Testimonials.JPG"],"guid":"19d8584b-78ed-449c-a664-5581f82c8d00_2.23.15_1","appID":"ChrisPCFreeVPNConnection-210622","dateAdded":"260303","deceptorType":"Bundler","name":"ChrisPC – Free VPN Connection","company":"Chris P.C. srl.","version":"2.23.15","lastKnownStatus":"2.17.22;2.23.15;4.26.0207","lastKnownDate":"260303","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2026-03-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":18},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ChrisPCVPN.exe","companyName":"Chris P.C. srl","fileVersion":"2.0","hashMD5":"b04faad85984f2126d38cff22ce54f66","hashSHA1":"1e19b77c7bd4d34efb85c0f9fc9afec42e79075f","hashSHA256":"53ae092faa09bd36987f5323202346e596db258ff96030f693684c836378225e","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1885","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1885","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"setup_chrispc_free_vpn_connection_2_17_22.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"2.17","hashMD5":"7ac7970d13ee4bce9f6e69b0c84ee9df","hashSHA1":"78486e9f6d24917231edfd56c19fe2634e904725","hashSHA256":"c7d609de078f8fc0ba9384de98962abd2103f408d05ca80a2720afe344a8a081","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1885","avBlockList":["Avast Premium Security (20211111)","AVG Internet Security (20211111)","Avira Internet Security (20211111)","Bitdefender Internet Security (20211111)","COMODO Antivirus (20211111)","ESET Internet Security (20211111)","G DATA INTERNET SECURITY (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Tencent PC Manager (20211111)","Total AV Antivirus Pro (20211111)","VIPRE Advanced Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":["360 Total Security (20211111)","Dr.Web Security Space (20211111)","Trend Micro Internet Security (20211111)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.chris-pc.com/","landingPage":"https://free-vpn-connection.chris-pc.com/index.html","directDownloadingLink":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=51&file=setup_chrispc_free_vpn_connection.exe","sourceIndex":"1885"}],"sampleFiles":["210622/ChrisPCFreeVPNConnection-210622/2.17.22/Samples/ChrisPCVPN.exe","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Samples/rk_setup.exe","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Samples/setup_chrispc_free_vpn_connection_2_17_22.exe"],"imageFiles":["210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-109/ChisPC-Free VPN Connection_Install [7 ].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-048/ChisPC-Free VPN Connection_Install [7 ].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-059/ChisPC-Free VPN Connection_Install [7].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-155/ChisPC-Free VPN Connection_Install [7].png"],"nonDeceptorImageFiles":["210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_Install [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_Install [2].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_Install [8].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_About [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-099/ChisPC-Free VPN Connection_About [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_LandingPage [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-099/ChisPC-Free VPN Connection_LandingPage [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-065/ChisPC-Free VPN Connection_OfferPage [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-099/ChisPC-Free VPN Connection_OfferPage [1].png","210622/ChrisPCFreeVPNConnection-210622/2.17.22/Images/ACR-161/ChisPC-Free VPN Connection_OfferPage [1].png"],"guid":"19d8584b-78ed-449c-a664-5581f82c8d00_2.17.22_1","appID":"ChrisPCFreeVPNConnection-210622","dateAdded":"260303","deceptorType":"Bundler","name":"ChrisPC – Free VPN Connection","company":"Chris P.C. srl.","version":"2.17.22","sigName":"Deceptor:Win32/ChrisPCFreeVPNConnection!109048059155","lastKnownStatus":"2.17.22;2.23.15;4.26.0207","lastKnownDate":"260303","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2026-03-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":19},{"violations":{"ACR-048":"The app creates undisclosed scheduled task and startup item to perform actions without the consumer's knowledge and consent and does not provide control to enable/disable them within the app's settings.\n","ACR-006":"The app does not disclose the search engine \"Pulse\" is serving up Yahoo! search results.\n","ACR-007":"The app's attribution is not clear misleading user about their search provider. It redirects user searches to search.pulsebrowser.com before calling Yahoo search.\n","ACR-104":"App serves Yahoo search results when it indicates in search bar that it will use Pulse.\n\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden folder %AppData% without proper disclosure.\n","ACR-065":"The install does not display links to the EULA and Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"The Chromium Authors","productName":"Pulse Browser Installer","productVersion":"133.0.6943.175","fileVersion":"133.0.6943.175","hashMD5":"cb473df61889d7bdde07b4ebff3bbeb6","hashSHA1":"116a9f1d4a9b2943f0f854e7f4a5f4b848be8f29","hashSHA256":"5195dea0b8f123f84fd9fcc4aeed85b0525d0b62fd676dcb83e18d095f214386","digitalCertThumbprint":"08A802FF1EF56FE63075A6D99CAC10C5A3398C42","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Alabama Technology USA, LLC\", O=\"Alabama Technology USA, LLC\", S=New Mexico, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New Mexico, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6310788","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"110","avBlockList":["360 Total Security (20260317)","Avast Premium Security (20260317)","AVG Internet Security (20260317)","Avira Internet Security (20260317)","COMODO Antivirus (20260317)","Dr.Web Security Space (20260317)","ESET Internet Security (20260317)","FortectPremium (20260317)","K7 Total Security (20260317)","Malwarebytes Premium (20260317)","Norton Security (20260317)","Panda Dome (20260317)","Quick Heal Internet Security (20260317)","Sophos Home Premium (20260317)","SpyHunter5 (20260317)","Total AV Antivirus Pro (20260317)","VirIT eXplorer PRO (20260317)","Webroot SecureAnywhere (20260317)"],"avAllowList":["Bitdefender Internet Security (20260317)","G DATA INTERNET SECURITY (20260317)","KasperskyPremium (20260317)","McAfee Total Protection (20260317)","Trend Micro Internet Security (20260317)","VIPRE Advanced Security (20260317)","Windows Defender (20260317)"]},{"isRevoked":"False","fileName":"pulsebrowser.exe","companyName":"Pulse Software","productName":"PulseBrowser","productVersion":"144.0.7559.67","fileVersion":"144.0.7559.67","hashMD5":"3c451f481676f0ca9a65e687fc9e41e5","hashSHA1":"c6e194d08062047551066f38ba6eae626520ca1a","hashSHA256":"2413db38bcba28791b0fd0eb221d73436ceddf1aa121a280f3f9329d77ee5a92","digitalCertThumbprint":"08A802FF1EF56FE63075A6D99CAC10C5A3398C42","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Alabama Technology USA, LLC\", O=\"Alabama Technology USA, LLC\", S=New Mexico, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New Mexico, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6310788","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"110","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pulsebrowser_proxy.exe","companyName":"Pulse Software","productName":"PulseBrowser","productVersion":"144.0.7559.67","fileVersion":"144.0.7559.67","hashMD5":"010a529f41e1bb4ed6c598b96934f120","hashSHA1":"b61451ca345c27113705f2313b80862084ab4774","hashSHA256":"c1e44f3eff982af3883fad161418a2af8b0231f08080ce7e64c23a496c04c453","digitalCertThumbprint":"08A802FF1EF56FE63075A6D99CAC10C5A3398C42","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Alabama Technology USA, LLC\", O=\"Alabama Technology USA, LLC\", S=New Mexico, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New Mexico, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6310788","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"110","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"updater.exe","companyName":"The Chromium Authors","productName":"Pulse Browser Updater","productVersion":"133.0.6943.175","fileVersion":"133.0.6943.175","hashMD5":"e856b7edef397d8df1b2ab0a9b16992c","hashSHA1":"e63dff1fbd788fb1d7e1c1553c67bb778aefff69","hashSHA256":"f9fc1cda1d96dad67e1e0807a9076e2fdd222e7cebe4d6b400b77a833fa389c5","digitalCertThumbprint":"08A802FF1EF56FE63075A6D99CAC10C5A3398C42","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Alabama Technology USA, LLC\", O=\"Alabama Technology USA, LLC\", S=New Mexico, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New Mexico, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6310788","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"110","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random hunt","reference":"Ads - https://filterbypass.me/, https://www.softpedia.com/get/Tweak/Memory-Tweak/  ","landingPage":"https://browsergo.com/","directDownloadingLink":"https://get18.pulsebrowser.net/?tid=fHwxNzcyNDY0ODky","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://get18.pulsebrowser.net/?tid=fHwxNzcyNDY0ODky","sourceIndex":"110"}],"sampleFiles":["260302/PulseBrowser-260302/144.0.7559.67/Samples/setup.exe","260302/PulseBrowser-260302/144.0.7559.67/Samples/pulsebrowser.exe","260302/PulseBrowser-260302/144.0.7559.67/Samples/pulsebrowser_proxy.exe","260302/PulseBrowser-260302/144.0.7559.67/Samples/updater.exe"],"imageFiles":["260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-104/ACR-104.gif","260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-048/ACR-048_Software_1.png","260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-006/ACR-006.gif","260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-007/ACR-007.gif"],"nonDeceptorImageFiles":["260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-040/ACR-040_Install_1.png","260302/PulseBrowser-260302/144.0.7559.67/Images/ACR-065/ACR-065.mp4"],"guid":"e7b76040-2a73-4f3d-bc9f-a1e417f3604b_144.0.7559.67_1","appID":"PulseBrowser-260302","dateAdded":"260302","deceptorType":"App","name":"Pulse Browser","company":"Pulse Software","version":"144.0.7559.67","firstVendorContactDate":"260309","firstAppEsteemReplyDate":"260309","firstResolvedDate":"260313","firstResolvedVersion":"133.0.6943.177","resolved":"TRUE","lastKnownDate":"260302","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows 11,Windows 10,Windows 8,Windows 7,Windows Vista","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2026-03-18T21:15:39.3869223+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":22},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-045":"“Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"Recoverit","fileVersion":"10.10.0","hashMD5":"bfa96e7b766eaf5099d2dcaadf43043d","hashSHA1":"6ee37062bf3507c9f975704bbf2a493125fa5b10","hashSHA256":"50c5f72866546d187d98171871af2c573338f6c5316a12703da05fa266997b45","sourceIndex":"115","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Wondershare_Recoverit_Installer.dmg","isInstaller":"True","hashMD5":"1b57fde0b6312795bdff440541ea32cb","hashSHA1":"92fa3e13aba2419839a85c9b82749c00b14022ce","hashSHA256":"149174dce191fa5c850a89945da39ae3d9752b54721be7ff66d458e1e14e13c3","sourceIndex":"115","avBlockList":["Avast Security for Mac (20260414)","Avira Security for Mac (20260414)","ESET Cyber Security Pro for Mac (20260414)","Norton Security for Mac (20260414)","SpyHunterforMac (20260414)","Trend Micro Antivirus for Mac (20260414)"],"avAllowList":["Bitdefender Antivirus for Mac (20260414)","G DATA AntiVirus for Mac (20260414)","K7 Antivirus for Mac (20260414)","Kaspersky Internet Security for Mac (20260414)","McAfee Internet Security for Mac (20260414)","Sophos Home Premium For Mac (20260414)"]}],"additionalFiles":[],"sources":[{"howFound":"https://recoverit.wondershare.com/","reference":"https://www.wondershare.com","landingPage":"https://recoverit.wondershare.com/","directDownloadingLink":"https://download.wondershare.com/inst/installer-privacy-b_recoverit_setup_full4138.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/inst/installer-privacy-b_recoverit_setup_full4138.dmg","sourceIndex":"115"}],"sampleFiles":["260302/WondershareRecoverit-251127/14.0.12/Samples/Recoverit","260302/WondershareRecoverit-251127/14.0.12/Samples/Wondershare_Recoverit_Installer.dmg"],"imageFiles":["260302/WondershareRecoverit-251127/14.0.12/Images/ACR-004/app3.png","260302/WondershareRecoverit-251127/14.0.12/Images/ACR-004/app5.png","260302/WondershareRecoverit-251127/14.0.12/Images/ACR-004/Recoverit Online Store to Recover Data on Mac Computers.png"],"nonDeceptorImageFiles":["260302/WondershareRecoverit-251127/14.0.12/Images/ACR-045/Official Recoverit for Mac - Recover Unlimited Data from Mac System2.png"],"guid":"e7e6be31-bb77-4e14-ac8d-22bccfc1857d_14.0.12_1","appID":"WondershareRecoverit-251127","dateAdded":"260302","deceptorType":"MacOS App","name":"Wondershare Recoverit for Mac","company":"WONDERSHARE TECHNOLOGY GROUP CO., LIMITED","version":"14.0.12","lastKnownStatus":"14.0.5;14.0.12","lastKnownDate":"260302","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-02T20:00:04.6406658+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":20},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-045":"“Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"Wondershare_Recoverit_Installer.dmg","isInstaller":"True","hashMD5":"d5a0e47ce8e6322fee73cb1d50c5a778","hashSHA1":"4436cf3f22726cce9eca2c648bce801b9aa04b45","hashSHA256":"88de43b4aabfe239b9fdeaca69630ca6f6b6f771f8d37e49970743c3c09f139d","sourceIndex":"140","avBlockList":["Avast Security for Mac (20260210)","Avira Security for Mac (20260210)","Norton Security for Mac (20260210)","SpyHunterforMac (20260210)","Trend Micro Antivirus for Mac (20260210)"],"avAllowList":["Bitdefender Antivirus for Mac (20260210)","ESET Cyber Security Pro for Mac (20260210)","G DATA AntiVirus for Mac (20260210)","K7 Antivirus for Mac (20260210)","Kaspersky Internet Security for Mac (20260210)","McAfee Internet Security for Mac (20260210)","Sophos Home Premium For Mac (20260210)"]},{"isRevoked":"False","fileName":"Recoverit","fileVersion":"10.10.0","hashMD5":"bf1a771b7421e03e9fb392f48d5b79fb","hashSHA1":"b6b639e89ab77b3220c4b586b3f35fcb261abbba","hashSHA256":"ced7a3781d21b6b3b6fb451dcfaabae32d24cfcf2751b36c0bf0083d8ea5a67d","sourceIndex":"140","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://recoverit.wondershare.com/","reference":"https://www.wondershare.com","landingPage":"https://recoverit.wondershare.com/","directDownloadingLink":"https://download.wondershare.com/inst/installer-privacy-a_recoverit_setup_full4138.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/inst/installer-privacy-a_recoverit_setup_full4138.dmg","sourceIndex":"140"}],"sampleFiles":["251201/WondershareRecoverit-251127/14.0.5/Samples/Wondershare_Recoverit_Installer.dmg","251201/WondershareRecoverit-251127/14.0.5/Samples/Recoverit"],"imageFiles":["251201/WondershareRecoverit-251127/14.0.5/Images/ACR-004/app6.png","251201/WondershareRecoverit-251127/14.0.5/Images/ACR-004/Offerpage1.png"],"nonDeceptorImageFiles":["251201/WondershareRecoverit-251127/14.0.5/Images/ACR-045/landingpage2.png","251201/WondershareRecoverit-251127/14.0.5/Images/ACR-045/landingpage3.png"],"guid":"e7e6be31-bb77-4e14-ac8d-22bccfc1857d_14.0.5_1","appID":"WondershareRecoverit-251127","dateAdded":"260302","deceptorType":"MacOS App","name":"Wondershare Recoverit for Mac","company":"WONDERSHARE TECHNOLOGY GROUP CO., LIMITED","version":"14.0.5","lastKnownStatus":"14.0.5;14.0.12","lastKnownDate":"260302","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-03-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":21},{"violations":{"ACR-048":"1. The app needs to provide control to quit the background process and app completely within the app settings.\n2. The control for the \"Allow sharing\" option in the settings doesn't function as it claims. The sharing function is always on.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active  from the consumer without any notification.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CareBuzz\\CareBuzz.exe","companyName":"","productName":"CareBuzz","productVersion":"0.1.1.0","fileVersion":"0.1.1.0","hashMD5":"d02e0e3034962c0d82f63b09af19da37","hashSHA1":"e69737350c9fe6767d0a938945b274770eb4aa2f","hashSHA256":"73ea6d6cb8c0e16f8f101edd01d1577b9e25a2b6a8c539f251e88b7865325613","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Honeygain UAB","storeId":"","sourceIndex":"628","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CareBuzz\\CareBuzzUpdater.exe","companyName":"CareBuzz","productName":"CareBuzz","productVersion":"0.1.1.0","fileVersion":"0.1.1.0","hashMD5":"95ca575cfdb33c41e756f73a277c68cf","hashSHA1":"d023e11f2072db321e37ab49740085866c190824","hashSHA256":"1a4cc4db7a782499935f780d5f5763c89c726482874f15a4bd15dbd25ce54c04","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Honeygain UAB","storeId":"","sourceIndex":"628","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CareBuzz_install.exe","isInstaller":"True","companyName":"CareBuzz","productName":"CareBuzz","productVersion":"0.1.1.0","fileVersion":"0.1.1.0","hashMD5":"a6de5e58f89021235e2b2055f86faac2","hashSHA1":"c06b8544a53a117b2ab731f70473b43c33ebdaa0","hashSHA256":"bbe1a5b149abaae8fa79de489ebe5a3971e9a18123757b058bec8c793a26c331","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Honeygain UAB","storeId":"","sourceIndex":"628","avBlockList":["Avast Premium Security (20240208)","AVG Internet Security (20240208)","COMODO Antivirus (20240208)","ESET Internet Security (20240208)","K7 Total Security (20240208)","Kaspersky Internet Security (20240208)","McAfee Total Protection (20240208)","Norton Security (20240208)","Panda Dome (20240208)","Sophos Home Premium (20240208)","SpyHunter5 (20240208)","VirIT eXplorer PRO (20240208)","Webroot SecureAnywhere (20240208)"],"avAllowList":["360 Total Security (20240208)","Avira Internet Security (20240208)","Bitdefender Internet Security (20240208)","Dr.Web Security Space (20240208)","G DATA INTERNET SECURITY (20240208)","Malwarebytes Premium (20240208)","Quick Heal Internet Security (20240208)","Total AV Antivirus Pro (20240208)","Trend Micro Internet Security (20240208)","VIPRE Advanced Security (20240208)","Windows Defender (20240208)"]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing","reference":"Honey Gain","landingPage":"https://www.honeygain.com/carebuzz/","ipv4":"","ipv6":"","sourceIndex":"628"}],"sampleFiles":["240131/CareBuzz-240129/0.1.1.0/Samples/CareBuzz_install.exe"],"imageFiles":["240131/CareBuzz-240129/0.1.1.0/Images/ACR-084/ACR-084_Software_1.png","240131/CareBuzz-240129/0.1.1.0/Images/ACR-048/ACR-048_Software_1.png","240131/CareBuzz-240129/0.1.1.0/Images/ACR-048/ACR-048_Software_2.png"],"nonDeceptorImageFiles":["240131/CareBuzz-240129/0.1.1.0/Images/ACR-123/ACR-123.PNG"],"guid":"c34a3e38-9add-4523-9423-6a7334fa63b1_0.1.1.0_1","appID":"CareBuzz-240129","dateAdded":"260226","deceptorType":"App","name":"CareBuzz","company":"HoneyGain","version":"0.1.1.0","firstResolvedVersion":"","lastKnownStatus":"0.1.1.0;1.1.3.0","lastKnownDate":"260226","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":24},{"violations":{"ACR-048":"\"Quit Carebuzz\"  doesn't quit application completely. The process keeps running in background.\n","ACR-084":"On closing the app, the application keeps running silently in background without notifying user. No clearly indicating the resource sharing is active.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"CareBuzz_install.exe","isInstaller":"True","companyName":"CareBuzz","productName":"CareBuzz","productVersion":"0.1.3.0","fileVersion":"0.1.3.0","hashMD5":"370b06df1a2e59e0090fcce092a02187","hashSHA1":"eaa8738ccceb1919152419008a779ff733516fc9","hashSHA256":"7b91998b0ec0874b3e8135db7933e1c0fef457e095a2da2b3a1de37f684ffaf7","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Honeygain, UAB\", O=\"Honeygain, UAB\", S=Vilnius, C=LT, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT, SERIALNUMBER=306103177","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"116","avBlockList":["360 Total Security (20260428)","COMODO Antivirus (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)"],"avAllowList":["Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","Dr.Web Security Space (20260428)","G DATA INTERNET SECURITY (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)","Windows Defender (20260428)","McAfee Total Protection (20260428)"]},{"isRevoked":"False","fileName":"CareBuzz.exe","productName":"CareBuzz","productVersion":"0.1.3.0","fileVersion":"0.1.3.0","hashMD5":"b336328cce2739eb18c9ad45e8838aac","hashSHA1":"79f7cabd3e893932ff144be5aec8162dcaa2a847","hashSHA256":"c929b2bc024648e91e85e2366ae77838a234c4d04bedd0619a0233494d9a1a9a","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Honeygain, UAB\", O=\"Honeygain, UAB\", S=Vilnius, C=LT, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT, SERIALNUMBER=306103177","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CareBuzzUpdater.exe","companyName":"CareBuzz","productName":"CareBuzz","productVersion":"0.1.3.0","fileVersion":"0.1.3.0","hashMD5":"c25216dd7a781fff7c34e2644af216d3","hashSHA1":"41f7fcbc402e84ccbfcd4a82587ff3a3b5db0132","hashSHA256":"d21801f014871019e0e0d5ed57be47ca4502928169048271ad81afaf09730436","digitalCertThumbprint":"18D420FE5078F67A5C24B953661233D90ED8CDE6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Honeygain, UAB\", O=\"Honeygain, UAB\", S=Vilnius, C=LT, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT, SERIALNUMBER=306103177","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"116","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing","reference":"Honey Gain","landingPage":"https://www.honeygain.com/carebuzz/","ipv4":"","ipv6":"","sourceIndex":"116"}],"sampleFiles":["260226/CareBuzz-240129/0.1.3.0/Samples/CareBuzz_install.exe"],"imageFiles":["260226/CareBuzz-240129/0.1.3.0/Images/ACR-084/ACR-084_Software_1.png","260226/CareBuzz-240129/0.1.3.0/Images/ACR-084/ACR-084_Software_2.png","260226/CareBuzz-240129/0.1.3.0/Images/ACR-048/ACR-048_Software_1.png","260226/CareBuzz-240129/0.1.3.0/Images/ACR-048/ACR-048_Software_2.png"],"nonDeceptorImageFiles":["260226/CareBuzz-240129/0.1.3.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"c34a3e38-9add-4523-9423-6a7334fa63b1_0.1.3.0_1","appID":"CareBuzz-240129","dateAdded":"260226","deceptorType":"App","name":"CareBuzz","company":"HoneyGain","version":"0.1.3.0","firstResolvedVersion":"","lastKnownStatus":"0.1.1.0;1.1.3.0","lastKnownDate":"260226","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-26T23:31:14.5613909+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":23},{"violations":{"ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-059":"The offer is not marked clearly it is optional offer. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"1.85.0                                            ","fileVersion":"1.85.0              ","hashMD5":"b789173ce35f68f9da1ff9faa00c6d86","hashSHA1":"3fb2ddf50866299d62f4e49de7b32300518edc46","hashSHA256":"58da26d46c3641b775970ac5ba92603eb9d7b59554bdd0520f54c812cb496a47","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1703","avBlockList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Quick Heal Internet Security (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","VIPRE Advanced Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)","Windows Defender (20240613)"],"avAllowList":["Tencent PC Manager (20220428)","Trend Micro Internet Security (20240613)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\BitComet.exe","companyName":"www.BitComet.com","productName":"BitComet 64-bit","productVersion":"1.85","fileVersion":"1.85","hashMD5":"79d211fcf99411e9081d53e7af36ed54","hashSHA1":"132d2b32ab95c1c0f56f54ea7ac48fd43ff491db","hashSHA256":"9f05f0647bc7a9c53559c0ef8497f9617659607f06d5830f5debeb2e9965cf61","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1703","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1703"}],"sampleFiles":["220223/bitcomet-220223/1.85.1.18/Samples/bitcomet_setup.exe"],"imageFiles":["220223/bitcomet-220223/1.85.1.18/Images/ACR-097/ACR-097_Software_Exception_Behaviour.JPG","220223/bitcomet-220223/1.85.1.18/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220223/bitcomet-220223/1.85.1.18/Images/ACR-059/Offer1.jpg"],"nonDeceptorImageFiles":[],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.85.1.18_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.85.1.18","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":70},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement (https://store.bittorrent.com/849/?scope=checkout&cfg=bittorent_redesign_nr&cart=238174&tracking=BitTorrent&tracking=quantcast&enablecoupon=true&x-newsletter=true&paymentTypeId=CCA_VIS&x-logo=ut&x-layout=sass2col) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\uTorrent> instead of the standard location.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1377","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\updates\\3.5.5_46542\\utorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"046dd376d569d451935759e6279c0ce4","hashSHA1":"b6976b186758d6d7e1ba799802c0eab2b8207757","hashSHA256":"02ef23aa766740943aa2c5d1bee832bd8c1527f33fe12832f7986d9e8fa7444a","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1377","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46542","fileVersion":"3.5.5.46542","hashMD5":"33a93c317ce7d83768be259447b9d3df","hashSHA1":"55f1130f1d6b736a44a6fece78f196277def9d42","hashSHA256":"74c45a5f2ffffad53ca82c3daf94b5c21ef2e06bdbc2e6ecc8128124933cd6e5","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1377","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe","isInstaller":"True","companyName":"                                                            ","productName":"µTorrent® Classic                                           ","productVersion":"3.5                                               ","fileVersion":"3.5                 ","hashMD5":"68a70ef9d99e94926e7231e00e136890","hashSHA1":"5486bb9e8ad619d60e627efb13b1eb474a47c94f","hashSHA256":"f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1377","avBlockList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","Windows Defender (20240718)","FortectPremium (20240718)"],"avAllowList":["Tencent PC Manager (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1377"}],"sampleFiles":["221011/uTorrentClassic-211215/3.5.5.46542/Samples/uTorrent.exe"],"imageFiles":["221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-048/ACR-048.JPG","221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-084/ACR-084_Software.JPG","221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-097/ACR-097.JPG","221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-017/ACR-017.JPG"],"nonDeceptorImageFiles":["221011/uTorrentClassic-211215/3.5.5.46542/Images/ACR-040/ACR-040.JPG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46542_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46542","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":50},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement (https://store.bittorrent.com/849/?scope=checkout&cfg=bittorent_redesign_nr&cart=238174&tracking=BitTorrent&tracking=quantcast&enablecoupon=true&x-newsletter=true&paymentTypeId=CCA_VIS&x-logo=ut&x-layout=sass2col) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\uTorrent> instead of the standard location.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1518","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\updates\\3.5.5_46348\\utorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"cc70a40eea5375c967813f0b3595b61d","hashSHA1":"2e58b566bb2d011c4ca1bcb1f1d69565f957e618","hashSHA256":"28317a2f4adad12865be839e1ac038d11a134d13c494024ba5af1ffb8a26929f","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1518","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46348","fileVersion":"3.5.5.46348","hashMD5":"600f20abcc1fa9f5bda0965d07b6855d","hashSHA1":"38f079ce6b51508a9e62bd7b24ed792cde38d33b","hashSHA256":"7d89a16fc0d3afa3cd78cc51e7ae6a81343cb14de6fdca9325142deca5133515","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1518","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe","isInstaller":"True","companyName":"                                                            ","productName":"µTorrent® Classic                                           ","productVersion":"3.5                                               ","fileVersion":"3.5                 ","hashMD5":"68a70ef9d99e94926e7231e00e136890","hashSHA1":"5486bb9e8ad619d60e627efb13b1eb474a47c94f","hashSHA256":"f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1518","avBlockList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","Windows Defender (20240718)","FortectPremium (20240718)"],"avAllowList":["Tencent PC Manager (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.utorrent.com/desktop/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1518"}],"sampleFiles":["220712/uTorrentClassic-211215/3.5.5.46348/Samples/uTorrent.exe"],"imageFiles":["220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-048/ACR-048_Install.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-084/ACR-084_Software.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-097/ACR-097_Software.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-118/ACR-118_Uninstall.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-118/ACR-118_Uninstall_1.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-017/ACR-017_InternalOffers.JPG"],"nonDeceptorImageFiles":["220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-040/ACR-040_Install.JPG","220712/uTorrentClassic-211215/3.5.5.46348/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46348_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46348","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":51},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement ( https://store.bittorrent.com/849/?scope=checkout&cfg=bittorent_redesign_nr&cart=238174&tracking=BitTorrent&tracking=quantcast&enablecoupon=true&x-newsletter=true&paymentTypeId=CCA_VIS&x-logo=ut&x-layout=sass2col) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\uTorrent> instead of the standard location.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1547","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\updates\\3.5.5_46304\\utorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"3db2507f58e1fc30c23e30b03ad94778","hashSHA1":"18369b9e0c1640bf71e71339a26da98e976459f0","hashSHA256":"32efa4bffb640bc07d5104fb5e6dd4feb6c298f7acd10198289ae8a7e22604cf","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1547","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46304","fileVersion":"3.5.5.46304","hashMD5":"dc207cc725ba775fe9a5d7fd3abbf0d1","hashSHA1":"6f5ad0fb56ba624afa24c7f7ce703736bb7c8c1f","hashSHA256":"8ce54612b6ba168908343fc29c89c6d4cadbb05bab38b87876ff9fb3e98b4e4e","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1547","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe","isInstaller":"True","companyName":"                                                            ","productName":"µTorrent® Classic                                           ","productVersion":"3.5                                               ","fileVersion":"3.5                 ","hashMD5":"a1dd2f1ae9790d39852d8216cc0764a1","hashSHA1":"af3c126b46b8c33c01304c621f0ff9a13d3da4af","hashSHA256":"aa6a9387bdaf3c1ecc34e51404a49d5d97fb9ace4f08b7ac3b3558a41eac87f4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1547","avBlockList":["COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)"],"avAllowList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","K7 Total Security (20240613)","Kaspersky Internet Security (20240613)","Quick Heal Internet Security (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","Trend Micro Internet Security (20240613)","VIPRE Advanced Security (20240613)","Windows Defender (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/desktop/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1547"}],"sampleFiles":["220622/uTorrentClassic-211215/3.5.5.46304/Samples/uTorrent.exe"],"imageFiles":["220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-048/ACR-048_Install.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-084/ACR-084_Software.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-097/ACR-097_Software.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-118/ACR-118_Uninstall.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-118/ACR-118_Uninstall_1.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-017/ACR-017_InternalOffers.JPG"],"nonDeceptorImageFiles":["220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-040/ACR-040_Install.JPG","220622/uTorrentClassic-211215/3.5.5.46304/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46304_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46304","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":52},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement ( https://bit.ly/3JuzY2b ) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n","ACR-059":"The recommended by \"who\" is not clear in the Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46200","fileVersion":"3.5.5.46200","hashMD5":"7c4f15ea0f16f5bfd2e868d70aded600","hashSHA1":"f79177ecfbc633e294a9c159bac9424f712278e1","hashSHA256":"d91e240254ebb233f7f23fa1afe91c12089eed919e9ff85e4cb7a8aeb04b5a51","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrentClassicInstaller.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46200","fileVersion":"3.5.5.46200","hashMD5":"022d5ae6c56eae61aac0e44bb680bc5e","hashSHA1":"41a0cbb65ede0c6105a4b4db36014d593c59fc7d","hashSHA256":"50d5c5e87031f564b0ccf85520fd29e8189f06f616054bbbd31340b8d643a4a2","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1709","avBlockList":["Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","FortectPremium (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Kaspersky Internet Security (20220222)","McAfee Total Protection (20240808)","SpyHunter5 (20240808)","Tencent PC Manager (20220222)","Total AV Antivirus Pro (20240808)","Windows Defender (20240808)","KasperskyPremium (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/desktop/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1709"}],"sampleFiles":["220214/uTorrentClassic-211215/3.5.5.46200/Samples/uTorrentClassicInstaller.exe"],"imageFiles":["220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-048/ACR-048_Software_No_Control.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-084/ACR-084_Software_Process.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-097/ACR-097_Software.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-118/ACR-118_Uninstall_Retains.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-118/ACR-118_Uninstall_Retains_1.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-059/ACR-059_BundlerMadeOffers_Recommended.JPG","220214/uTorrentClassic-211215/3.5.5.46200/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46200_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46200","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":53},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement ( https://bit.ly/30uyTX5 ) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without details the reason to user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers. \n","ACR-059":"The recommended by \"who\" is not clear in the Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46148","fileVersion":"3.5.5.46148","hashMD5":"0fd690965106cb0a7ac1122498ff993a","hashSHA1":"7a307e73eca7e00fb8f9de03657035b3618eb778","hashSHA256":"1c50bfb94e6dd203e78b475d859ab0752167de75af3277cc9214bcd136303273","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1726","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\uTorrent.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46148","fileVersion":"3.5.5.46148","hashMD5":"f44824a63d5d3eb1352ed5dfabfcdce2","hashSHA1":"c5560634c092a5d5b816d057144043a0b6eea5b7","hashSHA256":"57982817e22b04a8ba62880500fe14c2e0549445ea60ddb8862b7e4699ad4b6d","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1726","avBlockList":["360 Total Security (20240730)","Bitdefender Internet Security (20240730)","COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","G DATA INTERNET SECURITY (20240730)","K7 Total Security (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Sophos Home Premium (20240730)","Tencent PC Manager (20220324)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)","FortectPremium (20240730)"],"avAllowList":["Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Kaspersky Internet Security (20230905)","McAfee Total Protection (20240730)","Quick Heal Internet Security (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","Windows Defender (20240730)","KasperskyPremium (20240730)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1726"}],"sampleFiles":["220126/uTorrentClassic-211215/3.5.5.46148/Samples/uTorrentClassicInstaller.exe"],"imageFiles":["220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-048/ACR-048_Software_No_Control.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-084/ACR-084_Software_Process.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-097/ACR-097_Software.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_3.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-059/ACR-059_BundlerMadeOffers_Recommended.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG","220126/uTorrentClassic-211215/3.5.5.46148/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46148_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46148","sigName":"Deceptor:Win32/uTorrentClassic!048084097118057059055017","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":54},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app has a default settings \"Add Windows firewall exception\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","productName":"BitComet","productVersion":"2.12.1.9","fileVersion":"2.12.1.9","hashMD5":"b71f074489d9b0b16f2b5e751054d7b6","hashSHA1":"146bc790e4e9a3cc8ac521999ac83dac5acb6dae","hashSHA256":"839c696ae3d7497d3c3b70eceb2d9f8337569ffcf63879697cdb94b915a0fc17","digitalCertThumbprint":"6319B05A9D8D4DCC620BDFEBDBBF0DC166F9363B","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Astronexx, O=Astronexx, S=Tel Aviv, C=IL","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"118","avBlockList":["Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","Dr.Web Security Space (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","Malwarebytes Premium (20260428)","Norton Security (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","Total AV Antivirus Pro (20260428)","VIPRE Advanced Security (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":["360 Total Security (20260428)","McAfee Total Protection (20260428)","Trend Micro Internet Security (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://bitcomet.com/en/","directDownloadingLink":"https://d1vnov0b4l0has.cloudfront.net/9UNcPwhA1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1vnov0b4l0has.cloudfront.net/9UNcPwhA1.exe","sourceIndex":"118"}],"sampleFiles":["260209/bitcomet-220223/2.20.1.19/Samples/bitcomet_setup.exe"],"imageFiles":["260209/bitcomet-220223/2.20.1.19/Images/ACR-097/ACR-097.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-097/app4.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-084/ACR-084.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-013/offer1.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-013/offer2.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-060/offer1.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-060/offer2.png"],"nonDeceptorImageFiles":["260209/bitcomet-220223/2.20.1.19/Images/ACR-123/ACR-123_1.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-123/ACR-123_2.png","260209/bitcomet-220223/2.20.1.19/Images/ACR-123/ACR-123_3.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.20.1.19_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.20.1.19","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T23:17:10.5767925+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":55},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\nDuring uninstallation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app has a default settings \"Add Windows firewall exception\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-124":"During uninstallation, the app shows more than 1 prompt and provides third-party offers, thus adding unnecessary friction for the consumer.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.8.7                                           ","fileVersion":"2.0.8.7             ","hashMD5":"8c0ee88d75cbc41b3e15b3249e90bf6c","hashSHA1":"6772cb9a9ff9aa0ff5730e5a92f227027e7663c6","hashSHA256":"71d8f62750b57b700d3e762fc2798df472e08538b21afd57257d008f9a048bbe","digitalCertThumbprint":"D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"526","avBlockList":["Avast Premium Security (20241217)","AVG Internet Security (20241217)","Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","ESET Internet Security (20241217)","FortectPremium (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","KasperskyPremium (20241217)","Malwarebytes Premium (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","VIPRE Advanced Security (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)"],"avAllowList":["360 Total Security (20241217)","Avira Internet Security (20241217)","Dr.Web Security Space (20241217)","McAfee Total Protection (20241217)","Total AV Antivirus Pro (20241217)","Trend Micro Internet Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://www.bitcomet.com/en/downloading?platform=win32","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bitcomet.com/en/downloading?platform=win32","sourceIndex":"526"}],"sampleFiles":["240930/bitcomet-220223/2.0.9.0/Samples/bitcomet_setup.exe"],"imageFiles":["240930/bitcomet-220223/2.0.9.0/Images/ACR-097/ACR-097.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-097/ACR-097_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-084/ACR-084.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-048/ACR-048.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124_2.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124_3.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-124/ACR-124_4.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-013/ACR-013.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-013/ACR-013_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-013/ACR-013_Uninstall.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-013/ACR-013_Uninstall_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-060/ACR-060.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240930/bitcomet-220223/2.0.9.0/Images/ACR-123/ACR-123.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-123/ACR-123_1.PNG","240930/bitcomet-220223/2.0.9.0/Images/ACR-123/ACR-123_2.PNG"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.9.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.9.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":56},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app has a default settings \"Add Windows firewall exception\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.8.0                                           ","fileVersion":"2.0.8.0             ","hashMD5":"2f9281010bf12890403934bdb517c2c4","hashSHA1":"6e822864dd45fa4a09d29b6e0dc5906dbf96e3d1","hashSHA256":"7ccef9af5267c22a56bdbaf2f9109a02611bba461e0b0321bed42b5911163272","digitalCertThumbprint":"D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"620","avBlockList":["Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","ESET Internet Security (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Quick Heal Internet Security (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)","FortectPremium (20240829)","KasperskyPremium (20240829)"],"avAllowList":["360 Total Security (20240829)","Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","McAfee Total Protection (20240829)","Total AV Antivirus Pro (20240829)","Trend Micro Internet Security (20240829)","Windows Defender (20240829)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://www.bitcomet.com/en/downloading?platform=win32","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bitcomet.com/en/downloading?platform=win32","sourceIndex":"620"}],"sampleFiles":["240620/bitcomet-220223/2.0.8.0/Samples/bitcomet_setup.exe"],"imageFiles":["240620/bitcomet-220223/2.0.8.0/Images/ACR-097/ACR-097.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-097/ACR-097_1.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-084/ACR-084.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-048/ACR-048.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-013/ACR-013.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-013/ACR-013_1.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-060/ACR-060.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240620/bitcomet-220223/2.0.8.0/Images/ACR-123/ACR-123.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-123/ACR-123_1.PNG","240620/bitcomet-220223/2.0.8.0/Images/ACR-123/ACR-123_2.PNG"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.8.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.8.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":57},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app has a default settings \"Add Windows firewall exception\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.7.0                                           ","fileVersion":"2.0.7.0             ","hashMD5":"a2af719ea5acf34dbba496a4a2d14b87","hashSHA1":"c034b644776331c512e7b5953993ba9b86ce1728","hashSHA256":"574f282bee0927e2582139d6c6ef565c10e49d5187dc87625aecfeb66d61105f","digitalCertThumbprint":"D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"697","avBlockList":["Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","FortectPremium (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)"],"avAllowList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","McAfee Total Protection (20240723)","Total AV Antivirus Pro (20240723)","Windows Defender (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d1e8a0cmlfx1tk.cloudfront.net/installer/9726353368659768601/163852","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1e8a0cmlfx1tk.cloudfront.net/installer/9726353368659768601/163852","sourceIndex":"697"}],"sampleFiles":["240327/bitcomet-220223/2.0.7.0/Samples/bitcomet_setup.exe"],"imageFiles":["240327/bitcomet-220223/2.0.7.0/Images/ACR-097/ACR-097.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-097/ACR-097_1.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-042/ACR-042.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-084/ACR-084.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-013/ACR-013.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-013/ACR-013_1.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-060/ACR-060.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240327/bitcomet-220223/2.0.7.0/Images/ACR-123/ACR-123_1.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-123/ACR-123_2.PNG","240327/bitcomet-220223/2.0.7.0/Images/ACR-123/ACR-123_3.PNG"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.7.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.7.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":58},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-017":"The 3rd party endorsement (https://store.bittorrent.com/849/?scope=checkout&cfg=bittorent_redesign_nr&cart=238174&tracking=BitTorrent&tracking=quantcast&enablecoupon=true&x-newsletter=true&paymentTypeId=CCA_VIS&x-logo=ut&x-layout=sass2col) is not verifiable. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has the option to evade default system security guard \"Add an exception for uTorrent in windows firewall\" without dislclsoing exception reason to the user\n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\uTorrent> instead of the standard location.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1350","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\updates\\3.5.5_46552\\utorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"0b383dfcc445fbfa0d62595812ffac16","hashSHA1":"e63460c994957cf0860d000f4620a8994a5753fd","hashSHA256":"88d610acf543eb7679ee558db9c31972353d46a792b1d233c7acb30a486f1e23","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1350","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.5.5.46552","fileVersion":"3.5.5.46552","hashMD5":"be8519c6da696abd322b2db07ff2b462","hashSHA1":"a2dcb30ae032c3b0695af6ac1601bedbc05a11fd","hashSHA256":"d9ff2aeb715a0c795e8e86a9de31eb1405bf510d9e57860acb0fde71a0e80468","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1350","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe","isInstaller":"True","companyName":"                                                            ","productName":"µTorrent® Classic                                           ","productVersion":"3.5                                               ","fileVersion":"3.5                 ","hashMD5":"68a70ef9d99e94926e7231e00e136890","hashSHA1":"5486bb9e8ad619d60e627efb13b1eb474a47c94f","hashSHA256":"f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1350","avBlockList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","Windows Defender (20240718)","FortectPremium (20240718)"],"avAllowList":["Tencent PC Manager (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1350"}],"sampleFiles":["221027/uTorrentClassic-211215/3.5.5.46552/Samples/uTorrent.exe"],"imageFiles":["221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-048/ACR-048_Install.JPG","221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-084/ACR-084_Software.JPG","221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-097/ACR-097_Software.JPG","221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-017/ACR-017_InternalOffers.JPG"],"nonDeceptorImageFiles":["221027/uTorrentClassic-211215/3.5.5.46552/Images/ACR-040/ACR-040_Install.JPG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.5.5.46552_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.5.5.46552","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":49},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application retains certain executables and non-executable files. Also, did not remove the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.6.0                                           ","fileVersion":"2.0.6.0             ","hashMD5":"f3a7a84a230f0fcdd1013100fcf5139b","hashSHA1":"9124eb61cb4b94842b3a291e9791887032dae979","hashSHA256":"e7c01533667aeaca3a0bc8e932557083c61c57b9d95e412947dd3cd7a61396c9","digitalCertThumbprint":"D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"727","avBlockList":["360 Total Security (20240227)","Avira Internet Security (20240227)","Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VIPRE Advanced Security (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)"],"avAllowList":["Avast Premium Security (20240227)","AVG Internet Security (20240227)","Dr.Web Security Space (20240227)","McAfee Total Protection (20240227)","Trend Micro Internet Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"727"}],"sampleFiles":["240220/bitcomet-220223/2.0.6.0/Samples/bitcomet_setup.exe"],"imageFiles":["240220/bitcomet-220223/2.0.6.0/Images/ACR-097/ACR-097_Software_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-097/ACR-097_Software_2.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-042/ACR-042_Install_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-084/ACR-084_Software_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-014/ACR-014_Install_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-013/ACR-013_Install_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-013/ACR-013_Install_2.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240220/bitcomet-220223/2.0.6.0/Images/ACR-123/ACR-123_Uninstall_3.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-123/ACR-123_Uninstall_4.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-123/ACR-123_Uninstall_1.png","240220/bitcomet-220223/2.0.6.0/Images/ACR-123/ACR-123_Uninstall_2.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.6.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.6.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":59},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"c7fa9b7e965e5e9fe40f3d5bcc3e5e08","hashSHA1":"48612709cf534f113e4d3f02319a8832ffde3594","hashSHA256":"a5d99d29cd226579fe6a85973c5e4d572179b794f445d70303ee069a9acba487","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"806","avBlockList":["Avira Internet Security (20231121)","Bitdefender Internet Security (20231121)","COMODO Antivirus (20231121)","Dr.Web Security Space (20231121)","ESET Internet Security (20231121)","G DATA INTERNET SECURITY (20231121)","K7 Total Security (20231121)","Kaspersky Internet Security (20231121)","Malwarebytes Premium (20231121)","Norton Security (20231121)","Panda Dome (20231121)","Quick Heal Internet Security (20231121)","Sophos Home Premium (20231121)","SpyHunter5 (20231121)","Total AV Antivirus Pro (20231121)","VIPRE Advanced Security (20231121)","VirIT eXplorer PRO (20231121)","Webroot SecureAnywhere (20231121)"],"avAllowList":["360 Total Security (20231121)","Avast Premium Security (20231121)","AVG Internet Security (20231121)","McAfee Total Protection (20231121)","Trend Micro Internet Security (20231121)","Windows Defender (20231121)"]},{"isRevoked":"False","fileName":"bitcomet_setup_231102.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"eabb0d6a2f448e2f88685e19a85b1cc5","hashSHA1":"2129494c0d55b645e638a8d9a933811b5ccfc5ce","hashSHA256":"b0f26d73b1785c820a870a6f2c258598463aa7d577a3b2934bc37aadd45c6385","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"806","avBlockList":["Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","FortectPremium (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","KasperskyPremium (20240808)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VIPRE Advanced Security (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","McAfee Total Protection (20240808)","Trend Micro Internet Security (20240808)","Windows Defender (20240808)"]},{"isRevoked":"False","fileName":"bitcomet_setup_231108.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"b591e06f3bc3fa0ad661fd0090bd1cf6","hashSHA1":"49decb2ec2ebbe1ce4df4630b1fb415546c59a42","hashSHA256":"de98f003db1feca34db83638944cbdce679367d5e6bb576f72e233d0ff3a5cbc","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"806","avBlockList":["Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","FortectPremium (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","KasperskyPremium (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","VIPRE Advanced Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)"],"avAllowList":["360 Total Security (20240815)","Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","McAfee Total Protection (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","Windows Defender (20240815)"]},{"isRevoked":"False","fileName":"bitcomet_setup_231116.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"b2d9815f7382e2d9dd0972996bad87af","hashSHA1":"62f0d44b5f2311868db3abfb3fabc260869f8a49","hashSHA256":"30342bc1865f9c40a56320c4a40b5c4dd25e86268bf72ae851935cbae9a50fb3","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"806","avBlockList":["Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","G DATA INTERNET SECURITY (20240820)","K7 Total Security (20240820)","KasperskyPremium (20240820)","Malwarebytes Premium (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","VIPRE Advanced Security (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)"],"avAllowList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","McAfee Total Protection (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","Windows Defender (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d1e8a0cmlfx1tk.cloudfront.net/installer/57800901885072864/43703509","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1e8a0cmlfx1tk.cloudfront.net/installer/57800901885072864/43703509","sourceIndex":"806"}],"sampleFiles":["231116/bitcomet-220223/2.0.4.0/Samples/bitcomet_setup.exe","231116/bitcomet-220223/2.0.4.0/Samples/bitcomet_setup_231102.exe","231116/bitcomet-220223/2.0.4.0/Samples/bitcomet_setup_231108.exe","231116/bitcomet-220223/2.0.4.0/Samples/bitcomet_setup_231116.exe"],"imageFiles":["231116/bitcomet-220223/2.0.4.0/Images/ACR-097/ACR-097.jpg","231116/bitcomet-220223/2.0.4.0/Images/ACR-042/ACR-042.jpg","231116/bitcomet-220223/2.0.4.0/Images/ACR-084/ACR-084.jpg","231116/bitcomet-220223/2.0.4.0/Images/ACR-013/OptionalOffer.jpg","231116/bitcomet-220223/2.0.4.0/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["231116/bitcomet-220223/2.0.4.0/Images/ACR-123/ACR-123.jpg"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.4.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.4.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":61},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"BitComet.exe","companyName":"www.BitComet.com","fileVersion":"2.3","hashMD5":"92c13eb4b0347fde16b4e02b288c339f","hashSHA1":"f738d997e3d79d339306951565fc96dda6242cb2","hashSHA256":"bc1a76868e6d813821f780fc946c46434aef339f7c6a881a1cd647c0a516b180","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"905","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"8a25a20fde19a8f580e4eddf5b321c44","hashSHA1":"bdf7a79e34fb9ad725108144b8cf0346b9a9b67b","hashSHA256":"56ee40dbef8292bf80d187bdb44778b4a00036848823cdf7b2afd852a248cd26","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"905","avBlockList":["Avira Internet Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","ESET Internet Security (20231102)","G DATA INTERNET SECURITY (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Avast Premium Security (20231102)","AVG Internet Security (20231102)","McAfee Total Protection (20231102)","Windows Defender (20231102)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"905"}],"sampleFiles":["230906/bitcomet-220223/2.0.3/Samples/BitComet.exe","230906/bitcomet-220223/2.0.3/Samples/bitcomet_setup.exe"],"imageFiles":["230906/bitcomet-220223/2.0.3/Images/ACR-097/ACR-097.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-042/ACR-042.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-084/ACR-084.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-013/OptionalOffer.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["230906/bitcomet-220223/2.0.3/Images/ACR-123/ACR-123a.jpg","230906/bitcomet-220223/2.0.3/Images/ACR-123/ACR-123b.jpg"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.3_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.3","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":62},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"7f9e2664d5b832c8768234a61d4934bb","hashSHA1":"ea220e54e129e235fdad73d07411fd698f7db656","hashSHA256":"5b7ca67736cb6040f896b475ff0b9c04043d62c1c989cec9b0295196db7e63c9","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"917","avBlockList":["Avira Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)"],"avAllowList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Bitdefender Internet Security (20231228)","McAfee Total Protection (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","Windows Defender (20231228)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"917"}],"sampleFiles":["230821/bitcomet-220223/2.0.2/Samples/bitcomet_setup.exe"],"imageFiles":["230821/bitcomet-220223/2.0.2/Images/ACR-097/FirewallException.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-042/ACR-042.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-084/ACR-084.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-013/OptionalOffer.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["230821/bitcomet-220223/2.0.2/Images/ACR-123/ACR-123.jpg","230821/bitcomet-220223/2.0.2/Images/ACR-123/ACR-123-appdata.jpg"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.2_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.2","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":63},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"BitComet.exe","companyName":"www.BitComet.com","fileVersion":"2.1","hashMD5":"fc063c88b8e50cffc2a92c79ed414983","hashSHA1":"d46c5752509254259ffffbc99380a9f4e907189c","hashSHA256":"f143c7782dbf5732c5f099d86a70f5b5710e740b233d8474a1e1db4dcd2bfa98","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1001","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"282421b40877b9ce0d8cabbdb2fbf56b","hashSHA1":"6bfe587c0ef7a5cfecf086b563d1dfb1625f3623","hashSHA256":"61b7b1fa9fcd841e943b81814cec785c2449e6240661630bc202c598372b972d","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1001","avBlockList":["Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","COMODO Antivirus (20240307)","Dr.Web Security Space (20240307)","ESET Internet Security (20240307)","G DATA INTERNET SECURITY (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","McAfee Total Protection (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Quick Heal Internet Security (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","Trend Micro Internet Security (20240307)","VIPRE Advanced Security (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)"],"avAllowList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","K7 Total Security (20240307)","Windows Defender (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1001"}],"sampleFiles":["230711/bitcomet-220223/2.0.1/Samples/BitComet.exe","230711/bitcomet-220223/2.0.1/Samples/bitcomet_setup.exe"],"imageFiles":["230711/bitcomet-220223/2.0.1/Images/ACR-097/Firewallexception.png","230711/bitcomet-220223/2.0.1/Images/ACR-042/ACR-042.png","230711/bitcomet-220223/2.0.1/Images/ACR-084/ACR-084.png","230711/bitcomet-220223/2.0.1/Images/ACR-013/ACR-013_4.png","230711/bitcomet-220223/2.0.1/Images/ACR-013/OptionalOffer1.png","230711/bitcomet-220223/2.0.1/Images/ACR-060/OptionalOffer1.png"],"nonDeceptorImageFiles":["230711/bitcomet-220223/2.0.1/Images/ACR-123/ACR-123-a.png","230711/bitcomet-220223/2.0.1/Images/ACR-123/ACR-123-b.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.1_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.1","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":64},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"641ee3996cd32e3dabf0b1546b71a4b0","hashSHA1":"f818014b712d33c52c098497863467b5666b3c19","hashSHA256":"aee890270f10c7c1b78c3e07091fb06983e22fa9d18f946a84d04702b940a765","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1091","avBlockList":["Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","COMODO Antivirus (20230608)","Dr.Web Security Space (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","K7 Total Security (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)"],"avAllowList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Trend Micro Internet Security (20230608)","Windows Defender (20230608)"]},{"isRevoked":"False","fileName":"BitComet.exe","companyName":"www.BitComet.com","fileVersion":"2.0","hashMD5":"39014cf1cf429113da2891d699f22507","hashSHA1":"c61b222df3ff7b70f5be5112d7050c52f1463928","hashSHA256":"49bde50c06fadb98e19386e79d9368530eb3baa538aa3f95c552577812248a46","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1091","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1091"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://d2uwggmj21pt97.cloudfront.net/installer/5644244/46887598277","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2uwggmj21pt97.cloudfront.net/installer/5644244/46887598277","sourceIndex":"1092"}],"sampleFiles":["230522/bitcomet-220223/2.0/Samples/bitcomet_setup.exe","230522/bitcomet-220223/2.0/Samples/BitComet.exe"],"imageFiles":["230522/bitcomet-220223/2.0/Images/ACR-097/ACR-097-bit.jpg","230522/bitcomet-220223/2.0/Images/ACR-042/ACR-042_043.jpg","230522/bitcomet-220223/2.0/Images/ACR-084/ACR-084.jpg","230522/bitcomet-220223/2.0/Images/ACR-084/ACR-084-bitcomet.jpg","230522/bitcomet-220223/2.0/Images/ACR-118/ACR-118.jpg","230522/bitcomet-220223/2.0/Images/ACR-013/ACR-013_1.png","230522/bitcomet-220223/2.0/Images/ACR-013/ACR-013_2.png","230522/bitcomet-220223/2.0/Images/ACR-013/ACR-013_3.png","230522/bitcomet-220223/2.0/Images/ACR-013/ACR-013_4.png","230522/bitcomet-220223/2.0/Images/ACR-013/OptionalOffer.jpg","230522/bitcomet-220223/2.0/Images/ACR-060/ACR-060_1.png","230522/bitcomet-220223/2.0/Images/ACR-060/ACR-060_2.png","230522/bitcomet-220223/2.0/Images/ACR-060/ACR-060_3.png","230522/bitcomet-220223/2.0/Images/ACR-060/ACR-060_4.png","230522/bitcomet-220223/2.0/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["230522/bitcomet-220223/2.0/Images/ACR-123/ACR-123.jpg"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":65},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"BitComet.exe","isInstaller":"True","companyName":"www.BitComet.com","fileVersion":"1.99","hashMD5":"efd3cfa7bddd252e32dd88e6bbfc5973","hashSHA1":"531c4ec65a0bf1afc58b846ff5c844b95be99814","hashSHA256":"c8e100cbfed896bec689d37bf28944d4ff0ac21852603c7b3c867d6ecc3fb5d2","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1142","avBlockList":["Avira Internet Security (20240411)","K7 Total Security (20240411)","Kaspersky Internet Security (20240411)","Malwarebytes Premium (20240411)","McAfee Total Protection (20240411)","Norton Security (20240411)","Panda Dome (20240411)","Quick Heal Internet Security (20240411)","Sophos Home Premium (20240411)","SpyHunter5 (20240411)","Total AV Antivirus Pro (20240411)","VirIT eXplorer PRO (20240411)"],"avAllowList":["360 Total Security (20240411)","Avast Premium Security (20240411)","AVG Internet Security (20240411)","Bitdefender Internet Security (20240411)","COMODO Antivirus (20240411)","Dr.Web Security Space (20240411)","ESET Internet Security (20240411)","G DATA INTERNET SECURITY (20240411)","Trend Micro Internet Security (20240411)","VIPRE Advanced Security (20240411)","Webroot SecureAnywhere (20240411)","Windows Defender (20240411)"]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"1.99","hashMD5":"be76e13003314820587c6ff64832765e","hashSHA1":"4e6b36f5ebd091f29b4dd1cbeffc612648393d56","hashSHA256":"47884ecdf4dd3910e3a347de3ea722ea7f732ff9f15e2f5102380734b871b269","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1142","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1142"}],"sampleFiles":["230427/bitcomet-220223/1.99/Samples/BitComet.exe","230427/bitcomet-220223/1.99/Samples/bitcomet_setup.exe"],"imageFiles":["230427/bitcomet-220223/1.99/Images/ACR-097/ACR-097.jpg","230427/bitcomet-220223/1.99/Images/ACR-042/ACR-042.jpg","230427/bitcomet-220223/1.99/Images/ACR-084/ACR-084.jpg","230427/bitcomet-220223/1.99/Images/ACR-118/ACR-118.jpg","230427/bitcomet-220223/1.99/Images/ACR-013/ACR-013_1.png","230427/bitcomet-220223/1.99/Images/ACR-013/ACR-013_2.png","230427/bitcomet-220223/1.99/Images/ACR-013/ACR-013_3.png","230427/bitcomet-220223/1.99/Images/ACR-013/ACR-013_4.png","230427/bitcomet-220223/1.99/Images/ACR-013/OptionalOffer.jpg","230427/bitcomet-220223/1.99/Images/ACR-060/ACR-060_1.png","230427/bitcomet-220223/1.99/Images/ACR-060/ACR-060_2.png","230427/bitcomet-220223/1.99/Images/ACR-060/ACR-060_3.png","230427/bitcomet-220223/1.99/Images/ACR-060/ACR-060_4.png","230427/bitcomet-220223/1.99/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["230427/bitcomet-220223/1.99/Images/ACR-123/ACR-123.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.99_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.99","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":66},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"BitComet.exe-381c584511c773db358f9981214f663e46d05eaec2103e4416e5279c5773eb07","isInstaller":"True","companyName":"www.BitComet.com","fileVersion":"1.98","hashMD5":"37096a6de049ec34cbd851797b120b5d","hashSHA1":"81ab96b0a2480948b47facf549ee30a15d16fcca","hashSHA256":"381c584511c773db358f9981214f663e46d05eaec2103e4416e5279c5773eb07","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1181","avBlockList":["Avira Internet Security (20230926)","Kaspersky Internet Security (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Bitdefender Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Malwarebytes Premium (20230926)","Quick Heal Internet Security (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","Windows Defender (20230926)"]},{"isRevoked":"False","fileName":"bitcomet_setup.exe-ba01d62da0cc42e35a839dfb8483573d166d283c86eef1cc276930694f3cb262","isInstaller":"True","fileVersion":"1.98","hashMD5":"b01f3846502ef3ce068ab61132834692","hashSHA1":"442b62fcace41fdf026be4f5da1cbba2d5a217e1","hashSHA256":"ba01d62da0cc42e35a839dfb8483573d166d283c86eef1cc276930694f3cb262","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1181","avBlockList":["360 Total Security (20230323)","Avira Internet Security (20230323)","Bitdefender Internet Security (20230323)","COMODO Antivirus (20230323)","Dr.Web Security Space (20230323)","ESET Internet Security (20230323)","G DATA INTERNET SECURITY (20230323)","K7 Total Security (20230323)","Kaspersky Internet Security (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Quick Heal Internet Security (20230323)","Sophos Home Premium (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","Trend Micro Internet Security (20230323)","VIPRE Advanced Security (20230323)","VirIT eXplorer PRO (20230323)","Webroot SecureAnywhere (20230323)"],"avAllowList":["Avast Premium Security (20230323)","AVG Internet Security (20230323)","Windows Defender (20230323)"]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","fileVersion":"1.98","hashMD5":"0c2bb65140d0eb00fee23f3cbd96eeaf","hashSHA1":"fb61ea4645b10992c7a2c79fa7cf88f7b5c31b1e","hashSHA256":"54e6e3402782645198a89a7b4ae03c023dddf94880206d054d1a277b21cf10f1","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN","sourceIndex":"1181","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d3kodgqn5k9djk.cloudfront.net/installer/756820/063650034893347238","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3kodgqn5k9djk.cloudfront.net/installer/756820/063650034893347238","sourceIndex":"1181"}],"sampleFiles":["230402/bitcomet-220223/1.98.12.8/Samples/BitComet.exe-381c584511c773db358f9981214f663e46d05eaec2103e4416e5279c5773eb07","230402/bitcomet-220223/1.98.12.8/Samples/bitcomet_setup.exe-ba01d62da0cc42e35a839dfb8483573d166d283c86eef1cc276930694f3cb262","230402/bitcomet-220223/1.98.12.8/Samples/bitcomet_setup.exe"],"imageFiles":["230402/bitcomet-220223/1.98.12.8/Images/ACR-097/ACR-097.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-042/BitComet_042.JPG","230402/bitcomet-220223/1.98.12.8/Images/ACR-084/ACR-084.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-118/ACR-118.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-013/ACR-013_1.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-013/ACR-013_2.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-013/ACR-013_3.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-013/ACR-013_4.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-060/ACR-060_1.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-060/ACR-060_2.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-060/ACR-060_3.png","230402/bitcomet-220223/1.98.12.8/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["230402/bitcomet-220223/1.98.12.8/Images/ACR-123/ACR-123.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.98.12.8_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.98.12.8","sigName":"","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":67},{"violations":{"ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\BitComet.exe","companyName":"www.BitComet.com","productName":"BitComet 64-bit","productVersion":"1.91","fileVersion":"1.91","hashMD5":"3a98dfd359396efa54ccc111cbfbc18b","hashSHA1":"06b99d7881feaed5b83d33c4e9552521482b4b2a","hashSHA256":"a389a890e03664205a36034c836ad4197e47e07a78766b68a4dd02118916a3e3","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1519","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\tools\\BitCometService.exe","companyName":"www.BitComet.com","productName":"BitComet","productVersion":"1.83","fileVersion":"1.83","hashMD5":"174a32c8dca516230ff6eb0805d6f829","hashSHA1":"f0fcce7bf22532e0829812473b3aed437fc105b1","hashSHA256":"b234be795f9472b90c7746b7189ead8ffb2e81ccfc1546d6ea93ebdb6b08010b","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1519","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\tools\\UPNP.exe","companyName":"www.BitComet.com","productName":"UPNP.exe","productVersion":"1.76","fileVersion":"1.76","hashMD5":"febbaf0c03103a63e0141a96535b7745","hashSHA1":"84d8deccdcf8ae2c703063477e4788a61ba061a1","hashSHA256":"5139ca694cdba3802811160dd15563f72b8cc1d6ce0d9cc3b415104516eac305","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1519","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"1.91.0                                            ","fileVersion":"1.91.0              ","hashMD5":"1564141c670c091967af77487f561c96","hashSHA1":"f4bd11fbad6902397befbdf82669675766a60f1d","hashSHA256":"1e698b74ceb7974518d2539bc061344310cc05f4d3772075e17d75362164480f","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1519","avBlockList":["Avira Internet Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Quick Heal Internet Security (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["360 Total Security (20230418)","Avast Premium Security (20230418)","AVG Internet Security (20230418)","Windows Defender (20230418)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://dbfpx8h3uq9ti.cloudfront.net/installer/50950607/0300313875017","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dbfpx8h3uq9ti.cloudfront.net/installer/50950607/0300313875017","sourceIndex":"1519"}],"sampleFiles":["220519/bitcomet-220223/1.91.0/Samples/bitcomet_setup.exe"],"imageFiles":["220519/bitcomet-220223/1.91.0/Images/ACR-097/ACR-097_Software.JPG","220519/bitcomet-220223/1.91.0/Images/ACR-084/ACR-084_Software.JPG","220519/bitcomet-220223/1.91.0/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220519/bitcomet-220223/1.91.0/Images/ACR-123/ACR-123_Uninstall.JPG","220519/bitcomet-220223/1.91.0/Images/ACR-123/ACR-123_Uninstall_1.JPG"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.91.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.91.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":68},{"violations":{"ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\BitComet.exe","companyName":"www.BitComet.com","productName":"BitComet 64-bit","productVersion":"1.87","fileVersion":"1.87","hashMD5":"bc3d64a7e19dc11a094218d9f9cef22f","hashSHA1":"b7709ccd75cff2bc1410d5a73af0986a16b4e3f1","hashSHA256":"0480e296716fc0e256f06e59db6a5200c31624c4369b81de26b876a36df0e799","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1602","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitComet\\tools\\BitCometService.exe","companyName":"www.BitComet.com","productName":"BitComet","productVersion":"1.83","fileVersion":"1.83","hashMD5":"174a32c8dca516230ff6eb0805d6f829","hashSHA1":"f0fcce7bf22532e0829812473b3aed437fc105b1","hashSHA256":"b234be795f9472b90c7746b7189ead8ffb2e81ccfc1546d6ea93ebdb6b08010b","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1602","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"1.87.0                                            ","fileVersion":"1.87.0              ","hashMD5":"2a4592a447d3b9b5661c15b5d3ed4adb","hashSHA1":"a403c80da8a845cfc8be0483f627e654eee689c2","hashSHA256":"1dcb4785fd3bc46bbbffaeda92b90d23c782bdd649a70b653b74697d50733cc0","digitalCertThumbprint":"DC06C09F2067119B72613CCDF4C6AC63CED6BE6E","digitalCertIssuer":"Certum Code Signing CA SHA2","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"1602","avBlockList":["Avira Internet Security (20230831)","COMODO Antivirus (20230831)","Dr.Web Security Space (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)","Windows Defender (20230831)"],"avAllowList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Bitdefender Internet Security (20230831)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"1602"}],"sampleFiles":["220519/bitcomet-220223/1.87.0/Samples/bitcomet_setup.exe"],"imageFiles":["220519/bitcomet-220223/1.87.0/Images/ACR-097/ACR-097_Software_Exception_Behaviour.JPG","220519/bitcomet-220223/1.87.0/Images/ACR-084/ACR-084_1.JPG","220519/bitcomet-220223/1.87.0/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":[],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_1.87.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"1.87.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":69},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App has by default setting \"Add an exception for Windows firewall\" without providing obvious disclaim or option to change the setting during installation.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitComet                                                    ","productVersion":"2.0.5.0                                           ","fileVersion":"2.0.5.0             ","hashMD5":"e4fc74f5c702e0b7f4bf573ab02cac24","hashSHA1":"91ed9030122ccc5891a0b69c8ce875c9dd6ce67f","hashSHA256":"2702cdc4384ca57de294f1cab900dd678296809fb4930dd1416035fe2ecc5a5a","digitalCertThumbprint":"EB0343BBE59BACBBB9470BC6C41E1A6DA13A4E73","digitalCertIssuer":"Certum Code Signing 2021 CA","digitalCertIssuedTo":"Xing Wang","storeId":"","sourceIndex":"773","avBlockList":["Bitdefender Internet Security (20240730)","COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","G DATA INTERNET SECURITY (20240730)","KasperskyPremium (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Quick Heal Internet Security (20240730)","Sophos Home Premium (20240730)","SpyHunter5 (20240730)","VIPRE Advanced Security (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)"],"avAllowList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","K7 Total Security (20240730)","McAfee Total Protection (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)","Windows Defender (20240730)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bitcomet.com/en","directDownloadingLink":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24z8ostpbuezc.cloudfront.net/2CNdqgs76AXXGtCuA3RYXeAUE8AT+l16K9DqjpgQNwNMLXSJ3FSth9f1j3jScZDEBWC4LqwjBqvR+_IfACgebiFyodsihd0xTmDPaWYOVJ3cpOLyrUXJIEkf7pLB4fAXQbULYlOt4ov1JHOJv2NMQ_tyGuaSZUuKDaUIC5oMJ2adqNMT5AAsF5rQnRkMuMUIMkbsNRQuIfjy+dmmoluPEzdTy1aQu1MvysWxnGSznYQA7ZetOgGHo+Fc6NQKI900HiqYZAri5DaNdIKRSN1kGVXf2NEVCHgE85f1TGcf8W+MIu3_miA=-GzsAAMTaOW4vgzIzDR_flR9EOQIbcOAWQaK5jTeFbR8HuZfAVOlOWxOsWs2GP4TirPxplJz0gHcLPgA=","sourceIndex":"773"}],"sampleFiles":["240102/bitcomet-220223/2.0.5.0/Samples/bitcomet_setup.exe"],"imageFiles":["240102/bitcomet-220223/2.0.5.0/Images/ACR-097/ACR-097_Software_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-042/ACR-042_Install_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-084/ACR-084_Software_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-014/ACR-014_Install_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-013/ACR-013_Install_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-013/ACR-013_Install_2.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-013/ACR-013_Install_3.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png","240102/bitcomet-220223/2.0.5.0/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":["240102/bitcomet-220223/2.0.5.0/Images/ACR-123/ACR-123.jpg","240102/bitcomet-220223/2.0.5.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"80a7b3a8-4a37-4d3d-859b-0555e4081baa_2.0.5.0_1","appID":"bitcomet-220223","dateAdded":"260209","deceptorType":"App","name":"BitComet","company":"www.BitComet.com","version":"2.0.5.0","lastKnownStatus":"1.85.1.18;1.87.0;1.98.12.8;1.99;2.0;2.0.1;2.0.2;2.0.3;2.0.4.0;2.0.5.0;2.0.6.0;2.0.7.0;2.0.8.0;2.0.9.0;2.20.1.19","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":16,"sortOrder":60},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action.\n","ACR-043":"The \"uTorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the executable \"utorrentie.exe\" \n"},"samples":[{"isRevoked":"False","fileName":"helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","companyName":"BitTorrent Inc.","fileVersion":"2.1","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1122","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uTorrent.exe-cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"dabe3bd054cd2268b23a42a49acd2ac9","hashSHA1":"0ed81ad1371eb5651e79b0e4c3fb95a45093d25a","hashSHA256":"cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1122","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe-52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e","isInstaller":"True","fileVersion":"3.6","hashMD5":"b6b16ce1d51baf68aedf62e35e9390c9","hashSHA1":"428efbd8c1a3a92eac36694ef4ed0ba76801342a","hashSHA256":"52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1122","avBlockList":["360 Total Security (20230323)","COMODO Antivirus (20230323)","Dr.Web Security Space (20230323)","ESET Internet Security (20230323)","G DATA INTERNET SECURITY (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Quick Heal Internet Security (20230323)","Sophos Home Premium (20230323)","VirIT eXplorer PRO (20230323)","Webroot SecureAnywhere (20230323)"],"avAllowList":["Avast Premium Security (20230323)","AVG Internet Security (20230323)","Avira Internet Security (20230323)","Bitdefender Internet Security (20230323)","K7 Total Security (20230323)","Kaspersky Internet Security (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","Trend Micro Internet Security (20230323)","VIPRE Advanced Security (20230323)","Windows Defender (20230323)"]},{"isRevoked":"False","fileName":"utorrentie.exe-db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110","companyName":"BitTorrent Inc.","fileVersion":"1.0","hashMD5":"ac3aa3016d9b5759376edbb332dc8954","hashSHA1":"b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e","hashSHA256":"db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110","sourceIndex":"1122","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_BE91A0635CAB8BE4952C30398671617F9E548F30451172ED0ECD416FDC0AA998.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"bb58fd279a1b991e2bebb1941bb64905","hashSHA1":"71f48cfc2ad7f6faa0cfb9b9424e5564e215a9b0","hashSHA256":"be91a0635cab8be4952c30398671617f9e548f30451172ed0ecd416fdc0aa998","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1122","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"32d10e3f8bd33033e7865fe7df34e4f4","hashSHA1":"2efcac62ad7e7c0c09b6d46c576beb051bc8a63c","hashSHA256":"8bd1de99069b6785768cdcb6f5e056e0dde3ef9d6f568d2f61f0bc63af9232eb","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1122","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows","sourceIndex":"1122"},{"howFound":"","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows","sourceIndex":"1123"}],"sampleFiles":["230504/uTorrentClassic-211215/3.6.0.46716/Samples/helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","230504/uTorrentClassic-211215/3.6.0.46716/Samples/uTorrent.exe-cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063","230504/uTorrentClassic-211215/3.6.0.46716/Samples/utorrent_installer.exe-52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e","230504/uTorrentClassic-211215/3.6.0.46716/Samples/utorrentie.exe-db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110","230504/uTorrentClassic-211215/3.6.0.46716/Samples/utorrent_installer_BE91A0635CAB8BE4952C30398671617F9E548F30451172ED0ECD416FDC0AA998.exe","230504/uTorrentClassic-211215/3.6.0.46716/Samples/utorrent_installer.exe"],"imageFiles":["230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-043/ACR-043.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-042/UtorrentWeb_042.JPG","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-048/ACR-048.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-084/ACR-084.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-097/ACR-097.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-118/ACR-118.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-013/ACR-013_1.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-013/ACR-013_2.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-013/ACR-013_3.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-013/ACR-013_4.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-060/ACR-060_1.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-060/ACR-060_2.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-060/ACR-060_3.png","230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["230504/uTorrentClassic-211215/3.6.0.46716/Images/ACR-092/ACR-092.png"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46716_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46716","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:41.298741+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":48},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"3af5988dba2e27be3402ee9c7f217407","hashSHA1":"8b289c7d4d504d00b4f2d1521038ab35ca047a50","hashSHA256":"410e099f3626ac1c89a7188ac3007e82f3a71aaf4b09250bf8476f23e9248594","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"988","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"20ca2e9b1799f4ca49a842938de2c311","hashSHA1":"c04246d5ebb3d1099e965ebeda9497d28c594956","hashSHA256":"00537e33ed066991e4a6f8d8ee76c158ee990649cf3f24c2561b2b9436742944","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"988","avBlockList":["COMODO Antivirus (20240305)","Dr.Web Security Space (20240305)","ESET Internet Security (20240305)","G DATA INTERNET SECURITY (20240305)","Kaspersky Internet Security (20240305)","Malwarebytes Premium (20240305)","Norton Security (20240305)","Panda Dome (20240305)","Sophos Home Premium (20240305)","VirIT eXplorer PRO (20240305)","Webroot SecureAnywhere (20240305)"],"avAllowList":["360 Total Security (20240305)","Avast Premium Security (20240305)","AVG Internet Security (20240305)","Avira Internet Security (20240305)","Bitdefender Internet Security (20240305)","K7 Total Security (20240305)","McAfee Total Protection (20240305)","Quick Heal Internet Security (20240305)","SpyHunter5 (20240305)","Total AV Antivirus Pro (20240305)","Trend Micro Internet Security (20240305)","VIPRE Advanced Security (20240305)","Windows Defender (20240305)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"988"}],"sampleFiles":["230712/uTorrentClassic-211215/3.6.0.46830/Samples/uTorrent.exe","230712/uTorrentClassic-211215/3.6.0.46830/Samples/utorrent_installer.exe"],"imageFiles":["230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-042/uTW-ACR-042.jpg","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-048/ACR-048.png","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-084/uTC-ACR-084.jpg","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-097/uTC-FirewallException.jpg","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-013/uTC-OptionalOffer.jpg","230712/uTorrentClassic-211215/3.6.0.46830/Images/ACR-060/uTC-OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46830_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46830","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:37.1589847+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":44},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action.\n","ACR-043":"The \"uTorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\utorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46822","fileVersion":"3.6.0.46822","hashMD5":"bcd70ed5f66717727b2d5e9fc5f5a799","hashSHA1":"fe0df86d6eea22a6d1789937df2808df14016c7e","hashSHA256":"487202c7838f14d169393913ccd6e3649400ae7367575d957861fb1bbe8a4cfb","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1048","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"1dac5d888842e537b82e984e78eda39f","hashSHA1":"772a36434b9a5e4ec8a92363e29b9b3b21fa4cf1","hashSHA256":"06dfdc5acb8bcdf9e1bcb67dd5a3b0945e111a75be9634aa1e53e5f7b106cb1d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1048","avBlockList":["COMODO Antivirus (20240502)","Dr.Web Security Space (20240502)","ESET Internet Security (20240502)","G DATA INTERNET SECURITY (20240502)","Malwarebytes Premium (20240502)","Norton Security (20240502)","Panda Dome (20240502)","Sophos Home Premium (20240502)","VirIT eXplorer PRO (20240502)","Webroot SecureAnywhere (20240502)"],"avAllowList":["360 Total Security (20240502)","Avast Premium Security (20240502)","AVG Internet Security (20240502)","Avira Internet Security (20240502)","Bitdefender Internet Security (20240502)","K7 Total Security (20240502)","Kaspersky Internet Security (20240502)","McAfee Total Protection (20240502)","Quick Heal Internet Security (20240502)","SpyHunter5 (20240502)","Total AV Antivirus Pro (20240502)","Trend Micro Internet Security (20240502)","VIPRE Advanced Security (20240502)","Windows Defender (20240502)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1048"}],"sampleFiles":["231117/uTorrentClassic-211215/3.6.0.46822/Samples/utorrent_installer.exe"],"imageFiles":["231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-043/ACR-043.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-042/ACR-042.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-048/ACR-048_Install.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-084/ACR-084.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-097/ACR-097.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-118/ACR-118.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-013/ACR-013.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-013/ACR-013_1.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-013/ACR-013_2.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-060/ACR-060.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-060/ACR-060_1.JPG","231117/uTorrentClassic-211215/3.6.0.46822/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46822_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46822","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:38.8650833+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":46},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","productName":"uTοrrent® Classic","productVersion":"3.6","fileVersion":"3.6","hashMD5":"53e2564c6672ced6626407f73a7a4823","hashSHA1":"89d4f2494b5e0d761908ebab91bfc2fa0434ba02","hashSHA256":"4143676fa02ba575e2f44974623086d3ca5ff8cf7f48ad21da4e394855fd7193","digitalCertThumbprint":"03F072F141084FFE88CF28E65258CEE35071F961","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cassini Labs Ltd, O=Cassini Labs Ltd, S=Tel Aviv, C=IL, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=514758457","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"117","avBlockList":["360 Total Security (20260428)","COMODO Antivirus (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":["Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","Dr.Web Security Space (20260428)","KasperskyPremium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"117"}],"sampleFiles":["260209/uTorrentClassic-211215/3.6.0.47142/Samples/utorrent_installer.exe"],"imageFiles":["260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-048/install2.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-084/ACR-084.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-097/ACR-097.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-097/install6.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-013/offer1.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-013/offer2.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-013/offer3.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-013/offer4.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-060/offer1.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-060/offer2.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-060/offer3.png","260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-060/offer4.png"],"nonDeceptorImageFiles":["260209/uTorrentClassic-211215/3.6.0.47142/Images/ACR-040/ACR-040.png"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47142_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47142","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:10.2706959+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":25},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action.\n","ACR-043":"The \"uTorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"8cdc1930f5f11ad16f68daeb94c8cb17","hashSHA1":"5cb6fba98ba9af7baf552d1ea00ea6b8e8777df0","hashSHA256":"eae4e7436085d7a10cb8c90a75284ea9dcd9602e034f501ff36203fa74a8fce8","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1093","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"20ca2e9b1799f4ca49a842938de2c311","hashSHA1":"c04246d5ebb3d1099e965ebeda9497d28c594956","hashSHA256":"00537e33ed066991e4a6f8d8ee76c158ee990649cf3f24c2561b2b9436742944","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1093","avBlockList":["COMODO Antivirus (20240305)","Dr.Web Security Space (20240305)","ESET Internet Security (20240305)","G DATA INTERNET SECURITY (20240305)","Kaspersky Internet Security (20240305)","Malwarebytes Premium (20240305)","Norton Security (20240305)","Panda Dome (20240305)","Sophos Home Premium (20240305)","VirIT eXplorer PRO (20240305)","Webroot SecureAnywhere (20240305)"],"avAllowList":["360 Total Security (20240305)","Avast Premium Security (20240305)","AVG Internet Security (20240305)","Avira Internet Security (20240305)","Bitdefender Internet Security (20240305)","K7 Total Security (20240305)","McAfee Total Protection (20240305)","Quick Heal Internet Security (20240305)","SpyHunter5 (20240305)","Total AV Antivirus Pro (20240305)","Trend Micro Internet Security (20240305)","VIPRE Advanced Security (20240305)","Windows Defender (20240305)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1093"}],"sampleFiles":["230522/uTorrentClassic-211215/3.6.0.46812/Samples/uTorrent.exe","230522/uTorrentClassic-211215/3.6.0.46812/Samples/utorrent_installer.exe"],"imageFiles":["230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-043/ACR-043.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-042/ACR-042.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-048/ACR-048.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-084/ACR-084.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-097/ACR-097.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-118/ACR-118.jpg","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-013/ACR-013_1.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-013/ACR-013_2.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-013/ACR-013_3.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-013/ACR-013_4.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-060/ACR-060_1.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-060/ACR-060_2.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-060/ACR-060_3.png","230522/uTorrentClassic-211215/3.6.0.46812/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46812_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46812","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:40.3759649+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":47},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"0f3833784a4b1164b2654cdfb2a00a2a","hashSHA1":"3fe8b8253304e68d868d164d5518a81a6092832f","hashSHA256":"0f7324b1091f11f9736af020396f1fe92f5dea8c414c278cc9a82c9b5ee310cd","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"560","avBlockList":["COMODO Antivirus (20240926)","ESET Internet Security (20240926)","FortectPremium (20240926)","K7 Total Security (20240926)","Malwarebytes Premium (20240926)","Norton Security (20240926)","Panda Dome (20240926)","Quick Heal Internet Security (20240926)","Sophos Home Premium (20240926)","VirIT eXplorer PRO (20240926)","Webroot SecureAnywhere (20240926)"],"avAllowList":["360 Total Security (20240926)","Avast Premium Security (20240926)","AVG Internet Security (20240926)","Avira Internet Security (20240926)","Bitdefender Internet Security (20240926)","Dr.Web Security Space (20240926)","G DATA INTERNET SECURITY (20240926)","KasperskyPremium (20240926)","McAfee Total Protection (20240926)","SpyHunter5 (20240926)","Total AV Antivirus Pro (20240926)","Trend Micro Internet Security (20240926)","VIPRE Advanced Security (20240926)","Windows Defender (20240926)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"560"}],"sampleFiles":["240904/uTorrentClassic-211215/3.6.0.47134/Samples/utorrent_installer.exe"],"imageFiles":["240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-048/ACR-048.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-084/ACR-084.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-097/ACR-097.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-097/ACR-097_1.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-014/ACR-014.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-013/ACR-013.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-013/ACR-013_1.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-013/ACR-013_2.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-060/ACR-060.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-060/ACR-060_1.PNG","240904/uTorrentClassic-211215/3.6.0.47134/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47134_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47134","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:23.9138819+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":27},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"7174ae30213a326a3f4432d6b6bb22e7","hashSHA1":"0457c2ef808dc7b3fb754fb38bc2eb8c9d14c025","hashSHA256":"8ab20cbadcfa1a328d008aa55abf411113f2b337460ade881a86b63434c6784b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"584","avBlockList":["COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Sophos Home Premium (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)"],"avAllowList":["360 Total Security (20240905)","Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","Bitdefender Internet Security (20240905)","KasperskyPremium (20240905)","Quick Heal Internet Security (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)","Windows Defender (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"584"}],"sampleFiles":["240724/uTorrentClassic-211215/3.6.0.47132/Samples/utorrent_installer.exe"],"imageFiles":["240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-048/ACR-048.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-084/ACR-084.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-097/ACR-097.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-097/ACR-097_1.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-014/ACR-014.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-013/ACR-013.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-013/ACR-013_1.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-013/ACR-013_2.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-060/ACR-060.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-060/ACR-060_1.PNG","240724/uTorrentClassic-211215/3.6.0.47132/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47132_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47132","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:24.6663483+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":28},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Opera and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\utorrent\"\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"33a2963469ec9693d7ebe822cbb98923","hashSHA1":"e7f491d79181b233589c9a39d2ee2faff37d50e0","hashSHA256":"17839640a8ddf47631b6ec8a9006d8fcd2989c5eb6b07d593c27f8e5354b4779","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"602","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240403.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"e024600dee53b393ffd12f38d557c2a3","hashSHA1":"e1ba663ce7d5e5704e85e256fc0f46004a9a6275","hashSHA256":"63528c3c3f8fc6e7f6e1943f574d77b87db7f48a53c8b962594ccb902d4787d9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"602","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240408.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"74af8631c70917bcb96c6fd8c2258d3a","hashSHA1":"2fd08435672b95cc5afdf2d514576642e8e6364c","hashSHA256":"42fc76e61a4e655b4dbbb7a64d5513b6686aa251d049cdc3fcc4e274653f3346","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"602","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240412.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"396aac3fcea1330cccef94f4bec291c0","hashSHA1":"0685f86468e8822e6c479f695dffd31f167fbea5","hashSHA256":"0bedc580034d83b3eb8ad3924fa004d2304b50fffe1bb05201a40b236ff5a4f8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"602","avBlockList":["COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","ESET Internet Security (20240425)","K7 Total Security (20240425)","Malwarebytes Premium (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Quick Heal Internet Security (20240425)","Sophos Home Premium (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)"],"avAllowList":["360 Total Security (20240425)","Avast Premium Security (20240425)","AVG Internet Security (20240425)","Avira Internet Security (20240425)","Bitdefender Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","Kaspersky Internet Security (20240425)","McAfee Total Protection (20240425)","SpyHunter5 (20240425)","Total AV Antivirus Pro (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","Windows Defender (20240425)"]},{"isRevoked":"False","fileName":"utorrent_installer_240415.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"7a0fe04d498b149fa2a7d223b80bd629","hashSHA1":"5d6d9752131f9dc3ade527da4919a43c4d8d32df","hashSHA256":"2ba900dabd9eb1c0f29dccea9b66b630bc49926962d64b049c1c115557413e69","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"602","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240416.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"d4941a9f883722f1459fece9ca03b904","hashSHA1":"9afe8659552d8120cafe9f938f58edbbc0f64133","hashSHA256":"332157bc76c5508a2b160c1f64d256c6b4cad7f1c760e7119d9582c280802bb5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"602","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"utorrent_installer_240417.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b5fa06324d1b8919b58151ef420c236f","hashSHA1":"159556c5ff9f803d875710be471ecd74842b812e","hashSHA256":"7a606a51732f9d32db14b83cbd0e9acb3ef259a41ef7a901111c8c35b0f5b0ba","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"602","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent apps","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"602"}],"sampleFiles":["240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240403.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240408.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240412.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240415.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240416.exe","240710/uTorrentClassic-211215/3.6.0.47044/Samples/utorrent_installer_240417.exe"],"imageFiles":["240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-048/ACR-048.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-084/ACR-084.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-097/ACR-097.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-097/ACR-097_1.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-014/ACR-014.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-013/ACR-013.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-013/ACR-013_1.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-013/ACR-013_2.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-060/ACR-060.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-060/ACR-060_1.PNG","240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240710/uTorrentClassic-211215/3.6.0.47044/Images/ACR-040/ACR-040.PNG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47044_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47044","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:25.2386741+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":29},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"8d45f745fd212a1dfbbfc783a706ab8e","hashSHA1":"cf89a73dc31a7b4067813614637c07fc7cad3f59","hashSHA256":"e35405541af5d416731399068c523c10757865f3336c9ac30aaca55c41dbc83e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"603","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","G DATA INTERNET SECURITY (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Quick Heal Internet Security (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"utorrent_installer_240612.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"9f35423b1698acbf25cc8b82c39dbb99","hashSHA1":"8227ca3647a3bf48486d7c29b9051dfceffa9cc7","hashSHA256":"d5d1d982868e25d037e85b3e6f314b93b8deddf49cbc58dc1234ff77a9c953ee","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"603","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"603"}],"sampleFiles":["240710/uTorrentClassic-211215/3.6.0.47116/Samples/utorrent_installer.exe"],"imageFiles":["240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-048/ACR-048.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-084/ACR-084.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-097/ACR-097.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-097/ACR-097_1.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-014/ACR-014.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-013/ACR-013.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-013/ACR-013_1.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-013/ACR-013_2.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-060/ACR-060.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-060/ACR-060_1.PNG","240710/uTorrentClassic-211215/3.6.0.47116/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47116_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47116","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:25.2694161+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":30},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"8d45f745fd212a1dfbbfc783a706ab8e","hashSHA1":"cf89a73dc31a7b4067813614637c07fc7cad3f59","hashSHA256":"e35405541af5d416731399068c523c10757865f3336c9ac30aaca55c41dbc83e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"604","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","G DATA INTERNET SECURITY (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Quick Heal Internet Security (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"utorrent_installer_240628.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"9c99e3d89ed936f9f1a5d188c01f7482","hashSHA1":"b86e22b9595f07b75dff4e69c8d3e197f9cc2210","hashSHA256":"3db942b9d3f84e5060f143c81507aab2438b34d963cbd5cab5bbac882ffe6d8e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"604","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240708.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"2e0e51db33a8ef5ec10539c806308daf","hashSHA1":"f8d310591eddad6ba37d2c406a547796ca37f02b","hashSHA256":"d16735903e6c843d95d06d053bbccfec9c3a14db81843d7832f1acaaf5eb1792","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"604","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"604"}],"sampleFiles":["240710/uTorrentClassic-211215/3.6.0.47124/Samples/utorrent_installer.exe","240710/uTorrentClassic-211215/3.6.0.47124/Samples/utorrent_installer_240628.exe","240710/uTorrentClassic-211215/3.6.0.47124/Samples/utorrent_installer_240708.exe"],"imageFiles":["240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-048/ACR-048.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-084/ACR-084.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-097/ACR-097.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-097/ACR-097_1.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-014/ACR-014.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-013/ACR-013.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-013/ACR-013_1.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-013/ACR-013_2.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-060/ACR-060.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-060/ACR-060_1.PNG","240710/uTorrentClassic-211215/3.6.0.47124/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47124_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47124","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:25.3043745+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":31},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"d4941a9f883722f1459fece9ca03b904","hashSHA1":"9afe8659552d8120cafe9f938f58edbbc0f64133","hashSHA256":"332157bc76c5508a2b160c1f64d256c6b4cad7f1c760e7119d9582c280802bb5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"608","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"utorrent_installer_240515.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"48db35671de4f4fe63aa341f2bd90eeb","hashSHA1":"9cdb5024afc401b738e0806f261a5027dd49c19b","hashSHA256":"ff25cde64e92f138d469b752293da73b1aa0522d3bb652b8cde1a01e69b95e27","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240517.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"861b23631cd7b9581535bd9ca1c313d7","hashSHA1":"597e690b1309fc8dc804f05e3bc27d31f1f3b525","hashSHA256":"d7af1757ebcf2e517de9947d4263693029089765ab87593c1d0a80561cc42b6a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240528.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"83d572275156dca460def6ba25947e4a","hashSHA1":"27f74b95191c801e7406bd8db017b2a7ae6bad31","hashSHA256":"8c06956cdb67fdc1b9348f8d4a06875593244058b2351b6a1c0d6f48e5378703","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240530.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"8d45f745fd212a1dfbbfc783a706ab8e","hashSHA1":"cf89a73dc31a7b4067813614637c07fc7cad3f59","hashSHA256":"e35405541af5d416731399068c523c10757865f3336c9ac30aaca55c41dbc83e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","G DATA INTERNET SECURITY (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Quick Heal Internet Security (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"utorrent_installer_240530_1.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"983b3a88637f0c02e0f55cd7d9024615","hashSHA1":"a29089a3406388e5d8cf16c62e4fc7abc2840f6e","hashSHA256":"fdd5144c7fa98d643b55d079d1ab23832db70ab86ec926ed4ee2a635933a692e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240603.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"03f2c905b39d7875c1546ed80d2721ed","hashSHA1":"e818f038bbac5881e90ea0db135274a35afd312b","hashSHA256":"3aa42db59956138589269111173d6d12ef1aa663539198c83719fb9983339293","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240611.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"5171f0f3f82a8963ab853d896d352ce5","hashSHA1":"9731f833609a9963962c39144b2e88fedfe4304e","hashSHA256":"440e04319a8b4a9c9ab1277b8ea26b30c7a1e7f4f69b4e0e0982ea977847926e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"608","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"608"}],"sampleFiles":["240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240515.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240517.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240528.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240530.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240530_1.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240603.exe","240709/uTorrentClassic-211215/3.6.0.47084/Samples/utorrent_installer_240611.exe"],"imageFiles":["240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-048/ACR-048.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-084/ACR-084.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-097/ACR-097.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-097/ACR-097_1.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-014/ACR-014.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-013/ACR-013.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-013/ACR-013_1.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-013/ACR-013_2.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-060/ACR-060.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-060/ACR-060_1.PNG","240709/uTorrentClassic-211215/3.6.0.47084/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47084_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47084","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:25.5178743+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":32},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Opera and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"0db5265e17f515ce4e94a49569511179","hashSHA1":"11cdc8ca1d922df75e707646e672a6a1a411ff8e","hashSHA256":"3a86fc570139bbcd849fd647754b24fa9b94a2e31b3f04e98f494be9940e7bb0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"639","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240509.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b868c4bb1ab9fd8030589ecb115743d5","hashSHA1":"6c1c6aec5f62498c3e1fb091377347a431053772","hashSHA256":"500ea933a87376b3e3c455bc516b421f19ec307cfcfbec09bd53370e2c08f051","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"639","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent apps","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"639"}],"sampleFiles":["240521/uTorrentClassic-211215/3.6.0.47082/Samples/utorrent_installer.exe","240521/uTorrentClassic-211215/3.6.0.47082/Samples/utorrent_installer_240509.exe"],"imageFiles":["240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-042/ACR-042.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-048/ACR-048.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-084/ACR-084.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-097/ACR-097.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-097/ACR-097_1.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-014/ACR-014.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-013/ACR-013.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-013/ACR-013_1.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-013/ACR-013_2.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-060/ACR-060.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-060/ACR-060_1.PNG","240521/uTorrentClassic-211215/3.6.0.47082/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47082_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47082","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:26.6173658+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":33},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Opera and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"396aac3fcea1330cccef94f4bec291c0","hashSHA1":"0685f86468e8822e6c479f695dffd31f167fbea5","hashSHA256":"0bedc580034d83b3eb8ad3924fa004d2304b50fffe1bb05201a40b236ff5a4f8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"640","avBlockList":["COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","ESET Internet Security (20240425)","K7 Total Security (20240425)","Malwarebytes Premium (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Quick Heal Internet Security (20240425)","Sophos Home Premium (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)"],"avAllowList":["360 Total Security (20240425)","Avast Premium Security (20240425)","AVG Internet Security (20240425)","Avira Internet Security (20240425)","Bitdefender Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","Kaspersky Internet Security (20240425)","McAfee Total Protection (20240425)","SpyHunter5 (20240425)","Total AV Antivirus Pro (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","Windows Defender (20240425)"]},{"isRevoked":"False","fileName":"utorrent_installer_240423.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"7a0fe04d498b149fa2a7d223b80bd629","hashSHA1":"5d6d9752131f9dc3ade527da4919a43c4d8d32df","hashSHA256":"2ba900dabd9eb1c0f29dccea9b66b630bc49926962d64b049c1c115557413e69","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240425.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"d4941a9f883722f1459fece9ca03b904","hashSHA1":"9afe8659552d8120cafe9f938f58edbbc0f64133","hashSHA256":"332157bc76c5508a2b160c1f64d256c6b4cad7f1c760e7119d9582c280802bb5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"utorrent_installer_240426.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"0db5265e17f515ce4e94a49569511179","hashSHA1":"11cdc8ca1d922df75e707646e672a6a1a411ff8e","hashSHA256":"3a86fc570139bbcd849fd647754b24fa9b94a2e31b3f04e98f494be9940e7bb0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"640","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"640"}],"sampleFiles":["240521/uTorrentClassic-211215/3.6.0.47062/Samples/utorrent_installer.exe","240521/uTorrentClassic-211215/3.6.0.47062/Samples/utorrent_installer_240423.exe","240521/uTorrentClassic-211215/3.6.0.47062/Samples/utorrent_installer_240425.exe","240521/uTorrentClassic-211215/3.6.0.47062/Samples/utorrent_installer_240426.exe"],"imageFiles":["240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-042/ACR-042.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-048/ACR-048.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-084/ACR-084.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-097/ACR-097.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-097/ACR-097_1.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-014/ACR-014.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-013/ACR-013.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-013/ACR-013_1.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-013/ACR-013_2.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-060/ACR-060.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-060/ACR-060_1.PNG","240521/uTorrentClassic-211215/3.6.0.47062/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47062_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47062","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:26.6487033+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":34},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","productName":"uTοrrent® Classic","productVersion":"3.6","fileVersion":"3.6","hashMD5":"53e2564c6672ced6626407f73a7a4823","hashSHA1":"89d4f2494b5e0d761908ebab91bfc2fa0434ba02","hashSHA256":"4143676fa02ba575e2f44974623086d3ca5ff8cf7f48ad21da4e394855fd7193","digitalCertThumbprint":"03F072F141084FFE88CF28E65258CEE35071F961","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cassini Labs Ltd, O=Cassini Labs Ltd, S=Tel Aviv, C=IL, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=514758457","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"119","avBlockList":["360 Total Security (20260428)","COMODO Antivirus (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":["Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","Dr.Web Security Space (20260428)","KasperskyPremium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"119"}],"sampleFiles":["260209/uTorrentClassic-211215/3.6.0.47228/Samples/utorrent_installer.exe"],"imageFiles":["260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-048/install2.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-084/ACR-084.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-097/ACR-097.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-097/install6.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-013/offer1.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-013/offer2.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-013/offer3.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/ACR-060.PNG","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/ACR-060_2.PNG","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/offer1.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/offer2.png","260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-060/offer3.png"],"nonDeceptorImageFiles":["260209/uTorrentClassic-211215/3.6.0.47228/Images/ACR-040/ACR-040.png"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47228_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47228","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:10.3320309+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":26},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing the system browser default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\utorrent\"\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"94f118546dcd976a53c33b90d5c1950c","hashSHA1":"4470a6f4e215bc54ea812a3f306bca31fc928385","hashSHA256":"81d480f48a5b36510f6473055a1e43778fee8b04990f0be1debd927ca4a0cf9b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"707","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240304.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"3c3235a0150976f5005e3a2cd0c37599","hashSHA1":"13990458334cad615f0158781663c860c8e15ad0","hashSHA256":"ba446a4d7bc5fff2c0f161eec08b7ff0c517e31de809c7cb4ded06f6c83e75dd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"707","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240305.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"d21ba702cbf98a4c6492bef0cb73fd7e","hashSHA1":"31a48265a2a6f2cd9479a7c495e63d500568bd28","hashSHA256":"c47613f7eec1bbf8a562b01b48a3bd9910abf2de1276a3e1d743307350dfb8c5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"707","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240306.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"3d1d6054f7dd295d65b34ab868744eca","hashSHA1":"37de23546ddd5e1f84243cfeba39b5dfd33f0802","hashSHA256":"4a8cdaed980850edfcbbf7aaffb1bb6264f58a00c9d2358d24bd6ceb312997f7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"707","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240307.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b04400605900af1b738f740f7a5df6ac","hashSHA1":"8cdfb00e64efddb751e42fa7c2a45c6bd0da5072","hashSHA256":"53684f5cabf37edf5acfd4d490f208b1f3882cd97f847d897d0301ed974acf69","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"707","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240308.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"1bf1c11f98955872a83f74c9e1c38792","hashSHA1":"b74909e5888c9ccef21545505280116f81791c49","hashSHA256":"703926b0b33019b24db8fbf1e2da266b4b7eea4a0eec8de43c75b1f4690bc2a8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"707","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240311.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"c48ce3b5996267593434038ccddaefc0","hashSHA1":"c3623f6f6cdec02c0bd9c9b2cb7cab011e78018b","hashSHA256":"956e8f82345eec669d1569e053d25a4a41f23fcc7de296f673b3ef6b09f4cf3c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"707","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240318.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"090bf850327900a66e6105aef14f4958","hashSHA1":"60b3e8e1bf3e0a5959eee53aeca300e5aba26046","hashSHA256":"5a3a8a7069f5d5894a3582a74a7f8c788a49528469590633360af0a90ddd6e1b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"707","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"707"}],"sampleFiles":["240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240304.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240305.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240306.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240307.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240308.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240311.exe","240319/uTorrentClassic-211215/3.6.0.47016/Samples/utorrent_installer_240318.exe"],"imageFiles":["240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-042/ACR-042.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-048/ACR-048.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-084/ACR-084.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-097/ACR-097.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-014/ACR-014.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-013/ACR-013.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-013/ACR-013_1.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-013/ACR-013_2.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-060/ACR-060.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-060/ACR-060_1.PNG","240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240319/uTorrentClassic-211215/3.6.0.47016/Images/ACR-040/ACR-040.PNG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47016_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47016","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:28.4853524+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":36},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing the system browser default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\utorrent\"\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"eead5c2817233a3c3fbdd1789c16fe1a","hashSHA1":"e76e4102b7c005db3cd6a010d7177354d5dbdf6d","hashSHA256":"22080d6bf5cf92a27d0fb9335e1e33b54e81308eeb5abb9bca2bbc71a294073f","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"729","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240220.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"a4a1083c41a4eb6f683771a60f28280d","hashSHA1":"79cc68653eae69932c687fab620764b62777ae17","hashSHA256":"63649fdb6ee8daeede18a9849acdcd05186b30bc72df11ed8d7482e52a738c8d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"729","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"729"}],"sampleFiles":["240220/uTorrentClassic-211215/3.6.0.47012/Samples/utorrent_installer.exe","240220/uTorrentClassic-211215/3.6.0.47012/Samples/utorrent_installer_240220.exe"],"imageFiles":["240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-042/ACR-042_Install_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-048/ACR-048_Install_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-084/ACR-084_Software_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-097/ACR-097_Software_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-014/ACR-014_Bundler-made offers_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-013/ACR-013_Install_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-013/ACR-013_Install_2.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240220/uTorrentClassic-211215/3.6.0.47012/Images/ACR-040/ACR-040_Install_1.png"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47012_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47012","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:29.5085093+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":37},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-014":"The accept/decline option is overloaded and unfair to the user. It includes acceptance for installing Norton secure browser implying agree EULA/PP and also agree to AVG secure browser making itself the default browser. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"3c3235a0150976f5005e3a2cd0c37599","hashSHA1":"13990458334cad615f0158781663c860c8e15ad0","hashSHA256":"ba446a4d7bc5fff2c0f161eec08b7ff0c517e31de809c7cb4ded06f6c83e75dd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer-240202.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"dbda5d0d08f61a77db95659dc797c255","hashSHA1":"6188da349212563e0f432dc895fd91c42c2cff76","hashSHA256":"545594727c3f69a4bcfe1530e08ce71099b46ee45345ecd06a5f59fe01c5f9ff","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240205.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"6ec940ea71598acdfbfc4e3dab3da2e9","hashSHA1":"703155b21a278a24caebfffa6207f76715aa5264","hashSHA256":"83f2135230b8546a83f508033d6f4a81080593553720f7b609648f815eae972c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240207.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"345ca03d5b299e48de5e93cbf922a965","hashSHA1":"66bc5c8f208259a2dc1e71bae11ad6e8f4461cdf","hashSHA256":"e7809ffec2acd4452b85fe76b53bad1d58d9bcb37df420aaa9081a632ae34cf5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240208.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"29c3dfdbbb9b95a9d901d80cb3e8933a","hashSHA1":"33ffb0a515a3c0d51160da06fc4dbdfb3ae12224","hashSHA256":"2481997987211a3d289aac00d420dc27c848b51fb353f6acb5136b37373b4b1e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240213.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"45d17e66df0ce56b1b7a31a41118d559","hashSHA1":"11c6aa868842ceef67a40efaf1cc45c09e067717","hashSHA256":"8faf81c8634fa0f001ea69a5180343ed9c7215e2e7c9ea161f93b0607e24f774","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"734","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"734"}],"sampleFiles":["240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer-240202.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer_240205.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer_240207.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer_240208.exe","240213/uTorrentClassic-211215/3.6.0.47006/Samples/utorrent_installer_240213.exe"],"imageFiles":["240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-048/ACR-048.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-084/ACR-084.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-097/ACR-097.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-014/ACR-014.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-013/ACR-013.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-013/ACR-013_1.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-013/ACR-013_2.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-060/ACR-060.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-060/ACR-060_1.PNG","240213/uTorrentClassic-211215/3.6.0.47006/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47006_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47006","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:29.6726683+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":38},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\utorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46922","fileVersion":"3.6.0.46922","hashMD5":"c020799e4ab5e3266ad6a6e20127e948","hashSHA1":"84125e94ab4a13e0afad5fc7301176d025de4963","hashSHA256":"a3eb4ccb3265575ecad27583ba614c5d4c4c7436948eb1cfb0b6d326444f445d","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"67b187d5806de105737b68b208c07d64","hashSHA1":"513e7cb5c37057e1a64ae1682f22f8bbd5ae2608","hashSHA256":"26c3f51a34b8a7d6745a02b8b8ed4cd9d89c514da0803a03b95fa799b408e592","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"757","avBlockList":["COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","Malwarebytes Premium (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","McAfee Total Protection (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","Trend Micro Internet Security (20240116)","VIPRE Advanced Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"utorrent_installer_231114.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"aa0690e11e7608867c447fb8cf63c12c","hashSHA1":"2abdc50620015a9ef0ebbc0cbaee416fa30feacf","hashSHA256":"9a8644a7877f73fce9429139eb8f6efbb17951cac99f26f8bea2cdfec6ab6390","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231116.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"ab6e0ebc02985a49a54a2e7141d68497","hashSHA1":"dd25faeba53daf84537919b919a4e9bc7e05d0b0","hashSHA256":"cb1f1f0e42cb0fea9ef6daf6824201dafbd9578c9de2972d5a09379c6ab88f81","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231116_2.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"ef1ad54515af77ac27ba9db55eef7804","hashSHA1":"2c186e06ccc0d73009e3cd6c2a9d191714650e46","hashSHA256":"f846dc0d2021ca20410d3573646ad52841ae552b5aceedf6544611def2d3cd95","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231117.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"fc078a86fab736ba9de5553a8a8bcc77","hashSHA1":"3c4d54b0d478d50b5222ed54ecf1ff8a35ae5fcf","hashSHA256":"6d602a9b75bd60734a4f145c939d0abe9c1fff20e578230978e4da074909083e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231120.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"73b09509e8783cbb34b09102f56b1056","hashSHA1":"044f589fc3e8a2b61fadb26823d166277de2ab81","hashSHA256":"eecab1911054f1aa686690e9cdaf172bbae99155315fc0805c6e56cd73090e1a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231124.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b7cbeb0925eaa93b45a325fba43d1e86","hashSHA1":"0c31e3e3a932b6e193677829c66a822a98118785","hashSHA256":"2e8af26bf2352741294f6f62ad41c3e2e60611426aac9a366b3d851f49adde17","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231204.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"a6dccdb6942893fac055afc339199969","hashSHA1":"ca619e10c38518d5dc3a9adae70ead1bf5734947","hashSHA256":"39464336e7b61605247482c084081f3838cd1a775f71059ab85e4696a63e072a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231211.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"46ceef5dc87844f8886565558f5d9298","hashSHA1":"023f4fb576f508deed1eacbad079436623554aa4","hashSHA256":"8342e14108941bdbde009b546d29ffc86eb8c585d21362cfdceb76b0624bce2b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231226.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"3046354d9e8ac93f3b02ef77413dbf56","hashSHA1":"2fa1e46a6b66c18b5f42c90123be83dbbc294b0a","hashSHA256":"a7d0054f0a6191ed7cb67a340c147706391e8b2a2988f0f32e13655212b2f6ec","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240103.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"8051da7ebe132b533d441a85275a1137","hashSHA1":"78311cb2fc0eb93e8a49f63d16cad138e698d494","hashSHA256":"6a5bd8fde9d1d3e3d04703c4961059028cd732f07ccb828c1a48f7c693844289","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240109.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"e55ccfafdd417a86f8483a60d19661c7","hashSHA1":"efda3e3b9cf759dc13d001118982759173a98998","hashSHA256":"36addc7c555a20a762034d9a66090b24bf3c947cfa2a4ee127f3203de514f376","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_220124.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"7f0ca732f8d9a986a12e97719b16ef5d","hashSHA1":"ee9190f43130d058f9edabf621ad8cfc48320d49","hashSHA256":"a54ed9aae3b17132368483443cf2733fd2ed026b9c3c58c71efaebe2eaa60fdf","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"757","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.utorrent.com/desktop/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"757"}],"sampleFiles":["240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231114.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231116.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231116_2.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231117.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231120.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231124.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231204.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231211.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_231226.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_240103.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_240109.exe","240122/uTorrentClassic-211215/3.6.0.46922/Samples/utorrent_installer_220124.exe"],"imageFiles":["240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-048/ACR-048.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-084/ACR-084.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-097/ACR-097.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-097/ACR-097_1.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-013/ACR-013.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-013/ACR-013_1.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-013/ACR-013_2.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-060/ACR-060.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-060/ACR-060_1.PNG","240122/uTorrentClassic-211215/3.6.0.46922/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46922_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46922","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:30.5173856+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":39},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\utorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46896","fileVersion":"3.6.0.46896","hashMD5":"0f7cbaee2280137bc1eef881d0d4e54a","hashSHA1":"ca8346bb5cbfda7d80bf7d427eaa870379bfbca9","hashSHA256":"2d44a0822c6c2d4344f6312afa06fdbde9b037c3327c877cbb3991e0158f39c8","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer(1).exe","isInstaller":"True","companyName":"                                                            ","productName":"սTorrent® Classic                                           ","productVersion":"3.6                                              ","fileVersion":"3.6                 ","hashMD5":"1f1a1cafa0da782af80743369b9233cf","hashSHA1":"040d2b1cce6e76cef1429a930bb8968657a31df1","hashSHA256":"05a297fd31d2b6bf5d0663a7fed0af3063d5d55e9e90848a5fd1d91def8f8864","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"սTorrent® Classic                                           ","productVersion":"3.6                                        ","fileVersion":"3.6                 ","hashMD5":"ef6b9483b38313737d3c2609678b7472","hashSHA1":"7f884d395063a812274d8a191560ef9803868de9","hashSHA256":"1ed1df7e5d38af3049a6bdd75c477eba98adc7439cebbdf0925ee6ec66e5f579","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230906.exe","isInstaller":"True","productName":"սTorrent® Classic ","productVersion":"3.6     ","fileVersion":"3.6","hashMD5":"8399e2328e74253f7d5ae6293840d954","hashSHA1":"e2054432a188315d45f41c5e4adf1871b8d19458","hashSHA256":"b628a28046502aeb3befc908c4383341d2a5164baf8a86dfd7e92a3ec23ef11d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230911.exe","isInstaller":"True","productName":"սTorrent® Classic ","productVersion":"3.6      ","fileVersion":"3.6","hashMD5":"24873e12c53a4983bfe08a3a7e728b98","hashSHA1":"a0cd0088d4b6d9871de0548ab0e5ae529bd4e1e2","hashSHA256":"36970dbd0d6cb7b9760770926850426c887097b56c0a2981d32dc04906cf2fc4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_20230915.exe","isInstaller":"True","productName":"սTorrent® Classic ","productVersion":"3.6    ","fileVersion":"3.6","hashMD5":"ed544e6ea3621f4319a20c605eacead7","hashSHA1":"c37f721e40ff361c84fe53acb0af92cd477d7c86","hashSHA256":"473dbb7eed7b449cdfa88d6da1ec9def38735b42df35c27946198241bd851e8c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230921.exe","isInstaller":"True","productName":"սTorrent® Classic ","productVersion":"3.6","fileVersion":"3.6","hashMD5":"dfc853f7ec73a8c52c9c2df90e30d6bf","hashSHA1":"d65b9efe154f926f36bec6bc961ab34dd7859d36","hashSHA256":"9d89c75cd52bb2d0651198593b2b1308af0b82ca6ed5fb7c6751cc4e00d31460","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230926.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"44fc758fc8fed55fa446dae56f1b7740","hashSHA1":"c0a7ff529b3ed72d39167d4dbd6acb367f6b3045","hashSHA256":"f92e8743c4674165f588e70310da3ef3bc42e41fac381a670144cd69572c437f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_20230927.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"e1744dcc84dc5f17652c15680b7121c0","hashSHA1":"b0222f5d8ad9168ed465619c22d3b4499dc5d90d","hashSHA256":"9584b8bda42e6f152469a0b41f5586f914bc47282854e259be60797f5bf27e6c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer-230928.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"2078c7554890965eef4361435675a2cd","hashSHA1":"98095e10419a6ac755e750726f277b3f6de01b50","hashSHA256":"3cb861435233bec656c60489505da7399c5e0a3da1232d7892f165aa3d5e7341","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231006.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"71a16676ec3fb40245ee30f16ae46ec1","hashSHA1":"f07a865e21ba9ccfab1b2aa8877a75c6c5efcdc8","hashSHA256":"054b91b15d05e78737dc5687dbc2a9b5eb2a45ae762abbc47cfb1dacc3506b77","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231009.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"5d00cddbfd3ae7096c6de6e2ce56f1e5","hashSHA1":"75c97f99367b6178f73f002fc8391839816f833f","hashSHA256":"7276470191fe225dd91e1df8a8ca1e1396defd1a7f27fd639cff02afee61c2a2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231010.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"95c9ac27c4da2f93e0a258ef16b4bf64","hashSHA1":"263454da69fe11727f771dda238aeca39166a721","hashSHA256":"5e2790ad3a6462ab9411c684829b731b9dee5979367f387bd84c126c2e6ffb02","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231011.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"7873cffaa5a4a1deec11690341f18d85","hashSHA1":"b71f4a02205b062b9f7ebf881c33c66d800c143d","hashSHA256":"4257f8d198adca33eba549b046c4fbdd5f51f1c1e5b6dfe471e7413c1ff2001a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231013.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"5a2fdb84e881fd6a1dcc166b7a0725e8","hashSHA1":"428a4d68907af71a639cd4cb1663607044a4b588","hashSHA256":"ac26d1dd6eb1bff14d9f7478d481fb258247d466c24afaa722123c28bcfb505e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231026.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"4292c361e0ea84c90b4dae362893644d","hashSHA1":"7d173dbaca15e37d3200e0baeb2aeac3fa4937d9","hashSHA256":"bed4e9300a65bbb9dacfdf81f64efb028af8f5094e9b7dd08ecd266e593d9949","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231027.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"3135dfabb3895d8f03a28741fb8b4154","hashSHA1":"3e736faf75f24f78589ce1f8173ddeadb1463417","hashSHA256":"8b2d71292196a2766a9e048ba1679304afdfe148f1e2701897a1143c8abfafcf","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231030.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"05e1477d0dd91b950498238157cb34aa","hashSHA1":"7e6b3ff90d6b21320891b2b753f927f191378da2","hashSHA256":"1928388abe512b1d6aa3e36e977ebdd4a2c3f7ffbcfb0384e86cde15c8b04914","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231031.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"8b40fc93fa4d9b94d36dab52cbb51317","hashSHA1":"f123a10a586e39b74115ced13914dcb4510b95dd","hashSHA256":"e7d55a4ea4472c9819af3c2a95a104ab5e2e6a6d495df858f741e8b7b4f38a45","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231102.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"1d702952115ecf752427454cd1b65810","hashSHA1":"48feba3d5c24515ae82f7343c16b18bd7bafa6f8","hashSHA256":"422c3bb360ad4f2183db9abe0a63234b726d0c1430d985b0b4f49c635b858334","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231102_1.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"f2facf534cd47d9d1c6f391800838dd7","hashSHA1":"c3126ad97d3c47f51a6ecf57069a7d588d467be3","hashSHA256":"45efafc45926bb49fa71a69c07aeb91cec123a54b5c72a8b0db7071260404d8b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231103.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"2db36de684d52a5cc5a8d5ab41cf1f18","hashSHA1":"28e8f558d235726e42857f73cefab8238bcdf502","hashSHA256":"b23f95f86438901381a5358f4d2deb231028809a51eebaabece2a1e63fab5fda","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_1.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"e5d745db94173861a93a716ca796eeca","hashSHA1":"a808f2e19c08428ffb9afbda895e3ca5cbbf173b","hashSHA256":"6f96d0ff7cc53df3a68dc7f9765c1652b12f44019b3db9f4a07b51efe4bf07e2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_231108.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"bf04a91d35214c2a1f64e195e6c16749","hashSHA1":"fbc9c02c2f5c1027de146585ff6769bbc119d57b","hashSHA256":"cac79f6d81eabf3f0711b87edb9ffbeeaf269c64800f33143af8909904986731","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"804","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"804"}],"sampleFiles":["231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer(1).exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_230906.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_230911.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_20230915.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_230921.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_230926.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_20230927.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer-230928.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231006.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231009.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231010.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231011.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231013.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231026.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231027.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231030.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231031.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231102.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231102_1.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231103.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_1.exe","231117/uTorrentClassic-211215/3.6.0.46896/Samples/utorrent_installer_231108.exe"],"imageFiles":["231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-048/ACR-048.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-048/ACR-048_1.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-084/ACR-084.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-097/ACR-097.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-013/ACR-013.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-013/ACR-013_1.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-013/ACR-013_2.JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-060/ACR-060 (1).JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-060/ACR-060 (2).JPG","231117/uTorrentClassic-211215/3.6.0.46896/Images/ACR-060/ACR-060 (3).JPG"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46896_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46896","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:31.6426846+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":40},{"violations":{"ACR-042":"App drops potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"64394d87c41476e3c75e1c435342dea4","hashSHA1":"12a146778da65f436c096f5cb005aeb3ce774b7c","hashSHA256":"d69786c703d99c3c305952c67a4ff02911b31cabc1d41ebf17a128e66112cd13","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"914","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"8399e2328e74253f7d5ae6293840d954","hashSHA1":"e2054432a188315d45f41c5e4adf1871b8d19458","hashSHA256":"b628a28046502aeb3befc908c4383341d2a5164baf8a86dfd7e92a3ec23ef11d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"914","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230818.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"51b7df10c11728e06e8df45c128ec0dc","hashSHA1":"3221ae56450dee26a620a6f6b1dd0cc18d9b6721","hashSHA256":"5781f34bfd6f640588c91d4e068ecea7dd09c2c8689bf1660baa81d6ec5bf0a0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"914","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230823.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"241ce365f228ee5f74d81b3fea14e09a","hashSHA1":"700b05506dd3eebb4b87ff545f6d2bb6af6a3ae3","hashSHA256":"bf4ee47d0df1870104f4fada8a68c2fb29e94fea9284c7bb6a6b385a718d8a18","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"914","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230829.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"732f9aa272ebd89d79950fb6ffe8f6c7","hashSHA1":"3713a0a8fa35946b7096a9df9b4b39ce5c0aad45","hashSHA256":"24ee499cb6c328e7a3d4aa3494ba121b17ba43cdfeded80694a795595c0b9af8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"914","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_230831.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"00c064c24f9a63bd3e724ba584f37283","hashSHA1":"efe70070810aa513f5c27c1166e1a1872c68e985","hashSHA256":"d4c23af61f43210023a86976eac522cfd9d9b90c1be1ef9234769a449ab50aa4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"914","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"914"}],"sampleFiles":["230831/uTorrentClassic-211215/3.6.0.46884/Samples/uTorrent.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer_230818.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer_230823.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer_230829.exe","230831/uTorrentClassic-211215/3.6.0.46884/Samples/utorrent_installer_230831.exe"],"imageFiles":["230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-042/ACR-042.jpg","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-048/ACR-048_Install_1.png","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-084/BackgroundProcess.jpg","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-097/ACR-097.jpg","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-013/OptionalOffer.jpg","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-060/ACR-060_Bundler-made offers_2.png","230831/uTorrentClassic-211215/3.6.0.46884/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46884_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46884","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:35.2500478+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":41},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\utorrent\\uTorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46856","fileVersion":"3.6.0.46856","hashMD5":"4a3ce2950995959b3a1188f4e7657523","hashSHA1":"413241f0d81434fb0115d86e69a952959ffccaae","hashSHA256":"379ab962949d2d807fdeaaf1aff04435c253058939cc2fdec6ecea1880476c24","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"924","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"c73cbc75ca44c32aa9772bedfd245788","hashSHA1":"11ac42027f69bde30b4ea50f81e7ad5f2727eeb3","hashSHA256":"cea182357dbf0aa245cad4ef7e339d2c7c6d25d7ae181f9f522e6da4c111a022","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"924","avBlockList":["COMODO Antivirus (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Malwarebytes Premium (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)"],"avAllowList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Kaspersky Internet Security (20231219)","McAfee Total Protection (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","Trend Micro Internet Security (20231219)","VIPRE Advanced Security (20231219)","Windows Defender (20231219)"]},{"isRevoked":"False","fileName":"utorrent_installer_110823.exe","isInstaller":"True","productName":"uTorrent® Classic          ","productVersion":"3.6    ","fileVersion":"3.6","hashMD5":"685489a499de173fd16af300092e88f7","hashSHA1":"4d65b9f499e5b3a7453553236482673866922283","hashSHA256":"dd0e988d3c5778ac32801d5512d38b2ae1e4852b99e35eef12a865f6caf7d1d4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","sourceIndex":"924","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"924"}],"sampleFiles":["230811/uTorrentClassic-211215/3.6.0.46856/Samples/utorrent_installer.exe","230811/uTorrentClassic-211215/3.6.0.46856/Samples/utorrent_installer_110823.exe"],"imageFiles":["230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-042/ACR-042_Install_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-048/ACR-048_Install_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-084/ACR-084_Software_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-097/ACR-097_Software_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-013/ACR-013_Install_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-013/ACR-013_Install_2.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-013/ACR-013_Install_3.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-060/ACR-060_Bundler-made offers_2.png","230811/uTorrentClassic-211215/3.6.0.46856/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46856_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46856","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:35.5751154+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":42},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\nsw3EAD.tmp\\utorrent.exe","companyName":"BitTorrent Inc.","productName":"µTorrent","productVersion":"3.6.0.46842","fileVersion":"3.6.0.46842","hashMD5":"cb1c82cde2bc59c31c5504cdcf733074","hashSHA1":"1af61bbf0641437b53859ccd5c931f018672fde5","hashSHA256":"adf5f209a7d89bea67d4c572a5bfe6c869650f268189e32dd9265d9171955eaa","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"932","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"1b2ec0b6333afc09eba03a5f59d0b76a","hashSHA1":"cd444f69c7ecf79c3cfebd17e866870b0989c63f","hashSHA256":"738fff1c56ce34baa6dfa2200b873eb7c6aac69f6b5d051fdaf21500a80e846a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"932","avBlockList":["COMODO Antivirus (20240404)","Dr.Web Security Space (20240404)","ESET Internet Security (20240404)","G DATA INTERNET SECURITY (20240404)","K7 Total Security (20240404)","Malwarebytes Premium (20240404)","Norton Security (20240404)","Panda Dome (20240404)","Quick Heal Internet Security (20240404)","Sophos Home Premium (20240404)","VirIT eXplorer PRO (20240404)","Webroot SecureAnywhere (20240404)"],"avAllowList":["360 Total Security (20240404)","Avast Premium Security (20240404)","AVG Internet Security (20240404)","Avira Internet Security (20240404)","Bitdefender Internet Security (20240404)","Kaspersky Internet Security (20240404)","McAfee Total Protection (20240404)","SpyHunter5 (20240404)","Total AV Antivirus Pro (20240404)","Trend Micro Internet Security (20240404)","VIPRE Advanced Security (20240404)","Windows Defender (20240404)"]},{"isRevoked":"False","fileName":"utorrent_installer1.exe","isInstaller":"True","productName":"uTorrent® Classic  ","productVersion":"3.6        ","fileVersion":"3.6","hashMD5":"0d7e9cbe5109336465bf78b6b09b7e73","hashSHA1":"4ed2017ee1910f3180a7ec4a77562a8c46b2c712","hashSHA256":"965b37a54dbf64c32d3e63923f846257f7f22c03abf6b5dff45b8e9ebff4fea1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"932","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"932"}],"sampleFiles":["230802/uTorrentClassic-211215/3.6.0.46842/Samples/utorrent_installer.exe","230802/uTorrentClassic-211215/3.6.0.46842/Samples/utorrent_installer1.exe"],"imageFiles":["230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-042/ACR-042_Install_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-048/ACR-048_Install_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-084/ACR-084_Software_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-097/ACR-097_Software_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-013/ACR-013_Install_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-013/ACR-013_Install_2.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-013/ACR-013_Install_3.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-060/ACR-060_Bundler-made offers_2.png","230802/uTorrentClassic-211215/3.6.0.46842/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46842_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46842","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:35.8803949+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":43},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"3.6","hashMD5":"1009e138a3edeef04ec3a0c3bddfdf20","hashSHA1":"f8889787ca28a22aaac0a958b07f29c21a0ca733","hashSHA256":"962ca30406e010630cc520c1b63233c8d67cdab34c4e389dd16cf4957b938d91","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1000","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"34fe9c7c02c7be98c80caa299933aa22","hashSHA1":"55eb6cf381ef96949a25f0c0adec7c7f180e9914","hashSHA256":"ef7c7ec794e42224c24d5857c65657f214cf97531f8f4ed9524799eaba31a210","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1000","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_062923.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"ddc44cfe17b7e695f076569a42dfab7d","hashSHA1":"88678b15f02f1e658c2437475a068fa8f61a3d99","hashSHA256":"4ac4a2c4406d1f822b1fb079afb8d863c4073b41a030bf539b87dbc02d4b76ca","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1000","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"1000"}],"sampleFiles":["230711/uTorrentClassic-211215/3.6.0.46828/Samples/uTorrent.exe","230711/uTorrentClassic-211215/3.6.0.46828/Samples/utorrent_installer.exe","230711/uTorrentClassic-211215/3.6.0.46828/Samples/utorrent_installer_062923.exe"],"imageFiles":["230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-042/ACR-042.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-048/ACR-048.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-084/ACR-084.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-097/ACR-097.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-118/ACR-118.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-013/ACR-013_060.png","230711/uTorrentClassic-211215/3.6.0.46828/Images/ACR-060/ACR-013_060.png"],"nonDeceptorImageFiles":[],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.46828_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.46828","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:37.3415307+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":45},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":" On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation, the app has an option selected  \"Add an exception for uTorrent in windows firewall\" without explicit reason for such setting, that lower the default system security guard.\n","ACR-014":"The \"Accept\" button on the Norton Browser offer is used for two things: accepting an offer and accepting Norton as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing Norton and not for changing the system browser's default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\utorrent\"\n"},"samples":[{"isRevoked":"False","fileName":"utorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt® Classic                                           ","productVersion":"3.6                                               ","fileVersion":"3.6                 ","hashMD5":"0bb603a70d48c249477b37d8d038d36a","hashSHA1":"2da19ade46bf4cf4cff6c0472a9c4aaa8b229f5f","hashSHA256":"7d13f8ec0a2cf0cdbac2113427194ff7b02b6ede0e57e536a72ceb3096f5092d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"668","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240325.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"2f97c0673f0255e2c1eed8d754343a6b","hashSHA1":"c5c3dbf02ce22493f548195aab750ae8265877aa","hashSHA256":"ca4c4b987da410d20719aaac8c86d547bbb84128aa8960b03a4e0641797d9070","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"668","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utorrent_installer_240327.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"b04400605900af1b738f740f7a5df6ac","hashSHA1":"8cdfb00e64efddb751e42fa7c2a45c6bd0da5072","hashSHA256":"53684f5cabf37edf5acfd4d490f208b1f3882cd97f847d897d0301ed974acf69","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"668","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/","directDownloadingLink":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/downloads/complete/track/stable/os/win/","sourceIndex":"668"}],"sampleFiles":["240328/uTorrentClassic-211215/3.6.0.47028/Samples/utorrent_installer.exe","240328/uTorrentClassic-211215/3.6.0.47028/Samples/utorrent_installer_240325.exe","240328/uTorrentClassic-211215/3.6.0.47028/Samples/utorrent_installer_240327.exe"],"imageFiles":["240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-042/ACR-042.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-048/ACR-048.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-084/ACR-084.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-097/ACR-097.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-097/ACR-097_1.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-014/ACR-014.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-013/ACR-013.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-013/ACR-013_1.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-013/ACR-013_2.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-060/ACR-060.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-060/ACR-060_1.PNG","240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240328/uTorrentClassic-211215/3.6.0.47028/Images/ACR-040/ACR-040.PNG"],"guid":"4b11710c-2201-4d5a-bf94-5850f6f9c6f1_3.6.0.47028_1","appID":"uTorrentClassic-211215","dateAdded":"260209","deceptorType":"App","name":"uTorrent Classic","company":"BitTorrent Inc.","version":"3.6.0.47028","lastKnownStatus":"3.5.5.46148;3.5.5.46200;3.5.5.46304;3.5.5.46348;3.5.5.46542;3.5.5.46552;3.6.0.46716;3.6.0.46812;3.6.0.46822;3.6.0.46828;3.6.0.46830;3.6.0.46842;3.6.0.46856;3.6.0.46884;3.6.0.46896;3.6.0.46922;3.6.0.47006;3.6.0.47012;;3.6.0.47016;3.6.0.47028;3.6.0.47044;3.6.0.47062;3.6.0.47082;3.6.0.47084;3.6.0.47124;3.6.0.47116;3.6.0.47132;3.6.0.47134;3.6.0.47228;3.6.0.47142","lastKnownDate":"260209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:27.5279921+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":30,"sortOrder":35},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46831","fileVersion":"7.11.0.46831","hashMD5":"35b12f3b4ffff52eab5f32cb32fbde63","hashSHA1":"eecbef6d301c53bd5ac53b69071093ad8b75c47c","hashSHA256":"d262dddadd4aff06e70c4aa9aba805a1ec32414691a9f3741800c8c0522e0ad3","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"803","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"2c060f9ce1e0e2ad57865817a7eaad65","hashSHA1":"7b48105cd53500f45dd2bc0bf830c57a8932d81c","hashSHA256":"ae252f256a9df7862c009b1e277448e74381e0b2d1620e574afa96736aed1e58","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"803","avBlockList":["COMODO Antivirus (20230905)","Dr.Web Security Space (20230905)","ESET Internet Security (20230905)","G DATA INTERNET SECURITY (20230905)","K7 Total Security (20230905)","Malwarebytes Premium (20230905)","Norton Security (20230905)","Panda Dome (20230905)","Quick Heal Internet Security (20230905)","Sophos Home Premium (20230905)","VirIT eXplorer PRO (20230905)","Webroot SecureAnywhere (20230905)"],"avAllowList":["360 Total Security (20230905)","Avast Premium Security (20230905)","AVG Internet Security (20230905)","Avira Internet Security (20230905)","Bitdefender Internet Security (20230905)","Kaspersky Internet Security (20230905)","McAfee Total Protection (20230905)","SpyHunter5 (20230905)","Total AV Antivirus Pro (20230905)","Trend Micro Internet Security (20230905)","VIPRE Advanced Security (20230905)","Windows Defender (20230905)"]},{"isRevoked":"False","fileName":"bittorrent_installer-072723.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3d71296c35a8c4183200e2b7938c9509","hashSHA1":"6923ab44dd675e976090d9e4b364493ce99c5680","hashSHA256":"0f9b4c9d435e43ed1a37edfc35c8f20c77ea745fea4376c79e2947dbe4bb23c2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"803","avBlockList":["COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Malwarebytes Premium (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","Kaspersky Internet Security (20230919)","McAfee Total Protection (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Windows Defender (20230919)"]},{"isRevoked":"False","fileName":"bittorrent_installer_230821.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"33616e1fb52807431ae397263050fb2c","hashSHA1":"d4a5a533b5a547378003c0111232aeaf0b8ac5e6","hashSHA256":"720ce6970bb7e677deb3e6f0fc8ed3ffd7517c87a6d5f2add55f74b6aae5dad2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"803","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_1.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c7848e55b0883548fed699baa89486bf","hashSHA1":"b4665bbca06c579615dede0d56a415e67c741316","hashSHA256":"85b2623fb1851b2e86701030e13e5fc41301551c29b00715be5871fd74d49eb9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"803","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic","sourceIndex":"803"}],"sampleFiles":["231117/bittorrentclassic-220201/7.11.0.46831/Samples/bittorrent_installer.exe","231117/bittorrentclassic-220201/7.11.0.46831/Samples/bittorrent_installer-072723.exe"],"imageFiles":["231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-043/ACR-043.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-042/ACR-042.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-048/ACR-048.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-084/ACR-084_Software_1.png","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-097/ACR-097.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-097/ACR-097_1.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-013/ACR-013.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-013/ACR-013_1.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-013/ACR-013_2.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-060/ACR-060.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-060/ACR-060_1.JPG","231117/bittorrentclassic-220201/7.11.0.46831/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46831_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46831","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":98},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46923","fileVersion":"7.11.0.46923","hashMD5":"0b59e28104dde558b7418335b4a06249","hashSHA1":"4e6e1501b0a581af528e111c49acae53596cd405","hashSHA256":"8247c1bf99a3e892037ddc52cf0a2775fd1f45b7a3215ec034ea4a6eb792e2ee","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"2bbb345d53883f05a32cc1389b5dda0d","hashSHA1":"17e7dfe087417d4b6077b43316999bdc3d85aa05","hashSHA256":"dea487953f984f1dae0207e60f4d5a690020c69725b6143fbcac1c7fc5b4daad","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"735","avBlockList":["COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","Malwarebytes Premium (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","McAfee Total Protection (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","Trend Micro Internet Security (20240102)","VIPRE Advanced Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"bittorrent_installer%20_231116.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"61b143f7c821635e522df5e2cccc7bf2","hashSHA1":"86d0ef8dd9caf2395c584f949b9109d9056467b7","hashSHA256":"4e96ac87931107ec25a8160d01e2f9eb96adfe339e4e4bb5003f7092556cdc4f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231117.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"22caeb0a03bab237670382bc1de66a51","hashSHA1":"4b18a6914edcc870f9c7c1d847fcbef4a787b9e7","hashSHA256":"fe1867563cf826aa5887d95c7ec523b4090da9da4ed8c61bf37378559411628d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231120.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"41f09d291e0c5e21d291e9e5792f0494","hashSHA1":"5914696d753aaeaef75cf3700819f1e4a8089d8e","hashSHA256":"d91ce3589f0e932882f3b5a0ec8cdb16d0865903cb92a43e6eac2a08154b1cd3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231124.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"26a14b97ffece09e30c47cc7a7ba3651","hashSHA1":"c996b73757c464126ff5cb5b508b95739b98f196","hashSHA256":"34499e29f6477f82cc2a97f9b35a6d8d291540ad1c4e7b135d650ab8d5de97b9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231204.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"d86827540b2444640a893555a591b898","hashSHA1":"1fd50136e595c13cc97c8e039375e1d9b588ae43","hashSHA256":"f559eb2923c34f8be09400f281c193ded59c964af46ccccecefb23c6b433c63a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231211.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"af89bfe5b99ae7d3366bbaef21c8953f","hashSHA1":"9687f04b72ddf5bf113fab886fdc367552f7f065","hashSHA256":"b97203d90fb3e45a97d6feed672a3733c66178fff7c036ea225cd902ba1e8e30","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231226.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"7c88c32e6ea5f9dadcf605e8af7ec646","hashSHA1":"aca64e43f1e8cb6f24f3937466de1a7716a69291","hashSHA256":"ffb4037551ad83ca1c4c32e576192a322ce37261be0c75a808b9abe9e87020b5","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240103.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"75e906e76810d2eddb8d7a9aecff350e","hashSHA1":"8f1afcac6b5f733ff059f4411b924089ef663558","hashSHA256":"e7f7cf2df7f5b9bf97a07d827505007d7642d14fac06e8539dc8896ee170d662","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240109.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"365233466d59c91300c0679e9419b05e","hashSHA1":"6033b633b0beea1f5a2d97346d0dfeb9f37d81c2","hashSHA256":"6a8f80cdcb5ee26b48808294996a07c7db42b0d91d273ad55c21c147e639d57d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_220124.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"6069a460fc49fe3c9eaf3cfc48d52f3d","hashSHA1":"22de7fa52810c423c9cc9b1a1a262cc44d362c0d","hashSHA256":"04a2d88ebab867759172ad5fd262d26d32d28efc59453d44dffe2ff66a44cacf","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240130.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"230ac98b633147568e785e1132d561e2","hashSHA1":"1d97a3d58276dabdf1b37e93ae7b64b998c741aa","hashSHA256":"06836db659ca536a8093390bcd5078d809eaee40cc6204e02767d8e6f31d1566","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230207.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"09f08b171c529814ceae70f0a6b899af","hashSHA1":"ce4113ca1744d121b2fb1c8291272a90969d0ab0","hashSHA256":"67aee9c4c702655cd07e59115cbf70fdaa60d9a8f957bc8856b3101db600e2e9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"735","avBlockList":["COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","FortectPremium (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Sophos Home Premium (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)"],"avAllowList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","KasperskyPremium (20240801)","McAfee Total Protection (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"735"}],"sampleFiles":["240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer%20_231116.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231117.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231120.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231124.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231204.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231211.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_231226.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_240103.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_240109.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_220124.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_240130.exe","240207/bittorrentclassic-220201/7.11.0.46923/Samples/bittorrent_installer_230207.exe"],"imageFiles":["240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-048/ACR-048.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-084/ACR-084.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-097/ACR-097.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-097/ACR-097_1.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-013/ACR-013.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-013/ACR-013_1.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-013/ACR-013_2.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-060/ACR-060.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-060/ACR-060_1.JPG","240207/bittorrentclassic-220201/7.11.0.46923/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46923_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46923","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":97},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer_240416.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ae8a9f845b4730fdcc1d6099e2e5a299","hashSHA1":"80c7275086e8919f25af4fd990eb09bff43e3378","hashSHA256":"bcb68777295b07b8c5273ff5f195f8dc3fca3f6c97d46ccd1326a590fa46bedc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"641","avBlockList":["COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Sophos Home Premium (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Windows Defender (20240528)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240417.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"29edb55ffa6fa3cc450b39faabf401e9","hashSHA1":"9d85341b7f7d5fe4e01ff22d5a47fc0c899557d3","hashSHA256":"e72d39a573b158482efa52206f01d99c51667f7cadceca90fc6af4355bae51cb","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"641","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240418.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"eb4dc818e183a97cdedfb1c351239e5d","hashSHA1":"157560475d6883f2654b69dace1b4d51495b176b","hashSHA256":"568bda8c10109a980a32939ae7e63c31e4525b8da0f990b3be2302474651e5ef","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"641","avBlockList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","G DATA INTERNET SECURITY (20241001)","Malwarebytes Premium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","McAfee Total Protection (20241001)","Quick Heal Internet Security (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240422.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"9fcf5a4c8626febb437c2aef7a5f0893","hashSHA1":"a33b9806257b1d6afcf48dd2df0ecbb2a36e1e83","hashSHA256":"f2ee97951707bc83694c7e48cff57f67c455b13b59f67f04f35ba74d7fdfc9f6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"641","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240425.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ac3f7a256489ed25ba186eb70b94d20d","hashSHA1":"462072e44315d39a314ed734d3c6372c019916d3","hashSHA256":"11c101a74221e14adb55d429e79dc64a59668d259d6267dd2f37f804195bc77f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"641","avBlockList":["COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","Malwarebytes Premium (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240429.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8a9cdca60a164b7464f06373a2243265","hashSHA1":"20eb1e4e3a5bb4742130e5590c08781671346173","hashSHA256":"dd489dd3aa2951704909bf74f302c9129751c54d6d0053d29e6155e9116faf43","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"641","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Panda Dome (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"641"}],"sampleFiles":["240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240417.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240418.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240422.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240425.exe","240521/bittorrentclassic-220201/7.11.0.47063/Samples/bittorrent_installer_240429.exe"],"imageFiles":["240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-042/ACR-042.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-048/ACR-048.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-084/ACR-084.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-097/ACR-097.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-097/ACR-097_1.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-014/ACR-014.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-013/ACR-013.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-013/ACR-013_1.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-013/ACR-013_2.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-060/ACR-060.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-060/ACR-060_1.PNG","240521/bittorrentclassic-220201/7.11.0.47063/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47063_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47063","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":93},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\bittorrent\".\n"},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"d166e951043780ee62b8133a68111efd","hashSHA1":"aa6279869bc027e0cc628a96f17c00229395fa80","hashSHA256":"a90f8dd63490da82af080e6d714fc6256af345c2ed9942d9615566d140a1cd73","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"711","avBlockList":["COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Malwarebytes Premium (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","FortectPremium (20240718)"],"avAllowList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","Kaspersky Internet Security (20240718)","McAfee Total Protection (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","Windows Defender (20240718)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240227.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"e49f305d0aacb2e07805c1ddec9d37cb","hashSHA1":"c8c18466701dd8c82c3041d15e29c93fd1dc7d75","hashSHA256":"e10ccaced3fa93587e4de2e7cf43f460f8021a9b4aed22ab834e8dcc18ce1736","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"711","avBlockList":["COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","G DATA INTERNET SECURITY (20240730)","K7 Total Security (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Quick Heal Internet Security (20240730)","Sophos Home Premium (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)"],"avAllowList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Bitdefender Internet Security (20240730)","KasperskyPremium (20240730)","McAfee Total Protection (20240730)","Panda Dome (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","Windows Defender (20240730)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240301.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"09f08b171c529814ceae70f0a6b899af","hashSHA1":"ce4113ca1744d121b2fb1c8291272a90969d0ab0","hashSHA256":"67aee9c4c702655cd07e59115cbf70fdaa60d9a8f957bc8856b3101db600e2e9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"711","avBlockList":["COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","FortectPremium (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Sophos Home Premium (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)"],"avAllowList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","KasperskyPremium (20240801)","McAfee Total Protection (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240304.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"4036bbae3656dcec8ffdaf0078368d47","hashSHA1":"04c51cd7179c543ce423eaa1a9d28196dd8c8009","hashSHA256":"7fdd92e9e8feeb7404454786f5eafd9c424e0aabc82f3a63f359a820b475b547","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240306.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"098a0b8274d47775ca8dc49fbba067d5","hashSHA1":"de3a6d050a86c78889a5e719ea2dca2da32f2512","hashSHA256":"84044bcdc8a9f2f02ffef19c434428881ef3655a6fdcb7216f029cf12ee9dcd6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240307.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"5755cab0c0a3ef16f21b60b9f83cb23a","hashSHA1":"786a1dd531bcfb486a1ff6c049c23f606b29b1ee","hashSHA256":"6436ab570c0ec62eccb3d5c80d16712c853d619d883875bc2f75f4aadcc9c98d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240308.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c28a37d0c5975028675a4296cdd1eb38","hashSHA1":"9bd8f943992fcf2b8cee9697cdb49a56d824c755","hashSHA256":"374e8d0178f1ff16a5cee34aaada333a8890c7d45e2222b9571babbfdc9211c0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240311.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ff454b5053be1ca430d547fb9bde31c0","hashSHA1":"6adfe9f4ee9074df6f7baff293f5a863e70f5224","hashSHA256":"500804a27ff919aa64fce31ecfb2f9e0b26f9077bf1e21981bb953f68b74aa6d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240313.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ba0d48a26e798fff2a4f91b5d49feb04","hashSHA1":"5a55752d173348eaa8a2eaa636a2c83403049379","hashSHA256":"e1e1bc0da7d3810e1b848864f41d5b8d24dba1936c02968324ed43b38bff1753","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"711","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"711"}],"sampleFiles":["240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240227.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240301.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240304.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240306.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240307.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240308.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240311.exe","240314/bittorrentclassic-220201/7.11.0.47013/Samples/bittorrent_installer_240313.exe"],"imageFiles":["240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-042/ACR-042.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-048/ACR-048.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-084/ACR-084.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-097/ACR-097.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-097/ACR-097_1.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-014/ACR-014.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-013/ACR-013.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-013/ACR-013_1.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-013/ACR-013_2.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-060/ACR-060.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-060/ACR-060_1.PNG","240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240314/bittorrentclassic-220201/7.11.0.47013/Images/ACR-040/ACR-040.PNG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47013_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47013","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":95},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"9fcf5a4c8626febb437c2aef7a5f0893","hashSHA1":"a33b9806257b1d6afcf48dd2df0ecbb2a36e1e83","hashSHA256":"f2ee97951707bc83694c7e48cff57f67c455b13b59f67f04f35ba74d7fdfc9f6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"656","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240403.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ac3f7a256489ed25ba186eb70b94d20d","hashSHA1":"462072e44315d39a314ed734d3c6372c019916d3","hashSHA256":"11c101a74221e14adb55d429e79dc64a59668d259d6267dd2f37f804195bc77f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"656","avBlockList":["COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","Malwarebytes Premium (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240405.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"a5042d3b41dc6513bb0ed259d5f0af93","hashSHA1":"095e5060d60b816f155b49e714663addd957cab0","hashSHA256":"512fbeefa7ff900ce760066da5c13ad0a53d317a2afa39f02292700c885807fd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"656","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240408.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ae8a9f845b4730fdcc1d6099e2e5a299","hashSHA1":"80c7275086e8919f25af4fd990eb09bff43e3378","hashSHA256":"bcb68777295b07b8c5273ff5f195f8dc3fca3f6c97d46ccd1326a590fa46bedc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"656","avBlockList":["COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Sophos Home Premium (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Windows Defender (20240528)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240410.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8a9cdca60a164b7464f06373a2243265","hashSHA1":"20eb1e4e3a5bb4742130e5590c08781671346173","hashSHA256":"dd489dd3aa2951704909bf74f302c9129751c54d6d0053d29e6155e9116faf43","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"656","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Panda Dome (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"656"}],"sampleFiles":["240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer.exe","240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer_240403.exe","240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer_240405.exe","240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer_240408.exe","240415/bittorrentclassic-220201/7.11.0.47029/Samples/bittorrent_installer_240410.exe"],"imageFiles":["240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-042/ACR-042.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-048/ACR-048.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-084/ACR-084.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-097/ACR-097.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-097/ACR-097_1.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-014/ACR-014.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-013/ACR-013.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-013/ACR-013_1.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-013/ACR-013_2.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-060/ACR-060.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-060/ACR-060_1.PNG","240415/bittorrentclassic-220201/7.11.0.47029/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47029_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47029","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":94},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46901","fileVersion":"7.11.0.46901","hashMD5":"f511434e93d25f138d22c9f5ddc0d30f","hashSHA1":"07e1d408c545548ca5b753b6d7682fbfb0967477","hashSHA256":"5decec8501581bd43c6933c3296656f74f31e06a1cc345317ae7f9814bf4353a","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"fef05fa9d2f5a28704dc88492ac79ec6","hashSHA1":"0102a7ccc218bf2ff3101d6acab8d8979e677343","hashSHA256":"9505b8cb89e5eb5c103e3850c97e8996093f2c3f3a4607111c5d90f95d113580","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"812","avBlockList":["Bitdefender Internet Security (20231107)","COMODO Antivirus (20231107)","Dr.Web Security Space (20231107)","ESET Internet Security (20231107)","G DATA INTERNET SECURITY (20231107)","K7 Total Security (20231107)","Malwarebytes Premium (20231107)","Norton Security (20231107)","Panda Dome (20231107)","Quick Heal Internet Security (20231107)","Sophos Home Premium (20231107)","VIPRE Advanced Security (20231107)","VirIT eXplorer PRO (20231107)","Webroot SecureAnywhere (20231107)"],"avAllowList":["360 Total Security (20231107)","Avast Premium Security (20231107)","AVG Internet Security (20231107)","Avira Internet Security (20231107)","Kaspersky Internet Security (20231107)","McAfee Total Protection (20231107)","SpyHunter5 (20231107)","Total AV Antivirus Pro (20231107)","Trend Micro Internet Security (20231107)","Windows Defender (20231107)"]},{"isRevoked":"False","fileName":"bittorrent_installer_231009.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"d8a4d0ecb7f0dcc952bd4c6bbb6423e0","hashSHA1":"58292236361f34e1f9f2d990cf5bb366ddede6eb","hashSHA256":"00f44b47aa342ef8bcd1af5319d3d97ced922848069d85a40f6eaaf53354778f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231010.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"95c6fbcf4897cb6966b8b4bbe823154c","hashSHA1":"ba2ec29831ced48717325abeec6f5ab0df1385d3","hashSHA256":"62e0e5fee093afb411ddc943db79a9331342b46e53b76788e77de12c3276094b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231011.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c9c3d0959bf5c283dee53705536e9eb2","hashSHA1":"919bbe553f7e6c0aac172da03883b7d9e5d12e39","hashSHA256":"cd1d6e1be9e4fad4020591c355f8300b8488e184b3b82b76c4149e1b11eae9c0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231011-2.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"86cc5bca9e216179c94d640da2788135","hashSHA1":"bdeaa98ddac4f549caade0caad6e19e77e23c7f2","hashSHA256":"a645b03f370917a49f724c26dbf0d6815d2ecebbb0c7d6b585856779b35d0fe8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231026.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8e51b1442c7942795f09363456d805ac","hashSHA1":"318ecf0ec181574619cc3ac9dfd1ab335146b3b4","hashSHA256":"ceeb59575180dae0565ccae8c626a85b59a1d7631bd766d48e55753b774682d0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231027.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3a687d7e45750531c4ead920890ca2ec","hashSHA1":"d3a70427fd4b944c04809a2c4930ea0ee2ba8938","hashSHA256":"da81d46bec4d4df64cd022989fcade8f667b8f0c49d1c619301fa7857d66f1d7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231031.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"cfaa7936fa5eaaebc024d8b7eb5e9b30","hashSHA1":"1c5300c37dee7b31b46d38b409276ce9771daa88","hashSHA256":"47f26b0ff6e1f3f5c981b06b933659da10b7c2086c9485f760df565a4fa8e039","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231102.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3b0fcd2fe470962848abb96af7a25d0d","hashSHA1":"8d28b9b06ee6183838f287046a9f3d76d03de90c","hashSHA256":"7c14280fd67cbd53c1eff978b50ea1fa7c88a79622a75f7ab804ed44fc391e00","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231103.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"47d96abdbcf90c0f5cc32b65dbe70619","hashSHA1":"de9b31e7fdada368cab474befa0bf38d9bdebd25","hashSHA256":"66cef7731ebdaf11f2d887389cbd824e12303cfa789792755aaf5a88f81e0065","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_1.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"4afe38427939a526b57fa0c21a4af0b0","hashSHA1":"8c6f5333a9acf1be9de5dfb79d407f3fb451758d","hashSHA256":"c760f68ee0a7ffa7c41647313c68cd3afe1fff1ebd9f4f4b5a9405e36c786567","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231113.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"4abcbbc3b9305e026dadbb22239fcb29","hashSHA1":"52772e9ee47faf784dfd98789e5b6406943f2e42","hashSHA256":"207412f840653de40fd9931bf6459bbb88efd825ebd3fa79f6602ec972f5b55f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_231115.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"0b4c759df591dfa6352b705f2742c70f","hashSHA1":"cb98803dfcd83b64f9c5c6dc34acdeedb57b1e60","hashSHA256":"9bc1644f9ed77f6474b662365229ecaf85a7fd2749173a946f50bb84a2200bb1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"812","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"812"}],"sampleFiles":["231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231009.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231010.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231011.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231011-2.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231026.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231027.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231031.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231102.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231103.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_1.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231113.exe","231117/bittorrentclassic-220201/7.11.0.46901/Samples/bittorrent_installer_231115.exe"],"imageFiles":["231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-043/ACR-043.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-043/ACR-043_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-042/ACR-042.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-042/ACR-042_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-048/ACR-048.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-084/ACR-084.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-097/ACR-097.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-097/ACR-097_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-013/ACR-013.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-013/ACR-013_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-013/ACR-013_2.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-060/ACR-060.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-060/ACR-060_1.PNG","231117/bittorrentclassic-220201/7.11.0.46901/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46901_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46901","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":99},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\bittorrent\".\n"},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"2ae9b0e450a934712b9ae98ebfebde36","hashSHA1":"a7255579fc200bf62ec57a72378d5562d199acbe","hashSHA256":"63ded2716c1cef757ccc740c64405ad6e90d55c25b72406c95484c1f188396b7","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"732","avBlockList":["COMODO Antivirus (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","K7 Total Security (20240606)","Malwarebytes Premium (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)","Windows Defender (20240606)"],"avAllowList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","Dr.Web Security Space (20240606)","Kaspersky Internet Security (20240606)","McAfee Total Protection (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","Trend Micro Internet Security (20240606)","VIPRE Advanced Security (20240606)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240205.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c28a37d0c5975028675a4296cdd1eb38","hashSHA1":"9bd8f943992fcf2b8cee9697cdb49a56d824c755","hashSHA256":"374e8d0178f1ff16a5cee34aaada333a8890c7d45e2222b9571babbfdc9211c0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"732","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240206.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"e49f305d0aacb2e07805c1ddec9d37cb","hashSHA1":"c8c18466701dd8c82c3041d15e29c93fd1dc7d75","hashSHA256":"e10ccaced3fa93587e4de2e7cf43f460f8021a9b4aed22ab834e8dcc18ce1736","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"732","avBlockList":["COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","G DATA INTERNET SECURITY (20240730)","K7 Total Security (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Quick Heal Internet Security (20240730)","Sophos Home Premium (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)"],"avAllowList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Bitdefender Internet Security (20240730)","KasperskyPremium (20240730)","McAfee Total Protection (20240730)","Panda Dome (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","Windows Defender (20240730)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240208.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"5755cab0c0a3ef16f21b60b9f83cb23a","hashSHA1":"786a1dd531bcfb486a1ff6c049c23f606b29b1ee","hashSHA256":"6436ab570c0ec62eccb3d5c80d16712c853d619d883875bc2f75f4aadcc9c98d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"732","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240213.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"e216db4f3d5c151ae0d171fae64ebb34","hashSHA1":"0147a75651ab8c15012792e6d707911ecaea7d66","hashSHA256":"95de93d1eabeb9aa2293c5628b881110b8caeb50bc95c9873b488cf23a0910cb","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"732","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_241502.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"81316042cab65a29d2c8d4976d8620b9","hashSHA1":"5fb7a895ee96ecb72808a3430de7bab0f2e694bd","hashSHA256":"12a62635aabba697a8c9e06b8e9aa4a34df5986a0006eb6544d56d6988d856a1","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"732","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"732"}],"sampleFiles":["240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_240205.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_240206.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_240208.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_240213.exe","240215/bittorrentclassic-220201/7.11.0.47007/Samples/bittorrent_installer_241502.exe"],"imageFiles":["240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-042/ACR-042.JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-048/ACR-048_Install_1.png","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-084/ACR-084_Software_1.png","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-097/ACR-097.JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-097/ACR-097_Software_1.png","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-013/ACR-013 (1).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-013/ACR-013 (2).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-013/ACR-013 (3).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-060/ACR-060 (1).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-060/ACR-060 (2).JPG","240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-060/ACR-060 (3).JPG"],"nonDeceptorImageFiles":["240215/bittorrentclassic-220201/7.11.0.47007/Images/ACR-040/ACR-040_Install_1.png"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47007_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47007","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":96},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitTorrent.exe","companyName":"BitTorrent Inc.","fileVersion":"7.11","hashMD5":"7efa4405d75282464fe3b5c1c50b0ad6","hashSHA1":"c3d6599eb4ff5078421fb99705e782c9e013737c","hashSHA256":"99b4cd3814dec4e9178fd5292f25aaa19f1b90aa8576b193ade18cf4a10a9024","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3d71296c35a8c4183200e2b7938c9509","hashSHA1":"6923ab44dd675e976090d9e4b364493ce99c5680","hashSHA256":"0f9b4c9d435e43ed1a37edfc35c8f20c77ea745fea4376c79e2947dbe4bb23c2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":["COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Malwarebytes Premium (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","Kaspersky Internet Security (20230919)","McAfee Total Protection (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Windows Defender (20230919)"]},{"isRevoked":"False","fileName":"bittorrent_installer1.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"67fc95f638917d51663ec4326e39a236","hashSHA1":"b0bb3af91487cb53fb29acaac28024c018838dd9","hashSHA256":"8d41b40690e35ec621bff84bda80e36f31d8418544d78087ca8bcbfac0fafeb0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer2.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8fd7113b169042d3db11b1e10267ff52","hashSHA1":"841f1cb40b5c92a22d6e0e759ccd072a5b623e4b","hashSHA256":"0933f9a4ebb55cd3508bd2c782d5a33f578491e7e79d4e024192fc83231a4eec","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_110823.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"2a59b41ca9b7aec80ee6612dc2c6309a","hashSHA1":"a77bb8d51e20f4073f66a7973957a1a8fff36d50","hashSHA256":"6b3f4314223f257e2ed7d290fed709b5d17e2e4d467a8f9a10442a22f534c146","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230815.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3d6fbc619fc8d787e6de436dc304160e","hashSHA1":"b797d82d33f4b792db37a6942ddb1f0335908107","hashSHA256":"1fe94e4a1593f6b70b698017b6efcd955e55bafabe3e79401cf192dd45166e1d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230818.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"3835f4b79fcd3623d27e93ed8df79f86","hashSHA1":"c182e7e6e677d3190f6396a48e8a14f267036f4e","hashSHA256":"274f7c4a8fc2ec48d8f8fef83cdefc5bc0d1d41f7db6d9bccca41e5a319a50fe","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230821.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"33616e1fb52807431ae397263050fb2c","hashSHA1":"d4a5a533b5a547378003c0111232aeaf0b8ac5e6","hashSHA256":"720ce6970bb7e677deb3e6f0fc8ed3ffd7517c87a6d5f2add55f74b6aae5dad2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230823.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ffef3f26f81233b9e35c82aa7c7b60a3","hashSHA1":"81cf282613397542da144c017d6173fbac61698a","hashSHA256":"ca5fa638986e10239d4df8c8144cc1e3af22f363dc51452ce0bd083e577c73ae","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230825.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"4ad4dbc8e036888532e797a8a4c05b6d","hashSHA1":"1dd888e068f6f0bf2acfbe3fdb49747da065cb62","hashSHA256":"a733ce13d26acb22da77a2f15b481c435a1daa52fca3190e0c62271e78de05c6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230829.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"1ae46aef996e1c20f9c7369b52259485","hashSHA1":"347ce6b8af410a2b11a0f2b25780c7a5cbd20374","hashSHA256":"68cd45de3153a2c1ac540f561954fff3fd48d3c6d7f0cd00c447456b25296504","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230831.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"60bed0a00409e3af3842181cccedb6da","hashSHA1":"098cdb8aa62e500f492df02cf65df1de5f42c456","hashSHA256":"10a4e72820a0c0ef437a337a86e108b92765f1099b5337415754864737dcbc2e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230904.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c006e449a9596d8651b13dd5f54c2579","hashSHA1":"c8c20bf2053b9fb30d9dabecc5e9e84ce15432b6","hashSHA256":"60f13e4576cf07ceb1af45e2926e90cf3b3ec8d297861ae5e582d2177e8df010","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installerr_230911.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"8576c91b540d5c9019d40b09348ffc1c","hashSHA1":"98766f62a6086392c2277b9ae154c0af33005a46","hashSHA256":"8d5939576504e48863064ba2ad720c909c20411658f9f729f810c2931f5fc9a6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230912.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ba549cb782e6469f8e7f458492961241","hashSHA1":"c9be5f243a0348ff1370b4ac3ddfccf468c9f9d6","hashSHA256":"bad81d9a627bdaf7cadf2b1a6114b14fb562abcab1473d5b84287dc3d0701246","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_20230915.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"c7fb2df616ce42d1da4ca8d8ead4c386","hashSHA1":"9914bae1a4cd8d05bcb5089db70c00951ef2b3cc","hashSHA256":"047790a71a8a1bba7bd3e86a7799cb7ba86048289374f5bda377991729e90608","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer230921.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"abc8ad57639be9816e7fe3abf28ddc89","hashSHA1":"248471efc962c1965a11c6b9d85bc121b7f36901","hashSHA256":"f1d6484a01bdc5a7a6d2ed01ffbec60550535f24ac0174f003a94b8faaa3ff71","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_230926.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"990467aa3ce8c422a0e1169f2ed00d3b","hashSHA1":"f262b78907d57a9554a32e19ee412fa3a8ec3acc","hashSHA256":"329c164b6f568291ded312f52fe8e1d5f3d97520c505a23c68538ac122b19ff2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_20230927.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"88c220796518b38d32b00d0a85698da3","hashSHA1":"8e5db91ff4753516585dadc9303b6fda271760d9","hashSHA256":"ae084d6968bb204038b71264e0f29c6a096eff0e59af59f0b37c53e589abd3e9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer-230928.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"86cc5bca9e216179c94d640da2788135","hashSHA1":"bdeaa98ddac4f549caade0caad6e19e77e23c7f2","hashSHA256":"a645b03f370917a49f724c26dbf0d6815d2ecebbb0c7d6b585856779b35d0fe8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"884","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"884"}],"sampleFiles":["230928/bittorrentclassic-220201/7.11.0.46857/Samples/BitTorrent.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer1.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer2.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_110823.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230815.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230818.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230821.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230823.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230825.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230829.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230831.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230904.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installerr_230911.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230912.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_20230915.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer230921.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_230926.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer_20230927.exe","230928/bittorrentclassic-220201/7.11.0.46857/Samples/bittorrent_installer-230928.exe"],"imageFiles":["230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-043/BTC_ACR-042_043.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-042/BTC_ACR-042_043.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-048/BTC_ACR-048.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-084/BTC_ACR-084.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-097/BTC_ACR-097.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-013/BTC_OptionalOffer.jpg","230928/bittorrentclassic-220201/7.11.0.46857/Images/ACR-060/BTC_OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46857_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46857","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":100},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the executable \"bittorrentie.exe\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46541","fileVersion":"7.11.0.46541","hashMD5":"159d80d8deaa583aabb2ce7a9290c5d3","hashSHA1":"605021e0a5e6183635db530ce5f5d615b403ece7","hashSHA256":"a268255938ecb743ace3e7ca8c965d084d05370d00b30751cd651f184becfd34","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1359","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\updates\\7.11.0_46541\\bittorrentie.exe","companyName":"BitTorrent Inc.","productName":"","productVersion":"","fileVersion":"1.0.0","hashMD5":"208e7fc415a0b98ce154440dfe23cb38","hashSHA1":"4b7f2e052916fc738f4d0a37f94672e037fffaef","hashSHA256":"6b3f9543e3a8acaf6dfeaf6165a428246f4e0922489f634f6322916e5242053f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1359","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\btfs\\btfs.exe","companyName":"BitTorrent Inc","productName":"BTFS","productVersion":"2.1.3","fileVersion":"2.1.3","hashMD5":"4a4c20378a5ee26188d437ea4d085242","hashSHA1":"9a1b148adfafe0631a7856452f2dd0c3473a0e5c","hashSHA256":"061870bfafb79fa6cf681ccb06f120769319626f1d9648ca2ecca237b82b2999","digitalCertThumbprint":"534AA6D3D1999D01686D94A9CF2940EF10286D08","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Bittorrent Inc.","storeId":"","sourceIndex":"1359","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1359","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"bittorrent","productVersion":"7.11.0.46541","fileVersion":"7.11.0.46541","hashMD5":"d71024c8f5014b93670c5b6807721e44","hashSHA1":"2d16a99347a8362406264614fc5c8f220e06b94a","hashSHA256":"32ce0a6c6b8eb0982bebf282e3f8b7391636d6b27a6be6621e73862d4c0a1996","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1359","avBlockList":["360 Total Security (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","K7 Total Security (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Sophos Home Premium (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)"],"avAllowList":["Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","G DATA INTERNET SECURITY (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","Quick Heal Internet Security (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","Trend Micro Internet Security (20230404)","VIPRE Advanced Security (20230404)","Windows Defender (20230404)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1359"}],"sampleFiles":["221025/bittorrentclassic-220201/7.11.0.46541/Samples/bittorrent_installer.exe"],"imageFiles":["221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-043/ACR-043_Install.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-048/ACR-048_Install.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-084/ACR-084_Software.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-097/AR-097_Software.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-118/ACR-118_Uninstall.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-118/ACR-118_Uninstall_1.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-057/ACR-057_Bundler-madeOffers_No_Accept_Decline_Option.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option_1.JPG"],"nonDeceptorImageFiles":["221025/bittorrentclassic-220201/7.11.0.46541/Images/ACR-092/ACR-092_Software.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46541_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46541","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":105},{"violations":{"ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{"ACR-163":"The BitTorrent FAQ link is not working and throws a 404 error.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46813","fileVersion":"7.11.0.46813","hashMD5":"c1e7b546fc0f782d318d131e57cab1d5","hashSHA1":"392b89b064dda0de309958611941451bcc7bd89c","hashSHA256":"1daf503548e8b99e5fe0be3195298ee75c48e93e845ff2251d8a180daea312e2","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1081","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"59ccdde3face28caffab52b8a763eff0","hashSHA1":"c1a595d01dbf1f1492c8c59423a34c6da00150c7","hashSHA256":"7057268b4c400711ba55edf81f81681465d64fa3fbc9a2836c02dbd81917584b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1081","avBlockList":["COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Malwarebytes Premium (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)"],"avAllowList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","Kaspersky Internet Security (20240516)","McAfee Total Protection (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","Windows Defender (20240516)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1081"}],"sampleFiles":["231117/bittorrentclassic-220201/7.11.0.46813/Samples/bittorrent_installer.exe"],"imageFiles":["231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-043/ACR-043.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-048/ACR-048.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-084/ACR-084.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-097/ACR-097.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-013/ACR-013.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-013/ACR-013_1.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-013/ACR-013_2.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-060/ACR-060.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-060/ACR-060_1.JPG","231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":["231117/bittorrentclassic-220201/7.11.0.46813/Images/ACR-163/ACR-163.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46813_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46813","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":102},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"The app fails to remove all of its monetization components after the consumer uninstalls it.\n"},"nonDeceptorViolations":{"ACR-163":"The BitTorrent FAQ link is not working and throws a 404 error.\n","ACR-092":"The app does not have a digital signature for the executable \"bittorrentie.exe\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\bittorrent\\bittorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46683","fileVersion":"7.11.0.46683","hashMD5":"e446f774876e1d1a2f3e2cccd8856a02","hashSHA1":"d7106eb596e3787b502dffaf5e1205bfc54c6dd7","hashSHA256":"45f5742e1c00b3463b4411c798a26f245c64907b1b519a995c852c3caee77d6d","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"3d2f4839fa0c47d4641fe7de7eafca96","hashSHA1":"a1ec8044ea50196c833e395eef3cbb2beff814e8","hashSHA256":"bcf78404cf206fe1ff43e1118081fe3039b8e75c026d2cf59ab5cd5f2113ce8b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1127","avBlockList":["COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Quick Heal Internet Security (20230926)","Total AV Antivirus Pro (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","Windows Defender (20230926)"]},{"isRevoked":"False","fileName":"RemoteIE.exe","companyName":"BitTorrent Inc.","fileVersion":"1.0","hashMD5":"d702f91a0b25131965e958234abc44e3","hashSHA1":"28733b1e5b838e2e4582f879975f7a46817121c0","hashSHA256":"9f6e56fef5b2861e9cb756c7b60cd24351871ca54fa2b082a75167a0bdfd6c4b","sourceIndex":"1127","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1127"}],"sampleFiles":["230306/bittorrentclassic-220201/7.11.0.46681/Samples/bittorrent_installer.exe","230306/bittorrentclassic-220201/7.11.0.46681/Samples/RemoteIE.exe"],"imageFiles":["230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-048/ACR-048_Install.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-084/ACR-084.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-097/ACR-097.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-118/ACR-118.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-119/ACR-119.JPG"],"nonDeceptorImageFiles":["230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-092/ACR-092.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-163/ACR-163.JPG","230306/bittorrentclassic-220201/7.11.0.46681/Images/ACR-163/ACR-163_1.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46681_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46681","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":103},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the executable \"bittorrentie.exe\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\btfs\\btfs.exe","companyName":"BitTorrent Inc","productName":"BTFS","productVersion":"2.1.3","fileVersion":"2.1.3","hashMD5":"4a4c20378a5ee26188d437ea4d085242","hashSHA1":"9a1b148adfafe0631a7856452f2dd0c3473a0e5c","hashSHA256":"061870bfafb79fa6cf681ccb06f120769319626f1d9648ca2ecca237b82b2999","digitalCertThumbprint":"534AA6D3D1999D01686D94A9CF2940EF10286D08","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Bittorrent Inc.","storeId":"","sourceIndex":"1255","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1255","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46591","fileVersion":"7.11.0.46591","hashMD5":"b4996b23c836fab2ac93b5aced17e448","hashSHA1":"7f1d79a835d41cfe72abce5388efeedb00c0f673","hashSHA256":"dc2e64c41388e29306d9f66f13487dc0c742726f432d06f96aa6b675c241e9ad","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1255","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"bittorrent","productVersion":"7.11.0.46591","fileVersion":"7.11.0.46591","hashMD5":"6802b8a4c12167a8b82eda69f1d5a642","hashSHA1":"36a4f746245a5fc525c28b7c680e6732f90d6e15","hashSHA256":"4a38cc1653cab59af957ebe26a4569e07aca802843cdde3b03b6d38247911e2d","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1255","avBlockList":["COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","ESET Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","K7 Total Security (20240425)","Malwarebytes Premium (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Quick Heal Internet Security (20240425)","Sophos Home Premium (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)"],"avAllowList":["360 Total Security (20240425)","Avast Premium Security (20240425)","AVG Internet Security (20240425)","Avira Internet Security (20240425)","Bitdefender Internet Security (20240425)","Kaspersky Internet Security (20240425)","McAfee Total Protection (20240425)","SpyHunter5 (20240425)","Total AV Antivirus Pro (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","Windows Defender (20240425)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1255"}],"sampleFiles":["221231/bittorrentclassic-220201/7.11.0.46591/Samples/bittorrent_installer.exe"],"imageFiles":["221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-043/ACR-043.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-048/ACR-048.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-084/ACR-084.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-097/ACR-097.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-118/ACR-118.JPG","221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["221231/bittorrentclassic-220201/7.11.0.46591/Images/ACR-092/ACR-092.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46591_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46591","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":104},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\bittorrent\\bittorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46519","fileVersion":"7.11.0.46519","hashMD5":"6d32128998c4728c828b752d83e9d02b","hashSHA1":"fde700fa2d3c7e60a2a100050e9a9ad1777e3f07","hashSHA256":"27c3550bfb61448c5374e939d0a6c27b12af4628f046aa8cb424299f5418f48e","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1375","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46519","fileVersion":"7.11.0.46519","hashMD5":"6d32128998c4728c828b752d83e9d02b","hashSHA1":"fde700fa2d3c7e60a2a100050e9a9ad1777e3f07","hashSHA256":"27c3550bfb61448c5374e939d0a6c27b12af4628f046aa8cb424299f5418f48e","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1375","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1375","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"bittorrent","productVersion":"7.11.0.46519","fileVersion":"7.11.0.46519","hashMD5":"8352d5ecefc734c40d27d26934eb61f8","hashSHA1":"cd807cb9242f6d6e4863c0389d8f62c0af4d2a53","hashSHA256":"46441addbe82d547891e498aa4a9fea710a44c5b2325446dc90de6a7a274e9a0","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1375","avBlockList":["Dr.Web Security Space (20230720)","ESET Internet Security (20230720)","K7 Total Security (20230720)","Malwarebytes Premium (20230720)","McAfee Total Protection (20230720)","Norton Security (20230720)","Panda Dome (20230720)","Quick Heal Internet Security (20230720)","Sophos Home Premium (20230720)","VirIT eXplorer PRO (20230720)","Webroot SecureAnywhere (20230720)"],"avAllowList":["360 Total Security (20230720)","Avast Premium Security (20230720)","AVG Internet Security (20230720)","Avira Internet Security (20230720)","Bitdefender Internet Security (20230720)","COMODO Antivirus (20230720)","G DATA INTERNET SECURITY (20230720)","Kaspersky Internet Security (20230720)","SpyHunter5 (20230720)","Total AV Antivirus Pro (20230720)","Trend Micro Internet Security (20230720)","VIPRE Advanced Security (20230720)","Windows Defender (20230720)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1375"}],"sampleFiles":["221012/bittorrentclassic-220201/7.11.0.46519/Samples/bittorrent_installer.exe"],"imageFiles":["221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-043/ACR-043.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-048/ACR-048.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-084/ACR-084_Software.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-097/ACR-097.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-118/ACR-118.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-057/ACR-057_Bundler-madeOffers_No_Accept_Decline_Option.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","221012/bittorrentclassic-220201/7.11.0.46519/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option_1.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46519_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46519","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":106},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Bittorrent\" components and \"Adaware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-017":"The 3rd party endorsement ( https://bit.ly/3q1SK9L ) is not verifiable.  \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for BitTorrent in windows firewall\" without details the reason to user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n","ACR-059":"The recommended by \"who\" is not clear in the Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46211","fileVersion":"7.10.5.46211","hashMD5":"3a72aae846afdd8c7f070f390a2151b0","hashSHA1":"dadb6c535731cf4445ee8ce2c216585ccc80760b","hashSHA256":"63a52c497a4a0f8c62d7686486fd3be8c3297024e336c0953ab2dcad9dceed3c","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1683","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitTorrentSetup.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46211","fileVersion":"7.10.5.46211","hashMD5":"b8c24a19ae1706e4baf0253b8f33abe3","hashSHA1":"a6eb472bb97ddec488203467d10bc26e86dc8e53","hashSHA256":"3c855659332b10f81efb7574d83624a30db08c15fe3927cee1dbdb2c523d3554","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1683","avBlockList":["Avast Premium Security (20220324)","AVG Internet Security (20220324)","Avira Internet Security (20220324)","Bitdefender Internet Security (20220324)","COMODO Antivirus (20220324)","Dr.Web Security Space (20220324)","ESET Internet Security (20220324)","G DATA INTERNET SECURITY (20220324)","K7 Total Security (20220324)","Malwarebytes Premium (20220324)","McAfee Total Protection (20220324)","Norton Security (20220324)","Panda Dome (20220324)","Quick Heal Internet Security (20220324)","Sophos Home Premium (20220324)","SpyHunter5 (20220324)","Total AV Antivirus Pro (20220324)","VIPRE Advanced Security (20220324)","VirIT eXplorer PRO (20220324)","Webroot SecureAnywhere (20220324)"],"avAllowList":["360 Total Security (20220324)","Kaspersky Internet Security (20220324)","Tencent PC Manager (20220324)","Trend Micro Internet Security (20220324)","Windows Defender (20220324)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1683"}],"sampleFiles":["220314/bittorrentclassic-220201/7.10.5.46211/Samples/BitTorrentSetup.exe"],"imageFiles":["220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-043/ACR-043_Install.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-043/ACR-043_Install_1.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-042/ACR-042_Install.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-048/ACR-048_Install_No_Control.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-084/ACR-084_Software_Process.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-097/ACR-097_Software.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-118/ACR-118_Uninstall.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-057/ACR-057_Bundler-madeOffers_No_Accept_Decline_Option_1.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-059/ACR-059_Bundler-madeOffers_Recommended.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220314/bittorrentclassic-220201/7.10.5.46211/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.10.5.46211_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.10.5.46211","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":107},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Bittorrent\" components and \"Adaware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-017":"The 3rd party endorsement ( https://bit.ly/3M6d3wj ) is not verifiable.  \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for BitTorrent in windows firewall\" without details the reason to user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n","ACR-059":"The recommended by \"who\" is not clear in the Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46193","fileVersion":"7.10.5.46193","hashMD5":"6b5aa570e8bda63979ae9df10487190a","hashSHA1":"d40880f501072cb385635bd21a3e1dfb276203e6","hashSHA256":"fcbcfad6d802fde5d7aa64cb9ce97101cb8318d11af76253169935cc6299ef45","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1704","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitTorrentSetup.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46193","fileVersion":"7.10.5.46193","hashMD5":"355f6b0291025d36690684959c193098","hashSHA1":"64ba5005d537cbe546b5196170862057b79d5949","hashSHA256":"a5765d95791edd8b66e08e17dd9c18866a54eb2e0507f0dd766c611559d60bbd","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1704","avBlockList":["Avast Premium Security (20220310)","AVG Internet Security (20220310)","Avira Internet Security (20220310)","Bitdefender Internet Security (20220310)","COMODO Antivirus (20220310)","Dr.Web Security Space (20220310)","ESET Internet Security (20220310)","G DATA INTERNET SECURITY (20220310)","K7 Total Security (20220310)","Malwarebytes Premium (20220310)","McAfee Total Protection (20220310)","Norton Security (20220310)","Panda Dome (20220310)","Quick Heal Internet Security (20220310)","Sophos Home Premium (20220310)","SpyHunter5 (20220310)","Total AV Antivirus Pro (20220310)","Trend Micro Internet Security (20220310)","VIPRE Advanced Security (20220310)","VirIT eXplorer PRO (20220310)","Webroot SecureAnywhere (20220310)","Windows Defender (20220310)"],"avAllowList":["360 Total Security (20220310)","Kaspersky Internet Security (20220310)","Tencent PC Manager (20220310)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-classic-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1704"}],"sampleFiles":["220223/bittorrentclassic-220201/7.10.5.46193/Samples/BitTorrentSetup.exe"],"imageFiles":["220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-043/ACR-043_Install.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-043/ACR-043_Install_1.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-042/ACR-042_Install.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-048/ACR-048_Install_No_Control.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-084/ACR-084_Software_Process.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-097/ACR-097_Software.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-118/ACR-118_Uninstall.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-118/ACR-118_Uninstall_1.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-118/ACR-118_Uninstall_2.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_1.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-059/ACR-059_BundlerMadeOffers_Recommended.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220223/bittorrentclassic-220201/7.10.5.46193/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.10.5.46193_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.10.5.46193","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":108},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Adaware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.  \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has an option to evade default system security guard \"Add an exception for BitTorrent in windows firewall\" without details the reason to user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46097","fileVersion":"7.10.5.46097","hashMD5":"a664179a4cd200722c2688bff32358e0","hashSHA1":"65d1fd6fd60e16ff95a7df07d21b30f6b7c30090","hashSHA256":"cb7677e8cf42587bfd051de5e48ba019d018956bd60a59d7b7884937c7a52803","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1721","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitTorrent.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.10.5.46097","fileVersion":"7.10.5.46097","hashMD5":"9e341e85dcaa0a31a88ad14feaeed888","hashSHA1":"0ba9508166b2f8127451e07a1ceffd9ec63fd640","hashSHA256":"0333988d52da8b27e865657ffa2c4cb8e96b43fce7d6d7b72458a0b176713924","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1721","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","Trend Micro Internet Security (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","FortectPremium (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","K7 Total Security (20240806)","Kaspersky Internet Security (20220405)","SpyHunter5 (20240806)","Tencent PC Manager (20220405)","Total AV Antivirus Pro (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)","KasperskyPremium (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1721"}],"sampleFiles":["220201/bittorrentclassic-220201/7.10.5.46097/Samples/BitTorrentSetup.exe"],"imageFiles":["220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-043/ACR-043_Install.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-043/ACR-043_Install_1.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-042/ACR-042_Install.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-048/ACR-048_Install_No_Control.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-084/ACR-084_Software_Process.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-097/ACR-097_Software.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-118/ACR-118_Uninstall_Retains.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","220201/bittorrentclassic-220201/7.10.5.46097/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.10.5.46097_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.10.5.46097","sigName":"Deceptor:Win32/BittorrentClassic!043042048084097118057055","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":109},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider immediately after executing the installer.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"8a9cdca60a164b7464f06373a2243265","hashSHA1":"20eb1e4e3a5bb4742130e5590c08781671346173","hashSHA256":"dd489dd3aa2951704909bf74f302c9129751c54d6d0053d29e6155e9116faf43","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"606","avBlockList":["COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240702)","Panda Dome (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240515.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ae8a9f845b4730fdcc1d6099e2e5a299","hashSHA1":"80c7275086e8919f25af4fd990eb09bff43e3378","hashSHA256":"bcb68777295b07b8c5273ff5f195f8dc3fca3f6c97d46ccd1326a590fa46bedc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"606","avBlockList":["COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Sophos Home Premium (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Windows Defender (20240528)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240516.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"eb4dc818e183a97cdedfb1c351239e5d","hashSHA1":"157560475d6883f2654b69dace1b4d51495b176b","hashSHA256":"568bda8c10109a980a32939ae7e63c31e4525b8da0f990b3be2302474651e5ef","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"606","avBlockList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","G DATA INTERNET SECURITY (20241001)","Malwarebytes Premium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","McAfee Total Protection (20241001)","Quick Heal Internet Security (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240517.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"15585b5e528939cb8d780d9c9effe7d2","hashSHA1":"70e2ef46cc19413bcb3c0e7b6ac32f71c5c8600e","hashSHA256":"225eba1d44ba3cd0e73997ddd235e31b8c6593a5b2090427040297ce90409d5c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"606","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240603.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"9fcf5a4c8626febb437c2aef7a5f0893","hashSHA1":"a33b9806257b1d6afcf48dd2df0ecbb2a36e1e83","hashSHA256":"f2ee97951707bc83694c7e48cff57f67c455b13b59f67f04f35ba74d7fdfc9f6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"606","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer_240606.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"ac3f7a256489ed25ba186eb70b94d20d","hashSHA1":"462072e44315d39a314ed734d3c6372c019916d3","hashSHA256":"11c101a74221e14adb55d429e79dc64a59668d259d6267dd2f37f804195bc77f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"606","avBlockList":["COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","Malwarebytes Premium (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240626.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"a5042d3b41dc6513bb0ed259d5f0af93","hashSHA1":"095e5060d60b816f155b49e714663addd957cab0","hashSHA256":"512fbeefa7ff900ce760066da5c13ad0a53d317a2afa39f02292700c885807fd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"606","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Bittorrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"606"}],"sampleFiles":["240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240515.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240516.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240517.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240603.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240606.exe","240709/bittorrentclassic-220201/7.11.0.47083/Samples/bittorrent_installer_240626.exe"],"imageFiles":["240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-042/ACR-042.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-048/ACR-048.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-084/ACR-084.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-097/ACR-097.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-097/ACR-097_1.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-014/ACR-014.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-013/ACR-013.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-013/ACR-013_1.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-013/ACR-013_2.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-060/ACR-060.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-060/ACR-060_1.PNG","240709/bittorrentclassic-220201/7.11.0.47083/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47083_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47083","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":92},{"violations":{"ACR-043":"The \"Bit Torrent Classic\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add an exception for BitTorrent in windows firewall\".\n"},"nonDeceptorViolations":{"ACR-163":"The BitTorrent FAQ link is not working and throws a 404 error.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\bittorrent\\BitTorrent.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent","productVersion":"7.11.0.46823","fileVersion":"7.11.0.46823","hashMD5":"5764e104c26c916bc956fae3f88fd790","hashSHA1":"5320247010cae946773a742c08b5e59932872a13","hashSHA256":"b18ea37ce8c327f5f7a2513796cfa4bebc7ff5c0ae0832b19dfa4299a2cc156f","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1047","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent® Classic                                         ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"1879368e45c76d7d04ed9e3533167dee","hashSHA1":"6da9e6db81af05aa546cfd96384456fdf2fb986d","hashSHA256":"0862b6767e2db772e995ce2e933ca4ab97461b9ceccd670f6a6eb0358f3c193d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1047","avBlockList":["Bitdefender Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","ESET Internet Security (20231005)","G DATA INTERNET SECURITY (20231005)","Malwarebytes Premium (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Sophos Home Premium (20231005)","VIPRE Advanced Security (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)","Windows Defender (20231005)"],"avAllowList":["360 Total Security (20231005)","Avast Premium Security (20231005)","AVG Internet Security (20231005)","Avira Internet Security (20231005)","K7 Total Security (20231005)","Kaspersky Internet Security (20231005)","McAfee Total Protection (20231005)","Quick Heal Internet Security (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","Trend Micro Internet Security (20231005)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"1047"}],"sampleFiles":["231117/bittorrentclassic-220201/7.11.0.46823/Samples/bittorrent_installer.exe"],"imageFiles":["231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-043/ACR-043.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-048/ACR-048_Install.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-084/ACR-084.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-097/ACR-097.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-013/ACR-013.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-013/ACR-013_1.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-013/ACR-013_2.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-060/ACR-060.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-060/ACR-060_1.JPG","231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":["231117/bittorrentclassic-220201/7.11.0.46823/Images/ACR-163/ACR-163.JPG"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.46823_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.46823","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":101},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting  \"Add an exception for BitTorrent in windows firewall\" without disclosing why the evading the default system security guard needed.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"eb4dc818e183a97cdedfb1c351239e5d","hashSHA1":"157560475d6883f2654b69dace1b4d51495b176b","hashSHA256":"568bda8c10109a980a32939ae7e63c31e4525b8da0f990b3be2302474651e5ef","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"552","avBlockList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","G DATA INTERNET SECURITY (20241001)","Malwarebytes Premium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","McAfee Total Protection (20241001)","Quick Heal Internet Security (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240723.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"63724aaf66739cf6ab5da43fd713f388","hashSHA1":"8f6b4e3790e20981378ac16bdcbcefad7edef959","hashSHA256":"7855d8727024c0bc4e49d86419547f407c27fc4f9d0d241c84d72bb528aa0c40","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"552","avBlockList":["COMODO Antivirus (20240919)","Dr.Web Security Space (20240919)","ESET Internet Security (20240919)","FortectPremium (20240919)","G DATA INTERNET SECURITY (20240919)","K7 Total Security (20240919)","Malwarebytes Premium (20240919)","Norton Security (20240919)","Panda Dome (20240919)","Quick Heal Internet Security (20240919)","Sophos Home Premium (20240919)","VirIT eXplorer PRO (20240919)","Webroot SecureAnywhere (20240919)"],"avAllowList":["360 Total Security (20240919)","Avast Premium Security (20240919)","AVG Internet Security (20240919)","Avira Internet Security (20240919)","Bitdefender Internet Security (20240919)","KasperskyPremium (20240919)","McAfee Total Protection (20240919)","SpyHunter5 (20240919)","Total AV Antivirus Pro (20240919)","Trend Micro Internet Security (20240919)","VIPRE Advanced Security (20240919)","Windows Defender (20240919)"]},{"isRevoked":"False","fileName":"bittorrent_installer_240903.exe","isInstaller":"True","fileVersion":"7.11","hashMD5":"d93dc3740544113dda4a051b48819b47","hashSHA1":"fa75fa8ce48e0672249ad0402df52c2b3a900750","hashSHA256":"02aec593599dcc0ada42c9a40ebfe16e3e71b9c4c2614067974f41d49626ebf4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"552","avBlockList":["COMODO Antivirus (20241003)","Dr.Web Security Space (20241003)","ESET Internet Security (20241003)","FortectPremium (20241003)","G DATA INTERNET SECURITY (20241003)","K7 Total Security (20241003)","Malwarebytes Premium (20241003)","McAfee Total Protection (20241003)","Norton Security (20241003)","Panda Dome (20241003)","Quick Heal Internet Security (20241003)","Sophos Home Premium (20241003)","VirIT eXplorer PRO (20241003)","Webroot SecureAnywhere (20241003)"],"avAllowList":["360 Total Security (20241003)","Avast Premium Security (20241003)","AVG Internet Security (20241003)","Avira Internet Security (20241003)","Bitdefender Internet Security (20241003)","KasperskyPremium (20241003)","SpyHunter5 (20241003)","Total AV Antivirus Pro (20241003)","Trend Micro Internet Security (20241003)","VIPRE Advanced Security (20241003)","Windows Defender (20241003)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"552"}],"sampleFiles":["240909/bittorrentclassic-220201/7.11.0.47125/Samples/bittorrent_installer.exe","240909/bittorrentclassic-220201/7.11.0.47125/Samples/bittorrent_installer_240723.exe","240909/bittorrentclassic-220201/7.11.0.47125/Samples/bittorrent_installer_240903.exe"],"imageFiles":["240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-048/ACR-048.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-084/ACR-084.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-097/ACR-097.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-097/ACR-097_1.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-014/ACR-014.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-013/ACR-013.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-013/ACR-013_1.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-013/ACR-013_2.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-060/ACR-060.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-060/ACR-060_1.PNG","240909/bittorrentclassic-220201/7.11.0.47125/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47125_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47125","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":91},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5673","fileVersion":"1.3.0.5673","hashMD5":"c3641efb14cad8456da90549f447cae7","hashSHA1":"dcfa67e2dbe11bbe712e30c6df2581e80dcdd618","hashSHA256":"c2bd13a030ff09abe94aac7de2e96236698c1db43b88187039ee6512f27ac00b","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"b44fcddd6a7ff3403e5b3074eefc5bee","hashSHA1":"e62e0edd49269b9b29c7b8caa8d2126ba787e4ed","hashSHA256":"f191d6db4a16a5d8d16e77a3cd045f4c3a4d7302ff1f5c5182e0e775f5eac370","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"837","avBlockList":["COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","K7 Total Security (20230919)","Malwarebytes Premium (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","Kaspersky Internet Security (20230919)","McAfee Total Protection (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Windows Defender (20230919)"]},{"isRevoked":"False","fileName":"utweb_installer_230821.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"575049bb9a0610946fa1b235059e7973","hashSHA1":"7e333813cafdb63ae7236607d647ac11630d2ded","hashSHA256":"cb9108e448dde1b97c307df99f7c4349eece08ed63dd91bf88ec9ae9d57f8c5e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer230823.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"d2edd3dfe864a7c9f404eeaf31876b54","hashSHA1":"78bd37c62d63696bc709bb8cf5606efa6e99acfa","hashSHA256":"7f55c694a91d6fe4fb57e0becbe0a2494d2a7b16cb7b72e01dc5b8e3205fb3af","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230829.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"a99eecc7bf98426e450489cac02e7cc9","hashSHA1":"6d570bc1af8b13d24aa99d9dc72da6d1ec18471a","hashSHA256":"a534f752c5eee84503380632411a984758c20b09c4577ce724971d1d828e0562","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230831.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"5da6c30f70aabb1884d7260cf33d6724","hashSHA1":"622cae1e017c5c7c736f0504ca99991c1c8b1be0","hashSHA256":"954249f126a5fc45b534f54483ad684ce3a41e266bcc4b672024f68dac5bc0a7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230904.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"003cb5d1bc3367f313d86b7a9d3bd072","hashSHA1":"9fd4f5e68dcd7cd1d39738e7ea409d482fd444db","hashSHA256":"26a9866332c64c9450101fe356e5f19b33ee999fa5cd43fc63997d553bb4eeec","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230911.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"3ca477ca14076a6f8431dcc1f5854002","hashSHA1":"b54b726fc8a6616e093a4637afdc0053b2f3eaab","hashSHA256":"303bd3a3830a381fbed2493383399a994fe9ed6eaa5d10ccf55d28683332a577","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_20230915.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"a75857783ba97cc414be429e0723fce3","hashSHA1":"e5f4d026837efc07c0fe25b70a7768bc0a32c3be","hashSHA256":"8b2e706931d2cd15331cf10be5e0dd608666ad232f242a620d1dddef43a98208","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230921.exe","isInstaller":"True","productName":"uTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"1aa85d2cf21244e0028dbe791d3440d0","hashSHA1":"ac96f505af89d463a1d8a1eef25a974a5baabcdc","hashSHA256":"d2958ad4cc05178036fc3941c12cacb8d966b81348d90f4ec74f41894fd707ca","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230926.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"afcbee0633928a7f3fd238028d7bbac8","hashSHA1":"db1279331d529bcde5b39bb178a6b9f8c84fa6b0","hashSHA256":"66df7da160bc791e894f752c42b2055288faf717d053e6a912ccaed971225e4f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer-230928.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"a3b2c14b71bb72e7e804fca38b61861a","hashSHA1":"2891e16969876a3747651edbe0e42c4034b976a6","hashSHA256":"7800fdb59b95bd007674a3aa5721070998c0b6f9df3fa3c4b94b3a8d9c758656","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231006.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"9546234c4ce9552436e77b4c9080f7e7","hashSHA1":"1185d8072f0ed145d19eb799e0098803cddeae05","hashSHA256":"0bae8ff344e4cf87ded1a558e6bb4825c6a2c441e3f4409c84937f0a205a87ee","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231009.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"579225d3cfce3eaa4df9111c228155b6","hashSHA1":"fc815b648918a3395eea1e8e74a46d66402b3af6","hashSHA256":"b291a0c0b3e88652e9cd9d324e789e7dbf2ef201581ecca183757e94225a9a21","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231010.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"915ac2e793fdc306c0a62cb9790ba9a8","hashSHA1":"ebfc231eddcfaa40726b62d397aee90ce4074d07","hashSHA256":"7f1b0438a7fa35dbe88a2dc210f520ecb5e3de72f8aaaee5e7b040b6631b3ca4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231011.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"17eb6140d1d3568b6f89ce6ecff14687","hashSHA1":"55e020f642b4534709e02f3bcc4f32d0222d4a95","hashSHA256":"0f256cbb6b4ff871cc0df07e387e6fa4fb3a1f01461068ac23edc92b9f3a891e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231013.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"d0716cbe5be5804d9b19f64bf2cc0c7c","hashSHA1":"87c82cfadba187bd9103cdda203005e029e4f2f1","hashSHA256":"71f5247173bdb3177b54a9543917d0a6119af174d65249050c4cd4b2ec93ad45","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"837","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"837"}],"sampleFiles":["231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230821.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer230823.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230829.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230831.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230904.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230911.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_20230915.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230921.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_230926.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer-230928.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231006.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231009.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231010.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231011.exe","231117/uTorrentWeb-211126/1.3.0.5673/Samples/utweb_installer_231013.exe"],"imageFiles":["231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-043/ACR-043.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-042/ACR-042.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-084/ACR-084.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-097/ACR-097.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-118/ACR-118.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-013/ACR-013.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-013/ACR-013_1.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-013/ACR-013_2.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-060/ACR-060.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-060/ACR-060_1.PNG","231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["231117/uTorrentWeb-211126/1.3.0.5673/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5673_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5673","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:32.2004256+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":78},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting  \"Add an exception for BitTorrent in windows firewall\" without disclosing why the evading the default system security guard needed.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n"},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","productName":"𝙱itTοrᴦent Classic® Classic","productVersion":"7.11","fileVersion":"7.11","hashMD5":"1f28c2ad5457fbeff9a71c1c419ac73a","hashSHA1":"82752e932f80c976d8e55fbccae48fd9a028bd95","hashSHA256":"d19e1ea5d8ceaf3a5db5a615dd1a0fd98e89ced5653e7c8f38d301f6b8183663","digitalCertThumbprint":"03F072F141084FFE88CF28E65258CEE35071F961","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cassini Labs Ltd, O=Cassini Labs Ltd, S=Tel Aviv, C=IL, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=514758457","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"121","avBlockList":["360 Total Security (20260428)","COMODO Antivirus (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":["Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","Dr.Web Security Space (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Torrent apps","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"121"}],"sampleFiles":["260205/bittorrentclassic-220201/7.11.0.47197/Samples/bittorrent_installer.exe"],"imageFiles":["260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-048/ACR-048.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-084/ACR-084.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-097/ACR-097_1.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-097/ACR-097_2.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-118/ACR-118.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-013/offer1.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-013/offer2.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-060/offer1.png","260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-060/offer2.png"],"nonDeceptorImageFiles":["260205/bittorrentclassic-220201/7.11.0.47197/Images/ACR-040/ACR-040.png"],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47197_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47197","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T23:15:33.7794117+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":89},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting  \"Add an exception for BitTorrent in windows firewall\" without disclosing why the evading the default system security guard needed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"bittorrent_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"B𝗂tTorrent® Classic                                        ","productVersion":"7.11                                              ","fileVersion":"7.11                ","hashMD5":"ac3f7a256489ed25ba186eb70b94d20d","hashSHA1":"462072e44315d39a314ed734d3c6372c019916d3","hashSHA256":"11c101a74221e14adb55d429e79dc64a59668d259d6267dd2f37f804195bc77f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"519","avBlockList":["COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","Malwarebytes Premium (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/classic/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/classic/","sourceIndex":"519"}],"sampleFiles":["241007/bittorrentclassic-220201/7.11.0.47143/Samples/bittorrent_installer.exe"],"imageFiles":["241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-048/ACR-048.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-084/ACR-084.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-097/ACR-097.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-097/ACR-097_1.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-013/ACR-013.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-013/ACR-013_1.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-013/ACR-013_2.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-060/ACR-060.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-060/ACR-060_1.PNG","241007/bittorrentclassic-220201/7.11.0.47143/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"8da8f4bf-11f6-433a-8109-bb68e205a8fb_7.11.0.47143_1","appID":"bittorrentclassic-220201","dateAdded":"260205","deceptorType":"App","name":"Bittorrent Classic","company":"BitTorrent Inc","version":"7.11.0.47143","lastKnownStatus":"7.10.5.46097;7.10.5.46193;7.10.5.46211;7.11.0.46519;7.11.0.46541;7.11.0.46591;7.11.0.46681;7.11.0.46813;7.11.0.46823;7.11.0.46831;7.11.0.46857;7.11.0.46901;7.11.0.46923;7.11.0.47007;7.11.0.47013;7.11.0.47029;7.11.0.47063;7.11.0.47083;7.11.0.47125;7.11.0.47143;7.11.0.47197","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":21,"sortOrder":90},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n","ACR-123":"The app does not remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"installer_.exe","isInstaller":"True","companyName":"BitTorrent Limited","productName":"uTorrent Web","productVersion":"1.5.0.6335","fileVersion":"1.5.0.6335","hashMD5":"d72a7bf42470da36f643363bd9773ccc","hashSHA1":"6ad1c4a07d0d016bcdefaac39a513d462abecd3d","hashSHA256":"258f74685ebeb33f384a4b95fc12c12b6fc4a6fca6262cab7dcf3f3acba8c9a3","digitalCertThumbprint":"8AA7548C2D041AA6E6EEEF1E0910EC8B959BEBA9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"120","avBlockList":["ESET Internet Security (20260428)","FortectPremium (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)"],"avAllowList":["360 Total Security (20260428)","Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","Dr.Web Security Space (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","KasperskyPremium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)","Windows Defender (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"120"}],"sampleFiles":["260205/uTorrentWeb-211126/1.5.0.6335/Samples/installer_.exe"],"imageFiles":["260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-048/ACR-048.png","260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-084/ACR-084.png","260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-097/ACR-097.png","260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-118/ACR-118.png"],"nonDeceptorImageFiles":["260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-040/ACR-040.png","260205/uTorrentWeb-211126/1.5.0.6335/Images/ACR-123/ACR-123.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.5.0.6335_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.5.0.6335","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:10.3620833+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":71},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrеnt Web®                                               ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"e38ec7295c803ec6e55d3577500b8079","hashSHA1":"3483bf598b7ecc07cb7e5084cd549cebcb6f228e","hashSHA256":"8896af562720f7f787df6f5293644dbee91dc91328b232c3b0ab851d3daca113","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"559","avBlockList":["COMODO Antivirus (20240926)","ESET Internet Security (20240926)","FortectPremium (20240926)","G DATA INTERNET SECURITY (20240926)","Malwarebytes Premium (20240926)","Norton Security (20240926)","Panda Dome (20240926)","Sophos Home Premium (20240926)","VirIT eXplorer PRO (20240926)","Webroot SecureAnywhere (20240926)"],"avAllowList":["360 Total Security (20240926)","Avast Premium Security (20240926)","AVG Internet Security (20240926)","Avira Internet Security (20240926)","Bitdefender Internet Security (20240926)","Dr.Web Security Space (20240926)","K7 Total Security (20240926)","KasperskyPremium (20240926)","McAfee Total Protection (20240926)","Quick Heal Internet Security (20240926)","SpyHunter5 (20240926)","Total AV Antivirus Pro (20240926)","Trend Micro Internet Security (20240926)","VIPRE Advanced Security (20240926)","Windows Defender (20240926)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"559"}],"sampleFiles":["240904/uTorrentWeb-211126/1.4.0.5871/Samples/utweb_installer.exe"],"imageFiles":["240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-048/ACR-048.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-014/ACR-014.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-084/ACR-084.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-097/ACR-097.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-118/ACR-118_Uninstall_1.png","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-013/ACR-013.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-013/ACR-013_1.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-013/ACR-013_2.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-060/ACR-060.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-060/ACR-060_1.PNG","240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240904/uTorrentWeb-211126/1.4.0.5871/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5871_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5871","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:23.8766319+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":72},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrеnt Web®                                               ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"e8f6c0280768373f846c679976100728","hashSHA1":"d26d882b7cda25e8b3abad1fe26acae67360b010","hashSHA256":"d8ada1627f815768f9cab9453f6fb1f1a881c591c562383809dd61f36e11fa19","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"578","avBlockList":["Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","ESET Internet Security (20240829)","FortectPremium (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","KasperskyPremium (20240829)","Malwarebytes Premium (20240829)","McAfee Total Protection (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Sophos Home Premium (20240829)","Total AV Antivirus Pro (20240829)","Trend Micro Internet Security (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)"],"avAllowList":["360 Total Security (20240829)","Dr.Web Security Space (20240829)","Quick Heal Internet Security (20240829)","SpyHunter5 (20240829)","Windows Defender (20240829)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"578"}],"sampleFiles":["240805/uTorrentWeb-211126/1.4.0.5828/Samples/utweb_installer.exe"],"imageFiles":["240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-048/ACR-048.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-014/ACR-014.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-084/ACR-084.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-097/ACR-097.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-118/ACR-118.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-013/ACR-013.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-013/ACR-013_1.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-013/ACR-013_2.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-060/ACR-060.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-060/ACR-060_1.PNG","240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240805/uTorrentWeb-211126/1.4.0.5828/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5828_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5828","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:24.4729669+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":73},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrеnt Web®                                               ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"b0529e34f3669de937fdabb3832e19e9","hashSHA1":"4dfef8fd3e46607973aca93ad51093d0462e1a2e","hashSHA256":"bbf46e178f8e6d24cd1f3000bfe8fd2942bef4fc39dc0422bc2ee03ae9c843b2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"607","avBlockList":["COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","FortectPremium (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Sophos Home Premium (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)"],"avAllowList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","Kaspersky Internet Security (20240723)","Quick Heal Internet Security (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]},{"isRevoked":"False","fileName":"utweb_installer_240531.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a007da98ce66651b6ce5e3f19f9071a1","hashSHA1":"dccf5be953768a6d351e3279d808dc2730d90229","hashSHA256":"54f012c6570b9fa86f49807d913c3c35e105d1078084e4c5a3b1be8a5c4ec9fc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":["COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","K7 Total Security (20240730)","Malwarebytes Premium (20240730)","McAfee Total Protection (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Sophos Home Premium (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)"],"avAllowList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Bitdefender Internet Security (20240730)","G DATA INTERNET SECURITY (20240730)","KasperskyPremium (20240730)","Quick Heal Internet Security (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","Windows Defender (20240730)"]},{"isRevoked":"False","fileName":"utweb_installer_240603.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"86e969076bb08c1d537e69c6a38d5cb4","hashSHA1":"51243a989d9c3b868554b7eeee214b4cccb45104","hashSHA256":"9fd910262ebd2edd50756bad17f76aa93d5b0e52851df4c35e7c039d9e4a511b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","G DATA INTERNET SECURITY (20240806)","K7 Total Security (20240806)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","KasperskyPremium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)"]},{"isRevoked":"False","fileName":"utweb_installer_240605.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"8138770c0687656180edc2dfa48a579e","hashSHA1":"37d367660fc6db8fb9f16fe41fd75c295220faf0","hashSHA256":"cfd1580c64e4fa4693fd1b873f933c5ed3de215f4bef56aea3b25be75dd8b209","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240626.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c7af11e328b8a2fb77720cdf2b713309","hashSHA1":"3c74f2afe129fb84d98118b232bc6dbe804fe8ce","hashSHA256":"a3fcdc5f2c7f9c0100dcb152279bee9faa53f1d36de239e6138226fe08a3790d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240628.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d7be2fc1d9bbfa05a023d79df60676a4","hashSHA1":"afec08985e236e54896b9cc7a9446501229b30b6","hashSHA256":"64d39861477efa38454cae6608b0fb606a2fc822441a7c3aca9408af3795279a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240703.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"2770dd06bc20562dc221943a2c09a72b","hashSHA1":"aa7c1620d15ff39df434575b261c4b436aa00b2c","hashSHA256":"4dde578eb8b9bfed5016f8a2efd4146b9bb934c678103f2d5612ece7a6fc571f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240704.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a64f1aa747ca5dbaf85ba305c180a334","hashSHA1":"e01954691f97c8115bb619fd35904735921a20c4","hashSHA256":"55f665e8047c3ccc26ac6b84494656d13b1a3b7ea2a02e48f8d0eeb7283c08c9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240705.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4cf84dad79a0dcfb0757daa9058a0d16","hashSHA1":"4818b4283f351ddc9dee9407ff30e0c7ccecb28a","hashSHA256":"8ec61ab1573969b342f78623ccac733838a90de76f6570a5570132123123f65c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240708.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1a8bb69b4ac04a0186d9198e31565424","hashSHA1":"9c5759d587b38cb63b6dccecaecc852a335f124a","hashSHA256":"cb498bcbe4306ec17186165c82f80770a54131b410a5ecedb2a94f58aeb2b6de","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"607","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent apps","reference":"","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"607"}],"sampleFiles":["240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240531.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240603.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240605.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240626.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240628.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240703.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240704.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240705.exe","240709/uTorrentWeb-211126/1.4.0.5822/Samples/utweb_installer_240708.exe"],"imageFiles":["240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-048/ACR-048.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-014/ACR-014.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-084/ACR-084.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-097/ACR-097.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-118/ACR-118.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-013/ACR-013.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-013/ACR-013_1.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-013/ACR-013_2.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-060/ACR-060.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-060/ACR-060_1.PNG","240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240709/uTorrentWeb-211126/1.4.0.5822/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5822_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5822","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:25.440793+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":74},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"27d1c991d9a5de76165d98fa7633318c","hashSHA1":"e8e373eda97da6bba2e07fbb5b27cfdcb65560f8","hashSHA256":"d7fe823cdfafc9fce4f34501412eb81882e9842cfc59e4451457c2aa0afc30f4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"638","avBlockList":["COMODO Antivirus (20240530)","Dr.Web Security Space (20240530)","ESET Internet Security (20240530)","G DATA INTERNET SECURITY (20240530)","K7 Total Security (20240530)","Malwarebytes Premium (20240530)","Norton Security (20240530)","Panda Dome (20240530)","Quick Heal Internet Security (20240530)","Sophos Home Premium (20240530)","Total AV Antivirus Pro (20240530)","VirIT eXplorer PRO (20240530)","Webroot SecureAnywhere (20240530)"],"avAllowList":["360 Total Security (20240530)","Avast Premium Security (20240530)","AVG Internet Security (20240530)","Avira Internet Security (20240530)","Bitdefender Internet Security (20240530)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20240530)","SpyHunter5 (20240530)","Trend Micro Internet Security (20240530)","VIPRE Advanced Security (20240530)","Windows Defender (20240530)"]},{"isRevoked":"False","fileName":"utweb_installer1.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"f4a42f799c08eb76f41db515afb925bf","hashSHA1":"1170b5ab6762a877d030b1620c2f22fcfe9245fc","hashSHA256":"4042e5504f019bd13b465033dcb25a9fe39d6ec53908393d66485dcb4d29a6f0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":["COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","FortectPremium (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)"],"avAllowList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","KasperskyPremium (20240801)","McAfee Total Protection (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]},{"isRevoked":"False","fileName":"utweb_installer_240103.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"e6bc5f74e007ac704f72b5eb45b53d3f","hashSHA1":"39eee2bd1fb064016a9db56aeffa6e3875e07c1a","hashSHA256":"ea2fca5befbabaa9041c6a935ea9ac7a97e016bfdbe07a1b82294c3f9ffbfecd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240109.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"9ba6326bfed1eb98dddffe84b6b8c9e2","hashSHA1":"0cdd5d163d3df64b0969615137f94aac2d76f381","hashSHA256":"70cc0df09535b31753bacce26de294cf1c0708ca4f5f7a6be7ba32b34ca45d4a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_220124.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c88e87e621e8b9fa3fa4c98c431cbf3e","hashSHA1":"fe558342107ee9039064eb5c72db0521a3dc7669","hashSHA256":"cd142167a8ae4c74f8a2e2cf110a1aff3dcfcfc438971dbd99be0fa4f0f22f74","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_230124.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"cd6491f1194907c4de5f4a87eeacfdb9","hashSHA1":"644b7ab0b72aa260d07e7e91391c3157f868ad44","hashSHA256":"75f98a98d3377731f93ecd9ebd11a845cea7cb665df986e772dc08f6baf280d0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240130.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"010d88228f2ad00b2f9160e8e4607e50","hashSHA1":"cfd9701d748bac037d67996f01a0d1a1a65c7cfd","hashSHA256":"a8f98fb5128d2a649ad035ca741529e405b231bd62aeca0d38960f0b48a57152","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer-240202.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"6fe0b9c6d0c9e80b6847f8cf7f8edfa4","hashSHA1":"a21be5a2d9f5838c4a6b9a2ce309a4375b4cac78","hashSHA256":"561fb323bdf61928a44995de86373997487558333427914252f0b19acb123399","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240205.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a77d52a3fd647947cf874316ffaec44e","hashSHA1":"aacf6f497476ec2135a9eb074ef6669117b3a4bc","hashSHA256":"0c50516ec55b5a252ea0022dec7f7a6ef8f9b9aae23bb83dd6e87bf12729e73b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240206.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"ae58ad318b13d6bb91134b7742725dbd","hashSHA1":"b74b26233c2d8f17c6cbe3c6d9289e02fb51ca08","hashSHA256":"db67f5de62754f3432f6c6d4510ccb1ef878af443c67aaae55fa84b55f33e461","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240207.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"0f830b5ed0b2be2d6e14b099a75e24be","hashSHA1":"797eaf13c564bae012d14fa3f5ec805648fe1b95","hashSHA256":"ab137f2c4a000c223f80ff0f5250d9ed4700435ee667c6d540307796d20b2a6e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240213.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"6211646e926e9ce536c258af312a30e2","hashSHA1":"5df4b0416d0c9263cad7ed3d6e384ebce8d9790d","hashSHA256":"1a6dd4240b2ebefac1941e61cd7a0a5c3845e049e9740984e8dbe57c7478d97d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240214.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"3c23a3a91af4e62c6a84bc2c91d7243e","hashSHA1":"120c6bcbf5d87ca4cf881faeb956bac759a50a53","hashSHA256":"f3af45b381dc6c2d20c1c7ee94f38d2a5ae49b8e60ef3417417eb3ec75de10f2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240215.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"37cf19c6b7458269bfc8d3bda734ab7d","hashSHA1":"6229c9a812afca0511ed48453abcffd17c71569a","hashSHA256":"9aa06dbcb5ca96d5bc4e6091927ae3982db5309f31fffb36b7c5b6c1877e3d40","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240220.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"38280c1a53ceea996541378c8c461a29","hashSHA1":"9760540eba5705f1b0cce804ca0c1aa75d06f964","hashSHA256":"e3a689d3b582121daca84b20dbb395b05efa2c4db93f8c6a2ae08e531554e1e2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240227.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"64b08e5c8dca08c450a4b6937c1b6fab","hashSHA1":"73d151c50940375aca12488f01334d13e7dcd3b6","hashSHA256":"8ca41689b4f56ae76f6b3a84580ff98061dd2b9216c425adef1bad952dfceb73","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240301.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1dbd5a0fa234594b050162184c15b6e5","hashSHA1":"8a25d29e16f8cdc521fa70a867b651586cfdb921","hashSHA256":"49919d8f572315db65d381ac6d49be402d78d8d94bf951cd8b0ae3812d5f732e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240304.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"f4b040da7dc7d5e36a98d77208f450c3","hashSHA1":"9c1d8127737b95ac6776070bb0dfedf598b676cb","hashSHA256":"c9abf09a64e056b7b8bdf95896955ff515e19e84fbb403328b26f9725010ca19","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240305.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d2cae80be283de7618b3b141ca5eb105","hashSHA1":"5d2560e249a91404507832fa2b1db0375615fb0c","hashSHA256":"a12074c0016d9b954666787d5090486dcc9bfa90e1abe2eee0a7fd37bdbb4663","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240306.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"274fcf991a347bf8fd9fe6ad2ee55b42","hashSHA1":"7ebda9ae2bc2a2b83d6fd06312ee9f98fa26ea14","hashSHA256":"9a4d410bb3c05f05cfad78619b9f312ee252a35105fa0ca04f4794eff3481237","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240307.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"e75c4728b15ecfa716a7b9f672179e7a","hashSHA1":"f9cf53872e26d2bc32e543641dd556684d33d24c","hashSHA256":"fae4d286aebcf6439c5bf3e4f3d5fff283211c4bb79fffe13fa579c38839c976","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240308.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"907a84014e40873308c071a5a35362e3","hashSHA1":"3bb828462c46bfc4923b4834d489b3a4147e6578","hashSHA256":"6f96421111939c85222f5085ccc252b556a3e89b06fa670f8587ac52b74b9e2e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240311.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"e9646b1f6acdb0c8b50138111caf2c54","hashSHA1":"1479af7298f51cd018d2a00ed4765b8d7f4fb54f","hashSHA256":"2570a75246e001cd4641657484ef9b5f73e2c12a42408a4ff00701aed967a3e7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240312.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"8138770c0687656180edc2dfa48a579e","hashSHA1":"37d367660fc6db8fb9f16fe41fd75c295220faf0","hashSHA256":"cfd1580c64e4fa4693fd1b873f933c5ed3de215f4bef56aea3b25be75dd8b209","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240313.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"647e8fcdb9cd74e32241a6b8cb5ab37a","hashSHA1":"f25c04893b5fb684b087c00067fee40201b8070a","hashSHA256":"b20f712cae4cab32a80874b421c9e148bcbb0d2645e4cd0dafd288eeb0568e8b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240314.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"db8b8eb025f7ad6e7cb86bf492ed0dcb","hashSHA1":"d567e319ad4b3a996ba4e5ddc9984942534a8032","hashSHA256":"29ff10f34ed183b85842b209329046c0fbc0e8f3ce660b6dc5ddc1e9ea8ae31e","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240318.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4a5ed4f55f820449d6806e247e33d867","hashSHA1":"6acff0079ab40620a153e3335e365b5073173c67","hashSHA256":"c0a6b58c5426a8e7f4ead5c6fc802a6eaa8cf9db13fa492ca2cb1386b93119ac","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240325.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"5d66c69fcc000ca822a6d4e0a9ae0446","hashSHA1":"ec7bb76626f3419de31f410abf09fff0274c6735","hashSHA256":"a10ed85d912bc5d5213307f5303a5e010e653ff5cac142c46a6f5fd6230775f1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240326.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6884b5dc669854b113660c6e25a7f31d","hashSHA1":"01c34371c7e20e8ddfe457c77a73c9a5af7956e6","hashSHA256":"6914be9efcb8a5334a89db69bfb4725df72636e864d5be6e933aabb9e389b8a6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240401.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"787c79db7da0b4d6e4c999b452facef7","hashSHA1":"a35f56c51019434dcfc2288b9c8f83314d7520a9","hashSHA256":"4e5579f860753279010e6078badf53d04327650b8ced007c9241abff73441171","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240403.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b1258cdc407ed0353404d817771ccc94","hashSHA1":"c94a78e1bb7aed2ee4e23076e0be3f311781f5f9","hashSHA256":"f090a795dd86fd8593c519c0dd7e05f7eb77507f11932a2b74f7a4c6e631b131","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240405.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"0f4c2e17340f6075cd47a51103fc1e7a","hashSHA1":"f5e77b8fbe5dee92bbf4ff19db2695ff0adae440","hashSHA256":"0d26bef296eb59aee4db37c280ece8593f6df63b952e3968c950ee9148f37cd4","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240408.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"32a368cbc0ddf097ebcdd445b23ca034","hashSHA1":"83c378e9a467ca6e91fd55cacbad691bbeac65ed","hashSHA256":"2cbeb432c8f7a0476d7db633f7d45492d38876ca64bc6e36eafcfbe3d3e6cbf2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240410.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c16d5f6972f66a4a603651501c8ac7e0","hashSHA1":"cadb11a0b99a258c0450b9cce4e575994c6aef6a","hashSHA256":"2c049cd919159dccb29da31b7711418dce301072ab27a7429e5628c90e952c0a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240412.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b0529e34f3669de937fdabb3832e19e9","hashSHA1":"4dfef8fd3e46607973aca93ad51093d0462e1a2e","hashSHA256":"bbf46e178f8e6d24cd1f3000bfe8fd2942bef4fc39dc0422bc2ee03ae9c843b2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":["COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","FortectPremium (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Sophos Home Premium (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)"],"avAllowList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","Kaspersky Internet Security (20240723)","Quick Heal Internet Security (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]},{"isRevoked":"False","fileName":"utweb_installer_240429.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c3a7b3fb0d80388919c2e2a15d3e5bfc","hashSHA1":"5a5bde30d6face23a5a290f70086c9c99ad30445","hashSHA256":"ce15c8cb85970ee34f63ac841e55e47ad1791e8e868bf8e8893f2882f554a0d3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_240516.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"522cdad4f7956be5abd920d432e9c7c5","hashSHA1":"ddf5e77be9c6967bb5ea510af0997f53869350e2","hashSHA256":"17da22bcce3572cea6070555adad0cb4e8a5901af04a873c296fcdbadecb4fb6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"638","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"638"}],"sampleFiles":["240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer1.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240103.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240109.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_220124.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_230124.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240130.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer-240202.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240205.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240206.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240207.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240213.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240214.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240215.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240220.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240227.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240301.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240304.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240305.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240306.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240307.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240308.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240311.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240312.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240313.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240314.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240318.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240325.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240326.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240401.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240403.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240405.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240408.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240410.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240412.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240429.exe","240521/uTorrentWeb-211126/1.4.0.5759/Samples/utweb_installer_240516.exe"],"imageFiles":["240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-042/ACR-042_Install_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-048/ACR-048_Install_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-014/ACR-014_Install_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-084/ACR-084_Software_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-097/ACR-097_Software_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-118/ACR-118_Uninstall_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-013/ACR-013_Install_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-013/ACR-013_Install_2.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240521/uTorrentWeb-211126/1.4.0.5759/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5759_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5759","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:26.5874315+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":75},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5672","fileVersion":"1.3.0.5672","hashMD5":"59cdf68de3528ff19fe4f791adfe2d54","hashSHA1":"9bffd348ddd8db1051bfcb1449e1bee8b173b9af","hashSHA256":"7dc1273a91b2db72546de32b3657fede0099c788654aa55ae1a65ee6aa62c4d3","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"805","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"79e721db52fc8f3864afb1575bb50efe","hashSHA1":"e4062d2d4d8665dcd06f6d275f4911f443f88dfc","hashSHA256":"dc764b6f9ccebd9bf20af37674799f25ceb5376bf8801c24adfdb2120ad4a6ca","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"805","avBlockList":["COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","Malwarebytes Premium (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)"],"avAllowList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","McAfee Total Protection (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","Windows Defender (20231228)"]},{"isRevoked":"False","fileName":"utweb_installer_230815.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"ecc1a6147b6b74a23f37ba44c2f6a741","hashSHA1":"d4e7706060d75092b6b5ce5dc122f5da62f802ff","hashSHA256":"79e9906960cede2e4060730833f058f877d05f928519bd08627d057aaede7f48","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"805","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"805"}],"sampleFiles":["231117/uTorrentWeb-211126/1.3.0.5672/Samples/utweb_installer.exe","231117/uTorrentWeb-211126/1.3.0.5672/Samples/utweb_installer_230815.exe"],"imageFiles":["231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-043/ACR-043_Install_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-042/ACR-042_Install_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-084/ACR-084_Software_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-097/ACR-097_Software_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-118/ACR-118_Uninstall_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-013/ACR-013_Install_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-013/ACR-013_Install_2.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-013/ACR-013_Install_3.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_1.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_2.png","231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_3.png"],"nonDeceptorImageFiles":["231117/uTorrentWeb-211126/1.3.0.5672/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5672_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5672","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:31.6769543+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":77},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5671","fileVersion":"1.3.0.5671","hashMD5":"0baa943481dcb37a410ae91864df937e","hashSHA1":"7a31195a15887fcb71b75684bddb6e38f0df9440","hashSHA256":"fb16c6d424b705b0db3277fe8776e96694c00f8b942dc5828412b1f7b7a3b8ea","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"930","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"429e56e044f63422147b548ed1bd97a8","hashSHA1":"c26d32fd4fd0628381ecac39c60cc1c4808b3fe0","hashSHA256":"75085e19a2fb105bf96bf5f942cd3fce8c4bd71e8d761c16e96d194e45a5d555","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"930","avBlockList":["COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","Malwarebytes Premium (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)"],"avAllowList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","McAfee Total Protection (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","Trend Micro Internet Security (20240201)","VIPRE Advanced Security (20240201)","Windows Defender (20240201)"]},{"isRevoked":"False","fileName":"utweb_installer_1.exe","isInstaller":"True","productName":"uTorrent Web®  ","productVersion":"1.3          ","fileVersion":"1.3","hashMD5":"99a1af9119c27910d2a11a133069aeec","hashSHA1":"c68ca0a346f36de8c740d0ef5665fbb001f55a98","hashSHA256":"cdbb1ce80abeae040c5cbf0a082b8b9d59493131f7a472b77c398f55fdac71d9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"Rainberry Inc","sourceIndex":"930","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"930"}],"sampleFiles":["231117/uTorrentWeb-211126/1.3.0.5671/Samples/utweb_installer.exe","231117/uTorrentWeb-211126/1.3.0.5671/Samples/utweb_installer_1.exe"],"imageFiles":["231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-043/ACR-043.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-042/ACR-042.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-084/ACR-084.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-097/ACR-097.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-118/ACR-118.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-013/ACR-013.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-013/ACR-013_1.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-013/ACR-013_2.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-060/ACR-060.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-060/ACR-060_1.PNG","231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["231117/uTorrentWeb-211126/1.3.0.5671/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5671_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5671","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:35.8018254+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":79},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"Rainberry Inc.","productName":"µTorrent Web","productVersion":"1.4.0.5714","fileVersion":"1.4.0.5714","hashMD5":"9d69c89d503302ea9b83dc0ca841a421","hashSHA1":"4bddff916eaae96c449c34cfa1a94ebc74e106ef","hashSHA256":"58f2463c0885326ce24faf80a03edc676e171e676f22d325ffdd15f6c84039db","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uТorrеnt Web®                                               ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"a3552a54b69d588f71cedf2031a2de9d","hashSHA1":"cd7d4d7b86e4d90000a09bbca2ae27c8fe6bfdda","hashSHA256":"5f388824d367819b691783624c53cdbb161a4495dd243ca42508776048fd29ed","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"786","avBlockList":["Bitdefender Internet Security (20240305)","COMODO Antivirus (20240305)","Dr.Web Security Space (20240305)","ESET Internet Security (20240305)","G DATA INTERNET SECURITY (20240305)","K7 Total Security (20240305)","Malwarebytes Premium (20240305)","Norton Security (20240305)","Panda Dome (20240305)","Quick Heal Internet Security (20240305)","Sophos Home Premium (20240305)","VIPRE Advanced Security (20240305)","VirIT eXplorer PRO (20240305)","Webroot SecureAnywhere (20240305)"],"avAllowList":["360 Total Security (20240305)","Avast Premium Security (20240305)","AVG Internet Security (20240305)","Avira Internet Security (20240305)","Kaspersky Internet Security (20240305)","McAfee Total Protection (20240305)","SpyHunter5 (20240305)","Total AV Antivirus Pro (20240305)","Trend Micro Internet Security (20240305)","Windows Defender (20240305)"]},{"isRevoked":"False","fileName":"utweb_installer_231027.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c61edd4e06c593d961fd5faff57c6325","hashSHA1":"5862c9987045a774e37793d9d287d98f86660725","hashSHA256":"e6a1f71cb35d378166f230afacda44d75b0917f12c06b31db0cda7d30a1b3325","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231031.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c3a5222af4e23219a709ac1051de9ba6","hashSHA1":"abd087f2cc60a640de5d81a621a39e73ddda37fa","hashSHA256":"d73c1c18646285ef6bf4ecaef811c3013c13ba80ae62cbe6376c3c36d8ee5abd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231031_1.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"d2edd3dfe864a7c9f404eeaf31876b54","hashSHA1":"78bd37c62d63696bc709bb8cf5606efa6e99acfa","hashSHA256":"7f55c694a91d6fe4fb57e0becbe0a2494d2a7b16cb7b72e01dc5b8e3205fb3af","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231102.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d41cf18848dc10efcb039119fa352647","hashSHA1":"24fae0275965cabde0b4699ebd8e00c0a460afa5","hashSHA256":"35993f6708a6035a484dc54cf98514fdf42342ddfe42c98cb85d5a08014f20c9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231103.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"37e87ccd678cb0dc477ac51ed25bb110","hashSHA1":"2d50b1f6476c4c67109197ec2f7dae3202c345f5","hashSHA256":"cfa62cde372fd31497d79ba60c4f5d745dd9518244585279864949e0072796cc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_1.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"5d0f78072cb9a2b13ebda8f24c086d1e","hashSHA1":"295caa4a2b92a6aa6572fdacc26f3346008f1485","hashSHA256":"55e8447c47177c26d61cbdf07fa2abc6663e770418a921dfd1f4e04316544cd9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231113.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b02bc623dbc269a248a5a73786a1333c","hashSHA1":"016ba17afb8bedba6ab3578ac807583c7c668a1a","hashSHA256":"4e1f8de01bc8843e64edfb685eff998657e2f0e8e8e7bd75d52fc3580fcbb044","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231115.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4f8bd6c21fb197476dd951eb4be123e6","hashSHA1":"7e062e368254039f813633109f648c38187807c1","hashSHA256":"b9b036790d840c82ef0bb9b75461fd8980d64e21c346ebba38f10addaab2049d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231116.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a9b3973544c506d81b5c1383cec02476","hashSHA1":"c75291f244cc2251d4157c28beb38b6db596b48c","hashSHA256":"e8bb661841258ffefe8939404a4f5941d0faef761ada551bebb7e3a32def20fd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231116_2.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"ed11cdefc38d4a888a4b8a2a95eae678","hashSHA1":"943b5d19c04c4a5d67547dd6cf90861d0c47102f","hashSHA256":"55af1c825fea790e819d34c4adc43f5a737bf290cc10adcaff3c780ba74ae295","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231117.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d3efd50a3d1cd50822f2d95e69e14dc0","hashSHA1":"47335fcf91e4b529d375b7ca021ed06e420a1402","hashSHA256":"b25f7a598b0cf917cac5985f204e9d3132b5b0f25c99d9ced0ade600b0ec94a6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231120.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"bda45bc68b9bbfe5f674ce7bbdbaa8cc","hashSHA1":"503d17fd0bb744c0832637c9f029aa7b33d28a58","hashSHA256":"e6a09acf7b5e24742185af46e7815dd2ca73ba7193165af6f4c5893c98398cfa","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231124.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"eb462677d3eabf4463228afcf31967dc","hashSHA1":"b28be6d6a38a4b0de2ceea8534f5f8d7e45f92d9","hashSHA256":"5db295f7f7999a576a7ca4009549e02821d77454f4fd1e5a432208c450e32a48","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231204.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"bdc5913465d8c46ca98ec13bd2e1f068","hashSHA1":"6c960be634c547c57595c4add73294b8efc8ef8d","hashSHA256":"4a313fdbe3e0a822d872ee60930d979ff760fcdf20dac959148ed0f169796ba3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer_231211.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"019a2d352f3051b0522c2a1cad0574e8","hashSHA1":"f80290a19295a3958ab8bbcad0d85bc7273e3f69","hashSHA256":"36f00c0d2338bdff22d4a0a383942c1746212d1825ed5189ea751a470be75031","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"786","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"786"}],"sampleFiles":["231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231027.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231031.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231031_1.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231102.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231103.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_1.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231113.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231115.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231116.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231116_2.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231117.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231120.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231124.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231204.exe","231211/uTorrentWeb-211126/1.4.0.5714/Samples/utweb_installer_231211.exe"],"imageFiles":["231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-042/ACR-042_Install_1.png","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-048/ACR-048.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-084/ACR-084.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-097/ACR-097.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-118/ACR-118.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-013/ACR-013.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-013/ACR-013_1.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-013/ACR-013_2.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-060/ACR-060.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-060/ACR-060_1.PNG","231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["231211/uTorrentWeb-211126/1.4.0.5714/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.4.0.5714_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.4.0.5714","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:31.1806915+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":76},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5669","fileVersion":"1.3.0.5669","hashMD5":"72d76c1a0962a571cc69623970caa70c","hashSHA1":"43b77525279f70e3d6dd871a38f3d918d1ba849f","hashSHA256":"931b2b92f20ac08e304bc6f5008a2f2bb23121e85dc88e0463fe1e7ef79ee07d","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"967","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"6a8af5d129a6ca4f9dbda51dd928a7af","hashSHA1":"2b91cea230389c307a9b0595f605ad000ed9f5c9","hashSHA256":"877dfff0aa2d611c59c7c380e7076260e7b60e40deb0cc35b43e95f8128f0980","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"967","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"967"}],"sampleFiles":["230724/uTorrentWeb-211126/1.3.0.5669/Samples/utweb_installer.exe"],"imageFiles":["230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-043/ACR-043.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-042/ACR-042.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-084/ACR-084.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-097/ACR-097.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-118/ACR-118.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-013/ACR-013.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-013/ACR-013_1.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-013/ACR-013_2.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-060/ACR-060.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-060/ACR-060_1.PNG","230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["230724/uTorrentWeb-211126/1.3.0.5669/Images/ACR-123/ACR-123.PNG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5669_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5669","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:36.4698398+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":81},{"violations":{"ACR-017":"The 3rd party endorsement ( https://bit.ly/3xwP0zF ) is not verifiable.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-057":"Offers don't have clear way for user to accept or decline\n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.2.6.3977","fileVersion":"1.2.6.3977","hashMD5":"f2335d97abe90f4c3e977479de2fec21","hashSHA1":"9b00c6c02956d8b12944aa9224005d2e32d1888b","hashSHA256":"dc4f5107c56ada95fb763000078924869a7e4b065f68a87db887247337887662","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1780","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"uTorrent Web","productVersion":"1.2.6.3977","fileVersion":"1.2.6.3977","hashMD5":"3ca60498e14993701ac05be96f769451","hashSHA1":"e66307d9783c000d77ff4078dd3dbc41f9d351cb","hashSHA256":"bf2647b0626771c65860cbe27d750b35fd22e9edaea73d19945962e1ab6ac38a","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1780","avBlockList":["360 Total Security (20240404)","Bitdefender Internet Security (20240404)","COMODO Antivirus (20240404)","Dr.Web Security Space (20240404)","ESET Internet Security (20240404)","G DATA INTERNET SECURITY (20240404)","K7 Total Security (20240404)","Malwarebytes Premium (20240404)","McAfee Total Protection (20240404)","Norton Security (20240404)","Panda Dome (20240404)","Quick Heal Internet Security (20240404)","Sophos Home Premium (20240404)","Tencent PC Manager (20211209)","VIPRE Advanced Security (20240404)","VirIT eXplorer PRO (20240404)","Webroot SecureAnywhere (20240404)"],"avAllowList":["Avast Premium Security (20240404)","AVG Internet Security (20240404)","Avira Internet Security (20240404)","Kaspersky Internet Security (20240404)","SpyHunter5 (20240404)","Total AV Antivirus Pro (20240404)","Trend Micro Internet Security (20240404)","Windows Defender (20240404)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1780"}],"sampleFiles":["211129/uTorrentWeb-211126/1.2.6.3977/Samples/utweb_installer.exe"],"imageFiles":["211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-084/ACR-084_Software_BackgroundProcess.JPG","211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","211129/uTorrentWeb-211126/1.2.6.3977/Images/ACR-017/ACR-017_InternalOffers_Logo_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.2.6.3977_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.2.6.3977","sigName":"Deceptor:Win32/uTorrentWeb!084057055017","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":88},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"uTorrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"7cdf06b512a522d8abc5eef31c1231b8","hashSHA1":"a4c48b7ae9a3e809e77184a60d0556945b7c0518","hashSHA256":"fb557fce26985de5641113c004e62c39bf42b2c5fcef5ed94a5244ad27362f5b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"953","avBlockList":["COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Malwarebytes Premium (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)"],"avAllowList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","Kaspersky Internet Security (20231116)","McAfee Total Protection (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","Windows Defender (20231116)"]},{"isRevoked":"False","fileName":"utweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"fb2840df59b1d60b8b5caff94abc6b93","hashSHA1":"698ed16e6b8b7311873ea67ea9aebdec8551ff9e","hashSHA256":"7ff251e916d6e5953d9e206f92518ef0d99e6b19a6212d89bc37455eb9093009","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"953","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Google Chrome offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win","sourceIndex":"953"}],"sampleFiles":["230725/uTorrentWeb-211126/1.3.0.5670/Samples/utweb_installer.exe","230725/uTorrentWeb-211126/1.3.0.5670/Samples/utweb.exe"],"imageFiles":["230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-043/Screen Shot 2023-07-25 at 9.40.02 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-042/Screen Shot 2023-07-25 at 9.40.02 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-084/Screen Shot 2023-07-25 at 9.37.02 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-097/Screen Shot 2023-07-25 at 9.45.53 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-118/Screen Shot 2023-07-25 at 9.48.04 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-013/Screen Shot 2023-07-25 at 9.34.53 PM.png","230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-060/Screen Shot 2023-07-25 at 9.34.53 PM.png"],"nonDeceptorImageFiles":["230725/uTorrentWeb-211126/1.3.0.5670/Images/ACR-123/Screen Shot 2023-07-25 at 10.00.05 PM.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5670_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5670","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:36.3485831+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":80},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission.\n","ACR-043":"The \"utorrent\" components and \"Adaware\" components get dropped in one click without disclosing.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation the app checks for a list of AVs and acts as if it is trying to evade the security product detections.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-123":"The app didn't remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.2.8.4523","fileVersion":"1.2.8.4523","hashMD5":"752e3562d639bd738d52a0ef5bcd3c50","hashSHA1":"2c7c95f9fd4590445f719ffc384f2de72ffc087f","hashSHA256":"2cd5e28a2fdba91116fa8bb67111981cb5f352bc0c29a07184a4884ebc8b967f","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1577","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1577","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"uTorrent Web","productVersion":"1.2.8.4523","fileVersion":"1.2.8.4523","hashMD5":"7d70eb7a3ed9209a17a4e80ca5cb0c36","hashSHA1":"61b107e84e9d17ab1a45815c8613e7c5d3176957","hashSHA256":"b4eccd0128a27d1eac5ff38aa451d7aafbbc2c46a93f929362661c4255957699","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1577","avBlockList":["360 Total Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","ESET Internet Security (20240820)","G DATA INTERNET SECURITY (20240820)","K7 Total Security (20240820)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","FortectPremium (20240820)"],"avAllowList":["Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Kaspersky Internet Security (20231031)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","Windows Defender (20240820)","KasperskyPremium (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- utorrent","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1577"}],"sampleFiles":["220601/uTorrentWeb-211126/1.2.8.4523/Samples/utweb_installer.exe"],"imageFiles":["220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-043/ACR-043_Install.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-043/ACR-043_Install_1.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-042/ACR-042_Install.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-048/ACR-048_Install.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-084/ACR-084_Software.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-097/ACR-097_Software.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-097/ACR-097_Software_1.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-048/ACR-048_Software_1.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-048/ACR-048_Software.JPG","220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220601/uTorrentWeb-211126/1.2.8.4523/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.2.8.4523_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.2.8.4523","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":86},{"violations":{"ACR-043":"The \"u Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","companyName":"BitTorrent Inc.","fileVersion":"2.1","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1180","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb.exe-fcdfdc2b66f5c923d9b96baff4c14bd1cda92df32acec9d872768877ee016aab","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"4de13af5287ccc91f8f640141e766f1c","hashSHA1":"4506b6540c61d2937393b40409d65c2caa4ef640","hashSHA256":"fcdfdc2b66f5c923d9b96baff4c14bd1cda92df32acec9d872768877ee016aab","digitalCertThumbprint":"8AA7548C2D041AA6E6EEEF1E0910EC8B959BEBA9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1180","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe-91bfb22e09589199c5b4d5ec665b49d68efff21e59bf4660a3fb9a533afb8192","isInstaller":"True","fileVersion":"1.3","hashMD5":"aa28c6ab66f316f9ca24e34171fd79f9","hashSHA1":"9a85cb527dc06146474410e232c83e88c29fc6b5","hashSHA256":"91bfb22e09589199c5b4d5ec665b49d68efff21e59bf4660a3fb9a533afb8192","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1180","avBlockList":["COMODO Antivirus (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","G DATA INTERNET SECURITY (20231003)","K7 Total Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Sophos Home Premium (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)"],"avAllowList":["360 Total Security (20231003)","Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Bitdefender Internet Security (20231003)","Kaspersky Internet Security (20231003)","Quick Heal Internet Security (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","Trend Micro Internet Security (20231003)","VIPRE Advanced Security (20231003)","Windows Defender (20231003)"]},{"isRevoked":"False","fileName":"utweb_installer (1).exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"f4f238302d3529b21c6a8bf9ed4f5276","hashSHA1":"c192e6a15db8f12a7a70e15477a5d984f581472f","hashSHA256":"52bbb9086d5e454b3606b20aaaf380c623f700d529fb6da788ffce78432d7d07","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1180","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"uTorrent Web","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win","sourceIndex":"1180"}],"sampleFiles":["230402/uTorrentWeb-211126/1.3.0.5649/Samples/helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","230402/uTorrentWeb-211126/1.3.0.5649/Samples/utweb.exe-fcdfdc2b66f5c923d9b96baff4c14bd1cda92df32acec9d872768877ee016aab","230402/uTorrentWeb-211126/1.3.0.5649/Samples/utweb_installer.exe-91bfb22e09589199c5b4d5ec665b49d68efff21e59bf4660a3fb9a533afb8192","230402/uTorrentWeb-211126/1.3.0.5649/Samples/utweb_installer (1).exe"],"imageFiles":["230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-043/ACR-043.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-048/ACR-048.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-084/ACR-084.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-097/ACR-097.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-118/ACR-118.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-013/ACR-013_1.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-013/ACR-013_2.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-013/ACR-013_3.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-013/ACR-013_4.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-060/ACR-060_1.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-060/ACR-060_2.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-060/ACR-060_3.png","230402/uTorrentWeb-211126/1.3.0.5649/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":[],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5649_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5649","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:43.0327322+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":85},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-017":"The 3rd party endorsement ( https://bit.ly/3lVawcN ) is not verifiable.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"During installation the app checks for a list of AVs and acts as if it is trying to evade the security product detections.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline\n","ACR-055":"The accept/Decline options are not consistent for offers. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.2.7.4186","fileVersion":"1.2.7.4186","hashMD5":"c46b7ec351ff1d7151bee5d4b75a0dae","hashSHA1":"24bc16728f5d299d5a3c97466b44fb2997b2ddbe","hashSHA256":"de0fbc64b9d719210f11a2918059fc0cf6bf1f46d21e1b8d7cb53c7fc0cf68bd","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1767","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer (1).exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"uTorrent Web","productVersion":"1.2.7.4186","fileVersion":"1.2.7.4186","hashMD5":"0a6a273312eabf4d971fb55b52b781ae","hashSHA1":"2b887c32a8061ddccc94aee79ac2a0fb9adae783","hashSHA256":"d4e60be1204df950e20b1968e14458e3a9ccf40a7fe7b0a6d2c2b4e01d646fc6","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1767","avBlockList":["360 Total Security (20240423)","COMODO Antivirus (20240423)","Dr.Web Security Space (20240423)","ESET Internet Security (20240423)","G DATA INTERNET SECURITY (20240423)","K7 Total Security (20240423)","Malwarebytes Premium (20240423)","McAfee Total Protection (20240423)","Norton Security (20240423)","Panda Dome (20240423)","Quick Heal Internet Security (20240423)","Sophos Home Premium (20240423)","VirIT eXplorer PRO (20240423)","Webroot SecureAnywhere (20240423)"],"avAllowList":["Avast Premium Security (20240423)","AVG Internet Security (20240423)","Avira Internet Security (20240423)","Bitdefender Internet Security (20240423)","Kaspersky Internet Security (20240423)","SpyHunter5 (20240423)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20240423)","Trend Micro Internet Security (20240423)","VIPRE Advanced Security (20240423)","Windows Defender (20240423)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1767"}],"sampleFiles":["211210/uTorrentWeb-211126/1.2.7.4186/Samples/utweb_installer (1).exe"],"imageFiles":["211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-048/ACR-048_Software_No_Control.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-084/ACR-084_Software_BackgroundProcess.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-097/ACR-097_Software.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-097/ACR-097_Software_1.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-118/ACR-118.J_Uninstall_Retains_Component.jPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_3.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_4.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_4.JPG","211210/uTorrentWeb-211126/1.2.7.4186/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":[],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.2.7.4186_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.2.7.4186","sigName":"Deceptor:Win32/uTorrentWeb!048084097118057055017","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":87},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"12177fdedcf10b26a743db59e2e557f2","hashSHA1":"00453d049cb864843511f700f7dc4d9db7e463ca","hashSHA256":"c0a6a00c0ebff578d676ac41aab14424b31fbe8b275da1415cb0d4e270f9851a","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"999","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"f96157e1e760a67d87881b1d6d6d212c","hashSHA1":"d55f02d9a3de815fee0b79f3b4c6dccfc6023933","hashSHA256":"cf3473f9af60276874957585cc30ba4e24c9a98dad38113953ef0682411e6f32","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"999","avBlockList":["COMODO Antivirus (20240402)","Dr.Web Security Space (20240402)","ESET Internet Security (20240402)","G DATA INTERNET SECURITY (20240402)","K7 Total Security (20240402)","Malwarebytes Premium (20240402)","Norton Security (20240402)","Panda Dome (20240402)","Quick Heal Internet Security (20240402)","Sophos Home Premium (20240402)","VirIT eXplorer PRO (20240402)","Webroot SecureAnywhere (20240402)"],"avAllowList":["360 Total Security (20240402)","Avast Premium Security (20240402)","AVG Internet Security (20240402)","Avira Internet Security (20240402)","Bitdefender Internet Security (20240402)","Kaspersky Internet Security (20240402)","McAfee Total Protection (20240402)","SpyHunter5 (20240402)","Total AV Antivirus Pro (20240402)","Trend Micro Internet Security (20240402)","VIPRE Advanced Security (20240402)","Windows Defender (20240402)"]},{"isRevoked":"False","fileName":"utweb_installer_062923.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"7db2e513e60633e04c519d281896df65","hashSHA1":"d5085198d5acfc4b9bb19feb1e58fac449220d31","hashSHA256":"8f5128bc895da865331ed573d0a3654682b1e0e7c59465dd000d4e0bac5baf64","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"999","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"999"}],"sampleFiles":["230711/uTorrentWeb-211126/1.3.0.5666/Samples/utweb.exe","230711/uTorrentWeb-211126/1.3.0.5666/Samples/utweb_installer.exe","230711/uTorrentWeb-211126/1.3.0.5666/Samples/utweb_installer_062923.exe"],"imageFiles":["230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-042/ACR-042_UTW.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-084/ACR-084.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-097/ACR-097.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-118/ACR-118.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-013/ACR-013_060_UTW.png","230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-060/ACR-013_060_UTW.png"],"nonDeceptorImageFiles":["230711/uTorrentWeb-211126/1.3.0.5666/Images/ACR-123/ACR-123.png"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5666_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5666","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:37.291465+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":83},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"utweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"69b95d5acc34cddc331fff68924a99bd","hashSHA1":"59dd48b931eae86d898082f23d626218f7e6c07b","hashSHA256":"29f5156f682ed2429cc2d1441184c6d42d1f11600e915e8eb5c9008fcc8d577e","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"989","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"75de69afbf38478194c29d8a7ac8de65","hashSHA1":"9c32ecbe1da8f6168026087e9a5fddc562107037","hashSHA256":"c719bca45bc7395c0a173ccced81b613c49214f3883bcb32ca32e74098e9b9da","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"989","avBlockList":["COMODO Antivirus (20230720)","Dr.Web Security Space (20230720)","ESET Internet Security (20230720)","G DATA INTERNET SECURITY (20230720)","K7 Total Security (20230720)","Malwarebytes Premium (20230720)","Norton Security (20230720)","Quick Heal Internet Security (20230720)","Sophos Home Premium (20230720)","SpyHunter5 (20230720)","VirIT eXplorer PRO (20230720)","Webroot SecureAnywhere (20230720)"],"avAllowList":["360 Total Security (20230720)","Avast Premium Security (20230720)","AVG Internet Security (20230720)","Avira Internet Security (20230720)","Bitdefender Internet Security (20230720)","Kaspersky Internet Security (20230720)","McAfee Total Protection (20230720)","Panda Dome (20230720)","Total AV Antivirus Pro (20230720)","Trend Micro Internet Security (20230720)","VIPRE Advanced Security (20230720)","Windows Defender (20230720)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Opera offer bundled","landingPage":"https://www.utorrent.com","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"989"}],"sampleFiles":["230712/uTorrentWeb-211126/1.3.0.5668/Samples/utweb.exe","230712/uTorrentWeb-211126/1.3.0.5668/Samples/utweb_installer.exe"],"imageFiles":["230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-042/uTW-ACR-042.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-084/UTW-Process.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-097/FirewallException.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-118/ACR-118.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-013/uTW-OptionalOffer.jpg","230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-060/uTW-OptionalOffer.jpg"],"nonDeceptorImageFiles":["230712/uTorrentWeb-211126/1.3.0.5668/Images/ACR-123/Startup.jpg"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5668_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5668","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:37.1892919+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":82},{"violations":{"ACR-043":"The \"u Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\uTorrent Web\\utweb.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Web","productVersion":"1.3.0.5665","fileVersion":"1.3.0.5665","hashMD5":"9d32f4b4925580a2bd98ef6ea8a096f5","hashSHA1":"2674d57eabfd11fae31029070120ec7856e8605c","hashSHA256":"f530a7b3aeb71928250e2d72807175e15099c5231ca80e7ca535b2eea23cd733","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"utweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"uTorrent Web®                                               ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"57d8b657a4b3bd3955756de98786629d","hashSHA1":"3cb11ca9648234f27977ba57b2362688fa4117a3","hashSHA256":"f1e1233da78ada22a2a84660ef213c1162a35dc2091810cfadaf11dd38222efc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1129","avBlockList":["360 Total Security (20230518)","COMODO Antivirus (20230518)","Dr.Web Security Space (20230518)","ESET Internet Security (20230518)","G DATA INTERNET SECURITY (20230518)","K7 Total Security (20230518)","Malwarebytes Premium (20230518)","Norton Security (20230518)","Panda Dome (20230518)","Quick Heal Internet Security (20230518)","Sophos Home Premium (20230518)","VirIT eXplorer PRO (20230518)","Webroot SecureAnywhere (20230518)"],"avAllowList":["Avast Premium Security (20230518)","AVG Internet Security (20230518)","Avira Internet Security (20230518)","Bitdefender Internet Security (20230518)","Kaspersky Internet Security (20230518)","McAfee Total Protection (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","Trend Micro Internet Security (20230518)","VIPRE Advanced Security (20230518)","Windows Defender (20230518)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.utorrent.com/web/","directDownloadingLink":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.utorrent.com/web/downloads/complete/track/stable/os/win/","sourceIndex":"1129"}],"sampleFiles":["230502/uTorrentWeb-211126/1.3.0.5665/Samples/utweb_installer.exe"],"imageFiles":["230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-043/ACR-043.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-048/ACR-048.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-084/ACR-084.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-097/ACR-097.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-118/ACR-118.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-013/ACR-013.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-013/ACR-013_1.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-060/ACR-060.JPG","230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":["230502/uTorrentWeb-211126/1.3.0.5665/Images/ACR-123/ACR-123.JPG"],"guid":"2809ba07-e9d6-4ab2-8748-339512fba3b7_1.3.0.5665_1","appID":"uTorrentWeb-211126","dateAdded":"260205","deceptorType":"App","name":"u Torrent Web","company":"BitTorrent, Inc","version":"1.3.0.5665","lastKnownStatus":"1.2.6.3977;1.2.7.4186;1.2.8.4523;1.3.0.5649;1.3.0.5665;1.3.0.5666;1.3.0.5668;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.3.0.5673;1.4.0.5714;1.4.0.5759;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:41.6485009+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":18,"sortOrder":84},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"aaae33c005dd2c7f92312585115e573c","hashSHA1":"dca42a408beaedf06a689b4987da7123debabb03","hashSHA256":"a9d5baf37cd8a94280bc11d23c2a9752187473fedda3e11cee36831839a5e460","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"952","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"43d99d65d9d4b9032de43c69dae64634","hashSHA1":"b646d81cee3ff0b332b99262ce0f923af756fe6d","hashSHA256":"0dad61eb242e390be7148d733bcd32b8868ffa0437623c722562b745fe8c970c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"952","avBlockList":["COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Malwarebytes Premium (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)"],"avAllowList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","Kaspersky Internet Security (20231214)","McAfee Total Protection (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","Trend Micro Internet Security (20231214)","VIPRE Advanced Security (20231214)","Windows Defender (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"952"}],"sampleFiles":["231116/bittorrentweb-211217/1.3.0.5670/Samples/btweb.exe","231116/bittorrentweb-211217/1.3.0.5670/Samples/btweb_installer.exe"],"imageFiles":["231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-043/ACR-043.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-042/ACR-043_042.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-048/ACR-048.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-084/ACR-084.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-097/FirewallException.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-118/ACR-118.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-013/OptionalOffer.jpg","231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["231116/bittorrentweb-211217/1.3.0.5670/Images/ACR-123/ACR-123.jpg"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5670_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5670","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:36.3154663+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":120},{"violations":{"ACR-042":"The \"Adaware\" components get dropped without asking the user's permission and disclosing the installation path. \n","ACR-043":"The \"Bittorrent\" components and \"Adaware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The recommended by \"who\" is not clear in the Offer. \n"},"nonDeceptorViolations":{"ACR-123":"The app didn't remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.8.4523","fileVersion":"1.2.8.4523","hashMD5":"4bc77314827bbdc170d32df3f84798b2","hashSHA1":"caa7e57f72aed88a8a06b762fb18f7221ac5d164","hashSHA256":"f962bfdea47e3b59a29114f438720af270ad311f913aa35b617325c3d9b7c7d3","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1649","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.3.1957","fileVersion":"2.1.3.1957","hashMD5":"b13c3cbf6ac3fee83ea38fa1164376ba","hashSHA1":"440956cf95926e7d7cb2dba57a5de4bba87ed06c","hashSHA256":"9baee772391167e729cbf149a29a4eed8f1c99b74034361ca95df54b1308893a","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1649","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"BitTorrent Web","productVersion":"1.2.8.4523","fileVersion":"1.2.8.4523","hashMD5":"3f6674e771e367449914996b1b119d96","hashSHA1":"fae1f2a9a80b0eea4602fbc2b2338978f0153b6e","hashSHA256":"b0d12dab25c59ae9482e75e70989c2557727d769efdcbc0cdbdae165b102b48e","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1649","avBlockList":["Avira Internet Security (20220428)","COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","ESET Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","Malwarebytes Premium (20220428)","McAfee Total Protection (20220428)","Norton Security (20220428)","Panda Dome (20220428)","Quick Heal Internet Security (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Total AV Antivirus Pro (20220428)","VirIT eXplorer PRO (20220428)","Webroot SecureAnywhere (20220428)"],"avAllowList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Bitdefender Internet Security (20220428)","Kaspersky Internet Security (20220428)","Tencent PC Manager (20220428)","Trend Micro Internet Security (20220428)","VIPRE Advanced Security (20220428)","Windows Defender (20220428)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"1649"}],"sampleFiles":["220407/bittorrentweb-211217/1.2.8.4523/Samples/btweb_installer.exe"],"imageFiles":["220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-043/ACR-043_Install.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-043/ACR-043_Install_1.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-042/ACR-042_Install.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-048/ACR-048_Install_No_Control.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-084/ACR-084_Software_Process.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-048/ACR-048_Software_No_Control.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-118/ACR-118_Uninstall.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-057/ACR-057_Bundler-madeOffers_No_Accept_Decline_Option.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-059/ACR-059_Bundler-madeOffers_Recommended.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option_1.JPG"],"nonDeceptorImageFiles":["220407/bittorrentweb-211217/1.2.8.4523/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.2.8.4523_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.2.8.4523","sigName":"Deceptor:Win32/BitTorrentWeb!048084118057055","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":127},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves some of its components on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{"ACR-123":"The app didn't remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.10.5208","fileVersion":"1.2.10.5208","hashMD5":"42f6c5e24e07c7b168bed22ee61ebabb","hashSHA1":"f4626ab39ea2922e0baeac766f46a2cc95dadb29","hashSHA256":"1b29cb9e05bfc9aa479990c264205e77214af71f9ece20a58375b4a3570ca34d","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1340","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1340","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"BitTorrent Web","productVersion":"1.2.10.5208","fileVersion":"1.2.10.5208","hashMD5":"970311e865d24e8924600241fcbcaa91","hashSHA1":"eb0d578d02d597ceb79242059562b13069e6dca4","hashSHA256":"17a9c5749842d3ed9400a84bf76927fa8b73626f64c46f3fecf84a42f6e3378a","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1340","avBlockList":["COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","K7 Total Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)"],"avAllowList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","Kaspersky Internet Security (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)","Windows Defender (20231207)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"1340"}],"sampleFiles":["221025/bittorrentweb-211217/1.2.10.5208/Samples/btweb_installer.exe"],"imageFiles":["221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-043/ACR-043_Install.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-048/ACR-048_Install.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-084/ACR-084_Software.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-048/ACR-048_Software.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-048/ACR-048_Software_1.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-118/ACR-118_Uninstall.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-118/ACR-118_Uninstall_1.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-057/BitTorrentWeb_Offer2.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-055/BitTorrentWeb_Offer2.JPG"],"nonDeceptorImageFiles":["221025/bittorrentweb-211217/1.2.10.5208/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.2.10.5208_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.2.10.5208","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":126},{"violations":{"ACR-043":"The \"Bittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{"ACR-123":"The app didn't remove the startup even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.9.4938","fileVersion":"1.2.9.4938","hashMD5":"d8cf7dd66348d1de4b4b1b8cf1aa0f05","hashSHA1":"d5340b82cbfc4a867b3af177ef5a31dc82e8a9d6","hashSHA256":"38c61a12937d55ceec25d5b783dc563f80bca91cb8e834987a9e9fbb0237a9b4","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1339","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1339","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"Rainberry Inc.","productName":"BitTorrent Web","productVersion":"1.2.9.4938","fileVersion":"1.2.9.4938","hashMD5":"ced1ba6631f34b8ee9e18b1e6fe4f154","hashSHA1":"f5c750f7358a58612b528e2d048070e37fe758a3","hashSHA256":"bc21622960cada3b8660a44e3e58336d6db97294546d10fad094ffb13605cc17","digitalCertThumbprint":"6210E153E85031347F0884CBC539E100D920A5B5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Rainberry Inc.","storeId":"","sourceIndex":"1339","avBlockList":["Bitdefender Internet Security (20231003)","COMODO Antivirus (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","G DATA INTERNET SECURITY (20231003)","K7 Total Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","VIPRE Advanced Security (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)"],"avAllowList":["360 Total Security (20231003)","Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Kaspersky Internet Security (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","Trend Micro Internet Security (20231003)","Windows Defender (20231003)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"1339"}],"sampleFiles":["221025/bittorrentweb-211217/1.2.9.4938/Samples/btweb_installer.exe"],"imageFiles":["221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-043/ACR-043.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-048/ACR-048.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-084/ACR-084_Software.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-048/ACR-048_Software.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-048/ACR-048_Software_1.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-118/ACR-118.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-057/BitTorrentWeb_Offer2.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-055/ACR-055_Bundler-madeOffers_Inconsistent_Accept_Decline_Option.JPG","221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-055/BitTorrentWeb_Offer2.JPG"],"nonDeceptorImageFiles":["221025/bittorrentweb-211217/1.2.9.4938/Images/ACR-123/ACR-123.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.2.9.4938_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.2.9.4938","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":125},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it leaves \"Un_A.exe\" on the device without the consumer's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.7.4186","fileVersion":"1.2.7.4186","hashMD5":"c728d6c88e7134ea0edd361a1bd88da6","hashSHA1":"59b1f6858c7799ae591001ef3f44ffc9b460d82d","hashSHA256":"a85b9c15c0e76ea00d0a3906dc69c2d37bc8ee8fbd96c19f221f69698a5ef3f2","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1650","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.2.7.4186","fileVersion":"1.2.7.4186","hashMD5":"76edfebeb9288fd77d32e0db0ad2f666","hashSHA1":"a3c9c6f1e0a9cc532737f91d35f8e48a615a131a","hashSHA256":"94469fec615b685aab656ef8e11f863226577342b3242d9d69d094ecf9667798","digitalCertThumbprint":"680463B23D34E23AC40F45E062C9296878995188","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"BitTorrent Inc.","storeId":"","sourceIndex":"1650","avBlockList":["COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","K7 Total Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","Trend Micro Internet Security (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","FortectPremium (20240718)"],"avAllowList":["360 Total Security (20240718)","Avast Premium Security (20240718)","AVG Internet Security (20240718)","Avira Internet Security (20240718)","Bitdefender Internet Security (20240718)","Kaspersky Internet Security (20240718)","SpyHunter5 (20240718)","Tencent PC Manager (20220419)","Total AV Antivirus Pro (20240718)","VIPRE Advanced Security (20240718)","Windows Defender (20240718)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"1650"}],"sampleFiles":["220407/bittorrentweb-211217/1.2.7.4186/Samples/btweb_installer.exe"],"imageFiles":["220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-048/ACR-048_Software_No_Control.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-084/ACR-084_Software_BackgroundProcess.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-118/ACR-118_Uninstall_Retains_Component.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_1.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_2.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Accept_Decline_Option.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","220407/bittorrentweb-211217/1.2.7.4186/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Accept_Decline_Option_3.JPG"],"nonDeceptorImageFiles":[],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.2.7.4186_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.2.7.4186","sigName":"","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":128},{"violations":{"ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.3.0.5665","fileVersion":"1.3.0.5665","hashMD5":"9625f8f65243e19ace1f9c9eedb8d916","hashSHA1":"f862f2e65421584b9b3316ba313e80b002f16092","hashSHA256":"1d4d7f93e77f1ad1b04859d1eb96ff72091cdd524250efd5a81abff26f73fa8a","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1128","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\helper\\helper.exe","companyName":"BitTorrent Inc.","productName":"µTorrent Helper","productVersion":"2.1.4.2372","fileVersion":"2.1.4.2372","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"BitTorrent Inc","storeId":"","sourceIndex":"1128","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent Web®                                             ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"27c85792a8de13cce96f40bd17531282","hashSHA1":"d91f519ed5fb39d0e4857c941678fae1111276fd","hashSHA256":"d8c1a188c4ce8b931f159e0d5fcf5797b3ccc11b197f08b1a4017b40a4cd1ec7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"1128","avBlockList":["360 Total Security (20230831)","COMODO Antivirus (20230831)","Dr.Web Security Space (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Malwarebytes Premium (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)"],"avAllowList":["Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","Kaspersky Internet Security (20230831)","McAfee Total Protection (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","Windows Defender (20230831)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free","directDownloadingLink":"https://www.bittorrent.com/downloads/complete","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete","sourceIndex":"1128"}],"sampleFiles":["230503/bittorrentweb-211217/1.3.0.5665/Samples/btweb_installer.exe"],"imageFiles":["230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-043/ACR-043.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-048/ACR-048.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-084/ACR-084.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-118/ACR-118.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-013/ACR-013.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-013/ACR-013_1.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-060/ACR-060.JPG","230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":["230503/bittorrentweb-211217/1.3.0.5665/Images/ACR-123/ACR-123.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5665_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5665","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:41.4983317+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":123},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free","directDownloadingLink":"https://www.bittorrent.com/downloads/complete","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete","sourceIndex":"981"}],"sampleFiles":[],"imageFiles":["230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-043/ACR-043_Install_1.png","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-042/ACR-042_Install_1.png","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-048/ACR-048.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-084/ACR-084.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-097/ACR-097_Software_1.png","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-118/ACR-118_Uninstall_1.png","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-013/ACR-013.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-013/ACR-013_1.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-013/ACR-013_2.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-060/ACR-060.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-060/ACR-060_1.JPG","230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-060/ACR-060_2.JPG"],"nonDeceptorImageFiles":["230713/bittorrentweb-211217/1.3.0.5666/Images/ACR-123/ACR-123.JPG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5666_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5666","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:36.9224835+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":122},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.3.0.5669","fileVersion":"1.3.0.5669","hashMD5":"00e233327f9df55b17f9b4c147fa72ee","hashSHA1":"6ee498c42c74a89d2739f9147bddbb6b0e1b4857","hashSHA256":"90eb9866a026352846ef2064137206294428aebde3bbce3059a9fb7147e462f3","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"966","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent Web®                                             ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"43d99d65d9d4b9032de43c69dae64634","hashSHA1":"b646d81cee3ff0b332b99262ce0f923af756fe6d","hashSHA256":"0dad61eb242e390be7148d733bcd32b8868ffa0437623c722562b745fe8c970c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"966","avBlockList":["COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Malwarebytes Premium (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)"],"avAllowList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","Kaspersky Internet Security (20231214)","McAfee Total Protection (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","Trend Micro Internet Security (20231214)","VIPRE Advanced Security (20231214)","Windows Defender (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete","sourceIndex":"966"}],"sampleFiles":["230724/bittorrentweb-211217/1.3.0.5669/Samples/btweb_installer.exe"],"imageFiles":["230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-043/ACR-043.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-042/ACR-042.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-048/ACR-048.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-084/ACR-084.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-097/ACR-097.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-118/ACR-118.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-013/ACR-013.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-013/ACR-013_1.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-013/ACR-013_2.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-060/ACR-060.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-060/ACR-060_1.PNG","230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["230724/bittorrentweb-211217/1.3.0.5669/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5669_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5669","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:36.438085+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":121},{"violations":{"ACR-042":"App drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb.exe","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"9ef817010027ca56e06e405864da534c","hashSHA1":"094b8955eccf1673c8e67390ff701849a0f071d8","hashSHA256":"464226174594698570d19e690055155577cd43e8d6d046b049b9867fc93d69c4","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"929","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"40b9e2a146949767907a52e327f11d9e","hashSHA1":"c078450977d2e981955852d63739668d5772c218","hashSHA256":"8d1c7db73682627fdafa022916fc545a4c63c9b3d84121da5aa511b96070e1df","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"929","avBlockList":["COMODO Antivirus (20230803)","Dr.Web Security Space (20230803)","ESET Internet Security (20230803)","G DATA INTERNET SECURITY (20230803)","K7 Total Security (20230803)","Malwarebytes Premium (20230803)","Norton Security (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","VirIT eXplorer PRO (20230803)","Webroot SecureAnywhere (20230803)"],"avAllowList":["360 Total Security (20230803)","Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","Bitdefender Internet Security (20230803)","Kaspersky Internet Security (20230803)","McAfee Total Protection (20230803)","Panda Dome (20230803)","Quick Heal Internet Security (20230803)","Total AV Antivirus Pro (20230803)","Trend Micro Internet Security (20230803)","VIPRE Advanced Security (20230803)","Windows Defender (20230803)"]},{"isRevoked":"False","fileName":"btweb_installer1.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"fbfc3977bf50a4cdd1ae5f631bd0c97b","hashSHA1":"b26dc0de3011b87040f261fa5974470be6799f09","hashSHA256":"d49e4b69ec14610ab71c05001578df3ea895843b6885054c4f88f3da4d865d52","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"929","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"929"}],"sampleFiles":["231116/bittorrentweb-211217/1.3.0.5671/Samples/btweb.exe","231116/bittorrentweb-211217/1.3.0.5671/Samples/btweb_installer.exe","231116/bittorrentweb-211217/1.3.0.5671/Samples/btweb_installer1.exe"],"imageFiles":["231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-043/BTW_ACR-043.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-042/BTW_ACR-042_043.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-048/ACR-048.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-084/backgroundprocess.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-097/FirewallException.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-118/ACR-118.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-013/OptionalOffer.jpg","231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":["231116/bittorrentweb-211217/1.3.0.5671/Images/ACR-123/ACR-123.jpg"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5671_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5671","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:35.7714429+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":119},{"violations":{"ACR-043":"The \"Bit Torrent Web\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe-60d23f44909c285f7307d3b630f79c117f1332a9e37dc75ecfa72f4b51eec21a","isInstaller":"True","fileVersion":"1.3","hashMD5":"0cb9101da3c390db15e13219166c8fc1","hashSHA1":"cfb9ab8d2bcb88fba04c16e99becde2a374e7a97","hashSHA256":"60d23f44909c285f7307d3b630f79c117f1332a9e37dc75ecfa72f4b51eec21a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1179","avBlockList":["COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","ESET Internet Security (20230328)","K7 Total Security (20230328)","Malwarebytes Premium (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Quick Heal Internet Security (20230328)","Sophos Home Premium (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)"],"avAllowList":["360 Total Security (20230328)","Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","Bitdefender Internet Security (20230328)","G DATA INTERNET SECURITY (20230328)","Kaspersky Internet Security (20230328)","McAfee Total Protection (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","Trend Micro Internet Security (20230328)","VIPRE Advanced Security (20230328)","Windows Defender (20230328)"]},{"isRevoked":"False","fileName":"btweb.exe-2cdcc1c24ba6f62d153c1b23674261bd0ede0b686d1ee8a423f986a0ee8cc728","companyName":"BitTorrent Inc.","fileVersion":"1.3","hashMD5":"b2f369da8f56b1adc3fe3b071a5b5d4a","hashSHA1":"479be442cef3633fabb37f2b61b7731def27e0f5","hashSHA256":"2cdcc1c24ba6f62d153c1b23674261bd0ede0b686d1ee8a423f986a0ee8cc728","digitalCertThumbprint":"8AA7548C2D041AA6E6EEEF1E0910EC8B959BEBA9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1179","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","companyName":"BitTorrent Inc.","fileVersion":"2.1","hashMD5":"0c837d99d77466bb61788fa30b4470fe","hashSHA1":"02d1d3ab0b30b77a3ecae78058a672ba1ea5076d","hashSHA256":"dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","digitalCertThumbprint":"94B5B937366BAF324364380B0694A0D8E32A08E2","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1179","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"02becd6db70e149d4e812acbaca65618","hashSHA1":"5a3d778b829c0682d468b6c7d73891d0e5fae6fa","hashSHA256":"94c8b7b8286cfb0a56f388ef7723f4f6cf3e06f9522a94b788ca7e4847c80ca7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"1179","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://download-new.utorrent.com/endpoint/btweb/os/windows/track/stable","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.utorrent.com/endpoint/btweb/os/windows/track/stable","sourceIndex":"1179"}],"sampleFiles":["230402/bittorrentweb-211217/1.3.0.5655/Samples/btweb_installer.exe-60d23f44909c285f7307d3b630f79c117f1332a9e37dc75ecfa72f4b51eec21a","230402/bittorrentweb-211217/1.3.0.5655/Samples/btweb.exe-2cdcc1c24ba6f62d153c1b23674261bd0ede0b686d1ee8a423f986a0ee8cc728","230402/bittorrentweb-211217/1.3.0.5655/Samples/helper.exe-dbedd973360c6952a406ec765e7c766c3940a5e8c5aa9763172497bea51d1e93","230402/bittorrentweb-211217/1.3.0.5655/Samples/btweb_installer.exe"],"imageFiles":["230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-043/ACR-043.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-048/ACR-048.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-084/ACR-084.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-118/ACR-118.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-013/ACR-013_1.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-013/ACR-013_2.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-013/ACR-013_3.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-060/ACR-060_1.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-060/ACR-060_2.png","230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-060/ACR-060_3.png"],"nonDeceptorImageFiles":["230402/bittorrentweb-211217/1.3.0.5655/Images/ACR-123/ACR-123.png"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5655_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5655","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:42.9857114+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":124},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"Rainberry Inc.","productName":"BitTorrent Web","productVersion":"1.4.0.5714","fileVersion":"1.4.0.5714","hashMD5":"843fec5937e94f75764201ceef51cb0d","hashSHA1":"8b64c7f4d0fdbb3461468955c3549c378ed09fd6","hashSHA256":"c65658bda4c9e4a9d684d949e2f6ab2956236a309fc451e7aa73c85b192146fc","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"c17b82dc918c8b81fd64245b58d56f0b","hashSHA1":"ad0971a6a54fcebb5ac21227169dcb668eb89f28","hashSHA256":"1d73c3b830dc141dfbc80865c4454d46ff2fd1afd9d3f0ba0ba10733574b101d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"785","avBlockList":["Bitdefender Internet Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","K7 Total Security (20240606)","Malwarebytes Premium (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Kaspersky Internet Security (20240606)","McAfee Total Protection (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","Trend Micro Internet Security (20240606)","Windows Defender (20240606)"]},{"isRevoked":"False","fileName":"btweb_installer_231027.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"574595d96616423d0b0db6d6d3b5172b","hashSHA1":"c4c85a3da62ab6c2e8e5ff1cfe540079687290a4","hashSHA256":"d63dc4572faf076069f8228a401e43150795c087c733c9d44d8fc80ac48c430d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231030.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"7c2174b8a1b3d9a3a52bba93e98c0442","hashSHA1":"0bf1a2f2c07e3eea7d8d8b7f903bbc7420a79e9e","hashSHA256":"005eef170e4d5d7a5beb735945a0f7c93b4815b269b2248edd07af4b57bf9cef","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231031.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"8d2712ecd587d19fb8b66dd3ee40161b","hashSHA1":"ae6abbaf399b76e42fa34ff7d1e720e185201adf","hashSHA256":"fc63a57f772f79b8fd4c3b170b1bee808227caae55b68551c9d39e828cf218fc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231031_1.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"dee98aafa8278f654b13d70b91bf176e","hashSHA1":"28a6f87b4d169aa925c5ffcf4d092116b6ca7117","hashSHA256":"681f3c20e6b870d5ecbe88522d4e4b4e7506fc28b366d78300cc032c2194f149","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231102.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b225495f32a078b0b49265a79089d829","hashSHA1":"5252b47834caae48bae5a3a0877fd52f0ac792d5","hashSHA256":"fe69cb414c5da0cc9a95fc3ed9ac9836b9be350825f191a828cb8291f4cc733f","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231103.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"599986ff19b85d2f76a257493c674dde","hashSHA1":"65c219d0f2c3aaa4b2cefc95bfe6b115a4a6d57c","hashSHA256":"72a3ed44045a94be3de8667d5945d31b64075aa188e27a48a10fed3a86eb82eb","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_1.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c7848e55b0883548fed699baa89486bf","hashSHA1":"b4665bbca06c579615dede0d56a415e67c741316","hashSHA256":"85b2623fb1851b2e86701030e13e5fc41301551c29b00715be5871fd74d49eb9","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231108.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6128f01f81531f9f63ab2e3a4f44af89","hashSHA1":"1355e60fb92a63034be06f1fbecd80ebb478a673","hashSHA256":"a7340f3fdc75b2206704337939ea1b9e383a2de5f432f5aeb7156942ab8f83c3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231113.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"0a6e3332c3526c642eb52387c95731c5","hashSHA1":"856a1ab0681c19a679fa53e75d0b307d55df517c","hashSHA256":"212546cc560442feac890e6342b1bacd895eac775fe2fd690d0fd74d58e990f2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231114.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c7bf68e79949e40ad79d8b6f23876206","hashSHA1":"5bf35091c9f898b9c1f0d32a9f3f3f378be42e87","hashSHA256":"2d8d6793c3527b2b3e4e81868cb19ab1aec4fccc818ef80690751feb19ce37bc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231115.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"926f0a5d14255c73d209415608b5d02d","hashSHA1":"95d7218afe0c88b625710b6ecc005c110cff7768","hashSHA256":"fab642d23384cb701a769adeeb52f944339a603ecbed3221e495031a5c290f79","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231116.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"f428375a4abea3c8c8ccd4c0e3fc95ab","hashSHA1":"986fd2ae3dc1e8db0ee94b3249a7f0129c8f1cb7","hashSHA256":"ddb68d8aebadf7af72d1668977f245a9fc12a21deb41af9de69e4bf7cffd0cf6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231116_2.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"9834bf388e674b1f30434ebf93016b7b","hashSHA1":"49da30dee1011ac27812a39d18a42140eba37f48","hashSHA256":"7ac37751ea62744d780ecaddc4d649e6130ff3a0f3b472badda3fa3e01ef302c","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231120.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"43fa7ac5f771f88847c2ed076acf35a1","hashSHA1":"78d3186e9768a3956e853f93bbe16609b976a263","hashSHA256":"5b4ec55c45a7d333c6cacc66ed5220397da0b10af654418e068f3f3fe9c21cd3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231124.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6a036532537407d3946e267b8a494342","hashSHA1":"686ee80a1553739ab0c997fd63995d67b674bb75","hashSHA256":"25418c361e9a779c48eb862821b78046bf777186762d18088876aa6a3dbf1aba","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231204.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"91c9340b4f11c9dbd7acb658dc2774cd","hashSHA1":"945776861a3eeca8495d93e6bccf20c4fbe9b902","hashSHA256":"f0368d67d70e8ccb216f708a0ce470f83ce85ebab5574810ae585e5ddf0fd3ff","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231211.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4fac565325a98a3f6effeec552647c9f","hashSHA1":"356cd29cbdb43e7a5647dba4b4000a39a6fbadbf","hashSHA256":"20f57b91e4bc25cd8a917c6e5ecb6aae9ade392fd5c73502b63d3b8035a04f84","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"785","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent app","reference":"","landingPage":"https://www.bittorrent.com/products/win/bittorrent-web-free/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete","sourceIndex":"785"}],"sampleFiles":["231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231027.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231030.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231031.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231031_1.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231102.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231103.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_1.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231108.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231113.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231114.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231115.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231116.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231116_2.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231120.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231124.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231204.exe","231211/bittorrentweb-211217/1.4.0.5714/Samples/btweb_installer_231211.exe"],"imageFiles":["231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-042/ACR-042.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-048/ACR-048.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-084/ACR-084.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-097/ACR-097.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-118/ACR-118.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-013/ACR-013.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-013/ACR-013_1.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-013/ACR-013_2.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-060/ACR-060.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-060/ACR-060_1.PNG","231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["231211/bittorrentweb-211217/1.4.0.5714/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5714_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5714","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:31.1504755+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":117},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BitTorrent Web®                                             ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"34310ad5f34b0634eea7aba3dc4d6206","hashSHA1":"67a697ddf617531f99d64e1f00d00121f43746c5","hashSHA256":"752473427c2ef04856e413e070a62569056e7bf4e9ac801e0aa7f7dd74c61627","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"703","avBlockList":["COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","K7 Total Security (20240507)","Malwarebytes Premium (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)"],"avAllowList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","Avira Internet Security (20240507)","Bitdefender Internet Security (20240507)","Kaspersky Internet Security (20240507)","McAfee Total Protection (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","Trend Micro Internet Security (20240507)","VIPRE Advanced Security (20240507)","Windows Defender (20240507)"]},{"isRevoked":"False","fileName":"btweb_installer_240103.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"5bf4ea7eb22a95c8d3a43d9a0f8c007d","hashSHA1":"21fcf6d66a4e7a245479577c6251554558bf1a98","hashSHA256":"67e2f8a9bca4e2e2bff12876ed2e4c410001d5ce4390b8a74b4fb03825d9559a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240109.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"ae83a93c310106117ff20c746ff30e21","hashSHA1":"b5a3ac8e3972591405ffe96f014a3a941686142f","hashSHA256":"b18bcbbfb660a7b58fdf687fea9108f5bef7929c158aa2a502b860be7e0a7115","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_220124.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"19fd9713007d0fae0fbf8b8fdab256c3","hashSHA1":"f8f1e4650c99f52fe10663ca0b9a98a4148e5a99","hashSHA256":"af3f1c47ff42ef3e30e2d7df2501716a80e57169d21344a1509ec299aa56aaca","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240130.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"14c7ce858604b87a911a4e247e72bb19","hashSHA1":"06fc6370428f8b503369c389bacd05dcf445a357","hashSHA256":"ee8819a8081df3a7de82de6e2272eba108b90a412628da9f4a0da440901e9ee1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer-240202.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"96eeb17d34f40155c6c82f49a00738f4","hashSHA1":"faa30603433df2c990e8f08eb35965832c894d35","hashSHA256":"01a62bef97ce0e94822c44b8e33dfb57720c8f2c8a793b2e786583920c7ea319","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240206.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"c17c937a772d57a1620850c2f4b46e7b","hashSHA1":"507e805f2c75bc5698174acfdd8ec5497117c979","hashSHA256":"c660450288bf0c13358e852821f2d4833c91f98e84b468118ab7e11dd06fba03","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240207.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"0a2adcac3e3701adcffdb59d83412130","hashSHA1":"ca9478368eb956d726b819e7f28eba37fb943bcd","hashSHA256":"42619e7b8065e2f8484a9f1e5f36454f27ec88919ea9d2a6b45346ad54e9fe0a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240208.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"9852103c55831400fbfb41ae7f9c2d21","hashSHA1":"4d1f88566e4b9e401828da9e4b21e1d57b7ef18a","hashSHA256":"584cb04d8b5e84d410231f201ace1f70002136f3f00fd668216bb78f8ac06735","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240213.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"cb1432bf184a02298761e170d6b07c6e","hashSHA1":"85b0877cba06ca900f8a8a36e00daaa362a2542a","hashSHA256":"6766df97f4b38ac265746360dbb0c759a2ea50aec2b740fd2eeb35599b00fc24","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240214.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1525dbd62f60cd909877607c72c00201","hashSHA1":"05fc87ef3862725ba643705b5c501f744ed56e98","hashSHA256":"00061334f474eb35a12a1f9051b452db3bd9a426b98a57a698e3e1167e2d8941","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240215.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"71e177c4ae71077b904dd8aba4ef18c4","hashSHA1":"d68f6fc2975e6b9e7302ba40f5dbb83f1a6cfd1f","hashSHA256":"b53bb8f0bdfa08c1000c721a0289234b9ddc7d300c4d2b3b43e0f11835a96823","digitalCertThumbprint":"2454B8E0EA6E609AEF03C83090EE29C284BA586C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, OU=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240301.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"b2919ccca8bbbd5a1431d5213026066f","hashSHA1":"c3f7c696529c769807eb7aaa955f4bf7c03816d6","hashSHA256":"0834a7625567235f074c2490dc1f1c8714e22d75acf5112999f1f38c6a9261f2","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240307.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"5efa87f83c62d67aaea96f6c74cd486b","hashSHA1":"fe197606df6dce0194554732d7e7fe1017a0c378","hashSHA256":"273bd527ac506ef4c5b5830ac1b13eb423d431f96c81fde1282c98b267b4de47","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240311.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"fd6fd1ce8fbcf43faa48601fc38bae6b","hashSHA1":"15ce0a466f48b28d44342d8ce42ffc134b2119d7","hashSHA256":"20dd847ac9f5251cf884844ad0b2dc34637c40efa7737e8ef7394271957d6599","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240321.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"f12f25f41a7c8c29bf896347a5f233f2","hashSHA1":"9615251d36c21b4c8b19cd0e4d04691df681f47b","hashSHA256":"169911e4f24793c1fc8881970f5a9e8bd5e9e12819a568f978173723d9d436f6","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"703","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"703"}],"sampleFiles":["240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240103.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240109.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_220124.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240130.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer-240202.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240206.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240207.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240208.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240213.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240214.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240215.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240301.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240307.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240311.exe","240321/bittorrentweb-211217/1.4.0.5759/Samples/btweb_installer_240321.exe"],"imageFiles":["240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-042/ACR-042_Install_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-048/ACR-048_Install_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-014/ACR-014_Install_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-084/ACR-084_Software_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-097/ACR-097_Software_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-118/ACR-118_Uninstall_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-013/ACR-013_Install_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-013/ACR-013_Install_2.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240321/bittorrentweb-211217/1.4.0.5759/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5759_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5759","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:28.2612072+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":116},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"fea79d2a2708a6bd0ef13c7e036e409e","hashSHA1":"0bc8fc5255e82ce9cd95ac047f4219013ff6f771","hashSHA256":"5c90228823fbd9c277130f15da8ad754f5b207cb5626aded1e6db6f1ab2242d3","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"642","avBlockList":["COMODO Antivirus (20240418)","Dr.Web Security Space (20240418)","ESET Internet Security (20240418)","K7 Total Security (20240418)","Malwarebytes Premium (20240418)","Norton Security (20240418)","Sophos Home Premium (20240418)","VirIT eXplorer PRO (20240418)","Webroot SecureAnywhere (20240418)"],"avAllowList":["360 Total Security (20240418)","Avast Premium Security (20240418)","AVG Internet Security (20240418)","Avira Internet Security (20240418)","Bitdefender Internet Security (20240418)","G DATA INTERNET SECURITY (20240418)","Kaspersky Internet Security (20240418)","McAfee Total Protection (20240418)","Panda Dome (20240418)","Quick Heal Internet Security (20240418)","SpyHunter5 (20240418)","Total AV Antivirus Pro (20240418)","Trend Micro Internet Security (20240418)","VIPRE Advanced Security (20240418)","Windows Defender (20240418)"]},{"isRevoked":"False","fileName":"btweb_installer_240403.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"90c65f2eef4fb0fde06e4438516fc7bf","hashSHA1":"95f0c89074a6f3836f599a683ab97df24fcc0f37","hashSHA256":"17ab35a9af6f01a416780732ea5a4e913264de38815a81942570a96ad6fa035d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":["COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Malwarebytes Premium (20240820)","Norton Security (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","Total AV Antivirus Pro (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)"],"avAllowList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","G DATA INTERNET SECURITY (20240820)","KasperskyPremium (20240820)","McAfee Total Protection (20240820)","Panda Dome (20240820)","SpyHunter5 (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","Windows Defender (20240820)"]},{"isRevoked":"False","fileName":"btweb_installer_240405.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"4f703da2d3ec46740a47d99700901200","hashSHA1":"859da0b9e19cd9d9ceac593e017cc4e3fcdb1366","hashSHA256":"0eb430f432882988b4daf11381d74f8908b976dece37ae12102de51c42a8ee94","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240408.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6521003dc3a754efa45488de755aa668","hashSHA1":"84eda07e20228b7840ebccb62ab75631a1be7609","hashSHA256":"77e763b5038298d9a8e0fca92c50f44ed579ee53569bcac278c38e04db4e8ec7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240410.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"fa1294d0f1ec079ab22981fd28a4bba9","hashSHA1":"6c2bc45d776100b4c24358449a95ab8eec06a9b3","hashSHA256":"6edce25fd334402abb67ab74e928317cbc0aa19fa6a9be4c6cf13f5d4f0070fd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240412.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1a87e758e0ca4465aa9627f614d1e21a","hashSHA1":"39e7c5251e4f8369d7abe80952ced304472c633c","hashSHA256":"46c8199f91013cb2b13882658c433dda04a991665869d3c677009ddfc1965af1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240418.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d4a246b11f90dcde0590bf609fd817a6","hashSHA1":"37d546136ea00562a8b59b6a08e10157e12cc5a2","hashSHA256":"32457194643e2a93fc9e10e5b94496d37320bd7c8a4a9554cbfc1ea2ac812636","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","K7 Total Security (20240806)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","KasperskyPremium (20240806)","McAfee Total Protection (20240806)","Panda Dome (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)"]},{"isRevoked":"False","fileName":"btweb_installer_240422.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"a0af78d3d8e14da139a3a7d9d751efe4","hashSHA1":"c1bc52c8f76d40f26c36250aa90a2c41d5f58a46","hashSHA256":"c1e761ffcd82c3b1f4b0d40ec9bccead982999031ae9bae84a5e7464d3b3dc7a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"btweb_installer_240510.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"25938d1a2c77cf00c47719bac2bd2eda","hashSHA1":"4384c49bd461a3e24590497677349dbc23cb8b7c","hashSHA256":"88a12181a722e8dca5cf65f7e0277601d7731ee5ac5a404e1c3818df5da1d2f1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"642","avBlockList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)"],"avAllowList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","K7 Total Security (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Quick Heal Internet Security (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Windows Defender (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"642"}],"sampleFiles":["240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240403.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240405.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240408.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240410.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240412.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240418.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240422.exe","240521/bittorrentweb-211217/1.4.0.5768/Samples/btweb_installer_240510.exe"],"imageFiles":["240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-048/ACR-048.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-084/ACR-084.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-097/ACR-097.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-118/ACR-118.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-014/ACR-014.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-013/ACR-013.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-013/ACR-013_1.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-013/ACR-013_2.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-060/ACR-060.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-060/ACR-060_1.PNG","240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240521/bittorrentweb-211217/1.4.0.5768/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5768_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5768","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:26.7092532+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":115},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"a0af78d3d8e14da139a3a7d9d751efe4","hashSHA1":"c1bc52c8f76d40f26c36250aa90a2c41d5f58a46","hashSHA256":"c1e761ffcd82c3b1f4b0d40ec9bccead982999031ae9bae84a5e7464d3b3dc7a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"609","avBlockList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"btweb_installer_240528.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"d4a246b11f90dcde0590bf609fd817a6","hashSHA1":"37d546136ea00562a8b59b6a08e10157e12cc5a2","hashSHA256":"32457194643e2a93fc9e10e5b94496d37320bd7c8a4a9554cbfc1ea2ac812636","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","K7 Total Security (20240806)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","KasperskyPremium (20240806)","McAfee Total Protection (20240806)","Panda Dome (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)"]},{"isRevoked":"False","fileName":"btweb_installer_240530.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"1a87e758e0ca4465aa9627f614d1e21a","hashSHA1":"39e7c5251e4f8369d7abe80952ced304472c633c","hashSHA256":"46c8199f91013cb2b13882658c433dda04a991665869d3c677009ddfc1965af1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240530_1.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"25938d1a2c77cf00c47719bac2bd2eda","hashSHA1":"4384c49bd461a3e24590497677349dbc23cb8b7c","hashSHA256":"88a12181a722e8dca5cf65f7e0277601d7731ee5ac5a404e1c3818df5da1d2f1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)"],"avAllowList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","K7 Total Security (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Quick Heal Internet Security (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Windows Defender (20240903)"]},{"isRevoked":"False","fileName":"btweb_installer_240605.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"6521003dc3a754efa45488de755aa668","hashSHA1":"84eda07e20228b7840ebccb62ab75631a1be7609","hashSHA256":"77e763b5038298d9a8e0fca92c50f44ed579ee53569bcac278c38e04db4e8ec7","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_240607.exe","isInstaller":"True","fileVersion":"1.4","hashMD5":"90c65f2eef4fb0fde06e4438516fc7bf","hashSHA1":"95f0c89074a6f3836f599a683ab97df24fcc0f37","hashSHA256":"17ab35a9af6f01a416780732ea5a4e913264de38815a81942570a96ad6fa035d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"609","avBlockList":["COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Malwarebytes Premium (20240820)","Norton Security (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","Total AV Antivirus Pro (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)"],"avAllowList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","G DATA INTERNET SECURITY (20240820)","KasperskyPremium (20240820)","McAfee Total Protection (20240820)","Panda Dome (20240820)","SpyHunter5 (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","Windows Defender (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"609"}],"sampleFiles":["240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240528.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240530.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240530_1.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240605.exe","240709/bittorrentweb-211217/1.4.0.5822/Samples/btweb_installer_240607.exe"],"imageFiles":["240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-048/ACR-048.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-084/ACR-084.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-097/ACR-097.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-118/ACR-118.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-014/ACR-014.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-013/ACR-013.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-013/ACR-013_1.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-013/ACR-013_2.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-060/ACR-060.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-060/ACR-060_1.PNG","240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240709/bittorrentweb-211217/1.4.0.5822/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5822_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5822","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:25.5905604+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":114},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"d4a246b11f90dcde0590bf609fd817a6","hashSHA1":"37d546136ea00562a8b59b6a08e10157e12cc5a2","hashSHA256":"32457194643e2a93fc9e10e5b94496d37320bd7c8a4a9554cbfc1ea2ac812636","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"593","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","K7 Total Security (20240806)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","KasperskyPremium (20240806)","McAfee Total Protection (20240806)","Panda Dome (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","Windows Defender (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"593"}],"sampleFiles":["240715/bittorrentweb-211217/1.4.0.5825/Samples/btweb_installer.exe"],"imageFiles":["240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-048/ACR-048.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-084/ACR-084.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-097/ACR-097.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-118/ACR-118.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-014/ACR-014.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-013/ACR-013.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-013/ACR-013_1.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-013/ACR-013_2.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-060/ACR-060.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-060/ACR-060_1.PNG","240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240715/bittorrentweb-211217/1.4.0.5825/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5825_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5825","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:24.9200285+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":113},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"25938d1a2c77cf00c47719bac2bd2eda","hashSHA1":"4384c49bd461a3e24590497677349dbc23cb8b7c","hashSHA256":"88a12181a722e8dca5cf65f7e0277601d7731ee5ac5a404e1c3818df5da1d2f1","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"576","avBlockList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)"],"avAllowList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","K7 Total Security (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Quick Heal Internet Security (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Windows Defender (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"576"}],"sampleFiles":["240805/bittorrentweb-211217/1.4.0.5828/Samples/btweb_installer.exe"],"imageFiles":["240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-048/ACR-048.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-084/ACR-084.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-097/ACR-097.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-118/ACR-118.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-014/ACR-014.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-013/ACR-013.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-013/ACR-013_1.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-013/ACR-013_2.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-060/ACR-060.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-060/ACR-060_1.PNG","240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240805/bittorrentweb-211217/1.4.0.5828/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5828_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5828","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:24.4113395+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":112},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtТorrеnt Web®                                             ","productVersion":"1.4                                               ","fileVersion":"1.4                 ","hashMD5":"13dbfeb74ba504b96a297ec4e7962b2a","hashSHA1":"dabdf7fc4de85016bb6b88f46493ac4c9a37ddde","hashSHA256":"208b2c6cd28f96a824f6e3ab53b5b60d703e6a932b37e15f3c4ab4bc8b6301e0","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"557","avBlockList":["COMODO Antivirus (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","Malwarebytes Premium (20260205)","Panda Dome (20260205)","Sophos Home Premium (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)","Windows Defender (20260205)"],"avAllowList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","KasperskyPremium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Quick Heal Internet Security (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","Trend Micro Internet Security (20260205)","VIPRE Advanced Security (20260205)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"557"}],"sampleFiles":["240905/bittorrentweb-211217/1.4.0.5871/Samples/btweb_installer.exe"],"imageFiles":["240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-048/ACR-048.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-084/ACR-084.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-097/ACR-097.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-118/ACR-118.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-014/ACR-014.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-013/ACR-013.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-013/ACR-013_1.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-013/ACR-013_2.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-060/ACR-060.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-060/ACR-060_1.PNG","240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240905/bittorrentweb-211217/1.4.0.5871/Images/ACR-123/ACR-123.PNG"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.4.0.5871_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.4.0.5871","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:23.8154566+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":111},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components in \"C:\\Users\\User\\AppData\\Roaming\" path, instead of a standard location.\n","ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","productName":"ΒitTοrrent Web®","productVersion":"1.4.0","fileVersion":"1.4.0","hashMD5":"2903d9371d9470fc24aa12a9661f570d","hashSHA1":"2c44e0dadb9b23fd4a56892cc4bd19e5cc7e4de5","hashSHA256":"0fd55b0101b713f2e0afe5ef1117d8ecf4753a036f9ffef8dec45cda9af255a8","digitalCertThumbprint":"03F072F141084FFE88CF28E65258CEE35071F961","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cassini Labs Ltd, O=Cassini Labs Ltd, S=Tel Aviv, C=IL, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=514758457","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"122","avBlockList":["360 Total Security (20260428)","Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","G DATA INTERNET SECURITY (20260428)","K7 Total Security (20260428)","Malwarebytes Premium (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","VIPRE Advanced Security (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)","Windows Defender (20260428)"],"avAllowList":["Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","Dr.Web Security Space (20260428)","KasperskyPremium (20260428)","McAfee Total Protection (20260428)","Norton Security (20260428)","Total AV Antivirus Pro (20260428)","Trend Micro Internet Security (20260428)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/bea2b202-165d-46a5-b153-6bc219165a15","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/bea2b202-165d-46a5-b153-6bc219165a15","sourceIndex":"122"}],"sampleFiles":["260204/bittorrentweb-211217/1.5.0.6335/Samples/btweb_installer.exe"],"imageFiles":["260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-048/ACR-048.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-084/ACR-084.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-097/ACR-097.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-118/ACR-118.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-013/offer1.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-013/offer2.png"],"nonDeceptorImageFiles":["260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-040/ACR-040.png","260204/bittorrentweb-211217/1.5.0.6335/Images/ACR-123/ACR-123.png"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.5.0.6335_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.5.0.6335","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:10.427792+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":110},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup even after uninstall and reboot. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\BitTorrent Web\\btweb.exe","companyName":"BitTorrent Inc.","productName":"BitTorrent Web","productVersion":"1.3.0.5672","fileVersion":"1.3.0.5672","hashMD5":"ec03f7797d56ff1f8a0362da7abd6ee8","hashSHA1":"647dfd7548a52b0cbb5a9158eb205527734db787","hashSHA256":"5e50a17acfa2fd781c2dc042bec64694ff58a10e1e1bc226f8b93f014a9ad3fe","digitalCertThumbprint":"09AFB68255629E565090CAC7EA49AAD67143FA93","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"BіtTorrent Web®                                         ","productVersion":"1.3                                          ","fileVersion":"1.3                 ","hashMD5":"113f239ad9036810ee3a54687c87d604","hashSHA1":"0501131a733948444f8aafc832bf94fd788f6f24","hashSHA256":"39637b6bfb998aef33ee067095ade1095cfb8ebe11db7a11af9b3291893cbacc","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Rainberry Inc","storeId":"","sourceIndex":"836","avBlockList":["COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Malwarebytes Premium (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)"],"avAllowList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","Kaspersky Internet Security (20240625)","McAfee Total Protection (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","Windows Defender (20240625)"]},{"isRevoked":"False","fileName":"btweb_installer_230814.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"be669526b53fdc2df31747f4127f1fb1","hashSHA1":"a36bccb2946e7157fe3e6eb1d32c15b0a11921e5","hashSHA256":"87d1615f8869a7d12a0196f3a262e7cc066499d9dd34408131db6e0fbbefca7b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":["COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","FortectPremium (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Bitdefender Internet Security (20240808)","KasperskyPremium (20240808)","McAfee Total Protection (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","Windows Defender (20240808)"]},{"isRevoked":"False","fileName":"btweb_installer_230815.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"bf451198883666440143320fd6a01eac","hashSHA1":"f454b950440412872b4d376011e50f6e8bc9289f","hashSHA256":"0129c5ac825784b2b38a91713afd90152d1e3d23d8a69946c0e1235c4942f48b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":["COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","FortectPremium (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)"],"avAllowList":["360 Total Security (20240815)","Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","KasperskyPremium (20240815)","McAfee Total Protection (20240815)","SpyHunter5 (20240815)","VIPRE Advanced Security (20240815)","Windows Defender (20240815)"]},{"isRevoked":"False","fileName":"btweb_installer_230816.exe","isInstaller":"True","productName":"BіtTorrent Web®   ","productVersion":"1.3","fileVersion":"1.3","hashMD5":"7ce4f35fcc0ac7a9dc8ae0218c9c7e69","hashSHA1":"3eb66d0213f28836a8bd2c6a520988c998c200f3","hashSHA256":"ba6422748c47d7fe4930f05cad2bbc8474f9109e8dbf48c501ff9dd1061b093a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230818.exe","isInstaller":"True","productName":"BіtTorrent Web®  ","productVersion":"1.3","fileVersion":"1.3","hashMD5":"cd5b1cb0f6028218e97371372e2a39fb","hashSHA1":"f34e3856020798e847ec294572aba132d156a5d6","hashSHA256":"f48dfda671c9a06098e450583348618f38b0a038edc278ecd9ce19eda01ae7fe","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230822.exe","isInstaller":"True","productName":"BіtTorrent Web® ","productVersion":"1.3","fileVersion":"1.3","hashMD5":"df7d8049ba636943ec3774f642158888","hashSHA1":"f4378bfe64f6b4f7dbb77d7109d2cf9a9f1548f5","hashSHA256":"94cb8ba7b16b157f113a65def94eb9d7d8d7777d3a7fff077b5bf166ed0b447d","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230829.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"c70664f30983ad1ff62d614d92022040","hashSHA1":"33c2b48e01247e5106bdacc48b54001e3e0dedeb","hashSHA256":"690b572ef919e2ffc7f3a45c2ee208bfd4068d9d7ad6520fb0f8b24ec1d688ee","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer230831.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"23fe0aa072a296ae26e69f3258428c6a","hashSHA1":"23f5335c0eba8f6496a7bb9c6f99c4c4d5312187","hashSHA256":"a33dcbd5b7c0b1d72c5156d4da37b6b8377a7d62748ec95869b4b0348879d4dd","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230904.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"e413ba9c41bf9b722c3b30aed4cb12e1","hashSHA1":"e6071b6aa0db7ef6c64e12af55851ea9a749069b","hashSHA256":"62b03bdcc3ccfdd77729c804e351a376dec7ee279cba9579914bfb3538a1a23a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installerr_230911.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"3e62688264fa886497f8cedc8064e963","hashSHA1":"f832195a31d1421be99b56e30ec5c216f7bdc174","hashSHA256":"07776cb64160fd4dc8542f6b702b7a22c1879af145b635a6263c7b922876317b","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230912.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"2b6f9cf6d20b897e3378758c4406a942","hashSHA1":"be40222072d5e2eeadf5a87b60e170ceba1047e8","hashSHA256":"cfe5d0431346c24a9a57ecb217e13a0d5f6ff785b719ddb19866d2e3cda8b5b8","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_20230915.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"c647bde45b8cd105de88b832f121d4c5","hashSHA1":"759a3e2095948a28248ff240ee3a1afa29ac26ea","hashSHA256":"1ea6814ad626efb231bc7b1711fed0d491d350eec9198cd6d1fa7a36b4cd5917","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_20230919.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"2e560c3397adc2dc8632e0943de4f6bd","hashSHA1":"f75f260f15e75032b4da4bc49b88a2736c279ee3","hashSHA256":"51cb3a3d2a43a26ad95be7878b3174d9c4ba525c0566c76c2b4aee923c130558","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230921.exe","isInstaller":"True","productName":"BіtTorrent Web®","productVersion":"1.3","fileVersion":"1.3","hashMD5":"1e61ae2b5c30ce17f56870a5e3dd9f94","hashSHA1":"4a55752d1aad5cc47260b9389bcbede99557a17f","hashSHA256":"589fc29b8a0fafbb96ce4de4a9feec5f8d3ddef3df8d207f687a6df6e65e5202","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_230926.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"2aa5c0243d175f815b602fadf0b7653d","hashSHA1":"9a469c80d15dd206bd23023fd95c2049ba279ad9","hashSHA256":"421193b140c3e1bd20ed3df23a28b27f9f925cec48a9c45eb8cd42641d6ca88a","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer-230928.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"dee98aafa8278f654b13d70b91bf176e","hashSHA1":"28a6f87b4d169aa925c5ffcf4d092116b6ca7117","hashSHA256":"681f3c20e6b870d5ecbe88522d4e4b4e7506fc28b366d78300cc032c2194f149","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231006.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"356ad79bb75ddc58956aca6e2720ffb0","hashSHA1":"cb39d687ce1e5ad3d835293155b204d00b4d27c0","hashSHA256":"24b0c91c872eb815cc8497fd32c73ba0da96efb6437318d0b6418d9191806091","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231009.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"e5a95e37435a115385140d4dba05b3c1","hashSHA1":"37168ee4eab78d0581a6d9c2c331c12a5ecf20df","hashSHA256":"b68300f796cb773137ad3be405e2ecdb8b7a9ceceba0084d67e119e241405b17","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231010.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"55b218f754313cda9d8802c95de9f8ae","hashSHA1":"04e3089cde566e9ef922090a9acb0facb6c0199a","hashSHA256":"f12185813fa57049943f12d48da28948f64a09ff640fa21609b8cf29faa09d83","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231011.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"887a8b5e1c6fc671bb6a9b7f35ea3452","hashSHA1":"ef9939b98b78a53122d79ecabcd48c6bf9efe6d8","hashSHA256":"4c469df93b6555af03bfefe673cb61777cce6bdb6461c2171d24269b97999eec","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"btweb_installer_231013.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"e5eeee13efc1db8eb4072b9043b1c00c","hashSHA1":"d2662be97ed86405e946719ce5a7fc76b8ca28ba","hashSHA256":"44d380587394648f57b8bc30b159b1129fe5d242dda50207a8fe1f35b8ab7641","digitalCertThumbprint":"804F289FB26C3708683D5342831B14CA8EBD2646","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US","sourceIndex":"836","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on torrent applications","reference":"","landingPage":"https://www.bittorrent.com/","directDownloadingLink":"https://www.bittorrent.com/downloads/complete/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bittorrent.com/downloads/complete/","sourceIndex":"836"}],"sampleFiles":["231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230814.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230815.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230816.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230818.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230822.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230829.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer230831.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230904.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installerr_230911.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230912.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_20230915.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_20230919.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230921.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_230926.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer-230928.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231006.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231009.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231010.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231011.exe","231028/bittorrentweb-211217/1.3.0.5672/Samples/btweb_installer_231013.exe"],"imageFiles":["231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-048/ACR-048_Install_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-084/ACR-084_Software_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-097/ACR-097_Software_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-118/ACR-118_Uninstall_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-013/ACR-013_Install_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-013/ACR-013_Install_2.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-013/ACR-013_Install_3.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_1.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_2.png","231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-060/ACR-060_In-bundle offers_3.png"],"nonDeceptorImageFiles":["231028/bittorrentweb-211217/1.3.0.5672/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"816175c9-984e-4c84-a8a4-98c0bd8788dd_1.3.0.5672_1","appID":"bittorrentweb-211217","dateAdded":"260204","deceptorType":"App","name":"Bit Torrent Web","company":"BitTorrent Inc.","version":"1.3.0.5672","lastKnownStatus":"1.2.7.4186;1.2.8.4523;1.2.9.4938;1.2.10.5208;1.3.0.5655;1.3.0.5665;1.3.0.5666;1.3.0.5669;1.3.0.5670;1.3.0.5671;1.3.0.5672;1.4.0.5714;1.4.0.5759;1.4.0.5768;1.4.0.5822;1.4.0.5825;1.4.0.5828;1.4.0.5871;1.5.0.6335","lastKnownDate":"260204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:32.1564355+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":118},{"violations":{"ACR-004":"The app offers no free fix/recovery instead requires a paid subscription to address the issues.\n","ACR-118":"In the attempt to uninstal, it retains executables and its other components.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cool-data-recovery.exe","isInstaller":"True","hashMD5":"13558a0a6c7bf8ce736f5d83c0a0ef1c","hashSHA1":"cab77f2b204c850679244562355ec8e4d0111bc0","hashSHA256":"382ded8026bc229e58073c5bba706e6b19ad14a9b29a892fdaf3a1e5e79c0b95","digitalCertThumbprint":"09D40BDB67F06A8D17AED0B66EE1E9F50263A2BD","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", O=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", S=广东省, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91440300695594115R","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"123","avBlockList":["360 Total Security (20260428)","Avast Premium Security (20260428)","AVG Internet Security (20260428)","Avira Internet Security (20260428)","ESET Internet Security (20260428)","FortectPremium (20260428)","K7 Total Security (20260428)","Malwarebytes Premium (20260428)","Norton Security (20260428)","Panda Dome (20260428)","Quick Heal Internet Security (20260428)","Sophos Home Premium (20260428)","SpyHunter5 (20260428)","Total AV Antivirus Pro (20260428)","VirIT eXplorer PRO (20260428)","Webroot SecureAnywhere (20260428)"],"avAllowList":["Bitdefender Internet Security (20260428)","COMODO Antivirus (20260428)","Dr.Web Security Space (20260428)","G DATA INTERNET SECURITY (20260428)","KasperskyPremium (20260428)","McAfee Total Protection (20260428)","Trend Micro Internet Security (20260428)","VIPRE Advanced Security (20260428)","Windows Defender (20260428)"]},{"isRevoked":"False","fileName":"Coolmuster%20Data%20Recovery.exe","productName":"DiskDataRecoveryManager Module","productVersion":"1.0.2.1","fileVersion":"1.0.2.1","hashMD5":"8de4a077a32154e4d6819f74a8125782","hashSHA1":"904a03deea7651a7af8cc0d18afc1425de6444c2","hashSHA256":"7810bf6ffde1b6913d9bd7dd495f3e1b25abe07c55aaa577d6481b5b6e218889","digitalCertThumbprint":"09D40BDB67F06A8D17AED0B66EE1E9F50263A2BD","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", O=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", S=广东省, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91440300695594115R","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"123","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskDataRecovery.exe","companyName":"TODO: <公司名>","productName":"TODO: <产品名>","productVersion":"2.1.0.1","fileVersion":"2.1.0.1","hashMD5":"468bd89cac88cff538eec02909523c5f","hashSHA1":"6a7bfc58f3f5e9ee4765159a3d6f9c81625fa7e6","hashSHA256":"a2ab0dd42492792cefde7a7e95897b0ce7e654f01cc1fc05d071a1c1762d1a39","digitalCertThumbprint":"09D40BDB67F06A8D17AED0B66EE1E9F50263A2BD","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", O=\"SHENZHEN QIXINGSHI TECHNOLOGY CO.,LTD\", S=广东省, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91440300695594115R","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"123","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.coolmuster.com/data-recovery.html","directDownloadingLink":"https://www.coolmuster.com/downloads/cool-data-recovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.coolmuster.com/downloads/cool-data-recovery.exe","sourceIndex":"123"}],"sampleFiles":["260202/CoolmusterDataRecovery-260128/3.0.55/Samples/cool-data-recovery.exe","260202/CoolmusterDataRecovery-260128/3.0.55/Samples/Coolmuster%20Data%20Recovery.exe","260202/CoolmusterDataRecovery-260128/3.0.55/Samples/DiskDataRecovery.exe"],"imageFiles":["260202/CoolmusterDataRecovery-260128/3.0.55/Images/ACR-004/ACR-004_Software_1.png","260202/CoolmusterDataRecovery-260128/3.0.55/Images/ACR-004/ACR-004_Software_2.png","260202/CoolmusterDataRecovery-260128/3.0.55/Images/ACR-118/ACR-118_Uninstall_1.png","260202/CoolmusterDataRecovery-260128/3.0.55/Images/ACR-118/ACR-118_Uninstall_2.png"],"nonDeceptorImageFiles":[],"guid":"bfc38788-3cfa-4f38-bbb1-558f998c673c_3.0.55_1","appID":"CoolmusterDataRecovery-260128","dateAdded":"260202","deceptorType":"App","name":"Coolmuster Data Recovery","company":"Coolmuster","version":"3.0.55","lastKnownStatus":"3.0.55","lastKnownDate":"260202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-02-02T20:06:16.3170413+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":129},{"violations":{"ACR-004":"The app presents numerical claims without substantiation and differentiates issues vs no issues with color.\n","ACR-008":"The free option is not clearly described in the scan summary, and clicking Update All directs users to a paid option. Additionally, the manual fix process requires a computer restart after each update, creating unnecessary friction.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not disclose uninstall info in the landing page\n"},"samples":[{"isRevoked":"False","fileName":"ashampoo_driver_updater_2.5.0.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo Driver Updater","productVersion":"2.5.0","fileVersion":"2.5.0","hashMD5":"ef9dc80513000d2a339a7a067af58171","hashSHA1":"7e1e85ee4aafb885623255cf307dae04b02143b4","hashSHA256":"9aa5290e66b1dfdc95c74e2ef9e04a10334936ec44345de3a97d44f4a5e0f498","digitalCertThumbprint":"A9968551067DC73A210FBA0C5E7CADD0D059F09A","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admins@ashampoo.com, CN=Ashampoo GmbH & Co. KG, O=Ashampoo GmbH & Co. KG, STREET=Schafjückenweg 2, L=Rastede, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRA 3618, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"124","avBlockList":["Dr.Web Security Space (20260430)","ESET Internet Security (20260430)","Panda Dome (20260430)","Quick Heal Internet Security (20260430)","Sophos Home Premium (20260430)","SpyHunter5 (20260430)","VirIT eXplorer PRO (20260430)","Webroot SecureAnywhere (20260430)"],"avAllowList":["360 Total Security (20260430)","Avast Premium Security (20260430)","AVG Internet Security (20260430)","Avira Internet Security (20260430)","Bitdefender Internet Security (20260430)","COMODO Antivirus (20260430)","FortectPremium (20260430)","G DATA INTERNET SECURITY (20260430)","K7 Total Security (20260430)","KasperskyPremium (20260430)","Malwarebytes Premium (20260430)","McAfee Total Protection (20260430)","Norton Security (20260430)","Total AV Antivirus Pro (20260430)","Trend Micro Internet Security (20260430)","VIPRE Advanced Security (20260430)","Windows Defender (20260430)"]},{"isRevoked":"False","fileName":"ashpdu.exe","companyName":"Ashampoo","productName":"Ashampoo Driver Updater","productVersion":"2.5.0.0","fileVersion":"2.5.0.0","hashMD5":"f54de7d3e381ca765d665fbaf3ce8820","hashSHA1":"50f008209d631f4fabac27c7881df35a4ec68cdf","hashSHA256":"ecc90cf91418a03009ecf6ec7c5fa1a36d30f0baffbd5d6e388120418219b256","digitalCertThumbprint":"A9968551067DC73A210FBA0C5E7CADD0D059F09A","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admins@ashampoo.com, CN=Ashampoo GmbH & Co. KG, O=Ashampoo GmbH & Co. KG, STREET=Schafjückenweg 2, L=Rastede, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRA 3618, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"124","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.ashampoo.com/de-de/driver-updater","directDownloadingLink":"https://dl1.ashcdn.net/ASH/0095/ASHS/ashampoo_driver_updater_2.5.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl1.ashcdn.net/ASH/0095/ASHS/ashampoo_driver_updater_2.5.0.exe","sourceIndex":"124"}],"sampleFiles":["260201/Ashampoo Driver Updater-2017926/2.5.0/Samples/ashampoo_driver_updater_2.5.0.exe","260201/Ashampoo Driver Updater-2017926/2.5.0/Samples/ashpdu.exe"],"imageFiles":["260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-004/ACR-004_Software_1.png","260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-004/ACR-004_Software_2.png","260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-004/ACR-004_Software_3.png","260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-008/ACR-008_Software_1.png","260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-008/ACR-008_Software_2.png"],"nonDeceptorImageFiles":["260201/Ashampoo Driver Updater-2017926/2.5.0/Images/ACR-099/ACR-099_Landing page_1.png"],"guid":"801e872d-8934-46eb-867a-649541debce4_2.5.0_1","appID":"Ashampoo Driver Updater-2017926","dateAdded":"260201","deceptorType":"App","name":"Ashampoo Driver Updater","company":"Ashampoo GmbH ","version":"2.5.0","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"260201","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-02-02T19:34:41.5267266+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":130},{"violations":{"ACR-004":"The app uses color graphic to represent the identified issues which raises exaggerated sense of urgency to the consumer\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable Microsoft logo\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" which misleads the consumer\n","ACR-065":"The app does not disclose Privacy Policy during installation\n","ACR-099":"The app does not disclose uninstall info in the landing page\n","ACR-035":"The app does not disclose app name in all the docs\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Ashampoo\\Ashampoo Driver Updater\\ashpdu.exe","companyName":"Ashampoo","productName":"Ashampoo Driver Updater","productVersion":"1.2.1.53382","fileVersion":"1.2.1.53382","hashMD5":"0a90923c9a7c59fece24f5b463d64d11","hashSHA1":"c217a204fb81f3e748a2286ea7e23fdb7d232b31","hashSHA256":"45ce59dc22c88e0d0382bce202bfee1fb1e922bbcc3e27d3082a33eafceeb062","digitalCertThumbprint":"58A361D3F4390C63145FAF22D977181E056A8089","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2424","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ashampoo_driver_updater_1.2.1_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo Driver Updater                                     ","productVersion":"1.2.1                                             ","fileVersion":"Ashampoo Driver Upda","hashMD5":"81d26f74e610cb0bdaa6bdb5fde56b0e","hashSHA1":"9443f3e861c89c0ce5c306763a7aaaab50ce2038","hashSHA256":"e3ec179efffd6cd69cdaa809fff60985771ba4306c834ff51e2f225bdfb09c38","digitalCertThumbprint":"58A361D3F4390C63145FAF22D977181E056A8089","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2424","avBlockList":["Bitdefender Internet Security (20260203)","Dr.Web Security Space (20260203)","ESET Internet Security (20260203)","G DATA INTERNET SECURITY (20260203)","McAfee Total Protection (20260203)","Panda Dome (20260203)","Quick Heal Internet Security (20260203)","SpyHunter5 (20260203)","VIPRE Advanced Security (20260203)","VirIT eXplorer PRO (20260203)","Webroot SecureAnywhere (20260203)","Windows Defender (20260203)"],"avAllowList":["360 Total Security (20260203)","Avast Premium Security (20260203)","AVG Internet Security (20260203)","Avira Internet Security (20260203)","COMODO Antivirus (20260203)","K7 Total Security (20260203)","Kaspersky Internet Security (20200519)","Malwarebytes Premium (20260203)","Norton Security (20260203)","Sophos Home Premium (20260203)","Tencent PC Manager (20200519)","Total AV Antivirus Pro (20260203)","Trend Micro Internet Security (20260203)","FortectPremium (20260203)","KasperskyPremium (20260203)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Affiliate monitor ","landingPage":"https://www.ashampoo.com/en/usd/pin/0095/system-software/driver-updater","directDownloadingLink":"https://www.ashampoo.com/en/usd/dld/0095/driver-updater/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashampoo.com/en/usd/dld/0095/driver-updater/","sourceIndex":"2424"}],"sampleFiles":["200511/Ashampoo Driver Updater-2017926/1.2.1/Samples/ashampoo_driver_updater_1.2.1_sm.exe"],"imageFiles":["200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-017/ACR-017_Software_MS_Logo_Can't_Verify.JPG","200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-004/ACR-004_Software_Uses_Color_Graphic.JPG"],"nonDeceptorImageFiles":["200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-035/ACR-035_Docs_Misses_App_Name.JPG","200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-045/ACR-045_LandingPage_FreeDownload_Is_Misleading.JPG","200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info_Is_Missing.JPG","200511/Ashampoo Driver Updater-2017926/1.2.1/Images/ACR-065/ACR-065_Install_PrivacyPolicy_Is_Missing.JPG"],"guid":"801e872d-8934-46eb-867a-649541debce4_1.2.1_1","appID":"Ashampoo Driver Updater-2017926","dateAdded":"260201","deceptorType":"App","name":"Ashampoo Driver Updater","company":"Ashampoo GmbH ","version":"1.2.1","sigName":"Deceptor:Win32/AshampooDriverUpdater!017004","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"260201","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-02-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":131},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"zipsoft-2-install__133779%20(1).exe","isInstaller":"True","productName":"ZipSoft","productVersion":"4.2.2.0","fileVersion":"4.2.2.0","hashMD5":"d5d87a08f71debccf81bbad88435211e","hashSHA1":"ac5048473935c6e5a2a3e10b05a395ce51f28399","hashSHA256":"cb9e067ad2502cd764ed09b9511eaaab0e8162de4be289aba8c4424f15dbe7e5","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"127","avBlockList":["Avast Premium Security (20260421)","AVG Internet Security (20260421)","Avira Internet Security (20260421)","Bitdefender Internet Security (20260421)","Dr.Web Security Space (20260421)","ESET Internet Security (20260421)","G DATA INTERNET SECURITY (20260421)","K7 Total Security (20260421)","KasperskyPremium (20260421)","Malwarebytes Premium (20260421)","McAfee Total Protection (20260421)","Norton Security (20260421)","Panda Dome (20260421)","Quick Heal Internet Security (20260421)","Sophos Home Premium (20260421)","SpyHunter5 (20260421)","Total AV Antivirus Pro (20260421)","VIPRE Advanced Security (20260421)","VirIT eXplorer PRO (20260421)","Webroot SecureAnywhere (20260421)","Windows Defender (20260421)"],"avAllowList":["360 Total Security (20260421)","COMODO Antivirus (20260421)","FortectPremium (20260421)","Trend Micro Internet Security (20260421)"]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.1.0","fileVersion":"2.0.1.0","hashMD5":"9ba4385c28f419cc488edc87fbd45976","hashSHA1":"1a640e91dd8fae6702f0d5be58887a3dbf9adcd4","hashSHA256":"eafcca22f0234dff75f317c8f7e4da46ae619b5b2b5414847d684e793e80c5da","sourceIndex":"127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoft.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.2.4.0","fileVersion":"2.2.4.0","hashMD5":"a6a7749d48c3bd85d180781d92a675a5","hashSHA1":"c2a6bbb4fa58077868d5b5e6d272a84a5a4dc5d0","hashSHA256":"4137fc4e2a81bb96663b9654c9c0adf4f2f1a1548d52bb92593ab1e0eec8cd5d","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUpdateChecker.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.0.7.0","fileVersion":"2.0.7.0","hashMD5":"b2b6281e931f483a8726e4a454a6d8f3","hashSHA1":"be8faecd21827fa7ae37accdd91efe124c5e908c","hashSHA256":"c03c2e1a79ebbf19d665bc2f3ad6ec47d10aaddb777fbc59d764db2c55a6efff","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZSUpdater.exe","companyName":"ROSTPAY LTD","productName":"ZSUpdater","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"610fece57d621b25a2921c6c6a094d7c","hashSHA1":"8f401609f88e5527344574a409276d366708eb25","hashSHA256":"66fce24cca01bc66246ac87657303844b3ad78e48ce219ab3f638386e2f5edec","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"127","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4.0.0","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"127","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Proxymadata","reference":"","landingPage":"https://ru.zip-soft.net/","directDownloadingLink":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","sourceIndex":"127"}],"sampleFiles":["260129/ZipSoft-250708/4.2.2.0/Samples/zipsoft-2-install__133779%20(1).exe"],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"07a3ec81-9f96-4a57-904c-02a6012579d8_4.2.2.0_1","appID":"ZipSoft-250708","dateAdded":"260129","deceptorType":"App","name":"ZipSoft","company":"ROSTPAY LTD","version":"4.2.2.0","lastKnownStatus":"4.1.1.0;2.2.3.0;4.2.2.0","lastKnownDate":"260129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,install offers","lastUpdate":"2026-01-29T21:04:12.7097339+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":132},{"violations":{"ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed. \n","ACR-084":"The application is not clearly indicating the borrowing is active. \n","ACR-118":"ProxymaData doesn't removed after ZipSoft application being uninstalled completed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"zipsoft-2-install__133779.exe","isInstaller":"True","productName":"ZipSoft","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"ad40564b34061e58d3f4d92f32241bff","hashSHA1":"0eb3189548fa1d830c46512e8eb5be8aa1cf0f3b","hashSHA256":"1b3c31d81d493b2c8e78476fb50622f50c8303971879cf0247261a47185bab88","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":["Avast Premium Security (20260120)","AVG Internet Security (20260120)","Avira Internet Security (20260120)","Bitdefender Internet Security (20260120)","Dr.Web Security Space (20260120)","ESET Internet Security (20260120)","FortectPremium (20260120)","G DATA INTERNET SECURITY (20260120)","K7 Total Security (20260120)","KasperskyPremium (20260120)","Malwarebytes Premium (20260120)","McAfee Total Protection (20260120)","Norton Security (20260120)","Panda Dome (20260120)","Quick Heal Internet Security (20260120)","Sophos Home Premium (20260120)","SpyHunter5 (20260120)","Total AV Antivirus Pro (20260120)","VIPRE Advanced Security (20260120)","VirIT eXplorer PRO (20260120)","Webroot SecureAnywhere (20260120)","Windows Defender (20260120)"],"avAllowList":["360 Total Security (20260120)","COMODO Antivirus (20260120)","Trend Micro Internet Security (20260120)"]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.1.0","fileVersion":"2.0.1.0","hashMD5":"975edd06fe9f963360be731aaae3265b","hashSHA1":"c99804c9814b05914d51958bb4f0d621676f6557","hashSHA256":"069bde2b1aed99d808a0d1e6d90b01dd0b14be4785698cb2ba043fa102b750d7","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoft.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.2.3.0","fileVersion":"2.2.3.0","hashMD5":"8332138af6b23ac62b5108f91a1b850c","hashSHA1":"ecaa0b87a81903b02ac1d95b14371394bd9307b0","hashSHA256":"9ea80b9d27cd2d1b4e68bc76ae936913af5443292115f6939ff87631042a026c","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUninstaller.exe","productName":"ZipSoft","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"b98926439e140fd1877d1acd80ecd0a9","hashSHA1":"7ffd5376c9ddccf067d220c343e968af08c5deb5","hashSHA256":"13548ab987d639921c998c7916dfeb34c0ed4b78747468007b90196ffead04a6","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUpdateChecker.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.0.6.0","fileVersion":"2.0.6.0","hashMD5":"35a8deb4d0df010be2724a8d13974855","hashSHA1":"95b7d809cba6bc235d6c6dd94db4b31fe9491440","hashSHA256":"73ec545e72d939139b55b4dd4fa449287ca5a08bf8243a352db74d02096a7019","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDInterface.dll","productName":"PDInterfaceCS","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"fdf4a4a4bce6a22a8f0344a20a6fd27a","hashSHA1":"878f7f20e8b3bfd84314a72746d02f54780546de","hashSHA256":"ce013cc7f80d966737830dedde081822b7bafe7f5a6f920ec88fe5f56c8530e6","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoft%20Launcher.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft Launcher","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"1cfbac57d1e8b0e399cb5a6652c48d21","hashSHA1":"06072bd1f312549a44f919480466ada704ff71d3","hashSHA256":"0e2095a948b1397917754ee058262155d530df947e6b2c8a05bc051128dde05e","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftLauncherUninstaller.exe","productName":"ZipSoft","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"1146150a105c26853e17b49ee10abf7a","hashSHA1":"116b1fe0074ec12e82135ccfb74241066a1f051c","hashSHA256":"40742a938baeec0ec83a6b0c4dd7dad628748567947d038fc5ca066fba39136a","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZSUpdater.exe","companyName":"ROSTPAY LTD","productName":"ZSUpdater","productVersion":"1.0.1.0","fileVersion":"1.0.1.0","hashMD5":"fe69cc0b75cb9ce4bc8bac38386cca4e","hashSHA1":"9ea7645f5da4424654d3f5c91f290f4ae0b8f6ce","hashSHA256":"5252680426e8078012692522d5eb018eac4c732e099e43a40194353aff6f4d9b","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4.0.0","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"154","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Proxymadata","reference":"","landingPage":"https://ru.zip-soft.net/","directDownloadingLink":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","sourceIndex":"154"}],"sampleFiles":["251030/ZipSoft-250708/2.2.3.0/Samples/zipsoft-2-install__133779.exe"],"imageFiles":["251030/ZipSoft-250708/2.2.3.0/Images/ACR-084/ACR-084_Software_1.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-048/ACR-048_Software_1.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-006/ACR-006_Software_1.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-118/ACR-118_Uninstall_1.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-118/ACR-118_Uninstall_2.png","251030/ZipSoft-250708/2.2.3.0/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"07a3ec81-9f96-4a57-904c-02a6012579d8_2.2.3.0_1","appID":"ZipSoft-250708","dateAdded":"260129","deceptorType":"App","name":"ZipSoft","company":"ROSTPAY LTD","version":"2.2.3.0","lastKnownStatus":"4.1.1.0;2.2.3.0;4.2.2.0","lastKnownDate":"260129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,install offers","lastUpdate":"2026-01-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":133},{"violations":{"ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed. \n","ACR-013":"User workflow is interrupted by offer.\n","ACR-060":"The offer is misleading. It is presented from ZipSoft, instead of from ProxymaData\n","ACR-084":"The application is not clearly indicating the borrowing is active. \n","ACR-118":"ProxymaData doesn't removed after ZipSoft application being uninstalled completed.\n","ACR-057":"Offer doesn't provide a clear way for user to decline/accept\n","ACR-055":"Offer doesn't have clear accept/decline. Instead it presents as a feature for user to make decision.\n","ACR-059":"Offer doesn't mark it clearly that it is optional\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"zipsoft-2-install__133779.exe","isInstaller":"True","productName":"ZipSoft","productVersion":"4.1.1.0","fileVersion":"4.1","hashMD5":"aa0230208c16c57ad4da4b1cfec00a36","hashSHA1":"66c7c476f3ef995915d23457671e6d2838dbeb03","hashSHA256":"7536cf9cbe9af4a50206b502f312adaca4814ce49b931681e69e476731e00a02","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"182","avBlockList":["360 Total Security (20251007)","Avast Premium Security (20251007)","AVG Internet Security (20251007)","Avira Internet Security (20251007)","Bitdefender Internet Security (20251007)","COMODO Antivirus (20251007)","Dr.Web Security Space (20251007)","ESET Internet Security (20251007)","FortectPremium (20251007)","G DATA INTERNET SECURITY (20251007)","K7 Total Security (20251007)","KasperskyPremium (20251007)","Malwarebytes Premium (20251007)","McAfee Total Protection (20251007)","Norton Security (20251007)","Panda Dome (20251007)","Quick Heal Internet Security (20251007)","Sophos Home Premium (20251007)","SpyHunter5 (20251007)","Total AV Antivirus Pro (20251007)","Trend Micro Internet Security (20251007)","VIPRE Advanced Security (20251007)","VirIT eXplorer PRO (20251007)","Webroot SecureAnywhere (20251007)","Windows Defender (20251007)"],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.0.0","fileVersion":"2.0","hashMD5":"8568211dd3ebd8f4e25d24cdbf865256","hashSHA1":"241ca16436067c67993bdf059bd63a19f22bd2a3","hashSHA256":"942e7f147ffca11881d5c1fb464bd77a195f68b9ea99b35de4e43a23a274d259","sourceIndex":"182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoft.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.0.15.0","fileVersion":"2.0","hashMD5":"64e153021eda0235b09734538fd918a3","hashSHA1":"fafdcb5861c655025aa7ded75eb86f0f69485694","hashSHA256":"8ff175990f118d4a0ed8e17e8e2b88bd8b1ce1fb6ccbd47542a7697dc05b827a","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUninstaller.exe","productName":"ZipSoft","productVersion":"4.0.4.0","fileVersion":"4.0","hashMD5":"20d0da565210011c7fb7c6afeb1e4a4f","hashSHA1":"cf54ff16fccb83ca12fb11c2ade910f06f51c769","hashSHA256":"472a616483e555d9e349cddcc9fbb178f76652e1744f34a506f3f7cf56c6605a","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipSoftUpdateChecker.exe","companyName":"ROSTPAY LTD","productName":"ZipSoft","productVersion":"2.0.3.0","fileVersion":"2.0","hashMD5":"eabdcd2a44e2bf84313da41d6aa60449","hashSHA1":"214696f0d3abc23094e528c5308feb9317a51b00","hashSHA256":"cea44b33ca107fdd9518f77338c80554db8a597f2415b17c3fd44b2ec839c06e","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"182","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Proxymadata","reference":"","landingPage":"https://ru.zip-soft.net/","directDownloadingLink":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.az-partners.net/apps/zipsoft-2/download?ap=133779&name=zipsoft-2-install.exe","sourceIndex":"182"}],"sampleFiles":["250709/ZipSoft-250708/4.1.1.0/Samples/zipsoft-2-install__133779.exe"],"imageFiles":["250709/ZipSoft-250708/4.1.1.0/Images/ACR-084/ACR-084_Software_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-048/ACR-048_Software_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-006/ACR-006_Software_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-013/ACR-013_Software_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-118/ACR-118_Uninstall_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-118/ACR-118_Uninstall_2.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-057/ACR-057_Inline offers_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-059/ACR-059_Inline offers_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-060/ACR-060_Inline offers_1.png","250709/ZipSoft-250708/4.1.1.0/Images/ACR-055/ACR-055_Inline offers_1.png"],"nonDeceptorImageFiles":[],"guid":"07a3ec81-9f96-4a57-904c-02a6012579d8_4.1.1.0_1","appID":"ZipSoft-250708","dateAdded":"260129","deceptorType":"App","name":"ZipSoft","company":"ROSTPAY LTD","version":"4.1.1.0","lastKnownStatus":"4.1.1.0;2.2.3.0;4.2.2.0","lastKnownDate":"260129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,install offers","lastUpdate":"2026-01-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":134},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-071":"The shopping cart contains additional item (Cloud Backup) that is pre-selected without prior disclosure.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment to be activated needs to be marked clearly in landing page. Otherwise, app should remove \"free\" word.\n","ACR-161":"The landing page currently shows featured endorsements and user reviews without links to the original sources.\n"},"samples":[{"isRevoked":"False","fileName":"appAutoUpdate.exe","productName":"Live Update","productVersion":"2.6.0.2","fileVersion":"2.6.0.2","hashMD5":"72cdd3a7157a3839a4434ccbc6b0f558","hashSHA1":"c440338f551679cc93c244d077de3f582f14cdf4","hashSHA256":"1124c3e252bf9227275832816d07f4e240954dcc51b5186ef4caa411ea58607f","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shenzhen iMyFone Technology Co., Ltd\", O=\"Shenzhen iMyFone Technology Co., Ltd\", L=深圳市, S=广东省, C=CN, SERIALNUMBER=914403003425095958, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=南山区, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"126","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"D-Back.exe","companyName":"Shenzhen iMyFone Technology Co., Ltd.","productName":"iMyFone D-Back","productVersion":"9.2.6.1","fileVersion":"9.2.6.1","hashMD5":"d337dd4e7f40f9230b6d1ca231fe732b","hashSHA1":"bb40dbfd74b7ba128caa0ba5b09d1c24536c6181","hashSHA256":"70d9f9ed43a80e7dac42452570eb46cc5508b4cfd7f1831e3bc33d35622b01e2","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shenzhen iMyFone Technology Co., Ltd\", O=\"Shenzhen iMyFone Technology Co., Ltd\", L=深圳市, S=广东省, C=CN, SERIALNUMBER=914403003425095958, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=南山区, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"126","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imyfone-d-back_setup.exe","isInstaller":"True","productName":"iMyFone D-Back","productVersion":"4.4.0.1","fileVersion":"4.4.0.1","hashMD5":"c58d2cbf324c49a0955354e66bc0aada","hashSHA1":"c211389d28dc7f4e483a1a7a2213c63ae9fad9eb","hashSHA256":"b07547e1d39985b5927b427400c48a6f6cd07d8a2c3e07cc409b67ce09f6c19e","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shenzhen iMyFone Technology Co., Ltd\", O=\"Shenzhen iMyFone Technology Co., Ltd\", L=深圳市, S=广东省, C=CN, SERIALNUMBER=914403003425095958, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=南山区, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"126","avBlockList":["Avast Premium Security (20260421)","AVG Internet Security (20260421)","Dr.Web Security Space (20260421)","ESET Internet Security (20260421)","FortectPremium (20260421)","K7 Total Security (20260421)","Norton Security (20260421)","Panda Dome (20260421)","Quick Heal Internet Security (20260421)","Sophos Home Premium (20260421)","SpyHunter5 (20260421)","VirIT eXplorer PRO (20260421)","Webroot SecureAnywhere (20260421)"],"avAllowList":["360 Total Security (20260421)","Avira Internet Security (20260421)","Bitdefender Internet Security (20260421)","COMODO Antivirus (20260421)","G DATA INTERNET SECURITY (20260421)","KasperskyPremium (20260421)","Malwarebytes Premium (20260421)","McAfee Total Protection (20260421)","Total AV Antivirus Pro (20260421)","Trend Micro Internet Security (20260421)","VIPRE Advanced Security (20260421)","Windows Defender (20260421)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.imyfone.com/data-recovery-software/","directDownloadingLink":"https://download-new.imyfone.com/imyfone-d-back_setup.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.imyfone.com/imyfone-d-back_setup.exe ","sourceIndex":"126"}],"sampleFiles":["260129/iMyFoneDBackWindows-260129/9.2.6/Samples/appAutoUpdate.exe","260129/iMyFoneDBackWindows-260129/9.2.6/Samples/D-Back.exe","260129/iMyFoneDBackWindows-260129/9.2.6/Samples/imyfone-d-back_setup.exe"],"imageFiles":["260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-004/app4.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-004/app8.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-004/checkout.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-071/Offerpage.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-071/checkout.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-165/checkout.png"],"nonDeceptorImageFiles":["260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-161/ACR-161_1.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-161/ACR-161_2.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-161/ACR-161_3.png","260129/iMyFoneDBackWindows-260129/9.2.6/Images/ACR-045/ACR-045.png"],"guid":"d571752f-7ae7-4dbc-afa3-0e58113c307c_9.2.6_1","appID":"iMyFoneDBackWindows-260129","dateAdded":"260129","deceptorType":"App","name":"iMyFone D-Back for Windows","company":"iMyFone Technology Co. Limited","version":"9.2.6","lastKnownStatus":"9.2.6","lastKnownDate":"260129","type":"Windows Executable","lastUpdate":"2026-01-29T23:33:23.8462981+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":135},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-071":"The shopping cart contains additional item (Cloud Backup) that is pre-selected without prior disclosure.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment to be activated needs to be marked clearly in landing page. Otherwise, app should remove \"free\" word.\n","ACR-161":"The landing page currently shows featured endorsements and user reviews without links to the original sources.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.imyfone.com/data-recovery-software/","directDownloadingLink":"https://download-new.imyfone.com/imyfone-d-back-mac.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.imyfone.com/imyfone-d-back-mac.zip","sourceIndex":"125"}],"sampleFiles":[],"imageFiles":["260129/iMyFoneDBack-251003/9.1.8/Images/ACR-004/app4.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-004/app6.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-004/app7.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-004/checkout.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-071/Offerpage.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-071/checkout.png"],"nonDeceptorImageFiles":["260129/iMyFoneDBack-251003/9.1.8/Images/ACR-045/ACR-045.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-161/ACR-161_1.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-161/ACR-161_2.png","260129/iMyFoneDBack-251003/9.1.8/Images/ACR-161/ACR-161_3.png"],"guid":"d7188464-4264-46e0-a885-4201d9d54577_9.1.8_1","appID":"iMyFoneDBack-251003","dateAdded":"260129","deceptorType":"MacOS App","name":"iMyFone D-Back","company":"iMyFone Technology Co. Limited","version":"9.1.8","lastKnownStatus":"9.1.8","lastKnownDate":"260129","type":"MacOS App","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-29T23:35:38.3343558+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":136},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" and \"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.imyfone.com/data-recovery-software/","directDownloadingLink":"https://download-new.imyfone.com/imyfone-d-back-mac.zip ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-new.imyfone.com/imyfone-d-back-mac.zip ","sourceIndex":"160"}],"sampleFiles":[],"imageFiles":["251003/iMyFoneDBack-251003/9.1.7/Images/ACR-004/app3.png","251003/iMyFoneDBack-251003/9.1.7/Images/ACR-004/app4.png","251003/iMyFoneDBack-251003/9.1.7/Images/ACR-004/app5.png"],"nonDeceptorImageFiles":["251003/iMyFoneDBack-251003/9.1.7/Images/ACR-045/ACR-045_1.png","251003/iMyFoneDBack-251003/9.1.7/Images/ACR-045/ACR-045_2.png"],"guid":"d7188464-4264-46e0-a885-4201d9d54577_9.1.7_1","appID":"iMyFoneDBack-251003","dateAdded":"260129","deceptorType":"MacOS App","name":"iMyFone D-Back","company":"iMyFone Technology Co. Limited","version":"9.1.7","lastKnownStatus":"9.1.8","lastKnownDate":"260129","type":"MacOS App","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-29T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":137},{"violations":{"ACR-046":"Collecting data via \"Join customer experience improvement program\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"1.5.10                                            ","fileVersion":"1.5.10              ","hashMD5":"8d7f8d03fa283401c7e79c40155e9259","hashSHA1":"e0353fd3c2038740a78d4b58ee63e75880f2e017","hashSHA256":"a259609e7d07a44eba1cdcf960cae0a11fd9b0d520b8b465c5696789e77abff2","digitalCertThumbprint":"52F49981677411BC8FC35A53980F4423E42E2316","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Keysun Software Co.Ltd","storeId":"","sourceIndex":"654","avBlockList":["Bitdefender Internet Security (20260129)","ESET Internet Security (20260129)","G DATA INTERNET SECURITY (20260129)","K7 Total Security (20260129)","Malwarebytes Premium (20260129)","Sophos Home Premium (20260129)","SpyHunter5 (20260129)","VIPRE Advanced Security (20260129)","VirIT eXplorer PRO (20260129)","Webroot SecureAnywhere (20260129)","Windows Defender (20260129)"],"avAllowList":["360 Total Security (20260129)","Avast Premium Security (20260129)","AVG Internet Security (20260129)","Avira Internet Security (20260129)","COMODO Antivirus (20260129)","Dr.Web Security Space (20260129)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20260129)","Norton Security (20260129)","Panda Dome (20260129)","Quick Heal Internet Security (20260129)","Total AV Antivirus Pro (20260129)","Trend Micro Internet Security (20260129)","FortectPremium (20260129)","KasperskyPremium (20260129)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.apeaksoft.com/data-recovery/","directDownloadingLink":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.142746421.1429374740.1712918955-946157535.1712918949","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.142746421.1429374740.1712918955-946157535.1712918949","sourceIndex":"654"}],"sampleFiles":["240416/ApeaksoftDataRecovery-240412/1.6.8/Samples/data-recovery.exe"],"imageFiles":["240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-046/ACR-046.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-046/ACR-046_1.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-048/ACR-048.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-004/ACR-004.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-004/ACR-004_1.PNG","240416/ApeaksoftDataRecovery-240412/1.6.8/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"872a6525-c991-430c-803b-f4e66739b75b_1.6.8_1","appID":"ApeaksoftDataRecovery-240412","dateAdded":"260127","deceptorType":"App","name":"Apeaksoft Data Recovery","company":"Apeaksoft Studio","version":"1.6.8","lastKnownStatus":"1.6.8;1.6.10;3.0.32","lastKnownDate":"260127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":141},{"violations":{"ACR-046":"Collecting data via \"Join customer experience improvement program\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n"},"samples":[{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"1.5.10                                            ","fileVersion":"1.5.10              ","hashMD5":"8d7f8d03fa283401c7e79c40155e9259","hashSHA1":"e0353fd3c2038740a78d4b58ee63e75880f2e017","hashSHA256":"a259609e7d07a44eba1cdcf960cae0a11fd9b0d520b8b465c5696789e77abff2","digitalCertThumbprint":"52F49981677411BC8FC35A53980F4423E42E2316","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Keysun Software Co.Ltd","storeId":"","sourceIndex":"643","avBlockList":["Bitdefender Internet Security (20260129)","ESET Internet Security (20260129)","G DATA INTERNET SECURITY (20260129)","K7 Total Security (20260129)","Malwarebytes Premium (20260129)","Sophos Home Premium (20260129)","SpyHunter5 (20260129)","VIPRE Advanced Security (20260129)","VirIT eXplorer PRO (20260129)","Webroot SecureAnywhere (20260129)","Windows Defender (20260129)"],"avAllowList":["360 Total Security (20260129)","Avast Premium Security (20260129)","AVG Internet Security (20260129)","Avira Internet Security (20260129)","COMODO Antivirus (20260129)","Dr.Web Security Space (20260129)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20260129)","Norton Security (20260129)","Panda Dome (20260129)","Quick Heal Internet Security (20260129)","Total AV Antivirus Pro (20260129)","Trend Micro Internet Security (20260129)","FortectPremium (20260129)","KasperskyPremium (20260129)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.apeaksoft.com/data-recovery/","directDownloadingLink":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.29372479.1492447044.1714740693-1013274559.1714740693","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.29372479.1492447044.1714740693-1013274559.1714740693","sourceIndex":"643"}],"sampleFiles":["240512/ApeaksoftDataRecovery-240412/1.6.10/Samples/data-recovery.exe"],"imageFiles":["240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-046/ACR-046.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-046/ACR-046_1.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-048/ACR-048.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-004/ACR-004.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-004/ACR-004_1.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-118/ACR-118.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":["240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-040/ACR-040.PNG","240512/ApeaksoftDataRecovery-240412/1.6.10/Images/ACR-040/ACR-040_1.PNG"],"guid":"872a6525-c991-430c-803b-f4e66739b75b_1.6.10_1","appID":"ApeaksoftDataRecovery-240412","dateAdded":"260127","deceptorType":"App","name":"Apeaksoft Data Recovery","company":"Apeaksoft Studio","version":"1.6.10","lastKnownStatus":"1.6.8;1.6.10;3.0.32","lastKnownDate":"260127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":140},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The landing page currently shows featured endorsements and user reviews without links to the original sources.\n"},"samples":[{"isRevoked":"False","fileName":"data-recovery-for-mac.dmg","isInstaller":"True","hashMD5":"c503c9ed531b8650f9623b83c974de0e","hashSHA1":"4ef89bef3ba64cc620ea87fbc71f24d7599ead18","hashSHA256":"6020e00adf310577990a76bea116c53c44ec911df19175c8717bbf4cd316753b","sourceIndex":"130","avBlockList":["Avast Security for Mac (20260414)","Avira Security for Mac (20260414)","ESET Cyber Security Pro for Mac (20260414)","McAfee Internet Security for Mac (20260414)","Norton Security for Mac (20260414)","Sophos Home Premium For Mac (20260414)","SpyHunterforMac (20260414)","Trend Micro Antivirus for Mac (20260414)"],"avAllowList":["Bitdefender Antivirus for Mac (20260414)","G DATA AntiVirus for Mac (20260414)","K7 Antivirus for Mac (20260414)","Kaspersky Internet Security for Mac (20260414)"]},{"isRevoked":"False","fileName":"Loader","fileVersion":"10.7.0","hashMD5":"113587c9f724f6a01aed7543d4c83a14","hashSHA1":"75c6b24b6c352e553788f3d522815da6cba20347","hashSHA256":"207be36b96f27c6e1e10e444427652be0eb9c53d2c7509b3ba5e2fecef334be0","sourceIndex":"130","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.apeaksoft.com/data-recovery/","landingPage":"https://www.apeaksoft.com/data-recovery/","directDownloadingLink":"https://downloads.apeaksoft.com/mac/data-recovery-for-mac.dmg?_ga=2.202845841.1268215733.1769426027-1338123417.1769426027","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/mac/data-recovery-for-mac.dmg?_ga=2.202845841.1268215733.1769426027-1338123417.1769426027","sourceIndex":"130"}],"sampleFiles":["260127/ApeaksoftMacDataRecovery-260127/1.6.26/Samples/data-recovery-for-mac.dmg","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Samples/Loader"],"imageFiles":["260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-004/app3.png","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-004/Purchase Data Recovery for Mac.png","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-165/Purchase Data Recovery for Mac.png"],"nonDeceptorImageFiles":["260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-045/ACR-045_1.png","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-161/ACR-161_1.png","260127/ApeaksoftMacDataRecovery-260127/1.6.26/Images/ACR-161/ACR-161_2.png"],"guid":"76d22d2e-0cd0-4bd8-9d4d-ab0ad33f6a1d_1.6.26_1","appID":"ApeaksoftMacDataRecovery-260127","dateAdded":"260127","deceptorType":"MacOS App","name":"Apeaksoft Data Recovery for Mac","company":"Apeaksoft Studio","version":"1.6.26","lastKnownDate":"260127","type":"MacOS App","lastUpdate":"2026-01-27T19:31:11.6491683+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":138},{"violations":{"ACR-046":"Collecting data via \"Join customer experience improvement program\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-165":"The app doesn't provide sufficient information for the following in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The landing page currently shows featured endorsements and user reviews without links to the original sources.\n"},"samples":[{"isRevoked":"False","fileName":"Apeaksoft%20Data%20Recovery.exe","companyName":"Apeaksoft","productName":"Apeaksoft Data Recovery","productVersion":"3.0.32.158400","fileVersion":"3.0.32.158400","hashMD5":"0788d9e304b9fb4d6246ca034456ae49","hashSHA1":"2d6342f7b5d033906cdcc148ae7ea50a5f0debbe","hashSHA256":"4728015b6d75b4810f1fbae9ab9b07a86e57b58fe4a70dd8d3baba7499d04c56","digitalCertThumbprint":"EF69F68F657DB7A9D160358470C1DCE76238DA98","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"Keysun Software Co.,Ltd\", O=\"Keysun Software Co.,Ltd\", L=Nanjing, S=Jiangsu, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"131","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","productVersion":"2.1.16","fileVersion":"2.1.16","hashMD5":"497c7ca1775ddc8372839daa858a72b9","hashSHA1":"4176e8b5fcc5056529fdd66097ba10c11676ca4a","hashSHA256":"ee267e78c3c01f95d4ae36cf1b449acdf0d35e7cc6cca1067951eaa7985fab57","digitalCertThumbprint":"EF69F68F657DB7A9D160358470C1DCE76238DA98","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"Keysun Software Co.,Ltd\", O=\"Keysun Software Co.,Ltd\", L=Nanjing, S=Jiangsu, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"131","avBlockList":["Avast Premium Security (20260421)","AVG Internet Security (20260421)","Avira Internet Security (20260421)","ESET Internet Security (20260421)","FortectPremium (20260421)","K7 Total Security (20260421)","Malwarebytes Premium (20260421)","Norton Security (20260421)","Panda Dome (20260421)","Quick Heal Internet Security (20260421)","Sophos Home Premium (20260421)","SpyHunter5 (20260421)","Total AV Antivirus Pro (20260421)","VirIT eXplorer PRO (20260421)","Webroot SecureAnywhere (20260421)"],"avAllowList":["360 Total Security (20260421)","Bitdefender Internet Security (20260421)","COMODO Antivirus (20260421)","Dr.Web Security Space (20260421)","G DATA INTERNET SECURITY (20260421)","KasperskyPremium (20260421)","McAfee Total Protection (20260421)","Trend Micro Internet Security (20260421)","VIPRE Advanced Security (20260421)","Windows Defender (20260421)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.apeaksoft.com/data-recovery/","directDownloadingLink":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.214083671.1709733589.1769401040-1056578096.1769401040","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/data-recovery.exe?_ga=2.214083671.1709733589.1769401040-1056578096.1769401040","sourceIndex":"131"}],"sampleFiles":["260127/ApeaksoftDataRecovery-240412/3.0.32/Samples/Apeaksoft%20Data%20Recovery.exe","260127/ApeaksoftDataRecovery-240412/3.0.32/Samples/data-recovery.exe"],"imageFiles":["260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-046/install1.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-046/install2.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-048/install3.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-004/app7.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-004/Purchase Apeaksoft Data Recovery.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-118/ACR-118.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-165/Purchase Apeaksoft Data Recovery.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-165/Checkout - Your online payment solution.png"],"nonDeceptorImageFiles":["260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-040/ACR-118.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-045/ACR-045_1.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-161/ACR-161_1.png","260127/ApeaksoftDataRecovery-240412/3.0.32/Images/ACR-161/ACR-161_2.png"],"guid":"872a6525-c991-430c-803b-f4e66739b75b_3.0.32_1","appID":"ApeaksoftDataRecovery-240412","dateAdded":"260127","deceptorType":"App","name":"Apeaksoft Data Recovery","company":"Apeaksoft Studio","version":"3.0.32","lastKnownStatus":"1.6.8;1.6.10;3.0.32","lastKnownDate":"260127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-01-27T19:29:07.1396823+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":139},{"violations":{"ACR-048":"The app does not provide clear control to decline the recommended offer.\n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app does not provide a clear way to accept and decline optional offers.\n","ACR-014":"The OBS installer installs a software that is different from what is advertised on the website. Instead, it launches Softcross and includes preselected recommended software.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OBS%20loader%20starter.exe","isInstaller":"True","companyName":"EEF                                                         ","productName":"OBSream","productVersion":"3.8","hashMD5":"58c8e6efd3b9c9d6c9e0f8d88f665f61","hashSHA1":"135e43c252bade7356782fa0cede6deb318e8229","hashSHA256":"2eccbf908d2cedefa3a50d62e79a4659d07f29e2a579f761e52903d73d433d9c","digitalCertThumbprint":"925910EDB5C1577F4417FA374F6F2FF794847483","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ИП Чуйко Дмитрий Александрович, O=ИП Чуйко Дмитрий Александрович, L=Санкт-Петербург, S=Санкт-Петербург, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=325784700214134, OID.2.5.4.15=Business Entity","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"133","avBlockList":["360 Total Security (20260409)","Avast Premium Security (20260409)","AVG Internet Security (20260409)","Avira Internet Security (20260409)","Bitdefender Internet Security (20260409)","COMODO Antivirus (20260409)","Dr.Web Security Space (20260409)","ESET Internet Security (20260409)","FortectPremium (20260409)","G DATA INTERNET SECURITY (20260409)","K7 Total Security (20260409)","KasperskyPremium (20260409)","Malwarebytes Premium (20260409)","McAfee Total Protection (20260409)","Norton Security (20260409)","Panda Dome (20260409)","Quick Heal Internet Security (20260409)","Sophos Home Premium (20260409)","SpyHunter5 (20260409)","Total AV Antivirus Pro (20260409)","Trend Micro Internet Security (20260409)","VIPRE Advanced Security (20260409)","VirIT eXplorer PRO (20260409)","Webroot SecureAnywhere (20260409)","Windows Defender (20260409)"],"avAllowList":[]},{"isRevoked":"False","fileName":"progs.exe","companyName":"Artiesy","productName":"selauncher","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"02efc23b2fe4c9cd461645e446435583","hashSHA1":"b3f5572a196fee0c3e8d37c41587995a25185371","hashSHA256":"3fa12f30a0acbf48939e62d33235c2522443f030c9c3612039939dbb7ea9a752","digitalCertThumbprint":"925910EDB5C1577F4417FA374F6F2FF794847483","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ИП Чуйко Дмитрий Александрович, O=ИП Чуйко Дмитрий Александрович, L=Санкт-Петербург, S=Санкт-Петербург, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=325784700214134, OID.2.5.4.15=Business Entity","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"133","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor report","reference":"","landingPage":"https://obs.automaqv.com/","directDownloadingLink":"https://cdn.automaqv.com/OBS%20loader%20starter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.automaqv.com/OBS%20loader%20starter.exe","sourceIndex":"133"}],"sampleFiles":["260119/OBSream-260109/3.8/Samples/OBS%20loader%20starter.exe","260119/OBSream-260109/3.8/Samples/progs.exe"],"imageFiles":["260119/OBSream-260109/3.8/Images/ACR-048/ACR-048_Install_1.png","260119/OBSream-260109/3.8/Images/ACR-013/ACR-013_Install_1.png","260119/OBSream-260109/3.8/Images/ACR-014/ACR-014_Software_2.png","260119/OBSream-260109/3.8/Images/ACR-014/ACR-014_Software_1.png","260119/OBSream-260109/3.8/Images/ACR-057/ACR-057_Bundler-made offers_1.png","260119/OBSream-260109/3.8/Images/ACR-059/ACR-059_Bundler-made offers_1.png","260119/OBSream-260109/3.8/Images/ACR-060/ACR-060_Bundler-made offers_1.png","260119/OBSream-260109/3.8/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"efdb534a-ebd7-4f25-bb7e-2cfeaff87d32_3.8_1","appID":"OBSream-260109","dateAdded":"260119","deceptorType":"App","name":"OBSream","company":"EEF","version":"3.8","lastKnownDate":"260119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers","lastUpdate":"2026-01-19T19:59:44.6693043+00:00","notDistributed":false,"familyName":"SpoofedOBSStudio","numInFamily":2,"numInAppID":1,"sortOrder":142},{"violations":{"ACR-048":" The app does not provide a clear way control to quit the background process completely within the app settings.\n","ACR-004":"The app differentiates urgency with color and presents numerical claims without substantiation.\n","ACR-084":"Quitting the app leaves a background process running without any notification to the user.\n","ACR-071":"The shopping cart contains additional item(Premium Support) that is pre-selected without prior disclosure. \n","ACR-014":"The app presents unsubstantiated claims. The labels associated with the numbers displayed are confusing and do not clearly indicate what they refer to. The wording “Not set as recommended” is unclear and misleading, as it refers to items that have not been cleaned, even though the settings themselves have been restored to the recommended configuration.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page includes testimonials that lack links to verifiable sources.\n","ACR-017":"The 3rd-party endorsements do not link to its source for verification.\n"},"samples":[{"isRevoked":"False","fileName":"gclean-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"GClean","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3a056f41ec2f3bdd682d7667f68e60a6","hashSHA1":"79f5be6d9278e3543e550b77c2c15e338770b3f7","hashSHA256":"9618f852b1df621c4ad8bd02edb691c982f24dd380a91f58f73ecb099e471d13","digitalCertThumbprint":"763F3E747842B5897FA93EAEF407C87BBD63F0C5","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"109","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GClean.exe","productName":"GClean","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a30eb15e874f0902c5b4db8042906614","hashSHA1":"53544d8eb0417bb916bc53facdfc37ee50f8edf5","hashSHA256":"8fbd4412ef79a12a2c6f7256ce0fcf40768b7bcdb86dd6d53ec5cd007db881d3","digitalCertThumbprint":"763F3E747842B5897FA93EAEF407C87BBD63F0C5","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"109","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"","directDownloadingLink":"https://www.abelssoft.de/gclean-setup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/gclean-setup.exe","sourceIndex":"109"}],"sampleFiles":["260115/GClean-260114/225.02/Samples/gclean-setup.exe","260115/GClean-260114/225.02/Samples/GClean.exe"],"imageFiles":["260115/GClean-260114/225.02/Images/ACR-004/ACR-004_Software_1.png","260115/GClean-260114/225.02/Images/ACR-004/ACR-004_Software_2.png","260115/GClean-260114/225.02/Images/ACR-084/ACR-084_Software_1.png","260115/GClean-260114/225.02/Images/ACR-048/ACR-048_Software_1.png","260115/GClean-260114/225.02/Images/ACR-048/ACR-048_Software_2.png","260115/GClean-260114/225.02/Images/ACR-014/ACR-014_Software_1.png","260115/GClean-260114/225.02/Images/ACR-014/ACR-014_Software_2.png","260115/GClean-260114/225.02/Images/ACR-071/ACR-071_Internal offers_1.png"],"nonDeceptorImageFiles":["260115/GClean-260114/225.02/Images/ACR-017/ACR-017_Landing page_1.png","260115/GClean-260114/225.02/Images/ACR-161/ACR-161_Landing page_1.png"],"guid":"548750de-1d1b-418f-9f95-de575e26bd4a_225.02_1","appID":"GClean-260114","dateAdded":"260115","deceptorType":"App","name":"GClean","company":"Abelssoft","version":"225.02","firstVendorContactDate":"260115","firstAppEsteemReplyDate":"260115","firstResolvedDate":"260320","resolved":"TRUE","lastKnownStatus":"225.02","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-03-20T19:40:30.0289875+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":144},{"violations":{"ACR-048":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Launcher","fileVersion":"10.14.0","hashMD5":"775cce409b9c3700f2e24b3ea1d5cdd1","hashSHA1":"10cb575e429bc98ae9906f676fd5ba4a1e8757ef","hashSHA256":"43fb203f4ef5958ce85655fef5bb9226b4b4f8bf0c0d593ba20c6675ab9669bc","sourceIndex":"135","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"traffmonetizer","fileVersion":"10.14.0","hashMD5":"dc3b5b2235ec88ace2c2bb9d61f22c9b","hashSHA1":"435472aa1d89bc40bc3179d0e707a49aeb779436","hashSHA256":"dbaed04ad0dbeacd6f7331945ab0f3d2073fe30ea9d5e3c7bae8f0007a37660c","sourceIndex":"135","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"traffmonetizer.dmg","isInstaller":"True","hashMD5":"732c3a882586e94263845e18e07490bc","hashSHA1":"45f763a2c4dc10ec2f4e2429b839194e5e7e6037","hashSHA256":"e521a6e0103d15fba01c9256ba62290ff93ae693fb8fc4afbb56fd259737334c","sourceIndex":"135","avBlockList":["Avast Security for Mac (20260414)","Avira Security for Mac (20260414)","Bitdefender Antivirus for Mac (20260414)","ESET Cyber Security Pro for Mac (20260414)","G DATA AntiVirus for Mac (20260414)","Kaspersky Internet Security for Mac (20260414)","McAfee Internet Security for Mac (20260414)","Norton Security for Mac (20260414)","Sophos Home Premium For Mac (20260414)","SpyHunterforMac (20260414)","Trend Micro Antivirus for Mac (20260414)"],"avAllowList":["K7 Antivirus for Mac (20260414)"]}],"additionalFiles":[],"sources":[{"howFound":"https://traffmonetizer.com","reference":"","landingPage":"https://traffmonetizer.com","directDownloadingLink":"https://data.traffmonetizer.com/downloads/macos/traffmonetizer.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://data.traffmonetizer.com/downloads/macos/traffmonetizer.dmg","sourceIndex":"135"}],"sampleFiles":["260114/TraffmonetizerMac-260113/1.2.0/Samples/Launcher","260114/TraffmonetizerMac-260113/1.2.0/Samples/traffmonetizer","260114/TraffmonetizerMac-260113/1.2.0/Samples/traffmonetizer.dmg"],"imageFiles":["260114/TraffmonetizerMac-260113/1.2.0/Images/ACR-007/app1.png","260114/TraffmonetizerMac-260113/1.2.0/Images/ACR-007/install.png","260114/TraffmonetizerMac-260113/1.2.0/Images/ACR-048/service_stopped1.png"],"nonDeceptorImageFiles":[],"guid":"cf295f05-cedf-4d09-b306-3fd7b3974d6b_1.2.0_1","appID":"TraffmonetizerMac-260113","dateAdded":"260114","deceptorType":"MacOS App","name":"TraffMonetizer","company":"TraffMonetizer","version":"1.2.0","lastKnownStatus":"1.2.0","lastKnownDate":"260114","type":"MacOS App","category":"Business Developer Tools","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining","lastUpdate":"2026-01-14T22:26:19.5801476+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":145},{"violations":{"ACR-004":"The app does not offer a free trial and instead requires a paid subscription to resolve the issue.\n","ACR-118":"After uninstall, it retains some executables and its other components.\n","ACR-014":"1. The app’s website states “Try It Free,” but there is no free trial. Resolving the issue requires a paid subscription.\n2. The uninstall button is greyed out, making it appear disabled.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ScreenUnlockSetup_1111_2_0_0_6%20(1).exe","isInstaller":"True","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo Screen Unlock","productVersion":"2.0.0.6","fileVersion":"2.0.0.6","hashMD5":"4c7ac51d61617d27ec815f0b4fbdd555","hashSHA1":"a4fc69a9c80bfecdc5555d460dca7dd2ae7a38e4","hashSHA256":"27f41d78146a562175c428b66c6be7320a29a7070931e6eb8e6cf5790e0ca745","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"137","avBlockList":["360 Total Security (20260331)","Avast Premium Security (20260331)","AVG Internet Security (20260331)","Avira Internet Security (20260331)","ESET Internet Security (20260331)","FortectPremium (20260331)","K7 Total Security (20260331)","Malwarebytes Premium (20260331)","Norton Security (20260331)","Panda Dome (20260331)","Quick Heal Internet Security (20260331)","Sophos Home Premium (20260331)","SpyHunter5 (20260331)","Total AV Antivirus Pro (20260331)","VirIT eXplorer PRO (20260331)","Webroot SecureAnywhere (20260331)"],"avAllowList":["Bitdefender Internet Security (20260331)","COMODO Antivirus (20260331)","Dr.Web Security Space (20260331)","G DATA INTERNET SECURITY (20260331)","KasperskyPremium (20260331)","McAfee Total Protection (20260331)","Trend Micro Internet Security (20260331)","VIPRE Advanced Security (20260331)","Windows Defender (20260331)"]},{"isRevoked":"False","fileName":"ScreenUnlock.exe","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo Screen Unlock","productVersion":"2.0.0.6","fileVersion":"2.0.0.6","hashMD5":"87670898a4b39c5221c493001c2f3890","hashSHA1":"41d370f9958c434871c7913188abfa422d8d82ad","hashSHA256":"0577cc46312c7364ce25b53a9f9926d354a424182a6a86268249130083fcac6a","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"137","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.pcgogo.com/screen-unlock","directDownloadingLink":"https://file1.pcgogo.com/soft_intl/ScreenUnlockSetup/2_0_0_6/ScreenUnlockSetup_1111_2_0_0_6.exe?_gl=1*1fdwxhf*_gcl_au*MTY1NjI3MDg3Ny4xNzYyODEyMjYz","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file1.pcgogo.com/soft_intl/ScreenUnlockSetup/2_0_0_6/ScreenUnlockSetup_1111_2_0_0_6.exe?_gl=1*1fdwxhf*_gcl_au*MTY1NjI3MDg3Ny4xNzYyODEyMjYz","sourceIndex":"137"}],"sampleFiles":["260105/PcGoGoScreenUnlock-260102/2.0.0.6/Samples/ScreenUnlockSetup_1111_2_0_0_6%20(1).exe","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Samples/ScreenUnlock.exe"],"imageFiles":["260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-004/ACR-004_Software_2.png","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-004/ACR-004_Software_1.jpeg","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-004/ACR-004_Software_3.jpeg","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-014/ACR-014_Software_1.png","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-014/ACR-014_Software_2.png","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-014/ACR-014_Software_3.png","260105/PcGoGoScreenUnlock-260102/2.0.0.6/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"5456afce-0896-4475-9064-41a4379a775f_2.0.0.6_1","appID":"PcGoGoScreenUnlock-260102","dateAdded":"260105","deceptorType":"App","name":"PcGoGo Screen Unlock","company":"TECHVISTA Co., Ltd.","version":"2.0.0.6","lastKnownDate":"260105","type":"Windows Executable","lastUpdate":"2026-01-05T20:09:49.4312724+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":146},{"violations":{"ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicate items.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PassFab%20Duplicate%20File%20Deleter","fileVersion":"10.12.0","hashMD5":"41de05f360f20241653641bfe4600bad","hashSHA1":"f2da3b6d84671c5dcf80612e19eb56dd62228764","hashSHA256":"4916ed1a448dce8d9d271f8097356ac9afc1088ddb6e5b724dbe290d90a49d56","sourceIndex":"136","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"passfab-duplicate-file-deleter-mac_11767337995623265901.dmg","isInstaller":"True","hashMD5":"7ce20d9f825a78edabe1b5931721158c","hashSHA1":"897a94f90fce613d8c0c961a75964db04e6c3034","hashSHA256":"0aa727c193892eca783fc4ac67ee68027bf63387c64fe3ed070b9f3fa17978be","sourceIndex":"136","avBlockList":["Avast Security for Mac (20260312)","Avira Security for Mac (20260312)","Norton Security for Mac (20260312)","Sophos Home Premium For Mac (20260312)","SpyHunterforMac (20260312)","Trend Micro Antivirus for Mac (20260312)"],"avAllowList":["Bitdefender Antivirus for Mac (20260312)","ESET Cyber Security Pro for Mac (20260312)","G DATA AntiVirus for Mac (20260312)","K7 Antivirus for Mac (20260312)","Kaspersky Internet Security for Mac (20260312)","McAfee Internet Security for Mac (20260312)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.passfab.net","landingPage":"https://www.passfab.net","directDownloadingLink":"https://download.passfab.net/downloads/passfab-duplicate-file-deleter-mac_4879.dmg?rnclid=11767337995623265901","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.passfab.net/downloads/passfab-duplicate-file-deleter-mac_4879.dmg?rnclid=11767337995623265901","sourceIndex":"136"}],"sampleFiles":["260105/PassFabMacDuplicateFile-260102/2.2.6/Samples/PassFab%20Duplicate%20File%20Deleter","260105/PassFabMacDuplicateFile-260102/2.2.6/Samples/passfab-duplicate-file-deleter-mac_11767337995623265901.dmg"],"imageFiles":["260105/PassFabMacDuplicateFile-260102/2.2.6/Images/ACR-004/app7.png","260105/PassFabMacDuplicateFile-260102/2.2.6/Images/ACR-004/Official Buy PassFab Duplicate File Deleter(Mac).png","260105/PassFabMacDuplicateFile-260102/2.2.6/Images/ACR-004/Official Buy PassFab Duplicate File Deleter(Mac)2.png"],"nonDeceptorImageFiles":[],"guid":"99915da2-2322-45cb-ba96-095f36a72116_2.2.6_1","appID":"PassFabMacDuplicateFile-260102","dateAdded":"260105","deceptorType":"MacOS App","name":"PassFab Mac Duplicate File Deleter","company":"PassFab","version":"2.2.6","lastKnownDate":"260105","type":"MacOS App","lastUpdate":"2026-01-05T20:17:22.0212839+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":147},{"violations":{"ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n"},"nonDeceptorViolations":{"ACR-045":"“Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA or the Privacy Policy. \nThe app does not display links to the EULA or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"mac-data-recovery.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"a862ed706affa1cdecc58160d7ec0006","hashSHA1":"2f73264a340dc66a1db1d5ddc9fcd1fd34744a6d","hashSHA256":"dd37e8a64d94facc02cb1b5a335a4f1eb8b38c9e596fe341002a2d8c28c93ead","sourceIndex":"545","avBlockList":["Avast Security for Mac (20241210)","Avira Security for Mac (20241210)","Bitdefender Antivirus for Mac (20241210)","ESET Cyber Security Pro for Mac (20241210)","G DATA AntiVirus for Mac (20241210)","Norton Security for Mac (20241210)","Trend Micro Antivirus for Mac (20241210)"],"avAllowList":["K7 Antivirus for Mac (20241210)","Kaspersky Internet Security for Mac (20241210)","McAfee Internet Security for Mac (20241210)","Sophos Home Premium For Mac (20241112)","SpyHunterforMac (20241210)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/data-recovery/","directDownloadingLink":"https://download.aiseesoft.com/mac/mac-data-recovery.dmg?_gl=1*1maneto*_ga*NzQzNjk4ODk3LjE3MjYxOTQxNTQ.*_ga_M4E51HTXR8*MTcyNjE5NDE1NC4xLjEuMTcyNjE5NTA2MC4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/mac/mac-data-recovery.dmg?_gl=1*1maneto*_ga*NzQzNjk4ODk3LjE3MjYxOTQxNTQ.*_ga_M4E51HTXR8*MTcyNjE5NDE1NC4xLjEuMTcyNjE5NTA2MC4wLjAuMA..","sourceIndex":"545"}],"sampleFiles":["240916/AiseesoftMacDataRecovery-240913/1.8.22/Samples/mac-data-recovery.dmg"],"imageFiles":["240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-004/App3.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-004/Purchase Aiseesoft Mac Data Recovery.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-004/offerpage1.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-004/offerpage2.png"],"nonDeceptorImageFiles":["240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-065/install.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-065/App6.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-065/ACR-065_Software_1.png","240916/AiseesoftMacDataRecovery-240913/1.8.22/Images/ACR-045/Aiseesoft Data Recovery - Best Recovery Tool to Recover Deleted Data2.png"],"guid":"eb49bbe9-deb5-4516-8ff5-d9230b9326d3_1.8.22_1","appID":"AiseesoftMacDataRecovery-240913","dateAdded":"251211","deceptorType":"MacOS App","name":"Aiseesoft Mac Data Recovery","company":"Aiseesoft Studio","version":"1.8.22","lastKnownStatus":"1.8.22;1.8.32","lastKnownDate":"251211","type":"MacOS App","lastUpdate":"2025-12-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":149},{"violations":{"ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n"},"nonDeceptorViolations":{"ACR-045":"“Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"mac-data-recovery.dmg","isInstaller":"True","hashMD5":"cd684dda1e4b932a2ead5ad2bc43720f","hashSHA1":"a5f09d08065918367f4055ba42fadfaea56ee93a","hashSHA256":"8d309047642abc5894ae6a47dcabf2fb111a922b8a7d422a3ec35b6e28cb06a6","sourceIndex":"138","avBlockList":["Avast Security for Mac (20260210)","Avira Security for Mac (20260210)","Norton Security for Mac (20260210)","Sophos Home Premium For Mac (20260210)","SpyHunterforMac (20260210)","Trend Micro Antivirus for Mac (20260210)"],"avAllowList":["Bitdefender Antivirus for Mac (20260210)","ESET Cyber Security Pro for Mac (20260210)","G DATA AntiVirus for Mac (20260210)","K7 Antivirus for Mac (20260210)","Kaspersky Internet Security for Mac (20260210)","McAfee Internet Security for Mac (20260210)"]},{"isRevoked":"False","fileName":"Loader","fileVersion":"10.7.0","hashMD5":"4df5c1da97611bbeeaf07669888f69f0","hashSHA1":"606e0124f14e32f8004aafa7789a7b263b840be8","hashSHA256":"7937bae5d8b8828e9f4b97f9259c11f4203d3b95e905ba85b743631c9675c720","sourceIndex":"138","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"crashpad","fileVersion":"10.9.0","hashMD5":"c5e53709a7705c77f015be2eef3ce59a","hashSHA1":"7ff0df72f58c2049facd4f8172608f874a3cf177","hashSHA256":"fd649bf41fb6a60561147d84315460fb09e5489c40ce57980106aedf71a7dad1","sourceIndex":"138","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Feedback","fileVersion":"10.7.0","hashMD5":"2016d2bb53674778240ba38024f8fd60","hashSHA1":"b8b05acab6e476e81cfb7175dcd94b6bf5d409fd","hashSHA256":"f1decb83c6e60e908f762588f07a92bc41e3d9ce17204069d52c9d6a79953eed","sourceIndex":"138","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/data-recovery/","directDownloadingLink":"https://download.aiseesoft.com/mac/mac-data-recovery.dmg?_gl=1*sk1o7h*_ga*NTUzOTcxMDMxLjE3NjUyNzA4MDE.*_ga_M4E51HTXR8*czE3NjUyNzA4MDEkbzEkZzAkdDE3NjUyNzA4MDEkajYwJGwwJGgw","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/mac/mac-data-recovery.dmg?_gl=1*sk1o7h*_ga*NTUzOTcxMDMxLjE3NjUyNzA4MDE.*_ga_M4E51HTXR8*czE3NjUyNzA4MDEkbzEkZzAkdDE3NjUyNzA4MDEkajYwJGwwJGgw","sourceIndex":"138"}],"sampleFiles":["251211/AiseesoftMacDataRecovery-240913/1.8.32/Samples/mac-data-recovery.dmg","251211/AiseesoftMacDataRecovery-240913/1.8.32/Samples/Loader","251211/AiseesoftMacDataRecovery-240913/1.8.32/Samples/crashpad","251211/AiseesoftMacDataRecovery-240913/1.8.32/Samples/Feedback"],"imageFiles":["251211/AiseesoftMacDataRecovery-240913/1.8.32/Images/ACR-004/app2.png","251211/AiseesoftMacDataRecovery-240913/1.8.32/Images/ACR-004/offerpage1.png","251211/AiseesoftMacDataRecovery-240913/1.8.32/Images/ACR-004/offerpage3.png"],"nonDeceptorImageFiles":["251211/AiseesoftMacDataRecovery-240913/1.8.32/Images/ACR-045/landingpage.png"],"guid":"eb49bbe9-deb5-4516-8ff5-d9230b9326d3_1.8.32_1","appID":"AiseesoftMacDataRecovery-240913","dateAdded":"251211","deceptorType":"MacOS App","name":"Aiseesoft Mac Data Recovery","company":"Aiseesoft Studio","version":"1.8.32","lastKnownStatus":"1.8.22;1.8.32","lastKnownDate":"251211","type":"MacOS App","lastUpdate":"2025-12-11T20:17:00.5539782+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":148},{"violations":{"ACR-048":"A scheduled task was added without the user's knowledge and the app does not offer any option within an app setting to control it.\n","ACR-084":"Application creates scheduled task to perform auto update without providing option for user to disable it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains its executables and active scheduled task on the device\n"},"nonDeceptorViolations":{"ACR-040":"Application is installed default in system hidden folder without disclosing it during installation. %Appdata%\n","ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"pdfclick.exe","isInstaller":"True","productName":"PDFClick","productVersion":"1.3.0.8","fileVersion":"1.3.0.8","hashMD5":"a03b74158ea440cebe66fab1d6ae2b21","hashSHA1":"eb68d3cd1a9a40cc7b860d5406fa4a20f37399e3","hashSHA256":"09474277051fc387a9b43f7f08a9bf4f6817c24768719b21f9f7163d9c5c8f74","sourceIndex":"139","avBlockList":["360 Total Security (20260303)","Avast Premium Security (20260303)","AVG Internet Security (20260303)","Avira Internet Security (20260303)","Bitdefender Internet Security (20260303)","COMODO Antivirus (20260303)","Dr.Web Security Space (20260303)","ESET Internet Security (20260303)","FortectPremium (20260303)","G DATA INTERNET SECURITY (20260303)","K7 Total Security (20260303)","KasperskyPremium (20260303)","Malwarebytes Premium (20260303)","McAfee Total Protection (20260303)","Norton Security (20260303)","Panda Dome (20260303)","Quick Heal Internet Security (20260303)","Sophos Home Premium (20260303)","SpyHunter5 (20260303)","Total AV Antivirus Pro (20260303)","Trend Micro Internet Security (20260303)","VIPRE Advanced Security (20260303)","VirIT eXplorer PRO (20260303)","Webroot SecureAnywhere (20260303)","Windows Defender (20260303)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PDFClickUpdater.exe","productName":"PDFClickUpdater","productVersion":"1.3.0.10","fileVersion":"1.3.0.10","hashMD5":"0cb13d665df4fa0fb8a401d447d283b0","hashSHA1":"affd57e48a8a6920fcabb9374376c06599e21f81","hashSHA256":"bd06d788b4384dd0d8640129746aa4c0826e63f409743f65000929702a417519","sourceIndex":"139","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDFClic%20k.exe","productName":"PDFClick","productVersion":"1.3.0.8","fileVersion":"1.3.0.8","hashMD5":"7f51f7c64126ddfcc94e95281a33de84","hashSHA1":"9b3c16b7d28196766a01e808c1902e20043eacdd","hashSHA256":"644816aec263951f3f66e07d4a064c92b9713daa6fb1e7dddea602a89c243f72","sourceIndex":"139","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.pdfclickapp.com","directDownloadingLink":"https://runeton.com/clic?fofk=c231203a-742a-4d11-a329-a3270e1bb11d&_gcl_au=1.1.1447609291.1764728070&lastVisitReport=2025-12-03T02%3A14%3A32.356Z&_ga=GA1.1.407334879.1764728070&_ga_JT8097F7EC=GS2.1.s1764736766%24o3%24g1%24t1764737153%24j2%24l0%24h1838032104","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://runeton.com/clic?fofk=c231203a-742a-4d11-a329-a3270e1bb11d&_gcl_au=1.1.1447609291.1764728070&lastVisitReport=2025-12-03T02%3A14%3A32.356Z&_ga=GA1.1.407334879.1764728070&_ga_JT8097F7EC=GS2.1.s1764736766%24o3%24g1%24t1764737153%24j2%24l0%24h1838032104","sourceIndex":"139"}],"sampleFiles":["251203/PDFClick-251203/1.3.0.8/Samples/pdfclick.exe","251203/PDFClick-251203/1.3.0.8/Samples/PDFClickUpdater.exe","251203/PDFClick-251203/1.3.0.8/Samples/PDFClic%20k.exe"],"imageFiles":["251203/PDFClick-251203/1.3.0.8/Images/ACR-084/schedule task.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-084/app1.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-048/schedule task.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-048/app1.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-118/retained files.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["251203/PDFClick-251203/1.3.0.8/Images/ACR-040/files.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-040/install1.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-040/install2.png","251203/PDFClick-251203/1.3.0.8/Images/ACR-065/app1.png"],"guid":"83e456a6-a13d-4b72-8fdb-d04718203046_1.3.0.8_1","appID":"PDFClick-251203","dateAdded":"251203","deceptorType":"App","name":"PDFClick","company":"PDFClick","version":"1.3.0.8","lastKnownStatus":"1.3.0.8","lastKnownDate":"251203","type":"Windows Executable","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2025-12-03T22:36:35.7934477+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":150},{"violations":{"ACR-042":"Application drops Mysterium node network components and starts running node service before user is presented with Term and agree it. \n","ACR-048":"Application doesn't provide control user to disable/cancel sharing node.\n","ACR-007":"Application installs Mysterium network components without disclosing the potential risks related with sharing network resource (IP/Bandwidth) by joining Mysterium node network, and obtaining user's explicit consent. \n","ACR-084":"Application doesn't provide any visible indication that Mysterium node sharing is active. The node service process keeps running in background without notifying user.\n","ACR-118":"Application leaves its executables in system even it has been uninstalled.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MysteriumDark-Setup-10.17.10.exe","isInstaller":"True","companyName":"Mysterium Network","productName":"MysteriumDark","productVersion":"10.17.10","fileVersion":"10.17.10","hashMD5":"6b29d0e5e5297f5a8c818c8397826cbd","hashSHA1":"092ba736d424a73bb8173861899f81dd12d472b3","hashSHA256":"dab21a4d5241222cdd1c8fb2d43e41bbd77ec931583c438e3a029590532a507e","sourceIndex":"141","avBlockList":["Avast Premium Security (20260219)","AVG Internet Security (20260219)","Avira Internet Security (20260219)","Bitdefender Internet Security (20260219)","ESET Internet Security (20260219)","G DATA INTERNET SECURITY (20260219)","K7 Total Security (20260219)","Malwarebytes Premium (20260219)","McAfee Total Protection (20260219)","Norton Security (20260219)","Panda Dome (20260219)","Quick Heal Internet Security (20260219)","Sophos Home Premium (20260219)","SpyHunter5 (20260219)","Total AV Antivirus Pro (20260219)","VIPRE Advanced Security (20260219)","VirIT eXplorer PRO (20260219)","Webroot SecureAnywhere (20260219)","Windows Defender (20260219)"],"avAllowList":["360 Total Security (20260219)","COMODO Antivirus (20260219)","Dr.Web Security Space (20260219)","FortectPremium (20260219)","KasperskyPremium (20260219)","Trend Micro Internet Security (20260219)"]},{"isRevoked":"False","fileName":"MysteriumDark.exe","companyName":"Mysterium Network","productName":"MysteriumDark","productVersion":"10.17.10.0","fileVersion":"10.17.10","hashMD5":"769550123f50aea79cd754aa062fc0de","hashSHA1":"2226a94da471567e7d8d27943ad9b08a794ed803","hashSHA256":"24649c58259b4010079250913c669b25170e5bce155c8378776fd6c21fe48be3","sourceIndex":"141","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Resrouce sharing","reference":"","landingPage":"https://www.mysteriumdark.com/downloads-dark","directDownloadingLink":"https://github.com/mysteriumnetwork/mysterium-vpn-desktop/releases/download/10.17.10/MysteriumDark-Setup-10.17.10.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://github.com/mysteriumnetwork/mysterium-vpn-desktop/releases/download/10.17.10/MysteriumDark-Setup-10.17.10.exe","sourceIndex":"141"}],"sampleFiles":["251125/MysteriumDark-251125/10.17.10/Samples/MysteriumDark-Setup-10.17.10.exe"],"imageFiles":["251125/MysteriumDark-251125/10.17.10/Images/ACR-042/ACR-042_Install_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-042/ACR-042_Install_2.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-007/ACR-007_Install_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-084/ACR-084_Software_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-048/ACR-048_Software_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-118/ACR-118_Uninstall_1.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-118/ACR-118_Uninstall_2.png","251125/MysteriumDark-251125/10.17.10/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"ee406d96-cb43-4018-8a7f-5a34d9d77f1a_10.17.10_1","appID":"MysteriumDark-251125","dateAdded":"251125","deceptorType":"App","name":"MysteriumDark","company":"Mysterium Network","version":"10.17.10","lastKnownStatus":"10.17.10","lastKnownDate":"251125","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-11-26T05:50:19.1551615+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":151},{"violations":{"ACR-043":" The app drops components of \"Bright data\" before user agrees and consents.\n\n","ACR-046":"The options are not conspicuous and the consumer gets to see \"Add Windows Firewall exception\" only when clicked on \"Installation Options\"\n","ACR-107":" The app installs \"The QT Company Ltd\", \"ffmpeg\" package and doesn't include the open source license or the source code or link to the source code. \n","ACR-048":"When the app is minimized, the app hides itself in tray instead of showing in task bar.\nThe app didn't provide any control to cancel the installation process.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing resources.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer. \n","ACR-085":"The app collects user behavior information without user consent\n\n","ACR-097":"During the install, the app prompts the user to exclude it from Windows Firewall Protection.\n","ACR-057":"Offers don't have a clear way for users to accept or decline as it is greyed out.\n","ACR-155":"The offer is inserted to masquerade as part of existing committed install workflow\n"},"nonDeceptorViolations":{"ACR-054":"The app does not provide equal prominence to the \"Accept\" and \"Decline\" options in the offer.\n"},"samples":[{"isRevoked":"False","fileName":"MediaGet_id2198544ids1s.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"1.0","fileVersion":"1.0","hashMD5":"431f1e00552f2264118ab220289c5cc9","hashSHA1":"b93f36de43e121f3c1a8b058f0e4fe68737911cf","hashSHA256":"c014a89a52ce6df93b92c57813961e344f4860baf207b9ee92105abaca6cd47a","digitalCertThumbprint":"7B6E285393B4F4A57241D0AFD183649D83EFAB30","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"Global Microtrading PTE. LTD","storeId":"","sourceIndex":"1733","avBlockList":["Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Tencent PC Manager (20220125)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","Windows Defender (20240723)","FortectPremium (20240723)"],"avAllowList":["360 Total Security (20240723)"]},{"isRevoked":"False","fileName":"C:\\Users\\User\\MediaGet2\\mediaget.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"47d4578388c5806d8ced2b69331d579f","hashSHA1":"8ae41b6bb8870f1b4eb688a09f3fb82a78b2fcf0","hashSHA256":"735937e257e2db23f27d12358b3a196e64ad973bad1191b235d9d0923c3d8044","digitalCertThumbprint":"7B6E285393B4F4A57241D0AFD183649D83EFAB30","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"Global Microtrading PTE. LTD","storeId":"","sourceIndex":"1733","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaGet_id1444797ids1s.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"4a11a46a009d80a3e6ddeee370538bb6","hashSHA1":"f3f7c29e5a7644faefa984117f3c88224114439f","hashSHA256":"6f50e5d10daa1d04689dff4743f10f27d522e4aee7dfffec9b1c1dfd622cb4aa","digitalCertThumbprint":"A102DB570CF7D133AF4305B79184095923264668","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=GLOBAL MICROTRADING PTE. LTD., OU=IT, O=GLOBAL MICROTRADING PTE. LTD., L=Singapore, C=SG","sourceIndex":"1733","avBlockList":["Avast Premium Security (20220125)","AVG Internet Security (20220125)","Avira Internet Security (20220125)","Bitdefender Internet Security (20220125)","COMODO Antivirus (20220125)","Dr.Web Security Space (20220125)","ESET Internet Security (20220125)","G DATA INTERNET SECURITY (20220125)","K7 Total Security (20220125)","Kaspersky Internet Security (20220125)","Malwarebytes Premium (20220125)","McAfee Total Protection (20220125)","Norton Security (20220125)","Panda Dome (20220125)","Quick Heal Internet Security (20220125)","Sophos Home Premium (20220125)","SpyHunter5 (20220125)","Tencent PC Manager (20220125)","Total AV Antivirus Pro (20220125)","VIPRE Advanced Security (20220125)","VirIT eXplorer PRO (20220125)","Webroot SecureAnywhere (20220125)","Windows Defender (20220125)"],"avAllowList":["360 Total Security (20220125)","Trend Micro Internet Security (20220125)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler, opera offer, uTorrent client, ","reference":"","landingPage":"","directDownloadingLink":"https://www.malavida.com/en/soft/mediaget/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.malavida.com/en/soft/mediaget/download","sourceIndex":"1733"}],"sampleFiles":["220114/MediaGet2-220107/1.0/Samples/MediaGet_id2198544ids1s.exe","220114/MediaGet2-220107/1.0/Samples/mediaget.exe","220114/MediaGet2-220107/1.0/Samples/MediaGet_id1444797ids1s.exe"],"imageFiles":["220114/MediaGet2-220107/1.0/Images/ACR-085/ACR-085_Software.JPG","220114/MediaGet2-220107/1.0/Images/ACR-048/ACR-048_Software.mp4","220114/MediaGet2-220107/1.0/Images/ACR-043/ACR-043_Install.JPG","220114/MediaGet2-220107/1.0/Images/ACR-046/ACR-046_Install.JPG","220114/MediaGet2-220107/1.0/Images/ACR-046/ACR-046_Install_1.JPG","220114/MediaGet2-220107/1.0/Images/ACR-107/ACR-107_Install.JPG","220114/MediaGet2-220107/1.0/Images/ACR-107/ACR-107_Install_2.JPG","220114/MediaGet2-220107/1.0/Images/ACR-048/ACR-048_Install_No_Control.JPG","220114/MediaGet2-220107/1.0/Images/ACR-007/ACR-007_Install.JPG","220114/MediaGet2-220107/1.0/Images/ACR-084/ACR-084_Background_Process.JPG","220114/MediaGet2-220107/1.0/Images/ACR-097/ACR-097_Software.JPG","220114/MediaGet2-220107/1.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","220114/MediaGet2-220107/1.0/Images/ACR-155/ACR-155_BundlerMadeOffers_MasquerededOffer.JPG"],"nonDeceptorImageFiles":["220114/MediaGet2-220107/1.0/Images/ACR-054/ACR-054_BundlerMadeOffers_No_EqualProminence.JPG"],"guid":"0a8d675f-91d2-4dc7-9368-038af45c0f0c_1.0_1","appID":"MediaGet2-220107","dateAdded":"251118","deceptorType":"Bundler","name":"MediaGet2","company":"GLOBAL MICROTRADING PTE. LTD","version":"1.0","sigName":"Deceptor:Win32/MediaGet2!085048043046107007084097057155","lastKnownStatus":"1.0","lastKnownDate":"251118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-11-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":155},{"violations":{"ACR-004":"The app does not offer free fix, instead requires a paid subscription to address the issues reported. It also uses alarming colors (red & orange) and exclamation symbols to raise urgency and priority to the consumer.\n","ACR-118":"After uninstall, it retains some executables and its other components.\n","ACR-014":"The uninstall button is greyed out, making it appear disabled.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-065":"The User License Agreement link leads to the Terms Of Use  for the website rather than the EULA for software. The app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLFixerSetup_1111_2_0_4_76.exe","isInstaller":"True","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo DLL Fixer","productVersion":"2.0.4.76","fileVersion":"2.0.4.76","hashMD5":"91511b11d2c06080fd9481d3dfa374a5","hashSHA1":"019e4a6b0eab5d4f9094776f7f12d1eb67cbb03f","hashSHA256":"e35f7ec640604db9d7869804ba3effa1f67fe83d8621d47a847a4c6868ed3f34","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"143","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","Malwarebytes Premium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)","Windows Defender (20260205)"],"avAllowList":["COMODO Antivirus (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","KasperskyPremium (20260205)","Trend Micro Internet Security (20260205)"]},{"isRevoked":"False","fileName":"DllFixer.exe","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo DLL Fixer","productVersion":"2.0.4.76","fileVersion":"2.0.4.76","hashMD5":"4496a8e092ac24df2fc9c5401d5fd5b0","hashSHA1":"a743830e36f0f06b3d553bd7ebc73e0f6eb5f8b1","hashSHA256":"49b564b625dd7a4bfa7605ecab603a0b2b2be9951dca478aacfb4ac72711d042","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"143","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.pcgogo.com/stardll","directDownloadingLink":"https://file1.pcgogo.com/soft_intl/DLLFixerSetup/2_0_4_76/DLLFixerSetup_1111_2_0_4_76.exe?_gl=1*1auvq2w*_gcl_au*MTEwMTcxOTIyNC4xNzYzMTU0Nzk4","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file1.pcgogo.com/soft_intl/DLLFixerSetup/2_0_4_76/DLLFixerSetup_1111_2_0_4_76.exe?_gl=1*1auvq2w*_gcl_au*MTEwMTcxOTIyNC4xNzYzMTU0Nzk4","sourceIndex":"143"}],"sampleFiles":["251118/PcGoGoDLLFixer-251114/2.9.4.76/Samples/DLLFixerSetup_1111_2_0_4_76.exe","251118/PcGoGoDLLFixer-251114/2.9.4.76/Samples/DllFixer.exe"],"imageFiles":["251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_1.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_2.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_3.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_4.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-004/ACR-004_Software_5.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-118/ACR-118_Uninstall_1.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-118/ACR-118_Uninstall_2.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-118/ACR-118_Uninstall_3.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-014/ACR-014_Uninstall_1.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-014/ACR-014_Uninstall_2.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-165/ACR-165_Internal offers_1.jpeg"],"nonDeceptorImageFiles":["251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-065/ACR-065_Landing page_1.png","251118/PcGoGoDLLFixer-251114/2.9.4.76/Images/ACR-065/ACR-065_Landing page_2.png"],"guid":"b13b3a80-a5fd-4fad-898a-7eaa4456754c_2.9.4.76_1","appID":"PcGoGoDLLFixer-251114","dateAdded":"251118","deceptorType":"App","name":"PcGoGo DLL Fixer","company":"TECHVISTA Co., Ltd.","version":"2.9.4.76","lastKnownStatus":"2.9.4.76","lastKnownDate":"251118","type":"Windows Executable","lastUpdate":"2025-11-18T21:41:49.4545313+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":152},{"violations":{"ACR-046":"The options are not conspicuous and the consumer gets to see the \"Add Windows Firewall exception\" only when the \"Settings\" Option is clicked also, the decline option provided in the offers seems to be greyed out or hidden.\n","ACR-048":"User can't stop/cancel resource sharing when application exit (the resource sharing process keeps running in background)\nThe app didn't provide any control to cancel the installation process.\n","ACR-007":"The offer doesn't explicitly inform user about the reduction in security associated with its resource borrowing.\nApplication doesn't prompt the clear message to inform get consent from user about the reduction in security associated with its resource borrowing feature turn on. (when user check the hide ads in media and share device resource)\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"The resource sharing process keeps running in background without notifying user when application close and exit. \n","ACR-085":"The app collects user behavior information without user consent\n\n","ACR-097":"During the install, the app prompts the user to exclude it from Windows Firewall Protection without giving reason or details\n","ACR-118":"Application leaves resource sharing components in system and keep its process running in background after it uninstallation completes.\n","ACR-057":"Offers don't have a clear way for users to accept or decline as it is greyed out.\n","ACR-053":"The app doesn’t allow the consumer to skip all offers at once.\n","ACR-059":"Offers that are not related to the main app are not marked as \"Optional Offer\".\n"},"nonDeceptorViolations":{"ACR-123":"Application did not remove itself from the firewall exception and the startup that was added/created during installation. And leave the resource sharing components in system and process running.\n","ACR-054":"The app does not provide equal prominence to the \"Accept\" and \"Decline\" options in the offer.\n"},"samples":[{"isRevoked":"False","fileName":"MediaGet_id2764411ids1s.exe","isInstaller":"True","productName":",\u0004\u0001ProductVersion","productVersion":"1.0","fileVersion":"1.0","hashMD5":"a849faf8565bb021a6c0572fa6814e6c","hashSHA1":"492df506e9abbac8b5d401667fe21221686ee3c9","hashSHA256":"8561a75684c49a954c4efd5f16a67dbe33db70355ac3aa7a4523f37f86e8ce43","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Global Microtrading PTE. LTD, O=Global Microtrading PTE. LTD, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"142","avBlockList":["Avast Premium Security (20260129)","AVG Internet Security (20260129)","Avira Internet Security (20260129)","Bitdefender Internet Security (20260129)","COMODO Antivirus (20260129)","Dr.Web Security Space (20260129)","ESET Internet Security (20260129)","FortectPremium (20260129)","G DATA INTERNET SECURITY (20260129)","K7 Total Security (20260129)","KasperskyPremium (20260129)","Malwarebytes Premium (20260129)","McAfee Total Protection (20260129)","Norton Security (20260129)","Panda Dome (20260129)","Quick Heal Internet Security (20260129)","Sophos Home Premium (20260129)","SpyHunter5 (20260129)","Total AV Antivirus Pro (20260129)","Trend Micro Internet Security (20260129)","VIPRE Advanced Security (20260129)","VirIT eXplorer PRO (20260129)","Webroot SecureAnywhere (20260129)","Windows Defender (20260129)"],"avAllowList":["360 Total Security (20260129)"]},{"isRevoked":"False","fileName":"proxy-sdk.exe","productName":"proxy-sdk","productVersion":"$\u0002\u0001SpecialBuild","fileVersion":"4\n\u0001InternalName","hashMD5":"57e5e1fc437aacc0c0924e7c466387dd","hashSHA1":"5c0d8f4194d0b93cfaff2bcd65558f986e6f355b","hashSHA256":"a3b91ed400bd2115d9a21c57c150d0fa87db3a9680a7033e581a3ccdb1abd432","digitalCertThumbprint":"849DA21B7963CA4D7CC5F364051830456F21D85F","digitalCertIssuer":"CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DATACOLLECT LIMITED, O=DATACOLLECT LIMITED, S=Hertfordshire, C=GB","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"142","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"neunative-m.exe","hashMD5":"88504d4dfaa260a8006b362056e0de86","hashSHA1":"de76aba202571739251b999754357094eadc4951","hashSHA256":"6f072380a22e49e878caa0428db57682c50ffdbb8c2fd0108f079b0f1d353c5e","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Global Microtrading PTE. LTD, O=Global Microtrading PTE. LTD, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"142","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"neunative_setup.exe","companyName":"neunative                                                   ","productName":"neunative-m","productVersion":"2.0","hashMD5":"123a40d049595397c765a2ca1f4e4aea","hashSHA1":"62c117234f76b2ceb6d9515ed78f7e2053893046","hashSHA256":"23c485023d4a37a870b27f6eedf4c5bb925a8b54338a994f9e57c3268c8f645e","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Global Microtrading PTE. LTD, O=Global Microtrading PTE. LTD, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"142","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"proxy-sdk%20setup.exe","companyName":"Datacollect Limited                                         ","productName":"proxy-sdk","productVersion":"111","hashMD5":"30c52dfba80dabdfa379315b30e26f4c","hashSHA1":"582b3b6639163699decf5ce00819f7488bba9515","hashSHA256":"9752d13cc4eda5baef131182f81c084584675bc2fbd64037bf65b1b3341524c1","digitalCertThumbprint":"849DA21B7963CA4D7CC5F364051830456F21D85F","digitalCertIssuer":"CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DATACOLLECT LIMITED, O=DATACOLLECT LIMITED, S=Hertfordshire, C=GB","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"142","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mediaget.exe","isInstaller":"True","productName":"MediaGet","productVersion":"2.6.12.626","fileVersion":"7.23.24.756","hashMD5":"5e383a9fbedd1ee3c7aef50503e0fc97","hashSHA1":"bc1c63a07a9c49ca4f4d857742945073e1edd3a5","hashSHA256":"a3aecf1c3aebdcbd21a8744979aadb81d8d6b19ea0f6e932b03d0cf1076d7a42","digitalCertThumbprint":"7A37E1D5546A7781D8FC077D6892CF5CF83A3D90","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=RA DELTA LLC, O=RA DELTA LLC, L=Sergiyev Posad, S=Moscow Oblast, C=RU","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"142","avBlockList":["360 Total Security (20260203)","Avast Premium Security (20260203)","AVG Internet Security (20260203)","Avira Internet Security (20260203)","Bitdefender Internet Security (20260203)","COMODO Antivirus (20260203)","Dr.Web Security Space (20260203)","ESET Internet Security (20260203)","FortectPremium (20260203)","G DATA INTERNET SECURITY (20260203)","K7 Total Security (20260203)","KasperskyPremium (20260203)","Malwarebytes Premium (20260203)","McAfee Total Protection (20260203)","Norton Security (20260203)","Panda Dome (20260203)","Quick Heal Internet Security (20260203)","Sophos Home Premium (20260203)","SpyHunter5 (20260203)","Total AV Antivirus Pro (20260203)","Trend Micro Internet Security (20260203)","VIPRE Advanced Security (20260203)","VirIT eXplorer PRO (20260203)","Webroot SecureAnywhere (20260203)","Windows Defender (20260203)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler, opera offer, uTorrent client, ","reference":"","landingPage":"","directDownloadingLink":"https://www.malavida.com/en/soft/mediaget/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.malavida.com/en/soft/mediaget/download","sourceIndex":"142"}],"sampleFiles":["251118/MediaGet2-220107/1.0.0.0/Samples/MediaGet_id2764411ids1s.exe","251118/MediaGet2-220107/1.0.0.0/Samples/mediaget.exe"],"imageFiles":["251118/MediaGet2-220107/1.0.0.0/Images/ACR-085/ACR-085_Software_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-048/ACR-048_Software_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-048/ACR-048_Software_2.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-053/ACR-053.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-053/ACR-053_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-053/ACR-053_Install_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-053/ACR-053_Install_2.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046_2.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046_3.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-046/ACR-046_4.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-048/ACR-048.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-007/ACR-007_Install_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-084/ACR-084_Software_2.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-084/ACR-084_Software_3.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-097/ACR-097.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-097/ACR-097_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-007/ACR-007_Software_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_2.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-057/ACR-057.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-057/ACR-057_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-057/ACR-057_2.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-059/ACR-059.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-059/ACR-059_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-060/ACR-060.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["251118/MediaGet2-220107/1.0.0.0/Images/ACR-123/ACR-123.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-123/ACR-123_1.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-123/ACR-123_Uninstall_1.png","251118/MediaGet2-220107/1.0.0.0/Images/ACR-054/ACR-054.PNG","251118/MediaGet2-220107/1.0.0.0/Images/ACR-054/ACR-054_1.PNG"],"guid":"0a8d675f-91d2-4dc7-9368-038af45c0f0c_1.0.0.0_1","appID":"MediaGet2-220107","dateAdded":"251118","deceptorType":"Bundler","name":"MediaGet2","company":"GLOBAL MICROTRADING PTE. LTD","version":"1.0.0.0","lastKnownStatus":"1.0","lastKnownDate":"251118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,net proxy,install offers","lastUpdate":"2025-11-18T23:26:40.2605913+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":153},{"violations":{"ACR-046":"The options are not conspicuous and the consumer gets to see the \"Add Windows Firewall exception\" only when the \"Settings\" Option is clicked also, the decline option provided in the offers seems to be greyed out or hidden.\n","ACR-048":"The app didn't provide any control to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-085":"The app collects user behavior information without user consent\n\n","ACR-097":"During the install, the app prompts the user to exclude it from Windows Firewall Protection without giving reason or details\n","ACR-057":"Offers don't have a clear way for users to accept or decline as it is greyed out.\n","ACR-053":"The app doesn’t allow the consumer to skip all offers at once.\n","ACR-059":"Offers that are not related to the main app are not marked as \"Optional Offer\".\n","ACR-155":"The offer is inserted to masquerade as part of existing committed install workflow\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception and the startup that was added/created during installation.\n\n","ACR-054":"The app does not provide equal prominence to the \"Accept\" and \"Decline\" options in the offer.\n"},"samples":[{"isRevoked":"False","fileName":"starsector_id4706737ids1s.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"1.0","fileVersion":"1.0","hashMD5":"69897600293799cd8d06d8cd16081143","hashSHA1":"e052ff1b58329aa6871a41f63567ea9057a5ec47","hashSHA256":"f407bc3f5ff784a9b614d96ff56f99625b4fbd3f62bd00edd04c7a1cc36d88d1","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Global Microtrading PTE. LTD","storeId":"","sourceIndex":"717","avBlockList":["Avast Premium Security (20251002)","AVG Internet Security (20251002)","Avira Internet Security (20251002)","Bitdefender Internet Security (20251002)","COMODO Antivirus (20251002)","Dr.Web Security Space (20251002)","ESET Internet Security (20251002)","G DATA INTERNET SECURITY (20251002)","K7 Total Security (20251002)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20251002)","McAfee Total Protection (20251002)","Norton Security (20251002)","Panda Dome (20251002)","Quick Heal Internet Security (20251002)","Sophos Home Premium (20251002)","SpyHunter5 (20251002)","Total AV Antivirus Pro (20251002)","VIPRE Advanced Security (20251002)","VirIT eXplorer PRO (20251002)","Webroot SecureAnywhere (20251002)","Windows Defender (20251002)","FortectPremium (20251002)","KasperskyPremium (20251002)"],"avAllowList":["360 Total Security (20251002)","Trend Micro Internet Security (20251002)"]},{"isRevoked":"False","fileName":"mediaget_installer_485.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"c6a8d4294c7fc378bc6c1996ad397b59","hashSHA1":"979f0e29b779eb0f81bdca0eb776f6cbec2480b4","hashSHA256":"0d7981c2707784d0c86f8484e5143008f827057318c5f9fae028d8bfe2fd2231","digitalCertThumbprint":"9D89FED0AE39E69667052E8AF214520E135C3CE8","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Global Microtrading PTE. LTD, O=Global Microtrading PTE. LTD, L=Singapore, C=SG","sourceIndex":"717","avBlockList":["Avast Premium Security (20251120)","AVG Internet Security (20251120)","Avira Internet Security (20251120)","Bitdefender Internet Security (20251120)","COMODO Antivirus (20251120)","Dr.Web Security Space (20251120)","ESET Internet Security (20251120)","FortectPremium (20251120)","G DATA INTERNET SECURITY (20251120)","K7 Total Security (20251120)","KasperskyPremium (20251120)","Malwarebytes Premium (20251120)","McAfee Total Protection (20251120)","Norton Security (20251120)","Panda Dome (20251120)","Quick Heal Internet Security (20251120)","Sophos Home Premium (20251120)","SpyHunter5 (20251120)","Total AV Antivirus Pro (20251120)","VIPRE Advanced Security (20251120)","VirIT eXplorer PRO (20251120)","Webroot SecureAnywhere (20251120)","Windows Defender (20251120)"],"avAllowList":["360 Total Security (20251120)","Trend Micro Internet Security (20251120)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler, opera offer, uTorrent client, ","reference":"","landingPage":"https://mediaget.com","directDownloadingLink":"https://mediaget.com/installer/mediaget_installer_484.exe?filename=starsector_id4706737ids1s.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mediaget.com/installer/mediaget_installer_484.exe?filename=starsector_id4706737ids1s.exe","sourceIndex":"717"}],"sampleFiles":["240306/MediaGet2-220107/1.0.0/Samples/starsector_id4706737ids1s.exe","240306/MediaGet2-220107/1.0.0/Samples/mediaget_installer_485.exe"],"imageFiles":["240306/MediaGet2-220107/1.0.0/Images/ACR-085/ACR-085.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-053/ACR-053.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-053/ACR-053_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-053/ACR-053_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046_3.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-046/ACR-046_4.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-048/ACR-048.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-097/ACR-097.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-097/ACR-097_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-057/ACR-057.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-057/ACR-057_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-057/ACR-057_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-059/ACR-059.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-059/ACR-059_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-059/ACR-059_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-155/ACR-155.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-155/ACR-155_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-155/ACR-155_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-013/ACR-013.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-013/ACR-013_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-013/ACR-013_2.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-060/ACR-060.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-060/ACR-060_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":["240306/MediaGet2-220107/1.0.0/Images/ACR-123/ACR-123.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-123/ACR-123_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-054/ACR-054.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-054/ACR-054_1.PNG","240306/MediaGet2-220107/1.0.0/Images/ACR-054/ACR-054_2.PNG"],"guid":"0a8d675f-91d2-4dc7-9368-038af45c0f0c_1.0.0_1","appID":"MediaGet2-220107","dateAdded":"251118","deceptorType":"Bundler","name":"MediaGet2","company":"GLOBAL MICROTRADING PTE. LTD","version":"1.0.0","lastKnownStatus":"1.0","lastKnownDate":"251118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-11-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":154},{"violations":{"ACR-048":"Application creates autostart entry and scheduled tasks without user awareness. And doesn't provide the control setting to disable autostart entry, scheduled tasks and background running processes.\n","ACR-007":"Application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth) by joining Mysterium node network. \n","ACR-084":"The process running in background without notifying user after user close the application.\n","ACR-118":"Application doesn't delete Mysterium node components after uninstallation completes. Application doesn't delete its auto start entry after uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"kryptex-setup-5.2.21.exe","isInstaller":"True","companyName":"Kryptex","productName":"Kryptex","productVersion":"5.2.21","fileVersion":"5.2.21","hashMD5":"c9d016277463d08a971a1f7608f30b5a","hashSHA1":"a4cbe6032f6e29aecb0b5223319b79fdbb62189b","hashSHA256":"13bb712eeacc5438e2577100b900456c1aef2f1de93189a5a91292c777b7e272","digitalCertThumbprint":"C43BF342CBAB1D909BBB53A1CD061C16630CBAB2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=xBlock Ventures OÜ, O=xBlock Ventures OÜ, S=Harjumaa, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","KasperskyPremium (20260205)","Malwarebytes Premium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)"],"avAllowList":["COMODO Antivirus (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","Trend Micro Internet Security (20260205)","Windows Defender (20260205)"]},{"isRevoked":"False","fileName":"kryptex-setup-latest-v5.exe","isInstaller":"True","companyName":"Kryptex","productName":"Kryptex","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"e2c8d3a49cd53c45bcdd2eb8d3cf0a7d","hashSHA1":"4722c2bc2b7a1ada57bd43b25ede80e7dba205e9","hashSHA256":"5363a1928a9a187ce5ed694fad32eea6b399e85d0aa2932536b986bae1b6518d","digitalCertThumbprint":"C43BF342CBAB1D909BBB53A1CD061C16630CBAB2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=xBlock Ventures OÜ, O=xBlock Ventures OÜ, S=Harjumaa, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":["360 Total Security (20260212)","Avast Premium Security (20260212)","AVG Internet Security (20260212)","Avira Internet Security (20260212)","Bitdefender Internet Security (20260212)","COMODO Antivirus (20260212)","Dr.Web Security Space (20260212)","ESET Internet Security (20260212)","FortectPremium (20260212)","G DATA INTERNET SECURITY (20260212)","K7 Total Security (20260212)","McAfee Total Protection (20260212)","Norton Security (20260212)","Panda Dome (20260212)","Quick Heal Internet Security (20260212)","Sophos Home Premium (20260212)","SpyHunter5 (20260212)","Total AV Antivirus Pro (20260212)","VIPRE Advanced Security (20260212)","VirIT eXplorer PRO (20260212)","Webroot SecureAnywhere (20260212)"],"avAllowList":["KasperskyPremium (20260212)","Malwarebytes Premium (20260212)","Trend Micro Internet Security (20260212)","Windows Defender (20260212)"]},{"isRevoked":"False","fileName":"Kryptex.exe","companyName":"Kryptex","productName":"Kryptex","productVersion":"5.2.21.0","fileVersion":"5.2.21","hashMD5":"fed2ea76300da8d2b09d67b74f3d95a1","hashSHA1":"48fb6f06faa16fd20b4f5d7eee15190d2e38c2db","hashSHA256":"1ba49f9e59af45d8e75d13297a6a2109e4704cf802a9e55489a289ae0b72dafb","digitalCertThumbprint":"C43BF342CBAB1D909BBB53A1CD061C16630CBAB2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=xBlock Ventures OÜ, O=xBlock Ventures OÜ, S=Harjumaa, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KryptexService.exe","companyName":"Kryptex","productName":"Kryptex","productVersion":"5.2.21","fileVersion":"5.2.21.0","hashMD5":"46b95229e06002e3841e8ee953d22044","hashSHA1":"1be8067057145758023fb5902098cf536956ebd2","hashSHA256":"0ab41de90b96841a18d036b0b1c0e98cadd6c393a6d231a31b431237aa0a349b","digitalCertThumbprint":"C43BF342CBAB1D909BBB53A1CD061C16630CBAB2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=xBlock Ventures OÜ, O=xBlock Ventures OÜ, S=Harjumaa, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"144","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"P2P VPN","reference":"","landingPage":"https://www.kryptex.com/en/","directDownloadingLink":"https://www.kryptex.com/download?source=landing_v5","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.kryptex.com/download?source=landing_v5","sourceIndex":"144"}],"sampleFiles":["251117/Kryptex-251116/5.2.21/Samples/kryptex-setup-5.2.21.exe","251117/Kryptex-251116/5.2.21/Samples/kryptex-setup-latest-v5.exe"],"imageFiles":["251117/Kryptex-251116/5.2.21/Images/ACR-007/ACR-007_Install_2.png","251117/Kryptex-251116/5.2.21/Images/ACR-007/ACR-007_Install_3.png","251117/Kryptex-251116/5.2.21/Images/ACR-007/ACR-007_Install_4.png","251117/Kryptex-251116/5.2.21/Images/ACR-084/ACR-084_Software_1.png","251117/Kryptex-251116/5.2.21/Images/ACR-048/ACR-048_Software_1.png","251117/Kryptex-251116/5.2.21/Images/ACR-048/ACR-048_Software_2.png","251117/Kryptex-251116/5.2.21/Images/ACR-048/ACR-048_Software_3.png","251117/Kryptex-251116/5.2.21/Images/ACR-118/ACR-118_Uninstall_1.png","251117/Kryptex-251116/5.2.21/Images/ACR-118/ACR-118_Uninstall_2.png","251117/Kryptex-251116/5.2.21/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"1a5d0357-7440-4f59-858f-bf83a7dcb19c_5.2.21_1","appID":"Kryptex-251116","dateAdded":"251117","deceptorType":"App","name":"Kryptex","company":"Kryptex","version":"5.2.21","lastKnownStatus":"5.2.21","lastKnownDate":"251117","type":"Windows Executable","category":"Productivity","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining,net proxy","lastUpdate":"2025-11-17T23:06:41.7648814+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":156},{"violations":{"ACR-004":"The app uses alarming colors with exclamation symbol to raise urgency and priority to the consumer for cleanup. It does not provide fix to free scanned cleanable items and displays C Drive is full when only 35% of the drive is used, misleading user to take action. \n\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n","ACR-065":"The app needs to disclose the Privacy Policy during installation.\n\n","ACR-099":"The app does not disclose uninstall info in the app's about page.\nThe app does not disclose uninstall info in the landing page.\n","ACR-167":"The app does not offer a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent.exe","companyName":"OSToto Co., Ltd.","productName":"Driver Talent","fileVersion":"8.0.10.58","hashMD5":"6e1d4b441b307b72e2652b67ad23c53c","hashSHA1":"158ec31580b50e423d94c27b6789f48f429d1f8e","hashSHA256":"dcbd71b4c0c0ba38e03435af2ec566db15d533d6b5bd95f78f159db94ad4e1c7","digitalCertThumbprint":"E13DF38FA38154C0F55353A1AB0FD5411C6D19E3","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Shenzhen DriveTheLife Software Technology Co.Ltd, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong Province, C=CN","sourceIndex":"1432","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverTalent_setup_8.0.10.58.exe","isInstaller":"True","companyName":"OSToto Co., Ltd.","productName":"Driver Talent","fileVersion":"8.0.10.58","hashMD5":"5a66fd4bff264e8bfec4c0cd6d8c74af","hashSHA1":"c18ec9bf7ce46ebdd51dc6dc42f0e3fb811c5b75","hashSHA256":"1f72a6392fdf3b5d30ad6465b300af5c95f7f9e314be9af7c3562c670f157570","digitalCertThumbprint":"E13DF38FA38154C0F55353A1AB0FD5411C6D19E3","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Shenzhen DriveTheLife Software Technology Co.Ltd, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong Province, C=CN","sourceIndex":"1432","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","ESET Internet Security (20220920)","K7 Total Security (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VIPRE Advanced Security (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)","Windows Defender (20220920)"],"avAllowList":["Dr.Web Security Space (20220920)","G DATA INTERNET SECURITY (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","Trend Micro Internet Security (20220920)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.ostoto.com/products/driver-talent-for-network-card.html","directDownloadingLink":"http://file.ostoto.com/download/20180327/DriverTalent_net_ostoto.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://file.ostoto.com/download/20180327/DriverTalent_net_ostoto.exe","sourceIndex":"1432"},{"howFound":"Hunt.search","reference":"","landingPage":"https://www.drivethelife.com/","directDownloadingLink":"https://www.drivethelife.com/download/driver-talent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drivethelife.com/download/driver-talent.exe","sourceIndex":"1433"}],"sampleFiles":["220908/DriverTalent-181031/8.0.10.58/Samples/DriverTalent.exe","220908/DriverTalent-181031/8.0.10.58/Samples/DriverTalent_setup_8.0.10.58.exe"],"imageFiles":["220908/DriverTalent-181031/8.0.10.58/Images/ACR-004/ACR-004_Alert_Exaggeration.jpg"],"nonDeceptorImageFiles":["220908/DriverTalent-181031/8.0.10.58/Images/ACR-045/ACR-045_Free_Word_LandingPage.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-045/ACR-045_Software.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-045/ACR-045_Free_Word_LandingPage.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-065/ACR-065_PrivacyPolicy_Installation.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-099/ACR-099_Uninstall_Software.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-099/ACR-099_Uninstall_LandingPage.jpg","220908/DriverTalent-181031/8.0.10.58/Images/ACR-099/ACR-099_DriverTalent_LandingPage.png","220908/DriverTalent-181031/8.0.10.58/Images/ACR-167/DriverTalent_OfferPage_ReturnPolicy.jpg"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_8.0.10.58_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"8.0.10.58","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":160},{"violations":{"ACR-004":"The app uses alarming colors with exclamation symbol to raise urgency and priority to the consumer. It does not provide fix to free scanned cleanable items at cleanup and displays C Drive is full when only 43% of the drive is used, misleading user to take action. \n\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n","ACR-065":"The app needs to disclose the Privacy Policy during installation.\n\n","ACR-099":"The app does not disclose uninstall info in the app's about page.\nThe app does not disclose uninstall info in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent.exe","companyName":"OSToto Co. , Ltd.","fileVersion":"8.1","hashMD5":"52b796b868cbebb712a205aa2d39c461","hashSHA1":"75eecb68a9b12bcc711f9f50d26d4216df828fa8","hashSHA256":"2c09539803c3789392f761134cb46deac9cc61870e5a3f3e5b91a102ae032744","digitalCertThumbprint":"E13DF38FA38154C0F55353A1AB0FD5411C6D19E3","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Shenzhen DriveTheLife Software Technology Co.Ltd, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong Province, C=CN","sourceIndex":"1056","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverTalent_ostoto_setup_8_1_9.20.exe","isInstaller":"True","companyName":"OSToto Co., Ltd.","fileVersion":"8.1","hashMD5":"7c3dc80884f2f6789c9dcf1370c4e0b7","hashSHA1":"eb3d375d1e8d5e2973b61fd913ae08de684fa19d","hashSHA256":"4079ffd156ed938495ee49f742baceb13576bb748664c5da1b4c88562ecb14e0","digitalCertThumbprint":"E13DF38FA38154C0F55353A1AB0FD5411C6D19E3","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Shenzhen DriveTheLife Software Technology Co.Ltd, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong Province, C=CN","sourceIndex":"1056","avBlockList":["360 Total Security (20230829)","Avast Premium Security (20230829)","AVG Internet Security (20230829)","Avira Internet Security (20230829)","Bitdefender Internet Security (20230829)","ESET Internet Security (20230829)","K7 Total Security (20230829)","Malwarebytes Premium (20230829)","McAfee Total Protection (20230829)","Norton Security (20230829)","Panda Dome (20230829)","Quick Heal Internet Security (20230829)","Sophos Home Premium (20230829)","SpyHunter5 (20230829)","Total AV Antivirus Pro (20230829)","VIPRE Advanced Security (20230829)","VirIT eXplorer PRO (20230829)","Webroot SecureAnywhere (20230829)"],"avAllowList":["COMODO Antivirus (20230829)","Dr.Web Security Space (20230829)","G DATA INTERNET SECURITY (20230829)","Kaspersky Internet Security (20230829)","Trend Micro Internet Security (20230829)","Windows Defender (20230829)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.drivethelife.com/","directDownloadingLink":"https://www.drivethelife.com/thankspage/Driver%20Talent.html?d=https://www.drivethelife.com/download/driver-talent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drivethelife.com/thankspage/Driver%20Talent.html?d=https://www.drivethelife.com/download/driver-talent.exe","sourceIndex":"1056"}],"sampleFiles":["230606/DriverTalent-181031/8.1.9.20/Samples/DriverTalent.exe","230606/DriverTalent-181031/8.1.9.20/Samples/DriverTalent_ostoto_setup_8_1_9.20.exe"],"imageFiles":["230606/DriverTalent-181031/8.1.9.20/Images/ACR-004/ACR-004_NotBackedUp.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-004/ACR-004.png"],"nonDeceptorImageFiles":["230606/DriverTalent-181031/8.1.9.20/Images/ACR-045/DT_Free.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-045/DT_Upgrade.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-045/DT_Free.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-065/NoLinktoPP.png","230606/DriverTalent-181031/8.1.9.20/Images/ACR-099/DriverTalent+AboutUs.jpg","230606/DriverTalent-181031/8.1.9.20/Images/ACR-099/DriverTalent_HowTo.jpeg","230606/DriverTalent-181031/8.1.9.20/Images/ACR-099/LP_NoUninstallLink.png"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_8.1.9.20_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"8.1.9.20","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":159},{"violations":{"ACR-016":"Displayed ads lead to direct downloading and installation of the applications instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n","ACR-055":"The obvious accept/decline options are not provided for offers.\n","ACR-059":"The offers are not marked as option during installation offering time. There is no clear information about what the Alliance agreement for user, confusing users.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent_net_ostoto.exe","isInstaller":"True","companyName":"OSToto Co., Ltd.","productName":"Driver Talent","productVersion":"7, 0, 1, 8","fileVersion":"7, 0, 1, 8","hashMD5":"4e06dcfd0a4279408f5fdc2d0adf66a9","hashSHA1":"f799ec23a5c37b86c5098f13dd3e2e0abf37eb3f","hashSHA256":"95a29837cd549dfbfeb14f5790580229963fb93ed79abfffb84f57d80dfa01e5","digitalCertThumbprint":"1439D6BD763B63B3FCDA5393B1998A17EAA7898B","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=OSTOTO CO. LIMITED, OU=International  DEPT, O=OSTOTO CO. LIMITED, L=HongKong, S=HongKong, C=HK","sourceIndex":"2528","avBlockList":["Avast Internet Security (20190218)","AVG Internet Security (20190218)","Avira Internet Security (20190218)","ESET Internet Security (20190218)","K7 Total Security (20190218)","Malwarebytes Premium (20190218)","Norton Security (20190218)","Panda Dome (20190218)","Sophos Home Premium (20190218)","VirIT eXplorer PRO (20190218)","Webroot SecureAnywhere (20190218)"],"avAllowList":["Bitdefender Internet Security (20190218)","G DATA INTERNET SECURITY (20190218)","Kaspersky Internet Security (20190218)","McAfee Total Protection (20190218)","Trend Micro Internet Security (20190218)","Windows Defender (20190218)"]},{"isRevoked":"False","fileName":"DriverTalent.exe","companyName":"OSToto Co., Ltd.","productName":"Driver Talent","productVersion":"7.0.1.8","fileVersion":"7.0.1.8","hashMD5":"ea3bd4db8365760e98a95027147784dc","hashSHA1":"bdca40d6c87d9e2b0678615d06c5903917391adc","hashSHA256":"d883984a811a26d58bb263602f9d7c2deef18fcf34c970903bce65932a7129d9","digitalCertThumbprint":"1439D6BD763B63B3FCDA5393B1998A17EAA7898B","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=OSTOTO CO. LIMITED, OU=International  DEPT, O=OSTOTO CO. LIMITED, L=HongKong, S=HongKong, C=HK","sourceIndex":"2528","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.ostoto.com/products/driver-talent-for-network-card.html","directDownloadingLink":"http://file.ostoto.com/download/20180327/DriverTalent_net_ostoto.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://file.ostoto.com/download/20180327/DriverTalent_net_ostoto.exe","sourceIndex":"2528"}],"sampleFiles":["181031/DriverTalent-181031/7.0.1.8/Samples/DriverTalent_net_ostoto.exe","181031/DriverTalent-181031/7.0.1.8/Samples/DriverTalent.exe"],"imageFiles":["181031/DriverTalent-181031/7.0.1.8/Images/ACR-055/avastOffer.PNG","181031/DriverTalent-181031/7.0.1.8/Images/ACR-055/OperaOffer.PNG","181031/DriverTalent-181031/7.0.1.8/Images/ACR-059/avastOffer.PNG","181031/DriverTalent-181031/7.0.1.8/Images/ACR-059/OperaOffer.PNG","181031/DriverTalent-181031/7.0.1.8/Images/ACR-016/ACR-016_software.mp4"],"nonDeceptorImageFiles":["181031/DriverTalent-181031/7.0.1.8/Images/ACR-099/ACR-099_software.JPG"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_7.0.1.8_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"7.0.1.8","sigName":"Deceptor:Win32/DriverTalent!016059055","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":161},{"violations":{"ACR-109":"Offers are s automatically downloaded and installed with a single click, without obtaining the user’s consent.\n","ACR-004":"The app uses alarming colors and exclamation symbols to raise urgency and priority to the consumer and does not provide fix to free scanned cleanable items.  It differentiates issues using traffic light colors. Additionally, it displays message “Driver issue detected - urgent fix needed!” in red text, which cause misleading sense of urgency.\n","ACR-060":"The app must disclose the provider of any unrelated offers if they come from a third party.\n","ACR-084":"The application process running in background silently without notifying user about its running when application is closed and minimized to systray.  \n","ACR-118":"After uninstall, it retains some executables and its other components.\n","ACR-014":"The app claims that Driver Updates and Driver Restore are included in the Free Trial, but these features don’t appear to work or provide any fixes.\n","ACR-059":"The offered app is not clearly labeled as optional and is not recognizable as an offer.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent_2222_10_0_31_86.exe","isInstaller":"True","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"10.0.31.86","fileVersion":"10.0.31.86","hashMD5":"731c772d5e1f63eb439d6b1857e7595e","hashSHA1":"7d947db65e5c2934946199bb7573062d68af3690","hashSHA256":"241bc4103ef305c1e163e9c20e5a50197bb59a09538a06814ba5a526fa0e4907","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"145","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","KasperskyPremium (20260205)","Malwarebytes Premium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)","Windows Defender (20260205)"],"avAllowList":["COMODO Antivirus (20260205)","FortectPremium (20260205)","Trend Micro Internet Security (20260205)"]},{"isRevoked":"False","fileName":"DriverTalentXWebSetup_b2222b%20(1).exe","isInstaller":"True","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"1.0.0.16","fileVersion":"1.0.0.16","hashMD5":"da37771b8ad070a5afb2cee5a8a499d1","hashSHA1":"d7e75a7cdeb2e2e6926550f3cdea87dfa9d7f70f","hashSHA256":"95de54ce74d8ad7343c2c2838e143c82b251783067832110193854ca4b9f9293","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"145","avBlockList":["360 Total Security (20260129)","Avast Premium Security (20260129)","AVG Internet Security (20260129)","Avira Internet Security (20260129)","Bitdefender Internet Security (20260129)","Dr.Web Security Space (20260129)","ESET Internet Security (20260129)","FortectPremium (20260129)","G DATA INTERNET SECURITY (20260129)","K7 Total Security (20260129)","KasperskyPremium (20260129)","Malwarebytes Premium (20260129)","McAfee Total Protection (20260129)","Norton Security (20260129)","Panda Dome (20260129)","Quick Heal Internet Security (20260129)","Sophos Home Premium (20260129)","SpyHunter5 (20260129)","Total AV Antivirus Pro (20260129)","VIPRE Advanced Security (20260129)","VirIT eXplorer PRO (20260129)","Webroot SecureAnywhere (20260129)","Windows Defender (20260129)"],"avAllowList":["COMODO Antivirus (20260129)","Trend Micro Internet Security (20260129)"]},{"isRevoked":"False","fileName":"DriverTalentX.exe","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"10.0.31.86","fileVersion":"10.0.31.86","hashMD5":"0d7e2eacff9e93ef81a5894d9362dc3a","hashSHA1":"1e8d4726775b7d602719ef48f096d5b44092871a","hashSHA256":"dbd97065c5f20507b792cb4fd89f2a80c7f9cd7fea7c12407d4fd0c2dfeb0a54","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"145","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.drivertalent.com/","directDownloadingLink":"https://file1.drivertalent.com/soft_intl/DriverTalent/Web/DriverTalentXWebSetup_b2222b.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file1.drivertalent.com/soft_intl/DriverTalent/Web/DriverTalentXWebSetup_b2222b.exe","sourceIndex":"145"}],"sampleFiles":["251113/DriverTalent-181031/10.0.31.86/Samples/DriverTalent_2222_10_0_31_86.exe","251113/DriverTalent-181031/10.0.31.86/Samples/DriverTalentXWebSetup_b2222b%20(1).exe","251113/DriverTalent-181031/10.0.31.86/Samples/DriverTalentX.exe"],"imageFiles":["251113/DriverTalent-181031/10.0.31.86/Images/ACR-109/ACR-109_Install_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-014/ACR-014_Software_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-014/ACR-014_Software_2.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-014/ACR-014_Software_3.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-004/ACR-004_Software_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-004/ACR-004_Software_2.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-004/ACR-004_Software_3.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-004/ACR-004_Software_4.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-084/ACR-084_Software_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-118/ACR-118_Uninstall_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-118/ACR-118_Uninstall_2.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-118/ACR-118_Uninstall_3.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-059/ACR-059_Inline offers_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-165/ACR-165_Internal offers_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-060/ACR-060_Inline offers_1.png","251113/DriverTalent-181031/10.0.31.86/Images/ACR-060/ACR-060_Inline offers_2.png"],"nonDeceptorImageFiles":["251113/DriverTalent-181031/10.0.31.86/Images/ACR-045/ACR-045_Landing page_1.png"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_10.0.31.86_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"10.0.31.86","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T17:29:51.6097237+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":157},{"violations":{"ACR-004":"The app uses alarming colors with exclamation symbol to raise urgency and priority to the consumer. It does not provide fix to free scanned cleanable items. \n","ACR-084":"The application process running in background silently without notifying user about its running when application is closed and minimized to systray.  \n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent_2222_10_0_23_74.exe","isInstaller":"True","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"10.0.23.74","fileVersion":"10.0.23.74","hashMD5":"86984bb56b34d2fa777840cd252260e0","hashSHA1":"29bb32f7cca69d497e83105e0d955f88416a19e1","hashSHA256":"4b951ced7193d4051015374aa868345c9c9fa1750e0b3039e1fc564f7097c746","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"176","avBlockList":["360 Total Security (20251111)","Avast Premium Security (20251111)","AVG Internet Security (20251111)","Avira Internet Security (20251111)","Bitdefender Internet Security (20251111)","Dr.Web Security Space (20251111)","ESET Internet Security (20251111)","FortectPremium (20251111)","G DATA INTERNET SECURITY (20251111)","K7 Total Security (20251111)","Malwarebytes Premium (20251111)","McAfee Total Protection (20251111)","Norton Security (20251111)","Panda Dome (20251111)","Quick Heal Internet Security (20251111)","Sophos Home Premium (20251111)","SpyHunter5 (20251111)","Total AV Antivirus Pro (20251111)","VIPRE Advanced Security (20251111)","VirIT eXplorer PRO (20251111)","Webroot SecureAnywhere (20251111)","Windows Defender (20251111)"],"avAllowList":["COMODO Antivirus (20251111)","KasperskyPremium (20251111)","Trend Micro Internet Security (20251111)"]},{"isRevoked":"False","fileName":"DriverTalentXWebSetup_b2222b.exe","isInstaller":"True","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"d0de2ab20d4249e7d260efbf1add0468","hashSHA1":"585dec424eb95f21aa35605adca9d38bc59db847","hashSHA256":"9776e72dcaa57a182495fda0a82547bec869fb63363ea20681fe6c991ac0a1e6","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"176","avBlockList":["360 Total Security (20251106)","Bitdefender Internet Security (20251106)","COMODO Antivirus (20251106)","Dr.Web Security Space (20251106)","ESET Internet Security (20251106)","FortectPremium (20251106)","G DATA INTERNET SECURITY (20251106)","K7 Total Security (20251106)","Malwarebytes Premium (20251106)","McAfee Total Protection (20251106)","Panda Dome (20251106)","Quick Heal Internet Security (20251106)","Sophos Home Premium (20251106)","SpyHunter5 (20251106)","Total AV Antivirus Pro (20251106)","Trend Micro Internet Security (20251106)","VIPRE Advanced Security (20251106)","VirIT eXplorer PRO (20251106)","Webroot SecureAnywhere (20251106)","Windows Defender (20251106)"],"avAllowList":["Avast Premium Security (20251106)","AVG Internet Security (20251106)","Avira Internet Security (20251106)","KasperskyPremium (20251106)","Norton Security (20251106)"]},{"isRevoked":"False","fileName":"DriverTalentX.exe","companyName":"OSToto Co. , Ltd.","productName":"DriverTalentX","productVersion":"10.0.23.74","fileVersion":"10.0.23.74","hashMD5":"be7e78968863b6a2069444de77d0b6eb","hashSHA1":"79c1368d38ff3fe980b9b0a6034189482ed5a446","hashSHA256":"b40fa196570c251cc1c1e15d9051506f4cde7fdc6302cb5ece9866f74ced4bd7","digitalCertThumbprint":"C6B656C5145D01775F829520873B806370B9F9E2","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"OSTOTO CO., LIMITED\", O=\"OSTOTO CO., LIMITED\", L=Sham Shui Po, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=65731523, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"176","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.drivethelife.com/driver-installation-software/","directDownloadingLink":"https://www.drivethelife.com/download/driver-talent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drivethelife.com/download/driver-talent.exe","sourceIndex":"176"}],"sampleFiles":["250814/DriverTalent-181031/10.0.23.74/Samples/DriverTalent_2222_10_0_23_74.exe","250814/DriverTalent-181031/10.0.23.74/Samples/DriverTalentXWebSetup_b2222b.exe"],"imageFiles":["250814/DriverTalent-181031/10.0.23.74/Images/ACR-004/ACR-004_Software_1.png","250814/DriverTalent-181031/10.0.23.74/Images/ACR-004/ACR-004_Software_2.png","250814/DriverTalent-181031/10.0.23.74/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":["250814/DriverTalent-181031/10.0.23.74/Images/ACR-045/ACR-045_Landing page_1.png"],"guid":"64868de9-f11c-4ab1-ba42-1971a3b0ab74_10.0.23.74_1","appID":"DriverTalent-181031","dateAdded":"251113","deceptorType":"App","name":"Driver Talent","company":"OSToto Co., Ltd.","version":"10.0.23.74","firstResolvedVersion":"","lastKnownStatus":"7.0.1.8;8.0.10.58;8.1.9.20;10.0.23.74;10.0.31.86","lastKnownDate":"251113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2025-11-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":158},{"violations":{"ACR-042":"Application installs Mystnodes components and runs silently in background without obtaining the user's permission through explicit user action.\n","ACR-048":"Application hides the Mystnodes process running in background after user quit the application, doesn't provide any control option for user to close Mystnodes process or cancel Mystnodes activity..\n","ACR-007":"The app does not obtain user explicit consent about joining Mystnodes P2P network and reducing the consumer system's security posture caused by sharing the user's internet resource.\n","ACR-084":"Application hides the Mystnodes process running in background without notifying user even after user quit the application. Mystnodes stays active with no visual indicator.\n","ACR-118":"Application leaves updating components after uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Portals-Setup-3.1.12.exe","isInstaller":"True","companyName":"PortalsVPN","productName":"Portals","productVersion":"3.1.12","fileVersion":"3.1.12","hashMD5":"41c69d53a6cbe28a6a7284b5f9880d6d","hashSHA1":"f0330e411adcec07a429afc626265c8ff848a7e0","hashSHA256":"bbb845f3fbf65aefb8476b04836f4f0eda38f9e4b5991483b05261b1f0e88b9b","digitalCertThumbprint":"4E9782E706576D3D9DA3930D2C744052F113DAD5","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Application One Inc., O=Application One Inc., S=Delaware, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6021569","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"147","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","COMODO Antivirus (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","KasperskyPremium (20260205)","Malwarebytes Premium (20260205)","McAfee Total Protection (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)"],"avAllowList":["Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","Trend Micro Internet Security (20260205)","Windows Defender (20260205)"]},{"isRevoked":"False","fileName":"myst.exe","hashMD5":"2ed01421c01b9f37398fe7dfd36a3c35","hashSHA1":"6a74ef8833b8b60fdc1997a8ac43685b003b6398","hashSHA256":"be8d81accba1e679bc1fd135ed1a3c35d8fd252f6ca94b9ff6e9deb9763b1bbf","sourceIndex":"147","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myst_supervisor.exe","hashMD5":"f0d9f5ebcb4b4250fcd9753742f32fed","hashSHA1":"45d6f4795caab8e0579d6c7f6718a604d201314b","hashSHA256":"280256b16f515a3da7163db3654b09c1268e0280cede6db2e27b588e39c74e6e","sourceIndex":"147","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Portals.exe","companyName":"PortalsVPN","productName":"Portals","productVersion":"3.1.12.0","fileVersion":"3.1.12","hashMD5":"8c624271296deca18f871fd942edcdb2","hashSHA1":"7779f3c9e1745536f660236b5892eb8e4a8decb4","hashSHA256":"b10c7eab5ed37f8d66e2425b04052f47ab06814193a9661f498c41cac0c83701","sourceIndex":"147","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"P2P","reference":"","landingPage":"https://www.portalsvpn.com/","directDownloadingLink":"https://www.portalsvpn.com/?wpdmdl=6771","ipv4":"","ipv6":"","sourceIndex":"147"}],"sampleFiles":["251112/PortalsVPN-251111/3.1.12/Samples/Portals-Setup-3.1.12.exe"],"imageFiles":["251112/PortalsVPN-251111/3.1.12/Images/ACR-042/ACR-042_Install_1.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-042/ACR-042_Install_2.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-007/ACR-007_Install_1.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-007/ACR-007_Install_2.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-084/ACR-084_Software_1.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-048/ACR-048_Software_1.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-048/ACR-048_Software_2.png","251112/PortalsVPN-251111/3.1.12/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"b6feae4d-5a33-4258-b7d2-ca2d59471141_3.1.12_1","appID":"PortalsVPN-251111","dateAdded":"251112","deceptorType":"App","name":"PortalsVPN","company":"Application One Inc","version":"3.1.12","lastKnownStatus":"3.1.12","lastKnownDate":"251112","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-11-12T23:08:12.4808491+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":162},{"violations":{"ACR-004":"The app offers no free fix/recovery instead requires a paid subscription to address the issues.\n","ACR-118":"After uninstall, it retains some executables and its other components. \n","ACR-014":"The uninstall button is greyed out, making it appear disabled.\n"},"nonDeceptorViolations":{"ACR-065":"The User License Agreement link leads to the Privacy Policy rather than the EULA.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n","ACR-002":"The app's name is not consistent across all user interactions.\nThe app's name is not consistent across all user interactions.\nThe company name on the offer page is inconsistent with the name shown in the software.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real. \n","ACR-035":"No EULA is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"DataSaviourSetup_1111_2_0_1_24.exe","isInstaller":"True","companyName":"TECHVISTA Co., Ltd.","productName":"PcGoGo Data Recovery","productVersion":"2.0.1.24","fileVersion":"2.0.1.24","hashMD5":"1d7f2354c4668d59fb08eda06b3325d4","hashSHA1":"290dfe5174b58bdca656496bb7ddfd5d4ebeca55","hashSHA256":"dbf56149417a70a37b1dacdc483d1cc1d56edaf0d463327254b67867d9303d64","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"146","avBlockList":["360 Total Security (20260205)","Avast Premium Security (20260205)","AVG Internet Security (20260205)","Avira Internet Security (20260205)","Bitdefender Internet Security (20260205)","FortectPremium (20260205)","G DATA INTERNET SECURITY (20260205)","K7 Total Security (20260205)","Malwarebytes Premium (20260205)","Norton Security (20260205)","Panda Dome (20260205)","Quick Heal Internet Security (20260205)","Sophos Home Premium (20260205)","SpyHunter5 (20260205)","Total AV Antivirus Pro (20260205)","VIPRE Advanced Security (20260205)","VirIT eXplorer PRO (20260205)","Webroot SecureAnywhere (20260205)"],"avAllowList":["COMODO Antivirus (20260205)","Dr.Web Security Space (20260205)","ESET Internet Security (20260205)","KasperskyPremium (20260205)","McAfee Total Protection (20260205)","Trend Micro Internet Security (20260205)","Windows Defender (20260205)"]},{"isRevoked":"False","fileName":"DataSaviourUI.exe","companyName":"TECHVISTA Co., Ltd.","productName":"DataSaviourUI.exe","productVersion":"2.0.1.24","fileVersion":"2.0.1.24","hashMD5":"c3d5739cf85a5a0f5148469ec2bb430d","hashSHA1":"9d9bc45cf6562f2fb35f8542421bd77e0bd7718f","hashSHA256":"676ec1122fc172f98f563eefa914fad2a5089d433d529196d595193d8b77cd89","digitalCertThumbprint":"77DE2D3F676105EEC6D3E857B0DC528E8B64F852","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=76926044, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"146","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.pcgogo.com/datarecovery","directDownloadingLink":"https://file1.pcgogo.com/soft_intl/DataSaviourSetup/2_0_1_24/DataSaviourSetup_1111_2_0_1_24.exe?_gl=1*kdv0s*_gcl_au*NjcxNDI0NjE1LjE3NjI4NzUwMDI.","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file1.pcgogo.com/soft_intl/DataSaviourSetup/2_0_1_24/DataSaviourSetup_1111_2_0_1_24.exe?_gl=1*kdv0s*_gcl_au*NjcxNDI0NjE1LjE3NjI4NzUwMDI.","sourceIndex":"146"}],"sampleFiles":["251112/PcGoGoDataRecovery-251112/2.0.1.24/Samples/DataSaviourSetup_1111_2_0_1_24.exe","251112/PcGoGoDataRecovery-251112/2.0.1.24/Samples/DataSaviourUI.exe"],"imageFiles":["251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-004/ACR-004_Software_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-004/ACR-004_Software_2.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-118/ACR-118_Uninstall_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-118/ACR-118_Uninstall_2.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-014/ACR-014_Uninstall_1.png"],"nonDeceptorImageFiles":["251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-065/ACR-065_Install_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Install_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Install_2.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Install_3.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-065/ACR-065_Software_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Software_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Software_2.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Software_3.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-161/ACR-161_Landing page_1.png","251112/PcGoGoDataRecovery-251112/2.0.1.24/Images/ACR-002/ACR-002_Internal offers_1.png"],"guid":"846c3610-a5e9-41e0-8f76-767dd0036c90_2.0.1.24_1","appID":"PcGoGoDataRecovery-251112","dateAdded":"251112","deceptorType":"App","name":"PcGoGo Data Recovery","company":"TECHVISTA Co., Ltd.","version":"2.0.1.24","lastKnownStatus":"2.0.1.24","lastKnownDate":"251112","type":"Windows Executable","lastUpdate":"2025-11-12T23:14:09.2796997+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":163},{"violations":{"ACR-109":"An offer is automatically downloaded and installed with a single click, without obtaining the user’s consent.\n","ACR-004":"The app uses alarming colors and exclamation symbols to raise urgency and priority to the consumer. It differentiates issues using traffic light colors. Additionally, it displays messages such as “Computer Environment Abnormality...” and “...Detected Driver Issues in Need of Urgent Repair!” in red text, which cause misleading sense of urgency.\n","ACR-060":"The app must disclose the provider of any unrelated offers if they come from a third party.\n","ACR-084":"The application process running in background silently without notifying user about its running when application is closed and minimized to systray.\n","ACR-118":"After uninstall, it retains some executables and its other components.\n","ACR-059":"The offered app is not clearly labeled as optional and is not recognizable as an offer.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{"ACR-002":"The company name on the offer page is inconsistent with the name shown in the EULA and throughout the app.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-064":"Upon clicking the icon, the app's download and installation starts automatically. The download and installation shouldn't happen unless it is labeled as the \"Download\" or \"Install\" button.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos and endorsements in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"DriverSentry.exe","companyName":"TECHVISTA Co., Ltd.","productName":"Driver Sentry","productVersion":"10.0.12.30","fileVersion":"10.0.12.30","hashMD5":"b001ed895a2b5cbffb6b667f5053a8e0","hashSHA1":"011369c6e5e81c8401100d8c1492e48a5abe4991","hashSHA256":"46dfdceff831ce7ca9bfecc2aad54db4b2df9ac134c3410f23250a36ba2be343","digitalCertThumbprint":"8F2E00256A92F4BFB758FFF8BEF2F9E21F079676","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"148","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverSentry_1111_10_0_12_30.exe","isInstaller":"True","companyName":"TECHVISTA Co., Ltd.","productName":"Driver Sentry","productVersion":"10.0.12.30","fileVersion":"10.0.12.30","hashMD5":"8d88e1b6635eff974fef9429c5af101e","hashSHA1":"35bafba138d8d0903bd3bcf1bbfd774e8ff48c69","hashSHA256":"1e190b03694c55de52fe0b09465c1ad606d00e6a5a7d0d235cf8928ad8f41e9e","digitalCertThumbprint":"8F2E00256A92F4BFB758FFF8BEF2F9E21F079676","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=TechVista Company Limited, O=TechVista Company Limited, L=Yau Tsim Mong, S=Kowloon, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"148","avBlockList":["360 Total Security (20260127)","Avast Premium Security (20260127)","AVG Internet Security (20260127)","Avira Internet Security (20260127)","Bitdefender Internet Security (20260127)","ESET Internet Security (20260127)","FortectPremium (20260127)","G DATA INTERNET SECURITY (20260127)","K7 Total Security (20260127)","KasperskyPremium (20260127)","Malwarebytes Premium (20260127)","Norton Security (20260127)","Panda Dome (20260127)","Quick Heal Internet Security (20260127)","Sophos Home Premium (20260127)","SpyHunter5 (20260127)","Total AV Antivirus Pro (20260127)","VIPRE Advanced Security (20260127)","VirIT eXplorer PRO (20260127)","Webroot SecureAnywhere (20260127)"],"avAllowList":["COMODO Antivirus (20260127)","Dr.Web Security Space (20260127)","McAfee Total Protection (20260127)","Trend Micro Internet Security (20260127)","Windows Defender (20260127)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.pcgogo.com/download.html","directDownloadingLink":"https://file.updrv.com/soft_intl/DriverSentry/10_0_12_30/DriverSentry_1111_10_0_12_30.exe?t=1762814165&sign=1f2b4b77e6d966e93b3f8a78e453dd4d","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.updrv.com/soft_intl/DriverSentry/10_0_12_30/DriverSentry_1111_10_0_12_30.exe?t=1762814165&sign=1f2b4b77e6d966e93b3f8a78e453dd4d","sourceIndex":"148"}],"sampleFiles":["251112/DriverSentry-251110/10.0.12.30/Samples/DriverSentry.exe","251112/DriverSentry-251110/10.0.12.30/Samples/DriverSentry_1111_10_0_12_30.exe"],"imageFiles":["251112/DriverSentry-251110/10.0.12.30/Images/ACR-109/ACR-109_Install_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_2.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_3.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_4.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-004/ACR-004_Software_5.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-084/ACR-084_Software_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-118/ACR-118_Uninstall_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-118/ACR-118_Uninstall_2.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-059/ACR-059_Inline offers_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-060/ACR-060_Inline offers_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-165/ACR-165_Internal offers_1.jpeg"],"nonDeceptorImageFiles":["251112/DriverSentry-251110/10.0.12.30/Images/ACR-017/ACR-017_Landing page_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-161/ACR-161_Landing page_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-064/ACR-064_Inline offers_1.png","251112/DriverSentry-251110/10.0.12.30/Images/ACR-002/ACR-002_Internal offers_1.png"],"guid":"cfde2b0f-f73a-4b9d-bd77-bd9521327789_10.0.12.30_1","appID":"DriverSentry-251110","dateAdded":"251112","deceptorType":"App","name":"Driver Sentry","company":"TECHVISTA Co., Ltd.","version":"10.0.12.30","lastKnownDate":"251112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers","lastUpdate":"2025-11-12T19:07:51.0391623+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":164},{"violations":{"ACR-048":"The App remaps the \"application close\" functionality to \"minimize\" and stay in the system dock.\n","ACR-004":"App doesn't provide free fix or free trial fix for the issues identified during free scan.\n","ACR-084":"App does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n","ACR-092":"The application installer file does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","companyName":"DoYourData","productName":"MacClean360","productVersion":"4.3","fileVersion":"4.3","hashMD5":"c8987bce923f896475d9c0083015ac95","hashSHA1":"b915dd74fd521478e2f5acb7a90d59389b2dd7f7","hashSHA256":"979e6570b3878c381fef455ced7b4f76245e23e67ee4d85882d327a3500a562a","sourceIndex":"2643","avBlockList":["Avast Security for Mac (20220712)","Avira Security for Mac (20220712)","Bitdefender Antivirus for Mac (20220712)","ESET Cyber Security Pro for Mac (20220712)","K7 Antivirus for Mac (20220712)","Kaspersky Internet Security for Mac (20220712)","McAfee Internet Security for Mac (20220712)","Norton Security for Mac (20220712)","Sophos Home Premium For Mac (20220712)","Trend Micro Antivirus for Mac (20220712)"],"avAllowList":["G DATA AntiVirus for Mac (20220712)"]},{"isRevoked":"False","fileName":"/Applications/MacClean360.app/Contents/MacOS/MacClean360","companyName":"DoYourData","productName":"MacClean360","productVersion":"4.3","fileVersion":"4.3","hashMD5":"fc05a3de0c95c9ca74e7a53a4700a4ed","hashSHA1":"2e006375782f2f70bb832d72706bf8fa52e5b1bc","hashSHA256":"de6397175084d939cd94dbb64fc7517209be88e8fb3bc2840006a302706c9169","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"FENG TAO (92Z5UVVL5Y)","sourceIndex":"2643","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2643"}],"sampleFiles":["191101/MacClean360-191029/4.3/Samples/MacClean360Trial.dmg","191101/MacClean360-191029/4.3/Samples/MacClean360"],"imageFiles":["191101/MacClean360-191029/4.3/Images/ACR-004/junk_cleaner.png","191101/MacClean360-191029/4.3/Images/ACR-004/004.png","191101/MacClean360-191029/4.3/Images/ACR-004/buy.png","191101/MacClean360-191029/4.3/Images/ACR-004/buy2.png","191101/MacClean360-191029/4.3/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["191101/MacClean360-191029/4.3/Images/ACR-065/install.png","191101/MacClean360-191029/4.3/Images/ACR-065/about.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.3_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.3","sigName":"Deceptor:MacOS/MacClean360!004048084","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":180},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Terms of Service, Returns and Cancellations Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"75ea90369cc63c19bed97a84239d62e8","hashSHA1":"3aa1f6ab0511745acfc40a8c983de2c85e170ca3","hashSHA256":"ae531e3c9a4993e993bdb752a5b6257f418abbf07d93974b04d81b3bc6373afa","sourceIndex":"2540","avBlockList":["Avast Security for Mac (20211214)","Avira Security for Mac (20211214)","Bitdefender Antivirus for Mac (20211214)","ESET Cyber Security Pro for Mac (20211214)","G DATA AntiVirus for Mac (20211214)","K7 Antivirus for Mac (20211214)","Kaspersky Internet Security for Mac (20211214)","McAfee Internet Security for Mac (20211214)","Norton Security for Mac (20211214)","Sophos Home Premium For Mac (20211214)","Trend Micro Antivirus for Mac (20211214)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"676997536d2f6599fafe064323a2aecf","hashSHA1":"0f165b69099ff0f0639d305e5a94cbf0fc55987b","hashSHA256":"b1f48267b0ccc8e97914116275c703f4b91ff8bd0184c4a0a6ce36bb851cbe5c","sourceIndex":"2540","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2540"}],"sampleFiles":["200212/MacClean360-191029/4.5/Samples/MacClean360Trial.dmg","200212/MacClean360-191029/4.5/Samples/MacClean360"],"imageFiles":["200212/MacClean360-191029/4.5/Images/ACR-004/MacClean360 ACR-004.gif","200212/MacClean360-191029/4.5/Images/ACR-084/MacClean360 ACR-084.png"],"nonDeceptorImageFiles":["200212/MacClean360-191029/4.5/Images/ACR-099/About Page.png","200212/MacClean360-191029/4.5/Images/ACR-099/Screen Shot 2020-02-03 at 5.22.41 PM.png","200212/MacClean360-191029/4.5/Images/ACR-065/ACR-065 Install.png","200212/MacClean360-191029/4.5/Images/ACR-065/About Page.png","200212/MacClean360-191029/4.5/Images/ACR-065/Screen Shot 2020-02-03 at 5.22.41 PM.png","200212/MacClean360-191029/4.5/Images/ACR-099/Internal Offers.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.5_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.5","sigName":"Deceptor:MacOS/MacClean360!004084","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":179},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial before requiring consumer to pay.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Terms of Service, Returns and Cancellations Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"a2d0a90d334b3ad3c97ee002b15c161e","hashSHA1":"6f26adf9a6e416cdec25a0e4e1db324d9138b756","hashSHA256":"7f3bb61d04a412fb10820b73895ad8de2e63de1094145ec9985905940d2b45b8","sourceIndex":"2138","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"b2615aa3b7f6d91914b4d3ee53b757aa","hashSHA1":"d764b72d30a9183d21d603b90283157a8d8c9a56","hashSHA256":"624a3b89f999ee0eeefd4574ccc86a438184f605c09358573d1fcd8f6d33f726","sourceIndex":"2138","avBlockList":["Avast Security for Mac (20220913)","Avira Security for Mac (20220913)","Bitdefender Antivirus for Mac (20220913)","ESET Cyber Security Pro for Mac (20220913)","G DATA AntiVirus for Mac (20220913)","McAfee Internet Security for Mac (20220913)","Norton Security for Mac (20220913)","Sophos Home Premium For Mac (20220913)","Trend Micro Antivirus for Mac (20220913)"],"avAllowList":["K7 Antivirus for Mac (20220913)","Kaspersky Internet Security for Mac (20220913)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2138"}],"sampleFiles":["200805/MacClean360-191029/4.7/Samples/MacClean360","200805/MacClean360-191029/4.7/Samples/MacClean360Trial.dmg"],"imageFiles":["200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [1].png","200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [2].png","200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [3].png","200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [4].png","200805/MacClean360-191029/4.7/Images/ACR-004/MacClean360_Interaction [5] Activation.png","200805/MacClean360-191029/4.7/Images/ACR-084/MacClean360_About [1].png","200805/MacClean360-191029/4.7/Images/ACR-084/MacClean360_Interaction [1].png","200805/MacClean360-191029/4.7/Images/ACR-084/MacClean360_LogIn[1].png","200805/MacClean360-191029/4.7/Images/ACR-084/MacClean360_KnockKnockLog [2].png"],"nonDeceptorImageFiles":["200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_About [1].png","200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_LandingPage [1].jpg","200805/MacClean360-191029/4.7/Images/ACR-065/MacClean360_Install [1].png","200805/MacClean360-191029/4.7/Images/ACR-065/MacClean360_About [1].png","200805/MacClean360-191029/4.7/Images/ACR-065/MacClean360_LandingPage [1].jpg","200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_OfferPage [1].png","200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_OfferPage [2].png","200805/MacClean360-191029/4.7/Images/ACR-099/MacClean360_OfferPage [3].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.7_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.7","sigName":"Deceptor:MacOS/MacClean360!004084","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":177},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"aa7b14d010fc60d08bf01d2ec6c0bc2d","hashSHA1":"f67610bf4fa847a0b734850d9cfdc90a1d7471c9","hashSHA256":"38280c1181851f0fd17e0264a322b7a9c0469c6da688218b493b9b056a6a6d41","sourceIndex":"2106","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ff70f1d439fbb5076c749e53e4c4463d","hashSHA1":"718bd6f762f6653b1d6cf8b6370923581090be19","hashSHA256":"0211ee2d1b1138d2111fd7e5ce229e95b10741890deb302a8001c844c5f28fb0","sourceIndex":"2106","avBlockList":["Avast Security for Mac (20240514)","Avira Security for Mac (20240514)","Bitdefender Antivirus for Mac (20240514)","ESET Cyber Security Pro for Mac (20240514)","G DATA AntiVirus for Mac (20240514)","K7 Antivirus for Mac (20240514)","Kaspersky Internet Security for Mac (20240514)","Norton Security for Mac (20240514)","Sophos Home Premium For Mac (20240514)","Trend Micro Antivirus for Mac (20240514)","SpyHunterforMac (20240514)"],"avAllowList":["McAfee Internet Security for Mac (20240514)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2106"}],"sampleFiles":["200924/MacClean360-191029/4.8/Samples/MacClean360","200924/MacClean360-191029/4.8/Samples/MacClean360Trial.dmg"],"imageFiles":["200924/MacClean360-191029/4.8/Images/ACR-004/MacClean360_Interactions [1].png","200924/MacClean360-191029/4.8/Images/ACR-004/MacClean360_Interactions [2].png","200924/MacClean360-191029/4.8/Images/ACR-004/MacClean360_Interactions [3] ScanResults.png","200924/MacClean360-191029/4.8/Images/ACR-004/MacClean360_Interactions [4] Activate.png","200924/MacClean360-191029/4.8/Images/ACR-084/MacClean360_Autologin [1].png"],"nonDeceptorImageFiles":["200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_About [1].png","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_LandingPage [3].jpg","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_LandingPage [4].png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_Install [1].png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_About [1].png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_LandingPage [3].jpg","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_LandingPage [4].png","200924/MacClean360-191029/4.8/Images/ACR-045/MacClean360_LandingPage [1] FreeTrial.png","200924/MacClean360-191029/4.8/Images/ACR-161/MacClean360_LandingPage [2] Testimonial.png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_OfferPage [1].png","200924/MacClean360-191029/4.8/Images/ACR-065/MacClean360_OfferPage [2].png","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_OfferPage [1].png","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_OfferPage [2].png","200924/MacClean360-191029/4.8/Images/ACR-099/MacClean360_OfferPage [3].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.8_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.8","sigName":"Deceptor:MacOS/MacClean360!004084","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":176},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"b94cff913bc396b3b9acad3e6438b029","hashSHA1":"b1143fa441ff51aedb0f046c352f82c07ff344f1","hashSHA256":"9084108edb28e282bd9145518f6184364059a20b552ed9e2b7cd58fbe439d4ae","sourceIndex":"2020","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"049b7969066e18234886586f5a39715c","hashSHA1":"243abc18963615dfacf4e02e7db274e0ce6f692a","hashSHA256":"fe97fb060768c0806a70b0138371ebe3327fa8936ed347fab7c21c7d468d1be9","sourceIndex":"2020","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","K7 Antivirus for Mac (20210511)","McAfee Internet Security for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["Kaspersky Internet Security for Mac (20210511)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2020"}],"sampleFiles":["201224/MacClean360-191029/4.9/Samples/MacClean360","201224/MacClean360-191029/4.9/Samples/MacClean360Trial.dmg"],"imageFiles":["201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [2].png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [1].png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [2].png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [3].png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [4] ScanResults.png","201224/MacClean360-191029/4.9/Images/ACR-004/MacClean360_Interactions [5] Activate.png","201224/MacClean360-191029/4.9/Images/ACR-084/MacClean360_AutoLaunch [1].png"],"nonDeceptorImageFiles":["201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_About [1].png","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_LandingPage [3].jpg","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_LandingPage [4].png","201224/MacClean360-191029/4.9/Images/ACR-065/MacClean360_Install [1].png","201224/MacClean360-191029/4.9/Images/ACR-065/MacClean360_About [1].png","201224/MacClean360-191029/4.9/Images/ACR-065/MacClean360_LandingPage [3].jpg","201224/MacClean360-191029/4.9/Images/ACR-045/MacClean360_LandingPage [1] FreeTrial.png","201224/MacClean360-191029/4.9/Images/ACR-161/MacClean360_LandingPage [2] Testimonials.png","201224/MacClean360-191029/4.9/Images/ACR-065/MacClean360_OfferPage [1].png","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_OfferPage [1].png","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_OfferPage [2].png","201224/MacClean360-191029/4.9/Images/ACR-099/MacClean360_OfferPage [3].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.9_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.9","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":175},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"ea02af39e969157f9e4061bd45ace773","hashSHA1":"318cf1631afd5bc7dbfc6f7a015703484e5d07f4","hashSHA256":"de607098925b9d326e47118a0bbcae7d4726c790bf41807e45f381b33132d1a2","sourceIndex":"1925","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"812aee396ccc9bcd23f88f0639875899","hashSHA1":"2abcaf0cc19211fc36c2afd5bfb942fb98800ab4","hashSHA256":"c00bea0ad5cd10297f37796061305ba4385bd14dcbcfbfbd3fff51c765803c31","sourceIndex":"1925","avBlockList":["Avast Security for Mac (20210713)","Avira Security for Mac (20210713)","ESET Cyber Security Pro for Mac (20210713)","K7 Antivirus for Mac (20210713)","Norton Security for Mac (20210713)","Sophos Home Premium For Mac (20210713)","Trend Micro Antivirus for Mac (20210713)"],"avAllowList":["Bitdefender Antivirus for Mac (20210713)","G DATA AntiVirus for Mac (20210713)","Kaspersky Internet Security for Mac (20210713)","McAfee Internet Security for Mac (20210713)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1925"}],"sampleFiles":["210516/MacClean360-191029/5.0/Samples/MacClean360","210516/MacClean360-191029/5.0/Samples/MacClean360Trial.dmg"],"imageFiles":["210516/MacClean360-191029/5.0/Images/ACR-004/MacClean360_Interactions [1].png","210516/MacClean360-191029/5.0/Images/ACR-004/MacClean360_Interactions [2].png","210516/MacClean360-191029/5.0/Images/ACR-004/MacClean360_Interactions [3].png","210516/MacClean360-191029/5.0/Images/ACR-004/MacClean360_Interactions [4].png","210516/MacClean360-191029/5.0/Images/ACR-084/MacClean360_Login [3].png"],"nonDeceptorImageFiles":["210516/MacClean360-191029/5.0/Images/ACR-099/MacClean360_About [1].png","210516/MacClean360-191029/5.0/Images/ACR-099/MacClean360_LandingPage [1].png","210516/MacClean360-191029/5.0/Images/ACR-065/MacClean360_Install [1].png","210516/MacClean360-191029/5.0/Images/ACR-065/MacClean360_About [1].png","210516/MacClean360-191029/5.0/Images/ACR-065/MacClean360_LandingPage [1].png","210516/MacClean360-191029/5.0/Images/ACR-045/MacClean360_LandingPage [5].png","210516/MacClean360-191029/5.0/Images/ACR-161/MacClean360_LandingPage [3].png","210516/MacClean360-191029/5.0/Images/ACR-161/MacClean360_LandingPage [4].png","210516/MacClean360-191029/5.0/Images/ACR-065/MacClean360_OfferPage [1].png","210516/MacClean360-191029/5.0/Images/ACR-099/MacClean360_OfferPage [1].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.0_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.0","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":174},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"e7d4ac8134c1ce7034625652765a344e","hashSHA1":"b04069355baf9e37e7a029f92d062acbe02ce904","hashSHA256":"f70c8c92e9b1e7910d3c0ff1c1a02eabae9ae92ce9103c6611b945ebe7d08044","sourceIndex":"1778","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"fe09c98ecf6be2c41d2cdeec6ac505fd","hashSHA1":"1b5a0de6ed1bb9e45a61c5390d0e33f149b5a546","hashSHA256":"a4327830e90a7713e8e91a8577edbb0c9dfc9f10cfd3748aefb9c5f27098ba47","sourceIndex":"1778","avBlockList":["Avast Security for Mac (20240214)","Avira Security for Mac (20240214)","ESET Cyber Security Pro for Mac (20240214)","K7 Antivirus for Mac (20240214)","Kaspersky Internet Security for Mac (20240214)","McAfee Internet Security for Mac (20240214)","Norton Security for Mac (20240214)","Sophos Home Premium For Mac (20240214)","Trend Micro Antivirus for Mac (20240214)","SpyHunterforMac (20240214)"],"avAllowList":["Bitdefender Antivirus for Mac (20240214)","G DATA AntiVirus for Mac (20240214)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1778"}],"sampleFiles":["211130/MacClean360-191029/5.1/Samples/MacClean360","211130/MacClean360-191029/5.1/Samples/MacClean360Trial.dmg"],"imageFiles":["211130/MacClean360-191029/5.1/Images/ACR-004/MacClean360_Interactions [1].png","211130/MacClean360-191029/5.1/Images/ACR-004/MacClean360_Interactions [2].png","211130/MacClean360-191029/5.1/Images/ACR-004/MacClean360_Interactions [3].png","211130/MacClean360-191029/5.1/Images/ACR-084/MacClean360_AutoLaunch [1].png"],"nonDeceptorImageFiles":["211130/MacClean360-191029/5.1/Images/ACR-099/MacClean360_About.png","211130/MacClean360-191029/5.1/Images/ACR-099/MacClean360_LandingPage [1].png","211130/MacClean360-191029/5.1/Images/ACR-065/MacClean360_Install [1].png","211130/MacClean360-191029/5.1/Images/ACR-065/MacClean360_About.png","211130/MacClean360-191029/5.1/Images/ACR-065/MacClean360_LandingPage [1].png","211130/MacClean360-191029/5.1/Images/ACR-045/MacClean360_LandingPage [2].png","211130/MacClean360-191029/5.1/Images/ACR-045/MacClean360_LandingPage [3].png","211130/MacClean360-191029/5.1/Images/ACR-161/MacClean360_LandingPage [4].png","211130/MacClean360-191029/5.1/Images/ACR-065/MacClean360_OfferPage [1].png","211130/MacClean360-191029/5.1/Images/ACR-099/MacClean360_OfferPage [1].png","211130/MacClean360-191029/5.1/Images/ACR-099/MacClean360_OfferPage [1].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.1_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.1","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":173},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n","ACR-165":"App doesn't provide following information in shopping cart: 1. Cancellation of Auto-renewal via online. 2. Notifying the user about auto renewal payment.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA or  Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's About page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"051b48699e779e16f90b668679a3ebb2","hashSHA1":"03fc2549f8d2c18fad33579fce718cf4e2745ac0","hashSHA256":"f343d6891a86499c8ba1ef69bdacd37d4265c5bf6760f0e2e23e60b7f955b97b","sourceIndex":"1731","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c33ee93063f9787b30a916876e610851","hashSHA1":"4ab52fbe79331618a5918d295e75ef9871c3c90f","hashSHA256":"5368531e6ad9bada8ccf6d2f9a54c3f1746f522c3e6adcd7ac975d5924040a8a","sourceIndex":"1731","avBlockList":["Avast Security for Mac (20230112)","Avira Security for Mac (20230112)","ESET Cyber Security Pro for Mac (20230112)","K7 Antivirus for Mac (20230112)","Kaspersky Internet Security for Mac (20230112)","Norton Security for Mac (20230112)","Sophos Home Premium For Mac (20230112)","Trend Micro Antivirus for Mac (20230112)"],"avAllowList":["Bitdefender Antivirus for Mac (20230112)","G DATA AntiVirus for Mac (20230112)","McAfee Internet Security for Mac (20230112)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1731"}],"sampleFiles":["220119/MacClean360-191029/5.2/Samples/MacClean360","220119/MacClean360-191029/5.2/Samples/MacClean360Trial.dmg"],"imageFiles":["220119/MacClean360-191029/5.2/Images/ACR-004/MacClean360_Interactions [1].png","220119/MacClean360-191029/5.2/Images/ACR-004/MacClean360_Interactions [2].png","220119/MacClean360-191029/5.2/Images/ACR-004/MacClean360_Interactions [3].png","220119/MacClean360-191029/5.2/Images/ACR-004/MacClean360_Interactions [4].png","220119/MacClean360-191029/5.2/Images/ACR-084/KnockKnock [2].png","220119/MacClean360-191029/5.2/Images/ACR-165/MacClean360_OfferPage [2].png","220119/MacClean360-191029/5.2/Images/ACR-165/MacClean360_OfferPage [3].png"],"nonDeceptorImageFiles":["220119/MacClean360-191029/5.2/Images/ACR-099/MacClean360_About [1].png","220119/MacClean360-191029/5.2/Images/ACR-065/MacClean360_Install [1].png","220119/MacClean360-191029/5.2/Images/ACR-065/MacClean360_About [1].png","220119/MacClean360-191029/5.2/Images/ACR-045/MacClean360_LandingPage [2].png","220119/MacClean360-191029/5.2/Images/ACR-161/MacClean360_LandingPage [3].png","220119/MacClean360-191029/5.2/Images/ACR-161/MacClean360_LandingPage [4].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.2_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.2","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":172},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's Terms of Service, Returns and Cancellations Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2a48fb3f94da62ed53c096fb8deed4b7","hashSHA1":"6b3f26a3a3d61c04d5c66bb01ff41466b12a9d63","hashSHA256":"77ce908a13c8702558eb01b2362bbb1c1e071c1b5cf74a1dc4a19c9977df7bcf","sourceIndex":"2435","avBlockList":["Avast Security for Mac (20220412)","Avira Security for Mac (20220412)","Bitdefender Antivirus for Mac (20220412)","ESET Cyber Security Pro for Mac (20220412)","G DATA AntiVirus for Mac (20220412)","K7 Antivirus for Mac (20220412)","McAfee Internet Security for Mac (20220412)","Norton Security for Mac (20220412)","Sophos Home Premium For Mac (20220412)","Trend Micro Antivirus for Mac (20220412)"],"avAllowList":["Kaspersky Internet Security for Mac (20220412)"]},{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"4d80b7b87b46088e77f8a5f06c963b48","hashSHA1":"a9c7fd9a18592fe12f89bf101bf7eab1a42b300e","hashSHA256":"61b5150f586d0af0e1f269b981bc07bbe9d89d1e1f7d1ef6801e67acdbfcaa8d","sourceIndex":"2435","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search : \"free mac app optimizer\"","reference":"https://www.doyourdata.com","landingPage":"https://www.doyourdata.com","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"2435"}],"sampleFiles":["200519/MacClean360-191029/4.6/Samples/MacClean360Trial.dmg","200519/MacClean360-191029/4.6/Samples/MacClean360"],"imageFiles":["200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Interaction [1].png","200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Interaction [2].png","200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Scanning [1].png","200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Scanning Report [2].png","200519/MacClean360-191029/4.6/Images/ACR-004/MacClean360_Scanning Report - purchase [3].png","200519/MacClean360-191029/4.6/Images/ACR-084/MacClean360_Interaction [1].png","200519/MacClean360-191029/4.6/Images/ACR-084/MacClean360_AutoLaunch.png","200519/MacClean360-191029/4.6/Images/ACR-084/MacClean360_KnockKnock_log.png"],"nonDeceptorImageFiles":["200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_About [1].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_LandingPage [1].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_LandingPage [2].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_Installs [1].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_About [1].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_Interaction [1].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_LandingPage [1].png","200519/MacClean360-191029/4.6/Images/ACR-065/MacClean360_LandingPage [2].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_OfferPage [1].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_OfferPage [2].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_OfferPage [3].png","200519/MacClean360-191029/4.6/Images/ACR-099/MacClean360_OfferPage [4].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_4.6_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"4.6","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":178},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes & substantiate the results identified during the free scan.\n","ACR-165":"App doesn't provide following information in shopping cart: 1. Cancellation of Auto-renewal via online. 2. Notifying the user about auto renewal payment.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"7824720723f63e656caefe3b42d754a5","hashSHA1":"0e8d20232d0a0eda7be5ee3f8b89d9ea9e79d7bd","hashSHA256":"81d3a4a473ce4b4514a80f85449782b470654937be455248e8a0a4f7cf5b5196","digitalCertThumbprint":"DDBE1E1D-6127-21F5-06A8-EA6F055970D8","sourceIndex":"1439","avBlockList":["Avast Security for Mac (20240409)","Avira Security for Mac (20240409)","ESET Cyber Security Pro for Mac (20240409)","K7 Antivirus for Mac (20240409)","Kaspersky Internet Security for Mac (20240409)","McAfee Internet Security for Mac (20240409)","Norton Security for Mac (20240409)","Sophos Home Premium For Mac (20240409)","SpyHunterforMac (20240409)","Trend Micro Antivirus for Mac (20240409)"],"avAllowList":["Bitdefender Antivirus for Mac (20240409)","G DATA AntiVirus for Mac (20240409)"]},{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"d92e9b465d9ceae54fca8a3d1e3e0782","hashSHA1":"a7091f4230f4e66b08f8878106c92360e20fcda9","hashSHA256":"53f79505d69e2003251b3e6da834ccecec306d38611d334689eef4d95fa8e0c8","digitalCertThumbprint":"DDBE1E1D-6127-21F5-06A8-EA6F055970D8","sourceIndex":"1439","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1439"}],"sampleFiles":["220907/MacClean360-191029/5.4/Samples/MacClean360Trial.dmg","220907/MacClean360-191029/5.4/Samples/MacClean360"],"imageFiles":["220907/MacClean360-191029/5.4/Images/ACR-004/ACR-004.png","220907/MacClean360-191029/5.4/Images/ACR-004/ACR-004_1.png","220907/MacClean360-191029/5.4/Images/ACR-004/ACR-004_2.png","220907/MacClean360-191029/5.4/Images/ACR-165/ACR-165.jpeg","220907/MacClean360-191029/5.4/Images/ACR-165/ACR-165_1.png"],"nonDeceptorImageFiles":["220907/MacClean360-191029/5.4/Images/ACR-045/ACR-045.jpeg","220907/MacClean360-191029/5.4/Images/ACR-045/ACR-045__2.PNG","220907/MacClean360-191029/5.4/Images/ACR-161/ACR-161.PNG","220907/MacClean360-191029/5.4/Images/ACR-161/ACR-161_1.jpeg"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.4_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.4","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":170},{"violations":{"ACR-004":"While the app provides free scan results via its \"Junk Cleaner\" Function, it does not provide any free fix for the scan. The app prompts the user to purchase a license in order to perform app cleanup.\n","ACR-084":"After installing application, the app creates an autorun entry on user login. This is enabled by default, and user is not informed about this action. In addition, there is no way to disable this autorun within the app interface.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials included in their landing page does not link back to the original source, and thus cannot be confirmed by the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"dd55b5fdda7d6bdc5573d65bc3109d1f","hashSHA1":"641c7edd56197a9c63bc637fd618916d1f6c4d63","hashSHA256":"9f599c702d1271a5da6a5445e7b7c4f2a1155c4a922cd00e7210e07fffa27efa","sourceIndex":"1267","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e4a2b70ca49de6edce3499721a3a3fd8","hashSHA1":"68410ad529a4f7d1652e8b3561d718ac89cb2e4d","hashSHA256":"2c58de438afd53993c25d5600267a05cb0288249766db1f6e555163752e07019","sourceIndex":"1267","avBlockList":["Avast Security for Mac (20230511)","Avira Security for Mac (20230511)","Bitdefender Antivirus for Mac (20230511)","ESET Cyber Security Pro for Mac (20230511)","G DATA AntiVirus for Mac (20230511)","K7 Antivirus for Mac (20230511)","Kaspersky Internet Security for Mac (20230511)","McAfee Internet Security for Mac (20230511)","Norton Security for Mac (20230511)","Sophos Home Premium For Mac (20230511)","Trend Micro Antivirus for Mac (20230511)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searching for utilities via download sites","reference":"","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1267"}],"sampleFiles":["221214/MacClean360-191029/5.5/Samples/MacClean360","221214/MacClean360-191029/5.5/Samples/MacClean360Trial.dmg"],"imageFiles":["221214/MacClean360-191029/5.5/Images/ACR-004/ACR004-1.png","221214/MacClean360-191029/5.5/Images/ACR-004/ACR004-2.png","221214/MacClean360-191029/5.5/Images/ACR-004/ACR004.mp4","221214/MacClean360-191029/5.5/Images/ACR-084/ACR084.png","221214/MacClean360-191029/5.5/Images/ACR-084/ACR084-1.png"],"nonDeceptorImageFiles":["221214/MacClean360-191029/5.5/Images/ACR-165/ACR165.png","221214/MacClean360-191029/5.5/Images/ACR-045/ACR045.png","221214/MacClean360-191029/5.5/Images/ACR-161/ACR161.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.5_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.5","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:46.5970071+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":169},{"violations":{"ACR-004":"While the app provides free scan results via its \"Junk Cleaner\"  and \"Internet Cleaner\" Function, it does not provide any free fix for the scan. The app prompts the user to purchase a license in order to perform app cleanup.\n"},"nonDeceptorViolations":{"ACR-045":"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials included in their landing page does not link back to the original source, and thus cannot be confirmed by the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"66d992838c6f1515d5fbd94657a771fb","hashSHA1":"a4a93e2ebe06e9d33a88b4e9bb2c3b079acc0739","hashSHA256":"0be900afacddea3dcfbdb9b61e807f75e9403b1102ceece97f6e8a27beb468fc","sourceIndex":"760","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2356896073bfbe80fb6e1162ea2dec35","hashSHA1":"5c510488642dc2640afdc8b30e6f000f18414147","hashSHA256":"56963fb67f462405ff765a894f7c6e30a4b095a886db006f4d7011d348360e65","sourceIndex":"760","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"760"}],"sampleFiles":["240110/MacClean360-191029/5.9/Samples/MacClean360","240110/MacClean360-191029/5.9/Samples/MacClean360Trial.dmg"],"imageFiles":["240110/MacClean360-191029/5.9/Images/ACR-004/004_1.png","240110/MacClean360-191029/5.9/Images/ACR-004/004_2.png","240110/MacClean360-191029/5.9/Images/ACR-004/004_3.png","240110/MacClean360-191029/5.9/Images/ACR-004/004_4.png"],"nonDeceptorImageFiles":["240110/MacClean360-191029/5.9/Images/ACR-045/landingpage_045.png","240110/MacClean360-191029/5.9/Images/ACR-161/landingpage_161.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.9_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.9","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:30.6494753+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":168},{"violations":{"ACR-004":"While the app provides free scan results via its \"Junk Cleaner\"  and \"Internet Cleaner\" Function, it does not provide any free fix for the scan. The app prompts the user to purchase a license in order to perform app cleanup.\n"},"nonDeceptorViolations":{"ACR-045":"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials included in their landing page does not link back to the original source, and thus cannot be confirmed by the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"01e4b3a1e2604b75463735a376207d64","hashSHA1":"d14bb1765f40c7344a63f53fa5272a12c552136a","hashSHA256":"4aed8eee0ec92902454e856fd040b83db9c789505215b7e94826e05c4e1590af","sourceIndex":"561","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c361d8b639ab6265dd2dcc70cbd63117","hashSHA1":"74f92fdaeb4dc1b13432510b46706950207bf0cf","hashSHA256":"f52da9835bd6485c67b0ca24918cc29fbc035966efb82359c7190f2cf2073bf8","sourceIndex":"561","avBlockList":["Avast Security for Mac (20251113)","Avira Security for Mac (20251113)","ESET Cyber Security Pro for Mac (20251113)","Kaspersky Internet Security for Mac (20251113)","Norton Security for Mac (20251113)","SpyHunterforMac (20251113)","Trend Micro Antivirus for Mac (20251113)","Sophos Home Premium For Mac (20251113)"],"avAllowList":["Bitdefender Antivirus for Mac (20251113)","G DATA AntiVirus for Mac (20251113)","K7 Antivirus for Mac (20251113)","McAfee Internet Security for Mac (20251113)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"561"}],"sampleFiles":["240903/MacClean360-191029/6.0/Samples/MacClean360","240903/MacClean360-191029/6.0/Samples/MacClean360Trial.dmg"],"imageFiles":["240903/MacClean360-191029/6.0/Images/ACR-004/App12.png","240903/MacClean360-191029/6.0/Images/ACR-004/App13.png","240903/MacClean360-191029/6.0/Images/ACR-004/App14.png","240903/MacClean360-191029/6.0/Images/ACR-004/App17.png","240903/MacClean360-191029/6.0/Images/ACR-004/App18.png"],"nonDeceptorImageFiles":["240903/MacClean360-191029/6.0/Images/ACR-045/LandingPage.png","240903/MacClean360-191029/6.0/Images/ACR-161/Best Mac Cleaner and Manager to Speed up and Manage Mac MacClean360 macOS Sequoia Ready1.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_6.0_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"6.0","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:23.9447271+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":167},{"violations":{"ACR-004":"While the app provides free scan results via its \"Junk Cleaner\"  and \"Internet Cleaner\" Function, it does not provide any free fix for the scan. The app prompts the user to purchase a license in order to perform app cleanup.\n"},"nonDeceptorViolations":{"ACR-045":"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials included in their landing page does not link back to the original source, and thus cannot be confirmed by the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"10.9.0","hashMD5":"5d4d03bbfdd380ec31fddb781a355845","hashSHA1":"10d45fa3371aa904beee1b0309fbc32b2ae750d2","hashSHA256":"aa33ed026688c8fe132637d170d11b9c5bca87dd8a1be5dae38c190ef9f0e3df","sourceIndex":"149","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","hashMD5":"be628970b40fd047a5e1bf6516e020b3","hashSHA1":"e41a22c2567479da941db7ff2e083d09cd3a911f","hashSHA256":"2afeca086a76a35f8bdcdafa0dbb9557e1aeb9c15c29f98132e1bc3ba92031c5","sourceIndex":"149","avBlockList":["Avast Security for Mac (20260113)","Avira Security for Mac (20260113)","ESET Cyber Security Pro for Mac (20260113)","Kaspersky Internet Security for Mac (20260113)","Norton Security for Mac (20260113)","Sophos Home Premium For Mac (20260113)","SpyHunterforMac (20260113)","Trend Micro Antivirus for Mac (20260113)"],"avAllowList":["Bitdefender Antivirus for Mac (20260113)","G DATA AntiVirus for Mac (20260113)","K7 Antivirus for Mac (20260113)","McAfee Internet Security for Mac (20260113)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Clean up Gigabytes of Junk\"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"149"}],"sampleFiles":["251111/MacClean360-191029/6.1/Samples/MacClean360","251111/MacClean360-191029/6.1/Samples/MacClean360Trial.dmg"],"imageFiles":["251111/MacClean360-191029/6.1/Images/ACR-004/app12.png","251111/MacClean360-191029/6.1/Images/ACR-004/app13.png","251111/MacClean360-191029/6.1/Images/ACR-004/app14.png","251111/MacClean360-191029/6.1/Images/ACR-004/app15.png"],"nonDeceptorImageFiles":["251111/MacClean360-191029/6.1/Images/ACR-045/ACR-045_1.png","251111/MacClean360-191029/6.1/Images/ACR-161/ACR-161.png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_6.1_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"6.1","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:11.4531097+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":166},{"violations":{"ACR-007":"The app does not obtain user explicit consent about reducing the consumer system's security posture caused by sharing the user's internet resource.\n","ACR-084":"The application running in background without notifying user when user close (x)the application.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MystNodesLauncher.dmg","isInstaller":"True","hashMD5":"57920f9d13cb885a682eabdf4ca9a645","hashSHA1":"0eed4fc762e5eaee01b64f8da23c05b5d1b00a95","hashSHA256":"18ad077f3c49c6027a5fdcf7d67d3d2d0eb57d819b47cc42dc70dd17920f6bf1","sourceIndex":"150","avBlockList":["Avast Security for Mac (20260113)","Avira Security for Mac (20260113)","McAfee Internet Security for Mac (20260113)","Norton Security for Mac (20260113)","SpyHunterforMac (20260113)","Trend Micro Antivirus for Mac (20260113)"],"avAllowList":["Bitdefender Antivirus for Mac (20260113)","ESET Cyber Security Pro for Mac (20260113)","G DATA AntiVirus for Mac (20260113)","K7 Antivirus for Mac (20260113)","Kaspersky Internet Security for Mac (20260113)","Sophos Home Premium For Mac (20260113)"]},{"isRevoked":"False","fileName":"MystNodes%20Launcher","fileVersion":"12.0.0","hashMD5":"c61c4fd0b1c695d4e08d716983cdc925","hashSHA1":"2634da0d4221694ef9c1c8f88a22b8942904c0a8","hashSHA256":"5fcb58cae3c60748e9e85cf67b4543d6afaeb5a1d434e56c98132e89f6fb3b8f","sourceIndex":"150","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"P2P","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"150"}],"sampleFiles":["251111/Mystnodes-251111/12.0/Samples/MystNodesLauncher.dmg"],"imageFiles":["251111/Mystnodes-251111/12.0/Images/ACR-007/ACR-007_Install_1.png","251111/Mystnodes-251111/12.0/Images/ACR-007/ACR-007_Install_2.png","251111/Mystnodes-251111/12.0/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"8137488e-2de3-46e5-b47e-1edfd11e27e4_12.0_1","appID":"Mystnodes-251111","dateAdded":"251111","deceptorType":"MacOS App","name":"Mystnodes","company":"NetSys Inc","version":"12.0","lastKnownStatus":"12.0","lastKnownDate":"251111","type":"MacOS App","category":"Business Developer Tools","targetOS":"MacOS","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-11-11T22:45:44.6519845+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":165},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n","ACR-165":"App doesn't provide following information in shopping cart: 1. Cancellation of Auto-renewal via online. 2. Notifying the user about auto renewal payment.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean360","fileVersion":"0.","hashMD5":"67c4545ae57e70c9af08c51884032b12","hashSHA1":"fe696b8ea333bbd5a3bc60278802a08dcf84838f","hashSHA256":"40cc880fa94dc4c66086fda29cf18137aa2796b526a9ee866410d44e226ae623","sourceIndex":"1635","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean360Trial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"0c8ad50644a2b12add93adbe258244e4","hashSHA1":"7f503326749f503379d2c5edfc29d156a907260d","hashSHA256":"680a6b75006e15fcd6ed6b06bb864d076f0cd3b82653ecc865deaa00b92eb065","sourceIndex":"1635","avBlockList":["Avast Security for Mac (20220809)","Avira Security for Mac (20220809)","ESET Cyber Security Pro for Mac (20220809)","K7 Antivirus for Mac (20220809)","McAfee Internet Security for Mac (20220809)","Norton Security for Mac (20220809)","Sophos Home Premium For Mac (20220809)","Trend Micro Antivirus for Mac (20220809)"],"avAllowList":["Bitdefender Antivirus for Mac (20220809)","G DATA AntiVirus for Mac (20220809)","Kaspersky Internet Security for Mac (20220809)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.doyourdata.com/clean-mac/macclean360.html","landingPage":"https://www.doyourdata.com/clean-mac/macclean360.html","directDownloadingLink":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/MacClean360Trial.dmg","sourceIndex":"1635"}],"sampleFiles":["220426/MacClean360-191029/5.3/Samples/MacClean360","220426/MacClean360-191029/5.3/Samples/MacClean360Trial.dmg"],"imageFiles":["220426/MacClean360-191029/5.3/Images/ACR-004/MacClean360_Interactions [1].png","220426/MacClean360-191029/5.3/Images/ACR-004/MacClean360_Interactions [2].png","220426/MacClean360-191029/5.3/Images/ACR-004/MacClean360_Interactions [3].png","220426/MacClean360-191029/5.3/Images/ACR-084/MacClean360_AutoLaunch [1].png","220426/MacClean360-191029/5.3/Images/ACR-165/MacClean360_OfferPage [1].png","220426/MacClean360-191029/5.3/Images/ACR-165/MacClean360_OfferPage [2].png"],"nonDeceptorImageFiles":["220426/MacClean360-191029/5.3/Images/ACR-045/MacClean360_LandingPage [2].png","220426/MacClean360-191029/5.3/Images/ACR-045/MacClean360_LandingPage [3].png","220426/MacClean360-191029/5.3/Images/ACR-161/MacClean360_LandingPage [4].png","220426/MacClean360-191029/5.3/Images/ACR-161/MacClean360_LandingPage [5].png"],"guid":"b42a485b-35a0-4c7c-8de1-fd6e31b67965_5.3_1","appID":"MacClean360-191029","dateAdded":"251111","deceptorType":"MacOS App","name":"MacClean360","company":"DoYourData","version":"5.3","lastKnownStatus":"Deceptor:4.3;4.5;4.6;4.7;4.8;4.9;5.0;5.1;5.2;5.3;5.4;5.5;5.9;6.0;6.1","lastKnownDate":"251111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-11-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":171},{"violations":{"ACR-048":"During install, the user is unable to cancel or close the window on this screen\n","ACR-003":"App claims the user's IP is exposed whenever it is disabled, even if another VPN is running.\n","ACR-084":"Upon closing the app, it continues to run in the background without providing any notification to the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"X-VPN_Installer77.0_4545_119c0990_2025-02-12-06-41-32.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"aac21b98a8bf6a8fc24afb6ae288960c","hashSHA1":"a3105e34358196f3b136d676d81098781f32cf4c","hashSHA256":"af5d5048631279c3c0aab79542e863d900ec6cec6676a0deab95e5f277d0a103","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","sourceIndex":"128","avBlockList":["FortectPremium (20250529)","K7 Total Security (20250529)","Malwarebytes Premium (20250529)","Panda Dome (20250529)","Quick Heal Internet Security (20250529)","Sophos Home Premium (20250529)","SpyHunter5 (20250529)","VirIT eXplorer PRO (20250529)","Webroot SecureAnywhere (20250529)","Windows Defender (20250529)"],"avAllowList":["360 Total Security (20250529)","Avast Premium Security (20250529)","AVG Internet Security (20250529)","Avira Internet Security (20250529)","Bitdefender Internet Security (20250529)","COMODO Antivirus (20250529)","Dr.Web Security Space (20250529)","ESET Internet Security (20250529)","G DATA INTERNET SECURITY (20250529)","KasperskyPremium (20250529)","McAfee Total Protection (20250529)","Norton Security (20250529)","Total AV Antivirus Pro (20250529)","Trend Micro Internet Security (20250529)","VIPRE Advanced Security (20250529)"]},{"isRevoked":"False","fileName":"X-VPN.exe","fileVersion":"0.0","hashMD5":"9f12205bb856625fd3ce532f9c8b1a2b","hashSHA1":"a6a07503a2ddc1416b6e085a5a943f420dc9b78f","hashSHA256":"eeb8e0af1823a2d9becf2f50dea361b1b04c83a1c6d649e6295c0e17b27a6bd5","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","sourceIndex":"128","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunting","reference":"","landingPage":"https://xvpn.io/download/vpn-win","directDownloadingLink":"https://xvpn.io/download/vpn-win?isAutoDownload=true&os=win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://xvpn.io/download/vpn-win?isAutoDownload=true&os=win","sourceIndex":"128"}],"sampleFiles":["251110/XVPN-250306/77.0_4545_119c0990/Samples/X-VPN_Installer77.0_4545_119c0990_2025-02-12-06-41-32.exe","251110/XVPN-250306/77.0_4545_119c0990/Samples/X-VPN.exe"],"imageFiles":["251110/XVPN-250306/77.0_4545_119c0990/Images/ACR-003/ipexposed.png","251110/XVPN-250306/77.0_4545_119c0990/Images/ACR-048/unable to close.png","251110/XVPN-250306/77.0_4545_119c0990/Images/ACR-084/notification.gif"],"nonDeceptorImageFiles":[],"guid":"b5381837-69f1-4cdf-9ab6-0c5549034938_77.0_4545_119c0990_1","appID":"XVPN-250306","dateAdded":"251110","deceptorType":"App","name":"X-VPN","company":"Free Connected Limited","version":"77.0_4545_119c0990","firstVendorContactDate":"250821","firstAppEsteemReplyDate":"250822","firstResolvedDate":"260128","firstResolvedVersion":"77.5.2_5365","resolved":"TRUE","lastKnownStatus":"77.0_4545_119c0990;77.3.0_4913","lastKnownDate":"251110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,net proxy","lastUpdate":"2026-01-28T22:20:25.8649826+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":181},{"violations":{"ACR-048":"1. Application doesn't provide any control option for user to terminate the background running process.\n2. Application auto start whenever user login. The auto start item can't be disabled by user via application setting.\n","ACR-003":"App claims the user's IP may be exposed with red alarming color whenever it is disabled, even if another VPN is running. The claim is unfair to user.\n","ACR-084":"The background keeps running without providing any information in appication notification or setting about how to terminate it to the user. The \"Quit App\" prompt misleads user that application completely quit while X-VPN_root hides and keeps running in background.\n","ACR-014":"App claims the user's IP may be exposed with red alarming color whenever it is disabled, even if another VPN is running. The claim is unfair to user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"X-VPN_Installer77.3.0_4913_c1bbad5b_2025-09-01-10-10-44.exe","isInstaller":"True","hashMD5":"cd6dadae3a9672fb85aca621a16b9bd5","hashSHA1":"49b520a1a92c2c47d5c5a3b0df18186be814e672","hashSHA256":"c8b61d829bcf82854459afae0c5478b1b76ea91a5004372f7f367b160c831e07","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"129","avBlockList":["Bitdefender Internet Security (20260127)","G DATA INTERNET SECURITY (20260127)","K7 Total Security (20260127)","Malwarebytes Premium (20260127)","Panda Dome (20260127)","Sophos Home Premium (20260127)","SpyHunter5 (20260127)","VIPRE Advanced Security (20260127)","VirIT eXplorer PRO (20260127)","Webroot SecureAnywhere (20260127)"],"avAllowList":["360 Total Security (20260127)","Avast Premium Security (20260127)","AVG Internet Security (20260127)","Avira Internet Security (20260127)","COMODO Antivirus (20260127)","Dr.Web Security Space (20260127)","ESET Internet Security (20260127)","FortectPremium (20260127)","KasperskyPremium (20260127)","McAfee Total Protection (20260127)","Norton Security (20260127)","Quick Heal Internet Security (20260127)","Total AV Antivirus Pro (20260127)","Trend Micro Internet Security (20260127)","Windows Defender (20260127)"]},{"isRevoked":"False","fileName":"X-VPN.exe","hashMD5":"fe527b7b6a1f82264419c13498adf7e8","hashSHA1":"d1b6fbb139b76175e82663cad42c31a0a17f7dde","hashSHA256":"52532007d5571dfe1d9fa609eaf84c2085ab5b31026e100f1e83fada8fd8fa7c","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"X-VPN_notification.exe","hashMD5":"2f437ccc8541e9ba6c40b823e6234d69","hashSHA1":"84962944cae78de3f04fbb3fbba96916ddf24a8f","hashSHA256":"4e03420334dfbbe44f5845c3766b53d05427b5f68a9c82286a09c3e0b75709a9","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"X-VPN_root.exe","hashMD5":"501a1bff880cdb2ebc40343f2221ec91","hashSHA1":"ce54755d4eca99ffc02ef19ede52b5d7f471b238","hashSHA256":"29701ba3bb543bd834f5e1338b7ddd02c69718dc732c7ee9a8637b277913d5a1","digitalCertThumbprint":"8FD5EFB150A07271A9EDF85182CC38917E5D4B25","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization, CN=Free Connected Limited, SERIALNUMBER=2553621, O=Free Connected Limited, L=Admiralty, C=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"129","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunting","reference":"","landingPage":"https://xvpn.io/download/vpn-win","directDownloadingLink":"https://xvpn.io/download/vpn-win?isAutoDownload=true&os=win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://xvpn.io/download/vpn-win?isAutoDownload=true&os=win","sourceIndex":"129"}],"sampleFiles":["251110/XVPN-250306/77.3.0_4913/Samples/X-VPN_Installer77.3.0_4913_c1bbad5b_2025-09-01-10-10-44.exe"],"imageFiles":["251110/XVPN-250306/77.3.0_4913/Images/ACR-003/ACR-003_Software_1.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-048/ACR-048_Install_1.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-048/ACR-048_Install_2.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-048/ACR-048_Install_3.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-084/ACR-084_Software_1.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-084/ACR-084_Software_2.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-084/ACR-084_Software_3.png","251110/XVPN-250306/77.3.0_4913/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"b5381837-69f1-4cdf-9ab6-0c5549034938_77.3.0_4913_1","appID":"XVPN-250306","dateAdded":"251110","deceptorType":"App","name":"X-VPN","company":"Free Connected Limited","version":"77.3.0_4913","firstVendorContactDate":"250821","firstAppEsteemReplyDate":"250822","firstResolvedDate":"260128","firstResolvedVersion":"77.5.2_5365","resolved":"TRUE","lastKnownStatus":"77.0_4545_119c0990;77.3.0_4913","lastKnownDate":"251110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,net proxy","lastUpdate":"2026-01-28T22:19:48.6749698+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":182},{"violations":{"ACR-046":"Application doesn't disclose the unexpected behavior setting (auto start when computer starts) for browser.\n","ACR-048":"DBar.exe process is still running in background silently after user choose to exit the application. No control option available for user to terminate Dbar process.\n","ACR-006":"The app does not disclose its monetization approach using Yahoo Search. The app does not disclose its monetization approach using Yahoo Search.\n","ACR-007":"The app's attribution is not clear misleading user about their search provider. It redirects user searches to onestart.ai before calling Yahoo search. \n","ACR-084":"The app creates undisclosed scheduled task and startup items to perform actions without the consumer's knowledge and consent. The app continuously run in the background without notification.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OneStartInstaller-v5.5.238.0.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"098488a18456b92129aa55329699e930","hashSHA1":"f616270393e451aa8fa6f5e53377899edcfec9ae","hashSHA256":"4037808995b703a7279258918fd1c5adc388c9b0bd4c140f876093f057f90b87","sourceIndex":"151","avBlockList":["360 Total Security (20260127)","Avast Premium Security (20260127)","AVG Internet Security (20260127)","Avira Internet Security (20260127)","Bitdefender Internet Security (20260127)","ESET Internet Security (20260127)","FortectPremium (20260127)","G DATA INTERNET SECURITY (20260127)","K7 Total Security (20260127)","KasperskyPremium (20260127)","Malwarebytes Premium (20260127)","McAfee Total Protection (20260127)","Norton Security (20260127)","Panda Dome (20260127)","Quick Heal Internet Security (20260127)","Sophos Home Premium (20260127)","SpyHunter5 (20260127)","Total AV Antivirus Pro (20260127)","VIPRE Advanced Security (20260127)","VirIT eXplorer PRO (20260127)","Webroot SecureAnywhere (20260127)","Windows Defender (20260127)"],"avAllowList":["COMODO Antivirus (20260127)","Dr.Web Security Space (20260127)","Trend Micro Internet Security (20260127)"]},{"isRevoked":"False","fileName":"onestart.exe","companyName":"OneStart.ai","fileVersion":"126.0","hashMD5":"ab3074be21cbee95a135cf138191cf81","hashSHA1":"5979ee0d7c60155091af6924021090ef0425c0f9","hashSHA256":"21da4fbf4d18ddeb8dc9ba37943c2fa6778e3ee082641881f2cf3872a3cdfd69","digitalCertThumbprint":"EB5A7872B0563D261362F00BC6AF0AFC36877A89","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization, CN=Apollo Technologies Inc, SERIALNUMBER=155722923, O=Apollo Technologies Inc, L=Panama City, C=PA","sourceIndex":"151","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"onestartupdater.exe","companyName":"OneStart.ai","fileVersion":"126.0","hashMD5":"a84153dea375d661a2fb566a9ddeac08","hashSHA1":"7dfcebed111d7a1dbcd3c52d6a66fafde51dc465","hashSHA256":"87c4162ba39a825045411fdedf31945b7f1f49b37073b306e128bc34ecfe5320","digitalCertThumbprint":"EB5A7872B0563D261362F00BC6AF0AFC36877A89","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization, CN=Apollo Technologies Inc, SERIALNUMBER=155722923, O=Apollo Technologies Inc, L=Panama City, C=PA","sourceIndex":"151","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://onestart.ai/","directDownloadingLink":"https://onestart.ai/resources/files/OneStartInstaller-v5.5.238.0.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://onestart.ai/resources/files/OneStartInstaller-v5.5.238.0.msi","sourceIndex":"151"}],"sampleFiles":["251105/OneStartBrowser-240905/126.0.6478.118/Samples/OneStartInstaller-v5.5.238.0.msi","251105/OneStartBrowser-240905/126.0.6478.118/Samples/onestart.exe","251105/OneStartBrowser-240905/126.0.6478.118/Samples/onestartupdater.exe"],"imageFiles":["251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-046/ACR-046_Install_1.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-046/ACR-046_Install_2.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-046/ACR-046_Install_3.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-046/ACR-046_Install_4.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-084/ACR-084_Software_1.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-084/ACR-084_Software_2.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-084/ACR-084_Software_3.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-048/ACR-048_Software_1.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-048/ACR-048_Software_2.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-006/redirect.gif","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-007/ACR-007_Software_1.png","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-007/redirect.gif","251105/OneStartBrowser-240905/126.0.6478.118/Images/ACR-007/ACR-007_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"9ba975bc-a602-47db-8c65-274b286c8e28_126.0.6478.118_1","appID":"OneStartBrowser-240905","dateAdded":"251105","deceptorType":"App","name":"OneStart Browser","company":"OneStart Technologies","version":"126.0.6478.118","lastKnownDate":"251105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2025-11-05T18:22:46.1531212+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":183},{"violations":{"ACR-048":"The app does not provide control to remove its startup and background process completely within the app's settings.\n","ACR-007":"During installation, app doesn't explicitly disclose that user needs to join P2P network to use app,  doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On quitting the app, the \"urbanvpnserv.exe\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.0.0","fileVersion":"2.2.0.0","hashMD5":"fcc77e9e68c2e9337a929b991a9fa875","hashSHA1":"54e964e188a9bd6e654f203d027f989639598c94","hashSHA256":"488094fd86bde8c05b0307e782802a49e8922c1f1cfb8a124d9d251b0cf238a5","digitalCertThumbprint":"B37E9B6354C8410A7530625C75ECA12155CDBA2C","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1682","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.4","fileVersion":"2.2.4","hashMD5":"be50ecab0700fffccc1864ee16e7419a","hashSHA1":"052c8cce2c58c4bab37510b64a624b64cd46fad2","hashSHA256":"5188a0f304dac9935f8830a4c3411f4aeef306b344622801901c3e678e3003fb","digitalCertThumbprint":"B37E9B6354C8410A7530625C75ECA12155CDBA2C","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1682","avBlockList":["Avira Internet Security (20220329)","ESET Internet Security (20220329)","K7 Total Security (20220329)","Kaspersky Internet Security (20220329)","McAfee Total Protection (20220329)","Norton Security (20220329)","Panda Dome (20220329)","Sophos Home Premium (20220329)","SpyHunter5 (20220329)","Total AV Antivirus Pro (20220329)","VirIT eXplorer PRO (20220329)","Windows Defender (20220329)"],"avAllowList":["360 Total Security (20220329)","Avast Premium Security (20220329)","AVG Internet Security (20220329)","Bitdefender Internet Security (20220329)","COMODO Antivirus (20220329)","Dr.Web Security Space (20220329)","G DATA INTERNET SECURITY (20220329)","Malwarebytes Premium (20220329)","Quick Heal Internet Security (20220329)","Tencent PC Manager (20220329)","Trend Micro Internet Security (20220329)","VIPRE Advanced Security (20220329)","Webroot SecureAnywhere (20220329)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1682"}],"sampleFiles":["220315/UrbanVPN-220312/2.2.4/Samples/UrbanVPN2.exe"],"imageFiles":["220315/UrbanVPN-220312/2.2.4/Images/ACR-039/ACR-039_Install.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-039/ACR-039_Install_1.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-084/ACR-084_Software_Process.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-048/ACR-048_Software_No_Control.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-007/Urban_VPN_free.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-007/Urban_VPN_free_NoDisclose.JPG"],"nonDeceptorImageFiles":["220315/UrbanVPN-220312/2.2.4/Images/ACR-099/ACR-099_Software_No_UninstallInfo.JPG","220315/UrbanVPN-220312/2.2.4/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.JPG"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.4_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.4","sigName":"Deceptor:Win32/UrbanVPN!039084048007","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","targetOS":"Windows XP,Windows Vista","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":190},{"violations":{"ACR-048":"The app does not provide control to remove its startup and background process completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"During installation, app doesn't explicitly disclose that user needs to join P2P network to use app,  doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" process runs silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.urban-vpn.com/blog/)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.9.0","fileVersion":"2.2.9.0","hashMD5":"452df1387869d69e710cd464914d0aa1","hashSHA1":"79467dc79e93f8d83eae18ef77bff57b84027920","hashSHA256":"1cd0ddf692a50b078ead4255850f2ead2d249d2639e1bf8a0a0f4fd18eda6591","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1365","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"db488d1f572b1907cf0c1bc00f870ffd","hashSHA1":"d7fb677007e1efb97c334895a47f931b45158889","hashSHA256":"b072f74b04cabddb528d29f4940b56c542050103c09bfb356da34c57308714d4","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1365","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.9","fileVersion":"2.2.9","hashMD5":"9879d2c79047ffedd1baeca6fc52b4a8","hashSHA1":"fd99bbd8d304e22159d62334a70c60f2ff667eaf","hashSHA256":"28665cf43702457b70abc5b21d23873a5b7387799aa7083889f8f7a276431608","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1365","avBlockList":["360 Total Security (20230124)","Avast Premium Security (20230124)","AVG Internet Security (20230124)","Avira Internet Security (20230124)","ESET Internet Security (20230124)","K7 Total Security (20230124)","Kaspersky Internet Security (20230124)","McAfee Total Protection (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Quick Heal Internet Security (20230124)","Sophos Home Premium (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VirIT eXplorer PRO (20230124)","Webroot SecureAnywhere (20230124)"],"avAllowList":["Bitdefender Internet Security (20230124)","COMODO Antivirus (20230124)","Dr.Web Security Space (20230124)","G DATA INTERNET SECURITY (20230124)","Malwarebytes Premium (20230124)","Trend Micro Internet Security (20230124)","VIPRE Advanced Security (20230124)","Windows Defender (20230124)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1365"}],"sampleFiles":["221017/UrbanVPN-220312/2.2.9/Samples/UrbanVPN2.exe"],"imageFiles":["221017/UrbanVPN-220312/2.2.9/Images/ACR-039/ACR-039_1.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-039/ACR-039_2.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-084/ACR-084.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-048/ACR-048.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-007/ACR-007.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-007/ACR-007_2.JPG"],"nonDeceptorImageFiles":["221017/UrbanVPN-220312/2.2.9/Images/ACR-099/ACR-099_Software.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-099/ACR-099_Landingpage.JPG","221017/UrbanVPN-220312/2.2.9/Images/ACR-018/ACR-018.jpg"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.9_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.9","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":189},{"violations":{"ACR-046":"The \"UrbanVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious to the user. \n","ACR-048":"The app does not provide control to remove its startup and background process completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"During installation, app doesn't explicitly disclose that user needs to join P2P network to use app,  doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" process runs silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"UrbanVPNProxy Extension for Chrome\" offer.\n","ACR-055":"The \"UrbanVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"UrbanVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n","ACR-155":"The \"UrbanVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.urban-vpn.com/blog/)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.10.0","fileVersion":"2.2.10.0","hashMD5":"242edd3904bccbebdde25a7afa6d3cfd","hashSHA1":"fce9d53b4c563875dd614353d772d602ec189dfb","hashSHA256":"e26487d2a62ce2b14c452e0d6e626285c26c770630bfbd529e1e6635facb98df","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1268","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"62b057427c4bee906efd6229615d8e80","hashSHA1":"396743e3a634c48dcf49f0b36128ce06085bffa5","hashSHA256":"013f43bd43bb173ee44cff20eb699ce50935ada810008534ec18fedbfcad562e","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1268","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.10","fileVersion":"2.2.10","hashMD5":"87d504827ef7eb568d6dcecfad38d1f9","hashSHA1":"e7b8e8bfd973a932b3a32422b1d5e58924ea1955","hashSHA256":"f715fd70ffa8bae01641ab0954dddfb4604586b63361b49f681801e68252eee3","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1268","avBlockList":["360 Total Security (20230105)","Avast Premium Security (20230105)","AVG Internet Security (20230105)","Avira Internet Security (20230105)","Bitdefender Internet Security (20230105)","ESET Internet Security (20230105)","K7 Total Security (20230105)","Kaspersky Internet Security (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","VIPRE Advanced Security (20230105)","VirIT eXplorer PRO (20230105)","Webroot SecureAnywhere (20230105)"],"avAllowList":["COMODO Antivirus (20230105)","Dr.Web Security Space (20230105)","G DATA INTERNET SECURITY (20230105)","Malwarebytes Premium (20230105)","Trend Micro Internet Security (20230105)","Windows Defender (20230105)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1268"}],"sampleFiles":["221214/UrbanVPN-220312/2.2.10/Samples/UrbanVPN2.exe"],"imageFiles":["221214/UrbanVPN-220312/2.2.10/Images/ACR-039/ACR-039_1.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-039/ACR-039_2.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-046/ACR-046.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-055/ACR-055.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-084/ACR-084.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-048/ACR-048.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-048/ACR-048_1.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-048/ACR-048_2.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-007/ACR-007_1.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-007/ACR-007_2.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-057/ACR-057.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-059/ACR-059.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221214/UrbanVPN-220312/2.2.10/Images/ACR-099/ACR-099.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-099/ACR-099_1.JPG","221214/UrbanVPN-220312/2.2.10/Images/ACR-018/ACR-018.jpg"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.10_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.10","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":188},{"violations":{"ACR-048":"The app does not provide control to remove the background processes completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"App does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing. \n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" process runs silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"UrbanVPNProxy Extension for Chrome\" offer.\n","ACR-055":"The \"UrbanVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"UrbanVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n","ACR-155":"The \"UrbanVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.11.0","fileVersion":"2.2.11.0","hashMD5":"8f9933b8bf3cb7f9b357fc04fd88913e","hashSHA1":"4a9efc9fefe8f29b1bbd025932d0fb35fee50ce0","hashSHA256":"8aa3299a47333f2b7ee53921136050884aaac7346c89211bc47028a45741be4b","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1211","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn.exe","companyName":"Urban Cyber Security Inc.","productName":"UrbanVPN","productVersion":"2.2.11.0","fileVersion":"2.2.11.0","hashMD5":"2d902e224c0d2cd2b288d743f8d0b6c5","hashSHA1":"bafba78c9a59a7fd96755c703055ddcfe65a61c1","hashSHA256":"311840b524c32aa6594d2d5960fa323afe9cbcff00c333bc6cbdfd3099fdfbe3","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1211","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3921570ed1c271868d4564fd545805e6","hashSHA1":"cb8967eefe9d736f2fae26d9c63f31c06d27db70","hashSHA256":"baa8ff370300b8d5ec052d1adf46aeda966fde8877ea18590a26ac82c1d8fcce","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1211","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.11","fileVersion":"2.2.11","hashMD5":"401ae8a7c8a882dd7846fd4c62b99f60","hashSHA1":"4b77e688de4234376cf18f5c9db5466cd012b945","hashSHA256":"88fa1a52922482a0e80c5c410421c38e557514796a53f9e6839304fd049cd753","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1211","avBlockList":["360 Total Security (20230420)","Avast Premium Security (20230420)","AVG Internet Security (20230420)","Avira Internet Security (20230420)","ESET Internet Security (20230420)","G DATA INTERNET SECURITY (20230420)","K7 Total Security (20230420)","Kaspersky Internet Security (20230420)","McAfee Total Protection (20230420)","Norton Security (20230420)","Panda Dome (20230420)","Quick Heal Internet Security (20230420)","Sophos Home Premium (20230420)","SpyHunter5 (20230420)","Total AV Antivirus Pro (20230420)","VirIT eXplorer PRO (20230420)","Webroot SecureAnywhere (20230420)"],"avAllowList":["Bitdefender Internet Security (20230420)","COMODO Antivirus (20230420)","Dr.Web Security Space (20230420)","Malwarebytes Premium (20230420)","Trend Micro Internet Security (20230420)","VIPRE Advanced Security (20230420)","Windows Defender (20230420)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1211"}],"sampleFiles":["230301/UrbanVPN-220312/2.2.11/Samples/UrbanVPN2.exe"],"imageFiles":["230301/UrbanVPN-220312/2.2.11/Images/ACR-039/ACR-039_2.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-039/ACR-039.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-055/ACR-055.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-084/ACR-084.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-048/ACR-048_1.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-048/ACR-048_2.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-007/ACR-007_1.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-007/ACR-007_2.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-007/ACR_007.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-057/ACR-057.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-059/ACR-059.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230301/UrbanVPN-220312/2.2.11/Images/ACR-099/ACR-099.JPG","230301/UrbanVPN-220312/2.2.11/Images/ACR-099/ACR-099_1.JPG"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.11_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.11","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":187},{"violations":{"ACR-048":"The app does not provide control to remove the background processes completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"App does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing. \n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" and \"urbanvpn-gui.exe\" processes run silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.12.1","fileVersion":"2.2.12.1","hashMD5":"da99b08fbcbc94c4750d9e1a5d7e3dbf","hashSHA1":"32688cb510fc6343051b5eb47dc35080d5c57de8","hashSHA256":"892251cdcdfd8b402fa5f3c470a7bb2d8bfad3fe87ed05eee337dc8e46852537","digitalCertThumbprint":"74041F7051F4B8F42E9365A2B887FA5E8871B669","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"802","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn.exe","companyName":"Urban Cyber Security Inc.","productName":"UrbanVPN","productVersion":"2.2.12.0","fileVersion":"2.2.12.0","hashMD5":"64d1f876054b648e0a11e83038b2a0a0","hashSHA1":"f58eb92a377c30c34fb4a28aaa62e4f90ed35d2b","hashSHA256":"776aa293542e1fd6d9cf5f147b79949b1cc73ce8b56ad5f6851c4c717d508560","digitalCertThumbprint":"74041F7051F4B8F42E9365A2B887FA5E8871B669","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"802","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"722cc69cfe06e6aa5408e80e95cd4bac","hashSHA1":"0c6f38fb2bae6dffbfac7b3ea66e8c486ea6e7ca","hashSHA256":"32d84521a8ba69bba2306670d61ef1973a8c27345c37245cf0af0466b20bcabc","digitalCertThumbprint":"74041F7051F4B8F42E9365A2B887FA5E8871B669","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"802","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.12.1","fileVersion":"2.2.12.1","hashMD5":"ddc5a4819ff054fdec3b4a067a687a45","hashSHA1":"aeed09601a0791234350bac293acf9342046edd7","hashSHA256":"25d1ece063e1c25b14842f8f95b24c560bc252ef7f35e1a125c52bf4d7c4e92c","digitalCertThumbprint":"74041F7051F4B8F42E9365A2B887FA5E8871B669","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"802","avBlockList":["360 Total Security (20251104)","ESET Internet Security (20251104)","Kaspersky Internet Security (20230829)","Malwarebytes Premium (20251104)","McAfee Total Protection (20251104)","Panda Dome (20251104)","Quick Heal Internet Security (20251104)","Sophos Home Premium (20251104)","Trend Micro Internet Security (20251104)","VirIT eXplorer PRO (20251104)","Webroot SecureAnywhere (20251104)","FortectPremium (20251104)","KasperskyPremium (20251104)"],"avAllowList":["Avast Premium Security (20251104)","AVG Internet Security (20251104)","Avira Internet Security (20251104)","Bitdefender Internet Security (20251104)","COMODO Antivirus (20251104)","Dr.Web Security Space (20251104)","G DATA INTERNET SECURITY (20251104)","K7 Total Security (20251104)","Norton Security (20251104)","SpyHunter5 (20251104)","Total AV Antivirus Pro (20251104)","VIPRE Advanced Security (20251104)","Windows Defender (20251104)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"802"}],"sampleFiles":["230530/UrbanVPN-220312/2.2.12.1/Samples/UrbanVPN2.exe"],"imageFiles":["230530/UrbanVPN-220312/2.2.12.1/Images/ACR-084/ACR-084.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-048/ACR-048.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-048/ACR-048_1.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-007/ACR-007.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-007/ACR-007_1.JPG","230530/UrbanVPN-220312/2.2.12.1/Images/ACR-007/ACR-007_2.JPG"],"nonDeceptorImageFiles":[],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.12.1_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.12.1","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":185},{"violations":{"ACR-048":"The background service keeps running when application is closed even user to turn it off in the application setting.\n","ACR-118":"The TAP components installed by UrbanVPN are not removed during uninstallation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"UrbanVPN.exe","isInstaller":"True","companyName":"Urban Cyber Security","productName":"UrbanVPN","productVersion":"4.0.4.0","fileVersion":"4.0.4.0","hashMD5":"ba3eb1aeed9e827cd5cc965693963527","hashSHA1":"93f0a27f4766003ec49e0a34b5b8b7f52fc8b59f","hashSHA256":"9bc24ec047408252caac3ab36b6a6ee3c9f254de7e6b3d16d1d85f9608c7a34a","digitalCertThumbprint":"D77A7D36C5D39DDEA67875DF52882C3278CC77B9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Urban Cyber Security Inc., OU=IT, O=Urban Cyber Security Inc., L=Wilmington, S=Delaware, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"153","avBlockList":["360 Total Security (20260127)","Bitdefender Internet Security (20260127)","G DATA INTERNET SECURITY (20260127)","K7 Total Security (20260127)","KasperskyPremium (20260127)","Panda Dome (20260127)","Quick Heal Internet Security (20260127)","Sophos Home Premium (20260127)","SpyHunter5 (20260127)","VIPRE Advanced Security (20260127)","VirIT eXplorer PRO (20260127)","Webroot SecureAnywhere (20260127)"],"avAllowList":["Avast Premium Security (20260127)","AVG Internet Security (20260127)","Avira Internet Security (20260127)","COMODO Antivirus (20260127)","Dr.Web Security Space (20260127)","ESET Internet Security (20260127)","FortectPremium (20260127)","Malwarebytes Premium (20260127)","McAfee Total Protection (20260127)","Norton Security (20260127)","Total AV Antivirus Pro (20260127)","Trend Micro Internet Security (20260127)","Windows Defender (20260127)"]},{"isRevoked":"False","fileName":"urban-vpn-app.exe","companyName":"Urban Cyber Security","productName":"UrbanVPN","productVersion":"4.0.4.0","fileVersion":"4.0.4.0","hashMD5":"d03601c7737aaa9ff60c13bb3fd2aa4a","hashSHA1":"a68fdb5388e9c384e55e2a1998619757b86ad54e","hashSHA256":"1af301b35d6e167c2fe50a5f55199b7e876084a535899c65a87cc9097f63eda8","digitalCertThumbprint":"D77A7D36C5D39DDEA67875DF52882C3278CC77B9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Urban Cyber Security Inc., OU=IT, O=Urban Cyber Security Inc., L=Wilmington, S=Delaware, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"153","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"urban-vpn-service.exe","companyName":"Urban Cyber Security","productName":"UrbanVPN","productVersion":"4.0.4.0","fileVersion":"4.0.4.0","hashMD5":"c9e68111d38ceec68e179a10213e0da3","hashSHA1":"5938cee5fc99d721d38209cb92941f7eccf30d21","hashSHA256":"09a7caa609471c7560f1d3947d49c0e4830fa2de1a88d511f9a1e5b63e4ae1a2","digitalCertThumbprint":"D77A7D36C5D39DDEA67875DF52882C3278CC77B9","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Urban Cyber Security Inc., OU=IT, O=Urban Cyber Security Inc., L=Wilmington, S=Delaware, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"153","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"153"}],"sampleFiles":["251103/UrbanVPN-220312/4.0.4.0/Samples/UrbanVPN.exe"],"imageFiles":["251103/UrbanVPN-220312/4.0.4.0/Images/ACR-048/ACR-048_Software_1.png","251103/UrbanVPN-220312/4.0.4.0/Images/ACR-048/ACR-048_Software_2.png","251103/UrbanVPN-220312/4.0.4.0/Images/ACR-118/ACR-118_Uninstall_1.png","251103/UrbanVPN-220312/4.0.4.0/Images/ACR-118/ACR-118_Uninstall_2.png"],"nonDeceptorImageFiles":[],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_4.0.4.0_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"4.0.4.0","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T18:52:23.2276592+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":184},{"violations":{"ACR-048":"The app does not provide control to remove the background processes completely within the app's settings. The control to the \"urbanvpnserv.exe\" seems obscure in the settings and requires admin rights & reboot and Urban VPN can't run unless this process is running. Even though it's turned off it enables automatically after reboot.\n","ACR-007":"App does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing. \n","ACR-084":"On quitting & rebooting, the \"urbanvpnserv.exe\" and \"urbanvpn-gui.exe\" processes run silently in the background, hiding the fact that it is active from the consumer, even after it is turned off in the settings.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information inside software. \nThe landing page ( https://www.urban-vpn.com ) does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn-gui.exe","companyName":"UrbanVPN GUI","productName":"UrbanVPN GUI","productVersion":"2.2.12.0","fileVersion":"2.2.12.0","hashMD5":"97fa827bdfcbe9b966029fb67451626a","hashSHA1":"9ba86b02766aa1192529ec60c4c8699c0354d7f4","hashSHA256":"059ad52086a4b49196147d9ceeddde6b4a961df5160f770fad81cee07d8eb320","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1145","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpn.exe","companyName":"Urban Cyber Security Inc.","productName":"UrbanVPN","productVersion":"2.2.12.0","fileVersion":"2.2.12.0","hashMD5":"ab40d36c9be29c5494f87d1bb396693d","hashSHA1":"d5cb98c7cb71cdbaffa1c241f33b3fc9bf5cb216","hashSHA256":"a18661153631312f37b90a49ef8b872afc57490f482a6e09fd8143928db2037e","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1145","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\bin\\urbanvpnserv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"86316a6deea89bd9a51a3883dea12399","hashSHA1":"91b411ed7f2f355c691b35793462d381de5676e3","hashSHA256":"3e8f3e6abfcee601edf38aff4a0c62c526daeab75cf49a81dcc466691cc3e125","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1145","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\UrbanVPN\\UrbanVPNUpdater.exe","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.12","fileVersion":"2.2.12","hashMD5":"13c580c16f0e2d560dea0a98b2d1b414","hashSHA1":"8b442e58fdaa912d19f13a0681c53011bf41a734","hashSHA256":"b23a6e59d0e60687b9f620ec8ecfb766b67974625ca463738fc989f8a778085c","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1145","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UrbanVPN2.exe","isInstaller":"True","companyName":"Urban Security","productName":"UrbanVPN","productVersion":"2.2.12","fileVersion":"2.2.12","hashMD5":"7b1c620592cfb400f0b51ece08c113f7","hashSHA1":"72fcdc4eb749b8546687ccf86e70ec246bbe1ee6","hashSHA256":"5d8c281bf72629746f0cd88d1aae543ab428e08a797ffca3635583509a9bb690","digitalCertThumbprint":"608A130F2C5D7356ED7AE2BA26137DC1104C27F2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Urban Cyber Security Inc.","storeId":"","sourceIndex":"1145","avBlockList":["360 Total Security (20230530)","Avira Internet Security (20230530)","Bitdefender Internet Security (20230530)","ESET Internet Security (20230530)","G DATA INTERNET SECURITY (20230530)","K7 Total Security (20230530)","Kaspersky Internet Security (20230530)","McAfee Total Protection (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Quick Heal Internet Security (20230530)","Sophos Home Premium (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","VIPRE Advanced Security (20230530)","VirIT eXplorer PRO (20230530)","Webroot SecureAnywhere (20230530)"],"avAllowList":["Avast Premium Security (20230530)","AVG Internet Security (20230530)","COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","Malwarebytes Premium (20230530)","Trend Micro Internet Security (20230530)","Windows Defender (20230530)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN in blur BI data","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.urban-vpn.com/latest/UrbanVPN2.exe","sourceIndex":"1145"}],"sampleFiles":["230426/UrbanVPN-220312/2.2.12/Samples/UrbanVPN2.exe"],"imageFiles":["230426/UrbanVPN-220312/2.2.12/Images/ACR-084/ACR-084.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-048/ACR-048.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-048/ACR-048_1.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-007/ACR-007.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-007/ACR-007_1.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-007/ACR-007_2.JPG"],"nonDeceptorImageFiles":["230426/UrbanVPN-220312/2.2.12/Images/ACR-099/ACR-099.JPG","230426/UrbanVPN-220312/2.2.12/Images/ACR-099/ACR-099_1.JPG"],"guid":"1940a222-c960-47bb-b3f2-a92c5e8f174c_2.2.12_1","appID":"UrbanVPN-220312","dateAdded":"251103","deceptorType":"App","name":"UrbanVPN","company":"Urban Security","version":"2.2.12","firstResolvedVersion":"","lastKnownStatus":"2.2.4;2.2.9;2.2.10;2.2.11;2.2.12;2.2.12.1;4.0.4.0","lastKnownDate":"251103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2025-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":186},{"violations":{"ACR-048":"User has no option to disable system resource borrowing process. \n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource. \nApplication doesn't provide straightforward approach in application how to disable the network resource sharing. \n","ACR-084":"The application is minimized to systray when it is closed. It doesn't provide any notification to user that it is still running. The application icon in systray is almost invisible. (The icon is white and no tooltip) \n","ACR-118":"Application uninstallation doesn't work. The application files are left in the system and scheduled task is still enabled.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Bitping%20Desktop_25.10.21-2_x64-setup.exe","isInstaller":"True","productName":"Bitping Desktop","productVersion":"25.10.21-2","fileVersion":"25.10.21-2","hashMD5":"92cf6417881cf1a4c39f145318563ccd","hashSHA1":"2cc0d0744b1bcfb91e722ce02f5a0c3f53200f66","hashSHA256":"9f2f28a02c0efe273adad93c57dfaf61ff8d7a3ff87cde538d33ab9c7ca2745f","sourceIndex":"155","avBlockList":["360 Total Security (20260120)","Avast Premium Security (20260120)","AVG Internet Security (20260120)","Avira Internet Security (20260120)","Bitdefender Internet Security (20260120)","COMODO Antivirus (20260120)","Dr.Web Security Space (20260120)","ESET Internet Security (20260120)","FortectPremium (20260120)","G DATA INTERNET SECURITY (20260120)","K7 Total Security (20260120)","KasperskyPremium (20260120)","Malwarebytes Premium (20260120)","McAfee Total Protection (20260120)","Norton Security (20260120)","Panda Dome (20260120)","Quick Heal Internet Security (20260120)","Sophos Home Premium (20260120)","SpyHunter5 (20260120)","Total AV Antivirus Pro (20260120)","Trend Micro Internet Security (20260120)","VIPRE Advanced Security (20260120)","VirIT eXplorer PRO (20260120)","Webroot SecureAnywhere (20260120)","Windows Defender (20260120)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Bitping%20Desktop.exe","companyName":"bitping","productName":"Bitping Desktop","productVersion":"0.0.1","fileVersion":"0.0.1","hashMD5":"6915ec0876b5ee910fe12d6901d89cd5","hashSHA1":"cf153608ed24683d1eff8378409fe237edee1526","hashSHA256":"a1eebad618860eaa6d32e8429b2bbd12cfa3de1ab755a3a56644c3af7c581738","sourceIndex":"155","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitping.vbs","hashMD5":"f4922be1daf106fcafd58d71eeb3aa13","hashSHA1":"fb198b6db52efd09c65e06f146562bf1ce22aa02","hashSHA256":"653f5669d086c668b5c10016b7247e84d154e6770165fe145771fb6e1c31606c","sourceIndex":"155","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uninstall.exe","productName":"Bitping Desktop","productVersion":"25.10.21-2","fileVersion":"25.10.21-2","hashMD5":"6dbccd65e2784b7ff84377ccad3fcf8a","hashSHA1":"bad052eb1ac1d27ba33ffbec6c629e6144ad561a","hashSHA256":"36d00bbbb0310b43de448eeb1748c6a5c2f196d034940404d51e303a48b49dc6","sourceIndex":"155","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Resource sharing app","reference":"","landingPage":"https://bitping.com/earn","directDownloadingLink":"https://bitping.com/earn#downloads","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bitping.com/earn#downloads","sourceIndex":"155"}],"sampleFiles":["251030/Bitping-250706/25.10.21-2/Samples/Bitping%20Desktop_25.10.21-2_x64-setup.exe"],"imageFiles":["251030/Bitping-250706/25.10.21-2/Images/ACR-084/ACR-084_Software_1.png","251030/Bitping-250706/25.10.21-2/Images/ACR-048/ACR-048_Software_2.png","251030/Bitping-250706/25.10.21-2/Images/ACR-048/ACR-048_Software_1.png","251030/Bitping-250706/25.10.21-2/Images/ACR-007/ACR-007_Software_1.png","251030/Bitping-250706/25.10.21-2/Images/ACR-007/ACR-007_Software_2.png","251030/Bitping-250706/25.10.21-2/Images/ACR-118/ACR-118_Uninstall_1.png","251030/Bitping-250706/25.10.21-2/Images/ACR-118/ACR-118_Uninstall_2.png","251030/Bitping-250706/25.10.21-2/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"e48e5a54-715e-4e5c-97d0-fa77666106ac_25.10.21-2_1","appID":"Bitping-250706","dateAdded":"251030","deceptorType":"App","name":"Bitping","company":"Bitping Pty. Ltd","version":"25.10.21-2","lastKnownStatus":"25.7.28-1;25.10.21-2","lastKnownDate":"251030","type":"Windows Executable","category":"Business Developer Tools","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining,net proxy","lastUpdate":"2025-10-30T18:19:03.7394512+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":191},{"violations":{"ACR-048":"User has no option to disable system resource borrowing process. \n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource. \nApplication doesn't provide straightforward approach in application how to disable the network resource sharing. \n","ACR-084":"The application is minimized to systray when it is closed. It doesn't provide any notification to user that it is still running. The application icon in systray is almost invisible. (The icon is white and no tooltip) \n","ACR-118":"Application uninstallation doesn't work. The application files are left in the system and process is still running.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Bitping%20Desktop_25.7.28-1_x64-setup.exe","isInstaller":"True","productName":"Bitping Desktop","productVersion":"25.7.28-1","fileVersion":"25.7.28-1","hashMD5":"0648d1d05fb0f5e73f080a2b0b638ffa","hashSHA1":"accf105521251e0c55d5cedeb04d68981e70936e","hashSHA256":"307c2bc07ea9a7e68d9cc6e2c29d18efd17e477390c16fd95e9428fe67ba4980","sourceIndex":"168","avBlockList":["360 Total Security (20251028)","Avast Premium Security (20251028)","AVG Internet Security (20251028)","Avira Internet Security (20251028)","Bitdefender Internet Security (20251028)","COMODO Antivirus (20251028)","ESET Internet Security (20251028)","FortectPremium (20251028)","G DATA INTERNET SECURITY (20251028)","K7 Total Security (20251028)","KasperskyPremium (20251028)","Malwarebytes Premium (20251028)","McAfee Total Protection (20251028)","Norton Security (20251028)","Panda Dome (20251028)","Quick Heal Internet Security (20251028)","Sophos Home Premium (20251028)","SpyHunter5 (20251028)","Total AV Antivirus Pro (20251028)","Trend Micro Internet Security (20251028)","VIPRE Advanced Security (20251028)","VirIT eXplorer PRO (20251028)","Webroot SecureAnywhere (20251028)","Windows Defender (20251028)"],"avAllowList":["Dr.Web Security Space (20251028)"]},{"isRevoked":"False","fileName":"Bitping%20Desktop.exe","companyName":"bitping","productName":"Bitping Desktop","productVersion":"0.0.1","fileVersion":"0.0.1","hashMD5":"c5fff7babb589fb3ae2075fd7618d2ad","hashSHA1":"ea9b5b8f81e2b6ec03361faece9f29ccdf3c78a2","hashSHA256":"9945924ae1eedc0916900dc3cbbd4044d19240c4f84f55d054519d9084f398a3","sourceIndex":"168","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bitping.vbs","hashMD5":"2d51a1401cd05f7d8215c5b3a9f957ec","hashSHA1":"b75e1ae0209ed55753be70215895b11e1d8da8ff","hashSHA256":"3986f8ab6a291e9adef47b9957b4bc0cb0d83a0d3399691bd7ba3fda66a17fb1","sourceIndex":"168","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uninstall.exe","productName":"Bitping Desktop","productVersion":"25.7.28-1","fileVersion":"25.7.28-1","hashMD5":"c093ed874be937e7e282af1d745b6905","hashSHA1":"317c24aac8fb86d0eb7e6338b13fe2e176bcc3ae","hashSHA256":"d8a55421c7f6e83e6ff2225d548e1deb1da862e58fa8539e7fa2cdd762fcff2d","sourceIndex":"168","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Resource sharing app","reference":"","landingPage":"https://bitping.com/earn","directDownloadingLink":"https://bitping.com/earn#downloads","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bitping.com/earn#downloads","sourceIndex":"168"}],"sampleFiles":["250806/Bitping-250706/25.7.28-1/Samples/Bitping%20Desktop_25.7.28-1_x64-setup.exe"],"imageFiles":["250806/Bitping-250706/25.7.28-1/Images/ACR-084/ACR-084_Software_1.png","250806/Bitping-250706/25.7.28-1/Images/ACR-048/ACR-048_Software_2.png","250806/Bitping-250706/25.7.28-1/Images/ACR-007/ACR-007_Software_1.png","250806/Bitping-250706/25.7.28-1/Images/ACR-118/ACR-118_Uninstall_1.png","250806/Bitping-250706/25.7.28-1/Images/ACR-118/ACR-118_Uninstall_2.png","250806/Bitping-250706/25.7.28-1/Images/ACR-118/ACR-118_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"e48e5a54-715e-4e5c-97d0-fa77666106ac_25.7.28-1_1","appID":"Bitping-250706","dateAdded":"251030","deceptorType":"App","name":"Bitping","company":"Bitping Pty. Ltd","version":"25.7.28-1","lastKnownStatus":"25.7.28-1;25.10.21-2","lastKnownDate":"251030","type":"Windows Executable","category":"Business Developer Tools","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining,net proxy","lastUpdate":"2025-10-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":192},{"violations":{"ACR-048":"Even \"share internet\" disconnected, the sharing traffic is still on. The control for share internet disconnected or connected not working as expected.\n\n","ACR-007":"The app does not obtain user explicit consent about reducing the consumer's security posture caused by sharing the user's internet resource before proceeding installation and running.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"repocket-1.3.6-arm64.dmg","isInstaller":"True","hashMD5":"874bf12718771fa0dca2c9e7255e5832","hashSHA1":"15a862dc7a22354bd01b03c127315a48e639754b","hashSHA256":"16624f3167b6355f97fe8add690f7dd75f9d4bbfc1b8350a41866cf2c69fd42c","sourceIndex":"157","avBlockList":["Sophos Home Premium For Mac (20260113)","SpyHunterforMac (20260113)"],"avAllowList":["Avast Security for Mac (20260113)","Avira Security for Mac (20260113)","Bitdefender Antivirus for Mac (20260113)","ESET Cyber Security Pro for Mac (20260113)","G DATA AntiVirus for Mac (20260113)","K7 Antivirus for Mac (20260113)","Kaspersky Internet Security for Mac (20260113)","McAfee Internet Security for Mac (20260113)","Norton Security for Mac (20260113)","Trend Micro Antivirus for Mac (20260113)"]},{"isRevoked":"False","fileName":"Repocket","fileVersion":"11.0.0","hashMD5":"16f9faa9396535178347e0c94545ee9b","hashSHA1":"4e50b280809ca2c93f5aafd6a425c9a20ebc8066","hashSHA256":"92f346604cea5f81fc1221ebac4b21ed1074b02abdbf30d9df313f164ff2a3ef","sourceIndex":"157","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Repocket","reference":"","landingPage":"repocket.co","ipv4":"","ipv6":"","sourceIndex":"157"}],"sampleFiles":["251029/Repacked-251024/1.3.6/Samples/repocket-1.3.6-arm64.dmg"],"imageFiles":["251029/Repacked-251024/1.3.6/Images/ACR-007/ACR-007_Install_1.png","251029/Repacked-251024/1.3.6/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"67dc63a1-04d3-4500-8699-e3438e5f8060_1.3.6_1","appID":"Repacked-251024","dateAdded":"251029","deceptorType":"MacOS App","name":"Repocket","company":"Repocket","version":"1.3.6","lastKnownStatus":"1.3.6","lastKnownDate":"251029","type":"MacOS App","category":"Personalization & Search","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-10-29T21:28:53.5024957+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":193},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"packetshare_macOS_1.0.2_3.dmg","isInstaller":"True","hashMD5":"911b4b571959a34a9bbb4de2ff94e8bd","hashSHA1":"1bfea669d6e6a892d85858823567737edfe92de8","hashSHA256":"1cc70d3baa635d0fc9fb64d2ce29aced048d3091d6e692a20f12b0a6e6256480","sourceIndex":"156","avBlockList":["Avast Security for Mac (20260113)","Avira Security for Mac (20260113)","McAfee Internet Security for Mac (20260113)","Norton Security for Mac (20260113)","Sophos Home Premium For Mac (20260113)","SpyHunterforMac (20260113)","Trend Micro Antivirus for Mac (20260113)"],"avAllowList":["Bitdefender Antivirus for Mac (20260113)","ESET Cyber Security Pro for Mac (20260113)","G DATA AntiVirus for Mac (20260113)","K7 Antivirus for Mac (20260113)","Kaspersky Internet Security for Mac (20260113)"]},{"isRevoked":"False","fileName":"Packetshare","fileVersion":"11.5.0","hashMD5":"a993b0b890b24496e4dad1e3b02267af","hashSHA1":"33e6da076c26206c13fec742d82dae18336f82ff","hashSHA256":"7356669c9a1088b52263054b7b977ad5b4fbc5ae6106089553722a56a85a3181","sourceIndex":"156","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor related app","reference":"","landingPage":"https://www.packetshare.io","directDownloadingLink":"https://www.packetshare.io/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/download.html","sourceIndex":"156"}],"sampleFiles":["251029/PacketShare-250506/1.0.2/Samples/packetshare_macOS_1.0.2_3.dmg"],"imageFiles":["251029/PacketShare-250506/1.0.2/Images/ACR-007/Screenshot 2025-05-07 at 9.54.19 AM.png"],"nonDeceptorImageFiles":[],"guid":"5af9f13d-69fe-4c2e-82e6-76ab52993cc1_1.0.2_1","appID":"PacketShare-250506","dateAdded":"251029","deceptorType":"MacOS App","name":"Packetshare","company":"DATALABS LIMITED","version":"1.0.2","lastKnownStatus":"1.0.1;1.0.2","lastKnownDate":"251029","type":"MacOS App","category":"Personalization & Search","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"net proxy","lastUpdate":"2025-10-29T21:40:24.3409943+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":194},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_macos_v1.0.1_2.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e3bff664fe86042ddde89ac3e393d732","hashSHA1":"6447655eb072471c1caff9271a86d8e273d20282","hashSHA256":"405d2613d91027f59d5791f6121377682d3169559335506344a6abeb5bfa7734","sourceIndex":"211","avBlockList":["ESET Cyber Security Pro for Mac (20250708)","Sophos Home Premium For Mac (20250708)","SpyHunterforMac (20250708)","Trend Micro Antivirus for Mac (20250708)"],"avAllowList":["Avast Security for Mac (20250708)","Avira Security for Mac (20250708)","Bitdefender Antivirus for Mac (20250708)","G DATA AntiVirus for Mac (20250708)","K7 Antivirus for Mac (20250708)","Kaspersky Internet Security for Mac (20250708)","McAfee Internet Security for Mac (20250708)","Norton Security for Mac (20250708)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor related app","reference":"","landingPage":"https://www.packetshare.io","directDownloadingLink":"https://www.packetshare.io/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/download.html","sourceIndex":"211"}],"sampleFiles":["250507/PacketShare-250506/1.0.1/Samples/packetshare_macos_v1.0.1_2.dmg"],"imageFiles":["250507/PacketShare-250506/1.0.1/Images/ACR-007/Screenshot 2025-05-07 at 9.54.19 AM.png"],"nonDeceptorImageFiles":["250507/PacketShare-250506/1.0.1/Images/ACR-007/Screenshot 2025-05-07 at 9.53.57 AM.png"],"guid":"5af9f13d-69fe-4c2e-82e6-76ab52993cc1_1.0.1_1","appID":"PacketShare-250506","dateAdded":"251029","deceptorType":"MacOS App","name":"Packetshare","company":"DATALABS LIMITED","version":"1.0.1","lastKnownStatus":"1.0.1;1.0.2","lastKnownDate":"251029","type":"MacOS App","category":"Personalization & Search","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"net proxy","lastUpdate":"2025-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":195},{"violations":{"ACR-007":"The app does not obtain user explicit consent about reducing the consumer system's security posture caused by sharing the user's internet resource.\n","ACR-084":"The application running in background without notifying user when user close the application.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"mysterium_vpn.exe","companyName":"com.mysterium","productName":"mysterium_vpn","productVersion":"2.2.1+178","fileVersion":"2.2.1+178","hashMD5":"a9edaf9be7340795d3fc7a89a306d034","hashSHA1":"937643fca5293c9ff1c64c00bb69f5518eee2600","hashSHA256":"7e9509f90c90a49567ddb04b1d3411563e1d1d2d48a2f1df6d00d0e44c3a9976","sourceIndex":"159","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UABMNTechnologijos.MysteriumVPN_2.2.1.0_x64__ncwhsn0daf7s2.Msix","isInstaller":"True","hashMD5":"0e6997b802934c4591ca8cdea8711aa3","hashSHA1":"1bd14bcfce0f401b467293279a0580494fed7c49","hashSHA256":"d007ad0c81d86a8c10f5b2b72e2611c913278d7f5e300ecca632b253cbda9e12","digitalCertThumbprint":"ECC6F37B0A3E986D17C204A95EE21491B5231665","digitalCertIssuer":"CN=Microsoft Marketplace CA G 023, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US","digitalCertIssuedTo":"CN=B6C98289-B62E-4315-9F65-9B59DB0FC5AC","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"159","avBlockList":["360 Total Security (20251230)","Avast Premium Security (20251230)","AVG Internet Security (20251230)","Avira Internet Security (20251230)","FortectPremium (20251230)","K7 Total Security (20251230)","KasperskyPremium (20251230)","Norton Security (20251230)","Panda Dome (20251230)","Quick Heal Internet Security (20251230)","Sophos Home Premium (20251230)","SpyHunter5 (20251230)","Total AV Antivirus Pro (20251230)","Trend Micro Internet Security (20251230)","VirIT eXplorer PRO (20251230)"],"avAllowList":["Bitdefender Internet Security (20251230)","COMODO Antivirus (20251230)","Dr.Web Security Space (20251230)","ESET Internet Security (20251230)","G DATA INTERNET SECURITY (20251230)","Malwarebytes Premium (20251230)","McAfee Total Protection (20251230)","VIPRE Advanced Security (20251230)","Webroot SecureAnywhere (20251230)","Windows Defender (20251230)"]}],"additionalFiles":[],"sources":[{"howFound":"Resource sharing app","reference":"","landingPage":"https://www.mysteriumvpn.com/downloads/vpn-for-windows","ipv4":"","ipv6":"","sourceIndex":"159"}],"sampleFiles":["251003/Mysteriumvpn-251002/221.178/Samples/mysterium_vpn.exe","251003/Mysteriumvpn-251002/221.178/Samples/UABMNTechnologijos.MysteriumVPN_2.2.1.0_x64__ncwhsn0daf7s2.Msix"],"imageFiles":["251003/Mysteriumvpn-251002/221.178/Images/ACR-007/ACR-007_Install_1.png","251003/Mysteriumvpn-251002/221.178/Images/ACR-007/ACR-007_Install_2.png","251003/Mysteriumvpn-251002/221.178/Images/ACR-007/ACR-007_Install_3.png","251003/Mysteriumvpn-251002/221.178/Images/ACR-007/ACR-007_Install_4.png","251003/Mysteriumvpn-251002/221.178/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"0f3cd46f-b453-4dbc-8f70-17c19dc080ff_221.178_1","appID":"Mysteriumvpn-251002","dateAdded":"251003","deceptorType":"App","name":"Mysteriumvpn","company":"MN Intelligence UAB","version":"221.178","lastKnownStatus":"221.178","lastKnownDate":"251003","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-10-11T14:49:43.2853398+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":196},{"violations":{"ACR-042":"1. The app drops a non-trusted self-signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. 2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the non-trusted self-signed Trusted Root Certificate that gets dropped after installation without the consumer's knowledge and consent.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" in EULA\n","ACR-048":"The app does not provide any control to cancel the installation process.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by the addition of the non-trusted self-signed root certificate. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components and the root certificate on the device without the consumer's consent.\n","ACR-119":"The app retains its monetization components after uninstall.\n","ACR-014":"The app misleads the user by stating \"You are not protected!\", while another VPN service is already active and running. \n","ACR-039":"The app installs the \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" components without disclosing the relationship to the app in EULA during installation. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the addition of its non-trusted self-signed Trusted Root Certificate.\n","ACR-123":"The app does not remove its root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"torguard-setup-latest.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"7861ce73ea8cb15c6f96464650b2799c","hashSHA1":"707e0f3b303b0bb9f86058ebbb7f39a1541e2f2e","hashSHA256":"4806f268412208ec817093c4cc0c63674586574c54930f0dab32eaae2b188f3a","digitalCertThumbprint":"35DF777F06BEBBCE7BBFF63D6A21A5463F985E28","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Schäuffelhut Berger GmbH","storeId":"","sourceIndex":"902","avBlockList":["360 Total Security (20230921)","Avira Internet Security (20230921)","K7 Total Security (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)"],"avAllowList":["Avast Premium Security (20230921)","AVG Internet Security (20230921)","Bitdefender Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","Windows Defender (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"Suggestion from AE","reference":"","landingPage":"https://torguard.net/vpn-software.php","directDownloadingLink":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","sourceIndex":"902"}],"sampleFiles":["230907/TorGuard-230907/4.8.22/Samples/torguard-setup-latest.exe"],"imageFiles":["230907/TorGuard-230907/4.8.22/Images/ACR-039/ACR-039.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-039/ACR-039_1.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-039/ACR-039_2.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-039/ACR-039_3.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-043/ACR-043.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-043/ACR-043 (1).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-043/ACR-043 (2).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-043/ACR-043 (3).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-107/ACR-107 (2).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-107/ACR-107 (3).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-107/ACR-107 (1).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-042/ACR-042.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-042/ACR-042 (1).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-042/ACR-042 (2).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-042/ACR-042 (3).JPG","230907/TorGuard-230907/4.8.22/Images/ACR-048/ACR-048.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-007/ACR-007.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-014/ACR-014.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-118/ACR-118.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-118/ACR-118_1.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-118/ACR-118_2.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-119/ACR-119.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-119/ACR-119 (2).JPG"],"nonDeceptorImageFiles":["230907/TorGuard-230907/4.8.22/Images/ACR-045/ACR-045.JPG","230907/TorGuard-230907/4.8.22/Images/ACR-123/ACR-123.JPG"],"guid":"12006127-c4c4-4431-98f2-c6e4e2b9e9e0_4.8.22_1","appID":"TorGuard-230907","dateAdded":"251002","deceptorType":"App","name":"Tor Guard","company":"VPNetwork LLC","version":"4.8.22","lastKnownStatus":"4.8.22;4.8.29","lastKnownDate":"251002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":199},{"violations":{"ACR-042":"1. The app drops a non-trusted self-signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the non-trusted self-signed Trusted Root Certificate that gets dropped after installation without the consumer's knowledge and consent.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" in EULA\n","ACR-048":"The app does not provide any control to cancel the installation process.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by the addition of the non-trusted self-signed root certificate. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components and the root certificate on the device without the consumer's consent.\n","ACR-119":"The app retains its monetization components after uninstall.\n","ACR-014":"The app misleads the user by stating \"You are not protected!\", while another VPN service is already active and running. \n","ACR-039":"The app installs the \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" components without disclosing the relationship to the app in EULA during installation. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the addition of its non-trusted self-signed Trusted Root Certificate.\n","ACR-123":"The app does not remove its root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"torguard-setup-latest.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"5b67f6ed693f933625075a2f7ce12af6","hashSHA1":"862a663c513203c481899d40321feb3b3c40537d","hashSHA256":"f6ac9c9c7ba9f5559bb40fe2df4e91c2c89ebc44c64f3939015c3d661333644e","digitalCertThumbprint":"35DF777F06BEBBCE7BBFF63D6A21A5463F985E28","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Schäuffelhut Berger GmbH","storeId":"","sourceIndex":"791","avBlockList":["360 Total Security (20240222)","Avast Premium Security (20240222)","AVG Internet Security (20240222)","Avira Internet Security (20240222)","K7 Total Security (20240222)","Norton Security (20240222)","Panda Dome (20240222)","Quick Heal Internet Security (20240222)","Sophos Home Premium (20240222)","SpyHunter5 (20240222)","Total AV Antivirus Pro (20240222)","VirIT eXplorer PRO (20240222)","Webroot SecureAnywhere (20240222)","Windows Defender (20240222)"],"avAllowList":["Bitdefender Internet Security (20240222)","COMODO Antivirus (20240222)","Dr.Web Security Space (20240222)","ESET Internet Security (20240222)","G DATA INTERNET SECURITY (20240222)","Kaspersky Internet Security (20240222)","Malwarebytes Premium (20240222)","McAfee Total Protection (20240222)","Trend Micro Internet Security (20240222)","VIPRE Advanced Security (20240222)"]}],"additionalFiles":[],"sources":[{"howFound":"Suggestion from AE","reference":"","landingPage":"https://torguard.net/vpn-software.php","directDownloadingLink":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","sourceIndex":"791"}],"sampleFiles":["230907/TorGuard-230907/4.8.26/Samples/torguard-setup-latest.exe"],"imageFiles":["230907/TorGuard-230907/4.8.26/Images/ACR-039/ACR-039_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-039/ACR-039_Install_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-039/ACR-039_Install_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-039/ACR-039_Install_4.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_4.png","230907/TorGuard-230907/4.8.26/Images/ACR-043/ACR-043_Install_5.png","230907/TorGuard-230907/4.8.26/Images/ACR-107/ACR-107_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-107/ACR-107_Install_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-107/ACR-107_Install_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_4.png","230907/TorGuard-230907/4.8.26/Images/ACR-042/ACR-042_Install_5.png","230907/TorGuard-230907/4.8.26/Images/ACR-048/ACR-048.JPG","230907/TorGuard-230907/4.8.26/Images/ACR-007/ACR-007_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-014/ACR-014.JPG","230907/TorGuard-230907/4.8.26/Images/ACR-118/ACR-118_Uninstall_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-118/ACR-118_Uninstall_2.png","230907/TorGuard-230907/4.8.26/Images/ACR-118/ACR-118_Uninstall_3.png","230907/TorGuard-230907/4.8.26/Images/ACR-119/ACR-119_Uninstall_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-119/ACR-119_Uninstall_2.png"],"nonDeceptorImageFiles":["230907/TorGuard-230907/4.8.26/Images/ACR-045/ACR-045_Install_1.png","230907/TorGuard-230907/4.8.26/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"12006127-c4c4-4431-98f2-c6e4e2b9e9e0_4.8.26_1","appID":"TorGuard-230907","dateAdded":"251002","deceptorType":"App","name":"Tor Guard","company":"VPNetwork LLC","version":"4.8.26","lastKnownStatus":"4.8.22;4.8.29","lastKnownDate":"251002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":198},{"violations":{"ACR-007":"The app does not obtain user explicit consent about reducing the consumer system's security posture caused by sharing the user's internet resource.\n","ACR-084":"The application running in background without notifying user when user close the application.\n"},"nonDeceptorViolations":{"ACR-123":"Application doesn't revert the system setting after its uninstallation completes. And leaves the executables behind and keep running. system.\n"},"samples":[{"isRevoked":"False","fileName":"MystNodesLauncher.msix","isInstaller":"True","hashMD5":"3bc91278eb8dcc823dfe3d7c95e52dfe","hashSHA1":"290db24d732c9f38a6448dddae6cfa27c4664599","hashSHA256":"45af9053d39db04f9a4532687803964e389c06ed1809f81a6f069fab007cae35","digitalCertThumbprint":"60662774BE7872BE10F58E4EA0FC4F97754FEF7B","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@netsys.technology, CN=NetSys Inc, O=NetSys Inc, L=Panama City, S=Panama, C=PA, OID.1.3.6.1.4.1.311.60.2.1.3=PA, SERIALNUMBER=155663282, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"161","avBlockList":["360 Total Security (20251230)","Avast Premium Security (20251230)","AVG Internet Security (20251230)","Avira Internet Security (20251230)","COMODO Antivirus (20251230)","ESET Internet Security (20251230)","FortectPremium (20251230)","K7 Total Security (20251230)","KasperskyPremium (20251230)","Malwarebytes Premium (20251230)","Norton Security (20251230)","Panda Dome (20251230)","Quick Heal Internet Security (20251230)","Sophos Home Premium (20251230)","SpyHunter5 (20251230)","Total AV Antivirus Pro (20251230)","VirIT eXplorer PRO (20251230)","Windows Defender (20251230)"],"avAllowList":["Bitdefender Internet Security (20251230)","Dr.Web Security Space (20251230)","G DATA INTERNET SECURITY (20251230)","McAfee Total Protection (20251230)","Trend Micro Internet Security (20251230)","VIPRE Advanced Security (20251230)","Webroot SecureAnywhere (20251230)"]},{"isRevoked":"False","fileName":"mystnodes_flutter.exe","companyName":"com.mystnodes","productName":"MystNodes Launcher","productVersion":"2.1.0+20","fileVersion":"2.1.0+20","hashMD5":"8b48372096f281f4de161431ec00d1d2","hashSHA1":"ab7a30515cbe97c4979131f8541f7e87dde12dab","hashSHA256":"797553539fdeae14e03b6be355a62832a7046ad9255ffaddddcdf70fdca0fdbc","sourceIndex":"161","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myst-launcher-svc.exe","hashMD5":"d7613440ec7bb3b0f430b1acd54079e3","hashSHA1":"adb025cd435ba98d6b33685095c393bb369f27a4","hashSHA256":"abee7da8a4821cc3bf2aa727974cd42daaec3704cc3010bece5b62d94d6fb44d","sourceIndex":"161","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myst.exe","hashMD5":"a9a798e8130a0c34ae02bc3e9694a4e8","hashSHA1":"6304c0b6d08d01636b5581b454137c2e9aabedc6","hashSHA256":"bd8ba4469218f7ec2be637cf3fdaf510a6ed501a3622f0afb338c19194e70d16","sourceIndex":"161","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myst_supervisor.exe","hashMD5":"50823fd21f7bdf86c122813c1d2e8475","hashSHA1":"6780b606d58f4d9ab510ebb83bd58d746a9100e8","hashSHA256":"7850d9dc641ac0ec4cb88746650355584a292c24da95b712f9ac49067c48d7fd","sourceIndex":"161","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Sharing app ","reference":"","landingPage":"https://www.mysterium.network/","directDownloadingLink":"https://mystnodes.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mystnodes.com/","sourceIndex":"161"}],"sampleFiles":["251002/Mystnode-251002/2.1.0.20/Samples/MystNodesLauncher.msix"],"imageFiles":["251002/Mystnode-251002/2.1.0.20/Images/ACR-007/ACR-007_Install_2.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-007/ACR-007_Install_3.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-007/ACR-007_Install_1.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-084/ACR-084_Software_1.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-084/ACR-084_Software_2.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-084/ACR-084_Software_3.png"],"nonDeceptorImageFiles":["251002/Mystnode-251002/2.1.0.20/Images/ACR-123/ACR-123_Uninstall_1.png","251002/Mystnode-251002/2.1.0.20/Images/ACR-123/ACR-123_Uninstall_2.png"],"guid":"c4a36939-b5a9-41fd-b6a5-ed3b5c51411d_2.1.0.20_1","appID":"Mystnode-251002","dateAdded":"251002","deceptorType":"App","name":"Mystnodes","company":"NetSys Inc","version":"2.1.0.20","lastKnownStatus":"2.1.0.20","lastKnownDate":"251002","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-10-02T22:21:36.851716+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":200},{"violations":{"ACR-042":"1. The app drops a non-trusted self-signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the non-trusted self-signed Trusted Root Certificate that gets dropped after installation without the consumer's knowledge and consent.\n2. The app drops open source components \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" in EULA\n","ACR-048":"The app does not provide any control to cancel the installation process.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by the addition of the non-trusted self-signed root certificate. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components and the root certificate on the device without the consumer's consent.\n","ACR-119":"The app retains its monetization components after uninstall.\n","ACR-039":"The app installs the \"Open VPN\", \"QT5\", \"Tap-Windows\" and \"WireGuard LLC\" components without disclosing the relationship to the app in EULA during installation. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the addition of its non-trusted self-signed Trusted Root Certificate.\n","ACR-123":"The app does not remove its root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"torguard-setup-latest.exe","isInstaller":"True","hashMD5":"1098928feb7f160184fd2f70f930d06f","hashSHA1":"a110476285d55dd9c8c561f7f8cdad6dd1701483","hashSHA256":"70942966913b40fc8fbbb04e71c93f6d2e050f2f74b157fa2a41501faee03586","digitalCertThumbprint":"35DF777F06BEBBCE7BBFF63D6A21A5463F985E28","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Schäuffelhut Berger GmbH, O=Schäuffelhut Berger GmbH, S=Bayern, C=DE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"162","avBlockList":["Avast Premium Security (20251230)","AVG Internet Security (20251230)","Avira Internet Security (20251230)","ESET Internet Security (20251230)","FortectPremium (20251230)","K7 Total Security (20251230)","KasperskyPremium (20251230)","Malwarebytes Premium (20251230)","Norton Security (20251230)","Panda Dome (20251230)","Quick Heal Internet Security (20251230)","Sophos Home Premium (20251230)","SpyHunter5 (20251230)","Total AV Antivirus Pro (20251230)","VirIT eXplorer PRO (20251230)","Webroot SecureAnywhere (20251230)"],"avAllowList":["360 Total Security (20251230)","Bitdefender Internet Security (20251230)","COMODO Antivirus (20251230)","Dr.Web Security Space (20251230)","G DATA INTERNET SECURITY (20251230)","McAfee Total Protection (20251230)","Trend Micro Internet Security (20251230)","VIPRE Advanced Security (20251230)","Windows Defender (20251230)"]}],"additionalFiles":[],"sources":[{"howFound":"Suggestion from AE","reference":"","landingPage":"https://torguard.net/vpn-software.php","directDownloadingLink":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://updates.torguard.biz/Software/Windows/torguard-setup-latest.exe","sourceIndex":"162"}],"sampleFiles":["251002/TorGuard-230907/4.8.29/Samples/torguard-setup-latest.exe"],"imageFiles":["251002/TorGuard-230907/4.8.29/Images/ACR-039/ACR-039_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-039/ACR-039_Install_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-039/ACR-039_Install_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-039/ACR-039_Install_4.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_4.png","251002/TorGuard-230907/4.8.29/Images/ACR-043/ACR-043_Install_5.png","251002/TorGuard-230907/4.8.29/Images/ACR-107/ACR-107_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-107/ACR-107_Install_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-107/ACR-107_Install_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_4.png","251002/TorGuard-230907/4.8.29/Images/ACR-042/ACR-042_Install_5.png","251002/TorGuard-230907/4.8.29/Images/ACR-048/ACR-048.JPG","251002/TorGuard-230907/4.8.29/Images/ACR-007/ACR-007_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-118/ACR-118_Uninstall_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-118/ACR-118_Uninstall_2.png","251002/TorGuard-230907/4.8.29/Images/ACR-118/ACR-118_Uninstall_3.png","251002/TorGuard-230907/4.8.29/Images/ACR-119/ACR-119_Uninstall_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-119/ACR-119_Uninstall_2.png"],"nonDeceptorImageFiles":["251002/TorGuard-230907/4.8.29/Images/ACR-045/ACR-045_Install_1.png","251002/TorGuard-230907/4.8.29/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"12006127-c4c4-4431-98f2-c6e4e2b9e9e0_4.8.29_1","appID":"TorGuard-230907","dateAdded":"251002","deceptorType":"App","name":"Tor Guard","company":"VPNetwork LLC","version":"4.8.29","lastKnownStatus":"4.8.22;4.8.29","lastKnownDate":"251002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,net proxy","lastUpdate":"2025-10-02T18:52:43.2616755+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":197},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"f0fef74c09ffec5195dc5fcf7d6c9c58","hashSHA1":"dec28a2a58f3ebe64881c4d4e14a823fe03f2f03","hashSHA256":"6b761e765e6cafeb600f6e8448a0b90f3dc0d03f3911c3a8d3d07daa4b703174","sourceIndex":"2105","avBlockList":["Avast Security for Mac (20240312)","Avira Security for Mac (20240312)","ESET Cyber Security Pro for Mac (20240312)","Kaspersky Internet Security for Mac (20240312)","Norton Security for Mac (20240312)","Sophos Home Premium For Mac (20240312)","SpyHunterforMac (20240312)","Trend Micro Antivirus for Mac (20240312)"],"avAllowList":["Bitdefender Antivirus for Mac (20240312)","G DATA AntiVirus for Mac (20240312)","K7 Antivirus for Mac (20240312)","McAfee Internet Security for Mac (20240312)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"eaa7ea9bb3f6c403606a28e0e376b847","hashSHA1":"5f4620150f48f25f51aeb244e4760dc045528ff9","hashSHA256":"13b75c90d70be496c788b1bf58f606917fe8038e01bd152c466813c469e50661","sourceIndex":"2105","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2105"}],"sampleFiles":["200924/FireebokPowerSuite-200420/2.5.7/Samples/Mac_PowerSuite.dmg","200924/FireebokPowerSuite-200420/2.5.7/Samples/PowerSuite"],"imageFiles":["200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [1].png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [2] Scanning.png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [3] ScanResult.png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [4] ScanResult.png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-004/Mac_PowerSuite_Interaction [5] Activate.png"],"nonDeceptorImageFiles":["200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-065/Mac_PowerSuite_Install [1].png","200924/FireebokPowerSuite-200420/2.5.7/Images/ACR-065/Mac_PowerSuite_About [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.5.7_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.5.7","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":217},{"violations":{"ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"804d59a578f0650a54e26d6d1d1a030b","hashSHA1":"ee59b7ebfc1c3824c52eaf791f955c51ff71dd07","hashSHA256":"d9565dbf5bde114cf40fb9f81ca141d77e59fc5877764538b636689ce4b4ff93","sourceIndex":"2043","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"9856845cc12e7a9008a50c972bc98e24","hashSHA1":"36ad961b5327d4b6f22f9f16bbf01286e1cbcb45","hashSHA256":"eca0356c4cc3bffd71355eb1c94a041e92ba43d32c6ae565bca780536acac305","sourceIndex":"2043","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2043"}],"sampleFiles":["201117/FireebokPowerSuite-200420/2.5.9/Samples/Mac_PowerSuite.dmg","201117/FireebokPowerSuite-200420/2.5.9/Samples/PowerSuite"],"imageFiles":["201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [1].png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [2] Scanning.png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [3] Results.png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [4] Results.png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_Interactions [6] Register.png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_LandingPage [1].png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_OfferPage [1].png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-004/MacPowerSuite_OfferPage [2].png"],"nonDeceptorImageFiles":["201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-065/MacPowerSuite_Install [1].png","201117/FireebokPowerSuite-200420/2.5.9/Images/ACR-065/MacPowerSuite_About [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.5.9_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.5.9","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":216},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6c923a64df5cb5dcfc1d6ebf7ca2d485d1bdff60306f777b6896ea7dd54dbb92","sourceIndex":"2033","avBlockList":["Avast Security for Mac (20221213)","Avira Security for Mac (20221213)","Bitdefender Antivirus for Mac (20221213)","ESET Cyber Security Pro for Mac (20221213)","G DATA AntiVirus for Mac (20221213)","Norton Security for Mac (20221213)","Sophos Home Premium For Mac (20221213)","Trend Micro Antivirus for Mac (20221213)"],"avAllowList":["K7 Antivirus for Mac (20221213)","Kaspersky Internet Security for Mac (20221213)","McAfee Internet Security for Mac (20221213)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6b350a990bd634a468e7b0c016f248aaf31015cfb84c4e721689f77d31da12ab","sourceIndex":"2033","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2033"}],"sampleFiles":["201207/FireebokPowerSuite-200420/2.6.0/Samples/Mac_PowerSuite.dmg","201207/FireebokPowerSuite-200420/2.6.0/Samples/PowerSuite"],"imageFiles":["201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_Interactions [1].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_Interactions [2].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_Interactions [3].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_Interactions [4].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_LandingPage [1].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_OfferPage [1].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-004/Fireebok PowerSuite_OfferPage [2].png"],"nonDeceptorImageFiles":["201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-065/Fireebok PowerSuite_Install [1].png","201207/FireebokPowerSuite-200420/2.6.0/Images/ACR-065/Fireebok PowerSuite_About [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.6.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.6.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":215},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"05a38a646ae53841591459b2d0ec2c86","hashSHA1":"1133305fc354272effff700621408201cbaaa086","hashSHA256":"a62030c24d7a489e9aab11d65c6e0cb0446bd13d085d0e9f9c69e74691858580","sourceIndex":"1906","avBlockList":["Avast Security for Mac (20230411)","Avira Security for Mac (20230411)","Bitdefender Antivirus for Mac (20230411)","ESET Cyber Security Pro for Mac (20230411)","G DATA AntiVirus for Mac (20230411)","Norton Security for Mac (20230411)","Sophos Home Premium For Mac (20230411)","Trend Micro Antivirus for Mac (20230411)"],"avAllowList":["K7 Antivirus for Mac (20230411)","Kaspersky Internet Security for Mac (20230411)","McAfee Internet Security for Mac (20230411)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"9fd6c36d3f72aae1a733ea172fbfd5b0","hashSHA1":"f9f7aad3122b620b2e6bfa5f22d6798886828b49","hashSHA256":"27a338f239d604d0cb2c9435188666fca938a417680573b67187ecfc6d95334f","sourceIndex":"1906","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Mac_PowerSuite [2].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ee3c6372f54a8ff4f2726043cd64da86","hashSHA1":"6fc77649a532b2761c20b1be3aaf9571c1c6e16d","hashSHA256":"93dacc949ce7961763fe194404c33e6354715745770d4d33370282826a45101e","sourceIndex":"1906","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite [2]","fileVersion":"0.","hashMD5":"ac07ccc213fc4635facbd703587e5591","hashSHA1":"ccea2c763a993c7d30f5fa4a40e1140d52cffc2b","hashSHA256":"6f7ca253fd086761dc8d830e7fca7a55be0c53f3c92cae2fb8d6d613bba2456f","sourceIndex":"1906","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1906"}],"sampleFiles":["210530/FireebokPowerSuite-200420/2.6.1/Samples/Mac_PowerSuite.dmg","210530/FireebokPowerSuite-200420/2.6.1/Samples/PowerSuite","210530/FireebokPowerSuite-200420/2.6.1/Samples/Mac_PowerSuite [2].dmg","210530/FireebokPowerSuite-200420/2.6.1/Samples/PowerSuite [2]"],"imageFiles":["210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_Interactions [2].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_Interactions [3].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_Interactions [4].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_OfferPage [1].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-004/Mac_PowerSuite_OfferPage [2].png"],"nonDeceptorImageFiles":["210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-065/Mac_PowerSuite_Install [1].png","210530/FireebokPowerSuite-200420/2.6.1/Images/ACR-065/Mac_PowerSuite_About [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.6.1_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.6.1","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":214},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5ebd45897d9c5cb78779c856d3a5bb5c","hashSHA1":"5baf141dcc725d0912adf34e29013b88896d3339","hashSHA256":"9be55ff85bcd6cd9d102329fc068f99d6033a3d7b475a3d841a984d73523886d","sourceIndex":"1841","avBlockList":["Avast Security for Mac (20240409)","Avira Security for Mac (20240409)","Bitdefender Antivirus for Mac (20240409)","ESET Cyber Security Pro for Mac (20240409)","G DATA AntiVirus for Mac (20240409)","Kaspersky Internet Security for Mac (20240409)","Norton Security for Mac (20240409)","Sophos Home Premium For Mac (20240409)","SpyHunterforMac (20240409)","Trend Micro Antivirus for Mac (20240409)"],"avAllowList":["K7 Antivirus for Mac (20240409)","McAfee Internet Security for Mac (20240409)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"ca285e0272f64effba615862a1d04eae","hashSHA1":"fd1b432198d160a896918d7e9e3c3939dcbcd114","hashSHA256":"d40d1501815ad1b2f4438d80df8d0a3bfc8052fa7833184a594989cfe48ea11b","sourceIndex":"1841","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1841"}],"sampleFiles":["210726/FireebokPowerSuite-200420/2.6.3/Samples/Mac_PowerSuite.dmg","210726/FireebokPowerSuite-200420/2.6.3/Samples/PowerSuite"],"imageFiles":["210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-004/Fireebok PowerSuite_Interactions [2].png","210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-004/Fireebok PowerSuite_Interactions [3].png","210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-004/Fireebok PowerSuite_Interactions [4].png"],"nonDeceptorImageFiles":["210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-065/Fireebok PowerSuite_Install [1].png","210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-065/Fireebok PowerSuite_About [1].png","210726/FireebokPowerSuite-200420/2.6.3/Images/ACR-167/Fireebok PowerSuite_ Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.6.3_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.6.3","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":213},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d2d63ca551e52df1913014740d11008b","hashSHA1":"df60692e712aa1806659b1ac3fe638bc58135ba2","hashSHA256":"5f4f359ef758608777fd8f7b9426af0ca9700dfaafbeae76ac00a1d453689a83","sourceIndex":"1816","avBlockList":["Avast Security for Mac (20230214)","Avira Security for Mac (20230214)","Bitdefender Antivirus for Mac (20230214)","ESET Cyber Security Pro for Mac (20230214)","G DATA AntiVirus for Mac (20230214)","Norton Security for Mac (20230214)","Sophos Home Premium For Mac (20230214)","Trend Micro Antivirus for Mac (20230214)"],"avAllowList":["K7 Antivirus for Mac (20230214)","Kaspersky Internet Security for Mac (20230214)","McAfee Internet Security for Mac (20230214)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"d491df906afca601e955e4f6bb5dbe8a","hashSHA1":"3b0ce567f739c601ec1922b704532c78409d4f82","hashSHA256":"d7b63ff97d3267ee2ad80ef79d0cbd213ca085753c218769c3369919973d8d09","sourceIndex":"1816","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1816"}],"sampleFiles":["210909/FireebokPowerSuite-200420/2.6.4/Samples/Mac_PowerSuite.dmg","210909/FireebokPowerSuite-200420/2.6.4/Samples/PowerSuite"],"imageFiles":["210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-004/PowerSuite_Interactions [2].png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-004/PowerSuite_Interactions [3].png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-004/PowerSuite_Interactions [4].png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-004/PowerSuite_Interactions [5].png"],"nonDeceptorImageFiles":["210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-065/PowerSuite_Install [1].png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-065/PowerSuite_About [1].png.png","210909/FireebokPowerSuite-200420/2.6.4/Images/ACR-167/Fireebok PowerSuite_ Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.6.4_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.6.4","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":212},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"675a6cdc59c35c788815ba778eb29be3","hashSHA1":"afa7c3f2ecc0a8ddc943accc1b43cca3650d7e35","hashSHA256":"58f7b39a2f7dcdca15f3c4b9b919d7c73af9a7dae9e47ff675aaec66409d5244","sourceIndex":"1779","avBlockList":["Avast Security for Mac (20240611)","Avira Security for Mac (20240611)","Bitdefender Antivirus for Mac (20240611)","ESET Cyber Security Pro for Mac (20240611)","G DATA AntiVirus for Mac (20240611)","Kaspersky Internet Security for Mac (20240611)","Norton Security for Mac (20240611)","Sophos Home Premium For Mac (20240611)","SpyHunterforMac (20240611)","Trend Micro Antivirus for Mac (20240611)"],"avAllowList":["K7 Antivirus for Mac (20240611)","McAfee Internet Security for Mac (20240611)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"5a6fc397e38bf07baa587c9ca918cc12","hashSHA1":"58a308cc6fd144c79b296aed928782138c995392","hashSHA256":"30cc642c67d28093787fa3e43dd5ddde22fc764c865efa092b6505b4afd12a57","sourceIndex":"1779","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg ","sourceIndex":"1779"}],"sampleFiles":["211129/FireebokPowerSuite-200420/2.7.0/Samples/Mac_PowerSuite.dmg","211129/FireebokPowerSuite-200420/2.7.0/Samples/PowerSuite"],"imageFiles":["211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/PowerSuite_Interactions [5].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/Mac_PowerSuite_Interactions [1].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/Mac_PowerSuite_Interactions [2].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/Mac_PowerSuite_Interactions [3].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-004/Mac_PowerSuite_Interactions [4].png"],"nonDeceptorImageFiles":["211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-065/Mac_PowerSuite_Install [1].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-065/Mac_PowerSuite_About [1].png","211129/FireebokPowerSuite-200420/2.7.0/Images/ACR-167/Fireebok PowerSuite_ Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.7.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.7.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":211},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"7ed799b92dea94283f0cd6a3893a9045","hashSHA1":"13037133f127af34f918ba7b35652cd9786a6c43","hashSHA256":"8e76efd97e7f454157076ade997469c46a3b25a970139da820ad98bfdfd193f7","sourceIndex":"1773","avBlockList":["Avast Security for Mac (20240514)","Avira Security for Mac (20240514)","Bitdefender Antivirus for Mac (20240514)","ESET Cyber Security Pro for Mac (20240514)","G DATA AntiVirus for Mac (20240514)","Kaspersky Internet Security for Mac (20240514)","Norton Security for Mac (20240514)","Sophos Home Premium For Mac (20240514)","Trend Micro Antivirus for Mac (20240514)","SpyHunterforMac (20240514)"],"avAllowList":["K7 Antivirus for Mac (20240514)","McAfee Internet Security for Mac (20240514)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"71555914fc88b9302aae322f158c6825","hashSHA1":"b0160f261e8752c411180b6fe70a571277d960e9","hashSHA256":"7101beddc743f6500a409f59eed41db2edf19bcd7da0eb28d9b69ef14b886942","sourceIndex":"1773","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1773"}],"sampleFiles":["211206/FireebokPowerSuite-200420/3.0.0/Samples/Mac_PowerSuite.dmg","211206/FireebokPowerSuite-200420/3.0.0/Samples/PowerSuite"],"imageFiles":["211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-004/PowerSuite_Interactions [1].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-004/PowerSuite_Interactions [3].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-004/PowerSuite_Interactions [4].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-004/PowerSuite_Interactions [5].png"],"nonDeceptorImageFiles":["211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-065/PowerSuite_Install [1].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-065/PowerSuite_About [1].png","211206/FireebokPowerSuite-200420/3.0.0/Images/ACR-167/PowerSuite_Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.0.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.0.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":210},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"989484ca5a0fa7f1056042568eee9a203c4e9a6f97201225e9b21ac8de4153b0","sourceIndex":"2407","avBlockList":["Avast Security for Mac (20220809)","Avira Security for Mac (20220809)","ESET Cyber Security Pro for Mac (20220809)","McAfee Internet Security for Mac (20220809)","Norton Security for Mac (20220809)","Sophos Home Premium For Mac (20220809)","Trend Micro Antivirus for Mac (20220809)"],"avAllowList":["Bitdefender Antivirus for Mac (20220809)","G DATA AntiVirus for Mac (20220809)","K7 Antivirus for Mac (20220809)","Kaspersky Internet Security for Mac (20220809)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"cfa0321e1c5ce73db4326a76a0f9cc45518547e95bb080248f85fb82699235aa","sourceIndex":"2407","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2407"}],"sampleFiles":["200623/FireebokPowerSuite-200420/2.5.5/Samples/Mac_PowerSuite.dmg","200623/FireebokPowerSuite-200420/2.5.5/Samples/PowerSuite"],"imageFiles":["200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_Scanning [4].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_Scanning [5].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_Scanning [6].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_OfferPage [3].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_OfferPage [5].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-004/Fireebok PowerSuite_OfferPage [1].png"],"nonDeceptorImageFiles":["200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-065/Fireebok PowerSuite_Install [1].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-065/Fireebok PowerSuite_About [1].png","200623/FireebokPowerSuite-200420/2.5.5/Images/ACR-065/Fireebok PowerSuite_Interaction [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.5.5_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.5.5","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":218},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ca02fd9b39ac732dbfbac79e0c6e8894","hashSHA1":"4fe9f32c732f5856c09b66a38b190a5246a05c4e","hashSHA256":"2f40072564daebf957691fa0b6f6d5b552ab93b757bf56995e7ab192890c7e86","sourceIndex":"1618","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"d4b415da37c3aaf51c941e8da3dca891","hashSHA1":"915da4888fbe5200676dd7dff99e6c529bab110f","hashSHA256":"f787f9915e3d1bf9c6d8c6074d11b59f9d64ab639c84cdd4c7d1328ff97c9a1d","sourceIndex":"1618","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1618"}],"sampleFiles":["220510/FireebokPowerSuite-200420/3.1.1/Samples/Mac_PowerSuite.dmg","220510/FireebokPowerSuite-200420/3.1.1/Samples/PowerSuite"],"imageFiles":["220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-004/Fireebok PowerSuite_Interactions [3].png","220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-004/Fireebok PowerSuite_Interactions [4].png","220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-004/Fireebok PowerSuite_Interactions [5].png"],"nonDeceptorImageFiles":["220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-065/Fireebok PowerSuite_Install [1].png","220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-065/Fireebok PowerSuite_About [1].png","220510/FireebokPowerSuite-200420/3.1.1/Images/ACR-167/Fireebok PowerSuite_Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.1.1_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.1.1","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":209},{"violations":{"ACR-004":"While the app can show scan results in its trial version, it does not provide any free fixes for the results shown. In order to perform a clean, user must enter a license key or buy a license first.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"7dcb3b04ee378d7eeb3291e89a6f7126","hashSHA1":"cb19e954d1577a0b4138ab6b569f7f0f4f35ba52","hashSHA256":"11bd4fc9fe62d237026bec10e79cb3605f31dc199cca9347b3b1aa0f7be6e902","sourceIndex":"1265","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"a7742214406129bd42a93a188aa5fed1","hashSHA1":"a99a57c80b2641f0d5871868e3598caed6ed4e64","hashSHA256":"55008e274c9790cc445c2433e06c2fd5eb047643f082845ee3aac954ed95e8db","sourceIndex":"1265","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searching for cleaner apps via download sites","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1265"}],"sampleFiles":["221222/FireebokPowerSuite-200420/3.2.5/Samples/Mac_PowerSuite.dmg","221222/FireebokPowerSuite-200420/3.2.5/Samples/PowerSuite"],"imageFiles":["221222/FireebokPowerSuite-200420/3.2.5/Images/ACR-004/ACR004-1.png","221222/FireebokPowerSuite-200420/3.2.5/Images/ACR-004/ACR004-2.png","221222/FireebokPowerSuite-200420/3.2.5/Images/ACR-004/ACR004.mp4"],"nonDeceptorImageFiles":[],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.2.5_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.2.5","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:46.5160196+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":207},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ed2200e7e2354cf27cde487331fcfc97","hashSHA1":"b6961415d12709e2041117e8b6a549b376931ac3","hashSHA256":"93208042be7efa8ff023f7e9adedcc73c542b886ebd1bdee406a0db2e723a7c2","sourceIndex":"739","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"0a7e7d3f3ac28afe0876f10741e759de","hashSHA1":"85f90f478d08dc9677cd2de391ec4edc3884a158","hashSHA256":"3547bdcf19756359bfd8d3d516c1ad8206a46e54d518d7d315df1cbf392c28f4","sourceIndex":"739","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"739"}],"sampleFiles":["240205/FireebokPowerSuite-200420/3.3.2/Samples/Mac_PowerSuite.dmg","240205/FireebokPowerSuite-200420/3.3.2/Samples/PowerSuite"],"imageFiles":["240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-004/App1.png","240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-004/app2.png","240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-004/app3.png"],"nonDeceptorImageFiles":["240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-065/install.png","240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-065/About.png","240205/FireebokPowerSuite-200420/3.3.2/Images/ACR-167/Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.2_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.2","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:29.8476715+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":206},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"cbe159587ee8d71f46bfec26a6fa75a7","hashSHA1":"30e7a44c1396d443f2d0193086de63386bf55dd2","hashSHA256":"fda9d1adae38c7d14f0a7166891c5c94252f8265d7de7235bdde3cbb1a3ea029","sourceIndex":"612","avBlockList":["Avast Security for Mac (20240910)","Avira Security for Mac (20240910)","Bitdefender Antivirus for Mac (20240910)","ESET Cyber Security Pro for Mac (20240910)","G DATA AntiVirus for Mac (20240910)","Kaspersky Internet Security for Mac (20240910)","Norton Security for Mac (20240910)","Sophos Home Premium For Mac (20240910)","SpyHunterforMac (20240910)","Trend Micro Antivirus for Mac (20240910)"],"avAllowList":["K7 Antivirus for Mac (20240910)","McAfee Internet Security for Mac (20240910)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"dd83f57bd7baa858d7c12bda4ac23de4","hashSHA1":"756c37b8d8eb56b34acaee9c26da4d23d0fecdc2","hashSHA256":"7457cb3f99465092276c87eccde5efea7ebd797bb309fd1081518701d62ba7fd","sourceIndex":"612","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"612"}],"sampleFiles":["240703/FireebokPowerSuite-200420/3.3.4/Samples/Mac_PowerSuite.dmg","240703/FireebokPowerSuite-200420/3.3.4/Samples/PowerSuite"],"imageFiles":["240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-004/App2.png","240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-004/App3.png","240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-004/App4.png"],"nonDeceptorImageFiles":["240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-065/Install.png","240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-065/About.png","240703/FireebokPowerSuite-200420/3.3.4/Images/ACR-167/Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.4_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.4","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:25.7291623+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":205},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"b5a1c2369eb95866454d0bbc101c467d","hashSHA1":"6fa49fe3dcc0e8b870a2dd7ccba9c27a56fd364c","hashSHA256":"0ee7f9252e14e734fcd4565f073a6f2fb31329d44595ed6b8e8b52900f928d9a","sourceIndex":"346","avBlockList":["Avast Security for Mac (20241210)","Avira Security for Mac (20241210)","Bitdefender Antivirus for Mac (20241210)","ESET Cyber Security Pro for Mac (20241210)","G DATA AntiVirus for Mac (20241210)","Kaspersky Internet Security for Mac (20241210)","Norton Security for Mac (20241210)","Sophos Home Premium For Mac (20241210)","SpyHunterforMac (20241210)","Trend Micro Antivirus for Mac (20241210)"],"avAllowList":["K7 Antivirus for Mac (20241210)","McAfee Internet Security for Mac (20241210)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"78779e7285e4a7d785c4ab0d099ca9e6","hashSHA1":"99b73f975134bc19e27a51f23aa38f77cbd4e69b","hashSHA256":"4e1d2d1a967bd905b6dd4e73d4dd99cdd6cad6d27993f129b3e1fae215f225a1","sourceIndex":"346","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"346"}],"sampleFiles":["241121/FireebokPowerSuite-200420/3.3.5/Samples/Mac_PowerSuite.dmg","241121/FireebokPowerSuite-200420/3.3.5/Samples/PowerSuite"],"imageFiles":["241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-004/App3.png","241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-004/App4.png","241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-004/App5.png"],"nonDeceptorImageFiles":["241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-065/Install1.png","241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-065/App1.png","241121/FireebokPowerSuite-200420/3.3.5/Images/ACR-167/refundpolicy_7days.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.5_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.5","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:18.0759025+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":204},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"be3d95f700f337ed2d2fceb4ea31507c","hashSHA1":"4b89545c95e5fde5fc2bbe228b11a968e952582e","hashSHA256":"2687c5368b7ef36ee45ca68135cf6ce0cb709c98ac280d9fcbde19c9606c296f","sourceIndex":"254","avBlockList":["Avast Security for Mac (20250311)","Avira Security for Mac (20250311)","Bitdefender Antivirus for Mac (20250311)","ESET Cyber Security Pro for Mac (20250311)","G DATA AntiVirus for Mac (20250311)","Kaspersky Internet Security for Mac (20250311)","McAfee Internet Security for Mac (20250311)","Norton Security for Mac (20250311)","Sophos Home Premium For Mac (20250311)","SpyHunterforMac (20250311)","Trend Micro Antivirus for Mac (20250311)"],"avAllowList":["K7 Antivirus for Mac (20250311)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"1f81a651e331d0522f11b1d07f130f32","hashSHA1":"98eaf431911de4a09f42cc4d61c12e52ba83ad9b","hashSHA256":"a95df09cb56da7ce35e51515f62dd143fb1ddf193dfb8e1afa2f66b782730b4c","sourceIndex":"254","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"254"}],"sampleFiles":["250103/FireebokPowerSuite-200420/3.3.7/Samples/Mac_PowerSuite.dmg","250103/FireebokPowerSuite-200420/3.3.7/Samples/PowerSuite"],"imageFiles":["250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-004/app3.png","250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-004/app4.png","250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-004/app5.png"],"nonDeceptorImageFiles":["250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-065/install1.png","250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-065/app2.png","250103/FireebokPowerSuite-200420/3.3.7/Images/ACR-167/RefundPolicy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.7_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.7","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:15.0022708+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":203},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"58c9008a4579e102167546920d9c0e58","hashSHA1":"28f1d93cd9d6fbe16d183d127ccbbc0764502f39","hashSHA256":"e23958971d445f0eb3940942b96fd0c38b772e955e3ef43670e975337534ab3c","sourceIndex":"212","avBlockList":["Avast Security for Mac (20250708)","Avira Security for Mac (20250708)","ESET Cyber Security Pro for Mac (20250708)","Kaspersky Internet Security for Mac (20250708)","Norton Security for Mac (20250708)","Sophos Home Premium For Mac (20250708)","SpyHunterforMac (20250708)","Trend Micro Antivirus for Mac (20250708)"],"avAllowList":["Bitdefender Antivirus for Mac (20250708)","G DATA AntiVirus for Mac (20250708)","K7 Antivirus for Mac (20250708)","McAfee Internet Security for Mac (20250708)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"15c073ec2e7e0d603458ef8551f679dc","hashSHA1":"e9eb1f1e369c46707289c1621e5ab8b058761ddc","hashSHA256":"6a1e53539fa2f9a376f72e1256392ad68df13d32c5ea332e70ee79965806b97b","sourceIndex":"212","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"212"}],"sampleFiles":["250507/FireebokPowerSuite-200420/3.3.9/Samples/Mac_PowerSuite.dmg","250507/FireebokPowerSuite-200420/3.3.9/Samples/PowerSuite"],"imageFiles":["250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-004/app4.png","250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-004/app5.png","250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-004/app6.png"],"nonDeceptorImageFiles":["250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-065/install.png","250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-065/app1.png","250507/FireebokPowerSuite-200420/3.3.9/Images/ACR-167/Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.3.9_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.3.9","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:13.6640738+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":202},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","hashMD5":"1f2371701ccfceb60e59fb5d91f1ca6a","hashSHA1":"050ce4ca11e374a923fd3c320c98e6f1de533b78","hashSHA256":"108a1bf004af58149c9f258165de3c8f119772e65fbe0abc5a06cd8787edab66","sourceIndex":"164","avBlockList":["Avast Security for Mac (20251113)","Avira Security for Mac (20251113)","ESET Cyber Security Pro for Mac (20251113)","Kaspersky Internet Security for Mac (20251113)","McAfee Internet Security for Mac (20251113)","Norton Security for Mac (20251113)","Sophos Home Premium For Mac (20251113)","SpyHunterforMac (20251113)","Trend Micro Antivirus for Mac (20251113)"],"avAllowList":["Bitdefender Antivirus for Mac (20251113)","G DATA AntiVirus for Mac (20251113)","K7 Antivirus for Mac (20251113)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"10.13.0","hashMD5":"4656156c8d36d4f1b67b36a59d83d08a","hashSHA1":"c5163952a0c8340766bfc36f755a543ff11b5c90","hashSHA256":"85c5ece6f4a3d4ed8a66eeb0634b049934749fe5c40753cf1764a19eb701a04f","sourceIndex":"164","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"164"}],"sampleFiles":["251001/FireebokPowerSuite-200420/3.4.0/Samples/Mac_PowerSuite.dmg","251001/FireebokPowerSuite-200420/3.4.0/Samples/PowerSuite"],"imageFiles":["251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-004/app3.png","251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-004/app4.png","251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-004/app5.png"],"nonDeceptorImageFiles":["251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-065/install.png","251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-065/app1.png","251001/FireebokPowerSuite-200420/3.4.0/Images/ACR-167/Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.4.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.4.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:12.0007367+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":201},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the Terms of Service or EULA, Returns and Cancellation Policy, or Privacy Policy in the software\n","ACR-167":"The app only provides a 7-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"bf9e64bd48c48a68ebbd3a75af6f9b3c","hashSHA1":"f33a971bb377d299e6b5e296dc34256fb3ace548","hashSHA256":"1ef261e8514beba2fd5e6bbb2e9a5ef22f0a01f09884612565c8cd5ee09eb6bd","sourceIndex":"1428","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"23bdb58b63ab6a726738c29adc36b156","hashSHA1":"77f88a0f2c3f4892eba5c9f701b30b4bd1c5c0f0","hashSHA256":"cb939611426817e8723e365af8422b015ef7eadfb06b51955598a4ed0cd4c727","sourceIndex":"1428","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"1428"}],"sampleFiles":["220908/FireebokPowerSuite-200420/3.2.0/Samples/Mac_PowerSuite.dmg","220908/FireebokPowerSuite-200420/3.2.0/Samples/PowerSuite"],"imageFiles":["220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-004/Mac_PowerSuite_Interactions [1].png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-004/Mac_PowerSuite_Interactions [2].png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-004/Mac_PowerSuite_Interactions [3].png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-004/Mac_PowerSuite_Interactions [4].png"],"nonDeceptorImageFiles":["220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-065/Mac_PowerSuite_Install.png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-065/Mac_PowerSuite_About [1].png","220908/FireebokPowerSuite-200420/3.2.0/Images/ACR-167/Mac_PowerSuite_Refund Policy.png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_3.2.0_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"3.2.0","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":208},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, Returns and Cancellation Policy or the Privacy Policy.\nThe app does not disclose EULA, Privacy policy and Refund policy in the software. \n"},"samples":[{"isRevoked":"False","fileName":"Mac_PowerSuite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2ebf1efee89d60a8700b1a640afa44df","hashSHA1":"a7f0218aa2b3e5039f3a84e71d4bf16ce1fd1452","hashSHA256":"9238586907477109a042470dcd561537ad6e53b62709467cd992c12c6d4e619e","sourceIndex":"2494","avBlockList":["Avast Security for Mac (20240813)","Avira Security for Mac (20240813)","Bitdefender Antivirus for Mac (20240813)","ESET Cyber Security Pro for Mac (20240813)","G DATA AntiVirus for Mac (20240813)","Kaspersky Internet Security for Mac (20240813)","McAfee Internet Security for Mac (20240813)","Norton Security for Mac (20240813)","Sophos Home Premium For Mac (20240813)","Trend Micro Antivirus for Mac (20240813)","SpyHunterforMac (20240813)"],"avAllowList":["K7 Antivirus for Mac (20240813)"]},{"isRevoked":"False","fileName":"PowerSuite","fileVersion":"0.","hashMD5":"29e9146cda7dc6932695499a0a490edc","hashSHA1":"6047e8906537ff1f34ceccc4b5cce147485e83c4","hashSHA256":"8b4f94b1946bcc0e596a5f6d91121a77536bec893651d708a40e882b3845b7b8","sourceIndex":"2494","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"clean up and optimize mac app download\"","reference":"https://www.fireebok.com","landingPage":"https://www.fireebok.com/mac-powersuite.html","directDownloadingLink":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fireebok.com/product/Mac_PowerSuite.dmg","sourceIndex":"2494"}],"sampleFiles":["200422/FireebokPowerSuite-200420/2.5.4/Samples/Mac_PowerSuite.dmg","200422/FireebokPowerSuite-200420/2.5.4/Samples/PowerSuite"],"imageFiles":["200422/FireebokPowerSuite-200420/2.5.4/Images/ACR-004/MacPowerSuite_Scan [7].png","200422/FireebokPowerSuite-200420/2.5.4/Images/ACR-004/MacPowerSuite_Scan [8] Register.png"],"nonDeceptorImageFiles":["200422/FireebokPowerSuite-200420/2.5.4/Images/ACR-065/MacPowerSuite_Installs [1].png","200422/FireebokPowerSuite-200420/2.5.4/Images/ACR-065/MacPowerSuite_Scan [1].png"],"guid":"15e233d7-5a50-43c6-8c25-b291ab0658b0_2.5.4_1","appID":"FireebokPowerSuite-200420","dateAdded":"251001","deceptorType":"MacOS App","name":"Fireebok PowerSuite ","company":"Fireebok Studio","version":"2.5.4","sigName":"Deceptor:MacOS/FireebokPowerSuite!004","lastKnownStatus":"2.5.4;2.5.5;2.5.7;2.5.9;2.6.0;2.6.1;2.6.3;2.6.4;2.7.0;3.0.0;3.1.1;3.2.0;3.2.5;3.3.2;3.3.4;3.3.5;3.3.7;3.3.9;3.4.0","lastKnownDate":"251001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":19,"sortOrder":219},{"violations":{"ACR-048":"Pressing the X button causes the app to hide, rather than close, and it provides no notification to the user that it is still running in the background.\n","ACR-007":"Does not inform user about the reduction in security associated with the resource borrowing.\n","ACR-084":"1. App creates startup process and provides no control to the user to disable it.\n2. App provides option to hide the fact that it is running while resource borrowing is taking place.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Earn.FM%20Setup.exe","isInstaller":"True","companyName":"/                                                           ","fileVersion":"0.0","hashMD5":"12a278decdd92aa80b5d1a958148eedd","hashSHA1":"e633dec992f3a244a164db8e763b8fdf2c827ab1","hashSHA256":"2c041b5a9fc9f488637aa6310713329598edc1efd73072be650d80f86a6c1bd0","digitalCertThumbprint":"9721B8E9C4B029ACD781ED07B5C5C50979A8C8E9","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=TeraShift GmbH, O=TeraShift GmbH, L=Appenzell, S=Appenzell Innerrhoden, C=CH","sourceIndex":"239","avBlockList":["360 Total Security (20250429)","Avast Premium Security (20250429)","AVG Internet Security (20250429)","Avira Internet Security (20250429)","Bitdefender Internet Security (20250429)","ESET Internet Security (20250429)","FortectPremium (20250429)","G DATA INTERNET SECURITY (20250429)","K7 Total Security (20250429)","KasperskyPremium (20250429)","Malwarebytes Premium (20250429)","McAfee Total Protection (20250429)","Panda Dome (20250429)","Quick Heal Internet Security (20250429)","Sophos Home Premium (20250429)","SpyHunter5 (20250429)","Total AV Antivirus Pro (20250429)","VIPRE Advanced Security (20250429)","VirIT eXplorer PRO (20250429)","Webroot SecureAnywhere (20250429)","Norton Security (20250429)"],"avAllowList":["COMODO Antivirus (20250429)","Dr.Web Security Space (20250429)","Trend Micro Internet Security (20250429)","Windows Defender (20250429)"]},{"isRevoked":"False","fileName":"Earn.FM.exe","companyName":"com.earn_fm.app","fileVersion":"1.0","hashMD5":"31f9054e295843d7956901c2df093186","hashSHA1":"f4f16cf59fb998c3f15128be22d41b5044a7c10d","hashSHA256":"f843076a525c411889b35c5f8314a9da20af56d21bbe37634d1162bccd92d132","sourceIndex":"239","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Residential Proxy","reference":"","landingPage":"https://earn.fm/en/download","directDownloadingLink":"https://cdn.earn.fm/builds/windows/Earn.FM%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.earn.fm/builds/windows/Earn.FM%20Setup.exe","sourceIndex":"239"}],"sampleFiles":["250130/Earnfm-250130/1.0.91 61/Samples/Earn.FM%20Setup.exe","250130/Earnfm-250130/1.0.91 61/Samples/Earn.FM.exe"],"imageFiles":["250130/Earnfm-250130/1.0.91 61/Images/ACR-007/DownloadPage.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-007/InstallFlow1.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-007/InstallFlow2.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-007/InstallFlow3.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-084/Startup.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-084/showhide.png","250130/Earnfm-250130/1.0.91 61/Images/ACR-048/showhide.png"],"nonDeceptorImageFiles":[],"guid":"363a0fa4-cb1d-47e4-b778-2ed5ca9aa14c_1.0.91 61_1","appID":"Earnfm-250130","dateAdded":"250926","deceptorType":"App","name":"earn.fm","company":"TeraShift GmbH","version":"1.0.91 61","lastKnownStatus":"1.0.91 61;1.1.0","lastKnownDate":"250926","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2025-09-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":221},{"violations":{"ACR-048":"Pressing the X button causes the app to hide, rather than close, and it provides no notification to the user that it is still running in the background.\n","ACR-007":"Does not inform user about the reduction in security associated with the resource borrowing.\n","ACR-084":"1. App creates startup process and provides no control to the user to disable it.\n2. App provides option to hide the fact that it is running while resource borrowing is taking place.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Earn.FM%20Setup.exe","isInstaller":"True","companyName":"/                                                           ","productName":"Earn.FM","productVersion":"1.1.0+62","hashMD5":"091e6fd69a995414a19f33ad5f036820","hashSHA1":"a74ec95817d850a1ba761f0e95fe729f002a26b8","hashSHA256":"cfa9cea01a11a48b41e44f7f350f9113b033418dfa8f139b9e0235b3ad797cb6","digitalCertThumbprint":"9721B8E9C4B029ACD781ED07B5C5C50979A8C8E9","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=TeraShift GmbH, O=TeraShift GmbH, L=Appenzell, S=Appenzell Innerrhoden, C=CH","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"165","avBlockList":["360 Total Security (20251218)","Avast Premium Security (20251218)","AVG Internet Security (20251218)","Avira Internet Security (20251218)","ESET Internet Security (20251218)","FortectPremium (20251218)","K7 Total Security (20251218)","KasperskyPremium (20251218)","Malwarebytes Premium (20251218)","McAfee Total Protection (20251218)","Norton Security (20251218)","Panda Dome (20251218)","Quick Heal Internet Security (20251218)","Sophos Home Premium (20251218)","SpyHunter5 (20251218)","Total AV Antivirus Pro (20251218)","VirIT eXplorer PRO (20251218)","Webroot SecureAnywhere (20251218)","Windows Defender (20251218)"],"avAllowList":["Bitdefender Internet Security (20251218)","COMODO Antivirus (20251218)","Dr.Web Security Space (20251218)","G DATA INTERNET SECURITY (20251218)","Trend Micro Internet Security (20251218)","VIPRE Advanced Security (20251218)"]},{"isRevoked":"False","fileName":"Earn.FM.exe","companyName":"com.earn_fm.app","productName":"EarnFM","productVersion":"1.1.0+62","fileVersion":"1.1.0+62","hashMD5":"7fe1ec70feece3f0b86fd733fdd78b8d","hashSHA1":"e1a5d1fd633c72fb6328d99a5f4037b0d4776316","hashSHA256":"03696d34c360aaafcfda2983c6b529064fed37009984f0aabcfda7ac35db0056","sourceIndex":"165","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Residential Proxy","reference":"","landingPage":"https://earn.fm/en/download","directDownloadingLink":"https://cdn.earn.fm/builds/windows/Earn.FM%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.earn.fm/builds/windows/Earn.FM%20Setup.exe","sourceIndex":"165"}],"sampleFiles":["250926/Earnfm-250130/1.1.0/Samples/Earn.FM%20Setup.exe"],"imageFiles":["250926/Earnfm-250130/1.1.0/Images/ACR-007/DownloadPage.png","250926/Earnfm-250130/1.1.0/Images/ACR-007/ACR-007_Install_1.png","250926/Earnfm-250130/1.1.0/Images/ACR-007/ACR-007_Install_2.png","250926/Earnfm-250130/1.1.0/Images/ACR-007/ACR-007_Install_3.png","250926/Earnfm-250130/1.1.0/Images/ACR-084/Startup.png","250926/Earnfm-250130/1.1.0/Images/ACR-084/showhide.png","250926/Earnfm-250130/1.1.0/Images/ACR-048/showhide.png"],"nonDeceptorImageFiles":[],"guid":"363a0fa4-cb1d-47e4-b778-2ed5ca9aa14c_1.1.0_1","appID":"Earnfm-250130","dateAdded":"250926","deceptorType":"App","name":"earn.fm","company":"TeraShift GmbH","version":"1.1.0","lastKnownStatus":"1.0.91 61;1.1.0","lastKnownDate":"250926","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2025-09-26T19:28:18.8336727+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":220},{"violations":{"ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed.\n","ACR-013":"1.Application requires user to make decision about offer before it launches. User is interrupted by non-consented offers to silently install unrelated software.\n2. User is interrupted by non-consented offers during installing DLL.\n","ACR-060":"The offer is misleading. It is presented from DLLHelper, instead of from ProxymaData\n","ACR-118":"ProxymaData is not removed after DLLHelper being uninstalled completely.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"The offer is not presented with clear decline/accept option.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"file-helper-install__25.exe","isInstaller":"True","productName":"DllHelper","productVersion":"4.3.0.0","fileVersion":"4.3.0.0","hashMD5":"66178570bea8c50b1609f133d07539f0","hashSHA1":"4a8d15f36b54c2a90d4bf25fc4006b0dbf0e74e1","hashSHA256":"6905ef2a6381f7d7c8de0f729ec4116316d322bd2f6e957202d20da5fd21a755","digitalCertThumbprint":"07B323EF14822FF1C5DACA8AC98C8EFCD6720C22","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"per Dolomanovskiy, 70D 1(10 etazh)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"163","avBlockList":["360 Total Security (20251218)","Avast Premium Security (20251218)","AVG Internet Security (20251218)","Avira Internet Security (20251218)","Bitdefender Internet Security (20251218)","COMODO Antivirus (20251218)","Dr.Web Security Space (20251218)","ESET Internet Security (20251218)","FortectPremium (20251218)","G DATA INTERNET SECURITY (20251218)","K7 Total Security (20251218)","KasperskyPremium (20251218)","Malwarebytes Premium (20251218)","McAfee Total Protection (20251218)","Norton Security (20251218)","Panda Dome (20251218)","Quick Heal Internet Security (20251218)","Sophos Home Premium (20251218)","SpyHunter5 (20251218)","Total AV Antivirus Pro (20251218)","VIPRE Advanced Security (20251218)","VirIT eXplorer PRO (20251218)","Webroot SecureAnywhere (20251218)","Windows Defender (20251218)"],"avAllowList":["Trend Micro Internet Security (20251218)"]},{"isRevoked":"False","fileName":"DllHelper.exe","companyName":"ROSTPAY LTD","productName":"DllHelper","productVersion":"1.1.1.1712","fileVersion":"1.1.1.1712","hashMD5":"e2f5769e9864f99b6f44f992f989d0f7","hashSHA1":"1500840d23eed845baacf0150ed12325733f1df0","hashSHA256":"2a92df45780f19c24263bb214f3fb19e2928a804032639245b009b8b7a4b32b1","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"163","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.dllhelper.net/","directDownloadingLink":"https://www.dllhelper.net/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllhelper.net/download/init","sourceIndex":"163"}],"sampleFiles":["250925/DLLHelper-230508/4.3.0.0/Samples/file-helper-install__25.exe"],"imageFiles":["250925/DLLHelper-230508/4.3.0.0/Images/ACR-013/ACR-013_Install_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-013/ACR-013_Install_2.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-013/ACR-013_Install_3.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-048/ACR-048_Software_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-006/ACR-006_Software_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-118/ACR-118_Uninstall_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-057/ACR-057_Inline offers_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-055/ACR-055_Inline offers_1.png","250925/DLLHelper-230508/4.3.0.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"4b62ff50-e0a6-4caf-b259-0adb50def0f2_4.3.0.0_1","appID":"DLLHelper-230508","dateAdded":"250925","deceptorType":"App","name":"DLL Helper","company":"ROSTPAY LTD","version":"4.3.0.0","firstResolvedVersion":"","lastKnownStatus":"3.0.13;3.1.0;4.2.0.0;4.3.0.0","lastKnownDate":"250925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers,net proxy","lastUpdate":"2025-10-01T16:44:32.6406777+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":222},{"violations":{"ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed.\n","ACR-013":"1.Application requires user to make decision about offer before it launches. User is interrupted by non-consented offers to silently install unrelated software.\n2. User is interrupted by non-consented offers during installing DLL.\n","ACR-060":"The offer is misleading. It is presented from DLLHelper, instead of from ProxymaData\n","ACR-118":"ProxymaData is not removed after DLLHelper being uninstalled completely.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"The offer is not presented with clear decline/accept option.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"file-helper-install__25.exe","isInstaller":"True","productName":"DllHelper","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"87442c5b64b17c7008023ce3d84a3d45","hashSHA1":"72dc3999566ce58e6f9a7e70cfa074d6443f7239","hashSHA256":"8cda245b620f22dd14894e5a1c8e24fcbc297418ae0ed22f6a1ba331699d6191","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"181","avBlockList":["Avast Premium Security (20250925)","AVG Internet Security (20250925)","Avira Internet Security (20250925)","Bitdefender Internet Security (20250925)","COMODO Antivirus (20250925)","Dr.Web Security Space (20250925)","ESET Internet Security (20250925)","FortectPremium (20250916)","G DATA INTERNET SECURITY (20250925)","K7 Total Security (20250925)","KasperskyPremium (20250925)","Malwarebytes Premium (20250925)","McAfee Total Protection (20250925)","Norton Security (20250925)","Panda Dome (20250925)","Quick Heal Internet Security (20250925)","Sophos Home Premium (20250925)","SpyHunter5 (20250925)","Total AV Antivirus Pro (20250925)","VIPRE Advanced Security (20250925)","VirIT eXplorer PRO (20250925)","Webroot SecureAnywhere (20250925)","Windows Defender (20250925)"],"avAllowList":["360 Total Security (20250925)","Trend Micro Internet Security (20250925)"]},{"isRevoked":"False","fileName":"DllHelper.exe","companyName":"ROSTPAY LTD","productName":"DllHelper","productVersion":"1.1.1.1712","fileVersion":"1.1.1.1712","hashMD5":"e2f5769e9864f99b6f44f992f989d0f7","hashSHA1":"1500840d23eed845baacf0150ed12325733f1df0","hashSHA256":"2a92df45780f19c24263bb214f3fb19e2928a804032639245b009b8b7a4b32b1","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"181","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DllHelperUninstaller.exe","productName":"DllHelper","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"71fb7b74aa00b57e5c12d734eb0ae24a","hashSHA1":"141db8cb7ce9d6f778d36d40e17f5d704afc1a1f","hashSHA256":"869fa4625e181c0932849d7cb044250c37cda45cf4c34f719a7de555247cf852","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"181","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4.0.0","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"181","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"8568211dd3ebd8f4e25d24cdbf865256","hashSHA1":"241ca16436067c67993bdf059bd63a19f22bd2a3","hashSHA256":"942e7f147ffca11881d5c1fb464bd77a195f68b9ea99b35de4e43a23a274d259","sourceIndex":"181","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.dllhelper.net/","directDownloadingLink":"https://www.dllhelper.net/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllhelper.net/download/init","sourceIndex":"181"}],"sampleFiles":["250729/DLLHelper-230508/4.2.0.0/Samples/file-helper-install__25.exe"],"imageFiles":["250729/DLLHelper-230508/4.2.0.0/Images/ACR-013/ACR-013_Install_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-013/ACR-013_Install_2.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-013/ACR-013_Install_3.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-048/ACR-048_Software_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-006/ACR-006_Software_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-118/ACR-118_Uninstall_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-057/ACR-057_Inline offers_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-055/ACR-055_Inline offers_1.png","250729/DLLHelper-230508/4.2.0.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"4b62ff50-e0a6-4caf-b259-0adb50def0f2_4.2.0.0_1","appID":"DLLHelper-230508","dateAdded":"250925","deceptorType":"App","name":"DLL Helper","company":"ROSTPAY LTD","version":"4.2.0.0","firstResolvedVersion":"","lastKnownStatus":"3.0.13;3.1.0;4.2.0.0;4.3.0.0","lastKnownDate":"250925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers,net proxy","lastUpdate":"2025-09-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":223},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer providers \"https://www.az-partners.net/\"  and  \"http://perr.l-err.biz/\"  before obtaining user consent or notifying what data gets transmitted to these websites. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"dll-helper-install__25.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"1411c43c926a3e5c6aa0f9236e248fbd","hashSHA1":"b790480b9e1fc976c7d6dc28c5211dc39455573c","hashSHA256":"7094d246667d3956e23a1d36186418e826f221dc92e50480fa39ec18bd432f36","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LTD, O=ROSTPAY LTD, STREET=\"Dolomanovsky lane, 70D 1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"911","avBlockList":["360 Total Security (20250731)","Avast Premium Security (20250731)","AVG Internet Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","Dr.Web Security Space (20250731)","ESET Internet Security (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","Malwarebytes Premium (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)","FortectPremium (20250731)"],"avAllowList":["Avira Internet Security (20250731)","Kaspersky Internet Security (20230727)","McAfee Total Protection (20250731)","Norton Security (20250731)","Total AV Antivirus Pro (20250731)","Trend Micro Internet Security (20250731)","Windows Defender (20250731)","KasperskyPremium (20250731)"]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.dllhelper.net/","directDownloadingLink":"https://www.dllhelper.net/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllhelper.net/download/init","sourceIndex":"911"}],"sampleFiles":["230713/DLLHelper-230508/3.1.0/Samples/dll-helper-install__25.exe"],"imageFiles":["230713/DLLHelper-230508/3.1.0/Images/ACR-042/ACR-042.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-042/ACR-042_1.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-013/ACR-013.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-013/ACR-013_1.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-060/ACR-060.JPG","230713/DLLHelper-230508/3.1.0/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"4b62ff50-e0a6-4caf-b259-0adb50def0f2_3.1.0_1","appID":"DLLHelper-230508","dateAdded":"250925","deceptorType":"App","name":"DLL Helper","company":"ROSTPAY LTD","version":"3.1.0","firstResolvedVersion":"","lastKnownStatus":"3.0.13;3.1.0;4.2.0.0;4.3.0.0","lastKnownDate":"250925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-09-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":224},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer providers \"https://www.az-partners.net/\"  and  \"http://perr.l-err.biz/\"  before obtaining user consent or notifying what data gets transmitted to these websites. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DllHelper\\DllHelper.exe","companyName":"ROSTPAY LTD","productName":"DllHelper","productVersion":"1.1.1.1712","fileVersion":"1.1.1.1712","hashMD5":"aa58d377046000b69cb011c5bd8151da","hashSHA1":"d861ebbe1f5d340492161ca02944bbc010699875","hashSHA256":"bb65faa286abcecd0b5c326460d5a631378ce41526f274f0ccf7a3a128d32745","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"977","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dll-helper-install__25.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"DllHelper","productVersion":"3.0.13","fileVersion":"3.0.13","hashMD5":"0c377f4796c821ea562dc7a566ef9e44","hashSHA1":"354035d288f5954703c5ddf76ebad3dabcf62950","hashSHA256":"4dddf8474d4e3ccf7bb08559559b1aa58305be8f98e5183c134413718cdcd7f0","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"977","avBlockList":["Avast Premium Security (20230815)","AVG Internet Security (20230815)","Avira Internet Security (20230815)","COMODO Antivirus (20230815)","Dr.Web Security Space (20230815)","ESET Internet Security (20230815)","K7 Total Security (20230815)","Malwarebytes Premium (20230815)","Norton Security (20230815)","Panda Dome (20230815)","Quick Heal Internet Security (20230815)","Sophos Home Premium (20230815)","SpyHunter5 (20230815)","Total AV Antivirus Pro (20230815)","VirIT eXplorer PRO (20230815)","Webroot SecureAnywhere (20230815)"],"avAllowList":["360 Total Security (20230815)","Bitdefender Internet Security (20230815)","G DATA INTERNET SECURITY (20230815)","Kaspersky Internet Security (20230815)","McAfee Total Protection (20230815)","Trend Micro Internet Security (20230815)","VIPRE Advanced Security (20230815)","Windows Defender (20230815)"]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.dllhelper.net/","directDownloadingLink":"https://www.dllhelper.net/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllhelper.net/download/init","sourceIndex":"977"}],"sampleFiles":["230713/DLLHelper-230508/3.0.13/Samples/dll-helper-install__25.exe"],"imageFiles":["230713/DLLHelper-230508/3.0.13/Images/ACR-042/ACR-042.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-042/ACR-042_1.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-013/ACR-013.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-013/ACR-013_1.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-060/ACR-060.JPG","230713/DLLHelper-230508/3.0.13/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"4b62ff50-e0a6-4caf-b259-0adb50def0f2_3.0.13_1","appID":"DLLHelper-230508","dateAdded":"250925","deceptorType":"App","name":"DLL Helper","company":"ROSTPAY LTD","version":"3.0.13","firstResolvedVersion":"","lastKnownStatus":"3.0.13;3.1.0;4.2.0.0;4.3.0.0","lastKnownDate":"250925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-09-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":225},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.42.0","fileVersion":"1.1.42","hashMD5":"b5df23dd83ff31f9e6c88fb9aefb99a3","hashSHA1":"2b1bf1ad1ff396ccb5f8bfd99ae9eeddd8c7ffa1","hashSHA256":"d04b2e92cc9387fa217fcafd1d2653cfa3a41f3dbf2a72aab928edff02733dee","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"893","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.42.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.42","fileVersion":"1.1.42","hashMD5":"fb2537c27d116830d064e3997b941503","hashSHA1":"1bca82f486b6b856541bf6e1a666f39e80d089d3","hashSHA256":"7708209a1e52e04f1d0f2f895af01d9b273bf49f5e9e6d57bfd2700fd7f414b3","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"893","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.42.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.42.exe","sourceIndex":"893"}],"sampleFiles":["230925/Repocket-230208/1.1.42/Samples/Repocket Setup 1.1.42.exe"],"imageFiles":["230925/Repocket-230208/1.1.42/Images/ACR-043/ACR-043.PNG","230925/Repocket-230208/1.1.42/Images/ACR-043/ACR-043_1.PNG","230925/Repocket-230208/1.1.42/Images/ACR-107/ACR-107.PNG","230925/Repocket-230208/1.1.42/Images/ACR-048/ACR-048.PNG","230925/Repocket-230208/1.1.42/Images/ACR-084/ACR-084.PNG","230925/Repocket-230208/1.1.42/Images/ACR-084/ACR-084_1.PNG","230925/Repocket-230208/1.1.42/Images/ACR-007/ACR-007.PNG","230925/Repocket-230208/1.1.42/Images/ACR-118/ACR-118.PNG","230925/Repocket-230208/1.1.42/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["230925/Repocket-230208/1.1.42/Images/ACR-040/ACR-040.PNG","230925/Repocket-230208/1.1.42/Images/ACR-123/ACR-123.PNG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.42_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.42","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":230},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about 3rd party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for all the executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.34.0","fileVersion":"1.1.34","hashMD5":"dc5b57635cbdfc49290f5a3d6572ded7","hashSHA1":"b169580360a055decc1f4bc7837d209299aa429e","hashSHA256":"c6596b04426529576306cf7c3888bc460908f21f2d26956e52223e141110d8d8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1052","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.34.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.34","fileVersion":"1.1.34","hashMD5":"15ce72f70c26f4299de93b70420f4062","hashSHA1":"acd639c0cf0b59eb0dfcb44c4cfcd9859c175029","hashSHA256":"5efa70a9818b0806e534d0132c235f5da8011f5c33f5b5f15d3d3fa4a3213ff9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1052","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","ESET Internet Security (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":["Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","G DATA INTERNET SECURITY (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.34.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.34.exe","sourceIndex":"1052"}],"sampleFiles":["230609/Repocket-230208/1.1.34/Samples/Repocket Setup 1.1.34.exe"],"imageFiles":["230609/Repocket-230208/1.1.34/Images/ACR-043/ACR-043.JPG","230609/Repocket-230208/1.1.34/Images/ACR-043/ACR-043_1.JPG","230609/Repocket-230208/1.1.34/Images/ACR-107/ACR-107.JPG","230609/Repocket-230208/1.1.34/Images/ACR-048/ACR-048.JPG","230609/Repocket-230208/1.1.34/Images/ACR-084/ACR-084.JPG","230609/Repocket-230208/1.1.34/Images/ACR-084/ACR-084_1.JPG","230609/Repocket-230208/1.1.34/Images/ACR-007/ACR-007.JPG","230609/Repocket-230208/1.1.34/Images/ACR-118/ACR-118.JPG","230609/Repocket-230208/1.1.34/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230609/Repocket-230208/1.1.34/Images/ACR-040/ACR-040.JPG","230609/Repocket-230208/1.1.34/Images/ACR-092/ACR-092.JPG","230609/Repocket-230208/1.1.34/Images/ACR-092/ACR-092_1.JPG","230609/Repocket-230208/1.1.34/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.34_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.34","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":235},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for its executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.36.0","fileVersion":"1.1.36","hashMD5":"63c27a1cd194590db636ea5160b18821","hashSHA1":"822c525da41fd8663a917ae0bb0465387e9705cd","hashSHA256":"cc075d8eff75b1270f0d247714c53ff30461e5537c5abb589b07598bd64ca4e9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1046","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.36.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.36","fileVersion":"1.1.36","hashMD5":"43df8956b5249ba889c9526a908832be","hashSHA1":"d52aa564fe681ad2f08454462e6843b1878f9a2e","hashSHA256":"50e1baccff248e1dea93de71fed2418a381f26ab1a6c932fbcd3d210408d32e3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1046","avBlockList":["360 Total Security (20240125)","Avast Premium Security (20240125)","AVG Internet Security (20240125)","Avira Internet Security (20240125)","ESET Internet Security (20240125)","K7 Total Security (20240125)","Kaspersky Internet Security (20240125)","Malwarebytes Premium (20240125)","McAfee Total Protection (20240125)","Norton Security (20240125)","Panda Dome (20240125)","Sophos Home Premium (20240125)","SpyHunter5 (20240125)","Total AV Antivirus Pro (20240125)","VirIT eXplorer PRO (20240125)","Webroot SecureAnywhere (20240125)","Windows Defender (20240125)"],"avAllowList":["Bitdefender Internet Security (20240125)","COMODO Antivirus (20240125)","Dr.Web Security Space (20240125)","G DATA INTERNET SECURITY (20240125)","Quick Heal Internet Security (20240125)","Trend Micro Internet Security (20240125)","VIPRE Advanced Security (20240125)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.36.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.36.exe","sourceIndex":"1046"}],"sampleFiles":["230615/Repocket-230208/1.1.36/Samples/Repocket Setup 1.1.36.exe"],"imageFiles":["230615/Repocket-230208/1.1.36/Images/ACR-043/ACR-043.JPG","230615/Repocket-230208/1.1.36/Images/ACR-043/ACR-043_1.JPG","230615/Repocket-230208/1.1.36/Images/ACR-107/ACR-107.JPG","230615/Repocket-230208/1.1.36/Images/ACR-048/ACR-048.JPG","230615/Repocket-230208/1.1.36/Images/ACR-084/ACR-084.JPG","230615/Repocket-230208/1.1.36/Images/ACR-084/ACR-084_1.JPG","230615/Repocket-230208/1.1.36/Images/ACR-007/ACR-007.JPG","230615/Repocket-230208/1.1.36/Images/ACR-118/ACR-118.JPG","230615/Repocket-230208/1.1.36/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230615/Repocket-230208/1.1.36/Images/ACR-040/ACR-040.JPG","230615/Repocket-230208/1.1.36/Images/ACR-092/ACR-092.JPG","230615/Repocket-230208/1.1.36/Images/ACR-092/ACR-092_1.JPG","230615/Repocket-230208/1.1.36/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.36_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.36","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":234},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for its executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.38.0","fileVersion":"1.1.38","hashMD5":"69ffa29bf8177fc06ba0987fa78e2e9e","hashSHA1":"e7f68031a18db622af1c4ea2bcf433874d8ec890","hashSHA256":"9e9122c316a0202fb4f1343ab1c266f35e722a7a746e1a231d6b113333ee89c5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"984","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.38.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.38","fileVersion":"1.1.38","hashMD5":"713ac54029d8c25df912eae27cf50d4b","hashSHA1":"5136b7c7366ba31f400e603b151b0808800723e6","hashSHA256":"88d4417f07b77009c2750677b38b3bed3963ad4a486b674fd33ee5b096a1d140","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"984","avBlockList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","ESET Internet Security (20240806)","K7 Total Security (20240806)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","Windows Defender (20240806)","FortectPremium (20240806)","KasperskyPremium (20240806)"],"avAllowList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","G DATA INTERNET SECURITY (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.38.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.38.exe","sourceIndex":"984"}],"sampleFiles":["230712/Repocket-230208/1.1.38/Samples/Repocket Setup 1.1.38.exe"],"imageFiles":["230712/Repocket-230208/1.1.38/Images/ACR-043/ACR-043.JPG","230712/Repocket-230208/1.1.38/Images/ACR-043/ACR-043_1.JPG","230712/Repocket-230208/1.1.38/Images/ACR-107/ACR-107.JPG","230712/Repocket-230208/1.1.38/Images/ACR-048/ACR-048.JPG","230712/Repocket-230208/1.1.38/Images/ACR-084/ACR-084.JPG","230712/Repocket-230208/1.1.38/Images/ACR-084/ACR-084_1.JPG","230712/Repocket-230208/1.1.38/Images/ACR-007/ACR-007.JPG","230712/Repocket-230208/1.1.38/Images/ACR-118/ACR-118.JPG","230712/Repocket-230208/1.1.38/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230712/Repocket-230208/1.1.38/Images/ACR-040/ACR-040.JPG","230712/Repocket-230208/1.1.38/Images/ACR-092/ACR-092.JPG","230712/Repocket-230208/1.1.38/Images/ACR-092/ACR-092_1.JPG","230712/Repocket-230208/1.1.38/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.38_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.38","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":233},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for its executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.37.0","fileVersion":"1.1.37","hashMD5":"09f00723855c626be0ddcbe8c7d087bf","hashSHA1":"597ee4338236d71b8597fc1509050f068afae0b6","hashSHA256":"ee8f9f1b6ecf34f912586b4eb74f0c6e3f581db90561e7264c7b43d8fbae2002","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"983","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.37.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.37","fileVersion":"1.1.37","hashMD5":"efa198d91cf67a9873d94263aa5f3ff0","hashSHA1":"54f223322e0b0d49e358b7b3963bb7da609f6a72","hashSHA256":"fffc12e2825af399a88396198f0d4a68253ce20db2a6d0965f1069c9149d79df","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"983","avBlockList":["360 Total Security (20230803)","Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","ESET Internet Security (20230803)","K7 Total Security (20230803)","Kaspersky Internet Security (20230803)","McAfee Total Protection (20230803)","Norton Security (20230803)","Panda Dome (20230803)","Quick Heal Internet Security (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","Total AV Antivirus Pro (20230803)","VirIT eXplorer PRO (20230803)","Webroot SecureAnywhere (20230803)"],"avAllowList":["Bitdefender Internet Security (20230803)","COMODO Antivirus (20230803)","Dr.Web Security Space (20230803)","G DATA INTERNET SECURITY (20230803)","Malwarebytes Premium (20230803)","Trend Micro Internet Security (20230803)","VIPRE Advanced Security (20230803)","Windows Defender (20230803)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.37.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.37.exe","sourceIndex":"983"}],"sampleFiles":["230712/Repocket-230208/1.1.37/Samples/Repocket Setup 1.1.37.exe"],"imageFiles":["230712/Repocket-230208/1.1.37/Images/ACR-043/ACR-043.JPG","230712/Repocket-230208/1.1.37/Images/ACR-043/ACR-043_1.JPG","230712/Repocket-230208/1.1.37/Images/ACR-107/ACR-107.JPG","230712/Repocket-230208/1.1.37/Images/ACR-048/ACR-048_Install.JPG","230712/Repocket-230208/1.1.37/Images/ACR-084/ACR-084.JPG","230712/Repocket-230208/1.1.37/Images/ACR-084/ACR-084_1.JPG","230712/Repocket-230208/1.1.37/Images/ACR-007/ACR-007.JPG","230712/Repocket-230208/1.1.37/Images/ACR-118/ACR-118.JPG","230712/Repocket-230208/1.1.37/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230712/Repocket-230208/1.1.37/Images/ACR-040/ACR-040.JPG","230712/Repocket-230208/1.1.37/Images/ACR-092/ACR-092.JPG","230712/Repocket-230208/1.1.37/Images/ACR-092/ACR-092_1.JPG","230712/Repocket-230208/1.1.37/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.37_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.37","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":232},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.40.0","fileVersion":"1.1.40","hashMD5":"f19bbf77c8e7f0606795f197902534c4","hashSHA1":"129a0132116bfdb1ebcf1a1bd7f27351e9219348","hashSHA256":"de7417537a107681a47b81623456fcdc5858534f1bff2d5392494c77e45a1d41","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"918","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.40.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.40","fileVersion":"1.1.40","hashMD5":"d78490560aafad51829cfa87eb5d7bb6","hashSHA1":"0a5e1706b61b07d849ea78a48d756159719e1780","hashSHA256":"041120b87a58c71989466ebf6f1658cd9d77a4630ff6547e3ec79a0272180bef","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"918","avBlockList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","ESET Internet Security (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["Dr.Web Security Space (20230919)","G DATA INTERNET SECURITY (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Windows Defender (20230919)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.40.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/Repocket%20Setup%201.1.40.exe","sourceIndex":"918"}],"sampleFiles":["230818/Repocket-230208/1.1.40/Samples/Repocket Setup 1.1.40.exe"],"imageFiles":["230818/Repocket-230208/1.1.40/Images/ACR-043/ACR-043.PNG","230818/Repocket-230208/1.1.40/Images/ACR-043/ACR-043_1.PNG","230818/Repocket-230208/1.1.40/Images/ACR-107/ACR-107.PNG","230818/Repocket-230208/1.1.40/Images/ACR-048/ACR-048.PNG","230818/Repocket-230208/1.1.40/Images/ACR-084/ACR-084.PNG","230818/Repocket-230208/1.1.40/Images/ACR-084/ACR-084_1.PNG","230818/Repocket-230208/1.1.40/Images/ACR-007/ACR-007.JPG","230818/Repocket-230208/1.1.40/Images/ACR-118/ACR-118.PNG","230818/Repocket-230208/1.1.40/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["230818/Repocket-230208/1.1.40/Images/ACR-040/ACR-040.PNG","230818/Repocket-230208/1.1.40/Images/ACR-123/ACR-123.PNG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.40_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.40","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":231},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\\repocket.exe","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.2.1.0","fileVersion":"1.2.1","hashMD5":"7e2e389071c63c04abb101087bf768a6","hashSHA1":"a000e0f511619d76cd06f58ca050473ee607e716","hashSHA256":"892e8396b7d010dfa9c6852019c23ee361939a93fc61b4abfbbd7f6ced0f9e2b","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"771","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"repocket-1.2.1-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.2.1","fileVersion":"1.2.1","hashMD5":"d92286f7275b1692b9360f05a0113cff","hashSHA1":"e5c78f914e09a3107a9447005cd43ab63365bb23","hashSHA256":"5ba6c4735eddf4913b1e7d4169c2688a8aac11f7aea88a3d88e78d39d10a02cd","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"771","avBlockList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","COMODO Antivirus (20240227)","ESET Internet Security (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","McAfee Total Protection (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)","Windows Defender (20240227)"],"avAllowList":["Bitdefender Internet Security (20240227)","Dr.Web Security Space (20240227)","G DATA INTERNET SECURITY (20240227)","Malwarebytes Premium (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/1.2.1/repocket-1.2.1-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/1.2.1/repocket-1.2.1-setup.exe","sourceIndex":"771"}],"sampleFiles":["240105/Repocket-230208/1.2.1/Samples/repocket-1.2.1-setup.exe"],"imageFiles":["240105/Repocket-230208/1.2.1/Images/ACR-043/ACR-043.PNG","240105/Repocket-230208/1.2.1/Images/ACR-043/ACR-043_1.PNG","240105/Repocket-230208/1.2.1/Images/ACR-107/ACR-107.PNG","240105/Repocket-230208/1.2.1/Images/ACR-048/ACR-048.PNG","240105/Repocket-230208/1.2.1/Images/ACR-084/ACR-084.PNG","240105/Repocket-230208/1.2.1/Images/ACR-007/ACR-007.PNG","240105/Repocket-230208/1.2.1/Images/ACR-118/ACR-118.PNG","240105/Repocket-230208/1.2.1/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["240105/Repocket-230208/1.2.1/Images/ACR-040/ACR-040.PNG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.2.1_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.2.1","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":229},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about 3rd party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\".\n","ACR-092":"The app does not provide a digital signature for all the executables.\n","ACR-123":"The apps do not remove their startup item even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket-desktop\\Repocket.exe","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.13.0","fileVersion":"1.1.13","hashMD5":"2f577a55466fa7152a9ee8a89c17c751","hashSHA1":"5f5a588af59a438f6e4bf6d22e24c727abaf5473","hashSHA256":"f899998c8243f95ffb744df8450ea2c17bdc35e7630912914017e3358be338bb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1205","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Repocket Setup 1.1.10.exe","isInstaller":"True","companyName":"Repocket","productName":"Repocket","productVersion":"1.1.10","fileVersion":"1.1.10","hashMD5":"d197cc9ee404e9cad006b455469a7644","hashSHA1":"092ef7636fd1186a53a9a0e5bdce97f4daa4230b","hashSHA256":"12e0b17a2a7571311d3b99d84c75fb93b50fd0a1939f76e6bd596ced8b1ba072","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1205","avBlockList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20240808)","McAfee Total Protection (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","Windows Defender (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["Bitdefender Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"System borrowing app","reference":"","landingPage":"https://repocket.co/download/","ipv4":"","ipv6":"","sourceIndex":"1205"}],"sampleFiles":["230222/Repocket-230208/1.1.10/Samples/Repocket Setup 1.1.10.exe"],"imageFiles":["230222/Repocket-230208/1.1.10/Images/ACR-043/ACR-043.JPG","230222/Repocket-230208/1.1.10/Images/ACR-043/ACR-043_1.JPG","230222/Repocket-230208/1.1.10/Images/ACR-107/ACR-107.JPG","230222/Repocket-230208/1.1.10/Images/ACR-048/ACR-048.JPG","230222/Repocket-230208/1.1.10/Images/ACR-084/ACR-084.JPG","230222/Repocket-230208/1.1.10/Images/ACR-084/ACR-084_1.JPG","230222/Repocket-230208/1.1.10/Images/ACR-007/ACR-007.JPG","230222/Repocket-230208/1.1.10/Images/ACR-118/ACR-118.JPG","230222/Repocket-230208/1.1.10/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230222/Repocket-230208/1.1.10/Images/ACR-040/ACR-040.JPG","230222/Repocket-230208/1.1.10/Images/ACR-092/ACR-092.JPG","230222/Repocket-230208/1.1.10/Images/ACR-123/ACR-123.JPG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.1.10_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.1.10","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":236},{"violations":{"ACR-043":"1. Third-party component 'FFmpeg' gets dropped without any disclosure.\n2. The \"Repocket\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not disclose relevant license information about third party component 'FFmpeg' installed\n","ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing the user's internet resource.\n","ACR-084":"The processes related to repocket keep running in the background despite disabling the \"Sharing Internet\" option, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\\repocket.exe","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.2.2.0","fileVersion":"1.2.2","hashMD5":"fe9089a318d0a722cbf7d9ad152aa008","hashSHA1":"b69f3cfc894858356191f20070a4c72da3eb1b00","hashSHA256":"c63d70c8b4fe37408f5ddb25219cf8630beea2aecf4ecc1cca6c660dc81faacf","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"738","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"repocket-1.2.2-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.2.2","fileVersion":"1.2.2","hashMD5":"f9ef2d1143db1f068f0c4590387803f5","hashSHA1":"471d49e1c4c2f9e5acef34219c1da055191ec87f","hashSHA256":"a10f1fda937ae652afb410a2caea8387457242977d8cee30fb6582a779806769","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Geonode Pte Ltd","storeId":"","sourceIndex":"738","avBlockList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","ESET Internet Security (20240307)","K7 Total Security (20240307)","Kaspersky Internet Security (20240307)","McAfee Total Protection (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Quick Heal Internet Security (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)","Windows Defender (20240307)"],"avAllowList":["Bitdefender Internet Security (20240307)","COMODO Antivirus (20240307)","Dr.Web Security Space (20240307)","G DATA INTERNET SECURITY (20240307)","Malwarebytes Premium (20240307)","Trend Micro Internet Security (20240307)","VIPRE Advanced Security (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.co/","directDownloadingLink":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/1.2.2/repocket-1.2.2-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket-production.s3.fr-par.scw.cloud/repocket-desktop/updates/1.2.2/repocket-1.2.2-setup.exe","sourceIndex":"738"}],"sampleFiles":["240205/Repocket-230208/1.2.2/Samples/repocket-1.2.2-setup.exe"],"imageFiles":["240205/Repocket-230208/1.2.2/Images/ACR-043/ACR-043.PNG","240205/Repocket-230208/1.2.2/Images/ACR-043/ACR-043_1.PNG","240205/Repocket-230208/1.2.2/Images/ACR-107/ACR-107.PNG","240205/Repocket-230208/1.2.2/Images/ACR-048/ACR-048.PNG","240205/Repocket-230208/1.2.2/Images/ACR-084/ACR-084.PNG","240205/Repocket-230208/1.2.2/Images/ACR-007/ACR-007.PNG","240205/Repocket-230208/1.2.2/Images/ACR-118/ACR-118.PNG","240205/Repocket-230208/1.2.2/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["240205/Repocket-230208/1.2.2/Images/ACR-040/ACR-040.PNG"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.2.2_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.2.2","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":228},{"violations":{"ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent (accept/decline) which reduces the consumer's security posture caused by sharing the user's internet resource. \n","ACR-084":"When application minimizes to systray, the processes related to repocket keep running in the background with sharing Internet enabled, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\" &C:\\Users\\User\\AppData\\Roaming\\repocket\"\n"},"samples":[{"isRevoked":"False","fileName":"repocket-1.2.7-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","fileVersion":"1.2","hashMD5":"518a4c0356281525fc139f2bf275615c","hashSHA1":"072ef6d3c127744d155840257f053ddf86d3aa41","hashSHA256":"fc80e01d2654b60c6986234a12d5fadde80b40034c6d352de1445997bd839e31","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"605","avBlockList":["Avast Premium Security (20240827)","AVG Internet Security (20240827)","Avira Internet Security (20240827)","ESET Internet Security (20240827)","FortectPremium (20240827)","K7 Total Security (20240827)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240827)","McAfee Total Protection (20240827)","Norton Security (20240827)","Panda Dome (20240827)","Quick Heal Internet Security (20240827)","Sophos Home Premium (20240827)","SpyHunter5 (20240827)","Total AV Antivirus Pro (20240827)","VirIT eXplorer PRO (20240827)","Webroot SecureAnywhere (20240827)","Windows Defender (20240827)","KasperskyPremium (20240827)"],"avAllowList":["360 Total Security (20240827)","Bitdefender Internet Security (20240827)","COMODO Antivirus (20240827)","Dr.Web Security Space (20240827)","G DATA INTERNET SECURITY (20240827)","Trend Micro Internet Security (20240827)","VIPRE Advanced Security (20240827)"]},{"isRevoked":"False","fileName":"repocket.exe","companyName":"Geonode Pte Ltd","fileVersion":"1.2","hashMD5":"d17c0fa86ef478849e6442dec85f2fdd","hashSHA1":"578e8a93387d5e4dcbe1ba1027f2d6616103320a","hashSHA256":"3dfaea68ff12ed78315196b491ca41675438710ea55383f681a6a9e8d8430fe4","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"605","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"repocket-1.2.7-setup_71024.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","fileVersion":"1.2","hashMD5":"04ed1a873229e274376afbce435a648e","hashSHA1":"dfd724a6cde5f848396ccd2c6b2a120f91e67d31","hashSHA256":"c279d7ebf811c9ff2a647e016dceada9450d8cb402ff55181649a2688a8e2f84","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"605","avBlockList":["360 Total Security (20240905)","Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","K7 Total Security (20240905)","KasperskyPremium (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Quick Heal Internet Security (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)"],"avAllowList":["Bitdefender Internet Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","G DATA INTERNET SECURITY (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)","Windows Defender (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://repocket.com/","directDownloadingLink":"https://repocket.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repocket.com/download","sourceIndex":"605"}],"sampleFiles":["240710/Repocket-230208/1.2.7/Samples/repocket-1.2.7-setup.exe","240710/Repocket-230208/1.2.7/Samples/repocket.exe","240710/Repocket-230208/1.2.7/Samples/repocket-1.2.7-setup_71024.exe"],"imageFiles":["240710/Repocket-230208/1.2.7/Images/ACR-048/ACR-048.PNG","240710/Repocket-230208/1.2.7/Images/ACR-084/ACR-084.PNG","240710/Repocket-230208/1.2.7/Images/ACR-007/ACR-007.PNG","240710/Repocket-230208/1.2.7/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["240710/Repocket-230208/1.2.7/Images/ACR-040/ACR-040_Install_1.png","240710/Repocket-230208/1.2.7/Images/ACR-040/ACR-040_Install_2.png"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.2.7_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.2.7","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":227},{"violations":{"ACR-048":" The app does not provide any control to cancel the installation process. \n","ACR-007":"The app does not obtain user explicit consent (accept/decline) which reduces the consumer's security posture caused by sharing the user's internet resource. \n","ACR-084":"When application minimizes to systray, the processes related to repocket keep running in the background with sharing Internet enabled, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\repocket\" &C:\\Users\\User\\AppData\\Roaming\\repocket\"\n"},"samples":[{"isRevoked":"False","fileName":"repocket-1.3.6-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.3.6","fileVersion":"1.3.6","hashMD5":"33828223bb8206ec3188dee17f9c7fa3","hashSHA1":"278659950228c3a8108ff73bc7f98954e9617b5c","hashSHA256":"a831ce111d3fb106a289d68a74aad5594f5a6177aadf7d54ad7aa8ea139df52f","digitalCertThumbprint":"10A8138A5B407266C80FDFE56436F0E45485E0C2","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=SG, OID.2.5.4.15=Private Organization, CN=Geonode Pte Ltd, SERIALNUMBER=202105609Z, O=Geonode Pte Ltd, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"166","avBlockList":["360 Total Security (20251216)","Avast Premium Security (20251216)","AVG Internet Security (20251216)","Avira Internet Security (20251216)","FortectPremium (20251216)","K7 Total Security (20251216)","KasperskyPremium (20251216)","Malwarebytes Premium (20251216)","McAfee Total Protection (20251216)","Norton Security (20251216)","Panda Dome (20251216)","Quick Heal Internet Security (20251216)","Sophos Home Premium (20251216)","SpyHunter5 (20251216)","Total AV Antivirus Pro (20251216)","VirIT eXplorer PRO (20251216)","Webroot SecureAnywhere (20251216)","Windows Defender (20251216)"],"avAllowList":["Bitdefender Internet Security (20251216)","COMODO Antivirus (20251216)","Dr.Web Security Space (20251216)","ESET Internet Security (20251216)","G DATA INTERNET SECURITY (20251216)","Trend Micro Internet Security (20251216)","VIPRE Advanced Security (20251216)"]},{"isRevoked":"False","fileName":"repocket.exe","companyName":"Geonode Pte Ltd","productName":"Repocket","productVersion":"1.3.6.0","fileVersion":"1.3.6","hashMD5":"1506087036699e5c7c98833a66f44924","hashSHA1":"267d5acc69dff7297577d53535e437a618dc0f25","hashSHA256":"46e807a126f77831bb4fba5c2720c60405c18eddcd094a5e5f1ba561c3f6b2d5","digitalCertThumbprint":"10A8138A5B407266C80FDFE56436F0E45485E0C2","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=SG, OID.2.5.4.15=Private Organization, CN=Geonode Pte Ltd, SERIALNUMBER=202105609Z, O=Geonode Pte Ltd, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"166","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"System borrowing app","reference":"","landingPage":"https://repocket.co/download/","ipv4":"","ipv6":"","sourceIndex":"166"}],"sampleFiles":["250917/Repocket-230208/1.3.6/Samples/repocket-1.3.6-setup.exe"],"imageFiles":["250917/Repocket-230208/1.3.6/Images/ACR-048/ACR-048.PNG","250917/Repocket-230208/1.3.6/Images/ACR-084/ACR-084_Software_1.png","250917/Repocket-230208/1.3.6/Images/ACR-007/ACR-007_Software_1.png","250917/Repocket-230208/1.3.6/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["250917/Repocket-230208/1.3.6/Images/ACR-040/ACR-040_Install_1.png","250917/Repocket-230208/1.3.6/Images/ACR-040/ACR-040_Install_2.png"],"guid":"b29f1f4e-7c57-4887-a52e-9e34d40337a4_1.3.6_1","appID":"Repocket-230208","dateAdded":"250917","deceptorType":"App","name":"Repocket","company":"Repocket","version":"1.3.6","lastKnownStatus":"1.1.10;1.1.34;1.1.36;1.1.37;1.1.38;1.1.40;1.1.42;1.2.1;1.2.2;1.2.7;1.3.6","lastKnownDate":"250917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2025-09-18T01:19:48.28884+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":11,"sortOrder":226},{"violations":{"ACR-004":"The issues (15 trackers and 16.43MB of  Junk) reported during free scan are not substantiated.\n\n","ACR-014":"Application exaggerates sense of urgency by using the alarming red color and graphs, misleads user with unfair claims. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TotalPCScanSetup.exe","isInstaller":"True","companyName":"Total PC Scan","productName":"TotalPCScan","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"4bd612265474b18eaac28245a82d3d59","hashSHA1":"fe6514f68d156eb23c6e2f85af2290e756601c19","hashSHA256":"2a9ec7d951161ee62a71efa7874cea5152168824781aa708620167677683c760","digitalCertThumbprint":"3896D6087FD43B7FBB3701E573F5C6FCD8CAA4B9","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ninja Development Service LLC, O=Ninja Development Service LLC, S=Pennsylvania, C=US","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"167","avBlockList":["360 Total Security (20251204)","Bitdefender Internet Security (20251204)","COMODO Antivirus (20251204)","ESET Internet Security (20251204)","G DATA INTERNET SECURITY (20251204)","K7 Total Security (20251204)","KasperskyPremium (20251204)","Malwarebytes Premium (20251204)","Panda Dome (20251204)","Sophos Home Premium (20251204)","SpyHunter5 (20251204)","VIPRE Advanced Security (20251204)","VirIT eXplorer PRO (20251204)","Webroot SecureAnywhere (20251204)"],"avAllowList":["Avast Premium Security (20251204)","AVG Internet Security (20251204)","Avira Internet Security (20251204)","Dr.Web Security Space (20251204)","FortectPremium (20251204)","McAfee Total Protection (20251204)","Norton Security (20251204)","Quick Heal Internet Security (20251204)","Total AV Antivirus Pro (20251204)","Trend Micro Internet Security (20251204)","Windows Defender (20251204)"]},{"isRevoked":"False","fileName":"TotalPCScan.exe","companyName":"Total PC Scan","productName":"TotalPCScan","productVersion":"1.0.0.0","fileVersion":"1.0.0","hashMD5":"ad1ad04a5aa85857602c2e1e16f48e1d","hashSHA1":"74b4a16e461f93dcda8bd6fc78a053a6e3b3499a","hashSHA256":"e363410f0dd6c27f0c253ca580f500caa8ffa849dde69c8ff02e6bf0ba276d31","sourceIndex":"167","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://totalpcscan.com/try-now","ipv4":"","ipv6":"","sourceIndex":"167"}],"sampleFiles":["250911/TotalPCScan-250909/2.0.0/Samples/TotalPCScanSetup.exe"],"imageFiles":["250911/TotalPCScan-250909/2.0.0/Images/ACR-004/ACR-004_Software_1.png","250911/TotalPCScan-250909/2.0.0/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"2f9a75c9-42e0-48a1-ab8d-35ae093457af_2.0.0_1","appID":"TotalPCScan-250909","dateAdded":"250911","deceptorType":"App","name":"TotalPCScan","company":"Ninja Development Service LLC","version":"2.0.0","lastKnownStatus":"2.0.0","lastKnownDate":"250911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-09-11T20:31:44.203144+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":237},{"violations":{"ACR-004":"Application requires register and pay to fix the issues reported during free scanning, which is not permanent fix. The option \"review and clean\" doesn't provide \"clean\" function as it claims.\n","ACR-084":"Application running in background silently without notifying user when it is closed. No clear indication and attribution what the application is running when mouse hover over the application icon in systray.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"RabidCleaner.exe","isInstaller":"True","hashMD5":"b9f3f2bd6470fb471c4ba395a171644b","hashSHA1":"0f400cfa0880a538da3a70f4b089c21e61f40f18","hashSHA256":"3d53c08dff5d5fc5ec282b78f927f734fb36126a1ea4ee4ec02493653df29bab","digitalCertThumbprint":"1E878D8CFBF6086493F20456131DF3EEE8F95EFF","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Web Flynt Technologies Private Limited, O=Web Flynt Technologies Private Limited, S=Punjab, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=116287","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"169","avBlockList":["360 Total Security (20251202)","Bitdefender Internet Security (20251202)","COMODO Antivirus (20251202)","ESET Internet Security (20251202)","FortectPremium (20251202)","G DATA INTERNET SECURITY (20251202)","K7 Total Security (20251202)","Malwarebytes Premium (20251202)","Panda Dome (20251202)","Quick Heal Internet Security (20251202)","Sophos Home Premium (20251202)","SpyHunter5 (20251202)","VIPRE Advanced Security (20251202)","VirIT eXplorer PRO (20251202)","Webroot SecureAnywhere (20251202)","Windows Defender (20251202)"],"avAllowList":["Avast Premium Security (20251202)","AVG Internet Security (20251202)","Avira Internet Security (20251202)","Dr.Web Security Space (20251202)","KasperskyPremium (20251202)","McAfee Total Protection (20251202)","Norton Security (20251202)","Total AV Antivirus Pro (20251202)","Trend Micro Internet Security (20251202)"]},{"isRevoked":"False","fileName":"RabidCleaner.exe","productName":"RabidCleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2c0453455c1d92e3277cb0ad33daf75b","hashSHA1":"3498af6890ad22f94ca4f23af68139a317618461","hashSHA256":"a52a92b5dc97c6757e3fc7a20e1acfb2b554bad782a3835ae70e70abd4e81c1c","digitalCertThumbprint":"1E878D8CFBF6086493F20456131DF3EEE8F95EFF","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Web Flynt Technologies Private Limited, O=Web Flynt Technologies Private Limited, S=Punjab, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=116287","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"169","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.rabidcleaner.com/","directDownloadingLink":"https://www.rabidcleaner.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.rabidcleaner.com/download/","sourceIndex":"169"}],"sampleFiles":["250904/RabidCleaner-250904/2025.06.16/Samples/RabidCleaner.exe"],"imageFiles":["250904/RabidCleaner-250904/2025.06.16/Images/ACR-004/ACR-004_Software_1.png","250904/RabidCleaner-250904/2025.06.16/Images/ACR-004/ACR-004_Software_2.png","250904/RabidCleaner-250904/2025.06.16/Images/ACR-004/ACR-004_Software_3.png","250904/RabidCleaner-250904/2025.06.16/Images/ACR-084/ACR-084_Software_1.png","250904/RabidCleaner-250904/2025.06.16/Images/ACR-084/ACR-084_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"56447d3f-0589-4d67-88b3-c763f9c8ef57_2025.06.16_1","appID":"RabidCleaner-250904","dateAdded":"250904","deceptorType":"App","name":"RabidCleaner","company":"Web Flynt Technologies Private Limited","version":"2025.06.16","lastKnownStatus":"1.0.0","lastKnownDate":"250904","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-09-04T22:41:27.3523347+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":238},{"violations":{"ACR-042":"Installer installs non disclosed program: CR\nInstaller installs non disclosed program: CR\n","ACR-043":"Instead of installing OBS software, the installer installs CR program. \n","ACR-013":"User is interrupted by non-consented offers during using the software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-055":"The accept/decline options of the offer are not obvious during installation.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OBS%20Soft%20Load.exe","isInstaller":"True","companyName":"EEF                                                         ","productName":"OBS","productVersion":"2.0","hashMD5":"8e1013cf29ed2f54d684eb67269db53a","hashSHA1":"27bd683fef703830efbb0df4032aaeb168c2efbf","hashSHA256":"98c0d6c2895deec4fb2c62a2001f12df56df5a728bd96b47e1ef0067e30a23d2","digitalCertThumbprint":"6273B1353C2A1901591FFB116688FB24BF216096","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ИП Обуховский Владислав Иосифович, O=ИП Обуховский Владислав Иосифович, L=Всеволожск, S=Ленинградская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Leningrad Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=318470400036578, OID.2.5.4.15=Business Entity","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"132","avBlockList":["360 Total Security (20251120)","Avast Premium Security (20251120)","AVG Internet Security (20251120)","Avira Internet Security (20251120)","COMODO Antivirus (20251120)","Dr.Web Security Space (20251120)","ESET Internet Security (20251120)","FortectPremium (20251120)","K7 Total Security (20251120)","KasperskyPremium (20251120)","Malwarebytes Premium (20251120)","McAfee Total Protection (20251120)","Norton Security (20251120)","Panda Dome (20251120)","Quick Heal Internet Security (20251120)","Sophos Home Premium (20251120)","SpyHunter5 (20251120)","Total AV Antivirus Pro (20251120)","VIPRE Advanced Security (20251120)","VirIT eXplorer PRO (20251120)","Webroot SecureAnywhere (20251120)","Windows Defender (20251120)"],"avAllowList":["Bitdefender Internet Security (20251120)","G DATA INTERNET SECURITY (20251120)","Trend Micro Internet Security (20251120)"]},{"isRevoked":"False","fileName":"cr.exe","companyName":"Artiesy","productName":"selauncher","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"beb8622c203c27ba9b656ccc165cf20d","hashSHA1":"6c132336ec66e3caf97e3efd9a8e6cd026434d49","hashSHA256":"78ad23ffae0fae9e2dc36a964c766058f13bda597e2625b60c87d056440e9120","digitalCertThumbprint":"6273B1353C2A1901591FFB116688FB24BF216096","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ИП Обуховский Владислав Иосифович, O=ИП Обуховский Владислав Иосифович, L=Всеволожск, S=Ленинградская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Leningrad Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=318470400036578, OID.2.5.4.15=Business Entity","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"132","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"External Deceptor Report","reference":"","landingPage":"https://obs.automaqv.com/","directDownloadingLink":"https://cdn.automaqv.com/OBS%20Soft%20Load.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.automaqv.com/OBS%20Soft%20Load.exe","sourceIndex":"132"}],"sampleFiles":["250903/SpoofedOBSStudio-250903/2.0/Samples/OBS%20Soft%20Load.exe"],"imageFiles":["250903/SpoofedOBSStudio-250903/2.0/Images/ACR-043/tmp2yfpfw.jpg","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-043/ACR-043_Install_1.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-055/tmpu0vm24.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-042/ACR-042_Install_1.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-013/ACR-013_Install_1.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-013/ACR-013_Install_2.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-013/ACR-013_Install_3.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-042/ACR-042_Software_1.png","250903/SpoofedOBSStudio-250903/2.0/Images/ACR-155/tmpu0vm24.png"],"nonDeceptorImageFiles":[],"guid":"251d7dfe-0eff-4997-a94b-95bb30103ccd_2.0_1","appID":"SpoofedOBSStudio-250903","dateAdded":"250903","deceptorType":"App","name":"SpoofedOBSStudio","company":"ИП Обуховский Владислав Иосифович","version":"2.0","lastKnownDate":"250903","type":"Windows Executable","category":"Productivity","targetOS":"None","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"install offers","lastUpdate":"2026-01-19T20:01:18.8378258+00:00","notDistributed":false,"familyName":"SpoofedOBSStudio","numInFamily":2,"numInAppID":1,"sortOrder":143},{"violations":{"ACR-043":"ProxymaData components are dropped during application installation without any disclosure.\n","ACR-048":"With application closed, the resource borrowing process is running in background without notifying user. There is no options for user to cancel resource borrowing process immediately.\n","ACR-006":"Resource borrowing process is not clearly attributed.\n","ACR-013":"User is interrupted by non-consented offers during using the software\n","ACR-060":"The offer is misleading. It is presented from ScreenShooter, instead of from ProxymaData. \n","ACR-118":"ProxymaData is not removed after ScreenShooter uninstalled completely.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-055":"The offer is not presented with clear decline/accept option.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"screenshooter-install__337.exe","isInstaller":"True","productName":"ScreenShooter","productVersion":"4.1.1.0","fileVersion":"4.1.1.0","hashMD5":"b289b8a40f764ba631687b30ebabf2c2","hashSHA1":"82357d43a4ef0b70b5aa1b8cc13f0bcdbfd607b2","hashSHA256":"8eb5123e2eae85087adb58874cb6661cf7b687afdf2c4cbb7fe792f6b504ab73","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"170","avBlockList":["Avast Premium Security (20251125)","AVG Internet Security (20251125)","Avira Internet Security (20251125)","Bitdefender Internet Security (20251125)","Dr.Web Security Space (20251125)","ESET Internet Security (20251125)","FortectPremium (20251125)","G DATA INTERNET SECURITY (20251125)","K7 Total Security (20251125)","KasperskyPremium (20251125)","Malwarebytes Premium (20251125)","McAfee Total Protection (20251125)","Norton Security (20251125)","Panda Dome (20251125)","Quick Heal Internet Security (20251125)","Sophos Home Premium (20251125)","SpyHunter5 (20251125)","Total AV Antivirus Pro (20251125)","VIPRE Advanced Security (20251125)","VirIT eXplorer PRO (20251125)","Webroot SecureAnywhere (20251125)","Windows Defender (20251125)"],"avAllowList":["360 Total Security (20251125)","COMODO Antivirus (20251125)","Trend Micro Internet Security (20251125)"]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"8568211dd3ebd8f4e25d24cdbf865256","hashSHA1":"241ca16436067c67993bdf059bd63a19f22bd2a3","hashSHA256":"942e7f147ffca11881d5c1fb464bd77a195f68b9ea99b35de4e43a23a274d259","sourceIndex":"170","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ScreenShooter.exe","companyName":"ROSTPAY LTD","productName":"ScreenShooter","productVersion":"2.7.3.1859","fileVersion":"2.7.3.1859","hashMD5":"e68987d2350a1ae0f8f3f40085d80d56","hashSHA1":"e444ff341f346f27afc00499b3ad9324d954a1b2","hashSHA256":"922299158af2828950f843f899a6abbf55b5f5be09dbb18ec635bd983059bd7d","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"170","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4.0.0","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"170","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunting","reference":"","landingPage":"https://www.screen-shooter.com/","directDownloadingLink":"https://www.screen-shooter.com/app/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.screen-shooter.com/app/download/init","sourceIndex":"170"}],"sampleFiles":["250827/ScreenShooter-250827/2.7.3.1859/Samples/screenshooter-install__337.exe","250827/ScreenShooter-250827/2.7.3.1859/Samples/PDClient.exe","250827/ScreenShooter-250827/2.7.3.1859/Samples/ScreenShooter.exe"],"imageFiles":["250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-043/ACR-043_Install_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-048/ACR-048_Software_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-006/ACR-006_Software_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-013/ACR-013_Software_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-118/ACR-118_Uninstall_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-057/ACR-057_Inline offers_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-060/ACR-060_Inline offers_1.png","250827/ScreenShooter-250827/2.7.3.1859/Images/ACR-055/ACR-055_Inline offers_1.png"],"nonDeceptorImageFiles":[],"guid":"1dae2495-667c-4675-89e6-7acd42abf77e_2.7.3.1859_1","appID":"ScreenShooter-250827","dateAdded":"250827","deceptorType":"App","name":"ScreenShooter","company":"ROSTPAY LTD","version":"2.7.3.1859","lastKnownStatus":"2.7.3.1859","lastKnownDate":"250827","type":"Windows Executable","category":"Media editors","targetOS":"Windows 8,Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,install offers","lastUpdate":"2025-08-27T21:29:54.2632826+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":239},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macube Cleaner","fileVersion":"0.","hashMD5":"f5d1f2a0cf3376b9cf69c8cbcff36879","hashSHA1":"d0b1c80049c23a9017474aea61c21ae6aedf533b","hashSHA256":"14df4397a31cdc26ef42e2fee146bd563458b39bff294a50f0fbae50dff1141e","sourceIndex":"1907","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"b2d8981bcabe802a024c91407a96ddd2","hashSHA1":"aa47784f0366e7d042442cc6e63b9979019735dd","hashSHA256":"5160393d458c49798f9708200c35b73e98fb8c27c288db1b72ba4f4ed550f9d9","sourceIndex":"1907","avBlockList":["Avast Security for Mac (20211109)","Avira Security for Mac (20211109)","Bitdefender Antivirus for Mac (20211109)","ESET Cyber Security Pro for Mac (20211109)","G DATA AntiVirus for Mac (20211109)","McAfee Internet Security for Mac (20211109)","Norton Security for Mac (20211109)","Sophos Home Premium For Mac (20211109)","Trend Micro Antivirus for Mac (20211109)"],"avAllowList":["K7 Antivirus for Mac (20211109)","Kaspersky Internet Security for Mac (20211109)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.fonepaw.com/","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1907"}],"sampleFiles":["210527/MacubeCleaner-210525/4.2.0/Samples/Macube Cleaner","210527/MacubeCleaner-210525/4.2.0/Samples/macube-cleaner.pkg"],"imageFiles":["210527/MacubeCleaner-210525/4.2.0/Images/ACR-004/Macube Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_Install [1].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_Install [2].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_Install [3].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_Install [6].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-065/Macube Cleaner_About [1].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-099/Macube Cleaner_About [1].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-045/Macube Cleaner_LandingPage [1].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-099/Macube Cleaner_LandingPage [2].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-161/Macube Cleaner_LandingPage [3].png","210527/MacubeCleaner-210525/4.2.0/Images/ACR-099/Macube Cleaner_OfferPage [1].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.2.0_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.2.0","sigName":"Deceptor:MacOS/MacubeCleaner!004","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":245},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"d7ae61c807659a28e2a22d4cb0362df0","hashSHA1":"e03843a6b5321cf37be8fe92bd660ba05cea4406","hashSHA256":"af9adc9c5dcffa016e9141a9bca41c2807e3b059133263332070ba97dcec9e51","sourceIndex":"1874","avBlockList":["Avast Security for Mac (20211214)","Avira Security for Mac (20211214)","Bitdefender Antivirus for Mac (20211214)","ESET Cyber Security Pro for Mac (20211214)","G DATA AntiVirus for Mac (20211214)","K7 Antivirus for Mac (20211214)","Norton Security for Mac (20211214)","Sophos Home Premium For Mac (20211214)","Trend Micro Antivirus for Mac (20211214)"],"avAllowList":["Kaspersky Internet Security for Mac (20211214)","McAfee Internet Security for Mac (20211214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.fonepaw.com/","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1874"}],"sampleFiles":["210628/MacubeCleaner-210525/4.2.1/Samples/macube-cleaner.pkg"],"imageFiles":["210628/MacubeCleaner-210525/4.2.1/Images/ACR-004/Macube Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["210628/MacubeCleaner-210525/4.2.1/Images/ACR-065/Macube Cleaner_Install [1].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-065/Macube Cleaner_Install [2].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-065/Macube Cleaner_Install [3].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-065/Macube Cleaner_Install [6].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-099/Macube Cleaner_About [1].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-045/Macube Cleaner_LandingPage [2].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-045/Macube Cleaner_LandingPage [4].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-099/Macube Cleaner_LandingPage [1].png","210628/MacubeCleaner-210525/4.2.1/Images/ACR-161/Macube Cleaner_LandingPage [3].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.2.1_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.2.1","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":244},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 4.2.1  vs version 4.2.2) \nThe App's version is not consistent between App interaction and its install. (version 4.2.1  vs version 4.2.2) \n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macube Cleaner","fileVersion":"0.","hashMD5":"f656a2028ebb89e9a396b4d4b4daede1","hashSHA1":"f17e3ccb6b76a7facf6d14554aad77279b64684d","hashSHA256":"2104afad83b88679dece51a001076941e6a2f247b446b4a7c86804c5bb8b308f","sourceIndex":"1848","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"20e761beeed0e090efc4aeb0fe7ef0c7","hashSHA1":"33912f97ad8bed6564e1494f6d0106629d08ee52","hashSHA256":"4f92c3d666c4be3b6f22f9132bd3c20b026e4d9e6504bc5884092a1e237c71e3","sourceIndex":"1848","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1848"}],"sampleFiles":["210721/MacubeCleaner-210525/4.2.2/Samples/Macube Cleaner","210721/MacubeCleaner-210525/4.2.2/Samples/macube-cleaner.pkg"],"imageFiles":["210721/MacubeCleaner-210525/4.2.2/Images/ACR-004/Macube Cleaner_Interactions [2].png"],"nonDeceptorImageFiles":["210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_Install [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_Install [2].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_Install [3].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_Install [7].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-002/Macube Cleaner_Install [2].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-002/Macube Cleaner_About [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-065/Macube Cleaner_About [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-099/Macube Cleaner_About [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-045/Macube Cleaner_LandingPage [2].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-045/Macube Cleaner_LandingPage [3].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-099/Macube Cleaner_LandingPage [1].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-161/Macube Cleaner_LandingPage [4].png","210721/MacubeCleaner-210525/4.2.2/Images/ACR-099/Macube Cleaner_OfferPage [1].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.2.2_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.2.2","sigName":"Deceptor:MacOS/MacubeCleaner!004","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":243},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it requires user to purchase subscription service to fix all results identified.\n","ACR-014":"When user tries to clean the reported issues, the app will prompt to activate the 7-day free trial. However,  after clicking the button \"Try it Free\", it will launch the offer page for subscription, the app does not provide info about the free trial.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","hashMD5":"6ef5c09639d8cf6437d15a4136cf8d5c","hashSHA1":"19238b0a6f9979a7c0721437cbfbd8c6e1ad6ee3","hashSHA256":"9250c365d59af02b121454fa773b81968f1ce64ab4deda1ddcbb10fc939c8eab","digitalCertThumbprint":"AAD357AF799895F1B18F20BAD9AFA82647C057B0","digitalCertIssuer":"C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Developer ID Certification Authority","digitalCertIssuedTo":"C=HK, O=FonePaw Technology Limited, OU=GPLR6GGYXP, CN=Developer ID Installer: FonePaw Technology Limited (GPLR6GGYXP), OID.0.9.2342.19200300.100.1.1=GPLR6GGYXP","digitalCertCodeSigning":"False","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"171","avBlockList":["Avira Security for Mac (20251113)","ESET Cyber Security Pro for Mac (20251113)","Sophos Home Premium For Mac (20251113)","SpyHunterforMac (20251113)","Trend Micro Antivirus for Mac (20251113)"],"avAllowList":["Avast Security for Mac (20251113)","Bitdefender Antivirus for Mac (20251113)","G DATA AntiVirus for Mac (20251113)","K7 Antivirus for Mac (20251113)","Kaspersky Internet Security for Mac (20251113)","McAfee Internet Security for Mac (20251113)","Norton Security for Mac (20251113)"]},{"isRevoked":"False","fileName":"Macube%20Cleaner","fileVersion":"10.13.0","hashMD5":"113855f7a1f4dc413d00221eba48e5b0","hashSHA1":"eefc12d0ca360c2dba9efe11dc5997f19b608a9b","hashSHA256":"60d8e627ce75604653485f910e985cc6cd6571cb18c0392c9545cdf2a791977b","sourceIndex":"171","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.fonepaw.com/","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"171"}],"sampleFiles":["250825/MacubeCleaner-210525/4.3.3/Samples/macube-cleaner.pkg","250825/MacubeCleaner-210525/4.3.3/Samples/Macube%20Cleaner"],"imageFiles":["250825/MacubeCleaner-210525/4.3.3/Images/ACR-004/app1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-004/offerpage1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-014/app1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-014/offerpage1.png"],"nonDeceptorImageFiles":["250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install2.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install3.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install4.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/install5.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-065/app3.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-045/landingpage1.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-045/landingpage2.png","250825/MacubeCleaner-210525/4.3.3/Images/ACR-161/landingpage3.png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.3.3_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.3.3","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:12.2961244+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":240},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macube Cleaner","fileVersion":"0.","hashMD5":"91711ebc7ac5ccef35479e7255ae74cf","hashSHA1":"46d280d2e5170ef5a1b6f6576f17cf284511acb6","hashSHA256":"d3a264dd580023b65f42dd88feba9b2fea0c21da827384abc3c0f1a99f8a9dfb","sourceIndex":"1560","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"25a05e3839506e8c1ddcbbfeb2227225","hashSHA1":"c6af2ec0601861586f20c6acfe9fe34a8fe684c3","hashSHA256":"7bd9864030532df447502d65442c297db308538e71211aef9ec4c305832b5ed5","sourceIndex":"1560","avBlockList":["Avast Security for Mac (20220510)","Avira Security for Mac (20220510)","ESET Cyber Security Pro for Mac (20220510)","K7 Antivirus for Mac (20220510)","Norton Security for Mac (20220510)","Trend Micro Antivirus for Mac (20220510)"],"avAllowList":["Bitdefender Antivirus for Mac (20220510)","G DATA AntiVirus for Mac (20220510)","Kaspersky Internet Security for Mac (20220510)","McAfee Internet Security for Mac (20220510)","Sophos Home Premium For Mac (20220510)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1560"}],"sampleFiles":["220228/MacubeCleaner-210525/4.3.1/Samples/Macube Cleaner","220228/MacubeCleaner-210525/4.3.1/Samples/macube-cleaner.pkg"],"imageFiles":["220228/MacubeCleaner-210525/4.3.1/Images/ACR-004/Macube Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [3].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [1].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [2].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [3].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [5].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_Install [6].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-065/Macube Cleaner_About [1].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-099/Macube Cleaner_About [1].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-045/Macube Cleaner_LandingPage [2].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-045/Macube Cleaner_LandingPage [3].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-099/Macube Cleaner_LandingPage [1].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-161/Macube Cleaner_LandingPage [4].png","220228/MacubeCleaner-210525/4.3.1/Images/ACR-099/Macube Cleaner_OfferPage [1].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.3.1_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.3.1","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":241},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macube Cleaner","fileVersion":"0.","hashMD5":"2d249602ea8696d793f31e86aabf87e7","hashSHA1":"01f4ffe0bfaf072229d7ebe79ccce49d49529ad1","hashSHA256":"ea7aeb8fffcd78589231620a0daff1ce14c596e8dc7cfc9acb0487ae9ff0e3ac","sourceIndex":"1792","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macube-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"9b690570505d7a7c27b16d57dcb3ee91","hashSHA1":"76ee9d1e5739d1e243db89e735f2413b36e4b1f4","hashSHA256":"7f8006d5b01927ee073db467581a175521d7cdd2b5f41eb248e448391b537919","sourceIndex":"1792","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.fonepaw.com/","landingPage":"https://www.macube.com","directDownloadingLink":"https://dl.macube.com/macube-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.macube.com/macube-cleaner.pkg","sourceIndex":"1792"}],"sampleFiles":["211115/MacubeCleaner-210525/4.3.0/Samples/Macube Cleaner","211115/MacubeCleaner-210525/4.3.0/Samples/macube-cleaner.pkg"],"imageFiles":["211115/MacubeCleaner-210525/4.3.0/Images/ACR-004/Macube Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_Install [1].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_Install [2].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_Install [3].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_Install [4].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-065/Macube Cleaner_About [1].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-099/Macube Cleaner_About [1].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-045/Macube Cleaner_LandingPage [1].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-099/Macube Cleaner_LandingPage [3].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-161/Macube Cleaner_LandingPage [2].png","211115/MacubeCleaner-210525/4.3.0/Images/ACR-099/Macube Cleaner_OfferPage [1].png"],"guid":"c31fd72f-1b33-4afc-85f3-1714f18f405a_4.3.0_1","appID":"MacubeCleaner-210525","dateAdded":"250825","deceptorType":"MacOS App","name":"Macube Cleaner","company":"FonePaw Technology Limited","version":"4.3.0","firstResolvedVersion":"","lastKnownStatus":"4.2.0;4.2.2;4.3.0;4.3.1;4.3.3","lastKnownDate":"250825","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-08-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":242},{"violations":{"ACR-048":"There is no option for user to immediately cancel the resource borrowing activity in application.\n","ACR-084":"The resource borrowing status is not visible in application. No clearly indicate whenever borrowing is active or inactive in application.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Dispout.exe","isInstaller":"True","companyName":"Globalhop                                                   ","productName":"Dispout","productVersion":"1.0.8.0","fileVersion":"1.0.8.0","hashMD5":"383a9f50cadf5f73cc7984adc8cf9057","hashSHA1":"1873b79b28d27581b7dc627225f12d9fd47cf67d","hashSHA256":"cf0d241b30ce9260126b1aaa82cf825ded17b3e00ed964b393420610e4fbf179","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"173","avBlockList":["360 Total Security (20251104)","ESET Internet Security (20251104)","FortectPremium (20251104)","K7 Total Security (20251104)","KasperskyPremium (20251104)","Malwarebytes Premium (20251104)","McAfee Total Protection (20251104)","Panda Dome (20251104)","Quick Heal Internet Security (20251104)","Sophos Home Premium (20251104)","SpyHunter5 (20251104)","Webroot SecureAnywhere (20251104)","VirIT eXplorer PRO (20251104)"],"avAllowList":["Avast Premium Security (20251104)","AVG Internet Security (20251104)","Avira Internet Security (20251104)","Bitdefender Internet Security (20251104)","COMODO Antivirus (20251104)","Dr.Web Security Space (20251104)","G DATA INTERNET SECURITY (20251104)","Norton Security (20251104)","Total AV Antivirus Pro (20251104)","Trend Micro Internet Security (20251104)","VIPRE Advanced Security (20251104)","Windows Defender (20251104)"]},{"isRevoked":"False","fileName":"classic.dll","companyName":"Globalhop","productName":"Dispout","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"354420212c99d3ad4bf6217c40b6ac19","hashSHA1":"3a57f617ca2d1b16652efcde89dc99ef823ea099","hashSHA256":"990da27669a1f49ab54a094a59b9dc0274af0df04a321060c48694aeb0b23d1b","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"173","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"novel.dll","hashMD5":"5cf63611cb50c22c0984a814a3116a50","hashSHA1":"b733d61c1a1c5a4f4f52e7803f7e200611886fb1","hashSHA256":"76ca5aa0a5a0894670879d54e915880991930cb8b83c3b305cd6d4511bea7a9e","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"173","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Dispout.exe","companyName":"Globalhop","productName":"Dispout","productVersion":"1.0.8.0","fileVersion":"1.0.8.0","hashMD5":"e7c020284da7a4ec474bada38ed72358","hashSHA1":"a95be80811e68bcbd011fa3e3d9cba3c1c49f1f8","hashSHA256":"c67f21f120b273176d6524a2b035b66a494f8175788653f914692405e9e9d581","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"173","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://dispout.com/","directDownloadingLink":"https://dispout.com/download/Dispout.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dispout.com/download/Dispout.exe","sourceIndex":"173"}],"sampleFiles":["250820/Dispout-240314/1.0.8.0/Samples/Dispout.exe"],"imageFiles":["250820/Dispout-240314/1.0.8.0/Images/ACR-084/ACR-084_Software_1.png","250820/Dispout-240314/1.0.8.0/Images/ACR-084/ACR-084_Software_2.png","250820/Dispout-240314/1.0.8.0/Images/ACR-084/ACR-084_Software_3.png","250820/Dispout-240314/1.0.8.0/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"49714669-87b9-485b-8e65-68598825e623_1.0.8.0_1","appID":"Dispout-240314","dateAdded":"250820","deceptorType":"App","name":"Dispout","company":"Globalhop","version":"1.0.8.0","firstResolvedVersion":"1.0.8.0","lastKnownStatus":"1.0.8.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2025-08-20T19:32:48.2052346+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":252},{"violations":{"ACR-042":"\"GlobalHop\" SDK components are dropped without obtaining user's permission through explicit user action.\n","ACR-048":"The App does not provide an option to cancel the startup and remove the background process completely within the app's settings. Elements are also located in hidden folders making it a challenge for ordinary users to remove them manually.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection for sharing internet resources and as proxy. \n","ACR-084":"The app runs silently in the background, hiding the fact that it is active from the consumer, and also creates a startup entry without the user's knowledge and consent. The application runs in the system tray immediately after installation with a greyed and disabled icon, thus attempting to hide its presence from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains all of its components on the device without the consumer's consent or notifying the user.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system in a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The App installs itself by default in a hidden folder <Appdata/Local/Program>.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\RestMinder\\RestMinder.exe","companyName":"","productName":"RestMinder","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d00c3c70471464f6f89190ca5dee8548","hashSHA1":"de47f4a3f642654382233a79973d299b8a40ce16","hashSHA256":"23b97b3099d60b8e28ac72a64b8b9f69e0062642728ffe56aa3a69847fa37326","digitalCertThumbprint":"02AE726E551C4BAA06F351EAB27853D035713619","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Globalhop Ltd","storeId":"","sourceIndex":"1510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RestMinder_1.0.0.0.exe","isInstaller":"True","companyName":"RestMinder                                                  ","productName":"RestMinder                                                  ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"9d7d8660b4743c721793bf50ac933575","hashSHA1":"a64341e645a0fec870f633ea5f372c0e02a5a702","hashSHA256":"b1ea691fadc0f346043c322b6ac53bfff3232e9594f6df9405c2de91abe89dbf","digitalCertThumbprint":"02AE726E551C4BAA06F351EAB27853D035713619","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Globalhop Ltd","storeId":"","sourceIndex":"1510","avBlockList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)","Windows Defender (20240625)"],"avAllowList":["COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","K7 Total Security (20240625)","Tencent PC Manager (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://restminder.com/","directDownloadingLink":"https://restminder.com/download/RestMinder_1.0.0.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://restminder.com/download/RestMinder_1.0.0.0.exe","sourceIndex":"1510"}],"sampleFiles":["220525/restminder-220524/1.0.0.0/Samples/RestMinder_1.0.0.0.exe"],"imageFiles":["220525/restminder-220524/1.0.0.0/Images/ACR-042/ACR-042 (1).JPG","220525/restminder-220524/1.0.0.0/Images/ACR-042/ACR-042 (2).JPG","220525/restminder-220524/1.0.0.0/Images/ACR-007/ACR-007.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-084/ACR-084_Software_Hidden.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-084/ACR-084_Software_Undisclosed_Startup.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-084/ACR-084_Software_Hidden_1.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_1.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_2.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_3.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_Retains.JPG","220525/restminder-220524/1.0.0.0/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220525/restminder-220524/1.0.0.0/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG"],"guid":"195aeafe-7700-4663-aa4a-f8dc4ac4035f_1.0.0.0_1","appID":"restminder-220524","dateAdded":"250820","deceptorType":"App","name":"Restminder","company":"Globalhop Ltd","version":"1.0.0.0","firstResolvedVersion":"","lastKnownStatus":"1.0.0.0;1.0.4.0;1.0.5.0;1.0.6.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-20T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":4,"sortOrder":251},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection, when the app is re-enabled at least for the 1st time.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. There is no clear control for borrowing resource.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n","ACR-098":"The app needs to provide control to adjust the schedule and rate of borrowing while the \"Restminder\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"restminder-setup.exe","isInstaller":"True","companyName":"RestMinder                                                  ","fileVersion":"1.0","hashMD5":"4e98a80bf5acea96708c203fe165cd47","hashSHA1":"0cf03f5000cae7ef09b8e5af3e8ab2f7eb73d9ce","hashSHA256":"bfcbb8781693d0d9e7dbe2bfa633a7cea8bc8f7acb1c1866830717b49ab826d2","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"708","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","K7 Total Security (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing proxy apps","reference":"","landingPage":"https://restminder.com/","directDownloadingLink":"https://restminder.com/download/restminder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://restminder.com/download/restminder.exe","sourceIndex":"708"}],"sampleFiles":["240319/restminder-220524/1.0.4.0/Samples/restminder-setup.exe"],"imageFiles":["240319/restminder-220524/1.0.4.0/Images/ACR-007/ACR-007_Install_1.png","240319/restminder-220524/1.0.4.0/Images/ACR-084/ACR-084_Software_1.png","240319/restminder-220524/1.0.4.0/Images/ACR-007/restminder.gif","240319/restminder-220524/1.0.4.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240319/restminder-220524/1.0.4.0/Images/ACR-040/ACR-040_Install_1.png","240319/restminder-220524/1.0.4.0/Images/ACR-098/ACR-098_Software_1.png"],"guid":"195aeafe-7700-4663-aa4a-f8dc4ac4035f_1.0.4.0_1","appID":"restminder-220524","dateAdded":"250820","deceptorType":"App","name":"Restminder","company":"Globalhop Ltd","version":"1.0.4.0","firstResolvedVersion":"","lastKnownStatus":"1.0.0.0;1.0.4.0;1.0.5.0;1.0.6.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2025-08-20T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":4,"sortOrder":250},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the app is re-enabled at least for the 1st time.\n","ACR-010":"The app establishes SMTP connections and uses them to send spam email advertisements to various addresses.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. There is no clear control for borrowing resource.\n","ACR-089":"The app establishes smtp connections and uses them to send spam advertisement emails to various addresses.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\"\n"},"samples":[{"isRevoked":"False","fileName":"Dispout-setup.exe","isInstaller":"True","companyName":"Dispout                                                     ","fileVersion":"1.0","hashMD5":"9f5010daf2e85a3d701e39e8f7833c43","hashSHA1":"ddc9e34392774512629e574f979e202b4a8f1833","hashSHA256":"4b5bff7fbba9daa1f0a8104adc3e5411d84c61fd4dee800827261eadf01e6ff4","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"600","avBlockList":["360 Total Security (20250821)","Avast Premium Security (20250821)","AVG Internet Security (20250821)","Avira Internet Security (20250821)","Bitdefender Internet Security (20250821)","ESET Internet Security (20250821)","G DATA INTERNET SECURITY (20250821)","K7 Total Security (20250821)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20250821)","McAfee Total Protection (20250821)","Norton Security (20250821)","Panda Dome (20250821)","Quick Heal Internet Security (20250821)","Sophos Home Premium (20250821)","SpyHunter5 (20250821)","Total AV Antivirus Pro (20250821)","Trend Micro Internet Security (20250821)","VIPRE Advanced Security (20250821)","VirIT eXplorer PRO (20250821)","Webroot SecureAnywhere (20250821)","FortectPremium (20250821)"],"avAllowList":["COMODO Antivirus (20250821)","Dr.Web Security Space (20250821)","Windows Defender (20250821)","KasperskyPremium (20250821)"]},{"isRevoked":"False","fileName":"Dispout.exe","fileVersion":"1.0","hashMD5":"f9daaedfff02a6af744c22d64ba826e2","hashSHA1":"11bb3ad1f7448d508476ce456b6de6b8da3fc8fa","hashSHA256":"b9ff2fb7a47d0537316ca90a308ac3bdb6d91601def68ef9fe50bb87f377dde0","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"600","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://dispout.com/","directDownloadingLink":"https://dispout.com/download/Dispout.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dispout.com/download/Dispout.exe","sourceIndex":"600"}],"sampleFiles":["240627/Dispout-240314/1.0.1.0/Samples/Dispout-setup.exe","240627/Dispout-240314/1.0.1.0/Samples/Dispout.exe"],"imageFiles":["240627/Dispout-240314/1.0.1.0/Images/ACR-007/ACR-007_Install_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-007/ACR-007_Install_2.png","240627/Dispout-240314/1.0.1.0/Images/ACR-084/ACR-084_Software_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-084/ACR-084_Software_2.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/dispoutsmtpconnections.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/smtpdata.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/spamemail.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/ACR-089_Software_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-089/ACR-089_Software_2.png","240627/Dispout-240314/1.0.1.0/Images/ACR-007/Dispout.gif","240627/Dispout-240314/1.0.1.0/Images/ACR-010/dispoutsmtpconnections.png","240627/Dispout-240314/1.0.1.0/Images/ACR-010/smtpdata.png","240627/Dispout-240314/1.0.1.0/Images/ACR-010/spamemail.png","240627/Dispout-240314/1.0.1.0/Images/ACR-010/ACR-010_Software_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-010/ACR-010_Software_2.png","240627/Dispout-240314/1.0.1.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240627/Dispout-240314/1.0.1.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240627/Dispout-240314/1.0.1.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"49714669-87b9-485b-8e65-68598825e623_1.0.1.0_1","appID":"Dispout-240314","dateAdded":"250820","deceptorType":"App","name":"Dispout","company":"Globalhop","version":"1.0.1.0","firstResolvedVersion":"1.0.8.0","lastKnownStatus":"1.0.8.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2025-08-20T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":253},{"violations":{"ACR-048":"There is no option for user to immediately cancel the resource borrowing activity in application.\n","ACR-084":"The resource borrowing status is not visible in application. No clearly indicate whenever borrowing is active or inactive in application\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"restminder.exe","isInstaller":"True","companyName":"Globalhop                                                   ","productName":"Restminder","productVersion":"1.0.6.0","fileVersion":"1.0.6.0","hashMD5":"1084a2f55aab88f0afce60a237c4f3c4","hashSHA1":"b1fb14066544ea0884811ff9f677743ab67f6322","hashSHA256":"a9b4d07704f2ffa63c4f7cdfec62658fc2f43403a76590c815b07f1843586cc0","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"172","avBlockList":["360 Total Security (20251104)","Bitdefender Internet Security (20251104)","ESET Internet Security (20251104)","FortectPremium (20251104)","G DATA INTERNET SECURITY (20251104)","K7 Total Security (20251104)","KasperskyPremium (20251104)","Malwarebytes Premium (20251104)","McAfee Total Protection (20251104)","Panda Dome (20251104)","Quick Heal Internet Security (20251104)","Sophos Home Premium (20251104)","SpyHunter5 (20251104)","Trend Micro Internet Security (20251104)","VIPRE Advanced Security (20251104)","Webroot SecureAnywhere (20251104)","VirIT eXplorer PRO (20251104)"],"avAllowList":["Avast Premium Security (20251104)","AVG Internet Security (20251104)","Avira Internet Security (20251104)","COMODO Antivirus (20251104)","Dr.Web Security Space (20251104)","Norton Security (20251104)","Total AV Antivirus Pro (20251104)","Windows Defender (20251104)"]},{"isRevoked":"False","fileName":"RestMinder.exe","companyName":"Globalhop","productName":"Restminder","productVersion":"1.0.6.0","fileVersion":"1.0.6.0","hashMD5":"cf0abd4fdb495106f7e734a98ebfb00c","hashSHA1":"b273ef6af55374367e2989125f66f30dbdb05de7","hashSHA256":"61f3bd04c63b959c149b59eb753b81505dbb88851c5f25eaef6f86a7a6cc5b0b","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"172","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"classic.dll","companyName":"Globalhop","productName":"Restminder","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"52f7930f10a7191bcca9e3c0dfe80e28","hashSHA1":"43d9ed6eea175ecca2a4bd7b1d640af9396a0a48","hashSHA256":"ebdfb6bf972d06878abfb2716932952434a88274ac37cb997636996c8275f747","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"172","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"novel.dll","hashMD5":"3c584654623ef75aa2069bb2e5cbd3d4","hashSHA1":"1f5ea875b0bda964a13262c9e2ddeb0538b33bd2","hashSHA256":"73e98965efa501f2c6ead90b1ae22bddfeb6728388163b8656204ec8d873975f","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"172","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://restminder.com/","directDownloadingLink":"https://restminder.com/download/restminder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://restminder.com/download/restminder.exe","sourceIndex":"172"}],"sampleFiles":["250820/restminder-220524/1.0.6.0/Samples/restminder.exe"],"imageFiles":["250820/restminder-220524/1.0.6.0/Images/ACR-084/ACR-084_Software_2.png","250820/restminder-220524/1.0.6.0/Images/ACR-084/ACR-084_Software_3.png","250820/restminder-220524/1.0.6.0/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"195aeafe-7700-4663-aa4a-f8dc4ac4035f_1.0.6.0_1","appID":"restminder-220524","dateAdded":"250820","deceptorType":"App","name":"Restminder","company":"Globalhop Ltd","version":"1.0.6.0","firstResolvedVersion":"","lastKnownStatus":"1.0.0.0;1.0.4.0;1.0.5.0;1.0.6.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-20T20:42:46.6495812+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":4,"sortOrder":248},{"violations":{"ACR-048":"There is no option for user to immediately cancel the resource borrowing activity in application.\n","ACR-084":"The resource borrowing status is not visible in application. No clearly indicate whenever borrowing is active or inactive in application\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Dzentime.exe","isInstaller":"True","companyName":"Globalhop                                                   ","fileVersion":"1.0","hashMD5":"26d4a85fc28bad04fae1c46b3309f031","hashSHA1":"014c516a43362df6bf649ba062b5956c47cae3e6","hashSHA256":"3ee26f088b3647d5dbb80a5cbe0ae0a1d17058ded3b1f9b9ebeaffbac8189350","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"174","avBlockList":["360 Total Security (20251030)","Bitdefender Internet Security (20251030)","ESET Internet Security (20251030)","FortectPremium (20251030)","G DATA INTERNET SECURITY (20251030)","K7 Total Security (20251030)","KasperskyPremium (20251030)","Malwarebytes Premium (20251030)","McAfee Total Protection (20251030)","Panda Dome (20251030)","Quick Heal Internet Security (20251030)","Sophos Home Premium (20251030)","SpyHunter5 (20251030)","Trend Micro Internet Security (20251030)","VIPRE Advanced Security (20251030)","VirIT eXplorer PRO (20251030)","Webroot SecureAnywhere (20251030)"],"avAllowList":["Avast Premium Security (20251030)","AVG Internet Security (20251030)","Avira Internet Security (20251030)","COMODO Antivirus (20251030)","Dr.Web Security Space (20251030)","Norton Security (20251030)","Total AV Antivirus Pro (20251030)","Windows Defender (20251030)"]},{"isRevoked":"False","fileName":"Dzentime.exe","companyName":"Globalhop","productName":"DzenTime","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3902b7777aa777dfcab8db59ab7a3775","hashSHA1":"68a42c11e1e65a3ed6568d91a3ba2309835ab0aa","hashSHA256":"1c2545b8225d474bc424eaefde958cd9d3cd462f09a731b16393f6da06ebaf4e","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"174","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"unins000.exe","companyName":"Globalhop                                                   ","productName":"Dzentime","productVersion":"1.0.0.0","fileVersion":"51.1052.0.0","hashMD5":"f5c7e61520effcf4581c7f4a4d2e2d0d","hashSHA1":"ed1f16dfcb7cfe1945b520c78ccb34719ed443bb","hashSHA256":"401336ff048c42f4d998441331fa01ff1885e6d0e95ca393d67585240f50e5b5","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"174","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"classic.dll","companyName":"Globalhop","productName":"Dzentime","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"b6d4a68c920ba61c4ff99dfbfff94846","hashSHA1":"8f9f28d360cdc2e16a4a64bbde9cf2b6fe649b35","hashSHA256":"431936a05dbb166ba2a6144e876020c6181a8228e41237295596b4cdb2440ce1","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"174","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"novel.dll","hashMD5":"34204eb2f0bbf46296f6c0f04dc1ef73","hashSHA1":"2dd5f673b5001c57dc04765cf0b5de90bc3e4828","hashSHA256":"58ae68f64c49b96c2626af4e61706bb50c36551d4c6c2e0460b9548873f9142c","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"174","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://dzentime.com/","directDownloadingLink":"https://downloads.dzentime.com/Dzentime.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.dzentime.com/Dzentime.exe","sourceIndex":"174"}],"sampleFiles":["250820/DZentime-240807/1.0.0.0/Samples/Dzentime.exe"],"imageFiles":["250820/DZentime-240807/1.0.0.0/Images/ACR-084/ACR-084_Software_1.png","250820/DZentime-240807/1.0.0.0/Images/ACR-084/ACR-084_Software_2.png","250820/DZentime-240807/1.0.0.0/Images/ACR-084/ACR-084_Software_3.png","250820/DZentime-240807/1.0.0.0/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"e0a04a59-47a1-41b3-ac03-b94751f4fb82_1.0.0.0_1","appID":"DZentime-240807","dateAdded":"250820","deceptorType":"App","name":"Dzentime","company":"Globalhop","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"250820","type":"Windows Executable","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2025-08-20T19:11:54.9504641+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":247},{"violations":{"ACR-004":"Application doesn't provide free fix for scanned items, instead it offers subscription payment to recover files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iboysoftdatarecovery_nt1755665383212.dmg","isInstaller":"True","hashMD5":"807a7b3bb247a5a9c1b40704461fc6ec","hashSHA1":"a50d32ca6ae1e7425daa8113fc7fdf558ec06abb","hashSHA256":"9dbc716b7c21fcbfa9875e7ee1ddf78c84f37f24137b772769ca10e840a2d603","sourceIndex":"175","avBlockList":["SpyHunterforMac (20251113)","Trend Micro Antivirus for Mac (20251113)","Sophos Home Premium For Mac (20251113)"],"avAllowList":["Avast Security for Mac (20251113)","Avira Security for Mac (20251113)","Bitdefender Antivirus for Mac (20251113)","ESET Cyber Security Pro for Mac (20251113)","G DATA AntiVirus for Mac (20251113)","K7 Antivirus for Mac (20251113)","Kaspersky Internet Security for Mac (20251113)","McAfee Internet Security for Mac (20251113)","Norton Security for Mac (20251113)"]},{"isRevoked":"False","fileName":"iBoysoft%20Data%20Recovery","fileVersion":"10.13.0","hashMD5":"402bc1f0919a183bdfedf745cbbd2c58","hashSHA1":"0c246d8043d026803c1274964edff3bd5c079424","hashSHA256":"1cb249a9ae300736b2e7765baa75ec3757a639f949a504c9197830f203ce8534","sourceIndex":"175","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://iboysoft.com/free-mac-data-recovery.html ","reference":"","landingPage":"https://iboysoft.com/free-mac-data-recovery.html ","directDownloadingLink":"https://download.iboysoft.com/download/downloadfile.php?p=macdatarecovery&d=notrial_product ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iboysoft.com/download/downloadfile.php?p=macdatarecovery&d=notrial_product ","sourceIndex":"175"}],"sampleFiles":["250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Samples/iboysoftdatarecovery_nt1755665383212.dmg","250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Samples/iBoysoft%20Data%20Recovery"],"imageFiles":["250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Images/ACR-004/app3.png","250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Images/ACR-004/app4.png","250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Images/ACR-004/app5.png","250820/iBoysoftDataRecoveryforMac-250820/5.2.4/Images/ACR-004/Purchase iBoysoft Data Recovery for Mac license key online.png"],"nonDeceptorImageFiles":[],"guid":"82921b57-163a-4cd4-96b0-12e4f0672291_5.2.4_1","appID":"iBoysoftDataRecoveryforMac-250820","dateAdded":"250820","deceptorType":"MacOS App","name":"iBoysoft Data Recovery for Mac","company":"iBoysoft","version":"5.2.4","lastKnownStatus":"5.2.4","lastKnownDate":"250820","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:12.4530783+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":246},{"violations":{"ACR-007":"The app does not obtain user explicit consent for the reduction in the consumer's security posture caused by sharing internet resources.\n","ACR-010":"The app establishes SMTP connections and uses them to send spam email advertisements to various addresses.\n","ACR-089":"App establishes SMTP connections and uses them to send spam email advertisements to various addresses.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n"},"samples":[{"isRevoked":"False","fileName":"restminder.exe","isInstaller":"True","companyName":"Globalhop                                                   ","fileVersion":"1.0","hashMD5":"149eace98b671ee3dfee406c7e02e789","hashSHA1":"c4452b167bbdc14fd9d1f960456153a5715be6f9","hashSHA256":"f6d52c755f871e552678b99a509bb856f3539d77320f53b2500fad701585e47a","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"596","avBlockList":["360 Total Security (20250821)","ESET Internet Security (20250821)","FortectPremium (20250821)","G DATA INTERNET SECURITY (20250821)","K7 Total Security (20250821)","Kaspersky Internet Security (20240711)","Malwarebytes Premium (20250821)","Panda Dome (20250821)","Quick Heal Internet Security (20250821)","Sophos Home Premium (20250821)","SpyHunter5 (20250821)","Trend Micro Internet Security (20250821)","VirIT eXplorer PRO (20250821)","Webroot SecureAnywhere (20250821)","KasperskyPremium (20250821)"],"avAllowList":["Avast Premium Security (20250821)","AVG Internet Security (20250821)","Avira Internet Security (20250821)","Bitdefender Internet Security (20250821)","COMODO Antivirus (20250821)","Dr.Web Security Space (20250821)","McAfee Total Protection (20250821)","Norton Security (20250821)","Total AV Antivirus Pro (20250821)","VIPRE Advanced Security (20250821)","Windows Defender (20250821)"]},{"isRevoked":"False","fileName":"RestMinder.exe","companyName":"Globalhop","fileVersion":"1.0","hashMD5":"d8ab7a0479590a62f8f66b2d38b211f6","hashSHA1":"2e325af27747862f531b3f33bf0f840fd0d1228b","hashSHA256":"68fe20838348412951d453b24f1e7f6d9257a52e28d0aaac68df600416f2f768","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"596","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://restminder.com/","directDownloadingLink":"https://restminder.com/download/restminder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://restminder.com/download/restminder.exe","sourceIndex":"596"}],"sampleFiles":["240627/restminder-220524/1.0.5.0/Samples/restminder%20(1).exe","240627/restminder-220524/1.0.5.0/Samples/RestMinder.exe"],"imageFiles":["240627/restminder-220524/1.0.5.0/Images/ACR-007/licenseagreement1.png","240627/restminder-220524/1.0.5.0/Images/ACR-007/licenseagreement2.png","240627/restminder-220524/1.0.5.0/Images/ACR-089/smtpconnections.png","240627/restminder-220524/1.0.5.0/Images/ACR-089/spamemail.png","240627/restminder-220524/1.0.5.0/Images/ACR-089/tcpstream.png","240627/restminder-220524/1.0.5.0/Images/ACR-010/smtpconnections.png","240627/restminder-220524/1.0.5.0/Images/ACR-010/spamemail.png","240627/restminder-220524/1.0.5.0/Images/ACR-010/tcpstream.png","240627/restminder-220524/1.0.5.0/Images/ACR-155/licenseagreement1.png","240627/restminder-220524/1.0.5.0/Images/ACR-155/licenseagreement2.png"],"nonDeceptorImageFiles":["240627/restminder-220524/1.0.5.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"195aeafe-7700-4663-aa4a-f8dc4ac4035f_1.0.5.0_1","appID":"restminder-220524","dateAdded":"250820","deceptorType":"App","name":"Restminder","company":"Globalhop Ltd","version":"1.0.5.0","firstResolvedVersion":"","lastKnownStatus":"1.0.0.0;1.0.4.0;1.0.5.0;1.0.6.0","lastKnownDate":"250820","type":"Windows Executable","category":"SysTools & Utilities, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-20T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":4,"sortOrder":249},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to disable its background process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-161":"The customer review shown on the landing page (https://app.traffmonetizer.com/) is unverifiable.\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Traffmonetizer\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\traffmonetizer\\app\\Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.34","hashMD5":"90dcd050ed61796a43c6ebf3727f0837","hashSHA1":"fdd234d03ee8d65592d36d638c37ad52e7816a13","hashSHA256":"ba3d24bbab42a729f5b089a350c5ed2132fe67b52386709e03c3acb49d506810","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"1204","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer (1).exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.34","hashMD5":"dcb050a81038862531cf2e23a095dbd0","hashSHA1":"3340822daaacb341a036a062503db2691f652559","hashSHA256":"3c49e41f4e9be499f026246d0f28a6ee6649ebb12d91ad7ef5a3932a21e5842c","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"1204","avBlockList":["Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","Bitdefender Internet Security (20230328)","ESET Internet Security (20230328)","G DATA INTERNET SECURITY (20230328)","K7 Total Security (20230328)","Kaspersky Internet Security (20230328)","Malwarebytes Premium (20230328)","McAfee Total Protection (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Quick Heal Internet Security (20230328)","Sophos Home Premium (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)"],"avAllowList":["360 Total Security (20230328)","COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","Trend Micro Internet Security (20230328)","VIPRE Advanced Security (20230328)","Windows Defender (20230328)"]}],"additionalFiles":[],"sources":[{"howFound":"System resource borrowing","reference":"similar app as EarnApp","landingPage":"https://traffmonetizer.com/downloads/","ipv4":"","ipv6":"","sourceIndex":"1204"}],"sampleFiles":["230222/Traffmonetizer-230208/1.1.3.34/Samples/Installer (1).exe"],"imageFiles":["230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-043/ACR-043.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-043/ACR-043_1.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-048/ACR-048.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-048/ACR-048_1.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-007/ACR-007.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-084/ACR-084.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-048/ACR-048-1.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-048/ACR-048-2.JPG"],"nonDeceptorImageFiles":["230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-040/ACR-040.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-045/ACR-045 (1).JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-045/ACR-045 (2).JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-098/ACR-098.JPG","230222/Traffmonetizer-230208/1.1.3.34/Images/ACR-161/ACR-161.JPG"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.34_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.34","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":269},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to disable its background process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Traffmonetizer\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\traffmonetizer\\app\\Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.35","hashMD5":"0bd9711e8566b28142dde063c0fc2e55","hashSHA1":"825114b80f32d3717a80271766d1da0afb67f76f","hashSHA256":"1701ec044ca08948619233defa56a893d6de36e1dbae7f524fe4fdf48fd9e619","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"1055","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.35","hashMD5":"7ed811b1b7b8c0f42396e997539de289","hashSHA1":"a1b8aa6cb741077e0c91e5b4f33f7263c28ae232","hashSHA256":"9b387b3a8c8c69d7359178661d01e42d6d5ce8972d539ec47e630e63d45a8206","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"1055","avBlockList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VIPRE Advanced Security (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","Windows Defender (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["McAfee Total Protection (20240801)","Trend Micro Internet Security (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://traffmonetizer.com/","directDownloadingLink":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*nop8cg*_ga*MTc5MDA0Mjc5MC4xNjg2MDMyMzgy*_ga_6SLKSETT5Z*MTY4NjAzMjM4Mi4xLjEuMTY4NjAzMjY2Mi41MS4wLjA.","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*nop8cg*_ga*MTc5MDA0Mjc5MC4xNjg2MDMyMzgy*_ga_6SLKSETT5Z*MTY4NjAzMjM4Mi4xLjEuMTY4NjAzMjY2Mi41MS4wLjA.","sourceIndex":"1055"}],"sampleFiles":["230606/Traffmonetizer-230208/1.1.3.35/Samples/Installer.exe"],"imageFiles":["230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-043/ACR-043.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-043/ACR-043_1.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-048/ACR-048.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-048/ACR-048_1.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-007/ACR-007.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-084/ACR-084.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-048/ACR-048_Software.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-048/ACR-048_Software_1.JPG"],"nonDeceptorImageFiles":["230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-040/ACR-040.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-045/ACR-045.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-045/ACR-045_1.JPG","230606/Traffmonetizer-230208/1.1.3.35/Images/ACR-098/ACR-098.JPG"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.35_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.35","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":268},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped in a hidden folder immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to disable its background process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Traffmonetizer\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\traffmonetizer\\app\\Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.37","hashMD5":"8c93a5d0dadfb019cf35026abbca8b4f","hashSHA1":"0ea93adf2445635d72d0165b7a7029048b37717f","hashSHA256":"af16910124b244bb3c03d972ecc372cc2480819a12b3ae2274c60423c5434c68","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"792","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0","fileVersion":"1.1.3.37","hashMD5":"1b521d24cfb43f6562ad4155672e57b9","hashSHA1":"163bd64b162679ec6d4400342beec32636162b9a","hashSHA256":"0e7cbda7db2e3a1ff3b7b82f859648e2569ee4a74ed9893dc26486f8768d01d7","digitalCertThumbprint":"074FBE7C90683AEC4D3FC9E25F857F68F567C1F1","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"792","avBlockList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","Windows Defender (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["McAfee Total Protection (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://traffmonetizer.com/","directDownloadingLink":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*102cao5*_ga*MTYyNjI3MDU5Ny4xNzAwODA2NDE2*_ga_6SLKSETT5Z*MTcwMDgwOTY1OS4yLjEuMTcwMDgwOTY4MC4zOS4wLjA.","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*102cao5*_ga*MTYyNjI3MDU5Ny4xNzAwODA2NDE2*_ga_6SLKSETT5Z*MTcwMDgwOTY1OS4yLjEuMTcwMDgwOTY4MC4zOS4wLjA.","sourceIndex":"792"}],"sampleFiles":["231128/Traffmonetizer-230208/1.1.3.37/Samples/Installer.exe"],"imageFiles":["231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-043/ACR-043.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-043/ACR-043_1.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-048/ACR-048.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-048/ACR-048_1.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-007/ACR-007.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-084/ACR-084.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-048/ACR-048_Software_1.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-048/ACR-048_Software.PNG"],"nonDeceptorImageFiles":["231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-040/ACR-040.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-045/ACR-045.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-045/ACR-045_1.PNG","231128/Traffmonetizer-230208/1.1.3.37/Images/ACR-098/ACR-098.PNG"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.37_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.37","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":267},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped in a hidden folder immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to disable its background process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Traffmonetizer\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\traffmonetizer\\app\\Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0+e438fd51e454af9cedd7d5ce6c01f37bc1e9922d","fileVersion":"1.1.3.39","hashMD5":"76ad5b4c7089405ca32b0e78107f5843","hashSHA1":"59a1130aab90c81dff8f433c25c4e62f9d9740bd","hashSHA256":"8214dd62e85a1eb864a87a044dea384d86ae77bf686acdc26617e4d12181b476","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"586","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0+e438fd51e454af9cedd7d5ce6c01f37bc1e9922d","fileVersion":"1.1.3.39","hashMD5":"5d35163029a29a28387bd696293ac3b7","hashSHA1":"3775491d5ee3ef728bf3ad703239f8cf99969f95","hashSHA256":"583d04b8bbc236de13ea34e48c8f7ccd0d24e8e4c96e801f3c913277a26ff9e0","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"Bytemarket OÜ","storeId":"","sourceIndex":"586","avBlockList":["360 Total Security (20250814)","Avast Premium Security (20250814)","AVG Internet Security (20250814)","Avira Internet Security (20250814)","Bitdefender Internet Security (20250814)","COMODO Antivirus (20250814)","Dr.Web Security Space (20250814)","ESET Internet Security (20250814)","FortectPremium (20250814)","G DATA INTERNET SECURITY (20250814)","K7 Total Security (20250814)","KasperskyPremium (20250814)","Malwarebytes Premium (20250814)","McAfee Total Protection (20250814)","Norton Security (20250814)","Panda Dome (20250814)","Quick Heal Internet Security (20250814)","Sophos Home Premium (20250814)","SpyHunter5 (20250814)","Total AV Antivirus Pro (20250814)","VIPRE Advanced Security (20250814)","VirIT eXplorer PRO (20250814)","Webroot SecureAnywhere (20250814)"],"avAllowList":["Trend Micro Internet Security (20250814)","Windows Defender (20250814)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"similar app as EarnApp","landingPage":"https://traffmonetizer.com/\t","directDownloadingLink":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*102cao5*_ga*MTYyNjI3MDU5Ny4xNzAwODA2NDE2*_ga_6SLKSETT5Z*MTcwMDgwOTY1OS4yLjEuMTcwMDgwOTY4MC4zOS4wLjA.\t","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://data.traffmonetizer.com/downloads/Installer.exe?_gl=1*102cao5*_ga*MTYyNjI3MDU5Ny4xNzAwODA2NDE2*_ga_6SLKSETT5Z*MTcwMDgwOTY1OS4yLjEuMTcwMDgwOTY4MC4zOS4wLjA.\t","sourceIndex":"586"}],"sampleFiles":["240722/Traffmonetizer-230208/1.1.3.39/Samples/Installer.exe"],"imageFiles":["240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-043/ACR-043.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-043/ACR-043_1.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-048/ACR-048_Install.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-048/ACR-048_Install_1.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-007/ACR-007.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-084/ACR-084.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-048/ACR-048.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-048/ACR-048_1.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-040/ACR-040.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-045/ACR-045.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-045/ACR-045_1.PNG","240722/Traffmonetizer-230208/1.1.3.39/Images/ACR-098/ACR-098.PNG"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.39_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.39","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":266},{"violations":{"ACR-043":"All the components of \"Traffmonetizer\" get dropped in a hidden folder immediately after inserting the Token without asking for the user's permission & disclosing its installation path. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-007":"The app does not obtain user consent which reduces the consumer's security posture caused by selling the user's traffic and performing monetization.\n","ACR-084":"On closing the app, the \"Traffmonetizer\" process runs in the background, hiding its presence from the consumer.\n\n"},"nonDeceptorViolations":{"ACR-040":" The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n"},"samples":[{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0+f779392360575e1bd8c43238934b6102605bd231","fileVersion":"1.1.3.41","hashMD5":"115530fd7ec7fcabcd8bd9886e41ed7f","hashSHA1":"257388e112588287a4dea465acdabc25acfcab2e","hashSHA256":"7c794d927194b7fe9a6c0a72f719baff9b6b4559264dfcdd9476dec7f12ab295","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization, CN=Bytemarket OÜ, SERIALNUMBER=16363621, O=Bytemarket OÜ, L=Tallinn, S=Harju maakond, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"177","avBlockList":["360 Total Security (20251106)","Avast Premium Security (20251106)","AVG Internet Security (20251106)","Avira Internet Security (20251106)","Bitdefender Internet Security (20251106)","Dr.Web Security Space (20251106)","ESET Internet Security (20251106)","FortectPremium (20251106)","G DATA INTERNET SECURITY (20251106)","K7 Total Security (20251106)","KasperskyPremium (20251106)","Malwarebytes Premium (20251106)","McAfee Total Protection (20251106)","Norton Security (20251106)","Panda Dome (20251106)","Quick Heal Internet Security (20251106)","Sophos Home Premium (20251106)","SpyHunter5 (20251106)","Total AV Antivirus Pro (20251106)","VIPRE Advanced Security (20251106)","VirIT eXplorer PRO (20251106)","Webroot SecureAnywhere (20251106)","Windows Defender (20251106)"],"avAllowList":["COMODO Antivirus (20251106)","Trend Micro Internet Security (20251106)"]},{"isRevoked":"False","fileName":"Traffmonetizer.exe","companyName":"Bytemarket","productName":"Traffmonetizer","productVersion":"1.0.0+f779392360575e1bd8c43238934b6102605bd231","fileVersion":"1.1.3.41","hashMD5":"f7e0afc7010467066205b6116db73b96","hashSHA1":"e5e5c446c726f2b1c84c27861e062e8d1d7d5462","hashSHA256":"ea7e2bad4d0d3d7a862ddf1bed0d5e8c3b81021e4e3e1235cdb73005da0a5e7a","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization, CN=Bytemarket OÜ, SERIALNUMBER=16363621, O=Bytemarket OÜ, L=Tallinn, S=Harju maakond, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"177","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Uninstall.exe","companyName":"Uninstall","productName":"Uninstall","productVersion":"1.0.0+f779392360575e1bd8c43238934b6102605bd231","fileVersion":"1.0.0.0","hashMD5":"9f1c865b109c7d0f93c1e4095c63a14e","hashSHA1":"620effaa5906a4b299043d7f781e01e3b5644c6a","hashSHA256":"66ecd6a1e2a671262a765be94f3d2fe7da2f11a5cb560d651d57e5ffa2b87fe1","digitalCertThumbprint":"099085AC74642B7A5CAB208622C671B1E723412C","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization, CN=Bytemarket OÜ, SERIALNUMBER=16363621, O=Bytemarket OÜ, L=Tallinn, S=Harju maakond, C=EE","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"177","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"System resource borrowing","reference":"similar app as EarnApp","landingPage":"https://traffmonetizer.com/downloads/","ipv4":"","ipv6":"","sourceIndex":"177"}],"sampleFiles":["250812/Traffmonetizer-230208/1.1.3.41/Samples/Installer.exe","250812/Traffmonetizer-230208/1.1.3.41/Samples/Traffmonetizer.exe"],"imageFiles":["250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-043/ACR-043.PNG","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-043/ACR-043_Install_1.png","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-048/ACR-048_Install.PNG","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-007/ACR-007_Install_2.png","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-084/ACR-084.PNG","250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":["250812/Traffmonetizer-230208/1.1.3.41/Images/ACR-040/ACR-040_Install_1.png"],"guid":"85ea3b88-d12a-4a29-9332-fee2d7f431be_1.1.3.41_1","appID":"Traffmonetizer-230208","dateAdded":"250812","deceptorType":"App","name":"Traffmonetizer","company":"Bytemarket","version":"1.1.3.41","lastKnownStatus":"1.1.3.34;1.1.3.35;1.1.3.37;1.1.3.39;1.3.41","lastKnownDate":"250812","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-08-12T21:17:49.5315177+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":265},{"violations":{"ACR-042":"The components get installed in one-click, without presenting EULA and obtaining the user's permission.\n","ACR-048":"The app does not provide control to enable/disable the created startup item within the app's settings.\n","ACR-007":"The app does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing.\n","ACR-084":"The app creates undisclosed startup item without the consumer's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself under %Appdata%\\Local\\ by default, which is a hidden folder and was not disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"LoadTeam.exe","productName":"LoadTeam","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"d8c863b2cc2442b978f9224ddb2f612e","hashSHA1":"5e443ec10b12d70e5897e837beb5c7c6aeb062f5","hashSHA256":"cf53b341aaf70f5fd3c418bed74ffeb5dfde422a02ea00103678e1e347870f39","digitalCertThumbprint":"81E477F74F07450273ADBAAF15477B124D16865A","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=LoadTeam, O=LoadTeam, L=Thorndon, S=Wellington, C=NZ","sourceIndex":"178","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LoadTeamSetup.exe","isInstaller":"True","productName":"LoadTeam","productVersion":"3.0.111.0","fileVersion":" 3.0.111.0","hashMD5":"55db07e30b619f2089f88ad3f3b3c7cf","hashSHA1":"1f4a7ba9521fc58685f753430238047aa99de1a9","hashSHA256":"a63f22101a4c8c1f65c2f7ac17363db7d417b231da4ac9bcf6fae955e043d736","digitalCertThumbprint":"81E477F74F07450273ADBAAF15477B124D16865A","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=LoadTeam, O=LoadTeam, L=Thorndon, S=Wellington, C=NZ","sourceIndex":"178","avBlockList":["Avast Premium Security (20251106)","AVG Internet Security (20251106)","Avira Internet Security (20251106)","Bitdefender Internet Security (20251106)","Dr.Web Security Space (20251106)","ESET Internet Security (20251106)","FortectPremium (20251106)","G DATA INTERNET SECURITY (20251106)","K7 Total Security (20251106)","KasperskyPremium (20251106)","Malwarebytes Premium (20251106)","McAfee Total Protection (20251106)","Norton Security (20251106)","Panda Dome (20251106)","Quick Heal Internet Security (20251106)","Sophos Home Premium (20251106)","SpyHunter5 (20251106)","Total AV Antivirus Pro (20251106)","Trend Micro Internet Security (20251106)","VIPRE Advanced Security (20251106)","VirIT eXplorer PRO (20251106)","Webroot SecureAnywhere (20251106)","Windows Defender (20251106)"],"avAllowList":["360 Total Security (20251106)","COMODO Antivirus (20251106)"]},{"isRevoked":"False","fileName":"LoadTeam_231016.exe","isInstaller":"True","fileVersion":"4.0","hashMD5":"17a77f91c6ca39ff33d3d9eed2de24b6","hashSHA1":"9896f070469b3d9d02c9b9532c698d7b649c7bf2","hashSHA256":"c5ff536eb51b5e14f6d6b332eef01a968584a104b9e92a7d2a9371c5ec1cbd49","digitalCertThumbprint":"81E477F74F07450273ADBAAF15477B124D16865A","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=LoadTeam, O=LoadTeam, L=Thorndon, S=Wellington, C=NZ","sourceIndex":"178","avBlockList":["360 Total Security (20251030)","Avast Premium Security (20251030)","AVG Internet Security (20251030)","Avira Internet Security (20251030)","Bitdefender Internet Security (20251030)","Dr.Web Security Space (20251030)","ESET Internet Security (20251030)","FortectPremium (20251030)","G DATA INTERNET SECURITY (20251030)","K7 Total Security (20251030)","KasperskyPremium (20251030)","Malwarebytes Premium (20251030)","McAfee Total Protection (20251030)","Norton Security (20251030)","Panda Dome (20251030)","Quick Heal Internet Security (20251030)","Sophos Home Premium (20251030)","SpyHunter5 (20251030)","Total AV Antivirus Pro (20251030)","Trend Micro Internet Security (20251030)","VIPRE Advanced Security (20251030)","VirIT eXplorer PRO (20251030)","Webroot SecureAnywhere (20251030)","Windows Defender (20251030)"],"avAllowList":["COMODO Antivirus (20251030)"]},{"isRevoked":"False","fileName":"LoadTeam%20-%20Copy.exe","companyName":"LoadTeam","productName":"LoadTeam.WindowsClient","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"148cef6ea04ddaa54b0fa4cc476189d1","hashSHA1":"b2839658826c6488b01bb3f2763832d7c8ab4c20","hashSHA256":"597fe42d48b08231648a36f94561b69ea5d704ac1c4b5b7dec6998024ced914f","digitalCertThumbprint":"81E477F74F07450273ADBAAF15477B124D16865A","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=LoadTeam, O=LoadTeam, L=Thorndon, S=Wellington, C=NZ","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"178","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing app for windows","reference":"","landingPage":"https://www.loadteam.com","directDownloadingLink":"https://www.loadteam.com/download/LoadTeamSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.loadteam.com/download/LoadTeamSetup.exe","sourceIndex":"178"}],"sampleFiles":["250811/LoadTeam-230308/4.2.0.0/Samples/LoadTeam.exe","250811/LoadTeam-230308/4.2.0.0/Samples/LoadTeamSetup.exe","250811/LoadTeam-230308/4.2.0.0/Samples/LoadTeam_231016.exe","250811/LoadTeam-230308/4.2.0.0/Samples/LoadTeam%20-%20Copy.exe"],"imageFiles":["250811/LoadTeam-230308/4.2.0.0/Images/ACR-042/ACR-042_Installation.gif","250811/LoadTeam-230308/4.2.0.0/Images/ACR-007/LoadTeam_.jpg","250811/LoadTeam-230308/4.2.0.0/Images/ACR-084/ACR-048_084_Startup.jpg","250811/LoadTeam-230308/4.2.0.0/Images/ACR-048/ACR-048_084_Startup.jpg"],"nonDeceptorImageFiles":["250811/LoadTeam-230308/4.2.0.0/Images/ACR-040/ACR-040_HiddenFolder.jpg"],"guid":"c0e30a1c-4659-4027-953e-60f7f24db797_4.2.0.0_1","appID":"LoadTeam-230308","dateAdded":"250811","deceptorType":"App","name":"LoadTeam","company":"LoadTeam Ltd.","version":"4.2.0.0","lastKnownStatus":"4.2.0.0","lastKnownDate":"250811","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"mining","lastUpdate":"2025-08-11T22:05:08.7076066+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":270},{"violations":{"ACR-048":"The app does not provide any control to enable/disable sharing network connection in software.\n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Honeygain_1.5.1.dmg","isInstaller":"True","hashMD5":"665bd7a8220f3ed475a52b4d2514af5f","hashSHA1":"a6eb651eaf8061acdc89c13039398d239faff5a7","hashSHA256":"859bbbbe09b2907f522db33651e8528af170df6ffc0d3484ed06e099d5cb5b8a","sourceIndex":"134","avBlockList":["Avast Security for Mac (20251014)","Avira Security for Mac (20251014)","ESET Cyber Security Pro for Mac (20251014)","McAfee Internet Security for Mac (20251014)","Norton Security for Mac (20251014)","Sophos Home Premium For Mac (20251014)","SpyHunterforMac (20251014)","Trend Micro Antivirus for Mac (20251014)"],"avAllowList":["Bitdefender Antivirus for Mac (20251014)","G DATA AntiVirus for Mac (20251014)","K7 Antivirus for Mac (20251014)","Kaspersky Internet Security for Mac (20251014)"]},{"isRevoked":"False","fileName":"Honeygain","fileVersion":"10.15.0","hashMD5":"655f254da3d593da2da3c1312bca4926","hashSHA1":"e4ba47c041661b08ca9c2cf37f275ca63c70546d","hashSHA256":"1f70a26ffb492171d2e37a7396a9aafbf7c1c75f209e039b19eaf3f256b53e4c","sourceIndex":"134","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Proxyware","reference":"","landingPage":"https://www.honeygain.com/","ipv4":"","ipv6":"","sourceIndex":"134"}],"sampleFiles":["250808/HoneyGain-250808/1.5.1/Samples/Honeygain_1.5.1.dmg"],"imageFiles":["250808/HoneyGain-250808/1.5.1/Images/ACR-007/ACR-007_Install_1.png","250808/HoneyGain-250808/1.5.1/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"9155068b-ce3f-491b-b90c-c2f58cddcc1b_1.5.1_1","appID":"HoneyGain-250808","dateAdded":"250808","deceptorType":"MacOS App","name":"HoneyGain","company":"HoneyGain","version":"1.5.1","firstVendorContactDate":"251007","firstAppEsteemReplyDate":"251008","firstResolvedDate":"260114","firstResolvedVersion":"1.5.3_n","resolved":"TRUE","lastKnownDate":"250808","type":"MacOS App","category":"Personalization & Search, Business Developer Tools","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2026-01-14T22:39:16.7971585+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":271},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.7_32.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fefac12138d1dc5f8537d435aa21f8ff","hashSHA1":"49b0d325ca54556106f223fc4c87dae5c3d603d9","hashSHA256":"be96bf9cb6fc15b07abe0fd5e1473be76a5968dca78889f4cd379d457d900390","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"213","avBlockList":["360 Total Security (20250605)","Avast Premium Security (20250605)","AVG Internet Security (20250605)","Avira Internet Security (20250605)","COMODO Antivirus (20250605)","Dr.Web Security Space (20250605)","ESET Internet Security (20250605)","FortectPremium (20250605)","G DATA INTERNET SECURITY (20250605)","K7 Total Security (20250605)","KasperskyPremium (20250605)","Malwarebytes Premium (20250605)","McAfee Total Protection (20250605)","Norton Security (20250605)","Panda Dome (20250605)","Quick Heal Internet Security (20250605)","Sophos Home Premium (20250605)","SpyHunter5 (20250605)","Total AV Antivirus Pro (20250605)","VirIT eXplorer PRO (20250605)","Webroot SecureAnywhere (20250605)","Windows Defender (20250605)"],"avAllowList":["Bitdefender Internet Security (20250605)","Trend Micro Internet Security (20250605)","VIPRE Advanced Security (20250605)"]},{"isRevoked":"False","fileName":"PacketShare.exe","fileVersion":"0.0","hashMD5":"618737b2a90a1849b9378cb579a5f815","hashSHA1":"0e4d8346ca6e7798398b53a946a24ccc81ee070d","hashSHA256":"2ffd383ea4ebce2c5587048252a07f8ea8d468e24a57de661b75d9f648587ff4","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"213","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/download.html","sourceIndex":"213"}],"sampleFiles":["250506/Packetshare-250211/2.0.7/Samples/packetshare_win_2.0.7_32.exe"],"imageFiles":["250506/Packetshare-250211/2.0.7/Images/ACR-007/Screenshot 2025-05-06 at 3.21.12 PM.png","250506/Packetshare-250211/2.0.7/Images/ACR-084/Screenshot 2025-05-06 at 3.23.42 PM.png"],"nonDeceptorImageFiles":["250506/Packetshare-250211/2.0.7/Images/ACR-007/website.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.7_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.7","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":274},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.6_31.exe","isInstaller":"True","companyName":"DATALABS LIMITED                                            ","fileVersion":"0.0","hashMD5":"741344e41e1a4011341e9b85cbc54f16","hashSHA1":"5a9132271eb06f99985d0c613d78f7d707dd5cf4","hashSHA256":"6856760a154d9e8a5dcecae6a9f64063e7631d308ea30fdb5d00ccb3fe244ac6","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"223","avBlockList":["360 Total Security (20250501)","Avast Premium Security (20250501)","AVG Internet Security (20250501)","Avira Internet Security (20250501)","Bitdefender Internet Security (20250501)","COMODO Antivirus (20250501)","ESET Internet Security (20250501)","FortectPremium (20250501)","G DATA INTERNET SECURITY (20250501)","K7 Total Security (20250501)","KasperskyPremium (20250501)","Malwarebytes Premium (20250501)","McAfee Total Protection (20250501)","Norton Security (20250501)","Panda Dome (20250501)","Sophos Home Premium (20250501)","SpyHunter5 (20250501)","Total AV Antivirus Pro (20250501)","VIPRE Advanced Security (20250501)","VirIT eXplorer PRO (20250501)","Webroot SecureAnywhere (20250501)","Windows Defender (20250501)"],"avAllowList":["Dr.Web Security Space (20250501)","Quick Heal Internet Security (20250501)","Trend Micro Internet Security (20250501)"]},{"isRevoked":"False","fileName":"PacketShare.exe","fileVersion":"0.0","hashMD5":"fe164cb39af3d4b5ea96ae31b0f940e4","hashSHA1":"e38b73a649515b2b88fd1fb271451b282b7a89e1","hashSHA256":"88a4ceec55f44cfae70c26426248008fc5994ee11149af12fb524d89997f40b5","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"223","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/files/packetshare_win_2.0.6_31.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/files/packetshare_win_2.0.6_31.exe","sourceIndex":"223"}],"sampleFiles":["250416/Packetshare-250211/2.0.6/Samples/packetshare_win_2.0.6_31.exe","250416/Packetshare-250211/2.0.6/Samples/PacketShare.exe"],"imageFiles":["250416/Packetshare-250211/2.0.6/Images/ACR-007/Install.png","250416/Packetshare-250211/2.0.6/Images/ACR-084/options.png","250416/Packetshare-250211/2.0.6/Images/ACR-084/Startup.png","250416/Packetshare-250211/2.0.6/Images/ACR-084/systray.png"],"nonDeceptorImageFiles":["250416/Packetshare-250211/2.0.6/Images/ACR-007/website.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.6_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.6","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":275},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.9_34.exe","isInstaller":"True","productName":"PacketShare","productVersion":"2.0.9","fileVersion":"0.0","hashMD5":"d1a2c8a9d96102a65017798963efede5","hashSHA1":"cd46c6e44e5d5a3840ae5b6fc049c9294884930a","hashSHA256":"7aa27284df112868016f9320b434b54cd918aa9d679f0ff964f277b080382808","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"190","avBlockList":["360 Total Security (20250731)","Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","Dr.Web Security Space (20250731)","ESET Internet Security (20250731)","FortectPremium (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","KasperskyPremium (20250731)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Norton Security (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","Total AV Antivirus Pro (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)"],"avAllowList":["Trend Micro Internet Security (20250731)","Windows Defender (20250731)"]},{"isRevoked":"False","fileName":"PacketShare.exe","productName":"PacketShare","productVersion":"0.0.0.0","fileVersion":"0.0","hashMD5":"24f11d31cd976fc02c339aa13dc4527a","hashSHA1":"847e90ce17f5b2e4f589bdbf9df7de4f35ca7d8a","hashSHA256":"f5af7d541192f3347bf31d0611369ef7b21d09c79345fbda32608ca1aa373cce","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"190","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","sourceIndex":"190"}],"sampleFiles":["250613/Packetshare-250211/2.0.9/Samples/packetshare_win_2.0.9_34.exe"],"imageFiles":["250613/Packetshare-250211/2.0.9/Images/ACR-007/Screenshot 2025-05-06 at 3.21.12 PM.png","250613/Packetshare-250211/2.0.9/Images/ACR-084/Screenshot 2025-06-13 at 3.49.20 PM.png"],"nonDeceptorImageFiles":["250613/Packetshare-250211/2.0.9/Images/ACR-007/website.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.9_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.9","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":273},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.3_28.exe","isInstaller":"True","companyName":"DATALABS LIMITED                                            ","fileVersion":"0.0","hashMD5":"e5b757a957c6775aa236e8bff1f474e0","hashSHA1":"cf35a3ba83d89b3b8caf9acefbabd3b6ae3ac354","hashSHA256":"0f473a36a124344893534ebf630f49446fb852a043abde4f5b70cf42d3753a29","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"236","avBlockList":["360 Total Security (20250403)","Avast Premium Security (20250403)","AVG Internet Security (20250403)","Avira Internet Security (20250403)","Bitdefender Internet Security (20250403)","COMODO Antivirus (20250403)","Dr.Web Security Space (20250403)","ESET Internet Security (20250403)","FortectPremium (20250403)","G DATA INTERNET SECURITY (20250403)","K7 Total Security (20250403)","KasperskyPremium (20250403)","Malwarebytes Premium (20250403)","McAfee Total Protection (20250403)","Norton Security (20250403)","Panda Dome (20250403)","Quick Heal Internet Security (20250403)","Sophos Home Premium (20250403)","SpyHunter5 (20250403)","Total AV Antivirus Pro (20250403)","VIPRE Advanced Security (20250403)","VirIT eXplorer PRO (20250403)","Webroot SecureAnywhere (20250403)","Windows Defender (20250403)"],"avAllowList":["Trend Micro Internet Security (20250403)"]},{"isRevoked":"False","fileName":"PacketShare.exe","fileVersion":"0.0","hashMD5":"612ea2ca8bb560efb597854db6eea4fb","hashSHA1":"7a664e074c77af0cbafa7bfb9549554f8957d0fb","hashSHA256":"442c07de96e64bca81c8bdaf7d72c407199fb5622090813abcdd43dcbf7175ab","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"236","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","sourceIndex":"236"}],"sampleFiles":["250226/Packetshare-250211/2.0.3/Samples/packetshare_win_2.0.3_28.exe"],"imageFiles":["250226/Packetshare-250211/2.0.3/Images/ACR-007/ACR-007_Install_1.png","250226/Packetshare-250211/2.0.3/Images/ACR-084/ACR-084_Software_1.png","250226/Packetshare-250211/2.0.3/Images/ACR-084/ACR-084_Software_2.png"],"nonDeceptorImageFiles":["250226/Packetshare-250211/2.0.3/Images/ACR-007/ACR-007_Landing page_1.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.3_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.3","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":277},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.1.0_35.exe","isInstaller":"True","productName":"PacketShare","productVersion":"2.1.0","hashMD5":"7274794cc656c10dec766c3dc469dd9c","hashSHA1":"be0296e1e6c68b04d9489ef5299eaf955cafcd5f","hashSHA256":"14bcce074e9d369a225ccc5fc107567557d84fc0d6ec41ea8ff76524327d1820","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"179","avBlockList":["360 Total Security (20251028)","Avast Premium Security (20251028)","AVG Internet Security (20251028)","Avira Internet Security (20251028)","Bitdefender Internet Security (20251028)","COMODO Antivirus (20251028)","ESET Internet Security (20251028)","FortectPremium (20251028)","G DATA INTERNET SECURITY (20251028)","K7 Total Security (20251028)","KasperskyPremium (20251028)","Malwarebytes Premium (20251028)","McAfee Total Protection (20251028)","Norton Security (20251028)","Panda Dome (20251028)","Quick Heal Internet Security (20251028)","Sophos Home Premium (20251028)","SpyHunter5 (20251028)","Total AV Antivirus Pro (20251028)","VIPRE Advanced Security (20251028)","VirIT eXplorer PRO (20251028)","Webroot SecureAnywhere (20251028)"],"avAllowList":["Dr.Web Security Space (20251028)","Trend Micro Internet Security (20251028)","Windows Defender (20251028)"]},{"isRevoked":"False","fileName":"PacketShare.exe","hashMD5":"7f43c77d1ae05e9c37705405e361c3e5","hashSHA1":"cb21323ef4d25c023762e03b0c234768fee0b978","hashSHA256":"c321490f13a3fd221fcb08104dcadf3442c1e7a742d9c23e47cac14e8ad0200b","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"179","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/file/windows/packetshare_win_2.1.0_35.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/file/windows/packetshare_win_2.1.0_35.exe","sourceIndex":"179"}],"sampleFiles":["250807/Packetshare-250211/2.1.0/Samples/packetshare_win_2.1.0_35.exe"],"imageFiles":["250807/Packetshare-250211/2.1.0/Images/ACR-007/ACR-007_Install_1.png","250807/Packetshare-250211/2.1.0/Images/ACR-084/ACR-084_Software_1.png","250807/Packetshare-250211/2.1.0/Images/ACR-084/ACR-084_Software_2.png","250807/Packetshare-250211/2.1.0/Images/ACR-084/ACR-084_Software_3.png"],"nonDeceptorImageFiles":["250807/Packetshare-250211/2.1.0/Images/ACR-007/ACR-007_Landing page_1.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.1.0_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.1.0","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T21:37:17.811481+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":272},{"violations":{"ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\n","ACR-084":"1. Application creates auto start up when windows starts entry without disclosing it to user during installation.\n2. Application doesn't notify user when it is close to systray and continues running (sharing network resource is active) in background\n3. Application doesn't have control option both in application setting or menu from minimized icon in systray for user to disable sharing immediately \n"},"nonDeceptorViolations":{"ACR-007":"Application landing page doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks.\n"},"samples":[{"isRevoked":"False","fileName":"packetshare_win_2.0.5_30.exe","isInstaller":"True","companyName":"DATALABS LIMITED                                            ","fileVersion":"0.0","hashMD5":"c33271be3ef69b2266b852e64383229c","hashSHA1":"6693526526d326e7b14bbb71c21ea32f0dfa11ea","hashSHA256":"afad6abb7f3f088b28b00f011c96f8d9a05e35243d579f515ea156052584dc5a","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"230","avBlockList":["360 Total Security (20250410)","Avast Premium Security (20250410)","AVG Internet Security (20250410)","Avira Internet Security (20250410)","COMODO Antivirus (20250410)","Dr.Web Security Space (20250410)","FortectPremium (20250410)","G DATA INTERNET SECURITY (20250410)","K7 Total Security (20250410)","KasperskyPremium (20250410)","Malwarebytes Premium (20250410)","McAfee Total Protection (20250410)","Norton Security (20250410)","Panda Dome (20250410)","Quick Heal Internet Security (20250410)","Sophos Home Premium (20250410)","SpyHunter5 (20250410)","Total AV Antivirus Pro (20250410)","VirIT eXplorer PRO (20250410)","Webroot SecureAnywhere (20250410)"],"avAllowList":["Bitdefender Internet Security (20250410)","ESET Internet Security (20250410)","Trend Micro Internet Security (20250410)","VIPRE Advanced Security (20250410)","Windows Defender (20250410)"]},{"isRevoked":"False","fileName":"PacketShare.exe","fileVersion":"0.0","hashMD5":"72e4cc690e3372a134e4459749d4d246","hashSHA1":"1873fba935a23878b5f7c749b1620d762c7093d2","hashSHA256":"948e63b9a789d8b8717d631e2d307bab2e4290ed2e3e64b827944f0a3aa03b17","digitalCertThumbprint":"7FC4A6FB97D06A48B8BB115E97D6635E979DA85D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=DATALABS LIMITED, O=DATALABS LIMITED, L=WAN CHAI, C=HK, SERIALNUMBER=3222394, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"230","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"sharing","reference":"","landingPage":"https://www.packetshare.io/","directDownloadingLink":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.packetshare.io/files/packetshare_win_2.0.3_28.exe","sourceIndex":"230"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://www.packetshare.io/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"231"}],"sampleFiles":["250401/Packetshare-250211/2.0.5.30/Samples/packetshare_win_2.0.5_30.exe","250401/Packetshare-250211/2.0.5.30/Samples/PacketShare.exe"],"imageFiles":["250401/Packetshare-250211/2.0.5.30/Images/ACR-007/ACR-007_Install_1.png","250401/Packetshare-250211/2.0.5.30/Images/ACR-084/ACR-084_Software_1.png","250401/Packetshare-250211/2.0.5.30/Images/ACR-084/ACR-084_Software_2.png"],"nonDeceptorImageFiles":["250401/Packetshare-250211/2.0.5.30/Images/ACR-007/ACR-007_Landing page_1.png"],"guid":"206ecd2e-f23d-41f2-b969-106948fe825c_2.0.5.30_1","appID":"Packetshare-250211","dateAdded":"250807","deceptorType":"App","name":"Packetshare","company":"DATALABS LIMITED","version":"2.0.5.30","lastKnownStatus":"2.0.3;2.0.5.30;2.0.6;2.0.7;2.0.9;2.1.0","lastKnownDate":"250807","type":"Windows Executable","category":"Productivity, Business Developer Tools","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-08-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":276},{"violations":{"ACR-042":"Infatica service (system resource borrowing) components are installed without obtaining user permission through explicit user action.\n","ACR-043":"Application installs the system resource borrowing components without disclosing to user.\n","ACR-046":"Application doesn't present any EULA, Privacy Policy and disclose the non-expected behaviors (system resource borrowing) during installation. \n","ACR-048":"User has no option to disable system resource borrowing process.\n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource. Application doesn't provide straightforward approach how to disable the network resource sharing.\n","ACR-084":"Application doesn't provide any notification to user that Infatica service running (system resource borrowing) in background.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"NinjaVPN.msi","isInstaller":"True","hashMD5":"fccd431478bacaf53bd9ec13296a999f","hashSHA1":"23783e0ae4945746d021105c45b2ac65c3f0ced5","hashSHA256":"0eb8d760a5623c5f2e42eb56083e679824717281dae2e7cb08580522f60c0776","sourceIndex":"180","avBlockList":["360 Total Security (20251023)","Avast Premium Security (20251023)","AVG Internet Security (20251023)","Avira Internet Security (20251023)","COMODO Antivirus (20251023)","Dr.Web Security Space (20251023)","ESET Internet Security (20251023)","G DATA INTERNET SECURITY (20251023)","K7 Total Security (20251023)","KasperskyPremium (20251023)","Malwarebytes Premium (20251023)","McAfee Total Protection (20251023)","Norton Security (20251023)","Panda Dome (20251023)","Quick Heal Internet Security (20251023)","Sophos Home Premium (20251023)","SpyHunter5 (20251023)","Total AV Antivirus Pro (20251023)","VirIT eXplorer PRO (20251023)","Webroot SecureAnywhere (20251023)","Windows Defender (20251023)"],"avAllowList":["Bitdefender Internet Security (20251023)","FortectPremium (20251023)","Trend Micro Internet Security (20251023)","VIPRE Advanced Security (20251023)"]},{"isRevoked":"False","fileName":"NinjaVPN.exe","companyName":"Infatica Pte. Ltd","productName":"NinjaVPN","productVersion":"1.0.5.0","fileVersion":"1.0.5.0","hashMD5":"d301a26564cd395f1604a9debfdbc0ec","hashSHA1":"6f5f0d4006869dfdd14070d75e4df0b09b45ff20","hashSHA256":"19bd0090a3230bfd279822fff2d58d32561f53e20e97eaec93734ac7f3532ebf","sourceIndex":"180","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UninstallHelper.exe","productName":"UninstallHelper","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"47862291ec8b3274614d53a1b20e9a29","hashSHA1":"2fcf3f5ffd542811c674cfcc5598f493e64b5ba9","hashSHA256":"66754372a58c140d91de382071bb58a69a924f065e78c5f42836e0d416a7da1c","sourceIndex":"180","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"infatica-service-app.exe","productName":"Infatica Service","productVersion":"1.0.5","hashMD5":"0e3382aab10a63f6a24a7618baaf0f99","hashSHA1":"b4091591c02a925f5b7bfffd07da2d2fd385ee29","hashSHA256":"2cc1166bb981ddcf07117c099c9146c019423691c9ab63e4da7e4f868ef5cb44","digitalCertThumbprint":"78845D96DC775C83C4CBBADEFA54253F099336E0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Infatica pte ltd, OU=Infatica pte ltd, O=Infatica pte ltd, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"180","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"infatica-service.dll","productName":"Infatica Service","productVersion":"1.0.5","hashMD5":"786effa553cd1ee519145aed401543e1","hashSHA1":"d42fc9fbe950319e98e15e568e4327866cd50ca9","hashSHA256":"6be2ca2dc8767c31960043af92163a73861969b8b22f0ebd7d1fa2bbe0caa6db","digitalCertThumbprint":"78845D96DC775C83C4CBBADEFA54253F099336E0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Infatica pte ltd, OU=Infatica pte ltd, O=Infatica pte ltd, L=Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"180","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"proxy.exe","hashMD5":"42f8636278300dc2f85acf45a5eb670b","hashSHA1":"f6d1c69df1c730db957f9a0ee45fb96f61dc8a24","hashSHA256":"55c5a4b4207da0ec23ed1caad79a3a5f9ac14c4f454752bd0201e6199963814a","sourceIndex":"180","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Security partner report","reference":"Infatica","landingPage":"https://infatica-sdk.io/","ipv4":"","ipv6":"","sourceIndex":"180"}],"sampleFiles":["250731/NinjaVPN-250729/1.0.5.0/Samples/NinjaVPN.msi"],"imageFiles":["250731/NinjaVPN-250729/1.0.5.0/Images/ACR-043/ACR-043_Install_1.png","250731/NinjaVPN-250729/1.0.5.0/Images/ACR-042/ACR-042_Install_1.png","250731/NinjaVPN-250729/1.0.5.0/Images/ACR-048/ACR-048_Software_1.png","250731/NinjaVPN-250729/1.0.5.0/Images/ACR-048/ACR-048_Software_2.png","250731/NinjaVPN-250729/1.0.5.0/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"ea5167d4-735d-4cb3-826b-2d074dd5bbab_1.0.5.0_1","appID":"NinjaVPN-250729","dateAdded":"250731","deceptorType":"App","name":"NinjaVPN","company":" Infatica Pte. Ltd","version":"1.0.5.0","lastKnownStatus":"1.0.5.0","lastKnownDate":"250731","type":"Windows Executable","category":"Productivity, Personalization & Search","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-07-31T18:07:24.9099298+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":278},{"violations":{"ACR-048":"When application is running in the background, it doesn't has approach to allow user to immediately disable the borrowing activity. The network sharing activities can't be disabled even user disable the sharing.\n","ACR-007":"During installation application doesn't disclose the potential risks related with sharing network resource (IP/Bandwidth), doesn't disclose how application team manage the potential risks, and obtain user's explicit consent for borrowing network resource.\nApplication doesn't provide straightforward approach how to disable the network resource sharing.\n","ACR-084":"Application doesn't provide notification that it is still running and sharing is active when application is closed and minimized to system tray.\n","ACR-119":"Application doesn't remove the active components after uninstallation completes.\n","ACR-124":"Application make uninstallation difficult by asking unnecessary more than one confirmation\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ByteBenefit_Setup.exe","isInstaller":"True","productName":"ByteBenefit_Setup","productVersion":"1.0.0.0","fileVersion":"1.0","hashMD5":"403d4206ccce49c1793e899018a85a44","hashSHA1":"5b07233bb42c3edf0a1d2828c7d0daf5f1e21013","hashSHA256":"b2fe7f9446d99d029418e8559bedc1858d8d347031f9b04c8bc5b37b518f2442","digitalCertThumbprint":"59B5FB55ACE3824B2A43DA14724C58A9E73E267E","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Infatica Pte. Ltd., O=Infatica Pte. Ltd., S=Central Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"183","avBlockList":["Avast Premium Security (20251016)","AVG Internet Security (20251016)","Avira Internet Security (20251016)","COMODO Antivirus (20251016)","ESET Internet Security (20251016)","FortectPremium (20251016)","G DATA INTERNET SECURITY (20251016)","K7 Total Security (20251016)","KasperskyPremium (20251016)","Malwarebytes Premium (20251016)","McAfee Total Protection (20251016)","Norton Security (20251016)","Panda Dome (20251016)","Quick Heal Internet Security (20251016)","Sophos Home Premium (20251016)","SpyHunter5 (20251016)","Total AV Antivirus Pro (20251016)","VirIT eXplorer PRO (20251016)","Webroot SecureAnywhere (20251016)"],"avAllowList":["360 Total Security (20251016)","Bitdefender Internet Security (20251016)","Dr.Web Security Space (20251016)","Trend Micro Internet Security (20251016)","VIPRE Advanced Security (20251016)","Windows Defender (20251016)"]},{"isRevoked":"False","fileName":"ByteBenefit.exe","companyName":"ByteBenefit","productName":"ByteBenefit","productVersion":"1.0.2+11","fileVersion":"1.0","hashMD5":"359f80383dab93fc61033654d754af35","hashSHA1":"49cba7675543ae2590645374da1b584621169da9","hashSHA256":"91beef2dfaee0b6d7ca210d04bb8470e513b3b37b03936d95535bb0b72e13f35","digitalCertThumbprint":"59B5FB55ACE3824B2A43DA14724C58A9E73E267E","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Infatica Pte. Ltd., O=Infatica Pte. Ltd., S=Central Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"183","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ByteBenefit_Uninstaller.exe","companyName":"ByteBenefit","productName":"ByteBenefit","productVersion":"1.0.0+7","fileVersion":"1.0","hashMD5":"4321df0d9719faebf5eaadb56a8b6b84","hashSHA1":"0ff40614e631bcb054243f616200dcf14b2e4da9","hashSHA256":"bff073ab9128e2d24b018e69f76e7b39fe91ab388f3b05731266c4a38ad898e5","digitalCertThumbprint":"59B5FB55ACE3824B2A43DA14724C58A9E73E267E","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Infatica Pte. Ltd., O=Infatica Pte. Ltd., S=Central Singapore, C=SG","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"183","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Security partner report","reference":"P2B","landingPage":"https://bytebenefit.io","directDownloadingLink":"https://app.bytebenefit.io/ByteBenefit_Setup","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://app.bytebenefit.io/ByteBenefit_Setup","sourceIndex":"183"}],"sampleFiles":["250728/ByteBenefit-250728/1.0.2/Samples/ByteBenefit_Setup.exe","250728/ByteBenefit-250728/1.0.2/Samples/ByteBenefit.exe","250728/ByteBenefit-250728/1.0.2/Samples/ByteBenefit_Uninstaller.exe"],"imageFiles":["250728/ByteBenefit-250728/1.0.2/Images/ACR-007/ACR-007_Install_1.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-007/ACR-007_Install_2.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-048/Screenshot 2025-07-28 at 2.36.32 PM.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-048/Screenshot 2025-07-28 at 2.42.45 PM.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-007/ACR-007_Software_1.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-119/ACR-119_Uninstall_1.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-124/ACR-124_Uninstall_1.png","250728/ByteBenefit-250728/1.0.2/Images/ACR-124/ACR-124_Uninstall_2.png"],"nonDeceptorImageFiles":[],"guid":"67eaaffd-5a97-449d-aee7-bc9d7ee37fe1_1.0.2_1","appID":"ByteBenefit-250728","dateAdded":"250728","deceptorType":"App","name":"ByteBenefit","company":"Infatica Pte. Ltd","version":"1.0.2","lastKnownStatus":"1.0.2","lastKnownDate":"250728","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-07-28T21:59:16.3641356+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":279},{"violations":{"ACR-043":"Open source project \"Open VPN\" is installed without any disclosure in EULA. \n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-007":"The app's disclosure regarding the user's need to join the P2P network to use the app is not explained in detail which can reduce the consumer's security posture.\n","ACR-013":"The user is interrupted by non-consented offers to silently install unrelated software during the launch of the application.\n","ACR-057":"The accept/decline option is not made obvious to the consumer in the offer.\n","ACR-055":"The accept and decline options are not made consistent among the offers.\n","ACR-059":"The Offer are not clearly marked as an optional offer, who is recommending the offers are not clear\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app's disclosure regarding the user's need to join the P2P network to use the app is not straightforward or explained in detail which can reduce the consumer's security posture.\n","ACR-065":"The app does not provide EULA and Privacy policy for the offered apps.\n","ACR-092":"The app's main executable does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"freevpn_setup.exe","isInstaller":"True","companyName":"Keen Internet Technologies Ltd","productName":"Free VPN","productVersion":"2.01.02.00","fileVersion":"2.1","hashMD5":"e1688f100d6a1c5f0f7a08705984a9fc","hashSHA1":"1e8b86c50faf24af085fccc0ab53601cf804004a","hashSHA256":"cd4e15921e095509850e4bf456dbd0a949536d1cda6ec31bd92476d86a821eef","digitalCertThumbprint":"0D9EF1D40FFF2E9E3B76DD17B46618E806A679B6","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=Keen Internet Technologies Ltd, O=Keen Media Group, L=Rishon LeZion, C=IL","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"184","avBlockList":["360 Total Security (20251007)","Avast Premium Security (20251007)","AVG Internet Security (20251007)","Avira Internet Security (20251007)","COMODO Antivirus (20251007)","Dr.Web Security Space (20251007)","ESET Internet Security (20251007)","FortectPremium (20251007)","G DATA INTERNET SECURITY (20251007)","K7 Total Security (20251007)","KasperskyPremium (20251007)","Malwarebytes Premium (20251007)","McAfee Total Protection (20251007)","Norton Security (20251007)","Panda Dome (20251007)","Quick Heal Internet Security (20251007)","Sophos Home Premium (20251007)","SpyHunter5 (20251007)","Total AV Antivirus Pro (20251007)","Trend Micro Internet Security (20251007)","VirIT eXplorer PRO (20251007)","Webroot SecureAnywhere (20251007)","Windows Defender (20251007)"],"avAllowList":["Bitdefender Internet Security (20251007)","VIPRE Advanced Security (20251007)"]},{"isRevoked":"False","fileName":"FreeVPN.exe","companyName":"Keen Internet Technologies Ltd","productName":"FreeVPN","productVersion":"2.1.2.1","fileVersion":"2.1","hashMD5":"4ed6543c73e759ee179dbe9695789bf8","hashSHA1":"f4096c19328ef6dd1b03168524719245a0eefb5a","hashSHA256":"8bab725accbd7999dd2d4aa4a5f822db0d9187223679295e61ca52147288c3a3","sourceIndex":"184","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"expired certified app","reference":"","landingPage":"https://www.freevpn.win/","directDownloadingLink":"https://www.freevpn.win/builds/freevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freevpn.win/builds/freevpn_setup.exe","sourceIndex":"184"}],"sampleFiles":["250721/FreeVPN-230609/2.01.02.00/Samples/freevpn_setup.exe"],"imageFiles":["250721/FreeVPN-230609/2.01.02.00/Images/ACR-043/ACR-043.JPG","250721/FreeVPN-230609/2.01.02.00/Images/ACR-048/ACR-048.JPG","250721/FreeVPN-230609/2.01.02.00/Images/ACR-007/ACR-007_Software_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-013/ACR-013_Software_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-057/ACR-057_Bundler-made offers_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-059/ACR-059_Bundler-made offers_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-155/ACR-155_Bundler-made offers_1.png","250721/FreeVPN-230609/2.01.02.00/Images/ACR-055/ACR-055_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["250721/FreeVPN-230609/2.01.02.00/Images/ACR-045/ACR-045.JPG","250721/FreeVPN-230609/2.01.02.00/Images/ACR-065/ACR-065_Bundler-made offers_1.png"],"guid":"ad1bdffe-aeca-4f8d-9e5f-262255d76b93_2.01.02.00_1","appID":"FreeVPN-230609","dateAdded":"250721","deceptorType":"App","name":"Free VPN","company":"Keen Internet Technologies Ltd","version":"2.01.02.00","lastKnownDate":"250721","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-07-21T21:54:52.9058841+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":280},{"violations":{"ACR-046":"Disclosures for the optional offer are not visible.\n","ACR-013":"The offer interruptedly appears when user choose to download the driver to update without user consent.\n","ACR-060":"The offer network does not disclose itself in its offers.\n","ACR-118":"ProxymaData is not removed after DriverHub being uninstalled completely.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The use of checkbox is non-rational when the only option to proceed is \"Install all recommended\" option.\n","ACR-055":"The offer is not presented with clear decline/accept option.\n","ACR-059":"The presented offers are not clear who recommended it. Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended Software to install.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driver-hub-install__28.exe","isInstaller":"True","productName":"DriverHub","productVersion":"4.3.0.0","fileVersion":"4.3","hashMD5":"33f914d2a2c1d8a6f4cea578a4a76dc5","hashSHA1":"ffc43d087de95280b1d11c878a17d328a0bfebf1","hashSHA256":"838c1a1b83127539dc1483cd66741c9208810c780bfe79feba3d7787875a7e9f","digitalCertThumbprint":"8A98D1F804E5599C5AE52C82CA4272544BFE5616","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, STREET=\"ПЕР ДОЛОМАНОВСКИЙ, ЗД. 70Д, КВ.1(10 ЭТАЖ)\", L=Ростов-на-Дону, S=Ростовская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"158","avBlockList":["360 Total Security (20250925)","Avast Premium Security (20250925)","AVG Internet Security (20250925)","Avira Internet Security (20250925)","Bitdefender Internet Security (20250925)","COMODO Antivirus (20250925)","Dr.Web Security Space (20250925)","ESET Internet Security (20250925)","FortectPremium (20250925)","G DATA INTERNET SECURITY (20250925)","K7 Total Security (20250925)","KasperskyPremium (20250925)","Malwarebytes Premium (20250925)","McAfee Total Protection (20250925)","Norton Security (20250925)","Panda Dome (20250925)","Quick Heal Internet Security (20250925)","Sophos Home Premium (20250925)","SpyHunter5 (20250925)","Total AV Antivirus Pro (20250925)","VIPRE Advanced Security (20250925)","VirIT eXplorer PRO (20250925)","Webroot SecureAnywhere (20250925)","Windows Defender (20250925)"],"avAllowList":["Trend Micro Internet Security (20250925)"]},{"isRevoked":"False","fileName":"DriverHub.exe","companyName":"ROSTPAY LTD","productName":"DriverHub","productVersion":"1.3.18.2147","fileVersion":"1.3","hashMD5":"85cdd0909f9ae260b024a8d5b29039af","hashSHA1":"d42dd7691babd3e7cced9476fef4fbc976e2ddde","hashSHA256":"03823d9d40a102cc742c1d3affc79689fbe725df7296654219373682f6f6135d","digitalCertThumbprint":"8A98D1F804E5599C5AE52C82CA4272544BFE5616","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, STREET=\"ПЕР ДОЛОМАНОВСКИЙ, ЗД. 70Д, КВ.1(10 ЭТАЖ)\", L=Ростов-на-Дону, S=Ростовская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"158","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverHubUninstaller.exe","productName":"DriverHub","productVersion":"4.2.1.0","fileVersion":"4.2","hashMD5":"80b76037f21558add4b505bc5cb7722e","hashSHA1":"af9a436325785128f74a939033d397a2115f0b79","hashSHA256":"65831cae481b3b30e76901a513070536d005ddb12859358403ca906d9492de2b","digitalCertThumbprint":"8A98D1F804E5599C5AE52C82CA4272544BFE5616","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, STREET=\"ПЕР ДОЛОМАНОВСКИЙ, ЗД. 70Д, КВ.1(10 ЭТАЖ)\", L=Ростов-на-Дону, S=Ростовская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"158","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDClient.exe","companyName":"ProxymaData","productName":"ProxymaData","productVersion":"2.0.0.0","fileVersion":"2.0","hashMD5":"8568211dd3ebd8f4e25d24cdbf865256","hashSHA1":"241ca16436067c67993bdf059bd63a19f22bd2a3","hashSHA256":"942e7f147ffca11881d5c1fb464bd77a195f68b9ea99b35de4e43a23a274d259","sourceIndex":"158","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.exe","companyName":"ROSTPAY LTD","productName":"DriverHub","productVersion":"1.3.2.1453","fileVersion":"1.0","hashMD5":"54e9828639d39704de9ecc955a71efe1","hashSHA1":"110aff5704e13b9f81414d084d92054f3a28d970","hashSHA256":"d08d70e7059021c98e7dc1b2ed1ac3649de214d426060dbf8b61e9bac427382a","digitalCertThumbprint":"5D3831FCE274BD4312AFCB10BEDF5D55671DB13F","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ, STREET=\"ПЕР. ДОЛОМАНОВСКИЙ, Д.70 К.Д, КВ.1(10 ЭТАЖ)\", L=Ростов-на-Дону, S=Ростовская область, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"158","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IndexingManager.exe","productName":"Indexing manager","productVersion":"1.4.0.0","fileVersion":"1.4","hashMD5":"6b1f1e2b742c77579938402e303cd294","hashSHA1":"f21dc2f072179d321316dd71e1a6666435aaecdc","hashSHA256":"612b1b31393bd885913dccfc0725aff97d65588ab446e39ab7a00f7b6e2a28dc","sourceIndex":"158","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ; expired certified","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"158"}],"sampleFiles":["250708/DriverHub-220208/1.3.18/Samples/driver-hub-install__28.exe"],"imageFiles":["250708/DriverHub-220208/1.3.18/Images/ACR-118/ACR-118_Uninstall_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-118/ACR-118_Uninstall_2.png","250708/DriverHub-220208/1.3.18/Images/ACR-046/ACR-046_Install_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-059/ACR-059_Inline offers_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-055/ACR-055_Inline offers_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-057/ACR-057_In-bundle offers_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-013/ACR-013_Software_1.png","250708/DriverHub-220208/1.3.18/Images/ACR-013/ACR-013_Software_2.png","250708/DriverHub-220208/1.3.18/Images/ACR-060/ACR-060_In-bundle offers_1.png"],"nonDeceptorImageFiles":[],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.3.18_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.3.18","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T21:22:52.9356125+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":281},{"violations":{"ACR-046":"Disclosures for the optional offer are not visible.\n","ACR-048":"The app does not provide control to defer the installation process for the optional offer. Installation proceeds for the optional offer despite not clicking the Install button across the item.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The use of checkbox is non-rational when the only option to proceed is \"Install all recommended\" option.\n","ACR-059":"The presented offer \"Opera Web Browser\" is not clear who recommended it. Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended Software to install.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DriverHub.exe","companyName":"ROSTPAY LTD","fileVersion":"1.3","hashMD5":"90c85709415e86ba9c9371ee7ad26a41","hashSHA1":"09875c4747e670c426680cb3451db9d723e5ae6f","hashSHA256":"a19e3573b659c0190e2195faee934918890cb4d03d4cace3256822d34f0b92e8","digitalCertThumbprint":"06DA93A00B5C193261A4FAE08023F5413C67844E","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1 (10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"896","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driver-hub-install__28.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"ff25f4db981a5980797d736f97adaab6","hashSHA1":"77ccf75074599fc076f89060f257feeda5607d33","hashSHA256":"a1f6905b424b2e1479dc823688f3eaffddd8c7537abe9c5ada4a1bcbca25c79c","digitalCertThumbprint":"06DA93A00B5C193261A4FAE08023F5413C67844E","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1 (10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"896","avBlockList":["Avast Premium Security (20250710)","AVG Internet Security (20250710)","Avira Internet Security (20250710)","Bitdefender Internet Security (20250710)","COMODO Antivirus (20250710)","Dr.Web Security Space (20250710)","ESET Internet Security (20250710)","G DATA INTERNET SECURITY (20250710)","K7 Total Security (20250710)","Malwarebytes Premium (20250710)","McAfee Total Protection (20250710)","Norton Security (20250710)","Panda Dome (20250710)","Sophos Home Premium (20250710)","SpyHunter5 (20250710)","Total AV Antivirus Pro (20250710)","VIPRE Advanced Security (20250710)","VirIT eXplorer PRO (20250710)","Webroot SecureAnywhere (20250710)","FortectPremium (20250710)","KasperskyPremium (20250710)"],"avAllowList":["360 Total Security (20250710)","Kaspersky Internet Security (20230907)","Quick Heal Internet Security (20250710)","Trend Micro Internet Security (20250710)","Windows Defender (20250710)"]},{"isRevoked":"False","fileName":"driver-hub-install__458.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"938a613d6bbd418bb1eee8a58dd3d01c","hashSHA1":"dc844a847589fd377907af6566d210de8b152c4d","hashSHA256":"773a08fd6f55b70a24a4b7da1e2f62f3b363625033c79fcdf636839d7d63f916","digitalCertThumbprint":"C3C709B7E01318BA74D48BD64D05F48DECA5CD80","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"896","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driver-hub-install__230824.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.2","hashMD5":"c6c6fd0a80b977ee666a6bd1ed1d9fc3","hashSHA1":"fbff85feebabfee4de3a9621267a57c87c034363","hashSHA256":"b877cf61bf6022aa3adde6a521a7d2d356ac07fc1a0f9967977b5037532e3354","digitalCertThumbprint":"06DA93A00B5C193261A4FAE08023F5413C67844E","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1 (10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"896","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ","reference":"","landingPage":"https://www.drvhub.net/","directDownloadingLink":"https://www.drvhub.net/products/free/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drvhub.net/products/free/download/init","sourceIndex":"896"},{"howFound":"","reference":"230721  new installer","landingPage":"","directDownloadingLink":"https://driverhub.driverscollection.com/DriverHub.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://driverhub.driverscollection.com/DriverHub.php","sourceIndex":"897"}],"sampleFiles":["230830/DriverHub-220208/1.3.10.2240/Samples/DriverHub.exe","230830/DriverHub-220208/1.3.10.2240/Samples/driver-hub-install__28.exe","230830/DriverHub-220208/1.3.10.2240/Samples/driver-hub-install__458.exe","230830/DriverHub-220208/1.3.10.2240/Samples/driver-hub-install__230824.exe"],"imageFiles":["230830/DriverHub-220208/1.3.10.2240/Images/ACR-046/driverhub.jpg","230830/DriverHub-220208/1.3.10.2240/Images/ACR-048/ACR-048.mp4","230830/DriverHub-220208/1.3.10.2240/Images/ACR-048/Opera.jpg","230830/DriverHub-220208/1.3.10.2240/Images/ACR-059/RecommendedOffer.jpg","230830/DriverHub-220208/1.3.10.2240/Images/ACR-057/OperaOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.3.10.2240_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.3.10.2240","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":282},{"violations":{"ACR-057":"Offer doesn't have a clear way for users to accept or decline.\n","ACR-055":"The app has no buttons to accept, cancel or skip, the offered app Avast Free Antivirus, it was enabled by default opt-in.\n","ACR-155":"The offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"drvhub-1.1.2.1563.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8146cf5566191e31ed6730eaacc25c5a","hashSHA1":"1265fb5335d6b213eaa221ebca627b9e03a47b92","hashSHA256":"da30fd7aa5f543ec69c621f68ddc2c5b9c1b55665b1f1c7796120e342f64b592","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1692","avBlockList":["Bitdefender Internet Security (20230427)","Dr.Web Security Space (20230427)","ESET Internet Security (20230427)","G DATA INTERNET SECURITY (20230427)","Kaspersky Internet Security (20230427)","Malwarebytes Premium (20230427)","McAfee Total Protection (20230427)","Norton Security (20230427)","Panda Dome (20230427)","Quick Heal Internet Security (20230427)","Sophos Home Premium (20230427)","SpyHunter5 (20230427)","VIPRE Advanced Security (20230427)","VirIT eXplorer PRO (20230427)","Webroot SecureAnywhere (20230427)","Windows Defender (20230427)"],"avAllowList":["360 Total Security (20230427)","Avast Premium Security (20230427)","AVG Internet Security (20230427)","Avira Internet Security (20230427)","COMODO Antivirus (20230427)","K7 Total Security (20230427)","Total AV Antivirus Pro (20230427)","Trend Micro Internet Security (20230427)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DriverHub\\DriverHub.exe","companyName":"ROSTPAY LTD","productName":"DriverHub","productVersion":"1.1.2.1563","fileVersion":"1.1.2.1563","hashMD5":"890e3b0147468441657a8a1d16fabac0","hashSHA1":"f6185361fc34cb46a40941a05f96789547838112","hashSHA256":"c1f0c453666a9a35d9b1ec63507e4f4f378a9b8dd205ea2a616739eeff911b95","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1692","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1692"},{"howFound":"","reference":"","landingPage":"https://driverhub.driverscollection.com/","directDownloadingLink":"https://driverhub.driverscollection.com/DriverHub.php","ipv4":"","ipv6":"","sourceIndex":"1693"},{"howFound":"","reference":"","landingPage":"https://download.cnet.com/DriverHub/3001-2094_4-78190098.html","directDownloadingLink":"https://download.cnet.com/DriverHub/3000-2094_4-78190098.html","ipv4":"","ipv6":"","sourceIndex":"1694"}],"sampleFiles":["220301/DriverHub-220208/1.1.2.1563/Samples/drvhub-1.1.2.1563.exe"],"imageFiles":["220301/DriverHub-220208/1.1.2.1563/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option.JPG","220301/DriverHub-220208/1.1.2.1563/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masqueraded_Offer.JPG","220301/DriverHub-220208/1.1.2.1563/Images/ACR-055/ACR-055_Bundler-MadeOffers_No_Accept_Decline_Option.JPG"],"nonDeceptorImageFiles":[],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.1.2.1563_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.1.2.1563","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":284},{"violations":{"ACR-046":"The additional offer \"Opera Browser\" that is opted-in by default is hidden under the list of outdated drivers and can be viewed only when the Advanced mode option is selected.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"DriverHubInstaller.exe\" on the device without the consumer's consent.\n","ACR-071":"The \"Opera Browser\" offer does not provide a clear option to \"Accept\" or \"Decline\", is hidden under Advanced mode option, and is opted-in by default instead of opt-out.\n","ACR-059":"The \"Optional Offer\" wording seems to be greyed out and is not clear.\n","ACR-155":"The offer was inserted to masquerade as a part of the workflow.\n"},"nonDeceptorViolations":{"ACR-054":"The offer prompt does not provide equal prominence to the \"Skip all\" option during installation.\n"},"samples":[{"isRevoked":"False","fileName":"driver-hub-install__28.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"DriverHub","productVersion":"1.2.1.1825","fileVersion":"2.0.0","hashMD5":"44d9419d34c6e3fded6015d6243d6c62","hashSHA1":"572c9cee9f158cbc14b28ef45ecb27e3439ed455","hashSHA256":"17717f1e8f885df63c084fa89098d81d63848a92864b97dfd04f6186d9695c98","digitalCertThumbprint":"54333BC79AD6F5E807D9E44EE2CA306F878AEF41","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1695","avBlockList":["360 Total Security (20220217)","Avira Internet Security (20220217)","COMODO Antivirus (20220217)","Dr.Web Security Space (20220217)","ESET Internet Security (20220217)","K7 Total Security (20220217)","Kaspersky Internet Security (20220217)","Malwarebytes Premium (20220217)","McAfee Total Protection (20220217)","Norton Security (20220217)","Panda Dome (20220217)","Quick Heal Internet Security (20220217)","Sophos Home Premium (20220217)","SpyHunter5 (20220217)","Total AV Antivirus Pro (20220217)","VirIT eXplorer PRO (20220217)","Webroot SecureAnywhere (20220217)","Windows Defender (20220217)"],"avAllowList":["Avast Premium Security (20220217)","AVG Internet Security (20220217)","Bitdefender Internet Security (20220217)","G DATA INTERNET SECURITY (20220217)","Tencent PC Manager (20220217)","Trend Micro Internet Security (20220217)","VIPRE Advanced Security (20220217)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DriverHub\\DriverHub.exe","companyName":"ROSTPAY LTD","productName":"DriverHub","productVersion":"1.2.1.1825","fileVersion":"1.2.1.1825","hashMD5":"4978afb74df15d71f1780a73343f261c","hashSHA1":"9be1a688283980cd900ffddfacae462168c96634","hashSHA256":"b9fec97c2abc66f8f17f357a17f7e68f0094ac36b157fdf26ad5b579186ddd3c","digitalCertThumbprint":"54333BC79AD6F5E807D9E44EE2CA306F878AEF41","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1695","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1695"}],"sampleFiles":["220301/DriverHub-220208/1.2.1.1825/Samples/driver-hub-install__28.exe"],"imageFiles":["220301/DriverHub-220208/1.2.1.1825/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220301/DriverHub-220208/1.2.1.1825/Images/ACR-071/ACR-071_InlineOffers_Opted-In_Offer.JPG","220301/DriverHub-220208/1.2.1.1825/Images/ACR-046/ACR-046_InlineOffers_Hidden_Offer.JPG","220301/DriverHub-220208/1.2.1.1825/Images/ACR-059/ACR-059_Bundler-MadeOffers_1.JPG","220301/DriverHub-220208/1.2.1.1825/Images/ACR-155/ACR-155_Bundler-MadeOffers_1.JPG"],"nonDeceptorImageFiles":["220301/DriverHub-220208/1.2.1.1825/Images/ACR-054/ACR-054_Bundler-MadeOffers_1.JPG"],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.2.1.1825_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.2.1.1825","sigName":"Deceptor:Win32/DriverHub!118071046059155","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":285},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driver-hub-install__458.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.0","hashMD5":"0914d03c12bba69bd714ff030281f937","hashSHA1":"3680ccbee3ccb431c7a42da58cfb48d6cb091544","hashSHA256":"fa2dd88ca33fd92c2235baf6fbc1696df294a899babe8159b6e52654357afe9b","digitalCertThumbprint":"06DA93A00B5C193261A4FAE08023F5413C67844E","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LLC, O=ROSTPAY LLC, STREET=\"Dolomanovsky lane, 70D apt.1 (10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"1148","avBlockList":["Avira Internet Security (20230516)","ESET Internet Security (20230516)","G DATA INTERNET SECURITY (20230516)","K7 Total Security (20230516)","Kaspersky Internet Security (20230516)","Malwarebytes Premium (20230516)","Norton Security (20230516)","Panda Dome (20230516)","Quick Heal Internet Security (20230516)","SpyHunter5 (20230516)","Total AV Antivirus Pro (20230516)","VirIT eXplorer PRO (20230516)"],"avAllowList":["360 Total Security (20230516)","Avast Premium Security (20230516)","AVG Internet Security (20230516)","Bitdefender Internet Security (20230516)","COMODO Antivirus (20230516)","Dr.Web Security Space (20230516)","McAfee Total Protection (20230516)","Sophos Home Premium (20230516)","Trend Micro Internet Security (20230516)","VIPRE Advanced Security (20230516)","Webroot SecureAnywhere (20230516)","Windows Defender (20230516)"]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser ","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1148"},{"howFound":"","reference":"","landingPage":"https://tr.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1149"},{"howFound":"","reference":"","landingPage":"https://www.drvhub.net/","ipv4":"","ipv6":"","sourceIndex":"1150"},{"howFound":"","reference":"","landingPage":"https://driverhub.driverscollection.com/","ipv4":"","ipv6":"","sourceIndex":"1151"}],"sampleFiles":["230420/DriverHub-220208/1.3.9.2238/Samples/driver-hub-install__458.exe"],"imageFiles":["230420/DriverHub-220208/1.3.9.2238/Images/ACR-013/DB_Offer_3.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-013/DB_Offer_2.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-013/DB_Offer_1.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-060/DB_Offer_3.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-060/DB_Offer_2.JPG","230420/DriverHub-220208/1.3.9.2238/Images/ACR-060/DB_Offer_1.JPG"],"nonDeceptorImageFiles":[],"guid":"0e014032-55b0-4fc2-b8da-3528e047e8e8_1.3.9.2238_1","appID":"DriverHub-220208","dateAdded":"250708","deceptorType":"App","name":"Driver Hub","company":"ROSTPAY LTD","version":"1.3.9.2238","firstVendorContactDate":"250806","firstAppEsteemReplyDate":"250807","firstResolvedDate":"251014","firstResolvedVersion":"1.4.2","resolved":"TRUE","lastKnownStatus":"1.2.1.1825;1.1.2.1563;1.3.9.2238;1.3.10.2240;1.3.18","lastKnownDate":"250708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-10-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":283},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery and removal) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy or the Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for 4DDiG File Repair and Download Insurance Service which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"4ddig-for-mac_11751590127947191501.dmg","isInstaller":"True","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"6d900bc36af3c1f0ca170cf336195103","hashSHA1":"e8cabe9932acc6b8bf4692b365bb9bb6d28ae52f","hashSHA256":"2c6130f88e40c7f9afc79e25baae0ca57eeac0003f89eba7b9e820aaad52a29c","sourceIndex":"185","avBlockList":["Avast Security for Mac (20250909)","Avira Security for Mac (20250909)","Norton Security for Mac (20250909)","Sophos Home Premium For Mac (20250909)","SpyHunterforMac (20250909)","Trend Micro Antivirus for Mac (20250909)"],"avAllowList":["Bitdefender Antivirus for Mac (20250909)","ESET Cyber Security Pro for Mac (20250909)","G DATA AntiVirus for Mac (20250909)","K7 Antivirus for Mac (20250909)","Kaspersky Internet Security for Mac (20250909)","McAfee Internet Security for Mac (20250909)"]},{"isRevoked":"False","fileName":"Tenorshare%204DDiG","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"70facf293933b74e61b108535571f8df","hashSHA1":"ce9d4fbe4dc0e37cfa571c4c95ddb1f0a72028b1","hashSHA256":"eb548662fc64d91e15c4b0bb7783f7f923ceb53b97410c1049203bb80a89f06c","sourceIndex":"185","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.4ddig.net","landingPage":"https://www.4ddig.net/mac-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-mac_3304.dmg?rnclid=11751590127947191501","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-mac_3304.dmg?rnclid=11751590127947191501","sourceIndex":"185"}],"sampleFiles":["250707/4DDiGMacDataRecovery-250704/5.6.1/Samples/4ddig-for-mac_11751590127947191501.dmg","250707/4DDiGMacDataRecovery-250704/5.6.1/Samples/Tenorshare%204DDiG"],"imageFiles":["250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-004/app6.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-004/app10.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-004/Offerpage2.png"],"nonDeceptorImageFiles":["250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-065/install.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-065/app12.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-045/LandingPage1.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-171/Tenorshare Checkout.png","250707/4DDiGMacDataRecovery-250704/5.6.1/Images/ACR-161/Official Buy Tenorshare 4DDiG Mac Data Recovery to Recover Deleted Files Mac.png"],"guid":"a5f17065-90f0-4c41-a08a-5b6dea3834d0_5.6.1_1","appID":"4DDiGMacDataRecovery-250704","dateAdded":"250707","deceptorType":"MacOS App","name":"4DDiG Mac Data Recovery","company":"Tenorshare Co., Ltd.","version":"5.6.1","lastKnownDate":"250707","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:12.8424041+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":287},{"violations":{"ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n"},"nonDeceptorViolations":{"ACR-045":"“Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy or the Privacy Policy. \nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n"},"samples":[{"isRevoked":"False","fileName":"4DDiG%20Duplicate%20File%20Deleter","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"8f690968027ddee22720f62293e708db","hashSHA1":"2bac9f8d57c12a91a34e2e2c315c6d7afdeee81a","hashSHA256":"0916fe8deaa3af238362765f15c7bacd3f6806484c99629b64e6a32ceace04db","sourceIndex":"186","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter-mac_11751884203400597301.dmg","isInstaller":"True","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"cdb783d3b7bf82aeea4550f0589bd279","hashSHA1":"9aaa338fef4a2baa5870f92f3a992fb42d3ca86d","hashSHA256":"0646717fd3cefd5f9697135835a2d9b2546c9d0a8bfec69f56ce970288918c9f","sourceIndex":"186","avBlockList":["Avast Security for Mac (20250909)","Avira Security for Mac (20250909)","Norton Security for Mac (20250909)","Sophos Home Premium For Mac (20250909)","SpyHunterforMac (20250909)","Trend Micro Antivirus for Mac (20250909)"],"avAllowList":["Bitdefender Antivirus for Mac (20250909)","ESET Cyber Security Pro for Mac (20250909)","G DATA AntiVirus for Mac (20250909)","K7 Antivirus for Mac (20250909)","Kaspersky Internet Security for Mac (20250909)","McAfee Internet Security for Mac (20250909)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.4ddig.net/","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter-mac_4895.dmg?rnclid=11751884203400597301","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter-mac_4895.dmg?rnclid=11751884203400597301","sourceIndex":"186"}],"sampleFiles":["250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Samples/4DDiG%20Duplicate%20File%20Deleter","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Samples/4ddig-duplicate-file-deleter-mac_11751884203400597301.dmg"],"imageFiles":["250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-004/app5.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-004/offerpage1.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-004/CheckoutTenorshare.png"],"nonDeceptorImageFiles":["250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-065/installs.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-065/app2.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-045/LandingPage4DDiG Duplicate File Deleter.png","250707/4DDiGMacDuplicateFileDeleter-250707/2.2.6/Images/ACR-161/offerpage.png"],"guid":"8cef5848-094e-4ab4-be75-f8fa2651f53e_2.2.6_1","appID":"4DDiGMacDuplicateFileDeleter-250707","dateAdded":"250707","deceptorType":"MacOS App","name":"4DDiG Mac Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"2.2.6","lastKnownDate":"250707","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-07-07T22:47:10.6534051+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":286},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-057":"App doesn't provide clear way for user to decline or Accept\n","ACR-014":"The \"Accept\" checkbox on the Opera Browser offer is used for two things: accepting an offer and accepting Opera as the default browser. The \"Accept\" checkbox is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox is not a straightforward way to indicate a decline.\n","ACR-059":"Offer is not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations. Also, the offer looks part of the install application.\n","ACR-155":"Offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service and Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate information it is unsigned.\n","ACR-157":"The application has no signed certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-054":"The offer comes with a pre-checked checkbox and requires the user the uncheck it in order to decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"driveridentifier_setup.exe","isInstaller":"True","companyName":"DriverIdentifier                                            ","productName":"DriverIdentifier","productVersion":"6.1","fileVersion":"6.1","hashMD5":"bbb1ab345527b79d388aaf8c413ffe01","hashSHA1":"7d3c7a62404fa0e2aad1343d4a2f9c7b06051846","hashSHA256":"07bb70c93cf1886213c4d89a00c0b88a2fba8dd86e248765831ec7866ce6f67c","sourceIndex":"187","avBlockList":["Avast Premium Security (20250923)","AVG Internet Security (20250923)","Avira Internet Security (20250923)","Bitdefender Internet Security (20250923)","ESET Internet Security (20250923)","FortectPremium (20250923)","G DATA INTERNET SECURITY (20250923)","K7 Total Security (20250923)","KasperskyPremium (20250923)","Malwarebytes Premium (20250923)","Norton Security (20250923)","Panda Dome (20250923)","Sophos Home Premium (20250923)","SpyHunter5 (20250923)","Total AV Antivirus Pro (20250923)","VIPRE Advanced Security (20250923)","VirIT eXplorer PRO (20250923)","Webroot SecureAnywhere (20250923)","Windows Defender (20250923)"],"avAllowList":["360 Total Security (20250923)","COMODO Antivirus (20250923)","Dr.Web Security Space (20250923)","McAfee Total Protection (20250923)","Quick Heal Internet Security (20250923)","Trend Micro Internet Security (20250923)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.driveridentifier.com","landingPage":"https://www.driveridentifier.com","directDownloadingLink":"https://www.driveridentifier.com/files/driveridentifier_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.driveridentifier.com/files/driveridentifier_setup.exe","sourceIndex":"187"}],"sampleFiles":["250625/Driveridentifier-250624/6.1/Samples/driveridentifier_setup.exe"],"imageFiles":["250625/Driveridentifier-250624/6.1/Images/ACR-055/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-013/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-014/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-057/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-059/install2.png","250625/Driveridentifier-250624/6.1/Images/ACR-155/install2.png"],"nonDeceptorImageFiles":["250625/Driveridentifier-250624/6.1/Images/ACR-092/unsigned_1.png","250625/Driveridentifier-250624/6.1/Images/ACR-092/unsigned_2.png","250625/Driveridentifier-250624/6.1/Images/ACR-157/unsigned_1.png","250625/Driveridentifier-250624/6.1/Images/ACR-157/unsigned_2.png","250625/Driveridentifier-250624/6.1/Images/ACR-065/app1.png","250625/Driveridentifier-250624/6.1/Images/ACR-099/app1.png","250625/Driveridentifier-250624/6.1/Images/ACR-161/LandingPage_DriverIdentifier - The most simple & easy driver updating tool.png","250625/Driveridentifier-250624/6.1/Images/ACR-054/install2.png"],"guid":"bbc6e341-0595-4984-b68a-70cebbee841c_6.1_1","appID":"Driveridentifier-250624","dateAdded":"250625","deceptorType":"App","name":"Driver Identifier","company":"Driver Identifier","version":"6.1","lastKnownStatus":"6.1","lastKnownDate":"250625","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers","lastUpdate":"2025-06-25T17:55:09.5176391+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":288},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-014":"1. The app presents an option to use it without a VPN, but requires a subscription to its VPN service to be usable.\n2. The About section's Privacy Policy links to Incognito VPN's Privacy Policy, which does not appear to represent the main app's own policy. The relationship between the main app and Incognito VPN is neither clear nor disclosed. Additionally, it is not made clear during installation that a subscription to this 3rd-party VPN service is required to use the app.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\"\n","ACR-065":"The app does not display links to the Terms of Service or EULA, and a working link for the Privacy Policy in the software. Privacy Policy links to google.com.\n","ACR-035":"No EULA/Terms of Service is provided for the app.\n","ACR-014":"With \"free\" VPN mentioned in landing page misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"safe-watch-latest.exe","isInstaller":"True","productName":"safe-watch","productVersion":"1.6.28","fileVersion":"1.6","hashMD5":"a50044f0ed24cc60eaeb3409c84d529c","hashSHA1":"c05bed72a7fc94f9e3b95ab5ea53e0bc8e876d17","hashSHA256":"0e0f3e97fd64909180c44012fee242408b14d7828696663844f561d6e87ffa82","digitalCertThumbprint":"ECDC41D22DDD799264CB32C90B12991C296EEB80","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"OPEN VIDEO, TOV\", O=\"OPEN VIDEO, TOV\", STREET=\"Bud. 2a of. 10, vul.Shmidta\", L=Dnipro, S=Dnipropetrovska Obl., PostalCode=49000, C=UA","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"188","avBlockList":["360 Total Security (20250828)","Avast Premium Security (20250828)","AVG Internet Security (20250828)","Avira Internet Security (20250828)","Bitdefender Internet Security (20250828)","ESET Internet Security (20250828)","FortectPremium (20250828)","G DATA INTERNET SECURITY (20250828)","K7 Total Security (20250828)","Malwarebytes Premium (20250828)","Norton Security (20250828)","Panda Dome (20250828)","Quick Heal Internet Security (20250828)","Sophos Home Premium (20250828)","SpyHunter5 (20250828)","Total AV Antivirus Pro (20250828)","VIPRE Advanced Security (20250828)","Webroot SecureAnywhere (20250828)","Windows Defender (20250828)","VirIT eXplorer PRO (20250828)"],"avAllowList":["COMODO Antivirus (20250828)","Dr.Web Security Space (20250828)","KasperskyPremium (20250828)","McAfee Total Protection (20250828)","Trend Micro Internet Security (20250828)"]},{"isRevoked":"False","fileName":"safe-watch.exe","companyName":"GitHub, Inc.","productName":"safe-watch","productVersion":"1.6.28.0","fileVersion":"1.6","hashMD5":"9ff07fdea36f8e2c5b6bb77a2e5fcd8b","hashSHA1":"335b3285ab8dbaebea243437e9b4d978e24a4f5d","hashSHA256":"6b9070ee36deeb158780ffac39c063dd2bfee5ca36b8c13de7909683bcf72dc9","digitalCertThumbprint":"ECDC41D22DDD799264CB32C90B12991C296EEB80","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"OPEN VIDEO, TOV\", O=\"OPEN VIDEO, TOV\", STREET=\"Bud. 2a of. 10, vul.Shmidta\", L=Dnipro, S=Dnipropetrovska Obl., PostalCode=49000, C=UA","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"188","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random hunt","reference":"","landingPage":"https://safe-watch.net/","directDownloadingLink":"https://safe-watch.net/safe-watch-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://safe-watch.net/safe-watch-latest.exe","sourceIndex":"188"}],"sampleFiles":["250623/SafeWatch-250623/1.6.28/Samples/safe-watch-latest.exe","250623/SafeWatch-250623/1.6.28/Samples/safe-watch.exe"],"imageFiles":["250623/SafeWatch-250623/1.6.28/Images/ACR-048/ACR-048_Software_1.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_1.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_2.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_3.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_4.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Software_5.png"],"nonDeceptorImageFiles":["250623/SafeWatch-250623/1.6.28/Images/ACR-040/ACR-040_Install_1.png","250623/SafeWatch-250623/1.6.28/Images/ACR-065/ACR-065_Software_1.png","250623/SafeWatch-250623/1.6.28/Images/ACR-065/ACR-065_Software_2.png","250623/SafeWatch-250623/1.6.28/Images/ACR-035/ACR-035_Docs_1.jpeg","250623/SafeWatch-250623/1.6.28/Images/ACR-035/ACR-035_Docs_2.png","250623/SafeWatch-250623/1.6.28/Images/ACR-035/ACR-035_Docs_3.png","250623/SafeWatch-250623/1.6.28/Images/ACR-014/ACR-014_Landing page_1.png"],"guid":"c145ede6-0a4c-4e2a-8e06-056665fa3537_1.6.28_1","appID":"SafeWatch-250623","dateAdded":"250623","deceptorType":"App","name":"Safe Watch","company":"OPEN VIDEO, TOV","version":"1.6.28","lastKnownDate":"250623","type":"Windows Executable","lastUpdate":"2025-06-24T21:31:22.5992755+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":289},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 2GB for free. Instead it offers subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{"ACR-045":"iBeesoft Free Data Recovery highlights \"Free\" misleads user. The functionality requires consumer to upgrade to subscription to complete recovery for reported items. Otherwise app should remove \"free\" word.\n"},"samples":[{"isRevoked":"False","fileName":"iBeeUI.exe","companyName":"iBeesoft Tech Development Co., Ltd","fileVersion":"3.6","hashMD5":"6a5b7d003ecef43814e44d22ffbf8b05","hashSHA1":"765ef73a5772a161fce1474df83b84251215275a","hashSHA256":"77568e5c752f7ca588e1e5514d397c09a9819ab523cf494aa44db76fa11029a9","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"666","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iBeesoft-Free-Data-Recovery.exe","isInstaller":"True","companyName":"iBeesoft Tech Co., Ltd                                      ","fileVersion":"4.0","hashMD5":"f9d5f26a532b5c6a18b5a26b27cfd6a5","hashSHA1":"2410fd0461558281122665536df6022a771ff9b4","hashSHA256":"b46d69fd045204f4d20f13e5afb8c34f6c916a37414bab06c68e4c9f5ab9d874","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"666","avBlockList":["360 Total Security (20250619)","Avast Premium Security (20250619)","AVG Internet Security (20250619)","Avira Internet Security (20250619)","ESET Internet Security (20250619)","Norton Security (20250619)","Panda Dome (20250619)","Quick Heal Internet Security (20250619)","Sophos Home Premium (20250619)","SpyHunter5 (20250619)","Total AV Antivirus Pro (20250619)","VirIT eXplorer PRO (20250619)","Webroot SecureAnywhere (20250619)","Windows Defender (20250619)","FortectPremium (20250619)"],"avAllowList":["Bitdefender Internet Security (20250619)","COMODO Antivirus (20250619)","Dr.Web Security Space (20250619)","G DATA INTERNET SECURITY (20250619)","K7 Total Security (20250619)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20250619)","McAfee Total Protection (20250619)","Trend Micro Internet Security (20250619)","VIPRE Advanced Security (20250619)","KasperskyPremium (20250619)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.ibeesoft.com/free-data-recovery/","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"666"}],"sampleFiles":["240329/iBeesoftFreeDataRecovery-240327/4.0/Samples/iBeeUI.exe","240329/iBeesoftFreeDataRecovery-240327/4.0/Samples/iBeesoft-Free-Data-Recovery.exe"],"imageFiles":["240329/iBeesoftFreeDataRecovery-240327/4.0/Images/ACR-004/ACR-004_Software_1.png","240329/iBeesoftFreeDataRecovery-240327/4.0/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"06849a16-4fe6-440e-aef7-ce5003e0a9c3_4.0_1","appID":"iBeesoftFreeDataRecovery-240327","dateAdded":"250618","deceptorType":"App","name":"iBeesoft Free Data Recovery","company":"iBeesoft Tech Development Co., Ltd","version":"4.0","lastKnownStatus":"4.0;4.5","lastKnownDate":"250618","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-06-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":291},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported. Instead it requires a subscription to recover any files.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iBeesoft-Data-Recovery.exe","isInstaller":"True","companyName":"iBeesoft Tech Co., Ltd                                      ","productName":"iBeesoft Data Recovery","productVersion":"4.5.0.0","fileVersion":"4.5","hashMD5":"062808989a2dfac8ad1ebf8da592bf1f","hashSHA1":"b98328c6be26b95961c729025d96e69ae06d76bc","hashSHA256":"ff33dd274c9fba161e766fb26b7689eabd58397b73f18bc0760b5d4180aacb63","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"189","avBlockList":["FortectPremium (20250828)","K7 Total Security (20250828)","Panda Dome (20250828)","Quick Heal Internet Security (20250828)","Sophos Home Premium (20250828)","SpyHunter5 (20250828)","VirIT eXplorer PRO (20250828)","Webroot SecureAnywhere (20250828)","Windows Defender (20250828)"],"avAllowList":["360 Total Security (20250828)","Avast Premium Security (20250828)","AVG Internet Security (20250828)","Avira Internet Security (20250828)","Bitdefender Internet Security (20250828)","COMODO Antivirus (20250828)","Dr.Web Security Space (20250828)","ESET Internet Security (20250828)","G DATA INTERNET SECURITY (20250828)","KasperskyPremium (20250828)","Malwarebytes Premium (20250828)","McAfee Total Protection (20250828)","Norton Security (20250828)","Total AV Antivirus Pro (20250828)","Trend Micro Internet Security (20250828)","VIPRE Advanced Security (20250828)"]},{"isRevoked":"False","fileName":"iBeeUI.exe","companyName":"iBeesoft Tech Development Co., Ltd","productName":"iBeesoft Data Recovery","productVersion":"3,6,0,0","fileVersion":"3.6","hashMD5":"76f282c02566413ccb9e8bbea5dcc24a","hashSHA1":"e0b01241538e2095ecfb1716638d710609e828c2","hashSHA256":"5d783227312fa3ad77727c463faf26e5325f8a9280c6edd35be2f3ac380410c1","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"189","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.ibeesoft.com/free-data-recovery/","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"189"}],"sampleFiles":["250618/iBeesoftFreeDataRecovery-240327/4.5/Samples/iBeesoft-Data-Recovery.exe","250618/iBeesoftFreeDataRecovery-240327/4.5/Samples/iBeeUI.exe"],"imageFiles":["250618/iBeesoftFreeDataRecovery-240327/4.5/Images/ACR-004/ACR-004.png","250618/iBeesoftFreeDataRecovery-240327/4.5/Images/ACR-004/subs.png"],"nonDeceptorImageFiles":[],"guid":"06849a16-4fe6-440e-aef7-ce5003e0a9c3_4.5_1","appID":"iBeesoftFreeDataRecovery-240327","dateAdded":"250618","deceptorType":"App","name":"iBeesoft Free Data Recovery","company":"iBeesoft Tech Development Co., Ltd","version":"4.5","lastKnownStatus":"4.0;4.5","lastKnownDate":"250618","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-06-18T21:36:28.3511833+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":290},{"violations":{"ACR-048":"Processes (DuplicateFileMonitor.exe and DuplicateDaemon.exe) keep running in background without notification even after application exits.\n","ACR-004":"The application doesn't provide a free fix for all items reported, only allowing to remove 15 duplicate files. It requires subscription payment to delete the duplicated items.\n","ACR-084":"DuplicateFileMonitor.exe and DuplicateDaemon.exe keep running in background without notification even after application exits.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"https://www.passfab.net/","reference":"https://www.passfab.net/","landingPage":"https://www.passfab.net/","directDownloadingLink":"https://download.passfab.net/downloads/duplicate-file-deleter_3568.exe?rnclid=11748344010511174801","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.passfab.net/downloads/duplicate-file-deleter_3568.exe?rnclid=11748344010511174801","sourceIndex":"191"}],"sampleFiles":[],"imageFiles":["250613/PassFabDuplicateFile-250527/3.0.10/Images/ACR-004/offerpage.jpeg","250613/PassFabDuplicateFile-250527/3.0.10/Images/ACR-004/app8.png","250613/PassFabDuplicateFile-250527/3.0.10/Images/ACR-084/running process.png","250613/PassFabDuplicateFile-250527/3.0.10/Images/ACR-048/running process.png"],"nonDeceptorImageFiles":[],"guid":"0fea193e-0553-484c-a736-a2e8205b984b_3.0.10_1","appID":"PassFabDuplicateFile-250527","dateAdded":"250613","deceptorType":"App","name":"PassFab Duplicate File Deleter","company":"PassFab","version":"3.0.10","lastKnownDate":"250613","type":"Windows Executable","lastUpdate":"2025-06-13T22:46:28.1372762+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":292},{"violations":{"ACR-043":"App installs 3rd party components such as ffpmeg without disclosing to the user.\n","ACR-004":"App shows free scan results but does not allow user to implement a fix (i.e. delete files) for free. Instead, it prompts user to pay for a subscription.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"KSWinCleanerIns_031_312.exe","isInstaller":"True","companyName":"Kingshiper","productName":"Kingshiper PC Cleaner","productVersion":"3.1.2.0","fileVersion":"3.1","hashMD5":"ea3199708e9c779bb01417be4459cf3c","hashSHA1":"71a377e30eaa1b5e671761a107e67f9fcd9c7439","hashSHA256":"9692b56e64a5b5bbeb8eb1c6deb7bf41fedf42b8209532a7c88091f19529fecd","digitalCertThumbprint":"CF714365888F38D1C93AC47AD846AC92087134F7","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", O=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", L=Huizhou, S=Guangdong Province, C=CN, SERIALNUMBER=91441302MA4X2E1MX8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Huizhou, OID.1.3.6.1.4.1.311.60.2.1.2=Guangdong Province, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"192","avBlockList":["COMODO Antivirus (20250828)","ESET Internet Security (20250828)","FortectPremium (20250828)","K7 Total Security (20250828)","Malwarebytes Premium (20250828)","Panda Dome (20250828)","Sophos Home Premium (20250828)","SpyHunter5 (20250828)","VirIT eXplorer PRO (20250828)","Webroot SecureAnywhere (20250828)","Windows Defender (20250828)"],"avAllowList":["360 Total Security (20250828)","Avast Premium Security (20250828)","AVG Internet Security (20250828)","Avira Internet Security (20250828)","Bitdefender Internet Security (20250828)","Dr.Web Security Space (20250828)","G DATA INTERNET SECURITY (20250828)","KasperskyPremium (20250828)","McAfee Total Protection (20250828)","Norton Security (20250828)","Quick Heal Internet Security (20250828)","Total AV Antivirus Pro (20250828)","Trend Micro Internet Security (20250828)","VIPRE Advanced Security (20250828)"]},{"isRevoked":"False","fileName":"KSWinCleaner.exe","companyName":"Kingshiper Software Co., Ltd.","productName":"Kingshiper PC Cleaner","productVersion":"3.1.2.0","fileVersion":"3.1","hashMD5":"f05f23cc6e15c5191aa77cee4cf5a286","hashSHA1":"e456c467dbd9fddf36977fbcae13b852eb8e0fbf","hashSHA256":"2014bea4153042115d5ed5298b2820e25acc6b3ae1943f225c4022710d9a7b57","digitalCertThumbprint":"CF714365888F38D1C93AC47AD846AC92087134F7","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", O=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", L=Huizhou, S=Guangdong Province, C=CN, SERIALNUMBER=91441302MA4X2E1MX8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Huizhou, OID.1.3.6.1.4.1.311.60.2.1.2=Guangdong Province, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"192","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"same vendor as other deceptor","reference":"","landingPage":"https://www.kingshiper.com/pccleaner","directDownloadingLink":"https://download.kingshiper.com/KSWinCleanerIns/KSWinCleanerIns_031_312.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.kingshiper.com/KSWinCleanerIns/KSWinCleanerIns_031_312.exe","sourceIndex":"192"}],"sampleFiles":["250612/Kingshiperpccleaner-250612/3.1.2/Samples/KSWinCleanerIns_031_312.exe","250612/Kingshiperpccleaner-250612/3.1.2/Samples/KSWinCleaner.exe"],"imageFiles":["250612/Kingshiperpccleaner-250612/3.1.2/Images/ACR-043/ffmpeg.png","250612/Kingshiperpccleaner-250612/3.1.2/Images/ACR-004/freelimits.png","250612/Kingshiperpccleaner-250612/3.1.2/Images/ACR-004/results.png","250612/Kingshiperpccleaner-250612/3.1.2/Images/ACR-004/subs.png"],"nonDeceptorImageFiles":[],"guid":"28b582d2-c896-433f-b8b6-21fcc44cf226_3.1.2_1","appID":"Kingshiperpccleaner-250612","dateAdded":"250612","deceptorType":"App","name":"Kingshiper PC Cleaner","company":"Jiangxia Information Technology (Huizhou) Co., Ltd.","version":"3.1.2","lastKnownStatus":"3.1.2","lastKnownDate":"250612","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-06-12T22:01:04.5458083+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":293},{"violations":{"ACR-004":"The application does not offer free fixes for all reported items. It only allows the removal of up to 20 duplicate files for free. To fully resolve all identified duplicates, a subscription payment is required.\n"},"nonDeceptorViolations":{"ACR-017":"User reviews need to be backed with original links. If the reviews from user are received from user via customer support, such reviews need to be backed with date at least.\n"},"samples":[{"isRevoked":"False","fileName":"iBeesoft-Duplicate-File-Finder.exe","isInstaller":"True","companyName":"Chengdu Weishu Technology Co., Ltd.                         ","productName":"Duplicate File Finder","productVersion":"4.5","fileVersion":"4.5","hashMD5":"0dfd7ab82f0d506ce56456d990cb6dca","hashSHA1":"d544a05a5fe249bd2803d4ff6adbd9cc991fe0ab","hashSHA256":"3f3a08afeb2e9ad4714a515ff56d5954f2707d633b0e410556661b6eed99c696","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"193","avBlockList":["FortectPremium (20250902)","K7 Total Security (20250902)","Malwarebytes Premium (20250902)","Panda Dome (20250902)","Sophos Home Premium (20250902)","SpyHunter5 (20250902)","VirIT eXplorer PRO (20250902)","Webroot SecureAnywhere (20250902)","Windows Defender (20250902)"],"avAllowList":["360 Total Security (20250902)","Avast Premium Security (20250902)","AVG Internet Security (20250902)","Avira Internet Security (20250902)","Bitdefender Internet Security (20250902)","COMODO Antivirus (20250902)","Dr.Web Security Space (20250902)","ESET Internet Security (20250902)","G DATA INTERNET SECURITY (20250902)","KasperskyPremium (20250902)","McAfee Total Protection (20250902)","Norton Security (20250902)","Quick Heal Internet Security (20250902)","Total AV Antivirus Pro (20250902)","Trend Micro Internet Security (20250902)","VIPRE Advanced Security (20250902)"]},{"isRevoked":"False","fileName":"iBeesoft.exe","companyName":"iBeesoft","productName":"Duplicate File Finder","productVersion":"4.5.0.0","fileVersion":"4.0","hashMD5":"78f4634783e95278ea0ee6d363c7467f","hashSHA1":"c11f996bbac9c9e15ca985f4f77c1bd73e0e374e","hashSHA256":"2f90a0007255a9fd2a07a44b1ed2c8e692f95506b46e7bd5823e4fb6e6697c77","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"193","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ibeesoft.com/duplicate-file-finder/","directDownloadingLink":"https://download.ibeesoft.com/iBeesoft-Duplicate-File-Finder.exe?_gl=1*1azmagd*_ga*YW1wLTQ0Q0p6QTQyNTdXR2lxS2hQQWZmdEE.*_ga_4FNWJ5PV2S*MTcyODY3MzMyMS4xLjEuMTcyODY3MzM0Ni4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.ibeesoft.com/iBeesoft-Duplicate-File-Finder.exe?_gl=1*1azmagd*_ga*YW1wLTQ0Q0p6QTQyNTdXR2lxS2hQQWZmdEE.*_ga_4FNWJ5PV2S*MTcyODY3MzMyMS4xLjEuMTcyODY3MzM0Ni4wLjAuMA..","sourceIndex":"193"}],"sampleFiles":["250612/iBeesoftDuplicateFileFinder-241011/4.5/Samples/iBeesoft-Duplicate-File-Finder.exe","250612/iBeesoftDuplicateFileFinder-241011/4.5/Samples/iBeesoft.exe"],"imageFiles":["250612/iBeesoftDuplicateFileFinder-241011/4.5/Images/ACR-004/004.png","250612/iBeesoftDuplicateFileFinder-241011/4.5/Images/ACR-004/004_2.png"],"nonDeceptorImageFiles":["250612/iBeesoftDuplicateFileFinder-241011/4.5/Images/ACR-017/user reviews.png"],"guid":"e68e5a7d-51e5-438e-8b9c-60a696bf7716_4.5_1","appID":"iBeesoftDuplicateFileFinder-241011","dateAdded":"250612","deceptorType":"App","name":"iBeesoft Duplicate File Finder","company":"iBeesoft Tech Development Co., Ltd","version":"4.5","lastKnownStatus":"4.0;4.5","lastKnownDate":"250612","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:13.1590908+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":294},{"violations":{"ACR-004":"The application does not offer free fixes for all reported items. It only allows the removal of up to 20 duplicate files for free. To fully resolve all identified duplicates, a subscription payment is required.\n"},"nonDeceptorViolations":{"ACR-017":"User reviews need to be backed with original links. If the reviews from user are received from user via customer support, such reviews need to be backed with date at least.\n"},"samples":[{"isRevoked":"False","fileName":"iBeesoft-Duplicate-File-Finder.exe","isInstaller":"True","companyName":"iBeesoft Tech Co., Ltd                                      ","fileVersion":"4.0","hashMD5":"b3de724eb2f62eb0ddd5fa7b2701b5af","hashSHA1":"f54848cba6e79172915421fdcfb34f12d091fac7","hashSHA256":"6c46896c3a45c43eece68f66e438efc627d86f8bf85a0a9d537404b96cfe82f8","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"511","avBlockList":["360 Total Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","K7 Total Security (20241226)","Malwarebytes Premium (20241226)","Panda Dome (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","G DATA INTERNET SECURITY (20241226)","KasperskyPremium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Total AV Antivirus Pro (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]},{"isRevoked":"False","fileName":"iBeesoft.exe","companyName":"iBeesoft","fileVersion":"4.0","hashMD5":"92c20d88db6aec263cf4f248a9281898","hashSHA1":"c514a28be0971a1664d6161558c966afaa5378a3","hashSHA256":"74760b9a82f5e19df9e4e8a35d9ffe9c149f0869ec90f4207adaf946c1901d1b","digitalCertThumbprint":"3AF2DF731B775FEC3E8689FEFC31EAC4A7BED41F","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Weishu Technology Co., Ltd.\", O=\"Chengdu Weishu Technology Co., Ltd.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"511","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ibeesoft.com/duplicate-file-finder/","directDownloadingLink":"https://download.ibeesoft.com/iBeesoft-Duplicate-File-Finder.exe?_gl=1*1azmagd*_ga*YW1wLTQ0Q0p6QTQyNTdXR2lxS2hQQWZmdEE.*_ga_4FNWJ5PV2S*MTcyODY3MzMyMS4xLjEuMTcyODY3MzM0Ni4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.ibeesoft.com/iBeesoft-Duplicate-File-Finder.exe?_gl=1*1azmagd*_ga*YW1wLTQ0Q0p6QTQyNTdXR2lxS2hQQWZmdEE.*_ga_4FNWJ5PV2S*MTcyODY3MzMyMS4xLjEuMTcyODY3MzM0Ni4wLjAuMA..","sourceIndex":"511"}],"sampleFiles":["241014/iBeesoftDuplicateFileFinder-241011/4.0/Samples/iBeesoft-Duplicate-File-Finder.exe","241014/iBeesoftDuplicateFileFinder-241011/4.0/Samples/iBeesoft.exe"],"imageFiles":["241014/iBeesoftDuplicateFileFinder-241011/4.0/Images/ACR-004/ACR-004_Software_1.png","241014/iBeesoftDuplicateFileFinder-241011/4.0/Images/ACR-004/ACR-004_Software_2.png","241014/iBeesoftDuplicateFileFinder-241011/4.0/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":["241014/iBeesoftDuplicateFileFinder-241011/4.0/Images/ACR-017/ACR-017_Landing page_1.jpeg"],"guid":"e68e5a7d-51e5-438e-8b9c-60a696bf7716_4.0_1","appID":"iBeesoftDuplicateFileFinder-241011","dateAdded":"250612","deceptorType":"App","name":"iBeesoft Duplicate File Finder","company":"iBeesoft Tech Development Co., Ltd","version":"4.0","lastKnownStatus":"4.0;4.5","lastKnownDate":"250612","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:22.3180118+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":295},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.6.1","fileVersion":"4.0.4.22","hashMD5":"3d49b2716591479ff73a6ba9ddaca628","hashSHA1":"fad3bca592b4ae993256bdb8c792087bbe1d8b7b","hashSHA256":"c216bfc8ee9d1fe4cf681672a6579f588a517be5d7b309c995edfac3c4440007","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"611","avBlockList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","ESET Internet Security (20240723)","FortectPremium (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Norton Security (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","Windows Defender (20240723)"],"avAllowList":["Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Panda Dome (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"611"}],"sampleFiles":["240704/WondershareRecoverit-240312/12.6.1.1/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-042/ACR-042.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-042/ACR-042_1.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-048/ACR-048.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-004/ACR-004.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-097/ACR-097.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-118/ACR-118.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-040/ACR-040.PNG","240704/WondershareRecoverit-240312/12.6.1.1/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_12.6.1.1_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"12.6.1.1","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":300},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.0.22","fileVersion":"4.0.4.21","hashMD5":"fcb7f4c3e7ff9ba0f2bce35d5ea0d6cf","hashSHA1":"6228b4ddd562c21d7e0d0bb4c1f16eec81acca19","hashSHA256":"1ffee60464033ddd07dce161cf0f70b0319d4e18671159c820736cea1f1c6f84","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"617","avBlockList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Norton Security (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)"],"avAllowList":["Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","KasperskyPremium (20240820)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Panda Dome (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?_ga=2.154118655.652467009.1718178218-1869656262.1718178218&_gl=1*cgmmzw*_gcl_au*MTEwODA3MjE0Ny4xNzE4MTc4MTgz*_ga*MjAyMTA0MTQyMi4xNzE4MTc4MTc0*_ga_24WTSJBD5B*MTcxODE3ODE5MC4xLjEuMTcxODE3ODM5NC42LjAuMTE0NTEwNTkyMw..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?_ga=2.154118655.652467009.1718178218-1869656262.1718178218&_gl=1*cgmmzw*_gcl_au*MTEwODA3MjE0Ny4xNzE4MTc4MTgz*_ga*MjAyMTA0MTQyMi4xNzE4MTc4MTc0*_ga_24WTSJBD5B*MTcxODE3ODE5MC4xLjEuMTcxODE3ODM5NC42LjAuMTE0NTEwNTkyMw..","sourceIndex":"617"}],"sampleFiles":["240625/WondershareRecoverit-240312/12.6.0.7/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-042/ACR-042.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-042/ACR-042_1.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-048/ACR-048.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-004/ACR-004.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-097/ACR-097.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-118/ACR-118.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-118/ACR-118_1.PNG"],"nonDeceptorImageFiles":["240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-040/ACR-040.PNG","240625/WondershareRecoverit-240312/12.6.0.7/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_12.6.0.7_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"12.6.0.7","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":301},{"violations":{"ACR-109":"The application silently installs \"Wondershare NativePush\" without user awareness and no disclosing the relationship to the app during installation, \n","ACR-042":"1. The application silently installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation. \n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"The application silently installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation. \n\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove the background process and quit the app completely within the app's settings.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.0.22","fileVersion":"4.0.4.18","hashMD5":"a5c022d21880b8e3d4a06972b1be1e01","hashSHA1":"be67b8900ae1e954ef302f8ade4255bd6be06766","hashSHA256":"e5d8685516b672d4774633396c8115fa6d113ff6989a64eb10d3598b676b1a7a","digitalCertThumbprint":"F61CA74F7B4B27007B4AE9825131DD6FB675B1D0","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"659","avBlockList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","ESET Internet Security (20240606)","K7 Total Security (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","G DATA INTERNET SECURITY (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","McAfee Total Protection (20240606)","Trend Micro Internet Security (20240606)","Windows Defender (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?_gl=1*8mhhe0*_gcl_au*NzcyODAxNjIxLjE3MTI1ODMxNTY.*_ga*MTgzNzg3NjMxOC4xNzEyNTgzMTYx*_ga_24WTSJBD5B*MTcxMjU4NzA4NC4yLjAuMTcxMjU4NzE0Mi4yLjAuNzE4MzQyNTEy&_ga=2.221668254.764255082.1712583164-1837876318.1712583161","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?_gl=1*8mhhe0*_gcl_au*NzcyODAxNjIxLjE3MTI1ODMxNTY.*_ga*MTgzNzg3NjMxOC4xNzEyNTgzMTYx*_ga_24WTSJBD5B*MTcxMjU4NzA4NC4yLjAuMTcxMjU4NzE0Mi4yLjAuNzE4MzQyNTEy&_ga=2.221668254.764255082.1712583164-1837876318.1712583161","sourceIndex":"659"}],"sampleFiles":["240411/WondershareRecoverit-240312/12.0.27.8/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-109/ACR-109.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-039/ACR-039.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-043/ACR-043.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-042/ACR-042.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-042/ACR-042_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-042/ACR-042_2.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-048/ACR-048.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-004/ACR-004.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-004/ACR-004_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-084/ACR-084.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-084/ACR-084_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-097/ACR-097.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-048/ACR-048_Software.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-048/ACR-048_Software_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-118/ACR-118.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-118/ACR-118_1.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-118/ACR-118_2.PNG"],"nonDeceptorImageFiles":["240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-040/ACR-040.PNG","240411/WondershareRecoverit-240312/12.0.27.8/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_12.0.27.8_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"12.0.27.8","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":302},{"violations":{"ACR-109":"The application silently installs \"Wondershare NativePush\" without user awareness and no disclosing the relationship to the app during installation, \n","ACR-042":"1. The application silently installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation. \n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"The application silently installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation. \n\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove the background process and quit the app completely within the app's settings.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Wondershare NativePush\" without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Wondershare\\Recoverit - Data Recovery\\recoverit.exe","companyName":"","productName":"Wondershare Recoverit","productVersion":"12.0.26.2","fileVersion":"12.0.26.2","hashMD5":"630b853fa3e2511acf98fa69fe7fa95d","hashSHA1":"0cd39ea7745766040f2bea0ca0c8ad3231834b19","hashSHA256":"c7f863e020c768c4030e2cdb5f06b97653230b539dbe536f13b8b2803360355c","digitalCertThumbprint":"BC99A77A68F18005CAC0C784A176D3199F735ECF","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"704","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Wondershare\\Wondershare NativePush\\WsNativePushService.exe","companyName":"Wondershare","productName":"Wondershare NativePush","productVersion":"1.0.0.7","fileVersion":"1.0.0.7","hashMD5":"d7db10e818baac4d2cc61bb8560608aa","hashSHA1":"b88a62819cbb29623c0b5669fbfc4d3e868b7ff7","hashSHA256":"00f2886d289a806d7b5fc77a83830d022f6f709f15d7ddea99209852061e1f25","digitalCertThumbprint":"D6B0B624F7FD2DAE97FCB68B240A08EA73029A5B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"704","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.0.22","fileVersion":"4.0.4.18","hashMD5":"a5c022d21880b8e3d4a06972b1be1e01","hashSHA1":"be67b8900ae1e954ef302f8ade4255bd6be06766","hashSHA256":"e5d8685516b672d4774633396c8115fa6d113ff6989a64eb10d3598b676b1a7a","digitalCertThumbprint":"F61CA74F7B4B27007B4AE9825131DD6FB675B1D0","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"704","avBlockList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","ESET Internet Security (20240606)","K7 Total Security (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","G DATA INTERNET SECURITY (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","McAfee Total Protection (20240606)","Trend Micro Internet Security (20240606)","Windows Defender (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"704"}],"sampleFiles":["240321/WondershareRecoverit-240312/12.0.25.7/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-109/ACR-109.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-039/ACR-039.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-043/ACR-043.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-042/ACR-042.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-042/ACR-042_1.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-042/ACR-042_2.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-048/ACR-048_Install.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-004/ACR-004.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-004/ACR-004_1.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-084/ACR-084.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-084/Recoverit_084.JPG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-097/ACR-097.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-048/ACR-048.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-048/Recoverit_084.JPG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-118/ACR-118.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-118/ACR-118_1.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-118/ACR-118_2.PNG"],"nonDeceptorImageFiles":["240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-040/ACR-040.PNG","240321/WondershareRecoverit-240312/12.0.25.7/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_12.0.25.7_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"12.0.25.7","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":303},{"violations":{"ACR-048":"1) The app can't be uninstalled from the Control Panel\n2) The app does not provide any control to disable the start-up it created.\n3) The app hides the ability to disable its function behind a hotkey.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1) The app requires a hotkey to open it and otherwise runs in the background without any indication it is running.\n2) The app is saved in a hidden folder, which prevents the targeted consumer from finding it.\n3) The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent. \n","ACR-086":"App can be configured to send user data to an email address without the knowledge of the user. The app requires an obscure hotkey to open, so the user has no idea that their data is being transmitted.\n","ACR-116":"The app cannot be uninstalled through platform standard features.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n"},"samples":[{"isRevoked":"False","fileName":"FKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Free Keylogger for Parents","productVersion":"","fileVersion":"4.12","hashMD5":"1b6e214dc63cfae035ce728c6e1c61d6","hashSHA1":"7ba8fc1d50373b12910ba32102cd7d287bcf8c8b","hashSHA256":"8d3dd0284a7ca5fb4ab0f1229c1761a95461df0ecbe8a83f745a5868f026713c","sourceIndex":"195","avBlockList":["360 Total Security (20250902)","Avast Premium Security (20250902)","AVG Internet Security (20250902)","Avira Internet Security (20250902)","Bitdefender Internet Security (20250902)","COMODO Antivirus (20250902)","ESET Internet Security (20250902)","FortectPremium (20250902)","G DATA INTERNET SECURITY (20250902)","KasperskyPremium (20250902)","Malwarebytes Premium (20250902)","McAfee Total Protection (20250902)","Norton Security (20250902)","Panda Dome (20250902)","Quick Heal Internet Security (20250902)","Sophos Home Premium (20250902)","SpyHunter5 (20250902)","Total AV Antivirus Pro (20250902)","Trend Micro Internet Security (20250902)","VIPRE Advanced Security (20250902)","VirIT eXplorer PRO (20250902)","Webroot SecureAnywhere (20250902)","K7 Total Security (20250902)"],"avAllowList":["Dr.Web Security Space (20250902)","Windows Defender (20250902)"]},{"isRevoked":"False","fileName":"freekey.exe","companyName":"HeavenWard","productName":"Free Keylogger for Parents","productVersion":"4,12,3,1","fileVersion":"4.12","hashMD5":"9e5ecd4157809af02ce7da798cbd76da","hashSHA1":"61cd209bb47fe013b7a21a59a27d3d13579887a5","hashSHA256":"84258d3b3c8892e23b55e06e13473daebd3346ffcec0740ff74f6904f25b9054","sourceIndex":"195","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"new version","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/free-keylogger/","directDownloadingLink":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","sourceIndex":"195"}],"sampleFiles":["250605/FreeKeylogger-200723/4.12.3.1/Samples/FKPackage.exe","250605/FreeKeylogger-200723/4.12.3.1/Samples/freekey.exe"],"imageFiles":["250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-084/folder.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-084/hotkey.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-084/procexp.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-084/startup.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-086/hotkey.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-086/main.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-048/hotkey.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-048/startup.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-048/uninstall.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-007/hotkey.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-007/procexp.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-116/uninstall.png"],"nonDeceptorImageFiles":["250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-040/folder.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-065/EULA.png","250605/FreeKeylogger-200723/4.12.3.1/Images/ACR-065/main.png"],"guid":"8f611430-5fcd-4989-b503-6ab94ca2366e_4.12.3.1_1","appID":"FreeKeylogger-200723","dateAdded":"250605","deceptorType":"App","name":"Free Keylogger for Parents","company":"HeavenWard","version":"4.12.3.1","lastKnownStatus":"4.12.2.0;4.12.2.2;4,12,2,3;4.12.3.1","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:13.240113+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":304},{"violations":{"ACR-048":"1) The app can't be uninstalled from the Control Panel\n2) The app does not provide any control to disable the start-up it created.\n3) The app hides the ability to disable its function behind a hotkey.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1) The app requires a hotkey to open it and otherwise runs in the background without any indication it is running.\n2) The app is saved in a hidden folder, which prevents the targeted consumer from finding it.\n3) The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent. \n","ACR-086":"App can be configured to send user data to an email address without the knowledge of the user. The app requires an obscure hotkey to open, so the user has no idea that their data is being transmitted.\n","ACR-116":"The app cannot be uninstalled through platform standard features.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n"},"samples":[{"isRevoked":"False","fileName":"FKPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"6713e2a3785485db04a10414a4cf83a2","hashSHA1":"d48655bf5aa16b9b6b3b6facb079fe9b70122b97","hashSHA256":"200240c577ef3673b62a625932dd5cd9c8f479ba4d411dbdd64d5160cd61006f","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"255","avBlockList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Avira Internet Security (20250327)","Bitdefender Internet Security (20250327)","COMODO Antivirus (20250327)","Dr.Web Security Space (20250327)","ESET Internet Security (20250327)","FortectPremium (20250327)","G DATA INTERNET SECURITY (20250327)","K7 Total Security (20250327)","KasperskyPremium (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Panda Dome (20250327)","Quick Heal Internet Security (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","Total AV Antivirus Pro (20250327)","Trend Micro Internet Security (20250327)","VIPRE Advanced Security (20250327)","VirIT eXplorer PRO (20250327)","Webroot SecureAnywhere (20250327)","Windows Defender (20250327)"],"avAllowList":[]},{"isRevoked":"False","fileName":"freekey.exe","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"bd99f0e00cd44d8df18cdef06d215c68","hashSHA1":"fee4735099bee180b8d45f08457d9c8dd5381937","hashSHA256":"dd1e893d5f5de95e5025cbaaf250c87263e3832c9bb5686ac3a70d702d0bcf54","sourceIndex":"255","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Follow-up on old deceptors","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/free-keylogger/","directDownloadingLink":"https://hwsuiteshop.cloud/FKPackage.exe?token=1733953328_f74b4d1f8f3499996a259405f37be76c4161140b","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuiteshop.cloud/FKPackage.exe?token=1733953328_f74b4d1f8f3499996a259405f37be76c4161140b","sourceIndex":"255"}],"sampleFiles":["250103/FreeKeylogger-200723/4.12.2.3/Samples/FKPackage.exe","250103/FreeKeylogger-200723/4.12.2.3/Samples/freekey.exe"],"imageFiles":["250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-084/ACR-40.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-084/hiddeninbackground.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-084/hotkey.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-084/startup.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-086/appscreen.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-086/hotkey.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-048/hotkey.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-048/startup.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-048/uninstall.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-007/hiddeninbackground.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-007/hotkey.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-116/uninstall.png"],"nonDeceptorImageFiles":["250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-040/ACR-40.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-065/agreement.png","250103/FreeKeylogger-200723/4.12.2.3/Images/ACR-065/appscreen.png"],"guid":"8f611430-5fcd-4989-b503-6ab94ca2366e_4.12.2.3_1","appID":"FreeKeylogger-200723","dateAdded":"250605","deceptorType":"App","name":"Free Keylogger for Parents","company":"HeavenWard","version":"4.12.2.3","lastKnownStatus":"4.12.2.0;4.12.2.2;4,12,2,3;4.12.3.1","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:15.0331257+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":305},{"violations":{"ACR-048":"The app can't be uninstalled from the Control Panel & does not provide any control to disable the start-up it created.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1) The app requires a hotkey to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n2) The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent. \n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app cannot be uninstalled through platform standard features.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-092":"The app does not provide Digital signatures for the executables. \n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\FreeKey\\freekey.exe","companyName":"HeavenWard","productName":"Free Keylogger for Parents","productVersion":"4.12.2.2","fileVersion":"4.12.2.2","hashMD5":"1490a698b4091a5911950450a48514b0","hashSHA1":"4292633821e57fada6ce51651c6b2b538dc9681b","hashSHA256":"bb12221869333d1b4959f3f0d76808b2bc40d6bad43b7653fcac48c2ccc45032","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1504","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Free Keylogger for Parents","productVersion":"","fileVersion":"4.12.2.2","hashMD5":"dee2e253c2ed7de20131c32ca42c6314","hashSHA1":"1e2cb4e57b140fdc39af4c5414c7786ca92e490f","hashSHA256":"14a50548f470983794b529f98234b5b59183ff28e764e062b6edaf789a12827a","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Valery Kuzniatsou","storeId":"","sourceIndex":"1504","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","COMODO Antivirus (20220726)","Dr.Web Security Space (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Total AV Antivirus Pro (20220726)","Trend Micro Internet Security (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"],"avAllowList":["Tencent PC Manager (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"keylogger\"","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/free-keylogger/","directDownloadingLink":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","sourceIndex":"1504"}],"sampleFiles":["220720/FreeKeylogger-200723/4.12.2.2/Samples/FKPackage.exe"],"imageFiles":["220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-084/ACR-084.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-084/ACR-084_1.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-084/ACR-084_2.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-086/ACR-086.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-048/ACR-048.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-048/ACR-048_1.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-007/ACR-007.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-007/ACR-007_1.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-116/ACR-116.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-040/ACR-040.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-065/ACR-065_Install.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-092/ACR-092.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-065/ACR-065_Software.JPG","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-099/ACR-099_Landingpage.jpg","220720/FreeKeylogger-200723/4.12.2.2/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"8f611430-5fcd-4989-b503-6ab94ca2366e_4.12.2.2_1","appID":"FreeKeylogger-200723","dateAdded":"250605","deceptorType":"App","name":"Free Keylogger for Parents","company":"HeavenWard","version":"4.12.2.2","lastKnownStatus":"4.12.2.0;4.12.2.2;4,12,2,3;4.12.3.1","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":306},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-165":"The app does not provide the following information in the shopping cart : 1. How to cancel the auto-renewal easily via the online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected. \n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"ri_setup_full4134_hxFDIECL.exe","isInstaller":"True","productName":"Recoverit - Data Recovery","productVersion":"13.0.3","fileVersion":"4.2","hashMD5":"2659df0254f5ebfac06ab24b5a3c065c","hashSHA1":"288b7040a4fa200eabd5ca954e10a6cbec2078f2","hashSHA256":"4a3c9cbacbf8f525975c9701c45df7dd29ec4b006e67f5d34de1fe5bb15c236d","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Wondershare Technology Group Co.,Ltd\", O=\"Wondershare Technology Group Co.,Ltd\", L=拉萨市, S=西藏自治区, C=CN, SERIALNUMBER=91540195754285145H, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=西藏自治区, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"194","avBlockList":["Avast Premium Security (20250902)","AVG Internet Security (20250902)","Avira Internet Security (20250902)","ESET Internet Security (20250902)","FortectPremium (20250902)","G DATA INTERNET SECURITY (20250902)","K7 Total Security (20250902)","Norton Security (20250902)","Panda Dome (20250902)","Sophos Home Premium (20250902)","SpyHunter5 (20250902)","Total AV Antivirus Pro (20250902)","VirIT eXplorer PRO (20250902)","Webroot SecureAnywhere (20250902)"],"avAllowList":["360 Total Security (20250902)","Bitdefender Internet Security (20250902)","COMODO Antivirus (20250902)","Dr.Web Security Space (20250902)","KasperskyPremium (20250902)","Malwarebytes Premium (20250902)","McAfee Total Protection (20250902)","Quick Heal Internet Security (20250902)","Trend Micro Internet Security (20250902)","VIPRE Advanced Security (20250902)","Windows Defender (20250902)"]},{"isRevoked":"False","fileName":"recoverit.exe","productName":"Wondershare Recoverit","productVersion":"13.5.18.4","fileVersion":"13.5","hashMD5":"63355435dc11d4a1c438845e41c50944","hashSHA1":"d2061adc2087a0963361ae984557bce3c4d0ddbd","hashSHA256":"fd6883d1196e179de78ef633a1df35c8cde2aff7b851838d53d8610b5be01d2b","digitalCertThumbprint":"BFCC55579A1B470C47F481677DA9502470E51933","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Wondershare Technology Group Co.,Ltd\", O=\"Wondershare Technology Group Co.,Ltd\", L=拉萨市, S=西藏自治区, C=CN, SERIALNUMBER=91540195754285145H, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=西藏自治区, OID.1.3.6.1.4.1.311.60.2.1.3=CN","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"194","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"194"}],"sampleFiles":["250605/WondershareRecoverit-240312/13.5.18/Samples/ri_setup_full4134_hxFDIECL.exe","250605/WondershareRecoverit-240312/13.5.18/Samples/recoverit.exe"],"imageFiles":["250605/WondershareRecoverit-240312/13.5.18/Images/ACR-042/ffmpeg.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-042/qt5.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-048/cantcancelinstall.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-004/paytorecover.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-004/subs.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-097/firewall.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-118/leftafteruninstall.png","250605/WondershareRecoverit-240312/13.5.18/Images/ACR-165/cart1.png"],"nonDeceptorImageFiles":["250605/WondershareRecoverit-240312/13.5.18/Images/ACR-123/firewall.png"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_13.5.18_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"13.5.18","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-06-05T21:33:49.2845696+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":296},{"violations":{"ACR-048":"The app is not able to be deleted from the Control Panel\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app cannot be uninstalled through Control Panel.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FKPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"429817885bf3fab0ddd7d71c4d0bd7c5","hashSHA1":"acf0602c83a6a83f177031ba1a14f49b86a368c5","hashSHA256":"3eef3a676e573caeb46c09864acf284e2d362d74a52a835dc415b67080b3b492","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"2149","avBlockList":["360 Total Security (20200806)","Avast Premium Security (20200806)","AVG Internet Security (20200806)","Avira Internet Security (20200806)","Bitdefender Internet Security (20200806)","COMODO Antivirus (20200806)","Dr.Web Security Space (20200806)","ESET Internet Security (20200806)","G DATA INTERNET SECURITY (20200806)","K7 Total Security (20200806)","Kaspersky Internet Security (20200806)","Malwarebytes Premium (20200806)","McAfee Total Protection (20200806)","Norton Security (20200806)","Panda Dome (20200806)","Quick Heal Internet Security (20200806)","Sophos Home Premium (20200806)","SpyHunter5 (20200806)","Tencent PC Manager (20200806)","Total AV Antivirus Pro (20200806)","VIPRE Advanced Security (20200806)","VirIT eXplorer PRO (20200806)","Webroot SecureAnywhere (20200806)","Windows Defender (20200806)"],"avAllowList":["Trend Micro Internet Security (20200806)"]},{"isRevoked":"False","fileName":"freekey.exe","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"1e3576668421fef466cb3f8e7acb2302","hashSHA1":"06fa9f6f4a52dc881c24edc23f97a6363bee099e","hashSHA256":"eb0d64ecf970c9ec0961ef614483d71f1cd49a952a7efd65809c031eb44e906f","sourceIndex":"2149","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"freekeyhk.dll","companyName":"HeavenWard","fileVersion":"4.12","hashMD5":"b32385c46fe1d3a280de42ee49f7dab3","hashSHA1":"a7fa2365143cc251714837be2c92d7a98e0bbc9f","hashSHA256":"08dcf24240bcb67cd5cd4b0f70595ceb9c6424adcdba63c2ff0d5abd59fab096","sourceIndex":"2149","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"keylogger\"","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/free-keylogger/","directDownloadingLink":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/FKPackage.exe?token=1595488870_b56d96731deb122cad35b16c21bc7b68&fileName=FKPackage.exe","sourceIndex":"2149"}],"sampleFiles":["200723/FreeKeylogger-200723/4.12.2.0/Samples/FKPackage.exe","200723/FreeKeylogger-200723/4.12.2.0/Samples/freekey.exe","200723/FreeKeylogger-200723/4.12.2.0/Samples/freekeyhk.dll"],"imageFiles":["200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-084/Free Keylogger_Interaction [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-084/Free Keylogger_RunningProcess [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-086/Free Keylogger_Interaction [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-048/Free Keylogger_ControlPanel_ListofApp [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-007/Free Keylogger_Interaction [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-007/Free Keylogger_RunningProcess [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-116/Free Keylogger_ControlPanel_ListofApp [2].png"],"nonDeceptorImageFiles":["200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-040/Free Keylogger_Files [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-099/Free Keylogger_LandingPage [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-099/Free Keylogger_LandingPage [2].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-099/Free Keylogger_OfferPage [1].png","200723/FreeKeylogger-200723/4.12.2.0/Images/ACR-099/Free Keylogger_OfferPage [2].png"],"guid":"8f611430-5fcd-4989-b503-6ab94ca2366e_4.12.2.0_1","appID":"FreeKeylogger-200723","dateAdded":"250605","deceptorType":"App","name":"Free Keylogger for Parents","company":"HeavenWard","version":"4.12.2.0","sigName":"Deceptor:Win32/FreeKeyloggerStalkerware!084086048007116","lastKnownStatus":"4.12.2.0;4.12.2.2;4,12,2,3;4.12.3.1","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":307},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"12.6.1","fileVersion":"4.0.4.22","hashMD5":"b8ce2f4da7b568bc60c05cb8f17481d8","hashSHA1":"21501f3921af20e9a05c9df112412a77d250d936","hashSHA256":"3b345da8c6a8b362202cf7a32a9908284ce6c0d2588687de6c8d38902c9e5aad","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"573","avBlockList":["360 Total Security (20240815)","Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","ESET Internet Security (20240815)","FortectPremium (20240815)","K7 Total Security (20240815)","Norton Security (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)"],"avAllowList":["COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","KasperskyPremium (20240815)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Panda Dome (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/recoverit_full4134.exe?extra_param=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoiezA0MWE4MGMwLTVhMDItNGQ2Zi05MGExLWEzMmVjMmM3NjYxNEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzEwMjQwMTQ2NTQ3XzE5MzE5MyIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"573"}],"sampleFiles":["240807/WondershareRecoverit-240312/13.0.1.6/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-042/ACR-042.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-042/ACR-042_1.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-048/ACR-048.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-004/ACR-004.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-004/ACR-004_1.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-097/ACR-097.PNG","240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240807/WondershareRecoverit-240312/13.0.1.6/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_13.0.1.6_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"13.0.1.6","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":299},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-165":"The app does not provide the following information in the shopping cart : 1. How to cancel the auto-renewal easily via the online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected. \n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"ri_setup_full4134_M7hEK47j.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"13.0.3","fileVersion":"4.0.4.22","hashMD5":"70c58e4ea51eac29121353f9bb0bba96","hashSHA1":"f754ea1625d1de5f0508b12c22a386f25168c412","hashSHA256":"87c904394da72d4e761e93a063c0273319a4a168b9e375e67a8602d18b572d61","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"539","avBlockList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","ESET Internet Security (20241212)","FortectPremium (20241212)","G DATA INTERNET SECURITY (20241212)","K7 Total Security (20241212)","Norton Security (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","Total AV Antivirus Pro (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)"],"avAllowList":["Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","KasperskyPremium (20241212)","Malwarebytes Premium (20241212)","McAfee Total Protection (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://download.wondershare.com/ri_full4134.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.wondershare.com/ri_full4134.exe","sourceIndex":"539"}],"sampleFiles":["240923/WondershareRecoverit-240312/13.0.5.5/Samples/ri_setup_full4134_M7hEK47j.exe"],"imageFiles":["240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-042/ACR-042.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-042/ACR-042_1.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-048/ACR-048.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-004/ACR-004.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-097/ACR-097.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-118/ACR-118.PNG","240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":["240923/WondershareRecoverit-240312/13.0.5.5/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_13.0.5.5_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"13.0.5.5","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":297},{"violations":{"ACR-042":"Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"recoverit_setup_full4134.exe","isInstaller":"True","companyName":"","productName":"Recoverit - Data Recovery","productVersion":"13.0.2","fileVersion":"4.0.4.22","hashMD5":"f96235c7aba915256636bea39e023808","hashSHA1":"7e09041c6d9ae6584e5aac12be55815f4a275e9f","hashSHA256":"0ad7126d4339e2ab409f2835cde7c2607d2e7fd11948e605814cf0e5925e88e5","digitalCertThumbprint":"3690603490F6A3D62A29DF22F687AFCC4FCF8697","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Wondershare Technology Group Co.Ltd","storeId":"","sourceIndex":"569","avBlockList":["360 Total Security (20240905)","Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Quick Heal Internet Security (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)","Windows Defender (20240905)"],"avAllowList":["Bitdefender Internet Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","KasperskyPremium (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://recoverit.wondershare.com/data-recovery-win.html","directDownloadingLink":"https://recoverit.wondershare.com/buy/store.html?utm_source=link_in_product&utm_medium=ownmedia&utm_campaign=drwin_ess&utm_content=link_dr_dr_en_20046074_2022-10-18&custom=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoie2M5Mzk3YzVmLWYwYzYtNGM1Zi04M2RlLWI5NzI3OGU0MzE0ZEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzI0MjM2MDA0MTQ5XzEzODEzOCIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://recoverit.wondershare.com/buy/store.html?utm_source=link_in_product&utm_medium=ownmedia&utm_campaign=drwin_ess&utm_content=link_dr_dr_en_20046074_2022-10-18&custom=eyJidXlfdHlwZSI6ImFwcF90b193ZWIiLCJjb2RlX3R5cGUiOiIyIiwiZGV2aWNlX2lkIjoie2M5Mzk3YzVmLWYwYzYtNGM1Zi04M2RlLWI5NzI3OGU0MzE0ZEd9IiwicGlkIjoiNDEzNCIsInBsYXRmb3JtIjoid2luIiwic2hvcHBpbmdfaWQiOiIxNzI0MjM2MDA0MTQ5XzEzODEzOCIsInRpZCI6IlVBXzg5NzgyMzUwXzkiLCJ0eXBlIjoiZHJfY2xpZW50X2luZm8ifQ==","sourceIndex":"569"}],"sampleFiles":["240821/WondershareRecoverit-240312/13.0.2.9/Samples/recoverit_setup_full4134.exe"],"imageFiles":["240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-042/ACR-042.PNG","240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-042/ACR-042_1.PNG","240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-048/ACR-048.PNG","240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-004/ACR-004.PNG","240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-097/ACR-097.PNG"],"nonDeceptorImageFiles":["240821/WondershareRecoverit-240312/13.0.2.9/Images/ACR-123/ACR-123.PNG"],"guid":"5c9d2e1c-174f-493d-a1a5-bb898f962097_13.0.2.9_1","appID":"WondershareRecoverit-240312","dateAdded":"250605","deceptorType":"App","name":"Wondershare Recoverit","company":"Wondershare Technology Group Co.,Ltd","version":"13.0.2.9","lastKnownStatus":"12.0.25.7;12.0.27.8;12.6.0.7;12.6.1.1;13.0.1.6;13.0.2.9;13.0.5.5;13.5.18","lastKnownDate":"250605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-06-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":298},{"violations":{"ACR-109":"The application silently installs the app before the user chooses and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-048":"The app disables the option to change the default search engine, forcing users to use its own by making it the only available choice in the settings.\n","ACR-006":"Search queries redirects to doktox.com without disclosure.\n","ACR-104":"The app does not clearly disclose that searches will be processed through doktox.com\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden AppData folder without telling the user and does not give the user a way to change the install location.\n"},"samples":[{"isRevoked":"False","fileName":"blaze.exe","companyName":"The Blaze Authors","productName":"Blaze","productVersion":"136.0.7062.0","fileVersion":"136.0","hashMD5":"bbb6c5a23d13b139d65803394510214d","hashSHA1":"4d11144041890b03afa6dc8a76cf2877bf9fdfc5","hashSHA256":"d273ee28e629c4a19cee2a254a81d6d3d9deaac5a64dbfb4f2b236da53a83f25","digitalCertThumbprint":"2A8E50DE52E27CFE1E27625253A473CA6951D3CB","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=BABUL KHEIR CONSTRUCTION CO LIMITED, O=BABUL KHEIR CONSTRUCTION CO LIMITED, L=Garissa, S=Garissa, C=KE, OID.1.3.6.1.4.1.311.60.2.1.3=KE, SERIALNUMBER=CPR/2011/64057, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"197","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"blazebrowser.exe","isInstaller":"True","productName":"","productVersion":"","fileVersion":"0.0","hashMD5":"0136afe1dea7a4a8f1ad668674d4c609","hashSHA1":"c3db2e23dd144ddcc1c01846c99a2d2330c4a397","hashSHA256":"168ab664780d7b46388bbee7f47ec30c5271d07cb31f888d8ef674b740607952","digitalCertThumbprint":"2A8E50DE52E27CFE1E27625253A473CA6951D3CB","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=BABUL KHEIR CONSTRUCTION CO LIMITED, O=BABUL KHEIR CONSTRUCTION CO LIMITED, L=Garissa, S=Garissa, C=KE, OID.1.3.6.1.4.1.311.60.2.1.3=KE, SERIALNUMBER=CPR/2011/64057, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"197","avBlockList":["360 Total Security (20250821)","Avast Premium Security (20250821)","AVG Internet Security (20250821)","Avira Internet Security (20250821)","Bitdefender Internet Security (20250821)","COMODO Antivirus (20250821)","FortectPremium (20250821)","G DATA INTERNET SECURITY (20250821)","K7 Total Security (20250821)","KasperskyPremium (20250821)","Malwarebytes Premium (20250821)","McAfee Total Protection (20250821)","Norton Security (20250821)","Panda Dome (20250821)","Quick Heal Internet Security (20250821)","Sophos Home Premium (20250821)","SpyHunter5 (20250821)","Total AV Antivirus Pro (20250821)","VIPRE Advanced Security (20250821)","VirIT eXplorer PRO (20250821)","Webroot SecureAnywhere (20250821)","Windows Defender (20250821)"],"avAllowList":["Dr.Web Security Space (20250821)","ESET Internet Security (20250821)","Trend Micro Internet Security (20250821)"]}],"additionalFiles":[],"sources":[{"howFound":"random research","reference":"","landingPage":"https://blazebrowser.gg/","ipv4":"","ipv6":"","sourceIndex":"197"}],"sampleFiles":["250527/BlazeBrowser-250527/136.0.7062.0/Samples/blaze.exe","250527/BlazeBrowser-250527/136.0.7062.0/Samples/blazebrowser.exe"],"imageFiles":["250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-109/Installation.mp4","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-104/ACR-104_Software_1.png","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-104/redirection.mp4","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-048/ACR-048_Software_1.png","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-048/ACR-048_Software_2.png","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-006/redirection.mp4","250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-006/ACR-006_Software_1.png"],"nonDeceptorImageFiles":["250527/BlazeBrowser-250527/136.0.7062.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"05b979c9-0568-4021-96f8-3dbb2eb27b11_136.0.7062.0_1","appID":"BlazeBrowser-250527","dateAdded":"250527","deceptorType":"App","name":"Blaze Browser","company":"The Blaze Authors","version":"136.0.7062.0","lastKnownStatus":"Deceptor:136.0.7062.0","lastKnownDate":"250528","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2025-05-29T03:10:59.6603871+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":308},{"violations":{"ACR-043":"The app gets installed in a hidden folder without disclosing its installation path.\n","ACR-048":"A scheduled task was added without the user's knowledge and the app does not offer any option within an app settings to control it. \n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent.\n","ACR-116":"The app cannot be uninstalled completely. In the attempt to uninstall the app, it opens a post-uninstall page displaying it was successfully removed from the computer. It removes Desktop shortcut and itself from the Control Panel and displays a prompt suggesting it may not have been uninstalled correctly, and leaves all its executables on the system.\n"},"nonDeceptorViolations":{"ACR-038":"The main executable and the file PDFlash Updater lacks important file metadata, such as  company info, product name or version details.\n","ACR-040":"The app installs itself in a hidden folder %AppData%\\Local\\PDflash without proper disclosure.\n","ACR-002":"The app has inconsistent versions of across all points of consumer interaction.\n"},"samples":[{"isRevoked":"False","fileName":"Pdflash.exe","isInstaller":"True","productName":"Pdflash","productVersion":"","fileVersion":"1.17.9.91","hashMD5":"bed3e35a0a3b4b1f43b90ce9db74efa3","hashSHA1":"b09537bf1e8d32275a6bbc32cc0048cf6cb6286c","hashSHA256":"e0bd179805a4095174a897ba76e5107d127b67a2b0b241362bc848c76d314aeb","digitalCertThumbprint":"0B92A7954C31D74EF39EE89A385C0FDDF5A3C114","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=legal@starlandingltd.com, CN=STAR LANDING LTD, O=STAR LANDING LTD, L=Ra'anana, S=Central District, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516201381, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"199","avBlockList":["Avast Premium Security (20250819)","AVG Internet Security (20250819)","Avira Internet Security (20250819)","Bitdefender Internet Security (20250819)","Dr.Web Security Space (20250819)","ESET Internet Security (20250819)","FortectPremium (20250819)","G DATA INTERNET SECURITY (20250819)","K7 Total Security (20250819)","KasperskyPremium (20250819)","Malwarebytes Premium (20250819)","McAfee Total Protection (20250819)","Norton Security (20250819)","Panda Dome (20250819)","Quick Heal Internet Security (20250819)","Sophos Home Premium (20250819)","SpyHunter5 (20250819)","Total AV Antivirus Pro (20250819)","VIPRE Advanced Security (20250819)","VirIT eXplorer PRO (20250819)","Webroot SecureAnywhere (20250819)","Windows Defender (20250819)"],"avAllowList":["360 Total Security (20250819)","COMODO Antivirus (20250819)","Trend Micro Internet Security (20250819)"]},{"isRevoked":"False","fileName":"Pdflash_main.exe","productName":"","productVersion":"","fileVersion":"1.17.9.8","hashMD5":"dda9c28a48f8289dfdd919010ad6fa6b","hashSHA1":"29a0ae886794916ee57f42d89c8229ab3678a3ee","hashSHA256":"81b8b12bae40e619af7ed2870fac3861934f600b2a9235cdf152bcb0511f91e5","digitalCertThumbprint":"0B92A7954C31D74EF39EE89A385C0FDDF5A3C114","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=legal@starlandingltd.com, CN=STAR LANDING LTD, O=STAR LANDING LTD, L=Ra'anana, S=Central District, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516201381, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"199","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDFlashUpdater.exe","companyName":"PDFlashUpdater","productName":"PDFlashUpdater","productVersion":"1.0.0+ac9b5f8e7fafc62c71901ed7302e3f17b9ecd591","fileVersion":"1.17.9.91","hashMD5":"1237c8f3b9eece4e673a4ab7071dece1","hashSHA1":"82a31ce3d4c478b220c7637ae95b279cc47dd6aa","hashSHA256":"bdb46a047c645b8d0c037848a2be7770df15f654d70f089ce78d3c0a80956d46","digitalCertThumbprint":"0B92A7954C31D74EF39EE89A385C0FDDF5A3C114","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=legal@starlandingltd.com, CN=STAR LANDING LTD, O=STAR LANDING LTD, L=Ra'anana, S=Central District, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516201381, OID.2.5.4.15=Private Organization","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"199","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random hunt","reference":"","landingPage":"https://www.pdflashapp.com/","directDownloadingLink":"https://flashitok.com/load?_ga=GA1.1.335069027.1747994288&_ga_QHSERMT330=GS2.1.s1747994288%24o1%24g0%24t1747994291%24j57%24l0%24h594965752%24da_yhz2577SDGo6FgelxRP5Hy9C0L8hKmUA&iddi=&mumy=85046cf5-d991-4872-86c3-92093e0960ed&pagap=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://flashitok.com/load?_ga=GA1.1.335069027.1747994288&_ga_QHSERMT330=GS2.1.s1747994288%24o1%24g0%24t1747994291%24j57%24l0%24h594965752%24da_yhz2577SDGo6FgelxRP5Hy9C0L8hKmUA&iddi=&mumy=85046cf5-d991-4872-86c3-92093e0960ed&pagap=","sourceIndex":"199"}],"sampleFiles":["250523/PDFlash-250523/1.17.9.8/Samples/Pdflash.exe","250523/PDFlash-250523/1.17.9.8/Samples/Pdflash_main.exe","250523/PDFlash-250523/1.17.9.8/Samples/PDFlashUpdater.exe"],"imageFiles":["250523/PDFlash-250523/1.17.9.8/Images/ACR-043/ACR-043_Install_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-043/ACR-043_Install_2.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-084/ACR-084_Software_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-048/ACR-048_Software_2.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-048/ACR-048_Software_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["250523/PDFlash-250523/1.17.9.8/Images/ACR-038/ACR-038_Install_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-038/ACR-038_Install_2.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-040/ACR-040_Install_1.png","250523/PDFlash-250523/1.17.9.8/Images/ACR-002/ACR-002_Software_1.png"],"guid":"adbb1159-e511-433a-ad67-59891a0a7ccc_1.17.9.8_1","appID":"PDFlash-250523","dateAdded":"250523","deceptorType":"App","name":"PDFlash","company":"Pdflash","version":"1.17.9.8","lastKnownStatus":"Deceptor:1.17.9.8","lastKnownDate":"250523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2025-05-24T00:01:32.9439343+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":309},{"violations":{"ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Yes, I would like to install Spy Emergency Antivirus\" is not straightforward option for decline\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy. \n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application has no link to a webpage that shows how to uninstall the app. \n"},"samples":[{"isRevoked":"False","fileName":"bh-setup.exe","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.                                 ","fileVersion":"0.0","hashMD5":"760193100ca5c6685d986edae3630e0d","hashSHA1":"bcfad95024a4447a2a920197e9ed9998a31df531","hashSHA256":"3a74ede0d6b129c19c3c8002ec296ef619d7ce3756cb5be44f7281bde383b169","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"198","avBlockList":["Avast Premium Security (20250821)","AVG Internet Security (20250821)","Avira Internet Security (20250821)","Bitdefender Internet Security (20250821)","COMODO Antivirus (20250821)","FortectPremium (20250821)","G DATA INTERNET SECURITY (20250821)","K7 Total Security (20250821)","KasperskyPremium (20250821)","Malwarebytes Premium (20250821)","Norton Security (20250821)","Panda Dome (20250821)","Quick Heal Internet Security (20250821)","Sophos Home Premium (20250821)","SpyHunter5 (20250821)","Total AV Antivirus Pro (20250821)","VIPRE Advanced Security (20250821)","VirIT eXplorer PRO (20250821)","Webroot SecureAnywhere (20250821)","Windows Defender (20250821)"],"avAllowList":["360 Total Security (20250821)","Dr.Web Security Space (20250821)","ESET Internet Security (20250821)","McAfee Total Protection (20250821)","Trend Micro Internet Security (20250821)"]},{"isRevoked":"False","fileName":"blackhawk.exe","companyName":"NETGATE Technologies s.r.o.","fileVersion":"25.3","hashMD5":"7a0ddd9ac6813f3747a4bef496b8595a","hashSHA1":"da73056284c5b38d83eced52e68501215bfe8762","hashSHA256":"9b7e1a118af87ee3adf63cc4a3a13c6809c66adbae1d130b7f3f6327452fff41","sourceIndex":"198","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.netgate.sk/blackhawk/help/welcome-to-blackhawk-web-browser.html","reference":"https://www.netgate.sk/blackhawk/help/welcome-to-blackhawk-web-browser.html","landingPage":"https://www.netgate.sk/blackhawk/help/welcome-to-blackhawk-web-browser.html","directDownloadingLink":"https://www.ngt.sk/download/bh-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ngt.sk/download/bh-setup.exe","sourceIndex":"198"}],"sampleFiles":["250516/BlackHawkWebBrowser-250516/25.3.1/Samples/bh-setup.exe","250516/BlackHawkWebBrowser-250516/25.3.1/Samples/blackhawk.exe"],"imageFiles":["250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-055/install3.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-059/install3.png"],"nonDeceptorImageFiles":["250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-065/install1.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-065/app6.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-099/app6.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-065/LandingPage1.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-065/LandingPage2.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-099/LandingPage1.png","250516/BlackHawkWebBrowser-250516/25.3.1/Images/ACR-099/LandingPage2.png"],"guid":"44bb9ce5-62b0-465b-9b6b-6493406f7c62_25.3.1_1","appID":"BlackHawkWebBrowser-250516","dateAdded":"250516","deceptorType":"App","name":"BlackHawk Web Browser ","company":"NETGATE Technologies","version":"25.3.1","lastKnownStatus":"Deceptor:25.3.1","lastKnownDate":"250527","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 11,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2025-05-27T23:26:18.4233831+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":310},{"violations":{"ACR-048":"App does not have a standard 'x' button to close, only a '-' button which minimizes to system tray and provides no notification to the user that it is still running in the background.\n","ACR-007":"Does not inform user about the reduction in security associated with the resource borrowing.\n","ACR-084":"App does not clearly indicate that borrowing is happening, instead implying that there are steps to follow to enable borrowing, even after the steps have been followed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Point-Of-Presence-1.0.16.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"2d8fe057fdd26732462b1e573df74775","hashSHA1":"65c77152be47f64d4343e33cdae81a71972a1726","hashSHA256":"6d80be7810607f18a356f1491011473b213d7362161723e949d7c2256475f943","digitalCertThumbprint":"0FB3DB9BFA0CDE9220D4C183721F1A89E3D5BD1A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Secure Privacy Group Limited, O=Secure Privacy Group Limited, S=Hong Kong, C=HK, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=2700369","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"200","avBlockList":["360 Total Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","ESET Internet Security (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","Kaspersky Internet Security (20230328)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","Trend Micro Internet Security (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)","FortectPremium (20250731)","KasperskyPremium (20250731)"],"avAllowList":["Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Dr.Web Security Space (20250731)","Norton Security (20250731)","Total AV Antivirus Pro (20250731)","Windows Defender (20250731)"]},{"isRevoked":"False","fileName":"Point%20of%20Presence.exe","companyName":"GitHub, Inc.","fileVersion":"1.0","hashMD5":"986d3e27b6e295a596231fd8868100c3","hashSHA1":"4bc79987d0e50cb6daf944ff989479aafd756688","hashSHA256":"045d6f166ae0d3b834e3f772606ec64f9338b135ede70c3c6b87e270d8338f5d","sourceIndex":"200","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search for Proxy Apps","reference":"","landingPage":"https://peer.proxyrack.com/dashboard","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"200"}],"sampleFiles":["250515/Pointofpresence-250515/1.0.16/Samples/Point-Of-Presence-1.0.16.exe","250515/Pointofpresence-250515/1.0.16/Samples/Point%20of%20Presence.exe"],"imageFiles":["250515/Pointofpresence-250515/1.0.16/Images/ACR-007/007.png","250515/Pointofpresence-250515/1.0.16/Images/ACR-084/084.png","250515/Pointofpresence-250515/1.0.16/Images/ACR-048/084.png","250515/Pointofpresence-250515/1.0.16/Images/ACR-048/048.png"],"nonDeceptorImageFiles":[],"guid":"3b27b282-0dc4-49d9-8e5d-9f3fb12681fd_1.0.16_1","appID":"Pointofpresence-250515","dateAdded":"250515","deceptorType":"App","name":"Point of Presence","company":"ProxyRack","version":"1.0.16","lastKnownStatus":"1.0.16","lastKnownDate":"250515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-05-15T21:40:35.9086043+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":311},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"autoruns-14.11-installer_9-cxcK1.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.0","hashMD5":"519323c0ba82598e4304211ee225d998","hashSHA1":"34488cda57d1a98ed2b8fb6b65307ad285f16ed4","hashSHA256":"4bc69acdbc93f0cfa42b28dbcd51bba4f2e4347ec84054ab5b3178788bb3c60a","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"201","avBlockList":["360 Total Security (20250731)","Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","Dr.Web Security Space (20250731)","ESET Internet Security (20250731)","FortectPremium (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","KasperskyPremium (20250731)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Norton Security (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","Total AV Antivirus Pro (20250731)","Trend Micro Internet Security (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)","Windows Defender (20250731)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"blur.live/research - BIBR","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","sourceIndex":"201"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v3.385.538.777","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"202"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/latest/ph/v1.35.82.703.24 ","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"203"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/release/ph/v2.748.45.35.15","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"204"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1hck35173zzpc.cloudfront.net/hu/wqkz5njow9/ahy/27.117","ipv4":"","ipv6":"","landingPageWildChar":"https://autoruns.softonic.ru/download","sourceIndex":"205"}],"sampleFiles":["250512/RiseDownloadManager-230315/3.011.0/Samples/autoruns-14.11-installer_9-cxcK1.exe"],"imageFiles":["250512/RiseDownloadManager-230315/3.011.0/Images/ACR-039/app2.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-013/app3_offer1.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-013/app3_offer2.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-013/app3_offer3.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-060/app3_offer1.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-060/app3_offer2.png","250512/RiseDownloadManager-230315/3.011.0/Images/ACR-060/app3_offer3.png"],"nonDeceptorImageFiles":["250512/RiseDownloadManager-230315/3.011.0/Images/ACR-044/app2.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_3.011.0_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"3.011.0","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T18:38:26.9959293+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":312},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"winrar-64bit-7.01-installer_gG-XMP1.exe","isInstaller":"True","fileVersion":"11.3","hashMD5":"8977253e0281b50e75f816115b0c6d52","hashSHA1":"a962c31c982b41f9501f95cabbf1c2bf20b0d2ff","hashSHA256":"c50d0de6fe12d36aba376cdb8d6e093f8b43e20b39f33b66f12bc1aa9f073285","digitalCertThumbprint":"FEFEB4BACCAD8A573C23EA0669EF69586AEE2816","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"544","avBlockList":["COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)"],"avAllowList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","Windows Defender (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://en.softonic.com/download/winrar/windows/post-download?ext=1","directDownloadingLink":"https://dcv13qo2y742s.cloudfront.net/ZAnt/rFyGzvFsK/NsAiE61/winrar-7.01-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://dcv13qo2y742s.cloudfront.net/ZAnt/rFyGzvFsK/NsAiE61/winrar-7.01-installer.exe","sourceIndex":"544"}],"sampleFiles":["240919/RiseDownloadManager-230315/11.3.6425/Samples/winrar-64bit-7.01-installer_gG-XMP1.exe"],"imageFiles":["240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-109/files.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-039/App1.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-043/files.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-042/files.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-013/offer.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-013/offer2.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-013/offer3.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-060/offer.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-060/offer2.png","240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-060/offer3.png"],"nonDeceptorImageFiles":["240919/RiseDownloadManager-230315/11.3.6425/Images/ACR-044/App1.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_11.3.6425_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"11.3.6425","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":313},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"cleaner-one-pro-6.6.0.2986-installer_6zSQS-3.exe","isInstaller":"True","fileVersion":"13.2","hashMD5":"e26a67f7ef319c64c286d4fa316464e6","hashSHA1":"e39a666ee4c6cb61ffcf479db9fd59f72bea8f9d","hashSHA256":"bca86a0c987f036a598479dc37b26e90d1f9d7d9fef2a16a3f8bac6453c6e2a3","digitalCertThumbprint":"FEFEB4BACCAD8A573C23EA0669EF69586AEE2816","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"761","avBlockList":["Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)"],"avAllowList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","McAfee Total Protection (20240215)","Total AV Antivirus Pro (20240215)","Windows Defender (20240215)"]}],"additionalFiles":[],"sources":[{"howFound":"blur.live/research - BIBR","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","sourceIndex":"761"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v3.385.538.777","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"762"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/latest/ph/v1.35.82.703.24 ","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"763"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/release/ph/v2.748.45.35.15","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"764"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1isumqvmnq7jz.cloudfront.net/main/ph/v6.301.598.730","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1isumqvmnq7jz.cloudfront.net/*/ph/*","sourceIndex":"765"}],"sampleFiles":["240110/RiseDownloadManager-230315/13.2.3957.0/Samples/cleaner-one-pro-6.6.0.2986-installer_6zSQS-3.exe"],"imageFiles":["240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-109/files.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-039/app.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-043/files.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-042/files.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-013/offer 1.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-013/offer 2.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-060/offer 1.png","240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-060/offer 2.png"],"nonDeceptorImageFiles":["240110/RiseDownloadManager-230315/13.2.3957.0/Images/ACR-044/app.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_13.2.3957.0_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"13.2.3957.0","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":314},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"3utools-2.65.003-installer_Syfe-r1.exe","isInstaller":"True","fileVersion":"54.1","hashMD5":"2ef5a633500361faa60bdebdd4aa34ae","hashSHA1":"be21d0517476ef594722050fe1df01b2cfcdd7ec","hashSHA256":"c6a048d3abae99f06f992a96d43d10365a35b1d378080bec965fbce97c764aea","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"954","avBlockList":["Avira Internet Security (20230801)","COMODO Antivirus (20230801)","Dr.Web Security Space (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","K7 Total Security (20230801)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20230801)","McAfee Total Protection (20230801)","Norton Security (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)"],"avAllowList":["360 Total Security (20230801)","Avast Premium Security (20230801)","AVG Internet Security (20230801)","Bitdefender Internet Security (20230801)","Trend Micro Internet Security (20230801)","VIPRE Advanced Security (20230801)","Windows Defender (20230801)"]},{"isRevoked":"False","fileName":"vlc-media-player-3.0.18-installer_S-jiXx1.exe","isInstaller":"True","fileVersion":"54.1","hashMD5":"76fce5ebe2dbb7ab3799665b02467032","hashSHA1":"075763dd996378aa0b5f751281f641a81fe4c460","hashSHA256":"b12c61e5040dc52862952174a21561c5d772c5b397a2f8093bdc4ed6bb24c5fc","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"954","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"blur.live/research - BIBR","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","sourceIndex":"954"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v3.385.538.777","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"955"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/latest/ph/v1.35.82.703.24 ","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"956"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/release/ph/v2.748.45.35.15","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"957"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/rel/ph/v2.446.963.480","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"958"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/current/ph/v6.941.922.516","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"959"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/current/ph/v4.89.53.130.94","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"960"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v2.126.79.35.03","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"961"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/ver/ph/v1.865.39.03.98","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"962"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/revision/ph/v3.464.481.34.1","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"963"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/ver/ph/v0.309.16.55.18","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"964"}],"sampleFiles":["230724/RiseDownloadManager-230315/54.1.6275/Samples/3utools-2.65.003-installer_Syfe-r1.exe","230724/RiseDownloadManager-230315/54.1.6275/Samples/vlc-media-player-3.0.18-installer_S-jiXx1.exe"],"imageFiles":["230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-109/VLC_Files.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-039/VLC_044.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-043/VLC_File2.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-042/VLC_File2.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-013/VLC_Offer.png","230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-060/VLC_Offer.png"],"nonDeceptorImageFiles":["230724/RiseDownloadManager-230315/54.1.6275/Images/ACR-044/VLC_044.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_54.1.6275_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"54.1.6275","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":315},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"vlc-media-player-3.0.18-installer_LOHB-H1.exe - e26e459631c3c6a9ee9c498bbcee99ec67e8534a52313e1b13c0ed9639d162cb","isInstaller":"True","fileVersion":"6.44","hashMD5":"d0dafc349ed205185e9c30382209c1c6","hashSHA1":"4494d56773274595b9422287d3786f8dc339a162","hashSHA256":"e26e459631c3c6a9ee9c498bbcee99ec67e8534a52313e1b13c0ed9639d162cb","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"1002","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"shareit-5.0.0.3-installer_N-ODSK1.exe","isInstaller":"True","fileVersion":"6.44","hashMD5":"7f7e833d979c68d1197541802467846a","hashSHA1":"627053bf89fd9cb31bc96e42cc0a609849b7e668","hashSHA256":"3257082fe20b46d6ffddb839c272d227196e32394505bcb6684ab87d024b80c3","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"1002","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"blur.live/research - BIBR","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v3.99.649.643.4","sourceIndex":"1002"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v3.385.538.777","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1003"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/latest/ph/v1.35.82.703.24 ","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1004"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/release/ph/v2.748.45.35.15","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1005"}],"sampleFiles":["230711/RiseDownloadManager-230315/6.44.1344.0/Samples/vlc-media-player-3.0.18-installer_LOHB-H1.exe - e26e459631c3c6a9ee9c498bbcee99ec67e8534a52313e1b13c0ed9639d162cb","230711/RiseDownloadManager-230315/6.44.1344.0/Samples/shareit-5.0.0.3-installer_N-ODSK1.exe"],"imageFiles":["230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-109/ACR-109.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-039/ACR-039.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-043/ACR-043.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-042/ACR-042.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-013/ACR-013_1.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-013/ACR-013_2.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-060/ACR-060_1.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-060/ACR-060_2.png","230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-075/ACR-075.png"],"nonDeceptorImageFiles":["230711/RiseDownloadManager-230315/6.44.1344.0/Images/ACR-044/ACR-044.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_6.44.1344.0_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"6.44.1344.0","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":316},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"SoftonicDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/wp-content/uploads/2023/01/Risecodes.com-Privacy-Policy-05.01.2023.pdf\nhttps://risecodes.com/wp-content/uploads/2022/01/Risecodes.com-Terms-of-Use.pdf)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"vlc-media-player-3.0.18-installer_9-bNZi1.exe","isInstaller":"True","fileVersion":"569.11","hashMD5":"aba72ae2bbcba8e6f22db62018f33aeb","hashSHA1":"4396fdbac35f4a3f5b60af19eb850e830d2eb3cb","hashSHA256":"11184afa5ddcc05a096dd98e607a0dae826c99b24d7eda139bd6909e9727d8f4","digitalCertThumbprint":"5C25447CA34F11353A2CFE1E31A3A1A7AEFE3193","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Softonic International SA, OU=SOFTONIC INTERNATIONAL, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES","sourceIndex":"1132","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://vlc-media-player.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/ver/ph/v0.208.523.872","ipv4":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/ver/ph/v0.208.523.872","sourceIndex":"1132"},{"howFound":"","reference":"","landingPage":"https://360-total-security.en.softonic.com/download","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/v/ph/v7.46.55.888.58","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1133"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v1.48.83.41.17.6","ipv4":"","ipv6":"","landingPageWildChar":"https://*.softonic.com/download","directDownloadingLinkWildChar":"https://d1m1511i74zbdu.cloudfront.net/*/ph/*","sourceIndex":"1134"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/revision/ph/v5.26.89.78.12.9","ipv4":"","ipv6":"","sourceIndex":"1135"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/build/ph/v9.66.628.14.75","ipv4":"","ipv6":"","sourceIndex":"1136"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/version/ph/v1.77.865.87.78","ipv4":"","ipv6":"","sourceIndex":"1137"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://d1m1511i74zbdu.cloudfront.net/revision/ph/v5.17.17.18.423","ipv4":"","ipv6":"","sourceIndex":"1138"}],"sampleFiles":["230424/RiseDownloadManager-230315/569.11.57.63/Samples/vlc-media-player-3.0.18-installer_9-bNZi1.exe"],"imageFiles":["230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-109/ACR-109.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-039/ACR-039.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-043/ACR-043.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-042/ACR-109.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-013/ACR-013_1.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-013/ACR-013_2.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-060/ACR-013_1.png","230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-060/ACR-013_2.png"],"nonDeceptorImageFiles":["230424/RiseDownloadManager-230315/569.11.57.63/Images/ACR-044/ACR-039.png"],"guid":"4a39c51b-7c7b-41c7-8340-5d79aa45bff0_569.11.57.63_1","appID":"RiseDownloadManager-230315","dateAdded":"250512","deceptorType":"Bundler","name":"SoftonicDownloadManager","company":"softonic.com","version":"569.11.57.63","lastKnownStatus":"6.44.1344.0;569.11.57.63;54.1.6275;13.2.3957.0;11.3.6425;3.011.0","lastKnownDate":"250512","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2025-05-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":317},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"bb8762fdc099c3cfce9b232ab2352b0b","hashSHA1":"69144d048faf936851e5ef700c9ae242a51b84c8","hashSHA256":"a4bde1f1ee6d71426ea817d6b6a7acab249feed6545b60a0dba44339d67711a9","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"834","avBlockList":["COMODO Antivirus (20240307)","ESET Internet Security (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)","Windows Defender (20240307)"],"avAllowList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","Dr.Web Security Space (20240307)","G DATA INTERNET SECURITY (20240307)","K7 Total Security (20240307)","McAfee Total Protection (20240307)","Quick Heal Internet Security (20240307)","Trend Micro Internet Security (20240307)","VIPRE Advanced Security (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"834"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"835"}],"sampleFiles":["231102/GOMPlayer-230126/2.3.91.5361/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-013/OptionalOffer1.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-013/OptionalOffer2.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-013/OptionalOffer3.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-155/OptionalOffer1.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-155/OptionalOffer2.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-155/OptionalOffer3.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-059/OptionalOffer1.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-059/OptionalOffer2.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-059/OptionalOffer3.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-060/OptionalOffer1.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-060/OptionalOffer2.jpg","231102/GOMPlayer-230126/2.3.91.5361/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.91.5361_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.91.5361","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":328},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME%20(6).EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"010db5f5e3ce528545626041aa5b02e6","hashSHA1":"6ffeb4a436def9d5422d8b3d7735f2e1a57c4fab","hashSHA256":"e296fdb7ccea9ebfad0f20e8519b36da69cdf497eedb68a00617f0e378be8577","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"795","avBlockList":["Avira Internet Security (20240104)","COMODO Antivirus (20240104)","ESET Internet Security (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)","Windows Defender (20240104)"],"avAllowList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Bitdefender Internet Security (20240104)","Dr.Web Security Space (20240104)","G DATA INTERNET SECURITY (20240104)","McAfee Total Protection (20240104)","Quick Heal Internet Security (20240104)","Total AV Antivirus Pro (20240104)","Trend Micro Internet Security (20240104)","VIPRE Advanced Security (20240104)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"795"}],"sampleFiles":["231127/GOMPlayer-230126/2.3.92.5362/Samples/GOMPLAYERGLOBALSETUP_CHROME%20(6).EXE"],"imageFiles":["231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-013/OptionalOffer1.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-013/OptionalOffer2.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-013/OptionalOffer3.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-155/OptionalOffer1.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-155/OptionalOffer2.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-155/OptionalOffer3.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-059/OptionalOffer1.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-059/OptionalOffer2.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-059/OptionalOffer3.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-060/OptionalOffer1.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-060/OptionalOffer2.jpg","231127/GOMPlayer-230126/2.3.92.5362/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.92.5362_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.92.5362","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":327},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME (2).EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"ee9ba23103f0dfe8b49a15af2461df1e","hashSHA1":"e3363f2aa606a45837a53e926c11f8cd96817d88","hashSHA256":"89c17d5c64a868583a779c6e7e48b36c662156a5a67e6fc891686daceabee701","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"782","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOM_230830.exe","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"02e6a661c7edb67a6a762555385771d5","hashSHA1":"e061e80c9fcc125f1e74fb1dbf82ad19b3b95260","hashSHA256":"90cb321d7bcc2a1067479560ad13a4372351b9aa57a6f82180f38ed7a48569fc","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"782","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME_230830.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"b3bc44cf4724405ac3866606149edf7b","hashSHA1":"2f12a50e30baef1090d5c08f576fff0048e82a13","hashSHA256":"9c49d772e103961477ca390efc19e63c2979e0cdeb7a602e5cdd0d53b6f0c387","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"782","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOM_230927.exe","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"37226da17e2f1de186846a6af5f2cdc3","hashSHA1":"2421e48db1ec52f06935afedaeee3566c19566f3","hashSHA256":"7e082ee55dd392f123952474e322cc434372d0bd917f8a13014ee489c2fa258c","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"782","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME_230927.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"177ad282ad2283b085a3562708db87f3","hashSHA1":"7e61137661eff80e705200f40f39ab9a455c4ac1","hashSHA256":"8593c34c3f1a9a473115538240928cd811a81c62bc7319f78798d78f54eccabc","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"782","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOM_231011.exe","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"b22ef3bb57a7d3f68d6721c03344f342","hashSHA1":"7341c61012b36da8fb51790bc1763602749bfde1","hashSHA256":"d3caf71980d2ed727059512da07aa11728923f950dbfedca5d173d08ce9fcd71","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"782","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME_231011.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"e8e30c4b24f94a76fa03639dca61fb11","hashSHA1":"eafeeaf7da3a8af99a3095ca57ca4c53e64e3864","hashSHA256":"22b4fb4ccd2faddccab3de1d4df44e28c08d84e8d08899ac214853cbd4c0fb2c","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"782","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"782"}],"sampleFiles":["231211/GOMPlayer-230126/2.3.90.5360/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOM_230830.exe","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOMPLAYERGLOBALSETUP_CHROME_230830.EXE","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOM_230927.exe","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOMPLAYERGLOBALSETUP_CHROME_230927.EXE","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOM_231011.exe","231211/GOMPlayer-230126/2.3.90.5360/Samples/GOMPLAYERGLOBALSETUP_CHROME_231011.EXE"],"imageFiles":["231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-013/OptionalOffer1.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-013/OptionalOffer2.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-013/OptionalOffer3.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-155/OptionalOffer1.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-155/OptionalOffer2.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-155/OptionalOffer3.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-059/OptionalOffer1.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-059/OptionalOffer2.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-059/OptionalOffer3.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-060/OptionalOffer1.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-060/OptionalOffer2.jpg","231211/GOMPlayer-230126/2.3.90.5360/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.90.5360_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.90.5360","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":326},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"3b53c2d58b282eea9f0a719c9fdc465e","hashSHA1":"d05cb8bbcdd3c8a7cd71ca39461579dbd0d4f4a5","hashSHA256":"d7c4690df990969256dafe5fb89446d330a60c61d734bec552492af9c35fabdc","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1018","avBlockList":["Avira Internet Security (20240604)","ESET Internet Security (20240604)","Kaspersky Internet Security (20240604)","Malwarebytes Premium (20240604)","McAfee Total Protection (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Bitdefender Internet Security (20240604)","COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Quick Heal Internet Security (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1018"}],"sampleFiles":["230705/GOMPlayer-230126/2.3.88.5358/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-013/GOM_Offer1.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-013/GOM_Offer3.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-013/GOM_Offer2.png","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-155/GOM_Offer1.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-155/GOM_Offer2.png","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-155/GOM_Offer3.png","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-059/GOM_Offer1.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-059/GOM_Offer3.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-059/GOM_Offer2.png","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-060/GOM_Offer1.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-060/GOM_Offer3.jpg","230705/GOMPlayer-230126/2.3.88.5358/Images/ACR-060/GOM_Offer2.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.88.5358_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.88.5358","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":330},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME%20(7).EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"250b75722e9fa525abfd686e2a9d97c9","hashSHA1":"7aff4a592edc79af89c088d8de76b86abf741e18","hashSHA256":"88fcfb4aa99e99cb38660d6346ce989abf4569019cfd58cc762b6314a7c1f7e9","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"752","avBlockList":["360 Total Security (20240507)","COMODO Antivirus (20240507)","ESET Internet Security (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","VirIT eXplorer PRO (20240507)"],"avAllowList":["Avast Premium Security (20240507)","AVG Internet Security (20240507)","Avira Internet Security (20240507)","Bitdefender Internet Security (20240507)","Dr.Web Security Space (20240507)","G DATA INTERNET SECURITY (20240507)","McAfee Total Protection (20240507)","Quick Heal Internet Security (20240507)","Total AV Antivirus Pro (20240507)","Trend Micro Internet Security (20240507)","VIPRE Advanced Security (20240507)","Webroot SecureAnywhere (20240507)","Windows Defender (20240507)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"752"}],"sampleFiles":["240125/GOMPlayer-230126/2.3.93.5363/Samples/GOMPLAYERGLOBALSETUP_CHROME%20(7).EXE"],"imageFiles":["240125/GOMPlayer-230126/2.3.93.5363/Images/ACR-013/ACR-013_Install_1.png","240125/GOMPlayer-230126/2.3.93.5363/Images/ACR-155/ACR-155_Inline offers_1.png","240125/GOMPlayer-230126/2.3.93.5363/Images/ACR-059/ACR-059_In-bundle offers_1.png","240125/GOMPlayer-230126/2.3.93.5363/Images/ACR-060/ACR-060_In-bundle offers_1.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.93.5363_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.93.5363","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":325},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\4DDiG Duplicate File Deleter.exe","companyName":"4DDiG","productName":"4DDiG Duplicate File Deleter","productVersion":"2.5.1.14","fileVersion":"2.5.1.14","hashMD5":"82da5363b797821638bd39ecafac67f9","hashSHA1":"e96d173b031aa0e5d630b0f464389832bca7135e","hashSHA256":"9f4ce2e8efaaf6ae8a4fe4941d2c4e4e7b5af538ef16c32d11d3c8420f76064c","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"698","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\Monitor\\Monitor.exe","companyName":"TS","productName":"Monitor","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"398939a15d3a60971dae9db4d52e2138","hashSHA1":"12a3967bfff87f6608418c21308c4fea99e23ca0","hashSHA256":"6a91dc974d68551117c1d82819aac304b00a9f664e7cffafbb7c203cbf36ec30","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"698","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter_11710474112280230701.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230725153620","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"17b46c0bcc3c37c800020f59b7c8b204","hashSHA1":"03c4b6fafd1e54f132e9090e5bc6acaf4572be09","hashSHA256":"4ea8b29ebfc6501b758729cc4226261722cb6e8681df8603ba361f389a4e6e63","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"698","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"698"}],"sampleFiles":["240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Samples/4ddig-duplicate-file-deleter_11710474112280230701.exe"],"imageFiles":["240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-046/ACR-046.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-046/ACR-046_1.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-048/ACR-048_Install.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-004/ACR-004_Software_1.png","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-097/ACR-097.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-040/ACR-040.PNG","240326/4DDiGDuplicateFileDeleter-240318/2.5.1.14/Images/ACR-123/ACR-123.PNG"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_2.5.1.14_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"2.5.1.14","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":340},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\4DDiG Duplicate File Deleter.exe","companyName":"4DDiG","productName":"4DDiG Duplicate File Deleter","productVersion":"2.5.4.0","fileVersion":"2.5.4.0","hashMD5":"b91fd5e5d7ea95ef1449bf31724c9bd4","hashSHA1":"4f971178030cc4c1759441820d23f4656cc71135","hashSHA256":"45da9dafc005f072cf4be2c8be1ff8c3e01a6d5b862b1c20034b06eecb8c9ee9","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"647","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230725153620","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"17b46c0bcc3c37c800020f59b7c8b204","hashSHA1":"03c4b6fafd1e54f132e9090e5bc6acaf4572be09","hashSHA256":"4ea8b29ebfc6501b758729cc4226261722cb6e8681df8603ba361f389a4e6e63","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"647","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"647"}],"sampleFiles":["240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Samples/4ddig-duplicate-file-deleter.exe"],"imageFiles":["240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-046/ACR-046.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-046/ACR-046_1.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-048/ACR-048.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-004/ACR-004.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-004/ACR-004_1.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-097/ACR-097.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-040/ACR-040.PNG","240429/4DDiGDuplicateFileDeleter-240318/2.5.2.3/Images/ACR-123/ACR-123.PNG"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_2.5.2.3_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"2.5.2.3","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":339},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\4DDiG Duplicate File Deleter.exe","companyName":"4DDiG","productName":"4DDiG Duplicate File Deleter","productVersion":"2.5.11.0","fileVersion":"2.5.11.0","hashMD5":"7e7157a4ecd624829b515e603dd9a55c","hashSHA1":"723debb323997e8631653716849d58a2bc7e981b","hashSHA256":"db2b18db7b68772d60c7f9d20aebc216c9837d80a28231c4fee0cf154b5e67f4","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\DuplicateDaemon.exe","companyName":"","productName":"DuplicateDaemon","productVersion":"1.0.1.1","fileVersion":"1.0.1.1","hashMD5":"981fb85551b807a4a86ec5a1ee9b547b","hashSHA1":"beba275851df966115c2c99c7d66d691453438a1","hashSHA256":"71fd42732f70ea4984692a37a9586f93a4812a7f0d059f8fb0c1993a636c0c98","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\DuplicateFileMonitor.exe","companyName":"","productName":"DuplicateFileMonitor","productVersion":"1.0.1.2","fileVersion":"1.0.1.2","hashMD5":"35d4fbf173f5d1df1cd0de6db5ee9f2c","hashSHA1":"1845fc53eddfddb67799c2584c999472664fb01c","hashSHA256":"55cda5d615f16b25325d2c00ed5f7c4aadde242ef176a82d85e1c8c97dc18f8c","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230725153620","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"17b46c0bcc3c37c800020f59b7c8b204","hashSHA1":"03c4b6fafd1e54f132e9090e5bc6acaf4572be09","hashSHA256":"4ea8b29ebfc6501b758729cc4226261722cb6e8681df8603ba361f389a4e6e63","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"630","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"630"}],"sampleFiles":["240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Samples/4ddig-duplicate-file-deleter.exe"],"imageFiles":["240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-046/ACR-046.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-046/ACR-046_1.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-048/ACR-048.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-004/ACR-004.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-004/ACR-004_1.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-084/ACR-084.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-097/ACR-097.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-097/ACR-097_1.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-048/ACR-048_1.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-040/ACR-040.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-123/ACR-123.PNG","240604/4DDiGDuplicateFileDeleter-240318/2.5.11.0/Images/ACR-123/ACR-123_1.PNG"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_2.5.11.0_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"2.5.11.0","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":338},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder different from its installation folder\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG Duplicate File Deleter\\4DDiG Duplicate File Deleter.exe","companyName":"4DDiG","productName":"4DDiG Duplicate File Deleter","productVersion":"3.0.1.4","fileVersion":"3.0.1.4","hashMD5":"61f339efe16f89045cccf4db357e29e7","hashSHA1":"c0f7831049221bfd5d165010f269e13e282776c3","hashSHA256":"fabd7fddfe6d4501a4592ee26e11d3fa9e9067ea2bd6a8196f943aea0a6f0fbc","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"572","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230725153620","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"17b46c0bcc3c37c800020f59b7c8b204","hashSHA1":"03c4b6fafd1e54f132e9090e5bc6acaf4572be09","hashSHA256":"4ea8b29ebfc6501b758729cc4226261722cb6e8681df8603ba361f389a4e6e63","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"572","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"572"}],"sampleFiles":["240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Samples/4ddig-duplicate-file-deleter.exe"],"imageFiles":["240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-046/ACR-046.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-046/ACR-046_1.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-048/ACR-048.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-004/ACR-004.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-004/ACR-004_1.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-084/ACR-084.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-097/ACR-097.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-048/ACR-048_1.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-040/ACR-040.PNG","240807/4DDiGDuplicateFileDeleter-240318/3.0.1.4/Images/ACR-123/ACR-123.PNG"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_3.0.1.4_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"3.0.1.4","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":337},{"violations":{"ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOM.EXE","companyName":"GOM & Company","fileVersion":"2.3.83.5350","hashMD5":"329789d0508992d8d6ed9adf72423135","hashSHA1":"1d1f3bb2d56347f6e7de730b5471ef229e0995a7","hashSHA256":"bc786a1ee28402f5ac0bf0ea72f31b8b3cdbfa21f51999286e27a27194b0a3fa","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1216","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"657e47c6009558ac2b9006e0490743df","hashSHA1":"06c39cdc9473eab32ee583521febca4ea9cf3fc0","hashSHA256":"ca55e77e90979e3915d894eb5fdfc17a31ec4ce5a704fe0c9cd8ee2c822b8bbe","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1216","avBlockList":["Avira Internet Security (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","Malwarebytes Premium (20240808)","McAfee Total Protection (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20230914)","Quick Heal Internet Security (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","Windows Defender (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1216"}],"sampleFiles":["230215/GOMPlayer-230126/2.3.83.5350/Samples/GOM.exe","230215/GOMPlayer-230126/2.3.83.5350/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230215/GOMPlayer-230126/2.3.83.5350/Images/ACR-059/ACR-059_Offer1 (1).jpg","230215/GOMPlayer-230126/2.3.83.5350/Images/ACR-059/ACR-059_Offer1 (2).jpg","230215/GOMPlayer-230126/2.3.83.5350/Images/ACR-155/ACR-155_Offers_Avira.mp4"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.83.5350_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.83.5350","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":335},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"58520016849a64a1068c98fa53fcb9e8","hashSHA1":"2a2f897d03160f4cf909da69dc29aa76dfa5f4f4","hashSHA256":"32577e0441498f3e06f34ef1ec4e566d388a1cb0019583251e860565debc6954","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1170","avBlockList":["Avira Internet Security (20230831)","COMODO Antivirus (20230831)","ESET Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)"],"avAllowList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Bitdefender Internet Security (20230831)","Dr.Web Security Space (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Quick Heal Internet Security (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","Windows Defender (20230831)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1170"}],"sampleFiles":["230405/GOMPlayer-230126/2.3.85.5353/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-013/OptionalOffer1.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-013/OptionalOffer2.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-013/OptionalOffer3.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-013/OptionalOffer4.mp4","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-155/OptionalOffer4.mp4","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-155/OptionalOffer1.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-155/OptionalOffer2.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-155/OptionalOffer3.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-059/OptionalOffer1.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-059/OptionalOffer2.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-059/OptionalOffer3.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-060/OptionalOffer1.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-060/OptionalOffer2.jpg","230405/GOMPlayer-230126/2.3.85.5353/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.85.5353_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.85.5353","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":334},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","productName":"GOMPlayerGlobal","fileVersion":"2.3","hashMD5":"ba517a45fe449a98ab010d98e14193a6","hashSHA1":"51a901746da7c2094e6d0a263d63f0fb31354012","hashSHA256":"82a86edd270c63f6c7380aa93489a872f6506c3d88ef7d27b626d6ad764c28da","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1141","avBlockList":["ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20240716)","Malwarebytes Premium (20240801)","McAfee Total Protection (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","K7 Total Security (20240801)","Quick Heal Internet Security (20240801)","Total AV Antivirus Pro (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1141"}],"sampleFiles":["230427/GOMPlayer-230126/2.3.86.5355/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-013/OptionalOffer1.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-013/OptionalOffer2.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-013/OptionalOffer3.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-013/OptionalOffer4.mp4","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-155/OptionalOffer4.mp4","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-155/OptionalOffer1.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-155/OptionalOffer2.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-155/OptionalOffer3.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-059/OptionalOffer1.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-059/OptionalOffer2.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-059/OptionalOffer3.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-060/OptionalOffer1.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-060/OptionalOffer2.jpg","230427/GOMPlayer-230126/2.3.86.5355/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.86.5355_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.86.5355","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":333},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOM.EXE","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"a1c33a0deade7225b2817d590ac1fd6f","hashSHA1":"62fc19978cd56d0b0655ef63a4d682896cc31132","hashSHA256":"cfd4c53ae5c9ad6d7d64f281eec4030a6d0ab6083b9baeabfd76e1d803bd0272","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1059","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"d119fdd3f069999f1f9707edc546eeb6","hashSHA1":"a6c2b61e584cced13024d26c9088982af35e46a6","hashSHA256":"d5753cc71acbba48ff6e7a325d86508e82a41af016beaad55e2b2f0099ef4e58","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1059","avBlockList":["Avira Internet Security (20240625)","COMODO Antivirus (20240625)","ESET Internet Security (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)","Windows Defender (20240625)"],"avAllowList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Bitdefender Internet Security (20240625)","Dr.Web Security Space (20240625)","G DATA INTERNET SECURITY (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1059"}],"sampleFiles":["230606/GOMPlayer-230126/2.3.87.5356/Samples/GOM.exe","230606/GOMPlayer-230126/2.3.87.5356/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-013/GOM_Offer1.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-013/GOM_Offer2.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-013/GOM_Offer3.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-013/GOM_FinalOffers.gif","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-155/GOM_Offer1.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-155/GOM_Offer2.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-155/GOM_Offer3.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-155/GOM_FinalOffers.gif","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-059/GOM_Offer1.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-059/GOM_Offer2.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-059/GOM_Offer3.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-060/GOM_Offer1.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-060/GOM_Offer2.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-060/GOM_Offer3.jpg","230606/GOMPlayer-230126/2.3.87.5356/Images/ACR-060/GOM_FinalOffers.gif"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.87.5356_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.87.5356","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":332},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOM.EXE","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"677a5d481e3ce897be40bca7dfec558e","hashSHA1":"664f65b917eccd1a6cc4859f09fd97533c90ea41","hashSHA256":"033b56207496f554f3d2b26e0a53afca1c4170fbaf9af7334e574a1a01c4c4ab","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1037","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"ede86795a9ee192478e9012b20100b86","hashSHA1":"32388e8a69096623066a3a7d0ac1cc4967b2c901","hashSHA256":"2be88ac2351f02bdec46e35617b19dce68a8463aac96d72267637b7ac979bd87","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"1037","avBlockList":["Avira Internet Security (20240111)","COMODO Antivirus (20240111)","ESET Internet Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)","Windows Defender (20240111)"],"avAllowList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Bitdefender Internet Security (20240111)","Dr.Web Security Space (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Quick Heal Internet Security (20240111)","Trend Micro Internet Security (20240111)","VIPRE Advanced Security (20240111)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"1037"}],"sampleFiles":["230621/GOMPlayer-230126/2.3.88.5357/Samples/GOM.exe","230621/GOMPlayer-230126/2.3.88.5357/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-013/GOM_Offer1.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-013/GOM_Offer3.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-013/GOM_Offer2.png","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-155/GOM_Offer1.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-155/GOM_Offer2.png","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-155/GOM_Offer3.png","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-059/GOM_Offer1.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-059/GOM_Offer3.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-059/GOM_Offer2.png","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-060/GOM_Offer1.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-060/GOM_Offer3.jpg","230621/GOMPlayer-230126/2.3.88.5357/Images/ACR-060/GOM_Offer2.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.88.5357_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.88.5357","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":331},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"e260dcbaa94b6de71e44a1a3d91126ab","hashSHA1":"911477a5404b0c2964074fd0f827bdab9751d6ff","hashSHA256":"cfefe4e33b431ea80b1ea63f118a36f812fff7c038e1a4be52d55feadd94f07b","digitalCertThumbprint":"2FB6D90F9C250CA0DD60B14EC68FF5D035719656","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, OU=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"968","avBlockList":["Avira Internet Security (20240725)","COMODO Antivirus (20240725)","ESET Internet Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Bitdefender Internet Security (20240725)","Dr.Web Security Space (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Quick Heal Internet Security (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"968"}],"sampleFiles":["230724/GOMPlayer-230126/2.3.89.5359/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-013/GOMPlayer_O1.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-013/GOMPlayer_O2.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-013/GOMPlayer_O3.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-155/GOMPlayer_O1.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-155/GOMPlayer_O2.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-155/GOMPlayer_O3.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-059/GOMPlayer_O1.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-059/GOMPlayer_O2.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-059/GOMPlayer_O3.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-060/GOMPlayer_O1.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-060/GOMPlayer_O2.jpg","230724/GOMPlayer-230126/2.3.89.5359/Images/ACR-060/GOMPlayer_O3.jpg"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.89.5359_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.89.5359","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":329},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"4741df7bcd0c46911115540f7ee0f2f9","hashSHA1":"bbdf9cd8b74d7fa9f7c858942f9cb6e868079ed1","hashSHA256":"68e8bc3dacc90cdd1e999a3d513ac6761d5ced98e4b4b55c7b769b0c39a53668","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"634","avBlockList":["360 Total Security (20240711)","COMODO Antivirus (20240711)","ESET Internet Security (20240711)","FortectPremium (20240711)","K7 Total Security (20240711)","Kaspersky Internet Security (20240711)","Malwarebytes Premium (20240711)","Norton Security (20240711)","Panda Dome (20240711)","Quick Heal Internet Security (20240711)","Sophos Home Premium (20240711)","SpyHunter5 (20240711)","VirIT eXplorer PRO (20240711)","Webroot SecureAnywhere (20240711)","Windows Defender (20240711)"],"avAllowList":["Avast Premium Security (20240711)","AVG Internet Security (20240711)","Avira Internet Security (20240711)","Bitdefender Internet Security (20240711)","Dr.Web Security Space (20240711)","G DATA INTERNET SECURITY (20240711)","McAfee Total Protection (20240711)","Total AV Antivirus Pro (20240711)","Trend Micro Internet Security (20240711)","VIPRE Advanced Security (20240711)"]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"634"}],"sampleFiles":["240522/GOMPlayer-230126/2.3.97.5367/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-013/InstallOffer1.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-013/InstallOffer2.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-013/InstallOffer3.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-155/InstallOffer1.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-155/InstallOffer2.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-155/InstallOffer3.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-059/InstallOffer2.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-060/InstallOffer1.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-060/InstallOffer2.png","240522/GOMPlayer-230126/2.3.97.5367/Images/ACR-060/InstallOffer3.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.97.5367_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.97.5367","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 11,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":324},{"violations":{"ACR-048":"The app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"Application doesn't provide the free fix for the items reported, only allow to remove first 15 items. It requires subscription payment to delete the duplicated items.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"4DDiG%20Duplicate%20File%20Deleter.exe","companyName":"4DDiG","fileVersion":"3.0","hashMD5":"0052ea157aa31d7fcec574b5da312599","hashSHA1":"d68e9aea0d06d010d66646d81a0090a3563b408f","hashSHA256":"0189ea7d03cf1843b10a115192d5164be65ce73760db3ed1504d5b88851cc9a7","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"208","avBlockList":["Avast Premium Security (20250722)","AVG Internet Security (20250722)","Avira Internet Security (20250722)","Bitdefender Internet Security (20250722)","FortectPremium (20250722)","G DATA INTERNET SECURITY (20250722)","K7 Total Security (20250722)","Malwarebytes Premium (20250722)","Norton Security (20250722)","Panda Dome (20250722)","Quick Heal Internet Security (20250722)","Sophos Home Premium (20250722)","SpyHunter5 (20250722)","Total AV Antivirus Pro (20250722)","VIPRE Advanced Security (20250722)","VirIT eXplorer PRO (20250722)","Webroot SecureAnywhere (20250722)","Windows Defender (20250722)"],"avAllowList":["360 Total Security (20250722)","COMODO Antivirus (20250722)","Dr.Web Security Space (20250722)","ESET Internet Security (20250722)","KasperskyPremium (20250722)","McAfee Total Protection (20250722)","Trend Micro Internet Security (20250722)"]},{"isRevoked":"False","fileName":"4ddig-duplicate-file-deleter_11746652390908405001.exe","isInstaller":"True","companyName":"Tenorshare, Inc.                                            ","fileVersion":"0.0","hashMD5":"8a777b1fade974668330834ee7bc5cff","hashSHA1":"5b537c850db8e6ce6de8a4be704436c404a230c9","hashSHA256":"ec7cee8b688a1fa240842375de9f9ed32f1d86b966aad14c414a1bac065efef9","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"208","avBlockList":["Avast Premium Security (20250805)","AVG Internet Security (20250805)","Avira Internet Security (20250805)","Bitdefender Internet Security (20250805)","FortectPremium (20250805)","G DATA INTERNET SECURITY (20250805)","K7 Total Security (20250805)","Malwarebytes Premium (20250805)","Norton Security (20250805)","Panda Dome (20250805)","Quick Heal Internet Security (20250805)","Sophos Home Premium (20250805)","SpyHunter5 (20250805)","Total AV Antivirus Pro (20250805)","VIPRE Advanced Security (20250805)","VirIT eXplorer PRO (20250805)","Webroot SecureAnywhere (20250805)","Windows Defender (20250805)"],"avAllowList":["360 Total Security (20250805)","COMODO Antivirus (20250805)","Dr.Web Security Space (20250805)","ESET Internet Security (20250805)","KasperskyPremium (20250805)","McAfee Total Protection (20250805)","Trend Micro Internet Security (20250805)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/duplicate-file-deleter.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-duplicate-file-deleter_3567.exe","sourceIndex":"208"}],"sampleFiles":["250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Samples/4DDiG%20Duplicate%20File%20Deleter.exe","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Samples/4ddig-duplicate-file-deleter_11746652390908405001.exe"],"imageFiles":["250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-004/004.png","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-004/subs.png","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-084/background.png","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-097/firewall.png","250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-048/background.png"],"nonDeceptorImageFiles":["250508/4DDiGDuplicateFileDeleter-240318/3.0.10/Images/ACR-123/firewall.png"],"guid":"1bf6bf4c-0306-4e5a-b945-2ca359e0638b_3.0.10_1","appID":"4DDiGDuplicateFileDeleter-240318","dateAdded":"250508","deceptorType":"App","name":"4DDiG Duplicate File Deleter","company":"Tenorshare Co., Ltd.","version":"3.0.10","lastKnownStatus":"2.5.1.14;2.5.2.3;2.5.11.0;3.0.1.4;3.0.10","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T17:10:42.9283342+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":336},{"violations":{"ACR-109":"The app silently adds the \"AliExPress\" shortcut to the desktop without disclosing the relationship to the app during installation and EULA.\n","ACR-042":"The app silently adds the \"AliExPress\" shortcut to the desktop without any disclosure in EULA.\n","ACR-043":"The app silently adds the \"AliExPress\" shortcut to the desktop without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-014":"The \"Accept\" button on the Avast secure Browser offer is used for two things: accepting an offer and accepting Avast secure browser as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"Accept\" is only for installing the Avast secure browser and not for changing the system browser's default settings.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-039":"The app silently adds the \"AliExPress\" shortcut to the desktop without disclosing the relationship to the app during installation and EULA.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","productName":"GOMPlayerGlobal","productVersion":"2.3.100.5370","fileVersion":"2.3","hashMD5":"c4a6398345901b7b22bdadb2758f6a50","hashSHA1":"5e23ddc091ba51409d5d121fc5a6c23455e0d14c","hashSHA256":"adc5b54854960929f240c2cc1f68e330bdf40a22aa8d43079d721a7739e0dab5","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GRETECH CORPORATION","storeId":"","sourceIndex":"527","avBlockList":["COMODO Antivirus (20241217)","ESET Internet Security (20241217)","FortectPremium (20241217)","KasperskyPremium (20241217)","Malwarebytes Premium (20241217)","Norton Security (20241022)","Panda Dome (20241217)","SpyHunter5 (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)"],"avAllowList":["360 Total Security (20241217)","Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","Bitdefender Internet Security (20241217)","Dr.Web Security Space (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","McAfee Total Protection (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","Total AV Antivirus Pro (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_NEW.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_NEW.EXE","sourceIndex":"527"}],"sampleFiles":["240930/GOMPlayer-230126/2.3.100.5370/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-109/ACR-109_Install_1.png","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-039/ACR-039_Install_1.png","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-043/ACR-043_Install_1.png","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-042/ACR-042_Install_1.png","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-048/ACR-048.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-013/ACR-013.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-013/ACR-013_1.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-014/ACR-014.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-155/ACR-155.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-155/ACR-155_1.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-059/ACR-059.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-060/ACR-060.PNG","240930/GOMPlayer-230126/2.3.100.5370/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.100.5370_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.100.5370","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 11,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":322},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_NEW.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"2a685a7ecf934c965666b14a9dbbb3ce","hashSHA1":"7af87e6791196c6a7b0a3831aaecf86bd8c01aa0","hashSHA256":"801f64bb2c1929ce62d9f4d55ff711bb886508d07edfe8c9de4ba07b8fa7317c","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"196","avBlockList":["COMODO Antivirus (20250729)","ESET Internet Security (20250729)","FortectPremium (20250729)","K7 Total Security (20250729)","KasperskyPremium (20250729)","Malwarebytes Premium (20250729)","Panda Dome (20250729)","Quick Heal Internet Security (20250729)","Sophos Home Premium (20250729)","SpyHunter5 (20250729)","VirIT eXplorer PRO (20250729)","Webroot SecureAnywhere (20250729)"],"avAllowList":["360 Total Security (20250729)","Avast Premium Security (20250729)","AVG Internet Security (20250729)","Avira Internet Security (20250729)","Bitdefender Internet Security (20250729)","Dr.Web Security Space (20250729)","G DATA INTERNET SECURITY (20250729)","McAfee Total Protection (20250729)","Norton Security (20250729)","Total AV Antivirus Pro (20250729)","Trend Micro Internet Security (20250729)","VIPRE Advanced Security (20250729)","Windows Defender (20250729)"]},{"isRevoked":"False","fileName":"GOMPLAYERKORSETUP.EXE","isInstaller":"True","companyName":"GOM & Company","fileVersion":"2.3","hashMD5":"2c09db30b29bca2e4aaae0f880910de4","hashSHA1":"6d4b9fc2dc8776c7b3b8776ec2d7995cb8530de4","hashSHA256":"4c7f3c2f454ba789eb15b32b746865e1f40a67ad7d3c55fc4509a68541424fe3","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","sourceIndex":"196","avBlockList":["Bitdefender Internet Security (20250805)","COMODO Antivirus (20250805)","ESET Internet Security (20250805)","FortectPremium (20250805)","G DATA INTERNET SECURITY (20250805)","K7 Total Security (20250805)","KasperskyPremium (20250805)","Malwarebytes Premium (20250805)","Panda Dome (20250805)","Quick Heal Internet Security (20250805)","Sophos Home Premium (20250805)","SpyHunter5 (20250805)","VIPRE Advanced Security (20250805)","VirIT eXplorer PRO (20250805)","Webroot SecureAnywhere (20250805)"],"avAllowList":["360 Total Security (20250805)","Avast Premium Security (20250805)","AVG Internet Security (20250805)","Avira Internet Security (20250805)","Dr.Web Security Space (20250805)","McAfee Total Protection (20250805)","Norton Security (20250805)","Total AV Antivirus Pro (20250805)","Trend Micro Internet Security (20250805)","Windows Defender (20250805)"]},{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_NEW.EXE","isInstaller":"True","companyName":"GOM & Company","productName":"GOMPlayerGlobal","productVersion":"2.3.108.5378","fileVersion":"2.3","hashMD5":"ef1baa0cdb43147376261f4e8fcc8dae","hashSHA1":"555c8f70d413d2592dc5bcd2512be695db7b2b01","hashSHA256":"a604b0bd1e6df8919f9a1560a91af0c996d1d3cdc1f582c2f57111868bc33af1","digitalCertThumbprint":"78F0C7D6E7CA5834C7FF8A4829BC2DD740C8C452","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GOM&Company, O=GOM&Company, L=Songpa District, S=Seoul, C=KR, SERIALNUMBER=110111-1649578, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Seoul, OID.1.3.6.1.4.1.311.60.2.1.3=KR","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"196","avBlockList":["COMODO Antivirus (20250724)","ESET Internet Security (20250724)","FortectPremium (20250724)","K7 Total Security (20250724)","KasperskyPremium (20250724)","Malwarebytes Premium (20250724)","Panda Dome (20250724)","Quick Heal Internet Security (20250724)","Sophos Home Premium (20250724)","SpyHunter5 (20250724)","VirIT eXplorer PRO (20250724)","Webroot SecureAnywhere (20250724)"],"avAllowList":["360 Total Security (20250724)","Avast Premium Security (20250724)","AVG Internet Security (20250724)","Avira Internet Security (20250724)","Bitdefender Internet Security (20250724)","Dr.Web Security Space (20250724)","G DATA INTERNET SECURITY (20250724)","McAfee Total Protection (20250724)","Norton Security (20250724)","Total AV Antivirus Pro (20250724)","Trend Micro Internet Security (20250724)","VIPRE Advanced Security (20250724)","Windows Defender (20250724)"]},{"isRevoked":"False","fileName":"GOM.EXE","companyName":"GOM & Company","productName":"GOM Player","productVersion":"2, 3, 108, 5378","fileVersion":"2.3","hashMD5":"a133afb41c161789d05545cb94082442","hashSHA1":"42fbcb2df60f4016eb31a985bffa7abbc6767a67","hashSHA256":"1d427e84c3b002e85d27bf3b03a8fc766496aa663d94a6732615c7eebb752aa5","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=GRETECH CORPORATION, O=GRETECH CORPORATION, L=Shinjuku, S=Tokyo, C=JP","digitalCertCodeSigning":"True","digitalCertTimeStamping":"False","digitalCertMSRMSEKU":"","digitalCertCertSigning":"False","sourceIndex":"196","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"randomly found from a download site","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"196"}],"sampleFiles":["250508/GOMPlayer-230126/2.3.108.5378/Samples/GOMPLAYERGLOBALSETUP_NEW.EXE","250508/GOMPlayer-230126/2.3.108.5378/Samples/GOMPLAYERKORSETUP.EXE","250508/GOMPlayer-230126/2.3.108.5378/Samples/GOMPLAYERGLOBALSETUP_NEW%20(1).EXE","250508/GOMPlayer-230126/2.3.108.5378/Samples/GOM.exe"],"imageFiles":["250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-048/ACR-048.PNG","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-013/Screenshot 2025-05-08 at 1.44.27 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-013/Screenshot 2025-05-08 at 1.49.57 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-155/Screenshot 2025-05-08 at 1.44.27 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-155/Screenshot 2025-05-08 at 1.50.53 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-155/Screenshot 2025-05-08 at 1.49.57 PM.png","250508/GOMPlayer-230126/2.3.108.5378/Images/ACR-060/Screenshot 2025-05-08 at 1.44.27 PM.png"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.108.5378_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.108.5378","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 11,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-06-03T19:02:07.6555948+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":321},{"violations":{"ACR-042":"Open source project \"Qt5\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"Qt5\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"Qt5\"\n","ACR-004":"The application doesn't provide a free fix for all items reported, only allows to recover up to 30 MB of data each time. Instead, it offers subscription payment to completely recover files scanned.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. What will the price be in the auto-renewal payment given the first payment is a discounted price. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MyRecover\\ADR.exe","companyName":"AOMEI International Network Limited","productName":"MyRecover","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"7fadd21ab8f832c79a3c6559a194daf8","hashSHA1":"a35493f800976c09d4fbb3886dbd111fe3af7e82","hashSHA256":"c1d6e11f8965a65a6a42fb98c5ee16c5eb0d414a6a074e47ff22391117756847","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"AOMEI International Network Limited","storeId":"","sourceIndex":"661","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MyRecover_WinSetup_20240401.10955446.exe","isInstaller":"True","companyName":"AOMEI International Network Limited.                        ","productName":"MyRecover                                                   ","productVersion":"3.6.0               ","fileVersion":"3.6.0               ","hashMD5":"43db84529e7037f65767c14fd37b716b","hashSHA1":"6d34ba572e9f6f19f5d4b13f2d24ffcd644744be","hashSHA256":"a03ccf85fd6007cb67877a30bc335a743c63be6198048d3e4e5fc088edf39341","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"AOMEI International Network Limited","storeId":"","sourceIndex":"661","avBlockList":["AVG Internet Security (20240815)","COMODO Antivirus (20240815)","ESET Internet Security (20240815)","K7 Total Security (20240815)","Norton Security (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Avast Premium Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Panda Dome (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Windows Defender (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.myrecover.com/windows-recovery/","directDownloadingLink":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","sourceIndex":"661"}],"sampleFiles":["240404/MyRecover-240401/3.6.0/Samples/MyRecover_WinSetup_20240401.10955446.exe"],"imageFiles":["240404/MyRecover-240401/3.6.0/Images/ACR-043/ACR-043.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-107/ACR-107.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-042/ACR-042.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-004/ACR-004.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-004/ACR-004_1.PNG","240404/MyRecover-240401/3.6.0/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"c5b990c9-b333-4b5a-b87c-7f22ec6edd03_3.6.0_1","appID":"MyRecover-240401","dateAdded":"250508","deceptorType":"App","name":"My Recover","company":"AOMEI International Network Limited.","version":"3.6.0","lastKnownStatus":"3.6.0;3.6.1;4.0.0","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":320},{"violations":{"ACR-004":"The application doesn't provide a free fix for all items reported, only allowing recovery for up to 500 MB of data. Instead, it offers an auto-renewing subscription payment to recover all files scanned.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.myrecover.com/windows-recovery/","directDownloadingLink":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","sourceIndex":"621"}],"sampleFiles":[],"imageFiles":["240620/MyRecover-240401/3.6.1/Images/ACR-004/ACR004.png","240620/MyRecover-240401/3.6.1/Images/ACR-004/ACR004_2.png"],"nonDeceptorImageFiles":[],"guid":"c5b990c9-b333-4b5a-b87c-7f22ec6edd03_3.6.1_1","appID":"MyRecover-240401","dateAdded":"250508","deceptorType":"App","name":"My Recover","company":"AOMEI International Network Limited.","version":"3.6.1","lastKnownStatus":"3.6.0;3.6.1;4.0.0","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":319},{"violations":{"ACR-004":"The application doesn't provide a free fix for all items reported, only allowing recovery for up to 500 MB of data. Instead, it offers an auto-renewing subscription payment to recover all files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MyRecover_Windows_Free_20250509.17646246.exe","isInstaller":"True","companyName":"AOMEI International Network Limited.                        ","fileVersion":"4.0","hashMD5":"7e94fce68abe47fee561430323df0e78","hashSHA1":"e57b8f39e2e0f76d26fa6e26be5147549f499a08","hashSHA256":"81158e58f70d1a9a41bebdabedefd3d94a6268b313e249028ed7bc78e41a3e13","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"207","avBlockList":["Avast Premium Security (20250722)","COMODO Antivirus (20250722)","ESET Internet Security (20250722)","K7 Total Security (20250722)","Panda Dome (20250722)","Sophos Home Premium (20250722)","SpyHunter5 (20250722)","VirIT eXplorer PRO (20250722)","Webroot SecureAnywhere (20250722)"],"avAllowList":["360 Total Security (20250722)","AVG Internet Security (20250722)","Avira Internet Security (20250722)","Bitdefender Internet Security (20250722)","Dr.Web Security Space (20250722)","FortectPremium (20250722)","G DATA INTERNET SECURITY (20250722)","KasperskyPremium (20250722)","Malwarebytes Premium (20250722)","McAfee Total Protection (20250722)","Norton Security (20250722)","Quick Heal Internet Security (20250722)","Total AV Antivirus Pro (20250722)","Trend Micro Internet Security (20250722)","VIPRE Advanced Security (20250722)","Windows Defender (20250722)"]},{"isRevoked":"False","fileName":"ADR.exe","companyName":"AOMEI International Network Limited","fileVersion":"4.0","hashMD5":"78a76c60947123748856ac4ac839f443","hashSHA1":"848316e36ea4a6e18232b8c5da19f36a750bf1f3","hashSHA256":"9b1c4e603540c35d01bbbc4953053eb0ed8ec461ed2cca05fcc8871bc07c16f1","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"207","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.myrecover.com/windows-recovery/","directDownloadingLink":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.myrecover.com/ss/download/dra/win/MyRecover_WinSetup.exe","sourceIndex":"207"}],"sampleFiles":["250508/MyRecover-240401/4.0.0/Samples/MyRecover_Windows_Free_20250509.17646246.exe","250508/MyRecover-240401/4.0.0/Samples/ADR.exe"],"imageFiles":["250508/MyRecover-240401/4.0.0/Images/ACR-004/ACR-004.png"],"nonDeceptorImageFiles":[],"guid":"c5b990c9-b333-4b5a-b87c-7f22ec6edd03_4.0.0_1","appID":"MyRecover-240401","dateAdded":"250508","deceptorType":"App","name":"My Recover","company":"AOMEI International Network Limited.","version":"4.0.0","lastKnownStatus":"3.6.0;3.6.1;4.0.0","lastKnownDate":"250508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-05-08T22:06:20.9677874+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":318},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of identifying the offers as a Recommended additional software to install.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GOMPLAYERGLOBALSETUP_CHROME.EXE","isInstaller":"True","companyName":"GOM & Company","productName":"GOMPlayerGlobal","productVersion":"2.3.99.5369","fileVersion":"2.3","hashMD5":"56d1ee7e59b42d4db434f46d0527f165","hashSHA1":"7c20b08dd2f298df43eab0d73fe24a77bc5ee747","hashSHA256":"4e8119bb8a37c641d83313351b32abcd35d68f07369d1d52717eb591dd47d56c","digitalCertThumbprint":"B095DC311E92B376C76A77B4525FC3BEFE802E48","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GRETECH CORPORATION","storeId":"","sourceIndex":"582","avBlockList":["COMODO Antivirus (20240919)","ESET Internet Security (20240919)","FortectPremium (20240919)","K7 Total Security (20240919)","KasperskyPremium (20240919)","Malwarebytes Premium (20240919)","Norton Security (20240919)","Panda Dome (20240919)","Quick Heal Internet Security (20240919)","Sophos Home Premium (20240919)","SpyHunter5 (20240919)","VirIT eXplorer PRO (20240919)","Webroot SecureAnywhere (20240919)","Windows Defender (20240919)"],"avAllowList":["360 Total Security (20240919)","Avast Premium Security (20240919)","AVG Internet Security (20240919)","Avira Internet Security (20240919)","Bitdefender Internet Security (20240919)","Dr.Web Security Space (20240919)","G DATA INTERNET SECURITY (20240919)","McAfee Total Protection (20240919)","Total AV Antivirus Pro (20240919)","Trend Micro Internet Security (20240919)","VIPRE Advanced Security (20240919)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.gomlab.com/gomplayer-media-player/","directDownloadingLink":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_CHROME.EXE","sourceIndex":"582"}],"sampleFiles":["240730/GOMPlayer-230126/2.3.99.5369/Samples/GOMPLAYERGLOBALSETUP_CHROME.EXE"],"imageFiles":["240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-048/ACR-048.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-013/ACR-013.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-013/ACR-013_1.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-013/ACR-013_2.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-155/ACR-155.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-155/ACR-155_1.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-155/ACR-155_2.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-059/ACR-059.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-060/ACR-060.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-060/ACR-060_1.PNG","240730/GOMPlayer-230126/2.3.99.5369/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"efb56f7a-0b79-4928-838b-8f58f2b68e6e_2.3.99.5369_1","appID":"GOMPlayer-230126","dateAdded":"250508","deceptorType":"App","name":"GOM Player","company":"GOM ","version":"2.3.99.5369","lastKnownStatus":"2.3.83.5350;2.3.86.5355;2.3.87.5356;2.3.88.5357;2.3.88.5358;2.3.89.5359;2.3.90.5360;2.3.91.5361;2.3.92.5362;2.3.93.5363;2.3.97.5367;2.3.99.5369;2.3.100.5370;2.3.108.5378","lastKnownDate":"250508","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 11,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,display ads","lastUpdate":"2025-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":323},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"4ddig-for-windows_11743708283096061301.exe","isInstaller":"True","companyName":"Tenorshare, Inc.                                            ","fileVersion":"0.0","hashMD5":"8c1b1fc35a7ccc9981ddacee00593f75","hashSHA1":"f4131d7877d3b68400548a28a173443d3343ca32","hashSHA256":"a18fbbed87cda9b4b6ed4aefa627cbf0c901f14892c2d2810c21cdde275b7664","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"226","avBlockList":["Avast Premium Security (20250501)","AVG Internet Security (20250501)","Avira Internet Security (20250501)","FortectPremium (20250501)","K7 Total Security (20250501)","Malwarebytes Premium (20250501)","Norton Security (20250501)","Panda Dome (20250501)","Quick Heal Internet Security (20250501)","Sophos Home Premium (20250501)","SpyHunter5 (20250501)","Total AV Antivirus Pro (20250501)","VirIT eXplorer PRO (20250501)","Webroot SecureAnywhere (20250501)"],"avAllowList":["360 Total Security (20250501)","Bitdefender Internet Security (20250501)","COMODO Antivirus (20250501)","Dr.Web Security Space (20250501)","ESET Internet Security (20250501)","G DATA INTERNET SECURITY (20250501)","KasperskyPremium (20250501)","McAfee Total Protection (20250501)","Trend Micro Internet Security (20250501)","VIPRE Advanced Security (20250501)","Windows Defender (20250501)"]},{"isRevoked":"False","fileName":"Tenorshare%204DDiG.exe","companyName":"Tenorshare","fileVersion":"10.3","hashMD5":"e82d61602b6b8dcaa109351a73353b99","hashSHA1":"db7bdd6ac657f8433c529a6c46e96223672baf23","hashSHA256":"b38fc662a80f473545b2c70719c1eb6fd1d3f5092cd07d66fa4ddb292b14404a","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"226","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"226"}],"sampleFiles":["250403/4DDiGWindowsDataRecovery-240312/10.3.3/Samples/4ddig-for-windows_11743708283096061301.exe","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Samples/Tenorshare%204DDiG.exe"],"imageFiles":["250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-043/ffmpeg.png","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-042/ffmpeg.png","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-004/ACR-004.png","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-004/subs.png","250403/4DDiGWindowsDataRecovery-240312/10.3.3/Images/ACR-097/firewall.png"],"nonDeceptorImageFiles":[],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.3.3_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.3.3","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":344},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"4ddig-for-windows-bing_11746650068872042401.exe","isInstaller":"True","companyName":"Tenorshare, Inc.                                            ","fileVersion":"0.0","hashMD5":"44517e75e055dd7795906bb94d3b3b4f","hashSHA1":"70b3c1d8a228b484af28c7ce275678b22d0524d4","hashSHA256":"699c9b7bcab6f56623fb52f674ee2ff4441bddde617fc771a739e0dd03399563","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Tenorshare (Hongkong) Limited, O=Tenorshare (Hongkong) Limited, L=Sheung Wan, C=HK, SERIALNUMBER=3086133, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK","sourceIndex":"209","avBlockList":["Avast Premium Security (20250724)","AVG Internet Security (20250724)","Avira Internet Security (20250724)","ESET Internet Security (20250724)","FortectPremium (20250724)","K7 Total Security (20250724)","Norton Security (20250724)","Panda Dome (20250724)","Sophos Home Premium (20250724)","SpyHunter5 (20250724)","Total AV Antivirus Pro (20250724)","VirIT eXplorer PRO (20250724)","Webroot SecureAnywhere (20250724)"],"avAllowList":["360 Total Security (20250724)","Bitdefender Internet Security (20250724)","COMODO Antivirus (20250724)","Dr.Web Security Space (20250724)","G DATA INTERNET SECURITY (20250724)","KasperskyPremium (20250724)","Malwarebytes Premium (20250724)","McAfee Total Protection (20250724)","Quick Heal Internet Security (20250724)","Trend Micro Internet Security (20250724)","VIPRE Advanced Security (20250724)","Windows Defender (20250724)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"209"}],"sampleFiles":[],"imageFiles":["250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-043/ffmpeg.png","250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-042/ffmpeg.png","250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-004/subs.png","250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-004/trial.png","250507/4DDiGWindowsDataRecovery-240312/10.3.10/Images/ACR-097/firewall.png"],"nonDeceptorImageFiles":[],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.3.10_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.3.10","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T22:24:01.2513527+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":343},{"violations":{"ACR-004":"Application doesn't provide the free fix for the items reported in red color. It requires subscription payment to delete the duplicated items.\n","ACR-014":"App claims to provide full functional trial on landing page, but does not offer fix for reported items.\n"},"nonDeceptorViolations":{"ACR-167":"The app does not offer refund.\n"},"samples":[{"isRevoked":"False","fileName":"dfsetup.exe","isInstaller":"True","companyName":"Ashisoft                                                    ","productName":"Duplicate File Finder","productVersion":"8.1.0.1","fileVersion":"8.1.0.1","hashMD5":"da6ed1c95a3c22bafab9a6e2dc42e80e","hashSHA1":"084326a1501dad4b856b52ad75aadc219a514bc4","hashSHA256":"b06974f71b59cd2da3d42ed9e5714a65348f13646d173994e27909127a861681","digitalCertThumbprint":"10C989EFC6C5EABCAED525B5A73A24A077FFD5F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, STREET=11-4-613/1 A.C Guards, L=Hyderabad, S=Telangana, PostalCode=500004, C=IN","sourceIndex":"553","avBlockList":["Dr.Web Security Space (20250508)","ESET Internet Security (20250508)","Panda Dome (20250508)","Sophos Home Premium (20250508)","SpyHunter5 (20250508)","VirIT eXplorer PRO (20250508)","Webroot SecureAnywhere (20250508)","FortectPremium (20250508)"],"avAllowList":["360 Total Security (20250508)","Avast Premium Security (20250508)","AVG Internet Security (20250508)","Avira Internet Security (20250508)","Bitdefender Internet Security (20250508)","COMODO Antivirus (20250508)","G DATA INTERNET SECURITY (20250508)","K7 Total Security (20250508)","KasperskyPremium (20250508)","Malwarebytes Premium (20250508)","McAfee Total Protection (20250508)","Norton Security (20250508)","Quick Heal Internet Security (20250508)","Total AV Antivirus Pro (20250508)","Trend Micro Internet Security (20250508)","VIPRE Advanced Security (20250508)","Windows Defender (20250508)"]},{"isRevoked":"False","fileName":"DF8.exe","companyName":"Ashisoft","productName":"Duplicate File Finder","productVersion":"8.1.0.1","fileVersion":"8.1.0.1","hashMD5":"45e92ad8fb0195dd366dbd5614704ad4","hashSHA1":"92ff9917c98fb6c8aacc727175f9db1c2587d4b8","hashSHA256":"5eb458d274584ed92e6fd872f8a041a39a7ad2f693b750b6c204942364310e02","digitalCertThumbprint":"10C989EFC6C5EABCAED525B5A73A24A077FFD5F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, STREET=11-4-613/1 A.C Guards, L=Hyderabad, S=Telangana, PostalCode=500004, C=IN","sourceIndex":"553","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ashisoft.com","directDownloadingLink":"https://www.ashisoft.com/downloads/dfsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashisoft.com/downloads/dfsetup.exe","sourceIndex":"553"}],"sampleFiles":["240909/DuplicateFileFinder-240907/8.1.0.1/Samples/dfsetup.exe","240909/DuplicateFileFinder-240907/8.1.0.1/Samples/DF8.exe"],"imageFiles":["240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-004/ACR-004_Software_1.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-004/ACR-004_Software_2.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-004/ACR-004_Software_3.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-014/ACR-014_Software_1.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-014/ACR-014_Software_2.png","240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-014/ACR-014_Software_3.png"],"nonDeceptorImageFiles":["240909/DuplicateFileFinder-240907/8.1.0.1/Images/ACR-167/ACR-167_Docs_1.png"],"guid":"d700bfca-b588-416b-b8b6-2dab9d6a75fb_8.1.0.1_1","appID":"DuplicateFileFinder-240907","dateAdded":"250507","deceptorType":"App","name":"Duplicate File Finder","company":"Ashisoft","version":"8.1.0.1","lastKnownStatus":"8.1.0.1;8.1.0.5","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":342},{"violations":{"ACR-004":"Application doesn't provide the free fix for the items reported in red color. It requires subscription payment to delete the duplicated items.\n","ACR-014":"App claims to provide full functional trial on landing page, but does not offer fix for reported items.\n"},"nonDeceptorViolations":{"ACR-167":"The app does not offer refund.\n"},"samples":[{"isRevoked":"False","fileName":"dfsetup-8.1.0.5.exe","isInstaller":"True","companyName":"Ashisoft                                                    ","fileVersion":"8.1","hashMD5":"058559cab9d3699ea591885f48c9ae41","hashSHA1":"f7ccf8793c3d2901ed1274b11c05b22eed82934a","hashSHA256":"ba7bf612e9365c9c3668ee79674e37b1148a2e7dcd21ed238520d84fe70353cc","digitalCertThumbprint":"2399A81E982624BE416A2C72EF0CF2629D6F0776","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, S=Telangana, C=IN","sourceIndex":"210","avBlockList":["Dr.Web Security Space (20250722)","ESET Internet Security (20250722)","K7 Total Security (20250722)","Panda Dome (20250722)","Quick Heal Internet Security (20250722)","Sophos Home Premium (20250722)","SpyHunter5 (20250722)","VirIT eXplorer PRO (20250722)","Webroot SecureAnywhere (20250722)"],"avAllowList":["360 Total Security (20250722)","Avast Premium Security (20250722)","AVG Internet Security (20250722)","Avira Internet Security (20250722)","Bitdefender Internet Security (20250722)","COMODO Antivirus (20250722)","FortectPremium (20250722)","G DATA INTERNET SECURITY (20250722)","KasperskyPremium (20250722)","Malwarebytes Premium (20250722)","McAfee Total Protection (20250722)","Norton Security (20250722)","Total AV Antivirus Pro (20250722)","Trend Micro Internet Security (20250722)","VIPRE Advanced Security (20250722)","Windows Defender (20250722)"]},{"isRevoked":"False","fileName":"DF8.exe","companyName":"Ashisoft","fileVersion":"8.1","hashMD5":"e485fcadfc2aa00b86019416c2917dd1","hashSHA1":"d4cb95708381a55bc68d13b65b47bb5bf65da73d","hashSHA256":"bfe373c900654e8996c7ec61d3ef8074ea60667ca7a7868abc2fb0e783fce352","digitalCertThumbprint":"2399A81E982624BE416A2C72EF0CF2629D6F0776","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, S=Telangana, C=IN","sourceIndex":"210","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ashisoft.com","directDownloadingLink":"https://www.ashisoft.com/downloads/dfsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashisoft.com/downloads/dfsetup.exe","sourceIndex":"210"}],"sampleFiles":["250507/DuplicateFileFinder-240907/8.1.0.5/Samples/dfsetup-8.1.0.5.exe","250507/DuplicateFileFinder-240907/8.1.0.5/Samples/DF8.exe"],"imageFiles":["250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-004/colors.png","250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-004/sub.png","250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-004/trial_limit.png","250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-014/014.png","250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-014/trial_limit.png"],"nonDeceptorImageFiles":["250507/DuplicateFileFinder-240907/8.1.0.5/Images/ACR-167/014.png"],"guid":"d700bfca-b588-416b-b8b6-2dab9d6a75fb_8.1.0.5_1","appID":"DuplicateFileFinder-240907","dateAdded":"250507","deceptorType":"App","name":"Duplicate File Finder","company":"Ashisoft","version":"8.1.0.5","lastKnownStatus":"8.1.0.1;8.1.0.5","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T21:54:18.363911+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":341},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\Tenorshare 4DDiG\\Tenorshare 4DDiG.exe","companyName":"Tenorshare","productName":"Tenorshare 4DDiG","productVersion":"10.1.6.8","fileVersion":"10.1.6.8","hashMD5":"f9ad2537d6af6a4d1d5bc36d900fa0a3","hashSHA1":"9d1b3a0e38bea820adf9e801f135e3b299705af0","hashSHA256":"459e52cdde9f8b6ee1580c09ad1dd4524e4f03511049971f97fab398da1e0ae0","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"575","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-for-windows_11710227228693876802.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20231116101148","productVersion":"2.7.17.0","fileVersion":"2.7.17.0","hashMD5":"073303d88aa6414ee461b318bb1a6699","hashSHA1":"1954e29fd8a9ab7cedf29af50d1ad5600249195e","hashSHA256":"3680367e959c9f01e67ae2eb617ec32fc7391991bdb51fc2a9853dd322ef46ea","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"575","avBlockList":["Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Quick Heal Internet Security (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","VirIT eXplorer PRO (20240903)","Windows Defender (20240903)"],"avAllowList":["360 Total Security (20240903)","COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Webroot SecureAnywhere (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"575"}],"sampleFiles":["240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Samples/4ddig-for-windows_11710227228693876802.exe"],"imageFiles":["240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-043/ACR-043.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-046/ACR-046.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-046/ACR-046_1.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-042/ACR-042.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-048/ACR-048.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-004/ACR-004.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-004/ACR-004_1.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-084/ACR-084.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-097/ACR-097.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-048/ACR-048_1.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-040/ACR-040.PNG","240806/4DDiGWindowsDataRecovery-240312/10.1.6.8/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.1.6.8_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.1.6.8","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":347},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\Tenorshare 4DDiG\\Tenorshare 4DDiG.exe","companyName":"Tenorshare","productName":"Tenorshare 4DDiG","productVersion":"10.1.0.10","fileVersion":"10.1.0.10","hashMD5":"00a8758d1dc48ff4e4576fea87caa13b","hashSHA1":"0f7c5d3e301dc600f716751ec8c91bdbe793288e","hashSHA256":"68d1c118ed32eae2ed7b623a54d67506ae1450af0e6a4f7bd05d622a79ea8334","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"629","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Tenorshare\\Service\\TenorshareUpdateAssistant.exe","companyName":"Tenorshare","productName":"TenorshareUpdateAssistant","productVersion":"1. 0. 0. 73-d-cbc9bedb","fileVersion":"1. 0. 0. 73-d-cbc9bedb","hashMD5":"338ce1f2ea90a7f430b58d432da2114d","hashSHA1":"7a0e1ebdc23dca717b22c5b990aa5e1c0303ef99","hashSHA256":"90c499eba010ec71c65a15c2f1c2aa9e58b7c1973e5b05d8eb697a2f206bb9d7","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"629","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Tenorshare\\Service\\TenorshareUpdateAssistantService.exe","companyName":"Tenorshare","productName":"TenorshareUpdateAssistantService","productVersion":"1. 0. 0. 73-d-cbc9bedb","fileVersion":"1. 0. 0. 73-d-cbc9bedb","hashMD5":"5f32ac8130382819898c624ab73e5df9","hashSHA1":"d33b7a05bd3f4b1241fdb5c0a4a5f33987c7571b","hashSHA256":"bb611078c22d9bdf3c0557f8054c74696184e9b67be8fef52d5c282582ce28d8","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"629","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-for-windows.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230616145514","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"6959949d30bb64c6c0586597862fe0db","hashSHA1":"afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17","hashSHA256":"7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"629","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Webroot SecureAnywhere (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"629"}],"sampleFiles":["240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Samples/4ddig-for-windows.exe"],"imageFiles":["240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-043/ACR-043.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-046/ACR-046.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-046/ACR-046_1.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-042/ACR-042.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-048/ACR-048.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-004/ACR-004.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-004/ACR-004_1.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-084/ACR-084.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-097/ACR-097.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-048/ACR-048_1.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-040/ACR-040.PNG","240604/4DDiGWindowsDataRecovery-240312/10.1.0.10/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.1.0.10_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.1.0.10","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":348},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\Tenorshare 4DDiG\\Tenorshare 4DDiG.exe","companyName":"Tenorshare","productName":"Tenorshare 4DDiG","productVersion":"10.0.5.9","fileVersion":"10.0.5.9","hashMD5":"d80ce42aeb018f5d80aff4aa063b735a","hashSHA1":"fd4b085c36a646d7b1be1c4927b105533d2f0a9f","hashSHA256":"d3decf0d5067a0cd2c830db122c13e1f8cac7938754b63271d7fa054cad888ec","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"650","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-for-windows.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230616145514","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"6959949d30bb64c6c0586597862fe0db","hashSHA1":"afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17","hashSHA256":"7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"650","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Webroot SecureAnywhere (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe","sourceIndex":"650"}],"sampleFiles":["240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Samples/4ddig-for-windows.exe"],"imageFiles":["240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-043/ACR-043.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-046/ACR-046.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-046/ACR-046_1.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-042/ACR-042.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-048/ACR-048.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-004/ACR-004.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-004/ACR-004_1.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-097/ACR-097.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-040/ACR-040.PNG","240429/4DDiGWindowsDataRecovery-240312/10.0.5.9/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.0.5.9_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.0.5.9","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":349},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder other than installation folder\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"4ddig-for-windows_11724157846097984001.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20231116101148","productVersion":"2.7.17.0","fileVersion":"2.7.17.0","hashMD5":"073303d88aa6414ee461b318bb1a6699","hashSHA1":"1954e29fd8a9ab7cedf29af50d1ad5600249195e","hashSHA256":"3680367e959c9f01e67ae2eb617ec32fc7391991bdb51fc2a9853dd322ef46ea","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"570","avBlockList":["Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Malwarebytes Premium (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Quick Heal Internet Security (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)","VirIT eXplorer PRO (20240903)","Windows Defender (20240903)"],"avAllowList":["360 Total Security (20240903)","COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","KasperskyPremium (20240903)","McAfee Total Protection (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)","Webroot SecureAnywhere (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"570"}],"sampleFiles":["240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Samples/4ddig-for-windows_11724157846097984001.exe"],"imageFiles":["240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-043/ACR-043.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-046/ACR-046.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-046/ACR-046_1.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-042/ACR-042.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-048/ACR-048.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-004/ACR-004.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-004/ACR-004_1.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-097/ACR-097.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-040/ACR-040.PNG","240821/4DDiGWindowsDataRecovery-240312/10.1.7.3/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.1.7.3_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.1.7.3","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":346},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder other than installation folder\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"4ddig-for-windows_11726574506280863301.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20240902145830","productVersion":"2.7.19.0","fileVersion":"2.7.19.0","hashMD5":"46425ae1f1ff74a3dda134176825132d","hashSHA1":"06372c37e4cbd57b7d05b4aa48af55c63bdd2f05","hashSHA256":"c51e258bbc1d0ac9935f7a547050071c392a8d3c5f3da8e77c04045cdcc8f6c2","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"532","avBlockList":["Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","ESET Internet Security (20241212)","G DATA INTERNET SECURITY (20241212)","K7 Total Security (20241212)","Malwarebytes Premium (20241212)","Norton Security (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","Total AV Antivirus Pro (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)","FortectPremium (20241212)"],"avAllowList":["360 Total Security (20241212)","Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","KasperskyPremium (20241212)","McAfee Total Protection (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11726574506280863302","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11726574506280863302","sourceIndex":"532"}],"sampleFiles":["240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Samples/4ddig-for-windows_11726574506280863301.exe"],"imageFiles":["240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-043/ACR-043.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-046/ACR-046.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-046/ACR-046_1.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-042/ACR-042.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-048/ACR-048.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-004/ACR-004.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-004/ACR-004_1.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-097/ACR-097.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-040/ACR-040.PNG","240923/4DDiGWindowsDataRecovery-240312/10.1.11.6/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.1.11.6_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.1.11.6","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":345},{"violations":{"ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-046":"collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to user by default. No relevant disclosure what data it collects.\n","ACR-107":"The app does not obtain any authorization for using the third-party component: \"FFmpeg\".\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\Tenorshare 4DDiG\\Tenorshare 4DDiG.exe","companyName":"Tenorshare","productName":"Tenorshare 4DDiG","productVersion":"10.0.1.5","fileVersion":"10.0.1.5","hashMD5":"e7b384bfaccabff482a79be53f485db8","hashSHA1":"f640b1c5208ed9b295ceb9060cba49d1dc4ae479","hashSHA256":"f16352a5657f5122e719c43b8f6e851f642c31eacb1b4fc2bab7c1b51e7ce665","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"712","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-for-windows_11710227228693876802.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20230616145514","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"6959949d30bb64c6c0586597862fe0db","hashSHA1":"afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17","hashSHA256":"7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"712","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Webroot SecureAnywhere (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.4ddig.net/windows-data-recovery.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-for-windows_3311.exe?rnclid=11710227228693876802","sourceIndex":"712"}],"sampleFiles":["240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Samples/4ddig-for-windows_11710227228693876802.exe"],"imageFiles":["240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-043/ACR-043.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-046/ACR-046_Install_1.png","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-046/ACR-046_Install_2.png","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-107/ACR-107.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-042/ACR-042.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-048/ACR-048.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-004/ACR-004.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-004/ACR-004_1.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-097/ACR-097.PNG","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-040/ACR-040_Install_1.png","240313/4DDiGWindowsDataRecovery-240312/10.0.1.5/Images/ACR-123/ACR-123.PNG"],"guid":"25b482c4-0b0e-46b8-b9a2-09fc8dc8c802_10.0.1.5_1","appID":"4DDiGWindowsDataRecovery-240312","dateAdded":"250507","deceptorType":"App","name":"4DDiG Windows Data Recovery","company":"Tenorshare Co., Ltd.","version":"10.0.1.5","lastKnownStatus":"10.0.1.5;10.0.5.9;10.1.0.10;10.1.6.8;10.1.7.3;10.1.11.6;10.3.3;10.3.10","lastKnownDate":"250507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":350},{"violations":{"ACR-046":"App does not show, and provides no option to see, 3rd party app EULA and privacy policy before executing a silent software installation.\n","ACR-107":"App does not show its authorization to install 3rd party software\n","ACR-050":"App circumvents the ability for consumers to inspect and consent to EULA and privacy of the 3rd party apps it silently installs. Provides no option to get to the EULA/Privacy policies.\n","ACR-097":"App evades security investigation by scaring away security review and investigations in its Security Terms and Conditions https://pcapp.store/?p=lp_tos_security\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","fileVersion":"1.0.0.2014","hashMD5":"e56cf6d5326ab57c6ff3419a981424af","hashSHA1":"03ca4dc86e1438621a11594de20d4ba50a3a7b32","hashSHA256":"d308140815fe1821496f42dd9d1d8f41e610de784ecae4a01ffd67e8b5d16f0b","digitalCertThumbprint":"2B7CC99441F4AE77689E0838930E66AA8C88EEC2","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL","sourceIndex":"214","avBlockList":["360 Total Security (20250731)","COMODO Antivirus (20250731)","Dr.Web Security Space (20250731)","ESET Internet Security (20250731)","FortectPremium (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","KasperskyPremium (20250731)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Panda Dome (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)"],"avAllowList":["Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Bitdefender Internet Security (20250731)","Norton Security (20250731)","Quick Heal Internet Security (20250731)","Total AV Antivirus Pro (20250731)","Trend Micro Internet Security (20250731)","VIPRE Advanced Security (20250731)","Windows Defender (20250731)"]}],"additionalFiles":[],"sources":[{"howFound":"external AV report","reference":"n/a","landingPage":"pcapp.store","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"214"}],"sampleFiles":["250506/pcappstore-250321/1.0.0.2014/Samples/Setup.exe"],"imageFiles":["250506/pcappstore-250321/1.0.0.2014/Images/ACR-097/Screenshot 2025-05-06 at 11.16.58 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-097/Screenshot 2025-05-06 at 9.50.47 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-097/Screenshot 2025-05-06 at 11.19.28 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-107/Screenshot 2025-05-06 at 11.20.43 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-050/Screenshot 2025-05-06 at 11.35.10 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-050/Screenshot 2025-05-06 at 11.34.56 AM.png","250506/pcappstore-250321/1.0.0.2014/Images/ACR-046/Screenshot 2025-05-06 at 11.23.55 AM.png"],"nonDeceptorImageFiles":[],"guid":"4e72e487-ee6a-4c96-8a1d-c8181c66bbb8_1.0.0.2014_1","appID":"pcappstore-250321","dateAdded":"250506","deceptorType":"App","name":"PC APP STORE","company":"Fast Corporation LTD","version":"1.0.0.2014","lastKnownStatus":"Deceptor:1.0.0.2010;1.0.0.2014","lastKnownDate":"250506","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps,in-app purchases,install offers","lastUpdate":"2025-05-06T18:37:52.6706923+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":351},{"violations":{"ACR-046":"App does not show, and provides no option to see, 3rd party app EULA and privacy policy before executing a silent software installation.\n","ACR-107":"App does not show its authorization to install 3rd party software\n","ACR-050":"App circumvents the ability for consumers to inspect and consent to EULA and privacy of the 3rd party apps it silently installs. Provides no option to get to the EULA/Privacy policies.\n","ACR-097":"App evades security investigation by scaring away security review and investigations in its EULA\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"5648ba2e99d2f4e536c6228035600bc5","hashSHA1":"4ecff42c47e09e0a2e883d5bd5940cd099885fbc","hashSHA256":"c4eeb0e2a377e7dd3b6f8eda06557eb9ff4b5b52cb4bf87dfabe685b1fe349b9","digitalCertThumbprint":"2B7CC99441F4AE77689E0838930E66AA8C88EEC2","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL","sourceIndex":"232","avBlockList":["360 Total Security (20250501)","Bitdefender Internet Security (20250501)","COMODO Antivirus (20250501)","Dr.Web Security Space (20250501)","ESET Internet Security (20250501)","FortectPremium (20250501)","K7 Total Security (20250501)","KasperskyPremium (20250501)","Malwarebytes Premium (20250501)","McAfee Total Protection (20250501)","Panda Dome (20250501)","Sophos Home Premium (20250501)","SpyHunter5 (20250501)","VIPRE Advanced Security (20250501)","VirIT eXplorer PRO (20250501)","Webroot SecureAnywhere (20250501)"],"avAllowList":["Avast Premium Security (20250501)","AVG Internet Security (20250501)","Avira Internet Security (20250501)","G DATA INTERNET SECURITY (20250501)","Norton Security (20250501)","Quick Heal Internet Security (20250501)","Total AV Antivirus Pro (20250501)","Trend Micro Internet Security (20250501)","Windows Defender (20250501)"]},{"isRevoked":"False","fileName":"PcAppStore.exe","companyName":"Fast Corporation LTD","fileVersion":"1.0","hashMD5":"71b973dbdfc7b52ae10afa4d0ad2b78f","hashSHA1":"bda27794a218b34a8a221627ea433075403d744e","hashSHA256":"05883fccb64dd4357c229ccca669afdacbfa0bc9a1c8d857f5205aed0a81e00a","digitalCertThumbprint":"2B7CC99441F4AE77689E0838930E66AA8C88EEC2","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL","sourceIndex":"232","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup%20(1).exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"6eaba7c29b0ea3e12a450d2631b448af","hashSHA1":"961539a99b3d07636584ca2909384e42b6d55631","hashSHA256":"8ef653856efc45fca8ccb960d76e523079f7a0af897bb0b3b994ed2b3cfe52e4","digitalCertThumbprint":"2B7CC99441F4AE77689E0838930E66AA8C88EEC2","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL","sourceIndex":"232","avBlockList":["360 Total Security (20250508)","Bitdefender Internet Security (20250508)","COMODO Antivirus (20250508)","Dr.Web Security Space (20250508)","ESET Internet Security (20250508)","FortectPremium (20250508)","K7 Total Security (20250508)","KasperskyPremium (20250508)","Malwarebytes Premium (20250508)","McAfee Total Protection (20250508)","Panda Dome (20250508)","Sophos Home Premium (20250508)","SpyHunter5 (20250508)","VirIT eXplorer PRO (20250508)","Webroot SecureAnywhere (20250508)"],"avAllowList":["Avast Premium Security (20250508)","AVG Internet Security (20250508)","Avira Internet Security (20250508)","G DATA INTERNET SECURITY (20250508)","Norton Security (20250508)","Quick Heal Internet Security (20250508)","Total AV Antivirus Pro (20250508)","Trend Micro Internet Security (20250508)","VIPRE Advanced Security (20250508)","Windows Defender (20250508)"]}],"additionalFiles":[],"sources":[{"howFound":"external AV report","reference":"n/a","landingPage":"pcapp.store","directDownloadingLink":"https://repcdn.pcapp.store/download/fa/drm/m.fa.2010.drm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://repcdn.pcapp.store/download/fa/drm/m.fa.2010.drm","sourceIndex":"232"}],"sampleFiles":["250321/pcappstore-250321/1.0.0.2010/Samples/Setup.exe","250321/pcappstore-250321/1.0.0.2010/Samples/Setup%20(1).exe"],"imageFiles":["250321/pcappstore-250321/1.0.0.2010/Images/ACR-097/Screenshot 2025-03-21 at 1.03.17 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-107/Screenshot 2025-03-21 at 1.03.53 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-050/Screenshot 2025-03-21 at 1.05.23 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-050/Screenshot 2025-03-21 at 1.05.32 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-046/Screenshot 2025-03-21 at 1.05.23 PM.png","250321/pcappstore-250321/1.0.0.2010/Images/ACR-046/Screenshot 2025-03-21 at 1.05.32 PM.png"],"nonDeceptorImageFiles":[],"guid":"4e72e487-ee6a-4c96-8a1d-c8181c66bbb8_1.0.0.2010_1","appID":"pcappstore-250321","dateAdded":"250506","deceptorType":"App","name":"PC APP STORE","company":"Fast Corporation LTD","version":"1.0.0.2010","lastKnownStatus":"Deceptor:1.0.0.2010;1.0.0.2014","lastKnownDate":"250506","type":"Windows Executable","category":"Shopping, SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps,in-app purchases,install offers","lastUpdate":"2025-05-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":352},{"violations":{"ACR-043":"Application starts to install and completes all with one click without disclosing anything being installed and disclose its EULA, Privacy Policy and its potentially  security reducing and how application managing the risk.  \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by collecting user's IP and sharing User's IP in its proxy service. \n"},"nonDeceptorViolations":{"ACR-065":"Application doesn't have EULA and Privacy Policy available in software.\n"},"samples":[{"isRevoked":"False","fileName":"zenshield-vpn-1.0.22-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","fileVersion":"1.0","hashMD5":"87eaca6fc25a56dd6a40cc6ccb72ae55","hashSHA1":"0ffcbb0d22ce45d31b471661340a093ad9c840cb","hashSHA256":"b5331dcf85db7842d10040043aa9352ccdf62029aec2c490457cf7e5b3b58c15","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"224","avBlockList":["360 Total Security (20250715)","Avast Premium Security (20250715)","AVG Internet Security (20250715)","Avira Internet Security (20250715)","Bitdefender Internet Security (20250715)","COMODO Antivirus (20250715)","ESET Internet Security (20250715)","FortectPremium (20250715)","G DATA INTERNET SECURITY (20250715)","K7 Total Security (20250715)","KasperskyPremium (20250715)","Malwarebytes Premium (20250715)","McAfee Total Protection (20250715)","Norton Security (20250715)","Panda Dome (20250715)","Quick Heal Internet Security (20250715)","Sophos Home Premium (20250715)","SpyHunter5 (20250715)","Total AV Antivirus Pro (20250715)","VIPRE Advanced Security (20250715)","VirIT eXplorer PRO (20250715)","Webroot SecureAnywhere (20250715)","Windows Defender (20250715)"],"avAllowList":["Dr.Web Security Space (20250715)","Trend Micro Internet Security (20250715)"]},{"isRevoked":"False","fileName":"zenshield-vpn.exe","companyName":"Geonode Pte Ltd","fileVersion":"1.0","hashMD5":"adb47070824ba2674ca22ea26a410edd","hashSHA1":"1b4b60504d6722d22e0d12f4bcd04ce099e5c7f2","hashSHA256":"a0a9a7e4aa99a421a72c2f6853a51dfdd3544879151879b4f20f5d34626338af","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"224","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://www.zenshield.com/new-pages/free-vpn-for-windows","directDownloadingLink":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.22/zenshield-vpn-1.0.22-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.22/zenshield-vpn-1.0.22-setup.exe","sourceIndex":"224"}],"sampleFiles":["250416/ZenShieldVPN-250306/1.0.22/Samples/zenshield-vpn-1.0.22-setup.exe","250416/ZenShieldVPN-250306/1.0.22/Samples/zenshield-vpn.exe"],"imageFiles":["250416/ZenShieldVPN-250306/1.0.22/Images/ACR-043/Install.png","250416/ZenShieldVPN-250306/1.0.22/Images/ACR-007/007.png","250416/ZenShieldVPN-250306/1.0.22/Images/ACR-007/Install.png"],"nonDeceptorImageFiles":["250416/ZenShieldVPN-250306/1.0.22/Images/ACR-065/EULA.png"],"guid":"98a3f848-4c7f-42ec-87e9-3bb5dd3f277b_1.0.22_1","appID":"ZenShieldVPN-250306","dateAdded":"250416","deceptorType":"App","name":"ZenShieldVPN","company":"Geonode Pte Ltd","version":"1.0.22","lastKnownStatus":"1.0.16;1.0.22","lastKnownDate":"250416","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-04-16T20:21:56.2314597+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":353},{"violations":{"ACR-043":"Application starts to install and completes all with one click without disclosing anything being installed and disclose its EULA, Privacy Policy and its potentially  security reducing and how application managing the risk.  \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by collecting user's IP and sharing User's IP in its proxy service. \n","ACR-084":"Application is still running in background and communicating with remote serverprofil24.com  even after user disconnects the VPN service and close the application to systray.\n"},"nonDeceptorViolations":{"ACR-065":"Application doesn't have EULA and Privacy Policy available in software.\n"},"samples":[{"isRevoked":"False","fileName":"zenshield-vpn-1.0.16-setup.exe","isInstaller":"True","companyName":"Geonode Pte Ltd","fileVersion":"1.0","hashMD5":"b08b4f9c14d89ebd4c87de8021b7a0de","hashSHA1":"d9a64d49b219cdccf7cef91c24a83651e4442d36","hashSHA256":"f848b37f8ebd85f6a668ac558b1d487daeda5542c5b00d8ab66f0c02e6d276c4","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"234","avBlockList":["360 Total Security (20250417)","Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","KasperskyPremium (20250417)","Malwarebytes Premium (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Panda Dome (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","Total AV Antivirus Pro (20250417)","VIPRE Advanced Security (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)"],"avAllowList":["Bitdefender Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","Trend Micro Internet Security (20250417)","Windows Defender (20250417)"]},{"isRevoked":"False","fileName":"zenshield-vpn.exe","companyName":"Geonode Pte Ltd","fileVersion":"1.0","hashMD5":"adb47070824ba2674ca22ea26a410edd","hashSHA1":"1b4b60504d6722d22e0d12f4bcd04ce099e5c7f2","hashSHA256":"a0a9a7e4aa99a421a72c2f6853a51dfdd3544879151879b4f20f5d34626338af","digitalCertThumbprint":"4E413A8BFF9675DF68AA52E8B10CCDBA6184C0E7","digitalCertIssuer":"CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"CN=Geonode Pte Ltd, O=Geonode Pte Ltd, L=Singapore, C=SG, SERIALNUMBER=202105609Z, OID.2.5.4.15=Private Organization, STREET=\"12 Eu Tong Sen , 08-169 The Central\", PostalCode=059819, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"234","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://www.zenshield.com/new-pages/free-vpn-for-windows","directDownloadingLink":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.16/zenshield-vpn-1.0.16-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.16/zenshield-vpn-1.0.16-setup.exe","sourceIndex":"234"}],"sampleFiles":["250306/ZenShieldVPN-250306/1.0.16/Samples/zenshield-vpn-1.0.16-setup.exe"],"imageFiles":["250306/ZenShieldVPN-250306/1.0.16/Images/ACR-043/ACR-007_Install_2.png","250306/ZenShieldVPN-250306/1.0.16/Images/ACR-007/ACR-007_Install_1.png","250306/ZenShieldVPN-250306/1.0.16/Images/ACR-007/ACR-007_Install_2.png","250306/ZenShieldVPN-250306/1.0.16/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":["250306/ZenShieldVPN-250306/1.0.16/Images/ACR-065/ACR-065_Software_1.png"],"guid":"98a3f848-4c7f-42ec-87e9-3bb5dd3f277b_1.0.16_1","appID":"ZenShieldVPN-250306","dateAdded":"250416","deceptorType":"App","name":"ZenShieldVPN","company":"Geonode Pte Ltd","version":"1.0.16","lastKnownStatus":"1.0.16;1.0.22","lastKnownDate":"250416","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-04-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":354},{"violations":{"ACR-004":"Application uses traffic light colors to exaggerate the urgency of the scan results.\n","ACR-084":"App provides no notification to the user that it continues to run in the background after being closed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"WiseCare365.exe","companyName":"WiseCleaner.com","fileVersion":"7.0","hashMD5":"a219ff1fa3cfffd25c443b5371ec8ae1","hashSHA1":"16cdb383e744b5dcbf9e2dcb684f98c210f22960","hashSHA256":"15f8682b50364167adfd23118e1d534a2d3c83767553687c59d945cbbd192d8e","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"222","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseCare365_7.2.2.695.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","fileVersion":"7.2","hashMD5":"7d9673c16c3040b3ef853037eb9c427e","hashSHA1":"116bcde04632cfffef3a5e06c0222b28d22f72ea","hashSHA256":"0e4e5646330524e453978d6793aa4a02ce99fb7f457d6c73fd2df3072151d120","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"222","avBlockList":["Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","Malwarebytes Premium (20250417)","Norton Security (20250417)","Panda Dome (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","Total AV Antivirus Pro (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)","Windows Defender (20250417)"],"avAllowList":["360 Total Security (20250417)","Bitdefender Internet Security (20250417)","KasperskyPremium (20250417)","McAfee Total Protection (20250417)","Trend Micro Internet Security (20250417)","VIPRE Advanced Security (20250417)"]}],"additionalFiles":[],"sources":[{"howFound":"google allintext search: PC Fix Error","reference":"wise PC 1stAid","landingPage":"https://www.wisecleaner.com/download.html","directDownloadingLink":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","sourceIndex":"222"}],"sampleFiles":["250410/WiseCare365-191216/7.2.2.695/Samples/WiseCare365.exe","250410/WiseCare365-191216/7.2.2.695/Samples/WiseCare365_7.2.2.695.exe"],"imageFiles":["250410/WiseCare365-191216/7.2.2.695/Images/ACR-004/colors.png","250410/WiseCare365-191216/7.2.2.695/Images/ACR-084/notification.gif"],"nonDeceptorImageFiles":[],"guid":"99d84161-4750-4f00-b0b3-20249f272511_7.2.2.695_1","appID":"WiseCare365-191216","dateAdded":"250410","deceptorType":"App","name":"WiseCare365","company":"Lespeed Technology Ltd","version":"7.2.2.695","firstVendorContactDate":"250410","firstAppEsteemReplyDate":"250411","firstResolvedDate":"250421","firstResolvedVersion":"7.2.4.697","resolved":"TRUE","lastKnownStatus":"5.4.5;5.4.7.543;6.6.6;7.2.2.695;","lastKnownDate":"250410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-21T19:11:55.0728237+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":355},{"violations":{"ACR-004":"Application exaggerates the urgency of PC status using alarming color for the reported items and exclamation mark. It doesn't provide free fix for the items reported instead asking to upgrade to pro version. For the items reported that needs to be fixed manually, there is no information how to fix them manually. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"WiseCare365_6.6.6.636.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","fileVersion":"6.6","hashMD5":"c27c3107bb20803c3f5d8eab7258bb48","hashSHA1":"9e8384e96c6542eaf091cec68c351b8bde8d1b96","hashSHA256":"42e35e59355e78dc581115d24babd4424422efacfdb6710395c27e84243959df","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"644","avBlockList":["Avast Premium Security (20250306)","AVG Internet Security (20250306)","Avira Internet Security (20250306)","COMODO Antivirus (20250306)","Dr.Web Security Space (20250306)","ESET Internet Security (20250306)","G DATA INTERNET SECURITY (20250306)","K7 Total Security (20250306)","Norton Security (20250306)","Panda Dome (20250306)","Quick Heal Internet Security (20250306)","Sophos Home Premium (20250306)","Total AV Antivirus Pro (20250306)","VirIT eXplorer PRO (20250306)","Webroot SecureAnywhere (20250306)","Windows Defender (20250306)","FortectPremium (20250306)"],"avAllowList":["360 Total Security (20250306)","Bitdefender Internet Security (20250306)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20250306)","McAfee Total Protection (20250306)","SpyHunter5 (20250306)","Trend Micro Internet Security (20250306)","VIPRE Advanced Security (20250306)","KasperskyPremium (20250306)"]},{"isRevoked":"False","fileName":"WiseCare365.exe","companyName":"WiseCleaner.com","fileVersion":"6.6","hashMD5":"a020b60c4dd43183e92322ebbd984622","hashSHA1":"0b57dee576b4c46ea5e022d83392f1b596943e27","hashSHA256":"3ea7a31f54953bf9f5b999fe57c11740d3b62bb6194c1925d967568d8414bc58","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseTray.exe","companyName":"WiseCleaner.com","fileVersion":"6.2","hashMD5":"4e793e5fba64a9edcddb922e1aa9dac4","hashSHA1":"e16cac5cd505a67754f5ea21b28ecafbb66f8b1b","hashSHA256":"fc9ca77981ddd0e810c2e88fe8cfc27dc94258d888a08083ec5ceb0e0a6a7d72","digitalCertThumbprint":"B910852E34BA52BEF2F23CA9FDE37B2219A718D3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization, CN=\"Lespeed Technology Co., Ltd\", SERIALNUMBER=91110101593898951F, O=\"Lespeed Technology Co., Ltd\", L=Beijing, C=CN","sourceIndex":"644","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor report channel","reference":"","landingPage":"https://www.wisecleaner.com/wise-care-365.html","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"644"}],"sampleFiles":["240418/WiseCare365-191216/6.6.6/Samples/WiseCare365_6.6.6.636.exe","240418/WiseCare365-191216/6.6.6/Samples/WiseCare365.exe","240418/WiseCare365-191216/6.6.6/Samples/WiseTray.exe"],"imageFiles":["240418/WiseCare365-191216/6.6.6/Images/ACR-004/ACR-004_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"99d84161-4750-4f00-b0b3-20249f272511_6.6.6_1","appID":"WiseCare365-191216","dateAdded":"250410","deceptorType":"App","name":"WiseCare365","company":"Lespeed Technology Ltd","version":"6.6.6","firstVendorContactDate":"250410","firstAppEsteemReplyDate":"250411","firstResolvedDate":"250421","firstResolvedVersion":"7.2.4.697","resolved":"TRUE","lastKnownStatus":"5.4.5;5.4.7.543;6.6.6;7.2.2.695;","lastKnownDate":"250410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":356},{"violations":{"ACR-003":"The app displays unsubstantiated scan results.\n","ACR-004":"The app does not fix free scan results relating to privacy issues and displays unsubstantiated scan results.\n","ACR-017":"The internal offers page displays unverifiable certifications.\n","ACR-014":"The app contains exaggerated words such as \"problems\" and \"obsolete\" and does not substantiate scan results.\n","ACR-016":"The apps from utilities perform direct download and installation.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA, Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or the Returns and Cancellation Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"WiseCare365_5.4.7.543.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","fileVersion":"5.4","hashMD5":"e1d529c13c1aa2f7f458ab6cd2d8bbda","hashSHA1":"43b431c606b791820c477e1e7df0bb5d97543320","hashSHA256":"f302dec18d7c3fe4aa5c51cddb69d896f67fb25eceaa56c8335b4a7ba6fdd7c0","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"2531","avBlockList":["Avast Internet Security (20200224)","AVG Internet Security (20200224)","Avira Internet Security (20200224)","Dr.Web Security Space (20200224)","ESET Internet Security (20200224)","K7 Total Security (20200224)","Kaspersky Internet Security (20200224)","Malwarebytes Premium (20200224)","McAfee Total Protection (20200224)","Panda Dome (20200224)","Sophos Home Premium (20200224)","SpyHunter5 (20200224)","VirIT eXplorer PRO (20200224)","Webroot SecureAnywhere (20200224)","Windows Defender (20200224)"],"avAllowList":["360 Total Security (20200224)","Bitdefender Internet Security (20200224)","COMODO Antivirus (20200224)","G DATA INTERNET SECURITY (20200224)","Norton Security (20200224)","Quick Heal Internet Security (20200224)","Tencent PC Manager (20200224)","Trend Micro Internet Security (20200224)","VIPRE Advanced Security (20200224)"]},{"isRevoked":"False","fileName":"WiseCare365.exe","companyName":"WiseCleaner.com","fileVersion":"5.4","hashMD5":"07faa5489e6aca3163eb3615ee52fb7e","hashSHA1":"56ec3d2e8ff4e0b0e6add409e4904d78bc795dd6","hashSHA256":"7e915d1fe7c56b1c22eb1beb13d04e35415e9211851a274d9830bcc23336d7ac","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"2531","avBlockList":["Avira Internet Security (20200217)","ESET Internet Security (20200217)","Malwarebytes Premium (20200217)","McAfee Total Protection (20200217)","Panda Dome (20200217)","Sophos Home Premium (20200217)","SpyHunter5 (20200217)","VirIT eXplorer PRO (20200217)","Webroot SecureAnywhere (20200217)"],"avAllowList":["360 Total Security (20200217)","Avast Internet Security (20200217)","AVG Internet Security (20200217)","Bitdefender Internet Security (20200217)","COMODO Antivirus (20200217)","Dr.Web Security Space (20200217)","G DATA INTERNET SECURITY (20200217)","Kaspersky Internet Security (20200217)","Norton Security (20200217)","Quick Heal Internet Security (20200217)","Tencent PC Manager (20200217)","Trend Micro Internet Security (20200217)","VIPRE Advanced Security (20200217)","Windows Defender (20200217)"]}],"additionalFiles":[],"sources":[{"howFound":"google allintext search: PC Fix Error","reference":"wise PC 1stAid","landingPage":"https://www.wisecleaner.com/download.html","directDownloadingLink":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","sourceIndex":"2531"}],"sampleFiles":["200226/WiseCare365-191216/5.4.7.543/Samples/WiseCare365_5.4.7.543.exe","200226/WiseCare365-191216/5.4.7.543/Samples/WiseCare365.exe"],"imageFiles":["200226/WiseCare365-191216/5.4.7.543/Images/ACR-004/WiseCare365 004.gif","200226/WiseCare365-191216/5.4.7.543/Images/ACR-004/WiseCare365 Scan Results.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-003/WiseCare365 Scan Results.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-014/WiseCare365 Scan Results.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-017/WiseCare365 Internal Offers.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-016/WiseCare365 Scan Results.png"],"nonDeceptorImageFiles":["200226/WiseCare365-191216/5.4.7.543/Images/ACR-065/WiseCare365 About.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-099/WiseCare365 About.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-065/WiseCare365 Landing Page.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-099/WiseCare365 Landing Page.png","200226/WiseCare365-191216/5.4.7.543/Images/ACR-161/WiseCare365 Testimonials.png"],"guid":"99d84161-4750-4f00-b0b3-20249f272511_5.4.7.543_1","appID":"WiseCare365-191216","dateAdded":"250410","deceptorType":"App","name":"WiseCare365","company":"Lespeed Technology Ltd","version":"5.4.7.543","sigName":"Deceptor:Win32/WiseCare365!004003014017016","firstVendorContactDate":"250410","firstAppEsteemReplyDate":"250411","firstResolvedDate":"250421","firstResolvedVersion":"7.2.4.697","resolved":"TRUE","lastKnownStatus":"5.4.5;5.4.7.543;6.6.6;7.2.2.695;","lastKnownDate":"250410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"in-app purchases,paid,display ads","lastUpdate":"2025-04-21T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":357},{"violations":{"ACR-003":"The identified issues are not substantiated. App exaggerates system status reporting 1414 problems.\n","ACR-004":"App uses alarming color and symbol to represent issues, it displays false alarming \"system protection is off\" though windows defender is on. It reports system has 4131 problems, that are not substantiated. \n","ACR-017":"The 3rd party  logos are not verifiable.\n","ACR-084":"The silence installation option exist in the app. The usage of this silence installation does not disclose if this is necessary for app. \"\"WiseCare365_5.4.5.541.exe\" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART \"\n","ACR-014":"The app contains exaggerated word such as \"problems\" and \"obsolete\" and does not substantiate for identified results\n","ACR-016":"The offered app does not disclose EULA in the landing page and the apps from utilities perform direct download and installation.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose EULA, Privacy policy and Refund policy in the software.\nThe app does not disclose EULA and Refund policy in the landing page.\n","ACR-161":"Testimonials are not verifiable.\n","ACR-099":"The app does not contain uninstall information in the software.\nThe app does not contain uninstall information in the landing page.\n","ACR-120":"During uninstallation, the app offers same product to the consumer for free.\n","ACR-167":"The app does not disclose Return Policy in the docs.\n","ACR-017":"The logos are not verifiable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe","companyName":"WiseCleaner.com","productName":"Wise Care 365","productVersion":"5.4","fileVersion":"5.4.5.541","hashMD5":"e1d1aec4203ee9808aa400af97afdbbd","hashSHA1":"f8a622a265dc47e62623a0d46751c7bb551e0bc3","hashSHA256":"bd2267a9cca4516d9d5c23a8ab66a1ff7434297a24758623841a5df836493660","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Lespeed Technology Ltd.","sourceIndex":"2584","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseCare365_5.4.5.541.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","productName":"Wise Care 365                                               ","productVersion":"5.4.5                                             ","fileVersion":"5.4.5               ","hashMD5":"d892c31423e039337ec0a41e6fd94e0a","hashSHA1":"673ab0828cb95db2e829b9cad3a7cd135a207ad7","hashSHA256":"dcc32a26ab73f0791977eeb59c50c034b7eb449e82fb63901141f9b42621a607","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Lespeed Technology Ltd.","sourceIndex":"2584","avBlockList":["Avast Internet Security (20200121)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","Dr.Web Security Space (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","McAfee Total Protection (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Sophos Home Premium (20240430)","Tencent PC Manager (20200121)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)","Windows Defender (20240430)","SpyHunter5 (20240430)","Total AV Antivirus Pro (20240430)","Avast Premium Security (20240430)"],"avAllowList":["360 Total Security (20240430)","COMODO Antivirus (20240430)","K7 Total Security (20240430)","Quick Heal Internet Security (20240430)","Trend Micro Internet Security (20240430)"]}],"additionalFiles":[],"sources":[{"howFound":"google allintext search: PC Fix Error","reference":"wise PC 1stAid","landingPage":"https://www.wisecleaner.com/download.html","directDownloadingLink":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.wisecleaner.com/soft/WiseCare365_5.4.5.541.exe","sourceIndex":"2584"}],"sampleFiles":["191218/WiseCare365-191216/5.4.5/Samples/WiseCare365_5.4.5.541.exe"],"imageFiles":["191218/WiseCare365-191216/5.4.5/Images/ACR-004/ACR-004_Software_Raises_Urgency.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-084/ACR-084_Software_SilentInstallationExist.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-003/ACR-003_Software_IssuesCannotBeSubstantiated.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWord.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords1.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords2.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords3.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords4.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords5.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-014/ACR-014_Software_NeedsToCleanupExaggeratedWords6.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogo.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogos.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-016/ACR-016_AdsInsideApp_NoEULA.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-016/ACR-016_AdsInside_App_Does_Not_Disclose_EULA.JPG"],"nonDeceptorImageFiles":["191218/WiseCare365-191216/5.4.5/Images/ACR-065/ACR-065_Software_NoDocs.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-120/ACR-120_Uninstall_OffersDiscount.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-065/ACR-065_LandingPage_NoEULA.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-099/ACR-099_LandingPage_NoUninstall_Info.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_LandingPage_MisleadingLogos.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_LandingPage_MisleadingLogos1.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_Logos.JPG","191218/WiseCare365-191216/5.4.5/Images/ACR-161/ACR-161_LandingPage_UnableToVerifyTestimonials.JPG"],"guid":"99d84161-4750-4f00-b0b3-20249f272511_5.4.5_1","appID":"WiseCare365-191216","dateAdded":"250410","deceptorType":"App","name":"WiseCare365","company":"Lespeed Technology Ltd","version":"5.4.5","sigName":"Deceptor:Win32/WiseCare365!004084003014017016","firstVendorContactDate":"250410","firstAppEsteemReplyDate":"250411","firstResolvedDate":"250421","firstResolvedVersion":"7.2.4.697","resolved":"TRUE","lastKnownStatus":"5.4.5;5.4.7.543;6.6.6;7.2.2.695;","lastKnownDate":"250410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"in-app purchases,paid,display ads","lastUpdate":"2025-04-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":358},{"violations":{"ACR-048":"The app does not provide an option to cancel installation\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitwarSetup.exe","isInstaller":"True","companyName":"","productName":"Bitwar Data Recvery","productVersion":"","fileVersion":"7.3.2.0","hashMD5":"d40dd6a913acf738f915f85860d60e44","hashSHA1":"6369c34f4a28577fbe8974cbdbd8135d6e733e15","hashSHA256":"be4c1eb60a4a4dcfda8f859b8eda54063fc8c01580b202d435c3b8e3a031924e","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Xiamen Baishengtong Software Technology Co.Ltd.","storeId":"","sourceIndex":"531","avBlockList":["ESET Internet Security (20241212)","K7 Total Security (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)","FortectPremium (20241212)"],"avAllowList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","G DATA INTERNET SECURITY (20241212)","KasperskyPremium (20241212)","Malwarebytes Premium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.r-datarecovery.com/","directDownloadingLink":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","sourceIndex":"531"}],"sampleFiles":["240924/BitwarDataRecovery-240411/7.3.3.3102/Samples/BitwarSetup.exe"],"imageFiles":["240924/BitwarDataRecovery-240411/7.3.3.3102/Images/ACR-048/ACR-048.PNG","240924/BitwarDataRecovery-240411/7.3.3.3102/Images/ACR-004/ACR-004.PNG","240924/BitwarDataRecovery-240411/7.3.3.3102/Images/ACR-004/ACR-004_1.PNG"],"nonDeceptorImageFiles":[],"guid":"2c99f7eb-eda2-407d-a91c-5e1573b18e9b_7.3.3.3102_1","appID":"BitwarDataRecovery-240411","dateAdded":"250403","deceptorType":"App","name":"Bitwar Data Recovery","company":"Bitwarsoft","version":"7.3.3.3102","lastKnownStatus":"7.2.5.0; 7.2.6.0;7.3.3.3102;7.3.7.3165","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":370},{"violations":{"ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-045":"“Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app does not display links to the EULA or the Privacy Policy.\n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"2.1.8                                             ","fileVersion":"2.1.8               ","hashMD5":"630da3ea13e746a4552686b83322b481","hashSHA1":"a33da27d4c570cba50c88b51198dcd23e6b59e18","hashSHA256":"7b8e64b717dadc0e2e0da5b269d01500c287ca935927ed53847be75c4fa85022","digitalCertThumbprint":"76129700EE8294B7F9F417736BC1EC3F1A79CAC6","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"\"RayShare Co.","storeId":"","uriToBlock":"","sourceIndex":"541","avBlockList":["ESET Internet Security (20241205)","FortectPremium (20241205)","Malwarebytes Premium (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)"],"avAllowList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","Windows Defender (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/data-recovery/","directDownloadingLink":"https://download.aiseesoft.com/data-recovery.exe?_gl=1*1arq5zq*_ga*MTIwMTExNTUyMC4xNzI2NTYwMjAy*_ga_M4E51HTXR8*MTcyNjU2MDIwMS4xLjEuMTcyNjU2MDQzNC4wLjAuMA.. ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/data-recovery.exe?_gl=1*1arq5zq*_ga*MTIwMTExNTUyMC4xNzI2NTYwMjAy*_ga_M4E51HTXR8*MTcyNjU2MDIwMS4xLjEuMTcyNjU2MDQzNC4wLjAuMA.. ","sourceIndex":"541"}],"sampleFiles":["240919/AiseesoftDataRecovery-240917/1.8.22/Samples/data-recovery.exe"],"imageFiles":["240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-004/App7.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-004/offer1.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-004/offer2.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-004/offer3.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-118/retained files.png"],"nonDeceptorImageFiles":["240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-065/app3.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-045/landingpage2.png","240919/AiseesoftDataRecovery-240917/1.8.22/Images/ACR-161/LandingPage.png"],"guid":"cb11b58a-620c-4f61-aad9-9b548fc48d73_1.8.22_1","appID":"AiseesoftDataRecovery-240917","dateAdded":"250403","deceptorType":"App","name":"Aiseesoft Data Recovery","company":"Aiseesoft Studio","version":"1.8.22","lastKnownStatus":"1.8.22;3.1.6","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetCustomer":"enterprise,consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":373},{"violations":{"ACR-046":"The option \"Join Customer Experience Program\" is hidden by default, requiring the user to select custom installation. The option is also checked by default.\n","ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of its components on the device without consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"data-recovery.exe","isInstaller":"True","fileVersion":"2.1","hashMD5":"34ed9a90486a7496eb762eaf8ea1db62","hashSHA1":"9ec32f3cad5ddb2ed5cc671b278b50ffad0957f5","hashSHA256":"faebcf9a040ea338c989fa04741fd50632f08e58e88c3f9add9061fa19de86b0","digitalCertThumbprint":"76129700EE8294B7F9F417736BC1EC3F1A79CAC6","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=rayshareltd@gmail.com, CN=\"RayShare Co., Ltd\", O=\"RayShare Co., Ltd\", L=Beijing, S=Beijing, C=CN","sourceIndex":"229","avBlockList":["ESET Internet Security (20250624)","FortectPremium (20250624)","K7 Total Security (20250624)","Malwarebytes Premium (20250624)","Panda Dome (20250624)","Quick Heal Internet Security (20250624)","Sophos Home Premium (20250624)","SpyHunter5 (20250624)","VirIT eXplorer PRO (20250624)","Webroot SecureAnywhere (20250624)"],"avAllowList":["360 Total Security (20250624)","Avast Premium Security (20250624)","AVG Internet Security (20250624)","Avira Internet Security (20250624)","Bitdefender Internet Security (20250624)","COMODO Antivirus (20250624)","Dr.Web Security Space (20250624)","G DATA INTERNET SECURITY (20250624)","KasperskyPremium (20250624)","McAfee Total Protection (20250624)","Norton Security (20250624)","Total AV Antivirus Pro (20250624)","Trend Micro Internet Security (20250624)","VIPRE Advanced Security (20250624)","Windows Defender (20250624)"]},{"isRevoked":"False","fileName":"Aiseesoft%20Data%20Recovery.exe","companyName":"Aiseesoft","fileVersion":"3.1","hashMD5":"925667686e32887a7995e7dc015db5c9","hashSHA1":"4455f89e91b6a8feed020c83182d933e07c042cd","hashSHA256":"16c0ca7bbc1eacea4caebed9f27833260e7a52827853bb68d1d8fc283876dae1","digitalCertThumbprint":"76129700EE8294B7F9F417736BC1EC3F1A79CAC6","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=rayshareltd@gmail.com, CN=\"RayShare Co., Ltd\", O=\"RayShare Co., Ltd\", L=Beijing, S=Beijing, C=CN","sourceIndex":"229","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/data-recovery/","directDownloadingLink":"https://download.aiseesoft.com/data-recovery.exe?_gl=1*1arq5zq*_ga*MTIwMTExNTUyMC4xNzI2NTYwMjAy*_ga_M4E51HTXR8*MTcyNjU2MDIwMS4xLjEuMTcyNjU2MDQzNC4wLjAuMA.. ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/data-recovery.exe?_gl=1*1arq5zq*_ga*MTIwMTExNTUyMC4xNzI2NTYwMjAy*_ga_M4E51HTXR8*MTcyNjU2MDIwMS4xLjEuMTcyNjU2MDQzNC4wLjAuMA.. ","sourceIndex":"229"}],"sampleFiles":["250403/AiseesoftDataRecovery-240917/3.1.6/Samples/data-recovery.exe","250403/AiseesoftDataRecovery-240917/3.1.6/Samples/Aiseesoft%20Data%20Recovery.exe"],"imageFiles":["250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-046/installoptions.png","250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-046/defaultinstall.png","250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-004/ACR-004.png","250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-004/subs.png","250403/AiseesoftDataRecovery-240917/3.1.6/Images/ACR-118/ACR-118.png"],"nonDeceptorImageFiles":[],"guid":"cb11b58a-620c-4f61-aad9-9b548fc48d73_3.1.6_1","appID":"AiseesoftDataRecovery-240917","dateAdded":"250403","deceptorType":"App","name":"Aiseesoft Data Recovery","company":"Aiseesoft Studio","version":"3.1.6","lastKnownStatus":"1.8.22;3.1.6","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"enterprise,consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T21:40:17.8354102+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":372},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitwarSetup.exe","isInstaller":"True","fileVersion":"7.2","hashMD5":"9c51fa5ec548f0fbd6a8be38e9c86b35","hashSHA1":"d0881461ac0b85b74fc46466265f4c4f9f6115bb","hashSHA256":"5403012c22903d72af24b546cbe905a91570461b93cca0b07cd425ac1abb4d38","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", O=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", L=厦门市, S=福建省, C=CN, SERIALNUMBER=913502033029307724, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=思明区, OID.1.3.6.1.4.1.311.60.2.1.2=福建省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"614","avBlockList":["360 Total Security (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)"],"avAllowList":["Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Quick Heal Internet Security (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","KasperskyPremium (20240820)"]},{"isRevoked":"False","fileName":"BitwarSetup%20(1).exe","isInstaller":"True","fileVersion":"7.2","hashMD5":"6421e03321e10ccfb4171a111538b802","hashSHA1":"f45c54dfb1d5ac5cb6b430dc6400d297c3754e4a","hashSHA256":"a0f21504eaa745d41f2c19aa0149a0f71b978471cb3703dc4c664f6ca3e218f9","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", O=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", L=厦门市, S=福建省, C=CN, SERIALNUMBER=913502033029307724, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=思明区, OID.1.3.6.1.4.1.311.60.2.1.2=福建省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"614","avBlockList":["ESET Internet Security (20240822)","FortectPremium (20240822)","Norton Security (20240822)","Panda Dome (20240822)","Sophos Home Premium (20240822)","SpyHunter5 (20240822)","VirIT eXplorer PRO (20240822)","Webroot SecureAnywhere (20240822)","Windows Defender (20240822)"],"avAllowList":["360 Total Security (20240822)","Avast Premium Security (20240822)","AVG Internet Security (20240822)","Avira Internet Security (20240822)","Bitdefender Internet Security (20240822)","COMODO Antivirus (20240822)","Dr.Web Security Space (20240822)","G DATA INTERNET SECURITY (20240822)","K7 Total Security (20240822)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240822)","McAfee Total Protection (20240822)","Quick Heal Internet Security (20240822)","Total AV Antivirus Pro (20240822)","Trend Micro Internet Security (20240822)","VIPRE Advanced Security (20240822)","KasperskyPremium (20240822)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.r-datarecovery.com/","directDownloadingLink":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","sourceIndex":"614"}],"sampleFiles":["240625/BitwarDataRecovery-240411/7.2.5.0/Samples/BitwarSetup.exe","240625/BitwarDataRecovery-240411/7.2.5.0/Samples/BitwarSetup%20(1).exe"],"imageFiles":["240625/BitwarDataRecovery-240411/7.2.5.0/Images/ACR-004/ACR-004_Software_1.png","240625/BitwarDataRecovery-240411/7.2.5.0/Images/ACR-004/ACR-004_Software_2.png","240625/BitwarDataRecovery-240411/7.2.5.0/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"2c99f7eb-eda2-407d-a91c-5e1573b18e9b_7.2.5.0_1","appID":"BitwarDataRecovery-240411","dateAdded":"250403","deceptorType":"App","name":"Bitwar Data Recovery","company":"Bitwarsoft","version":"7.2.5.0","lastKnownStatus":"7.2.5.0; 7.2.6.0;7.3.3.3102;7.3.7.3165","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":371},{"violations":{"ACR-048":"The app does not provide an option to cancel installation\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitwarSetup.exe","isInstaller":"True","fileVersion":"7.3","hashMD5":"9e0aee8da3d1f63517d7f2662f586191","hashSHA1":"6928efc019764f84d1a5e92ae345787aed0fc953","hashSHA256":"e6b6cb9e0ba816c6089126b492396db1540f43492d41ba3633b52a1aaee4bc9b","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", O=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", L=厦门市, S=福建省, C=CN, SERIALNUMBER=913502033029307724, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=思明区, OID.1.3.6.1.4.1.311.60.2.1.2=福建省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"225","avBlockList":["360 Total Security (20250624)","ESET Internet Security (20250624)","FortectPremium (20250624)","K7 Total Security (20250624)","Panda Dome (20250624)","Quick Heal Internet Security (20250624)","Sophos Home Premium (20250624)","SpyHunter5 (20250624)","VirIT eXplorer PRO (20250624)","Webroot SecureAnywhere (20250624)"],"avAllowList":["Avast Premium Security (20250624)","AVG Internet Security (20250624)","Avira Internet Security (20250624)","Bitdefender Internet Security (20250624)","COMODO Antivirus (20250624)","Dr.Web Security Space (20250624)","G DATA INTERNET SECURITY (20250624)","KasperskyPremium (20250624)","Malwarebytes Premium (20250624)","McAfee Total Protection (20250624)","Norton Security (20250624)","Total AV Antivirus Pro (20250624)","Trend Micro Internet Security (20250624)","VIPRE Advanced Security (20250624)","Windows Defender (20250624)"]},{"isRevoked":"False","fileName":"RecoverMaster.exe","fileVersion":"7.3","hashMD5":"c41857a15418da118cd6f893a4464b3a","hashSHA1":"5650a394af6ee96e47d8a5c3f0ee55b8a7ce2778","hashSHA256":"d4631e2c7bb09c60a9a3b697108a8e7a4396eb9519fefc1b3fc58919fe72a19b","digitalCertThumbprint":"FB821AE1D0D310FF459A9FD9266703BFAE2B0CEA","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", O=\"Xiamen Baishengtong Software Technology Co.,Ltd.\", L=厦门市, S=福建省, C=CN, SERIALNUMBER=913502033029307724, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=思明区, OID.1.3.6.1.4.1.311.60.2.1.2=福建省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"225","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.r-datarecovery.com/","directDownloadingLink":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.r-datarecovery.com/Downloads/BitwarSetup.exe","sourceIndex":"225"}],"sampleFiles":["250403/BitwarDataRecovery-240411/7.3.7.3165/Samples/BitwarSetup.exe","250403/BitwarDataRecovery-240411/7.3.7.3165/Samples/RecoverMaster.exe"],"imageFiles":["250403/BitwarDataRecovery-240411/7.3.7.3165/Images/ACR-048/install.png","250403/BitwarDataRecovery-240411/7.3.7.3165/Images/ACR-004/ACR-004.png","250403/BitwarDataRecovery-240411/7.3.7.3165/Images/ACR-004/ACR-004_2.png"],"nonDeceptorImageFiles":[],"guid":"2c99f7eb-eda2-407d-a91c-5e1573b18e9b_7.3.7.3165_1","appID":"BitwarDataRecovery-240411","dateAdded":"250403","deceptorType":"App","name":"Bitwar Data Recovery","company":"Bitwarsoft","version":"7.3.7.3165","lastKnownStatus":"7.2.5.0; 7.2.6.0;7.3.3.3102;7.3.7.3165","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-04-03T22:47:13.849227+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":369},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 1GB of data. Instead it offers subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{"ACR-167":"App only offers a 15-day money-back guarantee.\n"},"samples":[{"isRevoked":"False","fileName":"icarepro.exe","isInstaller":"True","companyName":"iCareAll Inc.                                               ","fileVersion":"9.0","hashMD5":"d02ab582b51fd0132985dc683f2ff502","hashSHA1":"5b1aa25f3ae2e95a225d8b3a4da512a8086b95c2","hashSHA256":"7aef646d919ae456bb61426794c57741c19c574f06f6e0bf6ed8fbdd759caa5b","digitalCertThumbprint":"56CCB771C26C917AB9EE81D40C212A7C3AA5ECA1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"iCareAll Co., Limited\", O=\"iCareAll Co., Limited\", S=Hong Kong, C=HK, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=2421831","sourceIndex":"533","avBlockList":["FortectPremium (20241212)","K7 Total Security (20241212)","Panda Dome (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)"],"avAllowList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","ESET Internet Security (20241212)","G DATA INTERNET SECURITY (20241212)","KasperskyPremium (20241212)","Malwarebytes Premium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Quick Heal Internet Security (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.icare-recovery.com/","directDownloadingLink":"https://download.icare-recovery.com/icarepro.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.icare-recovery.com/icarepro.zip","sourceIndex":"533"}],"sampleFiles":["240923/iCareRecoverPro-240919/9.0.0.6/Samples/icarepro.exe"],"imageFiles":["240923/iCareRecoverPro-240919/9.0.0.6/Images/ACR-004/ACR-004_Software_1.png","240923/iCareRecoverPro-240919/9.0.0.6/Images/ACR-004/ACR-004_Software_2.png","240923/iCareRecoverPro-240919/9.0.0.6/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":["240923/iCareRecoverPro-240919/9.0.0.6/Images/ACR-167/ACR-167_Docs_1.png"],"guid":"10f588b7-9653-48e9-8fd4-56ca35db3dd3_9.0.0.6_1","appID":"iCareRecoverPro-240919","dateAdded":"250403","deceptorType":"App","name":"iCare Recovery Pro","company":"iCareAll Inc.","version":"9.0.0.6","lastKnownStatus":"9.0.0.6;9.0.0.9","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":368},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 1GB of data. Instead it offers subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{"ACR-167":"App only offers a 15-day money-back guarantee.\n"},"samples":[{"isRevoked":"False","fileName":"icarepro.exe","isInstaller":"True","companyName":"iCareAll Inc.                                               ","fileVersion":"9.0","hashMD5":"51d7e9564d2f93fa8484a2f91a982217","hashSHA1":"f54328fd2fbeb9d0c1957f833f8654ae6e432cf2","hashSHA256":"0ff06ff925bb84f0f2ed991242d2948629120bce79511485c1500af52b722312","digitalCertThumbprint":"56CCB771C26C917AB9EE81D40C212A7C3AA5ECA1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"iCareAll Co., Limited\", O=\"iCareAll Co., Limited\", S=Hong Kong, C=HK, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=2421831","sourceIndex":"228","avBlockList":["FortectPremium (20250701)","G DATA INTERNET SECURITY (20250701)","K7 Total Security (20250701)","Panda Dome (20250701)","Quick Heal Internet Security (20250701)","Sophos Home Premium (20250701)","SpyHunter5 (20250701)","VirIT eXplorer PRO (20250701)","Webroot SecureAnywhere (20250701)","Windows Defender (20250701)"],"avAllowList":["360 Total Security (20250701)","Avast Premium Security (20250701)","AVG Internet Security (20250701)","Avira Internet Security (20250701)","Bitdefender Internet Security (20250701)","COMODO Antivirus (20250701)","Dr.Web Security Space (20250701)","ESET Internet Security (20250701)","KasperskyPremium (20250701)","Malwarebytes Premium (20250701)","McAfee Total Protection (20250701)","Norton Security (20250701)","Total AV Antivirus Pro (20250701)","Trend Micro Internet Security (20250701)","VIPRE Advanced Security (20250701)"]},{"isRevoked":"False","fileName":"iCDR.exe","companyName":"iCareAll Inc.","fileVersion":"9.0","hashMD5":"6d2808ae5aa56f576c59bdd821479d81","hashSHA1":"b33cf6d3fe1124f88e40ef9666083178d079db40","hashSHA256":"d68860273d4bb98f3db169b63ce8cc78b126f82ced239de462cce5cd85b6f6c4","digitalCertThumbprint":"56CCB771C26C917AB9EE81D40C212A7C3AA5ECA1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"iCareAll Co., Limited\", O=\"iCareAll Co., Limited\", S=Hong Kong, C=HK, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=HK, SERIALNUMBER=2421831","sourceIndex":"228","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.icare-recovery.com/","directDownloadingLink":"https://download.icare-recovery.com/icarepro.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.icare-recovery.com/icarepro.zip","sourceIndex":"228"}],"sampleFiles":["250403/iCareRecoverPro-240919/9.0.0.9/Samples/icarepro.exe","250403/iCareRecoverPro-240919/9.0.0.9/Samples/iCDR.exe"],"imageFiles":["250403/iCareRecoverPro-240919/9.0.0.9/Images/ACR-004/ACR-004.png","250403/iCareRecoverPro-240919/9.0.0.9/Images/ACR-004/subs.png"],"nonDeceptorImageFiles":["250403/iCareRecoverPro-240919/9.0.0.9/Images/ACR-167/15day.png"],"guid":"10f588b7-9653-48e9-8fd4-56ca35db3dd3_9.0.0.9_1","appID":"iCareRecoverPro-240919","dateAdded":"250403","deceptorType":"App","name":"iCare Recovery Pro","company":"iCareAll Inc.","version":"9.0.0.9","lastKnownStatus":"9.0.0.6;9.0.0.9","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T21:42:32.4917071+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":367},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Remo Recover 6.0\\64\\rs-recover.exe","companyName":"Remo Software","productName":"Remo Recover [Windows]","productVersion":"6.0.0.229","fileVersion":"6.0.0.229","hashMD5":"c77f0450fcb056491a72f6bd9cf9cd3e","hashSHA1":"103143bd664193bdbadd6b6e458813d24e74a885","hashSHA256":"224bb723004ed86b2a4f5d45145472974e9cecd940a77cc3f30da7d529ab30bc","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"702","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.229                                         ","fileVersion":"6.0.0.229           ","hashMD5":"02c89e7bcd8084b750d0f17ea33b85b9","hashSHA1":"92ea0bbac33bf27cd4fbcd8a50b78c2daba08561","hashSHA256":"ef0cf74bb40a7e10e1a8fc80369a82be1390f2e6e096979307f0c278836bd1e4","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"702","avBlockList":["360 Total Security (20240815)","ESET Internet Security (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Kaspersky Internet Security (20240530)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Total AV Antivirus Pro (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","sourceIndex":"702"}],"sampleFiles":["240325/RemoRecover-240322/6.0.0.229/Samples/remo-recover-windows.exe"],"imageFiles":["240325/RemoRecover-240322/6.0.0.229/Images/ACR-004/ACR-004.PNG","240325/RemoRecover-240322/6.0.0.229/Images/ACR-004/ACR-004_1.PNG","240325/RemoRecover-240322/6.0.0.229/Images/ACR-165/ACR-165_Internal offers_1.png"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.229_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.229","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":366},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","fileVersion":"6.0.0.232","hashMD5":"a0c452bc880c8223c082a9a54aee55bd","hashSHA1":"59b64f8f81cf54085865bde0af53c08f6ee80f94","hashSHA256":"616322795329c1f5d200bba4e93d77496e723d26347fcb5a9c2c3d075ef448a5","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, L=Bengaluru, S=Karnataka, C=IN, SERIALNUMBER=058074, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"637","avBlockList":["ESET Internet Security (20240806)","K7 Total Security (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","Windows Defender (20240806)","FortectPremium (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","G DATA INTERNET SECURITY (20240806)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Quick Heal Internet Security (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)"]},{"isRevoked":"False","fileName":"rs-recover.exe","companyName":"Remo Software","fileVersion":"6.0.0.232","hashMD5":"d7b8579e95192af103736e715d14bc25","hashSHA1":"c57fb88b3ff370a25c664cf18759d1a99800260d","hashSHA256":"f8d4c5f30b364a7dbc6ddd65b01e6f00e88ca19ed9a34132c4891f843e49b6ef","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, L=Bengaluru, S=Karnataka, C=IN, SERIALNUMBER=058074, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"637","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","sourceIndex":"637"}],"sampleFiles":["240522/RemoRecover-240322/6.0.0.232/Samples/remo-recover-windows%20(1).exe","240522/RemoRecover-240322/6.0.0.232/Samples/rs-recover.exe"],"imageFiles":["240522/RemoRecover-240322/6.0.0.232/Images/ACR-004/ACR004.png","240522/RemoRecover-240322/6.0.0.232/Images/ACR-004/ACR004_2.png","240522/RemoRecover-240322/6.0.0.232/Images/ACR-165/ACR165.png"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.232_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.232","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":365},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Remo Recover 6.0\\32\\rs-recover.exe","companyName":"Remo Software","productName":"Remo Recover [Windows]","productVersion":"6.0.0.234","fileVersion":"6.0.0.234","hashMD5":"6f23c264553a2f36139defeb1e925a7e","hashSHA1":"56565e711dbf82a20ad45aecce9256eb20ed2280","hashSHA256":"829ce68d94c871c1c2638c991efcdf35cc21363cfa7c78d70e695f95b571db16","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"618","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.234                                         ","fileVersion":"6.0.0.234           ","hashMD5":"950bfb01d84deb273b3a4993e63d35b8","hashSHA1":"d8f10b482cfbf4d6367cab23c1f7084a2b51f567","hashSHA256":"7c3af8307c60fcca21acb5b00774d2c01ed5ba75ce22548c3450b4393e5358df","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"618","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://download.remosoftware.com/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.remosoftware.com/remo-recover-windows.exe","sourceIndex":"618"}],"sampleFiles":["240624/RemoRecover-240322/6.0.0.234/Samples/remo-recover-windows.exe"],"imageFiles":["240624/RemoRecover-240322/6.0.0.234/Images/ACR-004/ACR-004.PNG","240624/RemoRecover-240322/6.0.0.234/Images/ACR-004/ACR-004_1.PNG","240624/RemoRecover-240322/6.0.0.234/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.234_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.234","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":363},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.241                                         ","fileVersion":"6.0.0.241           ","hashMD5":"5b8b60716ad9eaa2ace347920dbf570d","hashSHA1":"43e5d7a1f6ef168d89104371a0dddfbeb139791a","hashSHA256":"6f0adcf9fbf04406315a1801e2dea6f3c98d90c8176a9ec29978c56144ee9f8a","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"577","avBlockList":["360 Total Security (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)"],"avAllowList":["Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","KasperskyPremium (20240820)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://download.remosoftware.com/remo-recover-windows.exe\t","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.remosoftware.com/remo-recover-windows.exe\t","sourceIndex":"577"}],"sampleFiles":["240805/RemoRecover-240322/6.0.0.241/Samples/remo-recover-windows.exe"],"imageFiles":["240805/RemoRecover-240322/6.0.0.241/Images/ACR-004/ACR-004.PNG","240805/RemoRecover-240322/6.0.0.241/Images/ACR-004/ACR-004_1.PNG","240805/RemoRecover-240322/6.0.0.241/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.241_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.241","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":362},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.242                                         ","fileVersion":"6.0.0.242           ","hashMD5":"3a8a535968281e7cbe93b88b0ec4bbd9","hashSHA1":"8ae09aba04b0b4dc023462665918a081ce3ee16c","hashSHA256":"5419e81835f5c0489e16573be3e84414699ee23018cdf24ffbf2b1376d3ea3c2","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"571","avBlockList":["360 Total Security (20240903)","ESET Internet Security (20240903)","FortectPremium (20240903)","K7 Total Security (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Quick Heal Internet Security (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)","Windows Defender (20240903)"],"avAllowList":["Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","G DATA INTERNET SECURITY (20240903)","KasperskyPremium (20240903)","Malwarebytes Premium (20240903)","McAfee Total Protection (20240903)","Total AV Antivirus Pro (20240903)","Trend Micro Internet Security (20240903)","VIPRE Advanced Security (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://www.remosoftware.com/thank-you-for-downloading-rw","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.remosoftware.com/thank-you-for-downloading-rw","sourceIndex":"571"}],"sampleFiles":["240819/RemoRecover-240322/6.0.0.242/Samples/remo-recover-windows.exe"],"imageFiles":["240819/RemoRecover-240322/6.0.0.242/Images/ACR-004/ACR-004.PNG","240819/RemoRecover-240322/6.0.0.242/Images/ACR-004/ACR-004_1.PNG","240819/RemoRecover-240322/6.0.0.242/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.242_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.242","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":361},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Remo Recover 6.0\\32\\rs-recover.exe","companyName":"Remo Software","productName":"Remo Recover [Windows]","productVersion":"6.0.0.233","fileVersion":"6.0.0.233","hashMD5":"4f0e69f13e5a78266b9181d1663e1315","hashSHA1":"d67ba5677fb8e081547f27b4fbec543827043c98","hashSHA256":"bbdc344158f28eeefe8808d05e0fbf9dd5ec343bd55ec59e52c225d2e00802e5","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"619","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.233                                         ","fileVersion":"6.0.0.233           ","hashMD5":"61f8b0d65f97695fdcc6453fd44c9731","hashSHA1":"cfdf3be90d493763b39fd3c31280bbf7efd7f6f6","hashSHA256":"31e2c794137a53e8d3b22efd8ee744d4833e52bbea8e530aa38a774836d38ea0","digitalCertThumbprint":"14A8114460357D854535F001B3907C3F67D4730E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"619","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","sourceIndex":"619"}],"sampleFiles":["240624/RemoRecover-240322/6.0.0.233/Samples/remo-recover-windows.exe"],"imageFiles":["240624/RemoRecover-240322/6.0.0.233/Images/ACR-004/ACR-004.PNG","240624/RemoRecover-240322/6.0.0.233/Images/ACR-004/ACR-004_1.PNG","240624/RemoRecover-240322/6.0.0.233/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.233_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.233","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":364},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","fileVersion":"6.0","hashMD5":"704f4dbd5d1e27bd909c431f22a39810","hashSHA1":"c972579092ac0010e1c1dbc39cbd9a273b158036","hashSHA256":"c28cdf505539787f348ee50f1ac3143780db62b5329d482167278b9354c36e40","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, S=Karnataka, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=058074","sourceIndex":"227","avBlockList":["360 Total Security (20250701)","Bitdefender Internet Security (20250701)","Dr.Web Security Space (20250701)","ESET Internet Security (20250701)","FortectPremium (20250701)","G DATA INTERNET SECURITY (20250701)","K7 Total Security (20250701)","Malwarebytes Premium (20250701)","Panda Dome (20250701)","Quick Heal Internet Security (20250701)","Sophos Home Premium (20250701)","SpyHunter5 (20250701)","VIPRE Advanced Security (20250701)","VirIT eXplorer PRO (20250701)","Webroot SecureAnywhere (20250701)"],"avAllowList":["Avast Premium Security (20250701)","AVG Internet Security (20250701)","Avira Internet Security (20250701)","COMODO Antivirus (20250701)","KasperskyPremium (20250701)","McAfee Total Protection (20250701)","Norton Security (20250701)","Total AV Antivirus Pro (20250701)","Trend Micro Internet Security (20250701)","Windows Defender (20250701)"]},{"isRevoked":"False","fileName":"rs-recover.exe","companyName":"Remo Software","fileVersion":"6.0","hashMD5":"d167af9f6ca523d9e800cf6c94e93a20","hashSHA1":"a538b220292b62a65a42911d5aa7dbfe0d8a5034","hashSHA256":"b284fb7960f528ba07c760faf38417457af6f825e1ae2d305f3add41f3f3cf3c","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, S=Karnataka, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=058074","sourceIndex":"227","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-recover-windows.exe","sourceIndex":"227"}],"sampleFiles":["250403/RemoRecover-240322/6.0.0.250/Samples/remo-recover-windows.exe","250403/RemoRecover-240322/6.0.0.250/Samples/rs-recover.exe"],"imageFiles":["250403/RemoRecover-240322/6.0.0.250/Images/ACR-004/ACR-004.png","250403/RemoRecover-240322/6.0.0.250/Images/ACR-004/subs.png"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.250_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.250","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T21:44:08.0876105+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":359},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. Cancellation of Auto-renewal via online. 2. when the user receives a notification for renewal.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Remo Recover 6.0\\32\\rs-recover.exe","companyName":"Remo Software","productName":"Remo Recover [Windows]","productVersion":"6.0.0.243","fileVersion":"6.0.0.243","hashMD5":"21fa9ccede8de9d8790f2365843c5bc6","hashSHA1":"d4babe526aa7d4d093521b1da964e9be66c213e6","hashSHA256":"01f36c185478cbbde66d047eeaf1affb725fbfd90ca0f180ecc6fa0726306fc3","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"542","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-recover-windows.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Recover                                                ","productVersion":"6.0.0.243                                         ","fileVersion":"6.0.0.243           ","hashMD5":"0f1185ffb87e085caa7459a1b3a43503","hashSHA1":"d0d7fe5bcb4ca6978ef74e66d4d30e656ada16f8","hashSHA256":"05762207878823c5616dd4050f20d39b95557059dca101c7fd974565f434e109","digitalCertThumbprint":"38C7373AD794C30D18D7F04412B0B6BD54248743","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Remo Software Private Limited","storeId":"","sourceIndex":"542","avBlockList":["360 Total Security (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","K7 Total Security (20241205)","Malwarebytes Premium (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","G DATA INTERNET SECURITY (20241205)","KasperskyPremium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.remosoftware.com/","directDownloadingLink":"https://download.remosoftware.com/remo-recover-windows.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.remosoftware.com/remo-recover-windows.exe","sourceIndex":"542"}],"sampleFiles":["240919/RemoRecover-240322/6.0.0.243/Samples/remo-recover-windows.exe"],"imageFiles":["240919/RemoRecover-240322/6.0.0.243/Images/ACR-004/ACR-004.PNG","240919/RemoRecover-240322/6.0.0.243/Images/ACR-004/ACR-004_1.PNG","240919/RemoRecover-240322/6.0.0.243/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"6d41ccf6-4d8c-497c-bf04-46e2cad088a0_6.0.0.243_1","appID":"RemoRecover-240322","dateAdded":"250403","deceptorType":"App","name":"Remo Recover","company":"Remo Software","version":"6.0.0.243","lastKnownStatus":"6.0.0.229;6.0.0.232;6.0.0.233;6.0.0.234;6.0.0.241;6.0.0.242;6.0.0.243;6.0.0.250","lastKnownDate":"250403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-04-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":360},{"violations":{"ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by collecting user's IP and sharing User's IP in its proxy service.\n","ACR-084":"Application is still running in background and communicating with remote serverprofil24.com even after user disconnects the VPN service and close the application to systray\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"zenshield-vpn-1.0.16-x64.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"1d1d8abfefc18c5d2f8e9362feb877f3","hashSHA1":"51c5cd602373d63de8567da63b625f3152ca2d8f","hashSHA256":"69dad27acd3fbe79049d717f0e63047cefba1f33830a05511deee95626757729","sourceIndex":"233","avBlockList":["Avira Security for Mac (20250513)","Sophos Home Premium For Mac (20250513)","SpyHunterforMac (20250513)","Trend Micro Antivirus for Mac (20250513)"],"avAllowList":["Avast Security for Mac (20250513)","Bitdefender Antivirus for Mac (20250513)","ESET Cyber Security Pro for Mac (20250513)","G DATA AntiVirus for Mac (20250513)","K7 Antivirus for Mac (20250513)","Kaspersky Internet Security for Mac (20250513)","McAfee Internet Security for Mac (20250513)","Norton Security for Mac (20250513)"]},{"isRevoked":"False","fileName":"zenshield-vpn-1.0.16-arm64.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"58c419d70d0fafe647a89656bea39d44","hashSHA1":"998307701c35b48610be95317065c145e4dc6f81","hashSHA256":"d53c4d336f4d62469ff1978a6d237b25a3192600dc20e06fa3c8b528557c8061","sourceIndex":"233","avBlockList":["Avira Security for Mac (20250408)","Sophos Home Premium For Mac (20250408)","SpyHunterforMac (20250408)","Trend Micro Antivirus for Mac (20250408)"],"avAllowList":["Avast Security for Mac (20250408)","Bitdefender Antivirus for Mac (20250408)","ESET Cyber Security Pro for Mac (20250408)","G DATA AntiVirus for Mac (20250408)","K7 Antivirus for Mac (20250408)","Kaspersky Internet Security for Mac (20250408)","McAfee Internet Security for Mac (20250408)","Norton Security for Mac (20250408)"]},{"isRevoked":"False","fileName":"ZenShield%20VPN","fileVersion":"0.","hashMD5":"d721ddef8450937efb6b3035b412ca0e","hashSHA1":"b58463ffde2837ada8b4cc4239885da0cdc1aa68","hashSHA256":"f6392ef3a78be0f07f50d0681926f5657f0825d233aac6486a12b1b243ec7974","sourceIndex":"233","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN ","reference":"","landingPage":"https://zenshield.com","directDownloadingLink":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.16/zenshield-vpn-1.0.16-arm64.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zenshield.s3.fr-par.scw.cloud/desktop-app/updates/1.0.16/zenshield-vpn-1.0.16-arm64.dmg","sourceIndex":"233"}],"sampleFiles":["250307/ZenShieldVPN-250307/1.0.16/Samples/zenshield-vpn-1.0.16-x64.dmg","250307/ZenShieldVPN-250307/1.0.16/Samples/zenshield-vpn-1.0.16-arm64.dmg"],"imageFiles":["250307/ZenShieldVPN-250307/1.0.16/Images/ACR-084/Screenshot 2025-03-07 at 3.56.57 PM.png"],"nonDeceptorImageFiles":[],"guid":"a5e7b06e-d1fd-4a82-b989-f01bc74382f2_1.0.16_1","appID":"ZenShieldVPN-250307","dateAdded":"250307","deceptorType":"MacOS App","name":"ZenShieldVPN","company":"Geonode Pte Ltd","version":"1.0.16","lastKnownStatus":"1.0.16","lastKnownDate":"250307","type":"MacOS App","category":"Personalization & Search, SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer,enterprise","monetization":"net proxy,search","lastUpdate":"2025-03-08T00:16:11.4328298+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":374},{"violations":{"ACR-042":"Application drops undisclosed components (browser profile) without obtain user's permission. \n","ACR-043":"Application doesn't disclose its installation location before it installs in hidden folder with different name.\n","ACR-084":"1. Loading the undisclosed browser profile and launching hidden chrome browser process in background without disclosing its purpose and usage to user. \n2. Process running in background silently without notifying user when user closes the application\n","ACR-116":"Application can't be uninstall by platform standard method\n","ACR-014":"Application doesn't provide the same features as it claims in its landing page(https://flexdocu.com/#features)\n"},"nonDeceptorViolations":{"ACR-038":"Application drops and installs under hidden folder with different name from the application itself.\n"},"samples":[{"isRevoked":"False","fileName":"FlexDocu.exe","isInstaller":"True","companyName":"DocuFlex.com","fileVersion":"1.0","hashMD5":"808e96070d04203b66c2dcdf8ed0561e","hashSHA1":"4fedb130bb90da284aa240a4ff9cf1f089bf727f","hashSHA256":"9b2ddac89d3c5575cb8666586e13544b7488ea2be38bd4b00f6b9da44c7c5923","digitalCertThumbprint":"F438441BFA63C729FC02ECD41D91587441DE35CE","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization, CN=BD RELATIONS LIMITED, SERIALNUMBER=SC748507, O=BD RELATIONS LIMITED, L=Edinburgh, S=Scotland, C=GB","sourceIndex":"235","avBlockList":["Avast Premium Security (20250529)","AVG Internet Security (20250529)","Avira Internet Security (20250529)","ESET Internet Security (20250529)","FortectPremium (20250529)","K7 Total Security (20250529)","KasperskyPremium (20250529)","Malwarebytes Premium (20250529)","McAfee Total Protection (20250529)","Norton Security (20250529)","Panda Dome (20250529)","Quick Heal Internet Security (20250529)","Sophos Home Premium (20250529)","SpyHunter5 (20250529)","Total AV Antivirus Pro (20250529)","VirIT eXplorer PRO (20250529)","Webroot SecureAnywhere (20250529)","Windows Defender (20250529)"],"avAllowList":["360 Total Security (20250529)","Bitdefender Internet Security (20250529)","COMODO Antivirus (20250529)","Dr.Web Security Space (20250529)","G DATA INTERNET SECURITY (20250529)","Trend Micro Internet Security (20250529)","VIPRE Advanced Security (20250529)"]}],"additionalFiles":[],"sources":[{"howFound":"partner repor","reference":"","landingPage":"https://flexdocu.com/","directDownloadingLink":"https://flexdocu.com/FlexDocu.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://flexdocu.com/FlexDocu.exe","sourceIndex":"235"}],"sampleFiles":["250305/FlexDocu-250305/1.0.0.0/Samples/FlexDocu.exe"],"imageFiles":["250305/FlexDocu-250305/1.0.0.0/Images/ACR-043/ACR-043_Install_1.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-043/ACR-043_Install_2.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-043/ACR-043_Install_3.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-042/ACR-042_Install_1.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-084/ACR-084_Software_1.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-084/ACR-084_Software_2.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-014/ACR-014_Software_1.png","250305/FlexDocu-250305/1.0.0.0/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["250305/FlexDocu-250305/1.0.0.0/Images/ACR-038/ACR-038_Install_1.png"],"guid":"e542cb37-40b7-47bb-95df-121bb084a7d2_1.0.0.0_1","appID":"FlexDocu-250305","dateAdded":"250305","deceptorType":"App","name":"FlexDocu","company":"BD RELATIONS LIMITED","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"250305","type":"Windows Executable","category":"Personalization & Search, Productivity","targetOS":"Windows 8,Windows 11,Windows 7,Windows 10","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2025-03-05T22:25:45.5710132+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":375},{"violations":{"ACR-046":"Application hides the unexpected behavior setting (run when my computer starts) and significant changes to system (make opera the default browser) behind an Options link. \n","ACR-124":"Uninstallation adds unnecessary friction to the user's uninstallation decision.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OperaSetup.exe","isInstaller":"True","fileVersion":"117.0","hashMD5":"830bf48f455e8101e11da2190ebd6fcc","hashSHA1":"0771e3feaaf1fdf1bc710002deea2b15ab210c21","hashSHA256":"c5400a43dcac5c46c4ac7c32943ade6288e477b597a55ba7df07160fc596d765","digitalCertThumbprint":"BF684995EFEA2306448FF2930367C60AC0F7172C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Opera Norway AS, O=Opera Norway AS, L=Oslo, S=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"220","avBlockList":["FortectPremium (20250422)","K7 Total Security (20250422)","Quick Heal Internet Security (20250422)","Sophos Home Premium (20250422)","SpyHunter5 (20250422)"],"avAllowList":["360 Total Security (20250422)","Avast Premium Security (20250422)","AVG Internet Security (20250422)","Avira Internet Security (20250422)","Bitdefender Internet Security (20250422)","COMODO Antivirus (20250422)","Dr.Web Security Space (20250422)","ESET Internet Security (20250422)","G DATA INTERNET SECURITY (20250422)","KasperskyPremium (20250422)","Malwarebytes Premium (20250422)","McAfee Total Protection (20250422)","Norton Security (20250422)","Panda Dome (20250422)","Total AV Antivirus Pro (20250422)","Trend Micro Internet Security (20250422)","VIPRE Advanced Security (20250422)","VirIT eXplorer PRO (20250422)","Webroot SecureAnywhere (20250422)","Windows Defender (20250422)"]},{"isRevoked":"False","fileName":"Opera_117.0.5408.35_Setup_x64.exe","isInstaller":"True","companyName":"Opera Software","fileVersion":"117.0","hashMD5":"917cec4275ea6d80871604e9b2774779","hashSHA1":"3f83ed8d8c34acf5739e25e5b580ff4e4129e00b","hashSHA256":"4fc7e236ca434ba5a2622432cc068104862af73793189f9c36857c28267aec05","digitalCertThumbprint":"BF684995EFEA2306448FF2930367C60AC0F7172C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Opera Norway AS, O=Opera Norway AS, L=Oslo, S=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"220","avBlockList":["FortectPremium (20250410)","K7 Total Security (20250410)","Sophos Home Premium (20250410)","SpyHunter5 (20250410)"],"avAllowList":["360 Total Security (20250410)","Avast Premium Security (20250410)","AVG Internet Security (20250410)","Avira Internet Security (20250410)","Bitdefender Internet Security (20250410)","COMODO Antivirus (20250410)","Dr.Web Security Space (20250410)","ESET Internet Security (20250410)","G DATA INTERNET SECURITY (20250410)","KasperskyPremium (20250410)","Malwarebytes Premium (20250410)","McAfee Total Protection (20250410)","Norton Security (20250410)","Panda Dome (20250410)","Quick Heal Internet Security (20250410)","Total AV Antivirus Pro (20250410)","Trend Micro Internet Security (20250410)","VIPRE Advanced Security (20250410)","VirIT eXplorer PRO (20250410)","Webroot SecureAnywhere (20250410)","Windows Defender (20250410)"]},{"isRevoked":"False","fileName":"OperaSetup_softonic.exe","isInstaller":"True","fileVersion":"117.0","hashMD5":"1f5fb1ac3f0fd88cb07b66f42c9537ad","hashSHA1":"1c0385d7dbf01eaa29e8227746f7ccbd81d5a809","hashSHA256":"16a985dc3e64e514a62f64383b8ef26061dc5f2989e566bd057810923e3cd6bb","digitalCertThumbprint":"BF684995EFEA2306448FF2930367C60AC0F7172C","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Opera Norway AS, O=Opera Norway AS, L=Oslo, S=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"220","avBlockList":["ESET Internet Security (20250417)","FortectPremium (20250417)","K7 Total Security (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)"],"avAllowList":["360 Total Security (20250417)","Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","Bitdefender Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","G DATA INTERNET SECURITY (20250417)","KasperskyPremium (20250417)","Malwarebytes Premium (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Panda Dome (20250417)","Total AV Antivirus Pro (20250417)","Trend Micro Internet Security (20250417)","VIPRE Advanced Security (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)","Windows Defender (20250417)"]}],"additionalFiles":[],"sources":[{"howFound":"Browser","reference":"","landingPage":"https://en.softonic.com/s/opera","ipv4":"","ipv6":"","sourceIndex":"220"},{"howFound":"","reference":"","landingPage":"https://www.opera.com/","directDownloadingLink":"https://www.opera.com/computer/thanks?ni=stable&os=windows&gclid=EAIaIQobChMIuPL4lOTQiwMVryKtBh1DXikiEAAYASAAEgJzyfD_BwE","ipv4":"","ipv6":"","sourceIndex":"221"}],"sampleFiles":["250220/Opera-250219/117.0.5408.35/Samples/OperaSetup.exe","250220/Opera-250219/117.0.5408.35/Samples/OperaSetup_softonic.exe"],"imageFiles":["250220/Opera-250219/117.0.5408.35/Images/ACR-046/ACR-046_Install_1.png","250220/Opera-250219/117.0.5408.35/Images/ACR-046/ACR-046_Install_2.png","250220/Opera-250219/117.0.5408.35/Images/ACR-046/ACR-046_Install_3.png","250220/Opera-250219/117.0.5408.35/Images/ACR-124/ACR-124_Uninstall_1.png","250220/Opera-250219/117.0.5408.35/Images/ACR-124/ACR-124_Uninstall_2.png","250220/Opera-250219/117.0.5408.35/Images/ACR-124/ACR-124_Uninstall_3.png"],"nonDeceptorImageFiles":[],"guid":"c6d0d28c-60ac-49e6-b2f7-90372a0fb558_117.0.5408.35_1","appID":"Opera-250219","dateAdded":"250220","deceptorType":"App","name":"OperaBrowser","company":"Opera Software","version":"117.0.5408.35","firstVendorContactDate":"250423","firstAppEsteemReplyDate":"250423","firstResolvedDate":"250423","firstResolvedVersion":"118.0.5461.60","resolved":"TRUE","lastKnownStatus":"117.0.5408.35","lastKnownDate":"250220","type":"Windows Executable","category":"Productivity, Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2025-04-23T22:17:50.0750434+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":376},{"violations":{"ACR-042":"The \"CryptoTab Browser\" components get dropped in one click without presenting EULA/PP and obtaining user's agreement and permission, not disclosing the installation path and allowing user to change it.\n","ACR-043":"The app installs extensions by default without any disclosure & the user's consent.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application anyway.\nNo setting control for user to disable the startup items\n\n","ACR-006":"The app does not disclose the search engine changed during installation.\n","ACR-084":"The app creates undisclosed tasks and startup to perform actions without the consumer's knowledge and consent.\n","ACR-104":"The app does not clearly disclose he search engine (CyptoTab) used and changed.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-065":"The installation prompt has no link to the EULA and/or Terms of Service, private policy\nThe software has no link to the EULA and/or Terms of Service, private policy\n","ACR-036":"The app does not disclose the search relationships with \"Yahoo\" and other search providers details are not disclosed in Docs.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\CryptoTab Browser\\Application\\browser.exe","companyName":"The Chromium and CryptoTab Browser Authors","productName":"CryptoTab Browser","productVersion":"96.0.4664.110","fileVersion":"96.0.4664.110","hashMD5":"5ec252cd804a5409377c1faf7eb784bb","hashSHA1":"1aba1dbb6471860c4ce04b357dee092513758025","hashSHA256":"c071b0a40d094ab61debf1c0d7121f6a2507d3300a371888cba70c5498610585","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1443","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BrowserSetup_MV0kntM.exe","isInstaller":"True","companyName":"CRYPTOCOMPANY OU","productName":"CryptoTab Update","productVersion":"1.3.99.31","fileVersion":"1.3.99.31","hashMD5":"c335e3fd6218d622bdad4f9b1fa3bac6","hashSHA1":"e06ce4c13e3aba92cfc007cdc928a7f020082496","hashSHA256":"3c63d911e4f911f2ba6f411e93ba850091aac9c6c4c962eee914358ac1ac8e0c","digitalCertThumbprint":"AA4FF56213ACAB4F174C4994FABDDF6019662DE3","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1443","avBlockList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Avira Internet Security (20220428)","Bitdefender Internet Security (20220428)","ESET Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","McAfee Total Protection (20220428)","Norton Security (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Tencent PC Manager (20220428)","Total AV Antivirus Pro (20220428)","VIPRE Advanced Security (20220428)","VirIT eXplorer PRO (20220428)"],"avAllowList":["COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","Kaspersky Internet Security (20220428)","Malwarebytes Premium (20220428)","Panda Dome (20220428)","Quick Heal Internet Security (20220428)","Trend Micro Internet Security (20220428)","Webroot SecureAnywhere (20220428)","Windows Defender (20220428)"]}],"additionalFiles":[],"sources":[{"howFound":"Mining browser","reference":"","landingPage":"https://cryptobrowser.site/","directDownloadingLink":"https://cryptobrowser.site/get/BrowserSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cryptobrowser.site/get/BrowserSetup.exe","sourceIndex":"1443"}],"sampleFiles":["220523/CryptoTab-220216/1.3.99.31/Samples/BrowserSetup_MV0kntM.exe"],"imageFiles":["220523/CryptoTab-220216/1.3.99.31/Images/ACR-043/ACR-043_Install_NoDisclosureAboutExtensions.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-042/ACR-042_Install.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-048/ACR-048_Install_No_Control.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-006/ACR-006_Install.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-084/ACR-084_Software_Undisclosed.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-084/ACR-084_Software_Undisclosed_1.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-104/ACR-104_Software.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220523/CryptoTab-220216/1.3.99.31/Images/ACR-065/ACR-065_Install_No_Docs.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-065/ACR-065_Software_No_Docs.JPG","220523/CryptoTab-220216/1.3.99.31/Images/ACR-036/ACR-036_Docs.JPG"],"guid":"92d3bbed-97c0-44c8-9df8-b43ece78d5a8_1.3.99.31_1","appID":"CryptoTab-220216","dateAdded":"250213","deceptorType":"App","name":"Crypto Tab","company":"CRYPTOCOMPANY OU","version":"1.3.99.31","sigName":"Deceptor:Win32/CryptoTab!043042048006084104118","firstResolvedVersion":"","lastKnownStatus":"1.3.99.31;1.3.105.33;131.0.6778.109","lastKnownDate":"250213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-02-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":378},{"violations":{"ACR-043":"The app installs multiple extensions by default without disclosure and without the user's consent.\n","ACR-006":"The app does not disclose the search engine \"CryptoTab meta\" is serving up Yahoo! search results.\n","ACR-104":"The app does not clearly disclose the search engine (CyptoTab) and that it redirects to Yahoo!\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"CTBrowserSetup_9oSBzfjILQ.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"a0fab21c52fb92a79bc492d2eb91d1d6","hashSHA1":"03d14da347c554669916d60e24bee1b540c2822e","hashSHA256":"e10f9d22cdbc39874ce875fd8031c3db26f58daf20ee8ae6a82de9ed2dfc7863","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=CRYPTOCOMPANY OÜ, OU=Cryptocompany OU, O=CRYPTOCOMPANY OÜ, L=Tartu, C=EE, SERIALNUMBER=14448767, OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization","sourceIndex":"237","avBlockList":["360 Total Security (20250508)","Avast Premium Security (20250508)","AVG Internet Security (20250508)","Avira Internet Security (20250508)","Bitdefender Internet Security (20250508)","Dr.Web Security Space (20250508)","ESET Internet Security (20250508)","FortectPremium (20250508)","G DATA INTERNET SECURITY (20250508)","K7 Total Security (20250508)","KasperskyPremium (20250508)","Malwarebytes Premium (20250508)","McAfee Total Protection (20250508)","Norton Security (20250508)","Panda Dome (20250508)","Quick Heal Internet Security (20250508)","Sophos Home Premium (20250508)","SpyHunter5 (20250508)","VIPRE Advanced Security (20250508)","VirIT eXplorer PRO (20250508)","Webroot SecureAnywhere (20250508)"],"avAllowList":["COMODO Antivirus (20250508)","Total AV Antivirus Pro (20250508)","Trend Micro Internet Security (20250508)","Windows Defender (20250508)"]}],"additionalFiles":[],"sources":[{"howFound":"Mining browser","reference":"","landingPage":"https://cryptobrowser.site/","directDownloadingLink":"https://cryptobrowser.site/get/BrowserSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cryptobrowser.site/get/BrowserSetup.exe","sourceIndex":"237"}],"sampleFiles":["250213/CryptoTab-220216/131.0.6778.109/Samples/CTBrowserSetup_9oSBzfjILQ.exe"],"imageFiles":["250213/CryptoTab-220216/131.0.6778.109/Images/ACR-043/Extensions.PNG","250213/CryptoTab-220216/131.0.6778.109/Images/ACR-006/Search.PNG","250213/CryptoTab-220216/131.0.6778.109/Images/ACR-006/Search2.PNG","250213/CryptoTab-220216/131.0.6778.109/Images/ACR-104/Search.PNG","250213/CryptoTab-220216/131.0.6778.109/Images/ACR-104/Search2.PNG"],"nonDeceptorImageFiles":[],"guid":"92d3bbed-97c0-44c8-9df8-b43ece78d5a8_131.0.6778.109_1","appID":"CryptoTab-220216","dateAdded":"250213","deceptorType":"App","name":"Crypto Tab","company":"CRYPTOCOMPANY OU","version":"131.0.6778.109","firstResolvedVersion":"","lastKnownStatus":"1.3.99.31;1.3.105.33;131.0.6778.109","lastKnownDate":"250213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,search,mining","lastUpdate":"2025-02-18T23:57:49.3578134+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":377},{"violations":{"ACR-042":"The \"CryptoTab Browser\" components get dropped prior to obtaining the user's agreement and permission.\n","ACR-043":"The app installs the \"CT Access\" extension by default without disclosure and without the user's consent.\n","ACR-048":"When cancelling the install, the app leaves dropped files behind.\nThe app didn't provide any control to disable the startup within the app's settings.\n\n","ACR-006":"The app does not disclose the search engine \"CryptoTab\" is serving up Yahoo! search results.\n","ACR-084":"The app creates undisclosed tasks and startup to perform actions without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-065":"The installation prompt has no link to the privacy policy.\nThe software has no link to the EULA and/or Terms of Service, private policy\n","ACR-123":"The app does not remove the scheduled tasks even after uninstall\n","ACR-036":"The app does not disclose the search relationships with \"Yahoo\" and other search providers details are not disclosed in Docs.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\CryptoTab Browser\\Application\\browser.exe","companyName":"The Chromium and CryptoTab Browser Authors","productName":"CryptoTab Browser","productVersion":"100.0.4896.127","fileVersion":"100.0.4896.127","hashMD5":"2ee70371cb462efd4008e473a78945f9","hashSHA1":"bb6dd88529b1f4ab0662147fea6943be8455f16f","hashSHA256":"d3309ed148310a6fd01e407b89123f8aca0e521c309f91602acd7c5dfa120bca","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1444","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CryptoCompany\\Update\\1.3.105.33\\CryptoTabCrashHandler.exe","companyName":"CRYPTOCOMPANY OU","productName":"CryptoTab Update","productVersion":"1.3.105.33","fileVersion":"1.3.105.33","hashMD5":"78a1e4539259d5c3b9a08c7202dda82f","hashSHA1":"9fff6f10f75bea5773f83c4e812f8455d345f778","hashSHA256":"22f72e52f4ade9f09f9b54570e6e767b90c2899d332647f64d5e8938c96141c9","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1444","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CryptoCompany\\Update\\1.3.105.33\\CryptoTabCrashHandler64.exe","companyName":"CRYPTOCOMPANY OU","productName":"CryptoTab Update","productVersion":"1.3.105.33","fileVersion":"1.3.105.33","hashMD5":"b03210be81f3d96ad00e78ce6fc6268d","hashSHA1":"9e455b3728b0f2ca8644609e59ef4bca76ad4485","hashSHA256":"882dd82a5b7ba2e288fc195d0ee0e2b31c6b2a7c3eedab77b734604b95c97c3f","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1444","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BrowserSetup_fuIX21v.exe","isInstaller":"True","companyName":"CRYPTOCOMPANY OU","productName":"CryptoTab Update","productVersion":"1.3.105.33","fileVersion":"1.3.105.33","hashMD5":"75ff46ac7d54eb84dc8632c5c2b24f27","hashSHA1":"83891c47ad4b322d6a6548291f1130f38d7239e8","hashSHA256":"89d591d1161c8f959818bb3d5cf7fa2c79dd64b5e376a9791697be416da9efaf","digitalCertThumbprint":"2C1DF7D16EAB13384B949EFEFBB1E1F5FE149DCA","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"CRYPTOCOMPANY OÜ","storeId":"","sourceIndex":"1444","avBlockList":["360 Total Security (20220602)","Avira Internet Security (20220602)","Bitdefender Internet Security (20220602)","ESET Internet Security (20220602)","G DATA INTERNET SECURITY (20220602)","K7 Total Security (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","VIPRE Advanced Security (20220602)","VirIT eXplorer PRO (20220602)","Webroot SecureAnywhere (20220602)"],"avAllowList":["Avast Premium Security (20220602)","AVG Internet Security (20220602)","COMODO Antivirus (20220602)","Dr.Web Security Space (20220602)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20220602)","Panda Dome (20220602)","Quick Heal Internet Security (20220602)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20220602)","Windows Defender (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Mining browser","reference":"","landingPage":"https://cryptobrowser.site/","directDownloadingLink":"https://cryptobrowser.site/get/BrowserSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cryptobrowser.site/get/BrowserSetup.exe","sourceIndex":"1444"}],"sampleFiles":["220523/CryptoTab-220216/1.3.105.33/Samples/BrowserSetup_fuIX21v.exe"],"imageFiles":["220523/CryptoTab-220216/1.3.105.33/Images/ACR-043/ACR-043_Install_NoDisclosureAboutExtensions.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-042/ACR-042_Install.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-048/ACR-048_Install.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-006/ACR-006_Install.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-084/ACR-048_Software.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-084/ACR-048_Software_1.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-048/ACR-048_Software.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-118/ACR0-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220523/CryptoTab-220216/1.3.105.33/Images/ACR-065/ACR-065_Install.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-065/ACR-065_Software.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-123/ACR-123_Uninstall.JPG","220523/CryptoTab-220216/1.3.105.33/Images/ACR-036/ACR-036_Docs.JPG"],"guid":"92d3bbed-97c0-44c8-9df8-b43ece78d5a8_1.3.105.33_1","appID":"CryptoTab-220216","dateAdded":"250213","deceptorType":"App","name":"Crypto Tab","company":"CRYPTOCOMPANY OU","version":"1.3.105.33","firstResolvedVersion":"","lastKnownStatus":"1.3.99.31;1.3.105.33;131.0.6778.109","lastKnownDate":"250213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-02-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":379},{"violations":{"ACR-008":"Application doesn't provide the accessible free solution to fix the issue as paid solution.\n","ACR-085":"Application reduces security posture by showing passwords with less protections than the user authentication that browsers require. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.VH.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"ac34742253dde2adfcb06f0b2612ac3a","hashSHA1":"fb6179333a5206c2527abfc9c6bd463910058f1b","hashSHA256":"6799f4f00e02089bd536a9fb7a9aacf768635ce334c1b6edc12fe77ec7e16c5c","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["Avast Premium Security (20250410)","AVG Internet Security (20250410)","Avira Internet Security (20250410)","Bitdefender Internet Security (20250410)","COMODO Antivirus (20250410)","Dr.Web Security Space (20250410)","ESET Internet Security (20250410)","FortectPremium (20250410)","G DATA INTERNET SECURITY (20250410)","K7 Total Security (20250410)","Malwarebytes Premium (20250410)","McAfee Total Protection (20250410)","Norton Security (20250410)","Panda Dome (20250410)","Quick Heal Internet Security (20250410)","Sophos Home Premium (20250410)","SpyHunter5 (20250410)","Total AV Antivirus Pro (20250410)","VIPRE Advanced Security (20250410)","VirIT eXplorer PRO (20250410)","Webroot SecureAnywhere (20250410)"],"avAllowList":["360 Total Security (20250410)","KasperskyPremium (20250410)","Trend Micro Internet Security (20250410)","Windows Defender (20250410)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.S.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"d2c94f5989310d0ce83ce0b900ebbfe7","hashSHA1":"15605b3a4f3c1901596dc5b511b22aaa86e65e5a","hashSHA256":"c82fd64f02b11334e09a1090c3d54f83327fecafce29752f79c96a31858235a2","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["360 Total Security (20250417)","Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","Bitdefender Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","Malwarebytes Premium (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","Total AV Antivirus Pro (20250417)","VIPRE Advanced Security (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)"],"avAllowList":["KasperskyPremium (20250417)","Panda Dome (20250417)","Trend Micro Internet Security (20250417)","Windows Defender (20250417)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.R.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"dc01587fb026cefb7c3af98069dcb1f6","hashSHA1":"9e69b8d0d11918d7c5a7109c4b5bc0c6b55e6358","hashSHA256":"4b2b22616f4ceef7a9256d9dd1496d7991b158537b0ad5a213ad53f78744ddb9","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["360 Total Security (20250422)","Avast Premium Security (20250422)","AVG Internet Security (20250422)","Avira Internet Security (20250422)","Bitdefender Internet Security (20250422)","Dr.Web Security Space (20250422)","ESET Internet Security (20250422)","FortectPremium (20250422)","G DATA INTERNET SECURITY (20250422)","K7 Total Security (20250422)","Malwarebytes Premium (20250422)","McAfee Total Protection (20250422)","Norton Security (20250422)","Panda Dome (20250422)","Quick Heal Internet Security (20250422)","Sophos Home Premium (20250422)","SpyHunter5 (20250422)","Total AV Antivirus Pro (20250422)","VIPRE Advanced Security (20250422)","VirIT eXplorer PRO (20250422)","Webroot SecureAnywhere (20250422)"],"avAllowList":["COMODO Antivirus (20250422)","KasperskyPremium (20250422)","Trend Micro Internet Security (20250422)","Windows Defender (20250422)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.L.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"0b1780fa5081265a5765d558f607d027","hashSHA1":"1146f35686b12b29947a121fd3e8d3bbbe2c4ac2","hashSHA256":"ca73b2240d13851cb1aa75bdc35a1c95feec7da1e1d34ea4a2871ec58a39dc5e","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["360 Total Security (20250424)","Avast Premium Security (20250424)","AVG Internet Security (20250424)","Avira Internet Security (20250424)","Bitdefender Internet Security (20250424)","COMODO Antivirus (20250424)","Dr.Web Security Space (20250424)","ESET Internet Security (20250424)","FortectPremium (20250424)","G DATA INTERNET SECURITY (20250424)","K7 Total Security (20250424)","Malwarebytes Premium (20250424)","McAfee Total Protection (20250424)","Norton Security (20250424)","Panda Dome (20250424)","Quick Heal Internet Security (20250424)","Sophos Home Premium (20250424)","SpyHunter5 (20250424)","Total AV Antivirus Pro (20250424)","VIPRE Advanced Security (20250424)","VirIT eXplorer PRO (20250424)","Webroot SecureAnywhere (20250424)"],"avAllowList":["KasperskyPremium (20250424)","Trend Micro Internet Security (20250424)","Windows Defender (20250424)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.IM.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"09386009837a29a52e0f6ecf936b592a","hashSHA1":"823d32be8a055f8c1b88dca56cc873fe2bbcd083","hashSHA256":"66290cd7ac303310e94d83a6a6a510088a48eb50b264f85644bb093ce6a8b6fb","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["Avast Premium Security (20250429)","AVG Internet Security (20250429)","Avira Internet Security (20250429)","Bitdefender Internet Security (20250429)","COMODO Antivirus (20250429)","Dr.Web Security Space (20250429)","ESET Internet Security (20250429)","FortectPremium (20250429)","G DATA INTERNET SECURITY (20250429)","K7 Total Security (20250429)","Malwarebytes Premium (20250429)","McAfee Total Protection (20250429)","Norton Security (20250429)","Panda Dome (20250429)","Quick Heal Internet Security (20250429)","Sophos Home Premium (20250429)","SpyHunter5 (20250429)","Total AV Antivirus Pro (20250429)","VIPRE Advanced Security (20250429)","VirIT eXplorer PRO (20250429)","Webroot SecureAnywhere (20250429)"],"avAllowList":["360 Total Security (20250429)","KasperskyPremium (20250429)","Trend Micro Internet Security (20250429)","Windows Defender (20250429)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.E9.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"1bf71859a90cf7b91b349f29584491be","hashSHA1":"bffc6ed5f101fa6867c43a68c5140deaacd3ce57","hashSHA256":"8b84bac5eb6794bf07c11db94bc5fc0ec6fc1b478109c403a0a647f6cbfcebbf","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["360 Total Security (20250501)","Avast Premium Security (20250501)","AVG Internet Security (20250501)","Avira Internet Security (20250501)","Bitdefender Internet Security (20250501)","COMODO Antivirus (20250501)","Dr.Web Security Space (20250501)","ESET Internet Security (20250501)","G DATA INTERNET SECURITY (20250501)","K7 Total Security (20250501)","Malwarebytes Premium (20250501)","McAfee Total Protection (20250501)","Norton Security (20250501)","Panda Dome (20250501)","Quick Heal Internet Security (20250501)","Sophos Home Premium (20250501)","SpyHunter5 (20250501)","Total AV Antivirus Pro (20250501)","VIPRE Advanced Security (20250501)","VirIT eXplorer PRO (20250501)","Webroot SecureAnywhere (20250501)","FortectPremium (20250501)"],"avAllowList":["KasperskyPremium (20250501)","Trend Micro Internet Security (20250501)","Windows Defender (20250501)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.E8.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"7bfaf01292d28b4d38fbe36705616f49","hashSHA1":"e161a14e86e3e34c8152260a2639c7a805ae95b7","hashSHA256":"ed28d8948c3fa0ae97f712d34bd25a69c0b0b7e0ac5ec0a49b7c3e9534a44d4d","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["360 Total Security (20250506)","Avast Premium Security (20250506)","AVG Internet Security (20250506)","Avira Internet Security (20250506)","Bitdefender Internet Security (20250506)","COMODO Antivirus (20250506)","Dr.Web Security Space (20250506)","ESET Internet Security (20250506)","FortectPremium (20250506)","G DATA INTERNET SECURITY (20250506)","K7 Total Security (20250506)","Malwarebytes Premium (20250506)","McAfee Total Protection (20250506)","Norton Security (20250506)","Panda Dome (20250506)","Quick Heal Internet Security (20250506)","Sophos Home Premium (20250506)","SpyHunter5 (20250506)","VIPRE Advanced Security (20250506)","VirIT eXplorer PRO (20250506)","Webroot SecureAnywhere (20250506)"],"avAllowList":["KasperskyPremium (20250506)","Total AV Antivirus Pro (20250506)","Trend Micro Internet Security (20250506)","Windows Defender (20250506)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.E4.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"f4d0eea8ec0a2171ad416314d39bc8c2","hashSHA1":"3df7d6998ad6a57813f7d990e9645d2d281f63ae","hashSHA256":"98ad94de05423fe96750b518111c957a069e8c336ed9557c92d9771ff926e167","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["360 Total Security (20250508)","Avast Premium Security (20250508)","AVG Internet Security (20250508)","Avira Internet Security (20250508)","Bitdefender Internet Security (20250508)","COMODO Antivirus (20250508)","Dr.Web Security Space (20250508)","ESET Internet Security (20250508)","FortectPremium (20250508)","G DATA INTERNET SECURITY (20250508)","K7 Total Security (20250508)","Malwarebytes Premium (20250508)","McAfee Total Protection (20250508)","Norton Security (20250508)","Panda Dome (20250508)","Quick Heal Internet Security (20250508)","Sophos Home Premium (20250508)","SpyHunter5 (20250508)","VIPRE Advanced Security (20250508)","VirIT eXplorer PRO (20250508)","Webroot SecureAnywhere (20250508)"],"avAllowList":["KasperskyPremium (20250508)","Total AV Antivirus Pro (20250508)","Trend Micro Internet Security (20250508)","Windows Defender (20250508)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.B.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"10f91baa7d9d81dfc14276f06b962130","hashSHA1":"0169d6fa1ef475396fb5051b0c98c6b88abf0f8a","hashSHA256":"ebc55498895f5b0e55120494b60469ad0e9b060897c76289b50b9087af6be90f","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Bitdefender Internet Security (20250327)","COMODO Antivirus (20250327)","Dr.Web Security Space (20250327)","ESET Internet Security (20250327)","FortectPremium (20250327)","G DATA INTERNET SECURITY (20250327)","K7 Total Security (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Panda Dome (20250327)","Quick Heal Internet Security (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","VIPRE Advanced Security (20250327)","VirIT eXplorer PRO (20250327)","Webroot SecureAnywhere (20250327)"],"avAllowList":["Avira Internet Security (20250327)","KasperskyPremium (20250327)","Total AV Antivirus Pro (20250327)","Trend Micro Internet Security (20250327)","Windows Defender (20250327)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.A.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"b03864c50bd2e2c426f0f694cd2e9090","hashSHA1":"6cb6657d1ce0caa00421d7228e4b77c592c1cacd","hashSHA256":"97d0426432f4247fedc7c2b7d65bc200980165218b2a4c7611496c9224c07d28","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["360 Total Security (20250401)","Avast Premium Security (20250401)","AVG Internet Security (20250401)","Avira Internet Security (20250401)","Bitdefender Internet Security (20250401)","COMODO Antivirus (20250401)","Dr.Web Security Space (20250401)","ESET Internet Security (20250401)","FortectPremium (20250401)","G DATA INTERNET SECURITY (20250401)","K7 Total Security (20250401)","Malwarebytes Premium (20250401)","McAfee Total Protection (20250401)","Norton Security (20250401)","Panda Dome (20250401)","Quick Heal Internet Security (20250401)","Sophos Home Premium (20250401)","SpyHunter5 (20250401)","Total AV Antivirus Pro (20250401)","VIPRE Advanced Security (20250401)","VirIT eXplorer PRO (20250401)","Webroot SecureAnywhere (20250401)"],"avAllowList":["KasperskyPremium (20250401)","Trend Micro Internet Security (20250401)","Windows Defender (20250401)"]},{"isRevoked":"False","fileName":"Advanced-System-Repair-Pro-RepairTool.9.exe","isInstaller":"True","companyName":"Advanced System Repair, Inc.","fileVersion":"2.0","hashMD5":"5e33c355adeb42619a62d16c1cc1b5d1","hashSHA1":"c51b727d82c88b4babb45769a7e16739dbee9ae1","hashSHA256":"8da13e09345cd78ae1194be0bfc781d631b69fd43a0807c92b2db3f1d89b7ef9","digitalCertThumbprint":"F677147581BBD9AFEE2E2E5F788B142E6DE00B4A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Advanced System Repair Inc, O=Advanced System Repair Inc, L=Newport Coast, S=California, C=US","sourceIndex":"238","avBlockList":["Avast Premium Security (20250403)","AVG Internet Security (20250403)","Avira Internet Security (20250403)","Bitdefender Internet Security (20250403)","COMODO Antivirus (20250403)","Dr.Web Security Space (20250403)","ESET Internet Security (20250403)","FortectPremium (20250403)","G DATA INTERNET SECURITY (20250403)","K7 Total Security (20250403)","Malwarebytes Premium (20250403)","McAfee Total Protection (20250403)","Norton Security (20250403)","Panda Dome (20250403)","Quick Heal Internet Security (20250403)","Sophos Home Premium (20250403)","SpyHunter5 (20250403)","Total AV Antivirus Pro (20250403)","VIPRE Advanced Security (20250403)","VirIT eXplorer PRO (20250403)","Webroot SecureAnywhere (20250403)"],"avAllowList":["360 Total Security (20250403)","KasperskyPremium (20250403)","Trend Micro Internet Security (20250403)","Windows Defender (20250403)"]}],"additionalFiles":[],"sources":[{"howFound":"Apps under monitoring","reference":"AdvancedSystemRepair","landingPage":"https://www.advancedsystemrepair.com/","directDownloadingLink":"https://advancedsystemrepair.com/download.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://advancedsystemrepair.com/download.php","sourceIndex":"238"}],"sampleFiles":["250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.VH.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.S.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.R.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.L.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.IM.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.E9.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.E8.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.E4.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.B.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.A.exe","250210/AdvancedSystemRepair-250210/2.0.0.8/Samples/Advanced-System-Repair-Pro-RepairTool.9.exe"],"imageFiles":["250210/AdvancedSystemRepair-250210/2.0.0.8/Images/ACR-008/ACR-008_Software_1.png","250210/AdvancedSystemRepair-250210/2.0.0.8/Images/ACR-085/ACR-085_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"d60981d6-8296-4cff-bfe9-72b2c53ee51e_2.0.0.8_1","appID":"AdvancedSystemRepair-250210","dateAdded":"250210","deceptorType":"App","name":"AdvancedSystemRepair","company":"Advanced System Repair, Inc","version":"2.0.0.8","lastKnownStatus":"2.0.0.8","lastKnownDate":"250210","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-02-10T23:51:31.9305067+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":380},{"violations":{"ACR-042":"Before obtaining the user's consent, the application drops all its components in the \"C:\\Users\\User\\AppData\\Local\\PacketStream\" path.\n","ACR-043":"The app drops all its components right after executing it, without asking any permission from the user.\n","ACR-107":"The app installs FFmpeg package and doesn't include the open source license or the source code or link to the source code.\n\n","ACR-048":"The app didn't provide any control to enable/disable the startup in software it created & to share network connections for money earning features inside the software. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by sharing an ip/network connection.\n","ACR-084":"The app didn't provide any information to the user regarding the startup it created.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying user.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not provide any control to enable/disable the sharing network connection for money earning feature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\PacketStream\\PacketStream_main.exe","companyName":"PacketStream Team","productName":"PacketStream","productVersion":"20.202.1548.0","fileVersion":"20.202.1548","hashMD5":"91181f46fba803b03bd3cfd1e99c2ad8","hashSHA1":"f85b8cc6d22adbc0dcd34a288745d2c37361ff96","hashSHA256":"e3905f08c82fce00b1f3a0bc257e06f6e81729942e9329d8aa95b088d3f6d698","digitalCertThumbprint":"EB7E798B2930433E1DE51F5D0EE8BD61000C7543","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"PacketStream Inc","storeId":"","sourceIndex":"1735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PacketStream.exe","isInstaller":"True","companyName":"PacketStream Team","productName":"PacketStream","productVersion":"20.202.1548.0","fileVersion":"20.202.1548","hashMD5":"84a4c9b2f8ef322d8300ec1d93596332","hashSHA1":"f3bdeb973c60f15cb54a4100fbeef8656652ff97","hashSHA256":"c36e76b321505a4ef1660d558a08ac572ce7cfd35f256801e1d4cfc765a75998","digitalCertThumbprint":"EB7E798B2930433E1DE51F5D0EE8BD61000C7543","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"PacketStream Inc","storeId":"","sourceIndex":"1735","avBlockList":["Avast Premium Security (20250130)","AVG Internet Security (20250130)","Avira Internet Security (20250130)","Bitdefender Internet Security (20250130)","ESET Internet Security (20250130)","G DATA INTERNET SECURITY (20250130)","Kaspersky Internet Security (20220125)","McAfee Total Protection (20250130)","Norton Security (20250130)","Panda Dome (20250130)","Sophos Home Premium (20250130)","Total AV Antivirus Pro (20250130)","Trend Micro Internet Security (20250130)","VIPRE Advanced Security (20250130)","VirIT eXplorer PRO (20250130)","Webroot SecureAnywhere (20250130)","Windows Defender (20250130)","FortectPremium (20250130)","KasperskyPremium (20250130)"],"avAllowList":["360 Total Security (20250130)","COMODO Antivirus (20250130)","Dr.Web Security Space (20250130)","K7 Total Security (20250130)","Malwarebytes Premium (20250130)","Quick Heal Internet Security (20250130)","SpyHunter5 (20250130)","Tencent PC Manager (20220125)"]}],"additionalFiles":[],"sources":[{"howFound":"Passive Money","reference":"","landingPage":"https://packetstream.io/","directDownloadingLink":"https://packetstream.io/dashboard/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://packetstream.io/dashboard/download","sourceIndex":"1735"}],"sampleFiles":["220111/PacketStream-220107/20.202.1548/Samples/PacketStream.exe"],"imageFiles":["220111/PacketStream-220107/20.202.1548/Images/ACR-043/ACR-043_Install_Drops_All_Files.mp4","220111/PacketStream-220107/20.202.1548/Images/ACR-107/ACR-107_Install_Drops_Third_Party.JPG","220111/PacketStream-220107/20.202.1548/Images/ACR-042/ACR-042_Install_Files_Dropped.mp4","220111/PacketStream-220107/20.202.1548/Images/ACR-084/ACR-084_Software_No_Info.JPG","220111/PacketStream-220107/20.202.1548/Images/ACR-048/ACR-048_Software_No_Control.JPG","220111/PacketStream-220107/20.202.1548/Images/ACR-048/ACR-048_Software_1.jpg","220111/PacketStream-220107/20.202.1548/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG"],"nonDeceptorImageFiles":["220111/PacketStream-220107/20.202.1548/Images/ACR-045/ACR-045_Install_1.jpg"],"guid":"6843f15c-defa-4898-a299-d21f741e8a15_20.202.1548_1","appID":"PacketStream-220107","dateAdded":"250129","deceptorType":"App","name":"Packet Stream","company":"PacketStream Inc","version":"20.202.1548","sigName":"Deceptor:Win32/PacketStream!043107042084048118007","lastKnownStatus":"20.202.1548;2.4.1","lastKnownDate":"250129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":383},{"violations":{"ACR-048":"App provides no controls to cancel borrowing activity.\n","ACR-007":"Provides no information to the user about the reduced security caused by sharing bandwidth.\n","ACR-084":"When opening the app, it only appears in the system tray and does not provide notification to the user that it is running in the background.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PacketStreamInstaller.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"99f8641ecc2bb86dbd1db8fc8cd1df9d","hashSHA1":"9e3ef1b2aa200938d92669be5db7ec2d9c60e574","hashSHA256":"c450d3b57f7c19fc4f2cb331a27643ac2cc996c0e4f7fb7a4911b0cbba201d6d","digitalCertThumbprint":"21860A3E5901638C292010DB5034F56298A8934B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=PacketStream Inc, O=PacketStream Inc, L=Los Angeles, S=California, C=US","sourceIndex":"241","avBlockList":["360 Total Security (20250424)","Bitdefender Internet Security (20250424)","ESET Internet Security (20250424)","FortectPremium (20250424)","G DATA INTERNET SECURITY (20250424)","K7 Total Security (20250424)","KasperskyPremium (20250424)","Malwarebytes Premium (20250424)","McAfee Total Protection (20250424)","Panda Dome (20250424)","Quick Heal Internet Security (20250424)","Sophos Home Premium (20250424)","SpyHunter5 (20250424)","VIPRE Advanced Security (20250424)","VirIT eXplorer PRO (20250424)","Webroot SecureAnywhere (20250424)","Windows Defender (20250424)"],"avAllowList":["Avast Premium Security (20250424)","AVG Internet Security (20250424)","Avira Internet Security (20250424)","COMODO Antivirus (20250424)","Dr.Web Security Space (20250424)","Total AV Antivirus Pro (20250424)","Trend Micro Internet Security (20250424)","Norton Security (20250424)"]},{"isRevoked":"False","fileName":"psclient.exe","fileVersion":"0.0","hashMD5":"ef21a41b1bd1d780fab8284dfc44a9e2","hashSHA1":"13676c39e098b9ba6bbd123d40c8dc04b8fbbb1c","hashSHA256":"a8954e596f4cc0148961bb885c3716ffe44d7d17f5703ebf7ff1dded62e7d850","digitalCertThumbprint":"21860A3E5901638C292010DB5034F56298A8934B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=PacketStream Inc, O=PacketStream Inc, L=Los Angeles, S=California, C=US","sourceIndex":"241","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pslauncher.exe","fileVersion":"0.0","hashMD5":"6f829d71d811867f760bca1743c8be4c","hashSHA1":"901b98ceddb04ad313182ce7104a3df14fcec702","hashSHA256":"16d31212c38f9e0791f93b95bbe49e72aa831211e0b011118060fc5feb8d6b1f","digitalCertThumbprint":"21860A3E5901638C292010DB5034F56298A8934B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=PacketStream Inc, O=PacketStream Inc, L=Los Angeles, S=California, C=US","sourceIndex":"241","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Residential Proxy","reference":"","landingPage":"https://packetstream.io/","directDownloadingLink":"https://packetstream.io/dashboard/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://packetstream.io/dashboard/download","sourceIndex":"241"}],"sampleFiles":["250129/PacketStream-220107/2.4.1/Samples/PacketStreamInstaller.exe","250129/PacketStream-220107/2.4.1/Samples/psclient.exe","250129/PacketStream-220107/2.4.1/Samples/pslauncher.exe"],"imageFiles":["250129/PacketStream-220107/2.4.1/Images/ACR-007/downloadpage.png","250129/PacketStream-220107/2.4.1/Images/ACR-007/InstallFlow1.png","250129/PacketStream-220107/2.4.1/Images/ACR-007/InstallFlow2.png","250129/PacketStream-220107/2.4.1/Images/ACR-084/nonotification.gif","250129/PacketStream-220107/2.4.1/Images/ACR-048/running.png"],"nonDeceptorImageFiles":[],"guid":"6843f15c-defa-4898-a299-d21f741e8a15_2.4.1_1","appID":"PacketStream-220107","dateAdded":"250129","deceptorType":"App","name":"Packet Stream","company":"PacketStream Inc","version":"2.4.1","lastKnownStatus":"20.202.1548;2.4.1","lastKnownDate":"250129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"net proxy","lastUpdate":"2025-01-29T21:58:12.0187898+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":382},{"violations":{"ACR-048":"Resource borrowing activity can't be paused or stopped by consumer immediately\n","ACR-007":"App does not obtain explicit user consent to reduce the system default security posture caused by sharing an IP/network resource.\n","ACR-084":"Application doesn't indicate clearly borrowing is active.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PacketStream.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"246d6743ef6311cc308f8d4b93870d71","hashSHA1":"4e69190e48b31f0bfea9d51582755364dc7b52b5","hashSHA256":"95ce9b1ebd58c0e3bc1a7724a927511583355366780c009f56fc893d6990fb2b","storeId":"PacketStream Inc (F5W4Q74XX9)","sourceIndex":"240","avBlockList":["Avira Security for Mac (20250408)","ESET Cyber Security Pro for Mac (20250408)","K7 Antivirus for Mac (20250408)","Sophos Home Premium For Mac (20250408)","SpyHunterforMac (20250408)","Trend Micro Antivirus for Mac (20250408)"],"avAllowList":["Avast Security for Mac (20250408)","Bitdefender Antivirus for Mac (20250408)","G DATA AntiVirus for Mac (20250408)","Kaspersky Internet Security for Mac (20250408)","McAfee Internet Security for Mac (20250408)","Norton Security for Mac (20250408)"]},{"isRevoked":"False","fileName":"psclient","fileVersion":"0.","hashMD5":"416d5a6acab3a49caca1d6118bc226b7","hashSHA1":"279d72668325f9b2760386eea9f6781ee9584c96","hashSHA256":"7d3b3553e598fc4b4f392644b2209baecc665e095860caca0071bf243b16cf22","sourceIndex":"240","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pslauncher","fileVersion":"0.","hashMD5":"e3c4b08222d2cafc37c055dd1a615470","hashSHA1":"e4c477664926b4bc3fb7b8b68c76538906511d30","hashSHA256":"db16c9b45b81ceec9ed66469dc5c9ab90eb65bf58dc93d82f0ddaa0684a95f22","sourceIndex":"240","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://app.packetstream.io","directDownloadingLink":"https://app.packetstream.io/dashboard/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://app.packetstream.io/dashboard/download","sourceIndex":"240"}],"sampleFiles":["250129/PacketStream-250129/2.4.1/Samples/PacketStream.dmg"],"imageFiles":["250129/PacketStream-250129/2.4.1/Images/ACR-007/Screenshot 2025-01-29 at 2.10.29 PM.png","250129/PacketStream-250129/2.4.1/Images/ACR-084/Screenshot 2025-01-29 at 2.29.50 PM.png","250129/PacketStream-250129/2.4.1/Images/ACR-048/Screenshot 2025-01-29 at 2.29.50 PM.png"],"nonDeceptorImageFiles":[],"guid":"875ba413-709b-4cf4-8c3b-e54b5e0213a8_2.4.1_1","appID":"PacketStream-250129","dateAdded":"250129","deceptorType":"MacOS App","name":"PacketStreamMacOS","company":"PacketStream Inc","version":"2.4.1","lastKnownStatus":"2.4.1","lastKnownDate":"250129","type":"MacOS App","category":"Books & Reference, SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2025-01-29T23:21:38.3379664+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":381},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-014":"The \"Accept\" button on the Opera Browser offer is used for two things: accepting an offer and accepting opera as the default browser. The \"Accept\" button is misleading and confusing because the user is easily led to believe that \"accept\" is only for installing Opera and not for changing his system browser default settings.\n","ACR-039":"No clear indications of the relationship for the monetization components from RisePlatformsInstaller and Carrier app is disclosed to user before offers being prompts\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"quick-cpu-4.11.0.0-installer_85S-421.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.1","hashMD5":"297d22d02efe002a2e946f381534e0d1","hashSHA1":"425d33c111922161b4e02bcec22e8f6396a4b4c8","hashSHA256":"557ca9e31e5ebb59346c2c495820b194b7a8b4b51a4fbb8f43b249aa82b69169","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"242","avBlockList":["360 Total Security (20250410)","Avast Premium Security (20250410)","AVG Internet Security (20250410)","Avira Internet Security (20250410)","Bitdefender Internet Security (20250410)","COMODO Antivirus (20250410)","Dr.Web Security Space (20250410)","ESET Internet Security (20250410)","FortectPremium (20250410)","G DATA INTERNET SECURITY (20250410)","K7 Total Security (20250410)","KasperskyPremium (20250410)","Malwarebytes Premium (20250410)","McAfee Total Protection (20250410)","Norton Security (20250410)","Panda Dome (20250410)","Quick Heal Internet Security (20250410)","Sophos Home Premium (20250410)","SpyHunter5 (20250410)","Total AV Antivirus Pro (20250410)","Trend Micro Internet Security (20250410)","VIPRE Advanced Security (20250410)","VirIT eXplorer PRO (20250410)","Webroot SecureAnywhere (20250410)","Windows Defender (20250410)"],"avAllowList":[]},{"isRevoked":"False","fileName":"yt-free-downloader-1-installer_K-G9XB1.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.1","hashMD5":"7fbd13a0c98811a83686a2d8927b88e7","hashSHA1":"01e10566e643f42fe69ce0684610250caf968979","hashSHA256":"237abb1845c4f25e93e5bde393ddb0a248c065ead4664981d919b24f3cb29312","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"242","avBlockList":["360 Total Security (20250417)","Avast Premium Security (20250417)","Bitdefender Internet Security (20250417)","Dr.Web Security Space (20250417)","ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","KasperskyPremium (20250417)","Malwarebytes Premium (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Panda Dome (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","Trend Micro Internet Security (20250417)","VIPRE Advanced Security (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)","Windows Defender (20250417)"],"avAllowList":["AVG Internet Security (20250417)","Avira Internet Security (20250417)","COMODO Antivirus (20250417)","Total AV Antivirus Pro (20250417)"]},{"isRevoked":"False","fileName":"fakeflashtest-1.1.5-installer_N-7GVi1.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.1","hashMD5":"e91685a8e026a0b4ee304b39053b7e70","hashSHA1":"2035f5e9fe16f5a7f4d9b14a75308a5fadff3ffb","hashSHA256":"938919f5f5d828c2deedccda468d925fe784e9bcbfb79e23a024395216c155a6","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"242","avBlockList":["360 Total Security (20250422)","Avast Premium Security (20250422)","AVG Internet Security (20250422)","Avira Internet Security (20250422)","Bitdefender Internet Security (20250422)","COMODO Antivirus (20250422)","Dr.Web Security Space (20250422)","ESET Internet Security (20250422)","FortectPremium (20250422)","G DATA INTERNET SECURITY (20250422)","K7 Total Security (20250422)","KasperskyPremium (20250422)","Malwarebytes Premium (20250422)","McAfee Total Protection (20250422)","Norton Security (20250422)","Panda Dome (20250422)","Quick Heal Internet Security (20250422)","Sophos Home Premium (20250422)","SpyHunter5 (20250422)","Total AV Antivirus Pro (20250422)","Trend Micro Internet Security (20250422)","VIPRE Advanced Security (20250422)","VirIT eXplorer PRO (20250422)","Webroot SecureAnywhere (20250422)","Windows Defender (20250422)"],"avAllowList":[]},{"isRevoked":"False","fileName":"hashcalc-2.02-installer_Uz-O4R1.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.0","hashMD5":"8d933fd7c0b4c4c86a4960ed6c08295b","hashSHA1":"91df1771bfc9da34055205af45322d08c408a50e","hashSHA256":"d24441763859e2b293ef623eb52c815d9bb69fbd3eabd0db13da83b4f98dc856","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"242","avBlockList":["360 Total Security (20250424)","Avast Premium Security (20250424)","AVG Internet Security (20250424)","Avira Internet Security (20250424)","COMODO Antivirus (20250424)","Dr.Web Security Space (20250424)","ESET Internet Security (20250424)","FortectPremium (20250424)","G DATA INTERNET SECURITY (20250424)","K7 Total Security (20250424)","KasperskyPremium (20250424)","Malwarebytes Premium (20250424)","McAfee Total Protection (20250424)","Norton Security (20250424)","Panda Dome (20250424)","Quick Heal Internet Security (20250424)","Sophos Home Premium (20250424)","SpyHunter5 (20250424)","Total AV Antivirus Pro (20250424)","Trend Micro Internet Security (20250424)","VIPRE Advanced Security (20250424)","VirIT eXplorer PRO (20250424)","Webroot SecureAnywhere (20250424)","Windows Defender (20250424)"],"avAllowList":["Bitdefender Internet Security (20250424)"]},{"isRevoked":"False","fileName":"hp-laserjet-1020-drivers-20120918-installer_SY-orM2.exe","isInstaller":"True","companyName":"Softonic","fileVersion":"3.0","hashMD5":"e17be1dfa33461ca03f2b5b7be96619c","hashSHA1":"983088a5008fe210f6fd6d461da9b86f1e955804","hashSHA256":"9f80c0a98833606f3c443a73a4fe954ed7a27789ecabe89b0c87251d799d32c9","digitalCertThumbprint":"84E984BA9D1062D8A34226D22D4641494B50C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Sigma Gold (Rise Code LTD), O=Sigma Gold (Rise Code LTD), S=Tel Aviv, C=IL","sourceIndex":"242","avBlockList":["360 Total Security (20250403)","Avast Premium Security (20250403)","AVG Internet Security (20250403)","Avira Internet Security (20250403)","Bitdefender Internet Security (20250403)","COMODO Antivirus (20250403)","Dr.Web Security Space (20250403)","ESET Internet Security (20250403)","FortectPremium (20250403)","G DATA INTERNET SECURITY (20250403)","K7 Total Security (20250403)","KasperskyPremium (20250403)","Malwarebytes Premium (20250403)","McAfee Total Protection (20250403)","Norton Security (20250403)","Panda Dome (20250403)","Quick Heal Internet Security (20250403)","Sophos Home Premium (20250403)","SpyHunter5 (20250403)","Total AV Antivirus Pro (20250403)","Trend Micro Internet Security (20250403)","VIPRE Advanced Security (20250403)","VirIT eXplorer PRO (20250403)","Webroot SecureAnywhere (20250403)","Windows Defender (20250403)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Security Partner report","reference":"","landingPage":"https://www.softonic.pl/","directDownloadingLink":"https://www.softonic.pl/download-launch?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2QydnVnNWh4aXZxZHk2LmNsb3VkZnJvbnQubmV0L2h1L3hyNHg0d2EzbTYvYWh5LzExLjA3NTUiLCJhcHBJZCI6IjE3ZjczYzljLTk2ZDUtMTFlNi1iMjE3LTAwMTYzZWM5ZjVmYSIsInBsYXRmb3JtSWQiOiJ3aW5kb3dzIiwiaWF0IjoxNzM3NzIxNzk3LCJleHAiOjE3Mzc3MjUzOTd9.3kc02SzYvApV30Mkr7PtnRWV1dsDtrJmhfuFt3FGExw","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softonic.pl/download-launch?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2QydnVnNWh4aXZxZHk2LmNsb3VkZnJvbnQubmV0L2h1L3hyNHg0d2EzbTYvYWh5LzExLjA3NTUiLCJhcHBJZCI6IjE3ZjczYzljLTk2ZDUtMTFlNi1iMjE3LTAwMTYzZWM5ZjVmYSIsInBsYXRmb3JtSWQiOiJ3aW5kb3dzIiwiaWF0IjoxNzM3NzIxNzk3LCJleHAiOjE3Mzc3MjUzOTd9.3kc02SzYvApV30Mkr7PtnRWV1dsDtrJmhfuFt3FGExw","sourceIndex":"242"}],"sampleFiles":["250128/RisePlatformsInstaller-250124/3.1.0/Samples/quick-cpu-4.11.0.0-installer_85S-421.exe","250128/RisePlatformsInstaller-250124/3.1.0/Samples/yt-free-downloader-1-installer_K-G9XB1.exe","250128/RisePlatformsInstaller-250124/3.1.0/Samples/fakeflashtest-1.1.5-installer_N-7GVi1.exe","250128/RisePlatformsInstaller-250124/3.1.0/Samples/hashcalc-2.02-installer_Uz-O4R1.exe","250128/RisePlatformsInstaller-250124/3.1.0/Samples/hp-laserjet-1020-drivers-20120918-installer_SY-orM2.exe"],"imageFiles":["250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-013/ACR-013_Install_1.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-013/ACR-013_Install_2.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-039/ACR-039_Install_1.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-039/ACR-039_Install_2.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-014/ACR-014_Install_1.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-060/ACR-014_Install_1.png","250128/RisePlatformsInstaller-250124/3.1.0/Images/ACR-060/ACR-013_Install_1.png"],"nonDeceptorImageFiles":[],"guid":"58687cb7-6947-4dbd-a812-0138650640d2_3.1.0_1","appID":"RisePlatformsInstaller-250124","dateAdded":"250128","deceptorType":"Bundler","name":"RisePlatformsInstaller","company":"Sigma Gold (Rise Code LTD)","version":"3.1.0","lastKnownStatus":"3.1.0","lastKnownDate":"250128","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"install offers","lastUpdate":"2025-01-28T21:14:47.9975318+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":384},{"violations":{"ACR-004":"App only provide one time free fix for the items reported during free scan, and requires register/payment to perform further fix.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pcdsetup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c3d8621fd8c82c37e2b3416cb18b0f0b","hashSHA1":"bf1faf2f85e0a2fc59484667d89377f3c34d10a5","hashSHA256":"5bb4618c2881a2d00fdb7beb57aefc68c85ea01b394bd279158ed280144e7b2c","digitalCertThumbprint":"06B83948E25D00946766504F0DB4B09DF465726A","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Aegis Software Services, LLC\", O=\"Aegis Software Services, LLC\", L=Surfside Beach, S=South Carolina, C=US, SERIALNUMBER=7051609, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"243","avBlockList":["ESET Internet Security (20250417)","FortectPremium (20250417)","G DATA INTERNET SECURITY (20250417)","K7 Total Security (20250417)","KasperskyPremium (20250417)","Malwarebytes Premium (20250417)","Panda Dome (20250417)","Quick Heal Internet Security (20250417)","Sophos Home Premium (20250417)","SpyHunter5 (20250417)","VirIT eXplorer PRO (20250417)","Webroot SecureAnywhere (20250417)"],"avAllowList":["360 Total Security (20250417)","Avast Premium Security (20250417)","AVG Internet Security (20250417)","Avira Internet Security (20250417)","Bitdefender Internet Security (20250417)","COMODO Antivirus (20250417)","Dr.Web Security Space (20250417)","McAfee Total Protection (20250417)","Norton Security (20250417)","Total AV Antivirus Pro (20250417)","Trend Micro Internet Security (20250417)","VIPRE Advanced Security (20250417)","Windows Defender (20250417)"]},{"isRevoked":"False","fileName":"PrivacyScanner.exe","fileVersion":"1.2","hashMD5":"ecabbe06aa2137bb4b9cbd5a1a9f7bd0","hashSHA1":"99d09bd0461f92f81827aa85da714bd85113fa17","hashSHA256":"35b9243da32a0c1c65bbc98474f27c479e7254deb188dc3e35073d0fabc80324","digitalCertThumbprint":"0F02B90538C6B28648766A68785C3373E0279BAF","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Aegis Software Services, LLC\", O=\"Aegis Software Services, LLC\", L=Surfside Beach, S=South Carolina, C=US, SERIALNUMBER=7051609, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"243","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Vendor Sign-ups","reference":"","landingPage":"https://privacyscanner.com/","directDownloadingLink":"https://privacyscanner.com/download.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://privacyscanner.com/download.php","sourceIndex":"243"}],"sampleFiles":["250122/PrivacyScanner-250121/1.2.9.0/Samples/pcdsetup.exe","250122/PrivacyScanner-250121/1.2.9.0/Samples/PrivacyScanner.exe"],"imageFiles":["250122/PrivacyScanner-250121/1.2.9.0/Images/ACR-004/NoFreeRepairs.PNG"],"nonDeceptorImageFiles":[],"guid":"b3a15987-9125-419c-b28b-c1e98b0169e0_1.2.9.0_1","appID":"PrivacyScanner-250121","dateAdded":"250122","deceptorType":"App","name":"Privacy Scanner","company":"Patriot Digital Solutions, Ltd","version":"1.2.9.0","lastKnownStatus":"1.2.9.0","lastKnownDate":"250122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-01-22T23:05:52.3378869+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":385},{"violations":{"ACR-048":"Disabling x-finder has no effect. The app restricts users from modifying the default search engine settings by disabling the \"Make Default\" option for each options. \n","ACR-006":"Search queries entered into the search box are redirected to the undisclosed search engine (potterfun.com, gamic.me during testing) via intermediary domains ai-search.org and another site (search-more.com and g.query2search.com) while queries entered using the address (URL) bar are redirected to Google.\n","ACR-086":"Search queries data are redirected to the undisclosed search engine without notifying user.\n"},"nonDeceptorViolations":{"ACR-065":"The app must disclose EULA during installation.\nThe app must disclose the EULA within the software.\n","ACR-035":"No EULA/Terms of Service is provided for the app.\n","ACR-036":"The search relationship with the search providers is not disclosed on the landing page or in the documentation.\n"},"samples":[{"isRevoked":"False","fileName":"NinjaBrowser_installer.exe","isInstaller":"True","companyName":"NinjaBrowser                                                ","fileVersion":"0.0","hashMD5":"53e7fe6d3a14014c4491fa354b09892c","hashSHA1":"3f6c3ae7e0225592f833b3584073ed0ef0b9418f","hashSHA256":"ab9ec62cf6570828cf39c285d1fab954ba12e001cc3d7d3b5c1c986f0388b6fa","sourceIndex":"245","avBlockList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Avira Internet Security (20250327)","Bitdefender Internet Security (20250327)","COMODO Antivirus (20250327)","Dr.Web Security Space (20250327)","ESET Internet Security (20250327)","FortectPremium (20250327)","G DATA INTERNET SECURITY (20250327)","K7 Total Security (20250327)","KasperskyPremium (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Panda Dome (20250327)","Quick Heal Internet Security (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","Total AV Antivirus Pro (20250327)","VIPRE Advanced Security (20250327)","Webroot SecureAnywhere (20250327)","VirIT eXplorer PRO (20250327)"],"avAllowList":["Trend Micro Internet Security (20250327)","Windows Defender (20250327)"]},{"isRevoked":"False","fileName":"NinjaBrowser.exe","companyName":"The Ninja Browser Authors","fileVersion":"128.0","hashMD5":"14db7cdebba564a7bdca859cfb9d3cdc","hashSHA1":"1ca2783cdf2a8df9fb3fb12ce2156a52da4fb2a7","hashSHA256":"a3050e6c558d0e9aff0859687439fe891a526a3347ef35aeedcbb8277e5e91c5","sourceIndex":"245","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://nb-download.com/","directDownloadingLink":"https://nb-download.com/installer/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://nb-download.com/installer/setup.exe","sourceIndex":"245"}],"sampleFiles":["250116/NinjaBrowser-240102/128.0.6613.123/Samples/NinjaBrowser_installer.exe","250116/NinjaBrowser-240102/128.0.6613.123/Samples/NinjaBrowser.exe"],"imageFiles":["250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-086/addressbar.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-086/searchbar.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-086/searchbar_2.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-048/ACR-048_Software_1.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-006/searchbar_2.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-006/searchbar.mp4","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-006/addressbar.mp4"],"nonDeceptorImageFiles":["250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-065/ACR-065_Install_1.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-065/ACR-065_Software_1.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-036/ACR-036_Docs_1.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-036/ACR-036_Docs_2.png","250116/NinjaBrowser-240102/128.0.6613.123/Images/ACR-036/ACR-036_Docs_3.png"],"guid":"2413ae1b-0096-4c66-b57e-d0ad94623d15_128.0.6613.123_1","appID":"NinjaBrowser-240102","dateAdded":"250116","deceptorType":"App","name":"Ninja Browser","company":"Ninja Browser Inc.","version":"128.0.6613.123","lastKnownStatus":"128.0.6613.123","lastKnownDate":"250116","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"search","lastUpdate":"2025-01-16T19:30:30.6176183+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":386},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline. \n","ACR-059":"Offer is not clearly marked as optional.\n","ACR-155":"Unrelated offer is disguised as part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TLauncher-Installer-1.6.0.exe","isInstaller":"True","companyName":"TLauncher Inc.","fileVersion":"2.9307","hashMD5":"57e620a87b7833573da5f0bde42b5500","hashSHA1":"2a96e628e785400a5e43da2456cc3f166fea10b3","hashSHA256":"62eb81b2347c51e94f7fea399714645aa456c732dcb71425ddd2c35102643901","digitalCertThumbprint":"EC074F3C9C6126055A094D75B97D7940BF353CA2","digitalCertIssuer":"C=US, S=Illinois, L=Chicago, O=\"Trustwave Holdings, Inc.\", CN=\"Trustwave Global Code Signing CA, Level 1\"","digitalCertIssuedTo":"C=SC, L=Victoria, O=TLauncher Inc., CN=TLauncher Inc.","sourceIndex":"247","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted to DeceptorReport","reference":"","landingPage":"https://tlauncher.org/en/","directDownloadingLink":"https://tlauncher.org/installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://tlauncher.org/installer","sourceIndex":"247"}],"sampleFiles":["250114/TLauncher-250114/2.9307/Samples/TLauncher-Installer-1.6.0.exe"],"imageFiles":["250114/TLauncher-250114/2.9307/Images/ACR-055/operaoffer.png","250114/TLauncher-250114/2.9307/Images/ACR-013/operaoffer.png","250114/TLauncher-250114/2.9307/Images/ACR-059/operaoffer.png","250114/TLauncher-250114/2.9307/Images/ACR-155/operaoffer.png"],"nonDeceptorImageFiles":[],"guid":"027279ea-8532-4580-b790-bf98a36b4c66_2.9307_1","appID":"TLauncher-250114","dateAdded":"250114","deceptorType":"App","name":"TLauncher","company":"TLauncher Inc.","version":"2.9307","type":"Windows Executable","category":"Games","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers,up-sell to paid","lastUpdate":"2025-01-15T00:00:06.7275321+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":387},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n","ACR-155":"Unrelated Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"burnaware_free_18.3.exe","isInstaller":"True","companyName":"Burnaware                                                   ","fileVersion":"18.3","hashMD5":"da02640b1d3b9e36434fc3c3ff3966cd","hashSHA1":"bbbb8451e83e6e44b3ae8bcafc55e955c179c7d2","hashSHA256":"b7933e3167b18650688d2f63bf30d3a8c45b5be6a43b004d0372f42bf07cc019","digitalCertThumbprint":"0EDB486D58145DD42D712A6AF1B0FC48E0EF5153","digitalCertIssuer":"CN=Microsoft ID Verified CS EOC CA 01, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"265","avBlockList":["Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","FortectPremium (20250116)","K7 Total Security (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":["360 Total Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","G DATA INTERNET SECURITY (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Quick Heal Internet Security (20250116)","Trend Micro Internet Security (20250116)"]}],"additionalFiles":[],"sources":[{"howFound":"discovered through a search for the optional offer (WinX DVD Ripper)during the Glorylogic app installation","reference":"","landingPage":"https://www.burnaware.com/","directDownloadingLink":"https://www.burnaware.com/downloads/burnaware_free_18.3.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.burnaware.com/downloads/burnaware_free_18.3.exe","sourceIndex":"265"}],"sampleFiles":["241223/BurnAwareFree-241218/18.3.0.0/Samples/burnaware_free_18.3.exe"],"imageFiles":["241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-055/ACR-055_Install_1.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-055/ACR-055_Install_2.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-013/ACR-013_Install_1.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-013/ACR-013_Install_2.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-059/ACR-059_Bundler-made offers_2.png","241223/BurnAwareFree-241218/18.3.0.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"0c2d623e-3dd0-426f-969f-940e23bf0717_18.3.0.0_1","appID":"BurnAwareFree-241218","dateAdded":"250114","deceptorType":"App","name":"BurnAware Free","company":"Burnaware","version":"18.3.0.0","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"250115","firstResolvedVersion":"18.4.1","resolved":"TRUE","lastKnownStatus":"18.3.0.0;18.4","lastKnownDate":"250114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers","lastUpdate":"2025-01-15T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":389},{"violations":{"ACR-004":"The application doesn't offer free fixes for free scanning items that are not the recurring items generated by system, instead requiring users to pay for a subscription to resolve them. \n","ACR-014":"The application doesn't offer free fixes for app features leaving operations incomplete, instead requiring users to pay for a subscription to resolve them. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PAssist_ProDemo_20250110.15994084.exe","isInstaller":"True","companyName":"AOMEI International Network Limited.                        ","fileVersion":"10.7","hashMD5":"2a3cf5b35d2b8321877bb5f78c674c81","hashSHA1":"735c26731797f3e68b66a4049196a0169caa5f3c","hashSHA256":"36c0b13972a4663aaf61808d3e0a7a497ba331f99f59f71cc4250a7644c88dfd","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"246","avBlockList":["COMODO Antivirus (20250327)","ESET Internet Security (20250327)","FortectPremium (20250327)","K7 Total Security (20250327)","Panda Dome (20250327)","Quick Heal Internet Security (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","VirIT eXplorer PRO (20250327)","Webroot SecureAnywhere (20250327)"],"avAllowList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Avira Internet Security (20250327)","Bitdefender Internet Security (20250327)","Dr.Web Security Space (20250327)","G DATA INTERNET SECURITY (20250327)","KasperskyPremium (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Total AV Antivirus Pro (20250327)","Trend Micro Internet Security (20250327)","VIPRE Advanced Security (20250327)","Windows Defender (20250327)"]},{"isRevoked":"False","fileName":"PartAssist.exe","companyName":"AOMEI Technology Co., Ltd.","fileVersion":"10.7","hashMD5":"d0f1ad8a8212dddce42f63a3db214ed5","hashSHA1":"743e6aa126fa7a0ba4e961692ada022137b6759b","hashSHA256":"fd05e5412e44119e8ffb674d738a70b2b88693ebaa3136d6b5b653ed634f5cb0","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"246","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"aomei fast recovery","landingPage":"https://www.aomei.de/partition-manager/","directDownloadingLink":"https://www2.aomeisoftware.com/download/pa/PAssist_ProDemo.exe?cfv=20250115.15994084","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www2.aomeisoftware.com/download/pa/PAssist_ProDemo.exe?cfv=20250115.15994084","sourceIndex":"246"}],"sampleFiles":["250114/AOMEIPartitionAssistant-250114/10.7.0.0/Samples/PAssist_ProDemo_20250110.15994084.exe","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Samples/PartAssist.exe"],"imageFiles":["250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-004/ACR-014_Software_5.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-004/ACR-014_Software_3.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_1.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_2.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_3.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_4.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_5.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_6.png","250114/AOMEIPartitionAssistant-250114/10.7.0.0/Images/ACR-014/ACR-014_Software_7.png"],"nonDeceptorImageFiles":[],"guid":"f0c45785-75a7-462f-893d-24a2afca37c1_10.7.0.0_1","appID":"AOMEIPartitionAssistant-250114","dateAdded":"250114","deceptorType":"App","name":"AOMEI Partition Assistant","company":"AOMEI International Network Limited","version":"10.7.0.0","lastKnownStatus":"10.7.0.0","lastKnownDate":"250114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-15T00:11:48.8639686+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":390},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n","ACR-155":"Unrelated Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"burnaware_free_18.4.exe","isInstaller":"True","companyName":"Burnaware                                                   ","fileVersion":"18.4","hashMD5":"34a439c1163ca6f51e776384e1b1b58c","hashSHA1":"31123bb88b76f9c9e49bc9010064bc1635a7deda","hashSHA256":"0299fa472a98cb28f43d10823a9a96f3e64cadbcfdc7fcab929157b97a5137ac","digitalCertThumbprint":"50E67BD214FC6A4449E18A6C47542EF4846E7D7C","digitalCertIssuer":"CN=Microsoft ID Verified CS AOC CA 01, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"244","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Follow-up","reference":"","landingPage":"https://www.burnaware.com/","directDownloadingLink":"https://www.burnaware.com/downloads/burnaware_free_18.3.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.burnaware.com/downloads/burnaware_free_18.3.exe","sourceIndex":"244"}],"sampleFiles":["250114/BurnAwareFree-241218/18.4/Samples/burnaware_free_18.4.exe"],"imageFiles":["250114/BurnAwareFree-241218/18.4/Images/ACR-055/ACR-055_Install_2.png","250114/BurnAwareFree-241218/18.4/Images/ACR-013/ACR-013_Install_2.png","250114/BurnAwareFree-241218/18.4/Images/ACR-059/ACR-059_Bundler-made offers_2.png","250114/BurnAwareFree-241218/18.4/Images/ACR-155/offer.png"],"nonDeceptorImageFiles":[],"guid":"0c2d623e-3dd0-426f-969f-940e23bf0717_18.4_1","appID":"BurnAwareFree-241218","dateAdded":"250114","deceptorType":"App","name":"BurnAware Free","company":"Burnaware","version":"18.4","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"250115","firstResolvedVersion":"18.4.1","resolved":"TRUE","lastKnownStatus":"18.3.0.0;18.4","lastKnownDate":"250114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,install offers","lastUpdate":"2025-01-17T02:16:41.8729363+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":388},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FastRecoveryTrial_20250110.15994084.exe","isInstaller":"True","companyName":"AOMEI International Network Limited.                        ","fileVersion":"3.0","hashMD5":"9ac69b27b3147edc287b03ce33b99e9f","hashSHA1":"b3e36351e41996a8d65de802944c2f9363e01f83","hashSHA256":"32d0b6708a3728846a3305b6c9550bb6fe2cff8ef4f46950eb11864433877e19","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"248","avBlockList":["COMODO Antivirus (20250327)","ESET Internet Security (20250327)","K7 Total Security (20250327)","Panda Dome (20250327)","Sophos Home Premium (20250327)","SpyHunter5 (20250327)","VirIT eXplorer PRO (20250327)","Webroot SecureAnywhere (20250327)","FortectPremium (20250327)"],"avAllowList":["360 Total Security (20250327)","Avast Premium Security (20250327)","AVG Internet Security (20250327)","Avira Internet Security (20250327)","Bitdefender Internet Security (20250327)","Dr.Web Security Space (20250327)","G DATA INTERNET SECURITY (20250327)","KasperskyPremium (20250327)","Malwarebytes Premium (20250327)","McAfee Total Protection (20250327)","Norton Security (20250327)","Quick Heal Internet Security (20250327)","Total AV Antivirus Pro (20250327)","Trend Micro Internet Security (20250327)","VIPRE Advanced Security (20250327)","Windows Defender (20250327)"]},{"isRevoked":"False","fileName":"FastRecovery.exe","companyName":"AOMEI International Network Limited","fileVersion":"3.0","hashMD5":"b2b99c92017bc58e90c80588588fc5d9","hashSHA1":"5b908bfdd2c14c75b2bf1f0a12fdeed172057536","hashSHA256":"1a33f41fb9b888119331e85928d654e705fe8bebce7eb06cfbfa09021591119b","digitalCertThumbprint":"257F56D595316F1E2810D992911AC064E193830C","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=AOMEI International Network Limited, O=AOMEI International Network Limited, S=Hong Kong, C=HK","sourceIndex":"248","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.diskpart.com/de/data-fast-recovery/download.html","directDownloadingLink":"https://www2.aomeisoftware.com/download/afr/FastRecoveryTrial.exe?cfv=20250113.16041592","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www2.aomeisoftware.com/download/afr/FastRecoveryTrial.exe?cfv=20250113.16041592","sourceIndex":"248"}],"sampleFiles":["250113/AOMEIFastRecovery-250113/3.0.0/Samples/FastRecoveryTrial_20250110.15994084.exe","250113/AOMEIFastRecovery-250113/3.0.0/Samples/FastRecovery.exe"],"imageFiles":["250113/AOMEIFastRecovery-250113/3.0.0/Images/ACR-004/ACR-004_Software_1.png","250113/AOMEIFastRecovery-250113/3.0.0/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"4d36cbd6-101c-4178-8888-eb382f1bc3b8_3.0.0_1","appID":"AOMEIFastRecovery-250113","dateAdded":"250113","deceptorType":"App","name":"AOMEI Fast Recovery","company":"AOMEI International Network Limited","version":"3.0.0","lastKnownStatus":"3.0.0","lastKnownDate":"250113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-13T20:16:41.7494637+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":391},{"violations":{"ACR-003":"The app uses vague descriptions such as \"dirty\" and \"dangerous\" to describe the system status without any substantiation or what those descriptors even mean. When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer. \n","ACR-004":"The app uses vague descriptors to highlight problems, such as \"dirty\" or \"dangerous\" without substantiation. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix. \n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"dirty\", \"dangerous\", or \"critical\". Such descriptions are unfair and misleading because they are not substantiated and do not provide any real insight to what the problem is. \n"},"nonDeceptorViolations":{"ACR-065":"The install wizard contains no obvious links to the app's EULA or Terms of Service, etc. \nThe app contains no obvious links to a EULA or Terms of Service, etc. \n","ACR-161":"The app claims an \"editor's choice\" rating of five stars, yet there is no indication as to what such editor is and no way to verify the raiting. \nThe app's page claims that it has over 16,000 five-star ratings, yet there is no way to see where these ratings are from and no way to verify whether such ratings are true. \n","ACR-036":"No obvious EULA or TOS is present\n"},"samples":[{"isRevoked":"False","fileName":"MacShiny.pkg","isInstaller":"True","companyName":"Cyan Soft Ltd.","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"30449c50b581613b0ebbeaf18d3fa1a4e402a55d3801056cf1c6363e496ce6f9","sourceIndex":"555","avBlockList":["360 Total Security (20190422)","Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","Bitdefender Internet Security (20190422)","Dr.Web Security Space (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","Kaspersky Internet Security (20190422)","VIPRE Advanced Security (20190422)","Windows Defender (20190422)","Avast Security for Mac (20240910)","Avira Security for Mac (20240910)","Bitdefender Antivirus for Mac (20240910)","ESET Cyber Security Pro for Mac (20240910)","G DATA AntiVirus for Mac (20240910)","K7 Antivirus for Mac (20240910)","Kaspersky Internet Security for Mac (20240910)","McAfee Internet Security for Mac (20240910)","Norton Security for Mac (20210810)","Sophos Home Premium For Mac (20240910)","Trend Micro Antivirus for Mac (20240910)","SpyHunterforMac (20240910)"],"avAllowList":["COMODO Antivirus (20190422)","F-PROT Antivirus for Windows (20190422)","Malwarebytes Premium (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)","Tencent PC Manager (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)"]},{"isRevoked":"False","fileName":"MacShiny.app.zip","companyName":"Cyan Soft Ltd.","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"87878625e2d07db61aa68fadb89c69fba49f0d0d813905e21b9d55d78cb6170e","sourceIndex":"555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny-190514","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"371996f61ac903bab17f0269d65e8864bb14b35b932ea33d7477b803926b0fb2","sourceIndex":"555","avBlockList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","ESET Cyber Security Pro for Mac (20241010)","G DATA AntiVirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","McAfee Internet Security for Mac (20241010)","Norton Security for Mac (20241010)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["K7 Antivirus for Mac (20241010)","Sophos Home Premium For Mac (20241010)"]},{"isRevoked":"False","fileName":"MacShiny-190514.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"98673e9cdb87f3e19534f6aedce5889db06e77e9993ee67d5154f4c23fd85ec0","sourceIndex":"555","avBlockList":["Avast Security for Mac (20241112)","Avira Security for Mac (20241112)","Bitdefender Antivirus for Mac (20241112)","ESET Cyber Security Pro for Mac (20241112)","G DATA AntiVirus for Mac (20241112)","K7 Antivirus for Mac (20241112)","Kaspersky Internet Security for Mac (20241112)","McAfee Internet Security for Mac (20241112)","Norton Security for Mac (20241112)","Sophos Home Premium For Mac (20241112)","SpyHunterforMac (20241112)","Trend Micro Antivirus for Mac (20241112)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny[2].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"efdf6322b11dc64c7d9162995f4ff14a","hashSHA1":"3f280113c6843086a8c2e8eb57a888531a85c080","hashSHA256":"687bc22d8ffe4cbd5c3922f62397b746746213552d6badb88f45f738cea2c92a","sourceIndex":"555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny [2].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"4acc7c92306b74d480588af1c7a32631","hashSHA1":"137979640f8eeb5aaa68598b226dbe9f7893e4ec","hashSHA256":"77d21496a596c81acc6110e21f9d5282391d8900df573173fa191b91dbb07076","sourceIndex":"555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5 [3].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"8f54f3acd512faa02e90821afd33c575","hashSHA1":"e36ceef6bdea7425d1714148d7b3fa1a0d30203f","hashSHA256":"3ae253c34750bfe587b01c286cc137066d098ffcb483f82bf6eb45e3d48481cb","sourceIndex":"555","avBlockList":["Avast Security for Mac (20250408)","Avira Security for Mac (20250408)","Bitdefender Antivirus for Mac (20250408)","ESET Cyber Security Pro for Mac (20250408)","G DATA AntiVirus for Mac (20250408)","K7 Antivirus for Mac (20250408)","Kaspersky Internet Security for Mac (20250408)","McAfee Internet Security for Mac (20250408)","Norton Security for Mac (20250408)","Sophos Home Premium For Mac (20250408)","SpyHunterforMac (20250408)","Trend Micro Antivirus for Mac (20250408)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5 [4].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"19fbd3b14e5d644d781fd26f4704b682","hashSHA1":"9b11e3ecb0925874709042b2d4269838e73bc4a3","hashSHA256":"07d8705bbf31ed1eec26308f4e0a52f6ec29b79017e01c301e439f4b2b03968a","sourceIndex":"555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5 [5].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"c0de5e8bfc697431392f5e80b027822f","hashSHA1":"57ce7bd7a2a5cba3e9d3fe6144cb45aae1cb3465","hashSHA256":"3df2b2d0bfb53c218fc8e237416b59861bf5975a419e62766d22bdbc86eeac21","sourceIndex":"555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.0.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"515777b1ef29bd5a4a06495bf6bc5e1bec92625cda65d2e94332e13eefaaa7d2","sourceIndex":"555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e22181a835127650ccad8b5622ac4d73386e4ffa236733e5653a2e273e24fa3a","sourceIndex":"555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5e96fc60f73cb715745a8c2af41e3dce","hashSHA1":"231cc56daeb4a79baf8bd69e1fb2563b36e9f531","hashSHA256":"efbdb150b707a1059b2f3a5162c4d3ba21553245a3da295479c4d163f6da5103","sourceIndex":"555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShinyv415","fileVersion":"0.","hashMD5":"44e1685187683b8abccdc62dde19b5da","hashSHA1":"2218975bf1a31236edfe08f94785174616836de0","hashSHA256":"9c2f9e48573e82f2dabfb61b4b6a6b5a6718668e3efa4ece9692b83c2fb77a09","sourceIndex":"555","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google Search \"how to speed up mac\"","landingPage":"http://macshiny.com/lp/g3/lp_3_easy_steps_to_clean_your_Mac_1_param?alert=0&sp=blwshd&igaexp=48&gclid=EAIaIQobChMIiqqBn5rW1QIVTmp-Ch0lfwk4EAAYBCAAEgISW_D_BwE&fowid=140187058231669131","ipv4":"","ipv6":"","sourceIndex":"555"}],"sampleFiles":["240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.app.zip","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny-190514","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny-190514.pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny[2].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny [2].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.v4.1.5 [3].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.v4.1.5 [4].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.v4.1.5 [5].pkg","240906/D-MacShiny-170813/4.1.5/Samples/MacShiny.v4.1.5.dmg","240906/D-MacShiny-170813/4.1.5/Samples/MacShinyv415"],"imageFiles":["240906/D-MacShiny-170813/4.1.5/Images/ACR-003/Screen Shot 2019-04-12 at 10.13.25 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-003/Screen Shot 2019-04-12 at 10.18.02 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-014/Screen Shot 2019-04-12 at 10.13.25 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-004/Screen Shot 2019-04-12 at 10.13.25 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-004/Screen Shot 2019-04-12 at 10.25.03 AM.png"],"nonDeceptorImageFiles":["240906/D-MacShiny-170813/4.1.5/Images/ACR-065/Screen Shot 2019-04-08 at 11.04.27 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-065/Screen Shot 2019-04-12 at 10.19.28 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-161/Screen Shot 2019-04-12 at 10.18.02 AM.png","240906/D-MacShiny-170813/4.1.5/Images/ACR-161/Screen Shot 2019-04-12 at 10.25.22 AM.png"],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_4.1.5_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"4.1.5","sigName":"Deceptor:MacOS/MacShiny!003004","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":395},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"opera download\"","landingPage":"https://www.filehorse.com/download-opera-64/","ipv4":"","ipv6":"","sourceIndex":"251"}],"sampleFiles":[],"imageFiles":["250108/Filehorse-250107/250107/Images/ACR-155/ACR-155_Ads inside app_1.png","250108/Filehorse-250107/250107/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"c1b64431-a3f4-47f6-a653-4d2de57fdc30_250107_1","appID":"Filehorse-250107","dateAdded":"250108","deceptorType":"Download Site","name":"Filehorse","company":"Filehorse","version":"250107","lastKnownStatus":"250108","lastKnownDate":"250108","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2025-01-09T00:00:47.5200209+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":392},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"opera download\"","landingPage":"https://opera.apponic.com/","ipv4":"","ipv6":"","sourceIndex":"249"}],"sampleFiles":[],"imageFiles":["250108/Apponic-250107/250107/Images/ACR-155/ACR-155_Ads inside app_1.png","250108/Apponic-250107/250107/Images/ACR-155/ACR-155_Ads inside app_2.png","250108/Apponic-250107/250107/Images/ACR-155/ACR-155_Ads inside app_3.png"],"nonDeceptorImageFiles":[],"guid":"129ba6cb-9480-47d8-b7c9-57d25694754b_250107_1","appID":"Apponic-250107","dateAdded":"250108","deceptorType":"Download Site","name":"Apponic","company":"Apponic","version":"250107","lastKnownStatus":"250108","lastKnownDate":"250108","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2025-01-09T00:02:13.8353077+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":399},{"violations":{"ACR-003":"App exaggeratedly claims system health condition, misleads user to take action purchase the app. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MacShiny.dmg","isInstaller":"True","companyName":"cyan soft Ltd.","productName":"MacShiny","productVersion":"3.9.7","fileVersion":"3.9.7","hashMD5":"f8b7712f4680084922326320bb98dbf3","hashSHA1":"552d215a3b871af1c539834653a47392c02303bd","hashSHA256":"03ec745fb142463cdaa93e66ddc9a7f9be9df557602b2d47b6dc764cabdd485f","digitalCertThumbprint":"CA11908255E5A7615B777E39AAA483870D318958","digitalCertIssuer":"cyan soft Ltd. (68A8KE3488)","digitalCertIssuedTo":"cyan soft Ltd. (68A8KE3488)","sourceIndex":"3098","dateAdded":"170816","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Mac Cleaner","landingPage":"http://macshiny.com/lp/g3/lp_3_easy_steps_to_clean_your_Mac_1_param?alert=0&sp=blwshd&igaexp=48&gclid=EAIaIQobChMIiqqBn5rW1QIVTmp-Ch0lfwk4EAAYBCAAEgISW_D_BwE&fowid=140187058231669131","ipv4":"","ipv6":"","sourceIndex":"3098"}],"sampleFiles":[],"imageFiles":["190412/D-MacShiny-170813/3.9.7/Images/ACR-003/MacShinyScanResult.PNG","190412/D-MacShiny-170813/3.9.7/Images/ACR-003/MacShinyScanResult2.PNG","190412/D-MacShiny-170813/3.9.7/Images/ACR-003/MacShinyScanResult3.PNG","190412/D-MacShiny-170813/3.9.7/Images/ACR-003/MacShinyScanResult4.PNG"],"nonDeceptorImageFiles":[],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_3.9.7_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"3.9.7","sigName":"Deceptor:MacOS/MacShiny!003","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":398},{"violations":{"ACR-003":"The app uses vague descriptions such as \"dirty\" and \"dangerous\" to describe the system status without any substantiation or what those descriptors even mean. When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer. \n","ACR-004":"The app does not provide free fixes for all free scan results.\n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"dirty\", \"dangerous\", or \"critical\". Such descriptions are unfair and misleading because they are not substantiated and do not provide any real insight to what the problem is. \n"},"nonDeceptorViolations":{"ACR-065":"The install wizard contains no obvious links to the app's EULA or Terms of Service, etc. \nThe app contains no obvious links to a EULA or Terms of Service, etc. \n","ACR-161":"The app claims an \"editor's choice\" rating of five stars, yet there is no indication as to what such editor is and no way to verify the raiting. \nThe app's page claims that it has over 14,000,000 five-star ratings, yet there is no way to see where these ratings are from and no way to verify whether such ratings are true. \n"},"samples":[{"isRevoked":"False","fileName":"MacShiny.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"cc7fda5d1b3772e519a1cae929a5daa2","hashSHA1":"74b57279381772e2e48899d4113fe09ed2033f47","hashSHA256":"9ae2d611f65c3bd40bc1e9aa287242229948a41811b2f70651615e10c11be448","sourceIndex":"2895","avBlockList":["Avast Security for Mac (20220208)","Avira Security for Mac (20220208)","Bitdefender Antivirus for Mac (20220208)","ESET Cyber Security Pro for Mac (20220208)","G DATA AntiVirus for Mac (20220208)","K7 Antivirus for Mac (20220208)","McAfee Internet Security for Mac (20220208)","Norton Security for Mac (20220208)","Sophos Home Premium For Mac (20220208)","Trend Micro Antivirus for Mac (20220208)"],"avAllowList":["Kaspersky Internet Security for Mac (20220208)"]},{"isRevoked":"False","fileName":"MacShiny","fileVersion":"0.","hashMD5":"c811e9eb49dd1aa6bd2da04388a2ed45","hashSHA1":"f274d81e72b6aa66de466521410463309bc9b6bb","hashSHA256":"d903f21972aff7b331bde81ff32640d4b1b947a0f65cd9604ee7e0ca6d194208","sourceIndex":"2895","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Mac Cleaner","landingPage":"http://macshiny.com/lp/g3/lp_3_easy_steps_to_clean_your_Mac_1_param?alert=0&sp=blwshd&igaexp=48&gclid=EAIaIQobChMIiqqBn5rW1QIVTmp-Ch0lfwk4EAAYBCAAEgISW_D_BwE&fowid=140187058231669131","ipv4":"","ipv6":"","sourceIndex":"2895"}],"sampleFiles":["190813/D-MacShiny-170813/4.0.9/Samples/MacShiny.pkg","190813/D-MacShiny-170813/4.0.9/Samples/MacShiny"],"imageFiles":["190813/D-MacShiny-170813/4.0.9/Images/ACR-003/Screen Shot 2019-08-09 at 10.38.06 AM.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-014/Screen Shot 2019-08-09 at 10.38.06 AM.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-004/Free Trial MacShiny.gif"],"nonDeceptorImageFiles":["190813/D-MacShiny-170813/4.0.9/Images/ACR-065/Screen Shot 2019-08-09 at 10.35.48 AM.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-065/Screen Shot 2019-08-09 at 10.38.06 AM.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-161/Trial Limit Page.png","190813/D-MacShiny-170813/4.0.9/Images/ACR-161/Screen Shot 2019-08-09 at 10.55.11 AM.png"],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_4.0.9_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"4.0.9","sigName":"Deceptor:MacOS/MacShiny!003004014","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":397},{"violations":{"ACR-048":"The app does not provide a control to close \"TrayAgent\" process, if performed force quit using \"Activity Monitor\" it closes and re-opens within few seconds\n","ACR-003":"The app uses vague descriptions such as \"dirty\" and \"dangerous\" to describe the system status without any substantiation or what those descriptors even mean. When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer. \n","ACR-004":"The app uses color graphics, vague descriptors to highlight issues, such as \"dirty\" or \"dangerous\" without substantiation. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix. \n","ACR-017":"Unable to verify logos\nUnable to verify logos\nUnable to verify logos\nUnable to verify logos\n","ACR-084":"The app runs silently in the background without consumers knowledge despite the fact that it is closed\n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"dirty\", \"dangerous\", or \"critical\". Such descriptions are unfair and misleading because they are not substantiated and do not provide any real insight to what the issue is.\n","ACR-124":"The app displays more than one confirmation prompts during uninstall process\n"},"nonDeceptorViolations":{"ACR-045":"The landing page mentions \"Free Download\", free misleads consumer as the app does not offer complete free fixes for the identified issues.\n","ACR-065":"The install wizard contains no obvious links to the app's EULA or Terms of Service, etc. \nThe app contains no obvious links to a EULA or Terms of Service, etc. \nThe offers page contains no obvious links to a EULA or Terms of Service, etc. \n","ACR-161":"Unable to verify testimonials\n","ACR-120":"The app offers comparable value proposition at lesser price for a life time subscription during uninstall process.\n","ACR-171":"The app does not clearly disclose details about the recurring payment information in the offers page\n","ACR-017":"Unable to verify logos\n"},"samples":[{"isRevoked":"False","fileName":"MacShiny-2.pkg","isInstaller":"True","companyName":"MacShiny","productName":"MacShiny","productVersion":"4.1.2","fileVersion":"4.1.2","hashMD5":"cd628d740975b6cf1a6543a6c94a5e5b","hashSHA1":"ae52094cd8343041861265c257c615d241b25c24","hashSHA256":"2ef3cf6a7d16f0b04d7c88988d22196afd26586b4181e59ef910f99caff3687d","digitalCertThumbprint":"18AB5BAC-2B71-C375-EE87-1E830E851610","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Cyan soft Ltd. (68A8KE3488)","sourceIndex":"2509","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","Kaspersky Internet Security for Mac (20210511)","McAfee Internet Security for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["K7 Antivirus for Mac (20210511)"]},{"isRevoked":"False","fileName":"lipo","companyName":"MacShiny","productName":"MacShiny","productVersion":"4.1.2","fileVersion":"4.1.2","hashMD5":"11386165ab677ae7c5f3c424e001549c","hashSHA1":"1406e1ec6b132bf11e95f08a73b98c256bc15556","hashSHA256":"2882c3408714e0013a61a7f1e5490597cf33a5dbca8e0d2538d32a6954a7e304","digitalCertThumbprint":"18AB5BAC-2B71-C375-EE87-1E830E851610","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Cyan soft Ltd. (68A8KE3488)","sourceIndex":"2509","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny","companyName":"MacShiny","productName":"MacShiny","productVersion":"4.1.2","fileVersion":"4.1.2","hashMD5":"b5bf27b88909f46748759bd340c469a4","hashSHA1":"b747899d883a134714f07dfe6ca3b453d03a39c3","hashSHA256":"371996f61ac903bab17f0269d65e8864bb14b35b932ea33d7477b803926b0fb2","digitalCertThumbprint":"18AB5BAC-2B71-C375-EE87-1E830E851610","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Cyan soft Ltd. (68A8KE3488)","sourceIndex":"2509","avBlockList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","ESET Cyber Security Pro for Mac (20241010)","G DATA AntiVirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","McAfee Internet Security for Mac (20241010)","Norton Security for Mac (20241010)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["K7 Antivirus for Mac (20241010)","Sophos Home Premium For Mac (20241010)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Mac Cleaner","landingPage":"http://macshiny.com/lp/g3/lp_3_easy_steps_to_clean_your_Mac_1_param?alert=0&sp=blwshd&igaexp=48&gclid=EAIaIQobChMIiqqBn5rW1QIVTmp-Ch0lfwk4EAAYBCAAEgISW_D_BwE&fowid=140187058231669131","ipv4":"","ipv6":"","sourceIndex":"2509"},{"howFound":"","reference":"","landingPage":"https://top10cleaners.org/?url=https://macshiny.com/lp/g5/lp_mac_free_download&sp=blwshd&top10_redir=track&ADWORD=SRC*sn*KW*free%20mac%20cleaner*CR*274122716125*MT*e*TG**PL**DV*c*AP**CID*1415711260*GID*61143826692*LOCP*9033255*NW*g*FID*&gclid=EAIaIQobChMI_ar7us3S6AIVEcNkCh1_sw7cEAMYASAAEgL7DPD_BwE","ipv4":"","ipv6":"","sourceIndex":"2510"}],"sampleFiles":["200407/D-MacShiny-170813/4.1.2/Samples/MacShiny-2.pkg","200407/D-MacShiny-170813/4.1.2/Samples/lipo","200407/D-MacShiny-170813/4.1.2/Samples/MacShiny"],"imageFiles":["200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_InternalOffers_Logos_Aren't_Verifiable.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_InternalOffers_Unable_To_Verify_Logo.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-003/ACR-003_Software_Doesn't_Substantiate_Identified_Results.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_Software_Unable_To_Verify_Logos.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-084/ACR-084_Software_Runs_Silently.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-048/ACR-048_Software_Doesn't_Provide_Control.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_Uninstall_Unable_To_Verify_Logos.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-014/ACR-004_Software_Provides_Partial_Fix.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-014/ACR-004_Software_Raises_Urgency.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-014/ACR-004_Software_Raises_Urgency1.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-004/ACR-004_Software_Raises_Urgency.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-004/ACR-004_Software_Raises_Urgency1.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_InlineOffers_Unable_To_Verify_Logos.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-124/ACR-124_Uninstall_Confirmation_Prompts_More_Than_Once.png"],"nonDeceptorImageFiles":["200407/D-MacShiny-170813/4.1.2/Images/ACR-045/ACR-045_Landingpage_Misleading_FreeDownload_Button.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-065/ACR-065_Install_No_Docs.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-065/ACR-065_Software_Doesn't_Disclose_EULA&PrivacyPolicy.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-065/ACR-065_InlineOffers_Doesn't_Disclose_Docs.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-161/ACR-161_Landingpage_Unable_To_Verify_Testimonials.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_EditorChoice_logo.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_Logos.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-120/ACR-120_Uninstall_Offers_Low_Price.png","200407/D-MacShiny-170813/4.1.2/Images/ACR-171/ACR-171_InlineOffers_Doesn't_Disclose_Recurring_Details.png"],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_4.1.2_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"4.1.2","sigName":"Deceptor:MacOS/MacShiny!017003084048014004124","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":396},{"violations":{"ACR-003":"The app uses vague descriptions such as “slow”, \"dirty\" and \"dangerous\" to describe the system status without any substantiation or what those descriptors even mean. When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer. The app exaggerates system issues and raises urgency for the identified issues with \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"The app uses vague descriptors to highlight problems, such as \"dirty\" or \"dangerous\" without substantiation. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix. \n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"dirty\", \"dangerous\", or \"critical\". Such descriptions are unfair and misleading because they are not substantiated and do not provide any real insight to what the problem is.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard contains no obvious links to the app's EULA or Terms of Service, etc. \nThe app needs to disclose EULA, Terms of Service, Returns & Cancellation Policy, and Privacy Policy on the app's about page.\n","ACR-161":"The app claims an \"editor's choice\" rating of five stars, yet there is no indication as to what such editor is and no way to verify the raiting. \nThe app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe app claims an \"editor's choice\" rating of five stars, yet there is no indication as to what such editor is and no way to verify the rating. The app's page claims that it has over 16,000 five-star ratings, yet there is no way to see where these ratings are from and no way to verify whether such ratings are true. \n"},"samples":[{"isRevoked":"False","fileName":"MacShiny","fileVersion":"0.","hashMD5":"44e1685187683b8abccdc62dde19b5da","hashSHA1":"2218975bf1a31236edfe08f94785174616836de0","hashSHA256":"9c2f9e48573e82f2dabfb61b4b6a6b5a6718668e3efa4ece9692b83c2fb77a09","sourceIndex":"252","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacShiny.v4.1.5.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"8f54f3acd512faa02e90821afd33c575","hashSHA1":"e36ceef6bdea7425d1714148d7b3fa1a0d30203f","hashSHA256":"3ae253c34750bfe587b01c286cc137066d098ffcb483f82bf6eb45e3d48481cb","sourceIndex":"252","avBlockList":["Avast Security for Mac (20250408)","Avira Security for Mac (20250408)","Bitdefender Antivirus for Mac (20250408)","ESET Cyber Security Pro for Mac (20250408)","G DATA AntiVirus for Mac (20250408)","K7 Antivirus for Mac (20250408)","Kaspersky Internet Security for Mac (20250408)","McAfee Internet Security for Mac (20250408)","Norton Security for Mac (20250408)","Sophos Home Premium For Mac (20250408)","SpyHunterforMac (20250408)","Trend Micro Antivirus for Mac (20250408)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Mac Cleaner","landingPage":"http://macshiny.com/","directDownloadingLink":"https://macshiny.com/Downloads/DownloadPkg?appId=1&av=4.1.5&ac=6n0AVSmile4ZA3bn5r&t=0&postinst=107&kpahid=1143601468524201388","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macshiny.com/Downloads/DownloadPkg?appId=1&av=4.1.5&ac=6n0AVSmile4ZA3bn5r&t=0&postinst=107&kpahid=1143601468524201388","sourceIndex":"252"}],"sampleFiles":["250108/D-MacShiny-170813/4.1.8/Samples/MacShiny","250108/D-MacShiny-170813/4.1.8/Samples/MacShiny.v4.1.5.pkg"],"imageFiles":["250108/D-MacShiny-170813/4.1.8/Images/ACR-003/App1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app2.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app5.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app6.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app16.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app17.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-003/app18.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/App1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app2.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app5.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app6.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app16.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app17.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-014/app18.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-004/App1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-004/app2.png"],"nonDeceptorImageFiles":["250108/D-MacShiny-170813/4.1.8/Images/ACR-045/MacShiny - All-in-one maintenance tool for your Mac1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-045/MacShiny - All-in-one maintenance tool for your Mac2.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-045/MacShiny - All-in-one maintenance tool for your Mac3.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-065/install1.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-065/app3.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-161/app2.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-161/MacShiny - All-in-one maintenance tool for your Mac.png","250108/D-MacShiny-170813/4.1.8/Images/ACR-161/Get MacShiny License with 94% discount1.png"],"guid":"d355a9f2-2e9b-4e6f-b394-304acf9658be_4.1.8_1","appID":"D-MacShiny-170813","dateAdded":"250108","deceptorType":"MacOS App","name":"MacShiny","company":"MacShiny","version":"4.1.8","lastKnownStatus":"Deceptor: 3.9.7,4.1.5,4.0.9,4,1,2;4.1.5;4.1.8","lastKnownDate":"250108","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2025-01-08T23:59:39.6517361+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":394},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"opera download\"","landingPage":"https://opera.en.download.it/","ipv4":"","ipv6":"","sourceIndex":"250"}],"sampleFiles":[],"imageFiles":["250108/DownloadIt-250107/250107/Images/ACR-155/ACR-155_Ads inside app_1.png","250108/DownloadIt-250107/250107/Images/ACR-155/ACR-155_Ads inside app_2.png","250108/DownloadIt-250107/250107/Images/ACR-155/ACR-155_Ads inside app_3.png"],"nonDeceptorImageFiles":[],"guid":"d98c06b1-b9bf-4dd4-9679-87b9ccba2e0b_250107_1","appID":"DownloadIt-250107","dateAdded":"250108","deceptorType":"Download Site","name":"DownloadIt","company":"download.it","version":"250107","lastKnownStatus":"250108","lastKnownDate":"250108","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2025-01-09T00:01:32.5652489+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":393},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://djvu-reader.com/en/","ipv4":"","ipv6":"","sourceIndex":"253"}],"sampleFiles":[],"imageFiles":["250106/djvuReader-250103/250103/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":[],"guid":"34873f71-1123-43c1-9f5f-beef5a27135b_250103_1","appID":"djvuReader-250103","dateAdded":"250106","deceptorType":"App","name":"djvuReader-250103","company":"DjVu Reader","version":"250103","lastKnownStatus":"250106","lastKnownDate":"250106","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2025-01-06T20:01:21.7924966+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":400},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pdfshaper_free_14.8.exe","isInstaller":"True","companyName":"Burnaware                                                   ","fileVersion":"14.8","hashMD5":"a91615c7d944b35870e455183420d3b2","hashSHA1":"882a5b25c3a3c09fbcfb8cac2dbab9bdc5e0ab0e","hashSHA256":"d1c562db4ad6f726bb0ba63b7d8182f359156f48e128d8590f5218b1a5efe5e4","digitalCertThumbprint":"89C2350B8D324ECDE615A61F9429F9AC9673D378","digitalCertIssuer":"CN=Microsoft ID Verified CS EOC CA 01, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"266","avBlockList":["Avira Internet Security (20241226)","FortectPremium (20241226)","K7 Total Security (20241226)","Norton Security (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","ESET Internet Security (20241226)","G DATA INTERNET SECURITY (20241226)","KasperskyPremium (20241226)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Panda Dome (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"discovered through a search for the optional offer (WinX DVD Ripper)during the Glorylogic app installation","reference":"","landingPage":"https://www.pdfshaper.com/","directDownloadingLink":"https://www.pdfshaper.com/downloads/pdfshaper_free_14.8.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pdfshaper.com/downloads/pdfshaper_free_14.8.exe","sourceIndex":"266"}],"sampleFiles":["241223/PDFShaper-241218/14.8.0.0/Samples/pdfshaper_free_14.8.exe"],"imageFiles":["241223/PDFShaper-241218/14.8.0.0/Images/ACR-055/ACR-055_Install_1.png","241223/PDFShaper-241218/14.8.0.0/Images/ACR-013/ACR-013_Install_1.png","241223/PDFShaper-241218/14.8.0.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"3b8645f1-0fdd-407f-81af-053678906836_14.8.0.0_1","appID":"PDFShaper-241218","dateAdded":"241223","deceptorType":"App","name":"PDF Shaper Free","company":"Burnaware","version":"14.8.0.0","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"241227","firstResolvedVersion":"14.8.1","resolved":"TRUE","lastKnownStatus":"14.8.0.0","lastKnownDate":"241223","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"install offers,up-sell to paid","lastUpdate":"2024-12-27T18:25:16.3995207+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":404},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"opera download\"","landingPage":"https://www.softpedia.com/get/Internet/Browsers/Opera-for-Windows-without-Java.shtml","ipv4":"","ipv6":"","sourceIndex":"268"}],"sampleFiles":[],"imageFiles":["241223/Softpedia-241213/241213/Images/ACR-155/ACR-155_Ads inside app_1.png","241223/Softpedia-241213/241213/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"061e62d7-cd7d-42c1-bace-ba0d8fa7b205_241213_1","appID":"Softpedia-241213","dateAdded":"241223","deceptorType":"Download Site","name":"Softpedia-241213","company":"Softpedia","version":"241213","lastKnownStatus":"241223","lastKnownDate":"241223","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-12-23T23:19:50.6239381+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":403},{"violations":{"ACR-107":" The website doesn't download a legitimate launcher and does not indicate any authorization from the app's publisher aside from mentioning the publisher's name.  \n\n","ACR-005":" Ads on the page are designed to appear as standard download buttons which could potentially mislead the user.\n\n","ACR-014":" Users are led to believe that the version of Minecraft they are downloading is the demo version however they receive a non-functional launcher.\n\n","ACR-155":"Download ad for another app is inserted above the actual download button to masquerade itself as part of existing committed user workflows.\n"},"nonDeceptorViolations":{"ACR-056":" The website advertises a demo version of Minecraft and instead receive a non-functional launcher.\n\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"minecraft free for mac\"","landingPage":"https://minecraft.en.uptodown.com/mac/download","ipv4":"","ipv6":"","sourceIndex":"3117"}],"sampleFiles":[],"imageFiles":["190407/UpToDown-190405/190405/Images/ACR-005/UpToDown Top of the Page.png","190407/UpToDown-190405/190405/Images/ACR-014/UpToDown Damaged App.png","190407/UpToDown-190405/190405/Images/ACR-014/UpToDown Top of the Page.png","190407/UpToDown-190405/190405/Images/ACR-107/UpToDown Top of the Page.png","190407/UpToDown-190405/190405/Images/ACR-155/UpToDown Top of the Page.png"],"nonDeceptorImageFiles":["190407/UpToDown-190405/190405/Images/ACR-056/UpToDown Damaged App.png","190407/UpToDown-190405/190405/Images/ACR-056/UpToDown Top of the Page.png"],"guid":"c2c28542-647c-4eb5-8748-ddea7589b535_190405_1","appID":"UpToDown-190405","dateAdded":"241223","deceptorType":"Download Site","name":"minecraft.en.uptodown.com","company":"Uptodown","version":"190405","sigName":"Deceptor:Affiliate/minecraft.en.uptodown.com","lastKnownStatus":"190405;241223","lastKnownDate":"241223","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-12-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":402},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"minecraft free for mac\"","landingPage":"https://minecraft.en.uptodown.com/mac/download","ipv4":"","ipv6":"","sourceIndex":"269"}],"sampleFiles":[],"imageFiles":["241223/UpToDown-190405/241212/Images/ACR-155/ACR-155_Ads inside app_1.png","241223/UpToDown-190405/241212/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"c2c28542-647c-4eb5-8748-ddea7589b535_241212_1","appID":"UpToDown-190405","dateAdded":"241223","deceptorType":"Download Site","name":"minecraft.en.uptodown.com","company":"Uptodown","version":"241212","lastKnownStatus":"190405;241223","lastKnownDate":"241223","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-12-23T23:13:51.3168909+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":401},{"violations":{"ACR-155":" Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google search: \"minecraft download\"","landingPage":"https://download.cnet.com/minecraft/3000-2097_4-75648482.html","ipv4":"","ipv6":"","sourceIndex":"267"}],"sampleFiles":[],"imageFiles":["241223/Cnet-241213/241213/Images/ACR-155/ACR-155_Ads inside app_1.png","241223/Cnet-241213/241213/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"89ac6a40-06f0-4ff6-9aa9-5d9c7ae6c453_241213_1","appID":"Cnet-241213","dateAdded":"241223","deceptorType":"Download Site","name":"Cnet-241213","company":"Cnet","version":"241213","lastKnownStatus":"241223","lastKnownDate":"241223","type":"Download Site","category":"Personalization & Search","targetOS":"","targetBrowser":"","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-12-23T23:23:44.5092534+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":405},{"violations":{"ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n","ACR-155":"Unrelated Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"trueburner_10.1.exe","isInstaller":"True","companyName":"Glorylogic                                                  ","fileVersion":"10.1","hashMD5":"2ecfb74b5ceb5f80c1455d3aa134b16e","hashSHA1":"377a2c5deb7e89e69b17c3be6635ad920d2c04b4","hashSHA256":"b7886a177512819cf86348fbe6791b0152f4cd989f7a77e5e9b2048e5e5c0272","digitalCertThumbprint":"2E0F9D78B09E96967EE6617D557864EDFB18B2EF","digitalCertIssuer":"CN=Microsoft ID Verified CS AOC CA 02, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"264","avBlockList":["Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","K7 Total Security (20241226)","Malwarebytes Premium (20241226)","Norton Security (20241226)","Panda Dome (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["360 Total Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","G DATA INTERNET SECURITY (20241226)","KasperskyPremium (20241226)","McAfee Total Protection (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.glorylogic.com/true-burner.html","directDownloadingLink":"https://www.glorylogic.com/downloads/trueburner_10.1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.glorylogic.com/downloads/trueburner_10.1.exe","sourceIndex":"264"}],"sampleFiles":["241212/TrueBurner-241211/10.1.00/Samples/trueburner_10.1.exe"],"imageFiles":["241212/TrueBurner-241211/10.1.00/Images/ACR-055/ACR-055_Install_1.png","241212/TrueBurner-241211/10.1.00/Images/ACR-055/ACR-055_Install_2.png","241212/TrueBurner-241211/10.1.00/Images/ACR-013/ACR-013_Install_1.png","241212/TrueBurner-241211/10.1.00/Images/ACR-013/ACR-013_Install_2.png","241212/TrueBurner-241211/10.1.00/Images/ACR-059/ACR-059_Bundler-made offers_1.png","241212/TrueBurner-241211/10.1.00/Images/ACR-059/ACR-059_Bundler-made offers_2.png","241212/TrueBurner-241211/10.1.00/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"f613647b-8d75-448b-b072-214a2aae5a9d_10.1.00_1","appID":"TrueBurner-241211","dateAdded":"241212","deceptorType":"App","name":"True Burner","company":"Glorylogic","version":"10.1.00","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"241227","firstResolvedVersion":"10.2","resolved":"TRUE","lastKnownStatus":"10.1.00","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"install offers,cross-sell other apps","lastUpdate":"2024-12-27T18:34:00.297779+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":407},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n\n","ACR-055":"Accept or Decline for optional offers must be obvious. Unchecking a preselected checkbox for another offer is not a straightforward way to indicate a decline.\n","ACR-059":"Offers are not clearly marked as optional, and it is unclear who recommended them or the source of the recommendations.\n","ACR-155":"Unrelated Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"videoshaper_5.9.exe","isInstaller":"True","companyName":"Glorylogic                                                  ","fileVersion":"5.9","hashMD5":"7b77cd7f69e38e19ec35bbe6aaab2752","hashSHA1":"2dfcad845e68a30fef3a170fd004e8f93ef694f5","hashSHA256":"031899e2ff662185a3dc57ac39601b99d4a74dc1cb76705cdca17da66923d066","digitalCertThumbprint":"2E0F9D78B09E96967EE6617D557864EDFB18B2EF","digitalCertIssuer":"CN=Microsoft ID Verified CS AOC CA 02, O=Microsoft Corporation, C=US","digitalCertIssuedTo":"CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=Málaga, C=ES","sourceIndex":"263","avBlockList":["Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","G DATA INTERNET SECURITY (20241226)","K7 Total Security (20241226)","Malwarebytes Premium (20241226)","Norton Security (20241226)","Panda Dome (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["360 Total Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","KasperskyPremium (20241226)","McAfee Total Protection (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.glorylogic.com/video-shaper.html","directDownloadingLink":"https://www.glorylogic.com/downloads/videoshaper_5.9.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.glorylogic.com/downloads/videoshaper_5.9.exe","sourceIndex":"263"}],"sampleFiles":["241212/VideoShaper-241210/5.9.0.0/Samples/videoshaper_5.9.exe"],"imageFiles":["241212/VideoShaper-241210/5.9.0.0/Images/ACR-055/ACR-055_Install_1.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-055/ACR-055_Install_2.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-013/ACR-013_Install_1.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-013/ACR-013_Install_2.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-059/ACR-059_Bundler-made offers_2.png","241212/VideoShaper-241210/5.9.0.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"959b71e1-0270-4912-bc8c-af3191321227_5.9.0.0_1","appID":"VideoShaper-241210","dateAdded":"241212","deceptorType":"App","name":"Video Shaper","company":"Glorylogic","version":"5.9.0.0","firstVendorContactDate":"241227","firstAppEsteemReplyDate":"241227","firstResolvedDate":"241227","firstResolvedVersion":"5.9","resolved":"TRUE","lastKnownStatus":"5.9.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,install offers","lastUpdate":"2024-12-27T18:37:14.2651228+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":406},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"google: \"Minecraft download free mac\"","landingPage":"minecraft.en.softonic.com","ipv4":"","ipv6":"","landingPageWildChar":"star.en.softonic.com","sourceIndex":"2646"}],"sampleFiles":[],"imageFiles":["190407/minecraftensoftonic-190405/190405/Images/ACR-155/ACR155.png"],"nonDeceptorImageFiles":[],"guid":"bfb67bef-53cd-4fc2-aa58-872ca8f55d20_190405_1","appID":"minecraftensoftonic-190405","dateAdded":"241205","deceptorType":"Download Site","name":"minecraft.en.softonic.com","company":"SOFTONIC INTERNATIONAL S.A.","version":"190405","sigName":"Deceptor:Affiliate/minecraft.en.softonic.com","firstResolvedVersion":"","lastKnownStatus":"241205","lastKnownDate":"241205","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2024-12-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":409},{"violations":{"ACR-155":"Ads are designed such that they have the appearance of real download buttons for the app, potentially misleading the user into clicking them.\n\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"google: \"Minecraft download free mac\"","landingPage":"minecraft.en.softonic.com","ipv4":"","ipv6":"","landingPageWildChar":"star.en.softonic.com","sourceIndex":"306"},{"howFound":"","reference":"","landingPage":"https://microsoft-excel.en.softonic.com/","ipv4":"","ipv6":"","sourceIndex":"307"}],"sampleFiles":[],"imageFiles":["241205/minecraftensoftonic-190405/241205/Images/ACR-155/ACR-155_Ads inside app_1.png","241205/minecraftensoftonic-190405/241205/Images/ACR-155/ACR-155_Ads inside app_2.png"],"nonDeceptorImageFiles":[],"guid":"bfb67bef-53cd-4fc2-aa58-872ca8f55d20_241205_1","appID":"minecraftensoftonic-190405","dateAdded":"241205","deceptorType":"Download Site","name":"minecraft.en.softonic.com","company":"SOFTONIC INTERNATIONAL S.A.","version":"241205","firstResolvedVersion":"","lastKnownStatus":"241205","lastKnownDate":"241205","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2024-12-09T19:10:53.5434295+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":408},{"violations":{"ACR-042":"The files related to the \"EagleGet New\" gets dropped even after unchecking the \"Install EagleGet New tab\" option.\n","ACR-043":"The \"Luminati\" and related components are dropped before obtaining the user's agree and consent\n","ACR-048":"After completely closing the app, the background process \"EGmonitor.exe\" continues to run. Additionally, if the user has resource sharing turned on, that service will continue to run\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"eagleget-2-1-6-50.exe","isInstaller":"True","companyName":"EagleGet                                                    ","fileVersion":"2.1","hashMD5":"e96dd956bc2159ff1d073876ef5d4e58","hashSHA1":"a0da0d7c8394d646eb5a0f64be14397235f22704","hashSHA256":"14636b7fc900e2be3fee5abb409e3b7a3cdf5a99107bf6d7dcbcce4b26ee0d34","digitalCertThumbprint":"5D46AB1CD0560AEFEF056BA8AD158177280D7E49","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Beijing Pu Technology Limited, O=Beijing Pu Technology Limited, L=Fengtai District, S=Beijing, C=CN","sourceIndex":"314","avBlockList":["Avast Premium Security (20250225)","AVG Internet Security (20250225)","Avira Internet Security (20250225)","Bitdefender Internet Security (20250225)","Dr.Web Security Space (20250225)","ESET Internet Security (20250225)","FortectPremium (20250225)","G DATA INTERNET SECURITY (20250225)","KasperskyPremium (20250225)","Malwarebytes Premium (20250225)","McAfee Total Protection (20250225)","Norton Security (20250225)","Panda Dome (20250225)","Quick Heal Internet Security (20250225)","Sophos Home Premium (20250225)","SpyHunter5 (20250225)","Total AV Antivirus Pro (20250225)","Trend Micro Internet Security (20250225)","VIPRE Advanced Security (20250225)","VirIT eXplorer PRO (20250225)","Webroot SecureAnywhere (20250225)"],"avAllowList":["360 Total Security (20250225)","COMODO Antivirus (20250225)","K7 Total Security (20250225)","Windows Defender (20250225)"]},{"isRevoked":"False","fileName":"EagleGet.exe","companyName":"EagleGet.com","fileVersion":"2.1","hashMD5":"3c4dd1443e03ce175a528e12565c0089","hashSHA1":"0cf63ef1f19ff607a10e6b28cbcbaccfcdc5fbfd","hashSHA256":"4ee513649cdf0925868df4cd7b17e4b67abc0e0a825570ae40ff400e418b4b9b","digitalCertThumbprint":"5D46AB1CD0560AEFEF056BA8AD158177280D7E49","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Beijing Pu Technology Limited, O=Beijing Pu Technology Limited, L=Fengtai District, S=Beijing, C=CN","sourceIndex":"314","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Follow-up on old deceptors","reference":"","landingPage":"https://www.eagleget.org/download-for-windows","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"314"}],"sampleFiles":["241127/EagleGet-220107/2.1.6.50/Samples/eagleget-2-1-6-50.exe","241127/EagleGet-220107/2.1.6.50/Samples/EagleGet.exe"],"imageFiles":["241127/EagleGet-220107/2.1.6.50/Images/ACR-043/preinstall.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-042/addon.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-042/installoption.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-084/background.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-048/background.png","241127/EagleGet-220107/2.1.6.50/Images/ACR-007/BrightData.png"],"nonDeceptorImageFiles":[],"guid":"315d2e49-5969-4249-8a01-baa89621595c_2.1.6.50_1","appID":"EagleGet-220107","dateAdded":"241127","deceptorType":"App","name":"EagleGet","company":"Beijing Pu Technology Limited","version":"2.1.6.50","lastKnownStatus":"2.1.6.70;2.1.6.50","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T23:31:04.5368773+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":412},{"violations":{"ACR-043":"One or more third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page. Ex.: SDService.exe, changeq.exe, checkupdate.exe, etc…\n","ACR-084":"1. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent. 2. The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the user attempts to completely uninstall the application, app retains some of its components on the system without the consumer's consent\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe Landing Page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Internal Offers Page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction , its install and Landing Page (version 2.1.0 vs version 2.0.0.0). \nThe App's version is not consistent between App interaction , its install and Landing Page (version 2.1.0 vs version 2.0.0.0). \nThe App's version is not consistent between App interaction , its install and Landing Page (version 2.1.0 vs version 2.0.0.0). \n","ACR-092":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe landing page has no link or information that shows how it can be uninstalled. \nThe internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The offer for Download Protection requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"WinMend-History-Cleaner.exe","isInstaller":"True","companyName":"WinMend.com                                                 ","fileVersion":"0.0","hashMD5":"028d8a6c6d722c5dfdf74ec6ffc66844","hashSHA1":"3feeafc663bb5dc3bd5fc898d0858eb1f0cebed2","hashSHA256":"617ebc6457cc43884e8f311e2ecd7cf49cbec0919ebade868ecd89ec409279cf","sourceIndex":"354","avBlockList":["Avast Premium Security (20200903)","AVG Internet Security (20200903)","Avira Internet Security (20200903)","Bitdefender Internet Security (20200903)","Dr.Web Security Space (20200903)","ESET Internet Security (20200903)","G DATA INTERNET SECURITY (20200903)","K7 Total Security (20200903)","Kaspersky Internet Security (20200903)","Malwarebytes Premium (20200903)","McAfee Total Protection (20200903)","Norton Security (20200903)","Panda Dome (20200903)","Quick Heal Internet Security (20200903)","Sophos Home Premium (20200903)","SpyHunter5 (20200903)","Tencent PC Manager (20200903)","Total AV Antivirus Pro (20200903)","VIPRE Advanced Security (20200903)","VirIT eXplorer PRO (20200903)","Webroot SecureAnywhere (20200903)","Windows Defender (20200903)"],"avAllowList":["360 Total Security (20200903)","COMODO Antivirus (20200903)","Trend Micro Internet Security (20200903)"]},{"isRevoked":"False","fileName":"HistoryCleaner.exe","companyName":"WinMend.com","fileVersion":"2.0","hashMD5":"aaecb93a8a74aa59511767ec4ad8e316","hashSHA1":"41528a66b2fe2875e7a64ec250162246caf60428","hashSHA256":"44b7772de51077596a1dd2833fbcbf3c5ff73242d27e0eef8ef2b3e2cfec2696","sourceIndex":"354","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"windows junk cleaner\"","reference":"http://www.winmend.com","landingPage":"http://www.winmend.com/history-cleaner/","directDownloadingLink":"http://www.winmend.com/pad/download/WinMend-History-Cleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.winmend.com/pad/download/WinMend-History-Cleaner.exe","sourceIndex":"354"}],"sampleFiles":["200818/WinMendHistoryCleaner-200818/2.0.0.0/Samples/WinMend-History-Cleaner.exe","200818/WinMendHistoryCleaner-200818/2.0.0.0/Samples/HistoryCleaner.exe"],"imageFiles":["200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-043/WinMend_HistoryCleaner_ ThirdPartyComponents [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-043/WinMend_HistoryCleaner_ ThirdPartyComponents [2] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-084/WinMend_HistoryCleaner_ ThirdPartyComponents [2] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-084/WinMend_HistoryCleaner_ ScheduledTasks [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-118/WinMend_HistoryCleaner_ RetainedFilesAfterUninstall [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-118/WinMend_HistoryCleaner_ RetainedFilesAfterUninstall [2] .png"],"nonDeceptorImageFiles":["200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_Install [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_Install [2].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-002/WinMend_HistoryCleaner_Install [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-092/WinMend_HistoryCleaner_ FileProperties [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-092/WinMend_HistoryCleaner_ FileProperties [2] DigitalSignature .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-092/WinMend_HistoryCleaner_ FileProperties [3] DigitalSignature.png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_About [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-099/WinMend_HistoryCleaner_About [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-002/WinMend_HistoryCleaner_About [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_ LandingPage [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_ LandingPage [2].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-099/WinMend_HistoryCleaner_ LandingPage [1] .png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-099/WinMend_HistoryCleaner_ LandingPage [2].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-002/WinMend_HistoryCleaner_ LandingPage [1_].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-171/WinMend_HistoryCleaner_ OfferPage [2_].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_ OfferPage [1].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-065/WinMend_HistoryCleaner_ OfferPage [2].png","200818/WinMendHistoryCleaner-200818/2.0.0.0/Images/ACR-099/WinMend_HistoryCleaner_ OfferPage [1].png"],"guid":"40de6547-f0c4-4331-8ef8-1eafc34af991_2.0.0.0_1","appID":"WinMendHistoryCleaner-200818","dateAdded":"241127","deceptorType":"App","name":"WinMend History Cleaner ","company":"WinMend.com","version":"2.0.0.0","sigName":"Deceptor:Win32/WinMendHistoryCleaner!043084118164","lastKnownStatus":"2.0.0.0;1.4.2.0","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:18.3068617+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":411},{"violations":{"ACR-004":"App presents scan results for free but does not allow user to fix all issues without paying.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"HistoryCleaner.exe","companyName":"WinMend.com","fileVersion":"1.4","hashMD5":"07cfd6c0df13a13f3d792e70f6b01fbe","hashSHA1":"1b4074520661a963a48ac6df326c679a76e97d94","hashSHA256":"5487fbfbc8e430a2c463bf001f52b43d0b0194f99b9312ee790db62f3360e7fe","sourceIndex":"315","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinMend-History-Cleaner.exe","isInstaller":"True","companyName":"WinMend.com                                                 ","fileVersion":"0.0","hashMD5":"73c03c89651953d15d7f696ae123ba61","hashSHA1":"b62431fd84091868e293ddfc335c3b7252bdf6fc","hashSHA256":"85983b5ccb02fbad3f5e8ac8cb3452d0b3380f400c2a848f28e3ebec30e2d99a","sourceIndex":"315","avBlockList":["Dr.Web Security Space (20250225)","ESET Internet Security (20250225)","FortectPremium (20250225)","G DATA INTERNET SECURITY (20250225)","K7 Total Security (20250225)","Malwarebytes Premium (20250225)","Panda Dome (20250225)","Quick Heal Internet Security (20250225)","Sophos Home Premium (20250225)","SpyHunter5 (20250225)","VirIT eXplorer PRO (20250225)","Webroot SecureAnywhere (20250225)"],"avAllowList":["360 Total Security (20250225)","Avast Premium Security (20250225)","AVG Internet Security (20250225)","Avira Internet Security (20250225)","Bitdefender Internet Security (20250225)","COMODO Antivirus (20250225)","KasperskyPremium (20250225)","McAfee Total Protection (20250225)","Total AV Antivirus Pro (20250225)","Trend Micro Internet Security (20250225)","VIPRE Advanced Security (20250225)","Windows Defender (20250225)","Norton Security (20250225)"]}],"additionalFiles":[],"sources":[{"howFound":"follow-up search for new version","reference":"","landingPage":"https://www.malavida.com/en/soft/winmend-history-cleaner/download","directDownloadingLink":"https://dw.malavida.com/RDdJVFMrUkpJQzYyV2FpL0s5K3p4cnppT0JVMlFGU2xxT1BIY09QaDhPMFVnT09xaGV6OTdCREs4NnZ2anBmc0ZRWFN1WUtVYktWaGFpRHp/QNkZSanhNWlVVUEFuakNBcmJpOWZld2R6M05pUWY4V1lZSzF4Yi9yRTNHWS9mRXhOc3FTUDlIQWJieUVCeng1YTVpOFN6cjBZNHdpZ2dOU0/tZK0x2a0hoRStML0ttMHRadjN2dHN3eU9yVTZjeExmaElEWXNqeGlUWXFtYm5zSTRZcTNkYVNnNC9pQVhmb0NNZVVUOHpSelF1TkFFWkEvT/VZROUZMZlgzSWVWUTlKU2xycTFONUgySThWTUtNdW1FQ3lZYWN4cGFRanBsdHBZWml3bHRkblhnNDhGYmJhMTFBVHBOK1ExT1ZsTzFiQlc3/UzFYa0c5OXR3Zkw4NnBMNmxjN1B6UFlNd3BBMm01T0lqRk50U1BKeUlmUDlXalV2aUFPcUVDalZDbWpsL0g5QjcyTUMzbHJLYnNka0EwMGF/zVlpQM3RJWk5nOHQzeVZDOFlEbWN4T2grU3NvbFFrR3dRbzdIVEVaSDAzZHF6Q1VTay81cDYreWVVTWwyV1BlTGdIQ20yd2NjendEcVhXN0/ZmVFdGbkRjKzNsTVE2MFV4b3R3Q0lXSTF2UmljM2tCUW1VVVFVL1poZjltaFdFQUp0Mm01UThoUzFvanIwcFoyM2RaVzFWbmllMlhTNnNOV/FdnaXJ1KzNaRm1zQUliNk5sNzJRdHpiQis5S2dacnRLRmdTeDV6a05yNUMxRzBIR3IyODBkd0NFemZXaGc0K2dCSUp1dndvcE5td1l5ZQ==/f66edd025510fa7a","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dw.malavida.com/RDdJVFMrUkpJQzYyV2FpL0s5K3p4cnppT0JVMlFGU2xxT1BIY09QaDhPMFVnT09xaGV6OTdCREs4NnZ2anBmc0ZRWFN1WUtVYktWaGFpRHp/QNkZSanhNWlVVUEFuakNBcmJpOWZld2R6M05pUWY4V1lZSzF4Yi9yRTNHWS9mRXhOc3FTUDlIQWJieUVCeng1YTVpOFN6cjBZNHdpZ2dOU0/tZK0x2a0hoRStML0ttMHRadjN2dHN3eU9yVTZjeExmaElEWXNqeGlUWXFtYm5zSTRZcTNkYVNnNC9pQVhmb0NNZVVUOHpSelF1TkFFWkEvT/VZROUZMZlgzSWVWUTlKU2xycTFONUgySThWTUtNdW1FQ3lZYWN4cGFRanBsdHBZWml3bHRkblhnNDhGYmJhMTFBVHBOK1ExT1ZsTzFiQlc3/UzFYa0c5OXR3Zkw4NnBMNmxjN1B6UFlNd3BBMm01T0lqRk50U1BKeUlmUDlXalV2aUFPcUVDalZDbWpsL0g5QjcyTUMzbHJLYnNka0EwMGF/zVlpQM3RJWk5nOHQzeVZDOFlEbWN4T2grU3NvbFFrR3dRbzdIVEVaSDAzZHF6Q1VTay81cDYreWVVTWwyV1BlTGdIQ20yd2NjendEcVhXN0/ZmVFdGbkRjKzNsTVE2MFV4b3R3Q0lXSTF2UmljM2tCUW1VVVFVL1poZjltaFdFQUp0Mm01UThoUzFvanIwcFoyM2RaVzFWbmllMlhTNnNOV/FdnaXJ1KzNaRm1zQUliNk5sNzJRdHpiQis5S2dacnRLRmdTeDV6a05yNUMxRzBIR3IyODBkd0NFemZXaGc0K2dCSUp1dndvcE5td1l5ZQ==/f66edd025510fa7a","sourceIndex":"315"}],"sampleFiles":["241127/WinMendHistoryCleaner-200818/1.4.2.0/Samples/HistoryCleaner.exe","241127/WinMendHistoryCleaner-200818/1.4.2.0/Samples/WinMend-History-Cleaner.exe"],"imageFiles":["241127/WinMendHistoryCleaner-200818/1.4.2.0/Images/ACR-004/ACR-004.png"],"nonDeceptorImageFiles":[],"guid":"40de6547-f0c4-4331-8ef8-1eafc34af991_1.4.2.0_1","appID":"WinMendHistoryCleaner-200818","dateAdded":"241127","deceptorType":"App","name":"WinMend History Cleaner ","company":"WinMend.com","version":"1.4.2.0","lastKnownStatus":"2.0.0.0;1.4.2.0","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T22:59:14.9185431+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":410},{"violations":{"ACR-042":"The files related to the \"EagleGet New tab\" gets dropped even after unchecking the \"Install EagleGet New tab\" option.\n","ACR-043":"The \"Luminati\" related components are dropped before obtaining the user's agree and consent\n","ACR-048":"The app does not provide any control to enable/disable the sharing network connection for money earning feature.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer.\n","ACR-085":"More information is needed for the \"Help us improve EagleGet\" option during install.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains 3rd party components on the device without the consumer's consent or notifying user.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not provide any control to enable/disable the sharing network connection for the money earning feature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\EagleGet\\EagleGet.exe","companyName":"EagleGet.com","productName":"EagleGet Downloader","productVersion":"2.1.6.70","fileVersion":"2.1.6.70","hashMD5":"8d8aefc2b4d66894bd68ed2dbdc86fe4","hashSHA1":"1025b9dcf7e31e9ecc476071990c36c7cf4a518d","hashSHA256":"7ac390e54c07f2050d8a8952459760d9053662c16b54a13bac392ea675c1c15b","digitalCertThumbprint":"5D46AB1CD0560AEFEF056BA8AD158177280D7E49","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Beijing Pu Technology Limited","storeId":"","sourceIndex":"1533","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"eagleget_setup.exe","isInstaller":"True","companyName":"EagleGet                                                    ","productName":"EagleGet                                                    ","productVersion":"2.1.6.70            ","fileVersion":"2.1.6.70            ","hashMD5":"69f26e335a173717a64cd3b5458b9897","hashSHA1":"7c5f488dd4da20ab7f98ef5308a358ba5a28dc6d","hashSHA256":"33d92d63e2031bcde9fd355b5a9cb725e9203773cc05f1ceb87de2c08f042ac8","digitalCertThumbprint":"5D46AB1CD0560AEFEF056BA8AD158177280D7E49","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Beijing Pu Technology Limited","storeId":"","sourceIndex":"1533","avBlockList":["Avast Premium Security (20241128)","AVG Internet Security (20241128)","Avira Internet Security (20241128)","Bitdefender Internet Security (20241128)","ESET Internet Security (20241128)","G DATA INTERNET SECURITY (20241128)","Malwarebytes Premium (20241128)","McAfee Total Protection (20241128)","Norton Security (20241128)","Panda Dome (20241128)","Quick Heal Internet Security (20241128)","Sophos Home Premium (20241128)","SpyHunter5 (20241128)","Total AV Antivirus Pro (20241128)","VIPRE Advanced Security (20241128)","VirIT eXplorer PRO (20241128)","Webroot SecureAnywhere (20241128)","Windows Defender (20241128)","FortectPremium (20241128)","KasperskyPremium (20241128)"],"avAllowList":["360 Total Security (20241128)","COMODO Antivirus (20241128)","Dr.Web Security Space (20241128)","K7 Total Security (20241128)","Kaspersky Internet Security (20220125)","Tencent PC Manager (20220125)","Trend Micro Internet Security (20241128)"]}],"additionalFiles":[],"sources":[{"howFound":"resource sharing SDK bundler","reference":"","landingPage":"https://eagleget.en.softonic.com/download","directDownloadingLink":"https://eagleget.en.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://eagleget.en.softonic.com/download","sourceIndex":"1533"}],"sampleFiles":["220112/EagleGet-220107/2.1.6.70/Samples/eagleget_setup.exe"],"imageFiles":["220112/EagleGet-220107/2.1.6.70/Images/ACR-043/ACR-043_Install.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-042/ACR-042_Install.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-042/ACR-042_Install_1.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-085/ACR-085_Install.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-084/ACR-084_Software__Process.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-048/ACR-048_Software_No_Control.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-007/ACR-007_Software.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-007/ACR-007_Software_1.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220112/EagleGet-220107/2.1.6.70/Images/ACR-045/ACR-045_Software_No_Control.JPG","220112/EagleGet-220107/2.1.6.70/Images/ACR-045/ACR-045_Software_No_Control_1.JPG"],"guid":"315d2e49-5969-4249-8a01-baa89621595c_2.1.6.70_1","appID":"EagleGet-220107","dateAdded":"241127","deceptorType":"App","name":"EagleGet","company":"Beijing Pu Technology Limited","version":"2.1.6.70","sigName":"Deceptor:Win32/EagleGet!043042085084048007118","lastKnownStatus":"2.1.6.70;2.1.6.50","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":413},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it  which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"ladmin.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"5770ef9d74901ddf72d1fb39c29d82fe","hashSHA1":"78b44316997a89d73a04dc345ead250772f9433b","hashSHA256":"37722eea76a929cd6284e9318c171b0b90be66b109040d96456835b33b6f7076","sourceIndex":"1807","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LLSetup.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"f28f3f995dc8b31fb7ccb67d10c26623","hashSHA1":"d6d437487af65adc6aad92cb456633764911f539","hashSHA256":"2334445ee2b6b53b1be2908b97d8a9a9555302661ffefd26cbefbe759fdea87b","sourceIndex":"1807","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","Trend Micro Internet Security (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":["COMODO Antivirus (20211028)"]},{"isRevoked":"False","fileName":"lmonitor.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"c4842394b444045b1351d6e723af5df0","hashSHA1":"af18469971fae29c349e805cd3e2676d8c3f5bd4","hashSHA256":"4641655ec2158b4f3660c230eea98096a8126f7977f082148a3421c3cee8021e","sourceIndex":"1807","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/keylogger/benefits","directDownloadingLink":"https://hwsuite-2021.online/LLSetup.exe?token=1633949403_e6915d3ac5e267396e6f716740d81638637395fc&fileName=LLSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/LLSetup.exe?token=1633949403_e6915d3ac5e267396e6f716740d81638637395fc&fileName=LLSetup.exe","sourceIndex":"1807"}],"sampleFiles":["211011/LightLoggerKeylogger-200819/6.20.3.1/Samples/ladmin.exe","211011/LightLoggerKeylogger-200819/6.20.3.1/Samples/LLSetup.exe","211011/LightLoggerKeylogger-200819/6.20.3.1/Samples/lmonitor.exe"],"imageFiles":["211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-048/LightLogger Keylogger_ControlPanel [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-084/LightLogger Keylogger_Interactions [5].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-084/LightLogger Keylogger_Interactions [7].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-086/LightLogger Keylogger_Interactions [5].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-086/LightLogger Keylogger_Interactions [6].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-086/LightLogger Keylogger_Interactions [7].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-007/LightLogger Keylogger_RunningProcess [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-007/LightLogger Keylogger_Interactions [5].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-007/LightLogger Keylogger_Interactions [7].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-116/LightLogger Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-092/LightLogger Keylogger_FileProperty [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-092/LightLogger Keylogger_FileProperty [2].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-092/LightLogger Keylogger_FileProperty [3].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-099/LightLogger Keylogger_LandingPage [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-161/LightLogger Keylogger_LandingPage [1].png","211011/LightLoggerKeylogger-200819/6.20.3.1/Images/ACR-099/LightLogger Keylogger_OfferPage [1].png"],"guid":"ffa07067-c55b-4ac7-a37a-b3fa120e2c00_6.20.3.1_1","appID":"LightLoggerKeylogger-200819","dateAdded":"241126","deceptorType":"App","name":"LightLogger Keylogger for Parents","company":"HeavenWard","version":"6.20.3.1","sigName":"Deceptor:Win32/LightLoggerKeyloggerforParents!048084086007116","lastKnownStatus":"6.20.2.4;6.20.3.1;6.20.3.0;6.20.2.20","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":417},{"violations":{"ACR-048":"The app is not able to be deleted from the Control Panel\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app cannot be uninstalled through Control Panel.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"LLSetup.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"8c595675a085d143207b92daacf4e226","hashSHA1":"7a3f050844d14794e7bfb96c65bdc6a478777272","hashSHA256":"9893409c257474e36ab75738888dcadabed7c2ea04ebe1946196283eac745841","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"2126","avBlockList":["360 Total Security (20250213)","Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Bitdefender Internet Security (20250213)","COMODO Antivirus (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","G DATA INTERNET SECURITY (20250213)","K7 Total Security (20250213)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20250213)","Trend Micro Internet Security (20250213)","VIPRE Advanced Security (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)","Windows Defender (20250213)","FortectPremium (20250213)","KasperskyPremium (20250213)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ladmin.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"217e0991ef77600649bbff0d42621583","hashSHA1":"061628802953978d5951979b154492daf20228f7","hashSHA256":"8de9fbe02f6ed7e41a966a90bcdb8879e466d8f2eca7a09c74e72342f3e8022b","sourceIndex":"2126","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Windows Keylogger","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/keylogger/benefits","directDownloadingLink":"https://files.hw-2019.info/LLSetup.exe?token=1597833163_e90ae90c89f5d85dcdcee558a1a70333&fileName=LLSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/LLSetup.exe?token=1597833163_e90ae90c89f5d85dcdcee558a1a70333&fileName=LLSetup.exe","sourceIndex":"2126"}],"sampleFiles":["200820/LightLoggerKeylogger-200819/6.20.2.4/Samples/LLSetup.exe","200820/LightLoggerKeylogger-200819/6.20.2.4/Samples/ladmin.exe"],"imageFiles":["200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-048/LightLoggerKeylogger_RunningProcess [2].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-084/LightLoggerKeylogger_Interactions [4] Settings_HotKey.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-084/LightLoggerKeylogger_Logs [1].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-086/LightLoggerKeylogger_Interactions [3] Settings.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-086/LightLoggerKeylogger_Interactions [4] Settings_HotKey.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-007/LightLoggerKeylogger_RunningProcess [1].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-007/LightLoggerKeylogger_Interactions [3] Settings.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-007/LightLoggerKeylogger_Interactions [4] Settings_HotKey.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-116/LightLoggerKeylogger_RunningProcess [2].png"],"nonDeceptorImageFiles":["200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-099/LightLoggerKeylogger_LandingPage [1].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-099/LightLoggerKeylogger_LandingPage [2].png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-161/LightLoggerKeylogger_LandingPage [3] Testimonials.png","200820/LightLoggerKeylogger-200819/6.20.2.4/Images/ACR-099/LightLoggerKeylogger_OfferPage [1].png"],"guid":"ffa07067-c55b-4ac7-a37a-b3fa120e2c00_6.20.2.4_1","appID":"LightLoggerKeylogger-200819","dateAdded":"241126","deceptorType":"App","name":"LightLogger Keylogger for Parents","company":"HeavenWard","version":"6.20.2.4","sigName":"Deceptor:Win32/LightLoggerStalkerware!048084086007116","lastKnownStatus":"6.20.2.4;6.20.3.1;6.20.3.0;6.20.2.20","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":418},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it  which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"ladmin.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"0f3462f2e1670366a29f4c8e4b19d430","hashSHA1":"990747165a28c8b5e6db974c03ed0e11c8b60f1a","hashSHA256":"3941f3e0ee9f689ad395c594712b18e51099f0b359d099d72c3adebe586423a7","sourceIndex":"1739","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LLSetup.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"c705383852dc4da7f4e4175ecc87789a","hashSHA1":"f1e08de8b4981e76b2ccdf38f04f040305c32e4f","hashSHA256":"21a34575c446b037c1d97bd51fb778857d0a225e2e85f013038ea5036be66e86","sourceIndex":"1739","avBlockList":["360 Total Security (20241128)","Avast Premium Security (20241128)","AVG Internet Security (20241128)","Avira Internet Security (20241128)","Bitdefender Internet Security (20241128)","COMODO Antivirus (20241128)","Dr.Web Security Space (20241128)","ESET Internet Security (20241128)","G DATA INTERNET SECURITY (20241128)","K7 Total Security (20241128)","Kaspersky Internet Security (20220113)","Malwarebytes Premium (20241128)","McAfee Total Protection (20241128)","Norton Security (20241128)","Panda Dome (20241128)","Quick Heal Internet Security (20241128)","Sophos Home Premium (20241128)","SpyHunter5 (20241128)","Tencent PC Manager (20220113)","Total AV Antivirus Pro (20241128)","VIPRE Advanced Security (20241128)","VirIT eXplorer PRO (20241128)","Webroot SecureAnywhere (20241128)","Windows Defender (20241128)","FortectPremium (20241128)","KasperskyPremium (20241128)"],"avAllowList":["Trend Micro Internet Security (20241128)"]},{"isRevoked":"False","fileName":"lmonitor.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"7b2892f8a4fb802fdd3e4562d5bea21b","hashSHA1":"6b3395cc8f666fffadaa2568f1b2aa63b3710c8f","hashSHA256":"ddfd9a6c5340e570ae85ab0c773a63873e2246b9a77a6d616f172d28b445751c","sourceIndex":"1739","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/keylogger/benefits","directDownloadingLink":"https://hwsuite-2021.online/LLSetup.exe?token=1640607223_f24c861bea549b441d5e4f7cf477761c6e8ccc8e&fileName=LLSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/LLSetup.exe?token=1640607223_f24c861bea549b441d5e4f7cf477761c6e8ccc8e&fileName=LLSetup.exe","sourceIndex":"1739"}],"sampleFiles":["211231/LightLoggerKeylogger-200819/6.20.3.0/Samples/ladmin.exe","211231/LightLoggerKeylogger-200819/6.20.3.0/Samples/LLSetup.exe","211231/LightLoggerKeylogger-200819/6.20.3.0/Samples/lmonitor.exe"],"imageFiles":["211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-048/LightLogger_ControlPanel [1].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-084/LightLogger_Interactions [3].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-084/LightLogger_Interactions [4].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-086/LightLogger_Interactions [2].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-086/LightLogger_Interactions [3].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-086/LightLogger_Interactions [4].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-007/LightLogger_Interactions [3].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-007/LightLogger_Interactions [4].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-116/LightLogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-092/LightLogger_FileProperty [1].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-092/LightLogger_FileProperty [2].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-092/LightLogger_FileProperty [3].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-099/LightLogger_LandingPage [1].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-161/LightLogger_LandingPage [2].png","211231/LightLoggerKeylogger-200819/6.20.3.0/Images/ACR-099/LightLogger_OfferPage [1].png"],"guid":"ffa07067-c55b-4ac7-a37a-b3fa120e2c00_6.20.3.0_1","appID":"LightLoggerKeylogger-200819","dateAdded":"241126","deceptorType":"App","name":"LightLogger Keylogger for Parents","company":"HeavenWard","version":"6.20.3.0","lastKnownStatus":"6.20.2.4;6.20.3.1;6.20.3.0;6.20.2.20","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":416},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily.\n","ACR-007":"App requires hotkey to open and does not indicate to user that it is running in the background. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. The app requires a hotkey to open it which prevents the targeted consumer from finding it.\n\n2. Does not appear in systray, even when the app is running in the background, so user cannot tell if it is running.\n","ACR-085":"Keylogger may potentially collect sensitive information from users and stores collected data in non-encrypted plaintext files. \n\nApp requires hotkey to open and does not indicate to user that it is running in the background. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-086":"App requires hotkey to open and does not indicate to user that it is running in the background, meaning the targeted consumer has no idea that their data is being collected.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"LLSetup.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"8c595675a085d143207b92daacf4e226","hashSHA1":"7a3f050844d14794e7bfb96c65bdc6a478777272","hashSHA256":"9893409c257474e36ab75738888dcadabed7c2ea04ebe1946196283eac745841","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"332","avBlockList":["360 Total Security (20250213)","Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Bitdefender Internet Security (20250213)","COMODO Antivirus (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","G DATA INTERNET SECURITY (20250213)","K7 Total Security (20250213)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20250213)","Trend Micro Internet Security (20250213)","VIPRE Advanced Security (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)","Windows Defender (20250213)","FortectPremium (20250213)","KasperskyPremium (20250213)"],"avAllowList":[]},{"isRevoked":"False","fileName":"lmonitor.exe","companyName":"HeavenWard","fileVersion":"6.20","hashMD5":"32afc09e040ebe58bf3591aefeaee98d","hashSHA1":"d6ed898d60f850e0abd0ab2de38c1e40c1289ae7","hashSHA256":"f2b362b2a72d118c7f1088e75bbb7cf56b395280085dad3023bdbbdb1a099900","sourceIndex":"332","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Follow-up on old deceptors","reference":"https://www.hwsuite.com/","landingPage":"https://www.hwsuite.com/keylogger/benefits","directDownloadingLink":"https://hwsuiteshop.cloud/LLSetup.exe?token=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuiteshop.cloud/LLSetup.exe?token=","sourceIndex":"332"}],"sampleFiles":["241126/LightLoggerKeylogger-200819/6.20.2.20/Samples/LLSetup.exe","241126/LightLoggerKeylogger-200819/6.20.2.20/Samples/lmonitor.exe"],"imageFiles":["241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-048/uninstall.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-084/hotkey.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-084/systray.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-086/hotkey.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-086/systray.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-085/systray.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-085/hotkey.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-085/plaintext.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-007/hotkey.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-007/systray.png","241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-116/uninstall.png"],"nonDeceptorImageFiles":["241126/LightLoggerKeylogger-200819/6.20.2.20/Images/ACR-161/testimonials.png"],"guid":"ffa07067-c55b-4ac7-a37a-b3fa120e2c00_6.20.2.20_1","appID":"LightLoggerKeylogger-200819","dateAdded":"241126","deceptorType":"App","name":"LightLogger Keylogger for Parents","company":"HeavenWard","version":"6.20.2.20","lastKnownStatus":"6.20.2.4;6.20.3.1;6.20.3.0;6.20.2.20","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:17.6629205+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":415},{"violations":{"ACR-048":"Installation can't be cancelled by standard platform interface.\nApplication doesn't allow user to cancel the service collecting user data immediately. The collecting data status is always on until uninstall the application\n","ACR-007":"Application doesn't provides explicit notification to all affected user (different login user) and obtains informed user consent when reducing the default safety related with different user.\n","ACR-084":"1. After installing, the application running in background and being active in systray with without notifying user. 2. The application doesn't show notification when a different user login system. The app is hiding from all the users affected, however collecting the data from those users.\n","ACR-118":"Application leaves an important executable even after application uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"po_setup_EN.exe","isInstaller":"True","companyName":"VoiceFive, Inc                                              ","fileVersion":"1.1","hashMD5":"a6af840731a9ecdd1950a7cdcc528096","hashSHA1":"a03bc0208b50b701f82e6114066769cffb8d3c93","hashSHA256":"92865f427dc8aa061d25a15965bdffe94c25dd44d2ad1905fb86ff48d2f96031","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"339","avBlockList":["360 Total Security (20250213)","Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Bitdefender Internet Security (20250213)","COMODO Antivirus (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","FortectPremium (20250213)","G DATA INTERNET SECURITY (20250213)","K7 Total Security (20250213)","KasperskyPremium (20250213)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Total AV Antivirus Pro (20250213)","VIPRE Advanced Security (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)"],"avAllowList":["Trend Micro Internet Security (20250213)","Windows Defender (20250213)"]},{"isRevoked":"False","fileName":"pmropn.exe","companyName":"VoiceFive, Inc.","fileVersion":"1.3","hashMD5":"f27f98c1a877f9ca6f06c23bed4014ca","hashSHA1":"25a231319659c30d6f86a5c9cdd1747d7c471542","hashSHA256":"1ed47933c9f33c4860ecc0bf1ba7525212aa00054037a9a51a8d8f5ce3b821bd","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"339","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmropn32.exe","companyName":"VoiceFive, Inc.","fileVersion":"1.0","hashMD5":"6e4d6b68e9565c4cc7791b00c2094ff9","hashSHA1":"965a00a5a8bb05b35fbaa357951779ea3b71e392","hashSHA256":"65d6f18e1b366aff5343c3f6628041329e7c1375d18ba57076b19bf5f48bc483","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"339","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmropn64.exe","companyName":"VoiceFive, Inc.","fileVersion":"1.0","hashMD5":"ae5bbcc69b05359d0d5cc72ca6a1262e","hashSHA1":"6843bd883d50216be44065411a983a4bcccdcc91","hashSHA256":"12bfd1007634138b22c56ead24db02a1fe3a4d4b7fe04d30cd07a0ff5d4c8425","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"339","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmservice.exe","companyName":"VoiceFive, Inc.","fileVersion":"1.1","hashMD5":"4ef95918e313c7ca01084629416fc714","hashSHA1":"5bdaba6920d3f4d1f8ea47ce693276530b5f2a9c","hashSHA256":"303707068aab06ab0341178558c28ce1670d10f16c39522859c4f21097a87ee9","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"339","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmls.dll","companyName":"VoiceFive, Inc.","fileVersion":"4.0","hashMD5":"50a0c6c01cdc5d2690ccd1f1541f6670","hashSHA1":"c5e017a468efb70eabb1f861784edac62acb0e17","hashSHA256":"f9a853830949bb22d6f4d128d71a0ab923d9b5549c0dc8785c7de7d1a4eabf99","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"339","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pmls64.dll","companyName":"VoiceFive, Inc.","fileVersion":"4.0","hashMD5":"aa56cb7fd83150c3a75cd6a0de97eb78","hashSHA1":"34415c5c8e57cfe9a7b4a498eacfe1403f3191ec","hashSHA256":"034e066829d28bbc81604250f6df721a35ab1c0898ab82bef6305ffada240765","digitalCertThumbprint":"D7EED9A7BD1542798341A10D5FDAEEF9A9E94B11","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"VOICEFIVE, INC.\", O=\"VOICEFIVE, INC.\", L=Reston, S=Virginia, C=US","sourceIndex":"339","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"RelevantKnowledge","reference":"","landingPage":"","directDownloadingLink":"https://www.premieropinion.com/Download/po_setup_EN.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.premieropinion.com/Download/po_setup_EN.exe","sourceIndex":"339"}],"sampleFiles":["241126/PremierOpinion-241126/1.3.340.310/Samples/po_setup_EN.exe"],"imageFiles":["241126/PremierOpinion-241126/1.3.340.310/Images/ACR-048/ACR-048.png","241126/PremierOpinion-241126/1.3.340.310/Images/ACR-007/ACR-007.png","241126/PremierOpinion-241126/1.3.340.310/Images/ACR-084/ACR-084.png","241126/PremierOpinion-241126/1.3.340.310/Images/ACR-048/ACR-048-2.png","241126/PremierOpinion-241126/1.3.340.310/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"cd139684-ebcf-45cf-af6b-71c4cc498940_1.3.340.310_1","appID":"PremierOpinion-241126","dateAdded":"241126","deceptorType":"App","name":"PremierOpinion","company":"VOICEFIVE, INC","version":"1.3.340.310","lastKnownStatus":"1.3.340.310","lastKnownDate":"241126","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2024-11-26T23:31:24.9549236+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":414},{"violations":{"ACR-042":"The app drops an expired Trusted Root Certificate (.crt file) without obtaining the consumer's permission through explicit user action. \n","ACR-043":"1. The app drops an expired Trusted Root Certificate without disclosing it.\n2. 'Open VPN' components are installed without disclosing it. \n","ACR-107":"Application misses the relevant license information about open source project used \"OpenVPN\".\n","ACR-048":"The app does not provide any control to enable/disable the startup that it created and to remove the background process completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by dropping a trust root certificate.\n","ACR-084":"1. The app creates undisclosed startup to perform actions without the consumer's knowledge and consent. \n2. On closing the app, the processes \"BartVPN.exe\" and \"BartVPNService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app misleads by stating \"UnProtected Network\" in a big-sized font inside the software, even though another VPN (tunnel bear) is connected and running.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"file.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9dc3ae10a3ea4b6f2ebc076dfb1225ab","hashSHA1":"478f4da35ff4489a85e56f2b40f151c809bec43b","hashSHA256":"3b7d7eaa4a437c88280fdd3db7440961fa92b043e00fcf13af78177058da7d28","digitalCertThumbprint":"D48247B7A91894D3661C9AE0B02BE7304767F760","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Red Sky Sp. z o.o., O=Red Sky Sp. z o.o., L=Szczecin, S=Zachodniopomorskie, C=PL","sourceIndex":"353","avBlockList":["Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","FortectPremium (20250213)","G DATA INTERNET SECURITY (20250213)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Total AV Antivirus Pro (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)"],"avAllowList":["360 Total Security (20250213)","Bitdefender Internet Security (20250213)","COMODO Antivirus (20250213)","K7 Total Security (20250213)","KasperskyPremium (20250213)","Trend Micro Internet Security (20250213)","VIPRE Advanced Security (20250213)","Windows Defender (20250213)"]},{"isRevoked":"False","fileName":"NetCategoryChecker.exe","companyName":"Red Sky","fileVersion":"1.0","hashMD5":"cc94a2edc91ede596cfacac78edd15f9","hashSHA1":"e7d474428222aabd469a114f7d84dea062bc3489","hashSHA256":"b92bc7d9530162ae4da1e2b734bba79604d8c82f4512b95dc59dad12c2a08bc7","sourceIndex":"353","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BartVPN.exe","companyName":"RedSky Sp. z o.o.","fileVersion":"1.0","hashMD5":"c9e38f69f02a244b4755c08d8c27fd7c","hashSHA1":"4c1ad52ce494693965df7f6f2dd475fa3107fc06","hashSHA256":"27820cfb44a87251600cb50d1f90750cc4c94d6c28e22cfb325961ca1afdac12","digitalCertThumbprint":"D48247B7A91894D3661C9AE0B02BE7304767F760","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Red Sky Sp. z o.o., O=Red Sky Sp. z o.o., L=Szczecin, S=Zachodniopomorskie, C=PL","sourceIndex":"353","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BartVPNService.exe","fileVersion":"0.0","hashMD5":"269ed8e5b4cee12b4d692eb216c9fcc4","hashSHA1":"845de919ec221f1edeec377d49ddb15dce86bce9","hashSHA256":"2a65ff065d33080d53827fc70ed266166a2c8af10e58086d2d22555279ab076e","digitalCertThumbprint":"D48247B7A91894D3661C9AE0B02BE7304767F760","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Red Sky Sp. z o.o., O=Red Sky Sp. z o.o., L=Szczecin, S=Zachodniopomorskie, C=PL","sourceIndex":"353","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BartVPNToolbar.exe","companyName":"BartVPN Toolbar                                             ","fileVersion":"0.0","hashMD5":"e651c71efac34a0928ca2c0a949a7df5","hashSHA1":"c62dd4b70df14b547cd2bee29b520562d8d08875","hashSHA256":"8208de60d798ba8ff19a71d22ba785af0f3d3d33be2b76fed84c240173e3b3e2","digitalCertThumbprint":"7966D010108863CC1ED6F5681ED8018F8CAC47B1","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Simply Tech Ltd, O=Simply Tech Ltd, STREET=10 Zarhin street, L=Raanana, S=Raanana, PostalCode=43662, C=IL","sourceIndex":"353","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"","directDownloadingLink":"https://en.softonic.com/download/bartvpn/windows/post-download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.softonic.com/download/bartvpn/windows/post-download","sourceIndex":"353"}],"sampleFiles":["241119/bartvpn-220621/0.5.479/Samples/file.exe"],"imageFiles":["241119/bartvpn-220621/0.5.479/Images/ACR-043/ACR-043_Install_1.png","241119/bartvpn-220621/0.5.479/Images/ACR-107/ACR-107_Install_1.png","241119/bartvpn-220621/0.5.479/Images/ACR-042/ACR-042_Install_1.png","241119/bartvpn-220621/0.5.479/Images/ACR-007/ACR-007_Install_1.png","241119/bartvpn-220621/0.5.479/Images/ACR-084/ACR-084_Software_1.JPG","241119/bartvpn-220621/0.5.479/Images/ACR-084/ACR-084_Software_2.png","241119/bartvpn-220621/0.5.479/Images/ACR-048/ACR-048_Software_1.JPG","241119/bartvpn-220621/0.5.479/Images/ACR-048/ACR-048_Software_2.png","241119/bartvpn-220621/0.5.479/Images/ACR-014/ACR-014_Software.JPG","241119/bartvpn-220621/0.5.479/Images/ACR-014/ACR-014_Software_1.JPG"],"nonDeceptorImageFiles":[],"guid":"8f7d9c42-965a-49d8-8c34-3c714a8eee64_0.5.479_1","appID":"bartvpn-220621","dateAdded":"241119","deceptorType":"App","name":"BartVPN","company":"RedSky Sp. z o.o.","version":"0.5.479","lastKnownStatus":"1.1.606;0.5.479","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-19T22:05:54.3413064+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":419},{"violations":{"ACR-042":"The app drops an expired Trusted Root Certificate (.crt file) without obtaining the consumer's permission through explicit user action. \n","ACR-043":"1. The app drops an expired Trusted Root Certificate without disclosing it.\n2. 'Open VPN' components are installed without disclosing it. \n","ACR-107":"Application misses the relevant license information about open source project used \"OpenVPN\".\n","ACR-048":"The app does not provide any control to enable/disable the startup that it created and to remove the background process completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by dropping a trust root certificate.\n","ACR-084":"1. The app creates undisclosed startup to perform actions without the consumer's knowledge and consent. \n2. On closing the app, the processes \"BartVPN.exe\" and \"BartVPNService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app misleads by stating \"UnProtected Network\" in a big-sized font inside the software, even though another VPN (tunnel bear) is connected and running.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a default hidden folder  <C:\\Users\\User\\AppData\\Local\\BartVPN> instead of the standard location.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BartVPN\\BartVPN.exe","companyName":"RedSky Sp. z o.o.","productName":"BartVPN","productVersion":"1.0","fileVersion":"1.1.606","hashMD5":"444ddf1a756e83b8e1422d53ccdeae7d","hashSHA1":"90aec169a657216ea76381a0e4c4743c64a498d3","hashSHA256":"cd584051e32635b6165fb7c60d6da13f7c5bf777bd0536028a1a9b2a908ea08d","digitalCertThumbprint":"7077710A2B487A2623A31E21026CAE020BE62708","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Red Sky Sp. z o.o.","storeId":"","sourceIndex":"1550","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BartVPN\\BartVPNService.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"d2d7fa2966d464ec5adbeb9363a2fe86","hashSHA1":"5cec89e0f4464c109e93ffe391a463bf907e4ddb","hashSHA256":"0570b639755a8252715cee1e2cc1b0bb8412737d1c5afbd275be14594250ad79","digitalCertThumbprint":"7077710A2B487A2623A31E21026CAE020BE62708","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Red Sky Sp. z o.o.","storeId":"","sourceIndex":"1550","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BartVPN.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3f72dca3271628ca28abaada6901bd37","hashSHA1":"886e6b0b21c1898bab05bc4712cbf746eb936bd3","hashSHA256":"d0112957c54eae62f9361e94578065a1756fa36a5cd746f6df0be4880e79bda9","digitalCertThumbprint":"7077710A2B487A2623A31E21026CAE020BE62708","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Red Sky Sp. z o.o.","storeId":"","sourceIndex":"1550","avBlockList":["Avast Premium Security (20241121)","AVG Internet Security (20241121)","Avira Internet Security (20241121)","Bitdefender Internet Security (20241121)","COMODO Antivirus (20241121)","Dr.Web Security Space (20241121)","G DATA INTERNET SECURITY (20241121)","K7 Total Security (20241121)","Malwarebytes Premium (20241121)","McAfee Total Protection (20241121)","Norton Security (20241121)","Panda Dome (20241121)","Quick Heal Internet Security (20241121)","Sophos Home Premium (20241121)","SpyHunter5 (20241121)","Total AV Antivirus Pro (20241121)","VIPRE Advanced Security (20241121)","VirIT eXplorer PRO (20241121)","Webroot SecureAnywhere (20241121)","Windows Defender (20241121)","FortectPremium (20241121)"],"avAllowList":["360 Total Security (20241121)","ESET Internet Security (20241121)","Kaspersky Internet Security (20220721)","Tencent PC Manager (20220721)","Trend Micro Internet Security (20241121)","KasperskyPremium (20241121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"","directDownloadingLink":"https://www.softpedia.com/dyn-postdownload.php/0d91a4e441b8dfb8c442e20e544f67ac/62b197f8/3731e/4/1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softpedia.com/dyn-postdownload.php/0d91a4e441b8dfb8c442e20e544f67ac/62b197f8/3731e/4/1","sourceIndex":"1550"}],"sampleFiles":["220621/bartvpn-220621/1.1.606/Samples/BartVPN.exe"],"imageFiles":["220621/bartvpn-220621/1.1.606/Images/ACR-043/ACR-043_Install.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-043/ACR-043_Install_1.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-107/ACR-107_Install.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-042/ACR-042_Install.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-007/ACR-007_Install.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-084/ACR-084_Software.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-084/ACR-084_Software_1.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-048/ACR-048_Software.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-048/ACR-048_Software_1.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-014/ACR-014_Software.JPG","220621/bartvpn-220621/1.1.606/Images/ACR-014/ACR-014_Software_1.JPG"],"nonDeceptorImageFiles":["220621/bartvpn-220621/1.1.606/Images/ACR-040/ACR-040_Install.JPG"],"guid":"8f7d9c42-965a-49d8-8c34-3c714a8eee64_1.1.606_1","appID":"bartvpn-220621","dateAdded":"241119","deceptorType":"App","name":"BartVPN","company":"RedSky Sp. z o.o.","version":"1.1.606","lastKnownStatus":"1.1.606;0.5.479","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":420},{"violations":{"ACR-048":"Installation can't be cancelled by standard platform interface.\n","ACR-007":"Application doesn't provides explicit notification to all affected user (different login user) and obtains informed user consent when reducing the default safety related with different user.\n","ACR-084":"1. After installing, the application running in background and being active in systray with without notifying user. \n2. The application doesn't show notification when a different user login system. The app is hiding from all the users affected, however collecting the data from those users.\n","ACR-118":"Application leaves an important executable even after application uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rs_setup_en.exe","isInstaller":"True","companyName":"Creative Knowledge, Inc.                                    ","fileVersion":"1.2","hashMD5":"ab7994d727eaa377a5cc368d6c94dadd","hashSHA1":"df4368211d2eaab8932d43f58beeed5a0d65d66f","hashSHA256":"77cd41b9798e2603706aa0dde2aef42897b5c871e942d832c1ac51cd7a4fa99a","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"438","avBlockList":["Avast Premium Security (20241105)","AVG Internet Security (20241105)","Avira Internet Security (20241105)","FortectPremium (20241105)","G DATA INTERNET SECURITY (20241105)","K7 Total Security (20241105)","Malwarebytes Premium (20241105)","McAfee Total Protection (20241105)","Norton Security (20241105)","Panda Dome (20241105)","Quick Heal Internet Security (20241105)","Sophos Home Premium (20241105)","SpyHunter5 (20241105)","Total AV Antivirus Pro (20241105)","VirIT eXplorer PRO (20241105)","Webroot SecureAnywhere (20241105)"],"avAllowList":["360 Total Security (20241105)","Bitdefender Internet Security (20241105)","COMODO Antivirus (20241105)","Dr.Web Security Space (20241105)","ESET Internet Security (20241105)","KasperskyPremium (20241105)","Trend Micro Internet Security (20241105)","VIPRE Advanced Security (20241105)","Windows Defender (20241105)"]},{"isRevoked":"False","fileName":"rsinstaller.exe","isInstaller":"True","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1","hashMD5":"493f2cb726f62b342e3284dc462bb07c","hashSHA1":"b0007fdce1f2edbf741f75d03ff2d25bc8b5de61","hashSHA256":"8bb86fad1d959282132ce94604bb56f85cb349a0a1b8f3273b0ec693fdc7f1f1","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"438","avBlockList":["Avast Premium Security (20241107)","AVG Internet Security (20241107)","Avira Internet Security (20241107)","FortectPremium (20241107)","G DATA INTERNET SECURITY (20241107)","K7 Total Security (20241107)","KasperskyPremium (20241107)","Malwarebytes Premium (20241107)","McAfee Total Protection (20241107)","Norton Security (20241107)","Panda Dome (20241107)","Quick Heal Internet Security (20241107)","Sophos Home Premium (20241107)","SpyHunter5 (20241107)","Total AV Antivirus Pro (20241107)","Trend Micro Internet Security (20241107)","VirIT eXplorer PRO (20241107)","Webroot SecureAnywhere (20241107)"],"avAllowList":["360 Total Security (20241107)","Bitdefender Internet Security (20241107)","COMODO Antivirus (20241107)","Dr.Web Security Space (20241107)","ESET Internet Security (20241107)","VIPRE Advanced Security (20241107)","Windows Defender (20241107)"]},{"isRevoked":"False","fileName":"RSNativeHostApp.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1","hashMD5":"f561f403b8e2a5ab26be8ed58942b687","hashSHA1":"0b02947a12b686925cd32ba61ecab2e8c05fab7a","hashSHA256":"bf6abd77b226076ebee67ac512b6d6ae1e495b473c39b2a1a39e7587b8707610","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"438","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rssvc.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1","hashMD5":"97b1efd915813a8d24832ea0b276bc4a","hashSHA1":"0f3e1c1f294686785e87cc3fde1841b26bf2ad59","hashSHA256":"f2129754aa4cfd419b746277a8b95306b78a5a42320b5e12b3d800642f96734c","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"438","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"com.researchsecure.json","fileVersion":"0.","hashMD5":"3711c243215a1b57100c8f7bc0a103ca","hashSHA1":"1eab77a75626b0a1f6a196fa862242a2a35377c5","hashSHA256":"b47a4d3de21ad9669f5633cc203032b42140aef30bce8549fe209dca371fdccb","sourceIndex":"438","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.researchsecure.com/home#about","directDownloadingLink":"https://www.researchsecure.com/download/rs_setup_en.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.researchsecure.com/download/rs_setup_en.exe","sourceIndex":"438"}],"sampleFiles":["241030/ResearchSecure-241030/1.2/Samples/rs_setup_en.exe","241030/ResearchSecure-241030/1.2/Samples/rsinstaller.exe","241030/ResearchSecure-241030/1.2/Samples/RSNativeHostApp.exe","241030/ResearchSecure-241030/1.2/Samples/rssvc.exe","241030/ResearchSecure-241030/1.2/Samples/com.researchsecure.json"],"imageFiles":["241030/ResearchSecure-241030/1.2/Images/ACR-048/ACR-048_Install_1.png","241030/ResearchSecure-241030/1.2/Images/ACR-048/ACR-048_Install_2.png","241030/ResearchSecure-241030/1.2/Images/ACR-084/ACR-084_Software_1.png","241030/ResearchSecure-241030/1.2/Images/ACR-007/ACR-007_Software_1.png","241030/ResearchSecure-241030/1.2/Images/ACR-007/ACR-007_Software_2.png","241030/ResearchSecure-241030/1.2/Images/ACR-007/ACR-007_Software_3.png","241030/ResearchSecure-241030/1.2/Images/ACR-007/ACR-007_Software_4.png","241030/ResearchSecure-241030/1.2/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"2dfebc01-934e-44bc-8814-cf18f1974968_1.2_1","appID":"ResearchSecure-241030","dateAdded":"241118","deceptorType":"App","name":"ResearchSecure","company":"Creative Knowledge, Inc.","version":"1.2","lastKnownStatus":"1.1.0.7","lastKnownDate":"241118","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers,search","lastUpdate":"2024-11-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":422},{"violations":{"ACR-048":"Installation can't be cancelled by standard platform interface.\n","ACR-007":"Application doesn't provides explicit notification to all affected user (different login user) and obtains informed user consent when reducing the default safety related with different user.\n","ACR-084":"1. After installing, the application running in background and being active in systray with without notifying user. \n2. The application doesn't show notification when a different user login system. The app is hiding from all the users affected, however collecting the data from those users.\n","ACR-118":"Application leaves an important executable even after application uninstallation completes.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rs_setup_en.exe","isInstaller":"True","companyName":"Creative Knowledge, Inc.                                    ","fileVersion":"1.2","hashMD5":"12e8022f3a2d2a52bb29add78a4882e7","hashSHA1":"ec054056b08f393ed61b424ac5249aab1e4ce20a","hashSHA256":"d5451c5e1b0613bcd8a58a2ed5b608a149de06f3997fe6c16dd82ed16417d291","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"355","avBlockList":["Avast Premium Security (20250213)","AVG Internet Security (20250213)","Avira Internet Security (20250213)","Bitdefender Internet Security (20250213)","Dr.Web Security Space (20250213)","ESET Internet Security (20250213)","FortectPremium (20250213)","G DATA INTERNET SECURITY (20250213)","K7 Total Security (20250213)","KasperskyPremium (20250213)","Malwarebytes Premium (20250213)","McAfee Total Protection (20250213)","Norton Security (20250213)","Panda Dome (20250213)","Quick Heal Internet Security (20250213)","Sophos Home Premium (20250213)","SpyHunter5 (20250213)","Total AV Antivirus Pro (20250213)","VIPRE Advanced Security (20250213)","VirIT eXplorer PRO (20250213)","Webroot SecureAnywhere (20250213)"],"avAllowList":["360 Total Security (20250213)","COMODO Antivirus (20250213)","Trend Micro Internet Security (20250213)","Windows Defender (20250213)"]},{"isRevoked":"False","fileName":"RSNativeHostApp.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1.0.7","hashMD5":"f561f403b8e2a5ab26be8ed58942b687","hashSHA1":"0b02947a12b686925cd32ba61ecab2e8c05fab7a","hashSHA256":"bf6abd77b226076ebee67ac512b6d6ae1e495b473c39b2a1a39e7587b8707610","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"355","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rssvc.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1.0.7","hashMD5":"97b1efd915813a8d24832ea0b276bc4a","hashSHA1":"0f3e1c1f294686785e87cc3fde1841b26bf2ad59","hashSHA256":"f2129754aa4cfd419b746277a8b95306b78a5a42320b5e12b3d800642f96734c","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"355","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rsinstaller.exe","companyName":"Creative Knowledge, Inc.","fileVersion":"1.1.0.7","hashMD5":"88eaba8abc2421bda4701cd47f0854c9","hashSHA1":"6d72782c2179f4a6011a093cbcc892a9dd311117","hashSHA256":"f134d64aa4e1dcccb83662e535018ab49aefcdbb269e7113117fbf55a63628a5","digitalCertThumbprint":"FBBADE4E00FE36655AAA0304BA6B8E3CC247CD4D","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CREATIVE KNOWLEDGE, INC\", O=\"CREATIVE KNOWLEDGE, INC\", L=Reston, S=Virginia, C=US, SERIALNUMBER=3959765, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"355","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.researchsecure.com/home#about","directDownloadingLink":"https://www.researchsecure.com/download/rs_setup_en.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.researchsecure.com/download/rs_setup_en.exe","sourceIndex":"355"}],"sampleFiles":["241118/ResearchSecure-241030/1.1.0.7/Samples/rs_setup_en.exe"],"imageFiles":["241118/ResearchSecure-241030/1.1.0.7/Images/ACR-048/ACR-048_Install_1.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-048/ACR-048_Install_2.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-084/ACR-084_Software_1.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-007/ACR-007_Software_1.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-007/ACR-007_Software_2.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-007/ACR-007_Software_3.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-007/ACR-007_Software_4.png","241118/ResearchSecure-241030/1.1.0.7/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":[],"guid":"2dfebc01-934e-44bc-8814-cf18f1974968_1.1.0.7_1","appID":"ResearchSecure-241030","dateAdded":"241118","deceptorType":"App","name":"ResearchSecure","company":"Creative Knowledge, Inc.","version":"1.1.0.7","lastKnownStatus":"1.1.0.7","lastKnownDate":"241118","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers,search","lastUpdate":"2024-11-19T00:57:06.8593724+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":421},{"violations":{"ACR-042":"Application makes network connection to undisclosed 3rd party for offers. (researchsecure.com)\n","ACR-010":"The app distributes deceptive application researchsecure which runs and be active in background without notifying all affected users and collecting the user related data.\n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in Research secure offer to silently install unrelated software\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeAudioEditor.exe","isInstaller":"True","companyName":"Copyright© 2005-2024 FAEMedia Inc.                         ","productName":"Free Audio Editor 2024                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"078f327e0f937596287e722a0ca60c45","hashSHA1":"0fea69bb7e584be35ad9cdc0744654bafb767e5f","hashSHA256":"5ecc7c8d78ad6d879d2ba6bf1e721cf24e329004ffc1ce14a5c2eda0e74c179f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"437","avBlockList":["Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)"],"avAllowList":["360 Total Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","KasperskyPremium (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","Windows Defender (20250121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://free-audio-editor.com/","directDownloadingLink":"https://www.free-audio-editor.com/FreeAudioEditor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-audio-editor.com/FreeAudioEditor.exe","sourceIndex":"437"}],"sampleFiles":["241031/FreeAudioEditor-220608/10.1.5/Samples/FreeAudioEditor.exe"],"imageFiles":["241031/FreeAudioEditor-220608/10.1.5/Images/ACR-042/ACR-042_Install_1.png","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-010/ACR-010.PNG","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-155/ACR-155.PNG","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-013/ACR-013.PNG","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-013/ACR-013_Install_1.png","241031/FreeAudioEditor-220608/10.1.5/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":[],"guid":"84d4f297-39e7-457f-a511-07b29e637604_10.1.5_1","appID":"FreeAudioEditor-220608","dateAdded":"241031","deceptorType":"App","name":"Free Audio Editor","company":"FAEMedia, Inc.","version":"10.1.5","lastKnownStatus":"10.1.2.5;10.1.5","lastKnownDate":"241031","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T22:27:29.6761622+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":423},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rkverify.exe” regardless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"After uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rkverify.exe” nevertheless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.4.0) \n\nThe App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.4.0) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeAudioEditor.exe","fileVersion":"0.0","hashMD5":"539d6c941b081e9afbfe284363c10993","hashSHA1":"5d2bfbde0c949b6b6239496236c6558ee3f76350","hashSHA256":"4384d27dc5b2665fd8efc4bd77ca4d908e508dbfa12a91bc9dd9fb4986babeee","sourceIndex":"1563","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioEditor_j-BmTa1.exe","isInstaller":"True","companyName":"","productName":"Beijing Aviation Trust Intellectual Property Consulting Co.,","fileVersion":"3.33.1","hashMD5":"1bd6b27e21341fd6ad6fc48dfe407610","hashSHA1":"0e8a9411446b5fbef66570d7fa81ecaeb6706da2","hashSHA256":"462b515b56b289161c11a454475ab68be7d9e8be97d33b5fec51e7cb065eaa19","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1563","avBlockList":["Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["360 Total Security (20250121)","Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"FreeAudioEditor-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 FAEMedia, Inc.                         ","productName":"Free Audio Editor 2019        ","fileVersion":"0.0","hashMD5":"415bac4c198a0e18477a243aa224c572","hashSHA1":"c199f7e2a6eb665bd6017f41e95ba6afa71e0a56","hashSHA256":"049c3826ed60cb7c8046d447645cdde758d1de310cb02e41c8078a79eec0ef14","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1563","avBlockList":["360 Total Security (20220616)","Avast Premium Security (20220616)","AVG Internet Security (20220616)","Avira Internet Security (20220616)","Bitdefender Internet Security (20220616)","COMODO Antivirus (20220616)","Dr.Web Security Space (20220616)","ESET Internet Security (20220616)","G DATA INTERNET SECURITY (20220616)","K7 Total Security (20220616)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20220616)","McAfee Total Protection (20220616)","Norton Security (20220616)","Panda Dome (20220616)","Quick Heal Internet Security (20220616)","Sophos Home Premium (20220616)","SpyHunter5 (20220616)","Total AV Antivirus Pro (20220616)","Trend Micro Internet Security (20220616)","VIPRE Advanced Security (20220616)","VirIT eXplorer PRO (20220616)","Webroot SecureAnywhere (20220616)","Windows Defender (20220616)"],"avAllowList":["Tencent PC Manager (20220616)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: URL inspected via update prompt from hunted app Shortcut Remover ","reference":"Free Shortcut Remover","landingPage":"https://free-audio-editor.com/","directDownloadingLink":"https://www.free-audio-editor.com/FreeAudioEditor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-audio-editor.com/FreeAudioEditor.exe","sourceIndex":"1563"}],"sampleFiles":["220608/FreeAudioEditor-220608/10.1.2.5/Samples/FreeAudioEditor.exe","220608/FreeAudioEditor-220608/10.1.2.5/Samples/FreeAudioEditor_j-BmTa1.exe","220608/FreeAudioEditor-220608/10.1.2.5/Samples/FreeAudioEditor-setup.exe"],"imageFiles":["220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-047/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-047/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-004/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-004/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-083/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-083/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-048/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-003/ACR-048_UPdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-003/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-118/ACR-118_Remnants.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-047/ACR-004_083_RKUpdatePrompt.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-047/ACR-048_UPdatePrompt.jpg"],"nonDeceptorImageFiles":["220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-002/ACR-002_DifferentVersions.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg","220608/FreeAudioEditor-220608/10.1.2.5/Images/ACR-002/ACR-002_DifferentVersions.jpg"],"guid":"84d4f297-39e7-457f-a511-07b29e637604_10.1.2.5_1","appID":"FreeAudioEditor-220608","dateAdded":"241031","deceptorType":"App","name":"Free Audio Editor","company":"FAEMedia, Inc.","version":"10.1.2.5","lastKnownStatus":"10.1.2.5;10.1.5","lastKnownDate":"241031","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":424},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.8.2.4 vs version10.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version10.8.2.4 vs version10.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreemorePDFtoJPGPNGTIFConverter.exe","productName":"Freemore PDF to JPG PNG TIF Converter   ","fileVersion":"10.8.1","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","sourceIndex":"440","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemorePDFtoJPGPNGTIFConverter-setup.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","productName":"Freemore PDF to JPG PNG TIF Converter   ","fileVersion":"10.8.2.4","hashMD5":"8ad6318b48af6442caedb2eb210e4bd9","hashSHA1":"5789122ead26e90018082e62348108daa20ca7f3","hashSHA256":"bb66f225715929e9741f0a7a4d998f36af4bf38cb228220087375ad4c7200649","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"440","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220623)","Trend Micro Internet Security (20250123)"]},{"isRevoked":"False","fileName":"FreemorePDFtoJPGPNGTIFConverter_241030.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"b7408e59444e941c1b503518c61c60c2","hashSHA1":"c90e7cda6ea8a2c96b2de2a0b40528fd9764828e","hashSHA256":"a1700829618e5f47eaac0f9b09f2882438a477686168cb657c102ca41b5fe811","sourceIndex":"440","avBlockList":["360 Total Security (20250128)","Avast Premium Security (20250128)","AVG Internet Security (20250128)","Avira Internet Security (20250128)","Bitdefender Internet Security (20250128)","COMODO Antivirus (20250128)","Dr.Web Security Space (20250128)","ESET Internet Security (20250128)","FortectPremium (20250128)","G DATA INTERNET SECURITY (20250128)","K7 Total Security (20250128)","KasperskyPremium (20250128)","Malwarebytes Premium (20250128)","McAfee Total Protection (20250128)","Norton Security (20250128)","Panda Dome (20250128)","Quick Heal Internet Security (20250128)","Sophos Home Premium (20250128)","SpyHunter5 (20250128)","Total AV Antivirus Pro (20250128)","Trend Micro Internet Security (20250128)","VIPRE Advanced Security (20250128)","VirIT eXplorer PRO (20250128)","Webroot SecureAnywhere (20250128)","Windows Defender (20250128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads *FreeMoreSoft, Inc.","reference":"","landingPage":"https://freemoresoft.com/freepdftojpgconverter/index.php","directDownloadingLink":"http://www.freemoresoft.com/FreemorePDFtoJPGPNGTIFConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freemoresoft.com/FreemorePDFtoJPGPNGTIFConverter.exe","sourceIndex":"440"}],"sampleFiles":["241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Samples/FreemorePDFtoJPGPNGTIFConverter.exe","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Samples/FreemorePDFtoJPGPNGTIFConverter-setup.exe","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Samples/FreemorePDFtoJPGPNGTIFConverter_241030.exe"],"imageFiles":["241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-109/ACR-109_039_048.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-039/ACR-109_039_048.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-047/ACR-004_083_047_003_RKUpdate-trayprompt.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-047/RK.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-048/ACR-109_039_048.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-004/RK.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-004/ACR_048_RKUpdate.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-004/ACR_048_RKUpdate-taskbar.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-083/ACR_048_RKUpdate.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-083/ACR-004_083_047_003_RKUpdate-trayprompt.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-048/ACR_048_RKUpdate.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-003/ACR_048_RKUpdate.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-003/ACR-004_083_047_003_RKUpdate-trayprompt.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-003/RK.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-047/ACR-004_083_047_003_RKUpdate-trayprompt.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-047/RK.jpg"],"nonDeceptorImageFiles":["241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-002/ACR-002_DiffAppVersion.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-106/RelevantKnowledge.jpg","241030/FreemorePDFtoJPGPNGTIFConverter-220614/10.8.2.4/Images/ACR-002/ACR-002_DiffAppVersion.jpg"],"guid":"d15c6a04-8a20-420d-80e1-4cdea6dae1c7_10.8.2.4_1","appID":"FreemorePDFtoJPGPNGTIFConverter-220614","dateAdded":"241030","deceptorType":"App","name":"Freemore PDF to JPG PNG TIF Converter","company":"FreeMoreSoft, Inc.","version":"10.8.2.4","lastKnownStatus":"10.8.2.4","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T01:00:07.9995441+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":428},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 10.8.1 vs version 10.8.2.4) \n\nThe App's version is inconsistent between App interaction and its install (version 10.8.1 vs version 10.8.2.4) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreemoreVideotoGIFConverter.exe","fileVersion":"9.4.0","hashMD5":"81bbfc075456531e684e252a6739a05f","hashSHA1":"52c32cad12c71ba3e3e3609b71f6a3c159ef6265","hashSHA256":"c954a2adc81720b5909ce7ddf3838fdf548a0ab4ec1145b68ea7dad0a671fd6b","sourceIndex":"439","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemoreVideotoGIFConverter-setup.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","productName":"Freemore Video to GIF Converter        ","fileVersion":"10.1.2.5","hashMD5":"afb00fed653698e93dc364dae3412d11","hashSHA1":"ab63690d2aedc9088338e57c1da884177773a81f","hashSHA256":"96cdfbb75e809aa9cfbae081d66824da13ceb08e1ca2d22cba72a6cb4d986308","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"439","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["Tencent PC Manager (20220726)","Trend Micro Internet Security (20250121)"]},{"isRevoked":"False","fileName":"FreemoreVideotoGIFConverter_241030.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"6cbd946ab9262e0eea54bb20bdf83664","hashSHA1":"9f340929d9f591c92cdd5610d2b64e357b7368a8","hashSHA256":"59047b8c803fd361f6530aa81559407b2a14620df5b527bcb081e87fc7006c5e","sourceIndex":"439","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://freemoresoft.com/freevideotogifconverter/index.php","directDownloadingLink":"https://freemoresoft.com/freevideotogifconverter/index.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freemoresoft.com/freevideotogifconverter/index.php","sourceIndex":"439"}],"sampleFiles":["241030/FreemoreVideotoGIFConverter-220610/10.8.1/Samples/FreemoreVideotoGIFConverter.exe","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Samples/FreemoreVideotoGIFConverter-setup.exe","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Samples/FreemoreVideotoGIFConverter_241030.exe"],"imageFiles":["241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-109/ACR-109_039_048-RKSetup.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-039/ACR-109_039_048-RKSetup.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-047/ACR-004_083_047_003.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-047/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-048/ACR-109_039_048-RKSetup.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-004/ACR-004_083_047_003.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-004/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-083/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-048/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-003/ACR-004_083_047_003.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-118/ACR-118_Remnants.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-057/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-059/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-071/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-155/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-047/ACR-004_083_047_003.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-047/ACR-048-UpdatePrompt.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-010/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-106/RelevantKnowledge.jpg","241030/FreemoreVideotoGIFConverter-220610/10.8.1/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg"],"guid":"ce3313b4-b089-46d6-b088-063046abca1d_10.8.1_1","appID":"FreemoreVideotoGIFConverter-220610","dateAdded":"241030","deceptorType":"App","name":"Freemore Video to GIF Converter","company":"FreeMoreSoft, Inc.","version":"10.8.1","lastKnownStatus":"10.8.1","lastKnownDate":"241030","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T01:03:02.7248282+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":427},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version4.8.2.4 vs version 4.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version4.8.2.4 vs version 4.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"MP3Cutter.exe","fileVersion":"4.8.0","hashMD5":"5868a93c8a8ecbe263dd7d08b05902e9","hashSHA1":"ef6fc2bb86a89ab2374eb127830d4d910aae27f6","hashSHA256":"e0f53eb276ba26bb5d9834517dc345ea4b4229172ae26c190e1f61ffc377ee3d","sourceIndex":"1559","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP3CutterJoinerFree.exe","isInstaller":"True","companyName":"TechTouch Soft Co., Ltd.                                    ","productName":"MP3 Cutter Joiner Free     ","fileVersion":"4.8.2.4","hashMD5":"f35d59dc3a28b32becfe1d936285f9e4","hashSHA1":"24e7e21d5f4dd2f4ea021484c2de872f79034339","hashSHA256":"1ff30ef1da96020835ed1a7c80b5e01096049f478602b019ebbff741db2afa27","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1559","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","Trend Micro Internet Security (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"MP3Joiner.exe","fileVersion":"4.8.0","hashMD5":"433109c32c1e1d2da82b3399b2db1809","hashSHA1":"ef990e3b9a36f9ecdc8ab7788a956ffc8ec0183c","hashSHA256":"4e943b51f9bc73145eeca7a519adedbdde904c2f2866db697f3c2005bf0b1373","sourceIndex":"1559","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://www.freemp3cutterjoiner.com/","directDownloadingLink":"https://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe","sourceIndex":"1559"}],"sampleFiles":["220613/FreeMP3CutterJoiner-220613/4.8.2.4/Samples/MP3Cutter.exe","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Samples/MP3CutterJoinerFree.exe","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Samples/MP3Joiner.exe"],"imageFiles":["220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-109/ACR-109_039_048_RKsetup.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-039/ACR-109_039_048_RKsetup.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-048/ACR-109_039_048_RKsetup.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-004/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-004/ACR-048_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-004/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-083/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-083/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-083/ACR-048_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-048/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-003/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-003/ACR-048_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-003/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-004_083_047_003_RKUpdatePrompt-2.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt-2.jpg"],"nonDeceptorImageFiles":["220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-002/ACR-002_InconsistentVersion.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-106/RelevantKnowledge.jpg","220613/FreeMP3CutterJoiner-220613/4.8.2.4/Images/ACR-002/ACR-002_InconsistentVersion.jpg"],"guid":"165cba42-a7b5-48b3-bd5a-cc7a3596e9b8_4.8.2.4_1","appID":"FreeMP3CutterJoiner-220613","dateAdded":"241030","deceptorType":"App","name":"Free MP3 Cutter Joiner","company":"TechTouch Soft Co., Ltd.","version":"4.8.2.4","lastKnownStatus":"4.8.2.4;4.8.3.0","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":426},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"MP3CutterJoinerFree.exe","isInstaller":"True","companyName":"TechTouch Soft Co. Ltd.                                    ","productName":"MP3 Cutter Joiner Free                                      ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"79a07726764f8d3dc03c1040046686e4","hashSHA1":"25fa2187bc1797507415c36cc2f22eedb802d829","hashSHA256":"4f25bb7fc84cd25d5e0220eba30340d326e1a42d129393a97c7cc3150dfe8894","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"445","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","KasperskyPremium (20250121)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":["Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.freemp3cutterjoiner.com/","directDownloadingLink":"https://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe","sourceIndex":"445"}],"sampleFiles":["241030/FreeMP3CutterJoiner-220613/4.8.3.0/Samples/MP3CutterJoinerFree.exe"],"imageFiles":["241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-109/ACR-109.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-109/ACR-109_1.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-039/ACR-039.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-039/ACR-039_1.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-048/ACR-048.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-010/ACR-010.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-118/ACR-118.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-057/ACR-057.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-059/ACR-059.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-071/ACR-071.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-155/ACR-155.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-013/ACR-013.PNG","241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241030/FreeMP3CutterJoiner-220613/4.8.3.0/Images/ACR-106/ACR-106.PNG"],"guid":"165cba42-a7b5-48b3-bd5a-cc7a3596e9b8_4.8.3.0_1","appID":"FreeMP3CutterJoiner-220613","dateAdded":"241030","deceptorType":"App","name":"Free MP3 Cutter Joiner","company":"TechTouch Soft Co., Ltd.","version":"4.8.3.0","lastKnownStatus":"4.8.2.4;4.8.3.0","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-30T19:36:13.1345169+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":425},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using a third-party component 'ffmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"After uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyYouTubetoMP3Converter.exe","isInstaller":"True","companyName":"FAEMedia Co. Ltd.                                          ","productName":"Easy YouTube to MP3 Converter                               ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"84a981e65270aadfffc164af455424f1","hashSHA1":"be9d814d295ea0ceded37329e84567c22e89b22a","hashSHA256":"9624fe74ceb607385be6e27ad275f5db69fc85e75bbc8bf274ac3098fbab10e8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"444","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://free-audio-editor.com/easyyoutubetomp3converter/","directDownloadingLink":"https://free-audio-editor.com/EasyYouTubetoMP3Converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyYouTubetoMP3Converter.exe","sourceIndex":"444"}],"sampleFiles":["241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Samples/EasyYouTubetoMP3Converter.exe"],"imageFiles":["241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-109/ACR-109.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-039/ACR-039.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-043/ACR-043.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-107/ACR-107.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-042/ACR-042.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-048/ACR-048.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-010/ACR-010.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-118/ACR-118.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-057/ACR-057.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-059/ACR-059.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-071/ACR-071.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-155/ACR-155.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-013/ACR-013.PNG","241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241030/EasyYouTubetoMP3Converter-220608/10.1.3.0/Images/ACR-106/ACR-106.PNG"],"guid":"25c573a3-2cb7-4900-a5cc-0b47bcbdf611_10.1.3.0_1","appID":"EasyYouTubetoMP3Converter-220608","dateAdded":"241030","deceptorType":"App","name":"Easy Youtube to MP3 Converter","company":"FAEMedia","version":"10.1.3.0","lastKnownStatus":"10.1.2.5;10.1.3.0","lastKnownDate":"241030","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps,sold in bundle","lastUpdate":"2024-10-30T19:38:20.2195448+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":430},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":"The main executable is not digitally signed. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeEasyScantoPDF-setup.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","productName":"Free Easy Scan to PDF       ","fileVersion":"8.8.2.4","hashMD5":"1c19ebbeef3ae39aae9909c48c41c801","hashSHA1":"45238bcc9b7921e2db9a7ed0c79e0d9c159d1bb2","hashSHA256":"4f1b605845747f14d632575657ac237945621e5fab30451c6d61568b7077884f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"441","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","Trend Micro Internet Security (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220714)"]},{"isRevoked":"False","fileName":"FreeEasyScantoPDF_241030.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"20c585e793e715f96efc1a6c3b06a713","hashSHA1":"4e1f758e041f72f4f2ca544d3aeb72c94143c180","hashSHA256":"3a8109ff65526dd47601a67d972ca7fef159382980614cf2995a0c3e851f0fff","sourceIndex":"441","avBlockList":["360 Total Security (20250128)","Avast Premium Security (20250128)","AVG Internet Security (20250128)","Avira Internet Security (20250128)","Bitdefender Internet Security (20250128)","COMODO Antivirus (20250128)","Dr.Web Security Space (20250128)","ESET Internet Security (20250128)","FortectPremium (20250128)","G DATA INTERNET SECURITY (20250128)","K7 Total Security (20250128)","KasperskyPremium (20250128)","Malwarebytes Premium (20250128)","McAfee Total Protection (20250128)","Norton Security (20250128)","Panda Dome (20250128)","Quick Heal Internet Security (20250128)","Sophos Home Premium (20250128)","SpyHunter5 (20250128)","Total AV Antivirus Pro (20250128)","Trend Micro Internet Security (20250128)","VIPRE Advanced Security (20250128)","VirIT eXplorer PRO (20250128)","Webroot SecureAnywhere (20250128)","Windows Defender (20250128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://freeease.net/p-scantopdf/overview.php ","directDownloadingLink":"http://www.freeease.net/FreeEasyScantoPDF.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeease.net/FreeEasyScantoPDF.exe","sourceIndex":"441"}],"sampleFiles":["241030/FreeEasyScantoPDF-220610/8.8.1/Samples/FreeEasyScantoPDF-setup.exe","241030/FreeEasyScantoPDF-220610/8.8.1/Samples/FreeEasyScantoPDF_241030.exe"],"imageFiles":["241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-047/ACR-047_003_RKUpdateprompt.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-004/ACR-047_003_RKUpdateprompt.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-003/ACR-047_003_RKUpdateprompt.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-118/ACR-118_Remnants.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-155/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-047/ACR-047_003_RKUpdateprompt.jpg"],"nonDeceptorImageFiles":["241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-106/RelevantKnowledge.jpg","241030/FreeEasyScantoPDF-220610/8.8.1/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg"],"guid":"bb82b1d2-97ba-4a03-888e-affd4f6b62d7_8.8.1_1","appID":"FreeEasyScantoPDF-220610","dateAdded":"241030","deceptorType":"App","name":"Free Easy Scan to PDF","company":"Freeease.net","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-31T00:58:01.9171935+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":429},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install. \n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"AllFreeDiscBurner.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free Disc Burner\\AllFreeDiscBurner.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b118f40bf9e81a3cb4ee42fe7c514a95","hashSHA1":"0c7d9f88dddbbde24c79eb175fd0721490bab64b","hashSHA256":"db8933a14004a949e7a38470ce4591d05b724db4ebb89cf9b05d3b3c637721f1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"443","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free Disc Burner\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"443","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeDiscBurner.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free Disc Burner                                        ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"8bc97024c173efda9dd1222866336e1f","hashSHA1":"94eea5fab7831364146dd28a42382eadfb4c5abf","hashSHA256":"821477970158eebe542419c7fe1c3d168e280d3c33d2ffb2c556820385afd277","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"443","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","Trend Micro Internet Security (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220728)"]},{"isRevoked":"False","fileName":"AllFreeDiscBurner_241030.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"3c5984424647d169f14aecdd259ab777","hashSHA1":"21e11f6039734ac2b9e45ca862966e397fbac2a0","hashSHA256":"cf59012220eb95117de5fc7c5c645f11123eaa310d25f6fa7138526b84742ebe","sourceIndex":"443","avBlockList":["360 Total Security (20250128)","Avast Premium Security (20250128)","AVG Internet Security (20250128)","Avira Internet Security (20250128)","Bitdefender Internet Security (20250128)","COMODO Antivirus (20250128)","Dr.Web Security Space (20250128)","ESET Internet Security (20250128)","FortectPremium (20250128)","G DATA INTERNET SECURITY (20250128)","K7 Total Security (20250128)","KasperskyPremium (20250128)","Malwarebytes Premium (20250128)","McAfee Total Protection (20250128)","Norton Security (20250128)","Panda Dome (20250128)","Quick Heal Internet Security (20250128)","Sophos Home Premium (20250128)","SpyHunter5 (20250128)","Total AV Antivirus Pro (20250128)","Trend Micro Internet Security (20250128)","VIPRE Advanced Security (20250128)","VirIT eXplorer PRO (20250128)","Webroot SecureAnywhere (20250128)","Windows Defender (20250128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freediscburner/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeDiscBurner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeDiscBurner.exe","sourceIndex":"443"}],"sampleFiles":["241030/allfreediscburner-220610/8.8.1/Samples/AllFreeDiscBurner.exe","241030/allfreediscburner-220610/8.8.1/Samples/AllFreeDiscBurner_241030.exe"],"imageFiles":["241030/allfreediscburner-220610/8.8.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-047/ACR-047_Install.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-047/ACR-047_Install.mp4","241030/allfreediscburner-220610/8.8.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-083/ACR-083_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-083/ACR-083_Software_1.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-084/ACR-084_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-048/ACR-048_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-014/ACR-014_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-014/ACR-014_Software.mp4","241030/allfreediscburner-220610/8.8.1/Images/ACR-118/ACR-118_Uninstall.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-122/ACR-122_Uninstall.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241030/allfreediscburner-220610/8.8.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241030/allfreediscburner-220610/8.8.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-092/ACR-092_Software.JPG","241030/allfreediscburner-220610/8.8.1/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"b7f286a6-5bb9-432d-9fce-56f62084fe9e_8.8.1_1","appID":"allfreediscburner-220610","dateAdded":"241030","deceptorType":"App","name":"All Free Disc Burner","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-31T00:50:35.6300614+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":433},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it sometimes leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"After uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.3.3) \nThe App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.3.3) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyYouTubetoMP3Converter.exe","fileVersion":"1.0","hashMD5":"256bc08e4f66bc0c3df0600220853311","hashSHA1":"f08d3a1ed91755b9d58d5a4ffaa9c1cb9e0c1d9e","hashSHA256":"031de687b35b9a0619780172dbd5dced32a1206152865707c8e7db2dfe824020","sourceIndex":"1564","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyYouTubetoMP3Converter-setup.exe","isInstaller":"True","companyName":"FAEMedia Co., Ltd.                                          ","fileVersion":"0.0","hashMD5":"5f090a6d913da463804acb9bf8202baf","hashSHA1":"57f1e445419545e54bc041f93244840e6991e3c7","hashSHA256":"22eebcc37412d3132427b69fccd0c799a24c6fc1893117a29a91b3cb87bddd2b","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1564","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220616)","Trend Micro Internet Security (20241031)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: FAEMedia","reference":"","landingPage":"https://free-audio-editor.com/easyyoutubetomp3converter/","directDownloadingLink":"https://free-audio-editor.com/EasyYouTubetoMP3Converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyYouTubetoMP3Converter.exe","sourceIndex":"1564"}],"sampleFiles":["220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Samples/EasyYouTubetoMP3Converter.exe","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Samples/EasyYouTubetoMP3Converter-setup.exe"],"imageFiles":["220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt-2.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-004/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-004/ACR-048_004_083_RKUpdatePrompt-2.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-083/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-083/ACR-048_004_083_RKUpdatePrompt-2.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-048/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-003/ACR-048_004_083_RKUpdatePrompt-2.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-003/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-118/ACR-118_Remnants.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt-2.jpg"],"nonDeceptorImageFiles":["220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-002/ACR-002_InconsistentAppVersions.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg","220608/EasyYouTubetoMP3Converter-220608/10.1.2.5/Images/ACR-002/ACR-002_InconsistentAppVersions.jpg"],"guid":"25c573a3-2cb7-4900-a5cc-0b47bcbdf611_10.1.2.5_1","appID":"EasyYouTubetoMP3Converter-220608","dateAdded":"241030","deceptorType":"App","name":"Easy Youtube to MP3 Converter","company":"FAEMedia","version":"10.1.2.5","lastKnownStatus":"10.1.2.5;10.1.3.0","lastKnownDate":"241030","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps,sold in bundle","lastUpdate":"2024-10-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":431},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.  \nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link under the website option in the app's about page where all the apps that are listed under the website contain deceptive behavior. \n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"AllFreeMP3Joiner.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free MP3 Joiner\\AllFreeMP3Joiner.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"433109c32c1e1d2da82b3399b2db1809","hashSHA1":"ef990e3b9a36f9ecdc8ab7788a956ffc8ec0183c","hashSHA256":"4e943b51f9bc73145eeca7a519adedbdde904c2f2866db697f3c2005bf0b1373","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"442","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free MP3 Joiner\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"442","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeMP3Joiner.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free MP3 Joiner                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4015cfbb276f0a0b46acd7d9f8351b18","hashSHA1":"1843fbdc65b30580f0371ab230cd1efaadc6719c","hashSHA256":"68452ee297c4ecb2edef14e3ba5ec15c0f24fdbf81423912e012347b424fd784","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"442","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","Trend Micro Internet Security (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220728)"]},{"isRevoked":"False","fileName":"AllFreeMP3Joiner_241030.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"c655b6f4fd6fd9d20c06e05df315341d","hashSHA1":"97448b385e85c020bbd0725a6d9faace900c1c8f","hashSHA256":"2c5dfa551caa07ba0dd632279814ed5b9294aad402dc0eefdc01178b5ce7ba35","sourceIndex":"442","avBlockList":["360 Total Security (20250128)","Avast Premium Security (20250128)","AVG Internet Security (20250128)","Avira Internet Security (20250128)","Bitdefender Internet Security (20250128)","COMODO Antivirus (20250128)","Dr.Web Security Space (20250128)","ESET Internet Security (20250128)","FortectPremium (20250128)","G DATA INTERNET SECURITY (20250128)","K7 Total Security (20250128)","KasperskyPremium (20250128)","Malwarebytes Premium (20250128)","McAfee Total Protection (20250128)","Norton Security (20250128)","Panda Dome (20250128)","Quick Heal Internet Security (20250128)","Sophos Home Premium (20250128)","SpyHunter5 (20250128)","Total AV Antivirus Pro (20250128)","Trend Micro Internet Security (20250128)","VIPRE Advanced Security (20250128)","VirIT eXplorer PRO (20250128)","Webroot SecureAnywhere (20250128)","Windows Defender (20250128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freemp3joiner/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeMP3Joiner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeMP3Joiner.exe","sourceIndex":"442"}],"sampleFiles":["241030/allfreemp3joiner-220609/8.8.1/Samples/AllFreeMP3Joiner.exe","241030/allfreemp3joiner-220609/8.8.1/Samples/AllFreeMP3Joiner_241030.exe"],"imageFiles":["241030/allfreemp3joiner-220609/8.8.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-047/ACR-047_Install.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-047/ACR-047_Install.mp4","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-083/ACR-083_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-083/ACR-083_Software_1.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-084/ACR-084_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-048/ACR-048_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-010/ACR-010_Software.mp4","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-014/ACR-014_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-014/ACR-014_Software.mp4","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-118/ACR-118_Uninstall.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-122/ACR-122_Uninstall.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241030/allfreemp3joiner-220609/8.8.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-092/ACR-092_Software.JPG","241030/allfreemp3joiner-220609/8.8.1/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"da90b706-915f-4665-94af-26cebf96cf1e_8.8.1_1","appID":"allfreemp3joiner-220609","dateAdded":"241030","deceptorType":"App","name":"All Free MP3 Joiner","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-31T00:53:23.1469823+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":432},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"mymp3splitter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"My MP3 Splitter                                             ","productVersion":"3.3.0.0                                           ","fileVersion":"3.3.0.0             ","hashMD5":"c5469c942675bca965adaf0b8374a872","hashSHA1":"0b0e33766ecaa225fe6d6eb970acf893361d1548","hashSHA256":"f4887f09256e3e0b91a7c4871c9f3ae02aa4b2bed567bd5673e2a85483c6da94","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"448","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/video-tools/mymp3splitter.html","directDownloadingLink":"http://en.zxt2007.com/download/mymp3splitter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/mymp3splitter_setup.exe","sourceIndex":"448"}],"sampleFiles":["241029/MyMP3Splitter-220607/3.3.0.0/Samples/mymp3splitter_setup.exe"],"imageFiles":["241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-109/ACR-109.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-048/ACR-048.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-010/ACR-010.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-118/ACR-118_1.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-057/ACR-057.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-059/ACR-059.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-071/ACR-071.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-155/ACR-155.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-013/ACR-013.PNG","241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241029/MyMP3Splitter-220607/3.3.0.0/Images/ACR-106/ACR-106.PNG"],"guid":"526162ef-9fe0-47e3-9fa2-1a3ba8c349d7_3.3.0.0_1","appID":"MyMP3Splitter-220607","dateAdded":"241029","deceptorType":"App","name":"My MP3 Splitter","company":"zxt2007.com","version":"3.3.0.0","lastKnownStatus":"2.3.7.0;3.3.0.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T18:48:55.8369254+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":434},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":" The main executable is not digitally signed. \n\n"},"samples":[{"isRevoked":"False","fileName":"MP3Splitter.exe","companyName":"ZXT2007.com","productName":"My MP3 Splitter","productVersion":"2.3.7.0    ","fileVersion":"2.3.7.0    ","hashMD5":"2ccfcb12f90f2e0a7b639f5d938903b4","hashSHA1":"d82d31751e962f522db0a7f56c1a6c5955181348","hashSHA256":"770b54cf5c3003c4d562a8fe9adb7b75fc59280371d6bafb45d4643d438f4d8a","sourceIndex":"1567","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mymp3splitter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"My MP3 Splitter     ","fileVersion":"2.3.7.0          ","hashMD5":"c74fc660135dbf1ea843e4040ca6a6ed","hashSHA1":"b6aca1dfdaa987418f4c2a6004781b78b20a3853","hashSHA256":"f1d08785ac1fa299a51a620b42396f58d784e654e119ccee37055c9cb00b6818","digitalCertThumbprint":"CB63529ED0F5FA356EB2801B5FAA196C97760C72","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=潍坊金网信息科技有限公司, O=潍坊金网信息科技有限公司, L=潍坊市, S=山东省, C=CN, SERIALNUMBER=91370700745698896P, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=潍坊高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=山东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"1567","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220616)","Trend Micro Internet Security (20241031)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/video-tools/mymp3splitter.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=mymp3splitter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=mymp3splitter_setup.exe","sourceIndex":"1567"}],"sampleFiles":["220607/MyMP3Splitter-220607/2.3.7.0/Samples/MP3Splitter.exe","220607/MyMP3Splitter-220607/2.3.7.0/Samples/mymp3splitter_setup.exe"],"imageFiles":["220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-109/ACR-109_048_RKSetup.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-048/ACR-109_048_RKSetup.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-010/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-118/ACR-118_Remnants.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-057/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-059/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-071/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-065/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-106/RelevantKnowledge.jpg","220607/MyMP3Splitter-220607/2.3.7.0/Images/ACR-092/ACR-092_NoDigiSig.jpg"],"guid":"526162ef-9fe0-47e3-9fa2-1a3ba8c349d7_2.3.7.0_1","appID":"MyMP3Splitter-220607","dateAdded":"241029","deceptorType":"App","name":"My MP3 Splitter","company":"zxt2007.com","version":"2.3.7.0","lastKnownStatus":"2.3.7.0;3.3.0.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":435},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n"},"samples":[{"isRevoked":"False","fileName":"icontool_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Free Icon Tool                                              ","productVersion":"2.2.0.0                                           ","fileVersion":"2.2.0.0             ","hashMD5":"0e9a0212bde7777e66d599f7f858dbd5","hashSHA1":"9c36c8c552920247cde0a33cea83a8514f7da030","hashSHA256":"9455d07246b0f130d2bd41fcacacde5185f0a2fd74774f6e6665a16f88be4ee8","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"446","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/icontool.html","directDownloadingLink":"http://en.zxt2007.com/download/icontool_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/icontool_setup.exe","sourceIndex":"446"}],"sampleFiles":["241029/FreeIconTool-220607/2.2.0.0/Samples/icontool_setup.exe"],"imageFiles":["241029/FreeIconTool-220607/2.2.0.0/Images/ACR-109/ACR-109.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-048/ACR-048.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-010/ACR-010.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-118/ACR-118.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-057/ACR-057.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-059/ACR-059.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-071/ACR-071.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-155/ACR-155.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-013/ACR-013.PNG","241029/FreeIconTool-220607/2.2.0.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241029/FreeIconTool-220607/2.2.0.0/Images/ACR-106/ACR-106.PNG"],"guid":"d2c02e04-9dfe-4c76-9602-b0096bc316c7_2.2.0.0_1","appID":"FreeIconTool-220607","dateAdded":"241029","deceptorType":"App","name":"Free Icon Tool","company":"zxt2007.com","version":"2.2.0.0","lastKnownStatus":"2.1.8.0;2.2.0.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T19:08:52.7762367+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":436},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed. \n\n"},"samples":[{"isRevoked":"False","fileName":"GetIcon.exe","companyName":"ZXT2007.com","productName":"Free Icon Tool","productVersion":"2.1.8.0","fileVersion":"2.1.8.0","hashMD5":"8546fc985d308565f439fb5a3263be38","hashSHA1":"e49dc05e50e3d933564ca0c424d3b46918330608","hashSHA256":"85585bcbc88409ecde99200cbf62de38c3a4a4c0457776934b790cd485dad0bf","sourceIndex":"1569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"icontool_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Free Icon Tool","fileVersion":"0.0","hashMD5":"a1ad58bc9066c7abe8bf18950032684b","hashSHA1":"a6d2e7a76e0040b0d53355c0f2457d49729337f6","hashSHA256":"aa4ab81d49cfcc9e789a19d6a8db91aa888fbcb0ed127c0840e706df30e4f85b","sourceIndex":"1569","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","Trend Micro Internet Security (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220728)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/icontool.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=icontool_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=icontool_setup.exe","sourceIndex":"1569"}],"sampleFiles":["220607/FreeIconTool-220607/2.1.8.0/Samples/GetIcon.exe","220607/FreeIconTool-220607/2.1.8.0/Samples/icontool_setup.exe"],"imageFiles":["220607/FreeIconTool-220607/2.1.8.0/Images/ACR-109/ACR-109_048_RKSetup.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-048/ACR-109_048_RKSetup.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-010/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-118/ACR-118_Remnants.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-057/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-059/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-071/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220607/FreeIconTool-220607/2.1.8.0/Images/ACR-106/RelevantKnowledge.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-092/ACR-092_NoDigiSig.jpg","220607/FreeIconTool-220607/2.1.8.0/Images/ACR-065/RelevantKnowledge.jpg"],"guid":"d2c02e04-9dfe-4c76-9602-b0096bc316c7_2.1.8.0_1","appID":"FreeIconTool-220607","dateAdded":"241029","deceptorType":"App","name":"Free Icon Tool","company":"zxt2007.com","version":"2.1.8.0","lastKnownStatus":"2.1.8.0;2.2.0.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":437},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-042":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using a third-party component 'ffmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyVideoSwitch.exe","isInstaller":"True","companyName":"FAEMedia Co. Ltd.                                          ","productName":"Easy Video Switch                                           ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"cc3ca9b224cf37be32dd6b739c212fca","hashSHA1":"4ef967ff3966626ce29b79ed005babb0067ad719","hashSHA256":"6d02b83c1e1a2966a5a831fd5b8093728ad22a09815876d39fae19cf658031d1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"449","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","FortectPremium (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","KasperskyPremium (20250123)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)"],"avAllowList":["Trend Micro Internet Security (20250123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://free-audio-editor.com/easyvideoswitch/","directDownloadingLink":"https://free-audio-editor.com/EasyVideoSwitch.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyVideoSwitch.exe","sourceIndex":"449"}],"sampleFiles":["241029/EasyVideoSwitch-220608/10.1.3.0/Samples/EasyVideoSwitch.exe"],"imageFiles":["241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-109/ACR-109.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-039/ACR-039.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-043/ACR-043.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-107/ACR-107.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-042/ACR-042.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-048/ACR-048.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-010/ACR-010.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-118/ACR-118.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-057/ACR-057.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-059/ACR-059.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-071/ACR-071.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-155/ACR-155.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-013/ACR-013.PNG","241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["241029/EasyVideoSwitch-220608/10.1.3.0/Images/ACR-106/ACR-106.PNG"],"guid":"a56aa10b-5f9b-4f9e-91ee-621666f61a7b_10.1.3.0_1","appID":"EasyVideoSwitch-220608","dateAdded":"241029","deceptorType":"App","name":"Easy Video Switch","company":"FAEMedia","version":"10.1.3.0","lastKnownStatus":"10.1.2.5;10.1.3.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T18:46:55.6065409+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":438},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it sometimes leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.3.3) \nThe App's version is inconsistent between App interaction and its install (version10.1.2.5 vs version 9.3.3) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyVideoSwitch.exe","companyName":"FAEMedia ","fileVersion":"1.0","hashMD5":"256bc08e4f66bc0c3df0600220853311","hashSHA1":"f08d3a1ed91755b9d58d5a4ffaa9c1cb9e0c1d9e","hashSHA256":"031de687b35b9a0619780172dbd5dced32a1206152865707c8e7db2dfe824020","sourceIndex":"1562","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyVideoSwitch-setup.exe","isInstaller":"True","companyName":"FAEMedia Co., Ltd.                                          ","productName":"Easy YouTube to MP3 Converter    ","fileVersion":"0.0","hashMD5":"2e932420877df423a119295fd2a86452","hashSHA1":"c5eb657c043f7cdca6564d202343d0339acb1a94","hashSHA256":"91458092f822b247770c7a356ff58307cf4af3738b713fa89bd38c24d2311b09","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1562","avBlockList":["360 Total Security (20241031)","Avast Premium Security (20241031)","AVG Internet Security (20241031)","Avira Internet Security (20241031)","Bitdefender Internet Security (20241031)","COMODO Antivirus (20241031)","Dr.Web Security Space (20241031)","ESET Internet Security (20241031)","G DATA INTERNET SECURITY (20241031)","K7 Total Security (20241031)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20241031)","McAfee Total Protection (20241031)","Norton Security (20241031)","Panda Dome (20241031)","Quick Heal Internet Security (20241031)","Sophos Home Premium (20241031)","SpyHunter5 (20241031)","Total AV Antivirus Pro (20241031)","Trend Micro Internet Security (20241031)","VIPRE Advanced Security (20241031)","VirIT eXplorer PRO (20241031)","Webroot SecureAnywhere (20241031)","Windows Defender (20241031)","FortectPremium (20241031)","KasperskyPremium (20241031)"],"avAllowList":["Tencent PC Manager (20220616)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: FAEMedia","reference":"","landingPage":"https://free-audio-editor.com/easyvideoswitch/","directDownloadingLink":"https://free-audio-editor.com/EasyVideoSwitch.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyVideoSwitch.exe","sourceIndex":"1562"}],"sampleFiles":["220608/EasyVideoSwitch-220608/10.1.2.5/Samples/EasyVideoSwitch.exe","220608/EasyVideoSwitch-220608/10.1.2.5/Samples/EasyVideoSwitch-setup.exe"],"imageFiles":["220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-047/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-004/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-004/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-083/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-083/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-048/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-003/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-003/ACR-048_004_083_RKUpdatePrompt.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-118/ACR-118_Remnants.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-047/ACR-004_083_RKUpdatePrompt-2.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-047/ACR-048_004_083_RKUpdatePrompt.jpg"],"nonDeceptorImageFiles":["220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg","220608/EasyVideoSwitch-220608/10.1.2.5/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg"],"guid":"a56aa10b-5f9b-4f9e-91ee-621666f61a7b_10.1.2.5_1","appID":"EasyVideoSwitch-220608","dateAdded":"241029","deceptorType":"App","name":"Easy Video Switch","company":"FAEMedia","version":"10.1.2.5","lastKnownStatus":"10.1.2.5;10.1.3.0","lastKnownDate":"241029","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":439},{"violations":{"ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, or Returns and Cancellation Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"d8c14b9a4ee3425460b4a104ea5a54b0","hashSHA1":"1d714d05a6e8bbf321af6f74d8e5cc932e8f957e","hashSHA256":"c85e8f0422e171d6cc49e3fe735c2a7d95d248f498456ad9219e023311865e61","sourceIndex":"1814","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"52ba52bd50ab2c6f2e9e943f4a07037b","hashSHA1":"4c37e5b91909c07561f90e7c3d670d6950a458ff","hashSHA256":"72a873b631cdfab8efdb04a574021c8d76d7860b6b58a6ed34e23d57d1c3540a","sourceIndex":"1814","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"1814"}],"sampleFiles":["200921/AiseesoftMacCleaner-190510/3.0.18/Samples/Mac Cleaner","200921/AiseesoftMacCleaner-190510/3.0.18/Samples/mac-cleaner.dmg"],"imageFiles":["200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-004/Mac Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-045/Mac Cleaner_LandingPage [1].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-161/Mac Cleaner_LandingPage [2].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-099/Mac Cleaner_About [1].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-065/Mac Cleaner_Install [1].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-065/Mac Cleaner_About [1].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-065/Mac Cleaner_LandingPage [3].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-099/Mac Cleaner_LandingPage [3].png","200921/AiseesoftMacCleaner-190510/3.0.18/Images/ACR-099/Mac Cleaner_OfferPage [1].png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.18_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.18","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":441},{"violations":{"ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not display links to the EULA, Terms of Service, or Returns and Cancellation Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"93e43462ad6481a406d4d93fd6500004","hashSHA1":"72a40a712f0b5d55a7078bc055de994c3372af5c","hashSHA256":"6a99b0672f1b71f1bc3c90702f3f4a4a0f7836dde0710fcae0e4c271d598e425","sourceIndex":"2434","avBlockList":["Avast Security for Mac (20201110)","Avira Security for Mac (20201110)","ESET Cyber Security Pro for Mac (20201110)","K7 Antivirus for Mac (20201110)","McAfee Internet Security for Mac (20201110)","Norton Security for Mac (20201110)","Sophos Home Premium For Mac (20201110)","Trend Micro Antivirus for Mac (20201110)"],"avAllowList":["Bitdefender Antivirus for Mac (20201110)","G DATA AntiVirus for Mac (20201110)","Kaspersky Internet Security for Mac (20201110)"]},{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"facfe65bb97e7064852bee180f7bd42e","hashSHA1":"5d8c16cf88cdb2863ca21a991ac183a9584371d2","hashSHA256":"e0374d320d79dbe521ba112d897407788136d93f9002ea42e8f69ec7185d3559","sourceIndex":"2434","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.aiseesoft.com/mac-cleaner/","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"2434"}],"sampleFiles":["200520/AiseesoftMacCleaner-190510/3.0.16/Samples/mac-cleaner.dmg","200520/AiseesoftMacCleaner-190510/3.0.16/Samples/Mac Cleaner"],"imageFiles":["200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-004/Mac Cleaner_Interaction [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-004/Mac Cleaner_OfferPage [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-004/Mac Cleaner_OfferPage [3].png"],"nonDeceptorImageFiles":["200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-045/Mac Cleaner_LandingPage [4].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_About [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_Interaction [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_Interaction [3].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_Install [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_Interaction [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_Interaction [3].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_LandingPage [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_LandingPage [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-065/Mac Cleaner_LandingPage [3].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_LandingPage [1].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_LandingPage [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_LandingPage [3].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_OfferPage [2].png","200520/AiseesoftMacCleaner-190510/3.0.16/Images/ACR-099/Mac Cleaner_OfferPage [3].png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.16_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.16","sigName":"Deceptor:MacOS/MacCleaner!004","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":442},{"violations":{"ACR-046":"The app is automatically installed on the computer without providing disclosures and options beforehand.\n","ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not display links to the EULA, Terms of Service, or Returns and Cancellation Policy.\n","ACR-099":"The app does not display uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"a33a792f6f3106582f20bb37f4fcb108","hashSHA1":"bd5950be6a07a68784d7a6db9fb263ef52bb0781","hashSHA256":"81e177333bb13d306f07bcff75ee85d0490215cb3975b714d6ea1592b05e50c4","sourceIndex":"2575","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4faa59af445b9e8442e81772ed3bf5d2","hashSHA1":"144792362bc36344bf10316d17819b746b6c2dd7","hashSHA256":"7dc3b7915ff7fe5c03203e6b4318e78f84a9fd1cfbe75ef955902ec4325c2f24","sourceIndex":"2575","avBlockList":["Avast Security for Mac (20200227)","Avira Security for Mac (20200227)","Bitdefender Antivirus for Mac (20200227)","ESET Cyber Security Pro for Mac (20200227)","G DATA AntiVirus for Mac (20200227)","Kaspersky Internet Security for Mac (20200227)","McAfee Internet Security for Mac (20200227)","Sophos Home Premium For Mac (20200227)","Trend Micro Antivirus for Mac (20200227)"],"avAllowList":["K7 Antivirus for Mac (20200227)","Norton Security for Mac (20200227)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"2575"}],"sampleFiles":["200123/AiseesoftMacCleaner-190510/3.0.12/Samples/Mac Cleaner","200123/AiseesoftMacCleaner-190510/3.0.12/Samples/mac-cleaner.dmg"],"imageFiles":["200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-046/Mac Cleaner ACR-046.gif","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-046/Mac Cleaner Install.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-004/Mac Cleaner ACR-004.gif"],"nonDeceptorImageFiles":["200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-099/About Page.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-065/Mac Cleaner Install.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-065/Mac Cleaner Bottom of Landing Page.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-099/Mac Cleaner Bottom of Landing Page.png","200123/AiseesoftMacCleaner-190510/3.0.12/Images/ACR-099/MacCleaner Internal Offers.png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.12_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.12","sigName":"Deceptor:MacOS/AiseesoftMacCleaner!046004","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":443},{"violations":{"ACR-046":"The install has no options.\n","ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the EULA or the Returns and Cancellation Policy.\n","ACR-099":"The app does not display uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b2851043ca9423483e2adde7527698fcc81da219af78a6ab3c8321473b090ab7","sourceIndex":"3072","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"51eaf3f06a460cf6c87705d7d21c1546489775e08b6af5fb9082bb0cab164563","sourceIndex":"3072","avBlockList":["Avast Security for Mac (20200227)","Avira Security for Mac (20200227)","Bitdefender Antivirus for Mac (20200227)","ESET Cyber Security Pro for Mac (20200227)","G DATA AntiVirus for Mac (20200227)","McAfee Internet Security for Mac (20200227)","Sophos Home Premium For Mac (20200227)"],"avAllowList":["K7 Antivirus for Mac (20200227)","Kaspersky Internet Security for Mac (20200227)","Norton Security for Mac (20200227)","Trend Micro Antivirus for Mac (20200227)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"3072"}],"sampleFiles":["190511/AiseesoftMacCleaner-190510/3.0.10/Samples/Mac Cleaner","190511/AiseesoftMacCleaner-190510/3.0.10/Samples/mac-cleaner.dmg"],"imageFiles":["190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-046/MacCleaner Install.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-004/MacCleaner Trial Version.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-004/MacCleaner Before Internal Offers Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-004/MacCleaner Internal Offers Page.png"],"nonDeceptorImageFiles":["190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-099/MacCleaner About Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-065/MacCleaner Install.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-065/MacCleaner About Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-065/MacCleaner Bottom of Landing Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-099/MacCleaner Bottom of Landing Page.png","190511/AiseesoftMacCleaner-190510/3.0.10/Images/ACR-099/MacCleaner Bottom of Internal Offers Page.png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.10_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.10","sigName":"Deceptor:MacOS/AiseesoftMacCleaner!004046","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":444},{"violations":{"ACR-004":"The app only cleans 500 megabytes off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, or Returns and Cancellation Policy.\nThe internal offer page does not display links to the EULA or Terms of Service, or Returns and Cancellation Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac%20Cleaner","fileVersion":"0.","hashMD5":"15c031908a9eb65258deadd62187644a","hashSHA1":"f407b31cc62ab161c629147cbc62c1ea97febaa2","hashSHA256":"87cb52dc95a2becbaab4d867513b92262aff3111d9d82251556db3bb3ddb5446","sourceIndex":"447","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2edcef04bb90e29ec4166dc82e8eb066","hashSHA1":"790f372620585c856a7eda4dde3be8dae76f5b82","hashSHA256":"88a0d87cff1b0d18509e536184206762f135a409a83a5b83640469b1e638f4a7","sourceIndex":"447","avBlockList":["ESET Cyber Security Pro for Mac (20250114)","Sophos Home Premium For Mac (20250114)","SpyHunterforMac (20250114)","Trend Micro Antivirus for Mac (20250114)"],"avAllowList":["Avast Security for Mac (20250114)","Avira Security for Mac (20250114)","Bitdefender Antivirus for Mac (20250114)","G DATA AntiVirus for Mac (20250114)","K7 Antivirus for Mac (20250114)","Kaspersky Internet Security for Mac (20250114)","McAfee Internet Security for Mac (20250114)","Norton Security for Mac (20250114)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.aiseesoft.com/mac-cleaner/","directDownloadingLink":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","ipv4":"","ipv6":"","landingPageWildChar":"https://download.aiseesoft.com/mac/mac-cleaner.dmg?_gl=1*1rqh2ic*_ga*MzAwNDUzOTg3LjE3Mjk4NDc4MTg.*_ga_M4E51HTXR8*MTcyOTk4ODU2NS4yLjAuMTcyOTk4ODU2NS4wLjAuMA..","directDownloadingLinkWildChar":"https://www.aiseesoft.com/downloads/mac/mac-cleaner.dmg","sourceIndex":"447"}],"sampleFiles":["241029/AiseesoftMacCleaner-190510/3.0.20/Samples/Mac%20Cleaner","241029/AiseesoftMacCleaner-190510/3.0.20/Samples/mac-cleaner.dmg"],"imageFiles":["241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-004/App9.png"],"nonDeceptorImageFiles":["241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-045/LandingPage2.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-045/LandingPage4.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-161/LandingPage3.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-099/App5.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-065/install.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-065/App5.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-065/LandingPage1.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-065/Purchase Mac Cleaner.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-099/LandingPage1.png","241029/AiseesoftMacCleaner-190510/3.0.20/Images/ACR-099/Purchase Mac Cleaner.png"],"guid":"4b10fbc1-e409-4b4e-a1dd-3d660f4b26a8_3.0.20_1","appID":"AiseesoftMacCleaner-190510","dateAdded":"241029","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Aiseesoft Studio","version":"3.0.20","lastKnownStatus":"Deceptor:3.0.10;3.0.12;3.0.16;3.0.18;3.0.20","lastKnownDate":"241029","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:20.6188046+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":440},{"violations":{"ACR-003":"\nThe application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems.\n","ACR-004":"The app exaggerates the system status, does not provide free fixes for free scan results, and attempts to raise urgency for the user to register and purchase the app.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nApp's about page does not contain any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThere are no links on the the landing page that show the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offers page that show the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The app's landing page shows testimonials that cannot be verified.\n","ACR-099":"The app's internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 7","companyName":"IObit","productName":"MacBooster 7","productVersion":"7.2.5","fileVersion":"0.","hashMD5":"f2a53be12a4d849541cc8325fe8bc5bd","hashSHA1":"5c57542968b1544cef4e2fde1cec5e753b400267","hashSHA256":"f334c1bc7be17c0b0f4e9147a53432c39090c6abfe5ae98815ed3220fc865b3d","sourceIndex":"2921","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_7.dmg","isInstaller":"True","companyName":"IObit","productName":"MacBooster 7","productVersion":"7.2.5","fileVersion":"0.","hashMD5":"8e869d71a9057559088d4a13baec4f2b","hashSHA1":"c8ac12f26ec93dfe61d2fbbb6bdc7cdfa416ab01","hashSHA256":"83d9e9da5755de2cbaa6edcc21f1489b6ef02a139fc150ba2e97a87dff2f3e56","sourceIndex":"2921","avBlockList":["Avast Security for Mac (20220614)","Avira Security for Mac (20220614)","Bitdefender Antivirus for Mac (20220614)","ESET Cyber Security Pro for Mac (20220614)","G DATA AntiVirus for Mac (20220614)","K7 Antivirus for Mac (20220614)","Kaspersky Internet Security for Mac (20220614)","McAfee Internet Security for Mac (20220614)","Norton Security for Mac (20220614)","Sophos Home Premium For Mac (20220614)","Trend Micro Antivirus for Mac (20220614)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"http://download.iobit.com/mac/MacBooster_7.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/MacBooster_7.dmg","sourceIndex":"2921"}],"sampleFiles":["190805/MacBooster7-190415/7.2.5/Samples/MacBooster 7","190805/MacBooster7-190415/7.2.5/Samples/MacBooster_7.dmg"],"imageFiles":["190805/MacBooster7-190415/7.2.5/Images/ACR-003/Mac Booster 7 Activation Screen.png","190805/MacBooster7-190415/7.2.5/Images/ACR-004/Mac Booster 7 ACR004.gif"],"nonDeceptorImageFiles":["190805/MacBooster7-190415/7.2.5/Images/ACR-065/Install Screen Mac Booster 7.png","190805/MacBooster7-190415/7.2.5/Images/ACR-065/Mac Booster 7 About Page.png","190805/MacBooster7-190415/7.2.5/Images/ACR-065/Mac Booster 7 Landing Page.png","190805/MacBooster7-190415/7.2.5/Images/ACR-065/Mac Booster 7 Internal Offers Page.png","190805/MacBooster7-190415/7.2.5/Images/ACR-161/MacBooster User Review 1.png","190805/MacBooster7-190415/7.2.5/Images/ACR-161/User Review Screen Mac Booster 7.png","190805/MacBooster7-190415/7.2.5/Images/ACR-099/Mac Booster 7 Internal Offers Page.png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_7.2.5_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"7.2.5","sigName":"Deceptor:MacOS/MacBooster7!003004","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":453},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup. \n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined. \n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install. \n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"FreeISOCreateWizard.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free ISO Create Wizard\\FreeISOCreateWizard.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"08254eaf47cf7a477d85baf69b03ca28","hashSHA1":"9697d226b7bdb0f8315dcda74b94613c4f4fa5ea","hashSHA256":"73aaf0f16d049b6faa300ddcd47f4077e439c2e43926c51f9ee4ee8bc704e35a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free ISO Create Wizard\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeISOCreateWizard.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"Free ISO Create Wizard                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1e8f79b0f990a61b2ceb462448521ef8","hashSHA1":"bfbabc5244dd6e73d22afa7b0b17d1826cb21d65","hashSHA256":"e288a3bcc8708f99111b35b679bed124a93274946be615ed9eeb7d76ac2cd87f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"495","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220609)","Trend Micro Internet Security (20250109)"]},{"isRevoked":"False","fileName":"FreeISOCreateWizard_241022.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"6d3dca47fd74df5323a574edef1dde3d","hashSHA1":"33b490fd0e92040cf3144f5c6e17ac7c07e458ab","hashSHA256":"e3d358ee498dd7f4915976b37ff30e050260d81b4ae20671a39de93c08daf1c6","sourceIndex":"495","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":["Trend Micro Internet Security (20250116)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on FreeAudioVideoSoftTech products","reference":"","landingPage":"https://www.freeaudiovideosoft.com/utilities-for-windows/free-iso-creater/","directDownloadingLink":"www.freeaudiovideosoft.com/files/FreeISOCreateWizard.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"www.freeaudiovideosoft.com/files/FreeISOCreateWizard.exe","sourceIndex":"495"}],"sampleFiles":["241024/freeisocreatewizard-220606/8.8.2.4/Samples/FreeISOCreateWizard.exe","241024/freeisocreatewizard-220606/8.8.2.4/Samples/FreeISOCreateWizard_241022.exe"],"imageFiles":["241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-047/ACR-047_Install.mp4","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-083/ACR-083_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-083/ACR-083_Software_1.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-084/ACR-084_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-048/ACR-048_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-048/ACR-048_Software_1.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-014/ACR-014_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-014/ACR-014_Software.mp4","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-118/ACR-118_Uninstall.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.JPG","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-122/ACR-122_Uninstall.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-057/ACR-057_Bundler-MadeOffers.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-059/ACR-059_Bundler-MadeOffers.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-071/ACR-071_Bundler-MadeOffers.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-155/ACR-155_Bundler-MadeOffers.jpg"],"nonDeceptorImageFiles":["241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-092/ACR-092_Software.jpg","241024/freeisocreatewizard-220606/8.8.2.4/Images/ACR-123/ACR-123_Uninstall.jpg"],"guid":"d72f7d56-30e1-4718-a92d-549ac67e1f19_8.8.2.4_1","appID":"freeisocreatewizard-220606","dateAdded":"241024","deceptorType":"App","name":"Free ISO Create Wizard","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T08:56:38.3534046+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":457},{"violations":{"ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application without proper controls in user's system. https://customer.appesteem.com/deceptors?q=RelevantKnowledge-201010\n\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \nhttps://customer.appesteem.com/deceptors?q=RelevantKnowledge-201010\n"},"samples":[{"isRevoked":"False","fileName":"FreemoreOCR.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"12a397ade3267fa26d87e3c60fcc2e9b","hashSHA1":"b0778e39ea4d7f98bd5427fe3239f156a4ba9da8","hashSHA256":"942671988b62118f32eeb5f18e1a6e48cd3f52f578830f6eda3d4adb8144bb2d","sourceIndex":"566","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","FortectPremium (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","KasperskyPremium (20250109)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)"],"avAllowList":["Trend Micro Internet Security (20250109)","Windows Defender (20250109)"]}],"additionalFiles":[],"sources":[{"howFound":"Review existing deceptor","reference":"","landingPage":"https://freemoresoft.com/freeocr/index.php ","directDownloadingLink":"http://www.freemoresoft.com/FreemoreOCR.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freemoresoft.com/FreemoreOCR.exe","sourceIndex":"566"}],"sampleFiles":["240827/FreemoreOCR-220613/08.07.2024/Samples/FreemoreOCR.exe"],"imageFiles":["240827/FreemoreOCR-220613/08.07.2024/Images/ACR-010/ACR-010_Install_1.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-010/ACR-010_Install_2.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-013/ACR-013_Install_1.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-013/ACR-013_Install_2.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240827/FreemoreOCR-220613/08.07.2024/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240827/FreemoreOCR-220613/08.07.2024/Images/ACR-106/ACR-106_Software_1.png"],"guid":"59407c30-232a-4cc9-bdd7-c009b5477d6e_08.07.2024_1","appID":"FreemoreOCR-220613","dateAdded":"241024","deceptorType":"App","name":"Freemore OCR","company":"FreeMoreSoft, Inc.","version":"08.07.2024","lastKnownStatus":"10.8.2.4;08.07.2024","lastKnownDate":"241024","type":"Windows Executable","category":"Productivity, Bundlers & Downloaders","targetOS":"Windows 10,Windows 11","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":456},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version10.8.2.4 vs version10.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version10.8.2.4 vs version10.8.1) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreemoreOCR_3-PNk41.exe","isInstaller":"True","fileVersion":"3.33","hashMD5":"1bd6b27e21341fd6ad6fc48dfe407610","hashSHA1":"0e8a9411446b5fbef66570d7fa81ecaeb6706da2","hashSHA256":"462b515b56b289161c11a454475ab68be7d9e8be97d33b5fec51e7cb065eaa19","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"487","avBlockList":["Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["360 Total Security (20250121)","Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"FreemoreOCR.exe","fileVersion":"0.0","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","sourceIndex":"487","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemoreOCR_241023.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"12a397ade3267fa26d87e3c60fcc2e9b","hashSHA1":"b0778e39ea4d7f98bd5427fe3239f156a4ba9da8","hashSHA256":"942671988b62118f32eeb5f18e1a6e48cd3f52f578830f6eda3d4adb8144bb2d","sourceIndex":"487","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","FortectPremium (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","KasperskyPremium (20250109)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)"],"avAllowList":["Trend Micro Internet Security (20250109)","Windows Defender (20250109)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads *FreeMoreSoft, Inc.","reference":"","landingPage":"https://freemoresoft.com/freeocr/index.php ","directDownloadingLink":"http://www.freemoresoft.com/FreemoreOCR.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freemoresoft.com/FreemoreOCR.exe","sourceIndex":"487"}],"sampleFiles":["241024/FreemoreOCR-220613/10.8.2.4/Samples/FreemoreOCR_3-PNk41.exe","241024/FreemoreOCR-220613/10.8.2.4/Samples/FreemoreOCR.exe","241024/FreemoreOCR-220613/10.8.2.4/Samples/FreemoreOCR_241023.exe"],"imageFiles":["241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-109/ACR-109_039_048_RKsetup.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-039/ACR-109_039_048_RKsetup.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-047/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-048/ACR-109_039_048_RKsetup.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-004/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-004/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-083/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-083/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-048/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-003/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-003/ACR-048_RKpdatePrompt.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdate-2.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-047/ACR-048_RKpdatePrompt.jpg"],"nonDeceptorImageFiles":["241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-106/RelevantKnowledge.jpg","241024/FreemoreOCR-220613/10.8.2.4/Images/ACR-002/ACR-002_InconsistentAppVersion.jpg"],"guid":"59407c30-232a-4cc9-bdd7-c009b5477d6e_10.8.2.4_1","appID":"FreemoreOCR-220613","dateAdded":"241024","deceptorType":"App","name":"Freemore OCR","company":"FreeMoreSoft, Inc.","version":"10.8.2.4","lastKnownStatus":"10.8.2.4;08.07.2024","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-24T09:11:31.8442996+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":455},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"After uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeShortcutRemover.exe","fileVersion":"0.0","hashMD5":"07db83c6284edba8f14c90f176ddab47","hashSHA1":"810fbceb17cefc09c1ffcd7e5232e1aff985e523","hashSHA256":"096bf20ef0107b979ca6e85dcc0682c06275b1e686c5abb97d4cc0f6baaa39c6","sourceIndex":"494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeShortcutRemover_gDpP-f1.exe","companyName":"Beijing Aviation Trust Intellectual Property Consulting Co.,","productName":"Beijing Aviation Trust Intellectual Property Consulting Co.,","fileVersion":"3.33.1    ","hashMD5":"1bd6b27e21341fd6ad6fc48dfe407610","hashSHA1":"0e8a9411446b5fbef66570d7fa81ecaeb6706da2","hashSHA256":"462b515b56b289161c11a454475ab68be7d9e8be97d33b5fec51e7cb065eaa19","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"494","avBlockList":["Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["360 Total Security (20250121)","Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"FreeShortcutRemover-setup.exe","isInstaller":"True","companyName":"FreeShortcutRemover Co., Ltd.                               ","productName":"Free Shortcut Remover   ","fileVersion":"0.0","hashMD5":"eb847e3d00eccaa60f2770ac79b67c70","hashSHA1":"06ff883b30d409cb6c1b65355e7c425a5a1c0937","hashSHA256":"420ebea562718fdad62fdd32c0659bdd064297c557af37768aefff2214c40c2f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"494","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220728)","Trend Micro Internet Security (20250109)"]},{"isRevoked":"False","fileName":"FreeShortcutRemover_241022.exe","isInstaller":"True","companyName":"FreeShortcutRemover Co., Ltd.                               ","fileVersion":"0.0","hashMD5":"771b1f7889c46fcd83c23256afe1da9c","hashSHA1":"b377f348b06529f78bee68d64b54d805f33b6d1b","hashSHA256":"14fa2a7049d15b80e6c2f05d764c472907a52a29329f2c37b4d83938b9b1e4ab","sourceIndex":"494","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","Trend Micro Internet Security (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)"],"avAllowList":["Windows Defender (20250116)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.shortcutremover.com/","directDownloadingLink":"http://www.shortcutremover.com/FreeShortcutRemover.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.shortcutremover.com/FreeShortcutRemover.exe","sourceIndex":"494"}],"sampleFiles":["241024/FreeShortcutRemover-220607/8.8.1/Samples/FreeShortcutRemover.exe","241024/FreeShortcutRemover-220607/8.8.1/Samples/FreeShortcutRemover_gDpP-f1.exe","241024/FreeShortcutRemover-220607/8.8.1/Samples/FreeShortcutRemover-setup.exe","241024/FreeShortcutRemover-220607/8.8.1/Samples/FreeShortcutRemover_241022.exe"],"imageFiles":["241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-109/ACR-109_048_RKSetup.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-039/ACR-109_048_039_RKSetup.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-047/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-047/ACR-047_RerunRK.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-048/ACR-109_048_RKSetup.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-004/ACR-004_083_RKUpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-004/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-083/ACR-004_083_RKUpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-083/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-048/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-003/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-003/ACR-047_RerunRK.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-118/ACR-118_Remnants.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-155/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-047/ACR-048_004_083_UpdatePrompt.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-047/ACR-047_RerunRK.jpg"],"nonDeceptorImageFiles":["241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-002/ACR-002_InconsistentVersions.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-106/RelevantKnowledge.jpg","241024/FreeShortcutRemover-220607/8.8.1/Images/ACR-002/ACR-002_InconsistentVersions.jpg"],"guid":"73bf5654-97b2-42b2-b6d3-2be40a477c44_8.8.1_1","appID":"FreeShortcutRemover-220607","dateAdded":"241024","deceptorType":"App","name":"Free Shortcut Remover","company":"FreeShortcutRemover Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-10-24T09:01:01.4717932+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":454},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide control to remove the startup item that it created.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link on the app's about page where all the apps that are listed under the website contain deceptive behavior. \n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executable \"AllFreePDFtoJPGConverter.exe\".\n","ACR-123":"The app does not remove its startup item after uninstall even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free PDF to JPG Converter\\AllFreePDFtoJPGConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"491","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreePDFtoJPGConverter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free PDF to JPG Converter                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"968bb005bb0c5e9ffaffa84858a1d862","hashSHA1":"798c76c54fb59c714ca5a7d6019c8e9e61c2b388","hashSHA256":"ea7d3812a88096a965d4a4ed0f247ca432235bc0f9fbaa0033940aa7a7c49747","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"491","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreePDFtoJPGConverter_241022.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"d033c24378d63037fe3c9a97f19d1774","hashSHA1":"207f0b3c5fc0db4daf594731206b3172ca7f95e2","hashSHA256":"d6fc778b09559ae655b725800c9af46fabc235af9841c58130b8a602b12bcd97","sourceIndex":"491","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":["Trend Micro Internet Security (20250116)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freepdftojpgconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreePDFtoJPGConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreePDFtoJPGConverter.exe","sourceIndex":"491"}],"sampleFiles":["241024/allfreepdftojpgconverter-220609/8.8.1/Samples/AllFreePDFtoJPGConverter.exe","241024/allfreepdftojpgconverter-220609/8.8.1/Samples/AllFreePDFtoJPGConverter_241022.exe"],"imageFiles":["241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-109/ACR-109_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-047/ACR-047.mp4","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-048/ACR-048.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptive_App.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-083/ACR-083_1.mp4","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-083/ACR-083_2.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-084/ACR-084_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-048/ACR-048_Software_2.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-010/ACR-010_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-010/ACR-010_2.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-014/ACR-014_1.mp4","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-118/ACR-118_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-118/ACR-118_2.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-118/ACR-118_3.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-122/ACR-122_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-075/ACR-075_1.mp4","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-057/ACR-057_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-059/ACR-059_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-071/ACR-071_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-106/ACR-106.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-092/ACR-092_1.JPG","241024/allfreepdftojpgconverter-220609/8.8.1/Images/ACR-123/ACR-123_1.JPG"],"guid":"5d0800e5-cff9-4126-a43b-969168237bcf_8.8.1_1","appID":"allfreepdftojpgconverter-220609","dateAdded":"241024","deceptorType":"App","name":"All Free PDF to JPG Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:05:24.0344178+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":460},{"violations":{"ACR-004":"The app exaggerates the system status, does not provide free fixes for free scan results, attempts to raise urgency for user to register and purchase the app.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nApp's about page does not contain any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app's landing page shows testimonials that cannot be verified.\n","ACR-099":"App's about page does not display any links to uninstall information.\nThe app's internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 7","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"7a9e6ad63eb75209ee1a1bdeb12f04ab13d8d5e99ad83d12166b99d588e9070f","sourceIndex":"2920","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_7.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8e52f3cb13ab1db61d551e780ab9c8b7bd7e1023e202a7232b36f92d3bb2bc35","sourceIndex":"2920","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"http://download.iobit.com/mac/MacBooster_7.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/MacBooster_7.dmg","sourceIndex":"2920"}],"sampleFiles":["190805/MacBooster7-190415/7.2.4/Samples/MacBooster 7","190805/MacBooster7-190415/7.2.4/Samples/MacBooster_7.dmg"],"imageFiles":["190805/MacBooster7-190415/7.2.4/Images/ACR-004/MacBooster Activate Now.png","190805/MacBooster7-190415/7.2.4/Images/ACR-004/MacBooster Before Internal Offers.png","190805/MacBooster7-190415/7.2.4/Images/ACR-004/MacBooster Scan Results.png","190805/MacBooster7-190415/7.2.4/Images/ACR-004/MacBooster Internal Offers.png"],"nonDeceptorImageFiles":["190805/MacBooster7-190415/7.2.4/Images/ACR-065/MacBooster Install.png","190805/MacBooster7-190415/7.2.4/Images/ACR-065/MacBooster About Page.png","190805/MacBooster7-190415/7.2.4/Images/ACR-161/MacBooster User Review 1.png","190805/MacBooster7-190415/7.2.4/Images/ACR-099/MacBooster About Page.png","190805/MacBooster7-190415/7.2.4/Images/ACR-099/MacBooster Bottom of Internal Offers.png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_7.2.4_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"7.2.4","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":452},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nApp's about page does not contain any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app's landing page shows endorsements that don't have links back to the original source and therefore cannot be verified.\n","ACR-099":"The app's internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster_8.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5f34dc1580f802194644bca996239c26","hashSHA1":"57a1625cc15ed64490d645d64f25be81507da9e0","hashSHA256":"cab7f2df46374d30129979b57e69048c5d2433e56349e07d2b0ee95c531f3db9","sourceIndex":"2570","avBlockList":["Avast Security for Mac (20220510)","Bitdefender Antivirus for Mac (20220510)","ESET Cyber Security Pro for Mac (20220510)","G DATA AntiVirus for Mac (20220510)","K7 Antivirus for Mac (20220510)","Kaspersky Internet Security for Mac (20220510)","McAfee Internet Security for Mac (20220510)","Norton Security for Mac (20220510)","Sophos Home Premium For Mac (20220510)","Trend Micro Antivirus for Mac (20220510)","Avira Security for Mac (20220510)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"a20ab333beae5c2f8b9ebed4928f8834","hashSHA1":"cb3568c85f1c9a56f5b1a04491a0c1642c936fe3","hashSHA256":"bb421d5ff560bda446946c8c6ad99a14f6ad91beacd99f796ac32333872b65ed","sourceIndex":"2570","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"https://www.macbooster.net/","directDownloadingLink":"https://www.macbooster.net/downloadcenter.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macbooster.net/downloadcenter.php","sourceIndex":"2570"}],"sampleFiles":["200128/MacBooster7-190415/8.0.1/Samples/MacBooster_8.dmg","200128/MacBooster7-190415/8.0.1/Samples/MacBooster 8"],"imageFiles":["200128/MacBooster7-190415/8.0.1/Images/ACR-003/MacBooster 8 ACR-003.png","200128/MacBooster7-190415/8.0.1/Images/ACR-004/MacBooster 8 ACR-004.gif"],"nonDeceptorImageFiles":["200128/MacBooster7-190415/8.0.1/Images/ACR-065/Screen Shot 2020-01-08 at 1.14.07 PM.png","200128/MacBooster7-190415/8.0.1/Images/ACR-065/Screen Shot 2020-01-24 at 2.39.03 PM.png","200128/MacBooster7-190415/8.0.1/Images/ACR-161/Screen Shot 2020-01-24 at 2.42.48 PM.png","200128/MacBooster7-190415/8.0.1/Images/ACR-161/Screen Shot 2020-01-24 at 2.43.06 PM.png","200128/MacBooster7-190415/8.0.1/Images/ACR-099/Screen Shot 2020-01-24 at 2.39.57 PM.png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.1_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.1","sigName":"Deceptor:MacOS/MacBooster!003004","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":451},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \nThe application does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The app's landing page shows endorsements that don't have links back to the original source and therefore cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"f35f206685b4d4a310f94e1e7f1e96cb","hashSHA1":"f65149a4f3e9a79b553d2466011125dc5bb83037","hashSHA256":"0b9bcb1a5c35c4f060d058b7e1543e28cde6d8495ce62ec7bd40a7f9a353ef73","sourceIndex":"2499","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e88520a30a3f0decb7195e8028487464","hashSHA1":"e2efd9e2d72f3378b72a849837da873a29e8fdb3","hashSHA256":"8ab27552130ddb430f9f138085da07707a1cce1af3e099787d81a29fe51285c6","sourceIndex":"2499","avBlockList":["Avast Security for Mac (20221213)","Avira Security for Mac (20221213)","Bitdefender Antivirus for Mac (20221213)","ESET Cyber Security Pro for Mac (20221213)","G DATA AntiVirus for Mac (20221213)","Kaspersky Internet Security for Mac (20221213)","McAfee Internet Security for Mac (20221213)","Norton Security for Mac (20221213)","Sophos Home Premium For Mac (20221213)","Trend Micro Antivirus for Mac (20221213)"],"avAllowList":["K7 Antivirus for Mac (20221213)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"apps to clean up macos\"","landingPage":"https://www.macbooster.net","directDownloadingLink":"http://download.iobit.com/mac/softonic/MacBooster_8.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/softonic/MacBooster_8.dmg","sourceIndex":"2499"}],"sampleFiles":["200416/MacBooster7-190415/8.0.2/Samples/MacBooster 8","200416/MacBooster7-190415/8.0.2/Samples/MacBooster_8.dmg"],"imageFiles":["200416/MacBooster7-190415/8.0.2/Images/ACR-003/MacBooster 8_Scanning [2].png","200416/MacBooster7-190415/8.0.2/Images/ACR-004/MacBooster 8_Scanning [8].png","200416/MacBooster7-190415/8.0.2/Images/ACR-004/MacBooster 8_Scanning [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-004/MacBooster 8_LandingPageOffers [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-006/MacBooster 8_LandingPageOffers [2].png","200416/MacBooster7-190415/8.0.2/Images/ACR-006/MacBooster 8_Support [2].png"],"nonDeceptorImageFiles":["200416/MacBooster7-190415/8.0.2/Images/ACR-045/MacBooster 8_LandingPage [5].png","200416/MacBooster7-190415/8.0.2/Images/ACR-065/MacBooster 8_Installs [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-065/MacBooster 8_About [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-065/MacBooster 8_Scanning [2].png","200416/MacBooster7-190415/8.0.2/Images/ACR-161/MacBooster 8_Review [1].png","200416/MacBooster7-190415/8.0.2/Images/ACR-161/MacBooster 8_Review [2].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.2_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.2","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":450},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe application does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The app's landing page shows endorsements that don't have links back to the original source and therefore cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"ede3c0b60dd06e3edd592ce8ebbce70e","hashSHA1":"f1781e2b1d05500159fc65a81bcec518a7212bca","hashSHA256":"7f40b07400a660063a8b4bb647d3dc5e7bd240f16952967f39eaabd7e8d412d8","sourceIndex":"2399","avBlockList":["Avast Security for Mac (20230112)","Avira Security for Mac (20230112)","Bitdefender Antivirus for Mac (20230112)","ESET Cyber Security Pro for Mac (20230112)","G DATA AntiVirus for Mac (20230112)","K7 Antivirus for Mac (20230112)","Kaspersky Internet Security for Mac (20230112)","McAfee Internet Security for Mac (20230112)","Norton Security for Mac (20230112)","Sophos Home Premium For Mac (20230112)","Trend Micro Antivirus for Mac (20230112)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"36895996c3269d6bba3bbb208f5a7eba","hashSHA1":"c88f26653cf63e0a7060c7d99ce402365e43a0a0","hashSHA256":"80774fea2fea3decf07b2fae0ac372d3e03e76f88a900907d2e6d6e9ac07b54f","sourceIndex":"2399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster8new.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"7d6d89eb72bbc01e34cea5ba5b2b5ed0","hashSHA1":"793967a9fc2fc6f20a98d9208db7f90c27e47e0b","hashSHA256":"3fd7214e26edf365ae8fd72ac67cc091927bcbcff9ee2b51d48f2ad5f1abf685","sourceIndex":"2399","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"https://www.macbooster.net//download.php?action=download&","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macbooster.net//download.php?action=download&","sourceIndex":"2399"}],"sampleFiles":["200627/MacBooster7-190415/8.0.3/Samples/MacBooster8.pkg","200627/MacBooster7-190415/8.0.3/Samples/MacBooster 8","200627/MacBooster7-190415/8.0.3/Samples/MacBooster8new.pkg"],"imageFiles":["200627/MacBooster7-190415/8.0.3/Images/ACR-003/MacBooster 8_Scanning [9].png","200627/MacBooster7-190415/8.0.3/Images/ACR-003/MacBooster 8_Scanning [2].png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [1].png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [2].png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [3].png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [4] SystemJunk.png","200627/MacBooster7-190415/8.0.3/Images/ACR-004/MacBooster 8_Scanning [6] Virus&MalwareScan.png","200627/MacBooster7-190415/8.0.3/Images/ACR-006/MacBooster 8_OfferPage [2].png"],"nonDeceptorImageFiles":["200627/MacBooster7-190415/8.0.3/Images/ACR-045/MacBooster 8_LandingPage [1].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Install [1].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Install [2].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Install [3].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Install [4].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster 8_Interaction [1].png","200627/MacBooster7-190415/8.0.3/Images/ACR-065/MacBooster_About.png","200627/MacBooster7-190415/8.0.3/Images/ACR-161/MacBooster 8_LandingPage[4].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.3_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.3","sigName":"Deceptor:MacOS/MacBooster!003004006","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":449},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The app's landing page shows endorsements that don't have links back to the original source and therefore cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"c13419e15ffe4c992f6a02c9b9312733","hashSHA1":"04d9422daa0339ca5eb0afde5e9c1efb41860bfd","hashSHA256":"7e550d9dfbb54634e7778bdc367478c3b4f65cd74fefbec6adc31825dba6783e","sourceIndex":"2390","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"7036abeec6c2a27c2264c505f9e20028","hashSHA1":"b56c2df1a49d9cdad5d523dbcc3a6b8f2d7f46bd","hashSHA256":"8b1f9dd21025a793a2b4a9d930793f93b2663e6d89c9c5a62c0d86cadb84dbce","sourceIndex":"2390","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"macos booster\"","landingPage":"https://www.macbooster.net","directDownloadingLink":"http://download.iobit.com/mac/MacBooster_8.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/MacBooster_8.pkg","sourceIndex":"2390"}],"sampleFiles":["200707/MacBooster7-190415/8.0.4/Samples/MacBooster 8","200707/MacBooster7-190415/8.0.4/Samples/MacBooster_8.pkg"],"imageFiles":["200707/MacBooster7-190415/8.0.4/Images/ACR-003/MacBooster 8_ScanResults [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-003/MacBooster 8_Register [2].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [3].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [4].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [5].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [6].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Interaction [7].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Register [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-004/MacBooster 8_Register [2].png","200707/MacBooster7-190415/8.0.4/Images/ACR-006/MacBooster 8_OfferPage [3].png"],"nonDeceptorImageFiles":["200707/MacBooster7-190415/8.0.4/Images/ACR-045/MacBooster 8_LandingPage [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-045/MacBooster 8_AfterUninstall [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-065/MacBooster 8_Install [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-065/MacBooster 8_Install [2].png","200707/MacBooster7-190415/8.0.4/Images/ACR-065/MacBooster 8_About [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-065/MacBooster 8_Interaction [1].png","200707/MacBooster7-190415/8.0.4/Images/ACR-161/MacBooster 8_LandingPage [2].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.4_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.4","sigName":"Deceptor:MacOS/MacBooster!003004006","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":448},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The landing page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe offer page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe offer  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"cd6edb825dcb6122bd4aaf6ea61b6242","hashSHA1":"fb4072182ce2bf8ef4e672b7c13b3214a30158fa","hashSHA256":"7fd8d982c8ecd88a074b4db77ee0e67129578acee85b70d0c3df0df82fb8a3db","sourceIndex":"1833","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"fa941f04673b5ace1f45fb98e73d6004","hashSHA1":"ac49c40b792e34d8c2e7509da90ea04a4c9364fb","hashSHA256":"561d1e545eb2f881224ee086389d16f13541cb2c6807c5f7538efd060ed2f6a3","sourceIndex":"1833","avBlockList":["Avast Security for Mac (20211012)","Avira Security for Mac (20211012)","Bitdefender Antivirus for Mac (20211012)","ESET Cyber Security Pro for Mac (20211012)","G DATA AntiVirus for Mac (20211012)","K7 Antivirus for Mac (20211012)","Kaspersky Internet Security for Mac (20211012)","McAfee Internet Security for Mac (20211012)","Norton Security for Mac (20211012)","Sophos Home Premium For Mac (20211012)","Trend Micro Antivirus for Mac (20211012)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster 8_","fileVersion":"0.","hashMD5":"3d7f981b8dd8ed71ce17e9925d65135b","hashSHA1":"966ea1c895020b714b7ada567576748f449d8e05","hashSHA256":"dead6dc7a4ec15ea02bd4f66d851ede940457750a1373442aecc5c7d5df22470","sourceIndex":"1833","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8_.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"328cb288de3f373650c7cd7f25c1a1cc","hashSHA1":"d6d90cae03fbc6151ca30b9458ff553afd4eff6f","hashSHA256":"1a61d7ce5657efd05cd1adaed30293c4fc6c1c1a2c210cfc7880dae7d7abf30e","sourceIndex":"1833","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster 8 [2]","fileVersion":"0.","hashMD5":"05286a810cedb22f0142eede8f7d6e5a","hashSHA1":"9dc79b31d47963ffd6baaecc46dd4423b9038666","hashSHA256":"686b3cbd34fd405dd4be29a6cdb086c3f8de8eabd4bf4bbe56f69233ffd50300","sourceIndex":"1833","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster8 [2].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"e70394778ead4ee5bce0be4725204fd8","hashSHA1":"540ca91ee2b1547d9a1283ece036872a4cb16b1a","hashSHA256":"4a995c9f934b93e09cc7fff85585a357295e4f94516feb91f44fbf2d9e1e6e44","sourceIndex":"1833","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speed up my mac\"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"http://download.iobit.com/mac/MacBooster_8.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.iobit.com/mac/MacBooster_8.pkg","sourceIndex":"1833"}],"sampleFiles":["210728/MacBooster7-190415/8.0.5/Samples/MacBooster 8","210728/MacBooster7-190415/8.0.5/Samples/MacBooster_8.pkg","210728/MacBooster7-190415/8.0.5/Samples/MacBooster 8_","210728/MacBooster7-190415/8.0.5/Samples/MacBooster_8_.pkg","210728/MacBooster7-190415/8.0.5/Samples/MacBooster 8 [2]","210728/MacBooster7-190415/8.0.5/Samples/MacBooster8 [2].pkg"],"imageFiles":["210728/MacBooster7-190415/8.0.5/Images/ACR-003/MacBooster_Interactions [3].png","210728/MacBooster7-190415/8.0.5/Images/ACR-003/MacBooster_Interactions [6] ScanResults.png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_Interactions [3].png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_Interactions [4] VirusScan .png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_Interactions [6] ScanResults.png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_OfferPage [4].png","210728/MacBooster7-190415/8.0.5/Images/ACR-004/MacBooster_OfferPage [6].png","210728/MacBooster7-190415/8.0.5/Images/ACR-084/MacBooster_AutoLaunch [1].png","210728/MacBooster7-190415/8.0.5/Images/ACR-084/MacBooster_Interactions [7] Settings.png","210728/MacBooster7-190415/8.0.5/Images/ACR-006/MacBooster_OfferPage [4].png"],"nonDeceptorImageFiles":["210728/MacBooster7-190415/8.0.5/Images/ACR-045/MacBooster_LandingPage [1].png","210728/MacBooster7-190415/8.0.5/Images/ACR-065/MacBooster_Installs [1].png","210728/MacBooster7-190415/8.0.5/Images/ACR-065/MacBooster_Installs [2].png","210728/MacBooster7-190415/8.0.5/Images/ACR-065/MacBooster_Installs [3].png","210728/MacBooster7-190415/8.0.5/Images/ACR-065/MacBooster_About [1].png","210728/MacBooster7-190415/8.0.5/Images/ACR-161/MacBooster_LandingPage [2] MediaReview.png","210728/MacBooster7-190415/8.0.5/Images/ACR-161/MacBooster_LandingPage [3] UserReview.png","210728/MacBooster7-190415/8.0.5/Images/ACR-161/MacBooster_OfferPage [2] MediaReview.png","210728/MacBooster7-190415/8.0.5/Images/ACR-161/MacBooster_OfferPage [3] UserReview.png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.0.5_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.0.5","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":447},{"violations":{"ACR-042":"The app installs iTOP VPN app without any explicit user action.\n","ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\nThe app does not list its own software in the \"Uninstaller\" category\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not show any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The landing page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe offer page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe offer  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"21206011e93e010dda44f8d416315c50","hashSHA1":"d0d70c2b4ac3864b53c5299a0b9020826fd0d925","hashSHA256":"ec63a0d9f021dfc6696d34907d8d744d582c275117fefdb4166bb495574cabf4","sourceIndex":"1784","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"bc3d181807f28fb45411de68037e64cf","hashSHA1":"5d57b3782732e614a936256fcfa1d48618da923c","hashSHA256":"e584a19cb48fc1e5ce8451cd7ee4d0c65b8d6b77ba918ecc11015249dcfcf69f","sourceIndex":"1784","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.macbooster.net/","directDownloadingLink":"https://download.iobit.com/mac/MacBooster_8.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iobit.com/mac/MacBooster_8.pkg","sourceIndex":"1784"}],"sampleFiles":["211118/MacBooster7-190415/8.1.0/Samples/MacBooster 8","211118/MacBooster7-190415/8.1.0/Samples/MacBooster_8.pkg"],"imageFiles":["211118/MacBooster7-190415/8.1.0/Images/ACR-042/iTOP VPN [1].png","211118/MacBooster7-190415/8.1.0/Images/ACR-042/iTOP VPN [2].png","211118/MacBooster7-190415/8.1.0/Images/ACR-003/MacBooster 8_Interactions [2].png","211118/MacBooster7-190415/8.1.0/Images/ACR-003/MacBooster 8_Interactions [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_Interactions [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_Interactions [4] VirusScan .png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_Interactions [6] ScanResults.png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_OfferPage [4].png","211118/MacBooster7-190415/8.1.0/Images/ACR-004/MacBooster_OfferPage [6].png","211118/MacBooster7-190415/8.1.0/Images/ACR-084/MacBooster 8_AutoLaunch [1].png","211118/MacBooster7-190415/8.1.0/Images/ACR-084/MacBooster 8_Interactions [5].png","211118/MacBooster7-190415/8.1.0/Images/ACR-084/MacBooster 8_Interactions [4].png"],"nonDeceptorImageFiles":["211118/MacBooster7-190415/8.1.0/Images/ACR-045/MacBooster 8_LandingPage [2].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_Install [1].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_Install [2].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_Install [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_Install [4].png","211118/MacBooster7-190415/8.1.0/Images/ACR-065/MacBooster 8_About [1].png","211118/MacBooster7-190415/8.1.0/Images/ACR-161/MacBooster 8_LandingPage [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-161/MacBooster 8_LandingPage [4].png","211118/MacBooster7-190415/8.1.0/Images/ACR-161/MacBooster 8_LandingPage [3].png","211118/MacBooster7-190415/8.1.0/Images/ACR-161/MacBooster 8_LandingPage [4].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.1.0_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.1.0","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":446},{"violations":{"ACR-042":"The app installs iTOP VPN app without any explicit user action.\n","ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency using words like \"dangerous\" and the color \"red\".\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"dangerous\".\n","ACR-084":"The app does not list its own software in the \"Uninstaller\" category\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment to be activated needs to be marked clearly in landing page. Otherwise, app should remove \"free\" word.\n","ACR-065":"The app's install does not show any links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not show any links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The landing page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe offer page shows endorsements that don't have links back to the original source and therefore cannot be verified. \nThe offer  page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n"},"samples":[{"isRevoked":"False","fileName":"MacBooster 8","fileVersion":"0.","hashMD5":"ba9e5bce0597ea574da43b93b40f43f2","hashSHA1":"e3428af773c1ed50b60ec5ad8afef3ac08658210","hashSHA256":"5d793686a253cc0ec8431f60c90d6aeb3d112cf21561e82bfa7d5f84c7e8d200","sourceIndex":"456","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"b5b1c8e4625b3a4dbca0fb8052a5c0e1","hashSHA1":"091dabffc4e4a410d4f84a64f04ee8e18f696b3c","hashSHA256":"4c4f18311df96a0de24ab7c52e86f08131d6fd76501d35d58253df39c1a12b45","sourceIndex":"456","avBlockList":["Avast Security for Mac (20241112)","Avira Security for Mac (20241112)","Bitdefender Antivirus for Mac (20241112)","ESET Cyber Security Pro for Mac (20241112)","G DATA AntiVirus for Mac (20241112)","Kaspersky Internet Security for Mac (20241112)","McAfee Internet Security for Mac (20241112)","Norton Security for Mac (20241112)","Sophos Home Premium For Mac (20241112)","Trend Micro Antivirus for Mac (20241112)","SpyHunterforMac (20241112)"],"avAllowList":["K7 Antivirus for Mac (20241112)"]},{"isRevoked":"False","fileName":"MacBooster_8[2].pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"14d47cce419b10162a3570f0513316c7","hashSHA1":"d2cb927d4794b77de4535c1eed16db2d2bdb3254","hashSHA256":"be84c1ae9beb052a28a3562776278d2ce026f009f4a0e7ffe978949ade1f4a39","sourceIndex":"456","avBlockList":["Avast Security for Mac (20241210)","Avira Security for Mac (20241210)","Bitdefender Antivirus for Mac (20241210)","ESET Cyber Security Pro for Mac (20241210)","G DATA AntiVirus for Mac (20241210)","Kaspersky Internet Security for Mac (20241210)","McAfee Internet Security for Mac (20241210)","Norton Security for Mac (20241210)","Sophos Home Premium For Mac (20241210)","SpyHunterforMac (20241210)","Trend Micro Antivirus for Mac (20241210)"],"avAllowList":["K7 Antivirus for Mac (20241210)"]},{"isRevoked":"False","fileName":"MacBooster 8[2]","fileVersion":"0.","hashMD5":"7e8c06f74542d818561b3d3a7186db7b","hashSHA1":"de53c391630a7edc2bc8d5f8937a308a60c5744d","hashSHA256":"6844a9501e0edee297c39bad060e74b1033f33965aad92fa4345569239e53a6d","sourceIndex":"456","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster%208%5B3%5D","fileVersion":"0.","hashMD5":"3adb8a8c8c2fe5e59b50cf98b709afde","hashSHA1":"213364e9e0a42323c0c62618dba434f726eca823","hashSHA256":"03630495a6c426a98ef15174ecc593f5485284b3a943751bbafd5341d36ef826","sourceIndex":"456","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacBooster_8%5B3%5D.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"5df8540b9d1c65ab3a35b60de1ba4e67","hashSHA1":"5c40cfef2e919189acf2fc3351a856f64229bd66","hashSHA256":"d56f3c7057cd8ee73018cbfce974cee40b97446c3e103be5713eb4a42a591570","sourceIndex":"456","avBlockList":["Avast Security for Mac (20250114)","Avira Security for Mac (20250114)","Bitdefender Antivirus for Mac (20250114)","ESET Cyber Security Pro for Mac (20250114)","G DATA AntiVirus for Mac (20250114)","K7 Antivirus for Mac (20250114)","Kaspersky Internet Security for Mac (20250114)","McAfee Internet Security for Mac (20250114)","Norton Security for Mac (20250114)","Sophos Home Premium For Mac (20250114)","SpyHunterforMac (20250114)","Trend Micro Antivirus for Mac (20250114)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.macbooster.net","directDownloadingLink":"https://download.iobit.com/mac/MacBooster_8.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iobit.com/mac/MacBooster_8.pkg","sourceIndex":"456"}],"sampleFiles":["241024/MacBooster7-190415/8.2.0/Samples/MacBooster 8","241024/MacBooster7-190415/8.2.0/Samples/MacBooster_8.pkg","241024/MacBooster7-190415/8.2.0/Samples/MacBooster_8[2].pkg","241024/MacBooster7-190415/8.2.0/Samples/MacBooster 8[2]","241024/MacBooster7-190415/8.2.0/Samples/MacBooster%208%5B3%5D","241024/MacBooster7-190415/8.2.0/Samples/MacBooster_8%5B3%5D.pkg"],"imageFiles":["241024/MacBooster7-190415/8.2.0/Images/ACR-042/MacBooster 8_iTOP [1].png","241024/MacBooster7-190415/8.2.0/Images/ACR-003/MacBooster 8_Interactions [3].png","241024/MacBooster7-190415/8.2.0/Images/ACR-003/MacBooster 8_Interactions [4].png","241024/MacBooster7-190415/8.2.0/Images/ACR-004/MacBooster 8_Interactions [3].png","241024/MacBooster7-190415/8.2.0/Images/ACR-004/MacBooster 8_Interactions [4].png","241024/MacBooster7-190415/8.2.0/Images/ACR-084/MacBooster 8_Interactions [5].png"],"nonDeceptorImageFiles":["241024/MacBooster7-190415/8.2.0/Images/ACR-045/MacBooster 8_LandingPage [2].png","241024/MacBooster7-190415/8.2.0/Images/ACR-045/MacBooster 8_LandingPage [3].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_Install [1].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_Install [2].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_Install [3].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_Install [5].png","241024/MacBooster7-190415/8.2.0/Images/ACR-065/MacBooster 8_About [1].png","241024/MacBooster7-190415/8.2.0/Images/ACR-161/MacBooster 8_LandingPage [1].png","241024/MacBooster7-190415/8.2.0/Images/ACR-161/MacBooster 8_OfferPage [1].png"],"guid":"f66879af-110a-42af-bd2e-0a770ed1d76d_8.2.0_1","appID":"MacBooster7-190415","dateAdded":"241024","deceptorType":"MacOS App","name":"MacBooster","company":"IOBit","version":"8.2.0","lastKnownStatus":"8.0.1;8.0.2;8.0.3;8.0.4;8.0.5;8.1.0;8.2.0","lastKnownDate":"241024","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:20.9137063+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":445},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide control to remove the startup item that it created\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link on the app's about page where all the apps that are listed under the website contain deceptive behavior.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executable \"AllFreePDFConverter.exe\".\n","ACR-123":"The app does not remove its startup item after uninstall even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free PDF Converter\\AllFreePDFConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreePDFConverter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free PDF Converter                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6026ec42359ffd88affffdcc0be679ab","hashSHA1":"2ef0538ad85222bb6d3a23acf03f2048f5e4c25b","hashSHA256":"34246d019e7d3fa45d006d6acb9657cbf1ff56e5a3677412244c3b19f1426361","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"492","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreePDFConverter_241022.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"f0a554b79dcdf35be559b1991d8cfa22","hashSHA1":"b9e80e17075c0029d26f31bd6416784ef507f59b","hashSHA256":"269981b0a0fdf33aa10482fb2cc685c1278cf440f37e17e33b1c0d6754fa52f6","sourceIndex":"492","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","Trend Micro Internet Security (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freepdfconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreePDFConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreePDFConverter.exe","sourceIndex":"492"}],"sampleFiles":["241024/allfreepdfconverter-220609/8.8.1/Samples/AllFreePDFConverter.exe","241024/allfreepdfconverter-220609/8.8.1/Samples/AllFreePDFConverter_241022.exe"],"imageFiles":["241024/allfreepdfconverter-220609/8.8.1/Images/ACR-109/ACR-109_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-047/ACR-047_1.mp4","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-048/ACR-048_Install_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-010/ACR-010_Installed_Bundles_Deceptive_App.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-083/ACR-083.mp4","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-083/ACR-083_2.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-084/ACR-084_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-048/ACR-048_Software_2.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-010/ACR-010_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-010/ACR-010_2.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-014/ACR-014.mp4","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-118/ACR-118_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-118/ACR-118_2.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-118/ACR-118_3.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-122/ACR-122_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-075/ACR-075-1.mp4","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-057/ACR-057_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-059/ACR-059_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-071/ACR-071_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241024/allfreepdfconverter-220609/8.8.1/Images/ACR-106/ACR-106.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-092/ACR-092_1.JPG","241024/allfreepdfconverter-220609/8.8.1/Images/ACR-123/ACR-123_1.JPG"],"guid":"c3f36250-15db-49cd-80e7-dd4069b1433b_8.8.1_1","appID":"allfreepdfconverter-220609","dateAdded":"241024","deceptorType":"App","name":"All Free PDF Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:04:06.7608698+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":461},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link under the website option in the app's about page where all the apps that are listed under the website contain deceptive behavior. \n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install. \n\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"AllFreeMP3Cutter.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"AllFreeMP3Cutter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"63b8a92cbce5e3aafd1e5b4c067f9077","hashSHA1":"d6c773c944da85511da4dcb1c3f49a7aec91d0d1","hashSHA256":"4be4be65bd196d985ed3dc46a8a509debddd5d05d067c5d0d9c33ccb003cffcd","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"493","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","FortectPremium (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","KasperskyPremium (20250109)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)"],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeMP3Cutter_Main.exe","fileVersion":"0.0","hashMD5":"5868a93c8a8ecbe263dd7d08b05902e9","hashSHA1":"ef6fc2bb86a89ab2374eb127830d4d910aae27f6","hashSHA256":"e0f53eb276ba26bb5d9834517dc345ea4b4229172ae26c190e1f61ffc377ee3d","sourceIndex":"493","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeMP3Cutter_241022.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"b70655e67cb4588b05c1312818f1cf18","hashSHA1":"543c78deb87ab99ff3696f236e4510be2e1d8682","hashSHA256":"a3d9866c8bbd585607258d59c2a863afbe96ce91a20c2f58f2cd6984a372bb40","sourceIndex":"493","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","KasperskyPremium (20250121)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.allfreevideoconverter.com/freemp3cutter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeMP3Cutter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeMP3Cutter.exe","sourceIndex":"493"}],"sampleFiles":["241024/allfreemp3cutter-220609/8.8.1/Samples/AllFreeMP3Cutter.exe","241024/allfreemp3cutter-220609/8.8.1/Samples/AllFreeMP3Cutter_241022.exe"],"imageFiles":["241024/allfreemp3cutter-220609/8.8.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-047/ACR-047_Install.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-047/ACR-047_Install.mp4","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-083/ACR-083_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-083/ACR-083_Software_1.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-084/ACR-084_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-048/ACR-048_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-010/ACR-010_Software.mp4","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-014/ACR-014_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-014/ACR-014_Sofware.mp4","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-118/ACR-118_Uninstall.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-122/ACR-122_Uninstall.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241024/allfreemp3cutter-220609/8.8.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-092/ACR-092_Software.JPG","241024/allfreemp3cutter-220609/8.8.1/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"70473ab8-9fb7-4b1e-b95d-07313ed3c482_8.8.1_1","appID":"allfreemp3cutter-220609","dateAdded":"241024","deceptorType":"App","name":"All Free MP3 Cutter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:02:40.9000146+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":462},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide control to remove the startup item that it created.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link on the app's about page where all the apps that are listed under the website contain deceptive behavior.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executable \"AllFreeJPGtoPDFConverter.exe\".\n","ACR-123":"The app does not remove its startup item after uninstall even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free JPG to PDF Converter\\AllFreeJPGtoPDFConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"490","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeJPGtoPDFConverter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free JPG to PDF Converter                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"edcd7101f2540471b0727edea9dcd98b","hashSHA1":"59bdf6a84ae5f84f9463fc44ac7a06965f7de652","hashSHA256":"68b7574e0df6dfbd242e97a1c8242cdddb7bac7541f93d1b88063429d9d5fbfa","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"490","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreeJPGtoPDFConverter_241023.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"a58a95a9046d3be0ed79355a11ef4549","hashSHA1":"b2d637170c1cd25f8ba0241100d14f807efc5bb9","hashSHA256":"33db466f1381c71df41f4deff4605a56056abcab081e6663d0a71499078883db","sourceIndex":"490","avBlockList":["360 Total Security (20250107)","Avast Premium Security (20250107)","AVG Internet Security (20250107)","Avira Internet Security (20250107)","Bitdefender Internet Security (20250107)","COMODO Antivirus (20250107)","Dr.Web Security Space (20250107)","ESET Internet Security (20250107)","FortectPremium (20250107)","G DATA INTERNET SECURITY (20250107)","K7 Total Security (20250107)","KasperskyPremium (20250107)","Malwarebytes Premium (20250107)","McAfee Total Protection (20250107)","Norton Security (20250107)","Panda Dome (20250107)","Quick Heal Internet Security (20250107)","Sophos Home Premium (20250107)","SpyHunter5 (20250107)","Total AV Antivirus Pro (20250107)","VIPRE Advanced Security (20250107)","VirIT eXplorer PRO (20250107)","Webroot SecureAnywhere (20250107)","Windows Defender (20250107)"],"avAllowList":["Trend Micro Internet Security (20250107)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freejpgtopdfconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeJPGtoPDFConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeJPGtoPDFConverter.exe","sourceIndex":"490"}],"sampleFiles":["241024/allfreejpgtopdfconverter-220613/8.8.1/Samples/AllFreeJPGtoPDFConverter.exe","241024/allfreejpgtopdfconverter-220613/8.8.1/Samples/AllFreeJPGtoPDFConverter_241023.exe"],"imageFiles":["241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-109/ACR-109-1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-047/ACR-047_1.mp4","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-048/ACR-048_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptive_App.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-083/ACR-083_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-083/ACR-083_1.mp4","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-084/ACR-084_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-048/ACR-048_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-048/ACR-048_2.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-010/ACR-010_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-010/ACR-010_2.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-014/ACR-014_1.mp4","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-118/ACR-118_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-118/ACR-118_2.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-118/ACR-118_3.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-122/ACR-122_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-075/ACR-075_1.mp4","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-057/ACR-057_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-059/ACR-059_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-071/ACR-071_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-106/ACR-106_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-092/ACR-092_1.JPG","241024/allfreejpgtopdfconverter-220613/8.8.1/Images/ACR-123/ACR-123_1.JPG"],"guid":"c5bc9d4b-8e9f-4eb1-b1eb-636103894349_8.8.1_1","appID":"allfreejpgtopdfconverter-220613","dateAdded":"241024","deceptorType":"App","name":"All Free JPG to PDF Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:06:48.2705321+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":463},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link under the website option in the app's about page where all the apps that are listed under the website contain deceptive behavior.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user. \n","ACR-122":"After uninstall and reboot, the app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the main executable: \"AllFreeRingtoneMaker.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free Ringtone Maker\\AllFreeRingtoneMaker.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"5868a93c8a8ecbe263dd7d08b05902e9","hashSHA1":"ef6fc2bb86a89ab2374eb127830d4d910aae27f6","hashSHA256":"e0f53eb276ba26bb5d9834517dc345ea4b4229172ae26c190e1f61ffc377ee3d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"488","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreeRingtoneMaker.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free Ringtone Maker                                     ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"04757f18ccc479f0da5e1f04a0ea3166","hashSHA1":"dd155eab45e12d2c10acfa55a2a7e188f314f118","hashSHA256":"800019361b1d1c62c7556d4291bfffcb09d21ebe70973f9575310c5eba610ed4","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"488","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreeRingtoneMaker_241023.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"c378cd465b8b22bdbb96dd0a7befc77b","hashSHA1":"45aa0c45bcb0d47de54de3c998d368079878cdd3","hashSHA256":"9ba2dd618f62e1f1f2789eb4c742a6b3b485c16ab964fd83a742baff007c54a4","sourceIndex":"488","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","Trend Micro Internet Security (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freeringtonemaker/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeRingtoneMaker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeRingtoneMaker.exe","sourceIndex":"488"}],"sampleFiles":["241024/allfreeringtonemaker-220610/8.8.1/Samples/AllFreeRingtoneMaker.exe","241024/allfreeringtonemaker-220610/8.8.1/Samples/AllFreeRingtoneMaker_241023.exe"],"imageFiles":["241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-047/ACR-047_Install.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-047/ACR-047_Install.mp4","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-083/ACR-083_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-083/ACR-083_Software_1.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-084/ACR-084_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-048/ACR-048_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-048/ACR-048_Software_1.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-010/ACR-010_Software.mp4","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-014/ACR-014_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-014/ACR-014_Software.mp4","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-118/ACR-118_Uninstall.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-122/ACR-122_Uninstall.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-092/ACR-092_Software.JPG","241024/allfreeringtonemaker-220610/8.8.1/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"ebed5114-380d-41cc-99ab-925bc4f65299_8.8.1_1","appID":"allfreeringtonemaker-220610","dateAdded":"241024","deceptorType":"App","name":"All Free Ringtone Maker","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:09:43.4475086+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":458},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide control to remove the startup item that it created.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\nThe app shows the \"https://www.freeaudiovideosoft.com/\" link on the app's about page where all the apps that are listed under the website contain deceptive behavior.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executable \"AllFreePDFtoWordConverter.exe\".\n","ACR-123":"The app does not remove its startup item after uninstall even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\All Free PDF to Word Converter\\AllFreePDFtoWordConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"489","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AllFreePDFtoWordConverter.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co. Ltd.                                  ","productName":"All Free PDF to Word Converter                              ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"381e65f9f7afbe955dec9a5225e81fd9","hashSHA1":"119857b0f46165522e13ed374f491f12df3b0856","hashSHA256":"168727a3becd6496815c68e9a48e7b39911cef91a9088f4707e9b511f6b365e3","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"489","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220616)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220616)"]},{"isRevoked":"False","fileName":"AllFreePDFtoWordConverter_241023.exe","isInstaller":"True","companyName":"AllFreeVideoSoft Co., Ltd.                                  ","fileVersion":"0.0","hashMD5":"ed1e350a9457b67f24db855525fb77d9","hashSHA1":"cf6ffa146d81dd5d0f0c45ab37ff8ed086c45eda","hashSHA256":"08a18fe357901d79af7e17c33c9e6dbd11ba63ea37d14f5a427fec811e97e036","sourceIndex":"489","avBlockList":["360 Total Security (20250116)","Avast Premium Security (20250116)","AVG Internet Security (20250116)","Avira Internet Security (20250116)","Bitdefender Internet Security (20250116)","COMODO Antivirus (20250116)","Dr.Web Security Space (20250116)","ESET Internet Security (20250116)","FortectPremium (20250116)","G DATA INTERNET SECURITY (20250116)","K7 Total Security (20250116)","KasperskyPremium (20250116)","Malwarebytes Premium (20250116)","McAfee Total Protection (20250116)","Norton Security (20250116)","Panda Dome (20250116)","Quick Heal Internet Security (20250116)","Sophos Home Premium (20250116)","SpyHunter5 (20250116)","Total AV Antivirus Pro (20250116)","Trend Micro Internet Security (20250116)","VIPRE Advanced Security (20250116)","VirIT eXplorer PRO (20250116)","Webroot SecureAnywhere (20250116)","Windows Defender (20250116)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freepdftowordconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreePDFtoWordConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreePDFtoWordConverter.exe","sourceIndex":"489"}],"sampleFiles":["241024/allfreepdftowordconverter-220613/8.8.1/Samples/AllFreePDFtoWordConverter.exe","241024/allfreepdftowordconverter-220613/8.8.1/Samples/AllFreePDFtoWordConverter_241023.exe"],"imageFiles":["241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-109/ACR-109_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-047/ACR-047_1.mp4","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-048/ACR-048_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-010/ACR-010_Install_Bundles_Deceptive_App.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-083/ACR-083_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-083/ACR-083_2.mp4","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-084/ACR-084_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-048/ACR-048_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-048/ACR-048_2.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-010/ACR-010_2.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-010/ACR-010_Software_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-014/ACR-014_1.mp4","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-118/ACR-118_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-118/ACR-118_2.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-118/ACR-118_3.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-122/ACR-122_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-075/ACR-075_1.mp4","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-057/ACR-057_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-059/ACR-059_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-071/ACR-071_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-106/ACR-106_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-092/ACR-092_1.JPG","241024/allfreepdftowordconverter-220613/8.8.1/Images/ACR-123/ACR-123_1.JPG"],"guid":"bae3ac28-4b2f-486c-9da3-1e09886e9376_8.8.1_1","appID":"allfreepdftowordconverter-220613","dateAdded":"241024","deceptorType":"App","name":"All Free PDF to Word Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-24T09:08:20.1250439+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":459},{"violations":{"ACR-006":"The call center is not clearly attributed (who is the call center service provider)\n","ACR-008":"The free fix solution for the reported items is not clearly presented to user in scan summary.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Quick PC Pro\\QuickPCPro.exe","companyName":"Digibay Private Limited","productName":"Quick PC Pro","productVersion":"3.8.0.0","fileVersion":"3.8.0.0","hashMD5":"37af2a650e30fef7f062dc73ebd6485c","hashSHA1":"c923ac651e4de40935aae857f34e297e028e0d16","hashSHA256":"3e859a3f5c041efc45817193baeb2305cefbe2f68e8827464c30e8410dc1af5c","digitalCertThumbprint":"B87A52CDD69F033F27DD17C2655C77DA265FD335","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Digibay Private Limited","storeId":"","sourceIndex":"502","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"QuickPCProSetup.exe","isInstaller":"True","companyName":"Digibay Private Limited","productName":"Quick PC Pro","productVersion":"3.8.0","fileVersion":"3.8.0","hashMD5":"d92fc9662129f19d1b5f65648cf22d56","hashSHA1":"a8d17e1dde43b861e0884df4bdac552ff36a9f68","hashSHA256":"462c3b3af8a0d42e4081ce1c3ae26693b1b4307f9ca5c082241632d3c529898d","digitalCertThumbprint":"B87A52CDD69F033F27DD17C2655C77DA265FD335","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Digibay Private Limited","storeId":"","sourceIndex":"502","avBlockList":["360 Total Security (20250121)","AVG Internet Security (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","K7 Total Security (20250121)","Malwarebytes Premium (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":["Avast Premium Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","G DATA INTERNET SECURITY (20250121)","KasperskyPremium (20250121)","McAfee Total Protection (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","Norton Security (20250121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://quickpcpro.com/","directDownloadingLink":"https://quickpcpro.com/QuickPCProSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://quickpcpro.com/QuickPCProSetup.exe","sourceIndex":"502"}],"sampleFiles":["241023/QuickPCPro-220523/3.8.0/Samples/QuickPCProSetup.exe"],"imageFiles":["241023/QuickPCPro-220523/3.8.0/Images/ACR-008/ACR-008.PNG","241023/QuickPCPro-220523/3.8.0/Images/ACR-006/ACR-006.PNG"],"nonDeceptorImageFiles":[],"guid":"df3083e2-f1ff-41ba-9374-dbce3f5796e8_3.8.0_1","appID":"QuickPCPro-220523","dateAdded":"241023","deceptorType":"App","name":"Quick PC Pro","company":"Digibay Private Limited","version":"3.8.0","lastKnownStatus":"3.7.9;3.8.0","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-23T19:29:43.394759+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":464},{"violations":{"ACR-006":"The call center is not clearly attributed (who is the call center service provider)\n","ACR-008":"The free fix solution for the reported items is not clearly presented to user in scan summary.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device under a hidden folder without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"QuickPCPro.exe","companyName":"Digibay Private Limited","productName":"Quick PC Pro","productVersion":"3.7.9.0","fileVersion":"3.7.9","hashMD5":"5f0683b57d9ce73ebc06a51eda44f517","hashSHA1":"5075ed70a3786d965a0fbf44d32cff1c614bfa10","hashSHA256":"db2bd7f69b0d29404aa561de92adca6af620fb3f650af6ed53f8f0b23be7171d","digitalCertThumbprint":"A1E63273270C0BC78CE23271A674D6AB12E995B8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Digibay Private Limited, O=Digibay Private Limited, STREET=\"104, 1-B Riverside Greens, Umroli, PANVEL Raigarh\", L=Navi Mumbai, S=Maharashtra, PostalCode=410206, C=IN","sourceIndex":"1594","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"QuickPCProSetup.exe","isInstaller":"True","companyName":"Digibay Private Limited","productName":"Quick PC Pro","fileVersion":"3.7.9","hashMD5":"8c49f2e5b01dbb5411c59cdf8ab6e959","hashSHA1":"fcbb83349d9e53c81cc49adc1627d38b137957ca","hashSHA256":"5c8f97fbc6db7a4d2ad9a7de3350a988ab34bc2a909a2917617ee12bee43d4ae","digitalCertThumbprint":"A1E63273270C0BC78CE23271A674D6AB12E995B8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Digibay Private Limited, O=Digibay Private Limited, STREET=\"104, 1-B Riverside Greens, Umroli, PANVEL Raigarh\", L=Navi Mumbai, S=Maharashtra, PostalCode=410206, C=IN","sourceIndex":"1594","avBlockList":["360 Total Security (20241024)","Avira Internet Security (20241024)","Bitdefender Internet Security (20241024)","COMODO Antivirus (20241024)","ESET Internet Security (20241024)","G DATA INTERNET SECURITY (20241024)","McAfee Total Protection (20241024)","Norton Security (20241024)","Panda Dome (20241024)","Quick Heal Internet Security (20241024)","Sophos Home Premium (20241024)","SpyHunter5 (20241024)","Total AV Antivirus Pro (20241024)","VIPRE Advanced Security (20241024)","VirIT eXplorer PRO (20241024)","Webroot SecureAnywhere (20241024)","Windows Defender (20241024)","FortectPremium (20241024)"],"avAllowList":["Avast Premium Security (20241024)","AVG Internet Security (20241024)","Dr.Web Security Space (20241024)","K7 Total Security (20241024)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20241024)","Tencent PC Manager (20220526)","Trend Micro Internet Security (20241024)","KasperskyPremium (20241024)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free Pc Clean tools","reference":"","landingPage":"https://quickpcpro.com/","directDownloadingLink":"https://quickpcpro.com/QuickPCProSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://quickpcpro.com/QuickPCProSetup.exe","sourceIndex":"1594"}],"sampleFiles":["220523/QuickPCPro-220523/3.7.9/Samples/QuickPCPro.exe","220523/QuickPCPro-220523/3.7.9/Samples/QuickPCProSetup.exe"],"imageFiles":["220523/QuickPCPro-220523/3.7.9/Images/ACR-008/QuickPCPro_008.JPG","220523/QuickPCPro-220523/3.7.9/Images/ACR-006/QuickPCPro.JPG","220523/QuickPCPro-220523/3.7.9/Images/ACR-118/ACR118_QuickPCPro_Uninstall.jpg"],"nonDeceptorImageFiles":["220523/QuickPCPro-220523/3.7.9/Images/ACR-006/ACR006_CallCenter_Landing.jpg","220523/QuickPCPro-220523/3.7.9/Images/ACR-161/ACR-161_Testimonials.jpg","220523/QuickPCPro-220523/3.7.9/Images/ACR-161/ACR-161_Testimonials_us_page.jpg"],"guid":"df3083e2-f1ff-41ba-9374-dbce3f5796e8_3.7.9_1","appID":"QuickPCPro-220523","dateAdded":"241023","deceptorType":"App","name":"Quick PC Pro","company":"Digibay Private Limited","version":"3.7.9","lastKnownStatus":"3.7.9;3.8.0","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":465},{"violations":{"ACR-004":"The app does not provide a fully functional free trial, requires purchase to fix problems identified during the free scan.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Fast Computer\\OptimAdmin.exe","companyName":"AMS Software","productName":"Ускоритель компьютера","productVersion":"4.15","fileVersion":"4.15.0.403","hashMD5":"9b90baebef8b31ff8f9764764b9917b1","hashSHA1":"86eed9977be1ec33d30f4e9c7c004240915742b0","hashSHA256":"292861d849db2f66ab0a05a3079f4037d9c2ecd454dbf86fef2fd501071505e6","digitalCertThumbprint":"063091C0E731D1A159BE1FF07512C88469065948","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"AMS SOFTWARE LLC","storeId":"","sourceIndex":"503","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FastComputerOT.exe","isInstaller":"True","companyName":"AMS Software                                                ","productName":"Ускоритель Компьютера                                       ","productVersion":"4.15                ","fileVersion":"4.15                ","hashMD5":"309864b0592bd40ce632cf6040cf2c4a","hashSHA1":"9890ad6e75227e5fd79e0745925394f9baffeb3f","hashSHA256":"54ad32dc330112b873c19d8a37b5c5b1ccd961a7b1ae2f665307ef465e3b01b3","digitalCertThumbprint":"063091C0E731D1A159BE1FF07512C88469065948","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"AMS SOFTWARE LLC","storeId":"","sourceIndex":"503","avBlockList":["Bitdefender Internet Security (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","KasperskyPremium (20250121)","Malwarebytes Premium (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","COMODO Antivirus (20250121)","McAfee Total Protection (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","Norton Security (20250121)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://fast-computer.su/","directDownloadingLink":"https://fast-computer.su/out_files_pages.php?out=FastComputerOT.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fast-computer.su/out_files_pages.php?out=FastComputerOT.exe","sourceIndex":"503"}],"sampleFiles":["241023/ComputerAccelerator-200429/4.15/Samples/FastComputerOT.exe"],"imageFiles":["241023/ComputerAccelerator-200429/4.15/Images/ACR-004/ACR-004.PNG","241023/ComputerAccelerator-200429/4.15/Images/ACR-004/ACR-004_1.PNG"],"nonDeceptorImageFiles":[],"guid":"ce1815d7-56ea-4acf-8ccd-4b3ada4fe724_4.15_1","appID":"ComputerAccelerator-200429","dateAdded":"241023","deceptorType":"App","name":"Computer Accelerator","company":"AMS Software Rus.","version":"4.15","lastKnownStatus":"4.0;4.15","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-23T19:27:21.9180414+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":466},{"violations":{"ACR-109":"The app installs \"Yandex\", \"Yandex taskbar button\", \"Voice helper Alisa\" without explicit user permission.\n","ACR-042":"The app installs \"Yandex\", \"Yandex taskbar button\", and \"Voice helper Alisa\" without explicit user permission; the offer is opt-out.\n","ACR-043":"The app installs \"Yandex\", \"Yandex taskbar button\", and \"Voice helper Alisa\" without disclosing in the offer. Offer in install is not readable and is opt-out.\n","ACR-003":"The app uses the \"traffic color\" red to create exaggerated claims about the system's health and trick the user into buying the full version.\n","ACR-004":"The app does not provide a fully functional free trial, requires purchase to fix problems identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe bottom of the app's landing page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's internal offers does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page contains testimonials with no link back to the original source, making them unverifiable.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n","ACR-035":"There is no EULA/Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-167":"There is no Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"FastComputerOT.exe","isInstaller":"True","companyName":"AMS Software                                                ","fileVersion":"0.0","hashMD5":"6fb7675215bb3803d265e2b6724936f4","hashSHA1":"532a1641269505789d99746b1a409a34d0d11ba7","hashSHA256":"3f4f5e0940d7bfa70e72522e8121e89d7bbd7eb6f18cb13fc7b3fe19d4cfff0e","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"2480","avBlockList":["Avast Premium Security (20241024)","AVG Internet Security (20241024)","Avira Internet Security (20241024)","Bitdefender Internet Security (20241024)","Dr.Web Security Space (20241024)","ESET Internet Security (20241024)","K7 Total Security (20241024)","Kaspersky Internet Security (20200616)","Malwarebytes Premium (20241024)","McAfee Total Protection (20241024)","Norton Security (20241024)","Panda Dome (20241024)","Sophos Home Premium (20241024)","SpyHunter5 (20241024)","Tencent PC Manager (20200616)","Total AV Antivirus Pro (20241024)","Trend Micro Internet Security (20241024)","VIPRE Advanced Security (20241024)","VirIT eXplorer PRO (20241024)","Webroot SecureAnywhere (20241024)","Windows Defender (20241024)","FortectPremium (20241024)","KasperskyPremium (20241024)"],"avAllowList":["360 Total Security (20241024)","COMODO Antivirus (20241024)","G DATA INTERNET SECURITY (20241024)","Quick Heal Internet Security (20241024)"]},{"isRevoked":"False","fileName":"OptimAdmin.exe","companyName":"AMS Software","fileVersion":"4.0","hashMD5":"f79df2b1549dbe13b8513a19ac0df111","hashSHA1":"e9ce233c14ad126b96219dfe687a31bda3c44251","hashSHA256":"2a843bd4d5fe2e2f2700e2f930b438318356f4d9ac84f0a7c367c4a9eaa3a0e4","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"2480","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://fast-computer.su/","directDownloadingLink":"http://fast-computer.su/out_pages.php?out=FastComputerOT.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://fast-computer.su/out_pages.php?out=FastComputerOT.exe","sourceIndex":"2480"}],"sampleFiles":["200429/ComputerAccelerator-200429/4.0/Samples/FastComputerOT.exe","200429/ComputerAccelerator-200429/4.0/Samples/OptimAdmin.exe"],"imageFiles":["200429/ComputerAccelerator-200429/4.0/Images/ACR-109/ACR-109.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-109/Installed Programs.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-109/Opt-out offer.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-043/ACR-043.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-043/Installed Programs.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-043/Opt-out offer.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-042/ACR-042.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-042/Installed Programs.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-042/Opt-out offer.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-003/Computer Accelerator ACR-003.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-004/Computer Accelerator ACR-004 [2].gif","200429/ComputerAccelerator-200429/4.0/Images/ACR-004/Computer Accelerator ACR-004.gif"],"nonDeceptorImageFiles":["200429/ComputerAccelerator-200429/4.0/Images/ACR-065/Install.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-065/About Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-065/Landing Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-065/Internal Offers.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-161/ACR-161.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-161/ACR-161 [2].png","200429/ComputerAccelerator-200429/4.0/Images/ACR-099/About Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-099/Landing Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-099/Internal Offers.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-035/Landing Page.png","200429/ComputerAccelerator-200429/4.0/Images/ACR-167/Landing Page.png"],"guid":"ce1815d7-56ea-4acf-8ccd-4b3ada4fe724_4.0_1","appID":"ComputerAccelerator-200429","dateAdded":"241023","deceptorType":"App","name":"Computer Accelerator","company":"AMS Software Rus.","version":"4.0","sigName":"Deceptor:Win32/ComputerAccelerator!109043042003004","lastKnownStatus":"4.0;4.15","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":467},{"violations":{"ACR-042":"Offers installed without obtaining explicit user acceptance. \n","ACR-003":"App differentiates issues urgency and healthy status by using traffic color (using orange color) \n","ACR-004":"Additional software needs to download to fix the scanning result. No free fix solution in app itself provided for items reported.\n","ACR-013":"Installation flow is interrupted by offer, requiring user action, to silently install an unrelated app. \n","ACR-014":"1.The offer made during installation misleads user that it is part of installation and action is needed by user. \n2. The notification exaggerates the protection status. (The system is protected by Defender real time at the moment) \n","ACR-055":"Offers during installation are selected to install by default. No obvious Accept/Decline options for user to make decision.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"asc-ultimate-setup.exe","isInstaller":"True","companyName":"IObit                                                       ","fileVersion":"17.0","hashMD5":"99fabdc663d5e14dd4fd655c685d84ac","hashSHA1":"e019c2563310fd1dbf81988ca0d30dea1eb9b81d","hashSHA256":"56dc39dae0fbb4f23322304687ca7246dd98b77b0e2d6cddec6482e233ab921b","digitalCertThumbprint":"5646BB49650557BB6C46EB30C6824D4EF6F5070D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"IObit CO., LTD\", O=\"IObit CO., LTD\", S=Sichuan Sheng, C=CN","sourceIndex":"345","avBlockList":["COMODO Antivirus (20241121)","Dr.Web Security Space (20241121)","ESET Internet Security (20241121)","KasperskyPremium (20241121)","Malwarebytes Premium (20241121)","Panda Dome (20241121)","Sophos Home Premium (20241121)","SpyHunter5 (20241121)","VirIT eXplorer PRO (20241121)","Webroot SecureAnywhere (20241121)"],"avAllowList":["360 Total Security (20241121)","Avast Premium Security (20241121)","AVG Internet Security (20241121)","Avira Internet Security (20241121)","Bitdefender Internet Security (20241121)","FortectPremium (20241121)","G DATA INTERNET SECURITY (20241121)","K7 Total Security (20241121)","McAfee Total Protection (20241121)","Quick Heal Internet Security (20241121)","Total AV Antivirus Pro (20241121)","Trend Micro Internet Security (20241121)","VIPRE Advanced Security (20241121)","Windows Defender (20241121)"]},{"isRevoked":"False","fileName":"ASC.exe","companyName":"IObit","fileVersion":"17.0","hashMD5":"7e9d6c65a1d8b5c82ab4171c12b1aa03","hashSHA1":"8b4166e52a16c6fb23175694eac8dfefffa1e5eb","hashSHA256":"896e1724f4d679bb10594420aad049ac9355ee43d3476871dd3360b68350b0f4","digitalCertThumbprint":"5646BB49650557BB6C46EB30C6824D4EF6F5070D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"IObit CO., LTD\", O=\"IObit CO., LTD\", S=Sichuan Sheng, C=CN","sourceIndex":"345","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related app hunting","reference":"iobit","landingPage":"https://www.iobit.com/en/advanced-systemcare-antivirus.php","directDownloadingLink":"https://www.iobit.com/en/advanced-systemcare-antivirus.php#","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.iobit.com/en/advanced-systemcare-antivirus.php#","sourceIndex":"345"}],"sampleFiles":["241022/ASCUltimate-241022/17.0.0.71/Samples/asc-ultimate-setup.exe"],"imageFiles":["241022/ASCUltimate-241022/17.0.0.71/Images/ACR-055/ACR-055_Install_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-042/ACR-042_Install_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-042/ACR-042_Install_2.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-013/ACR-013_Install_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-014/ACR-014_Install_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-014/ACR-014_Install_2.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-004/ACR-004_Software_1.png","241022/ASCUltimate-241022/17.0.0.71/Images/ACR-003/ACR-003_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"df5e7267-4d72-4426-805b-b1a177f567f9_17.0.0.71_1","appID":"ASCUltimate-241022","dateAdded":"241022","deceptorType":"App","name":"ASCUltimate","company":"iobit","version":"17.0.0.71","firstVendorContactDate":"241023","firstAppEsteemReplyDate":"241023","firstResolvedDate":"241122","firstResolvedVersion":"17.1.0.93","resolved":"TRUE","lastKnownStatus":"17.0.0.71","lastKnownDate":"241022","type":"Windows Executable","category":"Productivity, SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"install offers,up-sell to paid","lastUpdate":"2024-11-22T16:38:16.3145214+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":468},{"violations":{"ACR-003":"The app uses exclamation symbols together with the traffic color, misleading unnecessary urgency to user.\n","ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-002":"Company Name in the webpage comes from Liangdu Technologies, which was not mentioned/disclosed in the EULA \n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MR_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d26c1a3fc89f1867cb28aa5915ab2d6a","hashSHA1":"94bb73124616941ed51dde6f2e8d9c4d495c08f4","hashSHA256":"e6f1cf0fc7a9f318745ce41d9770ffcbedad4d88b14b80a563e94982d11ec060","sourceIndex":"504","avBlockList":["Bitdefender Antivirus for Mac (20250114)","ESET Cyber Security Pro for Mac (20250114)","G DATA AntiVirus for Mac (20250114)","McAfee Internet Security for Mac (20250114)","SpyHunterforMac (20250114)","Trend Micro Antivirus for Mac (20250114)","Sophos Home Premium For Mac (20250114)"],"avAllowList":["Avast Security for Mac (20250114)","Avira Security for Mac (20250114)","K7 Antivirus for Mac (20250114)","Kaspersky Internet Security for Mac (20250114)","Norton Security for Mac (20250114)"]},{"isRevoked":"False","fileName":"MacRemover","fileVersion":"0.","hashMD5":"697796a4a1f5dddae66484c29229be0c","hashSHA1":"7d3fbc029ee2092afa2b3b81fe226786f467334d","hashSHA256":"9b2eee99b62fbb50a4be968f5b9385779c5a927acd355a6ccb019c51fb10dc03","sourceIndex":"504","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"uninstall unwanted apps from\"","reference":"https://macremover.com/","landingPage":"https://macremover.com","directDownloadingLink":"https://macremover.com/MR_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macremover.com/MR_Setup.dmg","sourceIndex":"504"}],"sampleFiles":["241021/MacRemover-191004/4.5.7/Samples/MR_Setup.dmg","241021/MacRemover-191004/4.5.7/Samples/MacRemover"],"imageFiles":["241021/MacRemover-191004/4.5.7/Images/ACR-004/app2.png","241021/MacRemover-191004/4.5.7/Images/ACR-004/app5.png","241021/MacRemover-191004/4.5.7/Images/ACR-004/app6.png","241021/MacRemover-191004/4.5.7/Images/ACR-003/app6.png"],"nonDeceptorImageFiles":["241021/MacRemover-191004/4.5.7/Images/ACR-161/MacRemover - Better solution to fully remove Mac apps1.png","241021/MacRemover-191004/4.5.7/Images/ACR-002/offer.png"],"guid":"0a2bbce7-57d0-4252-89d9-c478881da657_4.5.7_1","appID":"MacRemover-191004","dateAdded":"241021","deceptorType":"MacOS App","name":"MacRemover","company":"MacRemover.com","version":"4.5.7","lastKnownStatus":"Deceptor:4.5.0;4.5.5;4.5.6;4.5.7","lastKnownDate":"241021","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:22.1016895+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":469},{"violations":{"ACR-003":"The app uses exclamation symbols together with the traffic color, misleading unnecessary urgency to user.\n","ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-002":"Company Name in the webpage comes from Liangdu Technologies, which was not mentioned/disclosed in the EULA \n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MR_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"63a1e741883ad903d1ca02163057f672","hashSHA1":"290776e012ffc6ba11357a524ee204e0fdbff35f","hashSHA256":"7a682ec0faf7292b654ce8fc66d36c509fde45a4d095c906e1404054fb44572f","sourceIndex":"568","avBlockList":["ESET Cyber Security Pro for Mac (20241010)","McAfee Internet Security for Mac (20241010)","Norton Security for Mac (20240910)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","G DATA AntiVirus for Mac (20241010)","K7 Antivirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","Sophos Home Premium For Mac (20241010)"]},{"isRevoked":"False","fileName":"MacRemover","fileVersion":"0.","hashMD5":"c4a97bb1c841b2d44224d29b951266ee","hashSHA1":"452017136c60f639f571051ff64183ae57c2d38b","hashSHA256":"654e28e0467d1be04a0107fb8291ac9fd605fff1474d070fdbbbf55b915936b6","sourceIndex":"568","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"uninstall unwanted apps from\"","reference":"","landingPage":"https://macremover.com","directDownloadingLink":"https://macremover.com/MR_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macremover.com/MR_Setup.dmg","sourceIndex":"568"}],"sampleFiles":["240826/MacRemover-191004/4.5.6/Samples/MR_Setup.dmg","240826/MacRemover-191004/4.5.6/Samples/MacRemover"],"imageFiles":["240826/MacRemover-191004/4.5.6/Images/ACR-004/App3.png","240826/MacRemover-191004/4.5.6/Images/ACR-004/App4.png","240826/MacRemover-191004/4.5.6/Images/ACR-004/App5.png","240826/MacRemover-191004/4.5.6/Images/ACR-003/App5.png"],"nonDeceptorImageFiles":["240826/MacRemover-191004/4.5.6/Images/ACR-161/MacRemover - Better solution to fully remove Mac apps1.png","240826/MacRemover-191004/4.5.6/Images/ACR-002/Offer2.png"],"guid":"0a2bbce7-57d0-4252-89d9-c478881da657_4.5.6_1","appID":"MacRemover-191004","dateAdded":"241021","deceptorType":"MacOS App","name":"MacRemover","company":"MacRemover.com","version":"4.5.6","lastKnownStatus":"Deceptor:4.5.0;4.5.5;4.5.6;4.5.7","lastKnownDate":"241021","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:24.1643918+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":470},{"violations":{"ACR-004":"The application shows free results that request pay for subscription fee to fix them.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The App shows different vendor name \"Guangxi Nanning Liangdu Technology Inc.\" that is not mentioned in the App's landing page and product information.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays star awards from Macworld Editor's Choice that is unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MR_Setup.dmg","isInstaller":"True","companyName":"MacRemover.com","productName":"MacRemover","productVersion":"4.5.0","fileVersion":"4.5.0","hashMD5":"b12268bfbd0dd4220e2001944857ad67","hashSHA1":"3e8405a13342557167d7a5088e94fb6d8a7240bf","hashSHA256":"385e4f95a87e15549ac9226a94539f17929c2d6b3f2ac2b59ce8b2e4070c952b","sourceIndex":"2649","avBlockList":["Avira Security for Mac (20200116)","Bitdefender Antivirus for Mac (20200116)","ESET Cyber Security Pro for Mac (20200116)","G DATA AntiVirus for Mac (20200116)","McAfee Internet Security for Mac (20200116)","Norton Security for Mac (20200116)","Sophos Home Premium For Mac (20200116)"],"avAllowList":["Avast Security for Mac (20200116)","K7 Antivirus for Mac (20200116)","Kaspersky Internet Security for Mac (20200116)","Trend Micro Antivirus for Mac (20200116)"]},{"isRevoked":"False","fileName":"/Applications/Mac Remover.app/Contents/MacOS/MacRemover","companyName":"MacRemover.com","productName":"MacRemover","productVersion":"4.5.0","fileVersion":"4.5.0","hashMD5":"43994019dc5b863a12d764b6585de207","hashSHA1":"e5ca8b794910227e288856888bad637ec173bb06","hashSHA256":"f0cba7b1e675d3b6dbf54e9b030690624aabd78db2f0055ae7c432fb7017322a","sourceIndex":"2649","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"uninstall unwanted apps from\"","reference":"https://macremover.com/uninstallguides/2015/11/06/how-to-uninstall-reeder-2-completely-all-you-need-is-here/","landingPage":"https://macremover.com","directDownloadingLink":"https://macremover.com/MR_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macremover.com/MR_Setup.dmg","sourceIndex":"2649"}],"sampleFiles":["191008/MacRemover-191004/4.5.0/Samples/MR_Setup.dmg","191008/MacRemover-191004/4.5.0/Samples/MacRemover"],"imageFiles":["191008/MacRemover-191004/4.5.0/Images/ACR-004/run_analysis.png","191008/MacRemover-191004/4.5.0/Images/ACR-004/004.png","191008/MacRemover-191004/4.5.0/Images/ACR-004/buy.png","191008/MacRemover-191004/4.5.0/Images/ACR-004/buy2.png","191008/MacRemover-191004/4.5.0/Images/ACR-004/buy3.png"],"nonDeceptorImageFiles":["191008/MacRemover-191004/4.5.0/Images/ACR-161/161.png","191008/MacRemover-191004/4.5.0/Images/ACR-150/150.png","191008/MacRemover-191004/4.5.0/Images/ACR-092/about.png","191008/MacRemover-191004/4.5.0/Images/ACR-092/buy2.png"],"guid":"0a2bbce7-57d0-4252-89d9-c478881da657_4.5.0_1","appID":"MacRemover-191004","dateAdded":"241021","deceptorType":"MacOS App","name":"MacRemover","company":"MacRemover.com","version":"4.5.0","sigName":"Deceptor:MacOS/MacRemover!004","lastKnownStatus":"Deceptor:4.5.0;4.5.5;4.5.6;4.5.7","lastKnownDate":"241021","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":472},{"violations":{"ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-002":"Company Name in the webpage comes from Liangdu Technologies, which was not mentioned/disclosed in the EULA \n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays star awards from Macworld Editor's Choice that is unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"MR_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5f964368992ea2721d976bf027581ae2","hashSHA1":"68b527c51fb957dc4e5fe97a593fd313491e13d5","hashSHA256":"23ca16d9b1c2d7c6ae828042ee80748fc5871b504e1d3e126a480237edca7a7e","sourceIndex":"1423","avBlockList":["Avira Security for Mac (20221108)","Bitdefender Antivirus for Mac (20221108)","ESET Cyber Security Pro for Mac (20221108)","G DATA AntiVirus for Mac (20221108)","Norton Security for Mac (20221108)","Sophos Home Premium For Mac (20221108)","Trend Micro Antivirus for Mac (20221108)"],"avAllowList":["Avast Security for Mac (20221108)","K7 Antivirus for Mac (20221108)","Kaspersky Internet Security for Mac (20221108)","McAfee Internet Security for Mac (20221108)"]},{"isRevoked":"False","fileName":"Mac Remover.app.zip","fileVersion":"0.","hashMD5":"5fff977eed3e4249a2db24b5d1f788e5","hashSHA1":"2a6a30b856f2a89b428d9310c3a2dee65ac15d0f","hashSHA256":"603d392cf807162fb135abdc6b4408b187bc8d070d28b5610bca66d4b56e695d","sourceIndex":"1423","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacRemover","fileVersion":"0.","hashMD5":"5fff977eed3e4249a2db24b5d1f788e5","hashSHA1":"2a6a30b856f2a89b428d9310c3a2dee65ac15d0f","hashSHA256":"02cebc4ff242024fdfd92899c494592ceccca0d4894f68a2a490288352f2d920","sourceIndex":"1423","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Company website","reference":"","landingPage":"https://macremover.com","directDownloadingLink":"https://macremover.com/MR_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macremover.com/MR_Setup.dmg","sourceIndex":"1423"}],"sampleFiles":["220914/MacRemover-191004/4.5.5/Samples/MR_Setup.dmg","220914/MacRemover-191004/4.5.5/Samples/MacRemover"],"imageFiles":["220914/MacRemover-191004/4.5.5/Images/ACR-004/USE_MainPage2.png","220914/MacRemover-191004/4.5.5/Images/ACR-004/USE_MainWindow.png","220914/MacRemover-191004/4.5.5/Images/ACR-004/USE_PromptAfterScan.png","220914/MacRemover-191004/4.5.5/Images/ACR-004/USE_Upgrade2.png"],"nonDeceptorImageFiles":["220914/MacRemover-191004/4.5.5/Images/ACR-161/WEB_Testimonials.png","220914/MacRemover-191004/4.5.5/Images/ACR-150/150.png","220914/MacRemover-191004/4.5.5/Images/ACR-002/USE_PromptAfterScan.png","220914/MacRemover-191004/4.5.5/Images/ACR-002/USE_UpgradeOffer.png","220914/MacRemover-191004/4.5.5/Images/ACR-002/USE_Upgrade2.png"],"guid":"0a2bbce7-57d0-4252-89d9-c478881da657_4.5.5_1","appID":"MacRemover-191004","dateAdded":"241021","deceptorType":"MacOS App","name":"MacRemover","company":"MacRemover.com","version":"4.5.5","lastKnownStatus":"Deceptor:4.5.0;4.5.5;4.5.6;4.5.7","lastKnownDate":"241021","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":471},{"violations":{"ACR-004":"The app provides free scans but does not provide a fully functioning free trial with free fixes for any results, and the fixes are not anticipated to be permanent.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy,\nThe app does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not show a link to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"76cbf71df2eb321fe6bde871d0be2ef2","hashSHA1":"6e3fc067d9b412856dba8574dd118dbb1d8b196b","hashSHA256":"b76157b225a03012bc0c922aa28d252fb336e79f0b7459aa3169b8f6fedab68c","sourceIndex":"2779","avBlockList":["Avast Security for Mac (20211012)","Avira Security for Mac (20211012)","Bitdefender Antivirus for Mac (20211012)","ESET Cyber Security Pro for Mac (20211012)","G DATA AntiVirus for Mac (20211012)","K7 Antivirus for Mac (20211012)","McAfee Internet Security for Mac (20211012)","Norton Security for Mac (20211012)","Sophos Home Premium For Mac (20211012)","Trend Micro Antivirus for Mac (20211012)"],"avAllowList":["Kaspersky Internet Security for Mac (20211012)"]},{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"73ebb0217f95e95cd5156293c3cb8d6b","hashSHA1":"00dde6f68fa89d9545da34f74524025bd273822a","hashSHA256":"21e85e6a8201bb275b22aa919be60dfc907806ce9b6417ef2a826d21f139b222","sourceIndex":"2779","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel 190422","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/awecleanertrial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/awecleanertrial.zip","sourceIndex":"2779"}],"sampleFiles":["190919/AweCleaner-190424/4.0/Samples/AweCleanerTrial.dmg"],"imageFiles":["190919/AweCleaner-190424/4.0/Images/ACR-004/AweCleaner 004.gif"],"nonDeceptorImageFiles":["190919/AweCleaner-190424/4.0/Images/ACR-065/Screen Shot 2019-09-18 at 3.08.16 PM.png","190919/AweCleaner-190424/4.0/Images/ACR-065/About Page.png","190919/AweCleaner-190424/4.0/Images/ACR-065/Bottom of Landing Page.png","190919/AweCleaner-190424/4.0/Images/ACR-099/About Page.png","190919/AweCleaner-190424/4.0/Images/ACR-099/Bottom of Landing Page.png","190919/AweCleaner-190424/4.0/Images/ACR-099/Bottom of Internal Offers.png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.0_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.0","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":484},{"violations":{"ACR-004":"The app does not provide free fixes for all free scans.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy,\nThe app does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not show a link to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"641031d3303a4580c08b524c6a9df287","hashSHA1":"cd1102fcfa13d7405774f64f3a8bc332ea66032e","hashSHA256":"508e011f55855b5b36b348e657f491a55ecd81868876ebafcb8f44573b345993","sourceIndex":"2778","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"76b9a8e4587044c6520efd5027788ae9","hashSHA1":"b6bd1786ca1f6257bf6ea9e7d980eb76cc66738a","hashSHA256":"e3e61f258f7d12bcb4282309f58e21ec0440331930c1980753e802609f6042ca","sourceIndex":"2778","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel 190422","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/awecleanertrial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/awecleanertrial.zip","sourceIndex":"2778"}],"sampleFiles":["190919/AweCleaner-190424/3.6/Samples/AweCleaner","190919/AweCleaner-190424/3.6/Samples/AweCleanerTrial.dmg"],"imageFiles":["190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Before Internal Offers.png","190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Enter License Code.png","190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Scan Results 2.png","190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Scan Results.png","190919/AweCleaner-190424/3.6/Images/ACR-004/AweCleaner Internal Offers.png"],"nonDeceptorImageFiles":["190919/AweCleaner-190424/3.6/Images/ACR-065/AweCleaner Install.png","190919/AweCleaner-190424/3.6/Images/ACR-065/AweCleaner About Page.png","190919/AweCleaner-190424/3.6/Images/ACR-065/AweCleaner Bottom of Landing Page.png","190919/AweCleaner-190424/3.6/Images/ACR-099/AweCleaner About Page.png","190919/AweCleaner-190424/3.6/Images/ACR-099/AweCleaner Bottom of Internal Offers.png","190919/AweCleaner-190424/3.6/Images/ACR-099/AweCleaner Bottom of Internal Offers.png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_3.6_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"3.6","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":483},{"violations":{"ACR-004":"The app provides free scans but does not provide a fully functioning free trial with free fixes for results where the fixes are not anticipated to be permanent.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's about page does not contain links to the EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"3796de5fb76af69ee26dd3b5f432ae88","hashSHA1":"89eed57de89053985c6054816970c873b08cc198","hashSHA256":"1ccdfb70a9786867475293585fe3c8992623fe741ec1b4308fc0e1c4a1483e40","sourceIndex":"2538","avBlockList":["Avast Security for Mac (20211109)","Avira Security for Mac (20211109)","Bitdefender Antivirus for Mac (20211109)","ESET Cyber Security Pro for Mac (20211109)","G DATA AntiVirus for Mac (20211109)","K7 Antivirus for Mac (20211109)","McAfee Internet Security for Mac (20211109)","Norton Security for Mac (20211109)","Sophos Home Premium For Mac (20211109)","Trend Micro Antivirus for Mac (20211109)"],"avAllowList":["Kaspersky Internet Security for Mac (20211109)"]},{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"a29d834ab1fa6110413e480cb0959e6f","hashSHA1":"7c99c14c1c8b4ebde7611c6d13598f494fa690ef","hashSHA256":"f90bc7b4318fc645d23b50a27b32b06e89b3243cfc8412fa9f29b2e1d55e4b06","sourceIndex":"2538","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel 190422","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2538"}],"sampleFiles":["200212/AweCleaner-190424/4.3/Samples/AweCleanerTrial.dmg","200212/AweCleaner-190424/4.3/Samples/AweCleaner"],"imageFiles":["200212/AweCleaner-190424/4.3/Images/ACR-004/AweCleaner ACR-004.gif"],"nonDeceptorImageFiles":["200212/AweCleaner-190424/4.3/Images/ACR-065/Screen Shot 2020-01-29 at 5.43.14 PM.png","200212/AweCleaner-190424/4.3/Images/ACR-065/Screen Shot 2020-01-29 at 5.43.02 PM.png","200212/AweCleaner-190424/4.3/Images/ACR-065/Screen Shot 2020-01-29 at 5.50.46 PM.png","200212/AweCleaner-190424/4.3/Images/ACR-099/Screen Shot 2020-01-29 at 5.43.02 PM.png","200212/AweCleaner-190424/4.3/Images/ACR-099/Screen Shot 2020-01-29 at 5.50.46 PM.png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.3_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.3","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":482},{"violations":{"ACR-004":"The application provides free scan results without free fix and uses these results to upsell the consumer to a subscription service\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"12e80cfce64d26c91419b73a6ea129f9","hashSHA1":"582363136a89228c8a4886e0d18452f71049c5bf","hashSHA256":"8bbf6fd20cda16f9d8d88aa48b98e9aaa914b61231949fadeaa1eafa13c2b977","sourceIndex":"2408","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"58da5b9b95e9d589e48305bc6101a775","hashSHA1":"bf257f53307b4952fc340542f0b5f5e8e5691dda","hashSHA256":"379eb1cc6d045730f7693cac08a886ddc79fc77a71f1137ec4f87a73fa7c4bd1","sourceIndex":"2408","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"MacOs Cleaner\"","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2408"}],"sampleFiles":["200622/AweCleaner-190424/4.4/Samples/AweCleanerTrial.dmg","200622/AweCleaner-190424/4.4/Samples/AweCleaner"],"imageFiles":["200622/AweCleaner-190424/4.4/Images/ACR-004/AweCleaner_Interaction [3].png","200622/AweCleaner-190424/4.4/Images/ACR-004/AweCleaner_Interaction [4].png","200622/AweCleaner-190424/4.4/Images/ACR-004/AweCleaner_OfferPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-004/AweCleaner_OfferPage [2].png"],"nonDeceptorImageFiles":["200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_Install [1].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_About [1].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_LandingPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_LandingPage [2].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_OfferPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_OfferPage [2].png","200622/AweCleaner-190424/4.4/Images/ACR-065/AweCleaner_OfferPage [4].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_About [1].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_LandingPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_LandingPage [2].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_OfferPage [1].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_OfferPage [2].png","200622/AweCleaner-190424/4.4/Images/ACR-099/AweCleaner_OfferPage [4].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.4_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.4","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":481},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-043":"Open source  'FFmpeg'  is installed without disclosure.\n","ACR-107":"The app doesn't disclose relevant license information about using the open-source project  'ffmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup of its own. \n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.  \n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation. \n","ACR-014":"The app misleads users that they need to install an update but does not update anything when the update option is clicked.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app does not have a digital signature for the main executable: \"DailymotionDownloaderFree.exe\"\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Dailymotion Downloader Free\\DailymotionDownloaderFree.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"7b4c1dd8d9455d190f00dbced769b5e3","hashSHA1":"cccd71b8c71698c2f1714960e38a93ed3a74b31f","hashSHA256":"12314fc5cc4c5c538280acb39bb28d182751a2c87b6a8f77f1f637306714f13a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"508","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Dailymotion Downloader Free\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"508","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DailymotionDownloaderFree.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"Dailymotion Downloader Free                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5dde494307e224959b59bfad59a06ba8","hashSHA1":"06ffcd0c5132378b1c9ef5ef4a6c0a079b0cffdc","hashSHA256":"2dadfa3c84898b1e87dac3e1af7449249abb73723cc64847a0a2e084cc170317","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"508","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220609)","Trend Micro Internet Security (20250109)"]},{"isRevoked":"False","fileName":"DailymotionDownloaderFree_241017.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"93bf18c4e273ccce41b023c8855de867","hashSHA1":"b7fd03798966152832cda1573b6c3922c7cade19","hashSHA256":"df3586f40b21c870803d816ce9bc43014d5d8a9542d0907a47fa745a276a8aaf","sourceIndex":"508","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":["Panda Dome (20241231)","Quick Heal Internet Security (20241231)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on FreeAudioVideoSoftTech products","reference":"","landingPage":"https://www.freeaudiovideosoft.com/downloader-for-windows/free-dailymotion-downloader/","directDownloadingLink":"www.freeaudiovideosoft.com/files/DailymotionDownloaderFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"www.freeaudiovideosoft.com/files/DailymotionDownloaderFree.exe","sourceIndex":"508"}],"sampleFiles":["241017/dailymotiondownloaderfree-220606/8.8.2.4/Samples/DailymotionDownloaderFree.exe","241017/dailymotiondownloaderfree-220606/8.8.2.4/Samples/DailymotionDownloaderFree_241017.exe"],"imageFiles":["241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-043/ACR-043_Install.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-107/ACR-107_Install.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-084/ACR-084_Software.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-048/ACR-048_Software.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-048/ACR-048_Software_1.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-014/ACR-014_software.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-118/ACR-118_Uninstall.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-122/ACR-122_Uninstall.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-092/ACR-092_Software.JPG","241017/dailymotiondownloaderfree-220606/8.8.2.4/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"b3f5e66b-5373-4e59-86a8-14de7f9dbc1f_8.8.2.4_1","appID":"dailymotiondownloaderfree-220606","dateAdded":"241017","deceptorType":"App","name":"Dailymotion Downloader Free","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T16:54:17.1641303+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":474},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app does not display links to the EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"a07a2877856216d447c6fc7972651fea","hashSHA1":"34edcb2ae39c317ed8af6fa6b299b3ebcb3ce176","hashSHA256":"51ca6b5aa58cf1c9300e0a3fb7a34a7c55df95e1b9d18b24fe6573360199e626","sourceIndex":"2137","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"836fce9e9b7e26190854102c12b27786","hashSHA1":"3406be37d8e17972d9d856d437636d27723b916a","hashSHA256":"5bf9098ee852d8fe4df136e8428694356165e2f34fdcd3ef267ba695a0570fce","sourceIndex":"2137","avBlockList":["Avast Security for Mac (20210810)","Avira Security for Mac (20200811)","Bitdefender Antivirus for Mac (20210810)","ESET Cyber Security Pro for Mac (20210810)","G DATA AntiVirus for Mac (20210810)","K7 Antivirus for Mac (20210810)","McAfee Internet Security for Mac (20210810)","Norton Security for Mac (20210810)","Sophos Home Premium For Mac (20210810)","Trend Micro Antivirus for Mac (20210810)"],"avAllowList":["Kaspersky Internet Security for Mac (20210810)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2137"}],"sampleFiles":["200806/AweCleaner-190424/4.5/Samples/AweCleaner","200806/AweCleaner-190424/4.5/Samples/AweCleanerTrial.dmg"],"imageFiles":["200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [1].png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [2] ScanResults.png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [3] ScanResults.png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [4] ScanResults.png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_Interaction [5] PurchaseNow.png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_OfferPage [3].png","200806/AweCleaner-190424/4.5/Images/ACR-004/AweCleaner_OfferPage [2].png"],"nonDeceptorImageFiles":["200806/AweCleaner-190424/4.5/Images/ACR-045/AweCleaner_LandingPage [3].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_Install [1].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_About [1].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_LandingPage [1].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_OfferPage [1].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_OfferPage [2].png","200806/AweCleaner-190424/4.5/Images/ACR-065/AweCleaner_OfferPage [3].png","200806/AweCleaner-190424/4.5/Images/ACR-161/AweCleaner_LandingPage_Testimonials [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_About [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_Interaction [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_LandingPage [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_LandingPage [2].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_OfferPage [1].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_OfferPage [2].png","200806/AweCleaner-190424/4.5/Images/ACR-099/AweCleaner_OfferPage [3].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.5_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.5","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":480},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"eeba814a889630c6b256e65e756ceb78","hashSHA1":"a04c19b050ed243cb4c93b8925afbfea133cc57e","hashSHA256":"062814124e120fa3c81fe567ff972244cc9958309cd942fb58da9f75d38d67a8","sourceIndex":"2112","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"6120650d4339c7a2bd0358a52ebaad9c","hashSHA1":"59cd5d35cc4c26d49b6cf68d8eeed6dff546ba27","hashSHA256":"be4ac3bd958979231481eb64ccb935600f538c5a00d7253067b131f5dd671787","sourceIndex":"2112","avBlockList":["Avast Security for Mac (20210608)","Avira Security for Mac (20210608)","Bitdefender Antivirus for Mac (20210608)","ESET Cyber Security Pro for Mac (20210608)","K7 Antivirus for Mac (20210608)","McAfee Internet Security for Mac (20210608)","Norton Security for Mac (20210608)","Sophos Home Premium For Mac (20210608)","Trend Micro Antivirus for Mac (20210608)"],"avAllowList":["G DATA AntiVirus for Mac (20210608)","Kaspersky Internet Security for Mac (20210608)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2112"}],"sampleFiles":["200915/AweCleaner-190424/4.6/Samples/AweCleaner","200915/AweCleaner-190424/4.6/Samples/AweCleanerTrial.dmg"],"imageFiles":["200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_Interaction [1].png","200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_Interaction [2] ScanResult.png","200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_Interaction [3] Activate.png","200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_OfferPage [4].png","200915/AweCleaner-190424/4.6/Images/ACR-004/AweCleaner_OfferPage [2].png"],"nonDeceptorImageFiles":["200915/AweCleaner-190424/4.6/Images/ACR-045/AweCleaner_LandingPage [2] FreeTrial.png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_Install [1].png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_About [1].png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_LandingPage [1].jpg","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_OfferPage [1].png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_OfferPage [2].png","200915/AweCleaner-190424/4.6/Images/ACR-065/AweCleaner_OfferPage [3].png","200915/AweCleaner-190424/4.6/Images/ACR-161/AweCleaner_LandingPage [3] Testimonials.png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_About [1].png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_LandingPage [1].jpg","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_OfferPage [1].png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_OfferPage [2].png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_OfferPage [3].png","200915/AweCleaner-190424/4.6/Images/ACR-099/AweCleaner_OfferPage [4].png","200915/AweCleaner-190424/4.6/Images/ACR-166/AweCleaner_OfferPage [2].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.6_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.6","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":479},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"8b93727055d050041bb76f35e08719c7","hashSHA1":"24cb415aeb096c330d5e2fdb55da701d0acfad42","hashSHA256":"1ed13abbd3fd90ade08ba9ac88035b5540a2a3b5a5be98222be8f39698ec1801","sourceIndex":"2067","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"0f90c501d0f3a41a9b57b3daad1b836c","hashSHA1":"a3519d9091ae635e113dcaf6f24dc17a5ce66bc5","hashSHA256":"0e0f55796698706af24382840ccc1629d54bcb6dd0a271b44bda6ca4fbc36d0d","sourceIndex":"2067","avBlockList":["Avast Security for Mac (20210713)","Avira Security for Mac (20210713)","Bitdefender Antivirus for Mac (20210713)","ESET Cyber Security Pro for Mac (20210713)","G DATA AntiVirus for Mac (20210713)","K7 Antivirus for Mac (20210713)","Norton Security for Mac (20210713)","Sophos Home Premium For Mac (20210713)","Trend Micro Antivirus for Mac (20210713)"],"avAllowList":["Kaspersky Internet Security for Mac (20210713)","McAfee Internet Security for Mac (20210713)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel 190422","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2067"}],"sampleFiles":["201026/AweCleaner-190424/4.7/Samples/AweCleaner","201026/AweCleaner-190424/4.7/Samples/AweCleanerTrial.dmg"],"imageFiles":["201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_Interactions [1].png","201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_Interactions [2] ScanResults.png","201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_Interactions [3]Activate.png","201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_OfferPage [3].png","201026/AweCleaner-190424/4.7/Images/ACR-004/AweCleaner_OfferPage [4].png"],"nonDeceptorImageFiles":["201026/AweCleaner-190424/4.7/Images/ACR-045/AweCleaner_LandingPage [2].jpg","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_Installs [1].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_Interactions [1].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_LandingPage [2].jpg","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_OfferPage [1].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_OfferPage [2].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_OfferPage [3].png","201026/AweCleaner-190424/4.7/Images/ACR-065/AweCleaner_OfferPage [4].png","201026/AweCleaner-190424/4.7/Images/ACR-161/AweCleaner_LandingPage [1] Testimonials.png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_About [1].png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_LandingPage [2].jpg","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_OfferPage [1].png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_OfferPage [2].png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_OfferPage [3].png","201026/AweCleaner-190424/4.7/Images/ACR-099/AweCleaner_OfferPage [4].png","201026/AweCleaner-190424/4.7/Images/ACR-166/AweCleaner_OfferPage [4].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.7_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.7","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":478},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"6706fc6dac5deeef99961964232c7762","hashSHA1":"fcb9515cd74fd37a9909642bbd9497427fba0e79","hashSHA256":"1203cac4ca82a7e77f0d7bc96e99eac81bd3f6470415c9d6f04b014a953f00f6","sourceIndex":"2022","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"83142dd42e047d4b4b2d6ebb6e5540bb","hashSHA1":"4456460469fd2d40385d87bdaaccf939f4489c9c","hashSHA256":"fd25aafb5656ee13a5b6d81b6e58dbc99a922dcefa9340ef6bbd283170d4e369","sourceIndex":"2022","avBlockList":["Avast Security for Mac (20210914)","Avira Security for Mac (20210914)","Bitdefender Antivirus for Mac (20210914)","ESET Cyber Security Pro for Mac (20210914)","G DATA AntiVirus for Mac (20210914)","K7 Antivirus for Mac (20210914)","Norton Security for Mac (20210914)","Sophos Home Premium For Mac (20210914)","Trend Micro Antivirus for Mac (20210914)"],"avAllowList":["Kaspersky Internet Security for Mac (20210914)","McAfee Internet Security for Mac (20210914)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"2022"}],"sampleFiles":["201222/AweCleaner-190424/4.8/Samples/AweCleaner","201222/AweCleaner-190424/4.8/Samples/AweCleanerTrial.dmg"],"imageFiles":["201222/AweCleaner-190424/4.8/Images/ACR-004/AweCleaner_Interactions [1].png","201222/AweCleaner-190424/4.8/Images/ACR-004/AweCleaner_Interactions [2].png","201222/AweCleaner-190424/4.8/Images/ACR-004/AweCleaner_Interactions [3].png"],"nonDeceptorImageFiles":["201222/AweCleaner-190424/4.8/Images/ACR-045/AweCleaner_LandingPage[1].jpg","201222/AweCleaner-190424/4.8/Images/ACR-065/AweCleaner_Install [1].png","201222/AweCleaner-190424/4.8/Images/ACR-065/AweCleaner_About [1].png","201222/AweCleaner-190424/4.8/Images/ACR-065/AweCleaner_LandingPage[1].jpg","201222/AweCleaner-190424/4.8/Images/ACR-065/AweCleaner_OfferPage [1].png","201222/AweCleaner-190424/4.8/Images/ACR-161/AweCleaner_LandingPage [3] Testimonials.png","201222/AweCleaner-190424/4.8/Images/ACR-099/AweCleaner_About [1].png","201222/AweCleaner-190424/4.8/Images/ACR-099/AweCleaner_LandingPage[1].jpg","201222/AweCleaner-190424/4.8/Images/ACR-099/AweCleaner_OfferPage [1].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.8_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.8","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":477},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"d4b1efa6fa7946c0597b6e26c73e8b36","hashSHA1":"c5a04383dd515d987157b2154e49c4a1d76255e1","hashSHA256":"55c2c42ecdd67df5054864600d0583e4039a1edddb08af8423702a0b9d170e81","sourceIndex":"1923","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5875428e8ebd0deaed0c4710e62b7d1f","hashSHA1":"4b465ae4f9bffd0926ce1ea307d55ac365e65feb","hashSHA256":"64bcdef45bc489e1f2677dd3aa256da775b5393134a48083fdff251712827bbd","sourceIndex":"1923","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"https://www.magoshare.com/download/","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"1923"}],"sampleFiles":["210517/AweCleaner-190424/4.9/Samples/AweCleaner","210517/AweCleaner-190424/4.9/Samples/AweCleanerTrial.dmg"],"imageFiles":["210517/AweCleaner-190424/4.9/Images/ACR-004/AweCleaner_Interactions [1].png","210517/AweCleaner-190424/4.9/Images/ACR-004/AweCleaner_Interactions [2].png","210517/AweCleaner-190424/4.9/Images/ACR-004/AweCleaner_Interactions [3].png"],"nonDeceptorImageFiles":["210517/AweCleaner-190424/4.9/Images/ACR-045/AweCleaner_LandingPage [4].png","210517/AweCleaner-190424/4.9/Images/ACR-045/AweCleaner_LandingPage [5].png","210517/AweCleaner-190424/4.9/Images/ACR-065/AweCleaner_Install [1].png","210517/AweCleaner-190424/4.9/Images/ACR-065/AweCleaner_About [1].png","210517/AweCleaner-190424/4.9/Images/ACR-065/AweCleaner_LandingPage [1].png","210517/AweCleaner-190424/4.9/Images/ACR-065/AweCleaner_OfferPage [1].png","210517/AweCleaner-190424/4.9/Images/ACR-161/AweCleaner_LandingPage [2].png","210517/AweCleaner-190424/4.9/Images/ACR-099/AweCleaner_About [1].png","210517/AweCleaner-190424/4.9/Images/ACR-099/AweCleaner_LandingPage [1].png","210517/AweCleaner-190424/4.9/Images/ACR-099/AweCleaner_OfferPage [1].png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_4.9_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"4.9","sigName":"Deceptor:MacOS/AweCleaner!004","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":476},{"violations":{"ACR-004":"The app does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display link to the EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's About page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not show links to uninstall information. \nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AweCleanerTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"9157fd823edb0ebf3961f85acbed38e3","hashSHA1":"fcfa551e0f1e0b76fdbbe572ffdca6fd27f5d7a2","hashSHA256":"7317a9a1c6ab64931316f0098f6f0ddde91bcb6652573792cee539c5b6071b60","sourceIndex":"507","avBlockList":["Avast Security for Mac (20250114)","Avira Security for Mac (20250114)","ESET Cyber Security Pro for Mac (20250114)","Norton Security for Mac (20250114)","Sophos Home Premium For Mac (20250114)","SpyHunterforMac (20250114)","Trend Micro Antivirus for Mac (20250114)"],"avAllowList":["Bitdefender Antivirus for Mac (20250114)","G DATA AntiVirus for Mac (20250114)","K7 Antivirus for Mac (20250114)","Kaspersky Internet Security for Mac (20250114)","McAfee Internet Security for Mac (20250114)"]},{"isRevoked":"False","fileName":"AweCleaner","fileVersion":"0.","hashMD5":"dc39a1b5bcef361bcf99033789cd64b6","hashSHA1":"496eda2547db376ac59005f37397baa3e9f3225d","hashSHA256":"33e2327d76279d508ed9fe90d8cf5fc1ff7e856720e0c0f55dd09e00829e6696","sourceIndex":"507","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.magoshare.com/mac-cleaner/awecleaner-for-mac.html","directDownloadingLink":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magoshare.com/trial/AweCleanerTrial.dmg","sourceIndex":"507"}],"sampleFiles":["241017/AweCleaner-190424/5.7/Samples/AweCleanerTrial.dmg","241017/AweCleaner-190424/5.7/Samples/AweCleaner"],"imageFiles":["241017/AweCleaner-190424/5.7/Images/ACR-004/App11.png"],"nonDeceptorImageFiles":["241017/AweCleaner-190424/5.7/Images/ACR-045/landingpage1.png","241017/AweCleaner-190424/5.7/Images/ACR-065/install.png","241017/AweCleaner-190424/5.7/Images/ACR-065/App10.png","241017/AweCleaner-190424/5.7/Images/ACR-161/landingpage2.png","241017/AweCleaner-190424/5.7/Images/ACR-099/App10.png","241017/AweCleaner-190424/5.7/Images/ACR-099/landingpage3.png","241017/AweCleaner-190424/5.7/Images/ACR-099/offerpage1.png"],"guid":"043e8c55-bd95-40ff-9a01-5a5ba15ecb33_5.7_1","appID":"AweCleaner-190424","dateAdded":"241017","deceptorType":"MacOS App","name":"Awe Cleaner","company":"Magoshare","version":"5.7","lastKnownStatus":"Deceptor:3.6,4.0,4.3,4.4;4.5;4.6;4.7;4.8;4.9;5.7","lastKnownDate":"241017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:22.1950914+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":475},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control, upon clicking, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed. \n"},"samples":[{"isRevoked":"False","fileName":"absee_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"ABsee Free Image Viewer             ","fileVersion":"4.0.2","hashMD5":"b80e719fc15915967b24722cfe118b62","hashSHA1":"f59fe47ba8c59d66de6e0b8178e88f602e3261d2","hashSHA256":"5eb9a132ef6866f5a2f2e6c00a08c4fd7638a20da8a7337a4dd1ee6a4bb38cfe","digitalCertThumbprint":"CB63529ED0F5FA356EB2801B5FAA196C97760C72","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=潍坊金网信息科技有限公司, O=潍坊金网信息科技有限公司, L=潍坊市, S=山东省, C=CN, SERIALNUMBER=91370700745698896P, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=潍坊高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=山东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"509","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)","FortectPremium (20241231)","KasperskyPremium (20241231)"],"avAllowList":["Quick Heal Internet Security (20241231)","Tencent PC Manager (20220609)","Trend Micro Internet Security (20241231)"]},{"isRevoked":"False","fileName":"ABseeViewer.exe","companyName":"zxt2007.com","productName":"ABsee Free Image Viewer","fileVersion":"4.0","hashMD5":"26df6c94f376371cf0c7ad2a5139c960","hashSHA1":"cd32a1183436267b18704076f0d1474665e5adfb","hashSHA256":"72cc62d76f8a7dd2d0239832061be41a99d46fcc574dc6da5ba55e98a978952a","sourceIndex":"509","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"absee_setup_241017.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","fileVersion":"4.0","hashMD5":"9b682493c81b7b9f2da78c077a58a819","hashSHA1":"fa992630e3a8ca351587084a8acf126bb8fb9fd8","hashSHA256":"95f31e207cdd9e04775a44817f1dd2ba2ea3391af398f6a5b7c242b1d68b6ac0","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=张晓彤, O=张晓彤, S=山东省, C=CN","sourceIndex":"509","avBlockList":["360 Total Security (20250102)","Avast Premium Security (20250102)","AVG Internet Security (20250102)","Avira Internet Security (20250102)","Bitdefender Internet Security (20250102)","COMODO Antivirus (20250102)","Dr.Web Security Space (20250102)","ESET Internet Security (20250102)","FortectPremium (20250102)","G DATA INTERNET SECURITY (20250102)","K7 Total Security (20250102)","KasperskyPremium (20250102)","Malwarebytes Premium (20250102)","McAfee Total Protection (20250102)","Norton Security (20250102)","Panda Dome (20250102)","Quick Heal Internet Security (20250102)","Sophos Home Premium (20250102)","SpyHunter5 (20250102)","Total AV Antivirus Pro (20250102)","Trend Micro Internet Security (20250102)","VIPRE Advanced Security (20250102)","VirIT eXplorer PRO (20250102)","Webroot SecureAnywhere (20250102)","Windows Defender (20250102)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/abseeimageviewer.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=absee_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=absee_setup.exe","sourceIndex":"509"}],"sampleFiles":["241017/ABseeFreeImageViewer-220606/4.0.2/Samples/absee_setup.exe","241017/ABseeFreeImageViewer-220606/4.0.2/Samples/ABseeViewer.exe","241017/ABseeFreeImageViewer-220606/4.0.2/Samples/absee_setup_241017.exe"],"imageFiles":["241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-109/ACR-109_048_RKSetup.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-048/ACR-109_048_RKSetup.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-010/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-118/ACR-118_remnants.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-057/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-059/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-071/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-065/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-106/RelevantKnowledge.jpg","241017/ABseeFreeImageViewer-220606/4.0.2/Images/ACR-092/ACR-092_NoDigiSig.jpg"],"guid":"5783092d-81e5-4c0c-8a12-9a02ad3d17c8_4.0.2_1","appID":"ABseeFreeImageViewer-220606","dateAdded":"241017","deceptorType":"App","name":"ABsee Free Image Viewer","company":"zxt2007.com","version":"4.0.2","lastKnownStatus":"4.0.2","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-10-17T16:52:40.5769846+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":488},{"violations":{"ACR-003":"The application exaggerates the identified issues with an alarming red color. The overall exaggerated scanning result leads misleading urgency for the user to take action fixing the identified issues.\n","ACR-004":"The app uses alarming pattern for scanning result, raising unnecessary urgency for fixing the issues.\n","ACR-007":"The app does not obtain informed consent before disabling build in security process Windows Defender process in the startup manager.\n","ACR-014":"The application uses the word \"problem\" and uses the color red to increase the urgency for non-urgent \"issues\", thereby misleading or scaring users to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose the Privacy policy during the installation.\nThe app does not disclose the EULA and Privacy policy in the app's about page.\n","ACR-099":"The app does not disclose uninstall information in the app's about page.\nThe app does not disclose the uninstall information in the landing page.\n","ACR-035":"The app needs to disclose the App's name to the consumer in all the docs.\n","ACR-166":"The app does not disclose the license period to the consumer in the internal offers. \n","ACR-171":"The app does not disclose whether the payment is recurring or not.\n","ACR-014":"The app uses the word \"error\" and uses outdated images in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer 18\\WO18.exe","companyName":"","productName":"Ashampoo WinOptimizer 18","productVersion":"18.0.0.0","fileVersion":"18.0.0.0","hashMD5":"cde441399533e352ab8df645a506b37e","hashSHA1":"19600cd50c75d337e5c80a4551e785b53a063b1c","hashSHA256":"9cd028eb84173709211827c95a488425adcc87edd239f99f656ac360de9cf4e9","digitalCertThumbprint":"0B270BA6C87E439FECE3CFA363C0E2C7804C2870","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2430","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ashampoo_winoptimizer_18_18.00.12_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo WinOptimizer 18                                    ","productVersion":"18.00.12                                          ","fileVersion":"18.00.12            ","hashMD5":"8783e66831ebd8bc5923fdf9122d4d39","hashSHA1":"e3eacc8e6290e65f7180d6103354f99ab69364b8","hashSHA256":"fd1b3f633d23e8beca0f6c90e33d252ff950dcb8053cdfe9a7e09189137596c2","digitalCertThumbprint":"0B270BA6C87E439FECE3CFA363C0E2C7804C2870","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2430","avBlockList":["Avira Internet Security (20200519)","ESET Internet Security (20200519)","G DATA INTERNET SECURITY (20200519)","K7 Total Security (20200519)","Malwarebytes Premium (20200519)","McAfee Total Protection (20200519)","Norton Security (20200519)","Panda Dome (20200519)","Quick Heal Internet Security (20200519)","SpyHunter5 (20200519)","Total AV Antivirus Pro (20200519)","VirIT eXplorer PRO (20200519)","Webroot SecureAnywhere (20200519)","Windows Defender (20200519)"],"avAllowList":["360 Total Security (20200519)","Avast Premium Security (20200519)","AVG Internet Security (20200519)","Bitdefender Internet Security (20200519)","COMODO Antivirus (20200519)","Dr.Web Security Space (20200519)","Kaspersky Internet Security (20200519)","Sophos Home Premium (20200519)","Tencent PC Manager (20200519)","Trend Micro Internet Security (20200519)","VIPRE Advanced Security (20200519)"]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate monitor \"https://www.speedupnew.com/\"","reference":"","landingPage":"https://www.ashampoo.com/en/usd/pin/5606/system-software/winoptimizer-17","directDownloadingLink":"https://www.ashampoo.com/en/usd/dld/5606/winoptimizer-17/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashampoo.com/en/usd/dld/5606/winoptimizer-17/","sourceIndex":"2430"}],"sampleFiles":["200511/AshampooWinoptimizer-200508/18.00.12/Samples/ashampoo_winoptimizer_18_18.00.12_sm.exe"],"imageFiles":["200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-004/ACR-004_Software_MisleadingColors.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-003/ACR-003_Software_MisleadingColors.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-007/ACR-007_Software_NoAlerts.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-014/ACR-014_Software_MisleadingColors.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-014/ACR-014_Software_NoProblemsFound.jpg"],"nonDeceptorImageFiles":["200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-065/ACR-065_Software_NoEula&PrivacyPolicy.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-099/ACR-099_Software_NoUninstall_Information.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-035/ACR-035_Docs_NoAppName.jpg","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Information.JPG","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-014/ACR-014_Landingpage_OutdatedImages.jpg","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-014/ACR-014_Landingpage_UseWordsError.jpg","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-166/ACR-166_InternalOffers_NoLicensePeriod.jpg","200511/AshampooWinoptimizer-200508/18.00.12/Images/ACR-171/ACR-171_InternalOffers_NoRecurringDetail.jpg"],"guid":"644e3e19-bb43-4c49-875e-6b52b6dfff11_18.00.12_1","appID":"AshampooWinoptimizer-200508","dateAdded":"241017","deceptorType":"App","name":"AshampooWinoptimizer","company":"Ashampoo","version":"18.00.12","sigName":"Deceptor:Win32/AshampooWinoptimizer!004003007014","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":487},{"violations":{"ACR-004":"1. The scan results are displayed using different colors (blue and green), which creates unnecessary urgency. If the app must use a traffic light color like green to indicate a clear scan, it shouldn't be combined with any other colors. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ashampoo_winoptimizer_27_27.00.03_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","fileVersion":"27.0","hashMD5":"cc5d8fbaa71d045578b0e92c64f6012b","hashSHA1":"8d99c7672983edacc401f5c8d3643ff56b0fae76","hashSHA256":"dd309a04973a356a1841960f1a2031c85e4ff4d69af17cce767c2423a6f3d2de","digitalCertThumbprint":"A9968551067DC73A210FBA0C5E7CADD0D059F09A","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admins@ashampoo.com, CN=Ashampoo GmbH & Co. KG, O=Ashampoo GmbH & Co. KG, STREET=Schafjückenweg 2, L=Rastede, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRA 3618, OID.2.5.4.15=Private Organization","sourceIndex":"506","avBlockList":["Dr.Web Security Space (20241231)","FortectPremium (20241231)","Panda Dome (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","ESET Internet Security (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Quick Heal Internet Security (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","Windows Defender (20241231)"]},{"isRevoked":"False","fileName":"WO27.exe","fileVersion":"27.0","hashMD5":"339a15fd7fa4f2da255cd1392065f16c","hashSHA1":"ad513bede41f6b641d4fbbb3e173a1f962a4e118","hashSHA256":"df2124b9fc71afb05b59c54a2ec341f62291e89cc37a90af8088eaa567a78a0b","digitalCertThumbprint":"A9968551067DC73A210FBA0C5E7CADD0D059F09A","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admins@ashampoo.com, CN=Ashampoo GmbH & Co. KG, O=Ashampoo GmbH & Co. KG, STREET=Schafjückenweg 2, L=Rastede, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRA 3618, OID.2.5.4.15=Private Organization","sourceIndex":"506","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate monitor \"https://www.speedupnew.com/\"","reference":"","landingPage":"https://www.ashampoo.com/de-de/winoptimizer","directDownloadingLink":"https://cdn1.ashampoo.net/ashampoo/6906/ashampoo_winoptimizer_27_27.00.03_sm.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn1.ashampoo.net/ashampoo/6906/ashampoo_winoptimizer_27_27.00.03_sm.exe","sourceIndex":"506"}],"sampleFiles":["241017/AshampooWinoptimizer-200508/27.0.3.0/Samples/ashampoo_winoptimizer_27_27.00.03_sm.exe","241017/AshampooWinoptimizer-200508/27.0.3.0/Samples/WO27.exe"],"imageFiles":["241017/AshampooWinoptimizer-200508/27.0.3.0/Images/ACR-004/ACR-004_Software_1.png","241017/AshampooWinoptimizer-200508/27.0.3.0/Images/ACR-004/notif.gif","241017/AshampooWinoptimizer-200508/27.0.3.0/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"644e3e19-bb43-4c49-875e-6b52b6dfff11_27.0.3.0_1","appID":"AshampooWinoptimizer-200508","dateAdded":"241017","deceptorType":"App","name":"AshampooWinoptimizer","company":"Ashampoo","version":"27.0.3.0","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2024-10-18T20:46:20.7598695+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":485},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup of its own. \n","ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-103":"Unable to verify the app's value proposition as it couldn't be launched instead it only displays an \"Update\" prompt whenever the app is attempted to launch.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user. \n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.  \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for all its dropped components.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Cleaner Free\\Disk Cleaner Free Update.exe","companyName":"","productName":"","productVersion":"2.1.1.2","fileVersion":"2.1.1.2","hashMD5":"a243e6bf83ed4a25519567eb6bb552d7","hashSHA1":"aa1b4d758ba8dbc5f31324d4ac897a2f12078c1d","hashSHA256":"38b492f6bf957bfe6f4cfce9743bff66f32c0a0befa65a6e4b4da70bb5b51ccc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Cleaner Free\\DiskCleanerFree.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"18273b4521b0adff0f1c1695fd7c6b9a","hashSHA1":"e8901e347cde27a478a2813b8b551ea86279a2d0","hashSHA256":"12c0deaaea844e593e116468a211f19b8735a7cf8d4879354575c19497981082","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Cleaner Free\\DiskCleanerFree2.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"092ae606f0847edf1215b8223ac238af","hashSHA1":"cc96370aa0a2e0bb84da435a09175a65079ab8c1","hashSHA256":"90dafd8716df635be5c3fd8dba9cfe54febcab2c742b36f33896ea24b104bbd9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Cleaner Free\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskCleanerFree.exe","isInstaller":"True","companyName":"WareTorch Co. Ltd.                                         ","productName":"Disk Cleaner Free                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1723d7b5356cdfbfbdd56d87d211cd0f","hashSHA1":"23fd3df51bf2e63a761eb64ac47bf222a1a4f595","hashSHA256":"e2562ab8b2ca7c09e6f7098fdc19b863de0396c1252329048c3b50bd3aaabae7","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"510","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220609)"]},{"isRevoked":"False","fileName":"DiskCleanerFree_241016.exe","isInstaller":"True","companyName":"WareTorch Co., Ltd.                                         ","fileVersion":"0.0","hashMD5":"798f51679bf691ab94dd4eb80ac728fc","hashSHA1":"126718b49781d44d586bd514318825f70d0e6e17","hashSHA256":"3ccf9aeb620878036a59f9bb8a2a9591212ccec219f07f70ee0cb5d197c8cdcc","sourceIndex":"510","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)"],"avAllowList":["Windows Defender (20241231)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Windows app","reference":"","landingPage":"http://www.disk-cleaner.net/","directDownloadingLink":"http://disk-cleaner.net/DiskCleanerFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://disk-cleaner.net/DiskCleanerFree.exe","sourceIndex":"510"}],"sampleFiles":["241017/diskcleanerfree-220530/8.8.2.4/Samples/DiskCleanerFree.exe","241017/diskcleanerfree-220530/8.8.2.4/Samples/DiskCleanerFree_241016.exe"],"imageFiles":["241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-047/ACR-047_Install.mp4","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-083/ACR-083_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-083/ACR-083_Software_1.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-084/ACR-084_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-103/ACR-103_Software.mp4","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-048/ACR-048_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-048/ACR-048_Software_1.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-014/ACR-014_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-014/ACR-014_Software_1.mp4","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-118/ACR-118_Uninstall.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-122/ACR-122_Uninstall.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-092/ACR-092_Software.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-092/ACR-092_Software_1.JPG","241017/diskcleanerfree-220530/8.8.2.4/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"7755567a-269b-43fe-910c-cabedeb5a1b3_8.8.2.4_1","appID":"diskcleanerfree-220530","dateAdded":"241017","deceptorType":"App","name":"Disk Cleaner Free","company":"WareTorch Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-17T16:51:17.7654532+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":473},{"violations":{"ACR-048":"The app does not provide any control to exit the live tuner, it runs silently in the background without any notification.\n","ACR-003":"The application exaggerates the identified issues with a alarming red color. The overall exaggerated scanning result leads misleading urgency for the user to take action fixing the identifies issues.\n","ACR-004":"The app uses alarming pattern raise urgency to fix the issues reported\n\n","ACR-007":"The app does not obtain informed consent before disabling build in security process Windows Defender process in the startup manager.\n","ACR-084":"The app runs silently in the background after user close the app, hiding the fact that it is active from the consumer.\n\n","ACR-014":"The application uses the color red to increase the urgency for non-urgent \"issues\", thereby misleading or scaring users to take action.\n","ACR-059":"The offer is not marked as optional Offer, the recommended by \"who\" is not clear. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose the Privacy policy during the installation.\nThe app does not disclose the EULA and Privacy policy in the app's about page.\n","ACR-099":"The app does not disclose uninstall information in the app's about page.\nThe app does not disclose the uninstall information in the landing page.\n","ACR-035":"The app needs to disclose the App's name to the consumer in all the docs.\n","ACR-054":"The app needs to provide equal prominence to \"Install\" and \"RemindMeLater/NoThanks\" buttons in the offer.\n","ACR-017":"The app elevates its consumer trust level by displaying the unverifiable logo.\n","ACR-014":"The app uses the word \"error\" and uses outdated videos in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer 17\\WO17.exe","companyName":"","productName":"Ashampoo WinOptimizer 17","productVersion":"17.0.0.0","fileVersion":"17.0.0.0","hashMD5":"ae7073e13acf4b84bd19971e8919e90f","hashSHA1":"0c622622d53bd359f52f63aafc8895c013c1f2e6","hashSHA256":"5bfea0318538ae2f611d9261295cce748dd09db72c2aed6bea84a7f7c47e7d88","digitalCertThumbprint":"CBBD0EB04FCABCC8B486D4B20B3CF3B6CF656675","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2429","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ashampoo_winoptimizer_17_17.00.25_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo WinOptimizer 17                                    ","productVersion":"17.00.25                                          ","fileVersion":"17.00.25            ","hashMD5":"d13ebeb15939ac8bc7deca6137ec73a1","hashSHA1":"04884b8db8ab7651da9c7dab94e0955e4b6a558a","hashSHA256":"ed1cfef40b086678276f8189c1d8eb63375beec2666c963e978a14a46c582d3b","digitalCertThumbprint":"CBBD0EB04FCABCC8B486D4B20B3CF3B6CF656675","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Ashampoo GmbH & Co. KG","storeId":"","sourceIndex":"2429","avBlockList":["Avira Internet Security (20200519)","ESET Internet Security (20200519)","K7 Total Security (20200519)","Malwarebytes Premium (20200519)","McAfee Total Protection (20200519)","Norton Security (20200519)","Panda Dome (20200519)","SpyHunter5 (20200519)","Total AV Antivirus Pro (20200519)","VirIT eXplorer PRO (20200519)","Webroot SecureAnywhere (20200519)","Windows Defender (20200519)"],"avAllowList":["360 Total Security (20200519)","Avast Premium Security (20200519)","AVG Internet Security (20200519)","Bitdefender Internet Security (20200519)","COMODO Antivirus (20200519)","Dr.Web Security Space (20200519)","G DATA INTERNET SECURITY (20200519)","Kaspersky Internet Security (20200519)","Quick Heal Internet Security (20200519)","Sophos Home Premium (20200519)","Tencent PC Manager (20200519)","Trend Micro Internet Security (20200519)","VIPRE Advanced Security (20200519)"]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate monitor \"https://www.speedupnew.com/\"","reference":"","landingPage":"https://www.ashampoo.com/en/usd/pin/5606/system-software/winoptimizer-17","directDownloadingLink":"https://www.ashampoo.com/en/usd/dld/5606/winoptimizer-17/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashampoo.com/en/usd/dld/5606/winoptimizer-17/","sourceIndex":"2429"}],"sampleFiles":["200511/AshampooWinoptimizer-200508/17.0.25/Samples/ashampoo_winoptimizer_17_17.00.25_sm.exe"],"imageFiles":["200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-004/ACR-004_Software_Colors.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-004/ACR-004_Software_Colors1.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-084/ACR-084_Software_RunningInBackground.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-048/ACR-048_Software_NoControlToLiveTuner.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-007/ACR-007_Software_NoAlerts.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-059/ACR-059_InlineOffers_NoDetails.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-003/ACR-003_Software_MisleadingColors.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-014/ACR-014_Software_MisleadingColors.JPG"],"nonDeceptorImageFiles":["200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-065/ACR-065_Software_NoEULA&PrivacyPolicy.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-035/ACR-035_Docs_NoAppName.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-014/ACR-014_Landingpage_OudatedVideos.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-014/ACR-014_Landingpage_WordError.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-017/ACR-017_Landingpage_UnableToVerifyLogo.JPG","200511/AshampooWinoptimizer-200508/17.0.25/Images/ACR-054/ACR-054_InlineOffers_NoEqualProminence.JPG"],"guid":"644e3e19-bb43-4c49-875e-6b52b6dfff11_17.0.25_1","appID":"AshampooWinoptimizer-200508","dateAdded":"241017","deceptorType":"App","name":"AshampooWinoptimizer","company":"Ashampoo","version":"17.0.25","sigName":"Deceptor:Win32/AshampooWinOptimizer!004084048007059003014","firstResolvedVersion":"","lastKnownStatus":"","lastKnownDate":"241017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":486},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"MP4MediaPlayerSetup.exe (Installer)\" and \"MP4 Media Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MP4 Media Player\\MP4 Media Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3bcee7609519155b6646b2891922aee0","hashSHA1":"2efc759ae97b90f309daea58e22c97304590245f","hashSHA256":"99208e8695a42aee248dc1c7daf1572622392939f60717b7c861a7738b414ff9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"513","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP4MediaPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MP4 Media Player                                            ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"bca82784075895c784e7fd6db8c9c7a9","hashSHA1":"5b79579a70feb578b4513340078d73351c629b14","hashSHA256":"81ece417545bffaafca3e63be53d3802b7f4f29fef1a4e28ff870ef7d3cf5515","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"513","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220602)","Trend Micro Internet Security (20250109)"]},{"isRevoked":"False","fileName":"MP4MediaPlayerSetup_241010.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","fileVersion":"1.0","hashMD5":"a10ad52530ba9f7db182763f51c4885b","hashSHA1":"0c5bffd8cb5604843d173378ff421802b4a73d02","hashSHA256":"b510d28e8ccaa9248c6c8d8cc159c8f0ddd85ac5ae6ab4e8f7bc4e16e796bdde","sourceIndex":"513","avBlockList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","G DATA INTERNET SECURITY (20241226)","K7 Total Security (20241226)","KasperskyPremium (20241226)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Panda Dome (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","Quick Heal Internet Security (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://www.vsevensoft.com/mp4-media-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/MP4MediaPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/MP4MediaPlayerSetup.exe","sourceIndex":"513"}],"sampleFiles":["241011/mp4mediaplayer-220525/1.0.1/Samples/MP4MediaPlayerSetup.exe","241011/mp4mediaplayer-220525/1.0.1/Samples/MP4MediaPlayerSetup_241010.exe"],"imageFiles":["241011/mp4mediaplayer-220525/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-118/ACR-118_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-118/ACR-118_2.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-118/ACR-118_3.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-057/ACR-057_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-059/ACR-059_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-071/ACR-071_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241011/mp4mediaplayer-220525/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-092/ACR-092_1.JPG","241011/mp4mediaplayer-220525/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"5a7d1dcc-21ea-4249-8097-fd229dc2e121_1.0.1_1","appID":"mp4mediaplayer-220525","dateAdded":"241011","deceptorType":"App","name":"MP4 Media Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"241011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-11T21:50:23.229562+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":490},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"MPEGPlayerSetup.exe (Installer)\" and \"MPEG Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MPEG Player\\MPEG Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"001d59a2e809186aa7d07d8ab595d993","hashSHA1":"3f266e73d76e5f45f0231dfabedc2734a22ea833","hashSHA256":"2a00556562dcb58b985b50651c275e8a71f7d6979dd00a415750ed3df97b339c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MPEGPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MPEG Player                                                 ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"df995431585afb4e276dd9b3e1b17d33","hashSHA1":"65a76b139cea25eca4a0f4b7104c31a31d24b007","hashSHA256":"074ce5cd0f71116ee66cc76e17135b1c51ddf15e773e4f8dd580cfc0e5204a1f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"512","avBlockList":["360 Total Security (20250109)","Avast Premium Security (20250109)","AVG Internet Security (20250109)","Avira Internet Security (20250109)","Bitdefender Internet Security (20250109)","COMODO Antivirus (20250109)","Dr.Web Security Space (20250109)","ESET Internet Security (20250109)","G DATA INTERNET SECURITY (20250109)","K7 Total Security (20250109)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20250109)","McAfee Total Protection (20250109)","Norton Security (20250109)","Panda Dome (20250109)","Quick Heal Internet Security (20250109)","Sophos Home Premium (20250109)","SpyHunter5 (20250109)","Total AV Antivirus Pro (20250109)","Trend Micro Internet Security (20250109)","VIPRE Advanced Security (20250109)","VirIT eXplorer PRO (20250109)","Webroot SecureAnywhere (20250109)","Windows Defender (20250109)","FortectPremium (20250109)","KasperskyPremium (20250109)"],"avAllowList":["Tencent PC Manager (20220602)"]},{"isRevoked":"False","fileName":"MPEGPlayerSetup_241010.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","fileVersion":"1.0","hashMD5":"752ba05959779dd9fca8e481df11d38b","hashSHA1":"48ab067a4185897126492262f20db11771efdc78","hashSHA256":"da20b617e3d4012655e2ab6e5a062133a3ba6d24d284bf4db1ad8966ba81d236","sourceIndex":"512","avBlockList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","G DATA INTERNET SECURITY (20241226)","K7 Total Security (20241226)","KasperskyPremium (20241226)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Panda Dome (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)"],"avAllowList":["Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","Quick Heal Internet Security (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","Windows Defender (20241226)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant knowledge related apps","reference":"","landingPage":"https://www.vsevensoft.com/mpeg-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/MPEGPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/MPEGPlayerSetup.exe","sourceIndex":"512"}],"sampleFiles":["241011/mpegplayer-220525/1.0.1/Samples/MPEGPlayerSetup.exe","241011/mpegplayer-220525/1.0.1/Samples/MPEGPlayerSetup_241010.exe"],"imageFiles":["241011/mpegplayer-220525/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-118/ACR-118_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-118/ACR-118_2.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-118/ACR-118_3.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-057/ACR-057_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-059/ACR-059_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-071/ACR-071_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["241011/mpegplayer-220525/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-092/ACR-092_1.JPG","241011/mpegplayer-220525/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"0ab2bc76-9698-45ae-aa62-d9fc1cec4153_1.0.1_1","appID":"mpegplayer-220525","dateAdded":"241011","deceptorType":"App","name":"MPEG Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"241011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-11T21:52:31.5471038+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":489},{"violations":{"ACR-043":"App installs 3rd party components such as ffpmeg without disclosing to the user.\n","ACR-003":"App shows free scan results but does not allow the user to substantiate the claims by requiring a subscription in order to view the file paths of the scan results.\n","ACR-004":" App shows free scan results but does not allow user to implement a fix (delete the duplicate files) for free. Instead, it prompts user to pay for a subscription.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"KSDuplicateRemoverIns_031_205.exe","isInstaller":"True","companyName":"Kingshiper","fileVersion":"2.0","hashMD5":"58d355e7ded748f1217e150bfeafa284","hashSHA1":"195e77a0b8a412d40592a1a28f04b7d5f6100ded","hashSHA256":"d458660127c2a947f2854c2d4f8aaee52fc4f2066221f1a29ce8f826e6ddf945","digitalCertThumbprint":"CF714365888F38D1C93AC47AD846AC92087134F7","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", O=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", L=Huizhou, S=Guangdong Province, C=CN, SERIALNUMBER=91441302MA4X2E1MX8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Huizhou, OID.1.3.6.1.4.1.311.60.2.1.2=Guangdong Province, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"514","avBlockList":["ESET Internet Security (20241219)","K7 Total Security (20241219)","Malwarebytes Premium (20241219)","Norton Security (20241024)","Panda Dome (20241219)","Sophos Home Premium (20241219)","SpyHunter5 (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)"],"avAllowList":["360 Total Security (20241219)","Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","Bitdefender Internet Security (20241219)","COMODO Antivirus (20241219)","Dr.Web Security Space (20241219)","G DATA INTERNET SECURITY (20241219)","KasperskyPremium (20241219)","McAfee Total Protection (20241219)","Quick Heal Internet Security (20241219)","Total AV Antivirus Pro (20241219)","Trend Micro Internet Security (20241219)","VIPRE Advanced Security (20241219)","Windows Defender (20241219)","FortectPremium (20241219)"]},{"isRevoked":"False","fileName":"KSDuplicateRemover.exe","companyName":"Kingshiper Software Co., Ltd.","fileVersion":"2.0","hashMD5":"36763da3d4af5c20d6ef3cf97ee8d1ac","hashSHA1":"a35c2a6ec1b49e179f277d9fe7dadc7465a02245","hashSHA256":"0db3949ee7e33acf4ebad2869354495db52e9004854f070d487f97784ed307fe","digitalCertThumbprint":"CF714365888F38D1C93AC47AD846AC92087134F7","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", O=\"Jiangxia Information Technology (Huizhou) Co., Ltd.\", L=Huizhou, S=Guangdong Province, C=CN, SERIALNUMBER=91441302MA4X2E1MX8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Huizhou, OID.1.3.6.1.4.1.311.60.2.1.2=Guangdong Province, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"514","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"generic version of Microsoft store app","reference":"","landingPage":"https://www.kingshiper.com/filedeleter","ipv4":"","ipv6":"","sourceIndex":"514"}],"sampleFiles":["241009/Kingshiperduplicateremover-241009/2.0.5/Samples/KSDuplicateRemoverIns_031_205.exe","241009/Kingshiperduplicateremover-241009/2.0.5/Samples/KSDuplicateRemover.exe"],"imageFiles":["241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-043/ffmpeg.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-004/ACR-004.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-004/Scan Results.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-004/subscriptions.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-003/ACR-004.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-003/Scan Results.png","241009/Kingshiperduplicateremover-241009/2.0.5/Images/ACR-003/subscriptions.png"],"nonDeceptorImageFiles":[],"guid":"9f21c962-d195-424d-847b-a6b70807885b_2.0.5_1","appID":"Kingshiperduplicateremover-241009","dateAdded":"241009","deceptorType":"App","name":"Kingshiper Duplicate Remover","company":"Jiangxia Information Technology (Huizhou) Co., Ltd.","version":"2.0.5","lastKnownStatus":"2.0.5","lastKnownDate":"241009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-09T20:26:24.470163+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":493},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Attention!\" in red/white colors thereby misleading or scaring the user to take action. The app also exaggerated the number of registry errors found and unsubstantiated damage level. \n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy\nThe app does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n","ACR-099":"The app does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"RegCleaner.exe","companyName":"Pointstone Software, LLC","fileVersion":"4.0","hashMD5":"397466d1a5415ff5b572c4d1f350bedf","hashSHA1":"abd8d838766ec76f74d813ddc866e2879b56abaf","hashSHA256":"3cb87e39c8a354de769dd9d50ea854bf4bd9f8be62a0e45fd39d70ae6815eae0","digitalCertThumbprint":"D3AEAF31BFB155F473C45FC90BE0DBDA71DD1629","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Pointstone Software, LLC\", O=\"Pointstone Software, LLC\", STREET=\"2915 Ogletown Road, #342\", L=Newark, S=DE, PostalCode=19713, C=US","sourceIndex":"1603","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryCleanerSetup.exe","isInstaller":"True","companyName":"Pointstone Software, LLC","fileVersion":"4.0","hashMD5":"c1105b1ac104c8e2052b3b1dd650d28c","hashSHA1":"1ad58eb4b14a925f36a5ae8b30b9741fe9e2d474","hashSHA256":"4d8101e407dcdcd7f3dcc82d6fce4768fe2489e7dbea8b189f76c02e26498b56","digitalCertThumbprint":"D3AEAF31BFB155F473C45FC90BE0DBDA71DD1629","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Pointstone Software, LLC\", O=\"Pointstone Software, LLC\", STREET=\"2915 Ogletown Road, #342\", L=Newark, S=DE, PostalCode=19713, C=US","sourceIndex":"1603","avBlockList":["Avast Premium Security (20220602)","AVG Internet Security (20220602)","Avira Internet Security (20220602)","Bitdefender Internet Security (20220602)","Dr.Web Security Space (20220602)","ESET Internet Security (20220602)","G DATA INTERNET SECURITY (20220602)","K7 Total Security (20220602)","Malwarebytes Premium (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Quick Heal Internet Security (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","VIPRE Advanced Security (20220602)","VirIT eXplorer PRO (20220602)","Webroot SecureAnywhere (20220602)","Windows Defender (20220602)"],"avAllowList":["360 Total Security (20220602)","COMODO Antivirus (20220602)","Kaspersky Internet Security (20220602)","Panda Dome (20220602)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Registry Cleaner","reference":"https://www.pointstone.com","landingPage":"https://www.pointstone.com/products/registrycleaner/","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"1603"}],"sampleFiles":["220519/RegistryCleaner-200914/4.0.1.110/Samples/RegCleaner.exe","220519/RegistryCleaner-200914/4.0.1.110/Samples/RegistryCleanerSetup.exe"],"imageFiles":["220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-003/RegistryCleaner_Interactions [2].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-003/RegistryCleaner_Interactions [1].png"],"nonDeceptorImageFiles":["220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegCleaner_Installs [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Install [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Install [2].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Install [4].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Install [5].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_About [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-065/RegistryCleaner_Interactions [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-099/RegistryCleaner_About [1].png","220519/RegistryCleaner-200914/4.0.1.110/Images/ACR-161/RegistryCleaner_LandingPage [2].png"],"guid":"095f0bdc-7a72-46f2-a8d3-d816f5934230_4.0.1.110_1","appID":"RegistryCleaner-200914","dateAdded":"241009","deceptorType":"App","name":"Registry Cleaner","company":"Pointstone Software, LLC","version":"4.0.1.110","lastKnownStatus":"4.2.0.150","lastKnownDate":"241009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-10-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":492},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Attention!\" and error in red/white colors thereby misleading or scaring the user to take action. The app also exaggerated the number of registry errors found and unsubstantiated damage level. \n","ACR-004":"The app exaggerates urgency using words like \"Attention!\" and error in red/white colors thereby misleading or scaring the user to take action. The app also exaggerated the number of registry errors found and unsubstantiated damage level. \n","ACR-014":"The app exaggerates urgency using words like \"Attention!\" and error in red/white colors thereby misleading or scaring the user to take action. The app also exaggerated the number of registry errors found and unsubstantiated damage level. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Pointstone\\Registry Cleaner 4\\RegCleaner.exe","companyName":"Pointstone Software LLC","productName":"Registry Cleaner","productVersion":"","fileVersion":"4.2.0.150","hashMD5":"cf408e679379746ca326b831565c855e","hashSHA1":"ff54835bcd9e0416ccef91ae874913ce3ba5dc08","hashSHA256":"8e944f455e1211fdcd2ca48a5f81f77d2576475a0e15d7dbf39fcf87b46d9165","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"515","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"registry_cleaner_setup.exe","isInstaller":"True","companyName":"Pointstone Software LLC","productName":"Registry Cleaner","productVersion":"","fileVersion":"4.2.0.150","hashMD5":"4b50757c5066ed14c5abdaa30e3e6169","hashSHA1":"8239f896fafe481959e13a5e4a0d7520da0c9f43","hashSHA256":"cdcfbbc07db7b171eb57085065375f55bf9549f05d75b4fc759528759ef4f032","digitalCertThumbprint":"C5F2BEC5FC04DD795CE1B9E489037D8C6CF1600C","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Pointstone Software LLC","storeId":"","sourceIndex":"515","avBlockList":["Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","Bitdefender Internet Security (20241219)","Dr.Web Security Space (20241219)","ESET Internet Security (20241219)","G DATA INTERNET SECURITY (20241219)","Malwarebytes Premium (20241219)","McAfee Total Protection (20241219)","Norton Security (20241219)","Panda Dome (20241219)","Sophos Home Premium (20241219)","SpyHunter5 (20241219)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20241219)","VIPRE Advanced Security (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)","Windows Defender (20241219)","FortectPremium (20241219)","KasperskyPremium (20241219)"],"avAllowList":["360 Total Security (20241219)","COMODO Antivirus (20241219)","K7 Total Security (20241219)","Kaspersky Internet Security (20200928)","Quick Heal Internet Security (20241219)","Trend Micro Internet Security (20241219)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.pointstone.com/products/registrycleaner/","directDownloadingLink":"https://www.pointstone.com/products/registrycleaner/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pointstone.com/products/registrycleaner/download/","sourceIndex":"515"}],"sampleFiles":["241009/RegistryCleaner-200914/4.2.0.150/Samples/registry_cleaner_setup.exe"],"imageFiles":["241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-004/ACR-004.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-004/ACR-004_1.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-003/ACR-003.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-003/ACR-003_1.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-014/ACR-014.PNG","241009/RegistryCleaner-200914/4.2.0.150/Images/ACR-014/ACR-014_1.PNG"],"nonDeceptorImageFiles":[],"guid":"095f0bdc-7a72-46f2-a8d3-d816f5934230_4.2.0.150_1","appID":"RegistryCleaner-200914","dateAdded":"241009","deceptorType":"App","name":"Registry Cleaner","company":"Pointstone Software, LLC","version":"4.2.0.150","lastKnownStatus":"4.2.0.150","lastKnownDate":"241009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-10-09T18:55:56.0869156+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":491},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. It also runs the \"vidnotifier.exe\" process and creates a startup.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app's  About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","fileVersion":"6.7","hashMD5":"49251a97d8e942047a9dbee62542bdd4","hashSHA1":"f2c7da4774425a33c307b320096809d99390a5d2","hashSHA256":"51d48cdfe4bdc8db42256ec4587dcf46647d5ba394f520f6908b6ff67438ada5","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1622","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeDownload_4.3.73.420_o_f506180f-128e-4ad1-951d-51919a24a73d.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","fileVersion":"4.3","hashMD5":"28918781697c621b1fdad2f03ee96070","hashSHA1":"d6d8d1ed9e1ed709f114d348a5c1ca9fb4ca0921","hashSHA256":"ff8a3261cdb89082464a47928a8e68702393f7a7b81187414dffe7984ffb7600","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1622","avBlockList":["360 Total Security (20220517)","Avira Internet Security (20220517)","Dr.Web Security Space (20220517)","K7 Total Security (20220517)","McAfee Total Protection (20220517)","Norton Security (20220517)","Panda Dome (20220517)","Quick Heal Internet Security (20220517)","Sophos Home Premium (20220517)","SpyHunter5 (20220517)","Total AV Antivirus Pro (20220517)","VirIT eXplorer PRO (20220517)","Webroot SecureAnywhere (20220517)","Windows Defender (20220517)"],"avAllowList":["Avast Premium Security (20220517)","AVG Internet Security (20220517)","Bitdefender Internet Security (20220517)","COMODO Antivirus (20220517)","ESET Internet Security (20220517)","G DATA INTERNET SECURITY (20220517)","Kaspersky Internet Security (20220517)","Malwarebytes Premium (20220517)","Tencent PC Manager (20220517)","Trend Micro Internet Security (20220517)","VIPRE Advanced Security (20220517)"]},{"isRevoked":"False","fileName":"FreeYTVDownloader.exe","companyName":"Digital Wave Ltd","fileVersion":"4.3","hashMD5":"d5096b3f2794ed4fddd4e1441720e5bd","hashSHA1":"b0b649183b5c9dde4b6591caf2c937bf479630b6","hashSHA256":"d1532b70bc4dae223388f18a5f050bb74f1f2160223d069485f08a8f3a0c514d","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1622","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-playlist-downloader","directDownloadingLink":"https://www.dvdvideosoft.com/de/download.htm?fname=FreeYouTubeDownload.exe&ls=topWinPrimaryLeft&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/de/download.htm?fname=FreeYouTubeDownload.exe&ls=topWinPrimaryLeft&auid=true","sourceIndex":"1622"}],"sampleFiles":["220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Samples/FreeStudioManager.exe","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Samples/FreeYouTubeDownload_4.3.73.420_o_f506180f-128e-4ad1-951d-51919a24a73d.exe","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Samples/FreeYTVDownloader.exe"],"imageFiles":["220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-109/FreeStudioManager App.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-039/FreeStudioManager App.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-043/FreeStudioManager App.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-043/VidNotifier Startup.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-048/YTVPlaylist ControlPanel.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-017/YTVPlaylist UAC.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-164/YTDownloader_Offer (2).jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-164/YTDownloader_Offer.jpg"],"nonDeceptorImageFiles":["220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-044/YTVPlaylist Bundle.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-040/FreeStudioManager App.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-065/YTVPlaylist EULA.png","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-065/YTDownloader_EULA.jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-065/YTDownloader_About.jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-065/YTDownloader_LandingPage.jpeg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-099/YTDownloader_About.jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-099/YTDownloader_LandingPage.jpeg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-099/YTDownloader_Offer (2).jpg","220509/FreeYouTubePlaylistDownloader-220203/4.3.73.420/Images/ACR-099/YTDownloader_Offer.jpg"],"guid":"fa72b098-591c-4bdb-9a8c-44fd15820b2d_4.3.73.420_1","appID":"FreeYouTubePlaylistDownloader-220203","dateAdded":"241008","deceptorType":"App","name":"Free  YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"4.3.73.420","lastKnownStatus":"4.3.66.203;4.3.73.420;4.4.12.926","lastKnownDate":"241008","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":497},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-043":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-048":"The app does not provide an option to cancel the installation. \n1. The non-disclosed app components is hidden from standard uninstall entry, limiting the user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n2. The app does not provide any control to remove its background process within the app's settings.\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-084":"1. The non-disclosed app components is hidden from standard uninstall entry.\n2.  On quitting the app, “vidnotifier.exe” runs silently in the background, hiding the fact that it is active from the consumer. \n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-118":"After uninstalling the app, it retains the \"FreeCodecPack\" folder in Program files without the user's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-165":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeDownload_4.4.12.926_u_6e9d0899-6490-4d8b-a663-b154cfe1f079.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Download (sc)                                  ","productVersion":"4.4.12.926                                        ","fileVersion":"4.4.12.926          ","hashMD5":"29cc12862de25a4373714a055817177e","hashSHA1":"a56ef44cfe936cf72ae23bcdd990dd1b39aabdf2","hashSHA256":"479859159e4ef3f3bb56f9d5f81b260095821fd58603dc5f485427e186823b80","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"517","avBlockList":["Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","Dr.Web Security Space (20241219)","FortectPremium (20241219)","K7 Total Security (20241219)","Malwarebytes Premium (20241219)","McAfee Total Protection (20241219)","Norton Security (20241219)","Panda Dome (20241219)","Quick Heal Internet Security (20241219)","Sophos Home Premium (20241219)","SpyHunter5 (20241219)","Total AV Antivirus Pro (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)"],"avAllowList":["360 Total Security (20241219)","Bitdefender Internet Security (20241219)","COMODO Antivirus (20241219)","ESET Internet Security (20241219)","G DATA INTERNET SECURITY (20241219)","KasperskyPremium (20241219)","Trend Micro Internet Security (20241219)","VIPRE Advanced Security (20241219)","Windows Defender (20241219)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-playlist-downloader","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=guideWin&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=guideWin&auid=true","sourceIndex":"517"}],"sampleFiles":["241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Samples/FreeYouTubeDownload_4.4.12.926_u_6e9d0899-6490-4d8b-a663-b154cfe1f079.exe"],"imageFiles":["241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-109/ACR-109.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-039/ACR-039.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-043/ACR-043.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-043/ACR-043_1.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-043/ACR-043_2.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-048/ACR-048.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-048/ACR-048_1.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-048/ACR-048_2.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-017/ACR-017.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-084/ACR-084.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-084/ACR-084_1.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-116/ACR-116.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-118/ACR-118.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-165/ACR-165.PNG","241008/FreeYouTubePlaylistDownloader-220203/4.4.12.926/Images/ACR-165/ACR-165_1.PNG"],"nonDeceptorImageFiles":[],"guid":"fa72b098-591c-4bdb-9a8c-44fd15820b2d_4.4.12.926_1","appID":"FreeYouTubePlaylistDownloader-220203","dateAdded":"241008","deceptorType":"App","name":"Free  YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"4.4.12.926","lastKnownStatus":"4.3.66.203;4.3.73.420;4.4.12.926","lastKnownDate":"241008","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-08T18:02:48.9533726+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":496},{"violations":{"ACR-003":"1. The app mentions System health as Critical or Bad, thus making the consumer believe they have an issue, a problem with, or something missing from their system.\n2. The app lists \" 0 out of 18713 \" items are protected under \"Spyware Defender\" and displays a \"Bad\" status for all the issues under the \"Browser Tuning\" category, which is unsubstantiated & misleading.\n","ACR-004":"1. The app lists \" 0 out of 18713 \" items are protected under \"Spyware Defender\", which is unsubstantiated & misleading and requires a premium version to apply for protection.\n2. The app shows alarming color patterns and displays status as \"Bad\", implies the issues that mislead the user to take action, and does not provide a free fix for the identified issues for \"Browser Tuning\", \"Registry cleaner\" and \"Spyware Defender\" category.\n","ACR-007":"The app does not display any warning message when the Windows security component \"Security Health\" is disabled which will reduce the default system security in the Startup manager within the app.\n","ACR-014":"The app exaggeratedly claims system health conditions as \"Critical\", \"Your PC is in Terrible condition\" and \"You are not Protected\" (although Windows Defender firewall is kept enabled), which misleads users to take action to purchase the app.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not contain links to uninstall information in the software.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Synei\\SystemUtilities\\SystemUtilities.exe","companyName":"Synei","productName":"Synei System Utilities","productVersion":"4.0.0.0","fileVersion":"4.0.0.0","hashMD5":"e91296cb7c3d198640ebfb63080fd9db","hashSHA1":"2dc08cc4d4379c62934c1a69e38692a691d90e9e","hashSHA256":"007dab4f0c1db658a1f061ff52aa1c1e05838b4f8833f0e23dc2f5fec87fb99b","digitalCertThumbprint":"9FEAD635008275136CF135BD8D9D6BE24664A5E8","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Synei","storeId":"","sourceIndex":"1634","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"systemutilities.exe","isInstaller":"True","companyName":"Synei                                                       ","productName":"Synei System Utilities                                      ","productVersion":"4.00                                              ","fileVersion":"Speed up slow comput","hashMD5":"ed31566dff3983f2ed19315c46273d36","hashSHA1":"473cd3ef1ca9d60d84ae10c09716c11b47386776","hashSHA256":"92c39f9dd428428b5925a0e8d8db07a0c897ca95cd21c08b6d88ee28e4a886fd","digitalCertThumbprint":"9FEAD635008275136CF135BD8D9D6BE24664A5E8","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Synei","storeId":"","sourceIndex":"1634","avBlockList":["Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","ESET Internet Security (20220505)","K7 Total Security (20220505)","Kaspersky Internet Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["360 Total Security (20220505)","Bitdefender Internet Security (20220505)","COMODO Antivirus (20220505)","Dr.Web Security Space (20220505)","G DATA INTERNET SECURITY (20220505)","Malwarebytes Premium (20220505)","Quick Heal Internet Security (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)","VIPRE Advanced Security (20220505)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on utility apps","reference":"","landingPage":"https://synei-system-utilities.software.informer.com/","directDownloadingLink":"https://synei-system-utilities.software.informer.com/download/?ca180602","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://synei-system-utilities.software.informer.com/download/?ca180602","sourceIndex":"1634"}],"sampleFiles":["220427/syneisystemutilities-220427/4.0.0.0/Samples/systemutilities.exe"],"imageFiles":["220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-004/ACR-004_Software_No_Fix.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-004/ACR-004_Software_No_Fix_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-004/ACR-004_Software_No_Fix_2.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-003/ACR-003_Software_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-003/ACR-003_Software_2.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-003/ACR-003_Software_No_Fix.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-003/ACR-003_Software_No_Fix_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-007/ACR-007_Install_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-007/ACR-007_Install_2.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-014/ACR-014_Software_1.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-014/ACR-014_Softwrae_2.JPG","220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-014/ACR-014_Software_3.JPG"],"nonDeceptorImageFiles":["220427/syneisystemutilities-220427/4.0.0.0/Images/ACR-099/ACR-099_Software.JPG"],"guid":"726a390c-b4c6-41c5-a03c-e7ac23d056f9_4.0.0.0_1","appID":"syneisystemutilities-220427","dateAdded":"241008","deceptorType":"App","name":"Synei System Utilities","company":"Synei","version":"4.0.0.0","lastKnownStatus":"4.0.0.0;2.10","lastKnownDate":"241008","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":495},{"violations":{"ACR-003":"1. The app mentions System health as Critical or Bad, thus making the consumer believe they have an issue, a problem with, or something missing from their system.\n2. The app lists \" 0 out of 18281 \" items are protected under \"Spyware Defender\" and displays a \"Bad\" status for all the issues under the \"Browser Tuning\" category, which is unsubstantiated & misleading.\n","ACR-004":"1. The app lists \" 0 out of 18281 \" items are protected under \"Spyware Defender\", which is unsubstantiated & misleading and requires a premium version to apply for protection.\n2. The app shows alarming color patterns and displays the status as \"Bad\", implying the issues that mislead the user to take action and do not provide a free fix for the identified issues for the \"Browser Tuning\" and \"Spyware Defender\" categories.\n","ACR-007":"The app does not display any warning message when the Windows security component \"Security Health\" is disabled which will reduce the default system security in the Startup manager within the app.\n","ACR-014":"The app exaggeratedly claims system health conditions as \"Critical\", \"Your PC is in Bad condition\" and \"You are not Protected\" (although Windows Defender firewall is kept enabled), which misleads users to take action to purchase the app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Synei\\SystemUtilities\\SystemUtilities.exe","companyName":"Synei","productName":"Synei System Utilities","productVersion":"2.1.0.0","fileVersion":"2.1.0.0","hashMD5":"dc793b5598d42b06da62f6257e506bec","hashSHA1":"8ed4cc8dd3c89db71f7c16c42b824c525ab53e01","hashSHA256":"836b051518f4cece3e5d10f3bfe9e76c191e1feccac1ff3a37fefa5d4b7b5cab","digitalCertThumbprint":"F443006785E81B7AD7D7000AC89A43E408400769","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Synei","storeId":"","sourceIndex":"516","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"systemutilities.exe","isInstaller":"True","companyName":"Synei                                                       ","productName":"Synei System Utilities                                      ","productVersion":"2.10                                              ","fileVersion":"Speed up slow comput","hashMD5":"5270bf7352c8d3a8f9b257d9f40ece3b","hashSHA1":"94242fee76d343e5496d5ab151ae029488eec3f7","hashSHA256":"041e03df1ee207a5a976f10b77638bb6d55f6086a7d25af40bd8defcb61852a9","digitalCertThumbprint":"F443006785E81B7AD7D7000AC89A43E408400769","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Synei","storeId":"","sourceIndex":"516","avBlockList":["Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","ESET Internet Security (20241219)","FortectPremium (20241219)","Malwarebytes Premium (20241219)","Norton Security (20241219)","Quick Heal Internet Security (20241219)","Sophos Home Premium (20241219)","SpyHunter5 (20241219)","Total AV Antivirus Pro (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)"],"avAllowList":["360 Total Security (20241219)","Bitdefender Internet Security (20241219)","COMODO Antivirus (20241219)","Dr.Web Security Space (20241219)","G DATA INTERNET SECURITY (20241219)","K7 Total Security (20241219)","KasperskyPremium (20241219)","McAfee Total Protection (20241219)","Panda Dome (20241219)","Trend Micro Internet Security (20241219)","VIPRE Advanced Security (20241219)","Windows Defender (20241219)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://synei-system-utilities.software.informer.com/","directDownloadingLink":"https://synei-system-utilities.software.informer.com/download/?cac5d17","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://synei-system-utilities.software.informer.com/download/?cac5d17","sourceIndex":"516"}],"sampleFiles":["241008/syneisystemutilities-220427/2.10/Samples/systemutilities.exe"],"imageFiles":["241008/syneisystemutilities-220427/2.10/Images/ACR-004/ACR-004.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-004/ACR-004_1.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-004/ACR-004_2.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-003/ACR-003.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-003/ACR-003_1.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-003/ACR-003_2.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-003/ACR-003_3.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-007/ACR-007.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-007/ACR-007_1.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-014/ACR-014.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-014/ACR-014_1.PNG","241008/syneisystemutilities-220427/2.10/Images/ACR-014/ACR-014_2.PNG"],"nonDeceptorImageFiles":[],"guid":"726a390c-b4c6-41c5-a03c-e7ac23d056f9_2.10_1","appID":"syneisystemutilities-220427","dateAdded":"241008","deceptorType":"App","name":"Synei System Utilities","company":"Synei","version":"2.10","lastKnownStatus":"4.0.0.0;2.10","lastKnownDate":"241008","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-08T18:10:32.9808822+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":494},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. It also runs the \"vidnotifier.exe\" process and creates a startup.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app's  About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.7.5.203","fileVersion":"6.7.5.203","hashMD5":"b45e24d56ff5f218462b700fb5113934","hashSHA1":"b2a24bb16c7099208387d32615aa5f2d9b967e32","hashSHA256":"65ca6878dd766756d958dd8f03ff3acf764b571c4e3d3549e262e381cdc301d8","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1717","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeDownload_4.3.66.203_o_f232b1c9-1665-4012-aec3-ec8727656dba.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Download","productVersion":"4.3.66.203","fileVersion":"4.3.66.203","hashMD5":"1d7aa2e77857f28e793a3089534d59a9","hashSHA1":"a5c2ba4028562eeb090bc6117ad967743cb7ca42","hashSHA256":"792c8b1aff88b0374ca19d9abb4213d18107e32b1743632901ba0b2a6ba9010d","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1717","avBlockList":["Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","Dr.Web Security Space (20220215)","K7 Total Security (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","Quick Heal Internet Security (20220215)","Sophos Home Premium (20220215)","SpyHunter5 (20220215)","Total AV Antivirus Pro (20220215)","VirIT eXplorer PRO (20220215)","Webroot SecureAnywhere (20220215)","Windows Defender (20220215)"],"avAllowList":["360 Total Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","Kaspersky Internet Security (20220215)","Malwarebytes Premium (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20220215)","VIPRE Advanced Security (20220215)"]},{"isRevoked":"False","fileName":"FreeYTVDownloader.exe","companyName":"Digital Wave Ltd","productName":"Free YouTube Download","productVersion":"4.3.66.203","fileVersion":"4.3.66.203","hashMD5":"975611536e7d347025087c3c880eecd7","hashSHA1":"8ff74fe40b4262402609e5a30389992dbf5dee89","hashSHA256":"4652f49fa0dbb3b2dd962d15de440e816e8bbe9655781a588b3a1df67fc1c62c","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1717","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vidnotifier.exe","companyName":"Digital Wave Ltd","productName":"Video Notifier","productVersion":"1.1.29.203","fileVersion":"1.1.29.203","hashMD5":"0e49ba48f5d9b7b34ee09eaf121e161b","hashSHA1":"f632968a4123d76c2495ebcad53015a584a44a83","hashSHA256":"036992d357e9cbcd9638028bc0f706d542ba23bfd7de3820073e8fd6e6e9f146","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1717","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-playlist-downloader","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=guideWin&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=guideWin&auid=true","sourceIndex":"1717"}],"sampleFiles":["220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Samples/FreeStudioManager.exe","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Samples/FreeYouTubeDownload_4.3.66.203_o_f232b1c9-1665-4012-aec3-ec8727656dba.exe","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Samples/FreeYTVDownloader.exe","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Samples/vidnotifier.exe"],"imageFiles":["220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-109/FreeStudioManager App.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-039/FreeStudioManager App.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-043/FreeStudioManager App.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-043/VidNotifier Startup.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-048/YTVPlaylist ControlPanel.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-017/YTVPlaylist UAC.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-164/YTVPlaylist Offer Page.png"],"nonDeceptorImageFiles":["220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-044/YTVPlaylist Bundle.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-040/FreeStudioManager App.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-065/YTVPlaylist EULA.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-065/YTVPlaylist About.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-065/YTVPlaylistDownloader Landing Page.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-099/YTVPlaylist About.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-099/YTVPlaylistDownloader Landing Page.png","220207/FreeYouTubePlaylistDownloader-220203/4.3.66.203/Images/ACR-099/YTVPlaylist Offer Page.png"],"guid":"fa72b098-591c-4bdb-9a8c-44fd15820b2d_4.3.66.203_1","appID":"FreeYouTubePlaylistDownloader-220203","dateAdded":"241008","deceptorType":"App","name":"Free  YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"4.3.66.203","lastKnownStatus":"4.3.66.203;4.3.73.420;4.4.12.926","lastKnownDate":"241008","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","ageAppropriate":"12+ appropriate","lastUpdate":"2024-10-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":498},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.  \n","ACR-048":"Unable to close the update prompt.\n The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \n","ACR-004":" The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup. \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":" The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Gold Pack\" highlights \"Free\" misleads user. The functionality requires consumer payment as donation in order to be activated. Otherwise app should remove \"free\" word. \n","ACR-002":" The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n","ACR-106":" App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed.\n"},"samples":[{"isRevoked":"False","fileName":"Free Audio Convert Wizard Update.exe","fileVersion":"2.1.1.2","hashMD5":"a243e6bf83ed4a25519567eb6bb552d7","hashSHA1":"aa1b4d758ba8dbc5f31324d4ac897a2f12078c1d","hashSHA256":"38b492f6bf957bfe6f4cfce9743bff66f32c0a0befa65a6e4b4da70bb5b51ccc","sourceIndex":"521","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConvertWizard.exe","fileVersion":"0.0","hashMD5":"8e1fce3fd3f9e33e4608628f90039002","hashSHA1":"8db90ba8daa5839d4afa7902ccd5aab495f0a93f","hashSHA256":"0d6afa1b5e28953301c26e36227769014bb5b897c8c269da5d9806b009ca8025","sourceIndex":"521","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConvertWizard-setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","productName":"Free Audio Convert Wizard         ","fileVersion":"0.0","hashMD5":"2eac4fd7cc5742c2e2b5ee955a730737","hashSHA1":"332d03f44d33c67a460940f9fbbc1989a1cb3271","hashSHA256":"da0ef5962e789ba33124932b235a274b804bf8c9dade1c4615397184264894c5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"521","avBlockList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","ESET Internet Security (20241226)","G DATA INTERNET SECURITY (20241226)","Kaspersky Internet Security (20220531)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Panda Dome (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","VIPRE Advanced Security (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)","Windows Defender (20241226)","FortectPremium (20241226)","KasperskyPremium (20241226)"],"avAllowList":["K7 Total Security (20241226)","Tencent PC Manager (20220531)","Trend Micro Internet Security (20241226)"]},{"isRevoked":"False","fileName":"FreeAudioConvertWizard_241007.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"9ed26e66d41dc758a1be12bf9f959bf0","hashSHA1":"77ef2b1360f9657f9cbf39bd7013c8a4481f62bd","hashSHA256":"7880d606879b4a3c667b12457ae0694948838c587eec56704ef6acdfbfa76849","sourceIndex":"521","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.freeaudiovideosoft.com/audio-software-for-windows/free-audio-converter/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeAudioConvertWizard.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreeAudioConvertWizard.exe","sourceIndex":"521"}],"sampleFiles":["241007/FreeAudioConvertWizard-220520/8.8.0/Samples/FreeAudioConvertWizard.exe","241007/FreeAudioConvertWizard-220520/8.8.0/Samples/FreeAudioConvertWizard-setup.exe","241007/FreeAudioConvertWizard-220520/8.8.0/Samples/FreeAudioConvertWizard_241007.exe"],"imageFiles":["241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-109/FreeAudioCV_RelevantKnowledge-b.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-048/ACR004_048_084-Update.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-048/FreeAudioCV_RelevantKnowledge-b.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-010/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-004/ACR004_048_084-Update.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-004/ACR004_Update.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-083/ACR083-Update.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-118/FreeAudioCV_UNinstall.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-057/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-059/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-071/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-155/FreeAudioCV_RelevantKnowledge-a.jpg"],"nonDeceptorImageFiles":["241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-002/FreeAudioCV_About.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-002/FreeAudioCV_InconsistentVersion.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-106/FreeAudioCV_RelevantKnowledge-a.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-092/ACR092_NoDigiSig_main.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-092/ACR-092_Setup.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-002/FreeAudioCV_About.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-002/FreeAudioCV_InconsistentVersion.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-045/FreeAudioCV_InlineOffer.jpg","241007/FreeAudioConvertWizard-220520/8.8.0/Images/ACR-045/FreeAudioCV_InlineOffer1.jpg"],"guid":"0a223348-fd33-4878-9260-7d87d1746973_8.8.0_1","appID":"FreeAudioConvertWizard-220520","dateAdded":"241007","deceptorType":"App","name":"Free Audio Convert Wizard","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"241007","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,in-app purchases,sold in bundle,none","lastUpdate":"2024-10-07T20:40:03.1266812+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":504},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nUnable to close the update prompt. \n","ACR-004":"The app prompts an untruthful message that update is needed whenever the user launches the app. The \"Update\" does nothing upon clicking.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":" Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Gold Pack\" highlights \"Free\" misleads user. The functionality requires consumer payment as donation in order to be activated. Otherwise app should remove \"free\" word.\n","ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":" The main executable is not digitally signed. \n"},"samples":[{"isRevoked":"False","fileName":"FreeOnlineVideoDownloader.exe","fileVersion":"1.0","hashMD5":"7b4c1dd8d9455d190f00dbced769b5e3","hashSHA1":"cccd71b8c71698c2f1714960e38a93ed3a74b31f","hashSHA256":"12314fc5cc4c5c538280acb39bb28d182751a2c87b6a8f77f1f637306714f13a","sourceIndex":"523","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeOnlineVideoDownloader-setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","productName":"Free Online Video Downloader      ","fileVersion":"0.0","hashMD5":"6e66fd0eb702b256ad81a9bb9e415081","hashSHA1":"6f4856db99cee11f2b9453c358a5e957dd792629","hashSHA256":"dd959706f17bacf9b00ab9dcc250464868fb02bfbc92a5f0c6e00f7b0e98fc5b","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"523","avBlockList":["360 Total Security (20241224)","Avast Premium Security (20241224)","AVG Internet Security (20241224)","Avira Internet Security (20241224)","Bitdefender Internet Security (20241224)","COMODO Antivirus (20241224)","Dr.Web Security Space (20241224)","ESET Internet Security (20241224)","G DATA INTERNET SECURITY (20241224)","K7 Total Security (20241224)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20241224)","McAfee Total Protection (20241224)","Norton Security (20241224)","Panda Dome (20241224)","Quick Heal Internet Security (20241224)","Sophos Home Premium (20241224)","SpyHunter5 (20241224)","Total AV Antivirus Pro (20241224)","Trend Micro Internet Security (20241224)","VIPRE Advanced Security (20241224)","VirIT eXplorer PRO (20241224)","Webroot SecureAnywhere (20241224)","Windows Defender (20241224)","FortectPremium (20241224)","KasperskyPremium (20241224)"],"avAllowList":["Tencent PC Manager (20220526)"]},{"isRevoked":"False","fileName":"FreeOnlineVideoDownloader_241007.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"4542390e310df24a96c8d16148f38ae6","hashSHA1":"7c5256cc640160247d667a1afe0e3aa382e308a8","hashSHA256":"398fd9ff30603106546f3629d51a724358d1d44fe8414f6e3a08ad6746cb934c","sourceIndex":"523","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":["Panda Dome (20241231)","Quick Heal Internet Security (20241231)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.freeaudiovideosoft.com/downloader-for-windows/free-any-online-video-downloader/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeOnlineVideoDownloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreeOnlineVideoDownloader.exe","sourceIndex":"523"}],"sampleFiles":["241007/FreeOnlineVideoDownloader-220518/8.8.0/Samples/FreeOnlineVideoDownloader.exe","241007/FreeOnlineVideoDownloader-220518/8.8.0/Samples/FreeOnlineVideoDownloader-setup.exe","241007/FreeOnlineVideoDownloader-220518/8.8.0/Samples/FreeOnlineVideoDownloader_241007.exe"],"imageFiles":["241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-109/FreeOnlineVideoDloader_RelevantKnowledge(1).jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-048/FreeOnlineVideoDloader_RelevantKnowledge(1).jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-010/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-004/ACR-048_084_FakeUpdate.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-083/ACR-048_084_FakeUpdate.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-048/ACR-004_FakeNotif.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-118/FreeOnlineVideoDloader_Uninstall.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-057/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-059/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-071/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-155/FreeOnlineVideoDloader_RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-002/ACR-002_InconsistentVersion.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-106/FreeOnlineVideoDloader_RelevantKnowledge.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-092/ACR-092_NoDigiSig_main.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-092/ACR-092_NoDigiSig_setup1.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-092/ACR-092_NoDigiSig_setup2.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-002/ACR-002_InconsistentVersion.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-045/FreeOnlineVideoDloader_InlineOffer.jpg","241007/FreeOnlineVideoDownloader-220518/8.8.0/Images/ACR-045/FreeOnlineVideoDloader_Offer.jpg"],"guid":"5da90432-0ad6-43e7-a10c-9bd615a1c1fa_8.8.0_1","appID":"FreeOnlineVideoDownloader-220518","dateAdded":"241007","deceptorType":"App","name":"Free Online Video Downloader","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,in-app purchases,none,cross-sell other apps","lastUpdate":"2024-10-07T20:34:33.0056107+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":503},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation. \n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed.\n","ACR-099":"The app does not display links to uninstall information.\nLanding page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreePCCleaner.exe","productName":"","fileVersion":"0.0","hashMD5":"18273b4521b0adff0f1c1695fd7c6b9a","hashSHA1":"e8901e347cde27a478a2813b8b551ea86279a2d0","hashSHA256":"12c0deaaea844e593e116468a211f19b8735a7cf8d4879354575c19497981082","sourceIndex":"524","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePCCleaner2.exe","fileVersion":"0.0","hashMD5":"08b015a33fb45f75e44a42215e43838f","hashSHA1":"3118ab1ac6dc58bf226dee782c3e4feb1926b58a","hashSHA256":"e2329dae8df129ec972f2788647d79df10795ea36de2d3de7f5441e11ff87efc","sourceIndex":"524","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePCCleaner-setup.exe","isInstaller":"True","companyName":"SoftTop Co., Ltd.                                           ","productName":"Free PC Cleaner  ","fileVersion":"0.0","hashMD5":"bfa0c888133e2c93bed2ac85ba43e18f","hashSHA1":"00fce3f45209b1aaa0afd9c7058bf466c77f29fe","hashSHA256":"2616d62f41a79195dbe3e1c75fbda8fac71f7069bd30f4a7d816d795374a2ff3","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"524","avBlockList":["360 Total Security (20241224)","Avast Premium Security (20241224)","AVG Internet Security (20241224)","Avira Internet Security (20241224)","Bitdefender Internet Security (20241224)","COMODO Antivirus (20241224)","Dr.Web Security Space (20241224)","ESET Internet Security (20241224)","G DATA INTERNET SECURITY (20241224)","K7 Total Security (20241224)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20241224)","McAfee Total Protection (20241224)","Norton Security (20241224)","Panda Dome (20241224)","Quick Heal Internet Security (20241224)","Sophos Home Premium (20241224)","SpyHunter5 (20241224)","Total AV Antivirus Pro (20241224)","Trend Micro Internet Security (20241224)","VIPRE Advanced Security (20241224)","VirIT eXplorer PRO (20241224)","Webroot SecureAnywhere (20241224)","Windows Defender (20241224)","FortectPremium (20241224)","KasperskyPremium (20241224)"],"avAllowList":["Tencent PC Manager (20220526)"]},{"isRevoked":"False","fileName":"FreePCCleaner_241007.exe","isInstaller":"True","companyName":"SoftTop Co., Ltd.                                           ","fileVersion":"0.0","hashMD5":"e249c787def6b629ecab81cd626b7e42","hashSHA1":"30e997dc17b9bf625bd5272aebe33ed7ca65a434","hashSHA256":"3b21bce680e9961f07d4b8720466d6e01c0c34108685d43e95a2e753d6e63de3","sourceIndex":"524","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt search: system cleaner","reference":"","landingPage":"www.free-pc-cleaner.com/","directDownloadingLink":"https://www.free-pc-cleaner.com/installerfile/FreePCCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-pc-cleaner.com/installerfile/FreePCCleaner.exe","sourceIndex":"524"}],"sampleFiles":["241007/FreePCCleaner-220516/8.8.1/Samples/FreePCCleaner.exe","241007/FreePCCleaner-220516/8.8.1/Samples/FreePCCleaner2.exe","241007/FreePCCleaner-220516/8.8.1/Samples/FreePCCleaner-setup.exe","241007/FreePCCleaner-220516/8.8.1/Samples/FreePCCleaner_241007.exe"],"imageFiles":["241007/FreePCCleaner-220516/8.8.1/Images/ACR-109/rksetup.gif","241007/FreePCCleaner-220516/8.8.1/Images/ACR-048/rksetup.gif","241007/FreePCCleaner-220516/8.8.1/Images/ACR-010/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-118/FPC_Uninstall.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-057/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-059/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-071/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-155/ACR010_RelevanKnowledge.jpg"],"nonDeceptorImageFiles":["241007/FreePCCleaner-220516/8.8.1/Images/ACR-106/ACR010_RelevanKnowledge.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-092/ACR092_Vendor_DigiSig(1).jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-092/ACR092_Vendor_DigiSig(3).jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-092/ACR092_Vendor_DigiSig(2).jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-161/Testimonials.jpeg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-099/FPC_About.jpg","241007/FreePCCleaner-220516/8.8.1/Images/ACR-099/LandingPage.jpeg"],"guid":"df381ff5-efc5-4e8f-8413-5b1829dddc21_8.8.1_1","appID":"FreePCCleaner-220516","dateAdded":"241007","deceptorType":"App","name":"Free PC Cleaner","company":"SoftTop Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads,cross-sell other apps","lastUpdate":"2024-10-07T20:27:51.167067+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":502},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to cancel the startup of its own. Unable to close the update prompt.\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":" Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is not consistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\nThe App's version is not consistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The main executable is not digitally signed.\n"},"samples":[{"isRevoked":"False","fileName":"FreePDFConverterUtilities.exe","fileVersion":"1.0","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","sourceIndex":"522","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePDFConverterUtilities-setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","productName":"Free Online Video Downloader ","fileVersion":"0.0","hashMD5":"88ff23bfce09822fb657d8fcc2f5c809","hashSHA1":"784c78a7610e52b6cb02d7eb12bc07b7d33e1d9d","hashSHA256":"a5505760d46bba725734fe8b5f1fa36a3b25b289557c550287a833c8a7b95e1c","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"522","avBlockList":["360 Total Security (20241224)","Avast Premium Security (20241224)","AVG Internet Security (20241224)","Avira Internet Security (20241224)","Bitdefender Internet Security (20241224)","COMODO Antivirus (20241224)","Dr.Web Security Space (20241224)","ESET Internet Security (20241224)","G DATA INTERNET SECURITY (20241224)","K7 Total Security (20241224)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20241224)","McAfee Total Protection (20241224)","Norton Security (20241224)","Panda Dome (20241224)","Quick Heal Internet Security (20241224)","Sophos Home Premium (20241224)","SpyHunter5 (20241224)","Total AV Antivirus Pro (20241224)","Trend Micro Internet Security (20241224)","VIPRE Advanced Security (20241224)","VirIT eXplorer PRO (20241224)","Webroot SecureAnywhere (20241224)","Windows Defender (20241224)","FortectPremium (20241224)","KasperskyPremium (20241224)"],"avAllowList":["Tencent PC Manager (20220526)"]},{"isRevoked":"False","fileName":"FreePDFConverterUtilities_241007.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"8152d22a4a099c199cd5c49c6a718f52","hashSHA1":"54fa99323a7dd7d4772251389995fed9b09e46b1","hashSHA256":"ae87652d176bd395e8c0192f25ec522980ec90cc28bb49b8b5e0ad80217f3ded","sourceIndex":"522","avBlockList":["360 Total Security (20241231)","Avast Premium Security (20241231)","AVG Internet Security (20241231)","Avira Internet Security (20241231)","Bitdefender Internet Security (20241231)","COMODO Antivirus (20241231)","Dr.Web Security Space (20241231)","ESET Internet Security (20241231)","FortectPremium (20241231)","G DATA INTERNET SECURITY (20241231)","K7 Total Security (20241231)","KasperskyPremium (20241231)","Malwarebytes Premium (20241231)","McAfee Total Protection (20241231)","Norton Security (20241231)","Panda Dome (20241231)","Quick Heal Internet Security (20241231)","Sophos Home Premium (20241231)","SpyHunter5 (20241231)","Total AV Antivirus Pro (20241231)","Trend Micro Internet Security (20241231)","VIPRE Advanced Security (20241231)","VirIT eXplorer PRO (20241231)","Webroot SecureAnywhere (20241231)","Windows Defender (20241231)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.freeaudiovideosoft.com/pdf-tools-for-windows/free-convert-all-to-pdf/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreePDFConverterUtilities.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreePDFConverterUtilities.exe","sourceIndex":"522"}],"sampleFiles":["241007/FreePDFConverterUtilities-220518/8.8.0/Samples/FreePDFConverterUtilities.exe","241007/FreePDFConverterUtilities-220518/8.8.0/Samples/FreePDFConverterUtilities-setup.exe","241007/FreePDFConverterUtilities-220518/8.8.0/Samples/FreePDFConverterUtilities_241007.exe"],"imageFiles":["241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-109/PDFConverterUtilities_RelevantKnowledge.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-048/PDFConverterUtilities_RelevantKnowledge.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-048/ACR-004_Update2.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-083/ACR-083_Update.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-010/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-004/ACR-004_Update.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-004/ACR-004_Update2.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-004/ACR-004_Update-2.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-118/PDFConverterUtilities_Uninstall.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-057/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-059/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-071/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-155/PDFConverterUtilities_RelevantKnowledge(1).jpg"],"nonDeceptorImageFiles":["241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-002/PDFConverterUtilities_AppVersion.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-002/PDFConverterUtilities_AppVersion_Inconsistent.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-106/PDFConverterUtilities_RelevantKnowledge(1).jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-092/ACR-092_main_NoDigiSig.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-092/ACR-092_setup.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-092/ACR-092_setup2.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-002/PDFConverterUtilities_AppVersion.jpg","241007/FreePDFConverterUtilities-220518/8.8.0/Images/ACR-002/PDFConverterUtilities_AppVersion_Inconsistent.jpg"],"guid":"275e4dcc-80fa-4622-9bc8-0f10e88df6d8_8.8.0_1","appID":"FreePDFConverterUtilities-220518","dateAdded":"241007","deceptorType":"App","name":"Free PDF Converter Utilities","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,in-app purchases,sold in bundle,none","lastUpdate":"2024-10-07T20:38:19.802041+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":501},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\n Unable to close the update prompt.  \n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":" The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Gold Pack\" highlights \"Free\" misleads user. The functionality requires consumer payment as donation in order to be activated. Otherwise app should remove \"free\" word.\n","ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0) \nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0)\n","ACR-106":" App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The main executable is not digitally signed.\n"},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeDownloadConvert.exe","fileVersion":"1.0","hashMD5":"7b4c1dd8d9455d190f00dbced769b5e3","hashSHA1":"cccd71b8c71698c2f1714960e38a93ed3a74b31f","hashSHA256":"12314fc5cc4c5c538280acb39bb28d182751a2c87b6a8f77f1f637306714f13a","sourceIndex":"520","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeDownloadConvert-setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","productName":"Free YouTube Download Convert    ","fileVersion":"0.0","hashMD5":"66b21fd129f0055f9164170c4e8a2458","hashSHA1":"eee728b666271a51ffb2a0852752be80b580c18f","hashSHA256":"ca717daab4049b566c71f0c4c115066320673c09c4005c24e8214594ff9a374d","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"520","avBlockList":["360 Total Security (20241224)","Avast Premium Security (20241224)","AVG Internet Security (20241224)","Avira Internet Security (20241224)","Bitdefender Internet Security (20241224)","COMODO Antivirus (20241224)","Dr.Web Security Space (20241224)","ESET Internet Security (20241224)","G DATA INTERNET SECURITY (20241224)","K7 Total Security (20241224)","Kaspersky Internet Security (20220607)","Malwarebytes Premium (20241224)","McAfee Total Protection (20241224)","Norton Security (20241224)","Panda Dome (20241224)","Quick Heal Internet Security (20241224)","Sophos Home Premium (20241224)","SpyHunter5 (20241224)","Total AV Antivirus Pro (20241224)","Trend Micro Internet Security (20241224)","VIPRE Advanced Security (20241224)","VirIT eXplorer PRO (20241224)","Webroot SecureAnywhere (20241224)","Windows Defender (20241224)","FortectPremium (20241224)","KasperskyPremium (20241224)"],"avAllowList":["Tencent PC Manager (20220607)"]},{"isRevoked":"False","fileName":"FreeYouTubeDownloadConvert_241007.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"19570e03ae4bbb531570bfeb4ff3762c","hashSHA1":"071dcfaceb4c082ca6e2671929169d25a239ba53","hashSHA256":"0d9a987e28276beba28479ff08a374162c694af1a73b45c40dab25e5cac114e5","sourceIndex":"520","avBlockList":["360 Total Security (20241226)","Avast Premium Security (20241226)","AVG Internet Security (20241226)","Avira Internet Security (20241226)","Bitdefender Internet Security (20241226)","COMODO Antivirus (20241226)","Dr.Web Security Space (20241226)","ESET Internet Security (20241226)","FortectPremium (20241226)","G DATA INTERNET SECURITY (20241226)","K7 Total Security (20241226)","KasperskyPremium (20241226)","Malwarebytes Premium (20241226)","McAfee Total Protection (20241226)","Norton Security (20241226)","Panda Dome (20241226)","Quick Heal Internet Security (20241226)","Sophos Home Premium (20241226)","SpyHunter5 (20241226)","Total AV Antivirus Pro (20241226)","Trend Micro Internet Security (20241226)","VIPRE Advanced Security (20241226)","VirIT eXplorer PRO (20241226)","Webroot SecureAnywhere (20241226)","Windows Defender (20241226)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.freeaudiovideosoft.com/downloader-for-windows/free-youtube-download-convert/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeYouTubeDownloadConvert.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreeYouTubeDownloadConvert.exe","sourceIndex":"520"}],"sampleFiles":["241007/FreeYouTubeDownloadConvert-220520/8.8.0/Samples/FreeYouTubeDownloadConvert.exe","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Samples/FreeYouTubeDownloadConvert-setup.exe","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Samples/FreeYouTubeDownloadConvert_241007.exe"],"imageFiles":["241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-109/FreeYoutubeDC-RelevantKnowledge.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-048/FreeYoutubeDC-RelevantKnowledge.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-010/FreeYoutubeDC-RelevantKnowledge(1).jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-004/ACR-004_049_084_Update.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-004/ACR-004-FakeUpdate_RK.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-083/ACR-004_049_084_Update.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-048/ACR-004-FakeUpdate.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-118/FreeYoutubeDC-Uninstall.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-057/FreeYoutubeDC-RelevantKnowledge(1).jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-059/FreeYoutubeDC-RelevantKnowledge(1).jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-071/FreeYoutubeDC-RelevantKnowledge(1).jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-155/FreeYoutubeDC-RelevantKnowledge(1).jpg"],"nonDeceptorImageFiles":["241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-002/FreeYoutubeDC-InconsistentVersion.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-002/FreeYoutubeDC-InconsistentVersion_About.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-106/FreeYoutubeDC-RelevantKnowledge.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-092/ACR-092_NoDigiSig.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-092/ACR-092_Setup.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-092/ACR-092_Setup-2.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-002/FreeYoutubeDC-InconsistentVersion.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-002/FreeYoutubeDC-InconsistentVersion_About.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-045/FreeYoutubeDC-InlineOffer.jpg","241007/FreeYouTubeDownloadConvert-220520/8.8.0/Images/ACR-045/FreeYoutubeDC-InlineOffer-a.jpg"],"guid":"ee9a0ff9-8214-4b45-874d-3904815ab945_8.8.0_1","appID":"FreeYouTubeDownloadConvert-220520","dateAdded":"241007","deceptorType":"App","name":"Free Youtube Downloader Convert","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,in-app purchases,cross-sell other apps,none","lastUpdate":"2024-10-07T20:43:02.7732039+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":500},{"violations":{"ACR-042":"1. The app drops and installs an expired Trusted Root Certificate (.crt file) without obtaining the consumer's permission through explicit user action.\n2. 'Open VPN' components are installed without disclosing it.\n","ACR-043":"1. The app drops and installs an expired Trusted Root Certificate without disclosing it.\n2. 'Open VPN' components are installed without disclosing it.\n","ACR-107":"Application misses the relevant license information about open source project used \"OpenVPN\"\n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app does not provide any control to remove its background process completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture which might be caused due to installing the trusted root certificate.\n","ACR-084":"On quitting the app under disconnection status, the application doesn't exit completely. The \"VyprVPNService.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The expired trusted root certificate is not removed from the system after the application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly and straightforwardly the main effects of the expired Trusted Root certificate installed.\n","ACR-092":"The app does not have a digital signature for executables: \"VyprVPN.exe\", \"VyprVPNService.exe\".\n\n","ACR-123":"The expired trusted root certificate is not removed from the system after the application is uninstalled.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages.\n"},"samples":[{"isRevoked":"False","fileName":"VyprVPN-5.1.2.0-installer.exe","isInstaller":"True","companyName":"Certida LLC","productName":"VyprVPN 5.1.2.0","productVersion":"5.1.2.0","fileVersion":"5.1.2.0","hashMD5":"e6014a8b9474fae333383ac7006319eb","hashSHA1":"4abc4e01c431f4b6b53f69f8a583ab4631d32985","hashSHA256":"948293c3555a45673591cd6bd4b4084450dd3b3ddbc6ed20558914d34bf13ebf","digitalCertThumbprint":"9021EC17E9745ED65648FC3D5C968CDC1CFA7059","digitalCertIssuer":"DigiCert Global G3 Code Signing ECC SHA384 2021 CA1","digitalCertIssuedTo":"Certida LLC","storeId":"","sourceIndex":"518","avBlockList":["360 Total Security (20241219)","Avast Premium Security (20241219)","AVG Internet Security (20241219)","Avira Internet Security (20241219)","Bitdefender Internet Security (20241219)","FortectPremium (20241219)","G DATA INTERNET SECURITY (20241219)","K7 Total Security (20241219)","Norton Security (20241219)","Panda Dome (20241219)","SpyHunter5 (20241219)","Total AV Antivirus Pro (20241219)","VIPRE Advanced Security (20241219)","VirIT eXplorer PRO (20241219)","Webroot SecureAnywhere (20241219)","Windows Defender (20241219)"],"avAllowList":["COMODO Antivirus (20241219)","Dr.Web Security Space (20241219)","ESET Internet Security (20241219)","KasperskyPremium (20241219)","Malwarebytes Premium (20241219)","McAfee Total Protection (20241219)","Quick Heal Internet Security (20241219)","Sophos Home Premium (20241219)","Trend Micro Internet Security (20241219)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.vyprvpn.com/vpn-apps/vpn-for-windows","directDownloadingLink":"https://www.vyprvpn.com/downloads/vyprvpn/desktop/windows/production/5.1.2.0/VyprVPN-5.1.2.0-installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vyprvpn.com/downloads/vyprvpn/desktop/windows/production/5.1.2.0/VyprVPN-5.1.2.0-installer.exe","sourceIndex":"518"}],"sampleFiles":["241007/VyprVPN-230626/5.1.2.0/Samples/VyprVPN-5.1.2.0-installer.exe"],"imageFiles":["241007/VyprVPN-230626/5.1.2.0/Images/ACR-043/ACR-043.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-043/ACR-043_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-043/ACR-043_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-043/ACR-043_3.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-107/ACR-107.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-042/ACR-042.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-042/ACR-042_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-042/ACR-042_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-042/ACR-042_3.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-048/ACR-048.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-007/ACR-007.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-007/ACR-007_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-007/ACR-007_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-084/ACR-084_Software_1.png","241007/VyprVPN-230626/5.1.2.0/Images/ACR-048/ACR-048_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-048/ACR-048_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["241007/VyprVPN-230626/5.1.2.0/Images/ACR-045/ACR-045.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-045/ACR-045_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-045/ACR-045_2.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-092/ACR-092.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-092/ACR-092_1.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-123/ACR-123.PNG","241007/VyprVPN-230626/5.1.2.0/Images/ACR-018/ACR-018.PNG"],"guid":"a7e25cb8-e974-47dd-b083-0a9a18c68e60_5.1.2.0_1","appID":"VyprVPN-230626","dateAdded":"241007","deceptorType":"App","name":"Vypr VPN","company":"Certida LLC","version":"5.1.2.0","lastKnownStatus":"5.1.2.0","lastKnownDate":"241007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-10-07T22:07:05.8227421+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":499},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-042":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-043":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-048":"The app does not provide an option to cancel the installation.\nThe non-disclosed app components is hidden from standard uninstall entry, limiting user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-084":"The non-disclosed app components is hidden from standard uninstall entry.\n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-165":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeAudioConverter_5.1.12.1204_u.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Audio Converter (sc)                                   ","productVersion":"5.1.12.1204                                       ","fileVersion":"5.1.12.1204         ","hashMD5":"e44876b0b6f8c1e22fb129c9cadf0913","hashSHA1":"682124b455be46201edb68fb3aed75362d2b56d3","hashSHA256":"c1e6e311409f2d2e4b80b63c58b3e625f518575425e94ee9f49999fe909ae40d","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"525","avBlockList":["Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","COMODO Antivirus (20241217)","Dr.Web Security Space (20241217)","FortectPremium (20241217)","Malwarebytes Premium (20241217)","McAfee Total Protection (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","Total AV Antivirus Pro (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)","Windows Defender (20241217)"],"avAllowList":["360 Total Security (20241217)","Bitdefender Internet Security (20241217)","ESET Internet Security (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","KasperskyPremium (20241217)","Quick Heal Internet Security (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Audio-Converter.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeAudioConverter.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeAudioConverter.exe&ls=topWinPrimary","sourceIndex":"525"}],"sampleFiles":["241003/FreeAudioConverter-220426/5.1.12.1204/Samples/FreeAudioConverter_5.1.12.1204_u.exe"],"imageFiles":["241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-039/ACR-039.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-042/ACR-042.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-042/ACR-042_1.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-042/ACR-042_2.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-043/ACR-043.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-043/ACR-043_1.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-043/ACR-043_2.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-048/ACR-048.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-048/ACR-048_1.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-017/ACR-017.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-109/ACR-109.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-084/ACR-084.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-116/ACR-116.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-118/ACR-118.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-118/ACR-118_1.PNG","241003/FreeAudioConverter-220426/5.1.12.1204/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"3a8cc860-3801-4108-8ba6-cb76dcad6a74_5.1.12.1204_1","appID":"FreeAudioConverter-220426","dateAdded":"241003","deceptorType":"App","name":"Free Audio Converter","company":"Digital Wave Ltd","version":"5.1.12.1204","lastKnownStatus":"5.1.9.310;5.1.12.1204","lastKnownDate":"241003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-03T21:08:54.9972978+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":505},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-042":"On executing the installer, it directly installs the \"FreeStudioManager\" and its components without the user's permission and disclosing the installation path. \nThe app drops \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-043":"The \"FreeStudioManager\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide an option to cancel the installation.\nThe non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\".\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user that it came and is related with the main app.\n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does get the user's consent to download and install the other application.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy.\nThe app's About page does not have links to Returns and Cancellation Policy. \n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\nThe application does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeAudioConverter.exe","companyName":"Digital Wave Ltd","fileVersion":"5.1","hashMD5":"c328e37efcd3f1c33ab82bb3ce071058","hashSHA1":"925625f76191339ed587ea99bf7b3c1f872a0e09","hashSHA256":"6670e95bd27043674a3a5086bfc590d223225e01f09c8a54b5308d6f2a35ea25","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1636","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConverter_5.1.9.310_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","fileVersion":"5.1.9.310","hashMD5":"d1b60a04362b9e185eaa8849bc8c8a6a","hashSHA1":"5a43d12a949a8430efb0b7c7770e076f0df2e51d","hashSHA256":"b0bbef864698cf531b9644cb185c81d7acb8eec569f88ea58fd37287398eb6ca","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1636","avBlockList":["Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","Dr.Web Security Space (20220505)","K7 Total Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Quick Heal Internet Security (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VirIT eXplorer PRO (20220505)","Windows Defender (20220505)"],"avAllowList":["360 Total Security (20220505)","Bitdefender Internet Security (20220505)","COMODO Antivirus (20220505)","ESET Internet Security (20220505)","G DATA INTERNET SECURITY (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)","VIPRE Advanced Security (20220505)","Webroot SecureAnywhere (20220505)"]},{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","fileVersion":"6.7","hashMD5":"8c4257b465f9d5f5dbcd4613d7148835","hashSHA1":"956ee354b83bee2507c350ab4b320407863c4d69","hashSHA256":"70b96820bb5657d58a0286ae1b8135c942c9ec859a2db8c9bbf44aaa7aa2b9bb","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1636","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"search free converter in google","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Audio-Converter.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeAudioConverter.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeAudioConverter.exe&ls=topWinPrimary","sourceIndex":"1636"}],"sampleFiles":["220426/FreeAudioConverter-220426/5.1.9.310/Samples/FreeAudioConverter.exe","220426/FreeAudioConverter-220426/5.1.9.310/Samples/FreeAudioConverter_5.1.9.310_o.exe","220426/FreeAudioConverter-220426/5.1.9.310/Samples/FreeStudioManager.exe"],"imageFiles":["220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-039/ACR039-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-039/ACR039-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-042/ACR042-FreeAudioConverter-a - Copy.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-042/ACR042-FreeAudioConverter-b - Copy.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-042/ACR042-FreeAudioConverter-c.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-043/ACR043-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-043/ACR043-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-048/ACR048-FreeAudioConverter.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-048/ACR048-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-017/ACR017-FreeAudioConverter.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-109/ACR109-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-109/ACR109-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-109/ACR109-FreeAudioConverter-c.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-164/ACR164-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-164/ACR164-FreeAudioConverter-b.jpg"],"nonDeceptorImageFiles":["220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-044/ACR044-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-044/ACR044-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-099/ACR099-LandingPage.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-099/ACR099-OfferPage.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-099/ACR099-Software.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-065/ACR065-FreeAudioConverter-a.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-065/ACR065-FreeAudioConverter-b.jpg","220426/FreeAudioConverter-220426/5.1.9.310/Images/ACR-065/ACR065-About.jpg"],"guid":"3a8cc860-3801-4108-8ba6-cb76dcad6a74_5.1.9.310_1","appID":"FreeAudioConverter-220426","dateAdded":"241003","deceptorType":"App","name":"Free Audio Converter","company":"Digital Wave Ltd","version":"5.1.9.310","lastKnownStatus":"5.1.9.310;5.1.12.1204","lastKnownDate":"241003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":506},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n2. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1210-2180.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"12.1.0.2180","fileVersion":"12.1.0.2180","hashMD5":"35beb9e86a2155125cad954ded304cf2","hashSHA1":"8bf5bc29106436f99c7dbf8608fcd2eb007382e3","hashSHA256":"663a4570cfcb54adc1cccce62ed59ac0d615d26461c50163257f6748bec44aeb","digitalCertThumbprint":"195A8B2353093FDE6C912C299581FE78A12DEEF5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"580","avBlockList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","Malwarebytes Premium (20241001)","McAfee Total Protection (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Quick Heal Internet Security (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","G DATA INTERNET SECURITY (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"580"}],"sampleFiles":["240730/daemontoolslite-220714/12.1.0.2180/Samples/DTLite1210-2180.exe"],"imageFiles":["240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-084/ACR-084.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-084/ACR-084_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-048/ACR-048.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-048/ACR-048_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-048/ACR-048_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-059/ACR-059.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-059/ACR-059_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-155/ACR-155.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-155/ACR-155_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-155/ACR-155_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-048/ACR-048_Install.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-013/ACR-013.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-013/ACR-013_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-013/ACR-013_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-097/ACR-097.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-118/ACR-118.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-057/ACR-057_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-055/ACR-055.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-055/ACR-055_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-055/ACR-055_2.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-060/ACR-060.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-060/ACR-060_1.PNG","240730/daemontoolslite-220714/12.1.0.2180/Images/ACR-060/ACR-060_2.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_12.1.0.2180_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"12.1.0.2180","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":510},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n2. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1210-2169.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"12.1.0.2169","fileVersion":"12.1.0.2169","hashMD5":"f644be5504a88097959aceb720c987f4","hashSHA1":"b85e3e3b629dd47bdd8ed405275017d27dc66c9e","hashSHA256":"3ecd5a3a1175b9baf3a018f134f0bf352f1ce3e9d5f974d293ccc5ce243c527c","digitalCertThumbprint":"6FF4F12F192D94BD04EA30D660945D2CB7330529","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"SIA AVB Disc Soft","storeId":"","sourceIndex":"627","avBlockList":["COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VIPRE Advanced Security (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Bitdefender Internet Security (20240808)","McAfee Total Protection (20240808)","Trend Micro Internet Security (20240808)","Windows Defender (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"627"}],"sampleFiles":["240620/daemontoolslite-220714/12.1.0.2169/Samples/DTLite1210-2169.exe"],"imageFiles":["240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-084/ACR-084_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-084/ACR-084_2.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-048/ACR-048_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-048/ACR-048_2.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-048/ACR-048_3.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-059/ACR-059_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-155/ACR-155.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-155/ACR-155_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-048/ACR-048.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-013/ACR-013.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-013/ACR-013_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-097/ACR-097.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-118/ACR-118.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-057/ACR-057.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-057/ACR-057_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-055/ACR-055.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-055/ACR-055_1.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-060/ACR-060.PNG","240620/daemontoolslite-220714/12.1.0.2169/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_12.1.0.2169_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"12.1.0.2169","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":511},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent. \n","ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n2. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DotNetWrapper.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"12.0.0.2126","fileVersion":"12.0.0.2126","hashMD5":"418747f6c138cef786bb250b9d8b655d","hashSHA1":"d497cfc9b09438c152812c92931255865a7bb003","hashSHA256":"524786246019f9e19f329297eb933d574ebb672eebd7104b4756d2004967f6f0","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"816","avBlockList":["COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","FortectPremium (20240806)","G DATA INTERNET SECURITY (20240806)","KasperskyPremium (20240806)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","VIPRE Advanced Security (20240806)","VirIT eXplorer PRO (20240806)"],"avAllowList":["360 Total Security (20240806)","Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","K7 Total Security (20240806)","McAfee Total Protection (20240806)","Quick Heal Internet Security (20240806)","Trend Micro Internet Security (20240806)","Webroot SecureAnywhere (20240806)","Windows Defender (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"DownloadAstro Search","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"816"}],"sampleFiles":["231109/daemontoolslite-220714/12.0.0.2126/Samples/DTLite1200-2126.exe"],"imageFiles":["231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-084/ACR-084_Software_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-084/ACR-084_Software_2.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-048/ACR-048_Software_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-048/ACR-048_Software_2.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-048/ACR-048_Software_3.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-059/ACR-059.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-155/ACR-155.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-155/ACR-155_Bundler-made offers_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-042/ACR-042 (1).JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-042/ACR-042 (2).JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-048/ACR-048.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-013/ACR-013.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-013/ACR-013_Install_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-097/ACR-097_Software_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-118/ACR-118_Uninstall_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-118/ACR-118_Uninstall_2.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-057/ACR-057.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-055/ACR-055.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-060/ACR-060.JPG","231109/daemontoolslite-220714/12.0.0.2126/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_12.0.0.2126_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"12.0.0.2126","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":512},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1120-2099.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","fileVersion":"11.2","hashMD5":"e4d3c3ef70a9a656fe05c3d4a14b0e32","hashSHA1":"c41b2f26b1419102b0bbbed6d9aefbfb1d12720d","hashSHA256":"832d1a3d7fb0ded0c8224fc7fc62418f927255bbc1f9a89aaf87ab2f24a9ac8b","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"AVB Disc Soft, SIA\", O=\"AVB Disc Soft, SIA\", STREET=Turaidas iela 65A, L=Jūrmala, PostalCode=2015, C=LV","sourceIndex":"925","avBlockList":["Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VIPRE Advanced Security (20240725)","VirIT eXplorer PRO (20240725)","FortectPremium (20240725)"],"avAllowList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","K7 Total Security (20240725)","Trend Micro Internet Security (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"DownloadAstro Search","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"925"}],"sampleFiles":["230809/daemontoolslite-220714/11.2.0.2099/Samples/DTLite1120-2099.exe"],"imageFiles":["230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-084/ACR-084.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-084/ACR-084_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-048/ACR-048.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-048/ACR-048_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-048/ACR-048_2.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-059/ACR-059.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-059/ACR-059_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-155/ACR-155.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-155/ACR-155_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-048/ACR-048_Install.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-013/ACR-013.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-013/ACR-013_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-097/ACR-097.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-118/ACR-118.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-057/ACR-057.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-057/ACR-057_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-055/ACR-055.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-055/ACR-055_1.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-060/ACR-060.PNG","230809/daemontoolslite-220714/11.2.0.2099/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2099_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2099","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":514},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2093","fileVersion":"11.2.0.2093","hashMD5":"f3b9d6a5c1fc7e30585ec69799da9070","hashSHA1":"c049706a95df5a4afe8afe3ad675a365e668b889","hashSHA256":"974fe68423f2f6f2728781018410a6cc70cf675024e0d57e7c1225b2413cb0b9","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"928","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2093","fileVersion":"11.2.0.2093","hashMD5":"1896aed4c8a16a2a4108290817617cdc","hashSHA1":"28dacde3c46dc29fe25e19d45741460639a3667c","hashSHA256":"80c752a3e0567377c0e1be10efa0f46a9515a36d866bc46d852fa9259da6d2f7","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"928","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2093","fileVersion":"11.2.0.2093","hashMD5":"6b3af249cde075a97f850aebea9a478c","hashSHA1":"f9c064dc2fae1acd1394be7747509d6cec9a0155","hashSHA256":"2472cd7f88bcd7c0ff68ad46ec9dc74f176de08fe023fa4c56628cfd047db197","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"928","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2093.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2093","fileVersion":"11.2.0.2093","hashMD5":"c005b2930a60c36655178ffa1c7c4db2","hashSHA1":"768265f50f0a6aab88fd5d981e249c81b2e95af4","hashSHA256":"0e59151c34a711f537c1227c1bc9325004d068d44bec627c8503d917a603b4d3","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"928","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"928"}],"sampleFiles":["230807/daemontoolslite-220714/11.2.0.2093/Samples/DTLite1120-2093.exe"],"imageFiles":["230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-084/ACR-084.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-084/ACR-084_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-048/ACR-048.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-048/ACR-048_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-048/ACR-048_2.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-059/ACR-059.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-059/ACR-059_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-155/ACR-155.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-155/ACR-155_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-048/ACR-048_Install.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-013/ACR-013.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-013/ACR-013_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-097/ACR-097.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-118/ACR-118.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-057/ACR-057.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-057/ACR-057_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-055/ACR-055.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-055/ACR-055_1.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-060/ACR-060.PNG","230807/daemontoolslite-220714/11.2.0.2093/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2093_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2093","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":515},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2092","fileVersion":"11.2.0.2092","hashMD5":"26a645e1d0a87251dbb129fe2256c950","hashSHA1":"a8b7c084203d29dcd2a81e90d5a3e84af7dec548","hashSHA256":"6359434bc8d2a0a165bd8be0b9df3b05fdcc8011e79159068cac1d3778f02e5e","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"949","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2092","fileVersion":"11.2.0.2092","hashMD5":"6b9927af1f0d4711626925ad94bc6fb3","hashSHA1":"82b1402f3282eea78a88aec9af41f03afea57506","hashSHA256":"c2c4ece4b0047a86ee0b7ed7689ea891554939414f47f1d46018a6157775240f","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"949","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2092","fileVersion":"11.2.0.2092","hashMD5":"67c2e52e7983f28b66650181231afb09","hashSHA1":"04078af3068cef01db8795562b9e420b7ad09401","hashSHA256":"8965a24a153c07e8ef1e02b48359cf10f6eae9b161cdc099930f1d5fa4044945","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"949","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2092.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2092","fileVersion":"11.2.0.2092","hashMD5":"79fd3dd2fc7f64ad49d6e91050e58c56","hashSHA1":"e146cca39cb35d9b72901da20fb39f60197f15e9","hashSHA256":"04590a4dbd2f6995f2a864433ce2d651992be0b3ebef9a7aa9d8bcd47d1f1c56","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"949","avBlockList":["Avira Internet Security (20240723)","ESET Internet Security (20240723)","K7 Total Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","Windows Defender (20240723)","FortectPremium (20240723)"],"avAllowList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","G DATA INTERNET SECURITY (20240723)","Kaspersky Internet Security (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"949"}],"sampleFiles":["230727/daemontoolslite-220714/11.2.0.2092/Samples/DTLite1120-2092.exe"],"imageFiles":["230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-084/ACR-084.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-084/ACR-084_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-048/ACR-048.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-048/ACR-048_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-048/ACR-048_2.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-059/ACR-059.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-059/ACR-059_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-155/ACR-155.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-155/ACR-155_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-048/ACR-048_Install.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-013/ACR-013.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-013/ACR-013_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-097/ACR-097.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-118/ACR-118.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-057/ACR-057.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-057/ACR-057_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-055/ACR-055.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-055/ACR-055_1.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-060/ACR-060.PNG","230727/daemontoolslite-220714/11.2.0.2092/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2092_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2092","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":516},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2083","fileVersion":"11.2.0.2083","hashMD5":"afafce5db0bbb366a9bc1a792b09b471","hashSHA1":"d1be115ab6731b83d3f4c59ca1a539a6dc730487","hashSHA256":"a46b44b79593755f829a0fef6cf84384d45d484aecd986c38f0214daf8096f46","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"980","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2083","fileVersion":"11.2.0.2083","hashMD5":"a54e2da8758afe8edfacc093c0f51d25","hashSHA1":"2dbdf43fc37d92d9922319f8ad213bf97f050e78","hashSHA256":"ce0a31ae3328fade9be8f420a950beef8762be2e33cc1353ea5f1ced09f16e47","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"980","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2083","fileVersion":"11.2.0.2083","hashMD5":"85d0be8a7f277b2cbfbd3145e847b8b3","hashSHA1":"0f742a0a59c7db4221ca7ef335c8eaa2f79d1fb2","hashSHA256":"3811cf60e193b9e89df4e2900a43958bf0c0551495adf9cbbff8c2956bfdaf92","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"980","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2083.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2083","fileVersion":"11.2.0.2083","hashMD5":"66d7c99a0ae87f65d7c8ecd2f6f033bc","hashSHA1":"16ad24e0e2f5619f4c494796fba891b680ed8bda","hashSHA256":"48a9967063fd1c926d1ce020c48b301da99a04af3b1a8164fdf7aa3c9da7039a","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"980","avBlockList":["Avira Internet Security (20230810)","ESET Internet Security (20230810)","K7 Total Security (20230810)","Malwarebytes Premium (20230810)","McAfee Total Protection (20230810)","Norton Security (20230810)","Panda Dome (20230810)","Quick Heal Internet Security (20230810)","Sophos Home Premium (20230810)","SpyHunter5 (20230810)","Total AV Antivirus Pro (20230810)","VirIT eXplorer PRO (20230810)","Webroot SecureAnywhere (20230810)","Windows Defender (20230810)"],"avAllowList":["360 Total Security (20230810)","Avast Premium Security (20230810)","AVG Internet Security (20230810)","Bitdefender Internet Security (20230810)","COMODO Antivirus (20230810)","Dr.Web Security Space (20230810)","G DATA INTERNET SECURITY (20230810)","Kaspersky Internet Security (20230810)","Trend Micro Internet Security (20230810)","VIPRE Advanced Security (20230810)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"980"}],"sampleFiles":["230713/daemontoolslite-220714/11.2.0.2083/Samples/DTLite1120-2083.exe"],"imageFiles":["230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-084/ACR-084_Software_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-084/ACR-084_Software_2.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-048/ACR-048_Software_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-048/ACR-048_Software_2.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-048/ACR-048_Software_3.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-059/ACR-059.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-059/ACR-059_Bundler-made offers_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-155/ACR-155.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-048/ACR-048_Install.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-013/ACR-013.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-013/ACR-013_Install_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-118/ACR-118_Uninstall_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-057/ACR-057.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-057/ACR-057_Bundler-made offers_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-055/ACR-055.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-055/ACR-055_Bundler-made offers_1.png","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-060/ACR-060.JPG","230713/daemontoolslite-220714/11.2.0.2083/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2083_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2083","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":517},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2086","fileVersion":"11.2.0.2086","hashMD5":"3134102000ce38bf5bfb96faf5f279c7","hashSHA1":"990889841a9bbb90343a1f91eae766254d6c3f11","hashSHA256":"3856f0eebf62dc075bd8368f874b3615ff96a863ed5bade1f452daf24c16bcd0","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1034","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2086","fileVersion":"11.2.0.2086","hashMD5":"250a15739904347ac9adbbb0385f445c","hashSHA1":"be77f1cdfa87305e17e41c192a0e801df456121e","hashSHA256":"686562df2e72eb4042b1a5bb9a5e950631de70733bd1ade79b36515dfbd478ec","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1034","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2086","fileVersion":"11.2.0.2086","hashMD5":"8b708f345812e6cebde56c52f88d4a22","hashSHA1":"ecf9f4d483634671d087ec30de7489a6856cc452","hashSHA256":"7c333cc409947e52a001e905d27f1871291a0c67aeb43f273823ad16a9fc0f42","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1034","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLiteInstaller1.4.28.0086.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"1.4.28.0086","fileVersion":"1.4.28.0086","hashMD5":"d9da7a69d0ebacff11ba3cf529f6ccc6","hashSHA1":"10d9f08cfbc589e440f45ae6eeaae27a004f4f70","hashSHA256":"f5fc93d719b87dd855c8a0eb1c3030dee18e4566cd36b99a06b4b06497fbddb5","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1034","avBlockList":["Avast Premium Security (20231214)","Avira Internet Security (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["360 Total Security (20231214)","AVG Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","Kaspersky Internet Security (20231214)","Trend Micro Internet Security (20231214)","VIPRE Advanced Security (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1034"}],"sampleFiles":["230622/daemontoolslite-220714/11.2.0.2086/Samples/DTLiteInstaller1.4.28.0086.exe"],"imageFiles":["230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-084/ACR-084.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-084/ACR-084_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-048/ACR-048.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-048/ACR-048_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-048/ACR-048_2.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-059/ACR-059.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-059/ACR-059_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-155/ACR-155.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-155/ACR-155_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-048/ACR-048_INSTALL.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-013/ACR-013.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-013/ACR-013_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-118/ACR-118.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-057/ACR-057.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-057/ACR-057_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-055/ACR-055.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-055/ACR-055_1.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-060/ACR-060.JPG","230622/daemontoolslite-220714/11.2.0.2086/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2086_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2086","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":518},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2080","fileVersion":"11.2.0.2080","hashMD5":"eca5218d8b5b8b4679f85d67b2cc66d6","hashSHA1":"def90dba86b12c5ac9ba92bd52335d34c0ab176e","hashSHA256":"f13c0e331dd66a919a33bb3dd8575397e1d2f22c4ec5b9c7dd47d0436682708d","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1045","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2080","fileVersion":"11.2.0.2080","hashMD5":"ac7fa26e552912162b6936811e682d61","hashSHA1":"8688786fb3d6ba8d65dca8bb2edb5f27fdb30484","hashSHA256":"5fbd662b957c89dec96d01b01f2e13ec6d2a1e30b7569863622c047b9f441af9","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1045","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2080","fileVersion":"11.2.0.2080","hashMD5":"8fdd0ccba4b683b92fb49daf87cfd1a2","hashSHA1":"7c77ad26745496689fb30bfb91f39a8ccce6dc2c","hashSHA256":"6349c4dbc79bc2f2bb1130c63ae55b02a03a66eb8c8f8730db976b7361ddaa29","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1045","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2080.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2080","fileVersion":"11.2.0.2080","hashMD5":"67838829c0cd350d1d25c0ffa624c96c","hashSHA1":"07eeb4c125d1b888a3ad94ae1cf0b333e25ebec8","hashSHA256":"d3691e6a8bf69823b90726004c12a67e7e063cedada6fa27f40da9eb9ec960e9","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1045","avBlockList":["Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["360 Total Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","Kaspersky Internet Security (20240201)","Trend Micro Internet Security (20240201)","VIPRE Advanced Security (20240201)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1045"}],"sampleFiles":["230615/daemontoolslite-220714/11.2.0.2080/Samples/DTLite1120-2080.exe"],"imageFiles":["230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-084/ACR-084.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-048/ACR-048.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-048/ACR-048_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-048/ACR-048_2.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-059/ACR-059.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-059/ACR-059_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-155/ACR-155.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-155/ACR-155_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-048/ACR-048_Install.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-013/ACR-013.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-013/ACR-013_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-118/ACR-118.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-057/ACR-057.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-057/ACR-057_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-055/ACR-055.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-055/ACR-055_1.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-060/ACR-060.JPG","230615/daemontoolslite-220714/11.2.0.2080/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2080_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2080","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":519},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLiteInstaller.exe","isInstaller":"True","companyName":"Disc Soft Ltd","productName":"DTLiteInstaller1.4.28.0082.exe","productVersion":"1.4.28.0082","fileVersion":"1.4.28.0082","hashMD5":"4ae0d57d871a8d99d8340d268a23b518","hashSHA1":"e7a931fa003baa75062be7b0297708d631a6a001","hashSHA256":"d4a3313bdf6584e22160405e72652896e1bd24df4f93fe5d0b2740be3e2cd6be","digitalCertThumbprint":"CC313A734BFA31D3F2E4C27D5762FA6D83BD5D0A","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1513","avBlockList":["Avira Internet Security (20230926)","ESET Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)","Windows Defender (20230926)"],"avAllowList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Bitdefender Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Tencent PC Manager (20220719)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)"]}],"additionalFiles":[],"sources":[{"howFound":"DownloadAstro Search","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1513"}],"sampleFiles":["220714/daemontoolslite-220714/1.4.28.0082/Samples/DTLiteInstaller.exe"],"imageFiles":["220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-084/ACR-084_Software_BG_Process.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-084/ACR-084_1.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-048/ACR-048_1.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-048/ACR-048_2.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-048/ACR-048_3.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-059/ACR-059.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-155/ACR-155_1.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-048/ACR-048_Install_1.JPG","220714/daemontoolslite-220714/1.4.28.0082/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_1.4.28.0082_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"1.4.28.0082","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":523},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-097":"The app adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1120-2105.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2105","fileVersion":"11.2.0.2105","hashMD5":"e519f60e36520c4a1672226e334cc0e5","hashSHA1":"d94f018f730dd6d4f62d0bf3b9ab244759548383","hashSHA256":"b64254e9ae3c7e7bad26d118fb9a1c64fcafeac38c1a95a3517fe526fa0aa6ed","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"903","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"903"}],"sampleFiles":["230907/daemontoolslite-220714/11.2.0.2105/Samples/DTLite1120-2105.exe"],"imageFiles":["230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-084/ACR-084_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-084/ACR-084_2.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-048/ACR-048.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-048/ACR-048_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-048/ACR-048_2.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-059/ACR-059.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-059/ACR-059_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-155/ACR-155.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-155/ACR-155_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-048/ACR-048_Install.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-013/ACR-013.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-013/ACR-013_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-097/ACR-097.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-118/ACR-118.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-057/ACR-057.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-057/ACR-057_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-055/ACR-055.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-055/ACR-055_1.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-060/ACR-060.PNG","230907/daemontoolslite-220714/11.2.0.2105/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2105_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2105","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":513},{"violations":{"ACR-046":"Collecting data via \"Allow Daemon tools lite to send anonymous usage statistics\" is checked by default and not visible to the user by default. There is no relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n2. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DTLite1210-2211.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"12.1.0.2211","fileVersion":"12.1.0.2211","hashMD5":"9bbf533f2eac97ce8c86ae6725ea86fa","hashSHA1":"f694d3f1564a09d58ddb46ba2b296b556b1b5713","hashSHA256":"17901cec8393ba3720940ca84c524f8d4565c3ddc5a1b2048cbb56115d0cb6a3","digitalCertThumbprint":"195A8B2353093FDE6C912C299581FE78A12DEEF5","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"528","avBlockList":["AVG Internet Security (20241217)","ESET Internet Security (20241217)","K7 Total Security (20241217)","Malwarebytes Premium (20241217)","McAfee Total Protection (20241217)","Norton Security (20241022)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)","FortectPremium (20241217)"],"avAllowList":["360 Total Security (20241217)","Avast Premium Security (20241217)","Avira Internet Security (20241217)","Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","Dr.Web Security Space (20241217)","G DATA INTERNET SECURITY (20241217)","KasperskyPremium (20241217)","Total AV Antivirus Pro (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"528"}],"sampleFiles":["240930/daemontoolslite-220714/12.1.0.2211/Samples/DTLite1210-2211.exe"],"imageFiles":["240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-084/ACR-084.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-084/ACR-084_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-048/ACR-048_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-048/ACR-048_2.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-048/ACR-048_3.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-059/ACR-059.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-155/ACR-155.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-155/ACR-155_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-046/ACR-046.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-046/ACR-046_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-048/ACR-048.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-013/ACR-013.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-013/ACR-013_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-097/ACR-097.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-118/ACR-118_Uninstall_1.png","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-057/ACR-057.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-055/ACR-055.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-055/ACR-055_1.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-060/ACR-060.PNG","240930/daemontoolslite-220714/12.1.0.2211/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_12.1.0.2211_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"12.1.0.2211","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T19:59:29.5028722+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":509},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2078","fileVersion":"11.2.0.2078","hashMD5":"7307714416a94852bbdd873c793cf5a1","hashSHA1":"99c905e7b60906895f3bf7a4c961c4ef9cb8367d","hashSHA256":"5f77498596c70bd77cc665b0ae634bca9f5338a2553cbb8ab21b9fd1132ea2d4","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1076","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2078","fileVersion":"11.2.0.2078","hashMD5":"c5e8e79a8637b5a232acd0ba4e4d3a63","hashSHA1":"91abbf2ca9683c3a326909b235f39c322746ebbe","hashSHA256":"6ac23a52c4349a5619783908e0c74c6ab0fdb97c880ee572fed58cf5fcdbe6e7","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1076","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2078","fileVersion":"11.2.0.2078","hashMD5":"9e3fdc2997e261c204d4a920b08beade","hashSHA1":"ce184b6aa5e15453af60697f29d1cb5b2b28a541","hashSHA256":"eba5f6f5fa465e901d65716a9f5a8c144fb6c80749314d57995e3e0684bb9022","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1076","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2078.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2078","fileVersion":"11.2.0.2078","hashMD5":"b35822e6fd902f6a4a2c8e83384a32be","hashSHA1":"32be76719bc1441b670ad04b35be107b6a366637","hashSHA256":"37da1107f70c33fdbe550e8aafe5dcba158e020c18f1c7d132b46a987abcdef8","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1076","avBlockList":["Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","ESET Internet Security (20230803)","K7 Total Security (20230803)","Malwarebytes Premium (20230803)","McAfee Total Protection (20230803)","Norton Security (20230803)","Panda Dome (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","Total AV Antivirus Pro (20230803)","VirIT eXplorer PRO (20230803)","Windows Defender (20230803)"],"avAllowList":["360 Total Security (20230803)","Bitdefender Internet Security (20230803)","COMODO Antivirus (20230803)","Dr.Web Security Space (20230803)","G DATA INTERNET SECURITY (20230803)","Kaspersky Internet Security (20230803)","Quick Heal Internet Security (20230803)","Trend Micro Internet Security (20230803)","VIPRE Advanced Security (20230803)","Webroot SecureAnywhere (20230803)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1076"}],"sampleFiles":["230531/daemontoolslite-220714/11.2.0.2078/Samples/DTLite1120-2078.exe"],"imageFiles":["230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-084/ACR-084.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-084/ACR-084_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-048/ACR-048.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-048/ACR-048_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-048/ACR-048_2.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-059/ACR-059.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-059/ACR-059_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-155/ACR-155.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-155/ACR-155_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-048/ACR-048_Install.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-013/ACR-013.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-013/ACR-013_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-118/ACR-118.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-057/ACR-057.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-057/ACR-057_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-055/ACR-055.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-055/ACR-055_1.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-060/ACR-060.JPG","230531/daemontoolslite-220714/11.2.0.2078/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2078_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2078","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":520},{"violations":{"ACR-109":"The application silently installs  OpenVPN and TAP Driver Windows before the user chooses and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party component \"Open VPN\" is installed without any disclosure.\n","ACR-043":"1. The application silently installs \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party component \"Open VPN\" is installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components: TAP Driver Windows and Open VPN.\n","ACR-048":"The app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. Also, the process \"openvpnserv.exe\" runs in the background even after uninstallation.\n","ACR-014":"The app misleads the user by displaying \"Installation Successfully Completed\" on the Post-uninstall prompt.\n","ACR-039":"Application silently installs OpenVPN and Tap windows program without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Inline offers screen inside the software..\nThe app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Internal offers page (https://manage.uvpn.me/order).\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"uVPN_installer.exe","isInstaller":"True","companyName":"uVpn","productName":"uVPN Installer","productVersion":"0.0.56.1","fileVersion":"0.0.56.1","hashMD5":"7e72ea08b30b5d6bda54d6941f9a5eb1","hashSHA1":"54239e47207338a6102d04f9bb95d1e086d3c580","hashSHA256":"8c520787610a238a3e4e36e502ff993ce0063f1690b4f4f56b3e12875d3ce6f7","digitalCertThumbprint":"E47E81D84A3F023CC8CFAF64BD8DE2FCE4FD4A5C","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Brocode Limited","storeId":"","sourceIndex":"529","avBlockList":["360 Total Security (20241217)","Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","FortectPremium (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","Malwarebytes Premium (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","Total AV Antivirus Pro (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)"],"avAllowList":["Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","Dr.Web Security Space (20241217)","ESET Internet Security (20241217)","KasperskyPremium (20241217)","McAfee Total Protection (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://uvpn.me","directDownloadingLink":"https://uvpn.me/download/windows/uVPN_installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://uvpn.me/download/windows/uVPN_installer.exe","sourceIndex":"529"}],"sampleFiles":["240930/uVPN-220309/0.0.56.1/Samples/uVPN_installer.exe"],"imageFiles":["240930/uVPN-220309/0.0.56.1/Images/ACR-118/ACR-118.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-118/ACR-118_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-118/ACR-118_2.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-118/ACR-118_Uninstall_1.png","240930/uVPN-220309/0.0.56.1/Images/ACR-048/ACR-048_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-048/ACR-048_2.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-048/ACR-048_3.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-109/ACR-109.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-039/ACR-039.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-043/ACR-043.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-043/ACR-043_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-107/ACR-107.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-107/ACR-107_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-042/ACR-042.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-042/ACR-042_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-084/ACR-084.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-084/ACR-084_1.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-014/ACR-014_Uni nstall.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-165/ACR-165.PNG","240930/uVPN-220309/0.0.56.1/Images/ACR-165/ACR-165_1.PNG"],"nonDeceptorImageFiles":[],"guid":"dc237089-8c78-4008-a37a-35cd10eb5074_0.0.56.1_1","appID":"uVPN-220309","dateAdded":"240930","deceptorType":"App","name":"uVPN","company":"Brocode Limited","version":"0.0.56.1","lastKnownStatus":"0.0.54;0.0.56.1","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T19:55:57.1195796+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":507},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"Offers don't have clear way for user to accept or decline. \n","ACR-055":"The accept/Decline options are not consistent for offers.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2074","fileVersion":"11.2.0.2074","hashMD5":"e92a38e86d9fa5b872e9949d310a471c","hashSHA1":"386ff845406e03df5ff05be127be762a45191e0a","hashSHA256":"c007f3370374d09224ece78c9921837e61a0a9afcba0d6a7e1e40caee31c7a22","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1089","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2074","fileVersion":"11.2.0.2074","hashMD5":"64ad81456a4c215792bb4e4ed6889497","hashSHA1":"7920ff3c85d628629eae4857d9ce2f191617fd57","hashSHA256":"73c7ffc97decaf0c67f5252531a48661600f899514fe8936d134c3a42b6d3ea2","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1089","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2074","fileVersion":"11.2.0.2074","hashMD5":"062f7a8c366d529ad2c253b1797c4229","hashSHA1":"a5b3e7401cc94a5ae20e472a2f13e843408503d8","hashSHA256":"6b44141256adf52e4b98b003c160cca90a44acb60f99bf06c36ebd1daa797df4","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1089","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2074.exe","isInstaller":"True","companyName":"Disc Soft FZE LLC","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2074","fileVersion":"11.2.0.2074","hashMD5":"03e4d8368ff6ad76cce3189ba6eb80ad","hashSHA1":"1a8b8283b9deaef4599428315c927f5c74cec22c","hashSHA256":"d95d581a9aef8ee3d2c5a359c47682ec78b2c820a727616fb4472a7c5c7f62fd","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1089","avBlockList":["Avast Premium Security (20230530)","AVG Internet Security (20230530)","Avira Internet Security (20230530)","ESET Internet Security (20230530)","K7 Total Security (20230530)","Malwarebytes Premium (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Quick Heal Internet Security (20230530)","Sophos Home Premium (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","VirIT eXplorer PRO (20230530)","Webroot SecureAnywhere (20230530)"],"avAllowList":["360 Total Security (20230530)","Bitdefender Internet Security (20230530)","COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","G DATA INTERNET SECURITY (20230530)","Kaspersky Internet Security (20230530)","McAfee Total Protection (20230530)","Trend Micro Internet Security (20230530)","VIPRE Advanced Security (20230530)","Windows Defender (20230530)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1089"}],"sampleFiles":["230522/daemontoolslite-220714/11.2.0.2074/Samples/DTLite1120-2074.exe"],"imageFiles":["230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-084/ACR-084.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-084/ACR-084_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-048/ACR-048.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-048/ACR-048_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-048/ACR-048_2.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-059/ACR-059.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-059/ACR-059_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-155/ACR-155.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-155/ACR-155_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-048/ACR-048_Install.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-013/ACR-013.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-013/ACR-013_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-118/ACR-118.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-057/ACR-057.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-057/ACR-057_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-055/ACR-055.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-055/ACR-055_1.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-060/ACR-060.JPG","230522/daemontoolslite-220714/11.2.0.2074/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2074_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2074","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":521},{"violations":{"ACR-048":"The app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. Also, the app's UI is kept open in the desktop and the process runs in the background even after removing the \"uVPN.exe\" from its parent folder.\n","ACR-014":"The app misleads by stating \"Your connection is not secure\" inside the software, even though another VPN (tunnel bear) is Connected.\n","ACR-039":"Application silently installs OpenVPN and Tap windows program without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Inline offers screen inside the software..\nThe app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Internal offers page (https://manage.uvpn.me/order).\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA during installation.\n","ACR-092":"The app has an unsigned installer and a file installed. No digital signature for the following components: \"UVPN.resources.dll\" and \"newUVPNInstaller.exe\".\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://uvpn.me/) does not display links to uninstall information.\n","ACR-068":"The subscription pricing shown in the Inline offers screen inside the software and Internal offers page (https://manage.uvpn.me/order) is not accurate and it confuses the user. Each offer in the Internal Offers page shows the number of devices that can use that particular subscription but these details are not provided in Inline offers.\n","ACR-014":"The app misleads by displaying the status as \"Unprotected\" on the landing page (https://uvpn.me/), even though another VPN (tunnel bear) is Connected.\n"},"samples":[{"isRevoked":"False","fileName":"uVPN_installer.exe","isInstaller":"True","companyName":"uVpn","productName":"uVPN","productVersion":"0.0.54","fileVersion":"0.0.54","hashMD5":"0316ec845b455a14eeb08a9da36a94e5","hashSHA1":"b67d76d8a5834c7b5cd307cde5ff0b55fc667dbf","hashSHA256":"547b62821f2d993fe924771ae185c3b03b1b70ee76474a6b0557abde6dada14e","digitalCertThumbprint":"FAD4421A36515C356DAF1A26C1EEF6482DD5A3A9","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Brocode Limited","storeId":"","sourceIndex":"1684","avBlockList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","G DATA INTERNET SECURITY (20241001)","Malwarebytes Premium (20241001)","McAfee Total Protection (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)","Windows Defender (20241001)","FortectPremium (20241001)"],"avAllowList":["COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","K7 Total Security (20241001)","Kaspersky Internet Security (20220324)","Quick Heal Internet Security (20241001)","Tencent PC Manager (20220324)","KasperskyPremium (20241001)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\uVPN\\UVPN.exe","companyName":"","productName":"UVPN","productVersion":"0.0.54.0","fileVersion":"0.0.54.0","hashMD5":"4b76e436413b7ffb8adaf8ac1183de01","hashSHA1":"557eee5f64022e39cf872da819a0586753dee825","hashSHA256":"cd46f5f02e980a34739b84951e471612a48431b70cf527f208cc7c692c98d3d8","digitalCertThumbprint":"FAD4421A36515C356DAF1A26C1EEF6482DD5A3A9","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Brocode Limited","storeId":"","sourceIndex":"1684","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://uvpn.me","directDownloadingLink":"https://uvpn.me/download/windows/uVPN_installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://uvpn.me/download/windows/uVPN_installer.exe","sourceIndex":"1684"}],"sampleFiles":["220313/uVPN-220309/0.0.54/Samples/uVPN_installer.exe"],"imageFiles":["220313/uVPN-220309/0.0.54/Images/ACR-118/ACR-118_Uninstall_1.mp4","220313/uVPN-220309/0.0.54/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220313/uVPN-220309/0.0.54/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220313/uVPN-220309/0.0.54/Images/ACR-048/ACR-048_Software_No_Control.JPG","220313/uVPN-220309/0.0.54/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220313/uVPN-220309/0.0.54/Images/ACR-039/uVPN_OpenVPN.JPG","220313/uVPN-220309/0.0.54/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220313/uVPN-220309/0.0.54/Images/ACR-084/ACR-084_Software_Background_Process_Exists_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-165/ACR-165_InlineOffers_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-165/ACR-165_InternalOffers.jpg"],"nonDeceptorImageFiles":["220313/uVPN-220309/0.0.54/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220313/uVPN-220309/0.0.54/Images/ACR-092/ACR-092_Software_No_Digital_Signature_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-065/ACR-065_Install_No_EULA.JPG","220313/uVPN-220309/0.0.54/Images/ACR-099/ACR-099_Software_1.JPG","220313/uVPN-220309/0.0.54/Images/ACR-099/ACR-099_LandingPage_1.jpg","220313/uVPN-220309/0.0.54/Images/ACR-014/ACR-014_LandingPage_Misleading_Status_1.png","220313/uVPN-220309/0.0.54/Images/ACR-068/ACR-068_InternalOffers.JPG","220313/uVPN-220309/0.0.54/Images/ACR-068/ACR-068_InternalOffers_1.jpg"],"guid":"dc237089-8c78-4008-a37a-35cd10eb5074_0.0.54_1","appID":"uVPN-220309","dateAdded":"240930","deceptorType":"App","name":"uVPN","company":"Brocode Limited","version":"0.0.54","sigName":"Deceptor:Win32/uVPN!118014048039084165","lastKnownStatus":"0.0.54;0.0.56.1","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":508},{"violations":{"ACR-048":"The app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings. \nThe app does not provide option to cancel the installation process.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-059":"The Offer is not clearly marked as an optional offer. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe","companyName":"Disc Soft Ltd","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2067","fileVersion":"11.2.0.2067","hashMD5":"4df3ded35c8dfedabbfd766f0585112f","hashSHA1":"325acf22e31164371715ea2d2f3df2df92a02dfc","hashSHA256":"63e094dc4e7084015b2540921022901f869c1c7d02aac9f2098ccc0d834b6af2","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1125","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe","companyName":"Disc Soft Ltd","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2067","fileVersion":"11.2.0.2067","hashMD5":"ec993ee4affd062f3c68b8a8a907fb76","hashSHA1":"c39d16540137f20d428f1ef22fae00b640fcdf3a","hashSHA256":"870cecf0b7b7f44026c78d3ba1597255e0f3e08a3a0d9f277b1e3f5ba21e10ec","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1125","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\DAEMON Tools Lite\\DTShellHlp.exe","companyName":"Disc Soft Ltd","productName":"DAEMON Tools Lite","productVersion":"11.2.0.2067","fileVersion":"11.2.0.2067","hashMD5":"a1fed9c825d5ed178803881b3178686b","hashSHA1":"0b381f9867d7e3f0449ff3b45a6f2139bbef6ccd","hashSHA256":"adefb8787af213aebf0f20c748e566a9bbfe3937b18895322f9c8219ac81a2b0","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1125","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DTLite1120-2067.exe","isInstaller":"True","companyName":"Disc Soft Ltd","productName":"DAEMON Tools Lite Installer","productVersion":"11.2.0.2067","fileVersion":"11.2.0.2067","hashMD5":"456fbeed571e6259132d397650f2dfca","hashSHA1":"5621426468cf43758958600170c6fc81ed10444b","hashSHA256":"f01bc418c74828b4f53b8ed9aa1ad29bd91f39d2e38fd07d75c7a5e8969f8c78","digitalCertThumbprint":"9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AVB Disc Soft SIA","storeId":"","sourceIndex":"1125","avBlockList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","ESET Internet Security (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","McAfee Total Protection (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","Windows Defender (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20230928)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://disc-tools.com/","directDownloadingLink":"https://disc-tools.com/download/dtLite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://disc-tools.com/download/dtLite","sourceIndex":"1125"}],"sampleFiles":["230504/daemontoolslite-220714/11.2.0.2067/Samples/DTLite1120-2067.exe"],"imageFiles":["230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-084/ACR-084.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-084/ACR-084_1.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-048/ACR-048.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-048/ACR-048_1.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-048/ACR-048_2.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-059/ACR-059.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-048/ACR-048_Install.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-013/ACR-013.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-118/ACR-118.JPG","230504/daemontoolslite-220714/11.2.0.2067/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":[],"guid":"17abde56-37a4-48ca-b33d-5a031f4a0ae8_11.2.0.2067_1","appID":"daemontoolslite-220714","dateAdded":"240930","deceptorType":"App","name":"Daemon Tools Lite","company":"Disc Soft Ltd","version":"11.2.0.2067","lastKnownStatus":"1.4.28.0082;11.2.0.2067;11.2.0.2074;11.2.0.2078;11.2.0.2080;11.2.0.2086;11.2.0.2083;11.2.0.2092;11.2.0.2093;11.2.0.2099;11.2.0.2105;12.0.0.2126;12.1.0.2169;12.1.0.2180;12.1.0.2211","lastKnownDate":"240930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":15,"sortOrder":522},{"violations":{"ACR-109":"The application silently installs \"Apple Mobile Device Support\" without user awareness and not disclosing the relationship to the app during installation.\n","ACR-042":"1. The app installs \"Apple Mobile Device Support\" without disclosing it to the user and getting user consent. \n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The app installs \"Apple Mobile Device Support\" without disclosing it to the user and getting user consent. \n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"FFmpeg\" and \"Qt5\"\n","ACR-048":"The app does not provide an option to cancel installation\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Apple Mobile Device Support\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly the Auto-renewal policy on the cart page and also doesn't disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"anyrecover-for-win_setup.exe","isInstaller":"True","companyName":"","productName":"AnyRecover Data Recovery","productVersion":"4.3.0.1","fileVersion":"4.3.0.1","hashMD5":"408bb8aea34f1b35510aed1235a230ed","hashSHA1":"857f508ba2cb3e6d71d621c502e8a9d75e05075a","hashSHA256":"2cfba4740a033e596a01af8c7d069f0594438dec60747b6f75f5a819208a8f4e","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Shenzhen iMyFone Technology Co. Ltd","storeId":"","sourceIndex":"530","avBlockList":["360 Total Security (20241217)","Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","Dr.Web Security Space (20241217)","ESET Internet Security (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","McAfee Total Protection (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","Total AV Antivirus Pro (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)","FortectPremium (20241217)"],"avAllowList":["Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","KasperskyPremium (20241217)","Malwarebytes Premium (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","Windows Defender (20241217)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.anyrecover.com/","directDownloadingLink":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","sourceIndex":"530"}],"sampleFiles":["240924/AnyRecover-240325/6.5.0.3/Samples/anyrecover-for-win_setup.exe"],"imageFiles":["240924/AnyRecover-240325/6.5.0.3/Images/ACR-109/ACR-109.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-039/ACR-039.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-043/ACR-043.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-043/ACR-043_1.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-043/ACR-043_2.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-107/ACR-107.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-107/ACR-107_1.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-042/ACR-042.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-042/ACR-042_1.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-042/ACR-042_2.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-048/ACR-048.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-004/ACR-004.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-004/ACR-004_1.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-118/ACR-118.PNG","240924/AnyRecover-240325/6.5.0.3/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"99b8df48-5dc7-4041-8803-6ec452e7fe62_6.5.0.3_1","appID":"AnyRecover-240325","dateAdded":"240924","deceptorType":"App","name":"Any Recover","company":"Shenzhen AnyRecover Technology Co., Ltd.","version":"6.5.0.3","lastKnownStatus":"6.4.0.7;6.4.5.5;6.5.0.3","lastKnownDate":"240924","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-24T16:57:57.4552691+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":524},{"violations":{"ACR-109":"The application silently installs \"Apple Mobile Device Support\" without user awareness and not disclosing the relationship to the app during installation.\n","ACR-042":"1. The \"Any recover\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The \"Any recover\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"FFmpeg\" and \"Qt5\"\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Apple Mobile Device Support\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly the Auto-renewal policy on the cart page and also doesn't disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"anyrecover-for-win_setup.exe","isInstaller":"True","fileVersion":"4.3","hashMD5":"fc21b78d8012dcfc1d94185ed5083dff","hashSHA1":"23458457bd546befb18162bed4a408b7d72a2a18","hashSHA256":"651907c1b631bdd79f8aa3f097bd23156d168a1e2c489c41238ddfd1f5434ba7","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shenzhen iMyFone Technology Co., Ltd\", O=\"Shenzhen iMyFone Technology Co., Ltd\", L=深圳市, S=广东省, C=CN, SERIALNUMBER=914403003425095958, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=南山区, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"615","avBlockList":["Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","ESET Internet Security (20240829)","FortectPremium (20240829)","K7 Total Security (20240829)","McAfee Total Protection (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Quick Heal Internet Security (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","Total AV Antivirus Pro (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)","Windows Defender (20240829)"],"avAllowList":["360 Total Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","G DATA INTERNET SECURITY (20240829)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240829)","Trend Micro Internet Security (20240829)","VIPRE Advanced Security (20240829)","KasperskyPremium (20240829)"]}],"additionalFiles":[],"sources":[{"howFound":"follow up check for new version","reference":"","landingPage":"https://www.anyrecover.com/","directDownloadingLink":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","sourceIndex":"615"}],"sampleFiles":["240625/AnyRecover-240325/6.4.5.5/Samples/anyrecover-for-win_setup.exe"],"imageFiles":["240625/AnyRecover-240325/6.4.5.5/Images/ACR-109/ACR109.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-109/ACR109_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-039/ACR109.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-039/ACR109_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-043/ACR43.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-043/ACR43_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-043/ACR109.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-107/ACR43.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-107/ACR43_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-042/ACR43.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-042/ACR43_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-004/ACR004.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-004/ACR004_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-118/ACR118.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-118/ACR118_2.png","240625/AnyRecover-240325/6.4.5.5/Images/ACR-165/ACR165.png"],"nonDeceptorImageFiles":[],"guid":"99b8df48-5dc7-4041-8803-6ec452e7fe62_6.4.5.5_1","appID":"AnyRecover-240325","dateAdded":"240924","deceptorType":"App","name":"Any Recover","company":"Shenzhen AnyRecover Technology Co., Ltd.","version":"6.4.5.5","lastKnownStatus":"6.4.0.7;6.4.5.5;6.5.0.3","lastKnownDate":"240924","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":525},{"violations":{"ACR-109":"The application silently installs \"Apple Mobile Device Support\" without user awareness and not disclosing the relationship to the app during installation.\n","ACR-042":"1. The \"Any recover\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The \"Any recover\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"FFmpeg\" and \"Qt5\"\n","ACR-004":"The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-014":"The app does not provide the \"Preview\" option for the lost data as claimed on this prompt from the software, thereby misleading the user.\n","ACR-039":"The app installs the \"Apple Mobile Device Support\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly the Auto-renewal policy on the cart page and also doesn't disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AnyRecover\\AnyRecover\\AnyRecover.exe","companyName":"Shenzhen AnyRecover Technology Co. Ltd.","productName":"AnyRecover Data Recovery","productVersion":"6.4.0.7","fileVersion":"6.4.0.7","hashMD5":"ef04d4c3bfe46a6f65841b4df675f2c2","hashSHA1":"7f708329534e364eb2d655ce8249295aa1ce44fd","hashSHA256":"bde1bf1f00b41689494292741e6607acef3d8058fb7f03599a7a46aaa032dca2","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Shenzhen iMyFone Technology Co. Ltd","storeId":"","sourceIndex":"699","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anyrecover-for-win_setup.exe","isInstaller":"True","companyName":"","productName":"AnyReconver Data Recovery","productVersion":"4.3.0.3","fileVersion":"4.3.0.3","hashMD5":"7c81563f32335cc00606b017030f64ca","hashSHA1":"dad0e080239e77f4a3630c81f6c9c81ee6c4e9ee","hashSHA256":"80871007e5a12d7bb2116b22aa1aae08a24b0c3a7ea2c9425889e9b2b85a3925","digitalCertThumbprint":"EDD8199F09F517C3BDF6816AE2771C0D4FD8C37E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Shenzhen iMyFone Technology Co. Ltd","storeId":"","sourceIndex":"699","avBlockList":["360 Total Security (20240815)","Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Quick Heal Internet Security (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","Kaspersky Internet Security (20240618)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.anyrecover.com/","directDownloadingLink":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.anyrecover.com/anyrecover-for-win_setup.exe","sourceIndex":"699"}],"sampleFiles":["240325/AnyRecover-240325/6.4.0.7/Samples/anyrecover-for-win_setup.exe"],"imageFiles":["240325/AnyRecover-240325/6.4.0.7/Images/ACR-109/ACR-109.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-109/ACR-109_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-039/ACR-039.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-039/ACR-039_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-043/ACR-043.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-043/ACR-043_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-043/ACR-043_2.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-107/ACR-107.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-107/ACR-107_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-042/ACR-042.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-042/ACR-042_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-042/ACR-042_2.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-004/ACR-004_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-004/ACR-004_2.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-014/ACR-014.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-014/ACR-014_1.mp4","240325/AnyRecover-240325/6.4.0.7/Images/ACR-118/ACR-118.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-118/ACR-118_1.PNG","240325/AnyRecover-240325/6.4.0.7/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"99b8df48-5dc7-4041-8803-6ec452e7fe62_6.4.0.7_1","appID":"AnyRecover-240325","dateAdded":"240924","deceptorType":"App","name":"Any Recover","company":"Shenzhen AnyRecover Technology Co., Ltd.","version":"6.4.0.7","lastKnownStatus":"6.4.0.7;6.4.5.5;6.5.0.3","lastKnownDate":"240924","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":526},{"violations":{"ACR-003":"The app does not substantiate identified results under the Privacy Cleaner.\n","ACR-014":"Under Clean Center Category Registry Cleaner,  registries are reported repeatedly after applying clean \n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose the Original filename, Company name, Product name, Product version, and File version for the executables: registry-optimizer.exe and Aiseesoft Registry Optimizer.exe\n","ACR-065":"The app does not display links to the EULA or the Privacy Policy.\n","ACR-002":"The app needs to provide a consistent version of 3.1.10 across all points of consumer interaction.\n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n","ACR-092":"The application has no signed certificate it is unsigned.\n"},"samples":[{"isRevoked":"False","fileName":"registry-optimizer.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"8ff85df621fd9d29cedb9ed9cfe6b077","hashSHA1":"57b819d8f7808d702faee3064e02369a9ffd1b82","hashSHA256":"46333afd84c989a5b483381f2c405b22591ab69951993bf664cb414aa0a377b2","sourceIndex":"534","avBlockList":["Bitdefender Internet Security (20241212)","ESET Internet Security (20241212)","FortectPremium (20241212)","G DATA INTERNET SECURITY (20241212)","Malwarebytes Premium (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","VIPRE Advanced Security (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)","Windows Defender (20241212)"],"avAllowList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","K7 Total Security (20241212)","KasperskyPremium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)"]},{"isRevoked":"False","fileName":"Aiseesoft%20Registry%20Optimizer.exe","fileVersion":"0.0","hashMD5":"b1e29e3c7f9931c7b13db3456e7de693","hashSHA1":"00ba3f693612591da5d7e818baeb0a5e23687c9e","hashSHA256":"857da79acc2d3a5d0cbe0647733de9c43649f6a6b573c5d6c743d44d031d038d","sourceIndex":"534","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.aiseesoft.com/registry-optimizer.html","directDownloadingLink":"https://download.aiseesoft.com/registry-optimizer.exe?_gl=1*111w6oh*_ga*MjA5MzkzNjYzMS4xNzI2MjA0NzE4*_ga_M4E51HTXR8*MTcyNjU5MzU0Ni43LjEuMTcyNjU5MzYwMy4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aiseesoft.com/registry-optimizer.exe?_gl=1*111w6oh*_ga*MjA5MzkzNjYzMS4xNzI2MjA0NzE4*_ga_M4E51HTXR8*MTcyNjU5MzU0Ni43LjEuMTcyNjU5MzYwMy4wLjAuMA..","sourceIndex":"534"}],"sampleFiles":["240923/AiseesoftRegistryOptimizer-240918/3.1.10/Samples/registry-optimizer.exe","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Samples/Aiseesoft%20Registry%20Optimizer.exe"],"imageFiles":["240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-003/App5_1.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-003/ACR-003_PrivacyCleaner.mp4","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-014/ACR-014_RegistryCleaner.mp4"],"nonDeceptorImageFiles":["240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-065/App2.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-092/unsigned1.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-092/unsigned2.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-038/fileproperty_install.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-038/fileproperty_main.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-002/App2.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-002/fileproperty_install.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-002/controlpanel.png","240923/AiseesoftRegistryOptimizer-240918/3.1.10/Images/ACR-161/landingpage.png"],"guid":"153fc2de-bc79-4ad5-9338-d7e4e42624c1_3.1.10_1","appID":"AiseesoftRegistryOptimizer-240918","dateAdded":"240923","deceptorType":"App","name":"Aiseesoft Registry Optimizer","company":"Aiseesoft Studio","version":"3.1.10","lastKnownStatus":"3.1.10","lastKnownDate":"240923","type":"Windows Executable","lastUpdate":"2024-09-24T00:50:57.8902008+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":527},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://nzn.io/termos-de-privacidade/\nhttps://cassinilabs.com/privacy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"Baixaki_VLC%20Media%20Player_v0.957.48.82.44.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"21bd357545f207c0cdccfd0bbf77de08","hashSHA1":"85669fba2b5222efddf2c5f08a83f11745420dd6","hashSHA256":"f4cabb0638c44b174b4b203d8c03344629bf3ea5bc3b4ed346222187e8d77fa7","digitalCertThumbprint":"BCBF67E4B6294CAC7323C6FA76F620600C93D09E","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA ECC R2, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=No Zebra Network S.A., O=No Zebra Network S.A., L=Curitiba, S=Paraná, C=BR","sourceIndex":"535","avBlockList":["360 Total Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","ESET Internet Security (20241212)","FortectPremium (20241212)","G DATA INTERNET SECURITY (20241212)","K7 Total Security (20241212)","Malwarebytes Premium (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)"],"avAllowList":["Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","Bitdefender Internet Security (20241212)","KasperskyPremium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","Windows Defender (20241212)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/memory-optimizer-pro.htm","directDownloadingLink":"http://www.hostingcontentnow.com/WMG846BXfhbmAxMLEYzyQSV9p91i_HTnTzWsFoigirUUtySpSdkDyydUmDcX2eac6B3cXI8XJo2fdXaufqvt52p9dyila1B11psOPN6qxlegfLtDBVP7w3ew3+d_UMHWKAe2ThD1Y_Njs_ZjomyXr_Y_C+IfaDiUydN0Ix59gNsa7KRNv9PbgxyvSRg0R58ZL4m94R7tk6rZ4YgAtYHTkQ7A4H3rdb9AThAMJNinF5IGbf2ZTugb4YqPu0cTDPfslfvuY2fgRGnBP+OTh3FcVPDGnRYo_jB2sAdkOGyStewFvF1_Ic4paquD6ZURYDUHLugv4pQaiYC__XHgtge8hXkLsJ6R2YkPanNy+f4_bgZVq7+wWN6sRd9uT0KdOv7yZ3rHjpzBCBXz21oC8Le6nUimw5bgiV5RgqkGgAJmOUTGzv38xJaebZkfZC5jfCsRf1HfawfAQGga+3ug0vnv7UO8XECQfVmEJWE10MruyjXo2++h7QtmrOLjMEuHQM2yAZXDdrT9jInZ7bxDQMyo7FmmS8MDVQG6BQpU8CNHBZMLZxbNCA_lxi2CqmaGLSUBrOwAAJeEcB8_vFN3j5ju0WPM5PmXytvgZ11AXDyjjCcp6_bnr3+ACWVivFr84+M9KMUq+MUlUiNiObhYUVfYdR5owQvCOVwAatJgnZWX5mYBDw3j90KsiH68lyqKc6MenySdWIkqsMnMMZa_oBNNwdekxERIvxfF4ZYHqqw0TrQpYkmqe8c=-GzYAAETdFpumJAqG6sLBu3MueFuQQlYRSW4e6I0JKLocYoYF28zaoPTsFqLy4cM5EdcKHgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.hostingcontentnow.com/WMG846BXfhbmAxMLEYzyQSV9p91i_HTnTzWsFoigirUUtySpSdkDyydUmDcX2eac6B3cXI8XJo2fdXaufqvt52p9dyila1B11psOPN6qxlegfLtDBVP7w3ew3+d_UMHWKAe2ThD1Y_Njs_ZjomyXr_Y_C+IfaDiUydN0Ix59gNsa7KRNv9PbgxyvSRg0R58ZL4m94R7tk6rZ4YgAtYHTkQ7A4H3rdb9AThAMJNinF5IGbf2ZTugb4YqPu0cTDPfslfvuY2fgRGnBP+OTh3FcVPDGnRYo_jB2sAdkOGyStewFvF1_Ic4paquD6ZURYDUHLugv4pQaiYC__XHgtge8hXkLsJ6R2YkPanNy+f4_bgZVq7+wWN6sRd9uT0KdOv7yZ3rHjpzBCBXz21oC8Le6nUimw5bgiV5RgqkGgAJmOUTGzv38xJaebZkfZC5jfCsRf1HfawfAQGga+3ug0vnv7UO8XECQfVmEJWE10MruyjXo2++h7QtmrOLjMEuHQM2yAZXDdrT9jInZ7bxDQMyo7FmmS8MDVQG6BQpU8CNHBZMLZxbNCA_lxi2CqmaGLSUBrOwAAJeEcB8_vFN3j5ju0WPM5PmXytvgZ11AXDyjjCcp6_bnr3+ACWVivFr84+M9KMUq+MUlUiNiObhYUVfYdR5owQvCOVwAatJgnZWX5mYBDw3j90KsiH68lyqKc6MenySdWIkqsMnMMZa_oBNNwdekxERIvxfF4ZYHqqw0TrQpYkmqe8c=-GzYAAETdFpumJAqG6sLBu3MueFuQQlYRSW4e6I0JKLocYoYF28zaoPTsFqLy4cM5EdcKHgA=","sourceIndex":"535"},{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/slim-drivers.htm","directDownloadingLink":"http://www.hostingcontentnow.com/GyWhMAiekgRwG+INxOB6MgJlIlVZXmeZiNbxw1nMPXWOqmp_5Auid2D_UEbc1X7LU6zP5SPqu35WKZizsqQ5H0GzoEaGcpG0fhCTy4aR0_4zYmwPgeF1LsASedQfICyZrwgUDO_fG3qMWnLe_46eXEqw+Va4hM7aRZotCcUklorYlyzqxC_+6ZZ6YC+PME_fByxSO9xhffPdTIvjKbLE9dJI6sxDgtveNP5kVcJsEilQFmw2KLJIG03WX6uD7abqWahFNdqcAr5Vw_44yXlIYRCcBVgenPPky9QAuwkB40mltub2F4tJtUeGUVqonriUe+nWU4IeVFzfiFfUkCk9krQqHIuaJ8C5zRgT4AP8l69LL8mY2_Rtr3lH4S8VBkxO0LY20Hr0xjXrJuxj0S6FMhkd9z1pEvf5anGIKfCulvRpsRYJdwgECD7+qtA3+Z_DXOVFkdAb5dfTDqbYeQaEfiwttVW+24DoTUFzmBXm+s6DlGBKhVzJxdnVkXgHuDaCEyJvDtDYjzuCdiiVLvl_wPzJVdKWwNGDh1Esj_BJrE3i7iR1xSCbe1g9sa4oxpgcgfmsQLw4e2NarjB8WVdzuP4+y6fwlb4ZkYTZOwKOz_yeNYjVCftMv63avDH8qDFvNw_WouWy+t8_tmeozDszduXA2OrKvh4Gq4EkULRmlZHYSxdVNw8=-GzAAAERPFhMlCU2oHmxstrOBDThg76cJB7HBcfhcG1GUN6b8RrIFrTevbAOPQuyN4gE=","ipv4":"","ipv6":"","sourceIndex":"536"},{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/my-drivers.htm","directDownloadingLink":"http://www.hostingcontentnow.com/HEsd3tmlxWLz7YWqROy7vJ4E4KFOxXUb+7U4I6Wa+7cCTvroH1aWyXak1fgXanboWfony9_RpU0m0AoP2eznULwdNDJxEdCld6NKgiZNc62qFc0YlErMon86ifL+2p4I5MqABJh96F19k10rQYQ_oLvcFkfvGrKGVtR98azE5kQnDM6WuRHJBtlelTHOMZakx3VPSOzwq7bDfQO6bd6wy1XtRGq8xcfg3XWAgpVANRC6HCRiZRotUq89oyBJm8FeyBi3GMhn3JQsCjQe5iB151m1ELDp0ocOCwEH0p+3Npd1mQp7biNQdHP2ESPMi1+CSJIioXSlCSrnUqTB0cDMDF+HkXIs3gRBmN+eiNeWXCnz2rwq93QFzwmVtRzdnKOzypwsVHBpxPOFK74KgozG_um_y1lJQeV+d_J87EBMdK11m06sM3ugBvNcJbLim9LS_R5RJ0oOQK+jGNPNCsMNo63HWElM9jiyPSXNuDf6P6PDLKm_WuktI1eG_pQyQqyolSBZ9zZiylNs7Zoic7X+S4xiwx_mbbaEc0tMfGLnQy8ci22ASswCvaOhL_y15ZokUbLajai+5Vu4H6ltV3Cx7JRmBEJJWB5hHTjkTqQcl42MK5FFje4=-CxKAaHR0cDovL3d3dy56aGFuZ2R1by5jb20vbXlkcml2ZXJzLmV4ZQM=","ipv4":"","ipv6":"","sourceIndex":"537"},{"howFound":"hunt.downloadsite","reference":"https://www.baixaki.com.br/","landingPage":"https://www.baixaki.com.br/apps/video/vlc-media-player/windows/download#google_vignette","directDownloadingLink":"https://d29ce4h649b9lw.cloudfront.net/YgYvwb2aC.exe","ipv4":"","ipv6":"","sourceIndex":"538"}],"sampleFiles":["240923/BaixakiBundler-180326/1.92.3.8643/Samples/Baixaki_VLC%20Media%20Player_v0.957.48.82.44.exe"],"imageFiles":["240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-039/App2.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-013/offer1.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-013/offer2.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-013/offer3.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-013/offer4.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-060/offer1.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-060/offer2.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-060/offer3.png","240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-060/offer4.png"],"nonDeceptorImageFiles":["240923/BaixakiBundler-180326/1.92.3.8643/Images/ACR-044/App2.png"],"guid":"a529f8b1-14ac-4e42-b649-12e4cf85ed62_1.92.3.8643_1","appID":"BaixakiBundler-180326","dateAdded":"240923","deceptorType":"Bundler","name":"Baixaki Download Manager","company":"baixaki.com.br","version":"1.92.3.8643","lastKnownStatus":"1.92.1.8262;1.92.3.8643","lastKnownDate":"240923","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-04T14:37:23.0825892+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":528},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://nzn.io/termos-de-privacidade/\nhttps://cassinilabs.com/privacy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v3.499.577.31.6.exe-574b86167dec7cd65fe64a508b2c03d82f1c77634809101c8d2c250b2e2898b5","isInstaller":"True","fileVersion":"1.92","hashMD5":"c54f13c71d396c99083a840846ecdde4","hashSHA1":"e67907016b5ca7d44aafaca03f8ad0127927f3c2","hashSHA256":"574b86167dec7cd65fe64a508b2c03d82f1c77634809101c8d2c250b2e2898b5","digitalCertThumbprint":"C7446CB187C0BC9B731EB02D9D66705FE1B50F52","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"941","avBlockList":["Avira Internet Security (20240924)","COMODO Antivirus (20240924)","Dr.Web Security Space (20240924)","ESET Internet Security (20240924)","FortectPremium (20240924)","G DATA INTERNET SECURITY (20240924)","KasperskyPremium (20240924)","Malwarebytes Premium (20240924)","McAfee Total Protection (20240924)","Norton Security (20240924)","Panda Dome (20240924)","Quick Heal Internet Security (20240924)","Sophos Home Premium (20240924)","SpyHunter5 (20240924)","Total AV Antivirus Pro (20240924)","VirIT eXplorer PRO (20240924)","Webroot SecureAnywhere (20240924)"],"avAllowList":["360 Total Security (20240924)","Avast Premium Security (20240924)","AVG Internet Security (20240924)","Bitdefender Internet Security (20240924)","K7 Total Security (20240924)","Trend Micro Internet Security (20240924)","VIPRE Advanced Security (20240924)","Windows Defender (20240924)"]},{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v3.614.71.485.6.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"15ef4da21b3371ca3e4d6bce2b210591","hashSHA1":"f94d4a17689ccebce7a9685a99be54bc04be96a7","hashSHA256":"535ff2d430aaea269b676a49a5753b60d8f1aa6965c9093859f0bd7185037b4e","digitalCertThumbprint":"C7446CB187C0BC9B731EB02D9D66705FE1B50F52","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"941","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v1.43.255.01.61.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"472b5849ec1749742352d44d7fe57c60","hashSHA1":"2d8d0f5772905d04c9f90bd580aa53d2c6ada675","hashSHA256":"dc662d5365e25ed053c9bac68e29ed981938f9a7d9e7b99dbb40fd34b9ec682a","digitalCertThumbprint":"EBDF92C0DFF603EA7E3F9D2E6203F0758359ABB7","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"941","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v4.060.894.033.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"9cfcc1905af1a96d9a02d88b56e00bfd","hashSHA1":"8be14277a5f263e3cee9e9c9fe53e78b8836a00d","hashSHA256":"9b206c14a8ec08c89a7903f5c10102e7cc34ae1236fd9fab20a4cc307f22465b","digitalCertThumbprint":"EBDF92C0DFF603EA7E3F9D2E6203F0758359ABB7","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"941","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_VLC Media Player_v2.629.95.51.24.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"da209c56b7a22bd2dbc8710b1d978c08","hashSHA1":"dc1acb24f7d51844be48702d52763277f74c86a2","hashSHA256":"6ab9409a73142ed7fc87ee1ba39d0b5da8e0f0aba3d38059b833c5406ab13b9d","digitalCertThumbprint":"EBDF92C0DFF603EA7E3F9D2E6203F0758359ABB7","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"941","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_WinRAR_v2.44.465.80.57.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"1f011bc0b04c6036c9b9a6c593a62e32","hashSHA1":"9e40bdeeb5844d5b5945ccd37491779cd237db7c","hashSHA256":"c671dc622a68a6860cb3f568b004d0ba41b93aca37ed18af2d2fa77adf2016de","digitalCertThumbprint":"FE4427CD7D10C68877CCC2CE98255A3E4BCB0B6A","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=No Zebra Network SA, O=No Zebra Network SA, L=São Paulo, C=BR","sourceIndex":"941","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunted using BIBR","reference":"","landingPage":"https://www.baixaki.com.br/download/vlc-media-player.htm","directDownloadingLink":"https://d27g3afj8crpcq.cloudfront.net/version/hk/v4.015.590.52.0","ipv4":"","ipv6":"","landingPageWildChar":"https://www.baixaki.com.br/download/*","directDownloadingLinkWildChar":"https://d27g3afj8crpcq.cloudfront.net/version/hk/v4.015.590.52.0","sourceIndex":"941"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://d27g3afj8crpcq.cloudfront.net/revision/de/v1.231.26.181.6","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d27g3afj8crpcq.cloudfront.net/revision/de/v1.231.26.181.6","sourceIndex":"942"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://d27g3afj8crpcq.cloudfront.net/rev/it/v2.884.926.710","ipv4":"","ipv6":"","sourceIndex":"943"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d3apuoognqxy1a.cloudfront.net/ver/gb/v6.495.76.901.3","ipv4":"","ipv6":"","sourceIndex":"944"},{"howFound":"DE site","reference":"","landingPage":"","directDownloadingLink":"https://d1u3e7xv3h0tq2.cloudfront.net/build/de/v5.409.380.113","ipv4":"","ipv6":"","sourceIndex":"945"}],"sampleFiles":["230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v3.499.577.31.6.exe-574b86167dec7cd65fe64a508b2c03d82f1c77634809101c8d2c250b2e2898b5","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v3.614.71.485.6.exe","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v1.43.255.01.61.exe","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v4.060.894.033.exe","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_VLC Media Player_v2.629.95.51.24.exe","230801/BaixakiBundler-180326/1.92.1.8262/Samples/Baixaki_WinRAR_v2.44.465.80.57.exe"],"imageFiles":["230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-039/ACR-039.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-013/ACR-013_1.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-013/ACR-013_2.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-060/ACR-060_1.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-060/ACR-060_2.png","230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-075/ACR-075.png"],"nonDeceptorImageFiles":["230801/BaixakiBundler-180326/1.92.1.8262/Images/ACR-044/ACR-044.png"],"guid":"a529f8b1-14ac-4e42-b649-12e4cf85ed62_1.92.1.8262_1","appID":"BaixakiBundler-180326","dateAdded":"240923","deceptorType":"Bundler","name":"Baixaki Download Manager","company":"baixaki.com.br","version":"1.92.1.8262","lastKnownStatus":"1.92.1.8262;1.92.3.8643","lastKnownDate":"240923","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-04T14:37:36.1045295+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":529},{"violations":{},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided for the download manager.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n"},"samples":[{"isRevoked":"False","fileName":"Baixaki_memory-optimizer-pro_0693294305.exe","isInstaller":"True","companyName":"n/a","productName":"Fast Internet File","productVersion":"4.1","fileVersion":"4.2.4.6","hashMD5":"a3b670263c6f2c5601f3d8e3013da04e","hashSHA1":"d1ef9073bd59d923620c70f7f696e009531d2f35","hashSHA256":"484c8b367af8367f89bfe23aeade3f46a1f82b8d44ff9285e4d00c40dbb598f3","sourceIndex":"3407","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Baixaki_slim-drivers_1689159726.exe","isInstaller":"True","companyName":"Program                                                     ","productName":"Stub","productVersion":"5.7.9","fileVersion":"5.0.2.3","hashMD5":"47100fbd36b2a821cac4d5843b05e746","hashSHA1":"4b64f3a3dc6e91b848df32f4efe7688056d1d7b0","hashSHA256":"460912d7ce99d64c353d7c05ac75d026e25ecba59e9f15bbc0044a7cc010ac4e","sourceIndex":"3407","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/memory-optimizer-pro.htm","directDownloadingLink":"http://www.hostingcontentnow.com/WMG846BXfhbmAxMLEYzyQSV9p91i_HTnTzWsFoigirUUtySpSdkDyydUmDcX2eac6B3cXI8XJo2fdXaufqvt52p9dyila1B11psOPN6qxlegfLtDBVP7w3ew3+d_UMHWKAe2ThD1Y_Njs_ZjomyXr_Y_C+IfaDiUydN0Ix59gNsa7KRNv9PbgxyvSRg0R58ZL4m94R7tk6rZ4YgAtYHTkQ7A4H3rdb9AThAMJNinF5IGbf2ZTugb4YqPu0cTDPfslfvuY2fgRGnBP+OTh3FcVPDGnRYo_jB2sAdkOGyStewFvF1_Ic4paquD6ZURYDUHLugv4pQaiYC__XHgtge8hXkLsJ6R2YkPanNy+f4_bgZVq7+wWN6sRd9uT0KdOv7yZ3rHjpzBCBXz21oC8Le6nUimw5bgiV5RgqkGgAJmOUTGzv38xJaebZkfZC5jfCsRf1HfawfAQGga+3ug0vnv7UO8XECQfVmEJWE10MruyjXo2++h7QtmrOLjMEuHQM2yAZXDdrT9jInZ7bxDQMyo7FmmS8MDVQG6BQpU8CNHBZMLZxbNCA_lxi2CqmaGLSUBrOwAAJeEcB8_vFN3j5ju0WPM5PmXytvgZ11AXDyjjCcp6_bnr3+ACWVivFr84+M9KMUq+MUlUiNiObhYUVfYdR5owQvCOVwAatJgnZWX5mYBDw3j90KsiH68lyqKc6MenySdWIkqsMnMMZa_oBNNwdekxERIvxfF4ZYHqqw0TrQpYkmqe8c=-GzYAAETdFpumJAqG6sLBu3MueFuQQlYRSW4e6I0JKLocYoYF28zaoPTsFqLy4cM5EdcKHgA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.hostingcontentnow.com/WMG846BXfhbmAxMLEYzyQSV9p91i_HTnTzWsFoigirUUtySpSdkDyydUmDcX2eac6B3cXI8XJo2fdXaufqvt52p9dyila1B11psOPN6qxlegfLtDBVP7w3ew3+d_UMHWKAe2ThD1Y_Njs_ZjomyXr_Y_C+IfaDiUydN0Ix59gNsa7KRNv9PbgxyvSRg0R58ZL4m94R7tk6rZ4YgAtYHTkQ7A4H3rdb9AThAMJNinF5IGbf2ZTugb4YqPu0cTDPfslfvuY2fgRGnBP+OTh3FcVPDGnRYo_jB2sAdkOGyStewFvF1_Ic4paquD6ZURYDUHLugv4pQaiYC__XHgtge8hXkLsJ6R2YkPanNy+f4_bgZVq7+wWN6sRd9uT0KdOv7yZ3rHjpzBCBXz21oC8Le6nUimw5bgiV5RgqkGgAJmOUTGzv38xJaebZkfZC5jfCsRf1HfawfAQGga+3ug0vnv7UO8XECQfVmEJWE10MruyjXo2++h7QtmrOLjMEuHQM2yAZXDdrT9jInZ7bxDQMyo7FmmS8MDVQG6BQpU8CNHBZMLZxbNCA_lxi2CqmaGLSUBrOwAAJeEcB8_vFN3j5ju0WPM5PmXytvgZ11AXDyjjCcp6_bnr3+ACWVivFr84+M9KMUq+MUlUiNiObhYUVfYdR5owQvCOVwAatJgnZWX5mYBDw3j90KsiH68lyqKc6MenySdWIkqsMnMMZa_oBNNwdekxERIvxfF4ZYHqqw0TrQpYkmqe8c=-GzYAAETdFpumJAqG6sLBu3MueFuQQlYRSW4e6I0JKLocYoYF28zaoPTsFqLy4cM5EdcKHgA=","sourceIndex":"3407"},{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/slim-drivers.htm","directDownloadingLink":"http://www.hostingcontentnow.com/GyWhMAiekgRwG+INxOB6MgJlIlVZXmeZiNbxw1nMPXWOqmp_5Auid2D_UEbc1X7LU6zP5SPqu35WKZizsqQ5H0GzoEaGcpG0fhCTy4aR0_4zYmwPgeF1LsASedQfICyZrwgUDO_fG3qMWnLe_46eXEqw+Va4hM7aRZotCcUklorYlyzqxC_+6ZZ6YC+PME_fByxSO9xhffPdTIvjKbLE9dJI6sxDgtveNP5kVcJsEilQFmw2KLJIG03WX6uD7abqWahFNdqcAr5Vw_44yXlIYRCcBVgenPPky9QAuwkB40mltub2F4tJtUeGUVqonriUe+nWU4IeVFzfiFfUkCk9krQqHIuaJ8C5zRgT4AP8l69LL8mY2_Rtr3lH4S8VBkxO0LY20Hr0xjXrJuxj0S6FMhkd9z1pEvf5anGIKfCulvRpsRYJdwgECD7+qtA3+Z_DXOVFkdAb5dfTDqbYeQaEfiwttVW+24DoTUFzmBXm+s6DlGBKhVzJxdnVkXgHuDaCEyJvDtDYjzuCdiiVLvl_wPzJVdKWwNGDh1Esj_BJrE3i7iR1xSCbe1g9sa4oxpgcgfmsQLw4e2NarjB8WVdzuP4+y6fwlb4ZkYTZOwKOz_yeNYjVCftMv63avDH8qDFvNw_WouWy+t8_tmeozDszduXA2OrKvh4Gq4EkULRmlZHYSxdVNw8=-GzAAAERPFhMlCU2oHmxstrOBDThg76cJB7HBcfhcG1GUN6b8RrIFrTevbAOPQuyN4gE=","ipv4":"","ipv6":"","sourceIndex":"3408"},{"howFound":"hunt.downloadsite","reference":"www.baixaki.com","landingPage":"https://www.baixaki.com.br/download/my-drivers.htm","directDownloadingLink":"http://www.hostingcontentnow.com/HEsd3tmlxWLz7YWqROy7vJ4E4KFOxXUb+7U4I6Wa+7cCTvroH1aWyXak1fgXanboWfony9_RpU0m0AoP2eznULwdNDJxEdCld6NKgiZNc62qFc0YlErMon86ifL+2p4I5MqABJh96F19k10rQYQ_oLvcFkfvGrKGVtR98azE5kQnDM6WuRHJBtlelTHOMZakx3VPSOzwq7bDfQO6bd6wy1XtRGq8xcfg3XWAgpVANRC6HCRiZRotUq89oyBJm8FeyBi3GMhn3JQsCjQe5iB151m1ELDp0ocOCwEH0p+3Npd1mQp7biNQdHP2ESPMi1+CSJIioXSlCSrnUqTB0cDMDF+HkXIs3gRBmN+eiNeWXCnz2rwq93QFzwmVtRzdnKOzypwsVHBpxPOFK74KgozG_um_y1lJQeV+d_J87EBMdK11m06sM3ugBvNcJbLim9LS_R5RJ0oOQK+jGNPNCsMNo63HWElM9jiyPSXNuDf6P6PDLKm_WuktI1eG_pQyQqyolSBZ9zZiylNs7Zoic7X+S4xiwx_mbbaEc0tMfGLnQy8ci22ASswCvaOhL_y15ZokUbLajai+5Vu4H6ltV3Cx7JRmBEJJWB5hHTjkTqQcl42MK5FFje4=-CxKAaHR0cDovL3d3dy56aGFuZ2R1by5jb20vbXlkcml2ZXJzLmV4ZQM=","ipv4":"","ipv6":"","sourceIndex":"3409"}],"sampleFiles":["180403/BaixakiBundler-180326/4.1/Samples/Baixaki_memory-optimizer-pro_0693294305.exe","180403/BaixakiBundler-180326/4.1/Samples/Baixaki_slim-drivers_1689159726.exe"],"imageFiles":[],"nonDeceptorImageFiles":["180403/BaixakiBundler-180326/4.1/Images/ACR-044/acr_eula.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-042/W10-2018-03-26T17-53-06-344744600Z.mp4","180403/BaixakiBundler-180326/4.1/Images/ACR-065/acr_eula.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-092/unsigned.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-035/acr_eula.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-036/acr_eula.PNG","180403/BaixakiBundler-180326/4.1/Images/ACR-037/acr_eula.PNG"],"guid":"a529f8b1-14ac-4e42-b649-12e4cf85ed62_4.1_1","appID":"BaixakiBundler-180326","dateAdded":"240923","deceptorType":"Bundler","name":"Baixaki Download Manager","company":"baixaki.com.br","version":"4.1","sigName":"Deceptor:Win32/Baixaki!042050","lastKnownStatus":"1.92.1.8262;1.92.3.8643","lastKnownDate":"240923","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-09-23T00:00:00+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":530},{"violations":{"ACR-109":"The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020 \n","ACR-042":" The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020 \n","ACR-043":" The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020 \n","ACR-048":"The app does not provide an option to cancel the installation. \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-118":"After uninstalling the app, it retains the \"FreeCodecPack\" folder in Program files without the user's consent.\n","ACR-039":" The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020 \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" and \"BraveBrowser\" are installed in the non-common folder.\n","ACR-065":" The install wizard does not display links to the Returns and Cancellation Policy. \n The app does not display links to the Returns and Cancellation Policy. \nThe landing page does not display links to the Returns and Cancellation Policy. \n The internal offers page does not display links to the Returns and Cancellation Policy. \n","ACR-099":"The app does not contain links to uninstall information. \nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"BraveBrowserSetup-DVD020.exe","companyName":"BraveSoftware Inc.","productName":"Brave Browser","productVersion":"1.3.99.0","fileVersion":"1.3","hashMD5":"0519aebec30c49c3adb499b85785d657","hashSHA1":"e2782c8ca88ff8f8be19e1e416a8e9220f5c5f45","hashSHA256":"244eebc168e87dc352c86346091cb392145f57bf9795faefa7cead20eb1a744a","digitalCertThumbprint":"D8FB5FD2EC5048777426E06E40E9A07D2A31A958","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Brave Software, Inc.\", O=\"Brave Software, Inc.\", L=San Francisco, S=California, C=US","sourceIndex":"1706","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeScreenVideoRecorder_3.0.50.708_d.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Screen Video Recorder","productVersion":"3.0.50.708","fileVersion":"3.0","hashMD5":"c5648c438dc69c69c4fc55677e15d809","hashSHA1":"bd6703a9a74d67efc73a7ef3d35f77c4ed394342","hashSHA256":"4c6f8589d8bd7436c7a8826533f24c9b388816e1c2d9b3b62d3a90c69570c1cf","digitalCertThumbprint":"1EDD14476C9ED710A53340CD171124742DA1A843","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1706","avBlockList":["Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","Dr.Web Security Space (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VIPRE Advanced Security (20220505)","VirIT eXplorer PRO (20220505)","Windows Defender (20220505)"],"avAllowList":["360 Total Security (20220505)","Avast Premium Security (20220505)","AVG Internet Security (20220505)","COMODO Antivirus (20220505)","ESET Internet Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","Quick Heal Internet Security (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)","Webroot SecureAnywhere (20220505)"]},{"isRevoked":"False","fileName":"FreeScreenVideoRecorder.exe","companyName":"Digital Wave Ltd","productName":"Free Screen Video Recorder","productVersion":"3.0.50.708","fileVersion":"3.0","hashMD5":"f0eed06fdc6aa9c3d016fb3487e74e96","hashSHA1":"1e4f37b35c0a429b8c0cee087f3d2578ffc753c4","hashSHA256":"ab62600b2c9dfb156296f539d84ad2c41cf4d5b4e429b4a52396bfa194c08bc0","digitalCertThumbprint":"1EDD14476C9ED710A53340CD171124742DA1A843","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1706","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.6.45.708","fileVersion":"6.6","hashMD5":"05350de737eb66367b19df25fc74ef4a","hashSHA1":"b41ed26a46e489796fe7379191b82c13fde39dde","hashSHA256":"a7324259f6828c0484a63345d549bd4faf2661187bfe439393a3935d8ff88ed6","digitalCertThumbprint":"1EDD14476C9ED710A53340CD171124742DA1A843","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1706","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"https://www.dvdvideosoft.com/products/dvd/Free-Screen-Video-Recorder.htm","landingPage":"https://www.dvdvideosoft.com/download.htm?fname=FreeScreenVideoRecorder.exe&ls=bottomWinPrimary","ipv4":"","ipv6":"","sourceIndex":"1706"}],"sampleFiles":["220215/FreeScreenVideoRecorder-220213/3.0.50.708/Samples/BraveBrowserSetup-DVD020.exe","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Samples/FreeScreenVideoRecorder_3.0.50.708_d.exe","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Samples/FreeScreenVideoRecorder.exe","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Samples/FreeStudioManager.exe"],"imageFiles":["220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-109/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-109/FreeCodec Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-109/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-039/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-039/FreeCodec Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-039/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-043/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-043/FreeCodec Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-043/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-042/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-042/FreeCodec Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-042/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-048/App Install.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-017/App Installer Logo.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-017/UAC.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-118/Retain FreeCodecPack folder.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-164/Checkout Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-164/Offer Page.png"],"nonDeceptorImageFiles":["220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-044/App Bundle.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-040/BraveBrowserSetup.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-040/FreeStudioManager.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/App EULA.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/App UI.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/App Landing Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/Checkout Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-065/Offer Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-099/App UI.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-099/App Landing Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-099/Checkout Page.png","220215/FreeScreenVideoRecorder-220213/3.0.50.708/Images/ACR-099/Offer Page.png"],"guid":"47813674-ca7a-45ec-85e6-9b432e204c58_3.0.50.708_1","appID":"FreeScreenVideoRecorder-220213","dateAdded":"240919","deceptorType":"App","name":"Free Screen Video Recorder","company":"Digital Wave Ltd","version":"3.0.50.708","lastKnownStatus":"3.0.50.708;3.1.2.1206","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":554},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides partial fixes) before requiring consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The landing page does not display link to the Returns and Cancellation Policy.\nApp install does not show links to Returns and Cancellations Policy.\nDoes not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"Does not provide uninstall instructions on the internal offer\nThe app does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"PCSpeedCat.exe","fileVersion":"0.0","hashMD5":"522c10d2699b5891d0949b529308b011","hashSHA1":"1b2f03faa27505abbe6f0773e9c1ae20e5d54bdd","hashSHA256":"f395839a00762a5e0428cb2cf596d80c56ba2be78cc3e6a3c89afb5c1f904db9","digitalCertThumbprint":"7690BE9C4107D169D81B3869CB926C0866900816","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCAT, LLC\", OU=IT Department, O=\"SpeedCAT, LLC\", POBox=27330, STREET=\"500 Westover Drive, Suite 9589\", L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"540","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"speedcat.setup.exe","isInstaller":"True","fileVersion":"11.2","hashMD5":"b7fe9750c2ca2d32c87b5d05cefde68f","hashSHA1":"66cb605a99492091e9177e825d1dddcefcc105fd","hashSHA256":"ee89b6b9864dd81c50d975156e28fa011439dd5526391130c8df4072f7791380","digitalCertThumbprint":"7690BE9C4107D169D81B3869CB926C0866900816","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCAT, LLC\", OU=IT Department, O=\"SpeedCAT, LLC\", POBox=27330, STREET=\"500 Westover Drive, Suite 9589\", L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"540","avBlockList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","Kaspersky Internet Security (20220127)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)","FortectPremium (20241205)","KasperskyPremium (20241205)"],"avAllowList":["Tencent PC Manager (20220127)"]},{"isRevoked":"False","fileName":"speedcat.setup [2].exe","isInstaller":"True","fileVersion":"11.2","hashMD5":"9fa2d1587db1b03d1a4dd2acdd985d21","hashSHA1":"824e7810e03f36a3fcf361682dad4e1911d53133","hashSHA256":"31fa50bd5dcd448a679572ef0ef07ba2380d1e142e7cc0922411e796442c982a","digitalCertThumbprint":"7690BE9C4107D169D81B3869CB926C0866900816","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCAT, LLC\", OU=IT Department, O=\"SpeedCAT, LLC\", POBox=27330, STREET=\"500 Westover Drive, Suite 9589\", L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"540","avBlockList":["360 Total Security (20241212)","Avast Premium Security (20241212)","AVG Internet Security (20241212)","Avira Internet Security (20241212)","Bitdefender Internet Security (20241212)","COMODO Antivirus (20241212)","Dr.Web Security Space (20241212)","ESET Internet Security (20241212)","FortectPremium (20241212)","G DATA INTERNET SECURITY (20241212)","K7 Total Security (20241212)","KasperskyPremium (20241212)","Malwarebytes Premium (20241212)","McAfee Total Protection (20241212)","Norton Security (20241212)","Panda Dome (20241212)","Quick Heal Internet Security (20241212)","Sophos Home Premium (20241212)","SpyHunter5 (20241212)","Total AV Antivirus Pro (20241212)","Trend Micro Internet Security (20241212)","VIPRE Advanced Security (20241212)","VirIT eXplorer PRO (20241212)","Webroot SecureAnywhere (20241212)","Windows Defender (20241212)"],"avAllowList":[]},{"isRevoked":"False","fileName":"speedcat.setup_240911.exe","isInstaller":"True","fileVersion":"11.2","hashMD5":"ebcc19250b9d70266e0ce6f5fd3b94f9","hashSHA1":"7bbec8336137613df2ba8c6e02f130dc4dd9e643","hashSHA256":"847681e5b1c4a1ae47cdf1dfb9e700910b69ea9cb5ec330a88634326eb41d76d","digitalCertThumbprint":"7690BE9C4107D169D81B3869CB926C0866900816","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCAT, LLC\", OU=IT Department, O=\"SpeedCAT, LLC\", POBox=27330, STREET=\"500 Westover Drive, Suite 9589\", L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"540","avBlockList":["360 Total Security (20241217)","Avast Premium Security (20241217)","AVG Internet Security (20241217)","Avira Internet Security (20241217)","Bitdefender Internet Security (20241217)","COMODO Antivirus (20241217)","Dr.Web Security Space (20241217)","ESET Internet Security (20241217)","FortectPremium (20241217)","G DATA INTERNET SECURITY (20241217)","K7 Total Security (20241217)","KasperskyPremium (20241217)","Malwarebytes Premium (20241217)","McAfee Total Protection (20241217)","Norton Security (20241217)","Panda Dome (20241217)","Quick Heal Internet Security (20241217)","Sophos Home Premium (20241217)","SpyHunter5 (20241217)","Total AV Antivirus Pro (20241217)","Trend Micro Internet Security (20241217)","VIPRE Advanced Security (20241217)","VirIT eXplorer PRO (20241217)","Webroot SecureAnywhere (20241217)","Windows Defender (20241217)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"https://www.windows10download.com/pc-speedcat/","landingPage":"http://www.pcspeedcat.com/run/click/speedcatweb/go/index ","directDownloadingLink":"http://www.pcspeedcat.com/run/click/@360478556366/global/registration_fastcache_web-m_op1.html?gcountry=PH&pi=/speedcatweb/go/index_fastcache&theme=&plan1id=&orderpackage1id=&plan1c=&upsell_code=&popuppage=&display=&referredby=@360478556366&c1=index_FASTCACHE-LANG-AM-11-27-2019a-SPLT_PH&loadlink=&test=&product=pcspeedcat&upsell=pcspeedcat-2yr&upsell2=&op2red=No&vc=EC2&vc_custom=&ud=&ds=Custom&ds_custom=regc_52020&mp=speedcatweb&lang=en&re=40&cn=MICHELLEPER00A5&du=15&mu=68&fs=0&c1=postscan ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcspeedcat.com/run/click/@360478556366/global/registration_fastcache_web-m_op1.html?gcountry=PH&pi=/speedcatweb/go/index_fastcache&theme=&plan1id=&orderpackage1id=&plan1c=&upsell_code=&popuppage=&display=&referredby=@360478556366&c1=index_FASTCACHE-LANG-AM-11-27-2019a-SPLT_PH&loadlink=&test=&product=pcspeedcat&upsell=pcspeedcat-2yr&upsell2=&op2red=No&vc=EC2&vc_custom=&ud=&ds=Custom&ds_custom=regc_52020&mp=speedcatweb&lang=en&re=40&cn=MICHELLEPER00A5&du=15&mu=68&fs=0&c1=postscan ","sourceIndex":"540"}],"sampleFiles":["240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Samples/PCSpeedCat.exe","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Samples/speedcat.setup.exe","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Samples/speedcat.setup [2].exe","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Samples/speedcat.setup_240911.exe"],"imageFiles":["240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [2].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [4].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [5].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [6].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [7].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-004/PCSpeedCat_Interactions [8].png"],"nonDeceptorImageFiles":["240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-065/PCSpeedCat_LandingPage [1].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-065/PCSpeedCat_Install [1].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-065/PCSpeedCat_Interactions [3].png","240919/PCSPEEDCATPCOptimizer-171010/2.2.9/Images/ACR-099/PCSpeedCat_Interactions [3].png"],"guid":"7f9278fd-78de-4a21-bf9b-58622b2ef755_2.2.9_1","appID":"PCSPEEDCATPCOptimizer-171010","dateAdded":"240919","deceptorType":"App","name":"PC SpeedCat","company":"PCSpeedCat","version":"2.2.9","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.1.6;2.2.9","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:23.1456937+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":550},{"violations":{"ACR-004":"App only provides free fixes for some of the scan results shown, and uses the unused scan results to upsell the consumer to a subscription service. App uses alarming color to add an exaggerated sense of urgency to the free scan results.\n","ACR-017":"Install uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor. \nApp uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. Even after disabling schedule scans within the app the schedules still remains in windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"Landing Page does not show Returns and Cancellation Policy.\nApp install does not show links to Returns and Cancellations Policy.\nDoes not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"Does not provide uninstall instructions on the internal offer\nDoes not provide uninstall instructions within the software.\n","ACR-017":"Landing Page uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor. \n"},"samples":[{"isRevoked":"False","fileName":"PCSpeedCat.exe","fileVersion":"0.0","hashMD5":"303847905860063499b4eb108459f1ad","hashSHA1":"229f7d156227836a0b97af28aec6bb4b059d9e96","hashSHA256":"27ac8040958668bd537e39edf92237a2fbab91059f0e2db8307f892b3a48b5e9","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCat, LLC\", O=\"SpeedCat, LLC\", STREET=500 Westover Drive, STREET=Suite 9589, L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"3151","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"speedcat.setup.exe","isInstaller":"True","companyName":"SpeedCat Inc.                                               ","fileVersion":"9.1","hashMD5":"c63887b5ef633b94897a14decda664ff","hashSHA1":"5c53115372db7282e068e1ffe4e310055befa1e1","hashSHA256":"ff6f18824c070ce0f943b9602c764244fc72a9ad8d6b045a77ca1d1c963d4a13","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCat, LLC\", O=\"SpeedCat, LLC\", STREET=500 Westover Drive, STREET=Suite 9589, L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"3151","avBlockList":["Avast Internet Security (20190302)","AVG Internet Security (20190302)","Avira Internet Security (20190302)","Bitdefender Internet Security (20190302)","ESET Internet Security (20190302)","G DATA INTERNET SECURITY (20190302)","K7 Total Security (20190302)","Kaspersky Internet Security (20190302)","Malwarebytes Premium (20190302)","McAfee Total Protection (20190302)","Norton Security (20190302)","Panda Dome (20190302)","Sophos Home Premium (20190302)","Trend Micro Internet Security (20190302)","VirIT eXplorer PRO (20190302)","Windows Defender (20190302)"],"avAllowList":["Webroot SecureAnywhere (20190302)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"download.cnet.com","landingPage":"http://pcspeedcat.com","directDownloadingLink":"http://www.pcspeedcat.com/ascsetups/ais/van/pcat/104-00/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcspeedcat.com/ascsetups/ais/van/pcat/104-00/download","sourceIndex":"3151"}],"sampleFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Samples/PCSpeedCat.exe","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Samples/speedcat.setup.exe"],"imageFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-017/PC SpeedCat First Page of Install.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-017/PC SpeedCat Tasks.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-084/PC SpeedCat Task Scheduler.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-084/PC SpeedCat Tasks.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Finishes only half fixes.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Internal Offers Page.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Issues that Will Be Fixed.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Scan Results.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-004/PC SpeedCat Finishes only half fixes.png"],"nonDeceptorImageFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-017/PC SpeedCat Top of Landing Page.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-065/PC SpeedCat Bottom of Landing Page.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-065/PC SpeedCat First Page of Install.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-088/PC SpeedCat Auto Scan without User Interaction.gif","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-065/PC SpeedCat About Page.png","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6 New/Images/ACR-099/PC SpeedCat About Page.png"],"guid":"7f9278fd-78de-4a21-bf9b-58622b2ef755_9.1.1.6 New_1","appID":"PCSPEEDCATPCOptimizer-171010","dateAdded":"240919","deceptorType":"App","name":"PC SpeedCat","company":"PCSpeedCat","version":"9.1.1.6 New","sigName":"Deceptor:Win32/PCSpeedCat!004017084","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.1.6;2.2.9","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":551},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-042":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-043":" 1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app includes \"Qt5\" components during the installation but the EULA does not contain any disclosure regarding this.\n","ACR-048":"The app does not provide an option to cancel the installation. \nThe non-disclosed app components is hidden from standard uninstall entry, limiting user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-084":"The non-disclosed app components is hidden from standard uninstall entry.\n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-118":"After uninstalling the app, it retains the \"FreeCodecPack\" folder in Program files without the user's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-165":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeScreenVideoRecorder_3.1.2.1206_u.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Screen Video Recorder (sc)                             ","productVersion":"3.1.2.1206                                        ","fileVersion":"3.1.2.1206          ","hashMD5":"7754f38871727168a28bfacb12e2a5e5","hashSHA1":"b3a62d2b52c3a3187c87a907741f26dde98048d0","hashSHA256":"dd93a375d5bf0eede17c968c09995ea8ec86b25a6634cc8f8a2f602357a64eb1","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"543","avBlockList":["COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","FortectPremium (20241205)","K7 Total Security (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Panda Dome (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)"],"avAllowList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","ESET Internet Security (20241205)","G DATA INTERNET SECURITY (20241205)","KasperskyPremium (20241205)","Norton Security (20241205)","Quick Heal Internet Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","Windows Defender (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Screen-Video-Recorder.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeScreenVideoRecorder.exe&ls=bottomWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeScreenVideoRecorder.exe&ls=bottomWinPrimary","sourceIndex":"543"}],"sampleFiles":["240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Samples/FreeScreenVideoRecorder_3.1.2.1206_u.exe"],"imageFiles":["240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-109/ACR-109.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-039/ACR-039.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-043/ACR-043.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-043/ACR-043_1.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-043/ACR-043_2.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-107/ACR-107.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-042/ACR-042.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-042/ACR-042_1.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-042/ACR-042_2.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-048/ACR-048.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-048/ACR-048_1.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-017/ACR-017.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-084/ACR-084.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-116/ACR-116.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-118/ACR-118.PNG","240919/FreeScreenVideoRecorder-220213/3.1.2.1206/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"47813674-ca7a-45ec-85e6-9b432e204c58_3.1.2.1206_1","appID":"FreeScreenVideoRecorder-220213","dateAdded":"240919","deceptorType":"App","name":"Free Screen Video Recorder","company":"Digital Wave Ltd","version":"3.1.2.1206","lastKnownStatus":"3.0.50.708;3.1.2.1206","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-19T20:10:42.7578547+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":553},{"violations":{"ACR-004":"App raises unnecessary urgency and requires user to pay to fix the issues reported during free scan. \n","ACR-017":"App uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. Even after disabling schedule scans within the app the schedules still remains in windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"Does not provide uninstall instructions on the internal offer\nDoes not provide uninstall instructions within the software\n"},"samples":[{"isRevoked":"False","fileName":"speedcat.setup.exe","isInstaller":"True","companyName":"SpeedCat Inc.","productName":"Speedcat PC Optimizer","productVersion":"9.1.1.6","fileVersion":"9.1.1.6","hashMD5":"a96f347c779146314a5280afc0eec146","hashSHA1":"47c6d1d93c330a065420dc46cb95db1aaf84b30c","hashSHA256":"fb5340b7af1d37b6fd29e6994fc30776e88775e32c8784e7b6dadaf22052fd67","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SpeedCat, LLC","sourceIndex":"3187","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","Windows Defender (20190209)"],"avAllowList":["VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)"]},{"isRevoked":"False","fileName":"speedcat.setup 1.2.2018.exe","isInstaller":"True","companyName":"SpeedCat Inc.","productName":"Speedcat PC Optimizer","productVersion":"9.1.1.6","fileVersion":"9.1.1.6","hashMD5":"06c86b5869453c4b13940e1ca20673af","hashSHA1":"ab533e10ee8810b5583bd9b2a7502d838ef2e752","hashSHA256":"9795cdadab264f1626e10fc31770ac49066abb79df8537cb1c4a434569bd52bc","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SpeedCat, LLC","sourceIndex":"3187","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"],"avAllowList":["Webroot SecureAnywhere (20190209)"]},{"isRevoked":"False","fileName":"speedcat.setup_121118.exe","isInstaller":"True","companyName":"SpeedCat Inc.                                               ","productVersion":"9.1.1.6","fileVersion":"9.1.1.6","hashMD5":"f728174b4ad0d53460db267fd5b4f5a7","hashSHA1":"3bb143e0b7c8f8b1f33f81968fb45f59fc5bb97e","hashSHA256":"597f683410f8241dcba36f0f46ba83ad6a92def9be62f2a15384b34cc6b0cd49","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCat, LLC\", O=\"SpeedCat, LLC\", STREET=500 Westover Drive, STREET=Suite 9589, L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"3187","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"],"avAllowList":["Webroot SecureAnywhere (20190209)"]},{"isRevoked":"False","fileName":"speedcat.setup_190110.exe","isInstaller":"True","companyName":"SpeedCat Inc.                                               ","fileVersion":"9.1","hashMD5":"f2137c3bbd1d441d77a16c41fad1dd13","hashSHA1":"1b34aa2ff783648b9cbcf3126faa0808bd0e3097","hashSHA256":"e24f1e6c9cbf650f06d3ea4da0b9ce04edc3da159c0e7d06845627223af01c11","digitalCertThumbprint":"8A0C2FF8AEB3458F1C64E6C0A3CA844545BA79F1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SpeedCat, LLC\", O=\"SpeedCat, LLC\", STREET=500 Westover Drive, STREET=Suite 9589, L=Sanford, S=North Carolina, PostalCode=27330, C=US","sourceIndex":"3187","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"],"avAllowList":["Webroot SecureAnywhere (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"download.cnet.com","landingPage":"http://pcspeedcat.com","directDownloadingLink":"http://www.pcspeedcat.com/ascsetups/ais/van/pcat/104-00/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcspeedcat.com/ascsetups/ais/van/pcat/104-00/download","sourceIndex":"3187"}],"sampleFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Samples/speedcat.setup.exe","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Samples/speedcat.setup 1.2.2018.exe","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Samples/speedcat.setup_121118.exe","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Samples/speedcat.setup_190110.exe"],"imageFiles":["190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Images/ACR-017/PCSpeedCat_017.PNG","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Images/ACR-084/ACR-084_schedule_tasks.PNG","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Images/ACR-084/ACR-084_software.PNG","190214/PCSPEEDCATPCOptimizer-171010/9.1.1.6/Images/ACR-004/PCSpeedCat_004.PNG"],"nonDeceptorImageFiles":[],"guid":"7f9278fd-78de-4a21-bf9b-58622b2ef755_9.1.1.6_1","appID":"PCSPEEDCATPCOptimizer-171010","dateAdded":"240919","deceptorType":"App","name":"PC SpeedCat","company":"PCSpeedCat","version":"9.1.1.6","sigName":"Deceptor:Win32/PCSpeedCat!017084","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.1.6;2.2.9","lastKnownDate":"240919","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-19T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":552},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when running and requires a password to open it.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates an undisclosed startup without the user's knowledge and consent\n","ACR-086":"The app does not inform the targeted consumer to whom it is transmitting their data to and how it collects data and it uses a password to hide its presence. \n","ACR-097":"The installer and landing page (https://kidinspector.net/win/?email=*) prompts/informs users to exclude it from Antivirus Protection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\wlg.exe","companyName":"","productName":"URLLogger","productVersion":"1.0.0.10","fileVersion":"1.0.0.10","hashMD5":"e75fe5556e524eb162cbce11e2bdbcdb","hashSHA1":"1fbce855dc1d543a8c10d661bbb398ffcf9262dd","hashSHA256":"f22b20c0a767bb3051042d81952ff11cead6d4e72b4789685f1263aa35da3a51","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"547","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspector for rafel33642@ploncy.com.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e517bb7384a9b4c15b8ea218ab1a5320","hashSHA1":"c900b94273117f93b0716397a131fb61fabdab5a","hashSHA256":"bacdd038cd8812b461ea42c07dcbf1a1a9f49a80d62222c2ff34a7616504f387","digitalCertThumbprint":"93A2641F841E800A921EA47FB14B44921EFDBF0A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"547","avBlockList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.net/win/?email=rafel33642%40ploncy.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.net/win/?email=rafel33642%40ploncy.com","sourceIndex":"547"}],"sampleFiles":["240916/kidinspector-211214/11.6.19/Samples/KidInspector%20for%20rafel33642%40ploncy.com.exe"],"imageFiles":["240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084_2.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084_3.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-084/ACR-084_4.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-086/ACR-086.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-086/ACR-086_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-097/ACR-097.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-097/ACR-097_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-048/ACR-048.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-048/ACR-048_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-048/ACR-048_2.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-048/ACR-048_3.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-007/ACR-007.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-007/ACR-007_1.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-014/ACR-014.PNG","240916/kidinspector-211214/11.6.19/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.6.19_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.6.19","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T23:15:29.6038273+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":555},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when running and requires a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer to whom it is transmitting their data to and how it collects data and it uses a password to hide its presence. \n","ACR-097":"The landing page (https://kidinspector.net/win/?email=*) prompts the user to exclude it from Antivirus Protection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"KidInspectorSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"a40727643acc16652e544c085f719e0a","hashSHA1":"bbe3c20cce57a3f027ab3451ceafba9075e18ad6","hashSHA256":"77fe83fde957543acd8cd6f407a46066eed457da32591ac1cc4a511a2cec54ed","digitalCertThumbprint":"2206EE683AAAD5CD1D61D21890E6622EF4085745","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"733","avBlockList":["360 Total Security (20240917)","Avast Premium Security (20240917)","AVG Internet Security (20240917)","Avira Internet Security (20240917)","Bitdefender Internet Security (20240917)","COMODO Antivirus (20240917)","Dr.Web Security Space (20240917)","ESET Internet Security (20240917)","FortectPremium (20240917)","G DATA INTERNET SECURITY (20240917)","K7 Total Security (20240917)","KasperskyPremium (20240917)","Malwarebytes Premium (20240917)","McAfee Total Protection (20240917)","Norton Security (20240917)","Panda Dome (20240917)","Quick Heal Internet Security (20240917)","Sophos Home Premium (20240917)","SpyHunter5 (20240917)","Total AV Antivirus Pro (20240917)","VirIT eXplorer PRO (20240917)","Webroot SecureAnywhere (20240917)","Windows Defender (20240917)"],"avAllowList":["Trend Micro Internet Security (20240917)","VIPRE Advanced Security (20240917)"]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"a2c525714026e720edab7026f702db07","hashSHA1":"31c83d525602bafa995ac2f4aca267177249610a","hashSHA256":"37ca6341ef2ad2825cce378785db1e9e76049ec855a9146e68e8978d494d2b4c","digitalCertThumbprint":"2206EE683AAAD5CD1D61D21890E6622EF4085745","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"733","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.com/download/","sourceIndex":"733"}],"sampleFiles":["220330/kidinspector-211214/11.6.12/Samples/KidInspectorSetup.exe"],"imageFiles":["220330/kidinspector-211214/11.6.12/Images/ACR-084/ACR-084_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-084/ACR-084_Software_2.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-084/ACR-084_Software_3.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-084/ACR-084_Software_4.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-086/ACR-086_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-086/ACR-086_Software_2.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-097/ACR-097_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-048/ACR-048_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-048/ACR-048_Software_2.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-048/ACR-048_Software_3.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-048/ACR-048_Software_4.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-007/ACR-007_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-007/ACR-007_Software_2.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-014/ACR-014_Software_1.jpeg","220330/kidinspector-211214/11.6.12/Images/ACR-116/ACR-116_Uninstall_1.jpeg"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.6.12_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.6.12","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":556},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it. \n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer to whom it is transmitting their data to and how it collects data and it uses a password to hide its presence. \n","ACR-097":"The install wizard and landing page (https://kidinspector.net/win/?email=aa%40gmail.com) prompts the user to exclude it from Windows defender detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"f81b6b5a518ec4265b60841a6b53bef7","hashSHA1":"84d493c7cd5a342fd31eee722417d7abbd284e71","hashSHA256":"dd73dc01ecdccf858cb9bc5a90e90f97a5dd2c6260ec039f101b243150319125","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1665","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6529c24a24a3e630d6d6e19aa465116d","hashSHA1":"610b91429fbfb10e7e8d471062f292b581118548","hashSHA256":"384e4bbe32290c04b2cbb7fd9fc8a7e0a78eae89a4db68885069d0cdb88fca55","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1665","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a3759594beccfac26b97b1b7d0c291cb","hashSHA1":"8033ccc67cc117d602ed456ca430fbcc91285c95","hashSHA256":"95a55360d3aedf2ff3b5529ffff276dcf424d250ccba7992ead8466959e126cc","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1665","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspectorInstaller.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e7c60637b9b0e4aa10b03a51d584f998","hashSHA1":"6ccc26dc42f1664aa8d617f5bc3d56641cfc9194","hashSHA256":"1249c1fa91a369332dbf7f92f644a3174e7386fc6ca07b555a860cbc22acc69d","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1665","avBlockList":["Avast Premium Security (20220421)","AVG Internet Security (20220421)","Avira Internet Security (20220421)","Dr.Web Security Space (20220421)","ESET Internet Security (20220421)","K7 Total Security (20220421)","Kaspersky Internet Security (20220421)","Malwarebytes Premium (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","Panda Dome (20220421)","Sophos Home Premium (20220421)","SpyHunter5 (20220421)","Total AV Antivirus Pro (20220421)","VirIT eXplorer PRO (20220421)","Webroot SecureAnywhere (20220421)","Windows Defender (20220421)"],"avAllowList":["360 Total Security (20220421)","Bitdefender Internet Security (20220421)","COMODO Antivirus (20220421)","G DATA INTERNET SECURITY (20220421)","Quick Heal Internet Security (20220421)","Tencent PC Manager (20220421)","Trend Micro Internet Security (20220421)","VIPRE Advanced Security (20220421)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Keylogger app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.com/download/","sourceIndex":"1665"}],"sampleFiles":["220330/kidinspector-211214/11.5.41/Samples/KidInspectorInstaller.exe"],"imageFiles":["220330/kidinspector-211214/11.5.41/Images/ACR-084/ACR-084_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-084/ACR-084_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-084/ACR-084_Software_2.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-084/ACR-084_Software_3.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-086/ACR-086_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-086/ACR-086_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-097/ACR-097_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-097/ACR-097_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-048/ACR-048_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-048/ACR-048_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-048/ACR-048_Software_2.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-048/ACR-048_Software_3.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-007/ACR-007_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-007/ACR-007_Software_1.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-014/ACR-014_Software.JPG","220330/kidinspector-211214/11.5.41/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.5.41_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.5.41","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":557},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it. \n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer whom it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence. \n","ACR-097":"The install wizard and landing page prompts the user to exclude it from Windows defender detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1fc16092f9b5c569e500b47f78fcabe5","hashSHA1":"9c2ae5a18a39a20d212eb8650dcffa690bbbce52","hashSHA256":"5e39def89460318e401167542d6e33ebc84fcc5d89d5c6d155dc696378ef001f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1697","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspectorInstaller.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"02917478e076d5b5792488d7e9bf5eee","hashSHA1":"b5fdcb156a79b8d907a6d69cad69f2c16d391136","hashSHA256":"5ce1efa93decafa5fc3eb7c785bccb792fa4ce1b2849e1928f6442229a41b463","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1697","avBlockList":["360 Total Security (20220329)","Avast Premium Security (20220329)","AVG Internet Security (20220329)","Avira Internet Security (20220329)","Bitdefender Internet Security (20220329)","COMODO Antivirus (20220329)","Dr.Web Security Space (20220329)","ESET Internet Security (20220329)","G DATA INTERNET SECURITY (20220329)","K7 Total Security (20220329)","Kaspersky Internet Security (20220329)","Malwarebytes Premium (20220329)","McAfee Total Protection (20220329)","Norton Security (20220329)","Panda Dome (20220329)","Quick Heal Internet Security (20220329)","Sophos Home Premium (20220329)","SpyHunter5 (20220329)","Tencent PC Manager (20220329)","Total AV Antivirus Pro (20220329)","Trend Micro Internet Security (20220329)","VIPRE Advanced Security (20220329)","VirIT eXplorer PRO (20220329)","Webroot SecureAnywhere (20220329)","Windows Defender (20220329)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.net/win/?email=wicidid667%40toudrum.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.net/win/?email=wicidid667%40toudrum.com","sourceIndex":"1697"}],"sampleFiles":["220303/kidinspector-211214/11.5.37/Samples/KidInspectorInstaller.exe"],"imageFiles":["220303/kidinspector-211214/11.5.37/Images/ACR-084/ACR-084_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-084/ACR-084_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-084/ACR-084_Software_2.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-084/ACR-084_Software_3.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-086/ACR-086_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-086/ACR-086_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-097/ACR-097_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-097/ACR-097_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-048/ACR-048_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-048/ACR-048_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-048/ACR-048_Software_2.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-048/ACR-048_Software_3.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-007/ACR-007_Software.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-007/ACR-007_Software_1.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-014/ACR-014_Software_Misleading.JPG","220303/kidinspector-211214/11.5.37/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.5.37_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.5.37","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":558},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created. \n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it. \n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer whom it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence. \n","ACR-097":"The install wizard prompts the user to exclude it from Windows defender detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe”, which is not related to the name \"KidInspector\", which misleads the targeted consumer.  \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3ac766bb7b2cf032f233372a5cf652c9","hashSHA1":"0445a1c03dec9488004af0fc9c7b3fe51e7d223b","hashSHA256":"5a58683cf33d3d442f479322be49740cd4010ffa3bbf24182ebe630539099147","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1762","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspector for modevih240@gruppies.com.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"bf3619f3c1f67e4e0486ce799b7ddba3","hashSHA1":"4fae54c5ba6493a26812b58a35c73e9895c078ad","hashSHA256":"705ac243651d3d0b6a9df1a3d3879ae3b98f642df2da74b253b4a28c4ce173ab","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1762","avBlockList":["360 Total Security (20220407)","Avast Premium Security (20220407)","AVG Internet Security (20220407)","Avira Internet Security (20220407)","Bitdefender Internet Security (20220407)","Dr.Web Security Space (20220407)","ESET Internet Security (20220407)","G DATA INTERNET SECURITY (20220407)","K7 Total Security (20220407)","Kaspersky Internet Security (20220407)","Malwarebytes Premium (20220407)","McAfee Total Protection (20220407)","Norton Security (20220407)","Quick Heal Internet Security (20220407)","Sophos Home Premium (20220407)","SpyHunter5 (20220407)","Total AV Antivirus Pro (20220407)","VIPRE Advanced Security (20220407)","VirIT eXplorer PRO (20220407)","Webroot SecureAnywhere (20220407)","Windows Defender (20220407)"],"avAllowList":["COMODO Antivirus (20220407)","Panda Dome (20220407)","Tencent PC Manager (20220407)","Trend Micro Internet Security (20220407)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger app","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.com/download/","sourceIndex":"1762"}],"sampleFiles":["211214/kidinspector-211214/11.5.32/Samples/KidInspectorInstaller.exe"],"imageFiles":["211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software_1.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software_2.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software_3.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-084/ACR-084_Software_4.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-086/ACR-086_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-086/ACR-086_Software_1.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-097/ACR-097_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-048/ACR-048_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-048/ACR-048_Software_1.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-048/ACR-048_Software_2.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-048/ACR-048_Software_3.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-007/ACR-007_Software.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-007/ACR-007_Software_1.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-014/ACR-014_Software_Process.JPG","211214/kidinspector-211214/11.5.32/Images/ACR-116/ACR-116_Software.JPG"],"nonDeceptorImageFiles":[],"guid":"f4a656c0-f3a3-441c-81ff-aed8cb7072e5_11.5.32_1","appID":"kidinspector-211214","dateAdded":"240916","deceptorType":"App","name":"Kid Inspector","company":"CleverControl LLC","version":"11.5.32","sigName":"Deceptor:Win32/KidInspectorStalkerware!084086097048007014116","lastKnownStatus":"11.5.32;11.5.37;11.5.41;11.6.19","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":559},{"violations":{"ACR-004":"Application doesn't provide free fix for the items reported in red color. It requires subscription payment to delete the duplicated items.\n","ACR-014":"App claims to provide full functional trial on landing page, but does not offer fix for reported items.\n\n"},"nonDeceptorViolations":{"ACR-002":"The app displays a mismatched name before the installation is complete.\n","ACR-167":"The app does not offer refund.\n"},"samples":[{"isRevoked":"False","fileName":"dpfsetup.exe","isInstaller":"True","companyName":"Ashisoft                                                    ","fileVersion":"1.7","hashMD5":"542a1bd90dfc78d09838cafda3f3d0db","hashSHA1":"dc39cffdc092a82ce89241d4334b1feb70383c8c","hashSHA256":"51488ad1b90b26a5d18b9d9d80c8475fdd56a3ebecde0f403fe2b7a0b6079ca6","digitalCertThumbprint":"2399A81E982624BE416A2C72EF0CF2629D6F0776","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, S=Telangana, C=IN","sourceIndex":"546","avBlockList":["ESET Internet Security (20241205)","FortectPremium (20241205)","K7 Total Security (20241205)","Malwarebytes Premium (20241205)","Panda Dome (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","G DATA INTERNET SECURITY (20241205)","KasperskyPremium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Quick Heal Internet Security (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)"]},{"isRevoked":"False","fileName":"dpf.exe","companyName":"Ashisoft","fileVersion":"1.7","hashMD5":"12fbc1b5e3c2e9a4f022c6c4b426b46e","hashSHA1":"80cd988526d2e2ae3e979f229cadde1ff67dbdb4","hashSHA256":"40d77317d0e775be43933176a19d814616823ec53a935fc2ad830462b19cd5b6","digitalCertThumbprint":"2399A81E982624BE416A2C72EF0CF2629D6F0776","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Ashisoft, O=Ashisoft, S=Telangana, C=IN","sourceIndex":"546","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.ashisoft.com","directDownloadingLink":"https://www.ashisoft.com/downloads/dpfsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashisoft.com/downloads/dpfsetup.exe","sourceIndex":"546"}],"sampleFiles":["240916/DuplicatePhotosFinder-240916/1.7.0.0/Samples/dpfsetup.exe","240916/DuplicatePhotosFinder-240916/1.7.0.0/Samples/dpf.exe"],"imageFiles":["240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-004/ACR-004_Software_1.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-004/ACR-004_Software_2.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-004/ACR-004_Software_3.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-014/ACR-014_Software_1.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-014/ACR-014_Software_2.png"],"nonDeceptorImageFiles":["240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-002/ACR-002_Software_1.png","240916/DuplicatePhotosFinder-240916/1.7.0.0/Images/ACR-167/ACR-167_Docs_1.png"],"guid":"9029dc05-aafb-4cd9-ba4b-83e129e1e493_1.7.0.0_1","appID":"DuplicatePhotosFinder-240916","dateAdded":"240916","deceptorType":"App","name":"Duplicate Photos Finder","company":"Ashisoft","version":"1.7.0.0","sigName":"","lastKnownStatus":"1.7.0.0","lastKnownDate":"240916","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-16T23:17:53.703584+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":560},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. 2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-048":"The app does not provide control the cancel the installation process. \nThe non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-084":"The non-disclosed app components is hidden from standard uninstall entry.\n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeSubtitlesDownload_1.0.8.1204_u.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Subtitles Download (sc)                        ","productVersion":"1.0.8.1204                                        ","fileVersion":"1.0.8.1204          ","hashMD5":"c83093e4c0d94270cf8a3a4d3168361b","hashSHA1":"67100378a71a2b58019d6bdb4da467b68be5b938","hashSHA256":"8db8cccbf55b1e6ca25c0f27c415439cbddccc49e5d6233825b2aed0036d348e","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"548","avBlockList":["360 Total Security (20241203)","Avast Premium Security (20241203)","AVG Internet Security (20241203)","Avira Internet Security (20241203)","Dr.Web Security Space (20241203)","FortectPremium (20241203)","K7 Total Security (20241203)","Malwarebytes Premium (20241203)","McAfee Total Protection (20241203)","Norton Security (20241203)","Panda Dome (20241203)","Quick Heal Internet Security (20241203)","Sophos Home Premium (20241203)","SpyHunter5 (20241203)","Total AV Antivirus Pro (20241203)","VirIT eXplorer PRO (20241203)","Webroot SecureAnywhere (20241203)","Windows Defender (20241203)"],"avAllowList":["Bitdefender Internet Security (20241203)","COMODO Antivirus (20241203)","ESET Internet Security (20241203)","G DATA INTERNET SECURITY (20241203)","KasperskyPremium (20241203)","Trend Micro Internet Security (20241203)","VIPRE Advanced Security (20241203)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/free-youtube-subtitles-download","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeSubtitlesDownload.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeSubtitlesDownload.exe&ls=topWinPrimary","sourceIndex":"548"}],"sampleFiles":["240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Samples/FreeYouTubeSubtitlesDownload_1.0.8.1204_u.exe"],"imageFiles":["240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-109/ACR-109.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-039/ACR-039.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-043/ACR-043.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-043/ACR-043_1.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-043/ACR-043_2.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-048/ACR-048.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-048/ACR-048_1.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-017/ACR-017.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-084/ACR-084.PNG","240912/FreeYouTubeSubtitlesDownloader-220203/1.0.8.1204/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":[],"guid":"8ef8e503-2322-413a-b8a9-5b88e1955f2d_1.0.8.1204_1","appID":"FreeYouTubeSubtitlesDownloader-220203","dateAdded":"240912","deceptorType":"App","name":"Free YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"1.0.8.1204","lastKnownStatus":"1.0.5.1201;1.0.8.1204","lastKnownDate":"240912","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-12T22:50:21.037602+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":561},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install. \n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy. \nThe app does not have an \"About\" page and display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not have an \"About\" page and does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.7.5.1201","fileVersion":"6.7.5.1201","hashMD5":"8493336140d7c0f78cc90c939357fe7f","hashSHA1":"46d31ff0fcd8bb0f4f803c74968f4d990e206905","hashSHA256":"317a14516026bf3cb9b256821ce0a0941a4009f2d2253f20a47767331e96d8e3","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeSubtitlesDownload_1.0.5.1201_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Subtitles Downloader","productVersion":"1.0.5.1201","fileVersion":"1.0.5.1201","hashMD5":"4c734eeb80dc14ebaf812a5ba3bb403b","hashSHA1":"720bb356a2c6bb508c06d8996003bbdeb581ed44","hashSHA256":"96ab4b02f643692ea243a7b5fc29e74d53a2129df7c2e0055e1e7714db2adffe","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1716","avBlockList":["Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","Dr.Web Security Space (20220215)","K7 Total Security (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","Sophos Home Premium (20220215)","SpyHunter5 (20220215)","Total AV Antivirus Pro (20220215)","VirIT eXplorer PRO (20220215)","Webroot SecureAnywhere (20220215)","Windows Defender (20220215)"],"avAllowList":["360 Total Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","Kaspersky Internet Security (20220215)","Malwarebytes Premium (20220215)","Quick Heal Internet Security (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20220215)","VIPRE Advanced Security (20220215)"]},{"isRevoked":"False","fileName":"FreeYouTubeSubtitlesDownload.exe","companyName":"Digital Wave Ltd","productName":"Free YouTube Subtitles Downloader","productVersion":"1.0.5.1201","fileVersion":"1.0.5.1201","hashMD5":"1e33de482b16355db02dd5fb92f1bcc5","hashSHA1":"8549f767cc83d174ebcbe6166b221a8dc82339b7","hashSHA256":"cac29a0141f7c55a4765793ec797fc47fce69fd9fe4986b1419a6658069e5779","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1716","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/free-youtube-subtitles-download","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeSubtitlesDownload.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeSubtitlesDownload.exe&ls=topWinPrimary","sourceIndex":"1716"}],"sampleFiles":["220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Samples/FreeStudioManager.exe","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Samples/FreeYouTubeSubtitlesDownload_1.0.5.1201_o.exe","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Samples/FreeYouTubeSubtitlesDownload.exe"],"imageFiles":["220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-109/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-039/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-043/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-048/Control Panel.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-017/UAC.png"],"nonDeceptorImageFiles":["220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-044/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-040/FreeStudioManager App.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-065/EULA.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-065/App Interaction.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-065/Landing Page.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-099/App Interaction.png","220207/FreeYouTubeSubtitlesDownloader-220203/1.0.5.1201/Images/ACR-099/Landing Page.png"],"guid":"8ef8e503-2322-413a-b8a9-5b88e1955f2d_1.0.5.1201_1","appID":"FreeYouTubeSubtitlesDownloader-220203","dateAdded":"240912","deceptorType":"App","name":"Free YouTube Playlist Downloader","company":"Digital Wave Ltd","version":"1.0.5.1201","sigName":"Deceptor:Win32/FreeYouTubePlaylistDownloader!109039043048017","lastKnownStatus":"1.0.5.1201;1.0.8.1204","lastKnownDate":"240912","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-12T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":562},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. It also runs the \"vidnotifier.exe\" process and creates a startup.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app's  About page does not contain links to uninstall information. \nThe app's landing page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.7.4.623","fileVersion":"6.7.4.623","hashMD5":"a6499b93119c9f1b0f9c41bf82a2db1e","hashSHA1":"2eac0a2d6a7a117378df44db11662e8a51e7bb9b","hashSHA256":"2216342068474847e702f2403986dd091276f145a702826ee1486202d516fe04","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1718","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeToMP4Converter_4.3.51.623_o_ffcee9e9-2052-4bfa-8587-c915f61c8fa7.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube to MP4 Converter","productVersion":"4.3.51.623","fileVersion":"4.3.51.623","hashMD5":"518ea80fce5e716f238eca42403c5471","hashSHA1":"ab93262ea0fee965575f7b7ac8be38457c703e23","hashSHA256":"fec402097247e10d566cc26357eb2727b0408a82e46c43fa174e7546f6bbf85b","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1718","avBlockList":["360 Total Security (20240912)","Avast Premium Security (20240912)","AVG Internet Security (20240912)","Avira Internet Security (20240912)","Bitdefender Internet Security (20240912)","COMODO Antivirus (20240912)","Dr.Web Security Space (20240912)","G DATA INTERNET SECURITY (20240912)","Malwarebytes Premium (20240912)","McAfee Total Protection (20240912)","Norton Security (20240912)","Panda Dome (20240912)","Quick Heal Internet Security (20240912)","Sophos Home Premium (20240912)","SpyHunter5 (20240912)","Total AV Antivirus Pro (20240912)","VIPRE Advanced Security (20240912)","VirIT eXplorer PRO (20240912)","Webroot SecureAnywhere (20240912)","Windows Defender (20240912)","FortectPremium (20240912)"],"avAllowList":["ESET Internet Security (20240912)","K7 Total Security (20240912)","Kaspersky Internet Security (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20240912)","KasperskyPremium (20240912)"]},{"isRevoked":"False","fileName":"FreeYouTubeToMP4Converter.exe","companyName":"Digital Wave Ltd","productName":"Free YouTube to MP4 Converter","productVersion":"4.3.51.623","fileVersion":"4.3.51.623","hashMD5":"02245fd423d73098175942108da453eb","hashSHA1":"3fed80f576e2c9a009371ee58251d972ea8c657c","hashSHA256":"851e0881d4160d8ce4add1ead40a3a09933b10fab841a35e37be64f0bd48571a","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1718","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vidnotifier.exe","companyName":"Digital Wave Ltd","productName":"Vidnotifier","productVersion":"1.1.11.623","fileVersion":"1.1.11.623","hashMD5":"d2ecc4d0b71d22987894274227e7262e","hashSHA1":"39572d74a90a6b844e99a18a016a7f23b245db1a","hashSHA256":"85d03cee9a7423c40b7669312424dfb454b9155729f5c61f5d5ffb158ce58600","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1718","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-to-mp4-converter-en","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP4Converter.exe&ls=guideWin","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP4Converter.exe&ls=guideWin","sourceIndex":"1718"}],"sampleFiles":["220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Samples/FreeStudioManager.exe","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Samples/FreeYouTubeToMP4Converter_4.3.51.623_o_ffcee9e9-2052-4bfa-8587-c915f61c8fa7.exe","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Samples/FreeYouTubeToMP4Converter.exe","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Samples/vidnotifier.exe"],"imageFiles":["220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-109/FreeYTVtoMP4 Bundle.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-039/FreeYTVtoMP4 Bundle.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-043/FreeYTVtoMP4 Bundle.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-043/VidNotifier.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-043/VidNotifier Startup.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-048/FreeStudio x ControlPanel.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-017/FreeYTVtoMP4 UAC.png"],"nonDeceptorImageFiles":["220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-044/FreeYTVtoMP4 Bundle.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-040/FreeStudioManager Install Location.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-065/FreeYTVtoMP4 EULA.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-065/FreeYTVtoMP4 About.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-065/FreeYTVtoMP4 Landing Page.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-099/FreeYTVtoMP4 About.png","220203/FreeYoutubeToMP4Converter-220131/4.3.51.623/Images/ACR-099/FreeYTVtoMP4 Landing Page.png"],"guid":"7d9b1d04-7d72-4162-8010-fc0c2bcd2791_4.3.51.623_1","appID":"FreeYoutubeToMP4Converter-220131","dateAdded":"240911","deceptorType":"App","name":"Free Youtube To MP4 Converter","company":"Digital Wave Ltd","version":"4.3.51.623","sigName":"Deceptor:Win32/FreeYoutubeToMP4Converter!109039043048017","lastKnownStatus":"4.3.51.623;4.3.119.711","lastKnownDate":"240911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":564},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-042":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent.\n2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-043":"1. The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent.\n2. Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app includes \"Qt5\" components during the installation but the EULA does not contain any disclosure regarding this.\n","ACR-048":"The app does not provide control the cancel the installation process.\nThe non-disclosed app components is hidden from standard uninstall entry, limiting user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-084":"The non-disclosed app components is hidden from standard uninstall entry.\n","ACR-116":"The non-disclosed app components is hidden from standard uninstall entry, thus preventing the platform's standard uninstall method.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeToMP4Converter_4.3.112.304_u_6babd765-d02d-4476-a1c3-5847b1206fdd.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube To MP4 Converter (sc)                          ","productVersion":"4.3.119.711                                       ","fileVersion":"4.3.119.711         ","hashMD5":"42e3d4bda4156c70a4a9643f08bb210f","hashSHA1":"9be80ccf4e371174e57df97d68b23aa9b99ce656","hashSHA256":"61eb76587272a2636b86d7cba1a71e0bbbf4129171af02fa5822380b38d54bb4","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"549","avBlockList":["360 Total Security (20241203)","Avast Premium Security (20241203)","AVG Internet Security (20241203)","Avira Internet Security (20241203)","COMODO Antivirus (20241203)","Dr.Web Security Space (20241203)","FortectPremium (20241203)","K7 Total Security (20241203)","Malwarebytes Premium (20241203)","McAfee Total Protection (20241203)","Norton Security (20241203)","Panda Dome (20241203)","Quick Heal Internet Security (20241203)","Sophos Home Premium (20241203)","SpyHunter5 (20241203)","Total AV Antivirus Pro (20241203)","VirIT eXplorer PRO (20241203)"],"avAllowList":["Bitdefender Internet Security (20241203)","ESET Internet Security (20241203)","G DATA INTERNET SECURITY (20241203)","KasperskyPremium (20241203)","Trend Micro Internet Security (20241203)","VIPRE Advanced Security (20241203)","Webroot SecureAnywhere (20241203)","Windows Defender (20241203)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.dvdvideosoft.com/youtube-to-mp4-converter-en","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP4Converter.exe&ls=guideWin","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP4Converter.exe&ls=guideWin","sourceIndex":"549"}],"sampleFiles":["240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Samples/FreeYouTubeToMP4Converter_4.3.112.304_u_6babd765-d02d-4476-a1c3-5847b1206fdd.exe"],"imageFiles":["240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-109/ACR-109.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-039/ACR-039.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-043/ACR-043.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-043/ACR-043_1.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-043/ACR-043_2.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-107/ACR-107.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-042/ACR-042.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-042/ACR-042_1.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-042/ACR-042_2.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-048/ACR-048.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-048/ACR-048_1.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-017/ACR-017.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-084/ACR-084.PNG","240911/FreeYoutubeToMP4Converter-220131/4.3.119.711/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":[],"guid":"7d9b1d04-7d72-4162-8010-fc0c2bcd2791_4.3.119.711_1","appID":"FreeYoutubeToMP4Converter-220131","dateAdded":"240911","deceptorType":"App","name":"Free Youtube To MP4 Converter","company":"Digital Wave Ltd","version":"4.3.119.711","lastKnownStatus":"4.3.51.623;4.3.119.711","lastKnownDate":"240911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-11T20:15:36.9047766+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":563},{"violations":{"ACR-048":"The app uses a stealth mode, which shields it from uninstallation through platform standard applications. The app is also installed in a hidden folder.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and uses a hotkey to hide from them.\n","ACR-084":"The app uses a stealth mode, which requires the consumer to use a hotkey to access it. The app is also installed in a hidden folder.\n","ACR-086":"The app does not inform the consumer of how their data is being used and hides from the consumer using a hotkey.\n","ACR-116":"The app cannot be uninstalled through the Control Panel.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The app does not display links to the EULA.\nThe landing page does not display links to the EULA.\n","ACR-161":"The landing page contains unsubstantiated testimonials.\n","ACR-099":"The landing page does not display links to uninstall information\n"},"samples":[{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"MCsoft","fileVersion":"2.2","hashMD5":"c2bd5acc580766d6575ad3f97c629ab0","hashSHA1":"9503d76ca773cd3c16f547b8c08f3cd9adfa09e3","hashSHA256":"ad44b53919507995ae8248ad6b7a71d90379151f59cbd2f478acdbea717a681c","digitalCertThumbprint":"CCBA6A68A18F22AFBD1A65DE99506A138B1C3D39","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=MCsoft, O=MCsoft, L=Perm, S=Perm Krai, C=RU","sourceIndex":"550","avBlockList":["360 Total Security (20240926)","Avast Internet Security (20200224)","AVG Internet Security (20240926)","Avira Internet Security (20240926)","Bitdefender Internet Security (20240926)","COMODO Antivirus (20240926)","Dr.Web Security Space (20240926)","ESET Internet Security (20240926)","G DATA INTERNET SECURITY (20240926)","K7 Total Security (20240926)","Kaspersky Internet Security (20200709)","Malwarebytes Premium (20240926)","McAfee Total Protection (20240926)","Norton Security (20240926)","Panda Dome (20240926)","Quick Heal Internet Security (20240926)","Sophos Home Premium (20240926)","SpyHunter5 (20240926)","Tencent PC Manager (20200709)","Trend Micro Internet Security (20240926)","VIPRE Advanced Security (20240926)","VirIT eXplorer PRO (20240926)","Webroot SecureAnywhere (20240926)","Windows Defender (20240926)","Avast Premium Security (20240926)","Total AV Antivirus Pro (20240926)","FortectPremium (20240926)","KasperskyPremium (20240926)"],"avAllowList":[]},{"isRevoked":"False","fileName":"main.exe","companyName":"MCsoft","fileVersion":"5.9","hashMD5":"7de1ad7cb4cad86439a47baed98875f6","hashSHA1":"5251b31d8ee0ec645826a3ec8426d425b151b2e4","hashSHA256":"33ddaa03503bfb0cdb84b3c6a4ae8d7d21cb322bc30e1d259ae795d4d7020dbb","digitalCertThumbprint":"CCBA6A68A18F22AFBD1A65DE99506A138B1C3D39","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=MCsoft, O=MCsoft, L=Perm, S=Perm Krai, C=RU","sourceIndex":"550","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"main1.exe","isInstaller":"True","companyName":"MCsoft","fileVersion":"5.9","hashMD5":"a9b4f2457428bd135f8e6759027a3e66","hashSHA1":"389d8a83f45c59f8bfb33514cc25c79c077d71dc","hashSHA256":"46fc5a843a144a475e60fab0a1a82bb061ef9004db7b27b9a677df1b5c4e2c89","digitalCertThumbprint":"B3D6872DA3E4740C5BA9E938F59638D1657CCE21","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sergey N. Popadenko, O=Sergey N. Popadenko, STREET=\"p. Znamensky, Sukhoy p., 6\", L=Krasnodar, S=Krasnodar District, PostalCode=354055, C=RU","sourceIndex":"550","avBlockList":["360 Total Security (20241203)","Avast Premium Security (20241203)","AVG Internet Security (20241203)","Avira Internet Security (20241203)","Bitdefender Internet Security (20241203)","COMODO Antivirus (20241203)","Dr.Web Security Space (20241203)","ESET Internet Security (20241203)","FortectPremium (20241203)","G DATA INTERNET SECURITY (20241203)","K7 Total Security (20241203)","KasperskyPremium (20241203)","Malwarebytes Premium (20241203)","McAfee Total Protection (20241203)","Norton Security (20241203)","Panda Dome (20241203)","Quick Heal Internet Security (20241203)","Sophos Home Premium (20241203)","SpyHunter5 (20241203)","Total AV Antivirus Pro (20241203)","Trend Micro Internet Security (20241203)","VIPRE Advanced Security (20241203)","VirIT eXplorer PRO (20241203)","Webroot SecureAnywhere (20241203)","Windows Defender (20241203)"],"avAllowList":[]},{"isRevoked":"False","fileName":"neospy_en_240826.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"82a6511766015d3c9150ea7bc1feaf1c","hashSHA1":"88544b38ee1a4f70c6eb54b29a113448b4321cba","hashSHA256":"d534114a07ae6e0cd4a324f0f3b37b8de34763eaf2a6dbecffee1db47158c06a","digitalCertThumbprint":"59EC51FEC9576FB4DD55525DDDD4F10FF18F42DB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Dmytro Haponiuk, O=Dmytro Haponiuk, S=Poltavska oblast, C=UA","sourceIndex":"550","avBlockList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)"],"avAllowList":["COMODO Antivirus (20241205)","Dr.Web Security Space (20241205)","Trend Micro Internet Security (20241205)","Windows Defender (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://neospy.net/","directDownloadingLink":"http://193.124.18.115/download/en/neospy_pro/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://193.124.18.115/download/en/neospy_pro/","sourceIndex":"550"}],"sampleFiles":["240909/NeoSpy-200122/5.9/Samples/install.exe","240909/NeoSpy-200122/5.9/Samples/main.exe","240909/NeoSpy-200122/5.9/Samples/main1.exe","240909/NeoSpy-200122/5.9/Samples/neospy_en_240826.exe"],"imageFiles":["240909/NeoSpy-200122/5.9/Images/ACR-048/NeoSpy 5.9 Uninstsall.png","240909/NeoSpy-200122/5.9/Images/ACR-048/NeoSpy 5.9 Hide.png","240909/NeoSpy-200122/5.9/Images/ACR-048/NeoSpy 5.9 Hidden.png","240909/NeoSpy-200122/5.9/Images/ACR-007/NeoSpy 5.9 Hide.png","240909/NeoSpy-200122/5.9/Images/ACR-007/NeoSpy 5.9 Hotkey.png","240909/NeoSpy-200122/5.9/Images/ACR-084/NeoSpy 5.9 Hotkey.png","240909/NeoSpy-200122/5.9/Images/ACR-084/NeoSpy 5.9 Hidden.png","240909/NeoSpy-200122/5.9/Images/ACR-086/NeoSpy 5.9 Hotkey.png","240909/NeoSpy-200122/5.9/Images/ACR-116/NeoSpy 5.9 Uninstsall.png"],"nonDeceptorImageFiles":["240909/NeoSpy-200122/5.9/Images/ACR-040/NeoSpy 5.9 Hidden.png","240909/NeoSpy-200122/5.9/Images/ACR-065/NeoSpy 5.9 About.png","240909/NeoSpy-200122/5.9/Images/ACR-065/NeoSpy 5.9 Landing Page.png","240909/NeoSpy-200122/5.9/Images/ACR-161/NeoSpy 5.9 Testimonials.png","240909/NeoSpy-200122/5.9/Images/ACR-099/NeoSpy 5.9 Landing Page.png"],"guid":"19b9a674-eec4-4e80-bbd7-d3dd6d9a3d81_5.9_1","appID":"NeoSpy-200122","dateAdded":"240909","deceptorType":"App","name":"NeoSpy","company":"NeoSpy","version":"5.9","sigName":"Deceptor:Win32/NeoSpy!048007084086116","lastKnownStatus":"5.8;5.9","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-10T04:56:32.8482484+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":565},{"violations":{"ACR-003":"The application exaggerates system files as being errors, thereby misleading or scaring user to take action.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"The application has no certificate information it is unsigned.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLEscort_Setup.exe","isInstaller":"True","productName":"DLLEscort","productVersion":"2018","fileVersion":"2018","hashMD5":"d2fd135d6f92f56159018478dc94087f","hashSHA1":"bd1d6e7e4f0d6184dfe14c89107e1ec5750e1c32","hashSHA256":"603bbd9bef747a86982be6946bf945141140f4b36e08a7c3f362dde79541bfaa","sourceIndex":"551","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"cfec14fed441ef61ea0a08c8b4c0f4ce","hashSHA1":"4cfc31ff0192525a9e3ee98ecceafeaae0feebd1","hashSHA256":"cd45ef55fcb082736864848d5675531ab7c2c4358249355798f5b5abc538d3ec","sourceIndex":"551","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort [2].exe","fileVersion":"0.0","hashMD5":"4da6f289e5cf792c5d6943cca66b4dba","hashSHA1":"aeebcd42e7caa19e593a0b26b5e8f6e8c69635ec","hashSHA256":"d4903ee9bb895613c41de7dc9ef0cb57a32eba3b32cfecfe23b09635cd6e2770","sourceIndex":"551","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort_Setup [2].exe","isInstaller":"True","fileVersion":"2021.0","hashMD5":"7d18338703c7087c6edd283e813a16a7","hashSHA1":"5b6892dd09c4f601419f286c86241f25d9f45630","hashSHA256":"cf9a877114799de4b672fa766e57f1de3423c0d6e1e5300e679ea282be3913fa","sourceIndex":"551","avBlockList":["Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["360 Total Security (20241205)","COMODO Antivirus (20241205)"]},{"isRevoked":"False","fileName":"DLLEscort_Setup_240828.exe","isInstaller":"True","fileVersion":"3.3","hashMD5":"7feec6e700ad4a2e4f3447ec6d2eb070","hashSHA1":"0326052067416ada902c8398d288d5391215508f","hashSHA256":"5f2cb66440a945dfe754ee2091046bafc70e96ace5bbd439c14dc73e36075ee6","sourceIndex":"551","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://www.dllescort.com/","directDownloadingLink":"http://www.dllescort.com/DLLEscort_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dllescort.com/DLLEscort_Setup.exe","sourceIndex":"551"}],"sampleFiles":["240909/DLLEscort-180424/2.6.20/Samples/DLLEscort_Setup.exe","240909/DLLEscort-180424/2.6.20/Samples/DLLEscort.exe","240909/DLLEscort-180424/2.6.20/Samples/DLLEscort [2].exe","240909/DLLEscort-180424/2.6.20/Samples/DLLEscort_Setup [2].exe","240909/DLLEscort-180424/2.6.20/Samples/DLLEscort_Setup_240828.exe"],"imageFiles":["240909/DLLEscort-180424/2.6.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["240909/DLLEscort-180424/2.6.20/Images/ACR-065/ACR_065_INSTALL.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-065/ACR_065_SOFTWARE.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-092/ACR_092_SOFTWARE.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-157/ACR_157_SOFTWARE.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-099/ACR_099_SOFTWARE.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","240909/DLLEscort-180424/2.6.20/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"b3608584-cd5b-445e-94b4-5a5e4962ef37_2.6.20_1","appID":"DLLEscort-180424","dateAdded":"240909","deceptorType":"App","name":"DLLEscort","company":"DLLEscort","version":"2.6.20","sigName":"Deceptor:Win32/DllEscort!003118","lastKnownStatus":"Deceptor:2.6.20;2021","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-10T04:54:39.321352+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":567},{"violations":{"ACR-048":"The app uses a stealth mode, which shields it from uninstallation through platform standard applications. The app is also installed in a hidden folder.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and uses a hotkey to hide from them.\n","ACR-084":"The app uses a stealth mode, which requires the consumer to use a hotkey to access it. The app is also installed in a hidden folder.\n","ACR-086":"The app does not inform the consumer of how their data is being used and hides from the consumer using a hotkey.\n","ACR-116":"The app cannot be uninstalled through the Control Panel.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The app does not display links to the EULA.\nThe landing page does not display links to the EULA.\n","ACR-161":"The landing page contains unsubstantiated testimonials.\n","ACR-099":"The landing page does not display links to uninstall information\n"},"samples":[{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"MCsoft","fileVersion":"2.0","hashMD5":"859970c9596323fc5b597dc903659e36","hashSHA1":"dea5d6cccfda567f81af974686f7fbce32deb802","hashSHA256":"089808e4c1b75d37d1b5d0debfb258ce3d6b027d98eb2486eb0b372f4fbcf095","digitalCertThumbprint":"CCBA6A68A18F22AFBD1A65DE99506A138B1C3D39","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=MCsoft, O=MCsoft, L=Perm, S=Perm Krai, C=RU","sourceIndex":"2576","avBlockList":["360 Total Security (20200709)","Avast Internet Security (20200224)","AVG Internet Security (20200709)","Avira Internet Security (20200709)","Bitdefender Internet Security (20200709)","Dr.Web Security Space (20200709)","ESET Internet Security (20200709)","G DATA INTERNET SECURITY (20200709)","K7 Total Security (20200709)","Kaspersky Internet Security (20200709)","Malwarebytes Premium (20200709)","McAfee Total Protection (20200709)","Norton Security (20200709)","Panda Dome (20200709)","Quick Heal Internet Security (20200709)","Sophos Home Premium (20200709)","SpyHunter5 (20200709)","Tencent PC Manager (20200709)","VIPRE Advanced Security (20200709)","VirIT eXplorer PRO (20200709)","Webroot SecureAnywhere (20200709)","Windows Defender (20200709)","Avast Premium Security (20200709)","Total AV Antivirus Pro (20200709)"],"avAllowList":["COMODO Antivirus (20200709)","Trend Micro Internet Security (20200709)"]},{"isRevoked":"False","fileName":"main.exe","companyName":"MCsoft","fileVersion":"5.8","hashMD5":"1372fb293396680b2492b2ae49ad44d6","hashSHA1":"8da6b1972a8d616cdabe8568049acb4f5322d7dc","hashSHA256":"8a07390e85a5bbf44c889f1b806abe6a57eed9b93559d9af859a21ef270475d0","digitalCertThumbprint":"CCBA6A68A18F22AFBD1A65DE99506A138B1C3D39","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=MCsoft, O=MCsoft, L=Perm, S=Perm Krai, C=RU","sourceIndex":"2576","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://neospy.net/","directDownloadingLink":"http://193.124.18.115/download/en/neospy_pro/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://193.124.18.115/download/en/neospy_pro/","sourceIndex":"2576"}],"sampleFiles":["200123/NeoSpy-200122/5.8/Samples/install.exe","200123/NeoSpy-200122/5.8/Samples/main.exe"],"imageFiles":["200123/NeoSpy-200122/5.8/Images/ACR-048/NeoSpy Hotkey.png","200123/NeoSpy-200122/5.8/Images/ACR-048/NeoSpy Hidden.png","200123/NeoSpy-200122/5.8/Images/ACR-048/NeoSpy Hidden Folder.png","200123/NeoSpy-200122/5.8/Images/ACR-007/NeoSpy Hidden.png","200123/NeoSpy-200122/5.8/Images/ACR-007/NeoSpy Hotkey.png","200123/NeoSpy-200122/5.8/Images/ACR-084/NeoSpy Hotkey.png","200123/NeoSpy-200122/5.8/Images/ACR-084/NeoSpy Hidden Folder.png","200123/NeoSpy-200122/5.8/Images/ACR-086/NeoSpy Hotkey.png","200123/NeoSpy-200122/5.8/Images/ACR-116/NeoSpy Uninstall.png"],"nonDeceptorImageFiles":["200123/NeoSpy-200122/5.8/Images/ACR-040/NeoSpy Hidden Folder.png","200123/NeoSpy-200122/5.8/Images/ACR-065/NeoSpy Settings.png","200123/NeoSpy-200122/5.8/Images/ACR-065/NeoSpy Landing Page.png","200123/NeoSpy-200122/5.8/Images/ACR-161/NeoSpy Testimonials.png","200123/NeoSpy-200122/5.8/Images/ACR-099/NeoSpy Landing Page.png"],"guid":"19b9a674-eec4-4e80-bbd7-d3dd6d9a3d81_5.8_1","appID":"NeoSpy-200122","dateAdded":"240909","deceptorType":"App","name":"NeoSpy","company":"NeoSpy","version":"5.8","sigName":"Deceptor:Win32/NeoSpyStalkerware!048007084086116","lastKnownStatus":"5.8;5.9","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":566},{"violations":{"ACR-003":"The application exaggerates system files as being errors, thereby misleading or scaring user to take action.\n","ACR-004":"Does not fix problems for free, costs money to fix them.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"Errors Displayed by App\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy.\nThe internal offer page does not display links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy.\n","ACR-092":"The application has no certificate information it is unsigned.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page does not show links to a webpage that shows how to uninstall the app. \nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLEscort.exe","fileVersion":"0.0","hashMD5":"1f85fb1529ff913b5d40fd4594c821a8","hashSHA1":"6aa24fb86d8ecad695dd3dfb6a4da8438f39aeba","hashSHA256":"f0a3c534812f05e1402a7c2d6268845ddf8936149fad688f8392f3bb5ac96588","sourceIndex":"2133","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort_Setup.exe","isInstaller":"True","fileVersion":"2020.0.0.0","hashMD5":"ed151d3e3aae815769ed501902080465","hashSHA1":"0ef96920560b82f61685f0527be79ae4f9ad3f85","hashSHA256":"3b5dbbd8d1408a33f404d9de8f59bed4f8a234dd28961b0656bae224d4c1d808","sourceIndex":"2133","avBlockList":["Avast Premium Security (20211118)","AVG Internet Security (20211118)","Avira Internet Security (20211118)","Bitdefender Internet Security (20211118)","COMODO Antivirus (20211118)","Dr.Web Security Space (20211118)","ESET Internet Security (20211118)","G DATA INTERNET SECURITY (20211118)","K7 Total Security (20211118)","Kaspersky Internet Security (20211118)","Malwarebytes Premium (20211118)","McAfee Total Protection (20211118)","Norton Security (20211118)","Panda Dome (20211118)","Quick Heal Internet Security (20211118)","Sophos Home Premium (20211118)","SpyHunter5 (20211118)","Tencent PC Manager (20211118)","Total AV Antivirus Pro (20211118)","Trend Micro Internet Security (20211118)","VIPRE Advanced Security (20211118)","VirIT eXplorer PRO (20211118)","Webroot SecureAnywhere (20211118)","Windows Defender (20211118)"],"avAllowList":["360 Total Security (20211118)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://www.dllescort.com/","directDownloadingLink":"http://www.dllescort.com/DLLEscort_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dllescort.com/DLLEscort_Setup.exe","sourceIndex":"2133"}],"sampleFiles":["200811/DLLEscort-180424/2020/Samples/DLLEscort.exe","200811/DLLEscort-180424/2020/Samples/DLLEscort_Setup.exe"],"imageFiles":["200811/DLLEscort-180424/2020/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","200811/DLLEscort-180424/2020/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","200811/DLLEscort-180424/2020/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","200811/DLLEscort-180424/2020/Images/ACR-118/uninstall.png","200811/DLLEscort-180424/2020/Images/ACR-014/DLLEscort ACR_014 #2 Software.png","200811/DLLEscort-180424/2020/Images/ACR-014/DLLEscort ACR_014 Software.png","200811/DLLEscort-180424/2020/Images/ACR-004/DLLEscort ACR_004 Software.png"],"nonDeceptorImageFiles":["200811/DLLEscort-180424/2020/Images/ACR-065/DLLEscort ACR_065 Install.png","200811/DLLEscort-180424/2020/Images/ACR-065/ACR_065_INSTALL.png","200811/DLLEscort-180424/2020/Images/ACR-065/ACR_065_SOFTWARE.PNG","200811/DLLEscort-180424/2020/Images/ACR-065/DLLEscort ACR_065 Software.png","200811/DLLEscort-180424/2020/Images/ACR-065/DLLEscort ACR_065 Landing Page.png","200811/DLLEscort-180424/2020/Images/ACR-065/DLLEscort ACR_065 Internal Offers.png","200811/DLLEscort-180424/2020/Images/ACR-092/NO_CERTIFICATE_INFORMATION.png","200811/DLLEscort-180424/2020/Images/ACR-157/DLLEscort ACR_157 Software.png","200811/DLLEscort-180424/2020/Images/ACR-157/NO_CERTIFICATE_INFORMATION.png","200811/DLLEscort-180424/2020/Images/ACR-099/ACR_099_SOFTWARE.PNG","200811/DLLEscort-180424/2020/Images/ACR-099/DLLEscort ACR_099 Software.png","200811/DLLEscort-180424/2020/Images/ACR-099/DLLEscort ACR_099 Landing Page.png","200811/DLLEscort-180424/2020/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","200811/DLLEscort-180424/2020/Images/ACR-099/DLLEscort ACR_099 Internal Offers.png","200811/DLLEscort-180424/2020/Images/ACR-167/ACR_167_DOCS.PNG","200811/DLLEscort-180424/2020/Images/ACR-167/DLLEscort ACR_167 Docs.png"],"guid":"b3608584-cd5b-445e-94b4-5a5e4962ef37_2020_1","appID":"DLLEscort-180424","dateAdded":"240909","deceptorType":"App","name":"DLLEscort","company":"DLLEscort","version":"2020","sigName":"Deceptor:Win32/DllEscort!003004014118","lastKnownStatus":"Deceptor:2.6.20;2021","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":569},{"violations":{"ACR-003":"The application exaggerates system files as being errors, thereby misleading or scaring user to take action.\n","ACR-004":"Does not fix problems for free, costs money to fix them.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"Errors Displayed by App\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nAryeman- No Link to Privacy Policy\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nNo link to EULA on Landing Page\nNo link to EULA on Internal Offers\n","ACR-092":"The application has no certificate information it is unsigned.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLEscort.exe","isInstaller":"True","companyName":"N/A","productName":"DLLEscort","productVersion":"2018","fileVersion":"2018.0.0.0","hashMD5":"8d21585c3c33eafaa55b4cf153f214d2","hashSHA1":"238ed2136289c8345f2a8dbf2f510a47132da14c","hashSHA256":"7ca25b4ed5d0fed4098467a86ad5078f58a21a02a8895bf1379632f7ed119bec","sourceIndex":"3378","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20210708)","Avira Internet Security (20210708)","Bitdefender Internet Security (20210708)","ESET Internet Security (20210708)","G DATA INTERNET SECURITY (20210708)","K7 Total Security (20210708)","Kaspersky Internet Security (20210708)","Malwarebytes Premium (20210708)","McAfee Total Protection (20210708)","Norton Security (20210708)","Panda Dome (20210708)","Sophos Home Premium (20210708)","Trend Micro Internet Security (20210708)","VirIT eXplorer PRO (20210708)","Webroot SecureAnywhere (20210708)","Windows Defender (20210708)","COMODO Antivirus (20210708)","Dr.Web Security Space (20210708)","Quick Heal Internet Security (20210708)","SpyHunter5 (20210708)","Tencent PC Manager (20210708)","VIPRE Advanced Security (20210708)","Avast Premium Security (20210708)","Total AV Antivirus Pro (20210708)"],"avAllowList":["360 Total Security (20210708)","F-PROT Antivirus for Windows (20190404)"]},{"isRevoked":"False","fileName":"DLLEscort_Setup.exe","isInstaller":"True","companyName":"N/A","productName":"N/A","productVersion":"N/A","fileVersion":"2018.0","hashMD5":"1c591d902e2d78a2e0008437ca731c0a","hashSHA1":"3eb1c00880d0e988f929966ac7c03becb6e7647e","hashSHA256":"92917f826603b848ea6a125749d784efb0a90b3cd1d76f6f62604f7c62392968","sourceIndex":"3378","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","Avira Internet Security (20190404)","ESET Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","K7 Total Security (20190404)","Kaspersky Internet Security (20190404)","Malwarebytes Premium (20190404)","McAfee Total Protection (20190404)","Norton Security (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","Trend Micro Internet Security (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","360 Total Security (20190404)","COMODO Antivirus (20190404)","Dr.Web Security Space (20190404)","Quick Heal Internet Security (20190404)","SpyHunter5 (20190404)","Tencent PC Manager (20190404)"],"avAllowList":["Bitdefender Internet Security (20190404)","F-PROT Antivirus for Windows (20190404)","VIPRE Advanced Security (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://www.dllescort.com/","directDownloadingLink":"http://www.dllescort.com/DLLEscort_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dllescort.com/DLLEscort_Setup.exe","sourceIndex":"3378"}],"sampleFiles":["190110/DLLEscort-180424/2018.0.0.0/Samples/DLLEscort.exe","190110/DLLEscort-180424/2018.0.0.0/Samples/DLLEscort_Setup.exe"],"imageFiles":["190110/DLLEscort-180424/2018.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-118/ACR_118_UNINSTALL.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-118/DLLEscort ACR_118 Uninstall.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-014/DLLEscort ACR_014 #2 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-014/DLLEscort ACR_014 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-004/DLLEscort ACR_004 Software.png"],"nonDeceptorImageFiles":["190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/ACR_065_INSTALL.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/DLLEscort ACR_065 Install.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/DLLEscort ACR_065 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/DLLEscort ACR_065 Landing Page.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-065/DLLEscort ACR_065 Internal Offers.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-092/DLLEscort ACR_092 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-157/ACR_157_SOFTWARE.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-157/DLLEscort ACR_157 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-099/DLLEscort ACR_099 Software.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-099/DLLEscort ACR_099 Internal Offers.png","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-167/ACR_167_DOCS.PNG","190110/DLLEscort-180424/2018.0.0.0/Images/ACR-167/DLLEscort ACR_167 Docs.png"],"guid":"b3608584-cd5b-445e-94b4-5a5e4962ef37_2018.0.0.0_1","appID":"DLLEscort-180424","dateAdded":"240909","deceptorType":"App","name":"DLLEscort","company":"DLLEscort","version":"2018.0.0.0","sigName":"Deceptor:Win32/DllEscort!003004014118","lastKnownStatus":"Deceptor:2.6.20;2021","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":570},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the desktop and installed app list, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to quit the app completely.\n3. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the desktop and control panel. The app uses a hotkey and password to hide its presence.\n2. The app creates a startup entry without the consumer's knowledge and consent.\n3. On closing the app it minimizes to system tray and the process runs silently in the background, hiding its presence from the consumer.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection. In the setting, it also recommend user to add the app in the exception list.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Best Free Keylogger\\CBAccess\\CBAccess.exe","companyName":"","productName":"CBAccess","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"880bc48473c99cd781ea6db706fc2ed3","hashSHA1":"7058a945e026df75ca3ceb597bf4f77aeefcec30","hashSHA256":"36e26df41bbb09719050563fcfc195ac10098f8ca98b8121a9b4fd20f5910d42","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"554","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Best Free Keylogger\\syscrb.exe","companyName":"bestxsoftware","productName":"","productVersion":"6.0.0.0","fileVersion":"6.0.0.0","hashMD5":"811620702659cf36f3e0bf0a499b1566","hashSHA1":"80ce6926b0ec0b1ba8d91444a9fa543a3c39f500","hashSHA256":"79fc5c10bcf7fa203ad23df148c073ae60c22b19443d6c1baccd64c4d605f42c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"554","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","companyName":"                                                            ","productName":"Best free keylogger                                         ","productVersion":"free                                              ","fileVersion":"                    ","hashMD5":"c8c7c08fa317ebffb98becb51c21c788","hashSHA1":"2e66936c4aaa522f96831e431c46a3c2b907391f","hashSHA256":"698793705a235c7ca772ea242009ec1b668f72c4b7f4253ebe9f12e8279a1828","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"554","avBlockList":["360 Total Security (20241205)","Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","COMODO Antivirus (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["Dr.Web Security Space (20241205)","Trend Micro Internet Security (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://u.pcloud.link/publink/show?code=XZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0#returl=https%3A//u.pcloud.link/publink/show%3Fcode%3DXZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0&page=login","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://u.pcloud.link/publink/show?code=XZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0#returl=https%3A//u.pcloud.link/publink/show%3Fcode%3DXZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0&page=login","sourceIndex":"554"}],"sampleFiles":["240909/BestFreeKeyloggerLite-191121/8.0.1/Samples/installer_free.exe"],"imageFiles":["240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_2.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_3.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_4.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_5.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-048/ACR-048_6.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007_2.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007_3.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-007/ACR-007_4.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-014/ACR-014.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_2.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_3.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_4.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_5.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_6.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-084/ACR-084_7.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_2.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_3.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_4.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_5.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-086/ACR-086_6.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-097/ACR-097.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-097/ACR-097_1.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-116/ACR-116.PNG","240909/BestFreeKeyloggerLite-191121/8.0.1/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":[],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_8.0.1_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"8.0.1","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:23.7148482+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":571},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the desktop and installed app list, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to quit the app completely.\n3. The app does not provide any control to disable the startup it created.\n\n","ACR-007":"The app enables the consumer to hide it from the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the desktop and control panel. The app uses a hotkey and password to hide its presence.\n2. The app creates a startup entry without the consumer's knowledge and consent.\n3. On closing the app it minimizes to system tray and the process runs silently in the background, hiding its presence from the consumer.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection. In the setting, it also recommend user to add the app in the exception list.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The app shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the Installer file.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Best Free Keylogger\\syscrb.exe","companyName":"bestxsoftware","productName":"","productVersion":"7.4.4.0","fileVersion":"7.4.4.0","hashMD5":"8eddc6d14d19d3cea04ec91bd01e866e","hashSHA1":"740d253b34c4d59b3ccfd4db88adf3cd534525da","hashSHA256":"0a8f95dbce2b436d681ad63f8b2aef258c1e87fbf24984d95d130487581390fc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1737","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","companyName":"                                                            ","productName":"B.F.K.                                                      ","productVersion":"free                                              ","fileVersion":"                    ","hashMD5":"76e1e74420a575f8504002101ac5170f","hashSHA1":"92cb91e636b6d6c408be8fb156949bdd23bfe4fe","hashSHA256":"5f5d8931756b9035029c1e009ef72d2afa79dadd6f4f620a19c88e3cc5173e8f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1737","avBlockList":["360 Total Security (20220419)","Avast Premium Security (20220419)","AVG Internet Security (20220419)","Avira Internet Security (20220419)","Bitdefender Internet Security (20220419)","COMODO Antivirus (20220419)","Dr.Web Security Space (20220419)","ESET Internet Security (20220419)","G DATA INTERNET SECURITY (20220419)","K7 Total Security (20220419)","Kaspersky Internet Security (20220419)","Malwarebytes Premium (20220419)","McAfee Total Protection (20220419)","Norton Security (20220419)","Panda Dome (20220419)","Quick Heal Internet Security (20220419)","Sophos Home Premium (20220419)","SpyHunter5 (20220419)","Tencent PC Manager (20220419)","Total AV Antivirus Pro (20220419)","Trend Micro Internet Security (20220419)","VIPRE Advanced Security (20220419)","VirIT eXplorer PRO (20220419)","Webroot SecureAnywhere (20220419)","Windows Defender (20220419)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger","reference":"","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://u.pcloud.link/publink/show?code=XZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://u.pcloud.link/publink/show?code=XZvVaxXZEkbgS4jQjNBmiAwzrOPQIzKxiXk0","sourceIndex":"1737"}],"sampleFiles":["220104/BestFreeKeyloggerLite-191121/7.4.1/Samples/installer_free.exe"],"imageFiles":["220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_2.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_3.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_4.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-048/ACR-048_Software_5.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software_2.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software_3.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-007/ACR-007_Software_4.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-014/ACR-014_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_2.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_3.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_4.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_5.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_6.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-084/ACR-084_Software_7.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_2.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_3.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_4.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_5.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-086/ACR-086_Software_6.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-097/ACR-097_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-097/ACR-097_Software_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":["220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-038/ACR-038_Install_No_Detail.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-040/ACR-040_Install.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-040/ACR-040_Install_1.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-065/ACR-065_Install.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-065/ACR-065_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-065/ACR-065_Landingpage_No_Docs.jpg","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-065/ACR-065_InternalOffers_No_Docs.jpg","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-002/ACR-002_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-017/ACR-017_Landingpage.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-161/ACR-161_Landingpage.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-092/ACR-092_Software.JPG","220104/BestFreeKeyloggerLite-191121/7.4.1/Images/ACR-167/ACR-167_Docs.jpg"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.4.1_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.4.1","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":572},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection. In the setting, it also recommend user to add the app in the exception list.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://vc546.pcloud.com/dHZBpthJeZKSIDHCZZZvVlav7Z2ZZb6JZkZvVaxXZvYisXjiiHr4LFGiKR8qBO5oY1Cj7/installer_free.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vc546.pcloud.com/dHZBpthJeZKSIDHCZZZvVlav7Z2ZZb6JZkZvVaxXZvYisXjiiHr4LFGiKR8qBO5oY1Cj7/installer_free.exe","sourceIndex":"1813"}],"sampleFiles":[],"imageFiles":["210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Files [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-014/Best Free Keylogger Lite_RunningProcess [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [6].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [7].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-097/Best Free Keylogger Lite_Install [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-097/Best Free Keylogger Lite_Interactions [9].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-116/Best Free Keylogger Lite_ControlPanel [1].png"],"nonDeceptorImageFiles":["210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-038/Best Free Keylogger Lite_FileProperty [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-038/Best Free Keylogger Lite_FileProperty [4].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-040/Best Free Keylogger Lite_Files [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-040/Best Free Keylogger Lite_RunningProcess [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [5].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_Install [6].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_About [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_LandingPage [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-065/Best Free Keylogger Lite_OfferPage [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-002/Best Free Keylogger Lite_RunningProcess [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-017/Best Free Keylogger Lite_LandingPage [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-161/Best Free Keylogger Lite_LandingPage [3].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-092/Best Free Keylogger Lite_FileProperty [1].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-092/Best Free Keylogger Lite_FileProperty [2].png","210921/BestFreeKeyloggerLite-191121/7.4.0/Images/ACR-167/Best Free Keylogger Pro_Bestxsoftware Refund Policy.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.4.0_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.4.0","sigName":"Deceptor:Win32/BestFreeKeyloggerLiteStalkerware!048007014084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":573},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a System Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"bb55d6a650fdaf946ebcdd26c24f989d","hashSHA1":"1366fd9116936b5e878d7ea636a04037f1d0a030","hashSHA256":"2994ea459f6c8b771a2d694a6a23c27415f2de29b0ecb00261b9cc3cb3356ccf","digitalCertThumbprint":"A1EED01E058B4C337F5E7040A0BA5CAE34A58F87","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Bestxsoftware, O=Bestxsoftware, STREET=\"45/B, Kehelella,\", L=Badalgama, S=Western Province, C=LK","sourceIndex":"2596","avBlockList":["360 Total Security (20210604)","Avast Internet Security (20191226)","AVG Internet Security (20210604)","Avira Internet Security (20210604)","Bitdefender Internet Security (20210604)","COMODO Antivirus (20210604)","Dr.Web Security Space (20210604)","ESET Internet Security (20210604)","G DATA INTERNET SECURITY (20210604)","K7 Total Security (20210604)","Kaspersky Internet Security (20210604)","Malwarebytes Premium (20210604)","McAfee Total Protection (20210604)","Norton Security (20210604)","Panda Dome (20210604)","Quick Heal Internet Security (20210604)","Sophos Home Premium (20210604)","Tencent PC Manager (20210604)","Trend Micro Internet Security (20210604)","VIPRE Advanced Security (20210604)","VirIT eXplorer PRO (20210604)","Webroot SecureAnywhere (20210604)","Windows Defender (20210604)","Avast Premium Security (20210604)","SpyHunter5 (20210604)","Total AV Antivirus Pro (20210604)"],"avAllowList":[]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"1.5","hashMD5":"16698e2078a7ab6806399a9b24da4f64","hashSHA1":"7b4451734900bd7c4111c606ca4a31e042be42fe","hashSHA256":"453e79c81b69bc50ae91ee153e9ef130d2aa8c8387eafdbeeabc52bde1f72be4","digitalCertThumbprint":"A1EED01E058B4C337F5E7040A0BA5CAE34A58F87","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Bestxsoftware, O=Bestxsoftware, STREET=\"45/B, Kehelella,\", L=Badalgama, S=Western Province, C=LK","sourceIndex":"2596","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"apps like spyrix\" - Google search","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://bestxsoftware.com/download/installer_free_v_6.1.0(password=1234).zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bestxsoftware.com/download/installer_free_v_6.1.0(password=1234).zip","sourceIndex":"2596"}],"sampleFiles":["191125/BestFreeKeyloggerLite-191121/6.1.0/Samples/installer_free.exe","191125/BestFreeKeyloggerLite-191121/6.1.0/Samples/syscrb.exe"],"imageFiles":["191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-048/BestFreeKeyloggerLite Hidden File.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-048/BestFreeKeyloggerLite Password.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-048/BestFreeKeyloggerLite Hotkey.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-007/BestFreeKeyloggerLite Password.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-007/BestFreeKeyloggerLite Hotkey.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-084/BestFreeKeyloggerLite Hotkey.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-084/BestFreeKeyloggerLite Password.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-086/BestFreeKeyloggerLite Password.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-086/BestFreeKeyloggerLite Hotkey.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-097/BestFreeKeyloggerLite AVs.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-116/BestFreeKeyloggerLite Uninstall.png"],"nonDeceptorImageFiles":["191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-040/BestFreeKeyloggerLite Hidden File.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-040/BestFreeKeyloggerLite Different Name.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite EULA.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite Install.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite About.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite Landing Page.png","191125/BestFreeKeyloggerLite-191121/6.1.0/Images/ACR-065/BestFreeKeyloggerLite Internal Offers.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_6.1.0_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"6.1.0","sigName":"Deceptor:Win32/BestFreeKeyloggerLiteStalkerware!048007084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":579},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a System Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"tmp3038.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"479977cb3fcbf001e879b4bfce4f1aed","hashSHA1":"53a4c1ee8b85d13a4d9f603a26656ff13ceb1fab","hashSHA256":"e5c63f676a31448d93b372c33f9c4d3277e51d57ac5af79c88ed9968b0c47472","sourceIndex":"2393","avBlockList":["360 Total Security (20210527)","Avast Premium Security (20210527)","AVG Internet Security (20210527)","Avira Internet Security (20210527)","Bitdefender Internet Security (20210527)","COMODO Antivirus (20210527)","Dr.Web Security Space (20210527)","ESET Internet Security (20210527)","G DATA INTERNET SECURITY (20210527)","K7 Total Security (20210527)","Kaspersky Internet Security (20210527)","Malwarebytes Premium (20210527)","McAfee Total Protection (20210527)","Norton Security (20210527)","Panda Dome (20210527)","Quick Heal Internet Security (20210527)","Sophos Home Premium (20210527)","SpyHunter5 (20210527)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20210527)","VIPRE Advanced Security (20210527)","VirIT eXplorer PRO (20210527)","Webroot SecureAnywhere (20210527)","Windows Defender (20210527)"],"avAllowList":["Trend Micro Internet Security (20210527)"]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.0","hashMD5":"bf92df38e3ed45c23d581fec2c15b4f9","hashSHA1":"861b97d980b1ad8f0b1b01ec034d3eb87a88869e","hashSHA256":"d69b238438fc9b322b3f9000da2b5514503f59b9abb38d2f2cbae956165c9179","sourceIndex":"2393","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"apps like spyrix\" - Google search","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://bestxsoftware.com/download/installer_free_v_6.1.0(password=1234).zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bestxsoftware.com/download/installer_free_v_6.1.0(password=1234).zip","sourceIndex":"2393"}],"sampleFiles":["200702/BestFreeKeyloggerLite-191121/7.0.0.0/Samples/tmp3038.exe","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Samples/syscrb.exe"],"imageFiles":["200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-048/Best Free Keylogger 6.2.0 Hidden.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-048/Best Free Keylogger 6.2.0 Hotkey.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-048/Best Free Keylogger 6.2.0 Password.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-007/Best Free Keylogger 6.2.0 Hotkey.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-007/Best Free Keylogger 6.2.0 Password.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-084/Best Free Keylogger 6.2.0 Password.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-084/Best Free Keylogger 6.2.0 Hotkey.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-086/Best Free Keylogger 6.2.0 Hotkey.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-086/Best Free Keylogger 6.2.0 Password.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-097/Best Free Keylogger 6.2.0 AV.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-116/Best Free Keylogger 6.2.0 Uninstall.png"],"nonDeceptorImageFiles":["200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-040/Best Free Keylogger 6.2.0 Task Manager.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-040/Hidden Folder.PNG","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-065/Best Free Keylogger 6.2.0 Install.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-065/Best Free Keylogger 6.2.0 EULA.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-065/Best Free Keylogger 6.2.0 About.png","200702/BestFreeKeyloggerLite-191121/7.0.0.0/Images/ACR-065/Best Free Keylogger 6.2.0 Landing Page.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.0.0.0_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.0.0.0","sigName":"Deceptor:Win32/KeyloggerLiteStalkerware!048007084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":578},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Invisible Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a System Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb\".\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"364b8c20431c6a3e16c74ee95df72812","hashSHA1":"b2cc270e553779a07dddd2166fd2ae91ff6c08c8","hashSHA256":"fa14795e8f77f95c1c71ef303244b3d2ef0dc247a75ba1daa39ea2c10118d1a2","sourceIndex":"2028","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","Trend Micro Internet Security (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":[]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.2","hashMD5":"f28631d4590de83bc41acf55c13494eb","hashSHA1":"d642b189c5888bb59c84e89ddacfb94b78fa3117","hashSHA256":"230a63075f0c79760ddf0f5f9ac99d85078ce4968ff1788b3f3837bf09231475","sourceIndex":"2028","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"apps like spyrix\" - Google search","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/index.html","directDownloadingLink":"https://mega.nz/b24ba4d5-504e-4575-844a-264cc58d00a2","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/b24ba4d5-504e-4575-844a-264cc58d00a2","sourceIndex":"2028"}],"sampleFiles":["201214/BestFreeKeyloggerLite-191121/7.2.0/Samples/installer_free.exe","201214/BestFreeKeyloggerLite-191121/7.2.0/Samples/syscrb.exe"],"imageFiles":["201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-048/Best Free Keylogger Lite_HiddenDirectory [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-048/Best Free Keylogger Lite_Interactions [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-014/Best Free Keylogger Lite_RunningProcess [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-084/Best Free Keylogger Lite_Interactions [4].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger 6.2.0 Hotkey.png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Interactions [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Settings [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Settings [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-086/Best Free Keylogger Lite_Settings [3].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-116/Best Free Keylogger Lite_ControlPanel [1].png"],"nonDeceptorImageFiles":["201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-038/Best Free Keylogger Lite_FileProperty [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-040/Best Free Keylogger 6.2.0 Task Manager.png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-040/Hidden Folder.PNG","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-045/Best Free Keylogger Lite_LandingPage [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-065/Best Free Keylogger Lite_Installs [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-065/Best Free Keylogger Lite_Installs [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-065/Best Free Keylogger Lite_About [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-065/Best Free Keylogger Lite_OfferPage [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-002/Best Free Keylogger Lite_RunningProcess [1].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-017/Best Free Keylogger Lite_LandingPage [2].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-092/Best Free Keylogger Lite_FileProperty [4].png","201214/BestFreeKeyloggerLite-191121/7.2.0/Images/ACR-167/Best Free Keylogger Lite_Refund Policy [1].png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.2.0_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.2.0","sigName":"Deceptor:Win32/BestFreeKeyloggerLiteStalkerware!048007014084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":577},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Invisible Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executables.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a8fa6cb61384f2cca02f262486d332c9","hashSHA1":"fa665ea98ce9f829aa1923b89a89a6f08ef32280","hashSHA256":"a5701e1d4cdb5599bfa5cb235f2099948c0404ba6708cb114ea668786c7ab57a","sourceIndex":"1987","avBlockList":["360 Total Security (20211111)","Avast Premium Security (20211111)","AVG Internet Security (20211111)","Avira Internet Security (20211111)","Bitdefender Internet Security (20211111)","COMODO Antivirus (20211111)","Dr.Web Security Space (20211111)","ESET Internet Security (20211111)","G DATA INTERNET SECURITY (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Tencent PC Manager (20211111)","Total AV Antivirus Pro (20211111)","Trend Micro Internet Security (20211111)","VIPRE Advanced Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":[]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.2","hashMD5":"647570f549305357a343a9d1182255ae","hashSHA1":"6b99c98e628f56e4c50d273bac64111f37c04bc1","hashSHA256":"d9bb076692dd72337ba6cac58f00430a38d4081843548ec4ea396adf150fd7a6","sourceIndex":"1987","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://mega.nz/77f81a20-7418-4409-82aa-469b4d4cebfd","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/77f81a20-7418-4409-82aa-469b4d4cebfd","sourceIndex":"1987"}],"sampleFiles":["210215/BestFreeKeyloggerLite-191121/7.2.1/Samples/installer_free.exe","210215/BestFreeKeyloggerLite-191121/7.2.1/Samples/syscrb.exe"],"imageFiles":["210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_HiddenDirectory [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [1] Hotkey.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [2] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [3] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [4] InvisibleMode.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-048/Best Free Keylogger_Interactions [6] HotkeyPassword.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [1] Hotkey.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [2] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [3] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [4] InvisibleMode.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [6] HotkeyPassword.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-007/Best Free Keylogger_Interactions [8] Monitoring.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-014/Best Free Keylogger_RunningProcess [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-084/Best Free Keylogger_Interactions [1] Hotkey.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-084/Best Free Keylogger_Interactions [2] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-084/Best Free Keylogger_Interactions [3] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-084/Best Free Keylogger_Interactions [4] InvisibleMode.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [1] Hotkey.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [2] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [3] Password.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [4] InvisibleMode.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [6] HotkeyPassword.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [7] Monitoring.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [8] Monitoring.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [9] Monitoring.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-086/Best Free Keylogger_Interactions [10] Report.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-097/Best Free Keylogger_Install [5] AntiVirusException.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-097/Best Free Keylogger_Interactions [12] AV FP.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-116/Best Free Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-038/Best Free Keylogger_FileProperty [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-038/Best Free Keylogger_FileProperty [2].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-040/Best Free Keylogger_HiddenDirectory [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-040/Best Free Keylogger_RunningProcess [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-045/Best Free Keylogger_LandingPage [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-045/Best Free Keylogger_LandingPage [2].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [2].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [3].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [4].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [5] AntiVirusException.png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_Install [6].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_About [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_LandingPage [5].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-065/Best Free Keylogger_OfferPage [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-002/Best Free Keylogger_RunningProcess [1].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-017/Best Free Keylogger_LandingPage [4].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-017/Best Free Keylogger_LandingPage [5].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-161/Best Free Keylogger_LandingPage [3].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-161/Best Free Keylogger_LandingPage [5].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-092/Best Free Keylogger_FileProperty [3].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-092/Best Free Keylogger_FileProperty [4].png","210215/BestFreeKeyloggerLite-191121/7.2.1/Images/ACR-167/Bestxsoftware Refund Policy.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.2.1_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.2.1","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":576},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer and main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6d91d0b5a69d9bdd4545c4b4b7f1d503","hashSHA1":"670ee669b56780c09dc13c0a54f0059b7520b5bc","hashSHA256":"76b3cf97dc43b13e6fb09272c6c18e2f020416011693623e57d95075042e408e","sourceIndex":"1980","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","COMODO Antivirus (20210601)","Dr.Web Security Space (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)","Windows Defender (20210601)"],"avAllowList":["Trend Micro Internet Security (20210601)"]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.2","hashMD5":"933880c74a7a5a3336c7515c9aea3ed9","hashSHA1":"fd529a7ff5e921c27efcd91ca6e0d7b121339c10","hashSHA256":"30a504d8d2b94f0a6f35552c8e9b828324c52d75236c6152d724ff03b09598e9","sourceIndex":"1980","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://mega.nz/6e106842-83e3-47b6-8c6d-26a35b822590","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/6e106842-83e3-47b6-8c6d-26a35b822590","sourceIndex":"1980"}],"sampleFiles":["210311/BestFreeKeyloggerLite-191121/7.2.2/Samples/installer_free.exe","210311/BestFreeKeyloggerLite-191121/7.2.2/Samples/syscrb.exe"],"imageFiles":["210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_HiddenDirectory [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_Interactions [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_Interactions [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_Interactions [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-048/Best Free Keylogger Lite_Interactions [6] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-007/Best Free Keylogger Lite_Interactions [6] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-014/Best Free Keylogger Lite_RunningProcess [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-084/Best Free Keylogger Lite_Interactions [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-084/Best Free Keylogger Lite_Interactions [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-084/Best Free Keylogger Lite_Interactions [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-084/Best Free Keylogger Lite_Interactions [6] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [6] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [7] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-086/Best Free Keylogger Lite_Interactions [8] Settings.png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-097/Best Free Keylogger Lite_Install [6].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-116/Best Free Keylogger Lite_ControlPanel [1].png"],"nonDeceptorImageFiles":["210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-038/Best Free Keylogger Lite_FileProperty [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-038/Best Free Keylogger Lite_FileProperty [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-040/Best Free Keylogger Lite_HiddenDirectory [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-040/Best Free Keylogger Lite_RunningProcess [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [6].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_Install [8].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger Lite_About [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger_LandingPage [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-065/Best Free Keylogger_OfferPage [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-002/Best Free Keylogger Lite_RunningProcess [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-017/Best Free Keylogger_LandingPage [1].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-017/Best Free Keylogger_LandingPage [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-161/Best Free Keylogger_LandingPage [3].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-092/Best Free Keylogger Lite_FileProperty [2].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-092/Best Free Keylogger Lite_FileProperty [4].png","210311/BestFreeKeyloggerLite-191121/7.2.2/Images/ACR-167/Best Free Keylogger_RefundPolicy [1].png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.2.2_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.2.2","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":575},{"violations":{"ACR-003":"The application exaggerates system files as being errors, thereby misleading or scaring user to take action.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"The Errors Displayed by App\n"},"nonDeceptorViolations":{"ACR-038":" The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-065":"The app's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe app has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's landing page does not have links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy.\nThe internal offer page does not display links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy.\n","ACR-002":"The App's version is not consistent between App install and internal offer page\nThe App's version is not consistent between App install and internal offer page\n","ACR-092":"The app does not provide Digital signatures for the main executables.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The app has no link to a webpage that shows how to uninstall the app.\nThe app's landing page does not show links to a webpage that shows how to uninstall the app. \nThe app's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DLLEscort_Setup.exe","isInstaller":"True","fileVersion":"2021.0","hashMD5":"be597e7c45939a9154f52ee1e1b589a4","hashSHA1":"b05c29939cb34ca209937012596d681e776cd5df","hashSHA256":"0704f5d269e8cf063f5c91f16b5fc540de2704a28fcf351dd3e540e65eb25838","sourceIndex":"1598","avBlockList":["Avast Premium Security (20240926)","AVG Internet Security (20240926)","Avira Internet Security (20240926)","Bitdefender Internet Security (20240926)","COMODO Antivirus (20240926)","Dr.Web Security Space (20240926)","ESET Internet Security (20240926)","G DATA INTERNET SECURITY (20240926)","Kaspersky Internet Security (20211104)","Malwarebytes Premium (20240926)","McAfee Total Protection (20240926)","Norton Security (20240926)","Panda Dome (20240926)","Quick Heal Internet Security (20240926)","Sophos Home Premium (20240926)","SpyHunter5 (20240926)","Tencent PC Manager (20211104)","Total AV Antivirus Pro (20240926)","Trend Micro Internet Security (20240926)","VIPRE Advanced Security (20240926)","VirIT eXplorer PRO (20240926)","Webroot SecureAnywhere (20240926)","Windows Defender (20240926)","FortectPremium (20240926)","KasperskyPremium (20240926)"],"avAllowList":["360 Total Security (20240926)","K7 Total Security (20240926)"]},{"isRevoked":"False","fileName":"DLLEscort.exe","fileVersion":"0.0","hashMD5":"4da6f289e5cf792c5d6943cca66b4dba","hashSHA1":"aeebcd42e7caa19e593a0b26b5e8f6e8c69635ec","hashSHA256":"d4903ee9bb895613c41de7dc9ef0cb57a32eba3b32cfecfe23b09635cd6e2770","sourceIndex":"1598","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLEscort_Setup[2].exe","isInstaller":"True","fileVersion":"2021.0","hashMD5":"0da81857e09e67edf1e1d3d435ed932f","hashSHA1":"2092dcd40266f56ce6e7417e1e2b930bea07a475","hashSHA256":"c7afc358a9e0b53910b91422eadb13fbfd36270bf6461222f069320a6d8f7d3e","sourceIndex":"1598","avBlockList":["Avast Premium Security (20241203)","AVG Internet Security (20241203)","Avira Internet Security (20241203)","Bitdefender Internet Security (20241203)","Dr.Web Security Space (20241203)","ESET Internet Security (20241203)","FortectPremium (20241203)","G DATA INTERNET SECURITY (20241203)","K7 Total Security (20241203)","KasperskyPremium (20241203)","Malwarebytes Premium (20241203)","McAfee Total Protection (20241203)","Norton Security (20241203)","Panda Dome (20241203)","Quick Heal Internet Security (20241203)","Sophos Home Premium (20241203)","SpyHunter5 (20241203)","Total AV Antivirus Pro (20241203)","Trend Micro Internet Security (20241203)","VIPRE Advanced Security (20241203)","VirIT eXplorer PRO (20241203)","Webroot SecureAnywhere (20241203)","Windows Defender (20241203)"],"avAllowList":["360 Total Security (20241203)","COMODO Antivirus (20241203)"]},{"isRevoked":"False","fileName":"DLLEscort_Setup [3].exe","isInstaller":"True","fileVersion":"2021.0","hashMD5":"7d18338703c7087c6edd283e813a16a7","hashSHA1":"5b6892dd09c4f601419f286c86241f25d9f45630","hashSHA256":"cf9a877114799de4b672fa766e57f1de3423c0d6e1e5300e679ea282be3913fa","sourceIndex":"1598","avBlockList":["Avast Premium Security (20241205)","AVG Internet Security (20241205)","Avira Internet Security (20241205)","Bitdefender Internet Security (20241205)","Dr.Web Security Space (20241205)","ESET Internet Security (20241205)","FortectPremium (20241205)","G DATA INTERNET SECURITY (20241205)","K7 Total Security (20241205)","KasperskyPremium (20241205)","Malwarebytes Premium (20241205)","McAfee Total Protection (20241205)","Norton Security (20241205)","Panda Dome (20241205)","Quick Heal Internet Security (20241205)","Sophos Home Premium (20241205)","SpyHunter5 (20241205)","Total AV Antivirus Pro (20241205)","Trend Micro Internet Security (20241205)","VIPRE Advanced Security (20241205)","VirIT eXplorer PRO (20241205)","Webroot SecureAnywhere (20241205)","Windows Defender (20241205)"],"avAllowList":["360 Total Security (20241205)","COMODO Antivirus (20241205)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://www.dllescort.com/","directDownloadingLink":"https://www.dllescort.com/DLLEscort_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dllescort.com/DLLEscort_Setup.exe","sourceIndex":"1598"}],"sampleFiles":["211221/DLLEscort-180424/2021/Samples/DLLEscort_Setup.exe","211221/DLLEscort-180424/2021/Samples/DLLEscort.exe","211221/DLLEscort-180424/2021/Samples/DLLEscort_Setup[2].exe","211221/DLLEscort-180424/2021/Samples/DLLEscort_Setup [3].exe"],"imageFiles":["211221/DLLEscort-180424/2021/Images/ACR-003/DLLEscort_Interactions [2].png","211221/DLLEscort-180424/2021/Images/ACR-003/DLLEscort_Interactions [3].png","211221/DLLEscort-180424/2021/Images/ACR-003/DLLEscort_Interactions [5].png","211221/DLLEscort-180424/2021/Images/ACR-003/DLLEscort_Interactions [4].png","211221/DLLEscort-180424/2021/Images/ACR-118/DLLEscort_RetainedFilesafterUninstall [1].png","211221/DLLEscort-180424/2021/Images/ACR-014/DLLEscort_Interactions [3].png","211221/DLLEscort-180424/2021/Images/ACR-004/DLLEscort_Interactions [3].png","211221/DLLEscort-180424/2021/Images/ACR-004/DLLEscort_Interactions [4].png"],"nonDeceptorImageFiles":["211221/DLLEscort-180424/2021/Images/ACR-038/DLLEscort_FileProperty [2].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_Install [1].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_Install [2].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_Install [3].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_Install [4].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_About [1].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_LandingPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_LandingPage [2].png","211221/DLLEscort-180424/2021/Images/ACR-065/DLLEscort_OfferPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-002/DLLEscort_Install [1].png","211221/DLLEscort-180424/2021/Images/ACR-002/DLLEscort_OfferPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-002/DLLEscort_OfferPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-002/DLLEscort_Install [1].png","211221/DLLEscort-180424/2021/Images/ACR-092/DLLEscort_FileProperty [3].png","211221/DLLEscort-180424/2021/Images/ACR-092/DLLEscort_FileProperty [4].png","211221/DLLEscort-180424/2021/Images/ACR-157/DLLEscort_FileProperty [3].png","211221/DLLEscort-180424/2021/Images/ACR-157/DLLEscort_FileProperty [4].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_About [1].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_About [2].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_LandingPage [1].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_LandingPage [2].png","211221/DLLEscort-180424/2021/Images/ACR-099/DLLEscort_OfferPage [1].png"],"guid":"b3608584-cd5b-445e-94b4-5a5e4962ef37_2021_1","appID":"DLLEscort-180424","dateAdded":"240909","deceptorType":"App","name":"DLLEscort","company":"DLLEscort","version":"2021","lastKnownStatus":"Deceptor:2.6.20;2021","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":568},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During the install, the app prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden Folder named \"Best Free Keylogger\" and it calls itself \"syscrb.exe\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\nThe internal offer page does not display link to the EULA or Terms of Service.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer and main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_free.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"085bc7150da060d96cc108210d673758","hashSHA1":"bf6f6511a29cb6afce8256d4d8aa1108723bec89","hashSHA256":"57531162faa76d830d70bc3a449de8ecd0bd9855142f7b66d68942870beea7be","sourceIndex":"1882","avBlockList":["360 Total Security (20211014)","Avast Premium Security (20211014)","AVG Internet Security (20211014)","Avira Internet Security (20211014)","Bitdefender Internet Security (20211014)","COMODO Antivirus (20211014)","Dr.Web Security Space (20211014)","ESET Internet Security (20211014)","G DATA INTERNET SECURITY (20211014)","K7 Total Security (20211014)","Kaspersky Internet Security (20211014)","Malwarebytes Premium (20211014)","McAfee Total Protection (20211014)","Norton Security (20211014)","Panda Dome (20211014)","Quick Heal Internet Security (20211014)","Sophos Home Premium (20211014)","SpyHunter5 (20211014)","Tencent PC Manager (20211014)","Total AV Antivirus Pro (20211014)","VIPRE Advanced Security (20211014)","VirIT eXplorer PRO (20211014)","Webroot SecureAnywhere (20211014)","Windows Defender (20211014)"],"avAllowList":["Trend Micro Internet Security (20211014)"]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.3","hashMD5":"68656c69143797a90784b73d62e8d5f0","hashSHA1":"8aeb3db313126b8e6c59ff81b7bbca90325f3d71","hashSHA256":"20ed885f26e43900dce1fca8a4bdc5ca53aadfa7f84c998754e4b7c483572e04","sourceIndex":"1882","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://bestxsoftware.com/","directDownloadingLink":"https://vc544.pcloud.com/dHZ46x571ZOKdQbgZZZ57Nbv7Z2ZZ92RZkZa719XZ4O61b9JSbJ0Oubuo2DkN3hSG59SV/installer_free.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vc544.pcloud.com/dHZ46x571ZOKdQbgZZZ57Nbv7Z2ZZ92RZkZa719XZ4O61b9JSbJ0Oubuo2DkN3hSG59SV/installer_free.exe","sourceIndex":"1882"}],"sampleFiles":["210623/BestFreeKeyloggerLite-191121/7.3.1/Samples/installer_free.exe","210623/BestFreeKeyloggerLite-191121/7.3.1/Samples/syscrb.exe"],"imageFiles":["210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Interactions [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Interactions [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Interactions [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Hidden Directory [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-048/Best Free Keylogger Lite_Files [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-007/Best Free Keylogger Lite_Interactions [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-007/Best Free Keylogger Lite_Interactions [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-007/Best Free Keylogger Lite_Interactions [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-007/Best Free Keylogger Lite_Settings [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-014/Best Free Keylogger Lite_RunningProcess [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-084/Best Free Keylogger Lite_Interactions [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-084/Best Free Keylogger Lite_Interactions [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-084/Best Free Keylogger Lite_Interactions [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-084/Best Free Keylogger Lite_Settings [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Interactions [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Interactions [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Interactions [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Settings [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Settings [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-086/Best Free Keylogger Lite_Settings [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-097/Best Free Keylogger Lite_Install [6].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-116/Best Free Keylogger Lite_ControlPanel [1].png"],"nonDeceptorImageFiles":["210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-038/Best Free Keylogger Lite_FileProperty [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-038/Best Free Keylogger Lite_FileProperty [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-040/Best Free Keylogger Lite_Files [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-040/Best Free Keylogger Lite_RunningProcess [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [4].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [6].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_Install [10].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_About [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Lite_About [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Pro_LandingPage.png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-065/Best Free Keylogger Pro_OfferPage [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-002/Best Free Keylogger Lite_RunningProcess [1].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-017/Best Free Keylogger Pro_LandingPage [3].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-161/Best Free Keylogger Pro_LandingPage [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-092/Best Free Keylogger Lite_FileProperty [2].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-092/Best Free Keylogger Lite_FileProperty [4].png","210623/BestFreeKeyloggerLite-191121/7.3.1/Images/ACR-167/Best Free Keylogger Pro_Bestxsoftware Refund Policy.png"],"guid":"a50d5e94-3fa8-4ad0-a41d-0fa937e65694_7.3.1_1","appID":"BestFreeKeyloggerLite-191121","dateAdded":"240909","deceptorType":"App","name":"Best Free Keylogger Lite","company":"Bestx Software","version":"7.3.1","sigName":"Deceptor:Win32/BestFreeKeyloggerLiteStalkerware!048007014084086097116","lastKnownStatus":"Deceptor: 6.1.0;7.0.0.0;7.2.0;7.2.1;7.2.2;7.3.1;7.4.0;7.4.1;8.0.1","lastKnownDate":"240909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-09-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":574},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Your Privacy might be at risk!\", \"Dangerous\" , \"Severe\" all in red/yellow colors thereby misleading or scaring the user to take action. The App also exaggerated the number of files found.\n","ACR-004":"The shows exaggerated word \"WARNING!\" and when you click the button \"clean now\" , it will redirect you to purchase the app to perform the action.\n\n","ACR-116":"The main executable file was left behind even after app shows uninstall completed.\n","ACR-118":"When uninstalled, it did not delete the main executable file.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" and \"Download Free Trial\" highlight \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not contain links to the app's Returns and Cancellations Policy, Privacy Policy. \nThe app does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified. \n","ACR-092":"The application does not have a digital signature.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-167":"There is no refund policy provided for this application.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"a6baf58dc4710add32aefb7e64b17f9b","hashSHA1":"58f127b37fbf4d47d3dcb827e31086f012a39881","hashSHA256":"08119a44a3e8698dd2b890273ddc05b6aec31734c23a8fccb64d2e322d076135","sourceIndex":"2114","avBlockList":["360 Total Security (20200928)","Avast Premium Security (20200928)","AVG Internet Security (20200928)","Avira Internet Security (20200928)","Bitdefender Internet Security (20200928)","ESET Internet Security (20200928)","G DATA INTERNET SECURITY (20200928)","K7 Total Security (20200928)","Kaspersky Internet Security (20200928)","Malwarebytes Premium (20200928)","McAfee Total Protection (20200928)","Norton Security (20200928)","Panda Dome (20200928)","Quick Heal Internet Security (20200928)","Sophos Home Premium (20200928)","SpyHunter5 (20200928)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20200928)","Trend Micro Internet Security (20200928)","VIPRE Advanced Security (20200928)","VirIT eXplorer PRO (20200928)","Webroot SecureAnywhere (20200928)","Windows Defender (20200928)"],"avAllowList":["COMODO Antivirus (20200928)","Dr.Web Security Space (20200928)"]},{"isRevoked":"False","fileName":"Cleandrive.exe","companyName":"(C) GSA","fileVersion":"3.5","hashMD5":"0260775a94a8735ab26fc266fc28c644","hashSHA1":"2148367cd6f8bbc7340a5de8b6eb0eacdd615d1a","hashSHA256":"0228f8189bea2bc75358a0356b9d88357e901fc3d98c2309ff4a59e34026493d","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"2114","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.gsa-online.de/","landingPage":"https://www.gsa-online.de/product/cleandrive/#","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"2114"}],"sampleFiles":["200902/GSACleanDrive-181211/3.50/Samples/cleandrive_setup.exe","200902/GSACleanDrive-181211/3.50/Samples/CleanDrive.exe"],"imageFiles":["200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [2] Scanning.png","200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [3] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [5] Register.png","200902/GSACleanDrive-181211/3.50/Images/ACR-003/GSA CleanDrive_Interaction [6] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-014/GSA CleanDrive_Interaction [3] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [2] Scanning.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [3] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [4] Register.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [5] Register.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_Interaction [6] ScanResults.png","200902/GSACleanDrive-181211/3.50/Images/ACR-004/GSA CleanDrive_OfferPage [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [2].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [3].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [4].png","200902/GSACleanDrive-181211/3.50/Images/ACR-116/GSA_CleanDrive_Uninstall [6] RetainedFile.png","200902/GSACleanDrive-181211/3.50/Images/ACR-118/GSA_CleanDrive_Uninstall [4].png","200902/GSACleanDrive-181211/3.50/Images/ACR-118/GSA_CleanDrive_Uninstall [6] RetainedFile.png"],"nonDeceptorImageFiles":["200902/GSACleanDrive-181211/3.50/Images/ACR-099/GSA CleanDrive_Interaction [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-099/GSA CleanDrive_Interaction [8] Settings.png","200902/GSACleanDrive-181211/3.50/Images/ACR-099/GSA CleanDrive_LandingPage [5].png","200902/GSACleanDrive-181211/3.50/Images/ACR-099/GSA CleanDrive_LandingPage [6].png","200902/GSACleanDrive-181211/3.50/Images/ACR-161/GSA CleanDrive_LandingPage [1] Testimonials.png","200902/GSACleanDrive-181211/3.50/Images/ACR-167/GSA_CleanDrive_RefundPolicy[1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-045/GSA CleanDrive_LandingPage [3] Download Free Trial.png","200902/GSACleanDrive-181211/3.50/Images/ACR-045/GSA CleanDrive_LandingPage [3] Free Download.png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Install [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Install [2].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Install [5].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Interaction [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Interaction [7] Settings.png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_Interaction [8] Settings.png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_LandingPage [5].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_LandingPage [6].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_LandingPage [7].png","200902/GSACleanDrive-181211/3.50/Images/ACR-065/GSA CleanDrive_LandingPage [8].png","200902/GSACleanDrive-181211/3.50/Images/ACR-092/GSA CleanDrive_Installer_Unsigned [1].png","200902/GSACleanDrive-181211/3.50/Images/ACR-092/GSA CleanDrive_Installer_Unsigned [2].png","200902/GSACleanDrive-181211/3.50/Images/ACR-166/GSA CleanDrive_OfferPage [1].png"],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.50_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.50","sigName":"Deceptor:Win32/GSACleanDrive!003014004116118","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":581},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Your Privacy might be at risk!\", \"Dangerous\" , \"Severe\" all in red/yellow colors thereby misleading or scaring the user to take action. The App also exaggerated the number of files found.\n","ACR-004":"The shows exaggerated word \"WARNING!\" and when you click the button \"clean now\" , it will redirect you to purchase the app to perform the action.\n\n","ACR-116":"The main executable file was left behind even after app shows uninstall completed.\n","ACR-118":"When uninstalled, it did not delete the main executable file.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not contain links to the app's Returns and Cancellations Policy, Privacy Policy. \nThe app does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified. \n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-167":"There is no refund policy provided for this application.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"59b8a6e478a1c4163ee9ceb8e775d75a","hashSHA1":"2531158e300a706c9da1e5814ee51d918b139603","hashSHA256":"0b6ff8e1888a47b067aabe4e9c408ead19a72819c835c106e9b416cf4dec8492","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"2123","avBlockList":["360 Total Security (20200903)","Avast Premium Security (20200903)","AVG Internet Security (20200903)","Avira Internet Security (20200903)","Bitdefender Internet Security (20200903)","ESET Internet Security (20200903)","G DATA INTERNET SECURITY (20200903)","K7 Total Security (20200903)","Kaspersky Internet Security (20200903)","Malwarebytes Premium (20200903)","McAfee Total Protection (20200903)","Norton Security (20200903)","Panda Dome (20200903)","Sophos Home Premium (20200903)","SpyHunter5 (20200903)","Tencent PC Manager (20200903)","Total AV Antivirus Pro (20200903)","Trend Micro Internet Security (20200903)","VIPRE Advanced Security (20200903)","VirIT eXplorer PRO (20200903)","Windows Defender (20200903)"],"avAllowList":["COMODO Antivirus (20200903)","Dr.Web Security Space (20200903)","Quick Heal Internet Security (20200903)","Webroot SecureAnywhere (20200903)"]},{"isRevoked":"False","fileName":"CleanDrive.exe","companyName":"GSA","fileVersion":"3.4","hashMD5":"979cf3bc17fdc1be24f9fb3a2ae19ce4","hashSHA1":"46df96bd756cd52806eec8a8b4eb049ad237be70","hashSHA256":"e3189eb788ddbf0ba8a58795495712bd352716f49df922f63674e94dc63992d2","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"2123","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.gsa-online.de/product/cleandrive/#","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"2123"}],"sampleFiles":["200825/GSACleanDrive-181211/3.49/Samples/cleandrive_setup.exe","200825/GSACleanDrive-181211/3.49/Samples/CleanDrive.exe"],"imageFiles":["200825/GSACleanDrive-181211/3.49/Images/ACR-003/GSA_CleanDrive_Interaction [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-003/GSA_CleanDrive_Interaction [3] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-003/GSA_CleanDrive_Interaction [4] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-003/GSA_CleanDrive_Interaction [5] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-014/GSA_CleanDrive_Interaction [3] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-004/GSA_CleanDrive_Interaction [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-004/GSA_CleanDrive_Interaction [2] Scanning.png","200825/GSACleanDrive-181211/3.49/Images/ACR-004/GSA_CleanDrive_Interaction [3] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-004/GSA_CleanDrive_Interaction [4] ScanResults.png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [2].png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [3].png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [4].png","200825/GSACleanDrive-181211/3.49/Images/ACR-116/GSA_CleanDrive_Uninstall [5] RetainedFile.png","200825/GSACleanDrive-181211/3.49/Images/ACR-118/GSA_CleanDrive_Uninstall [4].png","200825/GSACleanDrive-181211/3.49/Images/ACR-118/GSA_CleanDrive_Uninstall [5] RetainedFile.png"],"nonDeceptorImageFiles":["200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_Interaction [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_Settings [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_LandingPage [6].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_LandingPage [5].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_Manuals [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-099/GSA_CleanDrive_Manuals [2].png","200825/GSACleanDrive-181211/3.49/Images/ACR-161/GSA_CleanDrive_LandingPage [2] Testimonials.png","200825/GSACleanDrive-181211/3.49/Images/ACR-167/GSA_CleanDrive_LandingPage [4] Refund.png","200825/GSACleanDrive-181211/3.49/Images/ACR-045/GSA_CleanDrive_LandingPage [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Install [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Install [2].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Install [4].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Interaction [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_Settings [1].png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_LandingPage_.png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_LandingPage.png","200825/GSACleanDrive-181211/3.49/Images/ACR-065/GSA_CleanDrive_LandingPage [5].png","200825/GSACleanDrive-181211/3.49/Images/ACR-166/GSA_CleanDrive_OfferPage.png"],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.49_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.49","sigName":"Deceptor:Win32/GSACleanDrive!003014004116118","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":582},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Your Privacy might be at risk!\", \"Dangerous\" , \"Severe\" all in red/yellow colors thereby misleading or scaring the user to take action. The App also exaggerated the number of files found.\n","ACR-004":"The shows exaggerated word \"WARNING!\" and when you click the button \"clean now\" , it will redirect you to purchase the app to perform the action.\n\n","ACR-116":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-118":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not contain links to the app's Returns and Cancellations Policy, Privacy Policy. \nThe app does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified. \n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-167":"There is no refund policy provided for this application.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"893f02e34be55f23bf3fcc931d4a2233","hashSHA1":"cf81890668665120d5c2de923cdc2aae6a459391","hashSHA256":"97e55c8d1b66e6b88ef3ab11940698fe2f14dec08648617e01a4f5bd557477b7","digitalCertThumbprint":"17DFFBAB0931DFAFD29EBEFD77A561E4F5B2C0DF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, O=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, STREET=Krischanweg 7, L=Rostock, S=Mecklenburg Vorpommern, PostalCode=18069, C=DE","sourceIndex":"2144","avBlockList":["360 Total Security (20200813)","Avast Premium Security (20200813)","AVG Internet Security (20200813)","Avira Internet Security (20200813)","Bitdefender Internet Security (20200813)","Dr.Web Security Space (20200813)","ESET Internet Security (20200813)","G DATA INTERNET SECURITY (20200813)","K7 Total Security (20200813)","Malwarebytes Premium (20200813)","McAfee Total Protection (20200813)","Norton Security (20200813)","Panda Dome (20200813)","Sophos Home Premium (20200813)","Tencent PC Manager (20200813)","Total AV Antivirus Pro (20200813)","VIPRE Advanced Security (20200813)","VirIT eXplorer PRO (20200813)","Webroot SecureAnywhere (20200813)","Windows Defender (20200813)","Kaspersky Internet Security (20200813)"],"avAllowList":["COMODO Antivirus (20200813)","Quick Heal Internet Security (20200813)","SpyHunter5 (20200813)","Trend Micro Internet Security (20200813)"]},{"isRevoked":"False","fileName":"CleanDrive.exe","companyName":"GSA","fileVersion":"3.4","hashMD5":"e7dd798f92951bb81cea3a037277cdd0","hashSHA1":"019962765210075c40f754388012859dac8650e0","hashSHA256":"b1680bb8a194b753fc04ad4f544496650f872ca6a6dbb2ad182e2aa1154a046a","digitalCertThumbprint":"17DFFBAB0931DFAFD29EBEFD77A561E4F5B2C0DF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, O=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, STREET=Krischanweg 7, L=Rostock, S=Mecklenburg Vorpommern, PostalCode=18069, C=DE","sourceIndex":"2144","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"clean drive\"","reference":"","landingPage":"https://www.gsa-online.de/product/cleandrive/#","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"2144"}],"sampleFiles":["200727/GSACleanDrive-181211/3.48/Samples/cleandrive_setup.exe","200727/GSACleanDrive-181211/3.48/Samples/CleanDrive.exe"],"imageFiles":["200727/GSACleanDrive-181211/3.48/Images/ACR-003/CleanDrive_Interaction [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-003/CleanDrive_Interaction [1]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-003/CleanDrive_Interaction [2]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-003/CleanDrive_Interaction [3].png","200727/GSACleanDrive-181211/3.48/Images/ACR-014/CleanDrive_Interaction [4].png","200727/GSACleanDrive-181211/3.48/Images/ACR-004/CleanDrive_Interaction [1]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-004/CleanDrive_Interaction [2]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-004/CleanDrive_Interaction [3]_.png","200727/GSACleanDrive-181211/3.48/Images/ACR-116/CleanDrive_Uninstall [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-116/CleanDrive_Uninstall [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-116/CleanDrive_Uninstall [3].png","200727/GSACleanDrive-181211/3.48/Images/ACR-116/CleanDrive_Uninstall [4].png"],"nonDeceptorImageFiles":["200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Interaction [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Settings [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Settings [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_LandingPage [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Manuals and Documentation [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-099/CleanDrive_Manuals and Documentation [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-161/CleanDrive_LandingPage [3].png","200727/GSACleanDrive-181211/3.48/Images/ACR-167/CleanDrive_Refund [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-045/CleanDrive_LandingPage [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-045/CleanDrive_LandingPage [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Install [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Install [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Install [3].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Interaction [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Settings [1].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_Settings [2].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_LandingPage [4].png","200727/GSACleanDrive-181211/3.48/Images/ACR-065/CleanDrive_LandingPage [5].png","200727/GSACleanDrive-181211/3.48/Images/ACR-166/CleanDrive_OfferPage [1].png"],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.48_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.48","sigName":"Deceptor:Win32/GSACleanDrive!003014004116118","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":583},{"violations":{"ACR-003":"App makes exaggerated claims about the system's health (displaying the status as \"Your Privacy might be at risk!\", \"Dangerous\" all in red/yellow colors); , thereby misleading or scaring the user to take action. The App also exaggerated the number of files found.\n","ACR-004":" shows exaggerated word \"WARNING!\" and when you click the button \"clean now\" or \"repair now!\" it will redirect you to purchase the app to perfrom the action.\n\n","ACR-116":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-118":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{"ACR-161":" The application's landing page displays testimonials that are not specific to the app and does not provide any links back to a source so they can be verified. \n\n","ACR-099":"  The application has no link or information that shows how it can be uninstalled. Even in the Landing page and documentations page.\n\n","ACR-167":"There is no refund policy provided for this application.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GSA Cleandrive\\CleanDrive.exe","companyName":"GSA","productName":"GSA Cleandrive","productVersion":"3.47","fileVersion":"3.4.7.0","hashMD5":"9e8ad63b85ae298ad5a203e320db1395","hashSHA1":"f2e264cec500136cc451d795395fcafe88839dd0","hashSHA256":"6d8dba0c4df38b8f410fab2255fc1fcfc377e16c44f180a2a0875bf36d6164a5","digitalCertThumbprint":"765B93721F53918B60F79D99C312EB27B1B6D03F","sourceIndex":"3496","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","productName":"GSA Cleandrive                                              ","productVersion":"3.47","fileVersion":"                    ","hashMD5":"931ef83dcbeeaf7a4d2a9e5023f0f1fd","hashSHA1":"0914803f93ad6a10e36e08a2c262955600ccbef0","hashSHA256":"589c71e5917fa94a049ba5e66acdbf4eb019a7b5b733d4aa6852942d4743445b","digitalCertThumbprint":"765B93721F53918B60F79D99C312EB27B1B6D03F","sourceIndex":"3496","avBlockList":["Avast Internet Security (20190309)","AVG Internet Security (20200820)","Avira Internet Security (20200820)","Bitdefender Internet Security (20200820)","ESET Internet Security (20200820)","G DATA INTERNET SECURITY (20200820)","K7 Total Security (20200820)","Kaspersky Internet Security (20200820)","Malwarebytes Premium (20200820)","McAfee Total Protection (20200820)","Norton Security (20200820)","Panda Dome (20200820)","Sophos Home Premium (20200820)","Trend Micro Internet Security (20200820)","VirIT eXplorer PRO (20200820)","Webroot SecureAnywhere (20200820)","Windows Defender (20200820)","Avast Premium Security (20200820)","Quick Heal Internet Security (20200820)","SpyHunter5 (20200820)","Tencent PC Manager (20200820)","Total AV Antivirus Pro (20200820)","VIPRE Advanced Security (20200820)"],"avAllowList":["360 Total Security (20200820)","COMODO Antivirus (20200820)","Dr.Web Security Space (20200820)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GSA Cleandrive\\unins000.exe","fileVersion":"51.52.0.0","hashMD5":"738fec13c6da09846941b2500a28a5f2","hashSHA1":"b90241ef9879ccc59bbe55b1cae5dfea5180bc63","hashSHA256":"c19f34be054d9cda4fb9fede5c7ec2e5a7005f98441d17849cf2a3fea00d4f7c","digitalCertThumbprint":"765B93721F53918B60F79D99C312EB27B1B6D03F","sourceIndex":"3496","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.gsa-online.de/product/cleandrive/#","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"3496"}],"sampleFiles":["181213/GSACleanDrive-181211/3.47/Samples/cleandrive_setup.exe"],"imageFiles":["181213/GSACleanDrive-181211/3.47/Images/ACR-003/exagg.png","181213/GSACleanDrive-181211/3.47/Images/ACR-003/exagg2.png","181213/GSACleanDrive-181211/3.47/Images/ACR-014/014.png","181213/GSACleanDrive-181211/3.47/Images/ACR-004/004.png","181213/GSACleanDrive-181211/3.47/Images/ACR-116/uninstall.png","181213/GSACleanDrive-181211/3.47/Images/ACR-118/uninstall.png"],"nonDeceptorImageFiles":["181213/GSACleanDrive-181211/3.47/Images/ACR-099/manuals.png","181213/GSACleanDrive-181211/3.47/Images/ACR-161/reviews.png","181213/GSACleanDrive-181211/3.47/Images/ACR-167/no_refund.png"],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.47_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.47","sigName":"Deceptor:Win32/GSACleanDrive!003004014116118","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":584},{"violations":{"ACR-003":"The app exaggerates urgency using words like \"Your Privacy might be at risk!\", \"Dangerous\", \"Severe\" and \"Warning\" using red/yellow colors thereby misleading or scaring the user to take action. \n","ACR-004":"The app uses exaggerated or alarming colors and words such as \"Your Privacy is at risk!\", \"Dangerous\", \"Severe\" and \"Warning\" in red/yellow colors across the app.\n\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"App implies that files scanned are \"dangerous\" even though they are just windows temp or log files,which is misleading.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cleandrive_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"ff1cdb6f390200ea0815f892c6fd61d7","hashSHA1":"fefccc69c0e13e0a2d69a69defe745d7695ca668","hashSHA256":"939ec6385c7e5164365bdfd6ded513b21e4bd054116ee9e526cc81f44f661cfa","digitalCertThumbprint":"7B8989255FBBF3DEF398FA0A92BC99F085E204BF","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=GSA Gesellschaft f. Softwareentwicklung u. Analytik GmbH, SERIALNUMBER=HRB 12514, O=GSA Gesellschaft f. Softwareentwicklung u. Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"556","avBlockList":["360 Total Security (20240924)","Avast Premium Security (20240924)","AVG Internet Security (20240924)","Avira Internet Security (20240924)","ESET Internet Security (20240924)","FortectPremium (20240924)","K7 Total Security (20240924)","Malwarebytes Premium (20240924)","Norton Security (20240924)","Panda Dome (20240924)","Quick Heal Internet Security (20240924)","Sophos Home Premium (20240924)","SpyHunter5 (20240924)","Total AV Antivirus Pro (20240924)","VirIT eXplorer PRO (20240924)","Webroot SecureAnywhere (20240924)"],"avAllowList":["Bitdefender Internet Security (20240924)","COMODO Antivirus (20240924)","Dr.Web Security Space (20240924)","G DATA INTERNET SECURITY (20240924)","KasperskyPremium (20240924)","McAfee Total Protection (20240924)","Trend Micro Internet Security (20240924)","VIPRE Advanced Security (20240924)","Windows Defender (20240924)"]},{"isRevoked":"False","fileName":"Cleandrive.exe","companyName":"(C) GSA","fileVersion":"3.5","hashMD5":"dd821e3324b40f5bf2a774c37e941d40","hashSHA1":"a84df271be4905eedf47ae705014332622c99c13","hashSHA256":"256d72b2e9f46d7d3fdc73b35d33cffb24556f8f3e8dd3fdb025049415bdf036","digitalCertThumbprint":"7B8989255FBBF3DEF398FA0A92BC99F085E204BF","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=GSA Gesellschaft f. Softwareentwicklung u. Analytik GmbH, SERIALNUMBER=HRB 12514, O=GSA Gesellschaft f. Softwareentwicklung u. Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"556","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.gsa-online.de/product/cleandrive/","directDownloadingLink":"https://www.gsa-online.de/download/cleandrive_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/cleandrive_setup.exe","sourceIndex":"556"}],"sampleFiles":["240905/GSACleanDrive-181211/3.52/Samples/cleandrive_setup.exe"],"imageFiles":["240905/GSACleanDrive-181211/3.52/Images/ACR-003/ACR-003.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-003/ACR-003_1.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-003/ACR-003_2.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-003/ACR-003_4.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-014/ACR-014.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-004/ACR-003_4.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-004/ACR-004.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-004/ACR-004_1.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-004/ACR-004_2.PNG","240905/GSACleanDrive-181211/3.52/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":[],"guid":"71869226-ba42-4a62-be52-fbb96e04c4b5_3.52_1","appID":"GSACleanDrive-181211","dateAdded":"240905","deceptorType":"App","name":"GSA CleanDrive","company":"GSA GmbH","version":"3.52","lastKnownStatus":"Deceptor:3.47;3.48;3.49;3.50;3.52","lastKnownDate":"240905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:23.7844056+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":580},{"violations":{"ACR-004":"The app does not provide free fixes for free scan results.\n","ACR-084":"The app does not list its own software in the \" App Uninstaller\"   under Cleanup Tools category.\n"},"nonDeceptorViolations":{"ACR-045":"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA or the Privacy Policy.\nThe app does not display links to the EULA or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c5690007c6aacae502f9048e310ba242","hashSHA1":"6d1f2039c0c4f5ef90fc474477ed3837b424e6df","hashSHA256":"b265cfca98a03fe196b63733ad4331f396365839ee8f0a451e6b273f21af188b","sourceIndex":"558","avBlockList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","ESET Cyber Security Pro for Mac (20241010)","Norton Security for Mac (20241010)","Sophos Home Premium For Mac (20241010)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["G DATA AntiVirus for Mac (20241010)","K7 Antivirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","McAfee Internet Security for Mac (20241010)"]},{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"eee3f91c07556011241c3eb70287ec73","hashSHA1":"b98c94f25d653414e4a01f1123ff627c3221b156","hashSHA256":"fe5f217c45c15aa2c59b270e545201b92181b294d519f3ba14522fbc675f4d97","sourceIndex":"558","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean%20Security%20Engine","fileVersion":"0.","hashMD5":"10bf34e4a490bac9ab6db6cc803a3deb","hashSHA1":"c23e3e21ae24ff6126c7f16327b9fee334a329d3","hashSHA256":"c79ca7346f2c6b724b467e6b3173db32e4183851a34b22d983aaf53aa671208f","sourceIndex":"558","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://dl.imobie.com/macclean-en-mac.dmg ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.imobie.com/macclean-en-mac.dmg ","sourceIndex":"558"}],"sampleFiles":["240904/MacClean-200709/3.6.2/Samples/macclean-en-mac.dmg","240904/MacClean-200709/3.6.2/Samples/MacClean","240904/MacClean-200709/3.6.2/Samples/MacClean%20Security%20Engine"],"imageFiles":["240904/MacClean-200709/3.6.2/Images/ACR-004/App12.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App13.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App14.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App15.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App16.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App17.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App18.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App19.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App20.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App21.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App23.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App24.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App25.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App26.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App27.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App28.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App29.png","240904/MacClean-200709/3.6.2/Images/ACR-004/App30.png","240904/MacClean-200709/3.6.2/Images/ACR-084/App27.png"],"nonDeceptorImageFiles":["240904/MacClean-200709/3.6.2/Images/ACR-045/MacClean 3 - Clean Optimize and Protect Your Mac from Malicious Threats1.png","240904/MacClean-200709/3.6.2/Images/ACR-065/install1.png","240904/MacClean-200709/3.6.2/Images/ACR-065/install2.png","240904/MacClean-200709/3.6.2/Images/ACR-065/App1.png","240904/MacClean-200709/3.6.2/Images/ACR-065/App11.png"],"guid":"faf555e4-4190-4970-9443-c16ce99d94a1_3.6.2_1","appID":"MacClean-200709","dateAdded":"240904","deceptorType":"MacOS App","name":"Mac Clean","company":"iMobie Inc.","version":"3.6.2","lastKnownStatus":"3.6.2","lastKnownDate":"240904","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-04T21:58:03.8251964+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":585},{"violations":{"ACR-004":"The app does not provide free fixes for free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or the Privacy Policy.\nThe app does not display links to the EULA or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e4efa913b18a2ec3e07f784b12449fc303ec8029d3b042ddeae933c94b77878c","sourceIndex":"2003","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4dc65f7e0b4133ec257a613ff648922b","hashSHA1":"ed0ed49badadc73dadad7a9a7bf89ac0ccdbfc24","hashSHA256":"34ac5e7334da3494b9fcfcd2e13cf9dd247024c716b080db64f37a897252a28a","sourceIndex":"2003","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"MacClean_","fileVersion":"0.","hashMD5":"a222ffc4ffd7a665b54c807d4dc7c889","hashSHA1":"c21e01b4b993a10f99573e09334ce106cf7756f0","hashSHA256":"d553c0038c68b512a540cc2dfd9c4573201c60ce92191a0cbfe426db9659d882","sourceIndex":"2003","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac_.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"1d38982f342791150559287ecc4e43df","hashSHA1":"daa2e4bb89f683ace20b6a7519cc9d9c429f8bfa","hashSHA256":"ba88055972a8c01bf31aa9748b34ebc8ea54b90775ae29103c2455dbb320fcc6","sourceIndex":"2003","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","K7 Antivirus for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["Kaspersky Internet Security for Mac (20210511)","McAfee Internet Security for Mac (20210511)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/macclean/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imobie.com/macclean/download.htm","sourceIndex":"2003"}],"sampleFiles":["210112/MacClean-200709/3.6.0/Samples/MacClean","210112/MacClean-200709/3.6.0/Samples/macclean-en-mac.dmg","210112/MacClean-200709/3.6.0/Samples/MacClean_","210112/MacClean-200709/3.6.0/Samples/macclean-en-mac_.dmg"],"imageFiles":["210112/MacClean-200709/3.6.0/Images/ACR-004/MacClean 004 1.gif","210112/MacClean-200709/3.6.0/Images/ACR-004/MacClean 004 2.gif"],"nonDeceptorImageFiles":["210112/MacClean-200709/3.6.0/Images/ACR-065/MacClean Install.png","210112/MacClean-200709/3.6.0/Images/ACR-065/MacClean About.png","210112/MacClean-200709/3.6.0/Images/ACR-099/MacClean About.png","210112/MacClean-200709/3.6.0/Images/ACR-099/MacClean Landing Page.png","210112/MacClean-200709/3.6.0/Images/ACR-099/MacClean Internal Offers.png"],"guid":"faf555e4-4190-4970-9443-c16ce99d94a1_3.6.0_1","appID":"MacClean-200709","dateAdded":"240904","deceptorType":"MacOS App","name":"Mac Clean","company":"iMobie Inc.","version":"3.6.0","sigName":"Deceptor:MacOS/MacClean!004","lastKnownStatus":"3.6.2","lastKnownDate":"240904","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-09-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":586},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation files inside of the System32 folder with random filename.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself  into random executable files, which is not related to the name \"PC Agent\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory , using random filename which is completely unrelated to the app name. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and its Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the main executables.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCagent.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"687d315df4c000d1afd8dd825e084658","hashSHA1":"483220368480eb5c0c4f55723804e8c493a3fd62","hashSHA256":"38d925e450bd6f0536fe8c26e49de7f7ce527d6ac19b587830e206f1ad4fb2b7","sourceIndex":"1854","avBlockList":["360 Total Security (20211005)","Avast Premium Security (20211005)","AVG Internet Security (20211005)","Avira Internet Security (20211005)","Bitdefender Internet Security (20211005)","Dr.Web Security Space (20211005)","ESET Internet Security (20211005)","G DATA INTERNET SECURITY (20211005)","K7 Total Security (20211005)","Kaspersky Internet Security (20211005)","Malwarebytes Premium (20211005)","McAfee Total Protection (20211005)","Norton Security (20211005)","Panda Dome (20211005)","Quick Heal Internet Security (20211005)","Sophos Home Premium (20211005)","SpyHunter5 (20211005)","Tencent PC Manager (20211005)","Total AV Antivirus Pro (20211005)","Trend Micro Internet Security (20211005)","VIPRE Advanced Security (20211005)","VirIT eXplorer PRO (20211005)","Webroot SecureAnywhere (20211005)","Windows Defender (20211005)"],"avAllowList":["COMODO Antivirus (20211005)"]},{"isRevoked":"False","fileName":"qoxodi.dll","fileVersion":"0.0","hashMD5":"350a5b909e929d64ca142816ee35097e","hashSHA1":"5fe8ed43de2d45352be1c9fb97c06f15a5545b2c","hashSHA256":"44cebadee754b7eb03e625d4abebe63f924e798868acae91f5be82e5ae88992a","sourceIndex":"1854","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qoxodi.exe","fileVersion":"1.0","hashMD5":"bd7dfe9b1bb6e914424d3afee499dfa6","hashSHA1":"04e1f912c4c674d084f55d5844e00397997785f0","hashSHA256":"e8ab599883df58a6459797abdf3097a5314c3a675af3ca6017ff082a79b44344","sourceIndex":"1854","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCagent [2].exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"a601d4d3f892a86845523dea186de83d","hashSHA1":"667246ec96f859d21a8ebbc774832580d7374fad","hashSHA256":"f80429a5310cc1dff9bb475a6bb61978a1923c0ead012a728fdcfc0213f021b4","sourceIndex":"1854","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"yipoge.dll","fileVersion":"0.0","hashMD5":"c106dc77773d80ba476e9c135300bdd3","hashSHA1":"fd186177abf59c9bea8b0b061a77320952cf0127","hashSHA256":"74e927d62e0d8dc02885dd25abd303d605eef718950f7174b55dc4930762d996","sourceIndex":"1854","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"yipoge.exe","fileVersion":"1.0","hashMD5":"ca0bf7ccb1f010f755bd030b03b1c786","hashSHA1":"ae04b76f9b58604f24ba63c6782e7e54d10fef61","hashSHA256":"086e40141f2f0aa4e52a61f8ec6647367560f77f63b3b9826dc6a6c88dc186ed","sourceIndex":"1854","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/pc-agent/","directDownloadingLink":"http://www.blue-series.com/downloads/4d3a846b7c8f838db189f9ff1cf9b4661a0756fe/PCagent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.blue-series.com/downloads/4d3a846b7c8f838db189f9ff1cf9b4661a0756fe/PCagent.exe","sourceIndex":"1854"}],"sampleFiles":["210622/PCAgent-210301/8.55/Samples/PCagent.exe","210622/PCAgent-210301/8.55/Samples/qoxodi.dll","210622/PCAgent-210301/8.55/Samples/qoxodi.exe","210622/PCAgent-210301/8.55/Samples/PCagent [2].exe","210622/PCAgent-210301/8.55/Samples/yipoge.dll","210622/PCAgent-210301/8.55/Samples/yipoge.exe"],"imageFiles":["210622/PCAgent-210301/8.55/Images/ACR-084/PCagent_Files [1].png","210622/PCAgent-210301/8.55/Images/ACR-084/PCagent_RunningProcess [1].png","210622/PCAgent-210301/8.55/Images/ACR-084/PCagent_Settings [5_].png","210622/PCAgent-210301/8.55/Images/ACR-086/PCagent_Settings [6].png","210622/PCAgent-210301/8.55/Images/ACR-086/PCagent_Settings [7].png","210622/PCAgent-210301/8.55/Images/ACR-086/PCagent_Settings [8].png","210622/PCAgent-210301/8.55/Images/ACR-048/PCagent_Settings [5_].png","210622/PCAgent-210301/8.55/Images/ACR-014/PCagent_Files [1].png","210622/PCAgent-210301/8.55/Images/ACR-014/PCagent_RunningProcess [1].png","210622/PCAgent-210301/8.55/Images/ACR-116/PCagent_ControlPanel [1].png"],"nonDeceptorImageFiles":["210622/PCAgent-210301/8.55/Images/ACR-038/PCagent_FileProperty [1].png","210622/PCAgent-210301/8.55/Images/ACR-038/PCagent_FileProperty [3].png","210622/PCAgent-210301/8.55/Images/ACR-040/PCagent_Files [1].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_Install [1].png","210622/PCAgent-210301/8.55/Images/ACR-092/PCagent_FileProperty [2].png","210622/PCAgent-210301/8.55/Images/ACR-092/PCagent_FileProperty [4].png","210622/PCAgent-210301/8.55/Images/ACR-092/PCagent_FileProperty [5].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_About [1].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_LandingPage [1].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_LandingPage [2].png","210622/PCAgent-210301/8.55/Images/ACR-065/PCagent_OfferPage [1].png"],"guid":"4295460b-9864-4a3a-9d41-8246cdc8f4f5_8.55_1","appID":"PCAgent-210301","dateAdded":"240902","deceptorType":"App","name":"PC Agent","company":"7TECH LTD","version":"8.55","sigName":"Deceptor:Win32/PCAgentStalkerware!084086048014116","lastKnownStatus":"8.53;8.55;8.56;8.67.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":595},{"violations":{"ACR-109":"The app installs the \"1 click Destruction\" without disclosing them to the user or getting user consent and also not disclosed the relationship to the app during installation.\n","ACR-042":"Installer also installs \"1 click Destruction\" without a user accepting any offer for this.\n","ACR-043":"App installs 1 click destruction without prior disclosure\n","ACR-048":"The app has no control to close the processes that runs silently in the background within the app's settings. The control to remove the created startups is incoherent, disabled by default but leaves the entries on the list. \n","ACR-084":"1. When the app is closed, processes continue to run silently in the background without any notification.\n2. The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"sss20intdle.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos Product Downloader 1","productVersion":"1.3.0 Rev 12419","fileVersion":"1.3.0 Rev 12419","hashMD5":"06caa863d4760a10c44a7f9dc3e3f5e7","hashSHA1":"4a8f24da15b6bdb249ccebe5129766295dbae7f3","hashSHA256":"419b52ef206ee35a57c66e17d4e420408a4b10477cb4fb42e9109627dab6c131","digitalCertThumbprint":"97740C5F5AE35F5F453496DDD32DA7595DFE875C","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"563","avBlockList":["Avast Premium Security (20241008)","AVG Internet Security (20241008)","Avira Internet Security (20241008)","Bitdefender Internet Security (20241008)","FortectPremium (20241008)","K7 Total Security (20241008)","KasperskyPremium (20241008)","McAfee Total Protection (20241008)","Norton Security (20241008)","Panda Dome (20241008)","Quick Heal Internet Security (20241008)","Sophos Home Premium (20241008)","SpyHunter5 (20241008)","Total AV Antivirus Pro (20241008)","VIPRE Advanced Security (20241008)","VirIT eXplorer PRO (20241008)","Webroot SecureAnywhere (20241008)"],"avAllowList":["360 Total Security (20241008)","COMODO Antivirus (20241008)","Dr.Web Security Space (20241008)","ESET Internet Security (20241008)","G DATA INTERNET SECURITY (20241008)","Malwarebytes Premium (20241008)","Trend Micro Internet Security (20241008)","Windows Defender (20241008)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.steganos.com/en/summer-2024-steganos-privacy-suite","directDownloadingLink":"https://file.steganos.com/software/downloader/steganos/sss20intdle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/downloader/steganos/sss20intdle.exe","sourceIndex":"563"}],"sampleFiles":["240902/SteganosPrivacySuite-180406/20.0.14/Samples/sss20intdle.exe"],"imageFiles":["240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-109/ACR-109.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-043/ACR-043.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-042/ACR-042.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-084/ACR-084.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-084/ACR-084_1.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-048/ACR-048.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-048/ACR-048_1.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-048/ACR-048_2.PNG","240902/SteganosPrivacySuite-180406/20.0.14/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":[],"guid":"f4dce9d3-360f-4b03-ab78-c59d9ca2cedd_20.0.14_1","appID":"SteganosPrivacySuite-180406","dateAdded":"240902","deceptorType":"App","name":"Steganos Privacy Suite","company":"Steganos","version":"20.0.14","lastKnownStatus":"Deceptor:19,20.0.7,20;20.0.14","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:24.0065378+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":587},{"violations":{"ACR-042":"The installer proceeds without obtaining user permission. Installer also installs \"1 click Destruction\" without a user accepting any offer for this.\n","ACR-043":"App installs 1 click destruction without prior disclosure\n","ACR-046":"The installer has no disclosures and options.\n","ACR-048":"The installer has no way to stop the installation after the initial launch.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"sss20int.exe","isInstaller":"True","companyName":"Steganos Software GmbH","fileVersion":"20.0","hashMD5":"a28d85ad75620254b0035eabb6a44810","hashSHA1":"bfb21b219c9c67a1e76d7d9e0b31e6c4a2a34c32","hashSHA256":"e14941cd6ee2a4af540193b8df3c1bc988c50c413ff24210570d0e651cb1f8c0","digitalCertThumbprint":"D60C3C09D7AC9002AB63D4C30A395CCA91278A44","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"3042","avBlockList":["Avast Internet Security (20190829)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","VIPRE Advanced Security (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)","McAfee Total Protection (20240903)","Norton Security (20240903)","Avast Premium Security (20240903)","FortectPremium (20240903)","SpyHunter5 (20240903)","Total AV Antivirus Pro (20240903)"],"avAllowList":["360 Total Security (20240903)","COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","ESET Internet Security (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20240903)","Quick Heal Internet Security (20240903)","Tencent PC Manager (20190829)","Trend Micro Internet Security (20240903)","Windows Defender (20240903)","KasperskyPremium (20240903)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"https://www.steganos.com/en/steganos-privacy-suite-20-download","directDownloadingLink":"https://file.steganos.com/software/downloader/steganos/sss20intdle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","sourceIndex":"3042"}],"sampleFiles":["190604/SteganosPrivacySuite-180406/20/Samples/sss20int.exe"],"imageFiles":["190604/SteganosPrivacySuite-180406/20/Images/ACR-043/install.gif","190604/SteganosPrivacySuite-180406/20/Images/ACR-046/installer.png","190604/SteganosPrivacySuite-180406/20/Images/ACR-042/install.gif","190604/SteganosPrivacySuite-180406/20/Images/ACR-048/cant close.gif"],"nonDeceptorImageFiles":["190604/SteganosPrivacySuite-180406/20/Images/ACR-065/installer.png","190604/SteganosPrivacySuite-180406/20/Images/ACR-099/links.png","190604/SteganosPrivacySuite-180406/20/Images/ACR-099/internal offers.png"],"guid":"f4dce9d3-360f-4b03-ab78-c59d9ca2cedd_20_1","appID":"SteganosPrivacySuite-180406","dateAdded":"240902","deceptorType":"App","name":"Steganos Privacy Suite","company":"Steganos","version":"20","sigName":"Deceptor:Win32/SteganosPrivacySuite!042043046048","lastKnownStatus":"Deceptor:19,20.0.7,20;20.0.14","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":588},{"violations":{"ACR-042":"The apps installer proceeds with a silent install, not obtaining user permission before installing.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"sss19int.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos Privacy Suite 19","productVersion":"19.0.2.0","fileVersion":"19.0.2.0","hashMD5":"a96f572de907e86bdc1e7ed1b98c8173","hashSHA1":"082522f524048790a3317a856aaa79795defe2be","hashSHA256":"2958814d7771243129a529c993179a9617431b8313f8cfd5601d8cf9a9917200","digitalCertThumbprint":"97740C5F5AE35F5F453496DDD32DA7595DFE875C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"3186","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"https://www.steganos.com/en/steganos-privacy-suite-19","directDownloadingLink":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","sourceIndex":"3186"}],"sampleFiles":["190214/SteganosPrivacySuite-180406/19/Samples/sss19int.exe"],"imageFiles":["190214/SteganosPrivacySuite-180406/19/Images/ACR-042/ACR-042_install.mp4"],"nonDeceptorImageFiles":["190214/SteganosPrivacySuite-180406/19/Images/ACR-065/ACR-065_install.JPG","190214/SteganosPrivacySuite-180406/19/Images/ACR-065/ACR-065_software.JPG","190214/SteganosPrivacySuite-180406/19/Images/ACR-099/ACR-099_software.JPG","190214/SteganosPrivacySuite-180406/19/Images/ACR-099/ACR-099_landingpage.JPG","190214/SteganosPrivacySuite-180406/19/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"f4dce9d3-360f-4b03-ab78-c59d9ca2cedd_19_1","appID":"SteganosPrivacySuite-180406","dateAdded":"240902","deceptorType":"App","name":"Steganos Privacy Suite","company":"Steganos","version":"19","sigName":"Deceptor:Win32/SteganosPrivacySuite!042","lastKnownStatus":"Deceptor:19,20.0.7,20;20.0.14","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":589},{"violations":{"ACR-042":"The apps installer downloads the app automatically without obtaining permission. Although a \"pause\" button is visible, there is no clear way to terminate the download. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"sss20intdl.exe","isInstaller":"True","companyName":"Steganos Software GmbH","fileVersion":"1.3","hashMD5":"d0f8a58b72e02f8503a0ee712a0ed193","hashSHA1":"2d61600f19f9f5e5f24d7b12cf67b296d3047f02","hashSHA256":"7bbbbf06158868876a18d2e4db130465aec8788c709aad798e6b10a68969685b","digitalCertThumbprint":"97740C5F5AE35F5F453496DDD32DA7595DFE875C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"3191","avBlockList":["Avast Internet Security (20190509)","AVG Internet Security (20190509)","K7 Total Security (20190509)","McAfee Total Protection (20190509)","Norton Security (20190412)","Panda Dome (20190509)","Sophos Home Premium (20190509)","VirIT eXplorer PRO (20190509)","Webroot SecureAnywhere (20190509)","360 Total Security (20190509)"],"avAllowList":["Avira Internet Security (20190509)","Bitdefender Internet Security (20190509)","ESET Internet Security (20190509)","G DATA INTERNET SECURITY (20190509)","Kaspersky Internet Security (20190509)","Malwarebytes Premium (20190509)","Trend Micro Internet Security (20190509)","Windows Defender (20190509)","COMODO Antivirus (20190509)","Dr.Web Security Space (20190509)","F-PROT Antivirus for Windows (20190412)","Quick Heal Internet Security (20190509)","SpyHunter5 (20190412)","Tencent PC Manager (20190509)","VIPRE Advanced Security (20190509)"]},{"isRevoked":"False","fileName":"Suite.exe","companyName":"Steganos Software GmbH","fileVersion":"20.0","hashMD5":"633f82e21d0e555e59b70047534870de","hashSHA1":"4923d0ee2b97f8ace7c094f2dcd62fc6f4d6b815","hashSHA256":"a19505b2bb6250d19de880d0ddc6c1a862ced00661b06aa652a3667ae4e469f4","digitalCertThumbprint":"D60C3C09D7AC9002AB63D4C30A395CCA91278A44","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"3191","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"https://www.steganos.com/en/steganos-privacy-suite-19","directDownloadingLink":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/downloader/steganos/sss19intdle.exe","sourceIndex":"3191"}],"sampleFiles":["190214/SteganosPrivacySuite-180406/20.0.7/Samples/sss20intdl.exe","190214/SteganosPrivacySuite-180406/20.0.7/Samples/Suite.exe"],"imageFiles":["190214/SteganosPrivacySuite-180406/20.0.7/Images/ACR-042/sps1.PNG"],"nonDeceptorImageFiles":["190214/SteganosPrivacySuite-180406/20.0.7/Images/ACR-065/sps1.PNG"],"guid":"f4dce9d3-360f-4b03-ab78-c59d9ca2cedd_20.0.7_1","appID":"SteganosPrivacySuite-180406","dateAdded":"240902","deceptorType":"App","name":"Steganos Privacy Suite","company":"Steganos","version":"20.0.7","sigName":"Deceptor:Win32/SteganosPrivacySuite!042","lastKnownStatus":"Deceptor:19,20.0.7,20;20.0.14","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":590},{"violations":{"ACR-048":"The app is always running in the background after installation and also upon closing the app and there is no option within the app that allows us to disable/remove the running process and quit it completely.\n\n","ACR-007":"The app enables the consumer to hide the installed apps list, which prevents the targeted consumer from being aware of the app's presence since it does not display explicit notifications when it is running\n","ACR-084":"The app attempts to run in the system tray after installation and also upon closing the app, thereby hiding the fact that it is active from the consumer without clearly notifying the user.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide Digital signatures for the executable: \"PK_lite.exe\".\n"},"samples":[{"isRevoked":"False","fileName":"PK_lite.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"793c578d503ed65081dd94fc3fa78e24","hashSHA1":"e32b62b4ebc1cf9b58842959fcd658d0d6e930bd","hashSHA256":"f8e3a15ae874706981fd6cfda537c6045ba21399744929ac93b2c1c45c9530f3","sourceIndex":"562","avBlockList":["360 Total Security (20241022)","Avast Premium Security (20241022)","AVG Internet Security (20241022)","Avira Internet Security (20241022)","Bitdefender Internet Security (20241022)","ESET Internet Security (20241022)","FortectPremium (20241022)","G DATA INTERNET SECURITY (20241022)","K7 Total Security (20241022)","KasperskyPremium (20241022)","Malwarebytes Premium (20241022)","McAfee Total Protection (20241022)","Norton Security (20241022)","Panda Dome (20241022)","Quick Heal Internet Security (20241022)","Sophos Home Premium (20241022)","SpyHunter5 (20241022)","Total AV Antivirus Pro (20241022)","Trend Micro Internet Security (20241022)","VIPRE Advanced Security (20241022)","VirIT eXplorer PRO (20241022)","Webroot SecureAnywhere (20241022)","Windows Defender (20241022)"],"avAllowList":["COMODO Antivirus (20241022)","Dr.Web Security Space (20241022)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.blazingtools.com/","directDownloadingLink":"https://blazingtools-perfect-keylogger-lite.software.informer.com/download/?ca275699","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://blazingtools-perfect-keylogger-lite.software.informer.com/download/?ca275699","sourceIndex":"562"}],"sampleFiles":["240902/PerfectKeylogger-201223/2.2.0.0/Samples/PK_lite.exe"],"imageFiles":["240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-084/ACR-084.PNG","240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-086/ACR-086.PNG","240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-048/ACR-048.PNG","240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-007/ACR-007.PNG","240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":["240902/PerfectKeylogger-201223/2.2.0.0/Images/ACR-092/ACR-092.PNG"],"guid":"0e65a561-5ff2-499d-8134-05f449a40b04_2.2.0.0_1","appID":"PerfectKeylogger-201223","dateAdded":"240902","deceptorType":"App","name":"Perfect Keylogger","company":"BLAZINGTOOLS SOFTWARE","version":"2.2.0.0","lastKnownStatus":"1.97;2.2.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:23.9754676+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":591},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app is always running and uses the name \"syskit\" (or any word chosen by the user). It also requires a hotkey to open the app, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy\nThe landing page does not display links to the Privacy Policy, Returns and Cancellation Policy or the EULA or Terms of Service. \nThe internal offers page does not display links to the Privacy Policy, Returns and Cancellation Policy or the EULA or Terms of Service. \n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executables.\n","ACR-099":"The app does not display links to uninstall information\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Install_trial_2019 [pass= blazing8].zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4a2ddd6ff8be5d1717ba75e5891c6eb95d30af8bbfa1752488e1777b173d40dd","sourceIndex":"1864","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Install_trial.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4652bc4c0894882b703edd518e6c0569","hashSHA1":"a8cfbfb61af119eda6946e2096bd43025d371a86","hashSHA256":"050a2b962b2aafebb8e5ba056a8e3b9da9899e50d91ae15a5130467ce0644734","sourceIndex":"1864","avBlockList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","ESET Internet Security (20240903)","Kaspersky Internet Security (20211011)","McAfee Total Protection (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","Tencent PC Manager (20211011)","Total AV Antivirus Pro (20240903)","VIPRE Advanced Security (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)","Windows Defender (20240903)","FortectPremium (20240903)","KasperskyPremium (20240903)"],"avAllowList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Malwarebytes Premium (20240903)","Quick Heal Internet Security (20240903)","Trend Micro Internet Security (20240903)"]},{"isRevoked":"False","fileName":"syskithk.dll","fileVersion":"0.0","hashMD5":"14fe4327e547ecc3293a7e77db837aef","hashSHA1":"442a31a44658ea03a3f04ce3843b68d32ac8642e","hashSHA256":"47338cb9a203ced3b59438168d4ea5d98a6b40c075fd465dbc43f2c0975d0ec3","sourceIndex":"1864","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"syskiti.dll","fileVersion":"0.","hashMD5":"","hashSHA1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","hashSHA256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sourceIndex":"1864","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"syskitvw.exe","fileVersion":"0.0","hashMD5":"4c67e77a8c035df8add90d422380490f","hashSHA1":"1a6b1132f4f9334fed84b9aebb2561a0042dbfc2","hashSHA256":"54499913cb0ffca16854176e31f420e85c737e5aaa3de4c171a7be5c5bad757c","sourceIndex":"1864","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"syskitwb.dll","fileVersion":"0.0","hashMD5":"b4e9a720f4fe45b77547a2c40f1f1b25","hashSHA1":"4bb09310a7e6dadc426a8441bfc3571ceeae93c8","hashSHA256":"7c427d3bc0aa8ef56c04113a7d4f9e3c50fd151a788f02514d985ea53b7dca78","sourceIndex":"1864","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Install_trial [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"070ebdc7b4dda1e73157b40703ced95d","hashSHA1":"6e585b572f2277f6fdb7feb31b27e2160a371814","hashSHA256":"ad4a2c0d47301dc1eab24a97d7b8f055cb37359013916b571d73b3b746ccf01e","sourceIndex":"1864","avBlockList":["360 Total Security (20211011)","Avast Premium Security (20211011)","AVG Internet Security (20211011)","Avira Internet Security (20211011)","ESET Internet Security (20211011)","G DATA INTERNET SECURITY (20211011)","K7 Total Security (20211011)","Kaspersky Internet Security (20211011)","Malwarebytes Premium (20211011)","McAfee Total Protection (20211011)","Norton Security (20211011)","Panda Dome (20211011)","Quick Heal Internet Security (20211011)","Sophos Home Premium (20211011)","SpyHunter5 (20211011)","Tencent PC Manager (20211011)","Total AV Antivirus Pro (20211011)","VirIT eXplorer PRO (20211011)","Windows Defender (20211011)"],"avAllowList":["Bitdefender Internet Security (20211011)","COMODO Antivirus (20211011)","Dr.Web Security Space (20211011)","Trend Micro Internet Security (20211011)","VIPRE Advanced Security (20211011)","Webroot SecureAnywhere (20211011)"]},{"isRevoked":"False","fileName":"Install_trial_2021.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9f87e833e5a4b9276105a51e4183a01d04f41642ebb39b742bc383ad4ff9c0a0","sourceIndex":"1864","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"syskit [2].exe","fileVersion":"1.0","hashMD5":"493c2d76fdcfaa96d4edc63ec6620abb","hashSHA1":"9f7e4381d0ff1938b11aabfec92ae2c1415b0680","hashSHA256":"eef6844a76995888d2a0cccd158c864635ad2c1b17da75cf706767020ddbb90d","sourceIndex":"1864","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://www.blazingtools.com/","landingPage":"https://www.blazingtools.com/","directDownloadingLink":"https://blazing-download.cx/bpktrial/Install_trial_2019.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://blazing-download.cx/bpktrial/Install_trial_2019.zip","sourceIndex":"1864"}],"sampleFiles":["210707/PerfectKeylogger-201223/1.97/Samples/Install_trial_2019 [pass= blazing8].zip","210707/PerfectKeylogger-201223/1.97/Samples/Install_trial.exe","210707/PerfectKeylogger-201223/1.97/Samples/syskithk.dll","210707/PerfectKeylogger-201223/1.97/Samples/syskiti.dll","210707/PerfectKeylogger-201223/1.97/Samples/syskitvw.exe","210707/PerfectKeylogger-201223/1.97/Samples/syskitwb.dll","210707/PerfectKeylogger-201223/1.97/Samples/Install_trial [2].exe","210707/PerfectKeylogger-201223/1.97/Samples/Install_trial_2021.zip","210707/PerfectKeylogger-201223/1.97/Samples/syskit [2].exe"],"imageFiles":["210707/PerfectKeylogger-201223/1.97/Images/ACR-084/PerfectKeylogger_RunningProcess [3].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-084/PerfectKeylogger_Interactions [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [3].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [4].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [5].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [6].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [7].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [8].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [9].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [10].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [11].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-086/PerfectKeylogger_Interactions [12].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-048/PerfectKeylogger_RunningProcess [3].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-048/PerfectKeylogger_Interactions [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-007/PerfectKeylogger_Install [5].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-007/PerfectKeylogger_Install [6].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-007/PerfectKeylogger_Interactions [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-007/PerfectKeylogger_Interactions [3].png"],"nonDeceptorImageFiles":["210707/PerfectKeylogger-201223/1.97/Images/ACR-038/PerfectKeylogger_FileProperty [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-040/PerfectKeylogger_Files [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-040/PerfectKeylogger_Install [5].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_Install [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_Install [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_Install [7].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-092/PerfectKeylogger_FileProperty [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_About [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-099/PerfectKeylogger_About [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_LandingPage [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_LandingPage [2].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-099/PerfectKeylogger_LandingPage [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-161/PerfectKeylogger_LandingPage [3] Testimonials.png","210707/PerfectKeylogger-201223/1.97/Images/ACR-065/PerfectKeylogger_OfferPage [1].png","210707/PerfectKeylogger-201223/1.97/Images/ACR-099/PerfectKeylogger_OfferPage [1].png"],"guid":"0e65a561-5ff2-499d-8134-05f449a40b04_1.97_1","appID":"PerfectKeylogger-201223","dateAdded":"240902","deceptorType":"App","name":"Perfect Keylogger","company":"BLAZINGTOOLS SOFTWARE","version":"1.97","sigName":"Deceptor:Win32/PerfectKeyloggerStalkerware!084086048007","lastKnownStatus":"1.97;2.2.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":592},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-007":"The app enables the consumer to hide the installed apps list, thus preventing the customer from uninstalling the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in the control panel and locates its installation files inside of the System32 folder with the random filename.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide Digital signature for the executable: \"PCagent.exe\"\n"},"samples":[{"isRevoked":"False","fileName":"PCagent.exe","isInstaller":"True","fileVersion":"8.67","hashMD5":"478354d78eb98accf51c5d397b5fd3f3","hashSHA1":"cce7eea4b4318e2f1d13535dadf218a8be58c2bf","hashSHA256":"2eb1828df9498c63a0b0f56551602179f0ba01a5df6e24e65147734f502ee59f","sourceIndex":"564","avBlockList":["360 Total Security (20240917)","Avast Premium Security (20240917)","AVG Internet Security (20240917)","Avira Internet Security (20240917)","Bitdefender Internet Security (20240917)","Dr.Web Security Space (20240917)","ESET Internet Security (20240917)","FortectPremium (20240917)","G DATA INTERNET SECURITY (20240917)","K7 Total Security (20240917)","KasperskyPremium (20240917)","Malwarebytes Premium (20240917)","McAfee Total Protection (20240917)","Norton Security (20240917)","Panda Dome (20240917)","Quick Heal Internet Security (20240917)","Sophos Home Premium (20240917)","SpyHunter5 (20240917)","Total AV Antivirus Pro (20240917)","VIPRE Advanced Security (20240917)","VirIT eXplorer PRO (20240917)","Webroot SecureAnywhere (20240917)"],"avAllowList":["COMODO Antivirus (20240917)","Trend Micro Internet Security (20240917)","Windows Defender (20240917)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.pc-agent.com/en/products/pc-agent/","directDownloadingLink":"https://www.pc-agent.com/en/products/pc-agent/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pc-agent.com/en/products/pc-agent/","sourceIndex":"564"}],"sampleFiles":["240902/PCAgent-210301/8.67.0.0/Samples/PCagent.exe"],"imageFiles":["240902/PCAgent-210301/8.67.0.0/Images/ACR-007/ACR-007.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-084/ACR-084.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-084/ACR-084_1.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-086/ACR-086.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-086/ACR-086_1.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-086/ACR-086_2.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-086/ACR-086_Software_1.png","240902/PCAgent-210301/8.67.0.0/Images/ACR-048/ACR-048.PNG","240902/PCAgent-210301/8.67.0.0/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":["240902/PCAgent-210301/8.67.0.0/Images/ACR-092/ACR-092.PNG"],"guid":"4295460b-9864-4a3a-9d41-8246cdc8f4f5_8.67.0.0_1","appID":"PCAgent-210301","dateAdded":"240902","deceptorType":"App","name":"PC Agent","company":"7TECH LTD","version":"8.67.0.0","lastKnownStatus":"8.53;8.55;8.56;8.67.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:24.0377545+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":593},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation files inside of the System32 folder with random filename.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself  into random executable files, which is not related to the name \"PC Agent\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory , using random filename which is completely unrelated to the app name. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and its Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the main executables.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCagent.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"9fa5e9442ec472b09d4d7cfaf76f5741","hashSHA1":"949b375645c386bdeead8c26c7026f793105711b","hashSHA256":"d154fc0b30ecde64686d1fd664c96ca30e14c4dfb404e2bed969023c2992d205","sourceIndex":"1821","avBlockList":["360 Total Security (20240903)","Avast Premium Security (20240903)","AVG Internet Security (20240903)","Avira Internet Security (20240903)","Bitdefender Internet Security (20240903)","ESET Internet Security (20240903)","G DATA INTERNET SECURITY (20240903)","K7 Total Security (20240903)","Kaspersky Internet Security (20210923)","Malwarebytes Premium (20240903)","McAfee Total Protection (20240903)","Norton Security (20240903)","Panda Dome (20240903)","Quick Heal Internet Security (20240903)","Sophos Home Premium (20240903)","SpyHunter5 (20240903)","Tencent PC Manager (20210923)","Total AV Antivirus Pro (20240903)","VIPRE Advanced Security (20240903)","VirIT eXplorer PRO (20240903)","Webroot SecureAnywhere (20240903)","Windows Defender (20240903)","FortectPremium (20240903)"],"avAllowList":["COMODO Antivirus (20240903)","Dr.Web Security Space (20240903)","Trend Micro Internet Security (20240903)","KasperskyPremium (20240903)"]},{"isRevoked":"False","fileName":"vuteti.dll","fileVersion":"0.0","hashMD5":"ee419600a72a5935c8bdc59166a6f49a","hashSHA1":"af5994c2c19faad175a1c0c5a790e877b45ccd10","hashSHA256":"68e1a2f373ff65023d7d92c90901c90b9410535b317f933722f02a71ae36c9f5","sourceIndex":"1821","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vuteti.exe","fileVersion":"1.0","hashMD5":"6311d23ae3f69f176c10158284bd3e78","hashSHA1":"245773c62dd72c64e4d37d31c42f6352e86dc1bf","hashSHA256":"f8b600632a4acf9abf1949f77a4eac0b34143e67e6de2b931f8b747bfc4a78f4","sourceIndex":"1821","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vuteti.tbl","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b9006167312295f08f57451f563ef0911909860f80c45142da716d6c8f90d429","sourceIndex":"1821","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/pc-agent/","directDownloadingLink":"http://www.blue-series.com/downloads/27da822ebb97ec40856068c2d75c2ddf8060d2c5/PCagent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.blue-series.com/downloads/27da822ebb97ec40856068c2d75c2ddf8060d2c5/PCagent.exe","sourceIndex":"1821"}],"sampleFiles":["210831/PCAgent-210301/8.56/Samples/PCagent.exe","210831/PCAgent-210301/8.56/Samples/vuteti.dll","210831/PCAgent-210301/8.56/Samples/vuteti.exe","210831/PCAgent-210301/8.56/Samples/vuteti.tbl"],"imageFiles":["210831/PCAgent-210301/8.56/Images/ACR-084/PCagent_Interactions [7].png","210831/PCAgent-210301/8.56/Images/ACR-084/PCagent_Files [1].png","210831/PCAgent-210301/8.56/Images/ACR-084/PCagent_RunningProcess [1].png","210831/PCAgent-210301/8.56/Images/ACR-086/PCagent_Interactions [8].png","210831/PCAgent-210301/8.56/Images/ACR-086/PCagent_Interactions [9].png","210831/PCAgent-210301/8.56/Images/ACR-086/PCagent_Interactions [10].png","210831/PCAgent-210301/8.56/Images/ACR-048/PCagent_Interactions [7].png","210831/PCAgent-210301/8.56/Images/ACR-014/PCagent_RunningProcess [1].png","210831/PCAgent-210301/8.56/Images/ACR-014/PCagent_Files [1].png","210831/PCAgent-210301/8.56/Images/ACR-116/PCagent_ControlPanel [1].png"],"nonDeceptorImageFiles":["210831/PCAgent-210301/8.56/Images/ACR-038/PCagent_FileProperty [1].png","210831/PCAgent-210301/8.56/Images/ACR-038/PCagent_FileProperty [3].png","210831/PCAgent-210301/8.56/Images/ACR-040/PCagent_Files [1].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_Install [1].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_About [2].png","210831/PCAgent-210301/8.56/Images/ACR-092/PCagent_FileProperty [2].png","210831/PCAgent-210301/8.56/Images/ACR-092/PCagent_FileProperty [4].png","210831/PCAgent-210301/8.56/Images/ACR-092/PCagent_FileProperty [5].png","210831/PCAgent-210301/8.56/Images/ACR-092/PCagent_FileProperty [6].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_About [1].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_LandingPage [1].png","210831/PCAgent-210301/8.56/Images/ACR-065/PCagent_OfferPage [1].png"],"guid":"4295460b-9864-4a3a-9d41-8246cdc8f4f5_8.56_1","appID":"PCAgent-210301","dateAdded":"240902","deceptorType":"App","name":"PC Agent","company":"7TECH LTD","version":"8.56","sigName":"Deceptor:Win32/PCAgentStalkerware!084086048014116","lastKnownStatus":"8.53;8.55;8.56;8.67.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":594},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation files inside of the System32 folder with random filename.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and who it is transmitting their data to.\n","ACR-014":"The app calls itself  into random executable files, which is not related to the name \"PC Agent\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory , using random filename which is completely unrelated to the app name. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and its Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the main executable.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCagent.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"8f4b1a413cb30b17ca1a14b89ae9f5d9","hashSHA1":"381ed41e9c0939081ce41cf9021732f58cc58daa","hashSHA256":"f7feed1699fe48a03205304546756d91d096d0fb9456043faaaeead34c20fe1f","sourceIndex":"1985","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","Trend Micro Internet Security (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)"],"avAllowList":["COMODO Antivirus (20210601)","Dr.Web Security Space (20210601)","Windows Defender (20210601)"]},{"isRevoked":"False","fileName":"xatuxi.exe","fileVersion":"1.0","hashMD5":"43d54b1eaa2baec36cea45e6c40dc364","hashSHA1":"ddebfc39abc86f09b037e932c1528ad5113efa6c","hashSHA256":"d95d17a67c70ccdecc1d3ec98aafb3f5edde7ff826cfd7b218726380efb5b171","sourceIndex":"1985","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"yifoxu.exe","fileVersion":"1.0","hashMD5":"c48b6bae5acd9b06aba036ab324fc175","hashSHA1":"788d1d0d4b15d0ed3daf23fb37b98d79778940d7","hashSHA256":"18d54fbe1bfed0684d605e67142095b1cbf0f7d7a1099dd8502f8056919ad28d","sourceIndex":"1985","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/pc-agent/","directDownloadingLink":"http://www.blue-series.com/downloads/894d58f728c532b05da621f9cce24681775ec6a0/PCagent.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.blue-series.com/downloads/894d58f728c532b05da621f9cce24681775ec6a0/PCagent.exe","sourceIndex":"1985"}],"sampleFiles":["210302/PCAgent-210301/8.53/Samples/PCagent.exe","210302/PCAgent-210301/8.53/Samples/xatuxi.exe","210302/PCAgent-210301/8.53/Samples/yifoxu.exe"],"imageFiles":["210302/PCAgent-210301/8.53/Images/ACR-084/PCAgent_Settings [1].png","210302/PCAgent-210301/8.53/Images/ACR-084/PCAgent_Files [1].png","210302/PCAgent-210301/8.53/Images/ACR-086/PCAgent_Settings [2].png","210302/PCAgent-210301/8.53/Images/ACR-086/PCAgent_Settings [4].png","210302/PCAgent-210301/8.53/Images/ACR-086/PCAgent_Settings [5].png","210302/PCAgent-210301/8.53/Images/ACR-048/PCAgent_Settings [1].png","210302/PCAgent-210301/8.53/Images/ACR-014/PCAgent_Files [1].png","210302/PCAgent-210301/8.53/Images/ACR-014/PCAgent_RunningProcess [2].png"],"nonDeceptorImageFiles":["210302/PCAgent-210301/8.53/Images/ACR-038/PCAgent_FileProperty [1].png","210302/PCAgent-210301/8.53/Images/ACR-038/PCAgent_FileProperty [2].png","210302/PCAgent-210301/8.53/Images/ACR-040/PCAgent_Files [1].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_Install [1].png","210302/PCAgent-210301/8.53/Images/ACR-092/PCAgent_FileProperty [3].png","210302/PCAgent-210301/8.53/Images/ACR-092/PCAgent_FileProperty [4].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_About [1].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_About [2].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_LandingPage [1].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_LandingPage [2].png","210302/PCAgent-210301/8.53/Images/ACR-065/PCAgent_OfferPage [1].png"],"guid":"4295460b-9864-4a3a-9d41-8246cdc8f4f5_8.53_1","appID":"PCAgent-210301","dateAdded":"240902","deceptorType":"App","name":"PC Agent","company":"7TECH LTD","version":"8.53","sigName":"Deceptor:Win32/PCAgent!084086048014","lastKnownStatus":"8.53;8.55;8.56;8.67.0.0","lastKnownDate":"240902","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-09-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":596},{"violations":{"ACR-042":"Before consumer makes decision, the installer app already starts to contact RelevantKnowledge service and attempts to download the package.\n","ACR-010":"The RelevantKnowledge is bundled in deceptors. It is distributed by deceptors aggressively and widely. for example: GameGain RK bundler\n","ACR-013":"RK is presented as offer during carrier installation. During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-119":"monetization offer RK is kept running and not uninstalled after carrier app is cancelled during installation or after carrier is uninstalled completed.\n","ACR-059":"RelevantKnowledge is not clearly marked as optional offer. But it is installed as a mandatory offer. RK components are downloaded even consumer choose to decline during install. \n","ACR-039":"RelevantKnowledge usually is installed by another applications (offer in bundler). There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as the part of the installer application. Even consumer decline RelevantKnowledge app, it is still downloaded nevertheless.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rk_setup_EN.exe","isInstaller":"True","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"fba926d9646ef2981f75d25ae3fe5d1a","hashSHA1":"0f6835244911d6d391d91b3a0ce0fa03213b16a0","hashSHA256":"a474c9f855025ec6c93f95b411dc3ab96e2274a2dd60fe514b3d7980261e13fc","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["McAfee Total Protection (20240620)","Trend Micro Internet Security (20240620)","Windows Defender (20240620)"]},{"isRevoked":"False","fileName":"rk_setup_GameGain.exe","isInstaller":"True","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"6a38c053466eab3656074f81ddc00d77","hashSHA1":"df379f793f93971821506f8d3877d3941d0ebfb5","hashSHA256":"3979455d612a9398808b80b0b6867194a1147d84987ddbaee707a5f01610213a","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":["Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","ESET Internet Security (20240829)","FortectPremium (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","KasperskyPremium (20240829)","Malwarebytes Premium (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","Total AV Antivirus Pro (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)"],"avAllowList":["360 Total Security (20240829)","McAfee Total Protection (20240829)","Quick Heal Internet Security (20240829)","Trend Micro Internet Security (20240829)","Windows Defender (20240829)"]},{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"b4a262f7a440a830de2fabc16327b5c4","hashSHA1":"853981f101c5aaf5374622098302232a39d1c29f","hashSHA256":"4e21d640b6268e273835aa562fe2eb92a4dc7433bf8c8e1a8216ed6d9d74895d","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"5417f1ec92429ef41ed17eb5bbb4f249","hashSHA1":"d6466d8eeea79d822a255f2f645b9aa97a4b5c87","hashSHA256":"3e0354c4a63fbc5d290aded975ce9af33138aa54a4f2c5787dec98a634f89e58","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlph.dll","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"dab262f4d7d17676f9f80a28116f89e5","hashSHA1":"4d327736e7b7053ca80e6669c439a96efad56886","hashSHA256":"a18a3d167aa0c898ba6b52579729da0c876a6e1caabf3399487ab94f5258b62d","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"34aff57d6f2f1c074573b7aaa573092a","hashSHA1":"e4d460f5c22d6ac58729ce2333c4382b5c916e31","hashSHA256":"6798d3159c8843346506a090a29849683c5bd4ff2c8bfd8ab6c25ccee36867f3","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"dedb374c58801ff2b6bb515c87720a93","hashSHA1":"58cb40dcc193eb7ebe8f7788a693bba770d87726","hashSHA256":"f023ae49c44f7eccbda34c5718cf04850fa1986960abebd0334e8a90bdfd3570","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"3f128ed69207decf2fc07526f8dc656c","hashSHA1":"4adf134b4d4b63f61af7c28e559015745d0aba90","hashSHA256":"d58157e9e371f50168a0d6504bdb5b1357d08dc381d0573d3753ca71b2c44787","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"fc1b0b7cd09b3f88a759f3b9a9ac3023","hashSHA1":"629e5c364eda13e372d940ff66604a2ac5faac4c","hashSHA256":"67267daab3d0ebec5e5c61e94f6b8832fda3879bf8beefc48e14c1d35ab8b662","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"722","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"security partner report","reference":"","landingPage":"https://www.relevantknowledge.com","directDownloadingLink":"https://www.relevantknowledge.com/Download/rk_setup_EN.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.relevantknowledge.com/Download/rk_setup_EN.exe ","sourceIndex":"722"}],"sampleFiles":["240303/RelevantKnowledge-201010/1.0.14.10/Samples/rk_setup_EN.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rk_setup_GameGain.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlls.dll","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlls64.dll","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlph.dll","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlservice.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlvknlg.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlvknlg32.exe","240303/RelevantKnowledge-201010/1.0.14.10/Samples/rlvknlg64.exe"],"imageFiles":["240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-039/RK_Offer.gif","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-042/ACR-042_Install_1.png","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-042/ACR-042_Install_2.jpeg","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-119/RK_Uninstall.JPG","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-119/ACR-119_Uninstall_1.jpeg","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-119/ACR-119_Uninstall_2.jpeg","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-059/RK_Offer_GameGain.JPG","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-013/RK_Offer.gif","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-013/ACR-013_In-bundle offers_1.jpeg","240303/RelevantKnowledge-201010/1.0.14.10/Images/ACR-060/RK_Offer.gif"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.0.14.10_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.0.14.10","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":598},{"violations":{"ACR-042":"Before consumer makes decision, the installer app already starts to contact RelevantKnowledge service and attempts to download the package.\n","ACR-010":"The RelevantKnowledge is bundled in deceptors. It is distributed by deceptors aggressively and widely. The example: PCMateBundler (certs: e1caa9e850d616a0c2a245a157e0767a5ddcb431 & AB3BF705268399B80E815D612192384F5DEEE227 )\nsome deceptor examples:\nhxxp://freesoundrecorder.net\nhxxps://www.free-wifi-hotspot.com/download.php?t=freewifihotspotforwindows\nhxxps://windowsdownloads.xyz/2020/02/AutoClicker/FreeAutoClicker.exe\nhxxp://www.free-auto-clicker.com/FreeAutoClicker.exe\nhxxp://free-auto-clicker.com/FreeAutoClicker.exe\nhxxp://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe\nhxxp://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe\nhxxp://www.music-editor.net/VidMateVideoConverter.exe\nhxxp://music-editor.net/VidMateVideoConverter.exe\nhxxp://www.free-audio-editor.com/EasyAudioExtractor.exe\nhxxp://free-audio-editor.com/EasyAudioExtractor.exe\nhxxp://audio-tool.net/AudioConvertToolbox.exe\nhxxp://www.audio-tool.net/AudioConvertToolbox.exe\nhxxp://www.ocrtoword.com/FreeOCRtoWord.exe?\nhxxp://www.ocrtoword.com/FreeOCRtoWord.exe\nhxxp://www.free-sound-editor.com/PowerSoundEditorFree.exe\nhxxps://www.free-sound-editor.com/PowerSoundEditorFree.exe\n\n","ACR-013":"RK is presented as offer during carrier installation. During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in RK offer to silently install unrelated software\n","ACR-119":"monetization offer RK is kept running and not uninstalled after carrier app is uninstalled.\n","ACR-059":"RelevantKnowledge is not clearly marked as optional offer. But it is installed as a mandatory offer. RK components are downloaded even consumer choose to decline during install. \n","ACR-039":"RelevantKnowledge usually is installed by another applications. There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as the part of the installer application. Even consumer decline RelevantKnowledge app, it is still downloaded nevertheless.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"f949546ac2c4c8b6da746f5ac00a9d01","hashSHA1":"106dc92d5e9d362f99a53c212fb58edeff633ab5","hashSHA256":"686681c180705995eab486eb36f1e1365b14f6a2ee1490b81405a333eacc75fa","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"cc0d25ff5c41f46a59b592867765c62c","hashSHA1":"0b40ea3fcf48edb9eb709060e53d0814ebd22e52","hashSHA256":"4d322e3c8c62a67ac3503dc47597068a49db53efca80bcba69274b95d15eee6c","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"38b3c82edfc1839ff79a8832b56bcf2a","hashSHA1":"d2338078b5e3966958647d12e5e295ff26565efe","hashSHA256":"1e484d332c68e8465005aff8556dfe3c82c9ecfe1c5951927c86ac2f831fa2f8","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"550737266503571619bc6ca939e4af6b","hashSHA1":"79bf9e67e8196a9f23461963d6901bf39453770c","hashSHA256":"6b66b43a3c497b1fce068c4d1cdaa217701dfe199c85c1804d5739754fcad404","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"f00d2b52edb5070c0ea683de04a0a954","hashSHA1":"a2c03636ec18d617bc12395cf8443d76c476c922","hashSHA256":"970aeb123b409ab5de66fe1d421b30c28c17b85faab4f38b947376f87fd4bc2c","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"68d7324ba0773b18853916efcffce529","hashSHA1":"e45b1ba70ea8faacfeb2af604cb5b0201f71186c","hashSHA256":"d3c1a00b3765d711acae90a1c130812953f0ea5f4f3ceacf8f19194f3ea8efac","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","isInstaller":"True","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1116","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"Offer in deceptors","reference":"PGWare bundler","landingPage":"offer in bundler","directDownloadingLink":"http://pgware.com/products/gamegain/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/products/gamegain/","sourceIndex":"1116"}],"sampleFiles":["240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlls.dll","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlls64.dll","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlservice.exe","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlvknlg.exe","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlvknlg32.exe","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rlvknlg64.exe","240303/RelevantKnowledge-201010/1.0.12.26/Samples/rk_setup.exe"],"imageFiles":["240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-039/RK_Offer.gif","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-042/DLBeforeDiscloseAndUserAction.JPG","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-042/RK_042.JPG","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-119/RK_Uninstall.JPG","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-059/RK_Offer_GameGain.JPG","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-013/RK_Offer.gif","240303/RelevantKnowledge-201010/1.0.12.26/Images/ACR-060/RK_Offer.gif"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.0.12.26_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.0.12.26","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":599},{"violations":{"ACR-042":"Before the consumer makes a decision, the installer app already starts to contact RelevantKnowledge service and running the package.\n","ACR-048":"Once RelevantKnowledge is installed, its service starts running in background without notifying user its running and lack of interface for user to disable the service.\n","ACR-010":"The RelevantKnowledge is bundled in deceptors . It is distributed by deceptors aggressively and widely. The example: TriSun Software Limited apps.\nSome deceptor examples:\nhxxps://1tree.info/p/1tree.zip\nhxxps://www.trisunsoft.com/files/webr.zip\nhxxps://www.trisunsoft.com/files/weso.zip\nhxxps://www.trisunsoft.com/files/wesc.zip\nhxxps://www.trisunsoft.com/files/werf.zip\n","ACR-084":"RK service running in background without user's awareness, and lack of interface for user to disable its service. \n","ACR-059":"RelevantKnowledge is not clearly marked as an optional offer. RK components are downloaded even consumers choose to decline during installation. The decline option is not truthful.\n","ACR-039":"RelevantKnowledge is usually installed by other applications. There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as a must-accept-offer in the installer application. \n","ACR-155":"RelevantKnowledge offer is designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rk_setup_EN.exe","isInstaller":"True","companyName":"TMRG                                                        ","productName":"RelevantKnowledge","productVersion":"1.1.0","fileVersion":"1.1.0.0","hashMD5":"5f253092541445f2c54db1387cf2fa85","hashSHA1":"a5ddef500aa74d002acb435045f0333583b8c68d","hashSHA256":"5839a8ea8abb19d8211be61bbf07e9084aa214f8d029b733d5d65fb6b70acc54","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1723","avBlockList":["360 Total Security (20240711)","Avast Premium Security (20240711)","AVG Internet Security (20240711)","Avira Internet Security (20240711)","Bitdefender Internet Security (20240711)","COMODO Antivirus (20240711)","Dr.Web Security Space (20240711)","ESET Internet Security (20240711)","G DATA INTERNET SECURITY (20240711)","K7 Total Security (20240711)","Kaspersky Internet Security (20240711)","Malwarebytes Premium (20240711)","Norton Security (20240711)","Panda Dome (20240711)","Quick Heal Internet Security (20240711)","Sophos Home Premium (20240711)","SpyHunter5 (20240711)","Tencent PC Manager (20220222)","Total AV Antivirus Pro (20240711)","VIPRE Advanced Security (20240711)","VirIT eXplorer PRO (20240711)","Webroot SecureAnywhere (20240711)","FortectPremium (20240711)"],"avAllowList":["McAfee Total Protection (20240711)","Trend Micro Internet Security (20240711)","Windows Defender (20240711)"]},{"isRevoked":"False","fileName":"spt_setup.exe","isInstaller":"True","companyName":"TMRG                                                        ","productName":"RelevantKnowledge","productVersion":"1.1.0","fileVersion":"1.1.0.0","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1723","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"6919cb34edad7aa32b6e962e77a6433b","hashSHA1":"16410c9e2c995e20f20017e64c643ec4e4cd1781","hashSHA256":"992c006f1f39c20a704288a1132cc5e487146d425b0828e6532922a1703c3bb9","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"429235b4777b153dd374ff949b18f06a","hashSHA1":"b439e671d325f846c06ccb1996d43618b4be65e2","hashSHA256":"ed9b500c2167cbd1b818a989cb2cc0b9f071a741f890f39638a27d89c0247693","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"40bc7aaacab71f603662590a0028e827","hashSHA1":"10a4e3f3dc6aa7ed64eea38ef4bde3ed5dc8d651","hashSHA256":"999b29e03435c9527aa23c3196bc5c7e03c1232a18326d8a06cf304c27b023d3","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"4895963f5a029d03e1d81cb71ad4168b","hashSHA1":"5420f3bec0794861702adafe263b8c985f026d14","hashSHA256":"74300003a4ea83f68d1eac7a7fe677f190d32eccf9bbbc8110ca6fca62612ec8","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"629d3c19cd65593f518986d240aac735","hashSHA1":"46384ebcd7dea578a8618a4c41b4bbd46b6b8a48","hashSHA256":"ed1341c1e6071a289b6fb56968228239d82f53ed9f46fd394683c927147d8595","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"d758f0f48ade788cf3ea60c6293c498a","hashSHA1":"1b71832bc8444caf71a3f2216c15152446369104","hashSHA256":"1a6354b9f7510e3bf3d2d122a42d963909c16460fb823b5f4803acd2162dddd6","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1723","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offer in deceptors","reference":"Trisun software bundler","landingPage":"https://www.relevantknowledge.com/","directDownloadingLink":"https://www.relevantknowledge.com/Download/rk_setup_EN.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.relevantknowledge.com/Download/rk_setup_EN.exe","sourceIndex":"1723"}],"sampleFiles":["220128/RelevantKnowledge-201010/1.1.0.0/Samples/rk_setup_EN.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/spt_setup.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlls.dll","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlls64.dll","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlservice.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlvknlg.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlvknlg32.exe","220128/RelevantKnowledge-201010/1.1.0.0/Samples/rlvknlg64.exe"],"imageFiles":["220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-039/1Tree Install.png","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-039/dotNet Install.png","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-039/WEPP Install.png","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-039/RK_offer_decline.JPG","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-042/RK Install Video.mp4","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-042/RK_NetworkTraffic_beforeUserAccept.JPG","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-048/RK_Service.JPG","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-084/RK_Service.JPG","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-155/RK Install Video.mp4","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-059/RK Install Video.mp4","220128/RelevantKnowledge-201010/1.1.0.0/Images/ACR-059/RK_offer_decline.JPG"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.1.0.0_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.1.0.0","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":600},{"violations":{"ACR-042":"Before consumer makes decision, the installer app already starts to contact RelevantKnowledge service and attempts to download the package.\n","ACR-047":"Untruthful message repeatedly ask user to update to latest version, instead, it downloads the components of RelevantKnowledge. hxxp://post.securestudies.com/packages/RI1034/ContentI3.exe\nhxxp://post.securestudies.com/packages/RV0267/ContentV3.exe\n","ACR-003":"RelevantKnowledge is downloaded by misleading consumer that they need to update the installer application to latest version.\n","ACR-010":"The RelevantKnowledge is bundled in deceptors. It is distributed by deceptors aggressively and widely. The example: PCMateBundler (certs: e1caa9e850d616a0c2a245a157e0767a5ddcb431 & AB3BF705268399B80E815D612192384F5DEEE227 )\nsome deceptor examples:\nhxxp://freesoundrecorder.net\nhxxps://www.free-wifi-hotspot.com/download.php?t=freewifihotspotforwindows\nhxxps://windowsdownloads.xyz/2020/02/AutoClicker/FreeAutoClicker.exe\nhxxp://www.free-auto-clicker.com/FreeAutoClicker.exe\nhxxp://free-auto-clicker.com/FreeAutoClicker.exe\nhxxp://www.freemp3cutterjoiner.com/MP3CutterJoinerFree.exe\nhxxp://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe\nhxxp://www.music-editor.net/VidMateVideoConverter.exe\nhxxp://music-editor.net/VidMateVideoConverter.exe\nhxxp://www.free-audio-editor.com/EasyAudioExtractor.exe\nhxxp://free-audio-editor.com/EasyAudioExtractor.exe\nhxxp://audio-tool.net/AudioConvertToolbox.exe\nhxxp://www.audio-tool.net/AudioConvertToolbox.exe\nhxxp://www.ocrtoword.com/FreeOCRtoWord.exe?\nhxxp://www.ocrtoword.com/FreeOCRtoWord.exe\nhxxp://www.free-sound-editor.com/PowerSoundEditorFree.exe\nhxxps://www.free-sound-editor.com/PowerSoundEditorFree.exe\n\n","ACR-017":"RelevantKnowldge is installed in fraudulent way by installer application. \n","ACR-119":"Monetization components are attempted to be installed after the installer application is uninstalled. The installer application stays in startup program and run whenever system restart and present the relevant Knowledge even user declined it before. \n","ACR-059":"RelevantKnowledge is not clearly marked as optional offer. But it is installed as a mandatory offer. RK components are downloaded even consumer choose to decline during install. \n","ACR-039":"RelevantKnowledge usually is installed by another applications. There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as the part of the installer application. Even consumer decline RelevantKnowledge app, it is still downloaded nevertheless.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"RKInstall_050620.exe","isInstaller":"True","companyName":"TMRG,  INC.","fileVersion":"1.0","hashMD5":"3e632d7f0392251dd0b3049734163f5c","hashSHA1":"1790248a7adfe26f3eb442aad693d2c02c2d00ec","hashSHA256":"5ce92e6504fded15eee3767b056997f4c595db8b057f3887a805a1c478ff8d96","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","Dr.Web Security Space (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Tencent PC Manager (20210204)","Total AV Antivirus Pro (20240430)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)"],"avAllowList":["COMODO Antivirus (20240430)","McAfee Total Protection (20240430)","Trend Micro Internet Security (20240430)","Windows Defender (20240430)"]},{"isRevoked":"False","fileName":"RKInstall_051820.exe","isInstaller":"True","companyName":"TMRG,  INC.","fileVersion":"1.0","hashMD5":"53e0b8a1e570bae84ce2f72a1d889b81","hashSHA1":"e44adc04402681b7661a0d32b4db24f77afd90ca","hashSHA256":"34aa24656d5527a5ff1f7eb4ce4e782085618ded3766730c81f8f16a15d7e0ce","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":["Avast Premium Security (20210204)","AVG Internet Security (20210204)","Bitdefender Internet Security (20210204)","COMODO Antivirus (20210204)","Dr.Web Security Space (20210204)","ESET Internet Security (20210204)","G DATA INTERNET SECURITY (20210204)","K7 Total Security (20210204)","Malwarebytes Premium (20210204)","Norton Security (20210204)","Panda Dome (20210204)","Sophos Home Premium (20210204)","SpyHunter5 (20210204)","Tencent PC Manager (20210204)","VIPRE Advanced Security (20210204)","VirIT eXplorer PRO (20210204)","Webroot SecureAnywhere (20210204)","Windows Defender (20210204)"],"avAllowList":["360 Total Security (20210204)","Avira Internet Security (20210204)","Kaspersky Internet Security (20210204)","McAfee Total Protection (20210204)","Quick Heal Internet Security (20210204)","Total AV Antivirus Pro (20210204)","Trend Micro Internet Security (20210204)"]},{"isRevoked":"False","fileName":"RKInstall_052919.exe","isInstaller":"True","companyName":"TMRG,  INC.","fileVersion":"1.0","hashMD5":"76d1bc443d9a01e017783b9a96b6079b","hashSHA1":"32cc7c8ee8d566fba4aa551a956c88764b7309b4","hashSHA256":"6a0b7e36ccfdeac71553f9df3470c5faccb4bd06c37bafea6df13bbc78fb5ca1","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":["360 Total Security (20210204)","Avast Premium Security (20210204)","AVG Internet Security (20210204)","Avira Internet Security (20210204)","Bitdefender Internet Security (20210204)","Dr.Web Security Space (20210204)","ESET Internet Security (20210204)","G DATA INTERNET SECURITY (20210204)","K7 Total Security (20210204)","Kaspersky Internet Security (20210204)","Malwarebytes Premium (20210204)","Norton Security (20210204)","Panda Dome (20210204)","Sophos Home Premium (20210204)","SpyHunter5 (20210204)","Tencent PC Manager (20210204)","Total AV Antivirus Pro (20210204)","VIPRE Advanced Security (20210204)","VirIT eXplorer PRO (20210204)","Webroot SecureAnywhere (20210204)","Windows Defender (20210204)"],"avAllowList":["COMODO Antivirus (20210204)","McAfee Total Protection (20210204)","Quick Heal Internet Security (20210204)","Trend Micro Internet Security (20210204)"]},{"isRevoked":"False","fileName":"RKInstall_072720.exe","isInstaller":"True","companyName":"TMRG,  INC.","fileVersion":"1.0","hashMD5":"cf8361bd4360c31db7ed331a3e855576","hashSHA1":"406a31a34160e6e548e1d259f34fd7399d241462","hashSHA256":"13de78a2a66ae9ba3f464002de34bb065a4b730b490f2d0be147eb55989bc1db","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":["Avast Premium Security (20210204)","AVG Internet Security (20210204)","Avira Internet Security (20210204)","Bitdefender Internet Security (20210204)","COMODO Antivirus (20210204)","Dr.Web Security Space (20210204)","ESET Internet Security (20210204)","G DATA INTERNET SECURITY (20210204)","K7 Total Security (20210204)","Kaspersky Internet Security (20210204)","Malwarebytes Premium (20210204)","Norton Security (20210204)","Panda Dome (20210204)","Quick Heal Internet Security (20210204)","Sophos Home Premium (20210204)","SpyHunter5 (20210204)","Tencent PC Manager (20210204)","Total AV Antivirus Pro (20210204)","VIPRE Advanced Security (20210204)","VirIT eXplorer PRO (20210204)","Webroot SecureAnywhere (20210204)","Windows Defender (20210204)"],"avAllowList":["360 Total Security (20210204)","McAfee Total Protection (20210204)","Trend Micro Internet Security (20210204)"]},{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"c6b44d17dac48e49de59f53184c4f4cb","hashSHA1":"0f51d2f3298285f033d4c2c30743c9b0d9ee2f62","hashSHA256":"4cbf7e8634a85c17062201fb10ad8fc9c9e1992509aabdeb9954103cdb7d2c64","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"760d1f8466ffde4ea7ed36bd18102356","hashSHA1":"d87ce4c7b2ecc019a31feefe59d8cc98540aaccb","hashSHA256":"b4d421ef39364747e0d179c2d76869973b2e174befd7fca9eba1320760fcc340","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"17fc9a65af9387b131e1644ba73601ad","hashSHA1":"e0e2960ba70725e853fb7ae2926d4c79f6005e93","hashSHA256":"5f23b2adf6ed61f485827abb25590ad6ebdfb2f6badd64becc4d641678fb70f6","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"9b787481b79a181aee557267978a3b44","hashSHA1":"d920a2510de18a96e233db2ef162958d3be2e643","hashSHA256":"190d82908e219ccfd73120468db67c66c60e694a539fdab7726ee077ce5535fe","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"aeaa88b9b7a1a408b377fe1f998deb49","hashSHA1":"1f5a49ec2758bea87cb95d0be30652a04c379f1a","hashSHA256":"8c612abe9ee482cea324210aaab1f86c9187fa80375c43d92c36b7f7d46d8f09","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"f76a7b759e011b85cd0814076fcceace","hashSHA1":"ddedb9f81e4252a1c21238b70e21d20fffa296bb","hashSHA256":"7acc1f43614c8c7904de05cae73cadae73c37e2d6b1b88fb6b39e49f9f17b99f","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rkverify.exe","companyName":"T M R G  , INC.","fileVersion":"0.2","hashMD5":"60db193bce83f05363c874fec9b310c5","hashSHA1":"e1ceb44b70f37f47d92a02c113b59414ba346d81","hashSHA256":"10fb5a7c13814e3d45fabfe448ea1fd7e3a12fbded649385310b005cfe8ab18f","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2093","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offer in deceptors","reference":"PCMate bundler","landingPage":"offer in bundler","directDownloadingLink":"http://www.ocrtoword.com/FreeOCRtoWord.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ocrtoword.com/FreeOCRtoWord.exe","sourceIndex":"2093"}],"sampleFiles":["240303/RelevantKnowledge-201010/1.0.6.1/Samples/RKInstall_050620.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/RKInstall_051820.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/RKInstall_052919.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/RKInstall_072720.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlls.dll","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlls64.dll","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlservice.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlvknlg.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlvknlg32.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rlvknlg64.exe","240303/RelevantKnowledge-201010/1.0.6.1/Samples/rkverify.exe"],"imageFiles":["240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-039/BundleAppInstallEx.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-039/RKPresentedAsPartOfInstallerApp.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-047/UntruthfulMsg.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-042/ConnectRKBeforeInstall.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-042/DLBeforeDiscloseAndUserAction.JPG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-003/UntruthfulMsg.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-017/UntruthfulMsg.PNG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-119/StartupleftAfterUninstall.JPG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-119/UdpatePromptCantDismissed.JPG","240303/RelevantKnowledge-201010/1.0.6.1/Images/ACR-059/RKPresentedAsPartOfInstallerApp.PNG"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.0.6.1_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.0.6.1","sigName":"Deceptor:Win32/RelevantKnowledge!039047042003010017119059","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":601},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeWiFiRouter.exe","isInstaller":"True","companyName":"FreeWiFiRouter Co., Ltd.                                    ","fileVersion":"0.0","hashMD5":"322453dfd7ef2386d8ea4b4708edde5f","hashSHA1":"97239df91c9d4fcaa5347f975f844d6086bc3b16","hashSHA256":"93b5e1cdb8fcd72ce90be76157a9f192cdae8b70db7477d8a2e5deb95cfb16ee","sourceIndex":"565","avBlockList":["360 Total Security (20240917)","Avast Premium Security (20240917)","AVG Internet Security (20240917)","Avira Internet Security (20240917)","Bitdefender Internet Security (20240917)","COMODO Antivirus (20240917)","Dr.Web Security Space (20240917)","ESET Internet Security (20240917)","FortectPremium (20240917)","G DATA INTERNET SECURITY (20240917)","K7 Total Security (20240917)","KasperskyPremium (20240917)","Malwarebytes Premium (20240917)","McAfee Total Protection (20240917)","Norton Security (20240917)","Panda Dome (20240917)","Quick Heal Internet Security (20240917)","Sophos Home Premium (20240917)","SpyHunter5 (20240917)","Total AV Antivirus Pro (20240917)","Trend Micro Internet Security (20240917)","VIPRE Advanced Security (20240917)","VirIT eXplorer PRO (20240917)","Webroot SecureAnywhere (20240917)"],"avAllowList":["Windows Defender (20240917)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"https://freewifirouter.com/","directDownloadingLink":"https://freewifirouter.com/FreeWiFiRouter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freewifirouter.com/FreeWiFiRouter.exe","sourceIndex":"565"}],"sampleFiles":["240827/FreeWiFiRouter-231121/08.21.2024/Samples/FreeWiFiRouter.exe"],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"f9f02c3d-0f18-49a8-90a9-8824e2f3a03c_08.21.2024_1","appID":"FreeWiFiRouter-231121","dateAdded":"240827","deceptorType":"Bundler","name":"Free WiFi Router","company":"FreeWiFiRouter Co., Ltd.","version":"08.21.2024","lastKnownStatus":"8.8.2.4;08.21.2024","lastKnownDate":"240827","type":"Windows Executable","lastUpdate":"2024-08-27T23:08:45.7480063+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":602},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined\n","ACR-048":"The app does not provide any control to turn off/remove update notification and no option to remove the startup item\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-083":"The apps attempt to present the offer repeatedly via its update and startup.\n","ACR-084":" The app creates a startup entry without the user's knowledge and consent\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the user has previously declined\n","ACR-014":"After the app is installed, it misleads the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the user has previously declined\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":" The app does not have a valid digital signature for the installer and other executables\n","ACR-123":"The app does not remove dropped root certificates and startup item even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"FreeWiFiRouter.exe","isInstaller":"True","companyName":"FreeWiFiRouter Co. Ltd.                                    ","productName":"Free WiFi Router                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"ea2a6e820f8a4c39265133b72f2c6c75","hashSHA1":"eb242f1fc82f0b8ee94abec7a47e990cf04a1440","hashSHA256":"badc2ca01e7c706e042ca401dfda79f52f21d6e7610e71fe9acac5c833a56e06","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"715","avBlockList":["360 Total Security (20240829)","Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","ESET Internet Security (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240829)","McAfee Total Protection (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Quick Heal Internet Security (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","Total AV Antivirus Pro (20240829)","Trend Micro Internet Security (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)","Windows Defender (20240829)","FortectPremium (20240829)","KasperskyPremium (20240829)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"https://freewifirouter.com/","directDownloadingLink":"https://freewifirouter.com/FreeWiFiRouter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freewifirouter.com/FreeWiFiRouter.exe","sourceIndex":"715"}],"sampleFiles":["240307/FreeWiFiRouter-231121/8.8.2.4/Samples/FreeWiFiRouter.exe"],"imageFiles":["240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-109/ACR-109_Install_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-010/ACR-010_Install_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-013/ACR-013_Install_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-083/ACR-083_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-083/ACR-083_Software_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-084/ACR-084_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-048/ACR-048_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-048/ACR-048_Software_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-014/ACR-014_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-014/ACR-014_Software_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-075/ACR-075_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-075/ACR-075_Bundler-made offers_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-047/ACR-047_Bundler-made offers_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-047/ACR-047_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-106/ACR-106_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-092/ACR-092_Software_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-092/ACR-092_Software_2.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_1.png","240307/FreeWiFiRouter-231121/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_2.png"],"guid":"f9f02c3d-0f18-49a8-90a9-8824e2f3a03c_8.8.2.4_1","appID":"FreeWiFiRouter-231121","dateAdded":"240827","deceptorType":"Bundler","name":"Free WiFi Router","company":"FreeWiFiRouter Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4;08.21.2024","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,install offers","lastUpdate":"2024-08-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":603},{"violations":{"ACR-048":"Once user choose to accept RK to install, no way to exit the installation, the standard close option is disabled.\n","ACR-007":"1. Application doesn't notify all the affected parties for the data collected from the system software installed. Although the party who installed the software accept the statement during software installation, the affected parties still need to be notified when their online behavior data is collected. \n2. The app does not obtain user informed consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-013":"Application doesn't obtain the explicit informed user consent for running RK setup. The \"next\" misleads user that it is required for continue installation. It is misleadingly presented as mandatory component that user has to agree for install the application. \n","ACR-084":"1. After RK installed, it is immediately minimized to systray without notifying user its service is running, and its service running in background without user's awareness. User has no idea how to close the service if they don't check the hidden icon under systray. \n2. After User choose to \"Quit\" RK. Its service (rlservice.exe) is still running in background without user awareness and having no clue how to complete close the application.\n","ACR-118":"Multiple executable files are left after application has been uninstalled.\n","ACR-039":"RelevantKnowledge is usually installed by other applications. Although it is presented as an optional download during installation, user can't proceed the installation without accept it.  The Decline option doesn't enable \"next\" to proceed install the software that user choose, which misleads user that they have to choose accept.\n","ACR-155":"RelevantKnowledge offer is designed to look like part of the install workflow. User is misled that they have to choose \"Accept\" to proceed installation of the software they choose. The \"Decline\" doesn't enable user to proceed the installation of the software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"rk_setup_EN.exe","isInstaller":"True","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"3b7d4e97375023744e43b144a8b1d855","hashSHA1":"9f27dc4fad5b67b922ace53a10c99ceb42680582","hashSHA256":"22f5a156c6773fff499f9e1c1f4986ddbf7fa1ec66981d301a4582ee69e7b4e2","digitalCertThumbprint":"9E8BAD8B8FF388AE7C360DA59231961CC469F3A1","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"TMRG, Inc\", O=\"TMRG, Inc\", L=Reston, S=Virginia, C=US","sourceIndex":"567","avBlockList":["360 Total Security (20241008)","Avast Premium Security (20241008)","AVG Internet Security (20241008)","Avira Internet Security (20241008)","Bitdefender Internet Security (20241008)","COMODO Antivirus (20241008)","ESET Internet Security (20241008)","FortectPremium (20241008)","G DATA INTERNET SECURITY (20241008)","K7 Total Security (20241008)","KasperskyPremium (20241008)","Malwarebytes Premium (20241008)","McAfee Total Protection (20241008)","Norton Security (20241008)","Panda Dome (20241008)","Quick Heal Internet Security (20241008)","Sophos Home Premium (20241008)","SpyHunter5 (20241008)","Total AV Antivirus Pro (20241008)","VIPRE Advanced Security (20241008)","VirIT eXplorer PRO (20241008)","Webroot SecureAnywhere (20241008)"],"avAllowList":["Dr.Web Security Space (20241008)","Trend Micro Internet Security (20241008)","Windows Defender (20241008)"]},{"isRevoked":"False","fileName":"rlls.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"0019c97989541a682f85b94567fafce5","hashSHA1":"75091c135e2cac4e51a0c96d53d76be5511720df","hashSHA256":"b6cdabe85eef397a57071a27a4c7df77c0ddcef6af9736adcd2022466a356da6","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"567","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlls64.dll","companyName":"TMRG,  Inc.","fileVersion":"4.0","hashMD5":"ddcdd44a790e377202a537d82873b197","hashSHA1":"58b4f2747e3e8abe3269b95a8d470c56f7654675","hashSHA256":"6fc0c31a41609eed02c628df0f72901255ee3cb91cd84db9d11aa293d2f1895d","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"567","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlph.dll","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"366048503dcf3a6b709b6bf960a2e6b5","hashSHA1":"1d45fed62c9d334552c3292a51f671629fb2ff27","hashSHA256":"b3e9afc4bb3f194153db4e113611d35b80d27527479f252ed48af868c2d9703d","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"567","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"969ae0fb8d881fa7876f0ec3e7ce7178","hashSHA1":"f1d24f7bc22db5ee6d0b701192f55dcb238ccf34","hashSHA256":"134e5904ba356fc088df35ffeb6df571ef86e82e6525ea9346560d5e648ea6a7","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"567","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"db737c3c6387bbd84ca2faf56c29c1ac","hashSHA1":"01c2857a2037b1e05e1652160fe47561a12bbc7a","hashSHA256":"c930a3acb364504a9a14f8a6a097ee72e52d323b3bf69e2aeea6d9994dcaf8c4","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"567","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"5b3ee9e756154370785e23b9363d5149","hashSHA1":"6719495a049252940a71885197f02b77e5808ac6","hashSHA256":"0b93fe6bab84deb0d24f1a5f8a160f3fde0595e57f8841238c3c6097746ad6a3","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"567","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"e43d2eafac2c83d99b90fa0384c3246e","hashSHA1":"10f7a003f4ada626ac23ea7ee56f9e9785f13919","hashSHA256":"0124d3fdd9e47e563711591a6ab159cf09c03d1da48a92dc131de9cce9fc1c60","digitalCertThumbprint":"8A0B9F56E594181329741D549D529DEA98C225BB","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", S=Virginia, C=US","sourceIndex":"567","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offer in deceptors","reference":"PCMate bundler","landingPage":"offer in bundler","directDownloadingLink":"http://www.ocrtoword.com/FreeOCRtoWord.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ocrtoword.com/FreeOCRtoWord.exe","sourceIndex":"567"}],"sampleFiles":["240827/RelevantKnowledge-201010/1.3.340.310/Samples/rk_setup_EN.exe","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlls.dll","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlls64.dll","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlph.dll","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlvknlg.exe","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlvknlg32.exe","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlvknlg64.exe","240827/RelevantKnowledge-201010/1.3.340.310/Samples/rlservice.exe"],"imageFiles":["240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-039/ACR-039_Install_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-048/ACR-048_Software_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-007/ACR-007_Software_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-007/ACR-007_Software_2.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-084/ACR-084_Software_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-084/ACR-084_Software_2.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-084/ACR-084_Software_3.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-118/ACR-118_Uninstall_1.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-118/ACR-118_Uninstall_2.png","240827/RelevantKnowledge-201010/1.3.340.310/Images/ACR-013/ACR-013_Install_1.png"],"nonDeceptorImageFiles":[],"guid":"4a1d02da-9ad9-4919-9141-89e903b37b7f_1.3.340.310_1","appID":"RelevantKnowledge-201010","dateAdded":"240827","deceptorType":"App","name":"RelevantKnowledge","company":"RelevantKnowledge","version":"1.3.340.310","lastKnownStatus":"1.0.3.2;1.0.4.1;1.0.5.5;1.0.5.6;1.0.6.1;1.1.0.0;1.0.12.26;1.0.14.10;1.3.340.310","lastKnownDate":"240827","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-08-27T20:40:49.2531162+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":597},{"violations":{"ACR-003":"The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer, thereby misleading or scaring the consumer to take action.\n","ACR-004":"1. The app applies traffic light colors and gauges in free scanning result,  it is unsubstantiated and exaggerates the sense of urgency for the consumer.\n2. Outdated driver reported is not substantiated (driver version missing, new driver version and data missing)\n3. The application doesn't provide a free fix (driver update) instead offering a subscription that the user needs to pay to fix it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"1. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer, thereby misleading or scaring the consumer to take action.\n2. In the scan summary page the statement \"Upgrade to paid version to update '0' more drivers\" is misleading as it seems to suggest that despite upgrading the user can not update the drivers.\n3. The app displays 2 same startups in the task manager, thereby showing an extra/duplicate startup.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder \"C:\\Users\\User\\AppData\\Local\\Temp\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Winoids Driver Fixer\\Winoids.exe","companyName":"","productName":"","productVersion":"0.0.0.0","fileVersion":"0.0.0.0","hashMD5":"22f6a989f565fecd99572d96c272f02e","hashSHA1":"c2b61b2654e9248b7c433f97375fee3b41c4ed59","hashSHA256":"6109e6625a6547c854b2c1e7d2accf9ce69d78d15e47deffa6e4839cad52dc74","digitalCertThumbprint":"CD398DFA60754073AD973D0686A8FC4ED5AF7795","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Compsquad LLC","storeId":"","sourceIndex":"574","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinoidsDriverFixerSetup.exe","isInstaller":"True","companyName":"Winoids Driver Updater","productName":"Winoids Driver Fixer","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"f3af55ccb1bf0ebe10af94936c6cd5f0","hashSHA1":"af75159f8d9783abb772f145ab8094b73b9c26a3","hashSHA256":"2bded1925ecfbc7c50080c2cdb0b673101a57ef6b6985efb4da14df8bc3815e9","digitalCertThumbprint":"CD398DFA60754073AD973D0686A8FC4ED5AF7795","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Compsquad LLC","storeId":"","sourceIndex":"574","avBlockList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","ESET Internet Security (20240820)","G DATA INTERNET SECURITY (20240820)","K7 Total Security (20240820)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)","FortectPremium (20240820)"],"avAllowList":["Dr.Web Security Space (20240820)","Kaspersky Internet Security (20240530)","Quick Heal Internet Security (20240820)","KasperskyPremium (20240820)"]},{"isRevoked":"False","fileName":"WinoidsDriverFixerSetup_080724.exe","isInstaller":"True","companyName":"Winoids Driver Updater","fileVersion":"1.2","hashMD5":"fe62da89242cf0410838884607f09f27","hashSHA1":"5d2005e6be661db004b721188d321b44d5324e18","hashSHA256":"61c4d64e0fca2638203c21c02961734451bf5e24e3f9f3e5b1d9cdb293ce33e9","digitalCertThumbprint":"CD398DFA60754073AD973D0686A8FC4ED5AF7795","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Compsquad LLC, O=Compsquad LLC, S=California, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=202203810603","sourceIndex":"574","avBlockList":["360 Total Security (20240829)","Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","ESET Internet Security (20240829)","FortectPremium (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","Malwarebytes Premium (20240829)","McAfee Total Protection (20240829)","Norton Security (20240829)","Panda Dome (20240829)","Quick Heal Internet Security (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","Total AV Antivirus Pro (20240829)","VIPRE Advanced Security (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)","Windows Defender (20240829)"],"avAllowList":["COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","KasperskyPremium (20240829)","Trend Micro Internet Security (20240829)"]},{"isRevoked":"False","fileName":"Winoids_080724.exe","fileVersion":"1.0","hashMD5":"c9f0033666cb0b7ef412127a6683aca5","hashSHA1":"a5d144125da3a7bfc71e232bc696a51b5edf2698","hashSHA256":"04eb62a1431ede80486efb80759afc77ab042d5761c2838ea41e948ac908cbd6","digitalCertThumbprint":"CD398DFA60754073AD973D0686A8FC4ED5AF7795","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Compsquad LLC, O=Compsquad LLC, S=California, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=202203810603","sourceIndex":"574","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunting","reference":"","landingPage":"https://www.winoids.com/product","directDownloadingLink":"https://www.winoids.com/WinoidsDriverFixerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.winoids.com/WinoidsDriverFixerSetup.exe","sourceIndex":"574"}],"sampleFiles":["240807/WinoidsDriverFixer-240426/1.2.0.0/Samples/WinoidsDriverFixerSetup.exe","240807/WinoidsDriverFixer-240426/1.2.0.0/Samples/WinoidsDriverFixerSetup_080724.exe","240807/WinoidsDriverFixer-240426/1.2.0.0/Samples/Winoids_080724.exe"],"imageFiles":["240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-004/ACR-004.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-004/ACR-004_1.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-004/ACR-004_2.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-004/ACR-004_3.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-003/ACR-003.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-003/ACR-003_1.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-014/ACR-014.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-014/ACR-014_1.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-014/ACR-014_2.PNG","240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240807/WinoidsDriverFixer-240426/1.2.0.0/Images/ACR-040/ACR-040.PNG"],"guid":"f3f2470b-ec69-42d0-a7df-41fb47262fbd_1.2.0.0_1","appID":"WinoidsDriverFixer-240426","dateAdded":"240807","deceptorType":"App","name":"Winoids Driver Fixer","company":"Winoids Driver Updater","version":"1.2.0.0","lastKnownStatus":"1.2.0.0","lastKnownDate":"240807","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-08-07T17:16:12.9608233+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":604},{"violations":{"ACR-109":"The application silently installs \"K-Lite Codec Pack\" before the user chooses and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The application silently installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"K-Lite Codec Pack\", \"FFmpeg\" and \"Qt5\"\n","ACR-048":"The app does not provide any control to remove the scheduled task within the app's settings.\n","ACR-004":"The application doesn't provide a free fix for the recovery instead offering the subscription payment option to recovery the reported files.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly that the Auto-renewal policy and does not disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"StellarDataRecovery-H.exe","isInstaller":"True","companyName":"Stellar Information Technology Pvt Ltd.                     ","productName":"Stellar Data Recovery                                       ","productVersion":"11.0.0.8                                          ","fileVersion":"11.0.0.8            ","hashMD5":"a7bb376857a5d30e49dd847f9ef98724","hashSHA1":"1cd75ddf7fb1e985e83398d1331c39e699475d07","hashSHA256":"d54ad45f4aa02141e095a6f71b9e92554d914396fc0627340fc0403919235e1c","digitalCertThumbprint":"CBDD73B7B7C27DE9E7ED76771C777D5F0A646A76","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Stellar Information Technology Private Limited","storeId":"","sourceIndex":"581","avBlockList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","ESET Internet Security (20241001)","K7 Total Security (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Quick Heal Internet Security (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["Bitdefender Internet Security (20241001)","COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","FortectPremium (20240822)","G DATA INTERNET SECURITY (20241001)","KasperskyPremium (20241001)","Malwarebytes Premium (20241001)","McAfee Total Protection (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.stellarinfo.com/","directDownloadingLink":"https://www.stellarinfo.com/thankyou/wdrstd/thankyou.php?c=us","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.stellarinfo.com/thankyou/wdrstd/thankyou.php?c=us","sourceIndex":"581"}],"sampleFiles":["240730/StellarDataRecovery-240312/11.0.0.8/Samples/StellarDataRecovery-H.exe"],"imageFiles":["240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-109/ACR-109.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-109/ACR-109_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-039/ACR-039.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-039/ACR-039_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-043/ACR-043.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-043/ACR-043_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-043/ACR-043_2.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-043/ACR-043_3.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-107/ACR-107.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-107/ACR-107_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-107/ACR-107_2.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-107/ACR-107_3.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-042/ACR-042.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-042/ACR-042_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-042/ACR-042_2.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-042/ACR-042_3.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-004/ACR-004.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-004/ACR-004_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-084/ACR-084.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-048/ACR-048.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-048/ACR-048_1.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-118/ACR-118.PNG","240730/StellarDataRecovery-240312/11.0.0.8/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"5d9ed1e0-3e07-420c-9658-71ecbfee6bee_11.0.0.8_1","appID":"StellarDataRecovery-240312","dateAdded":"240730","deceptorType":"App","name":"Stellar Data Recovery","company":"Stellar Information Technology Pvt Ltd.","version":"11.0.0.8","lastKnownStatus":"11.0.0.6;11.0.0.8","lastKnownDate":"240730","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows XP,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-30T17:59:42.7579382+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":605},{"violations":{"ACR-109":"The application silently installs \"K-Lite Codec Pack\" before the user chooses and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-043":"1. The application silently installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n2. Open source projects \"FFmpeg\" and \"Qt5\" are installed without any disclosure in EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"K-Lite Codec Pack\", \"FFmpeg\" and \"Qt5\"\n","ACR-048":"The app does not provide any control to remove the scheduled task within the app's settings.\n","ACR-004":"The application doesn't provide a free fix for the recovery instead offering the subscription payment option to recovery the reported files.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components it installed on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"K-Lite Codec Pack\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not mention clearly that the Auto-renewal policy and does not disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Stellar Data Recovery\\StellarDataRecovery.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ee64276b826e68282c43daac6c42ac00","hashSHA1":"4f2338ee17024d1750ab4ffa6cd66aaea3483b3e","hashSHA256":"966ec0845cbcff69c64959dce2f0f78aeaeb47dccbbf0de27208ef56556370e3","digitalCertThumbprint":"CBDD73B7B7C27DE9E7ED76771C777D5F0A646A76","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Stellar Information Technology Private Limited","storeId":"","sourceIndex":"713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StellarDataRecovery-H.exe","isInstaller":"True","companyName":"Stellar Information Technology Pvt Ltd.                     ","productName":"Stellar Data Recovery                                       ","productVersion":"11.0.0.6                                          ","fileVersion":"11.0.0.6            ","hashMD5":"9ea3aab016a5310a8c0001af6924d54d","hashSHA1":"08da9bffbfff53493f01f7bd02654080477377b8","hashSHA256":"19efd0a338456eddea09d85ddef198f4f8782b53a065a588804c9fbaa72c375c","digitalCertThumbprint":"CBDD73B7B7C27DE9E7ED76771C777D5F0A646A76","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Stellar Information Technology Private Limited","storeId":"","sourceIndex":"713","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","ESET Internet Security (20240815)","K7 Total Security (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VirIT eXplorer PRO (20240815)"],"avAllowList":["360 Total Security (20240815)","Bitdefender Internet Security (20240815)","COMODO Antivirus (20240815)","Dr.Web Security Space (20240815)","G DATA INTERNET SECURITY (20240815)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240815)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","VIPRE Advanced Security (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Data recovery applications","reference":"","landingPage":"https://www.stellarinfo.com/","directDownloadingLink":"https://www.stellarinfo.com/thankyou/wdrstd/thankyou.php?c=us","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.stellarinfo.com/thankyou/wdrstd/thankyou.php?c=us","sourceIndex":"713"}],"sampleFiles":["240313/StellarDataRecovery-240312/11.0.0.6/Samples/StellarDataRecovery-H.exe"],"imageFiles":["240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-109/ACR-109.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-109/ACR-109_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-039/ACR-039.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-039/ACR-039_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-043/ACR-043.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-043/ACR-043_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-043/ACR-043_2.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-043/ACR-043_3.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-107/ACR-107.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-107/ACR-107_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-107/ACR-107_2.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-107/ACR-107_3.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-042/ACR-042.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-042/ACR-042_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-042/ACR-042_2.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-042/ACR-042_3.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-004/ACR-004_3.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-004/ACR-004_4.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-084/ACR-084.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-048/ACR-048.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-048/ACR-048_1.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-118/ACR-118.PNG","240313/StellarDataRecovery-240312/11.0.0.6/Images/ACR-165/ACR-165.PNG"],"nonDeceptorImageFiles":[],"guid":"5d9ed1e0-3e07-420c-9658-71ecbfee6bee_11.0.0.6_1","appID":"StellarDataRecovery-240312","dateAdded":"240730","deceptorType":"App","name":"Stellar Data Recovery","company":"Stellar Information Technology Pvt Ltd.","version":"11.0.0.6","lastKnownStatus":"11.0.0.6;11.0.0.8","lastKnownDate":"240730","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows XP,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":606},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-014":"When the \"Skip All\" option in the offer is clicked, it displays another prompt with a statement: \"Are you sure you want to quit PowerISO 8.8 setup?\" which misleads the user to think that the powerISO app installation will not proceed without accepting the offers.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PowerISO8-x64.exe","isInstaller":"True","companyName":"Power Software Ltd","productName":"PowerISO Setup","productVersion":"8.8.0.0","fileVersion":"8.8.0.0","hashMD5":"d97f67727477fe53ad6ccfa39a105e73","hashSHA1":"fa22f77021312b68bd367eb1a18b6d0452e35661","hashSHA256":"7d767e17246f7c418cfb080bf3dd95f707f69eabd7588befa02bc22b9ffc9193","digitalCertThumbprint":"A93D73E5EE4823415B2D7B5EA0AB40853810D620","digitalCertIssuer":"SSL.com Code Signing Intermediate CA RSA R1","digitalCertIssuedTo":"Power Software Limited","storeId":"","sourceIndex":"583","avBlockList":["Avira Internet Security (20240919)","Bitdefender Internet Security (20240919)","COMODO Antivirus (20240919)","ESET Internet Security (20240919)","FortectPremium (20240919)","G DATA INTERNET SECURITY (20240919)","K7 Total Security (20240919)","KasperskyPremium (20240919)","Malwarebytes Premium (20240919)","Norton Security (20240919)","Panda Dome (20240919)","Quick Heal Internet Security (20240919)","Sophos Home Premium (20240919)","SpyHunter5 (20240919)","VIPRE Advanced Security (20240919)","VirIT eXplorer PRO (20240919)","Webroot SecureAnywhere (20240919)"],"avAllowList":["360 Total Security (20240919)","Avast Premium Security (20240919)","AVG Internet Security (20240919)","Dr.Web Security Space (20240919)","McAfee Total Protection (20240919)","Total AV Antivirus Pro (20240919)","Trend Micro Internet Security (20240919)","Windows Defender (20240919)"]},{"isRevoked":"False","fileName":"PowerISO8.exe","isInstaller":"True","companyName":"Power Software Ltd","productName":"PowerISO Setup","productVersion":"8.8.0.0","fileVersion":"8.8.0.0","hashMD5":"51508b5686d652016a6d062e4f9ae016","hashSHA1":"6b956a4a7a9aeb281da3aac0209e060a8ee0338e","hashSHA256":"cfa70f51a334341d766e3205fe89bed59ccd06f6de2ff706893b2f884f5b796c","digitalCertThumbprint":"A93D73E5EE4823415B2D7B5EA0AB40853810D620","digitalCertIssuer":"SSL.com Code Signing Intermediate CA RSA R1","digitalCertIssuedTo":"Power Software Limited","storeId":"","sourceIndex":"583","avBlockList":["Avira Internet Security (20241001)","Bitdefender Internet Security (20241001)","COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","FortectPremium (20241001)","G DATA INTERNET SECURITY (20241001)","K7 Total Security (20241001)","KasperskyPremium (20241001)","Malwarebytes Premium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Quick Heal Internet Security (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Avast Premium Security (20241001)","AVG Internet Security (20241001)","McAfee Total Protection (20241001)","Total AV Antivirus Pro (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"PUPnMB","landingPage":"https://www.poweriso.com/","directDownloadingLink":"https://www.poweriso.com/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.poweriso.com/download.htm","sourceIndex":"583"}],"sampleFiles":["240725/PowerISO-180306/8.8/Samples/PowerISO8-x64.exe","240725/PowerISO-180306/8.8/Samples/PowerISO8.exe"],"imageFiles":["240725/PowerISO-180306/8.8/Images/ACR-013/ACR-013.PNG","240725/PowerISO-180306/8.8/Images/ACR-013/ACR-013_1.PNG","240725/PowerISO-180306/8.8/Images/ACR-060/ACR-060.PNG","240725/PowerISO-180306/8.8/Images/ACR-060/ACR-060_1.PNG","240725/PowerISO-180306/8.8/Images/ACR-014/ACR-014.PNG","240725/PowerISO-180306/8.8/Images/ACR-014/ACR-014_1.PNG","240725/PowerISO-180306/8.8/Images/ACR-155/ACR-155.PNG","240725/PowerISO-180306/8.8/Images/ACR-155/ACR-155_1.PNG"],"nonDeceptorImageFiles":[],"guid":"ac1ad976-308d-4392-98a9-3ee3b07ceedc_8.8_1","appID":"PowerISO-180306","dateAdded":"240725","deceptorType":"App","name":"PowerISO","company":"Power Software Ltd.","version":"8.8","lastKnownStatus":"8.6.0.0;8.8","lastKnownDate":"240725","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-07-25T22:19:50.4670751+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":607},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"When the user attempts to completely uninstall the application, some components are retained on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PowerISO8-x64.exe","isInstaller":"True","companyName":"Power Software Ltd","fileVersion":"8.6","hashMD5":"7513a757a9b43ceda8d7614dcc73957e","hashSHA1":"26f283f8b0e4900974a629ec9b567db989186d77","hashSHA256":"29a96e7b461b21fe4c2a037798aaa9adce3b047a1a81e486352a090e1dba2656","digitalCertThumbprint":"A93D73E5EE4823415B2D7B5EA0AB40853810D620","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=Power Software Limited, O=Power Software Limited, L=Sheung Wan, C=HK","sourceIndex":"875","avBlockList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Kaspersky Internet Security (20240222)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VIPRE Advanced Security (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","McAfee Total Protection (20240801)","Trend Micro Internet Security (20240801)","Windows Defender (20240801)"]},{"isRevoked":"False","fileName":"PowerISO8.exe","isInstaller":"True","companyName":"Power Software Ltd","fileVersion":"8.6","hashMD5":"64b0b34e3c3219b1b3d7687c5804bd05","hashSHA1":"62ac72a029c911236ef2a844d02f4ca0c72077ef","hashSHA256":"7cf74b58caaeb417c010c01d9d585cdaa6069b897f07d695b255586109fde49f","digitalCertThumbprint":"A93D73E5EE4823415B2D7B5EA0AB40853810D620","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=Power Software Limited, O=Power Software Limited, L=Sheung Wan, C=HK","sourceIndex":"875","avBlockList":["Avast Premium Security (20240806)","AVG Internet Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","K7 Total Security (20240806)","Kaspersky Internet Security (20240222)","Malwarebytes Premium (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","VIPRE Advanced Security (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","FortectPremium (20240806)","KasperskyPremium (20240806)"],"avAllowList":["360 Total Security (20240806)","McAfee Total Protection (20240806)","Trend Micro Internet Security (20240806)","Windows Defender (20240806)"]}],"additionalFiles":[],"sources":[{"howFound":"dotnet setup","reference":"","landingPage":"https://www.poweriso.net/","directDownloadingLink":"https://www.poweriso.net/PowerISO8-x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.poweriso.net/PowerISO8-x64.exe","sourceIndex":"875"}],"sampleFiles":["231004/PowerISO-180306/8.6.0.0/Samples/PowerISO8-x64.exe","231004/PowerISO-180306/8.6.0.0/Samples/PowerISO8.exe"],"imageFiles":["231004/PowerISO-180306/8.6.0.0/Images/ACR-118/ACR-118.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-013/OptionalOffer.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-013/OptionalOffer-2.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-060/OptionalOffer.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-060/OptionalOffer-2.jpg"],"nonDeceptorImageFiles":["231004/PowerISO-180306/8.6.0.0/Images/ACR-065/Install_PowerISo.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-065/About_PowerISo.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-065/LP_PowerISO.png","231004/PowerISO-180306/8.6.0.0/Images/ACR-065/InternalOffer_PowerISO.png","231004/PowerISO-180306/8.6.0.0/Images/ACR-099/About_PowerISo.jpg","231004/PowerISO-180306/8.6.0.0/Images/ACR-099/LP_PowerISO.png","231004/PowerISO-180306/8.6.0.0/Images/ACR-099/InternalOffer_PowerISO.png","231004/PowerISO-180306/8.6.0.0/Images/ACR-167/EULA_PowerISO.jpeg"],"guid":"ac1ad976-308d-4392-98a9-3ee3b07ceedc_8.6.0.0_1","appID":"PowerISO-180306","dateAdded":"240725","deceptorType":"App","name":"PowerISO","company":"Power Software Ltd.","version":"8.6.0.0","lastKnownStatus":"8.6.0.0;8.8","lastKnownDate":"240725","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-07-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":608},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"frostwire-6.12.0.windows.exe","isInstaller":"True","fileVersion":"6.12","hashMD5":"102995a5b58de2cfc017d677ecc049f7","hashSHA1":"5aa25caa49ef2cffc1032db01f9c3ffcd811db41","hashSHA256":"57fad42313274c164223c20cbb1483bd40218d0a614b78e5618a02b83892405f","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"1063","avBlockList":["360 Total Security (20240725)","Avira Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["Avast Premium Security (20240725)","AVG Internet Security (20240725)","Bitdefender Internet Security (20240725)","K7 Total Security (20240725)","McAfee Total Protection (20240725)","Quick Heal Internet Security (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","Windows Defender (20240725)"]},{"isRevoked":"False","fileName":"FrostWire.exe","companyName":"FrostWire","fileVersion":"1.0","hashMD5":"3548534fe1326cc27f9481195ee43056","hashSHA1":"7ab036e17c59e7513894dc49288f7bbb55a85bb7","hashSHA256":"28124e3395fa42f326fe5b3f59e1f50568adb729ea1c7c211c07e0b52441c9b8","sourceIndex":"1063","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"1063"}],"sampleFiles":["230601/FrostWire-220517/6.12.0/Samples/frostwire-6.12.0.windows.exe","230601/FrostWire-220517/6.12.0/Samples/FrostWire.exe"],"imageFiles":["230601/FrostWire-220517/6.12.0/Images/ACR-042/ACR-042.jpg","230601/FrostWire-220517/6.12.0/Images/ACR-013/Offer.jpg","230601/FrostWire-220517/6.12.0/Images/ACR-060/Offer.jpg"],"nonDeceptorImageFiles":[],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.12.0_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.12.0","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":612},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"frostwire-6.13.1.windows.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"e680a7190fb8fb96a7c1af4042d415dd","hashSHA1":"eef7647129bf0883a4c38f91bb20687306360cdc","hashSHA256":"5b0ea1ba6adcfe97dee43d8fd9af9ba966e955b16dac84eb9c564858bafea2c2","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"774","avBlockList":["360 Total Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VIPRE Advanced Security (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","K7 Total Security (20240801)","McAfee Total Protection (20240801)","Quick Heal Internet Security (20240801)","Trend Micro Internet Security (20240801)","Windows Defender (20240801)"]},{"isRevoked":"False","fileName":"frostwire-6.13.1.windows_231103.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"0dc9197c35373469d95226a135c12684","hashSHA1":"40da22b920f3ebc137be182e36d7c517c2add458","hashSHA256":"582b346b6f140bcaecf02608b26761dd3f4b3809b49ffa195d8c1e7bee73946a","digitalCertThumbprint":"ABD9D5320A12728F8CBA287A858FF561391EAD37","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"774","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"frostwire-6.13.1.windows_231109.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"c0594b030c65f0238a373ac5bc8fc6f2","hashSHA1":"3dae6142e777139b67e59db5cf0b08c1bdb3b5b4","hashSHA256":"86b1cc6caecabadd8706511b80916fb3f4e03b7fc40e61d9eeddb8fb49627859","digitalCertThumbprint":"ABD9D5320A12728F8CBA287A858FF561391EAD37","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"774","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"frostwire-6.13.1.windows_231226.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"ee25164276804dc7c7d3c4bf1d45577d","hashSHA1":"df0cd57f11d1e822f1e8505570cef2ada33cf362","hashSHA256":"4d824e052cfd7aac94e4ea6cf8935431139732e990ab543f55922075aa9eaec4","digitalCertThumbprint":"ABD9D5320A12728F8CBA287A858FF561391EAD37","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"774","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"774"}],"sampleFiles":["231226/FrostWire-220517/6.13.1/Samples/frostwire-6.13.1.windows.exe","231226/FrostWire-220517/6.13.1/Samples/frostwire-6.13.1.windows_231103.exe","231226/FrostWire-220517/6.13.1/Samples/frostwire-6.13.1.windows_231109.exe","231226/FrostWire-220517/6.13.1/Samples/frostwire-6.13.1.windows_231226.exe"],"imageFiles":["231226/FrostWire-220517/6.13.1/Images/ACR-042/ACR-042.jpg","231226/FrostWire-220517/6.13.1/Images/ACR-013/OptionalOffer.jpg","231226/FrostWire-220517/6.13.1/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.13.1_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.13.1","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":610},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"frostwire-6.13.1.windows.exe","isInstaller":"True","fileVersion":"6.13","hashMD5":"e680a7190fb8fb96a7c1af4042d415dd","hashSHA1":"eef7647129bf0883a4c38f91bb20687306360cdc","hashSHA256":"5b0ea1ba6adcfe97dee43d8fd9af9ba966e955b16dac84eb9c564858bafea2c2","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"844","avBlockList":["360 Total Security (20240801)","Avira Internet Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VIPRE Advanced Security (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)","KasperskyPremium (20240801)"],"avAllowList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","K7 Total Security (20240801)","McAfee Total Protection (20240801)","Quick Heal Internet Security (20240801)","Trend Micro Internet Security (20240801)","Windows Defender (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"844"}],"sampleFiles":["231023/FrostWire-220517/6.13.0/Samples/frostwire-6.13.1.windows.exe"],"imageFiles":["231023/FrostWire-220517/6.13.0/Images/ACR-042/ACR-042_frostwire.jpg","231023/FrostWire-220517/6.13.0/Images/ACR-013/Frostwire_OptionalOffer.jpg","231023/FrostWire-220517/6.13.0/Images/ACR-060/Frostwire_OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.13.0_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.13.0","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":611},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"frostwire-6.11.0.windows.exe","isInstaller":"True","fileVersion":"6.11","hashMD5":"0e9a6ef2a545e1c3e8616a6923f78d40","hashSHA1":"37318ea0f0465556eacec98b74830c5edb3a8010","hashSHA256":"f20d66b647f15a5cd5f590b3065a1ef2bcd9dad307478437766640f16d416bbf","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=FrostWire LLC, O=FrostWire LLC, L=Miami Beach, S=Florida, C=US","sourceIndex":"1164","avBlockList":["360 Total Security (20230418)","Avira Internet Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Quick Heal Internet Security (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","VIPRE Advanced Security (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["Avast Premium Security (20230418)","AVG Internet Security (20230418)","Trend Micro Internet Security (20230418)","Windows Defender (20230418)"]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"1164"}],"sampleFiles":["230406/FrostWire-220517/6.11.0/Samples/frostwire-6.11.0.windows.exe"],"imageFiles":["230406/FrostWire-220517/6.11.0/Images/ACR-042/Frost_043_042.JPG","230406/FrostWire-220517/6.11.0/Images/ACR-013/ACR-013.JPG","230406/FrostWire-220517/6.11.0/Images/ACR-013/ACR-013_1.JPG","230406/FrostWire-220517/6.11.0/Images/ACR-060/ACR-060.JPG","230406/FrostWire-220517/6.11.0/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.11.0_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.11.0","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":613},{"violations":{"ACR-048":"The app does not provide control to disable the startup item within the app's settings.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed Startup to perform an action without the user's knowledge and consent. \n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"FrostWire.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"frostwire-6.13.2.windows.exe","isInstaller":"True","companyName":"                                                            ","productName":"Frostwire                                                   ","productVersion":"6.13.2                                            ","fileVersion":"6.13.2              ","hashMD5":"bd352ada33c61ceb9db09d3601b302bc","hashSHA1":"2ece05e008eca40c17172ae72b5c0d29f81b664b","hashSHA256":"887c5af40ba3a354696ee0be278d482bdca6a262e3a0520bb32368ca17ac5357","digitalCertThumbprint":"4C2BAE5980F97631C4016AF260EECDEBB0DF9636","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"FrostWire LLC","storeId":"","sourceIndex":"587","avBlockList":["360 Total Security (20241008)","COMODO Antivirus (20241008)","Dr.Web Security Space (20241008)","ESET Internet Security (20241008)","FortectPremium (20241008)","G DATA INTERNET SECURITY (20241008)","K7 Total Security (20241008)","KasperskyPremium (20241008)","Malwarebytes Premium (20241008)","Norton Security (20241008)","Panda Dome (20241008)","Sophos Home Premium (20241008)","SpyHunter5 (20241008)","VirIT eXplorer PRO (20241008)","Webroot SecureAnywhere (20241008)"],"avAllowList":["Avast Premium Security (20241008)","AVG Internet Security (20241008)","Avira Internet Security (20241008)","Bitdefender Internet Security (20241008)","McAfee Total Protection (20241008)","Quick Heal Internet Security (20241008)","Total AV Antivirus Pro (20241008)","Trend Micro Internet Security (20241008)","VIPRE Advanced Security (20241008)","Windows Defender (20241008)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"587"}],"sampleFiles":["240722/FrostWire-220517/6.13.2/Samples/frostwire-6.13.2.windows.exe"],"imageFiles":["240722/FrostWire-220517/6.13.2/Images/ACR-084/ACR-084.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-097/ACR-097.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-048/ACR-048.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-048/ACR-048_1.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-013/ACR-013.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-013/ACR-013_1.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-060/ACR-060.PNG","240722/FrostWire-220517/6.13.2/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240722/FrostWire-220517/6.13.2/Images/ACR-092/ACR-092.PNG"],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.13.2_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.13.2","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T21:30:57.8443206+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":609},{"violations":{"ACR-042":" App drops hidden file/potential offer app info in hidden folder without user permission\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{"ACR-027":"Interstitial does not declare it's an ad or offer for its own mobile torrent app\n"},"samples":[{"isRevoked":"False","fileName":"frostwire-6.10.0.windows.exe","isInstaller":"True","companyName":"                                                            ","productName":"Frostwire                                                   ","productVersion":"6.10.0                                            ","fileVersion":"6.10.0              ","hashMD5":"756048f7127288fbff0537c80efad2c5","hashSHA1":"25cf589943605229fc846808e3ec799f7d0df4c6","hashSHA256":"29e08911030250b6c4e9d2a96b447d6bf6efd880ab464a526c9b5ad94adaffb5","digitalCertThumbprint":"D9136C425626F5A27821BC3ED4FB330CE6F9B3F5","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"FrostWire LLC","storeId":"","sourceIndex":"1165","avBlockList":["360 Total Security (20240730)","Avira Internet Security (20240730)","COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","G DATA INTERNET SECURITY (20240730)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Sophos Home Premium (20240730)","SpyHunter5 (20240730)","Total AV Antivirus Pro (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)","FortectPremium (20240730)","KasperskyPremium (20240730)"],"avAllowList":["Avast Premium Security (20240730)","AVG Internet Security (20240730)","Bitdefender Internet Security (20240730)","K7 Total Security (20240730)","McAfee Total Protection (20240730)","Quick Heal Internet Security (20240730)","Trend Micro Internet Security (20240730)","VIPRE Advanced Security (20240730)","Windows Defender (20240730)"]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"https://www.frostwire.com/","directDownloadingLink":"https://www.frostwire.com/download/?os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.frostwire.com/download/?os=windows","sourceIndex":"1165"}],"sampleFiles":["230406/FrostWire-220517/6.10.0/Samples/frostwire-6.10.0.windows.exe"],"imageFiles":["230406/FrostWire-220517/6.10.0/Images/ACR-042/Frost_043_042.JPG","230406/FrostWire-220517/6.10.0/Images/ACR-013/ACR-013.JPG","230406/FrostWire-220517/6.10.0/Images/ACR-013/ACR-013_1.JPG","230406/FrostWire-220517/6.10.0/Images/ACR-060/ACR-060.JPG","230406/FrostWire-220517/6.10.0/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":["230406/FrostWire-220517/6.10.0/Images/ACR-027/ACR-027.JPG"],"guid":"41ed223c-c2f5-4e4f-8709-7a1c0e001587_6.10.0_1","appID":"FrostWire-220517","dateAdded":"240722","deceptorType":"App","name":"Frostwire","company":"FrostWire LLC","version":"6.10.0","lastKnownStatus":"6.11.0;6.12.0;6.13.0;6.13.2","lastKnownDate":"240722","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":614},{"violations":{"ACR-048":"Cannot close the app or cancel the install once the process has started.\nClosing the software completely does not stop all background tasks, leaving the user no way to stop them.\n\n","ACR-007":"App doesn't obtain informed user consent about the security risks associated with joining a peer to peer network during installation.\nApp provides no notice to the user about the security risks associated with joining a peer to peer network, which means users cannot give informed consent.\n","ACR-084":"Closing the software completely removes the app from the system tray while continuing to run background tasks.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"BitVPNSetup.exe","isInstaller":"True","companyName":"Talktone, Inc.                                              ","fileVersion":"2019.12","hashMD5":"bcb6d5e70234e3512b1789364f140969","hashSHA1":"35ba69f2df18ac76eed85e5c558244b03dc5144d","hashSHA256":"705a854f10b9f6e69631b7a42388a268dfb2465498165924d7f4e5fa6e0ed172","digitalCertThumbprint":"126073B39DBF488A110A8195EB113314EA41FCA0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Talktone, Inc\", O=\"Talktone, Inc\", L=SUNNYVALE, S=California, C=US","sourceIndex":"589","avBlockList":["ESET Internet Security (20240829)","FortectPremium (20240829)","Kaspersky Internet Security (20240725)","Norton Security (20240829)","Panda Dome (20240829)","Sophos Home Premium (20240829)","SpyHunter5 (20240829)","VirIT eXplorer PRO (20240829)","Webroot SecureAnywhere (20240829)"],"avAllowList":["360 Total Security (20240829)","Avast Premium Security (20240829)","AVG Internet Security (20240829)","Avira Internet Security (20240829)","Bitdefender Internet Security (20240829)","COMODO Antivirus (20240829)","Dr.Web Security Space (20240829)","G DATA INTERNET SECURITY (20240829)","K7 Total Security (20240829)","Malwarebytes Premium (20240829)","McAfee Total Protection (20240829)","Quick Heal Internet Security (20240829)","Total AV Antivirus Pro (20240829)","Trend Micro Internet Security (20240829)","VIPRE Advanced Security (20240829)","Windows Defender (20240829)","KasperskyPremium (20240829)"]},{"isRevoked":"False","fileName":"bitvpn.exe","companyName":"Talktone","fileVersion":"0.0","hashMD5":"20394e27d6bb218fef0ca092cdc75aaf","hashSHA1":"dc3cd4ad6ac126065bbaa6a0cad80b691c259c27","hashSHA256":"bcbad3c27a03305b3ba7990370e520a5d715853c6f3d0786d6be350ef7ca5cfb","digitalCertThumbprint":"126073B39DBF488A110A8195EB113314EA41FCA0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Talktone, Inc\", O=\"Talktone, Inc\", L=SUNNYVALE, S=California, C=US","sourceIndex":"589","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search for P2P VPN","reference":"","landingPage":"https://www.bitvpn.net/","directDownloadingLink":"https://statich5.cheapmessageapp.com/bitvpn_download/windows/BitVPNSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://statich5.cheapmessageapp.com/bitvpn_download/windows/BitVPNSetup.exe","sourceIndex":"589"}],"sampleFiles":["240717/Bitvpn-240717/0.0.14/Samples/BitVPNSetup.exe","240717/Bitvpn-240717/0.0.14/Samples/bitvpn.exe"],"imageFiles":["240717/Bitvpn-240717/0.0.14/Images/ACR-048/NoCancelInstall.png","240717/Bitvpn-240717/0.0.14/Images/ACR-007/InstallerAutoAgree.png","240717/Bitvpn-240717/0.0.14/Images/ACR-084/BackgroundInternetConnection.png","240717/Bitvpn-240717/0.0.14/Images/ACR-084/BackgroundProcess.png","240717/Bitvpn-240717/0.0.14/Images/ACR-048/BackgroundProcess.png","240717/Bitvpn-240717/0.0.14/Images/ACR-007/InstallerAutoAgree.png"],"nonDeceptorImageFiles":[],"guid":"3e8fe0a7-674f-469a-b5ae-105e5ded63e2_0.0.14_1","appID":"Bitvpn-240717","dateAdded":"240717","deceptorType":"App","name":"BitVPN","company":"Talktone Inc","version":"0.0.14","lastKnownStatus":"0.0.14","lastKnownDate":"240717","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11,Windows XP,Windows Vista","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-17T22:01:25.5096415+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":615},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add exception to windows firewall rules\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains main program \"BitLord.exe\" and its components on the device. And it is still running in the background.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"BitLord.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\BitLord\\BitLord.exe","companyName":"House of Life","productName":"BitLord","productVersion":"2.4.6-359","fileVersion":"2.4.6-359","hashMD5":"d8d6a299e567998f3a13a7ada2d38547","hashSHA1":"1650de72e010969247c10172871e420012a8be4e","hashSHA256":"d9c3f796e53263a3f85845f321806918a67b58e082b8a7ae2cd20dee0f963645","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"948","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitlordSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"House Of Life                                               ","productVersion":"2.4.6.358                                         ","fileVersion":"2.4.6.358           ","hashMD5":"5364cfd44d52b253469b99cd4b0f1a91","hashSHA1":"d57cea65aaf149a284bd287a1d33d29d9e873a89","hashSHA256":"3ad1aed8bd704152157ac92afed1c51e60f205fbdce1365bad8eb9b3a69544d0","digitalCertThumbprint":"F6B0F2E4B7EB277F1D72BB5B09823E615BD339C0","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"House of Life","storeId":"","sourceIndex":"948","avBlockList":["360 Total Security (20240718)","Avira Internet Security (20240718)","COMODO Antivirus (20240718)","Dr.Web Security Space (20240718)","ESET Internet Security (20240718)","G DATA INTERNET SECURITY (20240718)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240718)","McAfee Total Protection (20240718)","Norton Security (20240718)","Panda Dome (20240718)","Quick Heal Internet Security (20240718)","Sophos Home Premium (20240718)","SpyHunter5 (20240718)","Total AV Antivirus Pro (20240718)","VirIT eXplorer PRO (20240718)","Webroot SecureAnywhere (20240718)","FortectPremium (20240718)"],"avAllowList":["Avast Premium Security (20240718)","AVG Internet Security (20240718)","Bitdefender Internet Security (20240718)","K7 Total Security (20240718)","Trend Micro Internet Security (20240718)","VIPRE Advanced Security (20240718)","Windows Defender (20240718)"]}],"additionalFiles":[],"sources":[{"howFound":"Torrent - Uptodownload.com","reference":"","landingPage":"https://www.bitlord.com/","directDownloadingLink":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","sourceIndex":"948"}],"sampleFiles":["230728/bitlord-220518/2.4.6.359/Samples/BitlordSetup.exe"],"imageFiles":["230728/bitlord-220518/2.4.6.359/Images/ACR-084/ACR-084_Software_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-097/ACR-097_Software_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-118/ACR-118_Uninstall_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-118/ACR-118_Uninstall_2.png","230728/bitlord-220518/2.4.6.359/Images/ACR-118/ACR-118_Uninstall_3.png","230728/bitlord-220518/2.4.6.359/Images/ACR-013/ACR-013_Install_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-013/ACR-013_Install_2.png","230728/bitlord-220518/2.4.6.359/Images/ACR-013/ACR-013_Install_3.png","230728/bitlord-220518/2.4.6.359/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230728/bitlord-220518/2.4.6.359/Images/ACR-060/ACR-060_Bundler-made offers_2.png","230728/bitlord-220518/2.4.6.359/Images/ACR-060/ACR-060_Bundler-made offers_3.png"],"nonDeceptorImageFiles":["230728/bitlord-220518/2.4.6.359/Images/ACR-092/ACR-092_Software_1.png"],"guid":"d22d718a-1e1a-4570-b9bf-5ca783933c65_2.4.6.359_1","appID":"bitlord-220518","dateAdded":"240708","deceptorType":"App","name":"Bit Lord","company":"www.bitlord.com","version":"2.4.6.359","lastKnownStatus":"2.4.6.358;2.4.6.359;2.4.6.363;2.4.6.365","lastKnownDate":"240708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:36.1891742+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":618},{"violations":{"ACR-043":"The \"Bitlord\" components get dropped in one click disclosing the installation path.\n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add exception to windows firewall rules\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains main program \"BitLord.exe\" and its components on the device. And it is still running in the background.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"BitLord.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"BitlordSetup.exe-5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"2.4","hashMD5":"bb7701d6da492352bb2ac2c86462d253","hashSHA1":"339afb386d5667ce36528de65d6809582b9697b9","hashSHA256":"5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba","digitalCertThumbprint":"45F87292A4CACE61F672646A03EDE2B42ED4A3FB","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=House Of Life, O=House Of Life, L=Sogndal, S=Vestland, C=NO","storeId":"","uriToBlock":"","sourceIndex":"1198","avBlockList":["360 Total Security (20240806)","Avira Internet Security (20240806)","Bitdefender Internet Security (20240806)","COMODO Antivirus (20240806)","Dr.Web Security Space (20240806)","ESET Internet Security (20240806)","G DATA INTERNET SECURITY (20240806)","K7 Total Security (20240806)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20240806)","McAfee Total Protection (20240806)","Norton Security (20240806)","Panda Dome (20240806)","Quick Heal Internet Security (20240806)","Sophos Home Premium (20240806)","SpyHunter5 (20240806)","Total AV Antivirus Pro (20240806)","Trend Micro Internet Security (20240806)","VIPRE Advanced Security (20240806)","VirIT eXplorer PRO (20240806)","Webroot SecureAnywhere (20240806)","FortectPremium (20240806)","KasperskyPremium (20240806)"],"avAllowList":["Avast Premium Security (20240806)","AVG Internet Security (20240806)","Windows Defender (20240806)"]},{"isRevoked":"False","fileName":"BitLord.exe-bc5c393f3843084004648ba9c017fea1d20a7df384df0b45768c530b0ae8887a","companyName":"House of Life","fileVersion":"2.4","hashMD5":"cfe2a7bbd80126ad929b4524498a7646","hashSHA1":"a7db66626be62c79d01ee31a031f4d23e6f15347","hashSHA256":"bc5c393f3843084004648ba9c017fea1d20a7df384df0b45768c530b0ae8887a","sourceIndex":"1198","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"bitlord website","reference":"","landingPage":"https://www.bitlord.com/","directDownloadingLink":"https://dsiumkslra27n.cloudfront.net/ACSNaGz7n/9.13.2.0/BitlordSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dsiumkslra27n.cloudfront.net/ACSNaGz7n/9.13.2.0/BitlordSetup.exe","sourceIndex":"1198"}],"sampleFiles":["230308/bitlord-220518/2.4.6.358/Samples/BitlordSetup.exe-5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba","230308/bitlord-220518/2.4.6.358/Samples/BitLord.exe-bc5c393f3843084004648ba9c017fea1d20a7df384df0b45768c530b0ae8887a"],"imageFiles":["230308/bitlord-220518/2.4.6.358/Images/ACR-043/ACR-043.png","230308/bitlord-220518/2.4.6.358/Images/ACR-048/ACR-048.png","230308/bitlord-220518/2.4.6.358/Images/ACR-084/ACR-084.png","230308/bitlord-220518/2.4.6.358/Images/ACR-097/ACR-097.png","230308/bitlord-220518/2.4.6.358/Images/ACR-118/ACR-118_1.png","230308/bitlord-220518/2.4.6.358/Images/ACR-118/ACR-118_2.png","230308/bitlord-220518/2.4.6.358/Images/ACR-118/ACR-118_3.png","230308/bitlord-220518/2.4.6.358/Images/ACR-118/ACR-118_4.png"],"nonDeceptorImageFiles":["230308/bitlord-220518/2.4.6.358/Images/ACR-092/ACR-092.png"],"guid":"d22d718a-1e1a-4570-b9bf-5ca783933c65_2.4.6.358_1","appID":"bitlord-220518","dateAdded":"240708","deceptorType":"App","name":"Bit Lord","company":"www.bitlord.com","version":"2.4.6.358","lastKnownStatus":"2.4.6.358;2.4.6.359;2.4.6.363;2.4.6.365","lastKnownDate":"240708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:43.6384511+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":619},{"violations":{"ACR-042":"Open source project \"QT6\" is installed without any disclosure in EULA.\n","ACR-043":"Third-party \"QT6\" components are installed without any disclosure\n","ACR-107":"The app does not disclose relevant license information about 'QT6'\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to bypass the default system security guard \"Add exception to windows firewall rules\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains main program \"BitLord.exe\" and its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"BitLord.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"BitlordSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"House Of Life                                               ","productVersion":"2.4.6.359                                         ","fileVersion":"2.4.6.359           ","hashMD5":"a27cd3b8c873f7046a4d4d4b09415841","hashSHA1":"8c21306c3bb3db953369e64a12939fe622e41661","hashSHA256":"6cb9512bbe0b4bf67b34177a31eec03b3ad68c0d7ae05f768de611c7ac0e1f03","digitalCertThumbprint":"6EA7DAAF7866386C668F23BF010058E9DD284B51","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"House of Life","storeId":"","sourceIndex":"610","avBlockList":["360 Total Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","KasperskyPremium (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Quick Heal Internet Security (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)","Windows Defender (20240905)"],"avAllowList":["Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","Bitdefender Internet Security (20240905)","Total AV Antivirus Pro (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.bitlord.com/","directDownloadingLink":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","sourceIndex":"610"}],"sampleFiles":["240708/bitlord-220518/2.4.6.365/Samples/BitlordSetup.exe"],"imageFiles":["240708/bitlord-220518/2.4.6.365/Images/ACR-043/ACR-043.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-107/ACR-107.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-042/ACR-042.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-084/ACR-084.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-097/ACR-097.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-097/ACR-097_1.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-118/ACR-118.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-013/ACR-013.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-013/ACR-013_1.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-060/ACR-060.PNG","240708/bitlord-220518/2.4.6.365/Images/ACR-060/ACR-060_1.PNG"],"nonDeceptorImageFiles":["240708/bitlord-220518/2.4.6.365/Images/ACR-092/ACR-092.PNG"],"guid":"d22d718a-1e1a-4570-b9bf-5ca783933c65_2.4.6.365_1","appID":"bitlord-220518","dateAdded":"240708","deceptorType":"App","name":"Bit Lord","company":"www.bitlord.com","version":"2.4.6.365","lastKnownStatus":"2.4.6.358;2.4.6.359;2.4.6.363;2.4.6.365","lastKnownDate":"240708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:25.6496083+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":616},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"During installation, the app has default setting to evade the default system security guard \"Add exception to windows firewall rules\". \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains main program \"BitLord.exe\" and its components on the device. And it is still running in the background.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"BitLord.exe\" executable.\n"},"samples":[{"isRevoked":"False","fileName":"BitlordSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"House Of Life                                               ","productVersion":"2.4.6.359                                         ","fileVersion":"2.4.6.359           ","hashMD5":"92e2e02039b93b093256e8e1f168d9a6","hashSHA1":"a7d999ccd66f57f31af6ca1065a60bc1f4334692","hashSHA256":"5edc4317d5f8b3e2816f88df40c4a112faa7cd0de27409ceebf80cfc588aef54","digitalCertThumbprint":"4DA5DEF6FB4EE6324DD4BCA0A7027E986D494E79","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"House of Life","storeId":"","sourceIndex":"895","avBlockList":["360 Total Security (20231005)","Avira Internet Security (20231005)","Bitdefender Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","ESET Internet Security (20231005)","G DATA INTERNET SECURITY (20231005)","K7 Total Security (20231005)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20231005)","McAfee Total Protection (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Quick Heal Internet Security (20231005)","Sophos Home Premium (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","VIPRE Advanced Security (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)"],"avAllowList":["Avast Premium Security (20231005)","AVG Internet Security (20231005)","Trend Micro Internet Security (20231005)","Windows Defender (20231005)"]}],"additionalFiles":[],"sources":[{"howFound":"Torrent - Uptodownload.com","reference":"","landingPage":"https://www.bitlord.com/","directDownloadingLink":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dsiumkslra27n.cloudfront.net/EVFN6epm6/74.85.307.59/BitlordSetup.exe","sourceIndex":"895"}],"sampleFiles":["230921/bitlord-220518/2.4.6.363/Samples/BitlordSetup.exe"],"imageFiles":["230921/bitlord-220518/2.4.6.363/Images/ACR-084/ACR-084_Software_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-097/ACR-097_Software_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-118/ACR-118_Uninstall_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-013/ACR-013_Install_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-013/ACR-013_Install_2.png","230921/bitlord-220518/2.4.6.363/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230921/bitlord-220518/2.4.6.363/Images/ACR-060/ACR-060_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["230921/bitlord-220518/2.4.6.363/Images/ACR-092/ACR-092_Software_1.png"],"guid":"d22d718a-1e1a-4570-b9bf-5ca783933c65_2.4.6.363_1","appID":"bitlord-220518","dateAdded":"240708","deceptorType":"App","name":"Bit Lord","company":"www.bitlord.com","version":"2.4.6.363","lastKnownStatus":"2.4.6.358;2.4.6.359;2.4.6.363;2.4.6.365","lastKnownDate":"240708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:34.6741945+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":617},{"violations":{"ACR-048":"App does not allow user to cancel the installation process once started.\n","ACR-085":"App sends user search data to onestart.ai and search.yahoo.com without explicit user consent.\n","ACR-086":"App sends search data to both onestart.ai and search.yahoo.com neither disclosure nor consent from the user.\n","ACR-104":"App serves Yahoo! search results without making it clear at prompt time that the search will be fulfilled by Yahoo!\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden AppData folder without telling the user and does not give the user a way to change the install location.\n"},"samples":[{"isRevoked":"False","fileName":"onestart.exe","companyName":"OneStart.ai","fileVersion":"124.0","hashMD5":"b149d441582f292b88673f69d8e6b6a1","hashSHA1":"f9cb87f996d79d844f674dcb2e2d8dd5ea4a72ed","hashSHA256":"2ecb4f4952ff58f72b06732a9e7e9ef3eb3807d24d1757cc2c1d35199dcf0d3a","digitalCertThumbprint":"EB5A7872B0563D261362F00BC6AF0AFC36877A89","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization, CN=Apollo Technologies Inc, SERIALNUMBER=155722923, O=Apollo Technologies Inc, L=Panama City, C=PA","sourceIndex":"616","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OneStartInstaller-v5.5.235.0.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"a02197fb3c42b2f38ec77a01655b617a","hashSHA1":"f9a092c5b1aee361e2dc430722fecd7267b3855c","hashSHA256":"28c28cbae27a0181fc037624874e7ca9d17fdf63c25a869447e02173c45f67b9","sourceIndex":"616","avBlockList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","ESET Internet Security (20240820)","FortectPremium (20240820)","K7 Total Security (20240820)","Kaspersky Internet Security (20240718)","Malwarebytes Premium (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","VirIT eXplorer PRO (20240820)","Windows Defender (20240820)","KasperskyPremium (20240820)"],"avAllowList":["Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","McAfee Total Protection (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","Webroot SecureAnywhere (20240820)"]}],"additionalFiles":[],"sources":[{"howFound":"Submitted to DeceptorReport","reference":"","landingPage":"onestart.ai","directDownloadingLink":"https://onestart.ai/resources/files/OneStartInstaller-v5.5.235.0.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://onestart.ai/resources/files/OneStartInstaller-v5.5.235.0.msi","sourceIndex":"616"}],"sampleFiles":["240625/Onestart-240613/124.0.6367.209/Samples/onestart.exe","240625/Onestart-240613/124.0.6367.209/Samples/OneStartInstaller-v5.5.235.0.msi"],"imageFiles":["240625/Onestart-240613/124.0.6367.209/Images/ACR-048/CancelInstall.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-086/DefaultSearch.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-086/Fiddler.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-086/SearchLandingPage.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-104/DefaultSearch.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-104/Fiddler.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-104/SearchLandingPage.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-085/DefaultSearch.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-085/Fiddler.png","240625/Onestart-240613/124.0.6367.209/Images/ACR-085/SearchLandingPage.png"],"nonDeceptorImageFiles":["240625/Onestart-240613/124.0.6367.209/Images/ACR-040/ACR-040_Install_1.png"],"guid":"5525f830-b77b-4bdc-a042-4c2ea0f688c9_124.0.6367.209_1","appID":"Onestart-240613","dateAdded":"240625","deceptorType":"App","name":"OneStart","company":"OneStart Technologies","version":"124.0.6367.209","lastKnownStatus":"124.0.6367.209","lastKnownDate":"240625","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2024-06-25T21:45:02.4238113+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":620},{"violations":{"ACR-046":"\"Participate in the Customer Experience Improvement Program\" is checked by default. No relevant disclosure of what data it collects.\n","ACR-004":"Application doesn't provide free fix (recovery) instead offering subscription that user need to pay to fix it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cisdem-datarecovery.exe","isInstaller":"True","companyName":"Cisdem Data Recovery                                        ","productName":"Cisdem Data Recovery                                        ","productVersion":"18.0.0.0                                          ","fileVersion":"18.0.0.0            ","hashMD5":"2d4b4196ba2cade5a1147f2a036e3ac3","hashSHA1":"b5b52d1341e38907adc4d97c9b70c7c0db253d83","hashSHA256":"82c4bdb87f2d939547a422ad4aaab9650f963047fd8dc7723119fe6c07a58413","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"CHENGDU YIWO Tech Development Co. Ltd.","storeId":"","sourceIndex":"579","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","COMODO Antivirus (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","K7 Total Security (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","Dr.Web Security Space (20240702)","G DATA INTERNET SECURITY (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","McAfee Total Protection (20240702)","Quick Heal Internet Security (20240702)","Total AV Antivirus Pro (20240702)","Trend Micro Internet Security (20240702)","VIPRE Advanced Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"Random search for recovery apps","reference":"","landingPage":"https://www.cisdem.com/data-recovery-windows.html","directDownloadingLink":"https://download.cisdem.com/cisdem-datarecovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cisdem.com/cisdem-datarecovery.exe","sourceIndex":"579"}],"sampleFiles":["240624/CisdemDataRecovery-240402/18.0.0.0/Samples/cisdem-datarecovery.exe"],"imageFiles":["240624/CisdemDataRecovery-240402/18.0.0.0/Images/ACR-046/ACR-046.PNG","240624/CisdemDataRecovery-240402/18.0.0.0/Images/ACR-004/ACR-004.PNG","240624/CisdemDataRecovery-240402/18.0.0.0/Images/ACR-004/ACR-004_1.PNG"],"nonDeceptorImageFiles":[],"guid":"6bffa4e8-8d55-4eec-bc07-4ef5d9460206_18.0.0.0_1","appID":"CisdemDataRecovery-240402","dateAdded":"240624","deceptorType":"App","name":"Cisdem Data Recovery","company":"Cisdem","version":"18.0.0.0","firstVendorContactDate":"240802","firstAppEsteemReplyDate":"240802","firstResolvedDate":"240802","firstResolvedVersion":"19.0.0.0","resolved":"TRUE","lastKnownStatus":"17.0.0.0;18.0.0.0","lastKnownDate":"240624","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-08-02T17:15:03.5923361+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":621},{"violations":{"ACR-046":"\"Participate in the Customer Experience Improvement Program\" is checked by default. No relevant disclosure of what data it collects.\n","ACR-004":"Application doesn't provide free fix (recovery) instead offering subscription that user need to pay to fix it.\n"},"nonDeceptorViolations":{"ACR-035":"No EULA/Terms of Service is provided for the app\n","ACR-036":"Material functionality provided by third parties is not disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"cisdem-datarecovery.exe","isInstaller":"True","companyName":"Cisdem Data Recovery                                        ","fileVersion":"17.0","hashMD5":"01b969150ece7c0ef987500d6b05c195","hashSHA1":"8625aef9ffa8fcc6943b08bdf259990ee28ac223","hashSHA256":"7702ac44237bafc492852949482391ad877cc315557fe3af061e722c5af3fe31","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CHENGDU YIWO Tech Development Co., Ltd.\", O=\"CHENGDU YIWO Tech Development Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510107765360104N, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=武侯区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"664","avBlockList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","VIPRE Advanced Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)","Windows Defender (20240613)"],"avAllowList":["COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20240613)","Quick Heal Internet Security (20240613)","Trend Micro Internet Security (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.cisdem.com/data-recovery-windows.html","directDownloadingLink":"https://download.cisdem.com/cisdem-datarecovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cisdem.com/cisdem-datarecovery.exe","sourceIndex":"664"}],"sampleFiles":["240402/CisdemDataRecovery-240402/17.0.0.0/Samples/cisdem-datarecovery.exe"],"imageFiles":["240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-046/ACR-046_Install_1.png","240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-004/ACR-004_Software_1.png","240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-004/ACR-004_Software_2.png","240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":["240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-036/ACR-036_Docs_1.png","240402/CisdemDataRecovery-240402/17.0.0.0/Images/ACR-036/ACR-036_Docs_2.png"],"guid":"6bffa4e8-8d55-4eec-bc07-4ef5d9460206_17.0.0.0_1","appID":"CisdemDataRecovery-240402","dateAdded":"240624","deceptorType":"App","name":"Cisdem Data Recovery","company":"Cisdem","version":"17.0.0.0","firstVendorContactDate":"240802","firstAppEsteemReplyDate":"240802","firstResolvedDate":"240802","firstResolvedVersion":"19.0.0.0","resolved":"TRUE","lastKnownStatus":"17.0.0.0;18.0.0.0","lastKnownDate":"240624","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-08-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":622},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge an consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1032.0","fileVersion":"11.5.1032.0","hashMD5":"6e520070dd48bfe4b63d1f6d24034e89","hashSHA1":"5b1731259eadfc9c7da0fc22bcecab63053352d6","hashSHA256":"0b0a4ac5c105d9cb9ab759eb5e40258dc5ac1601b553a4e9b1a607ee5a56d589","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1057","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for vocale8971@ozatvn.com.msi","isInstaller":"True","productVersion":"11.5.1032.0","fileVersion":"11.5.1032.0","hashMD5":"a76ca55fdb1e8d85eed8e0a8c95bee1f","hashSHA1":"be49b497493bdd4a10005ecff2a74bbb33a3ecd8","hashSHA256":"09a94ac474b17c502a6526023d0d9af3415e82e418917a90acac3cb6dc3e4a00","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"1057","avBlockList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","FortectPremium (20240723)"],"avAllowList":["Bitdefender Internet Security (20240723)","McAfee Total Protection (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=vocale8971@ozatvn.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=vocale8971@ozatvn.com","sourceIndex":"1057"}],"sampleFiles":["230606/clevercontrol-211224/11.5.1032.0/Samples/CleverControl .NET for vocale8971@ozatvn.com.msi"],"imageFiles":["230606/clevercontrol-211224/11.5.1032.0/Images/ACR-116/ACR-116.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-014/ACR-014.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-007/ACR-007.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-007/ACR-007_1.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-007/ACR-007_2.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-048/ACR-048.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-048/ACR-048_1.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-048/ACR-048_2.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-097/ACR-097.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-086/ACR-086.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-086/ACR-086_1.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084_1.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084_2.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084_3.JPG","230606/clevercontrol-211224/11.5.1032.0/Images/ACR-084/ACR-084_4.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1032.0_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1032.0","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":639},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge an consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\All Users\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1031.5","fileVersion":"11.5.1031.5","hashMD5":"0bda6b8d46efbedee3c411d1e182f5dd","hashSHA1":"6942eadc9c55c1e95c8a3bd76420772d7f35713d","hashSHA256":"3c90585ff5136fc8320b8e70f3314e147417caa1a04923a4d409425366413565","digitalCertThumbprint":"63495C670AE813F13465BEF5288FD7E64D35CCF2","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1050","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost1.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1031.5","fileVersion":"11.5.1031.5","hashMD5":"cb7e814b5f5cc7b5cd9b53d431d6be96","hashSHA1":"fc11ee66c0fdb0fa42a7b4f58b9b8a2cf2ff838f","hashSHA256":"2f1e8c0e361966f9e27fa10ff5c9c59241a8f12ba0f061024eb6f0b2af02b793","digitalCertThumbprint":"63495C670AE813F13465BEF5288FD7E64D35CCF2","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1050","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for coceg65466@soombo.com.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"0","hashMD5":"cbe05ca94663359ac11d35bb1513e6c7","hashSHA1":"5b366797cf6eb83896bef0f401798ecb9060d647","hashSHA256":"1b332f71068e2d44aeaa36fa4ca21db257e7b6d37cf50749efde198172aa363a","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"1050","avBlockList":["Avast Premium Security (20230518)","AVG Internet Security (20230518)","Avira Internet Security (20230518)","Dr.Web Security Space (20230518)","ESET Internet Security (20230518)","K7 Total Security (20230518)","Kaspersky Internet Security (20230518)","Norton Security (20230518)","Quick Heal Internet Security (20230518)","Sophos Home Premium (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","VirIT eXplorer PRO (20230518)","Windows Defender (20230518)"],"avAllowList":["360 Total Security (20230518)","Bitdefender Internet Security (20230518)","COMODO Antivirus (20230518)","G DATA INTERNET SECURITY (20230518)","Malwarebytes Premium (20230518)","McAfee Total Protection (20230518)","Panda Dome (20230518)","Trend Micro Internet Security (20230518)","VIPRE Advanced Security (20230518)","Webroot SecureAnywhere (20230518)"]},{"isRevoked":"False","fileName":"CleverControl .NET for vabaye8260@pixiil.com.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"0","hashMD5":"c8b4c6c81a77dc7ed76b77f17ec137ed","hashSHA1":"3642a6b9796304868c3155b8630123e75443da48","hashSHA256":"58b21c6f63128d440f35c236168e419ab454a365698c7398a2acc2fc0f5f7206","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"1050","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search-keyloggers","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.pro/download-dotnet/vabaye8260@pixiil.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.pro/download-dotnet/vabaye8260@pixiil.com","sourceIndex":"1050"}],"sampleFiles":["230606/clevercontrol-211224/11.5.1031.5/Samples/CleverControl .NET for coceg65466@soombo.com.msi","230606/clevercontrol-211224/11.5.1031.5/Samples/CleverControl .NET for vabaye8260@pixiil.com.msi"],"imageFiles":["230606/clevercontrol-211224/11.5.1031.5/Images/ACR-116/ACR-116.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-014/ACR-014.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-007/ACR-007.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-007/ACR-007_1.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-007/ACR-007_2.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-048/ACR-048 (1).JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-048/ACR-048 (2).JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-048/ACR-048_2.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-097/ACR-097.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-086/ACR-086 (1).JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-086/ACR-086 (2).JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084_1.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084_2.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084_3.JPG","230606/clevercontrol-211224/11.5.1031.5/Images/ACR-084/ACR-084_4.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1031.5_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1031.5","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":638},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1032.1","fileVersion":"11.5.1032.1","hashMD5":"d6ac1b7e2bc61efd300f79dae276dad6","hashSHA1":"be0a3fd2c494ae725da5ce709507c3330e7e686a","hashSHA256":"684ea5e7545a247c614e13c37d7200a207a1875372a4107401ff5f24a693d4a3","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1049","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for tolofi4473@soremap.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1032.1","fileVersion":"11.5.1032.1","hashMD5":"1b0a61a01d1a0840f1e309e399f285d6","hashSHA1":"8e2c1fc716a7c4f77b8b99262f557b9255d053f8","hashSHA256":"0da73a1cf1b3003e812d129df1af3b4e60f6eaf59f961a8c4027ba2632cf161b","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"1049","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)"],"avAllowList":["Bitdefender Internet Security (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","Windows Defender (20240509)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.pro/download-dotnet/tolofi4473@soremap.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.pro/download-dotnet/tolofi4473@soremap.com","sourceIndex":"1049"}],"sampleFiles":["230614/clevercontrol-211224/11.5.1032.1/Samples/CleverControl .NET for tolofi4473@soremap.com.msi"],"imageFiles":["230614/clevercontrol-211224/11.5.1032.1/Images/ACR-116/ACR-116.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-014/ACR-014.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-007/ACR-007.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-007/ACR-007_1.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-007/ACR-007_2.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-048/ACR-048.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-048/ACR-048_1.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-048/ACR-048_2.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-097/ACR-097.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-086/ACR-086.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-086/ACR-086_1.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084_1.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084_2.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084_3.JPG","230614/clevercontrol-211224/11.5.1032.1/Images/ACR-084/ACR-084_4.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1032.1_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1032.1","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":637},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1033.2","fileVersion":"11.5.1033.2","hashMD5":"e345d98ea20f5e70f44a69e728ea0b0b","hashSHA1":"7180f03af3735a9d52ae5f1a0121912db07ed8f0","hashSHA256":"1adf82e03473e54aa3787c07bd9ccf65a1a6be8f5d6c3562c3441b38a70e192d","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"975","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for fijepit901@kameili.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1033.2","fileVersion":"11.5.1033.2","hashMD5":"345f6e0f10266d42306ed008c86a33f9","hashSHA1":"beed295cff707c8c828a4ab38232d1847c448dae","hashSHA256":"66e827f6a24052db07525455dc274e4e7e517fc991e061e9e369efccf0572dd0","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"975","avBlockList":["Avast Premium Security (20230815)","AVG Internet Security (20230815)","Avira Internet Security (20230815)","COMODO Antivirus (20230815)","Dr.Web Security Space (20230815)","ESET Internet Security (20230815)","G DATA INTERNET SECURITY (20230815)","K7 Total Security (20230815)","Kaspersky Internet Security (20230815)","Malwarebytes Premium (20230815)","Norton Security (20230815)","Quick Heal Internet Security (20230815)","Sophos Home Premium (20230815)","SpyHunter5 (20230815)","Total AV Antivirus Pro (20230815)","VirIT eXplorer PRO (20230815)","Webroot SecureAnywhere (20230815)"],"avAllowList":["360 Total Security (20230815)","Bitdefender Internet Security (20230815)","McAfee Total Protection (20230815)","Panda Dome (20230815)","Trend Micro Internet Security (20230815)","VIPRE Advanced Security (20230815)","Windows Defender (20230815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=fijepit901@kameili.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=fijepit901@kameili.com","sourceIndex":"975"}],"sampleFiles":["230717/clevercontrol-211224/11.5.1033.2/Samples/CleverControl .NET for fijepit901@kameili.com.msi"],"imageFiles":["230717/clevercontrol-211224/11.5.1033.2/Images/ACR-116/ACR-116_Uninstall_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-014/ACR-014_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-007/ACR-007_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-007/ACR-007_Software_2.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-007/ACR-007_Software_3.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-007/ACR-007_Software_4.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-048/ACR-048_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-048/ACR-048_Software_2.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-048/ACR-048_Software_3.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-097/ACR-097_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-086/ACR-086_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-086/ACR-086_Software_2.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_1.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_2.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_3.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_4.png","230717/clevercontrol-211224/11.5.1033.2/Images/ACR-084/ACR-084_Software_5.png"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1033.2_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1033.2","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":636},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1033.3","fileVersion":"11.5.1033.3","hashMD5":"1e0883046af0f911f5f4b22d466c7d7a","hashSHA1":"f77bc64e42326805a1402120fa075571865683f3","hashSHA256":"ac13fe1d67a45a0825570d92b5318ba3d2e23ac648a42f0c7a8ff6f4480a4b8a","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"920","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for famat12848@bagonew.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1033.3","fileVersion":"11.5.1033.3","hashMD5":"a7d91be04bcd8cadcb432f99efccdef4","hashSHA1":"da954feff25898a19bd01cf2877116dbb7e3ce98","hashSHA256":"2239c1f120f2177e0b931ee88e817fe9ca161a13368910d82d7c3fa4e4e63451","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"920","avBlockList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","K7 Total Security (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","McAfee Total Protection (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["Trend Micro Internet Security (20240606)","VIPRE Advanced Security (20240606)","Windows Defender (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=famat12848@bagonew.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=famat12848@bagonew.com","sourceIndex":"920"}],"sampleFiles":["231026/clevercontrol-211224/11.5.1033.3/Samples/CleverControl .NET for famat12848@bagonew.com.msi"],"imageFiles":["231026/clevercontrol-211224/11.5.1033.3/Images/ACR-116/ACR-116.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-014/ACR-014.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-007/ACR-007.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-007/ACR-007_1.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-007/ACR-007_2.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-007/ACR-007_3.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-048/ACR-048.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-048/ACR-048_1.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-048/ACR-048_2.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-097/ACR-097.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-086/ACR-086.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-086/ACR-086_1.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084_1.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084_2.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084_3.PNG","231026/clevercontrol-211224/11.5.1033.3/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1033.3_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1033.3","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":635},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the control panel and system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1033.4","fileVersion":"11.5.1033.4","hashMD5":"c583ca3cfc009c8b657c81d4242cc491","hashSHA1":"72f56a492f02f9b972e4274bda85ef924ac6baf2","hashSHA256":"4dbb47d800c9860d06d4aa6eb7c6399f115d81cd7d8135acacb471956d61a5bf","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"877","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for piwev99103@cdeter.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1033.4","fileVersion":"11.5.1033.4","hashMD5":"95ed24a4834c4b1e9841cab1399537f0","hashSHA1":"c909e1b7ebd72855729730a013faa0bce3795c27","hashSHA256":"737864599ec7a80c3c1a3d6af89f49fb464560087c25e021941e4f8b07bcffe5","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"877","avBlockList":["360 Total Security (20240130)","Avast Premium Security (20240130)","AVG Internet Security (20240130)","Avira Internet Security (20240130)","COMODO Antivirus (20240130)","Dr.Web Security Space (20240130)","ESET Internet Security (20240130)","G DATA INTERNET SECURITY (20240130)","K7 Total Security (20240130)","Kaspersky Internet Security (20240130)","Malwarebytes Premium (20240130)","Norton Security (20240130)","Panda Dome (20240130)","Quick Heal Internet Security (20240130)","Sophos Home Premium (20240130)","SpyHunter5 (20240130)","Total AV Antivirus Pro (20240130)","VirIT eXplorer PRO (20240130)","Webroot SecureAnywhere (20240130)"],"avAllowList":["Bitdefender Internet Security (20240130)","McAfee Total Protection (20240130)","Trend Micro Internet Security (20240130)","VIPRE Advanced Security (20240130)","Windows Defender (20240130)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=piwev99103%40cdeter.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=piwev99103%40cdeter.com","sourceIndex":"877"}],"sampleFiles":["231002/clevercontrol-211224/11.5.1033.4/Samples/CleverControl .NET for piwev99103@cdeter.com.msi"],"imageFiles":["231002/clevercontrol-211224/11.5.1033.4/Images/ACR-116/ACR-116.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-014/ACR-014.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-007/ACR-007.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-007/ACR-007_1.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-007/ACR-007_2.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-007/ACR-007_3.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-048/ACR-048.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-048/ACR-048_1.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-048/ACR-048_2.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-048/ACR-048_3.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-097/ACR-097.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-086/ACR-086.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-086/ACR-086_1.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084_1.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084_2.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084_3.PNG","231002/clevercontrol-211224/11.5.1033.4/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1033.4_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1033.4","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":634},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1034.1","fileVersion":"11.5.1034.1","hashMD5":"c8f33f528534535ce0617ae865738268","hashSHA1":"01decac94d6a710f0efb4102ed6f3d38c84da2b2","hashSHA256":"49facea27323c284aa536191887b7ab29e8cb917466f7d7ffccb6da1934b0abf","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"838","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for jejoda1087@wermink.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1034.1","fileVersion":"11.5.1034.1","hashMD5":"4f5c16ab6128ec2708fc3a776dc16f56","hashSHA1":"026976d29849ff66d5a0ab39a8dafec088bd2e96","hashSHA256":"5e88392f08093e107931de4429609bca09bb205e4f378d1eaaf2817220649d0a","digitalCertThumbprint":"BE8B670DF23AE7AED8D726ADD008C18760F8FF1A","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"838","avBlockList":["360 Total Security (20240808)","Avast Premium Security (20240808)","AVG Internet Security (20240808)","Avira Internet Security (20240808)","Bitdefender Internet Security (20240808)","COMODO Antivirus (20240808)","Dr.Web Security Space (20240808)","ESET Internet Security (20240808)","G DATA INTERNET SECURITY (20240808)","K7 Total Security (20240808)","Kaspersky Internet Security (20240528)","Malwarebytes Premium (20240808)","Norton Security (20240808)","Panda Dome (20240808)","Quick Heal Internet Security (20240808)","Sophos Home Premium (20240808)","SpyHunter5 (20240808)","Total AV Antivirus Pro (20240808)","VirIT eXplorer PRO (20240808)","Webroot SecureAnywhere (20240808)","FortectPremium (20240808)","KasperskyPremium (20240808)"],"avAllowList":["McAfee Total Protection (20240808)","Trend Micro Internet Security (20240808)","VIPRE Advanced Security (20240808)","Windows Defender (20240808)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=jejoda1087%wermink.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=jejoda1087%wermink.com","sourceIndex":"838"}],"sampleFiles":["231026/clevercontrol-211224/11.5.1034.1/Samples/CleverControl .NET for jejoda1087@wermink.com.msi"],"imageFiles":["231026/clevercontrol-211224/11.5.1034.1/Images/ACR-116/ACR-116.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-014/ACR-014.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-007/ACR-007.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-007/ACR-007_1.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-007/ACR-007_2.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-007/ACR-007_3.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-048/ACR-048.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-048/ACR-048_1.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-048/ACR-048_2.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-048/ACR-048_3.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-097/ACR-097.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-086/ACR-086.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-086/ACR-086_1.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084_1.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084_2.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084_3.PNG","231026/clevercontrol-211224/11.5.1034.1/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1034.1_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1034.1","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":633},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1035.4","fileVersion":"11.5.1035.4","hashMD5":"5ff1c2949661c9d363cba19a2a8a23be","hashSHA1":"45c2252aa2636b9f489e7ceb9d4222fc9bf66ab4","hashSHA256":"532010696287ec0b3b5ea2ce83a4f25b0c65e63a72df6c182285fcfbe0daea5a","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"721","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for hebekol984@comsb.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1035.4","fileVersion":"11.5.1035.4","hashMD5":"5cca45a08aaa161ab5e0f4f61eadd405","hashSHA1":"aa1bc0963e02fe7d1da3a4efd544324795edf46f","hashSHA256":"5bd6c14ee8547aad4816c510817d8642cfa9e232b9c1a00aeacf8d4dc3e704d2","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"721","avBlockList":["360 Total Security (20240730)","Avast Premium Security (20240730)","AVG Internet Security (20240730)","Avira Internet Security (20240730)","Bitdefender Internet Security (20240730)","COMODO Antivirus (20240730)","Dr.Web Security Space (20240730)","ESET Internet Security (20240730)","FortectPremium (20240730)","G DATA INTERNET SECURITY (20240730)","K7 Total Security (20240730)","KasperskyPremium (20240730)","Malwarebytes Premium (20240730)","Norton Security (20240730)","Panda Dome (20240730)","Quick Heal Internet Security (20240730)","Sophos Home Premium (20240730)","SpyHunter5 (20240730)","VIPRE Advanced Security (20240730)","VirIT eXplorer PRO (20240730)","Webroot SecureAnywhere (20240730)","Windows Defender (20240730)"],"avAllowList":["McAfee Total Protection (20240730)","Total AV Antivirus Pro (20240730)","Trend Micro Internet Security (20240730)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.pro/download-dotnet/hebekol984@comsb.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.pro/download-dotnet/hebekol984@comsb.com","sourceIndex":"721"}],"sampleFiles":["240304/clevercontrol-211224/11.5.1035.4/Samples/CleverControl%20.NET%20for%20hebekol984%40comsb.com.msi"],"imageFiles":["240304/clevercontrol-211224/11.5.1035.4/Images/ACR-116/ACR-116.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-014/ACR-014.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-007/ACR-007.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-007/ACR-007_1.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-007/ACR-007_2.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-007/ACR-007_3.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-048/ACR-048.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-048/ACR-048_1.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-048/ACR-048_2.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-048/ACR-048_3.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-097/ACR-097.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-086/ACR-086.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-086/ACR-086_1.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084_1.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084_2.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084_3.PNG","240304/clevercontrol-211224/11.5.1035.4/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1035.4_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1035.4","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":629},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1035.2","fileVersion":"11.5.1035.2","hashMD5":"a4ecaf01e5f37a230bce4ab1ef032b2d","hashSHA1":"cbbe47cbde69dbddf55c39dd90786c83c0cd75a3","hashSHA256":"3dd5b055a29983e2ebd9014027e18110fa462fabfe7bf98f5e18c0c8ddb70bf1","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"744","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for gidak13474@grassdev.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1035.2","fileVersion":"11.5.1035.2","hashMD5":"ff431a63dbbc3e929497c1907729a09c","hashSHA1":"4e76966e85eb4bd61e565898e2b339f3dfa52a16","hashSHA256":"20ae1c890c3a3549f900cfae5372d3567067da2291db6f6b246b9902b303b7f7","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"744","avBlockList":["360 Total Security (20240530)","Avast Premium Security (20240530)","AVG Internet Security (20240530)","Avira Internet Security (20240530)","Bitdefender Internet Security (20240530)","COMODO Antivirus (20240530)","Dr.Web Security Space (20240530)","ESET Internet Security (20240530)","G DATA INTERNET SECURITY (20240530)","K7 Total Security (20240530)","Kaspersky Internet Security (20240530)","Malwarebytes Premium (20240530)","Norton Security (20240530)","Panda Dome (20240530)","Quick Heal Internet Security (20240530)","Sophos Home Premium (20240530)","SpyHunter5 (20240530)","Total AV Antivirus Pro (20240530)","VIPRE Advanced Security (20240530)","VirIT eXplorer PRO (20240530)","Webroot SecureAnywhere (20240530)"],"avAllowList":["McAfee Total Protection (20240530)","Trend Micro Internet Security (20240530)","Windows Defender (20240530)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=gidak13474%grassdev.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=gidak13474%grassdev.com","sourceIndex":"744"}],"sampleFiles":["240130/clevercontrol-211224/11.5.1035.2/Samples/CleverControl%20.NET%20for%20gidak13474%40grassdev.com.msi"],"imageFiles":["240130/clevercontrol-211224/11.5.1035.2/Images/ACR-116/ACR-116.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-014/ACR-014.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-007/ACR-007.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-007/ACR-007_1.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-007/ACR-007_2.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-048/ACR-048.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-048/ACR-048_1.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-048/ACR-048_2.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-048/ACR-048_3.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-086/ACR-086.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-086/ACR-086_1.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084_1.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084_2.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084_3.PNG","240130/clevercontrol-211224/11.5.1035.2/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1035.2_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1035.2","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":631},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1035.3","fileVersion":"11.5.1035.3","hashMD5":"5f179f658a7ed2c60e0b8e295b194d5d","hashSHA1":"edbe1dbec4af8c8e00ca61c783dfa5506caf3796","hashSHA256":"023cb3ab57c1eb65dbf5d32e460c8d21766116d34408e0e645336b0df3c9354a","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"731","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl%2520.NET%2520for%2520redires642%2540fahih.comNew.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","fileVersion":"0.","hashMD5":"7cb500850b1b08ee49b49b344b301321","hashSHA1":"4acb6661c704c223bbed6235fd0b829ac39418bd","hashSHA256":"945856ae009fbc52d98575a5644dae317edeb24f397f2c2480181197341a369a","digitalCertThumbprint":"5cbb692cc5cc069030018bc2664e4e814831a0f3","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"731","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/?from=2024-02-05+00:00:00&to=2024-02-13+21:44:47&period=last_7_days&userIds=[]","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/?from=2024-02-05+00:00:00&to=2024-02-13+21:44:47&period=last_7_days&userIds=[]","sourceIndex":"731"}],"sampleFiles":["240214/clevercontrol-211224/11.5.1035.3/Samples/CleverControl%20.NET%20for%20redires642%40fahih.com.msi"],"imageFiles":["240214/clevercontrol-211224/11.5.1035.3/Images/ACR-116/ACR-116.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-014/ACR-014.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-007/ACR-007.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-007/ACR-007_1.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-007/ACR-007_2.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-007/ACR-007_3.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-048/ACR-048.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-048/ACR-048_1.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-048/ACR-048_2.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-048/ACR-048_3.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-097/ACR-097.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-086/ACR-086.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-086/ACR-086_1.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084_1.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084_2.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084_3.PNG","240214/clevercontrol-211224/11.5.1035.3/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1035.3_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1035.3","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":630},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1037.0","fileVersion":"11.5.1037.0","hashMD5":"620bfb74893aec6920f657e2d015ca95","hashSHA1":"d8c6cbd1781173a5ecd108c53a0998a1d52d0510","hashSHA256":"7c6ee4336822cb909a40abae10e21c78757f9bddac87674349259708ca1f7892","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"662","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for qazrfv@gmail.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1037.0","fileVersion":"11.5.1037.0","hashMD5":"98ec806d3ad6a75580d4e3aba783458c","hashSHA1":"151542f38a253fe026d41c3eb90ab0ea77942686","hashSHA256":"a461576a259f0700dd5db9a1da006a49e8d10f056b42811d9b8bd4843e144dcb","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"662","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.pro/download-dotnet/qazrfv@gmail.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.pro/download-dotnet/qazrfv@gmail.com","sourceIndex":"662"}],"sampleFiles":["240404/clevercontrol-211224/11.5.1037.0/Samples/CleverControl%20.NET%20for%20qazrfv%40gmail.com.msi"],"imageFiles":["240404/clevercontrol-211224/11.5.1037.0/Images/ACR-116/ACR-116.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-014/ACR-014.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-007/ACR-007.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-007/ACR-007_1.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-007/ACR-007_2.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-007/ACR-007_3.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-048/ACR-048.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-048/ACR-048_1.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-048/ACR-048_2.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-048/ACR-048_3.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-097/ACR-097.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-086/ACR-086.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-086/ACR-086_1.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084_1.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084_2.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084_3.PNG","240404/clevercontrol-211224/11.5.1037.0/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1037.0_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1037.0","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":627},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1037.3","fileVersion":"11.5.1037.3","hashMD5":"198979f36f18fa1e46bebf618f600dd1","hashSHA1":"3928e1fbad03a2befccf1c0d325ddb53d1e7491d","hashSHA256":"b2e7c70f5ae890e812ece85bbe1a0b9546011eed90e02f35dfeaf0459927d1ed","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"648","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for ximapic504@funvane.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1037.3","fileVersion":"11.5.1037.3","hashMD5":"e3f1391ac3105fdf7ee90694558fd27a","hashSHA1":"7901a012136d3f6b9d1f232517aee7ea781fc6bc","hashSHA256":"54a10b4b7ae7f14a9fce4c9cc603e94163794d8fac91d4d422d0ce41ded2da13","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"648","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search-keyloggers","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/?from=2024-04-19+00:00:00&to=2024-04-25+23:59:59&period=last_7_days&userIds=[]","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/?from=2024-04-19+00:00:00&to=2024-04-25+23:59:59&period=last_7_days&userIds=[]","sourceIndex":"648"}],"sampleFiles":["240429/clevercontrol-211224/11.5.1037.3/Samples/CleverControl%20.NET%20for%20ximapic504%40funvane.com.msi"],"imageFiles":["240429/clevercontrol-211224/11.5.1037.3/Images/ACR-116/ACR-116.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-014/ACR-014.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-007/ACR-007.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-007/ACR-007_1.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-007/ACR-007_2.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-007/ACR-007_3.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-048/ACR-048.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-048/ACR-048_1.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-048/ACR-048_2.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-048/ACR-048_3.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-097/ACR-097.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-086/ACR-086.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-086/ACR-086_1.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084_1.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084_2.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084_3.PNG","240429/clevercontrol-211224/11.5.1037.3/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1037.3_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1037.3","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":626},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and installed program in control panel . The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1039.5","fileVersion":"11.5.1039.5","hashMD5":"6644cd65e0bf776f2ff42f58ae5dddb3","hashSHA1":"88943bc42a1734e4b03d165d0feefe4b9bf78758","hashSHA256":"f200e6fc273e3d8cda470e90ab6cacdd240e05be5ffc27807a2e390fd10f6dfa","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"626","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for rikil53304@fna6.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1039.5","fileVersion":"11.5.1039.5","hashMD5":"e74f854ca27c5a2aba1d04241ec245f4","hashSHA1":"086537662e97eb619c175b4f1706333d8b6e49ee","hashSHA256":"e2477b844e0d0c637b5ed82c3f511ed41490ccf17a377218668b3ca6adc5733d","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"626","avBlockList":["360 Total Security (20240905)","Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","Bitdefender Internet Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","ESET Internet Security (20240905)","FortectPremium (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","KasperskyPremium (20240905)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Quick Heal Internet Security (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","VIPRE Advanced Security (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)"],"avAllowList":["Trend Micro Internet Security (20240905)","Windows Defender (20240905)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/users-view?from=2024-06-11+00:00:00&to=2024-06-17+23:59:59&period=last_7_days","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/users-view?from=2024-06-11+00:00:00&to=2024-06-17+23:59:59&period=last_7_days","sourceIndex":"626"}],"sampleFiles":["240620/clevercontrol-211224/11.5.1039.5/Samples/CleverControl%20.NET%20for%20rikil53304%40fna6.com.msi"],"imageFiles":["240620/clevercontrol-211224/11.5.1039.5/Images/ACR-116/ACR-116.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-014/ACR-014.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-007/ACR-007.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-007/ACR-007_1.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-007/ACR-007_2.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-007/ACR-007_3.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-048/ACR-048.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-048/ACR-048_1.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-048/ACR-048_2.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-048/ACR-048_3.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-097/ACR-097.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-086/ACR-086.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-086/ACR-086_1.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084_1.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084_2.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084_3.PNG","240620/clevercontrol-211224/11.5.1039.5/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1039.5_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1039.5","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T17:03:45.4175222+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":625},{"violations":{"ACR-004":"The app shows scan results for free, but when the user tries to recover the data, the app requires a purchase of an auto-renewing subscription.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DoYourDataRecoveryForMacTrial.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c088f1f2353c14afbd1754e953db1db5","hashSHA1":"e012d5a95e6d72812374c80c1cb47507b2f888e5","hashSHA256":"0a95b178841c2c1236845b38f50259868edab34025aa091611f6476ff845a41e","sourceIndex":"622","avBlockList":["Avast Security for Mac (20240910)","Avira Security for Mac (20240910)","Norton Security for Mac (20240910)","SpyHunterforMac (20240910)","Trend Micro Antivirus for Mac (20240910)"],"avAllowList":["Bitdefender Antivirus for Mac (20240910)","ESET Cyber Security Pro for Mac (20240910)","G DATA AntiVirus for Mac (20240910)","K7 Antivirus for Mac (20240910)","Kaspersky Internet Security for Mac (20240910)","McAfee Internet Security for Mac (20240910)","Sophos Home Premium For Mac (20240813)"]},{"isRevoked":"False","fileName":"Do%20Your%20Data%20Recovery.app.zip","fileVersion":"0.","hashMD5":"c5c05ff20f1e7fa60db6a658e53a605c","hashSHA1":"a155e692561b5b7e3267f15d2a5b9e74095f421b","hashSHA256":"320f18cf7765ef323909a01fdc7139cb94852074acccce188d90f041e79afff9","sourceIndex":"622","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"DeceptorReport","reference":"","landingPage":"https://www.doyourdata.com/mac-data-recovery-software/","directDownloadingLink":"https://www.doyourdata.com/trial/DoYourDataRecoveryForMacTrial.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/trial/DoYourDataRecoveryForMacTrial.dmg","sourceIndex":"622"}],"sampleFiles":["240620/Doyourdatarecovery-240612/8.8/Samples/DoYourDataRecoveryForMacTrial.dmg","240620/Doyourdatarecovery-240612/8.8/Samples/Do%20Your%20Data%20Recovery.app.zip"],"imageFiles":["240620/Doyourdatarecovery-240612/8.8/Images/ACR-004/Screenshot 2024-06-12 at 11.32.47 AM.png","240620/Doyourdatarecovery-240612/8.8/Images/ACR-004/Screenshot 2024-06-12 at 11.34.08 AM.png","240620/Doyourdatarecovery-240612/8.8/Images/ACR-004/Screenshot 2024-06-12 at 11.34.35 AM.png"],"nonDeceptorImageFiles":[],"guid":"16c49949-5455-4c31-bce0-5920bbfdf900_8.8_1","appID":"Doyourdatarecovery-240612","dateAdded":"240620","deceptorType":"MacOS App","name":"Do Your Data Recovery","company":"DoYourData Software","version":"8.8","lastKnownStatus":"8.8","lastKnownDate":"240620","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-06-20T18:51:47.6933443+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":624},{"violations":{"ACR-004":"The app shows scan results for free, but requires a purchase of an auto-renewing subscription to recover any of the data shown.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"StellarDataRecovery-4.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"a2dac12b693209101b99ea290a429988","hashSHA1":"27b99591ae3a3a3a0c9e7ced2bc03435bc1d5a69","hashSHA256":"91922520be2eed38c48ebdd23c170b1a5767a9571e8a88781cdfa6a466e75ec7","sourceIndex":"623","avBlockList":["Avast Security for Mac (20240813)","Avira Security for Mac (20240813)","ESET Cyber Security Pro for Mac (20240813)","K7 Antivirus for Mac (20240813)","Norton Security for Mac (20240813)","SpyHunterforMac (20240813)","Trend Micro Antivirus for Mac (20240813)"],"avAllowList":["Bitdefender Antivirus for Mac (20240813)","G DATA AntiVirus for Mac (20240813)","Kaspersky Internet Security for Mac (20240813)","McAfee Internet Security for Mac (20240813)","Sophos Home Premium For Mac (20240813)"]},{"isRevoked":"False","fileName":"StellarDataRecovery.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"bbde64a37b2066433af2ae48b7f442ed","hashSHA1":"c309f58a1ea82e69a52126ed32cd84567cc5b285","hashSHA256":"38af6f777a61266485cd4acd8aeacea80fb1f6ecf7515b1d36825006a9d4c2c3","sourceIndex":"623","avBlockList":["Avast Security for Mac (20240910)","Avira Security for Mac (20240910)","Bitdefender Antivirus for Mac (20240910)","ESET Cyber Security Pro for Mac (20240910)","G DATA AntiVirus for Mac (20240910)","K7 Antivirus for Mac (20240910)","Norton Security for Mac (20240910)","SpyHunterforMac (20240910)","Trend Micro Antivirus for Mac (20240910)"],"avAllowList":["Kaspersky Internet Security for Mac (20240910)","McAfee Internet Security for Mac (20240910)","Sophos Home Premium For Mac (20240910)"]},{"isRevoked":"False","fileName":"StellarDataRecovery-2.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"030ae201618c76c21d2198c648d46892","hashSHA1":"98d531f39617f099e92292927f8c333e658b7cdb","hashSHA256":"55a398297e7180b9961a2dee0443ef25b888ee28239ad98c61a776625db74e3d","sourceIndex":"623","avBlockList":["Avast Security for Mac (20240709)","Avira Security for Mac (20240709)","ESET Cyber Security Pro for Mac (20240709)","Norton Security for Mac (20240709)","SpyHunterforMac (20240709)","Trend Micro Antivirus for Mac (20240709)"],"avAllowList":["Bitdefender Antivirus for Mac (20240709)","G DATA AntiVirus for Mac (20240709)","K7 Antivirus for Mac (20240709)","Kaspersky Internet Security for Mac (20240709)","McAfee Internet Security for Mac (20240709)","Sophos Home Premium For Mac (20240709)"]},{"isRevoked":"False","fileName":"StellarDataRecovery.app.zip","fileVersion":"0.","hashMD5":"50e1b97bb44853b65b371e9d0f770552","hashSHA1":"72d19e1e08d3c326c4e618379f21bca3d91a98fe","hashSHA256":"eb98dd33e22267d40b4039064b15e97b42066c530e2fe8ed14218e9d94e0feec","sourceIndex":"623","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StellarDataRecovery%202.app.zip","fileVersion":"0.","hashMD5":"9c2fe4390ad93f40fc9de0dfb603a80a","hashSHA1":"50b9a024df5fbd435b987a9eef40b2253151f127","hashSHA256":"424be19b1e71fc8dbd30049f62f1cec742905de4f7f209e8fac92f19e4663e0a","sourceIndex":"623","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StellarDataRecovery%204.app.zip","fileVersion":"0.","hashMD5":"cf7b76d10d07655f15cca256fd5656b0","hashSHA1":"8b3c797543cd2a5b9c87902dabd4f70db5814702","hashSHA256":"231d2f5680da48d25ebbba2d9de7763279030c2c87475dec3c1ebcd92446cc93","sourceIndex":"623","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search for Data Recovery Apps","reference":"","landingPage":"https://www.stellarinfo.com/stellar-data-recovery-mac-standard.php","directDownloadingLink":"https://cloud.stellarinfo.com/StellarDataRecovery.dmg.zip?_ga=2.218873689.1339920150.1718228878-622017230.1718228878","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cloud.stellarinfo.com/StellarDataRecovery.dmg.zip?_ga=2.218873689.1339920150.1718228878-622017230.1718228878","sourceIndex":"623"},{"howFound":"","reference":"","landingPage":"https://www.stellarinfo.com/data-recovery-mac.php","directDownloadingLink":"https://cloud.stellarinfo.com/StellarDataRecoveryProfessional.dmg.zip?_ga=2.213588180.1339920150.1718228878-622017230.1718228878","ipv4":"","ipv6":"","sourceIndex":"624"},{"howFound":"","reference":"","landingPage":"https://www.stellarinfo.com/mac-data-recovery-technician.php","directDownloadingLink":"https://cloud.stellarinfo.com/StellarDataRecoveryTechnician.dmg.zip?_ga=2.185236457.1339920150.1718228878-622017230.1718228878","ipv4":"","ipv6":"","sourceIndex":"625"}],"sampleFiles":["240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery-4.dmg","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery.dmg","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery-2.dmg","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery.app.zip","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery%202.app.zip","240620/Stellardatarecoverymac-240612/12.0.0.0/Samples/StellarDataRecovery%204.app.zip"],"imageFiles":["240620/Stellardatarecoverymac-240612/12.0.0.0/Images/ACR-004/Screenshot 2024-06-12 at 3.04.31 PM.png","240620/Stellardatarecoverymac-240612/12.0.0.0/Images/ACR-004/Screenshot 2024-06-12 at 3.05.05 PM.png","240620/Stellardatarecoverymac-240612/12.0.0.0/Images/ACR-004/Screenshot 2024-06-12 at 3.05.33 PM.png"],"nonDeceptorImageFiles":[],"guid":"ce488d79-76e1-44fa-a48b-bfa33f9f10be_12.0.0.0_1","appID":"Stellardatarecoverymac-240612","dateAdded":"240620","deceptorType":"MacOS App","name":"Stellar Data Recovery for Mac","company":"Stellar Data Recovery Inc.","version":"12.0.0.0","lastKnownStatus":"12.0.0.0","lastKnownDate":"240620","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-06-20T18:43:52.6165478+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":623},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying installer and main file hash per download from it’s landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1034.9","fileVersion":"11.5.1034.9","hashMD5":"af2d0533564f835dcf7ae83c8e2be108","hashSHA1":"e48301f3a71385ea57e8a25c9e52e9a411a09bc4","hashSHA256":"dcd9c7dff77805dbf3c06d420e2d68ae9dbc0bf9371357e9fe17bcd58a64e371","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"770","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for rekeme6034@wikfee.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1034.9","fileVersion":"11.5.1034.9","hashMD5":"746084cce4d2f160a5c1f2e6e86f42cb","hashSHA1":"b696a4ef4b33d98e2dca0b69112a1f7e535d5d61","hashSHA256":"05303566c279b2d46b20efef678088f39a79c93d1d9f258776a957e352640432","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"770","avBlockList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","COMODO Antivirus (20240307)","Dr.Web Security Space (20240307)","ESET Internet Security (20240307)","G DATA INTERNET SECURITY (20240307)","K7 Total Security (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","VIPRE Advanced Security (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)"],"avAllowList":["McAfee Total Protection (20240307)","Quick Heal Internet Security (20240307)","Trend Micro Internet Security (20240307)","Windows Defender (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/?period=last_7_days&from=2023-12-27%2000%3A00%3A00&to=2024-01-03%2002%3A08%3A59&userIds=%5B%5D","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/?period=last_7_days&from=2023-12-27%2000%3A00%3A00&to=2024-01-03%2002%3A08%3A59&userIds=%5B%5D","sourceIndex":"770"}],"sampleFiles":["240105/clevercontrol-211224/11.5.1034.9/Samples/CleverControl%20.NET%20for%20rekeme6034%40wikfee.com.msi"],"imageFiles":["240105/clevercontrol-211224/11.5.1034.9/Images/ACR-116/ACR-116.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-014/ACR-014.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-007/ACR-007.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-007/ACR-007_1.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-007/ACR-007_2.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-007/ACR-007_3.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-048/ACR-048.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-048/ACR-048_1.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-048/ACR-048_3.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-048/ACR-048_Software_1.png","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-097/ACR-097.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-086/ACR-086.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-086/ACR-086_1.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084_1.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084_2.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084_3.PNG","240105/clevercontrol-211224/11.5.1034.9/Images/ACR-084/ACR-084_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1034.9_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1034.9","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":632},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, the desktop, and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n2. The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, the desktop, and the control panel. The app uses a password to hide its presence.\n2. The app creates a startup item without the user's knowledge and consent.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"The app attempts to evade security investigations by modifying the installer and main file hash per download from its landing page.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clvhost.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1036.1","fileVersion":"11.5.1036.1","hashMD5":"889e0fbdfb7a312d18ab184757cab39d","hashSHA1":"ff5f797640d2d38700d0323d69eae568b87f47f8","hashSHA256":"d0226aa56beae54cb99e5620649467a5b9d0581d91bd87e2d2d947bfe6cc2949","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"701","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControl .NET for sacedep377@mnsaf.com.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1036.1","fileVersion":"11.5.1036.1","hashMD5":"20b63d176316b52887e1c08cd73f5e2c","hashSHA1":"ce554bbe0c640b057fc94eef292356a495d645a2","hashSHA256":"ddf15170e88e1fd9260556cbd0b53bb3781597e5876999e2f4c22249397a59c1","digitalCertThumbprint":"5CBB692CC5CC069030018BC2664E4E814831A0F3","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","sourceIndex":"701","avBlockList":["360 Total Security (20240328)","Avast Premium Security (20240328)","AVG Internet Security (20240328)","Avira Internet Security (20240328)","Bitdefender Internet Security (20240328)","COMODO Antivirus (20240328)","Dr.Web Security Space (20240328)","ESET Internet Security (20240328)","G DATA INTERNET SECURITY (20240328)","Kaspersky Internet Security (20240328)","Malwarebytes Premium (20240328)","Panda Dome (20240328)","Quick Heal Internet Security (20240328)","Sophos Home Premium (20240328)","SpyHunter5 (20240328)","Total AV Antivirus Pro (20240328)","VIPRE Advanced Security (20240328)","VirIT eXplorer PRO (20240328)","Webroot SecureAnywhere (20240328)"],"avAllowList":["K7 Total Security (20240328)","McAfee Total Protection (20240328)","Norton Security (20240328)","Trend Micro Internet Security (20240328)","Windows Defender (20240328)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/win/?email=sacedep377%mnsaf.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/win/?email=sacedep377%mnsaf.com","sourceIndex":"701"}],"sampleFiles":["240325/clevercontrol-211224/11.5.1036.1/Samples/CleverControl%20.NET%20for%20sacedep377%40mnsaf.com.msi"],"imageFiles":["240325/clevercontrol-211224/11.5.1036.1/Images/ACR-116/ACR-116.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-014/ACR-014.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-007/ACR-007.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-007/ACR-007_1.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-007/ACR-007_2.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-007/ACR-007_3.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-048/ACR-048.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-048/ACR-048_1.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-048/ACR-048_2.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-048/ACR-048_3.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-097/ACR-097.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-086/ACR-086.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-086/ACR-086_1.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084_1.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084_2.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084_3.PNG","240325/clevercontrol-211224/11.5.1036.1/Images/ACR-084/ACR-084_4.PNG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1036.1_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1036.1","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":628},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"During downloading and installation, it prompts the user to disable antivirus protection / exclude it from Windows defender detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe” without company attributes info.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{0276FACA-AA90-C56A-65FF-D3865DA10EAD}\\clv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"69c58867ebcdce48a1c2cdfcde82f8a0","hashSHA1":"24c24d37bb2388f2a208e64e34f09cc2f781b546","hashSHA256":"d55d3fc927f31df205c1a6f104b13b5c2912ae5dddd25df812ce2715f63196c2","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1745","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControlSetup.exe","isInstaller":"True","companyName":"CLEVERCONTROL LLC                                           ","productName":"                                                            ","productVersion":"{cm:MyAppVer}                                     ","fileVersion":"{cm:MyAppVer}       ","hashMD5":"783b301962a698f187dd52c1d1d23472","hashSHA1":"124bb2c77a33c5340711d020de070fca8430801c","hashSHA256":"fda29d07b9dfacbb4bd8a7d34f752ba8431fe73f9e0b9daa84d02e91414c3f07","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1745","avBlockList":["360 Total Security (20220106)","Avast Premium Security (20220106)","AVG Internet Security (20220106)","Avira Internet Security (20220106)","Bitdefender Internet Security (20220106)","Dr.Web Security Space (20220106)","ESET Internet Security (20220106)","G DATA INTERNET SECURITY (20220106)","K7 Total Security (20220106)","Kaspersky Internet Security (20220106)","Malwarebytes Premium (20220106)","McAfee Total Protection (20220106)","Norton Security (20220106)","Panda Dome (20220106)","Quick Heal Internet Security (20220106)","Sophos Home Premium (20220106)","SpyHunter5 (20220106)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20220106)","VIPRE Advanced Security (20220106)","VirIT eXplorer PRO (20220106)","Webroot SecureAnywhere (20220106)","Windows Defender (20220106)"],"avAllowList":["COMODO Antivirus (20220106)","Trend Micro Internet Security (20220106)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search-keyloggers","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/","sourceIndex":"1745"}],"sampleFiles":["211224/clevercontrol-211224/11.5.36/Samples/CleverControlSetup.exe"],"imageFiles":["211224/clevercontrol-211224/11.5.36/Images/ACR-116/ACR-116_Software_Hides_In_Control_Panel.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-014/ACR-014_Software_Misleading_App_Name.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-007/ACR-007_Software_Hides_App_1.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-007/ACR-007_Software_Requires_Sign_In.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-048/ACR-048_Software_Requires_Sign_In_To_Launch.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-048/ACR-048_Software_Requires_Sign_In.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-048/ACR-048_Software_No_Control.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-097/ACR-097_Software_Excludes_AV.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-097/ACR-097_Software_Excludes_AV_1.jpg","211224/clevercontrol-211224/11.5.36/Images/ACR-097/ACR-097_Software_Excludes_AV_2.jpg","211224/clevercontrol-211224/11.5.36/Images/ACR-086/ACR-086_Software_Requires_Sign_In_To_Launch.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-086/ACR-086_Software_Requires_Sign_In.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-084/ACR-084_Software_Hides_App.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-084/ACR-084_Software_Hides_App_1.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-084/ACR-084_Software_Hides_App_2.JPG","211224/clevercontrol-211224/11.5.36/Images/ACR-084/ACR-084_Software_Requires_Sign_In.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.36_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.36","sigName":"Deceptor:Win32/CleverControl!116014007048097086084","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":641},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to control the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"clv.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clsvs.exe","companyName":"CLEVERCONTROL LLC","productName":"clsvs","productVersion":"11.5.2.1","fileVersion":"11.5.2.1","hashMD5":"4d84f9a5f7cb29a370b9aab37f584704","hashSHA1":"0537aea3e6b4e56f912e53a99c15b5cc2f146daa","hashSHA256":"2caf27d8b9b284f19a156bbd81ee33432ba9a8107f75c328e64294cb650cc5b8","digitalCertThumbprint":"63495C670AE813F13465BEF5288FD7E64D35CCF2","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1496","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\{FO16FA1A-AA91-C56A-654F-E3865DA10DAT}\\clvhost.exe","companyName":"CLEVERCONTROL LLC","productName":"clvhost","productVersion":"11.5.1022.1","fileVersion":"11.5.1022.1","hashMD5":"9f7855c007e06982e82d2e90892f616f","hashSHA1":"3077af0dc278fc5329a32a79793c9fb09354776a","hashSHA256":"6f335fb31024b51f8ba2d6e33ccd4a85244c432d13312bf9e349d9bedc534018","digitalCertThumbprint":"63495C670AE813F13465BEF5288FD7E64D35CCF2","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1496","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverControlSetup.msi","isInstaller":"True","companyName":"CLEVERCONTROL LLC","productVersion":"11.5.1022.1","fileVersion":"11.5.1022.1","hashMD5":"d0d16e254e3b2484a2d1edcea9679eaa","hashSHA1":"012541a1c3f7fad46e70718b47b7c9b720689022","hashSHA256":"9575286eef4d790366040f31f9c756a74a9ec5c9aded990a1be16bb42fab58f0","sourceIndex":"1496","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search-keyloggers","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://dashboard.clevercontrol.com/summary?from=2022-07-20%2000%3A00%3A00&to=2022-07-27%2002%3A57%3A16&period=last_7_days&userIds=%5B%5D","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dashboard.clevercontrol.com/summary?from=2022-07-20%2000%3A00%3A00&to=2022-07-27%2002%3A57%3A16&period=last_7_days&userIds=%5B%5D","sourceIndex":"1496"}],"sampleFiles":["220727/clevercontrol-211224/11.5.1022.1/Samples/CleverControlSetup.msi"],"imageFiles":["220727/clevercontrol-211224/11.5.1022.1/Images/ACR-116/ACR-116_Uninstall.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-014/ACR-014_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-007/ACR-007_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-007/ACR-007_Software_1.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-048/ACR-048_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-048/ACR-048_Software_1.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-048/ACR-048_Software_2.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-086/ACR-086_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-086/ACR-086_Software_1.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-084/ACR-084_Software.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-084/ACR-084_Software_1.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-084/ACR-084_Software_2.JPG","220727/clevercontrol-211224/11.5.1022.1/Images/ACR-084/ACR-084_Software_3.JPG"],"nonDeceptorImageFiles":[],"guid":"316c9eaa-6a87-405d-b166-0383c8605120_11.5.1022.1_1","appID":"clevercontrol-211224","dateAdded":"240620","deceptorType":"App","name":"Clever Control","company":"Clever Control LLC","version":"11.5.1022.1","lastKnownStatus":"11.5.36;11.5.1022.1;11.5.1031.5;11.5.1032.0;11.5.1032.1;11.5.1033.2;11.5.1033.3;11.5.1033.4;11.5.1034.1;11.5.1034.9;11.5.1035.2;11.5.1035.3;11.5.1035.4;11.5.1036.1;11.5.1037.0;11.5.1037.3;11.5.1039.5","lastKnownDate":"240620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":17,"sortOrder":640},{"violations":{"ACR-043":"Open source project \"Qt5\" is installed without any disclosure in EULA.\n","ACR-004":"The application doesn't provide a free fix for all items reported, only allows to recover up to 1 GB of data. Instead, it offers auto-renewing subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DoYourDataRecoveryFree.exe","isInstaller":"True","companyName":"DoYourData                                                  ","fileVersion":"8.0","hashMD5":"8ce7a8bdaea0edf0d254af20d2d497f8","hashSHA1":"bb7e1ac4db61d686a9d961eb7c006e77e004f9e2","hashSHA256":"e723f7442f48618c142d51bc21ce205cced141374df52281ca4cb9b9917707a3","digitalCertThumbprint":"254E69DC4437E997F8B440A706969D152F068DEB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Shengxuan Technology Co., Ltd.\", O=\"Chengdu Shengxuan Technology Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510100MA6ADXEC52, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=成都高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"206","avBlockList":["ESET Internet Security (20240820)","Norton Security (20240820)","Panda Dome (20240820)","Quick Heal Internet Security (20240820)","Sophos Home Premium (20240820)","VirIT eXplorer PRO (20240820)","Webroot SecureAnywhere (20240820)","Windows Defender (20240820)","FortectPremium (20240820)"],"avAllowList":["360 Total Security (20240820)","Avast Premium Security (20240820)","AVG Internet Security (20240820)","Avira Internet Security (20240820)","Bitdefender Internet Security (20240820)","COMODO Antivirus (20240820)","Dr.Web Security Space (20240820)","G DATA INTERNET SECURITY (20240820)","K7 Total Security (20240820)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240820)","McAfee Total Protection (20240820)","SpyHunter5 (20240820)","Total AV Antivirus Pro (20240820)","Trend Micro Internet Security (20240820)","VIPRE Advanced Security (20240820)","KasperskyPremium (20240820)"]},{"isRevoked":"False","fileName":"Main.exe","companyName":"DoYourData","fileVersion":"17.0","hashMD5":"8390e90bcb42b9bc9216c7b9d0d4511c","hashSHA1":"4da604ac5b0699d4233890bcdeba71142e5dd1bd","hashSHA256":"e761284b43f7174c026d56de0c3186887e628c9c75e554f904d5707f3cfa5328","digitalCertThumbprint":"254E69DC4437E997F8B440A706969D152F068DEB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Shengxuan Technology Co., Ltd.\", O=\"Chengdu Shengxuan Technology Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510100MA6ADXEC52, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=成都高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"206","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted to DeceptorReport","reference":"","landingPage":"https://www.doyourdata.com/data-recovery-software/free-data-recovery-software.html","directDownloadingLink":"https://www.doyourdata.com/free/DoYourDataRecoveryFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.doyourdata.com/free/DoYourDataRecoveryFree.exe","sourceIndex":"206"}],"sampleFiles":["240612/Doyourdatarecovery-240611/8.0/Samples/DoYourDataRecoveryFree.exe","240612/Doyourdatarecovery-240611/8.0/Samples/Main.exe"],"imageFiles":["240612/Doyourdatarecovery-240611/8.0/Images/ACR-043/qt5.png","240612/Doyourdatarecovery-240611/8.0/Images/ACR-004/ACR004.png","240612/Doyourdatarecovery-240611/8.0/Images/ACR-004/ACR004_2.png","240612/Doyourdatarecovery-240611/8.0/Images/ACR-004/ACR-004_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"ad662fb8-a313-4b9c-b87b-c2f991c2f12f_8.0_1","appID":"Doyourdatarecovery-240611","dateAdded":"240612","deceptorType":"App","name":"Do Your Data Recovery","company":"DoYourData Software","version":"8.0","firstResolvedVersion":"8.2","resolved":"TRUE","lastKnownStatus":"Deceptor:8.0","lastKnownDate":"240611","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11,Windows Server","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2025-05-09T22:43:15.4762567+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":642},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"1. The app exaggerates issues and raises urgency for the identified issues with the \"Red\" font, thereby misleading or scaring the consumer to take action.\n2. The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG DLL Fixer\\4DDiG DLL Fixer.exe","companyName":"Tenorshare","productName":"DllRepair_4DDIG","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"1cfdc71a48d99c5dd72e179647a77029","hashSHA1":"0a501814e92d8b8adf600865b7702a5e1a8ec56f","hashSHA256":"18c57812fab87f4e6a7dbca4215d6a977565c0894c5ae027527bd38e442d4901","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"709","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-dll-fixer_11710474111499682501.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20240112175350","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"70407233e32cda7de35aa5110938ec90","hashSHA1":"be6b24c27573132be7382cbad4f732a355caa2b4","hashSHA256":"50909be4da07c6e0d2592569510d82da02c8d58a5bce14599221913fd58d9a91","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"709","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VIPRE Advanced Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","COMODO Antivirus (20240815)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/dll-fixer.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","sourceIndex":"709"}],"sampleFiles":["240315/4DDiGDLLFixer-240315/1.0.0.12/Samples/4ddig-dll-fixer_11710474111499682501.exe"],"imageFiles":["240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-046/ACR-046.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-046/ACR-046_1.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-048/ACR-048.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-004/ACR-004.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-004/ACR-004_1.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-004/ACR-004_2.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-097/ACR-097.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-040/ACR-040.PNG","240315/4DDiGDLLFixer-240315/1.0.0.12/Images/ACR-123/ACR-123.PNG"],"guid":"e95cf1ae-cea2-4fdf-a65e-9b3811efa912_1.0.0.12_1","appID":"4DDiGDLLFixer-240315","dateAdded":"240604","deceptorType":"App","name":"4DDiG DLL Fixer","company":"Tenorshare Co., Ltd.","version":"1.0.0.12","lastKnownStatus":"1.0.0.12;1.0.2.3;1.0.3.7","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":657},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove the installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove the installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.24.0.0","fileVersion":"2.24.0.0","hashMD5":"147b80de109d585bdd9f1291e31327b6","hashSHA1":"40a65d0fda0eb9143e0d2ed5b73c0056528ea1e4","hashSHA256":"3e8ca397a8712f24821ec119e2a3846d242021c66934f65e148ff344b4148b83","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"720","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"24c2fa02827daa1a565765d25873051b","hashSHA1":"9b0e07effb5fa32c0520078aad9e6d9e5e67971d","hashSHA256":"0a2f29b8b1b648abaf2e346d325186812f7a0f675163d61eeca08b27cb9eccd7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"720","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.24.0.0","fileVersion":"2.24.0.0","hashMD5":"1c3cbc60f4893b76ea941647026015e5","hashSHA1":"9533bb4005d1b1e387e93c6fedd6df5eb2cba17c","hashSHA256":"77ea0713009782e09bebd0750c56a5be774c67a5e43b5d1a3f1741a5e2a0a734","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"720","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"720"}],"sampleFiles":["240304/turbovpn-220315/2.24.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["240304/turbovpn-220315/2.24.0.0/Images/ACR-043/ACR-043.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-042/ACR-042.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-084/ACR-084.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-048/ACR-048.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-048/ACR-048_1.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-007/ACR-007.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240304/turbovpn-220315/2.24.0.0/Images/ACR-045/ACR-045.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-123/ACR-123.PNG","240304/turbovpn-220315/2.24.0.0/Images/ACR-014/ACR-014.PNG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.24.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.24.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":645},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove an installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.23.0.0","fileVersion":"2.23.0.0","hashMD5":"13e7c905453cf1e8ea1e78fffe418655","hashSHA1":"eb1b7d36ad915faa9c062db535fffaaf0f61c928","hashSHA256":"0b2030fa60b6378c6d4c87d3d10d9862e3e29cf40b39b9b41682c7f529a3c610","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"843","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"24c2fa02827daa1a565765d25873051b","hashSHA1":"9b0e07effb5fa32c0520078aad9e6d9e5e67971d","hashSHA256":"0a2f29b8b1b648abaf2e346d325186812f7a0f675163d61eeca08b27cb9eccd7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"843","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.23.0.0","fileVersion":"2.23.0.0","hashMD5":"1e27c9978cabe892612bd1c6021dc6ea","hashSHA1":"863dfebb5efd1256f5a573cdb8eb79b063bc6845","hashSHA256":"c8568a1be386f0a5686153b9f94954c51236c42b86eef6975a86db5bebfbac6e","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"843","avBlockList":["Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["360 Total Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","Kaspersky Internet Security (20240123)","Trend Micro Internet Security (20240123)","VIPRE Advanced Security (20240123)","Windows Defender (20240123)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"843"}],"sampleFiles":["231023/turbovpn-220315/2.23.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["231023/turbovpn-220315/2.23.0.0/Images/ACR-043/ACR-043_Install_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-042/ACR-042_Install_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-084/ACR-084_Software_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-048/ACR-048_Software_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-048/ACR-048_Software_2.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-007/ACR-007_Software_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["231023/turbovpn-220315/2.23.0.0/Images/ACR-045/ACR-045_Install_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-123/ACR-123_Uninstall_1.png","231023/turbovpn-220315/2.23.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.23.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.23.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":646},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove an installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"24c2fa02827daa1a565765d25873051b","hashSHA1":"9b0e07effb5fa32c0520078aad9e6d9e5e67971d","hashSHA256":"0a2f29b8b1b648abaf2e346d325186812f7a0f675163d61eeca08b27cb9eccd7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"882","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.22.0.0","fileVersion":"2.22.0.0","hashMD5":"4c8ba1bc52e4b34eccc78c2cc3fefdf9","hashSHA1":"81ae354140c1b38bd89a4d566a276ab5941b24cd","hashSHA256":"7de9a76c82c214dc3d89d37798199f9409fc2926af84bd4c8750a32131a77704","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"882","avBlockList":["Avast Premium Security (20240321)","AVG Internet Security (20240321)","Avira Internet Security (20240321)","G DATA INTERNET SECURITY (20240321)","K7 Total Security (20240321)","Malwarebytes Premium (20240321)","McAfee Total Protection (20240321)","Norton Security (20240321)","Panda Dome (20240321)","Quick Heal Internet Security (20240321)","Sophos Home Premium (20240321)","SpyHunter5 (20240321)","Total AV Antivirus Pro (20240321)","VirIT eXplorer PRO (20240321)","Webroot SecureAnywhere (20240321)"],"avAllowList":["360 Total Security (20240321)","Bitdefender Internet Security (20240321)","COMODO Antivirus (20240321)","Dr.Web Security Space (20240321)","ESET Internet Security (20240321)","Kaspersky Internet Security (20240321)","Trend Micro Internet Security (20240321)","VIPRE Advanced Security (20240321)","Windows Defender (20240321)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"882"}],"sampleFiles":["230929/turbovpn-220315/2.22.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["230929/turbovpn-220315/2.22.0.0/Images/ACR-043/ACR-043_Install_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-042/ACR-042_Install_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-084/ACR-084_Software_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-048/ACR-048_Software_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-007/ACR-007_Software_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["230929/turbovpn-220315/2.22.0.0/Images/ACR-045/ACR-045_Install_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-123/ACR-123_Uninstall_1.png","230929/turbovpn-220315/2.22.0.0/Images/ACR-014/ACR-014_Landing page_1.png"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.22.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.22.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":647},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove an installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.21.0.0","fileVersion":"2.21.0.0","hashMD5":"06645c86d9abd35526166e7efe104099","hashSHA1":"1b4b5b330a69ec4d9291203b37cd4fd0fcfe2523","hashSHA256":"2e176e200bdf7245226370816aa1d05ae04291b2d286afa353885c0b337d78a4","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1131","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"3683e329119248d66c8e96025d38b738","hashSHA1":"f2c6e9a3b543b0e0a96f25c7fd65c4069048ff95","hashSHA256":"90d173c96764bb9147c0b95cf967cb6b970f50ccd3fb7639631f4d7aecbb7130","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1131","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"a556861afa15ea74d4cdb9e53ce5559f","hashSHA1":"f65524b4de96930d77355c73f6a9401c97311a9a","hashSHA256":"049b35e5da0e45611120d065c2f4b2370482fca89ddbc2a06bfdd903aa1a5b27","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1131","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.21.0.0","fileVersion":"2.21.0.0","hashMD5":"91ea7b3382e6827693a86654ee1c6f5e","hashSHA1":"5152ba9aa850c6c71a1a9ebf99a5eacde1393876","hashSHA256":"863851c9af3d438236f517571ff6c4bef7070412fa9f5f0978e769a9491681bb","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1131","avBlockList":["Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)"],"avAllowList":["360 Total Security (20230928)","COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","Kaspersky Internet Security (20230928)","Trend Micro Internet Security (20230928)","Windows Defender (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1131"}],"sampleFiles":["230501/turbovpn-220315/2.21.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["230501/turbovpn-220315/2.21.0.0/Images/ACR-043/ACR-043.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-042/ACR-042.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-084/ACR-084.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-048/ACR-048 (1).JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-048/ACR-048 (2).JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-007/ACR-007.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230501/turbovpn-220315/2.21.0.0/Images/ACR-045/ACR-045.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-123/ACR-123.JPG","230501/turbovpn-220315/2.21.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.21.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.21.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":648},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove an installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","fileVersion":"2.20","hashMD5":"20667e2b795ce7b80d121c3c0e021e9a","hashSHA1":"58f6b8630c364d8b398ce1a725c906c3f874049d","hashSHA256":"ec49cd721e81b6bcc49e52891c43339d8e2504b96341290228723c2c5e012023","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"1222","avBlockList":["Avast Premium Security (20240425)","AVG Internet Security (20240425)","Avira Internet Security (20240425)","ESET Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","Malwarebytes Premium (20240425)","McAfee Total Protection (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Sophos Home Premium (20240425)","SpyHunter5 (20240425)","Total AV Antivirus Pro (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)"],"avAllowList":["360 Total Security (20240425)","Bitdefender Internet Security (20240425)","COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","K7 Total Security (20240425)","Kaspersky Internet Security (20240425)","Quick Heal Internet Security (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","Windows Defender (20240425)"]},{"isRevoked":"False","fileName":"turbo_vpn-service.exe","companyName":"Innovative Connecting","fileVersion":"1.0","hashMD5":"b9d3e9dad468c3db26943a3af77e4efc","hashSHA1":"4437e53d7949241b05ccbc75733c0c56646675f2","hashSHA256":"4a849efc900276b71cc5a134e110c1b9202b00a44e1fae8ab6fb1683d11f7331","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"1222","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN.exe","companyName":"inovative Connecting","fileVersion":"2.20","hashMD5":"3a6f72189a7d688550b7b1dc603cd356","hashSHA1":"e3103db973e336196cbf9872ea0240d6f8456c27","hashSHA256":"a9d1063995060fee1fcdcc77fbd077ce80ccf3f165b5a45fe9ca41262f0037b7","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"1222","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPNLauncher.exe","companyName":"Innovative Connecting","fileVersion":"1.0","hashMD5":"9da3bf2f4095d2c0dd3c23c775679a73","hashSHA1":"a7b9f6fdc0a2c3c12b95eb63dfc45f9890c5dab7","hashSHA256":"a7f404272bc85d09d756478072b87dad3f521c112c2dac016e0de1abae7600fa","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=INNOVATIVE CONNECTING PTE. LIMITED, O=INNOVATIVE CONNECTING PTE. LIMITED, L=SINGAPORE, C=SG, SERIALNUMBER=201812738K, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG","sourceIndex":"1222","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1222"}],"sampleFiles":["230207/turbovpn-220315/2.20.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["230207/turbovpn-220315/2.20.0.0/Images/ACR-043/ACR-043.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-042/ACR-042.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-084/ACR-084.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-048/ACR-048_Software.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-048/ACR-048.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-007/ACR-007.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230207/turbovpn-220315/2.20.0.0/Images/ACR-045/ACR-045.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-123/ACR-123.JPG","230207/turbovpn-220315/2.20.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.20.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.20.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":649},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificate even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-123":"The app does not remove an installed root certificate even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.19.0.0","fileVersion":"2.19.0.0","hashMD5":"06ca386a4ea045956ddb460fb837c76a","hashSHA1":"41a205ddaf669f8437281504b56c616c2844495e","hashSHA256":"e80b89adb54d96864ea1f0a973131cf318ad0927f7fb491816e1fcbdaee6e1d2","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1281","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"e78d3e4791468b08dac2cbfb3bde723e","hashSHA1":"a29ebc2b95778a83ae9a26799600a712aaf921df","hashSHA256":"9dbbe7cc01370589215062dd43cad4ce49b06a34be96360beea3e6434937d75b","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1281","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"74c2b57f360074bae69f103b8485d8c2","hashSHA1":"dd58541000b05f620d597bfa02bee8292057fbf9","hashSHA256":"7fed97a18d79c644c65d6b52b03f6dc8beda8c6a5903f4a0912de545e2862c30","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1281","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.19.0.0","fileVersion":"2.19.0.0","hashMD5":"9489f4c323863dbd90fce01b221263bc","hashSHA1":"78c62af86c7eeb1dd1d89d73c2cc8c34707d3d5a","hashSHA256":"f638b1ff186489c2fdedbbda5c535b5a8b01eb5b016fc0e685a925dad5d15d9b","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1281","avBlockList":["Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","ESET Internet Security (20240723)","K7 Total Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","FortectPremium (20240723)"],"avAllowList":["360 Total Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","G DATA INTERNET SECURITY (20240723)","Kaspersky Internet Security (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1281"}],"sampleFiles":["221204/turbovpn-220315/2.19.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["221204/turbovpn-220315/2.19.0.0/Images/ACR-043/ACR-043_Install.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-042/ACR-042_Install.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-084/ACR-084.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-048/ACR-048_Software_No_Control_For_Notification.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-048/ACR-048.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-007/ACR-007_Software.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["221204/turbovpn-220315/2.19.0.0/Images/ACR-045/ACR-045_Install.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-123/ACR-123.JPG","221204/turbovpn-220315/2.19.0.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.19.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.19.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":650},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificate even after uninstall.\n","ACR-014":"The app misleads by displaying the status as \"Exposed'\" on the internal offers pages (https://turbovpn.com/pricing), even though another VPN (tunnel bear) is on and running.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.18.0.0","fileVersion":"2.18.0.0","hashMD5":"6165aa59c70db3022248fd59f84050df","hashSHA1":"b35a79884a78cff79eff7826a67b24f2d1b088dc","hashSHA256":"0c1d49a8bd02d4c83fc548af920d07e83da48e055cebfd31c57df790df0dfa83","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1627","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"9f5ef8f6a7e06a46ebb02e7066c660f2","hashSHA1":"c5778d4cdbaa5c796e3d390d77dc3dbace871a76","hashSHA256":"fd4e04662ecd378c28685ad012cfd987de83bb7c4b9126f0ac5132801876e6cc","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1627","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"46c58c89520bbe4e548e7b02c1f88b90","hashSHA1":"df2f258ebcb32d77bca7eb9ea5dd05c72ca37be2","hashSHA256":"c356ec6e9e3723fd6b2035fe6dca48fdde395e9b7ca536153b4391e0c93adf2b","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1627","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.18.0.0","fileVersion":"2.18.0.0","hashMD5":"a86859ed1f33f73986cb4a2b80c882f4","hashSHA1":"1461a9733815ec95fe8c836de5a5df0636e09f75","hashSHA256":"4863a1eb40ac86f0d5538d3f4116d3ca739652fbffe0702c433fe669088554b8","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1627","avBlockList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","COMODO Antivirus (20240801)","ESET Internet Security (20240801)","G DATA INTERNET SECURITY (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","McAfee Total Protection (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Quick Heal Internet Security (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","FortectPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","Bitdefender Internet Security (20240801)","Dr.Web Security Space (20240801)","Kaspersky Internet Security (20240314)","Tencent PC Manager (20220519)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)","Windows Defender (20240801)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1627"}],"sampleFiles":["220505/turbovpn-220315/2.18.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["220505/turbovpn-220315/2.18.0.0/Images/ACR-043/ACR-043_Install.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-042/ACR-042_Install.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-084/ACR-084_Software.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-048/ACR-048_Software.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-048/ACR-048_Software_1.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-048/ACR-048_Software_2.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-007/ACR-007_Software.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-118/ACR-118_Uninstall.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-014/ACR-014_InternalOffers.JPG"],"nonDeceptorImageFiles":["220505/turbovpn-220315/2.18.0.0/Images/ACR-045/ACR-045_Install.JPG","220505/turbovpn-220315/2.18.0.0/Images/ACR-014/ACR-014_Landingpage.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.18.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.18.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":651},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its notifications & process completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove an installed root certificate even after uninstall.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the internal offers pages (https://turbovpn.com/pricing?plan=vpn.turbo.pc.twoyearsplan.pm65&channel=win), even though another VPN (tunnel bear) is on and running.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-099":"The application does not display links to uninstall information. \n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages (https://turbovpn.com/home), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.17.1.0","fileVersion":"2.17.1.0","hashMD5":"c472605a50e8ebb13d25144e9224e9ff","hashSHA1":"474af22f9e1372d186c5b80027eb0168bfdfb272","hashSHA256":"de19d1ef8a0a9be4c0fd3656c26ce806c21e939266b9a5f16110fb6379fa4edf","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1637","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"5fbcf26091679ebd22a7cf5f5c7a77d0","hashSHA1":"559e8f4c07173519b77bb782eed66a765c1b8832","hashSHA256":"9db23474c98bddb4367e367b7aedf8fe76b0ed9be7db944fb1f0c3ac697e989d","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1637","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"a833694da4c09d8c5d753fd1a43766b0","hashSHA1":"f0aa6de6f9743255f72b480d44831f31e6df0924","hashSHA256":"3d723159b376bca6db50df1254f77a986bf3b474526933d8e794ba14eace11a2","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1637","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.17.1.0","fileVersion":"2.17.1.0","hashMD5":"c021bf289f33480bb2d4a0d0474a11ca","hashSHA1":"172f1d2859a7229cde7588779bc065c5c00108d1","hashSHA256":"71861a9406893efba1412756e0fa65dfbcf1fcadcc93c6af4f765cd8dde76016","digitalCertThumbprint":"B621CF3191921926F1C9A6B96201051EE3EFD13E","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1637","avBlockList":["Avast Premium Security (20231012)","AVG Internet Security (20231012)","Avira Internet Security (20231012)","Bitdefender Internet Security (20231012)","G DATA INTERNET SECURITY (20231012)","K7 Total Security (20231012)","Malwarebytes Premium (20231012)","McAfee Total Protection (20231012)","Norton Security (20231012)","Panda Dome (20231012)","Quick Heal Internet Security (20231012)","Sophos Home Premium (20231012)","SpyHunter5 (20231012)","Total AV Antivirus Pro (20231012)","VIPRE Advanced Security (20231012)","VirIT eXplorer PRO (20231012)","Webroot SecureAnywhere (20231012)"],"avAllowList":["360 Total Security (20231012)","COMODO Antivirus (20231012)","Dr.Web Security Space (20231012)","ESET Internet Security (20231012)","Kaspersky Internet Security (20231012)","Trend Micro Internet Security (20231012)","Windows Defender (20231012)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1637"}],"sampleFiles":["220426/turbovpn-220315/2.17.1.0/Samples/TurboVPN_setup.exe"],"imageFiles":["220426/turbovpn-220315/2.17.1.0/Images/ACR-043/ACR-043_Install.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-042/ACR-042_Install.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-084/ACR-084_Software.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-048/ACR-048_Software.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-048/ACR-048_Software_1.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-048/ACR-048_Software_2.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-007/ACR-007_Software.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-118/ACR-118_Uninstall.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-014/ACR-014_InternalOffers.JPG"],"nonDeceptorImageFiles":["220426/turbovpn-220315/2.17.1.0/Images/ACR-045/ACR-045_Install.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-099/ACR-099_Software_No_UninstallInfo.JPG","220426/turbovpn-220315/2.17.1.0/Images/ACR-014/ACR-014_Landingpage.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.17.1.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.17.1.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":652},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its notifications & process completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-123":"The app does not remove an installed root certificate even after uninstall\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages (https://turbovpn.com/home), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"vpnshield_install.exe","isInstaller":"True","companyName":"                                                            ","productName":"vpnshield                                                   ","productVersion":"1.0.0                                             ","fileVersion":"                    ","hashMD5":"7b4f897f3c16309d64f5ec8eef3f7625","hashSHA1":"9ec23f8b39fd9cd1b2106ebb640333c6bcbcab6d","hashSHA256":"61c5e5958bbbc9aebde3110f9a4d749ba435c152ea92b4934acccfd144b7a66f","digitalCertThumbprint":"B57AF0DF869100691424E08388F9BC2A1E3FE783","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"BSD LIMITLESS LTD","storeId":"","sourceIndex":"1672","avBlockList":["360 Total Security (20220426)","Avira Internet Security (20220426)","K7 Total Security (20220426)","Malwarebytes Premium (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Quick Heal Internet Security (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Total AV Antivirus Pro (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)","Windows Defender (20220426)"],"avAllowList":["Avast Premium Security (20220426)","AVG Internet Security (20220426)","Bitdefender Internet Security (20220426)","COMODO Antivirus (20220426)","Dr.Web Security Space (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","Kaspersky Internet Security (20220426)","Tencent PC Manager (20220426)","Trend Micro Internet Security (20220426)","VIPRE Advanced Security (20220426)"]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\ShieldManager.exe","companyName":"ShieldManager","productName":"ShieldManager","productVersion":"1.0.0","fileVersion":"1.0.0.0","hashMD5":"99b972a717c6728c5c863c51d20590ba","hashSHA1":"49b1ec62ecf2b6a1f479aac754fcc04431a948bd","hashSHA256":"f70f8401dbb796702df488df4d1c9ffd7568a735a68e9b1605249ad4f3d811f3","digitalCertThumbprint":"B57AF0DF869100691424E08388F9BC2A1E3FE783","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"BSD LIMITLESS LTD","storeId":"","sourceIndex":"1672","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\ShieldService.exe","companyName":"ShieldService","productName":"ShieldService","productVersion":"1.0.0","fileVersion":"1.0.0.0","hashMD5":"8331134761d0db7b3196280e8fb9c202","hashSHA1":"7fe7f4b5a17dc7aa9969483196dedee7e7512783","hashSHA256":"92997fa0573209c520e9eb35e221b82918d4f570f7489548aa48152a981fa705","digitalCertThumbprint":"B57AF0DF869100691424E08388F9BC2A1E3FE783","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"BSD LIMITLESS LTD","storeId":"","sourceIndex":"1672","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\vpnshield\\vpn_shield.exe","companyName":".","productName":"vpnshield","productVersion":"1.0.0","fileVersion":"1.0.0.2","hashMD5":"c7d27c7a545e589ba02068ea0b034978","hashSHA1":"c13869eb7b4f25cc5634a55e242209f7adcb02f1","hashSHA256":"5158ec26ad6ce18c655ebfe3a3b3c67d561b687d915ce96af378930d8583ccaa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1672","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1672"}],"sampleFiles":[],"imageFiles":["220328/turbovpn-220315/2.16.1.0/Images/ACR-043/ACR-043.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-042/ACR-042.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-084/ACR-084.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-048/ACR-048.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-007/ACR-007.JPG"],"nonDeceptorImageFiles":["220328/turbovpn-220315/2.16.1.0/Images/ACR-045/ACR-045.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-123/ACR-123.JPG","220328/turbovpn-220315/2.16.1.0/Images/ACR-014/ACR-014.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.16.1.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.16.1.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":653},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its notifications & process completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificate.\n\n","ACR-084":"On quitting the app, the application doesn't exit completely. The \"turbo_vpn-service.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificate.\n","ACR-014":"The app misleads by displaying status as \"Exposed'\" on the landing pages (https://turbovpn.com/home), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPNLauncher.exe","companyName":"Innovative Connecting","productName":"TurboVPNLauncher","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"2f4d32a1f28325d0a5202adf114bdc36","hashSHA1":"2b568df3687afb75f9276c7d77b7d23d7656f6b5","hashSHA256":"c10ee2793bb2b2870c645226870ca1e6f952c401573326453413ec02cffe7630","digitalCertThumbprint":"07C3E4BF1A3B117D2C462418A99ED28CD41C7808","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1681","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.16.0.0","fileVersion":"2.16.0.0","hashMD5":"dbe1635622439ea246dbb6c85617dd27","hashSHA1":"0039357bac2029e2a32a9811b59e59695a77fc0a","hashSHA256":"38c187db3dfd098575f61cf0006f51a3c515ab09c2d4f954b5e987f2cb4b822a","digitalCertThumbprint":"07C3E4BF1A3B117D2C462418A99ED28CD41C7808","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"1681","avBlockList":["Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Quick Heal Internet Security (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","Trend Micro Internet Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)","Windows Defender (20240613)"],"avAllowList":["360 Total Security (20240613)","Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","Tencent PC Manager (20220329)","VIPRE Advanced Security (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"1681"}],"sampleFiles":["220316/turbovpn-220315/2.16.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["220316/turbovpn-220315/2.16.0.0/Images/ACR-043/ACR-043_Install_1.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-042/ACR-042_Install_1.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-084/ACR-084_Software_Process.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-007/ACR-007_Software_1.JPG"],"nonDeceptorImageFiles":["220316/turbovpn-220315/2.16.0.0/Images/ACR-045/ACR-045_Install.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-045/ACR-045_Install_1.JPG","220316/turbovpn-220315/2.16.0.0/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.16.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.16.0.0","sigName":"Deceptor:Win32/TurboVPN!043042084048007","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":654},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"1. The app exaggerates issues and raises urgency for the identified issues with the \"Red\" font, thereby misleading or scaring the consumer to take action.\n2. The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall without disclosing relevant info and getting consent from the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG DLL Fixer\\4DDiG DLL Fixer.exe","companyName":"Tenorshare","productName":"DllRepair_4DDIG","productVersion":"1.0.3.7","fileVersion":"1.0.3.7","hashMD5":"f9b943b266643088b8a0243fff195fbd","hashSHA1":"a4195ec3a375217b05e32cfbb5403c5e9622cec5","hashSHA256":"7e46b4e089dacc441da2a21261e4e097dd62816fcf68b5b5303b51b563bb8b41","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"631","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-dll-fixer.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20240520112218","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"2f3216c1302be5245a3fca0d43d93a28","hashSHA1":"6e010707edbf0170d32498dc84381a1ef3b1efa0","hashSHA256":"a5a7ce992f83d639f95181f2102743183100c08fd2c732afb1c3d4d9e090264b","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"631","avBlockList":["Avast Premium Security (20240822)","AVG Internet Security (20240822)","Avira Internet Security (20240822)","Bitdefender Internet Security (20240822)","Dr.Web Security Space (20240822)","ESET Internet Security (20240822)","FortectPremium (20240822)","G DATA INTERNET SECURITY (20240822)","K7 Total Security (20240822)","Malwarebytes Premium (20240822)","Norton Security (20240822)","Panda Dome (20240822)","Quick Heal Internet Security (20240822)","Sophos Home Premium (20240822)","SpyHunter5 (20240822)","Total AV Antivirus Pro (20240822)","VIPRE Advanced Security (20240822)","VirIT eXplorer PRO (20240822)","Webroot SecureAnywhere (20240822)","Windows Defender (20240822)"],"avAllowList":["360 Total Security (20240822)","COMODO Antivirus (20240822)","Kaspersky Internet Security (20240723)","McAfee Total Protection (20240822)","Trend Micro Internet Security (20240822)","KasperskyPremium (20240822)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt of 4ddig apps","reference":"","landingPage":"https://www.4ddig.net/dll-fixer.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","sourceIndex":"631"}],"sampleFiles":["240604/4DDiGDLLFixer-240315/1.0.3.7/Samples/4ddig-dll-fixer.exe"],"imageFiles":["240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-046/ACR-046.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-046/ACR-046_1.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-048/ACR-048.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-004/ACR-004.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-004/ACR-004_1.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-004/ACR-004_2.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-097/ACR-097.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-097/ACR-097_1.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-040/ACR-040.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-123/ACR-123.PNG","240604/4DDiGDLLFixer-240315/1.0.3.7/Images/ACR-123/ACR-123_1.PNG"],"guid":"e95cf1ae-cea2-4fdf-a65e-9b3811efa912_1.0.3.7_1","appID":"4DDiGDLLFixer-240315","dateAdded":"240604","deceptorType":"App","name":"4DDiG DLL Fixer","company":"Tenorshare Co., Ltd.","version":"1.0.3.7","lastKnownStatus":"1.0.0.12;1.0.2.3;1.0.3.7","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T19:02:01.2032134+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":655},{"violations":{"ACR-046":"Collecting data via \"Participate in customer experience improvement plan\" is checked by default and not visible to the user by default. No relevant disclosure of what data it collects.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"1. The app exaggerates issues and raises urgency for the identified issues with the \"Red\" font, thereby misleading or scaring the consumer to take action.\n2. The application doesn't provide a free fix (recovery) instead offering a subscription that the user needs to pay to fix it.\n","ACR-097":"The app adds an exception for Windows firewall to lower default default system security posture without disclosing relevant info and get consent from user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops some of its components in a hidden folder.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tenorshare\\4DDiG DLL Fixer\\4DDiG DLL Fixer.exe","companyName":"Tenorshare","productName":"DllRepair_4DDIG","productVersion":"1.0.2.3","fileVersion":"1.0.2.3","hashMD5":"14749cd389bc9a4d5fa5d712fe895be1","hashSHA1":"c28ffd4042c5bb63013e8d8b8111e191267a94ef","hashSHA256":"8d311e80249898706c0898e92c3b71dbaa0c7a4887c4d2a89440e0293b4d73ee","digitalCertThumbprint":"2ECF0B0A0DE08C92DB144D11E6F3DC42DD0D0E13","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare (Hongkong) Limited","storeId":"","sourceIndex":"649","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"4ddig-dll-fixer.exe","isInstaller":"True","companyName":"Tenorshare Co. Ltd.","productName":"20240112175350","productVersion":"2.7.11.0","fileVersion":"2.7.11.0","hashMD5":"70407233e32cda7de35aa5110938ec90","hashSHA1":"be6b24c27573132be7382cbad4f732a355caa2b4","hashSHA256":"50909be4da07c6e0d2592569510d82da02c8d58a5bce14599221913fd58d9a91","digitalCertThumbprint":"59FECDA87C479A14A82E3EF696F9E6A9002A3752","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tenorshare Co. Ltd.","storeId":"","sourceIndex":"649","avBlockList":["Avast Premium Security (20240815)","AVG Internet Security (20240815)","Avira Internet Security (20240815)","Bitdefender Internet Security (20240815)","Dr.Web Security Space (20240815)","ESET Internet Security (20240815)","G DATA INTERNET SECURITY (20240815)","K7 Total Security (20240815)","Malwarebytes Premium (20240815)","Norton Security (20240815)","Panda Dome (20240815)","Sophos Home Premium (20240815)","SpyHunter5 (20240815)","Total AV Antivirus Pro (20240815)","VIPRE Advanced Security (20240815)","VirIT eXplorer PRO (20240815)","Webroot SecureAnywhere (20240815)","Windows Defender (20240815)","FortectPremium (20240815)"],"avAllowList":["360 Total Security (20240815)","COMODO Antivirus (20240815)","Kaspersky Internet Security (20240530)","McAfee Total Protection (20240815)","Quick Heal Internet Security (20240815)","Trend Micro Internet Security (20240815)","KasperskyPremium (20240815)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.4ddig.net/dll-fixer.html","directDownloadingLink":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.net/downloads/4ddig-dll-fixer_8122.exe","sourceIndex":"649"}],"sampleFiles":["240429/4DDiGDLLFixer-240315/1.0.2.3/Samples/4ddig-dll-fixer.exe"],"imageFiles":["240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-046/ACR-046.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-046/ACR-046_1.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-048/ACR-048.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-004/ACR-004.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-004/ACR-004_1.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-004/ACR-004_2.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-097/ACR-097.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-040/ACR-040.PNG","240429/4DDiGDLLFixer-240315/1.0.2.3/Images/ACR-123/ACR-123.PNG"],"guid":"e95cf1ae-cea2-4fdf-a65e-9b3811efa912_1.0.2.3_1","appID":"4DDiGDLLFixer-240315","dateAdded":"240604","deceptorType":"App","name":"4DDiG DLL Fixer","company":"Tenorshare Co., Ltd.","version":"1.0.2.3","lastKnownStatus":"1.0.0.12;1.0.2.3;1.0.3.7","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":656},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process & notifications completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove the installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove the installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.25.0.0","fileVersion":"2.25.0.0","hashMD5":"7f60818481d91137e498d420fa238c6d","hashSHA1":"3fa415ac3788a05e6951abebecb034882811fc4e","hashSHA256":"9f4a5f0ffdb8f675aeb9e233a675a9c9d671e3868657e2d08b140766ee9a9859","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"3e79008493e96c678fc401b2bcc6adaf","hashSHA1":"ea631176ffa788f920c31ae0c660a6e4918aec66","hashSHA256":"586ce02e1ceb31854b92159f2cae72e4e6974a119601c02dbb8413ecf37510f2","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.25.0.0","fileVersion":"2.25.0.0","hashMD5":"6b455956e8c87fd866e504345887c4fb","hashSHA1":"f5901eecd570a2923450685f8404fd7dc7495a21","hashSHA256":"7939ea7d99b58a9611faedb8a6551339e6659e9898e1836bc9f8818335d326c9","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"651","avBlockList":["Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["360 Total Security (20240604)","Bitdefender Internet Security (20240604)","COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"651"}],"sampleFiles":["240429/turbovpn-220315/2.25.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["240429/turbovpn-220315/2.25.0.0/Images/ACR-043/ACR-043.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-042/ACR-042.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-084/ACR-084.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-048/ACR-048.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-048/ACR-048_1.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-007/ACR-007.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240429/turbovpn-220315/2.25.0.0/Images/ACR-045/ACR-045.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-123/ACR-123.PNG","240429/turbovpn-220315/2.25.0.0/Images/ACR-014/ACR-014.PNG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.25.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.25.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2024-06-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":644},{"violations":{"ACR-042":"The app installs Trusted Root Certificates without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificates that are installed and the potential risk introduced to the user system after its installation.\n","ACR-048":"The app does not provide control to remove its process completely within the app settings\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trusted root certificates\n","ACR-084":"On quitting the app, the application doesn't exit completely. Process run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The app does not remove the installed root certificates even after uninstalling.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly what effect it causes on the user's system by installing a Trusted Root certificates\n","ACR-123":"The app does not remove the installed root certificates even after uninstalling\n","ACR-014":"The app misleads by displaying the status as \"Exposed\" on the landing pages (https://turbovpn.com/download/windows), even though another VPN (ExpressVPN) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\TurboVPN.exe","companyName":"inovative Connecting","productName":"TurboVPN","productVersion":"2.26.0.0","fileVersion":"2.26.0.0","hashMD5":"781ae32e7d42865284b8a21e83e7fedd","hashSHA1":"7b51184832c98699cbf28af1979eadefbd706ea3","hashSHA256":"cb8f3977c6137d48557e530fd05887c23ab68e7a1aedec02166dae5fa8e00f45","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"632","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboVPN\\turbo_vpn-service.exe","companyName":"Innovative Connecting","productName":"turbo_vpn-service","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"cba8718cf01a7d489d00695bed5011f6","hashSHA1":"63a7be85a2d82b29bfeb9ef3b1ca200074a21646","hashSHA256":"f60c1a3ad6152061a8c2921d5a5cd925ca64f88892dcc632571ccd753f1dea61","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"632","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TurboVPN_setup.exe","isInstaller":"True","companyName":"Innovative Connecting","productName":"TurboVPN","productVersion":"2.26.0.0","fileVersion":"2.26.0.0","hashMD5":"df96bc092b1ab5a0408d6e9f1a73b040","hashSHA1":"213aca467554c527f844c7cb733ab6cd2e1cdc62","hashSHA256":"82d36ec0f74ba240259122268de8ecb4374d82af78406dfa4bd99318a17599f1","digitalCertThumbprint":"C0B0B6871F4782604BBD883A073592B24AECF707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"INNOVATIVE CONNECTING PTE. LIMITED","storeId":"","sourceIndex":"632","avBlockList":["Avast Premium Security (20240822)","AVG Internet Security (20240822)","Avira Internet Security (20240822)","ESET Internet Security (20240822)","FortectPremium (20240822)","G DATA INTERNET SECURITY (20240822)","Malwarebytes Premium (20240822)","Norton Security (20240822)","Panda Dome (20240822)","Quick Heal Internet Security (20240822)","Sophos Home Premium (20240822)","SpyHunter5 (20240822)","Total AV Antivirus Pro (20240822)","VirIT eXplorer PRO (20240822)","Webroot SecureAnywhere (20240822)"],"avAllowList":["360 Total Security (20240822)","Bitdefender Internet Security (20240822)","COMODO Antivirus (20240822)","Dr.Web Security Space (20240822)","K7 Total Security (20240822)","KasperskyPremium (20240822)","McAfee Total Protection (20240822)","Trend Micro Internet Security (20240822)","VIPRE Advanced Security (20240822)","Windows Defender (20240822)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN apps","reference":"","landingPage":"https://turbovpn.com/download/windows","directDownloadingLink":"https://turbovpn.com/download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turbovpn.com/download/windows","sourceIndex":"632"}],"sampleFiles":["240604/turbovpn-220315/2.26.0.0/Samples/TurboVPN_setup.exe"],"imageFiles":["240604/turbovpn-220315/2.26.0.0/Images/ACR-043/ACR-043.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-042/ACR-042.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-084/ACR-084.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-048/ACR-048.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-048/ACR-048_1.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-007/ACR-007.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-118/ACR-118.PNG"],"nonDeceptorImageFiles":["240604/turbovpn-220315/2.26.0.0/Images/ACR-045/ACR-045.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-123/ACR-123.PNG","240604/turbovpn-220315/2.26.0.0/Images/ACR-014/ACR-014.PNG"],"guid":"fd6c576f-8e1d-470a-9dc6-14d3207f10a7_2.26.0.0_1","appID":"turbovpn-220315","dateAdded":"240604","deceptorType":"App","name":"Turbo VPN","company":"INNOVATIVE CONNECTING PTE","version":"2.26.0.0","lastKnownStatus":"2.16.0.0;2.16.1.0;2.17.1.0;2.18.0.0;2.19.0.0;2.20.0.0;2.21.0.0;2.22.0.0;2.23.0.0;2.24.0;2.25.0;2.26.0.0","lastKnownDate":"240604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2024-06-04T18:42:07.2183488+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":12,"sortOrder":643},{"violations":{"ACR-046":"\"Agree to participate in the Customer Experience Improvement Program\" is checked by default and hidden under custom installation, which requires the user to expend it to see the details.\n","ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 1GB of data. Instead it requires a paid license to completely recover files shown.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pdr-free-online.exe","isInstaller":"True","companyName":"MiniTool Software Limited","fileVersion":"11.9","hashMD5":"0bcb66efb733670805f654d8a337d7cf","hashSHA1":"a6d09d8249b30cd94e9c95f387681eb03ade47ac","hashSHA256":"940cbe93151ceb3803b20761b6d2c585d5fc8b7ab5d3a653650baf869216f9be","digitalCertThumbprint":"66D0676C92147E6EE17CE0DD252AD52C796512EB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=MiniTool Software Limited, O=MiniTool Software Limited, L=Tsim Sha Tsui, C=HK","sourceIndex":"635","avBlockList":["Avast Premium Security (20240801)","AVG Internet Security (20240801)","Avira Internet Security (20240801)","ESET Internet Security (20240801)","K7 Total Security (20240801)","Malwarebytes Premium (20240801)","Norton Security (20240801)","Panda Dome (20240801)","Sophos Home Premium (20240801)","SpyHunter5 (20240801)","Total AV Antivirus Pro (20240801)","VirIT eXplorer PRO (20240801)","Webroot SecureAnywhere (20240801)","Windows Defender (20240801)","FortectPremium (20240801)"],"avAllowList":["360 Total Security (20240801)","Bitdefender Internet Security (20240801)","COMODO Antivirus (20240801)","Dr.Web Security Space (20240801)","G DATA INTERNET SECURITY (20240801)","Kaspersky Internet Security (20240702)","McAfee Total Protection (20240801)","Quick Heal Internet Security (20240801)","Trend Micro Internet Security (20240801)","VIPRE Advanced Security (20240801)"]},{"isRevoked":"False","fileName":"powerdatarecovery.exe","companyName":"MiniTool Software Limited","fileVersion":"11.9","hashMD5":"a09562105fd90d57427be05fe767820f","hashSHA1":"a0683176e6b2249271955b1df9bf0d9977ccbfe9","hashSHA256":"3effffbec99b89998fd3c904026bbaf639a3a85f83a5ce0738d218df2783c8b8","digitalCertThumbprint":"66D0676C92147E6EE17CE0DD252AD52C796512EB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=MiniTool Software Limited, O=MiniTool Software Limited, L=Tsim Sha Tsui, C=HK","sourceIndex":"635","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.minitool.com/data-recovery-software/?utm_source=minitool.com&utm_medium=redirection&utm_campaign=home-banner","directDownloadingLink":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","sourceIndex":"635"},{"howFound":"follow-up search for new version","reference":"","landingPage":"https://www.minitool.com/data-recovery-software/free-for-windows.html","directDownloadingLink":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","ipv4":"","ipv6":"","sourceIndex":"636"}],"sampleFiles":["240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Samples/pdr-free-online.exe","240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Samples/PowerDataRecovery.exe"],"imageFiles":["240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Images/ACR-046/ACR46.png","240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Images/ACR-004/ACR4.png","240522/MiniToolPowerDataRecovery-240328/11.9.0.0/Images/ACR-004/ACR4_2.png"],"nonDeceptorImageFiles":[],"guid":"e52198d7-1241-4253-9129-5a01fd6d3341_11.9.0.0_1","appID":"MiniToolPowerDataRecovery-240328","dateAdded":"240522","deceptorType":"App","name":"MiniTool Power Data Recovery","company":"MiniTool Software Limited","version":"11.9.0.0","firstVendorContactDate":"240329","lastKnownStatus":"11.8.0.0;11.9.0.0","lastKnownDate":"240522","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,paid","lastUpdate":"2024-05-22T21:12:21.4525738+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":658},{"violations":{"ACR-046":"\"Agree to participate in the Customer Experience Improvement Program\" is checked by default and hidden under custom installation, which requires the user to expend it to see the details.\n","ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover up to 1GB of data. Instead it offers subscription payment to completely recover files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pdr-free-online.exe","isInstaller":"True","companyName":"MiniTool Software Limited","fileVersion":"11.8","hashMD5":"df191b37555f4389eb47268fe34fc59f","hashSHA1":"195b69cba70ab39c25dc172430a36c172f6218b8","hashSHA256":"feaa37241fff48ea74c3f431a64d8b9913df7dca177d42dc1c87278484c51d56","digitalCertThumbprint":"21A6610A7729E2569C20DBF8C27C27E709E4680E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=MiniTool Software Limited, O=MiniTool Software Limited, STREET=\"Suite 820, 8 Floor, Ocean Centre\", STREET=\"Harbour City, 5 Canton Road, Tsim Sha Tsui\", STREET=Kowloon, L=Hong Kong, C=HK","sourceIndex":"667","avBlockList":["Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Malwarebytes Premium (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)"],"avAllowList":["360 Total Security (20240613)","Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","McAfee Total Protection (20240613)","Quick Heal Internet Security (20240613)","Trend Micro Internet Security (20240613)","VIPRE Advanced Security (20240613)","Windows Defender (20240613)"]},{"isRevoked":"False","fileName":"powerdatarecovery.exe","companyName":"MiniTool Software Limited","fileVersion":"11.8","hashMD5":"1ccb532dbc66f845ba02453f37448123","hashSHA1":"cbbb7292246631a524053277948275cba49c96e8","hashSHA256":"223103d81b02216d1e1d547b1b11d4733e7040d10fbea204d513d3833f40c895","digitalCertThumbprint":"21A6610A7729E2569C20DBF8C27C27E709E4680E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=MiniTool Software Limited, O=MiniTool Software Limited, STREET=\"Suite 820, 8 Floor, Ocean Centre\", STREET=\"Harbour City, 5 Canton Road, Tsim Sha Tsui\", STREET=Kowloon, L=Hong Kong, C=HK","sourceIndex":"667","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.minitool.com/data-recovery-software/?utm_source=minitool.com&utm_medium=redirection&utm_campaign=home-banner","directDownloadingLink":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn2.minitool.com/?p=pdr&e=pdr-free","sourceIndex":"667"}],"sampleFiles":["240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Samples/pdr-free-online.exe","240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Samples/PowerDataRecovery.exe"],"imageFiles":["240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Images/ACR-046/ACR-046_Install_1.png","240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Images/ACR-004/ACR-004_Software_1.png","240329/MiniToolPowerDataRecovery-240328/11.8.0.0/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"e52198d7-1241-4253-9129-5a01fd6d3341_11.8.0.0_1","appID":"MiniToolPowerDataRecovery-240328","dateAdded":"240522","deceptorType":"App","name":"MiniTool Power Data Recovery","company":"MiniTool Software Limited","version":"11.8.0.0","firstVendorContactDate":"240329","lastKnownStatus":"11.8.0.0;11.9.0.0","lastKnownDate":"240522","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,paid","lastUpdate":"2024-05-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":659},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"Application doesn't provide free fix (recovery) for all the items identified by the scan, instead requiring the user to pay for a subscription to complete the recovery.\n"},"nonDeceptorViolations":{"ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"drw_free_installer.153.exe","isInstaller":"True","fileVersion":"18.0","hashMD5":"6e3bc255dc7b79e452c66610c741eb95","hashSHA1":"972d9adbec19dd1277b4329fa13641847ca18c87","hashSHA256":"bdb74a31956e7c2ce7a3c6344ac7265d84b735c1038a390168f01d6d9fa43b3a","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CHENGDU YIWO Tech Development Co., Ltd.\", O=\"CHENGDU YIWO Tech Development Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510107765360104N, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=武侯区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"588","avBlockList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Quick Heal Internet Security (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","Trend Micro Internet Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)","Windows Defender (20240613)"],"avAllowList":["Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","VIPRE Advanced Security (20240613)"]},{"isRevoked":"False","fileName":"DRW.exe","companyName":"CHENGDU YIWO Tech Development Co., Ltd","fileVersion":"18.0","hashMD5":"5b767d70b7a16801ee1045a7858f8f13","hashSHA1":"2d03632788ec7865b66fbbed970f2ae7c85cebe5","hashSHA256":"548299e700d58d443a76d31118333e263afd74e851778d52255b2e667540caa5","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"CHENGDU YIWO Tech Development Co., Ltd.\", O=\"CHENGDU YIWO Tech Development Co., Ltd.\", L=成都市, S=四川省, C=CN, SERIALNUMBER=91510107765360104N, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=武侯区, OID.1.3.6.1.4.1.311.60.2.1.2=四川省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"588","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Data recovery","landingPage":"https://www.easeus.com/datarecoverywizard/free-data-recovery-software.htm","directDownloadingLink":"https://down.easeus.com/product/drw_free?ref=%2Fdatarecoverywizard%2Ffree-data-recovery-software.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.easeus.com/product/drw_free?ref=%2Fdatarecoverywizard%2Ffree-data-recovery-software.htm","sourceIndex":"588"}],"sampleFiles":["240522/EaseUSDataRecovery-240228/18.0.0.0/Samples/drw_free_installer.17163965532645b153.exe","240522/EaseUSDataRecovery-240228/18.0.0.0/Samples/DRW.exe"],"imageFiles":["240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-048/ACR48.png","240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-004/ACR4.png","240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-004/ACR4_2.png","240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-004/ACR4_3.png"],"nonDeceptorImageFiles":["240522/EaseUSDataRecovery-240228/18.0.0.0/Images/ACR-123/ACR123.png"],"guid":"bdb1f2da-698b-4798-b34a-3c7ed0b1d24b_18.0.0.0_1","appID":"EaseUSDataRecovery-240228","dateAdded":"240522","deceptorType":"App","name":"EaseUS Data Recovery","company":"EaseUS","version":"18.0.0.0","firstVendorContactDate":"240424","firstAppEsteemReplyDate":"240424","firstResolvedDate":"240722","firstResolvedVersion":"18.0.0(build 20240508)","resolved":"TRUE","lastKnownStatus":"17.0.0.0;18.0.0.0","lastKnownDate":"240722","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-07-22T20:11:07.7310224+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":660},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-004":"Application doesn't provide free fix (recovery) for all the items reported can be recovered  instead offering subscription that user need to pay to fix it. \n"},"nonDeceptorViolations":{"ACR-065":"The EULA in the installation prompt throws a 403 error.\n","ACR-123":"Even after a reboot and uninstall, the application did not remove itself from the firewall exception that was added during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\EaseUS\\EaseUS Data Recovery Wizard\\DRW.exe","companyName":"CHENGDU YIWO Tech Development Co. Ltd","productName":"EaseUS Data Recovery Wizard","productVersion":"17.0.0.0","fileVersion":"17.0.0.0","hashMD5":"3a7e4768cdb1d9c03cae07412c70a36e","hashSHA1":"d053e46d0c73a418c466e8d9d5570dc1594b33c0","hashSHA256":"e040bed95246037ede1f71d13292b28e8e54e6aeadd38885a342c14ddd9970f7","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"CHENGDU YIWO Tech Development Co. Ltd.","storeId":"","sourceIndex":"652","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\EaseUS\\EaseUS Data Recovery Wizard\\DRWUI.exe","companyName":"CHENGDU YIWO Tech Development Co. Ltd","productName":"EaseUS Data Recovery Wizard","productVersion":"17.0.0.0","fileVersion":"17.0.0.0","hashMD5":"3050b5e9a9016b66217ca2fa75a9385f","hashSHA1":"0d2ae0eb16f67e60a0fe54d1c6667b50b684e04b","hashSHA256":"c775ad51db4ca1db729fa9796e4d56dce7d87b3912f65cef694c37a4fd78dd69","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"CHENGDU YIWO Tech Development Co. Ltd.","storeId":"","sourceIndex":"652","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"drw_google_trial_installer.17091445141982b581648a9283860.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"789e380fb028eae5575b11abf440d4cd","hashSHA1":"b37e989e4f185d8606b6f66494f816a4278c5bee","hashSHA256":"8f6a60dbc178b95d6099fe381fa21e0f22f1ea4bb5ef77b2253848a2a191a44d","digitalCertThumbprint":"E044E920D56ECE15D7A21DD058651A3F2166CFD6","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"CHENGDU YIWO Tech Development Co. Ltd.","storeId":"","sourceIndex":"652","avBlockList":["Avast Premium Security (20240625)","AVG Internet Security (20240625)","COMODO Antivirus (20240625)","ESET Internet Security (20240625)","K7 Total Security (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","VirIT eXplorer PRO (20240625)"],"avAllowList":["360 Total Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","Dr.Web Security Space (20240625)","G DATA INTERNET SECURITY (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","Webroot SecureAnywhere (20240625)","Windows Defender (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"Data recovery","landingPage":"https://www.easeus.com/datarecoverywizard/free-data-recovery-software.htm","directDownloadingLink":"https://down.easeus.com/product/drw_free?ref=%2Fdatarecoverywizard%2Ffree-data-recovery-software.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.easeus.com/product/drw_free?ref=%2Fdatarecoverywizard%2Ffree-data-recovery-software.htm","sourceIndex":"652"}],"sampleFiles":["240301/EaseUSDataRecovery-240228/17.0.0.0/Samples/drw_google_trial_installer.17091445141982b581648a9283860.exe"],"imageFiles":["240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-048/ACR-048.PNG","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-004/ACR-004.PNG","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-004/ACR-004_1.PNG","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-004/ACR-004_Software_1.png","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-004/ACR-004_Software_2.png"],"nonDeceptorImageFiles":["240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-065/1- installre.PNG","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-065/ACR-065_Install_1.png","240301/EaseUSDataRecovery-240228/17.0.0.0/Images/ACR-123/ACR-123.PNG"],"guid":"bdb1f2da-698b-4798-b34a-3c7ed0b1d24b_17.0.0.0_1","appID":"EaseUSDataRecovery-240228","dateAdded":"240522","deceptorType":"App","name":"EaseUS Data Recovery","company":"EaseUS","version":"17.0.0.0","firstVendorContactDate":"240424","firstAppEsteemReplyDate":"240424","firstResolvedDate":"240722","firstResolvedVersion":"18.0.0(build 20240508)","resolved":"TRUE","lastKnownStatus":"17.0.0.0;18.0.0.0","lastKnownDate":"240722","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":661},{"violations":{"ACR-046":"\"Make Opera the default browser\" and collection of usage information are prechecked and not visible by default and can be viewed only once Options is clicked.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-014":"The \"Accept and Install\" button is misleading because it makes users think that clicking it only installs Opera Browser, not changes user's default browser settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OperaSetup.exe","isInstaller":"True","companyName":"Opera Software","fileVersion":"109.0","hashMD5":"b9398c871197a7da75e9e8058193e1c0","hashSHA1":"e4ddc7afdb1d8e2fcdc42ca593ce9cd7f3675393","hashSHA256":"f368f068e386213ac7f9510034a3afa21df8fc7102d8ffc295f2ee390f3b0cd6","digitalCertThumbprint":"DF5FD715A2B5AC4E29249B51B3A331F1E44214C3","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Opera Norway AS, O=Opera Norway AS, L=Oslo, S=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"215","avBlockList":["K7 Total Security (20240530)","Norton Security (20240530)","Sophos Home Premium (20240530)","SpyHunter5 (20240530)","Webroot SecureAnywhere (20240530)"],"avAllowList":["360 Total Security (20240530)","Avast Premium Security (20240530)","AVG Internet Security (20240530)","Avira Internet Security (20240530)","Bitdefender Internet Security (20240530)","COMODO Antivirus (20240530)","Dr.Web Security Space (20240530)","ESET Internet Security (20240530)","G DATA INTERNET SECURITY (20240530)","Kaspersky Internet Security (20240530)","Malwarebytes Premium (20240530)","McAfee Total Protection (20240530)","Panda Dome (20240530)","Quick Heal Internet Security (20240530)","Total AV Antivirus Pro (20240530)","Trend Micro Internet Security (20240530)","VIPRE Advanced Security (20240530)","VirIT eXplorer PRO (20240530)","Windows Defender (20240530)"]}],"additionalFiles":[],"sources":[{"howFound":"AVTest results","reference":"","landingPage":"https://www.opera.com","directDownloadingLink":"https://www.opera.com/computer/thanks?ni=stable&os=windows","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.opera.com/computer/thanks?ni=stable&os=windows","sourceIndex":"215"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://net.geo.opera.com/opera/stable/windows?utm_source=%28direct%29&utm_medium=doc&utm_campaign=%28direct%29&http_referrer=missing&utm_site=opera_com&dl_token=36279068","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://net.geo.opera.com/opera/stable/windows?utm_source=%28direct%29&utm_medium=doc&utm_campaign=%28direct%29&http_referrer=missing&utm_site=opera_com&dl_token=36279068","sourceIndex":"216"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://www.opera.com/partner?utm_medium=pb&utm_source=softonic&utm_campaign=search","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.opera.com/partner?utm_medium=pb&utm_source=softonic&utm_campaign=search","sourceIndex":"217"}],"sampleFiles":["240516/operabrowser-220312/110.0.5130.23/Samples/OperaSetup.exe"],"imageFiles":["240516/operabrowser-220312/110.0.5130.23/Images/ACR-046/ACR-046_Install_1.png","240516/operabrowser-220312/110.0.5130.23/Images/ACR-048/ACR-048_Install_1.png","240516/operabrowser-220312/110.0.5130.23/Images/ACR-014/ACR-014_Install_1.png","240516/operabrowser-220312/110.0.5130.23/Images/ACR-014/ACR-014_Install_2.png"],"nonDeceptorImageFiles":[],"guid":"6f184b05-be22-465a-aa3a-35ffe84afffb_110.0.5130.23_1","appID":"operabrowser-220312","dateAdded":"240516","deceptorType":"App","name":"Opera Browser","company":"Opera Software","version":"110.0.5130.23","firstVendorContactDate":"250424","firstAppEsteemReplyDate":"250424","firstResolvedDate":"250424","firstResolvedVersion":"118.0.5461.60","resolved":"TRUE","lastKnownStatus":"110.0.5130.23","lastKnownDate":"240516","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,search","lastUpdate":"2025-04-25T01:33:24.032378+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":662},{"violations":{"ACR-047":"The BrightVPN  offer is prompted every time the user start to relaunch the app that has been previously declined. \n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-013":"During launching the application, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":" The Offer is not clearly marked as an Optional Offer.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"ViberSetup.exe","isInstaller":"True","companyName":"2010-2024 Viber Media S.a.r.l","productName":"Viber","productVersion":"22.6.1.0","fileVersion":"22.6.1.0","hashMD5":"ddaee89210068bcce82032a8a01c410b","hashSHA1":"91c146190cf2a357e872d2050deb13951358c8ab","hashSHA256":"0659a4d52863d9bad8542d2c349d21c8ed7c4aa110eb8ecc3a92b30a397875b1","digitalCertThumbprint":"903A30BDB94A424F30D95B5F614CA6FB4790B70B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Viber Media S.a r.l.","storeId":"","sourceIndex":"613","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"613"}],"sampleFiles":["240515/Viber-220602/22.6.1.0/Samples/ViberSetup.exe"],"imageFiles":["240515/Viber-220602/22.6.1.0/Images/ACR-048/ACR-048.PNG","240515/Viber-220602/22.6.1.0/Images/ACR-059/ACR-059.PNG","240515/Viber-220602/22.6.1.0/Images/ACR-060/ACR-060.PNG","240515/Viber-220602/22.6.1.0/Images/ACR-047/ACR-047.PNG","240515/Viber-220602/22.6.1.0/Images/ACR-013/ACR-013.PNG"],"nonDeceptorImageFiles":["240515/Viber-220602/22.6.1.0/Images/ACR-040/ACR-040.PNG"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_22.6.1.0_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"22.6.1.0","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T07:14:54.6408876+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":663},{"violations":{"ACR-047":"The BrightVPN  offer is prompted every time the user start to relaunch the app that has been previously declined. \n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-013":"During launching the application, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":" The Offer is not clearly marked as an Optional Offer.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"Viber.exe","isInstaller":"True","companyName":"Viber Media S.à r.l.","fileVersion":"22.5","hashMD5":"8dff8efb854d88fad5a741843ef4ade0","hashSHA1":"79b6c740bef2ccffb17e88d67e93e33671f9fec3","hashSHA256":"9ebae8c6020cd417b05cd2be473acdcbb48a5cb7755005dacc4219c8a7ec85c5","digitalCertThumbprint":"903A30BDB94A424F30D95B5F614CA6FB4790B70B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Viber Media S.a r.l., O=Viber Media S.a r.l., L=Luxembourg, C=LU, SERIALNUMBER=B184956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LU","sourceIndex":"646","avBlockList":["Norton Security (20240604)","SpyHunter5 (20240604)","VirIT eXplorer PRO (20240604)"],"avAllowList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Kaspersky Internet Security (20240604)","Malwarebytes Premium (20240604)","McAfee Total Protection (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Webroot SecureAnywhere (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"646"}],"sampleFiles":["240429/Viber-220602/22.5.0.1/Samples/Viber.exe"],"imageFiles":["240429/Viber-220602/22.5.0.1/Images/ACR-048/ACR-048.PNG","240429/Viber-220602/22.5.0.1/Images/ACR-059/ACR-059.PNG","240429/Viber-220602/22.5.0.1/Images/ACR-060/ACR-060.PNG","240429/Viber-220602/22.5.0.1/Images/ACR-047/ACR-047.PNG","240429/Viber-220602/22.5.0.1/Images/ACR-013/ACR-013.PNG"],"nonDeceptorImageFiles":["240429/Viber-220602/22.5.0.1/Images/ACR-040/ACR-040.PNG"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_22.5.0.1_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"22.5.0.1","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":664},{"violations":{"ACR-042":"Open source project \"QT6\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"QT6\" is installed without any disclosure in EULA. \n","ACR-047":"The BrightVPN  offer is prompted every time the user start to relaunch the app that has been previously declined. \n","ACR-107":"The app does not disclose relevant license information about 'QT6'.\n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-013":"During launching the application, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-059":" The Offer is not clearly marked as an Optional Offer.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"ViberSetup.exe","isInstaller":"True","companyName":"2010-2024 Viber Media S.a.r.l","productName":"Viber","productVersion":"22.3.0.0","fileVersion":"22.3.0.0","hashMD5":"0f42aab067053d84043ba02ebb932811","hashSHA1":"abf1d8e52a7c539647fd7d3b8658cf485c7df443","hashSHA256":"8a7ee635d9bd503ee09cc3efe7e440fbf2aa8b09944388523caf84633983c4fc","digitalCertThumbprint":"EF8D3430DA3BE4F0E1A10BA54A80E2B011DBB6D9","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Viber Media S.a r.l.","storeId":"","sourceIndex":"665","avBlockList":["COMODO Antivirus (20240521)","Norton Security (20240521)","SpyHunter5 (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)"],"avAllowList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","Total AV Antivirus Pro (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)","Windows Defender (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"665"}],"sampleFiles":["240401/Viber-220602/22.3.0.0/Samples/ViberSetup.exe"],"imageFiles":["240401/Viber-220602/22.3.0.0/Images/ACR-043/ACR-043.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-107/ACR-107.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-042/ACR-042.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-048/ACR-048_Install.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-059/ACR-059.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-060/ACR-060.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-047/ACR-047.PNG","240401/Viber-220602/22.3.0.0/Images/ACR-013/ACR-013.PNG"],"nonDeceptorImageFiles":["240401/Viber-220602/22.3.0.0/Images/ACR-040/ACR-040.PNG"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_22.3.0.0_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"22.3.0.0","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":665},{"violations":{"ACR-042":"Open source project \"QT6\" is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"QT6\" is installed without any disclosure in EULA. \n","ACR-047":"The BrightVPN  offer is prompted every time the user start to relaunch the app that has been previously declined. \n","ACR-107":"The app does not disclose relevant license information about 'QT6'.\n","ACR-048":"The app does not provide control to cancel the installation process.\n","ACR-013":"During launching the application, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-059":" The Offer is not clearly marked as an Optional Offer.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"ViberSetup.exe","isInstaller":"True","companyName":"2010-2023 Viber Media S.a.r.l","fileVersion":"21.0","hashMD5":"df77cf5b1f9c7ac62be33fce601cbe2e","hashSHA1":"48cf8012aa206c5b1a6f556e2cbd7c584fead3a9","hashSHA256":"c237902a7a5454cae6d52bbc5df0c19e3a7cd3e89c78737158ad30e8b1dbec18","digitalCertThumbprint":"0FB8028E56E7BDEE0B66B962FA9539E50C5C3544","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Viber Media S.à r.l., O=Viber Media S.à r.l., S=Luxembourg, C=LU","sourceIndex":"894","avBlockList":["Norton Security (20240411)","Panda Dome (20240411)","Sophos Home Premium (20240411)","SpyHunter5 (20240411)","VirIT eXplorer PRO (20240411)","Webroot SecureAnywhere (20240411)"],"avAllowList":["360 Total Security (20240411)","Avast Premium Security (20240411)","AVG Internet Security (20240411)","Avira Internet Security (20240411)","Bitdefender Internet Security (20240411)","COMODO Antivirus (20240411)","Dr.Web Security Space (20240411)","ESET Internet Security (20240411)","G DATA INTERNET SECURITY (20240411)","K7 Total Security (20240411)","Kaspersky Internet Security (20240411)","Malwarebytes Premium (20240411)","McAfee Total Protection (20240411)","Quick Heal Internet Security (20240411)","Total AV Antivirus Pro (20240411)","Trend Micro Internet Security (20240411)","VIPRE Advanced Security (20240411)","Windows Defender (20240411)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"894"}],"sampleFiles":["230925/Viber-220602/21.0.0.0/Samples/ViberSetup.exe"],"imageFiles":["230925/Viber-220602/21.0.0.0/Images/ACR-043/ACR-040.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-107/ACR-040.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-042/ACR-040.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-048/Installation.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-059/BtightVPNOffer.jpg","230925/Viber-220602/21.0.0.0/Images/ACR-047/ACR-047_Bundler-made offers_1.png","230925/Viber-220602/21.0.0.0/Images/ACR-013/ACR-013_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["230925/Viber-220602/21.0.0.0/Images/ACR-040/ACR-040.jpg"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_21.0.0.0_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"21.0.0.0","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":666},{"violations":{"ACR-042":"1. The \"AVAST\" component gets dropped before the user attempts to accept the offer.\n2. Open source project \"QT6\" is installed without any disclosure in EULA.\n","ACR-043":"1. The \"AVAST\" component gets dropped before the user attempts to accept the offer.\n2. Open source project \"QT6\" is installed without any disclosure in EULA. \n","ACR-047":"The \"AVAST\" offer is prompted every time the user attempts to exit and relaunch the app that has been previously declined. \n","ACR-107":"The app does not disclose relevant license information about 'QT6'.\n","ACR-048":"The app does not provide control to cancel the installation process.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in a hidden path(C:\\Users\\User\\AppData\\Local\\) without the user's knowledge. \n"},"samples":[{"isRevoked":"False","fileName":"ViberSetup.exe","isInstaller":"True","companyName":"2010-2023 Viber Media S.a.r.l","productName":"Viber","productVersion":"20.2.0.2","fileVersion":"20.2.0.2","hashMD5":"d801a863de374a9b3e159aa44b4905dc","hashSHA1":"4e41aa6d6f8c93b9537fd373464b533d4b725206","hashSHA256":"d0e1d237288f2e1466836ed3ba05c2309c9f5ebaedd96635bf57ccfd89b259c7","digitalCertThumbprint":"0FB8028E56E7BDEE0B66B962FA9539E50C5C3544","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Viber Media S.à r.l.","storeId":"","sourceIndex":"1006","avBlockList":["ESET Internet Security (20240606)","K7 Total Security (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)","Windows Defender (20240606)"],"avAllowList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","G DATA INTERNET SECURITY (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","McAfee Total Protection (20240606)","Quick Heal Internet Security (20240606)","Total AV Antivirus Pro (20240606)","Trend Micro Internet Security (20240606)","VIPRE Advanced Security (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://www.viber.com/en/","directDownloadingLink":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cdn.viber.com/desktop/windows/ViberSetup.exe","sourceIndex":"1006"}],"sampleFiles":["230710/Viber-220602/20.2.0.2/Samples/ViberSetup.exe"],"imageFiles":["230710/Viber-220602/20.2.0.2/Images/ACR-043/ACR-043.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-043/ACR-043 (2).JPG","230710/Viber-220602/20.2.0.2/Images/ACR-107/ACR-107.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-042/ACR-042.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-042/ACR-042_1.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-048/ACR-048.JPG","230710/Viber-220602/20.2.0.2/Images/ACR-047/ACR-047.JPG"],"nonDeceptorImageFiles":["230710/Viber-220602/20.2.0.2/Images/ACR-040/ACR-040.JPG"],"guid":"3236f7f7-3ddc-4281-94e0-57c5cafdb49a_20.2.0.2_1","appID":"Viber-220602","dateAdded":"240515","deceptorType":"App","name":"Viber","company":"Viber Media S.à r.l.","version":"20.2.0.2","firstVendorContactDate":"240528","firstAppEsteemReplyDate":"240528","firstResolvedDate":"240702","firstResolvedVersion":"23.0.0.0","resolved":"TRUE","lastKnownStatus":"20.2.0.2;21.0.0.0;22.3.0.0;22.5.0.1;22.6.1.0","lastKnownDate":"240515","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-07-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":667},{"violations":{"ACR-048":"The app does not provide any control to disable the startup it created.\n","ACR-084":"The app creates an undisclosed startup for DiagnosticDriver to perform action without the consumer's knowledge and consent. When app is closed, DiagnosticDriver runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-039":"The app silently installs \"DiagnosticDriver\" without disclosing its relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops its other components in a hidden path \"C:\\Users\\User\\AppData\\Local\\DiagnosticDriver\" without user's knowledge.\n","ACR-065":"The app does not disclose EULA and Privacy Policy at installation and software.\n"},"samples":[{"isRevoked":"False","fileName":"systemutilities.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"41eda719c231e212e02b2683d36edfa4","hashSHA1":"7257a3350b7b856c16b146ff063f002b42903543","hashSHA256":"1c6191ddeb164efff30358f7de88022577b6bfe0dfbe0a29ab0f3a2b25637bd2","sourceIndex":"645","avBlockList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","K7 Total Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","VirIT eXplorer PRO (20240604)"],"avAllowList":["Bitdefender Internet Security (20240604)","COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","Kaspersky Internet Security (20240604)","McAfee Total Protection (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","Webroot SecureAnywhere (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://system-utilities.com/","directDownloadingLink":"https://soft.system-utilities.com/get/default/vanilla/systemutilities.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://soft.system-utilities.com/get/default/vanilla/systemutilities.msi","sourceIndex":"645"}],"sampleFiles":["240429/SystemUtilities-240425/1.2.0.0/Samples/systemutilities.msi"],"imageFiles":["240429/SystemUtilities-240425/1.2.0.0/Images/ACR-039/ACR-039_Install_1.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-084/ACR-084_Software_1.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-084/ACR-084_Software_2.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-048/ACR-048_Software_1.png"],"nonDeceptorImageFiles":["240429/SystemUtilities-240425/1.2.0.0/Images/ACR-040/ACR-040_Install_1.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-040/ACR-040_Install_2.png","240429/SystemUtilities-240425/1.2.0.0/Images/ACR-065/ACR-065.gif"],"guid":"8f99ace0-96bf-438b-bbfb-5e61a0de9b98_1.2.0.0_1","appID":"SystemUtilities-240425","dateAdded":"240429","deceptorType":"App","name":"System Utilities","company":"Sol Digital Solutions Limited","version":"1.2.0.0","lastKnownStatus":"1.2.0.0","lastKnownDate":"240429","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","monetization":"none","lastUpdate":"2024-04-29T22:07:47.3430471+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":668},{"violations":{"ACR-048":"Scheduled tasks created without providing options/settings for user to disable them.\n\n","ACR-050":"ClearBar doesn't obey user's search engine setting. It enforces \"Clear\" (yahoo search result)  as the search engine in spite of user choice.\n\n","ACR-084":"ClearBar process running in background without notifying user when it is minimized.\n\n"},"nonDeceptorViolations":{"ACR-040":"application is installed in hidden folder without providing option for user to change it.\n"},"samples":[{"isRevoked":"False","fileName":"Clear-EasyPrint.b7002.SK040.ch%20(1).exe","isInstaller":"True","companyName":"Clear.App                                                   ","fileVersion":"1.1","hashMD5":"1f986151da117b4d0ffe2b5338ba8d90","hashSHA1":"8687e9acc6404fdc77b094e180f533aca46a0747","hashSHA256":"6b62f628f7e87cc66110e7429cc894c0967d9e85f9fae319d3b2f643fc245f94","digitalCertThumbprint":"17E6B9535839369889BB9AD0DF5A712973A264AB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=ClearBar, O=ClearBar, L=San Francisco, S=California, C=US","sourceIndex":"653","avBlockList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Kaspersky Internet Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","VIPRE Advanced Security (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","McAfee Total Protection (20240604)","Quick Heal Internet Security (20240604)","Trend Micro Internet Security (20240604)","Windows Defender (20240604)"]},{"isRevoked":"False","fileName":"Clear-EasyPrint.b7002.SK040.ch.exe","isInstaller":"True","companyName":"Clear.App                                                   ","fileVersion":"1.1","hashMD5":"a196bf8e7bdadac7a17007ad2f75ba2d","hashSHA1":"e7418c4025c3097bf7b05cc8b330e3a85a38186a","hashSHA256":"e161a46fe428d16d2d006c0c2415b36710278c7e273fe409e51010a2bc6404c9","digitalCertThumbprint":"17E6B9535839369889BB9AD0DF5A712973A264AB","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=ClearBar, O=ClearBar, L=San Francisco, S=California, C=US","sourceIndex":"653","avBlockList":["360 Total Security (20240604)","Avast Premium Security (20240604)","AVG Internet Security (20240604)","Avira Internet Security (20240604)","Bitdefender Internet Security (20240604)","ESET Internet Security (20240604)","G DATA INTERNET SECURITY (20240604)","K7 Total Security (20240604)","Kaspersky Internet Security (20240604)","Malwarebytes Premium (20240604)","Norton Security (20240604)","Panda Dome (20240604)","Quick Heal Internet Security (20240604)","Sophos Home Premium (20240604)","SpyHunter5 (20240604)","Total AV Antivirus Pro (20240604)","Trend Micro Internet Security (20240604)","VIPRE Advanced Security (20240604)","VirIT eXplorer PRO (20240604)","Webroot SecureAnywhere (20240604)"],"avAllowList":["COMODO Antivirus (20240604)","Dr.Web Security Space (20240604)","McAfee Total Protection (20240604)","Windows Defender (20240604)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer report","reference":"","landingPage":"https://clearbar.app","directDownloadingLink":"https://easyprint.app/lp/ez7-chroma-spc/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://easyprint.app/lp/ez7-chroma-spc/","sourceIndex":"653"}],"sampleFiles":["240420/ClearBar-240420/1.1.1.0/Samples/Clear-EasyPrint.b7002.SK040.ch%20(1).exe","240420/ClearBar-240420/1.1.1.0/Samples/Clear-EasyPrint.b7002.SK040.ch.exe"],"imageFiles":["240420/ClearBar-240420/1.1.1.0/Images/ACR-048/ACR-048_Software_1.png","240420/ClearBar-240420/1.1.1.0/Images/ACR-050/ACR-050_Software_1.png","240420/ClearBar-240420/1.1.1.0/Images/ACR-050/ACR-050_Software_2.png"],"nonDeceptorImageFiles":["240420/ClearBar-240420/1.1.1.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"7cb94790-5caa-4692-858b-99b1a30f56e2_1.1.1.0_1","appID":"ClearBar-240420","dateAdded":"240420","deceptorType":"App","name":"ClearBar","company":"ClearBar","version":"1.1.1.0","lastKnownStatus":"1.1.1.0","lastKnownDate":"240420","type":"Windows Executable","targetOS":"None","targetBrowser":"None","lastUpdate":"2024-04-21T00:16:32.8582814+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":669},{"violations":{"ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The offer requires the user to uncheck a prechecked checkbox in order to decline the offer.\n","ACR-055":"Accept and decline for the optional offer must be obvious. Unchecking the preselected AVS Video Converter is not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"The optional offer is inserted to masquerade as part of the installation flow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AVSMediaPlayer-setup.exe","isInstaller":"True","companyName":"Online Media Technologies Ltd.                              ","fileVersion":"5.6","hashMD5":"8212da807dc4cf4de3b1be3a3224a53e","hashSHA1":"461b1b6c73fcfe05a00046c0307d993c3072fa1f","hashSHA256":"b3b8c51e7544102f119fa11639e607e4e7c752c620d6db40738186d55d8c17ae","digitalCertThumbprint":"21A8BD16143F28225161B35C7DD456CCCD018901","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Online Media Technologies Ltd., O=Online Media Technologies Ltd., L=London, C=GB","sourceIndex":"874","avBlockList":["Avira Internet Security (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)"],"avAllowList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Bitdefender Internet Security (20240625)","COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","Quick Heal Internet Security (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","Windows Defender (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: mediaplayers","reference":"","landingPage":"https://www.avs4you.com/de/avs-free-media-player.aspx","directDownloadingLink":"https://downloads.avs4you.com/distributives/AVSMediaPlayer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.avs4you.com/distributives/AVSMediaPlayer.exe","sourceIndex":"874"}],"sampleFiles":["231004/AVSMediaPlayer-231004/5.6.2.155/Samples/AVSMediaPlayer-setup.exe"],"imageFiles":["231004/AVSMediaPlayer-231004/5.6.2.155/Images/ACR-055/AdditionalOffer.jpg","231004/AVSMediaPlayer-231004/5.6.2.155/Images/ACR-057/AdditionalOffer.jpg","231004/AVSMediaPlayer-231004/5.6.2.155/Images/ACR-059/AdditionalOffer.jpg","231004/AVSMediaPlayer-231004/5.6.2.155/Images/ACR-155/AdditionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"bcee770d-f736-44da-bdf3-2e554ebbe169_5.6.2.155_1","appID":"AVSMediaPlayer-231004","dateAdded":"240416","deceptorType":"App","name":"AVS Media Player","company":"Ascensio System SIA","version":"5.6.2.155","lastKnownStatus":"5.6.2.155;5.6.4.158","lastKnownDate":"240416","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-04-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":671},{"violations":{"ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The offer requires the user to uncheck a prechecked checkbox in order to decline the offer.\n","ACR-055":"Accept and decline for the optional offer must be obvious. Unchecking the preselected AVS Video Converter is not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"The optional offer is inserted to masquerade as part of the installation flow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AVSMediaPlayer.exe","isInstaller":"True","companyName":"Ascensio System SIA                                         ","productName":"AVS Media Player                                            ","productVersion":"5.6.4.158                                         ","fileVersion":"5.6.4.158           ","hashMD5":"13cc1372276845ec2c86320ce14a337c","hashSHA1":"fad0c65a978c26a08d95783aff46ee383cf4c911","hashSHA256":"224d6c839b9aaa18f08332c16ac921c8d74cbbb717e99c87fe1f20fbebb89bc3","digitalCertThumbprint":"1D24B4A35C426920BE429EC32E1A85012DE4CD01","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"SIA ","storeId":"","sourceIndex":"655","avBlockList":["Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","K7 Total Security (20240606)","Malwarebytes Premium (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)","Windows Defender (20240606)"],"avAllowList":["360 Total Security (20240606)","Avast Premium Security (20240606)","AVG Internet Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","Kaspersky Internet Security (20240606)","McAfee Total Protection (20240606)","Quick Heal Internet Security (20240606)","Trend Micro Internet Security (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.avs4you.com/de/avs-free-media-player.aspx","directDownloadingLink":"https://downloads.avs4you.com/distributives/AVSMediaPlayer.exe?_gl=1*wi4qjg*_ga*MTY0NzMzMzM0Ni4xNzEzMjY1NjE2*_ga_BWSZ9WEBRH*MTcxMzI2NTYxNS4xLjAuMTcxMzI2NTYyMi41My4wLjA.","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.avs4you.com/distributives/AVSMediaPlayer.exe?_gl=1*wi4qjg*_ga*MTY0NzMzMzM0Ni4xNzEzMjY1NjE2*_ga_BWSZ9WEBRH*MTcxMzI2NTYxNS4xLjAuMTcxMzI2NTYyMi41My4wLjA.","sourceIndex":"655"}],"sampleFiles":["240416/AVSMediaPlayer-231004/5.6.4.158/Samples/AVSMediaPlayer.exe"],"imageFiles":["240416/AVSMediaPlayer-231004/5.6.4.158/Images/ACR-055/ACR-055_Install_1.png","240416/AVSMediaPlayer-231004/5.6.4.158/Images/ACR-057/ACR-057_In-bundle offers_1.png","240416/AVSMediaPlayer-231004/5.6.4.158/Images/ACR-059/ACR-059_In-bundle offers_1.png","240416/AVSMediaPlayer-231004/5.6.4.158/Images/ACR-155/ACR-155_In-bundle offers_1.png"],"nonDeceptorImageFiles":[],"guid":"bcee770d-f736-44da-bdf3-2e554ebbe169_5.6.4.158_1","appID":"AVSMediaPlayer-231004","dateAdded":"240416","deceptorType":"App","name":"AVS Media Player","company":"Ascensio System SIA","version":"5.6.4.158","lastKnownStatus":"5.6.2.155;5.6.4.158","lastKnownDate":"240416","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-04-16T16:34:30.5762903+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":670},{"violations":{"ACR-006":"Application doesn't provide the value as it claims. The converted PDF can't be open and present error. Not a single document (.txt) can be converted successfully without errors. \n","ACR-104":"Application changes default search engine which is not relevant to application's value proposition. It doesn't disclose clear information and notification about the changes.\n","ACR-014":"The application misleads user that it installs PDFFixer and SumatraPDF, but only SumatraPDF installed as PDFReader\n"},"nonDeceptorViolations":{"ACR-040":"Application is installed in hidden folder without notifying user\n"},"samples":[{"isRevoked":"False","fileName":"Pdfixers.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"b4440eea7367c3fb04a89225df4022a6","hashSHA1":"5a6c01f821f10f6ed1f1283ecba36c5bacfb5838","hashSHA256":"a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0","digitalCertThumbprint":"40C0CB1A69BC8AF1256B2862D729A330937B4CFF","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ADSMARKETO LLC, O=ADSMARKETO LLC, STREET=\"Rybolovetska street, building 49\", L=Kyiv, S=Kyiv, C=UA, OID.1.3.6.1.4.1.311.60.2.1.3=UA, SERIALNUMBER=45092259, OID.2.5.4.15=Private Organization","sourceIndex":"657","avBlockList":["Avast Premium Security (20240606)","AVG Internet Security (20240606)","Avira Internet Security (20240606)","Bitdefender Internet Security (20240606)","ESET Internet Security (20240606)","G DATA INTERNET SECURITY (20240606)","K7 Total Security (20240606)","Kaspersky Internet Security (20240606)","Malwarebytes Premium (20240606)","Norton Security (20240606)","Panda Dome (20240606)","Quick Heal Internet Security (20240606)","Sophos Home Premium (20240606)","SpyHunter5 (20240606)","Total AV Antivirus Pro (20240606)","Trend Micro Internet Security (20240606)","VIPRE Advanced Security (20240606)","VirIT eXplorer PRO (20240606)","Webroot SecureAnywhere (20240606)"],"avAllowList":["360 Total Security (20240606)","COMODO Antivirus (20240606)","Dr.Web Security Space (20240606)","McAfee Total Protection (20240606)","Windows Defender (20240606)"]}],"additionalFiles":[],"sources":[{"howFound":"customer report","reference":"","landingPage":"https://pdffixers.com/","directDownloadingLink":"https://pdffixers.com/downloadPage.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pdffixers.com/downloadPage.html","sourceIndex":"657"},{"howFound":"","reference":"","landingPage":"https://pdfixers.com/","directDownloadingLink":"https://pdfixers.com/downloadPage.html","ipv4":"","ipv6":"","sourceIndex":"658"}],"sampleFiles":["240413/PDFFixers-240413/3.5.2.0/Samples/PDFixers.exe"],"imageFiles":["240413/PDFFixers-240413/3.5.2.0/Images/ACR-104/ACR-104_Software_1.png","240413/PDFFixers-240413/3.5.2.0/Images/ACR-006/ACR-006_Software_1.png","240413/PDFFixers-240413/3.5.2.0/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":["240413/PDFFixers-240413/3.5.2.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"a96149a5-3977-4a89-bf38-1c8072fe7f1d_3.5.2.0_1","appID":"PDFFixers-240413","dateAdded":"240413","deceptorType":"App","name":"PDFFixers","company":" ADSMARKETO LLC","version":"3.5.2.0","lastKnownStatus":"3.5.2.0","lastKnownDate":"240413","type":"Windows Executable","category":"Productivity, Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"install offers","lastUpdate":"2024-04-14T00:48:08.1246405+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":672},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"imagetopdf_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Image To PDF                                                ","productVersion":"3.7.0.0                                           ","fileVersion":"3.7.0.0             ","hashMD5":"b9c578cbaaba29c7b7d54e3903a516fe","hashSHA1":"82dc60db7994720c26056c49b023f4fce9f317b4","hashSHA256":"7d47f81c4c2ac42872dfa4711b806cb917ba48cdcad0f93adffdc991a22dc22f","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"660","avBlockList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","Avira Internet Security (20240613)","Dr.Web Security Space (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Kaspersky Internet Security (20240613)","Malwarebytes Premium (20240613)","McAfee Total Protection (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","Trend Micro Internet Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)"],"avAllowList":["Bitdefender Internet Security (20240613)","COMODO Antivirus (20240613)","Quick Heal Internet Security (20240613)","VIPRE Advanced Security (20240613)","Windows Defender (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imagetopdf.html","directDownloadingLink":"http://en.zxt2007.com/download/imagetopdf_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/imagetopdf_setup.exe","sourceIndex":"660"}],"sampleFiles":["240405/ImagetoPDF-220606/3.7.0.0/Samples/imagetopdf_setup.exe"],"imageFiles":["240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-109/ACR-109.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-048/ACR-048.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-010/ACR-010.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-118/ACR-118.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-057/ACR-057.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-059/ACR-059.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-071/ACR-071.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-155/ACR-155.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-013/ACR-013.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-106/ACR-106.PNG","240405/ImagetoPDF-220606/3.7.0.0/Images/ACR-123/ACR-123.PNG"],"guid":"19c6c2e7-39d7-4039-9551-0d0065370800_3.7.0.0_1","appID":"ImagetoPDF-220606","dateAdded":"240405","deceptorType":"App","name":"Image to PDF","company":"ZXT2007.com","version":"3.7.0.0","lastKnownStatus":"2.6.0.0;3.6.0.0;3.7.0.0","lastKnownDate":"240405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle,none","lastUpdate":"2024-04-05T16:56:15.3738196+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":673},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed. \n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Image To PDF\\ImageToPDF.exe","companyName":"zxt2007.com","productName":"Image To PDF","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"665765a3db371eaca3cec3ffdf02e997","hashSHA1":"ee79c0f2688fa512b62e2ad2ece46c386e2b8280","hashSHA256":"0f4d26f0dd152a259cf8b64562bcaef4822f82534dccb91ef4d856385a481b19","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1077","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imagetopdf_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Image To PDF                                                ","productVersion":"3.6.0.0                                           ","fileVersion":"3.6.0.0             ","hashMD5":"1b7a6b10c78b36a73711d9894f817a88","hashSHA1":"df97f997a9e5ffd25778c20f0490bb47969b8f86","hashSHA256":"e0854f67e004d040bbf31fdf7ad81a2c6ffc53bc5bd5abacc409441c5410b2ef","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1077","avBlockList":["360 Total Security (20240716)","Avast Premium Security (20240716)","AVG Internet Security (20240716)","Avira Internet Security (20240716)","Bitdefender Internet Security (20240716)","COMODO Antivirus (20240716)","Dr.Web Security Space (20240716)","ESET Internet Security (20240716)","G DATA INTERNET SECURITY (20240716)","K7 Total Security (20240716)","Kaspersky Internet Security (20240716)","Malwarebytes Premium (20240716)","McAfee Total Protection (20240716)","Norton Security (20240716)","Panda Dome (20240716)","Sophos Home Premium (20240716)","SpyHunter5 (20240716)","Total AV Antivirus Pro (20240716)","Trend Micro Internet Security (20240716)","VIPRE Advanced Security (20240716)","VirIT eXplorer PRO (20240716)","Webroot SecureAnywhere (20240716)","FortectPremium (20240716)"],"avAllowList":["Quick Heal Internet Security (20240716)","Windows Defender (20240716)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imagetopdf.html ","directDownloadingLink":"http://en.zxt2007.com/download.php?id=imagetopdf_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=imagetopdf_setup.exe","sourceIndex":"1077"}],"sampleFiles":["230530/ImagetoPDF-220606/3.6.0.0/Samples/imagetopdf_setup.exe"],"imageFiles":["230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-109/ACR-109.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-043/ACR-043.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-042/ACR-042.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-048/ACR-048.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-007/ACR-007.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-010/ACR-010.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-118/ACR-118.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-057/ACR-057.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-059/ACR-059.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-071/ACR-071.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-155/ACR-155.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-013/ACR-013.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-045/ACR-045.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-106/ACR-106.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-092/ACR-092.JPG","230530/ImagetoPDF-220606/3.6.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"19c6c2e7-39d7-4039-9551-0d0065370800_3.6.0.0_1","appID":"ImagetoPDF-220606","dateAdded":"240405","deceptorType":"App","name":"Image to PDF","company":"ZXT2007.com","version":"3.6.0.0","lastKnownStatus":"2.6.0.0;3.6.0.0;3.7.0.0","lastKnownDate":"240405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle,none","lastUpdate":"2024-04-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":674},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The main executable is not digitally signed. \n"},"samples":[{"isRevoked":"False","fileName":"ImageToPDF.exe","companyName":"ZXT2007.com","productName":"Image To PDF","productVersion":"2.6","fileVersion":"2.6","hashMD5":"bcb87a169f877266357efb1676f238ce","hashSHA1":"cb5c0644d10deeede96503da8ab892101e5b45fa","hashSHA256":"c59764dbab5ca70a740f196a68377a8f87b544f5ffc2c15a44e6c6163b8283e2","sourceIndex":"1573","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imagetopdf_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Image To PDF","fileVersion":"2.6","hashMD5":"46e10f234a6cd27230111bad3e0eb037","hashSHA1":"b911ef2cf83ce72aaef410321e7e030a0ec68753","hashSHA256":"bd67ba68af17b788891dd67f738fd1e0a873d09309f37bd7e9cee6f6b48050df","digitalCertThumbprint":"F9283AF7C9A41620F82A6E97A447E47D12070ABB","digitalCertIssuer":"CN=TalentPersonal","digitalCertIssuedTo":"CN=TalentPersonal","sourceIndex":"1573","avBlockList":["360 Total Security (20240411)","Avast Premium Security (20240411)","AVG Internet Security (20240411)","Avira Internet Security (20240411)","Bitdefender Internet Security (20240411)","Dr.Web Security Space (20240411)","ESET Internet Security (20240411)","G DATA INTERNET SECURITY (20240411)","K7 Total Security (20230831)","Kaspersky Internet Security (20240411)","Malwarebytes Premium (20240411)","McAfee Total Protection (20240411)","Norton Security (20240411)","Panda Dome (20240411)","Quick Heal Internet Security (20240411)","Sophos Home Premium (20240411)","SpyHunter5 (20240411)","Total AV Antivirus Pro (20240411)","Trend Micro Internet Security (20240411)","VIPRE Advanced Security (20240411)","VirIT eXplorer PRO (20240411)","Webroot SecureAnywhere (20240411)","Windows Defender (20240411)"],"avAllowList":["COMODO Antivirus (20240411)","Tencent PC Manager (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imagetopdf.html ","directDownloadingLink":"http://en.zxt2007.com/download.php?id=imagetopdf_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=imagetopdf_setup.exe","sourceIndex":"1573"}],"sampleFiles":["220606/ImagetoPDF-220606/2.6.0.0/Samples/ImageToPDF.exe","220606/ImagetoPDF-220606/2.6.0.0/Samples/imagetopdf_setup.exe"],"imageFiles":["220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-109/ACR-109_048_rksetup.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-048/ACR-109_048_rksetup.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-010/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-118/ACR-118_Remnants.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-057/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-059/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-071/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-065/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-106/RelevantKnowledge.jpg","220606/ImagetoPDF-220606/2.6.0.0/Images/ACR-092/ACR_092_NoDigiSig.jpg"],"guid":"19c6c2e7-39d7-4039-9551-0d0065370800_2.6.0.0_1","appID":"ImagetoPDF-220606","dateAdded":"240405","deceptorType":"App","name":"Image to PDF","company":"ZXT2007.com","version":"2.6.0.0","lastKnownStatus":"2.6.0.0;3.6.0.0;3.7.0.0","lastKnownDate":"240405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle,none","lastUpdate":"2024-04-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":675},{"violations":{"ACR-004":"Application doesn't provide free fix for scanned items, instead it offers subscription payment to recover files scanned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iboysoftdatarecovery-setup.exe","isInstaller":"True","companyName":"iBoysoft                                                    ","fileVersion":"0.0","hashMD5":"b7902ba6474cf93a43f36ed5f6482acf","hashSHA1":"bd184ab9ca5b161daac7a6157acd301b11ac2c00","hashSHA256":"a05f67aec1ccfb8f091c91f7119998fce61aa200a649c2895fa11e03ef4aa2c5","digitalCertThumbprint":"5691BDDDAEDC258FD0D4C8C11036DD227F820716","digitalCertIssuer":"CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Chengdu Aibo Tech Co., Ltd.\", O=\"Chengdu Aibo Tech Co., Ltd.\", L=成都市, S=四川省, C=CN","sourceIndex":"663","avBlockList":["Avira Internet Security (20240613)","Bitdefender Internet Security (20240613)","ESET Internet Security (20240613)","G DATA INTERNET SECURITY (20240613)","K7 Total Security (20240613)","Malwarebytes Premium (20240613)","Norton Security (20240613)","Panda Dome (20240613)","Sophos Home Premium (20240613)","SpyHunter5 (20240613)","Total AV Antivirus Pro (20240613)","VIPRE Advanced Security (20240613)","VirIT eXplorer PRO (20240613)","Webroot SecureAnywhere (20240613)"],"avAllowList":["360 Total Security (20240613)","Avast Premium Security (20240613)","AVG Internet Security (20240613)","COMODO Antivirus (20240613)","Dr.Web Security Space (20240613)","Kaspersky Internet Security (20240613)","McAfee Total Protection (20240613)","Quick Heal Internet Security (20240613)","Trend Micro Internet Security (20240613)","Windows Defender (20240613)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://iboysoft.com/data-recovery/free-data-recovery.html","directDownloadingLink":"https://download.iboysoft.com/download/downloadfile.php?p=datarecovery&d=notrial_home_de&_gl=1*yy6qeb*_ga*MTg3MDAwNjI1NC4xNzEyMDQ0NTgx*_ga_ZTY9GRXHEE*MTcxMjA0NDU4MS4xLjAuMTcxMjA0NDU4MS4wLjAuMA..","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iboysoft.com/download/downloadfile.php?p=datarecovery&d=notrial_home_de&_gl=1*yy6qeb*_ga*MTg3MDAwNjI1NC4xNzEyMDQ0NTgx*_ga_ZTY9GRXHEE*MTcxMjA0NDU4MS4xLjAuMTcxMjA0NDU4MS4wLjAuMA..","sourceIndex":"663"}],"sampleFiles":["240402/iBoysoftDataRecovery-240402/5.6.8/Samples/iboysoftdatarecovery-setup.exe"],"imageFiles":["240402/iBoysoftDataRecovery-240402/5.6.8/Images/ACR-004/ACR-004_Software_1.png","240402/iBoysoftDataRecovery-240402/5.6.8/Images/ACR-004/ACR-004_Software_2.png","240402/iBoysoftDataRecovery-240402/5.6.8/Images/ACR-004/ACR-004_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"93acfafe-8d27-4d09-958b-831eef9d2328_5.6.8_1","appID":"iBoysoftDataRecovery-240402","dateAdded":"240402","deceptorType":"App","name":"iBoysoft Free Data Recovery","company":"iBoysoft","version":"5.6.8","lastKnownStatus":"5.6.8","lastKnownDate":"240402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-04-02T20:34:16.3022945+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":676},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide control to disable/remove the startup, background process, and quit the app completely within the app's settings.\n","ACR-084":"On quitting the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-014":"The app displays a misleading statement that \"Your real IP : visible\" (another VPN is running and real IP is hidden by it) \n\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Oko VPN\\1.5.0\\OkoVPN.exe","companyName":"OkoVPN","productName":"OkoVPN","productVersion":"1.5.0.0","fileVersion":"1.5.0.0","hashMD5":"5b7768ed1cde525239c485d40280afd8","hashSHA1":"e0b047f72e99a061b75fb2e80b8080a35b067150","hashSHA256":"c33636bae96d00e9711bf3b01c4c5b9329ddb30e0f8673eac6e61269440699e8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"257","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Oko VPN\\1.5.0\\Vpn.Service.exe","companyName":"Vpn.Service","productName":"Vpn.Service","productVersion":"1.5.0.0","fileVersion":"1.5.0.0","hashMD5":"cfb3c60bb541ea76fb12b0f9ea2e9d20","hashSHA1":"706fc1ae02bfe32c9818f1d138ee5e61462477a7","hashSHA256":"35c305f60c53d2226fbf76702cc37ba292c8f4e02125def6622316c267ce2c12","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"257","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Oko VPN\\Common\\Vpn.Logging.exe","companyName":"Vpn.Logging","productName":"Vpn.Logging","productVersion":"1.5.0.0","fileVersion":"1.5.0.0","hashMD5":"9ec6b0f032d3496799044d448d89832f","hashSHA1":"04dd5b2f5f10865c434749701d05b77ada45d621","hashSHA256":"1da77e56070586a9b8de2116d1c5f32849db892b03e13d1141b4ecd5405b767a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"257","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OkoVPN-Installer-1.5.0.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"18964cd33d8957964bbe73074638ee71","hashSHA1":"d97c10e5ea84f2d9dd4617f302714e14faa1b289","hashSHA256":"f519a029e0561da0ed4d085a80781b2cbb419dab5ef00bc7c23a099ba55c3621","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"257","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","G DATA INTERNET SECURITY (20240618)","K7 Total Security (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","VIPRE Advanced Security (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["ESET Internet Security (20240618)","Trend Micro Internet Security (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://okovpn.com/","directDownloadingLink":"https://okovpn.com/files/OkoVPN-Installer-1.5.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://okovpn.com/files/OkoVPN-Installer-1.5.0.exe","sourceIndex":"257"}],"sampleFiles":["240327/OKOVPN-240326/1.5/Samples/OkoVPN-Installer-1.5.0.exe"],"imageFiles":["240327/OKOVPN-240326/1.5/Images/ACR-048/ACR-048.PNG","240327/OKOVPN-240326/1.5/Images/ACR-084/ACR-084_1.PNG","240327/OKOVPN-240326/1.5/Images/ACR-048/ACR-048_Software.PNG","240327/OKOVPN-240326/1.5/Images/ACR-048/ACR-048_Software_1.PNG","240327/OKOVPN-240326/1.5/Images/ACR-014/ACR-014.PNG"],"nonDeceptorImageFiles":["240327/OKOVPN-240326/1.5/Images/ACR-092/ACR-092.PNG","240327/OKOVPN-240326/1.5/Images/ACR-092/ACR-092_1.PNG"],"guid":"e2081c5c-833f-4ef0-8c3a-4c364a83d557_1.5_1","appID":"OKOVPN-240326","dateAdded":"240327","deceptorType":"App","name":"OKO VPN","company":"OKOVPN","version":"1.5","lastKnownStatus":"1.5","lastKnownDate":"250102","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-02T18:58:07.7636263+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":677},{"violations":{"ACR-004":"Application doesn't provide free fix for all items reported, only allow to recover 3 files. Instead it offers subscription payment to completely recover files scanned.\n","ACR-014":"Data Recovery feature does not match what is displayed on Landing page and allowed in software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FileRecovery_Free.exe","isInstaller":"True","fileVersion":"1.24","hashMD5":"fa6c122bfc3d3e0652b816dea7506c30","hashSHA1":"6e5dff133182bceb41dd54166707a336fa4c3887","hashSHA256":"789e265fe7c5b72d0d43e092ffee7347c4d17e5be84c75e752245cbe3a99418b","digitalCertThumbprint":"208315C82C4A57E1BD8C1AD0E7C9B536E6C07405","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Glarysoft Ltd, O=Glarysoft Ltd, S=Beijing, C=CN, SERIALNUMBER=91110108680456115E, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Haidian District, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"633","avBlockList":["Avast Premium Security (20240411)","AVG Internet Security (20240411)","Avira Internet Security (20240411)","ESET Internet Security (20240411)","G DATA INTERNET SECURITY (20240411)","K7 Total Security (20240411)","Norton Security (20240411)","Panda Dome (20240411)","Quick Heal Internet Security (20240411)","Sophos Home Premium (20240411)","SpyHunter5 (20240411)","Total AV Antivirus Pro (20240411)","VirIT eXplorer PRO (20240411)","Webroot SecureAnywhere (20240411)"],"avAllowList":["360 Total Security (20240411)","Bitdefender Internet Security (20240411)","COMODO Antivirus (20240411)","Dr.Web Security Space (20240411)","Kaspersky Internet Security (20240411)","Malwarebytes Premium (20240411)","McAfee Total Protection (20240411)","Trend Micro Internet Security (20240411)","VIPRE Advanced Security (20240411)","Windows Defender (20240411)"]},{"isRevoked":"False","fileName":"FileRecovery.exe","companyName":"Glarysoft Ltd","fileVersion":"1.0","hashMD5":"7c7340dd3f60ca510c4e9506f1253d53","hashSHA1":"1577becfeb6c37b94840e42851c0f59085f0d4da","hashSHA256":"44c3c5028514f5814cbec5a03b657358027a5e05cfd51d6c1f6b28005c522941","digitalCertThumbprint":"208315C82C4A57E1BD8C1AD0E7C9B536E6C07405","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Glarysoft Ltd, O=Glarysoft Ltd, S=Beijing, C=CN, SERIALNUMBER=91110108680456115E, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Haidian District, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"633","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.glarysoft.com/file-recovery-free/","directDownloadingLink":"https://download.glarysoft.com/FileRecovery_Free.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/FileRecovery_Free.exe","sourceIndex":"633"}],"sampleFiles":["240327/GlarysoftFileRecovery-240327/1.24.0.24/Samples/FileRecovery_Free.exe","240327/GlarysoftFileRecovery-240327/1.24.0.24/Samples/FileRecovery.exe"],"imageFiles":["240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-004/ACR-004_Software_1.png","240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-004/ACR-004_Software_2.png","240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-014/ACR-014_Software_1.png","240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-014/ACR-014_Software_2.png","240327/GlarysoftFileRecovery-240327/1.24.0.24/Images/ACR-014/ACR-014_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"00bf9080-ab9e-406d-a323-7bf3c659c391_1.24.0.24_1","appID":"GlarysoftFileRecovery-240327","dateAdded":"240327","deceptorType":"App","name":"Glarysoft File Recovery","company":"Glarysoft Ltd","version":"1.24.0.24","firstVendorContactDate":"240530","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240604","firstResolvedVersion":"1.25.0.25","resolved":"TRUE","lastKnownStatus":"1.24.0.24","lastKnownDate":"240327","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-06-04T18:41:13.2255388+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":678},{"violations":{"ACR-004":"The application doesn't provide a free fix (recovery) for scan results, and offer a subscription that the user needs to pay to fix it.\n","ACR-014":"The \"Save\" button leads to purchase flow. It misleads the user that the scanned items will be fixed (save the recovered files) after clicking button. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"sfware-data-recovery.exe","isInstaller":"True","companyName":"SFWare Software                                             ","fileVersion":"2.0","hashMD5":"490d44898a7c30036d46ff30d2cce463","hashSHA1":"be8b584d8443e29ddc9d65091a8104bc742748f0","hashSHA256":"c2771a2e7272c330b8656d3987021efdc29bf5ef1e20ec53be37bf13fa1fbed3","digitalCertThumbprint":"3E009177BF40B8F4F2846DD63F6143B2FDAAACE1","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Versacor Offshore Software Private Limited, O=Versacor Offshore Software Private Limited, L=Bengaluru, S=Karnataka, C=IN, SERIALNUMBER=032151, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"700","avBlockList":["Dr.Web Security Space (20240618)","ESET Internet Security (20240618)","K7 Total Security (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","G DATA INTERNET SECURITY (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Total AV Antivirus Pro (20240618)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","Windows Defender (20240618)"]},{"isRevoked":"False","fileName":"sf-recovery.exe","companyName":"SFWare Software","fileVersion":"2.0","hashMD5":"9fa88de3cc33af51c6de34badabb168d","hashSHA1":"b986604a9a668a065e8428a97475d2e43a9ae374","hashSHA256":"303458a659fa75c1c7207029f954244fbaeae64a3650a2fb07b7cdeb5690d6ed","digitalCertThumbprint":"3E009177BF40B8F4F2846DD63F6143B2FDAAACE1","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Versacor Offshore Software Private Limited, O=Versacor Offshore Software Private Limited, L=Bengaluru, S=Karnataka, C=IN, SERIALNUMBER=032151, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"700","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"random search for recovery apps","reference":"","landingPage":"https://www.sfware.com/","directDownloadingLink":"https://08dc6b4b17ace69260b6-8cec0142b5ff04d94513603d1b0645ac.ssl.cf2.rackcdn.com/sfware-data-recovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://08dc6b4b17ace69260b6-8cec0142b5ff04d94513603d1b0645ac.ssl.cf2.rackcdn.com/sfware-data-recovery.exe","sourceIndex":"700"}],"sampleFiles":["240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Samples/sfware-data-recovery.exe","240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Samples/sf-recovery.exe"],"imageFiles":["240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Images/ACR-004/ACR-004_Software_1.png","240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Images/ACR-004/ACR-004_Software_2.png","240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Images/ACR-014/ACR-014_Software_1.png","240325/SFWareDataRecoverySoftware-240322/2.0.0.1/Images/ACR-014/ACR-014_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"f767d021-f485-427e-b50f-aa26b6eefef1_2.0.0.1_1","appID":"SFWareDataRecoverySoftware-240322","dateAdded":"240325","deceptorType":"App","name":"SFWare Data Recovery Software","company":"SFWare Software","version":"2.0.0.1","lastKnownStatus":"2.0.0.1","lastKnownDate":"240325","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-03-26T01:10:50.7830681+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":679},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"imageconverter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Best Free Image Converter                                   ","productVersion":"7.1.1.0                                           ","fileVersion":"7.1.1.0             ","hashMD5":"486132c040c7e1eb7af71bfeed4b2295","hashSHA1":"2529061f5e0d01ae90eaa00d632d9d9d95e4b399","hashSHA256":"31a81c4f0f1a723d8229bb03e979f5ca02aada9ef23091e476cbf66f0e917b52","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"705","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","K7 Total Security (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imageconverter.html","directDownloadingLink":"en.zxt2007.com/download/imageconverter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"en.zxt2007.com/download/imageconverter_setup.exe","sourceIndex":"705"}],"sampleFiles":["240321/BestFreeImageConverter-220607/7.1.1.0/Samples/imageconverter_setup.exe"],"imageFiles":["240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-109/ACR-109.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-048/ACR-048.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-010/ACR-010.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-118/ACR-118.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-057/ACR-057.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-059/ACR-059.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-071/ACR-071.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-155/ACR-155.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-013/ACR-013.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":["240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-106/ACR-106.PNG","240321/BestFreeImageConverter-220607/7.1.1.0/Images/ACR-123/ACR-123.PNG"],"guid":"b7541cf1-f001-41d2-bcb3-10f1ba7a3222_7.1.1.0_1","appID":"BestFreeImageConverter-220607","dateAdded":"240321","deceptorType":"App","name":"Best Free Image Converter","company":"zxt2007.com","version":"7.1.1.0","lastKnownStatus":"5.1.5.1;6.6.0.0;7.1.1.0","lastKnownDate":"240321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-03-21T16:54:48.8699559+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":680},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":" The main executable does not have a digital signature\n\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Best Free Image Converter\\PConverter.exe","companyName":"zxt2007.com","productName":"Best Free Image Converter","productVersion":"6.6.0.0","fileVersion":"6.6.0.0","hashMD5":"d54fce7cef588929c2580a25601662f2","hashSHA1":"8eb5aec439910b4a3c25d1128032aa958bbee8de","hashSHA256":"8c2804a34618c1f99d3e1a72f563d7433f0b4edbe6f8fbf8d1cf173181bd3bbe","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1074","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imageconverter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Best Free Image Converter                                   ","productVersion":"6.6.0.0                                           ","fileVersion":"6.6.0.0             ","hashMD5":"2115e219ff93c9935bc2598b47ecce72","hashSHA1":"51fb4ad79139e01ca017a36105f27effa326c847","hashSHA256":"ecf0807287f00693302ab06ab7d7aec4b2feafcfe48c90496470b8ad855660bb","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1074","avBlockList":["360 Total Security (20240416)","Avast Premium Security (20240416)","AVG Internet Security (20240416)","Avira Internet Security (20240416)","Bitdefender Internet Security (20240416)","COMODO Antivirus (20240416)","Dr.Web Security Space (20240416)","ESET Internet Security (20240416)","G DATA INTERNET SECURITY (20240416)","K7 Total Security (20240416)","Kaspersky Internet Security (20240416)","Malwarebytes Premium (20240416)","McAfee Total Protection (20240416)","Norton Security (20240416)","Panda Dome (20240416)","Quick Heal Internet Security (20240416)","Sophos Home Premium (20240416)","SpyHunter5 (20240416)","Total AV Antivirus Pro (20240416)","VIPRE Advanced Security (20240416)","VirIT eXplorer PRO (20240416)","Webroot SecureAnywhere (20240416)"],"avAllowList":["Trend Micro Internet Security (20240416)","Windows Defender (20240416)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imageconverter.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=imageconverter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=imageconverter_setup.exe","sourceIndex":"1074"}],"sampleFiles":["230531/BestFreeImageConverter-220607/6.6.0.0/Samples/imageconverter_setup.exe"],"imageFiles":["230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-109/ACR-109.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-043/ACR-043.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-042/ACR-042.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-048/ACR-048.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-007/ACR-007.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-010/ACR-010.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-118/ACR-118.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-057/ACR-057.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-059/ACR-059.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-071/ACR-071.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-155/ACR-155.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-013/ACR-013.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-045/ACR-045.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-106/ACR-106.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-092/ACR-092.JPG","230531/BestFreeImageConverter-220607/6.6.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"b7541cf1-f001-41d2-bcb3-10f1ba7a3222_6.6.0.0_1","appID":"BestFreeImageConverter-220607","dateAdded":"240321","deceptorType":"App","name":"Best Free Image Converter","company":"zxt2007.com","version":"6.6.0.0","lastKnownStatus":"5.1.5.1;6.6.0.0;7.1.1.0","lastKnownDate":"240321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-03-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":681},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":" The main executable has untrusted root certificate. \n\n"},"samples":[{"isRevoked":"False","fileName":"imageconverter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Best Free Image Converter          ","productVersion":"5.1.5.1 ","fileVersion":"5.1.5.1 ","hashMD5":"033bdaca8bd6b538b68feb0a1ab26062","hashSHA1":"4accd099253820257f938ecb95a9b5028091b787","hashSHA256":"5af63c56e60a60f8f8dd663a0eba5a112cad6e7bef4e97b921adb5e7faaf9614","digitalCertThumbprint":"F9283AF7C9A41620F82A6E97A447E47D12070ABB","digitalCertIssuer":"CN=TalentPersonal","digitalCertIssuedTo":"CN=TalentPersonal","sourceIndex":"1568","avBlockList":["360 Total Security (20240326)","Avast Premium Security (20240326)","AVG Internet Security (20240326)","Avira Internet Security (20240326)","Bitdefender Internet Security (20240326)","COMODO Antivirus (20240326)","Dr.Web Security Space (20240326)","ESET Internet Security (20240326)","G DATA INTERNET SECURITY (20240326)","K7 Total Security (20240326)","Kaspersky Internet Security (20240326)","Malwarebytes Premium (20240326)","McAfee Total Protection (20240326)","Norton Security (20240326)","Panda Dome (20240326)","Sophos Home Premium (20240326)","SpyHunter5 (20240326)","Total AV Antivirus Pro (20240326)","VIPRE Advanced Security (20240326)","VirIT eXplorer PRO (20240326)","Webroot SecureAnywhere (20240326)","Windows Defender (20240326)"],"avAllowList":["Quick Heal Internet Security (20240326)","Tencent PC Manager (20220728)","Trend Micro Internet Security (20240326)"]},{"isRevoked":"False","fileName":"PConverter.exe","companyName":"ZXT2007.com","productName":"Best Free Image Converter          ","fileVersion":"5.1.5.1 ","hashMD5":"ef4d2314b152218b7ad6ca0be93babb5","hashSHA1":"9eefc834c17522e33d0da8c3e2220245a45f5cd9","hashSHA256":"8e383b0175a85a1ab0e7e158ca8d7ed9ced899521231874e88468d384a5ee0f8","digitalCertThumbprint":"F9283AF7C9A41620F82A6E97A447E47D12070ABB","digitalCertIssuer":"CN=TalentPersonal","digitalCertIssuedTo":"CN=TalentPersonal","sourceIndex":"1568","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/imageconverter.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=imageconverter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=imageconverter_setup.exe","sourceIndex":"1568"}],"sampleFiles":["220607/BestFreeImageConverter-220607/5.1.5.1/Samples/imageconverter_setup.exe","220607/BestFreeImageConverter-220607/5.1.5.1/Samples/PConverter.exe"],"imageFiles":["220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-109/ACR-109_048_RKSetup.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-048/ACR-109_048_RKSetup.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-010/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-118/ACR-118_Remnants.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-057/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-059/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-071/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-065/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-106/RelevantKnowledge.jpg","220607/BestFreeImageConverter-220607/5.1.5.1/Images/ACR-092/ACR-092_UntrustedRC.jpg"],"guid":"b7541cf1-f001-41d2-bcb3-10f1ba7a3222_5.1.5.1_1","appID":"BestFreeImageConverter-220607","dateAdded":"240321","deceptorType":"App","name":"Best Free Image Converter","company":"zxt2007.com","version":"5.1.5.1","lastKnownStatus":"5.1.5.1;6.6.0.0;7.1.1.0","lastKnownDate":"240321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-03-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":682},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers non declinable  unwanted application 'Relevant Knowledge market survey\".\n"},"samples":[{"isRevoked":"False","fileName":"minicadviewer_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Mini CAD Viewer                                             ","productVersion":"3.6.1.0                                           ","fileVersion":"3.6.1.0             ","hashMD5":"a18a2e8327aff3f1767f791778c18679","hashSHA1":"b2f0f90c34a9b5a76b364b820c45616c26800ae7","hashSHA256":"323e498d5b57722dbc54f970f165151b806f1891db060945e5a4f37aaddb467c","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"706","avBlockList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)","Windows Defender (20240625)"],"avAllowList":["Quick Heal Internet Security (20240625)","VIPRE Advanced Security (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://en.zxt2007.com/picture-tools/minicadviewer.html","directDownloadingLink":"https://en.zxt2007.com/download/minicadviewer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.zxt2007.com/download/minicadviewer_setup.exe","sourceIndex":"706"}],"sampleFiles":["240320/minicadviewer-230529/3.6.1.0/Samples/minicadviewer_setup.exe"],"imageFiles":["240320/minicadviewer-230529/3.6.1.0/Images/ACR-109/ACR-109.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-048/ACR-048.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-010/ACR-010.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-013/ACR-013.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-118/ACR-118.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-057/ACR-057.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-059/ACR-059.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-060/ACR-060.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-071/ACR-071.PNG","240320/minicadviewer-230529/3.6.1.0/Images/ACR-155/ACR-155.PNG"],"nonDeceptorImageFiles":["240320/minicadviewer-230529/3.6.1.0/Images/ACR-106/ACR-106.PNG"],"guid":"ba0e17c9-3882-47c6-ab70-2d21318c011e_3.6.1.0_1","appID":"minicadviewer-230529","dateAdded":"240320","deceptorType":"Bundler","name":"Mini CAD Viewer","company":"zxt2007.com","version":"3.6.1.0","lastKnownStatus":"3.3.0.0;3.4.0.0;3.6.1.0","lastKnownDate":"240320","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-03-20T16:36:18.4141779+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":683},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed\n"},"samples":[{"isRevoked":"False","fileName":"minicadviewer_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Mini CAD Viewer                                             ","productVersion":"3.4.0.0                                           ","fileVersion":"3.4.0.0             ","hashMD5":"bdf4be85962b79c5804491f35a3f05a6","hashSHA1":"bacc3af774c66761ea7614f8a1c4454f4c2487b6","hashSHA256":"e1a3a0564f53c02abb2fadd9d2db96ccf6bb18cd37fe2d744ab743d105a02d94","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1013","avBlockList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","Dr.Web Security Space (20240723)","ESET Internet Security (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","FortectPremium (20240723)"],"avAllowList":["VIPRE Advanced Security (20240723)","Windows Defender (20240723)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/minicadviewer.html","directDownloadingLink":"http://en.zxt2007.com/download/minicadviewer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/minicadviewer_setup.exe","sourceIndex":"1013"}],"sampleFiles":["230705/minicadviewer-230529/3.4.0.0/Samples/minicadviewer_setup.exe"],"imageFiles":["230705/minicadviewer-230529/3.4.0.0/Images/ACR-109/ACR-109.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-048/ACR-048.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-010/ACR-010.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-013/ACR-013.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-118/ACR-118.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-057/ACR-057.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-059/ACR-059.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-060/ACR-060.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-071/ACR-071.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230705/minicadviewer-230529/3.4.0.0/Images/ACR-106/ACR-106.JPG","230705/minicadviewer-230529/3.4.0.0/Images/ACR-092/ACR-092.JPG"],"guid":"ba0e17c9-3882-47c6-ab70-2d21318c011e_3.4.0.0_1","appID":"minicadviewer-230529","dateAdded":"240320","deceptorType":"Bundler","name":"Mini CAD Viewer","company":"zxt2007.com","version":"3.4.0.0","lastKnownStatus":"3.3.0.0;3.4.0.0;3.6.1.0","lastKnownDate":"240320","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-03-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":684},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless. \n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Mini CAD Viewer\\MiniCADViewer.exe","companyName":"ZXT2007.com","productName":"Mini CAD Viewer","productVersion":"3.3.0.0","fileVersion":"3.3.0.0","hashMD5":"a4430629f70b2c2f50f40ccf625c11bc","hashSHA1":"562357471fb30c16c9cc1eeb6f134e12b3c6e3e3","hashSHA256":"c913c29360761544f3c9dedbb1e1d10cb1d2621b32d546a549a81408b778f16e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1075","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"minicadviewer_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Mini CAD Viewer                                             ","productVersion":"3.3.0.0                                           ","fileVersion":"3.3.0.0             ","hashMD5":"91c42d9509111ace98269a991a2f6fb5","hashSHA1":"d774f288f022a3f37bd3e09db20046d71fb49d8c","hashSHA256":"960a2e4339317800009951f95421c9bd121d79cd909e8feecd515d2bc6f32615","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1075","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["K7 Total Security (20240618)","Quick Heal Internet Security (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/minicadviewer.html","directDownloadingLink":"http://en.zxt2007.com/download/minicadviewer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/minicadviewer_setup.exe","sourceIndex":"1075"}],"sampleFiles":["230531/minicadviewer-230529/3.3.0.0/Samples/minicadviewer_setup.exe"],"imageFiles":["230531/minicadviewer-230529/3.3.0.0/Images/ACR-109/ACR-109.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-043/ACR-043.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-042/ACR-042.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-048/ACR-048.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-007/ACR-007.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-010/ACR-010.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-013/ACR-013.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-118/ACR-118.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-057/ACR-057.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-059/ACR-059.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-060/ACR-060.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-071/ACR-071.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230531/minicadviewer-230529/3.3.0.0/Images/ACR-045/ACR-045.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-106/ACR-106.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-092/ACR-092.JPG","230531/minicadviewer-230529/3.3.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"ba0e17c9-3882-47c6-ab70-2d21318c011e_3.3.0.0_1","appID":"minicadviewer-230529","dateAdded":"240320","deceptorType":"Bundler","name":"Mini CAD Viewer","company":"zxt2007.com","version":"3.3.0.0","lastKnownStatus":"3.3.0.0;3.4.0.0;3.6.1.0","lastKnownDate":"240320","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-03-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":685},{"violations":{"ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"The app hides in the system tray once the installation gets completed.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts to user's system in separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs all files to a different location <C:\\Users\\User\\AppData\\Roaming\\Roaming\\decacopy> instead of the standard location.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Roaming\\decacopy\\Decacopy.exe","companyName":"","productName":"","productVersion":"1.2.5.2","fileVersion":"1.2.5.2","hashMD5":"c173b119e951ac2ff52c83b1783703b8","hashSHA1":"1afbfc9831d62a9bfa7737fed659be94c1b55ec7","hashSHA256":"8a29d548a2e9bd774587945b4b179501fa786ebc1bb58eeb1a65066146bb715d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"590","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"decacopy.exe","isInstaller":"True","companyName":"Globalhop                                                   ","productName":"Decacopy Lite                                               ","productVersion":"1.2.5.2                                           ","fileVersion":"                    ","hashMD5":"aae68e4b8614540ef68134fca3532bf1","hashSHA1":"02e8cef3df4d009c07b3a3b7e24a3ddebbbf6157","hashSHA256":"ec8d51ad6e5cbd9b807350299346ec6d9d1813e11b6a9e14fdadc885625ccca4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"590","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","McAfee Total Protection (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["Bitdefender Internet Security (20240618)","COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","K7 Total Security (20240618)","Quick Heal Internet Security (20240618)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://download.cnet.com/Decacopy-Lite-Clipboard-Manager/3000-2384_4-78625932.html","directDownloadingLink":"https://download.cnet.com/Decacopy-Lite-Clipboard-Manager/3001-2384_4-78625932.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cnet.com/Decacopy-Lite-Clipboard-Manager/3001-2384_4-78625932.html","sourceIndex":"590"},{"howFound":"","reference":"","landingPage":"https://www.decacopy.com/","ipv4":"","ipv6":"","sourceIndex":"591"}],"sampleFiles":["240319/Decacopy-220524/1.2.5.2/Samples/decacopy.exe"],"imageFiles":["240319/Decacopy-220524/1.2.5.2/Images/ACR-007/ACR-007_Install.JPG","240319/Decacopy-220524/1.2.5.2/Images/ACR-084/ACR-084_Software.JPG","240319/Decacopy-220524/1.2.5.2/Images/ACR-155/ACR-155_InbundlOffers.JPG"],"nonDeceptorImageFiles":["240319/Decacopy-220524/1.2.5.2/Images/ACR-040/ACR-040_Install.JPG"],"guid":"d5401aee-64e7-47bc-9132-898aaad1d63f_1.2.5.2_1","appID":"Decacopy-220524","dateAdded":"240319","deceptorType":"App","name":"Decacopy","company":"Globalhop Ltd","version":"1.2.5.2","firstVendorContactDate":"240604","firstResolvedDate":"240717","lastKnownStatus":"1.2.5.2","lastKnownDate":"240717","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-07-17T21:45:51.1634085+00:00","notDistributed":true,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":254},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources. \nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the app is re-enabled at least for the 1st time.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. There is no clear control for borrowing resource.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\"\n"},"samples":[{"isRevoked":"False","fileName":"setuptaskbarify.exe","isInstaller":"True","companyName":"Taskbarify                                                  ","fileVersion":"1.0","hashMD5":"ea31f087b2a513e548b24db65c93c739","hashSHA1":"7b869a17e256cb18e4b6007888b4174d1bc057b3","hashSHA256":"51abded2d54d4b8c78cd9197b0ce55dbc94c7a52ccf67edffe721d4e1de5b59f","digitalCertThumbprint":"1BB26C027214454F668B780B3DB025E3E81B0307","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ra’s al Khaymah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"594","avBlockList":["360 Total Security (20240618)","Avast Premium Security (20240618)","AVG Internet Security (20240618)","Avira Internet Security (20240618)","Bitdefender Internet Security (20240618)","ESET Internet Security (20240618)","G DATA INTERNET SECURITY (20240618)","K7 Total Security (20240618)","Kaspersky Internet Security (20240618)","Malwarebytes Premium (20240618)","Norton Security (20240618)","Panda Dome (20240618)","Quick Heal Internet Security (20240618)","Sophos Home Premium (20240618)","SpyHunter5 (20240618)","Total AV Antivirus Pro (20240618)","Trend Micro Internet Security (20240618)","VIPRE Advanced Security (20240618)","VirIT eXplorer PRO (20240618)","Webroot SecureAnywhere (20240618)"],"avAllowList":["COMODO Antivirus (20240618)","Dr.Web Security Space (20240618)","McAfee Total Protection (20240618)","Windows Defender (20240618)"]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://taskbarify.com/","directDownloadingLink":"https://taskbarify.com/download/setuptaskbarify.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://taskbarify.com/download/setuptaskbarify.exe","sourceIndex":"594"}],"sampleFiles":["240315/Taskbarify-240315/1.0.1.0/Samples/setuptaskbarify.exe"],"imageFiles":["240315/Taskbarify-240315/1.0.1.0/Images/ACR-007/ACR-007_Install_1.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-007/ACR-007_Install_2.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-084/ACR-084_Software_1.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-084/ACR-084_Software_2.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-007/setuptaskbarify.gif","240315/Taskbarify-240315/1.0.1.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240315/Taskbarify-240315/1.0.1.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240315/Taskbarify-240315/1.0.1.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"263eec42-2e7a-46ff-9a26-820ff16335ee_1.0.1.0_1","appID":"Taskbarify-240315","dateAdded":"240315","deceptorType":"App","name":"Taskbarify","company":"Globalhop","version":"1.0.1.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.3.0","resolved":"TRUE","lastKnownStatus":"1.0.1.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2024-07-12T21:25:34.0502863+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":255},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the app is re-enabled at least for the 1st time.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. There is no clear control for borrowing resource. \n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n"},"samples":[{"isRevoked":"False","fileName":"Barousel-setup.exe","isInstaller":"True","companyName":"Barousel                                                    ","fileVersion":"1.0","hashMD5":"9ab1976f7ec064a90b4a1226fcf529ac","hashSHA1":"4db4dacc4e5f81968edc1effdfaad17ecbf2aa92","hashSHA256":"5af626495e7f9790e9ef30578a15834aefa5cb4278da8e926f73f701a5419722","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"599","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://www.barousel.com/","directDownloadingLink":"https://www.barousel.com/download/Barousel.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.barousel.com/download/Barousel.exe","sourceIndex":"599"}],"sampleFiles":["240312/Barousel-240312/1.0.2.0/Samples/Barousel-setup.exe"],"imageFiles":["240312/Barousel-240312/1.0.2.0/Images/ACR-007/ACR-007_Install_1.png","240312/Barousel-240312/1.0.2.0/Images/ACR-084/ACR-084_Software_1.png","240312/Barousel-240312/1.0.2.0/Images/ACR-084/ACR-084_Software_2.png","240312/Barousel-240312/1.0.2.0/Images/ACR-007/barousel.mp4","240312/Barousel-240312/1.0.2.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240312/Barousel-240312/1.0.2.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240312/Barousel-240312/1.0.2.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"80125939-43c5-4c80-9428-47eb846fd470_1.0.2.0_1","appID":"Barousel-240312","dateAdded":"240312","deceptorType":"App","name":"Barousel","company":"Globalhop","version":"1.0.2.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.6.0","resolved":"TRUE","lastKnownStatus":"1.0.2.0","lastKnownDate":"240312","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2024-07-12T21:13:13.0745214+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":258},{"violations":{"ACR-048":"The App does not provide an option to cancel the startup of its own. It also runs silently in the background which can make it difficult to disable or uninstall the app completely. Elements are also located  hidden folders making it a challenge for ordinary users to remove it manually. \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection \n","ACR-084":"The app runs silently in the background and runs in the system tray immediately after installation hiding the fact that it is active from the consumer. It also creates a startup entry without the user's knowledge and consent.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts to user's system in separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The App installs itself by default in a hidden folder Appdata/Local/Programs\n","ACR-099":"The application does not display links to uninstall information. \nLanding page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"TaskbarSystem.exe1","productName":"Taskbar system    ","fileVersion":"1.0","hashMD5":"78277c5729caed0f1b41994e68f44c0f","hashSHA1":"8a9f3b789f9aa2af36c8ba48a99f3a210b55492c","hashSHA256":"a579b7c030d8b301d42487725eaa0718baf1b2e8401879a04f076fd5c7c7bf51","digitalCertThumbprint":"D042AEC9E0D8D497818C2C3BD2E1CE562C04C3A5","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd TOO, O=Globalhop Ltd TOO, L=Almaty, C=KZ","sourceIndex":"1509","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"taskbarsystem-setup.exe1","isInstaller":"True","companyName":"Taskbar system                                              ","productName":"Taskbar system           ","fileVersion":"1.0","hashMD5":"fa22ea3bcf63f1bfb0773dc5771b32ac","hashSHA1":"fd4893dfa4445626a797aaf520a4d7f3c76da1b8","hashSHA256":"7f414d8546d87b96cd55148442265f31b6ab25bba3769cc0165ec2d66dabed9a","digitalCertThumbprint":"D042AEC9E0D8D497818C2C3BD2E1CE562C04C3A5","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd TOO, O=Globalhop Ltd TOO, L=Almaty, C=KZ","sourceIndex":"1509","avBlockList":["360 Total Security (20240425)","Avast Premium Security (20240425)","AVG Internet Security (20240425)","Bitdefender Internet Security (20240425)","ESET Internet Security (20240425)","G DATA INTERNET SECURITY (20240425)","K7 Total Security (20240425)","Kaspersky Internet Security (20240425)","Malwarebytes Premium (20240425)","McAfee Total Protection (20240425)","Norton Security (20240425)","Panda Dome (20240425)","Quick Heal Internet Security (20240425)","Sophos Home Premium (20240425)","SpyHunter5 (20240425)","Trend Micro Internet Security (20240425)","VIPRE Advanced Security (20240425)","VirIT eXplorer PRO (20240425)","Webroot SecureAnywhere (20240425)","Windows Defender (20240425)"],"avAllowList":["Avira Internet Security (20240425)","COMODO Antivirus (20240425)","Dr.Web Security Space (20240425)","Tencent PC Manager (20220602)","Total AV Antivirus Pro (20240425)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Globalhop Ltd","reference":"Walliant","landingPage":"https://taskbarsystem.com/","directDownloadingLink":"https://taskbarsystem.com/download/taskbarsystem.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://taskbarsystem.com/download/taskbarsystem.exe","sourceIndex":"1509"}],"sampleFiles":["220526/Taskbarsystem-220525/1.0/Samples/TaskbarSystem.exe1","220526/Taskbarsystem-220525/1.0/Samples/taskbarsystem-setup.exe1"],"imageFiles":["220526/Taskbarsystem-220525/1.0/Images/ACR-007/ACR-007_155sharingresources.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-084/ACR-048_084_startup.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-048/ACR-048_084_startup.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-048/ACR-048_084_backgroundprocess.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-048/ACR-048_084_118_uninstall.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-155/ACR-007_155sharingresources.jpg"],"nonDeceptorImageFiles":["220526/Taskbarsystem-220525/1.0/Images/ACR-040/ACR-040_hiddenfolder.jpg","220526/Taskbarsystem-220525/1.0/Images/ACR-099/ACR-099_About.gif","220526/Taskbarsystem-220525/1.0/Images/ACR-099/TaskbarSystem_LandingPage.jpeg"],"guid":"70f667a0-1b3f-491b-946e-d0b46ad3d8fc_1.0_1","appID":"Taskbarsystem-220525","dateAdded":"240312","deceptorType":"App","name":"Taskbar System","company":"Taskbar system","version":"1.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240717","firstResolvedVersion":"1.0.11.0","resolved":"TRUE","lastKnownStatus":"1.0; 1.0.5.0","lastKnownDate":"240717","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-07-17T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":257},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the sharing resource is re-enabled at least for the 1st time. \n","ACR-084":"The process keeps running in the background despite being disabled simultaneously with the disabling of \"Share resource\" option.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n"},"samples":[{"isRevoked":"False","fileName":"taskbarsystem-setup.exe","isInstaller":"True","companyName":"Taskbar system                                              ","fileVersion":"1.0","hashMD5":"271c0218165e4be1872c5501d26bfbe5","hashSHA1":"344c9253b66c6ff706ab2640f5e3d709f3e94fb4","hashSHA256":"db19e6a6bbb3d65b550cca9367744625f8bfbfa0e51276495e2509b9f491616d","digitalCertThumbprint":"02AE726E551C4BAA06F351EAB27853D035713619","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd, O=Globalhop Ltd, L=Almaty, C=KZ","sourceIndex":"592","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","VIPRE Advanced Security (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Globalhop Ltd","reference":"Walliant","landingPage":"https://taskbarsystem.com/","directDownloadingLink":"https://taskbarsystem.com/download/taskbarsystem.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://taskbarsystem.com/download/taskbarsystem.exe","sourceIndex":"592"}],"sampleFiles":["240312/Taskbarsystem-220525/1.0.5.0/Samples/taskbarsystem-setup.exe"],"imageFiles":["240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-007/ACR-007_Install_1.png","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-007/ACR-007_Install_2.png","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-084/ACR-084_Software_1.png","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-007/taskbarsystem.mp4","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240312/Taskbarsystem-220525/1.0.5.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"70f667a0-1b3f-491b-946e-d0b46ad3d8fc_1.0.5.0_1","appID":"Taskbarsystem-220525","dateAdded":"240312","deceptorType":"App","name":"Taskbar System","company":"Taskbar system","version":"1.0.5.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240717","firstResolvedVersion":"1.0.11.0","resolved":"TRUE","lastKnownStatus":"1.0; 1.0.5.0","lastKnownDate":"240717","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,net proxy","lastUpdate":"2024-07-17T21:39:20.7129207+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":256},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add this app in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sem.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.5","fileVersion":"1.0.11.5","hashMD5":"ca9d3a1dd3d7b042b07a213763e3fe10","hashSHA1":"2d94209969ce1c363770ae0ace9784791a55c38e","hashSHA256":"1fbfcaa8610dd6d722272dc92841f19159dc7912bdfeb727036e579978930d15","digitalCertThumbprint":"9B88ED90A88B281436F496523949B7BE176ACE66","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1442","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"145ed96686a848e71bb0c49ae6b29468","hashSHA1":"6bf6c513188e0f170594b2fa9f37fb14a018bd4c","hashSHA256":"6c66b3fac9d345fce08ec759cb71f35031b999a2e5fcfe0b81915dd0ce6773aa","digitalCertThumbprint":"9B88ED90A88B281436F496523949B7BE176ACE66","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1442","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6790550794515fdd78e56d34d2848f24","hashSHA1":"20a9c66871b86d38d9e4266dad9bba5b3ce95a7d","hashSHA256":"a9ff1661d080ce108ac18b738be1b899e28167178fadff81b73cc08fa4d9b094","digitalCertThumbprint":"9B88ED90A88B281436F496523949B7BE176ACE66","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1442","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployeeSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"c59377f08bf1cc1176aa177b4b641c2a","hashSHA1":"b2ca60747d6ee22ec7d8e323c7ea84e95e159fbe","hashSHA256":"53529c31a72fc27628588a0a16b3ec1c855811255506f2d01aaa8e08af669048","digitalCertThumbprint":"9B88ED90A88B281436F496523949B7BE176ACE66","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1442","avBlockList":["Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20220927)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)"],"avAllowList":["360 Total Security (20230928)","Bitdefender Internet Security (20230928)","Trend Micro Internet Security (20230928)","VIPRE Advanced Security (20230928)","Windows Defender (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://www.spyrix.com","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://ep-download.securespyrix.com/download/sem/spyrixemployee.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ep-download.securespyrix.com/download/sem/spyrixemployee.exe","sourceIndex":"1442"}],"sampleFiles":["220831/SpyrixEmployeeMonitoring-201202/11.5.41/Samples/spyrixemployeeSetup.exe"],"imageFiles":["220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-048/ACR-048.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-048/ACR-048_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-048/ACR-048_2.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-007/ACR-007.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-007/ACR-007_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-007/ACR-007_2.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-084/ACR-084.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-084/ACR-084_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-084/ACR-084_2.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086_2.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086_3.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-086/ACR-086_4.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-097/ACR-097.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-097/ACR-097_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-116/ACR-116.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-116/ACR-116_1.JPG"],"nonDeceptorImageFiles":["220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-040/ACR-040.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-040/ACR-040_1.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-065/ACR-065_Install.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-082/ACR-082.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-065/ACR-065_Software.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-099/ACR-099_Software.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-167/ACR-167.jpg","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-099/ACR-099_landingpage.jpg","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-017/ACR-017.JPG","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-161/ACR-161.jpg","220831/SpyrixEmployeeMonitoring-201202/11.5.41/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.5.41_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.5.41","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":688},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page.\nThe App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"sem.exe","fileVersion":"1.0","hashMD5":"e01afe9b2725071c9f9ae70b9a14a151","hashSHA1":"9c1f8a5681e43f1afdb13b7c9fe420600807d7b7","hashSHA256":"7c8bb37240bf4f379d2f85315978f417e10c82a4b48dec931e359e6217965dc5","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1878","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"e54f071412845b1aad5959ea64afffc8","hashSHA1":"e7baa058dcde08453afe91513d555b0ee6c5c92b","hashSHA256":"8a44cdd85b6476a8d56dbe5dc09142a44e0e732b0e2d59b91a1bb1d380e11007","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1878","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"639cf4dedae3f1a3342a39dec9d7bee9","hashSHA1":"0d13e2141d221b8b2486f258e4b58bfc79a74953","hashSHA256":"f6fa5e7de7d9a59360ab93ac40a94018393c5bc3ceef42ec662b39fd4f10ddc1","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1878","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)","Windows Defender (20240620)"],"avAllowList":[]},{"isRevoked":"False","fileName":"sem [2].exe","fileVersion":"0.0","hashMD5":"0f171d9b2ea20c0d13453d3f10a26a38","hashSHA1":"6204cd446954cdfe2d3f908569ce030ec9f69139","hashSHA256":"b9a5364396e0a099abfe0f746114be9cb7cfda16004e06cab5cc7ea004c98748","sourceIndex":"1878","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm [2].exe","fileVersion":"0.0","hashMD5":"b978b056c458ecc3435f8d1553383f51","hashSHA1":"02d3a95ff322e31878330761a01569ec4b660c0b","hashSHA256":"307fe1fcfc4de5d6a1e426af9c448febaffc828f4eb862d4d402d69ea38918a1","sourceIndex":"1878","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f888f8913f4c0d1515e161306e199d78","hashSHA1":"2d75f9edfe4d3dc33395c04d194590c7e1374fc0","hashSHA256":"4979745487afabedf0eedf1005907ee4341b7462c8f2692b3ee0198f46528438","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1878","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.spyrix.com","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://cdfn-download.securespyrix.com/download/sem/spyrixemployee.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdfn-download.securespyrix.com/download/sem/spyrixemployee.exe","sourceIndex":"1878"}],"sampleFiles":["210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/sem.exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/spmm.exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/spyrixemployee.exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/sem [2].exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/spmm [2].exe","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Samples/spyrixemployee [2].exe"],"imageFiles":["210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-048/SpyrixEmployeeMonitor_Interactions [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-048/SpyrixEmployeeMonitor_SettingWizard [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-048/SpyrixEmployeeMonitor_RunningProcess [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-007/SpyrixEmployeeMonitor_SettingWizard [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-007/SpyrixEmployeeMonitor_Interactions [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-007/SpyrixEmployeeMonitor_RunningProcess [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-084/SpyrixEmployeeMonitor_Interactions [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-084/SpyrixEmployeeMonitor_SettingWizard [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-084/SpyrixEmployeeMonitor_RunningProcess [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_SettingWizard [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_SettingWizard [5].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_SettingWizard [6].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_Interactions [3].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-086/SpyrixEmployeeMonitor_Interactions [7].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-097/SpyrixEmployeeMonitor_LandingPage [3].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-097/SpyrixEmployeeMonitor_LandingPage [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-097/SpyrixEmployeeMonitor_LandingPage [5].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-097/SpyrixEmployeeMonitor_LandingPage [6].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-116/SpyrixEmployeeMonitor_RunningProcess [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-116/SpyrixEmployeeMonitor_SettingWizard [4].png"],"nonDeceptorImageFiles":["210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-040/SpyrixEmployeeMonitor_HiddenDirectory [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-040/SpyrixEmployeeMonitor_HiddenDirectory [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_Install [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_Install [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_Install [3].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_Install [5].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_Install [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_LandingPage [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-082/SpyrixEmployeeMonitor_LandingPage [9].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-065/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-099/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_Install [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_LandingPage [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-167/Spyrix_RefundPolicy [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-099/SpyrixEmployeeMonitor_LandingPage [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-099/SpyrixEmployeeMonitor_LandingPage [2].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_LandingPage [4].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_About [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-002/SpyrixEmployeeMonitor_Install [1].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-017/SpyrixEmployeeMonitor_LandingPage [7].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-161/SpyrixEmployeeMonitor_LandingPage [8].png","210627/SpyrixEmployeeMonitoring-201202/11.5.31/Images/ACR-099/SpyrixEmployeeMonitor_OfferPage [1].png"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.5.31_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.5.31","sigName":"Deceptor:Win32/SpyrixEmployeeMonitoringStalkerware!048007084086097116","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":689},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9ff0112612e20aacf3bb02e5d55fabbb","hashSHA1":"86c832cee9c275f3fd19ae35d7d6ebfc70cb00e6","hashSHA256":"37c303ac18c7b8a900c17fc7c42ffa3bf2f7cd41c6119b055d4600a3f805fca8","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2036","avBlockList":["360 Total Security (20210316)","Avast Premium Security (20210316)","AVG Internet Security (20210316)","Avira Internet Security (20210316)","Bitdefender Internet Security (20210316)","COMODO Antivirus (20210316)","Dr.Web Security Space (20210316)","ESET Internet Security (20210316)","G DATA INTERNET SECURITY (20210316)","K7 Total Security (20210316)","Kaspersky Internet Security (20210316)","Malwarebytes Premium (20210316)","McAfee Total Protection (20210316)","Norton Security (20210316)","Panda Dome (20210316)","Quick Heal Internet Security (20210316)","Sophos Home Premium (20210316)","SpyHunter5 (20210316)","Tencent PC Manager (20210316)","Total AV Antivirus Pro (20210316)","VIPRE Advanced Security (20210316)","VirIT eXplorer PRO (20210316)","Webroot SecureAnywhere (20210316)","Windows Defender (20210316)"],"avAllowList":["Trend Micro Internet Security (20210316)"]},{"isRevoked":"False","fileName":"sem.exe","fileVersion":"1.0","hashMD5":"96eff45b2975f5ab963b7bd16b24419e","hashSHA1":"818c62b7ae4c5e2b0190c67928600371c6ded587","hashSHA256":"55f2a78a766eeef17915286af4b7f1159a04c86d68be49277d46201b4e5fd860","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2036","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"2194a30bd86dc7d6ccf2d1b6a615b7dd","hashSHA1":"04f8ac4d3bc3c36393db92acc5932fcb5d7320f7","hashSHA256":"50fda504996e33ab64bee7d7afc45335e90e7b0446215cc1af9665371506e6cf","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2036","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spr.exe","fileVersion":"0.0","hashMD5":"f5e240dd9bb66c543a867233638a8d16","hashSHA1":"a3c80df8942640e893bcba32e89aa1214a456717","hashSHA256":"37de779e0499ebc9e0b6d7cbea38022cc5afc92ec9d78788fae125cc65011317","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2036","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sps.exe","fileVersion":"1.0","hashMD5":"b372d59d6c59e4a51465a954445da818","hashSHA1":"ddd32631d49267c4275c140a27a506468ce5e99b","hashSHA256":"9c5988619438a3c95b1127b60d62c4a19e2dfde939494c4bd6f401ddff8eebee","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2036","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://www.spyrix.com","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://ep-download.securespyrix.com/download/sem/spyrixemployee.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ep-download.securespyrix.com/download/sem/spyrixemployee.exe","sourceIndex":"2036"}],"sampleFiles":["201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/spyrixemployee.exe","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/sem.exe","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/spmm.exe","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/spr.exe","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Samples/sps.exe"],"imageFiles":["201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-048/Spyrix Employee Monitor_ControlPanel [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-048/Spyrix Employee Monitor_Install [10].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-007/Spyrix Employee Monitor_ControlPanel [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-007/Spyrix Employee Monitor_Install [10].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-084/Spyrix Employee Monitor_Install [10].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-086/Spyrix Employee Monitor_Install [9].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-086/Spyrix Employee Monitor_Install [10].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-086/Spyrix Employee Monitor_Interactions [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-086/Spyrix Employee Monitor_Interactions [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-097/Spyrix Employee Monitor_Download [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-097/Spyrix Employee Monitor_Download [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-097/Spyrix Employee Monitor_Download [3].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-116/Spyrix Employee Monitor_ControlPanel [1].png"],"nonDeceptorImageFiles":["201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-040/Spyrix Employee Monitor_Files [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-040/Spyrix Employee Monitor_Files [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-065/Spyrix Employee Monitor_Install [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-065/Spyrix Employee Monitor_Install [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-082/Spyrix Employee Monitor_LandingPage [2].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-065/Spyrix Employee Monitor_About [1].png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-167/Spyrix Employee Monitor_Return and refund policy.png","201202/SpyrixEmployeeMonitoring-201202/11.5.30/Images/ACR-161/Spyrix Employee Monitor_LandingPage [3] Testimonials.png"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.5.30_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.5.30","sigName":"Deceptor:Win32/SpyrixEmployeeMonitoringStalkerware!048007084086097116","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":690},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection when the app is re-enabled at least for the 1st time.\n","ACR-084":" The process keeps running in the background despite disabling app and connection option. Not clear control  for borrowing resource. \n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\"  \n"},"samples":[{"isRevoked":"False","fileName":"stopabit-setup.exe","isInstaller":"True","companyName":"Stopabit                                                    ","productName":"Stopabit   ","fileVersion":"1.0.2.0             ","hashMD5":"69bf068d2015b017d1b013bce883d26d","hashSHA1":"f9dfa607ab08d456f01d5322b601670ce61d0ae7","hashSHA256":"a832013e3dc290a2b569ee22e8f0f57dcca23c8309f45d998a9ca85835a92e13","digitalCertThumbprint":"5A7DE11C1A8C17C208B25587947E8F443AB02AC0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ras Al Khaimah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"595","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"proxyware apps, globalhop","reference":"","landingPage":"https://www.stopabit.com/","directDownloadingLink":"https://www.stopabit.com/download/stopabit.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.stopabit.com/download/stopabit.exe","sourceIndex":"595"}],"sampleFiles":["240311/Stopabit-240311/1.0.2.0/Samples/stopabit-setup.exe"],"imageFiles":["240311/Stopabit-240311/1.0.2.0/Images/ACR-007/ACR-007_Install_1.png","240311/Stopabit-240311/1.0.2.0/Images/ACR-084/ACR-084_Software_1.png","240311/Stopabit-240311/1.0.2.0/Images/ACR-084/ACR-084_Software_2.png","240311/Stopabit-240311/1.0.2.0/Images/ACR-007/ACR-007_Software_1.png","240311/Stopabit-240311/1.0.2.0/Images/ACR-007/StopAbit.mp4","240311/Stopabit-240311/1.0.2.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240311/Stopabit-240311/1.0.2.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"cd8424b6-ce15-42de-a387-2597a8eaee7b_1.0.2.0_1","appID":"Stopabit-240311","dateAdded":"240311","deceptorType":"App","name":"StopAbit","company":"Globalhop","version":"1.0.2.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.10.0","resolved":"TRUE","lastKnownStatus":"1.0.2.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy","lastUpdate":"2024-07-12T21:21:32.6076659+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":261},{"violations":{"ACR-048":"The App does not provide an option to cancel the startup of its own. It also runs silently in the background using a different icon from installation. It makes it difficult to disable or uninstall the app completely. Elements are also located  hidden folders making it a challenge for ordinary users to remove it manually.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection\n","ACR-084":"The App runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts to user's system in separate prompt.\n"},"nonDeceptorViolations":{"ACR-040":"The App installs itself by default in a hidden folder Appdata/Local/Programs\n","ACR-099":"The application does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"walliant.exe","companyName":"Walliant","productName":"Walliant","productVersion":"1.0","fileVersion":"1.0","hashMD5":"24391d500587e3912718f264ac10d090","hashSHA1":"f25451ec8eaa0ff41439ca6c312055883533a26b","hashSHA256":"494be16884968c6e4ba6c1319eb8ac41fb1fb7964d403ab4efe22557668ee4d9","digitalCertThumbprint":"CFEB87A65844EE099CF460B5B46994D94D64FA70","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd, O=Globalhop Ltd, L=Almaty, C=KZ","sourceIndex":"1508","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"walliant-setup.exe","isInstaller":"True","companyName":"Walliant                                                    ","productName":"Walliant","productVersion":"1.0","fileVersion":"1.0","hashMD5":"ba7f294f0432b79b2692b553f7f3872a","hashSHA1":"0d1274b5dba140fb8530d3f2d860da2b3dda8ba7","hashSHA256":"45dddb0a13d0d3061c46cf32bc8c2997808dc726bcc81d054b684a9067aa3074","digitalCertThumbprint":"CFEB87A65844EE099CF460B5B46994D94D64FA70","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Globalhop Ltd, O=Globalhop Ltd, L=Almaty, C=KZ","sourceIndex":"1508","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","Trend Micro Internet Security (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)","Windows Defender (20240620)"],"avAllowList":["COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","K7 Total Security (20240620)","Tencent PC Manager (20220531)"]},{"isRevoked":"False","fileName":"Countly.dll","companyName":"Countly","fileVersion":"20.5","hashMD5":"ef1f145128473f2ea8f3c06dca43b7c7","hashSHA1":"e31b8131dc767fada7a0f643ad978a2379f7fcce","hashSHA256":"80ab364db1d0daf81cfed365bc49979f8c5261299e01a9872a653dc70618126d","sourceIndex":"1508","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sdk.dll","fileVersion":"0.0","hashMD5":"d161b2a93877da6a4f0cdb7bdbf87c3e","hashSHA1":"8766ab203fe699545e066b02a627d258a42411da","hashSHA256":"5551371473f92cc63d6c3c2463f93d89ce8053a1560f91e6707c79a801c3745a","sourceIndex":"1508","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"https://walliant.com/","directDownloadingLink":"https://walliant.com/download/walliant.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://walliant.com/download/walliant.exe","sourceIndex":"1508"}],"sampleFiles":["220524/Walliant-220523/1.0/Samples/walliant.exe","220524/Walliant-220523/1.0/Samples/walliant-setup.exe","220524/Walliant-220523/1.0/Samples/Countly.dll","220524/Walliant-220523/1.0/Samples/sdk.dll"],"imageFiles":["220524/Walliant-220523/1.0/Images/ACR-084/ACR-084_RunninginBackground.jpg","220524/Walliant-220523/1.0/Images/ACR-007/GlobalHop_007.JPG","220524/Walliant-220523/1.0/Images/ACR-048/ACR-048_DiffLogo_RunBackground.jpg","220524/Walliant-220523/1.0/Images/ACR-048/Walliant_Uninstall.jpg","220524/Walliant-220523/1.0/Images/ACR-155/GlobalHop_007.JPG"],"nonDeceptorImageFiles":["220524/Walliant-220523/1.0/Images/ACR-040/Walliant_HiddenFolder.jpg","220524/Walliant-220523/1.0/Images/ACR-099/Walliant_About.gif","220524/Walliant-220523/1.0/Images/ACR-099/Walliant_LandingPage.jpeg"],"guid":"e5257089-4570-46a1-bdb5-60339150c0e1_1.0_1","appID":"Walliant-220523","dateAdded":"240311","deceptorType":"App","name":"Walliant","company":"Walliant","version":"1.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.16.0","resolved":"TRUE","lastKnownStatus":"1.0; 1.0.12.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-07-12T00:00:00+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":260},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection, when the app is re-enabled at least for the 1st time. \n","ACR-084":"The process keeps running in the background despite disabling app and connection option. No clear control to borrowing resource. \n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts on the user's system on a separate prompt. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself by default in a hidden path \"%AppData%\\Local\\Programs\\\" \n"},"samples":[{"isRevoked":"False","fileName":"walliant-setup.exe","isInstaller":"True","companyName":"Walliant                                                    ","fileVersion":"1.0.12.0","hashMD5":"96a2cbe809b25c20ccc7d01e0c76e10e","hashSHA1":"f39fef0e78b05d5f1878f68e160d83bdf24ab50f","hashSHA256":"e85c9eb65c1a2eaa03c64d4a7b30c2b245d42b8c34689af0f90c8fd7068ecde0","digitalCertThumbprint":"C6D0201889888E307CC1525F1F2304ADC3676DD5","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, L=Ras-Al-Khaimah, S=Ras-Al-Khaimah, C=AE, SERIALNUMBER=46000244, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ras Al Khaimah, OID.1.3.6.1.4.1.311.60.2.1.3=AE","sourceIndex":"601","avBlockList":["360 Total Security (20240416)","Avast Premium Security (20240416)","AVG Internet Security (20240416)","Avira Internet Security (20240416)","ESET Internet Security (20240416)","G DATA INTERNET SECURITY (20240416)","K7 Total Security (20240416)","Kaspersky Internet Security (20240416)","Malwarebytes Premium (20240416)","McAfee Total Protection (20240416)","Norton Security (20240416)","Panda Dome (20240416)","Quick Heal Internet Security (20240416)","Sophos Home Premium (20240416)","SpyHunter5 (20240416)","Total AV Antivirus Pro (20240416)","Trend Micro Internet Security (20240416)","VirIT eXplorer PRO (20240416)","Webroot SecureAnywhere (20240416)","Windows Defender (20240416)"],"avAllowList":["Bitdefender Internet Security (20240416)","COMODO Antivirus (20240416)","Dr.Web Security Space (20240416)","VIPRE Advanced Security (20240416)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"https://walliant.com/","directDownloadingLink":"https://walliant.com/download/walliant.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://walliant.com/download/walliant.exe","sourceIndex":"601"}],"sampleFiles":["240311/Walliant-220523/1.0.12.0/Samples/walliant-setup.exe"],"imageFiles":["240311/Walliant-220523/1.0.12.0/Images/ACR-084/ACR-084_Software_1.png","240311/Walliant-220523/1.0.12.0/Images/ACR-007/ACR-007_Install_1.png","240311/Walliant-220523/1.0.12.0/Images/ACR-007/ACR-007_Install_2.png","240311/Walliant-220523/1.0.12.0/Images/ACR-007/Walliant.mp4","240311/Walliant-220523/1.0.12.0/Images/ACR-155/ACR-155_In-bundle offers_1.png","240311/Walliant-220523/1.0.12.0/Images/ACR-155/ACR-155_In-bundle offers_2.png"],"nonDeceptorImageFiles":["240311/Walliant-220523/1.0.12.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"e5257089-4570-46a1-bdb5-60339150c0e1_1.0.12.0_1","appID":"Walliant-220523","dateAdded":"240311","deceptorType":"App","name":"Walliant","company":"Walliant","version":"1.0.12.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.16.0","resolved":"TRUE","lastKnownStatus":"1.0; 1.0.12.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,net proxy","lastUpdate":"2024-07-12T21:09:10.3498103+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":2,"sortOrder":259},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the desktop and control panel, which prevents it from being uninstalled easily. The app uses a password to hide its presence.\n","ACR-007":"The app enables the consumer to hide it from the desktop and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n","ACR-084":"The app enables the user to hide the app from the desktop and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"The app calls itself \"sem.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{"ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sem.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"2e2d3324286f1b01b85fe963e985561f","hashSHA1":"cb5439581d0026025bca867ba661684f53384241","hashSHA256":"629a2d6b1900c38fbd1551e017fb8ba5b81e5d5dc86c20977a3f01b4f037da72","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"714","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6d9e0074298a206b6c74301f9a9a60f3","hashSHA1":"831c79b42544f74421481c4bf4876eef9f807714","hashSHA256":"bc2e3f0a9e9b65ebbc452ef7474e4fe0e7b9800fa79534fa20a2f28b97b66f33","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"714","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ab4638d7d5c43eded6f5147ac1a3476b","hashSHA1":"e13f37ddef346d1de02dc288cb9a657d619c9196","hashSHA256":"a46d95fb4245426665d97d75463f02d684330e7b64f465b482c96db263ababc3","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"714","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\wlg.exe","companyName":"","productName":"URLLogger","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"b364bd0c69a0f8131cbc10dc9a912ffb","hashSHA1":"536256f7a22a9de580b675f1cc6bc49834863c11","hashSHA256":"e5868e241ecd086e9127e54eb27a9dee7f71ebc19acd7f4f882f639fb4b82c74","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"714","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4d1decb8a26fe01b44af0cc7233aafcc","hashSHA1":"f11cb94f08138cd513bc527ab1251263f286b867","hashSHA256":"2b82c85bb43b569c0024cae790bc2ea1870b8ee7eadbd7ec9457f966e7c17192","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"714","avBlockList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","VirIT eXplorer PRO (20240625)","Webroot SecureAnywhere (20240625)"],"avAllowList":["COMODO Antivirus (20240625)","Windows Defender (20240625)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://spyrix.app/sem.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/sem.html","sourceIndex":"714"}],"sampleFiles":["240311/SpyrixEmployeeMonitoring-201202/11.6.15/Samples/spyrixemployee.exe"],"imageFiles":["240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-048/ACR-048.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-048/ACR-048_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-048/ACR-048_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-048/ACR-048_3.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-007/ACR-007.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-007/ACR-007_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-007/ACR-007_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-007/ACR-007_3.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084_3.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-084/ACR-084_4.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-086/ACR-086.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-086/ACR-086_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-086/ACR-086_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-097/ACR-097.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-097/ACR-097_1.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-097/ACR-097_2.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-014/ACR-014.PNG","240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":["240311/SpyrixEmployeeMonitoring-201202/11.6.15/Images/ACR-082/ACR-082.PNG"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.6.15_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.6.15","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:28.8451483+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":686},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list and system tray, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a password to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add this app in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sem.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"11aa0344ce5ea8b99e6a4fb52798a64a","hashSHA1":"14823ddbe52f67ea11dcd6f35b1195e031ff92ee","hashSHA256":"167f57034f7ded6d84ecaa44cf88b4942afce19e0b73661064954fc1399e7798","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"951","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"9c435f3191d2f8c854c6af3b49f597ce","hashSHA1":"8f6ab1e07df5b6e51b443a714e544a855c9e58ca","hashSHA256":"a39d96ddca5569f68c44005409d0ca00e1422bdc397405a7aedf43e5c4bbaf01","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"951","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"158fa6648c2e4a91dc1974f9242b9d43","hashSHA1":"a942f425d3fc28cd19c03a53b1a894c2a5b5fbfe","hashSHA256":"406b96f8bbcc9badb7ad209d55583edfcf950243207bdf5a5a6bdd44dada03f0","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"951","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"44a3c71c6c445d655edc95fe87035c03","hashSHA1":"c91c346f1f6cfc1a0e3a1675fabe71712f450720","hashSHA256":"57ef2f0186cb711e83bbdcdf21a2e9c2b388059d0e40cefcc7e969341697e112","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"951","avBlockList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)","Windows Defender (20230926)"],"avAllowList":["Bitdefender Internet Security (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spyrix.com/employee-monitoring.php","directDownloadingLink":"https://spyrix.app/sem.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/sem.html","sourceIndex":"951"}],"sampleFiles":["230726/SpyrixEmployeeMonitoring-201202/11.6.11/Samples/spyrixemployee.exe"],"imageFiles":["230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-048/ACR-048_Install_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-048/ACR-048_Install_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-048/ACR-048_Install_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-007/ACR-007_Install_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-007/ACR-007_Install_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-007/ACR-007_Install_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-084/ACR-084_Software_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-084/ACR-084_Software_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-084/ACR-084_Software_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-084/ACR-084_Software_4.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-086/ACR-086_Software_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-086/ACR-086_Software_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-086/ACR-086_Software_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-086/ACR-086_Software_4.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-097/ACR-097_Software_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-097/ACR-097_Software_2.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-097/ACR-097_Software_3.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-097/ACR-097_Software_4.PNG","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-040/ACR-040_Install_1.png","230726/SpyrixEmployeeMonitoring-201202/11.6.11/Images/ACR-082/ACR-082_Software_1.png"],"guid":"3fa1317b-618c-4ad8-9265-0b77ebfc15e1_11.6.11_1","appID":"SpyrixEmployeeMonitoring-201202","dateAdded":"240311","deceptorType":"App","name":"Spyrix Employee Monitoring","company":"Spyrix Software","version":"11.6.11","lastKnownStatus":"11.5.30;11.5.31;11.5.41;11.6.11;11.6.15","lastKnownDate":"240311","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:36.2875068+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":687},{"violations":{"ACR-048":"The app is always running in the background, which limits the consumer's ability to close the app. The app uses a password to hide its presence\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it allows the consumer to enable stealth mode. It also requires a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password to open it.\n\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-014":"The app calls itself \"akl.exe”, which is not related to the name \"Actual Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\akl.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1f186504de8df9c31c56696da8602dac","hashSHA1":"de68602f9b3aa4cf2dcad11f23a117b19046202c","hashSHA256":"8e76dbbbdee539aff4768672b9c34b89df700d2710c54c342ab55a0f61f28428","digitalCertThumbprint":"6F411AC2CDC83D971A512E45DAD28B899FF497FF","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8ad660cc4d01a51265a7789d0e2b1dd0","hashSHA1":"d3114361b7ed78e954961a5b6eae27acc6eda69e","hashSHA256":"358f0a123b4f8b9364aaa0cdaf3111d7be55ced365f0609d6daf08dc10bb25f4","digitalCertThumbprint":"6F411AC2CDC83D971A512E45DAD28B899FF497FF","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2851624f64474781d9e86aefd4221eb5","hashSHA1":"9a00f562ef7658dafa40f68f972034d7192b1b4d","hashSHA256":"904de3321c57018de062141cc46f4d318894ae9f998703b37bb107f443cf897f","digitalCertThumbprint":"6F411AC2CDC83D971A512E45DAD28B899FF497FF","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\wlg.exe","companyName":"","productName":"URLLogger","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"b364bd0c69a0f8131cbc10dc9a912ffb","hashSHA1":"536256f7a22a9de580b675f1cc6bc49834863c11","hashSHA256":"e5868e241ecd086e9127e54eb27a9dee7f71ebc19acd7f4f882f639fb4b82c74","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"c67ac856b8ae7d766e182e413f8cfefb","hashSHA1":"a7159c5d4ee076a70618790337f264467585d769","hashSHA256":"b75d9babc6e9a4c1b7b3a18a42b9b89bb6a371822d909e6d8195b0b7b2cc6f36","digitalCertThumbprint":"6F411AC2CDC83D971A512E45DAD28B899FF497FF","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"716","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","COMODO Antivirus (20240430)","Dr.Web Security Space (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","McAfee Total Protection (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Total AV Antivirus Pro (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)"],"avAllowList":["Bitdefender Internet Security (20240430)","Trend Micro Internet Security (20240430)","VIPRE Advanced Security (20240430)","Windows Defender (20240430)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.com/","sourceIndex":"716"}],"sampleFiles":["240307/ActualKeylogger-201211/8.6.15/Samples/actualkeylogger.exe"],"imageFiles":["240307/ActualKeylogger-201211/8.6.15/Images/ACR-084/ACR-084.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-084/ACR-084_1.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-084/ACR-084_2.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-084/ACR-084_3.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086_1.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086_2.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086_3.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-086/ACR-086_4.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-097/ACR-097.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-097/ACR-097_Software_1.png","240307/ActualKeylogger-201211/8.6.15/Images/ACR-048/ACR-048.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-048/ACR-048_1.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-048/ACR-048_2.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-007/ACR-007.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-007/ACR-007_1.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-007/ACR-007_2.PNG","240307/ActualKeylogger-201211/8.6.15/Images/ACR-014/ACR-014.PNG"],"nonDeceptorImageFiles":[],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_8.6.15_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"8.6.15","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:28.9650798+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":691},{"violations":{"ACR-048":"The app is always running in the background, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it allows the consumer to enable stealth mode. It also requires a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password to open it.\n\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using password.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-014":"The app calls itself \"akl.exe”, which is not related to the name \"Actual Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"747abc81aa09b323875e12fe54ba1e14","hashSHA1":"b3ba84a7e58e07dfb5d1d24bd8aeb8012a71300f","hashSHA256":"c3290924409d426a3fe133e2bafd2b2ef9c36dd69b694084a8e259cad77f3118","digitalCertThumbprint":"DDD8B64D35E1E9F9A6442A9CF47C6CDF006EE978","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"LLC KLEVER","storeId":"","sourceIndex":"1532","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"967d9415b598f18510ff3fb0f4aeb687","hashSHA1":"57f4669a675da305e6d9b13a5e0acc56c30e425e","hashSHA256":"6691e4e0efc610b7bc25ef7ae9018fa80a59b118c19869bc03366ca26fbfa879","digitalCertThumbprint":"DDD8B64D35E1E9F9A6442A9CF47C6CDF006EE978","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"LLC KLEVER","storeId":"","sourceIndex":"1532","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{AKC34567-KCQR-WW34-AK47-INUM589023MY}\\akl.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6859de24893cb0a6bb37fb2584943c2a","hashSHA1":"06a56612471f63725a335063ae8344ed85be855e","hashSHA256":"3fef4092c452f0a12cda9727ee807d61473e59d88f0f12c1b119948b857936b6","digitalCertThumbprint":"DDD8B64D35E1E9F9A6442A9CF47C6CDF006EE978","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"LLC KLEVER","storeId":"","sourceIndex":"1532","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6a8189ae37bb806a2cbe5c3cad7fe8f0","hashSHA1":"c4f55d323fa60b8ce2fa7069a291058cb133f283","hashSHA256":"3df73ff56162114f1002d379546ec4a3efe3bd888b06e9e994c613d00f45be5d","digitalCertThumbprint":"DDD8B64D35E1E9F9A6442A9CF47C6CDF006EE978","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"LLC KLEVER","storeId":"","sourceIndex":"1532","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)","McAfee Total Protection (20240620)"],"avAllowList":["Tencent PC Manager (20220630)","Trend Micro Internet Security (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.net/download/actual/actualkeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.net/download/actual/actualkeylogger.exe","sourceIndex":"1532"}],"sampleFiles":["220627/ActualKeylogger-201211/8.5.41/Samples/actualkeylogger.exe"],"imageFiles":["220627/ActualKeylogger-201211/8.5.41/Images/ACR-084/ACR-084_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-084/ACR-084_Software_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-084/3- signin.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software_2.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software_3.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-086/ACR-086_Software_4.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-097/ACR-097_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-048/ACR-048_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-048/ACR-048_Software_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-007/ACR-007_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-007/ACR-007_Software_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-007/ACR-007_Software_2.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-014/ACR-014_Software.JPG"],"nonDeceptorImageFiles":["220627/ActualKeylogger-201211/8.5.41/Images/ACR-038/ACR-038_Install.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-038/ACR-038_Install_1.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-040/ACR-040_Install.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-065/ACR-065_Install.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-065/ACR-065_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-099/ACR-099_Software.JPG","220627/ActualKeylogger-201211/8.5.41/Images/ACR-065/ACR-065_Landingpage.jpg","220627/ActualKeylogger-201211/8.5.41/Images/ACR-099/ACR-099_Landingpage.jpg","220627/ActualKeylogger-201211/8.5.41/Images/ACR-065/ACR-065_InternalOffers.jpg","220627/ActualKeylogger-201211/8.5.41/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_8.5.41_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"8.5.41","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":692},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running and it allows the consumer to enable stealth mode. It also requires a hotkey and a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"akl.exe","fileVersion":"1.0","hashMD5":"60743ab804cdec0189746c31a1d18056","hashSHA1":"effcc8d824dbb784a76be5bf0c01ccf90a168f9c","hashSHA256":"5a98fd9fff3cfd8295e23c12af3933622ed161d20aacb025811b47ee056d5a17","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1809","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_actual_keylogger.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f00ce997d4a4f4934756e39b074b277e","hashSHA1":"6172dddbde8bf0b1784390c30951b78693865157","hashSHA256":"e89fe5a6241fdf6d43fc869f7586399c8cccad6e0f70e3348dc14bbeb69900e7","digitalCertThumbprint":"72AC470090250CAD99569D7291B7214C8AB0C0E1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=CLEVERCONTROL LLC, O=CLEVERCONTROL LLC, L=BOCA RATON, S=Florida, C=US","sourceIndex":"1809","avBlockList":["360 Total Security (20240711)","Avast Premium Security (20240711)","AVG Internet Security (20240711)","Avira Internet Security (20240711)","COMODO Antivirus (20240711)","Dr.Web Security Space (20240711)","ESET Internet Security (20240711)","G DATA INTERNET SECURITY (20240711)","K7 Total Security (20240711)","Kaspersky Internet Security (20240711)","Malwarebytes Premium (20240711)","McAfee Total Protection (20240711)","Norton Security (20240711)","Panda Dome (20240711)","Quick Heal Internet Security (20240711)","Sophos Home Premium (20240711)","SpyHunter5 (20240711)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20240711)","VirIT eXplorer PRO (20240711)","Webroot SecureAnywhere (20240711)","Windows Defender (20240711)","FortectPremium (20240711)"],"avAllowList":["Bitdefender Internet Security (20240711)","Trend Micro Internet Security (20240711)","VIPRE Advanced Security (20240711)"]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"856ba19c9f46abd1abd159900f93516b","hashSHA1":"fa37f383722ba74daca0253e1197d84ac26fa802","hashSHA256":"b05f963c6a47adc999c0201d1da89a41c5d521c3d69903b3256497c086c305e5","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1809","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"5778f3941144a354e428d1fecb6fa340","hashSHA1":"38c8719bbb4026f75557730c922e49a0f1031056","hashSHA256":"7df306884ae45d2116439821bfe4d83f47a00d0c3e3b716fdd18fe79c678efa8","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1809","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"akl [2].exe","fileVersion":"1.0","hashMD5":"4515e3de1282705aec2806c632f4014d","hashSHA1":"1b4631923f358d8e710d2da8a0f0f50fba6e6fa2","hashSHA256":"78d2038ee31ab99b78bcdfd6f3815ac5c65406aba2e3f4a4c2fbb2b0137945ce","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1809","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm [2].exe","fileVersion":"0.0","hashMD5":"b8fb34cbc96095e48a6cbef8d010a8a2","hashSHA1":"331407d9a421178b3ade2fd29410a3156902a350","hashSHA256":"966244ff679555b12c9f1d06ac60b5fe9e2df05713cb2ab40c83c95ba23a19c3","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1809","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://www.actualkeylogger.com/","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.net/setup_actual.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.net/setup_actual.exe","sourceIndex":"1809"}],"sampleFiles":["211011/ActualKeylogger-201211/8.5.33/Samples/akl.exe","211011/ActualKeylogger-201211/8.5.33/Samples/setup_actual_keylogger.exe","211011/ActualKeylogger-201211/8.5.33/Samples/spmm.exe","211011/ActualKeylogger-201211/8.5.33/Samples/actualkeylogger [2].exe","211011/ActualKeylogger-201211/8.5.33/Samples/akl [2].exe","211011/ActualKeylogger-201211/8.5.33/Samples/spmm [2].exe"],"imageFiles":["211011/ActualKeylogger-201211/8.5.33/Images/ACR-084/Actual Keylogger_Interactions [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-084/Actual Keylogger_Interactions [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-086/Actual Keylogger_Interactions [4].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-086/Actual Keylogger_Settings [6].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-086/Actual Keylogger_Settings [7].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-086/Actual Keylogger_Interactions [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-097/Actual Keylogger_DownloadPage [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-097/Actual Keylogger_DownloadPage [2].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-097/Actual Keylogger_DownloadPage [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-048/Actual Keylogger_Interactions [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-048/Actual Keylogger_RunningProcess [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-007/Actual Keylogger_Interactions [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-007/Actual Keylogger_Interactions [3].png"],"nonDeceptorImageFiles":["211011/ActualKeylogger-201211/8.5.33/Images/ACR-038/Actual Keylogger_FileProperty [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-038/Actual Keylogger_FileProperty [2].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-040/Actual Keylogger_Files [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-040/Actual Keylogger_Files [2].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_Install [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_Install [2].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_Install [3].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_Install [4].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_About [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-099/Actual Keylogger_About [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_LandingPage [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-099/Actual Keylogger_LandingPage [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-065/Actual Keylogger_OfferPage [1].png","211011/ActualKeylogger-201211/8.5.33/Images/ACR-099/Actual Keylogger_OfferPage [1].png"],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_8.5.33_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"8.5.33","sigName":"Deceptor:Win32/ActualKeylogger!084086097048007","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":693},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running and it allows the consumer to enable stealth mode. It also requires a hotkey and a password to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"82578a6a97b63a4125300387753ee6e8","hashSHA1":"4991e6b2139ae1ded591ab78d0bbdbec7b7db2dd","hashSHA256":"bf53a6eb459534d7dade4247a848f5081cf175134427489be3b1c6362883e1ed","digitalCertThumbprint":"E1229BACFDF8FE16488BDAC52A2330EA301CB63C","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Truro, CN=Clever Security Software Ltd, O=Clever Security Software Ltd, C=GB","sourceIndex":"1902","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c07a4d26028191c396c1d72d3990f76c","hashSHA1":"aa332bbeaf19b9778afe2e986379cb55d14c8a6b","hashSHA256":"d18fa15fe28e764a4565be81c78382fcf84f31b665f538142551198e9b355cac","digitalCertThumbprint":"E1229BACFDF8FE16488BDAC52A2330EA301CB63C","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Truro, CN=Clever Security Software Ltd, O=Clever Security Software Ltd, C=GB","sourceIndex":"1902","avBlockList":["360 Total Security (20240625)","Avast Premium Security (20240625)","AVG Internet Security (20240625)","Avira Internet Security (20240625)","Bitdefender Internet Security (20240625)","COMODO Antivirus (20240625)","Dr.Web Security Space (20240625)","ESET Internet Security (20240625)","G DATA INTERNET SECURITY (20240625)","K7 Total Security (20240625)","Kaspersky Internet Security (20240625)","Malwarebytes Premium (20240625)","McAfee Total Protection (20240625)","Norton Security (20240625)","Panda Dome (20240625)","Quick Heal Internet Security (20240625)","Sophos Home Premium (20240625)","SpyHunter5 (20240625)","Tencent PC Manager (20211207)","Total AV Antivirus Pro (20240625)","Trend Micro Internet Security (20240625)","VIPRE Advanced Security (20240625)","Webroot SecureAnywhere (20240625)","VirIT eXplorer PRO (20240625)"],"avAllowList":["Windows Defender (20240625)"]},{"isRevoked":"False","fileName":"akl.exe","fileVersion":"1.0","hashMD5":"57f03a1721a15cc29a7c5e4add440272","hashSHA1":"07f840d53ae4bf6c84d39da3ca215335f915efa4","hashSHA256":"a3b08fbe1c2040ce8f8f7d33ad9967c539a3a50b3d4164a53e4683d02b6093df","digitalCertThumbprint":"E1229BACFDF8FE16488BDAC52A2330EA301CB63C","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Truro, CN=Clever Security Software Ltd, O=Clever Security Software Ltd, C=GB","sourceIndex":"1902","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"actualkeylogger [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ddb0c58f6e2ebb5cbda29453c26f3392","hashSHA1":"bc8319a9ad77dc05c31a236687e0d9d63c104401","hashSHA256":"4b00032f66ca48c3d799142784243744adeb5490c7e0e2d4e4f4681ac5745005","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1902","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"akl [2].exe","fileVersion":"0.0","hashMD5":"a1f8806662c1ea4ddb1aa665c59284a7","hashSHA1":"087cf88e35a63fcfe07d36650847d5da92fe1ec4","hashSHA256":"84cc50118eecd87e1b34aa1070f9a40b086628787a8ce4924899b01ce75842fc","sourceIndex":"1902","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm [2].exe","fileVersion":"0.0","hashMD5":"137e35a9b49a65aae6b65c066975b38e","hashSHA1":"a96c786344bbf0f9b34f7ab434072990d5ccb888","hashSHA256":"573da7866aaa77e24eea9a0bff125fbe230937b5c6e396fcc6c2fce5edd0a9bf","sourceIndex":"1902","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://www.actualkeylogger.com/","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.net/download/actual/actualkeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.net/download/actual/actualkeylogger.exe","sourceIndex":"1902"}],"sampleFiles":["210603/ActualKeylogger-201211/8.5.31/Samples/spmm.exe","210603/ActualKeylogger-201211/8.5.31/Samples/actualkeylogger.exe","210603/ActualKeylogger-201211/8.5.31/Samples/akl.exe","210603/ActualKeylogger-201211/8.5.31/Samples/actualkeylogger [2].exe","210603/ActualKeylogger-201211/8.5.31/Samples/akl [2].exe","210603/ActualKeylogger-201211/8.5.31/Samples/spmm [2].exe"],"imageFiles":["210603/ActualKeylogger-201211/8.5.31/Images/ACR-084/Actual Keylogger_Interactions [7]_.png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-084/Actual Keylogger_Interactions [8].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-086/Actual Keylogger_Interactions [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-086/Actual Keylogger_Interactions [3].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-086/Actual Keylogger_Interactions [8].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-097/Actual Keylogger_LandingPage [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-097/Actual Keylogger_LandingPage [3].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-097/Actual Keylogger_LandingPage [4].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-048/Actual Keylogger_RunningProcess [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-048/Actual Keylogger_Interactions [8].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-007/Actual Keylogger_Interactions [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-007/Actual Keylogger_Interactions [7]_.png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-007/Actual Keylogger_Interactions [8].png"],"nonDeceptorImageFiles":["210603/ActualKeylogger-201211/8.5.31/Images/ACR-038/Actual Keylogger_FileProperty [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-038/Actual Keylogger_FileProperty [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-040/Actual Keylogger_HiddenDirectory [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-040/Actual Keylogger_HiddenDirectory [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_Install [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_Install [2].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_Install [3].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_Install [5].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_About [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-099/Actual Keylogger_About [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_LandingPage [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-099/Actual Keylogger_LandingPage [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-065/Actual Keylogger_OfferPage [1].png","210603/ActualKeylogger-201211/8.5.31/Images/ACR-099/Actual Keylogger_OfferPage [1].png"],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_8.5.31_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"8.5.31","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":694},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-037":"The application has no Privacy Policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"actualkeylogger.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c0af14def598f9ac0a57e5862dd3029a","hashSHA1":"a28137cd5919e7d0bd05f30a5c9ed5c287ea6961","hashSHA256":"16893081b73bff4df7ed8f3f48a18eb2ed32c7d055ded87695cccd3be07b0f8a","digitalCertThumbprint":"7EC79998CC60F60CBCF8C5287C888C619CEB74E7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Craft LLC, O=Craft LLC, STREET=\"Melkombinatovsky travel, 8a5 office;1st floor\", L=Kirov, S=Kirov Region, PostalCode=610017, C=RU","sourceIndex":"2029","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","Dr.Web Security Space (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","Trend Micro Internet Security (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)","Windows Defender (20210601)"],"avAllowList":["COMODO Antivirus (20210601)"]},{"isRevoked":"False","fileName":"akl.exe","fileVersion":"1.0","hashMD5":"e1e045246b209b90538e517116b02ec3","hashSHA1":"8803c06637b78d45cd539028d3e913bca9a3670c","hashSHA256":"7c28490e5e06805a8fcccad7db1666d6c11322c3503ef0a4e89a1c66fcec4ae9","digitalCertThumbprint":"7EC79998CC60F60CBCF8C5287C888C619CEB74E7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Craft LLC, O=Craft LLC, STREET=\"Melkombinatovsky travel, 8a5 office;1st floor\", L=Kirov, S=Kirov Region, PostalCode=610017, C=RU","sourceIndex":"2029","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"8b80534a95a1d13ef0b9a5b28c0e9d14","hashSHA1":"5909d225e158598aaf1edbf6da4ab925dbd5b299","hashSHA256":"77538755f7c3afbc8ae6e1f27b8452e27104c9d050d757d963569f4d0caf47e6","digitalCertThumbprint":"7EC79998CC60F60CBCF8C5287C888C619CEB74E7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Craft LLC, O=Craft LLC, STREET=\"Melkombinatovsky travel, 8a5 office;1st floor\", L=Kirov, S=Kirov Region, PostalCode=610017, C=RU","sourceIndex":"2029","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://www.actualkeylogger.com/","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://actualsecure.net/download/actual/actualkeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://actualsecure.net/download/actual/actualkeylogger.exe","sourceIndex":"2029"}],"sampleFiles":["201214/ActualKeylogger-201211/5.5.18/Samples/actualkeylogger.exe","201214/ActualKeylogger-201211/5.5.18/Samples/akl.exe","201214/ActualKeylogger-201211/5.5.18/Samples/spmm.exe"],"imageFiles":["201214/ActualKeylogger-201211/5.5.18/Images/ACR-084/Actual Keylogger_Interactions [4].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-086/Actual Keylogger_Interactions [4].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-086/Actual Keylogger_ Wizard [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-086/Actual Keylogger_ Wizard [9].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-097/Actual Keylogger_DownloadPage [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-097/Actual Keylogger_DownloadPage [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-097/Actual Keylogger_DownloadPage [3].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-048/Actual Keylogger_RunningProcess [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-048/Actual Keylogger_Interactions [4].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-007/Actual Keylogger_Interactions [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-007/Actual Keylogger_Interactions [4].png"],"nonDeceptorImageFiles":["201214/ActualKeylogger-201211/5.5.18/Images/ACR-038/Actual Keylogger_FileProperty [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-038/Actual Keylogger_FileProperty [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-040/Actual Keylogger_Files [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-040/Actual Keylogger_Files [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_Install [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_Install [2].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_Install [3].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_ About [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-099/Actual Keylogger_ About [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_LandingPage [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-099/Actual Keylogger_LandingPage [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-065/Actual Keylogger_OfferPage [1].png","201214/ActualKeylogger-201211/5.5.18/Images/ACR-099/Actual Keylogger_OfferPage [1].png"],"guid":"caa7d7c8-e52c-4758-a606-09bfb1126dfe_5.5.18_1","appID":"ActualKeylogger-201211","dateAdded":"240307","deceptorType":"App","name":"Actual Keylogger ","company":"Actual Keylogger Software","version":"5.5.18","sigName":"Deceptor:Win32/ActualKeyloggerStalkerware!084086097048007","lastKnownStatus":"5.5.18;8.5.31;8.5.33;8.6.15","lastKnownDate":"240307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-03-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":695},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"App changes its name to \"System Component\" inside the task manager, which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f4a6fee6e9bac4ef5e72c218108ab030","hashSHA1":"0d6d26faea9c0d63715a7519cf50ef51f4cef1f2","hashSHA256":"1ef13e6d62feea893c9b9615c962cf39ee2ca849e18eb6828fef2e9ed3923a22","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2534","avBlockList":["360 Total Security (20240516)","Avast Internet Security (20200224)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Tencent PC Manager (20210527)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)","Kaspersky Internet Security (20240516)","Avast Premium Security (20240516)","Total AV Antivirus Pro (20240516)"],"avAllowList":["Trend Micro Internet Security (20240516)"]},{"isRevoked":"False","fileName":"sime64.exe","fileVersion":"1.0","hashMD5":"bffde5b3b7e3cc7ccf1014a81eee8dc6","hashSHA1":"0ec575b4028732348e4d1892773683b7c4ae1034","hashSHA256":"334ab2ab8d1cc6e10cc8bbaed583620dd2effb7c3411b2419045c4273f084c4b","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2534","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"a26da15eb634b0ee6369086b49d42cdc","hashSHA1":"1908d2277e7c9c82824881bbb5e6391da02b186a","hashSHA256":"529a83255d2dbd9adcc1d28020cc9f18550eda6b2d935474fbb37d359af0c12d","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2534","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"26f31f9afcef876e65a59db367785e16","hashSHA1":"594c411fc487f4118e98b7332786be5ed299d192","hashSHA256":"ba6369bc539ca4c2352ad855cecb6d597d915c362f7f3a65020c7c3efce4f3aa","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2534","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sps.exe","fileVersion":"1.0","hashMD5":"6a21267b0f84f7b292f5126072411f74","hashSHA1":"b7990bd233dc5941c2f55b2f4c8b688c422645a1","hashSHA256":"5870d70d4334fcb1c30b8471fe4255faea0559bf51152a370145b9dfa6569029","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2534","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://www.spyrix.com/","directDownloadingLink":"secursprx.com/download/spm/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"secursprx.com/download/spm/spm_setup.exe","sourceIndex":"2534"}],"sampleFiles":["200214/Spyrix-191025/11.5.2/Samples/spm_setup.exe","200214/Spyrix-191025/11.5.2/Samples/sime64.exe","200214/Spyrix-191025/11.5.2/Samples/spm.exe","200214/Spyrix-191025/11.5.2/Samples/spmm.exe","200214/Spyrix-191025/11.5.2/Samples/sps.exe"],"imageFiles":["200214/Spyrix-191025/11.5.2/Images/ACR-048/Spyrix Uninstall Attempt.png","200214/Spyrix-191025/11.5.2/Images/ACR-048/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-048/Spyrix Hide App.png","200214/Spyrix-191025/11.5.2/Images/ACR-007/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-007/Spyrix Hide App.png","200214/Spyrix-191025/11.5.2/Images/ACR-014/Spyrix Different Name System Component.png","200214/Spyrix-191025/11.5.2/Images/ACR-014/Picture6.png","200214/Spyrix-191025/11.5.2/Images/ACR-084/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-084/Spyrix Hide App.png","200214/Spyrix-191025/11.5.2/Images/ACR-084/Picture3.png","200214/Spyrix-191025/11.5.2/Images/ACR-086/Spyrix Monitorinh.png","200214/Spyrix-191025/11.5.2/Images/ACR-086/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-086/Spyrix Hide App.png","200214/Spyrix-191025/11.5.2/Images/ACR-086/Picture4.png","200214/Spyrix-191025/11.5.2/Images/ACR-116/Spyrix Uninstall Attempt.png","200214/Spyrix-191025/11.5.2/Images/ACR-116/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.5.2/Images/ACR-116/Spyrix Hide App.png"],"nonDeceptorImageFiles":["200214/Spyrix-191025/11.5.2/Images/ACR-099/Spyrix About Page.png","200214/Spyrix-191025/11.5.2/Images/ACR-099/Spyrix Bottom of Landing Page.png","200214/Spyrix-191025/11.5.2/Images/ACR-099/Spyrix Bottom of Internal Offers.png","200214/Spyrix-191025/11.5.2/Images/ACR-082/Spyrix Disclaimer.png","200214/Spyrix-191025/11.5.2/Images/ACR-082/Picture9.png","200214/Spyrix-191025/11.5.2/Images/ACR-167/Spyrix Refund Policy.png","200214/Spyrix-191025/11.5.2/Images/ACR-161/Spyrix Testimonials.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/Spyrix EULA.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/picture5.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/Spyrix About Page.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/Spyrix Bottom of Internal Offers.png","200214/Spyrix-191025/11.5.2/Images/ACR-065/Spyrix Internal Offers Top.png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.2_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.2","sigName":"Deceptor:Win32/SpyrixPersonalMonitor!048007014084086116 ","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":704},{"violations":{"ACR-048":"The app does not provide a clear way to enable/disable borrowing activity. \n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources. \nThe app does not display explicit notification about the potential risk in security posture caused by sharing resources.\n","ACR-084":"The app does not clearly indicate sharing activity.\n"},"nonDeceptorViolations":{"ACR-098":"The app needs to provide control to adjust the schedule and rate of borrowing while the \"Clear Play Tube\" is running.\n"},"samples":[{"isRevoked":"False","fileName":"clearplaytube-setup.exe","isInstaller":"True","companyName":"Clear Play Tube LLC                                         ","fileVersion":"0.0","hashMD5":"b17615246c8ef5b7ba8c09ae7f0835ff","hashSHA1":"02724f40d7bbc1a9e1b6216ad73e396991a0ba98","hashSHA256":"f6cf1faeb1aee5e96ddce1adab3736e4391f12ff26e22805f3d3769b766a2d32","digitalCertThumbprint":"F25177C5DDD6A1BDD9119FB81B9A5356B28491B3","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization, CN=CITRUS PR LTD, SERIALNUMBER=14299326, O=CITRUS PR LTD, L=London, S=England, C=GB","sourceIndex":"718","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Total AV Antivirus Pro (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)"],"avAllowList":["Malwarebytes Premium (20240620)","Trend Micro Internet Security (20240620)","Windows Defender (20240620)"]}],"additionalFiles":[],"sources":[{"howFound":"random hunt","reference":"https://clearplaytube.com/","landingPage":"","directDownloadingLink":"https://clearplaytube.com/release/clearplaytube.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clearplaytube.com/release/clearplaytube.zip","sourceIndex":"718"}],"sampleFiles":["240306/ClearPlayTube-240306/1.0.0/Samples/clearplaytube-setup.exe"],"imageFiles":["240306/ClearPlayTube-240306/1.0.0/Images/ACR-007/ACR-007_Install_1.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-007/ACR-007_Install_2.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-084/ACR-084_Software_1.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-084/ACR-084_Software_2.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-084/ACR-084_Software_3.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-048/ACR-048_Software_1.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-048/ACR-048_Software_2.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-007/ACR-007_Software_1.png"],"nonDeceptorImageFiles":["240306/ClearPlayTube-240306/1.0.0/Images/ACR-098/ACR-098_Software_1.png","240306/ClearPlayTube-240306/1.0.0/Images/ACR-098/ACR-098_Software_2.png"],"guid":"ae9a4fc3-3251-4bd2-9b4a-c74a50704e75_1.0.0_1","appID":"ClearPlayTube-240306","dateAdded":"240306","deceptorType":"App","name":"Clear Play Tube","company":"Clear Play Tube LLC","version":"1.0.0","lastKnownStatus":"1.0.0","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining","lastUpdate":"2024-03-06T20:01:51.3070231+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":706},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"App changes its name to \"System Component\" inside the task manager, which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"Spyrix Security Inc.                                        ","fileVersion":"11.4","hashMD5":"ee30f7ef4df5740a2fa6675af4b11059","hashSHA1":"0aba836455095879baa8b7725ff729ce8924f63f","hashSHA256":"29b98cda998d0b92dc2ba903eda7a6b95bcac88be32c2252d6cba4162eda8704","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2535","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Webroot SecureAnywhere (20191223)","Windows Defender (20191223)"],"avAllowList":["Dr.Web Security Space (20191223)"]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"048d5f6df63d9583909c11ccef4ed4ba","hashSHA1":"a6b5670c3f343592590111301f72038d5bd3ea45","hashSHA256":"bf4396d6fd7624bed28647ca11bb65dd5cc4ab88ba9f288ccf58c10e47e37af4","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2535","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"0f49147ad1a2d2c0f8854604c2bd2fa3","hashSHA1":"4475c4b04e9e0682e0e36b702dec2f276f05edb6","hashSHA256":"9b676341fbf58ed5e510962efdfa69bbf0b7a9bd97a761eb3c871adc6016b5b9","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2535","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sps.exe","fileVersion":"1.0","hashMD5":"12451acca4d142c141912dfa1967ad7c","hashSHA1":"bda73cd83584352a7d971c20af57b180d295e3aa","hashSHA256":"91e904ee1e8e96f0e6e11912c668a2100312b9b78755125d9e179838166d5e39","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2535","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sime64.exe","fileVersion":"1.0","hashMD5":"607798ee9c78eaa89e69035a9d40405b","hashSHA1":"72e85d0bff965420a4aaa4998337d1dd22a84808","hashSHA256":"eca3dd22674c29268a60621d127e5980ad8128817fb23b8ad25addd62127d73d","digitalCertThumbprint":"5FA46108758D76666A521B3ACB0F207778B73F7B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2535","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://www.spyrix.com/","directDownloadingLink":"secursprx.com/downloads/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"secursprx.com/downloads/spm_setup.exe","sourceIndex":"2535"}],"sampleFiles":["200214/Spyrix-191025/11.4.6/Samples/spm_setup.exe","200214/Spyrix-191025/11.4.6/Samples/spm.exe","200214/Spyrix-191025/11.4.6/Samples/spmm.exe","200214/Spyrix-191025/11.4.6/Samples/sps.exe","200214/Spyrix-191025/11.4.6/Samples/sime64.exe"],"imageFiles":["200214/Spyrix-191025/11.4.6/Images/ACR-048/Spyrix Uninstall Attempt.png","200214/Spyrix-191025/11.4.6/Images/ACR-048/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-048/Spyrix Hide App.png","200214/Spyrix-191025/11.4.6/Images/ACR-007/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-007/Spyrix Hide App.png","200214/Spyrix-191025/11.4.6/Images/ACR-014/Spyrix Different Name System Component.png","200214/Spyrix-191025/11.4.6/Images/ACR-084/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-084/Spyrix Hide App.png","200214/Spyrix-191025/11.4.6/Images/ACR-086/Spyrix Monitorinh.png","200214/Spyrix-191025/11.4.6/Images/ACR-086/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-086/Spyrix Hide App.png","200214/Spyrix-191025/11.4.6/Images/ACR-116/Spyrix Uninstall Attempt.png","200214/Spyrix-191025/11.4.6/Images/ACR-116/Spyrix Hide App Fixed.png","200214/Spyrix-191025/11.4.6/Images/ACR-116/Spyrix Hide App.png"],"nonDeceptorImageFiles":["200214/Spyrix-191025/11.4.6/Images/ACR-099/Spyrix About Page.png","200214/Spyrix-191025/11.4.6/Images/ACR-099/Spyrix Bottom of Landing Page.png","200214/Spyrix-191025/11.4.6/Images/ACR-099/Spyrix Bottom of Internal Offers.png","200214/Spyrix-191025/11.4.6/Images/ACR-082/Spyrix Disclaimer.png","200214/Spyrix-191025/11.4.6/Images/ACR-167/Spyrix Refund Policy.png","200214/Spyrix-191025/11.4.6/Images/ACR-161/Spyrix Testimonials.png","200214/Spyrix-191025/11.4.6/Images/ACR-065/Spyrix EULA.png","200214/Spyrix-191025/11.4.6/Images/ACR-065/Spyrix About Page.png","200214/Spyrix-191025/11.4.6/Images/ACR-065/Spyrix Bottom of Internal Offers.png","200214/Spyrix-191025/11.4.6/Images/ACR-065/Spyrix Internal Offers Top.png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.4.6_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.4.6","sigName":"Deceptor:Win32/SpyrixStalkerware!007014048084086116","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":705},{"violations":{"ACR-048":"The app requires a hotkey or password and is in a hidden folder, limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction/Install and download site (version 11.5.21 vs version 11.5.15 ) The App's version is not consistent between App interaction and its install and download site.\nThe App's version is not consistent between App interaction/Install and download site (version 11.5.21 vs version 11.5.15 ) The App's version is not consistent between App interaction and its install and download site.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a0f2a1aa1843c7d2437060e8d22114f0","hashSHA1":"d2fa5eeac406d2e09b584602ea1e640d67e92cae","hashSHA256":"0f64b96a096ead5a839a74c5e128842413c3b6f75904a212958234033bbc80c8","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2403","avBlockList":["360 Total Security (20240620)","Avast Premium Security (20240620)","AVG Internet Security (20240620)","Avira Internet Security (20240620)","Bitdefender Internet Security (20240620)","COMODO Antivirus (20240620)","Dr.Web Security Space (20240620)","ESET Internet Security (20240620)","G DATA INTERNET SECURITY (20240620)","K7 Total Security (20240620)","Kaspersky Internet Security (20240620)","Malwarebytes Premium (20240620)","McAfee Total Protection (20240620)","Norton Security (20240620)","Panda Dome (20240620)","Quick Heal Internet Security (20240620)","Sophos Home Premium (20240620)","SpyHunter5 (20240620)","Tencent PC Manager (20200716)","Total AV Antivirus Pro (20240620)","VIPRE Advanced Security (20240620)","VirIT eXplorer PRO (20240620)","Webroot SecureAnywhere (20240620)","Windows Defender (20240620)"],"avAllowList":["Trend Micro Internet Security (20240620)"]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"4cc906dde7fbf9f081af4a3fb832d49d","hashSHA1":"91bc8db987ced68b3fe8a67abc0e903aade9af84","hashSHA256":"9049ffff2a4c73a0505f8c3fc062ffc0af3670bbc3f9b03ac4d9d464ac5cd9ab","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2403","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: keylogger","reference":"","landingPage":"http://www.spyrix.com/","directDownloadingLink":"https://securespyrix.com/download/spm/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://securespyrix.com/download/spm/spm_setup.exe","sourceIndex":"2403"}],"sampleFiles":["200625/Spyrix-191025/11.5.21/Samples/spm_setup.exe","200625/Spyrix-191025/11.5.21/Samples/spm.exe"],"imageFiles":["200625/Spyrix-191025/11.5.21/Images/ACR-007/Spyrix Personal Monitor_Interaction [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-084/Spyrix Personal Monitor_Interaction [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-086/Spyrix Personal Monitor_Interaction [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-086/Spyrix Personal Monitor_Install [7].png","200625/Spyrix-191025/11.5.21/Images/ACR-086/Spyrix Personal Monitor_Install [8].png","200625/Spyrix-191025/11.5.21/Images/ACR-086/Spyrix Personal Monitor_Install [10].png","200625/Spyrix-191025/11.5.21/Images/ACR-097/Spyrix Personal Monitor_Download [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-097/Spyrix Personal Monitor_Download [2].png","200625/Spyrix-191025/11.5.21/Images/ACR-097/Spyrix Personal Monitor_Download [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-097/Spyrix Personal Monitor_Download [4].png"],"nonDeceptorImageFiles":["200625/Spyrix-191025/11.5.21/Images/ACR-040/Spyrix Personal Monitor_Files [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-040/Spyrix Personal Monitor_Files [2].png","200625/Spyrix-191025/11.5.21/Images/ACR-002/Spyrix Personal Monitor_Install [1]_.png","200625/Spyrix-191025/11.5.21/Images/ACR-002/Spyrix Personal Monitor_About [1]_ .png","200625/Spyrix-191025/11.5.21/Images/ACR-002/Spyrix Personal Monitor_Download [1]_.png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_About [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_LandingPage [3].png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_OfferPage [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_OfferPage [2].png","200625/Spyrix-191025/11.5.21/Images/ACR-099/Spyrix Personal Monitor_OfferPage[3].png","200625/Spyrix-191025/11.5.21/Images/ACR-082/Spyrix Personal Monitor_LandingPage [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-167/Spyrix Personal Monitor_Refund [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-161/Spyrix Personal Monitor_Testimonials [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-065/Spyrix Personal Monitor_Install [1].png","200625/Spyrix-191025/11.5.21/Images/ACR-065/Spyrix Personal Monitor_Install [2].png","200625/Spyrix-191025/11.5.21/Images/ACR-065/Spyrix Personal Monitor_About [1].png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.21_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.21","sigName":"Deceptor:Win32/SpyrixPersonalMonitorStalkerware!048007084086097","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":703},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"App changes its name to \"System Component\" inside the task manager, which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"af69577344ace6203e4ab8a115274398","hashSHA1":"111aec260bcdc073f9e85a51fa2f9d55c05362fb","hashSHA256":"ac7e394345e8ed467ad2405bcbfe252b55262c9ca7fc1bd6042203d0e19e11ca","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2157","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","COMODO Antivirus (20240430)","Dr.Web Security Space (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","McAfee Total Protection (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Tencent PC Manager (20200930)","Total AV Antivirus Pro (20240430)","Trend Micro Internet Security (20240430)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)","Windows Defender (20240430)"],"avAllowList":[]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"5ead8963c374b1b9e882daf3b1dda020","hashSHA1":"f89266d5ab2c0eeb0b7d6afe3cc37f6fd61d63af","hashSHA256":"b4cf81c8a0f69e23ba164174ca1f1a4eaa7b57456b9e3c787b1c3f1d053b0028","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2157","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://www.spyrix.com/","directDownloadingLink":"secursprx.com/downloads/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"secursprx.com/downloads/spm_setup.exe","sourceIndex":"2157"}],"sampleFiles":["200716/Spyrix-191025/11.5.18/Samples/spm_setup.exe","200716/Spyrix-191025/11.5.18/Samples/spm.exe"],"imageFiles":["200716/Spyrix-191025/11.5.18/Images/ACR-048/Spyrix Uninstall Attempt.png","200716/Spyrix-191025/11.5.18/Images/ACR-048/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-048/Spyrix Hide App.png","200716/Spyrix-191025/11.5.18/Images/ACR-007/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-007/Spyrix Hide App.png","200716/Spyrix-191025/11.5.18/Images/ACR-014/Spyrix Different Name System Component.png","200716/Spyrix-191025/11.5.18/Images/ACR-014/Spyrix Different Name System Component 2.png","200716/Spyrix-191025/11.5.18/Images/ACR-084/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-084/Spyrix Hide App.png","200716/Spyrix-191025/11.5.18/Images/ACR-084/Spyrix Hide.png","200716/Spyrix-191025/11.5.18/Images/ACR-086/Spyrix Monitorinh.png","200716/Spyrix-191025/11.5.18/Images/ACR-086/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-086/Spyrix Hide App.png","200716/Spyrix-191025/11.5.18/Images/ACR-086/Picture4.png","200716/Spyrix-191025/11.5.18/Images/ACR-116/Spyrix Uninstall Attempt.png","200716/Spyrix-191025/11.5.18/Images/ACR-116/Spyrix Hide App Fixed.png","200716/Spyrix-191025/11.5.18/Images/ACR-116/Spyrix Hide App.png"],"nonDeceptorImageFiles":["200716/Spyrix-191025/11.5.18/Images/ACR-099/Spyrix About Page.png","200716/Spyrix-191025/11.5.18/Images/ACR-099/Spyrix Bottom of Landing Page.png","200716/Spyrix-191025/11.5.18/Images/ACR-099/Spyrix Bottom of Internal Offers.png","200716/Spyrix-191025/11.5.18/Images/ACR-082/Spyrix Disclaimer.png","200716/Spyrix-191025/11.5.18/Images/ACR-082/Picture9.png","200716/Spyrix-191025/11.5.18/Images/ACR-167/Spyrix Refund Policy.png","200716/Spyrix-191025/11.5.18/Images/ACR-161/Spyrix Testimonials.png","200716/Spyrix-191025/11.5.18/Images/ACR-065/Spyrix EULA.png","200716/Spyrix-191025/11.5.18/Images/ACR-065/Spyrix About Page.png","200716/Spyrix-191025/11.5.18/Images/ACR-065/Spyrix Bottom of Internal Offers.png","200716/Spyrix-191025/11.5.18/Images/ACR-065/Spyrix Internal Offers Top.png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.18_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.18","sigName":"Deceptor:Win32/SpyrixPersonalMonitorStalkerware!048007014084086116","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":702},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\nThe app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence.\nThe app does not display explicit notification when it is running and requires a hotkey to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list.\nThe app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"39995882aadd829ee97bd2350dae353d","hashSHA1":"94b75b92ac0943e06c763c0541f17d5ca2a48578","hashSHA256":"c6d26fd894eee8af0228937b568da05d7c36234ae1475ae05c68fe501f72dc3d","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2037","avBlockList":["360 Total Security (20240314)","Avast Premium Security (20240314)","AVG Internet Security (20240314)","Avira Internet Security (20240314)","Bitdefender Internet Security (20240314)","COMODO Antivirus (20240314)","Dr.Web Security Space (20240314)","ESET Internet Security (20240314)","G DATA INTERNET SECURITY (20240314)","K7 Total Security (20240314)","Kaspersky Internet Security (20240314)","Malwarebytes Premium (20240314)","McAfee Total Protection (20240314)","Norton Security (20240314)","Panda Dome (20240314)","Quick Heal Internet Security (20240314)","Sophos Home Premium (20240314)","SpyHunter5 (20240314)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20240314)","VIPRE Advanced Security (20240314)","VirIT eXplorer PRO (20240314)","Webroot SecureAnywhere (20240314)","Windows Defender (20240314)"],"avAllowList":["Trend Micro Internet Security (20240314)"]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"c464aea4012a07261023c8c6e9d17f10","hashSHA1":"499eee5ab0fd452ad14f8f8e496efad6d7bc52a5","hashSHA256":"fb08ed331e30e2a9c5ef94c9783ba86e94a63e4432f191b1682cd4dbfe8f4e78","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2037","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"1092548233fa239a9e0387fbec69786b","hashSHA1":"0ccc198942579aa4cc4b35f6525fe321ff982609","hashSHA256":"9e9e0b0c3664b05f95d6605f7ea5e83395da0e0a40569fa2422c80561bacaf89","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2037","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spr.exe","fileVersion":"0.0","hashMD5":"4412fe26f6afb61162d2e4d3ffbbca04","hashSHA1":"46af18811629c5035baf34e7f81e849da81454cf","hashSHA256":"22dd6f329fb0e0e54b18dde55441142af5d3a156ef20d5acf9aae325fa6ae2df","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2037","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sps.exe","fileVersion":"1.0","hashMD5":"46392d0b1b8214086607a7c163f64d26","hashSHA1":"69bd340ce7c60f3273c34d26571925feaac836f6","hashSHA256":"dbc8900f9fa8081d75fc8fa60bc7897c2b8ddf75f2957dee0da33548ebfcce80","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2037","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://spyrix.app/spyrix-personal-monitor.php","directDownloadingLink":"https://wr-download.securespyrix.com/download/spm/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://wr-download.securespyrix.com/download/spm/spm_setup.exe","sourceIndex":"2037"}],"sampleFiles":["201202/Spyrix-191025/11.5.30/Samples/spm_setup.exe","201202/Spyrix-191025/11.5.30/Samples/spm.exe","201202/Spyrix-191025/11.5.30/Samples/spmm.exe","201202/Spyrix-191025/11.5.30/Samples/spr.exe","201202/Spyrix-191025/11.5.30/Samples/sps.exe"],"imageFiles":["201202/Spyrix-191025/11.5.30/Images/ACR-048/Spyrix Personal Monitor_ControlPanel [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-048/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-048/Spyrix Personal Monitor_Interactions [23].png","201202/Spyrix-191025/11.5.30/Images/ACR-007/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-007/Spyrix Personal Monitor_Interactions [23].png","201202/Spyrix-191025/11.5.30/Images/ACR-084/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-084/Spyrix Personal Monitor_Interactions [23].png","201202/Spyrix-191025/11.5.30/Images/ACR-086/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-086/Spyrix Personal Monitor_Interactions [6].png","201202/Spyrix-191025/11.5.30/Images/ACR-086/Spyrix Personal Monitor_Interactions [15].png","201202/Spyrix-191025/11.5.30/Images/ACR-097/Spyrix Personal Monitor_Download [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-097/Spyrix Personal Monitor_Download [2].png","201202/Spyrix-191025/11.5.30/Images/ACR-097/Spyrix Personal Monitor_Download [3].png","201202/Spyrix-191025/11.5.30/Images/ACR-116/Spyrix Personal Monitor_Interactions [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-116/Spyrix Personal Monitor_ControlPanel [1].png"],"nonDeceptorImageFiles":["201202/Spyrix-191025/11.5.30/Images/ACR-040/Spyrix Personal Monitor_Files [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-040/Spyrix Personal Monitor_Files [2].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_About [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Download [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Install [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_About [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Install [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Download [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Download [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_About [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-002/Spyrix Personal Monitor_Install [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-017/Spyrix Personal Monitor_LandingPage [4] Awards.png","201202/Spyrix-191025/11.5.30/Images/ACR-099/Spyrix Personal Monitor_About [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-099/Spyrix Personal Monitor_LandingPage [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-099/Spyrix Personal Monitor_OfferPage [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-082/Spyrix Personal Monitor_LandingPage [3].png","201202/Spyrix-191025/11.5.30/Images/ACR-167/Spyrix _Return and refund policy.png","201202/Spyrix-191025/11.5.30/Images/ACR-161/Spyrix Personal Monitor_LandingPage [5] Testimonials.png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_Install [1].png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_Install [2].png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_Install [3].png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_Install [4].png","201202/Spyrix-191025/11.5.30/Images/ACR-065/Spyrix Personal Monitor_About [1].png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.30_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.30","sigName":"Deceptor:Win32/SpyrixPersonalMonitor!048007084086097116","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":701},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\nThe app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"04d16e2e04293d2d8fcbc9036ce2b087","hashSHA1":"3a7a91906dabc751e144a3a44ef968852c819f52","hashSHA256":"1cf8102b3420d6177de6b1b4c108ffded10df48e11cbf488d89e5d1cc4a36c6f","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1877","avBlockList":["360 Total Security (20210622)","Avast Premium Security (20210622)","AVG Internet Security (20210622)","Avira Internet Security (20210622)","Bitdefender Internet Security (20210622)","COMODO Antivirus (20210622)","Dr.Web Security Space (20210622)","ESET Internet Security (20210622)","G DATA INTERNET SECURITY (20210622)","K7 Total Security (20210622)","Kaspersky Internet Security (20210622)","Malwarebytes Premium (20210622)","McAfee Total Protection (20210622)","Norton Security (20210622)","Panda Dome (20210622)","Quick Heal Internet Security (20210622)","Sophos Home Premium (20210622)","SpyHunter5 (20210622)","Tencent PC Manager (20210622)","Total AV Antivirus Pro (20210622)","Trend Micro Internet Security (20210622)","VIPRE Advanced Security (20210622)","VirIT eXplorer PRO (20210622)","Webroot SecureAnywhere (20210622)","Windows Defender (20210622)"],"avAllowList":[]},{"isRevoked":"False","fileName":"spm.exe","fileVersion":"1.0","hashMD5":"be7d756fa94ed6907a05006658279b8e","hashSHA1":"7b0637a43a1e1ee36977bbe095396daf1a061440","hashSHA256":"c12882c564648fa35cca33acb1617c32022dc40b1e52c200de5e40a436212868","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1877","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"2e223acf4da5a7569cefedaba4eb7d06","hashSHA1":"cc7c2b50c356ae0fffaee7005c09e73be295936d","hashSHA256":"89b9f3c7de1ab218227a3a041c2a3e5341336c51cd7f0c5eaf2ae72b90664a32","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1877","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm [2].exe","fileVersion":"1.0","hashMD5":"4d89b4976c079d8005b88eac7f732406","hashSHA1":"aefdbcedf1661cbdf8df6364f84af37804a0a567","hashSHA256":"6ffea446f07b9976d716d0234dd830a6bd1a5b627ca6d50d2efbe349dcdc9ac9","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1877","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"768c934fc4d0da03b14943eb9a1afaf9","hashSHA1":"2b578a79b9a7ed64c29d49645fddb3bfddf17cd1","hashSHA256":"f3fa93e6941980a8571301433e3f40b12e93e13ead4c801f5104623b6b14ba01","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1877","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm [2].exe","fileVersion":"0.0","hashMD5":"ad5ce0646fef47dd3cd912da30894310","hashSHA1":"1b75074424c22f7623376019684d3ead2698be1f","hashSHA256":"6a9335e18ff566f34b9d46fd19c5ae1229d159107cf28a2943e03799d309823e","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"1877","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://spyrix.app/spyrix-personal-monitor.php","directDownloadingLink":"https://brhj-download.securespyrix.com/download/spm/spm_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://brhj-download.securespyrix.com/download/spm/spm_setup.exe","sourceIndex":"1877"}],"sampleFiles":["210627/Spyrix-191025/11.5.31/Samples/spm_setup.exe","210627/Spyrix-191025/11.5.31/Samples/spm.exe","210627/Spyrix-191025/11.5.31/Samples/spmm.exe","210627/Spyrix-191025/11.5.31/Samples/spm [2].exe","210627/Spyrix-191025/11.5.31/Samples/spm_setup [2].exe","210627/Spyrix-191025/11.5.31/Samples/spmm [2].exe"],"imageFiles":["210627/Spyrix-191025/11.5.31/Images/ACR-048/SpyrixPersonalMonitor_ControlPanel [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-048/SpyrixPersonalMonitor_RunningProcess [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-048/SpyrixPersonalMonitor_Interactions [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-007/SpyrixPersonalMonitor_Interactions [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-007/SpyrixPersonalMonitor_SettingWizard [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-084/SpyrixPersonalMonitor_SettingWizard [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-084/SpyrixPersonalMonitor_HiddenDirectory [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-084/SpyrixPersonalMonitor_HiddenDirectory [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-086/SpyrixPersonalMonitor_SettingWizard [6].png","210627/Spyrix-191025/11.5.31/Images/ACR-086/SpyrixPersonalMonitor_Interactions [2] EventLog.png","210627/Spyrix-191025/11.5.31/Images/ACR-086/SpyrixPersonalMonitor_Interactions [3].png","210627/Spyrix-191025/11.5.31/Images/ACR-086/SpyrixPersonalMonitor_Interactions [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-097/SpyrixPersonalMonitor_LandingPage [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-097/SpyrixPersonalMonitor_LandingPage [3].png","210627/Spyrix-191025/11.5.31/Images/ACR-097/SpyrixPersonalMonitor_LandingPage [4].png","210627/Spyrix-191025/11.5.31/Images/ACR-116/SpyrixPersonalMonitor_SettingWizard [4].png"],"nonDeceptorImageFiles":["210627/Spyrix-191025/11.5.31/Images/ACR-040/SpyrixPersonalMonitor_HiddenDirectory [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-040/SpyrixPersonalMonitor_HiddenDirectory [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_Install [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_About [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_LandingPage [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_About [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_Install [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_LandingPage [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_LandingPage [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_Install [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-002/SpyrixPersonalMonitor_About [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-017/SpyrixPersonalMonitor_LandingPage [8].png","210627/Spyrix-191025/11.5.31/Images/ACR-099/SpyrixPersonalMonitor_About [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-099/SpyrixPersonalMonitor_LandingPage [1_].png","210627/Spyrix-191025/11.5.31/Images/ACR-099/SpyrixPersonalMonitor_LandingPage [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-099/SpyrixPersonalMonitor_OfferPage [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-082/SpyrixPersonalMonitor_LandingPage [6].png","210627/Spyrix-191025/11.5.31/Images/ACR-167/SpyrixPersonalMonitor_RefundPolicy [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-161/SpyrixPersonalMonitor_LandingPage [7].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_Install [1].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_Install [2].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_Install [3].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_Install [5].png","210627/Spyrix-191025/11.5.31/Images/ACR-065/SpyrixPersonalMonitor_About [1].png"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.31_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.31","sigName":"Deceptor:Win32/SpyrixPersonalMonitorStalkerware!048007084086097116","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":700},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos in the Internal offers page.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information in the software.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spm.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.5","fileVersion":"1.0.11.5","hashMD5":"e32a10e76938c3b20d773d6710fb6eab","hashSHA1":"a0619d56afc79ab42fc2900326f6e11768c985fb","hashSHA256":"c98f429b091a94b91a646df1919d2c6e652c0a4bcf3514498546119685448b07","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1775","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"9bb949672658967c73998186548f9323","hashSHA1":"1ee8cdf672cb2d4bb9db9ed43dba196c56d71f48","hashSHA256":"98c3a651f83bcd685d70faf2b87acf0af47038786dba95e7ba0c13d0fcce98eb","digitalCertThumbprint":"B8C567E9BE421D196F0F932FEBE59975B451AF71","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1775","avBlockList":["Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Bitdefender Internet Security (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","G DATA INTERNET SECURITY (20231003)","K7 Total Security (20231003)","Kaspersky Internet Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","SpyHunter5 (20231003)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20231003)","VIPRE Advanced Security (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)","Windows Defender (20231003)"],"avAllowList":["360 Total Security (20231003)","COMODO Antivirus (20231003)","Trend Micro Internet Security (20231003)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on keyloggers","reference":"","landingPage":"https://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/spm.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/spm.html","sourceIndex":"1775"}],"sampleFiles":["211202/Spyrix-191025/11.5.34/Samples/spm_setup.exe"],"imageFiles":["211202/Spyrix-191025/11.5.34/Images/ACR-048/ACR-048_Software_Hotkeys_Used.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-007/ACR-007_Software_False_Claims.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-007/ACR-007_Software_False_Claims_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-084/ACR-084_Software_Hides.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-084/ACR-084_Software_Hides_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-084/ACR-084_Software_Hides_2.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-086/ACR-086_Software_Transmits_Data.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-086/ACR-086_Software_Transmits_Data_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-086/ACR-086_Software_Transmits_Data_2.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-086/ACR-086_Software_Transmits_Data_3.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-097/ACR-097_Software_Evades_Security.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-097/ACR-097_Software_Evades_Security_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-097/ACR-097_Software_Evades_Security_2.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-116/ACR-116_Uninstall_Hides_App.JPG"],"nonDeceptorImageFiles":["211202/Spyrix-191025/11.5.34/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-040/ACR-040_Install_Hidden_Location_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-017/ACR-017_LandingPage_Unverifiable_Logos.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-099/ACR-099_Software_No_Uninstall_Information.jpg","211202/Spyrix-191025/11.5.34/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Information.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Information_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-099/SpyrixPersonalMonitor_OfferPage [1].png","211202/Spyrix-191025/11.5.34/Images/ACR-082/ACR-082_Software_Violates_Laws.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-167/ACR-167_Docs_Insufficient_Days_Refund.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-161/ACR-161_LandingPage_Unverifiable_Testimonials.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-065/ACR-065_Install_No_Docs_1.JPG","211202/Spyrix-191025/11.5.34/Images/ACR-065/ACR-065_Software_No_Docs.jpg"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.5.34_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.5.34","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":699},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos in the Internal offers page.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spm.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"9575f91d5d9f33cfc65c996d81d79f74","hashSHA1":"0c53b53b8a69fa4c6d6290cabc2286c2e9d7808b","hashSHA256":"62abc146d96fd11f0abbcab81088ccd0dae14b2d9d3839d6eeba928f85705491","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1040","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"73d1cae3f76c3e5ac49517259c296f6b","hashSHA1":"1b3707731521219f53396882d3771ff349224766","hashSHA256":"743733666a6e8e34c38945a98887f158cee069d58afea0a32a7f0cf83e99971c","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1040","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spr.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d6a7d0b6607f5285c2d10c4edd8ef7fd","hashSHA1":"41c97edc2a61400187132dccbbee35b29226dd43","hashSHA256":"d3ede5a421452e5d0dadadd1e8b782fdeeff801c85f93aec4cc5c75bf495c42b","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1040","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b1b3e7ca32c8dcdf90b36671c0671936","hashSHA1":"014cbfca58a45227929bd9ee201ef4830ad153bd","hashSHA256":"07caf4b5090a1a198398acfbd7310709c4e62fc6f0ebb7bf10467e54991e7cb3","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1040","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"58525ad22dc425ce3ee11d1d34492f69","hashSHA1":"b679003bab7492cbb24f5cc274fca90d6c2f7b5c","hashSHA256":"51bfd8539a85e26a967ba19b47fc7576eda84550ccb737467df848e5c1915337","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1040","avBlockList":["360 Total Security (20230829)","Avast Premium Security (20230829)","AVG Internet Security (20230829)","Avira Internet Security (20230829)","COMODO Antivirus (20230829)","Dr.Web Security Space (20230829)","ESET Internet Security (20230829)","G DATA INTERNET SECURITY (20230829)","K7 Total Security (20230829)","Kaspersky Internet Security (20230829)","Malwarebytes Premium (20230829)","McAfee Total Protection (20230829)","Norton Security (20230829)","Panda Dome (20230829)","Quick Heal Internet Security (20230829)","Sophos Home Premium (20230829)","SpyHunter5 (20230829)","Total AV Antivirus Pro (20230829)","Trend Micro Internet Security (20230829)","VirIT eXplorer PRO (20230829)","Webroot SecureAnywhere (20230829)"],"avAllowList":["Bitdefender Internet Security (20230829)","VIPRE Advanced Security (20230829)","Windows Defender (20230829)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/spm.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/spm.html","sourceIndex":"1040"}],"sampleFiles":["230616/Spyrix-191025/11.6.11/Samples/spm_setup.exe"],"imageFiles":["230616/Spyrix-191025/11.6.11/Images/ACR-048/ACR-048.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-048/ACR-048_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-007/ACR-007.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-007/ACR-007_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-007/ACR-007_2.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-017/ACR-017.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-084/ACR-084_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-084/ACR-084_2.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-084/ACR-084_3.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-084/ACR-084_4.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-086/ACR-086.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-086/ACR-086_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-086/ACR-086_2.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-086/ACR-086_3.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-097/ACR-097.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-097/ACR-097_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-097/ACR-097_2.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-097/ACR-097_3.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["230616/Spyrix-191025/11.6.11/Images/ACR-040/ACR-040.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-040/ACR-040_1.JPG","230616/Spyrix-191025/11.6.11/Images/ACR-082/ACR-082.JPG"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.6.11_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.6.11","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:38.6136124+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":698},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The  app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"a32cd2d683786eee1d63cb986f786379","hashSHA1":"992039d9e8e00bd483d60b358240779b7323a804","hashSHA256":"ae27a86c890c4ee457e7ed1503b25acd46c30b6bcdf5f5a6e4dc60795420f398","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"881","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\spr.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4730402560bcff83fba40e4a3557855c","hashSHA1":"2ec22bfe15218955610ea6f3b1bbd0e99a3d931c","hashSHA256":"9b630f4f133b0ec987c46bec76348597123d219fadf4a7f712d59a34892e338c","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"881","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d55dd0bad51d48c8d1c1f11cb46053d9","hashSHA1":"918911a96475c0aebd3db3621e434ac4e3a55b13","hashSHA256":"e7bc5835935b1967e3dec10e9b4db3bace0946807c48699e59cb0b033818de8c","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"881","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\All Users\\Security Monitor\\{78DDAC00-CE01-0AC2-C12A-7139DF1233AC}\\sem.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"2434c800b15e8c7cc717004b759f9c50","hashSHA1":"caee7a23cd54c67c8904df9332a5f7e087db4392","hashSHA256":"96b37f4c78a378921f44fee5e38df035126182f9354ae5c6d7fb816a0b3b819a","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"881","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyrixemployee.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6c13d14781e14c7de3c46d021af99641","hashSHA1":"01ac5edb2782aaedd089a76d8f940a3fb24359b4","hashSHA256":"a3d378181e22ede87c61a231a5716e1508561cd1e83b8ffce250463f9b688998","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"881","avBlockList":["360 Total Security (20231017)","Avast Premium Security (20231017)","AVG Internet Security (20231017)","Avira Internet Security (20231017)","COMODO Antivirus (20231017)","Dr.Web Security Space (20231017)","ESET Internet Security (20231017)","G DATA INTERNET SECURITY (20231017)","K7 Total Security (20231017)","Kaspersky Internet Security (20231017)","Malwarebytes Premium (20231017)","McAfee Total Protection (20231017)","Norton Security (20231017)","Panda Dome (20231017)","Sophos Home Premium (20231017)","SpyHunter5 (20231017)","Total AV Antivirus Pro (20231017)","VirIT eXplorer PRO (20231017)","Webroot SecureAnywhere (20231017)"],"avAllowList":["Bitdefender Internet Security (20231017)","Quick Heal Internet Security (20231017)","Trend Micro Internet Security (20231017)","VIPRE Advanced Security (20231017)","Windows Defender (20231017)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/sem.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/sem.html","sourceIndex":"881"}],"sampleFiles":["230929/Spyrix-191025/11.6.12/Samples/spyrixemployee.exe"],"imageFiles":["230929/Spyrix-191025/11.6.12/Images/ACR-048/ACR-048.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-048/ACR-048_1.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-007/ACR-007 (1).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-007/ACR-007 (2).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-007/ACR-007.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-084/ACR-084 (1).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-084/ACR-084 (2).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-084/ACR-084_3.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-086/ACR-086.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-086/ACR-086_1.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-086/ACR-086_2.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-086/ACR-086_3.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-097/ACR-097.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-097/ACR-097 (1).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-097/ACR-097 (2).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-097/ACR-097 (3).JPG","230929/Spyrix-191025/11.6.12/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["230929/Spyrix-191025/11.6.12/Images/ACR-040/ACR-040.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-040/ACR-040_1.JPG","230929/Spyrix-191025/11.6.12/Images/ACR-082/ACR-082.JPG"],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.6.12_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.6.12","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:34.2953278+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":697},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the desktop and the control panel, which limits the targeted consumer's ability to control the app. The app uses a password to hide its presence\n","ACR-007":"The app enables the consumer to hide it from the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notifications when it is running and requires a hotkey and password to open it.\n","ACR-084":"The app enables the user to hide the app from the desktop and the installed program list. The app is installed in a hidden folder and requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting its data to. The app does not inform the targeted consumer how it collects data and it uses a password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"The app calls itself \"spm.exe” which is not related to the app's name.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spm.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"f69357018fea30c11b4d911181f82422","hashSHA1":"130d8104c4ff3cd880d60d90eff56f3ae8ca9228","hashSHA256":"d941a5f495eb430bdcd6e61dc28774c7d6b29bad62efb2134917a897145a6bf3","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"719","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"cb40b842fe985b9d12292d7c4fac0c79","hashSHA1":"4158086c26f01e6e11296d48a862a66aae480694","hashSHA256":"4fd0abb9da27bed20b6960cc59f80747696fcfc19c98015d3d49b3d931f240e9","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"719","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spr.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"acdc0e6b5bcf9c07946166a690f5e4fe","hashSHA1":"6559c2fe9ea64e2e3fdf0f9fb7184ff6bc7c5f6d","hashSHA256":"9eaf3509a28643909f13a955bc3ffa89b267b4042cbd6b7c55181327eb139eb8","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"719","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"6e5251d042411c7d38f5dc1b6a660215","hashSHA1":"41b3863f06d8c5573ac89e79e25c98a1c3d6df92","hashSHA256":"8d21926c20c30d8b68e2a3802e1589b24678d24a638fda04549828a330a41a3c","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"719","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"fc35ff9a236230b0abc1a449286e97c9","hashSHA1":"1812414a94983763c459245174aecea6194648d4","hashSHA256":"97a9eeb8d3f3ef69f8929b140a3a728759da382fa9c23f337d3553ef694a707b","digitalCertThumbprint":"3808A26A7AA1A7F08944370EDD5149F514CF6B0F","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"719","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"Hunt.Search","landingPage":"https://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/spm.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/spm.html","sourceIndex":"719"}],"sampleFiles":["240306/Spyrix-191025/11.6.15/Samples/spm_setup.exe"],"imageFiles":["240306/Spyrix-191025/11.6.15/Images/ACR-048/ACR-048_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-048/ACR-048_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-048/ACR-048_3.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-048/ACR-048_4.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-007/ACR-007.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-007/ACR-007_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-007/ACR-007_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-007/ACR-007_3.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-014/ACR-014.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_3.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_4.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-084/ACR-084_5.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-086/ACR-086.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-086/ACR-086_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-086/ACR-086_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-097/ACR-097.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-097/ACR-097_1.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-097/ACR-097_2.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-097/ACR-097_3.PNG","240306/Spyrix-191025/11.6.15/Images/ACR-116/ACR-116.PNG"],"nonDeceptorImageFiles":[],"guid":"0028385f-ef94-4496-81c2-fc3792e5ca9a_11.6.15_1","appID":"Spyrix-191025","dateAdded":"240306","deceptorType":"App","name":"Spyrix Personal Monitor","company":"Spyrix Security Inc.","version":"11.6.15","lastKnownStatus":"11.5.2;11.5.21;11.5.18;11.5.30;11.5.31;11.5.34;11.6.11;11.6.12;11.6.15","lastKnownDate":"240306","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:29.1113743+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":696},{"violations":{"ACR-042":"Third-party components \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" are dropped without any disclosure.\n","ACR-043":"1. Third-party components \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" are dropped without any disclosure.\n2. The \"WhitehatVPN\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not obtain any authorization for using third-party components: \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" \n","ACR-048":"The app does not provide any control to close the app completely and remove its background processes within the app's settings.\n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer and may record the system's Usage Data and metrics including IP. \n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatData.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatData","productVersion":"1.22.11.26","fileVersion":"1.22.11.26","hashMD5":"637b95d94a9e2449a013c2a5cdc7ec22","hashSHA1":"082ca6140c32bc994ab9b2682c8fe4b073e0f905","hashSHA256":"122fac0b0d282d446ac08f9a6c579d7563b3651736b1921d8590a0a9bb37ab3f","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1035","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.11.29","fileVersion":"1.22.11.29","hashMD5":"6f21c4dcbf9d4f064f14c1f8b817d05e","hashSHA1":"7ecb8656def9bb1ea99807ceeda17ee0a5ed2c7d","hashSHA256":"7d269744a6d66e72a07a9c2febd9797533d704822dab9dcf395db0c464584f14","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1035","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WhiteHatVPN1_22_11_28_3.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.11.29","fileVersion":"1.22.11.29","hashMD5":"f1e36e3d780827c818b5426dba6931bd","hashSHA1":"6942b2441c0fb33efafb870fec8ca4fd4ee5a234","hashSHA256":"e73d723bdb32ae7d4a86ed55fa581a9717a335111cfa60ce2edd221da5229a32","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1035","avBlockList":["360 Total Security (20240716)","Avast Premium Security (20240716)","AVG Internet Security (20240716)","Avira Internet Security (20240716)","ESET Internet Security (20240716)","G DATA INTERNET SECURITY (20240716)","K7 Total Security (20240716)","Kaspersky Internet Security (20240716)","Malwarebytes Premium (20240716)","McAfee Total Protection (20240716)","Norton Security (20240716)","Panda Dome (20240716)","Quick Heal Internet Security (20240716)","Sophos Home Premium (20240716)","SpyHunter5 (20240716)","Total AV Antivirus Pro (20240716)","VirIT eXplorer PRO (20240716)","Webroot SecureAnywhere (20240716)","Windows Defender (20240716)","FortectPremium (20240716)"],"avAllowList":["Bitdefender Internet Security (20240716)","COMODO Antivirus (20240716)","Dr.Web Security Space (20240716)","Trend Micro Internet Security (20240716)","VIPRE Advanced Security (20240716)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com/","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"1035"}],"sampleFiles":["230622/WhitehatVPN-221212/1.22.11.29/Samples/WhiteHatVPN1_22_11_28_3.exe"],"imageFiles":["230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-043/ACR-043.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-043/ACR-043_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-043/ACR-043_2.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-043/ACR-043_3.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-107/ACR-107.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-107/ACR-107_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-107/ACR-107_2.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-042/ACR-042.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-042/ACR-042_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-042/ACR-042_2.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-007/ACR-007.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-007/ACR-007_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-084/ACR-084.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-084/ACR-084_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-084/ACR-084_2.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-048/ACR-048.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-048/ACR-048_1.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-003/ACR-003.JPG","230622/WhitehatVPN-221212/1.22.11.29/Images/ACR-014/ACR-014.JPG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.22.11.29_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.22.11.29","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":710},{"violations":{"ACR-109":"The application silently installs the app \"TAP Driver Windows\" before the user chose and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure. \n","ACR-043":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure.\n3. The \"WhitehatVPN\" components get dropped in one click without asking the user's permission and disclosing the installation path\n","ACR-107":"The app does not obtain any authorization for using third-party components: Open VPN and Wintun. \n","ACR-048":"The app does not provide any control to remove the startup and close the app completely and remove its background processes within the app's settings.\n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"1. The app creates undisclosed startup items to perform actions without the consumer's knowledge and consent.\n2. On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer and may record the system's Usage Data and metrics including IP. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed and running\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED RABBIT LIMITE\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.23.06.25","fileVersion":"1.23.6.25","hashMD5":"a14ce514e33f3e5d2af6fe5a9e88c04a","hashSHA1":"ba93f963b4542f0d8d8c21e9a814b6ea8facef81","hashSHA256":"c63c655e695b27fa4999d277504048516ed1d91d67316255970bae6f3f53efeb","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1012","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"whitehatvpn230615.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITE","productName":"WhitehatVPN","productVersion":"1.23.0.15","fileVersion":"1.23.0.15","hashMD5":"09dc312570dcb4b40721e972d00f9005","hashSHA1":"442dfd645c81b6a4fb26c8847b0db0a01ba04f5d","hashSHA256":"e535d87e7584d5d1636df18a860978dbd6cf8178b109636659dcf893cb34c095","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1012","avBlockList":["360 Total Security (20230817)","Avast Premium Security (20230817)","AVG Internet Security (20230817)","Avira Internet Security (20230817)","Bitdefender Internet Security (20230817)","COMODO Antivirus (20230817)","ESET Internet Security (20230817)","G DATA INTERNET SECURITY (20230817)","K7 Total Security (20230817)","Kaspersky Internet Security (20230817)","Malwarebytes Premium (20230817)","McAfee Total Protection (20230817)","Norton Security (20230817)","Panda Dome (20230817)","Quick Heal Internet Security (20230817)","Sophos Home Premium (20230817)","SpyHunter5 (20230817)","Total AV Antivirus Pro (20230817)","VIPRE Advanced Security (20230817)","VirIT eXplorer PRO (20230817)","Webroot SecureAnywhere (20230817)","Windows Defender (20230817)"],"avAllowList":["Dr.Web Security Space (20230817)","Trend Micro Internet Security (20230817)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"1012"}],"sampleFiles":["230706/WhitehatVPN-221212/1.23.0.15/Samples/whitehatvpn230615.exe"],"imageFiles":["230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-109/ACR-109.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-109/ACR-109_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-039/ACR-039.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-039/ACR-039_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-043/ACR-043.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-043/ACR-043_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-043/ACR-043_2.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-043/ACR-043_3.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-107/ACR-107.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-107/ACR-107_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-042/ACR-042.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-042/ACR-042_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-042/ACR-042_2.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-007/ACR-007.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-007/ACR-007_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-084/ACR-084.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-084/ACR-084_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-084/ACR-084_2.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-084/ACR-084_3.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-048/ACR-048.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-048/ACR-048_1.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-048/ACR-048_2.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-003/ACR-003.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-014/ACR-014.JPG","230706/WhitehatVPN-221212/1.23.0.15/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.23.0.15_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.23.0.15","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":709},{"violations":{"ACR-109":"The application silently installs the app \"TAP Driver Windows\" before the user chose and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure. \n3. The \"WhitehatVPN\" components get dropped in one click without asking the user's permission and disclosing the installation path\n","ACR-043":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure.\n\n","ACR-107":"The app does not obtain any authorization for using third-party components: Open VPN and Wintun. \n","ACR-048":"The app does not provide any control to close the app completely and remove its background processes within the app's settings.\n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer and may record the system's Usage Data and metrics including IP. \n","ACR-117":"The app attempts to conceal the Uninstall button at Uninstall.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"The app retains its monetization components after uninstall.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed and running\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation. \n","ACR-124":"The app attempts to conceal the Uninstall button at Uninstall.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.11.28","fileVersion":"1.22.11.28","hashMD5":"a74d56414c7517e7de55c81a72620274","hashSHA1":"4886f15519916f41cdbc04be1fb2017914bba4c4","hashSHA256":"257125f7d831043b4eb86f73d8500bccaafb1f8467c7d08429ead638e7a07ede","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"887","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WhiteHatVPN1_22_11_28_1.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.11.28","fileVersion":"1.22.11.28","hashMD5":"652d1235d21b74068342ba47e5eeed71","hashSHA1":"711c21fb541353e0e816138f269d393763dabba5","hashSHA256":"ac3e9f24f6a19481dca137aadfa4c4d40c24f618d5bff436622fa85b23f24ac3","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"887","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","COMODO Antivirus (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)","Windows Defender (20240523)"],"avAllowList":["Bitdefender Internet Security (20240523)","Dr.Web Security Space (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"887"}],"sampleFiles":["230927/WhitehatVPN-221212/1.22.11.28/Samples/WhiteHatVPN1_22_11_28_1.exe"],"imageFiles":["230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-109/ACR-109.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-109/ACR-109_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-039/ACR-039.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-039/ACR-039_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-043/ACR-043.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-043/ACR-043_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-043/ACR-043_2.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-107/ACR-107.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-107/ACR-107_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-042/ACR-042.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-042/ACR-042_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-042/ACR-042_2.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-042/ACR-042_3.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-007/ACR-007.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-007/ACR-007_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-084/ACR-084.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-084/ACR-084_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-084/ACR-084_2.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-048/ACR-048.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-048/ACR-048_1.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-003/ACR-003.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-014/ACR-014.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-117/ACR-117.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-118/ACR-118.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-119/ACR-119.PNG","230927/WhitehatVPN-221212/1.22.11.28/Images/ACR-124/ACR-124.PNG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.22.11.28_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.22.11.28","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":708},{"violations":{"ACR-042":"Third-party components \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" are dropped without any disclosure.\n\n","ACR-043":"Third-party components \"TAP Driver Windows\", \"Open VPN\" and \"Wintun\" are dropped without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components: TAP Driver Windows, Open VPN, and Wintun. \n","ACR-048":"The resource sharing service is still running even after the application exit. \n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-084":"1. Processes still run silently in the background without any notification when application VPN is disconnected and closed. \n2. The app creates undisclosed startup items to perform actions without the consumer's knowledge and consent.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed and running\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED WHITEHAT LIMITED\\WhitehatVPN\\WhitehatServer.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatServer","productVersion":"1.24.1.11","fileVersion":"1.24.1.11","hashMD5":"944f034076e57a6b6429989e83a80406","hashSHA1":"52c113fd629f40addbcdcd1356e6a0410c0e8f75","hashSHA256":"7f069936d639cb245139b9fb1040c6941412d73afad8d7388f253503bb9dc664","digitalCertThumbprint":"8D5A50B33EA992EC9B6C495546E4ACD9D4D5F84B","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED WHITEHAT LIMITED\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.24.1.10","fileVersion":"1.24.1.10","hashMD5":"5b89b1d73d8d9a6c746692980b5826c4","hashSHA1":"65ffb3cb0a1e7071d0235e33f8d5dcf2ba4370ad","hashSHA256":"ca11af4c8998fb0496dba7bbdcc58eb229486e6cb6b9a98d8cd79530bfb8ea4a","digitalCertThumbprint":"8D5A50B33EA992EC9B6C495546E4ACD9D4D5F84B","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"723","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WhitehatVPNInstall.exe","isInstaller":"True","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPNInstall","productVersion":"1.24.1.11","fileVersion":"1.24.1.11","hashMD5":"a3ebcc054af549ea7af504c6fc88c9bf","hashSHA1":"d0db23566bc1c4477dbaf7fd9bfce530d4da770f","hashSHA256":"17cdb1803f4a2bf66247b1c7348a1b4b428128453c6fd0a8ec32197ea75c092f","digitalCertThumbprint":"8D5A50B33EA992EC9B6C495546E4ACD9D4D5F84B","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"723","avBlockList":["Avast Premium Security (20240502)","AVG Internet Security (20240502)","Avira Internet Security (20240502)","K7 Total Security (20240502)","Kaspersky Internet Security (20240502)","Malwarebytes Premium (20240502)","Norton Security (20240502)","Panda Dome (20240502)","Sophos Home Premium (20240502)","SpyHunter5 (20240502)","Total AV Antivirus Pro (20240502)","VirIT eXplorer PRO (20240502)","Webroot SecureAnywhere (20240502)"],"avAllowList":["360 Total Security (20240502)","Bitdefender Internet Security (20240502)","COMODO Antivirus (20240502)","Dr.Web Security Space (20240502)","ESET Internet Security (20240502)","G DATA INTERNET SECURITY (20240502)","McAfee Total Protection (20240502)","Quick Heal Internet Security (20240502)","Trend Micro Internet Security (20240502)","VIPRE Advanced Security (20240502)","Windows Defender (20240502)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"723"}],"sampleFiles":["240301/WhitehatVPN-221212/1.24.1.11/Samples/WhitehatVPNInstall.exe"],"imageFiles":["240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-043/ACR-043.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-043/ACR-043_1.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-043/ACR-043_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-107/ACR-107.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-107/ACR-107_1.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-107/ACR-107_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-042/ACR-042.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-042/ACR-042_1.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-042/ACR-042_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084_1.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084_3.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-084/ACR-084_Software_1.png","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-048/ACR-048_2.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-048/ACR-048_Software_1.png","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-003/ACR-003.PNG","240301/WhitehatVPN-221212/1.24.1.11/Images/ACR-014/ACR-014.PNG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.24.1.11_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.24.1.11","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T22:40:33.026917+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":707},{"violations":{"ACR-109":"The application silently installs the app \"TAP Driver Windows\" before the user chose and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure.\n","ACR-043":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation. \n2. Third-party components \"Open VPN\" and \"Wintun\" are installed without any disclosure.\n3. The \"WhitehatVPN\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-107":"The app does not obtain any authorization for using third-party components: Open VPN and Wintun.\n","ACR-048":"The app does not provide any control to close the app completely and remove its background processes within the app's settings.\n","ACR-003":"The app displays misleading status \"Your IP is Unprotected\" when VPN connection is turned off. Although system has another VPN service is running.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer and may record the system's Usage Data and metrics including IP. \n","ACR-117":" The app attempts to conceal the Uninstall button at Uninstall. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation.\n","ACR-124":"The app attempts to conceal the Uninstall button at Uninstall. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatData.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatData","productVersion":"1.22.11.26","fileVersion":"1.22.11.26","hashMD5":"c0f3af18ac34f721e11fdf5e9174b609","hashSHA1":"e1c7aeff4b65491ec002ff3b3ae65e0e359fba0f","hashSHA256":"a50b04f4ab94b0ced67368d38cd8c4b75ab26bffce2f04f3841232a984cbfd21","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1113","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\HIGH SPEED RABBIT LIMITED\\WhitehatVPN\\WhitehatVPN.exe","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.23.01.06","fileVersion":"1.23.1.6","hashMD5":"aad3e4e500a61f1777b22cc46f130be9","hashSHA1":"c78392a26705d7dbbb34c5389c55eeee8069816c","hashSHA256":"0b207a2e7d4abb3ace89327c3e77c171ae4c19f14d1c56ec41ae1498086f0d6d","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1113","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WhiteHatVPN12316__.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"WhitehatVPN","productVersion":"1.23.1.6","fileVersion":"1.23.1.6","hashMD5":"137d8b9d82330d1c2e6a00d26174b8c2","hashSHA1":"90937d0a6126c1029a69c555c2758bde88bf1b99","hashSHA256":"5e2d5a0043d7006e64844ed2c8af7357d6d37999ed2114a5b3831b317278c7d9","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"WoTrus Code Signing 2021 CA","digitalCertIssuedTo":"HIGH SPEED RABBIT LIMITED","storeId":"","sourceIndex":"1113","avBlockList":["360 Total Security (20230525)","Avast Premium Security (20230525)","AVG Internet Security (20230525)","Avira Internet Security (20230525)","Bitdefender Internet Security (20230525)","COMODO Antivirus (20230525)","ESET Internet Security (20230525)","G DATA INTERNET SECURITY (20230525)","K7 Total Security (20230525)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20230525)","McAfee Total Protection (20230525)","Norton Security (20230525)","Panda Dome (20230525)","Quick Heal Internet Security (20230525)","Sophos Home Premium (20230525)","SpyHunter5 (20230525)","Total AV Antivirus Pro (20230525)","VIPRE Advanced Security (20230525)","VirIT eXplorer PRO (20230525)","Webroot SecureAnywhere (20230525)","Windows Defender (20230525)"],"avAllowList":["Dr.Web Security Space (20230525)","Trend Micro Internet Security (20230525)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.whitehatvpn.com/","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"1113"}],"sampleFiles":["230508/WhitehatVPN-221212/1.23.1.6/Samples/WhiteHatVPN12316__.exe"],"imageFiles":["230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-109/ACR-109.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-109/ACR-109_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-039/ACR-039.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-039/ACR-039_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-043/ACR-043.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-043/ACR-043_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-043/ACR-043_2.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-043/ACR-043_3.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-107/ACR-107_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-107/ACR-107_2.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-042/ACR-042.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-042/ACR-042_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-042/ACR-042_2.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-007/ACR-007.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-007/ACR-007_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-084/ACR-084.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-084/ACR-084_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-084/ACR-084_2.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-048/ACR-048.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-048/ACR-048_1.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-003/ACR-003.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-014/ACR-014.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-117/ACR-117.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-118/ACR-118.JPG","230508/WhitehatVPN-221212/1.23.1.6/Images/ACR-124/ACR-124.JPG"],"nonDeceptorImageFiles":[],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.23.1.6_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.23.1.6","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":711},{"violations":{"ACR-043":"Third party components \"Open VPN\" and \"Wintun\" are installed without any disclosure in the EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party components: Open VPN and Wintun.\n","ACR-003":"The app displays \"Your IP is Unprotected\" when disconnected from the VPN. This is misleading with unsubstantiated claim.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n\n","ACR-084":"Quitting the app keeps other processes running in the background without notifying the consumer and may record system's Usage Data and metrics including IP. \n","ACR-117":" The app attempts to conceal the Uninstall button at Uninstall. \n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed.\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information. \nLanding Page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"WhitehatVPN.exe","isInstaller":"True","companyName":"HIGH SPEED WHITEHAT LIMITED","productName":"WhitehatVPN","productVersion":"1.22.12.8","fileVersion":"1.22.12.8","hashMD5":"e63a342351e247e1323ce575f72bd674","hashSHA1":"31ac064c1b37adba6856ff481c01d4a48933abd0","hashSHA256":"b796f5a944dc6b73aee9268925e9aae09740983f1d746b59d27a33129353b345","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"CN=WoTrus Code Signing 2021 CA, O=WoTrus CA Limited, C=CN","digitalCertIssuedTo":"CN=HIGH SPEED RABBIT LIMITED, O=HIGH SPEED RABBIT LIMITED, L=London, C=GB","sourceIndex":"1245","avBlockList":["360 Total Security (20240723)","Avast Premium Security (20240723)","AVG Internet Security (20240723)","Avira Internet Security (20240723)","Bitdefender Internet Security (20240723)","COMODO Antivirus (20240723)","ESET Internet Security (20240723)","G DATA INTERNET SECURITY (20240723)","K7 Total Security (20240723)","Kaspersky Internet Security (20240723)","Malwarebytes Premium (20240723)","McAfee Total Protection (20240723)","Norton Security (20240723)","Panda Dome (20240723)","Quick Heal Internet Security (20240723)","Sophos Home Premium (20240723)","SpyHunter5 (20240723)","Total AV Antivirus Pro (20240723)","Trend Micro Internet Security (20240723)","VIPRE Advanced Security (20240723)","VirIT eXplorer PRO (20240723)","Webroot SecureAnywhere (20240723)","Windows Defender (20240723)","FortectPremium (20240723)"],"avAllowList":["Dr.Web Security Space (20240723)"]},{"isRevoked":"False","fileName":"WhiteHatVPN1_22_12_9.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"WhitehatVPN","fileVersion":"1.22.12.9","hashMD5":"3a45f190d4713355ade3a97a53b1f0b8","hashSHA1":"8a925b278ebec1f0ee429bfab1c51112eddb3750","hashSHA256":"4f0439fd31a007958fe6747ae0e7f4303e0229121dd4021d34f39a9644a02f1f","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"CN=WoTrus Code Signing 2021 CA, O=WoTrus CA Limited, C=CN","digitalCertIssuedTo":"CN=HIGH SPEED RABBIT LIMITED, O=HIGH SPEED RABBIT LIMITED, L=London, C=GB","sourceIndex":"1245","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","ESET Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","K7 Total Security (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Panda Dome (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)"],"avAllowList":["COMODO Antivirus (20230119)","Dr.Web Security Space (20230119)","Kaspersky Internet Security (20230119)","Malwarebytes Premium (20230119)","Quick Heal Internet Security (20230119)","Trend Micro Internet Security (20230119)","Webroot SecureAnywhere (20230119)","Windows Defender (20230119)"]}],"additionalFiles":[],"sources":[{"howFound":"searched vpn for windows on google","reference":"","landingPage":"https://www.whitehatvpn.com","directDownloadingLink":"https://www.whitehatvpn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.whitehatvpn.com/download.html","sourceIndex":"1245"}],"sampleFiles":["230113/WhitehatVPN-221212/1.22.12.9/Samples/WhitehatVPN.exe","230113/WhitehatVPN-221212/1.22.12.9/Samples/WhiteHatVPN1_22_12_9.exe"],"imageFiles":["230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-039/ACR-039_TAPWindows-b.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-039/ACR-039_TAPWindows.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-043/OpenVPN.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-043/Wintun.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-107/OpenVPN.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-107/Wintun.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-107/ACR-107_3rdParty.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-007/ACR-007_SharingIP_resources.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-007/ACR-007_DataUsage.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-084/ACR-048_084.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-084/ACR-007_DataUsage.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-084/UsageData.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-003/ACR-003_014_UnprotectedStatus.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-014/ACR-003_014_UnprotectedStatus.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-117/ACR-117_Obscured_Uninstall_button.jpg"],"nonDeceptorImageFiles":["230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-099/ACR-099.jpg","230113/WhitehatVPN-221212/1.22.12.9/Images/ACR-099/WhitehatVPN_LandingPage.jpeg"],"guid":"97b0746f-3293-4194-bb87-96b87bede060_1.22.12.9_1","appID":"WhitehatVPN-221212","dateAdded":"240301","deceptorType":"App","name":"WhiteHat VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.22.12.9","lastKnownStatus":"1.22.12.9;1.23.1.6;1.22.11.29;1.23.0.15;1.22.11.28;1.24.1.11","lastKnownDate":"240301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-03-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":712},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection, when the app is re-enabled at least for the 1st time.\n\n\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. \n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"%AppData%\\Local\\Programs\\\"\n\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Pinaview\" process is running. \n"},"samples":[{"isRevoked":"False","fileName":"Pinaview-setup.exe","isInstaller":"True","companyName":"Pinaview                                                    ","fileVersion":"1.0","hashMD5":"c66d326bd45c934336733a5334933504","hashSHA1":"cf439e26adae38501c41ca0ae35352f6a7cbeb6c","hashSHA256":"96ca11e568ee3d43f4e4068d0b791f17b95f3cc47291c7903b692c92afa22609","digitalCertThumbprint":"1BB26C027214454F668B780B3DB025E3E81B0307","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ra’s al Khaymah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"597","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Total AV Antivirus Pro (20240430)","Trend Micro Internet Security (20240430)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)"],"avAllowList":["COMODO Antivirus (20240430)","Dr.Web Security Space (20240430)","McAfee Total Protection (20240430)","Windows Defender (20240430)"]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing, passive income, SDK","reference":"","landingPage":"https://pinaview.com/","directDownloadingLink":"https://pinaview.com/downloads/Pinaview.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pinaview.com/downloads/Pinaview.exe","sourceIndex":"597"}],"sampleFiles":["240229/Pinaview-240229/1.0.2.0/Samples/Pinaview-setup.exe"],"imageFiles":["240229/Pinaview-240229/1.0.2.0/Images/ACR-007/ACR-007_Install_1.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-084/ACR-084_Software_1.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-084/ACR-084_Software_2.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-007/ACR-007_Software.gif"],"nonDeceptorImageFiles":["240229/Pinaview-240229/1.0.2.0/Images/ACR-040/ACR-040_Install_1.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-098/ACR-098_Software_1.png","240229/Pinaview-240229/1.0.2.0/Images/ACR-098/ACR-098_Software_2.png"],"guid":"e201cd1a-d013-4129-b5cb-272677a0b8a2_1.0.2.0_1","appID":"Pinaview-240229","dateAdded":"240229","deceptorType":"App","name":"Pinaview","company":"Globalhop","version":"1.0.2.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.6.0","resolved":"TRUE","lastKnownStatus":"1.0.2.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 11,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2024-07-12T21:18:14.8746828+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":263},{"violations":{"ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by sharing internet resources.\nThe app does not display explicit notification about the potential risk in security posture caused by sharing network connection, when the app is re-enabled at least for the 1st time.\n","ACR-084":"The process keeps running in the background despite disabling app and connection option. \n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"%AppData%\\Local\\Programs\\\"\n","ACR-098":"The app needs to provide control to adjust the schedule and rate while the \"Viewndow\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"viewndowlp.exe","isInstaller":"True","companyName":"Viewndow                                                    ","fileVersion":"1.0","hashMD5":"45dc770549a636543076e997f0a30637","hashSHA1":"1b239a825198db0801be8da11dced088e14747a9","hashSHA256":"9e51f4f0e3b15565d5fcc874888e331f35d0948795e5c46a2ef74bfb3ff9c946","digitalCertThumbprint":"1BB26C027214454F668B780B3DB025E3E81B0307","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cleversort FZ-LLC, O=Cleversort FZ-LLC, S=Ra’s al Khaymah, C=AE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AE, SERIALNUMBER=11478657","sourceIndex":"598","avBlockList":["360 Total Security (20240430)","Avast Premium Security (20240430)","AVG Internet Security (20240430)","Avira Internet Security (20240430)","Bitdefender Internet Security (20240430)","ESET Internet Security (20240430)","G DATA INTERNET SECURITY (20240430)","K7 Total Security (20240430)","Kaspersky Internet Security (20240430)","Malwarebytes Premium (20240430)","Norton Security (20240430)","Panda Dome (20240430)","Quick Heal Internet Security (20240430)","Sophos Home Premium (20240430)","SpyHunter5 (20240430)","Total AV Antivirus Pro (20240430)","Trend Micro Internet Security (20240430)","VIPRE Advanced Security (20240430)","VirIT eXplorer PRO (20240430)","Webroot SecureAnywhere (20240430)"],"avAllowList":["COMODO Antivirus (20240430)","Dr.Web Security Space (20240430)","McAfee Total Protection (20240430)","Windows Defender (20240430)"]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing, passive income, SDK","reference":"","landingPage":"https://viewndow.com/","directDownloadingLink":"https://viewndow.com/downloads/viewndowlp.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://viewndow.com/downloads/viewndowlp.exe","sourceIndex":"598"}],"sampleFiles":["240229/Viewndow-240229/1.0.6.0/Samples/viewndowlp.exe"],"imageFiles":["240229/Viewndow-240229/1.0.6.0/Images/ACR-007/ACR-007_Install_1.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-084/ACR-084_Software_1.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-084/ACR-084_Software_2.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-007/ACR-007_Software.gif"],"nonDeceptorImageFiles":["240229/Viewndow-240229/1.0.6.0/Images/ACR-040/ACR-040_Install_1.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-098/ACR-098_Software_1.png","240229/Viewndow-240229/1.0.6.0/Images/ACR-098/ACR-098_Software_2.png"],"guid":"c7dd9beb-567f-4901-8d1a-e2715946d0d7_1.0.6.0_1","appID":"Viewndow-240229","dateAdded":"240229","deceptorType":"App","name":"Viewndow","company":"Globalhop","version":"1.0.6.0","firstVendorContactDate":"240531","firstAppEsteemReplyDate":"240604","firstResolvedDate":"240712","firstResolvedVersion":"1.0.8.0","resolved":"TRUE","lastKnownStatus":"1.0.6.0","lastKnownDate":"240712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows 11,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"net proxy,none","lastUpdate":"2024-07-12T21:14:47.1043735+00:00","notDistributed":false,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":262},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FileZilla_3.66.5_win64_sponsored2-setup.exe","isInstaller":"True","companyName":"Tim Kosse","productName":"FileZilla","productVersion":"3.66.5","fileVersion":"3.66.5","hashMD5":"861c54a22491b35880f4ec629cfd699f","hashSHA1":"71a32e0d99f6d6a36770bf60686c4ac04eb9d70c","hashSHA256":"dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce","digitalCertThumbprint":"E57CE01F6A5E1D4C522BC68488AF53D9BAD13AB7","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Tim Kosse","storeId":"","sourceIndex":"724","avBlockList":["ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","Malwarebytes Premium (20240725)","Norton Security (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","McAfee Total Protection (20240725)","Panda Dome (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"Security Partner Report","reference":"","landingPage":"https://filezilla-project.org/download.php?type=client","directDownloadingLink":"https://download.filezilla-project.org/client/FileZilla_3.66.5_win64_sponsored2-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.filezilla-project.org/client/FileZilla_3.66.5_win64_sponsored2-setup.exe","sourceIndex":"724"}],"sampleFiles":["240227/FileZilla-240223/3.66.5/Samples/FileZilla_3.66.5_win64_sponsored2-setup.exe"],"imageFiles":["240227/FileZilla-240223/3.66.5/Images/ACR-013/ACR-013.PNG","240227/FileZilla-240223/3.66.5/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":[],"guid":"643776a7-0ad9-4afc-a7e4-9f82810281b9_3.66.5_1","appID":"FileZilla-240223","dateAdded":"240227","deceptorType":"Bundler","name":"FileZilla","company":"Tim Kosse","version":"3.66.5","lastKnownStatus":"3.66.5","lastKnownDate":"240227","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows 11","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-02-27T21:05:49.8763687+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":713},{"violations":{"ACR-109":"The app downloads \"\"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 10.8.2.4 vs version 10.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version 10.8.2.4 vs version 10.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"MusicEditorFree.exe","fileVersion":"0.0","hashMD5":"4f2294cb6778079e0f3392664e68adef","hashSHA1":"51988286cfd5b7b780b63f5f99bea6eb7536d93c","hashSHA256":"5a66f4c0a077cd744c3bbbbe4810828b3bfb97f8309f2602f44058120b3f8711","sourceIndex":"1484","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MusicEditorFree-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 MEFMedia, Inc.                         ","fileVersion":"0.0","hashMD5":"2a9ee2d650aba69210ed0005329d05d1","hashSHA1":"54e8c89a72ac4caa8ab2f8a7da6f3f288d44fb00","hashSHA256":"b4b60a57af269849ce9432f34f25dab29d1551c596ddc2cf727c6be3faf9a6b0","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1484","avBlockList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","McAfee Total Protection (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VIPRE Advanced Security (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)","Windows Defender (20240227)"],"avAllowList":["Quick Heal Internet Security (20240227)","Tencent PC Manager (20220804)","Trend Micro Internet Security (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/","directDownloadingLink":"https://music-editor.net/MusicEditorFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/MusicEditorFree.exe","sourceIndex":"1484"}],"sampleFiles":["220801/MusicEditorFree-220729/10.8/Samples/MusicEditorFree.exe","220801/MusicEditorFree-220729/10.8/Samples/MusicEditorFree-setup.exe"],"imageFiles":["220801/MusicEditorFree-220729/10.8/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-010/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-057/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-059/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-071/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220801/MusicEditorFree-220729/10.8/Images/ACR-002/ACR-002_Mismatched_version.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-106/RelevantKnowledge.jpg","220801/MusicEditorFree-220729/10.8/Images/ACR-002/ACR-002_Mismatched_version.jpg"],"guid":"cfea653f-9ed2-426d-9fcf-d62007931275_10.8_1","appID":"MusicEditorFree-220729","dateAdded":"240220","deceptorType":"App","name":"Music Editor Free","company":"MEFMedia","version":"10.8","lastKnownStatus":"10.8;10.8.3.0","lastKnownDate":"240220","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-02-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":717},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"MusicEditorFree.exe","isInstaller":"True","companyName":"Copyright© 2005-2024 MEFMedia Inc.                         ","productName":"Music Editor Free                                           ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"ad07c4d5e9f290e3e914a75f89ceeba2","hashSHA1":"941e3357772ec502259b03678936136011d57222","hashSHA256":"b3888d58cbde1b7fbe0639b2f7bb4434548476a34742371a9c5f582b70ae89e9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"726","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":["Quick Heal Internet Security (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/","directDownloadingLink":"https://music-editor.net/MusicEditorFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/MusicEditorFree.exe","sourceIndex":"726"}],"sampleFiles":["240220/MusicEditorFree-220729/10.8.3.0/Samples/MusicEditorFree.exe"],"imageFiles":["240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-109/ACR-109_Install_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-042/ACR-042_Install_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-010/ACR-010_Install_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-013/ACR-013_Install_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-118/ACR-118_Uninstall_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-118/ACR-118_Uninstall_2.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-106/ACR-106_Software_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-092/ACR-092_Software_1.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-092/ACR-092_Software_2.png","240220/MusicEditorFree-220729/10.8.3.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"cfea653f-9ed2-426d-9fcf-d62007931275_10.8.3.0_1","appID":"MusicEditorFree-220729","dateAdded":"240220","deceptorType":"App","name":"Music Editor Free","company":"MEFMedia","version":"10.8.3.0","lastKnownStatus":"10.8;10.8.3.0","lastKnownDate":"240220","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-02-20T23:35:40.3597689+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":716},{"violations":{"ACR-109":"The app downloads \"\"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\n","ACR-010":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version4.8.2.4 vs version 4.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version4.8.2.4 vs version 4.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"VidMateVideoConverter.exe","productName":"VidMate Video Converter   ","fileVersion":"1.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","sourceIndex":"1487","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VidMateVideoConverter-setup.exe","isInstaller":"True","companyName":"MEFMedia Co., Ltd.                                          ","productName":"VidMate Video Converter   ","fileVersion":"0.0","hashMD5":"ca22b9c8750b9a7395944f9337457597","hashSHA1":"5069fc52f671ff3e6af4f7f8ca5797eabbebb208","hashSHA256":"0bf935cd539eb91e853cd99584f217f18574ab638ab19c625f55f94ea54ef881","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1487","avBlockList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","Dr.Web Security Space (20240307)","ESET Internet Security (20240307)","G DATA INTERNET SECURITY (20240307)","K7 Total Security (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","McAfee Total Protection (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","VIPRE Advanced Security (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)","Windows Defender (20240307)"],"avAllowList":["COMODO Antivirus (20240307)","Quick Heal Internet Security (20240307)","Trend Micro Internet Security (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/vidmatevideoconverter/","directDownloadingLink":"https://music-editor.net/VidMateVideoConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/VidMateVideoConverter.exe","sourceIndex":"1487"}],"sampleFiles":["220801/VidMateVideoConverter-220729/8.8.0/Samples/VidMateVideoConverter.exe","220801/VidMateVideoConverter-220729/8.8.0/Samples/VidMateVideoConverter-setup.exe"],"imageFiles":["220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-010/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-057/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-059/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-071/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-106/RelevantKnowledge.jpg","220801/VidMateVideoConverter-220729/8.8.0/Images/ACR-002/ACR-002_VidMateVideo.jpg"],"guid":"6260c083-3629-419a-aa5d-47141a2ec2f5_8.8.0_1","appID":"VidMateVideoConverter-220729","dateAdded":"240220","deceptorType":"App","name":"VidMate Video Converter","company":"MEFMedia","version":"8.8.0","lastKnownStatus":"8.8.0;8.8.3.0","lastKnownDate":"240220","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-02-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":715},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow\n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"VidMateVideoConverter.exe","isInstaller":"True","companyName":"MEFMedia Co. Ltd.                                          ","productName":"VidMate Video Converter                                     ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"8c66d3eea8e032d0b7639190dbed7cf2","hashSHA1":"15848529dafb02be1237d628ac031387e9021d57","hashSHA256":"5b2871cd802f9a414c00b5724385600b2394ce04af2d511a9ca3a447aee9624f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"728","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["Quick Heal Internet Security (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/vidmatevideoconverter/","directDownloadingLink":"https://music-editor.net/VidMateVideoConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/VidMateVideoConverter.exe","sourceIndex":"728"}],"sampleFiles":["240220/VidMateVideoConverter-220729/8.8.3.0/Samples/VidMateVideoConverter.exe"],"imageFiles":["240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-109/ACR-109_Install_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-042/ACR-042_Install_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-010/ACR-010_Install_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-013/ACR-013_Install_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-118/ACR-118_Uninstall_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-118/ACR-118_Uninstall_2.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-106/ACR-106_Software_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-092/ACR-092_Software_1.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-092/ACR-092_Software_2.png","240220/VidMateVideoConverter-220729/8.8.3.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"6260c083-3629-419a-aa5d-47141a2ec2f5_8.8.3.0_1","appID":"VidMateVideoConverter-220729","dateAdded":"240220","deceptorType":"App","name":"VidMate Video Converter","company":"MEFMedia","version":"8.8.3.0","lastKnownStatus":"8.8.0;8.8.3.0","lastKnownDate":"240220","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-02-20T23:32:32.924948+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":714},{"violations":{"ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Andy_47.260_1096_26_x64.exe","isInstaller":"True","companyName":"Andy OS Inc.","fileVersion":"1.0","hashMD5":"00f93a78b4e447c8d80e588878b8d99e","hashSHA1":"ac1508d0de07079acc7a12fc45885456305766b2","hashSHA256":"270453aada7a064e133890794e84270599723b3bfa0121104abdad1a79a13b7b","digitalCertThumbprint":"39A4848ECEFD4F052A01F890AFD400C307AF7D77","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS2, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=6785719 Canada Inc., SERIALNUMBER=1216537-6, OID.2.5.4.15=Private Organization, O=6785719 Canada Inc., OID.1.3.6.1.4.1.311.60.2.1.3=CA, L=Saint Laurent, S=Quebec, C=CA","sourceIndex":"730","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","Trend Micro Internet Security (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":["VIPRE Advanced Security (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.andyroid.net/","directDownloadingLink":"https://sdl.adaware.com/?bundleid=AR001&savename=Andy_47.260_1096_26_x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sdl.adaware.com/?bundleid=AR001&savename=Andy_47.260_1096_26_x64.exe","sourceIndex":"730"}],"sampleFiles":["240219/AndyOS-240219/1.0.0.0/Samples/Andy_47.260_1096_26_x64.exe"],"imageFiles":["240219/AndyOS-240219/1.0.0.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240219/AndyOS-240219/1.0.0.0/Images/ACR-057/ACR-057_Bundler-made offers_2.png","240219/AndyOS-240219/1.0.0.0/Images/ACR-055/ACR-055_Install_1.png","240219/AndyOS-240219/1.0.0.0/Images/ACR-055/ACR-055_Install_2.png"],"nonDeceptorImageFiles":[],"guid":"ba181fba-758a-4a58-b98e-12cb011cd7d5_1.0.0.0_1","appID":"AndyOS-240219","dateAdded":"240219","deceptorType":"Bundler","name":"Andy OS","company":"Andy OS Inc.","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"240219","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-02-19T21:31:29.8204447+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":718},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. The offer requires the user to switch off the options one by one in order to decline the offer,.\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TrayTorrentSetup.exe","isInstaller":"True","companyName":"ITVA LLC","fileVersion":"3.0","hashMD5":"0ec73b21bf321ec84393a2240cd33c65","hashSHA1":"e6f346aab0cb18b58a143855c310eaf96397713d","hashSHA256":"ca659bc5b7eb618ce62f192cfa44737a483b243f2fcae8051133705933097766","digitalCertThumbprint":"6A0DACED63B0082C94BD17A0DA9F38F6D9C146BD","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ITVA LLC, O=ITVA LLC, STREET=\"Parhomenko pr., 27/2 lit. A, office 6-N\", L=Saint Petersburg, S=Saint Petersburg, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1107847001591, OID.2.5.4.15=Private Organization","sourceIndex":"736","avBlockList":["Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","G DATA INTERNET SECURITY (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","FortectPremium (20240725)"],"avAllowList":["360 Total Security (20240725)","Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)","Windows Defender (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"ramdom hunt","reference":"","landingPage":"https://traytorrent.ru/","directDownloadingLink":"http://traytorrent.ru/downloads/TrayTorrentSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://traytorrent.ru/downloads/TrayTorrentSetup.exe","sourceIndex":"736"}],"sampleFiles":["240207/TrayTorrent-240207/3.0.28.0/Samples/TrayTorrentSetup.exe"],"imageFiles":["240207/TrayTorrent-240207/3.0.28.0/Images/ACR-013/ACR-013_Install_1.png","240207/TrayTorrent-240207/3.0.28.0/Images/ACR-055/ACR-055_Install_1.png","240207/TrayTorrent-240207/3.0.28.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240207/TrayTorrent-240207/3.0.28.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240207/TrayTorrent-240207/3.0.28.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"f45de030-a2d2-40a0-945f-9c1351d3c04d_3.0.28.0_1","appID":"TrayTorrent-240207","dateAdded":"240207","deceptorType":"App","name":"Tray Torrent","company":"ITVA LLC","version":"3.0.28.0","lastKnownStatus":"3.0.28.0","lastKnownDate":"240207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-02-07T18:07:26.2166194+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":719},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AzSetup.exe","isInstaller":"True","companyName":"AzTorrent Ltd.","fileVersion":"0.9","hashMD5":"fbf7b9f3882b5b2a9fe4db77254bdf18","hashSHA1":"0ecc29241b4e5414876598bc13f496366d9c6992","hashSHA256":"c6446cb64763e9ee0a32f5b2b3fba8976711642457cd8a45bb3c9c062e729461","digitalCertThumbprint":"9C1DFB73A73C251EBD6B345D83790E1CF6E8E0EA","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA - G2, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=AzTorrent ltd, O=AzTorrent ltd, L=Saint Petersburg, C=RU","sourceIndex":"839","avBlockList":["360 Total Security (20240725)","Avast Premium Security (20240725)","AVG Internet Security (20240725)","Avira Internet Security (20240725)","Dr.Web Security Space (20240725)","ESET Internet Security (20240725)","K7 Total Security (20240725)","Kaspersky Internet Security (20240725)","Malwarebytes Premium (20240725)","McAfee Total Protection (20240725)","Norton Security (20240725)","Panda Dome (20240725)","Quick Heal Internet Security (20240725)","Sophos Home Premium (20240725)","SpyHunter5 (20240725)","Total AV Antivirus Pro (20240725)","VirIT eXplorer PRO (20240725)","Webroot SecureAnywhere (20240725)","Windows Defender (20240725)","FortectPremium (20240725)"],"avAllowList":["Bitdefender Internet Security (20240725)","COMODO Antivirus (20240725)","G DATA INTERNET SECURITY (20240725)","Trend Micro Internet Security (20240725)","VIPRE Advanced Security (20240725)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://aztorrent.ru","directDownloadingLink":"https://dl2.aztorrent.ru/AzSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl2.aztorrent.ru/AzSetup.exe","sourceIndex":"839"}],"sampleFiles":["231025/AzTorrent-231025/0.9.5.28/Samples/AzSetup.exe"],"imageFiles":["231025/AzTorrent-231025/0.9.5.28/Images/ACR-055/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-013/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-057/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-059/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-060/Recommended Software.jpg","231025/AzTorrent-231025/0.9.5.28/Images/ACR-155/Recommended Software.jpg"],"nonDeceptorImageFiles":[],"guid":"cdcd096e-437d-45ae-8fa8-fd94d9cbae0d_0.9.5.28_1","appID":"AzTorrent-231025","dateAdded":"240207","deceptorType":"App","name":"AzTorrent","company":"AzTorrent Ltd.","version":"0.9.5.28","lastKnownStatus":"0.9.5.28","lastKnownDate":"240207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-02-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":721},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AzSetup.exe","isInstaller":"True","companyName":"Az Software LLC","fileVersion":"0.9","hashMD5":"65e758371312c1b0f196d71258c5ccc3","hashSHA1":"f5b58a0953d323a7e25c0aa213ba522afb568f5e","hashSHA256":"d311509ef08c9eb1b0505bef41b4ec206b82beb5ee756f680cf4b0bcfab10189","digitalCertThumbprint":"EAFDE6BF7708205C93102B175E23ECBCD4C9DB3E","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=info@aztorrent.ru, CN=AZ SOFTWARE LLC, O=AZ SOFTWARE LLC, L=Nizhny Novgorod, S=Nizhegorodskaya oblast, C=RU","sourceIndex":"737","avBlockList":["Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","COMODO Antivirus (20240227)","ESET Internet Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","McAfee Total Protection (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)"],"avAllowList":["360 Total Security (20240227)","Bitdefender Internet Security (20240227)","Dr.Web Security Space (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://aztorrent.ru","directDownloadingLink":"https://dl.aztorrent.ru/AzSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.aztorrent.ru/AzSetup.exe","sourceIndex":"737"}],"sampleFiles":["240207/AzTorrent-231025/0.9.5.28_new/Samples/AzSetup.exe"],"imageFiles":["240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-055/ACR-055_Install_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-013/ACR-013_Install_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240207/AzTorrent-231025/0.9.5.28_new/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":[],"guid":"cdcd096e-437d-45ae-8fa8-fd94d9cbae0d_0.9.5.28_new_1","appID":"AzTorrent-231025","dateAdded":"240207","deceptorType":"App","name":"AzTorrent","company":"AzTorrent Ltd.","version":"0.9.5.28_new","lastKnownStatus":"0.9.5.28","lastKnownDate":"240207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-02-07T18:05:01.9609063+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":720},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The offers are not clearly marked as an offer and they are also not marked as optional.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\Steam\".\n","ACR-065":"The install does not display link for the app's EULA and/or Terms of Service and Privacy Policy information.\n"},"samples":[{"isRevoked":"False","fileName":"steam_Soft_app.exe","isInstaller":"True","companyName":"Stеаm                                                       ","fileVersion":"19.43","hashMD5":"ab51591f0dce7c915e50a896e04aab9e","hashSHA1":"fbcf9e95a63d04b889b4e5ccd91f9870de465713","hashSHA256":"8ffc2c083fa86875f1597e8c99da42802e4d64d4de6bb8f2cb977864e66b3d5b","digitalCertThumbprint":"06E3FE86E3984806973D6CC74073374E86CD5DC5","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=RADOVAS UK LIMITED, O=RADOVAS UK LIMITED, L=Yeovil, C=GB","sourceIndex":"740","avBlockList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)","Windows Defender (20240227)"],"avAllowList":["Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","McAfee Total Protection (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)"]},{"isRevoked":"False","fileName":"UnoSetup.exe","isInstaller":"True","companyName":"UnоSetup                                                    ","fileVersion":"0.0","hashMD5":"7a740d1d3e79283717188323b40c4cab","hashSHA1":"bb8b440374d52ae92259ce66d22f70750e372292","hashSHA256":"17627c6e28f68143338d5b06b6d987bb3a75ed8b615d0875a0fa936322c8b401","digitalCertThumbprint":"1D29A8B6E20CDE0422CD41857C2B365E7D9EAAE0","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=IP Mind Collaboration, O=IP Mind Collaboration, L=Temirtau, S=Karaganda Region, C=KZ","sourceIndex":"740","avBlockList":["Avira Internet Security (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)","Total AV Antivirus Pro (20240227)"],"avAllowList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","K7 Total Security (20240227)","McAfee Total Protection (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor report","reference":"","landingPage":"https://steam.goodlifesoft.com/","directDownloadingLink":"https://steam.goodlifesoft.com/down/steam_Soft_app.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://steam.goodlifesoft.com/down/steam_Soft_app.exe","sourceIndex":"740"}],"sampleFiles":["240205/SteamGoodlifesoft-240131/19.43.59.0/Samples/steam_Soft_app.exe","240205/SteamGoodlifesoft-240131/19.43.59.0/Samples/UnoSetup.exe"],"imageFiles":["240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-053/ACR-053_Install_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-053/ACR-053_Install_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-053/ACR-053_Install_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-055/ACR-055_Install_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-055/ACR-055_Install_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-055/ACR-055_Install_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-013/ACR-013_Install_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-013/ACR-013_Install_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-013/ACR-013_Install_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-059/ACR-059_Bundler-made offers_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-059/ACR-059_Bundler-made offers_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-060/ACR-060_Bundler-made offers_3.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-155/ACR-155_Bundler-made offers_3.png"],"nonDeceptorImageFiles":["240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-040/ACR-040_Install_1.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-040/ACR-040_Install_2.png","240205/SteamGoodlifesoft-240131/19.43.59.0/Images/ACR-065/ACR-065_Install_1.png"],"guid":"d5f8614f-f429-485b-9ab7-3dadeb42c8ef_19.43.59.0_1","appID":"SteamGoodlifesoft-240131","dateAdded":"240205","deceptorType":"Bundler","name":"SteamGoodlifesoft","company":"RADOVAS UK LIMITED","version":"19.43.59.0","lastKnownStatus":"19.43.59.0","lastKnownDate":"240205","type":"Windows Executable","lastUpdate":"2024-02-05T21:50:54.8074814+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":722},{"violations":{"ACR-107":"Installing WhatsApp without proper authorization from WhatsApp \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-053":"App bundles more than two offers,  with no skip offers option.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files in a hidden folder by default.\n"},"samples":[{"isRevoked":"False","fileName":"whatsapp_Soft_app.exe","isInstaller":"True","companyName":"Whatsapр                                                    ","fileVersion":"19.45","hashMD5":"bf3589eaa971f80e00a04855b552cd74","hashSHA1":"7dbd072ad9310b9af9519c8c7b1af3424e512205","hashSHA256":"2d2739bcdeb0e71875ffc0285d636f0acdf4810be68759b2ebf768877b933e13","digitalCertThumbprint":"06E3FE86E3984806973D6CC74073374E86CD5DC5","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=RADOVAS UK LIMITED, O=RADOVAS UK LIMITED, L=Yeovil, C=GB","sourceIndex":"741","avBlockList":["360 Total Security (20240227)","Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","G DATA INTERNET SECURITY (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","McAfee Total Protection (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)"],"avAllowList":["Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","Trend Micro Internet Security (20240227)","VIPRE Advanced Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor report","reference":"","landingPage":"https://whatsapp.softsweet.net/","directDownloadingLink":"https://whatsapp.softsweet.net/down/whatsapp_Soft_app.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://whatsapp.softsweet.net/down/whatsapp_Soft_app.exe","sourceIndex":"741"}],"sampleFiles":["240202/WhatsAppSoftsweet-240130/19.45.0.0/Samples/whatsapp_Soft_app.exe"],"imageFiles":["240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-053/ACR-053_Install_1.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-053/ACR-053_Install_2.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-013/ACR-013_Install_1.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-013/ACR-013_Install_2.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png"],"nonDeceptorImageFiles":["240202/WhatsAppSoftsweet-240130/19.45.0.0/Images/ACR-040/ACR-040_Install_1.png"],"guid":"7608b712-49a4-49df-8ea3-2706cc5b8469_19.45.0.0_1","appID":"WhatsAppSoftsweet-240130","dateAdded":"240202","deceptorType":"Bundler","name":"WhatsAppSoftsweet","company":"RADOVAS UK LIMITED","version":"19.45.0.0","lastKnownStatus":"19.45.0.0","lastKnownDate":"240202","type":"Windows Executable","category":"Productivity","targetOS":"Windows XP,Windows 8,Windows 7,Windows 10,Windows Server","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2024-02-03T04:22:39.1522476+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":723},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The offers are not clearly marked as an offer and they are also not marked as optional.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the hidden path \"C:\\Users\\User\\AppData\\Local\\Programs\\gLauncher\".\n","ACR-065":"The install does not display link for the app's EULA and/or Terms of Service and Privacy Policy information. \n"},"samples":[{"isRevoked":"False","fileName":"Gtalauncher_Game.exe","isInstaller":"True","companyName":"gLauncher                                                   ","fileVersion":"18.1","hashMD5":"1cabe38c83f8f5c395e56278ca76b14a","hashSHA1":"699aa0cc9a50849f718217d6e61e98267e36496a","hashSHA256":"34221b37084598e8bc4c5008d00356e409bb14f0886342b2ffddf00e1e95e7dc","digitalCertThumbprint":"6EADEBCDCDE09FAA616FC0E3223AC68F767BB396","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=Smartweights Limited, O=Smartweights Limited, L=Loughborough, C=GB","sourceIndex":"742","avBlockList":["Avast Premium Security (20240227)","AVG Internet Security (20240227)","Avira Internet Security (20240227)","Dr.Web Security Space (20240227)","ESET Internet Security (20240227)","K7 Total Security (20240227)","Kaspersky Internet Security (20240227)","Malwarebytes Premium (20240227)","Norton Security (20240227)","Panda Dome (20240227)","Quick Heal Internet Security (20240227)","Sophos Home Premium (20240227)","SpyHunter5 (20240227)","Total AV Antivirus Pro (20240227)","Trend Micro Internet Security (20240227)","VirIT eXplorer PRO (20240227)","Webroot SecureAnywhere (20240227)"],"avAllowList":["360 Total Security (20240227)","Bitdefender Internet Security (20240227)","COMODO Antivirus (20240227)","G DATA INTERNET SECURITY (20240227)","McAfee Total Protection (20240227)","VIPRE Advanced Security (20240227)","Windows Defender (20240227)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor report","reference":"","landingPage":"https://gta.gamezone-inc.com/","directDownloadingLink":"https://gta.gamezone-inc.com/down/Gtalauncher_Game.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://gta.gamezone-inc.com/down/Gtalauncher_Game.exe","sourceIndex":"742"}],"sampleFiles":["240202/GtaGameZone-240130/18.1.34.0/Samples/Gtalauncher_Game.exe"],"imageFiles":["240202/GtaGameZone-240130/18.1.34.0/Images/ACR-053/ACR-053_Install_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-053/ACR-053_Install_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-053/ACR-053_Install_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-055/ACR-055_Install_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-055/ACR-055_Install_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-055/ACR-055_Install_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-013/ACR-013_Install_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-013/ACR-013_Install_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-013/ACR-013_Install_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-059/ACR-059_Bundler-made offers_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-059/ACR-059_Bundler-made offers_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-060/ACR-060_Bundler-made offers_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-060/ACR-060_Bundler-made offers_3.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-155/ACR-155_Bundler-made offers_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-155/ACR-155_Bundler-made offers_3.png"],"nonDeceptorImageFiles":["240202/GtaGameZone-240130/18.1.34.0/Images/ACR-040/ACR-040_Install_1.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-040/ACR-040_Install_2.png","240202/GtaGameZone-240130/18.1.34.0/Images/ACR-065/ACR-065_Install_1.png"],"guid":"5ff57561-2630-4c04-946e-3b90b1d79323_18.1.34.0_1","appID":"GtaGameZone-240130","dateAdded":"240202","deceptorType":"Bundler","name":"GtaGameZone","company":"Smartweights Limited","version":"18.1.34.0","lastKnownStatus":"18.1.34.0","lastKnownDate":"240202","type":"Windows Executable","lastUpdate":"2024-02-03T01:28:03.0205721+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":724},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe app does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the EULA and/or Terms of Service and Privacy Policy information.\nThe internal offer page does not display link for the EULA and/or Terms of Service, and Privacy Policy information.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application beings a scan immediately after installation without user consent.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Macfaster%20Pro","fileVersion":"0.","hashMD5":"7bf36a5240813360f96c7128b6eaf7d5","hashSHA1":"8ea5702d372b7296558bf3440a109f8ea0e76954","hashSHA256":"3eb0604ff6fa18868f284b92a5226166275da1a7df34db324e9c98c8503ef6bf","sourceIndex":"743","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Mfp_default.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"c3297aff93a2af0fe5edb88584c2211d","hashSHA1":"8dc031af44a2763fc194cb107099d32b66f17289","hashSHA256":"69a2250d5d2a35fd1c5211875acbdb5e78f7a6636340cd35ed70177d38b698a0","sourceIndex":"743","avBlockList":["Avast Security for Mac (20240709)","Avira Security for Mac (20240709)","Bitdefender Antivirus for Mac (20240709)","ESET Cyber Security Pro for Mac (20240709)","G DATA AntiVirus for Mac (20240709)","Kaspersky Internet Security for Mac (20240709)","Norton Security for Mac (20240709)","Sophos Home Premium For Mac (20240709)","SpyHunterforMac (20240709)","Trend Micro Antivirus for Mac (20240709)"],"avAllowList":["K7 Antivirus for Mac (20240709)","McAfee Internet Security for Mac (20240709)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Mac OS Optimizer App","reference":"https://www.macfasterpro.com","landingPage":"https://www.macfasterpro.com","directDownloadingLink":"https://www.macfasterpro.com/download/Mfp_default.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macfasterpro.com/download/Mfp_default.pkg","sourceIndex":"743"}],"sampleFiles":["240201/MacfasterPro-201214/3.1/Samples/Macfaster%20Pro","240201/MacfasterPro-201214/3.1/Samples/Mfp_default.pkg"],"imageFiles":["240201/MacfasterPro-201214/3.1/Images/ACR-004/Application1.png","240201/MacfasterPro-201214/3.1/Images/ACR-004/application3.png","240201/MacfasterPro-201214/3.1/Images/ACR-084/084_.png","240201/MacfasterPro-201214/3.1/Images/ACR-084/084.png","240201/MacfasterPro-201214/3.1/Images/ACR-003/Application1.png","240201/MacfasterPro-201214/3.1/Images/ACR-003/application2.png","240201/MacfasterPro-201214/3.1/Images/ACR-003/application3.png","240201/MacfasterPro-201214/3.1/Images/ACR-014/Application1.png","240201/MacfasterPro-201214/3.1/Images/ACR-014/application2.png","240201/MacfasterPro-201214/3.1/Images/ACR-014/application3.png"],"nonDeceptorImageFiles":["240201/MacfasterPro-201214/3.1/Images/ACR-065/install1.png","240201/MacfasterPro-201214/3.1/Images/ACR-065/install2.png","240201/MacfasterPro-201214/3.1/Images/ACR-088/Application1.png","240201/MacfasterPro-201214/3.1/Images/ACR-065/About.png","240201/MacfasterPro-201214/3.1/Images/ACR-099/About.png","240201/MacfasterPro-201214/3.1/Images/ACR-065/LandingPage.png","240201/MacfasterPro-201214/3.1/Images/ACR-161/LandingPage2.png","240201/MacfasterPro-201214/3.1/Images/ACR-065/OfferPage.png"],"guid":"6bfd1082-bef7-474b-ae54-456a65bd1bac_3.1_1","appID":"MacfasterPro-201214","dateAdded":"240201","deceptorType":"MacOS App","name":"MacFaster Pro ","company":"Macfaster Pro","version":"3.1","lastKnownStatus":"1.2;1.3;2.1;3.1","lastKnownDate":"240201","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:29.9964817+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":725},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe app does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the EULA and/or Terms of Service and Privacy Policy information.\nThe internal offer page does not display link for the EULA and/or Terms of Service, and Privacy Policy information.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application beings a scan immediately after installation without user consent.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Macfaster Pro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"93f09233fb50ba4589f2600cd004236fd3866cfe64ad45e34d42bb121c76d8b7","sourceIndex":"1889","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Macfasterpro.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e4a3ce21e3f8e097b06f0f0a007410096303f8b0f8654a8aaad06de2dc78f503","sourceIndex":"1889","avBlockList":["Avast Security for Mac (20211109)","Avira Security for Mac (20211109)","Bitdefender Antivirus for Mac (20211109)","ESET Cyber Security Pro for Mac (20211109)","G DATA AntiVirus for Mac (20211109)","McAfee Internet Security for Mac (20211109)","Norton Security for Mac (20211109)","Sophos Home Premium For Mac (20211109)","Trend Micro Antivirus for Mac (20211109)"],"avAllowList":["K7 Antivirus for Mac (20211109)","Kaspersky Internet Security for Mac (20211109)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.macfasterpro.com","landingPage":"https://www.macfasterpro.com","directDownloadingLink":"https://www.macfasterpro.com/download/Macfasterpro.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macfasterpro.com/download/Macfasterpro.pkg","sourceIndex":"1889"}],"sampleFiles":["210614/MacfasterPro-201214/2.1/Samples/Macfaster Pro","210614/MacfasterPro-201214/2.1/Samples/Macfasterpro.pkg"],"imageFiles":["210614/MacfasterPro-201214/2.1/Images/ACR-004/Macfaster Pro_Interactions [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-004/Macfaster Pro_Interactions [2].png","210614/MacfasterPro-201214/2.1/Images/ACR-004/Macfaster Pro_Interactions [3].png","210614/MacfasterPro-201214/2.1/Images/ACR-084/Macfaster Pro_AutoLaunch [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-084/Macfaster Pro_Interactions [4].png","210614/MacfasterPro-201214/2.1/Images/ACR-003/Macfaster Pro_Interactions [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-003/Macfaster Pro_Interactions [3].png","210614/MacfasterPro-201214/2.1/Images/ACR-014/Macfaster Pro_Interactions [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-014/Macfaster Pro_Interactions [3].png"],"nonDeceptorImageFiles":["210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_Install [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_Install [2].png","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_Install [7].png","210614/MacfasterPro-201214/2.1/Images/ACR-088/Macfaster Pro_Scanning [1].gif","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_About [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-099/Macfaster Pro_About [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_LandingPage [1].png","210614/MacfasterPro-201214/2.1/Images/ACR-161/Macfaster Pro_LandingPage [2].png","210614/MacfasterPro-201214/2.1/Images/ACR-065/Macfaster Pro_OfferPage [1].png"],"guid":"6bfd1082-bef7-474b-ae54-456a65bd1bac_2.1_1","appID":"MacfasterPro-201214","dateAdded":"240201","deceptorType":"MacOS App","name":"MacFaster Pro ","company":"Macfaster Pro","version":"2.1","sigName":"Deceptor:MacOS/MacFasterPro!004084003014","lastKnownStatus":"1.2;1.3;2.1;3.1","lastKnownDate":"240201","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-02-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":726},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe app does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the EULA and/or Terms of Service and Privacy Policy information.\nThe internal offer page does not display link for the EULA and/or Terms of Service, and Privacy Policy information.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application beings a scan immediately after installation without user consent.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Macfaster Pro","fileVersion":"0.","hashMD5":"3576ab6f89047ddac572cb03d13d0503","hashSHA1":"c9afc31f3f7cf8767415fc5f25d32f04952dc3bb","hashSHA256":"0cf9d074ead8f28de9d47235df1e1a6390e24d96c6d44c291a58fbecf9651ed8","sourceIndex":"1905","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Macfasterpro.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"da2241550ac5ed7660b32876195c9136","hashSHA1":"b3ca581c8eaa526d3a17e956ca2fea1349dfb62d","hashSHA256":"ace82d8416bd7088e1b96a4bc1d090e0a735ed63f31cf8418a2bf1f1f6363efc","sourceIndex":"1905","avBlockList":["Avast Security for Mac (20210810)","Avira Security for Mac (20210608)","Bitdefender Antivirus for Mac (20210810)","ESET Cyber Security Pro for Mac (20210810)","G DATA AntiVirus for Mac (20210810)","K7 Antivirus for Mac (20210810)","Norton Security for Mac (20210810)","Trend Micro Antivirus for Mac (20210810)"],"avAllowList":["Kaspersky Internet Security for Mac (20210810)","McAfee Internet Security for Mac (20210810)","Sophos Home Premium For Mac (20210810)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Mac OS Optimizer App","reference":"https://www.macfasterpro.com","landingPage":"https://www.macfasterpro.com","directDownloadingLink":"https://www.macfasterpro.com/download/Macfasterpro.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macfasterpro.com/download/Macfasterpro.pkg","sourceIndex":"1905"}],"sampleFiles":["210531/MacfasterPro-201214/1.3/Samples/Macfaster Pro","210531/MacfasterPro-201214/1.3/Samples/Macfasterpro.pkg"],"imageFiles":["210531/MacfasterPro-201214/1.3/Images/ACR-004/Macfaster Pro_Interactions [2].png","210531/MacfasterPro-201214/1.3/Images/ACR-004/Macfaster Pro_Interactions [3].png","210531/MacfasterPro-201214/1.3/Images/ACR-004/Macfaster Pro_Interactions [4].png","210531/MacfasterPro-201214/1.3/Images/ACR-084/Macfaster Pro_AutoLaunch [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-084/Macfaster Pro_AutoLaunch [2].png","210531/MacfasterPro-201214/1.3/Images/ACR-003/Macfaster Pro_Interactions [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-003/Macfaster Pro_Interactions [4].png","210531/MacfasterPro-201214/1.3/Images/ACR-014/Macfaster Pro_Interactions [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-014/Macfaster Pro_Interactions [4].png"],"nonDeceptorImageFiles":["210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_Install [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_Install [2].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_Install [3].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_Install [4].png","210531/MacfasterPro-201214/1.3/Images/ACR-088/Macfasterpro.gif","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_About [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-099/Macfaster Pro_About [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_LandingPage [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-161/Macfaster Pro_LandingPage [2].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_OfferPage [1].png","210531/MacfasterPro-201214/1.3/Images/ACR-065/Macfaster Pro_OfferPage [2].png"],"guid":"6bfd1082-bef7-474b-ae54-456a65bd1bac_1.3_1","appID":"MacfasterPro-201214","dateAdded":"240201","deceptorType":"MacOS App","name":"MacFaster Pro ","company":"Macfaster Pro","version":"1.3","sigName":"Deceptor:MacOS/MacFasterPro!004084003014","lastKnownStatus":"1.2;1.3;2.1;3.1","lastKnownDate":"240201","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-02-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":727},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. It also uses traffic light colors and gauges.\n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe app does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the Apps EULA and/or Terms of Service and Privacy Policy information.\nThe internal offer page does not display link for the Apps EULA and/or Terms of Service.\n","ACR-088":"The application beings a scan immediately after installation without user consent.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Macfaster Pro","fileVersion":"0.","hashMD5":"4721b1686bfdbef0f8320cc6344b9dcf","hashSHA1":"2a575ff26d95611c2cb047d48f0965e9ce209208","hashSHA256":"bd17910f81d5b7eb8ef563648d8da288c462f51668d2edf5df34df2c64aa04d6","sourceIndex":"2024","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Macfasterpro.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"280c76ce2ff1248e791cf50bb8841595","hashSHA1":"029cfcd78fb3d5247d3d4515488e716af6517ee1","hashSHA256":"becf1b5c1cf6f020ff9367fcf648f61563bbfd3aa76302da7735e7ed4020ca21","sourceIndex":"2024","avBlockList":["Avast Security for Mac (20240611)","Avira Security for Mac (20240611)","Bitdefender Antivirus for Mac (20240611)","ESET Cyber Security Pro for Mac (20240611)","G DATA AntiVirus for Mac (20240611)","K7 Antivirus for Mac (20240611)","McAfee Internet Security for Mac (20240611)","Norton Security for Mac (20240611)","Sophos Home Premium For Mac (20240611)","Trend Micro Antivirus for Mac (20240611)","SpyHunterforMac (20240611)"],"avAllowList":["Kaspersky Internet Security for Mac (20240611)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Mac OS Optimizer App","reference":"https://www.macfasterpro.com","landingPage":"https://www.macfasterpro.com","directDownloadingLink":"https://www.macfasterpro.com/download/Macfasterpro.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macfasterpro.com/download/Macfasterpro.pkg","sourceIndex":"2024"}],"sampleFiles":["201214/MacfasterPro-201214/1.2/Samples/Macfaster Pro","201214/MacfasterPro-201214/1.2/Samples/Macfasterpro.pkg"],"imageFiles":["201214/MacfasterPro-201214/1.2/Images/ACR-004/MacFaster Pro_Interactions [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-004/MacFaster Pro_Interactions [6] RegisterProduct.png","201214/MacfasterPro-201214/1.2/Images/ACR-004/MacFaster Pro_Interactions [7].png","201214/MacfasterPro-201214/1.2/Images/ACR-084/MacFaster Pro_AutoLogin [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-003/MacFaster Pro_Interactions [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-003/MacFaster Pro_Interactions [7].png","201214/MacfasterPro-201214/1.2/Images/ACR-014/MacFaster Pro_Interactions [1].png"],"nonDeceptorImageFiles":["201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_Install [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_Install [2].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_Install [3].png","201214/MacfasterPro-201214/1.2/Images/ACR-088/MacFaster Pro_scanpost-install.gif","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_About [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-099/MacFaster Pro_About [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_LandingPage [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_OfferPage [1].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_OfferPage [2].png","201214/MacfasterPro-201214/1.2/Images/ACR-065/MacFaster Pro_OfferPage [3].png"],"guid":"6bfd1082-bef7-474b-ae54-456a65bd1bac_1.2_1","appID":"MacfasterPro-201214","dateAdded":"240201","deceptorType":"MacOS App","name":"MacFaster Pro ","company":"Macfaster Pro","version":"1.2","sigName":"Deceptor:MacOS/MacFasterPro!004084003014","lastKnownStatus":"1.2;1.3;2.1;3.1","lastKnownDate":"240201","type":"MacOS App","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-02-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":728},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"FreeAutoClicker.exe","isInstaller":"True","companyName":"FreeAutoClicker Co. Ltd.                                   ","productName":"Free Auto Clicker                                           ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"c7ced6aef23fa1bfbbc31ff2419ad815","hashSHA1":"ebbece94a93f04400ee9357cad0d0de9368c9d02","hashSHA256":"a0e739f913f98fef9ef79ce3fa512192e27b2b40a1324cf658084ba14589855a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"745","avBlockList":["Avast Premium Security (20240208)","AVG Internet Security (20240208)","Avira Internet Security (20240208)","Bitdefender Internet Security (20240208)","COMODO Antivirus (20240208)","Dr.Web Security Space (20240208)","ESET Internet Security (20240208)","G DATA INTERNET SECURITY (20240208)","K7 Total Security (20240208)","Kaspersky Internet Security (20240208)","Malwarebytes Premium (20240208)","McAfee Total Protection (20240208)","Norton Security (20240208)","Panda Dome (20240208)","Quick Heal Internet Security (20240208)","Sophos Home Premium (20240208)","SpyHunter5 (20240208)","Total AV Antivirus Pro (20240208)","VIPRE Advanced Security (20240208)","VirIT eXplorer PRO (20240208)","Webroot SecureAnywhere (20240208)"],"avAllowList":["360 Total Security (20240208)","Trend Micro Internet Security (20240208)","Windows Defender (20240208)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.free-auto-clicker.com/","directDownloadingLink":"http://www.free-auto-clicker.com/FreeAutoClicker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.free-auto-clicker.com/FreeAutoClicker.exe","sourceIndex":"745"}],"sampleFiles":["240130/FreeAutoClicker-240125/8.8.3.0/Samples/FreeAutoClicker.exe"],"imageFiles":["240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-109/ACR-109_Install_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-010/ACR-010_Install_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-013/ACR-013_Install_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-118/ACR-118_Uninstall_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-106/ACR-106_Software_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-092/ACR-092_Software_1.png","240130/FreeAutoClicker-240125/8.8.3.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"1622fdb0-d798-4141-a500-a4116c6df60b_8.8.3.0_1","appID":"FreeAutoClicker-240125","dateAdded":"240130","deceptorType":"Bundler","name":"Free Auto Clicker","company":"FreeAutoClicker Co., Ltd.","version":"8.8.3.0","lastKnownStatus":"8.8.3.0","lastKnownDate":"240130","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,up-sell to paid","lastUpdate":"2024-01-30T22:38:29.8744856+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":729},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app's installer and main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"dvrsetup.exe","isInstaller":"True","companyName":"Rising Research                                             ","productName":"Digital Video Repair                                        ","productVersion":"3.7.1.2                                           ","fileVersion":"3.7.1.2             ","hashMD5":"4a1b6b30d8a7b7233ba0ed4b6f7c6023","hashSHA1":"0ed4355d4e5c3e81eb06a7e2885f5954ca79d0d2","hashSHA256":"17ed8c48f3e64b00dbe5721b3fb1e37964df7304f215b6d5fe0b89bb0e763806","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"746","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","Bitdefender Internet Security (20240523)","COMODO Antivirus (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)","Windows Defender (20240523)"],"avAllowList":["Dr.Web Security Space (20240523)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://www.risingresearch.com/en/dvr/","directDownloadingLink":"https://www.risingresearch.com/files/dvrsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.risingresearch.com/files/dvrsetup.exe","sourceIndex":"746"}],"sampleFiles":["240130/DigitalVideoRepair-230622/3.7.1.2/Samples/dvrsetup.exe"],"imageFiles":["240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-109/ACR-109_Install_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-042/ACR-042_Install_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-010/ACR-010_Install_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-013/ACR-013_Install_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-118/ACR-118_Uninstall_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-118/ACR-118_Uninstall_2.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-106/ACR-106_Software_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-092/ACR-092_Software_1.png","240130/DigitalVideoRepair-230622/3.7.1.2/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"bfe02915-9c35-4174-9594-9089b2c80d6f_3.7.1.2_1","appID":"DigitalVideoRepair-230622","dateAdded":"240130","deceptorType":"Bundler","name":"Digital Video Repair","company":"Rising Research","version":"3.7.1.2","lastKnownStatus":"3.7.1.0;3.7.1.2","lastKnownDate":"240130","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2024-01-30T22:37:01.6724718+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":730},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app's installer and main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Rising Research\\Digital Video Repair\\dvr.exe","companyName":"Rising Research","productName":"Digital Video Repair","productVersion":"3.7.1.0","fileVersion":"3.7.1.0","hashMD5":"00ffc32848ac4ae91dd3e2eb81243d74","hashSHA1":"2031d4ac00e87cccf7d91cc2a7d9ffaddd0c549f","hashSHA256":"39e55fd81ea75e32dcd83f1c070f78789d4ddbcd4c2fb48b704330cd4d999fe1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1031","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dvrsetup.exe","isInstaller":"True","companyName":"Rising Research                                             ","productName":"Digital Video Repair                                        ","productVersion":"3.7.1.0                                           ","fileVersion":"3.7.1.0             ","hashMD5":"1b7e9f9051b0603bcd8ccf9f03d3fbb7","hashSHA1":"b42c116a03433ddbab60b184965485e602117bd4","hashSHA256":"37f847d442e0abb578e53c04d1b94e43a8009659676ea35f1a2c5756ddd31915","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1031","avBlockList":["360 Total Security (20240307)","Avast Premium Security (20240307)","AVG Internet Security (20240307)","Avira Internet Security (20240307)","Bitdefender Internet Security (20240307)","COMODO Antivirus (20240307)","Dr.Web Security Space (20240307)","ESET Internet Security (20240307)","G DATA INTERNET SECURITY (20240307)","K7 Total Security (20240307)","Kaspersky Internet Security (20240307)","Malwarebytes Premium (20240307)","McAfee Total Protection (20240307)","Norton Security (20240307)","Panda Dome (20240307)","Quick Heal Internet Security (20240307)","Sophos Home Premium (20240307)","SpyHunter5 (20240307)","Total AV Antivirus Pro (20240307)","Trend Micro Internet Security (20240307)","VIPRE Advanced Security (20240307)","VirIT eXplorer PRO (20240307)","Webroot SecureAnywhere (20240307)"],"avAllowList":["Windows Defender (20240307)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://www.risingresearch.com/en/dvr/","directDownloadingLink":"https://www.risingresearch.com/files/dvrsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.risingresearch.com/files/dvrsetup.exe","sourceIndex":"1031"}],"sampleFiles":["230623/DigitalVideoRepair-230622/3.7.1.0/Samples/dvrsetup.exe"],"imageFiles":["230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-109/ACR-109.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-043/ACR-043.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-042/ACR-042.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-048/ACR-048.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-007/ACR-007.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-010/ACR-010.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-013/ACR-013.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-118/ACR-118.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-057/ACR-057.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-059/ACR-059.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-060/ACR-060.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-071/ACR-071.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-045/ACR-045.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-106/ACR-106.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-092/ACR-092.JPG","230623/DigitalVideoRepair-230622/3.7.1.0/Images/ACR-123/ACR-123.JPG"],"guid":"bfe02915-9c35-4174-9594-9089b2c80d6f_3.7.1.0_1","appID":"DigitalVideoRepair-230622","dateAdded":"240130","deceptorType":"Bundler","name":"Digital Video Repair","company":"Rising Research","version":"3.7.1.0","lastKnownStatus":"3.7.1.0;3.7.1.2","lastKnownDate":"240130","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2024-01-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":731},{"violations":{"ACR-109":"After installation, the app also attempts to install a Google Chrome Extension \"Tampermonkey\" without prior acceptance or agreement during the installation process\n","ACR-042":"The Google Chrome Extension \"TamperMonkey\" was installed as an added feature without obtaining permission from the user.\n","ACR-043":"The added Google Chrome Extension \"Tampermonkey\" was installed, and there is no disclosure about this attempted action\n","ACR-039":"The added Google Chrome Extension \"Tampermonkey\" is a third party software, and there is no disclosure/mentioning of it, and its relation to the app during installation process.\n"},"nonDeceptorViolations":{"ACR-002":"Publisher WONBO Technologies, is not mentioned/disclosed in the EULA and is not consistent with disclosed company Aimersoft Software Co., Ltd.\nCompany Name in the digital signature comes from Wondershare Technology Group Co., Ltd., which was not mentioned/disclosed in the EULA\n","ACR-095":"No user consent on the attempt to install a Google Chrome Extension \"Tampermonkey\"\n"},"samples":[{"isRevoked":"False","fileName":"itube-studio_setup_full1169.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"edf84aab7f20fa144bb01ea0625340bc","hashSHA1":"b683d4aad9fc088e99f29693e822ebdde8008eaf","hashSHA256":"180abaae38935529daeca673fa9f31e5d664ad90d9f5e96db462b1f15285ac82","digitalCertThumbprint":"9E20AD36ED6A23CD9FBDB46946AABBCD5344F999","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"WONBO TECHNOLOGY Co.,LIMITED\", OU=IT, O=\"WONBO TECHNOLOGY Co.,LIMITED\", L=Central District, S=Hong Kong, C=HK","sourceIndex":"747","avBlockList":["Avira Internet Security (20220927)","Bitdefender Internet Security (20220927)","Dr.Web Security Space (20220927)","ESET Internet Security (20220927)","K7 Total Security (20220927)","Kaspersky Internet Security (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Sophos Home Premium (20220927)","SpyHunter5 (20220927)","Total AV Antivirus Pro (20220927)","VIPRE Advanced Security (20220927)","VirIT eXplorer PRO (20220927)","Webroot SecureAnywhere (20220927)","Windows Defender (20220927)"],"avAllowList":["360 Total Security (20220927)","Avast Premium Security (20220927)","AVG Internet Security (20220927)","COMODO Antivirus (20220927)","G DATA INTERNET SECURITY (20220927)","Malwarebytes Premium (20220927)","Quick Heal Internet Security (20220927)","Trend Micro Internet Security (20220927)"]}],"additionalFiles":[],"sources":[{"howFound":"Itube Studio Website","reference":"","landingPage":"https://itube.aimersoft.com/","directDownloadingLink":"https://download.aimersoft.com/inst/itube-studio_setup_full1169.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aimersoft.com/inst/itube-studio_setup_full1169.exe","sourceIndex":"747"}],"sampleFiles":["240129/ItubeHDVideoDownloader-220814/7.4.10.1/Samples/itube-studio_setup_full1169.exe"],"imageFiles":["240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-109/ACR-109_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-109/ACR-109_Install_2.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-039/ACR-039_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-039/ACR-039_Install_2.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-043/ACR-043_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-043/ACR-043_Install_2.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-042/ACR-042_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-042/ACR-042_Install_2.png"],"nonDeceptorImageFiles":["240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-002/ACR-002_Install_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-002/ACR-002_Software_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-002/ACR-002_Software_2.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-095/ACR-095_Software_1.png","240129/ItubeHDVideoDownloader-220814/7.4.10.1/Images/ACR-095/ACR-095_Software_2.png"],"guid":"5998044a-d2cf-4dc2-8cee-0640c6e4401b_7.4.10.1_1","appID":"ItubeHDVideoDownloader-220814","dateAdded":"240129","deceptorType":"App","name":"iTube HD Video Downloader","company":"Itube Studio","version":"7.4.10.1","lastKnownStatus":"7.4.9.2;7.4.10.1","lastKnownDate":"240129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:30.142644+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":732},{"violations":{"ACR-109":"After installation, the app also attempts to install a Google Chrome Extension \"Tampermonkey\" without prior acceptance or agreement during the installation process\n","ACR-042":"1. During installation process, if user wants to stop, or not continue installing the APP, a shortcut file is dropped in the desktop of the user, even when user chose to cancel the installation process\n\n2. The Google Chrome Extension \"TamperMonkey\" was installed as an added feature without obtaining permission from the user.\n","ACR-043":"The added Google Chrome Extension \"Tampermonkey\" was installed, and there is no disclosure about this attempted action\n","ACR-039":"The added Google Chrome Extension \"Tampermonkey\" is a third party software, and there is no disclosure/mentioning of it, and its relation to the app during installation process.\n"},"nonDeceptorViolations":{"ACR-002":"Company Name in the digital signature comes from WONBO Technologies, which was not mentioned/disclosed in the EULA where it disclaims Aimersoft Software Co., Ltd is the company owns copyright.\nCompany Name in the digital signature comes from WONBO Technologies, which was not mentioned/disclosed in the EULA\n","ACR-095":"No user consent on the attempt to install a Google Chrome Extension \"Tampermonkey\"\n"},"samples":[{"isRevoked":"False","fileName":"itube-studio_setup_full1169.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"edf84aab7f20fa144bb01ea0625340bc","hashSHA1":"b683d4aad9fc088e99f29693e822ebdde8008eaf","hashSHA256":"180abaae38935529daeca673fa9f31e5d664ad90d9f5e96db462b1f15285ac82","digitalCertThumbprint":"9E20AD36ED6A23CD9FBDB46946AABBCD5344F999","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"WONBO TECHNOLOGY Co.,LIMITED\", OU=IT, O=\"WONBO TECHNOLOGY Co.,LIMITED\", L=Central District, S=Hong Kong, C=HK","sourceIndex":"1458","avBlockList":["Avira Internet Security (20220927)","Bitdefender Internet Security (20220927)","Dr.Web Security Space (20220927)","ESET Internet Security (20220927)","K7 Total Security (20220927)","Kaspersky Internet Security (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Sophos Home Premium (20220927)","SpyHunter5 (20220927)","Total AV Antivirus Pro (20220927)","VIPRE Advanced Security (20220927)","VirIT eXplorer PRO (20220927)","Webroot SecureAnywhere (20220927)","Windows Defender (20220927)"],"avAllowList":["360 Total Security (20220927)","Avast Premium Security (20220927)","AVG Internet Security (20220927)","COMODO Antivirus (20220927)","G DATA INTERNET SECURITY (20220927)","Malwarebytes Premium (20220927)","Quick Heal Internet Security (20220927)","Trend Micro Internet Security (20220927)"]},{"isRevoked":"False","fileName":"iTubeStudio.exe","fileVersion":"7.4","hashMD5":"88da10f1ee12c021064ec4e892d5f293","hashSHA1":"ee0709c9ea09ae2d2d9f8029e8aea1284e2fc2c0","hashSHA256":"e8b602faa84dac41ab1dfcaf3661f777a4ae6db23aec59d3a905262e74ccb8c7","digitalCertThumbprint":"CD5FC7720F25BAAC7E3AB590B1521A8989D0E76E","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"WONBO TECHNOLOGY Co.,LIMITED\", OU=RD, O=\"WONBO TECHNOLOGY Co.,LIMITED\", L=Central, C=HK","sourceIndex":"1458","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Itube Studio Website","reference":"","landingPage":"https://itube.aimersoft.com/","directDownloadingLink":"https://download.aimersoft.com/itube-studio_full1169.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.aimersoft.com/itube-studio_full1169.exe","sourceIndex":"1458"}],"sampleFiles":["220816/ItubeHDVideoDownloader-220814/7.4.9.2/Samples/itube-studio_setup_full1169.exe","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Samples/iTubeStudio.exe"],"imageFiles":["220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-109/INS_AddedExtension.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-109/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-109/INS_ErrorPrompt.gif","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-039/INS_EULAPage.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-039/INS_ChromeError.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-039/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-043/INS_AddedExtension.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-043/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-043/INS_ErrorPrompt.gif","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-042/INS_ChromeError.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-042/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-042/INS_DroppedShortcut.gif"],"nonDeceptorImageFiles":["220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-002/INS_Install1.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-002/USE_AppDigitalSign.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-002/USE_FileProperties1.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-095/INS_AddedExtension.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-095/INS_ChromeError.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-095/INS_Error.png","220816/ItubeHDVideoDownloader-220814/7.4.9.2/Images/ACR-095/INS_ErrorPrompt.gif"],"guid":"5998044a-d2cf-4dc2-8cee-0640c6e4401b_7.4.9.2_1","appID":"ItubeHDVideoDownloader-220814","dateAdded":"240129","deceptorType":"App","name":"iTube HD Video Downloader","company":"Itube Studio","version":"7.4.9.2","lastKnownStatus":"7.4.9.2;7.4.10.1","lastKnownDate":"240129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-01-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":733},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\nThe offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"onelaunch-5.2.1-installer_W7csm-1.exe","isInstaller":"True","fileVersion":"85.71","hashMD5":"5a7c9c2858e7ff37af5aba1de0719338","hashSHA1":"2097a86a165577b90dbd525e2159f858a69ec022","hashSHA256":"8135d64f0308d2822f484f6395ced9bc3bf2e7eb7042999f6d314388f4ee3f0b","digitalCertThumbprint":"A89369F490714403BC8F8BE9D10F9760A41FE359","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"888","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","Avira Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)"],"avAllowList":["AVG Internet Security (20230921)","Bitdefender Internet Security (20230921)","McAfee Total Protection (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","Windows Defender (20230921)"]},{"isRevoked":"False","fileName":"clamwin-4w3-0.103.2.1-installer_GrT-xr2.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"5ffdb5ba9fcd98769a9070ee53f996a2","hashSHA1":"2074bdc4d625cb5ce3a5772ed5650b8ed845642d","hashSHA256":"68cf02fcd8cf88cacdc05b7480d46a96fdb3cf4cda1fe483eadabb95fd4466ee","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"888","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"888"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"889"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"890"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/download_onelaunch/","ipv4":"","ipv6":"","sourceIndex":"891"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2RvNTRjaGVjZWl5cm8uY2xvdWRmcm9udC5uZXQvZmlsZXMvMGF3d3ZxeGpmMC8xNi45MDk0L2NsYW13aW4tNHczLTAuMTAzLjIuMS1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiN2JiOGJjN2UtMTNhMC00ZGE0LThmYmMtZmMwOTE2OTk4Mjk5IiwiaWF0IjoxNjk1ODI1NjAwLCJleHAiOjE2OTU4MjkyMDB9.jrusu6J3tevG5CGNpdf9W8oQOF1RSYfPuhpCQ2QXgi8","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2RvNTRjaGVjZWl5cm8uY2xvdWRmcm9udC5uZXQvZmlsZXMvMGF3d3ZxeGpmMC8xNi45MDk0L2NsYW13aW4tNHczLTAuMTAzLjIuMS1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiN2JiOGJjN2UtMTNhMC00ZGE0LThmYmMtZmMwOTE2OTk4Mjk5IiwiaWF0IjoxNjk1ODI1NjAwLCJleHAiOjE2OTU4MjkyMDB9.jrusu6J3tevG5CGNpdf9W8oQOF1RSYfPuhpCQ2QXgi8","sourceIndex":"892"}],"sampleFiles":["230927/RiseDownloadManager-230309/85.71.2401.4231/Samples/onelaunch-5.2.1-installer_W7csm-1.exe","230927/RiseDownloadManager-230309/85.71.2401.4231/Samples/clamwin-4w3-0.103.2.1-installer_GrT-xr2.exe"],"imageFiles":["230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-109/Risecodes_HiddenFile.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-109/FileHippo_042_1.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-109/Risecodes_FileDropped.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-039/Risecodes_DM_IOBIT.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-042/Risecodes_Traffic.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-042/Risecodes_FileDropped.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-042/FileHippo_042.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-042/FileHippo_042_1.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-013/RiseCodes_Offer_060_3.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-013/RiseCodes_Offer_060_2.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-013/RiseCodes_Offer_060_1.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-013/RiseCodes_Offer_060.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/RiseCodes_Offer_060.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-075/RiseCodes_Offers.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/ACR-060_1.png","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/ACR-060_2.png","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/ACR-060_3.png","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-044/ACR-044_Install_1.png","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/AdNetwork_Rise_060_2.JPG","230927/RiseDownloadManager-230309/85.71.2401.4231/Images/ACR-060/AdNetwork_Rise_060_1.JPG"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_85.71.2401.4231_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"85.71.2401.4231","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":740},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\nThe offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_F0fWJ-1.exe","isInstaller":"True","fileVersion":"8.7.2431","hashMD5":"c918e95198cb37275017e61237aba73f","hashSHA1":"7223a92b1187b50b9158650159ecb812d48e130b","hashSHA256":"7db34f66d81c496c3f4e9772edc68949a24ce0a36b889362ab70f481b1674909","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":["360 Total Security (20231005)","Avira Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","ESET Internet Security (20231005)","K7 Total Security (20231005)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20231005)","McAfee Total Protection (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Quick Heal Internet Security (20231005)","Sophos Home Premium (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","Trend Micro Internet Security (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)"],"avAllowList":["Avast Premium Security (20231005)","Bitdefender Internet Security (20231005)","G DATA INTERNET SECURITY (20231005)","VIPRE Advanced Security (20231005)","Windows Defender (20231005)","AVG Internet Security (20231005)"]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_PgLz-81.exe","isInstaller":"True","fileVersion":"8.7.2431","hashMD5":"1e0489d3a799788ddbda7f036b3a3367","hashSHA1":"08c2263b324178443d9f229cd3c495832a5ff8f4","hashSHA256":"aea39bb6d68599110658107dfc8c9b64a9c429376dffb3891cc17475f8e2a623","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iobit-uninstaller-11.3.0.4-installer_GgYUq-1.exe","isInstaller":"True","fileVersion":"8.7.2431","hashMD5":"abd61748945e23192e097120c7d237bc","hashSHA1":"ab9e7c205c9c17a5bcfd1ac74ac5510860422c8b","hashSHA256":"9fbbda65ae9ccd15a0f5ac9e6dd36a8e06837d6600c29b06d974b06270a63f92","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_iySZz-1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"8721a2268101d70b7fc44fa00b7b4ebf","hashSHA1":"a2e87da56b043f841c0d3ed835492d24db0ea281","hashSHA256":"99d08716cd516defbbc6f9ad3b629451ed72b86693c28be73e9932ecd9090189","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_mfHCj-1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"c1d88a9ab528045d41090d9b3b720f5b","hashSHA1":"72362b24004f028118f33a8afeb9e43d38be643e","hashSHA256":"93c5e379c1fb4c2327b2d8a5d0cfcc374583a861dbaca9c960d70ae4a02caecb","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_X3Oh-d1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"b01445231a203d761f6806350c6b4da7","hashSHA1":"590d3af0e35d10659473c878e80894330ed23c45","hashSHA256":"10f81c435c9a627bd1d8bc04fded50a723cd3afb59ddfd1441288c637fb0e7cc","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"3utools-2.65.003-installer_CE5U-U1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"f967561bcef2e3e316caa9d2d92d37c5","hashSHA1":"68f2d12de802193d5d443fd5b4507b65f93d03a0","hashSHA256":"7be1efe2bdbaad414fa32afa752d3a062f5da34e2a4167f9f82bb6f75df978af","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pdf-reader-2-installer_k2S-iy1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"cc0b6b0e19284e4f22e79e4684c00842","hashSHA1":"78152807318beb1066c9098e3783a9e2d4d54488","hashSHA256":"e2a86c088c9d0d9d7005618e95858bbb39bbd92f72106d31af625573508afba4","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"itools-4.5.1.8-installer_j3N-hp1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"5ffdb5ba9fcd98769a9070ee53f996a2","hashSHA1":"2074bdc4d625cb5ce3a5772ed5650b8ed845642d","hashSHA256":"68cf02fcd8cf88cacdc05b7480d46a96fdb3cf4cda1fe483eadabb95fd4466ee","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_2Z-8uf1.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"c8046cd8a0569080f8bbd0659314161c","hashSHA1":"3bcded3df3bd63f521e0838723afdcf03b9738b5","hashSHA256":"a47f652d0d3d1c3dd8cc24bf4664d9bd45aae0b0806eb4dab827ba1eb21faf6f","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"brave-browser-1.3.361.133-installer_50rM-w1_231002.exe","isInstaller":"True","fileVersion":"8.7","hashMD5":"7b1993b84c68fc6f86ca598eed242331","hashSHA1":"4e6416be3b7947d91696c7ea320a0e9f1e1ded1e","hashSHA256":"8dfab2b6537ae7514c00dd9c5c438e081d312b60d601fbed75b804932a9e87f0","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_0j-lyF1_231101.exe","isInstaller":"True","fileVersion":"36.26","hashMD5":"1cb0251c6bce6af8fa7676925a74d1f6","hashSHA1":"f74443e75a62fa9e93db8a46d8872c4e78d59047","hashSHA256":"79e752ee50025a566ffea6c1fe3fc9e7347576f37a0cd460afc4a2de5a560d87","digitalCertThumbprint":"2199B2ECFC03C7B258B501E632C315D18CB43E4B","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"818","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"818"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"819"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"820"},{"howFound":"DE site","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzL3RsaHppOXQ0Y2svODguNjAzOC9jb21iby1jbGVhbmVyLTEuMC40Mi1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiMjg1M2I5NDMtNjczNC00MDM5LWE2NDItOGExMjVlMGQ2ZTZjIiwiaWF0IjoxNjgyMDk0MjkzLCJleHAiOjE2ODIwOTc4OTN9.SkKR3Q0jcDZE10ubaCJkjqcivmsUuKmLLR8NhM0knoM","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzL3RsaHppOXQ0Y2svODguNjAzOC9jb21iby1jbGVhbmVyLTEuMC40Mi1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiMjg1M2I5NDMtNjczNC00MDM5LWE2NDItOGExMjVlMGQ2ZTZjIiwiaWF0IjoxNjgyMDk0MjkzLCJleHAiOjE2ODIwOTc4OTN9.SkKR3Q0jcDZE10ubaCJkjqcivmsUuKmLLR8NhM0knoM","sourceIndex":"821"},{"howFound":"DE site","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzIwcDZ1d3FqZ3QvNDIuNTk4L2lvYml0LXVuaW5zdGFsbGVyLTExLjMuMC40LWluc3RhbGxlci5leGUiLCJwcm9ncmFtSWQiOiI4M2EwOGJlNi05NmQxLTExZTYtOGUzZC0wMDE2M2VkODMzZTciLCJpYXQiOjE2ODIwOTQ3MTYsImV4cCI6MTY4MjA5ODMxNn0.3WYpg9dxG4MO9B2FV6yyyoaOWixygXbpvmZm0NHlumo","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzIwcDZ1d3FqZ3QvNDIuNTk4L2lvYml0LXVuaW5zdGFsbGVyLTExLjMuMC40LWluc3RhbGxlci5leGUiLCJwcm9ncmFtSWQiOiI4M2EwOGJlNi05NmQxLTExZTYtOGUzZC0wMDE2M2VkODMzZTciLCJpYXQiOjE2ODIwOTQ3MTYsImV4cCI6MTY4MjA5ODMxNn0.3WYpg9dxG4MO9B2FV6yyyoaOWixygXbpvmZm0NHlumo","sourceIndex":"822"},{"howFound":"DE site","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzk0d21rNXd3dmMvNDEuMDUyLzM2MC10b3RhbC1zZWN1cml0eS1mcmVlLWFudGl2aXJ1cy0xMC44LjAuMTMyNC1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiYmFiNTZkYTEtYTI4Ny01MmNlLThkMTMtYmNjMDY3MmEwNzUxIiwiaWF0IjoxNjgyMDk0MDM3LCJleHAiOjE2ODIwOTc2Mzd9.53w_BlUpek5r3ZttX6UPvfP0DGtkG8Sxn6mIJrCYccE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzk0d21rNXd3dmMvNDEuMDUyLzM2MC10b3RhbC1zZWN1cml0eS1mcmVlLWFudGl2aXJ1cy0xMC44LjAuMTMyNC1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiYmFiNTZkYTEtYTI4Ny01MmNlLThkMTMtYmNjMDY3MmEwNzUxIiwiaWF0IjoxNjgyMDk0MDM3LCJleHAiOjE2ODIwOTc2Mzd9.53w_BlUpek5r3ZttX6UPvfP0DGtkG8Sxn6mIJrCYccE","sourceIndex":"823"},{"howFound":"PH site","reference":"","landingPage":"https://filehippo.com/download_vlc-media-player-64/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/tbbiwj4bks/73.130/vlc-media-player-64-3.0.12-installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/tbbiwj4bks/73.130/vlc-media-player-64-3.0.12-installer.exe","sourceIndex":"824"},{"howFound":"PH site","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/nqs2m91352/72.2315/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/nqs2m91352/72.2315/combo-cleaner-1.0.42-installer.exe","sourceIndex":"825"},{"howFound":"DE site","reference":"","landingPage":"https://filehippo.de/download_combo-cleaner/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.de/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzl0Y2d2cTd6bzQvODEuMzY4L2NvbWJvLWNsZWFuZXItMS4wLjQyLWluc3RhbGxlci5leGUiLCJwcm9ncmFtSWQiOiIyODUzYjk0My02NzM0LTQwMzktYTY0Mi04YTEyNWUwZDZlNmMiLCJpYXQiOjE2ODQyMjk4NDMsImV4cCI6MTY4NDIzMzQ0M30.S9PLZ9VLjsqiZMsFbdgUo3mdfvrb9nExif0Lw2SimE8","sourceIndex":"826"},{"howFound":"","reference":"","landingPage":"https://filehippo.de/download_combo-cleaner/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/qhjcr9kb4g/51.451/combo-cleaner-1.0.42-installer.exe","sourceIndex":"827"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/download_iobit-uninstaller/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/l1yopdrjuf/54.4954/iobit-uninstaller-11.3.0.4-installer.exe","sourceIndex":"828"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzNhbWQzMGZ4OWYvNjcuNzY2NC9jb21iby1jbGVhbmVyLTEuMC40Mi1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiMjg1M2I5NDMtNjczNC00MDM5LWE2NDItOGExMjVlMGQ2ZTZjIiwiaWF0IjoxNjg1MTAwNDk5LCJleHAiOjE2ODUxMDQwOTl9.1PIGzzShWd8Af6aK7EDznaXiChORbjkIuCn6kHAjJeU","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzNhbWQzMGZ4OWYvNjcuNzY2NC9jb21iby1jbGVhbmVyLTEuMC40Mi1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiMjg1M2I5NDMtNjczNC00MDM5LWE2NDItOGExMjVlMGQ2ZTZjIiwiaWF0IjoxNjg1MTAwNDk5LCJleHAiOjE2ODUxMDQwOTl9.1PIGzzShWd8Af6aK7EDznaXiChORbjkIuCn6kHAjJeU","sourceIndex":"829"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0yrgleoatx/24.510/3utools-2.65.003-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/*","sourceIndex":"830"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/02wk48h3tu/47.8956/pdf-reader-2-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/*","sourceIndex":"831"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzUwd2N5ZDFhMHAvNDIuNjUzNC9pdG9vbHMtNC41LjEuOC1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiOGQwYjkwNDAtOTZkMS0xMWU2LThhOGUtMDAxNjNlYzlmNWZhIiwiaWF0IjoxNjkwMzgxNTUwLCJleHAiOjE2OTAzODUxNTB9.MtF24iQtwq2MkohpS2zq9EVVq0sok4FNqRf4ybx6b9g","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/launch_download/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb3dubG9hZFR5cGUiOiJyaXNlSW5zdGFsbGVyIiwiZG93bmxvYWRVcmwiOiJodHRwczovL2Qzcnkzc3B1OXduNnZvLmNsb3VkZnJvbnQubmV0L2ZpbGVzLzUwd2N5ZDFhMHAvNDIuNjUzNC9pdG9vbHMtNC41LjEuOC1pbnN0YWxsZXIuZXhlIiwicHJvZ3JhbUlkIjoiOGQwYjkwNDAtOTZkMS0xMWU2LThhOGUtMDAxNjNlYzlmNWZhIiwiaWF0IjoxNjkwMzgxNTUwLCJleHAiOjE2OTAzODUxNTB9.MtF24iQtwq2MkohpS2zq9EVVq0sok4FNqRf4ybx6b9g","sourceIndex":"832"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/t4wau1ijpy/77.3365/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/*","sourceIndex":"833"}],"sampleFiles":["231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_F0fWJ-1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_PgLz-81.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/iobit-uninstaller-11.3.0.4-installer_GgYUq-1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_iySZz-1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_mfHCj-1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_X3Oh-d1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/3utools-2.65.003-installer_CE5U-U1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/pdf-reader-2-installer_k2S-iy1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/itools-4.5.1.8-installer_j3N-hp1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_2Z-8uf1.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/brave-browser-1.3.361.133-installer_50rM-w1_231002.exe","231102/RiseDownloadManager-230309/8.7.2431/Samples/combo-cleaner-1.0.42-installer_0j-lyF1_231101.exe"],"imageFiles":["231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-109/Risecodes_HiddenFile.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-109/FileHippo_042_1.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-109/Risecodes_FileDropped.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-039/Risecodes_DM_IOBIT.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-042/Risecodes_Traffic.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-042/Risecodes_FileDropped.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-042/FileHippo_042.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-042/FileHippo_042_1.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-013/RiseCodes_Offer_060_3.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-013/RiseCodes_Offer_060_2.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-013/RiseCodes_Offer_060_1.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-013/RiseCodes_Offer_060.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/RiseCodes_Offer_060.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-075/RiseCodes_Offers.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/ACR-060_1.png","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/ACR-060_2.png","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/ACR-060_3.png","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-044/Risecodes_DM_IOBIT.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/AdNetwork_Rise_060_2.JPG","231102/RiseDownloadManager-230309/8.7.2431/Images/ACR-060/AdNetwork_Rise_060_1.JPG"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_8.7.2431_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"8.7.2431","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":739},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 500MB of files) before requiring consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy,\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"b65ed2d9c2a829e2b3109b67cc019aa1","hashSHA1":"c35efd8386ef8574061970fa3d4c7ce87690bc4a","hashSHA256":"0b977bed4139ac1f0d5f942e533049f04e518fbd86d45f7ad55c18e40e3727b0","sourceIndex":"2777","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4ade1537a87a7bb6a9eb87fea0a4e689","hashSHA1":"19c13392cc575d21874e81540a9f77d8009661b4","hashSHA256":"13867b3f78b861ed23f7299a7bc1b86d4d611a9b71d3cde6fc1e381c0d1fd58e","sourceIndex":"2777","avBlockList":["Avast Security for Mac (20240611)","Avira Security for Mac (20240611)","Bitdefender Antivirus for Mac (20240611)","ESET Cyber Security Pro for Mac (20240611)","G DATA AntiVirus for Mac (20240611)","K7 Antivirus for Mac (20240611)","McAfee Internet Security for Mac (20240611)","Norton Security for Mac (20240611)","Sophos Home Premium For Mac (20240611)","Trend Micro Antivirus for Mac (20240611)","SpyHunterforMac (20240611)"],"avAllowList":["Kaspersky Internet Security for Mac (20240611)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Yahoo search \"Mac cleaner junk remove\"","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://download.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.60901803.606249856.1568683051-763551902.1568683051","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.60901803.606249856.1568683051-763551902.1568683051","sourceIndex":"2777"}],"sampleFiles":["190919/ApeaksoftMacCleaner-190515/1.0.16/Samples/mac-cleaner.dmg"],"imageFiles":["190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-004/Mac Cleaner ACR 004.gif"],"nonDeceptorImageFiles":["190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-065/Mac Cleaner Install Page.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-065/Mac Cleaner About Page.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-099/Mac Cleaner About Page.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-099/Bottom of Landing Page.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-099/Bottom of Internal Offers.png","190919/ApeaksoftMacCleaner-190515/1.0.16/Images/ACR-065/Bottom of Internal Offers.png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.16_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.16","sigName":"Deceptor:MacOS/ApeaksoftMacCleaner!004","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":759},{"violations":{"ACR-004":"The app provides a free scan, but then only partially addresses the free scan results (deletes 500MB of files), before requiring the consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy,\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"08fa35c239e22246356eb01676230c5a","hashSHA1":"ac782db24a862d5034845839f67c01a94c4aa748","hashSHA256":"4fb3aaeedb30a41920626de884d93691b9adb6fb23296c79c5a35caa33a4bc88","sourceIndex":"2776","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"a5de669db34a9f60254458c1a49dc1fb","hashSHA1":"528e665cfa12ac1561314c68c27141079830afc2","hashSHA256":"f2d7f3d522e28a12c4221a4560f51ddca078124b8f0aa094ca484280428f9905","sourceIndex":"2776","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Yahoo search \"Mac cleaner junk remove\"","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://download.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.224939289.24806851.1557962959-2035812679.1557962959","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.224939289.24806851.1557962959-2035812679.1557962959","sourceIndex":"2776"}],"sampleFiles":["190919/ApeaksoftMacCleaner-190515/1.0.12/Samples/Mac Cleaner","190919/ApeaksoftMacCleaner-190515/1.0.12/Samples/mac-cleaner.dmg"],"imageFiles":["190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-004/ACR004.gif"],"nonDeceptorImageFiles":["190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-065/MacCleaner Install.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-065/MacCleaner About Page.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-099/MacCleaner About Page.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-099/MacCleaner Bottom of Landing Page.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-099/MacCleaner Bottom of Internal Offers.png","190919/ApeaksoftMacCleaner-190515/1.0.12/Images/ACR-065/MacCleaner Bottom of Landing Page.png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.12_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.12","sigName":"Deceptor:MacOS/ApeaksoftMacCleaner!004","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":758},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 500MB of files) before requiring consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offer page does not display links to the Returns and Cancellation Policy\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"3b3f2232c765255f83a93ac4271a861b","hashSHA1":"8f0bc9c5b05b06430924aed242784fba21f08157","hashSHA256":"b6e1376d9a6752a5cff79030dde04f95d27fe844ba7ab4209bc52a9662662c00","sourceIndex":"2421","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"644b36ae5e2dd2ead6e918bea86af5cf","hashSHA1":"3648cc779feaf04e0efb9fad682b80668163eb5b","hashSHA256":"73cfb31b2e4ca472aa12c14e98203ad64b38910c17ca7c6cc5bc5e61c0ffc2f7","sourceIndex":"2421","avBlockList":["Avast Security for Mac (20240312)","Avira Security for Mac (20240312)","ESET Cyber Security Pro for Mac (20240312)","McAfee Internet Security for Mac (20240312)","Norton Security for Mac (20240312)","Sophos Home Premium For Mac (20240312)","Trend Micro Antivirus for Mac (20240312)","SpyHunterforMac (20240312)"],"avAllowList":["Bitdefender Antivirus for Mac (20240312)","G DATA AntiVirus for Mac (20240312)","K7 Antivirus for Mac (20240312)","Kaspersky Internet Security for Mac (20240312)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search \"Mac junk cleaner\"","reference":"https://www.apeaksoft.com/mac-cleaner/","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.24681274.1213689641.1590725495-1135594516.1590725495","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.24681274.1213689641.1590725495-1135594516.1590725495","sourceIndex":"2421"}],"sampleFiles":["200601/ApeaksoftMacCleaner-190515/1.0.18/Samples/Mac Cleaner","200601/ApeaksoftMacCleaner-190515/1.0.18/Samples/mac-cleaner.dmg"],"imageFiles":["200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-004/Mac Cleaner_Interaction [1].png"],"nonDeceptorImageFiles":["200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_Install [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_About [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_Interaction [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_About [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_LandingPage [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_LandingPage [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_OfferPage [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_OfferPage [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-099/Mac Cleaner_OfferPage [3].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_LandingPage [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_LandingPage [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_OfferPage [1].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_OfferPage [2].png","200601/ApeaksoftMacCleaner-190515/1.0.18/Images/ACR-065/Mac Cleaner_OfferPage [3].png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.18_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.18","sigName":"Deceptor:MacOS/MacCleaner!004","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":757},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 500MB of files) before requiring consumer to pay.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n","ACR-165":"The app does not mention clearly that the Auto-renewal policy and cancellation policy & does not disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offer page does not display links to the Returns and Cancellation Policy\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"dd64e18fe7eef3c27f7c9b30782763da","hashSHA1":"08c5b3ca0e7fd52e7ad1d2c4b7fda447e3116602","hashSHA256":"6ab14738313aaa4aecddc97f4ea9ef3d0f78ead5b023fae85a1df59b501e4f13","sourceIndex":"1771","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d556cb4503b81a5a083bbb5530f7237e","hashSHA1":"275acbbc619dc3cd2f78167a23554e574a350b31","hashSHA256":"14d10e633cb720ab7b6f7b269e584dce65712b01ca9331c217d0766195b73f17","sourceIndex":"1771","avBlockList":["Avast Security for Mac (20220510)","Avira Security for Mac (20220510)","ESET Cyber Security Pro for Mac (20220510)","K7 Antivirus for Mac (20220510)","Norton Security for Mac (20220510)","Sophos Home Premium For Mac (20220510)","Trend Micro Antivirus for Mac (20220510)"],"avAllowList":["Bitdefender Antivirus for Mac (20220510)","G DATA AntiVirus for Mac (20220510)","Kaspersky Internet Security for Mac (20220510)","McAfee Internet Security for Mac (20220510)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.268221003.435928411.1638866574-736466102.1638866574","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.268221003.435928411.1638866574-736466102.1638866574","sourceIndex":"1771"}],"sampleFiles":["211207/ApeaksoftMacCleaner-190515/1.0.20/Samples/Mac Cleaner","211207/ApeaksoftMacCleaner-190515/1.0.20/Samples/mac-cleaner.dmg"],"imageFiles":["211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-164/Mac Cleaner_OfferPage [3].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-164/Mac Cleaner_OfferPage [4].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-165/Mac Cleaner_OfferPage [3].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-165/Mac Cleaner_OfferPage [4].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-004/Mac Cleaner_Interactions [1].png"],"nonDeceptorImageFiles":["211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-045/Mac Cleaner_LandingPage [3].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-065/Mac Cleaner_Install [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-065/Mac Cleaner_About [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-099/Mac Cleaner_About [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-099/Mac Cleaner_LandingPage [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-099/Mac Cleaner_OfferPage [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-161/Mac Cleaner_LandingPage [2].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-065/Mac Cleaner_LandingPage [1].png","211207/ApeaksoftMacCleaner-190515/1.0.20/Images/ACR-065/Mac Cleaner_OfferPage [1].png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.20_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.20","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":756},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 500MB of files) before requiring consumer to pay.\n","ACR-164":"The app needs to provide detailed information about how to cancel and renewal notification\n","ACR-165":"The app does not mention clearly about the Auto-renewal policy and cancellation policy after the subscription period.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy\nThe internal offer page does not display links to the Returns and Cancellation Policy\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac%20Cleaner","fileVersion":"0.","hashMD5":"16607739104846ec964f1756f739e0ea","hashSHA1":"826e4700c330402b70a3003c198e8a698e0341a2","hashSHA256":"8c66e0ae6625049796eb1d0b9941cfb43aa5dc3a26fdf3b10981ccdc09c0f824","sourceIndex":"748","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ea30f5da755cb6acdebd98fd6d4584f1","hashSHA1":"8f222c022e445e42c061089316a84aab484b8e4c","hashSHA256":"d85b3477c6ac5b1b4f4dd955b2f405f635759a8f4c1d0eef0fdd9335226e2fc7","sourceIndex":"748","avBlockList":["Avast Security for Mac (20240514)","Avira Security for Mac (20240514)","ESET Cyber Security Pro for Mac (20240514)","Norton Security for Mac (20240514)","Sophos Home Premium For Mac (20240514)","SpyHunterforMac (20240514)","Trend Micro Antivirus for Mac (20240514)"],"avAllowList":["Bitdefender Antivirus for Mac (20240514)","G DATA AntiVirus for Mac (20240514)","K7 Antivirus for Mac (20240514)","Kaspersky Internet Security for Mac (20240514)","McAfee Internet Security for Mac (20240514)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Yahoo search \"Mac cleaner junk remove\"","landingPage":"https://www.apeaksoft.com/mac-cleaner/","directDownloadingLink":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.182487014.1503947608.1706065599-1037522412.1706065599","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.apeaksoft.com/mac/mac-cleaner.dmg?_ga=2.182487014.1503947608.1706065599-1037522412.1706065599","sourceIndex":"748"}],"sampleFiles":["240125/ApeaksoftMacCleaner-190515/1.0.22/Samples/Mac%20Cleaner","240125/ApeaksoftMacCleaner-190515/1.0.22/Samples/mac-cleaner.dmg"],"imageFiles":["240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-164/offerpage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-164/offerpage1.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-164/offerpage2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-165/offerpage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-165/offerpage2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-165/offerpage3.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-004/004.png"],"nonDeceptorImageFiles":["240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-045/LandingPage2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-065/install.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-065/about2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-099/about2.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-099/LandingPage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-099/offerpage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-161/LandingPage3.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-065/LandingPage.png","240125/ApeaksoftMacCleaner-190515/1.0.22/Images/ACR-065/offerpage.png"],"guid":"fb1b3d06-6bc6-4efa-893e-7340d7ceb6fd_1.0.22_1","appID":"ApeaksoftMacCleaner-190515","dateAdded":"240125","deceptorType":"MacOS App","name":"Mac Cleaner","company":"Apeaksoft Technology Limited","version":"1.0.22","lastKnownStatus":"Deceptor:1.0.12,1.0.16;1,0,18;1.0.20;1.0.22","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:30.1737649+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":755},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","companyName":"PowerMyMacPro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4896522c3cc304e0c564c38a1944c3d35c3a8ad03232817fc361462af2a261c9","sourceIndex":"3113","avBlockList":["Avast Security for Mac (20220913)","Avira Security for Mac (20220913)","Bitdefender Antivirus for Mac (20220913)","ESET Cyber Security Pro for Mac (20220913)","G DATA AntiVirus for Mac (20220913)","McAfee Internet Security for Mac (20220913)","Norton Security for Mac (20220913)","Sophos Home Premium For Mac (20220913)","Trend Micro Antivirus for Mac (20220913)","Webroot SecureAnywhere AntiVirus for Mac (20200213)"],"avAllowList":["K7 Antivirus for Mac (20220913)","Kaspersky Internet Security for Mac (20220913)"]},{"isRevoked":"False","fileName":"PowerMyMac","companyName":"PowerMyMacPro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"fa629b78f52670e0e3976c4cd54cd6119442e85e918021cfd62b757befa13516","sourceIndex":"3113","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"3113"}],"sampleFiles":["190412/PowerMyMac-190410/1.0.2/Samples/imymac-powermymac.dmg","190412/PowerMyMac-190410/1.0.2/Samples/PowerMyMac"],"imageFiles":["190412/PowerMyMac-190410/1.0.2/Images/ACR-004/PowerMyMac 245MB Left.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-004/PowerMyMac Before Internal Offers.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-004/PowerMyMac Internal Offers.png"],"nonDeceptorImageFiles":["190412/PowerMyMac-190410/1.0.2/Images/ACR-065/PowerMyMac Install.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-065/PowerMyMac About Page.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-099/PowerMyMac Bottom of Internal Offers.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-099/PowerMyMac Bottom of Landing Page.png","190412/PowerMyMac-190410/1.0.2/Images/ACR-099/PowerMyMac About Page.png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.0.2_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.0.2","sigName":"Deceptor:MacOS/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":754},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","fileVersion":"1.0.5","hashMD5":"0f321fb7548b501c877e4a7080981ecb","hashSHA1":"613cdf43af072f125d3ea7cce1acd8e5f8117821","hashSHA256":"f50ac7b59bdd93d34c27413c65a6050f19a5e2defef354c81485e654fbb72b16","sourceIndex":"3065","avBlockList":["Avast Security for Mac (20240514)","Avira Security for Mac (20240514)","Bitdefender Antivirus for Mac (20240514)","ESET Cyber Security Pro for Mac (20240514)","G DATA AntiVirus for Mac (20240514)","McAfee Internet Security for Mac (20240514)","Norton Security for Mac (20240514)","Sophos Home Premium For Mac (20240514)","Trend Micro Antivirus for Mac (20240514)","SpyHunterforMac (20240514)"],"avAllowList":["K7 Antivirus for Mac (20240514)","Kaspersky Internet Security for Mac (20240514)"]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"1.0.5","hashMD5":"a41625ae47242c4f9dc573bbb5fe5940","hashSHA1":"191cdfe5928047ca56e7910f34bd0a6498ae6d7c","hashSHA256":"e44e159b5527e7552ae961c9fbd74b5a20bf6d08443950373bcf5e6066fd247f","digitalCertThumbprint":"1ce9033d690db4d3c6d94d2318b8233d629576a3","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Guangzhou Zoenzo Network Technology Co., Ltd.","sourceIndex":"3065","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"3065"}],"sampleFiles":["190518/PowerMyMac-190410/1.0.5/Samples/imymac-powermymac.dmg","190518/PowerMyMac-190410/1.0.5/Samples/PowerMyMac"],"imageFiles":["190518/PowerMyMac-190410/1.0.5/Images/ACR-004/PowerMyMac ACR004.gif"],"nonDeceptorImageFiles":["190518/PowerMyMac-190410/1.0.5/Images/ACR-065/Screen Shot 2019-05-15 at 4.33.02 PM.png","190518/PowerMyMac-190410/1.0.5/Images/ACR-065/PowerMyMac About Page.png","190518/PowerMyMac-190410/1.0.5/Images/ACR-099/Bottom of Internal Offers.png","190518/PowerMyMac-190410/1.0.5/Images/ACR-099/PowerMyMac About Page.png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.0.5_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.0.5","sigName":"Deceptor:Win32/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":753},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e51af899b7fce31ffb41a50517e899e4","hashSHA1":"abcf2d7dd1f620d7400a3eff4a682ea1e44a2788","hashSHA256":"9c6a8381277c434eefc775dafb8956c21577cfb93ac01032b67597982a3e482d","sourceIndex":"2574","avBlockList":["Avast Security for Mac (20240312)","Bitdefender Antivirus for Mac (20240312)","ESET Cyber Security Pro for Mac (20240312)","G DATA AntiVirus for Mac (20240312)","Kaspersky Internet Security for Mac (20240312)","McAfee Internet Security for Mac (20240312)","Norton Security for Mac (20240312)","Sophos Home Premium For Mac (20240312)","Trend Micro Antivirus for Mac (20240312)","Avira Security for Mac (20240312)","SpyHunterforMac (20240312)"],"avAllowList":["K7 Antivirus for Mac (20240312)"]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"7fd5ee5a45514916a75c51c4a4bdd703","hashSHA1":"38490078e1ddc5fea94896f87a0276b2e59375d6","hashSHA256":"b3b9582cc4bf9e442b21bb3a3d28cc3c22ca9b11ca8a58ccc9fe3cd12a0f0053","sourceIndex":"2574","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/powermymac/","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"2574"}],"sampleFiles":["200123/PowerMyMac-190410/1.0.8/Samples/imymac-powermymac.dmg","200123/PowerMyMac-190410/1.0.8/Samples/PowerMyMac"],"imageFiles":["200123/PowerMyMac-190410/1.0.8/Images/ACR-004/PowerMyMac ACR-004.gif"],"nonDeceptorImageFiles":["200123/PowerMyMac-190410/1.0.8/Images/ACR-065/PowerMyMac Install.png","200123/PowerMyMac-190410/1.0.8/Images/ACR-065/PowerMyMac About Page.png","200123/PowerMyMac-190410/1.0.8/Images/ACR-099/PowerMyMac Bottom of Internal Offers.png","200123/PowerMyMac-190410/1.0.8/Images/ACR-099/PowerMyMac About Page.png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.0.8_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.0.8","sigName":"Deceptor:MacOS/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":752},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"fedd1da1498a761900c79bd0a8537e57","hashSHA1":"68d44a70c12e5fb45bc649f65b81e7445e927d75","hashSHA256":"8735060481b7b21bc5c4eef4415b0345166f022021580d14247a37b1b43b59f7","sourceIndex":"2507","avBlockList":["Avast Security for Mac (20210713)","Avira Security for Mac (20210713)","ESET Cyber Security Pro for Mac (20210713)","McAfee Internet Security for Mac (20210713)","Norton Security for Mac (20210713)","Sophos Home Premium For Mac (20210713)","Trend Micro Antivirus for Mac (20210713)"],"avAllowList":["Bitdefender Antivirus for Mac (20210713)","G DATA AntiVirus for Mac (20210713)","K7 Antivirus for Mac (20210713)","Kaspersky Internet Security for Mac (20210713)"]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"aef013f1138e8f8134d70c2c4e443f18","hashSHA1":" cc250838f096815a24d6ff129061c933ad1c478f","hashSHA256":"80fdff526eff946a7aaf54e1da4aeb58b35a9153657f1eb4b70dbc731b189fa1","sourceIndex":"2507","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imymac.com","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"2507"}],"sampleFiles":["200409/PowerMyMac-190410/1.0.9/Samples/imymac-powermymac.dmg","200409/PowerMyMac-190410/1.0.9/Samples/PowerMyMac"],"imageFiles":["200409/PowerMyMac-190410/1.0.9/Images/ACR-004/PowerMyMac [2].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-004/PowerMyMac_Purchase [1].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-004/PowerMyMac_Purchase [2].png"],"nonDeceptorImageFiles":["200409/PowerMyMac-190410/1.0.9/Images/ACR-065/PowerMyMac_Installation [1].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-065/PowerMyMac [3].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-065/PowerMyMac [9].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-065/PowerMyMac [10].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-099/PowerMyMac_LandingPage [2].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-099/PowerMyMac_Purchase [1].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-099/PowerMyMac_LandingPage [3].png","200409/PowerMyMac-190410/1.0.9/Images/ACR-099/PowerMyMac_About.png","200409/PowerMyMac-190410/1.0.9/Images/ACR-045/PowerMyMac_LandingPage [2].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.0.9_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.0.9","sigName":"Deceptor:MacOS/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":751},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.fonedog.com/","directDownloadingLink":"https://www.fonedog.com/download/fonedog-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonedog.com/download/fonedog-powermymac.dmg","sourceIndex":"2428"}],"sampleFiles":[],"imageFiles":["200526/PowerMyMac-190410/1.1.1/Images/ACR-004/PowerMyMac_Interaction [1].png"],"nonDeceptorImageFiles":["200526/PowerMyMac-190410/1.1.1/Images/ACR-065/PowerMyMac_Install [1].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-065/PowerMyMac_About[1].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-065/PowerMyMac_Interaction [2].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-099/PowerMyMac_OfferPage [1].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-099/PowerMyMac_OfferPage [2].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-099/PowerMyMac_About[1].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-099/PowerMyMac_Interaction [2].png","200526/PowerMyMac-190410/1.1.1/Images/ACR-045/PowerMyMac_LandingPage [1].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.1.1_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.1.1","sigName":"Deceptor:MacOS/PowerMyMac!004","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":750},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"68820c6b177c8de55d4869cb8138df1c","hashSHA1":"1a1cf45523bf32a67da8025f0a155a2fc2fc50d8","hashSHA256":"dea97cd45b615778e3300a098be62136118df3c0ba2faad6e1cede0ded141e18","sourceIndex":"2039","avBlockList":["Avast Security for Mac (20220412)","Avira Security for Mac (20220412)","Bitdefender Antivirus for Mac (20220412)","ESET Cyber Security Pro for Mac (20220412)","G DATA AntiVirus for Mac (20220412)","K7 Antivirus for Mac (20220412)","McAfee Internet Security for Mac (20220412)","Norton Security for Mac (20220412)","Sophos Home Premium For Mac (20220412)","Trend Micro Antivirus for Mac (20220412)"],"avAllowList":["Kaspersky Internet Security for Mac (20220412)"]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"16e225282c5c215566ce7b0515b0c49e","hashSHA1":"79ec63955a93fc49442fbffffc8e2c2cb197ce23","hashSHA256":"35160f7842af40e68e15809396c6e18b67f088d3f514390337f34aeefc55a397","sourceIndex":"2039","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"2039"}],"sampleFiles":["200526/PowerMyMac-190410/1.2.1/Samples/imymac-powermymac.pkg","200526/PowerMyMac-190410/1.2.1/Samples/PowerMyMac"],"imageFiles":["200526/PowerMyMac-190410/1.2.1/Images/ACR-004/PowerMyMac_Interactions [1].png"],"nonDeceptorImageFiles":["200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_Install [1].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_Install [2].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_Install [3].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_Install [4].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-065/PowerMyMac_About [1].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-099/PowerMyMac_OfferPage [4].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-099/PowerMyMac_LandingPage [6].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-099/PowerMyMac_About [2].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-099/PowerMyMac_Interactions [3].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-045/PowerMyMac_LandingPage [4].png","200526/PowerMyMac-190410/1.2.1/Images/ACR-045/PowerMyMac_LandingPage [3].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.2.1_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.2.1","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":749},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"6bf5ff91f8019147fcf2aecd18f280de","hashSHA1":"b0bb571047515142124b48d5b7c7b006df260cbf","hashSHA256":"56afebc9aeafee33537dfe3e3b8f954cfcf7d5740d58d641c74358dc722e240a","sourceIndex":"2026","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"b3581f469909158c65186eae49e5ee9e","hashSHA1":"eb9d8e814cd10d6941f7796386bf9f95a2bcb918","hashSHA256":"1d04a7dc8a9ae4a60a25d1cb722c6f50e1dcd1c926048f3fe15edd42f8d79ab9","sourceIndex":"2026","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"2026"}],"sampleFiles":["201217/PowerMyMac-190410/1.2.2/Samples/imymac-powermymac.pkg","201217/PowerMyMac-190410/1.2.2/Samples/PowerMyMac"],"imageFiles":["201217/PowerMyMac-190410/1.2.2/Images/ACR-004/PowerMyMac_Interactions [1].png"],"nonDeceptorImageFiles":["201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_Install [1].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_Install [2].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_Install [3].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_Install [4].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-065/PowerMyMac_About [1].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-099/PowerMyMac_OfferPage [1].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-099/PowerMyMac_LandingPage [3].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-099/PowerMyMac_About [1].png","201217/PowerMyMac-190410/1.2.2/Images/ACR-045/PowerMyMac_LandingPage [1].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.2.2_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.2.2","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":748},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"28601eb1f6ad7b80fb579981de5b59dd","hashSHA1":"2066414d30fdaaf5559f884a3c708d195e086171","hashSHA256":"69fb475f4b686ae9a02b605a490307b63af657c83fc27b6a4efb32520b096f19","sourceIndex":"2004","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"9270a77220349dc808084a867a0fed75","hashSHA1":"665b3175b5a7c9ded45d5244511a1071758c92be","hashSHA256":"b05731aa89c60085dff0ce982f03cd1d2806a0f832e40c428c98f0e3b8a37c3a","sourceIndex":"2004","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"2004"}],"sampleFiles":["210112/PowerMyMac-190410/1.2.3/Samples/imymac-powermymac.pkg","210112/PowerMyMac-190410/1.2.3/Samples/PowerMyMac"],"imageFiles":["210112/PowerMyMac-190410/1.2.3/Images/ACR-004/PowerMyMac_Interactions [1].png"],"nonDeceptorImageFiles":["210112/PowerMyMac-190410/1.2.3/Images/ACR-065/PowerMyMac_Install [1].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-065/PowerMyMac_Install [2].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-065/PowerMyMac_Install [3].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-065/PowerMyMac_About [1].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-099/PowerMyMac_OfferPage [1].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-099/PowerMyMac_LandingPage [5].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-099/PowerMyMac_LandingPage [6].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-099/PowerMyMac_About [1].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-161/PowerMyMac_LandingPage [1] Testimonial.png","210112/PowerMyMac-190410/1.2.3/Images/ACR-045/PowerMyMac_LandingPage [2].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-045/PowerMyMac_LandingPage [3].png","210112/PowerMyMac-190410/1.2.3/Images/ACR-045/PowerMyMac_LandingPage [4].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.2.3_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.2.3","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":747},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"61a95e95c440d1bfca652ddc183c3cc5","hashSHA1":"625506d8adf55a1376671e933973291a8e88c392","hashSHA256":"1579f1082a076a8a0b2278df54c9c22fd8977f375fe8289ea69feae4f965501a","sourceIndex":"1998","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"b0da253843d2277aea26e06da094b18b","hashSHA1":"7b6879a13aefe8ef4cf577f38ded51230ee29974","hashSHA256":"ca9d5ee7c65ae15b8f7ec5f1df573f0231d350e537aa9f5315cb45f73547f6d4","sourceIndex":"1998","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"1998"}],"sampleFiles":["210201/PowerMyMac-190410/1.3.0/Samples/imymac-powermymac.pkg","210201/PowerMyMac-190410/1.3.0/Samples/PowerMyMac"],"imageFiles":["210201/PowerMyMac-190410/1.3.0/Images/ACR-004/PowerMyMac_Interactions [1].png"],"nonDeceptorImageFiles":["210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_Install [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_Install [2].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_Install [3].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_Install [4].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-065/PowerMyMac_About [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-099/PowerMyMac_OfferPage [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-099/PowerMyMac_LandingPage [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-099/PowerMyMac_About [1].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-161/PowerMyMac_LandingPage [4].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-045/PowerMyMac_LandingPage [2].png","210201/PowerMyMac-190410/1.3.0/Images/ACR-045/PowerMyMac_LandingPage [3].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_1.3.0_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"1.3.0","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":746},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":" \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"f7ddbb2900966d28f2859b9ec6bc1323","hashSHA1":"5438cd4f0443b56eac758a9b63f38fccb982493c","hashSHA256":"417cef771790d85ff7b38518dbde284f70abacf358b8b84f144489840db4f90e","sourceIndex":"1691","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"fcb4f1ed61e6930f207c6f207db43d9b","hashSHA1":"10d77b3b929fe71172307cc4a5c19458534bd2e0","hashSHA256":"8985a821b078f35b7ce8199c97bc9e0ba5fc4e11d2cd1c60a22feec1c0a8d0f8","sourceIndex":"1691","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"1691"}],"sampleFiles":["220306/PowerMyMac-190410/5.2.1/Samples/imymac-powermymac.pkg","220306/PowerMyMac-190410/5.2.1/Samples/PowerMyMac"],"imageFiles":["220306/PowerMyMac-190410/5.2.1/Images/ACR-004/PowerMyMac_Interactions [7].png"],"nonDeceptorImageFiles":["220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [2].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [3].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [4].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_Install [6].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_About [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-065/PowerMyMac_About [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-099/PowerMyMac_OfferPage [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-099/PowerMyMac_LandingPage [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-099/PowerMyMac_About [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-161/PowerMyMac_LandingPage [1].png","220306/PowerMyMac-190410/5.2.1/Images/ACR-045/PowerMyMac_LandingPage [1].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_5.2.1_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"5.2.1","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":745},{"violations":{"ACR-004":"The app does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB and then uses the remaining issues identified to upsell users the fix, requiring users to purchase a subscription service to fix all results identified during the free scan.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\"  highlights \"Free\" misleads the user. The functionality that requires consumer payment in order to be activated needs to be marked clearly on the landing page. Otherwise, the app should remove the \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to its Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to its EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymacpowermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"544d9bd22e53d517a891a87472fac8ec","hashSHA1":"bf359b4889c78d2e1b16120cf57178d162cf45ec","hashSHA256":"f8089afcb406789144cfba52995b1409e5d6c518ffedc6f040f1a9d6b3f9e6a3","digitalCertThumbprint":"","sourceIndex":"1505","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"7045b7c41c04751a8cad2684d86ec2b4","hashSHA1":"4cab87ae5b305ae1892b4cb5d5b4207bcd8a4291","hashSHA256":"3fc57bcc84f550db0cdba1402658a45c295945a00c479a66f9c39edc6353ea4a","digitalCertThumbprint":"","sourceIndex":"1505","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"1505"}],"sampleFiles":["220720/PowerMyMac-190410/5.2.3/Samples/imymacpowermymac.pkg","220720/PowerMyMac-190410/5.2.3/Samples/PowerMyMac"],"imageFiles":["220720/PowerMyMac-190410/5.2.3/Images/ACR-004/ACR-004.png","220720/PowerMyMac-190410/5.2.3/Images/ACR-017/ACR-017_InternalOffers.jpeg"],"nonDeceptorImageFiles":["220720/PowerMyMac-190410/5.2.3/Images/ACR-065/ACR-065_Install.png","220720/PowerMyMac-190410/5.2.3/Images/ACR-065/ACR-065_Software.png","220720/PowerMyMac-190410/5.2.3/Images/ACR-099/ACR-099_InternalOffers.jpeg","220720/PowerMyMac-190410/5.2.3/Images/ACR-099/ACR-099.jpeg","220720/PowerMyMac-190410/5.2.3/Images/ACR-099/ACR-099_1.jpeg","220720/PowerMyMac-190410/5.2.3/Images/ACR-099/ACR-099_Software.png","220720/PowerMyMac-190410/5.2.3/Images/ACR-161/ACR-161.JPG","220720/PowerMyMac-190410/5.2.3/Images/ACR-045/ACR-045.jpeg","220720/PowerMyMac-190410/5.2.3/Images/ACR-045/ACR-045_1.jpeg"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_5.2.3_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"5.2.3","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":743},{"violations":{"ACR-004":"The app does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB and then uses the remaining issues identified to upsell users the fix, requiring users to purchase a subscription service to fix all results identified during the free scan.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\"  highlights \"Free\" misleads the user. The functionality that requires consumer payment in order to be activated needs to be marked clearly on the landing page. Otherwise, the app should remove the \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to its Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to its EULA or Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"d2464eb961fb3ed93fb0925336935e53","hashSHA1":"dcefa59c3661a54663cebd1042a357e7fafc106a","hashSHA256":"d4a04192a3d0805e63e9ad2305f8e765d32d0e1e9e91071a7c74c7760a944ff7","sourceIndex":"749","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"00bf50aa825fbc39ca9c34726b367569","hashSHA1":"fc717acb80b7a1be9ad99e4d25a61bc87c640373","hashSHA256":"c7aed0df0a9aafd692abdf901daaff4c20e090dd873b76c5eb5ea7488e7ee938","sourceIndex":"749","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg","sourceIndex":"749"}],"sampleFiles":["240125/PowerMyMac-190410/5.2.6/Samples/imymac-powermymac.pkg","240125/PowerMyMac-190410/5.2.6/Samples/PowerMyMac"],"imageFiles":["240125/PowerMyMac-190410/5.2.6/Images/ACR-004/004.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-017/017.png"],"nonDeceptorImageFiles":["240125/PowerMyMac-190410/5.2.6/Images/ACR-065/065.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-065/about2.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-099/OfferPage.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-099/LandingPage.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-099/LandingPage2.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-099/about2.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-161/161.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-045/045.png","240125/PowerMyMac-190410/5.2.6/Images/ACR-045/045_1.png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_5.2.6_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"5.2.6","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:30.2137857+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":742},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_g-qJxA1.exe","isInstaller":"True","fileVersion":"6.52","hashMD5":"8856e3c4eb8f94f8a1aed57ca9c1b81a","hashSHA1":"14251bb803df486c845552dbe6cc48fbbe847a50","hashSHA256":"01d83022ee501d1074cf05d8067a03fbe3bbf1b2d8a0b9bd8e51597cf6b8a6ef","digitalCertThumbprint":"155ACAAB08BBC75D6A0121BDE1867351BD7A0A73","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Captural Lmk, O=Captural Lmk, S=Tel Aviv, C=IL","sourceIndex":"1173","avBlockList":["360 Total Security (20230926)","Avira Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["Avast Premium Security (20230926)","AVG Internet Security (20230926)","Bitdefender Internet Security (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","Windows Defender (20230926)"]},{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_g-qJxA1.tmp","fileVersion":"6.52","hashMD5":"37d9df7aeef9df344d9e6f7e6fddc815","hashSHA1":"4d81c4471b24cb36a0c8612572b763fca69fd7dc","hashSHA256":"04d8c2ddd05e71659a39f6c1727bbb15f447573332e455487340db011c3b1f54","sourceIndex":"1173","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"free_download_manager_32-6.12.0-installer_2Yrha-1.exe","isInstaller":"True","fileVersion":"6.12","hashMD5":"835b63e6817118536d942173c9237500","hashSHA1":"e5040b154785e50297e505fb3fe338f92ef25a14","hashSHA256":"77b7eedf3ac6108a8cbdb4745e0a927ad5cfc8ca0a275aa50a3c9b6958be2767","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"1173","avBlockList":["360 Total Security (20230413)","Avira Internet Security (20230413)","ESET Internet Security (20230413)","G DATA INTERNET SECURITY (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)"],"avAllowList":["Avast Premium Security (20230413)","AVG Internet Security (20230413)","Bitdefender Internet Security (20230413)","COMODO Antivirus (20230413)","Dr.Web Security Space (20230413)","Quick Heal Internet Security (20230413)","Trend Micro Internet Security (20230413)","VIPRE Advanced Security (20230413)","Windows Defender (20230413)"]},{"isRevoked":"False","fileName":"free_download_manager_32-6.12.0-installer_2Yrha-1.tmp","fileVersion":"6.12","hashMD5":"3aaa26b7d600f4487a0bfafa856d73f9","hashSHA1":"8c9019ca5fbaa2cb57176bbf5fe7a1b1c505afbf","hashSHA256":"5336360e1d5a2d6c1f26a80599dcb962328795c81660927d1cb107d98a964046","sourceIndex":"1173","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iobit-uninstaller-11.3.0.4-installer_O7-F421.exe","isInstaller":"True","fileVersion":"6.12","hashMD5":"41ae06d18ed5af6e6a0a4568b6bb7cc4","hashSHA1":"b5d5e7e8a951e96e88215ca140c04b892e2d53de","hashSHA256":"a350cd18e1b18c350088512a4baeaeb0ce8ae7e2bfae80636c61c5ba17103b04","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"1173","avBlockList":["360 Total Security (20230413)","Avira Internet Security (20230413)","ESET Internet Security (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Quick Heal Internet Security (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)"],"avAllowList":["Avast Premium Security (20230413)","AVG Internet Security (20230413)","Bitdefender Internet Security (20230413)","COMODO Antivirus (20230413)","Dr.Web Security Space (20230413)","G DATA INTERNET SECURITY (20230413)","Trend Micro Internet Security (20230413)","VIPRE Advanced Security (20230413)","Windows Defender (20230413)"]},{"isRevoked":"False","fileName":"iobit-uninstaller-11.3.0.4-installer_O7-F421.tmp","fileVersion":"6.12","hashMD5":"570ac7dec62a51b18b9359d1e9f3e23b","hashSHA1":"0791494b26ba013034c5861c4b006cb6a9f66a36","hashSHA256":"8c5ffa58d84d9d8eef793c780c20297f0ca93db40ea40fe0c15150718b9f046a","sourceIndex":"1173","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"1173"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"1174"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"1175"}],"sampleFiles":["230403/RiseDownloadManager-230309/51.1052.0.0/Samples/combo-cleaner-1.0.42-installer_g-qJxA1.exe","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/combo-cleaner-1.0.42-installer_g-qJxA1.tmp","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/free_download_manager_32-6.12.0-installer_2Yrha-1.exe","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/free_download_manager_32-6.12.0-installer_2Yrha-1.tmp","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/iobit-uninstaller-11.3.0.4-installer_O7-F421.exe","230403/RiseDownloadManager-230309/51.1052.0.0/Samples/iobit-uninstaller-11.3.0.4-installer_O7-F421.tmp"],"imageFiles":["230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-109/Risecodes_HiddenFile.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-109/FileHippo_042_1.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-109/Risecodes_FileDropped.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-039/Risecodes_DM_IOBIT.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-042/Risecodes_Traffic.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-042/Risecodes_FileDropped.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-042/FileHippo_042.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-042/FileHippo_042_1.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-013/RiseCodes_Offer_060_3.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-013/RiseCodes_Offer_060_2.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-013/RiseCodes_Offer_060_1.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-013/RiseCodes_Offer_060.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-060/RiseCodes_Offer_060.JPG","230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-075/RiseCodes_Offers.JPG"],"nonDeceptorImageFiles":["230403/RiseDownloadManager-230309/51.1052.0.0/Images/ACR-044/Risecodes_DM_IOBIT.JPG"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_51.1052.0.0_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"51.1052.0.0","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":741},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\nThe offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"anydesk-7.0.4-installer_uNVu-I1.exe","isInstaller":"True","fileVersion":"36.26","hashMD5":"a58d41606dcaa46dd3a417aa86dcda43","hashSHA1":"f40fdd402e420383ee982795a35c08398c047f26","hashSHA256":"7a4205ecf09a09e68cecf4c2cc52ccf8cbc3484cf58b073336c8745038164ba4","digitalCertThumbprint":"2199B2ECFC03C7B258B501E632C315D18CB43E4B","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"808","avBlockList":["COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","McAfee Total Protection (20240123)","Total AV Antivirus Pro (20240123)","Trend Micro Internet Security (20240123)","VIPRE Advanced Security (20240123)","Windows Defender (20240123)"]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"808"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"809"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"810"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/4ebnk1kuvq/72.460/anydesk-7.0.4-installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/*","sourceIndex":"811"}],"sampleFiles":["231116/RiseDownloadManager-230309/36.26.2683.9493/Samples/anydesk-7.0.4-installer_uNVu-I1.exe"],"imageFiles":["231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-109/bundle.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-039/DM.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-042/ACR-042.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-042/bundle.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-013/OptionalOffer.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/RiseCodes_Offer_060.JPG","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-075/RiseCodes_Offers.JPG","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/ACR-060_1.png","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/ACR-060_2.png","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/ACR-060_3.png","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-044/DM.jpg","231116/RiseDownloadManager-230309/36.26.2683.9493/Images/ACR-060/OptionalOffer.jpg"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_36.26.2683.9493_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"36.26.2683.9493","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":738},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\nThe offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_xmC8-F1.exe","isInstaller":"True","fileVersion":"9.0","hashMD5":"0b56d7596fdc35a6ca47eb1409032103","hashSHA1":"14c5ea37a5df0355f93b5af632b145e4547d86de","hashSHA256":"ab250263f3d7bdd7797918c095f86327d5531342d332eff37feac2e632755eab","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"796","avBlockList":["360 Total Security (20240404)","Bitdefender Internet Security (20240404)","COMODO Antivirus (20240404)","Dr.Web Security Space (20240404)","ESET Internet Security (20240404)","G DATA INTERNET SECURITY (20240404)","K7 Total Security (20240404)","Kaspersky Internet Security (20240404)","Malwarebytes Premium (20240404)","Norton Security (20240404)","Panda Dome (20240404)","Quick Heal Internet Security (20240404)","Sophos Home Premium (20240404)","SpyHunter5 (20240404)","VIPRE Advanced Security (20240404)","VirIT eXplorer PRO (20240404)","Webroot SecureAnywhere (20240404)"],"avAllowList":["Avast Premium Security (20240404)","AVG Internet Security (20240404)","Avira Internet Security (20240404)","McAfee Total Protection (20240404)","Total AV Antivirus Pro (20240404)","Trend Micro Internet Security (20240404)","Windows Defender (20240404)"]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"796"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"797"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"798"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/post_download/?nodl=1","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/uq1d9kucz5/34.002/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/*","sourceIndex":"799"}],"sampleFiles":["231121/RiseDownloadManager-230309/9.0.2332.0/Samples/combo-cleaner-1.0.42-installer_xmC8-F1.exe"],"imageFiles":["231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-109/Screen Shot 2023-11-21 at 2.11.43 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-039/Screen Shot 2023-11-21 at 2.12.09 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-013/Screen Shot 2023-11-21 at 2.35.47 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-013/Screen Shot 2023-11-21 at 2.40.26 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-013/Screen Shot 2023-11-21 at 3.23.19 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.35.47 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.40.26 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 3.23.19 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.35.47 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.40.26 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 3.23.19 PM.png"],"nonDeceptorImageFiles":["231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-044/Screen Shot 2023-11-21 at 2.12.09 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.35.47 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 2.40.26 PM.png","231121/RiseDownloadManager-230309/9.0.2332.0/Images/ACR-060/Screen Shot 2023-11-21 at 3.23.19 PM.png"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_9.0.2332.0_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"9.0.2332.0","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":737},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\"  highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install wizard does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not contain links to it's EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app's internal offers page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"45e220731f27ae5448b6eaeebd38064a","hashSHA1":"00f8bec050d433567ce4614c2cef4aa13ca6e12c","hashSHA256":"d56ca91ad81b4dbfc134d272e516cecd7f99fa59eccff011e7fe7c3a72bc0941","sourceIndex":"1582","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMyMac","fileVersion":"0.","hashMD5":"d4d3639770415539288fd465e9446aed","hashSHA1":"d8717a9c41d304464bf4046e0f3309cc830180f5","hashSHA256":"9f99efecd8928a8da6997a7ae5a6753508ed8ace706ffb32357f4090ffe61c35","sourceIndex":"1582","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"iMyMac has another app that is a deceptor","landingPage":"https://www.imymac.com","directDownloadingLink":"https://download.imymac.com/download/imymac-powermymac.pkg ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-powermymac.pkg ","sourceIndex":"1582"}],"sampleFiles":["220531/PowerMyMac-190410/5.2.2/Samples/imymac-powermymac.pkg","220531/PowerMyMac-190410/5.2.2/Samples/PowerMyMac"],"imageFiles":["220531/PowerMyMac-190410/5.2.2/Images/ACR-004/PowerMyMac_Interactions [7].png"],"nonDeceptorImageFiles":["220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_Install [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_Install [2].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_Install [3].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_Install [4].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-065/PowerMyMac_About [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-099/PowerMyMac_OfferPage [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-099/PowerMyMac_LandingPage [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-099/PowerMyMac_About [1].png","220531/PowerMyMac-190410/5.2.2/Images/ACR-045/PowerMyMac_LandingPage [1].png"],"guid":"a2b25fe8-14b1-4164-a591-6ead241dfa7c_5.2.2_1","appID":"PowerMyMac-190410","dateAdded":"240125","deceptorType":"MacOS App","name":"Power My Mac","company":"iMyMac","version":"5.2.2","lastKnownStatus":"Deceptor:1.0.5;1.0.8;1.0.9;1.1.1;1.2.2;1.2.3;1.3.0;5.2.1;5.2.2;5.2.3;5.2.6","lastKnownDate":"240125","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":744},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\nThe offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_pyj-KX1.exe","isInstaller":"True","fileVersion":"9.1","hashMD5":"70701ba408413d45fc44291f925b1996","hashSHA1":"6c9dbd67bb39fd6584f9cb9d16091e7645a02bb5","hashSHA256":"8487773ce1b7ab4aa7ea0f5c86f4c16f416de5f26d334ac1179960726b9e922b","digitalCertThumbprint":"3D77862197B955C13BA2BAF68E5B58DADC17D524","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"766","avBlockList":["Avira Internet Security (20240328)","COMODO Antivirus (20240328)","Dr.Web Security Space (20240328)","ESET Internet Security (20240328)","G DATA INTERNET SECURITY (20240328)","K7 Total Security (20240328)","Kaspersky Internet Security (20240328)","Malwarebytes Premium (20240328)","Norton Security (20240328)","Panda Dome (20240328)","Quick Heal Internet Security (20240328)","Sophos Home Premium (20240328)","SpyHunter5 (20240328)","Total AV Antivirus Pro (20240328)","VirIT eXplorer PRO (20240328)","Webroot SecureAnywhere (20240328)"],"avAllowList":["360 Total Security (20240328)","Avast Premium Security (20240328)","AVG Internet Security (20240328)","Bitdefender Internet Security (20240328)","McAfee Total Protection (20240328)","Trend Micro Internet Security (20240328)","VIPRE Advanced Security (20240328)","Windows Defender (20240328)"]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_360-total-security-free-antivirus/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","ipv4":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/pvqydisc89/72.683/360-total-security-free-antivirus-10.8.0.1324-installer.exe","sourceIndex":"766"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/0tq7rjs9jy/56.8608/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"767"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_iobit-uninstaller/","directDownloadingLink":"https://d3ry3spu9wn6vo.cloudfront.net/files/fbpvtcha4j/54.3883/iobit-uninstaller-11.3.0.4-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://d3ry3spu9wn6vo.cloudfront.net/files/*","sourceIndex":"768"},{"howFound":"","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/hd336w7srd/37.480/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/*","sourceIndex":"769"}],"sampleFiles":["240109/RiseDownloadManager-230309/9.1.1241.0/Samples/combo-cleaner-1.0.42-installer_pyj-KX1.exe"],"imageFiles":["240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-109/files.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-039/download manager.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-013/offer 1.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-013/offer 2.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 1.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 2.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 1.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 2.png"],"nonDeceptorImageFiles":["240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-044/download manager.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 1.png","240109/RiseDownloadManager-230309/9.1.1241.0/Images/ACR-060/offer 2.png"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_9.1.1241.0_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"9.1.1241.0","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":735},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"combo-cleaner-1.0.42-installer_Xo-C851.exe","isInstaller":"True","fileVersion":"13.41","hashMD5":"6c17e306945dbd5281bcddd3a277107a","hashSHA1":"49988c43a7aad18eb938832173ab7313fe365b2f","hashSHA256":"e17b1a3adaa3883162e5927804bbce6372d62cf2989dc2a599a96b952a21bc4f","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"750","avBlockList":["360 Total Security (20240201)","Avira Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Avast Premium Security (20240201)","AVG Internet Security (20240201)","Bitdefender Internet Security (20240201)","McAfee Total Protection (20240201)","Trend Micro Internet Security (20240201)","VIPRE Advanced Security (20240201)"]},{"isRevoked":"False","fileName":"free-rar-password-recovery-3.53-installer_ARg4-g1.exe","isInstaller":"True","fileVersion":"13.41","hashMD5":"e77cc219b1bfbb791bf864477083d725","hashSHA1":"0167ed132d0b02c37b343f1be6676dd4753e5afa","hashSHA256":"66164bac6e603c31a292bda45ed3f9f801e119e046a78eccf9e3815a9c6ece8d","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"750","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_combo-cleaner/","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/3dj6rafek6/47.344/combo-cleaner-1.0.42-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/3dj6rafek6/47.344/combo-cleaner-1.0.42-installer.exe","sourceIndex":"750"},{"howFound":"","reference":"","landingPage":"https://filehippo.de/download_free-rar-password-recovery/","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/yvp4b09eqe/21.853/free-rar-password-recovery-3.53-installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/yvp4b09eqe/*","sourceIndex":"751"}],"sampleFiles":["240125/RiseDownloadManager-230309/13.41.4168.8345/Samples/combo-cleaner-1.0.42-installer_Xo-C851.exe","240125/RiseDownloadManager-230309/13.41.4168.8345/Samples/free-rar-password-recovery-3.53-installer_ARg4-g1.exe"],"imageFiles":["240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-109/ACR-109_Install_1.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-039/ACR-039_Install_1.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-042/ACR-042_Install_1.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-042/ACR-042_Install_2.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-013/ACR-013_Install_1.png","240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240125/RiseDownloadManager-230309/13.41.4168.8345/Images/ACR-044/ACR-044_Install_1.png"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_13.41.4168.8345_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"13.41.4168.8345","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T19:50:19.7277449+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":734},{"violations":{"ACR-109":"Download Manager secretly downloads and writes the files to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager communicate with 3rd party website and drops hidden file/potential offer app info in hidden folder without user permission.  \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\nThe offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from RiseCodes and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://hello.softonic.com/privacy-policy/\nhttps://hello.softonic.com/terms-of-use/\nhttps://risecodes.com/privacy\nhttps://risecodes.com/terms)\n\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"samples":[{"isRevoked":"False","fileName":"anydesk-7.0.4-installer_w8IM-D1.exe","isInstaller":"True","fileVersion":"27.12","hashMD5":"c0b915d66b4097169300f687e04155ef","hashSHA1":"0382430ad611469aaf2b53cf90a61617dd1ec447","hashSHA256":"50360ce930f5e96da0a4e2565f2854d813e4d6b858746f6b80a0f2c899607121","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"783","avBlockList":["360 Total Security (20231205)","Avira Internet Security (20231205)","Bitdefender Internet Security (20231205)","COMODO Antivirus (20231205)","Dr.Web Security Space (20231205)","ESET Internet Security (20231205)","G DATA INTERNET SECURITY (20231205)","K7 Total Security (20231205)","Kaspersky Internet Security (20231205)","Malwarebytes Premium (20231205)","Norton Security (20231205)","Panda Dome (20231205)","Quick Heal Internet Security (20231205)","Sophos Home Premium (20231205)","SpyHunter5 (20231205)","Total AV Antivirus Pro (20231205)","VIPRE Advanced Security (20231205)","VirIT eXplorer PRO (20231205)","Webroot SecureAnywhere (20231205)","Windows Defender (20231205)"],"avAllowList":["Avast Premium Security (20231205)","AVG Internet Security (20231205)","McAfee Total Protection (20231205)","Trend Micro Internet Security (20231205)"]},{"isRevoked":"False","fileName":"teracopy-3.26-installer_HoZ-fC1.exe","isInstaller":"True","fileVersion":"27.12","hashMD5":"750231862323aaa52756884aeb77c955","hashSHA1":"2fac17443e48bca318fcb83a61ffd40cd05f82bf","hashSHA256":"41fe10d5ae6f974b1f447d7d2da24d5c9844e8a973eabefc7b25603d8f8f9f8c","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"783","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anydesk-7.0.4-installer_fPMZ3-1_231124.exe","isInstaller":"True","fileVersion":"27.12","hashMD5":"836a9f632d00ecdf9f290ea3478f11b0","hashSHA1":"d56c8568eea73f3e920bc09de75f8ca3b4373f32","hashSHA256":"00f54fbb8110ba714edd4aa09dd9c732da65e3d7044d6addf497a55132f01dd8","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"783","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anydesk-7.0.4-installer_rEa-Pn1_231204.exe","isInstaller":"True","fileVersion":"27.12","hashMD5":"0fa6652d7211eafb869003222fc21c2e","hashSHA1":"944cf4826b1ed2878e8c4cd9ec9b86cd5f632bb5","hashSHA256":"a3a08f926b9506635fa8cd4cb2bb7babedccd9d5f66f1100d0692dc9ab17f1cb","digitalCertThumbprint":"BA0816E9C5E14B31E81549CC1A70651FCD6C7B52","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=FH Manager, O=FH Manager, S=Tel Aviv, C=IL","sourceIndex":"783","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"FileHippo downloading","reference":"","landingPage":"https://filehippo.com/download_teracopy/","directDownloadingLink":"https://do54checeiyro.cloudfront.net/files/avtcqilq02/75.3272/teracopy-3.26-installer.exe","ipv4":"https://do54checeiyro.cloudfront.net/files/*","ipv6":"","landingPageWildChar":"https://filehippo.com/download*","directDownloadingLinkWildChar":"https://do54checeiyro.cloudfront.net/files/avtcqilq02/75.3272/teracopy-3.26-installer.exe","sourceIndex":"783"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"784"}],"sampleFiles":["231211/RiseDownloadManager-230309/27.12.2947.2398/Samples/anydesk-7.0.4-installer_w8IM-D1.exe","231211/RiseDownloadManager-230309/27.12.2947.2398/Samples/teracopy-3.26-installer_HoZ-fC1.exe","231211/RiseDownloadManager-230309/27.12.2947.2398/Samples/anydesk-7.0.4-installer_fPMZ3-1_231124.exe","231211/RiseDownloadManager-230309/27.12.2947.2398/Samples/anydesk-7.0.4-installer_rEa-Pn1_231204.exe"],"imageFiles":["231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-109/bundle.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-039/DM.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-042/traffic.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-042/bundle.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-013/OptionalOffer.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/RiseCodes_Offer_060.JPG","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-075/RiseCodes_Offers.JPG","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/ACR-060_1.png","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/ACR-060_2.png","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/ACR-060_3.png","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/ACR-060_4.png"],"nonDeceptorImageFiles":["231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-044/DM.jpg","231211/RiseDownloadManager-230309/27.12.2947.2398/Images/ACR-060/OptionalOffer.jpg"],"guid":"0e80ee49-1be4-4fa2-bc0e-f753258a3b88_27.12.2947.2398_1","appID":"RiseDownloadManager-230309","dateAdded":"240125","deceptorType":"Bundler","name":"FileHippoDownloadManager","company":"filehippo.com","version":"27.12.2947.2398","lastKnownStatus":"51.1052.0.0;8.7.2431;85.71.2401.4231;27.12.2947.2398;36.26.2683.9493;9.0.2332.0;27.12.2947.2398;9.1.1241.0;13.41.4168.8345","lastKnownDate":"240125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2024-01-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":736},{"violations":{"ACR-109":"The Offer provider components get dropped without consumer's consent prior to installation.\n","ACR-042":"Prior to installation, hidden executables and offer-related files gets dropped into a hidden folder before obtaining user consent.\n","ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. \n"},"nonDeceptorViolations":{"ACR-044":"No attribution for the download manager is shown at installation. Missing clear information about significant functions of Download Manager: it may show offers during installation. \n","ACR-035":"There is no EULA and the Privacy Policy does not identify the name of the App.\n"},"samples":[{"isRevoked":"False","fileName":"CheatEngine75.exe","isInstaller":"True","fileVersion":"7.5","hashMD5":"609fea742d34dc1d53f0eeb4873b1a0a","hashSHA1":"3232c52da3cb8f47a870162a35cdd75fcae60aea","hashSHA256":"e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e","digitalCertThumbprint":"7DA5EC34D9A6396D48AF98DD8BB841B1F71BDFD5","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL","sourceIndex":"753","avBlockList":["Avira Internet Security (20240507)","COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","McAfee Total Protection (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)"],"avAllowList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","Bitdefender Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","Trend Micro Internet Security (20240507)","VIPRE Advanced Security (20240507)","Windows Defender (20240507)"]},{"isRevoked":"False","fileName":"CheatEngine75_230927.exe","isInstaller":"True","fileVersion":"7.5","hashMD5":"f99cee24157dcaac5997a910795186a5","hashSHA1":"452f5d4016c339bfe97c843bceb5790dc1a4720f","hashSHA256":"b7e052ed2f1fd808bd332fe0b7cfba596f0d75e1134e380d3a7c56a1bf7b6489","digitalCertThumbprint":"9CD94C59500A37C757F126042A8CD752D0C7964D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL","sourceIndex":"753","avBlockList":["Avira Internet Security (20240507)","COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","Trend Micro Internet Security (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)"],"avAllowList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","Bitdefender Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","McAfee Total Protection (20240507)","VIPRE Advanced Security (20240507)","Windows Defender (20240507)"]},{"isRevoked":"False","fileName":"CheatEngine75_230124.exe","isInstaller":"True","fileVersion":"7.5","hashMD5":"96d1196bd8e52d9889656b2960a27e5b","hashSHA1":"75b17106b9aa54ccea7583c8339b81993f27e69e","hashSHA256":"75f32ab1a2e666ca53d9d8e3d9d6d7e64ee068aa92af66bdd1e4f6527e83e1ec","digitalCertThumbprint":"9CD94C59500A37C757F126042A8CD752D0C7964D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL","sourceIndex":"753","avBlockList":["Avira Internet Security (20240507)","Bitdefender Internet Security (20240507)","COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","VIPRE Advanced Security (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)"],"avAllowList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","McAfee Total Protection (20240507)","Trend Micro Internet Security (20240507)","Windows Defender (20240507)"]}],"additionalFiles":[],"sources":[{"howFound":"through BIBR","reference":"","landingPage":"https://cheatengine.org/","directDownloadingLink":"https://d1vdn3r1396bak.cloudfront.net/installer/7556859/0801310076659006983","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1vdn3r1396bak.cloudfront.net/installer/7556859/0801310076659006983","sourceIndex":"753"}],"sampleFiles":["240123/CheatEngine-230320/7.5.0/Samples/CheatEngine75.exe","240123/CheatEngine-230320/7.5.0/Samples/CheatEngine75_230927.exe","240123/CheatEngine-230320/7.5.0/Samples/CheatEngine75_230124.exe"],"imageFiles":["240123/CheatEngine-230320/7.5.0/Images/ACR-109/ACR-109_043_042.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-039/ACR-039_044.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-039/PP.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-043/ACR-109_043_042.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-042/ACR-109_043_042.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-013/Optional_Offer1.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-013/Optional_Offer2.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-060/Optional_Offer1.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-060/Optional_Offer2.jpg"],"nonDeceptorImageFiles":["240123/CheatEngine-230320/7.5.0/Images/ACR-044/ACR-039_044.jpg","240123/CheatEngine-230320/7.5.0/Images/ACR-035/PP.jpg"],"guid":"01fe8028-774e-410e-8ae8-304bad346a30_7.5.0_1","appID":"CheatEngine-230320","dateAdded":"240123","deceptorType":"App","name":"CheatEngine","company":"EngineGame","version":"7.5.0","lastKnownStatus":"7.5.0","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2024-01-24T07:53:17.7186774+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":768},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"Picture Viewer For Win 10","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"75f9cb8a5c9a0b987cb6d40b0e5feafa","hashSHA1":"cc8a458e176416b3cd80ae1ea3018c1f5cc80407","hashSHA256":"695a07456d753b613d119e192c9cfbb04168316fc8a08834ddd3dbe37a1b6b01","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1269","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10                                     ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"f62d3a3a5369a59774ea871be3927727","hashSHA1":"8ea747c8cd1135c6f9fd40540d9aa1d1fb925a1a","hashSHA256":"522b0ab9b884627fb0f1741f6ef14dd9b4d2e088a32986f0531219645c960d08","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1269","avBlockList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)","Windows Defender (20230919)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"1269"}],"sampleFiles":["221214/PhotoViewerForWin10-221213/1.3/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["221214/PhotoViewerForWin10-221213/1.3/Images/ACR-109/ACR-109.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-048/ACR-048.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-010/ACR-010.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-057/ACR-057.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-059/ACR-059.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-071/ACR-071.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-155/ACR-155.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221214/PhotoViewerForWin10-221213/1.3/Images/ACR-106/ACR-106.JPG","221214/PhotoViewerForWin10-221213/1.3/Images/ACR-092/ACR-092.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_1.3_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"1.3","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-01-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":767},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b5b2f5f3ef54d6af9f20b4acab0fc901","hashSHA1":"7801ae7157471001440c4fda51afb8e9fcbd73e4","hashSHA256":"5abb979f5f53b956f59e05df8caec50a89adc0b3c292d6aa0851ff6237b6b659","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1080","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Photo Viewer For Win 10 and 11                              ","productVersion":"1.8                                               ","fileVersion":"1.8                 ","hashMD5":"44025c75fa43d2d86d3476c8cb60f2b1","hashSHA1":"70c761c4ff2f31823f95ff8efab34893bffdfd73","hashSHA256":"ed4b9af104bfdf6960ab7ad8c373d7f8d7437e865d84012c31611a2d7acb2a48","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1080","avBlockList":["Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)","Windows Defender (20230926)"],"avAllowList":["360 Total Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"1080"}],"sampleFiles":["230525/PhotoViewerForWin10-221213/1.8/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["230525/PhotoViewerForWin10-221213/1.8/Images/ACR-109/ACR-109.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-048/ACR-048.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-010/ACR-010.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-057/ACR-057.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-059/ACR-059.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-071/ACR-071.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-155/ACR-155.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-118/ACR-118.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-043/ACR-043.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-042/ACR-042.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-007/ACR-007.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-013/ACR-013.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230525/PhotoViewerForWin10-221213/1.8/Images/ACR-106/ACR-106.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-092/ACR-092.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-045/ACR-045.JPG","230525/PhotoViewerForWin10-221213/1.8/Images/ACR-123/ACR-123.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_1.8_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"1.8","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-01-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":766},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b5b2f5f3ef54d6af9f20b4acab0fc901","hashSHA1":"7801ae7157471001440c4fda51afb8e9fcbd73e4","hashSHA256":"5abb979f5f53b956f59e05df8caec50a89adc0b3c292d6aa0851ff6237b6b659","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1051","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10SetupD.exe","isInstaller":"True","companyName":"                                                            ","productName":"Photo Viewer For Win 10 and 11                              ","productVersion":"1.82                ","fileVersion":"1.82                ","hashMD5":"57a2a51b0526bbf4c8016ff4931091ed","hashSHA1":"5609346736ea77b0fa0aab8229e8eafeb91090f2","hashSHA256":"997d419dc8dc4c61c8a256e9d7f1f1a6362d8026a2dda9cbc78e1bc99ce48e4b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1051","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10SetupD.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10SetupD.exe","sourceIndex":"1051"}],"sampleFiles":["230609/PhotoViewerForWin10-221213/1.82/Samples/PhotoViewerForWin10SetupD.exe"],"imageFiles":["230609/PhotoViewerForWin10-221213/1.82/Images/ACR-109/ACR-109.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-048/ACR-048.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-010/ACR-010.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-057/ACR-057.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-059/ACR-059.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-071/ACR-071.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-155/ACR-155.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-118/ACR-118.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-118/ACR-118_2.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-043/ACR-043.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-042/ACR-042.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-007/ACR-007.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-013/ACR-013.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230609/PhotoViewerForWin10-221213/1.82/Images/ACR-106/ACR-106.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-092/ACR-092.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-045/ACR-045.JPG","230609/PhotoViewerForWin10-221213/1.82/Images/ACR-123/ACR-123.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_1.82_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"1.82","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-04T14:37:38.9557175+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":765},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Photo Viewer For Windows 10                                 ","productVersion":"2.7                 ","fileVersion":"2.7                 ","hashMD5":"9e8f57334106ac56972fa9f485629195","hashSHA1":"546e9e8f2dcb6a70056f6f00e1c6a23a8fbde739","hashSHA256":"b19a573d99ba89e7d9f32f420d23dd63b7422ed2b31e199ba305d7593cb11ddb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"946","avBlockList":["Avast Premium Security (20231031)","AVG Internet Security (20231031)","Avira Internet Security (20231031)","Bitdefender Internet Security (20231031)","COMODO Antivirus (20231031)","Dr.Web Security Space (20231031)","ESET Internet Security (20231031)","G DATA INTERNET SECURITY (20231031)","K7 Total Security (20231031)","Kaspersky Internet Security (20231031)","Malwarebytes Premium (20231031)","McAfee Total Protection (20231031)","Norton Security (20231031)","Panda Dome (20231031)","Quick Heal Internet Security (20231031)","Sophos Home Premium (20231031)","SpyHunter5 (20231031)","Total AV Antivirus Pro (20231031)","VIPRE Advanced Security (20231031)","VirIT eXplorer PRO (20231031)","Webroot SecureAnywhere (20231031)","Windows Defender (20231031)"],"avAllowList":["360 Total Security (20231031)","Trend Micro Internet Security (20231031)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"946"}],"sampleFiles":["230731/PhotoViewerForWin10-221213/2.7/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["230731/PhotoViewerForWin10-221213/2.7/Images/ACR-109/ACR-109_Install_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-048/ACR-048_Install_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-010/ACR-010_Install_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-057/ACR-057_Bundler-made offers_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-059/ACR-059_Bundler-made offers_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-071/ACR-071_Bundler-made offers_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-118/ACR-118_Uninstall_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-013/ACR-013_Install_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["230731/PhotoViewerForWin10-221213/2.7/Images/ACR-106/ACR-106_Software_1.png","230731/PhotoViewerForWin10-221213/2.7/Images/ACR-092/ACR-092_Software_1.png"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.7_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.7","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-04T14:37:36.1322808+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":763},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10 and 11                              ","productVersion":"2.1                 ","fileVersion":"2.1                 ","hashMD5":"dc8b1fd76075cc28bd47300c8a7aff28","hashSHA1":"4a29474ffa0ab42f5708965937b83350cc3fc930","hashSHA256":"640d1fd31e27ae4faebba619a2dc4ef026d0905c7f0619890bfedff0f3612cdf","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"927","avBlockList":["Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","Trend Micro Internet Security (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)"],"avAllowList":["360 Total Security (20230928)","Windows Defender (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"927"}],"sampleFiles":["230807/PhotoViewerForWin10-221213/2.1/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["230807/PhotoViewerForWin10-221213/2.1/Images/ACR-109/ACR-109_Install_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-048/ACR-048_Install_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-010/ACR-010_Install_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-057/ACR-057_Bundler-made offers_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-059/ACR-059_Bundler-made offers_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-071/ACR-071_Bundler-made offers_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-118/ACR-118_Uninstall_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-013/ACR-013_Install_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["230807/PhotoViewerForWin10-221213/2.1/Images/ACR-106/ACR-106_Software_1.png","230807/PhotoViewerForWin10-221213/2.1/Images/ACR-092/ACR-092_Software_1.png"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.1_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.1","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-04T14:37:35.6848396+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":762},{"violations":{"ACR-109":"The app downloads \"mnrks.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “mnrks.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"962e3b4a209ceefae61031b794245908","hashSHA1":"170a849aec0961cdc0e6f77f2ab83ec4cfa82201","hashSHA256":"f2537cf99813090d3464e71bcd906a6ef7e41a22eac9f0157d2bbc2244bb33ec","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"880","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10                                     ","productVersion":"2.18                ","fileVersion":"2.18                ","hashMD5":"5a845e40650231c23fe0678670bea47d","hashSHA1":"e34cc463e2364497ec07dc07a13b6fdcec5f1db9","hashSHA256":"828e4258acb76e7f45ee239fb9bb93b92191899992d34ed655de66d6b7a17d89","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"880","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"880"}],"sampleFiles":["231002/PhotoViewerForWin10-221213/2.18/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["231002/PhotoViewerForWin10-221213/2.18/Images/ACR-109/ACR-109.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-048/ACR-048.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-010/ACR-010.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-057/ACR-057.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-059/ACR-059.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-071/ACR-071.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-155/ACR-155.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-118/ACR-118.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-118/ACR-118_1.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-042/ACR-042.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-013/ACR-013.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["231002/PhotoViewerForWin10-221213/2.18/Images/ACR-106/ACR-106.JPG","231002/PhotoViewerForWin10-221213/2.18/Images/ACR-092/ACR-092.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.18_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.18","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-04T14:37:34.2510078+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":761},{"violations":{"ACR-109":"The app downloads \"uprkset.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app initiates network communications with 3rd party offer provider before obtaining user consent. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"PhotoViewerForWin10Setup.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10                                     ","productVersion":"2.21                ","fileVersion":"2.21                ","hashMD5":"877bfa8548195598fc88c0e0ce6899e6","hashSHA1":"9118c3dd43307cc4bce0326d2708363a688b88c8","hashSHA256":"9bb0cfbcf45f7bef0f4f5e88c080c4f9b59f61de2d751fb331e32d32526c1d79","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"754","avBlockList":["Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":["360 Total Security (20240215)","Trend Micro Internet Security (20240215)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Relevant Knowledge Apps","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10Setup.exe","sourceIndex":"754"}],"sampleFiles":["240123/PhotoViewerForWin10-221213/2.21/Samples/PhotoViewerForWin10Setup.exe"],"imageFiles":["240123/PhotoViewerForWin10-221213/2.21/Images/ACR-109/ACR-109_Install_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-010/ACR-010_Install_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-155/ACR-155_Bundler-made offers_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-118/ACR-118_Uninstall_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-118/ACR-118_Uninstall_2.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-042/ACR-042_Install_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-013/ACR-013_Install_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240123/PhotoViewerForWin10-221213/2.21/Images/ACR-106/ACR-106_Software_1.png","240123/PhotoViewerForWin10-221213/2.21/Images/ACR-092/ACR-092_Software_1.png"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.21_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.21","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-04T14:37:30.4014772+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":760},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Photo Viewer For Win 10\\Photo Viewer For Win 10.exe","companyName":"","productName":"Picture Viewer For Win 10 and 11","productVersion":"1.5.0.0","fileVersion":"2.1.0.0","hashMD5":"59ef384fb4a3253672c61f8cc503c66f","hashSHA1":"c8d098be0a4c6c675b6a6965bb7052d9373a3eac","hashSHA256":"2d20f3c1fa703b758bff1a47fbfcdf7deb9e881aaa767cf3c690f21fbf8f1b89","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1039","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoViewerForWin10SetupD.exe","isInstaller":"True","companyName":"Photo Viewer For Win 10                                     ","productName":"Photo Viewer For Win 10 and 11                              ","productVersion":"2.11                ","fileVersion":"2.11                ","hashMD5":"5eeef13c4fcfb2614b1ea0b7c76a1e12","hashSHA1":"c0fd8902f431dd747e528c1bf05c9976336ac514","hashSHA256":"a3a5a9cf0df8ab87a06155cbfd5e135a55b55db56dc3b34535f65cf0cbc429e1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1039","avBlockList":["360 Total Security (20240507)","Avast Premium Security (20240507)","AVG Internet Security (20240507)","Avira Internet Security (20240507)","Bitdefender Internet Security (20240507)","COMODO Antivirus (20240507)","Dr.Web Security Space (20240507)","ESET Internet Security (20240507)","G DATA INTERNET SECURITY (20240507)","K7 Total Security (20240507)","Kaspersky Internet Security (20240507)","Malwarebytes Premium (20240507)","McAfee Total Protection (20240507)","Norton Security (20240507)","Panda Dome (20240507)","Quick Heal Internet Security (20240507)","Sophos Home Premium (20240507)","SpyHunter5 (20240507)","Total AV Antivirus Pro (20240507)","Trend Micro Internet Security (20240507)","VIPRE Advanced Security (20240507)","VirIT eXplorer PRO (20240507)","Webroot SecureAnywhere (20240507)","Windows Defender (20240507)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.photoviewerforwin10.com/","directDownloadingLink":"https://www.photoviewerforwin10.com/PhotoViewerForWin10SetupD.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.photoviewerforwin10.com/PhotoViewerForWin10SetupD.exe","sourceIndex":"1039"}],"sampleFiles":["230616/PhotoViewerForWin10-221213/2.11/Samples/PhotoViewerForWin10SetupD.exe"],"imageFiles":["230616/PhotoViewerForWin10-221213/2.11/Images/ACR-109/ACR-109.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-048/ACR-048.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-010/ACR-010.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-057/ACR-057.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-059/ACR-059.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-071/ACR-071.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-155/ACR-155.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-118/ACR-118.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-118/ACR-118_1.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-043/ACR-043.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-042/ACR-042.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-007/ACR-007.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-013/ACR-013.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230616/PhotoViewerForWin10-221213/2.11/Images/ACR-106/ACR-106.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-092/ACR-092.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-092/ACR-092_1.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-045/ACR-045.JPG","230616/PhotoViewerForWin10-221213/2.11/Images/ACR-123/ACR-123.JPG"],"guid":"51b9ec50-4946-40af-80cf-aeb033e95e4c_2.11_1","appID":"PhotoViewerForWin10-221213","dateAdded":"240123","deceptorType":"App","name":"Photo Viewer For Win 10","company":"Photo Viewer For Win 10","version":"2.11","lastKnownStatus":"1.3;1.8;1.82;2.11;2.7;2.1;2.18;2.21","lastKnownDate":"240123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2026-05-04T14:37:38.5845132+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":764},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app and does not list its own app to uninstall in programs and features\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey and password to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer. \n2. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, control panel, and is saved in a hidden folder. The app uses a hotkey and password to hide its presence\n3. The app creates a startup to perform an action without the user's knowledge and consent\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app's install wizard does not contain a link to its Privacy Policy. \nThe app does not provide links to the app's EULA & Privacy Policy.\n","ACR-092":"The installer and other executables are not digitally signed\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\BestKey\\bestkey.exe","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"3.12.6.7","fileVersion":"3.12.6.7","hashMD5":"8b4e8e7dd4694c1d2967bb1f3deed796","hashSHA1":"5d59565b81414deba63b42fcb2d5a1f768b7f01d","hashSHA256":"31a58ba39e00efd7e736cdfa2dc4b30d384b02a45b9896d3d1162eceb0c60dcd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"755","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"","fileVersion":"3.12.6.7","hashMD5":"9e35508ad615ea6986129b8e1b087cf5","hashSHA1":"9ec3d86fa82794bf5716bcf54d4872b6e6b8e50d","hashSHA256":"0cf1f23d74f881724b0cc2e5bdbb5ec6aaa583456f870e91f2b02bf32f38dbd5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"755","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Dr.Web Security Space (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/compare-best-keyloggers-for-windows-8.php","landingPage":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","directDownloadingLink":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","sourceIndex":"755"}],"sampleFiles":["240122/BestKey-211228/3.12.6.7/Samples/BKPackage.exe"],"imageFiles":["240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_3.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_4.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_5.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_6.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_7.png","240122/BestKey-211228/3.12.6.7/Images/ACR-084/ACR-084_Software_8.png","240122/BestKey-211228/3.12.6.7/Images/ACR-086/ACR-086_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-086/ACR-086_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-086/ACR-086_Software_3.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_3.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_4.png","240122/BestKey-211228/3.12.6.7/Images/ACR-048/ACR-048_Software_5.png","240122/BestKey-211228/3.12.6.7/Images/ACR-007/ACR-007_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-007/ACR-007_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-007/ACR-007_Software_3.png","240122/BestKey-211228/3.12.6.7/Images/ACR-007/ACR-007_Software_4.png","240122/BestKey-211228/3.12.6.7/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["240122/BestKey-211228/3.12.6.7/Images/ACR-040/ACR-040_Install_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-065/ACR-065_Install_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-092/ACR-092_Software_1.png","240122/BestKey-211228/3.12.6.7/Images/ACR-092/ACR-092_Software_2.png","240122/BestKey-211228/3.12.6.7/Images/ACR-065/ACR-065_Software_1.png"],"guid":"037ddee1-c71d-49ab-a54d-53d6af3e48b8_3.12.6.7_1","appID":"BestKey-211228","dateAdded":"240122","deceptorType":"App","name":"BestKey","company":"HeavenWard","version":"3.12.6.7","lastKnownStatus":"3.12.3.1;3.12.5.0;3.12.6.6;3.12.6.7","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:30.4377312+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":770},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app. \n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey and password to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer. \n2. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, control panel, and is saved in a hidden folder. The app uses a hotkey and password to hide its presence. \n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app's install wizard does not contain a link to its Privacy Policy. \nThe app does not provide links to the app's EULA & Privacy Policy.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\BestKey\\bestkey.exe","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"3.12.5.0","fileVersion":"3.12.5.0","hashMD5":"128260df5203f8aa2fa185a68e01543d","hashSHA1":"6362ab8331ba65bc35a7e59c3f9fbcbb796e1ef5","hashSHA256":"ea3befe264d4c06eb35a92f5b196878bda746baf951c06e69ac1198625824911","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1690","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"","fileVersion":"3.12.5.0","hashMD5":"bc6f302b9a9581c6607f5394c7772f8c","hashSHA1":"8317a19a12aafd16d6c00acc1faa86cc7597635f","hashSHA256":"185bc52bb215e7b1c3ace4f9be742f5dbec46f5eb974250f2a929d365c2b3d04","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1690","avBlockList":["360 Total Security (20220317)","Avast Premium Security (20220317)","AVG Internet Security (20220317)","Avira Internet Security (20220317)","Bitdefender Internet Security (20220317)","COMODO Antivirus (20220317)","ESET Internet Security (20220317)","G DATA INTERNET SECURITY (20220317)","K7 Total Security (20220317)","Kaspersky Internet Security (20220317)","Malwarebytes Premium (20220317)","McAfee Total Protection (20220317)","Norton Security (20220317)","Panda Dome (20220317)","Quick Heal Internet Security (20220317)","Sophos Home Premium (20220317)","SpyHunter5 (20220317)","Tencent PC Manager (20220317)","Total AV Antivirus Pro (20220317)","Trend Micro Internet Security (20220317)","VIPRE Advanced Security (20220317)","VirIT eXplorer PRO (20220317)","Webroot SecureAnywhere (20220317)","Windows Defender (20220317)"],"avAllowList":["Dr.Web Security Space (20220317)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger","reference":"","landingPage":"https://www.hwsuite.com/bestkeylogger-the-powerful-little-keylogger-for-windows-8.php","directDownloadingLink":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","sourceIndex":"1690"}],"sampleFiles":["220307/BestKey-211228/3.12.5.0/Samples/BKPackage.exe"],"imageFiles":["220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_2.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_3.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_4.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-084/ACR-084_Software_5.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-086/ACR-086_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-086/ACR-086_Software_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-086/ACR-086_Software_2.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-086/ACR-086_Software_3.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control_3.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-048/ACR-048_Software_No_Control_4.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-007/ACR-086_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-007/ACR-086_Software_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-007/ACR-086_Software_2.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-007/ACR-086_Software_3.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":["220307/BestKey-211228/3.12.5.0/Images/ACR-040/ACR-040_Install.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-065/ACR-065_Install.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-092/ACR-092_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-092/ACR-092_Software_1.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-065/ACR-065_Software.JPG","220307/BestKey-211228/3.12.5.0/Images/ACR-167/ACR-167_Docs.jpg","220307/BestKey-211228/3.12.5.0/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.jpg"],"guid":"037ddee1-c71d-49ab-a54d-53d6af3e48b8_3.12.5.0_1","appID":"BestKey-211228","dateAdded":"240122","deceptorType":"App","name":"BestKey","company":"HeavenWard","version":"3.12.5.0","lastKnownStatus":"3.12.3.1;3.12.5.0;3.12.6.6;3.12.6.7","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-01-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":772},{"violations":{"ACR-048":"The app is not able to be deleted from the Control Panel\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey and password to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey and password to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"bestkey.exe","companyName":"HeavenWard","fileVersion":"3.12","hashMD5":"d55ee208c25553b3833268a2af023932","hashSHA1":"54aa8026616c9171b35b5b90f0f6a7cb2166fe10","hashSHA256":"0800f32e4356b5a8c6eb0e439f95208b88e104926fe877d8fee8260742c12245","sourceIndex":"1744","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BKPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"3.12","hashMD5":"259c1249f7a6013a7fc9156ef4b66cb4","hashSHA1":"3fbe8eb12803189d28fa100c7296355d91d18a63","hashSHA256":"c8d1aa3775d7fb7f980d6a5989b692f067cc3781af8842a7f0eab0c5298c09fc","sourceIndex":"1744","avBlockList":["360 Total Security (20220113)","Avast Premium Security (20220113)","AVG Internet Security (20220113)","Avira Internet Security (20220113)","Bitdefender Internet Security (20220113)","ESET Internet Security (20220113)","G DATA INTERNET SECURITY (20220113)","K7 Total Security (20220113)","Kaspersky Internet Security (20220113)","Malwarebytes Premium (20220113)","McAfee Total Protection (20220113)","Norton Security (20220113)","Panda Dome (20220113)","Quick Heal Internet Security (20220113)","Sophos Home Premium (20220113)","SpyHunter5 (20220113)","Tencent PC Manager (20220113)","Total AV Antivirus Pro (20220113)","Trend Micro Internet Security (20220113)","VIPRE Advanced Security (20220113)","VirIT eXplorer PRO (20220113)","Webroot SecureAnywhere (20220113)","Windows Defender (20220113)"],"avAllowList":["COMODO Antivirus (20220113)","Dr.Web Security Space (20220113)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/compare-best-keyloggers-for-windows-8.php","landingPage":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","directDownloadingLink":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","sourceIndex":"1744"}],"sampleFiles":["211228/BestKey-211228/3.12.3.1/Samples/bestkey.exe","211228/BestKey-211228/3.12.3.1/Samples/BKPackage.exe"],"imageFiles":["211228/BestKey-211228/3.12.3.1/Images/ACR-084/BestKey_Interactions [2].png","211228/BestKey-211228/3.12.3.1/Images/ACR-084/BestKey_Files [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-086/BestKey_Interactions [2].png","211228/BestKey-211228/3.12.3.1/Images/ACR-048/BestKey_ControlPanel [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-007/BestKey_RunningProcess [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-007/BestKey_Interactions [2].png","211228/BestKey-211228/3.12.3.1/Images/ACR-007/BestKey_Interactions [4].png","211228/BestKey-211228/3.12.3.1/Images/ACR-116/BestKey_ControlPanel [1].png"],"nonDeceptorImageFiles":["211228/BestKey-211228/3.12.3.1/Images/ACR-040/BestKey_Files [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-092/BestKey_FileProperty [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-092/BestKey_FileProperty [2].png","211228/BestKey-211228/3.12.3.1/Images/ACR-092/BestKey_FileProperty [3].png","211228/BestKey-211228/3.12.3.1/Images/ACR-167/BestKey_LandingPage [1].png","211228/BestKey-211228/3.12.3.1/Images/ACR-099/BestKey_LandingPage [1].png"],"guid":"037ddee1-c71d-49ab-a54d-53d6af3e48b8_3.12.3.1_1","appID":"BestKey-211228","dateAdded":"240122","deceptorType":"App","name":"BestKey","company":"HeavenWard","version":"3.12.3.1","sigName":"Deceptor:Win32/BestKey!084086048007116","lastKnownStatus":"3.12.3.1;3.12.5.0;3.12.6.6;3.12.6.7","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-01-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":773},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a digital signature for any executable\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"lector-de-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"b1fa02b3e52ce37f23d3a5d1ee738c70","hashSHA1":"0ec567c5eaf92d81c4e43472eb0a0d23e9e0d962","hashSHA256":"c47d86c2a94eeb58257c585cac8f5bfdc4a190b9646d66ee6faf04e6d88cd272","sourceIndex":"756","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":[]},{"isRevoked":"False","fileName":"unir-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"d7bc7986785d5d2194506f615bbb2a72","hashSHA1":"ef16458e299030a8e4aa2a8b5833ab515bc7adcf","hashSHA256":"c84dafb3613ef44917484f341ba9143f2bbb0b4e622c8137bc24295dbc7e9082","sourceIndex":"756","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["Dr.Web Security Space (20240509)"]},{"isRevoked":"False","fileName":"convertir-pdf-a-texto.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"e5916d4ca9dfa0ea93683079bf75f6da","hashSHA1":"d7595893a55cadd81dc0921468b066c13121b2f8","hashSHA256":"b3d8d9852ecbbf0830ed87b87e25671fc4b1f40fb281104bfb0c6d1b6b38e767","sourceIndex":"756","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","Malwarebytes Premium (20240509)","Trend Micro Internet Security (20240509)"]},{"isRevoked":"False","fileName":"convertidor-de-pdf-a-word.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"9f1f28d9f6c92fbee4fe56360e12808c","hashSHA1":"ca5377fd76a419f59c6cdad5755a3ccdd1089662","hashSHA256":"a59c2c5cf27b103278fddcb87316e321eaa067af8174a511d7ef63651b1cefca","sourceIndex":"756","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["Dr.Web Security Space (20240509)","Malwarebytes Premium (20240509)"]},{"isRevoked":"False","fileName":"convertidor-de-word-a-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"d166b24849a5737e65c610ad4c67af91","hashSHA1":"03db86faf031c185f12364a5a462d6ed6cd59942","hashSHA256":"dbad3a47b43bf691aeda9f5c15adf758f7c1cb0831956b1c06ecb256503be70d","sourceIndex":"756","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":[]},{"isRevoked":"False","fileName":"convertir-imagen-a-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"1aa35a8e5adfcb46d72090cb3f030b95","hashSHA1":"a62701648d670e2efbd7d1da7afd9a1b25e6d2b7","hashSHA256":"7e6a7a5e48eb3660e4d4cc520510dd7bb3daad0320b88945bed8bf293d503e31","sourceIndex":"756","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":["Malwarebytes Premium (20240516)"]},{"isRevoked":"False","fileName":"convertidor-de-pdf_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"5f26b91c76299babcc61ff665b6fc6ff","hashSHA1":"98a357116bf9d281a8f2669e4150bb083d2e55f3","hashSHA256":"c186e3779827ab80cf33a38e57ac14f3979ca238a19b3d104ce93d5b2efae595","sourceIndex":"756","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":["Bitdefender Internet Security (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)"]},{"isRevoked":"False","fileName":"convertidor-de-pdf-a-word_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"01956b664f16d75682646e1490e2f4ab","hashSHA1":"6be515e63f5439731af960e41490419ec6e9308f","hashSHA256":"07568a7702f0c8af6e5ce1012a2a251154f459259ab53f4ebcb40f40f7e896ce","sourceIndex":"756","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Trend Micro Internet Security (20240521)"]},{"isRevoked":"False","fileName":"convertidor-de-word-a-pdf_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"4253f324f46b4a231a9e14ea548216b1","hashSHA1":"7a363318f9fb6c74907391fb4edf78a174ba7eed","hashSHA256":"965c4641aab3234c6d712bc84e119519d93d5926c67beb66cf631687fb6ce093","sourceIndex":"756","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Trend Micro Internet Security (20240521)"]},{"isRevoked":"False","fileName":"convertir-imagen-a-pdf_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"9106f2d169828d69583d94589c682b7f","hashSHA1":"01e23c6c2800e857d1c08b93776cc8eee5c994a7","hashSHA256":"af3e8455c7d64618469bc354b78669b0cfa7c0a69c409d3f2c41b5b82e8e3ef4","sourceIndex":"756","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["K7 Total Security (20240521)","Quick Heal Internet Security (20240521)","Trend Micro Internet Security (20240521)"]},{"isRevoked":"False","fileName":"convertir-pdf-a-jpg_1.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","fileVersion":"0.0","hashMD5":"7e39ec3a9bdaca284155f7a3b490b74a","hashSHA1":"40109075458fa369ad3b06f6f7b9caeac303aa85","hashSHA256":"5373b3c26a0c2479985731155edaf93b2bf69bf91daf4d33500e55bcf1cc03d3","sourceIndex":"756","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Malwarebytes Premium (20240521)","Quick Heal Internet Security (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.convertidor-de-pdf.com/downloads.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertir-imagen-a-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertir-imagen-a-pdf.exe","sourceIndex":"756"}],"sampleFiles":["240122/convertidordepdfcomBundle-231016/3.35/Samples/lector-de-pdf.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/unir-pdf.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertir-pdf-a-texto.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-pdf-a-word.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-word-a-pdf.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertir-imagen-a-pdf.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-pdf_1.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-pdf-a-word_1.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertidor-de-word-a-pdf_1.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertir-imagen-a-pdf_1.exe","240122/convertidordepdfcomBundle-231016/3.35/Samples/convertir-pdf-a-jpg_1.exe"],"imageFiles":["240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-109/ACR-109_Install_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-010/ACR-010_Install_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-013/ACR-013_Install_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-106/ACR-106_Software_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-092/ACR-092_Software_1.png","240122/convertidordepdfcomBundle-231016/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"fc6c4e78-ca40-43b3-a3a6-d0c13e04afb7_3.35_1","appID":"convertidordepdfcomBundle-231016","dateAdded":"240122","deceptorType":"Bundler","name":"convertidor-de-pdf.com Bundle","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-01-22T17:34:20.9382025+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":769},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app and does not list its own app to uninstall in programs and features\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey and password to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer. \n2. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray, control panel, and is saved in a hidden folder. The app uses a hotkey and password to hide its presence\n3. The app creates a startup to perform an action without the user's knowledge and consent\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-065":"The app's install wizard does not contain a link to its Privacy Policy. \nThe app does not provide links to the app's EULA & Privacy Policy.\n","ACR-092":"The installer and other executables are not digitally signed\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\BestKey\\bestkey.exe","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"3.12.6.6","fileVersion":"3.12.6.6","hashMD5":"2bcc08adb8b28b83f9d38c4e813fe6fa","hashSHA1":"c27daad45fa2e0e8ab9a0f0f1fe8e8529b99a06c","hashSHA256":"90d9461cb4d3f48eaa3c6ccec2eba1253b9065e2f243f050b812a0cf772aa904","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"815","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BKPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"Best Keylogger for Parents","productVersion":"","fileVersion":"3.12.6.6","hashMD5":"9f922df009aa09e40c3c9023e907bdc3","hashSHA1":"264f6725c9ea4e36fe9400f8032b76dc95968d26","hashSHA256":"a3db00a1f564c044d016f22b2458afd82a2a3d199c17ba6c5c6057f89eb9584d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"815","avBlockList":["360 Total Security (20240206)","Avast Premium Security (20240206)","AVG Internet Security (20240206)","Avira Internet Security (20240206)","Bitdefender Internet Security (20240206)","COMODO Antivirus (20240206)","ESET Internet Security (20240206)","G DATA INTERNET SECURITY (20240206)","K7 Total Security (20240206)","Kaspersky Internet Security (20240206)","Malwarebytes Premium (20240206)","McAfee Total Protection (20240206)","Norton Security (20240206)","Panda Dome (20240206)","Quick Heal Internet Security (20240206)","Sophos Home Premium (20240206)","SpyHunter5 (20240206)","Total AV Antivirus Pro (20240206)","VIPRE Advanced Security (20240206)","VirIT eXplorer PRO (20240206)","Webroot SecureAnywhere (20240206)","Windows Defender (20240206)"],"avAllowList":["Dr.Web Security Space (20240206)","Trend Micro Internet Security (20240206)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hwsuite.com/compare-best-keyloggers-for-windows-8.php","landingPage":"https://www.hwsuite.com/download-the-powerful-little-keylogger-for-windows-8.php","directDownloadingLink":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite-2021.online/BKPackage.exe?token=1640612926_d309eb4f01b9574997cf37aa03da3f2a83278fbe&fileName=BKPackage.exe ","sourceIndex":"815"}],"sampleFiles":["231109/BestKey-211228/3.12.6.6/Samples/BKPackage.exe"],"imageFiles":["231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_3.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_4.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_5.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_6.png","231109/BestKey-211228/3.12.6.6/Images/ACR-084/ACR-084_Software_7.png","231109/BestKey-211228/3.12.6.6/Images/ACR-086/ACR-086_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-086/ACR-086_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-086/ACR-086_Software_3.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_3.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_4.png","231109/BestKey-211228/3.12.6.6/Images/ACR-048/ACR-048_Software_5.png","231109/BestKey-211228/3.12.6.6/Images/ACR-007/ACR-007_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-007/ACR-007_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-007/ACR-007_Software_3.png","231109/BestKey-211228/3.12.6.6/Images/ACR-007/ACR-007_Software_4.png","231109/BestKey-211228/3.12.6.6/Images/ACR-116/ACR-116_Uninstall_1.png"],"nonDeceptorImageFiles":["231109/BestKey-211228/3.12.6.6/Images/ACR-040/ACR-040_Install_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-065/ACR-065_Install_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-092/ACR-092_Software_1.png","231109/BestKey-211228/3.12.6.6/Images/ACR-092/ACR-092_Software_2.png","231109/BestKey-211228/3.12.6.6/Images/ACR-065/ACR-065_Software_1.png"],"guid":"037ddee1-c71d-49ab-a54d-53d6af3e48b8_3.12.6.6_1","appID":"BestKey-211228","dateAdded":"240122","deceptorType":"App","name":"BestKey","company":"HeavenWard","version":"3.12.6.6","lastKnownStatus":"3.12.3.1;3.12.5.0;3.12.6.6;3.12.6.7","lastKnownDate":"240122","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:31.9860208+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":771},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scan to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not contain links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy\nThe app's install page does not contain links to the EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's landing page does not contain link to  Returns and Cancellation Policy.\n","ACR-099":"The app's about page does not contain link to uninstall information.\nThe landing page does not contain link to uninstall information.\nThe internal offers page does not contain link to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"eee3f91c07556011241c3eb70287ec73","hashSHA1":"b98c94f25d653414e4a01f1123ff627c3221b156","hashSHA256":"fe5f217c45c15aa2c59b270e545201b92181b294d519f3ba14522fbc675f4d97","sourceIndex":"758","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c5690007c6aacae502f9048e310ba242","hashSHA1":"6d1f2039c0c4f5ef90fc474477ed3837b424e6df","hashSHA256":"b265cfca98a03fe196b63733ad4331f396365839ee8f0a451e6b273f21af188b","sourceIndex":"758","avBlockList":["Avast Security for Mac (20241010)","Avira Security for Mac (20241010)","Bitdefender Antivirus for Mac (20241010)","ESET Cyber Security Pro for Mac (20241010)","Norton Security for Mac (20241010)","Sophos Home Premium For Mac (20241010)","SpyHunterforMac (20241010)","Trend Micro Antivirus for Mac (20241010)"],"avAllowList":["G DATA AntiVirus for Mac (20241010)","K7 Antivirus for Mac (20241010)","Kaspersky Internet Security for Mac (20241010)","McAfee Internet Security for Mac (20241010)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/go/download.php?product=mc&link=installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imobie.com/go/download.php?product=mc&link=installer","sourceIndex":"758"}],"sampleFiles":["240111/MacClean-190501/3.6.2/Samples/MacClean","240111/MacClean-190501/3.6.2/Samples/macclean-en-mac.dmg"],"imageFiles":["240111/MacClean-190501/3.6.2/Images/ACR-004/004_1.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_2.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_3.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_4.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_5.png","240111/MacClean-190501/3.6.2/Images/ACR-004/004_6.png","240111/MacClean-190501/3.6.2/Images/ACR-004/ACR-004_Software_1.png"],"nonDeceptorImageFiles":["240111/MacClean-190501/3.6.2/Images/ACR-065/about .png","240111/MacClean-190501/3.6.2/Images/ACR-065/install.png","240111/MacClean-190501/3.6.2/Images/ACR-065/LandingPage 2.png","240111/MacClean-190501/3.6.2/Images/ACR-065/LandingPage 1.png","240111/MacClean-190501/3.6.2/Images/ACR-099/about .png","240111/MacClean-190501/3.6.2/Images/ACR-099/LandingPage 2.png","240111/MacClean-190501/3.6.2/Images/ACR-099/LandingPage 1.png","240111/MacClean-190501/3.6.2/Images/ACR-099/offer 4.png","240111/MacClean-190501/3.6.2/Images/ACR-099/offerpage.png"],"guid":"61010b83-0016-4e94-80ce-880e15f464a4_3.6.2_1","appID":"MacClean-190501","dateAdded":"240111","deceptorType":"MacOS App","name":"MacClean","company":"iMobile Inc.","version":"3.6.2","lastKnownStatus":"Deceptor:3.4.1, 3.5.0,3.6.0;3.6.2","lastKnownDate":"240111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:30.5747374+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":774},{"violations":{"ACR-004":"The app does not provide free fixes for free scan results where the fix is not permanent and asks for subscription payment. The subscription service offered is hard to verify by consumer. \n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not contain links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy\nThe app's install page does not contain links to the EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's landing page does not contain links to the EULA, and Returns and Cancellation Policy.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4dc65f7e0b4133ec257a613ff648922b","hashSHA1":"ed0ed49badadc73dadad7a9a7bf89ac0ccdbfc24","hashSHA256":"34ac5e7334da3494b9fcfcd2e13cf9dd247024c716b080db64f37a897252a28a","sourceIndex":"1400","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"c31d9f0db506ca489db1426a4263b8f1","hashSHA1":"8e1cde4cf27756c24ebc73725e69db9e1da25aab","hashSHA256":"342112118af10f84ab8b4c97e11a362ec397908557a7d1f4beaa42129216cc3c","sourceIndex":"1400","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac [2].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"1d38982f342791150559287ecc4e43df","hashSHA1":"daa2e4bb89f683ace20b6a7519cc9d9c429f8bfa","hashSHA256":"ba88055972a8c01bf31aa9748b34ebc8ea54b90775ae29103c2455dbb320fcc6","sourceIndex":"1400","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","K7 Antivirus for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["Kaspersky Internet Security for Mac (20210511)","McAfee Internet Security for Mac (20210511)"]},{"isRevoked":"False","fileName":"MacClean [2]","fileVersion":"0.","hashMD5":"839e62e5ec9b187ea89d96b1861c71b2","hashSHA1":"c76d80b08f4636695b8ba9c18915b5c8f2579dce","hashSHA256":"e7f06c167d7f01165f2132e3dfdcf5a72be0ea5fef1e2d7c0c83850273ce0098","sourceIndex":"1400","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/go/download.php?product=mc&link=installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imobie.com/go/download.php?product=mc&link=installer","sourceIndex":"1400"}],"sampleFiles":["220927/MacClean-190501/3.6.0/Samples/macclean-en-mac.dmg","220927/MacClean-190501/3.6.0/Samples/MacClean","220927/MacClean-190501/3.6.0/Samples/macclean-en-mac [2].dmg","220927/MacClean-190501/3.6.0/Samples/MacClean [2]"],"imageFiles":["220927/MacClean-190501/3.6.0/Images/ACR-004/MacClean ACR-004.gif"],"nonDeceptorImageFiles":["220927/MacClean-190501/3.6.0/Images/ACR-065/MacClean About Page.png","220927/MacClean-190501/3.6.0/Images/ACR-065/Screen Shot 2020-01-29 at 4.20.53 PM.png","220927/MacClean-190501/3.6.0/Images/ACR-065/Screen Shot 2020-01-29 at 4.28.47 PM.png","220927/MacClean-190501/3.6.0/Images/ACR-099/MacClean About Page.png","220927/MacClean-190501/3.6.0/Images/ACR-099/Screen Shot 2020-01-29 at 4.28.47 PM.png","220927/MacClean-190501/3.6.0/Images/ACR-099/Screen Shot 2020-01-29 at 4.31.23 PM.png"],"guid":"61010b83-0016-4e94-80ce-880e15f464a4_3.6.0_1","appID":"MacClean-190501","dateAdded":"240111","deceptorType":"MacOS App","name":"MacClean","company":"iMobile Inc.","version":"3.6.0","sigName":"Deceptor:MacOS/MacClean!004","lastKnownStatus":"Deceptor:3.4.1, 3.5.0,3.6.0;3.6.2","lastKnownDate":"240111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":775},{"violations":{"ACR-004":"App does not provide free fixes for all free scan results that the fix is not permanent and asks for subscription payment. The subscription service offered is hard to verify by consumer. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not show links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy\nInstall does not have links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nLanding Page does not have links to the Returns and Cancellation Policy and EULA\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"864c8b7dd74e2eb7619bfb98b6bdb63d","hashSHA1":"bfc5cf49edc2b766c8e22109560097ef1a1b48c5","hashSHA256":"a00232c5390448821d8ee45c16e493976d2009430f72c798bfcbf9e12db3e07d","sourceIndex":"2897","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacClean Installer","isInstaller":"True","fileVersion":"0.","hashMD5":"8fd3d7adc320f3f2f558a1bbd3058a6c","hashSHA1":"1f609526ab4ea6956bdaf6516b0f78932548b1cb","hashSHA256":"7d2e28a8aa919c2f2147740e17caedc94e7c0366faa8b5addffb98c9ea1b947d","sourceIndex":"2897","avBlockList":["Avast Security for Mac (20230214)","Avira Security for Mac (20230214)","Bitdefender Antivirus for Mac (20230214)","ESET Cyber Security Pro for Mac (20230214)","G DATA AntiVirus for Mac (20230214)","K7 Antivirus for Mac (20230214)","McAfee Internet Security for Mac (20230214)","Norton Security for Mac (20230214)","Sophos Home Premium For Mac (20230214)","Trend Micro Antivirus for Mac (20230214)"],"avAllowList":["Kaspersky Internet Security for Mac (20230214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/go/download.php?product=mc&link=installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imobie.com/go/download.php?product=mc&link=installer","sourceIndex":"2897"}],"sampleFiles":["190813/MacClean-190501/3.5.0/Samples/MacClean","190813/MacClean-190501/3.5.0/Samples/MacClean Installer"],"imageFiles":["190813/MacClean-190501/3.5.0/Images/ACR-004/MacClean 3 Video (1).gif"],"nonDeceptorImageFiles":["190813/MacClean-190501/3.5.0/Images/ACR-065/Screen Shot 2019-08-09 at 1.07.24 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-065/Screen Shot 2019-08-09 at 1.06.08 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-065/Screen Shot 2019-08-09 at 1.08.29 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-099/Screen Shot 2019-08-09 at 1.07.24 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-099/Screen Shot 2019-08-09 at 1.08.29 PM.png","190813/MacClean-190501/3.5.0/Images/ACR-099/Screen Shot 2019-08-09 at 1.15.21 PM.png"],"guid":"61010b83-0016-4e94-80ce-880e15f464a4_3.5.0_1","appID":"MacClean-190501","dateAdded":"240111","deceptorType":"MacOS App","name":"MacClean","company":"iMobile Inc.","version":"3.5.0","sigName":"Deceptor:MacOS/MacClean!004","lastKnownStatus":"Deceptor:3.4.1, 3.5.0,3.6.0;3.6.2","lastKnownDate":"240111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":776},{"violations":{"ACR-004":"The app does not provide free fixes for free scans.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nInstall does not have links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nLanding Page does not have links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not show links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacClean","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"50dcd1e4c8e1567260c22465e7a8c9b7ed2d86f6f997ffd9cafa0a5f230ffa61","sourceIndex":"3082","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macclean-en-mac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9c35eb5ce75aafc25ee1ff940b887ef866474a71fde0829eb004328ed13380b6","sourceIndex":"3082","avBlockList":["Avast Security for Mac (20230112)","Avira Security for Mac (20230112)","Bitdefender Antivirus for Mac (20230112)","ESET Cyber Security Pro for Mac (20230112)","G DATA AntiVirus for Mac (20230112)","K7 Antivirus for Mac (20230112)","Kaspersky Internet Security for Mac (20230112)","McAfee Internet Security for Mac (20230112)","Norton Security for Mac (20230112)","Sophos Home Premium For Mac (20230112)","Trend Micro Antivirus for Mac (20230112)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://www.imobie.com/macclean/","directDownloadingLink":"https://www.imobie.com/go/download.php?product=mc&link=installer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"3082"}],"sampleFiles":["190501/MacClean-190501/3.4.1/Samples/MacClean","190501/MacClean-190501/3.4.1/Samples/macclean-en-mac.dmg"],"imageFiles":["190501/MacClean-190501/3.4.1/Images/ACR-004/MacClean Activation.png","190501/MacClean-190501/3.4.1/Images/ACR-004/MacClean Scan Results.png","190501/MacClean-190501/3.4.1/Images/ACR-004/MacClean Internal Offers.png","190501/MacClean-190501/3.4.1/Images/ACR-004/MacClean ACR-004.gif"],"nonDeceptorImageFiles":["190501/MacClean-190501/3.4.1/Images/ACR-065/MacClean About Page.png","190501/MacClean-190501/3.4.1/Images/ACR-065/MacClean Install 1.png","190501/MacClean-190501/3.4.1/Images/ACR-065/MacClean Install 2.png","190501/MacClean-190501/3.4.1/Images/ACR-065/MacClean Bottom of Landing Page.png","190501/MacClean-190501/3.4.1/Images/ACR-099/MacClean About Page.png","190501/MacClean-190501/3.4.1/Images/ACR-099/MacClean Bottom of Landing Page.png","190501/MacClean-190501/3.4.1/Images/ACR-099/MacClean Internal Offers.png"],"guid":"61010b83-0016-4e94-80ce-880e15f464a4_3.4.1_1","appID":"MacClean-190501","dateAdded":"240111","deceptorType":"MacOS App","name":"MacClean","company":"iMobile Inc.","version":"3.4.1","sigName":"Deceptor:MacOS/MacClean!004","lastKnownStatus":"Deceptor:3.4.1, 3.5.0,3.6.0;3.6.2","lastKnownDate":"240111","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":777},{"violations":{"ACR-006":"Search queries result in redirects to undisclosed search engine fonline-search.com before landing to Bing --a functionality associated with browser-hijacking software. Also the monetization approach by search using Bing is not clearly attributed in the software. \n","ACR-084":"The app does not provide a way to completely quit the app.  It continuously run in the background without notification.\n","ACR-103":"While trying to do profile sign-in, the button \"Sign in\" has no action. No function is performed on clicking the \"Sign in\" button. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"artificius.exe","companyName":"Dragon Boss Solutions LLC","fileVersion":"113.0","hashMD5":"4402386ff098dede3570eca38bcdb1ab","hashSHA1":"34ecb2299584fec16337cd4c80d05ffe1454731d","hashSHA256":"7da677e643d8a8ddf87fcd626eb7c703cde205f7762989e31ecf95009d9b371a","sourceIndex":"759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup_x64.exe","isInstaller":"True","companyName":"Dragon Boss Solutions LLC                                   ","fileVersion":"0.0","hashMD5":"2380e3348de1795786c5fedb77922f5f","hashSHA1":"4a6c5a07ffcd0819788a8e2a2d36595e86dcf00c","hashSHA256":"890015ce517b09e1323a869a54eb22f0c07ba79369955d5648b4603952e8414a","digitalCertThumbprint":"657B6E3D8A50E6A9618231230664F9FF3300C6F4","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admin@dragonboss.com, CN=Dragon Boss Solutions LLC, O=Dragon Boss Solutions LLC, L=Sharjah, S=Sharjah, C=AE","sourceIndex":"759","avBlockList":["360 Total Security (20240521)","Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","COMODO Antivirus (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["Dr.Web Security Space (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"random search","reference":"","landingPage":"https://www.artificius.com/","directDownloadingLink":"https://www.artificius.com/download/public/Setup_x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.artificius.com/download/public/Setup_x64.exe","sourceIndex":"759"}],"sampleFiles":["240110/Artificius-240110/113.0.5616.0/Samples/artificius.exe","240110/Artificius-240110/113.0.5616.0/Samples/Setup_x64.exe"],"imageFiles":["240110/Artificius-240110/113.0.5616.0/Images/ACR-084/ACR-084_Software_1.png","240110/Artificius-240110/113.0.5616.0/Images/ACR-103/ACR-103_Software_1.png","240110/Artificius-240110/113.0.5616.0/Images/ACR-006/bing_redirection.gif","240110/Artificius-240110/113.0.5616.0/Images/ACR-006/ACR-006_Software_1.png","240110/Artificius-240110/113.0.5616.0/Images/ACR-006/ACR-006_Software_2.png","240110/Artificius-240110/113.0.5616.0/Images/ACR-006/RedirectTraffic.JPG"],"nonDeceptorImageFiles":[],"guid":"5c0faaba-a6e4-4356-9917-1a1d9885f1ef_113.0.5616.0_1","appID":"Artificius-240110","dateAdded":"240110","deceptorType":"App","name":"Artificius","company":"Dragon Boss Solutions LLC","version":"113.0.5616.0","lastKnownStatus":"113.0.5616.0","lastKnownDate":"240110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2024-01-10T21:39:11.6389363+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":778},{"violations":{"ACR-109":"The app drops Yandex components under a hidden folder without user agreeing to install.\n","ACR-042":"Unrelated Yandex components get dropped in a hidden folder before user permission through explicit user's action.\n","ACR-048":"The app does not provide clear control to decline the recommended offer.\nThe close(X) performs minimizing the app to system tray without any notification, which limits the targeted consumer's ability to control the app. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SkrinshoterSetup_v3.11.4.29.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a994b13958168bac706ad9256b54949c","hashSHA1":"70a4433d16fb203b97c346c39b3ad24e4ac9776e","hashSHA256":"fbea216bf0bc1bd1af5cdb657f020eb42ffca3eccb9b934fc8ed0a84dcb98ff3","digitalCertThumbprint":"A86FAFC2245A773E5AAE108D1849203FB5669226","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=info@dinohost.ru, CN=OOO Online Center, O=OOO Online Center, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"772","avBlockList":["Avast Premium Security (20240521)","AVG Internet Security (20240521)","Avira Internet Security (20240521)","Bitdefender Internet Security (20240521)","ESET Internet Security (20240521)","G DATA INTERNET SECURITY (20240521)","K7 Total Security (20240521)","Kaspersky Internet Security (20240521)","Malwarebytes Premium (20240521)","McAfee Total Protection (20240521)","Norton Security (20240521)","Panda Dome (20240521)","Quick Heal Internet Security (20240521)","Sophos Home Premium (20240521)","SpyHunter5 (20240521)","Total AV Antivirus Pro (20240521)","Trend Micro Internet Security (20240521)","VIPRE Advanced Security (20240521)","VirIT eXplorer PRO (20240521)","Webroot SecureAnywhere (20240521)","Windows Defender (20240521)"],"avAllowList":["360 Total Security (20240521)","COMODO Antivirus (20240521)","Dr.Web Security Space (20240521)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://skrinshoter.ru/","directDownloadingLink":"https://cdn.skrinshoter.ru/SkrinshoterSetup_v3.11.4.29.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.skrinshoter.ru/SkrinshoterSetup_v3.11.4.29.exe","sourceIndex":"772"}],"sampleFiles":["240104/Skrinshoter-240104/3.11.4.29/Samples/SkrinshoterSetup_v3.11.4.29.exe"],"imageFiles":["240104/Skrinshoter-240104/3.11.4.29/Images/ACR-109/ACR-109_Install_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-042/ACR-042_Install_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-048/ACR-048_Install_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-048/ACR-048_Software_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-057/ACR-057_In-bundle offers_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-059/ACR-059_In-bundle offers_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-060/ACR-060_In-bundle offers_1.png","240104/Skrinshoter-240104/3.11.4.29/Images/ACR-155/ACR-155_In-bundle offers_1.png"],"nonDeceptorImageFiles":[],"guid":"06f6a1e8-748f-48b8-bd8e-8a671403f258_3.11.4.29_1","appID":"Skrinshoter-240104","dateAdded":"240104","deceptorType":"App","name":"Skrinshoter","company":"ООО “СААС”","version":"3.11.4.29","lastKnownStatus":"3.11.4.29","lastKnownDate":"240104","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-01-04T17:21:07.1767981+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":779},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its other components on the device without the consumer's consent.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The \"dotSetup License\" links to 'https://cassinilabs.com/privacy-policy' -- misleads user that they are for Carrier app. \n\n"},"nonDeceptorViolations":{"ACR-044":"No explicit attribution for the 3rd party Offer provider is shown at installation. Missing clear information about significant functions that it may show offers during installation.\n"},"samples":[{"isRevoked":"False","fileName":"aTube_Catcher_v0.994.03.051.6.exe","isInstaller":"True","companyName":"","productName":"aTube Installer","productVersion":"1.92.1.8262","fileVersion":"1.92.1.8262","hashMD5":"bf1c147ca45943073d8b02ce2491e787","hashSHA1":"ebeea33ef69b6002504ee42c04d7b2ed44b312ff","hashSHA256":"504ec3e3b3c8d6d294ced5ec1cf840f2b973ab823a47d167800e51cfa635af47","digitalCertThumbprint":"F89566667466023D74567E197BEEB3F464F277D2","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"DS Net Corp S.A. de C.V.","storeId":"","sourceIndex":"775","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","Bitdefender Internet Security (20240523)","COMODO Antivirus (20240523)","Dr.Web Security Space (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)"],"avAllowList":["Windows Defender (20240523)"]},{"isRevoked":"False","fileName":"aTube_Catcher_v1.61.56.91.796.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"5aa25d2d230a23406c4306669ca86bc3","hashSHA1":"a0ac184a517845e2ec50a33a1731dfff3f0c53ae","hashSHA256":"3a86c278e73fef4598a516ef02f2fc77854090b67a7fdd7598001cf36d8fcb5b","digitalCertThumbprint":"A64D7FB1BFEE08484372CED0ABA3A991625ADC14","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=\"DS Net Corp, S.A. de C.V.\", O=\"DS Net Corp, S.A. de C.V.\", L=Benito Juárez, S=México, C=MX","sourceIndex":"775","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","Bitdefender Internet Security (20240523)","COMODO Antivirus (20240523)","Dr.Web Security Space (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)","Windows Defender (20240523)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aTube_Catcher_v2.72.05.57.37.4.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"8fc7ee98b2ac497016c9ba7b603ae994","hashSHA1":"22cf1825d9f7a1d9982bb23f7e6064b98b1b3555","hashSHA256":"91fde646d03ef90e173d95b1bf31baf149b0b4e2e66a5a8c7fe4125429be6c62","digitalCertThumbprint":"A64D7FB1BFEE08484372CED0ABA3A991625ADC14","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=\"DS Net Corp, S.A. de C.V.\", O=\"DS Net Corp, S.A. de C.V.\", L=Benito Juárez, S=México, C=MX","sourceIndex":"775","avBlockList":["360 Total Security (20240523)","Avast Premium Security (20240523)","AVG Internet Security (20240523)","Avira Internet Security (20240523)","Bitdefender Internet Security (20240523)","COMODO Antivirus (20240523)","Dr.Web Security Space (20240523)","ESET Internet Security (20240523)","G DATA INTERNET SECURITY (20240523)","K7 Total Security (20240523)","Kaspersky Internet Security (20240523)","Malwarebytes Premium (20240523)","McAfee Total Protection (20240523)","Norton Security (20240523)","Panda Dome (20240523)","Quick Heal Internet Security (20240523)","Sophos Home Premium (20240523)","SpyHunter5 (20240523)","Total AV Antivirus Pro (20240523)","Trend Micro Internet Security (20240523)","VIPRE Advanced Security (20240523)","VirIT eXplorer PRO (20240523)","Webroot SecureAnywhere (20240523)","Windows Defender (20240523)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aTube_Catcher_v2.83.732.630.9.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"2656328ef60ed7992abf297c7596c436","hashSHA1":"ab167e590c7107e379ea0bdef365dbe4b5f7e667","hashSHA256":"94d17d02361845b4c3b64dfb4ce744feb3b2be1ed5bde663bcbf8d63efb2a1c3","digitalCertThumbprint":"A64D7FB1BFEE08484372CED0ABA3A991625ADC14","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=\"DS Net Corp, S.A. de C.V.\", O=\"DS Net Corp, S.A. de C.V.\", L=Benito Juárez, S=México, C=MX","sourceIndex":"775","avBlockList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","Malwarebytes Premium (20240528)","McAfee Total Protection (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)","Windows Defender (20240528)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aTube_Catcher_v3.09.544.783.3_231205.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"dfbdf8f2b16b36dd13dbcbea5462d2c1","hashSHA1":"a054a53666cb36447d98938dec79d78c1ee5c017","hashSHA256":"abd92b777833d3bee5c8f32d9a82cb753c422cd6afea8609936e2e19900c57a1","digitalCertThumbprint":"A64D7FB1BFEE08484372CED0ABA3A991625ADC14","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=\"DS Net Corp, S.A. de C.V.\", O=\"DS Net Corp, S.A. de C.V.\", L=Benito Juárez, S=México, C=MX","sourceIndex":"775","avBlockList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","Malwarebytes Premium (20240528)","McAfee Total Protection (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)","Windows Defender (20240528)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random Hunt","reference":"","landingPage":"https://www.atube.me/","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/rel/in/v0.650.52.598.4","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/rel/in/v0.650.52.598.4","sourceIndex":"775"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/current/de/v0.91.28.50.427","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/current/de/v0.91.28.50.427","sourceIndex":"776"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/build/de/v5.688.516.37.0","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/build/de/v5.688.516.37.0","sourceIndex":"777"},{"howFound":"","reference":"","landingPage":"https://www.atube.me/","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/rel/ph/v6.86.20.69.30.3","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/rel/ph/v6.86.20.69.30.3","sourceIndex":"778"},{"howFound":"DE site","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/version/de/v9.39.39.620.50","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/version/de/v9.39.39.620.50","sourceIndex":"779"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/version/de/v1.90.47.79.065","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/version/de/v1.90.47.79.065","sourceIndex":"780"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://dv0rnpkbvfpi2.cloudfront.net/v/de/v4.673.558.15.5","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dv0rnpkbvfpi2.cloudfront.net/v/de/v4.673.558.15.5","sourceIndex":"781"}],"sampleFiles":["231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v0.994.03.051.6.exe","231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v1.61.56.91.796.exe","231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v2.72.05.57.37.4.exe","231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v2.83.732.630.9.exe","231211/aTubecatcher-220609/3.08.9991/Samples/aTube_Catcher_v3.09.544.783.3_231205.exe"],"imageFiles":["231211/aTubecatcher-220609/3.08.9991/Images/ACR-039/ACR-039_044.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-042/ACR-042.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-013/OptionalOffer1.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-013/OptionalOffer2.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-118/ACR-118_1.JPG","231211/aTubecatcher-220609/3.08.9991/Images/ACR-118/ACR-118_2.JPG","231211/aTubecatcher-220609/3.08.9991/Images/ACR-075/ACR-075.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-060/OptionalOffer1.jpg","231211/aTubecatcher-220609/3.08.9991/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":["231211/aTubecatcher-220609/3.08.9991/Images/ACR-044/ACR-039_044.jpg"],"guid":"8a0a8596-51d5-408b-8130-106990d19917_3.08.9991_1","appID":"aTubecatcher-220609","dateAdded":"231211","deceptorType":"App","name":"aTube Catcher","company":"DsNET","version":"3.08.9991","lastKnownStatus":"3.08.9991","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-12-12T01:48:28.0095736+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":786},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"04d14442b0cdf659bb6530a00093110d","hashSHA1":"6c70cf8bc14e87d40a604d6fd46ba0c8be5e602c","hashSHA256":"0b26914d4f792daa32c2d854218a50af7bcd49cf6d6e45a723a1849af037d7be","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"923","avBlockList":["Bitdefender Internet Security (20230907)","COMODO Antivirus (20230907)","ESET Internet Security (20230907)","K7 Total Security (20230907)","Malwarebytes Premium (20230907)","McAfee Total Protection (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Quick Heal Internet Security (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","Trend Micro Internet Security (20230907)","VIPRE Advanced Security (20230907)","VirIT eXplorer PRO (20230907)","Webroot SecureAnywhere (20230907)"],"avAllowList":["360 Total Security (20230907)","Avast Premium Security (20230907)","AVG Internet Security (20230907)","Avira Internet Security (20230907)","Dr.Web Security Space (20230907)","G DATA INTERNET SECURITY (20230907)","Kaspersky Internet Security (20230907)","Windows Defender (20230907)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-en.php?from=official_release","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-en.php?from=official_release","sourceIndex":"923"}],"sampleFiles":["230815/MEmuPlay-230321/9.0.3.0/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230815/MEmuPlay-230321/9.0.3.0/Images/ACR-039/ACR-039_044.jpg","230815/MEmuPlay-230321/9.0.3.0/Images/ACR-013/MEmu_OptionalOffers2.png","230815/MEmuPlay-230321/9.0.3.0/Images/ACR-097/ACR-097.jpg","230815/MEmuPlay-230321/9.0.3.0/Images/ACR-060/OptionalOffer1.jpg","230815/MEmuPlay-230321/9.0.3.0/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.3.0_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.3.0","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":782},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"8.0","hashMD5":"581da0f19ef8388a0ba331ce0a617aaf","hashSHA1":"e050d686c3c5972aaf1a4fdec299e764ef9873eb","hashSHA256":"8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1017","avBlockList":["Avira Internet Security (20230914)","Bitdefender Internet Security (20230914)","ESET Internet Security (20230914)","K7 Total Security (20230914)","Malwarebytes Premium (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VIPRE Advanced Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)"],"avAllowList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","G DATA INTERNET SECURITY (20230914)","Kaspersky Internet Security (20230914)","McAfee Total Protection (20230914)","Quick Heal Internet Security (20230914)","Trend Micro Internet Security (20230914)","Windows Defender (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"1017"}],"sampleFiles":["230705/MEmuPlay-230321/9.0.2.0/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230705/MEmuPlay-230321/9.0.2.0/Images/ACR-039/ACR-039_044.jpg","230705/MEmuPlay-230321/9.0.2.0/Images/ACR-013/MEmu_OptionalOffers.png","230705/MEmuPlay-230321/9.0.2.0/Images/ACR-013/MEmu_OptionalOffers2.png","230705/MEmuPlay-230321/9.0.2.0/Images/ACR-097/ACR-097.jpg","230705/MEmuPlay-230321/9.0.2.0/Images/ACR-060/OptionalOffer1.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.2.0_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.2.0","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":783},{"violations":{"ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu.exe","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"6a44cc85f64dc0c6c9f3ec8a74dd9ed6","hashSHA1":"1fe15a3b4179db10e99499f78a21e1f59247e8e8","hashSHA256":"33eaf281e903f394046c8336e9c758d0b4c6c44be023e4b0d256c3c6c8d91a94","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"8.0","hashMD5":"581da0f19ef8388a0ba331ce0a617aaf","hashSHA1":"e050d686c3c5972aaf1a4fdec299e764ef9873eb","hashSHA256":"8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1095","avBlockList":["Avira Internet Security (20230914)","Bitdefender Internet Security (20230914)","ESET Internet Security (20230914)","K7 Total Security (20230914)","Malwarebytes Premium (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VIPRE Advanced Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)"],"avAllowList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","G DATA INTERNET SECURITY (20230914)","Kaspersky Internet Security (20230914)","McAfee Total Protection (20230914)","Quick Heal Internet Security (20230914)","Trend Micro Internet Security (20230914)","Windows Defender (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"1095"}],"sampleFiles":["230519/MEmuPlay-230321/9.0.0.1/Samples/MEmu.exe","230519/MEmuPlay-230321/9.0.0.1/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230519/MEmuPlay-230321/9.0.0.1/Images/ACR-039/ACR-039_044.jpg","230519/MEmuPlay-230321/9.0.0.1/Images/ACR-097/ACR-097.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.0.1_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.0.1","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":784},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://cassinilabs.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"8.0","hashMD5":"581da0f19ef8388a0ba331ce0a617aaf","hashSHA1":"e050d686c3c5972aaf1a4fdec299e764ef9873eb","hashSHA256":"8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1169","avBlockList":["Avira Internet Security (20230914)","Bitdefender Internet Security (20230914)","ESET Internet Security (20230914)","K7 Total Security (20230914)","Malwarebytes Premium (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VIPRE Advanced Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)"],"avAllowList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","G DATA INTERNET SECURITY (20230914)","Kaspersky Internet Security (20230914)","McAfee Total Protection (20230914)","Quick Heal Internet Security (20230914)","Trend Micro Internet Security (20230914)","Windows Defender (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"1169"}],"sampleFiles":["230405/MEmuPlay-230321/8.0.0.0/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230405/MEmuPlay-230321/8.0.0.0/Images/ACR-039/ACR-039_044.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-013/OptionalOffer1.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-013/OptionalOffer2.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-097/ACR-097.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-060/OptionalOffer1.jpg","230405/MEmuPlay-230321/8.0.0.0/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_8.0.0.0_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"8.0.0.0","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":785},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"5d0922683a7a35db5b94d4cab59050c1","hashSHA1":"4eccdfe53579ae536b52b65e5ede9c76b190f2d5","hashSHA256":"67471afe10b681416980009ff81f212a08c609ef66aac6ea07054406483b3e83","digitalCertThumbprint":"75354CD431AEC08522F99AAD0FCBE5D80AF59C77","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"107","avBlockList":["ESET Internet Security (20240130)","K7 Total Security (20240130)","Kaspersky Internet Security (20240130)","Malwarebytes Premium (20240130)","Norton Security (20240130)","Panda Dome (20240130)","Quick Heal Internet Security (20240130)","Sophos Home Premium (20240130)","SpyHunter5 (20240130)","VirIT eXplorer PRO (20240130)","Webroot SecureAnywhere (20240130)"],"avAllowList":["360 Total Security (20240130)","Avast Premium Security (20240130)","AVG Internet Security (20240130)","Avira Internet Security (20240130)","Bitdefender Internet Security (20240130)","COMODO Antivirus (20240130)","Dr.Web Security Space (20240130)","G DATA INTERNET SECURITY (20240130)","McAfee Total Protection (20240130)","Total AV Antivirus Pro (20240130)","Trend Micro Internet Security (20240130)","VIPRE Advanced Security (20240130)","Windows Defender (20240130)"]},{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk-mv_231011.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"f9ce897d93d4f77bca3cca8541a8addb","hashSHA1":"4ac5a68266c842fb997fd755c9d10d1975baa71f","hashSHA256":"89174acde0ea21562e6186847ba7d12aacd9b2b2132f456dd8335680daadd9a9","digitalCertThumbprint":"75354CD431AEC08522F99AAD0FCBE5D80AF59C77","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.2.5.4.15=Private organization, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"107","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"107"}],"sampleFiles":["231211/MEmuPlay-230321/9.0.6.3/Samples/MEmu-setup-abroad-sdk.exe","231211/MEmuPlay-230321/9.0.6.3/Samples/MEmu-setup-abroad-sdk-mv_231011.exe"],"imageFiles":["231211/MEmuPlay-230321/9.0.6.3/Images/ACR-039/rise_privacy.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-013/OptionalOffer1.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-013/OptionalOffer2.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-097/ACR-097.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-060/OptionalOffer1.jpg","231211/MEmuPlay-230321/9.0.6.3/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.6.3_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.6.3","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T20:45:30.5823563+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":780},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n\n","ACR-060":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-097":"During installation, the app suggests the user to disable anti-virus protection in order to prevent detection.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The relationship is not distinctly disclosed and \"Privacy2\" that links to 'https://rise-platforms.com/privacy-policy/' causes confusion and misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MEmu-setup-abroad-sdk.exe","isInstaller":"True","companyName":"Microvirt Software Technology Co. Ltd.","fileVersion":"9.0","hashMD5":"d94a71d474382524f3d73704e940e74d","hashSHA1":"f63c98cf261f2ca5c5d127185a40d9521ba9a62b","hashSHA256":"e5b76164b655f44a48edd10d595b420ed8e551d160582272385ea923dddd3c34","digitalCertThumbprint":"EC0CF2878191870433EC78C6CD8431A5E1B5FA8B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Microvirt Software Technology Co., Ltd.\", O=\"Shanghai Microvirt Software Technology Co., Ltd.\", S=上海市, C=CN, SERIALNUMBER=9131012030160721XG, OID.1.3.6.1.4.1.311.60.2.1.1=奉贤区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"904","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunted through BIBR","reference":"","landingPage":"https://memuplay.com/","directDownloadingLink":"https://www.memuplay.com/download-memu-on-pc.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.memuplay.com/download-memu-on-pc.html","sourceIndex":"904"}],"sampleFiles":["230907/MEmuPlay-230321/9.0.5.1/Samples/MEmu-setup-abroad-sdk.exe"],"imageFiles":["230907/MEmuPlay-230321/9.0.5.1/Images/ACR-039/rise_privacy.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-013/OptionalOffer1.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-013/OptionalOffer2.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-097/ACR-097.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-060/OptionalOffer1.jpg","230907/MEmuPlay-230321/9.0.5.1/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"029d8f2d-d915-40c9-8ee5-ef889663f892_9.0.5.1_1","appID":"MEmuPlay-230321","dateAdded":"231211","deceptorType":"App","name":"MEmu Play","company":"Microvirt Software Technology Co. Ltd.","version":"9.0.5.1","firstVendorContactDate":"260408","firstAppEsteemReplyDate":"260408","firstResolvedDate":"260413","firstResolvedVersion":"9.5.1.0","resolved":"TRUE","lastKnownStatus":"8.0.0.0;9.0.0.1;9.0.2.0;9.0.3.0;9.0.5.1;9.0.6.3","lastKnownDate":"231211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2026-04-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":781},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"DownloadItDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://cassinilabs.com/privacy-policy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"veezie_pr0t9-1.exe-833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa","isInstaller":"True","fileVersion":"4.78","hashMD5":"99a9fbd5fee72ce51585309390a46717","hashSHA1":"ff39c56312090a909c2c0c82629c552a3b252a98","hashSHA256":"833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa","digitalCertThumbprint":"2A144B8B0F3F257E206EA0702CFE73A2F17F47D0","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=INNOVA MEDIA d.o.o., O=INNOVA MEDIA d.o.o., L=Šempeter pri Gorici, S=Goriška, C=SI","sourceIndex":"1171","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted at BIBR","reference":"","landingPage":"https://veezie.download.it/download","directDownloadingLink":"https://d32vwrrnmnd033.cloudfront.net/yFNO63FSs/7.18.57.9/veezie.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://*.download.it/download","directDownloadingLinkWildChar":"https://d32vwrrnmnd033.cloudfront.net/*","sourceIndex":"1171"}],"sampleFiles":["230405/DownloadItBundler-230321/4.78.2.0/Samples/veezie_pr0t9-1.exe-833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa"],"imageFiles":["230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-109/ACR-109.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-039/ACR-039_download_it.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-043/ACR-043_download_it.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-042/ACR-042.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-013/ACR-013_1.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-013/ACR-013_2.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-060/ACR-060_1.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-060/ACR-060_2.png","230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-075/ACR-075.png"],"nonDeceptorImageFiles":["230405/DownloadItBundler-230321/4.78.2.0/Images/ACR-044/ACR-044_download_it.png"],"guid":"cca31ef7-caa4-4bc0-a89c-b1591bfeee6b_4.78.2.0_1","appID":"DownloadItBundler-230321","dateAdded":"231206","deceptorType":"Bundler","name":"DownloadItDownloadManager","company":"download.it","version":"4.78.2.0","lastKnownStatus":"4.78.2.0;6.32.1033","lastKnownDate":"231206","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":788},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"DownloadItDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://cassinilabs.com/privacy-policy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"recuva_Z-EsX71.exe","isInstaller":"True","fileVersion":"6.32","hashMD5":"d31c0667e88d6ace5e0866b65020e8ed","hashSHA1":"ac5e03298f1e2cdce9e592704fedbd43d4038e52","hashSHA256":"16acab9f39ecbc9b51ebd607f7f9f4a954aa4f6b28374079d3b6aa72a9a05fa9","digitalCertThumbprint":"C011031C6E7228944060AC53BBD85486596B7464","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=INNOVA MEDIA d.o.o., O=INNOVA MEDIA d.o.o., L=Sempeter pri Gorici, S=Goriska, C=SI","sourceIndex":"788","avBlockList":["360 Total Security (20240528)","Avira Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Kaspersky Internet Security (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Quick Heal Internet Security (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VirIT eXplorer PRO (20240528)","Webroot SecureAnywhere (20240528)"],"avAllowList":["Avast Premium Security (20240528)","AVG Internet Security (20240528)","Bitdefender Internet Security (20240528)","McAfee Total Protection (20240528)","VIPRE Advanced Security (20240528)","Windows Defender (20240528)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted at BIBR","reference":"","landingPage":"https://veezie.download.it/download","directDownloadingLink":"https://d32vwrrnmnd033.cloudfront.net/yFNO63FSs/7.18.57.9/veezie.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://*.download.it/download","directDownloadingLinkWildChar":"https://d32vwrrnmnd033.cloudfront.net/yFNO63FSs/7.18.57.9/veezie.exe","sourceIndex":"788"},{"howFound":"DE-site","reference":"","landingPage":"","directDownloadingLink":"https://d20sz0wyeqig84.cloudfront.net/5EHC3rKom/2.9.576.482/recuva.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://d20sz0wyeqig84.cloudfront.net/*","sourceIndex":"789"}],"sampleFiles":["231206/DownloadItBundler-230321/6.32.1033/Samples/recuva_Z-EsX71.exe"],"imageFiles":["231206/DownloadItBundler-230321/6.32.1033/Images/ACR-109/ACR-109_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-039/ACR-039_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-043/ACR-043_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-042/ACR-042_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-013/ACR-013_Install_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-013/ACR-013_Install_2.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-060/ACR-060_In-bundle offers_1.png","231206/DownloadItBundler-230321/6.32.1033/Images/ACR-060/ACR-060_In-bundle offers_2.png"],"nonDeceptorImageFiles":["231206/DownloadItBundler-230321/6.32.1033/Images/ACR-044/ACR-044_Install_1.png"],"guid":"cca31ef7-caa4-4bc0-a89c-b1591bfeee6b_6.32.1033_1","appID":"DownloadItBundler-230321","dateAdded":"231206","deceptorType":"Bundler","name":"DownloadItDownloadManager","company":"download.it","version":"6.32.1033","lastKnownStatus":"4.78.2.0;6.32.1033","lastKnownDate":"231206","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-12-06T22:41:37.2943417+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":787},{"violations":{"ACR-042":"Unrelated components introduced without clear option for user author the explicit permission.\nhttps://rise-platforms.com/privacy/\n","ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure \n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-048":"The app does not allow the user to cancel the installation.\nThe app does not provide control to remove the startup item and schedule task created during the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed scheduled task and a startup to perform an action without the user's knowledge and consent\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of the components and other files without the user's knownledge\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files and components in several locations including hidden folders besides the set default without user's knowledge.\n"},"samples":[{"isRevoked":"False","fileName":"DivXInstaller.exe","isInstaller":"True","companyName":"DivX, LLC","fileVersion":"10.10","hashMD5":"410d12aa689f80d64439c6c6ebb6375b","hashSHA1":"db8f15652833347f026927defdb807e6ebe37583","hashSHA256":"6d6899d4a73dbcd1d1f1ca932cda07437b574e9de2440efd16c504774e75522d","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DIVX LLC, O=DIVX LLC, S=California, C=US","sourceIndex":"787","avBlockList":["ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","VirIT eXplorer PRO (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Quick Heal Internet Security (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Webroot SecureAnywhere (20240528)","Windows Defender (20240528)"]},{"isRevoked":"False","fileName":"DivXInstaller_231205.exe","isInstaller":"True","companyName":"DivX, LLC","fileVersion":"10.10","hashMD5":"168e57cc6e585f02efed6d5775e1ae32","hashSHA1":"175e1a6c55fba24040013218181fa5df6e305c8f","hashSHA256":"71f0ded0e9649150be9d292a305497222b595336dd679a76a7d8d83fecf40fa8","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DIVX LLC, O=DIVX LLC, S=California, C=US","sourceIndex":"787","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: data collector","reference":"MPC AdCleaner: Cassini Labs -- responsible for software installer ads ","landingPage":"https://www.divx.com/","directDownloadingLink":"https://download.divx.com/stable/divx/DivXInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.divx.com/stable/divx/DivXInstaller.exe","sourceIndex":"787"}],"sampleFiles":["231206/DivXBundle-220531/10.10.1.0/Samples/DivXInstaller.exe","231206/DivXBundle-220531/10.10.1.0/Samples/DivXInstaller_231205.exe"],"imageFiles":["231206/DivXBundle-220531/10.10.1.0/Images/ACR-043/DIVX_QT.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-107/DIVX_QT.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-042/DIVX_AdNetwork-Rise.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-048/DIVX-048Install.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-084/Startups.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-048/Startups.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-118/ACR-118.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-118/ACR-118.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-013/DOptionalOffer.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-013/DOptionalOffer1.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-060/DOptionalOffer.jpg","231206/DivXBundle-220531/10.10.1.0/Images/ACR-060/DOptionalOffer1.jpg"],"nonDeceptorImageFiles":["231206/DivXBundle-220531/10.10.1.0/Images/ACR-040/loc.jpg"],"guid":"5c2ee34e-9bd3-4332-a565-8f9295a5fda5_10.10.1.0_1","appID":"DivXBundle-220531","dateAdded":"231206","deceptorType":"App","name":"DivX Software","company":"DivX, LLC","version":"10.10.1.0","lastKnownStatus":"10.9.1.0;10.10.0.0;10.10.0.1;10.10.1.0","lastKnownDate":"231206","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,in-app purchases,cross-sell other apps","lastUpdate":"2023-12-06T22:45:24.5332583+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":789},{"violations":{"ACR-042":"Unrelated components introduced without clear option for user author the explicit permission.\nhttps://rise-platforms.com/privacy/\n","ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure \n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-048":"The app does not allow the user to cancel the installation.\nThe app does not provide control to remove the startup item and schedule task created during the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed scheduled task and a startup to perform an action without the user's knowledge and consent\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of the components and other files without the user's knownledge\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files and components in several locations including hidden folders besides the set default without user's knowledge.\n"},"samples":[{"isRevoked":"False","fileName":"DivXInstaller.exe","isInstaller":"True","companyName":"DivX, LLC","fileVersion":"10.10","hashMD5":"410d12aa689f80d64439c6c6ebb6375b","hashSHA1":"db8f15652833347f026927defdb807e6ebe37583","hashSHA256":"6d6899d4a73dbcd1d1f1ca932cda07437b574e9de2440efd16c504774e75522d","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DIVX LLC, O=DIVX LLC, S=California, C=US","sourceIndex":"900","avBlockList":["ESET Internet Security (20240528)","G DATA INTERNET SECURITY (20240528)","K7 Total Security (20240528)","Malwarebytes Premium (20240528)","Norton Security (20240528)","Panda Dome (20240528)","Sophos Home Premium (20240528)","SpyHunter5 (20240528)","VirIT eXplorer PRO (20240528)"],"avAllowList":["360 Total Security (20240528)","Avast Premium Security (20240528)","AVG Internet Security (20240528)","Avira Internet Security (20240528)","Bitdefender Internet Security (20240528)","COMODO Antivirus (20240528)","Dr.Web Security Space (20240528)","Kaspersky Internet Security (20240528)","McAfee Total Protection (20240528)","Quick Heal Internet Security (20240528)","Total AV Antivirus Pro (20240528)","Trend Micro Internet Security (20240528)","VIPRE Advanced Security (20240528)","Webroot SecureAnywhere (20240528)","Windows Defender (20240528)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: data collector","reference":"MPC AdCleaner: Cassini Labs -- responsible for software installer ads ","landingPage":"https://www.divx.com/","directDownloadingLink":"https://download.divx.com/stable/divx/DivXInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.divx.com/stable/divx/DivXInstaller.exe","sourceIndex":"900"}],"sampleFiles":["230911/DivXBundle-220531/10.10.0.1/Samples/DivXInstaller.exe"],"imageFiles":["230911/DivXBundle-220531/10.10.0.1/Images/ACR-043/DIVX_QT.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-107/DIVX_QT.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-042/DIVX_AdNetwork-Rise.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-048/DIVX-048Install.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-084/Startup.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-048/DIVX-Startup.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-118/ACR-118.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-013/OptionalOffer1.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-013/OptionalOffer2.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-060/OptionalOffer1.jpg","230911/DivXBundle-220531/10.10.0.1/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":["230911/DivXBundle-220531/10.10.0.1/Images/ACR-040/ACR-040.jpg"],"guid":"5c2ee34e-9bd3-4332-a565-8f9295a5fda5_10.10.0.1_1","appID":"DivXBundle-220531","dateAdded":"231206","deceptorType":"App","name":"DivX Software","company":"DivX, LLC","version":"10.10.0.1","lastKnownStatus":"10.9.1.0;10.10.0.0;10.10.0.1;10.10.1.0","lastKnownDate":"231206","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,in-app purchases,cross-sell other apps","lastUpdate":"2023-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":790},{"violations":{"ACR-042":"Unrelated components introduced without clear option for user author the explicit permission.\nhttps://rise-platforms.com/privacy/\n","ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure \n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-048":"The app does not allow the user to cancel the installation\nThe app does not provide control to remove the startup item and schedule task created during the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed scheduled task and a startup to perform an action without the user's knowledge and consent\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of the components and other files without the user's knownledge\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files and components in several locations including hidden folders besides the set default without user's knowledge.\n"},"samples":[{"isRevoked":"False","fileName":"DivXInstaller.exe","isInstaller":"True","companyName":"DivX LLC","productName":"DivX Setup","productVersion":"10.9.1.0","fileVersion":"10.9.1.0","hashMD5":"056e2ba4f0a1f496980c229b133636a4","hashSHA1":"85fd34b6f3009b5b1e70b19370f1d9e9224586d1","hashSHA256":"19f7783550a64034139bf35b125cd09ca9c0ef88b76c4a7ec2ca030fd5c3ae78","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"DIVX LLC","storeId":"","sourceIndex":"1152","avBlockList":["Avast Premium Security (20230914)","AVG Internet Security (20230914)","Avira Internet Security (20230914)","ESET Internet Security (20230914)","G DATA INTERNET SECURITY (20230914)","K7 Total Security (20230914)","Kaspersky Internet Security (20230914)","Malwarebytes Premium (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Quick Heal Internet Security (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)"],"avAllowList":["360 Total Security (20230914)","Bitdefender Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","McAfee Total Protection (20230914)","Trend Micro Internet Security (20230914)","VIPRE Advanced Security (20230914)","Windows Defender (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: data collector","reference":"MPC AdCleaner: Cassini Labs -- responsible for software installer ads ","landingPage":"https://www.divx.com/","directDownloadingLink":"https://download.divx.com/stable/divx/DivXInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.divx.com/stable/divx/DivXInstaller.exe","sourceIndex":"1152"}],"sampleFiles":["230419/DivXBundle-220531/10.9.1.0/Samples/DivXInstaller.exe"],"imageFiles":["230419/DivXBundle-220531/10.9.1.0/Images/ACR-043/ACR-043.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-107/ACR-107.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-042/AdNetwork_Rise_042.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-048/ACR-048.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-084/ACR-084.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-048/ACR-048_Software.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-118/ACR-118.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-013/ACR-013.JPG","230419/DivXBundle-220531/10.9.1.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230419/DivXBundle-220531/10.9.1.0/Images/ACR-040/ACR-040.JPG"],"guid":"5c2ee34e-9bd3-4332-a565-8f9295a5fda5_10.9.1.0_1","appID":"DivXBundle-220531","dateAdded":"231206","deceptorType":"App","name":"DivX Software","company":"DivX, LLC","version":"10.9.1.0","lastKnownStatus":"10.9.1.0;10.10.0.0;10.10.0.1;10.10.1.0","lastKnownDate":"231206","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,in-app purchases,cross-sell other apps","lastUpdate":"2023-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":792},{"violations":{"ACR-042":"Unrelated components introduced without clear option for user author the explicit permission.\nhttps://rise-platforms.com/privacy/\n","ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure \n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-048":"The app does not allow the user to cancel the installation.\nThe app does not provide control to remove the startup item and schedule task created during the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates an undisclosed scheduled task and a startup to perform an action without the user's knowledge and consent\n","ACR-118":"When the user attempts to completely uninstall the app, it retains some of the components and other files without the user's knownledge\n"},"nonDeceptorViolations":{"ACR-040":"The app installs files and components in several locations including hidden folders besides the set default without user's knowledge.\n"},"samples":[{"isRevoked":"False","fileName":"DivXInstaller.exe","isInstaller":"True","companyName":"DivX, LLC","fileVersion":"10.10","hashMD5":"844fefdcb94558d7dc7e430bf0d216fd","hashSHA1":"dea91be11111fe9349af20a388cd2b46632e6295","hashSHA256":"943e695ce768303d93843b115a10fc25c0c6023b8d65a266a730024c666c82a5","digitalCertThumbprint":"40771DEB72F7F99EBC23212A0B483A053DE8208A","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=DIVX LLC, O=DIVX LLC, S=California, C=US","sourceIndex":"965","avBlockList":["Avira Internet Security (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","Malwarebytes Premium (20230801)","Norton Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)","Windows Defender (20230801)"],"avAllowList":["360 Total Security (20230801)","Avast Premium Security (20230801)","AVG Internet Security (20230801)","Bitdefender Internet Security (20230801)","COMODO Antivirus (20230801)","Dr.Web Security Space (20230801)","K7 Total Security (20230801)","Kaspersky Internet Security (20230801)","McAfee Total Protection (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Trend Micro Internet Security (20230801)","VIPRE Advanced Security (20230801)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: data collector","reference":"MPC AdCleaner: Cassini Labs -- responsible for software installer ads ","landingPage":"https://www.divx.com/","directDownloadingLink":"https://download.divx.com/stable/divx/DivXInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.divx.com/stable/divx/DivXInstaller.exe","sourceIndex":"965"}],"sampleFiles":["230724/DivXBundle-220531/10.10.0.0/Samples/DivXInstaller.exe"],"imageFiles":["230724/DivXBundle-220531/10.10.0.0/Images/ACR-043/DIVX_QT.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-107/DIVX_QT.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-042/DIVX_AdNetwork-Rise.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-048/DIVX-048Install.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-084/DIVX-Startup.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-048/DIVX-Startup.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-118/DIVX-ACR-118.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-013/DIVX_OptionalOffer1.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-013/DIVX_OptionalOffer2.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-060/DIVX_OptionalOffer1.jpg","230724/DivXBundle-220531/10.10.0.0/Images/ACR-060/DIVX_OptionalOffer2.jpg"],"nonDeceptorImageFiles":["230724/DivXBundle-220531/10.10.0.0/Images/ACR-040/DIVX-040.jpg"],"guid":"5c2ee34e-9bd3-4332-a565-8f9295a5fda5_10.10.0.0_1","appID":"DivXBundle-220531","dateAdded":"231206","deceptorType":"App","name":"DivX Software","company":"DivX, LLC","version":"10.10.0.0","lastKnownStatus":"10.9.1.0;10.10.0.0;10.10.0.1;10.10.1.0","lastKnownDate":"231206","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,in-app purchases,cross-sell other apps","lastUpdate":"2023-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":791},{"violations":{"ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of \"Recommended additional software to install\". \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"potplayer.g5255.exe","isInstaller":"True","productName":"PotPlayer","fileVersion":"0.0","hashMD5":"c5a278c5f88fef44d1fbedcee5aa1f47","hashSHA1":"32fb12b874977dbd0e9ba808cda59cd511ddad57","hashSHA256":"4085bc8eab59c1d14079cac6ff8ff9d31d48ffa976bed48096893ff5511e3f05","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"790","avBlockList":["Avast Premium Security (20231205)","AVG Internet Security (20231205)","Avira Internet Security (20231205)","Bitdefender Internet Security (20231205)","COMODO Antivirus (20231205)","Dr.Web Security Space (20231205)","ESET Internet Security (20231205)","G DATA INTERNET SECURITY (20231205)","K7 Total Security (20231205)","Kaspersky Internet Security (20231205)","Malwarebytes Premium (20231205)","McAfee Total Protection (20231205)","Norton Security (20231205)","Panda Dome (20231205)","Sophos Home Premium (20231205)","SpyHunter5 (20231205)","Total AV Antivirus Pro (20231205)","VIPRE Advanced Security (20231205)","VirIT eXplorer PRO (20231205)","Webroot SecureAnywhere (20231205)"],"avAllowList":["360 Total Security (20231205)","Quick Heal Internet Security (20231205)","Trend Micro Internet Security (20231205)","Windows Defender (20231205)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Media players ","reference":"","landingPage":"https://appforwin.ru/en/catalog/multimedia/video/potplayer","directDownloadingLink":"https://files.appforwin.ru/wredirect/?u=7b2275746d5f736f75726365223a22646972656374222c2275746d5f6d656469756d223a22637063222c2275746d5f63616d706169676e223a22706f74706c61796572227d&file=potplayer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.appforwin.ru/wredirect/?u=7b2275746d5f736f75726365223a22646972656374222c2275746d5f6d656469756d223a22637063222c2275746d5f63616d706169676e223a22706f74706c61796572227d&file=potplayer","sourceIndex":"790"}],"sampleFiles":["231128/PotPlayer-221108/1.7.21834/Samples/potplayer.g5255.exe"],"imageFiles":["231128/PotPlayer-221108/1.7.21834/Images/ACR-053/ACR-155_053_Offers.gif","231128/PotPlayer-221108/1.7.21834/Images/ACR-055/Unrelated_App_Offer_1.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-055/Unrelated_App_Offer_2.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-055/Unrelated_App_Offer_3.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-059/Unrelated_App_Offer_1.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-059/Unrelated_App_Offer_2.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-059/Unrelated_App_Offer_3.jpg","231128/PotPlayer-221108/1.7.21834/Images/ACR-155/ACR-155_Offers.gif"],"nonDeceptorImageFiles":[],"guid":"19540528-98b8-46ed-807f-9062e0329ede_1.7.21834_1","appID":"PotPlayer-221108","dateAdded":"231128","deceptorType":"App","name":"PotPlayer","company":"Kakao Corp.","version":"1.7.21834","lastKnownStatus":"1.7.21834","lastKnownDate":"231128","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps,display ads","lastUpdate":"2023-11-28T17:54:20.7135973+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":793},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"The app does not provide any option to remove the startup item\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-014":"After installing the app, the update prompt misleads the user with a \"Important!\" message to use a \"new version to avoid malfunctions,\" despite the fact that this update does nothing other than attempt to update.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a valid digital signature for the installer and other executables\n","ACR-123":"The app does not remove dropped root certificate and startup item even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"AdvancedJPGtoPDFFree.exe","isInstaller":"True","companyName":"PDFCore Co. Ltd.                                           ","productName":"Advanced JPG to PDF Free                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"0e2d06f7ae2e9179944a84b25d7385b6","hashSHA1":"d9f8127fbaa3c877cc0ae4e7d334142c0cd7ab92","hashSHA256":"2c9cb335b7a343ab583c318bc0a1a1073cfcbf07b2865c9ae8364376343c758a","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"793","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":[]},{"isRevoked":"False","fileName":"AdvancedOCRFree.exe","isInstaller":"True","companyName":"PDFCore Co. Ltd.                                           ","productName":"Advanced OCR Free                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"cb7677f3b459663e43708da33e163a9b","hashSHA1":"c06dba169c4cfc6e5405c93ef616fc5d84ecc86a","hashSHA256":"37a95db2f3189fe58312b90a0a0d722a258217310890ca4d5f32ff2a891cece7","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"793","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Trend Micro Internet Security (20231207)"]},{"isRevoked":"False","fileName":"AdvancedPDFUtilitiesFree.exe","isInstaller":"True","companyName":"PDFCore Co. Ltd.                                           ","productName":"Advanced PDF Utilities Free                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"998098896a0cdeebd87fc5d5cc634993","hashSHA1":"9dc83f09d42ddc8a2182d225f5d5e1e70f28a945","hashSHA256":"b5a3da499a0e9b56bc7e8dc9e47ed719b8ae58daae603d3395db5ec8725e5e45","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"793","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"https://www.pdfcore.com/index.php","directDownloadingLink":"http://www.pdfcore.com/AdvancedPDFUtilitiesFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pdfcore.com/AdvancedPDFUtilitiesFree.exe","sourceIndex":"793"}],"sampleFiles":["231127/PDFCoreBundler-231124/8.8.2.4/Samples/AdvancedJPGtoPDFFree.exe","231127/PDFCoreBundler-231124/8.8.2.4/Samples/AdvancedOCRFree.exe","231127/PDFCoreBundler-231124/8.8.2.4/Samples/AdvancedPDFUtilitiesFree.exe"],"imageFiles":["231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-109/ACR-109_Install_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-010/ACR-010_Install_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-013/ACR-013_Install_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-084/ACR-084_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-048/ACR-048_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-014/ACR-014_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_2.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-106/ACR-106_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-092/ACR-092_Software_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-092/ACR-092_Software_2.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_1.png","231127/PDFCoreBundler-231124/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_2.png"],"guid":"8ca1b3e8-c697-4b1b-98ef-0f7e2f925051_8.8.2.4_1","appID":"PDFCoreBundler-231124","dateAdded":"231127","deceptorType":"Bundler","name":"Advanced PDFUtilities Free","company":"PDFCore Co., Ltd","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"231127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-11-28T02:10:01.7706125+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":794},{"violations":{"ACR-109":"The app downloads \"rk.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-103":"The \"Buy now\" option on the landing page (https://store.payproglobal.com/checkout?products[1][id]=54890) returns an error page\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"best-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"b5b7bc2528c04f0e280f60b610609710","hashSHA1":"06fc59b3b582730e09e0874e5edc51c8dc376789","hashSHA256":"19e5f6b3d79c37c12c5f1a75b805eb2742d973d802f21916dd54a299f8665f2b","sourceIndex":"794","avBlockList":["360 Total Security (20231205)","Avast Premium Security (20231205)","AVG Internet Security (20231205)","Avira Internet Security (20231205)","Bitdefender Internet Security (20231205)","COMODO Antivirus (20231205)","Dr.Web Security Space (20231205)","ESET Internet Security (20231205)","G DATA INTERNET SECURITY (20231205)","K7 Total Security (20231205)","Kaspersky Internet Security (20231205)","Malwarebytes Premium (20231205)","McAfee Total Protection (20231205)","Norton Security (20231205)","Panda Dome (20231205)","Quick Heal Internet Security (20231205)","Sophos Home Premium (20231205)","SpyHunter5 (20231205)","Total AV Antivirus Pro (20231205)","VirIT eXplorer PRO (20231205)","Webroot SecureAnywhere (20231205)","Windows Defender (20231205)"],"avAllowList":["Trend Micro Internet Security (20231205)","VIPRE Advanced Security (20231205)"]},{"isRevoked":"False","fileName":"best-pdf-tools.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"7752e4619081cf0d1132a04f42547998","hashSHA1":"87384d1e0e5acf3a8e133e8297e03d3a9a3850e3","hashSHA256":"5c6014336372e4d6c57dc3c84eb31bafc89130e9516baff3a2d4e7eca083572e","sourceIndex":"794","avBlockList":["360 Total Security (20231205)","Avast Premium Security (20231205)","AVG Internet Security (20231205)","Avira Internet Security (20231205)","Bitdefender Internet Security (20231205)","COMODO Antivirus (20231205)","Dr.Web Security Space (20231205)","ESET Internet Security (20231205)","G DATA INTERNET SECURITY (20231205)","K7 Total Security (20231205)","Kaspersky Internet Security (20231205)","Malwarebytes Premium (20231205)","McAfee Total Protection (20231205)","Norton Security (20231205)","Panda Dome (20231205)","Quick Heal Internet Security (20231205)","Sophos Home Premium (20231205)","SpyHunter5 (20231205)","Total AV Antivirus Pro (20231205)","VirIT eXplorer PRO (20231205)","Webroot SecureAnywhere (20231205)","Windows Defender (20231205)"],"avAllowList":["Trend Micro Internet Security (20231205)","VIPRE Advanced Security (20231205)"]},{"isRevoked":"False","fileName":"best-pdf-to-word-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"970975e954bd9ef6df389d50adf66e34","hashSHA1":"25c6d4da81da06932500b86793fc9c586b35eb3d","hashSHA256":"852a4bfde854043f487e94fe1149ca6ca135a11c7395f38ef2e3e7d457928c00","sourceIndex":"794","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Quick Heal Internet Security (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"best-word-to-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"fc023065fdc65f25ffa515f07bdfc921","hashSHA1":"d96ea3fc2a075cac1ba4dded1f8b2d9f9e3d9d4d","hashSHA256":"347621ece72dd30a3a34a1c6cefd3868d33c6feb57e58de93ef2123167c1ba67","sourceIndex":"794","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"combine-pdf.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"bc72ee29a2e1bf9883f634b789fb3036","hashSHA1":"6fdcd38671d03f38443183718fa99c9ec7bcb113","hashSHA256":"cbdea19e1d81b934ec8b1a3ef90557f4bac0ef1f41cc18e4a68171b85d9bb458","sourceIndex":"794","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Bitdefender Internet Security (20231207)","Quick Heal Internet Security (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"document-to-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"189f0c0a8fa84d780196c85b494dd513","hashSHA1":"3764729f63cb93aab0c8201ac9fceb03e71c99c2","hashSHA256":"2d03c58bfdc0c77d92ae372c976dbcf6b639f1be11abc22c3a1a8040f2566bc9","sourceIndex":"794","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Malwarebytes Premium (20231207)","Quick Heal Internet Security (20231207)","Trend Micro Internet Security (20231207)"]},{"isRevoked":"False","fileName":"pdf-to-pdf.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"da13125071c26266145212a901db69eb","hashSHA1":"9b6b269f4320cb2d92423e17ebbd824ed70f686b","hashSHA256":"433ba95fdd78ca4dceab642e6cb1289fa7b64facebc898a1b0128ea1a871ede0","sourceIndex":"794","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"photo-to-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"430cd611a985ecc988cbea1df178f6f6","hashSHA1":"8a48e805ff36da884f58d3c4435ea46c9011a367","hashSHA256":"caed822b79b53336e6ca9bb0234f1104cc3fad90463cec216dd5c7a58eb8399d","sourceIndex":"794","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Quick Heal Internet Security (20231207)","Trend Micro Internet Security (20231207)","VIPRE Advanced Security (20231207)"]},{"isRevoked":"False","fileName":"xls-excel-to-pdf-converter.exe","isInstaller":"True","companyName":"Best PDF Tools                                              ","fileVersion":"0.0","hashMD5":"15140447c2637a7fd15934be5c4db806","hashSHA1":"bc390a6a7cce5c93d22f4adacd1ed6b99e9c28df","hashSHA256":"6b1affae1a74f810b3dd692df8c0a7acac4802e05a22b44287e64f4811ba2861","sourceIndex":"794","avBlockList":["360 Total Security (20231207)","Avast Premium Security (20231207)","AVG Internet Security (20231207)","Avira Internet Security (20231207)","Bitdefender Internet Security (20231207)","COMODO Antivirus (20231207)","Dr.Web Security Space (20231207)","ESET Internet Security (20231207)","G DATA INTERNET SECURITY (20231207)","K7 Total Security (20231207)","Kaspersky Internet Security (20231207)","Malwarebytes Premium (20231207)","McAfee Total Protection (20231207)","Norton Security (20231207)","Panda Dome (20231207)","Quick Heal Internet Security (20231207)","Sophos Home Premium (20231207)","SpyHunter5 (20231207)","Total AV Antivirus Pro (20231207)","VIPRE Advanced Security (20231207)","VirIT eXplorer PRO (20231207)","Webroot SecureAnywhere (20231207)","Windows Defender (20231207)"],"avAllowList":["Trend Micro Internet Security (20231207)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.best-pdf-tools.com/products.html","directDownloadingLink":"http://www.best-pdf-tools.com/download/best-pdf-converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.best-pdf-tools.com/download/best-pdf-converter.exe","sourceIndex":"794"}],"sampleFiles":["231127/BestPDFTools-231124/4.x/Samples/best-pdf-converter.exe","231127/BestPDFTools-231124/4.x/Samples/best-pdf-tools.exe","231127/BestPDFTools-231124/4.x/Samples/best-pdf-to-word-converter.exe","231127/BestPDFTools-231124/4.x/Samples/best-word-to-pdf-converter.exe","231127/BestPDFTools-231124/4.x/Samples/combine-pdf.exe","231127/BestPDFTools-231124/4.x/Samples/document-to-pdf-converter.exe","231127/BestPDFTools-231124/4.x/Samples/pdf-to-pdf.exe","231127/BestPDFTools-231124/4.x/Samples/photo-to-pdf-converter.exe","231127/BestPDFTools-231124/4.x/Samples/xls-excel-to-pdf-converter.exe"],"imageFiles":["231127/BestPDFTools-231124/4.x/Images/ACR-109/ACR-109_Install_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-010/ACR-010_Install_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-013/ACR-013_Install_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-103/ACR-103_Software_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-103/ACR-103_Software_2.png","231127/BestPDFTools-231124/4.x/Images/ACR-118/ACR-118_Uninstall_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-118/ACR-118_Uninstall_2.png","231127/BestPDFTools-231124/4.x/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231127/BestPDFTools-231124/4.x/Images/ACR-106/ACR-106_Software_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-092/ACR-092_Software_1.png","231127/BestPDFTools-231124/4.x/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"473c0615-8e66-4c4c-86b9-d9934a71f8ae_4.x_1","appID":"BestPDFTools-231124","dateAdded":"231127","deceptorType":"Bundler","name":"Best PDF Tools","company":"Best PDF Tools","version":"4.x","lastKnownStatus":"4.x","lastKnownDate":"231127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,up-sell to paid","lastUpdate":"2023-11-28T02:07:44.2968766+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":795},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"VideoCutterJoiner.exe","isInstaller":"True","companyName":"XiangJi Software Studio                                     ","productName":"Fast Video Cutter Joiner                                    ","productVersion":"3.5.0.0                                           ","fileVersion":"3.5.0.0             ","hashMD5":"1b739f376880bc97f52d23d8f386886c","hashSHA1":"b6c184cc93e68d2534dcce4fc41a6657874e9059","hashSHA256":"b24eab2f70e0e8cff4b6ab2fb79e8dbd1ae5458463d46469b589cc593233fe12","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"801","avBlockList":["Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["360 Total Security (20231214)","Trend Micro Internet Security (20231214)","VIPRE Advanced Security (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/video-tools/videocutter.html","directDownloadingLink":"http://en.zxt2007.com/download/videocutter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/videocutter_setup.exe","sourceIndex":"801"}],"sampleFiles":["231120/FastVideoCutter-230531/3.5.0.0/Samples/VideoCutterJoiner.exe"],"imageFiles":["231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-109/ACR-109_Install_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-010/ACR-010_Install_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-013/ACR-013_Install_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-118/ACR-118_Uninstall_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-106/ACR-106_Software_1.png","231120/FastVideoCutter-230531/3.5.0.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"bec75a4e-5631-4aee-933b-d4971099625c_3.5.0.0_1","appID":"FastVideoCutter-230531","dateAdded":"231120","deceptorType":"Bundler","name":"Fast Video Cutter","company":"XiangJi Software Studio","version":"3.5.0.0","lastKnownStatus":"2.2.0.0;3.5.0.0","lastKnownDate":"231120","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,up-sell to paid","lastUpdate":"2023-11-20T21:51:19.4718428+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":796},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Fast Video Cutter\\FastCutter.exe","companyName":"XiangJi Software Studio","productName":"Fast Video Cutter","productVersion":"2.2.0.0","fileVersion":"2.2.0.0","hashMD5":"fbe577c4c1a0aee75a6cd15589855d6a","hashSHA1":"208941a0aa4ed8d77b306eba70fdbad8233cb6f5","hashSHA256":"756609f23eb22b46480e1b1187801b463e47954e3b0d4751ec6b46eafb983813","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1067","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"videocutter_setup.exe","isInstaller":"True","companyName":"XiangJi Software Studio                                     ","productName":"Fast Video Cutter                                           ","productVersion":"2.2.0.0                                           ","fileVersion":"2.2.0.0             ","hashMD5":"289fbd6a7d010aff0c58eb90751110d2","hashSHA1":"483e514f53a00ca0a25ffc846fa56c2ecf024e1d","hashSHA256":"e6a0685a40bdede175f3623a4231bfd6af396b741680661466af4688908f3aec","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1067","avBlockList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","COMODO Antivirus (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","K7 Total Security (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)","Windows Defender (20230608)"],"avAllowList":["Dr.Web Security Space (20230608)","Trend Micro Internet Security (20230608)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/video-tools/videocutter.html","directDownloadingLink":"http://en.zxt2007.com/download/videocutter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/videocutter_setup.exe","sourceIndex":"1067"}],"sampleFiles":["230601/FastVideoCutter-230531/2.2.0.0/Samples/videocutter_setup.exe"],"imageFiles":["230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-109/ACR-109.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-043/ACR-043.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-042/ACR-042.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-048/ACR-048.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-007/ACR-007.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-010/ACR-010.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-013/ACR-013.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-118/ACR-118.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-057/ACR-057.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-059/ACR-059.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-060/ACR-060.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-071/ACR-071.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-045/ACR-045.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-106/ACR-106.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-092/ACR-092.JPG","230601/FastVideoCutter-230531/2.2.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"bec75a4e-5631-4aee-933b-d4971099625c_2.2.0.0_1","appID":"FastVideoCutter-230531","dateAdded":"231120","deceptorType":"Bundler","name":"Fast Video Cutter","company":"XiangJi Software Studio","version":"2.2.0.0","lastKnownStatus":"2.2.0.0;3.5.0.0","lastKnownDate":"231120","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-11-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":797},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-016":"\"Accord CD Ripper Xtreme\" download is launched directly from Ad\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"AudioRecorder.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Free Audio Recorder                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1b7e19115fb79bf1634db9fec676ff26","hashSHA1":"1801386cf8404179cc9dcd61c86e63161f9efaa7","hashSHA256":"837a0d361ecf841d0dffadf2120ce48f7bac2608d4c9981ddc5582d73304833c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"800","avBlockList":["360 Total Security (20221018)","Avast Premium Security (20221018)","AVG Internet Security (20221018)","Avira Internet Security (20221018)","Bitdefender Internet Security (20221018)","COMODO Antivirus (20221018)","Dr.Web Security Space (20221018)","ESET Internet Security (20221018)","G DATA INTERNET SECURITY (20221018)","K7 Total Security (20221018)","Kaspersky Internet Security (20221018)","Malwarebytes Premium (20221018)","McAfee Total Protection (20221018)","Norton Security (20221018)","Panda Dome (20221018)","Quick Heal Internet Security (20221018)","Sophos Home Premium (20221018)","SpyHunter5 (20221018)","Total AV Antivirus Pro (20221018)","VIPRE Advanced Security (20221018)","VirIT eXplorer PRO (20221018)","Webroot SecureAnywhere (20221018)","Windows Defender (20221018)"],"avAllowList":["Tencent PC Manager (20220811)","Trend Micro Internet Security (20221018)"]},{"isRevoked":"False","fileName":"CDRipperExp.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Accord CD Ripper Free                                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2908075b691f6d79085b2a9d6d8a47be","hashSHA1":"65d486b64927774d2f099db674be4757d59812d0","hashSHA256":"8bfc357a89231c47501a1de8e4cf2649f3d6383b66f439408c2575203cc72f80","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"800","avBlockList":["Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["360 Total Security (20231214)","Trend Micro Internet Security (20231214)"]},{"isRevoked":"False","fileName":"Mp3Ripper.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Mp3 Ripper                                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"a76775fc50a183886e6cb948e027b9bb","hashSHA1":"238b64ee09a8b63ddfa8fb2ba27e9119bc1bcce7","hashSHA256":"66f137ed2d4a9785a1cd10554ff65894a5767ea50b5c32f990325225a332b09b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"800","avBlockList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["Trend Micro Internet Security (20231214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.freecdtomp3.com/mp3_ripper.html","directDownloadingLink":"http://www.freecdtomp3.com/Downloads/Mp3Ripper.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freecdtomp3.com/Downloads/Mp3Ripper.zip","sourceIndex":"800"}],"sampleFiles":["231120/AccmewareBundle-231116/6.x.x.x/Samples/AudioRecorder.exe","231120/AccmewareBundle-231116/6.x.x.x/Samples/CDRipperExp.exe","231120/AccmewareBundle-231116/6.x.x.x/Samples/Mp3Ripper.exe"],"imageFiles":["231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-109/ACR-109_Install_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-010/ACR-010_Install_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-013/ACR-013_Install_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-118/ACR-118_Uninstall_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-155/ACR-155_Bundler-made offers_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-016/ACR-016_Ads inside app_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-016/ACR-016_Ads inside app_2.png"],"nonDeceptorImageFiles":["231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-106/ACR-106_Software_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-092/ACR-092_Software_1.png","231120/AccmewareBundle-231116/6.x.x.x/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"6a6eea92-4994-4525-b70c-12d27e9e7492_6.x.x.x_1","appID":"AccmewareBundle-231116","dateAdded":"231120","deceptorType":"Bundler","name":"Accmeware Bundle","company":"Accmeware Corporation","version":"6.x.x.x","lastKnownStatus":"6.x.x.x","lastKnownDate":"231120","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-11-20T22:04:50.2172257+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":798},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"sinvfct.dll\" on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in Program Files.\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-123":"The app does not remove scheduled task even after uninstall.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out of the payment. \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","companyName":" Spytech Software and Design, Inc","productName":"SpyAgent","fileVersion":"0.0","hashMD5":"061f1f9326fdb3ea53813f3bbed895e4","hashSHA1":"23e1fa198124a808c8e5f8421c0da779f7122ead","hashSHA256":"ae71663bfcb374cd5d97a9512eb41005d127646a9e0e74840becf8653356349d","digitalCertThumbprint":"A897582111385A59DD212F5FF561A083E33F38D0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", L=Red Wing, S=Minnesota, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"1702","avBlockList":["360 Total Security (20220426)","Avast Premium Security (20220426)","AVG Internet Security (20220426)","Avira Internet Security (20220426)","Bitdefender Internet Security (20220426)","Dr.Web Security Space (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","K7 Total Security (20220426)","Kaspersky Internet Security (20220426)","Malwarebytes Premium (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Quick Heal Internet Security (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Tencent PC Manager (20220426)","Total AV Antivirus Pro (20220426)","Trend Micro Internet Security (20220426)","VIPRE Advanced Security (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)","Windows Defender (20220426)"],"avAllowList":["COMODO Antivirus (20220426)"]},{"isRevoked":"False","fileName":"sysdiag.exe","companyName":" Spytech Software and Design, Inc","productName":"SpyAgent","fileVersion":"0.0","hashMD5":"eabc691de42217ac7e5d1e5ceb339c6c","hashSHA1":"3f5c1f1227241f75f21a1af162367a5d0ef5ca24","hashSHA256":"6bf711221eb05400695031dda7302c04ae8a3e2e86e3cb9b01c2b9063303e80d","digitalCertThumbprint":"A897582111385A59DD212F5FF561A083E33F38D0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", L=Red Wing, S=Minnesota, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"1702","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyagent12.zip","companyName":" Spytech Software and Design, Inc","productName":"SpyAgent ","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"965b9a6c53d00708788bd598e2d6e007a5d3bcbed845f0e342dab35cf22f7168","sourceIndex":"1702","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"apponic.com \"Security\"","reference":"","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://spytech-inc.com/dl040218/spyagent12.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spytech-inc.com/dl040218/spyagent12.zip","sourceIndex":"1702"}],"sampleFiles":["220224/SpyAgent-191118/12.16/Samples/Setup (password=spytech).exe","220224/SpyAgent-191118/12.16/Samples/sysdiag.exe","220224/SpyAgent-191118/12.16/Samples/spyagent12.zip"],"imageFiles":["220224/SpyAgent-191118/12.16/Images/ACR-084/Setup Admin or Stealth Install.png","220224/SpyAgent-191118/12.16/Images/ACR-084/Stealth Mode Notice.png","220224/SpyAgent-191118/12.16/Images/ACR-084/Password Config.png","220224/SpyAgent-191118/12.16/Images/ACR-084/Stealth Config.png","220224/SpyAgent-191118/12.16/Images/ACR-097/Disable AV Prompt.png","220224/SpyAgent-191118/12.16/Images/ACR-097/Notice for AV users.png","220224/SpyAgent-191118/12.16/Images/ACR-118/Retain DLL File.png","220224/SpyAgent-191118/12.16/Images/ACR-007/Setup Admin or Stealth Install.png","220224/SpyAgent-191118/12.16/Images/ACR-007/SpyAgent HotKey.png","220224/SpyAgent-191118/12.16/Images/ACR-007/Stealth Config.png","220224/SpyAgent-191118/12.16/Images/ACR-007/Stealth Mode Notice.png","220224/SpyAgent-191118/12.16/Images/ACR-086/SpyAgent HotKey.png","220224/SpyAgent-191118/12.16/Images/ACR-086/Stealth Config.png","220224/SpyAgent-191118/12.16/Images/ACR-086/Stealth Mode Install.png","220224/SpyAgent-191118/12.16/Images/ACR-086/Stealth Mode Notice.png","220224/SpyAgent-191118/12.16/Images/ACR-086/Stealth Data and Config.png"],"nonDeceptorImageFiles":["220224/SpyAgent-191118/12.16/Images/ACR-040/Install Path.png","220224/SpyAgent-191118/12.16/Images/ACR-065/Install Wizard 1.png","220224/SpyAgent-191118/12.16/Images/ACR-065/License Agreement.png","220224/SpyAgent-191118/12.16/Images/ACR-065/App About.png","220224/SpyAgent-191118/12.16/Images/ACR-099/App About.png","220224/SpyAgent-191118/12.16/Images/ACR-099/SpyTech Landing Page.png","220224/SpyAgent-191118/12.16/Images/ACR-099/BuyNow Page.png","220224/SpyAgent-191118/12.16/Images/ACR-099/Checkout Page.png","220224/SpyAgent-191118/12.16/Images/ACR-099/Purchase Page.png","220224/SpyAgent-191118/12.16/Images/ACR-123/Scheduled Task Created.png","220224/SpyAgent-191118/12.16/Images/ACR-166/Checkout Page.png","220224/SpyAgent-191118/12.16/Images/ACR-166/Purchase Page.png","220224/SpyAgent-191118/12.16/Images/ACR-171/Checkout Page.png","220224/SpyAgent-191118/12.16/Images/ACR-045/Highlights Free.png","220224/SpyAgent-191118/12.16/Images/ACR-017/Unverified Logo 1.png","220224/SpyAgent-191118/12.16/Images/ACR-017/Unverified Logo 2.png","220224/SpyAgent-191118/12.16/Images/ACR-161/Testimonal 1.png","220224/SpyAgent-191118/12.16/Images/ACR-161/Testimonial 2.png"],"guid":"c747bd61-5145-4863-9958-1a987103008b_12.16_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"12.16","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":803},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in Program Files.\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"sysdiag.exe","fileVersion":"0.0","hashMD5":"a48a18143d043a96b125492962bc6208","hashSHA1":"ebf322497552941fc2c0897f87ae799a23705b1f","hashSHA256":"552b2e44e7c5362038c8d7b752487caadfc464e24d899ed649d840b235dcf38e","digitalCertThumbprint":"728D51A7208A3B54A775E143DBA1F90EC09FB871","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2030","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spyagent11.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6752859a3f2ae82ec9237ffc8e2192a0294d44d5d628918c6249acd215cce237","sourceIndex":"2030","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"031cdeb7b4915efeea8f7fa4be1858e6","hashSHA1":"a874751134d960ff9d34f8d53e1a1c8cb3ede1af","hashSHA256":"9ca5a0bf1ca0bd865ba5dad0b0a7fe78b3b1f9f9407434212c216711520c5755","digitalCertThumbprint":"728D51A7208A3B54A775E143DBA1F90EC09FB871","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2030","avBlockList":["360 Total Security (20210415)","Avast Premium Security (20210415)","AVG Internet Security (20210415)","Avira Internet Security (20210415)","Bitdefender Internet Security (20210415)","COMODO Antivirus (20210415)","Dr.Web Security Space (20210415)","ESET Internet Security (20210415)","G DATA INTERNET SECURITY (20210415)","K7 Total Security (20210415)","Kaspersky Internet Security (20210415)","Malwarebytes Premium (20210415)","McAfee Total Protection (20210415)","Norton Security (20210415)","Panda Dome (20210415)","Quick Heal Internet Security (20210415)","Sophos Home Premium (20210415)","SpyHunter5 (20210415)","Tencent PC Manager (20210415)","Total AV Antivirus Pro (20210415)","Trend Micro Internet Security (20210415)","VIPRE Advanced Security (20210415)","VirIT eXplorer PRO (20210415)","Webroot SecureAnywhere (20210415)","Windows Defender (20210415)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/spyagent.shtml","directDownloadingLink":"https://www.spytech-web.com/downloadtrial.php?productid=SpyAgent&key=0.9940378982702766","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/downloadtrial.php?productid=SpyAgent&key=0.9940378982702766","sourceIndex":"2030"}],"sampleFiles":["201209/SpyAgent-191118/11.50.20/Samples/sysdiag.exe","201209/SpyAgent-191118/11.50.20/Samples/spyagent11.zip","201209/SpyAgent-191118/11.50.20/Samples/Setup (password=spytech).exe"],"imageFiles":["201209/SpyAgent-191118/11.50.20/Images/ACR-007/SpyAgent_Install [6].png","201209/SpyAgent-191118/11.50.20/Images/ACR-007/SpyAgent_Settings [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-007/SpyAgent_Settings [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-007/SpyAgent_Interactions [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Settings [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Settings [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Settings [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Install [6].png","201209/SpyAgent-191118/11.50.20/Images/ACR-084/SpyAgent_Interactions [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Interactions [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Settings [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Settings [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Settings [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-086/SpyAgent_Settings [5].png","201209/SpyAgent-191118/11.50.20/Images/ACR-097/SpyAgent_Install [2] DisableAV.png","201209/SpyAgent-191118/11.50.20/Images/ACR-097/SpyAgent_Install [7].png","201209/SpyAgent-191118/11.50.20/Images/ACR-097/SpyAgent_Install [8].png"],"nonDeceptorImageFiles":["201209/SpyAgent-191118/11.50.20/Images/ACR-040/SpyAgent_Files [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-045/SpyAgent_LandingPage [4].png","201209/SpyAgent-191118/11.50.20/Images/ACR-065/SpyAgent_Install [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-065/SpyAgent_Install [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-065/SpyAgent_About [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-065/SpyAgent_LandingPage [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-161/SpyAgent_LandingPage [2] Testimonial.png","201209/SpyAgent-191118/11.50.20/Images/ACR-161/SpyAgent_LandingPage [3] Testimonial.png","201209/SpyAgent-191118/11.50.20/Images/ACR-099/SpyAgent_LandingPage [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-099/SpyAgent_OfferPage [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-099/SpyAgent_OfferPage [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-099/SpyAgent_OfferPage [3].png","201209/SpyAgent-191118/11.50.20/Images/ACR-166/SpyAgent_OfferPage [1].png","201209/SpyAgent-191118/11.50.20/Images/ACR-166/SpyAgent_OfferPage [2].png","201209/SpyAgent-191118/11.50.20/Images/ACR-166/SpyAgent_OfferPage [3].png","201209/SpyAgent-191118/11.50.20/Images/ACR-171/SpyAgent_OfferPage [3].png"],"guid":"c747bd61-5145-4863-9958-1a987103008b_11.50.20_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"11.50.20","sigName":"Deceptor:Win32/SpyAgent!007084086097","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":804},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in Program Files.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a9620ab6c5538002ec4fe47c9eac22d3","hashSHA1":"417511372dd5dc273e5e76fb65dff252ed198c5f","hashSHA256":"8ce2c493f255303903ba29f1651066ddb56f13c537afda283e97bceb92029db0","digitalCertThumbprint":"728D51A7208A3B54A775E143DBA1F90EC09FB871","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2143","avBlockList":["360 Total Security (20200921)","Avast Premium Security (20200921)","AVG Internet Security (20200921)","Avira Internet Security (20200921)","Bitdefender Internet Security (20200921)","COMODO Antivirus (20200921)","Dr.Web Security Space (20200921)","ESET Internet Security (20200921)","G DATA INTERNET SECURITY (20200921)","K7 Total Security (20200921)","Kaspersky Internet Security (20200921)","Malwarebytes Premium (20200921)","McAfee Total Protection (20200921)","Norton Security (20200921)","Panda Dome (20200921)","Quick Heal Internet Security (20200921)","Sophos Home Premium (20200921)","SpyHunter5 (20200921)","Tencent PC Manager (20200921)","Total AV Antivirus Pro (20200921)","Trend Micro Internet Security (20200921)","VIPRE Advanced Security (20200921)","VirIT eXplorer PRO (20200921)","Webroot SecureAnywhere (20200921)","Windows Defender (20200921)"],"avAllowList":[]},{"isRevoked":"False","fileName":"sysdiag.exe","fileVersion":"0.0","hashMD5":"71b8824e89e1e4b795e0c27a6a46358e","hashSHA1":"f0a67dfb52df00d416a37be3e0cbd50ac9148cfb","hashSHA256":"30d4dfacb2a4dcc95f26d2f05c6d5a7213d3119af0ed62bc371ce37c004de42a","digitalCertThumbprint":"728D51A7208A3B54A775E143DBA1F90EC09FB871","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2143","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytech-web.com/spyagent.shtml","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=0.3544949771586111","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=0.3544949771586111","sourceIndex":"2143"}],"sampleFiles":["200728/SpyAgent-191118/11.40.20/Samples/Setup (password=spytech).exe","200728/SpyAgent-191118/11.40.20/Samples/sysdiag.exe"],"imageFiles":["200728/SpyAgent-191118/11.40.20/Images/ACR-007/SpyAgent_Install [6].png","200728/SpyAgent-191118/11.40.20/Images/ACR-007/SpyAgent_SetUp [4].png","200728/SpyAgent-191118/11.40.20/Images/ACR-007/SpyAgent_SetUp [5] PasswordSetting.png","200728/SpyAgent-191118/11.40.20/Images/ACR-007/SpyAgent_HotKey.png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_Install [6].png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_SetUp [4].png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_SetUp [5] PasswordSetting.png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_SetUp [6].png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_SetUp [7].png","200728/SpyAgent-191118/11.40.20/Images/ACR-084/SpyAgent_HotKey.png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [4].png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [5] PasswordSetting.png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_HotKey.png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [7].png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [8].png","200728/SpyAgent-191118/11.40.20/Images/ACR-086/SpyAgent_SetUp [9]LogSending.png","200728/SpyAgent-191118/11.40.20/Images/ACR-097/SpyAgent_Install [2]_DisableAntivirus.png","200728/SpyAgent-191118/11.40.20/Images/ACR-097/SpyAgent_Setup [1] Antivirus2.png"],"nonDeceptorImageFiles":["200728/SpyAgent-191118/11.40.20/Images/ACR-040/SpyAgent_Files [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-040/SpyAgent_Install [5].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_Install [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_Install [3].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_About [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_LandingPage [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-065/SpyAgent_LandingPage [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-161/SpyAGent_CustomerTestimonials [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_About [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_LandingPage [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_LandingPage [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_OfferPage [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-099/SpyAgent_OfferPage [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-166/SpyAgent_OfferPage [1].png","200728/SpyAgent-191118/11.40.20/Images/ACR-166/SpyAgent_OfferPage [2].png","200728/SpyAgent-191118/11.40.20/Images/ACR-171/SpyAgent_OfferPage [2].png"],"guid":"c747bd61-5145-4863-9958-1a987103008b_11.40.20_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"11.40.20","sigName":"Deceptor:Win32/SpyAgentStalkerware!007084086097","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":805},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in \"Program Files (x86)\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2efbf079c79dfde89a46ca9cf5b8b81d","hashSHA1":"622b2557f0559e73026cd654d3dd55cd14f0800a","hashSHA256":"e1fb274b5ed29a44e5eac7187d80755fd668d3bf605556fce5f9cd52a89df242","digitalCertThumbprint":"E964AC4701E77109973F5FBCFA618EEE8659D256","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2599","avBlockList":["360 Total Security (20220407)","Avast Internet Security (20191219)","AVG Internet Security (20220407)","Avira Internet Security (20220407)","Bitdefender Internet Security (20220407)","COMODO Antivirus (20220407)","Dr.Web Security Space (20220407)","ESET Internet Security (20220407)","G DATA INTERNET SECURITY (20220407)","K7 Total Security (20220407)","Kaspersky Internet Security (20220407)","Malwarebytes Premium (20220407)","McAfee Total Protection (20220407)","Norton Security (20220407)","Panda Dome (20220407)","Quick Heal Internet Security (20220407)","Sophos Home Premium (20220407)","Tencent PC Manager (20220407)","Trend Micro Internet Security (20220407)","VIPRE Advanced Security (20220407)","VirIT eXplorer PRO (20220407)","Webroot SecureAnywhere (20220407)","Windows Defender (20220407)","Avast Premium Security (20220407)","SpyHunter5 (20220407)","Total AV Antivirus Pro (20220407)"],"avAllowList":[]},{"isRevoked":"False","fileName":"sysdiag.exe","fileVersion":"0.0","hashMD5":"944480ddac548369246046bd88be993a","hashSHA1":"06a68a51c15372307a3e3d47d1fb26def2df2e1f","hashSHA256":"cdcbb7f7bf56dcc6589cfa35a829c4f1583c7ae0a29aab73459e85f440b2d950","digitalCertThumbprint":"E964AC4701E77109973F5FBCFA618EEE8659D256","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2599","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=7817a1bfc0d5356d65df258a9c49bb90cef4f7ed0eaf99f0e7","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=7817a1bfc0d5356d65df258a9c49bb90cef4f7ed0eaf99f0e7","sourceIndex":"2599"},{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-spyagent.com/","ipv4":"","ipv6":"","sourceIndex":"2600"}],"sampleFiles":["191119/SpyAgent-191118/11.10.19/Samples/Setup (password=spytech).exe","191119/SpyAgent-191118/11.10.19/Samples/sysdiag.exe"],"imageFiles":["191119/SpyAgent-191118/11.10.19/Images/ACR-007/SpyAgent Stealth 1.png","191119/SpyAgent-191118/11.10.19/Images/ACR-007/SpyAgent stealth 2.png","191119/SpyAgent-191118/11.10.19/Images/ACR-007/SpyAgent password.png","191119/SpyAgent-191118/11.10.19/Images/ACR-007/SpyAgent hotkey.png","191119/SpyAgent-191118/11.10.19/Images/ACR-084/SpyAgent stealth 2.png","191119/SpyAgent-191118/11.10.19/Images/ACR-084/SpyAgent Stealth 1.png","191119/SpyAgent-191118/11.10.19/Images/ACR-084/SpyAgent password.png","191119/SpyAgent-191118/11.10.19/Images/ACR-084/SpyAgent hotkey.png","191119/SpyAgent-191118/11.10.19/Images/ACR-086/SpyAgent hotkey.png","191119/SpyAgent-191118/11.10.19/Images/ACR-086/SpyAgent password.png","191119/SpyAgent-191118/11.10.19/Images/ACR-097/SpyAgent AV 2.png","191119/SpyAgent-191118/11.10.19/Images/ACR-097/SpyAgent Disable AV.png"],"nonDeceptorImageFiles":["191119/SpyAgent-191118/11.10.19/Images/ACR-040/SpyAgent Install Location 2.png","191119/SpyAgent-191118/11.10.19/Images/ACR-040/SpyAgent Install Location.png","191119/SpyAgent-191118/11.10.19/Images/ACR-065/SpyAgent EULA.png","191119/SpyAgent-191118/11.10.19/Images/ACR-065/SpyAgent Install.png","191119/SpyAgent-191118/11.10.19/Images/ACR-065/SpyAgent About.png","191119/SpyAgent-191118/11.10.19/Images/ACR-065/SpyAgent B Landing Page.png","191119/SpyAgent-191118/11.10.19/Images/ACR-161/SpyAgent B Landing Page.png","191119/SpyAgent-191118/11.10.19/Images/ACR-099/SpyAgent About.png","191119/SpyAgent-191118/11.10.19/Images/ACR-099/SpyAgent B Landing Page.png","191119/SpyAgent-191118/11.10.19/Images/ACR-099/SpyAgent Internal Offers.png"],"guid":"c747bd61-5145-4863-9958-1a987103008b_11.10.19_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"11.10.19","sigName":"Deceptor:Win32/SpyAgentStalkerware!007084086097","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":806},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"sinvfct.dll\" on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder named \"sysconfig\" in Program Files.\n","ACR-065":"The app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-123":"The app does not remove scheduled task even after uninstall.\n","ACR-167":"The App does not offer an at least 30-day refund and the Refund Policy shown in the App and Landing Page are mismatched.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out at payment. \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a74019da1bd6744db39bab5285269a9b","hashSHA1":"4511604aca32f57bf15f7f299679ddf3b8ed6955","hashSHA256":"4ed71310dda568be1d955aad3a0ab1008aea6d4a043bc0f6ffb7c274c91d41bf","digitalCertThumbprint":"A897582111385A59DD212F5FF561A083E33F38D0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", L=Red Wing, S=Minnesota, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"1521","avBlockList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","Dr.Web Security Space (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Tencent PC Manager (20220714)","Total AV Antivirus Pro (20230831)","VIPRE Advanced Security (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)","Windows Defender (20230831)"],"avAllowList":["COMODO Antivirus (20230831)","Trend Micro Internet Security (20230831)"]},{"isRevoked":"False","fileName":"sysdiag.exe","fileVersion":"0.0","hashMD5":"8e40e601af09d18e630cde3b5cb0b899","hashSHA1":"7fb8fde47523345279e05c3f3f9ec6b3885adfaf","hashSHA256":"176cb1caa909e17e26b4e1d1c365490f4f042860892887b4e817e0813e04a288","digitalCertThumbprint":"A897582111385A59DD212F5FF561A083E33F38D0","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", L=Red Wing, S=Minnesota, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"1521","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=7817a1bfc0d5356d65df258a9c49bb90cef4f7ed0eaf99f0e7","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/download-trial.php?productid=SpyAgent&key=7817a1bfc0d5356d65df258a9c49bb90cef4f7ed0eaf99f0e7","sourceIndex":"1521"},{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-spyagent.com/","ipv4":"","ipv6":"","sourceIndex":"1522"}],"sampleFiles":["220711/SpyAgent-191118/13.0/Samples/Setup (password=spytech).exe","220711/SpyAgent-191118/13.0/Samples/sysdiag.exe"],"imageFiles":["220711/SpyAgent-191118/13.0/Images/ACR-084/ACR-084-PasswordConfiguration.jpg","220711/SpyAgent-191118/13.0/Images/ACR-084/ACR-084-SetupAdminorStealthInstall.jpg","220711/SpyAgent-191118/13.0/Images/ACR-084/ACR-084_086-StealthModeNotice.jpg","220711/SpyAgent-191118/13.0/Images/ACR-084/ACR-084-StealthConfigjpg.jpg","220711/SpyAgent-191118/13.0/Images/ACR-097/ACR-097_DisableAVPrompt.jpg","220711/SpyAgent-191118/13.0/Images/ACR-097/ACR-097_AVUsersNotice.jpg","220711/SpyAgent-191118/13.0/Images/ACR-118/Retain DLL File.png","220711/SpyAgent-191118/13.0/Images/ACR-007/ACR-007_084_086-SetupAdminorStealthInstall.jpg","220711/SpyAgent-191118/13.0/Images/ACR-007/ACR-007_086_Hotkey.jpg","220711/SpyAgent-191118/13.0/Images/ACR-007/ACR-007_084_086-StealthConfigjpg.jpg","220711/SpyAgent-191118/13.0/Images/ACR-007/ACR-007_084_086-StealthModeNotice.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-086_Hotkey.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-084_086-StealthConfigjpg.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-084_086-SetupAdminorStealthInstall.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-084_086-StealthModeNotice.jpg","220711/SpyAgent-191118/13.0/Images/ACR-086/ACR-086-StealthDataandConfig.jpg"],"nonDeceptorImageFiles":["220711/SpyAgent-191118/13.0/Images/ACR-040/ACR-040_HiddenPath.jpg","220711/SpyAgent-191118/13.0/Images/ACR-065/SpyAgent_About.jpg","220711/SpyAgent-191118/13.0/Images/ACR-099/SpyAgent_About.jpg","220711/SpyAgent-191118/13.0/Images/ACR-099/SpyAgent_LandingPage.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-099/CheckOut Page.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-099/PurchasePage.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-123/ScheduledTask.jpg","220711/SpyAgent-191118/13.0/Images/ACR-167/ACR-167_Software_RefundPolicy.jpg","220711/SpyAgent-191118/13.0/Images/ACR-167/ACR-167_LandingPage_RefundPolicy.jpg","220711/SpyAgent-191118/13.0/Images/ACR-166/CheckOut Page.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-166/PurchasePage.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-171/CheckOut Page.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-017/SpyAgentsAwards.jpeg","220711/SpyAgent-191118/13.0/Images/ACR-161/Testimonials.jpeg"],"guid":"c747bd61-5145-4863-9958-1a987103008b_13.0_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"13.0","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":802},{"violations":{"ACR-048":"1. The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app. \n2. The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-117":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n","ACR-122":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n","ACR-014":"The app calls itself \"sysdiag.exe”, which is not related to the name \"spytech SpyAgent\", which misleads the targeted consumer\n","ACR-124":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove scheduled task even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\sysconfig\\sysdiag.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"38d881743e4ac7a455f80c2ba906462e","hashSHA1":"2a02a63b6a56487733f59e2acb7fa2700cc5997c","hashSHA256":"3b3345708a2bd7f3049717a27c00b04504e478f58d4c121727ddeb6dcda41505","digitalCertThumbprint":"4297EC5DB2607DEF6782B290EBCE98830E742075","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"1112","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"01a2a820106482f091490a3b7ade41c6","hashSHA1":"168165e585d255593fde513fd3cf3b157335a926","hashSHA256":"7bc3f089ab780ca4e83ef2faa462ece2a45f3979f2603c78b0f587a68c081bf0","digitalCertThumbprint":"4297EC5DB2607DEF6782B290EBCE98830E742075","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"1112","avBlockList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","Avira Internet Security (20230914)","Bitdefender Internet Security (20230914)","Dr.Web Security Space (20230914)","ESET Internet Security (20230914)","G DATA INTERNET SECURITY (20230914)","K7 Total Security (20230914)","Kaspersky Internet Security (20230914)","Malwarebytes Premium (20230914)","McAfee Total Protection (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Quick Heal Internet Security (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","Trend Micro Internet Security (20230914)","VIPRE Advanced Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)","Windows Defender (20230914)"],"avAllowList":["COMODO Antivirus (20230914)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://spytech-inc.com/dl040218/spyagent13.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spytech-inc.com/dl040218/spyagent13.zip","sourceIndex":"1112"}],"sampleFiles":["230508/SpyAgent-191118/13.1/Samples/Setup (password=spytech).exe"],"imageFiles":["230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_2.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_3.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_4.JPG","230508/SpyAgent-191118/13.1/Images/ACR-084/ACR-084_5.JPG","230508/SpyAgent-191118/13.1/Images/ACR-097/ACR-097.JPG","230508/SpyAgent-191118/13.1/Images/ACR-097/ACR-097_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-117/ACR-117.JPG","230508/SpyAgent-191118/13.1/Images/ACR-117/ACR-117_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-122/ACR-122.JPG","230508/SpyAgent-191118/13.1/Images/ACR-122/ACR-122_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-124/ACR-124.JPG","230508/SpyAgent-191118/13.1/Images/ACR-124/ACR-124_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_2.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_3.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_4.JPG","230508/SpyAgent-191118/13.1/Images/ACR-048/ACR-048_5.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_2.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_3.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_4.JPG","230508/SpyAgent-191118/13.1/Images/ACR-007/ACR-007_5.JPG","230508/SpyAgent-191118/13.1/Images/ACR-014/ACR-014.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_1.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_2.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_3.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_4.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_5.JPG","230508/SpyAgent-191118/13.1/Images/ACR-086/ACR-086_6.JPG"],"nonDeceptorImageFiles":["230508/SpyAgent-191118/13.1/Images/ACR-123/ACR-123.JPG"],"guid":"c747bd61-5145-4863-9958-1a987103008b_13.1_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"13.1","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":801},{"violations":{"ACR-048":"1. The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app. \n2. The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-117":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-122":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n","ACR-014":"The app calls itself \"sysdiag.exe”, which is not related to the name \"spytech SpyAgent\", which misleads the targeted consumer\n","ACR-124":"When tried to uninstall the app, it displays a prompt stating that the \"Spytech\" app is uninstalled but in actuality, the app does not get uninstalled.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove scheduled task even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\sysconfig\\sysdiag.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3fa19606c6066b52efcd35bb75ec29e0","hashSHA1":"238b3d5a6df751a8923bf39a976a7d9290cc9614","hashSHA256":"5d12c9e80b6debec44f4cba18ce9ee02c4063c80b7c63f8d76b2a8e739d89998","digitalCertThumbprint":"0F999A1FAF749C55BC095242AD221637850EE6AF","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"1015","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1dc5614fdfb5fd21be9a2cacdaef1224","hashSHA1":"4d48aa55ef25f2cbfd35bd90826dfdec6788591a","hashSHA256":"61ee0d89eb9e0a69c02f9f6a7b9a76bbed38706aca9dba2f86edbb097d6c2c6b","digitalCertThumbprint":"0F999A1FAF749C55BC095242AD221637850EE6AF","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"1015","avBlockList":["360 Total Security (20230824)","Avast Premium Security (20230824)","AVG Internet Security (20230824)","Avira Internet Security (20230824)","Bitdefender Internet Security (20230824)","COMODO Antivirus (20230824)","Dr.Web Security Space (20230824)","ESET Internet Security (20230824)","G DATA INTERNET SECURITY (20230824)","K7 Total Security (20230824)","Kaspersky Internet Security (20230824)","Malwarebytes Premium (20230824)","McAfee Total Protection (20230824)","Norton Security (20230824)","Panda Dome (20230824)","Quick Heal Internet Security (20230824)","Sophos Home Premium (20230824)","SpyHunter5 (20230824)","Total AV Antivirus Pro (20230824)","Trend Micro Internet Security (20230824)","VIPRE Advanced Security (20230824)","VirIT eXplorer PRO (20230824)","Webroot SecureAnywhere (20230824)","Windows Defender (20230824)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spytech-web.com/index.shtml","directDownloadingLink":"https://spytech-inc.com/dl040218/spyagent14.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spytech-inc.com/dl040218/spyagent14.zip","sourceIndex":"1015"}],"sampleFiles":["230705/SpyAgent-191118/14.0/Samples/Setup (password=spytech).exe"],"imageFiles":["230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084_2.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084_3.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACr-084_4.JPG","230705/SpyAgent-191118/14.0/Images/ACR-084/ACR-084_5.JPG","230705/SpyAgent-191118/14.0/Images/ACR-097/ACR-097.JPG","230705/SpyAgent-191118/14.0/Images/ACR-097/ACR-097_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-117/ACR-117.JPG","230705/SpyAgent-191118/14.0/Images/ACR-117/ACR-117_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-118/ACR-118.JPG","230705/SpyAgent-191118/14.0/Images/ACR-122/ACR-122.JPG","230705/SpyAgent-191118/14.0/Images/ACR-122/ACR-122_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-124/ACR-124.JPG","230705/SpyAgent-191118/14.0/Images/ACR-124/ACR-124_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_2.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_3.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_4.JPG","230705/SpyAgent-191118/14.0/Images/ACR-048/ACR-048_5.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007_2.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007_3.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACR-007_4.JPG","230705/SpyAgent-191118/14.0/Images/ACR-007/ACr-007_5.JPG","230705/SpyAgent-191118/14.0/Images/ACR-014/ACR-014.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_1.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_2.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_3.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_4.JPG","230705/SpyAgent-191118/14.0/Images/ACR-086/ACR-086_5.JPG"],"nonDeceptorImageFiles":["230705/SpyAgent-191118/14.0/Images/ACR-123/ACR-123.JPG"],"guid":"c747bd61-5145-4863-9958-1a987103008b_14.0_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"14.0","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":800},{"violations":{"ACR-048":"1. The app requires a hotkey or password and is limiting the targeted consumer's ability to open, close, delete, disable, or uninstall the app. \n2. The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it. \n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app, app icon, processes, and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey and password to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-097":"The install prompts the consumer to temporarily disable any Anti-virus software. \n","ACR-116":"The app does provide an option to hide its uninstaller from using standard platform method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app calls itself \"sysdiag.exe”, which is not related to the name \"spytech SpyAgent\", which misleads the targeted consumer\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove scheduled task even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\sysconfig\\sysdiag.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ca42986b8f1a4dd38fed0ab0281b26fc","hashSHA1":"53be5b2a1334d45ef9dcd5839277c4aec5b84683","hashSHA256":"8188c9883b46eceed07cc494ac29a02a1506934fcdd3841ea21d7f30fdfbf16b","digitalCertThumbprint":"0F999A1FAF749C55BC095242AD221637850EE6AF","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"807","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup (password=spytech).exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"5217ea0a5e5f6826f55b6e11addf098f","hashSHA1":"b363f0173dc171c3f8b4a2a4e49de23316b7f40e","hashSHA256":"d06d43488f63eaf56f4afd90e656393a65904e3b049e614d2adb0d8bcf8d3caf","digitalCertThumbprint":"0F999A1FAF749C55BC095242AD221637850EE6AF","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Spytech Software and Design Inc.","storeId":"","sourceIndex":"807","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://www.spytech-web.com/index.shtml","directDownloadingLink":"https://spytech-inc.com/dl040218/spyagent14.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spytech-inc.com/dl040218/spyagent14.zip","sourceIndex":"807"}],"sampleFiles":["231116/SpyAgent-191118/14.1/Samples/Setup%20(password%3Dspytech).exe"],"imageFiles":["231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084.PNG","231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084_2.PNG","231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084_3.PNG","231116/SpyAgent-191118/14.1/Images/ACR-084/ACR-084_5.PNG","231116/SpyAgent-191118/14.1/Images/ACR-097/ACR-097.PNG","231116/SpyAgent-191118/14.1/Images/ACR-097/ACR-097_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-116/ACR-116.PNG","231116/SpyAgent-191118/14.1/Images/ACR-116/ACR-116_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-118/ACR-118.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_2.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_3.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_4.PNG","231116/SpyAgent-191118/14.1/Images/ACR-048/ACR-048_5.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_2.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_3.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_4.PNG","231116/SpyAgent-191118/14.1/Images/ACR-007/ACR-007_5.PNG","231116/SpyAgent-191118/14.1/Images/ACR-014/ACR-014.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_1.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_2.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_3.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_4.PNG","231116/SpyAgent-191118/14.1/Images/ACR-086/ACR-086_5.PNG"],"nonDeceptorImageFiles":["231116/SpyAgent-191118/14.1/Images/ACR-123/ACR-123.PNG"],"guid":"c747bd61-5145-4863-9958-1a987103008b_14.1_1","appID":"SpyAgent-191118","dateAdded":"231116","deceptorType":"App","name":"SpyAgent","company":"Spytech Software and Design Inc.","version":"14.1","lastKnownStatus":"Deceptor:11.10.19;11.40.20;11.50.20;12.16;13.0;13.1;14.0;14.1","lastKnownDate":"231116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-11-16T19:28:01.9414255+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":8,"sortOrder":799},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-103":"The \"Buy now\" option in the software and Landing page (https://order.mycommerce.com/cart/view) returns an error page.\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates and other executables even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"appletvvideoconverter.exe","isInstaller":"True","companyName":"","productName":"Cute Apple TV Video Converter","productVersion":"                    ","fileVersion":"","hashMD5":"b0fe0a1735cbcdd8ea1616e186777f19","hashSHA1":"fa908aacd9307d8a8e1954054351379ff8030028","hashSHA256":"014ef0c82f8afc8e24d1101caa1c85c26f4454df07e4bc05f99da042038eecea","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["COMODO Antivirus (20231214)","Trend Micro Internet Security (20231214)"]},{"isRevoked":"False","fileName":"audioconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Audio Converter Free Vesrion                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"529143430c3dcd3a12858e7d5fbaa985","hashSHA1":"48f7ec56c78b0f95e5d8ae855810106a4b0dac03","hashSHA256":"33c88839b622d8cd7dd810c3658cd19cb0ad49c91533b8f1a2aec9d219b83da6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","COMODO Antivirus (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["Trend Micro Internet Security (20231214)"]},{"isRevoked":"False","fileName":"audiomixer.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Audio Mixer                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b161d93bab080bcf7748c390cf74e95e","hashSHA1":"b7b51c22c678b9f4c7da4cd021f8aca46716cb85","hashSHA256":"c7641ded564c4460e4f9c5f906d1c804312c5669a189c41c4fcf3b2a4eecd1a2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231214)","Avast Premium Security (20231214)","AVG Internet Security (20231214)","Avira Internet Security (20231214)","Bitdefender Internet Security (20231214)","Dr.Web Security Space (20231214)","ESET Internet Security (20231214)","G DATA INTERNET SECURITY (20231214)","K7 Total Security (20231214)","Kaspersky Internet Security (20231214)","Malwarebytes Premium (20231214)","McAfee Total Protection (20231214)","Norton Security (20231214)","Panda Dome (20231214)","Quick Heal Internet Security (20231214)","Sophos Home Premium (20231214)","SpyHunter5 (20231214)","Total AV Antivirus Pro (20231214)","VIPRE Advanced Security (20231214)","VirIT eXplorer PRO (20231214)","Webroot SecureAnywhere (20231214)","Windows Defender (20231214)"],"avAllowList":["COMODO Antivirus (20231214)","Trend Micro Internet Security (20231214)"]},{"isRevoked":"False","fileName":"aviconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute AVI Converter                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"34af0158863efbe5fbc3280eb0962eba","hashSHA1":"564706b0626ec9c3bdec511f76a80a4f5d296f6a","hashSHA256":"2352a90d24f9a414c749bcf9cd67daa0f54069ea7189f9e4bdac9b4d53d45e30","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"avitomovconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute AVI to MOV Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1d0c5a1604daae0fc4374e9df14ffaa0","hashSHA1":"a4367dd48263ce1511bdc582f08894b7b35c23be","hashSHA256":"391dcf697e414f295b4686a2c2b1cb3539e7243248eeabd865ee00ac6b695ca1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"avitoswfconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute AVI to SWF Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"05505cd5e1cf1d7d4f71321fbf4aad48","hashSHA1":"af0a6810ed644d544614d92625e6660839457ce2","hashSHA256":"0496daea5cd48ace9d4f1eefa2d6e7688d000cf46872bcf687de8fc1f5946763","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","COMODO Antivirus (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"cutedvdripper.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD Ripper                                             ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b4f09df4049e132dbad68853b37f08e2","hashSHA1":"008c8656100e1560caf2407e1d034e1afbd0f132","hashSHA256":"7fac2e25d01e5e6b263fd1478ac3a0ce9dc2e54a39bc262a6c7f5f12d3262452","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"divxconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DivX Converter                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e03aea4ceedf5ec7dafdf864c827262d","hashSHA1":"638f8e722a6cbef9cf42cc0aacf610a602d98cf3","hashSHA256":"4ef7e5863cc1acfa7cdc9fc2f0c9283abc3205fd966ee108a35372d34fa83034","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"dvdto3gpconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to 3GP Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"19639570c42b6290c742b92addbd53d1","hashSHA1":"a76b9de6f6ac30ac84cfbe7ebad7c5df8648239e","hashSHA256":"bc1921fe6543bbf6fdfccaccd3495f5dd5d9cb746bdeb3cc21c835cc31a3e10e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"dvdtoflvconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to FLV Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"07178da530eaff4475d06488dc9aeeb9","hashSHA1":"2889b0320261dcae14a7546ae1f913a8f85362de","hashSHA256":"45f6f11dc54fe62cc44b04a95e198676ff5f36684deb10ba9feaf5c7d42b90cc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["COMODO Antivirus (20231219)","Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"dvdtoiphoneconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to iPhone Converter                                ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"0f375ac8088ef1bae63d6fe1a988e805","hashSHA1":"f646b7ad188da5f7ed0696cf2fac6b970cd31774","hashSHA256":"d106d7e5a81b50a937c4363ec66035ec7efe409427ba3fa0b995b3ac4c4d3a8c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231219)","Avast Premium Security (20231219)","AVG Internet Security (20231219)","Avira Internet Security (20231219)","Bitdefender Internet Security (20231219)","COMODO Antivirus (20231219)","Dr.Web Security Space (20231219)","ESET Internet Security (20231219)","G DATA INTERNET SECURITY (20231219)","K7 Total Security (20231219)","Kaspersky Internet Security (20231219)","Malwarebytes Premium (20231219)","McAfee Total Protection (20231219)","Norton Security (20231219)","Panda Dome (20231219)","Quick Heal Internet Security (20231219)","Sophos Home Premium (20231219)","SpyHunter5 (20231219)","Total AV Antivirus Pro (20231219)","VIPRE Advanced Security (20231219)","VirIT eXplorer PRO (20231219)","Webroot SecureAnywhere (20231219)","Windows Defender (20231219)"],"avAllowList":["Trend Micro Internet Security (20231219)"]},{"isRevoked":"False","fileName":"dvdtoipodconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to iPod Converter                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"ccb8259f013cfd825014a2942f7a6363","hashSHA1":"4f8d3756cbb735408d252c89218d8bd502249019","hashSHA256":"cde9d274bc82f431afd9f785c8eb56bd0bca492fa30d896680bc1d9571dcdaea","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtomkvconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to Mkv Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6b07510d61ec26e9def34fe85d6664c8","hashSHA1":"dcca784ea066f4d177a0dff38d840894255f985c","hashSHA256":"73bf080f2aee2d7b74eccd284bf20756dff7d43b330ea62050ce503c4ec3ffc6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtomovconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to MOV Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"df2d910294b3cd88a237ec1468711129","hashSHA1":"d05ada3d929f9fe0aa35f76dfc84e399587beaad","hashSHA256":"b3bbf3d067fd7b915c77ac7a6da9500313868fd09b3d378dd8af6ccb96ca7f87","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtomp4converter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to MP4 Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"210cb48b1d7442fe9b7714b13836692e","hashSHA1":"469ec7aff6dfd9ccb0f605b3a35618cae01d2972","hashSHA256":"4549e11dc2c29e0980562f1300cab5234a1c2bf124400a026a20c30e38015fbc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtopspconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to PSP Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b6973d35c0a46b0e7a082363ad1630e0","hashSHA1":"24fba253243fb5b8a75582433164846e54c8b114","hashSHA256":"aaaa622e88d46c9dd34d6f277ee70a3781ffa118561e1bc5aad252d3117946d7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtoswfconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to SWF Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2b850766731f8b024e038295fb46149c","hashSHA1":"19a78ac54407257d091bb256568ed6ad18b4be7b","hashSHA256":"96d399be0e47fe165a95821cef0b7fc772e868a80158d8237f9554eb5ea00fd1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtoxboxconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to Xbox Converter                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6798c634a588285abf7e786d4765d187","hashSHA1":"91f980f3d4bb7f3b567dd223fb11d57de89cb415","hashSHA256":"9876603d8890a85d4cbae936850180ef74941e957fb317a389ee47f7c6bd6473","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"dvdtozuneconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute DVD to Zune Converter                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"31fe3988041e52c5a49b05580c766fb2","hashSHA1":"c989940aaecda4d1f1f524633f290c338a5ee22b","hashSHA256":"cd660b30a04453861562b9f8a87f8b79f14bbba457727e0ec26c8ad4b0707bf1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"flvstreamingvideo.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute FLV Streaming Video Free Version                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5249dd768c5df9e4eda63baf3c75c9b6","hashSHA1":"1ea60fcf6b0f9373a1101638d9abd30d087d747e","hashSHA256":"6823a097ffa23dcee2042b709e4e1b6d24871a2ae1b030cbedd5ed0c5f7e88d6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)","Windows Defender (20231221)"]},{"isRevoked":"False","fileName":"flvtoswfconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute FLV to SWF Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"14efed3491e4af8b836346abf300013e","hashSHA1":"f5253833702985786471bd85fd6a718b1e4ece43","hashSHA256":"265c1f83a4d37d55965a193eb2942ca17b8b73b58feb522be38632d22387d35c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"flvvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute FLV Video Converter                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"86ebad1565d045cc2a4d6793a7a53c7d","hashSHA1":"8b36e933098aea501632039ee63ad9db71e24f32","hashSHA256":"61a945614789d77b57d10a8e2320b05a383626931b629a2d705d9ade48f34633","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"gifconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video to GIF Converter                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5d74ced97d93613f80a5ae9355a34269","hashSHA1":"35cc586d4f7a24febd364c9f2b1e0f4a66e1ff6b","hashSHA256":"9a61c51f461bb6521815c2b11f3c0d5a0c638aecbe94579e0786fd4a503fcae1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["COMODO Antivirus (20231221)","Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"hdvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute HD Video Converter                                     ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6748e4a3e760c973204670a609ad6246","hashSHA1":"301cf2b072051386a73c88b4b5fc8ae23c062f05","hashSHA256":"07fd5df2afc1eea8677a526591729e17cc054648c790e3821885a0dac928d87f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231221)","Avast Premium Security (20231221)","AVG Internet Security (20231221)","Avira Internet Security (20231221)","Bitdefender Internet Security (20231221)","COMODO Antivirus (20231221)","Dr.Web Security Space (20231221)","ESET Internet Security (20231221)","G DATA INTERNET SECURITY (20231221)","K7 Total Security (20231221)","Kaspersky Internet Security (20231221)","Malwarebytes Premium (20231221)","McAfee Total Protection (20231221)","Norton Security (20231221)","Panda Dome (20231221)","Quick Heal Internet Security (20231221)","Sophos Home Premium (20231221)","SpyHunter5 (20231221)","Total AV Antivirus Pro (20231221)","VIPRE Advanced Security (20231221)","VirIT eXplorer PRO (20231221)","Webroot SecureAnywhere (20231221)","Windows Defender (20231221)"],"avAllowList":["Trend Micro Internet Security (20231221)"]},{"isRevoked":"False","fileName":"iphonevideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute iPhone Video Converter                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"74a83bb41700bd7321e1f6168fe66202","hashSHA1":"3a5dae765f3b8bd4982bf0fb48e76f506ec0016e","hashSHA256":"14549ec516738d9a8c5cabeac060ba35d4e80619cd3150db13a8adc9ec47f4ba","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"ipodvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute iPod Video Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"bd2768e7713eb2c4f96abf2c8178a252","hashSHA1":"d31ff29c1f2c6b9e6e9e87a29480b54a1dcc530d","hashSHA256":"03dab2f0b30ead37347fb354a773e3ae3f3b8262e3ddb9eaded19a2caa46505a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"mobilevideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Mobile Video Converter                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5c1de8a3634bbb6bf4d9099f2f7c8a88","hashSHA1":"53565b20f01f8bd16cea1b0cbbdb8ca67821ee96","hashSHA256":"899b5a40fb6b1325bc8bb104fdbb8d3c7eb66c2d7ca7ec542da77f3311b4f5f4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"movtoflvconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute MOV to FLV Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5099c18ded3efc799977512f12314734","hashSHA1":"d91e9ba8d736a1c1f9b63cce1977ccac8ac62b4b","hashSHA256":"5f9150a8045a43245e3aa4e8215e0d6fa5f493459c547908dd5e5eeee3757a73","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"mp4toaviconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute MP4 to AVI Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2a5b4eb7d0482c1480b9961805f429ca","hashSHA1":"921d35d288ffa965ac8d96d592d3fdeeaf1508aa","hashSHA256":"7966ed4dbf2a89ba5a87601988626549d7fd14d4d01a388c8e47ba7dd67a6d72","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["COMODO Antivirus (20231226)","Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"photoslideshow.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Photo Slideshow Free Version                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"14bfccd5d3ab3a30c9b3803a042a1401","hashSHA1":"273a6adbf197678a6dcdc0dfab3b7573021225cb","hashSHA256":"472aa398981c7cca5d905f37c473845ec4ea243b3235753b83d6439a4999f155","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"pspvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute PSP Video Converter                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"561178e29bb164a8c7fb1a1f4f320936","hashSHA1":"b087d36f4666d0435c7715bf77f7b62e5451e543","hashSHA256":"43bf763472baaf874292a01db9aaf8d3b6de3ff507d5e9bc05c58458d9db7067","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"screenrecorderfree.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Screen Recorder Free Version                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"8e54fd3a9c02cc0fe35f474e8698a5c2","hashSHA1":"6b1647cbbbe0e11ccb0f538f32e4f7132d683b33","hashSHA256":"eb22ffe6905c3d6f892fe04d711a6bfa15cc124ad74924309b959813353b7669","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["COMODO Antivirus (20231226)","Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"swfconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute SWF Converter                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6f084dc99ef1b40d23c8383ab0bbb138","hashSHA1":"2dc8ec98cb40f65da185746a0686d41295a762eb","hashSHA256":"adfe9c600e6ba30fb556b8f1d39c296e8acd3a7d9621a25ea8c671f714351901","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"videocutter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video Cutter                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"50cbed9f3e5c865c3f1ac6db359e4084","hashSHA1":"7b5363797dcbc9ac722ff7a486cfa7aac50a809a","hashSHA256":"4dd6ec87573815dbbf9dac9f7fc9c5d471a752cafc13cde47777770d46fdbeb1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"videodubfree.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video Dub Free Version                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4f840a6ebeba9aad37e9b4988c3e5ce4","hashSHA1":"6eb2b453cac2804a61f2201bbb2c8064146c9599","hashSHA256":"7d1274344aa43d74a4fd6867e095ca2f6b74507779f154471d671cddc4ffa2fa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231226)","Avast Premium Security (20231226)","AVG Internet Security (20231226)","Avira Internet Security (20231226)","Bitdefender Internet Security (20231226)","COMODO Antivirus (20231226)","Dr.Web Security Space (20231226)","ESET Internet Security (20231226)","G DATA INTERNET SECURITY (20231226)","K7 Total Security (20231226)","Kaspersky Internet Security (20231226)","Malwarebytes Premium (20231226)","McAfee Total Protection (20231226)","Norton Security (20231226)","Panda Dome (20231226)","Quick Heal Internet Security (20231226)","Sophos Home Premium (20231226)","SpyHunter5 (20231226)","Total AV Antivirus Pro (20231226)","VIPRE Advanced Security (20231226)","VirIT eXplorer PRO (20231226)","Webroot SecureAnywhere (20231226)","Windows Defender (20231226)"],"avAllowList":["Trend Micro Internet Security (20231226)"]},{"isRevoked":"False","fileName":"videotoaudioconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video to Audio Converter                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4b0e426f4afeb88cf659fa9843638cdd","hashSHA1":"19ba9e4793b1e6238250ba6d4f2c2dd0863f17aa","hashSHA256":"e26a66eb4fed6d6311bfb16e221c65d6ace3e8772cbe4cfd10c56e34e8f321aa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["Trend Micro Internet Security (20231228)"]},{"isRevoked":"False","fileName":"videowatermark.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video Watermark                                        ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"51a646854e9536229cc5f0405b1d9c44","hashSHA1":"d60dd8eb9263691a84b0d1c9f54c2dc99f5ee247","hashSHA256":"c106bbf3864d271c9ada93fa918e9387090ff05056454dc77a5b71751cca9dfd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["Trend Micro Internet Security (20231228)"]},{"isRevoked":"False","fileName":"wmv3gpconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute WMV 3GP Converter                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"bd672aba009a4fa6efb31b5d7d93f2bb","hashSHA1":"569b76701ed273f3ad5b67b9df883a908c53dfef","hashSHA256":"256c0343cc02706c1736a887e0db79dcab8ec9ae1eaadf9ec0df8473aa8cb13b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["COMODO Antivirus (20231228)","Trend Micro Internet Security (20231228)"]},{"isRevoked":"False","fileName":"wmvmp4converter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute WMV MP4 Converter                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3f9d6262a16d17a0729451e9bfaca037","hashSHA1":"df5583335e31afcd1da408a61dadeb45fd4a7f17","hashSHA256":"1c57fb46e1334f07e1e322521775f8abab11a79d3f4c13b204399ec024d5e728","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["Trend Micro Internet Security (20231228)"]},{"isRevoked":"False","fileName":"xboxvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Xbox Video Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"94188a257c76e970900026e44476d5d8","hashSHA1":"04b58616cc76f46fc6f463bc441e77334304b57b","hashSHA256":"fe9a7c07638e4b1a1b34fdad65fb936f48bfeb793cfbea83939ae7322110465a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","COMODO Antivirus (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xvidconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute XviD Converter                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5156c2c9aa6c70146fde6a4e1aabb2d7","hashSHA1":"bd1ad4e5421d69d69822e536b69db1ccc841e2ec","hashSHA256":"0251c2897e5af4b0236ca46a00f8df4139e8a4e84a12bf1a6d43423d4e923844","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20231228)","Avast Premium Security (20231228)","AVG Internet Security (20231228)","Avira Internet Security (20231228)","Bitdefender Internet Security (20231228)","Dr.Web Security Space (20231228)","ESET Internet Security (20231228)","G DATA INTERNET SECURITY (20231228)","K7 Total Security (20231228)","Kaspersky Internet Security (20231228)","Malwarebytes Premium (20231228)","McAfee Total Protection (20231228)","Norton Security (20231228)","Panda Dome (20231228)","Quick Heal Internet Security (20231228)","Sophos Home Premium (20231228)","SpyHunter5 (20231228)","Total AV Antivirus Pro (20231228)","Trend Micro Internet Security (20231228)","VIPRE Advanced Security (20231228)","VirIT eXplorer PRO (20231228)","Webroot SecureAnywhere (20231228)","Windows Defender (20231228)"],"avAllowList":["COMODO Antivirus (20231228)"]},{"isRevoked":"False","fileName":"zunevideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Zune Video Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"60d24728cf56784553b7d6c7109d4ab2","hashSHA1":"bd76688ea8cbd26c45d4745d34e6262c20609a05","hashSHA256":"9bef770e65bb1c5f7c8003c50ff018edf2996dfdf1760f9965dddccd92a82292","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)","Windows Defender (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)"]},{"isRevoked":"False","fileName":"3gpvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"d563daef7c52311007b9d55abe671729","hashSHA1":"f27da9907624df86c6a5754979e4053a64961b80","hashSHA256":"7164caea561c72e23ba475aac507b279a75f518d3f3a05744317ec201ae73b6d","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"appletvvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"db980bd11515639ff7e9cc392b5a5a60","hashSHA1":"ed43b077f4208a99d6e7e09db9c26c9d4fadead3","hashSHA256":"79594e73a9bc4ac4bd77490d5afa3c24616bead2acea384932a6ee0e8cfd9e1b","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Quick Heal Internet Security (20240102)","Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"audioconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c3f26f3f93a5a8d23a7398776d009fe8","hashSHA1":"d7fae4bc18d1b6b25afa80a4d81fa7a8fb67a0e9","hashSHA256":"17e5e7b5b869a4fca46ef4b2360ab77b3ec0616e5da9d88e461d270ae0679608","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"audiomixer_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"146e67f82a421d1240a7d2ff9c5f393f","hashSHA1":"ef08a706a8457b3557e2e31c99679fd3a1c44386","hashSHA256":"5d9432be945dfe809c02a56dee111881812922f224937de2bbf874c8732b80db","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"aviconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0e5312deb16c345dfd12e485b055c928","hashSHA1":"a62d6344a18c689c96598570a069e362ccb8dc8c","hashSHA256":"47ed532f48aa5166c7f8322cfd1b16dfb122f59877db8e9b510626e129248588","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"avitomovconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2e4482e3ebdc23c214702cf6dbd426eb","hashSHA1":"53096b2b7224dc7146238001c1c20e219d5ade67","hashSHA256":"20a652de1afa516b04818a2632b0d89a7a8d80727e9033ec08d3741552bbde0c","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"avitoswfconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"348846a7543a1c6b00f3f8bcccdc2038","hashSHA1":"9a57b08ab06bb468676c2cf68afbc19eb43608eb","hashSHA256":"83a4fa1e90a5738aa08424c169a30a3dc3ea172263fc344df3e7b1ff931547c0","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"cutedvdripper_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"7d394d81e51a19bd5e9f16d73cea9686","hashSHA1":"7737a5e9111855c03778618f58f26b6c074bf27f","hashSHA256":"a1fefd35af0874ea728668d524872bfa07a0d3dc67f0adfc50524f717d2c6986","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"divxconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f4bb1e17c7ba52a3b40b4facc36a7b2c","hashSHA1":"0b0ef5cefbe2d0b4a0c3e6c8e576c4bd95d7793f","hashSHA256":"11457ec889fe81c735903c7f10d48b53368889dd42840cf0930e6d4d98bc4625","sourceIndex":"813","avBlockList":["360 Total Security (20240102)","Avast Premium Security (20240102)","AVG Internet Security (20240102)","Avira Internet Security (20240102)","Bitdefender Internet Security (20240102)","COMODO Antivirus (20240102)","Dr.Web Security Space (20240102)","ESET Internet Security (20240102)","G DATA INTERNET SECURITY (20240102)","K7 Total Security (20240102)","Kaspersky Internet Security (20240102)","Malwarebytes Premium (20240102)","McAfee Total Protection (20240102)","Norton Security (20240102)","Panda Dome (20240102)","Quick Heal Internet Security (20240102)","Sophos Home Premium (20240102)","SpyHunter5 (20240102)","Total AV Antivirus Pro (20240102)","VIPRE Advanced Security (20240102)","VirIT eXplorer PRO (20240102)","Webroot SecureAnywhere (20240102)"],"avAllowList":["Trend Micro Internet Security (20240102)","Windows Defender (20240102)"]},{"isRevoked":"False","fileName":"dvdto3gpconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"642df4df7abbb00d7374cb44c3058873","hashSHA1":"0ee467e3bcc8d4dd8bcea0fd04e36e041383a4d7","hashSHA256":"1e0a6ca329a6935937f3bdfbab0f7490dd15979cb5a357987ba1f2a0b173829b","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoflvconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"dc12e233315fa8477dbfa66ca1243be2","hashSHA1":"1dd67aed50d52b063ca1c491d6eab8391c99bc50","hashSHA256":"e71b82b592c9346b38b0e20777f0ab16b2384b06a393007b75ea697684b7d19b","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoiphoneconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"30f57ff5624d043ba22b768cec2b25bf","hashSHA1":"2de8016b7e417e2c8f02c07ac44bbdb54a4c3924","hashSHA256":"c18857fa8d593f302be04a3748f0bb86e8cd99646ab5e65ed6411603d2caea54","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoipodconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3b4b7bcfa8156bff1178a4568bed778a","hashSHA1":"53517b315b8c3e8afbda3009d428562eb49955af","hashSHA256":"f72861fef43e075c7aee92ff447f488c9ef2633a3cf72e7fad04efbf5279e9d8","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Quick Heal Internet Security (20240104)","Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtomkvconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9e10aa1c0d0eaface9c25888854e31e8","hashSHA1":"39602179375d67e5a813d4c3dd385589fda51d6d","hashSHA256":"06c61e7527944edd9ccfb1d3e5a49e03032b555077f9639e0818aad3ec3b79c6","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtomovconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c1b0853a5b97c9d23d642d8aa42b644c","hashSHA1":"c53ec1929a2adfe9647d442f28bc9ce79cd7a6e4","hashSHA256":"e116f0ed8b75428b63a854c58a8f2bf88955566951b78345e979824e75b25418","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtomp4converter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3f8edf2b18c3b307a9f4f456e502e872","hashSHA1":"84b75fb7d2b5c5143ddaf1ffb994ca5934a9ba4d","hashSHA256":"d578043e8293ad131c9cefff932cee9527b3d3fa1b160ce66d73b755eb6004d5","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Quick Heal Internet Security (20240104)","Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtopspconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3d50c5d2dff3056f9412553b9274290f","hashSHA1":"9b7de4197ba9f44985d67ebeac2c094d4ff34885","hashSHA256":"642e4142a5819c478fafaca52f57b782c627ea8cf0f4c057913399055846bb42","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Quick Heal Internet Security (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoswfconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2ea5d4d8bf5bf54c605c1fb9db550980","hashSHA1":"d846da60fb2f706035e199e5eeba4a1322bc29f3","hashSHA256":"f450fb47dacdb86fd842b07101bfd447acb4474b58f80287b451bdfe16dfce6a","sourceIndex":"813","avBlockList":["360 Total Security (20240104)","Avast Premium Security (20240104)","AVG Internet Security (20240104)","Avira Internet Security (20240104)","Bitdefender Internet Security (20240104)","COMODO Antivirus (20240104)","Dr.Web Security Space (20240104)","ESET Internet Security (20240104)","G DATA INTERNET SECURITY (20240104)","K7 Total Security (20240104)","Kaspersky Internet Security (20240104)","Malwarebytes Premium (20240104)","McAfee Total Protection (20240104)","Norton Security (20240104)","Panda Dome (20240104)","Sophos Home Premium (20240104)","SpyHunter5 (20240104)","Total AV Antivirus Pro (20240104)","VIPRE Advanced Security (20240104)","VirIT eXplorer PRO (20240104)","Webroot SecureAnywhere (20240104)"],"avAllowList":["Quick Heal Internet Security (20240104)","Trend Micro Internet Security (20240104)","Windows Defender (20240104)"]},{"isRevoked":"False","fileName":"dvdtoxboxconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"018abc782dc64684ea1be65ae2fa7e89","hashSHA1":"29e7a04f8cc1ec9431a59bc91801b11af4492d0c","hashSHA256":"4be33d91e68856623204d0835b987b074e99c1245606eff91cbbb6ff8f6d6448","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"dvdtozuneconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3d1b7bab72bc25806a909a66158ea34a","hashSHA1":"9c8e219dcb2c3f9450dc5a92323ffb5ebd61c024","hashSHA256":"10954778833a0c6eecd46c9ff3176c5e73c6599a23a50744123b6039748a9292","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Quick Heal Internet Security (20240111)","Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"flvstreamingvideo_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ac16bd577b2ef5e7dc119efa2b9431cc","hashSHA1":"5401e5c75467fc5f244051c40d499bf48d8f6c3a","hashSHA256":"363a634cb36bb85179197b73ba88c6cd13994365624c12a26816efbc8eb8ff70","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"flvtoswfconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"5e14a2481fbac8bb698ea42b43598853","hashSHA1":"b47121b0ff5cfb0fe62e84b936cb47dfa2e369b1","hashSHA256":"d07600b2bb147d95bb778c7dc4b7e78f5f4dbadad038c57fc4da67cbfbae3667","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Quick Heal Internet Security (20240111)","Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"flvvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4f29f1285f4c92a7de0a14d61360705b","hashSHA1":"e4ff9087f92e2c03d3e7ce56cdacd6e33496cc05","hashSHA256":"92558ba976d9d3a8d99dc66de60fed13ad9f5d9e49572cd2dd7b951f5c0f51df","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"gifconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6390ec9db3bcb8c6cacf3b8a01b27e68","hashSHA1":"be57fc1944bf6c19a7df95e939057f2cce17934c","hashSHA256":"7fb2c6065a61431d9d7896a760d5267c37d0965f9d082a4828dbbe092b7e4df9","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"hdvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"22468b6bd7973bb20b2975a568cd3a1d","hashSHA1":"c6e55b2c6f639d54a5c50c230f34317c78f0c548","hashSHA256":"1046904a2d073eb9d9e7574c1b84fe34d4e83a7ec69f35c56b4e3a31fc583d98","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Quick Heal Internet Security (20240111)","Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"iphonevideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"1a1f9b1a9befce736650534fba9bd1e5","hashSHA1":"8ffa06f6cd30e986ae0a4f04a13d3ff5ea91cd62","hashSHA256":"1ecf6dd0337ffe1001ebce652153dec31d8d7823589c1cccefca8d658f8aa2a2","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"ipodvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f56e3a268bc9c2efc625fc1893e81ac5","hashSHA1":"868fb2d5c8025addd87e32640a1e2a271fb8a05f","hashSHA256":"d9b50729ce9158f887c153c0077ba62dc27e7567b52ac5e7104dc84a32e13162","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"mkvconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"09f0db18e88713882e28caae7dcfdb9f","hashSHA1":"db79e7d94bb945d423e16709a12d0b6185a29fb9","hashSHA256":"fedd74c7f7fe59bb46d32b8433777ed34029479bee4ca210c08b1adda202d343","sourceIndex":"813","avBlockList":["360 Total Security (20240111)","Avast Premium Security (20240111)","AVG Internet Security (20240111)","Avira Internet Security (20240111)","Bitdefender Internet Security (20240111)","COMODO Antivirus (20240111)","Dr.Web Security Space (20240111)","ESET Internet Security (20240111)","G DATA INTERNET SECURITY (20240111)","K7 Total Security (20240111)","Kaspersky Internet Security (20240111)","Malwarebytes Premium (20240111)","McAfee Total Protection (20240111)","Norton Security (20240111)","Panda Dome (20240111)","Quick Heal Internet Security (20240111)","Sophos Home Premium (20240111)","SpyHunter5 (20240111)","Total AV Antivirus Pro (20240111)","VIPRE Advanced Security (20240111)","VirIT eXplorer PRO (20240111)","Webroot SecureAnywhere (20240111)"],"avAllowList":["Trend Micro Internet Security (20240111)","Windows Defender (20240111)"]},{"isRevoked":"False","fileName":"mobilevideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"80270ea274dc1e4e464394a1511fb2bd","hashSHA1":"e0568a1af31bf81d5ebe7ba01780e3f0b89d27fb","hashSHA256":"868c9e85d4d73245c898fcc52f51b812f3881a86ce9d11fb116dc9c98f7bb208","sourceIndex":"813","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"movconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"489f8c95432371188fba890f66f0fe26","hashSHA1":"765db0c41aeb57c4e4cc732efa27884a656c735b","hashSHA256":"aea57bf930d92e3350571741c20a3884392aa51e9fc71c6af580e065b5a986e7","sourceIndex":"813","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videoconverterfree_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a2e9658a50c1112accabd467980024d0","hashSHA1":"3d3c48a971d6e8da6c6430147ef014dc2634e180","hashSHA256":"bcb704552d991c2501e522a70e25db39b3eac252cd884c7f58fa72633021c37a","sourceIndex":"813","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","Trend Micro Internet Security (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videocutter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3da1bb87180c84f7b80b6465033dbf74","hashSHA1":"6353e4367aa85f16cbe4cf712ac4c6aa8d3457e8","hashSHA256":"4f7c17ef1f5d0d015005311f860fd71842f18fbe9c1f195db9cff7fc32c26f20","sourceIndex":"813","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Quick Heal Internet Security (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videodubfree_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"61ba428405dcaaf69925a4064e417fbc","hashSHA1":"c4db7c3a3071eb0db4225f68c82ff9e2bc91fcce","hashSHA256":"fe481c04c6636a342ac8edb70eca77228d8842ebaf90dfb033d4def740c345e0","sourceIndex":"813","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Quick Heal Internet Security (20240116)","Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videojoiner_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fdd18ba5af1079fdbe4951d22a973e3c","hashSHA1":"2de4ad50e98b0d5cb790c689b63ab69867f6ad27","hashSHA256":"2cf0909f8492fa07a80856c3c261f4d1513b9fa3506708c8c228fe17df151458","sourceIndex":"813","avBlockList":["360 Total Security (20240116)","Avast Premium Security (20240116)","AVG Internet Security (20240116)","Avira Internet Security (20240116)","Bitdefender Internet Security (20240116)","COMODO Antivirus (20240116)","Dr.Web Security Space (20240116)","ESET Internet Security (20240116)","G DATA INTERNET SECURITY (20240116)","K7 Total Security (20240116)","Kaspersky Internet Security (20240116)","Malwarebytes Premium (20240116)","McAfee Total Protection (20240116)","Norton Security (20240116)","Panda Dome (20240116)","Sophos Home Premium (20240116)","SpyHunter5 (20240116)","Total AV Antivirus Pro (20240116)","VIPRE Advanced Security (20240116)","VirIT eXplorer PRO (20240116)","Webroot SecureAnywhere (20240116)"],"avAllowList":["Quick Heal Internet Security (20240116)","Trend Micro Internet Security (20240116)","Windows Defender (20240116)"]},{"isRevoked":"False","fileName":"videotoaudioconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"277f0ee1f36a75e7f06d6071a32a29ed","hashSHA1":"be3f06b8d0d3f414edb41573b019ad50b737423b","hashSHA256":"a2235accb52cc1ca449ef2004968caa5742219461a583997d321eac7c74265da","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"videowatermark_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3847876eeb6fd8560f2819ba793a805e","hashSHA1":"fc80dba6b7c89327dfecc5b5f460e69ead57251e","hashSHA256":"bb9a5c4b2d35dc100659d9f376398dd45828f8f96282f2cf3dda0b2406d08a50","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"wmv3gpconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2a82a8e6b40b6103d59272b90a179ffa","hashSHA1":"9877d52b74875e955b2c84537fa99506669d4844","hashSHA256":"a055ae166e690df2317aca47c31ba9ee494eacbd17326da3406ad60ddf27ba8f","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)"],"avAllowList":["Quick Heal Internet Security (20240118)","Trend Micro Internet Security (20240118)","Webroot SecureAnywhere (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"wmvmp4converter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ef9a2b675641c5e272b7f8bba02e22b1","hashSHA1":"d820b8741c34ed6d2ad86b864d726f3d95bc3806","hashSHA256":"1c192299bee5fd35c0e5755d1e075c4c167120ac7662ce3f9902907e8ff53305","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"xboxvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c34b49692702302d461d78e7fb4fa684","hashSHA1":"60999510c0e4b516709d3645e72801742bd50297","hashSHA256":"407fb9d4ed07434fdd2a5d8091c292b3e86363778745ad3df6b52e7b929415a3","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"xvidconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"7905f2b8112c5991d3f94395f124d7f6","hashSHA1":"98c81931f2fb4baeb06f044657afeac07c8a8f10","hashSHA256":"9b7386bd4bca5835435d4f3102833471f5a14c4392e983f1885c1e145f9692a4","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"zunevideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b61122bf8b968098e95c9f2aa6ba1cda","hashSHA1":"00c481d60c6554cbc4f5df605f2f57afd1b2c0d1","hashSHA256":"eb92703fe74e71b9e8e0f4b81415ecd0ce746f9698beb295b23ff316322c2241","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"movtoflvconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"33b52c4d7d96c6e320fced94e7ceb53c","hashSHA1":"d297249921813045e73a351af70e32bcc2b8ad44","hashSHA256":"24e5cd4cfe8f68d9f31daf592c7490135ff22e5d8823aa9ba352224bdd064892","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)"],"avAllowList":["Quick Heal Internet Security (20240118)","Trend Micro Internet Security (20240118)","Webroot SecureAnywhere (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"movtomp4converter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2eb566d4304adcd788c0d0e982a11241","hashSHA1":"d77962ee0e3a44fa4efeeb5c2d0d23a4756d362b","hashSHA256":"d8faf14c2ff9ab2f92e6b85dbdba2e9d549e80af871f497304eeecc7159994f9","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Quick Heal Internet Security (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)"],"avAllowList":["Trend Micro Internet Security (20240118)","Webroot SecureAnywhere (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"mp4toaviconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"dfb87e75c82f0dc9bfd64df9b66be773","hashSHA1":"33f650089359eda59b38ca46c5ab325b346e6f83","hashSHA256":"048bfb4f7637e4e33250049aac094fbeb2b19732190f014d25864ee94cba8734","sourceIndex":"813","avBlockList":["360 Total Security (20240118)","Avast Premium Security (20240118)","AVG Internet Security (20240118)","Avira Internet Security (20240118)","Bitdefender Internet Security (20240118)","COMODO Antivirus (20240118)","Dr.Web Security Space (20240118)","ESET Internet Security (20240118)","G DATA INTERNET SECURITY (20240118)","K7 Total Security (20240118)","Kaspersky Internet Security (20240118)","Malwarebytes Premium (20240118)","McAfee Total Protection (20240118)","Norton Security (20240118)","Panda Dome (20240118)","Sophos Home Premium (20240118)","SpyHunter5 (20240118)","Total AV Antivirus Pro (20240118)","VIPRE Advanced Security (20240118)","VirIT eXplorer PRO (20240118)","Webroot SecureAnywhere (20240118)"],"avAllowList":["Quick Heal Internet Security (20240118)","Trend Micro Internet Security (20240118)","Windows Defender (20240118)"]},{"isRevoked":"False","fileName":"mp4videoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"89edb66a387da97e38470d9bb976658f","hashSHA1":"eb75d53e56c93104cb3d919116ff376731b3389c","hashSHA256":"c4017cace6be1c5c80dfde9968f4cd29bc0ea539616607eaaf43c2473c6052c9","sourceIndex":"813","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"photoslideshow_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4ce396a243569ec833ec8e039883557c","hashSHA1":"6e0e58d8d6ab4acf1cf8d9e5e63357aee1390616","hashSHA256":"4ee19ace952c8d0f0660eadd4fa89a0bfcb3f7409806375fef7d29db23fb36a9","sourceIndex":"813","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Quick Heal Internet Security (20240123)","Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"pspvideoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2bceac328c6ba40501da6c3219d289de","hashSHA1":"05a032597f021192451a21ec6ecc920067147bb8","hashSHA256":"e590e8f93f1119e25a51c3f45f3654abb16539290596da8051816056d315e8f6","sourceIndex":"813","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"screenrecorderfree_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"aefeee4174f0e8df7a8d6acf62f8295a","hashSHA1":"b27e13352a1e37610a29e47f1e00f6309aff39a9","hashSHA256":"c23b9e0165897362706a2d0db7a5cfddb73dd3f2e33522a032b80e6b2b5fa0e0","sourceIndex":"813","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Quick Heal Internet Security (20240123)","Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"swfconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"00ffa8a3e79f034480a76473a0683e73","hashSHA1":"eb45e4ea7d4e0eed07fdf2bf08f61688f5db4073","hashSHA256":"f6062e08f4b77140bbb670e0d10062f9aeba2a6a18c7c3b94ddcbf76216c21ac","sourceIndex":"813","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"videoaudiomergerfree_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"06442d1132b8658b9202c6865af89837","hashSHA1":"a8eee8f8f8abb0b89bfe7e6ea4f34e1034bf625d","hashSHA256":"e3bbf589a4a9d38e83acdc56aa25c55a69d28c7869ff2fcf24c4a1318ee638e6","sourceIndex":"813","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"videoconverter_231031.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ff3a6ede0d596bf928eb8171bcb781af","hashSHA1":"07a205d416274037969dd130a24aaec1939fd782","hashSHA256":"6ae35b55f10733fbc080a1d2b058abb138f6f08c62bea58adff4e3168293e3c1","sourceIndex":"813","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)","Windows Defender (20240123)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.videotool.net/","directDownloadingLink":"http://www.videotool.net/products.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.videotool.net/products.htm","sourceIndex":"813"}],"sampleFiles":["231114/VideotoolNetBundle-221026/4.8.0.16/Samples/appletvvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/audioconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/audiomixer.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/aviconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/avitomovconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/avitoswfconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/cutedvdripper.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/divxconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdto3gpconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoflvconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoiphoneconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoipodconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomkvconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomovconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomp4converter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtopspconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoswfconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoxboxconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtozuneconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvstreamingvideo.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvtoswfconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/gifconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/hdvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/iphonevideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/ipodvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mobilevideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/movtoflvconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mp4toaviconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/photoslideshow.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/pspvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/screenrecorderfree.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/swfconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videocutter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videodubfree.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videotoaudioconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videowatermark.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/wmv3gpconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/wmvmp4converter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/xboxvideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/xvidconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/zunevideoconverter.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/3gpvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/appletvvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/audioconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/audiomixer_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/aviconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/avitomovconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/avitoswfconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/cutedvdripper_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/divxconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdto3gpconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoflvconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoiphoneconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoipodconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomkvconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomovconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtomp4converter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtopspconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoswfconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtoxboxconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/dvdtozuneconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvstreamingvideo_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvtoswfconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/flvvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/gifconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/hdvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/iphonevideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/ipodvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mkvconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mobilevideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/movconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videoconverterfree_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videocutter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videodubfree_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videojoiner_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videotoaudioconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videowatermark_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/wmv3gpconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/wmvmp4converter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/xboxvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/xvidconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/zunevideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/movtoflvconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/movtomp4converter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mp4toaviconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/mp4videoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/photoslideshow_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/pspvideoconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/screenrecorderfree_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/swfconverter_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videoaudiomergerfree_231031.exe","231114/VideotoolNetBundle-221026/4.8.0.16/Samples/videoconverter_231031.exe"],"imageFiles":["231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-109/ACR-109_Install_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-109/ACR-109.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-010/ACR-010_Install_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-010/ACR-010.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-013/ACR-013_Install_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-103/ACR-103_Software_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-103/ACR-103.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118_Uninstall_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118_Uninstall_2.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118_Uninstall_3.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-118/ACR-118_1.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-059/ACR-059.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-155/ACR-155_Bundler-made offers_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-155/ACR-155.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-060/ACR-060_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-106/ACR-106_Software_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-106/ACR-106.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-092/ACR-092_Software_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-092/ACR-092.JPG","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-123/ACR-123_Uninstall_1.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-123/ACR-123_Uninstall_2.png","231114/VideotoolNetBundle-221026/4.8.0.16/Images/ACR-123/ACR-123_Uninstall_3.png"],"guid":"6604dee1-ca7d-4895-b842-234c87382b48_4.8.0.16_1","appID":"VideotoolNetBundle-221026","dateAdded":"231114","deceptorType":"Bundler","name":"Videotool Net Bundle","company":"Videotool.NET","version":"4.8.0.16","lastKnownStatus":"4.8.0.16","lastKnownDate":"231114","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-11-15T05:21:22.1618166+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":807},{"violations":{"ACR-109":"At installation, the app also suggest installing a Chrome Extension \"OrangeMonkey\" without prior acceptance or agreement during the installation process.\n","ACR-042":"A Chrome Extension \"OrangeMonkey\" was installed as an added feature without obtaining clear and explicit permission from the user at installation.\n\n","ACR-046":"The third party extension OrangeMonkey is automatically installed on the computer without providing distinct disclosure and option at installation. \n","ACR-048":"Application can't be uninstalled via standard platform interface (control panel-> programs ->uninstall a program)\n","ACR-055":"No decline option was provided at installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SF-Helper-%5B5534474486e3b869%23403%23%5D.exe","isInstaller":"True","companyName":"32/05 team","fileVersion":"1.7","hashMD5":"cb7540975a2d1643707fa30760b36c7b","hashSHA1":"5ae5cd61058dd0979e2c898bda1b07d26d041f3f","hashSHA256":"9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf","digitalCertThumbprint":"E46AC86AFC42FAC20875BAF04DF391B875DD3DFD","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=itproddev@gmail.com, CN=IT PRODUCT DEVELOPMENT LLC, O=IT PRODUCT DEVELOPMENT LLC, STREET=\"Avenue Sredny V.O, 85U room 57-N, room 7\", L=Saint Petersburg, S=Saint Petersburg, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1197847203014, OID.2.5.4.15=Private Organization","sourceIndex":"814","avBlockList":["Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","COMODO Antivirus (20240123)","ESET Internet Security (20240123)","K7 Total Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","Trend Micro Internet Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)","Windows Defender (20240123)"],"avAllowList":["360 Total Security (20240123)","Bitdefender Internet Security (20240123)","Dr.Web Security Space (20240123)","G DATA INTERNET SECURITY (20240123)","Kaspersky Internet Security (20240123)","VIPRE Advanced Security (20240123)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://en.savefrom.net","directDownloadingLink":"https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=5534474486e3b869&t=1699269379","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=5534474486e3b869&t=1699269379","sourceIndex":"814"}],"sampleFiles":["231110/SavefromHelper-231106/1.7.0.1/Samples/SF-Helper-%5B5534474486e3b869%23403%23%5D.exe"],"imageFiles":["231110/SavefromHelper-231106/1.7.0.1/Images/ACR-109/Agreement.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-109/OrangeMonkey.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-109/OrangeMonkey1.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-046/Agreement.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-046/OrangeMonkey.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-046/OrangeMonkey1.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-055/Agreement.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-042/Agreement.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-042/OrangeMonkey.jpg","231110/SavefromHelper-231106/1.7.0.1/Images/ACR-042/OrangeMonkey1.jpg"],"nonDeceptorImageFiles":[],"guid":"460a5310-2ec2-4b97-aedd-41cbf90013c8_1.7.0.1_1","appID":"SavefromHelper-231106","dateAdded":"231110","deceptorType":"App","name":"Savefrom.net Helper","company":"32/05 team","version":"1.7.0.1","lastKnownStatus":"1.7.0.1","lastKnownDate":"231110","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","lastUpdate":"2023-11-10T21:19:47.8801477+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":808},{"violations":{"ACR-042":"The app installs \"MAGIX Screenshare\" without obtaining the consumer's permission through explicit user action.\n","ACR-043":"Another app named MAGIX Screenshare was installed without disclosure.\n","ACR-003":"The app utilizes the word \"Problem\" in red color to a scan result that cannot be substantiated.\n","ACR-004":"The app uses alarming red and other traffic light colors to differentiate scan results , raising misleading sense of priority to the user. Scan results cannot be substantiated.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PC_Check_Tuning_Free_2011_DM.exe","isInstaller":"True","companyName":"MAGIX AG","fileVersion":"1.0","hashMD5":"49fed184017f961de50b0496c8aae447","hashSHA1":"fbd332a8da82cdbe9909823fb76049f90a3dd3eb","hashSHA256":"5b3e595d8ce13d578ded0a321dff354d09db1a456de18ab533957a4f19d936b2","digitalCertThumbprint":"D0B7F7021AE4CD7F80661F318410E7A8070C7B64","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Magix AG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Magix AG, S=Berlin, C=DE","sourceIndex":"256","avBlockList":["Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Malwarebytes Premium (20240123)","Norton Security (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VirIT eXplorer PRO (20240123)"],"avAllowList":["360 Total Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","Kaspersky Internet Security (20240123)","McAfee Total Protection (20240123)","Panda Dome (20240123)","Trend Micro Internet Security (20240123)","VIPRE Advanced Security (20240123)","Webroot SecureAnywhere (20240123)","Windows Defender (20240123)"]},{"isRevoked":"False","fileName":"TuningStart.EXE","companyName":"MAGIX AG","fileVersion":"6.0","hashMD5":"1ddd6c4c5cfeada3b6979421d168e93b","hashSHA1":"c0148ebc4b1804cfc010c7995212912970a0aec5","hashSHA256":"ad2dc19220b5bb5faff87ba9804c373a8f24ab96811d1c0c8db19900539a282d","digitalCertThumbprint":"E688AF90ADEE80DE60BEEC34F5893350795C27B3","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Magix AG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Magix AG, S=Berlin, C=DE","sourceIndex":"256","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.computerbild.de/download/Magix-PC-Check-Tuning-Free-5291351.html","directDownloadingLink":"https://d.computerbild.de/downloads/2971313/PC_Check_Tuning_Free_2011_DM.exe?__cbodl__=1699349120_b1b84d08e4d8ef0c5c7abfa9847f0900&_chksum_=49fed184017f961de50b0496c8aae447","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d.computerbild.de/downloads/2971313/PC_Check_Tuning_Free_2011_DM.exe?__cbodl__=1699349120_b1b84d08e4d8ef0c5c7abfa9847f0900&_chksum_=49fed184017f961de50b0496c8aae447","sourceIndex":"256"}],"sampleFiles":["231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Samples/PC_Check_Tuning_Free_2011_DM.exe","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Samples/TuningStart.exe"],"imageFiles":["231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-043/M_Screenshare.jpg","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-042/M_Screenshare.jpg","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-004/ACR-004.jpg","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-004/ACR-004_.jpg","231108/MAGICPCCheckAndTuning-231107/6.0.403.1052/Images/ACR-003/ACR-004.jpg"],"nonDeceptorImageFiles":[],"guid":"0d22b999-69b6-43a1-bfd0-842ae28e1dd4_6.0.403.1052_1","appID":"MAGICPCCheckAndTuning-231107","dateAdded":"231108","deceptorType":"App","name":"MAGIX PC Check & Tuning","company":"MAGIX AG","version":"6.0.403.1052","lastKnownStatus":"6.0.403.1052","lastKnownDate":"250102","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2025-01-02T19:09:25.4733596+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":809},{"violations":{"ACR-109":"The app installs \"Bonjour\", an Apple Inc. application without the consumer's consent.\n","ACR-042":"1. Some of the third-party components get dropped immediately after executing the installer, without the user's permission. Components are dropped before accepting the license agreement.\n2. App initiates network communications with 3rd party offer provider before obtaining user consent.\n3. The app installs \"Bonjour\", an Apple Inc. application without disclosing it to the user and gets user consent. \n","ACR-043":"1. Some of the third-party components get dropped immediately after executing the installer, without the user's permission. Components are dropped before accepting the license agreement.\n2. The app installs \"Bonjour\", an Apple Inc. application without disclosing it to the user and gets user consent. \n","ACR-048":"The app does not provide control to cancel the installation process.\nThe app does not provide any control to remove the background processes within the app settings\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-097":"The app adds a \"Bonjour Service\" exception to the Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with the \"Bonjour\" service application on the device without the consumer's consent. \n","ACR-039":"The app installs another app named \"Bonjour\", an Apple Inc. application without disclosing it to the user and its clear relationship to the main app installed. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the installed \"Bonjour\" service application even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"EpocCam 3.4.0.exe","isInstaller":"True","companyName":"NF001","productName":"Nearfile","productVersion":"7.14.2.0","fileVersion":"1.0.0.6608","hashMD5":"dbad26f300df922f1f04ec9c99d1c044","hashSHA1":"77ecd6c3b551aa01d4545de0d687f6d536d7affc","hashSHA256":"0352d0f3617da798c098b4638be2c5fc93178ddde3010dfced2fae43425aef30","digitalCertThumbprint":"39A4848ECEFD4F052A01F890AFD400C307AF7D77","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"6785719 Canada Inc.","storeId":"","sourceIndex":"817","avBlockList":["Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","K7 Total Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)"],"avAllowList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","Kaspersky Internet Security (20231116)","Quick Heal Internet Security (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","Windows Defender (20231116)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://nearfile.com/epoccam/","directDownloadingLink":"https://nearfile.com/download/epoccam/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://nearfile.com/download/epoccam/","sourceIndex":"817"}],"sampleFiles":["231106/EpocCam-231016/3.4.0/Samples/EpocCam 3.4.0.exe"],"imageFiles":["231106/EpocCam-231016/3.4.0/Images/ACR-109/ACR-109.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-039/ACR-039.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-043/ACR-043.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-043/ACR-043(1).JPG","231106/EpocCam-231016/3.4.0/Images/ACR-042/ACR-042.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-042/ACR-042_1.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-042/ACR-042(1).JPG","231106/EpocCam-231016/3.4.0/Images/ACR-048/ACR-048.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-084/ACR-084.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-097/ACR-097_Software_1.png","231106/EpocCam-231016/3.4.0/Images/ACR-048/ACR-048_1.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-118/ACR-118.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-118/ACR-118_1.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-118/ACR-118_2.JPG"],"nonDeceptorImageFiles":["231106/EpocCam-231016/3.4.0/Images/ACR-123/ACR-123.JPG","231106/EpocCam-231016/3.4.0/Images/ACR-123/ACR-123_1.JPG"],"guid":"b8fcc7a3-2a81-4a45-a1a0-99073177846c_3.4.0_1","appID":"EpocCam-231016","dateAdded":"231106","deceptorType":"Bundler","name":"EpocCam","company":"Elgato","version":"3.4.0","lastKnownStatus":"3.4.0","lastKnownDate":"231106","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"inject ads","lastUpdate":"2023-11-08T21:06:53.2107035+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":810},{"violations":{"ACR-042":"App drops potential offer app info in hidden folder without user permission.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"Yandex offer is still downloaded and installed despite unchecking during installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ABViewer.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ab3bd1fa34817eee23d637aa5e816e0e","hashSHA1":"3a1c613eda6dd4dfe26f9b208625d7242767afa4","hashSHA256":"f6c401f362716aadccc56ef1e35fb2dbba893a4d699a8b337e2aaac8da911d23","digitalCertThumbprint":"8222EAB8AE1D7CB69EB6D497A2B63E5E5DBCF8E9","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=ap@maombi.com, CN=LLC Maombi Ru, O=LLC Maombi Ru, STREET=\"ul Presnenskiy Val, 27 / str 9 pomeshch. III Chast Komnaty 5\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1177746572684, OID.2.5.4.15=Private Organization","sourceIndex":"840","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","ESET Internet Security (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","G DATA INTERNET SECURITY (20231102)","Malwarebytes Premium (20231102)","McAfee Total Protection (20231102)","Quick Heal Internet Security (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","Windows Defender (20231102)"]},{"isRevoked":"False","fileName":"Ad_Muncher.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"d9c8dc6a68624235d040f8b4130f0dc7","hashSHA1":"e4c3046bf8fdde8fabdd653145eb7eb1484f3717","hashSHA256":"60aef716cbc4c846155c9fb34842470275125e2b9a96bc4e13d34e138fc957c7","digitalCertThumbprint":"8222EAB8AE1D7CB69EB6D497A2B63E5E5DBCF8E9","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=ap@maombi.com, CN=LLC Maombi Ru, O=LLC Maombi Ru, STREET=\"ul Presnenskiy Val, 27 / str 9 pomeshch. III Chast Komnaty 5\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1177746572684, OID.2.5.4.15=Private Organization","sourceIndex":"840","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","COMODO Antivirus (20231102)","ESET Internet Security (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","Norton Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Bitdefender Internet Security (20231102)","Dr.Web Security Space (20231102)","G DATA INTERNET SECURITY (20231102)","McAfee Total Protection (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","Windows Defender (20231102)"]},{"isRevoked":"False","fileName":"AppRemover.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"cf0059fe0dc933373f468f9d8855f162","hashSHA1":"9cb840e16e5bd08c7f2a9070c982779875cf5e5a","hashSHA256":"fea787f9f3014e78e08f12eeea1d6870d231a44b649ba86168b3e8a1b77453c5","digitalCertThumbprint":"8222EAB8AE1D7CB69EB6D497A2B63E5E5DBCF8E9","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=ap@maombi.com, CN=LLC Maombi Ru, O=LLC Maombi Ru, STREET=\"ul Presnenskiy Val, 27 / str 9 pomeshch. III Chast Komnaty 5\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1177746572684, OID.2.5.4.15=Private Organization","sourceIndex":"840","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","ESET Internet Security (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","Norton Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","G DATA INTERNET SECURITY (20231102)","McAfee Total Protection (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","Windows Defender (20231102)"]},{"isRevoked":"False","fileName":"EasyRecovery_Professional_11.5.0.3.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"5ef4a33f62fea68ba1ff961933caabca","hashSHA1":"8ca2976c22cd9eb58889a5ca28c965cb979fc70b","hashSHA256":"4d41af2b81a016bf0e46cb511fc4c15b6b815c530067b4f786c3c992e7efcd15","digitalCertThumbprint":"8222EAB8AE1D7CB69EB6D497A2B63E5E5DBCF8E9","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=ap@maombi.com, CN=LLC Maombi Ru, O=LLC Maombi Ru, STREET=\"ul Presnenskiy Val, 27 / str 9 pomeshch. III Chast Komnaty 5\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1177746572684, OID.2.5.4.15=Private Organization","sourceIndex":"840","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","COMODO Antivirus (20231102)","ESET Internet Security (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)"],"avAllowList":["360 Total Security (20231102)","Bitdefender Internet Security (20231102)","Dr.Web Security Space (20231102)","G DATA INTERNET SECURITY (20231102)","McAfee Total Protection (20231102)","Quick Heal Internet Security (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","Windows Defender (20231102)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://maombi.store","directDownloadingLink":"https://maombi.store/download/671/ae2fd989-0361-ca58-2516-d3ab29d5a932/EasyRecovery_Professional_11.5.0.3.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://maombi.store/download/671/ae2fd989-0361-ca58-2516-d3ab29d5a932/EasyRecovery_Professional_11.5.0.3.exe","sourceIndex":"840"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://maombi.store/download/671/c6c16759-da55-3389-f125-eeaa92c499ea/ABViewer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://maombi.store/download/671/c6c16759-da55-3389-f125-eeaa92c499ea/ABViewer.exe","sourceIndex":"841"}],"sampleFiles":["231024/MaombiStoreBundler-231024/0.0.0.1/Samples/ABViewer.exe","231024/MaombiStoreBundler-231024/0.0.0.1/Samples/Ad_Muncher.exe","231024/MaombiStoreBundler-231024/0.0.0.1/Samples/AppRemover.exe","231024/MaombiStoreBundler-231024/0.0.0.1/Samples/EasyRecovery_Professional_11.5.0.3.exe"],"imageFiles":["231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-042/ACR-042.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-013/OperaOffer.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-013/OptionalOffer2.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-075/Offer_unchecked.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-075/Yandex.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-075/YandexServices.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-060/OperaOffer.jpg","231024/MaombiStoreBundler-231024/0.0.0.1/Images/ACR-060/OptionalOffer2.jpg"],"nonDeceptorImageFiles":[],"guid":"367ac95a-57ca-4f46-8245-d53b75f8df5c_0.0.0.1_1","appID":"MaombiStoreBundler-231024","dateAdded":"231024","deceptorType":"App","name":"Maombi.Store Download Manager","company":"LLC Maombi Ru","version":"0.0.0.1","lastKnownStatus":"231024","lastKnownDate":"231024","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"sold in bundle","lastUpdate":"2023-10-24T19:38:49.2770208+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":812},{"violations":{"ACR-014":"It claims its call center service is certified by AppEsteem and use AppEsteem certified logo to deceives users. AppEsteem never certified this call center. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"fraud site","reference":"","landingPage":"https://ustechsupport.live","ipv4":"","ipv6":"","sourceIndex":"842"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"3ce213e1-6155-4625-96e9-79e5cf9563f2_20231024_1","appID":"ustechsupportlive-231024","dateAdded":"231024","deceptorType":"Affiliate","name":"Ustechsupport.live","company":" ustechsupport.live","version":"20231024","lastKnownStatus":"231024","lastKnownDate":"231024","type":"Affiliate","category":"SysTools & Utilities, Productivity, Bundlers & Downloaders","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2023-10-24T19:34:25.8228307+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":811},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertidor-de-pdf-a-word.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertidor de PDF a Word                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"9f1f28d9f6c92fbee4fe56360e12808c","hashSHA1":"ca5377fd76a419f59c6cdad5755a3ccdd1089662","hashSHA256":"a59c2c5cf27b103278fddcb87316e321eaa067af8174a511d7ef63651b1cefca","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"847","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["Dr.Web Security Space (20240509)","Malwarebytes Premium (20240509)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertidor-de-pdf-a-word.html","directDownloadingLink":"www.convertidor-de-pdf.com/download/convertidor-de-pdf-a-word.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"www.convertidor-de-pdf.com/download/convertidor-de-pdf-a-word.exe","sourceIndex":"847"}],"sampleFiles":["231018/ConverterfromPDFtoWord-231012/3.35/Samples/convertidor-de-pdf-a-word.exe"],"imageFiles":["231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-109/ACR-109.PNG","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-010/ACR-010_Install_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-013/ACR-013_Install_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-106/ACR-106_Software_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-092/ACR-092_Software_1.png","231018/ConverterfromPDFtoWord-231012/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"ac45c38c-e631-457f-9d08-032e5a32c3dd_3.35_1","appID":"ConverterfromPDFtoWord-231012","dateAdded":"231018","deceptorType":"Bundler","name":"Converter from PDF to Word","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T21:03:09.2109167+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":818},{"violations":{"ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunted on Relevant Knowledge","reference":"","landingPage":"https://syncersoft.com/free.htm","directDownloadingLink":"","ipv4":"","ipv6":"","sourceIndex":"845"}],"sampleFiles":[],"imageFiles":["231018/SyncerSoftBundler-231017/231017/Images/ACR-010/ACR-010_Install_1.png"],"nonDeceptorImageFiles":[],"guid":"31431292-da44-4593-bac7-432bdd683c05_231017_1","appID":"SyncerSoftBundler-231017","dateAdded":"231018","deceptorType":"Affiliate","name":"SyncerSoftDotCom","company":"SyncerSoft","version":"231017","lastKnownStatus":"231018","lastKnownDate":"231018","type":"Affiliate","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2023-10-18T23:04:07.1173997+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":815},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertidor-de-word-a-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertidor de Word a PDF                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"d166b24849a5737e65c610ad4c67af91","hashSHA1":"03db86faf031c185f12364a5a462d6ed6cd59942","hashSHA256":"dbad3a47b43bf691aeda9f5c15adf758f7c1cb0831956b1c06ecb256503be70d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"850","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","Malwarebytes Premium (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertidor-de-word-a-pdf.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertidor-de-word-a-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertidor-de-word-a-pdf.exe","sourceIndex":"850"}],"sampleFiles":["231018/WordconvertertoPDF-231012/3.35/Samples/convertidor-de-word-a-pdf.exe"],"imageFiles":["231018/WordconvertertoPDF-231012/3.35/Images/ACR-109/ACR-109.PNG","231018/WordconvertertoPDF-231012/3.35/Images/ACR-010/ACR-010_Install_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-013/ACR-013_Install_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231018/WordconvertertoPDF-231012/3.35/Images/ACR-106/ACR-106_Software_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-092/ACR-092_Software_1.png","231018/WordconvertertoPDF-231012/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"dabd0f2e-aa0f-444b-b224-c4fc7f78c920_3.35_1","appID":"WordconvertertoPDF-231012","dateAdded":"231018","deceptorType":"Bundler","name":"Word converter to PDF","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T20:49:19.0862813+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":813},{"violations":{"ACR-043":"Open source  'ffmpeg'  is installed without disclosure.\n","ACR-107":"The app does not obtain any authorization for using a third-party component 'ffmpeg'.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"VCDCutterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"VCD Cutter                                                  ","productVersion":"1.3                 ","fileVersion":"1.3                 ","hashMD5":"433e4cbd36c2adf13e173bc91de5b7a3","hashSHA1":"f8f497fb4ddbb664b2d2bb5cffc360447d0c9e12","hashSHA256":"89b1edbbe59b55afb58f27c4c81fdbcd98b331855b16a6ffd4475fe99f91be43","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"846","avBlockList":["360 Total Security (20231102)","Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","ESET Internet Security (20231102)","G DATA INTERNET SECURITY (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","McAfee Total Protection (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VIPRE Advanced Security (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)","Windows Defender (20231102)"],"avAllowList":["Trend Micro Internet Security (20231102)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.vcd-cutter.com/","directDownloadingLink":"https://www.vcd-cutter.com/VCDCutterSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vcd-cutter.com/VCDCutterSetup.exe","sourceIndex":"846"}],"sampleFiles":["231018/VCDCutter-231017/1.3/Samples/VCDCutterSetup.exe"],"imageFiles":["231018/VCDCutter-231017/1.3/Images/ACR-010/ACR-010.JPG","231018/VCDCutter-231017/1.3/Images/ACR-013/ACR-013.JPG","231018/VCDCutter-231017/1.3/Images/ACR-059/ACR-059.JPG","231018/VCDCutter-231017/1.3/Images/ACR-060/ACR-060.JPG","231018/VCDCutter-231017/1.3/Images/ACR-043/ACR-043.JPG","231018/VCDCutter-231017/1.3/Images/ACR-107/ACR-107.JPG","231018/VCDCutter-231017/1.3/Images/ACR-118/ACR-118_Uninstall_1.png"],"nonDeceptorImageFiles":["231018/VCDCutter-231017/1.3/Images/ACR-106/ACR-106.JPG","231018/VCDCutter-231017/1.3/Images/ACR-092/ACR-092.JPG","231018/VCDCutter-231017/1.3/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"a2d279cb-6a04-462b-b70b-75ef28d6ec28_1.3_1","appID":"VCDCutter-231017","dateAdded":"231018","deceptorType":"Bundler","name":"VCD Cutter","company":"vcd-cutter.com","version":"1.3","lastKnownStatus":"1.3","lastKnownDate":"231018","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T23:01:46.1173162+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":814},{"violations":{"ACR-043":"Open source 'ffmpeg'  is installed without disclosure.\n","ACR-107":"The app does not obtain any authorization for using a third-party component 'ffmpeg'.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"AudioEncoderSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"93d3765e03bb3ebd379e02490c3e120f","hashSHA1":"115bf84fe12e5fa1c8a7070ba1fbed08209fca97","hashSHA256":"d8d372d4c3a05b5c037c7df1a916b12ba06907dbe6377127c1577b0f24c874c9","sourceIndex":"849","avBlockList":["360 Total Security (20231102)","Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","ESET Internet Security (20231102)","G DATA INTERNET SECURITY (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","McAfee Total Protection (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","VIPRE Advanced Security (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)","Windows Defender (20231102)"],"avAllowList":["Trend Micro Internet Security (20231102)"]},{"isRevoked":"False","fileName":"CDRecoverySetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"9f482d9da07a6f74cd865ff449ea75c5","hashSHA1":"d885ebe2562ebd999d98e8632a0d3e58b14a1668","hashSHA256":"ba159d42cd9fcd57a0d60aecb66b85e1af36a860e1e67b1138484f6d47e1b448","sourceIndex":"849","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FLVVideoPlayerSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"470e54d7b13d293b7e2a58f9f5479e88","hashSHA1":"43590938d168c918bcdc204fadc7cb6da3a06a53","hashSHA256":"8099fff5e5511810811e4f64034651052c9cf6eb8025952ea0209c1a87775f2a","sourceIndex":"849","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MoviePlayerSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.9","hashMD5":"b9cd3a8f45144c05f6c31f667e9b9e61","hashSHA1":"af81e461bd9cceeaa7b0cd805fff97a7557a1512","hashSHA256":"d0a063c21606467e1fe5eca8ede7a31380e396237313d11bfd280999afd3ab26","sourceIndex":"849","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP3VoiceRecorderSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"614f83066e486d4c514b23cab45abdff","hashSHA1":"e0fdcf72ea9ddcb40f4addfe1c4a2b5d8ac0ed44","hashSHA256":"745fc13245ce0ca0871c000ff56d492270269654583fc703920896b38cc65032","sourceIndex":"849","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SplitMP3Setup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"6047701cd556a75cd33995a14c2ee824","hashSHA1":"47af762cb7905b82f848ccbbcc39cda290348407","hashSHA256":"20ceabbca7bb02832601816dba24f02accc718e35acad8d6154f4c72795281e1","sourceIndex":"849","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VideoCutterSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.2","hashMD5":"aa900abc6f616c784909c3f81479039f","hashSHA1":"29245dc77de230614281a8de572df4b185b5cbb3","hashSHA256":"9ad89e87415fec2541cb03fcfe19d66999bf9177aab054342723d90d19d1804c","sourceIndex":"849","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VideoEncoderSetup.exe","isInstaller":"True","companyName":"prvsoft.com                                                 ","fileVersion":"1.8","hashMD5":"521874e85f9a569fa581d37bb707fabe","hashSHA1":"7c9f05a57bcbeadd9a86c981dc408c2081862a96","hashSHA256":"cb76e99cb35e64e31b41294118ae9b5cae3da08c67380a5ae094fbe75397195c","sourceIndex":"849","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge","reference":"","landingPage":"https://www.prvsoft.com/video-cutter.html","directDownloadingLink":"https://www.prvsoft.com/downloads/VideoCutterSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.prvsoft.com/downloads/VideoCutterSetup.exe","sourceIndex":"849"}],"sampleFiles":["231018/PRVSoftBundler-231018/1.2/Samples/AudioEncoderSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/CDRecoverySetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/FLVVideoPlayerSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/MoviePlayerSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/MP3VoiceRecorderSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/SplitMP3Setup.exe","231018/PRVSoftBundler-231018/1.2/Samples/VideoCutterSetup.exe","231018/PRVSoftBundler-231018/1.2/Samples/VideoEncoderSetup.exe"],"imageFiles":["231018/PRVSoftBundler-231018/1.2/Images/ACR-043/ACR-043.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-107/ACR-107.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-010/ACR-010.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-013/ACR-013.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-118/ACR-118_Uninstall_1.png","231018/PRVSoftBundler-231018/1.2/Images/ACR-059/ACR-059.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["231018/PRVSoftBundler-231018/1.2/Images/ACR-106/ACR-106.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-092/ACR-092.JPG","231018/PRVSoftBundler-231018/1.2/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"d4f18502-9c4e-472a-868a-43e142e26e9b_1.2_1","appID":"PRVSoftBundler-231018","dateAdded":"231018","deceptorType":"Bundler","name":"PRVSoft Bundler","company":"Prvsoft.com","version":"1.2","lastKnownStatus":"1.2","lastKnownDate":"231018","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T20:59:36.613704+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":817},{"violations":{"ACR-010":"The apps from \"https://www.prvsoft.com/\" distribute deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunted on Relevant Knowledge","reference":"","landingPage":"https://www.prvsoft.com/","ipv4":"","ipv6":"","sourceIndex":"848"}],"sampleFiles":[],"imageFiles":["231018/PRVSoftBundler-231018/231018/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":[],"guid":"4d68bd83-692f-4ce4-bf02-9c251f9d84ac_231018_1","appID":"PRVSoftBundler-231018","dateAdded":"231018","deceptorType":"Affiliate","name":"PRVSoft","company":"Prvsoft.com","version":"231018","sigName":"","lastKnownStatus":"231018","lastKnownDate":"231018","type":"Affiliate","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-18T21:00:39.8736133+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":816},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-043":"Third-party component 'ffmpeg' is installed without any disclosure.\n","ACR-107":"The app doesn't disclose relevant license information about using the 'ffmpeg' to the user.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"FreeVideoToAudioConverter.exe","isInstaller":"True","companyName":"FAEMedia Co. Ltd.                                          ","productName":"Free Video To Audio Converter 2019                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"6a8b60b195a49beceb5bb1f00c60ce9e","hashSHA1":"c1f267fae530e67f2e72a4729618bb61870480ca","hashSHA256":"20684345565cc976190760807eecf0d3e116f2acfeed51a5ee1e269f49e96c93","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"852","avBlockList":["Avast Premium Security (20231102)","AVG Internet Security (20231102)","Avira Internet Security (20231102)","Bitdefender Internet Security (20231102)","COMODO Antivirus (20231102)","Dr.Web Security Space (20231102)","ESET Internet Security (20231102)","G DATA INTERNET SECURITY (20231102)","K7 Total Security (20231102)","Kaspersky Internet Security (20231102)","Malwarebytes Premium (20231102)","McAfee Total Protection (20231102)","Norton Security (20231102)","Panda Dome (20231102)","Quick Heal Internet Security (20231102)","Sophos Home Premium (20231102)","SpyHunter5 (20231102)","Total AV Antivirus Pro (20231102)","Trend Micro Internet Security (20231102)","VIPRE Advanced Security (20231102)","VirIT eXplorer PRO (20231102)","Webroot SecureAnywhere (20231102)","Windows Defender (20231102)"],"avAllowList":["360 Total Security (20231102)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://free-audio-editor.com/freevideotoaudioconverterforwindows/","directDownloadingLink":"https://free-audio-editor.com/FreeVideoToAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/FreeVideoToAudioConverter.exe","sourceIndex":"852"}],"sampleFiles":["231017/FreeVideotoAudioConverter-231009/10.1.2.5/Samples/FreeVideoToAudioConverterSetup.exe"],"imageFiles":["231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-109/ACR-109_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-043/ACR-043_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-107/ACR-107_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-048/ACR-048_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-010/ACR-010_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-013/ACR-013_Install_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-057/ACR-057_Bundler-made offers_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-071/ACR-071_Bundler-made offers_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":["231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-106/ACR-106_Software_1.jpeg","231017/FreeVideotoAudioConverter-231009/10.1.2.5/Images/ACR-092/ACR-092_Software_1.jpeg"],"guid":"fd83f490-80d7-445c-959f-90720338bfa3_10.1.2.5_1","appID":"FreeVideotoAudioConverter-231009","dateAdded":"231017","deceptorType":"App","name":"FreeVideoToAudioConverter","company":"FAEMedia Co., Ltd.","version":"10.1.2.5","lastKnownStatus":"10.1.2.5","lastKnownDate":"231017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-17T20:21:52.5175195+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":819},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertir-imagen-a-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertir Imagen a PDF                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"1aa35a8e5adfcb46d72090cb3f030b95","hashSHA1":"a62701648d670e2efbd7d1da7afd9a1b25e6d2b7","hashSHA256":"7e6a7a5e48eb3660e4d4cc520510dd7bb3daad0320b88945bed8bf293d503e31","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"851","avBlockList":["360 Total Security (20240516)","Avast Premium Security (20240516)","AVG Internet Security (20240516)","Avira Internet Security (20240516)","Bitdefender Internet Security (20240516)","COMODO Antivirus (20240516)","Dr.Web Security Space (20240516)","ESET Internet Security (20240516)","G DATA INTERNET SECURITY (20240516)","K7 Total Security (20240516)","Kaspersky Internet Security (20240516)","McAfee Total Protection (20240516)","Norton Security (20240516)","Panda Dome (20240516)","Quick Heal Internet Security (20240516)","Sophos Home Premium (20240516)","SpyHunter5 (20240516)","Total AV Antivirus Pro (20240516)","Trend Micro Internet Security (20240516)","VIPRE Advanced Security (20240516)","VirIT eXplorer PRO (20240516)","Webroot SecureAnywhere (20240516)","Windows Defender (20240516)"],"avAllowList":["Malwarebytes Premium (20240516)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertir-imagen-a-pdf.html","directDownloadingLink":"www.convertidor-de-pdf.com/download/convertir-imagen-a-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"www.convertidor-de-pdf.com/download/convertir-imagen-a-pdf.exe","sourceIndex":"851"}],"sampleFiles":["231017/ConvertImagetoPDF-231012/3.35/Samples/convertir-imagen-a-pdf.exe"],"imageFiles":["231017/ConvertImagetoPDF-231012/3.35/Images/ACR-109/ACR-109_Install_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-010/ACR-010_Install_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-013/ACR-013_Install_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231017/ConvertImagetoPDF-231012/3.35/Images/ACR-106/ACR-106_Software_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-092/ACR-092_Software_1.png","231017/ConvertImagetoPDF-231012/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"b47576b9-a8ac-495e-90d9-098e11019946_3.35_1","appID":"ConvertImagetoPDF-231012","dateAdded":"231017","deceptorType":"Bundler","name":"Convert Image to PDF","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-17T20:29:21.6409433+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":820},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The app does not provide an option to cancel the startup of its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for main executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"AllFreeAudioConverter_Setup.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"All Free Audio Converter                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3398faf098a4681c6bf7cff5a64facd6","hashSHA1":"8946c39b8d2b5912ddbc73516ebc25dd43003da9","hashSHA256":"0eaf8f92701208ef2b6a810416ae943ddd5351f2cb9c44ac403d477238fe6e47","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"856","avBlockList":["360 Total Security (20240206)","Avast Premium Security (20240206)","AVG Internet Security (20240206)","Avira Internet Security (20240206)","Bitdefender Internet Security (20240206)","COMODO Antivirus (20240206)","Dr.Web Security Space (20240206)","ESET Internet Security (20240206)","G DATA INTERNET SECURITY (20240206)","K7 Total Security (20240206)","Kaspersky Internet Security (20240206)","Malwarebytes Premium (20240206)","McAfee Total Protection (20240206)","Norton Security (20240206)","Panda Dome (20240206)","Quick Heal Internet Security (20240206)","Sophos Home Premium (20240206)","SpyHunter5 (20240206)","Total AV Antivirus Pro (20240206)","Trend Micro Internet Security (20240206)","VIPRE Advanced Security (20240206)","VirIT eXplorer PRO (20240206)","Webroot SecureAnywhere (20240206)","Windows Defender (20240206)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.allfreevideoconverter.com/freeaudioconverter/index.html","directDownloadingLink":"https://www.allfreevideoconverter.com/download/AllFreeAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.allfreevideoconverter.com/download/AllFreeAudioConverter.exe","sourceIndex":"856"}],"sampleFiles":["231016/AllFreeAudioConverter-231013/8.8.2.4/Samples/AllFreeAudioConverter_Setup.exe"],"imageFiles":["231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-109/ACR-109_Install_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-010/ACR-010_Install_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-013/ACR-013_Install_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-084/ACR-084_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-048/ACR-048_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-014/ACR-014_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-014/ACR-014_Software_2.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-075/ACR-075_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-075/ACR-075_Bundler-made offers_2.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-057/ACR-057_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-071/ACR-071_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-047/ACR-047_Bundler-made offers_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-047/ACR-047_Bundler-made offers_2.jpeg"],"nonDeceptorImageFiles":["231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-106/ACR-106_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-092/ACR-092_Software_1.jpeg","231016/AllFreeAudioConverter-231013/8.8.2.4/Images/ACR-123/ACR-123_Uninstall_1.jpeg"],"guid":"7664b0ae-8a92-46a5-8d05-0d2bd5c51ef9_8.8.2.4_1","appID":"AllFreeAudioConverter-231013","dateAdded":"231016","deceptorType":"App","name":"All Free Audio Converter","company":"AllFreeVideoSoft Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-16T21:05:45.9206152+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":828},{"violations":{"ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"DVDKnife_Setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"DVD Knife                                                   ","productVersion":"4.1                 ","fileVersion":"4.1                 ","hashMD5":"839074a6ebce3ece53b8671573573d6a","hashSHA1":"af3e6668afb6afdadd642a78d8648ab1d62ee95b","hashSHA256":"53324c64171bc386fe23ac8ba9f276054d5c2e626482fc34ed57651275075b58","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"853","avBlockList":["360 Total Security (20240206)","Avast Premium Security (20240206)","AVG Internet Security (20240206)","Avira Internet Security (20240206)","Bitdefender Internet Security (20240206)","COMODO Antivirus (20240206)","Dr.Web Security Space (20240206)","ESET Internet Security (20240206)","G DATA INTERNET SECURITY (20240206)","K7 Total Security (20240206)","Kaspersky Internet Security (20240206)","Malwarebytes Premium (20240206)","McAfee Total Protection (20240206)","Norton Security (20240206)","Panda Dome (20240206)","Quick Heal Internet Security (20240206)","Sophos Home Premium (20240206)","SpyHunter5 (20240206)","Total AV Antivirus Pro (20240206)","VIPRE Advanced Security (20240206)","VirIT eXplorer PRO (20240206)","Webroot SecureAnywhere (20240206)","Windows Defender (20240206)"],"avAllowList":["Trend Micro Internet Security (20240206)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.vcsoftwares.com","directDownloadingLink":"https://www.vcsoftwares.com/DK.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vcsoftwares.com/DK.exe","sourceIndex":"853"}],"sampleFiles":["231016/DVDKnife-231011/4.1/Samples/DVDKnife_Setup.exe"],"imageFiles":["231016/DVDKnife-231011/4.1/Images/ACR-010/ACR-010_Install_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-013/ACR-013_Install_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":["231016/DVDKnife-231011/4.1/Images/ACR-106/ACR-106_Software_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-092/ACR-092_Software_1.jpeg","231016/DVDKnife-231011/4.1/Images/ACR-123/ACR-123_Uninstall_1.jpeg"],"guid":"f983a5af-1072-4ec9-9979-28cb6359beac_4.1_1","appID":"DVDKnife-231011","dateAdded":"231016","deceptorType":"App","name":"DVD Knife","company":"Vicky's Cool Softwares","version":"4.1","lastKnownStatus":"4.1","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-16T22:02:33.7863685+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":825},{"violations":{"ACR-010":" The apps from \"http://www.convertidor-de-pdf.com/downloads.html\" distribute deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"http://www.convertidor-de-pdf.com/downloads.html","ipv4":"","ipv6":"","sourceIndex":"858"}],"sampleFiles":[],"imageFiles":["231016/convertidordepdfcom-231016/231016/Images/ACR-010/ACR-010_Install_1.png"],"nonDeceptorImageFiles":[],"guid":"d790df0b-d6b7-418a-a9f8-479c66b4d1e7_231016_1","appID":"convertidordepdfcom-231016","dateAdded":"231016","deceptorType":"Affiliate","name":"convertidor-de-pdf.com","company":"convertidor-de-pdf.com","version":"231016","lastKnownStatus":"231016","lastKnownDate":"231016","type":"Affiliate","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-16T20:02:17.2463199+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":827},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"lector-de-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Lector de PDF                                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b1fa02b3e52ce37f23d3a5d1ee738c70","hashSHA1":"0ec567c5eaf92d81c4e43472eb0a0d23e9e0d962","hashSHA256":"c47d86c2a94eeb58257c585cac8f5bfdc4a190b9646d66ee6faf04e6d88cd272","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"855","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/lector-de-pdf.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/lector-de-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/lector-de-pdf.exe","sourceIndex":"855"}],"sampleFiles":["231016/PDFreader-231013/4.0/Samples/lector-de-pdf.exe"],"imageFiles":["231016/PDFreader-231013/4.0/Images/ACR-109/ACR-109_Install_1.png","231016/PDFreader-231013/4.0/Images/ACR-010/ACR-010_Install_1.png","231016/PDFreader-231013/4.0/Images/ACR-013/ACR-013_Install_1.png","231016/PDFreader-231013/4.0/Images/ACR-118/ACR-118_Uninstall_1.png","231016/PDFreader-231013/4.0/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231016/PDFreader-231013/4.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231016/PDFreader-231013/4.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231016/PDFreader-231013/4.0/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231016/PDFreader-231013/4.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231016/PDFreader-231013/4.0/Images/ACR-106/ACR-106_Software_1.png","231016/PDFreader-231013/4.0/Images/ACR-092/ACR-092_Software_1.png","231016/PDFreader-231013/4.0/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"e8ffdbca-c095-466a-85a3-e67e200d2034_4.0_1","appID":"PDFreader-231013","dateAdded":"231016","deceptorType":"Bundler","name":"PDF Reader","company":"convertidor-de-pdf.com","version":"4.0","lastKnownStatus":"4.0","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-16T21:42:00.2033347+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":823},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\" and other RelevantKnowledge files prior to disclosure and without the consumer's consent.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a digital signature for any executable\n"},"samples":[{"isRevoked":"False","fileName":"SyncerSoft_Alice-1377_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"ea0ab7bbf5b9f8834e7bb7b91803b30f","hashSHA1":"4d6b416608fc2ab75d7b640d4c8e196658dd001c","hashSHA256":"e38cda907dd69c36eb44281c5fa7bedfc93ab05227dc5dbf6532f8f052085ba5","sourceIndex":"859","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)","Windows Defender (20231116)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_Amusing_sounds_of_the_body_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"d05fc4d8186c8d8dfc476a3298593c4e","hashSHA1":"b08fbb72d66068d6696793d38727a8b2a58dbf14","hashSHA256":"fbb5a6e5c9a2d3f6d626b3741a60d1a8aab68af02e2106db20504ee8b0a727a5","sourceIndex":"859","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)","Windows Defender (20231116)"],"avAllowList":["Malwarebytes Premium (20231116)"]},{"isRevoked":"False","fileName":"SyncerSoft_AnalogGalaxy_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"e62863eefa2a7d3563945747f77ae515","hashSHA1":"3ba89ab8f2403b220d76b6de9959ede4d8cbd822","hashSHA256":"b4ef7577b79fdab0511693252c9e784a1b0f74d95d390d9703a4864708e77012","sourceIndex":"859","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)"],"avAllowList":["Windows Defender (20231116)"]},{"isRevoked":"False","fileName":"SyncerSoft_AnalogNexus_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"3c67cc07cfa8f9df13fd43d4a6d9114c","hashSHA1":"e204eccce0e5dc853d4032a18c9e55eb7d5369f5","hashSHA256":"6bf3344e3d9dc15f4db89431f39eaf9bda39a9e9ebcbf0fe4a130afc50782ebb","sourceIndex":"859","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)","Windows Defender (20231116)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_AnalogVoice_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"30c70cab26a11527d9369d42d0bd99a7","hashSHA1":"96857658270bc3ed7cefa1998464175ae614c09e","hashSHA256":"226411dcd4e41dc5655b46fec73d4ce5911cc7bf454e381f74ed7be5fc0a48b3","sourceIndex":"859","avBlockList":["360 Total Security (20231116)","Avast Premium Security (20231116)","AVG Internet Security (20231116)","Avira Internet Security (20231116)","Bitdefender Internet Security (20231116)","COMODO Antivirus (20231116)","Dr.Web Security Space (20231116)","ESET Internet Security (20231116)","G DATA INTERNET SECURITY (20231116)","K7 Total Security (20231116)","Kaspersky Internet Security (20231116)","Malwarebytes Premium (20231116)","McAfee Total Protection (20231116)","Norton Security (20231116)","Panda Dome (20231116)","Quick Heal Internet Security (20231116)","Sophos Home Premium (20231116)","SpyHunter5 (20231116)","Total AV Antivirus Pro (20231116)","Trend Micro Internet Security (20231116)","VIPRE Advanced Security (20231116)","VirIT eXplorer PRO (20231116)","Webroot SecureAnywhere (20231116)","Windows Defender (20231116)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_AnalogWarp_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"979d33f8e3c8a38d2adc31b20e6b9df9","hashSHA1":"54016be4591ff2fbd215fe2788180029ef0c0f75","hashSHA256":"7f260128b7860bc2e8a4d4212583cf9d62e8235883b660522d1b6156c8b14cd7","sourceIndex":"859","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","Trend Micro Internet Security (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)","Windows Defender (20240123)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_BassLandscapes_2_1_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"39ae4a2fa38bd41ff7fc797e582534a9","hashSHA1":"bc64185b9a1f7624f97bf387d71f45afe5f01542","hashSHA256":"65d2247d500de46d9f7151e1b8abe922372e7a49b92b6b317068a938f18fab85","sourceIndex":"859","avBlockList":["360 Total Security (20240123)","Avast Premium Security (20240123)","AVG Internet Security (20240123)","Avira Internet Security (20240123)","Bitdefender Internet Security (20240123)","COMODO Antivirus (20240123)","Dr.Web Security Space (20240123)","ESET Internet Security (20240123)","G DATA INTERNET SECURITY (20240123)","K7 Total Security (20240123)","Kaspersky Internet Security (20240123)","Malwarebytes Premium (20240123)","McAfee Total Protection (20240123)","Norton Security (20240123)","Panda Dome (20240123)","Quick Heal Internet Security (20240123)","Sophos Home Premium (20240123)","SpyHunter5 (20240123)","Total AV Antivirus Pro (20240123)","VIPRE Advanced Security (20240123)","VirIT eXplorer PRO (20240123)","Webroot SecureAnywhere (20240123)","Windows Defender (20240123)"],"avAllowList":["Trend Micro Internet Security (20240123)"]},{"isRevoked":"False","fileName":"SyncerSoft_ElectricalNoiseLite_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"721f449eaa424a6c54ed6f21f1b9c84a","hashSHA1":"fc1b74a55ce2f0f0fede07c17f48ddf78a7b1672","hashSHA256":"b90bef522841f8091edff64ab33adaaee36968bcbcb019b66c573ffb49051442","sourceIndex":"859","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_ElectroBassLandscapes_1_3_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"4375a09bc1087df181643f9c39705a6f","hashSHA1":"2c4bc08044383a3450f239eae2cbaa084e2f491e","hashSHA256":"608d8f496bd5c8b473888b991e809ff691e3e89f2d3b7bd778834b8780a6a989","sourceIndex":"859","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Malwarebytes Premium (20240201)","Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_Estradion-230_1_1_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"f0a1cf2bca2f3e35db58588c783c9591","hashSHA1":"be29dfa0e53c4a38bb14af1993644f09e98414c5","hashSHA256":"f8a0800610387b24d4eeb95e15d6562507e37ff1279e2f78657c636d02ea085a","sourceIndex":"859","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","Trend Micro Internet Security (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_Flanger_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"32fdd574b3347ea5c6b59750b022406c","hashSHA1":"599f83417c7454b32ae031902f6977a3e184f855","hashSHA256":"b3378595c855021d7c2065199694e9df3fd632acd2c72b6b7a8e86ee9306f7b6","sourceIndex":"859","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_GangnamVocoder_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"9915cee5d6fd90720b478195df874f57","hashSHA1":"20ffd02db55f941086018e29643465d54b22c36c","hashSHA256":"ebe684b0b2cdac0e68bc509b5a7895937aa005db8a8970d933c5e560cbd7e67e","sourceIndex":"859","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_LizardMorph_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"629bd3c70c850a6af6958b60038b40f9","hashSHA1":"7145a32a037b026a6b3ab9f86e82fe4cb3fcf3e9","hashSHA256":"fbcf73985f75986693be3255f714cf56f8f1f44050d7d15f9fe4704f290c7d18","sourceIndex":"859","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)","Windows Defender (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_PolyvoxStation_2_2_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"ed20bced72f84673dbe204710bb91e8b","hashSHA1":"cdc7e5dfeefc7362cc4a761eda4d917c5b734f02","hashSHA256":"af160c0423ee9dcf4c9918d84ada6d589098bdd01d6a29945fdb072ecf294081","sourceIndex":"859","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)","Windows Defender (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_Q9Oldvox_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"32a2e8b9dad937fe2bcd015e05f64c0f","hashSHA1":"c4ccfa0b575fc09e081edae1532f1d55cf0efeee","hashSHA256":"766151673e3d4d06eb7634acbe039d417d355a2e1893b83e56eda20c99c145ae","sourceIndex":"859","avBlockList":["360 Total Security (20240201)","Avast Premium Security (20240201)","AVG Internet Security (20240201)","Avira Internet Security (20240201)","Bitdefender Internet Security (20240201)","COMODO Antivirus (20240201)","Dr.Web Security Space (20240201)","ESET Internet Security (20240201)","G DATA INTERNET SECURITY (20240201)","K7 Total Security (20240201)","Kaspersky Internet Security (20240201)","Malwarebytes Premium (20240201)","McAfee Total Protection (20240201)","Norton Security (20240201)","Panda Dome (20240201)","Quick Heal Internet Security (20240201)","Sophos Home Premium (20240201)","SpyHunter5 (20240201)","Total AV Antivirus Pro (20240201)","VIPRE Advanced Security (20240201)","VirIT eXplorer PRO (20240201)","Webroot SecureAnywhere (20240201)","Windows Defender (20240201)"],"avAllowList":["Trend Micro Internet Security (20240201)"]},{"isRevoked":"False","fileName":"SyncerSoft_Resonator_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"8b4518b347c5b5fc7ff169a430b2e45a","hashSHA1":"ed145f2f17779709f2b9b49a74783a3491a82447","hashSHA256":"2ea1ab4aa40798caa3d2eb4d5c4372368eb6518ccc0c54d2b7fed6886ed99992","sourceIndex":"859","avBlockList":["360 Total Security (20240206)","Avast Premium Security (20240206)","AVG Internet Security (20240206)","Avira Internet Security (20240206)","Bitdefender Internet Security (20240206)","COMODO Antivirus (20240206)","Dr.Web Security Space (20240206)","ESET Internet Security (20240206)","G DATA INTERNET SECURITY (20240206)","K7 Total Security (20240206)","Kaspersky Internet Security (20240206)","Malwarebytes Premium (20240206)","McAfee Total Protection (20240206)","Norton Security (20240206)","Panda Dome (20240206)","Quick Heal Internet Security (20240206)","Sophos Home Premium (20240206)","SpyHunter5 (20240206)","Total AV Antivirus Pro (20240206)","VIPRE Advanced Security (20240206)","VirIT eXplorer PRO (20240206)","Webroot SecureAnywhere (20240206)","Windows Defender (20240206)"],"avAllowList":["Trend Micro Internet Security (20240206)"]},{"isRevoked":"False","fileName":"SyncerSoft_Reverberation_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"53528104bb6eddbcb14f1f3041d56f35","hashSHA1":"8e6c32b1c70ad6009e316159ebc8720018827cdd","hashSHA256":"e55ebbf7b959460708d40b94cb0192e48a7b832e6fc97e8d98704bbf244fddac","sourceIndex":"859","avBlockList":["360 Total Security (20240208)","Avast Premium Security (20240208)","AVG Internet Security (20240208)","Avira Internet Security (20240208)","Bitdefender Internet Security (20240208)","COMODO Antivirus (20240208)","Dr.Web Security Space (20240208)","ESET Internet Security (20240208)","G DATA INTERNET SECURITY (20240208)","K7 Total Security (20240208)","Kaspersky Internet Security (20240208)","Malwarebytes Premium (20240208)","McAfee Total Protection (20240208)","Norton Security (20240208)","Panda Dome (20240208)","Quick Heal Internet Security (20240208)","Sophos Home Premium (20240208)","SpyHunter5 (20240208)","Total AV Antivirus Pro (20240208)","VIPRE Advanced Security (20240208)","VirIT eXplorer PRO (20240208)","Webroot SecureAnywhere (20240208)"],"avAllowList":["Trend Micro Internet Security (20240208)","Windows Defender (20240208)"]},{"isRevoked":"False","fileName":"SyncerSoft_Rhythm-2_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"61342ef72aa38f046b5c49d0eec603b3","hashSHA1":"9065d302c0a833833ed6d6748bbc88d8eb840a8f","hashSHA256":"102555e3b13b75e199e3a2a287a33628790760a50d35df47dd8e2519600228c2","sourceIndex":"859","avBlockList":["360 Total Security (20240208)","Avast Premium Security (20240208)","AVG Internet Security (20240208)","Avira Internet Security (20240208)","Bitdefender Internet Security (20240208)","COMODO Antivirus (20240208)","Dr.Web Security Space (20240208)","ESET Internet Security (20240208)","G DATA INTERNET SECURITY (20240208)","K7 Total Security (20240208)","Kaspersky Internet Security (20240208)","Malwarebytes Premium (20240208)","McAfee Total Protection (20240208)","Norton Security (20240208)","Panda Dome (20240208)","Quick Heal Internet Security (20240208)","Sophos Home Premium (20240208)","SpyHunter5 (20240208)","Total AV Antivirus Pro (20240208)","VIPRE Advanced Security (20240208)","VirIT eXplorer PRO (20240208)","Webroot SecureAnywhere (20240208)","Windows Defender (20240208)"],"avAllowList":["Trend Micro Internet Security (20240208)"]},{"isRevoked":"False","fileName":"SyncerSoft_SawLandscapes_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"96305b1d0658e8f6777217ce5cfe29dd","hashSHA1":"d75de02903a390d5bc76df9bc8f56a17bd08e633","hashSHA256":"0ab802400e34efa4cc68e6b3b1d664d227a39dceb2d32995a7854d9f33247da4","sourceIndex":"859","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_Sounds_of_old_TV_games_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"b004b6bcfca2b52bb876a4b2c5050820","hashSHA1":"2d70fc0f4e789f5807971b559ebd1899a719ef1e","hashSHA256":"c3ce792542b2c24437a9c7d46e90c6f78c579301dc8cfa9a27ca2e5c165e2103","sourceIndex":"859","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_SubsTractor_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"7c8843035916234de191178cf2a19af3","hashSHA1":"7a37ba99257b07ae83c2e1b859f25eab869988b9","hashSHA256":"b6f9ea8aaac4192c73e462cc334294de2a8e357a8050ef616f26ba23dac4d024","sourceIndex":"859","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SyncerSoft_UrbanNexus_1_0_Setup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"97f0b6281381fb99efc78b3ae2219bb6","hashSHA1":"f45ca2d1b9a78ec53ceeca6dc5d8a03d7e3a82c6","hashSHA256":"6d41c7ddbe9ca420dad759a3f306b96395e3f0760310ff83404aad24cd6f46e8","sourceIndex":"859","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Relevant Knowledge","reference":"","landingPage":"https://syncersoft.com/free.htm","directDownloadingLink":"http://www.syncersoft.com/vst/SyncerSoft_UrbanNexus_1_0_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.syncersoft.com/vst/SyncerSoft_UrbanNexus_1_0_Setup.exe","sourceIndex":"859"}],"sampleFiles":["231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Alice-1377_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Amusing_sounds_of_the_body_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_AnalogGalaxy_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_AnalogNexus_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_AnalogVoice_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_AnalogWarp_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_BassLandscapes_2_1_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_ElectricalNoiseLite_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_ElectroBassLandscapes_1_3_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Estradion-230_1_1_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Flanger_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_GangnamVocoder_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_LizardMorph_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_PolyvoxStation_2_2_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Q9Oldvox_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Resonator_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Reverberation_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Rhythm-2_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_SawLandscapes_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_Sounds_of_old_TV_games_1_0_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_SubsTractor_Setup.exe","231016/SyncerSoftBundler-231016/1.0/Samples/SyncerSoft_UrbanNexus_1_0_Setup.exe"],"imageFiles":["231016/SyncerSoftBundler-231016/1.0/Images/ACR-109/ACR-109_Install_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-010/ACR-010_Install_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-013/ACR-013_Install_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231016/SyncerSoftBundler-231016/1.0/Images/ACR-106/ACR-106_Software_1.png","231016/SyncerSoftBundler-231016/1.0/Images/ACR-092/ACR-092_Software_1.png"],"guid":"78c1ba60-e651-41ae-b6eb-e4d31b51addd_1.0_1","appID":"SyncerSoftBundler-231016","dateAdded":"231016","deceptorType":"Bundler","name":"SyncerSoft Bundler","company":"SyncerSoft","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"231016","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2023-10-16T19:55:47.8742671+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":822},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"unir-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Unir PDF                                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"d7bc7986785d5d2194506f615bbb2a72","hashSHA1":"ef16458e299030a8e4aa2a8b5833ab515bc7adcf","hashSHA256":"c84dafb3613ef44917484f341ba9143f2bbb0b4e622c8137bc24295dbc7e9082","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"857","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","COMODO Antivirus (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","Malwarebytes Premium (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","Trend Micro Internet Security (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["Dr.Web Security Space (20240509)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/unir-pdf.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/unir-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/unir-pdf.exe","sourceIndex":"857"}],"sampleFiles":["231016/UnitingPDF-231013/3.35/Samples/unir-pdf.exe"],"imageFiles":["231016/UnitingPDF-231013/3.35/Images/ACR-109/ACR-109_Install_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-010/ACR-010_Install_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-013/ACR-013_Install_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231016/UnitingPDF-231013/3.35/Images/ACR-106/ACR-106_Software_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-092/ACR-092_Software_1.png","231016/UnitingPDF-231013/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"f41e7e7b-d0b4-49f2-85ff-de64e32c38ba_3.35_1","appID":"UnitingPDF-231013","dateAdded":"231016","deceptorType":"Bundler","name":"Uniting PDF","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-16T20:46:19.4444572+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":821},{"violations":{"ACR-109":"The app drops Yandex components under hidden folder without user agreeing to install.\n","ACR-042":"Unrelated Yandex components get dropped in a hidden folder before user permission through explicit user's action. The user has no option to decline the recommended offer and initiates network communications without consent to completely download and silently install the additional programs after installing the main app.\n","ACR-048":"The app does not provide control to decline the recommended offer.\nThe close(X) performs minimizing the app to system tray without any notification, which limits the targeted consumer's ability to control the app. The app does not provide any control to disable the startup it created.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers.\n","ACR-071":"The additional offer cannot be declined independently, thus forces the user to only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page displays unverifiable testimonials.\n"},"samples":[],"additionalFiles":[{"isRevoked":"False","fileName":"GetVideoSetup_v1.8.0.9.ru.exe","isInstaller":"True","isAdditional":"True","fileVersion":"0.0","hashMD5":"f3781b85e3003996ae13b12d92bcb357","hashSHA1":"62bc3ff4ff4012bc638d9d051a65d46e8d2cf5cc","hashSHA256":"c851454c19f621d54bdcedd1662d86873c2be5475419bbf98ee83fbd2f0be237","digitalCertThumbprint":"A86FAFC2245A773E5AAE108D1849203FB5669226","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=info@dinohost.ru, CN=OOO Online Center, O=OOO Online Center, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"860","avBlockList":[],"avAllowList":[]}],"sources":[{"howFound":"random hunt","reference":"","landingPage":"https://getvideo.su/","directDownloadingLink":"https://getvideo.su/files/GetVideoSetup_v1.8.0.9.ru.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://getvideo.su/files/GetVideoSetup_v1.8.0.9.ru.exe","sourceIndex":"860"},{"howFound":"","reference":"","landingPage":"https://cybersoft.ru/internet/zagruzka-i-fajloobmen/308-getvideo.html","directDownloadingLink":"https://cdn.getvideo.org/files/GetVideoSetup_v1.8.0.9.ru.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.getvideo.org/files/GetVideoSetup_v1.8.0.9.ru.exe","sourceIndex":"861"}],"sampleFiles":["231016/GetVideo-231016/1.8.0.9/Samples/GetVideoSetup_v1.8.0.9.ru.exe"],"imageFiles":["231016/GetVideo-231016/1.8.0.9/Images/ACR-109/AdditionalOffer.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-042/AdditionalOffer.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-042/ACR-042.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-048/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-048/systray.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-048/GetVideoStartup.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-057/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-059/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-060/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-071/Yandex.jpg","231016/GetVideo-231016/1.8.0.9/Images/ACR-155/Yandex.jpg"],"nonDeceptorImageFiles":["231016/GetVideo-231016/1.8.0.9/Images/ACR-161/Testimonials.jpg"],"guid":"571434da-3f93-4ec9-9165-450f9a7ad592_1.8.0.9_1","appID":"GetVideo-231016","dateAdded":"231016","deceptorType":"App","name":"GetVideo","company":"GetVideo.su","version":"1.8.0.9","lastKnownStatus":"1.8.0.9","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-16T17:04:35.2894326+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":824},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executables are not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertir-pdf-a-texto.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertir PDF a Texto                                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e5916d4ca9dfa0ea93683079bf75f6da","hashSHA1":"d7595893a55cadd81dc0921468b066c13121b2f8","hashSHA256":"b3d8d9852ecbbf0830ed87b87e25671fc4b1f40fb281104bfb0c6d1b6b38e767","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"854","avBlockList":["360 Total Security (20240509)","Avast Premium Security (20240509)","AVG Internet Security (20240509)","Avira Internet Security (20240509)","Bitdefender Internet Security (20240509)","ESET Internet Security (20240509)","G DATA INTERNET SECURITY (20240509)","K7 Total Security (20240509)","Kaspersky Internet Security (20240509)","McAfee Total Protection (20240509)","Norton Security (20240509)","Panda Dome (20240509)","Quick Heal Internet Security (20240509)","Sophos Home Premium (20240509)","SpyHunter5 (20240509)","Total AV Antivirus Pro (20240509)","VIPRE Advanced Security (20240509)","VirIT eXplorer PRO (20240509)","Webroot SecureAnywhere (20240509)","Windows Defender (20240509)"],"avAllowList":["COMODO Antivirus (20240509)","Dr.Web Security Space (20240509)","Malwarebytes Premium (20240509)","Trend Micro Internet Security (20240509)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertir-pdf-a-texto.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertir-pdf-a-texto.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertir-pdf-a-texto.exe","sourceIndex":"854"}],"sampleFiles":["231016/ConvertPDFtoText-231013/3.25/Samples/convertir-pdf-a-texto.exe"],"imageFiles":["231016/ConvertPDFtoText-231013/3.25/Images/ACR-109/ACR-109_Install_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-010/ACR-010_Install_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-013/ACR-013_Install_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-118/ACR-118_Uninstall_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231016/ConvertPDFtoText-231013/3.25/Images/ACR-106/ACR-106_Software_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-092/ACR-092_Software_1.png","231016/ConvertPDFtoText-231013/3.25/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"5046c2f8-da44-49a4-b3fd-dd7d5d185378_3.25_1","appID":"ConvertPDFtoText-231013","dateAdded":"231016","deceptorType":"Bundler","name":"Convert PDF to Text","company":"convertidor-de-pdf.com","version":"3.25","lastKnownStatus":"3.25","lastKnownDate":"231016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-16T21:46:38.944781+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":826},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":" The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The \"dotSetup License\" links to 'https://rise-platforms.com/privacy/' -- misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"bleep-6628232774776961-AsystentPobierania_v1.491.46.887.0.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"7282a34f862a49bf666858b5d3aafe9f","hashSHA1":"1c162978af7cd603a3be87c4e396fac0430b009a","hashSHA256":"016a20e198d889b9b65fc938f4285ac0ad728a38a5afc9b6659cedc1b4a759ed","digitalCertThumbprint":"AF1204E3337BB448DA4706E6BB4B821FC4E32B0F","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Wirtualna Polska Media SA, O=Wirtualna Polska Media SA, L=Warszawa, S=Mazowieckie, C=PL","sourceIndex":"863","avBlockList":["360 Total Security (20240215)","Avira Internet Security (20240215)","COMODO Antivirus (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)"],"avAllowList":["Avast Premium Security (20240215)","AVG Internet Security (20240215)","Bitdefender Internet Security (20240215)","Dr.Web Security Space (20240215)","VIPRE Advanced Security (20240215)","Windows Defender (20240215)"]}],"additionalFiles":[],"sources":[{"howFound":"dotsetup search","reference":"","landingPage":"https://www.dobreprogramy.pl/camfrog-video-chat,program,windows,6628680826644609/dziekujemy","directDownloadingLink":"https://dobfilesdownloadpl.com/bsTYvwS/9jhw/camfrog-video-chat-6628680826644609-AsystentPobierania.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dobfilesdownloadpl.com/bsTYvwS/9jhw/camfrog-video-chat-6628680826644609-AsystentPobierania.exe","sourceIndex":"863"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dakvm1hb16unn.cloudfront.net/XfrqQCS/HU1o/bleep-6628232774776961-AsystentPobierania.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dakvm1hb16unn.cloudfront.net/XfrqQCS/HU1o/bleep-6628232774776961-AsystentPobierania.exe","sourceIndex":"864"}],"sampleFiles":["231013/RiseDownloadManager-231012/1.92.2.8615/Samples/camfrog-video-chat-6628680826644609-AsystentPobierania_v1.442.99.945.5.exe"],"imageFiles":["231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-039/DobreProgramy_MainApp.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-042/ACR-042.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-013/OptionalOffer-1.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-013/OptionalOffer-2.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-013/OptionalOffer-a.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-013/OptionalOffer-b.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-060/OptionalOffer-1.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-060/OptionalOffer-2.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-060/OptionalOffer-a.jpg","231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-060/OptionalOffer-b.jpg"],"nonDeceptorImageFiles":["231013/RiseDownloadManager-231012/1.92.2.8615/Images/ACR-044/DobreProgramy_MainApp.jpg"],"guid":"951ad729-1618-4ddd-92d4-82d2fa8901a9_1.92.2.8615_1","appID":"RiseDownloadManager-231012","dateAdded":"231013","deceptorType":"Bundler","name":"DobreProgramyDownloadManager","company":"dobreprogramy.pl","version":"1.92.2.8615","lastKnownStatus":"1.92.2.8615","lastKnownDate":"231013","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-13T18:04:47.9055712+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":829},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The Privacy Policy link during installation leads to 'https://rise-platforms.com/privacy/' -- misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"media.player.codec.pack.v4.5.9.setup.exe","isInstaller":"True","companyName":"Cole Williams Software Limited","fileVersion":"4.5","hashMD5":"336ff793dbae7f91d6fc3cc1323ada3c","hashSHA1":"4d5b4cfd6d752e893d0b4c442de68218cdca9d4e","hashSHA256":"dd96f5f3330db1bbe2496c88f139261bf76add604cf6536c611feb653f15ea4e","digitalCertThumbprint":"A767E72032D1BA81871BE92392A05125E06FFA45","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Cole Williams Software Limited, O=Cole Williams Software Limited, S=North East Lincolnshire, C=GB","sourceIndex":"862","avBlockList":["Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)"],"avAllowList":["360 Total Security (20240215)","Bitdefender Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","McAfee Total Protection (20240215)","Quick Heal Internet Security (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","Windows Defender (20240215)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.mediaplayercodecpack.com/standard/","directDownloadingLink":"https://www.mediaplayercodecpack.com/files/media.player.codec.pack.v4.5.9.setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.mediaplayercodecpack.com/files/media.player.codec.pack.v4.5.9.setup.exe","sourceIndex":"862"}],"sampleFiles":["231013/MediaPlayerCodePack-231012/4.5.9.0806/Samples/media.player.codec.pack.v4.5.9.setup.exe"],"imageFiles":["231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-039/MPC_ACR-039.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-042/MPC_ACR-042.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-013/MPC_OptionalOffer.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-013/MPC_OptionalOffer-2.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-060/MPC_OptionalOffer.jpg","231013/MediaPlayerCodePack-231012/4.5.9.0806/Images/ACR-060/MPC_OptionalOffer-2.jpg"],"nonDeceptorImageFiles":[],"guid":"ae94d108-e474-46e7-bea5-61abe7aef98a_4.5.9.0806_1","appID":"MediaPlayerCodePack-231012","dateAdded":"231013","deceptorType":"App","name":"Media Player Codec Pack","company":"Cole Williams Software Limited","version":"4.5.9.0806","lastKnownStatus":"4.5.9.0806","lastKnownDate":"231013","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,none","lastUpdate":"2023-10-13T18:07:21.9405546+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":830},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The installer and main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertidor-de-pdf.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertidor de PDF                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5634d31b191d22895148c0daa07015d0","hashSHA1":"f802b97f64b1c0aeea3215384d934f2b1725f144","hashSHA256":"202b875810886af31451005b288c095e51bef4324bc7765ad5549c99b9fba314","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"868","avBlockList":["360 Total Security (20240215)","Avast Premium Security (20240215)","AVG Internet Security (20240215)","Avira Internet Security (20240215)","Bitdefender Internet Security (20240215)","COMODO Antivirus (20240215)","Dr.Web Security Space (20240215)","ESET Internet Security (20240215)","G DATA INTERNET SECURITY (20240215)","K7 Total Security (20240215)","Kaspersky Internet Security (20240215)","Malwarebytes Premium (20240215)","McAfee Total Protection (20240215)","Norton Security (20240215)","Panda Dome (20240215)","Quick Heal Internet Security (20240215)","Sophos Home Premium (20240215)","SpyHunter5 (20240215)","Total AV Antivirus Pro (20240215)","Trend Micro Internet Security (20240215)","VIPRE Advanced Security (20240215)","VirIT eXplorer PRO (20240215)","Webroot SecureAnywhere (20240215)","Windows Defender (20240215)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertidor-de-pdf.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertidor-de-pdf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertidor-de-pdf.exe","sourceIndex":"868"}],"sampleFiles":["231011/PDFConverter-231011/3.3/Samples/convertidor-de-pdf.exe"],"imageFiles":["231011/PDFConverter-231011/3.3/Images/ACR-109/ACR-109_Install_1.png","231011/PDFConverter-231011/3.3/Images/ACR-109/ACR-109_Install_2.png","231011/PDFConverter-231011/3.3/Images/ACR-010/ACR-010_Install_1.png","231011/PDFConverter-231011/3.3/Images/ACR-013/ACR-013_Install_1.png","231011/PDFConverter-231011/3.3/Images/ACR-118/ACR-118_Uninstall_1.png","231011/PDFConverter-231011/3.3/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231011/PDFConverter-231011/3.3/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231011/PDFConverter-231011/3.3/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231011/PDFConverter-231011/3.3/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231011/PDFConverter-231011/3.3/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231011/PDFConverter-231011/3.3/Images/ACR-106/ACR-106_Software_1.png","231011/PDFConverter-231011/3.3/Images/ACR-092/ACR-092_Software_1.png","231011/PDFConverter-231011/3.3/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"22c4e6a0-fa27-4195-a7f6-8501937bba6e_3.3_1","appID":"PDFConverter-231011","dateAdded":"231011","deceptorType":"App","name":"PDF Converter","company":"convertidor-de-pdf.com","version":"3.3","lastKnownStatus":"3.3","lastKnownDate":"231011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,up-sell to paid","lastUpdate":"2023-10-11T22:50:43.5074499+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":831},{"violations":{"ACR-010":"The app bundler distributes the deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://falcoware.com/","ipv4":"","ipv6":"","sourceIndex":"866"}],"sampleFiles":[],"imageFiles":["231011/FalcoSoftware-231010/2.6.0.2/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":[],"guid":"ab8c25e7-c91c-4296-94bc-bc7f9e5a1887_2.6.0.2_1","appID":"FalcoSoftware-231010","dateAdded":"231011","deceptorType":"Download Site","name":"Falco Software","company":"Free Games Downloads, Inc.","version":"2.6.0.2","lastKnownStatus":"231011","lastKnownDate":"231011","type":"Affiliate","category":"Bundlers & Downloaders, Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-12T00:43:24.5089729+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":833},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"Can you explain (email) to me why this failure applies to ACR-048? I mark it pass for now.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The installer and main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"convertir-pdf-a-jpg.exe","isInstaller":"True","companyName":"convertidor-de-pdf.com                                      ","productName":"Convertir PDF a JPG                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"280524ea7b4f8841ad1f555db31fa885","hashSHA1":"753c48837a6b7247b7dafce82c979ba53098c449","hashSHA256":"7eca97ed7b2d4e475be9dca8c2b260e7d230e014a5c4f2ad3eceaa3b783a07fd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"869","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Rk Installer","reference":"","landingPage":"http://www.convertidor-de-pdf.com/convertir-pdf-a-jpg.html","directDownloadingLink":"http://www.convertidor-de-pdf.com/download/convertir-pdf-a-jpg.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-pdf.com/download/convertir-pdf-a-jpg.exe","sourceIndex":"869"}],"sampleFiles":["231011/ConvertPDFtoJPG-231011/3.35/Samples/convertir-pdf-a-jpg.exe"],"imageFiles":["231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-010/ACR-010_Install_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-013/ACR-013_Install_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-071/ACR-071_Bundler-made offers_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-109/ACR-109.PNG","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-048/ACR-048.PNG","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-118/ACR-118_Uninstall_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-057/ACR-057_Bundler-made offers_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-059/ACR-059_Bundler-made offers_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-060/ACR-060_Bundler-made offers_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-155/ACR-155_Bundler-made offers_1.png"],"nonDeceptorImageFiles":["231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-106/ACR-106_Software_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-092/ACR-092_Software_1.png","231011/ConvertPDFtoJPG-231011/3.35/Images/ACR-123/ACR-123_Uninstall_1.png"],"guid":"56ececef-49a6-43a5-b5c4-aeab9f983b94_3.35_1","appID":"ConvertPDFtoJPG-231011","dateAdded":"231011","deceptorType":"App","name":"Convert PDF to JPG","company":"convertidor-de-pdf.com","version":"3.35","lastKnownStatus":"3.35","lastKnownDate":"231011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2023-10-11T22:48:27.1609427+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":834},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it downloads the RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"AudioEditorforFree.exe","isInstaller":"True","companyName":"ARE Inc.                                                   ","productName":"Audio Editor Free                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"4d275b5e0623cdeadd6b9aa4dd1513ce","hashSHA1":"1ccf8b78663e48c6f419d7b14024d51948abb03c","hashSHA256":"040405f99ef408fb3b5359aea7d7eef6eb5908962cf1ec1c9f87a33b2d2ae041","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"867","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Bitdefender Internet Security (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":["COMODO Antivirus (20240220)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.freeaudioeditor.net/","directDownloadingLink":"http://www.freeaudioeditor.net/AudioEditorforFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudioeditor.net/AudioEditorforFree.exe","sourceIndex":"867"}],"sampleFiles":[],"imageFiles":["231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-109/ACR-109_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-039/ACR-039_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-048/ACR-048_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-010/ACR-010_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-013/ACR-013_Install_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-057/ACR-057_Bundler-made offers_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-071/ACR-071_Bundler-made offers_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":["231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-106/ACR-106_Software_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-092/ACR-092_Software_1.jpeg","231011/AudioEditorForFree-231010/8.8.3.0/Images/ACR-123/ACR-123_Uninstall_1.jpeg"],"guid":"d817a5f1-bdc9-4195-b362-59c94bc92e13_8.8.3.0_1","appID":"AudioEditorForFree-231010","dateAdded":"231011","deceptorType":"App","name":"Audio Editor Free","company":"FreeAudioEditor","version":"8.8.3.0","lastKnownStatus":"8.8.3.0","lastKnownDate":"231011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-12T00:41:05.3763895+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":835},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action.\n","ACR-043":"The app installs shortcuts without disclosing them to the user or getting user consent.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"chrom Soft instal.exe","isInstaller":"True","companyName":"Google Chrome                                               ","fileVersion":"20.37","hashMD5":"689280057353df21c7f135f3462e7b54","hashSHA1":"99f5b1ba541d115d2e5ac0315d4600e3de994d13","hashSHA256":"245495d2937a94a7fbc8cad4fd0c9ac30168cf6df3b96ebff0d2b2a6c82fdf35","digitalCertThumbprint":"92FEF4FCEBA448E79DD2495297DE49FA09F56532","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=SDS Property Solutions Limited, O=SDS Property Solutions Limited, L=Thornaby, C=GB","sourceIndex":"865","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":["Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://chrome.freesoftshop.com/","directDownloadingLink":"https://chrome.freesoftshop.com/load/chrom%20Soft%20instal.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.freesoftshop.com/load/chrom%20Soft%20instal.exe","sourceIndex":"865"}],"sampleFiles":["231011/FreeSoftShopBundler-231009/20.37.5.0/Samples/chrom Soft instal.exe"],"imageFiles":["231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-043/ShortcutstoGamedownload.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-055/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-055/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-042/ACR-042.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-013/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-013/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-057/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-057/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-059/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-059/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-060/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-060/360TSOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-155/YandexOffer.jpg","231011/FreeSoftShopBundler-231009/20.37.5.0/Images/ACR-155/360TSOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"31fcd538-8cde-4b8c-a076-41cad93584bf_20.37.5.0_1","appID":"FreeSoftShopBundler-231009","dateAdded":"231011","deceptorType":"Bundler","name":"Chrome.Freesoftshop","company":"freesoftshop.com","version":"20.37.5.0","lastKnownStatus":"20.37.5.0","lastKnownDate":"231011","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-12T00:45:44.0837578+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":832},{"violations":{"ACR-042":" App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"After uninstalling the app, it retains executables initially dropped on the device without the consumer's consent.\n","ACR-057":"The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"Accept and decline for the optional offers must be obvious. \n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Launcher.exe","isInstaller":"True","companyName":"IL","fileVersion":"1.0","hashMD5":"da707d7b47847f4f91a65a6b69c08b57","hashSHA1":"39b7371ce6544e856d5ae67be16f78fbce7d9383","hashSHA256":"45aa2db16025fb89b74d1fdfeb265bab88681b6bde74d0df1494413dc426b692","digitalCertThumbprint":"9794687C642743D5E7999640362C335B8DDD9154","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=rudnev22816@gmail.com, CN=LIMITED LIABILITY COMPANY IL CYBER, O=LIMITED LIABILITY COMPANY IL CYBER, L=Kursk, S=Kurskaya oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Kurskaya oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1224600007477, OID.2.5.4.15=Private Organization","sourceIndex":"258","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":["Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","Malwarebytes Premium (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)"]},{"isRevoked":"False","fileName":"Skype Installer Soft.exe","isInstaller":"True","companyName":"Microsoft Inc.                                              ","fileVersion":"0.0","hashMD5":"ed457f8e7ae90f806d82c246302a2c44","hashSHA1":"a8f5a6821a9efe441c43c4577a58470ec33fd8e4","hashSHA256":"f1a801f14a96459a75adca044701cf12d6a3ba0deb7930f383b977a7cb86b0ee","digitalCertThumbprint":"9794687C642743D5E7999640362C335B8DDD9154","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=rudnev22816@gmail.com, CN=LIMITED LIABILITY COMPANY IL CYBER, O=LIMITED LIABILITY COMPANY IL CYBER, L=Kursk, S=Kurskaya oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Kurskaya oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1224600007477, OID.2.5.4.15=Private Organization","sourceIndex":"258","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VIPRE Advanced Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)","Windows Defender (20240220)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://skype.all-softpad.ru","directDownloadingLink":"https://skype.all-softpad.ru/download?dl_twice=true&ads=null","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://skype.all-softpad.ru/download?dl_twice=true&ads=null","sourceIndex":"258"}],"sampleFiles":["231010/All-SoftpadBundler-231010/1.0.3/Samples/Launcher.exe","231010/All-SoftpadBundler-231010/1.0.3/Samples/Skype Installer Soft.exe"],"imageFiles":["231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-055/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-055/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-055/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-042/ACR-042.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-013/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-013/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-013/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-118/ACR-118.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-057/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-057/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-057/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-059/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-059/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-059/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-060/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-060/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-060/GamingShortcuts.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-155/YandexOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-155/OperaOffer.jpg","231010/All-SoftpadBundler-231010/1.0.3/Images/ACR-155/GamingShortcuts.jpg"],"nonDeceptorImageFiles":[],"guid":"ad0728de-e441-48d0-b718-e2626e66db17_1.0.3_1","appID":"All-SoftpadBundler-231010","dateAdded":"231010","deceptorType":"App","name":"skype.all-softpad","company":"skype.all-softpad.ru","version":"1.0.3","lastKnownStatus":"1.0.3","lastKnownDate":"241231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"sold in bundle","lastUpdate":"2024-12-31T23:25:49.2275038+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":837},{"violations":{"ACR-042":"App drops unrelated components in hidden folder before user permission through explicit user's action. \n","ACR-043":" The app installs shortcuts without disclosing them to the user or getting user consent. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software. \n","ACR-057":" The app needs to provide a clear way to accept and decline optional offers. \n","ACR-055":"Accept and decline for the optional offers must be obvious. Unchecking a preselected checkbox on the other offer is also not a straightforward option for decline.\n","ACR-059":"An offer that is not related to the main app should be clearly marked as \"Optional Offer\".\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Soft whatsapp app.exe","isInstaller":"True","companyName":"Whatsapp                                                    ","fileVersion":"16.12","hashMD5":"f4b514f9d6b74c75524f00fee764da02","hashSHA1":"90efb3e1f8ff3557df65355aa2b9f0ccb938dc64","hashSHA256":"3570ed4f3e8cfdedf63d3fb977b8f19abfbd075b5a2094f486875535943d5bd6","digitalCertThumbprint":"06E3FE86E3984806973D6CC74073374E86CD5DC5","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=RADOVAS UK LIMITED, O=RADOVAS UK LIMITED, L=Yeovil, C=GB","sourceIndex":"870","avBlockList":["360 Total Security (20240220)","Avast Premium Security (20240220)","AVG Internet Security (20240220)","Avira Internet Security (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","McAfee Total Protection (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)"],"avAllowList":["Bitdefender Internet Security (20240220)","COMODO Antivirus (20240220)","G DATA INTERNET SECURITY (20240220)","VIPRE Advanced Security (20240220)","Windows Defender (20240220)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://whatsapp.start-setup.com/","directDownloadingLink":"https://whatsapp.start-setup.com/down/Soft%20whatsapp%20app.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://whatsapp.start-setup.com/down/Soft%20whatsapp%20app.exe","sourceIndex":"870"}],"sampleFiles":["231010/Start-SetupBundler-231010/2.9.25/Samples/Soft whatsapp app.exe"],"imageFiles":["231010/Start-SetupBundler-231010/2.9.25/Images/ACR-043/GameShortcuts.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-055/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-055/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-042/ACR-042.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-013/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-013/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-057/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-057/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-059/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-059/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-060/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-060/360TS.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-155/Yandex.jpg","231010/Start-SetupBundler-231010/2.9.25/Images/ACR-155/360TS.jpg"],"nonDeceptorImageFiles":[],"guid":"9dea617b-b8a3-47dc-8a34-15bbab938b0b_2.9.25_1","appID":"Start-SetupBundler-231010","dateAdded":"231010","deceptorType":"App","name":"Whatsapp.start-setup","company":"start-setup.com","version":"2.9.25","lastKnownStatus":"2.9.25","lastKnownDate":"231010","type":"Windows Executable","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-10T22:24:37.2528558+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":836},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"FreeResourceExtractorSetup.exe","isInstaller":"True","companyName":"FreeResourceExtractor Co., Ltd.                             ","fileVersion":"0.0","hashMD5":"b5161e32c365e7d2584da8670d8890b0","hashSHA1":"716a8cfb2bddbdc82368762975a0641f0df95377","hashSHA256":"fa030d37292f912f0750a5fe39b94262a6709330d75ab51ee058b928fb306f40","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"871","avBlockList":["360 Total Security (20231017)","Avast Premium Security (20231017)","AVG Internet Security (20231017)","Avira Internet Security (20231017)","Bitdefender Internet Security (20231017)","Dr.Web Security Space (20231017)","ESET Internet Security (20231017)","G DATA INTERNET SECURITY (20231017)","K7 Total Security (20231017)","Kaspersky Internet Security (20231017)","Malwarebytes Premium (20231017)","McAfee Total Protection (20231017)","Norton Security (20231017)","Panda Dome (20231017)","Quick Heal Internet Security (20231017)","Sophos Home Premium (20231017)","SpyHunter5 (20231017)","Total AV Antivirus Pro (20231017)","Trend Micro Internet Security (20231017)","VIPRE Advanced Security (20231017)","VirIT eXplorer PRO (20231017)","Webroot SecureAnywhere (20231017)","Windows Defender (20231017)"],"avAllowList":["COMODO Antivirus (20231017)"]},{"isRevoked":"False","fileName":"FreeResourceExtractor.exe","fileVersion":"0.0","hashMD5":"7b8f8e5a855ae3567c61732b4402f5cd","hashSHA1":"57771946f0fce4db221177ea274ddd39eff153c2","hashSHA256":"2b579b5363856f1df7ebb5bb765b54fb71223b22703f63c5070a7a64c02731f3","sourceIndex":"871","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.freeresourceextractor.com/","directDownloadingLink":"http://www.freeresourceextractor.com/FreeResourceExtractor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeresourceextractor.com/FreeResourceExtractor.exe","sourceIndex":"871"}],"sampleFiles":["231009/FreeResourceExtractor-231009/8.8.2.4/Samples/FreeResourceExtractorSetup.exe"],"imageFiles":["231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-109/ACR-109_Install_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-048/ACR-048_Install_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-010/ACR-010_Install_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-013/ACR-013_Install_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-118/ACR-118_Uninstall_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-057/ACR-057_Bundler-made offers_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-071/ACR-071_Bundler-made offers_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":["231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-106/ACR-106_Software_1.jpeg","231009/FreeResourceExtractor-231009/8.8.2.4/Images/ACR-092/ACR-092_Software_1.png"],"guid":"bdf4b9d3-4541-4328-9e93-58762f3443c5_8.8.2.4_1","appID":"FreeResourceExtractor-231009","dateAdded":"231009","deceptorType":"App","name":"Free Resource Extractor","company":"FreeEXEDLLResourceExtractor, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"231009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-09T20:48:05.0903134+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":839},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-043":"Third-party components from \"Online Media Technologies Ltd'\" are installed without disclosure. \n\n","ACR-107":" The app does not obtain any authorization for using third-party components \"Online Media Technologies Ltd.\".\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless. Also, another App named \"CoolRecordEditPro\", was installed without disclosing it to the user and its clear relationship to the main app installed.\n\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeSoundRecorder.exe","fileVersion":"0.0","hashMD5":"18a8b045319c9ef3ae335a5c1f3ecacd","hashSHA1":"d387efc0983cf203b70ac9b4fb74d728fe6c8f79","hashSHA256":"957ff3e4c5cfed19a85ac8b7b29a2fe52ca25c95ae364b93c5eca59a35639914","sourceIndex":"872","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeSoundRecorder-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 FreeSoundRecorder Technologies, Inc.   ","fileVersion":"0.0","hashMD5":"63db8ea101ea004f3058fbfd5a811098","hashSHA1":"7d4b26299e6c606a4d73f73a46f6b78c2c2af995","hashSHA256":"64670b372cc4898c9ee419e3ab14aa887ffb04cd98ac72de8c0091228bb879b3","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"872","avBlockList":["360 Total Security (20231012)","Avast Premium Security (20231012)","AVG Internet Security (20231012)","Avira Internet Security (20231012)","Bitdefender Internet Security (20231012)","Dr.Web Security Space (20231012)","ESET Internet Security (20231012)","G DATA INTERNET SECURITY (20231012)","K7 Total Security (20231012)","Kaspersky Internet Security (20231012)","Malwarebytes Premium (20231012)","McAfee Total Protection (20231012)","Norton Security (20231012)","Panda Dome (20231012)","Quick Heal Internet Security (20231012)","Sophos Home Premium (20231012)","SpyHunter5 (20231012)","Total AV Antivirus Pro (20231012)","Trend Micro Internet Security (20231012)","VIPRE Advanced Security (20231012)","VirIT eXplorer PRO (20231012)","Webroot SecureAnywhere (20231012)","Windows Defender (20231012)"],"avAllowList":["COMODO Antivirus (20231012)","Tencent PC Manager (20220811)"]},{"isRevoked":"False","fileName":"FreeSoundRecorderSetup_new.exe","isInstaller":"True","companyName":"Copyright© 2005-2023 FreeSoundRecorder Technologies, Inc.   ","fileVersion":"0.0","hashMD5":"9c1a99f4e200be1976875ceb0924dcb0","hashSHA1":"8061ab9eb41087aa33daa2fb91277aafaf58ce69","hashSHA256":"3758b8a70cefa2b7aded2b769fb5d8b15b8aba8e0e5d2614338be699a0192e79","sourceIndex":"872","avBlockList":["360 Total Security (20230706)","Avast Premium Security (20230706)","AVG Internet Security (20230706)","Avira Internet Security (20230706)","Bitdefender Internet Security (20230706)","ESET Internet Security (20230706)","G DATA INTERNET SECURITY (20230706)","K7 Total Security (20230706)","Kaspersky Internet Security (20230706)","Malwarebytes Premium (20230706)","McAfee Total Protection (20230706)","Norton Security (20230706)","Panda Dome (20230706)","Quick Heal Internet Security (20230706)","Sophos Home Premium (20230706)","SpyHunter5 (20230706)","Total AV Antivirus Pro (20230706)","VIPRE Advanced Security (20230706)","VirIT eXplorer PRO (20230706)","Webroot SecureAnywhere (20230706)"],"avAllowList":["COMODO Antivirus (20230706)","Dr.Web Security Space (20230706)","Trend Micro Internet Security (20230706)","Windows Defender (20230706)"]},{"isRevoked":"False","fileName":"FreeSoundRecorder_231009.exe","isInstaller":"True","companyName":"Copyright© 2005-2022 FreeSoundRecorder Technologies, Inc.   ","fileVersion":"0.0","hashMD5":"cb108bd4257166466d015e364cb6d627","hashSHA1":"0d04d82dd185354049a813b0f855248b182dbf45","hashSHA256":"c65428a9dbd9eab0f6c036ed055fffa992ef2652c7ae3c80390d882f222661aa","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"872","avBlockList":["360 Total Security (20231017)","Avast Premium Security (20231017)","AVG Internet Security (20231017)","Avira Internet Security (20231017)","Bitdefender Internet Security (20231017)","COMODO Antivirus (20231017)","Dr.Web Security Space (20231017)","ESET Internet Security (20231017)","G DATA INTERNET SECURITY (20231017)","K7 Total Security (20231017)","Kaspersky Internet Security (20231017)","Malwarebytes Premium (20231017)","McAfee Total Protection (20231017)","Norton Security (20231017)","Panda Dome (20231017)","Quick Heal Internet Security (20231017)","Sophos Home Premium (20231017)","SpyHunter5 (20231017)","Total AV Antivirus Pro (20231017)","Trend Micro Internet Security (20231017)","VIPRE Advanced Security (20231017)","VirIT eXplorer PRO (20231017)","Webroot SecureAnywhere (20231017)"],"avAllowList":["Windows Defender (20231017)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"CoolRecordEditPro","landingPage":"https://coolrecordedit.com/freesoundrecorder/","directDownloadingLink":"http://coolrecordedit.com/FreeSoundRecorder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://coolrecordedit.com/FreeSoundRecorder.exe","sourceIndex":"872"}],"sampleFiles":["231009/FreeSoundRecorder-220805/10.8.8/Samples/FreeSoundRecorder.exe","231009/FreeSoundRecorder-220805/10.8.8/Samples/FreeSoundRecorder-setup.exe","231009/FreeSoundRecorder-220805/10.8.8/Samples/FreeSoundRecorderSetup_new.exe","231009/FreeSoundRecorder-220805/10.8.8/Samples/FreeSoundRecorder_231009.exe"],"imageFiles":["231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-039/ACR-039_AnotherApp.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-043/ACR-043_107_NCT_thirdparty.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-010/RK.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-107/ACR-043_107_NCT_thirdparty.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-118/ACR-118_RetainedComponents.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-057/RK.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-059/RK.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-071/RK.jpg","231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["231009/FreeSoundRecorder-220805/10.8.8/Images/ACR-106/RK.jpg"],"guid":"ec56d24a-4b5d-41e4-8a2a-e350da542e45_10.8.8_1","appID":"FreeSoundRecorder-220805","dateAdded":"231009","deceptorType":"App","name":"Free Sound Recorder","company":"FreeSoundRecorder Technologies, Inc.","version":"10.8.8","lastKnownStatus":"10.8.8","lastKnownDate":"231009","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps","lastUpdate":"2023-10-09T16:03:16.619635+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":838},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n\n","ACR-039":"There is no clear indication about the relationship of the monetization components from the third-party monetizer. The \"dotSetup License\" links to 'https://rise-platforms.com/privacy/' -- misleads user that they are for Carrier app.\n"},"nonDeceptorViolations":{"ACR-044":"No attribution is given to the download manager. Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-035":"The download manager's EULA/Terms of Service and Privacy Policy has no  contact information for the source.\n"},"samples":[{"isRevoked":"False","fileName":"pivot_v5-1.exe","isInstaller":"True","fileVersion":"1.92","hashMD5":"853713e72866f18c6aefe7cc504509db","hashSHA1":"9e77617dda62f12c04421a3f36d54d44c7869038","hashSHA256":"e3db3aaa17473423bff5a4200ae6b763de011d49efa6f3b44a7c25904667570f","digitalCertThumbprint":"510383F7CBF1AF5F6E860B7934315F6A0065981A","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=MOTUS SOFTWARE LTD, O=MOTUS SOFTWARE LTD, L=Lewes, C=GB","sourceIndex":"873","avBlockList":["360 Total Security (20240220)","Avira Internet Security (20240220)","COMODO Antivirus (20240220)","Dr.Web Security Space (20240220)","ESET Internet Security (20240220)","G DATA INTERNET SECURITY (20240220)","K7 Total Security (20240220)","Kaspersky Internet Security (20240220)","Malwarebytes Premium (20240220)","Norton Security (20240220)","Panda Dome (20240220)","Quick Heal Internet Security (20240220)","Sophos Home Premium (20240220)","SpyHunter5 (20240220)","Total AV Antivirus Pro (20240220)","Trend Micro Internet Security (20240220)","VirIT eXplorer PRO (20240220)","Webroot SecureAnywhere (20240220)"],"avAllowList":["Avast Premium Security (20240220)","AVG Internet Security (20240220)","Bitdefender Internet Security (20240220)","McAfee Total Protection (20240220)","VIPRE Advanced Security (20240220)","Windows Defender (20240220)"]}],"additionalFiles":[],"sources":[{"howFound":"dotsetup license","reference":"","landingPage":"https://pivotanimator.net/","directDownloadingLink":"https://dd21m32yacj0k.cloudfront.net/ver/de/v8.15.74.64.659/pivot_v5-1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dd21m32yacj0k.cloudfront.net/ver/de/v8.15.74.64.659/pivot_v5-1.exe","sourceIndex":"873"}],"sampleFiles":["231005/PivotAnimatorBundler-180701/5.1.31/Samples/pivot_v5-1.exe"],"imageFiles":["231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-039/ACR-039.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-042/ACR-042.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-075/ACR-075.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-013/OptionalOffer-1.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-013/OptionalOffer-2.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-060/OptionalOffer-1.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-060/OptionalOffer-2.jpg"],"nonDeceptorImageFiles":["231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-044/ACR-044.jpg","231005/PivotAnimatorBundler-180701/5.1.31/Images/ACR-035/pivotanimator_Terms.jpeg"],"guid":"2ed5eb5b-a309-4b8b-9d50-393b795593a8_5.1.31_1","appID":"PivotAnimatorBundler-180701","dateAdded":"231005","deceptorType":"Bundler","name":"PivotAnimator Bundler","company":"Motus Software Ltd","version":"5.1.31","lastKnownStatus":"5.1.31","lastKnownDate":"231005","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-05T18:37:03.7537769+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":2,"sortOrder":840},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-059":"Makes offers not clearly marked as offers.\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"No attribution is given to the download manager. Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No links are provided for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy of the download manager.\n","ACR-035":"The download manager's EULA/Terms of Service and Privacy Policy has no  contact information for the source.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"pivot_v4-2 (1).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0ac8343daa9fad99fe4cb69bc370fdc6","hashSHA1":"bc868f1e994b039506dac85dc5ceb9001d4e048c","hashSHA256":"c124d36d5ebdc8be32a910b78239f9e1b8656d08705268a3c9da46e463eb41a0","digitalCertThumbprint":"33A721AA15B240CA731036C3249305D46A39E509","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Motus Software Ltd, OU=IT, O=Motus Software Ltd, L=Lewes, C=GB","sourceIndex":"3451","avBlockList":["360 Total Security (20231017)","Avast Premium Security (20231017)","AVG Internet Security (20231017)","Avira Internet Security (20231017)","Bitdefender Internet Security (20231017)","COMODO Antivirus (20231017)","Dr.Web Security Space (20231017)","ESET Internet Security (20231017)","G DATA INTERNET SECURITY (20231017)","Kaspersky Internet Security (20231017)","Malwarebytes Premium (20231017)","McAfee Total Protection (20231017)","Norton Security (20231017)","Panda Dome (20231017)","Quick Heal Internet Security (20231017)","Sophos Home Premium (20231017)","SpyHunter5 (20231017)","Total AV Antivirus Pro (20231017)","Trend Micro Internet Security (20231017)","VIPRE Advanced Security (20231017)","VirIT eXplorer PRO (20231017)","Webroot SecureAnywhere (20231017)","Windows Defender (20231017)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"christopher installing and got driver restore, web discover, new search page automatically","landingPage":"pivotanimator.net","directDownloadingLink":"http://www.sewesidsanut.com/ix59e_hmTrR8Nvno_nO+FwBEM12BVfoPrwXiNfsMIUD+6Q3VJKyFsQ_cYv0h1sZuY5k4TCq6yh00SgJuYFzl39XNGOuFngHZw7cvXVJ9vMMLNZ8WPirIKS_Ri7rEi6LBRWhkvk+dZ02Q9nMiRx8ep07XBa+aqO+56NDwq88pYBR6j_rNNFTb1Z6N_tnia8HnHtf7zeDypMcvJX9q0pveLCI1+K7B1yH49VOaelAAymGlx8nEah1hB3I1XL_2GuLZy0jMvvzPH9_jCQY+BcnayJf2vsvTatEHSfOsxzsdqbhMXFSgs4B0oLdxtiSXhjixxKfbuHAaW6wL6WtFqhUugZBzpTDZjQ==-GzEAAMRtbD7ndXtUogKHHDj9kDYPKNgYO88jRTfW+NVn7xCaiU7r8UwHtQA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.sewesidsanut.com/ix59e_hmTrR8Nvno_nO+FwBEM12BVfoPrwXiNfsMIUD+6Q3VJKyFsQ_cYv0h1sZuY5k4TCq6yh00SgJuYFzl39XNGOuFngHZw7cvXVJ9vMMLNZ8WPirIKS_Ri7rEi6LBRWhkvk+dZ02Q9nMiRx8ep07XBa+aqO+56NDwq88pYBR6j_rNNFTb1Z6N_tnia8HnHtf7zeDypMcvJX9q0pveLCI1+K7B1yH49VOaelAAymGlx8nEah1hB3I1XL_2GuLZy0jMvvzPH9_jCQY+BcnayJf2vsvTatEHSfOsxzsdqbhMXFSgs4B0oLdxtiSXhjixxKfbuHAaW6wL6WtFqhUugZBzpTDZjQ==-GzEAAMRtbD7ndXtUogKHHDj9kDYPKNgYO88jRTfW+NVn7xCaiU7r8UwHtQA=","sourceIndex":"3451"}],"sampleFiles":["180710/PivotAnimatorBundler-180701/PivotAnimator/Samples/pivot_v4-2 (1).exe"],"imageFiles":["180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-039/ACR-039_install.mp4","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-048/ACR-048_install.mp4","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-059/ACR-059_bundleroffers.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-059/ACR-059_bundleroffers1.JPG"],"nonDeceptorImageFiles":["180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-044/ACR-044_install.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-044/ACR-044_install1.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-065/ACR-065_install.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-035/ACR-035_docs.JPG","180710/PivotAnimatorBundler-180701/PivotAnimator/Images/ACR-152/ACR-152_bundleroffers.mp4"],"guid":"2ed5eb5b-a309-4b8b-9d50-393b795593a8_PivotAnimator_1","appID":"PivotAnimatorBundler-180701","dateAdded":"231005","deceptorType":"Bundler","name":"PivotAnimator Bundler","company":"Motus Software Ltd","version":"PivotAnimator","sigName":"Deceptor:Win32/PivotAnimatorBundler!039048050059","lastKnownStatus":"5.1.31","lastKnownDate":"231005","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-05T00:00:00+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":2,"sortOrder":841},{"violations":{"ACR-046":"Options to disable run windows startup and setting as default client for certain file types made to look hidden at installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-155":"Offers are inserted to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-072":"The bundler offered the \"Yandex\" app twice.\n"},"samples":[{"isRevoked":"False","fileName":"Light_Alloy-1424169.exe","isInstaller":"True","companyName":"uFiler.pro","fileVersion":"1.0","hashMD5":"9595e49300c884ea972200f03d7551aa","hashSHA1":"32266d5316e4a71037304a73b71970e422d0c4c7","hashSHA256":"a4c8b95638e736bfd4cabdf43121ebb65229c3754a2bb35ffe9a81a8091c2d16","digitalCertThumbprint":"81C8BD7ED10A85B4679A9AFA9EBBBA1188BC133C","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=fundoragames@yandex.ru, CN=IP Iaroslavskii Anton Andreyevich, O=IP Iaroslavskii Anton Andreyevich, L=Petrozavodsk, S=Republic of Karelia, C=RU","sourceIndex":"879","avBlockList":["Avast Premium Security (20240222)","AVG Internet Security (20240222)","Avira Internet Security (20240222)","Bitdefender Internet Security (20240222)","COMODO Antivirus (20240222)","Dr.Web Security Space (20240222)","ESET Internet Security (20240222)","G DATA INTERNET SECURITY (20240222)","K7 Total Security (20240222)","Kaspersky Internet Security (20240222)","Malwarebytes Premium (20240222)","McAfee Total Protection (20240222)","Norton Security (20240222)","Panda Dome (20240222)","Quick Heal Internet Security (20240222)","Sophos Home Premium (20240222)","SpyHunter5 (20240222)","Total AV Antivirus Pro (20240222)","Trend Micro Internet Security (20240222)","VIPRE Advanced Security (20240222)","VirIT eXplorer PRO (20240222)","Webroot SecureAnywhere (20240222)"],"avAllowList":["360 Total Security (20240222)","Windows Defender (20240222)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://atmosoft.ru/","landingPage":"https://ufiler-pro.ru/","directDownloadingLink":"https://ufiler-pro2.ru/download/d/2262/?i=dGl0bGU9VEdsbmFIUWdRV3hzYjNrPSZkZXNjcmlwdGlvbj0wS0hRdXRDdzBZZlFzTkM1MFlMUXRTRFFzdEM0MExUUXRkQytJTkMvMFlEUXZ0QzQwTFBSZ05HTDBMTFFzTkdDMExYUXU5R01JRXhwWjJoMElFRnNiRzk1SU5DOTBMQWcwWUhRc3RDKzBMa2cwTHJRdnRDODBML1JqTkdPMFlMUXRkR0FMaURRbE5DNzBZOGcwTGZRc05DejBZRFJnOUMzMExyUXVDRFF0TkMrMFlIUmd0R0QwTC9RdmRDd0lOQy8wTDdSZ2RDNzBMWFF0TkM5MFkvUmp5RFFzdEMxMFlEUmdkQzQwWThnMEwvUmdOQzQwTHZRdnRDMjBMWFF2ZEM0MFk4ZzBMM1FzQ0RSZ05HRDBZSFJnZEM2MEw3UXZDNHVMZz09JnBvc3Rlcj1hSFIwY0hNNkx5OWhkRzF2YzI5bWRDNXlkUzltZFd4c0wyeGhMbkJ1Wnc9PSZzaXplPSZjYXRlZ29yeT0wSkxRdU5DMDBMWFF2dEMvMFlEUXZ0QzQwTFBSZ05HTDBMTFFzTkdDMExYUXU5QzQmdGhlbWU9JmZpbGU9YUhSMGNITTZMeTloZEcxdmMyOW1kQzV5ZFM4ek1qRXRaMlYwTFd4cFoyaDBMV0ZzYkc5NUxtaDBiV3c9","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ufiler-pro2.ru/download/d/2262/?i=dGl0bGU9VEdsbmFIUWdRV3hzYjNrPSZkZXNjcmlwdGlvbj0wS0hRdXRDdzBZZlFzTkM1MFlMUXRTRFFzdEM0MExUUXRkQytJTkMvMFlEUXZ0QzQwTFBSZ05HTDBMTFFzTkdDMExYUXU5R01JRXhwWjJoMElFRnNiRzk1SU5DOTBMQWcwWUhRc3RDKzBMa2cwTHJRdnRDODBML1JqTkdPMFlMUXRkR0FMaURRbE5DNzBZOGcwTGZRc05DejBZRFJnOUMzMExyUXVDRFF0TkMrMFlIUmd0R0QwTC9RdmRDd0lOQy8wTDdSZ2RDNzBMWFF0TkM5MFkvUmp5RFFzdEMxMFlEUmdkQzQwWThnMEwvUmdOQzQwTHZRdnRDMjBMWFF2ZEM0MFk4ZzBMM1FzQ0RSZ05HRDBZSFJnZEM2MEw3UXZDNHVMZz09JnBvc3Rlcj1hSFIwY0hNNkx5OWhkRzF2YzI5bWRDNXlkUzltZFd4c0wyeGhMbkJ1Wnc9PSZzaXplPSZjYXRlZ29yeT0wSkxRdU5DMDBMWFF2dEMvMFlEUXZ0QzQwTFBSZ05HTDBMTFFzTkdDMExYUXU5QzQmdGhlbWU9JmZpbGU9YUhSMGNITTZMeTloZEcxdmMyOW1kQzV5ZFM4ek1qRXRaMlYwTFd4cFoyaDBMV0ZzYkc5NUxtaDBiV3c9","sourceIndex":"879"}],"sampleFiles":["231002/uFiler-200626/2022.2.0.0/Samples/Light_Alloy-1424169.exe"],"imageFiles":["231002/uFiler-200626/2022.2.0.0/Images/ACR-046/uFile_Startup.mp4","231002/uFiler-200626/2022.2.0.0/Images/ACR-155/YandexOffer-1.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-155/YandexOffer-2.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-013/YandexOffer-1.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-013/YandexOffer-2.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-060/YandexOffer-1.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-060/YandexOffer-2.jpg"],"nonDeceptorImageFiles":["231002/uFiler-200626/2022.2.0.0/Images/ACR-072/YandexOffer-1.jpg","231002/uFiler-200626/2022.2.0.0/Images/ACR-072/YandexOffer-2.jpg"],"guid":"fbb3e38d-0235-403b-bfad-fdff4c237de2_2022.2.0.0_1","appID":"uFiler-200626","dateAdded":"231002","deceptorType":"App","name":"uFiler","company":"uFIler.pro","version":"2022.2.0.0","lastKnownStatus":"1.0.0;2022.2.0.0","lastKnownDate":"231002","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-10-02T20:56:14.5874905+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":847},{"violations":{"ACR-057":"The way to reject the offer is not straightforward for the user, because the checkbox that is used to accept or decline the offer is not placed in the right context and it comes pre-checked.\n","ACR-053":"Bundler had three offers with no skip offers option.\n","ACR-055":"The option to decline the installation of the offer is different for the first offer and the second offer. The first offer requires the user to uncheck a pre-checked checkbox, and the second offer provides a clearly labeled \"reject\" button.\n","ACR-155":"Offers are inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The checkbox to accept the bundler offer is pre-checked and placed next to checkmarks that show the functionalities of the bundler app. \n","ACR-072":"The bundler offered the \"Yandex\" app twice.\n"},"samples":[{"isRevoked":"False","fileName":"Get_uFiler-174892.exe","isInstaller":"True","companyName":"uFiler.pro","fileVersion":"1.0","hashMD5":"3acca0401a8a0c7688248bbd4a29f02e","hashSHA1":"67bbf1fedd7d6ae8b24d7d6f6a498c2abf7af8c7","hashSHA256":"43284d1cb8fea4a034b7c9ac5ab2cf06893ba2ff05284fb6e1e62f3e4fc5ee9d","digitalCertThumbprint":"608CC3EF91449D9B457D56A91B11EFC4F19A04BB","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=IP Iaroslavskii Anton Andreevich, O=IP Iaroslavskii Anton Andreevich, STREET=\"Lenina str, 35-24,\", L=Petrozavodsk, S=Karelia, PostalCode=185000, C=RU","sourceIndex":"2397","avBlockList":["Avast Premium Security (20201008)","AVG Internet Security (20201008)","Avira Internet Security (20201008)","Bitdefender Internet Security (20201008)","COMODO Antivirus (20201008)","Dr.Web Security Space (20201008)","ESET Internet Security (20201008)","G DATA INTERNET SECURITY (20201008)","K7 Total Security (20201008)","Kaspersky Internet Security (20201008)","Malwarebytes Premium (20201008)","McAfee Total Protection (20201008)","Norton Security (20201008)","Panda Dome (20201008)","Quick Heal Internet Security (20201008)","Sophos Home Premium (20201008)","SpyHunter5 (20201008)","Total AV Antivirus Pro (20201008)","Trend Micro Internet Security (20201008)","VIPRE Advanced Security (20201008)","VirIT eXplorer PRO (20201008)","Webroot SecureAnywhere (20201008)","Windows Defender (20201008)"],"avAllowList":["360 Total Security (20201008)","Tencent PC Manager (20201008)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://ufiler-pro.ru/l/14/72113514/download/1044/?i=dGl0bGU9JmRlc2NyaXB0aW9uPSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT0mZmlsZT0=&sw=VUZJTEVS","directDownloadingLink":"https://ufiler-pro.ru/download/d/1044/?i=dGl0bGU9JmRlc2NyaXB0aW9uPSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT0mZmlsZT0=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ufiler-pro.ru/download/d/1044/?i=dGl0bGU9JmRlc2NyaXB0aW9uPSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT0mZmlsZT0=","sourceIndex":"2397"}],"sampleFiles":["200630/uFiler-200626/1.0.0/Samples/Get_uFiler-174892.exe"],"imageFiles":["200630/uFiler-200626/1.0.0/Images/ACR-053/Screen Shot 2020-06-26 at 1.35.13 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-053/Screen Shot 2020-06-26 at 1.52.12 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-053/Screen Shot 2020-06-26 at 1.57.27 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-055/Screen Shot 2020-06-26 at 1.52.12 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-055/Screen Shot 2020-06-26 at 1.57.27 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-057/Screen Shot 2020-06-26 at 1.52.12 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-155/Screen Shot 2020-06-26 at 1.52.12 PM.png"],"nonDeceptorImageFiles":["200630/uFiler-200626/1.0.0/Images/ACR-054/Screen Shot 2020-06-26 at 1.52.12 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-072/Screen Shot 2020-06-26 at 1.35.13 PM.png","200630/uFiler-200626/1.0.0/Images/ACR-072/Screen Shot 2020-06-26 at 1.52.12 PM.png"],"guid":"fbb3e38d-0235-403b-bfad-fdff4c237de2_1.0.0_1","appID":"uFiler-200626","dateAdded":"231002","deceptorType":"App","name":"uFiler","company":"uFIler.pro","version":"1.0.0","sigName":"Deceptor:Win32/uFiler!053055057155","lastKnownStatus":"1.0.0;2022.2.0.0","lastKnownDate":"231002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-10-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":848},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable and \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n\n","ACR-155":"Offers is designed to look like part of the install workflow.\n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n\n","ACR-092":"The app does not have a digital signature for any executable.\n"},"samples":[{"isRevoked":"False","fileName":"FreeWiFiHotspot_Setup.exe","isInstaller":"True","companyName":"FreeWiFiHotspot Co. Ltd.                                   ","productName":"Free WiFi Hotspot                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"ddcd3fc71a422569270dcfb2c4a70921","hashSHA1":"18f0c6dc220ced77fbe5a671f427fc758e6c9515","hashSHA256":"713f2e149b2ea056413410c4cd59ae8508228ccf4c0bc92e225557b34c7e961f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"878","avBlockList":["360 Total Security (20240321)","Avast Premium Security (20240321)","AVG Internet Security (20240321)","Avira Internet Security (20240321)","Bitdefender Internet Security (20240321)","COMODO Antivirus (20240321)","Dr.Web Security Space (20240321)","ESET Internet Security (20240321)","G DATA INTERNET SECURITY (20240321)","K7 Total Security (20240321)","Kaspersky Internet Security (20240321)","Malwarebytes Premium (20240321)","McAfee Total Protection (20240321)","Norton Security (20240321)","Panda Dome (20240321)","Quick Heal Internet Security (20240321)","Sophos Home Premium (20240321)","SpyHunter5 (20240321)","Total AV Antivirus Pro (20240321)","VIPRE Advanced Security (20240321)","VirIT eXplorer PRO (20240321)","Webroot SecureAnywhere (20240321)"],"avAllowList":["Trend Micro Internet Security (20240321)","Windows Defender (20240321)"]}],"additionalFiles":[],"sources":[{"howFound":" searched related to Bundlers","reference":"","landingPage":"https://www.free-wifi-hotspot.com/","directDownloadingLink":"https://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe","sourceIndex":"878"}],"sampleFiles":["231002/FreeWiFiHotspot-220621/4.4.0/Samples/FreeWiFiHotspot_Setup.exe"],"imageFiles":["231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-109/ACR-109.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-048/ACR-048.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-010/ACR-010.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-118/ACR-118.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-057/ACR-057.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-059/ACR-059.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-071/ACR-071.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-155/ACR-155.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-013/ACR-013.JPG","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-106/ACR-106_Software_1.jpeg","231002/FreeWiFiHotspot-220621/4.4.0/Images/ACR-092/ACR-092_Software_1.jpeg"],"guid":"ef4eb7fe-8fff-411a-8911-123ef049d9ea_4.4.0_1","appID":"FreeWiFiHotspot-220621","dateAdded":"231002","deceptorType":"App","name":"Free WiFi Hotspot","company":"FreeWiFiHotspot Co., Ltd.","version":"4.4.0","lastKnownStatus":"4.2.0;4.4.0","lastKnownDate":"231002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-02T20:58:44.2763738+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":849},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"The Relevant Knowledge Offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent.\nThe App's version is inconsistent.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeWiFiHotspot.exe","companyName":"","productName":"Free WiFi Hotspot","fileVersion":"3.0.0.0","hashMD5":"566a0416da8cd85838f663197c80a3a8","hashSHA1":"9e5f4c3be41f6083f87f4ebc15d2ba06bf860f6a","hashSHA256":"17a49afeb71feaf25a91958015f6dfa952fa7559a799fc0717331381498bdd27","sourceIndex":"1549","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeWiFiHotspot-setup.exe","isInstaller":"True","companyName":"FreeWiFiHotspot Co., Ltd.                                   ","productName":"Free WiFi Hotspot       ","fileVersion":"0.0","hashMD5":"0bf4cfb955f19b65d09bd8924d699f33","hashSHA1":"b3ec9459f5c789d6e42eb14b03298782d7509244","hashSHA256":"4521826853d4a1e01192eb6082ef4b201d779f7bc6e41414d63eb3a8c2d91a03","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1549","avBlockList":["360 Total Security (20231005)","Avast Premium Security (20231005)","AVG Internet Security (20231005)","Avira Internet Security (20231005)","Bitdefender Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","ESET Internet Security (20231005)","G DATA INTERNET SECURITY (20231005)","K7 Total Security (20231005)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20231005)","McAfee Total Protection (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Quick Heal Internet Security (20231005)","Sophos Home Premium (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","Trend Micro Internet Security (20231005)","VIPRE Advanced Security (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)","Windows Defender (20231005)"],"avAllowList":["Tencent PC Manager (20220721)"]}],"additionalFiles":[],"sources":[{"howFound":" searched related to PCMate Free SystemCare","reference":"","landingPage":"https://www.free-wifi-hotspot.com/","directDownloadingLink":"https://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-wifi-hotspot.com/FreeWiFiHotspot.exe","sourceIndex":"1549"}],"sampleFiles":["220621/FreeWiFiHotspot-220621/4.2.0/Samples/FreeWiFiHotspot.exe","220621/FreeWiFiHotspot-220621/4.2.0/Samples/FreeWiFiHotspot-setup.exe"],"imageFiles":["220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-010/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-057/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-059/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-071/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_FileProperties.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_Installer.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_Software.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-106/RelevantKnowledge.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_FileProperties.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_Installer.jpg","220621/FreeWiFiHotspot-220621/4.2.0/Images/ACR-002/ACR-002_Software.jpg"],"guid":"ef4eb7fe-8fff-411a-8911-123ef049d9ea_4.2.0_1","appID":"FreeWiFiHotspot-220621","dateAdded":"231002","deceptorType":"App","name":"Free WiFi Hotspot","company":"FreeWiFiHotspot Co., Ltd.","version":"4.2.0","lastKnownStatus":"4.2.0;4.4.0","lastKnownDate":"231002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":850},{"violations":{"ACR-109":"Download Manager secretly writes the QBittorrent files (some are set to hide the protected operating system-only files) to the consumer system under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n","ACR-042":"1. The Download manager drops a third-party downloader \"QBittorrent\" to install the actual app \"Parappa The Rapper\" without providing appropriate consent and secretly writes the files (some are set to hide the protected operating system-only files) under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n2. App initiates network communications with 3rd party offer provider before obtaining user consent. \n","ACR-043":"Download manager drops a third-party downloader \"QBittorrent\" to install the actual app \"Parappa The Rapper\" without providing appropriate consent and secretly writes the files (some are set to hide the protected operating system-only files) under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n","ACR-107":"The Download manager drops a third-party downloader \"QBittorrent\" without providing any proper authorization to the user\n","ACR-048":"The app does not provide any control to view/execute/remove the QBittorrent file.\n","ACR-007":"The app reduces consumer security posture by secretly writing the QBittorrent file under which it is set to hide the protected operating system files without allowing the user to view/execute/remove the file.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"The app attempts to disguise the presence of the QBittorrent file as it is set to hide the protected operating system files without letting know to the user about the existence of the file.\n","ACR-097":"The app attempts to secretly write the QBittorrent file under which it is set to hide the protected operating system files without allowing the user to view/execute/remove the file.\n","ACR-116":"The app enables the consumer to hide the downloader 'QBittorrent' from the targeted consumer, which prevents them from uninstalling it using platform-standard features. \n","ACR-117":"The app attempts to conceal the executable of the  \"QBittorrent\" downloader by setting it to hide the protected operating system files.\n","ACR-118":"The app retains all its components on the user's device as there is no uninstall option to dump the files.\n","ACR-075":"After the carrier app was canceled during installation, the offers were still installed without any notification for the user.\n","ACR-039":"Download Manager secretly writes the QBittorrent files (some are set to hide the protected operating system-only files) to the consumer system under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n"},"nonDeceptorViolations":{"ACR-044":"1. The download manager doesn't disclose its bundling function when the user chooses to install the carrier app.\n2. No explicit attribution for the 3rd party Offer provider is shown at installation. Missing clear information about significant functions that it may show offers during installation. \n","ACR-040":"Download Manager secretly writes the QBittorrent files (some are set to hide the protected operating system-only files) to the consumer system under a hidden folder (C:\\Users\\User\\AppData\\Local\\Temp) without the user agreeing to install them.\n","ACR-093":"The app attempts to secretly write the QBittorrent file under which it is set to hide the protected operating system files without allowing the user to view/execute/remove the file. \n","ACR-123":"The app does not provide options to uninstall the \"QBittorrent\" downloader, thereby leaving the system unreverted and setting changes to the state of the user's system prior to the original app installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\is-UBH3S.tmp\\qbittorrent.exe","companyName":"The qBittorrent Project","productName":"qBittorrent","productVersion":"v4.4.2","fileVersion":"v4.4.2","hashMD5":"22a34900ada67ead7e634eb693bd3095","hashSHA1":"2913c78bcaaa6f4ee22b0977be72333d2077191d","hashSHA256":"3cec1e40e8116a35aac6df3da0356864e5d14bc7687c502c7936ee9b7c1b9c58","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"876","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Parappa The Rapper_buF-cz1.exe","isInstaller":"True","companyName":"                                                            ","productName":"AKSIUM AUDIT OOO                                           ","productVersion":"3.334.90                                          ","fileVersion":"3.334.90            ","hashMD5":"98f37b09dadc616079b92a6c5afdd066","hashSHA1":"b55932b9c10046cfccde0210d5da29f3e5b2afb9","hashSHA256":"1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9","digitalCertThumbprint":"E90AFBDA12D6B40BED9A1B68443BD5098672B9B4","digitalCertIssuer":"Domain The Net Technologies Ltd CA for Code Signing R2","digitalCertIssuedTo":"Axium Audit","storeId":"","sourceIndex":"876","avBlockList":["360 Total Security (20231012)","Avira Internet Security (20231012)","COMODO Antivirus (20231012)","Dr.Web Security Space (20231012)","ESET Internet Security (20231012)","G DATA INTERNET SECURITY (20231012)","K7 Total Security (20231012)","Kaspersky Internet Security (20231012)","Malwarebytes Premium (20231012)","McAfee Total Protection (20231012)","Norton Security (20231012)","Panda Dome (20231012)","Quick Heal Internet Security (20231012)","Sophos Home Premium (20231012)","SpyHunter5 (20231012)","Total AV Antivirus Pro (20231012)","VirIT eXplorer PRO (20231012)","Webroot SecureAnywhere (20231012)"],"avAllowList":["Avast Premium Security (20231012)","AVG Internet Security (20231012)","Bitdefender Internet Security (20231012)","Trend Micro Internet Security (20231012)","VIPRE Advanced Security (20231012)","Windows Defender (20231012)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on bundlers","reference":"","landingPage":"https://gamefabrique.com/games/parappa-the-rapper/","directDownloadingLink":"https://d21wo3xv2sta2f.cloudfront.net/installer/4162152/29319718575490","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d21wo3xv2sta2f.cloudfront.net/installer/4162152/29319718575490","sourceIndex":"876"}],"sampleFiles":["231002/AksiumAuditOOODownloadManager-230927/3.334.90/Samples/Parappa The Rapper_buF-cz1.exe"],"imageFiles":["231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-109/ACR-109.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-109/ACR-109 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-109/ACR-109 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-039/ACR-039.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-039/ACR-039 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-039/ACR-039 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-043/ACR-043.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-043/ACR-043 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-043/ACR-043 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-107/ACR-107.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-042/ACR-042.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-042/ACR-042_1.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-042/ACR-042 (3).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-042/ACR-042 (4).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-013/ACR-013 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-013/ACR-013 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-013/ACR-013 (3).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-084/ACR-084.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-097/ACR-097 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-097/ACR-097_1.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-048/ACR-048.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-048/ACR-048_1.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-007/ACR-007.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-007/ACR-007 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-116/ACR-116 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-116/ACR-116 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-117/ACR-117.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-118/ACR-118.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-075/ACR-075_Bundler-made offers_1.png","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-060/ACR-060 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-060/ACR-060 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-060/ACR-060 (3).JPG"],"nonDeceptorImageFiles":["231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (1).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (3).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (4).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-044/ACR-044 (5).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-040/ACR-040.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-093/ACR_093.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-093/ACR-093 (2).JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-123/ACR-123.JPG","231002/AksiumAuditOOODownloadManager-230927/3.334.90/Images/ACR-123/ACR-123_1.JPG"],"guid":"be209f6a-0904-4649-a8fa-9ad4873f4a8c_3.334.90_1","appID":"AksiumAuditOOODownloadManager-230927","dateAdded":"231002","deceptorType":"Bundler","name":"AKSIUM AUDIT, OOO Download Manager","company":"GameFabrique","version":"3.334.90","lastKnownStatus":"3.334.90","lastKnownDate":"231002","type":"Windows Executable","category":"Bundlers & Downloaders, Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-10-02T21:26:18.0928025+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":851},{"violations":{"ACR-048":"The app does not provide control the cancel the installation process.\nThe app does not provide any control to close the app completely within the app's settings.\n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-017":"The 3rd party endorsement (https://www.pdf-suite.com/join/) is not verifiable. \n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without providing any notification to the user that it is active. \n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PDFSuite2021Installer.exe","isInstaller":"True","companyName":"Interactive Brands Malta Limited","productName":"PDF Suite 2021 Installer","productVersion":"19.0.31.1888","fileVersion":"19.0.31.1888","hashMD5":"c8bcb696ac71c39f572012a3da86ca44","hashSHA1":"80b5a731e701cced2f591dec0af969086db3170b","hashSHA256":"0084bee54da2ee69cd6e066c734246b0c3c16ff43c151676a0257905b7217f22","digitalCertThumbprint":"10DFEDFA14DCA57EB58DF3A3DF6E2F3CEDCB6CCB","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS2","digitalCertIssuedTo":"Avanquest Software (7270356 Canada Inc)","storeId":"","sourceIndex":"883","avBlockList":["360 Total Security (20230907)","Avira Internet Security (20230907)","Dr.Web Security Space (20230907)","ESET Internet Security (20230907)","K7 Total Security (20230907)","Malwarebytes Premium (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","VirIT eXplorer PRO (20230907)"],"avAllowList":["Avast Premium Security (20230907)","AVG Internet Security (20230907)","Bitdefender Internet Security (20230907)","COMODO Antivirus (20230907)","G DATA INTERNET SECURITY (20230907)","Kaspersky Internet Security (20230907)","McAfee Total Protection (20230907)","Quick Heal Internet Security (20230907)","Trend Micro Internet Security (20230907)","VIPRE Advanced Security (20230907)","Webroot SecureAnywhere (20230907)","Windows Defender (20230907)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Bundlers","reference":"","landingPage":"https://www.pdf-suite.com/","directDownloadingLink":"https://www.pdf-suite.com/download/suite20/?mkey1=pdf-suite.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pdf-suite.com/download/suite20/?mkey1=pdf-suite.com","sourceIndex":"883"}],"sampleFiles":["230928/PDFSuite-230808/19.0.31.1888/Samples/PDFSuite2021Installer.exe"],"imageFiles":["230928/PDFSuite-230808/19.0.31.1888/Images/ACR-048/ACR-048(1).JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-013/ACR-013.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-084/ACR-084_1.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-048/ACR-048.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-048/ACR-048_1.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-155/ACR-155.JPG","230928/PDFSuite-230808/19.0.31.1888/Images/ACR-017/ACR-017_Internal offers_1.png"],"nonDeceptorImageFiles":[],"guid":"43d0fc90-a475-403e-9106-1e095d097268_19.0.31.1888_1","appID":"PDFSuite-230808","dateAdded":"230928","deceptorType":"Bundler","name":"PDF Suite","company":"Interactive Brands Malta Limited","version":"19.0.31.1888","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230928","firstResolvedVersion":"20.0.10.21497","resolved":"TRUE","lastKnownStatus":"19.0.31.1888","lastKnownDate":"230928","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-09-28T19:09:45.7997633+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":852},{"violations":{"ACR-048":"The app does not provide an option to cancel the installation and there is no way to exit the warning pop-up message that claims malware detection in the system.\n","ACR-003":"The App uses alarming colors and the word \"Error\" to make exaggerated claims about the system's health. The reports are not substantiated and urges the user to call the support number in order to fix the issue.\n","ACR-004":"The App uses the alarming colors and the word \"Error\" making exaggerated claims about the system's health without substantiating the scan results. It compels user to call the support number in order to complete the fix for the issues found in the system.\n","ACR-006":"The monetization should be clearly attributed. The call center name and website should be disclosed next to phone number.\n","ACR-168":"The app displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n\n","ACR-014":"The App misleads consumer into thinking that they have a system issue by displaying exaggerated number of \"errors\" and by using alarming colors without substantiating the scan results. It also urges the user to contact the support number in order to complete the fix for the issues found.\n \n"},"nonDeceptorViolations":{"ACR-160":"The app needs to use certified call center \n","ACR-168":"The Landing Page displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer. The support number does not matched what is displayed in the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"Global PC Cleaner Pro.exe","fileVersion":"1.0","hashMD5":"9c7d2501548dda06b19e6ddacc2f2322","hashSHA1":"e0be1c985829141235a0a241599e473a9e7c5e91","hashSHA256":"f9e889a1aa1ec425de3d0247f938ce86a72bbf17a6de565654e321a1d3bfa42c","sourceIndex":"259","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Global-PC-Cleaner-Pro-2.exe","isInstaller":"True","companyName":"Global ManySoft LTD","fileVersion":"1.0","hashMD5":"36be4f2cc3797a7ed17f0e3a2d3428dd","hashSHA1":"fe2732d1d4f5bed840f07afce9a40ba7194b6fa3","hashSHA256":"26bc674d0ea7798b9066b84e8bebe4a10a9077d3fc1ecad0f59d0722e4776668","sourceIndex":"259","avBlockList":["360 Total Security (20230420)","Avast Premium Security (20230420)","AVG Internet Security (20230420)","Avira Internet Security (20230420)","Bitdefender Internet Security (20230420)","COMODO Antivirus (20230420)","ESET Internet Security (20230420)","G DATA INTERNET SECURITY (20230420)","K7 Total Security (20230420)","Kaspersky Internet Security (20230420)","Malwarebytes Premium (20230420)","McAfee Total Protection (20230420)","Norton Security (20230420)","Panda Dome (20230420)","Quick Heal Internet Security (20230420)","Sophos Home Premium (20230420)","SpyHunter5 (20230420)","Total AV Antivirus Pro (20230420)","VIPRE Advanced Security (20230420)","VirIT eXplorer PRO (20230420)","Webroot SecureAnywhere (20230420)","Windows Defender (20230420)"],"avAllowList":["Dr.Web Security Space (20230420)","Trend Micro Internet Security (20230420)"]},{"isRevoked":"False","fileName":"Global-PC-Cleaner-Silentsent.exe","isInstaller":"True","companyName":"Global ManySoft LTD","fileVersion":"1.0","hashMD5":"dac21331094d3402ecac03975c666acc","hashSHA1":"207ae19140ecb8448b05afb629b209b06ac7d540","hashSHA256":"152e046e93132f29204032fd79017cb4327b90e74ff742c17fe6e753dc4f3108","sourceIndex":"259","avBlockList":["360 Total Security (20231005)","Avast Premium Security (20231005)","AVG Internet Security (20231005)","Avira Internet Security (20231005)","ESET Internet Security (20231005)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20231005)","McAfee Total Protection (20231005)","Norton Security (20231005)","Panda Dome (20231005)","Quick Heal Internet Security (20231005)","Sophos Home Premium (20231005)","SpyHunter5 (20231005)","Total AV Antivirus Pro (20231005)","VirIT eXplorer PRO (20231005)","Webroot SecureAnywhere (20231005)"],"avAllowList":["Bitdefender Internet Security (20231005)","COMODO Antivirus (20231005)","Dr.Web Security Space (20231005)","G DATA INTERNET SECURITY (20231005)","K7 Total Security (20231005)","Trend Micro Internet Security (20231005)","VIPRE Advanced Security (20231005)","Windows Defender (20231005)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://globalmanysoft.com/","directDownloadingLink":"http://globalmanysoft.com/wp-content/uploads/2023/03/Global-PC-Cleaner-Pro-2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://globalmanysoft.com/wp-content/uploads/2023/03/Global-PC-Cleaner-Pro-2.exe","sourceIndex":"259"}],"sampleFiles":["230927/GlobalPCCleanerPro-230413/1.0.0.0/Samples/Global PC Cleaner Pro.exe","230927/GlobalPCCleanerPro-230413/1.0.0.0/Samples/Global-PC-Cleaner-Pro-2.exe","230927/GlobalPCCleanerPro-230413/1.0.0.0/Samples/Global-PC-Cleaner-Silentsent.exe"],"imageFiles":["230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-048/Cannot_Cancel_Installation.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-048/Warning_malware_detection.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-004/Alarming_ScanResults.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-004/Alarming_ScanResults_.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-004/Warning_malware_detection.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-168/Support.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-168/Alarming_ScanResults_.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-003/Alarming_ScanResults.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-003/Alarming_ScanResults_.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-003/Warning_malware_detection.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-006/Support.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-014/Alarming_ScanResults.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-014/Alarming_ScanResults_.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-014/Warning_malware_detection.jpg"],"nonDeceptorImageFiles":["230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-168/CallCenter.jpg","230927/GlobalPCCleanerPro-230413/1.0.0.0/Images/ACR-006/GlobalPCCleaner_LP.png"],"guid":"0ae54986-510a-4e6b-825f-900fdea179f7_1.0.0.0_1","appID":"GlobalPCCleanerPro-230413","dateAdded":"230927","deceptorType":"App","name":"Global PC Cleaner Pro","company":"Global ManySoft LTD","version":"1.0.0.0","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-12-31T23:22:36.8615971+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":853},{"violations":{"ACR-046":"The Yandex Offer is preselected in the installation and requires user action in order to decline the offer. \n\n","ACR-003":"The application exaggerates cache, junk files and registry entries as being problems, thereby misleading or scaring user to take action. \n","ACR-004":"The app requires the user to upgrade to provide complete fix for non-permanent issues identified during free scan.\n\n","ACR-055":"Accept and decline for the optional offer must be obvious.\n","ACR-155":"Offer is inserted into the install workflow with a pre-selected option to trick the consumer to install the offer. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ARNMNGR.EXE","companyName":"AMS Software","productName":"Ускоритель компьютера - Менеджер отложенного запуска","productVersion":"1.0","fileVersion":"1.0.0.304","hashMD5":"ee11f8a5da89f386e01d1d1c755f17f4","hashSHA1":"537390d76cedbb75f62eab625aca96bdd921b710","hashSHA256":"81b6f3e11c995092871afc548f339eb9676cd834f44c6bb7ea9849d5a1b6fb1f","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"1327","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FastComputerOT.exe","isInstaller":"True","companyName":"AMS Software                                                ","fileVersion":"0.0","hashMD5":"aed48168d055fd42beb4c36a7f52c424","hashSHA1":"e21d8e59818b5e7fac2952a1d50ee2b34c4ff28c","hashSHA256":"d8b3765851ae983c2d3233730f3c5059b01021d20e1515b94fd48c9feb21bd1c","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"1327","avBlockList":["Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","K7 Total Security (20231003)","Kaspersky Internet Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)","Windows Defender (20231003)"],"avAllowList":["360 Total Security (20231003)","Bitdefender Internet Security (20231003)","COMODO Antivirus (20231003)","G DATA INTERNET SECURITY (20231003)","Trend Micro Internet Security (20231003)","VIPRE Advanced Security (20231003)"]},{"isRevoked":"False","fileName":"OPTIM.EXE","companyName":"AMS Software","productName":"Ускоритель компьютера","productVersion":"4.0","fileVersion":"4.0.0.806","hashMD5":"6611035a18ced728d8096918cf2b7b5c","hashSHA1":"795b0bcb215180582c960c271f0189488771c3d2","hashSHA256":"49d57851ec6ce86ca761829e327c21fb696d2b6816b7f1585200998e54384427","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"1327","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OptimAdmin.exe","companyName":"AMS Software","productName":"Ускоритель компьютера","productVersion":"4.0","fileVersion":"4.0.0.806","hashMD5":"999fd306374f133020540c04b5b34069","hashSHA1":"494dfd811a5c3b51999c11c079db03a18e3bc6ec","hashSHA256":"d79834e01508f481465bcd9edbd2a778f92199b3e57fda4e2469e7eedfdecc5d","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"1327","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"appforwin software downloads","reference":"","landingPage":"https://fast-computer.su/","directDownloadingLink":"https://fast-computer.su/out_pages.php?out=FastComputerOT.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fast-computer.su/out_pages.php?out=FastComputerOT.exe","sourceIndex":"1327"}],"sampleFiles":["221111/FastComputer-221104/4.0.0.304/Samples/ArnMngr.exe","221111/FastComputer-221104/4.0.0.304/Samples/FastComputerOT.exe","221111/FastComputer-221104/4.0.0.304/Samples/Optim.exe","221111/FastComputer-221104/4.0.0.304/Samples/OptimAdmin.exe"],"imageFiles":["221111/FastComputer-221104/4.0.0.304/Images/ACR-046/ACR-155_046_055_048_Yandex.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-055/ACR-155_046_055_048_Yandex.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-004/ACR-004_IncompleteFix_non_permanent_items.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-003/ACR-003_Problems_Errors.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-003/ACR-003_Fix_Problems.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-003/ACR-003_Problems_Errors_Registries.jpg","221111/FastComputer-221104/4.0.0.304/Images/ACR-155/ACR-155_046_055_048_Yandex.jpg"],"nonDeceptorImageFiles":[],"guid":"34a26a53-87a1-4349-ab5a-c18253a18140_4.0.0.304_1","appID":"FastComputer-221104","dateAdded":"230927","deceptorType":"App","name":"Fast Computer","company":"AMS Software","version":"4.0.0.304","lastKnownStatus":"Deceptor:4.0.0.304;4.0.0.806","lastKnownDate":"230927","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,sold in bundle","lastUpdate":"2023-09-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":855},{"violations":{"ACR-046":"The Yandex Offer is preselected in the installation and requires user action in order to decline the offer. \n\n","ACR-003":"The application exaggerates cache, junk files and registry entries as \"Errors\", misleading or scaring user to take action. \n","ACR-004":"The app requires the user to upgrade in order to provide complete fix for non-permanent issues identified during free scan.\n\n","ACR-055":"Accept and decline for the optional offer must be obvious.\n","ACR-155":"Offer is inserted into the install workflow with a pre-selected option to trick the consumer to install the offer. \n"},"nonDeceptorViolations":{"ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the software and landing page.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n"},"samples":[{"isRevoked":"False","fileName":"FastComputerPS1.exe","isInstaller":"True","companyName":"AMS Software                                                ","fileVersion":"0.0","hashMD5":"aed48168d055fd42beb4c36a7f52c424","hashSHA1":"e21d8e59818b5e7fac2952a1d50ee2b34c4ff28c","hashSHA256":"d8b3765851ae983c2d3233730f3c5059b01021d20e1515b94fd48c9feb21bd1c","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"885","avBlockList":["Avast Premium Security (20231003)","AVG Internet Security (20231003)","Avira Internet Security (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","K7 Total Security (20231003)","Kaspersky Internet Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)","Windows Defender (20231003)"],"avAllowList":["360 Total Security (20231003)","Bitdefender Internet Security (20231003)","COMODO Antivirus (20231003)","G DATA INTERNET SECURITY (20231003)","Trend Micro Internet Security (20231003)","VIPRE Advanced Security (20231003)"]},{"isRevoked":"False","fileName":"OPTIM.EXE","companyName":"AMS Software","productName":"Ускоритель компьютера","productVersion":"","fileVersion":"4.0.0.806","hashMD5":"6611035a18ced728d8096918cf2b7b5c","hashSHA1":"795b0bcb215180582c960c271f0189488771c3d2","hashSHA256":"49d57851ec6ce86ca761829e327c21fb696d2b6816b7f1585200998e54384427","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"885","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OptimAdmin.exe","companyName":"AMS Software","productName":"Ускоритель компьютера","fileVersion":"4.0.0.806","hashMD5":"999fd306374f133020540c04b5b34069","hashSHA1":"494dfd811a5c3b51999c11c079db03a18e3bc6ec","hashSHA256":"d79834e01508f481465bcd9edbd2a778f92199b3e57fda4e2469e7eedfdecc5d","digitalCertThumbprint":"EA92364DD9408FF347BDD7063C2824E7C4ED6139","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software LLC, O=AMS Software LLC, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"885","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FastComputerOT.exe","isInstaller":"True","companyName":"AMS Software                                                ","fileVersion":"0.0","hashMD5":"092cb29cae53fb5c7cfa4f7110876638","hashSHA1":"5a4150bac1d72c9a23922210d48a3a794f2b377e","hashSHA256":"30e3858c7f596f8be3de21298d79f42e1f1fefdf932e65b4b8806476c68f4e9e","digitalCertThumbprint":"063091C0E731D1A159BE1FF07512C88469065948","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=hr@ams-soft.ru, CN=AMS SOFTWARE LLC, O=AMS SOFTWARE LLC, L=Yaroslavl, S=Yaroslavl Oblast, C=RU","sourceIndex":"885","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"appforwin software downloads","reference":"","landingPage":"https://fast-computer.su/","directDownloadingLink":"https://fast-computer.su/out_pages.php?out=FastComputerOT.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fast-computer.su/out_pages.php?out=FastComputerOT.exe","sourceIndex":"885"},{"howFound":"similar site for fast-computer.su","reference":"","landingPage":"http://ideal-pc.ru/","directDownloadingLink":"http://fast-computer.su/out_pages.php?out=FastComputerPS1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://fast-computer.su/out_pages.php?out=FastComputerPS1.exe","sourceIndex":"886"}],"sampleFiles":["230927/FastComputer-221104/4.0.0.806/Samples/FastComputerPS1.exe","230927/FastComputer-221104/4.0.0.806/Samples/Optim.exe","230927/FastComputer-221104/4.0.0.806/Samples/OptimAdmin.exe","230927/FastComputer-221104/4.0.0.806/Samples/FastComputerOT.exe"],"imageFiles":["230927/FastComputer-221104/4.0.0.806/Images/ACR-046/ACR-046_YandexOffer.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-055/YandexOffer.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-004/ACR-004_ScanResult.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-004/ACR-004_RegistryItems.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-004/ACR-004_IncompleteFix.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-003/ACR-004_ScanResult.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-003/ExaggeratedScanResult-1.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-003/RegistryAsErrors.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-155/YandexOffer.jpg"],"nonDeceptorImageFiles":["230927/FastComputer-221104/4.0.0.806/Images/ACR-035/Install.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-035/LandingPage_fastcomputer.su.jpeg","230927/FastComputer-221104/4.0.0.806/Images/ACR-035/LandingPage_ideal-pc.ru.jpeg","230927/FastComputer-221104/4.0.0.806/Images/ACR-037/About.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-037/NoPP.jpg","230927/FastComputer-221104/4.0.0.806/Images/ACR-037/LandingPage_fastcomputer.su.jpeg","230927/FastComputer-221104/4.0.0.806/Images/ACR-037/LandingPage_ideal-pc.ru.jpeg"],"guid":"34a26a53-87a1-4349-ab5a-c18253a18140_4.0.0.806_1","appID":"FastComputer-221104","dateAdded":"230927","deceptorType":"App","name":"Fast Computer","company":"AMS Software","version":"4.0.0.806","lastKnownStatus":"Deceptor:4.0.0.304;4.0.0.806","lastKnownDate":"230927","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,sold in bundle","lastUpdate":"2023-09-27T16:40:06.9991311+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":854},{"violations":{"ACR-055":"Accept and Decline options are not made obvious for the Offer that is not directly related to the main app.\n","ACR-059":"Inline Offer for VideoProc is not marked as an \"Offer\" or \"Optional Offer\".\nOffers that are not related to the main app are not marked as \"Optional Offer\" instead of identifying the offer as \"Recommended Software\" to install. \n","ACR-155":"The optional offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"5KPlayer.exe","companyName":"DearMob","fileVersion":"6.9","hashMD5":"d6fb8e23d5f41f506e1097debf88bfe4","hashSHA1":"0fe971fe7b7a8d28b6155e6759dbb413f7389d39","hashSHA256":"f2ec97f8435d1ceadd54a786fca4a73623950db9c099d5ddd7b28cf7ed1468ee","digitalCertThumbprint":"E122C1337C0DCAE9D48B776CCFD12A70C33F9CE8","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Digiarty Software, Inc.\", O=\"Digiarty Software, Inc.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"585","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"5kplayer-setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2b29e20fd511ce3b49dcea30617b74f2","hashSHA1":"88b4b0e07ad870d1ad3adeaef9686f2f4cf4b0d0","hashSHA256":"331cd19561aa85c86bfcdc1397cdf3e194a63b86ec98c62cc3da73f739607be5","digitalCertThumbprint":"DE4B180FD88760E7686847B6A8A5B1D33C2A0DB4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Digiarty Software, Inc.\", OU=Software, O=\"Digiarty Software, Inc.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"585","avBlockList":["Avast Premium Security (20240919)","AVG Internet Security (20240919)","Avira Internet Security (20240919)","Malwarebytes Premium (20240919)","McAfee Total Protection (20240919)","Norton Security (20240919)","Panda Dome (20240919)","Quick Heal Internet Security (20240919)","Sophos Home Premium (20240919)","SpyHunter5 (20240919)","Total AV Antivirus Pro (20240919)","VirIT eXplorer PRO (20240919)","Webroot SecureAnywhere (20240919)","Windows Defender (20240919)","FortectPremium (20240919)"],"avAllowList":["360 Total Security (20240919)","Bitdefender Internet Security (20240919)","COMODO Antivirus (20240919)","Dr.Web Security Space (20240919)","ESET Internet Security (20240919)","G DATA INTERNET SECURITY (20240919)","K7 Total Security (20240919)","Kaspersky Internet Security (20230221)","Trend Micro Internet Security (20240919)","VIPRE Advanced Security (20240919)","KasperskyPremium (20240919)"]},{"isRevoked":"False","fileName":"5kplayer-setup-230926.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a792461b4b7b7348efc344300726b36e","hashSHA1":"608dd0c501b71776012234f8a8b1a6e053ef2e32","hashSHA256":"3118cd222de1a4f971a1b915f44f4a379b950aaa4075ada47f6c0a566f080da0","digitalCertThumbprint":"E122C1337C0DCAE9D48B776CCFD12A70C33F9CE8","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Digiarty Software, Inc.\", O=\"Digiarty Software, Inc.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"585","avBlockList":["Avast Premium Security (20240905)","AVG Internet Security (20240905)","Avira Internet Security (20240905)","Norton Security (20240905)","Panda Dome (20240905)","Sophos Home Premium (20240905)","SpyHunter5 (20240905)","Total AV Antivirus Pro (20240905)","VirIT eXplorer PRO (20240905)","Webroot SecureAnywhere (20240905)","FortectPremium (20240905)"],"avAllowList":["360 Total Security (20240905)","Bitdefender Internet Security (20240905)","COMODO Antivirus (20240905)","Dr.Web Security Space (20240905)","ESET Internet Security (20240905)","G DATA INTERNET SECURITY (20240905)","K7 Total Security (20240905)","Kaspersky Internet Security (20231005)","Malwarebytes Premium (20240905)","McAfee Total Protection (20240905)","Quick Heal Internet Security (20240905)","Trend Micro Internet Security (20240905)","VIPRE Advanced Security (20240905)","Windows Defender (20240905)","KasperskyPremium (20240905)"]},{"isRevoked":"False","fileName":"5kplayer-setup_240723.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0cb8a509b925197bd4b94b4c835c8db9","hashSHA1":"b741c00855307aa3a8a3c52c651c2c8d969a4f78","hashSHA256":"02b4b6cd3a3a78cc764cb0ad573a9bce3ab0f1681d5e6926c9501e0ebcd7bbbb","digitalCertThumbprint":"E122C1337C0DCAE9D48B776CCFD12A70C33F9CE8","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Digiarty Software, Inc.\", O=\"Digiarty Software, Inc.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"585","avBlockList":["Avast Premium Security (20241001)","AVG Internet Security (20241001)","Avira Internet Security (20241001)","FortectPremium (20241001)","Norton Security (20241001)","Panda Dome (20241001)","Sophos Home Premium (20241001)","SpyHunter5 (20241001)","Total AV Antivirus Pro (20241001)","VirIT eXplorer PRO (20241001)","Webroot SecureAnywhere (20241001)"],"avAllowList":["360 Total Security (20241001)","Bitdefender Internet Security (20241001)","COMODO Antivirus (20241001)","Dr.Web Security Space (20241001)","ESET Internet Security (20241001)","G DATA INTERNET SECURITY (20241001)","K7 Total Security (20241001)","Malwarebytes Premium (20241001)","McAfee Total Protection (20241001)","Quick Heal Internet Security (20241001)","Trend Micro Internet Security (20241001)","VIPRE Advanced Security (20241001)","Windows Defender (20241001)","KasperskyPremium (20241001)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt search: player downloader for windows","reference":"","landingPage":"https://www.5kplayer.com","directDownloadingLink":"https://www.5kplayer.com/download/5kplayer-setup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.5kplayer.com/download/5kplayer-setup.exe","sourceIndex":"585"}],"sampleFiles":["230926/5KPlayer-230202/6.9.0.0/Samples/5KPlayer.exe","230926/5KPlayer-230202/6.9.0.0/Samples/5kplayer-setup.exe","230926/5KPlayer-230202/6.9.0.0/Samples/5kplayer-setup-230926.exe","230926/5KPlayer-230202/6.9.0.0/Samples/5kplayer-setup_240723.exe"],"imageFiles":["230926/5KPlayer-230202/6.9.0.0/Images/ACR-055/OptionalOffer1.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-055/OptionalOffer2.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-055/OptionalOffer3.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-059/InlineOffer.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-059/OptionalOffer1.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-059/OptionalOffer2.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-059/OptionalOffer3.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-155/OptionalOffer1.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-155/OptionalOffer2.jpg","230926/5KPlayer-230202/6.9.0.0/Images/ACR-155/OptionalOffer3.jpg"],"nonDeceptorImageFiles":[],"guid":"47ddd092-8dd8-4a35-8c1d-4fb952b061d0_6.9.0.0_1","appID":"5KPlayer-230202","dateAdded":"230926","deceptorType":"App","name":"5KPlayer","company":"DearMob, Inc.","version":"6.9.0.0","lastKnownStatus":"6.9.0.0","lastKnownDate":"240723","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","lastUpdate":"2024-07-23T17:45:37.6738002+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":856},{"violations":{"ACR-006":"The user is not informed of the offer providers' monetization approach.\n","ACR-010":"The app distributes deceptor applications. The offered app \"Carambis Cleaner\" interrupts the installation by showing non-consented offers.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Driver Updater\\dupdater.exe","companyName":"ROSTPAY LTD","productName":"Carambis Driver Updater","productVersion":"2.7.0.1436","fileVersion":"2.7.0.1436","hashMD5":"5c0bb39822aa92e5c78720c19646b6d7","hashSHA1":"8cf6a32e564b535c1f6e392225375f0579ac3b26","hashSHA256":"584b5b8041aa0d58008be765841ea4e46cfd29c15391da009256c49925a837cc","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"899","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"InstallerDU.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"Driver Updater","productVersion":"3.0.12","fileVersion":"3.0.12","hashMD5":"f900be3c848f2d595f512f03d996a004","hashSHA1":"43690c4df9ab60fa897d27bd627f946c46755023","hashSHA256":"6e40cdf3fcd3b3f554e8fb9d0f4a3f748c3b6a408fc0d5b0c23f6c8012de3466","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"899","avBlockList":["Avira Internet Security (20230420)","Bitdefender Internet Security (20230420)","ESET Internet Security (20230420)","K7 Total Security (20230420)","Kaspersky Internet Security (20230420)","Malwarebytes Premium (20230420)","McAfee Total Protection (20230420)","Norton Security (20230420)","Panda Dome (20230420)","Quick Heal Internet Security (20230420)","Sophos Home Premium (20230420)","SpyHunter5 (20230420)","Total AV Antivirus Pro (20230420)","VIPRE Advanced Security (20230420)","VirIT eXplorer PRO (20230420)","Webroot SecureAnywhere (20230420)","Windows Defender (20230420)"],"avAllowList":["360 Total Security (20230420)","Avast Premium Security (20230420)","AVG Internet Security (20230420)","COMODO Antivirus (20230420)","Dr.Web Security Space (20230420)","G DATA INTERNET SECURITY (20230420)","Trend Micro Internet Security (20230420)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (best driver update software)","landingPage":"https://www.carambis.com/programs/driver_updater.html","directDownloadingLink":"https://www.carambis.com/programs/driver_updater/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.carambis.com/programs/driver_updater/download.html","sourceIndex":"899"}],"sampleFiles":["230911/CarambisDriverUpdater-180222/2.7.0.1436/Samples/InstallerDU.exe"],"imageFiles":["230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-010/ACR-010.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-006/ACR-006.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-006/ACR-006_1.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-006/ACR-006_2.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-060/ACR-060.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-060/ACR-060_1.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-060/ACR-060_2.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-013/ACR-013.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-013/ACR-013_1.JPG","230911/CarambisDriverUpdater-180222/2.7.0.1436/Images/ACR-013/ACR-013_2.JPG"],"nonDeceptorImageFiles":[],"guid":"96fbeab9-3ad1-4029-b232-07c323bde569_2.7.0.1436_1","appID":"CarambisDriverUpdater-180222","dateAdded":"230911","deceptorType":"App","name":"Carambis Driver Updater","company":"Carambis (ROSTPAY LTD.)","version":"2.7.0.1436","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.4.3.1734,2.6.1328;2.7.0.1436","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-09-11T19:59:35.6244185+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":857},{"violations":{"ACR-004":"It says  that the app can update 1 driver but in the end, will ask  for  registration/ payment.\n","ACR-053":"Bundler had four offers no with ability to skip them.\n","ACR-165":"Recurring payment is not disclosed clearly about the time bound discount. \n"},"nonDeceptorViolations":{"ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"InstallerDU.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"c488c762d55f8beae5758348edeadecf","hashSHA1":"17edc884566de20ea1c1b0684284d7d47b3d646d","hashSHA256":"3b9e2b28ab325dfd46dc9061da46cb0312077efd987518994c4c75590b37a154","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2426","avBlockList":["360 Total Security (20200528)","Avast Premium Security (20200528)","AVG Internet Security (20200528)","Avira Internet Security (20200528)","Bitdefender Internet Security (20200528)","COMODO Antivirus (20200528)","Dr.Web Security Space (20200528)","ESET Internet Security (20200528)","G DATA INTERNET SECURITY (20200528)","K7 Total Security (20200528)","Malwarebytes Premium (20200528)","McAfee Total Protection (20200528)","Norton Security (20200528)","Panda Dome (20200528)","Quick Heal Internet Security (20200528)","Sophos Home Premium (20200528)","SpyHunter5 (20200528)","Tencent PC Manager (20200528)","Total AV Antivirus Pro (20200528)","Trend Micro Internet Security (20200528)","VIPRE Advanced Security (20200528)","VirIT eXplorer PRO (20200528)","Webroot SecureAnywhere (20200528)","Windows Defender (20200528)"],"avAllowList":["Kaspersky Internet Security (20200528)"]},{"isRevoked":"False","fileName":"dupdater.exe","companyName":"ROSTPAY LTD","fileVersion":"2.6","hashMD5":"023babd3324ed606d53c6575a8aba8cb","hashSHA1":"004ed8449fdeee5ed0ca32ccafd1550859ee5a4e","hashSHA256":"d96163446f5edad6143a65750401bb4764135fb7206417fc1a2e64b595f4fe98","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2426","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (best driver update software)","landingPage":"https://www.carambis.com/programs/driver_updater.html","directDownloadingLink":"http://du7.carambis.com/InstallerDU-2.6.0.1328.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du7.carambis.com/InstallerDU-2.6.0.1328.exe","sourceIndex":"2426"}],"sampleFiles":["200427/CarambisDriverUpdater-180222/2.6.0.1328/Samples/InstallerDU.exe","200427/CarambisDriverUpdater-180222/2.6.0.1328/Samples/dupdater.exe"],"imageFiles":["200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-053/CarambisDriverUpdater_Offers [1].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-053/CarambisDriverUpdater_Offers [2].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-053/CarambisDriverUpdater_Offers [3].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-053/CarambisDriverUpdater_Offers [4].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-165/CarambisDriverUpdater_Scan [6] Offer.png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-004/CarambisDriverUpdater_Scan [3].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-004/CarambisDriverUpdater_Scan [4].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-004/CarambisDriverUpdater_Scan [5].png","200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-004/CarambisDriverUpdater_Scan [6] Offer.png"],"nonDeceptorImageFiles":["200427/CarambisDriverUpdater-180222/2.6.0.1328/Images/ACR-099/CarambisDriverUpdater_About[1].png"],"guid":"96fbeab9-3ad1-4029-b232-07c323bde569_2.6.0.1328_1","appID":"CarambisDriverUpdater-180222","dateAdded":"230911","deceptorType":"App","name":"Carambis Driver Updater","company":"Carambis (ROSTPAY LTD.)","version":"2.6.0.1328","sigName":"Deceptor:Win32/CarambisDriverUpdater!004053165","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.4.3.1734,2.6.1328;2.7.0.1436","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-09-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":858},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-017":"Internal offer shows AVG Logo as a sign of trust, but the link leads to a 404 error\n","ACR-059":"Not clear this is an offer\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"InstallerDU-2.4.3.1734.exe","isInstaller":"True","companyName":"Carambis (ROSTPAY LTD.)","productName":"Carambis Installer","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"41a5522d43159204f905c03e90d95332","hashSHA1":"f142c9e95e1a75b5accb57ea078d6f9cb94c1e82","hashSHA256":"c940a9082a4f5faf595b0a1c9c815a1d3ff3377a5d97ec9882ecbaaeb17a46ee","digitalCertThumbprint":"D6CD80FD24D4F7D9C54304A51E018D6F02EEA235","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET=\"str. Dolomanovsky, 70D, office 1001\", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU","sourceIndex":"2582","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dupdater.exe","companyName":"ROSTPAY LTD","productName":"Carambis Driver Updater","productVersion":"2.4.3.1734","fileVersion":"2.4.3.1734","hashMD5":"28eb3716d4d8f2b382f6dfe8381f40b5","hashSHA1":"5ac1f889711a028d3ec0e4376bef4fd7366d9e36","hashSHA256":"6c9ea7e151c52db014fb4dad20297539a8b816f49b95eff7fa5a2f3088bd0ed9","digitalCertThumbprint":"D6CD80FD24D4F7D9C54304A51E018D6F02EEA235","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET=\"str. Dolomanovsky, 70D, office 1001\", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU","sourceIndex":"2582","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (best driver update software)","landingPage":"https://www.carambis.com/programs/driver_updater.html","directDownloadingLink":"http://du2.carambis.com/InstallerDU-2.4.3.1734.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du2.carambis.com/InstallerDU-2.4.3.1734.exe","sourceIndex":"2582"}],"sampleFiles":["180223/CarambisDriverUpdater-180222/2.4.3.1734/Samples/InstallerDU-2.4.3.1734.exe","180223/CarambisDriverUpdater-180222/2.4.3.1734/Samples/dupdater.exe"],"imageFiles":["180223/CarambisDriverUpdater-180222/2.4.3.1734/Images/ACR-050/ACR_084_SOFTWARE.PNG","180223/CarambisDriverUpdater-180222/2.4.3.1734/Images/ACR-017/ACR_099_INTERNAL_OFFERS.PNG","180223/CarambisDriverUpdater-180222/2.4.3.1734/Images/ACR-059/ACR-059 not clear an offer.png"],"nonDeceptorImageFiles":["180223/CarambisDriverUpdater-180222/2.4.3.1734/Images/ACR-099/ACR_099_SOFTWARE.PNG"],"guid":"96fbeab9-3ad1-4029-b232-07c323bde569_2.4.3.1734_1","appID":"CarambisDriverUpdater-180222","dateAdded":"230911","deceptorType":"App","name":"Carambis Driver Updater","company":"Carambis (ROSTPAY LTD.)","version":"2.4.3.1734","sigName":"Deceptor:Win32/CarambisDriverUpdater!017050059","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.4.3.1734,2.6.1328;2.7.0.1436","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-09-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":859},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"CarambisCleaner_Setup.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"Cleaner","productVersion":"3.0.12","fileVersion":"3.0.12","hashMD5":"670df27658fd35ce0845b60a9e652394","hashSHA1":"513e61ee80031f5e5acf7b69b53da467d9aff22a","hashSHA256":"7d14f2b885a0353f00e5a08e83f7ed701b3f4875765790eec05ba5aaed5e54f7","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"898","avBlockList":["360 Total Security (20230413)","Avira Internet Security (20230413)","Bitdefender Internet Security (20230413)","ESET Internet Security (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Quick Heal Internet Security (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VIPRE Advanced Security (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)"],"avAllowList":["Avast Premium Security (20230413)","AVG Internet Security (20230413)","COMODO Antivirus (20230413)","Dr.Web Security Space (20230413)","G DATA INTERNET SECURITY (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Trend Micro Internet Security (20230413)","Windows Defender (20230413)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.carambis.com/programs/cleaner.html","directDownloadingLink":"http://du2.carambis.com/InstallerCC-1.3.3.5315.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du2.carambis.com/InstallerCC-1.3.3.5315.exe","sourceIndex":"898"}],"sampleFiles":["230911/CarambisCleaner-171208/1.5.0.1240/Samples/CarambisCleaner_Setup.exe"],"imageFiles":["230911/CarambisCleaner-171208/1.5.0.1240/Images/ACR-060/ACR-060.JPG","230911/CarambisCleaner-171208/1.5.0.1240/Images/ACR-060/ACR-060_1.JPG","230911/CarambisCleaner-171208/1.5.0.1240/Images/ACR-013/ACR-013.JPG","230911/CarambisCleaner-171208/1.5.0.1240/Images/ACR-013/ACR-013_1.JPG"],"nonDeceptorImageFiles":[],"guid":"559a92d4-fcb9-45b3-afaa-7d8369bc89c4_1.5.0.1240_1","appID":"CarambisCleaner-171208","dateAdded":"230911","deceptorType":"App","name":"Carambis Cleaner","company":"ROSTPEI LTD","version":"1.5.0.1240","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.2;1.6.0.0;1.5.0.1240","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-09-11T20:00:18.7042784+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":860},{"violations":{"ACR-004":"App up sells service using free scan results but does not provide a fully function free trial. It asks for a subscription service payment to fix the items reported during free scan. \n","ACR-155":"Bundler-made offers are disguised as part of the install process and are pre-selected, prompting the consumer to click \"next\" and install the offers.\n"},"nonDeceptorViolations":{"ACR-065":"The bundler-made offers pages do not show links to the offers' EULA, and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-064":"Bundler-made offers pre-checked and are downloaded when the consumer clicks \"next\", possibly unaware of the offer.\n"},"samples":[{"isRevoked":"False","fileName":"InstallerCC-1.3.4.5326.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"1.6","hashMD5":"aeb1aaaae697968d8ac0b7176f6fd064","hashSHA1":"0bb98d8520e0aa3cf10ecfc310fdc0274b5b0def","hashSHA256":"1bb594b17ef9516cf5f395f84a9218456587669ee8ec5b6df8c72896f344038a","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2586","avBlockList":["Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Quick Heal Internet Security (20191209)","Sophos Home Premium (20191209)","Tencent PC Manager (20191209)","Trend Micro Internet Security (20191209)","VIPRE Advanced Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)"],"avAllowList":["360 Total Security (20191209)"]},{"isRevoked":"False","fileName":"cleaner.exe","fileVersion":"0.0","hashMD5":"fdf015792467f824589df3055ea08138","hashSHA1":"edd4bcf105ae92ac2990c9ab7bf688fc90467c3c","hashSHA256":"b36cd60c6593518d8108d4eb4d005a0ed3257c8f4dc6048b068702d380373875","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2586","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.carambis.com/programs/cleaner.html","directDownloadingLink":"https://www.carambis.com/programs/cleaner/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.carambis.com/programs/cleaner/download.html","sourceIndex":"2586"}],"sampleFiles":["190915/CarambisCleaner-171208/1.6.0.0/Samples/InstallerCC-1.3.4.5326.exe","190915/CarambisCleaner-171208/1.6.0.0/Samples/cleaner.exe"],"imageFiles":["190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-004/Carambis_acr_004.gif","190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-155/Carambis_bundler_offers.gif"],"nonDeceptorImageFiles":["190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-099/Screen Shot 2019-09-13 at 4.21.23 PM.png","190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-065/Carambis_bundler_offers.gif","190915/CarambisCleaner-171208/1.6.0.0/Images/ACR-064/Carambis_bundler_offers.gif"],"guid":"559a92d4-fcb9-45b3-afaa-7d8369bc89c4_1.6.0.0_1","appID":"CarambisCleaner-171208","dateAdded":"230911","deceptorType":"App","name":"Carambis Cleaner","company":"ROSTPEI LTD","version":"1.6.0.0","sigName":"Deceptor:Win32/CarambisCleaner!0040155","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.2;1.6.0.0;1.5.0.1240","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-09-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":861},{"violations":{"ACR-004":"App up sells service uses free scan result without providing full function free trial. It asks for subscription service payment to fix the items reported during free scan. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Carambis Cleaner.exe","isInstaller":"True","companyName":"ROSTPEI LTD","productName":"Carambis Cleaner","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"b3adc2f2fdcfb81d1625a08e9d9aed5b","hashSHA1":"fb776de0e43fe66a0e584ac4f7d882b2ebdbd9fc","hashSHA256":"059ee98dd3411dee7db7737360099723681df4803bd169d870d3a959656daad1","digitalCertThumbprint":"D6CD80FD24D4F7D9C54304A51E018D6F02EEA235","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"ROSTPEI LTD","sourceIndex":"2789","avBlockList":["Avast Internet Security (20190826)","AVG Internet Security (20190826)","Avira Internet Security (20190826)","Bitdefender Internet Security (20190826)","COMODO Antivirus (20190826)","Dr.Web Security Space (20190826)","ESET Internet Security (20190826)","G DATA INTERNET SECURITY (20190826)","K7 Total Security (20190826)","Kaspersky Internet Security (20190826)","Malwarebytes Premium (20190826)","McAfee Total Protection (20190826)","Norton Security (20190826)","Sophos Home Premium (20190826)","Tencent PC Manager (20190826)","Trend Micro Internet Security (20190826)","VIPRE Advanced Security (20190826)","VirIT eXplorer PRO (20190826)","Webroot SecureAnywhere (20190826)","Windows Defender (20190826)"],"avAllowList":["360 Total Security (20190826)","Panda Dome (20190729)","Quick Heal Internet Security (20190826)"]},{"isRevoked":"False","fileName":"InstallerCC-1.3.4.5326.exe","isInstaller":"True","companyName":"Carambis (ROSTPAY LTD.)","productName":"Carambis Cleaner","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"1c9a4eec5ca6878f0554f2c08399307c","hashSHA1":"36e802867eee31d23238b9eee4c6b0d63813e81c","hashSHA256":"e9743388c32e73df0861f6f125264689b0761bfacb2020f2ba0a2d52bb79d844","digitalCertThumbprint":"9195816A6BE82514AEA696D3F013C37216094385","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, S=Rostovskaya obl., C=RU","sourceIndex":"2789","avBlockList":["360 Total Security (20190826)","Avast Internet Security (20190826)","AVG Internet Security (20190826)","Avira Internet Security (20190826)","Bitdefender Internet Security (20190826)","COMODO Antivirus (20190826)","Dr.Web Security Space (20190826)","ESET Internet Security (20190826)","G DATA INTERNET SECURITY (20190826)","K7 Total Security (20190826)","Malwarebytes Premium (20190826)","McAfee Total Protection (20190826)","Norton Security (20190826)","Panda Dome (20190826)","Quick Heal Internet Security (20190826)","Sophos Home Premium (20190826)","Tencent PC Manager (20190826)","Trend Micro Internet Security (20190826)","VIPRE Advanced Security (20190826)","VirIT eXplorer PRO (20190826)","Windows Defender (20190826)"],"avAllowList":["Kaspersky Internet Security (20190826)","Webroot SecureAnywhere (20190826)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.carambis.com/programs/cleaner.html","directDownloadingLink":"http://du2.carambis.com/InstallerCC-1.3.3.5315.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du2.carambis.com/InstallerCC-1.3.3.5315.exe","sourceIndex":"2789"}],"sampleFiles":["190915/CarambisCleaner-171208/1.0.0.2/Samples/InstallerCC-1.3.3.5315.exe","190915/CarambisCleaner-171208/1.0.0.2/Samples/InstallerCC-1.3.4.5326.exe"],"imageFiles":["190915/CarambisCleaner-171208/1.0.0.2/Images/ACR-004/ACR-004.PNG"],"nonDeceptorImageFiles":[],"guid":"559a92d4-fcb9-45b3-afaa-7d8369bc89c4_1.0.0.2_1","appID":"CarambisCleaner-171208","dateAdded":"230911","deceptorType":"App","name":"Carambis Cleaner","company":"ROSTPEI LTD","version":"1.0.0.2","sigName":"Deceptor:Win32/CarambisCleaner!004","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230911","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.2;1.6.0.0;1.5.0.1240","lastKnownDate":"230911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-09-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":862},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self-signed Trusted Root Certificate that is installed.\n","ACR-048":"The app is unable to control (enable/disable) the scheduled task, startup entry, and the background process within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the self signed root certificate.\n","ACR-084":"The app attempts to run in the system tray after installation and also upon closing the app, thereby hiding the fact that it is active from the consumer without clearly notifying the user. It creates an undisclosed scheduled task and startup item to perform actions without the user's knowledge and consent. \n","ACR-103":"The app's primary function of blocking ads cannot be verified.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components and the root certificate on the device without the consumer's consent. \n","ACR-119":"The app retains its monetization components after uninstall.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of its self-signed Trusted Root Certificate.\n","ACR-123":"The app does not remove its root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\EasyAdBlocker\\cur\\weab.exe","companyName":"","productName":"Easy Ad Blocker","productVersion":"2.3.4.6","fileVersion":"2.3.4.6","hashMD5":"8fb1ff7748158755ad104cfc003070fc","hashSHA1":"41d2a997778ae6bc52fe73ca0d8a2229254cdc06","hashSHA256":"dc6716973bdf04c5a4fee6e408462b37a9cb43f6150f28c6ed2542eb34a4c9a4","digitalCertThumbprint":"FB79B7E4926CBB5D00C57C5A9E3F70785BFE6CED","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"INNOVA MEDIA internetne storitve d.o.o.","storeId":"","sourceIndex":"906","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyAdBlocker.exe","isInstaller":"True","companyName":"","productName":"installer","productVersion":"1.10.1.6","fileVersion":"1.10.1.6","hashMD5":"d1aa5fe81edb300e6ceefd29510932ec","hashSHA1":"db3ea2185ed19a4c466e01655abe0f3677acd43f","hashSHA256":"e927cb27f0c3a907232a809ed76e9bd8eadd6c2d02eab140782cbf4643d6317c","digitalCertThumbprint":"FB79B7E4926CBB5D00C57C5A9E3F70785BFE6CED","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"INNOVA MEDIA internetne storitve d.o.o.","storeId":"","sourceIndex":"906","avBlockList":["360 Total Security (20240222)","Avast Premium Security (20240222)","AVG Internet Security (20240222)","Avira Internet Security (20240222)","COMODO Antivirus (20240222)","G DATA INTERNET SECURITY (20240222)","K7 Total Security (20240222)","Malwarebytes Premium (20240222)","McAfee Total Protection (20240222)","Norton Security (20240222)","Panda Dome (20240222)","Quick Heal Internet Security (20240222)","Sophos Home Premium (20240222)","SpyHunter5 (20240222)","Total AV Antivirus Pro (20240222)","VirIT eXplorer PRO (20240222)","Webroot SecureAnywhere (20240222)"],"avAllowList":["Bitdefender Internet Security (20240222)","Dr.Web Security Space (20240222)","ESET Internet Security (20240222)","Kaspersky Internet Security (20240222)","Trend Micro Internet Security (20240222)","VIPRE Advanced Security (20240222)","Windows Defender (20240222)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: adblocker","reference":"","landingPage":"https://www.easyadblocker.com/windows/","directDownloadingLink":"https://www.easyadblocker.com/_release/EasyAdBlocker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.easyadblocker.com/_release/EasyAdBlocker.exe","sourceIndex":"906"}],"sampleFiles":["230906/EasyAdBlocker-230628/2.3.4.6/Samples/EasyAdBlocker.exe"],"imageFiles":["230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-043/ACR-043 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-043/ACR-043 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-043/ACR-043.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-007/ACR-007 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-007/ACR-007 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-007/ACR-007.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-084/ACR-084.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-084/ACR-084_1.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-084/ACR-084_2.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-103/ACR-103.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-042/ACR-042 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-042/ACR-042 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-042/ACR-042.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-048/ACR-048 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-048/ACR-048 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-048/ACR-048 (3).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-118/ACR-118.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-118/ACR-118_1.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-119/ACR-119.JPG"],"nonDeceptorImageFiles":["230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-045/ACR-045 (1).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-045/ACR-045 (2).JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-045/ACR-045.JPG","230906/EasyAdBlocker-230628/2.3.4.6/Images/ACR-123/ACR-123.JPG"],"guid":"2affeb59-1f0b-4bfc-8b76-ec6d6724438a_2.3.4.6_1","appID":"EasyAdBlocker-230628","dateAdded":"230906","deceptorType":"App","name":"Easy Ad Blocker","company":"Innova Media","version":"2.3.4.6","lastKnownStatus":"2.3.4.3;2.3.4.6","lastKnownDate":"230906","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2023-09-06T16:45:07.1551152+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":863},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self-signed Trusted Root Certificate that is installed.\n","ACR-048":"The app is unable to control (enable/disable) the scheduled tasks and startup entry within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the self signed root certificate.\n","ACR-084":"The app attempts to run in the system tray after installation, thereby hiding the fact that it is active from the consumer without clearly notifying the user. It creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"EasyAdBlocker.exe","isInstaller":"True","fileVersion":"1.9","hashMD5":"fd62a3510ff7da8ee3c376b4685b84aa","hashSHA1":"eb45d25ea3d8d18f7b26fa161864961819b9fed7","hashSHA256":"652102461417e05862d95b3fde78dd4fcebda3b3c9c19c25e8f089ada71404d1","digitalCertThumbprint":"FB79B7E4926CBB5D00C57C5A9E3F70785BFE6CED","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=INNOVA MEDIA internetne storitve d.o.o., O=INNOVA MEDIA internetne storitve d.o.o., S=Šempeter-Vrtojba, C=SI, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SI, SERIALNUMBER=6466885000","sourceIndex":"1014","avBlockList":["360 Total Security (20230914)","Avast Premium Security (20230914)","AVG Internet Security (20230914)","Avira Internet Security (20230914)","G DATA INTERNET SECURITY (20230914)","K7 Total Security (20230914)","McAfee Total Protection (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Quick Heal Internet Security (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","VirIT eXplorer PRO (20230914)"],"avAllowList":["Bitdefender Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","ESET Internet Security (20230914)","Kaspersky Internet Security (20230914)","Malwarebytes Premium (20230914)","Trend Micro Internet Security (20230914)","VIPRE Advanced Security (20230914)","Webroot SecureAnywhere (20230914)","Windows Defender (20230914)"]},{"isRevoked":"False","fileName":"weab.exe","fileVersion":"2.3","hashMD5":"00a18c0af41a20dc452c3c68ad9c5dd2","hashSHA1":"82ed0bd7e1f557152050f06e4cc1d4fa501e88c7","hashSHA256":"eef6d75463f0cf3cf66b21c6b512cd854e4047efd512fc142087110dca0e65e8","digitalCertThumbprint":"FB79B7E4926CBB5D00C57C5A9E3F70785BFE6CED","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=INNOVA MEDIA internetne storitve d.o.o., O=INNOVA MEDIA internetne storitve d.o.o., S=Šempeter-Vrtojba, C=SI, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SI, SERIALNUMBER=6466885000","sourceIndex":"1014","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: adblocker","reference":"","landingPage":"https://www.easyadblocker.com/","directDownloadingLink":"https://www.easyadblocker.com/_release/EasyAdBlocker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.easyadblocker.com/_release/EasyAdBlocker.exe","sourceIndex":"1014"}],"sampleFiles":["230705/EasyAdBlocker-230628/2.3.4.3/Samples/EasyAdBlocker.exe","230705/EasyAdBlocker-230628/2.3.4.3/Samples/weab.exe"],"imageFiles":["230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-043/TRC.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-043/TRC-1.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-007/TRC.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-007/TRC-1.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-084/TaskScheduler.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-042/TRC.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-042/TRC-1.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-048/Startup.png","230705/EasyAdBlocker-230628/2.3.4.3/Images/ACR-048/TaskScheduler.png"],"nonDeceptorImageFiles":[],"guid":"2affeb59-1f0b-4bfc-8b76-ec6d6724438a_2.3.4.3_1","appID":"EasyAdBlocker-230628","dateAdded":"230906","deceptorType":"App","name":"Easy Ad Blocker","company":"Innova Media","version":"2.3.4.3","lastKnownStatus":"2.3.4.3;2.3.4.6","lastKnownDate":"230906","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"mining","lastUpdate":"2023-09-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":864},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider \"https://www.az-partners.net/\" before obtaining user consent. (Please verify from your end)\n","ACR-048":"The app does not provide any control to remove its background process completely within the app's settings.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"The app attempts to run in the system tray after installation, thereby hiding the fact that it is active from the consumer without notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"screenshooter-install__337.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"ScreenShooter","productVersion":"3.0.13","fileVersion":"3.0.13","hashMD5":"09f57101d0cef507a7c3314b15fe958e","hashSHA1":"5b73fec5ce36dc0560b5d7bdf38cdcac1ad9e1ae","hashSHA256":"aa490525699ff6156e1a0c62744295e82be8c85493419a72422854540f1e7bfc","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1100","avBlockList":["360 Total Security (20230523)","Avira Internet Security (20230523)","Bitdefender Internet Security (20230523)","COMODO Antivirus (20230523)","Dr.Web Security Space (20230523)","ESET Internet Security (20230523)","G DATA INTERNET SECURITY (20230523)","K7 Total Security (20230523)","Kaspersky Internet Security (20230523)","Malwarebytes Premium (20230523)","McAfee Total Protection (20230523)","Norton Security (20230523)","Panda Dome (20230523)","Quick Heal Internet Security (20230523)","Sophos Home Premium (20230523)","SpyHunter5 (20230523)","Total AV Antivirus Pro (20230523)","VIPRE Advanced Security (20230523)","VirIT eXplorer PRO (20230523)","Webroot SecureAnywhere (20230523)"],"avAllowList":["Avast Premium Security (20230523)","AVG Internet Security (20230523)","Trend Micro Internet Security (20230523)","Windows Defender (20230523)"]}],"additionalFiles":[],"sources":[{"howFound":"ROSTPAY LTD apps","reference":"","landingPage":"https://www.screen-shooter.com/","directDownloadingLink":"https://www.screen-shooter.com/app/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.screen-shooter.com/app/download/init","sourceIndex":"1100"}],"sampleFiles":["230517/Screenshooter-230508/3.0.13/Samples/screenshooter-install__337.exe"],"imageFiles":["230517/Screenshooter-230508/3.0.13/Images/ACR-042/ACR-042.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-013/ACR-013.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-013/ACR-013_1.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-084/ACR-084.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-048/ACR-048.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-048/ACR-048_1.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-048/ACR-048_2.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-060/ACR-060.JPG","230517/Screenshooter-230508/3.0.13/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"2a195759-f669-41cf-b6fa-a22e4b3b205b_3.0.13_1","appID":"Screenshooter-230508","dateAdded":"230905","deceptorType":"App","name":"Screen Shooter","company":"ROSTPAY LTD","version":"3.0.13","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230905","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"3.0.13;2.2.2.1746","lastKnownDate":"230905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":866},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-057":"Different ways to accept or decline the offers. The first offer has reject and accept buttons. The second offer requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The option to accept the offer is pre-checked and requires the user to uncheck it if they don't want the offer.\n"},"samples":[{"isRevoked":"False","fileName":"multi_setup_4_0_1_cAV6m.exe","isInstaller":"True","companyName":"NBZ, OOO","fileVersion":"4.0","hashMD5":"d056067f00291d93b6b59841fa35a9eb","hashSHA1":"9619feef8e86e58a79ca7732cf7a8accfea0b271","hashSHA256":"b96d0506655d21ccd7b995ac1e83f5ac3d4dd2391139c7c533551a0c5d02e33a","digitalCertThumbprint":"75669216ABB0AB45CAEC1736B22B65FB20C4EC63","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=NBZ OOO, O=NBZ OOO, L=Saint Petersburg, S=Saint Petersburg, C=RU","sourceIndex":"909","avBlockList":["360 Total Security (20231003)","Avira Internet Security (20231003)","Bitdefender Internet Security (20231003)","Dr.Web Security Space (20231003)","ESET Internet Security (20231003)","G DATA INTERNET SECURITY (20231003)","K7 Total Security (20231003)","Kaspersky Internet Security (20231003)","Malwarebytes Premium (20231003)","McAfee Total Protection (20231003)","Norton Security (20231003)","Panda Dome (20231003)","Quick Heal Internet Security (20231003)","Sophos Home Premium (20231003)","SpyHunter5 (20231003)","Total AV Antivirus Pro (20231003)","VIPRE Advanced Security (20231003)","VirIT eXplorer PRO (20231003)","Webroot SecureAnywhere (20231003)"],"avAllowList":["Avast Premium Security (20231003)","AVG Internet Security (20231003)","COMODO Antivirus (20231003)","Trend Micro Internet Security (20231003)","Windows Defender (20231003)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://soft.mydiv.net/win/files-SopCast.html","directDownloadingLink":"https://msetup.pro/api/getbundle/?partner_apikey=e8da53a20eb8a50791232131098070d8&program_slug=sopcast","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://msetup.pro/api/getbundle/?partner_apikey=e8da53a20eb8a50791232131098070d8&program_slug=sopcast","sourceIndex":"909"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://download-msetup.net/nanosetup/multi_setup_4_0_1_cAV6m.exe","ipv4":"","ipv6":"","sourceIndex":"910"}],"sampleFiles":["230905/MyDivBundler-200706/4.0.1/Samples/multi_setup_4_0_1_cAV6m.exe"],"imageFiles":["230905/MyDivBundler-200706/4.0.1/Images/ACR-057/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-057/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-057/Multi_013_1.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-155/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-155/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-155/Multi_013_1.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-013/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-013/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-013/Multi_013_1.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-060/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-060/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-060/Multi_013_1.JPG"],"nonDeceptorImageFiles":["230905/MyDivBundler-200706/4.0.1/Images/ACR-054/Multi_013_3.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-054/Multi_013_2.JPG","230905/MyDivBundler-200706/4.0.1/Images/ACR-054/Multi_013_1.JPG"],"guid":"28733d57-3e74-40c8-8cb6-ec6e57c2e954_4.0.1_1","appID":"MyDivBundler-200706","dateAdded":"230905","deceptorType":"Bundler","name":"My Div Bundler","company":"NBZ OOO","version":"4.0.1","lastKnownStatus":"3.8.21;4.0.1","lastKnownDate":"230905","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-09-05T19:11:15.7584199+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":867},{"violations":{"ACR-047":"rejected offer is presented again during installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-057":"Different ways to accept or decline the offers. The first offer has reject and accept buttons. The second offer requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The option to accept the offer is pre-checked and requires the user to uncheck it if they don't want the offer.\n"},"samples":[{"isRevoked":"False","fileName":"multi_setup_3_8_20_cAV6m.exe","isInstaller":"True","companyName":"NBZ, OOO","fileVersion":"3.8","hashMD5":"500e970ece28c2392d3e59c69a8080b8","hashSHA1":"445cb08822781af7f0092daebf7861823ef6429c","hashSHA256":"d3fe70d9512009c7a9de90cecb9b9e7f5f64c86d90d4a59cf2b41f92d89508b2","digitalCertThumbprint":"75669216ABB0AB45CAEC1736B22B65FB20C4EC63","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=NBZ OOO, O=NBZ OOO, L=Saint Petersburg, S=Saint Petersburg, C=RU","sourceIndex":"926","avBlockList":["Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","COMODO Antivirus (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"","directDownloadingLink":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","sourceIndex":"926"}],"sampleFiles":["230807/MyDivBundler-200706/3.8.21/Samples/multi_setup_3_8_20_cAV6m.exe"],"imageFiles":["230807/MyDivBundler-200706/3.8.21/Images/ACR-047/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-047/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-057/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-057/Offer2.JPG","230807/MyDivBundler-200706/3.8.21/Images/ACR-057/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-155/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-155/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-013/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-013/Offer2.JPG","230807/MyDivBundler-200706/3.8.21/Images/ACR-013/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-060/Offer1_again.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-060/Offer2.JPG","230807/MyDivBundler-200706/3.8.21/Images/ACR-060/Offer1.jpg"],"nonDeceptorImageFiles":["230807/MyDivBundler-200706/3.8.21/Images/ACR-054/Offer1.jpg","230807/MyDivBundler-200706/3.8.21/Images/ACR-054/Offer1_again.jpg"],"guid":"28733d57-3e74-40c8-8cb6-ec6e57c2e954_3.8.21_1","appID":"MyDivBundler-200706","dateAdded":"230905","deceptorType":"Bundler","name":"My Div Bundler","company":"NBZ OOO","version":"3.8.21","lastKnownStatus":"3.8.21;4.0.1","lastKnownDate":"230905","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":868},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider \"https://www.az-partners.net/\" before obtaining user consent. (Please verify from your end)\n","ACR-048":"The app does not provide any control to quit the app and remove its background process completely within the app's settings.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"The app attempts to run in the system tray after installation, thereby hiding the fact that it is active from the consumer without clearly notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ScreenShooter\\ScreenShooter.exe","companyName":"","productName":"ScreenShooter","productVersion":"2.2.2.1746","fileVersion":"2.2.2.1746","hashMD5":"61c8908fb0f9f76951b99a017a809e75","hashSHA1":"18f27fd5a19c180ffec9fb4e58ba06ccdeadfb5d","hashSHA256":"9817c15b5ff652992a0f5ebb369814f34fa37afd1536eedac27031aa334c6255","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"908","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"screenshooter-install__337.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"ScreenShooter","productVersion":"3.1.0","fileVersion":"3.1.0","hashMD5":"6a9e344c2dc4f0ef4bbe68fd3916a322","hashSHA1":"d6a96a4d7d9cddbf60ad7266b438012945c6673d","hashSHA256":"8e76790b357f2a1ec52b91324861a16e72405c78b851cb50565ea1663baedcfb","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"908","avBlockList":["360 Total Security (20230704)","Avira Internet Security (20230704)","Bitdefender Internet Security (20230704)","COMODO Antivirus (20230704)","Dr.Web Security Space (20230704)","ESET Internet Security (20230704)","G DATA INTERNET SECURITY (20230704)","K7 Total Security (20230704)","Malwarebytes Premium (20230704)","Norton Security (20230704)","Panda Dome (20230704)","Quick Heal Internet Security (20230704)","Sophos Home Premium (20230704)","SpyHunter5 (20230704)","Total AV Antivirus Pro (20230704)","VIPRE Advanced Security (20230704)","VirIT eXplorer PRO (20230704)"],"avAllowList":["Avast Premium Security (20230704)","AVG Internet Security (20230704)","Kaspersky Internet Security (20230704)","McAfee Total Protection (20230704)","Trend Micro Internet Security (20230704)","Webroot SecureAnywhere (20230704)","Windows Defender (20230704)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.screen-shooter.com/","directDownloadingLink":"https://www.screen-shooter.com/app/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.screen-shooter.com/app/download/init","sourceIndex":"908"}],"sampleFiles":["230905/Screenshooter-230508/2.2.2.1746/Samples/screenshooter-install__337.exe"],"imageFiles":["230905/Screenshooter-230508/2.2.2.1746/Images/ACR-042/ACR-042.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-013/ACR-013.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-013/ACR-013_1.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-084/ACR-084.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-048/ACR-048.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-048/ACR-048_1.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-060/ACR-060.JPG","230905/Screenshooter-230508/2.2.2.1746/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":[],"guid":"2a195759-f669-41cf-b6fa-a22e4b3b205b_2.2.2.1746_1","appID":"Screenshooter-230508","dateAdded":"230905","deceptorType":"App","name":"Screen Shooter","company":"ROSTPAY LTD","version":"2.2.2.1746","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230905","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"3.0.13;2.2.2.1746","lastKnownDate":"230905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-09-06T04:33:09.7959409+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":865},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider \"https://www.az-partners.net/\" before obtaining user consent.\n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FileInfoApp.exe","companyName":"ROSTPAY LTD","fileVersion":"1.2","hashMD5":"750fec169c75863547399cf3f9460ab8","hashSHA1":"4cb74d981744e2d67e45dc88d8550d141bc7ab29","hashSHA256":"276a882c9fdfc2fa115486b406b4906da66c6fc36e5164844095d3fc2c70ecf0","digitalCertThumbprint":"B469AF63BEF0427875E65C3FE4FB50405597C70E","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, C=RU","sourceIndex":"907","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"file-info-install__13.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"7b970849c42df8d21fc48c900d93fd8c","hashSHA1":"11fa16094fa636b538213351fdc9db697c2f062d","hashSHA256":"8128f5b016565caec5576a6e38bee01fed2c6b4c6538d6d051c5543bd453aa93","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LTD, O=ROSTPAY LTD, STREET=\"Dolomanovsky lane, 70D 1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"907","avBlockList":["360 Total Security (20230620)","Avira Internet Security (20230620)","Bitdefender Internet Security (20230620)","Dr.Web Security Space (20230620)","ESET Internet Security (20230620)","G DATA INTERNET SECURITY (20230620)","K7 Total Security (20230620)","Malwarebytes Premium (20230620)","Norton Security (20230620)","Panda Dome (20230620)","Quick Heal Internet Security (20230620)","Sophos Home Premium (20230620)","SpyHunter5 (20230620)","Total AV Antivirus Pro (20230620)","VirIT eXplorer PRO (20230620)","Webroot SecureAnywhere (20230620)","Windows Defender (20230620)"],"avAllowList":["Avast Premium Security (20230620)","AVG Internet Security (20230620)","COMODO Antivirus (20230620)","Kaspersky Internet Security (20230620)","McAfee Total Protection (20230620)","Trend Micro Internet Security (20230620)","VIPRE Advanced Security (20230620)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Rostpay related apps","reference":"","landingPage":"https://www.softportal.com/software-45480-fileinfo.html","directDownloadingLink":"https://www.softportal.com/getsoft-45480-fileinfo-100.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softportal.com/getsoft-45480-fileinfo-100.html","sourceIndex":"907"}],"sampleFiles":["230905/FileInfo-230608/1.2.0.2474/Samples/FileInfoApp.exe","230905/FileInfo-230608/1.2.0.2474/Samples/file-info-install__13.exe"],"imageFiles":["230905/FileInfo-230608/1.2.0.2474/Images/ACR-042/ACR-042.png","230905/FileInfo-230608/1.2.0.2474/Images/ACR-013/OptionalOffer1.png","230905/FileInfo-230608/1.2.0.2474/Images/ACR-013/OptionalOffer2.png","230905/FileInfo-230608/1.2.0.2474/Images/ACR-060/OptionalOffer1.png","230905/FileInfo-230608/1.2.0.2474/Images/ACR-060/OptionalOffer2.png"],"nonDeceptorImageFiles":[],"guid":"398f1e07-8233-4f94-9ed5-7acfabfc503d_1.2.0.2474_1","appID":"FileInfo-230608","dateAdded":"230905","deceptorType":"App","name":"FileInfo","company":"ROSTPAY LTD.","version":"1.2.0.2474","firstVendorContactDate":"230901","firstAppEsteemReplyDate":"230901","firstResolvedDate":"230905","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"1.2.0.2474","lastKnownDate":"230905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-09-06T04:37:24.939031+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":870},{"violations":{"ACR-057":"Different ways to accept or decline the offers. The first offer has reject and accept buttons. The second offer requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The option to accept the offer is pre-checked and requires the user to uncheck it if they don't want the offer.\n"},"samples":[{"isRevoked":"False","fileName":"sopcast_msetup_[40689705].exe","isInstaller":"True","companyName":"NBZ LTD.","fileVersion":"1.4","hashMD5":"6dad8eb9460cd9794caab68d76cae9ec","hashSHA1":"82520cdaf8e6fb03d6b81756be08ce55b06d405b","hashSHA256":"0abf2303dc37fa9951601c226ab0a02184937888d3958ab8afdfa30ebd26993d","digitalCertThumbprint":"CA123839588E886D64D8994708E14CA480411DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NBZ LTD., O=NBZ LTD., STREET=\"d. 17 korp. 2 litera A ofis 606-2, ul. Beloostrovskaya\", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=197342, C=RU","sourceIndex":"2383","avBlockList":["Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","VirIT eXplorer PRO (20230919)","Webroot SecureAnywhere (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Tencent PC Manager (20200930)","Windows Defender (20230919)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://soft.mydiv.net/win/files-SopCast.html","directDownloadingLink":"https://msetup.pro/api/getbundle/?partner_apikey=e8da53a20eb8a50791232131098070d8&program_slug=sopcast","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://msetup.pro/api/getbundle/?partner_apikey=e8da53a20eb8a50791232131098070d8&program_slug=sopcast","sourceIndex":"2383"}],"sampleFiles":["200713/MyDivBundler-200706/1.4.6.0/Samples/sopcast_msetup_[40689705].exe"],"imageFiles":["200713/MyDivBundler-200706/1.4.6.0/Images/ACR-057/Screen Shot 2020-07-01 at 2.03.05 PM.png","200713/MyDivBundler-200706/1.4.6.0/Images/ACR-057/Screen Shot 2020-07-01 at 2.04.06 PM.png","200713/MyDivBundler-200706/1.4.6.0/Images/ACR-155/Screen Shot 2020-07-01 at 2.04.06 PM.png"],"nonDeceptorImageFiles":["200713/MyDivBundler-200706/1.4.6.0/Images/ACR-054/Screen Shot 2020-07-01 at 2.04.06 PM.png"],"guid":"28733d57-3e74-40c8-8cb6-ec6e57c2e954_1.4.6.0_1","appID":"MyDivBundler-200706","dateAdded":"230905","deceptorType":"Bundler","name":"My Div Bundler","company":"NBZ OOO","version":"1.4.6.0","sigName":"Deceptor:Win32/MyDivBundler!057155","lastKnownStatus":"3.8.21;4.0.1","lastKnownDate":"230905","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2023-09-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":869},{"violations":{"ACR-109":"The app drops all its components in the temp folder without the consumer's consent immediately after executing the installer. Also, the app silently installs \"PDFArchitect\" without disclosing its relationship to the app during installation or getting user consent.\n","ACR-042":"1. The \"PdfCreator\" components get dropped inmediately after executing the installer and silently installs \"PdfArchitect\" without asking the user's permission and disclosing it to the user.\n2. During install, the app communicate to sodapdf and playanext offer providers without disclosing in EULA\n","ACR-043":"The \"Pdf Creator\" components get dropped immediately after executing the installer and silently installs \"PdfArchitect\" without asking the user's permission and disclosing its relationship to the user\n","ACR-048":"The app does not provide an option to cancel installation\nThe app does not provide any control to close the app completely\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offer to silently install unrelated software\n","ACR-084":"The app's process runs silently in the background without user's knowledge and consent\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"PdfArchitect\" components on the device without the consumer's consent. \n","ACR-119":"The app retains the monetization components of \"PdfArchitect\" app on the device without the consumer's consent. \n","ACR-039":"The app silently installs \"PdfArchitect\" without disclosing its relationship to the app during installation.\n","ACR-155":"Offer is inserted into the install workflow to trick the consumer into installing the offer\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. How to cancel the auto-renewal easily via an online approach. 2. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-123":"The app retains all the \"PdfArchitect\" components and its scheduled tasks on the device even after uninstallation and reboot. \n","ACR-054":"The app does not provide an equal prominence between accept and decline options.\n"},"samples":[{"isRevoked":"False","fileName":"PDFCreator-5_1_2-Setup.exe","isInstaller":"True","companyName":"Avanquest pdfforge GmbH","productName":"PDFCreator","productVersion":"5.1.2","fileVersion":"5.1.2","hashMD5":"01c283988c93d390d4c81c38bf00abee","hashSHA1":"4315c9c1d1abd1d6bfc1ace76cb507bd1f0e6b5e","hashSHA256":"055f227facd235f2d552027ddb73cedac92ed76104b6f1411f2192a2cb507907","digitalCertThumbprint":"29D039D392F51A3242BD3029E70AC108A0712DC2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"pdfforge GmbH","storeId":"","sourceIndex":"912","avBlockList":["COMODO Antivirus (20230919)","ESET Internet Security (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","SpyHunter5 (20230919)","VirIT eXplorer PRO (20230919)"],"avAllowList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","Dr.Web Security Space (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","Total AV Antivirus Pro (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Webroot SecureAnywhere (20230919)","Windows Defender (20230919)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Offer provider","reference":"","landingPage":"https://www.pdfforge.org/pdfcreator","directDownloadingLink":"https://download.pdfforge.org/download/pdfcreator/PDFCreator-stable","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.pdfforge.org/download/pdfcreator/PDFCreator-stable","sourceIndex":"912"}],"sampleFiles":["230831/PDFCreator-230817/5.1.2.55291/Samples/PDFCreator-5_1_2-Setup.exe"],"imageFiles":["230831/PDFCreator-230817/5.1.2.55291/Images/ACR-109/ACR-109_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-109/ACR-109_Install_2.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-039/ACR-039_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-043/ACR-043_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-043/ACR-043_Install_2.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-042/ACR-042_Install_4.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-042/ACR-042_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-042/ACR-042_Install_2.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-048/ACR-048_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-013/ACR-013_Install_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-084/ACR-084_Software_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-048/ACR-048_Software_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-118/ACR-118_Uninstall_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-119/ACR-119_Uninstall_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-165/ACR-165_Internal offers_1.png"],"nonDeceptorImageFiles":["230831/PDFCreator-230817/5.1.2.55291/Images/ACR-123/ACR-123_Uninstall_1.png","230831/PDFCreator-230817/5.1.2.55291/Images/ACR-054/ACR-054_Bundler-made offers_1.png"],"guid":"dc44c3ba-6be8-4129-925d-fd74e3ae5252_5.1.2.55291_1","appID":"PDFCreator-230817","dateAdded":"230831","deceptorType":"App","name":"PDFCreator","company":"pdfforge GmbH","version":"5.1.2.55291","lastKnownStatus":"5.1.1.52491;5.1.2.55291","lastKnownDate":"230831","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-08-31T22:48:51.227507+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":871},{"violations":{"ACR-109":"The app drops all its components in the temp folder without the consumer's consent immediately after executing the installer. Also, the app silently installs \"PDFArchitect\" without disclosing its relationship to the app during installation or getting user consent.\n","ACR-042":"1. The \"PdfCreator\" components get dropped inmediately after executing the installer and silently installs \"PdfArchitect\" without asking the user's permission and disclosing it to the user.\n2. During install, the app communicate to sodapdf and playanext offer providers without disclosing in EULA\n","ACR-043":"The \"Pdf Creator\" components get dropped immediately after executing the installer and silently installs \"PdfArchitect\" without asking the user's permission and disclosing its relationship to the user\n","ACR-048":"The app does not provide an option to cancel installation\nThe app does not provide any control to close the app completely\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offer to silently install unrelated software\n","ACR-084":"The app's process runs silently in the background without user's knowledge and consent\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"PdfArchitect\" components on the device without the consumer's consent. \n","ACR-119":"The app retains the monetization components of \"PdfArchitect\" app on the device without the consumer's consent. \n","ACR-039":"The app silently installs \"PdfArchitect\" without disclosing its relationship to the app during installation.\n","ACR-155":"Offer is inserted into the install workflow to trick the consumer into installing the offer\n","ACR-165":"The app doesn't provide the following information in the shopping cart: 1. How to cancel the auto-renewal easily via an online approach. 2. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-123":"The app retains all the \"PdfArchitect\" components and its scheduled tasks on the device even after uninstallation and reboot. \n","ACR-054":"The app does not provide an equal prominence between accept and decline options.\n"},"samples":[{"isRevoked":"False","fileName":"PDFCreator-5_1_1-Setup.exe","isInstaller":"True","companyName":"Avanquest pdfforge GmbH","productName":"PDFCreator","productVersion":"5.1.1","fileVersion":"5.1.1","hashMD5":"0fb8c933f54e56df20807888c0439ad2","hashSHA1":"37e38e5ae9c10f4e4b7be09257b5cac52ab93c47","hashSHA256":"c874e2d65f84cc206c008760c50ccfac6ee6b5916fc9af251a3a6a3f34329f76","digitalCertThumbprint":"29D039D392F51A3242BD3029E70AC108A0712DC2","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"pdfforge GmbH","storeId":"","sourceIndex":"921","avBlockList":["ESET Internet Security (20230831)","Norton Security (20230831)","SpyHunter5 (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)"],"avAllowList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","COMODO Antivirus (20230831)","Dr.Web Security Space (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","Total AV Antivirus Pro (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","Windows Defender (20230831)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Offer provider","reference":"","landingPage":"https://www.pdfforge.org/pdfcreator","directDownloadingLink":"https://download.pdfforge.org/download/pdfcreator/PDFCreator-stable","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.pdfforge.org/download/pdfcreator/PDFCreator-stable","sourceIndex":"921"}],"sampleFiles":["230817/PDFCreator-230817/5.1.1.52491/Samples/PDFCreator-5_1_1-Setup.exe"],"imageFiles":["230817/PDFCreator-230817/5.1.1.52491/Images/ACR-109/ACR-109_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-109/ACR-109_Install_2.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-039/ACR-039_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-043/ACR-043_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-043/ACR-043_Install_2.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-042/ACR-042_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-042/ACR-042_Install_3.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-042/ACR-042_Install_2.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-048/ACR-048_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-013/ACR-013_Install_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-084/ACR-084_Software_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-048/ACR-048_Software_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-118/ACR-118_Uninstall_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-119/ACR-119_Uninstall_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-165/ACR-165_Internal offers_1.png"],"nonDeceptorImageFiles":["230817/PDFCreator-230817/5.1.1.52491/Images/ACR-123/ACR-123_Uninstall_1.png","230817/PDFCreator-230817/5.1.1.52491/Images/ACR-054/ACR-054_Bundler-made offers_1.png"],"guid":"dc44c3ba-6be8-4129-925d-fd74e3ae5252_5.1.1.52491_1","appID":"PDFCreator-230817","dateAdded":"230831","deceptorType":"App","name":"PDFCreator","company":"pdfforge GmbH","version":"5.1.1.52491","lastKnownStatus":"5.1.1.52491;5.1.2.55291","lastKnownDate":"230831","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-08-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":872},{"violations":{"ACR-042":"The app and its components get dropped in one click without obtaining user's permission and disclosing the installation path and allowing the user to change it.\n","ACR-006":"The browser performs connections to several links that is not clearly disclosed at installation before it redirects to a legitimate search engine making it appear like the search uses the legit one.\n","ACR-007":"The app's attribution on the main page is not clear. It redirects user searches to another search engine. The browser misleads consumers into thinking that it is a normal Chrome Browser by its similar appearance.\n","ACR-124":"Chromnius Browser cannot be uninstalled/removed from Control Panel.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"chromnius.exe","companyName":"Dragon Boss Solutions LLC","fileVersion":"118.0","hashMD5":"491d97b76786efae9bbaae63cd87326f","hashSHA1":"db3bcde21b9571f7ed93a47d8570f360e8cc2d5c","hashSHA256":"39553899cce552e5c3114bbe6ae45f71cbc6aa00142fd15997f7e5b134733027","sourceIndex":"915","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","companyName":"Chromnius Browser","fileVersion":"1.0","hashMD5":"a9e5c110940c6eea187fc326b6ec43c1","hashSHA1":"d614e568c6f0d3daafbebb25b7686bd0352b5c36","hashSHA256":"2ac198d58a53db4de1a59e3d001cfe8868d014460259ba1ca31e9afdfcfddbd9","digitalCertThumbprint":"925DE27A297B9C416C251935EFE64219F41EC0F5","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admin@dragonboss.com, CN=Dragon Boss Solutions LLC, O=Dragon Boss Solutions LLC, L=Sharjah, S=Sharjah, C=AE","sourceIndex":"915","avBlockList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","ESET Internet Security (20230919)","G DATA INTERNET SECURITY (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Quick Heal Internet Security (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","VirIT eXplorer PRO (20230919)"],"avAllowList":["Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Webroot SecureAnywhere (20230919)","Windows Defender (20230919)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.chromnius.com/","directDownloadingLink":"https://www.chromnius.com/download1/browser.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chromnius.com/download1/browser.php","sourceIndex":"915"}],"sampleFiles":["230830/Chromnius-230829/118.0.5951.0/Samples/chromnius.exe","230830/Chromnius-230829/118.0.5951.0/Samples/Setup.exe"],"imageFiles":["230830/Chromnius-230829/118.0.5951.0/Images/ACR-042/ACR-042.gif","230830/Chromnius-230829/118.0.5951.0/Images/ACR-042/Installation.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-006/Bing_redirection.mp4","230830/Chromnius-230829/118.0.5951.0/Images/ACR-006/Yahoo_redirection.mp4","230830/Chromnius-230829/118.0.5951.0/Images/ACR-006/Search.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-006/SearchSettings.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-007/Chromnius_browser.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-007/Bing_redirection.mp4","230830/Chromnius-230829/118.0.5951.0/Images/ACR-124/ACR124.jpg","230830/Chromnius-230829/118.0.5951.0/Images/ACR-124/ACR124-2.jpg"],"nonDeceptorImageFiles":[],"guid":"ffdff030-4fb2-48d6-8211-239c33ee1c5e_118.0.5951.0_1","appID":"Chromnius-230829","dateAdded":"230830","deceptorType":"App","name":"Chromnius","company":"Dragon Boss Solutions LLC","version":"118.0.5951.0","lastKnownStatus":"118.0.5951.0","lastKnownDate":"230830","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2023-08-30T23:19:30.7985153+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":873},{"violations":{"ACR-042":"1. On executing the installer, it directly installs the app and its components without asking any user's permission. \n2. The components related to \"Bright data\" are dropped even before obtaining the consumer's consent and permission \n","ACR-043":"1. The app drops components of \"Bright data\" even before the user agrees and consents.\n2. Before obtaining the user's consent, the app drops all the files inside the C:\\Users\\User\\AppData\\Roaming folder and launches the application immediately after executing the installer.\n3. The app drops \"FFmpeg\" components without any disclosure or user consent.\n","ACR-047":"The prompt regarding the \"Bright data\" appears whenever the app is launched even though it was declined earlier.\n","ACR-107":"The app drops the \"FFmpeg\" component without any disclosure and user's consent.\n","ACR-048":"The app does not provide control to remove the process or quit the app completely within the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection. \n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. When the app is launched manually, the system tray contains both \"8K Video Downloader\" and the bright data logo but the bright data logo seems to be greyed out and hidden  (Random behavior).\n","ACR-103":"The value propositions claimed in landing page don't exist in software as the software does not download any videos.\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://www.8kvideodownloader.com/pro): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\" without any disclosure.\n","ACR-092":"The app does not provide a digital signature for the installer (8k-video-downloader.exe) and the main executable (Youtube Downloader.exe).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\8K Video Downloader\\Youtube Downloader.exe","companyName":"","productName":"8K Video Downloader","productVersion":"14.0","fileVersion":"14.0","hashMD5":"95847fb3129ade18e2745dfa713bafe2","hashSHA1":"9ae7cf84645db9413b05926109e69601965ada79","hashSHA256":"e04b9f27ddf290038b360ce37752ec2fb8cb137cd14e396c65445127cc32e5a5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1632","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"8kvideodownloaderSetup.exe","isInstaller":"True","companyName":"8K Video Downloader","productName":"8K Video Downloader","productVersion":"14.0","fileVersion":"14.0","hashMD5":"dd2906bd3819d2e05985467f12047354","hashSHA1":"16f86326851128d9ab24cd20d35dd88967ba47e1","hashSHA256":"7f5a90b6ea65f0acfe5c0f73d7af0cdd284ae8fd8af3b050730404a493e6e493","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1632","avBlockList":["360 Total Security (20230907)","Avast Premium Security (20230907)","AVG Internet Security (20230907)","Avira Internet Security (20230907)","COMODO Antivirus (20230907)","ESET Internet Security (20230907)","G DATA INTERNET SECURITY (20230907)","K7 Total Security (20230907)","Kaspersky Internet Security (20230907)","Malwarebytes Premium (20230907)","McAfee Total Protection (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Quick Heal Internet Security (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","Trend Micro Internet Security (20230907)","VirIT eXplorer PRO (20230907)","Webroot SecureAnywhere (20230907)","Windows Defender (20230907)"],"avAllowList":["Bitdefender Internet Security (20230907)","Dr.Web Security Space (20230907)","Tencent PC Manager (20220503)","VIPRE Advanced Security (20230907)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.8kvideodownloader.com/","directDownloadingLink":"https://www.8kvideodownloader.com/setups/8k-video-downloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.8kvideodownloader.com/setups/8k-video-downloader.exe","sourceIndex":"1632"}],"sampleFiles":["220428/8Kvideodownloader-220428/14.0/Samples/8kvideodownloaderSetup.exe"],"imageFiles":["220428/8Kvideodownloader-220428/14.0/Images/ACR-043/ACR-043_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-043/ACR-043_Install_1.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-043/ACR-043_Install_2.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-107/ACR-107_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-042/ACR-042_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-042/ACR-042_Install_1.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-007/ACR-007_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-084/ACR-084_Software.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-084/ACR-084_Software_1.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-103/ACR-103_Software.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-048/ACR-048_Software_1.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-047/ACR-047_InbundleOffers.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-165/ACR-165_InternalOffers.JPG"],"nonDeceptorImageFiles":["220428/8Kvideodownloader-220428/14.0/Images/ACR-040/ACR-040_Install.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-092/ACR-092_Software.JPG","220428/8Kvideodownloader-220428/14.0/Images/ACR-092/ACR-092_Software_1.JPG"],"guid":"56110df6-6e88-4571-82e5-058b3f7b37fe_14.0_1","appID":"8Kvideodownloader-220428","dateAdded":"230817","deceptorType":"App","name":"8K Video Downloader","company":"8K Video Downloader","version":"14.0","lastKnownStatus":"14.0;15.0","lastKnownDate":"230817","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-08-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":876},{"violations":{"ACR-004":"The app uses an alarming red color and traffic light bar to display damage status for scan results to raise sense of urgency to the user. The application only cleans 500MB off of the scan list, then it requires the user to subscribe to clean other items found during scan.\n"},"nonDeceptorViolations":{"ACR-161":"Internal Offer shows endorsements that don't have links back to the original source and therefore cannot be verified. \n"},"samples":[{"isRevoked":"False","fileName":"DiskCleaner.exe","companyName":"Simnet Ltd.                                                 ","fileVersion":"0.0","hashMD5":"67bf0e063fa2205ddfbc5c2bddbd7c32","hashSHA1":"d7ef49a24bbe6cb61633af476e05daa5663acdf0","hashSHA256":"f09d7044bf3d41713cb2c4071a17eeebae1b073f54cacb2df1075b70e0db7128","digitalCertThumbprint":"4C6F54803A0F2ACAF1972FE7AB16177DF5F30756","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., L=Istanbul, S=Istanbul, C=TR","sourceIndex":"919","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Launcher.exe","companyName":"Simnet Ltd.                                                 ","fileVersion":"0.0","hashMD5":"8676ea31b9c3d758dae322d032c6b4c4","hashSHA1":"0f2214a760ad23e6f4bb3a794581411d9fa401b9","hashSHA256":"b7d31c393121b11949a581af77a5455638b0358860ea0819cd7acca4b8b1cf94","digitalCertThumbprint":"4C6F54803A0F2ACAF1972FE7AB16177DF5F30756","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., L=Istanbul, S=Istanbul, C=TR","sourceIndex":"919","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SimnetDiskCleaner2011.exe","isInstaller":"True","companyName":"Simnet Ltd.                                                 ","fileVersion":"0.0","hashMD5":"917fc8fdc0b0ac2ce384f0bbe9f659fa","hashSHA1":"a36ea1a5c285a693df22b67cb184ffff5b29ba6e","hashSHA256":"5ef7183be26f0e011a151f051a9046cdb3ce10da9017b9c0465c6b0e11c4b8e3","digitalCertThumbprint":"4C6F54803A0F2ACAF1972FE7AB16177DF5F30756","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti., L=Istanbul, S=Istanbul, C=TR","sourceIndex":"919","avBlockList":["Avast Premium Security (20230907)","AVG Internet Security (20230907)","Avira Internet Security (20230907)","Dr.Web Security Space (20230907)","ESET Internet Security (20230907)","K7 Total Security (20230907)","Malwarebytes Premium (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","VirIT eXplorer PRO (20230907)","Webroot SecureAnywhere (20230907)"],"avAllowList":["360 Total Security (20230907)","Bitdefender Internet Security (20230907)","COMODO Antivirus (20230907)","G DATA INTERNET SECURITY (20230907)","Kaspersky Internet Security (20230907)","McAfee Total Protection (20230907)","Quick Heal Internet Security (20230907)","Trend Micro Internet Security (20230907)","VIPRE Advanced Security (20230907)","Windows Defender (20230907)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://simnetsoftware.com/products/simnet-disk-cleaner.html","directDownloadingLink":"https://download.cnet.com/Simnet-Disk-Cleaner-2011/3001-2086_4-75220727.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cnet.com/Simnet-Disk-Cleaner-2011/3001-2086_4-75220727.html","sourceIndex":"919"}],"sampleFiles":["230817/SimnetDiskCleaner-230816/3.1.1.4/Samples/DiskCleaner.exe","230817/SimnetDiskCleaner-230816/3.1.1.4/Samples/Launcher.exe","230817/SimnetDiskCleaner-230816/3.1.1.4/Samples/SimnetDiskCleaner2011.exe"],"imageFiles":["230817/SimnetDiskCleaner-230816/3.1.1.4/Images/ACR-004/ACR-004_ScanResult.jpg","230817/SimnetDiskCleaner-230816/3.1.1.4/Images/ACR-004/ACR-004_Clean.jpg","230817/SimnetDiskCleaner-230816/3.1.1.4/Images/ACR-004/ACR-AfterClean.jpg"],"nonDeceptorImageFiles":["230817/SimnetDiskCleaner-230816/3.1.1.4/Images/ACR-161/SimnetDiskCleaner_InternalOffer.jpeg"],"guid":"078cd47f-0c5b-4cc7-8cef-9653986ddb2b_3.1.1.4_1","appID":"SimnetDiskCleaner-230816","dateAdded":"230817","deceptorType":"App","name":"Simnet Disk Cleaner","company":"Simnet Ltd.","version":"3.1.1.4","lastKnownStatus":"3.1.1.4","lastKnownDate":"230817","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-08-17T21:31:18.2052385+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":874},{"violations":{"ACR-042":"1. On executing the installer, it directly installs the app and its components without asking any user's permission. \n2. The components related to \"Bright data\" are dropped even before obtaining the consumer's consent and permission \n","ACR-043":"1. The app drops components of \"Bright data\" even before the user agrees and consents.\n2. Before obtaining the user's consent, the app drops all the files inside the C:\\Users\\User\\AppData\\Roaming folder and launches the application immediately after executing the installer.\n3. The app drops \"FFmpeg\" components without any disclosure or user consent.\n","ACR-047":"The prompt regarding the \"Bright data\" appears whenever the app is launched even though it was declined earlier.\n","ACR-107":"The app drops the \"FFmpeg\" component without any disclosure and user's consent.\n","ACR-048":"The app does not provide control to remove the process or quit the app completely within the app's settings.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. When the app is launched manually, the system tray contains both \"8K Video Downloader\" and the bright data logo but the bright data logo seems to be greyed out and hidden.\n","ACR-103":"The value propositions claimed in landing page don't exist in software as the software does not download any videos.\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://www.8kvideodownloader.com/pro): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\" without any disclosure.\n","ACR-092":"The app does not provide a digital signature for the installer (8k-video-downloader.exe) and the main executable (Youtube Downloader.exe).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\8K Video Downloader\\Youtube Downloader.exe","companyName":"","productName":"8K Video Downloader","productVersion":"15.0","fileVersion":"15.0","hashMD5":"c0e0ecbc8f9bc6dd5a7b89c6480b5e5b","hashSHA1":"4aa2c13a5e4cd22cb696d4ebf5c49783a253d4f9","hashSHA256":"aa197108f96ae4cc88a0d2ba8759b4713dbc07810948e77c418369a0719f3ee3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"922","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"8k-video-downloader.exe","isInstaller":"True","companyName":"8K Video Downloader","productName":"8K Video Downloader","productVersion":"15.0","fileVersion":"15.0","hashMD5":"f9ef94db90fe348617759a1369327601","hashSHA1":"418982cf57b6e82ec9a757791c6d122479e8d49a","hashSHA256":"ebb8222a4eab7df4f915dd6d7c5eb4eef523cc3a13ddfd3d2b535f1e53ea38cb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"922","avBlockList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","COMODO Antivirus (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)","Windows Defender (20230831)"],"avAllowList":["Dr.Web Security Space (20230831)","Tencent PC Manager (20220519)"]},{"isRevoked":"False","fileName":"8k-video-downloader_230814.exe","isInstaller":"True","companyName":"8K Video Downloader","fileVersion":"15.0","hashMD5":"bf78237204cb5434de085dae8a5d3d41","hashSHA1":"95f4c1c23f74affa43821dc2002b9cbd5e63a770","hashSHA256":"8ede662c636aef00de5fb6140d2eff92b44a83b02d84c30021151f23f0cb1450","sourceIndex":"922","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"8k-video-downloader_230814_1.exe","isInstaller":"True","companyName":"8K Video Downloader","fileVersion":"15.0","hashMD5":"f1028c6f89771851d66ce87fc87362d3","hashSHA1":"8f3323ea9bde56f48930170a7810c46d28a9d15d","hashSHA256":"d7d3fe5e5377c1c754914318ac468ce9eb176abf46470fc9b72fe4826c7aff9d","sourceIndex":"922","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"hd-youtube-downloader-free.exe","isInstaller":"True","companyName":"8K Video Downloader","fileVersion":"15.0","hashMD5":"68b3a89b8c8beb998ad4186f3614070f","hashSHA1":"7287b6e3e6ae5c756f55788647d4502f1602975f","hashSHA256":"d6ddeb6086deb82667e072c370966f406a13d3f8ea4106f30dbd0e9b76be2a90","sourceIndex":"922","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ytd-downloader.exe","isInstaller":"True","companyName":"8K Video Downloader","fileVersion":"15.0","hashMD5":"5063476f26ac96a432bc18d35154dfdf","hashSHA1":"fbeece891896999f25fdcb9f6bd28e298a17dc54","hashSHA256":"2373e98a83fc12b3ce609de5d366f1e26860e73e4ad0e66ff29ea7ad93e51532","sourceIndex":"922","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.8kvideodownloader.com/","directDownloadingLink":"https://www.8kvideodownloader.com/setups/8k-video-downloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.8kvideodownloader.com/setups/8k-video-downloader.exe","sourceIndex":"922"}],"sampleFiles":["230817/8Kvideodownloader-220428/15.0/Samples/8k-video-downloader.exe","230817/8Kvideodownloader-220428/15.0/Samples/8k-video-downloader_230814.exe","230817/8Kvideodownloader-220428/15.0/Samples/8k-video-downloader_230814_1.exe","230817/8Kvideodownloader-220428/15.0/Samples/hd-youtube-downloader-free.exe","230817/8Kvideodownloader-220428/15.0/Samples/ytd-downloader.exe"],"imageFiles":["230817/8Kvideodownloader-220428/15.0/Images/ACR-043/ACR-043_Install.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-043/ACR-043_Install_1.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-043/ACR-043_Install_2.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-107/ACR-107_Install.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-042/ACR-042_Install.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-042/ACR-042_Install_1.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-084/ACR-084_Software.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-084/ACR-084_Software_1.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-103/ACR-103_Software.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-047/ACR-047_In-bundle offers.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-165/ACR-165_InternalOffers.jpg"],"nonDeceptorImageFiles":["230817/8Kvideodownloader-220428/15.0/Images/ACR-040/ACR-040_Install.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-092/ACR-092_Software.JPG","230817/8Kvideodownloader-220428/15.0/Images/ACR-092/ACR-092_Software_1.JPG"],"guid":"56110df6-6e88-4571-82e5-058b3f7b37fe_15.0_1","appID":"8Kvideodownloader-220428","dateAdded":"230817","deceptorType":"App","name":"8K Video Downloader","company":"8K Video Downloader","version":"15.0","lastKnownStatus":"14.0;15.0","lastKnownDate":"230817","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-08-17T12:19:47.897255+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":875},{"violations":{"ACR-043":"lum_sdk.dll is dropped without disclosing during installation process and its EULA \"You will be able to view the component details in full before you accept this offer, as well as being able to turn Bright Data on and off directly from the 'App Settings'. Read more about Bright Data's EULA here <https://brightdata.com/legal/sdk-eula>\"\n","ACR-046":"The user interface of the app seems to have a \"High Contrast Theme\" which makes it difficult for the consumer to find required disclosures and options.\n","ACR-048":"The app does not provide any control to disable the startup it created.\n","ACR-010":"Application propagate fake likes/views for the video clips.\n","ACR-084":"1. The app creates a startup item without the user's knowledge and consent. \n2.  There is no icon on the system tray to indicate Bright Data function is running in the background when Bright Data services are enabled.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide a digital signature for its executables.\n"},"samples":[{"isRevoked":"False","fileName":"AIO SMM Bot.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"99ee5bb2ec8d06db7375455dcec870d7","hashSHA1":"f2d15080b996f32fe24a631613301504e8f6b274","hashSHA256":"2198c3f76bae1924dae222e616bcc866cee30bc9231ab6226b42e438558e0e61","digitalCertThumbprint":"NA","sourceIndex":"260","avBlockList":["360 Total Security (20230919)","Avast Premium Security (20230919)","AVG Internet Security (20230919)","Avira Internet Security (20230919)","ESET Internet Security (20230919)","K7 Total Security (20230919)","Kaspersky Internet Security (20230919)","Norton Security (20230919)","Panda Dome (20230919)","Sophos Home Premium (20230919)","SpyHunter5 (20230919)","Total AV Antivirus Pro (20230919)","VirIT eXplorer PRO (20230919)"],"avAllowList":["Bitdefender Internet Security (20230919)","COMODO Antivirus (20230919)","Dr.Web Security Space (20230919)","G DATA INTERNET SECURITY (20230919)","Malwarebytes Premium (20230919)","McAfee Total Protection (20230919)","Quick Heal Internet Security (20230919)","Trend Micro Internet Security (20230919)","VIPRE Advanced Security (20230919)","Webroot SecureAnywhere (20230919)","Windows Defender (20230919)"]},{"isRevoked":"False","fileName":"AIO SMM Tool.exe","productName":"cs_winform_anycpu","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"abddc3b81b5e99c7fbfd453c3a4693cf","hashSHA1":"a0201048b01765906e74ad75ce58164b8a7c0cae","hashSHA256":"453b813c71486919b1dc8f14b091ea2a390f030298c08115a2286633aafd1fa7","digitalCertThumbprint":"NA","sourceIndex":"260","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VT search by certified appname","reference":"","landingPage":"https://hqtools.xyz/index.html","directDownloadingLink":"https://api.rypr.io/files/download?id=ff3a6312-83c5-47af-881e-64ae35f6f8f4","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://api.rypr.io/files/download?id=ff3a6312-83c5-47af-881e-64ae35f6f8f4","sourceIndex":"260"}],"sampleFiles":["230803/AIOSMMBot-230802/0.0.2/Samples/AIO SMM Bot.msi"],"imageFiles":["230803/AIOSMMBot-230802/0.0.2/Images/ACR-043/ACR-043_Install_1.png","230803/AIOSMMBot-230802/0.0.2/Images/ACR-046/ACR-046.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-084/ACR-084.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-084/ACR-084_1.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-084/ACR-084_2.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-048/ACR-048_1.JPG","230803/AIOSMMBot-230802/0.0.2/Images/ACR-010/ACR-010_Software_1.png"],"nonDeceptorImageFiles":["230803/AIOSMMBot-230802/0.0.2/Images/ACR-092/ACR-092.JPG"],"guid":"15c0e822-f6e8-4fb8-a13b-41e68b2e9a8e_0.0.2_1","appID":"AIOSMMBot-230802","dateAdded":"230803","deceptorType":"App","name":"AIO SMM Bot","company":"HQTools.xyz","version":"0.0.2","lastKnownStatus":"0.0.2","lastKnownDate":"241231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-12-31T23:19:59.1247981+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":877},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding a self signed Trusted Root Certificate that is installed.\n","ACR-048":"The app does not provide any control to close the app completely within the app's settings. When the app is minimized or closed it hides itself in the system tray.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the self signed trusted root certificate.\n","ACR-017":"Norton Secured Logo on the cart page returns error message \"Hmm...Can't reach this page\" https://store.payproglobal.com/checkout?products[1][id]=57067&language=en&alwaysgoogle=TRUE&&x-referral=undefined&adlcinfo=585b32102494eb8b0ec71d55453bc1b680d3d55e&adllid=MNlP6yvCy5&prch=1&coupon-code-to-add=mult_5y_off_70\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without notification to user that it is active.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of its self signed Trusted Root Certificate.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\AdLock.exe","companyName":"Hankuper s.r.o.","productName":"AdLock for Windows","productVersion":"2.1.4.4","fileVersion":"2.1.4.4","hashMD5":"6cf4bc23e3b57a189b10947e07b18b57","hashSHA1":"9ace052ff950692d12c62fb9c98f26ff8f5e4581","hashSHA256":"b4bc1db72e1c49a5246106e6f0b4d00586c0136a12514f7d523572d332e02a4d","digitalCertThumbprint":"AB33B55E06D73933AD7F0F780540B11E8FA4B2FB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"931","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Adlock_Installer.exe","isInstaller":"True","companyName":"Hankuper s.r.o.                                             ","productName":"AdLock                                                      ","productVersion":"2.1.4.4                                           ","fileVersion":"2.1.4.4             ","hashMD5":"707a575f977b4b7f0aa2986533610832","hashSHA1":"06709f6de863487c3b236618560009e6d5760838","hashSHA256":"e08578ec7c7f4e029e3f9e117588288bdab2fcc42aba7d04afdc0c60b2daab0a","digitalCertThumbprint":"AB33B55E06D73933AD7F0F780540B11E8FA4B2FB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"931","avBlockList":["360 Total Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","ESET Internet Security (20230921)","K7 Total Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["Avast Premium Security (20230921)","AVG Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","G DATA INTERNET SECURITY (20230921)","Kaspersky Internet Security (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"Ad blocker program","reference":"change DNS, add cert","landingPage":"https://adlock.com/","directDownloadingLink":"https://adlock.com/exe/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adlock.com/exe/","sourceIndex":"931"}],"sampleFiles":["230802/AdLock-220817/2.1.4.4/Samples/Adlock_Installer.exe"],"imageFiles":["230802/AdLock-220817/2.1.4.4/Images/ACR-043/ACR-043_Install_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-042/ACR-042_Install_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-007/ACR-007_Install_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-084/ACR-084_Software_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-048/ACR-048_Software_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-017/ACR-017_Internal offers_1.png"],"nonDeceptorImageFiles":["230802/AdLock-220817/2.1.4.4/Images/ACR-040/ACR-040_Install_1.png","230802/AdLock-220817/2.1.4.4/Images/ACR-045/ACR-045_Install_1.png"],"guid":"2ae0496b-35dc-4595-b7cc-f4130894f708_2.1.4.4_1","appID":"AdLock-220817","dateAdded":"230802","deceptorType":"App","name":"AdLock","company":"AdLock","version":"2.1.4.4","lastKnownStatus":"Deceptor:2.1.2.3;2.1.3.4;2.1.4.4","lastKnownDate":"230802","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2023-08-02T20:52:24.3059171+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":878},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding a self signed Trusted Root Certificate that is installed.\n","ACR-048":"The app does not provide any control to close the app completely within the app's settings. When the app is minimized or closed it hides itself in the system tray.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without notification to user that it is active.\n","ACR-118":"When the consumer attempts to completely uninstall the app, the Trusted Root certificate was retained on the device without the consumer's consent or notifying the user. (Couldn't replicate, please check)\n","ACR-165":"The app does not provide detailed information about when users receive notification for renewal and the price amount after the time-bound discount expires on the shopping cart (https://adlock.com/purchase/)\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of its self signed Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted Root certificate and its own startup entry even after uninstalling. (Couldn't replicate it, please check)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\AdLock.exe","companyName":"Hankuper s.r.o.","productName":"AdLock for Windows","productVersion":"2.1.3.4","fileVersion":"2.1.3.4","hashMD5":"59940e2b13105aa7540f9bbaa090f985","hashSHA1":"db06eb72bd2d7d66503dbf01eff50fe947782d87","hashSHA256":"6a8bba0989f100b3460b84b9042eb415d1f1fe123526cd2f53bf1c43f0d142b4","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1162","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\AdlockService.exe","companyName":"Hankuper s.r.o.","productName":"AdLock Service for Windows","productVersion":"2.1.3.4","fileVersion":"2.1.3.4","hashMD5":"925418076052a5746426e6dde55dc16f","hashSHA1":"98f5b2b76480342da8f5c28824219ed1998aa615","hashSHA256":"ff4d87a2de255ab02d03641360f248d6349437be9db882bd83580f5bbe10ec2d","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1162","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Adlock_Installer.exe","isInstaller":"True","companyName":"Hankuper s.r.o.                                             ","productName":"AdLock                                                      ","productVersion":"2.1.3.4                                           ","fileVersion":"2.1.3.4             ","hashMD5":"64449d74a7e7e59adf9a22ef543bb895","hashSHA1":"cf326590cedd8e892ace5dde235edbe4820e54cb","hashSHA256":"4afdd882e03031512be016c5dab8ad0fb3d5a897de99b51ccf58a42368f132c0","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1162","avBlockList":["360 Total Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","ESET Internet Security (20230926)","K7 Total Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VIPRE Advanced Security (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["Avast Premium Security (20230926)","AVG Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","G DATA INTERNET SECURITY (20230926)","Kaspersky Internet Security (20230926)","Trend Micro Internet Security (20230926)","Windows Defender (20230926)"]}],"additionalFiles":[],"sources":[{"howFound":"Ad blocker program-Updated Version","reference":"change DNS, add cert","landingPage":"https://adlock.com/","directDownloadingLink":"https://adlock.com/exe/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adlock.com/exe/","sourceIndex":"1162"}],"sampleFiles":["230412/AdLock-220817/2.1.3.4/Samples/Adlock_Installer.exe"],"imageFiles":["230412/AdLock-220817/2.1.3.4/Images/ACR-043/ACR-043_1.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-043/ACR-043_2.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-043/ACR-043_3.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-042/ACR-042 (1).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-042/ACR-042 (2).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-042/ACR-042 (3).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-007/ACR-007 (1).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-007/ACR-007 (2).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-007/ACR-007 (3).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-084/ACR-084.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-048/ACR-048.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-048/ACR-048_1.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-165/ACR-165.JPG"],"nonDeceptorImageFiles":["230412/AdLock-220817/2.1.3.4/Images/ACR-040/ACR-040.JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-045/ACR-045 (1).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-045/ACR-045 (2).JPG","230412/AdLock-220817/2.1.3.4/Images/ACR-045/ACR-045 (3).JPG"],"guid":"2ae0496b-35dc-4595-b7cc-f4130894f708_2.1.3.4_1","appID":"AdLock-220817","dateAdded":"230802","deceptorType":"App","name":"AdLock","company":"AdLock","version":"2.1.3.4","lastKnownStatus":"Deceptor:2.1.2.3;2.1.3.4;2.1.4.4","lastKnownDate":"230802","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2023-08-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":879},{"violations":{"ACR-042":"The app installs a self signed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding a self signed Trusted Root Certificate that is installed.\n","ACR-048":"The app does not provide any control to close the app completely within the app's settings. When the app is minimized or closed it hides itself in the system tray.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without notification to user that it is active.\n","ACR-118":"When the consumer attempts to completely uninstall the app, the Trusted Root certificate was retained on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of its self signed Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted Root certificate and its own startup entry even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\Adlock.exe","companyName":"Hankuper s.r.o.","productName":"AdLock UI for Windows","productVersion":"2.1.1.9","fileVersion":"2.1.1.9","hashMD5":"c2fb25d360e4356a856af82395dc7518","hashSHA1":"4b920f3dec9bdb96bfd18f7be430c6bd9a199ab3","hashSHA256":"c02b6df81d64da5bf0a532cc662b7b651ee14ff32f2f9e257570565b56cc6528","digitalCertThumbprint":"31F5D9E8B084FF6C6155D555776F38A73FF54CD8","digitalCertIssuer":"DigiCert Global G3 Code Signing ECC SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1435","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdLock\\AdlockService.exe","companyName":"Hankuper s.r.o.","productName":"AdLock Service for Windows","productVersion":"2.1.1.9","fileVersion":"2.1.1.9","hashMD5":"62bd75553de9712974b2e2e8a4eaf3fe","hashSHA1":"b2e16b12b19d8b30b7f56ccc871d2ba48b8393db","hashSHA256":"be954acaf610ea0f9dba8a0cae1b415d44345f0392140ded4a4497b51819b2a7","digitalCertThumbprint":"31F5D9E8B084FF6C6155D555776F38A73FF54CD8","digitalCertIssuer":"DigiCert Global G3 Code Signing ECC SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1435","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Adlock_Installer.exe","isInstaller":"True","companyName":"Hankuper s.r.o.                                             ","productName":"AdLock                                                      ","productVersion":"2.1.1.9                                           ","fileVersion":"2.1.1.9             ","hashMD5":"7e5de6e71a2e4e59a72f4058d117a710","hashSHA1":"01b2971aff74fc8d3a805fe032d11ec46f44e534","hashSHA256":"82e5aa11c802ee31323d72d31a545ec9fafd005aca102ed9a8cad6c8a358bd27","digitalCertThumbprint":"31F5D9E8B084FF6C6155D555776F38A73FF54CD8","digitalCertIssuer":"DigiCert Global G3 Code Signing ECC SHA384 2021 CA1","digitalCertIssuedTo":"Hankuper s.r.o.","storeId":"","sourceIndex":"1435","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","K7 Total Security (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)"],"avAllowList":["Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","Trend Micro Internet Security (20220920)","VIPRE Advanced Security (20220920)","Windows Defender (20220920)"]},{"isRevoked":"False","fileName":"Adlock_Installer_2123.exe","isInstaller":"True","companyName":"Hankuper s.r.o.                                             ","productName":"AdLock   ","productVersion":"2.1.2.3","fileVersion":"2.1.2.3","hashMD5":"33f3ce45964ba084d3401548d26a79ab","hashSHA1":"6034ebaa8b8f612efb59e31d72539593db85f443","hashSHA256":"3314641d496617ca07736d7ec4746ead65543b4146b0f343e4714336b77c65ad","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Hankuper s.r.o., O=Hankuper s.r.o., L=Bratislava, C=SK, SERIALNUMBER=50451618, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SK","sourceIndex":"1435","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","K7 Total Security (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)"],"avAllowList":["Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","Trend Micro Internet Security (20220920)","VIPRE Advanced Security (20220920)","Windows Defender (20220920)"]},{"isRevoked":"False","fileName":"Adlock_2123.exe","companyName":"Hankuper s.r.o.","productName":"AdLock UI for Windows","productVersion":"2.1.2.3","fileVersion":"2.1.2.3","hashMD5":"73c78413e27895ff95891a53311458c4","hashSHA1":"c1d16753832920968be972e54979cc2145e55877","hashSHA256":"27c1998d8b30a40d750948e9079057221d10efe940b6bfb4d03e0dfd8d892456","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Hankuper s.r.o., O=Hankuper s.r.o., L=Bratislava, C=SK, SERIALNUMBER=50451618, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SK","sourceIndex":"1435","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdlockService_2123.exe","companyName":"Hankuper s.r.o.","productName":"AdLock Service for Windows","productVersion":"2.1.2.3","fileVersion":"2.1.2.3","hashMD5":"30c41a5c3c1bd934698ded102c5fd05c","hashSHA1":"85f5afe5883e985e520b41de163fa979f057f03d","hashSHA256":"d6f2db0ef2bebb55e967254bb0738603d16ed84c86956eac162194a070596295","digitalCertThumbprint":"8256116CB283B4356862EF237162DF8DAB42D5B3","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Hankuper s.r.o., O=Hankuper s.r.o., L=Bratislava, C=SK, SERIALNUMBER=50451618, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SK","sourceIndex":"1435","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Ad blocker program","reference":"change DNS, add cert","landingPage":"https://adlock.com/","directDownloadingLink":"https://adlock.com/exe/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adlock.com/exe/","sourceIndex":"1435"}],"sampleFiles":["220908/AdLock-220817/2.1.2.3/Samples/Adlock_Installer.exe","220908/AdLock-220817/2.1.2.3/Samples/Adlock_Installer_2123.exe","220908/AdLock-220817/2.1.2.3/Samples/Adlock_2123.exe","220908/AdLock-220817/2.1.2.3/Samples/AdlockService_2123.exe"],"imageFiles":["220908/AdLock-220817/2.1.2.3/Images/ACR-043/ACR-043 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-043/ACR-043 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-043/ACR-043 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-042/ACR-042 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-042/ACR-042 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-042/ACR-042 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-007/ACR-007 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-007/ACR-007 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-007/ACR-007 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-084/ACR-084_1.JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-048/ACR-048_1.JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-048/ACR-048_2.JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-118/ACR-118 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-118/ACR-118 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-118/ACR-118 (3).JPG"],"nonDeceptorImageFiles":["220908/AdLock-220817/2.1.2.3/Images/ACR-040/ACR-040.jpg","220908/AdLock-220817/2.1.2.3/Images/ACR-045/ACR-045 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-045/ACR-045 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-045/ACR-045 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-123/ACR-123 (1).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-123/ACR-123 (2).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-123/ACR-123 (3).JPG","220908/AdLock-220817/2.1.2.3/Images/ACR-123/ACR-123 (4).JPG"],"guid":"2ae0496b-35dc-4595-b7cc-f4130894f708_2.1.2.3_1","appID":"AdLock-220817","dateAdded":"230802","deceptorType":"App","name":"AdLock","company":"AdLock","version":"2.1.2.3","sigName":"Deceptor:Win32/AdLock!043042007084048118","lastKnownStatus":"Deceptor:2.1.2.3;2.1.3.4;2.1.4.4","lastKnownDate":"230802","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2023-08-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":880},{"violations":{"ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation. \n"},"samples":[{"isRevoked":"False","fileName":"ShindolifeScript - Linkvertise Downloader_7MbX6-1.exe","isInstaller":"True","fileVersion":"4.2","hashMD5":"fc30f38c629fbafcfd1f4a4895814c46","hashSHA1":"e6b298591f7034463f603ede1573c8a198938b7f","hashSHA256":"40e1b53fb04746ac4a0561f5ab781291069b90232215afc36320263308a28ec9","digitalCertThumbprint":"4F9DDD28D8C037868405E41E56E68BD251B36EF9","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"990","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)"],"avAllowList":["Bitdefender Internet Security (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","Windows Defender (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"through BIBR","reference":"","landingPage":"https://linkvertise.com/","directDownloadingLink":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","sourceIndex":"990"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/519920/activador-office-y-window/D1buvodLJDysMYNYwjHbH89CjRY1UZFF","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/519920/activador-office-y-window/D1buvodLJDysMYNYwjHbH89CjRY1UZFF","sourceIndex":"991"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/629088/aRf356475521401/UaoSV4uOA1OikMeQ6CKy3TtfYYVcQ9Ws","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/629088/aRf356475521401/UaoSV4uOA1OikMeQ6CKy3TtfYYVcQ9Ws","sourceIndex":"992"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/629283/op-pastebin-2023/0lZIybwQTXra5fUMfUNUFFNhwYAWiWzJ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/629283/op-pastebin-2023/0lZIybwQTXra5fUMfUNUFFNhwYAWiWzJ","sourceIndex":"993"},{"howFound":"","reference":"","landingPage":"https://linkvertise.com/410322/script-on-roblox-shindo/1","directDownloadingLink":"https://d2ofeexg01g7uy.cloudfront.net/2---p+/70bB/4e+6---/Script%20On%20Roblox%20shindo%20-%20Linkvertise%20Downloader.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2ofeexg01g7uy.cloudfront.net/2---p+/70bB/4e+6---/Script%20On%20Roblox%20shindo%20-%20Linkvertise%20Downloader.zip","sourceIndex":"994"},{"howFound":"DE site","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","sourceIndex":"995"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d1jxz57jyupuat.cloudfront.net/rupax2zko.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://d1jxz57jyupuat.cloudfront.net/*","sourceIndex":"996"}],"sampleFiles":["230712/LinkvertiseDownloadManager-230323/4.2.442.12/Samples/ShindolifeScript - Linkvertise Downloader_7MbX6-1.exe"],"imageFiles":["230712/LinkvertiseDownloadManager-230323/4.2.442.12/Images/ACR-043/Screen Shot 2023-07-12 at 11.16.59 AM.png","230712/LinkvertiseDownloadManager-230323/4.2.442.12/Images/ACR-013/Screen Shot 2023-07-12 at 11.17.39 AM.png","230712/LinkvertiseDownloadManager-230323/4.2.442.12/Images/ACR-060/Screen Shot 2023-07-12 at 11.17.39 AM.png"],"nonDeceptorImageFiles":["230712/LinkvertiseDownloadManager-230323/4.2.442.12/Images/ACR-044/Screen Shot 2023-07-12 at 11.12.36 AM.png"],"guid":"2bb5d43f-ef1a-4f12-9642-26dcd7eb23ba_4.2.442.12_1","appID":"LinkvertiseDownloadManager-230323","dateAdded":"230801","deceptorType":"Bundler","name":"Linkvertise DownloadManager","company":"Linkvertise.com","version":"4.2.442.12","lastKnownStatus":"3.7.3321;4.2.442.12","lastKnownDate":"230801","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-08-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":882},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offer is still installed without any notification for user.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation. \n"},"samples":[{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_hAC7-g1.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"da4b966b79a6504d25545a469905e9b4","hashSHA1":"640d3788d9ee4e2481c480a710df6c4c680d81b7","hashSHA256":"f819a9d5ed55ad5404dc7af43464d39331bfd3ead917e737f2ad115f2b69c30d","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","COMODO Antivirus (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","Trend Micro Internet Security (20230926)","VIPRE Advanced Security (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)"],"avAllowList":["Windows Defender (20230926)"]},{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_DM9X9-1.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"231e2ae5252445de209fb8eb25b9564b","hashSHA1":"43b91f2de82b16c6d579062847c590d196bf8e6b","hashSHA256":"2313d3af17c2648d3a1261787c258043b9eef9455b390926c450be4a11aba0c4","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":["360 Total Security (20230502)","Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VIPRE Advanced Security (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["Trend Micro Internet Security (20230502)","Windows Defender (20230502)"]},{"isRevoked":"False","fileName":"ACTIVADOR OFFICE Y WINDOW - Linkvertise Downloader_2T-LDO1.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"7851628cc12531884467a004c285e7d9","hashSHA1":"6cab005b51df16cdefe64432f7d4cef3398610dc","hashSHA256":"35dfe400287c3c716ad407ab4dce367e80c218cf56d9eb9bfc6e4d669baf7314","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":["360 Total Security (20230502)","Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VIPRE Advanced Security (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["Trend Micro Internet Security (20230502)","Windows Defender (20230502)"]},{"isRevoked":"False","fileName":"Op pastebin 2023 - Linkvertise Downloader_r-2wD31.exe","isInstaller":"True","fileVersion":"3.7.332.1","hashMD5":"9ef88d8681a8606d5572078acfef47d5","hashSHA1":"7d78745444359b634c1fd8f0c4f5bcc11a601daf","hashSHA256":"7d0f7d4dd28130bf130a16fc125a37e7fa4f56900fad7f02fadcf609788d1948","digitalCertThumbprint":"0D192D5D08F96BDF929936AE6065695F6A5B994D","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":["360 Total Security (20230502)","Avira Internet Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","Trend Micro Internet Security (20230502)","VIPRE Advanced Security (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["Avast Premium Security (20230502)","AVG Internet Security (20230502)","Windows Defender (20230502)"]},{"isRevoked":"False","fileName":"Script On Roblox shindo - Linkvertise Downloader_QjCZ5-1.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"68a218fdb10a6a1cc0d6019d0076e122","hashSHA1":"1aefe7eb6d99dc69937b014ba4158da5706d007b","hashSHA256":"c6296b833353b0a24fbe41b288d33b738ff47aefead5c80cc9bde4ec7fa563a0","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":["360 Total Security (20230518)","Avast Premium Security (20230518)","AVG Internet Security (20230518)","Avira Internet Security (20230518)","Bitdefender Internet Security (20230518)","COMODO Antivirus (20230518)","Dr.Web Security Space (20230518)","ESET Internet Security (20230518)","G DATA INTERNET SECURITY (20230518)","K7 Total Security (20230518)","Kaspersky Internet Security (20230518)","Malwarebytes Premium (20230518)","McAfee Total Protection (20230518)","Norton Security (20230518)","Panda Dome (20230518)","Quick Heal Internet Security (20230518)","Sophos Home Premium (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","VIPRE Advanced Security (20230518)","VirIT eXplorer PRO (20230518)","Webroot SecureAnywhere (20230518)"],"avAllowList":["Trend Micro Internet Security (20230518)","Windows Defender (20230518)"]},{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_cfOs-81.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"4fae4bffe8215a7d95cc015e4ac48e26","hashSHA1":"b47518679314b2905079d42677146bc21ae37489","hashSHA256":"1cac35dc0f986a7386367786c49bdcf98ca03099e2a352f063b32b9f42c50ee6","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_r2i-DI1.exe","isInstaller":"True","fileVersion":"2.0.0.13","hashMD5":"0c9aa1c8b90eb10046cab978796146bd","hashSHA1":"55a379e22c80c0082883c080647e04a23c7f1a66","hashSHA256":"683d26c6769ba84ae943e41777baabf4175d0eea3b52ce9110f242171d31bf9c","digitalCertThumbprint":"4806CE00ECA9F4A9D9D96B1DA2E4BC3DF28CE6EE","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Shindo Life Script - Linkvertise Downloader_vSNDU-1.exe","isInstaller":"True","fileVersion":"4.2","hashMD5":"fc30f38c629fbafcfd1f4a4895814c46","hashSHA1":"e6b298591f7034463f603ede1573c8a198938b7f","hashSHA256":"40e1b53fb04746ac4a0561f5ab781291069b90232215afc36320263308a28ec9","digitalCertThumbprint":"4F9DDD28D8C037868405E41E56E68BD251B36EF9","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)"],"avAllowList":["Bitdefender Internet Security (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","Windows Defender (20230921)"]},{"isRevoked":"False","fileName":"Script On Roblox shindo - Linkvertise Downloader_vUkMS-1.exe","isInstaller":"True","fileVersion":"3.7","hashMD5":"00a608d8bc12329921bb69d8876b177f","hashSHA1":"ed4dc23e55e01324680d36b86f2c3321b6c4a383","hashSHA256":"155a99baf6b021da125dbbe4a3380e151cdb3053072abe2e9d926aa430880881","digitalCertThumbprint":"4F9DDD28D8C037868405E41E56E68BD251B36EF9","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=Linkvertise GmbH & Co. KG, O=Linkvertise GmbH & Co. KG, L=Itzehoe, S=Schleswig-Holstein, C=DE","sourceIndex":"933","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"through BIBR","reference":"","landingPage":"https://linkvertise.com/","directDownloadingLink":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","sourceIndex":"933"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/519920/activador-office-y-window/D1buvodLJDysMYNYwjHbH89CjRY1UZFF","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/519920/activador-office-y-window/D1buvodLJDysMYNYwjHbH89CjRY1UZFF","sourceIndex":"934"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/629088/aRf356475521401/UaoSV4uOA1OikMeQ6CKy3TtfYYVcQ9Ws","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/629088/aRf356475521401/UaoSV4uOA1OikMeQ6CKy3TtfYYVcQ9Ws","sourceIndex":"935"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/629283/op-pastebin-2023/0lZIybwQTXra5fUMfUNUFFNhwYAWiWzJ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/629283/op-pastebin-2023/0lZIybwQTXra5fUMfUNUFFNhwYAWiWzJ","sourceIndex":"936"},{"howFound":"","reference":"","landingPage":"https://linkvertise.com/410322/script-on-roblox-shindo/1","directDownloadingLink":"https://d2ofeexg01g7uy.cloudfront.net/2---p+/70bB/4e+6---/Script%20On%20Roblox%20shindo%20-%20Linkvertise%20Downloader.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2ofeexg01g7uy.cloudfront.net/2---p+/70bB/4e+6---/Script%20On%20Roblox%20shindo%20-%20Linkvertise%20Downloader.zip","sourceIndex":"937"},{"howFound":"DE site","reference":"","landingPage":"","directDownloadingLink":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://linkvertise.download/download/458037/shindo-life-script/TYZ4vL4R8E7xQ4ZzBprIN3I6k7BmZE8u","sourceIndex":"938"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d2opycs3rbbqkr.cloudfront.net/lg01pr8EK.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2opycs3rbbqkr.cloudfront.net/*","sourceIndex":"939"},{"howFound":"PH site","reference":"","landingPage":"","directDownloadingLink":"https://d2opycs3rbbqkr.cloudfront.net/wd3Yz9GRy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2opycs3rbbqkr.cloudfront.net/*","sourceIndex":"940"}],"sampleFiles":["230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_hAC7-g1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_DM9X9-1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/ACTIVADOR OFFICE Y WINDOW - Linkvertise Downloader_2T-LDO1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Op pastebin 2023 - Linkvertise Downloader_r-2wD31.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Script On Roblox shindo - Linkvertise Downloader_QjCZ5-1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_cfOs-81.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_r2i-DI1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Shindo Life Script - Linkvertise Downloader_vSNDU-1.exe","230801/LinkvertiseDownloadManager-230323/3.7.3321/Samples/Script On Roblox shindo - Linkvertise Downloader_vUkMS-1.exe"],"imageFiles":["230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-043/ACR-043.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-042/ACR-042.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-013/OptionalOffer_1.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-013/OptionalOffer_2.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-060/OptionalOffer_1.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-060/OptionalOffer_2.jpg","230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-075/ACR-075.jpg"],"nonDeceptorImageFiles":["230801/LinkvertiseDownloadManager-230323/3.7.3321/Images/ACR-044/Linkvertise_Main_1.jpg"],"guid":"2bb5d43f-ef1a-4f12-9642-26dcd7eb23ba_3.7.3321_1","appID":"LinkvertiseDownloadManager-230323","dateAdded":"230801","deceptorType":"Bundler","name":"Linkvertise DownloadManager","company":"Linkvertise.com","version":"3.7.3321","lastKnownStatus":"3.7.3321;4.2.442.12","lastKnownDate":"230801","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-08-02T05:19:43.2432086+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":881},{"violations":{"ACR-046":"Disclosures for the optional offers are not visible. The Opera Browser Offer, Nox app player and PlayGames.pro are preselected in the installation and requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-059":"The Offer is not clearly marked as an optional offer.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://multisetup.ru/","directDownloadingLink":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","sourceIndex":"343"},{"howFound":"","reference":"","landingPage":"https://download-windows.org/","directDownloadingLink":"https://download-msetup.org/api/getbundle/?partner_apikey=f477c6ac2b35f5a21d0f43e25aed36b1&r=111fc9c288f215905c2a7ae94f3c389f&bl=0&b=1&program_slug=dwo&utm_term=dwo&utm_campaign=&utm_source=&utm_medium=&utm_content=&utm_clickid=&sourceURL=https%3A%2F%2Fdw-files-63.top%2Fload%2FTe48ybglK%2Fnox_setup_v6.0.1.0_full_intl.exe&sourceName=Nox%20App%20Player&sourceIntro=&sourceNote=&rfr=https%3A%2F%2Fnox-app-player.download-windows.org%2F","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-msetup.org/api/getbundle/?partner_apikey=f477c6ac2b35f5a21d0f43e25aed36b1&r=111fc9c288f215905c2a7ae94f3c389f&bl=0&b=1&program_slug=dwo&utm_term=dwo&utm_campaign=&utm_source=&utm_medium=&utm_content=&utm_clickid=&sourceURL=https%3A%2F%2Fdw-files-63.top%2Fload%2FTe48ybglK%2Fnox_setup_v6.0.1.0_full_intl.exe&sourceName=Nox%20App%20Player&sourceIntro=&sourceNote=&rfr=https%3A%2F%2Fnox-app-player.download-windows.org%2F","sourceIndex":"344"}],"sampleFiles":[],"imageFiles":["230731/MultiSetup-230731/3.8.52/Images/ACR-046/ACR-046_Install_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-046/ACR-046_Install_2.png","230731/MultiSetup-230731/3.8.52/Images/ACR-046/ACR-046_Install_3.png","230731/MultiSetup-230731/3.8.52/Images/ACR-046/ACR-046_Install_1.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-013/ACR-013_Install_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-013/ACR-013_Install_1.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-013/ACR-013_Install_2.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_2.png","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_3.png","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_4.png","230731/MultiSetup-230731/3.8.52/Images/ACR-059/ACR-059_Bundler-made offers_1.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-060/ACR-060_Bundler-made offers_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-060/ACR-060_Bundler-made offers_1.jpeg","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_1.png","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_2.png","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_3.png","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_4.png","230731/MultiSetup-230731/3.8.52/Images/ACR-155/ACR-155_Bundler-made offers_1.jpeg"],"nonDeceptorImageFiles":[],"guid":"8c09f25b-bb18-436c-9d41-3ee6b568dc77_3.8.52_1","appID":"MultiSetup-230731","dateAdded":"230731","deceptorType":"App","name":"MultiSetup","company":"NBZ, OOO","version":"3.8.52","firstVendorContactDate":"241121","firstAppEsteemReplyDate":"241121","firstResolvedDate":"241122","firstResolvedVersion":"4.0.0","resolved":"TRUE","lastKnownStatus":"3.8.21","lastKnownDate":"230731","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-11-23T01:04:14.7649509+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":883},{"violations":{"ACR-046":"Disclosures for the optional offer are not visible. The Opera Browser Offer and PlayGames.pro is preselected in the installation and requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-059":"The Offer is not clearly marked as an optional offer.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"multi_setup_3_8_20_cAV6m.exe","isInstaller":"True","companyName":"NBZ, OOO","fileVersion":"3.8","hashMD5":"500e970ece28c2392d3e59c69a8080b8","hashSHA1":"445cb08822781af7f0092daebf7861823ef6429c","hashSHA256":"d3fe70d9512009c7a9de90cecb9b9e7f5f64c86d90d4a59cf2b41f92d89508b2","digitalCertThumbprint":"75669216ABB0AB45CAEC1736B22B65FB20C4EC63","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=NBZ OOO, O=NBZ OOO, L=Saint Petersburg, S=Saint Petersburg, C=RU","sourceIndex":"947","avBlockList":["Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","Trend Micro Internet Security (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","COMODO Antivirus (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://multisetup.ru/","directDownloadingLink":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download-msetup.net/nanosetup/multi_setup_3_8_20_cAV6m.exe","sourceIndex":"947"}],"sampleFiles":["230731/MultiSetup-230731/3.8.21/Samples/multi_setup_3_8_20_cAV6m.exe"],"imageFiles":["230731/MultiSetup-230731/3.8.21/Images/ACR-046/Multisetup_Offer.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-046/OperaBrowser.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-046/Multisetup_optionaloffers.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-013/OptionalOffer1.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-059/Multisetup_Offer.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-059/Multisetup_optionaloffers.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-059/OperaBrowser.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-060/OptionalOffer1.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-155/Multisetup_Offer.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-155/Multisetup_optionaloffers.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-155/OperaBrowser.jpg","230731/MultiSetup-230731/3.8.21/Images/ACR-155/OptionalOffer1.jpg"],"nonDeceptorImageFiles":[],"guid":"8c09f25b-bb18-436c-9d41-3ee6b568dc77_3.8.21_1","appID":"MultiSetup-230731","dateAdded":"230731","deceptorType":"App","name":"MultiSetup","company":"NBZ, OOO","version":"3.8.21","firstVendorContactDate":"241121","firstAppEsteemReplyDate":"241121","firstResolvedDate":"241122","firstResolvedVersion":"4.0.0","resolved":"TRUE","lastKnownStatus":"3.8.21","lastKnownDate":"230731","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-11-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":884},{"violations":{"ACR-010":"The button \"Enable Now\" leads to a rogue website which when clicked sends the user unwanted ads/pop-ups directly to the system.\n","ACR-014":"The button \"Enable Now\" redirects to a rogue website which when clicked sends the user unwanted ads/pop-ups directly to the system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"dnmultiplayer.exe","fileVersion":"9.0","hashMD5":"e55d601bbdb90b93f9409b6e2c610679","hashSHA1":"63eb7f3c8adc2d553a70ac9aa4f71f6dd63fd29b","hashSHA256":"76cdeb178662e11be7b559986408635ae69ca3b4327de2c2b17005a0902340a4","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"916","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dnplayer.exe","fileVersion":"9.0","hashMD5":"40540f82e02ca3de5e5e86423f4a987f","hashSHA1":"f44edc1f5096ff521e6f17558f79344afb05334e","hashSHA256":"43d2f584c648481aa0babdd3066a30465f9d701093f6df794b3fde9ead809707","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"916","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LDPlayer9_de_1103_ld.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"83c2a7913043419ef1e31973e69d00d1","hashSHA1":"55c1d6abbe4c7e2b5921a9d4ab82d3b7a4ee23e3","hashSHA256":"a2d0d1739b392a98fc66ad4fa82ab3102ddf117bf0b5771ca3a5f8d3295e2184","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"916","avBlockList":["360 Total Security (20230815)","Avira Internet Security (20230815)","ESET Internet Security (20230815)","G DATA INTERNET SECURITY (20230815)","Malwarebytes Premium (20230815)","Norton Security (20230815)","Panda Dome (20230815)","Sophos Home Premium (20230815)","SpyHunter5 (20230815)","Total AV Antivirus Pro (20230815)","VirIT eXplorer PRO (20230815)","Webroot SecureAnywhere (20230815)","Windows Defender (20230815)"],"avAllowList":["Avast Premium Security (20230815)","AVG Internet Security (20230815)","Bitdefender Internet Security (20230815)","COMODO Antivirus (20230815)","Dr.Web Security Space (20230815)","K7 Total Security (20230815)","Kaspersky Internet Security (20230815)","McAfee Total Protection (20230815)","Quick Heal Internet Security (20230815)","Trend Micro Internet Security (20230815)","VIPRE Advanced Security (20230815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","sourceIndex":"916"}],"sampleFiles":["230724/LDPlayer-230322/9.0.53/Samples/dnmultiplayer.exe","230724/LDPlayer-230322/9.0.53/Samples/dnplayer.exe","230724/LDPlayer-230322/9.0.53/Samples/LDPlayer9_de_1103_ld.exe"],"imageFiles":["230724/LDPlayer-230322/9.0.53/Images/ACR-010/Clickbait_SpamNotif.jpg","230724/LDPlayer-230322/9.0.53/Images/ACR-014/Clickbait_SpamNotif.jpg"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.53_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.53","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-08-24T21:20:57.2374093+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":885},{"violations":{"ACR-010":"The button \"Enable Now\" leads to a rogue website which when clicked sends the user unwanted ads/pop-ups directly to the system.\n","ACR-014":"The button \"Enable Now\" redirects to a rogue website which when clicked sends the user unwanted ads/pop-ups directly to the system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"dnmultiplayerex.exe","fileVersion":"0.0","hashMD5":"d54bb1d20126dee837c01fc14e3b0b58","hashSHA1":"fac912c005e6676c380d119a96dd4762213fd80e","hashSHA256":"1d605d5deb86ad92fd562c45dced4f3bcb83b960ebf148559e6c176b8b056e33","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"997","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dnplayer.exe","fileVersion":"9.0","hashMD5":"f2a8fc93dc0b38164bd0250bc1b80f42","hashSHA1":"bdb8e78db1935897ae0a84724a1fdb1babfe0bdf","hashSHA256":"4b4b610297038ac579214f1b199dc2b4b8e6855259d0d9c129272c3086b04af5","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"997","avBlockList":["Avira Internet Security (20230810)","ESET Internet Security (20230810)","G DATA INTERNET SECURITY (20230810)","K7 Total Security (20230810)","Malwarebytes Premium (20230810)","Norton Security (20230810)","Panda Dome (20230810)","Quick Heal Internet Security (20230810)","Sophos Home Premium (20230810)","SpyHunter5 (20230810)","Total AV Antivirus Pro (20230810)","VirIT eXplorer PRO (20230810)","Webroot SecureAnywhere (20230810)"],"avAllowList":["360 Total Security (20230810)","Avast Premium Security (20230810)","AVG Internet Security (20230810)","Bitdefender Internet Security (20230810)","COMODO Antivirus (20230810)","Dr.Web Security Space (20230810)","Kaspersky Internet Security (20230810)","McAfee Total Protection (20230810)","Trend Micro Internet Security (20230810)","VIPRE Advanced Security (20230810)","Windows Defender (20230810)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","sourceIndex":"997"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://ldcdn.ldmnq.com/download/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","sourceIndex":"998"}],"sampleFiles":["230724/LDPlayer-230322/9.0.51/Samples/dnmultiplayerex.exe","230724/LDPlayer-230322/9.0.51/Samples/dnplayer.exe"],"imageFiles":["230724/LDPlayer-230322/9.0.51/Images/ACR-010/Clickbait_Spamnotif.jpg","230724/LDPlayer-230322/9.0.51/Images/ACR-014/Clickbait_Spamnotif.jpg"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.51_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.51","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-07-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":886},{"violations":{"ACR-010":"The button \"Enable Now\" leads to a rogue website which when click sends the user unwanted ads/pop-ups directly to the system.\n","ACR-014":"The button \"Enable Now\" does not open the guide page, instead it leads to a rogue website which when click sends the user unwanted ads/pop-ups directly to the system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"LDPlayer9_de_1103_ld.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"85f02fe1b12d6c59fdca07e824f97a4a","hashSHA1":"b1b50e59e14b851fa7e419881846a5cf05993a24","hashSHA256":"30aab8d4f0deb28c9d95a6c5eaa20ae80c4c5a2e17f0070326f9996c71a4916a","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1019","avBlockList":["Avira Internet Security (20230720)","ESET Internet Security (20230720)","K7 Total Security (20230720)","Malwarebytes Premium (20230720)","Norton Security (20230720)","Panda Dome (20230720)","Quick Heal Internet Security (20230720)","Sophos Home Premium (20230720)","SpyHunter5 (20230720)","Total AV Antivirus Pro (20230720)","VirIT eXplorer PRO (20230720)","Webroot SecureAnywhere (20230720)","Windows Defender (20230720)"],"avAllowList":["360 Total Security (20230720)","Avast Premium Security (20230720)","AVG Internet Security (20230720)","Bitdefender Internet Security (20230720)","COMODO Antivirus (20230720)","Dr.Web Security Space (20230720)","G DATA INTERNET SECURITY (20230720)","Kaspersky Internet Security (20230720)","McAfee Total Protection (20230720)","Trend Micro Internet Security (20230720)","VIPRE Advanced Security (20230720)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","sourceIndex":"1019"}],"sampleFiles":["230705/LDPlayer-230322/9.0.48/Samples/LDPlayer9_de_1103_ld.exe"],"imageFiles":["230705/LDPlayer-230322/9.0.48/Images/ACR-010/LDplayer_clickbait.png","230705/LDPlayer-230322/9.0.48/Images/ACR-010/LDplayer_spamnotif.png","230705/LDPlayer-230322/9.0.48/Images/ACR-010/LDplayer_spamnotif2.png","230705/LDPlayer-230322/9.0.48/Images/ACR-014/LDplayer_clickbait.png","230705/LDPlayer-230322/9.0.48/Images/ACR-014/LDplayer_spamnotif.png","230705/LDPlayer-230322/9.0.48/Images/ACR-014/LDplayer_spamnotif2.png"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.48_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.48","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-07-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":887},{"violations":{"ACR-010":"The button \"Enable Now\" opens the guide page and eventually redirects to a rogue website which when click sends the user unwanted ads/pop-ups directly to the system.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"LDPlayer9_de_1103_ld.exe","isInstaller":"True","companyName":"XUANZHI CHINA","fileVersion":"1.0","hashMD5":"d534ec979305cb79edd861760de997d8","hashSHA1":"0152e7516a813b06c67a10b713260377d0f97131","hashSHA256":"2bccda899132b8287824b9c2bde2c6562ac12d36365fcd5720d64d20e3b9c009","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1060","avBlockList":["360 Total Security (20230504)","Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","Bitdefender Internet Security (20230504)","Dr.Web Security Space (20230504)","ESET Internet Security (20230504)","G DATA INTERNET SECURITY (20230504)","K7 Total Security (20230504)","Kaspersky Internet Security (20230504)","Malwarebytes Premium (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","VIPRE Advanced Security (20230504)","VirIT eXplorer PRO (20230504)","Webroot SecureAnywhere (20230504)","Windows Defender (20230504)"],"avAllowList":["COMODO Antivirus (20230504)","McAfee Total Protection (20230504)","Quick Heal Internet Security (20230504)","Trend Micro Internet Security (20230504)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","sourceIndex":"1060"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/is/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/is/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","sourceIndex":"1061"},{"howFound":"","reference":"","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE_ld.exe","sourceIndex":"1062"}],"sampleFiles":["230601/LDPlayer-230322/9.0.45/Samples/LDPlayer9_de_1103_ld.exe"],"imageFiles":["230601/LDPlayer-230322/9.0.45/Images/ACR-013/OptionalOffer1.jpg","230601/LDPlayer-230322/9.0.45/Images/ACR-013/OptionalOffer2.jpg","230601/LDPlayer-230322/9.0.45/Images/ACR-060/OptionalOffer1.jpg","230601/LDPlayer-230322/9.0.45/Images/ACR-060/OptionalOffer2.jpg","230601/LDPlayer-230322/9.0.45/Images/ACR-010/ACR-010-Redirection.mp4","230601/LDPlayer-230322/9.0.45/Images/ACR-010/ACR-010.jpg"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.45_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.45","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-07-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":888},{"violations":{"ACR-010":"The button \"Enable Now\" opens the guide page and eventually redirects to a rogue website which when click sends the user unwanted ads/pop-ups directly to the system.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"LDPlayer9_de_2231_ld.exe","isInstaller":"True","companyName":"XUANZHI CHINA","fileVersion":"1.0","hashMD5":"90276982cc921f646f74f8310ef8cd6a","hashSHA1":"37d5ff4e70485bbcc6e4ef6fa08d3b7839012d0f","hashSHA256":"08fee35f2462f93c96751755ff42f2f63525ad04e21543efe52a159c800ab80a","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1096","avBlockList":["Avast Premium Security (20230418)","AVG Internet Security (20230418)","Avira Internet Security (20230418)","Bitdefender Internet Security (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["360 Total Security (20230418)","COMODO Antivirus (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Quick Heal Internet Security (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","Windows Defender (20230418)"]},{"isRevoked":"False","fileName":"dnmultiplayerex.exe","fileVersion":"0.0","hashMD5":"8c7a170af4626b3c9e5bcfb7fe6d1bd9","hashSHA1":"502a982c1f476572de63626d0bd830c4ad446d75","hashSHA256":"b31855483d06f9f0ac266207381cc9dbcb98eba0d05c7f5e2df1b331b3b7b1c5","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1096","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dnplayer.exe","fileVersion":"9.0","hashMD5":"4bf574d681597b1a7ea8adba696d0207","hashSHA1":"b5c8ca6a11d12d17f38ad58937c7a29b20860a04","hashSHA256":"a2447c05d78ee0ca8a8727f561b33da22c855257a484e7e74466ece7b406ef5f","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1096","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LDPlayer9_de_1103_ld.exe","isInstaller":"True","companyName":"XUANZHI INTERNATIONAL CO., LIMITED","fileVersion":"1.0","hashMD5":"79170cdc94a59fd6e174bd56d8ccadcb","hashSHA1":"c3e8aa07bfb7625194def68231b4db42ca3d6610","hashSHA256":"07bd1745baa33c6abb773c13fb4c65aa35b18b21d7e514af3bf5fd20cd97e500","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1096","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_ld.exe","sourceIndex":"1096"},{"howFound":"","reference":"","landingPage":"https://de.ldplayer.net/?from=en","directDownloadingLink":"https://ldcdn.ldmnq.com/download/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","sourceIndex":"1097"}],"sampleFiles":["230519/LDPlayer-230322/9.0.46/Samples/LDPlayer9_de_2231_ld.exe","230519/LDPlayer-230322/9.0.46/Samples/dnmultiplayerex.exe","230519/LDPlayer-230322/9.0.46/Samples/dnplayer.exe","230519/LDPlayer-230322/9.0.46/Samples/LDPlayer9_de_1103_ld.exe"],"imageFiles":["230519/LDPlayer-230322/9.0.46/Images/ACR-013/OptionalOffer1.jpg","230519/LDPlayer-230322/9.0.46/Images/ACR-013/OptionalOffer2.jpg","230519/LDPlayer-230322/9.0.46/Images/ACR-060/OptionalOffer1.jpg","230519/LDPlayer-230322/9.0.46/Images/ACR-060/OptionalOffer2.jpg","230519/LDPlayer-230322/9.0.46/Images/ACR-010/Redirection.jpg"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.46_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.46","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-07-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":890},{"violations":{"ACR-010":"The button \"Enable Now\" opens a rogue website other than the Guide Page which when click sends the user unwanted ads/pop-ups directly to the system.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","isInstaller":"True","companyName":"XUANZHI CHINA","fileVersion":"1.0","hashMD5":"90276982cc921f646f74f8310ef8cd6a","hashSHA1":"37d5ff4e70485bbcc6e4ef6fa08d3b7839012d0f","hashSHA256":"08fee35f2462f93c96751755ff42f2f63525ad04e21543efe52a159c800ab80a","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1167","avBlockList":["Avast Premium Security (20230418)","AVG Internet Security (20230418)","Avira Internet Security (20230418)","Bitdefender Internet Security (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["360 Total Security (20230418)","COMODO Antivirus (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Quick Heal Internet Security (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","Windows Defender (20230418)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/ldy/de2231_9.0.html?gclid=EAIaIQobChMI9PeS9L7v_QIVAuHmCh1zsgo5EAAYASAAEgJCvfD_BwE","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/LDPlayer9.exe?n=LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe","sourceIndex":"1167"}],"sampleFiles":["230406/LDPlayer-230322/9.0.40/Samples/LDPlayer9_de_2231_EAIaIQobChMIsvvg9b7v_QIVVOdRCh3slQA_EAAYASAAEgIhA_D_BwE_ld.exe"],"imageFiles":["230406/LDPlayer-230322/9.0.40/Images/ACR-013/OptionalOffer1.jpg","230406/LDPlayer-230322/9.0.40/Images/ACR-013/OptionalOffer2.jpg","230406/LDPlayer-230322/9.0.40/Images/ACR-060/OptionalOffer1.jpg","230406/LDPlayer-230322/9.0.40/Images/ACR-060/OptionalOffer2.jpg","230406/LDPlayer-230322/9.0.40/Images/ACR-010/ACR-010.jpg","230406/LDPlayer-230322/9.0.40/Images/ACR-010/ACR-010_AfterClickingAllow.jpg"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.40_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.40","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-07-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":891},{"violations":{"ACR-010":"The button \"Enable Now\" opens the guide page and eventually redirects to a rogue website which when click sends the user unwanted ads/pop-ups directly to the system.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"dnmultiplayerex.exe","fileVersion":"0.0","hashMD5":"7e8dc26805b40d763d2525abc8a11630","hashSHA1":"d3501f3eab94cabcd5682b1821bbb5c31330d25f","hashSHA256":"c7998167370531f18bb1af9f7edfd204c163441d66b75af2ff346569c54a97c6","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1065","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dnplayer.exe","fileVersion":"9.0","hashMD5":"bb25abcdd94835b9bc95b30baaa3579c","hashSHA1":"479c9ea223eadade78d3c476f8ef174f16deb0d0","hashSHA256":"f0ef7fa33b5407e1175b747b1c38615b2ba6d2ad8e57122d3d38c356bb4b368a","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1065","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LDPlayer9_de_1103_ld.exe","isInstaller":"True","companyName":"XUANZHI INTERNATIONAL CO., LIMITED","fileVersion":"1.0","hashMD5":"21f0da60127ba72f03b0e95051378408","hashSHA1":"7e6b621db8906eaea933d3d96695925c812a1b10","hashSHA256":"27ed4f647fc1e5e97c1f927a72156855615e67577e117a599cd05838bc572224","digitalCertThumbprint":"C9CF5A70494E07F75A894435C96CB25F0A1E0C7B","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", O=\"Shanghai Chang Zhi Network Technology Co,. Ltd.\", S=上海市, C=CN, SERIALNUMBER=91310114MA1GT9FP6N, OID.1.3.6.1.4.1.311.60.2.1.1=嘉定区, OID.1.3.6.1.4.1.311.60.2.1.2=上海市, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1065","avBlockList":["Avast Premium Security (20230801)","AVG Internet Security (20230801)","Avira Internet Security (20230801)","Dr.Web Security Space (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","K7 Total Security (20230801)","Malwarebytes Premium (20230801)","Norton Security (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)"],"avAllowList":["360 Total Security (20230801)","Bitdefender Internet Security (20230801)","COMODO Antivirus (20230801)","Kaspersky Internet Security (20230801)","McAfee Total Protection (20230801)","Trend Micro Internet Security (20230801)","VIPRE Advanced Security (20230801)","Windows Defender (20230801)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Top Android Emulator for Windows PC","reference":"MEmu Play through BIBR","landingPage":"https://de.ldplayer.net/?from=en","directDownloadingLink":"https://ldcdn.ldmnq.com/download/ldad/is/230529/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ldcdn.ldmnq.com/download/ldad/is/230529/LDPlayer9.exe?n=LDPlayer9_de_1103_ld.exe","sourceIndex":"1065"}],"sampleFiles":["230601/LDPlayer-230322/9.0.47/Samples/dnmultiplayerex.exe","230601/LDPlayer-230322/9.0.47/Samples/dnplayer.exe","230601/LDPlayer-230322/9.0.47/Samples/LDPlayer9_de_1103_ld.exe"],"imageFiles":["230601/LDPlayer-230322/9.0.47/Images/ACR-013/OptionalOffer1.jpg","230601/LDPlayer-230322/9.0.47/Images/ACR-013/OptionalOffer2.jpg","230601/LDPlayer-230322/9.0.47/Images/ACR-060/OptionalOffer1.jpg","230601/LDPlayer-230322/9.0.47/Images/ACR-060/OptionalOffer2.jpg","230601/LDPlayer-230322/9.0.47/Images/ACR-010/Redirection.mp4"],"nonDeceptorImageFiles":[],"guid":"793930cc-b67a-41f0-982e-0d0b420fd572_9.0.47_1","appID":"LDPlayer-230322","dateAdded":"230724","deceptorType":"App","name":"LDPlayer","company":"XUANZHI INTERNATIONAL CO., LIMITED","version":"9.0.47","firstResolvedVersion":"9.0.57","resolved":"TRUE","lastKnownStatus":"9.0.40;9.0.45;9.0.46;9.0.47;9.0.48;9.0.51;9.0.53","lastKnownDate":"230724","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2023-07-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":889},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed\n","ACR-048":"The app does not provide any control to enable/disable the scheduled tasks and to exit the app completely. Even after exiting the app from the system tray, one process still runs in the background.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the trusted root certificate.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. When attempting to exit the app from the system tray, one process still runs in the background without notifying user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, an additional Trusted Root certificate gets added and the already added two root certificates were retained on the device without the consumer's consent or notifying the user. (Verify from your end)\n","ACR-014":"The app does not substantiate the blocked ads and trackers & misleads the user by stating \"You are at Risk\" and \"Warning\"\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted root certificates after uninstallation and reboot. (Verify from your end)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdblockerUltimateGUI.exe","companyName":"AdAvoid Ltd.","productName":"AdBlocker Ultimate","productVersion":"3.75.0.0","fileVersion":"3.75.0.0","hashMD5":"51bd5278337e929331e3d888352f1a08","hashSHA1":"ea3261f3c0c8525dd676b83a878a432f687730ab","hashSHA256":"5e633faf51986e1308fc6dd030fe5590a90d0ffcd81d83f0138c365b58eefcb9","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"976","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdBlockerUltimateService.exe","companyName":"AdAvoid Ltd","productName":"AdBlocker Ultimate Service","productVersion":"3.75.0.0","fileVersion":"3.75.0.0","hashMD5":"a795cf42106f71f56fdcce696db24332","hashSHA1":"633546a86ee8d4e6cd77e7d1e86fe77771861594","hashSHA256":"fbec5aaacdf19d5ce405bfae4d8c0ec34adc3013eccbfcef401e915c415f2520","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"976","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdBlockerInstaller.exe","isInstaller":"True","companyName":"AdAvoid Ltd.                                               ","productName":"AdBlocker Ultimate                                          ","productVersion":"3.75.0.0                                          ","fileVersion":"3.75.0.0            ","hashMD5":"dd19e720b3906af086092c052558f7ad","hashSHA1":"6bfe43cd34ef1f543ef6190aa5f87ebf6b9c72b7","hashSHA256":"8ba7d859dd5a445739d0e42fbd1a0fc37fc9e4341a08cace9d40465ded8a7cc3","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"976","avBlockList":["Avast Premium Security (20230718)","AVG Internet Security (20230718)","Avira Internet Security (20230718)","K7 Total Security (20230718)","Norton Security (20230718)","Panda Dome (20230718)","Sophos Home Premium (20230718)","SpyHunter5 (20230718)","Total AV Antivirus Pro (20230718)","VirIT eXplorer PRO (20230718)"],"avAllowList":["360 Total Security (20230718)","Bitdefender Internet Security (20230718)","COMODO Antivirus (20230718)","Dr.Web Security Space (20230718)","ESET Internet Security (20230718)","G DATA INTERNET SECURITY (20230718)","Kaspersky Internet Security (20230718)","Malwarebytes Premium (20230718)","McAfee Total Protection (20230718)","Quick Heal Internet Security (20230718)","Trend Micro Internet Security (20230718)","VIPRE Advanced Security (20230718)","Webroot SecureAnywhere (20230718)","Windows Defender (20230718)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on adblocker apps","reference":"","landingPage":"https://adblockultimate.net/","directDownloadingLink":"https://download.adblockultimate.net/AdBlockerInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.adblockultimate.net/AdBlockerInstaller.exe","sourceIndex":"976"}],"sampleFiles":["230713/AdBlockerUltimate-220905/3.75.0.0/Samples/AdBlockerInstaller.exe"],"imageFiles":["230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-043/ACR-043.JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-043/ACR-043_1.JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-043/ACR-043_2.JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-042/ACR-042 (1).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-042/ACR-042 (2).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-042/ACR-042 (3).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-007/ACR-007 (1).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-007/ACR-007 (2).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-007/ACR-007 (3).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-084/ACR-084 (1).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-084/ACR-084 (2).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-048/ACR-048.JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-048/ACR-048_1.JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-048/ACR-048_2.JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-014/ACR-014.JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-014/ACR-014_1.JPG"],"nonDeceptorImageFiles":["230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-040/ACR-040.JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-045/ACR-045 (1).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-045/ACR-045 (2).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-045/ACR-045 (3).JPG","230713/AdBlockerUltimate-220905/3.75.0.0/Images/ACR-123/ACR-123_1.JPG"],"guid":"8d9bc6c5-6bbb-46fc-9222-882c2d65b228_3.75.0.0_1","appID":"AdBlockerUltimate-220905","dateAdded":"230720","deceptorType":"App","name":"AdBlocker Ultimate","company":"AdAvoid, Ltd","version":"3.75.0.0","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230720","firstResolvedVersion":"4.0.3.0","resolved":"TRUE","lastKnownStatus":"3.62.0.0;3.71.0.0;3.75.0.0;3.77.0.0;3.79.0.0;3.83.0.0;3.85.0.0;4.0.0.0;4.0.2.0","lastKnownDate":"230720","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-07-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":893},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed\n","ACR-048":"The app does not provide any control to enable/disable the scheduled tasks and to exit the app completely. Even after exiting the app from the system tray, one process still runs in the background.\n","ACR-004":"The app uses exaggerated red color to indicate the system status.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the trusted root certificate.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. When attempting to exit the app from the system tray, one process still runs in the background without notifying user.\n","ACR-014":"The app does not substantiate the blocked ads and trackers & misleads the user by stating \"You are at Risk\" and \"Warning\"\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdblockerUltimateGUI.exe","companyName":"AdAvoid Ltd.","productName":"AdBlocker Ultimate","productVersion":"3.77.0.0","fileVersion":"3.77.0.0","hashMD5":"f85fe516c6c769c3814ae0e0edb67590","hashSHA1":"9fd4dfca4804c0eed26ed5416c2cf46abe195a71","hashSHA256":"45d959f2a241675144cb18f8af740545d0b978352c906a5a22cf0b89f794584a","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1083","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdBlockerUltimateService.exe","companyName":"AdAvoid Ltd","productName":"AdBlocker Ultimate Service","productVersion":"3.77.0.0","fileVersion":"3.77.0.0","hashMD5":"e30ef4b0624d06ab9c3d33aceb472fbe","hashSHA1":"b1b75eeb1febac0a6e9eb7f924a44e760fc771fa","hashSHA256":"800bec0198c20dbce3d1706ee542394d0511e3e0e35e4cd0b213f37b69e3c1bc","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1083","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdBlockerInstaller.exe","isInstaller":"True","companyName":"AdAvoid Ltd.                                               ","productName":"AdBlocker Ultimate                                          ","productVersion":"3.77.0.0                                          ","fileVersion":"3.77.0.0            ","hashMD5":"a354917c08ab43481699a95107c42f37","hashSHA1":"fd26841867d68697b271bf1237b2e619d50d929a","hashSHA256":"416afce0371f8bfcb7d55cb8aee45baaef685f32833441b655878631e44b2781","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1083","avBlockList":["Avast Premium Security (20230706)","AVG Internet Security (20230706)","K7 Total Security (20230706)","Norton Security (20230706)","Panda Dome (20230706)","Quick Heal Internet Security (20230706)","Sophos Home Premium (20230706)","SpyHunter5 (20230706)","VirIT eXplorer PRO (20230706)","Webroot SecureAnywhere (20230706)"],"avAllowList":["360 Total Security (20230706)","Avira Internet Security (20230706)","Bitdefender Internet Security (20230706)","COMODO Antivirus (20230706)","Dr.Web Security Space (20230706)","ESET Internet Security (20230706)","G DATA INTERNET SECURITY (20230706)","Kaspersky Internet Security (20230706)","Malwarebytes Premium (20230706)","McAfee Total Protection (20230706)","Total AV Antivirus Pro (20230706)","Trend Micro Internet Security (20230706)","VIPRE Advanced Security (20230706)","Windows Defender (20230706)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://adblockultimate.net/","directDownloadingLink":"https://adblockultimate.net/install","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adblockultimate.net/install","sourceIndex":"1083"}],"sampleFiles":["230525/AdBlockerUltimate-220905/3.77.0.0/Samples/AdBlockerInstaller.exe"],"imageFiles":["230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-043/ACR-043.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-043/ACR-043_1.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-043/ACR-043_2.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-043/ACR-043_3.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-042/ACR-042.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-042/ACR-042_1.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-042/ACR-042_2.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-042/ACR-042_3.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-007/ACR-007.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-007/ACR-007_1.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-007/ACR-007_2.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-007/ACR-007_3.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-004/ACR-004.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-004/ACR-004_1.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-084/ACR-084.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-084/ACR-084_1.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-048/ACR-048.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-048/ACR-048_1.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-048/ACR-048_2.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-014/ACR-014.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-014/ACR-014_1.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-014/ACR-014_2.JPG"],"nonDeceptorImageFiles":["230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-040/ACR-040.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-045/ACR-045.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-045/ACR-045_1.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-045/ACR-045_2.JPG","230525/AdBlockerUltimate-220905/3.77.0.0/Images/ACR-045/ACR-045_3.JPG"],"guid":"8d9bc6c5-6bbb-46fc-9222-882c2d65b228_3.77.0.0_1","appID":"AdBlockerUltimate-220905","dateAdded":"230720","deceptorType":"App","name":"AdBlocker Ultimate","company":"AdAvoid, Ltd","version":"3.77.0.0","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230720","firstResolvedVersion":"4.0.3.0","resolved":"TRUE","lastKnownStatus":"3.62.0.0;3.71.0.0;3.75.0.0;3.77.0.0;3.79.0.0;3.83.0.0;3.85.0.0;4.0.0.0;4.0.2.0","lastKnownDate":"230720","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-07-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":894},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed\n","ACR-048":"The app does not provide any control to enable/disable the scheduled tasks and to exit the app completely within the app's settings. Even after exiting the app from the system tray, one process still runs in the background.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the trusted root certificate.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. When attempting to exit the app from the system tray, one process still runs in the background. \n","ACR-085":"The app collects technical and diagnostic information from the user's system by default without the user's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, an additional Trusted Root certificate gets added and the already added two root certificates were retained on the device without the consumer's consent or notifying the user.\n","ACR-014":"The app does not substantiate the blocked ads and trackers & misleads the user by stating \"You are at Risk\" and \"Warning\"\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted root certificates after uninstallation and reboot. \n","ACR-166":"The app does not disclose the license period to the consumer for the additional offers on the post-uninstall page (https://adblockultimate.net/last-chance)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdblockerUltimateGUI.exe","companyName":"AdAvoid Ltd.","productName":"AdBlocker Ultimate","productVersion":"3.71.0.0","fileVersion":"3.71.0.0","hashMD5":"7ca18ffb51a294ad0034687f226759af","hashSHA1":"eee02df0a4505ac04c615f057ddc8f8ffb190a2c","hashSHA256":"4fdcd464424ee751912203607c75894b579f391b7873ffe15d23a65fbd22d977","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1163","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdBlockerUltimateService.exe","companyName":"AdAvoid Ltd","productName":"AdBlocker Ultimate Service","productVersion":"3.71.0.0","fileVersion":"3.71.0.0","hashMD5":"eac3291c0760758c74008e9eb87f193f","hashSHA1":"6c75f92d39cdd603af39837f576ec43e619910e1","hashSHA256":"9963776d36ba8d2ec83b46db4510b76a16047dab9912aebdc2cc0c55fe0fd79c","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1163","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdBlockerInstaller.exe","isInstaller":"True","companyName":"AdAvoid Ltd.                                               ","productName":"AdBlocker Ultimate                                          ","productVersion":"3.71.0.0                                          ","fileVersion":"3.71.0.0            ","hashMD5":"cf6fd4151310e62759930b6d79cb4f8e","hashSHA1":"58f7f5a42fb7100818a636fa4844eba0ea48f7af","hashSHA256":"1a374418b9e12946732f8573f43a702b6cf90184d826342bf519e8aa54b08449","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1163","avBlockList":["Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","K7 Total Security (20230502)","McAfee Total Protection (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["360 Total Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","Trend Micro Internet Security (20230502)","VIPRE Advanced Security (20230502)","Windows Defender (20230502)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on adblocker apps-Updated Version","reference":"","landingPage":"https://adblockultimate.net/","directDownloadingLink":"https://adblockultimate.net/install","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adblockultimate.net/install","sourceIndex":"1163"}],"sampleFiles":["230412/AdBlockerUltimate-220905/3.71.0.0/Samples/AdBlockerInstaller.exe"],"imageFiles":["230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-043/ACR-043.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-043/ACR-043_1.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-043/ACR-043_2.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-043/ACR-043_3.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-042/ACR-042 (1).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-042/ACR-042 (2).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-042/ACR-042 (3).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-042/ACR-042 (4).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-007/ACR-007 (1).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-007/ACR-007 (2).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-007/ACR-007 (3).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-007/ACR-007 (4).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-084/ACR-084.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-084/ACR-084_1.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-048/ACR-048.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-048/ACR-048_1.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-048/ACR-048_2.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-085/ACR-085.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-014/ACR-014.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-014/ACR-014_1.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-014/ACR-014_2.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-118/ACR-118.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-118/ACR-118-1.JPG"],"nonDeceptorImageFiles":["230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-040/ACR-040.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-045/ACR-045 (1).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-045/ACR-045 (2).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-045/ACR-045 (3).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-045/ACR-045 (4).JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-123/ACR-123_1.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-123/ACR-123_2.JPG","230412/AdBlockerUltimate-220905/3.71.0.0/Images/ACR-166/ACR-166.JPG"],"guid":"8d9bc6c5-6bbb-46fc-9222-882c2d65b228_3.71.0.0_1","appID":"AdBlockerUltimate-220905","dateAdded":"230720","deceptorType":"App","name":"AdBlocker Ultimate","company":"AdAvoid, Ltd","version":"3.71.0.0","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230720","firstResolvedVersion":"4.0.3.0","resolved":"TRUE","lastKnownStatus":"3.62.0.0;3.71.0.0;3.75.0.0;3.77.0.0;3.79.0.0;3.83.0.0;3.85.0.0;4.0.0.0;4.0.2.0","lastKnownDate":"230720","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-07-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":895},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self signed Trusted Root Certificate that is installed\n","ACR-048":"The app does not provide any control to enable/disable the scheduled tasks and to exit the app completely within the app's settings. Even after exiting the app from the system tray, one process runs in the background.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the trusted root certificate.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. In an attempt to exit the app from the system tray, still one process runs in the background. \n","ACR-085":"The app collects technical and diagnostic information from the user's system by default without the user's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, an additional Trusted Root certificate gets added and the already added two root certificates were retained on the device without the consumer's consent or notifying the user.\n","ACR-014":"The app does not substantiate the blocked ads and trackers & misleads the user by stating \"You are at Risk\" and \"Warning\"\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted root certificates and scheduled tasks after uninstallation and reboot. \n","ACR-166":"The app does not disclose the license period to the consumer for the additional offers on the post-uninstall page (https://adblockultimate.net/last-chance)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdblockerUltimateGUI.exe","companyName":"AdAvoid Ltd.","productName":"AdBlocker Ultimate","productVersion":"3.62.0.0","fileVersion":"3.62.0.0","hashMD5":"4145b9bdf1a2f15ea0e1f6aa8f214007","hashSHA1":"f33db789720a741d4b0c0f2090b3b6f9dc25ee7e","hashSHA256":"be2a6425d415dc113ce0eade3c175c05d0e907f0fc20af060db015121a26f656","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1430","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdBlockerUltimateService.exe","companyName":"AdAvoid Ltd","productName":"AdBlocker Ultimate Service","productVersion":"3.62.0.0","fileVersion":"3.62.0.0","hashMD5":"298e7b56d03e0e43671544313c26343d","hashSHA1":"0f4d2b9abf3c3507380e83a82ffaf1985612c36c","hashSHA256":"5085820c3f616599b86b682ea38a0b0cfa7ffb5787047d7bb57ced4533d7de51","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1430","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdBlockerInstaller.exe","isInstaller":"True","companyName":"AdAvoid Ltd.                                               ","productName":"AdBlocker Ultimate                                          ","productVersion":"3.62.0.0                                          ","fileVersion":"3.62.0.0            ","hashMD5":"6b3db67216e324c23da65841992b011f","hashSHA1":"de73a50b0c4bef3d4355834319d58dc7d4ea251f","hashSHA256":"989544e991b700059c6edafd6b199cd3034ee9583c477f8a9a9444569d0d230c","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"1430","avBlockList":["Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","K7 Total Security (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)"],"avAllowList":["360 Total Security (20220920)","Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","Quick Heal Internet Security (20220920)","Trend Micro Internet Security (20220920)","VIPRE Advanced Security (20220920)","Windows Defender (20220920)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on adblocker apps","reference":"","landingPage":"https://adblockultimate.net/","directDownloadingLink":"https://adblockultimate.net/install","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adblockultimate.net/install","sourceIndex":"1430"}],"sampleFiles":["220908/AdBlockerUltimate-220905/3.62.0.0/Samples/AdBlockerInstaller.exe"],"imageFiles":["220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-043/ACR-043 (1).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-043/ACR-043 (2).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-043/ACR-043 (3).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-043/ACR-043 (4).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-042/ACR-042 (1).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-042/ACR-042 (2).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-042/ACR-042 (3).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-042/ACR-042 (4).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-007/ACR-007 (1).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-007/ACR-007 (2).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-007/ACR-007 (3).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-007/ACR-007 (4).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-084/ACR-084.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-084/ACR-084_1.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-085/ACR-085.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-014/ACR-014.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-014/ACR-014_1.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-014/ACR-014_2.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-118/ACR-118 (1).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-118/ACR-118 (2).JPG"],"nonDeceptorImageFiles":["220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-040/ACR-040.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-045/ACR-045 (1).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-045/ACR-045 (2).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-045/ACR-045 (3).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-045/ACR-045 (4).JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-123/ACR-123.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-123/ACR-123_1.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-123/ACR-123_2.JPG","220908/AdBlockerUltimate-220905/3.62.0.0/Images/ACR-166/ACR-166.JPG"],"guid":"8d9bc6c5-6bbb-46fc-9222-882c2d65b228_3.62.0.0_1","appID":"AdBlockerUltimate-220905","dateAdded":"230720","deceptorType":"App","name":"AdBlocker Ultimate","company":"AdAvoid, Ltd","version":"3.62.0.0","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230720","firstResolvedVersion":"4.0.3.0","resolved":"TRUE","lastKnownStatus":"3.62.0.0;3.71.0.0;3.75.0.0;3.77.0.0;3.79.0.0;3.83.0.0;3.85.0.0;4.0.0.0;4.0.2.0","lastKnownDate":"230720","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-07-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":896},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the self-signed Trusted Root Certificate that is installed.\n","ACR-048":"The app does not provide any control to enable/disable the scheduled tasks and to exit the app completely. Even after exiting the app from the system tray, one process still runs in the background.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the trusted root certificate.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent. When attempting to exit the app from the system tray, the process still runs in the background without notifying the user.\n","ACR-014":"The app does not substantiate the blocked ads and trackers & misleads the user by stating \"You are at Risk\" and \"Warning\".\n"},"nonDeceptorViolations":{"ACR-040":"The app drops certain files in a hidden folder (C:\\ProgramData) without the user's knowledge.\n","ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdblockerUltimateGUI.exe","companyName":"AdAvoid Ltd.","productName":"AdBlocker Ultimate","productVersion":"3.79.0.0","fileVersion":"3.79.0.0","hashMD5":"128111bf27406a1fec8d99e99983d72d","hashSHA1":"9252e87765e2773c11e38cddf71d7e3e9a4250e3","hashSHA256":"a4f8ea5e93651cddbfbf9ce4c6022403c8ba4de045a3e465548d0b90e396db7f","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"969","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AdBlocker Ultimate\\AdBlockerUltimateService.exe","companyName":"AdAvoid Ltd","productName":"AdBlocker Ultimate Service","productVersion":"3.79.0.0","fileVersion":"3.79.0.0","hashMD5":"1a951be580427d0733b986b91915505f","hashSHA1":"4f1454616a6fffb855ef0ca6dc9794651e7b155c","hashSHA256":"0c6984a6a7dfc92c2ba747ed62009ddf15d11d9a59e43f791ab4480a4be47f7c","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"969","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdBlockerInstaller.exe","isInstaller":"True","companyName":"AdAvoid Ltd.                                               ","productName":"AdBlocker Ultimate                                          ","productVersion":"3.79.0.0                                          ","fileVersion":"3.79.0.0            ","hashMD5":"a390abba07ff245a561210f4766345ca","hashSHA1":"d76b6d7804e65a9c039670fcfc6b0825d4ba5900","hashSHA256":"397eb59a7b1611c4e126d7480cbbb2509903231ab0e9837efd9240a43f816e7a","digitalCertThumbprint":"86AC6985572B59ED8BD148A159EE036CD06C5FFD","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"AdAvoid Ltd","storeId":"","sourceIndex":"969","avBlockList":["360 Total Security (20230622)","Avast Premium Security (20230622)","AVG Internet Security (20230622)","Avira Internet Security (20230622)","K7 Total Security (20230622)","Norton Security (20230622)","Panda Dome (20230622)","Sophos Home Premium (20230622)","SpyHunter5 (20230622)","VirIT eXplorer PRO (20230622)"],"avAllowList":["Bitdefender Internet Security (20230622)","COMODO Antivirus (20230622)","Dr.Web Security Space (20230622)","ESET Internet Security (20230622)","G DATA INTERNET SECURITY (20230622)","Kaspersky Internet Security (20230622)","Malwarebytes Premium (20230622)","McAfee Total Protection (20230622)","Quick Heal Internet Security (20230622)","Total AV Antivirus Pro (20230622)","Trend Micro Internet Security (20230622)","VIPRE Advanced Security (20230622)","Webroot SecureAnywhere (20230622)","Windows Defender (20230622)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on adblocker apps","reference":"","landingPage":"https://adblockultimate.net/","directDownloadingLink":"https://adblockultimate.net/install","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adblockultimate.net/install","sourceIndex":"969"}],"sampleFiles":["230720/AdBlockerUltimate-220905/3.79.0.0/Samples/AdBlockerInstaller.exe"],"imageFiles":["230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-043/ACR-043.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-043/ACR-043_1.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-043/ACR-043_2.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-043/ACR-043_3.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-042/ACR-042.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-042/ACR-042_1.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-042/ACR-042_2.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-042/ACR-042_3.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-007/ACR-007.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-007/ACR-007_1.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-007/ACR-007_2.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-007/ACR-007_3.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-084/ACR-084.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-084/ACR-084_1.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-048/ACR-048.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-048/ACR-048_1.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-048/ACR-048_2.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-014/ACR-014.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-014/ACR-014_1.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-014/ACR-014_2.JPG"],"nonDeceptorImageFiles":["230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-040/ACR-040.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-045/ACR-045.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-045/ACR-045_1.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-045/ACR-045_2.JPG","230720/AdBlockerUltimate-220905/3.79.0.0/Images/ACR-045/ACR-045_3.JPG"],"guid":"8d9bc6c5-6bbb-46fc-9222-882c2d65b228_3.79.0.0_1","appID":"AdBlockerUltimate-220905","dateAdded":"230720","deceptorType":"App","name":"AdBlocker Ultimate","company":"AdAvoid, Ltd","version":"3.79.0.0","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230720","firstResolvedVersion":"4.0.3.0","resolved":"TRUE","lastKnownStatus":"3.62.0.0;3.71.0.0;3.75.0.0;3.77.0.0;3.79.0.0;3.83.0.0;3.85.0.0;4.0.0.0;4.0.2.0","lastKnownDate":"230720","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-07-20T23:43:05.4182865+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":892},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-043":"Third-party components from \"Online Media Technologies Ltd'\" are installed without disclosure. \n\n","ACR-107":" The app does not obtain any authorization for using third-party components \"Online Media Technologies Ltd.\".\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"At Uninstall, it retains some of its other components along with a \"curl-ca-bundle.crt\" on the device.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 9.8.2.4 vs version 9.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version 9.8.2.4 vs version 9.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"CoolRecordEditDeluxe.exe","fileVersion":"0.0","hashMD5":"539d6c941b081e9afbfe284363c10993","hashSHA1":"5d2bfbde0c949b6b6239496236c6558ee3f76350","hashSHA256":"4384d27dc5b2665fd8efc4bd77ca4d908e508dbfa12a91bc9dd9fb4986babeee","sourceIndex":"970","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolRecordEditDeluxe-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 CoolMedia, Inc.                        ","fileVersion":"0.0","hashMD5":"c152339c2879cd89ee94f5c0e34df6a3","hashSHA1":"ecafa4067b0fff5f0253754c7a63df00a7ab0aab","hashSHA256":"52502399ac82deff8958cf345b28714d424f6b891d6b6fd74c997e55677b04a7","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"970","avBlockList":["360 Total Security (20230928)","Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)","Windows Defender (20230928)"],"avAllowList":["Tencent PC Manager (20220811)","Trend Micro Internet Security (20230928)"]},{"isRevoked":"False","fileName":"CoolRecordEditDeluxeSetup_1.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 CoolMedia, Inc.                        ","fileVersion":"0.0","hashMD5":"be6756c0efa89bcebfecc5477aa3f6a9","hashSHA1":"a24546af802923724b3c58928a251626a1bd5476","hashSHA256":"dc44f699645f24022f01afed12b35bf2cc5804ba02fd395c0e9e8ce39d86c974","sourceIndex":"970","avBlockList":["360 Total Security (20230928)","Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","COMODO Antivirus (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)","Windows Defender (20230928)"],"avAllowList":["Dr.Web Security Space (20230928)","Trend Micro Internet Security (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://coolrecordedit.com/coolrecordeditdeluxe/","directDownloadingLink":"http://coolrecordedit.com/CoolRecordEditDeluxe.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://coolrecordedit.com/CoolRecordEditDeluxe.exe","sourceIndex":"970"}],"sampleFiles":["230719/CoolRecordEditDeluxe-220808/9.8.0/Samples/CoolRecordEditDeluxe.exe","230719/CoolRecordEditDeluxe-220808/9.8.0/Samples/CoolRecordEditDeluxe-setup.exe","230719/CoolRecordEditDeluxe-220808/9.8.0/Samples/CoolRecordEditDeluxeSetup_1.exe"],"imageFiles":["230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-043/ACR-043_107_NCT_thirdparty.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-010/RK.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-107/ACR-043_107_NCT_thirdparty.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-118/ACR-118_RetainedComponents.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-057/RK.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-059/RK.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-071/RK.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-002/ACR-002.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-106/RK.jpg","230719/CoolRecordEditDeluxe-220808/9.8.0/Images/ACR-002/ACR-002.jpg"],"guid":"3d90163b-98a3-4e75-afd5-9247d98783d8_9.8.0_1","appID":"CoolRecordEditDeluxe-220808","dateAdded":"230719","deceptorType":"App","name":"Cool Record Edit Deluxe","company":"CoolMedia Co.,Ltd.","version":"9.8.0","lastKnownStatus":"9.8.0","lastKnownDate":"230719","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2023-07-19T20:11:14.473265+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":900},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Gold Pack\" highlights \"Free\" misleads user. The functionality requires consumer payment as donation in order to be activated. Otherwise app should remove \"free\" word. \n","ACR-002":"The App's version is inconsistent between App interaction and its install (version 9.8.2.4 vs version 9.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version 9.8.2.4 vs version 9.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"WMAWorkshopPlus.exe","fileVersion":"0.0","hashMD5":"7ae79f9cb0791a87c97e52ad62da9842","hashSHA1":"271316708c8582da627f893eaec49251248f695f","hashSHA256":"3cbdf281ec19b88f170b6aeac650c052daf1725c9e3666ca6f9ca59ebd718326","sourceIndex":"973","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WMAWorkshopPlus-setup.exe","isInstaller":"True","companyName":"CoolMedia Co.,Ltd.                                          ","fileVersion":"0.0","hashMD5":"9e01e4c129d200b4f8f24d7a27356b4a","hashSHA1":"4b4981ac9048ea16dd62faf35abe86cf5693dc88","hashSHA256":"1b359be64302fb9dedabe8803eed30a253bb3c0dd2fd3bc464eedb7ae16161ab","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"973","avBlockList":["360 Total Security (20230926)","Avast Premium Security (20230926)","AVG Internet Security (20230926)","Avira Internet Security (20230926)","Bitdefender Internet Security (20230926)","Dr.Web Security Space (20230926)","ESET Internet Security (20230926)","G DATA INTERNET SECURITY (20230926)","K7 Total Security (20230926)","Kaspersky Internet Security (20230926)","Malwarebytes Premium (20230926)","McAfee Total Protection (20230926)","Norton Security (20230926)","Panda Dome (20230926)","Quick Heal Internet Security (20230926)","Sophos Home Premium (20230926)","SpyHunter5 (20230926)","Total AV Antivirus Pro (20230926)","VIPRE Advanced Security (20230926)","VirIT eXplorer PRO (20230926)","Webroot SecureAnywhere (20230926)","Windows Defender (20230926)"],"avAllowList":["COMODO Antivirus (20230926)","Trend Micro Internet Security (20230926)"]},{"isRevoked":"False","fileName":"WMAWorkshopPlusSetup_1.exe","isInstaller":"True","companyName":"CoolMedia Co.,Ltd.                                          ","fileVersion":"0.0","hashMD5":"af7f34c51d58ca8c74e5f8a3d57132d5","hashSHA1":"58584a3e0a234b5dec7f9bdffbe7b3020b3640e1","hashSHA256":"d8bb85607a11bae0419a9b39a54671956499e4b90b8a16039aa31e47420abd89","sourceIndex":"973","avBlockList":["360 Total Security (20230928)","Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)","Windows Defender (20230928)"],"avAllowList":["COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","Trend Micro Internet Security (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://coolrecordedit.com/wmaworkshopplus/","directDownloadingLink":"http://coolrecordedit.com/WMAWorkshopPlus.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://coolrecordedit.com/WMAWorkshopPlus.exe","sourceIndex":"973"}],"sampleFiles":["230719/WMAWorkshopPlus-220804/9.8.0/Samples/WMAWorkshopPlus.exe","230719/WMAWorkshopPlus-220804/9.8.0/Samples/WMAWorkshopPlus-setup.exe","230719/WMAWorkshopPlus-220804/9.8.0/Samples/WMAWorkshopPlusSetup_1.exe"],"imageFiles":["230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-118/ACR-118_Retained_Components.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-057/RK.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-059/RK.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-071/RK.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-155/RK.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-010/RK.jpg"],"nonDeceptorImageFiles":["230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-002/ACR-002_Mismatched_versions.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-106/RK.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-002/ACR-002_Mismatched_versions.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-045/ACR-045_InlineOffer-a.jpg","230719/WMAWorkshopPlus-220804/9.8.0/Images/ACR-045/ACR-045_InlineOffer-b.jpg"],"guid":"9ec93eb8-8a83-4651-9e66-fda54232efc2_9.8.0_1","appID":"WMAWorkshopPlus-220804","dateAdded":"230719","deceptorType":"App","name":"WMA Workshop Plus","company":"CoolMedia Co.,Ltd.","version":"9.8.0","lastKnownStatus":"9.8.0","lastKnownDate":"230719","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-07-19T20:06:36.8173923+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":897},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-043":"MEncoder and FFmpeg third-party library are installed without disclosure. \n\n","ACR-107":"The app does not obtain any authorization for using MEncoder and FFmpeg third-party library.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"At Uninstall, it retains some of its other components along with a \"curl-ca-bundle.crt\" on the device.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 9.8.2.4 vs version 9.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version 9.8.2.4 vs version 9.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"movAudioExtractor.exe","fileVersion":"1.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","sourceIndex":"971","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"movAudioExtractor-setup.exe","isInstaller":"True","companyName":"CoolMedia Co.,Ltd.                                          ","fileVersion":"0.0","hashMD5":"c498631f28c55f182ac0e3271df9c0de","hashSHA1":"c91e7be95571877ee1176d013372c484f1d7cd78","hashSHA256":"c039c34aded860d88744783358bed1a09573a9ba22068d42f66d0ac64030bba0","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"971","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["COMODO Antivirus (20230921)","Tencent PC Manager (20220811)","Trend Micro Internet Security (20230921)"]},{"isRevoked":"False","fileName":"movAudioExtractorSetup_1.exe","isInstaller":"True","companyName":"CoolMedia Co.,Ltd.                                          ","fileVersion":"0.0","hashMD5":"63a0b37003af42ce1a640c32ce746212","hashSHA1":"0e2b163d95d4db23ae02e497253d199a8bb65966","hashSHA256":"f191b5171a13b6ef77e6242900a61d4f7d0893c79c62997aa3d2e9663b28fb23","sourceIndex":"971","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["COMODO Antivirus (20230921)","Dr.Web Security Space (20230921)","Trend Micro Internet Security (20230921)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://coolrecordedit.com/movaudioextractor/","landingPage":"http://coolrecordedit.com/movAudioExtractor.exe","ipv4":"","ipv6":"","landingPageWildChar":"http://coolrecordedit.com/movAudioExtractor.exe","sourceIndex":"971"}],"sampleFiles":["230719/movAudioExtractor-220808/9.8.0/Samples/movAudioExtractor.exe","230719/movAudioExtractor-220808/9.8.0/Samples/movAudioExtractor-setup.exe","230719/movAudioExtractor-220808/9.8.0/Samples/movAudioExtractorSetup_1.exe"],"imageFiles":["230719/movAudioExtractor-220808/9.8.0/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-043/ACR-043_107_FFmpeg.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-043/ACR-043_107_MEncoder.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-010/RK.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-107/ACR-043_107_FFmpeg.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-107/ACR-043_107_MEncoder.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-118/ACR-118_RetainedComponents.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-057/RK.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-059/RK.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-071/RK.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["230719/movAudioExtractor-220808/9.8.0/Images/ACR-002/ACR-002_Mismatched_version.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-106/RK.jpg","230719/movAudioExtractor-220808/9.8.0/Images/ACR-002/ACR-002_Mismatched_version.jpg"],"guid":"2d78dc15-2395-4790-8216-5348e6774c95_9.8.0_1","appID":"movAudioExtractor-220808","dateAdded":"230719","deceptorType":"App","name":"mov Audio Extractor","company":"CoolMedia Co.,Ltd.","version":"9.8.0","lastKnownStatus":"9.8.0","lastKnownDate":"230719","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2023-07-19T20:09:44.032773+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":898},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-043":"FFmpeg third-party library is installed without disclosure. \n\n","ACR-107":"The app does not obtain any authorization for using FFmpeg third-party library.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"At Uninstall, it retains some of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"CoolYoutubeVideoDownloader.exe","fileVersion":"1.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","sourceIndex":"972","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolYoutubeVideoDownloader-setup.exe","isInstaller":"True","companyName":"CoolMedia Co.,Ltd.                                          ","fileVersion":"0.0","hashMD5":"f0fcdd5ca1d4c42706992bb22c7a3491","hashSHA1":"63e7f246f5b2065b013b4947506cb7a740ea6868","hashSHA256":"67ca61a28c5133aa33c6ec95fd2ade16dbaa747ad0526314daa07d2156c83306","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"972","avBlockList":["360 Total Security (20230921)","Avast Premium Security (20230921)","AVG Internet Security (20230921)","Avira Internet Security (20230921)","Bitdefender Internet Security (20230921)","Dr.Web Security Space (20230921)","ESET Internet Security (20230921)","G DATA INTERNET SECURITY (20230921)","K7 Total Security (20230921)","Kaspersky Internet Security (20230921)","Malwarebytes Premium (20230921)","McAfee Total Protection (20230921)","Norton Security (20230921)","Panda Dome (20230921)","Quick Heal Internet Security (20230921)","Sophos Home Premium (20230921)","SpyHunter5 (20230921)","Total AV Antivirus Pro (20230921)","VIPRE Advanced Security (20230921)","VirIT eXplorer PRO (20230921)","Webroot SecureAnywhere (20230921)","Windows Defender (20230921)"],"avAllowList":["COMODO Antivirus (20230921)","Tencent PC Manager (20220811)","Trend Micro Internet Security (20230921)"]},{"isRevoked":"False","fileName":"CoolYoutubeVideoDownloaderSetup_1.exe","isInstaller":"True","companyName":"CoolMedia Co.,Ltd.                                          ","fileVersion":"0.0","hashMD5":"e4dfa4bad71b7d96527f0cbc629f7c05","hashSHA1":"56677522d79b1d8bba9bcbdcb92db03e12a4843d","hashSHA256":"ec5cfc5ed7b46936afbd345757ffb1a4e5086d55cbca74a869b277f140e5a377","sourceIndex":"972","avBlockList":["360 Total Security (20230928)","Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)","Windows Defender (20230928)"],"avAllowList":["COMODO Antivirus (20230928)","Dr.Web Security Space (20230928)","Trend Micro Internet Security (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://coolrecordedit.com/coolyoutubevideodownloader/","directDownloadingLink":"http://coolrecordedit.com/CoolYoutubeVideoDownloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://coolrecordedit.com/CoolYoutubeVideoDownloader.exe","sourceIndex":"972"}],"sampleFiles":["230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Samples/CoolYoutubeVideoDownloader.exe","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Samples/CoolYoutubeVideoDownloader-setup.exe","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Samples/CoolYoutubeVideoDownloaderSetup_1.exe"],"imageFiles":["230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-043/ACR-043_107_FFmpeg.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-010/RK.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-107/ACR-043_107_FFmpeg.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-118/ACR-118_Retained_components.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-057/RK.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-059/RK.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-071/RK.jpg","230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["230719/CoolYoutubeVideoDownloader-220805/9.8.2.4/Images/ACR-106/RK.jpg"],"guid":"928487ad-5741-49d5-bc79-099bf558a6c3_9.8.2.4_1","appID":"CoolYoutubeVideoDownloader-220805","dateAdded":"230719","deceptorType":"App","name":"Cool Youtube Video Downloader","company":"CoolMedia Co.,Ltd.","version":"9.8.2.4","lastKnownStatus":"9.8.2.4","lastKnownDate":"230719","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-07-19T20:08:14.0339189+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":899},{"violations":{"ACR-042":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action. \n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation. \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n","ACR-084":"On closing the app, the processes run silently in the background, hiding the fact that it is active from the consumer without any notification about app is running in background\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components and the Trusted Root certificate was on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app doesn't provide the following information in the internal offers(https://adguard.com/en/license.html?email=gsf%40gmail.com): 1. How to cancel the auto-renewal easily via an online approach. 2. When the user will receive the auto-renewal payment notification if auto-renew is by default.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate. \n"},"samples":[{"isRevoked":"False","fileName":"adguardInstaller.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"01d759a186490ec08f38d002fb0c9194","hashSHA1":"661d26ee8946c998bbd177061c4304561fa9a3e2","hashSHA256":"e2620e3ca81cef04d0238e8099b355d4748ee586b0bada0a1c2063937146f150","digitalCertThumbprint":"48BAFFCE2694F647A33854183A4B817BB8A7DBEA","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Adguard Software Limited, O=Adguard Software Limited, S=Lefkosia, C=CY","sourceIndex":"950","avBlockList":["Avira Internet Security (20230727)","K7 Total Security (20230727)","Norton Security (20230727)","Sophos Home Premium (20230727)","SpyHunter5 (20230727)","Total AV Antivirus Pro (20230727)","Webroot SecureAnywhere (20230727)"],"avAllowList":["360 Total Security (20230727)","Avast Premium Security (20230727)","AVG Internet Security (20230727)","Bitdefender Internet Security (20230727)","COMODO Antivirus (20230727)","Dr.Web Security Space (20230727)","ESET Internet Security (20230727)","G DATA INTERNET SECURITY (20230727)","Kaspersky Internet Security (20230727)","Malwarebytes Premium (20230727)","McAfee Total Protection (20230727)","Panda Dome (20230727)","Quick Heal Internet Security (20230727)","Trend Micro Internet Security (20230727)","VIPRE Advanced Security (20230727)","Windows Defender (20230727)"]},{"isRevoked":"False","fileName":"Adguard.exe","companyName":"Adguard Software Limited","fileVersion":"7.13","hashMD5":"e3aa7e597bc3ff8c0a5f428cc984ef82","hashSHA1":"149f62de5f1565297f70da170f3fc37f6587013c","hashSHA256":"2268229cb846853259270eb9086e37339e977856ba5effdf36ca4aa0a802b3b6","digitalCertThumbprint":"48BAFFCE2694F647A33854183A4B817BB8A7DBEA","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Adguard Software Limited, O=Adguard Software Limited, S=Lefkosia, C=CY","sourceIndex":"950","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdguardSvc.exe","companyName":"Adguard Software Limited","fileVersion":"7.13","hashMD5":"3dc96b17b8c42e61100946e0548fa581","hashSHA1":"175f0344ffadaebf23c194b95db8b6bff8b545e6","hashSHA256":"5cd19df4f9a7b0b611d14618d2809398490c3b767f49edc24459c1d0b3a86456","digitalCertThumbprint":"48BAFFCE2694F647A33854183A4B817BB8A7DBEA","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Adguard Software Limited, O=Adguard Software Limited, S=Lefkosia, C=CY","sourceIndex":"950","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Ad Blocker adding cert","reference":"","landingPage":"https://adguard.com/","directDownloadingLink":"https://adguard.com/img/products/windows/general@2x.png?version=3697","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adguard.com/img/products/windows/general@2x.png?version=3697","sourceIndex":"950"}],"sampleFiles":["230718/AdGuard-220817/7.13.2/Samples/adguardInstaller.exe","230718/AdGuard-220817/7.13.2/Samples/Adguard.exe","230718/AdGuard-220817/7.13.2/Samples/AdguardSvc.exe"],"imageFiles":["230718/AdGuard-220817/7.13.2/Images/ACR-043/ACR-043.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-043/ACR-043_1.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-042/ACR-042.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-042/ACR-042_1.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-007/ACR-007.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-007/ACR-007_1.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-007/AG_install.gif","230718/AdGuard-220817/7.13.2/Images/ACR-084/ACR-084.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-118/ACR-118.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-118/ACR-118_2.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-165/ACR-165.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-165/ACR-165_1.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-165/ACR-165_2.JPG"],"nonDeceptorImageFiles":["230718/AdGuard-220817/7.13.2/Images/ACR-045/ACR-045.JPG","230718/AdGuard-220817/7.13.2/Images/ACR-045/ACR-045_1.JPG"],"guid":"931e0547-cade-4181-b50b-254b1712eb05_7.13.2_1","appID":"AdGuard-220817","dateAdded":"230718","deceptorType":"App","name":"AdGuard","company":"Adguard Software Ltd","version":"7.13.2","firstVendorContactDate":"230720","firstAppEsteemReplyDate":"230720","firstResolvedDate":"230727","firstResolvedVersion":"7.14","resolved":"TRUE","lastKnownStatus":"7.12.4170.0;7.13.2","lastKnownDate":"230718","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-07-27T18:20:38.5399102+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":901},{"violations":{"ACR-042":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action. \n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation. \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n","ACR-084":"On closing the app, the processes run silently in the background, hiding the fact that it is active from the consumer without any notification about app is running in background\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components and the Trusted Root certificate was on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app doesn't provide the following information in the internal offers(https://adguard.com/en/license.html?email=gsf%40gmail.com): 1. How to cancel the auto-renewal easily via an online approach. 2. When the user will receive the auto-renewal payment notification if auto-renew is by default.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AdGuard\\Adguard.exe","companyName":"Adguard Software Limited","productName":"AdGuard for Windows","productVersion":"7.12","fileVersion":"7.12.4170.0","hashMD5":"8c6d07aa9c46677929416f1da085213a","hashSHA1":"e43778a694849e3f54ece5ef35e588f0909a06b5","hashSHA256":"f6b835c830f35d76eb247736fea300573c1a00daef754b4c162fccd544e5408b","digitalCertThumbprint":"48BAFFCE2694F647A33854183A4B817BB8A7DBEA","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Adguard Software Limited","storeId":"","sourceIndex":"974","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AdGuard\\AdguardSvc.exe","companyName":"Adguard Software Limited","productName":"AdGuard for Windows","productVersion":"7.12","fileVersion":"7.12.4170.0","hashMD5":"6a2151c269aa6145dba9091d10d74bf5","hashSHA1":"71c8c7fbeaa06f1f118aff639ef227caa1f663ee","hashSHA256":"d4b510299f9fecddcf945bdf06e2438994c07b9d253edc5c5c49c7b9ef52885f","digitalCertThumbprint":"48BAFFCE2694F647A33854183A4B817BB8A7DBEA","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Adguard Software Limited","storeId":"","sourceIndex":"974","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"adguardInstaller.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"47123bf1ce1f81e2346aa312d8c71582","hashSHA1":"475983c3c488a8bf2f8fc00ed22d67bbc9583f6f","hashSHA256":"ca0370dbf0fd9016be1608bbdc28f6ad416fbe27ef59b66c4afb1ed3e0b0239f","digitalCertThumbprint":"48BAFFCE2694F647A33854183A4B817BB8A7DBEA","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Adguard Software Limited","storeId":"","sourceIndex":"974","avBlockList":["Avira Internet Security (20230725)","K7 Total Security (20230725)","Norton Security (20230725)","Sophos Home Premium (20230725)","SpyHunter5 (20230725)","Total AV Antivirus Pro (20230725)","Webroot SecureAnywhere (20230725)"],"avAllowList":["360 Total Security (20230725)","Avast Premium Security (20230725)","AVG Internet Security (20230725)","Bitdefender Internet Security (20230725)","COMODO Antivirus (20230725)","Dr.Web Security Space (20230725)","ESET Internet Security (20230725)","G DATA INTERNET SECURITY (20230725)","Kaspersky Internet Security (20230725)","Malwarebytes Premium (20230725)","McAfee Total Protection (20230725)","Panda Dome (20230725)","Quick Heal Internet Security (20230725)","Trend Micro Internet Security (20230725)","VIPRE Advanced Security (20230725)","Windows Defender (20230725)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://adguard.com/en/welcome.html","directDownloadingLink":"https://adguard.com/en/download.html?os=windows&show=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://adguard.com/en/download.html?os=windows&show=1","sourceIndex":"974"}],"sampleFiles":["230718/AdGuard-220817/7.12.4170.0/Samples/adguardInstaller.exe"],"imageFiles":["230718/AdGuard-220817/7.12.4170.0/Images/ACR-043/ACR-043.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-043/ACR-043_1.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-042/ACR-042.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-042/ACR-042_1.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-007/ACR-007.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-007/ACR-007_1.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-084/ACR-084.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-118/ACR-118.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-118/ACR-118_2.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-165/ACR-165.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-165/ACR-165_1.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-165/ACR-165_2.JPG"],"nonDeceptorImageFiles":["230718/AdGuard-220817/7.12.4170.0/Images/ACR-045/ACR-045.JPG","230718/AdGuard-220817/7.12.4170.0/Images/ACR-045/ACR-045_1.JPG"],"guid":"931e0547-cade-4181-b50b-254b1712eb05_7.12.4170.0_1","appID":"AdGuard-220817","dateAdded":"230718","deceptorType":"App","name":"AdGuard","company":"Adguard Software Ltd","version":"7.12.4170.0","firstVendorContactDate":"230720","firstAppEsteemReplyDate":"230720","firstResolvedDate":"230727","firstResolvedVersion":"7.14","resolved":"TRUE","lastKnownStatus":"7.12.4170.0;7.13.2","lastKnownDate":"230718","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-07-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":902},{"violations":{"ACR-043":"The app gets installed without obtaining user's agreement and permission and without disclosing the installation path and allowing the user to change it.\n","ACR-048":"1. The app does not provide control to cancel the installation process. The app proceeds to install even without clicking the button \"Install\" in the installation window. \n2. The app uses different names across the Landing Page, running process and Add/Remove Programs, misleading user to what is actually installed and running in the system. \n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method. Error always occurs in the attempt to uninstall it.\n"},"nonDeceptorViolations":{"ACR-002":"The app displays different names across the Landing Page, running process and Add/Remove Programs, misleading user to what is  installed and running in the system.\n"},"samples":[{"isRevoked":"False","fileName":"bin.exe","fileVersion":"0.0","hashMD5":"a8f4fd18bfb09cceef6df443d1f9f182","hashSHA1":"65fcff22f6e3134026aa4fca2f55998e1489706b","hashSHA256":"04ea5394815fad3e37affc442b5ececf0adf847d1d67d3573b213c27e0c22084","sourceIndex":"261","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VkDJ.exe","isInstaller":"True","companyName":"plants-premises                                             ","fileVersion":"1.0","hashMD5":"cf41ef8c66f81506d084bc497545780b","hashSHA1":"dbfe45e9e1992c6d38b82a6bfb0ad76a4323aea6","hashSHA256":"85d7ff2c6b663112c7cdc1f5b1f3e35a762fc7664e3e325982dacad54c81038a","digitalCertThumbprint":"427D4FC90F67A073381E67DC0A967F5DDCD023D1","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Monitor LLC, O=Monitor LLC, STREET=\"pr-kt Grazhdanskiy, 22A of 610\", L=Saint Petersburg, S=Saint Petersburg, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1157847105272, OID.2.5.4.15=Private Organization","sourceIndex":"261","avBlockList":["360 Total Security (20230727)","Avast Premium Security (20230727)","AVG Internet Security (20230727)","Avira Internet Security (20230727)","Bitdefender Internet Security (20230727)","COMODO Antivirus (20230727)","Dr.Web Security Space (20230727)","ESET Internet Security (20230727)","G DATA INTERNET SECURITY (20230727)","K7 Total Security (20230727)","Kaspersky Internet Security (20230727)","Malwarebytes Premium (20230727)","McAfee Total Protection (20230727)","Norton Security (20230727)","Panda Dome (20230727)","Quick Heal Internet Security (20230727)","Sophos Home Premium (20230727)","SpyHunter5 (20230727)","Total AV Antivirus Pro (20230727)","VIPRE Advanced Security (20230727)","VirIT eXplorer PRO (20230727)","Webroot SecureAnywhere (20230727)"],"avAllowList":["Trend Micro Internet Security (20230727)","Windows Defender (20230727)"]},{"isRevoked":"False","fileName":"VkDJ_new.exe","isInstaller":"True","companyName":"pleasure-prairie                                            ","fileVersion":"1.0","hashMD5":"77f04d8c97c9e755c3fecbab610c93d3","hashSHA1":"f2d9b8743105c27fe8231b910b78f2a291e06b9c","hashSHA256":"f9351130e2b124d78c226e3b7ab7eee69cbaddd7088e3c1213cd13d4f251d8da","digitalCertThumbprint":"37BBB5B364F68E7750F02B9EB07E38BE93FCC792","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=OOO Monitor, O=OOO Monitor, STREET=\"pr-kt Grazhdanskiy, 22A, of 610\", L=Saint Petersburg, S=Saint Petersburg, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1157847105272, OID.2.5.4.15=Private Organization","sourceIndex":"261","avBlockList":["360 Total Security (20230801)","Avast Premium Security (20230801)","AVG Internet Security (20230801)","Avira Internet Security (20230801)","Bitdefender Internet Security (20230801)","COMODO Antivirus (20230801)","Dr.Web Security Space (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","K7 Total Security (20230801)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20230801)","McAfee Total Protection (20230801)","Norton Security (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VIPRE Advanced Security (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)","Windows Defender (20230801)"],"avAllowList":["Trend Micro Internet Security (20230801)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://vkdj.org/","directDownloadingLink":"https://ati.jptrmn.com/vbm5.html?group=dj&name=VkDJ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ati.jptrmn.com/vbm5.html?group=dj&name=VkDJ","sourceIndex":"261"}],"sampleFiles":["230713/VKontakteDJ-230523/1.0.0.1/Samples/bin.exe","230713/VKontakteDJ-230523/1.0.0.1/Samples/VkDJ.exe","230713/VKontakteDJ-230523/1.0.0.1/Samples/VkDJ_new.exe"],"imageFiles":["230713/VKontakteDJ-230523/1.0.0.1/Images/ACR-043/ACR-043.jpg","230713/VKontakteDJ-230523/1.0.0.1/Images/ACR-048/ACR-048_Install.jpg","230713/VKontakteDJ-230523/1.0.0.1/Images/ACR-048/ACR-048_BackgroundProcess.jpg","230713/VKontakteDJ-230523/1.0.0.1/Images/ACR-048/ACR-002_048.jpg","230713/VKontakteDJ-230523/1.0.0.1/Images/ACR-116/ACR-116.jpg"],"nonDeceptorImageFiles":["230713/VKontakteDJ-230523/1.0.0.1/Images/ACR-002/VKDJ_LandingPage.jpeg","230713/VKontakteDJ-230523/1.0.0.1/Images/ACR-002/ACR-002.jpg"],"guid":"872935be-377c-4527-a15e-6ce1ea17bfa7_1.0.0.1_1","appID":"VKontakteDJ-230523","dateAdded":"230713","deceptorType":"App","name":"VKontakte DJ","company":"plants-premises","version":"1.0.0.1","lastKnownStatus":"1.0.0.1","lastKnownDate":"241231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,sold in bundle","lastUpdate":"2024-12-31T22:59:24.4037846+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":903},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Power Video DVD Copy\\PowerVideoDVDCopy.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"256bc08e4f66bc0c3df0600220853311","hashSHA1":"f08d3a1ed91755b9d58d5a4ffaa9c1cb9e0c1d9e","hashSHA256":"031de687b35b9a0619780172dbd5dced32a1206152865707c8e7db2dfe824020","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"979","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerVideoDVDCopy.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"Power Video DVD Copy                                        ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"61b5fce4e12df981f482befd612819ae","hashSHA1":"0f80e44fdc9d472fed3a511601e891f68a8332e5","hashSHA256":"5f458662c61ea95e21f78a4c07905f52037d43a656745401b255a19b7b9b1c82","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"979","avBlockList":["360 Total Security (20230928)","Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)","Windows Defender (20230928)"],"avAllowList":["COMODO Antivirus (20230928)","Trend Micro Internet Security (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://free-sound-editor.com/powervideodvdcopy/","directDownloadingLink":"https://free-sound-editor.com/PowerVideoDVDCopy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-sound-editor.com/PowerVideoDVDCopy.exe","sourceIndex":"979"}],"sampleFiles":["230713/PowerVideoDVDCopy-230623/8.8.2.5/Samples/PowerVideoDVDCopy.exe"],"imageFiles":["230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-109/ACR-109.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-048/ACR-048.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-010/ACR-010.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-013/ACR-013.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-118/ACR-118.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-057/ACR-057.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-059/ACR-059.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-060/ACR-060.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-071/ACR-071.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-106/ACR-106.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-092/ACR-092.JPG","230713/PowerVideoDVDCopy-230623/8.8.2.5/Images/ACR-123/ACR-123.JPG"],"guid":"0270fe34-8121-4f49-ba0c-5dadcf4d1141_8.8.2.5_1","appID":"PowerVideoDVDCopy-230623","dateAdded":"230713","deceptorType":"Bundler","name":"Power Video Dvd Copy","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.2.5","lastKnownStatus":"8.8.2.5","lastKnownDate":"230713","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-07-13T18:49:48.4467102+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":904},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n2. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Power Movie Switch\\PowerMovieSwitch1.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"256bc08e4f66bc0c3df0600220853311","hashSHA1":"f08d3a1ed91755b9d58d5a4ffaa9c1cb9e0c1d9e","hashSHA256":"031de687b35b9a0619780172dbd5dced32a1206152865707c8e7db2dfe824020","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"978","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerMovieSwitch.exe","isInstaller":"True","companyName":"PowerSE Distribution Inc.                                  ","productName":"Power Movie Switch                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"d8d3e7ee18ccbe446d69daf92cb15b16","hashSHA1":"5d405428a19f124d42e658281239de1e98652d3c","hashSHA256":"2a6b3a3fcbe126f42de5153ae3281fb7f5a3a7dce809d9988482ce49c7a06fdb","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"978","avBlockList":["360 Total Security (20230928)","Avast Premium Security (20230928)","AVG Internet Security (20230928)","Avira Internet Security (20230928)","Bitdefender Internet Security (20230928)","Dr.Web Security Space (20230928)","ESET Internet Security (20230928)","G DATA INTERNET SECURITY (20230928)","K7 Total Security (20230928)","Kaspersky Internet Security (20230928)","Malwarebytes Premium (20230928)","McAfee Total Protection (20230928)","Norton Security (20230928)","Panda Dome (20230928)","Quick Heal Internet Security (20230928)","Sophos Home Premium (20230928)","SpyHunter5 (20230928)","Total AV Antivirus Pro (20230928)","VIPRE Advanced Security (20230928)","VirIT eXplorer PRO (20230928)","Webroot SecureAnywhere (20230928)","Windows Defender (20230928)"],"avAllowList":["COMODO Antivirus (20230928)","Trend Micro Internet Security (20230928)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://free-sound-editor.com/powermovieswitch/","directDownloadingLink":"https://free-sound-editor.com/PowerMovieSwitch.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-sound-editor.com/PowerMovieSwitch.exe","sourceIndex":"978"}],"sampleFiles":["230713/PowerMovieSwitch-230623/8.8.2.5/Samples/PowerMovieSwitch.exe"],"imageFiles":["230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-109/ACR-109.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-042/ACR-042.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-042/ACR-042_1.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-048/ACR-048.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-010/ACR-010.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-013/ACR-013.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-118/ACR-118.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-057/ACR-057.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-059/ACR-059.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-060/ACR-060.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-071/ACR-071.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-106/ACR-106.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-092/ACR-092.JPG","230713/PowerMovieSwitch-230623/8.8.2.5/Images/ACR-123/ACR-123.JPG"],"guid":"3c114c5f-51b4-47c1-b191-fb443c80d43f_8.8.2.5_1","appID":"PowerMovieSwitch-230623","dateAdded":"230713","deceptorType":"Bundler","name":"Power Movie Switch","company":"PowerSE Distribution, Inc.","version":"8.8.2.5","lastKnownStatus":"8.8.2.5","lastKnownDate":"230713","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-07-13T18:53:08.5432868+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":905},{"violations":{"ACR-109":"1. The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n2.  The app installs several shortcuts without disclosing them to the user or getting user consent and also not disclosed the relationship to the app during installation.\n","ACR-042":"1. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n2.  The app installs several shortcuts without disclosing them to the user or getting user consent.\n","ACR-043":"1. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n2. The app installs several shortcuts without disclosing them to the user or getting user consent.\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless.\nThe app does not provide any control to remove the background process (\"Game.exe\") and to close its prompt using standard platform interfaces.\n","ACR-010":"The app distributes deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"Upon closing the app, the \"Game.exe\" process runs silently in the background hiding the fact that it is active from the consumer. Also, the Game prompt does not attempt to have a standard platform interface to close it.\n","ACR-118":"Upon uninstallation, the app retains many of its components along with a \"curl-ca-bundle.crt\" and all the shortcut files too on the device without the user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation. \n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"The app installs several shortcuts without disclosing them to the user or getting user consent and also not disclosed the relationship to the app during installation.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The executables are not digitally signed. \n","ACR-123":"The app does not remove dropped root certificate and the shortcut files even after uninstalling.\n","ACR-079":"The app attempts to display Advertisements as a barrier preventing consumer from navigating to the actual app, upon launching the app every single time.\n"},"samples":[{"isRevoked":"False","fileName":"WunderwaffeSetup.exe","isInstaller":"True","companyName":"Free Games Downloads Inc.                                  ","productName":"Wunderwaffe                                                 ","productVersion":"2.6.0.2                                           ","fileVersion":"                    ","hashMD5":"b3db44b5b43046b664afe352752c716e","hashSHA1":"53914b129d375af54c063028b1240ae9629abae6","hashSHA256":"cf6ec1be886dc6114dce44ef511e8ea5dd7db461c3a6f5d5bfae18eba7b2aa4d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"982","avBlockList":["360 Total Security (20230801)","Avast Premium Security (20230801)","AVG Internet Security (20230801)","Avira Internet Security (20230801)","Bitdefender Internet Security (20230801)","Dr.Web Security Space (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","K7 Total Security (20230801)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20230801)","McAfee Total Protection (20230801)","Norton Security (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VIPRE Advanced Security (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)","Windows Defender (20230801)"],"avAllowList":["COMODO Antivirus (20230801)","Trend Micro Internet Security (20230801)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Download sites","reference":"","landingPage":"https://falcoware.com/Wunderwaffe.php","directDownloadingLink":"https://falcoware.com/download.php?exe=http://www.falcogames.com/WunderwaffeSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://falcoware.com/download.php?exe=http://www.falcogames.com/WunderwaffeSetup.exe","sourceIndex":"982"}],"sampleFiles":["230712/Wunderwaffe-230627/2.6.0.2/Samples/WunderwaffeSetup.exe"],"imageFiles":["230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-109/ACR-109.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-109/ACR-109_1.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-039/ACR-039_1.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-043/ACR-043_1.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-043/ACR-043_2.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-107/ACR-107.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-042/ACR-042_1.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-042/ACR-042_2.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-048/ACR-048.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-010/ACR-010.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-013/ACR-013.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-084/ACR-084.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-084/ACR-084_1.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-048/ACR-048_1.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-048/ACR-048_2.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-118/ACR-118.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-118/ACR-118_1.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-118/ACR-118_2.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-118/ACR-118_3.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-057/ACR-057.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-059/ACR-059.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-060/ACR-060.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-071/ACR-071.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-106/ACR-106.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-092/ACR-092.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-123/ACR-123.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-123/ACR-123_1.JPG","230712/Wunderwaffe-230627/2.6.0.2/Images/ACR-079/ACR-079.JPG"],"guid":"6ef89bbd-8a0c-4128-b7fe-4e0d528d03dc_2.6.0.2_1","appID":"Wunderwaffe-230627","dateAdded":"230712","deceptorType":"Bundler","name":"Wunderwaffe","company":"Free Games Downloads, Inc.","version":"2.6.0.2","lastKnownStatus":"2.6.0.2","lastKnownDate":"230712","type":"Windows Executable","category":"Bundlers & Downloaders, Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-07-12T23:20:44.4660611+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":906},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-016":"Download is launched directly from Ad\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a digital signatures for the installer and other executables.\n"},"samples":[{"isRevoked":"False","fileName":"MP3Karaoke.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"MP3 Karaoke                                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e04efc15dc9a943f6afc5e14fa6bdcee","hashSHA1":"1a773554d37cc921be772e8153503cc4fc104653","hashSHA256":"82ff475927f88c439235c1486ea76faed9137ec35aa2788de4543071cbf7aefb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"987","avBlockList":["360 Total Security (20230801)","Avast Premium Security (20230801)","AVG Internet Security (20230801)","Avira Internet Security (20230801)","Bitdefender Internet Security (20230801)","COMODO Antivirus (20230801)","Dr.Web Security Space (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20230801)","McAfee Total Protection (20230801)","Norton Security (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VIPRE Advanced Security (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)","Windows Defender (20230801)"],"avAllowList":["K7 Total Security (20230801)","Trend Micro Internet Security (20230801)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.mp3-cutter-splitter.com/mp3-karaoke.html","directDownloadingLink":"http://www.mp3-cutter-splitter.com/Downloads/MP3Karaoke.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.mp3-cutter-splitter.com/Downloads/MP3Karaoke.zip","sourceIndex":"987"}],"sampleFiles":["230712/MP3Karaoke-230703/6.2.1/Samples/MP3Karaoke.exe"],"imageFiles":["230712/MP3Karaoke-230703/6.2.1/Images/ACR-109/ACR-109.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-048/ACR-048.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-010/ACR-010.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-013/ACR-013.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-118/ACR-118.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-057/ACR-057.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-059/ACR-059.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-059/ACR-059.mp4","230712/MP3Karaoke-230703/6.2.1/Images/ACR-060/ACR-060.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-071/ACR-071.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-155/ACR-155.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-016/ACR-016.mp4"],"nonDeceptorImageFiles":["230712/MP3Karaoke-230703/6.2.1/Images/ACR-106/ACR-106.JPG","230712/MP3Karaoke-230703/6.2.1/Images/ACR-092/ACR-092.JPG"],"guid":"4da11cd1-695f-4154-9770-6d37313d670e_6.2.1_1","appID":"MP3Karaoke-230703","dateAdded":"230712","deceptorType":"Bundler","name":"MP3 Karaoke","company":"Accmeware Corporation","version":"6.2.1","lastKnownStatus":"6.2.1","lastKnownDate":"230712","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-07-12T21:47:39.9281272+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":907},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"","ACR-060":"","ACR-118":"At Uninstall, it retains some of its other components along with a \"curl-ca-bundle.crt\" on the device.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 9.8.2.4 vs version 9.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version 9.8.2.4 vs version 9.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"AudioBurner.exe","fileVersion":"0.0","hashMD5":"abda422b9465f803b1d71c7f6d5dc388","hashSHA1":"7c8324f612c598cface7bd7a481561e46a63e1f4","hashSHA256":"a3968f46d7da7a3d008d6c73c6322d797b5e41ec42db20b5633066c989c52fa1","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AudioGrabber.exe","fileVersion":"0.0","hashMD5":"a2025cc6f83d1a5f04f95c39c60d02d4","hashSHA1":"8e59031dcf9ce7a782c9555428bfd6ff959c962b","hashSHA256":"a0f9fe01aa69db7a572346ba892e88e3c384173c38620b6b9ff1550dc6a6dc27","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolBurningStudio.exe","fileVersion":"0.0","hashMD5":"b118f40bf9e81a3cb4ee42fe7c514a95","hashSHA1":"0c7d9f88dddbbde24c79eb175fd0721490bab64b","hashSHA256":"db8933a14004a949e7a38470ce4591d05b724db4ebb89cf9b05d3b3c637721f1","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolBurningStudio-setup.exe","isInstaller":"True","companyName":"CoolMedia Co., Ltd.                                         ","fileVersion":"0.0","hashMD5":"fba796b4c2d749b5cbff84d318b25825","hashSHA1":"3c05267d6eb7bc3e0d9d9336b565db418a1da29f","hashSHA256":"bae63cbbc632dec0d789cac2ebef7e4efba35813778f51ef5f83fb3bbf06b15c","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"986","avBlockList":["360 Total Security (20221018)","Avast Premium Security (20221018)","AVG Internet Security (20221018)","Avira Internet Security (20221018)","Bitdefender Internet Security (20221018)","Dr.Web Security Space (20221018)","ESET Internet Security (20221018)","G DATA INTERNET SECURITY (20221018)","K7 Total Security (20221018)","Kaspersky Internet Security (20221018)","Malwarebytes Premium (20221018)","McAfee Total Protection (20221018)","Norton Security (20221018)","Panda Dome (20221018)","Quick Heal Internet Security (20221018)","Sophos Home Premium (20221018)","SpyHunter5 (20221018)","Total AV Antivirus Pro (20221018)","Trend Micro Internet Security (20221018)","VIPRE Advanced Security (20221018)","VirIT eXplorer PRO (20221018)","Webroot SecureAnywhere (20221018)","Windows Defender (20221018)"],"avAllowList":["COMODO Antivirus (20221018)","Tencent PC Manager (20220811)"]},{"isRevoked":"False","fileName":"DataBurner.exe","fileVersion":"0.0","hashMD5":"164e5a155056ab016fbb156a4afbe2de","hashSHA1":"315192f6ba33ff7eb80b573e1f9d364eb2f71a7d","hashSHA256":"1cb3497ff2bccd5fd3d6505f756514bdd420d58013a0ad889307428f7b0df3e0","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DeviceInfo.exe","fileVersion":"0.0","hashMD5":"c481c397dc8b0965fa24f9d40bddbca3","hashSHA1":"1cfc097b4bcae4facc803031cdefcecc5fa9173d","hashSHA256":"7cc39161c32ccaf71241ba74fd4ecae672d3abde3ff654688466fa95021a1c27","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiscEraser.exe","fileVersion":"0.0","hashMD5":"4282b28354c392dd7caff4349116493c","hashSHA1":"b12c3af020ec8db430f9a1a89c2a614ffb3fdf83","hashSHA256":"13dd4186c06c9dcf3683e19a7672b6096fafbd7bfb04eadf55ee5c472926652f","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ISOBuilder.exe","fileVersion":"0.0","hashMD5":"05d9d923210d9d511cd622d1a1e9550a","hashSHA1":"d6c0cdc1fc2067e00c0a532fa1ae3dea161f8c17","hashSHA256":"445c39984ecdb5f78a29927fbf0884ecbc14deba59edcccafc2f5274248d5ba7","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ISOBurner.exe","fileVersion":"0.0","hashMD5":"4ef16904915d321c3e2644611da61060","hashSHA1":"2d2d88e9faf88917e98793ede88dfc96ff7a821d","hashSHA256":"3655d773a08c1f383f542438e88d347ac5eb1f55610b8b4aecd85ee5e5f00acd","sourceIndex":"986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolBurningStudio_Setup1.exe","isInstaller":"True","companyName":"CoolMedia Co., Ltd.                                         ","fileVersion":"0.0","hashMD5":"51e979d87dad17fa45fd60ed5145c43c","hashSHA1":"b46f7162fb0333ef9a3add319a91176c4621b75d","hashSHA256":"c10c2dee3fb1c467c9657d3ba8981fc97b4a767bf3c5155a1ded943eb761a203","sourceIndex":"986","avBlockList":["360 Total Security (20230801)","Avast Premium Security (20230801)","AVG Internet Security (20230801)","Avira Internet Security (20230801)","Bitdefender Internet Security (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","K7 Total Security (20230801)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20230801)","McAfee Total Protection (20230801)","Norton Security (20230801)","Panda Dome (20230801)","Quick Heal Internet Security (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","Trend Micro Internet Security (20230801)","VIPRE Advanced Security (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)","Windows Defender (20230801)"],"avAllowList":["COMODO Antivirus (20230801)","Dr.Web Security Space (20230801)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://coolrecordedit.com/coolburningstudio/","directDownloadingLink":"http://coolrecordedit.com/CoolBurningStudio.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://coolrecordedit.com/CoolBurningStudio.exe","sourceIndex":"986"}],"sampleFiles":["230710/CoolBurningStudio-220808/9.8.0/Samples/AudioBurner.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/AudioGrabber.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/CoolBurningStudio.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/CoolBurningStudio-setup.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/DataBurner.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/DeviceInfo.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/DiscEraser.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/ISOBuilder.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/ISOBurner.exe","230710/CoolBurningStudio-220808/9.8.0/Samples/CoolBurningStudio_Setup1.exe"],"imageFiles":["230710/CoolBurningStudio-220808/9.8.0/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-010/RK.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-118/ACR-118_RetainedComponents.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-057/RK.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-059/RK.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-071/RK.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["230710/CoolBurningStudio-220808/9.8.0/Images/ACR-002/ACR-002_MismatchedVersions.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-106/RK.jpg","230710/CoolBurningStudio-220808/9.8.0/Images/ACR-002/ACR-002_MismatchedVersions.jpg"],"guid":"b452e1f7-63f4-465a-ac20-89fe0e68cf06_9.8.0_1","appID":"CoolBurningStudio-220808","dateAdded":"230710","deceptorType":"App","name":"Cool Burning Studio","company":"CoolMedia Co.,Ltd.","version":"9.8.0","lastKnownStatus":"9.8.0","lastKnownDate":"230710","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2023-07-12T21:50:59.0723651+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":910},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user or getting user consent also not disclosed the relationship to the app during installation.\n","ACR-043":"1. The \"Free YouTube to MP3 Converter\" app's components get dropped in a single click without asking the user's permission and disclosing the installation path.\n2. The app installs \"FreeStudioManager\" without disclosing it to the user or getting user consent and does not disclose relevant license information about 'FFmPeg'.\n","ACR-107":"The app does not disclose relevant license information about 'FFmPeg'. \n","ACR-048":"The app does not provide any option to cancel the installation process.\n","ACR-007":"The application logo is way too similar to the Windows logo, a misleading representation of the app source.\n","ACR-017":"The application logo is way too similar to the Windows logo, a misleading representation of the app source.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user or getting user consent also not disclosed the relationship to the app during installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DVDVideoSoft\\Free Video Converter\\FreeVideoConverter.exe","companyName":"Digital Wave Ltd","productName":"Free Studio","productVersion":"1.1.0.1017","fileVersion":"1.1.0.1017","hashMD5":"7b0a967d6d36a5dbbd348650b44c7ebe","hashSHA1":"abd03183a3d6a85a74263a46da351c32b2c1f784","hashSHA256":"08ab44cfaeb10d30e34691ea8fd06952884f55b22b59969dabf0c685cc7573a7","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1007","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeVideoConverter_1.1.0.1017_d_df831657-11cc-4e03-b6de-6913e207ca4a.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Video Converter (sc)                                   ","productVersion":"1.1.0.1017                                        ","fileVersion":"1.1.0.1017          ","hashMD5":"3d2208e67adb00e799270765b6aabf6b","hashSHA1":"2342285413f220dd6f52968b4e2ddd5713e42138","hashSHA256":"48696de9306441bb5e8ac1c81f4356208a2ad14872ad7083b7161b276f14ed46","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1007","avBlockList":["Avast Premium Security (20230801)","AVG Internet Security (20230801)","Avira Internet Security (20230801)","Dr.Web Security Space (20230801)","K7 Total Security (20230801)","McAfee Total Protection (20230801)","Norton Security (20230801)","Panda Dome (20230801)","Sophos Home Premium (20230801)","SpyHunter5 (20230801)","Total AV Antivirus Pro (20230801)","VirIT eXplorer PRO (20230801)","Webroot SecureAnywhere (20230801)","Windows Defender (20230801)"],"avAllowList":["360 Total Security (20230801)","Bitdefender Internet Security (20230801)","COMODO Antivirus (20230801)","ESET Internet Security (20230801)","G DATA INTERNET SECURITY (20230801)","Kaspersky Internet Security (20230801)","Malwarebytes Premium (20230801)","Quick Heal Internet Security (20230801)","Trend Micro Internet Security (20230801)","VIPRE Advanced Security (20230801)"]}],"additionalFiles":[],"sources":[{"howFound":"Product from DVDVideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/free-video-converter","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeVideoConverter.exe&ls=topWinPrimary&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeVideoConverter.exe&ls=topWinPrimary&auid=true","sourceIndex":"1007"}],"sampleFiles":["230710/FreeVideoConverter-230627/1.1.0.1017/Samples/FreeVideoConverter_1.1.0.1017_d_df831657-11cc-4e03-b6de-6913e207ca4a.exe"],"imageFiles":["230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-109/ACR-109.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-039/ACR-039.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-043/ACR-043.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-043/ACR-043_1.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-107/ACR-107.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-048/ACR-048_1.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-007/ACR-007 (1).JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-007/ACR-007 (2).JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-017/ACR-017 (1).JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-017/ACR-017 (2).JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-118/ACR-118.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-118/ACR-118_1.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-118/ACR-118_2.JPG","230710/FreeVideoConverter-230627/1.1.0.1017/Images/ACR-118/ACR-118_3.JPG"],"nonDeceptorImageFiles":[],"guid":"78fabf6c-1a25-4507-9498-9e13ebc8e7c7_1.1.0.1017_1","appID":"FreeVideoConverter-230627","dateAdded":"230710","deceptorType":"App","name":"Free Video Converter","company":"Digital Wave Ltd","version":"1.1.0.1017","lastKnownStatus":"1.1.0.1017","lastKnownDate":"230710","type":"Windows Executable","category":"SysTools & Utilities, Media editors, Media players","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-07-10T22:54:34.0107549+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":908},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-043":"Third-party components from 'Online Media Technologies Ltd' are installed without disclosure. \n\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Online Media Technologies Ltd.'.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"","ACR-060":"","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"CoolRecordEditPro.exe","fileVersion":"0.0","hashMD5":"539d6c941b081e9afbfe284363c10993","hashSHA1":"5d2bfbde0c949b6b6239496236c6558ee3f76350","hashSHA256":"4384d27dc5b2665fd8efc4bd77ca4d908e508dbfa12a91bc9dd9fb4986babeee","sourceIndex":"985","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolRecordEditPro-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 CoolMedia, Inc.                        ","fileVersion":"0.0","hashMD5":"0016a1ba6ab679715ced9f605d8001fc","hashSHA1":"65868a0f9f7434d3c59d47280e8079c403815b20","hashSHA256":"5c9bb3c10c3a7ef2a8d8b8ee22a0733abee21434186389842c788594f9e999f9","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"985","avBlockList":["360 Total Security (20221027)","Avast Premium Security (20221027)","AVG Internet Security (20221027)","Avira Internet Security (20221027)","Bitdefender Internet Security (20221027)","COMODO Antivirus (20221027)","Dr.Web Security Space (20221027)","ESET Internet Security (20221027)","G DATA INTERNET SECURITY (20221027)","K7 Total Security (20221027)","Kaspersky Internet Security (20221027)","Malwarebytes Premium (20221027)","McAfee Total Protection (20221027)","Norton Security (20221027)","Panda Dome (20221027)","Quick Heal Internet Security (20221027)","Sophos Home Premium (20221027)","SpyHunter5 (20221027)","Total AV Antivirus Pro (20221027)","VIPRE Advanced Security (20221027)","VirIT eXplorer PRO (20221027)","Webroot SecureAnywhere (20221027)","Windows Defender (20221027)"],"avAllowList":["Tencent PC Manager (20220816)","Trend Micro Internet Security (20221027)"]},{"isRevoked":"False","fileName":"CoolRecordEditPro-Setup-2.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 CoolMedia, Inc.                        ","fileVersion":"0.0","hashMD5":"199a7998aab5069b3a6abe68bf30d003","hashSHA1":"7c4c8fbe023a6d94aa4819b7f71eb9e8172c87aa","hashSHA256":"f49fee0ab3379bd73806f1c4050bea0563d5c9e39057e28a2ba681ea2b4cc712","sourceIndex":"985","avBlockList":["360 Total Security (20230803)","Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","Bitdefender Internet Security (20230803)","ESET Internet Security (20230803)","G DATA INTERNET SECURITY (20230803)","K7 Total Security (20230803)","Kaspersky Internet Security (20230803)","Malwarebytes Premium (20230803)","McAfee Total Protection (20230803)","Norton Security (20230803)","Panda Dome (20230803)","Quick Heal Internet Security (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","Total AV Antivirus Pro (20230803)","Trend Micro Internet Security (20230803)","VIPRE Advanced Security (20230803)","VirIT eXplorer PRO (20230803)","Webroot SecureAnywhere (20230803)","Windows Defender (20230803)"],"avAllowList":["COMODO Antivirus (20230803)","Dr.Web Security Space (20230803)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://coolrecordedit.com/","directDownloadingLink":"http://coolrecordedit.com/CoolRecordEditPro.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"http://coolrecordedit.com/CoolRecordEditPro.exe","sourceIndex":"985"}],"sampleFiles":["230710/CoolRecordEditPro-220804/9.8.0/Samples/CoolRecordEditPro.exe","230710/CoolRecordEditPro-220804/9.8.0/Samples/CoolRecordEditPro-setup.exe","230710/CoolRecordEditPro-220804/9.8.0/Samples/CoolRecordEditPro-Setup-2.exe"],"imageFiles":["230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-043/ACR-043_107_NCT_thirdparty.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-010/RK.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-107/ACR-043_107_NCT_thirdparty.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-118/ACR-118_Retained_Components.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-057/RK.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-059/RK.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-071/RK.jpg","230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["230710/CoolRecordEditPro-220804/9.8.0/Images/ACR-106/RK.jpg"],"guid":"d55f77ff-b496-4c5b-9b9c-e21b6a397b93_9.8.0_1","appID":"CoolRecordEditPro-220804","dateAdded":"230710","deceptorType":"App","name":"Cool Record Edit Pro ","company":"CoolMedia, Inc.","version":"9.8.0","lastKnownStatus":"9.8.0","lastKnownDate":"230710","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2023-07-12T21:52:00.7752892+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":909},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-016":"another application downloading is launched directly from Ad.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a digital signatures for the installer and other executables\n"},"samples":[{"isRevoked":"False","fileName":"MP3Cut.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"MP3 Cut                                                     ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b669310fdb5377478e767d0ed671d1a0","hashSHA1":"f2c6926577b9ae702f60eba8c4bbbab5b913d372","hashSHA256":"4f4ad9d9c4bf8603c147110c9226b7ba0c8c53303ac72617f7f433587b32f872","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1010","avBlockList":["360 Total Security (20230803)","Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","Bitdefender Internet Security (20230803)","COMODO Antivirus (20230803)","Dr.Web Security Space (20230803)","ESET Internet Security (20230803)","G DATA INTERNET SECURITY (20230803)","K7 Total Security (20230803)","Kaspersky Internet Security (20230803)","Malwarebytes Premium (20230803)","McAfee Total Protection (20230803)","Norton Security (20230803)","Panda Dome (20230803)","Quick Heal Internet Security (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","Total AV Antivirus Pro (20230803)","VIPRE Advanced Security (20230803)","VirIT eXplorer PRO (20230803)","Webroot SecureAnywhere (20230803)","Windows Defender (20230803)"],"avAllowList":["Trend Micro Internet Security (20230803)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.mp3-cutter-splitter.com/mp3_cutter.html","directDownloadingLink":"http://www.mp3-cutter-splitter.com/Downloads/MP3Cut.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.mp3-cutter-splitter.com/Downloads/MP3Cut.zip","sourceIndex":"1010"}],"sampleFiles":["230707/MP3Cut-230705/5.5.3/Samples/MP3Cut.exe"],"imageFiles":["230707/MP3Cut-230705/5.5.3/Images/ACR-109/ACR-109.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-048/ACR-048.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-010/ACR-010.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-013/ACR-013.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-118/ACR-118.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-057/ACR-057.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-059/ACR-059.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-059/ACR-059.mp4","230707/MP3Cut-230705/5.5.3/Images/ACR-060/ACR-060.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-071/ACR-071.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-155/ACR-155.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-016/ACR-016.mp4"],"nonDeceptorImageFiles":["230707/MP3Cut-230705/5.5.3/Images/ACR-106/ACR-106.JPG","230707/MP3Cut-230705/5.5.3/Images/ACR-092/ACR-092.JPG"],"guid":"dbb9aa43-f239-484a-97eb-8290cbb30f5b_5.5.3_1","appID":"MP3Cut-230705","dateAdded":"230707","deceptorType":"Bundler","name":"MP3 Cut","company":"Accmeware Corporation","version":"5.5.3","lastKnownStatus":"5.5.3","lastKnownDate":"230707","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-07-07T20:06:18.6986513+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":911},{"violations":{"ACR-042":"1. The app drops the Cert file before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the Cert file that is dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'. \n","ACR-048":"The app does not provide any control to close the background processes that run silently in the background within the app's settings.\n","ACR-007":"The app does not obtain user explicit consent for dropping the cert file which can reduce the consumer's security posture.\n\n","ACR-084":"On quitting the app, the process \"OkayFreedomService.exe\" runs silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after installation without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal on the internal offers page (https://store.okayfreedom.com/1234/?scope=checkout&id=S7g81rXkZv&crel=currencyId).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate file even after uninstall.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomClient.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.15.13358","fileVersion":"1.8.15.13358","hashMD5":"0fbd7c8606b92da5b1f543de258d583a","hashSHA1":"47d562b06367b4891328a2aa1b8f63cff42e0d08","hashSHA256":"86138ec15a3c38f671ee43d319e653a098468101db0d97480dd4f90b45286667","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1111","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomService.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.15.13358","fileVersion":"1.8.15.13358","hashMD5":"2b25b28b6ca4c4f3bfdb7f7134b7e346","hashSHA1":"8864c5dabc471c909224df09730e00a1ad79f13c","hashSHA256":"a180c0e990396c3d902e3fb2210ec5071a696499df01c0e86bfdbe10028557ee","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1111","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\Updater.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.15.13358","fileVersion":"1.8.15.13358","hashMD5":"55d682ea482d17fb76b678b4a2e985af","hashSHA1":"b5c83d00a5d502c3d3676dad0d7edd33fb9a3964","hashSHA256":"45385f04f83b26f2d2c766f526753de7093ab8f30e648a07d9de984ff012b9eb","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1111","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"","fileVersion":"1.8.15.0 Rev 13358","hashMD5":"a0fde3b5a3b5a5e88c7cb2c4c925e085","hashSHA1":"cf02281f02ea326f2396fbed6824462037f24434","hashSHA256":"076357fec47f5d56ad11ff9c0357c7afb1ff43c6f2b7e499d1d26b8c91ed0e22","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1111","avBlockList":["Avira Internet Security (20230523)","ESET Internet Security (20230523)","K7 Total Security (20230523)","Kaspersky Internet Security (20230523)","Malwarebytes Premium (20230523)","McAfee Total Protection (20230523)","Norton Security (20230523)","Panda Dome (20230523)","Quick Heal Internet Security (20230523)","Sophos Home Premium (20230523)","SpyHunter5 (20230523)","Total AV Antivirus Pro (20230523)","VirIT eXplorer PRO (20230523)","Webroot SecureAnywhere (20230523)","Windows Defender (20230523)"],"avAllowList":["360 Total Security (20230523)","Avast Premium Security (20230523)","AVG Internet Security (20230523)","Bitdefender Internet Security (20230523)","COMODO Antivirus (20230523)","Dr.Web Security Space (20230523)","G DATA INTERNET SECURITY (20230523)","Trend Micro Internet Security (20230523)","VIPRE Advanced Security (20230523)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://www.okayfreedom.com/en/","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1111"}],"sampleFiles":["230508/OkayFreedomVPN-220927/1.8.15.13358/Samples/okayfreedom.exe"],"imageFiles":["230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-048/ACR-048.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-084/ACR-084.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-165/ACR-165.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-043/ACR-043.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-043/ACR-043_1.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-043/ACR-043_2.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-107/ACR-107.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-042/ACR-042.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-042/ACR-042_1.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-042/ACR-042_2.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-007/ACR-007.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-007/ACR-007_1.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-045/ACR-045.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-045/ACR-045_1.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-123/ACR-123.JPG","230508/OkayFreedomVPN-220927/1.8.15.13358/Images/ACR-018/ACR-018.JPG"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.15.13358_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.15.13358","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":916},{"violations":{"ACR-042":"1. The app drops the Cert file before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n3. On executing the installer, it directly installs the app and its components without asking for any user's permission.\n","ACR-043":"1. The app does not provide information regarding the Cert file that is dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n3. All the components of \"OkayFreedom VPN\" get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'. \n","ACR-048":"The app does not provide any control to close the background processes that run silently in the background within the app's settings.\nThe app does not provide any option to cancel the installation process.\n","ACR-007":"The app does not obtain user explicit consent for dropping the cert file which can reduce the consumer's security posture.\n\n","ACR-084":"On quitting the app, the process \"OkayFreedomService.exe\" runs silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after installation without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal on the internal offers page (https://store.steganos.com/1234/?scope=checkout&cart=201497&coupon=NEWYEAR2023&enablecoupon=false&recommendation=none&cfg=okayfreedom&utm_campaign=OkayFreedom.com&utm_medium=shortlinks&utm_source=unknown&wkz=unknown).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate file even after uninstall.\n","ACR-167":"The return policy between the landing page and the offer page is inconsistent.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomClient.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.14.13343","fileVersion":"1.8.14.13343","hashMD5":"27c757d0b55854f3414ecee02b15e7aa","hashSHA1":"a9d02787fe71f83a516a8028a76960cc5bc02180","hashSHA256":"de6849b0dbb0e39c0bd96243511e8472f38b27f8855984687197a879fc9ed7fa","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomService.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.14.13343","fileVersion":"1.8.14.13343","hashMD5":"b8feb58d0d676597ffcf0fce5a018bd1","hashSHA1":"3e7bffedb08eb51e805031d300ce48a750da8861","hashSHA256":"d0859c28c6b0532931f9208d8b3d9e67f2da2f316eae8ed0b0c8f5011da643e1","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\Updater.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.14.13343","fileVersion":"1.8.14.13343","hashMD5":"6c7c5548c6cffe02b96f57c044ac9887","hashSHA1":"cf8dc04827cdd58cafca5ae9e89f684f7061eef9","hashSHA256":"81869dfe7139f7419077c37a2218cf2a42132eeed769b641082fa32f1738f6b4","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"","fileVersion":"1.8.14.0 Rev 13343","hashMD5":"398abdf1f9b96db7ff09eb645bb23d3d","hashSHA1":"154f3ee94cf972bd005aef8993cb4ecc40ca2809","hashSHA256":"aa6877833b9f4e22f6a4ef5dae88e3aa0ad6ec0391e755262ed62c8bdda25809","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1144","avBlockList":["Avira Internet Security (20230516)","ESET Internet Security (20230516)","K7 Total Security (20230516)","Kaspersky Internet Security (20230516)","Malwarebytes Premium (20230516)","McAfee Total Protection (20230516)","Norton Security (20230516)","Panda Dome (20230516)","Quick Heal Internet Security (20230516)","Sophos Home Premium (20230516)","SpyHunter5 (20230516)","Total AV Antivirus Pro (20230516)","VirIT eXplorer PRO (20230516)","Webroot SecureAnywhere (20230516)"],"avAllowList":["360 Total Security (20230516)","Avast Premium Security (20230516)","AVG Internet Security (20230516)","Bitdefender Internet Security (20230516)","COMODO Antivirus (20230516)","Dr.Web Security Space (20230516)","G DATA INTERNET SECURITY (20230516)","Trend Micro Internet Security (20230516)","VIPRE Advanced Security (20230516)","Windows Defender (20230516)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.okayfreedom.com/en/","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1144"}],"sampleFiles":["230426/OkayFreedomVPN-220927/1.8.14.13343/Samples/okayfreedom.exe"],"imageFiles":["230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-048/ACR-048.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-084/ACR-084.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-165/ACR-165.jpg","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-043/ACR-043 (1).JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-043/ACR-043 (2).JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-043/ACR-043.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-043/ACR-043_1.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-107/ACR-107.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-042/ACR-042 (1).JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-042/ACR-042 (2).JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-042/ACR-042.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-042/ACR-042_1.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-048/ACR-048_1.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-007/ACR-007 (1).JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-007/ACR-007 (2).JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-167/ACR-167.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-167/ACR-167_1.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-045/ACR-045 (1).JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-045/ACR-045 (2).JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-123/ACR-123.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-123/ACR-123.JPG","230426/OkayFreedomVPN-220927/1.8.14.13343/Images/ACR-018/ACR-018.jpg"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.14.13343_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.14.13343","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":917},{"violations":{"ACR-048":"The app does not provide an option to cancel installation and any control to close the process that runs silently in the background within the app's settings.\n","ACR-084":"On quitting the app, the processes \"OkayFreedomService.exe\" and \"Notifier.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app displays \"The traffic is used up!\" right after installation and identity is exposed even if another VPN(Windscribe) is Connected.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal in the internal offers.\n"},"nonDeceptorViolations":{"ACR-045":"The app's free version is not functional. Whenever the user attempts to run and turn the VPN on, the alert that leads to purchase keeps popping up displaying that the free traffic is used up and the identity is exposed despite another VPN in used, hence, misleading.\n","ACR-056":"The website advertises a free version yet upon installation, it cannot be run. Whenever the user attempts to run and turn the VPN on, the alert that leads to purchase keeps popping up displaying that the free traffic is used up and the identity is exposed despite another VPN in used, hence, misleading.\n\n","ACR-167":"The return policy between the landing page and the offer page is inconsistent.\n"},"samples":[{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","fileVersion":"1.8.11.12886","hashMD5":"e64782249c09a2066c09b6da8c0497f4","hashSHA1":"5956970e1e1c955527f2679d81635713e073f499","hashSHA256":"187840b5255e17196ab0be257b79ba27b17a6109d7e02095fa0ace525a67b1e7","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Steganos Software GmbH, O=Steganos Software GmbH, STREET=Storkower Str. 158, L=Berlin, S=Berlin, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Berlin (Charlottenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 121695, OID.2.5.4.15=Private Organization","sourceIndex":"1394","avBlockList":["Avast Premium Security (20221006)","AVG Internet Security (20221006)","Avira Internet Security (20221006)","ESET Internet Security (20221006)","Kaspersky Internet Security (20221006)","Norton Security (20221006)","Panda Dome (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)","Windows Defender (20221006)"],"avAllowList":["360 Total Security (20221006)","Bitdefender Internet Security (20221006)","COMODO Antivirus (20221006)","Dr.Web Security Space (20221006)","G DATA INTERNET SECURITY (20221006)","K7 Total Security (20221006)","Malwarebytes Premium (20221006)","McAfee Total Protection (20221006)","Quick Heal Internet Security (20221006)","Trend Micro Internet Security (20221006)","VIPRE Advanced Security (20221006)"]},{"isRevoked":"False","fileName":"OkayFreedomClient.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.11.12886","fileVersion":"1.8.11.12886","hashMD5":"e59f7a5747e0887347f31c35551774d3","hashSHA1":"f819214144d7f781c96689ee825adfe8d710c284","hashSHA256":"4420df0e89b9232bdd312981e69eb4680476f16f278c7247742067246882f522","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Steganos Software GmbH, O=Steganos Software GmbH, STREET=Storkower Str. 158, L=Berlin, S=Berlin, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Berlin (Charlottenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 121695, OID.2.5.4.15=Private Organization","sourceIndex":"1394","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.okayfreedom.com/en/","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1394"}],"sampleFiles":["220928/OkayFreedomVPN-220927/1.8.11.12886/Samples/okayfreedom.exe","220928/OkayFreedomVPN-220927/1.8.11.12886/Samples/OkayFreedomClient.exe"],"imageFiles":["220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-014/ACR-014_045_Identity_Exposed.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-048/ACR-048_Cance_Installation.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-048/ACR-048_084_Background_Processes.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-084/ACR-084_Background_Processes.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-165/OkayFreedom_Offer.jpeg"],"nonDeceptorImageFiles":["220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-167/ACR-167_LandingPage.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-167/ACR-167_OfferPage.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-045/ACR-014_045_Identity_Exposed.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-056/ACR-056_Caution.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-056/ACR-056_FreeVersion.jpg","220928/OkayFreedomVPN-220927/1.8.11.12886/Images/ACR-056/ACR-056_500MB_UsedUp.jpg"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.11.12886_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.11.12886","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":921},{"violations":{"ACR-042":"1. The app drops the Cert file before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n3. On executing the installer, it directly installs the app and its components without asking for any user's permission.\n","ACR-043":"1. The app does not provide information regarding the Cert file that is dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n3. All the components of \"OkayFreedom VPN\" get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'. \n","ACR-048":"The app does not provide any control to enable/disable the startup item and to close the background processes that run silently in the background within the app's settings.\nThe app does not provide any option to cancel the installation process.\n","ACR-007":"The app does not obtain user consent for dropping the cert file to reduce the consumer's security posture caused by the installation prompt.\n","ACR-084":"1.  The app creates undisclosed startup items to perform actions without the consumer's knowledge and consent.\n2. On quitting the app, the processes \"OkayFreedomService.exe\" and \"Notifier.exe\" runs silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after installation without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains many of its components on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal on the internal offers page (https://store.okayfreedom.com/1234/uurl-vczys7urzw?utm_campaign=OkayFreedom.com&utm_medium=shortlinks&utm_source=unknown&wkz=unknown).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate file even after uninstall.\n","ACR-167":"The return policy between the landing page and the offer page is inconsistent.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\Notifier.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.12.13039","fileVersion":"1.8.12.13039","hashMD5":"06710e9874e0eba7962b98b2a6a85ee4","hashSHA1":"09e83ae1ae527c6cd0b17c0b01bda17c6326b594","hashSHA256":"2e9ab511fb5b204118c9c32de6d2c898a33ad1eccfa4961d3aaa656319ec7896","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1329","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\Notifier.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.12.13039","fileVersion":"1.8.12.13039","hashMD5":"06710e9874e0eba7962b98b2a6a85ee4","hashSHA1":"09e83ae1ae527c6cd0b17c0b01bda17c6326b594","hashSHA256":"2e9ab511fb5b204118c9c32de6d2c898a33ad1eccfa4961d3aaa656319ec7896","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1329","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomService.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.12.13039","fileVersion":"1.8.12.13039","hashMD5":"8d748ba165284d87ae26c3f0e319a3ac","hashSHA1":"f86b161a4c1489ca2e4d8d7c9c86dac05213474c","hashSHA256":"dd1029505cd5b25387080233b8bce6cfd5a9a775c580181469c2438db775f71f","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1329","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"","fileVersion":"1.8.12.0 Rev 13039","hashMD5":"0ac9ebc3dccf7e51fc323774d96b6cc6","hashSHA1":"418a593d13365c2881c5ccce78ad3cec5db5eb7c","hashSHA256":"7a235a4f560567e712d96c28dd2c83a4077779744834bb38e49e2f14a28af86f","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1329","avBlockList":["Avast Premium Security (20230124)","AVG Internet Security (20230124)","Avira Internet Security (20230124)","Dr.Web Security Space (20230124)","ESET Internet Security (20230124)","K7 Total Security (20230124)","Kaspersky Internet Security (20230124)","Malwarebytes Premium (20230124)","McAfee Total Protection (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Sophos Home Premium (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VirIT eXplorer PRO (20230124)","Webroot SecureAnywhere (20230124)","Windows Defender (20230124)"],"avAllowList":["360 Total Security (20230124)","Bitdefender Internet Security (20230124)","COMODO Antivirus (20230124)","G DATA INTERNET SECURITY (20230124)","Quick Heal Internet Security (20230124)","Trend Micro Internet Security (20230124)","VIPRE Advanced Security (20230124)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.okayfreedom.com/en/","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1329"}],"sampleFiles":["221110/OkayFreedomVPN-220927/1.8.12.13039/Samples/okayfreedom.exe"],"imageFiles":["221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-048/ACR-048_1.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-048/ACR-048_2.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-048/ACR-048_3.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-084/ACR-084.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-084/ACR-084_1.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-165/ACR-165_1.jpg","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-043/ACR-043 (1).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-043/ACR-043 (2).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-043/ACR-043 (3).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-043/ACR-043_1.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-043/ACR-043.mp4","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-107/ACR-107_1.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-042/ACR-042 (1).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-042/ACR-042 (2).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-042/ACR-042 (3).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-042/ACR-042_1.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-042/ACR-042.mp4","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-048/ACR-048.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-007/ACR-007 (1).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-007/ACR-007 (2).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-007/ACR-007 (3).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-118/ACR-118_2.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-118/ACR-118_3.JPG"],"nonDeceptorImageFiles":["221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-167/ACR-167_1.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-167/ACR-167_2.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-045/ACR-045 (1).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-045/ACR-045 (2).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-045/ACR-045 (3).JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-123/ACR-123_1.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-123/ACR-123.JPG","221110/OkayFreedomVPN-220927/1.8.12.13039/Images/ACR-018/ACR-018.jpg"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.12.13039_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.12.13039","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":920},{"violations":{"ACR-042":"1. The app drops the Cert file before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n3. On executing the installer, it directly installs the app and its components without asking for any user's permission.\n","ACR-043":"1. The app does not provide information regarding the Cert file that is dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n3. All the components of \"OkayFreedom VPN\" get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'. \n","ACR-048":"The app does not provide any control to enable/disable the startup item and to close the background processes that run silently in the background within the app's settings.\nThe app does not provide any option to cancel the installation process.\n","ACR-007":"The app does not obtain user consent for dropping the cert file to reduce the consumer's security posture caused by the installation prompt.\n","ACR-084":"1.  The app creates undisclosed startup items to perform actions without the consumer's knowledge and consent.\n2. On quitting the app, the processes \"OkayFreedomService.exe\" and \"Notifier.exe\" runs silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after installation without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains many of its components on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal on the internal offers page (https://store.okayfreedom.com/1234/uurl-vczys7urzw?utm_campaign=OkayFreedom.com&utm_medium=shortlinks&utm_source=unknown&wkz=unknown).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate file even after uninstall.\n","ACR-167":"The return policy between the landing page and the offer page is inconsistent.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\Notifier.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.13.13086","fileVersion":"1.8.13.13086","hashMD5":"b63a927db69bb046b266f89638d1489b","hashSHA1":"be86c2f8cd05f05f72f6688f92bb845534cc9d6a","hashSHA256":"ddb50af4c71452b69bb45d969f169547ea5628d7ed135268fe87724bd6bfadf5","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1260","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomClient.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.13.13086","fileVersion":"1.8.13.13086","hashMD5":"4d9d70a9d231eda3d58bd1f273c8be0d","hashSHA1":"c40e093e0f4bfb94a1614efcc0ce0dc4f40e32ab","hashSHA256":"1eff9e169f65cf5e8bcc63e1d5250ce60e798db531d2fcbcaeafb3c99891e096","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1260","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomService.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.13.13086","fileVersion":"1.8.13.13086","hashMD5":"5c37bb5ee153121ddb3e66afcebe0f30","hashSHA1":"ad3e67dd84eee7fdf77c03095de779ec8c33f2f7","hashSHA256":"8299adde4bddc864a248f702a844e172c81b4e536e620280186bde61426e93b2","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1260","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"","fileVersion":"1.8.13.0 Rev 13086","hashMD5":"a9f32bb07402304d1c140023f8b18397","hashSHA1":"ef66f7a1d6efd27c787bef0d1ffe17f8645f031d","hashSHA256":"a291ac883b67757a0aea2d52e4d6113189470cafc015a25ef308cb4b6a6b5baf","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1260","avBlockList":["Avast Premium Security (20230323)","AVG Internet Security (20230323)","Avira Internet Security (20230323)","ESET Internet Security (20230323)","K7 Total Security (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Sophos Home Premium (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","VirIT eXplorer PRO (20230323)","Webroot SecureAnywhere (20230323)"],"avAllowList":["360 Total Security (20230323)","Bitdefender Internet Security (20230323)","COMODO Antivirus (20230323)","Dr.Web Security Space (20230323)","G DATA INTERNET SECURITY (20230323)","Kaspersky Internet Security (20230323)","Quick Heal Internet Security (20230323)","Trend Micro Internet Security (20230323)","VIPRE Advanced Security (20230323)","Windows Defender (20230323)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.okayfreedom.com/en/","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1260"}],"sampleFiles":["221228/OkayFreedomVPN-220927/1.8.13.13086/Samples/okayfreedom.exe"],"imageFiles":["221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-048/ACR-048_1.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-048/ACR-048_2.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-048/ACR-048_3.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-084/ACR-084 (1).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-084/ACR-084 (2).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-165/ACR-165_1.jpg","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-043/ACR-043 (1).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-043/ACR-043 (2).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-043/ACR-043 (3).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-043/ACR-043.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-107/ACR-107.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-042/ACR-042 (1).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-042/ACR-042 (2).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-042/ACR-042 (3).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-042/ACR-042.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-048/ACR-048_Install_1.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-007/ACR-007 (1).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-007/ACR-007 (2).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-118/ACR-118.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-167/ACR-167_1.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-167/ACR-167_2.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-045/ACR-045 (1).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-045/ACR-045 (2).JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-123/ACR-123._1JPG.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-123/ACR-123.JPG","221228/OkayFreedomVPN-220927/1.8.13.13086/Images/ACR-018/ACR-018.jpg"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.13.13086_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.13.13086","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":919},{"violations":{"ACR-042":"1. The app drops the Cert file before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the Cert file that is dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'. \n","ACR-048":"The app does not provide any control to close the background processes that run silently in the background within the app's settings.\n","ACR-007":"The app does not obtain user explicit consent for dropping the cert file which can reduce the consumer's security posture.\n\n","ACR-084":"On quitting the app, the process \"OkayFreedomService.exe\" runs silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after installation without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal on the internal offers page (https://store.steganos.com/1234/?scope=checkout&cart=201497&coupon=NEWYEAR2023&enablecoupon=false&recommendation=none&cfg=okayfreedom&utm_campaign=OkayFreedom.com&utm_medium=shortlinks&utm_source=unknown&wkz=unknown).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate file even after uninstall.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomClient.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.16.13383","fileVersion":"1.8.16.13383","hashMD5":"cba24629cfa3a639b2a2fcba2ba880c5","hashSHA1":"734bdf5fe6165da1f62dcceb861985c8568d8d25","hashSHA256":"d1d674821e63dd00938be73250f6ccf7317436268556eef9dfda16f07f66da96","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1073","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomService.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.16.13383","fileVersion":"1.8.16.13383","hashMD5":"1b95edfbb248fb72e0895f7d14cbee20","hashSHA1":"6c976e5b4c49759046d93840540b32776dc8e106","hashSHA256":"b57965a03e4876d0d87128030f5daae538d770f83239ed958b1ee1e35935c1ad","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1073","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\Updater.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.16.13383","fileVersion":"1.8.16.13383","hashMD5":"4e464f26b9e9408999a70d7fbda654a4","hashSHA1":"b068bff88aada49bbbfa622f5190b435d10b1073","hashSHA256":"83a9185aded19656d8986c49e7d2a8ba734eb14ee2f4331f82d291f20da3f810","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1073","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"","fileVersion":"1.8.16.0 Rev 13383","hashMD5":"5548a36efbfffdffab3078712fbe811c","hashSHA1":"0b5b2acd3f923f3c826d2fb4082bef2cbe536a82","hashSHA256":"c14741300660339283277cf13dc102d04c7d8aac9330fc361c1be7dfa9b4cd83","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1073","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://www.okayfreedom.com/en/","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1073"}],"sampleFiles":["230531/OkayFreedomVPN-220927/1.8.16.13383/Samples/okayfreedom.exe"],"imageFiles":["230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-048/ACR-048.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-084/ACR-084.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-165/ACR-165.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-043/ACR-043.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-043/ACR-043_1.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-107/ACR-107.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-042/ACR-042.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-042/ACR-042_1.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-007/ACR-007.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-045/ACR-045.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-123/ACR-123.JPG","230531/OkayFreedomVPN-220927/1.8.16.13383/Images/ACR-018/ACR-018.JPG"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.16.13383_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.16.13383","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":914},{"violations":{"ACR-048":"After disconnect and exit the application, the service process is still running in the background without providing options for user to stop it.\n","ACR-014":"The app displays  unsubstantiated statement that identity is visible on the net even if another VPN is Connected.\n","ACR-165":"The app does not provide clear detailed information about is this onetime charge or  how users will be notified for renewal on the internal offers page (https://store.steganos.com/1234/?scope=checkout&cart=201497&coupon=NEWYEAR2023&enablecoupon=false&recommendation=none&cfg=okayfreedom&utm_campaign=OkayFreedom.com&utm_medium=shortlinks&utm_source=unknown&wkz=unknown).\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"OkayFreedomClient.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.17.13422","fileVersion":"1.8.17.13422","hashMD5":"2855961fcb4953a4ed1ff21e91c99872","hashSHA1":"aeea5502eab19f81cd0c6c44ee5063c8246bacc6","hashSHA256":"4114604ec405c024c604475bc51869612634c2d4538b6f194a81f39981807d23","digitalCertThumbprint":"E0E8FAA47B48FAE65B4B913A030CCE8A1416C7E9","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"1008","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","fileVersion":"1.8.17.13422","hashMD5":"7285050617d3c0c3fc38277f4abebd9a","hashSHA1":"459aaad4c5543e0d667ecd35c2c65804a1cd4a5c","hashSHA256":"18379135892e50a407307799bfb676def2d235f02b61e849880af91d39b9aeb9","digitalCertThumbprint":"E0E8FAA47B48FAE65B4B913A030CCE8A1416C7E9","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE","sourceIndex":"1008","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.okayfreedom.com/en/","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1008"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://file.steganos.com/software/download/okayfreedom.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file.steganos.com/software/download/okayfreedom.exe","sourceIndex":"1009"}],"sampleFiles":["230705/OkayFreedomVPN-220927/1.8.17.13422/Samples/OkayFreedomClient.exe","230705/OkayFreedomVPN-220927/1.8.17.13422/Samples/okayfreedom.exe"],"imageFiles":["230705/OkayFreedomVPN-220927/1.8.17.13422/Images/ACR-014/ACR-014.png","230705/OkayFreedomVPN-220927/1.8.17.13422/Images/ACR-048/OkayFreedomService.png","230705/OkayFreedomVPN-220927/1.8.17.13422/Images/ACR-048/Settings.png","230705/OkayFreedomVPN-220927/1.8.17.13422/Images/ACR-165/OkayFreedom_OfferPage.jpeg"],"nonDeceptorImageFiles":["230705/OkayFreedomVPN-220927/1.8.17.13422/Images/ACR-018/ACR-018.JPG"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.17.13422_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.17.13422","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T20:53:23.7096731+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":913},{"violations":{"ACR-042":"1. The app drops the Cert file before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n3. On executing the installer, it directly installs the app and its components without asking for any user's permission.\n","ACR-043":"1. The app does not provide information regarding the Cert file that is dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n3. All the components of \"OkayFreedom VPN\" get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'. \n","ACR-048":"The app does not provide any control to close the background processes that run silently in the background within the app's settings.\nThe app does not provide any option to cancel the installation process.\n","ACR-007":"The app does not obtain user explicit consent for dropping the cert file which can reduce the consumer's security posture.\n\n","ACR-084":"On quitting the app, the process \"OkayFreedomService.exe\" runs silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after installation without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal on the internal offers page (https://store.steganos.com/1234/?scope=checkout&cart=201497&coupon=NEWYEAR2023&enablecoupon=false&recommendation=none&cfg=okayfreedom&utm_campaign=OkayFreedom.com&utm_medium=shortlinks&utm_source=unknown&wkz=unknown).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate file even after uninstall.\n","ACR-167":"The return policy between the landing page and the offer page is inconsistent.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomClient.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.13.13218","fileVersion":"1.8.13.13218","hashMD5":"d5323ca0bb1fe62864118ef174d72928","hashSHA1":"79d9311c96b9aff72958001005586abcfe552e25","hashSHA256":"5b897a1f184793f36b599dde58fd685cdd2f99d467dac9e3d10b59e20310d883","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1210","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomService.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.13.13218","fileVersion":"1.8.13.13218","hashMD5":"619951f18a60a347b3e3c2f493516834","hashSHA1":"09316af435afc0965500f9ddead41cdc9d5961c8","hashSHA256":"3fda2fea36f4bdfb4f83cac02affef79b37280cdeecf12bb9e284f57f7dc03e6","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1210","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"","fileVersion":"1.8.13.0 Rev 13218","hashMD5":"6ee708dba3dda5c1bcd5bfb5bc4d852c","hashSHA1":"0d6c33f0d657af70f3211a96cc338aa9481822ef","hashSHA256":"e6b79e85dd349c0250a5686162fc2b499dd3746c21d254887b1f47d7318366fd","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1210","avBlockList":["360 Total Security (20230321)","Avast Premium Security (20230321)","AVG Internet Security (20230321)","Avira Internet Security (20230321)","Bitdefender Internet Security (20230321)","ESET Internet Security (20230321)","K7 Total Security (20230321)","Malwarebytes Premium (20230321)","McAfee Total Protection (20230321)","Norton Security (20230321)","Panda Dome (20230321)","Quick Heal Internet Security (20230321)","Sophos Home Premium (20230321)","SpyHunter5 (20230321)","Total AV Antivirus Pro (20230321)","VIPRE Advanced Security (20230321)","VirIT eXplorer PRO (20230321)","Webroot SecureAnywhere (20230321)"],"avAllowList":["COMODO Antivirus (20230321)","Dr.Web Security Space (20230321)","G DATA INTERNET SECURITY (20230321)","Kaspersky Internet Security (20230321)","Trend Micro Internet Security (20230321)","Windows Defender (20230321)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.okayfreedom.com/en","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1210"}],"sampleFiles":["230301/OkayFreedomVPN-220927/1.8.13.13218/Samples/okayfreedom.exe"],"imageFiles":["230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-048/ACR-048.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-048/ACR_048-1.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-084/ACR-084.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-165/ACR-165_1.jpg","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-043/ACR-043 (1).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-043/ACR-043 (2).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-043/ACR-043 (3).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-043/ACR-043.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-107/ACR-107.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-042/ACR-042 (1).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-042/ACR-042 (2).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-042/ACR-042 (3).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-042/ACR-042.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-048/ACR-048_Install_1.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-007/ACR-007 (1).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-007/ACR-007 (2).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-118/ACR-118.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-167/ACR-167_1.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-167/ACR-167_2.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-045/ACR-045 (1).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-045/ACR-045 (2).JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-123/ACR-123._1JPG.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-123/ACR-123.JPG","230301/OkayFreedomVPN-220927/1.8.13.13218/Images/ACR-018/ACR-018.jpg"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.13.13218_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.13.13218","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":918},{"violations":{"ACR-109":"1. The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n2.  The app installs several shortcuts without disclosing them to the user or getting user consent and also not disclosed the relationship to the app during installation.\n","ACR-042":"The app installs several shortcuts without disclosing them to the user or getting user consent.\n","ACR-043":"The app installs several shortcuts without disclosing them to the user or getting user consent.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless.\nThe app does not provide any control to remove the background process (\"Game.exe\") and to close its prompt using standard platform interfaces.\n","ACR-006":"The user is not informed of the ads monetization approach.\n","ACR-010":"The app distributes deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software. \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"Upon closing the app, the \"Game.exe\" process runs silently in the background hiding the fact that it is active from the consumer. Also, the Game prompt does not attempt to have a standard platform interface to close it.\n","ACR-118":"Upon uninstallation, the app retains many of its components along with a \"curl-ca-bundle.crt\" and all the shortcut files too on the device without the user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"1. There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n2. The app installs several shortcuts without disclosing them to the user or getting user consent and also not disclosed the relationship to the app during installation.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The executables are not digitally signed.\n","ACR-123":"The app does not remove dropped shortcut files even after uninstalling.\n","ACR-079":"The app attempts to display Advertisements as a barrier preventing consumers from navigating to the actual app, upon launching the app every single time.\n","ACR-011":"The Ad was not clearly labeled as an Ad, it was displayed as if it was part of the app.\n"},"samples":[{"isRevoked":"False","fileName":"TruckDriver3DSetup.exe","isInstaller":"True","companyName":"Free Games Downloads Inc.                                  ","productName":"Truck Driver 3D                                             ","productVersion":"2.6.0.2                                           ","fileVersion":"                    ","hashMD5":"717f9f7bf41356f351d999524acf77b6","hashSHA1":"48f5b6d81a5507cfaf48c18331d9bc8785cd9156","hashSHA256":"2786adb69c9a0e2ac3364fd0719409b4630e47245203c18a42413d3bbe661206","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1016","avBlockList":["Avast Premium Security (20230803)","AVG Internet Security (20230803)","Avira Internet Security (20230803)","Bitdefender Internet Security (20230803)","Dr.Web Security Space (20230803)","ESET Internet Security (20230803)","G DATA INTERNET SECURITY (20230803)","K7 Total Security (20230803)","Kaspersky Internet Security (20230803)","Malwarebytes Premium (20230803)","McAfee Total Protection (20230803)","Norton Security (20230803)","Panda Dome (20230803)","Sophos Home Premium (20230803)","SpyHunter5 (20230803)","Total AV Antivirus Pro (20230803)","VIPRE Advanced Security (20230803)","VirIT eXplorer PRO (20230803)","Webroot SecureAnywhere (20230803)"],"avAllowList":["360 Total Security (20230803)","COMODO Antivirus (20230803)","Quick Heal Internet Security (20230803)","Trend Micro Internet Security (20230803)","Windows Defender (20230803)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on Download sites","reference":"","landingPage":"https://falcoware.com/TruckDriver3D.php","directDownloadingLink":"https://falcoware.com/download.php?exe=http://www.falcogames.com/TruckDriver3DSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://falcoware.com/download.php?exe=http://www.falcogames.com/TruckDriver3DSetup.exe","sourceIndex":"1016"}],"sampleFiles":["230705/TruckDriver3D-230629/2.6.0.2/Samples/TruckDriver3DSetup.exe"],"imageFiles":["230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-109/ACR-109.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-109/ACR-109_1.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-039/ACR-039.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-039/ACR-039_1.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-043/ACR-043_1.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-042/ACR-042_1.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-048/ACR-048.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-048/ACR-048_1.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-048/ACR-048_2.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-010/ACR-010.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-013/ACR-013.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-084/ACR-084.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-084/ACR-084_1.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-006/ACR-006.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-006/ACR-006_1.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-057/ACR-057.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-059/ACR-059.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-060/ACR-060.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-071/ACR-071.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-155/ACR-155.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-118/ACR-118_1.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-118/ACR-118_2.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-106/ACR-106.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-092/ACR-092.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-079/ACR-079.JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-011/ACR-011 (1).JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-011/ACR-011 (2).JPG","230705/TruckDriver3D-230629/2.6.0.2/Images/ACR-123/ACR-123.JPG"],"guid":"3610b6aa-eb9f-48e9-8fb9-58402e6f2575_2.6.0.2_1","appID":"TruckDriver3D-230629","dateAdded":"230705","deceptorType":"Bundler","name":"Truck Driver 3D","company":"Free Games Downloads, Inc.","version":"2.6.0.2","lastKnownStatus":"2.6.0.2","lastKnownDate":"230705","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-07-05T22:00:01.8426127+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":912},{"violations":{"ACR-042":"1. The app drops the Cert file before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the Cert file that is dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" is installed without any disclosure in EULA.\n\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'. \n","ACR-048":"The app does not provide any control to close the background processes that run silently in the background within the app's settings.\n","ACR-007":"The app does not obtain user explicit consent for dropping the cert file which can reduce the consumer's security posture.\n\n","ACR-084":"On quitting the app, the process \"OkayFreedomService.exe\" runs silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after installation without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user. \n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal on the internal offers page (https://store.steganos.com/1234/?scope=checkout&cart=201497&coupon=NEWYEAR2023&enablecoupon=false&recommendation=none&cfg=okayfreedom&utm_campaign=OkayFreedom.com&utm_medium=shortlinks&utm_source=unknown&wkz=unknown).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate file even after uninstall.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomClient.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.15.13364","fileVersion":"1.8.15.13364","hashMD5":"1c8956df66e1a874f7ea899f2a541b34","hashSHA1":"bb5489f2dbf1dadedfe080c219aac942febe69fa","hashSHA256":"97eea5eef8197c19d4d171fb2b1789b0ac1b7a0a0db7653d07fd3cb8065b334f","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1082","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\OkayFreedomService.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.15.13364","fileVersion":"1.8.15.13364","hashMD5":"6fb7d13dabccea582664c9d242d3b20e","hashSHA1":"45be3dedc3314f66299815a81848083ce3e21f05","hashSHA256":"7864e808e08cbdcad737ecb57f3ad038313dd15be86b29b054634a3785abb399","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1082","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OkayFreedom\\Updater.exe","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"1.8.15.13364","fileVersion":"1.8.15.13364","hashMD5":"091b1f8895bf3f53a3f07bcd6a3ffc3e","hashSHA1":"ad447ccd155d403c141d5c8289b1332a1e59fdff","hashSHA256":"50df3a4f0dbb684ccaf30d4fa5e018e1b7a2fbbf8902e2c6d63062bb60b9167b","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1082","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"okayfreedom.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"OkayFreedom","productVersion":"","fileVersion":"1.8.15.0 Rev 13364","hashMD5":"6732e138f0f818d874f4675d79ffe8ca","hashSHA1":"26a8b9fc3ab353dedb5d3e2499f37e3458ce4fc0","hashSHA256":"762e37543f3f01538dd11e8290dfe5144a7d20af6bf1cb69846d1619d2f363d9","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1082","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.okayfreedom.com/en/","directDownloadingLink":"https://www.okayfreedom.com/en/download/?","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.okayfreedom.com/en/download/?","sourceIndex":"1082"}],"sampleFiles":["230525/OkayFreedomVPN-220927/1.8.15.13364/Samples/okayfreedom.exe"],"imageFiles":["230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-048/ACR-048.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-084/ACR-084.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-165/ACR-165.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-043/ACR-043.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-043/ACR-043_1.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-043/ACR-043_2.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-107/ACR-107.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-042/ACR-042.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-042/ACR-042_1.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-042/ACR-042_2.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-007/ACR-007.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-007/ACR-007_1.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-045/ACR-045.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-045/ACR-045_1.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-123/ACR-123.JPG","230525/OkayFreedomVPN-220927/1.8.15.13364/Images/ACR-018/ACR-018.JPG"],"guid":"d006aab9-15d3-45fc-b0be-4af2f40e795c_1.8.15.13364_1","appID":"OkayFreedomVPN-220927","dateAdded":"230705","deceptorType":"App","name":"OkayFreedom VPN","company":"Steganos Software GmbH","version":"1.8.15.13364","firstVendorContactDate":"230704","firstAppEsteemReplyDate":"230705","firstResolvedDate":"230710","firstResolvedVersion":"1.8.17.13422 (updated)","resolved":"TRUE","lastKnownStatus":"1.8.11.12886;1.8.12.13039;1.8.13.13086;1.8.13.13218;1.8.14.13343;1.8.15.13358;1.8.15.13364;1.8.16.13383;1.8.17.13422","lastKnownDate":"230705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":915},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The app does not have a digital signatures for the installer and other executables.\n"},"samples":[{"isRevoked":"False","fileName":"MP3Speed.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"MP3 Speed                                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e134e67ac8b09bce5069159d66a3b176","hashSHA1":"1508c227f3784543b31130ceee443732398d6715","hashSHA256":"1da7ac0fb76833ab517815280baaececa1a61d86624c78f8f5a341e1538d3df0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1021","avBlockList":["360 Total Security (20230810)","Avast Premium Security (20230810)","AVG Internet Security (20230810)","Avira Internet Security (20230810)","Bitdefender Internet Security (20230810)","COMODO Antivirus (20230810)","Dr.Web Security Space (20230810)","ESET Internet Security (20230810)","G DATA INTERNET SECURITY (20230810)","K7 Total Security (20230810)","Kaspersky Internet Security (20230810)","Malwarebytes Premium (20230810)","McAfee Total Protection (20230810)","Norton Security (20230810)","Panda Dome (20230810)","Quick Heal Internet Security (20230810)","Sophos Home Premium (20230810)","SpyHunter5 (20230810)","Total AV Antivirus Pro (20230810)","VIPRE Advanced Security (20230810)","VirIT eXplorer PRO (20230810)","Webroot SecureAnywhere (20230810)","Windows Defender (20230810)"],"avAllowList":["Trend Micro Internet Security (20230810)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.mp3-cutter-splitter.com/mp3_speed.html","directDownloadingLink":"http://www.mp3-cutter-splitter.com/Downloads/MP3Speed.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.mp3-cutter-splitter.com/Downloads/MP3Speed.zip","sourceIndex":"1021"}],"sampleFiles":["230703/MP3Speed-230703/5.5.3/Samples/MP3Speed.exe"],"imageFiles":["230703/MP3Speed-230703/5.5.3/Images/ACR-109/ACR-109.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-048/ACR-048.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-010/ACR-010.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-013/ACR-013.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-118/ACR-118.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-057/ACR-057.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-059/ACR-059.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-060/ACR-060.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-071/ACR-071.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-155/ACR-155.PNG"],"nonDeceptorImageFiles":["230703/MP3Speed-230703/5.5.3/Images/ACR-106/ACR-106.PNG","230703/MP3Speed-230703/5.5.3/Images/ACR-092/ACR-092.PNG"],"guid":"f871797a-db23-448d-8e6b-305331f667fa_5.5.3_1","appID":"MP3Speed-230703","dateAdded":"230703","deceptorType":"Bundler","name":"MP3 Speed","company":"Accmeware Corporation","version":"5.5.3","lastKnownStatus":"5.5.3","lastKnownDate":"230703","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-07-04T01:03:26.0329663+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":922},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n2. The app does not provide any control to disable the startup it created.\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notification when it is running and requires a hotkey and password to open it. \n","ACR-017":"The 3rd party endorsement ( https://bit.ly/33jXQWh ) is not verifiable.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a hotkey and password to hide its presence.\n2. During install it displays the installation location as \"program(x86)\" but when viewed, that location does not contain any files related to the app but when the \"RFS\" folder is searched in that directory it displays the apps component. Thus the app tries to hide the installed components from the targeted consumers.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \" Setup.exe”, which is not related to the name \"Real PC Spy\", which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into a hidden folder with the name \"RFS”.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the installer\"Real Free Keylogger.exe\" and other components.\n","ACR-099":"The app does not provide uninstall information in the software.\nThe app does not provide uninstall information in the landingpage.\nThe app does not provide uninstall information in the Internaloffers.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the landing page, internal offer page and software.\n","ACR-037":"The app does not provide Privacy Policy in the landing page, internal offer page and software.\n","ACR-167":"The application has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\RFS\\setup.exe","companyName":"","productName":"4","productVersion":"2.05","fileVersion":"2.05","hashMD5":"b72e699e5fbfd966b747a8abb4bc1022","hashSHA1":"d550c7d609d24e119aa7be8a63745a69d3edd8a6","hashSHA256":"f0c0a394aa7ad1a00ca450a2dcb13bd35259101c89cafd11f29d3bfc51bb6fca","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1763","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Real Free Keylogger.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"e9bd254750b9598d3dee553197fdca3a","hashSHA1":"77005befedcd331b336caaa0db023f492842a539","hashSHA256":"08a4d6e94d46383ab92bfa9a905f54af21f1d1ec7a476c3055d7f83ff7342b99","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1763","avBlockList":["360 Total Security (20211223)","Avast Premium Security (20211223)","AVG Internet Security (20211223)","Avira Internet Security (20211223)","Bitdefender Internet Security (20211223)","COMODO Antivirus (20211223)","ESET Internet Security (20211223)","G DATA INTERNET SECURITY (20211223)","K7 Total Security (20211223)","Kaspersky Internet Security (20211223)","Malwarebytes Premium (20211223)","McAfee Total Protection (20211223)","Norton Security (20211223)","Panda Dome (20211223)","Quick Heal Internet Security (20211223)","Sophos Home Premium (20211223)","SpyHunter5 (20211223)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20211223)","Trend Micro Internet Security (20211223)","VIPRE Advanced Security (20211223)","VirIT eXplorer PRO (20211223)","Webroot SecureAnywhere (20211223)","Windows Defender (20211223)"],"avAllowList":["Dr.Web Security Space (20211223)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger","reference":"","landingPage":"https://realspysoftware.com/","directDownloadingLink":"https://www.raymond.cc/blog/wp-content/plugins/download-monitor/download.php?id=1460","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.raymond.cc/blog/wp-content/plugins/download-monitor/download.php?id=1460","sourceIndex":"1763"}],"sampleFiles":["211213/RealPCSpy-210126/2.5/Samples/Real Free Keylogger.exe"],"imageFiles":["211213/RealPCSpy-210126/2.5/Images/ACR-084/ACR-084_Software.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-084/ACR-084_Software_1.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-084/ACR-084_Software_Hidden_2.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-084/ACR-084_Software_No_Disclosure_4.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-084/ACR-084_Software_Hidden_5.mp4","211213/RealPCSpy-210126/2.5/Images/ACR-086/ACR-086_Software.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-086/ACR-086_Software_1.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-086/ACR-086_Software_2.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-048/ACR-048_Software.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-048/ACR-048_Software_1.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-048/ACR-048_Software_2.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-048/ACR-048_Software_3.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-048/ACR-048_Software_No_Control_4.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-048/ACR-048_Software_No_Control_5.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-007/ACR-007_Software_Hidden.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-007/ACR-007_Software_Hidden_2.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-007/ACR-007_Software_Hidden_3.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-007/ACR-007_Software_Hidden_4.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-014/ACR-014_Software_Misleading.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-116/ACR-116_Uninstall_Hidden.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.jpg"],"nonDeceptorImageFiles":["211213/RealPCSpy-210126/2.5/Images/ACR-038/ACR-038_Install_No_Details.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-038/ACR-038_Install_No_Details_1.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-038/ACR-038_Install_No_Details_2.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-038/ACR-038_Install_No_Details_3.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-065/ACR-065_Install_No_Docs.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-092/ACR-092_Software_No_DigitalSignature.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-065/ACR-065_Software_No_Docs.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-099/ACR-099_Software_No_UninstallInfo.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-035/ACR-035_Docs_No_Docs.jpg","211213/RealPCSpy-210126/2.5/Images/ACR-035/ACR-035_Docs_No_Docs_1.jpg","211213/RealPCSpy-210126/2.5/Images/ACR-035/ACR-035_Docs_No_Docs_2.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-037/ACR-037_Docs_No_PrivacyPolicy.jpg","211213/RealPCSpy-210126/2.5/Images/ACR-037/ACR-037_Docs_No_PrivacyPolicy_1.jpg","211213/RealPCSpy-210126/2.5/Images/ACR-037/ACR-037_Docs_No_PrivacyPolicy_2.JPG","211213/RealPCSpy-210126/2.5/Images/ACR-065/ACR-065_Landingpage_No_Docs.jpg","211213/RealPCSpy-210126/2.5/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.jpg","211213/RealPCSpy-210126/2.5/Images/ACR-065/ACR-065_InternalOffers_No_Docs.jpg","211213/RealPCSpy-210126/2.5/Images/ACR-099/ACR-099_InternalOffers_No_UninstallInfo.jpg"],"guid":"9087cf50-10cf-4962-a218-3dae78e8e158_2.5_1","appID":"RealPCSpy-210126","dateAdded":"230630","deceptorType":"App","name":"Real PC Spy ","company":"ReaSpySoftware.com","version":"2.5","lastKnownStatus":"5.73;2.5;5.76","lastKnownDate":"230630","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":924},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n\n","ACR-007":"The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notification when it is running and requires a hotkey and password to open it. \n","ACR-017":"The 3rd party endorsement (https://realspysoftware.com/buy.php) is not verifiable.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a hotkey and password to hide its presence.\n2. During installation it displays the installation location as \"program(x86)\" but when viewed, that location does not contain any files related to the app but when the \"RS1\" folder is searched in that directory it displays the apps component. Thus the app tries to hide the installed components from the targeted consumers.\n","ACR-086":"The app does not inform the targeted consumer to who it is transmitting data. The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"Setup.exe”, which is not related to the name \"Real PC Spy\", which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product Version, File version for all the executables.\n","ACR-040":"The app is installed into a hidden folder with the name \"RS1”.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the installer and other executables.\n","ACR-099":"The app does not provide uninstall information in the software.\nThe app does not provide uninstall information in the landingpage.\nThe app does not provide uninstall information in the Internal offers.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the landing page, internal offer page and software.\n","ACR-036":"The app does not provide Privacy Policy in the landing page, internal offer page and software.\n","ACR-037":"The app does not provide Privacy Policy in the landing page, internal offer page and software.\n","ACR-167":"The application has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\RS1\\HHelper.exe","companyName":"","productName":"Service","productVersion":"1.00","fileVersion":"1.00","hashMD5":"4527222fb2c34a5fc80f57b77ee84998","hashSHA1":"75dbece6298eb92fdb3900f456cf9c17314a2957","hashSHA256":"66a9a4956b5b6c75aac1e61ce1814b3c89e5efe7d3cbdecef3cd852c53d65871","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1022","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\RS1\\load.exe","companyName":"","productName":"3","productVersion":"1.00","fileVersion":"1.00","hashMD5":"d6ed0a4d7e4159505f31bb6febad2a09","hashSHA1":"40f3ed90ce688893e38e920b24852dcb8c41e6a1","hashSHA256":"fcfcbad63d5abb2495ace3b9ef37d757a7c153e0bd5d2e95bab16f2e74265f1e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1022","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\RS1\\setup.exe","companyName":"","productName":"3","productVersion":"5.76","fileVersion":"5.76","hashMD5":"0e71df147daa6f670862e3b11ce61907","hashSHA1":"4f07953f4f51b36e28e750d7d691b67230d03c19","hashSHA256":"0d02bdcccfc502ea009c65c74b9088a01bf89895aae9471645def2ad73d5b5db","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1022","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"890dd0c20c8878a5bb4701123b0df01a","hashSHA1":"ab613f3f847bb8a07979ee319380d7b3b0ecfe1e","hashSHA256":"289b299f740a3ab823f74bde3f57ec904977ee8b2533f401a270255c245d832a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1022","avBlockList":["360 Total Security (20230323)","Avast Premium Security (20230323)","AVG Internet Security (20230323)","Avira Internet Security (20230323)","Bitdefender Internet Security (20230323)","COMODO Antivirus (20230323)","Dr.Web Security Space (20230323)","ESET Internet Security (20230323)","G DATA INTERNET SECURITY (20230323)","K7 Total Security (20230323)","Kaspersky Internet Security (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Quick Heal Internet Security (20230323)","Sophos Home Premium (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","Trend Micro Internet Security (20230323)","VIPRE Advanced Security (20230323)","VirIT eXplorer PRO (20230323)","Webroot SecureAnywhere (20230323)","Windows Defender (20230323)"],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_2.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f8044df4d482e35f571681922b6d19d6","hashSHA1":"a55b64aecd4b0a60e3a3a5a021a008709b3b2cf2","hashSHA256":"92cbb23dc241d71154fc874130124cedb222ce7285d0f8866c8f299b709ef889","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"1022","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://realspysoftware.com/","directDownloadingLink":"https://realspysoftware.com/trial.php?f=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://realspysoftware.com/trial.php?f=1","sourceIndex":"1022"}],"sampleFiles":["230630/RealPCSpy-210126/5.76/Samples/setup.exe","230630/RealPCSpy-210126/5.76/Samples/setup_2.exe"],"imageFiles":["230630/RealPCSpy-210126/5.76/Images/ACR-084/ACR-084.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-084/ACR-084_1.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-084/ACR-084_2.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-084/ACR-084_3.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-084/ACR-084_4.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-084/ACR-084_5.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-084/ACR-084_6.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-084/ACR-084_7.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-086/ACR-086.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-086/ACR-086_1.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-086/ACR-086_2.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-086/ACR-086_3.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-048/ACR-048.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-048/ACR-048_1.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-048/ACR-048_2.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-048/ACR-048_3.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-048/ACR-048_4.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-048/ACR-048_5.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-007/ACR-007.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-007/ACR-007_1.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-007/ACR-007_2.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-007/ACR-007_3.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-014/ACR-014.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-116/ACR-116.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-017/ACR-017.JPG"],"nonDeceptorImageFiles":["230630/RealPCSpy-210126/5.76/Images/ACR-038/ACR-038.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-040/ACR-040.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-065/ACR-065_Install.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-092/ACR-092.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-092/ACR-092_1.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-065/ACR-065_Software.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-099/ACR-099_Software.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-035/ACR-035.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-035/ACR-035_1.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-035/ACR-035_2.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-035/ACR-035_3.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-036/ACR-036.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-036/ACR-036_1.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-036/ACR-036_2.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-036/ACR-036_3.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-037/ACR-037.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-037/ACR-037_1.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-037/ACR-037_2.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-037/ACR-037_3.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-065/ACR-065_Landingpage.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-099/ACR-099_Landingpage.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-065/ACR-065_InternalOffers.JPG","230630/RealPCSpy-210126/5.76/Images/ACR-099/ACR-099_InternalOffers.JPG"],"guid":"9087cf50-10cf-4962-a218-3dae78e8e158_5.76_1","appID":"RealPCSpy-210126","dateAdded":"230630","deceptorType":"App","name":"Real PC Spy ","company":"ReaSpySoftware.com","version":"5.76","lastKnownStatus":"5.73;2.5;5.76","lastKnownDate":"230630","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:38.0706983+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":923},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer. The app can then only be reopened with a hotkey and password.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \" HHelper.exe”, which is not related to the name \"Real PC Spy\", which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into a hidden folder with the name \"RS1”.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the main executables.\n","ACR-099":"The app does not display links to uninstall information.\n The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the software, landing page and internal offer page.\n","ACR-037":"The app does not provide Privacy Policy in the software, landing page and internal offer page.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"CertSvc.exe","fileVersion":"1.0","hashMD5":"468fb9a46709f6f12f4b3f68e1c9a058","hashSHA1":"08a169415ea12d7dc6ce1ddfe526aa14caf1683c","hashSHA256":"9747099fa0a1daf5ea6cb306223c1d82ee9a3d9398752a7dcf3cc82e9e645c8f","sourceIndex":"1855","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"HHelper.exe","companyName":"Ceramiche Ariostea","fileVersion":"1.0","hashMD5":"ce88d6136547bc5cdf48f54c3b1762dc","hashSHA1":"179e678dd6bd083070ae4b55f19a4c8c174c5e97","hashSHA256":"8b4d5ae85f90f2298d65b605363c39f302d48f78882d71bdd6f50b023f2fa1b8","sourceIndex":"1855","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"bc880f888cb08a06ad904910334af47d","hashSHA1":"3c17218386c2fe0d2c4461efe75180315e737e65","hashSHA256":"a78261bd24ba901948a615869f18ec5dbf73eb36e83ffdc7558221c776d20952","sourceIndex":"1855","avBlockList":["360 Total Security (20210316)","Avast Premium Security (20210316)","AVG Internet Security (20210316)","Avira Internet Security (20210316)","Bitdefender Internet Security (20210316)","COMODO Antivirus (20210316)","ESET Internet Security (20210316)","G DATA INTERNET SECURITY (20210316)","K7 Total Security (20210316)","Malwarebytes Premium (20210316)","McAfee Total Protection (20210316)","Norton Security (20210316)","Panda Dome (20210316)","Quick Heal Internet Security (20210316)","Sophos Home Premium (20210316)","SpyHunter5 (20210316)","Tencent PC Manager (20210316)","Total AV Antivirus Pro (20210316)","VIPRE Advanced Security (20210316)","VirIT eXplorer PRO (20210316)","Webroot SecureAnywhere (20210316)","Windows Defender (20210316)"],"avAllowList":["Dr.Web Security Space (20210316)","Kaspersky Internet Security (20210316)","Trend Micro Internet Security (20210316)"]},{"isRevoked":"False","fileName":"setup.exe","fileVersion":"5.73","hashMD5":"166c55d1091a63de93298bd157e60167","hashSHA1":"5273fcb1843aed6d401a11e9ba5dc8f77d8eee7e","hashSHA256":"cf5d95f0db533e3bde572a37d6977d99d2d7b653e2b0b4c450416b7c373942ee","sourceIndex":"1855","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"fb8d040bb730f4ed98d9dac41fa2825d0624fc2f583ed0950a17e873ec70ae5b","sourceIndex":"1855","avBlockList":["360 Total Security (20210316)","Avast Premium Security (20210316)","AVG Internet Security (20210316)","Avira Internet Security (20210316)","Bitdefender Internet Security (20210316)","COMODO Antivirus (20210316)","ESET Internet Security (20210316)","G DATA INTERNET SECURITY (20210316)","K7 Total Security (20210316)","Malwarebytes Premium (20210316)","McAfee Total Protection (20210316)","Norton Security (20210316)","Panda Dome (20210316)","Quick Heal Internet Security (20210316)","Sophos Home Premium (20210316)","SpyHunter5 (20210316)","Tencent PC Manager (20210316)","Total AV Antivirus Pro (20210316)","VIPRE Advanced Security (20210316)","VirIT eXplorer PRO (20210316)","Webroot SecureAnywhere (20210316)"],"avAllowList":["Dr.Web Security Space (20210316)","Kaspersky Internet Security (20210316)","Trend Micro Internet Security (20210316)","Windows Defender (20210316)"]},{"isRevoked":"False","fileName":"rs.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"96fc869b2dbf01809a6384b8959af01e30fac5a864b29cd198c6f6058aa49d3f","sourceIndex":"1855","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup[2].exe","fileVersion":"5.73","hashMD5":"e04112fa93fac713c0e0a1f1beaa788d","hashSHA1":"18458c84c77ac40037872101e2c411fee9c6f537","hashSHA256":"a2ad7fe014e6b233c91cc9b9ab90ee22e148cc219aa6ca3523667a3683a0b614","sourceIndex":"1855","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup[2]_.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"20a499f6b592507ed584fc2aeb7cbd08","hashSHA1":"c78ea3386078cc36ea0b7480287a811e057bfc83","hashSHA256":"2997f0478f7095d4823d4c77e716479f87dd532ab2917e9ea6c297b9753605ee","sourceIndex":"1855","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.updownload.com/real-free-keylogger/","landingPage":"https://realspysoftware.com/","directDownloadingLink":"http://1.realspysoftware.com/5/setup.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://1.realspysoftware.com/5/setup.zip","sourceIndex":"1855"}],"sampleFiles":["210714/RealPCSpy-210126/5.73/Samples/CertSvc.exe","210714/RealPCSpy-210126/5.73/Samples/HHelper.exe","210714/RealPCSpy-210126/5.73/Samples/setup_.exe","210714/RealPCSpy-210126/5.73/Samples/setup.exe","210714/RealPCSpy-210126/5.73/Samples/setup.zip","210714/RealPCSpy-210126/5.73/Samples/rs.zip","210714/RealPCSpy-210126/5.73/Samples/setup[2].exe","210714/RealPCSpy-210126/5.73/Samples/setup[2]_.exe"],"imageFiles":["210714/RealPCSpy-210126/5.73/Images/ACR-084/RealPCSpy_Interactions [1]2.png","210714/RealPCSpy-210126/5.73/Images/ACR-084/RealPCSpy_Files [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-084/RealPCSpy_Interactions [8] Stealth Mode.png","210714/RealPCSpy-210126/5.73/Images/ACR-086/RealPCSpy_Interactions [9] Logs.png","210714/RealPCSpy-210126/5.73/Images/ACR-086/RealPCSpy_Interactions [10] Screenshot.png","210714/RealPCSpy-210126/5.73/Images/ACR-086/RealPCSpy_Interactions [11] Excluded.png","210714/RealPCSpy-210126/5.73/Images/ACR-086/RealPCSpy_Interactions [12] Delivery.png","210714/RealPCSpy-210126/5.73/Images/ACR-086/RealPCSpy_Interactions [8] Stealth Mode.png","210714/RealPCSpy-210126/5.73/Images/ACR-048/RealPCSpy_Interactions [1] Hotkey.png","210714/RealPCSpy-210126/5.73/Images/ACR-048/RealPCSpy_Interactions [2] Password.png","210714/RealPCSpy-210126/5.73/Images/ACR-048/RealPCSpy_Interactions [1]2.png","210714/RealPCSpy-210126/5.73/Images/ACR-048/RealPCSpy_Interactions [8] Stealth Mode.png","210714/RealPCSpy-210126/5.73/Images/ACR-007/RealPCSpy_Interactions [1]2.png","210714/RealPCSpy-210126/5.73/Images/ACR-007/RealPCSpy_Interactions [8] Stealth Mode.png","210714/RealPCSpy-210126/5.73/Images/ACR-007/RealPCSpy_Interactions [2] Password.png","210714/RealPCSpy-210126/5.73/Images/ACR-007/RealPCSpy_Interactions [1]4.png","210714/RealPCSpy-210126/5.73/Images/ACR-014/RealPCSpy_RunningProcess [2].png","210714/RealPCSpy-210126/5.73/Images/ACR-116/RealPCSpy_ControlPanel [1].png"],"nonDeceptorImageFiles":["210714/RealPCSpy-210126/5.73/Images/ACR-038/RealPCSpy_FileProperty [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-038/RealPCSpy_FileProperty [3].png","210714/RealPCSpy-210126/5.73/Images/ACR-040/RealPCSpy_Files [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-065/RealPCSpy_Install [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-065/RealPCSpy_Install [2].png","210714/RealPCSpy-210126/5.73/Images/ACR-065/RealPCSpy_Install [4].png","210714/RealPCSpy-210126/5.73/Images/ACR-092/RealPCSpy_FileProperty [2].png","210714/RealPCSpy-210126/5.73/Images/ACR-092/RealPCSpy_FileProperty [4].png","210714/RealPCSpy-210126/5.73/Images/ACR-092/RealPCSpy_FileProperty [5].png","210714/RealPCSpy-210126/5.73/Images/ACR-092/RealPCSpy_FileProperty [6].png","210714/RealPCSpy-210126/5.73/Images/ACR-092/RealPCSpy_FileProperty [7].png","210714/RealPCSpy-210126/5.73/Images/ACR-065/RealPCSpy_Interactions [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-065/RealPCSpy_Interactions [1]1.png","210714/RealPCSpy-210126/5.73/Images/ACR-099/RealPCSpy_Interactions [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-099/RealPCSpy_Interactions [1]1.png","210714/RealPCSpy-210126/5.73/Images/ACR-035/RealPCSpy_Interactions [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-035/RealPCSpy_Interactions [1]1.png","210714/RealPCSpy-210126/5.73/Images/ACR-035/RealPCSpy_LandingPage [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-035/RealPCSpy_OfferPage [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-037/RealPCSpy_Interactions [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-037/RealPCSpy_Interactions [1]1.png","210714/RealPCSpy-210126/5.73/Images/ACR-037/RealPCSpy_LandingPage [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-037/RealPCSpy_OfferPage [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-065/RealPCSpy_LandingPage [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-099/RealPCSpy_LandingPage [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-065/RealPCSpy_OfferPage [1].png","210714/RealPCSpy-210126/5.73/Images/ACR-099/RealPCSpy_OfferPage [1].png"],"guid":"9087cf50-10cf-4962-a218-3dae78e8e158_5.73_1","appID":"RealPCSpy-210126","dateAdded":"230630","deceptorType":"App","name":"Real PC Spy ","company":"ReaSpySoftware.com","version":"5.73","sigName":"Deceptor:Win32/RealPCSpyStalkerware!084086048007014116","lastKnownStatus":"5.73;2.5;5.76","lastKnownDate":"230630","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-06-30T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":925},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The main executable is not digitally signed\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Power Audio Extractor\\PowerAudioExtractor1.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"4f3baf6bf592c33afd0589f1967fa2ba","hashSHA1":"24ccea0924d89851b761261c8dde0963dacdc1ed","hashSHA256":"2132b8bc2aabae0e02167ce8c9c7b0b56e082b270a3c45c37761e8b066c485f5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1026","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerAudioExtractor.exe","isInstaller":"True","companyName":"PowerSE Distribution Inc.                                  ","productName":"Power Audio Extractor                                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3a2a53387e796765862ed0b10116d5e7","hashSHA1":"e3d5b2b693bda83af98ca72fae7473d9fb3d238e","hashSHA256":"f2c2a88ba53c9c9ea5f23961b40514305f8aff4996cb7ea513b6a3d48a765175","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1026","avBlockList":["360 Total Security (20230704)","Avast Premium Security (20230704)","AVG Internet Security (20230704)","Avira Internet Security (20230704)","Bitdefender Internet Security (20230704)","COMODO Antivirus (20230704)","Dr.Web Security Space (20230704)","ESET Internet Security (20230704)","G DATA INTERNET SECURITY (20230704)","K7 Total Security (20230704)","Kaspersky Internet Security (20230704)","Malwarebytes Premium (20230704)","McAfee Total Protection (20230704)","Norton Security (20230704)","Panda Dome (20230704)","Quick Heal Internet Security (20230704)","Sophos Home Premium (20230704)","SpyHunter5 (20230704)","Total AV Antivirus Pro (20230704)","VIPRE Advanced Security (20230704)","VirIT eXplorer PRO (20230704)","Webroot SecureAnywhere (20230704)","Windows Defender (20230704)"],"avAllowList":["Trend Micro Internet Security (20230704)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://free-sound-editor.com/poweraudioextractor/","directDownloadingLink":"https://free-sound-editor.com/PowerAudioExtractor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-sound-editor.com/PowerAudioExtractor.exe","sourceIndex":"1026"}],"sampleFiles":["230626/PowerAudioExtractor-230622/8.8.2.5/Samples/PowerAudioExtractor.exe"],"imageFiles":["230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-109/ACR-109.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-048/ACR-048.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-010/ACR-010.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-013/ACR-013.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-118/ACR-118.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-057/ACR-057.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-059/ACR-059.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-060/ACR-060.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-071/ACR-071.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-106/ACR-106.JPG","230626/PowerAudioExtractor-230622/8.8.2.5/Images/ACR-092/ACR-092.JPG"],"guid":"dd7d3818-15b8-45c6-81db-af0b809f9552_8.8.2.5_1","appID":"PowerAudioExtractor-230622","dateAdded":"230626","deceptorType":"Bundler","name":"Power Audio Extractor","company":"PowerSE Distribution, Inc.","version":"8.8.2.5","lastKnownStatus":"8.8.2.5","lastKnownDate":"230626","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-06-26T21:11:57.305112+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":926},{"violations":{"ACR-003":"The app does not provide a free fix for the identified issues shown during the free scan thereby forcing the customer to purchase the app in order to complete the full fix. Also, the app exaggerates the scan results by displaying a red-colored font for the total number of identified issues and using misleading words such as \"Obsolete\" and \"Errors\".\n","ACR-004":"The app does not provide a free fix for the identified issues shown during the free scan thereby forcing the customer to purchase the app in order to complete the full fix. Also, the app exaggerates the scan results by displaying a red-colored font for the total number of identified issues and using misleading words such as \"Obsolete\" and \"Errors\".\n","ACR-103":"The app's website and purchase links shown in the software are not working, instead it redirects to some other domain selling page. \n","ACR-014":"The app does not provide a free fix for the identified issues shown during the free scan thereby forcing the customer to purchase the app in order to complete the full fix. Also, the app exaggerates the scan results by displaying a red-colored font for the total number of identified issues and using misleading words such as \"Obsolete\" and \"Errors\".\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for any of its executables.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTopsoft Register Optimizer\\RegisterOptimizer.exe","companyName":"iTopsoft","productName":"iTopsoft Register Optimizer","productVersion":"2.05","fileVersion":"2.05","hashMD5":"5c6ac620fd24fac4b9881fd3ee0720ec","hashSHA1":"9765dc7c5598e4ec43330557e848e4262d32f004","hashSHA256":"151626a9d35123562b0c33144bb8e196fee58b43ea0d64bb61c567e40e547324","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1025","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iro_setup.exe","isInstaller":"True","companyName":"iTopsoft                                                    ","productName":"iTopsoft Register Optimizer                                 ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"c43072966bccc1736c864c17b07369c4","hashSHA1":"08dc595214842a7de30a48d213751cb6b516e814","hashSHA256":"79b8f03ae2d9bb33698492b12405265bca347baf1e5cd2f757bf0934e1cfbcbf","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1025","avBlockList":["Avast Premium Security (20230704)","AVG Internet Security (20230704)","Avira Internet Security (20230704)","ESET Internet Security (20230704)","K7 Total Security (20230704)","Malwarebytes Premium (20230704)","McAfee Total Protection (20230704)","Norton Security (20230704)","Panda Dome (20230704)","Sophos Home Premium (20230704)","SpyHunter5 (20230704)","Total AV Antivirus Pro (20230704)","VirIT eXplorer PRO (20230704)","Webroot SecureAnywhere (20230704)","Windows Defender (20230704)"],"avAllowList":["360 Total Security (20230704)","Bitdefender Internet Security (20230704)","COMODO Antivirus (20230704)","Dr.Web Security Space (20230704)","G DATA INTERNET SECURITY (20230704)","Quick Heal Internet Security (20230704)","Trend Micro Internet Security (20230704)","VIPRE Advanced Security (20230704)","Kaspersky Internet Security (20230704)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://itopsoft-register-optimizer.software.informer.com/","directDownloadingLink":"https://itopsoft-register-optimizer.software.informer.com/download/?ca1a977","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://itopsoft-register-optimizer.software.informer.com/download/?ca1a977","sourceIndex":"1025"}],"sampleFiles":["230626/iTopsoftRegisterOptimizer-230626/2.05/Samples/iro_setup.exe"],"imageFiles":["230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-004/ACR-004.JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-004/ACR-004_1.JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-004/ACR-004_2.JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-103/ACR-103.JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-103/ACR-103_1.JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-003/ACR-003 (1).JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-003/ACR-003 (2).JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-003/ACR-003 (3).JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-014/ACR-014 (1).JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-014/ACR-014 (2).JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-014/ACR-014 (3).JPG"],"nonDeceptorImageFiles":["230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-092/ACR-092_1.JPG","230626/iTopsoftRegisterOptimizer-230626/2.05/Images/ACR-092/ACR-092_2.JPG"],"guid":"d1584c73-ef12-49e2-8424-878e0622d319_2.05_1","appID":"iTopsoftRegisterOptimizer-230626","dateAdded":"230626","deceptorType":"App","name":"iTopsoft Register Optimizer","company":"iTopsoft","version":"2.05","lastKnownStatus":"2.05","lastKnownDate":"230626","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-26T22:07:44.4209259+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":927},{"violations":{"ACR-043":"1. The \"Free YouTube to MP3 Converter\" app's components get dropped in a single click without asking the user's permission and disclosing the installation path.\n2. The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent and does not disclose relevant license information about 'FFmPeg'.\n","ACR-048":"The app does not provide any control to enable/disable the startup and to exit the app completely.\n","ACR-007":"The application logo is way too similar to the Windows logo, a misleading representation of the app source.\n","ACR-017":"The application logo is way too similar to the Windows logo, a misleading representation of the app source.\n","ACR-084":"The app creates an undisclosed Startup to perform an action without the user's knowledge and consent. When attempting to exit the app, one process still runs in the background without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent also not disclosed the relationship to the app during installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeToMP3Converter_Setup.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube To MP3 Converter (sc)                          ","productVersion":"4.3.89.316                                        ","fileVersion":"4.3.89.316          ","hashMD5":"1e0b41f0d8f9d52b0d8b1dcb434a09c5","hashSHA1":"db21062816976b0da5bb7ed378755be5a9e96b1b","hashSHA256":"e54a80d7d2aeb9514d430602bd57368a33a5148a1e2820535ff0f29e20a23b79","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1153","avBlockList":["360 Total Security (20230525)","Avast Premium Security (20230525)","AVG Internet Security (20230525)","Avira Internet Security (20230525)","Dr.Web Security Space (20230525)","McAfee Total Protection (20230525)","Norton Security (20230525)","Panda Dome (20230525)","Sophos Home Premium (20230525)","SpyHunter5 (20230525)","Total AV Antivirus Pro (20230525)","VirIT eXplorer PRO (20230525)","Webroot SecureAnywhere (20230525)","Windows Defender (20230525)"],"avAllowList":["Bitdefender Internet Security (20230525)","COMODO Antivirus (20230525)","ESET Internet Security (20230525)","G DATA INTERNET SECURITY (20230525)","K7 Total Security (20230525)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20230525)","Quick Heal Internet Security (20230525)","Trend Micro Internet Security (20230525)","VIPRE Advanced Security (20230525)"]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/free-youtube-to-mp3-converter-en1","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP3Converter.exe&ls=topWinPrimaryLeft&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP3Converter.exe&ls=topWinPrimaryLeft&auid=true","sourceIndex":"1153"}],"sampleFiles":["230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Samples/FreeYouTubeToMP3Converter_Setup.exe"],"imageFiles":["230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-039/ACR-039.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-043/ACR-043_1.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-043/ACR-043_2.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-048/ACR-048.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-048/ACR-048_1.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-048/ACR-048_2.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-007/ACR-007.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-017/ACR-017.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-084/ACR-084.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-084/ACR-084_1.JPG","230419/FreeYoutubeToMP3Converter-220131/4.3.89.316/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":[],"guid":"1409c4fa-713a-46b6-b2bd-3e300fd9050a_4.3.89.316_1","appID":"FreeYoutubeToMP3Converter-220131","dateAdded":"230626","deceptorType":"App","name":"Free Youtube To MP3 Converter","company":"Digital Wave Ltd","version":"4.3.89.316","lastKnownStatus":"4.3.64.125;4.3.89.316;4.3.94.529","lastKnownDate":"230626","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":929},{"violations":{"ACR-109":"The app installs \"DVDVideoSoft Free Studio\" without disclosing it to the user and getting user consent.\n","ACR-043":"The app installs \"DVDVideoSoft Free Studio\" without disclosing it to the user and getting user consent. The app installs its components in a different location \"%Program Files%\\Common Files\\DVDVideoSoft\\\". It also runs the \"vidnotifier.exe\" process and creates a startup.\n","ACR-048":"non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"application logo is way too similar to windows logo, misleading representation for the app source. \n","ACR-039":"The app installs \"DVDVideoSoft Free Studio\" without disclosing it to the user and getting user consent.\n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install. \n","ACR-040":"non disclosed components \"FreeStudioManager\" are installed in non common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\n The landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The App's  About page does not contain links to uninstall information. \nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeDownload_4.3.47.505_d_0b5c694d-9e38-4fe7-8444-d72dbc885ec1.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Youtube to MP3 Converter","productVersion":"4.3.64.125","fileVersion":"4.3.64.125","hashMD5":"168d82f2184a8c6a3ff00826cb7bae0d","hashSHA1":"1ddeb9175c8e17c40243cc20b23d77883dfd8bb5","hashSHA256":"5bbf9667a8c94a362b1d04e70c3da0e25337a89cec961457ce6d5fe0a7671862","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1720","avBlockList":["Avast Premium Security (20220217)","AVG Internet Security (20220217)","Avira Internet Security (20220217)","Dr.Web Security Space (20220217)","K7 Total Security (20220217)","Kaspersky Internet Security (20220217)","McAfee Total Protection (20220217)","Norton Security (20220217)","Panda Dome (20220217)","Sophos Home Premium (20220217)","SpyHunter5 (20220217)","Total AV Antivirus Pro (20220217)","VirIT eXplorer PRO (20220217)","Windows Defender (20220217)"],"avAllowList":["360 Total Security (20220217)","Bitdefender Internet Security (20220217)","COMODO Antivirus (20220217)","ESET Internet Security (20220217)","G DATA INTERNET SECURITY (20220217)","Malwarebytes Premium (20220217)","Quick Heal Internet Security (20220217)","Tencent PC Manager (20220217)","Trend Micro Internet Security (20220217)","VIPRE Advanced Security (20220217)","Webroot SecureAnywhere (20220217)"]},{"isRevoked":"False","fileName":"FreeYTVDownloader.exe","companyName":"Digital Wave Ltd","productName":"Free Youtube to MP3 Converter","productVersion":"4.3.64.125","fileVersion":"4.3.64.125","hashMD5":"93752055a4f16766ec8ab0461372fc52","hashSHA1":"02ff58216782fb7c514328065a9f18c1a482ecf2","hashSHA256":"d5784b77276bdf0a2fd91de59e1a82f2a578a434e47d52d02a81518a2eda9c12","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1720","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","fileVersion":"6.7","hashMD5":"61aec3166ee74da0610ae1290b47f2c9","hashSHA1":"dd932a410c34af7027ae08fb8d086ab33fdcfc9c","hashSHA256":"d1f6142bc41d3b50729129f3c11d0be47682865665ab10b52742b985569b3970","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1720","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter-en4.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP3Converter.exe&ls=topWinPrimaryLeft&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP3Converter.exe&ls=topWinPrimaryLeft&auid=true","sourceIndex":"1720"}],"sampleFiles":["220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Samples/FreeYouTubeDownload_4.3.47.505_d_0b5c694d-9e38-4fe7-8444-d72dbc885ec1.exe","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Samples/FreeYTVDownloader.exe","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Samples/FreeStudioManager.exe"],"imageFiles":["220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-109/FreeYTVMP3 Installed Shortcut.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-039/FreeYTVMP3 Installed Shortcut.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-043/FreeYTVMP3 Installed Shortcut.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-043/FreeStudioManager App Location.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-043/VidNotifier.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-048/Uninstallentry.JPG","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-048/Components installed.JPG","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-017/LogoMisleading.JPG","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-164/FreeYTVMP3 Offer.png"],"nonDeceptorImageFiles":["220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-044/FreeYotubetoMP3 Install.mp4","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-040/InstallationLocation.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-065/FreeYTVMP3 EULA.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-065/FreeYTVMP3 About.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-065/FreeYouTubeToMP3Converter Landing Page.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-099/FreeYTVMP3 About.png","220202/FreeYoutubeToMP3Converter-220131/4.3.64.125/Images/ACR-099/FreeYTVMP3 Offer.png"],"guid":"1409c4fa-713a-46b6-b2bd-3e300fd9050a_4.3.64.125_1","appID":"FreeYoutubeToMP3Converter-220131","dateAdded":"230626","deceptorType":"App","name":"Free Youtube To MP3 Converter","company":"Digital Wave Ltd","version":"4.3.64.125","lastKnownStatus":"4.3.64.125;4.3.89.316;4.3.94.529","lastKnownDate":"230626","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":930},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent also not disclosed the relationship to the app during installation.\n","ACR-043":"1. The \"Free YouTube to MP3 Converter\" app's components get dropped in a single click without asking the user's permission and disclosing the installation path.\n2. The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent and does not disclose relevant license information about 'FFmPeg'.\n","ACR-048":"The app does not provide any option to cancel the installation process.\nThe app does not provide any control to enable/disable the startup and to exit the app completely.\n","ACR-007":"The application logo is way too similar to the Windows logo, a misleading representation of the app source.\n","ACR-017":"The application logo is way too similar to the Windows logo, a misleading representation of the app source.\n","ACR-084":"The app creates an undisclosed Startup to perform an action without the user's knowledge and consent. When attempting to exit the app, one process still runs in the background without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent also not disclosed the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove its startup item even after uninstall. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Common Files\\DVDVideoSoft\\lib\\vidnotifier\\vidnotifier.exe","companyName":"Digital Wave Ltd","productName":"Free Studio","productVersion":"1.1.64.529","fileVersion":"1.1.64.529","hashMD5":"37a019af48b334a0964e4eae24ae280b","hashSHA1":"3c7411d8b75502ed982ae1866ae02b424b8c8b4a","hashSHA256":"1333d37ddf651a0533115e1d7d11b77d115a4fb7e48729fbac6a7750828dc570","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1024","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube to MP3 Converter\\FreeYouTubeToMP3Converter.exe","companyName":"Digital Wave Ltd","productName":"Free Studio","productVersion":"4.3.94.529","fileVersion":"4.3.94.529","hashMD5":"c1065fbaae38dc611687a2aef03d5aa0","hashSHA1":"5906563099e946d864340fcdb15acc0f781d2a4e","hashSHA256":"673a717aa2a561fc2d516755fe94c8828e3754a6a5d332e99b4a389ff802bf32","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1024","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeToMP3Converter_4.3.94.529_o_cd5a9e08-7ac8-4871-ad04-b80b543ffa87.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube To MP3 Converter (t1393)                       ","productVersion":"4.3.94.529                                        ","fileVersion":"4.3.94.529          ","hashMD5":"4f1fe5511ad2c4a5e1e0b36d9ee40dfe","hashSHA1":"f4feb02c7b79b076d186bdd98133b29cd63de0cc","hashSHA256":"8c9cc0a0dc24cfdb70ddc19f23b16c1de7ed5bc3dedc3563cb6e7d137b1d5dac","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1024","avBlockList":["Avast Premium Security (20230815)","AVG Internet Security (20230815)","Avira Internet Security (20230815)","Dr.Web Security Space (20230815)","McAfee Total Protection (20230815)","Norton Security (20230815)","Panda Dome (20230815)","Sophos Home Premium (20230815)","SpyHunter5 (20230815)","Total AV Antivirus Pro (20230815)","VirIT eXplorer PRO (20230815)","Webroot SecureAnywhere (20230815)"],"avAllowList":["360 Total Security (20230815)","Bitdefender Internet Security (20230815)","COMODO Antivirus (20230815)","ESET Internet Security (20230815)","G DATA INTERNET SECURITY (20230815)","K7 Total Security (20230815)","Kaspersky Internet Security (20230815)","Malwarebytes Premium (20230815)","Quick Heal Internet Security (20230815)","Trend Micro Internet Security (20230815)","VIPRE Advanced Security (20230815)","Windows Defender (20230815)"]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/free-youtube-to-mp3-converter-en4","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP3Converter.exe&ls=topWinPrimaryLeft&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToMP3Converter.exe&ls=topWinPrimaryLeft&auid=true","sourceIndex":"1024"}],"sampleFiles":["230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Samples/FreeYouTubeToMP3Converter_4.3.94.529_o_cd5a9e08-7ac8-4871-ad04-b80b543ffa87.exe"],"imageFiles":["230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-109/ACR-109.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-039/ACR-039.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-043/ACR-043.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-043/ACR-043_1.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-048/ACR-048(1).JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-048/ACR-048.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-048/ACR-048_1.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-048/ACR-048_2.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-007/ACR-007_1.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-007/ACR-007.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-017/ACR-017 (1).JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-017/ACR-017 (2).JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-084/ACR-084.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-084/ACR-084_1.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-118/ACR-118.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-118/ACR-118_1.JPG","230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-118/ACR-118_2.JPG"],"nonDeceptorImageFiles":["230626/FreeYoutubeToMP3Converter-220131/4.3.94.529/Images/ACR-123/ACR-123.JPG"],"guid":"1409c4fa-713a-46b6-b2bd-3e300fd9050a_4.3.94.529_1","appID":"FreeYoutubeToMP3Converter-220131","dateAdded":"230626","deceptorType":"App","name":"Free Youtube To MP3 Converter","company":"Digital Wave Ltd","version":"4.3.94.529","lastKnownStatus":"4.3.64.125;4.3.89.316;4.3.94.529","lastKnownDate":"230626","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-26T22:10:26.826205+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":928},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"FFmpeg\" is installed without any disclosure in EULA. \n","ACR-043":"1. The app drops the Root Certificate files without disclosing in during installation.\n2. Open source project \"FFmpeg\" is installed without any disclosure in EULA. \n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg'. \n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-017":"Unable to verify third-party endorsements.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without the user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app needs to provide detailed information about how to cancel, and renew notifications, and the next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SpeedEase Video DVD Copy\\SpeedEaseVideoDVDCopy.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1029","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpeedEaseVideoDVDCopy.exe","isInstaller":"True","companyName":"AudioToolMedia Co. Ltd.                                    ","productName":"SpeedEase Video DVD Copy                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"a24a121eb18390b5350e4f940466b35b","hashSHA1":"2a6e650c8cbc4a1c11f8f1a4bcacdc74e9046665","hashSHA256":"ae05d7a1c762756636385f934089ab77c2331b3e4c0c86917c055bc0dc22bffa","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1029","avBlockList":["360 Total Security (20230704)","Avast Premium Security (20230704)","AVG Internet Security (20230704)","Avira Internet Security (20230704)","Bitdefender Internet Security (20230704)","Dr.Web Security Space (20230704)","ESET Internet Security (20230704)","G DATA INTERNET SECURITY (20230704)","K7 Total Security (20230704)","Kaspersky Internet Security (20230704)","Malwarebytes Premium (20230704)","McAfee Total Protection (20230704)","Norton Security (20230704)","Panda Dome (20230704)","Quick Heal Internet Security (20230704)","Sophos Home Premium (20230704)","SpyHunter5 (20230704)","Total AV Antivirus Pro (20230704)","VIPRE Advanced Security (20230704)","VirIT eXplorer PRO (20230704)","Webroot SecureAnywhere (20230704)","Windows Defender (20230704)"],"avAllowList":["COMODO Antivirus (20230704)","Trend Micro Internet Security (20230704)"]}],"additionalFiles":[],"sources":[{"howFound":"AudioToolMedia Product","reference":"","landingPage":"http://audio-tool.net/speedeasevideodvdcopy/","directDownloadingLink":"http://audio-tool.net/SpeedEaseVideoDVDCopy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://audio-tool.net/SpeedEaseVideoDVDCopy.exe","sourceIndex":"1029"}],"sampleFiles":["230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Samples/SpeedEaseVideoDVDCopy.exe"],"imageFiles":["230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-109/ACR-109.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-039/ACR-039.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-043/ACR-043.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-043/ACR-043_1.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-107/ACR-107.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-042/ACR-042.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-042/ACR-042_1.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-048/ACR-048.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-007/ACR-007.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-010/ACR-010.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-013/ACR-013.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-118/ACR-118.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-118/ACR-118_1.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-057/ACR-057.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-059/ACR-059.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-060/ACR-060.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-071/ACR-071.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-155/ACR-155.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-165/ACR-165.jpg","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-017/ACR-017.JPG"],"nonDeceptorImageFiles":["230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-045/ACR-045.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-106/ACR-106.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-092/ACR-092.JPG","230623/SpeedEaseVideoDVDCopy-230622/8.8.1/Images/ACR-123/ACR-123.JPG"],"guid":"b8debcf8-0474-4f77-8759-047db230da0b_8.8.1_1","appID":"SpeedEaseVideoDVDCopy-230622","dateAdded":"230623","deceptorType":"Bundler","name":"SpeedEase Video DVD Copy","company":"AudioToolMedia","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"230623","type":"Windows Executable","category":"Bundlers & Downloaders, Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-23T23:48:56.5051677+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":931},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt. 2. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"1. The app drops the Root Certificate files without disclosing in during installation. 2. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about the 'FFmpeg' package.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without the user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":" Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Power YouTube to MP3 Converter\\PowerYouTubetoMP3Converter.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"256bc08e4f66bc0c3df0600220853311","hashSHA1":"f08d3a1ed91755b9d58d5a4ffaa9c1cb9e0c1d9e","hashSHA256":"031de687b35b9a0619780172dbd5dced32a1206152865707c8e7db2dfe824020","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1028","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerYouTubetoMP3ConverterSetup.exe","isInstaller":"True","companyName":"PowerSE Distribution Inc.                                  ","productName":"Power YouTube to MP3 Converter                              ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2672a26059092a135c12f42dd105e65b","hashSHA1":"575a643db67f7625fb49c80a730e88aae8fc6158","hashSHA256":"97bd5fc166eb5e4b19a32e2a3ddfa2784f4db5c93f0bd12507fdfa6b10da5ae5","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1028","avBlockList":["360 Total Security (20230706)","Avast Premium Security (20230706)","AVG Internet Security (20230706)","Avira Internet Security (20230706)","Bitdefender Internet Security (20230706)","Dr.Web Security Space (20230706)","ESET Internet Security (20230706)","G DATA INTERNET SECURITY (20230706)","K7 Total Security (20230706)","Kaspersky Internet Security (20230706)","Malwarebytes Premium (20230706)","McAfee Total Protection (20230706)","Norton Security (20230706)","Panda Dome (20230706)","Quick Heal Internet Security (20230706)","Sophos Home Premium (20230706)","SpyHunter5 (20230706)","Total AV Antivirus Pro (20230706)","VIPRE Advanced Security (20230706)","VirIT eXplorer PRO (20230706)","Webroot SecureAnywhere (20230706)","Windows Defender (20230706)"],"avAllowList":["COMODO Antivirus (20230706)","Trend Micro Internet Security (20230706)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://free-sound-editor.com/poweryoutubetomp3converter/","directDownloadingLink":"https://free-sound-editor.com/PowerYouTubetoMP3Converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-sound-editor.com/PowerYouTubetoMP3Converter.exe","sourceIndex":"1028"}],"sampleFiles":["230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Samples/PowerYouTubetoMP3ConverterSetup.exe"],"imageFiles":["230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-109/ACR-109.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-043/ACR-043.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-043/ACR-043_1.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-107/ACR-107.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-042/ACR-042.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-042/ACR-042_1.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-048/ACR-048.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-007/ACR-007.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-010/ACR-010.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-013/ACR-013.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-118/ACR-118.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-057/ACR-057.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-059/ACR-059.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-060/ACR-060.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-071/ACR-071.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-045/ACR-045.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-106/ACR-106.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-092/ACR-092.JPG","230623/PowerYouTubetoMP3Converter-230622/8.8.2.5/Images/ACR-123/ACR-123.JPG"],"guid":"d2ea3d49-0fb2-4efd-b27c-fe2417aa5df7_8.8.2.5_1","appID":"PowerYouTubetoMP3Converter-230622","dateAdded":"230623","deceptorType":"Bundler","name":"PowerYouTubetoMP3Converter","company":"PowerSE Distribution, Inc.","version":"8.8.2.5","lastKnownStatus":"8.8.2.5","lastKnownDate":"230623","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-06-24T00:11:09.6377989+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":932},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"PowerBurningWizard.exe","isInstaller":"True","companyName":"PowerSE Distribution, Inc.                                  ","fileVersion":"0.0","hashMD5":"cf37228342036765e57550a4f999d155","hashSHA1":"6e894df97e0a552df78f7b1c2f05cd64c31e37d6","hashSHA256":"32641e31374c3e57b7266b02f127c3d7d4103017f141d892b767c8d7ac4a3b4a","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1030","avBlockList":["360 Total Security (20230706)","Avast Premium Security (20230706)","AVG Internet Security (20230706)","Avira Internet Security (20230706)","Bitdefender Internet Security (20230706)","Dr.Web Security Space (20230706)","ESET Internet Security (20230706)","G DATA INTERNET SECURITY (20230706)","K7 Total Security (20230706)","Kaspersky Internet Security (20230706)","Malwarebytes Premium (20230706)","McAfee Total Protection (20230706)","Norton Security (20230706)","Panda Dome (20230706)","Quick Heal Internet Security (20230706)","Sophos Home Premium (20230706)","SpyHunter5 (20230706)","Total AV Antivirus Pro (20230706)","Trend Micro Internet Security (20230706)","VIPRE Advanced Security (20230706)","VirIT eXplorer PRO (20230706)","Webroot SecureAnywhere (20230706)","Windows Defender (20230706)"],"avAllowList":["COMODO Antivirus (20230706)"]},{"isRevoked":"False","fileName":"PowerBurningWizard1.exe","fileVersion":"0.0","hashMD5":"1ba131b030d369d9e1cd9480e2a17d60","hashSHA1":"4d3529a32cf7d1f341ad267669b3cc297531304c","hashSHA256":"b6fc05830e35fff3d2b9efce6700b4a518d69acfb2258f14fa5ce81a5bc324af","sourceIndex":"1030","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"https://free-sound-editor.com/powerburningstudio/","directDownloadingLink":"https://free-sound-editor.com/PowerBurningWizard.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-sound-editor.com/PowerBurningWizard.exe","sourceIndex":"1030"}],"sampleFiles":["230623/PowerBurningWizard-230622/8.8.2.5/Samples/PowerBurningWizard.exe","230623/PowerBurningWizard-230622/8.8.2.5/Samples/PowerBurningWizard1.exe"],"imageFiles":["230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-109/ACR-109.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-043/ACR-043.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-042/ACR-042.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-048/ACR-048.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-007/ACR-007.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-010/ACR-010.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-013/ACR-013.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-118/ACR-118.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-057/ACR-057.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-059/ACR-059.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-060/ACR-060.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-071/ACR-071.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-045/ACR-045.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-106/ACR-106.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-092/ACR-092.JPG","230623/PowerBurningWizard-230622/8.8.2.5/Images/ACR-123/ACR-123.JPG"],"guid":"d4e505ca-34ec-4987-98ff-9f5d33290434_8.8.2.5_1","appID":"PowerBurningWizard-230622","dateAdded":"230623","deceptorType":"Bundler","name":"Power Burning Wizard","company":"PowerSE Distribution, Inc.","version":"8.8.2.5","lastKnownStatus":"8.8.2.5","lastKnownDate":"230623","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-06-23T23:46:09.7906407+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":933},{"violations":{"ACR-003":"The app exaggerates the scan results by using exclamation symbols and displaying traffic light colors, and graphical representations with the misleading \"Error\" & \"Problems\" words in red font. Also, the app does not provide a free fix for the identified issues shown during the free scan thereby forcing the customer to purchase the app in order to complete the full fix.\n","ACR-004":"The app does not provide a free fix for the identified issues shown during the free scan thereby forcing the customer to purchase the app in order to complete the full fix. Also, the app exaggerates the scan results by using exclamation symbols and displaying traffic light colors, and graphical representations with the misleading \"Error\" & \"Problems\" words in red font.\n","ACR-103":"The app's website and purchase links shown in the software are not working.\n","ACR-014":"The app exaggerates the scan results by using exclamation symbols and displaying traffic light colors, and graphical representations with the misleading \"Error\" & \"Problems\" words in red font. Also, the app does not provide a free fix for the identified issues shown during the free scan thereby forcing the customer to purchase the app in order to complete the full fix.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for any of its executables.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Nemo Registry Doctor\\NemoRegistryDoctor.exe","companyName":"Nemo Studio","productName":"Nemo Registry Doctor","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"664ff3d86160c62ee6bd8d2c5ff76da2","hashSHA1":"99413d86af85fa02dcb949518267c33e2befdc3a","hashSHA256":"aa477791ac82141ec18926b74a272fd0232c5385cf1da69dd6f117c6171aa14a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1027","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"nemo-registry-doctor-software-trial.exe","isInstaller":"True","companyName":"Nemo Studio Inc.                                           ","productName":"Nemo Registry Doctor                                        ","productVersion":"2.0.0.0             ","fileVersion":"2.0.0.0             ","hashMD5":"c935de08817f25a5515fc9a8fd4fc6e4","hashSHA1":"58daf1269724f9df4976ca96b98df9e6ee975af4","hashSHA256":"89dfaa706bf5e8d982384127a36167e1dc3b248971f31903815788a88a79b942","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1027","avBlockList":["Avast Premium Security (20230706)","AVG Internet Security (20230706)","Avira Internet Security (20230706)","ESET Internet Security (20230706)","G DATA INTERNET SECURITY (20230706)","K7 Total Security (20230706)","Norton Security (20230706)","Panda Dome (20230706)","Quick Heal Internet Security (20230706)","Sophos Home Premium (20230706)","SpyHunter5 (20230706)","Total AV Antivirus Pro (20230706)","VirIT eXplorer PRO (20230706)","Webroot SecureAnywhere (20230706)"],"avAllowList":["360 Total Security (20230706)","Bitdefender Internet Security (20230706)","COMODO Antivirus (20230706)","Dr.Web Security Space (20230706)","Kaspersky Internet Security (20230706)","Malwarebytes Premium (20230706)","McAfee Total Protection (20230706)","Trend Micro Internet Security (20230706)","VIPRE Advanced Security (20230706)","Windows Defender (20230706)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://nemo-registry-doctor.software.informer.com/","directDownloadingLink":"https://nemo-registry-doctor.software.informer.com/download/?ca1a534","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://nemo-registry-doctor.software.informer.com/download/?ca1a534","sourceIndex":"1027"}],"sampleFiles":["230623/NemoRegistryDoctor-230623/2.0/Samples/nemo-registry-doctor-software-trial.exe"],"imageFiles":["230623/NemoRegistryDoctor-230623/2.0/Images/ACR-004/ACR-004 (1).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-004/ACR-004 (2).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-004/ACR-004 (3).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-004/ACR-004 (4).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-004/ACR-004 (5).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-004/ACR-004 (6).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-103/ACR-103_1.JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-003/ACR-003 (1).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-003/ACR-003 (2).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-003/ACR-003 (3).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-003/ACR-003 (4).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-003/ACR-003 (5).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-003/ACR-003 (6).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-014/ACR-014 (1).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-014/ACR-014 (2).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-014/ACR-014 (3).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-014/ACR-014 (4).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-014/ACR-014 (5).JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-014/ACR-014 (6).JPG"],"nonDeceptorImageFiles":["230623/NemoRegistryDoctor-230623/2.0/Images/ACR-092/ACR-092.JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-092/ACR-092_1.JPG","230623/NemoRegistryDoctor-230623/2.0/Images/ACR-123/ACR-123.JPG"],"guid":"a0ef0044-f664-4d3e-8c3d-9ddf1a4f2618_2.0_1","appID":"NemoRegistryDoctor-230623","dateAdded":"230623","deceptorType":"App","name":"Nemo Registry Doctor","company":"Nemo Studio","version":"2.0","lastKnownStatus":"2.0","lastKnownDate":"230623","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-24T00:36:22.6115815+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":934},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt.\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-017":"Unable to verify third-party endorsements.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without the user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app needs to provide detailed information about how to cancel, and renew notifications, and the next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Magic Burning Toolbox\\MagicBurningToolbox.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1ba131b030d369d9e1cd9480e2a17d60","hashSHA1":"4d3529a32cf7d1f341ad267669b3cc297531304c","hashSHA256":"b6fc05830e35fff3d2b9efce6700b4a518d69acfb2258f14fa5ce81a5bc324af","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1033","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MagicBurningToolbox.exe","isInstaller":"True","companyName":"AudioToolMedia Co. Ltd.                                    ","productName":"Magic Burning Toolbox                                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"cb1f66dbf07868814652b2d041d62bf5","hashSHA1":"7a290ba9ce7bf84445dca01157afd9f4765c9c2c","hashSHA256":"8c56a85caf194cac148e289a3009f36a5c005a752ae3387edde0efbf7ae5d418","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1033","avBlockList":["360 Total Security (20230706)","Avast Premium Security (20230706)","AVG Internet Security (20230706)","Avira Internet Security (20230706)","Bitdefender Internet Security (20230706)","Dr.Web Security Space (20230706)","ESET Internet Security (20230706)","G DATA INTERNET SECURITY (20230706)","K7 Total Security (20230706)","Kaspersky Internet Security (20230706)","Malwarebytes Premium (20230706)","McAfee Total Protection (20230706)","Norton Security (20230706)","Panda Dome (20230706)","Quick Heal Internet Security (20230706)","Sophos Home Premium (20230706)","SpyHunter5 (20230706)","Total AV Antivirus Pro (20230706)","VIPRE Advanced Security (20230706)","VirIT eXplorer PRO (20230706)","Webroot SecureAnywhere (20230706)","Windows Defender (20230706)"],"avAllowList":["COMODO Antivirus (20230706)","Trend Micro Internet Security (20230706)"]}],"additionalFiles":[],"sources":[{"howFound":"AudioToolMedia Product","reference":"","landingPage":"http://audio-tool.net/magicburningtoolbox/","directDownloadingLink":"http://audio-tool.net/MagicBurningToolbox.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://audio-tool.net/MagicBurningToolbox.exe","sourceIndex":"1033"}],"sampleFiles":["230622/MagicBurningToolbox-230622/8.8.1/Samples/MagicBurningToolbox.exe"],"imageFiles":["230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-109/ACR-109.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-039/ACR-039.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-048/ACR-048.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-010/ACR-010.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-013/ACR-013.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-057/ACR-057.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-059/ACR-059.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-060/ACR-060.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-155/ACR-155.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-071/ACR-071.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-043/ACR-043.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-042/ACR-042.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-007/ACR-007.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-118/ACR-118.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-118/ACR-118_1.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-165/ACR-165.jpg","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-017/ACR-017.JPG"],"nonDeceptorImageFiles":["230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-106/ACR-106.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-045/ACR-045.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-092/ACR-092.JPG","230622/MagicBurningToolbox-230622/8.8.1/Images/ACR-123/ACR-123.JPG"],"guid":"9d79d86a-96e4-456e-8fe7-6946ad8ce9d5_8.8.1_1","appID":"MagicBurningToolbox-230622","dateAdded":"230622","deceptorType":"Bundler","name":"Magic Burning Toolbox","company":"AudioToolMedia","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"230622","type":"Windows Executable","category":"SysTools & Utilities, Media players, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-23T02:54:09.7953187+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":936},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"FFmpeg\" is installed without any disclosure in EULA. \n","ACR-043":"1. The app drops the Root Certificate files without disclosing in during installation.\n2. Open source project \"FFmpeg\" is installed without any disclosure in EULA. \n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg'. \n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-017":"Unable to verify third-party endorsements.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without the user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app needs to provide detailed information about how to cancel, and renew notifications, and the next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SpeedEase Video Switch\\SpeedEaseVideoSwitch.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1032","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpeedEaseVideoSwitch.exe","isInstaller":"True","companyName":"AudioEditorDeluxe Inc.                                     ","productName":"SpeedEase Video Switch                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"92c010bdfdfb01d290590b5f3b2f2b73","hashSHA1":"59f3033646042180c0d1f3caaf7075781e116e50","hashSHA256":"45f92c069a15a38a1481f7d525eb3c8954055e7182e9a751c981cedb046b94c0","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1032","avBlockList":["360 Total Security (20230810)","Avast Premium Security (20230810)","AVG Internet Security (20230810)","Avira Internet Security (20230810)","Bitdefender Internet Security (20230810)","Dr.Web Security Space (20230810)","ESET Internet Security (20230810)","G DATA INTERNET SECURITY (20230810)","K7 Total Security (20230810)","Kaspersky Internet Security (20230810)","Malwarebytes Premium (20230810)","McAfee Total Protection (20230810)","Norton Security (20230810)","Panda Dome (20230810)","Quick Heal Internet Security (20230810)","Sophos Home Premium (20230810)","SpyHunter5 (20230810)","Total AV Antivirus Pro (20230810)","VIPRE Advanced Security (20230810)","VirIT eXplorer PRO (20230810)","Webroot SecureAnywhere (20230810)","Windows Defender (20230810)"],"avAllowList":["COMODO Antivirus (20230810)","Trend Micro Internet Security (20230810)"]}],"additionalFiles":[],"sources":[{"howFound":"AudioToolMedia Product","reference":"","landingPage":"http://audio-tool.net/speedeasevideoswitch/","directDownloadingLink":"http://audio-tool.net/SpeedEaseVideoSwitch.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://audio-tool.net/SpeedEaseVideoSwitch.exe","sourceIndex":"1032"}],"sampleFiles":["230622/SpeedEaseVideoSwitch-230622/8.8.1/Samples/SpeedEaseVideoSwitch.exe"],"imageFiles":["230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-109/ACR-109.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-039/ACR-039.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-043/ACR-043.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-043/ACR-043_1.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-107/ACR-107.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-042/ACR-042.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-042/ACR-042_1.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-048/ACR-048.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-007/ACR-007.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-010/ACR-010.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-013/ACR-013.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-057/ACR-057.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-059/ACR-059.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-060/ACR-060.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-071/ACR-071.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-155/ACR-155.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-017/ACR-017.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-165/ACR-165.jpg","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-118/ACR-118.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-045/ACR-045.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-106/ACR-106.JPG","230622/SpeedEaseVideoSwitch-230622/8.8.1/Images/ACR-092/ACR-092.JPG"],"guid":"46991c32-9314-48a7-8454-b3dc74d52889_8.8.1_1","appID":"SpeedEaseVideoSwitch-230622","dateAdded":"230622","deceptorType":"Bundler","name":"SpeedEase Video Switch","company":"AudioToolMedia","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"230622","type":"Windows Executable","category":"Bundlers & Downloaders, Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:38.3613395+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":935},{"violations":{"ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt. 2. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"1. The app drops the Root Certificate files without disclosing in during installation. 2. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for every installer.\n","ACR-123":"The app does not remove a dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"3GPMediaPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"3GP Media Player                                            ","productVersion":"1.0.3               ","fileVersion":"1.0.3               ","hashMD5":"508d18bc3c9d7b0cdaa60e746a715b7b","hashSHA1":"864cd3faae722f6a16ace7184dd7ec13237f0402","hashSHA256":"6f8424b99cebe605ee97f7fc716138450a0e844e2c402b20c0b430c95ddf0e53","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230810)","Avast Premium Security (20230810)","AVG Internet Security (20230810)","Avira Internet Security (20230810)","Bitdefender Internet Security (20230810)","COMODO Antivirus (20230810)","Dr.Web Security Space (20230810)","ESET Internet Security (20230810)","G DATA INTERNET SECURITY (20230810)","K7 Total Security (20230810)","Kaspersky Internet Security (20230810)","Malwarebytes Premium (20230810)","McAfee Total Protection (20230810)","Norton Security (20230810)","Panda Dome (20230810)","Quick Heal Internet Security (20230810)","Sophos Home Premium (20230810)","SpyHunter5 (20230810)","Total AV Antivirus Pro (20230810)","VIPRE Advanced Security (20230810)","VirIT eXplorer PRO (20230810)","Webroot SecureAnywhere (20230810)","Windows Defender (20230810)"],"avAllowList":["Trend Micro Internet Security (20230810)"]},{"isRevoked":"False","fileName":"AACPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"AAC Player                                                  ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"66a5cc0c2a7cdbcc69c7ffc82be76abc","hashSHA1":"50625587997210d315bdcf3e8cec392ac9577936","hashSHA256":"4f49e9d574e1473eb6234ce65e6c183b7a014b8147ad6497ec26ed4a8490d9ef","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230815)","Avast Premium Security (20230815)","AVG Internet Security (20230815)","Avira Internet Security (20230815)","Bitdefender Internet Security (20230815)","COMODO Antivirus (20230815)","Dr.Web Security Space (20230815)","ESET Internet Security (20230815)","G DATA INTERNET SECURITY (20230815)","K7 Total Security (20230815)","Kaspersky Internet Security (20230815)","Malwarebytes Premium (20230815)","McAfee Total Protection (20230815)","Norton Security (20230815)","Panda Dome (20230815)","Quick Heal Internet Security (20230815)","Sophos Home Premium (20230815)","SpyHunter5 (20230815)","Total AV Antivirus Pro (20230815)","VIPRE Advanced Security (20230815)","VirIT eXplorer PRO (20230815)","Webroot SecureAnywhere (20230815)","Windows Defender (20230815)"],"avAllowList":["Trend Micro Internet Security (20230815)"]},{"isRevoked":"False","fileName":"AVIMediaPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"AVI Media Player                                            ","productVersion":"1.0.3               ","fileVersion":"1.0.3               ","hashMD5":"ef31ee7773fec1cea2891d382bdd1f5d","hashSHA1":"a39575a3877b751eed82a686a37750a9e13bba83","hashSHA256":"471deab297a732f8e347a07dee5464076051a7a39a858f22ef3711ab6eeda16f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230817)","Avast Premium Security (20230817)","AVG Internet Security (20230817)","Avira Internet Security (20230817)","Bitdefender Internet Security (20230817)","COMODO Antivirus (20230817)","Dr.Web Security Space (20230817)","ESET Internet Security (20230817)","G DATA INTERNET SECURITY (20230817)","K7 Total Security (20230817)","Kaspersky Internet Security (20230817)","Malwarebytes Premium (20230817)","McAfee Total Protection (20230817)","Norton Security (20230817)","Panda Dome (20230817)","Quick Heal Internet Security (20230817)","Sophos Home Premium (20230817)","SpyHunter5 (20230817)","Total AV Antivirus Pro (20230817)","VIPRE Advanced Security (20230817)","VirIT eXplorer PRO (20230817)","Webroot SecureAnywhere (20230817)","Windows Defender (20230817)"],"avAllowList":["Trend Micro Internet Security (20230817)"]},{"isRevoked":"False","fileName":"DVDPlayerSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"DVD Player                                                  ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"09dea574ca708dd419c2158868980c80","hashSHA1":"c71af0fa18eb80e60085a295c972f279b1b1872a","hashSHA256":"21a247ba3292632a1f6cbe43e38a135fe896d1624c917b0bbf3816cfe3946dc1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230817)","Avast Premium Security (20230817)","AVG Internet Security (20230817)","Avira Internet Security (20230817)","Bitdefender Internet Security (20230817)","COMODO Antivirus (20230817)","Dr.Web Security Space (20230817)","ESET Internet Security (20230817)","G DATA INTERNET SECURITY (20230817)","K7 Total Security (20230817)","Kaspersky Internet Security (20230817)","Malwarebytes Premium (20230817)","McAfee Total Protection (20230817)","Norton Security (20230817)","Panda Dome (20230817)","Quick Heal Internet Security (20230817)","Sophos Home Premium (20230817)","SpyHunter5 (20230817)","Total AV Antivirus Pro (20230817)","VIPRE Advanced Security (20230817)","VirIT eXplorer PRO (20230817)","Webroot SecureAnywhere (20230817)","Windows Defender (20230817)"],"avAllowList":["Trend Micro Internet Security (20230817)"]},{"isRevoked":"False","fileName":"FLACPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"FLAC Player                                                 ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"dc5212c0f98acecbef3d68ec0c52ad16","hashSHA1":"e9411871607e0617747f45fe0a69eaaba5bf70f5","hashSHA256":"91a54eabf07ea08b0f5d3c7a4bf76e1d70c5b2acb22e2596814c872245156240","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230817)","Avast Premium Security (20230817)","AVG Internet Security (20230817)","Avira Internet Security (20230817)","Bitdefender Internet Security (20230817)","COMODO Antivirus (20230817)","Dr.Web Security Space (20230817)","ESET Internet Security (20230817)","G DATA INTERNET SECURITY (20230817)","K7 Total Security (20230817)","Kaspersky Internet Security (20230817)","Malwarebytes Premium (20230817)","McAfee Total Protection (20230817)","Norton Security (20230817)","Panda Dome (20230817)","Quick Heal Internet Security (20230817)","Sophos Home Premium (20230817)","SpyHunter5 (20230817)","Total AV Antivirus Pro (20230817)","VIPRE Advanced Security (20230817)","VirIT eXplorer PRO (20230817)","Webroot SecureAnywhere (20230817)","Windows Defender (20230817)"],"avAllowList":["Trend Micro Internet Security (20230817)"]},{"isRevoked":"False","fileName":"M4APlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"M4A Player                                                  ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"fe6f2c698b42691f7b62401b728f0b70","hashSHA1":"e7910db53ffd395a53801006c4b32a689b544161","hashSHA256":"b6e170fde996ae05baa9063ba2d6a812dfbcb55cb85e7490a15b3090b8638d89","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230817)","Avast Premium Security (20230817)","AVG Internet Security (20230817)","Avira Internet Security (20230817)","Bitdefender Internet Security (20230817)","COMODO Antivirus (20230817)","Dr.Web Security Space (20230817)","ESET Internet Security (20230817)","G DATA INTERNET SECURITY (20230817)","K7 Total Security (20230817)","Kaspersky Internet Security (20230817)","Malwarebytes Premium (20230817)","McAfee Total Protection (20230817)","Norton Security (20230817)","Panda Dome (20230817)","Quick Heal Internet Security (20230817)","Sophos Home Premium (20230817)","SpyHunter5 (20230817)","Total AV Antivirus Pro (20230817)","VIPRE Advanced Security (20230817)","VirIT eXplorer PRO (20230817)","Webroot SecureAnywhere (20230817)","Windows Defender (20230817)"],"avAllowList":["Trend Micro Internet Security (20230817)"]},{"isRevoked":"False","fileName":"M4VPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"M4V Player                                                  ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"007c3bee3136f157683ccd76ded2a7d4","hashSHA1":"c116fb69e86a3d6e182016e30c1919e31c8615e2","hashSHA256":"676b2090cdf062bb598b1cfe82b834443572147d79f5bef761c9d63a5d8b7d46","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230817)","Avast Premium Security (20230817)","AVG Internet Security (20230817)","Avira Internet Security (20230817)","Bitdefender Internet Security (20230817)","COMODO Antivirus (20230817)","Dr.Web Security Space (20230817)","ESET Internet Security (20230817)","G DATA INTERNET SECURITY (20230817)","K7 Total Security (20230817)","Kaspersky Internet Security (20230817)","Malwarebytes Premium (20230817)","McAfee Total Protection (20230817)","Norton Security (20230817)","Panda Dome (20230817)","Quick Heal Internet Security (20230817)","Sophos Home Premium (20230817)","SpyHunter5 (20230817)","Total AV Antivirus Pro (20230817)","VIPRE Advanced Security (20230817)","VirIT eXplorer PRO (20230817)","Webroot SecureAnywhere (20230817)","Windows Defender (20230817)"],"avAllowList":["Trend Micro Internet Security (20230817)"]},{"isRevoked":"False","fileName":"MKVPlayerSetupD.exe","isInstaller":"True","companyName":"                                                            ","productName":"MKV Player                                                  ","productVersion":"2.1.30                                            ","fileVersion":"2.1.30              ","hashMD5":"8189a66a60778a1c25b1d6b16f8e4d40","hashSHA1":"3b5dfa34550df73878d51d272c2a78cf28decb69","hashSHA256":"c4e234d32e7fdf84b9927026289bb8a0dc639a4a21584fb7dd36b9bd00b6768c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["Avast Premium Security (20230817)","AVG Internet Security (20230817)","Avira Internet Security (20230817)","Bitdefender Internet Security (20230817)","COMODO Antivirus (20230817)","Dr.Web Security Space (20230817)","ESET Internet Security (20230817)","G DATA INTERNET SECURITY (20230817)","K7 Total Security (20230817)","Kaspersky Internet Security (20230817)","Malwarebytes Premium (20230817)","McAfee Total Protection (20230817)","Norton Security (20230817)","Panda Dome (20230817)","Quick Heal Internet Security (20230817)","Sophos Home Premium (20230817)","SpyHunter5 (20230817)","Total AV Antivirus Pro (20230817)","VIPRE Advanced Security (20230817)","VirIT eXplorer PRO (20230817)","Webroot SecureAnywhere (20230817)","Windows Defender (20230817)"],"avAllowList":["360 Total Security (20230817)","Trend Micro Internet Security (20230817)"]},{"isRevoked":"False","fileName":"MOVPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MOV Player                                                  ","productVersion":"1.0.3               ","fileVersion":"1.0.3               ","hashMD5":"722b1c2455e89ded24691b29ca771d1c","hashSHA1":"11214acd2bd0fb11bf4fac86db97b961266eb31b","hashSHA256":"e9c8a6a0f9b604f90a9d816c917d0fc2f8605e7ad56476502f541d152a3859b0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230822)","Avast Premium Security (20230822)","AVG Internet Security (20230822)","Avira Internet Security (20230822)","Bitdefender Internet Security (20230822)","COMODO Antivirus (20230822)","Dr.Web Security Space (20230822)","ESET Internet Security (20230822)","G DATA INTERNET SECURITY (20230822)","K7 Total Security (20230822)","Kaspersky Internet Security (20230822)","Malwarebytes Premium (20230822)","McAfee Total Protection (20230822)","Norton Security (20230822)","Panda Dome (20230822)","Quick Heal Internet Security (20230822)","Sophos Home Premium (20230822)","SpyHunter5 (20230822)","Total AV Antivirus Pro (20230822)","VIPRE Advanced Security (20230822)","VirIT eXplorer PRO (20230822)","Webroot SecureAnywhere (20230822)","Windows Defender (20230822)"],"avAllowList":["Trend Micro Internet Security (20230822)"]},{"isRevoked":"False","fileName":"MP3CutterSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MP3 Cutter                                                  ","productVersion":"1.1                 ","fileVersion":"1.1                 ","hashMD5":"b02c0f408cc255d0b7f86173716f044d","hashSHA1":"6e7577bd0ba46fd3aa2a99f06a81ad755d64b007","hashSHA256":"ab858dee9c6c90d6bb92aa35f8369812509b8a5d82a819d8c636eadab6d3823a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230824)","Avast Premium Security (20230824)","AVG Internet Security (20230824)","Avira Internet Security (20230824)","Bitdefender Internet Security (20230824)","COMODO Antivirus (20230824)","Dr.Web Security Space (20230824)","ESET Internet Security (20230824)","G DATA INTERNET SECURITY (20230824)","K7 Total Security (20230824)","Kaspersky Internet Security (20230824)","Malwarebytes Premium (20230824)","McAfee Total Protection (20230824)","Norton Security (20230824)","Panda Dome (20230824)","Quick Heal Internet Security (20230824)","Sophos Home Premium (20230824)","SpyHunter5 (20230824)","Total AV Antivirus Pro (20230824)","VIPRE Advanced Security (20230824)","VirIT eXplorer PRO (20230824)","Webroot SecureAnywhere (20230824)","Windows Defender (20230824)"],"avAllowList":["Trend Micro Internet Security (20230824)"]},{"isRevoked":"False","fileName":"MP4ConverterSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"VSeven MP4 Converter                                        ","productVersion":"1.0.3               ","fileVersion":"1.0.3               ","hashMD5":"0fedc16aec0992318f8c1da0a0de7af6","hashSHA1":"b1692caa1b101f6511c7c2bac00d98a3616f7561","hashSHA256":"3aeb604e8a3a1d0e581ea2eab23e9ead656c55706394eff3b0db85e13261b6ae","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230824)","Avast Premium Security (20230824)","AVG Internet Security (20230824)","Avira Internet Security (20230824)","Bitdefender Internet Security (20230824)","COMODO Antivirus (20230824)","Dr.Web Security Space (20230824)","ESET Internet Security (20230824)","G DATA INTERNET SECURITY (20230824)","K7 Total Security (20230824)","Kaspersky Internet Security (20230824)","Malwarebytes Premium (20230824)","McAfee Total Protection (20230824)","Norton Security (20230824)","Panda Dome (20230824)","Quick Heal Internet Security (20230824)","Sophos Home Premium (20230824)","SpyHunter5 (20230824)","Total AV Antivirus Pro (20230824)","Trend Micro Internet Security (20230824)","VIPRE Advanced Security (20230824)","VirIT eXplorer PRO (20230824)","Webroot SecureAnywhere (20230824)","Windows Defender (20230824)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MP4MediaPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MP4 Media Player                                            ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"ff3934c676e9e4259050554a87895e20","hashSHA1":"ceed76d919d6fa2e47a18ce51fec659fa3bf48e0","hashSHA256":"e7444088ee38b31eb2dc08bb8de85586cea4253aba3f5b2f8f9d6d2e25fa80e0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230824)","Avast Premium Security (20230824)","AVG Internet Security (20230824)","Avira Internet Security (20230824)","Bitdefender Internet Security (20230824)","COMODO Antivirus (20230824)","Dr.Web Security Space (20230824)","ESET Internet Security (20230824)","G DATA INTERNET SECURITY (20230824)","K7 Total Security (20230824)","Kaspersky Internet Security (20230824)","Malwarebytes Premium (20230824)","McAfee Total Protection (20230824)","Norton Security (20230824)","Panda Dome (20230824)","Quick Heal Internet Security (20230824)","Sophos Home Premium (20230824)","SpyHunter5 (20230824)","Total AV Antivirus Pro (20230824)","VIPRE Advanced Security (20230824)","VirIT eXplorer PRO (20230824)","Webroot SecureAnywhere (20230824)","Windows Defender (20230824)"],"avAllowList":["Trend Micro Internet Security (20230824)"]},{"isRevoked":"False","fileName":"MPEGPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MPEG Player                                                 ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"cd266bff89f9613a3621eedddb1255f9","hashSHA1":"0dceab7baf8849575eeba5f88d1ef8f5d4ed0bf4","hashSHA256":"43afad92ae7ad84c6afb42fd6eb91b200a46cd5461fb6ac3cd625f4e55dc5080","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230824)","Avast Premium Security (20230824)","AVG Internet Security (20230824)","Avira Internet Security (20230824)","Bitdefender Internet Security (20230824)","COMODO Antivirus (20230824)","Dr.Web Security Space (20230824)","ESET Internet Security (20230824)","G DATA INTERNET SECURITY (20230824)","K7 Total Security (20230824)","Kaspersky Internet Security (20230824)","Malwarebytes Premium (20230824)","McAfee Total Protection (20230824)","Norton Security (20230824)","Panda Dome (20230824)","Quick Heal Internet Security (20230824)","Sophos Home Premium (20230824)","SpyHunter5 (20230824)","Total AV Antivirus Pro (20230824)","Trend Micro Internet Security (20230824)","VIPRE Advanced Security (20230824)","VirIT eXplorer PRO (20230824)","Webroot SecureAnywhere (20230824)","Windows Defender (20230824)"],"avAllowList":[]},{"isRevoked":"False","fileName":"XVIDPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"XVID Player                                                 ","productVersion":"2.4                 ","fileVersion":"2.4                 ","hashMD5":"6609d5bb0ac3173d71ee979fbed6c434","hashSHA1":"161ff4bee6cbbae0dd96c730e320bdacf381b23c","hashSHA256":"c234819036001705b24591c12dde00b89885b10d255acae5835bc29dc1accad6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1038","avBlockList":["360 Total Security (20230824)","Avast Premium Security (20230824)","AVG Internet Security (20230824)","Avira Internet Security (20230824)","Bitdefender Internet Security (20230824)","COMODO Antivirus (20230824)","Dr.Web Security Space (20230824)","ESET Internet Security (20230824)","G DATA INTERNET SECURITY (20230824)","K7 Total Security (20230824)","Kaspersky Internet Security (20230824)","Malwarebytes Premium (20230824)","McAfee Total Protection (20230824)","Norton Security (20230824)","Panda Dome (20230824)","Quick Heal Internet Security (20230824)","Sophos Home Premium (20230824)","SpyHunter5 (20230824)","Total AV Antivirus Pro (20230824)","VIPRE Advanced Security (20230824)","VirIT eXplorer PRO (20230824)","Webroot SecureAnywhere (20230824)","Windows Defender (20230824)"],"avAllowList":["Trend Micro Internet Security (20230824)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.vsevensoft.com/","directDownloadingLink":"https://www.vsevensoft.com/3gp-media-player.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/3gp-media-player.html","sourceIndex":"1038"}],"sampleFiles":["230621/Vsevensoftbundle-230620/230620/Samples/3GPMediaPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/AACPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/AVIMediaPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/DVDPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/FLACPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/M4APlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/M4VPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/MKVPlayerSetupD.exe","230621/Vsevensoftbundle-230620/230620/Samples/MOVPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/MP3CutterSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/MP4ConverterSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/MP4MediaPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/MPEGPlayerSetup.exe","230621/Vsevensoftbundle-230620/230620/Samples/XVIDPlayerSetup.exe"],"imageFiles":["230621/Vsevensoftbundle-230620/230620/Images/ACR-010/ACR-010.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-039/ACR-039.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-043/ACR-043.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-043/ACR-043_1.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-107/ACR-107.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-042/ACR-042.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-042/ACR-042_1.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-007/ACR-007.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-013/ACR-013.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-118/ACR-118.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-057/ACR-057.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-059/ACR-059.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-060/ACR-060.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-071/ACR-071.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230621/Vsevensoftbundle-230620/230620/Images/ACR-045/ACR-045.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-106/ACR-106.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-092/ACR-092.JPG","230621/Vsevensoftbundle-230620/230620/Images/ACR-123/ACR-123.JPG"],"guid":"21fada3f-51c7-4139-b832-97ebde5f0d07_230620_1","appID":"Vsevensoftbundle-230620","dateAdded":"230621","deceptorType":"Bundler","name":"Vsevensoftbundle","company":"vsevensoft.com","version":"230620","lastKnownStatus":"230621","lastKnownDate":"230621","type":"Windows Executable","category":"Media players, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-06-22T00:30:07.4011387+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":937},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app does not have a digital signature for any executable\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Convertidor MP3\\convertidor-mp31.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"842b9e2228ce9ed1370fb99c68c6b632","hashSHA1":"349e432a4b70bd18167a6f04068ac96205d3846a","hashSHA256":"1f90529b1ae6d6c9a5bb2352a0f61a11d6ffa1033f14095bac080fdd13162326","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1036","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"convertidor-mp3.exe","isInstaller":"True","companyName":"convertidor-de-videos.com                                   ","productName":"Convertidor MP3                                             ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"08faaac948680aa3f1a48d00a91077bc","hashSHA1":"62055f6ef0aae8650a3f7159936aea8e4a5497a4","hashSHA256":"3bbdb0d10b6d510440080a0413040badc2186cef9aeec122afba9784189cc719","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1036","avBlockList":["360 Total Security (20230810)","Avast Premium Security (20230810)","AVG Internet Security (20230810)","Avira Internet Security (20230810)","Bitdefender Internet Security (20230810)","COMODO Antivirus (20230810)","Dr.Web Security Space (20230810)","ESET Internet Security (20230810)","G DATA INTERNET SECURITY (20230810)","K7 Total Security (20230810)","Kaspersky Internet Security (20230810)","Malwarebytes Premium (20230810)","McAfee Total Protection (20230810)","Norton Security (20230810)","Panda Dome (20230810)","Quick Heal Internet Security (20230810)","Sophos Home Premium (20230810)","SpyHunter5 (20230810)","Total AV Antivirus Pro (20230810)","Trend Micro Internet Security (20230810)","VIPRE Advanced Security (20230810)","VirIT eXplorer PRO (20230810)","Webroot SecureAnywhere (20230810)","Windows Defender (20230810)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.convertidor-de-videos.com/convertidor-mp3.htm","directDownloadingLink":"http://www.convertidor-de-videos.com/download/convertidor-mp3.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-videos.com/download/convertidor-mp3.exe","sourceIndex":"1036"}],"sampleFiles":["230621/Mp3Converter-230621/3.75/Samples/convertidor-mp3.exe"],"imageFiles":["230621/Mp3Converter-230621/3.75/Images/ACR-109/ACR-109.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-043/ACR-043.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-042/ACR-042.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-048/ACR-048.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-007/ACR-007.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-010/ACR-010.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-013/ACR-013.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-118/ACR-118.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-057/ACR-057.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-059/ACR-059.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-060/ACR-060.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-071/ACR-071.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230621/Mp3Converter-230621/3.75/Images/ACR-045/ACR-045.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-106/ACR-106.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-092/ACR-092.JPG","230621/Mp3Converter-230621/3.75/Images/ACR-123/ACR-123.JPG"],"guid":"0ec65bcf-5bbc-469c-ac81-92d04d7eb046_3.75_1","appID":"Mp3Converter-230621","dateAdded":"230621","deceptorType":"Bundler","name":"Mp3 Converter","company":"Convertidor-de-Videos.com","version":"3.75","lastKnownStatus":"3.75","lastKnownDate":"230621","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2023-06-22T00:45:25.1954088+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":938},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\ZXT2007 Software\\Super Unit Converter\\UConvert.exe","companyName":"zxt2007.com","productName":"Super Unit Converter","productVersion":"1.2.5.0","fileVersion":"1.2.5.0","hashMD5":"f246d4d3e8ae1c16d2744c5315628314","hashSHA1":"0248735ec22a32f093c2917a60b6f562e591a6cb","hashSHA256":"abbb798e9d19b9a71579c79940cc3d3f4f8875806e9c366a446845265176a39b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1042","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"superunitconverter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Super Unit Converter                                        ","productVersion":"1.2.5.0                                           ","fileVersion":"1.2.5.0             ","hashMD5":"a4538316f6e287cdbab1b3ba7894ba66","hashSHA1":"0eb9b7d3a7e4dca8ef6303de51bdc8d2eff0480e","hashSHA256":"3887869dbd4ec9c726304c7962c7c5f2e8b38c00c55243c6d3c6ff38b843c315","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1042","avBlockList":["360 Total Security (20230622)","Avast Premium Security (20230622)","AVG Internet Security (20230622)","Avira Internet Security (20230622)","Bitdefender Internet Security (20230622)","COMODO Antivirus (20230622)","ESET Internet Security (20230622)","G DATA INTERNET SECURITY (20230622)","K7 Total Security (20230622)","Kaspersky Internet Security (20230622)","Malwarebytes Premium (20230622)","McAfee Total Protection (20230622)","Norton Security (20230622)","Panda Dome (20230622)","Quick Heal Internet Security (20230622)","Sophos Home Premium (20230622)","SpyHunter5 (20230622)","Total AV Antivirus Pro (20230622)","Trend Micro Internet Security (20230622)","VIPRE Advanced Security (20230622)","VirIT eXplorer PRO (20230622)","Webroot SecureAnywhere (20230622)","Windows Defender (20230622)"],"avAllowList":["Dr.Web Security Space (20230622)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/other-software/superunitconverter.html","directDownloadingLink":"http://en.zxt2007.com/download/superunitconverter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/superunitconverter_setup.exe","sourceIndex":"1042"}],"sampleFiles":["230616/SuperUnitConverter-230602/1.2.5.0/Samples/superunitconverter_setup.exe"],"imageFiles":["230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-109/ACR-109.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-043/ACR-043.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-042/ACR-042.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-048/ACR-048.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-007/ACR-007.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-010/ACR-010.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-013/ACR-013.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-118/ACR-118.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-057/ACR-057.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-059/ACR-059.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-060/ACR-060.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-071/ACR-071.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-045/ACR-045.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-106/ACR-106.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-092/ACR-092.JPG","230616/SuperUnitConverter-230602/1.2.5.0/Images/ACR-123/ACR-123.JPG"],"guid":"823dc966-bd44-4111-81b9-a928f804277f_1.2.5.0_1","appID":"SuperUnitConverter-230602","dateAdded":"230616","deceptorType":"Bundler","name":"Super Unit Converter","company":"zxt2007.com","version":"1.2.5.0","lastKnownStatus":"1.2.5.0","lastKnownDate":"230616","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-06-17T01:46:24.7465619+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":939},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-043":"1. The app drops the Root Certificate files without disclosing in during installation.\n2. Open source project \"FFmpeg\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-017":"Unable to verify third-party endorsements.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without the user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app needs to provide detailed information about how to cancel, and renew notifications, and the next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Audio Convert Toolbox\\AudioConvertToolbox.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"7ae79f9cb0791a87c97e52ad62da9842","hashSHA1":"271316708c8582da627f893eaec49251248f695f","hashSHA256":"3cbdf281ec19b88f170b6aeac650c052daf1725c9e3666ca6f9ca59ebd718326","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1041","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AudioConvertToolbox.exe","isInstaller":"True","companyName":"AudioToolMedia Co.Ltd.                                      ","productName":"Audio Convert Toolbox                                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"fdf62ac5ab0e8e242e783bc1a43b3502","hashSHA1":"905b41674dff2d92d721d05bffad40c28394a215","hashSHA256":"7999970528446e8d625b7eb93224bdad7971e603f13753faeed5c74a5fecd3d3","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1041","avBlockList":["360 Total Security (20230622)","Avast Premium Security (20230622)","AVG Internet Security (20230622)","Avira Internet Security (20230622)","Bitdefender Internet Security (20230622)","COMODO Antivirus (20230622)","Dr.Web Security Space (20230622)","ESET Internet Security (20230622)","G DATA INTERNET SECURITY (20230622)","K7 Total Security (20230622)","Kaspersky Internet Security (20230622)","Malwarebytes Premium (20230622)","McAfee Total Protection (20230622)","Norton Security (20230622)","Panda Dome (20230622)","Quick Heal Internet Security (20230622)","Sophos Home Premium (20230622)","SpyHunter5 (20230622)","Total AV Antivirus Pro (20230622)","VIPRE Advanced Security (20230622)","VirIT eXplorer PRO (20230622)","Webroot SecureAnywhere (20230622)","Windows Defender (20230622)"],"avAllowList":["Trend Micro Internet Security (20230622)"]}],"additionalFiles":[],"sources":[{"howFound":"AudioToolMedia Product","reference":"","landingPage":"http://audio-tool.net/","directDownloadingLink":"http://audio-tool.net/AudioConvertToolbox.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://audio-tool.net/AudioConvertToolbox.exe","sourceIndex":"1041"}],"sampleFiles":["230616/AudioConvertToolbox-230615/8.8.1/Samples/AudioConvertToolbox.exe"],"imageFiles":["230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-109/ACR-109.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-039/ACR-039.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-048/ACR-048.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-043/ACR-043.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-043/ACR-043_1.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-107/ACR-107.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-042/ACR-042.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-042/ACR-042 (2).JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-007/ACR-007.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-010/ACR-010.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-013/ACR-013.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-118/ACR-118.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-118/ACR-118_1.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-057/ACR-057.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-059/ACR-059.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-060/ACR-060.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-071/ACR-071.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-155/ACR-155.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-165/ACR-165.jpg","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-017/ACR-017.JPG"],"nonDeceptorImageFiles":["230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-045/ACR-045.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-106/ACR-106.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-092/ACR-092.JPG","230616/AudioConvertToolbox-230615/8.8.1/Images/ACR-123/ACR-123.JPG"],"guid":"60b4d48a-3e82-4550-92c3-2313430c1d5d_8.8.1_1","appID":"AudioConvertToolbox-230615","dateAdded":"230616","deceptorType":"Bundler","name":"Audio Convert Toolbox","company":"AudioToolMedia","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"230616","type":"Windows Executable","category":"Bundlers & Downloaders, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-17T01:50:27.8930269+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":940},{"violations":{"ACR-003":"When the recommended settings are not set under Windows Tweaks, it uses exaggerated red color and an exclamation point, misleading the user into thinking that they have a serious problem in their system, driving the consumer to take action.\n","ACR-004":"App does not provide fix for the free scan results shown. The number of errors found remains the same after clicking Fix button. App exaggerates free scan results with the word error in red font.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MagicSpeed.exe","companyName":"Smart PC Solutions","fileVersion":"3.1","hashMD5":"d93d63fa3a75e15cf76da6bd3b04f0fb","hashSHA1":"ee7ab31827f2ae4d1fbdaecb4dd11b9509616252","hashSHA256":"8b79af5bb3b140e715d7feda34ec12702fa2a0b1abdc9448daebb7d0d978ef8f","sourceIndex":"1020","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MagicSpeed_Softonic_3.2.exe","isInstaller":"True","companyName":"Smart PC Solutions                                          ","fileVersion":"0.0","hashMD5":"bd4bab4b06cab5fd530235dc388e337f","hashSHA1":"60803c4d3f73402ccfb65b03f089d237d8d217ad","hashSHA256":"b7d23d4d7a985283188470b9397605d9eab1ebe61fd7999af5e996c00ef82e88","digitalCertThumbprint":"F1D7E837C8F1E40822B896ACD9FEB1522EA19454","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Smart PC Solutions, Inc.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Smart PC Solutions, Inc.\", L=Alexandria, S=Virginia, C=US","sourceIndex":"1020","avBlockList":["Avira Internet Security (20230622)","Dr.Web Security Space (20230622)","ESET Internet Security (20230622)","Kaspersky Internet Security (20230622)","Malwarebytes Premium (20230622)","McAfee Total Protection (20230622)","Norton Security (20230622)","Panda Dome (20230622)","Sophos Home Premium (20230622)","SpyHunter5 (20230622)","Total AV Antivirus Pro (20230622)","VirIT eXplorer PRO (20230622)","Webroot SecureAnywhere (20230622)","Windows Defender (20230622)"],"avAllowList":["360 Total Security (20230622)","Avast Premium Security (20230622)","AVG Internet Security (20230622)","Bitdefender Internet Security (20230622)","COMODO Antivirus (20230622)","G DATA INTERNET SECURITY (20230622)","K7 Total Security (20230622)","Quick Heal Internet Security (20230622)","Trend Micro Internet Security (20230622)","VIPRE Advanced Security (20230622)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Optimizers for Windows","reference":"","landingPage":"https://magic-speed.de.softonic.com/","directDownloadingLink":"https://magic-speed.de.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://magic-speed.de.softonic.com/download","sourceIndex":"1020"}],"sampleFiles":["230615/MagicSpeed-230613/3.1/Samples/MagicSpeed.exe","230615/MagicSpeed-230613/3.1/Samples/MagicSpeed_Softonic_3.2.exe"],"imageFiles":["230615/MagicSpeed-230613/3.1/Images/ACR-004/ACR-004.png","230615/MagicSpeed-230613/3.1/Images/ACR-003/ACR-003.png"],"nonDeceptorImageFiles":[],"guid":"5700ce53-fbf6-4948-aa42-ee7a0676dbe5_3.1_1","appID":"MagicSpeed-230613","dateAdded":"230615","deceptorType":"App","name":"Magic Speed","company":"Smart PC Solutions","version":"3.1","firstVendorContactDate":"230628","firstAppEsteemReplyDate":"230630","firstResolvedDate":"230705","resolved":"TRUE","lastKnownStatus":"3.1","lastKnownDate":"230615","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-07-05T17:54:03.4736888+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":941},{"violations":{"ACR-109":" The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-017":"Unable to verify third-party endorsements.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app needs to provide detailed information about how to cancel, and renew notifications, and the next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Audio Record Edit Toolbox Pro\\AudioRecordEditToolboxPro.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"4f2294cb6778079e0f3392664e68adef","hashSHA1":"51988286cfd5b7b780b63f5f99bea6eb7536d93c","hashSHA256":"5a66f4c0a077cd744c3bbbbe4810828b3bfb97f8309f2602f44058120b3f8711","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1044","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AudioRecordEditToolboxPro.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 AudioToolMedia Inc.                   ","productName":"Audio Record Edit Toolbox Pro                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b7df6b07618173fc128eb8ededb3e4bf","hashSHA1":"e13c190e147b7bb4488797d9b4098c683b59f7e2","hashSHA256":"047575b28a11228cd8874d4dd15c948e874f79ce8994322bb87e2d377ac292ba","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1044","avBlockList":["360 Total Security (20230622)","Avast Premium Security (20230622)","AVG Internet Security (20230622)","Avira Internet Security (20230622)","Bitdefender Internet Security (20230622)","COMODO Antivirus (20230622)","Dr.Web Security Space (20230622)","ESET Internet Security (20230622)","G DATA INTERNET SECURITY (20230622)","K7 Total Security (20230622)","Kaspersky Internet Security (20230622)","Malwarebytes Premium (20230622)","McAfee Total Protection (20230622)","Norton Security (20230622)","Panda Dome (20230622)","Quick Heal Internet Security (20230622)","Sophos Home Premium (20230622)","SpyHunter5 (20230622)","Total AV Antivirus Pro (20230622)","VIPRE Advanced Security (20230622)","VirIT eXplorer PRO (20230622)","Webroot SecureAnywhere (20230622)","Windows Defender (20230622)"],"avAllowList":["Trend Micro Internet Security (20230622)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on RK bundle","reference":"","landingPage":"http://audio-tool.net/","directDownloadingLink":"http://audio-tool.net/AudioRecordEditToolboxPro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://audio-tool.net/AudioRecordEditToolboxPro.exe","sourceIndex":"1044"}],"sampleFiles":["230615/AudioRecordEditToolboxPro-230613/14.8.1/Samples/AudioRecordEditToolboxPro.exe"],"imageFiles":["230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-109/ACR-109.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-039/ACR-039.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-043/ACR-043.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-042/ACR-042.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-048/ACR-048.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-007/ACR-007.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-010/ACR-010.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-013/ACR-013.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-118/ACR-118.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-118/ACR-118_1.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-057/ACR-057.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-059/ACR-059.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-060/ACR-060.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-071/ACR-071.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-155/ACR-155.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-165/ACR-165.jpg","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-017/ACR-017_1.JPG"],"nonDeceptorImageFiles":["230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-045/ACR-045.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-106/ACR-106.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-092/ACR-092.JPG","230615/AudioRecordEditToolboxPro-230613/14.8.1/Images/ACR-123/ACR-123.JPG"],"guid":"ae504c6e-e046-4a4c-ac57-a28ed7a6e9f3_14.8.1_1","appID":"AudioRecordEditToolboxPro-230613","dateAdded":"230615","deceptorType":"Bundler","name":"Audio Record Edit Toolbox Pro","company":"AudioToolMedia","version":"14.8.1","lastKnownStatus":"14.8.1","lastKnownDate":"230615","type":"Windows Executable","category":"SysTools & Utilities, Media players","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-15T07:30:08.1580607+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":942},{"violations":{"ACR-109":" The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation.\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-017":"Unable to verify third-party endorsements.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without the user's knowledge\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app needs to provide detailed information about how to cancel, and renew notifications, and the next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed.\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Audio Record Edit Toolbox\\AudioRecordEditToolbox.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"4f2294cb6778079e0f3392664e68adef","hashSHA1":"51988286cfd5b7b780b63f5f99bea6eb7536d93c","hashSHA256":"5a66f4c0a077cd744c3bbbbe4810828b3bfb97f8309f2602f44058120b3f8711","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1043","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AudioRecordEditToolbox.exe","isInstaller":"True","companyName":"Copyright© AudioToolMedia Inc.                             ","productName":"Audio Record Edit Toolbox                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e18a5cfddf80d3d36502644721cefd5a","hashSHA1":"0eac3c4981ca065623cb741be013b2ee1dda11a8","hashSHA256":"e7e6f8362896335c03581768362baab4230418213239e98e0c158bd8c737d853","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1043","avBlockList":["360 Total Security (20230622)","Avast Premium Security (20230622)","AVG Internet Security (20230622)","Avira Internet Security (20230622)","Bitdefender Internet Security (20230622)","Dr.Web Security Space (20230622)","ESET Internet Security (20230622)","G DATA INTERNET SECURITY (20230622)","K7 Total Security (20230622)","Kaspersky Internet Security (20230622)","Malwarebytes Premium (20230622)","McAfee Total Protection (20230622)","Norton Security (20230622)","Panda Dome (20230622)","Quick Heal Internet Security (20230622)","Sophos Home Premium (20230622)","SpyHunter5 (20230622)","Total AV Antivirus Pro (20230622)","VIPRE Advanced Security (20230622)","VirIT eXplorer PRO (20230622)","Webroot SecureAnywhere (20230622)","Windows Defender (20230622)"],"avAllowList":["COMODO Antivirus (20230622)","Trend Micro Internet Security (20230622)"]}],"additionalFiles":[],"sources":[{"howFound":"AudioToolMedia Product","reference":"","landingPage":"http://audio-tool.net/","directDownloadingLink":"http://audio-tool.net/AudioRecordEditToolbox.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://audio-tool.net/AudioRecordEditToolbox.exe","sourceIndex":"1043"}],"sampleFiles":["230615/AudioRecordEditToolbox-230613/14.8.1/Samples/AudioRecordEditToolbox.exe"],"imageFiles":["230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-109/ACR-109.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-039/ACR-039.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-043/ACR-043.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-017/ACR-017_1.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-165/ACR-165.jpg","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-155/ACR-155.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-071/ACR-071.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-060/ACR-060.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-059/ACR-059.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-057/ACR-057.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-013/ACR-013.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-010/ACR-010.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-007/ACR-007.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-048/ACR-048.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-042/ACR-042.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-118/ACR-118.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-092/ACR-092.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-106/ACR-106.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-045/ACR-045.JPG","230615/AudioRecordEditToolbox-230613/14.8.1/Images/ACR-123/ACR-123.JPG"],"guid":"5ae8169a-047f-4246-b658-c414592c310f_14.8.1_1","appID":"AudioRecordEditToolbox-230613","dateAdded":"230615","deceptorType":"Bundler","name":"Audio Record Edit Toolbox","company":"AudioToolMedia","version":"14.8.1","lastKnownStatus":"14.8.1","lastKnownDate":"230615","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders, Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-15T07:34:31.9048459+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":943},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"absee_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"ABsee Free Image Viewer                                     ","productVersion":"4.0.2.0                                           ","fileVersion":"4.0.2.0             ","hashMD5":"47ab29fd3b3258afc39eb46928ea9670","hashSHA1":"ee9b4a6bb25115670eb426c75b6b902ed4f7d8f5","hashSHA256":"a5525a4b7e476f7b0c8ca1a5fe3c15dbce653dc590bae8498f08c44c042ece51","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1053","avBlockList":["360 Total Security (20230620)","Avast Premium Security (20230620)","AVG Internet Security (20230620)","Avira Internet Security (20230620)","Bitdefender Internet Security (20230620)","COMODO Antivirus (20230620)","ESET Internet Security (20230620)","G DATA INTERNET SECURITY (20230620)","K7 Total Security (20230620)","Kaspersky Internet Security (20230620)","Malwarebytes Premium (20230620)","McAfee Total Protection (20230620)","Norton Security (20230620)","Panda Dome (20230620)","Quick Heal Internet Security (20230620)","Sophos Home Premium (20230620)","SpyHunter5 (20230620)","Total AV Antivirus Pro (20230620)","Trend Micro Internet Security (20230620)","VIPRE Advanced Security (20230620)","VirIT eXplorer PRO (20230620)","Webroot SecureAnywhere (20230620)","Windows Defender (20230620)"],"avAllowList":["Dr.Web Security Space (20230620)"]},{"isRevoked":"False","fileName":"icontool_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Free Icon Tool                                              ","productVersion":"2.1.8.0                                           ","fileVersion":"2.1.8.0             ","hashMD5":"384767648e6127072c48d1ca4382ee4a","hashSHA1":"bc988f715c5b694f3fd0f8ce94b037b0e84d4a5b","hashSHA256":"c816c8a8b52abeec0a57e43b0c565b04e68131ccb2c3780301aacdd22358099f","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1053","avBlockList":["360 Total Security (20230620)","Avast Premium Security (20230620)","AVG Internet Security (20230620)","Avira Internet Security (20230620)","Bitdefender Internet Security (20230620)","COMODO Antivirus (20230620)","ESET Internet Security (20230620)","G DATA INTERNET SECURITY (20230620)","K7 Total Security (20230620)","Kaspersky Internet Security (20230620)","Malwarebytes Premium (20230620)","McAfee Total Protection (20230620)","Norton Security (20230620)","Panda Dome (20230620)","Quick Heal Internet Security (20230620)","Sophos Home Premium (20230620)","SpyHunter5 (20230620)","Total AV Antivirus Pro (20230620)","Trend Micro Internet Security (20230620)","VIPRE Advanced Security (20230620)","VirIT eXplorer PRO (20230620)","Webroot SecureAnywhere (20230620)","Windows Defender (20230620)"],"avAllowList":["Dr.Web Security Space (20230620)"]},{"isRevoked":"False","fileName":"mymp3splitter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"My MP3 Splitter                                             ","productVersion":"2.3.7.0                                           ","fileVersion":"2.3.7.0             ","hashMD5":"cd20c11cb537446ceea5f34ab950dff3","hashSHA1":"6cc793a814c3b2c3334183e1d5b0ac8e5b285499","hashSHA256":"d97bd78baa7325e005b1969f47b6e5aa931244172d61efbd9d13c6f7e89e02ba","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1053","avBlockList":["360 Total Security (20230620)","Avast Premium Security (20230620)","AVG Internet Security (20230620)","Avira Internet Security (20230620)","Bitdefender Internet Security (20230620)","COMODO Antivirus (20230620)","ESET Internet Security (20230620)","G DATA INTERNET SECURITY (20230620)","K7 Total Security (20230620)","Kaspersky Internet Security (20230620)","Malwarebytes Premium (20230620)","McAfee Total Protection (20230620)","Norton Security (20230620)","Panda Dome (20230620)","Quick Heal Internet Security (20230620)","Sophos Home Premium (20230620)","SpyHunter5 (20230620)","Total AV Antivirus Pro (20230620)","Trend Micro Internet Security (20230620)","VIPRE Advanced Security (20230620)","VirIT eXplorer PRO (20230620)","Webroot SecureAnywhere (20230620)","Windows Defender (20230620)"],"avAllowList":["Dr.Web Security Space (20230620)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK Installer","reference":"","landingPage":"http://en.zxt2007.com/","directDownloadingLink":"http://en.zxt2007.com/download/mymp3splitter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/mymp3splitter_setup.exe","sourceIndex":"1053"}],"sampleFiles":["230609/zxt2007Bundler-230606/230606/Samples/absee_setup.exe","230609/zxt2007Bundler-230606/230606/Samples/icontool_setup.exe","230609/zxt2007Bundler-230606/230606/Samples/mymp3splitter_setup.exe"],"imageFiles":["230609/zxt2007Bundler-230606/230606/Images/ACR-109/ACR-109.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-043/ACR-043.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-042/ACR-042.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-048/ACR-048.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-007/ACR-007.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-010/ACR-010.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-013/ACR-013.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-118/ACR-118.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-057/ACR-057.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-059/ACR-59.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-060/ACR-060.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-071/ACR-071.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230609/zxt2007Bundler-230606/230606/Images/ACR-045/ACR-045.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-106/ACR-106.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-092/ACR-092.JPG","230609/zxt2007Bundler-230606/230606/Images/ACR-123/ACR-123.JPG"],"guid":"6d561848-625c-424d-b15b-8872b5c00c66_230606_1","appID":"zxt2007Bundler-230606","dateAdded":"230609","deceptorType":"Bundler","name":"zxt2007 Bundler","company":"zxt2007.com","version":"230606","lastKnownStatus":"230609","lastKnownDate":"230609","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-06-09T23:14:51.7917829+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":944},{"violations":{"ACR-042":"The app initiates network communications with 3rd party offer provider \"https://www.az-partners.net/\" before obtaining user consent. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AZPassword.exe","companyName":"Rostpay ltd.","fileVersion":"1.0","hashMD5":"90e7a2421063bb952cdb45fb26378a2b","hashSHA1":"594778dd3d9137f68659995286c84572ece3c433","hashSHA256":"416f6b69c8445c01a6c573572de0bac60c30ac1522e945e0d82ed9b2bb44a4cf","digitalCertThumbprint":"B469AF63BEF0427875E65C3FE4FB50405597C70E","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"L=Rostov-on-Don, CN=ROSTPAY LTD, O=ROSTPAY LTD, C=RU","sourceIndex":"913","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"azpassword-install__965.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","fileVersion":"3.1","hashMD5":"61fb46c3e5ac2fee01e617aa2ea1ec79","hashSHA1":"6151cb2e55fdd45b1602aa246c827790f72c0f09","hashSHA256":"0f4973b6e7d757df5b7acb08dbf816a6b35b3a9659e81d6b20116dc38eb12098","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=support@rostpay.ru, CN=ROSTPAY LTD, O=ROSTPAY LTD, STREET=\"Dolomanovsky lane, 70D 1(10th floor)\", L=Rostov-on-Don, S=Rostov Oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization","sourceIndex":"913","avBlockList":["360 Total Security (20230620)","Avira Internet Security (20230620)","Bitdefender Internet Security (20230620)","Dr.Web Security Space (20230620)","ESET Internet Security (20230620)","G DATA INTERNET SECURITY (20230620)","K7 Total Security (20230620)","Malwarebytes Premium (20230620)","Norton Security (20230620)","Panda Dome (20230620)","Quick Heal Internet Security (20230620)","Sophos Home Premium (20230620)","SpyHunter5 (20230620)","Total AV Antivirus Pro (20230620)","Trend Micro Internet Security (20230620)","VirIT eXplorer PRO (20230620)","Webroot SecureAnywhere (20230620)","Windows Defender (20230620)"],"avAllowList":["Avast Premium Security (20230620)","AVG Internet Security (20230620)","COMODO Antivirus (20230620)","Kaspersky Internet Security (20230620)","McAfee Total Protection (20230620)","VIPRE Advanced Security (20230620)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.azpassword.ru/","directDownloadingLink":"https://www.azpassword.ru/download/init/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.azpassword.ru/download/init/","sourceIndex":"913"}],"sampleFiles":["230609/AZPassword-230607/1.3.0.306/Samples/AZPassword.exe","230609/AZPassword-230607/1.3.0.306/Samples/azpassword-install__965.exe"],"imageFiles":["230609/AZPassword-230607/1.3.0.306/Images/ACR-042/ACR-042.png","230609/AZPassword-230607/1.3.0.306/Images/ACR-013/Offer1.png","230609/AZPassword-230607/1.3.0.306/Images/ACR-013/Offer2.png","230609/AZPassword-230607/1.3.0.306/Images/ACR-060/Offer1.png","230609/AZPassword-230607/1.3.0.306/Images/ACR-060/Offer2.png"],"nonDeceptorImageFiles":[],"guid":"4a2cc728-f891-4537-9744-9f7af10d7ed7_1.3.0.306_1","appID":"AZPassword-230607","dateAdded":"230609","deceptorType":"App","name":"AZPassword","company":"ROSTPAY LTD.","version":"1.3.0.306","firstVendorContactDate":"230831","firstAppEsteemReplyDate":"230831","firstResolvedDate":"230831","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"1.3.0.306","lastKnownDate":"230609","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-08-31T22:33:46.107678+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":945},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"The app calls itself \"DZJP.exe”, which is not related to the name \"Mahjong Electron Base\", which hides the process from the targeted consumer.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-014":"The app calls itself \"DZJP.exe”, which is not related to the name \"Mahjong Electron Base\", which misleads the targeted consumer.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MAHJONG ELECTRON BASE\\DZJP.exe","companyName":"zxt2007.com","productName":"电子基盘麻将游戏","productVersion":"3.7.0.0","fileVersion":"3.7.0.0","hashMD5":"a94ccfb6a43f9a481031f3b2a323c7f7","hashSHA1":"67ce94f23704020cfad14727833e7d4cf27df80c","hashSHA256":"30231c5aeb91889af7ea1e381df040495db11428f19cd9aefbd2633f9ce012df","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1058","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mahjongelectronbase_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"MAHJONG ELECTRON BASE                                       ","productVersion":"3.7.0.0                                           ","fileVersion":"3.7.0.0             ","hashMD5":"487373c8273d15894bc7883c0b859e4e","hashSHA1":"006a54ea71671c2f5ed6c3bb79307fd1b78b6f00","hashSHA256":"6d21bf5a707afdc42f9cce5c4c1785ec0b6e2476fc4c31d2bc38b0ae07994f52","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1058","avBlockList":["360 Total Security (20230620)","Avast Premium Security (20230620)","AVG Internet Security (20230620)","Avira Internet Security (20230620)","Bitdefender Internet Security (20230620)","COMODO Antivirus (20230620)","ESET Internet Security (20230620)","G DATA INTERNET SECURITY (20230620)","K7 Total Security (20230620)","Kaspersky Internet Security (20230620)","Malwarebytes Premium (20230620)","McAfee Total Protection (20230620)","Norton Security (20230620)","Panda Dome (20230620)","Quick Heal Internet Security (20230620)","Sophos Home Premium (20230620)","SpyHunter5 (20230620)","Total AV Antivirus Pro (20230620)","VIPRE Advanced Security (20230620)","VirIT eXplorer PRO (20230620)","Webroot SecureAnywhere (20230620)","Windows Defender (20230620)"],"avAllowList":["Dr.Web Security Space (20230620)","Trend Micro Internet Security (20230620)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/other-software/mahjongelectronbase.html","directDownloadingLink":"http://en.zxt2007.com/download/mahjongelectronbase_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/mahjongelectronbase_setup.exe","sourceIndex":"1058"}],"sampleFiles":["230606/mahjongelectronbase-230602/3.7.0.0/Samples/mahjongelectronbase_setup.exe"],"imageFiles":["230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-109/ACR-109.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-043/ACR-043.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-042/ACR-042.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-048/ACR-048.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-007/ACR-007.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-010/ACR-010.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-013/ACR-013.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-084/ACR-084.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-014/ACR-014.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-118/ACR-118.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-057/ACR-057.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-059/ACR-059.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-060/ACR-060.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-071/ACR-071.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-045/ACR-045.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-106/ACR-106.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-092/ACR-092.JPG","230606/mahjongelectronbase-230602/3.7.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"9ab9cf01-9504-4148-91e2-1920d80984c5_3.7.0.0_1","appID":"mahjongelectronbase-230602","dateAdded":"230606","deceptorType":"Bundler","name":"Mahjong Electron Base","company":"zxt2007.com","version":"3.7.0.0","lastKnownStatus":"3.7.0.0","lastKnownDate":"230606","type":"Windows Executable","category":"Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-06-06T23:43:45.0383909+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":946},{"violations":{"ACR-004":"The app gauges system performance status with words BAD, FAIR & GREAT matched with traffic light colors raising exaggerated sense of urgency. \n\n"},"nonDeceptorViolations":{"ACR-040":"The app does not disclose its installation path during installation. It installs itself in a hidden folder %Appdata%\\Roaming by default.\n"},"samples":[{"isRevoked":"False","fileName":"boost.exe","companyName":"Reason Software Company Inc.","fileVersion":"1.0","hashMD5":"2123b7a91d5479b80b6130c84015c740","hashSHA1":"f9214a710e756f461b25a17fca73e2660bbf6483","hashSHA256":"a3174325a416a612ca4e687ea14fd1eda3b342b966c6e7e10bce5793a7ea5827","digitalCertThumbprint":"6258F57A10D973B8BD0C4E7BBB52C35AF61A279B","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Reason Software Company Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reason Software Company Inc., L=New York, S=New York, C=US","sourceIndex":"1054","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"InstallBoost.exe","isInstaller":"True","companyName":"Reason Software Company Inc.","fileVersion":"1.0","hashMD5":"170f5adae99d023e88a75953122bba6b","hashSHA1":"93574890954a2929eb89c834e59caa579c9a0109","hashSHA256":"a3c036363edf619171b918f7c65cf78039be81f94a8b29432323cda4263c1f62","digitalCertThumbprint":"6258F57A10D973B8BD0C4E7BBB52C35AF61A279B","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Reason Software Company Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reason Software Company Inc., L=New York, S=New York, C=US","sourceIndex":"1054","avBlockList":["Avast Premium Security (20230620)","AVG Internet Security (20230620)","Avira Internet Security (20230620)","ESET Internet Security (20230620)","K7 Total Security (20230620)","Malwarebytes Premium (20230620)","Norton Security (20230620)","SpyHunter5 (20230620)","Total AV Antivirus Pro (20230620)","VirIT eXplorer PRO (20230620)","Windows Defender (20230620)"],"avAllowList":["360 Total Security (20230620)","Bitdefender Internet Security (20230620)","COMODO Antivirus (20230620)","Dr.Web Security Space (20230620)","G DATA INTERNET SECURITY (20230620)","Kaspersky Internet Security (20230620)","McAfee Total Protection (20230620)","Panda Dome (20230620)","Quick Heal Internet Security (20230620)","Sophos Home Premium (20230620)","Trend Micro Internet Security (20230620)","VIPRE Advanced Security (20230620)","Webroot SecureAnywhere (20230620)"]}],"additionalFiles":[],"sources":[{"howFound":"random hunting","reference":"","landingPage":"https://boost.en.softonic.com/","directDownloadingLink":"https://en.softonic.com/download/boost/windows/post-download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.softonic.com/download/boost/windows/post-download","sourceIndex":"1054"}],"sampleFiles":["230606/Boost-230606/1.0.2.40348/Samples/boost.exe","230606/Boost-230606/1.0.2.40348/Samples/InstallBoost.exe"],"imageFiles":["230606/Boost-230606/1.0.2.40348/Images/ACR-004/ACR-004_TLC.png","230606/Boost-230606/1.0.2.40348/Images/ACR-004/BAD.png","230606/Boost-230606/1.0.2.40348/Images/ACR-004/FAIR.png","230606/Boost-230606/1.0.2.40348/Images/ACR-004/FAIR_.png","230606/Boost-230606/1.0.2.40348/Images/ACR-004/GREAT.png"],"nonDeceptorImageFiles":["230606/Boost-230606/1.0.2.40348/Images/ACR-040/InstallationPath.gif"],"guid":"ac2de024-5a08-44fc-ae67-c82453abda07_1.0.2.40348_1","appID":"Boost-230606","dateAdded":"230606","deceptorType":"App","name":"Boost","company":"Reason Software Company Inc.","version":"1.0.2.40348","lastKnownStatus":"1.0.2.40348","lastKnownDate":"230606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:39.0549394+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":947},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent \n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control, drops a RelevantKnowledge file “spt_setup.exe” regardless\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it leaves its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'\n","ACR-092":"The app's components does not have a valid digital signature\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ZXT2007 Video Converter\\VConverter.exe","companyName":"zxt2007.com","productName":"ZXT2007 Video Converter","productVersion":"2.4.3.0","fileVersion":"2.4.3.0","hashMD5":"af14c9eba3b8fbdd235ed450cfbf95dc","hashSHA1":"dbf9ea8ee2558a49d7f2029ecbc4d8949a0605d5","hashSHA256":"04cb92e22608dfe2f57815a321581b68efc76bb404a4ac78c46934bf64545c04","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1064","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"videoconverter_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"ZXT2007 Video Converter                                     ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"48505bb9fbe719fc449270bc0a62c507","hashSHA1":"5c9b200d04b9e09a27319e288ca1c18468948e50","hashSHA256":"9e8d531d132a686ab3790cc80ce292fa3a64a972137e87859e0f40a5ad5d1b91","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1064","avBlockList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","COMODO Antivirus (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)","Windows Defender (20230608)"],"avAllowList":["Dr.Web Security Space (20230608)","K7 Total Security (20230608)","Trend Micro Internet Security (20230608)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://en.zxt2007.com/video-tools/freevideoconverter.html","directDownloadingLink":"http://en.zxt2007.com/download/videoconverter_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/videoconverter_setup.exe","sourceIndex":"1064"}],"sampleFiles":["230601/ZXT2007VideoConverter-230601/2.4.3.0/Samples/videoconverter_setup.exe"],"imageFiles":["230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-109/ACR-109.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-043/ACR-043.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-042/ACR-042.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-048/ACR-048.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-007/ACR-007.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-010/ACR-010.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-013/ACR-013.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-118/ACR-118.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-057/ACR-057.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-059/ACR-059.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-060/ACR-060.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-071/ACR-071.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-045/ACR-045.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-106/ACR-106.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-092/ACR-092.JPG","230601/ZXT2007VideoConverter-230601/2.4.3.0/Images/ACR-123/ACR-123.JPG"],"guid":"f90ac2fa-ac0d-428a-a314-71dd352ad422_2.4.3.0_1","appID":"ZXT2007VideoConverter-230601","dateAdded":"230601","deceptorType":"Bundler","name":"ZXT2007 Video Converter","company":"zxt2007.com","version":"2.4.3.0","sigName":"","lastKnownStatus":"2.4.3.0","lastKnownDate":"230601","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2023-06-02T00:03:47.5238665+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":948},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"movietogif_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Movie To GIF       ","fileVersion":"3.1.0.0","hashMD5":"96d66417b56824c1b8ce78aeeb27eab6","hashSHA1":"c619d0cb6a647c93abaa79d31e1a828ed919f0cd","hashSHA256":"8386949aeb857cf793c46effc55dcc93fd3181334f1e10d361ad5f3b238eaec0","digitalCertThumbprint":"F9283AF7C9A41620F82A6E97A447E47D12070ABB","digitalCertIssuer":"CN=TalentPersonal","digitalCertIssuedTo":"CN=TalentPersonal","sourceIndex":"1557","avBlockList":["360 Total Security (20230606)","Avast Premium Security (20230606)","AVG Internet Security (20230606)","Avira Internet Security (20230606)","Bitdefender Internet Security (20230606)","COMODO Antivirus (20230606)","Dr.Web Security Space (20230606)","ESET Internet Security (20230606)","G DATA INTERNET SECURITY (20230606)","K7 Total Security (20230606)","Kaspersky Internet Security (20230606)","Malwarebytes Premium (20230606)","McAfee Total Protection (20230606)","Norton Security (20230606)","Panda Dome (20230606)","Quick Heal Internet Security (20230606)","Sophos Home Premium (20230606)","SpyHunter5 (20230606)","Total AV Antivirus Pro (20230606)","Trend Micro Internet Security (20230606)","VIPRE Advanced Security (20230606)","VirIT eXplorer PRO (20230606)","Webroot SecureAnywhere (20230606)","Windows Defender (20230606)"],"avAllowList":["Tencent PC Manager (20220728)"]},{"isRevoked":"False","fileName":"VideoToGif.exe","productName":"Movie To GIF","fileVersion":"3.1.0.0","hashMD5":"c4e762ccfbcfaca19d0bb65d2f397394","hashSHA1":"7c9592385879342f4d49402ca60e686c184519ff","hashSHA256":"1a625a9dddd57362fa35c36561bf4d71f8d03fdddadf652a62e0174fff3ffd35","sourceIndex":"1557","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"zxt2007.com freeware","reference":"","landingPage":"http://en.zxt2007.com/video-tools/movietogif.html ","directDownloadingLink":"http://en.zxt2007.com/download/movietogif_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/movietogif_setup.exe","sourceIndex":"1557"}],"sampleFiles":["220614/MovietoGIF-220610/3.1.0.0/Samples/movietogif_setup.exe","220614/MovietoGIF-220610/3.1.0.0/Samples/VideoToGif.exe"],"imageFiles":["220614/MovietoGIF-220610/3.1.0.0/Images/ACR-109/ACR-109_039_048_RKsetup.jpg","220614/MovietoGIF-220610/3.1.0.0/Images/ACR-048/ACR-109_039_048_RKsetup.jpg","220614/MovietoGIF-220610/3.1.0.0/Images/ACR-010/RelevantKnowledge.jpg","220614/MovietoGIF-220610/3.1.0.0/Images/ACR-118/ACR-118_Remants.jpg","220614/MovietoGIF-220610/3.1.0.0/Images/ACR-057/RelevantKnowledge.jpg","220614/MovietoGIF-220610/3.1.0.0/Images/ACR-059/RelevantKnowledge.jpg","220614/MovietoGIF-220610/3.1.0.0/Images/ACR-071/RelevantKnowledge.jpg","220614/MovietoGIF-220610/3.1.0.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220614/MovietoGIF-220610/3.1.0.0/Images/ACR-065/RelevantKnowledge.jpg","220614/MovietoGIF-220610/3.1.0.0/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"8c0be404-4231-4773-9fff-b9059bec39bd_3.1.0.0_1","appID":"MovietoGIF-220610","dateAdded":"230601","deceptorType":"App","name":"Movie to GIF","company":"zxt2007.com","version":"3.1.0.0","lastKnownStatus":"3.1.0.0;3.2.0.0","lastKnownDate":"230601","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-06-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":950},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Inverted Image\\Inverted.exe","companyName":"zxt2007.com","productName":"Inverted Image","productVersion":"2.5.2.0","fileVersion":"2.5.2.0","hashMD5":"236364dc06170738e03ca9da151bb43f","hashSHA1":"cb202b98ed0d50bf974355f23305a4be5d7f580a","hashSHA256":"127e33defd46eae862f4fbdd53a61a723249d75e190e62951d51812da2b0a53d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1068","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"invertedimage_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Inverted Image                                              ","productVersion":"2.5.2.0                                           ","fileVersion":"2.5.2.0             ","hashMD5":"0205b61009a5d595fc2faf3017486e8d","hashSHA1":"af187d96032c42964e91ab5aaac4d0c27e31daa5","hashSHA256":"7088dde60ec7f7272b576ab46d9ad1223ed4901b2f57078967f4d7bda1ea63bf","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1068","avBlockList":["360 Total Security (20230824)","Avast Premium Security (20230824)","AVG Internet Security (20230824)","Avira Internet Security (20230824)","Bitdefender Internet Security (20230824)","COMODO Antivirus (20230824)","Dr.Web Security Space (20230824)","ESET Internet Security (20230824)","G DATA INTERNET SECURITY (20230824)","K7 Total Security (20230824)","Kaspersky Internet Security (20230824)","Malwarebytes Premium (20230824)","McAfee Total Protection (20230824)","Norton Security (20230824)","Panda Dome (20230824)","Quick Heal Internet Security (20230824)","Sophos Home Premium (20230824)","SpyHunter5 (20230824)","Total AV Antivirus Pro (20230824)","VIPRE Advanced Security (20230824)","VirIT eXplorer PRO (20230824)","Webroot SecureAnywhere (20230824)","Windows Defender (20230824)"],"avAllowList":["Trend Micro Internet Security (20230824)"]}],"additionalFiles":[],"sources":[{"howFound":"zxt2007.com freeware","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/invertedimage.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=invertedimage_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=invertedimage_setup.exe","sourceIndex":"1068"}],"sampleFiles":["230601/InvertedImage-220610/2.5.2.0/Samples/invertedimage_setup.exe"],"imageFiles":["230601/InvertedImage-220610/2.5.2.0/Images/ACR-109/ACR-109.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-043/ACR-043.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-042/ACR-042.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-048/ACR-048.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-007/ACR-007.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-010/ACR-010.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-118/ACR-118.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-057/ACR-057.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-059/ACR-059.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-071/ACR-071.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-155/ACR-155.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-013/ACR-013.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230601/InvertedImage-220610/2.5.2.0/Images/ACR-045/ACR-045.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-106/ACR-106.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-092/ACR-092.JPG","230601/InvertedImage-220610/2.5.2.0/Images/ACR-123/ACR-123.JPG"],"guid":"c3b55b44-c68c-4cdd-bafc-96914da5fd62_2.5.2.0_1","appID":"InvertedImage-220610","dateAdded":"230601","deceptorType":"App","name":"Inverted Image","company":"zxt2007.com","version":"2.5.2.0","lastKnownStatus":"2.4.2.0;2.5.2.0","lastKnownDate":"230601","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-06-01T23:09:20.5584001+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":951},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"Inverted.exe","companyName":"ZXT2007.com","productName":"Inverted Image","productVersion":"2.4.2.0","fileVersion":"2.4.2.0","hashMD5":"0b5c968c796ec4799c5b73406feee55b","hashSHA1":"48f834d41c90a64be6feec51225d66a3d06b9080","hashSHA256":"09233e479a3be17a3e88d377d4c2414b5bf23075327b5426a9485429919e0c03","sourceIndex":"1558","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"invertedimage_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Inverted Image      ","fileVersion":"2.4.2.0       ","hashMD5":"27c23ab52e94c8bfc236124234be2b75","hashSHA1":"d96cf1fda605fd88a5a14d7ea37186f68a3c84a5","hashSHA256":"d8b2c4b9e2e4352219af86b3f53a26955edcf6b6417d2e66027c4d4165ea0831","digitalCertThumbprint":"CB63529ED0F5FA356EB2801B5FAA196C97760C72","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=潍坊金网信息科技有限公司, O=潍坊金网信息科技有限公司, L=潍坊市, S=山东省, C=CN, SERIALNUMBER=91370700745698896P, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=潍坊高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=山东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"1558","avBlockList":["360 Total Security (20230606)","Avast Premium Security (20230606)","AVG Internet Security (20230606)","Avira Internet Security (20230606)","Bitdefender Internet Security (20230606)","COMODO Antivirus (20230606)","Dr.Web Security Space (20230606)","ESET Internet Security (20230606)","G DATA INTERNET SECURITY (20230606)","Kaspersky Internet Security (20230606)","Malwarebytes Premium (20230606)","McAfee Total Protection (20230606)","Norton Security (20230606)","Panda Dome (20230606)","Quick Heal Internet Security (20230606)","Sophos Home Premium (20230606)","SpyHunter5 (20230606)","Total AV Antivirus Pro (20230606)","VIPRE Advanced Security (20230606)","VirIT eXplorer PRO (20230606)","Webroot SecureAnywhere (20230606)","Windows Defender (20230606)"],"avAllowList":["K7 Total Security (20220728)","Tencent PC Manager (20220728)","Trend Micro Internet Security (20230606)"]}],"additionalFiles":[],"sources":[{"howFound":"zxt2007.com freeware","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/invertedimage.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=invertedimage_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=invertedimage_setup.exe","sourceIndex":"1558"}],"sampleFiles":["220614/InvertedImage-220610/2.4.2.0/Samples/Inverted.exe","220614/InvertedImage-220610/2.4.2.0/Samples/invertedimage_setup.exe"],"imageFiles":["220614/InvertedImage-220610/2.4.2.0/Images/ACR-109/ACR-109_039_048_RKsetup.jpg","220614/InvertedImage-220610/2.4.2.0/Images/ACR-048/ACR-109_039_048_RKsetup.jpg","220614/InvertedImage-220610/2.4.2.0/Images/ACR-010/RelevantKnowledge.jpg","220614/InvertedImage-220610/2.4.2.0/Images/ACR-118/ACR-118_Remnants.jpg","220614/InvertedImage-220610/2.4.2.0/Images/ACR-057/RelevantKnowledge.jpg","220614/InvertedImage-220610/2.4.2.0/Images/ACR-059/RelevantKnowledge.jpg","220614/InvertedImage-220610/2.4.2.0/Images/ACR-071/RelevantKnowledge.jpg","220614/InvertedImage-220610/2.4.2.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220614/InvertedImage-220610/2.4.2.0/Images/ACR-065/RelevantKnowledge.jpg","220614/InvertedImage-220610/2.4.2.0/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"c3b55b44-c68c-4cdd-bafc-96914da5fd62_2.4.2.0_1","appID":"InvertedImage-220610","dateAdded":"230601","deceptorType":"App","name":"Inverted Image","company":"zxt2007.com","version":"2.4.2.0","lastKnownStatus":"2.4.2.0;2.5.2.0","lastKnownDate":"230601","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-06-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":952},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":"The main executable is not digitally signed\n","ACR-123":"The app does not remove dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\ZXT2007 Software\\Movie To GIF\\VideoToGif.exe","companyName":"zxt2007.com","productName":"Movie To GIF","productVersion":"3.2.0.0","fileVersion":"3.2.0.0","hashMD5":"282bde46456d36cd3d352e92532f9634","hashSHA1":"0341ea89902db3cd05731f00996dea54131d7115","hashSHA256":"b293a7057849d1b8d9065180314a0834b75351c6ef266805edf97de47007c430","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1066","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"movietogif_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Movie To GIF                                                ","productVersion":"3.2.0.0                                           ","fileVersion":"3.2.0.0             ","hashMD5":"d219131952280e95a1ef3451c165dc9e","hashSHA1":"678aa0cf247a030e140cb3f93f00ebdc195f4a19","hashSHA256":"08627bf55af8f181686304826edfa98dae3f6666a2dafad397c00968683c3ad9","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1066","avBlockList":["360 Total Security (20230829)","Avast Premium Security (20230829)","AVG Internet Security (20230829)","Avira Internet Security (20230829)","Bitdefender Internet Security (20230829)","COMODO Antivirus (20230829)","Dr.Web Security Space (20230829)","ESET Internet Security (20230829)","G DATA INTERNET SECURITY (20230829)","K7 Total Security (20230829)","Kaspersky Internet Security (20230829)","Malwarebytes Premium (20230829)","McAfee Total Protection (20230829)","Norton Security (20230829)","Panda Dome (20230829)","Quick Heal Internet Security (20230829)","Sophos Home Premium (20230829)","SpyHunter5 (20230829)","Total AV Antivirus Pro (20230829)","VIPRE Advanced Security (20230829)","VirIT eXplorer PRO (20230829)","Webroot SecureAnywhere (20230829)","Windows Defender (20230829)"],"avAllowList":["Trend Micro Internet Security (20230829)"]}],"additionalFiles":[],"sources":[{"howFound":"zxt2007.com freeware","reference":"","landingPage":"http://en.zxt2007.com/video-tools/movietogif.html ","directDownloadingLink":"http://en.zxt2007.com/download/movietogif_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download/movietogif_setup.exe","sourceIndex":"1066"}],"sampleFiles":["230601/MovietoGIF-220610/3.2.0.0/Samples/movietogif_setup.exe"],"imageFiles":["230601/MovietoGIF-220610/3.2.0.0/Images/ACR-109/ACR-109.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-043/ACR-043.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-042/ACR-042.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-048/ACR-048.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-007/ACR-007.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-010/ACR-010.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-118/ACR-118.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-057/ACR-057.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-059/ACR-059.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-071/ACR-071.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-155/ACR-155.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-013/ACR-013.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230601/MovietoGIF-220610/3.2.0.0/Images/ACR-045/ACR-045.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-106/ACR-106.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-092/ACR-092.JPG","230601/MovietoGIF-220610/3.2.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"8c0be404-4231-4773-9fff-b9059bec39bd_3.2.0.0_1","appID":"MovietoGIF-220610","dateAdded":"230601","deceptorType":"App","name":"Movie to GIF","company":"zxt2007.com","version":"3.2.0.0","lastKnownStatus":"3.1.0.0;3.2.0.0","lastKnownDate":"230601","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2023-06-01T23:34:11.283963+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":949},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" and other components on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":" The main executable is not digitally signed. \n\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Any To GIF\\AnyToGif.exe","companyName":"zxt2007.com","productName":"Any to GIF","productVersion":"1.0.5.0","fileVersion":"1.0.5.0","hashMD5":"6fe823e4e3f256e00dcd08d403e65db5","hashSHA1":"55101a74b9962417f4ac4b648fe4aa5e1a248a92","hashSHA256":"0090de37e73466c6a520f95e964f615279ccb5dd06914e8d0cc81560d64e73fb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1072","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anytogif_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Any To GIF                                                  ","productVersion":"1.0.5.0                                           ","fileVersion":"1.0.5.0             ","hashMD5":"7ff932893805bb4b486915864d0c69fc","hashSHA1":"d5db035b8640f7a3de68f2f882611f90e0514d7b","hashSHA256":"d2cb5501a4ddf3a715961d52b0a371a0cc1935bc12154c2e0f3667a1f6de7c18","digitalCertThumbprint":"712DF3A60A8F334303B1E517176B87B88C7C25D5","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"张晓彤","storeId":"","sourceIndex":"1072","avBlockList":["360 Total Security (20230831)","Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","Bitdefender Internet Security (20230831)","COMODO Antivirus (20230831)","Dr.Web Security Space (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Kaspersky Internet Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)","Windows Defender (20230831)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/anytogif.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=anytogif_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=anytogif_setup.exe","sourceIndex":"1072"}],"sampleFiles":["230531/AnytoGIF-220607/1.0.5.0/Samples/anytogif_setup.exe"],"imageFiles":["230531/AnytoGIF-220607/1.0.5.0/Images/ACR-109/ACR-109.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-043/ACR-043.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-042/ACR-042.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-048/ACR-048.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-007/ACR-007.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-010/ACR-010.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-118/ACR-118.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-057/ACR-057.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-059/ACR-059.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-071/ACR-071.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-155/ACR-155.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-013/ACR-013.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230531/AnytoGIF-220607/1.0.5.0/Images/ACR-045/ACR-045.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-106/ACR-106.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-092/ACR-092.JPG","230531/AnytoGIF-220607/1.0.5.0/Images/ACR-123/ACR-123.JPG"],"guid":"d0da8d60-6da3-4e16-9a09-e97e09fb1b6c_1.0.5.0_1","appID":"AnytoGIF-220607","dateAdded":"230531","deceptorType":"App","name":"Any to GIF","company":"zxt2007.com","version":"1.0.5.0","lastKnownStatus":"1.0.4.0;1.0.5.0","lastKnownDate":"230531","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-06-01T01:20:02.5320447+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":953},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n\n","ACR-048":"\nThe \"Decline\" button does not have any control. Upon clicking the button, it drops a RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-002":"The App Installer version is inconsistent between main app and its install (version 1.0.5.0 vs version 1.0.4.0) \nThe App's version is inconsistent between main app and its install (version 1.0.5.0 vs version 1.0.4.0) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-092":" The main executable is not digitally signed. \n\n"},"samples":[{"isRevoked":"False","fileName":"AnyToGif.exe","companyName":"zxt2007.com","productName":"Any to GIF","fileVersion":"1.0.5.0","hashMD5":"6fe823e4e3f256e00dcd08d403e65db5","hashSHA1":"55101a74b9962417f4ac4b648fe4aa5e1a248a92","hashSHA256":"0090de37e73466c6a520f95e964f615279ccb5dd06914e8d0cc81560d64e73fb","sourceIndex":"1566","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anytogif_setup.exe","isInstaller":"True","companyName":"zxt2007.com                                                 ","productName":"Any To GIF         ","fileVersion":"1.0.4.0     ","hashMD5":"6193243d5f157a4334b8c3a8bd8e3dc1","hashSHA1":"2f9700a4922748f7a0acb199308775fe2e8baf86","hashSHA256":"1b6fb368ec5670b9f4f4fe8333ff603a73cdd17ef89930e228fb6a0d9b9ffecc","digitalCertThumbprint":"CB63529ED0F5FA356EB2801B5FAA196C97760C72","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=潍坊金网信息科技有限公司, O=潍坊金网信息科技有限公司, L=潍坊市, S=山东省, C=CN, SERIALNUMBER=91370700745698896P, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=潍坊高新技术产业开发区, OID.1.3.6.1.4.1.311.60.2.1.2=山东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"1566","avBlockList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","COMODO Antivirus (20230608)","Dr.Web Security Space (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)","Windows Defender (20230608)"],"avAllowList":["K7 Total Security (20220728)","Tencent PC Manager (20220728)","Trend Micro Internet Security (20230608)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"http://en.zxt2007.com/picture-tools/anytogif.html","directDownloadingLink":"http://en.zxt2007.com/download.php?id=anytogif_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://en.zxt2007.com/download.php?id=anytogif_setup.exe","sourceIndex":"1566"}],"sampleFiles":["220607/AnytoGIF-220607/1.0.4.0/Samples/AnyToGif.exe","220607/AnytoGIF-220607/1.0.4.0/Samples/anytogif_setup.exe"],"imageFiles":["220607/AnytoGIF-220607/1.0.4.0/Images/ACR-109/ACR-109_048_RKSetup.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-048/ACR-109_048_RKSetup.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-010/RelevantKnowledge.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-118/ACR-118_Remnants.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-057/RelevantKnowledge.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-059/RelevantKnowledge.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-071/RelevantKnowledge.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220607/AnytoGIF-220607/1.0.4.0/Images/ACR-065/RelevantKnowledge.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-002/ACR-002_DifferentAppversion.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-106/RelevantKnowledge.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-092/ACR-092_NoDigiSig.jpg","220607/AnytoGIF-220607/1.0.4.0/Images/ACR-002/ACR-002_DifferentAppversion.jpg"],"guid":"d0da8d60-6da3-4e16-9a09-e97e09fb1b6c_1.0.4.0_1","appID":"AnytoGIF-220607","dateAdded":"230531","deceptorType":"App","name":"Any to GIF","company":"zxt2007.com","version":"1.0.4.0","lastKnownStatus":"1.0.4.0;1.0.5.0","lastKnownDate":"230531","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2023-05-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":954},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for any executable\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Convertidor de videos\\convertidor1.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"04d76fbdabadecd13b545f92e39a18db","hashSHA1":"a62e85dfb81c3ca3f8e84955aa120556e7e59181","hashSHA256":"61d4b63a6db9770130187b36459b66e29ee6033bc4c273389742bd8454424a18","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1079","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"convertidor.exe","isInstaller":"True","companyName":"convertidor-de-videos.com                                   ","productName":"Convertidor de videos                                       ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"0399bf999fa5aae8056117daad4c03f8","hashSHA1":"df4feca8fc69667da535f6f6895d4ac65e7c4495","hashSHA256":"9867c2270f98a3663c5ef10942c3df5bac90d832d4d8dbb5cbf5eb061697c60c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1079","avBlockList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","COMODO Antivirus (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","K7 Total Security (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","Trend Micro Internet Security (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)","Windows Defender (20230608)"],"avAllowList":["Dr.Web Security Space (20230608)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on RK installer","reference":"","landingPage":"http://www.convertidor-de-videos.com/","directDownloadingLink":"http://www.convertidor-de-videos.com/download/convertidor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.convertidor-de-videos.com/download/convertidor.exe","sourceIndex":"1079"}],"sampleFiles":["230530/VideoConverter-230525/1.0/Samples/convertidor.exe"],"imageFiles":["230530/VideoConverter-230525/1.0/Images/ACR-109/ACR-109.JPG","230530/VideoConverter-230525/1.0/Images/ACR-043/ACR-043.JPG","230530/VideoConverter-230525/1.0/Images/ACR-042/ACR-042.JPG","230530/VideoConverter-230525/1.0/Images/ACR-048/ACR-048.JPG","230530/VideoConverter-230525/1.0/Images/ACR-007/ACR-007.JPG","230530/VideoConverter-230525/1.0/Images/ACR-010/ACR-010.JPG","230530/VideoConverter-230525/1.0/Images/ACR-013/ACR-013.JPG","230530/VideoConverter-230525/1.0/Images/ACR-118/ACR-118.JPG","230530/VideoConverter-230525/1.0/Images/ACR-057/ACR-057.JPG","230530/VideoConverter-230525/1.0/Images/ACR-059/ACR-059.JPG","230530/VideoConverter-230525/1.0/Images/ACR-060/ACR-060.JPG","230530/VideoConverter-230525/1.0/Images/ACR-071/ACR-071.JPG","230530/VideoConverter-230525/1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["230530/VideoConverter-230525/1.0/Images/ACR-045/ACR-045.JPG","230530/VideoConverter-230525/1.0/Images/ACR-106/ACR-106.JPG","230530/VideoConverter-230525/1.0/Images/ACR-092/ACR-092.JPG","230530/VideoConverter-230525/1.0/Images/ACR-123/ACR-123.JPG"],"guid":"39ba6474-1a10-4984-bd8e-07be2ce04ff7_1.0_1","appID":"VideoConverter-230525","dateAdded":"230530","deceptorType":"Bundler","name":"Video Converter","company":"convertidor-de-videos.com","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"230530","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2023-05-30T23:09:50.4127723+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":955},{"violations":{"ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-007":"The app does not display any warning message when Windows security component \"Security Health\" is disabled that will reduce the default system security in the Startup manager within the app\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-057":"The app bundles the \"Yandex Browser\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Yandex Browser\" offer cannot be declined independently during the installation. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"An offered app is not clearly marked as an offer and it is not recognizable as an offer.\n","ACR-155":"The \"Yandex Browser\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TelamonCleaner_id6470a9d89b04byx.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"6dae93696dfa8091e2bf8e979c7464da","hashSHA1":"0946d1bde52465564100b6917cfaad747e81231d","hashSHA256":"dfaf99e4391b69a2d65ad0ffbb831d661c4682d95296b019aa66850fcea0e2de","digitalCertThumbprint":"C82D07E2178A98708DEF6430EC1ADFEF55D7CF9D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Yard Star, TOO\", O=\"Yard Star, TOO\", S=Kostanayskaya oblast', C=KZ, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KZ, SERIALNUMBER=220340024072","sourceIndex":"505","avBlockList":["Avast Premium Security (20230914)","AVG Internet Security (20230914)","Avira Internet Security (20230914)","COMODO Antivirus (20230914)","Dr.Web Security Space (20230914)","ESET Internet Security (20230914)","G DATA INTERNET SECURITY (20230914)","K7 Total Security (20230914)","Malwarebytes Premium (20230914)","McAfee Total Protection (20230914)","Norton Security (20230914)","Panda Dome (20230914)","Quick Heal Internet Security (20230914)","Sophos Home Premium (20230914)","SpyHunter5 (20230914)","Total AV Antivirus Pro (20230914)","Trend Micro Internet Security (20230914)","VirIT eXplorer PRO (20230914)","Webroot SecureAnywhere (20230914)","Windows Defender (20230914)"],"avAllowList":["360 Total Security (20230914)","Bitdefender Internet Security (20230914)","Kaspersky Internet Security (20230914)","VIPRE Advanced Security (20230914)"]},{"isRevoked":"False","fileName":"tt-cleaner.exe","fileVersion":"1.0","hashMD5":"e4c150ab534a6627a70b8c8599e6420a","hashSHA1":"7ab8ecc6c7f8d866ddf8801371dadc8becdc6527","hashSHA256":"8960d9e23d5c7fce0dca71bb0181ba9c3600e0323f76c48271c528a7c5ec528e","digitalCertThumbprint":"C82D07E2178A98708DEF6430EC1ADFEF55D7CF9D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Yard Star, TOO\", O=\"Yard Star, TOO\", S=Kostanayskaya oblast', C=KZ, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KZ, SERIALNUMBER=220340024072","sourceIndex":"505","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://dwnld4.tlmntls.com/yndx/TelamonCleaner.exe?clid=6470a9d89b04byx&sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dwnld4.tlmntls.com/yndx/TelamonCleaner.exe?clid=6470a9d89b04byx&sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","sourceIndex":"505"}],"sampleFiles":["230530/TelamonCleaner-200701/1.0.276.0/Samples/TelamonCleaner_id6470a9d89b04byx.exe","230530/TelamonCleaner-200701/1.0.276.0/Samples/tt-cleaner.exe"],"imageFiles":["230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-043/Screen Shot 2023-05-03 at 6.28.53 PM.png","230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-107/Screen Shot 2023-05-03 at 6.28.53 PM.png","230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-007/SecurityHealth.jpg","230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-057/Yandex.jpg","230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-059/Yandex.jpg","230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-071/Yandex.jpg","230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-155/Yandex.jpg","230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-013/Yandex.jpg","230530/TelamonCleaner-200701/1.0.276.0/Images/ACR-060/Yandex.jpg"],"nonDeceptorImageFiles":[],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.276.0_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.276.0","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2026-05-04T14:37:22.1330554+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":956},{"violations":{"ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-007":"The app does not display any warning message when Windows security component \"Security Health\" is disabled that will reduce the default system security in the Startup manager within the app\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-057":"The app bundles the \"Yandex Browser\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Yandex Browser\" offer cannot be declined independently during the installation. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"An offered app is not clearly marked as an offer and it is not recognizable as an offer\n","ACR-155":"The \"Yandex Browser\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TelamonCleaner_id8ea48a2203941tm.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"e49b45f431e3cd442b2fd279c0e33ddc","hashSHA1":"abf8e708b7f0493d1df341de0bf3d92341b65ea0","hashSHA256":"333c2deffcff5aebfdcb63d947de97238dc4ddf5baf68c9dc02e4dbd235bf6fb","digitalCertThumbprint":"C82D07E2178A98708DEF6430EC1ADFEF55D7CF9D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Yard Star, TOO\", O=\"Yard Star, TOO\", S=Kostanayskaya oblast', C=KZ, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KZ, SERIALNUMBER=220340024072","sourceIndex":"1101","avBlockList":["Avast Premium Security (20230720)","AVG Internet Security (20230720)","Avira Internet Security (20230720)","Bitdefender Internet Security (20230720)","COMODO Antivirus (20230720)","Dr.Web Security Space (20230720)","ESET Internet Security (20230720)","G DATA INTERNET SECURITY (20230720)","K7 Total Security (20230720)","Malwarebytes Premium (20230720)","McAfee Total Protection (20230720)","Norton Security (20230720)","Panda Dome (20230720)","Quick Heal Internet Security (20230720)","Sophos Home Premium (20230720)","SpyHunter5 (20230720)","Total AV Antivirus Pro (20230720)","VIPRE Advanced Security (20230720)","VirIT eXplorer PRO (20230720)","Webroot SecureAnywhere (20230720)","Windows Defender (20230720)"],"avAllowList":["360 Total Security (20230720)","Kaspersky Internet Security (20230720)","Trend Micro Internet Security (20230720)"]},{"isRevoked":"False","fileName":"tt-cleaner.exe","fileVersion":"1.0","hashMD5":"dad30428ab44f393d95ce02ea6b04854","hashSHA1":"d2c45bc9989a4c206f512bb976be56c087b11515","hashSHA256":"37728b3f44b169470f059dfc806cd4be694887f93222f32efb57248490e9afd6","digitalCertThumbprint":"C82D07E2178A98708DEF6430EC1ADFEF55D7CF9D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Yard Star, TOO\", O=\"Yard Star, TOO\", S=Kostanayskaya oblast', C=KZ, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KZ, SERIALNUMBER=220340024072","sourceIndex":"1101","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://dwnld4.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dwnld4.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","sourceIndex":"1101"}],"sampleFiles":["230517/TelamonCleaner-200701/1.0.275.0/Samples/TelamonCleaner_id8ea48a2203941tm.exe","230517/TelamonCleaner-200701/1.0.275.0/Samples/tt-cleaner.exe"],"imageFiles":["230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-043/Screen Shot 2023-05-03 at 6.28.53 PM.png","230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-107/Screen Shot 2023-05-03 at 6.28.53 PM.png","230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-007/SecHealth.jpg","230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-057/Yandex.jpg","230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-059/Yandex.jpg","230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-071/Yandex.jpg","230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-155/Yandex.jpg","230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-013/Yandex.jpg","230517/TelamonCleaner-200701/1.0.275.0/Images/ACR-060/Yandex.jpg"],"nonDeceptorImageFiles":[],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.275.0_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.275.0","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2026-05-04T14:37:40.609777+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":957},{"violations":{"ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-007":"The app does not display any warning message when Windows security component \"Security Health\" is disabled that will reduce the default system security in the Startup manager within the app\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-057":"The app bundles the \"Yandex Browser\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Yandex Browser\" offer cannot be declined independently during the installation. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"An offered app is not clearly marked as an offer and it is not recognizable as an offer\n","ACR-155":"The \"Yandex Browser\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TelamonCleaner_id8ea48a2203941tm.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"7fcbab10afe635646300a5608be809ca","hashSHA1":"410a5c5d069628929dacd5f6d8eb955a7ce39c92","hashSHA256":"099e1fb694c9e00dc620a69e27985b96228a902017ae23d4b75c9823463075de","digitalCertThumbprint":"C82D07E2178A98708DEF6430EC1ADFEF55D7CF9D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Yard Star, TOO\", O=\"Yard Star, TOO\", S=Kostanayskaya oblast', C=KZ, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KZ, SERIALNUMBER=220340024072","sourceIndex":"1124","avBlockList":["Avast Premium Security (20230831)","AVG Internet Security (20230831)","Avira Internet Security (20230831)","COMODO Antivirus (20230831)","Dr.Web Security Space (20230831)","ESET Internet Security (20230831)","G DATA INTERNET SECURITY (20230831)","K7 Total Security (20230831)","Malwarebytes Premium (20230831)","McAfee Total Protection (20230831)","Norton Security (20230831)","Panda Dome (20230831)","Quick Heal Internet Security (20230831)","Sophos Home Premium (20230831)","SpyHunter5 (20230831)","Total AV Antivirus Pro (20230831)","VirIT eXplorer PRO (20230831)","Webroot SecureAnywhere (20230831)","Windows Defender (20230831)"],"avAllowList":["360 Total Security (20230831)","Bitdefender Internet Security (20230831)","Kaspersky Internet Security (20230831)","Trend Micro Internet Security (20230831)","VIPRE Advanced Security (20230831)"]},{"isRevoked":"False","fileName":"tt-cleaner.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"952bad7c14d03e2d7bbc692357620731","hashSHA1":"5fd32499c2502a9f823925922e24c68b55198721","hashSHA256":"34b6dc4d9e87c9cdebcdcb3e6b9835d703a35d2609f96c7f3f52b039fb433298","digitalCertThumbprint":"C82D07E2178A98708DEF6430EC1ADFEF55D7CF9D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Yard Star, TOO\", O=\"Yard Star, TOO\", S=Kostanayskaya oblast', C=KZ, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KZ, SERIALNUMBER=220340024072","sourceIndex":"1124","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://dwnld4.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dwnld4.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","sourceIndex":"1124"}],"sampleFiles":["230504/TelamonCleaner-200701/1.0.274.0/Samples/TelamonCleaner_id8ea48a2203941tm.exe","230504/TelamonCleaner-200701/1.0.274.0/Samples/tt-cleaner.exe"],"imageFiles":["230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-043/Screen Shot 2023-05-03 at 6.28.53 PM.png","230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-107/Screen Shot 2023-05-03 at 6.28.53 PM.png","230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-007/Screen Shot 2023-05-03 at 6.26.57 PM.png","230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-057/Screen Shot 2023-05-03 at 6.14.42 PM.png","230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-059/Screen Shot 2023-05-03 at 6.14.42 PM.png","230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-071/Screen Shot 2023-05-03 at 6.14.42 PM.png","230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-155/Screen Shot 2023-05-03 at 6.14.42 PM.png","230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-013/Screen Shot 2023-05-03 at 6.14.42 PM.png","230504/TelamonCleaner-200701/1.0.274.0/Images/ACR-060/Screen Shot 2023-05-03 at 6.14.42 PM.png"],"nonDeceptorImageFiles":[],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.274.0_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.274.0","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2026-05-04T14:37:41.3515148+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":958},{"violations":{"ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-007":"The app does not display any warning message when Windows security component \"Security Health\" is disabled that will reduce the default system security in the Startup manager within the app\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-057":"The app bundles the \"Yandex Browser\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Yandex Browser\" offer cannot be declined independently during the installation. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-055":"Accept/Decline options are not made obvious nor clearly displayed in the offer.\n","ACR-059":"An offered app is not clearly marked as an offer and it is not recognizable as an offer\n","ACR-155":"The \"Yandex Browser\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TelamonCleaner_id8ea48a2203941tm.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"8ee72f52ec769ace91f8e1ef698c2ca4","hashSHA1":"c9103fb08508ffa53d956f086206d7035a8b375f","hashSHA256":"c966b5d580c4f0347d5023078cec3d0600bfbdeece8ebe00651cb983bdd1116e","digitalCertThumbprint":"F3C560F749157F39073064DBFF393D3C9E16C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"YARD STAR, TOO\", O=\"YARD STAR, TOO\", S=Karagandinskaya oblast', C=KZ","sourceIndex":"1139","avBlockList":["Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","Bitdefender Internet Security (20230504)","COMODO Antivirus (20230504)","Dr.Web Security Space (20230504)","ESET Internet Security (20230504)","K7 Total Security (20230504)","Malwarebytes Premium (20230504)","McAfee Total Protection (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Quick Heal Internet Security (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","VIPRE Advanced Security (20230504)","VirIT eXplorer PRO (20230504)","Webroot SecureAnywhere (20230504)","Windows Defender (20230504)"],"avAllowList":["360 Total Security (20230504)","G DATA INTERNET SECURITY (20230504)","Kaspersky Internet Security (20230504)","Trend Micro Internet Security (20230504)"]},{"isRevoked":"False","fileName":"tt-cleaner.exe","fileVersion":"1.0","hashMD5":"7714d9d22f00ac15eb998a2f515500ef","hashSHA1":"bc6de7dde35ac6116b6e6ed8263e296d42d42863","hashSHA256":"77efec88112943a2d235b14112f610c057022243d211d4f1b732f34992d7bab2","digitalCertThumbprint":"F3C560F749157F39073064DBFF393D3C9E16C024","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"YARD STAR, TOO\", O=\"YARD STAR, TOO\", S=Karagandinskaya oblast', C=KZ","sourceIndex":"1139","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://download.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=","sourceIndex":"1139"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://dwnld4.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dwnld4.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","sourceIndex":"1140"}],"sampleFiles":["230427/TelamonCleaner-200701/1.0.269.0/Samples/TelamonCleaner_id8ea48a2203941tm.exe","230427/TelamonCleaner-200701/1.0.269.0/Samples/tt-cleaner.exe"],"imageFiles":["230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-043/ACR-043_107.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-055/ACR-013_060_57_71_055_059_155.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-107/ACR-043_107.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-007/ACR-007.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-057/ACR-013_060_57_71_055_059_155.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-059/ACR-013_060_57_71_055_059_155.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-071/ACR-013_060_57_71_055_059_155.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-155/ACR-013_060_57_71_055_059_155.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-013/ACR-013_060_57_71_055_059_155.jpg","230427/TelamonCleaner-200701/1.0.269.0/Images/ACR-060/ACR-013_060_57_71_055_059_155.jpg"],"nonDeceptorImageFiles":[],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.269.0_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.269.0","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2026-05-04T14:37:41.8142134+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":959},{"violations":{"ACR-043":"Third-party \"The Qt Company Ltd\" components are installed without any disclosure\n","ACR-107":"The app does not obtain any authorization for using third-party \"The Qt Company Ltd\" components\n","ACR-007":"The app does not display any warning message when Windows security component \"Security Health\" is disabled that will reduce the default system security in the Startup manager within the app\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-103":"Unable to verify app value proposition as it does not detect well known in the wild 22+ malwares and 100+ PUA/PUP\n","ACR-057":"The app bundles the \"Yandex Browser\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Yandex Browser\" offer cannot be declined independently during the installation. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-055":"Accept/Decline options are not made obvious nor clearly displayed in the offer.\n","ACR-059":"An offered app is not clearly marked as an offer and it is not recognizable as an offer\n","ACR-155":"The \"Yandex Browser\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Telamon Cleaner\\tt-cleaner.exe","companyName":"","productName":"Telamon Cleaner","productVersion":"1.0.268","fileVersion":"1.0.268","hashMD5":"5ef9f44f782848af213a02254c28fe49","hashSHA1":"c371685dccd1ab09d37fe8bcf1fc12d5e392ead7","hashSHA256":"27aa3f6401230f0d94a5574ad18574b25b2efd914ef5094356fbac88eff2584a","digitalCertThumbprint":"F3C560F749157F39073064DBFF393D3C9E16C024","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"YARD STAR TOO","storeId":"","sourceIndex":"1155","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TelamonCleaner_id8ea48a2203941tm.exe","isInstaller":"True","companyName":"                                                            ","productName":"Telamon Cleaner                                             ","productVersion":"1.0.268                                           ","fileVersion":"1.0.268.0           ","hashMD5":"179c924f2cc408caf58c3f8e502f019e","hashSHA1":"ab07017d442630e5d61f25858ef36f6cf709d6c4","hashSHA256":"514f2a7a2fa36af0e04654309307668ea5d00d6e72406543fb86fd6599fd0624","digitalCertThumbprint":"F3C560F749157F39073064DBFF393D3C9E16C024","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"YARD STAR TOO","storeId":"","sourceIndex":"1155","avBlockList":["Avast Premium Security (20230427)","AVG Internet Security (20230427)","Avira Internet Security (20230427)","Bitdefender Internet Security (20230427)","COMODO Antivirus (20230427)","Dr.Web Security Space (20230427)","ESET Internet Security (20230427)","G DATA INTERNET SECURITY (20230427)","K7 Total Security (20230427)","Malwarebytes Premium (20230427)","McAfee Total Protection (20230427)","Norton Security (20230427)","Panda Dome (20230427)","Quick Heal Internet Security (20230427)","Sophos Home Premium (20230427)","SpyHunter5 (20230427)","Total AV Antivirus Pro (20230427)","VIPRE Advanced Security (20230427)","VirIT eXplorer PRO (20230427)","Webroot SecureAnywhere (20230427)","Windows Defender (20230427)"],"avAllowList":["360 Total Security (20230427)","Kaspersky Internet Security (20230427)","Trend Micro Internet Security (20230427)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://download.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=","sourceIndex":"1155"}],"sampleFiles":["230418/TelamonCleaner-200701/1.0.268.0/Samples/TelamonCleaner_id8ea48a2203941tm.exe"],"imageFiles":["230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-043/ACR-043.JPG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-055/ACR-055.PNG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-107/ACR-107.JPG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-007/ACR-007.JPG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-103/ACR-103.JPG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-057/ACR-057.PNG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-059/ACR-059.PNG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-071/ACR-071.PNG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-155/ACR-155.PNG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-013/ACR-013.PNG","230418/TelamonCleaner-200701/1.0.268.0/Images/ACR-060/ACR-060.PNG"],"nonDeceptorImageFiles":[],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.268.0_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.268.0","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2026-05-04T14:37:42.2310472+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":960},{"violations":{"ACR-046":"Disclosures for the optional offer are not visible. The Yandex Offer is preselected in the installation and requires the user to uncheck a checkbox in order to decline the offer. \n","ACR-055":"Accept/Decline options are not made obvious nor clearly displayed in the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-099":"The app does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"TelamonCleaner_id8ea48a2203941tm.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"ae79ed7cd63d4e1d85df06df04d75c0a","hashSHA1":"2891ca5690cafe5aa3117c33750fd8d5062c0392","hashSHA256":"6bcb55b206ab589e9d6d2c61caf703b61f3a6d6debc17c69e27a719a64483880","digitalCertThumbprint":"C82D07E2178A98708DEF6430EC1ADFEF55D7CF9D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Yard Star, TOO\", O=\"Yard Star, TOO\", S=Kostanayskaya oblast', C=KZ, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KZ, SERIALNUMBER=220340024072","sourceIndex":"1275","avBlockList":["360 Total Security (20230103)","Avira Internet Security (20230103)","COMODO Antivirus (20230103)","Dr.Web Security Space (20230103)","ESET Internet Security (20230103)","G DATA INTERNET SECURITY (20230103)","K7 Total Security (20230103)","Malwarebytes Premium (20230103)","McAfee Total Protection (20230103)","Norton Security (20230103)","Panda Dome (20230103)","Quick Heal Internet Security (20230103)","Sophos Home Premium (20230103)","SpyHunter5 (20230103)","Total AV Antivirus Pro (20230103)","VirIT eXplorer PRO (20230103)","Webroot SecureAnywhere (20230103)","Windows Defender (20230103)"],"avAllowList":["Avast Premium Security (20230103)","AVG Internet Security (20230103)","Bitdefender Internet Security (20230103)","Kaspersky Internet Security (20230103)","Trend Micro Internet Security (20230103)","VIPRE Advanced Security (20230103)"]},{"isRevoked":"False","fileName":"tt-cleaner.exe","fileVersion":"1.0","hashMD5":"f1c014fdddaddde08688fa2b67293e44","hashSHA1":"042461311f576603873acdf1486b7677fe792344","hashSHA256":"d540c5c63ac7d10a3f2d80b626118de8f7c9f8cf0b8cfbee31e43ea216360436","digitalCertThumbprint":"C82D07E2178A98708DEF6430EC1ADFEF55D7CF9D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Yard Star, TOO\", O=\"Yard Star, TOO\", S=Kostanayskaya oblast', C=KZ, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KZ, SERIALNUMBER=220340024072","sourceIndex":"1275","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://dwnld4.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dwnld4.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","sourceIndex":"1275"},{"howFound":"","reference":"","landingPage":"https://telamoncleaner.pro/","ipv4":"","ipv6":"","sourceIndex":"1276"}],"sampleFiles":["221208/TelamonCleaner-200701/1.0.245/Samples/TelamonCleaner_id8ea48a2203941tm.exe","221208/TelamonCleaner-200701/1.0.245/Samples/tt-cleaner.exe"],"imageFiles":["221208/TelamonCleaner-200701/1.0.245/Images/ACR-046/ACR-046_YandexOffer.jpg","221208/TelamonCleaner-200701/1.0.245/Images/ACR-055/ACR-055_YandexOffer.jpg"],"nonDeceptorImageFiles":["221208/TelamonCleaner-200701/1.0.245/Images/ACR-065/ACR-065_Install.jpg","221208/TelamonCleaner-200701/1.0.245/Images/ACR-065/ACR-065_Telamon.jpg","221208/TelamonCleaner-200701/1.0.245/Images/ACR-099/ACR-099_Telamon.jpg"],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.245_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.245","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2026-05-04T14:37:46.9035779+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":961},{"violations":{"ACR-048":"After first launch, consumer cannot close and cancel, which limits the consumer's ability to stop the installation.\n","ACR-004":"The reported items are not substantiated. The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\".\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the EULA, Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offers page does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The internal offers shopping cart page has opt-in/opt-out check boxes pre-checked.\n"},"samples":[{"isRevoked":"False","fileName":"TelamonCleaner_id8ea48a2203941tm.exe","isInstaller":"True","companyName":"Telamon Tools","fileVersion":"1.0","hashMD5":"018b221c9b1cb3d0d3bb463d67ec4169","hashSHA1":"22bdf8756c843d1dc8888cb848168af67d8f2649","hashSHA256":"1f167460b2fa472694f5827e68986c7554e4a84de5e4051633e29cf2017b5b15","digitalCertThumbprint":"8559F1698E5BD9EA7B597FE16D8D5FBC25973AA8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Argo Enterprise, LLC\", O=\"Argo Enterprise, LLC\", STREET=\"d. 3 litera A kv. 52, ul. Zhukova\", L=St. Petersburg, PostalCode=195197, C=RU","sourceIndex":"1872","avBlockList":["Avast Premium Security (20210610)","AVG Internet Security (20210610)","Avira Internet Security (20210610)","Bitdefender Internet Security (20210610)","COMODO Antivirus (20210610)","Dr.Web Security Space (20210610)","ESET Internet Security (20210610)","G DATA INTERNET SECURITY (20210610)","K7 Total Security (20210610)","Malwarebytes Premium (20210610)","McAfee Total Protection (20210610)","Norton Security (20210610)","Panda Dome (20210610)","Quick Heal Internet Security (20210610)","Sophos Home Premium (20210610)","SpyHunter5 (20210610)","Total AV Antivirus Pro (20210610)","Trend Micro Internet Security (20210610)","VIPRE Advanced Security (20210610)","VirIT eXplorer PRO (20210610)","Webroot SecureAnywhere (20210610)","Windows Defender (20210610)"],"avAllowList":["360 Total Security (20210610)","Kaspersky Internet Security (20210610)","Tencent PC Manager (20210610)"]},{"isRevoked":"False","fileName":"tt-cleaner.exe","fileVersion":"1.0","hashMD5":"b4c805deaeb7cf4dc661af35f3d86d1d","hashSHA1":"b653c909b5abd5b4179a5b650157106f0b6fa4c6","hashSHA256":"2cce9b862bf504cb34712a029117e1791740bfb27b52f88c4993149b594f5b4e","digitalCertThumbprint":"8559F1698E5BD9EA7B597FE16D8D5FBC25973AA8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Argo Enterprise, LLC\", O=\"Argo Enterprise, LLC\", STREET=\"d. 3 litera A kv. 52, ul. Zhukova\", L=St. Petersburg, PostalCode=195197, C=RU","sourceIndex":"1872","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://dwnld.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dwnld.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=&extra1=&utm_content=&utm_campaign=&utm_medium=&utm_source=","sourceIndex":"1872"}],"sampleFiles":["210519/TelamonCleaner-200701/1.0.134/Samples/TelamonCleaner_id8ea48a2203941tm.exe","210519/TelamonCleaner-200701/1.0.134/Samples/tt-cleaner.exe"],"imageFiles":["210519/TelamonCleaner-200701/1.0.134/Images/ACR-048/TelamonCleaner_Install [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-048/TelamonCleaner_Interactions [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-004/TelamonCleaner_Interactions [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-004/TelamonCleaner_Interactions [2].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-004/TelamonCleaner_Interactions [3].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-084/TelamonCleaner_Install [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-084/TelamonCleaner_Interactions [1].png"],"nonDeceptorImageFiles":["210519/TelamonCleaner-200701/1.0.134/Images/ACR-040/TelamonCleaner_Files [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-065/TelamonCleaner_Install [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-065/TelamonCleaner_Interactions [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-065/TelamonCleaner_Interactions [2].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-065/TelamonCleaner_LandingPage [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-065/TelamonCleaner_OfferPage [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-099/TelamonCleaner_Interactions [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-099/TelamonCleaner_LandingPage [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-099/TelamonCleaner_OfferPage [1].png","210519/TelamonCleaner-200701/1.0.134/Images/ACR-171/TelamonCleaner_OfferPage [2].png"],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.134_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.134","sigName":"Deceptor:Win32/TelamonCleaner!004048084","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":963},{"violations":{"ACR-004":"The reported items are  not substantiated. The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TelamonCleaner_id5579f429cd4fdtm.exe","isInstaller":"True","companyName":"Telamon Tools","fileVersion":"1.0","hashMD5":"27aaf9b3bf14527db94393ddbe024aa4","hashSHA1":"76e30b6447af4c05ca58553cc0ebf5e20bc6959a","hashSHA256":"34189f925d5827dc7ae5cebc3c3782d35d025e062fe196ade1cca07739000e8f","digitalCertThumbprint":"BE252149CC4359EF734F22CD55E20A00FF06B91C","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Argo Enterprise, LLC\", O=\"Argo Enterprise, LLC\", STREET=d. 20 litera B pom. 14 per. Dekabristov, L=St. Petersburg, S=Leningradskaya, PostalCode=199155, C=RU","sourceIndex":"2385","avBlockList":["360 Total Security (20200928)","Avast Premium Security (20200928)","AVG Internet Security (20200928)","Avira Internet Security (20200928)","Bitdefender Internet Security (20200928)","Dr.Web Security Space (20200928)","ESET Internet Security (20200928)","G DATA INTERNET SECURITY (20200928)","K7 Total Security (20200928)","Malwarebytes Premium (20200928)","McAfee Total Protection (20200928)","Norton Security (20200928)","Panda Dome (20200928)","Sophos Home Premium (20200928)","SpyHunter5 (20200928)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20200928)","Trend Micro Internet Security (20200928)","VIPRE Advanced Security (20200928)","VirIT eXplorer PRO (20200928)","Webroot SecureAnywhere (20200928)","Windows Defender (20200928)"],"avAllowList":["COMODO Antivirus (20200928)","Kaspersky Internet Security (20200928)","Quick Heal Internet Security (20200928)"]},{"isRevoked":"False","fileName":"tt-cleaner.exe","fileVersion":"1.0","hashMD5":"4e3da433e4b76eb9f69e3ed64a087293","hashSHA1":"4a6572b4cca787ba610f434bd623fb7504da7b93","hashSHA256":"34ac4b8f69e22706b87ae55ec2489d36ec71935444cd7482be7da10af72a9900","digitalCertThumbprint":"BE252149CC4359EF734F22CD55E20A00FF06B91C","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Argo Enterprise, LLC\", O=\"Argo Enterprise, LLC\", STREET=d. 20 litera B pom. 14 per. Dekabristov, L=St. Petersburg, S=Leningradskaya, PostalCode=199155, C=RU","sourceIndex":"2385","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://download.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=","sourceIndex":"2385"}],"sampleFiles":["200713/TelamonCleaner-200701/1.0.95/Samples/TelamonCleaner_id5579f429cd4fdtm.exe","200713/TelamonCleaner-200701/1.0.95/Samples/tt-cleaner.exe"],"imageFiles":["200713/TelamonCleaner-200701/1.0.95/Images/ACR-004/Screen Shot 2020-07-01 at 2.38.18 PM.png","200713/TelamonCleaner-200701/1.0.95/Images/ACR-004/TelamonCleaner_004.JPG"],"nonDeceptorImageFiles":[],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.95_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.95","sigName":"Deceptor:Win32/TelamonCleaner!004","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2024-10-18T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":964},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for every installer.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\AutoClickerTyperSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Auto Clicker Typer                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3597d24d3b425456b21985f7cee2edab","hashSHA1":"1ce4a683a33080d0e02dae9c79c00d1293750b01","hashSHA256":"bb3bf8c24a00fea53831fb60d926110f49bcbf57f1680f643f079bca373a3442","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":["360 Total Security (20230622)","Avast Premium Security (20230622)","AVG Internet Security (20230622)","Avira Internet Security (20230622)","Bitdefender Internet Security (20230622)","ESET Internet Security (20230622)","G DATA INTERNET SECURITY (20230622)","K7 Total Security (20230622)","Kaspersky Internet Security (20230622)","Malwarebytes Premium (20230622)","Norton Security (20230622)","Panda Dome (20230622)","Quick Heal Internet Security (20230622)","Sophos Home Premium (20230622)","SpyHunter5 (20230622)","Total AV Antivirus Pro (20230622)","VIPRE Advanced Security (20230622)","VirIT eXplorer PRO (20230622)","Webroot SecureAnywhere (20230622)","Windows Defender (20230622)"],"avAllowList":["COMODO Antivirus (20230622)","Dr.Web Security Space (20230622)","McAfee Total Protection (20230622)","Trend Micro Internet Security (20230622)"]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\AVIToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"AVI To MP4 Converter                                        ","productVersion":"1.1                 ","fileVersion":"1.1                 ","hashMD5":"5fe40f5374a7f2f6df0b19d61d9e70a7","hashSHA1":"28dda6a01f8144cd06326953472517e4d71a92a7","hashSHA256":"b093b06444c1918a8a9d9a4b8b71194e1742b3116800d69e8df022c5dcdc617f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\CompleteMobileMediaConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Complete Mobile Media Converter                             ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"87e42065d26b2fcf3725ef91f81c6847","hashSHA1":"12a6021bb63866b07ff1a7c69ae71223b9fa4673","hashSHA256":"61c6c06e361a29928ea193f20a4445a8c17ecf9466c259d265faec10c48ec25f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\ConvertWAVToMP3Setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Convert WAV To MP3                                          ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"2b071af33671d1661fde837cd68bb0fd","hashSHA1":"15d93e1aafa13bf577fa79ad96aa312ad118726e","hashSHA256":"4675bab51e8902559f56745198e405021e4ed7f527c4bd8b12919bd8c8aea7df","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\DigitalAudioRecorderSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Digital Audio Recorder                                      ","productVersion":"                    ","fileVersion":"                    ","hashMD5":"24b2d2a0a465002da2b3d6aa9c11588a","hashSHA1":"b2bfbedeb0e137a281043ab91376fd989a7e403a","hashSHA256":"2fdc6e37e9141f13c0b9322fdcc2e1a03deaaaa1a198dfdf4be1c592bf105e24","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\DiskDefragSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Disk Defrag                                                 ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"8f4c273531620fe19f0fab841a4691a0","hashSHA1":"943f602402c7a189171c41cc7c54d0ca09806e53","hashSHA256":"a40171c2f3e4b33482031ba6c14f04bee895d3e7cf6c28ee8fe1318cda443814","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\DVDCutterPlusSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"DVD Cutter Plus                                             ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"4f3fe540e4dbd4a877eb1dfa9fddf366","hashSHA1":"3d230a9bd0b330b785737a531be708897360069f","hashSHA256":"95791e5d006bef2822178538e878e1fefaffa3c2aa569ad4527e0165b9958577","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\FullScreenWebImageViewerSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Full Screen Web Image Viewer                                ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"a1c1013897211e400f66ec536a97897c","hashSHA1":"4fa241851d72e13c45d73114a9d11230990c9d37","hashSHA256":"d5c396f091bff93902fc1ad80c72693b064650db26a85e32b52fdaaa77d597b4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\InternetTextSpeakerSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Internet Text Speaker                                       ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"697c3660c1799dda1b0443bb2b93eb2f","hashSHA1":"7b98b50cb05c05b7b077c0186fa04efbb601e6fb","hashSHA256":"8574f20578bff733ab25fe691a587b7a9d140b19bb8e202b05a1d56d180de0ef","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\MP3CutterPlusSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"MP3 Cutter Plus                                             ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"3b46b0581f66908266ed5f93192da2bd","hashSHA1":"634ac630bfeb61b266c54ceb4480d0dba7114aba","hashSHA256":"4fd9ce9dc1e41081f445241663dd5e0b5a17ae70045274e37efe216943278f0f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\PhotoCutterSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Photo Cutter                                                ","productVersion":"1.1                 ","fileVersion":"1.1                 ","hashMD5":"c5dd161b53b9135cf62a3396347dbb03","hashSHA1":"761ca78750f664a4bfd12f25c289fa44bcd0fae9","hashSHA256":"ea6c4303fe687ffe4f8e4ad8757781b9e72f2e9fabdd8aae103ad2630def6182","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\ResizeImagesSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Resize Images                                               ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"d7a55dfbfb2355cf5751b89501136559","hashSHA1":"9d1d80b01de2da022e8cfd4110c334abde7a4124","hashSHA256":"3003656049388171950409c3b6586584a03306208e97d89f117376b45ef173a9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\ScrapNotifierSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Scrap Notifier                                              ","productVersion":"1.0.2               ","fileVersion":"1.0.2               ","hashMD5":"e5c0f313f98085c51aad78cf192a54d4","hashSHA1":"06857f408d620304a595b7b4f4c331f55c645816","hashSHA256":"0ae2117759f065a1ab5461776e332bdcf80e13248afb89928505ff1dd6d34418","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\TakeScreenshotSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Take Screenshot                                             ","productVersion":"1.1                 ","fileVersion":"1.1                 ","hashMD5":"d7712eef6325834ffdf07ec0aff666d3","hashSHA1":"7d5423df0c25904c9e3fff46bff9814b7319d87c","hashSHA256":"3d553815415deb37e8c824b32a8ae0e602738376d3d804eaf47d1ea2556ee955","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1078","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com","directDownloadingLink":"https://asoftwareplus.com/media-converters.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/media-converters.html","sourceIndex":"1078"}],"sampleFiles":["230530/ASoftwarePlusBundle-221016/230526/Samples/AutoClickerTyperSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/AVIToMP4ConverterSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/CompleteMobileMediaConverterSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/ConvertWAVToMP3Setup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/DigitalAudioRecorderSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/DiskDefragSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/DVDCutterPlusSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/FullScreenWebImageViewerSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/InternetTextSpeakerSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/MP3CutterPlusSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/PhotoCutterSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/ResizeImagesSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/ScrapNotifierSetup.exe","230530/ASoftwarePlusBundle-221016/230526/Samples/TakeScreenshotSetup.exe"],"imageFiles":["230530/ASoftwarePlusBundle-221016/230526/Images/ACR-109/ACR-109.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-043/ACR-043.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-042/ACR-042.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-048/048.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-007/ACR-007.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-010/ACR-10.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-013/ACR-013.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-118/ACR-118.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-057/ACR-057.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-059/ACR-059.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-071/ACR-071.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-155/ACR-155.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230530/ASoftwarePlusBundle-221016/230526/Images/ACR-045/ACR-045.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-106/ACR-106.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-092/ACR-092.JPG","230530/ASoftwarePlusBundle-221016/230526/Images/ACR-123/ACR-123.JPG"],"guid":"d4a4a412-91d9-487e-9688-5ea7a387debc_230526_1","appID":"ASoftwarePlusBundle-221016","dateAdded":"230530","deceptorType":"Bundler","name":"Asoftware Plus Bundle","company":"A Software Plus","version":"230526","lastKnownStatus":"221016","lastKnownDate":"230530","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2023-05-30T23:52:11.6806448+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":965},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for every installer.\n"},"samples":[{"isRevoked":"False","fileName":"AVIToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"AVI To MP4 Converter                                        ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"26ca2d519acd832acbff67ad88b6e063","hashSHA1":"f02bd36d90aaaa136fe1d0d2aa4f608292c35224","hashSHA256":"5fa0586d38d8e528658836e15b8486cda257941f2d46db98e351a22d5c17d125","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","COMODO Antivirus (20230608)","Dr.Web Security Space (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","K7 Total Security (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)","Windows Defender (20230608)"],"avAllowList":["Trend Micro Internet Security (20230608)"]},{"isRevoked":"False","fileName":"Cool3GPToFLVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool 3GP To FLV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"f6669302590653e75d08085a9f5f0659","hashSHA1":"d0434fcd20e7041e984fd0f24f52672ddbb9d086","hashSHA256":"2f6e939f58595bd8a84cac795b803cf98d7bf66a8d2ac1d8886f60a9ab4f1592","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221208)","Avast Premium Security (20221208)","AVG Internet Security (20221208)","Avira Internet Security (20221208)","Bitdefender Internet Security (20221208)","COMODO Antivirus (20221208)","Dr.Web Security Space (20221208)","ESET Internet Security (20221208)","G DATA INTERNET SECURITY (20221208)","K7 Total Security (20221208)","Kaspersky Internet Security (20221208)","Malwarebytes Premium (20221208)","McAfee Total Protection (20221208)","Norton Security (20221208)","Panda Dome (20221208)","Quick Heal Internet Security (20221208)","Sophos Home Premium (20221208)","SpyHunter5 (20221208)","Total AV Antivirus Pro (20221208)","VIPRE Advanced Security (20221208)","VirIT eXplorer PRO (20221208)","Webroot SecureAnywhere (20221208)","Windows Defender (20221208)"],"avAllowList":["Trend Micro Internet Security (20221208)"]},{"isRevoked":"False","fileName":"Cool3GPToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool 3GP To MP4 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"201878c8de1cbb66c74b2e55eefd6caa","hashSHA1":"253c4ba7c82750ed757928c4f47ba56cf547542e","hashSHA256":"363dbb2effc924f38fd6608a03370f813842270de3a319a54ed0f58693789787","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221208)","Avast Premium Security (20221208)","AVG Internet Security (20221208)","Avira Internet Security (20221208)","Bitdefender Internet Security (20221208)","COMODO Antivirus (20221208)","Dr.Web Security Space (20221208)","ESET Internet Security (20221208)","G DATA INTERNET SECURITY (20221208)","K7 Total Security (20221208)","Kaspersky Internet Security (20221208)","Malwarebytes Premium (20221208)","McAfee Total Protection (20221208)","Norton Security (20221208)","Panda Dome (20221208)","Quick Heal Internet Security (20221208)","Sophos Home Premium (20221208)","SpyHunter5 (20221208)","Total AV Antivirus Pro (20221208)","VIPRE Advanced Security (20221208)","VirIT eXplorer PRO (20221208)","Webroot SecureAnywhere (20221208)","Windows Defender (20221208)"],"avAllowList":["Trend Micro Internet Security (20221208)"]},{"isRevoked":"False","fileName":"Cool3GPToMPEGConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool 3GP To MPEG Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"b4aedbc3f121359186f1d5050dd5bef0","hashSHA1":"e98861e9302fcd1c346ab7f9c7cb7c37dc0835b5","hashSHA256":"a569d98dd1e06badcbc1cd5011a93d0e4174a6ab6f341d9568b35516ecd1c813","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221208)","Avast Premium Security (20221208)","AVG Internet Security (20221208)","Avira Internet Security (20221208)","Bitdefender Internet Security (20221208)","COMODO Antivirus (20221208)","Dr.Web Security Space (20221208)","ESET Internet Security (20221208)","G DATA INTERNET SECURITY (20221208)","K7 Total Security (20221208)","Kaspersky Internet Security (20221208)","Malwarebytes Premium (20221208)","McAfee Total Protection (20221208)","Norton Security (20221208)","Panda Dome (20221208)","Quick Heal Internet Security (20221208)","Sophos Home Premium (20221208)","SpyHunter5 (20221208)","Total AV Antivirus Pro (20221208)","VIPRE Advanced Security (20221208)","VirIT eXplorer PRO (20221208)","Webroot SecureAnywhere (20221208)","Windows Defender (20221208)"],"avAllowList":["Trend Micro Internet Security (20221208)"]},{"isRevoked":"False","fileName":"Cool3GPToWMVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool 3GP To WMV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"5750f49ae96aaf9c91175769c757dd27","hashSHA1":"d9a92d7c77611fc1ca33ec35f680c78ef7cfea68","hashSHA256":"fd645d3cdd675493a1273fa72eebb3c313a31162d2e90b7d9a56a21f4869109e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221208)","Avast Premium Security (20221208)","AVG Internet Security (20221208)","Avira Internet Security (20221208)","Bitdefender Internet Security (20221208)","COMODO Antivirus (20221208)","Dr.Web Security Space (20221208)","ESET Internet Security (20221208)","G DATA INTERNET SECURITY (20221208)","K7 Total Security (20221208)","Kaspersky Internet Security (20221208)","Malwarebytes Premium (20221208)","McAfee Total Protection (20221208)","Norton Security (20221208)","Panda Dome (20221208)","Quick Heal Internet Security (20221208)","Sophos Home Premium (20221208)","SpyHunter5 (20221208)","Total AV Antivirus Pro (20221208)","VIPRE Advanced Security (20221208)","VirIT eXplorer PRO (20221208)","Webroot SecureAnywhere (20221208)","Windows Defender (20221208)"],"avAllowList":["Trend Micro Internet Security (20221208)"]},{"isRevoked":"False","fileName":"CoolAACToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool AAC To MP3 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"06c76bab0453fc6f2e7c443688ad7dac","hashSHA1":"d3e73e5e863735cb798726ac73b682d9fd197eb1","hashSHA256":"334c6950daef70a718806b1707a443f07af37be936760531c105d1e9d8a080f6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221208)","Avast Premium Security (20221208)","AVG Internet Security (20221208)","Avira Internet Security (20221208)","Bitdefender Internet Security (20221208)","COMODO Antivirus (20221208)","Dr.Web Security Space (20221208)","ESET Internet Security (20221208)","G DATA INTERNET SECURITY (20221208)","K7 Total Security (20221208)","Kaspersky Internet Security (20221208)","Malwarebytes Premium (20221208)","McAfee Total Protection (20221208)","Norton Security (20221208)","Panda Dome (20221208)","Quick Heal Internet Security (20221208)","Sophos Home Premium (20221208)","SpyHunter5 (20221208)","Total AV Antivirus Pro (20221208)","VIPRE Advanced Security (20221208)","VirIT eXplorer PRO (20221208)","Webroot SecureAnywhere (20221208)","Windows Defender (20221208)"],"avAllowList":["Trend Micro Internet Security (20221208)"]},{"isRevoked":"False","fileName":"CoolAVITo3GPConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool AVI To 3GP Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"8878ad452684ffd51a118ccb35f24757","hashSHA1":"1c291f026ef6079b22fb8132a68ff8f70a03cf37","hashSHA256":"de16b2b54583b0465564fa3b4aa56d22f0fe08cb0131c096df0b97f1c30cd0d4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221208)","Avast Premium Security (20221208)","AVG Internet Security (20221208)","Avira Internet Security (20221208)","Bitdefender Internet Security (20221208)","COMODO Antivirus (20221208)","Dr.Web Security Space (20221208)","ESET Internet Security (20221208)","G DATA INTERNET SECURITY (20221208)","K7 Total Security (20221208)","Kaspersky Internet Security (20221208)","Malwarebytes Premium (20221208)","McAfee Total Protection (20221208)","Norton Security (20221208)","Panda Dome (20221208)","Quick Heal Internet Security (20221208)","Sophos Home Premium (20221208)","SpyHunter5 (20221208)","Total AV Antivirus Pro (20221208)","VIPRE Advanced Security (20221208)","VirIT eXplorer PRO (20221208)","Webroot SecureAnywhere (20221208)","Windows Defender (20221208)"],"avAllowList":["Trend Micro Internet Security (20221208)"]},{"isRevoked":"False","fileName":"CoolAVIToFLVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool AVI To FLV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"34ce075273a39b9fcb302d81c3271831","hashSHA1":"529eaa32ed89ceb2159d875591fbb177bebb5870","hashSHA256":"023fc4bd2e2045367ab4c313053308cc0cf6e69f96039d5fdc0996a6755776f6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221208)","Avast Premium Security (20221208)","AVG Internet Security (20221208)","Avira Internet Security (20221208)","Bitdefender Internet Security (20221208)","COMODO Antivirus (20221208)","Dr.Web Security Space (20221208)","ESET Internet Security (20221208)","G DATA INTERNET SECURITY (20221208)","K7 Total Security (20221208)","Kaspersky Internet Security (20221208)","Malwarebytes Premium (20221208)","McAfee Total Protection (20221208)","Norton Security (20221208)","Panda Dome (20221208)","Quick Heal Internet Security (20221208)","Sophos Home Premium (20221208)","SpyHunter5 (20221208)","Total AV Antivirus Pro (20221208)","VIPRE Advanced Security (20221208)","VirIT eXplorer PRO (20221208)","Webroot SecureAnywhere (20221208)","Windows Defender (20221208)"],"avAllowList":["Trend Micro Internet Security (20221208)"]},{"isRevoked":"False","fileName":"CoolAVIToMOVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool AVI To MOV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"1d1552604fc5abae9db65bb6fdb2ae2f","hashSHA1":"2eb809275b1174021c119f0cc693817c73bc107b","hashSHA256":"4c3ad1fd0d224f5b6fbc7e2b400e63643c58178c2b126c7f546dfa13e4f1696d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221215)","Avast Premium Security (20221215)","AVG Internet Security (20221215)","Avira Internet Security (20221215)","Bitdefender Internet Security (20221215)","COMODO Antivirus (20221215)","Dr.Web Security Space (20221215)","ESET Internet Security (20221215)","G DATA INTERNET SECURITY (20221215)","K7 Total Security (20221215)","Kaspersky Internet Security (20221215)","Malwarebytes Premium (20221215)","McAfee Total Protection (20221215)","Norton Security (20221215)","Panda Dome (20221215)","Quick Heal Internet Security (20221215)","Sophos Home Premium (20221215)","SpyHunter5 (20221215)","Total AV Antivirus Pro (20221215)","VIPRE Advanced Security (20221215)","VirIT eXplorer PRO (20221215)","Webroot SecureAnywhere (20221215)","Windows Defender (20221215)"],"avAllowList":["Trend Micro Internet Security (20221215)"]},{"isRevoked":"False","fileName":"CoolAVIToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool AVI To MP3 Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"99dc3caadaf9510584d2c9fe150c49eb","hashSHA1":"42724abfd36eb57205cb3eb8eca7207fc5598949","hashSHA256":"cbe5d4d6413da092658bdaaa74097bdaba0c4b2e604f6e193cb8f1f895fa4afe","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221215)","Avast Premium Security (20221215)","AVG Internet Security (20221215)","Avira Internet Security (20221215)","Bitdefender Internet Security (20221215)","COMODO Antivirus (20221215)","Dr.Web Security Space (20221215)","ESET Internet Security (20221215)","G DATA INTERNET SECURITY (20221215)","K7 Total Security (20221215)","Kaspersky Internet Security (20221215)","Malwarebytes Premium (20221215)","McAfee Total Protection (20221215)","Norton Security (20221215)","Panda Dome (20221215)","Quick Heal Internet Security (20221215)","Sophos Home Premium (20221215)","SpyHunter5 (20221215)","Total AV Antivirus Pro (20221215)","VIPRE Advanced Security (20221215)","VirIT eXplorer PRO (20221215)","Webroot SecureAnywhere (20221215)","Windows Defender (20221215)"],"avAllowList":["Trend Micro Internet Security (20221215)"]},{"isRevoked":"False","fileName":"CoolAVIToMPEGConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool AVI To MPEG Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"41463228c05a99b4dfca7a294a011c5a","hashSHA1":"6915c53b75235f7fcd84089b6cac985a94d09be1","hashSHA256":"b970c1e57c222a5af8511abfa0a7a2d9902c5e27558dfde7142875818d095d4e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221215)","Avast Premium Security (20221215)","AVG Internet Security (20221215)","Avira Internet Security (20221215)","Bitdefender Internet Security (20221215)","COMODO Antivirus (20221215)","ESET Internet Security (20221215)","G DATA INTERNET SECURITY (20221215)","K7 Total Security (20221215)","Kaspersky Internet Security (20221215)","Malwarebytes Premium (20221215)","McAfee Total Protection (20221215)","Norton Security (20221215)","Panda Dome (20221215)","Quick Heal Internet Security (20221215)","Sophos Home Premium (20221215)","SpyHunter5 (20221215)","Total AV Antivirus Pro (20221215)","VIPRE Advanced Security (20221215)","VirIT eXplorer PRO (20221215)","Webroot SecureAnywhere (20221215)","Windows Defender (20221215)"],"avAllowList":["Dr.Web Security Space (20221215)","Trend Micro Internet Security (20221215)"]},{"isRevoked":"False","fileName":"CoolAVIToWAVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool AVI To WAV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"a4f90351da1c0d90f86da72cb4c83f78","hashSHA1":"78f06759a75635f16b4fd8f65544cdbc9e463597","hashSHA256":"8fbe787f173a1d29357a60808da52a57cca43f758245c35a478ef2fae6e356e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221215)","Avast Premium Security (20221215)","AVG Internet Security (20221215)","Avira Internet Security (20221215)","Bitdefender Internet Security (20221215)","COMODO Antivirus (20221215)","Dr.Web Security Space (20221215)","ESET Internet Security (20221215)","G DATA INTERNET SECURITY (20221215)","K7 Total Security (20221215)","Kaspersky Internet Security (20221215)","Malwarebytes Premium (20221215)","McAfee Total Protection (20221215)","Norton Security (20221215)","Panda Dome (20221215)","Quick Heal Internet Security (20221215)","Sophos Home Premium (20221215)","SpyHunter5 (20221215)","Total AV Antivirus Pro (20221215)","VIPRE Advanced Security (20221215)","VirIT eXplorer PRO (20221215)","Webroot SecureAnywhere (20221215)","Windows Defender (20221215)"],"avAllowList":["Trend Micro Internet Security (20221215)"]},{"isRevoked":"False","fileName":"CoolAVIToWMVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool AVI To WMV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"05ee0c806b73f5ce87025486454ca024","hashSHA1":"7ba733a88b18a87d86f679669769e42f53d302a6","hashSHA256":"578580cfd9828749519193aee99c96fdcf2d03b536307b8201fcab4e9944eafd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221215)","Avast Premium Security (20221215)","AVG Internet Security (20221215)","Avira Internet Security (20221215)","Bitdefender Internet Security (20221215)","COMODO Antivirus (20221215)","Dr.Web Security Space (20221215)","ESET Internet Security (20221215)","G DATA INTERNET SECURITY (20221215)","K7 Total Security (20221215)","Kaspersky Internet Security (20221215)","Malwarebytes Premium (20221215)","McAfee Total Protection (20221215)","Norton Security (20221215)","Panda Dome (20221215)","Quick Heal Internet Security (20221215)","Sophos Home Premium (20221215)","SpyHunter5 (20221215)","Total AV Antivirus Pro (20221215)","VIPRE Advanced Security (20221215)","VirIT eXplorer PRO (20221215)","Webroot SecureAnywhere (20221215)","Windows Defender (20221215)"],"avAllowList":["Trend Micro Internet Security (20221215)"]},{"isRevoked":"False","fileName":"CoolDATTo3GPConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool DAT To 3GP Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"824169f41be1d1684399c39f1610151e","hashSHA1":"c14262b6137bc89b6fce43651ab9b482ce951cec","hashSHA256":"5809c2329da43932dc3e23cfaf3166e045c702fb539f96228331b897c70398f5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221215)","Avast Premium Security (20221215)","AVG Internet Security (20221215)","Avira Internet Security (20221215)","Bitdefender Internet Security (20221215)","COMODO Antivirus (20221215)","Dr.Web Security Space (20221215)","ESET Internet Security (20221215)","G DATA INTERNET SECURITY (20221215)","K7 Total Security (20221215)","Kaspersky Internet Security (20221215)","Malwarebytes Premium (20221215)","McAfee Total Protection (20221215)","Norton Security (20221215)","Panda Dome (20221215)","Quick Heal Internet Security (20221215)","Sophos Home Premium (20221215)","SpyHunter5 (20221215)","Total AV Antivirus Pro (20221215)","VIPRE Advanced Security (20221215)","VirIT eXplorer PRO (20221215)","Webroot SecureAnywhere (20221215)","Windows Defender (20221215)"],"avAllowList":["Trend Micro Internet Security (20221215)"]},{"isRevoked":"False","fileName":"CoolDATToFLVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool DAT To FLV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"718da605d153be5f55cfeed386b1b605","hashSHA1":"bf2f71bc9819109198a222c308168d5a5cd7dea7","hashSHA256":"f7b45fdb07fd9ca42af9b3ccedcdaec90a3760ab4cbe9b5550035a2f21d02794","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221215)","Avast Premium Security (20221215)","AVG Internet Security (20221215)","Avira Internet Security (20221215)","Bitdefender Internet Security (20221215)","COMODO Antivirus (20221215)","Dr.Web Security Space (20221215)","ESET Internet Security (20221215)","G DATA INTERNET SECURITY (20221215)","K7 Total Security (20221215)","Kaspersky Internet Security (20221215)","Malwarebytes Premium (20221215)","McAfee Total Protection (20221215)","Norton Security (20221215)","Panda Dome (20221215)","Quick Heal Internet Security (20221215)","Sophos Home Premium (20221215)","SpyHunter5 (20221215)","Total AV Antivirus Pro (20221215)","VIPRE Advanced Security (20221215)","VirIT eXplorer PRO (20221215)","Webroot SecureAnywhere (20221215)","Windows Defender (20221215)"],"avAllowList":["Trend Micro Internet Security (20221215)"]},{"isRevoked":"False","fileName":"CoolDATToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool DAT To MP3 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"bc9b48af52258571f8ea8894873131cd","hashSHA1":"5717279ae785b6d7468e8a78f8deacce11de771a","hashSHA256":"d642612987ebf3a726368eb7c6bf5c1688b62f46cbc42413c29f4f616cb7ceaa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221215)","Avast Premium Security (20221215)","AVG Internet Security (20221215)","Avira Internet Security (20221215)","Bitdefender Internet Security (20221215)","COMODO Antivirus (20221215)","Dr.Web Security Space (20221215)","ESET Internet Security (20221215)","G DATA INTERNET SECURITY (20221215)","K7 Total Security (20221215)","Kaspersky Internet Security (20221215)","Malwarebytes Premium (20221215)","McAfee Total Protection (20221215)","Norton Security (20221215)","Panda Dome (20221215)","Quick Heal Internet Security (20221215)","Sophos Home Premium (20221215)","SpyHunter5 (20221215)","Total AV Antivirus Pro (20221215)","VIPRE Advanced Security (20221215)","VirIT eXplorer PRO (20221215)","Webroot SecureAnywhere (20221215)","Windows Defender (20221215)"],"avAllowList":["Trend Micro Internet Security (20221215)"]},{"isRevoked":"False","fileName":"CoolDATToWMVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool DAT To WMV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"ab94c6d3d2d2931d538256ff3267c60c","hashSHA1":"2188a3c03259c8c88f10f61a45e8b827e1e85e2d","hashSHA256":"859e5c3365722a6fa97d5ac13b35ea328f3da40d31e128f2d5509f5b4354ee89","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":["Trend Micro Internet Security (20221220)"]},{"isRevoked":"False","fileName":"CoolDVDToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool DVD To MP3 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"16467a19afc18fd3a66f9a57ddcd35ee","hashSHA1":"585a9806acb0cf571659f08a43724872bdc7903e","hashSHA256":"491c732af90b401381c6e98b5024f638ab9dd169138a74287eea38c8afbaec9d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","Trend Micro Internet Security (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolFLACToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool FLAC To MP3 Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"56d969ac094adebff8207114c5aa4c65","hashSHA1":"667814540e6f376133391a336162660a0de660ed","hashSHA256":"04fb058c2e1f94f66893cd4d9137c22aff2a5a1c63b1184ac8b508bf92ff3f1b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":["Trend Micro Internet Security (20221220)"]},{"isRevoked":"False","fileName":"CoolFLVTo3GPConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool FLV To 3GP Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"b7020e868c1d448e8c037789f6f14162","hashSHA1":"f690fde9fdbe2169d0993d8bd10b4e7249444f06","hashSHA256":"8fc66fb7e78e44e95a780f62ce21423f64583f2f66d036e9a6cdeda0c878a60e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":["Trend Micro Internet Security (20221220)"]},{"isRevoked":"False","fileName":"CoolFLVToMOVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool FLV To MOV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"a2d02879a5654fe9a2e7329ae09b24c9","hashSHA1":"c64be8b517b2e61045ba3cd223ddcb7dcc63b364","hashSHA256":"7c4d625e4aebaf80406bca4acea20fcee2e0813d59f209de49dc2740706f7c98","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":["Trend Micro Internet Security (20221220)"]},{"isRevoked":"False","fileName":"CoolFLVToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool FLV To MP3 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"419bebfb5020d2b615a1f105e5be9586","hashSHA1":"9aa7b19655c36ec3b3cff36043ff4dab394dd27c","hashSHA256":"9d8875f7466bb432e41e4d2e812c6bfeec70e91733ef78dd4bb2d1b8bafb678b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":["Trend Micro Internet Security (20221220)"]},{"isRevoked":"False","fileName":"CoolFLVToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool FLV To MP4 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"be92e67820ffa2b90cfc2547e08cde52","hashSHA1":"ede0a8b95a479108a591588ebf68042dd856118b","hashSHA256":"c6dba38e0c9e3bfe5a0c6fb448a1bb1b835a30da0a433f2663d4dfb6764869e6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":["Trend Micro Internet Security (20221220)"]},{"isRevoked":"False","fileName":"CoolFLVToMPEGConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool FLV To MPEG Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"724a053cc9a019d20011278f5bd83c6a","hashSHA1":"92feda3917d6bd99659b96d6af384764f7b42577","hashSHA256":"84ee197f5950b639cfe600730f2ed5121f590c769b6ef768f0de72b7a9323555","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":["Trend Micro Internet Security (20221220)"]},{"isRevoked":"False","fileName":"CoolFLVToWMVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool FLV To WMV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"07588ce41891c54e8b02421caf0d5d48","hashSHA1":"16d0a90d84c9b4a744831354e34423bf2a4642f4","hashSHA256":"5637edcb4f94946b1fe0407b69fc1519301c05f885c8e8653c49d80d494c8192","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":["Trend Micro Internet Security (20221220)"]},{"isRevoked":"False","fileName":"CoolM4AToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool M4A To MP3 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"6641eaf6a32d5fde47bd9c09bb295a75","hashSHA1":"bbbda0a50413290c8fb4209d5852d07da8c1d9d6","hashSHA256":"02692ba3ff30315bb13350f912b07ed27595566eb1eedac29043b96fb124e21b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221220)","Avast Premium Security (20221220)","AVG Internet Security (20221220)","Avira Internet Security (20221220)","Bitdefender Internet Security (20221220)","COMODO Antivirus (20221220)","Dr.Web Security Space (20221220)","ESET Internet Security (20221220)","G DATA INTERNET SECURITY (20221220)","K7 Total Security (20221220)","Kaspersky Internet Security (20221220)","Malwarebytes Premium (20221220)","McAfee Total Protection (20221220)","Norton Security (20221220)","Panda Dome (20221220)","Quick Heal Internet Security (20221220)","Sophos Home Premium (20221220)","SpyHunter5 (20221220)","Total AV Antivirus Pro (20221220)","Trend Micro Internet Security (20221220)","VIPRE Advanced Security (20221220)","VirIT eXplorer PRO (20221220)","Webroot SecureAnywhere (20221220)","Windows Defender (20221220)"],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolMKVToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MKV To MP4 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"e9a0f5964951dada949dca5c641b0d7c","hashSHA1":"e06f5b72ce503bf1445a771b962c97480ef26388","hashSHA256":"ed1a02deab66daa5729175e506dd7b40ea691838c28b8684a48f9868c6ab714a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMOVTo3GPConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MOV To 3GP Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"33d6976813850efd8469532300801238","hashSHA1":"d597c91b0d0e79af43ad9e3f443f268d0a963061","hashSHA256":"654bb135f24d3d3d9cbc758b14a15704ef99545f45abc4ef15a34b326de1cbfa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMOVToFLVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MOV To FLV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"dd490d070dcc36db1990016098181b4d","hashSHA1":"abc708d4dbb99da0d73a147f9545abb4819333c1","hashSHA256":"63b7a260cc9f7d44d87d0bdc098bd77deed0b7cee1f2158a2fa7570efd4570ad","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMOVToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MOV To MP4 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"fe138d901f9883eb09eb899a01ab1ddb","hashSHA1":"8ff676f5fde8f54defa5c4860315f60304502f25","hashSHA256":"a60660e8616c247405ecc6e8af91fa62f46c0ababd2efee2f77454ff331a55c0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMOVToMPEGConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MOV To MPEG Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"c2761ac927f484bc57a6f7e6c1ef19c6","hashSHA1":"273644019b8472ce628b81789c129fa43b8d9584","hashSHA256":"b98e0bc4074f08e124b5e8dae3d254b7fb51bebc3fae37d606e327323846145b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMOVToWMVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MOV To WMV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"15244bd282ab7c481cf0f9b9aa036a6d","hashSHA1":"3a2da51df7bbb2c27ee0576694cd32a4591f62e3","hashSHA256":"4d330a6f28cb8919f065703da4859c6f5b22778e31852ec5ad7bc2ab55762e43","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMP3ToWAVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MP3 To WAV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"d635e1aa21a026285743e7551a20cc8d","hashSHA1":"44307c3d0e132f4fa87111c71ccaaade2f11b1b3","hashSHA256":"0b8b7b23c860a010d1c59ef44b792752d919d6657a7b72c580a8c19d6764cdc4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMP4To3GPConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MP4 To 3GP Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"39b2e3654fbd7c491666e06dd30c93c6","hashSHA1":"9f651ef886c264faa86255df6103868da3dfe9b8","hashSHA256":"a9c23ce917e881cf9705b3462f5aac9f36d2dc3489c0b817287009a7bf70abe3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMP4ToFLVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MP4 To FLV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"536e60b9600b4798ce397f3d80f3a626","hashSHA1":"52e5ba61b5e9d9693845ceeacd88649299bde49a","hashSHA256":"ef456c3ea0765f87ff4723e983c1c91564d7295ec2b7fba24fe90bdbb8155b1d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMP4ToMOVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MP4 To MOV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"b1ef53f5ede774ad3327a314516c24cd","hashSHA1":"989ea65af1c0dabcf71a923e256dc074d6d0f417","hashSHA256":"e65a454a1ef00ee7b846cd2338cc4106392a50103d22e427297352f08a91a6d1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221222)","Avast Premium Security (20221222)","AVG Internet Security (20221222)","Avira Internet Security (20221222)","Bitdefender Internet Security (20221222)","COMODO Antivirus (20221222)","Dr.Web Security Space (20221222)","ESET Internet Security (20221222)","G DATA INTERNET SECURITY (20221222)","K7 Total Security (20221222)","Kaspersky Internet Security (20221222)","Malwarebytes Premium (20221222)","McAfee Total Protection (20221222)","Norton Security (20221222)","Panda Dome (20221222)","Quick Heal Internet Security (20221222)","Sophos Home Premium (20221222)","SpyHunter5 (20221222)","Total AV Antivirus Pro (20221222)","VIPRE Advanced Security (20221222)","VirIT eXplorer PRO (20221222)","Webroot SecureAnywhere (20221222)","Windows Defender (20221222)"],"avAllowList":["Trend Micro Internet Security (20221222)"]},{"isRevoked":"False","fileName":"CoolMP4ToMPEGConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MP4 To MPEG Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"9f850a3c3d2ca987059f67bbd482747e","hashSHA1":"605e11e98d48d59233be17117e203e3dad3af84b","hashSHA256":"a5d5c2d18527cd6fa1369c4399aac10c42127f65e0d7767686ebc416a293e285","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":["Trend Micro Internet Security (20221227)"]},{"isRevoked":"False","fileName":"CoolMP4ToWMVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MP4 To WMV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"f6b6ebe75d705a034664289fb160dc70","hashSHA1":"ea35b9f377ecec4a7ebd839d5afe9d22f0e2bac3","hashSHA256":"4a53bb6d7c4a45a999ff6992f3d76c05ec38483c06c295eae929a87131a0ff12","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","Trend Micro Internet Security (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolMPEGTo3GPConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MPEG To 3GP Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"9c6b92f69c1191c9ac87b969420d6ddd","hashSHA1":"52fc9a2d58298a2d9602372a2cdd3d33f2e9b9f4","hashSHA256":"cf213a25c2e9fe1587dcb202ac3d8e001c0c858d940453d908ed4a749eb85a70","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":["Trend Micro Internet Security (20221227)"]},{"isRevoked":"False","fileName":"CoolMPEGToFLVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MPEG To FLV Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"c4ef18f1eaefdfde09062f6787b02776","hashSHA1":"28d74af40187f1853f408c7747b614e9f9f1ff35","hashSHA256":"202cbc04a121356ee00afa37970c2bf303b22dcd35ebf2de350eb9ced24909a8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","Trend Micro Internet Security (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":[]},{"isRevoked":"False","fileName":"CoolMPEGToMOVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MPEG To MOV Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"efde8e3b46d8f1aee87367de2523bc19","hashSHA1":"4b012770a389b0e55a404db34592c7231eca2394","hashSHA256":"5806a16983608095b5f84397afd064ea7d0d2a1f0665ed18f2c20c1d08465728","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":["Trend Micro Internet Security (20221227)"]},{"isRevoked":"False","fileName":"CoolMPEGToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MPEG To MP3 Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"cb53dcd2fd4962203238085fe200361a","hashSHA1":"d4a8cdb47c70af43cd10081c57b861433caef0b8","hashSHA256":"cf099492bd09512c923e3fec7b221fd1821414ae417c69d9b0d2cdf78e893822","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":["Trend Micro Internet Security (20221227)"]},{"isRevoked":"False","fileName":"CoolMPEGToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MPEG To MP4 Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"f3f4df76a360454a829edc6a502a7676","hashSHA1":"7fab8ddff86d9591238b50e10b70b253adfd200a","hashSHA256":"9fd68964219f576d3f6d8cdec4dac918376fc46b516ec47aa437e88065dfdf19","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":["Trend Micro Internet Security (20221227)"]},{"isRevoked":"False","fileName":"CoolMPEGToWAVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MPEG To WAV Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"a5211e5feeb578d70d9546cf7f41ac87","hashSHA1":"4605436a8ea38eec6953f914f6064b901ceabdea","hashSHA256":"6c32d4120bd7b955f28a7875b59782cb44d8407e1464b3347d4255acfff9f0a7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":["Trend Micro Internet Security (20221227)"]},{"isRevoked":"False","fileName":"CoolMPEGToWMVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool MPEG To WMV Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"7fe5634757d7208edf09bf2e3b112fb6","hashSHA1":"b3873dd5ef3a9de9e00734effd021f8dea21c168","hashSHA256":"c8a30cbd08db5182be9c05f207a0888bc722bb1091d1fdecadbd7d92c7f8be20","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":["Trend Micro Internet Security (20221227)"]},{"isRevoked":"False","fileName":"CoolOGGToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool OGG To MP3 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"b40806909899c7834d3ca6f25ec9d844","hashSHA1":"de1789c8047f867a68ca51dd5b8215ebcc4d0623","hashSHA256":"b8630384a001517b5cbbda82e8f48d8f359e43ae4bb2b32aa1bb4faba90a516a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221227)","Avast Premium Security (20221227)","AVG Internet Security (20221227)","Avira Internet Security (20221227)","Bitdefender Internet Security (20221227)","COMODO Antivirus (20221227)","Dr.Web Security Space (20221227)","ESET Internet Security (20221227)","G DATA INTERNET SECURITY (20221227)","K7 Total Security (20221227)","Kaspersky Internet Security (20221227)","Malwarebytes Premium (20221227)","McAfee Total Protection (20221227)","Norton Security (20221227)","Panda Dome (20221227)","Quick Heal Internet Security (20221227)","Sophos Home Premium (20221227)","SpyHunter5 (20221227)","Total AV Antivirus Pro (20221227)","VIPRE Advanced Security (20221227)","VirIT eXplorer PRO (20221227)","Webroot SecureAnywhere (20221227)","Windows Defender (20221227)"],"avAllowList":["Trend Micro Internet Security (20221227)"]},{"isRevoked":"False","fileName":"CoolVOBToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool VOB To MP4 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"7655379cdeb501556e67714d2df5e584","hashSHA1":"88f516aa6846536fd1a8ae0f5cde0063ddbf6fc5","hashSHA256":"4d3b22eb2f7f22090e52dc14c4f4625210ceb8bdb06b81eb0559d3b65513c56f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolVOBToMPEGConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool VOB To MPEG Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"334a26c48eaabcc2ea6e4eb2ec7d89b2","hashSHA1":"230cdf93e1919b65689b9141ee0e0fbe010c120e","hashSHA256":"1d05beffa03eda17dfb78869d83b38e8d887ffef3ed3db86a5938172773eeede","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolVOBToWMVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool VOB To WMV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"8b7fe7dbb60d4a119c5f8c407b41fbb5","hashSHA1":"ce6a61fbe4df0a90a82cbf9b12e605a14a2eede5","hashSHA256":"76b09f0d4a39576abb8b7ff5fe78645c52f833ba087c6fff8b6b0847dc68feb1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolWMAToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool WMA To MP3 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"0ce9fc239eff46765393542ff19c1b6c","hashSHA1":"8b85e8340f285dff7e23ae12b23270a8e7641241","hashSHA256":"85222a255faedfec59697d322607d4eb371277362b0914f82b87818ec0053148","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolWMAToWAVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool WMA To WAV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"7bda98bfd295f7b1819120d6e736ba13","hashSHA1":"0c2e816ac0cb657d4936c0ac17da897851477f92","hashSHA256":"d0d7ba40d086d786d49a5f7c2157547ba58b5471c757364d3fa03432cca6759f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolWMVTo3GPConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool WMV To 3GP Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"bba38d9c2c43e4ab916ddede247bf092","hashSHA1":"a546fefa81883b7393bbb526af4bd0eb1d10afd5","hashSHA256":"a781b6119a0670147d0207eaec432bd7c87994f2db7a172bffe537ef825911ca","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolWMVToFLVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool WMV To FLV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"ac795f31137bf1c8088b0bd863e25290","hashSHA1":"dd869889122f3f88c375c0c2b8f780f549c6878f","hashSHA256":"419246a5d1ab28d21596ec6e5f4c7f6aa0f0b0b2b1163a95b3e76f957f98587f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolWMVToMOVConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool WMV To MOV Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"3f67245ed99f212a5eb9579f90be28d1","hashSHA1":"be66d1d763dc9ad161f73177df6aa15c3376f439","hashSHA256":"674c90c30c59742a3bc34389d0801d045223372efaaf9ba6da9bf8ee76f562a1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolWMVToMP3ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool WMV To MP3 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"1b676570f3f3827926f22b0c7bce94d2","hashSHA1":"3e10d22ac4292105af770b4545fcd887f7e5d14d","hashSHA256":"9922fe9f9d7d044db6ca922df3b5f98c7eff25f42f707f911ad205289b021f3b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolWMVToMP4ConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool WMV To MP4 Converter                                   ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"eb0a1d274f685ca4f8d10b260cdd83bd","hashSHA1":"b7c8f2ca5ffe6886e4d96f092b5aaa97e20adea0","hashSHA256":"58d9f5b9b38891ec6d2cd7e6f86e86fe961521c8a169cc88b2edbb0b9137f6a1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"CoolWMVToMPEGConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cool WMV To MPEG Converter                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"a7bbb6f403d2da27f73bafb1b69258b4","hashSHA1":"65fe2f15b64f29aa222e6b72273141285212db29","hashSHA256":"b68937384a485da1a6759b12672d70a40af6d4e937e0d6ab516e0e71a35aabc0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["360 Total Security (20221229)","Avast Premium Security (20221229)","AVG Internet Security (20221229)","Avira Internet Security (20221229)","Bitdefender Internet Security (20221229)","COMODO Antivirus (20221229)","Dr.Web Security Space (20221229)","ESET Internet Security (20221229)","G DATA INTERNET SECURITY (20221229)","K7 Total Security (20221229)","Kaspersky Internet Security (20221229)","Malwarebytes Premium (20221229)","McAfee Total Protection (20221229)","Norton Security (20221229)","Panda Dome (20221229)","Quick Heal Internet Security (20221229)","Sophos Home Premium (20221229)","SpyHunter5 (20221229)","Total AV Antivirus Pro (20221229)","VIPRE Advanced Security (20221229)","VirIT eXplorer PRO (20221229)","Webroot SecureAnywhere (20221229)","Windows Defender (20221229)"],"avAllowList":["Trend Micro Internet Security (20221229)"]},{"isRevoked":"False","fileName":"FLVPlayerFreeSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"FLV Player Free                                             ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"ba4df8321b7d37cec604e87ed64418fb","hashSHA1":"8d49f55ddc3f2e08998dcada5696b0d81c7a9117","hashSHA256":"58b26707adbc4e183fc434ef568585acfca22b233a75f94740d9b2e382a0ca1f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1354","avBlockList":["Avast Premium Security (20230103)","AVG Internet Security (20230103)","Avira Internet Security (20230103)","Bitdefender Internet Security (20230103)","COMODO Antivirus (20230103)","Dr.Web Security Space (20230103)","ESET Internet Security (20230103)","G DATA INTERNET SECURITY (20230103)","K7 Total Security (20230103)","Kaspersky Internet Security (20230103)","Malwarebytes Premium (20230103)","McAfee Total Protection (20230103)","Norton Security (20230103)","Panda Dome (20230103)","Quick Heal Internet Security (20230103)","Sophos Home Premium (20230103)","SpyHunter5 (20230103)","Total AV Antivirus Pro (20230103)","Trend Micro Internet Security (20230103)","VIPRE Advanced Security (20230103)","VirIT eXplorer PRO (20230103)","Webroot SecureAnywhere (20230103)"],"avAllowList":["360 Total Security (20230103)","Windows Defender (20230103)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com","directDownloadingLink":"https://asoftwareplus.com/media-converters.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/media-converters.html","sourceIndex":"1354"}],"sampleFiles":["221026/ASoftwarePlusBundle-221016/221016/Samples/AVIToMP4ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/Cool3GPToFLVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/Cool3GPToMP4ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/Cool3GPToMPEGConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/Cool3GPToWMVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolAACToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolAVITo3GPConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolAVIToFLVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolAVIToMOVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolAVIToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolAVIToMPEGConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolAVIToWAVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolAVIToWMVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolDATTo3GPConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolDATToFLVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolDATToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolDATToWMVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolDVDToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolFLACToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolFLVTo3GPConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolFLVToMOVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolFLVToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolFLVToMP4ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolFLVToMPEGConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolFLVToWMVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolM4AToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMKVToMP4ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMOVTo3GPConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMOVToFLVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMOVToMP4ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMOVToMPEGConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMOVToWMVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMP3ToWAVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMP4To3GPConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMP4ToFLVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMP4ToMOVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMP4ToMPEGConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMP4ToWMVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMPEGTo3GPConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMPEGToFLVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMPEGToMOVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMPEGToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMPEGToMP4ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMPEGToWAVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolMPEGToWMVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolOGGToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolVOBToMP4ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolVOBToMPEGConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolVOBToWMVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolWMAToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolWMAToWAVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolWMVTo3GPConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolWMVToFLVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolWMVToMOVConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolWMVToMP3ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolWMVToMP4ConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/CoolWMVToMPEGConverterSetup.exe","221026/ASoftwarePlusBundle-221016/221016/Samples/FLVPlayerFreeSetup.exe"],"imageFiles":["221026/ASoftwarePlusBundle-221016/221016/Images/ACR-109/ACR-109.JPG","221026/ASoftwarePlusBundle-221016/221016/Images/ACR-048/ACR-048.JPG","221026/ASoftwarePlusBundle-221016/221016/Images/ACR-010/ACR-010.JPG","221026/ASoftwarePlusBundle-221016/221016/Images/ACR-118/ACR-118.JPG","221026/ASoftwarePlusBundle-221016/221016/Images/ACR-057/ACR-057.JPG","221026/ASoftwarePlusBundle-221016/221016/Images/ACR-059/ACR-059.JPG","221026/ASoftwarePlusBundle-221016/221016/Images/ACR-071/ACR-071.JPG","221026/ASoftwarePlusBundle-221016/221016/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221026/ASoftwarePlusBundle-221016/221016/Images/ACR-106/ACR-106.JPG","221026/ASoftwarePlusBundle-221016/221016/Images/ACR-092/ACR-092.JPG"],"guid":"d4a4a412-91d9-487e-9688-5ea7a387debc_221016_1","appID":"ASoftwarePlusBundle-221016","dateAdded":"230530","deceptorType":"Bundler","name":"Asoftware Plus Bundle","company":"A Software Plus","version":"221016","lastKnownStatus":"221016","lastKnownDate":"230530","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2023-05-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":966},{"violations":{"ACR-046":"The Yandex Offer is preselected in the installation and requires the user to uncheck a checkbox in order to decline the offer. \n","ACR-084":"A scheduled task is added to Windows Task Scheduler without user's knowledge to set an autorun.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-099":"The app does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"TelamonCleaner_id627b8690dea83sp.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"ed244191346920caec28a2d8649e2073","hashSHA1":"76eb244ac3763ef092f1c15b3ab03999d9908d22","hashSHA256":"15a5c81f3eb5021b7e3f0790adafea8cde7bb3f6907b95e85f2b32876d9735cf","digitalCertThumbprint":"FA01972C2449CACF62D6F2C9CF40AA768A90E535","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"ARGO ENTERPRAIZ, OOO\", O=\"ARGO ENTERPRAIZ, OOO\", L=Sankt-Peterburg, S=Sankt-Peterburg, C=RU, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1197847210076","sourceIndex":"1613","avBlockList":["360 Total Security (20220524)","Avira Internet Security (20220524)","COMODO Antivirus (20220524)","Dr.Web Security Space (20220524)","ESET Internet Security (20220524)","K7 Total Security (20220524)","Malwarebytes Premium (20220524)","McAfee Total Protection (20220524)","Norton Security (20220524)","Panda Dome (20220524)","Quick Heal Internet Security (20220524)","Sophos Home Premium (20220524)","SpyHunter5 (20220524)","Total AV Antivirus Pro (20220524)","VirIT eXplorer PRO (20220524)","Webroot SecureAnywhere (20220524)"],"avAllowList":["Avast Premium Security (20220524)","AVG Internet Security (20220524)","Bitdefender Internet Security (20220524)","G DATA INTERNET SECURITY (20220524)","Kaspersky Internet Security (20220524)","Tencent PC Manager (20220524)","Trend Micro Internet Security (20220524)","VIPRE Advanced Security (20220524)","Windows Defender (20220524)"]},{"isRevoked":"False","fileName":"tt-cleaner.exe","fileVersion":"1.0","hashMD5":"0a6f53c4018df8ec1d91b5bf5fbd1630","hashSHA1":"acba11c2ec8a8f7c1d9b0da759b81b3873bca7da","hashSHA256":"a49f9314288341eecf900b6a39a7435135298aa5c190e64f4758fba6d98d792f","digitalCertThumbprint":"FA01972C2449CACF62D6F2C9CF40AA768A90E535","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"ARGO ENTERPRAIZ, OOO\", O=\"ARGO ENTERPRAIZ, OOO\", L=Sankt-Peterburg, S=Sankt-Peterburg, C=RU, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1197847210076","sourceIndex":"1613","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://telamoncleaner.com/","directDownloadingLink":"https://download.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.telamoncleaner.com/telamon/TelamonCleaner.exe?sub1=&sub2=&sub3=","sourceIndex":"1613"}],"sampleFiles":["220513/TelamonCleaner-200701/1.0.226/Samples/TelamonCleaner_id627b8690dea83sp.exe","220513/TelamonCleaner-200701/1.0.226/Samples/tt-cleaner.exe"],"imageFiles":["220513/TelamonCleaner-200701/1.0.226/Images/ACR-046/YandexInstall.jpg","220513/TelamonCleaner-200701/1.0.226/Images/ACR-084/ACR084_TaskSchedule.jpg"],"nonDeceptorImageFiles":["220513/TelamonCleaner-200701/1.0.226/Images/ACR-065/ACR065_099_Install.jpg","220513/TelamonCleaner-200701/1.0.226/Images/ACR-065/ACR065_099_About.jpg","220513/TelamonCleaner-200701/1.0.226/Images/ACR-099/ACR065_099_About.jpg"],"guid":"0b60c92c-422e-445c-bb64-bd601ef25d58_1.0.226_1","appID":"TelamonCleaner-200701","dateAdded":"230530","deceptorType":"App","name":"Telamon Cleaner","company":"Telamon Tools","version":"1.0.226","firstVendorContactDate":"241006","firstAppEsteemReplyDate":"241006","firstResolvedDate":"241018","firstResolvedVersion":"2.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.134;1.0.226;1.0.245;1.0.268.0;1.0.269.0;1.0.274.0;1.0.275.0;1.0.276.0","lastKnownDate":"241018","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,display ads","lastUpdate":"2024-10-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":9,"sortOrder":962},{"violations":{"ACR-048":"The app does not provide an option to cancel installation.\nThe app has no control to close the other processes that runs silently in the background within the app's settings. Furthemore, the setting control to disable the created startup entries for Steganos VPN Online Shield is not clear and misleading. Disabling startup for VPN on Settings does not remove all the startups on the list.\n","ACR-084":"Quitting the app leaves the processes \"OnlineShieldService.exe\", \"SteganosBrowserMonitor.exe\" and \"Notifier.exe\" running silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The application presents misleading status even when the system has a VPN program already installed. \n","ACR-165":"The app does not provide detailed information about when users receive notification for renewal and the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-167":"The return policy between offers made for the app is inconsistent.\n"},"samples":[{"isRevoked":"False","fileName":"Notifier.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.10.12886","fileVersion":"2.0.10.12886","hashMD5":"62a7f2934eb14f044ba4c7a47100ffc6","hashSHA1":"00dd025353a9cb64a4f969340ffae459d3ac1028","hashSHA256":"fb6d0c58280a975246bf31a4baeb0970474639e72b05966f919d483620389f11","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Steganos Software GmbH, O=Steganos Software GmbH, STREET=Storkower Str. 158, L=Berlin, S=Berlin, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Berlin (Charlottenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 121695, OID.2.5.4.15=Private Organization","sourceIndex":"1393","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OnlineShieldClient.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.10.12886","fileVersion":"2.0.10.12886","hashMD5":"80e7db597bc367525c50d1d685cdf497","hashSHA1":"f0564d541fc9acaffb4c9228e63a01e9cb6f7f29","hashSHA256":"3b68db56ddc8beec1cb662405a765166829ee3c1ed975807c8a16d162e6fd24f","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Steganos Software GmbH, O=Steganos Software GmbH, STREET=Storkower Str. 158, L=Berlin, S=Berlin, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Berlin (Charlottenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 121695, OID.2.5.4.15=Private Organization","sourceIndex":"1393","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OnlineShieldService.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.10.12886","fileVersion":"2.0.10.12886","hashMD5":"6ae1f5ce3e6caedb198fb53fedd6cba5","hashSHA1":"c8b0dac82ce34dcd21cccaccbfee59e2289a6167","hashSHA256":"b5f93555f7cfa12409e52543c892a12fa9d5875ed9af0655dc577006de4418b6","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Steganos Software GmbH, O=Steganos Software GmbH, STREET=Storkower Str. 158, L=Berlin, S=Berlin, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Berlin (Charlottenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 121695, OID.2.5.4.15=Private Organization","sourceIndex":"1393","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sosint.exe","isInstaller":"True","companyName":"Steganos Software GmbH","fileVersion":"2.0.10.12886","hashMD5":"1dc3b275cfb52932c1dbc98fa6cd7a24","hashSHA1":"2b3ef7e8ed08216dd0be031286bc16bcd8403cc6","hashSHA256":"2c1cf51f0e6fb4d53073ce66f915d134dbffcd7e04968b70879721bc4b07bf88","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Steganos Software GmbH, O=Steganos Software GmbH, STREET=Storkower Str. 158, L=Berlin, S=Berlin, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Berlin (Charlottenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 121695, OID.2.5.4.15=Private Organization","sourceIndex":"1393","avBlockList":["Avast Premium Security (20221006)","AVG Internet Security (20221006)","Avira Internet Security (20221006)","Bitdefender Internet Security (20221006)","Dr.Web Security Space (20221006)","ESET Internet Security (20221006)","K7 Total Security (20221006)","Kaspersky Internet Security (20221006)","Norton Security (20221006)","Panda Dome (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)","Windows Defender (20221006)"],"avAllowList":["360 Total Security (20221006)","COMODO Antivirus (20221006)","G DATA INTERNET SECURITY (20221006)","Malwarebytes Premium (20221006)","McAfee Total Protection (20221006)","Quick Heal Internet Security (20221006)","Trend Micro Internet Security (20221006)","VIPRE Advanced Security (20221006)"]},{"isRevoked":"False","fileName":"SteganosBrowserMonitor.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.10.12886","fileVersion":"2.0.10.12886","hashMD5":"1f332ae5312b37160bfb2d97056b5819","hashSHA1":"8b68a9b9360216e27d77c764cf7e86cdd8950896","hashSHA256":"1324eb466c97bad79d43150be9a61c674b4a40bc9fe5d070b0ffd93120cb0ffa","digitalCertThumbprint":"1DCD1EAF5DA424B9A40D425FFBC3526389B149D1","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Steganos Software GmbH, O=Steganos Software GmbH, STREET=Storkower Str. 158, L=Berlin, S=Berlin, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Berlin (Charlottenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 121695, OID.2.5.4.15=Private Organization","sourceIndex":"1393","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.steganos.com/en/products/steganos-vpn-online-shield","directDownloadingLink":"https://www.steganos.com/en/download/sos","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.steganos.com/en/download/sos","sourceIndex":"1393"}],"sampleFiles":["220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Samples/Notifier.exe","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Samples/OnlineShieldClient.exe","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Samples/OnlineShieldService.exe","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Samples/sosint.exe","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Samples/SteganosBrowserMonitor.exe"],"imageFiles":["220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Images/ACR-048/ACR-048_Install.jpg","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Images/ACR-084/ACR-048_084_BackgroundProcesses.jpg","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Images/ACR-048/ACR-048_084_BackgroundProcesses.jpg","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Images/ACR-048/ACR-048_084_SettingControl.mp4","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Images/ACR-014/SeganosVPN_014.JPG","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Images/ACR-165/SteganosVPNOnlineShield_OfferPage.png"],"nonDeceptorImageFiles":["220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Images/ACR-167/ACR-167_ReturnPolicy.jpg","220929/SteganosVPNOnlineShield-220928/2.0.10.12886/Images/ACR-167/ACR-167_ReturnPolicy_1.jpg"],"guid":"6d65ba0e-945a-4d7b-9a30-01f31726a323_2.0.10.12886_1","appID":"SteganosVPNOnlineShield-220928","dateAdded":"230525","deceptorType":"App","name":"Steganos VPN Online Shield","company":"Steganos Software GmbH","version":"2.0.10.12886","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230628","firstResolvedVersion":"2.0.15.0","resolved":"TRUE","lastKnownStatus":"2.0.10.12886;2.0.12.13086;2.0.12.13107;2.0.13.13354;2.0.13.13364;2.0.14.13383","lastKnownDate":"230525","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"paid,up-sell to paid","lastUpdate":"2023-06-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":972},{"violations":{"ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission.\n2. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n3. On executing the installer, it directly installs the app and its components without asking for any user's permission.\n","ACR-043":"1. The app does not provide information regarding the Root Certificate files that get dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n3. All the components of \"Steganos VPN Online Shield\" get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'.\n","ACR-048":"The app does not provide an option to cancel installation.\nThe app does not provide any control to enable/disable the startup items and to close the background processes that run silently in the background within the app's settings.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture.\n","ACR-084":"1.  The app creates undisclosed startup items to perform actions without the consumer's knowledge and consent.\n2. On quitting the app, many processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"The application presents misleading status with an exclamation mark even when the system has a VPN program already installed. \n","ACR-165":"The app does not provide detailed information about when users receive notification for renewal and the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the dropped Trusted Root certificate files even after uninstalling and reboot.\n","ACR-167":"The return policy content is inconsistent.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\Notifier.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.12.13107","fileVersion":"2.0.12.13107","hashMD5":"73de2245c5ed67a5d582af3c92a406b4","hashSHA1":"417c98cfa55e18cdfb77cdf62b3a8d3d74cade74","hashSHA256":"562b9f4a130364a675dd3fa84e7855b729ca525ca04138746759c394c0292a51","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1207","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldClient.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.12.13107","fileVersion":"2.0.12.13107","hashMD5":"27b1b661f1155ada7ff441c6a13ba043","hashSHA1":"8902212f0ad1ded2bca2d9f6f63e765fb434b4cc","hashSHA256":"66d0d6301a98076f72bd407d02868729995f4779fb040e578baf1370e0f6f7d6","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1207","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldService.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.12.13107","fileVersion":"2.0.12.13107","hashMD5":"6212aa6cb4731d894f88d6cbc03faa8f","hashSHA1":"4bde2228a0fab39b262074d793ff23d3bd8107de","hashSHA256":"23758ccb80d08cc4543cd9feac2d109ecff2afefec037abdce3f1ba3ff5f68c8","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1207","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sosint.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"","fileVersion":"2.0.12.0 Rev 13107","hashMD5":"686ee17596f5d9ace6a136e3c9c97ebc","hashSHA1":"a4455c02f3f960f0ba5749659c0adaa2663e1cfa","hashSHA256":"659c3fd31fb33ffb3b8c68c68d2221cdee147770df46aa17083996dc1ceb72fd","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1207","avBlockList":["Avast Premium Security (20230323)","AVG Internet Security (20230323)","Avira Internet Security (20230323)","Bitdefender Internet Security (20230323)","Dr.Web Security Space (20230323)","ESET Internet Security (20230323)","K7 Total Security (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Quick Heal Internet Security (20230323)","Sophos Home Premium (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","VIPRE Advanced Security (20230323)","VirIT eXplorer PRO (20230323)","Webroot SecureAnywhere (20230323)"],"avAllowList":["360 Total Security (20230323)","COMODO Antivirus (20230323)","G DATA INTERNET SECURITY (20230323)","Kaspersky Internet Security (20230323)","Trend Micro Internet Security (20230323)","Windows Defender (20230323)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.steganos.com/en/products/steganos-vpn-online-shield","directDownloadingLink":"https://www.steganos.com/en/download/sos","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.steganos.com/en/download/sos","sourceIndex":"1207"}],"sampleFiles":["230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Samples/sosint.exe"],"imageFiles":["230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-043/ACR-043 (1).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-043/ACR-043 (2).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-043/ACR-043 (3).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-043/ACR-043 (4).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-043/ACR-043 (5).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-043/ACR-043 (6).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-043/ACR-043 (7).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-043/ACR-043.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-107/ACR-107.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-042/ACR-042 (1).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-042/ACR-042 (2).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-042/ACR-042 (3).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-042/ACR-042 (4).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-042/ACR-042 (5).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-042/ACR-042 (6).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-042/ACR-042 (7).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-042/ACR-042.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-048/ACR-048_Install_1.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-007/ACR-007 (1).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-007/ACR-007 (2).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-007/ACR-007 (3).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-007/ACR-007 (4).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-007/ACR-007 (5).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-007/ACR-007 (6).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-084/ACR-084 (2).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-084/ACR-084 (1).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-084/ACR-084 (2).JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-048/ACR-048.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-048/ACR-048_1.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-014/ACR-014.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-118/ACR-118.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-118/ACR-118_1.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-165/ACR-165.jpg"],"nonDeceptorImageFiles":["230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-123/ACR-123.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-123/ACR-123_1.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-123/ACR-123_2.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-167/ACR-167.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-167/ACR-167_1.JPG","230302/SteganosVPNOnlineShield-220928/2.0.12.13107/Images/ACR-018/ACR-018.jpg"],"guid":"6d65ba0e-945a-4d7b-9a30-01f31726a323_2.0.12.13107_1","appID":"SteganosVPNOnlineShield-220928","dateAdded":"230525","deceptorType":"App","name":"Steganos VPN Online Shield","company":"Steganos Software GmbH","version":"2.0.12.13107","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230628","firstResolvedVersion":"2.0.15.0","resolved":"TRUE","lastKnownStatus":"2.0.10.12886;2.0.12.13086;2.0.12.13107;2.0.13.13354;2.0.13.13364;2.0.14.13383","lastKnownDate":"230525","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-06-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":970},{"violations":{"ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission.\n2. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n3. On executing the installer, it directly installs the app and its components without asking for any user's permission.\n","ACR-043":"1. The app does not provide information regarding the Root Certificate files that get dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n3. All the components of \"Steganos VPN Online Shield\" get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'.\n","ACR-048":"The app does not provide an option to cancel installation.\nThe app does not provide any control to close the background processes that run silently in the background within the app's settings.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture.\n","ACR-084":"On quitting the app, many processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"The application presents misleading status with an exclamation mark even when the system has a VPN program already installed. \n","ACR-165":"The app does not provide detailed information about when users receive notification for renewal and the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the dropped Trusted Root certificate files even after uninstalling and reboot.\n","ACR-167":"The return policy content is inconsistent.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldClient.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.13.13354","fileVersion":"2.0.13.13354","hashMD5":"9ab24dd648daf006b9d2de0d833df2b1","hashSHA1":"bb8d7bf33f318b214717164eda88bc333c5b9621","hashSHA256":"de9dbb3da33dbea7888701ff5c45f2fd04b349811f90bd00696922aa464aeff5","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1143","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldService.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.13.13354","fileVersion":"2.0.13.13354","hashMD5":"105d259e887be01c300407a9bba76b10","hashSHA1":"81c3691892f1973aa1291c5d59863cdc1ea8259a","hashSHA256":"6c5a85d2fbc91a1e4eb019bb9b02111082dd4eadfb777ffbc3148c00a742d874","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1143","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sosint.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"","fileVersion":"2.0.13.0 Rev 13354","hashMD5":"501b6a60bd3a0fc0886eb7fa161fdc35","hashSHA1":"b6c18392c77937d35e661813b4a56204822757d9","hashSHA256":"e7c1ab8af7284c1cfae6274ac1477e28c84b723ff7d0edf8671a9cf54d2728a4","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1143","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.steganos.com/en/products/steganos-vpn-online-shield","directDownloadingLink":"https://www.steganos.com/en/download/sos","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.steganos.com/en/download/sos","sourceIndex":"1143"}],"sampleFiles":["230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Samples/sosint.exe"],"imageFiles":["230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-043/ACR-043 (1).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-043/ACR-043 (2).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-043/ACR-043 (3).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-043/ACR-043 (4).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-043/ACR-043 (5).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-043/ACR-043 (6).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-043/ACR-043.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-043/ACR-043_1.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-107/ACR-107_1.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-042/ACR-042 (1).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-042/ACR-042 (2).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-042/ACR-042 (3).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-042/ACR-042 (4).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-042/ACR-042 (5).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-042/ACR-042 (6).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-042/ACR-042.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-042/ACR-042_1.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-048/ACR-048_1.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-007/ACR-007 (1).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-007/ACR-007 (2).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-007/ACR-007 (3).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-007/ACR-007 (4).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-007/ACR-007 (5).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-007/ACR-007 (6).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-084/ACR-084.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-084/ACR-084_1.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-048/ACR-048(1).JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-048/ACR-048.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-014/ACR-014.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-118/ACR-118.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-165/ACR-165.jpg"],"nonDeceptorImageFiles":["230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-123/ACR-123.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-167/ACR-167.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-167/ACR-167_1.JPG","230426/SteganosVPNOnlineShield-220928/2.0.13.13354/Images/ACR-018/ACR-018.jpg"],"guid":"6d65ba0e-945a-4d7b-9a30-01f31726a323_2.0.13.13354_1","appID":"SteganosVPNOnlineShield-220928","dateAdded":"230525","deceptorType":"App","name":"Steganos VPN Online Shield","company":"Steganos Software GmbH","version":"2.0.13.13354","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230628","firstResolvedVersion":"2.0.15.0","resolved":"TRUE","lastKnownStatus":"2.0.10.12886;2.0.12.13086;2.0.12.13107;2.0.13.13354;2.0.13.13364;2.0.14.13383","lastKnownDate":"230525","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-06-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":969},{"violations":{"ACR-042":"1. The app drops the 9 Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n3. On executing the installer, it directly installs the app and its components without asking for any user's permission.\n","ACR-043":"1. The app does not provide information regarding the 9 Root Certificate files that get dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n3. All the components of \"Steganos VPN Online Shield\" get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN'.\n","ACR-048":"The app does not provide an option to cancel installation.\nThe app does not provide any control to enable/disable the startup items and to close the background processes that run silently in the background within the app's settings.\n","ACR-007":"The app does not obtain user consent for dropping the 9 Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-084":"1.  The app creates undisclosed startup items to perform actions without the consumer's knowledge and consent.\n2. On quitting the app, many processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"The application presents misleading status with an exclamation mark even when the system has a VPN program already installed. \n","ACR-165":"The app does not provide detailed information about when users receive notification for renewal and the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to 9 Root Certificates files being dropped, in the installation prompt.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate files even after uninstalling and reboot.\n","ACR-167":"The return policy between offers made for the app is inconsistent.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\Notifier.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.12.13086","fileVersion":"2.0.12.13086","hashMD5":"ffa7ce5b7a5c4e2886f97b1073712eb1","hashSHA1":"011a4a6be739b1cf936578e0c59a80e6b8ca2280","hashSHA256":"3af4a8d14debb6ea9ae744954640917d54a50089ddcf7e3d9ae281af97e8eb3b","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1263","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldClient.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.12.13086","fileVersion":"2.0.12.13086","hashMD5":"0d065f78b71f64857584b74f84eebe66","hashSHA1":"8bddc580f47415db9349b9be78d8fc30b7747fc7","hashSHA256":"a224391e53cf28883c44450ebf0b12ff66632a9da6da5e454f777a65067ebb0a","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1263","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldService.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.12.13086","fileVersion":"2.0.12.13086","hashMD5":"089d0baa81c7984207ae43ec34c68184","hashSHA1":"12f4fa6c890155dd5f5e08983b6b97a85662bd95","hashSHA256":"cce14fa01a0df63685f45de62eff2bf9374b82f2152f7163514cbdbd02ed426f","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1263","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sosint.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"","fileVersion":"2.0.12.0 Rev 13086","hashMD5":"f04d94b73366fa351874d20f1bbdffd0","hashSHA1":"3db935dd95a957b059a411b505adad467726cc63","hashSHA256":"70148faac84bbe5b11a16ddf1f97b282baaecfaf98b0d824ce64f174af3c34c4","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1263","avBlockList":["Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","Bitdefender Internet Security (20230209)","COMODO Antivirus (20230209)","Dr.Web Security Space (20230209)","ESET Internet Security (20230209)","K7 Total Security (20230209)","Norton Security (20230209)","Panda Dome (20230209)","Quick Heal Internet Security (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","VIPRE Advanced Security (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)"],"avAllowList":["360 Total Security (20230209)","G DATA INTERNET SECURITY (20230209)","Kaspersky Internet Security (20230209)","Malwarebytes Premium (20230209)","McAfee Total Protection (20230209)","Trend Micro Internet Security (20230209)","Windows Defender (20230209)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.steganos.com/en/products/steganos-vpn-online-shield","directDownloadingLink":"https://www.steganos.com/en/download/sos","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.steganos.com/en/download/sos","sourceIndex":"1263"}],"sampleFiles":["221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Samples/sosint.exe"],"imageFiles":["221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-043/ACR-043 (1).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-043/ACR-043 (2).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-043/ACR-043 (3).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-043/ACR-043 (4).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-043/ACR-043 (5).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-043/ACR-043 (6).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-043/ACR-043 (7).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-043/ACR-043.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-107/ACR-107.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-042/ACR-042 (1).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-042/ACR-042 (2).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-042/ACR-042 (3).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-042/ACR-042 (4).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-042/ACR-042 (5).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-042/ACR-042 (6).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-042/ACR-042 (7).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-042/ACR-042.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-048/ACR-048_Install_1.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-007/ACR-007 (1).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-007/ACR-007 (2).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-007/ACR-007 (3).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-007/ACR-007 (4).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-007/ACR-007 (5).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-007/ACR-007 (6).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-084/ACR-084 (1).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-084/ACR-084 (2).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-048/ACR-048_1.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-048/ACR-048.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-014/ACR-014.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-118/ACR-118.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-118/ACR-118_1.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-165/ACR-165.jpg"],"nonDeceptorImageFiles":["221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-045/ACR-045 (1).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-045/ACR-045 (2).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-045/ACR-045 (3).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-045/ACR-045 (4).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-045/ACR-045 (5).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-045/ACR-045 (6).JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-123/ACR-123.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-123/ACR-123_1.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-123/ACR-123_2.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-167/ACR-167.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-167/ACR-167_1.JPG","221222/SteganosVPNOnlineShield-220928/2.0.12.13086/Images/ACR-018/ACR-018.jpg"],"guid":"6d65ba0e-945a-4d7b-9a30-01f31726a323_2.0.12.13086_1","appID":"SteganosVPNOnlineShield-220928","dateAdded":"230525","deceptorType":"App","name":"Steganos VPN Online Shield","company":"Steganos Software GmbH","version":"2.0.12.13086","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230628","firstResolvedVersion":"2.0.15.0","resolved":"TRUE","lastKnownStatus":"2.0.10.12886;2.0.12.13086;2.0.12.13107;2.0.13.13354;2.0.13.13364;2.0.14.13383","lastKnownDate":"230525","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-06-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":971},{"violations":{"ACR-042":"Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n\n","ACR-043":"1. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n2. All the components of \"Steganos VPN Online Shield\" get dropped in one click without disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN' without any disclosure in EULA.\n","ACR-048":"The app does not provide an option to cancel the installation.\nThe app does not provide any control to close the background processes that run silently in the background within the app's settings.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture. (Please verify from your end)\n","ACR-084":"On quitting the app, many processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The application presents misleading status with an exclamation mark even when the system has a VPN program already installed. \n","ACR-165":"The app does not provide detailed information about when users receive notification for renewal and the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldClient.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.14.13383","fileVersion":"2.0.14.13383","hashMD5":"b14155a7da85f7c698f41fe38956c7a7","hashSHA1":"e64cef718e8574d579bdcaa6ce6fdffe307f86d2","hashSHA256":"395ab93d25abc09a77eb87b10e4fea194d739299218cdbcd3b63b99aaa2d5f52","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1023","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldService.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.14.13383","fileVersion":"2.0.14.13383","hashMD5":"2617df0f3af4d32443d166fa1f168899","hashSHA1":"dd46ed16efcbd4ecaf6ea7237e642757f420d6f7","hashSHA256":"3b171201f75792fc14366149dcb9c6dfbf0164faf557a3faad7d1504be6f1f19","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1023","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\Updater.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.14.13383","fileVersion":"2.0.14.13383","hashMD5":"a12a75943545f158d0578e9069ab349b","hashSHA1":"87fc0d7cecb9a11f9a0e95083effcdac2cc9cb6a","hashSHA256":"0442c54c7405739976ebccbf930aaf8b14caa680713ca9311681b68a9b960e84","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1023","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sosint.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"","fileVersion":"2.0.14.0 Rev 13383","hashMD5":"c34d15fb6c707453a344a27b62675028","hashSHA1":"3640b8dfeff525cb7afaceb6294896181131f54a","hashSHA256":"b10866d30876985cbe336f1cbee1b0cb8db8f8848c827cfd7eab7ee58b6d5270","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1023","avBlockList":["Avira Internet Security (20230530)","ESET Internet Security (20230530)","K7 Total Security (20230530)","Kaspersky Internet Security (20230530)","Malwarebytes Premium (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Sophos Home Premium (20230530)","VirIT eXplorer PRO (20230530)"],"avAllowList":["360 Total Security (20230530)","Avast Premium Security (20230530)","AVG Internet Security (20230530)","Bitdefender Internet Security (20230530)","COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","G DATA INTERNET SECURITY (20230530)","McAfee Total Protection (20230530)","Quick Heal Internet Security (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","Trend Micro Internet Security (20230530)","VIPRE Advanced Security (20230530)","Webroot SecureAnywhere (20230530)","Windows Defender (20230530)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: VPN for Windows","reference":"","landingPage":"https://www.steganos.com/en/products/steganos-vpn-online-shield","directDownloadingLink":"https://www.steganos.com/en/download/sos","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.steganos.com/en/download/sos","sourceIndex":"1023"}],"sampleFiles":["230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Samples/sosint.exe"],"imageFiles":["230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-043/ACR-043.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-043/ACR-043_1.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-107/ACR-107.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-042/ACR-042.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-048/ACR-048.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-084/ACR-084 (1).JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-084/ACR-084 (2).JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-048/ACR-048_1.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-048/ACR-048_2.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-048/ACR-048_3.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-014/ACR-014.JPG","230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-165/ACR-165.JPG"],"nonDeceptorImageFiles":["230525/SteganosVPNOnlineShield-220928/2.0.14.13383/Images/ACR-018/ACR-018.JPG"],"guid":"6d65ba0e-945a-4d7b-9a30-01f31726a323_2.0.14.13383_1","appID":"SteganosVPNOnlineShield-220928","dateAdded":"230525","deceptorType":"App","name":"Steganos VPN Online Shield","company":"Steganos Software GmbH","version":"2.0.14.13383","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230628","firstResolvedVersion":"2.0.15.0","resolved":"TRUE","lastKnownStatus":"2.0.10.12886;2.0.12.13086;2.0.12.13107;2.0.13.13354;2.0.13.13364;2.0.14.13383","lastKnownDate":"230525","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-06-29T06:58:36.3096822+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":967},{"violations":{"ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission.\n2. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n\n","ACR-043":"1. The app does not provide information regarding the Root Certificate files that get dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source project \"Open VPN\" gets installed without any disclosure in EULA.\n3. All the components of \"Steganos VPN Online Shield\" get dropped in one click without disclosing its installation path.\n","ACR-107":"The app does not disclose relevant license information about 'OpenVPN' without any disclosure in EULA.\n","ACR-048":"The app does not provide any control to close the background processes that run silently in the background within the app's settings.\n","ACR-004":"The app displays an exaggerated \"Exclamation mark\" in the software.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture.\n","ACR-084":"On quitting the app, many processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"The application presents misleading status with an exclamation mark even when the system has a VPN program already installed. \n","ACR-165":"The app does not provide detailed information about when users receive notification for renewal and the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the dropped Trusted Root certificate files even after uninstalling and reboot.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.steganos.com/en/what-is-geoblocking-and-how-you-can-get-around-it).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldClient.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.13.13364","fileVersion":"2.0.13.13364","hashMD5":"772b5e0ac4c522da81d6380a1a5d4d29","hashSHA1":"73a90aee68e000c0bd86116dfa51b4fac2912893","hashSHA256":"1dd19130b2f7feafea1b867a5c8eef61bde9fac4bfae9ced7c5e1f0ee34b24d3","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1090","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Steganos Online Shield\\OnlineShieldService.exe","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"2.0.13.13364","fileVersion":"2.0.13.13364","hashMD5":"d903c9620d130f02e25cfb4e68d409ff","hashSHA1":"eca95d9fb59e3eb5092497fd2511da806ee25e8f","hashSHA256":"245591fb21acd0774ab6a9890dd193f327c529110ea4f8d2226decfc44da6b79","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1090","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sosint.exe","isInstaller":"True","companyName":"Steganos Software GmbH","productName":"Steganos VPN Online Shield","productVersion":"","fileVersion":"2.0.13.0 Rev 13364","hashMD5":"cb43adca02578b7d241b9dc0b2153c77","hashSHA1":"e2143af8133e200c6d3d23ba02c97761fc299395","hashSHA256":"f72007b8e628d828f17f6b4f4cad4b8ff2d382447552ca32e1cbfe89d88d1293","digitalCertThumbprint":"42A47E14816F47500EB0E6075AB7CFCA77B7A799","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Steganos Software GmbH","storeId":"","sourceIndex":"1090","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://www.steganos.com/en/products/steganos-vpn-online-shield","directDownloadingLink":"https://www.steganos.com/en/download/sos","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.steganos.com/en/download/sos","sourceIndex":"1090"}],"sampleFiles":["230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Samples/sosint.exe"],"imageFiles":["230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-043/ACR-043.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-043/ACR-043_1.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-043/ACR-043_2.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-043/ACR-043_3.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-043/ACR-043_4.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-107/ACR-107.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-042/ACR-042.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-042/ACR-042_1.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-042/ACR-042_2.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-042/ACR-042_3.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-007/ACR-007.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-007/ACR-007_1.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-007/ACR-007_2.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-004/ACR-004.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-084/ACR-084.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-084/ACR-084_1.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-048/ACR-048.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-048/ACR-048_1.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-048/ACR-048_2.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-014/ACR-014.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-118/ACR-118.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-165/ACR-165.JPG"],"nonDeceptorImageFiles":["230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-123/ACR-123.JPG","230522/SteganosVPNOnlineShield-220928/2.0.13.13364/Images/ACR-018/ACR-018.JPG"],"guid":"6d65ba0e-945a-4d7b-9a30-01f31726a323_2.0.13.13364_1","appID":"SteganosVPNOnlineShield-220928","dateAdded":"230525","deceptorType":"App","name":"Steganos VPN Online Shield","company":"Steganos Software GmbH","version":"2.0.13.13364","firstVendorContactDate":"230602","firstAppEsteemReplyDate":"230603","firstResolvedDate":"230628","firstResolvedVersion":"2.0.15.0","resolved":"TRUE","lastKnownStatus":"2.0.10.12886;2.0.12.13086;2.0.12.13107;2.0.13.13354;2.0.13.13364;2.0.14.13383","lastKnownDate":"230525","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-06-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":968},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app all the components inside the \"Appdata\\Temp\\Local\" and \"Program Files (x86)\" path and installs Aman VPN. Thus app does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.amanvpn.com/learn/what-is-vpn.html).\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages (https://www.amanvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.1.8.0428","fileVersion":"2.1.8.0428","hashMD5":"f0aeebc7f3a5cae188b0944afe4b29e8","hashSHA1":"9ef07f833767d76543f3de93cd52060054b3a836","hashSHA256":"1e5b4459075678b1389364230e7d6cba32483f087a429d2e52f170d2c024d007","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1616","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanOnlineWT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"fb1098b9fc84c85d0b28e75783d422be","hashSHA1":"1e4cd28c6aaa23783f1dbec4db46b2f3c8e070b4","hashSHA256":"b0ae6e8a834c25a5fab9075255c5dec5cb20d6ad86f78bdf856f8751f94d46a9","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1616","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanUpdateLogLT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"11008b8a032d541a10c8fda7bde2e253","hashSHA1":"fdcf12090b94e308876e0d0adb9d259d67f7ad39","hashSHA256":"5983f1e7afee0d607ecfc03a2ec3937c22df1f1df890b8c323a31e9a930ddd81","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1616","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\run\\amanProxy.exe","companyName":" ","productName":" ","productVersion":"1.1.1","fileVersion":"1.1.1","hashMD5":"80f0297c285d9731e9d7a797b6e67315","hashSHA1":"5471175f92efbdc60061ed488f729461bb2f977c","hashSHA256":"13afd3ef39b035ee0c011bd21f1a2eba947279533374048bcc2ea9bfabc1d20d","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1616","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.1.8.0428","fileVersion":"2.1.8.0428","hashMD5":"da7c888ca754337242d213176c4fcc01","hashSHA1":"59c00346d52608c2d1585adef02f540cbc58ab64","hashSHA256":"80052b80b23020374c200c32c5f8b05cab03fff1b3fdb56f29322385eb299fac","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1616","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.1.8_oem_10015.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.1.8.0428","fileVersion":"2.1.8.0428","hashMD5":"4064741d443fe923132b175ad3281fc8","hashSHA1":"5aeeb9b0b6488a1dc9b201346ac204dfa31810e4","hashSHA256":"c7d0428ee42636012ec84a1907ad87da62efa0a87868f561884b15338322de67","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1616","avBlockList":["360 Total Security (20220607)","Avast Premium Security (20220607)","AVG Internet Security (20220607)","Avira Internet Security (20220607)","Bitdefender Internet Security (20220607)","COMODO Antivirus (20220607)","Dr.Web Security Space (20220607)","ESET Internet Security (20220607)","G DATA INTERNET SECURITY (20220607)","K7 Total Security (20220607)","Kaspersky Internet Security (20220607)","McAfee Total Protection (20220607)","Norton Security (20220607)","Panda Dome (20220607)","Quick Heal Internet Security (20220607)","Sophos Home Premium (20220607)","SpyHunter5 (20220607)","Total AV Antivirus Pro (20220607)","VIPRE Advanced Security (20220607)","VirIT eXplorer PRO (20220607)","Webroot SecureAnywhere (20220607)"],"avAllowList":["Malwarebytes Premium (20220607)","Tencent PC Manager (20220607)","Trend Micro Internet Security (20220607)","Windows Defender (20220607)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://www.amanvpn.com/","directDownloadingLink":"https://down.amanvpn.net/202204/218/Aman_2.1.8.0428_1648.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.amanvpn.net/202204/218/Aman_2.1.8.0428_1648.exe","sourceIndex":"1616"}],"sampleFiles":["220512/AmanVPN-220318/2.1.8.0428/Samples/Aman_2.1.8_oem_10015.exe"],"imageFiles":["220512/AmanVPN-220318/2.1.8.0428/Images/ACR-043/ACR-043_Install_Drops_Immediately.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-043/ACR-043_Install_Drops_Immediately_1.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-043/ACR-043_Install_Drops_TOMVPN.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-107/ACR-107_Install_Drops_TOMVPN.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-042/ACR-042_Install_Drops_All_Files.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-042/ACR-042_Install_Drops_All_Files_1.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-048/ACR-048.mp4","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-084/ACR-084_1.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-048/ACR-048_1.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-048/ACR-048_2.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["220512/AmanVPN-220318/2.1.8.0428/Images/ACR-123/ACR-123_Uninstall_1.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-014/ACR-014_LandingPage_Misleading_Words.JPG","220512/AmanVPN-220318/2.1.8.0428/Images/ACR-018/ACR-018_1.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_2.1.8.0428_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"2.1.8.0428","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":987},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\nThe app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"1. The app uses a hotkey and password to hide its presence. \n2. The app is installed in a hidden folder in the Program Files Directory\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app cannot be uninstalled by the platform's standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-082":"The app enables the user to violate many laws.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spm.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.6","fileVersion":"1.0.11.6","hashMD5":"e998a75acf438ace39cfccfce84053f3","hashSHA1":"1e30aa0a1417edd455630d2e29e0f3f805231bbc","hashSHA256":"1fede725f91719a7701eea7231918751c98b821f94ebc7bdef362f159f1f0290","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1084","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\spmm.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"a3f5792b3316c49327e1d9890dd85bc7","hashSHA1":"afb5d101f0f10f8b7289f070dfc9f6e9b61677d0","hashSHA256":"e9759377021dbcd5623d7acfa2d6cfa73e10481e4f848c8746383c1858d35433","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1084","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{89DF3612-BE12-A0A6-D34F-FD696F512FCB}\\sps.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"168bace4ed308f951d457dbca11acf0c","hashSHA1":"a377883ee194a270cc386ab522cd524354919b25","hashSHA256":"f48ae47efe7d886772abfb209cb8d055bbf765f9a8f3068e5ed61c57e3aeec9c","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1084","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spm_setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"46806e78246d63726a6b88e8fa1f27a7","hashSHA1":"f97e6829a2a57b291a85128c74243169459adb85","hashSHA256":"fd8f3ab6ab26ff356a07454e606e6b84f1ae631b237b376fbc826feea36f10ff","digitalCertThumbprint":"4401F710FD4FD877A624BE3002FFA278BE291A61","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"CLEVERCONTROL LLC","storeId":"","sourceIndex":"1084","avBlockList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Avira Internet Security (20230608)","COMODO Antivirus (20230608)","Dr.Web Security Space (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","K7 Total Security (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)","Windows Defender (20230608)"],"avAllowList":["Bitdefender Internet Security (20230608)","Quick Heal Internet Security (20230608)","Trend Micro Internet Security (20230608)","VIPRE Advanced Security (20230608)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.spyrix.com/","directDownloadingLink":"https://spyrix.app/spm.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.app/spm.html","sourceIndex":"1084"}],"sampleFiles":["230523/SpyrixFreeKeylogger-200624/11.6.10/Samples/spm_setup.exe"],"imageFiles":["230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-048/ACR-048_Install.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-084/ACR-084.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-084/ACR-084_1.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-084/ACR-084_2.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-084/ACR-084_3.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-084/ACR-084_4.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-086/ACR-086.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-086/ACR-086_1.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-086/ACR-086_2.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-097/ACR-097.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-097/ACR-097_1.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-097/ACR-097_2.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-097/ACR-097_3.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-048/ACR-048.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-048/ACR-048_1.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-048/ACR-048_2.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-007/ACR-007.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-007/ACR-007_1.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-007/ACR-007_2.JPG","230523/SpyrixFreeKeylogger-200624/11.6.10/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":[],"guid":"50d10902-f455-4d5b-9b68-1c018cb826bd_11.6.10_1","appID":"SpyrixFreeKeylogger-200624","dateAdded":"230523","deceptorType":"App","name":"Spyrix Free Keylogger ","company":"Spyrix Software","version":"11.6.10","lastKnownStatus":"11.5.21;11.5.31;11.5.32;11.5.41;11.6.10","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"cross-sell other apps","lastUpdate":"2026-05-04T14:37:40.1208308+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":973},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\nThe app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"1. The app uses a hotkey and password to hide its presence. \n2. The app is installed in a hidden folder in the Program Files Directory\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n","ACR-116":"The app cannot be uninstalled by the platform's standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden Folder in \"ProgramData\" directory\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-161":"The landing page has customer reviews but no link to verify if the review is legit.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-167":"The app only provides a 14-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Security Monitor\\{827D21CC-A22D-45D6-23CA-451DDAC769BA}\\spkl.exe","companyName":"","productName":"Host application","productVersion":"1.0.11.5","fileVersion":"1.0.11.5","hashMD5":"ed6bdbbf71c54780f7c0112e25ff3e98","hashSHA1":"fda05b7ae1341743b7be5eadbd2b4fc3fdd49f72","hashSHA256":"bb9944bfa0597c12fb50592372ef87071b8c2ec36962be0aa59fd95daacb8f3a","digitalCertThumbprint":"8B9BC26773060522E51FED6DF031955D17318916","digitalCertIssuer":"GlobalSign GCC R45 CodeSigning CA 2020","digitalCertIssuedTo":"Clevercontrol LLC","storeId":"","sourceIndex":"1199","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\sfk_Setup.exe","isInstaller":"True","companyName":"","productName":"SfkLoader","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"0cf1c6e99bcba6d38c6f271ba662aa04","hashSHA1":"356a01859014c61c67010033fa8e08c511b0c412","hashSHA256":"82f7e32680380e12bc5cb15fcc07b3060675d34310f5518ea2682b3f5b8a3c11","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1199","avBlockList":["360 Total Security (20230323)","Avast Premium Security (20230323)","AVG Internet Security (20230323)","Avira Internet Security (20230323)","Bitdefender Internet Security (20230323)","Dr.Web Security Space (20230323)","ESET Internet Security (20230323)","G DATA INTERNET SECURITY (20230323)","K7 Total Security (20230323)","Kaspersky Internet Security (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Quick Heal Internet Security (20230323)","Sophos Home Premium (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","Trend Micro Internet Security (20230323)","VIPRE Advanced Security (20230323)","VirIT eXplorer PRO (20230323)","Webroot SecureAnywhere (20230323)","Windows Defender (20230323)"],"avAllowList":["COMODO Antivirus (20230323)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"keylogger\"","reference":"","landingPage":"https://www.spyrix.com/","directDownloadingLink":"https://*.spyrixweb.com/spyrix-free-keylogger","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://*.spyrixweb.com/spyrix-free-keylogger","sourceIndex":"1199"}],"sampleFiles":["230313/SpyrixFreeKeylogger-200624/11.5.41/Samples/sfk_Setup.exe"],"imageFiles":["230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-048/ACR-048_Install_1.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-084/ACR-084.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-084/ACR-084_1.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-084/ACR-084_2.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-086/ACR-086.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-086/ACR-086_1.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-086/ACR-086_2.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-097/ACR-097.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-097/ACR-097_1.jpg","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-097/ACR-097_2.jpg","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-097/ACR-097_3.jpg","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-097/ACR-097_4.jpg","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-048/ACR-048_1.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-048/ACR-048_2.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-007/ACR-007.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-007/ACR-007_1.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-040/ACR-040.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-040/ACR-040_1.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-065/ACR-065_Install.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-065/ACR-065_Software.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-099/ACR-099_Software.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-167/ACR-167.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-099/ACR-099_LP.Jpg","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-017/ACR_017.JPG","230313/SpyrixFreeKeylogger-200624/11.5.41/Images/ACR-161/ACR-161.jpg"],"guid":"50d10902-f455-4d5b-9b68-1c018cb826bd_11.5.41_1","appID":"SpyrixFreeKeylogger-200624","dateAdded":"230523","deceptorType":"App","name":"Spyrix Free Keylogger ","company":"Spyrix Software","version":"11.5.41","lastKnownStatus":"11.5.21;11.5.31;11.5.32;11.5.41;11.6.10","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"cross-sell other apps","lastUpdate":"2026-05-04T14:37:43.7650434+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":974},{"violations":{"ACR-084":"The app is installed in a hidden folder.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"sfk_setup (1).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0cf3eac8c23b569379723254f0efb62a","hashSHA1":"79c8c96d3c60e1d5916da06bf9e505998007f758","hashSHA256":"f101435f1f45c018d225584493e881fe961b65ac99564c45eca5986abc7b2bb5","digitalCertThumbprint":"08596660665F5466E914A81F19036C8FD5BC37DD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kraft, O=Kraft, STREET=\"Melkombinatovsky travel, 8a 5 office 1st floor\", L=Kirov, PostalCode=610035, C=RU","sourceIndex":"1858","avBlockList":["360 Total Security (20211005)","Avast Premium Security (20211005)","AVG Internet Security (20211005)","Avira Internet Security (20211005)","Bitdefender Internet Security (20211005)","COMODO Antivirus (20211005)","Dr.Web Security Space (20211005)","ESET Internet Security (20211005)","G DATA INTERNET SECURITY (20211005)","K7 Total Security (20211005)","Kaspersky Internet Security (20211005)","Malwarebytes Premium (20211005)","McAfee Total Protection (20211005)","Norton Security (20211005)","Panda Dome (20211005)","Quick Heal Internet Security (20211005)","Sophos Home Premium (20211005)","SpyHunter5 (20211005)","Tencent PC Manager (20211005)","Total AV Antivirus Pro (20211005)","VIPRE Advanced Security (20211005)","VirIT eXplorer PRO (20211005)","Webroot SecureAnywhere (20211005)","Windows Defender (20211005)"],"avAllowList":["Trend Micro Internet Security (20211005)"]},{"isRevoked":"False","fileName":"spkl.exe","fileVersion":"1.0","hashMD5":"ccfb3ffab149d90b2bd69ae3f5b17ed2","hashSHA1":"85e01e39c60c6b8be8c096b2191d5f923b79a64e","hashSHA256":"2c1d60afab12fd8c295da8dd79c645d9fff19e8180739db4a8e4b168b8e7caa6","digitalCertThumbprint":"08596660665F5466E914A81F19036C8FD5BC37DD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kraft, O=Kraft, STREET=\"Melkombinatovsky travel, 8a 5 office 1st floor\", L=Kirov, PostalCode=610035, C=RU","sourceIndex":"1858","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"keylogger\"","reference":"","landingPage":"https://securespyrix.com","directDownloadingLink":"https://securespyrix.com/download/sfk/sfk_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://securespyrix.com/download/sfk/sfk_setup.exe","sourceIndex":"1858"}],"sampleFiles":["210708/SpyrixFreeKeylogger-200624/11.5.32/Samples/sfk_setup (1).exe","210708/SpyrixFreeKeylogger-200624/11.5.32/Samples/spkl.exe"],"imageFiles":["210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-084/Spyrix Free Keylogger_HiddenDirectory [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-084/Spyrix Free Keylogger_HiddenDirectory [2].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-086/Spyrix Free Keylogger_Settings [4].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-086/Spyrix Free Keylogger_Interactions [6].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-086/Spyrix Free Keylogger_Interactions [7].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-086/Spyrix Free Keylogger_Interactions [8].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-097/Spyrix Free Keylogger_LandingPage[3].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-097/Spyrix Free Keylogger_LandingPage[4].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-097/Spyrix Free Keylogger_LandingPage[5].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-097/Spyrix Free Keylogger_LandingPage[6].png"],"nonDeceptorImageFiles":["210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-040/Spyrix Free Keylogger_HiddenDirectory [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-040/Spyrix Free Keylogger_HiddenDirectory [2].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-065/Spyrix Free Keylogger_Install [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-065/Spyrix Free Keylogger_Install [2].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-065/Spyrix Free Keylogger_Install [4].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-002/Spyrix Free Keylogger_Install [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-002/Spyrix Free Keylogger_About [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-002/Spyrix Free Keylogger_LandingPage[4].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-065/Spyrix Free Keylogger_About [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-099/Spyrix Free Keylogger_About [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-167/Spyrix_RefundPolicy [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-065/Spyrix Free Keylogger_LandingPage[1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-065/Spyrix Free Keylogger_LandingPage[2].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-099/Spyrix Free Keylogger_LandingPage[1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-099/Spyrix Free Keylogger_LandingPage[2].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-017/Spyrix Free Keylogger_LandingPage[7].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-161/Spyrix_Testimonials [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-065/Spyrix_OfferPage [1].png","210708/SpyrixFreeKeylogger-200624/11.5.32/Images/ACR-099/Spyrix_OfferPage [1].png"],"guid":"50d10902-f455-4d5b-9b68-1c018cb826bd_11.5.32_1","appID":"SpyrixFreeKeylogger-200624","dateAdded":"230523","deceptorType":"App","name":"Spyrix Free Keylogger ","company":"Spyrix Software","version":"11.5.32","lastKnownStatus":"11.5.21;11.5.31;11.5.32;11.5.41;11.6.10","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"cross-sell other apps","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":975},{"violations":{"ACR-084":"The app is installed in a hidden folder.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting data to or what data it is collecting.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"sfk_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3d54b51e5497678db0e459cd58ccf0b5","hashSHA1":"c988392b6bcf159183cf8bd3ceca602391f9b68e","hashSHA256":"15af0131db55ce9b8d2eefb7783621050d0dc23fe0f94afaf71021daa92df2e2","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1982","avBlockList":["360 Total Security (20210527)","Avast Premium Security (20210527)","AVG Internet Security (20210527)","Avira Internet Security (20210527)","Bitdefender Internet Security (20210527)","COMODO Antivirus (20210527)","Dr.Web Security Space (20210527)","ESET Internet Security (20210527)","G DATA INTERNET SECURITY (20210527)","K7 Total Security (20210527)","Kaspersky Internet Security (20210527)","Malwarebytes Premium (20210527)","McAfee Total Protection (20210527)","Norton Security (20210527)","Panda Dome (20210527)","Quick Heal Internet Security (20210527)","Sophos Home Premium (20210527)","SpyHunter5 (20210527)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20210527)","Trend Micro Internet Security (20210527)","VIPRE Advanced Security (20210527)","VirIT eXplorer PRO (20210527)","Webroot SecureAnywhere (20210527)","Windows Defender (20210527)"],"avAllowList":[]},{"isRevoked":"False","fileName":"spkl.exe","fileVersion":"1.0","hashMD5":"151876966c27423486334dbd867ca169","hashSHA1":"8d9d88c44f29034b01c20df7f4d4ea853ca22f2b","hashSHA256":"05afa6ec01c145a76f2c4775ebf99be1a4c6126def03723dddb953d7e27b3196","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1982","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spmm.exe","fileVersion":"0.0","hashMD5":"2ad1b9d3a4ad7bf864ac7675db8c8fca","hashSHA1":"ca013fdc2b95a6979cabc873a2130a7a27e83f1c","hashSHA256":"83261dd85963c949a5f1f90909def449a21dcd3424864629459e630b43bef11a","digitalCertThumbprint":"8CAC68AB0961BA80647FC717E64D354B1F3B6286","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=LLC KLEVER, O=LLC KLEVER, STREET=\"Vorontsovskaya St., 19B Et / pom / Kom 1 / I / 1b Rab.M.2\", L=Moscow, PostalCode=109147, C=RU","sourceIndex":"1982","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"keylogger\"","reference":"","landingPage":"https://securespyrix.com","directDownloadingLink":"https://spyrix.cc/download/sfk/sfk_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spyrix.cc/download/sfk/sfk_setup.exe","sourceIndex":"1982"}],"sampleFiles":["210310/SpyrixFreeKeylogger-200624/11.5.31/Samples/sfk_setup.exe","210310/SpyrixFreeKeylogger-200624/11.5.31/Samples/spkl.exe","210310/SpyrixFreeKeylogger-200624/11.5.31/Samples/spmm.exe"],"imageFiles":["210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-084/Spyrix Free Keylogger_HiddenDirectory [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-084/Spyrix Free Keylogger_HiddenDirectory [2].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-086/Spyrix Free Keylogger_Settings [4].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-086/Spyrix Free Keylogger_Interactions [6].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-086/Spyrix Free Keylogger_Interactions [7].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-086/Spyrix Free Keylogger_Interactions [8].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-097/Spyrix Free Keylogger_LandingPage[3].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-097/Spyrix Free Keylogger_LandingPage[4].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-097/Spyrix Free Keylogger_LandingPage[5].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-097/Spyrix Free Keylogger_LandingPage[6].png"],"nonDeceptorImageFiles":["210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-040/Spyrix Free Keylogger_HiddenDirectory [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-040/Spyrix Free Keylogger_HiddenDirectory [2].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-065/Spyrix Free Keylogger_Install [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-065/Spyrix Free Keylogger_Install [2].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-065/Spyrix Free Keylogger_Install [4].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-002/Spyrix Free Keylogger_Install [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-002/Spyrix Free Keylogger_About [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-002/Spyrix Free Keylogger_LandingPage[4].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-065/Spyrix Free Keylogger_About [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-099/Spyrix Free Keylogger_About [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-167/Spyrix_RefundPolicy [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-065/Spyrix Free Keylogger_LandingPage[1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-065/Spyrix Free Keylogger_LandingPage[2].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-099/Spyrix Free Keylogger_LandingPage[1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-099/Spyrix Free Keylogger_LandingPage[2].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-017/Spyrix Free Keylogger_LandingPage[7].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-161/Spyrix_Testimonials [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-065/Spyrix_OfferPage [1].png","210310/SpyrixFreeKeylogger-200624/11.5.31/Images/ACR-099/Spyrix_OfferPage [1].png"],"guid":"50d10902-f455-4d5b-9b68-1c018cb826bd_11.5.31_1","appID":"SpyrixFreeKeylogger-200624","dateAdded":"230523","deceptorType":"App","name":"Spyrix Free Keylogger ","company":"Spyrix Software","version":"11.5.31","sigName":"Deceptor:Win32/SpyrixFreeKeyloggerStalkerware!084087097","lastKnownStatus":"11.5.21;11.5.31;11.5.32;11.5.41;11.6.10","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"cross-sell other apps","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":976},{"violations":{"ACR-048":"The app requires a hotkey or password and is in a hidden folder, limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus and add “C:\\ProgramData\\Security Monitor” in the exclusion list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the user to violate many laws.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app only provides a 14-day refund policy and not a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"sfk_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"58b23fd0b729f318eb08ee5d8137c23d","hashSHA1":"0cba4ec634b0b56b77f02972e991fe120b47623d","hashSHA256":"28eec652fadca58fa48b93730072e0e9f01401098fc3f329adcca5d78888ce26","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2406","avBlockList":["360 Total Security (20210610)","Avast Premium Security (20210610)","AVG Internet Security (20210610)","Avira Internet Security (20210610)","Bitdefender Internet Security (20210610)","COMODO Antivirus (20210610)","Dr.Web Security Space (20210610)","ESET Internet Security (20210610)","G DATA INTERNET SECURITY (20210610)","K7 Total Security (20210610)","Kaspersky Internet Security (20210610)","Malwarebytes Premium (20210610)","McAfee Total Protection (20210610)","Norton Security (20210610)","Panda Dome (20210610)","Quick Heal Internet Security (20210610)","Sophos Home Premium (20210610)","SpyHunter5 (20210610)","Tencent PC Manager (20210610)","Total AV Antivirus Pro (20210610)","VIPRE Advanced Security (20210610)","VirIT eXplorer PRO (20210610)","Webroot SecureAnywhere (20210610)","Windows Defender (20210610)"],"avAllowList":["Trend Micro Internet Security (20210610)"]},{"isRevoked":"False","fileName":"spkl.exe","fileVersion":"1.0","hashMD5":"97287bd1de2a0e3ed33174a7d7d7abcc","hashSHA1":"db43f0f6bf696ec7ee7449135e029e5ff2eec152","hashSHA256":"ce3f58a30425efdd46f0945c8b3c536a3503952cf36bebd8a35fc5a4ea63d214","digitalCertThumbprint":"B22DB1A99D7724ABD190FB489A83D9FAFB76D631","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Clever Security Software Ltd, OU=Security, O=Clever Security Software Ltd, STREET=Chynoweth House, L=Blackwater, S=Truro, PostalCode=TR4 8UN, C=GB","sourceIndex":"2406","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"keylogger\"","reference":"","landingPage":"https://securespyrix.com","directDownloadingLink":"https://securespyrix.com/download/sfk/sfk_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://securespyrix.com/download/sfk/sfk_setup.exe","sourceIndex":"2406"}],"sampleFiles":["200624/SpyrixFreeKeylogger-200624/11.5.21/Samples/sfk_setup.exe","200624/SpyrixFreeKeylogger-200624/11.5.21/Samples/spkl.exe"],"imageFiles":["200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-084/Spyrix Free Keylogger_Interaction [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-086/Spyrix Free Keylogger_Interaction [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-097/Spyrix Free Keylogger_DownloadPage [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-097/Spyrix Free Keylogger_DownloadPage [2].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-097/Spyrix Free Keylogger_DownloadPage [3].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-048/Spyrix Free Keylogger_Interaction [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-007/Spyrix Free Keylogger_Interaction [1].png"],"nonDeceptorImageFiles":["200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-040/Spyrix Free Keylogger_Files [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-040/Spyrix Free Keylogger_Files [2].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-065/Spyrix Free Keylogger_Install [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-065/Spyrix Free Keylogger_Install [2].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-082/Spyrix Free Keylogger_Page [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-065/Spyrix Free Keylogger_About [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-099/Spyrix Free Keylogger_About [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-167/Spyrix Free Keylogger_Refund [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-065/Spyrix Free Keylogger_LandingPage [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-099/Spyrix Free Keylogger_LandingPage [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-161/Spyrix Free Keylogger_Testimonials [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-065/Spyrix Free Keylogger_OfferPage [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-065/Spyrix Free Keylogger_OfferPage [2].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-099/Spyrix Free Keylogger_OfferPage [1].png","200624/SpyrixFreeKeylogger-200624/11.5.21/Images/ACR-099/Spyrix Free Keylogger_OfferPage [2].png"],"guid":"50d10902-f455-4d5b-9b68-1c018cb826bd_11.5.21_1","appID":"SpyrixFreeKeylogger-200624","dateAdded":"230523","deceptorType":"App","name":"Spyrix Free Keylogger ","company":"Spyrix Software","version":"11.5.21","sigName":"Deceptor:Win32/SpyrixKeyloggerStalkerware!084086097048007","lastKnownStatus":"11.5.21;11.5.31;11.5.32;11.5.41;11.6.10","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":977},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user \n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'\n","ACR-092":"The app does not provide a digital signature for the executables.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PGWARE\\GameGain\\GameGain1.exe","companyName":"","productName":"GameGain","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"12bcb490db478398f545d1f31aefcc5b","hashSHA1":"24433442bef9b0d661002fecb73eec70c7f293ba","hashSHA256":"e13dd987a5ea11cc8518762526d1c8b17a7a525894e8bc9f9d27224d5ec0f087","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1086","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"gamegain.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"GameGain                                                    ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"59b0c893e3f0128c5eda4125fec8b007","hashSHA1":"c321aec2a11ec55ca05398dc115111ad577a5bd0","hashSHA256":"4afc4acf0f44b8db9c0eee76dde110e4f48b91c9eacb75fd710f06d9b47eb382","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1086","avBlockList":["Avast Premium Security (20230523)","AVG Internet Security (20230523)","Avira Internet Security (20230523)","Bitdefender Internet Security (20230523)","ESET Internet Security (20230523)","G DATA INTERNET SECURITY (20230523)","K7 Total Security (20230523)","Kaspersky Internet Security (20230523)","Malwarebytes Premium (20230523)","McAfee Total Protection (20230523)","Norton Security (20230523)","Panda Dome (20230523)","Quick Heal Internet Security (20230523)","Sophos Home Premium (20230523)","SpyHunter5 (20230523)","Total AV Antivirus Pro (20230523)","VIPRE Advanced Security (20230523)","VirIT eXplorer PRO (20230523)","Webroot SecureAnywhere (20230523)","Windows Defender (20230523)"],"avAllowList":["360 Total Security (20230523)","COMODO Antivirus (20230523)","Dr.Web Security Space (20230523)","Trend Micro Internet Security (20230523)"]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of PGWARE apps","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/gamegain.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/gamegain.exe","sourceIndex":"1086"}],"sampleFiles":["230523/GameGain-211209/4.3.7.2022/Samples/gamegain.exe"],"imageFiles":["230523/GameGain-211209/4.3.7.2022/Images/ACR-109/ACR-109.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-043/ACR-043.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-042/ACR-042.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-048/ACR-048.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-007/ACR-007.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-010/ACR-010.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-118/ACR-118.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-118/ACR-118_1.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-057/ACR-057.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-059/ACR-059.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-071/ACR-071.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-155/ACR-155.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-013/ACR-013.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230523/GameGain-211209/4.3.7.2022/Images/ACR-045/ACR-045.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-106/ACR-106.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-092/ACR-092.JPG","230523/GameGain-211209/4.3.7.2022/Images/ACR-123/ACR-123.JPG"],"guid":"884b503c-ef30-4965-8d0d-736909bbb798_4.3.7.2022_1","appID":"GameGain-211209","dateAdded":"230523","deceptorType":"Bundler","name":"GameGain","company":"PGWARE LLC","version":"4.3.7.2022","lastKnownStatus":"4.8.23.2021;4.3.7.2022","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-04T14:37:40.1796614+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":978},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without disclosing it to the user and user's decision.\n","ACR-059":" The Offer is not clearly marked as an offer. who is recommending the offer is not clear. \n","ACR-155":"Offer is designed to look like part of the install workflow \n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy \nThe landing page does not display links to the Returns and Cancellation Policy. \nThe internal offer page does not display links to the Privacy Policy. \n","ACR-106":" App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details \n","ACR-092":"The app does not provide a digital signature for the executables.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app \n The application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":" The landing page does not display links to a Returns and Cancellations Policy. \n"},"samples":[{"isRevoked":"False","fileName":"gamegain installer.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"GameGain","productVersion":"4.8.23.2021","fileVersion":"1.0","hashMD5":"438305ca089d90f1a781d2e657551c12","hashSHA1":"e8ebc2e856a77c0983568155728d22bbc1a95824","hashSHA256":"4d64a799d74958186824cf311c0ab1ccb4d7e1d2c51a3a182f4da87cfca63ee9","sourceIndex":"1768","avBlockList":["Avast Premium Security (20211221)","AVG Internet Security (20211221)","Avira Internet Security (20211221)","Bitdefender Internet Security (20211221)","COMODO Antivirus (20211221)","ESET Internet Security (20211221)","G DATA INTERNET SECURITY (20211221)","K7 Total Security (20211221)","Kaspersky Internet Security (20211221)","Malwarebytes Premium (20211221)","McAfee Total Protection (20211221)","Norton Security (20211221)","Panda Dome (20211221)","Quick Heal Internet Security (20211221)","Sophos Home Premium (20211221)","SpyHunter5 (20211221)","Tencent PC Manager (20211221)","Total AV Antivirus Pro (20211221)","VIPRE Advanced Security (20211221)","VirIT eXplorer PRO (20211221)","Webroot SecureAnywhere (20211221)","Windows Defender (20211221)"],"avAllowList":["360 Total Security (20211221)","Dr.Web Security Space (20211221)","Trend Micro Internet Security (20211221)"]},{"isRevoked":"False","fileName":"GameGain.exe","companyName":"PGWARE LLC      ","productName":"GameGain","productVersion":"4.8.23.2021","fileVersion":"1.0","hashMD5":"60828328ef2b1b5adb3c0fd148fdf9a9","hashSHA1":"8cc8d44375d9bfa3e09c2801a74bda93fcf7c535","hashSHA256":"eda3ff01611e729290a028e68f84fcc18608c27d980c64a802e4be1a8d033a1f","sourceIndex":"1768","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of PGWARE apps","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/gamegain.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/gamegain.exe","sourceIndex":"1768"}],"sampleFiles":["211209/GameGain-211209/4.8.23.2021/Samples/gamegain installer.exe","211209/GameGain-211209/4.8.23.2021/Samples/GameGain.exe"],"imageFiles":["211209/GameGain-211209/4.8.23.2021/Images/ACR-109/Rk Files and Install.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-059/Relevant Knowledge.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-155/Relevant Knowledge.png"],"nonDeceptorImageFiles":["211209/GameGain-211209/4.8.23.2021/Images/ACR-065/GameGain Install EULA.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-065/GameGain About.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-065/PGWare Landing Page.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-065/GameGain Offer Page.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-106/Relevant Knowledge.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-092/Gamegain File Properties.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-092/GameGain Installer File Properties.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-099/GameGain About.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-099/PGWare Landing Page.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-099/GameGain Offer Page.png","211209/GameGain-211209/4.8.23.2021/Images/ACR-167/PGWare Landing Page.png"],"guid":"884b503c-ef30-4965-8d0d-736909bbb798_4.8.23.2021_1","appID":"GameGain-211209","dateAdded":"230523","deceptorType":"Bundler","name":"GameGain","company":"PGWARE LLC","version":"4.8.23.2021","sigName":"Deceptor:Win32/GameGain!109059155","lastKnownStatus":"4.8.23.2021;4.3.7.2022","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":979},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN', 'Tom VPN', and 'QT5'  are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN', 'Tom VPN' and, 'QT5'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app drops all the components inside the \"Appdata\\Temp\\Local\" and \"Program Files (x86)\" path and installs Aman VPN. \nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks after uninstallation and reboot.\n","ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Page.\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing page, even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.3.7.0519","fileVersion":"2.3.7.0519","hashMD5":"2ea49798003b55872dd3b750976bc518","hashSHA1":"61fe2d285502c52821273c0c76798d729eb7d509","hashSHA256":"de9ab49126c2bfc07f99571b5516c11e687496bbf960fe79468f2f7e4cd43502","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1085","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.3.7.0519","fileVersion":"2.3.7.0519","hashMD5":"3c6ddd68e6a42ccadb1866ee5285b390","hashSHA1":"1b43af6b56b7bd249859d0b8ff35f51dc6cf88a2","hashSHA256":"9543f61391f4ae6cc8a45b03ae4a03f1f109e8df29d89a1d2a60f61783019bb3","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1085","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.3.7.05201736.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.3.7.0520","fileVersion":"2.3.7.0520","hashMD5":"56035ccde880a778c5e23d4c1d166918","hashSHA1":"3f97d112ab8ccd7113d2a457c76b9d77f8032601","hashSHA256":"5f7baa76a20a563fcaaba5a854d65b17fcd7ee40ae9e6647e47037c6d81c18cc","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1085","avBlockList":["360 Total Security (20230725)","Avast Premium Security (20230725)","AVG Internet Security (20230725)","Avira Internet Security (20230725)","COMODO Antivirus (20230725)","ESET Internet Security (20230725)","G DATA INTERNET SECURITY (20230725)","K7 Total Security (20230725)","Kaspersky Internet Security (20230725)","Malwarebytes Premium (20230725)","Norton Security (20230725)","Panda Dome (20230725)","Quick Heal Internet Security (20230725)","Sophos Home Premium (20230725)","SpyHunter5 (20230725)","Total AV Antivirus Pro (20230725)","VirIT eXplorer PRO (20230725)","Webroot SecureAnywhere (20230725)"],"avAllowList":["Bitdefender Internet Security (20230725)","Dr.Web Security Space (20230725)","McAfee Total Protection (20230725)","Trend Micro Internet Security (20230725)","VIPRE Advanced Security (20230725)","Windows Defender (20230725)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://down.amanvpn.net/202305/237/Aman_2.3.7.05201736.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.amanvpn.net/202305/237/Aman_2.3.7.05201736.exe","sourceIndex":"1085"}],"sampleFiles":["230523/AmanVPN-220318/2.3.7.0519/Samples/Aman_2.3.7.05201736.exe"],"imageFiles":["230523/AmanVPN-220318/2.3.7.0519/Images/ACR-043/ACR-043.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-043/ACR-043_1.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-043/ACR-043_2.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-043/ACR-043_3.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-043/ACR-043_4.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-107/ACR-107.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-107/ACR-107_1.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-107/ACR-107_2.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-042/ACR-042.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-042/ACR-042_1.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-048/ACR-048_Install.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-048/ACR-048_Install_1.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-048/ACR-048_Install_2.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-048/ACR-048_Install_3.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-084/ACR-084.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-048/ACR-048.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-048/ACR-048_1.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230523/AmanVPN-220318/2.3.7.0519/Images/ACR-123/ACR-123.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-014/ACR-014.JPG","230523/AmanVPN-220318/2.3.7.0519/Images/ACR-018/ACR-018.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_2.3.7.0519_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"2.3.7.0519","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-24T01:47:42.7335434+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":980},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app drops all the components inside the \"Appdata\\Temp\\Local\" and \"Program Files (x86)\" path and installs Aman VPN. \nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Page.\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing page, even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.3.6.1116","fileVersion":"2.3.6.1116","hashMD5":"402fb43fc4e9941a1e1f21e5ac04f0ed","hashSHA1":"a639cca02cfd4f3eebf0ec1a233258414f67db49","hashSHA256":"3196e6b9166b3f5f7a3b6813fbcc7ad7dc5b979028f1858c80b69a609495c894","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1286","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Windows\\AmanUpdateLogLT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"bc414a73a6c6bed20cd8f5401f727864","hashSHA1":"c48280ecf86e9efee93a16246ab63bd11c5a285b","hashSHA256":"42af09409243b546315d8d51035c3b364ea7a92c416c66ada842796905c71ea4","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1286","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Windows\\AmanOnlineWT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ed4ac1dadf95ba62b89322ba351bdc13","hashSHA1":"6a32f509705326f7e14b49ff44f6f7e30b3b87b5","hashSHA256":"991af8735e8b4be3018277bdacb1241a46f4b6032d76a2f97b551b96b87da43b","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1286","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.3.6.1116_1440.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.3.6.1116","fileVersion":"2.3.6.1116","hashMD5":"b17a2ca04543a47f2796220161a78dc5","hashSHA1":"b1a894b04dba755c360ba9bdb620e06010ef5aad","hashSHA256":"405e0e565d046bebaf70a4b4fd45a553500eb622d5579c5f71a73b81fdaca777","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1286","avBlockList":["360 Total Security (20230413)","Avast Premium Security (20230413)","AVG Internet Security (20230413)","Avira Internet Security (20230413)","Bitdefender Internet Security (20230413)","COMODO Antivirus (20230413)","ESET Internet Security (20230413)","G DATA INTERNET SECURITY (20230413)","Kaspersky Internet Security (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Quick Heal Internet Security (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","Trend Micro Internet Security (20230413)","VIPRE Advanced Security (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)"],"avAllowList":["Dr.Web Security Space (20230413)","K7 Total Security (20230413)","Windows Defender (20230413)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","sourceIndex":"1286"}],"sampleFiles":["221129/AmanVPN-220318/2.3.6.1116/Samples/Aman_2.3.6.1116_1440.exe"],"imageFiles":["221129/AmanVPN-220318/2.3.6.1116/Images/ACR-043/ACR-043.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-043/ACR-043_1.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-043/ACR-043_2.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-043/ACR-043_3.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-107/ACR-107_1.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-107/ACR-107_2.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-042/ACR-042.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-042/ACR-042_1.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-042/ACR-042_3.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-048/ACR-048_Install.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-048/ACR-048_1.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-048/ACR-048_2.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-048/ACR-048_3.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-084/ACR-084.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-084/ACR-084_1.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-048/ACR-048.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-048/ACR-048_1.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221129/AmanVPN-220318/2.3.6.1116/Images/ACR-014/ACR-014.JPG","221129/AmanVPN-220318/2.3.6.1116/Images/ACR-018/ACR-018.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_2.3.6.1116_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"2.3.6.1116","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":981},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app only removes the components inside the \"Appdata\\Temp\\Local\" folder but retains all the components inside the \"Program Files (x86)\" path and installs Aman VPN. Thus app does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages (https://www.amanvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.1.4","fileVersion":"0.2.1.4","hashMD5":"4818aec91eb981d34f726a1ba6801196","hashSHA1":"72ef5a74b4a4e05deef97aeabdd0bafead92edd4","hashSHA256":"b26c3460e1b7764a28b9aa1a1140edb56c686f6c626dc30a065e94c9a0f1342a","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1643","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Install.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.1.4","fileVersion":"0.2.1.4","hashMD5":"7aa7cd6f1a3ad7bb61105a3bf1067e63","hashSHA1":"3a89b8d74d095b12b661cfb0d20bd05919a9625b","hashSHA256":"37fb9b4bdbd094083d4053f5ab5649acfa0d1c2f49a3ffa906c27feab1e9fe11","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1643","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.1.4","fileVersion":"0.2.1.4","hashMD5":"c8e337632b3d6281c7c16555c5bd70df","hashSHA1":"f7f028dec7e1322482ec460fe86fb5e733c9d450","hashSHA256":"98d75877674c0ef0188fa18b172775de29325f962cb0b157c1382284a2dc1af0","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1643","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Update.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.1.4","fileVersion":"0.2.1.4","hashMD5":"3e8b1ed79a9391fb38a40961894c9a30","hashSHA1":"64670ad03179757dcfde3b391777f8332926291e","hashSHA256":"d37ee9aabe7037c6d1fc04b01bb56e8072402884f34c5ccadc913d673aca9b6b","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1643","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.1.4_04121209.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"0.2.1.4","fileVersion":"0.2.1.4","hashMD5":"f0cbd19370d694e3fd67f34603aecb9a","hashSHA1":"8a05a82a22a2fdff8d71998fc1f5636e6ebb7bc9","hashSHA256":"2331f8cb55671736cc7fcd8d2524ce471a86e7c6cc51c2d66a367355bb8ad4e6","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1643","avBlockList":["360 Total Security (20220503)","Avira Internet Security (20220503)","Bitdefender Internet Security (20220503)","ESET Internet Security (20220503)","G DATA INTERNET SECURITY (20220503)","K7 Total Security (20220503)","McAfee Total Protection (20220503)","Norton Security (20220503)","Panda Dome (20220503)","Quick Heal Internet Security (20220503)","Sophos Home Premium (20220503)","SpyHunter5 (20220503)","Total AV Antivirus Pro (20220503)","Trend Micro Internet Security (20220503)","VIPRE Advanced Security (20220503)","VirIT eXplorer PRO (20220503)","Webroot SecureAnywhere (20220503)","Windows Defender (20220503)"],"avAllowList":["Avast Premium Security (20220503)","AVG Internet Security (20220503)","COMODO Antivirus (20220503)","Dr.Web Security Space (20220503)","Kaspersky Internet Security (20220503)","Malwarebytes Premium (20220503)","Tencent PC Manager (20220503)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://down.amanvpn.net/2022/04/Aman_2.1.4_04121209.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.amanvpn.net/2022/04/Aman_2.1.4_04121209.exe","sourceIndex":"1643"}],"sampleFiles":["220421/AmanVPN-220318/0.2.1.4/Samples/Aman_2.1.4_04121209.exe"],"imageFiles":["220421/AmanVPN-220318/0.2.1.4/Images/ACR-043/ACR-043_Install_Drops_Immediately.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-043/ACR-043_Install_Drops_Immediately_1.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-043/ACR-043_Install_Drops_TOMVPN.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-107/ACR-107_Install_Drops_TOMVPN.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-042/ACR-042_Install_Drops_All_Files.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-042/ACR-042_Install_Drops_All_Files_1.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-048/ACR-048_Install_1.mp4","220421/AmanVPN-220318/0.2.1.4/Images/ACR-084/ACR-084_1.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-084/ACR-084_2.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-048/ACR-048_1.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-048/ACR-048_2.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-048/ACR-048_3.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-118/ACR-118_Uninstal_Retains_Files.JPG"],"nonDeceptorImageFiles":["220421/AmanVPN-220318/0.2.1.4/Images/ACR-123/ACR-123_Uninstall_Retains_Task.JPG","220421/AmanVPN-220318/0.2.1.4/Images/ACR-014/ACR-014_LandingPage_Misleading_Words.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_0.2.1.4_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"0.2.1.4","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":988},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app drops all the components inside the \"Appdata\\Temp\\Local\" and \"Program Files (x86)\" path and installs Aman VPN. Thus app does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and reboot.\n","ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://z.amanvpn.com/learn/what-is-vpn.html).\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages (https://z.amanvpn.com/Fastest-VPN.html?gclid=EAIaIQobChMI2pWjve2p-AIVERitBh20QQroEAAYASABEgKXLPD_BwE), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.2.8.0612","fileVersion":"2.2.8.0612","hashMD5":"77e549af652c863731ebd6012e595900","hashSHA1":"23a29b6405638e79265558db1e003931351fdc8e","hashSHA256":"ea7e3b92f2df73fac9c6c30beb80e2f22e436415ddb65dc7c1551db0557e7b0f","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1556","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanOnlineWT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ed4ac1dadf95ba62b89322ba351bdc13","hashSHA1":"6a32f509705326f7e14b49ff44f6f7e30b3b87b5","hashSHA256":"991af8735e8b4be3018277bdacb1241a46f4b6032d76a2f97b551b96b87da43b","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1556","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanUpdateLogLT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"40f43bdec44d60aa6f1663ffd26f3adc","hashSHA1":"669cb964a9732450360342cbb3d6fcc48d8fb40c","hashSHA256":"39af07d794164827f491ae248a5a8938aa198910dcad0a2dc6d5bdf45c9a2dc4","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1556","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\run\\amanProxy.exe","companyName":" ","productName":" ","productVersion":"1.1.1","fileVersion":"1.1.1","hashMD5":"80f0297c285d9731e9d7a797b6e67315","hashSHA1":"5471175f92efbdc60061ed488f729461bb2f977c","hashSHA256":"13afd3ef39b035ee0c011bd21f1a2eba947279533374048bcc2ea9bfabc1d20d","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1556","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.2.8.0612","fileVersion":"2.2.8.0612","hashMD5":"207e3ca75a76c342256cefd6d90b9f21","hashSHA1":"d86f6082ba8abb80f0731c8c03f8402d3cfaf4a0","hashSHA256":"d582a51df49c4706dd67b5e2ce72d01aa114edc198198c21652eb068b1a61340","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1556","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.2.8_oem_10015.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.2.8.0612","fileVersion":"2.2.8.0612","hashMD5":"dfa2bd7028aa1ea2e4e6c35b15a12c2f","hashSHA1":"85d6dbe0adf4be13d9af8cfc47d84d6ee0c1fc80","hashSHA256":"3170d376c1e1223ce8127cd991752440ac5cce12f7b7e68fabdc9bcb959068c3","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1556","avBlockList":["360 Total Security (20221004)","Avast Premium Security (20221004)","AVG Internet Security (20221004)","Avira Internet Security (20221004)","Bitdefender Internet Security (20221004)","COMODO Antivirus (20221004)","Dr.Web Security Space (20221004)","ESET Internet Security (20221004)","G DATA INTERNET SECURITY (20221004)","K7 Total Security (20221004)","Kaspersky Internet Security (20221004)","Malwarebytes Premium (20221004)","McAfee Total Protection (20221004)","Norton Security (20221004)","Panda Dome (20221004)","Quick Heal Internet Security (20221004)","Sophos Home Premium (20221004)","SpyHunter5 (20221004)","Total AV Antivirus Pro (20221004)","VIPRE Advanced Security (20221004)","VirIT eXplorer PRO (20221004)","Webroot SecureAnywhere (20221004)"],"avAllowList":["Trend Micro Internet Security (20221004)","Windows Defender (20221004)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://amanvpn.com/unit4.html?utm-source=ggyd-pm&utm-keyword=?ggyd0061&gclid=EAIaIQobChMIpLj0mtCp-AIVlX4rCh00ZwLFEAAYASAAEgLJ2vD_BwE","directDownloadingLink":"https://down.amanvpn.net/202206/228/Aman_2.2.8_oem_10015.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.amanvpn.net/202206/228/Aman_2.2.8_oem_10015.exe","sourceIndex":"1556"}],"sampleFiles":["220614/AmanVPN-220318/2.2.8.0612/Samples/Aman_2.2.8_oem_10015.exe"],"imageFiles":["220614/AmanVPN-220318/2.2.8.0612/Images/ACR-043/ACR-043_Install_Drops_Immediately.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-043/ACR-043_Install_Drops_Immediately_1.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-043/ACR-043_Install_Drops_TomVPN.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-107/ACR-107_Install_Drops_TomVPN.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-042/ACR-042_Install_Drops_All_Files.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-042/ACR-042_Install_Drops_All_Files_1.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-048/ACR-048_Install_1.mp4","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-084/ACR-084_1.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-048/ACR-048_1.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-048/ACR-048_2.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-118/ACR-118_1.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-118/ACR-118_2.JPG"],"nonDeceptorImageFiles":["220614/AmanVPN-220318/2.2.8.0612/Images/ACR-123/ACR-123_1.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-014/ACR-014_1.JPG","220614/AmanVPN-220318/2.2.8.0612/Images/ACR-018/ACR-018_1.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_2.2.8.0612_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"2.2.8.0612","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":983},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app all the components inside the \"Appdata\\Temp\\Local\" and \"Program Files (x86)\" path and installs Aman VPN. Thus app does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and reboot.\n","ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.amanvpn.com/learn/what-is-vpn.html).\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages (https://www.amanvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.2.2.0527","fileVersion":"2.2.2.0527","hashMD5":"499d42f6ad95d61d67832012fd048bec","hashSHA1":"c9e753bf7817cc623e9a2943d112f59462817d70","hashSHA256":"b5b286cfbc526e42da60b8cbc97ab4dc7567bd87e482948d7001033106aaf703","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1578","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanOnlineWT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ed4ac1dadf95ba62b89322ba351bdc13","hashSHA1":"6a32f509705326f7e14b49ff44f6f7e30b3b87b5","hashSHA256":"991af8735e8b4be3018277bdacb1241a46f4b6032d76a2f97b551b96b87da43b","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1578","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanUpdateLogLT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"855e6c3248a69389dedb0a64800afa87","hashSHA1":"18800dd490b8ec32b619d30f482d7b1c02a7946a","hashSHA256":"2c7351ccf9972cd035fcfb4bbf5babb8bdcdf4e5088bb2326cb540f8688dcb79","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1578","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.2.2.0527","fileVersion":"2.2.2.0527","hashMD5":"d5494ea86bb5ea11ee271202c31326e1","hashSHA1":"116e470e6a406c4b162c8661135be95dff719c4a","hashSHA256":"fdb5b52ea87a05a1ef5febf650ae5873fbdbe1755c7550f12fe6ff5f5ed6c23c","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1578","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\run\\amanProxy.exe","companyName":" ","productName":" ","productVersion":"1.1.1","fileVersion":"1.1.1","hashMD5":"80f0297c285d9731e9d7a797b6e67315","hashSHA1":"5471175f92efbdc60061ed488f729461bb2f977c","hashSHA256":"13afd3ef39b035ee0c011bd21f1a2eba947279533374048bcc2ea9bfabc1d20d","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1578","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.2.2.0527_1254.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.2.2.0527","fileVersion":"2.2.2.0527","hashMD5":"c0472e7e1b473f7239f7891abadc9559","hashSHA1":"061e223a6191eaa3bef65e7d91725c75814f0e10","hashSHA256":"1f7bf0568a1504ed4fdf3b4d7c10c7b07a38a88a2dcac1d17ce4cdf3d154c8e8","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1578","avBlockList":["360 Total Security (20230124)","Avast Premium Security (20230124)","AVG Internet Security (20230124)","Avira Internet Security (20230124)","Bitdefender Internet Security (20230124)","COMODO Antivirus (20230124)","Dr.Web Security Space (20230124)","ESET Internet Security (20230124)","G DATA INTERNET SECURITY (20230124)","K7 Total Security (20230124)","Kaspersky Internet Security (20230124)","Malwarebytes Premium (20230124)","McAfee Total Protection (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Quick Heal Internet Security (20230124)","Sophos Home Premium (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VIPRE Advanced Security (20230124)","VirIT eXplorer PRO (20230124)","Webroot SecureAnywhere (20230124)"],"avAllowList":["Trend Micro Internet Security (20230124)","Windows Defender (20230124)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://down.amanvpn.net/202205/222/Aman_2.2.2.0527_1254.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.amanvpn.net/202205/222/Aman_2.2.2.0527_1254.exe","sourceIndex":"1578"}],"sampleFiles":["220601/AmanVPN-220318/2.2.2.0527/Samples/Aman_2.2.2.0527_1254.exe"],"imageFiles":["220601/AmanVPN-220318/2.2.2.0527/Images/ACR-043/ACR-043_Install.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-043/ACR-043_Install_1.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-043/ACR-043_Install_2.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-107/ACR-107_Install.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-107/ACR-107_Install_1.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-042/ACR-042_Install.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-048/ACR-048_Install.mp4","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-084/ACR-084_Software.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-048/ACR-048_Software.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-048/ACR-048_Software_1.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-118/ACR-118_Uninstall.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":["220601/AmanVPN-220318/2.2.2.0527/Images/ACR-123/ACR-123_Uninstall.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-014/ACR-014_Landingpage.JPG","220601/AmanVPN-220318/2.2.2.0527/Images/ACR-018/ACR-018.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_2.2.2.0527_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"2.2.2.0527","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":984},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app all the components inside the \"Appdata\\Temp\\Local\" and \"Program Files (x86)\" path and installs Aman VPN. Thus app does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.amanvpn.com/learn/what-is-vpn.html).\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages (https://www.amanvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.2.1.0526","fileVersion":"2.2.1.0526","hashMD5":"d424212ff5dab585c728047f5a89e8fd","hashSHA1":"63d250a384d0db5d6d33a69d3216eadb5f4e1f1c","hashSHA256":"c15e8531625b3da9dfdca8b9b0dc816e18a403d04327fcd130e5c8fab8587459","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1585","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanOnlineWT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ed4ac1dadf95ba62b89322ba351bdc13","hashSHA1":"6a32f509705326f7e14b49ff44f6f7e30b3b87b5","hashSHA256":"991af8735e8b4be3018277bdacb1241a46f4b6032d76a2f97b551b96b87da43b","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1585","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanUpdateLogLT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"855e6c3248a69389dedb0a64800afa87","hashSHA1":"18800dd490b8ec32b619d30f482d7b1c02a7946a","hashSHA256":"2c7351ccf9972cd035fcfb4bbf5babb8bdcdf4e5088bb2326cb540f8688dcb79","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1585","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.2.1.0526","fileVersion":"2.2.1.0526","hashMD5":"ae37072ed04bf3801130cbafda3f327f","hashSHA1":"18505f679f5d7d329064c3ab67e889b52feb746b","hashSHA256":"2cea18b6c0f522a9eca2ca3624d70049817de819097ae92448a5187799a49c9f","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1585","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\run\\amanProxy.exe","companyName":" ","productName":" ","productVersion":"1.1.1","fileVersion":"1.1.1","hashMD5":"80f0297c285d9731e9d7a797b6e67315","hashSHA1":"5471175f92efbdc60061ed488f729461bb2f977c","hashSHA256":"13afd3ef39b035ee0c011bd21f1a2eba947279533374048bcc2ea9bfabc1d20d","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1585","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.2.1.0526_2205.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.2.1.0526","fileVersion":"2.2.1.0526","hashMD5":"59ce332873d5398973f9551ec98dc1df","hashSHA1":"a950bba14235f839f352e9929e8b7645a3286415","hashSHA256":"14180e2d85fcdb988c4d530753065589cebe4cc06b1e227ecfb9a1fc6e12a360","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1585","avBlockList":["360 Total Security (20221020)","Avast Premium Security (20221020)","AVG Internet Security (20221020)","Avira Internet Security (20221020)","Bitdefender Internet Security (20221020)","COMODO Antivirus (20221020)","Dr.Web Security Space (20221020)","ESET Internet Security (20221020)","G DATA INTERNET SECURITY (20221020)","K7 Total Security (20221020)","Kaspersky Internet Security (20221020)","Malwarebytes Premium (20221020)","McAfee Total Protection (20221020)","Norton Security (20221020)","Panda Dome (20221020)","Quick Heal Internet Security (20221020)","Sophos Home Premium (20221020)","SpyHunter5 (20221020)","Total AV Antivirus Pro (20221020)","VIPRE Advanced Security (20221020)","VirIT eXplorer PRO (20221020)","Webroot SecureAnywhere (20221020)"],"avAllowList":["Trend Micro Internet Security (20221020)","Windows Defender (20221020)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","sourceIndex":"1585"}],"sampleFiles":["220531/AmanVPN-220318/2.2.1.0526/Samples/Aman_2.2.1.0526_2205.exe"],"imageFiles":["220531/AmanVPN-220318/2.2.1.0526/Images/ACR-043/ACR-043_Install.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-043/ACR-043_Install_1.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-043/ACR-043_Install_2.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-107/ACR-107_Install.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-107/ACR-107_Install_1.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-042/ACR-042_Install.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-048/ACR-048_Install.mp4","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-084/ACR-084_Software.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-048/ACR-048_Software.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-048/ACR-048_Software_1.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-118/ACR-118_Uninstall.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":["220531/AmanVPN-220318/2.2.1.0526/Images/ACR-123/ACR-123_Uninstall.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-014/ACR-014_Landingpage.JPG","220531/AmanVPN-220318/2.2.1.0526/Images/ACR-018/ACR-018.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_2.2.1.0526_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"2.2.1.0526","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":985},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app all the components inside the \"Appdata\\Temp\\Local\" and \"Program Files (x86)\" path and installs Aman VPN. Thus app does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.amanvpn.com/learn/what-is-vpn.html).\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages (https://www.amanvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.1.9.0513","fileVersion":"2.1.9.0513","hashMD5":"2fc78a95a8ad5a8a6118ef528c446442","hashSHA1":"45bdf0dd974a38057704f50175b15abd87248c86","hashSHA256":"42ab56e37ce29b807c877d095707f7606beb60af6262afc20e32cb5d0d7c2313","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanOnlineWT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ed4ac1dadf95ba62b89322ba351bdc13","hashSHA1":"6a32f509705326f7e14b49ff44f6f7e30b3b87b5","hashSHA256":"991af8735e8b4be3018277bdacb1241a46f4b6032d76a2f97b551b96b87da43b","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\AmanUpdateLogLT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"60bef1ec460e8ee5dcb468117412bddb","hashSHA1":"3bb5f10f8ac6d5c038fad76637b3db3131fd9f03","hashSHA256":"adf73f491ad029b7395e7dcfe44a9673cf91a5c55d9efdf854990411c98a29d8","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"2.1.9.0513","fileVersion":"2.1.9.0513","hashMD5":"fb3de8084c506bb66ba5038524c470c6","hashSHA1":"bf2f6fe8afd9c4564550a428dd8732900c9d643a","hashSHA256":"397a7237fad8737b8c1bd6f72a5ed390abbfc11d7a8d2d2330e9a23332e4be17","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\run\\amanProxy.exe","companyName":" ","productName":" ","productVersion":"1.1.1","fileVersion":"1.1.1","hashMD5":"80f0297c285d9731e9d7a797b6e67315","hashSHA1":"5471175f92efbdc60061ed488f729461bb2f977c","hashSHA256":"13afd3ef39b035ee0c011bd21f1a2eba947279533374048bcc2ea9bfabc1d20d","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.1.9.0513_1309.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.1.9.0513","fileVersion":"2.1.9.0513","hashMD5":"3912a20728956ec2e9c83a104c341d42","hashSHA1":"fc677ca2b15d7583c9184533dfcf2495d2cf5fe6","hashSHA256":"d2effc3b9ba3be4400fc96f31865e0425c25c01b8c3f9d1072982c714bb61e46","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1610","avBlockList":["360 Total Security (20230105)","Avast Premium Security (20230105)","AVG Internet Security (20230105)","Avira Internet Security (20230105)","Bitdefender Internet Security (20230105)","COMODO Antivirus (20230105)","Dr.Web Security Space (20230105)","ESET Internet Security (20230105)","G DATA INTERNET SECURITY (20230105)","K7 Total Security (20230105)","Kaspersky Internet Security (20230105)","Malwarebytes Premium (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","Trend Micro Internet Security (20230105)","VIPRE Advanced Security (20230105)","VirIT eXplorer PRO (20230105)","Webroot SecureAnywhere (20230105)"],"avAllowList":["Windows Defender (20230105)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":" https://www.amanvpn.com/","directDownloadingLink":"https://down.amanvpn.net/202205/219/Aman_2.1.9.0513_1309.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.amanvpn.net/202205/219/Aman_2.1.9.0513_1309.exe","sourceIndex":"1610"}],"sampleFiles":["220516/AmanVPN-220318/2.1.9.0513/Samples/Aman_2.1.9.0513_1309.exe"],"imageFiles":["220516/AmanVPN-220318/2.1.9.0513/Images/ACR-043/ACR-043_Install_Drops_Immediately.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-043/ACR-043_Install_Drops_Immediately_1.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-043/ACR-043_Install_Drops_TOMVPN.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-107/ACR-107_Install_Drops_TOMVPN.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-042/ACR-042_Install_Drops_All_Files.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-042/ACR-042_Install_Drops_All_Files_1.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-048/ACR-048_Install_1.mp4","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-084/ACR-084.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-048/ACR-048.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-048/ACR-048_1.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-118/ACR-118_1.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-118/ACR-118_2.JPG"],"nonDeceptorImageFiles":["220516/AmanVPN-220318/2.1.9.0513/Images/ACR-123/ACR-123.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-014/ACR-014.JPG","220516/AmanVPN-220318/2.1.9.0513/Images/ACR-018/ACR-018.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_2.1.9.0513_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"2.1.9.0513","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":986},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"The app does not provide control to completely cancel the installation. When attempting to cancel the installation, the app drops all the components inside the \"Appdata\\Temp\\Local\" and \"Program Files (x86)\" path and installs Aman VPN. Thus app does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Page.\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing page, even though another VPN is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\Aman_2.3.5.0907_1237.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.3.5.0907","fileVersion":"2.3.5.0907","hashMD5":"8e91c8c37ea048ad45a27c172dd9471b","hashSHA1":"57d57da22e0ce818004b991ae67d53ef6eee96c2","hashSHA256":"f7038595d3c7cf44bb79d370835d13a7b4bf7aaad8154c9acd2437cb8b5bcd9e","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1410","avBlockList":["360 Total Security (20230905)","Avast Premium Security (20230905)","AVG Internet Security (20230905)","Avira Internet Security (20230905)","Bitdefender Internet Security (20230905)","COMODO Antivirus (20230905)","Dr.Web Security Space (20230905)","ESET Internet Security (20230905)","G DATA INTERNET SECURITY (20230905)","K7 Total Security (20230905)","Kaspersky Internet Security (20230905)","Malwarebytes Premium (20230905)","McAfee Total Protection (20230905)","Norton Security (20230905)","Panda Dome (20230905)","Quick Heal Internet Security (20230905)","Sophos Home Premium (20230905)","SpyHunter5 (20230905)","Total AV Antivirus Pro (20230905)","Trend Micro Internet Security (20230905)","VIPRE Advanced Security (20230905)","VirIT eXplorer PRO (20230905)","Webroot SecureAnywhere (20230905)"],"avAllowList":["Windows Defender (20230905)"]},{"isRevoked":"False","fileName":"Aman.exe","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"2.3.5.0907","fileVersion":"2.3.5.0907","hashMD5":"1d55ea95db53fbb8f5cd8455c994e587","hashSHA1":"8a7c71b69423955c2bf5e20c8e49176ced6f79a9","hashSHA256":"3953533218a81a321c425d045c5f63192cb0b25e12ff49ce6a104b09d189bf02","digitalCertThumbprint":"F5CC938058ABD6B0AA15F3C5FD77E88D691E6F6F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN MDT INFOTECH LIMITED","sourceIndex":"1410","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","sourceIndex":"1410"}],"sampleFiles":["220926/AmanVPN-220318/2.3.5.0907/Samples/Aman_2.3.5.0907_Setup.exe"],"imageFiles":["220926/AmanVPN-220318/2.3.5.0907/Images/ACR-043/ACR-043.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-043/ACR-043_1.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-043/ACR-043_2.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-043/ACR-043_3.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-107/ACR-107.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-107/ACR-107_1.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-042/ACR-042.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-042/ACR-042_1.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-048/ACR-048_Install.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-048/ACR-048_Install_1.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-048/ACR-048_Install_2.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-084/ACR-084_1.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-084/ACR-084.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-048/ACR-048_1.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-048/ACR-048_2.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-118/ACR-118_2.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["220926/AmanVPN-220318/2.3.5.0907/Images/ACR-014/ACR-014.JPG","220926/AmanVPN-220318/2.3.5.0907/Images/ACR-018/ACR-018_1.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_2.3.5.0907_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"2.3.5.0907","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":982},{"violations":{"ACR-042":"1. On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n2. Application silently installs the app \"Wallpaper\" without any disclosure to the user.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n3. Application silently installs the app \"Wallpaper\" without any disclosure to the user.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"App does not provide control to completely cancel the installation. When attempting to cancel the installation, the app only removes the components inside the \"Appdata\\Temp\\Local\" folder but retains all the components inside the \"Program files\" path and installs Aman VPN. App does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user, Also the wallpaper app, which it installs requires a separate uninstall.\n","ACR-039":"Application silently installs the app \"Wallpaper\" without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages(https://amanvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.0.8","fileVersion":"0.2.0.8","hashMD5":"0a37a372baf1dc9a2dc87c19b3fbc90f","hashSHA1":"66d4acf8ab875d7b65b906a1fbda59824bc4208f","hashSHA256":"fa4b0b82c6d2835beae8f47200f36e4f56f04b0be2f4cfc46621a8c788039ca6","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1666","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Install.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.0.8","fileVersion":"0.2.0.8","hashMD5":"97f090b604e9453727f0589ab540f8b2","hashSHA1":"d792a59d9b56116117ad52a596154706e8f0d338","hashSHA256":"fec4b659023748f9c945d6e109350bf88afec08e7adc9b375915d174c2bbfff1","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1666","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.0.8","fileVersion":"0.2.0.8","hashMD5":"120b1df393c544065160398201f89ac6","hashSHA1":"e331f4df8eb3eaafbd8a0e04ac87f3c8a82f150e","hashSHA256":"a6f9f83dd8a1538cb01171a56d403602dcc140df7612d06bde4b08e88c2f41cd","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1666","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Update.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.0.8","fileVersion":"0.2.0.8","hashMD5":"7e4d6c0761cecbe4d90d407f868ce5a6","hashSHA1":"99cff8bb94d07f82c10eb2d37b307d328c9f21b6","hashSHA256":"0e146858eed68852f458e4fcb4dd47d2cb9dcbfa153f6a9c32fd21709f066244","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1666","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Windows\\LocalT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"2f492a2164146f377449632759262fee","hashSHA1":"0b1fa084595b607b00475c3f9ce0c2b63c683329","hashSHA256":"68835818609720bdc9b619f72990692a4c17d0214325905e7733c39204dd66cb","digitalCertThumbprint":"245BFA567014F7824D92FA3853A42B9CFC326ED6","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1666","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.0.8_03281652.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"0.2.0.8","fileVersion":"0.2.0.8","hashMD5":"0102316893905b3cfbbd0e7c7fbe34d2","hashSHA1":"b37f4912a24533c23f89865e06a90016b3de1b15","hashSHA256":"48b331a3437e8f43991016bcfbe0968894678f7a48d617c2b0ba6df042130897","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1666","avBlockList":["360 Total Security (20231012)","Avira Internet Security (20231012)","Bitdefender Internet Security (20231012)","Dr.Web Security Space (20231012)","ESET Internet Security (20231012)","G DATA INTERNET SECURITY (20231012)","K7 Total Security (20231012)","Kaspersky Internet Security (20231012)","Malwarebytes Premium (20231012)","McAfee Total Protection (20231012)","Norton Security (20231012)","Panda Dome (20231012)","Quick Heal Internet Security (20231012)","Sophos Home Premium (20231012)","SpyHunter5 (20231012)","Total AV Antivirus Pro (20231012)","Trend Micro Internet Security (20231012)","VIPRE Advanced Security (20231012)","VirIT eXplorer PRO (20231012)","Webroot SecureAnywhere (20231012)","Windows Defender (20231012)"],"avAllowList":["Avast Premium Security (20231012)","AVG Internet Security (20231012)","COMODO Antivirus (20231012)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","sourceIndex":"1666"}],"sampleFiles":["220330/AmanVPN-220318/0.2.0.8/Samples/Aman_2.0.8_03281652.exe"],"imageFiles":["220330/AmanVPN-220318/0.2.0.8/Images/ACR-039/ACR-039.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-043/ACR-043_Install_Drops_Immediately.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-043/ACR-043_1.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-043/ACR-043_2.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-043/ACR-043_3.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-043/ACR-043_4.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-107/ACR-107.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-107/ACR-107_1.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-042/ACR-042_Install_Drops_All_Files.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-042/ACR-042_1.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-042/ACR-042_2.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-048/ACR-048_Install_No_Control_To_Cancel.mp4","220330/AmanVPN-220318/0.2.0.8/Images/ACR-084/ACR-084.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-084/ACR-084_1.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-048/ACR-048.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-048/ACR-048_2.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["220330/AmanVPN-220318/0.2.0.8/Images/ACR-123/ACR-123.JPG","220330/AmanVPN-220318/0.2.0.8/Images/ACR-014/ACR-014.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_0.2.0.8_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"0.2.0.8","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":990},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Tom VPN', doesn't disclose relevant license information about using open source project \"Open VPN\" \n","ACR-048":"App does not provide control to completely cancel the installation. When attempting to cancel the installation, the app only removes the components inside the \"Appdata\\Temp\\Local\" folder but retains all the components inside the \"Program files\" path and installs Aman VPN. App does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification. The icon of Aman VPN in systray looks disabled and not easy to be noticed. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-014":"The app misleads by displaying status as \"Unprotected'\" on the landing pages(https://www.amanvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"Aman_2.0.7_03261535.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"0.2.0.7","fileVersion":"0.2.0.7","hashMD5":"7157004cc93f5fb7a803677642336ae3","hashSHA1":"6b1704ccacfc15c0526f846794c0665681cdac81","hashSHA256":"b8cb165f0d626a891424fe7655e4ba8fcd56d0a3250ff9cd847833dfc2659227","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1671","avBlockList":["360 Total Security (20220519)","Avira Internet Security (20220519)","Bitdefender Internet Security (20220519)","Dr.Web Security Space (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","Trend Micro Internet Security (20220519)","VIPRE Advanced Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["Avast Premium Security (20220519)","AVG Internet Security (20220519)","COMODO Antivirus (20220519)","Tencent PC Manager (20220519)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.0.7","fileVersion":"0.2.0.7","hashMD5":"f96c93b27330e406f23c5b3669d64eda","hashSHA1":"11ae76560512cec12c21e7548fb17c1c18b921db","hashSHA256":"6d829068a65eb9a2a078ce584a03ca8f8b77c11f7a832161fd709083d53b312d","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1671","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.0.7","fileVersion":"0.2.0.7","hashMD5":"63fbf610c0ac930b225dae6b083038a1","hashSHA1":"12a6f55baa0d70d291a674b0ce7f74504e4c312a","hashSHA256":"2945b1ce2f0fde04df03d62de09a01aa34b6c1899950120888f7549b11cb0bdb","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1671","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\LocalT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"acc9fe75bb271a839202bf273cfb6dec","hashSHA1":"7676681c837d4a53fbb02c45dcadf06ede7e422d","hashSHA256":"80c99d68d26b728faddf6f98890b4ec36cb0763f3824ee5f327ab1078d4e09bc","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1671","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\freeloop.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3878955d791d8ad71b61fa0cbf88085b","hashSHA1":"3ca39c105a50dcabdf690737b2454c2d96f17ec0","hashSHA256":"3a267a2f68fc74a367e04c3e90eeb67d162a9de4ebbbab46b115bc00d3080cd4","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1671","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\wt.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"989916732acd4bbbe60e6df8dc0c53a0","hashSHA1":"ec59a8196f49ebf07cc5fc1ea282e3f13834d164","hashSHA256":"c923f9447a59708ef8896941cb9ee9e0593b8bc14e04fd5df323c9e68367052e","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1671","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Install.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.0.7","fileVersion":"0.2.0.7","hashMD5":"9f8c0f44bec9642064de54653e7dce75","hashSHA1":"7c0829212ff21e2a3563bb94072f6e2cef674e6e","hashSHA256":"289a353b92c8584d69b06836cf3066b73296228e248a23f0c2bebfcb98299532","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1671","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","sourceIndex":"1671"}],"sampleFiles":["220328/AmanVPN-220318/0.2.0.7/Samples/Aman_2.0.7_03261535.exe"],"imageFiles":["220328/AmanVPN-220318/0.2.0.7/Images/ACR-043/ACR-043_Install_Drops_Immediately.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-043/ACR-043_Install_Drops_Immediately_1.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-043/ACR-043_Install_Drops_TOMVPN.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-107/ACR-107_Install_Drops_TOMVPN.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-042/ACR-042_Install_Drops_All_Files.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-042/ACR-042_Install_Drops_All_Files_1.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-048/ACR-048_Install_No_Control_To_Cancel.mp4","220328/AmanVPN-220318/0.2.0.7/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-084/ACR-084_Software_Background_Process_Exists_1.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-048/ACR-048_Software_No_Control.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG"],"nonDeceptorImageFiles":["220328/AmanVPN-220318/0.2.0.7/Images/ACR-123/ACR-123_Uninstall_Task_Retained.JPG","220328/AmanVPN-220318/0.2.0.7/Images/ACR-014/ACR-014_LandingPage_Misleading_Status.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_0.2.0.7_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"0.2.0.7","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":991},{"violations":{"ACR-042":"1. On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n2. Application silently installs the app \"Wallpaper\" without any disclosure to the user.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n3. Application silently installs the app \"Wallpaper\" without any disclosure to the user.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"App does not provide control to completely cancel the installation. When attempting to cancel the installation, the app only removes the components inside the \"Appdata\\Temp\\Local\" folder but retains all the components inside the \"Program files\" path and installs Aman VPN. App does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user, Also the wallpaper app, which it installs requires a separate uninstall.\n","ACR-039":"Application silently installs the app \"Wallpaper\" without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages(https://amanvpn.com/download/windows.html), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.1.1","fileVersion":"0.2.1.1","hashMD5":"fd24c708619a73f887c57101f586113e","hashSHA1":"0771b07094e43414440987593106e3d3505f0a1a","hashSHA256":"0bf8a892983757c37d3970d7b318f03cf55a788ae22fcc868ac8a008415585c3","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1653","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Install.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.1.1","fileVersion":"0.2.1.1","hashMD5":"54edc3bbdc7cc99085bca6d63bdf6f6f","hashSHA1":"8a01aa0c584b54ee852d25636f47c652074839ad","hashSHA256":"c3f3be49259b0945f1f873e295f77aef07847cf6a1181fda08288f6123a89c93","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1653","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\wallpaper\\LocalT.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"f065af613dce076c0ad8f48e2fc1de9b","hashSHA1":"f5384118368e100d4c873ae2ada5a8a151b8049f","hashSHA256":"f42b46e8413f3ac0867ded18217c7847c9010c9e2364634ccc6beb9b75388bf7","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1653","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\loadAman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.1.1","fileVersion":"0.2.1.1","hashMD5":"f66e816f08af20370d95e4e02465dd25","hashSHA1":"fe5096258f63c1ec2f37d7125ca8df3bee7b3334","hashSHA256":"cb4e184f89c68b4e834475a4f05d79c69f39d1f0c3eb56cc2e67804ed852eff4","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1653","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Update.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.1.1","fileVersion":"0.2.1.1","hashMD5":"3a771198070204c9bad749e087c57fe5","hashSHA1":"c3a1149c5b3939ae7f460c078ce53a8331bfc2c7","hashSHA256":"2a3a182553ec4d2d2edf7b438e05855edd7b3bf03da92b1f7a957772e252482a","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1653","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Aman_2.1.1_03311020.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"0.2.1.1","fileVersion":"0.2.1.1","hashMD5":"0ea795fc1b0c8d1a113776a1242c667f","hashSHA1":"689144979cfece08ef3dc0499bb740f7db960a15","hashSHA256":"5b96d196401564e9faee965ff31223c64fbb799f91df0ffa84f7e5c144c66221","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1653","avBlockList":["360 Total Security (20220421)","Avira Internet Security (20220421)","Bitdefender Internet Security (20220421)","Dr.Web Security Space (20220421)","ESET Internet Security (20220421)","G DATA INTERNET SECURITY (20220421)","K7 Total Security (20220421)","Kaspersky Internet Security (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","Panda Dome (20220421)","Quick Heal Internet Security (20220421)","Sophos Home Premium (20220421)","SpyHunter5 (20220421)","Total AV Antivirus Pro (20220421)","Trend Micro Internet Security (20220421)","VIPRE Advanced Security (20220421)","VirIT eXplorer PRO (20220421)","Webroot SecureAnywhere (20220421)","Windows Defender (20220421)"],"avAllowList":["Avast Premium Security (20220421)","AVG Internet Security (20220421)","COMODO Antivirus (20220421)","Malwarebytes Premium (20220421)","Tencent PC Manager (20220421)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://down.amanvpn.net/202203/Aman_2.1.1_03311020.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down.amanvpn.net/202203/Aman_2.1.1_03311020.exe","sourceIndex":"1653"}],"sampleFiles":["220406/AmanVPN-220318/0.2.1.1/Samples/Aman_2.1.1_03311020.exe"],"imageFiles":["220406/AmanVPN-220318/0.2.1.1/Images/ACR-039/ACR-039_Install_1.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-043/ACR-043_Install_Drops_Immediately.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-043/ACR-043_Install_Drops_Immediately_1.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-043/ACR-043_Install_Drops_TOMVPN.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-043/ACR-043.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-107/ACR-107_Install_Drops_TOMVPN.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-042/ACR-042_Install_Drops_All_Files.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-042/ACR-042_Install_Drops_All_Files_1.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-042/ACR-042_1.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-048/ACR-048.mp4","220406/AmanVPN-220318/0.2.1.1/Images/ACR-084/ACR-084.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-084/ACR-084_1.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-048/ACR-048_1.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-048/ACR-048_2.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-048/ACR-048_3.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-118/ACR-118_Uninstall_2.JPG"],"nonDeceptorImageFiles":["220406/AmanVPN-220318/0.2.1.1/Images/ACR-123/ACR-123.JPG","220406/AmanVPN-220318/0.2.1.1/Images/ACR-014/ACR-014.png"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_0.2.1.1_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"0.2.1.1","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":989},{"violations":{"ACR-042":"1. On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n2. Application silently installs the app \"Wallpaper\" without any disclosure to the user.\n","ACR-043":"1. All the components of AmanVPN get dropped in one click without asking the user's permission & disclosing its installation path.\n2. Third-party components 'Open VPN' and 'Tom VPN' are installed without any disclosure.\n3. Application silently installs the app \"Wallpaper\" without any disclosure to the user.\n\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Open VPN' and 'Tom VPN'.\n","ACR-048":"App does not provide control to completely cancel the installation. When attempting to cancel the installation, the app only removes the components inside the \"Appdata\\Temp\\Local\" folder but retains all the components inside the \"Program files\" path and installs Aman VPN. App does not provide control to completely cancel the installation.\nThe app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-039":"Application silently installs the app \"Wallpaper\" without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-014":"The app misleads by displaying status as \"Unprotected'\" on the landing pages(https://amanvpn.com/download/windows.html), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"Aman_2.0.4_03091557.exe","isInstaller":"True","companyName":"Hongkong Guangling NetWork Technology Co. Ltd.","productName":"Aman.exe","productVersion":"0.2.0.4","fileVersion":"0.2.0.4","hashMD5":"449a0806592efb665b7c73dfa21e6f18","hashSHA1":"b9c1d092a55a8fc189fdbfc0732702e60a87550e","hashSHA256":"fa1d9522c547b2b0d95b62cfb3d281c829c99395e4f6cedeb6eb07091bcb180d","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1678","avBlockList":["360 Total Security (20220405)","Avira Internet Security (20220405)","Bitdefender Internet Security (20220405)","Dr.Web Security Space (20220405)","G DATA INTERNET SECURITY (20220405)","K7 Total Security (20220405)","Kaspersky Internet Security (20220405)","McAfee Total Protection (20220405)","Norton Security (20220405)","Panda Dome (20220405)","Quick Heal Internet Security (20220405)","Sophos Home Premium (20220405)","SpyHunter5 (20220405)","Total AV Antivirus Pro (20220405)","Trend Micro Internet Security (20220405)","VIPRE Advanced Security (20220405)","VirIT eXplorer PRO (20220405)","Webroot SecureAnywhere (20220405)","Windows Defender (20220405)"],"avAllowList":["Avast Premium Security (20220405)","AVG Internet Security (20220405)","COMODO Antivirus (20220405)","ESET Internet Security (20220405)","Malwarebytes Premium (20220405)","Tencent PC Manager (20220405)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\aman\\Aman.exe","companyName":"Hongkong Guangling Mdt InfoTech Limited","productName":"Aman.exe","productVersion":"0.2.0.4","fileVersion":"0.2.0.4","hashMD5":"ad0116692fd4f41e0916b7b62db62f50","hashSHA1":"d7d848b94c70fcd0029a98c140f93474344ab89f","hashSHA256":"583cb331b0a3acc49eaae5212a4261bf911bbc07683a5c025bd3bc2f82004c4b","digitalCertThumbprint":"8BF5A3246422C425026C42EB6C23BA280886106E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"HONGKONG LINGYUN NETWORK MDT INFOTECH LIMITED","storeId":"","sourceIndex":"1678","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN","reference":"","landingPage":"https://amanvpn.com/download/windows.html","directDownloadingLink":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.amanvpn.com/202203/Aman_2.0.4_03091557.exe","sourceIndex":"1678"}],"sampleFiles":["220321/AmanVPN-220318/0.2.0.4/Samples/Aman_2.0.4_03091557.exe"],"imageFiles":["220321/AmanVPN-220318/0.2.0.4/Images/ACR-039/ACR-039_Install_1.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-043/ACR-043_Install_Drops_Immediately.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-043/ACR-043_Install_Drops_Immediately_1.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-043/ACR-043_Install_Drops_TOMVPN.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-043/ACR-043_Install_Drops_Third_Party.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-107/ACR-107_Install_Drops_TOMVPN.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-042/ACR-042_Install_Drops_All_Files.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-042/ACR-042_Install_Drops_All_Files_1.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-042/ACR-042_Install_Drops_Third_Party.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-048/ACR-048_Install_No_Control_To_Cancel.mp4","220321/AmanVPN-220318/0.2.0.4/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-048/ACR-048_Software_No_Control.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG"],"nonDeceptorImageFiles":["220321/AmanVPN-220318/0.2.0.4/Images/ACR-123/ACR-123_Uninstall_Retains_Task.JPG","220321/AmanVPN-220318/0.2.0.4/Images/ACR-014/ACR-014_LandingPage_Misleading_Status.JPG"],"guid":"b2a5387b-8950-41fa-b70a-946bb2c42a1b_0.2.0.4_1","appID":"AmanVPN-220318","dateAdded":"230523","deceptorType":"App","name":"Aman VPN","company":"Hongkong Guangling NetWork Technology Co., Ltd","version":"0.2.0.4","sigName":"Deceptor:Win32/AmanVPN!039043107042048084118","lastKnownStatus":"0.2.0.4;0.2.0.7;0.2.0.8;0.2.1.1;0.2.1.4;2.1.8.0428;2.1.9.0513;2.2.1.0526;2.2.2.0527;2.2.8.0612;2.3.5.0907;2.3.6.1116;2.3.7.0519","lastKnownDate":"230523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":13,"sortOrder":992},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without disclosing it to the user and user consent\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-092":"The app does not provide a digital signature for the executables.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PGWARE\\GameBoost\\GameBoost1.exe","companyName":"","productName":"GameBoost","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"7a87e028f724f008811606951b0f8056","hashSHA1":"65008aeb2e833330fc39f0cf68c68c30f1dd757b","hashSHA256":"0d12b1c292c6fa05fab229c326f335828a6be8e9166277c9b367c387e855be93","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1088","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"gameboost.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"GameBoost                                                   ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"b95d7f9ae10ad66c64ce07e0e4d4b202","hashSHA1":"1fa82a2dac1cadbcb98aef6d2bbfa503fc0b50a5","hashSHA256":"8d132b076910ac730c721eb18a7a31c5dad0ffd04d07957775a2a31032add1a9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1088","avBlockList":["Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["360 Total Security (20230601)","COMODO Antivirus (20230601)","Trend Micro Internet Security (20230601)"]}],"additionalFiles":[],"sources":[{"howFound":"PGWare Website","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/gameboost.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/gameboost.exe","sourceIndex":"1088"}],"sampleFiles":["230522/GameBoost-211210/4.3.7.2022/Samples/gameboost.exe"],"imageFiles":["230522/GameBoost-211210/4.3.7.2022/Images/ACR-109/ACR-109.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-043/ACR-043.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-042/ACR-042.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-048/ACR-048.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-007/ACR-007.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-010/ACR-010.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-118/ACR-118_1.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-118/ACR-118.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-057/ACR-057.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-059/ACR-059.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-071/ACR-071.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-155/ACR-155.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-013/ACR-013.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230522/GameBoost-211210/4.3.7.2022/Images/ACR-045/ACR-045.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-106/ACR-106.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-092/ACR-092.JPG","230522/GameBoost-211210/4.3.7.2022/Images/ACR-123/ACR-123.JPG"],"guid":"2de151fd-a4f4-4765-adf7-ebe83c3fd413_4.3.7.2022_1","appID":"GameBoost-211210","dateAdded":"230522","deceptorType":"Bundler","name":"GameBoost","company":"PGWARE LLC","version":"4.3.7.2022","lastKnownStatus":"3.8.23.2021;4.3.7.2022","lastKnownDate":"230522","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-04T14:37:40.2395748+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":995},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user \n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\nThe app does not provide control to close the app completely and remove the startup item which is created during installation\n","ACR-004":"The app uses a gauge with traffic light colors to raise an exaggerated sense of urgency, misleading user about system condition.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"1. On qutting the app, the application doesn't exit completely. Processes run in the background, hiding the fact that it is active from the consumer without any notification. 2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer \n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation \n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear \n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'\n","ACR-092":"The app does not provide a digital signature for the executables. \n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PGWARE\\SuperRam\\SuperRam.exe","companyName":"","productName":"SuperRam","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"f8347873d457ac6efd6e66fe4694efb7","hashSHA1":"f3ba8c6f709c5fb0337cd512e877aaf728ea33e0","hashSHA256":"797c5f3028b2fba538d65ccc7083a891847c7bce28e1478197f330636fb0818d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1087","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"superram.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"SuperRam                                                    ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"d618f3d383b15e47d442b9f94bf39a4b","hashSHA1":"cf85bad9f3219e53f8400007c91781ce21199240","hashSHA256":"31f711b3c9d2c35d359c276bff925e8cbd014cc4125145e780cbb2085243d13e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1087","avBlockList":["Avast Premium Security (20230905)","AVG Internet Security (20230905)","Avira Internet Security (20230905)","Bitdefender Internet Security (20230905)","Dr.Web Security Space (20230905)","ESET Internet Security (20230905)","G DATA INTERNET SECURITY (20230905)","K7 Total Security (20230905)","Kaspersky Internet Security (20230905)","Malwarebytes Premium (20230905)","McAfee Total Protection (20230905)","Norton Security (20230905)","Panda Dome (20230905)","Quick Heal Internet Security (20230905)","Sophos Home Premium (20230905)","SpyHunter5 (20230905)","Total AV Antivirus Pro (20230905)","VIPRE Advanced Security (20230905)","VirIT eXplorer PRO (20230905)","Webroot SecureAnywhere (20230905)","Windows Defender (20230905)"],"avAllowList":["360 Total Security (20230905)","COMODO Antivirus (20230905)","Trend Micro Internet Security (20230905)"]}],"additionalFiles":[],"sources":[{"howFound":"PGWare Website","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://www.pgware.com/downloads/superram.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/superram.exe","sourceIndex":"1087"}],"sampleFiles":["230522/SuperRam-211210/7.3.7.2022/Samples/superram.exe"],"imageFiles":["230522/SuperRam-211210/7.3.7.2022/Images/ACR-109/ACR-109.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-043/ACR-043.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-042/ACR-042.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-048/ACR-048_Install.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-048/ACR-048.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-007/ACR-007.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-010/ACR-010.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-004/ACR-004.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-084/ACR-084.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-118/ACR-118.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-118/ACR-118_1.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-057/ACR-057.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-059/ACR-059.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-071/ACR-071.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-155/ACR-155.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-013/ACR-013.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230522/SuperRam-211210/7.3.7.2022/Images/ACR-045/ACR-045.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-106/ACR-106.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-092/ACR-092.JPG","230522/SuperRam-211210/7.3.7.2022/Images/ACR-123/ACR-123.JPG"],"guid":"afa0c0ed-25b1-4c81-a45e-7afd76d7926a_7.3.7.2022_1","appID":"SuperRam-211210","dateAdded":"230522","deceptorType":"Bundler","name":"SuperRam","company":"PGWARE LLC","version":"7.3.7.2022","lastKnownStatus":"7.8.23.2021;7.3.7.2022","lastKnownDate":"230522","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-04T14:37:40.2084107+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":993},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without disclosing it to the user and get user consent\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"The Offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy. \nThe internal offer page does not display links to the Privacy Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n","ACR-092":"The app does not provide a digital signature for the executables. \n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy. \n"},"samples":[{"isRevoked":"False","fileName":"superram setup.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"SuperRam","productVersion":"7.8.23.2021","fileVersion":"1.0","hashMD5":"b2177577f5e2680bbad39ca875497551","hashSHA1":"f85fbad0c74d76be8bfeb8501ae9908c265bc6c7","hashSHA256":"32cfc18db080b482188480de483e1cad54909f05d986460546c2c247f5cbdf84","sourceIndex":"1766","avBlockList":["360 Total Security (20211223)","Avast Premium Security (20211223)","AVG Internet Security (20211223)","Avira Internet Security (20211223)","Bitdefender Internet Security (20211223)","COMODO Antivirus (20211223)","ESET Internet Security (20211223)","G DATA INTERNET SECURITY (20211223)","K7 Total Security (20211223)","Kaspersky Internet Security (20211223)","Malwarebytes Premium (20211223)","McAfee Total Protection (20211223)","Norton Security (20211223)","Panda Dome (20211223)","Quick Heal Internet Security (20211223)","Sophos Home Premium (20211223)","SpyHunter5 (20211223)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20211223)","VIPRE Advanced Security (20211223)","VirIT eXplorer PRO (20211223)","Webroot SecureAnywhere (20211223)","Windows Defender (20211223)"],"avAllowList":["Dr.Web Security Space (20211223)","Trend Micro Internet Security (20211223)"]},{"isRevoked":"False","fileName":"SuperRam.exe","companyName":"PGWARE LLC      ","productName":"SuperRam","productVersion":"7.8.23.2021","fileVersion":"1.0","hashMD5":"9c344031b3d0ef5a9117ca6a8c6d07c8","hashSHA1":"92254832c78d8cde839b11f711d53247e1bc8b41","hashSHA256":"5375e7a53d426e0a459b0f0be7c6104b70da72999503d922d1b7b2fbb805d9bd","sourceIndex":"1766","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"PGWare Website","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://www.pgware.com/downloads/superram.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/superram.exe","sourceIndex":"1766"}],"sampleFiles":["211210/SuperRam-211210/7.8.23.2021/Samples/superram setup.exe","211210/SuperRam-211210/7.8.23.2021/Samples/SuperRam.exe"],"imageFiles":["211210/SuperRam-211210/7.8.23.2021/Images/ACR-109/RK Files and Install.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-059/RK Install.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-155/RK Install.png"],"nonDeceptorImageFiles":["211210/SuperRam-211210/7.8.23.2021/Images/ACR-065/SuperRam EULA.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-065/SuperRam About.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-065/PGWare Landing Page.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-065/SuperRam Offer Page.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-106/RK Install.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-092/SuperRam File Properties.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-092/SuperRam Installer File Properties.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-099/SuperRam About.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-099/PGWare Landing Page.png","211210/SuperRam-211210/7.8.23.2021/Images/ACR-099/PGWare Offer Page.png"],"guid":"afa0c0ed-25b1-4c81-a45e-7afd76d7926a_7.8.23.2021_1","appID":"SuperRam-211210","dateAdded":"230522","deceptorType":"Bundler","name":"SuperRam","company":"PGWARE LLC","version":"7.8.23.2021","sigName":"Deceptor:Win32/SuperRam!109059155","lastKnownStatus":"7.8.23.2021;7.3.7.2022","lastKnownDate":"230522","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-05-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":994},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without disclosing it to the user and user consent\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear. \n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":" The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Privacy Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-092":"The app does not provide a digital signature for the executables.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n The application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"gameboost setup.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"fd9bc7bfcef3075d7bba3de96dacddfe","hashSHA1":"3ddbc710fb70a7020573e800a17713ae1de65644","hashSHA256":"b6648c2be53ff0f14513819b287fc68e55fe4ddd3c132af8ee3cbe85f61cdc68","sourceIndex":"1765","avBlockList":["Avast Premium Security (20211223)","AVG Internet Security (20211223)","Avira Internet Security (20211223)","Bitdefender Internet Security (20211223)","COMODO Antivirus (20211223)","ESET Internet Security (20211223)","G DATA INTERNET SECURITY (20211223)","K7 Total Security (20211223)","Kaspersky Internet Security (20211223)","Malwarebytes Premium (20211223)","McAfee Total Protection (20211223)","Norton Security (20211223)","Panda Dome (20211223)","Quick Heal Internet Security (20211223)","Sophos Home Premium (20211223)","SpyHunter5 (20211223)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20211223)","VIPRE Advanced Security (20211223)","VirIT eXplorer PRO (20211223)","Webroot SecureAnywhere (20211223)","Windows Defender (20211223)"],"avAllowList":["360 Total Security (20211223)","Dr.Web Security Space (20211223)","Trend Micro Internet Security (20211223)"]},{"isRevoked":"False","fileName":"GameBoost.exe","fileVersion":"1.0","hashMD5":"18d4bac9b4cda0fdf46a3c8de30175b1","hashSHA1":"1ac36ad0481b5bd14258e5e1b34c20eab0f70108","hashSHA256":"c8b5b083a0de1dff2a815c51f6e24a83f38df83e76e31ddf0f5bd29fa65fab28","sourceIndex":"1765","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"PGWare Website","reference":"","landingPage":"http://pgware.com/","directDownloadingLink":"http://pgware.com/downloads/gameboost.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/gameboost.exe","sourceIndex":"1765"}],"sampleFiles":["211210/GameBoost-211210/3.8.23.2021/Samples/gameboost setup.exe","211210/GameBoost-211210/3.8.23.2021/Samples/GameBoost.exe"],"imageFiles":["211210/GameBoost-211210/3.8.23.2021/Images/ACR-109/RK Files and Install.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-059/RK Install.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-155/RK Install.png"],"nonDeceptorImageFiles":["211210/GameBoost-211210/3.8.23.2021/Images/ACR-065/GameBoost EULA.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-065/GameBoost About.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-065/PGWare Landing Page.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-065/GameBoost Offer Page.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-106/RK Install.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-092/GameBoost File Properties.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-092/GameBoost Installer File Properties.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-099/GameBoost About.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-099/PGWare Landing Page.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-099/GameBoost Offer Page.png","211210/GameBoost-211210/3.8.23.2021/Images/ACR-167/PGWare Landing Page.png"],"guid":"2de151fd-a4f4-4765-adf7-ebe83c3fd413_3.8.23.2021_1","appID":"GameBoost-211210","dateAdded":"230522","deceptorType":"Bundler","name":"GameBoost","company":"PGWARE LLC","version":"3.8.23.2021","sigName":"Deceptor:Win32/GameBoost!109059155","lastKnownStatus":"3.8.23.2021;4.3.7.2022","lastKnownDate":"230522","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-05-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":996},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. \n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app hides itself by attaching its process to svchost.exe, which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into a hidden folder using user-defined filename which can be completely unrelated to the app name. The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"netbull_trial.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"1f1db13b0328a1bf412c48f4e1c2a5432f6104223b014ebdd12fa1d3f565aba4","sourceIndex":"1903","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Netbull.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6ae64649ddda1dff00463aea1f5815f2","hashSHA1":"7eab6ed818b13f0450859ded14709ba05dcb2a20","hashSHA256":"c5ceef85a3fa3d303debf5ecde04abec142062a8c301e8bd9cb58e832b3ceb8a","sourceIndex":"1903","avBlockList":["360 Total Security (20210624)","Avast Premium Security (20210624)","AVG Internet Security (20210624)","Avira Internet Security (20210624)","Bitdefender Internet Security (20210624)","COMODO Antivirus (20210624)","Dr.Web Security Space (20210624)","ESET Internet Security (20210624)","G DATA INTERNET SECURITY (20210624)","K7 Total Security (20210624)","Kaspersky Internet Security (20210624)","Malwarebytes Premium (20210624)","McAfee Total Protection (20210624)","Norton Security (20210624)","Panda Dome (20210624)","Quick Heal Internet Security (20210624)","Sophos Home Premium (20210624)","SpyHunter5 (20210624)","Tencent PC Manager (20210624)","Total AV Antivirus Pro (20210624)","Trend Micro Internet Security (20210624)","VIPRE Advanced Security (20210624)","VirIT eXplorer PRO (20210624)","Webroot SecureAnywhere (20210624)","Windows Defender (20210624)"],"avAllowList":[]},{"isRevoked":"False","fileName":"module.exe","fileVersion":"0.0","hashMD5":"b37a2088f1622d4b5d69946fd43d069a","hashSHA1":"962585e94a6f481e69f2c4e94232df8efe75847a","hashSHA256":"ce63ad4a8a6928c81221566efea7f6b669d4378d4261a3c000f8a82c646ae31c","sourceIndex":"1903","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"nb3trial.exe","fileVersion":"0.0","hashMD5":"0225677e8532053a0ece879b8d787bb1","hashSHA1":"6e716a9c39f491610495b69aca5c06ea8b934e3b","hashSHA256":"48aa35b1f9a3a5b6c2d237e8627fcc486a3c19144b216c6959edbbed6c0f870c","sourceIndex":"1903","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search 'windows keylogger\"","reference":"https://www.netbull.com/","landingPage":"https://www.netbull.com/","directDownloadingLink":"https://www.netbull.com/download/netbull_trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.netbull.com/download/netbull_trial.zip","sourceIndex":"1903"}],"sampleFiles":["210603/Netbull-210601/3.0/Samples/netbull_trial.zip","210603/Netbull-210601/3.0/Samples/Netbull.exe","210603/Netbull-210601/3.0/Samples/module.exe","210603/Netbull-210601/3.0/Samples/nb3trial.exe"],"imageFiles":["210603/Netbull-210601/3.0/Images/ACR-084/Netbull _Interactions [2].png","210603/Netbull-210601/3.0/Images/ACR-084/Netbull _Interactions [5].png","210603/Netbull-210601/3.0/Images/ACR-084/Netbull _Files [1].png","210603/Netbull-210601/3.0/Images/ACR-084/Netbull _Process [1].png","210603/Netbull-210601/3.0/Images/ACR-086/Netbull _Interactions [3].png","210603/Netbull-210601/3.0/Images/ACR-086/Netbull _Interactions [8] Log.png","210603/Netbull-210601/3.0/Images/ACR-048/Netbull _Interactions [5].png","210603/Netbull-210601/3.0/Images/ACR-048/Netbull _Process [1].png","210603/Netbull-210601/3.0/Images/ACR-014/Netbull _Process [1].png","210603/Netbull-210601/3.0/Images/ACR-116/Netbull _ControlPanel [1].png"],"nonDeceptorImageFiles":["210603/Netbull-210601/3.0/Images/ACR-038/Netbull _FileProperty [1].png","210603/Netbull-210601/3.0/Images/ACR-038/Netbull _FileProperty [2].png","210603/Netbull-210601/3.0/Images/ACR-038/Netbull _FileProperty [3].png","210603/Netbull-210601/3.0/Images/ACR-040/Netbull _Files [1].png","210603/Netbull-210601/3.0/Images/ACR-065/Netbull _Install [1].png","210603/Netbull-210601/3.0/Images/ACR-092/Netbull _FileProperty [4].png","210603/Netbull-210601/3.0/Images/ACR-092/Netbull _FileProperty [5].png","210603/Netbull-210601/3.0/Images/ACR-092/Netbull _FileProperty [6].png","210603/Netbull-210601/3.0/Images/ACR-065/Netbull _Interactions [6].png","210603/Netbull-210601/3.0/Images/ACR-099/Netbull _Interactions [6].png","210603/Netbull-210601/3.0/Images/ACR-065/Netbull _LandingPage [1].png","210603/Netbull-210601/3.0/Images/ACR-099/Netbull _LandingPage [1].png","210603/Netbull-210601/3.0/Images/ACR-065/Netbull _OfferPage [1].png","210603/Netbull-210601/3.0/Images/ACR-099/Netbull _OfferPage [1].png"],"guid":"0b364cde-1d50-4eb0-b76b-faa428711111_3.0_1","appID":"Netbull-210601","dateAdded":"230519","deceptorType":"App","name":"Netbull","company":"NetBull","version":"3.0","sigName":"Deceptor:Win32/NetBullStaklerware!084086048014116","lastKnownStatus":"Deceptor:3.0;3.1;3.1.0.2;3.1.0.3;3.1.0.5;3.1.0.8","lastKnownDate":"230519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-05-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1002},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. \n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app hides itself by attaching its process to svchost.exe, which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into a hidden folder using user-defined filename which can be completely unrelated to the app name. The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the executables.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"module.exe","fileVersion":"0.0","hashMD5":"c70468861c351936d92d6a4fe6779879","hashSHA1":"07e49fcea08c77396ec7d79063147c5a4107883d","hashSHA256":"d44430f41e8ed8db96dbbea16589717f259be7b1db0f08caa1830b9beb209ae2","sourceIndex":"1823","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"NetBull.exe","isInstaller":"True","companyName":"NetBull","fileVersion":"0.0","hashMD5":"c3f668eb07369519cfdbdccfcbc4a615","hashSHA1":"405f629f1321355976aa48ffed32aca02c343a2f","hashSHA256":"4c21094f3eea312fea817124563bd20cc339bc0701efbfd1982dbc3de152439b","sourceIndex":"1823","avBlockList":["360 Total Security (20210916)","Avast Premium Security (20210916)","AVG Internet Security (20210916)","Avira Internet Security (20210916)","Bitdefender Internet Security (20210916)","ESET Internet Security (20210916)","G DATA INTERNET SECURITY (20210916)","K7 Total Security (20210916)","Malwarebytes Premium (20210916)","McAfee Total Protection (20210916)","Norton Security (20210916)","Panda Dome (20210916)","Quick Heal Internet Security (20210916)","Sophos Home Premium (20210916)","SpyHunter5 (20210916)","Tencent PC Manager (20210916)","Total AV Antivirus Pro (20210916)","VIPRE Advanced Security (20210916)","VirIT eXplorer PRO (20210916)","Webroot SecureAnywhere (20210916)","Windows Defender (20210916)"],"avAllowList":["COMODO Antivirus (20210916)","Dr.Web Security Space (20210916)","Kaspersky Internet Security (20210916)","Trend Micro Internet Security (20210916)"]},{"isRevoked":"False","fileName":"netbull_trial.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e1a971d7a7ce2288e09e2499692db8697ce2c7c74cadc36a9dcb6e4bdbbedec5","sourceIndex":"1823","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search 'windows keylogger\"","reference":"https://www.netbull.com/","landingPage":"https://www.netbull.com/","directDownloadingLink":"https://www.netbull.com/download/netbull_trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.netbull.com/download/netbull_trial.zip","sourceIndex":"1823"}],"sampleFiles":["210824/Netbull-210601/3.1/Samples/module.exe","210824/Netbull-210601/3.1/Samples/Netbull.exe","210824/Netbull-210601/3.1/Samples/netbull_trial.zip"],"imageFiles":["210824/Netbull-210601/3.1/Images/ACR-084/Netbull_Interactions [2].png","210824/Netbull-210601/3.1/Images/ACR-084/Netbull_Interactions [4].png","210824/Netbull-210601/3.1/Images/ACR-084/Netbull_Interactions [5].png","210824/Netbull-210601/3.1/Images/ACR-084/Netbull_Files [2].png","210824/Netbull-210601/3.1/Images/ACR-084/Netbull_RunningProcess [1].png","210824/Netbull-210601/3.1/Images/ACR-086/Netbull_Interactions [3].png","210824/Netbull-210601/3.1/Images/ACR-086/Netbull_Interactions [8].png","210824/Netbull-210601/3.1/Images/ACR-048/Netbull_Interactions [2].png","210824/Netbull-210601/3.1/Images/ACR-048/Netbull_Interactions [3].png","210824/Netbull-210601/3.1/Images/ACR-048/Netbull_Interactions [4].png","210824/Netbull-210601/3.1/Images/ACR-048/Netbull_Interactions [5].png","210824/Netbull-210601/3.1/Images/ACR-014/Netbull_RunningProcess [1].png","210824/Netbull-210601/3.1/Images/ACR-116/Netbull_ControlPanel [1].png"],"nonDeceptorImageFiles":["210824/Netbull-210601/3.1/Images/ACR-038/Netbull_FileProperty [1].png","210824/Netbull-210601/3.1/Images/ACR-038/Netbull_FileProperty [3].png","210824/Netbull-210601/3.1/Images/ACR-040/Netbull_Files [2].png","210824/Netbull-210601/3.1/Images/ACR-065/Netbull_Install [1].png","210824/Netbull-210601/3.1/Images/ACR-092/Netbull_FileProperty [2].png","210824/Netbull-210601/3.1/Images/ACR-092/Netbull_FileProperty [4].png","210824/Netbull-210601/3.1/Images/ACR-092/Netbull_FileProperty [5].png","210824/Netbull-210601/3.1/Images/ACR-065/Netbull_About [1].png","210824/Netbull-210601/3.1/Images/ACR-099/Netbull_About [1].png","210824/Netbull-210601/3.1/Images/ACR-065/Netbull_LandingPage [1].png","210824/Netbull-210601/3.1/Images/ACR-099/Netbull_LandingPage [1].png","210824/Netbull-210601/3.1/Images/ACR-065/Netbull_OfferPage [1].png","210824/Netbull-210601/3.1/Images/ACR-065/Netbull_OfferPage [2].png","210824/Netbull-210601/3.1/Images/ACR-099/Netbull_OfferPage [1].png","210824/Netbull-210601/3.1/Images/ACR-099/Netbull_OfferPage [2].png"],"guid":"0b364cde-1d50-4eb0-b76b-faa428711111_3.1_1","appID":"Netbull-210601","dateAdded":"230519","deceptorType":"App","name":"Netbull","company":"NetBull","version":"3.1","lastKnownStatus":"Deceptor:3.0;3.1;3.1.0.2;3.1.0.3;3.1.0.5;3.1.0.8","lastKnownDate":"230519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-05-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1001},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. \n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app hides itself by attaching its process to svchost.exe, which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into a hidden folder using user-defined filename which can be completely unrelated to the app name. The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the executables.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"Netbull.exe","isInstaller":"True","companyName":"NetBull","productName":"NetBull","productVersion":"3.1.0.2","fileVersion":"3.1.0.2","hashMD5":"3302da406d65a1c0fdc339a75a652adb","hashSHA1":"200e3021a943e154f7d6863f4f6d6ece3ef04889","hashSHA256":"7d208317aa974fd45641adf438cdb9a5f649ff0515c4483cb6e55da1646ec40a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1740","avBlockList":["360 Total Security (20220127)","Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","Bitdefender Internet Security (20220127)","ESET Internet Security (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","Kaspersky Internet Security (20220127)","Malwarebytes Premium (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Tencent PC Manager (20220127)","Total AV Antivirus Pro (20220127)","Trend Micro Internet Security (20220127)","VIPRE Advanced Security (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":["COMODO Antivirus (20220127)","Dr.Web Security Space (20220127)"]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\module.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"c70468861c351936d92d6a4fe6779879","hashSHA1":"07e49fcea08c77396ec7d79063147c5a4107883d","hashSHA256":"d44430f41e8ed8db96dbbea16589717f259be7b1db0f08caa1830b9beb209ae2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1740","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Microsoft\\Windows\\nb3trial.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"c70468861c351936d92d6a4fe6779879","hashSHA1":"07e49fcea08c77396ec7d79063147c5a4107883d","hashSHA256":"d44430f41e8ed8db96dbbea16589717f259be7b1db0f08caa1830b9beb209ae2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1740","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search 'windows keylogger\"","reference":"","landingPage":" https://www.netbull.com/","directDownloadingLink":"https://www.netbull.com/license=trial","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.netbull.com/license=trial","sourceIndex":"1740"}],"sampleFiles":["211230/Netbull-210601/3.1.0.2/Samples/Netbull.exe"],"imageFiles":["211230/Netbull-210601/3.1.0.2/Images/ACR-084/ACR-084_Software_Hides.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-084/ACR-084_Software_Hides_1.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-084/ACR-084_Software_Hides_2.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-084/ACR-084_Software_Hides_3.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-084/ACR-084_Software_Hides_4.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-086/ACR-086_Software_Transmits_Data.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-086/ACR-086_Software_Transmits_Data_1.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-048/ACR-048_Software_Hides_App.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-048/ACR-048_Software_Hides_App_1.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-048/ACR-048_Software_Hides_App_2.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-048/ACR-048_Software_Hides_App_3.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-014/ACR-014_Software_Misleading_Process.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-116/ACR-116_Uninstall_App_Not_Listed.JPG"],"nonDeceptorImageFiles":["211230/Netbull-210601/3.1.0.2/Images/ACR-038/ACR-038_Install_No_Details.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-038/ACR-038_Install_No_Details_1.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-065/ACR-065_Install_No_PrivacyPolicy.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-092/ACR-092_Software_No_Digital_Signature_1.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-092/ACR-092_Software_No_Digital_Signature_2.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-065/ACR-065_Software_No_docs.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-099/ACR-099_Software_No_Uninstall_Information.JPG","211230/Netbull-210601/3.1.0.2/Images/ACR-065/ACR-065_LandingPage_No_Docs.jpg","211230/Netbull-210601/3.1.0.2/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Information.jpg","211230/Netbull-210601/3.1.0.2/Images/ACR-065/ACR-065_InternalOffers_No_Docs.jpg","211230/Netbull-210601/3.1.0.2/Images/ACR-065/ACR-065_InternalOffers_No_Docs_1.jpg","211230/Netbull-210601/3.1.0.2/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Information.jpg","211230/Netbull-210601/3.1.0.2/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Information_1.jpg"],"guid":"0b364cde-1d50-4eb0-b76b-faa428711111_3.1.0.2_1","appID":"Netbull-210601","dateAdded":"230519","deceptorType":"App","name":"Netbull","company":"NetBull","version":"3.1.0.2","lastKnownStatus":"Deceptor:3.0;3.1;3.1.0.2;3.1.0.3;3.1.0.5;3.1.0.8","lastKnownDate":"230519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-05-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1000},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray. \n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the \"Netbull.exe\" executable.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page(https://www.netbull.com/) does not display links to uninstall information. \nThe internal offers page (https://www.netbull.com/purchase.html) does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"Netbull.exe","isInstaller":"True","companyName":"NetBull","productName":"NetBull","productVersion":"3.1.0.5","fileVersion":"3.1.0.5","hashMD5":"e69f1ad6d8d666ccb47b188aa701e0f5","hashSHA1":"976ca1de33e87041a5ce5b94f3e2b6f467d80c0a","hashSHA256":"714111f404d3f8c8ad1fc4ccf614cb47c8eaeeb33c8c45518c99f0ab758e802d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1543","avBlockList":["360 Total Security (20230720)","Avast Premium Security (20230720)","AVG Internet Security (20230720)","Avira Internet Security (20230720)","Bitdefender Internet Security (20230720)","Dr.Web Security Space (20230720)","ESET Internet Security (20230720)","G DATA INTERNET SECURITY (20230720)","K7 Total Security (20230720)","Kaspersky Internet Security (20230720)","Malwarebytes Premium (20230720)","McAfee Total Protection (20230720)","Norton Security (20230720)","Panda Dome (20230720)","Quick Heal Internet Security (20230720)","Sophos Home Premium (20230720)","SpyHunter5 (20230720)","Total AV Antivirus Pro (20230720)","Trend Micro Internet Security (20230720)","VIPRE Advanced Security (20230720)","VirIT eXplorer PRO (20230720)","Webroot SecureAnywhere (20230720)","Windows Defender (20230720)"],"avAllowList":["COMODO Antivirus (20230720)"]},{"isRevoked":"False","fileName":"module.exe","fileVersion":"0.0","hashMD5":"b54ffb65c3e36afe952d8bd8e6257275","hashSHA1":"a00bb0d3cc7c24a1d16b0c695fae8477a62f24c8","hashSHA256":"443a5d63deacc2ebe3ff1d8b6eab2b5e8fe5b9124ddda752566eaea5a7af30de","sourceIndex":"1543","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search 'windows keylogger\"","reference":"https://www.netbull.com/","landingPage":"https://www.netbull.com/","directDownloadingLink":"http://www.netbull.com/license=trial","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.netbull.com/license=trial","sourceIndex":"1543"}],"sampleFiles":["220623/Netbull-210601/3.1.0.5/Samples/Netbull.exe"],"imageFiles":["220623/Netbull-210601/3.1.0.5/Images/ACR-084/ACR-084 (1).JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-084/ACR-084 (2).JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-084/ACR-084 (3).JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-084/ACR-084 (4).JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-086/ACR-086.JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-086/ACR-086_1.JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-048/ACR-048_1 (1).JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-048/ACR-048_1 (2).JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-048/ACR-048_1 (3).JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-048/ACR-048_1 (4).JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["220623/Netbull-210601/3.1.0.5/Images/ACR-065/ACR-065_Install_1.JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-065/ACR-065_Software_1.JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-099/ACR-099.JPG","220623/Netbull-210601/3.1.0.5/Images/ACR-065/ACR-065_1.jpg","220623/Netbull-210601/3.1.0.5/Images/ACR-099/ACR-099_1.jpg","220623/Netbull-210601/3.1.0.5/Images/ACR-065/ACR-065_1 (1).jpg","220623/Netbull-210601/3.1.0.5/Images/ACR-065/ACR-065_1 (2).jpg","220623/Netbull-210601/3.1.0.5/Images/ACR-099/ACR-099_2.jpg","220623/Netbull-210601/3.1.0.5/Images/ACR-099/ACR-099_3.jpg"],"guid":"0b364cde-1d50-4eb0-b76b-faa428711111_3.1.0.5_1","appID":"Netbull-210601","dateAdded":"230519","deceptorType":"App","name":"Netbull","company":"NetBull","version":"3.1.0.5","lastKnownStatus":"Deceptor:3.0;3.1;3.1.0.2;3.1.0.3;3.1.0.5;3.1.0.8","lastKnownDate":"230519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-05-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":998},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. \n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app hides itself by attaching its process to svchost.exe, which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into a hidden folder using user-defined filename which can be completely unrelated to the app name. The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the executables.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"Netbull.exe","isInstaller":"True","companyName":"NetBull","productName":"NetBull","productVersion":"3.1.0.3","fileVersion":"3.1.0.3","hashMD5":"32f589968d00eca3bad06691d781271f","hashSHA1":"662cf0e3e6911393d91709a1fa2f8e934e86d869","hashSHA256":"2355b4180f7a771d46c52df181fb73a0c4eb9a2716ee03177a3c7d43935df36a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1667","avBlockList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Avira Internet Security (20220428)","Bitdefender Internet Security (20220428)","COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","ESET Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","Kaspersky Internet Security (20220428)","Malwarebytes Premium (20220428)","McAfee Total Protection (20220428)","Norton Security (20220428)","Panda Dome (20220428)","Quick Heal Internet Security (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Tencent PC Manager (20220428)","Total AV Antivirus Pro (20220428)","Trend Micro Internet Security (20220428)","VIPRE Advanced Security (20220428)","VirIT eXplorer PRO (20220428)","Webroot SecureAnywhere (20220428)","Windows Defender (20220428)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\module.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"c70468861c351936d92d6a4fe6779879","hashSHA1":"07e49fcea08c77396ec7d79063147c5a4107883d","hashSHA256":"d44430f41e8ed8db96dbbea16589717f259be7b1db0f08caa1830b9beb209ae2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1667","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search - keylogger","reference":"","landingPage":"https://www.netbull.com/","directDownloadingLink":"https://www.netbull.com/download/netbull_trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.netbull.com/download/netbull_trial.zip","sourceIndex":"1667"}],"sampleFiles":["220329/Netbull-210601/3.1.0.3/Samples/Netbull.exe"],"imageFiles":["220329/Netbull-210601/3.1.0.3/Images/ACR-084/ACR-084_Software.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-084/ACR-084_Software_1.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-084/ACR-084_Software_2.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-084/ACR-084_Software_3.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-084/ACR-084_Software_4.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-086/ACR-086_Software.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-086/ACR-086_Software_1.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-048/ACR-048_Software.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-048/ACR-048_Software_1.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-048/ACR-048_Software_2.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-048/ACR-048_Software_3.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-014/ACR-014_Software.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-116/ACR-116_Uninstall.JPG"],"nonDeceptorImageFiles":["220329/Netbull-210601/3.1.0.3/Images/ACR-038/ACR-038_Install.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-038/ACR-038_Install_1.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-040/ACR-040_Install.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-065/ACR-065_Install.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-092/ACR-092_Software.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-092/ACR-092_Software_1.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-092/ACR-092_Software_2.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-065/ACR-065_Software.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-099/ACR-099_Software.JPG","220329/Netbull-210601/3.1.0.3/Images/ACR-065/ACR-065_Landingpage.jpg","220329/Netbull-210601/3.1.0.3/Images/ACR-099/ACR-099_Landingpage.jpg","220329/Netbull-210601/3.1.0.3/Images/ACR-065/ACR-065_InternalOffers.jpg","220329/Netbull-210601/3.1.0.3/Images/ACR-065/ACR-065_InternalOffers_1.jpg","220329/Netbull-210601/3.1.0.3/Images/ACR-099/ACR-099_InternalOffers.jpg","220329/Netbull-210601/3.1.0.3/Images/ACR-099/ACR-099_InternalOffers_1.jpg"],"guid":"0b364cde-1d50-4eb0-b76b-faa428711111_3.1.0.3_1","appID":"Netbull-210601","dateAdded":"230519","deceptorType":"App","name":"Netbull","company":"NetBull","version":"3.1.0.3","lastKnownStatus":"Deceptor:3.0;3.1;3.1.0.2;3.1.0.3;3.1.0.5;3.1.0.8","lastKnownDate":"230519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-05-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":999},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray. \n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide Digital signatures for the \"Netbull.exe\" and \"Module.exe\" executables.\n"},"samples":[{"isRevoked":"False","fileName":"Netbull.exe","isInstaller":"True","companyName":"NetBull","productName":"NetBull","productVersion":"3.1.0.8","fileVersion":"3.1.0.8","hashMD5":"1db746a73e3db1617e9f5e6c526a0ae1","hashSHA1":"52eb57e3ed907fc47ee339e28bbb15f1f3730521","hashSHA256":"ba517b856eeea419130e9455d43931b8de9591316b235cc011c01b2be2c5f387","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1098","avBlockList":["360 Total Security (20230608)","Avast Premium Security (20230608)","AVG Internet Security (20230608)","Avira Internet Security (20230608)","Bitdefender Internet Security (20230608)","Dr.Web Security Space (20230608)","ESET Internet Security (20230608)","G DATA INTERNET SECURITY (20230608)","K7 Total Security (20230608)","Kaspersky Internet Security (20230608)","Malwarebytes Premium (20230608)","McAfee Total Protection (20230608)","Norton Security (20230608)","Panda Dome (20230608)","Quick Heal Internet Security (20230608)","Sophos Home Premium (20230608)","SpyHunter5 (20230608)","Total AV Antivirus Pro (20230608)","Trend Micro Internet Security (20230608)","VIPRE Advanced Security (20230608)","VirIT eXplorer PRO (20230608)","Webroot SecureAnywhere (20230608)","Windows Defender (20230608)"],"avAllowList":["COMODO Antivirus (20230608)"]},{"isRevoked":"False","fileName":"module.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"c70468861c351936d92d6a4fe6779879","hashSHA1":"07e49fcea08c77396ec7d79063147c5a4107883d","hashSHA256":"d44430f41e8ed8db96dbbea16589717f259be7b1db0f08caa1830b9beb209ae2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1098","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on keylogger app","reference":"","landingPage":"https://www.netbull.com/","directDownloadingLink":"https://www.netbull.com/dld49382/nb-trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.netbull.com/dld49382/nb-trial.zip","sourceIndex":"1098"}],"sampleFiles":["230519/Netbull-210601/3.1.0.8/Samples/Netbull.exe"],"imageFiles":["230519/Netbull-210601/3.1.0.8/Images/ACR-084/ACR-084.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-084/ACR-084_1.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-084/ACR-084_2.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-084/ACR-084_3.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-086/ACR-086.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-086/ACR-086_1.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-048/ACR-048.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-048/ACR-048_1.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-048/ACR-048_2.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-048/ACR-048_3.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["230519/Netbull-210601/3.1.0.8/Images/ACR-092/ACR-092.JPG","230519/Netbull-210601/3.1.0.8/Images/ACR-092/ACR-092_1.JPG"],"guid":"0b364cde-1d50-4eb0-b76b-faa428711111_3.1.0.8_1","appID":"Netbull-210601","dateAdded":"230519","deceptorType":"App","name":"Netbull","company":"NetBull","version":"3.1.0.8","lastKnownStatus":"Deceptor:3.0;3.1;3.1.0.2;3.1.0.3;3.1.0.5;3.1.0.8","lastKnownDate":"230519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:40.5150195+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":997},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, and Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy\nThe landing page does not display links to the Returns and Cancellation Policy. \nThe internal offer page does not display links to the Privacy Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app\nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"pcmedik .exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"99e6327a229e5757739c76a59366f0cc","hashSHA1":"87f61be2f0190a8c6b7fa08c2e905653c031f32e","hashSHA256":"5b5b2390bb09ddcc403c074b3ba70b1e46f7fe4dc093010095e796457f4be57f","sourceIndex":"1852","avBlockList":["360 Total Security (20211216)","Avast Premium Security (20211216)","AVG Internet Security (20211216)","Avira Internet Security (20211216)","Bitdefender Internet Security (20211216)","ESET Internet Security (20211216)","G DATA INTERNET SECURITY (20211216)","K7 Total Security (20211216)","Kaspersky Internet Security (20211216)","Malwarebytes Premium (20211216)","McAfee Total Protection (20211216)","Norton Security (20211216)","Panda Dome (20211216)","Quick Heal Internet Security (20211216)","Sophos Home Premium (20211216)","SpyHunter5 (20211216)","Tencent PC Manager (20211216)","Total AV Antivirus Pro (20211216)","VIPRE Advanced Security (20211216)","VirIT eXplorer PRO (20211216)","Webroot SecureAnywhere (20211216)","Windows Defender (20211216)"],"avAllowList":["COMODO Antivirus (20211216)","Dr.Web Security Space (20211216)","Trend Micro Internet Security (20211216)"]},{"isRevoked":"False","fileName":"PCMedik.exe","fileVersion":"1.0","hashMD5":"cf15e1086c5ff09f7e860eddbd141705","hashSHA1":"bdaeb000e76a98de6a15ed6df2b8b2ba7a2eb0bb","hashSHA256":"141e02aff81b2d5c6ef6303199d35af747d6707cdf38c339f5065b9a447037e2","sourceIndex":"1852","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1852","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://pgware.com/","landingPage":"http://pgware.com/products/pcmedik/","directDownloadingLink":"http://pgware.com/downloads/pcmedik.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pcmedik.exe","sourceIndex":"1852"}],"sampleFiles":["210330/PCMedik-210330/8.7.12.2021/Samples/pcmedik .exe","210330/PCMedik-210330/8.7.12.2021/Samples/PCMedik.exe","210330/PCMedik-210330/8.7.12.2021/Samples/rk_setup.exe"],"imageFiles":["210330/PCMedik-210330/8.7.12.2021/Images/ACR-109/PC Medik_Install [3].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-048/PC Medik_Install [3].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-059/PC Medik_Install [2].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-155/PC Medik_Install [2].png"],"nonDeceptorImageFiles":["210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_Install [1].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_Install [2].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_Install [4].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_Install [8].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_Install [9].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-106/PC Medik_Install [2].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-092/PC Medik_FileProperty [4].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-092/PC Medik_FileProperty [2].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-099/PC Medik_About [1].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_LandingPage [1].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_LandingPage [2].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-099/PC Medik_LandingPage [1].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-099/PC Medik_LandingPage [2].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_OfferPage [1].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-065/PC Medik_OfferPage [2].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-099/PC Medik_OfferPage [1].png","210330/PCMedik-210330/8.7.12.2021/Images/ACR-099/PC Medik_OfferPage [2].png"],"guid":"b65a8e76-1875-42bb-a174-87c18cc06b32_8.7.12.2021_1","appID":"PCMedik-210330","dateAdded":"230508","deceptorType":"Bundler","name":"PC Medik","company":"PGWare LLC","version":"8.7.12.2021","lastKnownStatus":"8.3.29.2021;8.7.12.2021;8.8.23.2021;8.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1008},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, and Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy\nThe landing page does not display links to the Returns and Cancellation Policy. \nThe internal offer page does not display links to the Privacy Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app\nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"pcmedik .exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"f50d0ae905a4a0122045ae392b036172","hashSHA1":"a2abd9c8e0617cf79f0bf9a6797ad57f0649f594","hashSHA256":"dd4e3b2dbbf5e5314e90dfd3679ea5d430eaace3922ce9b4cf2dbdd1c274efcd","sourceIndex":"1822","avBlockList":["Avast Premium Security (20211005)","AVG Internet Security (20211005)","Avira Internet Security (20211005)","Bitdefender Internet Security (20211005)","ESET Internet Security (20211005)","G DATA INTERNET SECURITY (20211005)","K7 Total Security (20211005)","Malwarebytes Premium (20211005)","McAfee Total Protection (20211005)","Norton Security (20211005)","Panda Dome (20211005)","Quick Heal Internet Security (20211005)","Sophos Home Premium (20211005)","SpyHunter5 (20211005)","Tencent PC Manager (20211005)","Total AV Antivirus Pro (20211005)","VIPRE Advanced Security (20211005)","VirIT eXplorer PRO (20211005)","Webroot SecureAnywhere (20211005)","Windows Defender (20211005)"],"avAllowList":["360 Total Security (20211005)","COMODO Antivirus (20211005)","Dr.Web Security Space (20211005)","Kaspersky Internet Security (20211005)","Trend Micro Internet Security (20211005)"]},{"isRevoked":"False","fileName":"PCMedik.exe","fileVersion":"1.0","hashMD5":"669875d81542c95998df13f371a4a1cd","hashSHA1":"380810c140fd4e6f1ccd5c48fd6f4d4a9a84aea2","hashSHA256":"7832e946aa0a8e1c7d767b91d6e916eaa1ae397606b9f46234e40a71e76e974d","sourceIndex":"1822","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1822","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://pgware.com/","landingPage":"http://pgware.com/products/pcmedik/","directDownloadingLink":"http://pgware.com/downloads/pcmedik.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pcmedik.exe","sourceIndex":"1822"}],"sampleFiles":["210826/PCMedik-210330/8.8.23.2021/Samples/pcmedik .exe","210826/PCMedik-210330/8.8.23.2021/Samples/PCMedik.exe","210826/PCMedik-210330/8.8.23.2021/Samples/rk_setup.exe"],"imageFiles":["210826/PCMedik-210330/8.8.23.2021/Images/ACR-109/PCMedik_Install [3].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-048/PCMedik_Install [3].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-059/PCMedik_Install [2].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-155/PCMedik_Install [2].png"],"nonDeceptorImageFiles":["210826/PCMedik-210330/8.8.23.2021/Images/ACR-065/PCMedik_Install [1].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-065/PCMedik_Install [2].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-065/PCMedik_Install [4].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-065/PCMedik_Install [8].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-065/PCMedik_Install [9].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-106/PCMedik_Install [2].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-092/PCMedik_FileProperty [2].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-092/PCMedik_FileProperty [3].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-065/PCMedik_About [1].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-099/PCMedik_About [1].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-167/PCMedik_LandingPage [1].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-065/PCMedik_LandingPage [1].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-099/PCMedik_LandingPage [1].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-065/PCMedik_OfferPage [1].png","210826/PCMedik-210330/8.8.23.2021/Images/ACR-099/PCMedik_OfferPage [1].png"],"guid":"b65a8e76-1875-42bb-a174-87c18cc06b32_8.8.23.2021_1","appID":"PCMedik-210330","dateAdded":"230508","deceptorType":"Bundler","name":"PC Medik","company":"PGWare LLC","version":"8.8.23.2021","sigName":"Deceptor:Win32/PCMedik!109048059155","lastKnownStatus":"8.3.29.2021;8.7.12.2021;8.8.23.2021;8.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1007},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, and Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy\nThe landing page does not display links to the Returns and Cancellation Policy. \nThe internal offer page does not display links to the Privacy Policy.\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app\nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"pcmedik.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"eef2a3572576cda3a58c64df52f8f45d","hashSHA1":"dc78a64f3e4ad4a993ada7c0e1a1b0f820809c80","hashSHA256":"7887ed8143d454329c75d2d167755e5ef88e48388c894cdd9e84a956038524e6","sourceIndex":"1970","avBlockList":["360 Total Security (20210520)","Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","COMODO Antivirus (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Tencent PC Manager (20210520)","Total AV Antivirus Pro (20210520)","Trend Micro Internet Security (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMedik .exe","fileVersion":"1.0","hashMD5":"ab45da10d5635630f94aae64e106ca2e","hashSHA1":"e997ef0d1830043176235be4f4509d3ce81cfe54","hashSHA256":"13c2c2a725acab0cb025d707e62b0e503047e92a91761c9346c8baf5ecfac60b","sourceIndex":"1970","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://pgware.com/","landingPage":"http://pgware.com/products/pcmedik/","directDownloadingLink":"http://pgware.com/downloads/pcmedik.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pcmedik.exe","sourceIndex":"1970"}],"sampleFiles":["210330/PCMedik-210330/8.3.29.2021/Samples/pcmedik.exe","210330/PCMedik-210330/8.3.29.2021/Samples/PCMedik .exe"],"imageFiles":["210330/PCMedik-210330/8.3.29.2021/Images/ACR-109/PCMedik_Install [5].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-048/PCMedik_Install [5].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-059/PCMedik_Install [3].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-155/PCMedik_Install [3].png"],"nonDeceptorImageFiles":["210330/PCMedik-210330/8.3.29.2021/Images/ACR-065/PCMedik_Install [1].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-065/PCMedik_Install [2].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-065/PCMedik_Install [6].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-092/PCMedik_FileProperty [2].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-092/PCMedik_FileProperty [3].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-065/PCMedik_About [1].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-099/PCMedik_About [1].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-065/PCMedik_LandingPage [1].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-065/PCMedik_LandingPage [2].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-099/PCMedik_LandingPage [1].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-099/PCMedik_LandingPage [2].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-065/PCMedik_OfferPage [1].png","210330/PCMedik-210330/8.3.29.2021/Images/ACR-099/PCMedik_OfferPage [1].png"],"guid":"b65a8e76-1875-42bb-a174-87c18cc06b32_8.3.29.2021_1","appID":"PCMedik-210330","dateAdded":"230508","deceptorType":"Bundler","name":"PC Medik","company":"PGWare LLC","version":"8.3.29.2021","sigName":"Deceptor:Win32/PCMedik!109048059155","lastKnownStatus":"8.3.29.2021;8.7.12.2021;8.8.23.2021;8.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1009},{"violations":{"ACR-109":" The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user. \n","ACR-042":" The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":" The app drops the Root Certificate files without disclosing it during installation.\n\n","ACR-048":" There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file. \nThe app does not provide control to enable/disable the startup item and to remove its background process completely within the app's settings\n","ACR-007":" The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-084":"1. On quitting the app, the application doesn't exit completely as the process run in the background, hiding the fact that it is active from the consumer without any notification. 2. The app creates an undisclosed startup item to perform an action without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-045":" The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":" App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":" The app does not provide digital signature for the executables\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PGWARE\\PCBoost\\PCBoost1.exe","companyName":"","productName":"PCBoost","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c042a8b4f5ef8450f3d4cc99338b7acd","hashSHA1":"31fc1fa50fefa0873a294a4710275c668978731d","hashSHA256":"416b8a70b63b920dbbf4e0dea5852a3c4a7c3c1e5a827df2af8f9224756aadca","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1110","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcboost.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"PCBoost                                                     ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"d71296532ac6e305521992a7a8f5a0c5","hashSHA1":"1662fdfcabb5a1e8d0205c1879b2e748f149244a","hashSHA256":"5d4db1b906fe01fa6574f1a784ff234394ed1019134fca34cd6be38e45cccc7a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1110","avBlockList":["Avast Premium Security (20230523)","AVG Internet Security (20230523)","Avira Internet Security (20230523)","Bitdefender Internet Security (20230523)","Dr.Web Security Space (20230523)","ESET Internet Security (20230523)","G DATA INTERNET SECURITY (20230523)","K7 Total Security (20230523)","Kaspersky Internet Security (20230523)","Malwarebytes Premium (20230523)","McAfee Total Protection (20230523)","Norton Security (20230523)","Panda Dome (20230523)","Quick Heal Internet Security (20230523)","Sophos Home Premium (20230523)","SpyHunter5 (20230523)","Total AV Antivirus Pro (20230523)","VIPRE Advanced Security (20230523)","VirIT eXplorer PRO (20230523)","Webroot SecureAnywhere (20230523)","Windows Defender (20230523)"],"avAllowList":["360 Total Security (20230523)","COMODO Antivirus (20230523)","Trend Micro Internet Security (20230523)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: PC booster","reference":"http://www.pgware.com/","landingPage":"http://www.pgware.com/","directDownloadingLink":"http://www.pgware.com/downloads/pcboost.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/pcboost.exe","sourceIndex":"1110"}],"sampleFiles":["230508/PCBoost-200514/5.3.7.2022/Samples/pcboost.exe"],"imageFiles":["230508/PCBoost-200514/5.3.7.2022/Images/ACR-109/ACR-109.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-043/ACR-043.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-042/ACR-042.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-048/ACR-048.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-007/ACR-007.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-010/ACR-010.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-084/ACR-084.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-084/ACR-084_Process.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-048/ACR-048_Process.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-048/ACR-048_Startup.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-118/ACR-118.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-057/ACR-057.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-059/ACR-059.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-071/ACR-071.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-155/ACR-155.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-013/ACR-013.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230508/PCBoost-200514/5.3.7.2022/Images/ACR-045/ACR-045.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-106/ACR-106.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-092/ACR-092.JPG","230508/PCBoost-200514/5.3.7.2022/Images/ACR-123/ACR-123.JPG"],"guid":"692dea54-b773-4769-876b-16e58a35166e_5.3.7.2022_1","appID":"PCBoost-200514","dateAdded":"230508","deceptorType":"Bundler","name":"PCBoost","company":"PGWARE LLC","version":"5.3.7.2022","lastKnownStatus":"5.5.11.2020;5.8.23.2021;5.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:40.898994+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1010},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user.\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt\n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PGWARE\\PCMedik\\PCMedik1.exe","companyName":"","productName":"PCMedik","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1494ce46455c930c7d678c0148f8922b","hashSHA1":"49da8200cbeacf37f8521ba11d597321908cbe37","hashSHA256":"126e754cb1bdf438c13580135cf34584f6427cd0451032acab9ab2cfb0e65465","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1115","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcmedik.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"PCMedik                                                     ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"d92b3c9794e224aa88a48b2c88ff5005","hashSHA1":"00fe2efbe14ddebceb2b6aea4d4803ce9dba161e","hashSHA256":"13c78a2ba29593fd15987deea5cc944b4a0ecffc39fb064e40b5aebf6e600099","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1115","avBlockList":["Avast Premium Security (20230525)","AVG Internet Security (20230525)","Avira Internet Security (20230525)","Bitdefender Internet Security (20230525)","COMODO Antivirus (20230525)","Dr.Web Security Space (20230525)","ESET Internet Security (20230525)","G DATA INTERNET SECURITY (20230525)","K7 Total Security (20230525)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20230525)","McAfee Total Protection (20230525)","Norton Security (20230525)","Panda Dome (20230525)","Quick Heal Internet Security (20230525)","Sophos Home Premium (20230525)","SpyHunter5 (20230525)","Total AV Antivirus Pro (20230525)","VIPRE Advanced Security (20230525)","VirIT eXplorer PRO (20230525)","Webroot SecureAnywhere (20230525)","Windows Defender (20230525)"],"avAllowList":["360 Total Security (20230525)","Trend Micro Internet Security (20230525)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://pgware.com/","landingPage":"http://pgware.com/products/pcmedik/","directDownloadingLink":"http://pgware.com/downloads/pcmedik.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pcmedik.exe","sourceIndex":"1115"}],"sampleFiles":["230508/PCMedik-210330/8.3.7.2022/Samples/pcmedik.exe"],"imageFiles":["230508/PCMedik-210330/8.3.7.2022/Images/ACR-109/ACR-109.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-043/ACR-043.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-042/ACR-042.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-048/ACR-048.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-007/ACR-007.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-010/ACR-010.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-118/ACR-118.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-057/ACR-057.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-059/ACR-059.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-071/ACR-071.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-155/ACR-155.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-013/ACR-013.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230508/PCMedik-210330/8.3.7.2022/Images/ACR-045/ACR-045.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-106/ACR-106.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-092/ACR-092.JPG","230508/PCMedik-210330/8.3.7.2022/Images/ACR-123/ACR-123.JPG"],"guid":"b65a8e76-1875-42bb-a174-87c18cc06b32_8.3.7.2022_1","appID":"PCMedik-210330","dateAdded":"230508","deceptorType":"Bundler","name":"PC Medik","company":"PGWare LLC","version":"8.3.7.2022","lastKnownStatus":"8.3.29.2021;8.7.12.2021;8.8.23.2021;8.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2026-05-04T14:37:41.0677161+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1006},{"violations":{"ACR-109":" There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \n\nThe app does not display links to the Returns and Cancellation or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display link to the Returns and Cancellation Policy.\n","ACR-092":"The app does not have a digital signature for all the executables.\n","ACR-099":"The app's about page does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"pcboost_.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"903a334bde457f3a3d5b6ef363f335ea","hashSHA1":"953cc7adce9dcb1d37523b221edeb462e08c0ba9","hashSHA256":"88fd98c20e561a768b09b8600f855d8e2566666e2e3cf6ac1ce3549972f3f023","sourceIndex":"2465","avBlockList":["360 Total Security (20220127)","Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","Bitdefender Internet Security (20220127)","COMODO Antivirus (20220127)","Dr.Web Security Space (20220127)","ESET Internet Security (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","Kaspersky Internet Security (20220127)","Malwarebytes Premium (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Tencent PC Manager (20220127)","Total AV Antivirus Pro (20220127)","Trend Micro Internet Security (20220127)","VIPRE Advanced Security (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoost.exe","fileVersion":"1.0","hashMD5":"10c94772811a696db06c90303a0ee900","hashSHA1":"96c7c8ddee67ff1e73ca7b40ad7df253a3262a6a","hashSHA256":"a816fc9544f60b7734d1b2b9859618f60a5dfed26d545da6cb19a9050cdbd506","sourceIndex":"2465","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoostRegister.exe","fileVersion":"1.0","hashMD5":"b9ea7120805053e2ac3d55e753a8b5d8","hashSHA1":"916feaa10841c685b3ab4324f3bbf8c385603ce1","hashSHA256":"a17de908f9b30e0c040233a4f6320da9534a50fd565132ed410b0decd71f1fdc","sourceIndex":"2465","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoostTray.exe","fileVersion":"1.0","hashMD5":"ffa6e5d5a322c810c73364c906683aa9","hashSHA1":"deca9110d879b94ffa219566666260e2bb523fb4","hashSHA256":"44bd9aff9baf41133600bb674f6493cab084689162f3261407e62746d12b6cf1","sourceIndex":"2465","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoostUpdate.exe","fileVersion":"1.0","hashMD5":"8ec16fc27750ac4fe81f3013654d9fb3","hashSHA1":"e506ec62cbf6aa5e6fcd3a552a0f80a6d254ea2a","hashSHA256":"0d627be0a973c71f7501e82b07e9fa8019c26e0116c5f9980793ee5ec0cce0ef","sourceIndex":"2465","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: PC booster","reference":"http://www.pgware.com/","landingPage":"http://www.pgware.com/","directDownloadingLink":"http://www.pgware.com/downloads/pcboost.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/pcboost.exe","sourceIndex":"2465"}],"sampleFiles":["200514/PCBoost-200514/5.5.11.2020/Samples/pcboost_.exe","200514/PCBoost-200514/5.5.11.2020/Samples/PCBoost.exe","200514/PCBoost-200514/5.5.11.2020/Samples/PCBoostRegister.exe","200514/PCBoost-200514/5.5.11.2020/Samples/PCBoostTray.exe","200514/PCBoost-200514/5.5.11.2020/Samples/PCBoostUpdate.exe"],"imageFiles":["200514/PCBoost-200514/5.5.11.2020/Images/ACR-109/PCBoost_Installs [4] Bundled_RelevantKnowledge.png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-109/PCBoost_rkverify.exe_runningprocess [1].png"],"nonDeceptorImageFiles":["200514/PCBoost-200514/5.5.11.2020/Images/ACR-065/PCBoost_Installs [1].png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-065/PCBoost_Installs [2].png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-092/PCBoost_FileProperties.png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-065/PCBoost_Interaction[1].png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-065/PCBoost_About[1].png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-099/PCBoost_About[1].png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-065/PGWARE - Innovative and essential desktop and mobile software.png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-099/PGWARE - Innovative and essential desktop and mobile software.png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-065/PGWARE - Buy Software From Our Online Store.png","200514/PCBoost-200514/5.5.11.2020/Images/ACR-099/PGWARE - Buy Software From Our Online Store.png"],"guid":"692dea54-b773-4769-876b-16e58a35166e_5.5.11.2020_1","appID":"PCBoost-200514","dateAdded":"230508","deceptorType":"Bundler","name":"PCBoost","company":"PGWARE LLC","version":"5.5.11.2020","sigName":"Deceptor:Win32/PCBoost!109","lastKnownStatus":"5.5.11.2020;5.8.23.2021;5.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1012},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without disclosing it to the user and get user consent\n","ACR-057":"User can't decline offer to proceed installation\n","ACR-059":"The Offer is not clearly marked as an offer and who is recommending the offer is not clear.\n","ACR-155":"The Offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the app's Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the app's Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy. \nThe internal offer page does not display links to the Returns and Cancellation Policy. \n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n","ACR-157":"The application’s executable files have no signed certificate, and are unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page does not show how to uninstall the app.\nThe application's internal offer page does not show how to uninstall the app.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"systemswift .exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"cf52f1f2b497501d812453c0edc31759","hashSHA1":"4c506ac49a595802c55a148faa6372e07691e314","hashSHA256":"409602d97bb1e2f0e369780dd26a9d2f873bf068530e20372ce04d3141e04dce","sourceIndex":"1742","avBlockList":["Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","Bitdefender Internet Security (20220127)","Dr.Web Security Space (20220127)","ESET Internet Security (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","Kaspersky Internet Security (20220127)","Malwarebytes Premium (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Tencent PC Manager (20220127)","Total AV Antivirus Pro (20220127)","Trend Micro Internet Security (20220127)","VIPRE Advanced Security (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":["360 Total Security (20220127)","COMODO Antivirus (20220127)"]},{"isRevoked":"False","fileName":"SystemSwift.exe","fileVersion":"1.0","hashMD5":"e2ab9d9342e83b07d87c5f66e6cc94a1","hashSHA1":"07fd4e0a1d7810dd732f0ab5b0289b697c108076","hashSHA256":"a18a3e5166c67e39ee439f7bd842d6daec079aace26e2e7d55423942eaf092f7","sourceIndex":"1742","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://www.pgware.com/products/systemswift/","directDownloadingLink":"http://www.pgware.com/downloads/systemswift.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/systemswift.exe","sourceIndex":"1742"}],"sampleFiles":["211229/SystemSwift2-200918/2.8.23.2021/Samples/systemswift .exe","211229/SystemSwift2-200918/2.8.23.2021/Samples/SystemSwift.exe"],"imageFiles":["211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-109/SystemSwift_Install [3].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-057/SystemSwift_Install [2].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-059/SystemSwift_Install [2].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-155/SystemSwift_Install [2].png"],"nonDeceptorImageFiles":["211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-065/SystemSwift_Install [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-065/SystemSwift_Install [5].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-065/SystemSwift_Install [7].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-106/SystemSwift_Install [2].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-157/SystemSwift_FileProperty [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-157/SystemSwift_FileProperty [2].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-157/SystemSwift_FileProperty [3].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-065/SystemSwift_About [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-099/SystemSwift_About [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-167/SystemSwift_LandingPage [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-065/SystemSwift_LandingPage [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-099/SystemSwift_LandingPage [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-166/SystemSwift_OfferPage [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-166/SystemSwift_OfferPage [2].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-065/SystemSwift_OfferPage [1].png","211229/SystemSwift2-200918/2.8.23.2021/Images/ACR-099/SystemSwift_OfferPage [1].png"],"guid":"19031f85-f8eb-49cf-b7f5-74a570017c14_2.8.23.2021_1","appID":"SystemSwift2-200918","dateAdded":"230508","deceptorType":"Bundler","name":"SystemSwift 2","company":"PGWARE LLC","version":"2.8.23.2021","lastKnownStatus":"2.9.7.2020;2.8.23.2021;2.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1004},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user\n","ACR-042":"The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt \n","ACR-043":"The app drops the Root Certificate files without disclosing in during installation. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file. \n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" and other components on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear. \n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Cert file in the installation prompt \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not provide digital signature for the executables.\n","ACR-123":"The app does not remove an dropped root certificates even after uninstalling \n"},"samples":[{"isRevoked":"False","fileName":"systemswift(installer).exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"b31b77bac788db8f338be4b53203bf4c","hashSHA1":"e0b0416fe1bc785e1b828214222b9d8a1607c5af","hashSHA256":"9eef679f43c6da81817bc9304b97afdd9312ccac2dd5d66016088357951562bf","sourceIndex":"1108","avBlockList":["360 Total Security (20230516)","Avast Premium Security (20230516)","AVG Internet Security (20230516)","Avira Internet Security (20230516)","Bitdefender Internet Security (20230516)","Dr.Web Security Space (20230516)","ESET Internet Security (20230516)","G DATA INTERNET SECURITY (20230516)","K7 Total Security (20230516)","Kaspersky Internet Security (20230516)","Malwarebytes Premium (20230516)","McAfee Total Protection (20230516)","Norton Security (20230516)","Panda Dome (20230516)","Quick Heal Internet Security (20230516)","Sophos Home Premium (20230516)","SpyHunter5 (20230516)","Total AV Antivirus Pro (20230516)","VIPRE Advanced Security (20230516)","VirIT eXplorer PRO (20230516)","Webroot SecureAnywhere (20230516)","Windows Defender (20230516)"],"avAllowList":["COMODO Antivirus (20230516)","Trend Micro Internet Security (20230516)"]},{"isRevoked":"False","fileName":"SystemSwift.exe","fileVersion":"1.0","hashMD5":"02e4bfbab5bda00bdd692e0e67e7c6cc","hashSHA1":"b398091a9d41b1e1e6ef05f9f6ec7d6cbe896ba2","hashSHA256":"753c301028cb010e2b6cf6b02faa5313fcae7c7b01758af7baaf5072c4c36fa2","sourceIndex":"1108","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"systemswift_install.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"0dfcb181c6a360fe1dc050dc6d6f262b","hashSHA1":"845f56cce4b5f54fb51a6f173ae6d3ddaa9eb87a","hashSHA256":"0d4f7c1418ed406e3c953d63442778d1dbd433242ca51b4d8b05407ff2d0dcdd","sourceIndex":"1108","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://www.pgware.com/products/systemswift/","directDownloadingLink":"http://www.pgware.com/downloads/systemswift.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/systemswift.exe","sourceIndex":"1108"}],"sampleFiles":["230508/SystemSwift2-200918/2.3.7.2022/Samples/systemswift(installer).exe","230508/SystemSwift2-200918/2.3.7.2022/Samples/SystemSwift.exe","230508/SystemSwift2-200918/2.3.7.2022/Samples/systemswift_install.exe"],"imageFiles":["230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-109/ACR-109.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-109/RK Running Survey Program.png","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-109/RK Setup Running.png","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-043/ACR-043.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-042/ACR-042.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-048/ACR-048.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-007/ACR-007.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-010/ACR-010.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-118/ACR-118.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-057/ACR-057.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-059/ACR-059.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-071/ACR-071.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-155/ACR-155.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-013/ACR-013.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":["230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-045/ACR-045.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-106/RK Running Survey Program.png","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-106/ACR-106.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-092/ACR-092.JPG","230508/SystemSwift2-200918/2.3.7.2022/Images/ACR-123/ACR-123.JPG"],"guid":"19031f85-f8eb-49cf-b7f5-74a570017c14_2.3.7.2022_1","appID":"SystemSwift2-200918","dateAdded":"230508","deceptorType":"Bundler","name":"SystemSwift 2","company":"PGWARE LLC","version":"2.3.7.2022","lastKnownStatus":"2.9.7.2020;2.8.23.2021;2.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:40.8367939+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1003},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without disclosing it to the user and get user consent\n","ACR-057":"User can't decline offer to proceed installation\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"The Offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \n\nThe app does not display links to the Returns and Cancellation or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display link to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n","ACR-092":"The app does not have a digital signature for  the main executables.\n","ACR-099":"The app's about page does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"pcboost .exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"d40bccea9171607e81a36be9da2e0eac","hashSHA1":"ad7de0bcc16da8ad5511c4d967a06e8fb874b7a4","hashSHA256":"de321618b98e8380fe6ee4d88d6488950b6e285dea400085e287be29411531cf","sourceIndex":"1752","avBlockList":["360 Total Security (20211230)","Avast Premium Security (20211230)","AVG Internet Security (20211230)","Avira Internet Security (20211230)","Bitdefender Internet Security (20211230)","Dr.Web Security Space (20211230)","ESET Internet Security (20211230)","G DATA INTERNET SECURITY (20211230)","K7 Total Security (20211230)","Kaspersky Internet Security (20211230)","Malwarebytes Premium (20211230)","McAfee Total Protection (20211230)","Norton Security (20211230)","Panda Dome (20211230)","Quick Heal Internet Security (20211230)","Sophos Home Premium (20211230)","SpyHunter5 (20211230)","Tencent PC Manager (20211230)","Total AV Antivirus Pro (20211230)","VIPRE Advanced Security (20211230)","VirIT eXplorer PRO (20211230)","Webroot SecureAnywhere (20211230)","Windows Defender (20211230)"],"avAllowList":["COMODO Antivirus (20211230)","Trend Micro Internet Security (20211230)"]},{"isRevoked":"False","fileName":"PCBoost.exe","fileVersion":"1.0","hashMD5":"7091accdcf022942771731879a55bac0","hashSHA1":"02a4fcc88592dbd430aae2977a1028172aaceb68","hashSHA256":"0796abc0887fb14c17bce854ba8311e63723e82d6b67f7a38951bb7cde8c63dd","sourceIndex":"1752","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://www.pgware.com/","directDownloadingLink":"http://www.pgware.com/downloads/pcboost.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/pcboost.exe","sourceIndex":"1752"}],"sampleFiles":["211222/PCBoost-200514/5.8.23.2021/Samples/pcboost .exe","211222/PCBoost-200514/5.8.23.2021/Samples/PCBoost.exe"],"imageFiles":["211222/PCBoost-200514/5.8.23.2021/Images/ACR-109/PCBoost_Install [2].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-057/PCBoost_Install [3].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-059/PCBoost_Install [3].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-155/PCBoost_Install [3].png"],"nonDeceptorImageFiles":["211222/PCBoost-200514/5.8.23.2021/Images/ACR-065/PCBoost_Install [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-106/PCBoost_Install [3].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-092/PCBoost_FileProperty [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-092/PCBoost_FileProperty [2].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-092/PCBoost_FileProperty [3].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-065/PCBoost_About [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-099/PCBoost_About [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-167/PCBoost_LandingPage [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-065/PCBoost_LandingPage [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-099/PCBoost_LandingPage [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-166/PCBoost_OfferPage [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-166/PCBoost_OfferPage [2].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-166/PCBoost_OfferPage [4].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-166/PCBoost_OfferPage [5].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-065/PCBoost_OfferPage [1].png","211222/PCBoost-200514/5.8.23.2021/Images/ACR-099/PCBoost_OfferPage [1].png"],"guid":"692dea54-b773-4769-876b-16e58a35166e_5.8.23.2021_1","appID":"PCBoost-200514","dateAdded":"230508","deceptorType":"Bundler","name":"PCBoost","company":"PGWARE LLC","version":"5.8.23.2021","sigName":"Deceptor:Win32/PCBoost!109057059155","lastKnownStatus":"5.5.11.2020;5.8.23.2021;5.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1011},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the app's Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the app's Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy. \nThe internal offer page does not display links to the Returns and Cancellation Policy. \n","ACR-157":"The application’s executable files have no signed certificate, and are unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page does not show how to uninstall the app.\nThe application's internal offer page does not show how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"systemswift_.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"8d0b48cd805a11d2502cbff8a4856d58","hashSHA1":"0aba44e0b98c6b49ef35bbfd2b9f15a5b62ed81f","hashSHA256":"516c85db10ae816d2bb5454e7e1a637e5431636313f061f4b28ee31db782fd2a","sourceIndex":"2110","avBlockList":["Avast Premium Security (20201006)","AVG Internet Security (20201006)","Avira Internet Security (20201006)","Bitdefender Internet Security (20201006)","COMODO Antivirus (20201006)","Dr.Web Security Space (20201006)","ESET Internet Security (20201006)","G DATA INTERNET SECURITY (20201006)","K7 Total Security (20201006)","Malwarebytes Premium (20201006)","McAfee Total Protection (20201006)","Norton Security (20201006)","Panda Dome (20201006)","Quick Heal Internet Security (20201006)","Sophos Home Premium (20201006)","SpyHunter5 (20201006)","Tencent PC Manager (20201006)","Total AV Antivirus Pro (20201006)","Trend Micro Internet Security (20201006)","VIPRE Advanced Security (20201006)","VirIT eXplorer PRO (20201006)","Webroot SecureAnywhere (20201006)","Windows Defender (20201006)"],"avAllowList":["360 Total Security (20201006)","Kaspersky Internet Security (20201006)"]},{"isRevoked":"False","fileName":"SystemSwift.exe","fileVersion":"1.0","hashMD5":"7101b6fef2b2d20e492fe86fe9195ffa","hashSHA1":"3e161f886d9b7cc06edb0ee108fa396d1ec0083d","hashSHA256":"7832e4e58edb563e5dc7ddc7cad65cf17c08b4c764fae05e931a0c69bb306616","sourceIndex":"2110","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://www.pgware.com/products/systemswift/","directDownloadingLink":"http://www.pgware.com/downloads/systemswift.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/systemswift.exe","sourceIndex":"2110"}],"sampleFiles":["200921/SystemSwift2-200918/2.9.7.2020/Samples/systemswift_.exe","200921/SystemSwift2-200918/2.9.7.2020/Samples/SystemSwift.exe"],"imageFiles":["200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-109/SystemSwift 2_Install [4] RelevantKnowledge.png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-048/SystemSwift 2_Install [4] RelevantKnowledge.png"],"nonDeceptorImageFiles":["200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_Install [1].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_Install [2].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-157/SystemSwift 2_FileUnsigned[1].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-157/SystemSwift 2_FileUnsigned[2].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_About[1].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-099/SystemSwift 2_About[1].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_LandingPage [1].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_LandingPage [2].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-099/SystemSwift 2_LandingPage [1].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-099/SystemSwift 2_LandingPage [2].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_OfferPage [1].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_OfferPage [2].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_OfferPage [3].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-065/SystemSwift 2_OfferPage [4].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-099/SystemSwift 2_OfferPage [1].png","200921/SystemSwift2-200918/2.9.7.2020/Images/ACR-099/SystemSwift 2_OfferPage [2].png"],"guid":"19031f85-f8eb-49cf-b7f5-74a570017c14_2.9.7.2020_1","appID":"SystemSwift2-200918","dateAdded":"230508","deceptorType":"Bundler","name":"SystemSwift 2","company":"PGWARE LLC","version":"2.9.7.2020","sigName":"Deceptor:Win32/SystemSwift!109048","lastKnownStatus":"2.9.7.2020;2.8.23.2021;2.3.7.2022","lastKnownDate":"230508","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1005},{"violations":{"ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-097":"App has by default setting \"Add to Windows firewall exceptions\" during installation.\n","ACR-059":"Offer is not clearly mark as optional offer. The offer looks like part of the installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"OrbitDM.exe","companyName":"Orbitdownloader.com","fileVersion":"4.1","hashMD5":"14be01db34df696adfb263805437fa60","hashSHA1":"3fd694d2f622163c009674b600752a22cbd7a82d","hashSHA256":"549802a9bd66b47f883d17d7030ba324b3cffc1d2bc3749846e71cdfbbf617c1","digitalCertThumbprint":"14CEFE468E924DC3B2ADAF56E9A9CA4966174D60","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=KORAM GAMES LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK","sourceIndex":"1118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OrbitDownloaderSetup.exe","isInstaller":"True","companyName":"www.orbitdownloader.com                                     ","fileVersion":"4.1","hashMD5":"a14d5266da3325bf96e7c73eede18c26","hashSHA1":"476dcb0fb0661e979bf04e3f775125c114ea9b30","hashSHA256":"18756d11b3c62654e2409d1340a8114fbd471f114420e5ba7735a7363cf23ec6","digitalCertThumbprint":"14CEFE468E924DC3B2ADAF56E9A9CA4966174D60","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=KORAM GAMES LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK","sourceIndex":"1118","avBlockList":["Avira Internet Security (20230518)","Bitdefender Internet Security (20230518)","COMODO Antivirus (20230518)","Dr.Web Security Space (20230518)","G DATA INTERNET SECURITY (20230518)","K7 Total Security (20230518)","Kaspersky Internet Security (20230518)","Malwarebytes Premium (20230518)","McAfee Total Protection (20230518)","Norton Security (20230518)","Quick Heal Internet Security (20230518)","Sophos Home Premium (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","VIPRE Advanced Security (20230518)","VirIT eXplorer PRO (20230518)","Webroot SecureAnywhere (20230518)","Avast Premium Security (20230518)","AVG Internet Security (20230518)"],"avAllowList":["360 Total Security (20230518)","ESET Internet Security (20230518)","Panda Dome (20230518)","Trend Micro Internet Security (20230518)","Windows Defender (20230518)"]}],"additionalFiles":[],"sources":[{"howFound":"random search for download managers","reference":"","landingPage":"http://filepony.de/download-orbit_downloader/","directDownloadingLink":"http://filepony.de/dl-T3JiaXREb3dubG9hZGVyU2V0dXAuZXhl-orbit_downloader-1367519770-11689126/OrbitDownloaderSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://filepony.de/dl-T3JiaXREb3dubG9hZGVyU2V0dXAuZXhl-orbit_downloader-1367519770-11689126/OrbitDownloaderSetup.exe","sourceIndex":"1118"}],"sampleFiles":["230505/OrbitDownloader-230405/4.1.1.18/Samples/orbitdm.exe","230505/OrbitDownloader-230405/4.1.1.18/Samples/OrbitDownloaderSetup.exe"],"imageFiles":["230505/OrbitDownloader-230405/4.1.1.18/Images/ACR-013/OptionalOffer.jpg","230505/OrbitDownloader-230405/4.1.1.18/Images/ACR-097/ACR-097.jpg","230505/OrbitDownloader-230405/4.1.1.18/Images/ACR-059/OptionalOffer.jpg","230505/OrbitDownloader-230405/4.1.1.18/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"6636928e-5f45-4a79-8252-7da305412811_4.1.1.18_1","appID":"OrbitDownloader-230405","dateAdded":"230505","deceptorType":"App","name":"Orbit Downloader","company":"Orbitdownloader.com","version":"4.1.1.18","lastKnownStatus":"4.1.1.18","lastKnownDate":"230505","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-05T20:31:14.8815707+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1013},{"violations":{"ACR-107":"App installs the FFmpeg package and doesn't include the open-source license or the source code or link to the source code. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"ComboPlayer.exe\" component on the device without the consumer's consent.\n","ACR-059":"The \"Optional Offer\" wording seems to be greyed out and is not clear.\n","ACR-155":"The offer was inserted to masquerade as a part of the workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ComboPlayer\\comboplayer.exe","companyName":"ROSTPAY LTD","productName":"ComboPlayer","productVersion":"3.0.4.4158","fileVersion":"3.0.4.4158","hashMD5":"cd16024307a6ad14668e25bdb9d66a95","hashSHA1":"5e50fde194e1d0f96856e913034657b3082a2b71","hashSHA256":"6c1ad1321eaf8c3116a28d014d37f5d84987fa37ab7bcbe3d3e53fd301cd9059","digitalCertThumbprint":"54333BC79AD6F5E807D9E44EE2CA306F878AEF41","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1661","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"comboplayer-install.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"ComboPlayerDownloader","productVersion":"1.2.3.5209","fileVersion":"1.2.3.5209","hashMD5":"2cba0a4a5b08b65f048604d3a51ad2f6","hashSHA1":"3f7906f0c7705d4f79c330331a69a0fa231701de","hashSHA256":"1f8cbbbeea0da4a7d9cee84dc76ce1dbbbb7d4d73f62d37b8127f6ad5f912c56","digitalCertThumbprint":"54333BC79AD6F5E807D9E44EE2CA306F878AEF41","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1661","avBlockList":["360 Total Security (20220217)","Avira Internet Security (20220217)","COMODO Antivirus (20220217)","Dr.Web Security Space (20220217)","ESET Internet Security (20220217)","K7 Total Security (20220217)","Malwarebytes Premium (20220217)","McAfee Total Protection (20220217)","Norton Security (20220217)","Panda Dome (20220217)","Quick Heal Internet Security (20220217)","Sophos Home Premium (20220217)","SpyHunter5 (20220217)","Total AV Antivirus Pro (20220217)","VirIT eXplorer PRO (20220217)","Windows Defender (20220217)"],"avAllowList":["Avast Premium Security (20220217)","AVG Internet Security (20220217)","Bitdefender Internet Security (20220217)","G DATA INTERNET SECURITY (20220217)","Kaspersky Internet Security (20220217)","Tencent PC Manager (20220217)","Trend Micro Internet Security (20220217)","VIPRE Advanced Security (20220217)","Webroot SecureAnywhere (20220217)"]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser","reference":"","landingPage":"https://www.comboplayer.ru/download","ipv4":"","ipv6":"","sourceIndex":"1661"}],"sampleFiles":["220211/Comboplayer-220208/1.2.3.5209/Samples/comboplayer-install.exe"],"imageFiles":["220211/Comboplayer-220208/1.2.3.5209/Images/ACR-118/ACR-118_Uninstall_Retains_Files.JPG","220211/Comboplayer-220208/1.2.3.5209/Images/ACR-107/ACR-107_Install_Drops_Third_Party.JPG","220211/Comboplayer-220208/1.2.3.5209/Images/ACR-059/ACR-059_Bundler-MadeOffers_1.JPG","220211/Comboplayer-220208/1.2.3.5209/Images/ACR-155/ACR-155_Bundler-MadeOffers_1.JPG"],"nonDeceptorImageFiles":[],"guid":"2dcc735a-22b5-4543-94fb-188ebe80c49b_1.2.3.5209_1","appID":"Comboplayer-220208","dateAdded":"230505","deceptorType":"App","name":"Combo Player","company":"ROSTPAY LTD","version":"1.2.3.5209","firstResolvedVersion":"","lastKnownStatus":"1.2.3.5209;3.0.7.2518","lastKnownDate":"230505","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1015},{"violations":{"ACR-043":"Third-party components are installed without providing information during installation flow. The \"FFmpeg\" & QT5 components are dropped before asking the user's permission.\n","ACR-046":"The \"Windows Firewall exception\" that is opted-in by default and it is hidden that can be unchecked only when the \"Customer Installation\" mode option is selected.\n","ACR-107":"The app does not obtain any authorization for using third-party \"FFMpeg\" & \"The Qt Company Ltd\" components\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-097":"During installation, the app has an option to evade the default system security guard \"Add software to Windows Firewall white list\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ComboPlayer\\comboplayer.exe","companyName":"ROSTPAY LTD","productName":"ComboPlayer","productVersion":"3.0.7.2518","fileVersion":"3.0.7.2518","hashMD5":"125587a8175e8d0509d7a500b1a7a8e2","hashSHA1":"91f1b8b2a3573ab14042663b33fe7dab21934c64","hashSHA256":"b253a3fd19149cdf51ed84038dab77ab9d5ae4a8c96f1f74eebc5c7060d43ec1","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1117","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"comboplayer-install.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"ComboPlayer","productVersion":"3.0.13","fileVersion":"3.0.13","hashMD5":"db1ba5d2d97c35824c4d47b9ee643285","hashSHA1":"52d91a0f9a8f619cad3a31d77e5c912474adb4e9","hashSHA256":"0bbfd77520996834532f71a9cfe3611f6c8a8829726ac35947abbdaaa85a36f1","digitalCertThumbprint":"316294AA6980C66B0F6EC1E6F7E7FE66E383BEC6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1117","avBlockList":["Avira Internet Security (20230523)","Bitdefender Internet Security (20230523)","COMODO Antivirus (20230523)","Dr.Web Security Space (20230523)","ESET Internet Security (20230523)","G DATA INTERNET SECURITY (20230523)","K7 Total Security (20230523)","Kaspersky Internet Security (20230523)","Malwarebytes Premium (20230523)","McAfee Total Protection (20230523)","Norton Security (20230523)","Panda Dome (20230523)","Sophos Home Premium (20230523)","SpyHunter5 (20230523)","Total AV Antivirus Pro (20230523)","VIPRE Advanced Security (20230523)","VirIT eXplorer PRO (20230523)","Webroot SecureAnywhere (20230523)"],"avAllowList":["360 Total Security (20230523)","Avast Premium Security (20230523)","AVG Internet Security (20230523)","Quick Heal Internet Security (20230523)","Trend Micro Internet Security (20230523)","Windows Defender (20230523)"]}],"additionalFiles":[],"sources":[{"howFound":"Tesla browser","reference":"","landingPage":"https://www.comboplayer.ru/","directDownloadingLink":"https://www.comboplayer.ru/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.comboplayer.ru/download","sourceIndex":"1117"}],"sampleFiles":["230505/Comboplayer-220208/3.0.7.2518/Samples/comboplayer-install.exe"],"imageFiles":["230505/Comboplayer-220208/3.0.7.2518/Images/ACR-107/ACR-107.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-107/ACR-107_1.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-043/ACR-043.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-043/ACR-043_1.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-046/ACR-046_Install.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-046/ACR-046.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-097/ACR-097.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-060/ACR-060.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-060/ACR-060_1.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-013/ACR-013.JPG","230505/Comboplayer-220208/3.0.7.2518/Images/ACR-013/ACR-013_1.JPG"],"nonDeceptorImageFiles":[],"guid":"2dcc735a-22b5-4543-94fb-188ebe80c49b_3.0.7.2518_1","appID":"Comboplayer-220208","dateAdded":"230505","deceptorType":"App","name":"Combo Player","company":"ROSTPAY LTD","version":"3.0.7.2518","firstResolvedVersion":"","lastKnownStatus":"1.2.3.5209;3.0.7.2518","lastKnownDate":"230505","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-05T20:41:56.5058166+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1014},{"violations":{"ACR-042":"The app does not present EULA to obtain the user's agreement and permission at installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"mykeyfinder-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"1415b65013dd7c60d279005dfa13c355","hashSHA1":"540a8e38195fec4f82399fe17abfde27ca076361","hashSHA256":"e2211e4740642318e512549044cf94c8ed789e39e77d430770b32001d36c74bd","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1105","avBlockList":["Avast Premium Security (20230509)","AVG Internet Security (20230509)","Avira Internet Security (20230509)","Bitdefender Internet Security (20230509)","ESET Internet Security (20230509)","Malwarebytes Premium (20230509)","Norton Security (20230509)","Panda Dome (20230509)","SpyHunter5 (20230509)","Total AV Antivirus Pro (20230509)","VIPRE Advanced Security (20230509)","VirIT eXplorer PRO (20230509)","Windows Defender (20230509)"],"avAllowList":["360 Total Security (20230509)","COMODO Antivirus (20230509)","Dr.Web Security Space (20230509)","G DATA INTERNET SECURITY (20230509)","K7 Total Security (20230509)","Kaspersky Internet Security (20230509)","McAfee Total Protection (20230509)","Quick Heal Internet Security (20230509)","Sophos Home Premium (20230509)","Trend Micro Internet Security (20230509)","Webroot SecureAnywhere (20230509)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.abelssoft.de/en/windows/helpers/mykeyfinder","directDownloadingLink":"https://www.abelssoft.de/mykeyfinder-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/mykeyfinder-setup.exe","sourceIndex":"1105"}],"sampleFiles":["230504/MyKeyFinder-230502/2023.12.02/Samples/mykeyfinder-setup.exe"],"imageFiles":["230504/MyKeyFinder-230502/2023.12.02/Images/ACR-042/ACR-042-MyKeyFinder.jpg","230504/MyKeyFinder-230502/2023.12.02/Images/ACR-013/OptionalOffer-MyKeyFinder.jpg","230504/MyKeyFinder-230502/2023.12.02/Images/ACR-060/OptionalOffer-MyKeyFinder.jpg"],"nonDeceptorImageFiles":[],"guid":"77f3695d-0614-4894-92a4-e1cf1d7fb5dc_2023.12.02_1","appID":"MyKeyFinder-230502","dateAdded":"230504","deceptorType":"App","name":"My Key Finder","company":"Abelssoft","version":"2023.12.02","firstVendorContactDate":"230509","firstAppEsteemReplyDate":"230512","firstResolvedDate":"230512","firstResolvedVersion":"12.03","resolved":"TRUE","lastKnownStatus":"2023.12.02","lastKnownDate":"230504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-13T00:39:11.6336522+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1016},{"violations":{"ACR-042":"The app does not present EULA to obtain the user's agreement and permission at installation.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"fileorganizer-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"9babf96549ffae34864f7f8e9c214b3a","hashSHA1":"44287788b5be433403456ec3b67a9ccabec5adbe","hashSHA256":"e742ace25a972692f5843a5589f64e9d8abbc6e70a0b593023438692ac42921d","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1103","avBlockList":["Avast Premium Security (20230509)","AVG Internet Security (20230509)","Avira Internet Security (20230509)","ESET Internet Security (20230509)","K7 Total Security (20230509)","Norton Security (20230509)","Panda Dome (20230509)","Sophos Home Premium (20230509)","SpyHunter5 (20230509)","Total AV Antivirus Pro (20230509)","VirIT eXplorer PRO (20230509)","Windows Defender (20230509)"],"avAllowList":["360 Total Security (20230509)","Bitdefender Internet Security (20230509)","COMODO Antivirus (20230509)","Dr.Web Security Space (20230509)","G DATA INTERNET SECURITY (20230509)","Kaspersky Internet Security (20230509)","Malwarebytes Premium (20230509)","McAfee Total Protection (20230509)","Quick Heal Internet Security (20230509)","Trend Micro Internet Security (20230509)","VIPRE Advanced Security (20230509)","Webroot SecureAnywhere (20230509)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.abelssoft.de/en/windows/helpers/abelssoft-file-organizer","directDownloadingLink":"https://www.abelssoft.de/fileorganizer-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/fileorganizer-setup.exe","sourceIndex":"1103"}],"sampleFiles":["230504/FileOrganizer-230502/2023.5.01/Samples/fileorganizer-setup.exe"],"imageFiles":["230504/FileOrganizer-230502/2023.5.01/Images/ACR-042/ACR-042.jpg","230504/FileOrganizer-230502/2023.5.01/Images/ACR-013/OptionalOffer.jpg","230504/FileOrganizer-230502/2023.5.01/Images/ACR-060/OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"e6cb1cab-edf3-4292-a796-c7c53fb18096_2023.5.01_1","appID":"FileOrganizer-230502","dateAdded":"230504","deceptorType":"App","name":"File Organizer","company":"Abelssoft","version":"2023.5.01","firstVendorContactDate":"230509","firstAppEsteemReplyDate":"230512","firstResolvedDate":"230512","firstResolvedVersion":"5.02","resolved":"TRUE","lastKnownStatus":"2023.5.01","lastKnownDate":"230504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-13T00:52:03.5687513+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1018},{"violations":{"ACR-048":"The app does not provide an option to cancel installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"ItopVPN & Screen Recorder\" offers\n","ACR-071":"The user is unable to decline the offers \"Iobit Smart Defrag and Iobit Protected Folder\" independently. The apps are added by default for the user and it can not be declined in the shopping cart. \n","ACR-014":"The app displays an exclamation symbol while showing the \"Outdated\" software and \"Your IP and online accounts may be exposed to hackers!\" notification which exaggerates urgency and misleads the user.\n","ACR-055":"The \"ItopVPN & Screen Recorder\" offers requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"ItopVPN & Screen Recorder\" Offers are not clearly marked as an offer \n","ACR-155":"The \"ItopVPN & Screen Recorder\" offers was inserted to masquerade as a part of the installation workflow \n"},"nonDeceptorViolations":{"ACR-088":"The app auto-scans right after installation without any user authorization.\n","ACR-067":"The app does not provide an option to Opt-Out \"Iobit Smart Defrag and Iobit Protected Folder\" apps in the internal offers\n"},"samples":[{"isRevoked":"False","fileName":"iobit-software-updater-setup.exe","isInstaller":"True","companyName":"IObit                                                       ","productName":"IObit Software Updater                                      ","productVersion":"5.4.0.33                                          ","fileVersion":"5.4.0.33            ","hashMD5":"56a07e5eec286988b5fcf58385925833","hashSHA1":"3b13faabc54c580775d215fdb64a5d27b1ed6aff","hashSHA256":"098e39cdee6d87e429d28765db817e15f356febd87c29371561ee4b62068d174","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1069","avBlockList":["Avast Premium Security (20230518)","AVG Internet Security (20230518)","Avira Internet Security (20230518)","Dr.Web Security Space (20230518)","ESET Internet Security (20230518)","G DATA INTERNET SECURITY (20230518)","Kaspersky Internet Security (20230518)","McAfee Total Protection (20230518)","Norton Security (20230518)","Panda Dome (20230518)","Sophos Home Premium (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","VirIT eXplorer PRO (20230518)"],"avAllowList":["360 Total Security (20230518)","Bitdefender Internet Security (20230518)","COMODO Antivirus (20230518)","K7 Total Security (20230518)","Malwarebytes Premium (20230518)","Quick Heal Internet Security (20230518)","Trend Micro Internet Security (20230518)","VIPRE Advanced Security (20230518)","Webroot SecureAnywhere (20230518)","Windows Defender (20230518)"]}],"additionalFiles":[],"sources":[{"howFound":"In bundle Offers from Advanced system care","reference":"","landingPage":"https://www.iobit.com/en/iobit-software-updater.php","directDownloadingLink":"","ipv4":"","ipv6":"","landingPageWildChar":"https://www.iobit.com/en/iobit-software-updater.php","directDownloadingLinkWildChar":"","sourceIndex":"1069"}],"sampleFiles":["230504/IObitsoftwareupdater-220630/5.4.0.33/Samples/iobit-software-updater-setup.exe"],"imageFiles":["230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-048/ACR-048.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-013/ACR-013.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-014/ACR-014.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-057/ACR-057.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-059/ACR-059.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-155/ACR-155.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-055/ACR-055.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-071/ACR-071.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-071/ACR-071_1.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-060/ACR-060.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-060/ACR-060_1.JPG"],"nonDeceptorImageFiles":["230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-088/ACR-088.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-067/ACR-067.JPG","230504/IObitsoftwareupdater-220630/5.4.0.33/Images/ACR-067/ACR-067_1.JPG"],"guid":"d1917ac5-4369-45b1-92d2-8f15d4c32f9b_5.4.0.33_1","appID":"IObitsoftwareupdater-220630","dateAdded":"230504","deceptorType":"App","name":"IObit Software Updater","company":"IObit","version":"5.4.0.33","firstVendorContactDate":"230506","firstAppEsteemReplyDate":"230509","firstResolvedDate":"230601","firstResolvedVersion":"5.4.0.36","resolved":"TRUE","lastKnownStatus":"5.4.0.33","lastKnownDate":"230504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-01T10:26:00.2527643+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1017},{"violations":{"ACR-048":"The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app enables the consumer to hide any app notifications from the targeted consumer. It also requires a password to open it.\n","ACR-084":"The app is installed in a hidden folder with random characters.\n","ACR-086":"The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-097":"The app prompts the consumer to completely ignore the windows defender security warning. It also disables anti-spyware software by default during install.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed under a hidden file with a name consisting of random characters. The app also uses a name with random characters.\n","ACR-065":"The internal offers page does not display links to the Returns and Cancellation Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page displays unsubstantiated testimonials.\n","ACR-099":"The internal offers page does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"keysetup.exe","isInstaller":"True","companyName":"Tech                                                        ","fileVersion":"4.4","hashMD5":"b18d939f062452af997508011e25f219","hashSHA1":"4ce668545aa2f52e9a5bcca7a7ac54f910bb30b4","hashSHA256":"829654a46c8a9611fa2c02b8cb259c9a8d062f347c54a3abc2d0228cf0b5fe10","sourceIndex":"2597","avBlockList":["360 Total Security (20210615)","Avast Internet Security (20191226)","AVG Internet Security (20210615)","Avira Internet Security (20210615)","Bitdefender Internet Security (20210615)","COMODO Antivirus (20210615)","Dr.Web Security Space (20210615)","ESET Internet Security (20210615)","G DATA INTERNET SECURITY (20210615)","K7 Total Security (20210615)","Kaspersky Internet Security (20210615)","Malwarebytes Premium (20210615)","McAfee Total Protection (20210615)","Norton Security (20210615)","Panda Dome (20210615)","Quick Heal Internet Security (20210615)","Sophos Home Premium (20210615)","Tencent PC Manager (20210615)","Trend Micro Internet Security (20210615)","VIPRE Advanced Security (20210615)","VirIT eXplorer PRO (20210615)","Webroot SecureAnywhere (20210615)","Windows Defender (20210615)","Avast Premium Security (20210615)","SpyHunter5 (20210615)","Total AV Antivirus Pro (20210615)"],"avAllowList":[]},{"isRevoked":"False","fileName":"fzvhlsq.exe","companyName":"mh__32","fileVersion":"0.8","hashMD5":"cf1ad42f02ee3290fd88727e65259fa1","hashSHA1":"600d066f3d904a0c7d02ceb13e702afdd5dad2f3","hashSHA256":"4b110399f5d90a2c30f91763097f122ee16b1ee3bdc11dfdc5b6d934f515ca85","sourceIndex":"2597","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"keylogger screen recorder\" - Google Search","reference":"Hunt.Search","landingPage":"https://www.relytec.com","directDownloadingLink":"https://www.relytec.com/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.relytec.com/download.htm","sourceIndex":"2597"}],"sampleFiles":["191125/AllInOneKeylogger-191122/4.4/Samples/keysetup.exe","191125/AllInOneKeylogger-191122/4.4/Samples/fzvhlsq.exe"],"imageFiles":["191125/AllInOneKeylogger-191122/4.4/Images/ACR-007/AllInOneKeylogger Password 2.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-007/AllInOneKeylogger Password.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-048/AllInOneKeylogger Hide More.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-048/AllInOneKeylogger Password.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-048/AllInOneKeylogger Password 2.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-097/AllInOneKeylogger Disable Anti-Spyware.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-097/AllInOneKeylogger Windows Defender.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-086/AllInOneKeylogger Password 2.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-086/AllInOneKeylogger Password.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-084/AllInOneKeylogger Hidden File 2.png"],"nonDeceptorImageFiles":["191125/AllInOneKeylogger-191122/4.4/Images/ACR-040/AllInOneKeylogger Hidden File 1.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-040/AllInOneKeylogger Hidden File 2.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-099/AllInOneKeylogger Internal Offers.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-099/AllInOneKeylogger Landing Page.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-161/AllInOneKeylogger Hide More.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-161/AllInOneKeylogger Password 2.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-161/AllInOneKeylogger Password.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-065/AllInOneKeylogger Internal Offers.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-065/AllInOneKeylogger Landing Page.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-065/AllInOneKeylogger Hide More.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-065/AllInOneKeylogger Install.png","191125/AllInOneKeylogger-191122/4.4/Images/ACR-065/AllInOneKeylogger EULA.png"],"guid":"71b14288-38b6-4bf3-bfce-f422873a0d8b_4.4_1","appID":"AllInOneKeylogger-191122","dateAdded":"230504","deceptorType":"App","name":"All In One Keylogger","company":"Relytec","version":"4.4","sigName":"Deceptor:Win32/AllInOneKeyloggerStalkerware!007048097086084","lastKnownStatus":"Deceptor:4.4,4.5;5.0;5.2;5.3","lastKnownDate":"230504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-05-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1023},{"violations":{"ACR-048":"1. The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch.\n2. The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n3. The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not show an explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"1. The app is installed in a hidden folder as \"Omwmsocidntbf\"\n2. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"The app has an option to disable the anti-spyware by default inside software settings. \n","ACR-116":"The app calls itself \"Install version 5.3”, which is not related to the name \"All in one Keylogger\", which misleads the targeted consumer to think that it can not be uninstalled by the standard platform\n","ACR-014":"The app calls itself \"Install version 5.3”, which is not related to the name \"All in one Keylogger\", which misleads the targeted consumer to think that it can not be uninstalled by the standard platform\n","ACR-124":"The app requires password to proceed with the uninstallation.\n"},"nonDeceptorViolations":{"ACR-038":"1. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n2. The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a hidden Folder in Program Files Directory as “Omwmsocidntbf”\n","ACR-065":"The internal offers page does not display links to the Returns and Cancellation Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe application does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe install does not display link for Returns and Cancellation Policy, Privacy Policy information. \n","ACR-002":"The app shows different names as \"Install version 5.3” in the running service section.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real. \nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main and installer executables.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The internal offers page does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Omwmsocidntbf\\vcakagc.exe","companyName":"","productName":"Install","productVersion":"0.09.0012","fileVersion":"0.09.0012","hashMD5":"ab84230fb338b433ab8dc4d7edf6c325","hashSHA1":"c680bb6557f8ad29251d6664fbde234f0f6b3763","hashSHA256":"d8f40bb20a20e039cda497b8971879e340a8e6b36d59fadc1845f879ce11afe8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1126","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"keysetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Install                                                     ","productVersion":"5.3                                               ","fileVersion":"5.3                 ","hashMD5":"b33c219885e31816bd285697643e0125","hashSHA1":"94ca5e4624b3ad29b65afc2fadbd8f0fafff5184","hashSHA256":"639bfbff8e28c09cc57643be5f689767a6915803e433b27c2b3d25aba63acf9d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1126","avBlockList":["360 Total Security (20230525)","Avast Premium Security (20230525)","AVG Internet Security (20230525)","Avira Internet Security (20230525)","Bitdefender Internet Security (20230525)","Dr.Web Security Space (20230525)","ESET Internet Security (20230525)","G DATA INTERNET SECURITY (20230525)","K7 Total Security (20230525)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20230525)","McAfee Total Protection (20230525)","Norton Security (20230525)","Panda Dome (20230525)","Quick Heal Internet Security (20230525)","Sophos Home Premium (20230525)","SpyHunter5 (20230525)","Total AV Antivirus Pro (20230525)","VIPRE Advanced Security (20230525)","VirIT eXplorer PRO (20230525)","Webroot SecureAnywhere (20230525)","Windows Defender (20230525)"],"avAllowList":["COMODO Antivirus (20230525)","Trend Micro Internet Security (20230525)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"https://www.relytec.com/download.htm","directDownloadingLink":"https://www.relytec.com/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.relytec.com/download.htm","sourceIndex":"1126"}],"sampleFiles":["230504/AllInOneKeylogger-191122/5.3/Samples/keysetup.exe"],"imageFiles":["230504/AllInOneKeylogger-191122/5.3/Images/ACR-007/ACR-007.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-007/ACR-007_1.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-007/ACR-007_2.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-007/ACR-007_3.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-048/ACR-048.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-048/ACR-048_1.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-048/ACr-048_2.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-048/ACR-048_3.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-048/ACR-048_4.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-097/ACR-097.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-086/ACR-086.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-086/ACR-086_1.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-086/ACR-086_2.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-086/ACR-086_3.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-084/ACR-084.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-084/ACR-084_1.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-084/ACR-084_2.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-084/ACR-084_3.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-084/ACR-084_4.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-014/ACR-014.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-116/ACR-116.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-124/ACR-124.JPG"],"nonDeceptorImageFiles":["230504/AllInOneKeylogger-191122/5.3/Images/ACR-040/ACR-040.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-099/ACR-099_InternalOffers.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-099/ACR-099_Landingpage.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-065/ACR-065_InternalOffers.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-065/ACR-065_Landingpage.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-065/ACR-065_Software.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-065/ACR-065_Install.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-038/ACR-038.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-038/ACR-038_1.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-002/ACR-002.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-017/ACR-017.jpg","230504/AllInOneKeylogger-191122/5.3/Images/ACR-161/ACR-161_Landingpage.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-161/ACR-161_InternalOffers.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-092/ACR-092.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-092/ACR-092_1.JPG","230504/AllInOneKeylogger-191122/5.3/Images/ACR-157/ACR-157.JPG"],"guid":"71b14288-38b6-4bf3-bfce-f422873a0d8b_5.3_1","appID":"AllInOneKeylogger-191122","dateAdded":"230504","deceptorType":"App","name":"All In One Keylogger","company":"Relytec","version":"5.3","lastKnownStatus":"Deceptor:4.4,4.5;5.0;5.2;5.3","lastKnownDate":"230504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:41.4174521+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1019},{"violations":{"ACR-048":"1.\tThe install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch \n2.\tThe app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n3.\tThe app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"1. The app is installed in a hidden folder as \"Ljybskixar\"\n2. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"The app prompts the consumer to completely ignore the windows defender security warning. \n"},"nonDeceptorViolations":{"ACR-038":"1. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n2. The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a hidden Folder in Program Files Directory as “Ljybskixar”\n","ACR-065":"The internal offers page does not display links to the Returns and Cancellation Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe application does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe install does not display link for Returns and Cancellation Policy, Privacy Policy information. \n","ACR-002":"The App shows different names as \"xpncfwombev.exe” in the running service section.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real. \nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main and installer executables.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The internal offers page does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"keysetup.exe","isInstaller":"True","companyName":"KTech                                                       ","fileVersion":"4.7","hashMD5":"ab33d2120ba2415b0641cfaa7c265358","hashSHA1":"37a3fb8774dab779d21d895d9f395dd78fc987e3","hashSHA256":"36bb957799bbde65a96bb0fabce147c4793d6a2876678b416011e1656745457b","sourceIndex":"1863","avBlockList":["360 Total Security (20211116)","Avast Premium Security (20211116)","AVG Internet Security (20211116)","Avira Internet Security (20211116)","Bitdefender Internet Security (20211116)","COMODO Antivirus (20211116)","Dr.Web Security Space (20211116)","ESET Internet Security (20211116)","G DATA INTERNET SECURITY (20211116)","K7 Total Security (20211116)","Kaspersky Internet Security (20211116)","Malwarebytes Premium (20211116)","McAfee Total Protection (20211116)","Norton Security (20211116)","Panda Dome (20211116)","Quick Heal Internet Security (20211116)","Sophos Home Premium (20211116)","SpyHunter5 (20211116)","Tencent PC Manager (20211116)","Total AV Antivirus Pro (20211116)","Trend Micro Internet Security (20211116)","VIPRE Advanced Security (20211116)","VirIT eXplorer PRO (20211116)","Webroot SecureAnywhere (20211116)","Windows Defender (20211116)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ksetup.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e90032f1306cdb031520d8393096338ca2e915d46e122dc9fbf3e06e2138c3f7","sourceIndex":"1863","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xpncfwombev.exe","companyName":"Cmd-g32","fileVersion":"0.6","hashMD5":"12f306fad7e532d68bf670b42dda21b0","hashSHA1":"01f079a7beb8c953b6f29f825d73934ff7f2f4f4","hashSHA256":"7fd27b99a4cc12c38d3501a45d023f840dd6f88a95fa02047e54140e08ae61da","sourceIndex":"1863","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fzlhwee [2].exe","companyName":"CR32","fileVersion":"5.5","hashMD5":"a537a4c37549db8b7ce0db34ae99a494","hashSHA1":"bea63277bc8cb0a39175f513cd23f1ba2c301922","hashSHA256":"32dfe0d61af524f9cf7029682e734f29b84d1fc5d9e2969f412f850516bd4354","sourceIndex":"1863","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"keysetup [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9cc62ab9d0e93ffe49c338fdb14e388e","hashSHA1":"4873872180bd196e1de825cf12cc86302b4fb044","hashSHA256":"039b200dadccbe6355935d36d83b9e2ebb01c84e03fb710895a04acb964280c1","sourceIndex":"1863","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ksetup [2].zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8d33c63c39b584d2283d3f3013c76497316eaab2c635eb2f82c69d802eac31a1","sourceIndex":"1863","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"keysetup[3].exe","isInstaller":"True","companyName":"KL-Tech                                                     ","fileVersion":"5.0","hashMD5":"3ffaec2b1d3782fabe5f53be7b31c6d4","hashSHA1":"7f931d03187bec9ac1c410433b3f12e3164d2033","hashSHA256":"2fa81226469590fea2eee48c7881b9045c73870e320a49c7229e0690c79d3b61","sourceIndex":"1863","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ksetup [3].zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"1e8f889f8a7962361b5d4962b7fb91d71e65680a57231487ee6a29b17268158a","sourceIndex":"1863","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xpncfwombev [3].exe","companyName":"CR32","fileVersion":"5.5","hashMD5":"a46259799737c6ebf0231ce00ceac795","hashSHA1":"c9d5cfb4b068e301f8eab1b2fb3ac8a18e13e606","hashSHA256":"9de6d37fd5b30c181286f31ea9574692cc14e017020e00f759c11a13a7e5ec25","sourceIndex":"1863","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"keylogger screen recorder\" - Google Search","reference":"Hunt.Search","landingPage":"https://www.relytec.com","directDownloadingLink":"https://www.relytec.com/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.relytec.com/download.htm","sourceIndex":"1863"}],"sampleFiles":["210707/AllInOneKeylogger-191122/5.0/Samples/keysetup.exe","210707/AllInOneKeylogger-191122/5.0/Samples/ksetup.zip","210707/AllInOneKeylogger-191122/5.0/Samples/xpncfwombev.exe","210707/AllInOneKeylogger-191122/5.0/Samples/fzlhwee [2].exe","210707/AllInOneKeylogger-191122/5.0/Samples/keysetup [2].exe","210707/AllInOneKeylogger-191122/5.0/Samples/ksetup [2].zip","210707/AllInOneKeylogger-191122/5.0/Samples/keysetup[3].exe","210707/AllInOneKeylogger-191122/5.0/Samples/ksetup [3].zip","210707/AllInOneKeylogger-191122/5.0/Samples/xpncfwombev [3].exe"],"imageFiles":["210707/AllInOneKeylogger-191122/5.0/Images/ACR-007/All In One Keylogger_Interactions [1].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-007/All In One Keylogger_Interactions [2].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-048/All In One Keylogger_Install [5].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-048/All In One Keylogger_Interactions [1].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-048/All In One Keylogger_Interactions [11] Password_Hotkey.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-048/All In One Keylogger_Interactions [5].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-048/All In One Keylogger_Interactions [6].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-048/All In One Keylogger_Interactions [7].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-048/All In One Keylogger_Interactions [8].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-097/All In One Keylogger_LandingPage [3] DisableAV.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-086/All In One Keylogger_Interactions [1].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-086/All In One Keylogger_Interactions [2].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-086/All In One Keylogger_Interactions [3].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-086/All In One Keylogger_Interactions [4].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-086/All In One Keylogger_Interactions [5].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-086/All In One Keylogger_Interactions [6].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-086/All In One Keylogger_Interactions [7].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-086/All In One Keylogger_Interactions [8].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-084/All In One Keylogger_FileComponent [1].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-084/All In One Keylogger_Interactions [1].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-084/All In One Keylogger_Interactions [11] Password_Hotkey.png"],"nonDeceptorImageFiles":["210707/AllInOneKeylogger-191122/5.0/Images/ACR-040/All In One Keylogger_FileComponent [1].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-099/All In One Keylogger_OfferPage [2].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-099/All In One Keylogger_LandingPage [2].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-065/All In One Keylogger_OfferPage [2].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-065/All In One Keylogger_LandingPage [2].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-065/All In One Keylogger_Interactions [3].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-065/All In One Keylogger_Interactions [14].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-065/All In One Keylogger_Install [1].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-065/All In One Keylogger_Install [2].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-038/All In One Keylogger_FileProperty [1] MainFile.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-038/All In One Keylogger_FileProperty [1] Installer.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-002/All In One Keylogger_RunningProcess [1].png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-017/All In One Keylogger_LandingPage [4] Awards.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-161/All In One Keylogger_LandingPage [1] Testimonials.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-161/All In One Keylogger_OfferPage [1] Testimonials.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-092/All In One Keylogger_FileProperty [2] Installer.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-092/All In One Keylogger_FileProperty [2] MainFile.png","210707/AllInOneKeylogger-191122/5.0/Images/ACR-157/All In One Keylogger_FileProperty [2] MainFile.png"],"guid":"71b14288-38b6-4bf3-bfce-f422873a0d8b_5.0_1","appID":"AllInOneKeylogger-191122","dateAdded":"230504","deceptorType":"App","name":"All In One Keylogger","company":"Relytec","version":"5.0","sigName":"Deceptor:Win32/AllInOneKeylogger!007048097086084","lastKnownStatus":"Deceptor:4.4,4.5;5.0;5.2;5.3","lastKnownDate":"230504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-05-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1021},{"violations":{"ACR-048":"1. The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch .\n2. The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n3.\tThe app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app does not show an explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"1. The app is installed in a hidden folder as \"Omwmsocidntbf\"\n2. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"The app has an option to disable the anti-spyware by default inside software settings. \n","ACR-014":"The app calls itself \"vcakagc.exe”, which is not related to the name \"All in one Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"1. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n2. The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a hidden Folder in Program Files Directory as “Omwmsocidntbf”\n","ACR-065":"The internal offers page does not display links to the Returns and Cancellation Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe application does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe install does not display link for Returns and Cancellation Policy, Privacy Policy information. \n","ACR-002":"The App shows different names as \"vcakagc.exe” in the running service section.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real. \nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main and installer executables.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The internal offers page does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"keysetup.exe","isInstaller":"True","companyName":"CTech                                                       ","productName":"AIO__22                                                     ","productVersion":"5.2                                               ","fileVersion":"5.2                 ","hashMD5":"30a2ff013fa3985a3b4a6c0ec78e616f","hashSHA1":"2968ad4a239f491afb562358250120e87835518a","hashSHA256":"a9651f47c763a563218594b4648024d855abdda012244bf383949daefb43f7b0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1700","avBlockList":["360 Total Security (20220505)","Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","Dr.Web Security Space (20220505)","ESET Internet Security (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Quick Heal Internet Security (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","Trend Micro Internet Security (20220505)","VIPRE Advanced Security (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["COMODO Antivirus (20220505)","Tencent PC Manager (20220505)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Omwmsocidntbf\\vcakagc.exe","companyName":"mRgb32","productName":"mRgb32","productVersion":"0.01.0421","fileVersion":"0.01.0421","hashMD5":"fd5c7ccac7c3c8c1f03e8bc8258195dc","hashSHA1":"0e09e187157031e4de5a658e292431ec340a5bc8","hashSHA256":"eeb8bd91c979e9d4d068443452c48aa5d6368de0f72b8696ed58ff18a19899e4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1700","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"keylogger screen recorder\" - Google Search","reference":"Hunt.Search","landingPage":"https://www.relytec.com/","directDownloadingLink":"http://www.relytec.com/download/keysetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.relytec.com/download/keysetup.exe","sourceIndex":"1700"}],"sampleFiles":["220302/AllInOneKeylogger-191122/5.2/Samples/keysetup.exe"],"imageFiles":["220302/AllInOneKeylogger-191122/5.2/Images/ACR-007/ACR-007_Software_Hiding_Presence.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-007/ACR-007_Software_Hiding_Presence_1.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-048/ACR-048_Software_No_Control.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-048/ACR-048_Software_Limits_User.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-048/ACR-048_Software_Limits_User_1.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-048/ACR-048_Software_Limits_User_2.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-097/ACR-097_Software_Disables_Security.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-086/ACR-086_Software_Collects_Data.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-086/ACR-086_Software_Collects_Data_1.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-086/ACR-086_Software_Collects_Data_2.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-086/ACR-086_Software_Collects_Data_3.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-084/ACR-084_Software_Hides.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-084/ACR-084_Software_Hides_1.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-084/ACR-084_Software_Hides_2.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-014/ACR-014_Software_1.JPG"],"nonDeceptorImageFiles":["220302/AllInOneKeylogger-191122/5.2/Images/ACR-040/ACR-040_Install_Hidden_Folder.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Info.jpg","220302/AllInOneKeylogger-191122/5.2/Images/ACR-099/ACR-099_Landingpage_No_Uninstall_Info.jpg","220302/AllInOneKeylogger-191122/5.2/Images/ACR-065/ACR-065_InternalOffers_No_Docs.jpg","220302/AllInOneKeylogger-191122/5.2/Images/ACR-065/ACR-065_Landingpage_No_Docs.jpg","220302/AllInOneKeylogger-191122/5.2/Images/ACR-065/ACR-065_Software_Docs_Missing.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-065/ACR-065_Software_Docs_Missing_1.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-065/ACR-065_Install_Docs_Missing_1.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-038/ACR-038_Install_Mismatch.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-038/ACR-038_Install_Mismatch_1.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-002/ACR-002_Software_Different_Names.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-002/ACR-002_Software_Different_Names_1.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-017/ACR-017_LandingPage_Unveriiable_logos.jpg","220302/AllInOneKeylogger-191122/5.2/Images/ACR-161/ACR-161_LandingPage_Unveriiable_Testimonils.jpg","220302/AllInOneKeylogger-191122/5.2/Images/ACR-161/ACR-161_Internal_Offers_Unveriiable_Testimonils.jpg","220302/AllInOneKeylogger-191122/5.2/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-092/ACR-092_Software_No_Digital_Signature_!.JPG","220302/AllInOneKeylogger-191122/5.2/Images/ACR-157/ACR-157_Software_1.JPG"],"guid":"71b14288-38b6-4bf3-bfce-f422873a0d8b_5.2_1","appID":"AllInOneKeylogger-191122","dateAdded":"230504","deceptorType":"App","name":"All In One Keylogger","company":"Relytec","version":"5.2","lastKnownStatus":"Deceptor:4.4,4.5;5.0;5.2;5.3","lastKnownDate":"230504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-05-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1020},{"violations":{"ACR-048":"The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-007":"The app enables the consumer to hide any app notifications from the targeted consumer. It also requires a password to open it.\n","ACR-084":"The app is installed in a hidden folder with random characters.\n","ACR-086":"The app does not inform the targeted consumer of how it collects data. It also requires a password to open it.\n","ACR-097":"The app prompts the consumer to completely ignore the windows defender security warning. It also disables anti-spyware software by default during install.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed under a hidden file with a name consisting of random characters. The app also uses a name with random characters.\n","ACR-065":"The internal offers page does not display links to the Returns and Cancellation Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page displays unsubstantiated testimonials.\n","ACR-099":"The internal offers page does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"setup (password to zip file is key1234).exe","isInstaller":"True","companyName":"Tech                                                        ","fileVersion":"4.5","hashMD5":"813da4a0f78833d2c23c17a3e204669d","hashSHA1":"9420b8c6a6ae1d70f5453e58f85dafb9bd9b5dd3","hashSHA256":"ac187a443ed1c5673e9c9457450bfe85745510853b09e83baf6cab014b1b3475","sourceIndex":"2545","avBlockList":["360 Total Security (20211130)","Avast Internet Security (20200224)","AVG Internet Security (20211130)","Avira Internet Security (20211130)","Bitdefender Internet Security (20211130)","COMODO Antivirus (20211130)","Dr.Web Security Space (20211130)","ESET Internet Security (20211130)","G DATA INTERNET SECURITY (20211130)","K7 Total Security (20211130)","Kaspersky Internet Security (20211130)","Malwarebytes Premium (20211130)","McAfee Total Protection (20211130)","Norton Security (20211130)","Panda Dome (20211130)","Quick Heal Internet Security (20211130)","Sophos Home Premium (20211130)","SpyHunter5 (20211130)","Tencent PC Manager (20211130)","Trend Micro Internet Security (20211130)","VIPRE Advanced Security (20211130)","VirIT eXplorer PRO (20211130)","Webroot SecureAnywhere (20211130)","Windows Defender (20211130)","Avast Premium Security (20211130)","Total AV Antivirus Pro (20211130)"],"avAllowList":[]},{"isRevoked":"False","fileName":"fzvhlsq.exe","companyName":"winm_32","fileVersion":"0.3","hashMD5":"60ab6d208026db3db81898996385c669","hashSHA1":"f26ca3b3b9b383ec81a47b01529b28e2e5bf5a99","hashSHA256":"91ff4a97683c036ddb75bb08021a21cedf8e01b00c71bb6612663f4038d4caff","sourceIndex":"2545","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"keylogger screen recorder\" - Google Search","reference":"Hunt.Search","landingPage":"https://www.relytec.com","directDownloadingLink":"https://www.relytec.com/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.relytec.com/download.htm","sourceIndex":"2545"}],"sampleFiles":["200212/AllInOneKeylogger-191122/4.5/Samples/setup (password to zip file is key1234).exe","200212/AllInOneKeylogger-191122/4.5/Samples/fzvhlsq.exe"],"imageFiles":["200212/AllInOneKeylogger-191122/4.5/Images/ACR-007/All In One Keylogger Password.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-007/All In One Keylogger password 2.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-048/All In One Keylogger Password.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-048/All In One Keylogger password 2.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-048/All In One Keylogger settings.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-097/All In One Keylogger av.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-097/All In One Keylogger Stealthiness.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-086/All In One Keylogger Password.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-086/All In One Keylogger password 2.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-084/All In One Keylogger hidden.png"],"nonDeceptorImageFiles":["200212/AllInOneKeylogger-191122/4.5/Images/ACR-040/All In One Keylogger hidden.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-099/All In One Keylogger Internal Offers.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-099/All In One Keylogger Landing Page.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-161/All In One Keylogger Password.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-161/All In One Keylogger settings.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-161/All In One Keylogger password 2.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-065/All In One Keylogger Internal Offers.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-065/All In One Keylogger Landing Page.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-065/All In One Keylogger settings.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-065/All In One Keylogger EULA.png","200212/AllInOneKeylogger-191122/4.5/Images/ACR-065/All In One Keylogger Install.png"],"guid":"71b14288-38b6-4bf3-bfce-f422873a0d8b_4.5_1","appID":"AllInOneKeylogger-191122","dateAdded":"230504","deceptorType":"App","name":"All In One Keylogger","company":"Relytec","version":"4.5","sigName":"Deceptor:Win32/AllInOneKeylogger!007048097086084","lastKnownStatus":"Deceptor:4.4,4.5;5.0;5.2;5.3","lastKnownDate":"230504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-05-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1022},{"violations":{"ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-057":"The options are not made obvious to the consumer in the offers.\n","ACR-055":"Accept/Decline options are not made obvious nor clearly displayed in the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"batterycare_setup_web.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"7548253ca5a7df4fa45ce473a29a732a","hashSHA1":"251b667090b11cf94a1c93db266c42b54d13f694","hashSHA256":"615ba5abdd104ce789b70472e96acd8337404bc317dd31d34e9fdf52f2db109e","digitalCertThumbprint":"37354C4632768CBEA92703A5E9EDEFB18B286F9A","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Filipe Lourenço","storeId":"","sourceIndex":"1130","avBlockList":["360 Total Security (20230518)","Avast Premium Security (20230518)","AVG Internet Security (20230518)","Avira Internet Security (20230518)","ESET Internet Security (20230518)","G DATA INTERNET SECURITY (20230518)","K7 Total Security (20230518)","McAfee Total Protection (20230518)","Norton Security (20230518)","Panda Dome (20230518)","Quick Heal Internet Security (20230518)","Sophos Home Premium (20230518)","SpyHunter5 (20230518)","Total AV Antivirus Pro (20230518)","VirIT eXplorer PRO (20230518)","Windows Defender (20230518)"],"avAllowList":["Bitdefender Internet Security (20230518)","COMODO Antivirus (20230518)","Dr.Web Security Space (20230518)","Kaspersky Internet Security (20230518)","Malwarebytes Premium (20230518)","Trend Micro Internet Security (20230518)","VIPRE Advanced Security (20230518)","Webroot SecureAnywhere (20230518)"]}],"additionalFiles":[],"sources":[{"howFound":"Offer made","reference":"","landingPage":"https://batterycare.net/en/index.html","directDownloadingLink":"https://batterycare.net/en/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://batterycare.net/en/download.html","sourceIndex":"1130"}],"sampleFiles":["230502/BatteryCare-230428/0.9.36.1/Samples/batterycare_setup_web.exe"],"imageFiles":["230502/BatteryCare-230428/0.9.36.1/Images/ACR-013/ACR-013.JPG","230502/BatteryCare-230428/0.9.36.1/Images/ACR-057/ACR-057.JPG","230502/BatteryCare-230428/0.9.36.1/Images/ACR-060/ACR-060.JPG","230502/BatteryCare-230428/0.9.36.1/Images/ACR-155/ACR-155.JPG","230502/BatteryCare-230428/0.9.36.1/Images/ACR-055/ACR-055.JPG"],"nonDeceptorImageFiles":[],"guid":"97f84e56-070f-4f15-8d43-01f97b6450ec_0.9.36.1_1","appID":"BatteryCare-230428","dateAdded":"230502","deceptorType":"App","name":"Battery Care","company":"BatteryCare","version":"0.9.36.1","lastKnownStatus":"0.9.36.1","lastKnownDate":"230502","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2023-05-02T17:12:17.6077328+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1024},{"violations":{"ACR-042":"The app does not present EULA to obtain the user's agreement and permission at installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"routerguard-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"RouterGuard                                                 ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"df3f044b74af1b5668d0996da18d179a","hashSHA1":"2d1edb76d7a72f0fa8c7cdb44a006b317d43166c","hashSHA256":"30c633dbb5826ab6b6d7b050874d60396d5448024263d4940ae7199b077f20cf","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Ascora GmbH","storeId":"","sourceIndex":"1121","avBlockList":["Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","ESET Internet Security (20230504)","K7 Total Security (20230504)","Malwarebytes Premium (20230504)","McAfee Total Protection (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","VirIT eXplorer PRO (20230504)","Windows Defender (20230504)"],"avAllowList":["360 Total Security (20230504)","Bitdefender Internet Security (20230504)","COMODO Antivirus (20230504)","Dr.Web Security Space (20230504)","G DATA INTERNET SECURITY (20230504)","Kaspersky Internet Security (20230504)","Quick Heal Internet Security (20230504)","Trend Micro Internet Security (20230504)","VIPRE Advanced Security (20230504)","Webroot SecureAnywhere (20230504)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on bundlers","reference":"","landingPage":"https://www.abelssoft.de/en/windows/security-privacy/routerguard","directDownloadingLink":"https://www.abelssoft.de/routerguard-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/routerguard-setup.exe","sourceIndex":"1121"}],"sampleFiles":["230501/RouterGuard-230426/2023.1.72/Samples/routerguard-setup.exe"],"imageFiles":["230501/RouterGuard-230426/2023.1.72/Images/ACR-042/ACR-042.JPG","230501/RouterGuard-230426/2023.1.72/Images/ACR-013/ACR-013.JPG","230501/RouterGuard-230426/2023.1.72/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":[],"guid":"6e8f4e0d-c756-4f73-8d33-d6114dd95563_2023.1.72_1","appID":"RouterGuard-230426","dateAdded":"230501","deceptorType":"App","name":"RouterGuard","company":"Abelssoft","version":"2023.1.72","firstVendorContactDate":"230504","firstAppEsteemReplyDate":"230504","firstResolvedDate":"230504","firstResolvedVersion":"2023.1.73","resolved":"TRUE","lastKnownStatus":"2023.1.72","lastKnownDate":"230501","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-05-04T20:07:29.3787633+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1025},{"violations":{"ACR-042":"The app does not present EULA to obtain user's agreement and permission at installation \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its component on the device without the consumer's consent or notifying the user\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"antiransomware-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"AntiRansomware                                              ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"a1009457e2f86f98ec5ed836baa723b8","hashSHA1":"11a68308ad93663447d39accd7ca04eb8a52e675","hashSHA256":"650e0f4e882d1922cec224e6ab994b5c1ea98b47fad133f6ff00387d7827c09e","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Ascora GmbH","storeId":"","sourceIndex":"1104","avBlockList":["Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","Bitdefender Internet Security (20230504)","ESET Internet Security (20230504)","K7 Total Security (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","VIPRE Advanced Security (20230504)","VirIT eXplorer PRO (20230504)","Webroot SecureAnywhere (20230504)","Windows Defender (20230504)"],"avAllowList":["360 Total Security (20230504)","COMODO Antivirus (20230504)","Dr.Web Security Space (20230504)","G DATA INTERNET SECURITY (20230504)","Kaspersky Internet Security (20230504)","Malwarebytes Premium (20230504)","McAfee Total Protection (20230504)","Quick Heal Internet Security (20230504)","Trend Micro Internet Security (20230504)"]}],"additionalFiles":[],"sources":[{"howFound":"hunted on bundlers","reference":"","landingPage":"https://www.abelssoft.de/en/windows/security-privacy/antiransomware","directDownloadingLink":"https://www.abelssoft.de/antiransomware-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/antiransomware-setup.exe","sourceIndex":"1104"}],"sampleFiles":["230501/AntiRansomware-230426/v2023.23/Samples/antiransomware-setup.exe"],"imageFiles":["230501/AntiRansomware-230426/v2023.23/Images/ACR-042/ACR-042.JPG","230501/AntiRansomware-230426/v2023.23/Images/ACR-013/ACR-013.JPG","230501/AntiRansomware-230426/v2023.23/Images/ACR-118/ACR-118.JPG","230501/AntiRansomware-230426/v2023.23/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":[],"guid":"fbd5799c-5604-4a5c-9a47-c5b2639c5673_v2023.23_1","appID":"AntiRansomware-230426","dateAdded":"230501","deceptorType":"App","name":"AntiRansomware","company":"Abelssoft","version":"v2023.23","firstVendorContactDate":"230509","firstAppEsteemReplyDate":"230512","firstResolvedDate":"230512","firstResolvedVersion":"23.01","resolved":"TRUE","lastKnownStatus":"v2023.23","lastKnownDate":"230501","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-05-13T00:50:50.7569639+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1026},{"violations":{"ACR-048":"The app does not provide an option to cancel the installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"ItopVPN & Screen Recorder\" offers.\n","ACR-055":"The \"ItopVPN & Screen Recorder\" offers requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers. \n","ACR-059":"The \"ItopVPN & Screen Recorder\" Offers are not clearly marked as an offer\n","ACR-155":"The \"ItopVPN & Screen Recorder\" offers was inserted to masquerade as a part of the installation workflow\n"},"nonDeceptorViolations":{"ACR-067":"The app does not provide an option to Opt-Out \"Smart Defrag & Protected folder\" apps in the internal offers\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\IObitUninstaler.exe","companyName":"IObit","productName":"IObit Uninstall Tool","productVersion":"12.0.0.0","fileVersion":"12.4.0.4","hashMD5":"3833bedd5a7edb11cc7e4e6201d54c08","hashSHA1":"66365d692bb42803bb699372a481e88d52b902df","hashSHA256":"21f682729a44371f2ad537c2b6d2c4bddfccc7cf07f38de9e42f3cb39367eb12","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1070","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\UninstallMonitor.exe","companyName":"IObit","productName":"IObit Uninstall Tool","productVersion":"12.0.0.0","fileVersion":"12.0.0.76","hashMD5":"a5326af63ac760840590ab55ffb38885","hashSHA1":"de3826c84ab66413b296f974eb712bf821048818","hashSHA256":"d7504d118c6e96b5726c8ef07eba0ce94b52a1c51658d8590e53847a844f1dca","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1070","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iobituninstallerSetup.exe","isInstaller":"True","companyName":"IObit                                                       ","productName":"IObit Uninstaller 12                                        ","productVersion":"12.4.0.4                                          ","fileVersion":"12.4.0.4            ","hashMD5":"525eebd8632b25e69fa67c3fe65193b9","hashSHA1":"ace1e00561b838bc21530c929fc8e0e50d1d5b09","hashSHA256":"8f685fccdd0365b2cb13b11574197124b8e7fdf39b2d378def777662054decd4","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1070","avBlockList":["Avira Internet Security (20230523)","Dr.Web Security Space (20230523)","ESET Internet Security (20230523)","G DATA INTERNET SECURITY (20230523)","K7 Total Security (20230523)","Kaspersky Internet Security (20230523)","Malwarebytes Premium (20230523)","McAfee Total Protection (20230523)","Norton Security (20230523)","Panda Dome (20230523)","Quick Heal Internet Security (20230523)","Sophos Home Premium (20230523)","SpyHunter5 (20230523)","Total AV Antivirus Pro (20230523)","VIPRE Advanced Security (20230523)","VirIT eXplorer PRO (20230523)","Webroot SecureAnywhere (20230523)"],"avAllowList":["360 Total Security (20230523)","Avast Premium Security (20230523)","AVG Internet Security (20230523)","Bitdefender Internet Security (20230523)","COMODO Antivirus (20230523)","Trend Micro Internet Security (20230523)","Windows Defender (20230523)"]}],"additionalFiles":[],"sources":[{"howFound":"In-bundle Offers from Advanced system care","reference":"","landingPage":"https://www.iobit.com/en/advanceduninstaller.php","directDownloadingLink":"","ipv4":"","ipv6":"","landingPageWildChar":"https://www.iobit.com/en/advanceduninstaller.php","directDownloadingLinkWildChar":"","sourceIndex":"1070"}],"sampleFiles":["230425/IObitUninstaller-220628/12.4.0.4/Samples/iobituninstallerSetup.exe"],"imageFiles":["230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-055/ACR-055.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-048/ACR-048_Install.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-013/ACR-013.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-013/ACR-013_1.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-013/ACR-013_2.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-013/ACR-013_3.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-057/ACR-057.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-059/ACR-059.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-155/ACR-155.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-060/ACR-060.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-060/ACR-060_1.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-060/ACR-060_2.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-060/ACR-060_3.JPG"],"nonDeceptorImageFiles":["230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-067/ACR-067.JPG","230425/IObitUninstaller-220628/12.4.0.4/Images/ACR-067/ACR-067_1.jpg"],"guid":"e9566192-88b3-4078-b19f-b5e9e297fa07_12.4.0.4_1","appID":"IObitUninstaller-220628","dateAdded":"230425","deceptorType":"App","name":"IObit Uninstaller","company":"IOBit","version":"12.4.0.4","firstVendorContactDate":"230506","firstAppEsteemReplyDate":"230509","firstResolvedDate":"230601","firstResolvedVersion":"12.4.0.9","resolved":"TRUE","lastKnownStatus":"11.5.0.3;12.4.0.4","lastKnownDate":"230425","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-01T10:23:51.0101393+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1027},{"violations":{"ACR-109":"When the offered apps  \"iTopVPN\" & \"ITop Screen recorder\" is accepted during installation, it also installs another app \"iTop Screenshot\" without user knowledge along with the two apps.\n","ACR-043":"When the offered apps  \"iTopVPN\" & \"ITop Screen recorder\" is accepted during installation, it also installs another app \"iTop Screenshot\" without user knowledge along with the two apps.\n","ACR-048":"The app does not provide any control to disable the scheduled task and to fully exit the app.\n","ACR-084":"On quitting the app, the process \"UninstallMonitor.exe\" runs silently in the background, hiding the fact that it is active from the consumer. \n","ACR-057":"The app does not provide a clear way for consumers to accept or decline. \n","ACR-053":" The app doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The \"iTopVPN\" & \"iTopScreenRecorder\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are inconsistent & not made obvious to the consumer in the offers.\n","ACR-039":"When the offered apps  \"iTopVPN\" & \"ITop Screen recorder\" is accepted during installation, it also installs another app \"iTop Screenshot\" without user knowledge along with the two apps.\n","ACR-155":"The offer was inserted to masquerade as a part of the installation flow.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks after uninstallation and reboot. \n","ACR-054":"The app does not provide equal prominence to \"Update manually\" & \"Activate now\" in the inline offers.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\Backup\\IObitUninstaler.exe","companyName":"IObit","productName":"IObit Uninstall Tool","productVersion":"11.5.0.0","fileVersion":"11.5.0.3","hashMD5":"ef4c79ef88af7e899138dff7f8640759","hashSHA1":"ffc04fad84f3fea6ffa1d350c8090234e3eb5b7c","hashSHA256":"c4b03ad18137063ef857d7b33348e9e3ea459663b0f169158cd9fa0e86502b1a","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1452","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\UninstallMonitor.exe","companyName":"IObit","productName":"IObit Uninstall Tool","productVersion":"11.0.0","fileVersion":"11.0.1.51","hashMD5":"a222399449f6f0a68d8443654f8760fb","hashSHA1":"700b17ad8227c890b638aa800203616d45deb3d9","hashSHA256":"4a219286dd3325caf88d1070611c2e44256ab209158cd80157592a4ddde5b385","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1452","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iobituninstallerSetup.exe","isInstaller":"True","companyName":"IObit                                                       ","productName":"Uninstall Tool                                              ","productVersion":"11.5.0.3                                          ","fileVersion":"11.5.0.3            ","hashMD5":"7fbfa93f3ae5038d43a3fd0be333a07c","hashSHA1":"490c251f75393d1a4e5eaa79867debf56505b147","hashSHA256":"462d062559271e4a86e09bbed18c5050c484288e83a6a3f47a290e0c0c8e6a41","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1452","avBlockList":["Avast Premium Security (20230502)","AVG Internet Security (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","Trend Micro Internet Security (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)","Windows Defender (20230502)"],"avAllowList":["360 Total Security (20230502)","Avira Internet Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","SpyHunter5 (20230502)","Tencent PC Manager (20220705)","Total AV Antivirus Pro (20230502)","VIPRE Advanced Security (20230502)"]}],"additionalFiles":[],"sources":[{"howFound":"In-bundle Offers from Advanced system care","reference":"","landingPage":"https://www.iobit.com/en/advanceduninstaller.php","directDownloadingLink":"","ipv4":"","ipv6":"","landingPageWildChar":"https://www.iobit.com/en/advanceduninstaller.php","directDownloadingLinkWildChar":"","sourceIndex":"1452"}],"sampleFiles":["220629/IObitUninstaller-220628/11.5.0.3/Samples/iobituninstallerSetup.exe"],"imageFiles":["220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-053/ACR-053_.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-053/ACR-053_1.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-053/ACR-053_2.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-109/ACR-109.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-109/ACR-109_1.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-039/ACR-039_.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-039/ACR-039_1.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-043/ACR-043.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-043/ACR-043_1.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-084/ACR-084.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-048/ACR-048.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-048/ACR-048_1.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-048/ACR-048_2.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-057/ACR-057.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-155/ACR-155.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-055/ACR-055.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-055/ACR-055_1.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-055/ACR-055_2.JPG"],"nonDeceptorImageFiles":["220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-123/ACR-123_!.JPG","220629/IObitUninstaller-220628/11.5.0.3/Images/ACR-054/ACR-054.JPG"],"guid":"e9566192-88b3-4078-b19f-b5e9e297fa07_11.5.0.3_1","appID":"IObitUninstaller-220628","dateAdded":"230425","deceptorType":"App","name":"IObit Uninstaller","company":"IOBit","version":"11.5.0.3","firstVendorContactDate":"230506","firstAppEsteemReplyDate":"230509","firstResolvedDate":"230601","firstResolvedVersion":"12.4.0.9","resolved":"TRUE","lastKnownStatus":"11.5.0.3;12.4.0.4","lastKnownDate":"230425","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1028},{"violations":{"ACR-004":"The app uses a gauge with traffic light colors to raise an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"AbLauncher.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"cd5f93dc7e7368cc3c341a0424e980b4","hashSHA1":"c1ec47a7cc38e916794ec222ed82c60c161de093","hashSHA256":"ba4e8cb585852c5b3d3ed75852745e76550e0f438106fc02b4562577aa6837a0","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2418","avBlockList":["Avast Premium Security (20210304)","AVG Internet Security (20210304)","Avira Internet Security (20210304)","Bitdefender Internet Security (20210304)","ESET Internet Security (20210304)","G DATA INTERNET SECURITY (20210304)","K7 Total Security (20210304)","McAfee Total Protection (20210304)","Norton Security (20210304)","Panda Dome (20210304)","Quick Heal Internet Security (20210304)","Sophos Home Premium (20210304)","SpyHunter5 (20210304)","Tencent PC Manager (20210304)","Total AV Antivirus Pro (20210304)","VIPRE Advanced Security (20210304)","VirIT eXplorer PRO (20210304)","Webroot SecureAnywhere (20210304)","Windows Defender (20210304)"],"avAllowList":["360 Total Security (20210304)","COMODO Antivirus (20210304)","Dr.Web Security Space (20210304)","Kaspersky Internet Security (20210304)","Malwarebytes Premium (20210304)","Trend Micro Internet Security (20210304)"]},{"isRevoked":"False","fileName":"washandgo.exe","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"4b00d0c2f983d96c5b76c8c894480af8","hashSHA1":"c895cfb5f0037ffdbf0d538a959131857779d79c","hashSHA256":"a6b7c883f52a8734cf36cc9b1a15f8f92c5247c7ac5931beda4673ea5890c862","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2418","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"https://www.abelssoft.de/en/windows/System-Utilities/WashAndGo","directDownloadingLink":"https://www.abelssoft.de/washandgo.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/washandgo.exe","sourceIndex":"2418"}],"sampleFiles":["200609/WashandGo-180316/1.0.0.0-a/Samples/AbLauncher.exe","200609/WashandGo-180316/1.0.0.0-a/Samples/washandgo.exe"],"imageFiles":["200609/WashandGo-180316/1.0.0.0-a/Images/ACR-004/WashAndGo 003.png"],"nonDeceptorImageFiles":["200609/WashandGo-180316/1.0.0.0-a/Images/ACR-065/WashAndGo About.png","200609/WashandGo-180316/1.0.0.0-a/Images/ACR-161/WashAndGo testimonial.png","200609/WashandGo-180316/1.0.0.0-a/Images/ACR-099/WashAndGo About.png","200609/WashandGo-180316/1.0.0.0-a/Images/ACR-099/WashAndGo Landing Page.png","200609/WashandGo-180316/1.0.0.0-a/Images/ACR-099/WashAndGo Internal Offers.png"],"guid":"7188e780-4e57-4deb-97fd-5bd080e634bf_1.0.0.0-a_1","appID":"WashandGo-180316","dateAdded":"230424","deceptorType":"App","name":"WashandGo","company":"Abelssoft","version":"1.0.0.0-a","firstVendorContactDate":"230508","firstAppEsteemReplyDate":"230508","firstResolvedDate":"230508","firstResolvedVersion":"27.11","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.0;23.27.05;27.09","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"Deceptor:Win32/WashandGo!004","numInFamily":3,"numInAppID":4,"sortOrder":1038},{"violations":{"ACR-004":"The app uses a gauge with traffic light colors to raise an exaggerated sense of urgency, misleading user about system condition. \n","ACR-084":"The app does not disclose details about the schedule task and a process runs silently in the background without the consumers knowledge\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in the “ProgramData” directory, which is a hidden folder.\n","ACR-065":"The landing page does not display links to the Returns and Cancellation Policy \nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThe install does not display links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy \n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-171":"\"Premium Support\" offer is opted-in by default in the internal offers page\n"},"samples":[{"isRevoked":"False","fileName":"washandgo_.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"9f55834fa7b3c0302b3f2fab8de66504","hashSHA1":"e0e7120a2e45dfec42ed17d6df6819b976f9866a","hashSHA256":"3c6edeb57a532cc05cb719c96b191134a820f3274bf5596716dbcdab76ae453a","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1963","avBlockList":["Avast Premium Security (20210316)","AVG Internet Security (20210316)","Avira Internet Security (20210316)","Bitdefender Internet Security (20210316)","ESET Internet Security (20210316)","G DATA INTERNET SECURITY (20210316)","K7 Total Security (20210316)","Malwarebytes Premium (20210316)","McAfee Total Protection (20210316)","Norton Security (20210316)","Panda Dome (20210316)","Quick Heal Internet Security (20210316)","Sophos Home Premium (20210316)","SpyHunter5 (20210316)","Tencent PC Manager (20210316)","Total AV Antivirus Pro (20210316)","VIPRE Advanced Security (20210316)","VirIT eXplorer PRO (20210316)","Webroot SecureAnywhere (20210316)","Windows Defender (20210316)"],"avAllowList":["360 Total Security (20210316)","COMODO Antivirus (20210316)","Dr.Web Security Space (20210316)","Kaspersky Internet Security (20210316)","Trend Micro Internet Security (20210316)"]},{"isRevoked":"False","fileName":"WashAndGo.exe","companyName":"Microsoft","fileVersion":"21.25.9","hashMD5":"85fb5bedf62efaf5886992cae4ad6971","hashSHA1":"d1a2e7d8ab7ffa2dc4741ec3f8a67deaf675e917","hashSHA256":"14b58a8a773001137fabb004f9293d4c9fec6f16dc20c7cb0f601ab62ba1f634","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1963","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"https://www.abelssoft.de/en/windows/system-utilities/washandgo","directDownloadingLink":"https://www.abelssoft.de/washandgo.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/washandgo.exe","sourceIndex":"1963"}],"sampleFiles":["210217/WashandGo-180316/21/Samples/washandgo_.exe","210217/WashandGo-180316/21/Samples/WashAndGo.exe"],"imageFiles":["210217/WashandGo-180316/21/Images/ACR-084/WashAndGo_Tasks [2].png","210217/WashandGo-180316/21/Images/ACR-004/WashAndGo_Interactions [3].png"],"nonDeceptorImageFiles":["210217/WashandGo-180316/21/Images/ACR-040/WashAndGo_HiddenDirectory [1].png","210217/WashandGo-180316/21/Images/ACR-065/WashAndGo_LandingPage [1].png","210217/WashandGo-180316/21/Images/ACR-065/WashAndGo_About [1].png","210217/WashandGo-180316/21/Images/ACR-065/WashAndGo_Install [1].png","210217/WashandGo-180316/21/Images/ACR-065/WashAndGo_Install [2].png","210217/WashandGo-180316/21/Images/ACR-065/WashAndGo_Install [3].png","210217/WashandGo-180316/21/Images/ACR-065/WashAndGo_Install [4].png","210217/WashandGo-180316/21/Images/ACR-065/WashAndGo_Install [5].png","210217/WashandGo-180316/21/Images/ACR-065/WashAndGo_OfferPage [1].png","210217/WashandGo-180316/21/Images/ACR-161/WashAndGo_LandingPage [2] Testimonial.png","210217/WashandGo-180316/21/Images/ACR-099/WashAndGo_About [1].png","210217/WashandGo-180316/21/Images/ACR-099/WashAndGo_LandingPage [1].png","210217/WashandGo-180316/21/Images/ACR-099/WashAndGo_OfferPage [1].png","210217/WashandGo-180316/21/Images/ACR-171/WashAndGo_OfferPage [1]_.png"],"guid":"7188e780-4e57-4deb-97fd-5bd080e634bf_21_1","appID":"WashandGo-180316","dateAdded":"230424","deceptorType":"App","name":"WashandGo","company":"Abelssoft","version":"21","firstVendorContactDate":"230508","firstAppEsteemReplyDate":"230508","firstResolvedDate":"230508","firstResolvedVersion":"27.11","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.0;23.27.05;27.09","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"Deceptor:Win32/WashandGo!004","numInFamily":3,"numInAppID":4,"sortOrder":1037},{"violations":{"ACR-055":"Accept and decline for the offer must be obvious. Unchecking the Opera Browser installation is not a straightforward option for decline.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in the “ProgramData” directory, which is a hidden folder.\n","ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThe install does not display links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"washandgo-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"WashAndGo   ","fileVersion":"1.0.0.0          ","hashMD5":"6c92011decd8ac28980200fe2e5eb6b2","hashSHA1":"4d88b1b34781bb1f734c3bf2d7cfc77cb9826f10","hashSHA256":"a891db79ce592d0947598f3f292bfa7d84fa268665f2ad10324249510fce4883","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1343","avBlockList":["Avast Premium Security (20221027)","AVG Internet Security (20221027)","Avira Internet Security (20221027)","Bitdefender Internet Security (20221027)","ESET Internet Security (20221027)","K7 Total Security (20221027)","Panda Dome (20221027)","Sophos Home Premium (20221027)","SpyHunter5 (20221027)","Total AV Antivirus Pro (20221027)","VIPRE Advanced Security (20221027)","VirIT eXplorer PRO (20221027)"],"avAllowList":["360 Total Security (20221027)","COMODO Antivirus (20221027)","Dr.Web Security Space (20221027)","G DATA INTERNET SECURITY (20221027)","Kaspersky Internet Security (20221027)","Malwarebytes Premium (20221027)","McAfee Total Protection (20221027)","Norton Security (20221027)","Quick Heal Internet Security (20221027)","Trend Micro Internet Security (20221027)","Webroot SecureAnywhere (20221027)","Windows Defender (20221027)"]},{"isRevoked":"False","fileName":"AbLauncher.exe","productName":"AbLauncher","fileVersion":"8.6","hashMD5":"68f7753fba8673c408acbb5784bfd386","hashSHA1":"09f91a14564e33b84185880a1ffa56440ef5ef25","hashSHA256":"cd62fd3919fef59f4a1e5439a09e98b8e94a51faef6d789f97d58acbc78d727a","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1343","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WashAndGo.CleanUp.exe","productName":"WashAndGo.CleanUp","fileVersion":"1.0","hashMD5":"e5caff03f5ddbfb1c21200490072659b","hashSHA1":"1a4a8408fd28087e151c7608a45130b46f780183","hashSHA256":"dc24a37ee30e16e269743a0a8326a584302609027cf373519c88a93183f8f671","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1343","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WashAndGo.exe","productName":"WashAndGo","fileVersion":"1.0","hashMD5":"75229d47b4b107c080c1b34087c3b364","hashSHA1":"cefc5abe874bd526ce8a4ef8b3fbffb95255c1e6","hashSHA256":"457f70f64afa462b133e29fadac8652d94b706db32239a47f29a65244092a262","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1343","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WashAndGo.Notification.exe","productName":"WashAndGo.Notification","fileVersion":"1.0","hashMD5":"1e16d8d458ffd16c250a9f9df2bac353","hashSHA1":"70a6fe827d603f64873980524eaa991378e0f6a7","hashSHA256":"97e1f1d9e619a03b8c4effe570067ff53ca1b964d9ec596e600a599e6883dc7f","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1343","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"https://www.abelssoft.de/en/windows/system-utilities/washandgo","directDownloadingLink":"https://www.abelssoft.de/washandgo-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/washandgo-setup.exe","sourceIndex":"1343"}],"sampleFiles":["221020/WashandGo-180316/23.27.05/Samples/washandgo-setup.exe","221020/WashandGo-180316/23.27.05/Samples/AbLauncher.exe","221020/WashandGo-180316/23.27.05/Samples/WashAndGo.CleanUp.exe","221020/WashandGo-180316/23.27.05/Samples/WashAndGo.exe","221020/WashandGo-180316/23.27.05/Samples/WashAndGo.Notification.exe"],"imageFiles":["221020/WashandGo-180316/23.27.05/Images/ACR-055/ACR-055_OptionalOffer.jpg"],"nonDeceptorImageFiles":["221020/WashandGo-180316/23.27.05/Images/ACR-040/ACR-040_ProgramData_WashAndGo.jpg","221020/WashandGo-180316/23.27.05/Images/ACR-065/ACR-065_Software.jpg","221020/WashandGo-180316/23.27.05/Images/ACR-065/WashAndGo_Install [1].png","221020/WashandGo-180316/23.27.05/Images/ACR-065/WashAndGo_Install [4].png","221020/WashandGo-180316/23.27.05/Images/ACR-065/ACR-065_Install.jpg","221020/WashandGo-180316/23.27.05/Images/ACR-161/ACR-161_Endorsements.jpg","221020/WashandGo-180316/23.27.05/Images/ACR-099/ACR-099_Software.jpg","221020/WashandGo-180316/23.27.05/Images/ACR-099/WashAndGo_LandingPage.jpeg","221020/WashandGo-180316/23.27.05/Images/ACR-099/WashAndGo_Offer.jpeg"],"guid":"7188e780-4e57-4deb-97fd-5bd080e634bf_23.27.05_1","appID":"WashandGo-180316","dateAdded":"230424","deceptorType":"App","name":"WashandGo","company":"Abelssoft","version":"23.27.05","firstVendorContactDate":"230508","firstAppEsteemReplyDate":"230508","firstResolvedDate":"230508","firstResolvedVersion":"27.11","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.0;23.27.05;27.09","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-05-08T00:00:00+00:00","notDistributed":false,"familyName":"Deceptor:Win32/WashandGo!004","numInFamily":3,"numInAppID":4,"sortOrder":1036},{"violations":{"ACR-042":"The app installs \"ITop Screenshot\" without obtaining the consumer's permission through explicit user action\n","ACR-043":"The app installs \"iTop Screenshot\" without disclosing it to the user\n","ACR-048":"The app does not provide control to remove the scheduled task which created during the installation\n","ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch.\n","ACR-118":"1.When the consumer attempts to completely uninstall the app, it retains \"ISR_Setup.exe\" on the device without the consumer's consent.\n2. \"iTop Screenshot\" is not uninstalled along with \"iTop Screen Recorder\". It can be uninstalled separately only when the user is noticed\n","ACR-119":"The app retains \"ISR_Setup.exe\" and \"iTop Screenshot\" monetization component after uninstall\n"},"nonDeceptorViolations":{"ACR-123":"\"iTop Screenshot\" is not uninstalled along with \"iTop Screen Recorder\" and the system is not reverted to its original state.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\iTop Screen Recorder\\iScrRec.exe","companyName":"iTop Inc.","productName":"iTop Screen Recorder","productVersion":"3.5.0","fileVersion":"3.5.0.1501","hashMD5":"a6762c8fe990f927405bf12d358429ce","hashSHA1":"656f4eb57f27c6ee35513ecf10493b94374c6b5a","hashSHA256":"1a94ef1c283d682e61e126e8dca3f7268d3ec67bc2135e83d8d33d6dc5b1e27b","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1094","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"itop_isr_installer.exe","isInstaller":"True","companyName":"iTop Inc.","productName":"iTop Screen Recorder","productVersion":"3.0.0.0","fileVersion":"3.5.0.159","hashMD5":"62c66b1aa56e43087e03f25691a0bbc7","hashSHA1":"16fc7e23e168f0c96d1c630219623b6322327dc3","hashSHA256":"b96cf41a44c976e6e88bc2563c79e2bf5a19152bf9dd5ecdb7625e25d63f316a","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1094","avBlockList":["Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","Dr.Web Security Space (20230502)","G DATA INTERNET SECURITY (20230502)","Kaspersky Internet Security (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["360 Total Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","ESET Internet Security (20230502)","K7 Total Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Trend Micro Internet Security (20230502)","VIPRE Advanced Security (20230502)","Windows Defender (20230502)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted based on the bundler from Iobit apps","reference":"","landingPage":"https://recorder.itopvpn.com/","directDownloadingLink":"https://goto.itopvpn.com/downloadcenter?product=isrpc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://goto.itopvpn.com/downloadcenter?product=isrpc","sourceIndex":"1094"}],"sampleFiles":["230424/iTopScreenRecorder-230424/3.5.0.159/Samples/itop_isr_installer.exe"],"imageFiles":["230424/iTopScreenRecorder-230424/3.5.0.159/Images/ACR-043/ACR-043.JPG","230424/iTopScreenRecorder-230424/3.5.0.159/Images/ACR-042/ACR-042.JPG","230424/iTopScreenRecorder-230424/3.5.0.159/Images/ACR-050/ACR-050.JPG","230424/iTopScreenRecorder-230424/3.5.0.159/Images/ACR-048/ACR-048.JPG","230424/iTopScreenRecorder-230424/3.5.0.159/Images/ACR-118/ACR-118.JPG","230424/iTopScreenRecorder-230424/3.5.0.159/Images/ACR-118/ACR-118_1.JPG","230424/iTopScreenRecorder-230424/3.5.0.159/Images/ACR-119/ACR-119.JPG"],"nonDeceptorImageFiles":["230424/iTopScreenRecorder-230424/3.5.0.159/Images/ACR-123/ACR-123.JPG"],"guid":"f145dadd-d581-4836-ae9e-d4e7df2189ae_3.5.0.159_1","appID":"iTopScreenRecorder-230424","dateAdded":"230424","deceptorType":"App","name":"iTop Screen Recorder","company":"iTop Inc.","version":"3.5.0.159","firstVendorContactDate":"230509","firstAppEsteemReplyDate":"230509","firstResolvedDate":"230519","firstResolvedVersion":"4.0.0.643","resolved":"TRUE","lastKnownStatus":"3.5.0.159","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2023-05-19T12:28:37.2886915+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1031},{"violations":{"ACR-042":"Potential offer-related components get dropped into a hidden folder before obtaining user consent.\n","ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"xloader-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"d9cd406cd71a829104984dafb3dca614","hashSHA1":"16a423472103d3440f1421e42ed332b12de0f638","hashSHA256":"834408bbfa6e4dc677d4bf22c193d81ee9c8a0b8e51b22967df2afdd3668d2fb","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1107","avBlockList":["360 Total Security (20230502)","Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","ESET Internet Security (20230502)","K7 Total Security (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)","Windows Defender (20230502)"],"avAllowList":["Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","G DATA INTERNET SECURITY (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Quick Heal Internet Security (20230502)","Trend Micro Internet Security (20230502)","VIPRE Advanced Security (20230502)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.abelssoft.de/en/windows/multimedia/abelssoft-x-loader","directDownloadingLink":"https://www.abelssoft.de/xloader-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/xloader-setup.exe","sourceIndex":"1107"}],"sampleFiles":["230424/AbelssoftXLoader-230420/1.0.0.0/Samples/xloader-setup.exe"],"imageFiles":["230424/AbelssoftXLoader-230420/1.0.0.0/Images/ACR-043/ACR-042_043.jpg","230424/AbelssoftXLoader-230420/1.0.0.0/Images/ACR-042/ACR-042_043.jpg","230424/AbelssoftXLoader-230420/1.0.0.0/Images/ACR-013/ACR-013_060.jpg","230424/AbelssoftXLoader-230420/1.0.0.0/Images/ACR-060/ACR-013_060.jpg"],"nonDeceptorImageFiles":[],"guid":"f6825cb0-3b3b-4f24-81bf-a585d365ec56_1.0.0.0_1","appID":"AbelssoftXLoader-230420","dateAdded":"230424","deceptorType":"App","name":"Abelssoft X-Loader","company":"Abelssoft","version":"1.0.0.0","firstVendorContactDate":"230510","firstAppEsteemReplyDate":"230512","firstResolvedDate":"230512","firstResolvedVersion":"3.2.0","resolved":"TRUE","lastKnownStatus":"1.0.0.0","lastKnownDate":"230424","type":"Windows Executable","category":"Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-05-12T23:36:49.7173586+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1034},{"violations":{"ACR-003":"The app makes claims about the system browsers' healthscore without substantiating the scan results.\n\n","ACR-055":"Accept and decline for the optional offer must be obvious. Unchecking the preselected Opera Browser installation is not a straightforward option for decline.\n\n"},"nonDeceptorViolations":{"ACR-040":"The main app is installed under “ProgramData” directory, which is a hidden folder and was not disclosed.\n","ACR-065":"The install does not contain links to app's EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy. \n","ACR-161":"The app's landing page shows testimonials with no links back to original source.\n\n"},"samples":[{"isRevoked":"False","fileName":"AbLauncher.exe","productName":"AbLauncher","fileVersion":"8.7","hashMD5":"f4fb6991bd67ca09d29b0f0861cef925","hashSHA1":"ad93ff6f9a5fc2408cac9e092aa3d221c81df09b","hashSHA256":"e3e2c60f2a15fab6189dac69eb1281e167d8ba53f4982a290bcef9fee4c9612d","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1344","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AntiBrowserSpy.exe","productName":"AntiBrowserSpy                                              ","fileVersion":"1.0","hashMD5":"6f12e22a8fff873fd5deedef360203c7","hashSHA1":"8050163a076d8772dbf3daea1feeddff28530fa5","hashSHA256":"86b573a0edaac2ad601198879e3f6aac6d64afd7694de6b065d14cb817ee4e87","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1344","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AntiBrowserSpy.Guard.exe","productName":"AntiBrowserSpy.Guard","productVersion":"1.0","fileVersion":"1.0","hashMD5":"90ea2deee3e0f4779d725cce95b7c81d","hashSHA1":"5f2ec54c47d89f4d8ff5361c53a333a1ea4e9e3c","hashSHA256":"05a075cb5c2412dc5e46b3f3c987d986f8d457be67c62cd553709f4621ab8e92","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1344","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"antibrowserspy-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"AntiBrowserSpy","fileVersion":"1.0","hashMD5":"842c0098215352dbb57fe2ac747730ba","hashSHA1":"ac71dc5b367b4738b5e84611b1875600cf8dde30","hashSHA256":"242e46b3a98722b9566151dc8002233dd29a7eeec3f9cf730e1ae93737ff1bbd","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1344","avBlockList":["Avast Premium Security (20230427)","AVG Internet Security (20230427)","ESET Internet Security (20230427)","K7 Total Security (20230427)","Kaspersky Internet Security (20230427)","Malwarebytes Premium (20230427)","McAfee Total Protection (20230427)","Norton Security (20230427)","Panda Dome (20230427)","Sophos Home Premium (20230427)","VirIT eXplorer PRO (20230427)","Webroot SecureAnywhere (20230427)","Windows Defender (20230427)"],"avAllowList":["360 Total Security (20230427)","Avira Internet Security (20230427)","Bitdefender Internet Security (20230427)","COMODO Antivirus (20230427)","Dr.Web Security Space (20230427)","G DATA INTERNET SECURITY (20230427)","Quick Heal Internet Security (20230427)","SpyHunter5 (20230427)","Total AV Antivirus Pro (20230427)","Trend Micro Internet Security (20230427)","VIPRE Advanced Security (20230427)"]}],"additionalFiles":[],"sources":[{"howFound":"via PUAs from same vendor","reference":"","landingPage":"https://www.abelssoft.de/de/windows/sicherheit/antibrowserspy","directDownloadingLink":"https://www.abelssoft.de/antibrowserspy-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/antibrowserspy-setup.exe","sourceIndex":"1344"}],"sampleFiles":["221024/AntiBrowserSpy-221024/2023.6.01/Samples/AbLauncher.exe","221024/AntiBrowserSpy-221024/2023.6.01/Samples/AntiBrowserSpy.exe","221024/AntiBrowserSpy-221024/2023.6.01/Samples/AntiBrowserSpy.Guard.exe","221024/AntiBrowserSpy-221024/2023.6.01/Samples/antibrowserspy-setup.exe"],"imageFiles":["221024/AntiBrowserSpy-221024/2023.6.01/Images/ACR-055/ACR-055_OptionalOffer.jpg","221024/AntiBrowserSpy-221024/2023.6.01/Images/ACR-003/ACR-003_Chrome.jpg","221024/AntiBrowserSpy-221024/2023.6.01/Images/ACR-003/ACR-003_Edge.jpg"],"nonDeceptorImageFiles":["221024/AntiBrowserSpy-221024/2023.6.01/Images/ACR-040/ACR-040_Destination.jpg","221024/AntiBrowserSpy-221024/2023.6.01/Images/ACR-040/ACR-040_Exe_Location.jpg","221024/AntiBrowserSpy-221024/2023.6.01/Images/ACR-065/ACR-065_NoLinkstoDocs.gif","221024/AntiBrowserSpy-221024/2023.6.01/Images/ACR-161/ACR-161_Testimonials.jpg"],"guid":"d52df768-985c-47e1-9aaf-0ca6b777a2dc_2023.6.01_1","appID":"AntiBrowserSpy-221024","dateAdded":"230424","deceptorType":"App","name":"AntiBrowserSpy 2023","company":"Abelssoft","version":"2023.6.01","firstResolvedVersion":"","lastKnownStatus":"2023.6.01;6.03","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-04-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1033},{"violations":{"ACR-109":"When the offered apps  \"iTopVPN\" & \"ITop Screen recorder\" is accepted during installation, it also installs another app \"iTop Screenshot\" without user knowledge along with the two apps.\n","ACR-043":"When the offered apps  \"iTopVPN\" & \"ITop Screen recorder\" is accepted during installation, it also installs another app \"iTop Screenshot\" without user knowledge along with the two apps.\n","ACR-046":"The offer is not conspicuous and the details provided in the install prompt regarding the offer are not clearly visible due to the small font size & also preselected in the installation and requires the user to uncheck a checkbox in order to decline the offer. \n","ACR-047":" The app displays notifications that prompt the user to install \"ItopVPN\" even after being declined during installation. \n","ACR-048":"The app does not provide any control to enable/disable the scheduled tasks within the app's settings.\n","ACR-004":"The app displays an exaggerated \"Exclamation mark\" in the notification and action center. The items found during free scan that can be optimized are lack of details, not substantiated. The free fix for these items should be within the software itself, not in another additional software that need to installed\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n","ACR-057":"The app does not provide a clear way for consumers to accept or decline. \n","ACR-053":"The app doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The \"iTopVPN\" & \"iTopScreenRecorder\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are inconsistent and not made obvious & consistent to the consumer in the offers.\n","ACR-039":"When the offered apps  \"iTopVPN\" & \"ITop Screen recorder\" is accepted during installation, it also installs another app \"iTop Screenshot\" without user knowledge along with the two apps.\n","ACR-155":"The offer was inserted to masquerade as a part of the installation flow.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks after uninstallation and reboot.\n","ACR-054":"The app does not provide equal prominence to \"Install to optimize\" & \"Close/ Back\" in the offers.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IObit\\Smart Defrag\\SafeTips.exe","companyName":"IObit","productName":"IObit Updater","productVersion":"2.0","fileVersion":"2.0.0.523","hashMD5":"42783a5fa5d6bd6971941c3cb4106b6c","hashSHA1":"f28f3f0845509b72ce057c33a6c74c2cf8b35e59","hashSHA256":"726b5e9c1b88a33685fa7dae1f222cf5895d016af3fedce55aba5219c96e9c50","digitalCertThumbprint":"C2D65E12D4FC8DB328577D74F4BD417FEC0F28B1","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1498","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IObit\\Smart Defrag\\SmartDefrag.exe","companyName":"IObit","productName":"Smart Defrag","productVersion":"7.5.0","fileVersion":"7.5.0.121","hashMD5":"73a0dc9cc4e01f1b9c6ac59a364b3a7b","hashSHA1":"83f7f2a80a70f5e3143f8ce103115355d831c3c1","hashSHA256":"115c443f06d36e94769761b24583b235b98235f382656d99ad560c51a2e4ba0f","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1498","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IObit\\Smart Defrag\\sump.exe","companyName":"IObit","productName":"IObit Summer","productVersion":"1.0","fileVersion":"2.0.0.64","hashMD5":"603f81cbdae6da680f4001c22bb7e9eb","hashSHA1":"9897dda83e22e1acec36234029c23b5ee6160c9b","hashSHA256":"0211dc10b2eb1aed80e215d113861c719a6572d7195c0c27e4b35594a0a76e09","digitalCertThumbprint":"C2D65E12D4FC8DB328577D74F4BD417FEC0F28B1","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1498","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"smart-defrag-setup.exe","isInstaller":"True","companyName":"IObit                                                       ","productName":"Smart Defrag                                                ","productVersion":"7.5.0.121                                         ","fileVersion":"7.5.0.121           ","hashMD5":"cec9f17b450cc15c0c579bfd444451a1","hashSHA1":"fdf5a35c086d964d363b31e636b9bb1be57aa3ac","hashSHA256":"7d06762daa3e53f81a24073c9958cedc2b6d8ee79c288ca662a89793910265dc","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1498","avBlockList":["Avast Premium Security (20230427)","AVG Internet Security (20230427)","Avira Internet Security (20230427)","Dr.Web Security Space (20230427)","ESET Internet Security (20230427)","G DATA INTERNET SECURITY (20230427)","K7 Total Security (20230427)","Kaspersky Internet Security (20230427)","Malwarebytes Premium (20230427)","McAfee Total Protection (20230427)","Norton Security (20230427)","Panda Dome (20230427)","Quick Heal Internet Security (20230427)","Sophos Home Premium (20230427)","Total AV Antivirus Pro (20230427)","VirIT eXplorer PRO (20230427)","Webroot SecureAnywhere (20230427)","Windows Defender (20230427)"],"avAllowList":["360 Total Security (20230427)","Bitdefender Internet Security (20230427)","COMODO Antivirus (20230427)","SpyHunter5 (20230427)","Tencent PC Manager (20220705)","Trend Micro Internet Security (20230427)","VIPRE Advanced Security (20230427)"]}],"additionalFiles":[],"sources":[{"howFound":"In-bundle Offers from Advanced system care","reference":"","landingPage":"https://www.iobit.com/en/iobitsmartdefrag.php","directDownloadingLink":"https://www.majorgeeks.com/mg/getmirror/iobit_smartdefrag,1.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.majorgeeks.com/mg/getmirror/iobit_smartdefrag,1.html","sourceIndex":"1498"}],"sampleFiles":["220629/smartdefrag-220629/7.5.0.121/Samples/smart-defrag-setup.exe"],"imageFiles":["220629/smartdefrag-220629/7.5.0.121/Images/ACR-053/ACR-053.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-053/ACR-053_1.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-053/ACR-053_2.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-109/ACR-109_Install.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-109/ACR-109_Install_1.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-039/ACR-039_Install.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-039/ACR-039_Install_1.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-043/ACR-043_Install.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-043/ACR-043_Install_1.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-004/ACR-004_Software.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-004/ACR-004_Software_1.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-004/SmartFrag_004.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-048/ACR-048_Software.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-118/ACR-118_Uninstall.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-057/ACR-057.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-155/ACR-155.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-046/ACR-046.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-047/ACR-047_I nstall.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-047/ACR-047_Install_1.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-055/ACR-055.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-055/ACR-055_1.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-055/ACR-055_2.JPG"],"nonDeceptorImageFiles":["220629/smartdefrag-220629/7.5.0.121/Images/ACR-123/ACR-123_Uninstall.JPG","220629/smartdefrag-220629/7.5.0.121/Images/ACR-054/ACR-054.JPG"],"guid":"5cfaecee-3220-4541-b8da-ea3745f9a97e_7.5.0.121_1","appID":"smartdefrag-220629","dateAdded":"230424","deceptorType":"App","name":"Iobit Smart Defrag","company":"IOBit","version":"7.5.0.121","firstVendorContactDate":"230506","firstAppEsteemReplyDate":"230509","firstResolvedDate":"230601","firstResolvedVersion":"8.5.0.299","resolved":"TRUE","lastKnownStatus":"7.5.0.121;8.4.0.259","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1030},{"violations":{"ACR-042":" The app does not present EULA to obtain user's agreement and permission at installation \n","ACR-007":"The app offers the option to disable \"Windows Defender,\" which reduces the consumer's security and leaves the system vulnerable in the absence of the security feature.\n","ACR-013":" During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":" The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-097":"The app offers the option to disable \"Windows Defender,\" to perform system checks without any issue\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\WashAndGo\\Program\\WashAndGo.exe","companyName":"","productName":"WashAndGo","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2ffe4c9db4e27d483ef7ca482f6b6391","hashSHA1":"5ef150e1e8f7f1b3b0070b4b0ee0688783b1016a","hashSHA256":"b4bd18677577e9034b7430ec3466631290cf18227a00edd4098a29ff8f4e199a","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Ascora GmbH","storeId":"","sourceIndex":"1109","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"washandgo-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"WashAndGo                                                   ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"bc0179398626a3a703fed70f318501ef","hashSHA1":"3422accb91a0dc2c72e5a1b3f55fcfb435a8fffa","hashSHA256":"74705547f7f2c0dd2c6261e8fc07099ec5efe547bb40d3756acb5fbfd91a351a","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Ascora GmbH","storeId":"","sourceIndex":"1109","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"https://www.abelssoft.de/en/windows/System-Utilities/WashAndGo","directDownloadingLink":"https://www.abelssoft.de/washandgo.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/washandgo.exe","sourceIndex":"1109"}],"sampleFiles":["230424/WashandGo-180316/27.09/Samples/washandgo-setup.exe"],"imageFiles":["230424/WashandGo-180316/27.09/Images/ACR-007/ACR-007.JPG","230424/WashandGo-180316/27.09/Images/ACR-097/ACR-097.JPG","230424/WashandGo-180316/27.09/Images/ACR-042/ACR-042.JPG","230424/WashandGo-180316/27.09/Images/ACR-013/ACR-013.JPG","230424/WashandGo-180316/27.09/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":[],"guid":"7188e780-4e57-4deb-97fd-5bd080e634bf_27.09_1","appID":"WashandGo-180316","dateAdded":"230424","deceptorType":"App","name":"WashandGo","company":"Abelssoft","version":"27.09","firstVendorContactDate":"230508","firstAppEsteemReplyDate":"230508","firstResolvedDate":"230508","firstResolvedVersion":"27.11","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.0;23.27.05;27.09","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-05-09T00:02:42.0634347+00:00","notDistributed":false,"familyName":"Deceptor:Win32/WashandGo!042013060","numInFamily":1,"numInAppID":4,"sortOrder":1035},{"violations":{"ACR-047":"Bundler re-prompts upon decline of an offer\n","ACR-048":"The app does not provide an option to cancel the installation\n","ACR-004":"The app uses \"traffic light colors\" while performing disk de-fragmentation check which raises a sense of urgency to purchase this app\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software \n","ACR-057":" The app doesn't provide a clear way for users to Accept/Decline the \"ItopVPN & Screen Recorder\" offers. \n","ACR-071":"The user is unable to decline the offer for \"Iobit Advanced System Care\"  independently. The app is added by default for the user and is unable to be declined in the shopping cart.\n","ACR-055":"The \"ItopVPN & Screen Recorder\" offers requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers. \n","ACR-059":"The \"ItopVPN & Screen Recorder\" Offers are not clearly marked as an offer\n","ACR-155":"The \"ItopVPN & Screen Recorder\" offers was inserted to masquerade as a part of the installation workflow\n"},"nonDeceptorViolations":{"ACR-054":"The app does not provide equal prominence to \"Get it now\" and \"No, thanks\"\n","ACR-067":"The app does not provide an option to Opt-Out \"Iobit Advanced System Care\" app in the internal offers\n"},"samples":[{"isRevoked":"False","fileName":"smart-defrag-setup.exe","isInstaller":"True","companyName":"IObit                                                       ","productName":"Smart Defrag                                                ","productVersion":"8.4.0.259                                         ","fileVersion":"8.4.0.259           ","hashMD5":"b5b4c142b1e847886c9f37ebf0af8c2c","hashSHA1":"6fae07ae444b8f92140a08b5eff0b41df0689d3f","hashSHA256":"4ff4bec6ebf9f06ba7f189cc8b875cd18fe0312018e8beda8cdcd0801bbb3557","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1071","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IObit\\Smart Defrag\\SmartDefrag.exe","companyName":"IObit","productName":"smart defrag","productVersion":"8.4.0","fileVersion":"8.4.0.259","hashMD5":"cebcd3c9b5e7d416ca452dddda1ba385","hashSHA1":"0852f8aabefdcbb39042491453468c5af800bf25","hashSHA256":"d699346598205047d19c6acee126124c9649d5d69523c416797f126817d1fae7","digitalCertThumbprint":"145D90AD3134C665246DC1C93CD3E2D8C69E9231","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"IObit CO. LTD","storeId":"","sourceIndex":"1071","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"In-bundle Offers from Advanced system care","reference":"","landingPage":"https://www.iobit.com/en/iobitsmartdefrag.php","directDownloadingLink":"https://www.majorgeeks.com/mg/getmirror/iobit_smartdefrag,1.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.majorgeeks.com/mg/getmirror/iobit_smartdefrag,1.html","sourceIndex":"1071"}],"sampleFiles":["230424/smartdefrag-220629/8.4.0.259/Samples/smart-defrag-setup.exe"],"imageFiles":["230424/smartdefrag-220629/8.4.0.259/Images/ACR-047/ACR-047.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-047/ACR-047_1.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-055/ACR-055.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-048/ACR-048.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-013/ACR-013.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-013/ACR-013_1.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-013/ACR-013_2.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-013/ACR-013_3.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-004/ACR-004.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-057/ACR-057.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-059/ACR-059.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-155/ACR-155.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-071/ACR-071.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-071/ACR-071_1.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-060/ACR-060.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-060/ACR-060_1.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-060/ACR-060_2.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-060/ACR-060_3.JPG"],"nonDeceptorImageFiles":["230424/smartdefrag-220629/8.4.0.259/Images/ACR-054/ACR-054.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-067/ACR-067.JPG","230424/smartdefrag-220629/8.4.0.259/Images/ACR-067/ACR-067_1.JPG"],"guid":"5cfaecee-3220-4541-b8da-ea3745f9a97e_8.4.0.259_1","appID":"smartdefrag-220629","dateAdded":"230424","deceptorType":"App","name":"Iobit Smart Defrag","company":"IOBit","version":"8.4.0.259","firstVendorContactDate":"230506","firstAppEsteemReplyDate":"230509","firstResolvedDate":"230601","firstResolvedVersion":"8.5.0.299","resolved":"TRUE","lastKnownStatus":"7.5.0.121;8.4.0.259","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-06-01T10:21:02.1769907+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1029},{"violations":{"ACR-042":"The app does not present EULA to obtain the user's agreement and permission at installation\n","ACR-003":"The app makes claims about the system browsers' health score without substantiating the scan results, along with an exclamation.\n\n","ACR-004":"The app uses an exclamation and makes unsubstantiated claims about the browser's health.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n","ACR-014":"The app uses an exclamation and makes unsubstantiated claims about the browser's health & the User is not protected.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AntiBrowserSpy\\Program\\AntiBrowserSpy.exe","companyName":"","productName":"AntiBrowserSpy","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"69cfa7e44826f3db672b6091025ef3cc","hashSHA1":"732b3696e7306bde55b9eca9963f2b9d82879d2b","hashSHA256":"7045f4596207934a13bfd11f2e97eda4e80e9eb53d08497d2fdd7f5b17cfc8cf","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Ascora GmbH","storeId":"","sourceIndex":"1147","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"antibrowserspy-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"AntiBrowserSpy                                              ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"e23b7807281505bb71aaaadc10dc68a8","hashSHA1":"659898094c3c4476f34787c6e7698624949a9968","hashSHA256":"50a1919ddc19bc53ee665accc2db07c93a661584a03b4cb8d8ca0e5bde3d043a","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Ascora GmbH","storeId":"","sourceIndex":"1147","avBlockList":["Avast Premium Security (20230525)","AVG Internet Security (20230525)","Avira Internet Security (20230525)","ESET Internet Security (20230525)","K7 Total Security (20230525)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20230525)","McAfee Total Protection (20230525)","Norton Security (20230525)","Panda Dome (20230525)","Quick Heal Internet Security (20230525)","Sophos Home Premium (20230525)","SpyHunter5 (20230525)","Total AV Antivirus Pro (20230525)","VirIT eXplorer PRO (20230525)","Webroot SecureAnywhere (20230525)","Windows Defender (20230525)"],"avAllowList":["360 Total Security (20230525)","Bitdefender Internet Security (20230525)","COMODO Antivirus (20230525)","Dr.Web Security Space (20230525)","G DATA INTERNET SECURITY (20230525)","Trend Micro Internet Security (20230525)","VIPRE Advanced Security (20230525)"]}],"additionalFiles":[],"sources":[{"howFound":"via PUAs from same vendor","reference":"","landingPage":"https://www.abelssoft.de/de/windows/sicherheit/antibrowserspy","directDownloadingLink":"https://www.abelssoft.de/antibrowserspy-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/antibrowserspy-setup.exe","sourceIndex":"1147"}],"sampleFiles":["230424/AntiBrowserSpy-221024/6.03/Samples/antibrowserspy-setup.exe"],"imageFiles":["230424/AntiBrowserSpy-221024/6.03/Images/ACR-042/ACR-042.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-013/ACR-013.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-004/ACR-004.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-004/ACR-004_1.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-004/ACR-004_2.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-004/ACR-004_3.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-003/ACR-003.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-003/ACR-003_1.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-003/ACR-003_2.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-003/ACR-003_3.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-014/ACR-014.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-014/ACR-014_1.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-014/ACR-014_2.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-014/ACR-014_3.JPG","230424/AntiBrowserSpy-221024/6.03/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":[],"guid":"d52df768-985c-47e1-9aaf-0ca6b777a2dc_6.03_1","appID":"AntiBrowserSpy-221024","dateAdded":"230424","deceptorType":"App","name":"AntiBrowserSpy 2023","company":"Abelssoft","version":"6.03","firstResolvedVersion":"","lastKnownStatus":"2023.6.01;6.03","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-04-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1032},{"violations":{"ACR-003":"The app uses the alarming color to make exaggerated claims about the system's health and  does not substantiate scan results.\n","ACR-004":"The app uses a gauge with \"traffic light colors\" and makes unsubstantiated claims about system health.\n","ACR-084":"The app is installed in a hidden directory “ProgramData”\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"ssdfresh .exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"a9b3fcd023599e8bc21aa2ed28069355","hashSHA1":"a87b0840e874b863624fd3a78ac6df61e8b7f7c7","hashSHA256":"4f7eff634a7c2d3c0c80ddc58569ef65df81107ebaa1550fc8dd63e7082bfe32","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1355","avBlockList":["Avast Premium Security (20201117)","AVG Internet Security (20201117)","Avira Internet Security (20201117)","Bitdefender Internet Security (20201117)","ESET Internet Security (20201117)","G DATA INTERNET SECURITY (20201117)","K7 Total Security (20201117)","Malwarebytes Premium (20201117)","McAfee Total Protection (20201117)","Norton Security (20201117)","Panda Dome (20201117)","Quick Heal Internet Security (20201117)","Sophos Home Premium (20201117)","SpyHunter5 (20201117)","Tencent PC Manager (20201117)","Total AV Antivirus Pro (20201117)","VIPRE Advanced Security (20201117)","VirIT eXplorer PRO (20201117)","Windows Defender (20201117)"],"avAllowList":["360 Total Security (20201117)","COMODO Antivirus (20201117)","Dr.Web Security Space (20201117)","Kaspersky Internet Security (20201117)","Trend Micro Internet Security (20201117)","Webroot SecureAnywhere (20201117)"]},{"isRevoked":"False","fileName":"SSDFresh.exe","companyName":"Ascora GmbH","fileVersion":"1.0","hashMD5":"0350267c72f01404cb9667b8e765d6bd","hashSHA1":"c018c6db0d1ffea26c22a3d0ea6d503569ca9b6e","hashSHA256":"2a1433b986e3638fc0565d4a604d3f46871a4fd337e6566f0e27142eca20bb95","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1355","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.abelssoft.de/en/windows/system-utilities/ssd-fresh","directDownloadingLink":"https://www.abelssoft.de/ssdfresh.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/ssdfresh.exe","sourceIndex":"1355"}],"sampleFiles":["221024/SSDFresh-180126/10.01/Samples/ssdfresh .exe","221024/SSDFresh-180126/10.01/Samples/SSDFresh.exe"],"imageFiles":["221024/SSDFresh-180126/10.01/Images/ACR-003/SSDFresh_Interactions [1].png","221024/SSDFresh-180126/10.01/Images/ACR-084/SSDFresh_Files [1].png","221024/SSDFresh-180126/10.01/Images/ACR-004/SSDFresh_Interactions [1].png","221024/SSDFresh-180126/10.01/Images/ACR-004/SSDFresh-Scanning.gif"],"nonDeceptorImageFiles":["221024/SSDFresh-180126/10.01/Images/ACR-065/SSDFresh_Install [1].png","221024/SSDFresh-180126/10.01/Images/ACR-065/SSDFresh_Install [3].png","221024/SSDFresh-180126/10.01/Images/ACR-065/SSDFresh_Install [4].png","221024/SSDFresh-180126/10.01/Images/ACR-065/SSDFresh_Install [6].png","221024/SSDFresh-180126/10.01/Images/ACR-065/SSDFresh_Interactions [2].png","221024/SSDFresh-180126/10.01/Images/ACR-161/SSDFresh_LandingPage [2] Testimonial.png","221024/SSDFresh-180126/10.01/Images/ACR-099/SSDFresh_Interactions [2].png","221024/SSDFresh-180126/10.01/Images/ACR-099/SSDFresh_LandingPage [1].png","221024/SSDFresh-180126/10.01/Images/ACR-099/SSDFresh_OfferPage [1].png"],"guid":"64110b74-8c95-430d-9d15-543a0934ad6c_10.01_1","appID":"SSDFresh-180126","dateAdded":"230420","deceptorType":"App","name":"SSDFresh","company":"Ascora GmbH","version":"10.01","sigName":"Deceptor:Win32/SSDFresh!003084071004","firstVendorContactDate":"230421","firstAppEsteemReplyDate":"230424","firstResolvedDate":"230424","firstResolvedVersion":"12.07","resolved":"TRUE","lastKnownStatus":"9.02;10;10.01;2022.11.1;12.06","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:48.7579079+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1041},{"violations":{"ACR-084":"The main app is installed in a hidden directory %ProgramData%.\n","ACR-055":"Accept and decline for the offer must be obvious. Unchecking the Opera Browser installation is not a straightforward option for decline.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-027":"Inline Offer must be marked as \"offer\" or \"optional offer\".\n"},"samples":[{"isRevoked":"False","fileName":"AbLauncher.exe","productName":"AbLauncher","fileVersion":"8.6","hashMD5":"68f7753fba8673c408acbb5784bfd386","hashSHA1":"09f91a14564e33b84185880a1ffa56440ef5ef25","hashSHA256":"cd62fd3919fef59f4a1e5439a09e98b8e94a51faef6d789f97d58acbc78d727a","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1333","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SSDFresh.exe","companyName":"Ascora GmbH","productName":"SSDFresh","fileVersion":"1.0","hashMD5":"24486636d25a71f68110bb28977ed55d","hashSHA1":"92a227ac4625a421151015c62470e4aeb436d656","hashSHA256":"45be3db15f24046977b08c8ff9ca48d62af90038781fd58835161f0f2330b9a0","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1333","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ssdfreshsetup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"SSDFresh","fileVersion":"1.0","hashMD5":"6b170c09bc8a3b342fe51874d4d301d1","hashSHA1":"c95b681401e3fe773a150fce6550af28223788c9","hashSHA256":"797018450701bc14a3a7a9a897fcc5eb5b59c34afcf43104bbecfe185a0dec5f","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1333","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"","landingPage":"https://www.abelssoft.de/en/windows/system-utilities/ssd-fresh","directDownloadingLink":"https://www.abelssoft.de/ssdfreshsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/ssdfreshsetup.exe","sourceIndex":"1333"}],"sampleFiles":["221024/SSDFresh-180126/2022.11.1/Samples/AbLauncher.exe","221024/SSDFresh-180126/2022.11.1/Samples/SSDFresh.exe","221024/SSDFresh-180126/2022.11.1/Samples/ssdfreshsetup.exe"],"imageFiles":["221024/SSDFresh-180126/2022.11.1/Images/ACR-055/ACR-055_OptionalOffer.jpg","221024/SSDFresh-180126/2022.11.1/Images/ACR-084/ACR-084_MainExecutable.jpg"],"nonDeceptorImageFiles":["221024/SSDFresh-180126/2022.11.1/Images/ACR-065/SSDFresh_Install [4].png","221024/SSDFresh-180126/2022.11.1/Images/ACR-065/ACR-065_Install.gif","221024/SSDFresh-180126/2022.11.1/Images/ACR-065/SSDFresh_About.jpg","221024/SSDFresh-180126/2022.11.1/Images/ACR-161/ACR-161_Testimonials.jpg","221024/SSDFresh-180126/2022.11.1/Images/ACR-099/SSDFresh_About.jpg","221024/SSDFresh-180126/2022.11.1/Images/ACR-099/SSDFresh_LandingPage.jpeg","221024/SSDFresh-180126/2022.11.1/Images/ACR-099/SSDFresh_InternalOffer.jpeg","221024/SSDFresh-180126/2022.11.1/Images/ACR-027/ACR-027_Offer.gif"],"guid":"64110b74-8c95-430d-9d15-543a0934ad6c_2022.11.1_1","appID":"SSDFresh-180126","dateAdded":"230420","deceptorType":"App","name":"SSDFresh","company":"Ascora GmbH","version":"2022.11.1","firstVendorContactDate":"230421","firstAppEsteemReplyDate":"230424","firstResolvedDate":"230424","firstResolvedVersion":"12.07","resolved":"TRUE","lastKnownStatus":"9.02;10;10.01;2022.11.1;12.06","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:48.0004432+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1040},{"violations":{"ACR-003":"The app does not substantiate scan results.\n","ACR-004":"The app uses a gauge with \"traffic light colors\" and makes unsubstantiated claims about system health.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unsubstantiated testimonials.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"AbLauncher.exe","fileVersion":"1.0","hashMD5":"0bc46390603e637dd5a27c28a5dbf098","hashSHA1":"4204a507647dc6ec317cd2ce05ba4f1acc202ef2","hashSHA256":"4f5da23a4599f02c8fe55de02261aa19333330d0b321397c85cd76d1ffe86e62","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2417","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ssdfresh.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"34226cf707b0b78863571d6af4d3371f","hashSHA1":"4fa289e19319e0fbc9bbcbc01121003dd94c5cbe","hashSHA256":"332c27bba45e39b0882dd4b02313faa1db13d2720a0d55711e748f040839a2bb","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2417","avBlockList":["Avast Premium Security (20200623)","AVG Internet Security (20200623)","Avira Internet Security (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","K7 Total Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Sophos Home Premium (20200623)","SpyHunter5 (20200623)","Total AV Antivirus Pro (20200623)","VirIT eXplorer PRO (20200623)","Webroot SecureAnywhere (20200623)","Windows Defender (20200623)"],"avAllowList":["360 Total Security (20200623)","Bitdefender Internet Security (20200623)","COMODO Antivirus (20200623)","Dr.Web Security Space (20200623)","Kaspersky Internet Security (20200623)","Quick Heal Internet Security (20200623)","Tencent PC Manager (20200623)","Trend Micro Internet Security (20200623)","VIPRE Advanced Security (20200623)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"https://www.abelssoft.de/en/windows/System-Utilities/SSD-Fresh","directDownloadingLink":"https://www.abelssoft.de/ssdfresh.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/ssdfresh.exe","sourceIndex":"2417"}],"sampleFiles":["200611/SSDFresh-180126/9.02/Samples/AbLauncher.exe","200611/SSDFresh-180126/9.02/Samples/ssdfresh.exe"],"imageFiles":["200611/SSDFresh-180126/9.02/Images/ACR-003/SSDFresh 004.gif","200611/SSDFresh-180126/9.02/Images/ACR-004/SSDFresh 004.gif","200611/SSDFresh-180126/9.02/Images/ACR-004/SSDFresh Guage.png"],"nonDeceptorImageFiles":["200611/SSDFresh-180126/9.02/Images/ACR-065/SSDFresh Install.png","200611/SSDFresh-180126/9.02/Images/ACR-065/SSDFresh About.png","200611/SSDFresh-180126/9.02/Images/ACR-161/SSDFresh Testimonial.png","200611/SSDFresh-180126/9.02/Images/ACR-099/SSDFresh About.png","200611/SSDFresh-180126/9.02/Images/ACR-099/SSDFresh Landing Page.png","200611/SSDFresh-180126/9.02/Images/ACR-099/SSDFresh Internal Offers.png"],"guid":"64110b74-8c95-430d-9d15-543a0934ad6c_9.02_1","appID":"SSDFresh-180126","dateAdded":"230420","deceptorType":"App","name":"SSDFresh","company":"Ascora GmbH","version":"9.02","sigName":"Deceptor:Win32/SSDFresh!003004","firstVendorContactDate":"230421","firstAppEsteemReplyDate":"230424","firstResolvedDate":"230424","firstResolvedVersion":"12.07","resolved":"TRUE","lastKnownStatus":"9.02;10;10.01;2022.11.1;12.06","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-04-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1043},{"violations":{"ACR-042":"The app does not present EULA to obtain user's agreement and permission at installation\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software \n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"ssdfreshsetup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"SSDFresh                                                    ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"8b5cc4363e08b8f5bc11e2ca14c2141d","hashSHA1":"4e0c85478d62aad782316d644c84dc23c8af49e3","hashSHA256":"13e3d4dd82fe0de5d9da473d70cfd1c823f9c3e4f8a5e778030a57b1d9edd6c5","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Ascora GmbH","storeId":"","sourceIndex":"1146","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"https://www.abelssoft.de/en/windows/System-Utilities/SSD-Fresh","directDownloadingLink":"https://www.abelssoft.de/ssdfresh.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/ssdfresh.exe","sourceIndex":"1146"}],"sampleFiles":["230420/SSDFresh-180126/12.06/Samples/ssdfreshsetup.exe"],"imageFiles":["230420/SSDFresh-180126/12.06/Images/ACR-042/ACR-042.JPG","230420/SSDFresh-180126/12.06/Images/ACR-013/ACR-013.JPG","230420/SSDFresh-180126/12.06/Images/ACR-060/ACR-060.JPG"],"nonDeceptorImageFiles":[],"guid":"64110b74-8c95-430d-9d15-543a0934ad6c_12.06_1","appID":"SSDFresh-180126","dateAdded":"230420","deceptorType":"App","name":"SSDFresh","company":"Ascora GmbH","version":"12.06","firstVendorContactDate":"230421","firstAppEsteemReplyDate":"230424","firstResolvedDate":"230424","firstResolvedVersion":"12.07","resolved":"TRUE","lastKnownStatus":"9.02;10;10.01;2022.11.1;12.06","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:42.0229267+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1039},{"violations":{"ACR-004":"The app uses a gauge with \"traffic light colors\" and makes unsubstantiated claims about system health.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"AbLauncher.exe","fileVersion":"1.0","hashMD5":"be8e195d93689961ad9d9f8fbd42b8d9","hashSHA1":"b4903a65b2b460f8907fd82ca6d85d4c91edd45f","hashSHA256":"7f37b31fcfd2b9c4a1095363708b42a4c20121fa003928810ef5fdabc17038f2","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2057","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ssdfresh.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"17033d9b822e1b3ba6e797c5df02d0c8","hashSHA1":"0fb271ffc2d1e339c06b75f5d280ebea64e3d7e1","hashSHA256":"21030aaf5a45ad27d490e7ac485cf983522235ff2ce81b5b257821fdc94a2d28","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2057","avBlockList":["Avast Premium Security (20201125)","AVG Internet Security (20201125)","Avira Internet Security (20201125)","Bitdefender Internet Security (20201125)","ESET Internet Security (20201125)","G DATA INTERNET SECURITY (20201125)","K7 Total Security (20201125)","Malwarebytes Premium (20201125)","McAfee Total Protection (20201125)","Norton Security (20201125)","Panda Dome (20201125)","Quick Heal Internet Security (20201125)","Sophos Home Premium (20201125)","SpyHunter5 (20201125)","Tencent PC Manager (20201125)","Total AV Antivirus Pro (20201125)","VIPRE Advanced Security (20201125)","VirIT eXplorer PRO (20201125)","Webroot SecureAnywhere (20201125)","Windows Defender (20201125)"],"avAllowList":["360 Total Security (20201125)","COMODO Antivirus (20201125)","Dr.Web Security Space (20201125)","Kaspersky Internet Security (20201125)","Trend Micro Internet Security (20201125)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"https://www.abelssoft.de/en/windows/System-Utilities/SSD-Fresh","directDownloadingLink":"https://www.abelssoft.de/ssdfresh.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/ssdfresh.exe","sourceIndex":"2057"}],"sampleFiles":["201106/SSDFresh-180126/10/Samples/AbLauncher.exe","201106/SSDFresh-180126/10/Samples/ssdfresh.exe"],"imageFiles":["201106/SSDFresh-180126/10/Images/ACR-004/2020-10-12_16-13-06.mp4"],"nonDeceptorImageFiles":["201106/SSDFresh-180126/10/Images/ACR-065/2020-10-12_16-55-48.png","201106/SSDFresh-180126/10/Images/ACR-099/2020-10-12_16-55-48.png"],"guid":"64110b74-8c95-430d-9d15-543a0934ad6c_10_1","appID":"SSDFresh-180126","dateAdded":"230420","deceptorType":"App","name":"SSDFresh","company":"Ascora GmbH","version":"10","sigName":"Deceptor:Win32/SSDFresh!004","firstVendorContactDate":"230421","firstAppEsteemReplyDate":"230424","firstResolvedDate":"230424","firstResolvedVersion":"12.07","resolved":"TRUE","lastKnownStatus":"9.02;10;10.01;2022.11.1;12.06","lastKnownDate":"230424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-04-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1042},{"violations":{"ACR-047":"App presents consumer the misleading and non substantiated statement and asks consumers to take action for declined offer again.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-057":"App doesn't provide clear way for user to choose \"Decline\"\n","ACR-055":"App provides the tricky and not clear decline option for consumer\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PDFPower.exe","isInstaller":"True","fileVersion":"4.0","hashMD5":"1e2a99ae43d6365148d412b5dfee0e1c","hashSHA1":"33c02d70abb2f1f12a79cfd780d875a94e7fe877","hashSHA256":"e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6","digitalCertThumbprint":"980DAFCE13748BBD1D2A2EF29C153E6B44FE5AFF","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admin@mytechmedia.net, CN=MY TECH MEDIA LTD, O=MY TECH MEDIA LTD, STREET=11 Hamanofim, L=Herzliya, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516185493, OID.2.5.4.15=Private Organization","sourceIndex":"262","avBlockList":["360 Total Security (20230502)","Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","Norton Security (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","Trend Micro Internet Security (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","McAfee Total Protection (20230502)","Panda Dome (20230502)","VIPRE Advanced Security (20230502)","Windows Defender (20230502)"]},{"isRevoked":"False","fileName":"PDFPower2.exe","isInstaller":"True","companyName":"MYTECH MEDIA LTD","fileVersion":"1.2","hashMD5":"6a49ba414d53c304bddcbd4a501281cd","hashSHA1":"fa2b6890445b0d4767b2a9e9422a6a21abb9d070","hashSHA256":"97445d4769ff1459a0c44c5b8f6ecc3ae242c3d140ee754f0d707bbe5e66946a","digitalCertThumbprint":"980DAFCE13748BBD1D2A2EF29C153E6B44FE5AFF","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=admin@mytechmedia.net, CN=MY TECH MEDIA LTD, O=MY TECH MEDIA LTD, STREET=11 Hamanofim, L=Herzliya, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516185493, OID.2.5.4.15=Private Organization","sourceIndex":"262","avBlockList":["360 Total Security (20230502)","Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Quick Heal Internet Security (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","McAfee Total Protection (20230502)","Trend Micro Internet Security (20230502)","VIPRE Advanced Security (20230502)","Windows Defender (20230502)"]}],"additionalFiles":[],"sources":[{"howFound":"Security partner report","reference":"Offers","landingPage":"https://www.pdfconverterpower.net/","ipv4":"","ipv6":"","sourceIndex":"262"}],"sampleFiles":["230418/PDFPower-230418/4.0.1.0/Samples/PDFPower.exe","230418/PDFPower-230418/4.0.1.0/Samples/PDFPower2.exe"],"imageFiles":["230418/PDFPower-230418/4.0.1.0/Images/ACR-047/PDFPower2_013_055_2.JPG","230418/PDFPower-230418/4.0.1.0/Images/ACR-047/PDFPower_013_055_2.JPG","230418/PDFPower-230418/4.0.1.0/Images/ACR-055/PDFPower2_013_055.JPG","230418/PDFPower-230418/4.0.1.0/Images/ACR-055/PDFPower_013_055.JPG","230418/PDFPower-230418/4.0.1.0/Images/ACR-013/PDFPower2_013_055.JPG","230418/PDFPower-230418/4.0.1.0/Images/ACR-013/PDFPower_013_055.JPG","230418/PDFPower-230418/4.0.1.0/Images/ACR-057/PDFPower2_013_055.JPG","230418/PDFPower-230418/4.0.1.0/Images/ACR-057/PDFPower_013_055.JPG"],"nonDeceptorImageFiles":[],"guid":"c225587d-41b7-4a34-9390-a7338c312b5d_4.0.1.0_1","appID":"PDFPower-230418","dateAdded":"230418","deceptorType":"App","name":"PDFPower","company":"MY TECH MEDIA LTD","version":"4.0.1.0","lastKnownStatus":"4.0.1.0","lastKnownDate":"241231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads,search","lastUpdate":"2024-12-31T21:47:02.5977272+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1044},{"violations":{"ACR-043":"1. The \"Free YouTube Download\" app's components get dropped in a single click without asking the user's permission and disclosing the installation path.\n2. The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent and does not disclose relevant license information about 'FFmPeg'.\n","ACR-107":"The app does not disclose relevant license information about 'FFmPeg'.\n","ACR-048":"The app does not provide any control to enable/disable the startup and to exit the app completely.\n","ACR-007":"The application logo is way too similar to the Windows logo, a misleading representation of the app source.\n","ACR-017":"The application logo is way too similar to the Windows logo, a misleading representation of the app source.\n","ACR-084":"The app creates an undisclosed Startup to perform an action without the user's knowledge and consent. When attempting to exit the app, one process still runs in the background without notifying user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent also not disclosed the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-040":"The app did not disclose components of \"FreeStudioManager\" are installed in the non-standard/noncommon folder.\n"},"samples":[{"isRevoked":"False","fileName":"FreeYouTubeDownload_Setup.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube Download (sc)                                  ","productVersion":"4.3.89.316                                        ","fileVersion":"4.3.89.316          ","hashMD5":"3938375634565351ce44694b488c16bf","hashSHA1":"c3b8f1bc713c89a54124eab95fee538f4c398e2f","hashSHA256":"374e99bc081c522910a571295a74b078c2994e2b6b0c2ebf8cc8fa005490aa41","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1154","avBlockList":["Avast Premium Security (20230502)","AVG Internet Security (20230502)","Avira Internet Security (20230502)","Norton Security (20230502)","Panda Dome (20230502)","Sophos Home Premium (20230502)","SpyHunter5 (20230502)","Total AV Antivirus Pro (20230502)","VirIT eXplorer PRO (20230502)","Webroot SecureAnywhere (20230502)"],"avAllowList":["360 Total Security (20230502)","Bitdefender Internet Security (20230502)","COMODO Antivirus (20230502)","Dr.Web Security Space (20230502)","ESET Internet Security (20230502)","G DATA INTERNET SECURITY (20230502)","K7 Total Security (20230502)","Kaspersky Internet Security (20230502)","Malwarebytes Premium (20230502)","McAfee Total Protection (20230502)","Quick Heal Internet Security (20230502)","Trend Micro Internet Security (20230502)","VIPRE Advanced Security (20230502)","Windows Defender (20230502)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt ","reference":"","landingPage":"https://www.dvdvideosoft.com/free-youtube-download-en1","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=topWinPrimaryLeft&auid=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeDownload.exe&ls=topWinPrimaryLeft&auid=true","sourceIndex":"1154"}],"sampleFiles":["230418/FreeYouTubeDownload-230417/4.3.89.316/Samples/FreeYouTubeDownload_Setup.exe"],"imageFiles":["230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-039/ACR-039.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-043/ACR-043.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-043/ACR-043_1.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-043/ACR-043_2.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-107/ACR-107.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-007/ACR-007.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-084/ACR-084.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-084/ACR-084_1.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-048/ACR-048.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-048/ACR-048_1.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-048/ACR-048_2.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-017/ACR-017.JPG","230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230418/FreeYouTubeDownload-230417/4.3.89.316/Images/ACR-040/ACR-040.JPG"],"guid":"65f3d067-948a-450b-91e3-374b9ba8ccfd_4.3.89.316_1","appID":"FreeYouTubeDownload-230417","dateAdded":"230418","deceptorType":"App","name":"Free YouTube Download","company":"Digital Wave Ltd","version":"4.3.89.316","lastKnownStatus":"4.3.89.316","lastKnownDate":"230418","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-04-18T20:59:11.1785261+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1045},{"violations":{"ACR-042":"The app and its components get dropped in one click without obtaining user's permission and disclosing the installation path and allowing the user to change it.\n","ACR-048":"The app does not provide an option to cancel the installation.\n","ACR-006":"The monetization should be clearly attributed. The call center name and website should be disclosed next to phone number.\n","ACR-103":"The primary function: real time protection and scanning can't be verified as presented in free mode, no threat was caught during our assessment. Also the \"Subscribe\" link from offer leads to a page which displays an error message as \"Page Not Found\".\n","ACR-168":"The app displays a support call center phone number but does not display that additional offers may be made during the one-on-one interaction with the consumer.\n","ACR-014":"App presents false claim that system is not protected while windows defender real time protection is running and on. \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal/cancellation in the internal offers.\n"},"nonDeceptorViolations":{"ACR-056":"The app advertises a Free trial,  but requires user to activate when the user attempts to do free scan and manage firewall.\n\n","ACR-167":"The App does not offer an at least 30-day refund.\n","ACR-168":"The landing page displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer \n"},"samples":[{"isRevoked":"False","fileName":"Global Antivirus.exe","productName":"CsWinFormsBlackApp","productVersion":"1.0.0.0","fileVersion":"1.0","hashMD5":"cadd014599f10c6537c4eaf127e635d4","hashSHA1":"d17dc667391f997d6e98355abe75165b37ecd86e","hashSHA256":"bb9eac1706a927b26756ccc783636166b77d26f7ea5a4314f7576be7f724b309","sourceIndex":"1156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Global-Antivirus-1.0.exe","isInstaller":"True","companyName":"Global ManySoft LTD","productName":"Global Antivirus","productVersion":"","fileVersion":"1.0","hashMD5":"a665d7f1ca6157fd1a170e70a7141bc8","hashSHA1":"1d002317c351ff4128289d3ef6c12d39edaf5d41","hashSHA256":"99f993e7129c866ff0897b0170d181347f000c875cfaee5751b4ca4ad1a4b139","sourceIndex":"1156","avBlockList":["360 Total Security (20230425)","Avira Internet Security (20230425)","Bitdefender Internet Security (20230425)","COMODO Antivirus (20230425)","ESET Internet Security (20230425)","G DATA INTERNET SECURITY (20230425)","K7 Total Security (20230425)","Norton Security (20230425)","Panda Dome (20230425)","Sophos Home Premium (20230425)","SpyHunter5 (20230425)","Total AV Antivirus Pro (20230425)","VIPRE Advanced Security (20230425)","VirIT eXplorer PRO (20230425)","Webroot SecureAnywhere (20230425)","Windows Defender (20230425)"],"avAllowList":["Avast Premium Security (20230425)","AVG Internet Security (20230425)","Dr.Web Security Space (20230425)","Kaspersky Internet Security (20230425)","Malwarebytes Premium (20230425)","Quick Heal Internet Security (20230425)","Trend Micro Internet Security (20230425)"]},{"isRevoked":"False","fileName":"Global Antivirus2.exe","productName":"CsWinFormsBlackApp","productVersion":"1.0.0.0","fileVersion":"1.0","hashMD5":"9889ee3d09dc54501034917df081d79a","hashSHA1":"7234fa9370348f4a184f490b07bfa5f8786459d5","hashSHA256":"28c47f900eee6315691d9a2c2106ba924f30580acd0952b595470dbfb9428a32","sourceIndex":"1156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Global Antivirus  2.0.exe","isInstaller":"True","companyName":"Global ManySoft LTD","productName":"Global Antivirus","productVersion":"","fileVersion":"1.0","hashMD5":"568931a7ec847deccbc81d78f56209c9","hashSHA1":"2ad5943cf35c17ea0973c24c613312dd42b0e1fc","hashSHA256":"e23735b71261bd7e73765f5cd50920ab363f0f10e0cfeb3277a099029940a069","sourceIndex":"1156","avBlockList":["360 Total Security (20230425)","Avira Internet Security (20230425)","Bitdefender Internet Security (20230425)","COMODO Antivirus (20230425)","G DATA INTERNET SECURITY (20230425)","K7 Total Security (20230425)","Norton Security (20230425)","Panda Dome (20230425)","Sophos Home Premium (20230425)","SpyHunter5 (20230425)","Total AV Antivirus Pro (20230425)","VIPRE Advanced Security (20230425)","VirIT eXplorer PRO (20230425)","Webroot SecureAnywhere (20230425)"],"avAllowList":["Avast Premium Security (20230425)","AVG Internet Security (20230425)","Dr.Web Security Space (20230425)","ESET Internet Security (20230425)","Kaspersky Internet Security (20230425)","Malwarebytes Premium (20230425)","Quick Heal Internet Security (20230425)","Trend Micro Internet Security (20230425)","Windows Defender (20230425)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://globalmanysoft.com/","directDownloadingLink":"http://globalmanysoft.com/wp-content/uploads/2023/02/Global-Antivirus-1.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://globalmanysoft.com/wp-content/uploads/2023/02/Global-Antivirus-1.0.exe","sourceIndex":"1156"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://download1585.mediafire.com/cq8c2v3tvsigebQPpSOjTq_j9Ospp1-VBIDQLj8Tp0KOjjBJLsGd59Mze41YsZPBTAm-BNXjXp4Ysdde-xSStC05PkY/51jqg2fcihpiu5c/Global+Antivirus++2.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download1585.mediafire.com/cq8c2v3tvsigebQPpSOjTq_j9Ospp1-VBIDQLj8Tp0KOjjBJLsGd59Mze41YsZPBTAm-BNXjXp4Ysdde-xSStC05PkY/51jqg2fcihpiu5c/Global+Antivirus++2.0.exe","sourceIndex":"1157"}],"sampleFiles":["230417/GlobalAntivirus-230413/1.0.0.0/Samples/Global Antivirus.exe","230417/GlobalAntivirus-230413/1.0.0.0/Samples/Global-Antivirus-1.0.exe","230417/GlobalAntivirus-230413/1.0.0.0/Samples/Global Antivirus2.exe","230417/GlobalAntivirus-230413/1.0.0.0/Samples/Global Antivirus  2.0.exe"],"imageFiles":["230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-042/ACR-042.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-042/ACR-042_048_CannotCancelInstallation.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-048/ACR-048_CannotCancelInstallation.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-103/SubscriptionPlan.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-103/404Error.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-103/GA_014.JPG","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-103/GA_014_2.JPG","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-168/CallCenter.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-168/CallCenter1.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-006/CallCenter.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-006/CallCenter1.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-014/GA_014.JPG","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-164/2-yearplan.png","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-164/GlobalManySoft_internalOffer.png","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-164/Time-boundOffer.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-165/2-yearplan.png","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-165/GlobalManySoft_internalOffer.png","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-165/Time-boundOffer.jpg"],"nonDeceptorImageFiles":["230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-056/FeeTrial.mp4","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-167/ACR-167.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-168/CallCenter.jpg","230417/GlobalAntivirus-230413/1.0.0.0/Images/ACR-006/CallCenter.jpg"],"guid":"44def312-645b-4a68-9557-0637e3e2673b_1.0.0.0_1","appID":"GlobalAntivirus-230413","dateAdded":"230417","deceptorType":"App","name":"Global Antivirus","company":"Global ManySoft LTD","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"230417","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-04-18T02:16:26.0461389+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1046},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a Relevant Knowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a Relevant Knowledge file “spt_setup.exe”. The app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its other components on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FreeBurningStudio.exe","fileVersion":"0.0","hashMD5":"1ba131b030d369d9e1cd9480e2a17d60","hashSHA1":"4d3529a32cf7d1f341ad267669b3cc297531304c","hashSHA256":"b6fc05830e35fff3d2b9efce6700b4a518d69acfb2258f14fa5ce81a5bc324af","sourceIndex":"1159","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeBurningStudio-setup.exe","isInstaller":"True","companyName":"TechWizard Soft Co., Ltd.                                   ","fileVersion":"0.0","hashMD5":"2595c239fb150ee0ffffe9e669d82280","hashSHA1":"a619f3d9304fd80dab35fbedaa11e280a4f94162","hashSHA256":"a9551d7db0ea423717c484ec3949e5035c5df0e51055b8918adf1dcd332a4b1e","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1159","avBlockList":["360 Total Security (20230420)","Avast Premium Security (20230420)","AVG Internet Security (20230420)","Avira Internet Security (20230420)","Bitdefender Internet Security (20230420)","COMODO Antivirus (20230420)","Dr.Web Security Space (20230420)","ESET Internet Security (20230420)","G DATA INTERNET SECURITY (20230420)","K7 Total Security (20230420)","Kaspersky Internet Security (20230420)","Malwarebytes Premium (20230420)","Norton Security (20230420)","Panda Dome (20230420)","Quick Heal Internet Security (20230420)","Sophos Home Premium (20230420)","SpyHunter5 (20230420)","Total AV Antivirus Pro (20230420)","Trend Micro Internet Security (20230420)","VIPRE Advanced Security (20230420)","VirIT eXplorer PRO (20230420)","Webroot SecureAnywhere (20230420)","Windows Defender (20230420)"],"avAllowList":["McAfee Total Protection (20230420)"]}],"additionalFiles":[],"sources":[{"howFound":"searched for similar sites with burnaware.com","reference":"","landingPage":"http://www.disc-maker.net/","directDownloadingLink":"http://www.disc-maker.net/FreeBurningStudio.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.disc-maker.net/FreeBurningStudio.exe","sourceIndex":"1159"}],"sampleFiles":["230413/FreeBurningStudio-230412/8.8.2.4/Samples/FreeBurningStudio.exe","230413/FreeBurningStudio-230412/8.8.2.4/Samples/FreeBurningStudio-setup.exe"],"imageFiles":["230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-109/ACR-109.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-047/ImportantUpdate.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-048/RK.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-048/Startup.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-010/RK.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-014/ImportantUpdate.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-118/ACR-118.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-122/ACR-122.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-057/RK_.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-059/RK_.jpg","230413/FreeBurningStudio-230412/8.8.2.4/Images/ACR-155/RK_.jpg"],"nonDeceptorImageFiles":[],"guid":"b94bc574-458a-40ff-a519-c335167ebfd5_8.8.2.4_1","appID":"FreeBurningStudio-230412","dateAdded":"230413","deceptorType":"App","name":"Free Burning Studio","company":"TechWizard Soft Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"Deceptor:8.8.2.4","lastKnownDate":"230413","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,mining","lastUpdate":"2023-04-13T22:51:24.2095106+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1047},{"violations":{"ACR-103":"The app displays random cache data (Ex: Brave, Pinterest, and Flipkart) and suggests cleaning up \"1.8 GB\" of junk/cache. After completing junk clean it says “Free 1.7 GB Storage”, but in the app settings, it displays the same size of cache data that can be cleaned. The app's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app displays random cache data (Ex: Brave, Pinterest, and Flipkart) and suggests cleaning up \"1.8 GB\" of junk/cache. After completing junk clean it says “Free 1.7 GB Storage”,  but in the app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.space.fast.cleaner.boost.security.apk","isInstaller":"True","companyName":"Space Monkey Game Studio","productName":"Junk Cleaner","productVersion":"3.1.8","fileVersion":"3.1.8","hashMD5":"579e2e83a8a682ca9b333691c1f6ed3f","hashSHA1":"a70d9cb7e3ccc8491a9970c0a2cbc11014bcaa35","hashSHA256":"8d5fd9987e4720c39f974576f52e591e5dff56a280d381e04348015ae407f19e","sourceIndex":"1161","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on junk cleaner","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.space.fast.cleaner.boost.security","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.space.fast.cleaner.boost.security","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.space.fast.cleaner.boost.security","sourceIndex":"1161"}],"sampleFiles":["230412/JunkCleaner-230410/3.1.8/Samples/com.space.fast.cleaner.boost.security.apk"],"imageFiles":["230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230412/JunkCleaner-230410/3.1.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"985734cd-3b31-4b11-95ce-8da0016fa6e2_3.1.8_1","appID":"JunkCleaner-230410","dateAdded":"230412","deceptorType":"Android App","name":"Junk Cleaner","company":"Space Monkey Game Studio","version":"3.1.8","lastKnownStatus":"DeceptorL3.1.8","lastKnownDate":"230412","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-04-12T11:33:49.9601416+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1048},{"violations":{"ACR-103":"The app suggests cleaning up \"118.4 MB\" of junk/cache (Ex: Brave, Flipkart, and Telegram). After completing junk clean it says “FINISHED! CLEANED”,  but in the app settings, it displays the same size of cache data that can be cleaned. The app's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"118.4 MB\" of junk/cache (Ex: Brave, Flipkart, and Telegram). After completing junk clean it says “FINISHED! CLEANED”,  but in the app settings it displays the same size of cache data that can be cleaned, which misleads the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"boom.phone.cleaner.booster.bravo.apk","isInstaller":"True","companyName":"Twain Labs Android","productName":"Cleaner & Mobile Booster","productVersion":"1.0.3","fileVersion":"1.0.3","hashMD5":"07e4a5e8722cc1e946f8ad1eb68ac011","hashSHA1":"bb37966d332f105c34740394b1c16bdd9765dc3e","hashSHA256":"e9e1ba28ad61dbf44b2343590ad16dd5d2ae4e0a720a4f178cb53cc9a9a28365","sourceIndex":"1160","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on junk cleaner","reference":"","landingPage":"https://play.google.com/store/apps/details?id=boom.phone.cleaner.booster.bravo&pli=1","directDownloadingLink":"https://play.google.com/store/apps/details?id=boom.phone.cleaner.booster.bravo&pli=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=boom.phone.cleaner.booster.bravo&pli=1","sourceIndex":"1160"}],"sampleFiles":["230412/CleanerMobileBooster-230411/1.0.3/Samples/boom.phone.cleaner.booster.bravo.apk"],"imageFiles":["230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230412/CleanerMobileBooster-230411/1.0.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"ecc8d96c-48a6-44fb-8ee1-98e0fe416bbd_1.0.3_1","appID":"CleanerMobileBooster-230411","dateAdded":"230412","deceptorType":"Android App","name":"Cleaner & Mobile Booster","company":"Twain Labs Android","version":"1.0.3","lastKnownStatus":"Deceptor:1.0.3","lastKnownDate":"230412","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-04-12T11:40:00.4249798+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1049},{"violations":{"ACR-103":" The app suggests cleaning up \"149.6 MB\" of junk/cache (Ex: Brave, Flipkart, and Telegram). After completing junk clean it says “FINISHED! CLEANED”, but in the app settings, it displays the same size of cache data that can be cleaned. The app's value proposition can't be verified  as it does not clean any junk/cache \n","ACR-014":"The app suggests cleaning up \"149.6 MB\" of junk/cache (Ex: Brave, Flipkart, and Telegram). After completing junk clean it says “FINISHED! CLEANED”, but in the app settings, it displays the same size of cache data that can be cleaned, which misleads the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"boom.phone.booster.cleaner.bravo.apk","isInstaller":"True","companyName":"Twain Labs Android","productName":"Mobile Booster & Cleaner","productVersion":"2.0.2","fileVersion":"2.0.2","hashMD5":"70d6e279217b69c55cc3db8a07590dc3","hashSHA1":"399a6230531186ff02fc35e31b29f68dd3ab4ce0","hashSHA256":"28145fd1770ddb2a7f2f44f86a5c41a15442e8c230605fd707f8241472e7a8df","sourceIndex":"1158","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=boom.phone.booster.cleaner.bravo","directDownloadingLink":"https://play.google.com/store/apps/details?id=boom.phone.booster.cleaner.bravo","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=boom.phone.booster.cleaner.bravo","sourceIndex":"1158"}],"sampleFiles":["230411/MobileBoosterCleaner-230411/2.0.2/Samples/boom.phone.booster.cleaner.bravo.apk"],"imageFiles":["230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230411/MobileBoosterCleaner-230411/2.0.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"8f7d86d2-7a07-4f58-b125-c700e1ce2d77_2.0.2_1","appID":"MobileBoosterCleaner-230411","dateAdded":"230411","deceptorType":"Android App","name":"Mobile Booster & Cleaner","company":"Twain Labs Android","version":"2.0.2","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,inject ads,display ads","lastUpdate":"2023-04-17T22:22:51.9018517+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":1050},{"violations":{"ACR-103":"The app suggests cleaning up \"89 MB\" of junk/cache (Ex: Brave, Flipkart, and Pinterest) After completing junk clean it says “89 MB Space freed up”,  but in app settings, it displays the same size of cache data that can be cleaned. The app's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"89 MB\" of junk/cache (Ex:  Brave, Flipkart, and Pinterest). After completing junk clean it says “89 MB Space freed up”, but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.storage.cleandroidects.master.sea.apk","isInstaller":"True","companyName":"markxu7822","productName":"Storage Master Cleaner","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"e1e450b91579eb2b43327b3bac9ebe53","hashSHA1":"8f7fd9ccc9db9a77f302bb15ecd33573272fe098","hashSHA256":"04ce5848fe5f47deb7366981fece1f119833465fbbb8a30ffaf758c5c241a32f","sourceIndex":"1166","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on junk cleaners","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.storage.cleandroidects.master.sea&pli=1","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.storage.cleandroidects.master.sea&pli=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.storage.cleandroidects.master.sea&pli=1","sourceIndex":"1166"}],"sampleFiles":["230406/StorageMasterCleaner-230406/1.0.0/Samples/com.storage.cleandroidects.master.sea.apk"],"imageFiles":["230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-014/ACR-103_Software_Scan_Result.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-014/ACR-103_Software_Cache_Before_Cleaning.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-014/ACR-103_Software_Cache_Before_Cleaning1.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-014/ACR-103_Software_Cache_Before_Cleaning2.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-014/ACR-103_Software_ScanResult_AfterFix.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-014/ACR-103_Software_Cache_After_Cleaning.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-014/ACR-103_Software_Cache_After_Cleaning1.jpg","230406/StorageMasterCleaner-230406/1.0.0/Images/ACR-014/ACR-103_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"b5cb6dc6-ca33-4373-81e6-284729cc07fc_1.0.0_1","appID":"StorageMasterCleaner-230406","dateAdded":"230406","deceptorType":"Android App","name":"Storage Master Cleaner","company":"markxu7822","version":"1.0.0","lastKnownStatus":"1.0.0","lastKnownDate":"230406","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-04-06T22:07:35.4369747+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1051},{"violations":{"ACR-109":"Download Manager secretly writes the files (some are set to be hidden and system only file) to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"Download manager drops hidden file/potential offer app info in hidden folder without user permission. \n","ACR-043":"The \"FilePlanetDownloadManager\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-075":"After carrier app was cancelled during installation, the offers are still installed without any notification for user.\n","ACR-039":"No clear indications of the relationship for the monetization components from CassiniLabs and Carrier app is disclosed to user before offers being prompts. The links for privacy policy and Term of use mislead user that they are for Carrier app. \n(https://cassinilabs.com/privacy-policy/)\n"},"nonDeceptorViolations":{"ACR-044":"Download manager doesn't disclose its bundling function when user choose to install carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"microsoft-word_2JhER-1.exe-833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa","isInstaller":"True","fileVersion":"4.78","hashMD5":"99a9fbd5fee72ce51585309390a46717","hashSHA1":"ff39c56312090a909c2c0c82629c552a3b252a98","hashSHA256":"833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa","digitalCertThumbprint":"2A144B8B0F3F257E206EA0702CFE73A2F17F47D0","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=INNOVA MEDIA d.o.o., O=INNOVA MEDIA d.o.o., L=Šempeter pri Gorici, S=Goriška, C=SI","sourceIndex":"1172","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted at BIBR","reference":"","landingPage":"https://microsoft-word.fileplanet.com/download","directDownloadingLink":"https://d32vwrrnmnd033.cloudfront.net/aCL5Zrb8E/9.9.54.0/microsoft-word.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://*.fileplanet.com/download","directDownloadingLinkWildChar":"https://d32vwrrnmnd033.cloudfront.net/*","sourceIndex":"1172"}],"sampleFiles":["230405/FilePlanetBunder-230321/4.78.2.0/Samples/microsoft-word_2JhER-1.exe-833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa"],"imageFiles":["230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-109/ACR-109.png","230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-039/ACR-039.png","230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-043/ACR-043.png","230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-042/ACR-042.png","230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-013/ACR-013_1.png","230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-013/ACR-013_2.png","230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-060/ACR-060_1.png","230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-060/ACR-060_2.png","230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-075/ACR-075.png"],"nonDeceptorImageFiles":["230405/FilePlanetBunder-230321/4.78.2.0/Images/ACR-044/ACR-044.png"],"guid":"aca7e9ba-d6ba-4779-967e-c9ff282f5eba_4.78.2.0_1","appID":"FilePlanetBunder-230321","dateAdded":"230405","deceptorType":"Bundler","name":"FilePlanetDownloadManager","company":"fileplanet.com","version":"4.78.2.0","lastKnownStatus":"4.78.2.0","lastKnownDate":"230405","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-04-06T04:01:09.5161383+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1052},{"violations":{"ACR-043":"The \"VuzeBittorrent\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification. \n","ACR-097":"App adds an exception for Windows firewall to evade the default system security guard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the \"AzureusTor.exe\" executable.\n","ACR-123":"The app does not remove the non-executable files even after uninstall and reboot. \n","ACR-035":"No EULA/Terms of Service or Privacy Policy is provided for the download manager. \n"},"samples":[{"isRevoked":"False","fileName":"VuzeBittorrentClientInstaller.exe-bde00314f437b8e383f0d1cac04c5f29e4edbd37c2b82f9e890c147280d281ff","isInstaller":"True","fileVersion":"1.0","hashMD5":"037d91c5c06601b3d6eab400ef72157e","hashSHA1":"fd948074d93ee79ba51e5015968c33246ae9af40","hashSHA256":"bde00314f437b8e383f0d1cac04c5f29e4edbd37c2b82f9e890c147280d281ff","digitalCertThumbprint":"F1C5E6132F17C43B31176162DEBE2C81CE25C9B6","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Azureus Software, Inc.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Azureus Software, Inc.\", L=Truckee, S=California, C=US","sourceIndex":"1168","avBlockList":["360 Total Security (20230418)","Avira Internet Security (20230418)","Dr.Web Security Space (20230418)","ESET Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Sophos Home Premium (20230418)","Total AV Antivirus Pro (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)"],"avAllowList":["Avast Premium Security (20230418)","AVG Internet Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Quick Heal Internet Security (20230418)","SpyHunter5 (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","Windows Defender (20230418)"]},{"isRevoked":"False","fileName":"Azureus.exe-0073287748ab4e14c9f5356b344d495083bab74aa24100a3211a8165960210a2","companyName":"Azureus Software, Inc","fileVersion":"5.0","hashMD5":"b8952cc3342c2571c3f92d49f230d07b","hashSHA1":"c3d1b2e54af7fd9a13c4cf5a96fa2750ae10ed79","hashSHA256":"0073287748ab4e14c9f5356b344d495083bab74aa24100a3211a8165960210a2","digitalCertThumbprint":"BBD8483766E3CDA310E1762A22BC0F3A79A3F41F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Azureus Software, Inc.\", O=\"Azureus Software, Inc.\", L=Incline Village, S=Nevada, C=US","sourceIndex":"1168","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AzureusTor.exe-b54ecec42419fb311f05f0caa9ae089fdb1cd2406bdc11c271162c30eed824fa","fileVersion":"0.0","hashMD5":"755db270d19284a0783151f394e7a73d","hashSHA1":"842efb1a141daa3636fe668ef0b3a256419f9818","hashSHA256":"b54ecec42419fb311f05f0caa9ae089fdb1cd2406bdc11c271162c30eed824fa","digitalCertThumbprint":"F1C5E6132F17C43B31176162DEBE2C81CE25C9B6","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Azureus Software, Inc.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Azureus Software, Inc.\", L=Truckee, S=California, C=US","sourceIndex":"1168","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search for keyword \"torrent download\" in web browser","reference":"","landingPage":"http://www.vuze.com/#","directDownloadingLink":"http://cf1.vuze.com/installers/VuzeBittorrentClientInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cf1.vuze.com/installers/VuzeBittorrentClientInstaller.exe","sourceIndex":"1168"}],"sampleFiles":["230402/VuzeBittorrent-230309/5.7.7.0/Samples/VuzeBittorrentClientInstaller.exe-bde00314f437b8e383f0d1cac04c5f29e4edbd37c2b82f9e890c147280d281ff","230402/VuzeBittorrent-230309/5.7.7.0/Samples/Azureus.exe-0073287748ab4e14c9f5356b344d495083bab74aa24100a3211a8165960210a2","230402/VuzeBittorrent-230309/5.7.7.0/Samples/AzureusTor.exe-b54ecec42419fb311f05f0caa9ae089fdb1cd2406bdc11c271162c30eed824fa"],"imageFiles":["230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-043/ACR-043.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-013/ACR-013_1.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-013/ACR-013_2.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-084/ACR-084.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-097/ACR-097.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-118/ACR-118.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-060/ACR-060_1.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-060/ACR-060_2.png"],"nonDeceptorImageFiles":["230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-092/ACR-092.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-123/ACR-123.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-035/ACR-035_1.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-035/ACR-035_2.png","230402/VuzeBittorrent-230309/5.7.7.0/Images/ACR-035/ACR-035_3.png"],"guid":"2089db8d-06c1-4673-a4aa-ece13feca2ca_5.7.7.0_1","appID":"VuzeBittorrent-230309","dateAdded":"230402","deceptorType":"App","name":"VuzeBittorrent","company":"www.vuze.com","version":"5.7.7.0","lastKnownStatus":"5.7.7.0","lastKnownDate":"230402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows Vista,Windows XP,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:42.6905372+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1053},{"violations":{"ACR-109":"3rd party components get dropped to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-053":"Missing \"Skip all\" functionality for the multiple offers presented.\n"},"nonDeceptorViolations":{"ACR-035":"The link to EULA and Privacy Policy at Install window does not identify the name of the App.\n"},"samples":[{"isRevoked":"False","fileName":"FFSetup5.13.0.0.exe","isInstaller":"True","companyName":"Free Time Co., Ltd","fileVersion":"5.13","hashMD5":"7874bbcb543e8d5c2218c283792ba2ac","hashSHA1":"fe5d3ff0a17aa3879738427a03fdf2af6204b46a","hashSHA256":"5c326d09136d1fb7134db1fc140b299633eccb6014d9aee9b6f679e35537e7bb","digitalCertThumbprint":"A9BB5B9F7DE5CA05A5831E6D9796928767434836","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS2, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Free Time Software Technology Co.,Ltd\", SERIALNUMBER=91310113MA1GKE078N, OID.2.5.4.15=Private Organization, O=\"Free Time Software Technology Co.,Ltd\", OID.1.3.6.1.4.1.311.60.2.1.3=CN, L=上海市, C=CN","sourceIndex":"1176","avBlockList":["Avast Premium Security (20230413)","AVG Internet Security (20230413)","Avira Internet Security (20230413)","Dr.Web Security Space (20230413)","ESET Internet Security (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VirIT eXplorer PRO (20230413)"],"avAllowList":["360 Total Security (20230413)","Bitdefender Internet Security (20230413)","COMODO Antivirus (20230413)","G DATA INTERNET SECURITY (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Quick Heal Internet Security (20230413)","Trend Micro Internet Security (20230413)","VIPRE Advanced Security (20230413)","Webroot SecureAnywhere (20230413)","Windows Defender (20230413)"]}],"additionalFiles":[],"sources":[{"howFound":"via BIBR","reference":"","landingPage":"http://www.pcfreetime.com/formatfactory/","directDownloadingLink":"http://public.pcfreetime.com/FFSetup5.13.0.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://public.pcfreetime.com/FFSetup5.13.0.0.exe","sourceIndex":"1176"}],"sampleFiles":["230402/FormatFactory-210308/5.13.0.0/Samples/FFSetup5.13.0.0.exe"],"imageFiles":["230402/FormatFactory-210308/5.13.0.0/Images/ACR-053/OptionalOffer1.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-053/OptionalOffer2.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-053/OptionalOffer3.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-109/ACR-043_109.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-043/ACR-043_109.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-042/ACR-042_NetworkTraffic_priorInstall.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-042/ACR-042_sharing_system_info_3rdParty.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-013/OptionalOffer1.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-013/OptionalOffer2.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-013/OptionalOffer3.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-060/OptionalOffer1.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-060/OptionalOffer2.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":["230402/FormatFactory-210308/5.13.0.0/Images/ACR-035/ACR-035_EULA.jpg","230402/FormatFactory-210308/5.13.0.0/Images/ACR-035/ACR-035_PP.jpg"],"guid":"8ccd81ea-113e-4a27-90c0-c2c789194335_5.13.0.0_1","appID":"FormatFactory-210308","dateAdded":"230402","deceptorType":"Bundler","name":"Format Factory","company":"Free Time Co Ltd","version":"5.13.0.0","firstResolvedVersion":"","lastKnownStatus":"5.6.5.0;5.9.0.0;5.10.0.0;5.14.0.0;5.13.0.0","lastKnownDate":"230402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-04-03T20:13:24.780617+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1054},{"violations":{"ACR-109":"3rd party components get dropped to consumer system under hidden folder without user agreeing to install.\n","ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-053":"Missing \"Skip all\" functionality for the multiple offers presented.\n"},"nonDeceptorViolations":{"ACR-035":"The link to EULA and Privacy Policy at Install window does not identify the name of the App.\n"},"samples":[{"isRevoked":"False","fileName":"FFSetup5.14.0.0.exe","isInstaller":"True","companyName":"Free Time Co., Ltd","fileVersion":"5.14","hashMD5":"f2f07b4dd20de401b689a1ba3b9f5ca7","hashSHA1":"83d3b6ba76b497e65af6d57a36226722df249c0f","hashSHA256":"973ccf9e5d637d13de5bfa05b8d2f05df3a1314c7986e296e3d8365c5906697a","digitalCertThumbprint":"A9BB5B9F7DE5CA05A5831E6D9796928767434836","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS2, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Free Time Software Technology Co.,Ltd\", SERIALNUMBER=91310113MA1GKE078N, OID.2.5.4.15=Private Organization, O=\"Free Time Software Technology Co.,Ltd\", OID.1.3.6.1.4.1.311.60.2.1.3=CN, L=上海市, C=CN","sourceIndex":"1177","avBlockList":["360 Total Security (20230525)","Avast Premium Security (20230525)","AVG Internet Security (20230525)","Avira Internet Security (20230525)","COMODO Antivirus (20230525)","Dr.Web Security Space (20230525)","ESET Internet Security (20230525)","K7 Total Security (20230525)","Norton Security (20230525)","Panda Dome (20230525)","Quick Heal Internet Security (20230525)","Sophos Home Premium (20230525)","SpyHunter5 (20230525)","Total AV Antivirus Pro (20230525)","VirIT eXplorer PRO (20230525)","Webroot SecureAnywhere (20230525)","Windows Defender (20230525)"],"avAllowList":["Bitdefender Internet Security (20230525)","G DATA INTERNET SECURITY (20230525)","Kaspersky Internet Security (20230525)","Malwarebytes Premium (20230525)","McAfee Total Protection (20230525)","Trend Micro Internet Security (20230525)","VIPRE Advanced Security (20230525)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://pcfreetime.com/formatfactory/index.php?language=en","landingPage":"http://pcfreetime.com/formatfactory/index.php?language=en","directDownloadingLink":"http://public.pcfreetime.com/FFSetup5.14.0.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://public.pcfreetime.com/FFSetup5.14.0.0.exe","sourceIndex":"1177"}],"sampleFiles":["230402/FormatFactory-210308/5.14.0.0/Samples/FFSetup5.14.0.0.exe"],"imageFiles":["230402/FormatFactory-210308/5.14.0.0/Images/ACR-053/OptionalOffer1.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-053/OptionalOffer2.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-053/OptionalOffer3.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-109/ACR-043_109.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-043/ACR-043_109.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-042/ACR-042_NetworkTraffic_priorInstall.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-042/ACR-042_sharing_system_info_3rdParty.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-013/OptionalOffer1.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-013/OptionalOffer2.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-013/OptionalOffer3.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-060/OptionalOffer1.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-060/OptionalOffer2.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-060/OptionalOffer3.jpg"],"nonDeceptorImageFiles":["230402/FormatFactory-210308/5.14.0.0/Images/ACR-035/ACR-035_EULA.jpg","230402/FormatFactory-210308/5.14.0.0/Images/ACR-035/ACR-035_PP.jpg"],"guid":"8ccd81ea-113e-4a27-90c0-c2c789194335_5.14.0.0_1","appID":"FormatFactory-210308","dateAdded":"230402","deceptorType":"Bundler","name":"Format Factory","company":"Free Time Co Ltd","version":"5.14.0.0","firstResolvedVersion":"","lastKnownStatus":"5.6.5.0;5.9.0.0;5.10.0.0;5.14.0.0;5.13.0.0","lastKnownDate":"230402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-04-03T20:12:53.554786+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1055},{"violations":{"ACR-043":"The app drops \"Adaware\" component before accepting the Adaware Web Companion offer and some of the third-party components like \"The QT Company Ltd\" and \"BrightData\" which are not provided to the consumer in the EULA during installation.\n","ACR-107":"The app installs \"FFmpeg\" and \"The QT company LTD\"package and doesn't include the open source license or the source code or link to the source code.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by share resource usage.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\FormatFactory\\FormatFactory.exe","companyName":"Free Time Co. Ltd.","productName":"Format Factory","productVersion":"5.10.0.0","fileVersion":"5.10.0.0","hashMD5":"6a579f4951132ea7372ff2aa6cb3a2f8","hashSHA1":"ee67c729c75a0df9fd10e6de1672aebf8517a0fc","hashSHA256":"81c72fa4dcb2aa4f6915249c6c90b145c7b47ed73e1b8f529225fd5d7cb6d5b6","digitalCertThumbprint":"DB862DA99FCF4ACAF362E9E3EA21D5AB388F5136","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"暇光软件科技（上海）有限公司","storeId":"","sourceIndex":"1633","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"formatfactory-5-10-0-0.exe","isInstaller":"True","companyName":"Free Time Co. Ltd","productName":"Format Factory","productVersion":"5.10.0.0","fileVersion":"5.10.0.0","hashMD5":"b18be65c4120e3f68a9dbcc48c35d274","hashSHA1":"fcda1ba879daf931481f82aadf151cc50043568b","hashSHA256":"fdcab7d13b2b255174baed6a4a8ebed8c8f58daf7ae3ecf1da1c1a2388d4ccd1","digitalCertThumbprint":"00863E057C3AE9980EF7B85C48305CF7F9CA936D","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"Free Time Software Technology Co.Ltd","storeId":"","sourceIndex":"1633","avBlockList":["Avast Premium Security (20220310)","AVG Internet Security (20220310)","Avira Internet Security (20220310)","Bitdefender Internet Security (20220310)","Dr.Web Security Space (20220310)","ESET Internet Security (20220310)","G DATA INTERNET SECURITY (20220310)","K7 Total Security (20220310)","McAfee Total Protection (20220310)","Norton Security (20220310)","Panda Dome (20220310)","Quick Heal Internet Security (20220310)","Sophos Home Premium (20220310)","SpyHunter5 (20220310)","Total AV Antivirus Pro (20220310)","VIPRE Advanced Security (20220310)","VirIT eXplorer PRO (20220310)","Webroot SecureAnywhere (20220310)","Windows Defender (20220310)"],"avAllowList":["360 Total Security (20220310)","COMODO Antivirus (20220310)","Kaspersky Internet Security (20220310)","Malwarebytes Premium (20220310)","Tencent PC Manager (20220310)","Trend Micro Internet Security (20220310)"]}],"additionalFiles":[],"sources":[{"howFound":"Newer version","reference":"","landingPage":"http://www.pcfreetime.com/","directDownloadingLink":"http://public.pcfreetime.com/FFSetup5.10.0.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://public.pcfreetime.com/FFSetup5.10.0.0.exe","sourceIndex":"1633"}],"sampleFiles":["220214/FormatFactory-210308/5.10.0.0/Samples/formatfactory-5-10-0-0.exe"],"imageFiles":["220214/FormatFactory-210308/5.10.0.0/Images/ACR-107/ACR-107_Install_Drops_Third_Party.JPG","220214/FormatFactory-210308/5.10.0.0/Images/ACR-107/ACR-107_Install_Drops_Third_Party_1.JPG","220214/FormatFactory-210308/5.10.0.0/Images/ACR-043/ACR-043_Install_Third_Party_Dropped.JPG","220214/FormatFactory-210308/5.10.0.0/Images/ACR-043/ACR-043_Install_Third_Party_Dropped_1.JPG","220214/FormatFactory-210308/5.10.0.0/Images/ACR-043/ACR-043_Install_Third_Party_Dropped_2.JPG","220214/FormatFactory-210308/5.10.0.0/Images/ACR-007/ACR-007_Install_Reduces_Security.JPG","220214/FormatFactory-210308/5.10.0.0/Images/ACR-007/ACR-007_Install_Reduces_Security_1.JPG"],"nonDeceptorImageFiles":[],"guid":"8ccd81ea-113e-4a27-90c0-c2c789194335_5.10.0.0_1","appID":"FormatFactory-210308","dateAdded":"230402","deceptorType":"Bundler","name":"Format Factory","company":"Free Time Co Ltd","version":"5.10.0.0","firstResolvedVersion":"","lastKnownStatus":"5.6.5.0;5.9.0.0;5.10.0.0;5.14.0.0;5.13.0.0","lastKnownDate":"230402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-04-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1056},{"violations":{"ACR-043":"The app drops \"Adaware\" component before accepting the Adaware Web Companion offer and some of the third party components like \"The QT Company Ltd\" and \"BrightData\" which are not provided to the consumer in the EULA during install.\n","ACR-107":"The app installs \"FFmpeg\" and \"The QT company LTD\"package and doesn't include the open source license or the source code or link to the source code.\n","ACR-048":"The app didn't provide any control within the app's settings to close the process that runs silently in the background.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by share resource usage.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer. \n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FFSetup5.9.0.0.exe","isInstaller":"True","companyName":"Free Time Co. Ltd","productName":"Format Factory","productVersion":"5.9.0.0","fileVersion":"5.9.0.0","hashMD5":"f19a0fc5760a0f85f5bfdff4ba2f5771","hashSHA1":"7e90b75c59281168f9b5ade7e5cc0607d0fc9448","hashSHA256":"9b71c676d10fffe11ca2a5c8447ff55564d2c023c12014bef4e250e6bfff119d","digitalCertThumbprint":"00863E057C3AE9980EF7B85C48305CF7F9CA936D","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"Free Time Software Technology Co.Ltd","storeId":"","sourceIndex":"1732","avBlockList":["Avast Premium Security (20220120)","AVG Internet Security (20220120)","Avira Internet Security (20220120)","Dr.Web Security Space (20220120)","ESET Internet Security (20220120)","K7 Total Security (20220120)","McAfee Total Protection (20220120)","Norton Security (20220120)","Panda Dome (20220120)","Sophos Home Premium (20220120)","SpyHunter5 (20220120)","Total AV Antivirus Pro (20220120)","VirIT eXplorer PRO (20220120)","Windows Defender (20220120)"],"avAllowList":["360 Total Security (20220120)","Bitdefender Internet Security (20220120)","COMODO Antivirus (20220120)","G DATA INTERNET SECURITY (20220120)","Kaspersky Internet Security (20220120)","Malwarebytes Premium (20220120)","Quick Heal Internet Security (20220120)","Tencent PC Manager (20220120)","Trend Micro Internet Security (20220120)","VIPRE Advanced Security (20220120)","Webroot SecureAnywhere (20220120)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\FormatFactory\\FormatFactory.exe","companyName":"Free Time Co. Ltd.","productName":"Format Factory","productVersion":"5.9.0.0","fileVersion":"5.9.0.0","hashMD5":"1e5342e9c18cf515d82c267a430852a5","hashSHA1":"22ab11513910b17638b771740387a82c63bddd3c","hashSHA256":"8e5562004bb6fd93b5d7fdbbabf7e6beea0d489a10a40e83426ef0a9c6e6397f","digitalCertThumbprint":"DB862DA99FCF4ACAF362E9E3EA21D5AB388F5136","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"暇光软件科技（上海）有限公司","storeId":"","sourceIndex":"1732","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler","reference":"","landingPage":"https://formatfactory.en.uptodown.com/windows/download","directDownloadingLink":"https://formatfactory.en.uptodown.com/windows/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://formatfactory.en.uptodown.com/windows/download","sourceIndex":"1732"}],"sampleFiles":["220113/FormatFactory-210308/5.9.0.0/Samples/FFSetup5.9.0.0.exe"],"imageFiles":["220113/FormatFactory-210308/5.9.0.0/Images/ACR-107/ACR-107_Install_Drops_Third_Party.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-107/ACR-107_Install_1.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-048/ACR-048_Software_No_Control_To_Quit.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-048/ACR-048_Software_No_Control_To_Quit_1.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_Improper_Accept_Decline_1.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Decline.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-055/ACR-055_Bundler-MadeOffers_Inconsistent_Decline_1.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-043/ACR-043_Install.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-043/ACR-043_Install_1.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-043/ACR-043_Install_2.JPG","220113/FormatFactory-210308/5.9.0.0/Images/ACR-007/ACR-007_Install_1.JPG"],"nonDeceptorImageFiles":[],"guid":"8ccd81ea-113e-4a27-90c0-c2c789194335_5.9.0.0_1","appID":"FormatFactory-210308","dateAdded":"230402","deceptorType":"Bundler","name":"Format Factory","company":"Free Time Co Ltd","version":"5.9.0.0","firstResolvedVersion":"","lastKnownStatus":"5.6.5.0;5.9.0.0;5.10.0.0;5.14.0.0;5.13.0.0","lastKnownDate":"230402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-04-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1057},{"violations":{"ACR-057":"App doesn't provide clear way for user to decline or Accept\n","ACR-055":"The offer requires the user to uncheck a checkbox in order to decline the offer.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n","ACR-036":"App does not disclose third party components in the EULA.\n","ACR-054":"The offer comes with a pre-checked checkbox and requires the user the uncheck it in order to decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"FFSetup5.6.5.0.exe","isInstaller":"True","companyName":"Free Time Co., Ltd","fileVersion":"5.6","hashMD5":"ee2211d0f7388de84024de4475c4b4a0","hashSHA1":"44e11fc00e1ae36d97d3338c88420824529e9a92","hashSHA256":"4303a38b00d67ce37c47f5a7b3bd9fe2a8996d373e79f6975c60e96d3d8a2476","digitalCertThumbprint":"51834A89DE8CCAEAD15423EF9FA21246448E8395","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS1, OU=\"(c) 2015 Entrust, Inc. - for authorized use only\", OU=See www.entrust.net/legal-terms, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Free Time Software Technology Co.,Ltd\", SERIALNUMBER=91310113MA1GKE078N, OID.2.5.4.15=Private Organization, O=\"Free Time Software Technology Co.,Ltd\", OID.1.3.6.1.4.1.311.60.2.1.3=CN, L=上海市, C=CN","sourceIndex":"1974","avBlockList":["Avast Premium Security (20210323)","AVG Internet Security (20210323)","Avira Internet Security (20210323)","ESET Internet Security (20210323)","K7 Total Security (20210323)","McAfee Total Protection (20210323)","Norton Security (20210323)","Panda Dome (20210323)","Quick Heal Internet Security (20210323)","Sophos Home Premium (20210323)","SpyHunter5 (20210323)","Total AV Antivirus Pro (20210323)","VirIT eXplorer PRO (20210323)","Webroot SecureAnywhere (20210323)"],"avAllowList":["360 Total Security (20210323)","Bitdefender Internet Security (20210323)","COMODO Antivirus (20210323)","Dr.Web Security Space (20210323)","G DATA INTERNET SECURITY (20210323)","Kaspersky Internet Security (20210323)","Malwarebytes Premium (20210323)","Tencent PC Manager (20210323)","Trend Micro Internet Security (20210323)","VIPRE Advanced Security (20210323)","Windows Defender (20210323)"]},{"isRevoked":"False","fileName":"FormatFactory.exe","companyName":"Free Time Co., Ltd.","fileVersion":"5.6","hashMD5":"7d81790018444baf92ffbd4341860e54","hashSHA1":"4c95b3bd1059ddf071e1c73bf07c4d241a0fbc1f","hashSHA256":"20ac824e0353e2405f6ed7babde7422b67ca2a636c2d69ada94e71f706e4b045","digitalCertThumbprint":"DB862DA99FCF4ACAF362E9E3EA21D5AB388F5136","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=暇光软件科技（上海）有限公司, OU=研发部, O=暇光软件科技（上海）有限公司, L=上海, C=CN","sourceIndex":"1974","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://pcfreetime.com/formatfactory/index.php?language=en","landingPage":"http://pcfreetime.com/formatfactory/index.php?language=en","directDownloadingLink":"http://public.pcfreetime.com/FFSetup5.6.5.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://public.pcfreetime.com/FFSetup5.6.5.0.exe","sourceIndex":"1974"}],"sampleFiles":["210309/FormatFactory-210308/5.6.5.0/Samples/FFSetup5.6.5.0.exe","210309/FormatFactory-210308/5.6.5.0/Samples/FormatFactory.exe"],"imageFiles":["210309/FormatFactory-210308/5.6.5.0/Images/ACR-057/Format Factory_Install [5].png","210309/FormatFactory-210308/5.6.5.0/Images/ACR-055/Format Factory_Install [5].png","210309/FormatFactory-210308/5.6.5.0/Images/ACR-055/Offer2_FormatFactory.JPG","210309/FormatFactory-210308/5.6.5.0/Images/ACR-055/Offer1_FormatFactory.JPG"],"nonDeceptorImageFiles":["210309/FormatFactory-210308/5.6.5.0/Images/ACR-099/Format Factory_About [1].png","210309/FormatFactory-210308/5.6.5.0/Images/ACR-036/Format Factory_Files [1].png","210309/FormatFactory-210308/5.6.5.0/Images/ACR-036/Format Factory_EULA_PrivacyPolicy[1].png","210309/FormatFactory-210308/5.6.5.0/Images/ACR-099/Format Factory_LandingPage [1].png","210309/FormatFactory-210308/5.6.5.0/Images/ACR-099/Format Factory_LandingPage [2].png","210309/FormatFactory-210308/5.6.5.0/Images/ACR-054/Format Factory_Install [5].png","210309/FormatFactory-210308/5.6.5.0/Images/ACR-054/Offer1_FormatFactory.JPG"],"guid":"8ccd81ea-113e-4a27-90c0-c2c789194335_5.6.5.0_1","appID":"FormatFactory-210308","dateAdded":"230402","deceptorType":"Bundler","name":"Format Factory","company":"Free Time Co Ltd","version":"5.6.5.0","sigName":"Deceptor:Win32/FormatFactoryBundler!057054","firstResolvedVersion":"","lastKnownStatus":"5.6.5.0;5.9.0.0;5.10.0.0;5.14.0.0;5.13.0.0","lastKnownDate":"230402","type":"Windows Executable","category":"Media players","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-04-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1058},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action.\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-013":"During installation, the user is interrupted by non-consented offer to silently install unrelated software.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its component on the device without the consumer's consent or notifying the user.\n","ACR-075":"After carrier app was cancelled during installation, the offer and carrier are still installed without any notification for user.\n","ACR-059":"Offer not marked as offer, or as optional. When offers are \"recommended\", there is no attribution for the recommendation.\n","ACR-039":"There is no clear indications of the relationship to the installer application. 360TotalSecurity is presented as the part of the installer application. Even consumer decline 360TotalSecurity app, it is still install nevertheless.\n"},"nonDeceptorViolations":{"ACR-044":"The installed app 360TotalSecurity is not properly disclosed to user before installation.\n"},"samples":[{"isRevoked":"False","fileName":"DevID_Agent_Installer.exe - 1fab32a7973e2c3c03a39ad197a2afeabadef421df3b87ee9e436f904a1ad519","isInstaller":"True","companyName":"Devid.Info","fileVersion":"1.0","hashMD5":"9a07353600761cc388ccdfd05f58baf3","hashSHA1":"33e1a9f33185da7a2b01344985b66ad4370168a2","hashSHA256":"1fab32a7973e2c3c03a39ad197a2afeabadef421df3b87ee9e436f904a1ad519","sourceIndex":"1178","avBlockList":["360 Total Security (20230413)","Avast Premium Security (20230413)","AVG Internet Security (20230413)","Avira Internet Security (20230413)","COMODO Antivirus (20230413)","ESET Internet Security (20230413)","G DATA INTERNET SECURITY (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)","Windows Defender (20230413)"],"avAllowList":["Bitdefender Internet Security (20230413)","Dr.Web Security Space (20230413)","Quick Heal Internet Security (20230413)","Trend Micro Internet Security (20230413)","VIPRE Advanced Security (20230413)"]},{"isRevoked":"False","fileName":"DevidAgent3.exe-ddb8e518a70ef5eb6965ed3098eaa02be7ce6b11a101b82c5168e74001a88e1c","fileVersion":"1.0","hashMD5":"2356e26a6fff799780f9bbf0cc5c1718","hashSHA1":"1ca846205f594b38f48bbe6b57d154d2a587827a","hashSHA256":"ddb8e518a70ef5eb6965ed3098eaa02be7ce6b11a101b82c5168e74001a88e1c","sourceIndex":"1178","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted App at BIBR","reference":"","landingPage":"https://devid.info/en/34080/sis-touch-controller","directDownloadingLink":"https://devid.info/v2/download/DevID_Agent_Installer.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://devid.info/v2/download/DevID_Agent_Installer.exe","sourceIndex":"1178"}],"sampleFiles":["230402/DevIDAgent-230322/4.49/Samples/DevID_Agent_Installer.exe - 1fab32a7973e2c3c03a39ad197a2afeabadef421df3b87ee9e436f904a1ad519","230402/DevIDAgent-230322/4.49/Samples/DevidAgent3.exe-ddb8e518a70ef5eb6965ed3098eaa02be7ce6b11a101b82c5168e74001a88e1c"],"imageFiles":["230402/DevIDAgent-230322/4.49/Images/ACR-039/ACR-039.png","230402/DevIDAgent-230322/4.49/Images/ACR-042/ACR-042.png","230402/DevIDAgent-230322/4.49/Images/ACR-048/ACR-048.png","230402/DevIDAgent-230322/4.49/Images/ACR-013/ACR-013.png","230402/DevIDAgent-230322/4.49/Images/ACR-118/ACR-118.png","230402/DevIDAgent-230322/4.49/Images/ACR-059/ACR-059.png","230402/DevIDAgent-230322/4.49/Images/ACR-075/ACR-075.png"],"nonDeceptorImageFiles":["230402/DevIDAgent-230322/4.49/Images/ACR-044/ACR-044.png"],"guid":"55b638cb-8212-48c2-8837-9af5d9eb6ba1_4.49_1","appID":"DevIDAgent-230322","dateAdded":"230402","deceptorType":"App","name":"DevID Agent","company":"devid.info","version":"4.49","lastKnownStatus":"4.49","lastKnownDate":"230402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-04-03T05:57:37.6543628+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1059},{"violations":{"ACR-103":"The app suggests cleaning up \"4.6 GB\" of packages and raises the consumer's urgency/alert with an exclamation symbol (Ex: Brave, Firefox and Facebook). After completing the clean, it says \"Phone Cleaned,\" and subsequent scans show the same number of packages to be cleaned. The app's value proposition cannot be validated because it does not clean any of the packages listed in the scan results.\n","ACR-014":"The app suggests cleaning up \"4.6 GB\" of packages and raises the consumer's urgency/alert with an exclamation symbol (Ex: Brave, Firefox and Facebook). After completing the clean, it says \"Phone Cleaned,\" and subsequent scans show the same number of packages to be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"fast.safe.guard.vpn.apk","isInstaller":"True","companyName":"Lumos LLC","productName":"Icon image Clean Guard: Phone Cleaner","productVersion":"1.35.0","fileVersion":"1.35.0","hashMD5":"efab0f4af670de83e27b182af7e44cff","hashSHA1":"c889e2decf4433b43dd9c2266a2e2a43a4b15904","hashSHA256":"faec025b36d2edad8ca5782923b55dc6f660c758b79239d53f7fa34165e120a4","sourceIndex":"1184","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on junk cleaner","reference":"","landingPage":"https://play.google.com/store/apps/details?id=fast.safe.guard.vpn","directDownloadingLink":"https://play.google.com/store/apps/details?id=fast.safe.guard.vpn","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=fast.safe.guard.vpn","sourceIndex":"1184"}],"sampleFiles":["230330/CleanGuardPhoneCleaner-230330/1.35.0/Samples/fast.safe.guard.vpn.apk"],"imageFiles":["230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230330/CleanGuardPhoneCleaner-230330/1.35.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"459ae3c9-4f32-4ebf-bcdf-4fb2b0dd3801_1.35.0_1","appID":"CleanGuardPhoneCleaner-230330","dateAdded":"230330","deceptorType":"Android App","name":"Clean Guard: Phone Cleaner","company":"Lumos LLC","version":"1.35.0","lastKnownStatus":"1.35.0","lastKnownDate":"230330","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-30T18:02:48.9659459+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1063},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer to who it is transmitting its data. The app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence.\n","ACR-097":"The app adds a Windows defender exclusion list by default while installing to evade the default system security guard.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"MPK View”, which is not related to the name \"Refog Employee Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-040":"The app is located inside a system file, which prevents the consumer from being able to find it.\n","ACR-065":"The install does not display links to the Privacy Policy and Returns and Cancellation Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer & executables. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"RefogEmployeeMonitor_Setup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"9.3.3.3990","fileVersion":"9.3.3.3990","hashMD5":"114a49ab571355c73753b73c1df5b798","hashSHA1":"08458a539cd8b1e0f8a391af6957cf1e9bdc5bfb","hashSHA256":"5e3d7849c260df3e6ee72208c163a24213c9d1a2c52f8be1a58fb67aaedd2b16","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1185","avBlockList":["360 Total Security (20230504)","Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","Bitdefender Internet Security (20230504)","ESET Internet Security (20230504)","G DATA INTERNET SECURITY (20230504)","K7 Total Security (20230504)","Kaspersky Internet Security (20230504)","Malwarebytes Premium (20230504)","McAfee Total Protection (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Quick Heal Internet Security (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","VIPRE Advanced Security (20230504)","Webroot SecureAnywhere (20230504)","Windows Defender (20230504)","VirIT eXplorer PRO (20230504)"],"avAllowList":["COMODO Antivirus (20230504)","Dr.Web Security Space (20230504)","Trend Micro Internet Security (20230504)"]},{"isRevoked":"False","fileName":"C:\\Windows\\SysWOW64\\MPK\\lsynchost.exe","companyName":"","productName":"","productVersion":"9.3.3.3990","fileVersion":"9.3.3.3990","hashMD5":"da40b71de2ff50c00831f799ff898794","hashSHA1":"e1213b03d0fabe88336824501b7d67077372ee2f","hashSHA256":"5325279e6f79811380184a9e86dfb0419c6ae4ec45cccd66c768f54938ac9710","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1185","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Windows\\SysWOW64\\MPK\\MPKView.exe","companyName":"","productName":"","productVersion":"9.3.3.3990","fileVersion":"9.3.3.3990","hashMD5":"a3bdc13e5847aa1f0ff4776b2875f04f","hashSHA1":"0afe0da7752de909ae54959e85db88bca556b294","hashSHA256":"9614a11db3c6fc75efdc319657f2be65e18e9e348fd156ee41e856f634445dee","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1185","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: \"monitor app\"","reference":"","landingPage":"https://www.refog.com/","directDownloadingLink":"https://rep2.refog.com/rfginst-drf6fpgb.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://rep2.refog.com/rfginst-drf6fpgb.zip","sourceIndex":"1185"}],"sampleFiles":["230330/RefogEmployeeMonitor-201231/9.3.3.3900/Samples/RefogEmployeeMonitor_Setup.exe"],"imageFiles":["230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-084/ACR-084.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-084/ACR-084_1.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-084/ACR-084_2.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-084/ACR-084_3.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-084/ACR-084_4.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-084/ACR-084_5.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-086/ACR-086.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-086/ACR-086_1.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-086/ACR-086_2.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-086/ACR-086_3.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-097/ACR-097.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-048/ACR-048.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-048/ACR-048_1.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-048/ACR-048_2.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-007/ACR-007.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-007/ACR-007_1.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-007/ACR-007_2.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-007/ACR-007_3.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-014/ACR-014.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-040/ACR-040.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-065/ACR-065_Install.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-092/ACR-092.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-065/ACR-065_Software1.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-065/ACR-065_LP.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-161/ACR-161.JPG","230330/RefogEmployeeMonitor-201231/9.3.3.3900/Images/ACR-065/ACR-065_IO.jpg"],"guid":"a9f8d74f-ee0b-4da2-83ea-cfed7571f346_9.3.3.3900_1","appID":"RefogEmployeeMonitor-201231","dateAdded":"230330","deceptorType":"App","name":"Refog Employee Monitor","company":"Refog Inc.","version":"9.3.3.3900","lastKnownStatus":"8.9.5.3190;9.3.1.3900;9.3.3.3900","lastKnownDate":"230330","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:43.205265+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1060},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer to who it is transmitting their data &  how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-097":"During installation, the app shows that \"The installed folder will be added to windows defender exclusion list\" to evade the default system security guard, without detailing the reason to the user. \n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"MPKView.exe”, which is not related to the name \"Refog Employee Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The hidden system file in which the app is located in is called \"MPK\", which has no relation to the app.\n","ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer & executables. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Windows\\SysWOW64\\MPK\\lsynchost.exe","companyName":"","productName":"","productVersion":"9.3.1.3900","fileVersion":"9.3.1.3900","hashMD5":"e376ecc3e082b9d57c46e465728a2d09","hashSHA1":"a23b9ecde6b81a4791c15229cab7d825d4f83855","hashSHA256":"560a2f22d0201ce4f8ec2537e02bf46e61bd3e60ae2ca2c99f9548c2a99e6733","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1497","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Windows\\SysWOW64\\MPK\\MPKView.exe","companyName":"","productName":"","productVersion":"9.3.1.3900","fileVersion":"9.3.1.3900","hashMD5":"f7837405c8fee6d73033f5808e5f9c41","hashSHA1":"07bb45790d8c092b116c46ace337f2c58de39d6a","hashSHA256":"0e8c8298cc5369c9232fc29d946b0094321e4b792d71a336df0c56308a40cb91","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1497","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RefogEmployeeMonitorSetup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"9.3.1.3900","fileVersion":"9.3.1.3900","hashMD5":"d751e3e10d7aa5ca041df5e14a3b6779","hashSHA1":"b69f045e99141d8eee330a4fb47bbda1c6154191","hashSHA256":"1a091724aa845f8b4b326c55d347f7acd757a00ff644aeee3839e02fcbf57fac","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1497","avBlockList":["360 Total Security (20230418)","Avast Premium Security (20230418)","AVG Internet Security (20230418)","Avira Internet Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Quick Heal Internet Security (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)","Windows Defender (20230418)"],"avAllowList":["Dr.Web Security Space (20230418)","Tencent PC Manager (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: \"monitor app\"","reference":"","landingPage":"https://www.refog.com/","directDownloadingLink":"https://rep2.refog.com/rfginst-drf6fpgb.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://rep2.refog.com/rfginst-drf6fpgb.zip","sourceIndex":"1497"}],"sampleFiles":["220726/RefogEmployeeMonitor-201231/9.3.1.3900/Samples/RefogEmployeeMonitorSetup.exe"],"imageFiles":["220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-084/ACR-084.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-084/ACR-084_1.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-084/ACR-084_2.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-084/ACR-084_3.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-086/ACR-086.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-086/ACR-086_1.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-086/ACR-086_2.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-086/ACR-086_3.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-097/ACR-097.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-048/ACR-048.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-048/ACR-048_1.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-007/ACR-007.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-007/ACR-007_1.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-007/ACR-007_2.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-014/ACR-014.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-116/ACR-116.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-116/ACR-116_1.JPG"],"nonDeceptorImageFiles":["220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-038/ACR-038.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-040/ACR-040.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-065/ACR-065_Install.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-092/ACR-092.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-065/ACR-065_Software.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-167/ACR-167.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-065/ACR-065_Landingpage.JPG","220726/RefogEmployeeMonitor-201231/9.3.1.3900/Images/ACR-161/ACR-161.JPG"],"guid":"a9f8d74f-ee0b-4da2-83ea-cfed7571f346_9.3.1.3900_1","appID":"RefogEmployeeMonitor-201231","dateAdded":"230330","deceptorType":"App","name":"Refog Employee Monitor","company":"Refog Inc.","version":"9.3.1.3900","lastKnownStatus":"8.9.5.3190;9.3.1.3900;9.3.3.3900","lastKnownDate":"230330","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-03-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1061},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"he app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"MPKView.exe”, which is not related to the name \"Refog Employee Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The hidden system file in which the app is located in is called \"MPK\", which has no relation to the app.\n","ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"rem-8-9-5-3190.exe","isInstaller":"True","fileVersion":"8.9","hashMD5":"d9ac014f50bc4a5ccb4e42817826e316","hashSHA1":"9c8ceee6186a7abda19cece15556416de5fbfd05","hashSHA256":"5e5456a9fc8101ba8c94a9e821fc6aed945d41cfa39fa8784c97985954c5118b","digitalCertThumbprint":"9AC6C306F3C18B298884E02AA796559E5681E6A0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Refog Inc., O=Refog Inc., L=Alexandria, S=Virginia, C=US","sourceIndex":"2015","avBlockList":["360 Total Security (20210415)","Avast Premium Security (20210415)","AVG Internet Security (20210415)","Avira Internet Security (20210415)","Bitdefender Internet Security (20210415)","COMODO Antivirus (20210415)","ESET Internet Security (20210415)","G DATA INTERNET SECURITY (20210415)","K7 Total Security (20210415)","Kaspersky Internet Security (20210415)","Malwarebytes Premium (20210415)","McAfee Total Protection (20210415)","Norton Security (20210415)","Panda Dome (20210415)","Quick Heal Internet Security (20210415)","Sophos Home Premium (20210415)","SpyHunter5 (20210415)","Tencent PC Manager (20210415)","Total AV Antivirus Pro (20210415)","VIPRE Advanced Security (20210415)","VirIT eXplorer PRO (20210415)","Webroot SecureAnywhere (20210415)","Windows Defender (20210415)"],"avAllowList":["Dr.Web Security Space (20210415)","Trend Micro Internet Security (20210415)"]},{"isRevoked":"False","fileName":"rfginst-drf6fpgb.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"442d304f2db4832729a72ed4d52e16e4983144cae44d6bb3b8151130164807bb","sourceIndex":"2015","avBlockList":["360 Total Security (20210415)","Avast Premium Security (20210415)","AVG Internet Security (20210415)","Avira Internet Security (20210415)","Bitdefender Internet Security (20210415)","COMODO Antivirus (20210415)","ESET Internet Security (20210415)","G DATA INTERNET SECURITY (20210415)","K7 Total Security (20210415)","Kaspersky Internet Security (20210415)","Malwarebytes Premium (20210415)","McAfee Total Protection (20210415)","Norton Security (20210415)","Panda Dome (20210415)","Quick Heal Internet Security (20210415)","Sophos Home Premium (20210415)","SpyHunter5 (20210415)","Tencent PC Manager (20210415)","Total AV Antivirus Pro (20210415)","VIPRE Advanced Security (20210415)","VirIT eXplorer PRO (20210415)","Webroot SecureAnywhere (20210415)","Windows Defender (20210415)"],"avAllowList":["Dr.Web Security Space (20210415)","Trend Micro Internet Security (20210415)"]},{"isRevoked":"False","fileName":"MPK.exe","fileVersion":"8.9","hashMD5":"1160c5ccac7f91d5c6b989acaacaa210","hashSHA1":"65cdeaee794ba8f4fe4463cff7ff869eff9042cf","hashSHA256":"e2d6cd98e1b20cf6b9f949ee6a03f6a8768aa23d4bd038cde3d694af5a034eef","digitalCertThumbprint":"9AC6C306F3C18B298884E02AA796559E5681E6A0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Refog Inc., O=Refog Inc., L=Alexandria, S=Virginia, C=US","sourceIndex":"2015","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: \"monitor app\"","reference":"","landingPage":"https://www.refog.com/","directDownloadingLink":"https://rep2.refog.com/rfginst-drf6fpgb.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://rep2.refog.com/rfginst-drf6fpgb.zip","sourceIndex":"2015"}],"sampleFiles":["201231/RefogEmployeeMonitor-201231/8.9.5.3190/Samples/rem-8-9-5-3190.exe","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Samples/rfginst-drf6fpgb.zip","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Samples/MPK.exe"],"imageFiles":["201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-084/EmployeeMonitor_AppsList [2].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-084/EmployeeMonitor_Files [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-084/EmployeeMonitor_Install [6].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-084/EmployeeMonitor_Interactions [4] Settings.png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-086/EmployeeMonitor_Install [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-086/EmployeeMonitor_Install [3].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-086/EmployeeMonitor_Interactions [4] Settings.png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-086/EmployeeMonitor_Interactions [5] Settings.png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-086/EmployeeMonitor_Interactions [6] Settings.png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-086/EmployeeMonitor_Install [6].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-048/EmployeeMonitor_Install [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-048/EmployeeMonitor_AppsList [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-007/EmployeeMonitor_Install [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-007/EmployeeMonitor_Install [6].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-007/EmployeeMonitor_Interactions [4] Settings.png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-014/EmployeeMonitor_RunningProcess [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-116/EmployeeMonitor_Interactions [4] Settings.png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-116/EmployeeMonitor_AppsList [2].png"],"nonDeceptorImageFiles":["201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-038/EmployeeMonitor_Files [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-040/EmployeeMonitor_Files [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-065/EmployeeMonitor_Install [2].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-065/EmployeeMonitor_About [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-065/EmployeeMonitor_LandingPage [2].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-161/EmployeeMonitor_LandingPage [1] Testimonial.png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-065/EmployeeMonitor_OfferPage [1].png","201231/RefogEmployeeMonitor-201231/8.9.5.3190/Images/ACR-065/EmployeeMonitor_OfferPage [2].png"],"guid":"a9f8d74f-ee0b-4da2-83ea-cfed7571f346_8.9.5.3190_1","appID":"RefogEmployeeMonitor-201231","dateAdded":"230330","deceptorType":"App","name":"Refog Employee Monitor","company":"Refog Inc.","version":"8.9.5.3190","sigName":"Deceptor:Win32/RefogEmployeeMonitorStalkerware!084086048007014116","lastKnownStatus":"8.9.5.3190;9.3.1.3900;9.3.3.3900","lastKnownDate":"230330","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-03-30T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1062},{"violations":{"ACR-103":"The app suggests cleaning up \"68 MB\" of junk/cache (Ex. Brave, Flipkart, and Telegram). After completing junk clean it says “Optimized”, but in the app settings, it displays the same size of cache data that can be cleaned. The app's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"68 MB\" of junk/cache. After completing junk clean it says “Optimized”, but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"batterysaver.phonecleaner.phonebooster.junkcleaner.apk","isInstaller":"True","companyName":"Games Tree","productName":"Battery Health - Junk Cleaner","productVersion":"1.0.5","fileVersion":"1.0.5","hashMD5":"b3b0fa809fc8ed8b175043ac7b5620df","hashSHA1":"4fe34a1d63feb50f72a1f8b92135b109b58caf55","hashSHA256":"3aeb3f7616999702e326f8799739c05b9fcfc244de6dffe55e0e7329dab0b52e","sourceIndex":"1183","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Junk cleaners","reference":"","landingPage":"https://play.google.com/store/apps/details?id=batterysaver.phonecleaner.phonebooster.junkcleaner","directDownloadingLink":"https://play.google.com/store/apps/details?id=batterysaver.phonecleaner.phonebooster.junkcleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=batterysaver.phonecleaner.phonebooster.junkcleaner","sourceIndex":"1183"}],"sampleFiles":["230330/BatteryHealthJunkCleaner-230329/1.0.5/Samples/batterysaver.phonecleaner.phonebooster.junkcleaner.apk"],"imageFiles":["230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230330/BatteryHealthJunkCleaner-230329/1.0.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"d071c3af-3471-4522-9616-36e334880fc2_1.0.5_1","appID":"BatteryHealthJunkCleaner-230329","dateAdded":"230330","deceptorType":"Android App","name":"Battery Health - Junk Cleaner","company":"Games Tree","version":"1.0.5","lastKnownStatus":"1.0.5","lastKnownDate":"230330","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-30T18:07:57.1695934+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1065},{"violations":{"ACR-103":"The app displays a random cache/junk data and suggests cleaning up \"275.6 MB\" of junk/cache (Ex. JioCinema, Telegram, and Pinterest). After completing junk clean it says “FINISHED! CLEANED”,  but in app settings, it displays the same size of cache data that can be cleaned. The app's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app displays a random cache/junk data and suggests cleaning up \"275.6 MB\" of junk/cache (Ex. JioCinema, Telegram, and Pinterest). After completing junk clean it says “FINISHED! CLEANED”,  but in the app settings, it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.boost.cleanerphone.apk","isInstaller":"True","companyName":"Useful App Service","productName":"Cleaner & Android","productVersion":"3.0.0","fileVersion":"3.0.0","hashMD5":"61edd23a26127e708dfd8745333d6f36","hashSHA1":"5327d45e313b04d674016a3699083baee035c73c","hashSHA256":"21a87a7249502bcc15987254a059ee39dcb42c9280ef070331e8dc04404f89ff","sourceIndex":"1182","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on junk cleaners","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.boost.cleanerphone","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.boost.cleanerphone","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.boost.cleanerphone","sourceIndex":"1182"}],"sampleFiles":["230330/CleanerAndroid-230327/3.0.0/Samples/com.boost.cleanerphone.apk"],"imageFiles":["230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230330/CleanerAndroid-230327/3.0.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"e38293c6-8b33-4b93-9467-2233c152cd45_3.0.0_1","appID":"CleanerAndroid-230327","dateAdded":"230330","deceptorType":"Android App","name":"Cleaner & Android","company":"Useful App Service","version":"3.0.0","lastKnownStatus":"3.0.0","lastKnownDate":"230330","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-30T18:10:15.0307482+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1064},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-065":"The app does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe install does not display links to the  Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"SafeJKA                                                     ","fileVersion":"0.0","hashMD5":"14f9c940282ee0f2da15040094f8b650","hashSHA1":"3f8a709f6d61b969654626e8dc35e88073d265e9","hashSHA256":"cbd59415c82cbc97b3c87063b394dd88f7273aeb77b861ccc52d5264dbeaad25","digitalCertThumbprint":"47A732FF3F6087071731F64AC66951FF7200CE57","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=SafeJKA SRL, O=SafeJKA SRL, STREET=27 str. Paris, L=Chisinau, S=Chisinau, C=MD, OID.1.3.6.1.4.1.311.60.2.1.3=MD, SERIALNUMBER=1016600042604, OID.2.5.4.15=Private Organization","sourceIndex":"2386","avBlockList":["360 Total Security (20210604)","Avast Internet Security (20200113)","AVG Internet Security (20210604)","Avira Internet Security (20210604)","Bitdefender Internet Security (20210604)","Dr.Web Security Space (20210604)","ESET Internet Security (20210604)","G DATA INTERNET SECURITY (20210604)","K7 Total Security (20210604)","Kaspersky Internet Security (20210604)","Malwarebytes Premium (20210604)","McAfee Total Protection (20210604)","Norton Security (20210604)","Panda Dome (20210604)","Quick Heal Internet Security (20210604)","Sophos Home Premium (20210604)","Tencent PC Manager (20210604)","VIPRE Advanced Security (20210604)","VirIT eXplorer PRO (20210604)","Webroot SecureAnywhere (20210604)","Windows Defender (20210604)","Avast Premium Security (20210604)","SpyHunter5 (20210604)","Total AV Antivirus Pro (20210604)"],"avAllowList":["COMODO Antivirus (20210604)","Trend Micro Internet Security (20210604)"]},{"isRevoked":"False","fileName":"Kidlogger.exe","companyName":"SafeJKA SRL","fileVersion":"7.1","hashMD5":"bf1e62fd3bcbeecfde25d6022d8e513c","hashSHA1":"87d14ab5f30a265e094c698efe21c6a55da9ac90","hashSHA256":"aab260dc56408c771037db5a2bbdb96afbcbe90292143f5e0645ffdb93c08044","digitalCertThumbprint":"47A732FF3F6087071731F64AC66951FF7200CE57","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=SafeJKA SRL, O=SafeJKA SRL, STREET=27 str. Paris, L=Chisinau, S=Chisinau, C=MD, OID.1.3.6.1.4.1.311.60.2.1.3=MD, SERIALNUMBER=1016600042604, OID.2.5.4.15=Private Organization","sourceIndex":"2386","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setupwin.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8e298cd36343f795b8acc6febdc4a06eeebdc4dd6f536a3e6618fc0a798c240b","sourceIndex":"2386","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","Panda Dome (20191219)","Tencent PC Manager (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)"],"avAllowList":["COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","Norton Security (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","Windows Defender (20191219)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://kidlogger.net/","directDownloadingLink":"http://kidlogger.net/download/win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://kidlogger.net/download/win","sourceIndex":"2386"}],"sampleFiles":["200713/Kidlogger-191206/7.2/Samples/install.exe","200713/Kidlogger-191206/7.2/Samples/Kidlogger.exe","200713/Kidlogger-191206/7.2/Samples/setupwin.zip"],"imageFiles":["200713/Kidlogger-191206/7.2/Images/ACR-086/Kidlogger_Interaction [1].png","200713/Kidlogger-191206/7.2/Images/ACR-086/Kidlogger_Settings [1].png","200713/Kidlogger-191206/7.2/Images/ACR-086/Kidlogger_Settings [2].png","200713/Kidlogger-191206/7.2/Images/ACR-086/Kidlogger_Settings [3].png","200713/Kidlogger-191206/7.2/Images/ACR-086/Kidlogger_Settings [4].png","200713/Kidlogger-191206/7.2/Images/ACR-086/Kidlogger_Settings [5].png","200713/Kidlogger-191206/7.2/Images/ACR-007/Kidlogger_Interaction [1].png"],"nonDeceptorImageFiles":["200713/Kidlogger-191206/7.2/Images/ACR-038/Kidlogger_Files [1].png","200713/Kidlogger-191206/7.2/Images/ACR-065/Kidlogger_Interaction [1].png","200713/Kidlogger-191206/7.2/Images/ACR-065/Kidlogger_Settings [1].png","200713/Kidlogger-191206/7.2/Images/ACR-099/Kidlogger_Interaction [1].png","200713/Kidlogger-191206/7.2/Images/ACR-099/Kidlogger_LandingPage [1].png","200713/Kidlogger-191206/7.2/Images/ACR-161/Kidlogger_LandingPage [1]_.png","200713/Kidlogger-191206/7.2/Images/ACR-065/Kidlogger_Install [1].png","200713/Kidlogger-191206/7.2/Images/ACR-065/Kidlogger_Install [2].png","200713/Kidlogger-191206/7.2/Images/ACR-099/Kidlogger_OfferPage [1].png","200713/Kidlogger-191206/7.2/Images/ACR-099/Kidlogger_OfferPage [2].png","200713/Kidlogger-191206/7.2/Images/ACR-099/Kidlogger_OfferPage [3].png"],"guid":"e8b896fe-4f36-4476-8f71-f0c216af0d87_7.2_1","appID":"Kidlogger-191206","dateAdded":"230328","deceptorType":"App","name":"KidLogger","company":"SafeJKA SRL","version":"7.2","sigName":"Deceptor:Win32/KidLoggerStalkerware!086007","lastKnownStatus":"7.1.11.1;7.2;8.5;9.0;9.6;9.9","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1076},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. And  it can require a password to open it.\n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe install wizard does not display links to the  Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The application's landing webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Kidlogger.exe","companyName":"SafeJKA SRL","fileVersion":"8.6","hashMD5":"37a6dab8842e5b2e6eafdb2143014434","hashSHA1":"66f2f673d471af74cffbc57260bc1cf262c0685a","hashSHA256":"def13bf4a52a8b2f147294bc123a225c0f68528514a54ee037a3c1f6b69e6769","digitalCertThumbprint":"7FA6330809966EE38F9601F6542FBBA87C46ACB0","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=SAFEJKA SRL, O=SAFEJKA SRL, STREET=\"str. Paris, 27\", L=Chişinău, S=Chişinău, C=MD, OID.1.3.6.1.4.1.311.60.2.1.3=MD, SERIALNUMBER=1016600042604, OID.2.5.4.15=Private Organization","sourceIndex":"1760","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setupwin.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"afe17730d4130f70a0bc1953d125b10464703dc8c7aa028b7f77c2af7b3b8167","sourceIndex":"1760","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"SafeJKA                                                     ","fileVersion":"0.0","hashMD5":"c93e147bc836254313f6eb018fb47712","hashSHA1":"70f015dcea7dede495980c6d3176fc01647a272f","hashSHA256":"72bc499196ba3dd245f4315456f02cb7d892d51973faffa0a3aa3e22a90bb9df","digitalCertThumbprint":"7FA6330809966EE38F9601F6542FBBA87C46ACB0","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=SAFEJKA SRL, O=SAFEJKA SRL, STREET=\"str. Paris, 27\", L=Chişinău, S=Chişinău, C=MD, OID.1.3.6.1.4.1.311.60.2.1.3=MD, SERIALNUMBER=1016600042604, OID.2.5.4.15=Private Organization","sourceIndex":"1760","avBlockList":["360 Total Security (20210525)","Avast Premium Security (20210525)","AVG Internet Security (20210525)","Bitdefender Internet Security (20210525)","Dr.Web Security Space (20210525)","ESET Internet Security (20210525)","G DATA INTERNET SECURITY (20210525)","K7 Total Security (20210525)","Kaspersky Internet Security (20210525)","Malwarebytes Premium (20210525)","McAfee Total Protection (20210525)","Norton Security (20210525)","Panda Dome (20210525)","Quick Heal Internet Security (20210525)","Sophos Home Premium (20210525)","SpyHunter5 (20210525)","Tencent PC Manager (20210525)","VIPRE Advanced Security (20210525)","VirIT eXplorer PRO (20210525)","Webroot SecureAnywhere (20210525)","Windows Defender (20210525)"],"avAllowList":["Avira Internet Security (20210525)","COMODO Antivirus (20210525)","Total AV Antivirus Pro (20210525)","Trend Micro Internet Security (20210525)"]},{"isRevoked":"False","fileName":"Kidlogger [2].exe","companyName":"SafeJKA SRL","fileVersion":"8.6","hashMD5":"ec9b2dd67ec766472225f7c0ffe0456e","hashSHA1":"270ce6dd0595c708af0c1fd3d7e9c86dcf6baf20","hashSHA256":"31271907db17640e051df7e7ae474d0cdc19fbb26e2f4bbb108e81fca4247ca5","digitalCertThumbprint":"7FA6330809966EE38F9601F6542FBBA87C46ACB0","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=SAFEJKA SRL, O=SAFEJKA SRL, STREET=\"str. Paris, 27\", L=Chişinău, S=Chişinău, C=MD, OID.1.3.6.1.4.1.311.60.2.1.3=MD, SERIALNUMBER=1016600042604, OID.2.5.4.15=Private Organization","sourceIndex":"1760","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setupwin [2].zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"06972b71edc4dc71db8cf81a09b53cf0c030c01a8654b8b6bf7f404714486b23","sourceIndex":"1760","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"monitoring_agent [2].exe","isInstaller":"True","companyName":"SafeJKA                                                     ","fileVersion":"0.0","hashMD5":"c5e70e0e5a61effebe7a21200d9581f3","hashSHA1":"4d748bead325916e568150aacde878b0a6130cfb","hashSHA256":"987e252e56951241d70169aa7278cd84e6a3f838615a6ce7235f89bead3f7dd4","digitalCertThumbprint":"7FA6330809966EE38F9601F6542FBBA87C46ACB0","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=SAFEJKA SRL, O=SAFEJKA SRL, STREET=\"str. Paris, 27\", L=Chişinău, S=Chişinău, C=MD, OID.1.3.6.1.4.1.311.60.2.1.3=MD, SERIALNUMBER=1016600042604, OID.2.5.4.15=Private Organization","sourceIndex":"1760","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://kidlogger.net/","directDownloadingLink":"http://kidlogger.net/download/win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://kidlogger.net/download/win","sourceIndex":"1760"}],"sampleFiles":["211220/Kidlogger-191206/9.0/Samples/Kidlogger.exe","211220/Kidlogger-191206/9.0/Samples/setupwin.zip","211220/Kidlogger-191206/9.0/Samples/install.exe","211220/Kidlogger-191206/9.0/Samples/Kidlogger [2].exe","211220/Kidlogger-191206/9.0/Samples/setupwin [2].zip","211220/Kidlogger-191206/9.0/Samples/monitoring_agent [2].exe"],"imageFiles":["211220/Kidlogger-191206/9.0/Images/ACR-086/KidLogger_Interactions [1].png","211220/Kidlogger-191206/9.0/Images/ACR-086/KidLogger_Interactions [3].png","211220/Kidlogger-191206/9.0/Images/ACR-086/KidLogger_Interactions [4 ].png","211220/Kidlogger-191206/9.0/Images/ACR-086/KidLogger_Interactions [5].png","211220/Kidlogger-191206/9.0/Images/ACR-086/KidLogger_Interactions [6].png","211220/Kidlogger-191206/9.0/Images/ACR-086/KidLogger_Interactions [7].png","211220/Kidlogger-191206/9.0/Images/ACR-007/KidLogger_Interactions [1].png","211220/Kidlogger-191206/9.0/Images/ACR-007/KidLogger_Interactions [3].png","211220/Kidlogger-191206/9.0/Images/ACR-007/KidLogger_Interactions [4 ].png","211220/Kidlogger-191206/9.0/Images/ACR-084/KidLogger_Interactions [1].png","211220/Kidlogger-191206/9.0/Images/ACR-084/KidLogger_Interactions [3].png","211220/Kidlogger-191206/9.0/Images/ACR-084/KidLogger_Interactions [4 ].png","211220/Kidlogger-191206/9.0/Images/ACR-084/KidLogger_Interactions [4].png","211220/Kidlogger-191206/9.0/Images/ACR-084/KidLogger_Interactions [8] Password.png","211220/Kidlogger-191206/9.0/Images/ACR-084/KidLogger_ControlPanel [1].png","211220/Kidlogger-191206/9.0/Images/ACR-116/KidLogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["211220/Kidlogger-191206/9.0/Images/ACR-065/KidLogger_Interactions [1].png","211220/Kidlogger-191206/9.0/Images/ACR-065/KidLogger_Interactions [3].png","211220/Kidlogger-191206/9.0/Images/ACR-065/KidLogger_Interactions [4 ].png","211220/Kidlogger-191206/9.0/Images/ACR-099/KidLogger_Interactions [1].png","211220/Kidlogger-191206/9.0/Images/ACR-099/KidLogger_LandingPage [2].png","211220/Kidlogger-191206/9.0/Images/ACR-161/KidLogger_LandingPage [1].png","211220/Kidlogger-191206/9.0/Images/ACR-065/KidLogger_Install [1].png","211220/Kidlogger-191206/9.0/Images/ACR-065/KidLogger_Install [2].png","211220/Kidlogger-191206/9.0/Images/ACR-065/KidLogger_Install [4].png","211220/Kidlogger-191206/9.0/Images/ACR-099/KidLogger_OfferPage [1].png","211220/Kidlogger-191206/9.0/Images/ACR-099/KidLogger_OfferPage [2].png"],"guid":"e8b896fe-4f36-4476-8f71-f0c216af0d87_9.0_1","appID":"Kidlogger-191206","dateAdded":"230328","deceptorType":"App","name":"KidLogger","company":"SafeJKA SRL","version":"9.0","sigName":"Deceptor:Win32/KidLoggerStalkerware!086007084116","lastKnownStatus":"7.1.11.1;7.2;8.5;9.0;9.6;9.9","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1074},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-084":"The app enables the user to hide the app from the system tray and  it can require a password to open it.\n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe install wizard does not display links to the  Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The application's landing webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\KidLogger\\Kidlogger.exe","companyName":"SafeJKA SRL","productName":"Monitoring Agent","productVersion":"8.6.11.1","fileVersion":"8.6.11.1","hashMD5":"a48062f8dc4f190f5642797c95e6e5eb","hashSHA1":"19ac8b4470ac04c6a4685e6f2e0ff2caf8dac7d0","hashSHA256":"c5b89d42861eaa4354311974a6aefa3f9e60e9fdb62b434a55dd142b33fac613","digitalCertThumbprint":"7FA6330809966EE38F9601F6542FBBA87C46ACB0","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"SAFEJKA SRL","storeId":"","sourceIndex":"1516","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"SafeJKA                                                     ","productName":"KidLogger                                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"df173bcee525d4f82b123936124c9707","hashSHA1":"46bbce23b44ac3fe62c09b7bd5d1d1d0e37aa329","hashSHA256":"c67d9e6ea9dddda9dd2811651f459f1560d8cb739e05253c6b0eb949f90e87cd","digitalCertThumbprint":"7FA6330809966EE38F9601F6542FBBA87C46ACB0","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"SAFEJKA SRL","storeId":"","sourceIndex":"1516","avBlockList":["360 Total Security (20230907)","Avast Premium Security (20230907)","AVG Internet Security (20230907)","Avira Internet Security (20230907)","Bitdefender Internet Security (20230907)","Dr.Web Security Space (20230907)","ESET Internet Security (20230907)","G DATA INTERNET SECURITY (20230907)","K7 Total Security (20230907)","Kaspersky Internet Security (20230907)","Malwarebytes Premium (20230907)","McAfee Total Protection (20230907)","Norton Security (20230907)","Panda Dome (20230907)","Quick Heal Internet Security (20230907)","Sophos Home Premium (20230907)","SpyHunter5 (20230907)","Total AV Antivirus Pro (20230907)","Trend Micro Internet Security (20230907)","VIPRE Advanced Security (20230907)","VirIT eXplorer PRO (20230907)","Webroot SecureAnywhere (20230907)","Windows Defender (20230907)"],"avAllowList":["COMODO Antivirus (20230907)","Tencent PC Manager (20220721)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger","reference":"","landingPage":"http://kidlogger.net/","directDownloadingLink":"http://kidlogger.net/download_win.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://kidlogger.net/download_win.html","sourceIndex":"1516"}],"sampleFiles":["220713/Kidlogger-191206/9.6/Samples/install.exe"],"imageFiles":["220713/Kidlogger-191206/9.6/Images/ACR-086/ACR-086_Software.JPG","220713/Kidlogger-191206/9.6/Images/ACR-086/ACR-086_Software_1.JPG","220713/Kidlogger-191206/9.6/Images/ACR-086/ACR-086_Software_2.JPG","220713/Kidlogger-191206/9.6/Images/ACR-086/ACR-086_Software_3.JPG","220713/Kidlogger-191206/9.6/Images/ACR-086/ACR-086_Software_4.JPG","220713/Kidlogger-191206/9.6/Images/ACR-086/ACR-086_Software_5.JPG","220713/Kidlogger-191206/9.6/Images/ACR-007/ACR-007_Software.JPG","220713/Kidlogger-191206/9.6/Images/ACR-007/ACR-007_Software_1.JPG","220713/Kidlogger-191206/9.6/Images/ACR-007/ACR-007_Software_2.JPG","220713/Kidlogger-191206/9.6/Images/ACR-084/ACR-084_Software.JPG","220713/Kidlogger-191206/9.6/Images/ACR-084/ACR-084_Software_1.JPG","220713/Kidlogger-191206/9.6/Images/ACR-084/ACR-084_Software_2.JPG","220713/Kidlogger-191206/9.6/Images/ACR-084/ACR-084_Software_3.JPG"],"nonDeceptorImageFiles":["220713/Kidlogger-191206/9.6/Images/ACR-065/ACR-065_Software.JPG","220713/Kidlogger-191206/9.6/Images/ACR-099/ACR-099_Software.JPG","220713/Kidlogger-191206/9.6/Images/ACR-099/ACR-099_Landingpage.JPG","220713/Kidlogger-191206/9.6/Images/ACR-161/ACR-161_Landingpage.JPG","220713/Kidlogger-191206/9.6/Images/ACR-065/ACR-065_Install.JPG","220713/Kidlogger-191206/9.6/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"e8b896fe-4f36-4476-8f71-f0c216af0d87_9.6_1","appID":"Kidlogger-191206","dateAdded":"230328","deceptorType":"App","name":"KidLogger","company":"SafeJKA SRL","version":"9.6","lastKnownStatus":"7.1.11.1;7.2;8.5;9.0;9.6;9.9","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1073},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-084":"The app enables the user to hide the app from the system tray and  it can require a password to open it.\n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe install wizard does not display links to the  Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The application's landing webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\KidLogger\\Kidlogger.exe","companyName":"SafeJKA SRL","productName":"Monitoring Agent","productVersion":"8.6.11.1","fileVersion":"8.6.11.1","hashMD5":"6cec96f605f67ca4f43c453694c136ce","hashSHA1":"e7122bacc4923b080e3abf542d79f7b848fb3b3a","hashSHA256":"af4bd58b75ccdb288ee7d6eb2c3fa2b750950efe1c712bead226c57c01e1cd76","digitalCertThumbprint":"7FA6330809966EE38F9601F6542FBBA87C46ACB0","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"SAFEJKA SRL","storeId":"","sourceIndex":"1188","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"SafeJKA                                                     ","productName":"KidLogger                                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"50961c9d41848144fe573f789808d330","hashSHA1":"a5d19a3273825416820fa417cc414ee6e56765e9","hashSHA256":"42dbb3211ba91d2280ac035637ddd5f830e4fe08c54a38f0642f0f0e2abdb902","digitalCertThumbprint":"7FA6330809966EE38F9601F6542FBBA87C46ACB0","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"SAFEJKA SRL","storeId":"","sourceIndex":"1188","avBlockList":["360 Total Security (20230504)","Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","Bitdefender Internet Security (20230504)","Dr.Web Security Space (20230504)","ESET Internet Security (20230504)","G DATA INTERNET SECURITY (20230504)","K7 Total Security (20230504)","Kaspersky Internet Security (20230504)","Malwarebytes Premium (20230504)","McAfee Total Protection (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Quick Heal Internet Security (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","Trend Micro Internet Security (20230504)","VIPRE Advanced Security (20230504)","VirIT eXplorer PRO (20230504)","Webroot SecureAnywhere (20230504)","Windows Defender (20230504)"],"avAllowList":["COMODO Antivirus (20230504)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on windows app","reference":"","landingPage":"http://kidlogger.net/","directDownloadingLink":"https://kidlogger.net/download/win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidlogger.net/download/win","sourceIndex":"1188"}],"sampleFiles":["230328/Kidlogger-191206/9.9/Samples/install.exe"],"imageFiles":["230328/Kidlogger-191206/9.9/Images/ACR-086/ACR-086.JPG","230328/Kidlogger-191206/9.9/Images/ACR-086/ACR-086_1.JPG","230328/Kidlogger-191206/9.9/Images/ACR-086/ACR-086_2.JPG","230328/Kidlogger-191206/9.9/Images/ACR-086/ACR-086_3.JPG","230328/Kidlogger-191206/9.9/Images/ACR-086/ACR-086_4.JPG","230328/Kidlogger-191206/9.9/Images/ACR-007/ACR-007.JPG","230328/Kidlogger-191206/9.9/Images/ACR-007/ACR-007_1.JPG","230328/Kidlogger-191206/9.9/Images/ACR-007/ACR-007_2.JPG","230328/Kidlogger-191206/9.9/Images/ACR-084/ACR-084.JPG","230328/Kidlogger-191206/9.9/Images/ACR-084/ACR-084_1.JPG","230328/Kidlogger-191206/9.9/Images/ACR-084/ACR-084_2.JPG","230328/Kidlogger-191206/9.9/Images/ACR-084/ACR-084_3.JPG"],"nonDeceptorImageFiles":["230328/Kidlogger-191206/9.9/Images/ACR-065/ACR-065_Software.JPG","230328/Kidlogger-191206/9.9/Images/ACR-099/ACR-099.JPG","230328/Kidlogger-191206/9.9/Images/ACR-099/ACR-099_Landingpage.JPG","230328/Kidlogger-191206/9.9/Images/ACR-161/ACR-161.JPG","230328/Kidlogger-191206/9.9/Images/ACR-065/ACR-065_Install.JPG","230328/Kidlogger-191206/9.9/Images/ACR-099/ACR-099_InternalOffers.JPG"],"guid":"e8b896fe-4f36-4476-8f71-f0c216af0d87_9.9_1","appID":"Kidlogger-191206","dateAdded":"230328","deceptorType":"App","name":"KidLogger","company":"SafeJKA SRL","version":"9.9","lastKnownStatus":"7.1.11.1;7.2;8.5;9.0;9.6;9.9","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:43.2966213+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1072},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-065":"The app does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's install does not provide links to app's EULA, Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The app's landing page provides reviews, but does not provide links back to the original source, preventing credibility from being verified.\n","ACR-099":"The app's software does not provide links to uninstall information.\nThe app's landing page does not provide links to uninstall information.\nThe app's internal offers does not provide links to uninstall information.\nThe internal offers page does not provide links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"setupwin.zip","fileVersion":"0.","hashMD5":"ae27c5419e728cb9a5f277060e379900","hashSHA1":"272d42d303f2f6d4b335eca9dff0566680b759e8","hashSHA256":"8e298cd36343f795b8acc6febdc4a06eeebdc4dd6f536a3e6618fc0a798c240b","sourceIndex":"2583","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","Panda Dome (20191219)","Tencent PC Manager (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)"],"avAllowList":["COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","Norton Security (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","Windows Defender (20191219)"]},{"isRevoked":"False","fileName":"Kidlogger.exe","companyName":"SafeJKA SRL","productVersion":"7.1.11.1","fileVersion":"7.1.11.1","hashMD5":"bf1e62fd3bcbeecfde25d6022d8e513c","hashSHA1":"87d14ab5f30a265e094c698efe21c6a55da9ac90","hashSHA256":"aab260dc56408c771037db5a2bbdb96afbcbe90292143f5e0645ffdb93c08044","digitalCertThumbprint":"47A732FF3F6087071731F64AC66951FF7200CE57","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=SafeJKA SRL, O=SafeJKA SRL, STREET=27 str. Paris, L=Chisinau, S=Chisinau, C=MD, OID.1.3.6.1.4.1.311.60.2.1.3=MD, SERIALNUMBER=1016600042604, OID.2.5.4.15=Private Organization","sourceIndex":"2583","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"install.exe","isInstaller":"True","companyName":"SafeJKA                                                     ","fileVersion":"0.0","hashMD5":"14f9c940282ee0f2da15040094f8b650","hashSHA1":"3f8a709f6d61b969654626e8dc35e88073d265e9","hashSHA256":"cbd59415c82cbc97b3c87063b394dd88f7273aeb77b861ccc52d5264dbeaad25","digitalCertThumbprint":"47A732FF3F6087071731F64AC66951FF7200CE57","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=SafeJKA SRL, O=SafeJKA SRL, STREET=27 str. Paris, L=Chisinau, S=Chisinau, C=MD, OID.1.3.6.1.4.1.311.60.2.1.3=MD, SERIALNUMBER=1016600042604, OID.2.5.4.15=Private Organization","sourceIndex":"2583","avBlockList":["360 Total Security (20210604)","Avast Internet Security (20200113)","AVG Internet Security (20210604)","Avira Internet Security (20210604)","Bitdefender Internet Security (20210604)","Dr.Web Security Space (20210604)","ESET Internet Security (20210604)","G DATA INTERNET SECURITY (20210604)","K7 Total Security (20210604)","Kaspersky Internet Security (20210604)","Malwarebytes Premium (20210604)","McAfee Total Protection (20210604)","Norton Security (20210604)","Panda Dome (20210604)","Quick Heal Internet Security (20210604)","Sophos Home Premium (20210604)","Tencent PC Manager (20210604)","VIPRE Advanced Security (20210604)","VirIT eXplorer PRO (20210604)","Webroot SecureAnywhere (20210604)","Windows Defender (20210604)","Avast Premium Security (20210604)","SpyHunter5 (20210604)","Total AV Antivirus Pro (20210604)"],"avAllowList":["COMODO Antivirus (20210604)","Trend Micro Internet Security (20210604)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://kidlogger.net/","directDownloadingLink":"http://kidlogger.net/download_win.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://kidlogger.net/download_win.html","sourceIndex":"2583"}],"sampleFiles":["191210/Kidlogger-191206/7.1.11.1/Samples/setupwin.zip","191210/Kidlogger-191206/7.1.11.1/Samples/Kidlogger.exe","191210/Kidlogger-191206/7.1.11.1/Samples/install.exe"],"imageFiles":["191210/Kidlogger-191206/7.1.11.1/Images/ACR-086/KidLogger.png","191210/Kidlogger-191206/7.1.11.1/Images/ACR-007/KidLogger.png"],"nonDeceptorImageFiles":["191210/Kidlogger-191206/7.1.11.1/Images/ACR-038/ACR-038.png","191210/Kidlogger-191206/7.1.11.1/Images/ACR-065/KidLogger.png","191210/Kidlogger-191206/7.1.11.1/Images/ACR-099/KidLogger.png","191210/Kidlogger-191206/7.1.11.1/Images/ACR-099/Landing Page.png","191210/Kidlogger-191206/7.1.11.1/Images/ACR-099/Internal Offers.png","191210/Kidlogger-191206/7.1.11.1/Images/ACR-161/ACR-161.png","191210/Kidlogger-191206/7.1.11.1/Images/ACR-065/Install .png","191210/Kidlogger-191206/7.1.11.1/Images/ACR-099/Internal Offers.png"],"guid":"e8b896fe-4f36-4476-8f71-f0c216af0d87_7.1.11.1_1","appID":"Kidlogger-191206","dateAdded":"230328","deceptorType":"App","name":"KidLogger","company":"SafeJKA SRL","version":"7.1.11.1","sigName":"Deceptor:Win32/KidLoggerStalkerware!086007","lastKnownStatus":"7.1.11.1;7.2;8.5;9.0;9.6;9.9","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Android,MacOS,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1077},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"MPK Viewer\", which is not related to the name \"Refog Personal Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The hidden system file in which the app is located in is called \"MPK\", which has no relation to the app.\n","ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"rpm-9-1-0-3510.exe","isInstaller":"True","fileVersion":"9.1","hashMD5":"e221b634e6cbaf0cb3b443b7a872c2ba","hashSHA1":"54623ad7a3e0a7801beabf9de7ae6c5b007911bd","hashSHA256":"4394c581aa455371ca6a36ca9767d55047ec95f0acb5db8008da65ad951115d2","digitalCertThumbprint":"9AC6C306F3C18B298884E02AA796559E5681E6A0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Refog Inc., O=Refog Inc., L=Alexandria, S=Virginia, C=US","sourceIndex":"2639","avBlockList":["360 Total Security (20210513)","Avast Internet Security (20191202)","AVG Internet Security (20210513)","Avira Internet Security (20210513)","Bitdefender Internet Security (20210513)","COMODO Antivirus (20210513)","ESET Internet Security (20210513)","G DATA INTERNET SECURITY (20210513)","K7 Total Security (20210513)","Kaspersky Internet Security (20210513)","Malwarebytes Premium (20210513)","McAfee Total Protection (20210513)","Norton Security (20210513)","Panda Dome (20210513)","Quick Heal Internet Security (20210513)","Sophos Home Premium (20210513)","Tencent PC Manager (20210513)","Trend Micro Internet Security (20210513)","VIPRE Advanced Security (20210513)","VirIT eXplorer PRO (20210513)","Webroot SecureAnywhere (20210513)","Windows Defender (20210513)","Avast Premium Security (20210513)","SpyHunter5 (20210513)","Total AV Antivirus Pro (20210513)"],"avAllowList":["Dr.Web Security Space (20210513)"]},{"isRevoked":"False","fileName":"MPK.exe","fileVersion":"9.1","hashMD5":"2e565e993feeed7651fac4876a023eef","hashSHA1":"d7f76317330e2c7b896a0d7c3df424cd9cd43cb0","hashSHA256":"fb6e8570463f8dd494b545472a942479989ec0dec22a11179bfc17d1f64514e2","digitalCertThumbprint":"9AC6C306F3C18B298884E02AA796559E5681E6A0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Refog Inc., O=Refog Inc., L=Alexandria, S=Virginia, C=US","sourceIndex":"2639","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MPKView.exe","fileVersion":"9.1","hashMD5":"32f065da71bb5d0956650745a2b3aee9","hashSHA1":"e67d11bc72895689dc6826bfc66b5138c53ef337","hashSHA256":"2dd5522055ed3b8d8405558b6b3ec101ca84087a436140f8aa83e0ffdaa9c5b2","digitalCertThumbprint":"9AC6C306F3C18B298884E02AA796559E5681E6A0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Refog Inc., O=Refog Inc., L=Alexandria, S=Virginia, C=US","sourceIndex":"2639","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://remotekeyloggers.net/keyloggers-for-pc/","reference":"Hunt.Search","landingPage":"https://www.refog.com/","directDownloadingLink":"https://login.refog.com/api/v1/download?pid=rpm&ver=9.1.0.3510&sn=2&psw=refog","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://login.refog.com/api/v1/download?pid=rpm&ver=9.1.0.3510&sn=2&psw=refog","sourceIndex":"2639"}],"sampleFiles":["191101/RefogPersonalMonitor-191101/9.1.0.3510/Samples/rpm-9-1-0-3510.exe","191101/RefogPersonalMonitor-191101/9.1.0.3510/Samples/MPK.exe","191101/RefogPersonalMonitor-191101/9.1.0.3510/Samples/MPKView.exe"],"imageFiles":["191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-048/Refog Windows Uninstall.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-048/Refog Windows Hide program.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-007/Refog Windows Hide program.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-014/Refog Windows Different Name.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-084/Refog Windows Weird Folder thing.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-084/Refog Windows Hide program.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-086/Refog Windows Different Name.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-086/Refog Windows Hide program.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-116/Refog Windows Hide program.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-116/Refog Windows Uninstall.png"],"nonDeceptorImageFiles":["191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-038/Refog Windows Different Name.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-038/Refog Windows Weird Folder thing.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-040/Refog Windows Weird Folder thing.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-065/Refog Windows EULA.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-065/Refog Windows Terns of Service.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-065/Refog Windows About.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-065/Refog Windows Bottom of Landing Page.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-099/Refog Windows Bottom of Landing Page.png","191101/RefogPersonalMonitor-191101/9.1.0.3510/Images/ACR-099/Refog Windows Bottom of Internal Offers.png"],"guid":"d28b1ae0-441b-41b6-979f-fe81e395b79d_9.1.0.3510_1","appID":"RefogPersonalMonitor-191101","dateAdded":"230328","deceptorType":"App","name":"Refog Personal Monitor","company":"Refog","version":"9.1.0.3510","sigName":"Deceptor:Win32/RefogStalkerware!007014048084086116","lastKnownStatus":"Deceptor:9.1.0.3510;9.2.5.3700;9.3.0.3810;9.3.1.3900;9.3.3.3900","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1070},{"violations":{"ACR-103":"The app's cache cleaner \"More Features>Cache Cleaner\" suggests cleaning up from \"85 MB\" of junk/cache. After completing junk clean it says “Cache cleaned successfully”,  in app settings it displays same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache\n","ACR-014":"The app's cache cleaner \"More Features>Cache Cleaner\" suggests cleaning up from \"85 MB\" of junk/cache. After completing junk clean it says “Cache cleaned successfully”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.shexa.phonecleaner.apk","isInstaller":"True","companyName":"Shexa Technolabs","productName":"Phone and Memory Cleaner","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"efa6cec91e6da6ca6aac8a41ffc853b9","hashSHA1":"63b047773496f7dc9a1ec0e9c3cae3e483eb487d","hashSHA256":"cad6aa73d9a84089009cc397d28bbab2a387dfeda4d1272d789b8fc7dd5b7596","sourceIndex":"1186","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on junk cleaners","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.shexa.phonecleaner","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.shexa.phonecleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.shexa.phonecleaner","sourceIndex":"1186"}],"sampleFiles":["230328/PhoneandMemoryCleaner-230324/1.0.0/Samples/com.shexa.phonecleaner.apk"],"imageFiles":["230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_AppFreatures.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_AppFreatures1.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_AppFreatures.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_AppFreatures1.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230328/PhoneandMemoryCleaner-230324/1.0.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"9c3ada9a-9a65-45b8-a537-3baabebb6b6e_1.0.0_1","appID":"PhoneandMemoryCleaner-230324","dateAdded":"230328","deceptorType":"Android App","name":"Phone and Memory Cleaner","company":"Shexa Technolabs","version":"1.0.0","lastKnownStatus":"1.0.0","lastKnownDate":"230328","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-28T23:05:58.899554+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1071},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer, preventing it from showing in the system tray. It locates its installation directory inside of a system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence.\n","ACR-097":"App adds a Windows defender exclusion list by default while installing to evade the default system security guard.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"MPK View”, which is not related to the name \"Refog Personal Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-040":"The app is located inside a system file, which prevents the consumer from being able to find it.\n","ACR-065":"The install does not display links to the Privacy Policy and Returns and Cancellation Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"RefogPersonalMonitor_Setup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"9.3.3.3990","fileVersion":"9.3.3.3990","hashMD5":"1985f8de03ab25a70b639fdd9d5c202f","hashSHA1":"ba8bd1629ea214581c7c6c28a46ba11585162de2","hashSHA256":"ef1eaaf28adb5fd578b8ccf308b450888a84ea23566e83fb2c77f754429210b5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1187","avBlockList":["360 Total Security (20230530)","Avast Premium Security (20230530)","AVG Internet Security (20230530)","Avira Internet Security (20230530)","Bitdefender Internet Security (20230530)","ESET Internet Security (20230530)","G DATA INTERNET SECURITY (20230530)","K7 Total Security (20230530)","Kaspersky Internet Security (20230530)","Malwarebytes Premium (20230530)","McAfee Total Protection (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Quick Heal Internet Security (20230530)","Sophos Home Premium (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","VIPRE Advanced Security (20230530)","VirIT eXplorer PRO (20230530)","Webroot SecureAnywhere (20230530)","Windows Defender (20230530)"],"avAllowList":["COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","Trend Micro Internet Security (20230530)"]},{"isRevoked":"False","fileName":"C:\\Windows\\SysWOW64\\MPK\\MPKView.exe","companyName":"","productName":"","productVersion":"9.3.3.3990","fileVersion":"9.3.3.3990","hashMD5":"d79ab36855245036d5601bf14d789742","hashSHA1":"9003218c8b5867831eea1713635f0d972e7e7df4","hashSHA256":"00f8076491949c54b4988609c5572ccef722fe7516e4770f470b6c34b77a468a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1187","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Windows\\SysWOW64\\MPK\\lsynchost.exe","companyName":"","productName":"","productVersion":"9.3.3.3990","fileVersion":"9.3.3.3990","hashMD5":"1c8067b4c04ef679915c9c02efba3b0f","hashSHA1":"7fa1d4ede4e2fa4d15d33e5e058e09e3e9c334e1","hashSHA256":"8a5ac2ec17c47b3b08cc4ba4b6eb7ff85013b44bbf5cb4ded4ac30b5d7fa199a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1187","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://remotekeyloggers.net/keyloggers-for-pc/","reference":"Hunt.Search","landingPage":"https://www.refog.com/","directDownloadingLink":"https://login.refog.com/api/v1/download?pid=rpm&ver=9.1.0.3510&sn=2&psw=refog","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://login.refog.com/api/v1/download?pid=rpm&ver=9.1.0.3510&sn=2&psw=refog","sourceIndex":"1187"}],"sampleFiles":["230328/RefogPersonalMonitor-191101/9.3.3.3900/Samples/RefogPersonalMonitor_Setup.exe"],"imageFiles":["230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-048/ACR-048.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-048/ACR-048_1.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-007/ACR-007.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-007/ACR-007_1.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-014/ACR-014.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-084/ACR-084.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-084/ACR-084_1.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-084/ACR-084_2.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-086/ACR-086.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-086/ACR-086_1.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-086/ACR-086_3.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-097/ACR-097.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-116/ACR-116_1.JPG"],"nonDeceptorImageFiles":["230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-040/ACR-040.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-065/ACR-065_Install.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-065/ACR-065_Software.JPG","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-065/ACR-065_LP.jpg","230328/RefogPersonalMonitor-191101/9.3.3.3900/Images/ACR-065/ACR-065_IO.jpg"],"guid":"d28b1ae0-441b-41b6-979f-fe81e395b79d_9.3.3.3900_1","appID":"RefogPersonalMonitor-191101","dateAdded":"230328","deceptorType":"App","name":"Refog Personal Monitor","company":"Refog","version":"9.3.3.3900","lastKnownStatus":"Deceptor:9.1.0.3510;9.2.5.3700;9.3.0.3810;9.3.1.3900;9.3.3.3900","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:43.2658305+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1066},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-065":"The app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe install does not display links to the  Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://kidlogger.net/","directDownloadingLink":"http://kidlogger.net/download/win","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://kidlogger.net/download/win","sourceIndex":"2115"}],"sampleFiles":[],"imageFiles":["200902/Kidlogger-191206/8.5/Images/ACR-086/Kidlogger_Settings [1].png","200902/Kidlogger-191206/8.5/Images/ACR-086/Kidlogger_Settings [2].png","200902/Kidlogger-191206/8.5/Images/ACR-086/Kidlogger_Settings [3].png","200902/Kidlogger-191206/8.5/Images/ACR-086/Kidlogger_Settings [4].png","200902/Kidlogger-191206/8.5/Images/ACR-086/Kidlogger_Settings [5].png","200902/Kidlogger-191206/8.5/Images/ACR-086/Kidlogger_Settings [6].png","200902/Kidlogger-191206/8.5/Images/ACR-007/Kidlogger_Settings [1].png","200902/Kidlogger-191206/8.5/Images/ACR-007/Kidlogger_Settings [3].png"],"nonDeceptorImageFiles":["200902/Kidlogger-191206/8.5/Images/ACR-038/Kidlogger_Files [1].png","200902/Kidlogger-191206/8.5/Images/ACR-065/Kidlogger_Settings [1].png","200902/Kidlogger-191206/8.5/Images/ACR-065/Kidlogger_Settings [2].png","200902/Kidlogger-191206/8.5/Images/ACR-065/Kidlogger_Settings [3].png","200902/Kidlogger-191206/8.5/Images/ACR-099/Kidlogger_Settings [1].png","200902/Kidlogger-191206/8.5/Images/ACR-099/Kidlogger_LandingPage [1].png","200902/Kidlogger-191206/8.5/Images/ACR-161/Kidlogger_LandingPage [2] Testimonials.png","200902/Kidlogger-191206/8.5/Images/ACR-065/Kidlogger_Install [1].png","200902/Kidlogger-191206/8.5/Images/ACR-065/Kidlogger_Install [2].png","200902/Kidlogger-191206/8.5/Images/ACR-065/Kidlogger_Install [4].png","200902/Kidlogger-191206/8.5/Images/ACR-099/Kidlogger_OfferPage [1].png","200902/Kidlogger-191206/8.5/Images/ACR-099/Kidlogger_OfferPage [2].png","200902/Kidlogger-191206/8.5/Images/ACR-099/Kidlogger_OfferPage [3].png","200902/Kidlogger-191206/8.5/Images/ACR-099/Kidlogger_OfferPage [4].png"],"guid":"e8b896fe-4f36-4476-8f71-f0c216af0d87_8.5_1","appID":"Kidlogger-191206","dateAdded":"230328","deceptorType":"App","name":"KidLogger","company":"SafeJKA SRL","version":"8.5","sigName":"Deceptor:Win32/KidLogger!086007","lastKnownStatus":"7.1.11.1;7.2;8.5;9.0;9.6;9.9","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1075},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"MPK View”, which is not related to the name \"Refog Personal Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The hidden system file in which the app is located in is called \"MPK\", which has no relation to the app.\n","ACR-040":"The app is located inside a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The install does not display links to the Privacy Policy and Returns and Cancellation Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"rfginst-5qs6uctp\\rpm-9-3-0-3810.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"9.3.0.3810","fileVersion":"9.3.0.3810","hashMD5":"2be9631b61d3efbedef8890c82208d63","hashSHA1":"66ce5f14daa8db79b94edf3ed9fd674daf99bd6c","hashSHA256":"ab9d10013b3a2ae2a0e21fcfe5026b501d5039324c667e6ffd9365d57a0ea079","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1776","avBlockList":["360 Total Security (20211216)","Avast Premium Security (20211216)","AVG Internet Security (20211216)","Avira Internet Security (20211216)","Bitdefender Internet Security (20211216)","ESET Internet Security (20211216)","G DATA INTERNET SECURITY (20211216)","K7 Total Security (20211216)","Kaspersky Internet Security (20211216)","Malwarebytes Premium (20211216)","McAfee Total Protection (20211216)","Norton Security (20211216)","Panda Dome (20211216)","Quick Heal Internet Security (20211216)","Sophos Home Premium (20211216)","SpyHunter5 (20211216)","Tencent PC Manager (20211216)","Total AV Antivirus Pro (20211216)","Trend Micro Internet Security (20211216)","VIPRE Advanced Security (20211216)","VirIT eXplorer PRO (20211216)","Webroot SecureAnywhere (20211216)","Windows Defender (20211216)"],"avAllowList":["COMODO Antivirus (20211216)","Dr.Web Security Space (20211216)"]},{"isRevoked":"False","fileName":"C:\\Windows\\SysWOW64\\MPK\\MPKView.exe","companyName":"","productName":"","productVersion":"9.3.0.3810","fileVersion":"9.3.0.3810","hashMD5":"b0e56cab435f406563aad4531dafb60d","hashSHA1":"dd94b72721e16e9d90e560cf888db6d969f56acf","hashSHA256":"cb7089dc1193ea5f594f2f8d520e7139250afa0710fa7508f9e37e238535edfe","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1776","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on keyloggers","reference":"","landingPage":"https://www.refog.com/free-keylogger.html","directDownloadingLink":"https://login.refog.com/api/v1/download?pid=rpm&ver=9.3.0.3810&sn=2&psw=refog123","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://login.refog.com/api/v1/download?pid=rpm&ver=9.3.0.3810&sn=2&psw=refog123","sourceIndex":"1776"}],"sampleFiles":["211201/RefogPersonalMonitor-191101/9.3.0.3810/Samples/rpm-9-3-0-3810.exe"],"imageFiles":["211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-048/ACR-048_Software_Hidden_Option.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-048/ACR-048_Software_No_Control_To_Uninstall.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-007/ACR-007_Software_False_Claims.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-007/ACR-007_Software_False_Claims_2.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-007/ACR-007_Software_False_Claims_3.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-014/ACR-014_Software_Misleading_Name.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-084/ACR-084_Software_App_Hides_Itself_1.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-084/ACR-084_Software_App_Hides_Itself_2.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-084/ACR-084_Software_App_Hides_Itself_3.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-084/ACR-084_Software_App_Hides_Itself_4.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-084/ACR-084_Software_App_Hides_Itself_5.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-086/ACR-086_Software_Transmits_Data.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-086/ACR-086_Software_Transmits_Data_2.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-086/ACR-086_Software_Transmits_Data_3.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-086/ACR-086_Software_Transmits_Data_4.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-086/ACR-086_Software_Transmits_Data_5.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-116/ACR-116_Uninstall_Improper.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-116/ACR-116_Uninstall_Unable_To_Uninstall.JPG"],"nonDeceptorImageFiles":["211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-038/ACR-038_Install_File_Name_Misleads.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-038/ACR-038_Install_File_Name_Misleads_1.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-065/ACR-065_Install_No_Docs.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-065/ACR-065_Install_No_Docs_1.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-065/ACR-065_Software_No_Docs.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-065/ACR-065_LandingPage_No_Docs.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-065/ACR-065_InternalOffers_No_Docs.JPG","211201/RefogPersonalMonitor-191101/9.3.0.3810/Images/ACR-167/ACR-167_Docs_No_Refund_Policy.JPG"],"guid":"d28b1ae0-441b-41b6-979f-fe81e395b79d_9.3.0.3810_1","appID":"RefogPersonalMonitor-191101","dateAdded":"230328","deceptorType":"App","name":"Refog Personal Monitor","company":"Refog","version":"9.3.0.3810","lastKnownStatus":"Deceptor:9.1.0.3510;9.2.5.3700;9.3.0.3810;9.3.1.3900;9.3.3.3900","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1068},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"MPK View”, which is not related to the name \"Refog Personal Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The hidden system file in which the app is located in is called \"MPK\", which has no relation to the app.\n","ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The install does not display links to the Privacy Policy and Returns and Cancellation Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"MPKView.exe","fileVersion":"9.2","hashMD5":"5dae90bdc308fa3b54ce7acd16632834","hashSHA1":"4e2525bc9e5fa812a32cfde975a0ace4d0d125ba","hashSHA256":"436f2156760ff6a9d69604a69a8799d097d78847aa6d04dde7d635aa5ab92620","digitalCertThumbprint":"9AC6C306F3C18B298884E02AA796559E5681E6A0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Refog Inc., O=Refog Inc., L=Alexandria, S=Virginia, C=US","sourceIndex":"2042","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rfginst-3gm6551c.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"97f46d2066b84392352eef948bc1e71a6556241a8b0b2434042c0737da4231a5","sourceIndex":"2042","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rpm-9-2-5-3700.exe","isInstaller":"True","fileVersion":"9.2","hashMD5":"0aaf0ba77dbcf29ac0a61f4e1db29702","hashSHA1":"a60b561bc24407f50de36f34238875c9a15e3b25","hashSHA256":"6f1772bc3adacc79ebeae9648f2d2eae60108f1d6f3ed61826e661ad78994e1f","digitalCertThumbprint":"9AC6C306F3C18B298884E02AA796559E5681E6A0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Refog Inc., O=Refog Inc., L=Alexandria, S=Virginia, C=US","sourceIndex":"2042","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)"],"avAllowList":["Dr.Web Security Space (20210427)","Trend Micro Internet Security (20210427)","Windows Defender (20210427)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.refog.com/","directDownloadingLink":"https://login.refog.com/account/login/","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://login.refog.com/account/login/","sourceIndex":"2042"}],"sampleFiles":["201118/RefogPersonalMonitor-191101/9.2.5.3700/Samples/MPKView.exe","201118/RefogPersonalMonitor-191101/9.2.5.3700/Samples/rfginst-3gm6551c.zip","201118/RefogPersonalMonitor-191101/9.2.5.3700/Samples/rpm-9-2-5-3700.exe"],"imageFiles":["201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-048/Refog Personal Monitor_Install [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-048/Refog Personal Monitor_ControlPanel [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-007/Refog Personal Monitor_Install [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-007/Refog Personal Monitor_Settings [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-007/Refog Personal Monitor_Install [5] HotKey.png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-014/Refog Personal Monitor_RunningProcess [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-084/Refog Personal Monitor_Files [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-084/Refog Personal Monitor_Files [2].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-084/Refog Personal Monitor_Install [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-084/Refog Personal Monitor_Install [5] HotKey.png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-084/Refog Personal Monitor_Settings [3].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-086/Refog Personal Monitor_Install [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-086/Refog Personal Monitor_Settings [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-086/Refog Personal Monitor_Settings [2].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-086/Refog Personal Monitor_Settings [3].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-086/Refog Personal Monitor_Install [5] HotKey.png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-116/Refog Personal Monitor_Install [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-116/Refog Personal Monitor_ControlPanel [1].png"],"nonDeceptorImageFiles":["201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-038/Refog Personal Monitor_Files [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-038/Refog Personal Monitor_Files [2].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-040/Refog Personal Monitor_Files [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-040/Refog Personal Monitor_Files [2].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-065/Refog Personal Monitor_Install [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-065/Refog Personal Monitor_Install [2] EULA.png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-065/Refog Personal Monitor_About [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-065/Refog Personal Monitor_LandingPage [1].png","201118/RefogPersonalMonitor-191101/9.2.5.3700/Images/ACR-065/Refog Personal Monitor_OfferPage [1].png"],"guid":"d28b1ae0-441b-41b6-979f-fe81e395b79d_9.2.5.3700_1","appID":"RefogPersonalMonitor-191101","dateAdded":"230328","deceptorType":"App","name":"Refog Personal Monitor","company":"Refog","version":"9.2.5.3700","sigName":"Deceptor:Win32/RefogPersonalMonitor!048007014084086116","lastKnownStatus":"Deceptor:9.1.0.3510;9.2.5.3700;9.3.0.3810;9.3.1.3900;9.3.3.3900","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1069},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"MPK View”, which is not related to the name \"Refog Personal Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The hidden system file in which the app is located in is called \"MPK\", which has no clear relation to the app and not easy for user to identify the app by name.\n","ACR-040":"The app is located inside a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The install does not display links to the Privacy Policy and Returns and Cancellation Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Returns and Cancellation Policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"MPKView.exe","fileVersion":"9.3","hashMD5":"f7837405c8fee6d73033f5808e5f9c41","hashSHA1":"07bb45790d8c092b116c46ace337f2c58de39d6a","hashSHA256":"0e8c8298cc5369c9232fc29d946b0094321e4b792d71a336df0c56308a40cb91","sourceIndex":"1574","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rpm-9-3-1-3900-v0.exe","isInstaller":"True","fileVersion":"9.3","hashMD5":"d751e3e10d7aa5ca041df5e14a3b6779","hashSHA1":"b69f045e99141d8eee330a4fb47bbda1c6154191","hashSHA256":"1a091724aa845f8b4b326c55d347f7acd757a00ff644aeee3839e02fcbf57fac","sourceIndex":"1574","avBlockList":["360 Total Security (20230418)","Avast Premium Security (20230418)","AVG Internet Security (20230418)","Avira Internet Security (20230418)","Bitdefender Internet Security (20230418)","COMODO Antivirus (20230418)","ESET Internet Security (20230418)","G DATA INTERNET SECURITY (20230418)","K7 Total Security (20230418)","Kaspersky Internet Security (20230418)","Malwarebytes Premium (20230418)","McAfee Total Protection (20230418)","Norton Security (20230418)","Panda Dome (20230418)","Quick Heal Internet Security (20230418)","Sophos Home Premium (20230418)","SpyHunter5 (20230418)","Total AV Antivirus Pro (20230418)","Trend Micro Internet Security (20230418)","VIPRE Advanced Security (20230418)","VirIT eXplorer PRO (20230418)","Webroot SecureAnywhere (20230418)","Windows Defender (20230418)"],"avAllowList":["Dr.Web Security Space (20230418)","Tencent PC Manager (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"https://remotekeyloggers.net/keyloggers-for-pc/","reference":"Hunt.Search","landingPage":"https://www.refog.com/","directDownloadingLink":"https://login.refog.com/api/v1/download?pid=rpm&ver=9.3.1.3900&sn=2&psw=refog123","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://login.refog.com/api/v1/download?pid=rpm&ver=9.3.1.3900&sn=2&psw=refog123","sourceIndex":"1574"}],"sampleFiles":["220602/RefogPersonalMonitor-191101/9.3.1.3900/Samples/MPKView.exe","220602/RefogPersonalMonitor-191101/9.3.1.3900/Samples/rpm-9-3-1-3900-v0.exe"],"imageFiles":["220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-048/ACR-048_systray.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-048/ACR-048_Uninstall.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-007/ACR_007_Hotkey.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-007/ACR-007_Hide.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-014/ACR-014_MPK.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-084/ACR_084_Hotkey.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-084/ACR-038_040_084_HiddenFolder.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-084/ACR-084_systray.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-086/ACR-086_Software_Transmits_Data.JPG","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-086/ACR_086_Hotkey.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-086/ACR-086_DifferentName.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-086/ACR-086_Hide.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-116/ACR-116_Uninstall_Improper.JPG","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-116/ACR-116_Hidden.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-116/ACR-116_Uninstall.jpg"],"nonDeceptorImageFiles":["220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-038/ACR-038_NameDiffer1.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-038/ACR-038_NameDiffer2.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-038/ACR-038_040_HiddenFolder.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-040/ACR-038_040_HiddenFolder.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-040/ACR-038_NameDiffer2.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-065/ACR-065_Install.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-065/ACR-065_Install_NoDocs.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-065/Refog_About.jpg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-065/Refog_Landing.jpeg","220602/RefogPersonalMonitor-191101/9.3.1.3900/Images/ACR-065/Refog_InternalOffer.jpeg"],"guid":"d28b1ae0-441b-41b6-979f-fe81e395b79d_9.3.1.3900_1","appID":"RefogPersonalMonitor-191101","dateAdded":"230328","deceptorType":"App","name":"Refog Personal Monitor","company":"Refog","version":"9.3.1.3900","lastKnownStatus":"Deceptor:9.1.0.3510;9.2.5.3700;9.3.0.3810;9.3.1.3900;9.3.3.3900","lastKnownDate":"230328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-03-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1067},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily. The app also offers options to hide its process in the Task Manager, files, and hide itself during startup, which makes the targeted customer unaware of the app and unable to disable or close the app.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not provide explicit notification to the targeted consumer. The app can then only be reopened with a hotkey.\n\n","ACR-084":"The app provides a way for the installing consumer to hide the app from the targeted consumer in the Task Manager, installed app list, hide files, and hide at Windows Startup. And the app requires a hotkey and password to open it.\n","ACR-086":"The app requires a password to open the app which allows it to hide how it collects user data from the targeted consumer.\n","ACR-097":"The app adds itself to the Windows Defender exclusion list to evade the default system security guard.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-040":"The app is not installed in a standard location and does not have an identifiable name in the install location.\n","ACR-065":"The app's landing page does not contain links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe app's internal offers does not contain links to the app's EULA and Returns and Cancellation Policy.\nThe app's install page does not contain links to the Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe app's about page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n","ACR-099":"The app's about page does not contain to links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's internal offers does not contain links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app's landing page contains endorsements with no links to original source and therefore are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\rk__free__install_302.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6f12b81f9c8c1a63fd3d2de19abe0fae","hashSHA1":"fde4557585a33b9c31429b336203652f45a73d56","hashSHA256":"46daa1444c0305ef1b691380afd049b7e3868b46aeb9e74a5f7ac43d81b726b6","digitalCertThumbprint":"8C43862582D358F3E68C3B9B401CFB06B3FD6C74","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Logixoft","storeId":"","sourceIndex":"1191","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"C:\\Windows\\System32\\rvlkl.exe","companyName":"Logixoft","productName":"Revealer Free","productVersion":"3.0.2.0","fileVersion":"3.0.2.0","hashMD5":"b09c3b6b4eea27786b99038235d4164f","hashSHA1":"188ecc021e33d2eb71873b9eadf0e985888e0fc1","hashSHA256":"f92362ca925cc4b6cbc3bd9a236fdd66450a0ad08be9c67106de56e04e82670d","digitalCertThumbprint":"8C43862582D358F3E68C3B9B401CFB06B3FD6C74","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Logixoft","storeId":"","sourceIndex":"1191","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.logixoft.com/en-us/index","directDownloadingLink":"https://www.logixoft.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.logixoft.com/download","sourceIndex":"1191"}],"sampleFiles":["230321/RevealerKeylogger-191101/3.02/Samples/rk__free__install_302.exe"],"imageFiles":["230321/RevealerKeylogger-191101/3.02/Images/ACR-048/ACR-048.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-048/ACR-048_1.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-048/ACR-048_2.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-007/ACR-007.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-007/ACR-007_1.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-007/ACR-007_2.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-007/ACR-007_3.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-007/ACR-007_4.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-084/ACR-084.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-084/ACR-084_1.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-084/ACR-084_2.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-084/ACR-084_3.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-086/Revealer Keylogger_Interactions [7].png","230321/RevealerKeylogger-191101/3.02/Images/ACR-086/ACR-086.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-086/ACR-086_1.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-086/ACR-086_2.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-086/ACR-086_3.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-086/ACR-086_4.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-097/ACR-097.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["230321/RevealerKeylogger-191101/3.02/Images/ACR-040/ACR-040.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-065/ACR-065_LP.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-065/ACR-065_IO.jpg","230321/RevealerKeylogger-191101/3.02/Images/ACR-065/Revealer Keylogger_Install [1].png","230321/RevealerKeylogger-191101/3.02/Images/ACR-065/ACR-065_Software.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-161/ACR-161.jpg","230321/RevealerKeylogger-191101/3.02/Images/ACR-099/ACR-099_Software.JPG","230321/RevealerKeylogger-191101/3.02/Images/ACR-099/ACR-099_LP.jpg","230321/RevealerKeylogger-191101/3.02/Images/ACR-099/ACR-099_IO.jpg","230321/RevealerKeylogger-191101/3.02/Images/ACR-150/ACR-150.jpg"],"guid":"457fddf8-7f5c-4e63-87c7-1ed5ff8797f2_3.02_1","appID":"RevealerKeylogger-191101","dateAdded":"230321","deceptorType":"App","name":"Revealer Keylogger","company":"Logixoft","version":"3.02","lastKnownStatus":"Deceptor:2.2.6.0;3.01;3.02","lastKnownDate":"230321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:43.4045658+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1078},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily. The app also offers options to hide its process in the Task Manager, files, and hide itself during startup, which makes the targeted customer unaware of the app and unable to disable or close the app.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not provide explicit notification to the targeted consumer. The app can then only be reopened with a hotkey.\n\n","ACR-084":"The app provides a way for the installing consumer to hide the app from the targeted consumer in the Task Manager, installed app list, hide files, and hide at Windows Startup. And the app requires a hotkey and password to open it.\n","ACR-086":"The app requires a password to open the app which allows it to hide how it collects user data from the targeted consumer.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-038":"The application is installed in a directory that does not disclose the app's name, making it hard for the consumer to identify where it is located.\n","ACR-040":"The app is not installed in a standard location and does not have an identifiable name in the install location.\n","ACR-065":"The app's landing page does not contain links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe app's internal offers does not contain links to the app's EULA and Returns and Cancellation Policy.\nThe app's install page does not contains links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n","ACR-099":"The app's about page does not contain to links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's internal offers does not contain links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app's landing page contains endorsements with no links to original source and therefore are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"rkfree_setup_301_password_123.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3935c389ed8451df43c021cbb8dcd740","hashSHA1":"10810b87d883c4a006f4499d973610b95c14c2b6","hashSHA256":"d2ad1908d041d0b2b09d2ffb68d98881f0aff30b9055c6670aa623587ba35224","digitalCertThumbprint":"8C43862582D358F3E68C3B9B401CFB06B3FD6C74","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Logixoft, O=Logixoft, S=Bretagne, C=FR","sourceIndex":"1897","avBlockList":["360 Total Security (20211116)","Avast Premium Security (20211116)","AVG Internet Security (20211116)","Avira Internet Security (20211116)","Bitdefender Internet Security (20211116)","COMODO Antivirus (20211116)","ESET Internet Security (20211116)","G DATA INTERNET SECURITY (20211116)","K7 Total Security (20211116)","Kaspersky Internet Security (20211116)","McAfee Total Protection (20211116)","Norton Security (20211116)","Panda Dome (20211116)","Quick Heal Internet Security (20211116)","Sophos Home Premium (20211116)","SpyHunter5 (20211116)","Tencent PC Manager (20211116)","Total AV Antivirus Pro (20211116)","VIPRE Advanced Security (20211116)","VirIT eXplorer PRO (20211116)","Webroot SecureAnywhere (20211116)","Windows Defender (20211116)"],"avAllowList":["Dr.Web Security Space (20211116)","Malwarebytes Premium (20211116)","Trend Micro Internet Security (20211116)"]},{"isRevoked":"False","fileName":"rkfree_setup_301_password_123.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4907b3f1e4a02f159c8030da43d79083aa14f219f7c583a7844c41aa87880db9","sourceIndex":"1897","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rvlkl.exe","companyName":"Logixoft","fileVersion":"3.0","hashMD5":"fc3d29f5e5c7fca2f59f90a6d1094846","hashSHA1":"a1e3c5077b1f16a9313c2f69349e29d8c73e9055","hashSHA256":"ef93a5595cf87d57591b5169f5271ba2642f79d2bec306e67c60f0f89e10fad1","digitalCertThumbprint":"8C43862582D358F3E68C3B9B401CFB06B3FD6C74","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Logixoft, O=Logixoft, S=Bretagne, C=FR","sourceIndex":"1897","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.logixoft.com/index#","directDownloadingLink":"https://c119.pcloud.com/dHZOYIGqDZbWRNOTZZZm804v7Z2ZZ92RZkZ0PneXZxTUPMLCrLES4DfCxdNkUmhlbx0xk/rkfree_setup_301_password_123.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://c119.pcloud.com/dHZOYIGqDZbWRNOTZZZm804v7Z2ZZ92RZkZ0PneXZxTUPMLCrLES4DfCxdNkUmhlbx0xk/rkfree_setup_301_password_123.zip","sourceIndex":"1897"}],"sampleFiles":["210609/RevealerKeylogger-191101/3.01/Samples/rkfree_setup_301_password_123.exe","210609/RevealerKeylogger-191101/3.01/Samples/rkfree_setup_301_password_123.zip","210609/RevealerKeylogger-191101/3.01/Samples/rvlkl.exe"],"imageFiles":["210609/RevealerKeylogger-191101/3.01/Images/ACR-048/Revealer Keylogger_Interactions [6].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-048/Revealer Keylogger_ControlPanel [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-048/Revealer Keylogger_RunningProcess [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-007/Revealer Keylogger_Interactions [6].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-007/Revealer Keylogger_Interactions [7].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-007/Revealer Keylogger_ControlPanel [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-007/Revealer Keylogger_Interactions [9].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-007/Revealer Keylogger_Interactions [8].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-084/Revealer Keylogger_Interactions [6].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-084/Revealer Keylogger_Interactions [7].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-084/Revealer Keylogger_Interactions [8].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-086/Revealer Keylogger_Interactions [5].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-086/Revealer Keylogger_Interactions [6].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-086/Revealer Keylogger_Interactions [7].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-086/Revealer Keylogger_Interactions [8].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-086/Revealer Keylogger_Interactions [9].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-116/Revealer Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210609/RevealerKeylogger-191101/3.01/Images/ACR-038/Revealer Keylogger_Files [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-038/Revealer Keylogger_Files [2].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-040/Revealer Keylogger_Files [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-040/Revealer Keylogger_Files [2].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-065/Revealer Keylogger_LandingPage [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-065/Revealer Keylogger_OfferPage [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-065/Revealer Keylogger_Install [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-065/Revealer Keylogger_About [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-161/Revealer Keylogger_LandingPage [2].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-099/Revealer Keylogger_About [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-099/Revealer Keylogger_LandingPage [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-099/Revealer Keylogger_OfferPage [1].png","210609/RevealerKeylogger-191101/3.01/Images/ACR-150/Revealer Keylogger Landing Page.png"],"guid":"457fddf8-7f5c-4e63-87c7-1ed5ff8797f2_3.01_1","appID":"RevealerKeylogger-191101","dateAdded":"230321","deceptorType":"App","name":"Revealer Keylogger","company":"Logixoft","version":"3.01","sigName":"Deceptor:Win32/RevealerKeylogger!048007084086116","lastKnownStatus":"Deceptor:2.2.6.0;3.01;3.02","lastKnownDate":"230321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-03-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1079},{"violations":{"ACR-048":"The app does not show up in the list of installed apps in the Control Panel, preventing it from being uninstalled easily. The app also offers options to hide its process in the Task Manager, files, and hide itself during startup, which makes the targeted customer unaware of the app and unable to disable or close the app.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not provide explicit notification to the targeted consumer.\n","ACR-084":"The app provides a way for the installing consumer to hide the app from the targeted consumer in the Task Manager, installed app list, hide files, and hide at Windows Startup.\n","ACR-086":"The app does not inform the targeted customer what data it is collecting and to whom it is transmitting data.\n","ACR-116":"The app cannot be uninstall via platform standard features because it is not in the installed apps list.\n"},"nonDeceptorViolations":{"ACR-038":"The application is installed in a directory that does not disclose the app's name, making it hard for the consumer to identify where it is located.\n","ACR-040":"The app is not installed in a standard location and does not have an identifiable name in the install location.\n","ACR-065":"The app's landing page does not contain links to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe app's internal offers does not contain links to the app's EULA and Returns and Cancellation Policy.\nThe app's install page does not contains links to the Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The app's landing page contains testimonials with no links to the source so they can be verified.\n","ACR-099":"The app's about page does not contain to links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's internal offers does not contain links to uninstall information.\n","ACR-167":"There is no returns and cancellations policy.\n","ACR-150":"The app's landing page contains endorsements with no links to original source and therefore are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"rkfree_setup_2.26_password_123.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a1757120f75a4e11fb31cd2b58181f11","hashSHA1":"f504518b3c2715e7a80b3212a44c6c443bc5b28c","hashSHA256":"f8b3e652711d35dbdf8cab797a319588a3d0934c89f5491cfa4efe9641711b87","digitalCertThumbprint":"606E3C9552BD3A0464FF7DFEF3E929D8292944C7","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Logixoft, O=Logixoft, S=Bretagne, C=FR","sourceIndex":"2608","avBlockList":["360 Total Security (20210622)","Avast Internet Security (20191212)","AVG Internet Security (20210622)","Avira Internet Security (20210622)","Bitdefender Internet Security (20210622)","COMODO Antivirus (20210622)","ESET Internet Security (20210622)","G DATA INTERNET SECURITY (20210622)","K7 Total Security (20210622)","Kaspersky Internet Security (20210622)","Malwarebytes Premium (20210622)","McAfee Total Protection (20210622)","Norton Security (20210622)","Panda Dome (20210622)","Quick Heal Internet Security (20210622)","Sophos Home Premium (20210622)","Tencent PC Manager (20210622)","Trend Micro Internet Security (20210622)","VIPRE Advanced Security (20210622)","VirIT eXplorer PRO (20210622)","Webroot SecureAnywhere (20210622)","Windows Defender (20210622)","Avast Premium Security (20210622)","SpyHunter5 (20210622)","Total AV Antivirus Pro (20210622)"],"avAllowList":["Dr.Web Security Space (20210622)"]},{"isRevoked":"False","fileName":"rvlkl.exe","companyName":"Logixoft","productVersion":"2.2.6.0","fileVersion":"2.2","hashMD5":"e6b1fc5d7951003d8794379d47bfb6ff","hashSHA1":"0c61441029201c901d2b8c8a6a5787b8daeda79f","hashSHA256":"e00a6e5143489fc3c133abbc0943f208083a312622b0468c0614dacaa8ecc446","digitalCertThumbprint":"606E3C9552BD3A0464FF7DFEF3E929D8292944C7","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Logixoft, O=Logixoft, S=Bretagne, C=FR","sourceIndex":"2608","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.logixoft.com/index#","directDownloadingLink":"https://mega.nz/#!d8M3HKAZ!hlE7_AkdZJAZP4Q_sKCtOfIhjBv2QVkbEhzbqJ3Efvg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/#!d8M3HKAZ!hlE7_AkdZJAZP4Q_sKCtOfIhjBv2QVkbEhzbqJ3Efvg","sourceIndex":"2608"}],"sampleFiles":["191111/RevealerKeylogger-191101/2.2.6.0/Samples/rkfree_setup_2.26_password_123.exe","191111/RevealerKeylogger-191101/2.2.6.0/Samples/rvlkl.exe"],"imageFiles":["191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-048/Revealer Keylogger ACR-048.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-048/Revealer Keylogger .png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-007/Revealer Keylogger ACR-007.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-007/Control Panel Uninstall.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-007/Revealer Keylogger Software.gif","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-084/Revealer Keylogger .png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-084/Installed Apps List.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-086/Revealer Keylogger Settings.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-116/Control Panel Uninstall.png"],"nonDeceptorImageFiles":["191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-038/Revealer Keylogger ACR-038.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-040/Revealer Keylogger ACR-040.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-065/Revealer Keylogger Bottom of Landing Page.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-065/Revealer Keylogger Internal Offers Page.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-065/Revealer Keylogger Install.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-065/Revealer Keylogger About Page.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-161/Revealer Keylogger Landing Page.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-099/Revealer Keylogger About Page.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-099/Revealer Keylogger Bottom of Landing Page.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-099/Revealer Keylogger Internal Offers Page.png","191111/RevealerKeylogger-191101/2.2.6.0/Images/ACR-150/Revealer Keylogger Landing Page.png"],"guid":"457fddf8-7f5c-4e63-87c7-1ed5ff8797f2_2.2.6.0_1","appID":"RevealerKeylogger-191101","dateAdded":"230321","deceptorType":"App","name":"Revealer Keylogger","company":"Logixoft","version":"2.2.6.0","sigName":"Deceptor:Win32/RevealerStalkerware!007048084-86116","lastKnownStatus":"Deceptor:2.2.6.0;3.01;3.02","lastKnownDate":"230321","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2023-03-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1080},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-043":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-099":"The app's  About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.  \n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.6.34.315","fileVersion":"6.6.34.315","hashMD5":"652e2a92e8283948cc071ed0c5c81969","hashSHA1":"a33936f3daf89c71070aa50df19c732d86ce0c86","hashSHA256":"6264c70db2be899daba688b675537d9dd38bfb11e70150f721796fbb76fea583","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1715","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeTorrentDownload_1.0.73.1027_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Torrent Download","productVersion":"1.0.73.1027","fileVersion":"1.0.73.1027","hashMD5":"5fe171bcaa7ca51cce75162e51bb3423","hashSHA1":"68bc11dfa650036acbddb1559e15f69c8c4ef689","hashSHA256":"68b4701147385bd0f9107a6553c7625aba55bd8160f047baf2d1aaf7ba60fe49","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1715","avBlockList":["Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","Dr.Web Security Space (20220215)","K7 Total Security (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","Sophos Home Premium (20220215)","SpyHunter5 (20220215)","Total AV Antivirus Pro (20220215)","VirIT eXplorer PRO (20220215)","Webroot SecureAnywhere (20220215)","Windows Defender (20220215)"],"avAllowList":["360 Total Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","Kaspersky Internet Security (20220215)","Malwarebytes Premium (20220215)","Quick Heal Internet Security (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20220215)","VIPRE Advanced Security (20220215)"]},{"isRevoked":"False","fileName":"FreeTorrentDownload.exe","companyName":"DVDVideoSoft Ltd.","productName":"Free Torrent Download","productVersion":"1.0.73.1027","fileVersion":"1.0.73.1027","hashMD5":"d72bc5197d198584c1144adb78d2bc66","hashSHA1":"f409d8d2acc7e046ab232813ea08fcc91f895c92","hashSHA256":"1505f866ea9cb0f5c5d3c4573c2751ee00e1870fc09d15ec1a27c8ca995a7583","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1715","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Torrent-Downloader.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeTorrentDownload.exe&ls=topButton","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeTorrentDownload.exe&ls=topButton","sourceIndex":"1715"}],"sampleFiles":["220207/FreeTorrentDownload-220204/1.0.73.1027/Samples/FreeStudioManager.exe","220207/FreeTorrentDownload-220204/1.0.73.1027/Samples/FreeTorrentDownload_1.0.73.1027_o.exe","220207/FreeTorrentDownload-220204/1.0.73.1027/Samples/FreeTorrentDownload.exe"],"imageFiles":["220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-109/FreeStudioManager Install.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-039/FreeStudioManager Install.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-043/FreeStudioManager Install.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-048/FreeStudioManager x Control Panel.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-017/UAC.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-164/Offer Page.png"],"nonDeceptorImageFiles":["220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-044/FreeStudioManager Install.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-040/FreeStudioManager Install.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-065/EULA.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-065/About Page.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-065/Landing Page.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-065/Offer Page.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-099/About Page.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-099/Landing Page.png","220207/FreeTorrentDownload-220204/1.0.73.1027/Images/ACR-099/Offer Page.png"],"guid":"470bb6ed-29c3-4714-8d09-4d177591de51_1.0.73.1027_1","appID":"FreeTorrentDownload-220204","dateAdded":"230320","deceptorType":"App","name":"Free Torrent Download","company":"Digital Wave Ltd","version":"1.0.73.1027","lastKnownStatus":"1.0.73.1027;1.0.75.907","lastKnownDate":"230320","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-03-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1082},{"violations":{"ACR-043":"1. The \"Free Torrent Download\" app's components get dropped in a single click without asking the user's permission and disclosing the installation path.\n2. The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent and does not disclose relevant license information about 'FFmPeg'.\n","ACR-107":"The app does not disclose relevant license information about 'FFmPeg'.\n","ACR-007":"The application logo is way too similar to the windows logo, a misleading representation of the app source.\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-084":"On closing the app, it doesn't exit completely. It runs silently in the background, hiding that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent also not disclosed the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-040":"The app did not disclose components of \"FreeStudioManager\" are installed in the non standard, non common folder.\n","ACR-065":"The app does not display links to the Returns and Cancellation Policy, Privacy Policy. \n","ACR-099":"The app's  About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DVDVideoSoft\\Free Torrent Download\\FreeTorrentDownload.exe","companyName":"DVDVideoSoft Ltd.","productName":"Free Studio","productVersion":"1.0.75.907","fileVersion":"1.0.75.907","hashMD5":"bfac3941a9127094ae6fe9681a18b9f1","hashSHA1":"8259b4cd7126e9c6b90994be5f7328ec3df81bd4","hashSHA256":"7f94a5ad28aaeff7705dac9ff745e6bcd3ee49f686a9893a10f836050ae4e3df","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1192","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeTorrentDownload_1.0.75.907_d.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Torrent Download (SC)                                  ","productVersion":"1.0.75.907                                        ","fileVersion":"1.0.75.907          ","hashMD5":"3e24ca038dcf5658c4e6ab0c29ff44b0","hashSHA1":"1158e6e5873fd4a9797d77023fa470760dfac6b6","hashSHA256":"ddef3cdcf12a256d3ec95de9b1aae4ba93da3db40074c02b474e984532c06cc7","digitalCertThumbprint":"C644B30CB1377BB542DE7BA6D74E7625F8C3B18B","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Digital Wave Ltd","storeId":"","sourceIndex":"1192","avBlockList":["360 Total Security (20230404)","Avira Internet Security (20230404)","K7 Total Security (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Avast Premium Security (20230404)","AVG Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","Trend Micro Internet Security (20230404)","VIPRE Advanced Security (20230404)"]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Torrent-Downloader.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeTorrentDownload.exe&ls=topButton","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeTorrentDownload.exe&ls=topButton","sourceIndex":"1192"}],"sampleFiles":["230320/FreeTorrentDownload-220204/1.0.75.907/Samples/FreeTorrentDownload_1.0.75.907.exe"],"imageFiles":["230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-039/ACR-039.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-043/ACR-043.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-043/ACR-043_1.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-043/ACR-043_2.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-107/ACR-107.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-007/ACR-007.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-017/UAC.png","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-084/ACR-084.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-040/ACR-040.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-065/ACR-065_Software.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-099/ACR-099_Software.JPG","230320/FreeTorrentDownload-220204/1.0.75.907/Images/ACR-099/ACR-099.jpg"],"guid":"470bb6ed-29c3-4714-8d09-4d177591de51_1.0.75.907_1","appID":"FreeTorrentDownload-220204","dateAdded":"230320","deceptorType":"App","name":"Free Torrent Download","company":"Digital Wave Ltd","version":"1.0.75.907","lastKnownStatus":"1.0.73.1027;1.0.75.907","lastKnownDate":"230320","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:43.4343624+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1081},{"violations":{"ACR-003":"The app identifies 488 MB of cache files for the following apps \"Ex: Brave, Facebook, Firefox and Subway Surf\" but, when viewed in app settings for these apps the total cache is 90 MB, thus the app exaggerates the identified results\n","ACR-103":"Upon clicking start button, the app suggests cleaning up \"3146 MB\" of junk/cache. After completing junk clean it says “Scanned 3146 MB”,  in app settings it displays same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"1. The app suggests cleaning up \"3146 MB\" of junk/cache. After completing junk clean it says “Scanned 3146 MB”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n2. The app identifies 488 MB of cache files for the following apps \"Ex: Brave, Facebook, Firefox and Subway Surf\" but, when viewed in app settings for these apps the total cache is 90 MB, thus the app exaggerates the identified results\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.cacheclean.cleanapp.cacheappclean.apk","isInstaller":"True","companyName":"liiamavincommissioni","productName":"Phone: Cache and junk cleaner","productVersion":"90.6.5","fileVersion":"90.6.5","hashMD5":"b23d263b925e22b25814e0744bdce915","hashSHA1":"1fc40d95113bdf2fb2e6d2094085973a2c934855","hashSHA256":"3f92d8babbef5b719799d946096c3caf791abd0e104c59932ff309591304c0a0","sourceIndex":"1193","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Junk cleaner","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.cacheclean.cleanapp.cacheappclean","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.cacheclean.cleanapp.cacheappclean","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.cacheclean.cleanapp.cacheappclean","sourceIndex":"1193"}],"sampleFiles":["230316/PhoneCacheandjunkcleaner-230309/90.6.5/Samples/com.cacheclean.cleanapp.cacheappclean.apk"],"imageFiles":["230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning3.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_PreScan(Start).jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Scan_Result2.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning3.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-003/ACR-003_Software_PreScan.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-003/ACR-003_Software_Scan_Result.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-003/ACR-003_Software_Scan_Result1.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-003/ACR-003_Software_Scan_Result2.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data1.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data2.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data3.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning3.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_PReScan(Start).jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Scan_Result2.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg","230316/PhoneCacheandjunkcleaner-230309/90.6.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning3.jpg"],"nonDeceptorImageFiles":[],"guid":"4aa472a5-4e3f-4460-bd72-74aadf6208ce_90.6.5_1","appID":"PhoneCacheandjunkcleaner-230309","dateAdded":"230316","deceptorType":"Android App","name":"Phone Cache and junk cleaner","company":"liiamavincommissioni","version":"90.6.5","lastKnownStatus":"90.6.5","lastKnownDate":"230316","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-17T06:03:17.5536403+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1083},{"violations":{"ACR-042":"The additional apps are set to install by default without presenting EULA to obtain user's agreement and permission at installation. The additional software are presented as \"components\" instead of Optional Offer.\nThe additional apps are set to install by default without presenting EULA to obtain user's agreement and permission at installation. \n","ACR-118":"When the consumer attempts to completely uninstall the app, the additional software presented as components are left installed in the system without notification.\n","ACR-055":"Accept and Decline options are not made obvious for the Offer that is not directly related to the main app.\n","ACR-059":"Additional software are presented as optional components instead of \"optional offers\" and are set to install by default.\n","ACR-155":"The optional offer is designed to look like part of the install workflow. The offers requires the user to uncheck a checkbox in order to decline the offers. Unchecking the preselected item for installation is not a straightforward option for decline. Accept and Decline options should be made obvious for  Optional Offers.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the startup item after uninstallation.\n"},"samples":[{"isRevoked":"False","fileName":"ALLPlayer.exe","companyName":"ALLPlayer","productName":"ALLPlayer","fileVersion":"8.9.4.0","hashMD5":"e9a1077087f49f689e3279b3bd4829fb","hashSHA1":"89df18165670f7beff046fa28383a2dc89e7877c","hashSHA256":"10173b6fb6f79bea976cfbd4d9e136f8f9233ead38ed11e2031dd25039eabc53","digitalCertThumbprint":"DCD0A8966A9BCCF1CC617D522C65C723279727A8","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=info@allplayer.org, CN=ALLPlayer Group sp. z o.o., O=ALLPlayer Group sp. z o.o., S=łódzkie, C=PL","sourceIndex":"1194","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ALLPlayerEN.exe","isInstaller":"True","companyName":"ALLPlayer Ltd.                                              ","productName":"ALLPlayer","fileVersion":"8.9.4           ","hashMD5":"64fafa1c9a22db6141f4aa6c7a071bad","hashSHA1":"9257599dc0fc433bbcaf9ee7fc1c3eebebf89dc6","hashSHA256":"67702e7f08f41a268264199fda875aee710b5af7209491c6f9f132adf32f1568","digitalCertThumbprint":"DCD0A8966A9BCCF1CC617D522C65C723279727A8","digitalCertIssuer":"CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL","digitalCertIssuedTo":"E=info@allplayer.org, CN=ALLPlayer Group sp. z o.o., O=ALLPlayer Group sp. z o.o., S=łódzkie, C=PL","sourceIndex":"1194","avBlockList":["Avast Premium Security (20230323)","AVG Internet Security (20230323)","Avira Internet Security (20230323)","ESET Internet Security (20230323)","Norton Security (20230323)","Panda Dome (20230323)","Sophos Home Premium (20230323)","SpyHunter5 (20230323)","Total AV Antivirus Pro (20230323)","VirIT eXplorer PRO (20230323)"],"avAllowList":["360 Total Security (20230323)","Bitdefender Internet Security (20230323)","COMODO Antivirus (20230323)","Dr.Web Security Space (20230323)","G DATA INTERNET SECURITY (20230323)","K7 Total Security (20230323)","Kaspersky Internet Security (20230323)","Malwarebytes Premium (20230323)","McAfee Total Protection (20230323)","Quick Heal Internet Security (20230323)","Trend Micro Internet Security (20230323)","VIPRE Advanced Security (20230323)","Webroot SecureAnywhere (20230323)","Windows Defender (20230323)"]}],"additionalFiles":[],"sources":[{"howFound":"media players for windows","reference":"","landingPage":"https://www.allplayer.org/en/","directDownloadingLink":"https://allplayer.org/Download/ALLPlayer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://allplayer.org/Download/ALLPlayer.exe","sourceIndex":"1194"}],"sampleFiles":["230315/ALLPlayer-230314/8.9.4.0/Samples/ALLPlayer.exe","230315/ALLPlayer-230314/8.9.4.0/Samples/ALLPlayerEN.exe"],"imageFiles":["230315/ALLPlayer-230314/8.9.4.0/Images/ACR-055/ACR-055_059_155_042.jpg","230315/ALLPlayer-230314/8.9.4.0/Images/ACR-042/ACR-055_059_155_042.jpg","230315/ALLPlayer-230314/8.9.4.0/Images/ACR-042/Installed_Apps.jpg","230315/ALLPlayer-230314/8.9.4.0/Images/ACR-042/Installed_Software_1.jpg","230315/ALLPlayer-230314/8.9.4.0/Images/ACR-042/Installed_Software_2.jpg","230315/ALLPlayer-230314/8.9.4.0/Images/ACR-118/ACR-118_RetainedApps.jpg","230315/ALLPlayer-230314/8.9.4.0/Images/ACR-118/Installed_Apps.jpg","230315/ALLPlayer-230314/8.9.4.0/Images/ACR-059/ACR-055_059_155_042.jpg","230315/ALLPlayer-230314/8.9.4.0/Images/ACR-155/ACR-055_059_155_042.jpg"],"nonDeceptorImageFiles":["230315/ALLPlayer-230314/8.9.4.0/Images/ACR-123/ACR-123_ALLUpdateStartup_remain.jpg"],"guid":"742f0c70-7d96-4eaa-a009-249f44ecccb0_8.9.4.0_1","appID":"ALLPlayer-230314","dateAdded":"230315","deceptorType":"App","name":"AllPlayer","company":"ALLPlayer Ltd.","version":"8.9.4.0","lastKnownStatus":"8.9.4.0","lastKnownDate":"230315","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,sold in bundle","lastUpdate":"2023-03-15T22:35:45.0561771+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1084},{"violations":{"ACR-042":"The app does not present EULA to obtain user's agreement and permission at installation.\n","ACR-048":"It does not provide a way to close the window to completely exit the app after logging out.\n","ACR-007":"The app does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing at install.\nThe app does not obtain user explicit consent to reduce the consumer's security posture caused by resource sharing. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Simplify Smarter WiFi.exe","fileVersion":"1.1","hashMD5":"fa599a3c01db529a174a2d0d4661fd02","hashSHA1":"9e7b0a7f292e1b0d08bb97bb90f90a47d33eaff1","hashSHA256":"08805334933f40d863e6c275e8ae5b09c509b175a551d5ad57670a6c760e7ab4","digitalCertThumbprint":"006ABD7C5F518366C98331F01973377582B18BA6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Simplify Networks Sdn. Bhd., O=Simplify Networks Sdn. Bhd., S=Selangor, C=MY, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=MY, SERIALNUMBER=201601006477","sourceIndex":"1197","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Simplify.exe","isInstaller":"True","companyName":"Simplify Network","fileVersion":"1.1","hashMD5":"26a1447d38f75b086f3342f6f453a856","hashSHA1":"3b0a1ebf336d50536e8a546a68cedefe1340bed1","hashSHA256":"350a1801c064820067fee8a3500c8f3aeddd24d675599d7c38e87a64a1907292","digitalCertThumbprint":"006ABD7C5F518366C98331F01973377582B18BA6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Simplify Networks Sdn. Bhd., O=Simplify Networks Sdn. Bhd., S=Selangor, C=MY, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=MY, SERIALNUMBER=201601006477","sourceIndex":"1197","avBlockList":["360 Total Security (20230321)","Avast Premium Security (20230321)","AVG Internet Security (20230321)","Avira Internet Security (20230321)","Bitdefender Internet Security (20230321)","G DATA INTERNET SECURITY (20230321)","K7 Total Security (20230321)","Kaspersky Internet Security (20230321)","McAfee Total Protection (20230321)","Norton Security (20230321)","Panda Dome (20230321)","Quick Heal Internet Security (20230321)","Sophos Home Premium (20230321)","SpyHunter5 (20230321)","Total AV Antivirus Pro (20230321)","VIPRE Advanced Security (20230321)","VirIT eXplorer PRO (20230321)","Webroot SecureAnywhere (20230321)","Windows Defender (20230321)"],"avAllowList":["COMODO Antivirus (20230321)","Dr.Web Security Space (20230321)","ESET Internet Security (20230321)","Malwarebytes Premium (20230321)","Trend Micro Internet Security (20230321)"]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing app for windows","reference":"","landingPage":"https://simplify.network/","directDownloadingLink":"https://storage.googleapis.com/uberwifi.appspot.com/Installer%20exe/Simplify.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://storage.googleapis.com/uberwifi.appspot.com/Installer%20exe/Simplify.exe","sourceIndex":"1197"}],"sampleFiles":["230313/Simplify-230309/1.1.2.0/Samples/Simplify Smarter WiFi.exe","230313/Simplify-230309/1.1.2.0/Samples/Simplify.exe"],"imageFiles":["230313/Simplify-230309/1.1.2.0/Images/ACR-042/ACR-042_Install.jpg","230313/Simplify-230309/1.1.2.0/Images/ACR-007/ACR-007_NoExplicitConsent.jpg","230313/Simplify-230309/1.1.2.0/Images/ACR-007/ACR-007_PP.jpg","230313/Simplify-230309/1.1.2.0/Images/ACR-007/ACR-042_Install.jpg","230313/Simplify-230309/1.1.2.0/Images/ACR-048/ACR-048_ExitApp.jpg","230313/Simplify-230309/1.1.2.0/Images/ACR-007/ACR-007_NoExplicitConsent.jpg","230313/Simplify-230309/1.1.2.0/Images/ACR-007/ACR-007_PP.jpg"],"nonDeceptorImageFiles":[],"guid":"3f91a723-b6d2-4fa3-9cb2-7bb77d7deee1_1.1.2.0_1","appID":"Simplify-230309","dateAdded":"230313","deceptorType":"App","name":"Simplify","company":"Simplify Network","version":"1.1.2.0","lastKnownStatus":"1.1.2.0","lastKnownDate":"230313","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2023-03-13T23:15:14.1536459+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1085},{"violations":{"ACR-103":"The app suggests cleaning up \"477.86 MB\" of junk/cache. After completing junk clean it says “Free Up 429.76”,  in app settings it displays same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"477.86 MB\" of junk/cache. After completing junk clean it says “Free Up 429.76 MB”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.foqii.phone.security.virus.cleaner.antivirus.apk","isInstaller":"True","companyName":"Foqii Pte. Ltd.","productName":"Phone Security, Virus Cleaner","productVersion":"1.0.34","fileVersion":"1.0.34","hashMD5":"a144f123ef12a464e574090d17a8411f","hashSHA1":"2f1cffcba8c1d47ec2dff3bd69d5df9d8ca1427b","hashSHA256":"21bb3b2597e4e3babca0e4c6ba6dfa8963b39826ff9800d44b8f03626026103d","sourceIndex":"1195","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Junk Cleaner","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.foqii.phone.security.virus.cleaner.antivirus","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.foqii.phone.security.virus.cleaner.antivirus","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.foqii.phone.security.virus.cleaner.antivirus","sourceIndex":"1195"}],"sampleFiles":["230313/PhoneSecurityVirusCleaner-230309/1.0.34/Samples/com.foqii.phone.security.virus.cleaner.antivirus.apk"],"imageFiles":["230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230313/PhoneSecurityVirusCleaner-230309/1.0.34/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"c92e112c-c7df-404e-9eba-a2212666b033_1.0.34_1","appID":"PhoneSecurityVirusCleaner-230309","dateAdded":"230313","deceptorType":"Android App","name":"Phone Security, Virus Cleaner","company":"Foqii Pte. Ltd.","version":"1.0.34","lastKnownStatus":"1.0.34","lastKnownDate":"230313","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-13T23:20:10.6836402+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1086},{"violations":{"ACR-103":"The app suggests cleaning up \"495.29 MB\" of junk/cache. After completing junk clean it says “Free up 446.16 MB”,  in app settings it displays same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"495.29 MB\" of junk/cache. After completing junk clean it says “Free up 446.16 MB”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.foqii.phone.clean.booster.cleaner.master.apk","isInstaller":"True","companyName":"Foqii Pte. Ltd.","productName":"Phone Clean: Cleaner & Booster","productVersion":"1.0.49","fileVersion":"1.0.49","hashMD5":"79a963e2b08b08dd23d86f086cfe03af","hashSHA1":"3a20e04f3d406115dc9f5b904ecb7441803931ba","hashSHA256":"13f917fb568fa6a66960aef0181969a74ab8d6108d49ba9521f6750a76aa4be4","sourceIndex":"1196","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Junk Cleaner","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.foqii.phone.clean.booster.cleaner.master","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.foqii.phone.clean.booster.cleaner.master","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.foqii.phone.clean.booster.cleaner.master","sourceIndex":"1196"}],"sampleFiles":["230313/PhoneCleanCleanerBooster-230309/1.0.49/Samples/com.foqii.phone.clean.booster.cleaner.master.apk"],"imageFiles":["230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230313/PhoneCleanCleanerBooster-230309/1.0.49/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"ba3382c3-db96-4648-ba0d-320b778de0a5_1.0.49_1","appID":"PhoneCleanCleanerBooster-230309","dateAdded":"230313","deceptorType":"Android App","name":"Phone Clean: Cleaner & Booster","company":"Foqii Pte. Ltd.","version":"1.0.49","lastKnownStatus":"1.0.49","lastKnownDate":"230313","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-13T23:18:09.3993982+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1087},{"violations":{"ACR-042":"The components get installed prior to obtaining the user's agreement and permission.\n","ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-007":"The app does not obtain user explicit consent to reduce the consumer's security posture caused by using the user's bandwidth/IP. \n\n","ACR-084":"The app continues to run related processes in the background after closing it. It runs on system tray without notifying the user.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MysteriumVPN.exe","companyName":"Mysterium Network","fileVersion":"10.14","hashMD5":"5514c9a23f56f6d4e34005a96465fd95","hashSHA1":"e5b3abfc76d87a9de1f569a05c3d9d18c0aa998f","hashSHA256":"6d8c3e480baab077d102e98e37dbe62c56da08e9f0a4661feb82c8d66c843bb8","digitalCertThumbprint":"5AD8BD04B197850CF29D7D913692AE2F994F57D2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=NetSys Inc, O=NetSys Inc, S=Panamá, C=PA","sourceIndex":"1200","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MysteriumVPN-Setup-10.14.4.exe","isInstaller":"True","companyName":"Mysterium Network","fileVersion":"10.14","hashMD5":"486843b9e7b463c9cffebdb0cfb72442","hashSHA1":"1d506ca429cb3f20029ad2f7b81f79c624358335","hashSHA256":"d97c0ba16c5371fa9c1844bccb0cf2ec59f34f9d9d3667525bbfcdbdb4044b12","digitalCertThumbprint":"5AD8BD04B197850CF29D7D913692AE2F994F57D2","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=NetSys Inc, O=NetSys Inc, S=Panamá, C=PA","sourceIndex":"1200","avBlockList":["360 Total Security (20230321)","Avira Internet Security (20230321)","ESET Internet Security (20230321)","G DATA INTERNET SECURITY (20230321)","K7 Total Security (20230321)","Kaspersky Internet Security (20230321)","McAfee Total Protection (20230321)","Norton Security (20230321)","Panda Dome (20230321)","Quick Heal Internet Security (20230321)","Sophos Home Premium (20230321)","SpyHunter5 (20230321)","Total AV Antivirus Pro (20230321)","VirIT eXplorer PRO (20230321)","Webroot SecureAnywhere (20230321)"],"avAllowList":["Avast Premium Security (20230321)","AVG Internet Security (20230321)","Bitdefender Internet Security (20230321)","COMODO Antivirus (20230321)","Dr.Web Security Space (20230321)","Malwarebytes Premium (20230321)","Trend Micro Internet Security (20230321)","VIPRE Advanced Security (20230321)","Windows Defender (20230321)"]}],"additionalFiles":[],"sources":[{"howFound":"bandwidth sharing app for windows","reference":"","landingPage":"https://www.mysteriumvpn.com","directDownloadingLink":"https://github.com/mysteriumnetwork/mysterium-vpn-desktop/releases/download/10.14.4/MysteriumVPN-Setup-10.14.4.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://github.com/mysteriumnetwork/mysterium-vpn-desktop/releases/download/10.14.4/MysteriumVPN-Setup-10.14.4.exe","sourceIndex":"1200"}],"sampleFiles":["230308/MysteriumVPN-230307/10.14.4/Samples/MysteriumVPN.exe","230308/MysteriumVPN-230307/10.14.4/Samples/MysteriumVPN-Setup-10.14.4.exe"],"imageFiles":["230308/MysteriumVPN-230307/10.14.4/Images/ACR-042/ACR-042_InstalledPriortoAgreement.jpg","230308/MysteriumVPN-230307/10.14.4/Images/ACR-048/ACR-048_UnabletoCancelInstall.jpg","230308/MysteriumVPN-230307/10.14.4/Images/ACR-084/ACR-084_BackgroundProcesses.jpg","230308/MysteriumVPN-230307/10.14.4/Images/ACR-007/ACR-007_NoExplicitPotentialRiskNotif.jpg","230308/MysteriumVPN-230307/10.14.4/Images/ACR-007/ACR-007_NoExplicitPotentialRiskNotif_p2p.jpg","230308/MysteriumVPN-230307/10.14.4/Images/ACR-118/ACR-118_RetainedComponents.jpg"],"nonDeceptorImageFiles":[],"guid":"a207a66a-7173-4cba-8e15-259136c61882_10.14.4_1","appID":"MysteriumVPN-230307","dateAdded":"230308","deceptorType":"App","name":"Mysterium VPN","company":"Mysterium Network","version":"10.14.4","lastKnownStatus":"10.14.4","lastKnownDate":"230308","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,paid","lastUpdate":"2023-03-09T01:08:55.9666748+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1088},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n\n\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-017":"The application's internal offer page elevates its consumer trust level by displaying unverifiable logos.\n","ACR-084":"1. The app uses a hotkey and password to hide its presence.\n2. The app is installed in a hidden folder in the Program Files Directory\n\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\nThe app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a hidden Folder in Program Files Directory as “SP”\n","ACR-065":"The install does not display link for Returns and Cancellation Policy, Privacy Policy information. \nThe application does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe internal offer page does not display link for the Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App's version is not consistent between App interaction and installs\n\n\n1.\tThe App's version is not consistent between App interaction and installs\n2.\tThe App shows different name as \"setup.exe” in the running process section.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"setup_.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"834c60e70a1d32424c2ba56b9b13ba27","hashSHA1":"dadae2816a64b0721826371b5d56986e350c5b30","hashSHA256":"eebce9987cddfbe9b34d09a39f7e720bddf8a7df2c1c3bcfabe4d6e2f8231ea1","sourceIndex":"270","avBlockList":["360 Total Security (20211011)","Avast Premium Security (20211011)","AVG Internet Security (20211011)","Avira Internet Security (20211011)","Bitdefender Internet Security (20211011)","COMODO Antivirus (20211011)","Dr.Web Security Space (20211011)","ESET Internet Security (20211011)","G DATA INTERNET SECURITY (20211011)","K7 Total Security (20211011)","Kaspersky Internet Security (20211011)","Malwarebytes Premium (20211011)","McAfee Total Protection (20211011)","Norton Security (20211011)","Panda Dome (20211011)","Quick Heal Internet Security (20211011)","Sophos Home Premium (20211011)","SpyHunter5 (20211011)","Tencent PC Manager (20211011)","Total AV Antivirus Pro (20211011)","Trend Micro Internet Security (20211011)","VIPRE Advanced Security (20211011)","VirIT eXplorer PRO (20211011)","Webroot SecureAnywhere (20211011)","Windows Defender (20211011)"],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","fileVersion":"10.109","hashMD5":"f49d1a1ae1f41b3e1904219b7bfaa48d","hashSHA1":"591c56056a14b2bdc78eff12cdceebc537cc639c","hashSHA256":"8710d6d5f6eb0689c40321ccc02598f5c084d8b91b056ca5f8b7e2652434e75f","sourceIndex":"270","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"cd6f7c5491d944a6e54d53e4f04546d089f77dafdb3ae474befc71f1b6313126","sourceIndex":"270","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup[2_].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3c0380a14c6029143fb5376002d5c65b","hashSHA1":"f57b69367465dca8d018fee1eb985a477f6eade6","hashSHA256":"df96ed286b4f5dee53e2289e0c432c49be5cfc4b458a34172c75e1063426a93d","sourceIndex":"270","avBlockList":["360 Total Security (20211011)","Avast Premium Security (20211011)","AVG Internet Security (20211011)","Avira Internet Security (20211011)","Bitdefender Internet Security (20211011)","COMODO Antivirus (20211011)","ESET Internet Security (20211011)","G DATA INTERNET SECURITY (20211011)","K7 Total Security (20211011)","Kaspersky Internet Security (20211011)","Malwarebytes Premium (20211011)","McAfee Total Protection (20211011)","Norton Security (20211011)","Panda Dome (20211011)","Quick Heal Internet Security (20211011)","Sophos Home Premium (20211011)","SpyHunter5 (20211011)","Tencent PC Manager (20211011)","Total AV Antivirus Pro (20211011)","Trend Micro Internet Security (20211011)","VIPRE Advanced Security (20211011)","VirIT eXplorer PRO (20211011)","Webroot SecureAnywhere (20211011)","Windows Defender (20211011)"],"avAllowList":["Dr.Web Security Space (20211011)"]},{"isRevoked":"False","fileName":"setup[2].exe","fileVersion":"10.109","hashMD5":"817e47ef2588ca6c2044bb03d2d6632a","hashSHA1":"263f3b79483ce4095638ed990105c79abe3d02ea","hashSHA256":"7041f5af722de136837e3df0d6be564a6dfb4e3a1bfcb88706b1b6df73686459","sourceIndex":"270","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpypalSetup_setup.exe","isInstaller":"True","companyName":"Thinkertec                                                  ","fileVersion":"0.0","hashMD5":"82409c8d97f1511543b24dab8b54cb5b","hashSHA1":"231437b73be0ba74fd352f1dfab2bda1924fc05f","hashSHA256":"c9f350c59499698a9a59f0807b17739fb40adcec4844c0647ad009bf091f78ff","sourceIndex":"270","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","COMODO Antivirus (20230119)","ESET Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","K7 Total Security (20230119)","Kaspersky Internet Security (20230119)","Malwarebytes Premium (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Panda Dome (20230119)","Quick Heal Internet Security (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)","Webroot SecureAnywhere (20230119)","Windows Defender (20230119)"],"avAllowList":["Dr.Web Security Space (20230119)","Trend Micro Internet Security (20230119)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://thinkertec.com/","landingPage":"https://thinkertec.com/","directDownloadingLink":"http://3.4.thinkertec.com/3/setup.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://3.4.thinkertec.com/3/setup.zip","sourceIndex":"270"}],"sampleFiles":["230306/SpyPalKeylogger-201020/10.109.0/Samples/setup_.exe","230306/SpyPalKeylogger-201020/10.109.0/Samples/setup.exe","230306/SpyPalKeylogger-201020/10.109.0/Samples/setup.zip","230306/SpyPalKeylogger-201020/10.109.0/Samples/setup[2_].exe","230306/SpyPalKeylogger-201020/10.109.0/Samples/setup[2].exe","230306/SpyPalKeylogger-201020/10.109.0/Samples/SpypalSetup_setup.exe"],"imageFiles":["230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-084/SpyPalKeylogger_FileComponents [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-084/SpyPalKeylogger_Interactions [5] Password.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-084/SpyPalKeylogger_Interactions [6] HotKey.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-084/SpyPalKeylogger_Interactions [7] HotKey.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-086/SpyPalKeylogger_Interactions [5] Password.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-086/SpyPalKeylogger_Interactions [6] HotKey.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-086/SpyPalKeylogger_Interactions [7] HotKey.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-086/SpyPalKeylogger_Interactions [8].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-086/SpyPalKeylogger_Interactions [9].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-048/SpyPalKeylogger_Interactions [5] Password.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-048/SpyPalKeylogger_Interactions [6] HotKey.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-048/SpyPalKeylogger_Interactions [7] HotKey.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-007/SpyPalKeylogger_Interactions [4] Password.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-007/SpyPalKeylogger_Interactions [5] Password.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-007/SpyPalKeylogger_Interactions [6] HotKey.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-007/SpyPalKeylogger_Interactions [7] HotKey.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-116/SpyPalKeylogger_Uninstall [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-017/SpyPalKeylogger_OfferPage [1].png"],"nonDeceptorImageFiles":["230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-038/SpyPalKeylogger_FileProperty [2] Installer.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-038/SpyPalKeylogger_FileProperty [2] MainFile.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-040/SpyPalKeylogger_FileComponents [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-065/SpyPalKeylogger_Installs [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-065/SpyPalKeylogger_Installs [2].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-065/SpyPalKeylogger_Installs [3].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-002/SpyPalKeylogger_Installs [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-002/SpyPalKeylogger_About [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-092/SpyPalKeylogger_FileProperty [1] Installer.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-092/SpyPalKeylogger_FileProperty [1] MainFile.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-157/SpyPalKeylogger_FileProperty [1] Installer.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-157/SpyPalKeylogger_FileProperty [1] MainFile.png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-065/SpyPalKeylogger_About [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-002/SpyPalKeylogger_About [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-002/SpyPalKeylogger_Installs [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-002/SpyPalKeylogger_RunningProcess [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-065/SpyPalKeylogger_LandingPage [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-099/SpyPalKeylogger_LandingPage [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-017/SpyPalKeylogger_LandingPage [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-065/SpyPalKeylogger_OfferPage [1].png","230306/SpyPalKeylogger-201020/10.109.0/Images/ACR-099/SpyPalKeylogger_OfferPage [1].png"],"guid":"20158c97-24db-4426-bc7d-1db5158f1fc6_10.109.0_1","appID":"SpyPalKeylogger-201020","dateAdded":"230306","deceptorType":"App","name":"SpyPal Keylogger","company":"Thinkertec, Inc","version":"10.109.0","sigName":"Deceptor:Win32/SpyPalKeylogger!084086048007116017","lastKnownStatus":"Deceptor:10.109.0;11.111.1","lastKnownDate":"241218","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:15.5204805+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1089},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n\n\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-017":"The application's internal offer page elevates its consumer trust level by displaying unverifiable logos.\n","ACR-084":"1. The app uses a hotkey and password to hide its presence.\n2. The app is installed in a hidden folder in the Program Files Directory\n\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\nThe app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a hidden Folder in Program Files Directory as “SP”\n","ACR-065":"The install does not display link for Returns and Cancellation Policy, Privacy Policy information. \nThe application does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the Returns and Cancellation Policy, Privacy Policy information.\nThe internal offer page does not display link for the Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App's version is not consistent between App interaction and installs\n\n\n1. The App's version is not consistent between App interaction and installs\n2. The App shows a different name \"setup.exe” in the running process section.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SP\\setup.exe","companyName":"","productName":"0","productVersion":"11.111.0001","fileVersion":"11.111.0001","hashMD5":"6bb853bc9025b4d75a2b201f5e7f2668","hashSHA1":"431d02f78dd91de3c80985f872ac6a951099fc89","hashSHA256":"37d68af5c0198938a9c712f81a070df3345dba2746bca665d12a2b04f50ae848","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"271","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SP\\UManager.exe","companyName":"Ceramiche Ariostea","productName":"NTService","productVersion":"1.00","fileVersion":"1.00","hashMD5":"3024e79d4a4f1eaa7e3fb0ec0fdedc29","hashSHA1":"97b5bdcec2e1b5811934b7643c5104c5bebbec2e","hashSHA256":"e91b47671118a8507c6bfadf34409738020abd95c76a55ea73352abdbc3cd105","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"271","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"d7c10b3f9ffd0375ef9bd903d9adaefc","hashSHA1":"10d0d0f8f8f643168b79c994fc8da02f603a5f42","hashSHA256":"1686dac41b44cdf2167d315248b499b0ffe653d1e97fe70f5619fcb0c2baf941","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"271","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"","landingPage":"https://thinkertec.com/","directDownloadingLink":"https://thinkertec.com/trial.php?f=4","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://thinkertec.com/trial.php?f=4","sourceIndex":"271"}],"sampleFiles":["230306/SpyPalKeylogger-201020/11.111.1/Samples/setup.exe"],"imageFiles":["230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-084/ACR-084.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-084/ACR-084_1.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-084/ACR-084_2.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-084/ACR-084_3.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-086/ACR-086 (1).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-086/ACR-086 (2).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-086/ACR-086 (3).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-086/ACR-086 (4).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-086/ACR-086_4.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-086/ACR-086_5.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-048/SpyPalKeylogger_Interactions [7] HotKey.png","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-048/ACR-048 (1).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-048/ACR-048 (2).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-048/ACR-048 (3).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-007/SpyPalKeylogger_Interactions [5] Password.png","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-007/SpyPalKeylogger_Interactions [6] HotKey.png","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-007/ACR-007 (1).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-007/ACR-007 (2).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-007/ACR-007 (3).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-007/ACR-007.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-116/ACR-116.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-017/ACR-017_1.jpg"],"nonDeceptorImageFiles":["230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-038/ACR-038.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-038/ACR-038_1.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-040/ACR-040.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-065/ACR-065 (1).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-065/ACR-065 (2).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-065/ACR-065 (3).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-065/ACR-065 (4).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-002/ACR-002_1.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-002/ACR-002_2.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-092/ACR-092 (1).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-092/ACR-092 (2).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-157/ACR-157 (1).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-157/ACR-157 (2).JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-065/ACR-065.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-002/ACR-002.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-002/ACR-002_1.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-002/ACR-002_2.JPG","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-065/ACR-065_1.jpg","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-099/ACR-099.jpg","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-017/ACR-017.jpg","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-065/ACR-065-1.jpg","230306/SpyPalKeylogger-201020/11.111.1/Images/ACR-099/ACR-099_1.jpg"],"guid":"20158c97-24db-4426-bc7d-1db5158f1fc6_11.111.1_1","appID":"SpyPalKeylogger-201020","dateAdded":"230306","deceptorType":"App","name":"SpyPal Keylogger","company":"Thinkertec, Inc","version":"11.111.1","lastKnownStatus":"Deceptor:10.109.0;11.111.1","lastKnownDate":"241218","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:15.5529141+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1090},{"violations":{"ACR-103":"The app suggests cleaning up \"400 MB\" of junk/cache. After completing junk clean it says “Free Up 388 MB”,  in the app settings it displays the same size of cache data that can be cleaned (Ex: Brave, Pinterest, and Telegram). The app's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"400 MB\" of junk/cache. After completing junk clean it says “Free Up 388 MB”, when viewed in app settings it displays the same size of cache data that can be cleaned (Ex: Brave, Pinterest and Telegram), which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"phone.cleaner.speed.booster.cache.clean.android.master.apk","isInstaller":"True","companyName":"Super Cleaner Studio","productName":"\tPhone Cleaner- Cache Clean","productVersion":"1.3.26","fileVersion":"1.3.26","hashMD5":"469f2dfdbef3310b9c92bca04f852237","hashSHA1":"18c3ab1262fc91785900ff06df91a3e14b7a53a9","hashSHA256":"03464fb7829c5b0ae8cc915e28023c025c89273c4767e40d09d246d29216292a","sourceIndex":"1201","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=phone.cleaner.speed.booster.cache.clean.android.master","directDownloadingLink":"https://play.google.com/store/apps/details?id=phone.cleaner.speed.booster.cache.clean.android.master","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=phone.cleaner.speed.booster.cache.clean.android.master","sourceIndex":"1201"}],"sampleFiles":["230306/PhoneCleanerCacheClean-221110/1.3.26/Samples/phone.cleaner.speed.booster.cache.clean.android.master.apk"],"imageFiles":["230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230306/PhoneCleanerCacheClean-221110/1.3.26/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"e8726057-b6e5-44ce-99f4-2ce9899db568_1.3.26_1","appID":"PhoneCleanerCacheClean-221110","dateAdded":"230306","deceptorType":"Android App","name":"Phone Cleaner- Cache Clean","company":"Super Cleaner Studio","version":"1.3.26","lastKnownStatus":"1.3.23;1.3.26","lastKnownDate":"230306","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-07T05:19:45.7471946+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1091},{"violations":{"ACR-103":"The app suggests cleaning up \"55.89 MB\" of junk/cache. After completing junk clean it says “Finished”,  in app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"55.89 MB\" of junk/cache. After completing junk clean it says “Finished”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"phone.cleaner.speed.booster.cache.clean.android.master.apk","isInstaller":"True","fileVersion":"1.3.23","hashMD5":"cda59ee2db80a6fba4b2a42c78eef67a","hashSHA1":"805700a123fb1e617c2fb56bc07125c24f0e7232","hashSHA256":"c3035697b282f276a08b0797f138cb87b91de286c1dad0e38e1045bc1f4abfab","sourceIndex":"1331","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=phone.cleaner.speed.booster.cache.clean.android.master","directDownloadingLink":"https://play.google.com/store/apps/details?id=phone.cleaner.speed.booster.cache.clean.android.master","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=phone.cleaner.speed.booster.cache.clean.android.master","sourceIndex":"1331"}],"sampleFiles":["221110/PhoneCleanerCacheClean-221110/1.3.23/Samples/phone.cleaner.speed.booster.cache.clean.android.master.apk"],"imageFiles":["221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221110/PhoneCleanerCacheClean-221110/1.3.23/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"e8726057-b6e5-44ce-99f4-2ce9899db568_1.3.23_1","appID":"PhoneCleanerCacheClean-221110","dateAdded":"230306","deceptorType":"Android App","name":"Phone Cleaner- Cache Clean","company":"Super Cleaner Studio","version":"1.3.23","lastKnownStatus":"1.3.23;1.3.26","lastKnownDate":"230306","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-03-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1092},{"violations":{"ACR-103":"The app suggests cleaning up \"145 MB\" of junk/cache. After completing junk clean it says “FINISHED”,  in the app settings it displays the same size of cache data that can be cleaned (Ex: Brave, Facebook, and Firefox) and it identifies only 5 apps despite the fact that there are more than 20+ apps installed on the mobile. The app's value proposition can't be verified as it does not clean any junk/cache and not identifying all the installed apps under \"App Cache\"\n","ACR-014":"The app suggests cleaning up \"145 MB\" of junk/cache. After completing junk clean it says “FINISHED”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.cleaner.phone.booster.master.app.apk","isInstaller":"True","companyName":"Cleaner & Booster","productName":"Junk Cleaner - Phone Booster","productVersion":"1.2.7","fileVersion":"1.2.7","hashMD5":"4f105da16ab1bbd76267bc3b4fc29c6c","hashSHA1":"71b55d7175aa208fc357bd4fd5578fe556579157","hashSHA256":"186f770225abfb0c6ef6f3d6e3836986b466643c0b2c47fa978451a839f5b10d","sourceIndex":"1202","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on Junk Cleaner","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.cleaner.phone.booster.master.app","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.cleaner.phone.booster.master.app","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.cleaner.phone.booster.master.app","sourceIndex":"1202"}],"sampleFiles":["230306/JunkCleanerPhoneBooster-230306/1.2.7/Samples/com.cleaner.phone.booster.master.app.apk"],"imageFiles":["230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230306/JunkCleanerPhoneBooster-230306/1.2.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"c5b61816-3f9c-4df7-8a97-f6eaaf0bed8e_1.2.7_1","appID":"JunkCleanerPhoneBooster-230306","dateAdded":"230306","deceptorType":"Android App","name":"Junk Cleaner - Phone Booster","company":"Cleaner ","version":"1.2.7","lastKnownStatus":"1.2.7","lastKnownDate":"230306","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,display ads","lastUpdate":"2023-03-06T21:37:14.3872691+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1093},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent.\n","ACR-043":"The H2O components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n","ACR-118":"The app retains executables on the device after uninstall.\n","ACR-057":"An optional offer doesn't have a clear way for user to accept or decline. Decline button for the other offer is greyed out to drive the user to accept.\n","ACR-055":"The offer requires the user to uncheck a checkbox in order to decline the offer. Unchecking the preselected item for installation is not a straightforward option for decline. Accept and Decline options should be made obvious for the Optional Offer.\n","ACR-155":"The offer requires the user to uncheck a checkbox in order to decline the offer. Unchecking the preselected item for installation is not a straightforward option for decline. Accept and Decline options should be made obvious for the Optional Offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"VDownloader4.exe","companyName":"Vitzo","productName":"VDownloader","productVersion":"4.5.3407.0","fileVersion":"4.5.3407.0","hashMD5":"286e69f4f0680eae5adfa95067227aaf","hashSHA1":"1b1cae8e44e3349b7073a9c7bce370c764957607","hashSHA256":"533aa0dcff7a2c1f2df9d8547fcf1f2e8c4f05653f8a9da4799b82acc429fa45","sourceIndex":"1102","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VDownloaderSetup.exe","isInstaller":"True","companyName":"Vitzo Limited                                               ","fileVersion":"1.0.0.0","hashMD5":"a86302c45ec18b23bad4e5d3faf511b0","hashSHA1":"44313aa0244fd068b198e2c92eef3aff6db41f53","hashSHA256":"50ad7b78db9f9e573e00491d221f942b20e4bc203bd57fee7e145e111afdbf96","digitalCertThumbprint":"37D27254D407D8A6C72CB2217103961D6619EE4C","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS1, OU=\"(c) 2015 Entrust, Inc. - for authorized use only\", OU=See www.entrust.net/legal-terms, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=Vitzo LLC, SERIALNUMBER=5779253, OID.2.5.4.15=Private Organization, O=Vitzo LLC, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, L=Lewes, S=Delaware, C=US","sourceIndex":"1102","avBlockList":["360 Total Security (20230328)","Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","ESET Internet Security (20230328)","K7 Total Security (20230328)","Kaspersky Internet Security (20230328)","Malwarebytes Premium (20230328)","McAfee Total Protection (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Sophos Home Premium (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)"],"avAllowList":["Bitdefender Internet Security (20230328)","G DATA INTERNET SECURITY (20230328)","Quick Heal Internet Security (20230328)","Trend Micro Internet Security (20230328)","VIPRE Advanced Security (20230328)","Windows Defender (20230328)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://de.all10soft.com/vdownloader-windows-10/","directDownloadingLink":"https://de.all10soft.com/download/1509/vdownloader/#","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://xcvdsoft.com/mre/w7p/17i/d/e/?OPOfz=V1ZVVQsEB1JQBwNWUlBeA1QFBV0GV1cAVFdaXAYJWQUGAFMEXVYAVQdeV1FcUQoEVwVSV1pTWlcHVwlTVANeAkkHVx4AU05YWwhYS1QEDwZVVVRdWlAeRQcMTwpeX1lXUEcYFF0ORVpeCVJTAEBEdA0UDxQXB0JjFgZKEFNDRFZbUhhbCk8ABwZIAgZUHAkI","sourceIndex":"1102"}],"sampleFiles":["230301/VDownloader-230301/4.5.3407.0/Samples/VDownloader4.exe","230301/VDownloader-230301/4.5.3407.0/Samples/VDownloaderSetup.exe"],"imageFiles":["230301/VDownloader-230301/4.5.3407.0/Images/ACR-043/VDL_ACR043.JPG","230301/VDownloader-230301/4.5.3407.0/Images/ACR-055/OptionalOffer_McAfee.jpg","230301/VDownloader-230301/4.5.3407.0/Images/ACR-042/NotpermittedNetworkCommunicationForOfferComp.png","230301/VDownloader-230301/4.5.3407.0/Images/ACR-013/VDL_013_2JPG.JPG","230301/VDownloader-230301/4.5.3407.0/Images/ACR-013/VDL_013.JPG","230301/VDownloader-230301/4.5.3407.0/Images/ACR-118/ACR-118_Retained_executables.jpg","230301/VDownloader-230301/4.5.3407.0/Images/ACR-057/OptionalOffer_McAfee.jpg","230301/VDownloader-230301/4.5.3407.0/Images/ACR-057/OptionalOffer_Avast.jpg","230301/VDownloader-230301/4.5.3407.0/Images/ACR-057/OptionalOffer_Opera.jpg","230301/VDownloader-230301/4.5.3407.0/Images/ACR-060/VDL_013_2JPG.JPG","230301/VDownloader-230301/4.5.3407.0/Images/ACR-060/VDL_013.JPG","230301/VDownloader-230301/4.5.3407.0/Images/ACR-155/OptionalOffer_McAfee.jpg"],"nonDeceptorImageFiles":[],"guid":"b3562bca-aac3-4d83-a88d-f13d254feed0_4.5.3407.0_1","appID":"VDownloader-230301","dateAdded":"230301","deceptorType":"App","name":"VDownloader","company":"Vitzo LLC","version":"4.5.3407.0","firstVendorContactDate":"230423","firstAppEsteemReplyDate":"230425","firstResolvedDate":"230515","firstResolvedVersion":"5.0.4256.0","resolved":"TRUE","lastKnownStatus":"4.5.3407.0","lastKnownDate":"230405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,up-sell to paid","lastUpdate":"2023-05-15T23:31:26.1665891+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1094},{"violations":{"ACR-042":"App initiates network communications with 3rd party offer provider before obtaining user consent\n","ACR-057":"The offer doesn't have clear way for user to accept or decline.\n","ACR-055":"The offer requires the user to uncheck a checkbox in order to decline the offer. Unchecking the preselected item for installation is not a straightforward option for decline. Accept and Decline options should be made obvious for the Optional Offer.\n","ACR-155":"The optional offer is designed to look like part of the install workflow. An offer is inserted into the install workflow with a pre-selected option to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"audiograbber183-2020.exe","isInstaller":"True","fileVersion":"1.0.0.0","hashMD5":"6cd5c6f5281cbd31140923bf6ba3bf45","hashSHA1":"d49301449e46286d4d54912ed7e6ee66a5bef97b","hashSHA256":"c713c7835ce0de10c39e79b580ab1d088e982c08d52ae143faf0ea365d274a27","digitalCertThumbprint":"5472922FE3235328D67A38BDC6CB629623BB354B","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS1, OU=\"(c) 2015 Entrust, Inc. - for authorized use only\", OU=See www.entrust.net/legal-terms, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=6785719 Canada Inc., SERIALNUMBER=678571-9, OID.2.5.4.15=Private Organization, O=6785719 Canada Inc., OID.1.3.6.1.4.1.311.60.2.1.3=CA, L=Saint Laurent, S=Quebec, C=CA","sourceIndex":"1209","avBlockList":["360 Total Security (20230328)","Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","Bitdefender Internet Security (20230328)","COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","ESET Internet Security (20230328)","G DATA INTERNET SECURITY (20230328)","K7 Total Security (20230328)","Kaspersky Internet Security (20230328)","Malwarebytes Premium (20230328)","McAfee Total Protection (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Quick Heal Internet Security (20230328)","Sophos Home Premium (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","Trend Micro Internet Security (20230328)","VIPRE Advanced Security (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)"],"avAllowList":["Windows Defender (20230328)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.audiograbber.org","directDownloadingLink":"https://www.audiograbber.de/get/audiograbber-free.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.audiograbber.de/get/audiograbber-free.php","sourceIndex":"1209"}],"sampleFiles":["230301/AudioGrabber-230228/1.83.01/Samples/audiograbber183-2020.exe"],"imageFiles":["230301/AudioGrabber-230228/1.83.01/Images/ACR-055/ACR-057_055_155-OptionalOffer_.jpg","230301/AudioGrabber-230228/1.83.01/Images/ACR-042/ACR042_TrafficBeforeObtainPermission.JPG","230301/AudioGrabber-230228/1.83.01/Images/ACR-057/ACR-057_055_155-OptionalOffer.jpg","230301/AudioGrabber-230228/1.83.01/Images/ACR-155/ACR-057_055_155-OptionalOffer.jpg","230301/AudioGrabber-230228/1.83.01/Images/ACR-155/ACR-155-OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"74f0e21e-910e-40b0-a63d-3e4376f1f011_1.83.01_1","appID":"AudioGrabber-230228","dateAdded":"230301","deceptorType":"App","name":"AudioGrabber","company":"6785719 Canada Inc.","version":"1.83.01","lastKnownStatus":"1.83.01","lastKnownDate":"230301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads,none","lastUpdate":"2023-03-01T21:02:45.0152609+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1095},{"violations":{"ACR-043":"Open source project \"FFmPeg\" is installed without any disclosure in EULA. \n","ACR-107":"The app does not disclose relevant license information about 'FFmPeg'.\n","ACR-048":"The app does not provide any control to cancel the installation process\n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by using the user's bandwidth/IP.\n","ACR-084":"The app hides in the system tray when it is minimized without notification to user it is still running\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-119":"The app fails to remove all of its monetization components after the consumer uninstalls it.\n"},"nonDeceptorViolations":{"ACR-040":"The app drops all its components in the non-standard or hidden path \"C:\\Users\\User\\AppData\\Roaming\\\".\n","ACR-092":"The app does not provide digital signature for some of its executables.\n","ACR-098":"The app does not provide control to adjust the schedule and rate while the \"PointofPresence\" process is running.\n","ACR-123":"The app does not remove the startup item even after uninstallation. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\PointOfPresence\\PoP_go.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1c5424edd7d2443fab70aec1e92372ea","hashSHA1":"ece850ea9369f7e4377622d4bf32f0b35dc50318","hashSHA256":"b73fcdc89677efcdfc997cb871593eb33f25b06ba062c6f9f622690087c7221f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1203","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Point-Of-Presence-1.0.16.exe","isInstaller":"True","companyName":"","productName":"Point of Presence","productVersion":"1.0.16","fileVersion":"1.0.16","hashMD5":"2d8fe057fdd26732462b1e573df74775","hashSHA1":"65c77152be47f64d4343e33cdae81a71972a1726","hashSHA256":"6d80be7810607f18a356f1491011473b213d7362161723e949d7c2256475f943","digitalCertThumbprint":"0FB3DB9BFA0CDE9220D4C183721F1A89E3D5BD1A","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Secure Privacy Group Limited","storeId":"","sourceIndex":"1203","avBlockList":["360 Total Security (20250731)","Bitdefender Internet Security (20250731)","COMODO Antivirus (20250731)","ESET Internet Security (20250731)","G DATA INTERNET SECURITY (20250731)","K7 Total Security (20250731)","Kaspersky Internet Security (20230328)","Malwarebytes Premium (20250731)","McAfee Total Protection (20250731)","Panda Dome (20250731)","Quick Heal Internet Security (20250731)","Sophos Home Premium (20250731)","SpyHunter5 (20250731)","Trend Micro Internet Security (20250731)","VIPRE Advanced Security (20250731)","VirIT eXplorer PRO (20250731)","Webroot SecureAnywhere (20250731)","FortectPremium (20250731)","KasperskyPremium (20250731)"],"avAllowList":["Avast Premium Security (20250731)","AVG Internet Security (20250731)","Avira Internet Security (20250731)","Dr.Web Security Space (20250731)","Norton Security (20250731)","Total AV Antivirus Pro (20250731)","Windows Defender (20250731)"]}],"additionalFiles":[],"sources":[{"howFound":"System resource borrowing","reference":"","landingPage":"https://peer.proxyrack.com/login","ipv4":"","ipv6":"","sourceIndex":"1203"}],"sampleFiles":["230224/ProxyRack-230209/1.0.16/Samples/Point-Of-Presence-1.0.16.exe"],"imageFiles":["230224/ProxyRack-230209/1.0.16/Images/ACR-043/ACR-043.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-107/ACR-107.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-048/ACR-048_1.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-007/ACR-007.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-084/ACR-084.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-084/ACR-084_1.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-084/ACR-084_2.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-118/ACR-118.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-119/ACR-119.JPG"],"nonDeceptorImageFiles":["230224/ProxyRack-230209/1.0.16/Images/ACR-040/ACR-040.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-092/ACR-092.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-098/ACR-098.JPG","230224/ProxyRack-230209/1.0.16/Images/ACR-123/ACR-123.JPG"],"guid":"cc37a6e7-b3da-47d3-96a7-2c7578dce510_1.0.16_1","appID":"ProxyRack-230209","dateAdded":"230224","deceptorType":"App","name":"ProxyRack","company":"Secure Privacy Group Limited","version":"1.0.16","lastKnownStatus":"1.0.16","lastKnownDate":"230224","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-03-04T00:55:02.2782845+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1096},{"violations":{"ACR-042":"The app installs an unrelated shortcut without disclosing it to the user or getting the user's consent.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The offer requires the user to deselect an option in order to decline the offer and this is not a straightforward option for decline. Accept and Decline options should be made obvious for the Optional Offer.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"easyMule-081218-EN-Setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c72644d29288a2ba455c847306bb3dc4","hashSHA1":"5939e3bf50692ff747fca42ca0ec2755e8f4d288","hashSHA256":"bd0d3f9fc95acb835f60b2bf469dafe9a297964d39a4e2334405e3656b771020","digitalCertThumbprint":"7B4C8DB3ED746C5D6D2DF0626BB264AB35E2B777","digitalCertIssuer":"CN=WoSign Code Signing Authority, O=\"WoSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Source Networking Technology Co., Ltd\", OU=WoSign Class 3 Code Signing, O=上海少思网络科技有限公司, L=上海, S=上海, C=CN","sourceIndex":"1212","avBlockList":["Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","ESET Internet Security (20230328)","G DATA INTERNET SECURITY (20230328)","K7 Total Security (20230328)","Malwarebytes Premium (20230328)","McAfee Total Protection (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Quick Heal Internet Security (20230328)","Sophos Home Premium (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)"],"avAllowList":["360 Total Security (20230328)","Bitdefender Internet Security (20230328)","COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","Kaspersky Internet Security (20230328)","Trend Micro Internet Security (20230328)","VIPRE Advanced Security (20230328)","Windows Defender (20230328)"]},{"isRevoked":"False","fileName":"emule.exe","companyName":"http://www.verycd.com","fileVersion":"1.0","hashMD5":"7cdcea665940b50d87612e58b8e0b6ec","hashSHA1":"ee82f1fb4d7596e0185d08a4641607e3f8eb1e70","hashSHA256":"2987d1302e65a15ea39182c63df6255b903886826f259c7202c97cd0ad81f130","digitalCertThumbprint":"7B4C8DB3ED746C5D6D2DF0626BB264AB35E2B777","digitalCertIssuer":"CN=WoSign Code Signing Authority, O=\"WoSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Shanghai Source Networking Technology Co., Ltd\", OU=WoSign Class 3 Code Signing, O=上海少思网络科技有限公司, L=上海, S=上海, C=CN","sourceIndex":"1212","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://easymule.en.softonic.com/","directDownloadingLink":"https://easymule.en.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://easymule.en.softonic.com/download","sourceIndex":"1212"}],"sampleFiles":["230222/easyMule-230222/1.0.11.81218/Samples/easyMule-081218-EN-Setup.exe","230222/easyMule-230222/1.0.11.81218/Samples/emule.exe"],"imageFiles":["230222/easyMule-230222/1.0.11.81218/Images/ACR-055/GoogleToolbar_Offer.jpg","230222/easyMule-230222/1.0.11.81218/Images/ACR-042/ACR-042_DroppedShortcuts.jpg","230222/easyMule-230222/1.0.11.81218/Images/ACR-057/GoogleToolbar_Offer.jpg","230222/easyMule-230222/1.0.11.81218/Images/ACR-059/GoogleToolbar_Offer.jpg"],"nonDeceptorImageFiles":[],"guid":"c3b58416-ddca-447a-a848-20435903d282_1.0.11.81218_1","appID":"easyMule-230222","dateAdded":"230222","deceptorType":"App","name":"easyMule","company":"verycd.com","version":"1.0.11.81218","lastKnownStatus":"1.0.11.81218","lastKnownDate":"230222","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2023-02-22T18:03:58.9723472+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1098},{"violations":{"ACR-043":"Open source project \"The QT Company Ltd\" is installed without any disclosure in EULA or ToS\n","ACR-107":"The app does not disclose relevant license information about 'The QT Company Ltd'. \n","ACR-048":"The app didn't provide control to disable the background running process.\n","ACR-007":"The app does not obtain user explicit consent which reduces the consumer's security posture caused by using the user's bandwidth/IP.\n"},"nonDeceptorViolations":{"ACR-045":"The app didn't provide control to enable/disable the \"Internet Traffic sharing\" process.\n","ACR-098":"The app does not provide control to adjust the schedule and rate while the \"Peer2Profit\" process is running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Peer2Profit\\Peer2Profit.exe","companyName":"","productName":"Peer2Profit","productVersion":"0.53.0.0","fileVersion":"0.53.0.0","hashMD5":"1a561e310b2193252e4af68ce31ddfa6","hashSHA1":"87aabcc27f125507377d615a9ef7f931c269e947","hashSHA256":"ef57bee5638a32b51d7190ebd6bef3326c095cecf4ac9869dae5e4b914d5f3eb","digitalCertThumbprint":"42F4524A9F43A71A1B2269CDC06CCA24ED1456CA","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Simple Coding Solutions LLC","storeId":"","sourceIndex":"272","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Peer2Profit-Setup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"\u0003","hashMD5":"18ce8109bd1e9efaea6d21dc3457c297","hashSHA1":"4902d00373ec311279315f491a9d5c8b8aa1ad4a","hashSHA256":"0893cab7317c5d1bf6dbaf30c6023e0dfeba6fad472736e0cab1794551b07d22","digitalCertThumbprint":"42F4524A9F43A71A1B2269CDC06CCA24ED1456CA","digitalCertIssuer":"Certum Extended Validation Code Signing 2021 CA","digitalCertIssuedTo":"Simple Coding Solutions LLC","storeId":"","sourceIndex":"272","avBlockList":["360 Total Security (20230328)","Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","ESET Internet Security (20230328)","K7 Total Security (20230328)","Kaspersky Internet Security (20230328)","McAfee Total Protection (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Quick Heal Internet Security (20230328)","Sophos Home Premium (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)","Windows Defender (20230328)"],"avAllowList":["Bitdefender Internet Security (20230328)","COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","G DATA INTERNET SECURITY (20230328)","Malwarebytes Premium (20230328)","Trend Micro Internet Security (20230328)","VIPRE Advanced Security (20230328)"]}],"additionalFiles":[],"sources":[{"howFound":"System resource borrowing apps","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"272"}],"sampleFiles":["230222/Peer2Profit-230208/1.0/Samples/Peer2Profit-Setup.exe"],"imageFiles":["230222/Peer2Profit-230208/1.0/Images/ACR-043/ACR-043.JPG","230222/Peer2Profit-230208/1.0/Images/ACR-107/ACR-107.JPG","230222/Peer2Profit-230208/1.0/Images/ACR-007/ACR-007.JPG","230222/Peer2Profit-230208/1.0/Images/ACR-048/ACR-048.JPG","230222/Peer2Profit-230208/1.0/Images/ACR-048/ACR-048_1.JPG"],"nonDeceptorImageFiles":["230222/Peer2Profit-230208/1.0/Images/ACR-045/ACR-045 (1).JPG","230222/Peer2Profit-230208/1.0/Images/ACR-045/ACR-045 (2).JPG","230222/Peer2Profit-230208/1.0/Images/ACR-098/ACR-098.JPG"],"guid":"213d60bf-c435-4d44-9f43-c4a58405c4f9_1.0_1","appID":"Peer2Profit-230208","dateAdded":"230222","deceptorType":"App","name":"Peer2Profit","company":"Peer2Profit Ltd","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"241217","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-12-17T22:33:18.9462204+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1097},{"violations":{"ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"MS PowerBi","reference":"","landingPage":"https://spgsoft.com/","ipv4":"","ipv6":"","sourceIndex":"1213"}],"sampleFiles":[],"imageFiles":["230221/SPGSoft-230221/230221/Images/ACR-010/RK.jpg"],"nonDeceptorImageFiles":[],"guid":"26657bbc-45ef-4248-9851-bff98d5ef0bc_230221_1","appID":"SPGSoft-230221","dateAdded":"230221","deceptorType":"Affiliate","name":"spgsoft.com","company":"https://spgsoft.com/","version":"230221","lastKnownStatus":"230221","lastKnownDate":"230221","type":"Affiliate","category":"Media players, Media editors","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-02-22T04:24:26.1005627+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1100},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it continue to drop the RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":" Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":" App offers deceptive application 'Relevant Knowledge market survey'.\n"},"samples":[{"isRevoked":"False","fileName":"3GPCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"0e2a2293f65a80e54e4e5f5a7dac89bd","hashSHA1":"c1cb4f8997078c27dd5ae90fe1f9712a2b0dfcb1","hashSHA256":"e1b315d6058bff40b01971251ff0cbb2d544252f8ca7c4cad016b4b47adfa15d","sourceIndex":"1214","avBlockList":["360 Total Security (20230328)","Avast Premium Security (20230328)","AVG Internet Security (20230328)","Avira Internet Security (20230328)","Bitdefender Internet Security (20230328)","COMODO Antivirus (20230328)","Dr.Web Security Space (20230328)","ESET Internet Security (20230328)","G DATA INTERNET SECURITY (20230328)","K7 Total Security (20230328)","Kaspersky Internet Security (20230328)","Malwarebytes Premium (20230328)","McAfee Total Protection (20230328)","Norton Security (20230328)","Panda Dome (20230328)","Quick Heal Internet Security (20230328)","Sophos Home Premium (20230328)","SpyHunter5 (20230328)","Total AV Antivirus Pro (20230328)","VIPRE Advanced Security (20230328)","VirIT eXplorer PRO (20230328)","Webroot SecureAnywhere (20230328)","Windows Defender (20230328)"],"avAllowList":["Trend Micro Internet Security (20230328)"]},{"isRevoked":"False","fileName":"3GPPlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"47b30247f639ddb0911fa339e329c42b","hashSHA1":"e1026910955784083b9586b2e5cf2879fd502c17","hashSHA256":"61906581316cf5c82e3112d8ec7ae776c782199bec0dffc53601bf09bd0a13d5","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AACConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"6ca8ca9159d9e60a97b6fd57cccf70c2","hashSHA1":"2ff3b7bcb9da9f4da202ce0825d72713c092b260","hashSHA256":"5fca9b30eb8cd53278f7f72fbc6b3d970e5ca3df8d91786cd29ffce16f4ed993","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AACCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"077f4848b132ba46bd1df286f6395dd9","hashSHA1":"614e1ac3ec6d3c8cfdb36a149260b662c10289f9","hashSHA256":"9ba84ecc621af2d8941b7cfe17b7fd88a0b20a96d0a64febe0ab88af939e9ed9","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AC3CutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"ad6d44a3d704ed26caef14260ea7053a","hashSHA1":"4012dde9c75394af7f867c0a7c6cfee3625d0ab9","hashSHA256":"13ddd96ba7209c0e595cba4796c921eb65a09bef9ffc5c6512f6ea305797e05c","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AMRPlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"d65140fe5535214027f8833108b96d5d","hashSHA1":"940f87d44205847df18b961418dbe99326557851","hashSHA256":"06f3201a5c3ee93e90591671b61bdc30ce836c74717023cf874ae4df7e35e9d0","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AudioConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"c846ba7877c3e889423dc0788ceaa02f","hashSHA1":"47ddec05e0178b8ab5d9e588deb672b35df59eff","hashSHA256":"eb6ae8fe5994a5a977a3f884e52a85ab86980acc58819011d3462af286da1d98","sourceIndex":"1214","avBlockList":["Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["360 Total Security (20230330)","Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AutomaticClickerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"de48f0a387917b476d59933a8860ebb4","hashSHA1":"c55b94b8158745c39219b450d39bf12112dde8d5","hashSHA256":"046772e2c0a8bb8a40a98cbda216fae1243d1e1adbc2c1d46006e99994fb47a8","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AVIConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"caece9c95df92efad3d45e2424ab4b00","hashSHA1":"8ffe83c98c77e59a9f4069bd21f7a4bcb97e5379","hashSHA256":"640712fbad0b03a78cbce98ea7150605d760800aab8feeafc3b904d8461bdf4e","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AVICutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"6c40d6a7e11741e3ccb42e894ff114d0","hashSHA1":"1671752a692c1ceb9b062bb8dbaf26ababad8a22","hashSHA256":"c04c6e9a3abc76f876e9b6dd35a39f9e70668a986115bbef27c70b28ad5ddb25","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"AVIPlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"64d8bbcd036705cceb29f4484f1e01bc","hashSHA1":"f8500325040e796108ce51831a6b725f7b58ee64","hashSHA256":"365c871759462c8ba2ab27a5bd2650147b7fb45ddc800d592db4e30923b6fca0","sourceIndex":"1214","avBlockList":["360 Total Security (20230330)","Avast Premium Security (20230330)","AVG Internet Security (20230330)","Avira Internet Security (20230330)","Bitdefender Internet Security (20230330)","COMODO Antivirus (20230330)","Dr.Web Security Space (20230330)","ESET Internet Security (20230330)","G DATA INTERNET SECURITY (20230330)","K7 Total Security (20230330)","Kaspersky Internet Security (20230330)","Malwarebytes Premium (20230330)","McAfee Total Protection (20230330)","Norton Security (20230330)","Panda Dome (20230330)","Quick Heal Internet Security (20230330)","Sophos Home Premium (20230330)","SpyHunter5 (20230330)","Total AV Antivirus Pro (20230330)","VIPRE Advanced Security (20230330)","VirIT eXplorer PRO (20230330)","Webroot SecureAnywhere (20230330)","Windows Defender (20230330)"],"avAllowList":["Trend Micro Internet Security (20230330)"]},{"isRevoked":"False","fileName":"DVDPlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"631382cb022141e325098b62e4e0441d","hashSHA1":"5224f171b61a553024a26a4507b186147cb6f235","hashSHA256":"5a937778b237b109086fdedb9f547d9886bc67abfcf49f2dd67d23a385998468","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Trend Micro Internet Security (20230404)"]},{"isRevoked":"False","fileName":"FLACConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"1470aae260e43285ac94d70b1bd72d18","hashSHA1":"4e6a0ef57193a04ef4262dded00a59112cf41ba5","hashSHA256":"90637f69ee1bac34c4acd6721630b5901d7f9cfa293237be28fd87b541252ea5","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","Trend Micro Internet Security (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FLACCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"d0be896e0f72ee07121e7ad6bf60095d","hashSHA1":"bdef2a13ec1846bd19de98f416c06359c6e95014","hashSHA256":"ac0a2ac44b9f4e21554bc2cdaacf2c52255e28f02fe5512092d92805d67cbb93","sourceIndex":"1214","avBlockList":["Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","Trend Micro Internet Security (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["360 Total Security (20230404)"]},{"isRevoked":"False","fileName":"FLVConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"fe59c65c395f6664f82480fc66709225","hashSHA1":"fc730da6f70e26027499bf1088d8f491f0d06381","hashSHA256":"cb4cbfb478ef1ca7afe1d43f4bb4c2c5085009c483bd4fd87f072fa4d815df0e","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Trend Micro Internet Security (20230404)"]},{"isRevoked":"False","fileName":"FLVCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"bcff997e102fe533fcfc77077eb3917e","hashSHA1":"9241f297bf6bb14baa818a3377e69bc6fb584267","hashSHA256":"366e422eaf6347e17497b7de01e55160ea44649e2a65bfd60b5fa2988a1c45f6","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Trend Micro Internet Security (20230404)"]},{"isRevoked":"False","fileName":"FLVTo3GPSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"5.0","hashMD5":"0ca2970fd2be9e4eae91eaf9b931d611","hashSHA1":"57bb871e085ac608ef94562b1d6f48f22bcc91c7","hashSHA256":"c776efb8f7045344a72911189daa97a95d818fbb28e3776a0095d92ae75d9cb7","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Trend Micro Internet Security (20230404)"]},{"isRevoked":"False","fileName":"FLVToMP4Setup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"5.0","hashMD5":"e1170d05ba77902e314ace068a6c4a84","hashSHA1":"a2c3b8e32757666c41774955fbfda00ef4e0b144","hashSHA256":"2e5af6ffbe91f26a60b9e9c96e01691362af2275ee1aa7663c17e757d1f2f6f2","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Trend Micro Internet Security (20230404)"]},{"isRevoked":"False","fileName":"M4AConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"fc1d9f460788e57b4a34a406c230441a","hashSHA1":"7683169dddde3f7fbbf8a329b0d2eb76b165030d","hashSHA256":"76febcc6f5109757a4aca75fa3e713eb483b2236921e19b48099599b2cc48d97","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Trend Micro Internet Security (20230404)"]},{"isRevoked":"False","fileName":"M4ACutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"9bf93dd1321c1fc02c74a679db93b0d5","hashSHA1":"fd8d530fd7b3ee125d16e3e1c39fe5ea46afbc59","hashSHA256":"663f57532470a9a6ecd6729d267d9ab5b40db51221bf1d0b92a976d7b2c34952","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Trend Micro Internet Security (20230404)"]},{"isRevoked":"False","fileName":"MKVConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"633ce1af8e55f84ad51fa3fd87cec3a7","hashSHA1":"99e6701b77182c618a8f6dabe295dc5dcdbb507e","hashSHA256":"45eba59e8b9f1382ac5a7fd7eddb2046b7be6a70255f85a0f02d844aac6c833e","sourceIndex":"1214","avBlockList":["360 Total Security (20230404)","Avast Premium Security (20230404)","AVG Internet Security (20230404)","Avira Internet Security (20230404)","Bitdefender Internet Security (20230404)","COMODO Antivirus (20230404)","Dr.Web Security Space (20230404)","ESET Internet Security (20230404)","G DATA INTERNET SECURITY (20230404)","K7 Total Security (20230404)","Kaspersky Internet Security (20230404)","Malwarebytes Premium (20230404)","McAfee Total Protection (20230404)","Norton Security (20230404)","Panda Dome (20230404)","Quick Heal Internet Security (20230404)","Sophos Home Premium (20230404)","SpyHunter5 (20230404)","Total AV Antivirus Pro (20230404)","VIPRE Advanced Security (20230404)","VirIT eXplorer PRO (20230404)","Webroot SecureAnywhere (20230404)","Windows Defender (20230404)"],"avAllowList":["Trend Micro Internet Security (20230404)"]},{"isRevoked":"False","fileName":"MKVCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"1eea557567979fd55d408d91160fd00b","hashSHA1":"0ea9e03648a7b40bf783068844a4acdfa1634298","hashSHA256":"2b03a5f8a21c3124390e724f90b3f66cc6795a036893381809fe66639ef64251","sourceIndex":"1214","avBlockList":["360 Total Security (20230504)","Avast Premium Security (20230504)","AVG Internet Security (20230504)","Avira Internet Security (20230504)","Bitdefender Internet Security (20230504)","COMODO Antivirus (20230504)","Dr.Web Security Space (20230504)","ESET Internet Security (20230504)","G DATA INTERNET SECURITY (20230504)","K7 Total Security (20230504)","Kaspersky Internet Security (20230504)","Malwarebytes Premium (20230504)","McAfee Total Protection (20230504)","Norton Security (20230504)","Panda Dome (20230504)","Quick Heal Internet Security (20230504)","Sophos Home Premium (20230504)","SpyHunter5 (20230504)","Total AV Antivirus Pro (20230504)","VIPRE Advanced Security (20230504)","VirIT eXplorer PRO (20230504)","Webroot SecureAnywhere (20230504)","Windows Defender (20230504)"],"avAllowList":["Trend Micro Internet Security (20230504)"]},{"isRevoked":"False","fileName":"MOVConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"fd1d5516de5b2d38ea2190b899766afe","hashSHA1":"4c1078f3c0b2520d88a0202ec30478b918595847","hashSHA256":"f51692f188fb5a2dd98d17868dc9c12546ccb9ca233e046b1ee18847911ae059","sourceIndex":"1214","avBlockList":["360 Total Security (20230530)","Avast Premium Security (20230530)","AVG Internet Security (20230530)","Avira Internet Security (20230530)","Bitdefender Internet Security (20230530)","COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","ESET Internet Security (20230530)","G DATA INTERNET SECURITY (20230530)","K7 Total Security (20230530)","Kaspersky Internet Security (20230530)","Malwarebytes Premium (20230530)","McAfee Total Protection (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Quick Heal Internet Security (20230530)","Sophos Home Premium (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","VIPRE Advanced Security (20230530)","VirIT eXplorer PRO (20230530)","Webroot SecureAnywhere (20230530)","Windows Defender (20230530)"],"avAllowList":["Trend Micro Internet Security (20230530)"]},{"isRevoked":"False","fileName":"MOVCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"a4e9e589d9c58b7315bb1bcba711c0a2","hashSHA1":"405b1e124524c348572c0046fad5df8fcc1f3d97","hashSHA256":"2559f8dc8de3e8d6fec70a3c5315900a66ce9f4785204f25f4263b057d5c3cee","sourceIndex":"1214","avBlockList":["360 Total Security (20230530)","Avast Premium Security (20230530)","AVG Internet Security (20230530)","Avira Internet Security (20230530)","Bitdefender Internet Security (20230530)","COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","ESET Internet Security (20230530)","G DATA INTERNET SECURITY (20230530)","K7 Total Security (20230530)","Kaspersky Internet Security (20230530)","Malwarebytes Premium (20230530)","McAfee Total Protection (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Quick Heal Internet Security (20230530)","Sophos Home Premium (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","VIPRE Advanced Security (20230530)","VirIT eXplorer PRO (20230530)","Webroot SecureAnywhere (20230530)","Windows Defender (20230530)"],"avAllowList":["Trend Micro Internet Security (20230530)"]},{"isRevoked":"False","fileName":"MP3ConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"e30d7e8c108f595b5f3fa9834add3633","hashSHA1":"4ffadc49661ea4b4fc38f41132ede36b6e054dea","hashSHA256":"2d47969dc47d8beef62adb96f5c3645522cc8f6b17400c8251bddae2556298b9","sourceIndex":"1214","avBlockList":["360 Total Security (20230530)","Avast Premium Security (20230530)","AVG Internet Security (20230530)","Avira Internet Security (20230530)","Bitdefender Internet Security (20230530)","COMODO Antivirus (20230530)","Dr.Web Security Space (20230530)","ESET Internet Security (20230530)","G DATA INTERNET SECURITY (20230530)","K7 Total Security (20230530)","Kaspersky Internet Security (20230530)","Malwarebytes Premium (20230530)","McAfee Total Protection (20230530)","Norton Security (20230530)","Panda Dome (20230530)","Quick Heal Internet Security (20230530)","Sophos Home Premium (20230530)","SpyHunter5 (20230530)","Total AV Antivirus Pro (20230530)","VIPRE Advanced Security (20230530)","VirIT eXplorer PRO (20230530)","Webroot SecureAnywhere (20230530)","Windows Defender (20230530)"],"avAllowList":["Trend Micro Internet Security (20230530)"]},{"isRevoked":"False","fileName":"MP3RecorderSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"77f8be262f02b773c4837f24fd5fe7f7","hashSHA1":"a1871cfe4055b3892fb03e29ba420a51b5e9ff28","hashSHA256":"bdcbafeb1f644a792961aca55055627bdbddac2bc742e8b22117e1168c0f35e7","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"MP3SplitterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"3be41ca88db915a1fdd4ac6f39b16d0f","hashSHA1":"8cb61202b66c1e6e2415f57568d9f7861859a95f","hashSHA256":"8dda74f21218ae199c3adeda015c9d5bfc543da427c88ce451d9c0f407e62071","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"MP4CutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"df1ed9b5683ea90d9f04f6c9f7050269","hashSHA1":"c76208609f7b566b039f0bd7fbda8eb655f5a84f","hashSHA256":"75eba39aeb890cd4b09c9e8b08be35ceed9beb014db9f0589a868ac2dbf7f7fd","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"MP4PlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"24625ddb5d317fe30e3470d909861728","hashSHA1":"19375bf275d6d2b0555464e88f8a453f3c75ff17","hashSHA256":"68643bc6d675fc9f9cbb993ee6913052f2a241dae52a8c98d77d7a15d8a3ae96","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","Trend Micro Internet Security (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MPEG4PlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"e4d8e853b0f63124363156ad8e20265f","hashSHA1":"d3300851817d07a6c7d1f91f01df53baa57d509d","hashSHA256":"34ecef419c966724810bb7e859c13e9677377984e5751135305353df79f99e91","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"MPEGConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"27fd88500d47a0d5928bb867120d66f7","hashSHA1":"64dc0bc42b6c50163280447e67da49b6a688a420","hashSHA256":"fba10929bceae49ca919ea324ff03a85f4e98a8bf55eaf54f7ed13e0747108ea","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"MPEGCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"cebebbb4677838db0b58eab4e0097bf0","hashSHA1":"1b82f9db792d3ad202d0090bb0894304abfe93df","hashSHA256":"40bda04685efc7dd4d5b288ecb1450ebdf32b61c7d9ebb4de247520c918eee87","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"MPGPlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"7b7155037b1d1e64788cb14c86c71834","hashSHA1":"25f8744f241b7dd476fb3b324da3f9bc36bb6d64","hashSHA256":"cc03221bd11d332ba13453dd58f6d4062ec5bc7ae1d6262cbc50a16e18b9bce4","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"OGGPlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"bc852ab7904aafe27b57cfcb9116fd9c","hashSHA1":"377c4752c43aa417bbafccf58af718dc7d9d04c5","hashSHA256":"d0d8241224503ac67cf6925235f8680f397cc0a94b261632b193a80f4e8fc4be","sourceIndex":"1214","avBlockList":["Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["360 Total Security (20230601)","Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"VideoConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"d079ff0ce6946f89bd3fe81f5c80e6a1","hashSHA1":"48613a59d7b8bb62e1894c4ca45023ca434777d3","hashSHA256":"07b6c6ba524e10acc22377f3be479c773d2c13f1a8e6121982ebf3218391eb7b","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"VideoPlayerSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"3399d149cb45d0718ccce5e2a163abe9","hashSHA1":"061c66c63b67aaf2951f2cd535a766c9a4f3f8d8","hashSHA256":"c0c103aa91eff921cd34682e0157044c95495863b2d4b3213aa03e5368c7476b","sourceIndex":"1214","avBlockList":["360 Total Security (20230601)","Avast Premium Security (20230601)","AVG Internet Security (20230601)","Avira Internet Security (20230601)","Bitdefender Internet Security (20230601)","COMODO Antivirus (20230601)","Dr.Web Security Space (20230601)","ESET Internet Security (20230601)","G DATA INTERNET SECURITY (20230601)","K7 Total Security (20230601)","Kaspersky Internet Security (20230601)","Malwarebytes Premium (20230601)","McAfee Total Protection (20230601)","Norton Security (20230601)","Panda Dome (20230601)","Quick Heal Internet Security (20230601)","Sophos Home Premium (20230601)","SpyHunter5 (20230601)","Total AV Antivirus Pro (20230601)","VIPRE Advanced Security (20230601)","VirIT eXplorer PRO (20230601)","Webroot SecureAnywhere (20230601)","Windows Defender (20230601)"],"avAllowList":["Trend Micro Internet Security (20230601)"]},{"isRevoked":"False","fileName":"VideoSplitterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"13e20bc7e92060b407750e0159354bce","hashSHA1":"6b28c0e17d723c6943b2c3326fe1d1c4df27ebea","hashSHA256":"5406c70286750f591f16e151ff9e9447b0ad39586179c67e5dd9bfe8d78769d0","sourceIndex":"1214","avBlockList":["360 Total Security (20230316)","Avast Premium Security (20230316)","AVG Internet Security (20230316)","Avira Internet Security (20230316)","Bitdefender Internet Security (20230316)","COMODO Antivirus (20230316)","Dr.Web Security Space (20230316)","ESET Internet Security (20230316)","G DATA INTERNET SECURITY (20230316)","K7 Total Security (20230316)","Kaspersky Internet Security (20230316)","Malwarebytes Premium (20230316)","McAfee Total Protection (20230316)","Norton Security (20230316)","Panda Dome (20230316)","Quick Heal Internet Security (20230316)","Sophos Home Premium (20230316)","SpyHunter5 (20230316)","Total AV Antivirus Pro (20230316)","VIPRE Advanced Security (20230316)","VirIT eXplorer PRO (20230316)","Webroot SecureAnywhere (20230316)","Windows Defender (20230316)"],"avAllowList":["Trend Micro Internet Security (20230316)"]},{"isRevoked":"False","fileName":"VOBConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"ae09cc21ea1ed1f1d895046bd3030536","hashSHA1":"d08c0fb5ba68e76861c2f48d56a67f164796afcb","hashSHA256":"cd90a736742765ec3e9ad0ba30fc5f61c75502d9692b124307583a42c9e5aed9","sourceIndex":"1214","avBlockList":["360 Total Security (20230316)","Avast Premium Security (20230316)","AVG Internet Security (20230316)","Avira Internet Security (20230316)","Bitdefender Internet Security (20230316)","COMODO Antivirus (20230316)","Dr.Web Security Space (20230316)","ESET Internet Security (20230316)","G DATA INTERNET SECURITY (20230316)","K7 Total Security (20230316)","Kaspersky Internet Security (20230316)","Malwarebytes Premium (20230316)","McAfee Total Protection (20230316)","Norton Security (20230316)","Panda Dome (20230316)","Quick Heal Internet Security (20230316)","Sophos Home Premium (20230316)","SpyHunter5 (20230316)","Total AV Antivirus Pro (20230316)","VIPRE Advanced Security (20230316)","VirIT eXplorer PRO (20230316)","Webroot SecureAnywhere (20230316)","Windows Defender (20230316)"],"avAllowList":["Trend Micro Internet Security (20230316)"]},{"isRevoked":"False","fileName":"VOBCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"8df5f29fbf3d7dc4bb050d7481bc7a06","hashSHA1":"b0542c5941a7d334b25989afdb66c43218db0014","hashSHA256":"edceb2c146d9a3128be8050034578cc6e3be2900870a2ec63fdeb585e4397fa2","sourceIndex":"1214","avBlockList":["360 Total Security (20230316)","Avast Premium Security (20230316)","AVG Internet Security (20230316)","Avira Internet Security (20230316)","Bitdefender Internet Security (20230316)","COMODO Antivirus (20230316)","Dr.Web Security Space (20230316)","ESET Internet Security (20230316)","G DATA INTERNET SECURITY (20230316)","K7 Total Security (20230316)","Kaspersky Internet Security (20230316)","Malwarebytes Premium (20230316)","McAfee Total Protection (20230316)","Norton Security (20230316)","Panda Dome (20230316)","Quick Heal Internet Security (20230316)","Sophos Home Premium (20230316)","SpyHunter5 (20230316)","Total AV Antivirus Pro (20230316)","VIPRE Advanced Security (20230316)","VirIT eXplorer PRO (20230316)","Webroot SecureAnywhere (20230316)","Windows Defender (20230316)"],"avAllowList":["Trend Micro Internet Security (20230316)"]},{"isRevoked":"False","fileName":"WAVConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"9ec342885e702290e417a69b840b34ab","hashSHA1":"003dc46e591b4c0b549eac1e0dc9d8876b408c0c","hashSHA256":"6a315b7eced8ea1e7ab6e8127d98068e114fac13e4dd652c6e8fab37f8c13aee","sourceIndex":"1214","avBlockList":["360 Total Security (20230316)","Avast Premium Security (20230316)","AVG Internet Security (20230316)","Avira Internet Security (20230316)","Bitdefender Internet Security (20230316)","COMODO Antivirus (20230316)","Dr.Web Security Space (20230316)","ESET Internet Security (20230316)","G DATA INTERNET SECURITY (20230316)","K7 Total Security (20230316)","Kaspersky Internet Security (20230316)","Malwarebytes Premium (20230316)","McAfee Total Protection (20230316)","Norton Security (20230316)","Panda Dome (20230316)","Quick Heal Internet Security (20230316)","Sophos Home Premium (20230316)","SpyHunter5 (20230316)","Total AV Antivirus Pro (20230316)","Trend Micro Internet Security (20230316)","VIPRE Advanced Security (20230316)","VirIT eXplorer PRO (20230316)","Webroot SecureAnywhere (20230316)","Windows Defender (20230316)"],"avAllowList":[]},{"isRevoked":"False","fileName":"WAVCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"069cda25d96f8cbcba224aec8acee33c","hashSHA1":"6c6ed1fa93722486e9e53bf73d1bdb9d0c4664af","hashSHA256":"280a37d40aa6b160ffb864598ac4681751a42b222ba3096ffaf1ee9097c08ca5","sourceIndex":"1214","avBlockList":["360 Total Security (20230321)","Avast Premium Security (20230321)","AVG Internet Security (20230321)","Avira Internet Security (20230321)","Bitdefender Internet Security (20230321)","COMODO Antivirus (20230321)","Dr.Web Security Space (20230321)","ESET Internet Security (20230321)","G DATA INTERNET SECURITY (20230321)","K7 Total Security (20230321)","Kaspersky Internet Security (20230321)","Malwarebytes Premium (20230321)","McAfee Total Protection (20230321)","Norton Security (20230321)","Panda Dome (20230321)","Quick Heal Internet Security (20230321)","Sophos Home Premium (20230321)","SpyHunter5 (20230321)","Total AV Antivirus Pro (20230321)","VIPRE Advanced Security (20230321)","VirIT eXplorer PRO (20230321)","Webroot SecureAnywhere (20230321)","Windows Defender (20230321)"],"avAllowList":["Trend Micro Internet Security (20230321)"]},{"isRevoked":"False","fileName":"WMAConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"dd4afc633feb3c84eaa2c8fb9e3b1f48","hashSHA1":"ed3bdf7ef06cf87fdef965fdef9037bf754deaba","hashSHA256":"94259aaf8e7a5227d7f9be9fbdf38131982a067ac7b61afd1dd89cac1d19f11b","sourceIndex":"1214","avBlockList":["360 Total Security (20230321)","Avast Premium Security (20230321)","AVG Internet Security (20230321)","Avira Internet Security (20230321)","Bitdefender Internet Security (20230321)","COMODO Antivirus (20230321)","Dr.Web Security Space (20230321)","ESET Internet Security (20230321)","G DATA INTERNET SECURITY (20230321)","K7 Total Security (20230321)","Kaspersky Internet Security (20230321)","Malwarebytes Premium (20230321)","McAfee Total Protection (20230321)","Norton Security (20230321)","Panda Dome (20230321)","Quick Heal Internet Security (20230321)","Sophos Home Premium (20230321)","SpyHunter5 (20230321)","Total AV Antivirus Pro (20230321)","Trend Micro Internet Security (20230321)","VIPRE Advanced Security (20230321)","VirIT eXplorer PRO (20230321)","Webroot SecureAnywhere (20230321)","Windows Defender (20230321)"],"avAllowList":[]},{"isRevoked":"False","fileName":"WMACutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"51dfe9b2a4de14e6d8cae53a1d5ccc79","hashSHA1":"72241cfbc7030c1dd200aa4fdcfd52657056775c","hashSHA256":"e2c3c753261ddfde8f0ff6d6681caac40e3e0b6e002f9fa1514f19e671d13d00","sourceIndex":"1214","avBlockList":["360 Total Security (20230321)","Avast Premium Security (20230321)","AVG Internet Security (20230321)","Avira Internet Security (20230321)","Bitdefender Internet Security (20230321)","COMODO Antivirus (20230321)","Dr.Web Security Space (20230321)","ESET Internet Security (20230321)","G DATA INTERNET SECURITY (20230321)","K7 Total Security (20230321)","Kaspersky Internet Security (20230321)","Malwarebytes Premium (20230321)","McAfee Total Protection (20230321)","Norton Security (20230321)","Panda Dome (20230321)","Quick Heal Internet Security (20230321)","Sophos Home Premium (20230321)","SpyHunter5 (20230321)","Total AV Antivirus Pro (20230321)","Trend Micro Internet Security (20230321)","VIPRE Advanced Security (20230321)","VirIT eXplorer PRO (20230321)","Webroot SecureAnywhere (20230321)","Windows Defender (20230321)"],"avAllowList":[]},{"isRevoked":"False","fileName":"WMVConverterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"9b048477b2cc873dcf959490a591a30a","hashSHA1":"0460157a44004635a51a78698654c51b0d85d135","hashSHA256":"cdab805b8fbc838ee159eff58d59d0c37f8adbf2b5a40872ee36e73b720542b5","sourceIndex":"1214","avBlockList":["360 Total Security (20230321)","Avast Premium Security (20230321)","AVG Internet Security (20230321)","Avira Internet Security (20230321)","Bitdefender Internet Security (20230321)","COMODO Antivirus (20230321)","Dr.Web Security Space (20230321)","ESET Internet Security (20230321)","G DATA INTERNET SECURITY (20230321)","K7 Total Security (20230321)","Kaspersky Internet Security (20230321)","Malwarebytes Premium (20230321)","McAfee Total Protection (20230321)","Norton Security (20230321)","Panda Dome (20230321)","Quick Heal Internet Security (20230321)","Sophos Home Premium (20230321)","SpyHunter5 (20230321)","Total AV Antivirus Pro (20230321)","Trend Micro Internet Security (20230321)","VIPRE Advanced Security (20230321)","VirIT eXplorer PRO (20230321)","Webroot SecureAnywhere (20230321)","Windows Defender (20230321)"],"avAllowList":[]},{"isRevoked":"False","fileName":"WMVCutterSetup.exe","isInstaller":"True","companyName":"spgsoft.com                                                 ","fileVersion":"1.0","hashMD5":"5377b03c5d1d65729c5241b0cc8634d6","hashSHA1":"8699e2be22c08dbb34664737fcda0497b2c457c7","hashSHA256":"b7bf146c9b62ab33b722f337a8f3cdb769110a68f85d3c4ca25857ccc9b895c4","sourceIndex":"1214","avBlockList":["360 Total Security (20230321)","Avast Premium Security (20230321)","AVG Internet Security (20230321)","Avira Internet Security (20230321)","Bitdefender Internet Security (20230321)","COMODO Antivirus (20230321)","Dr.Web Security Space (20230321)","ESET Internet Security (20230321)","G DATA INTERNET SECURITY (20230321)","K7 Total Security (20230321)","Kaspersky Internet Security (20230321)","Malwarebytes Premium (20230321)","McAfee Total Protection (20230321)","Norton Security (20230321)","Panda Dome (20230321)","Quick Heal Internet Security (20230321)","Sophos Home Premium (20230321)","SpyHunter5 (20230321)","Total AV Antivirus Pro (20230321)","VIPRE Advanced Security (20230321)","VirIT eXplorer PRO (20230321)","Webroot SecureAnywhere (20230321)","Windows Defender (20230321)"],"avAllowList":["Trend Micro Internet Security (20230321)"]}],"additionalFiles":[],"sources":[{"howFound":"MS PowerBi","reference":"","landingPage":"https://spgsoft.com/","directDownloadingLink":"https://spgsoft.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://spgsoft.com/","sourceIndex":"1214"}],"sampleFiles":["230221/SPGSoftBundle-230221/1.0/Samples/3GPCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/3GPPlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AACConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AACCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AC3CutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AMRPlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AudioConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AutomaticClickerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AVIConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AVICutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/AVIPlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/DVDPlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/FLACConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/FLACCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/FLVConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/FLVCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/FLVTo3GPSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/FLVToMP4Setup.exe","230221/SPGSoftBundle-230221/1.0/Samples/M4AConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/M4ACutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MKVConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MKVCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MOVConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MOVCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MP3ConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MP3RecorderSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MP3SplitterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MP4CutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MP4PlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MPEG4PlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MPEGConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MPEGCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/MPGPlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/OGGPlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/VideoConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/VideoPlayerSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/VideoSplitterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/VOBConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/VOBCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/WAVConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/WAVCutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/WMAConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/WMACutterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/WMVConverterSetup.exe","230221/SPGSoftBundle-230221/1.0/Samples/WMVCutterSetup.exe"],"imageFiles":["230221/SPGSoftBundle-230221/1.0/Images/ACR-109/ACR-109_039_048.jpg","230221/SPGSoftBundle-230221/1.0/Images/ACR-039/ACR-109_039_048.jpg","230221/SPGSoftBundle-230221/1.0/Images/ACR-048/ACR-109_039_048.jpg","230221/SPGSoftBundle-230221/1.0/Images/ACR-010/RK.jpg","230221/SPGSoftBundle-230221/1.0/Images/ACR-057/RK.jpg","230221/SPGSoftBundle-230221/1.0/Images/ACR-059/RK.jpg","230221/SPGSoftBundle-230221/1.0/Images/ACR-071/RK.jpg","230221/SPGSoftBundle-230221/1.0/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["230221/SPGSoftBundle-230221/1.0/Images/ACR-106/RK.jpg"],"guid":"74e2da1a-0ed6-4daf-b53a-784bc59a206e_1.0_1","appID":"SPGSoftBundle-230221","dateAdded":"230221","deceptorType":"Bundler","name":"SPGSoft Bundle","company":"spgsoft.com","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"230221","type":"Windows Executable","category":"Media players, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2023-02-22T04:15:33.7907633+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1099},{"violations":{"ACR-003":"The app shows the message \"Not Connected. Your Online Privacy is not protected!\" with a caution sign, even when another VPN service is currently connected.\n","ACR-014":"The app shows the message \"Not Connected. Your Online Privacy is not protected!\" with a caution sign, even when another VPN service is currently connected.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iTopVPN.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"e89a6d5e0397d79fb67629b1b7d0aa18","hashSHA1":"98296ba3896414d76d9b2cae75730080a0107a01","hashSHA256":"191edaaf2410f780aca00b85504dc428fef1e92eec66754b881635a8cac34a16","sourceIndex":"1215","avBlockList":["Avira Security for Mac (20230808)","Norton Security for Mac (20230808)","Sophos Home Premium For Mac (20230808)","Trend Micro Antivirus for Mac (20230808)"],"avAllowList":["Avast Security for Mac (20230808)","Bitdefender Antivirus for Mac (20230808)","ESET Cyber Security Pro for Mac (20230808)","G DATA AntiVirus for Mac (20230808)","K7 Antivirus for Mac (20230808)","Kaspersky Internet Security for Mac (20230808)","McAfee Internet Security for Mac (20230808)"]},{"isRevoked":"False","fileName":"iTop VPN","fileVersion":"0.","hashMD5":"8a3818ea5b88fc1d6072fb0f6f0c723f","hashSHA1":"de298559c0a9c588dd0a1b9c15e333d9f1d90d6c","hashSHA256":"2af324928bead33a54d80ae11b706b0ebd13954277a7c347c29217caefed849e","sourceIndex":"1215","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for Free Vpn via search engine","reference":"","landingPage":"https://www.itopvpn.com/vpn-mac","directDownloadingLink":"https://www.itopvpn.com/downloadmac","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.itopvpn.com/downloadmac","sourceIndex":"1215"}],"sampleFiles":["230216/ItopVPN-221117/2.4.0/Samples/iTopVPN.pkg","230216/ItopVPN-221117/2.4.0/Samples/iTop VPN"],"imageFiles":["230216/ItopVPN-221117/2.4.0/Images/ACR-003/ACR003-1.png","230216/ItopVPN-221117/2.4.0/Images/ACR-003/ACR003-2.png","230216/ItopVPN-221117/2.4.0/Images/ACR-014/ACR014-1.png","230216/ItopVPN-221117/2.4.0/Images/ACR-014/ACR014-2.png"],"nonDeceptorImageFiles":[],"guid":"3caa02b8-1da7-448b-bf84-398b345fe659_2.4.0_1","appID":"ItopVPN-221117","dateAdded":"230216","deceptorType":"MacOS App","name":"iTop VPN","company":"Itop Inc.","version":"2.4.0","lastKnownStatus":"2.3.0;2.4.0","lastKnownDate":"230216","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:44.4415484+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1101},{"violations":{"ACR-003":"The app shows \"Your Online Privacy is not protected\" when disconnected from the VPN, misleads the users with unsubstantiated claim. \n","ACR-014":"Opening the application shows the message \"Not connected. Your Online Privacy is not protected\" which can mislead user with the status of their system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iTopVPN.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"563cb952e9708dbfb7280f1f1026d6b0","hashSHA1":"71203c455b4c6be880173a002d75830856e6d0e1","hashSHA256":"b324a656269406f3da7a1fcd845344ede5c5a57c5fd02303464f3ed018af9e81","sourceIndex":"1293","avBlockList":["Avast Security for Mac (20230214)","Avira Security for Mac (20230214)","Norton Security for Mac (20230214)","Sophos Home Premium For Mac (20230214)","Trend Micro Antivirus for Mac (20230214)"],"avAllowList":["Bitdefender Antivirus for Mac (20230214)","ESET Cyber Security Pro for Mac (20230214)","G DATA AntiVirus for Mac (20230214)","K7 Antivirus for Mac (20230214)","Kaspersky Internet Security for Mac (20230214)","McAfee Internet Security for Mac (20230214)"]},{"isRevoked":"False","fileName":"iTop VPN","fileVersion":"0.","hashMD5":"d7e76b55a053a9d265a57f03b747d0d4","hashSHA1":"9349ffc07f929568c953ab8ac4a33f82a1434e50","hashSHA256":"e216c126a763498f80b44d159bd62102515ed98569ac764e5203c4dfe04ff66d","sourceIndex":"1293","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for Free Vpn via search engine","reference":"","landingPage":"https://www.itopvpn.com/vpn-mac","directDownloadingLink":"https://www.itopvpn.com/downloadmac","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.itopvpn.com/downloadmac","sourceIndex":"1293"}],"sampleFiles":["221117/ItopVPN-221117/2.3.0/Samples/iTopVPN.pkg","221117/ItopVPN-221117/2.3.0/Samples/iTop VPN"],"imageFiles":["221117/ItopVPN-221117/2.3.0/Images/ACR-003/ACR003.png","221117/ItopVPN-221117/2.3.0/Images/ACR-014/ACR014.png"],"nonDeceptorImageFiles":[],"guid":"3caa02b8-1da7-448b-bf84-398b345fe659_2.3.0_1","appID":"ItopVPN-221117","dateAdded":"230216","deceptorType":"MacOS App","name":"iTop VPN","company":"Itop Inc.","version":"2.3.0","lastKnownStatus":"2.3.0;2.4.0","lastKnownDate":"230216","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:47.4531451+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1102},{"violations":{"ACR-048":"The app creates a startup entry without the user's knowledge and consent and does not provide setting control within the app's settings to disable its startup.\n","ACR-010":"Offers installation of Zaxar Game Center, that promotes banners and promotional materials on visited websites. \n","ACR-084":"The app continues to run in the background after closing it using the \"x\" button and runs on the system tray without notification.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n"},"samples":[{"isRevoked":"False","fileName":"ZaxarGameBrowser.exe","fileVersion":"0.0","hashMD5":"6e1337725de8a7445b5e1098d5b8b32a","hashSHA1":"5dc5083cf6aed73395ce3a396ef61ac031a70ed5","hashSHA256":"fca157b6710227dea421a582862760e68a54c6e936c1e2d08108ac793d05452e","digitalCertThumbprint":"A1C39709FCEE75742A6C8EF58B55AB9BCB190A25","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=ZAXAR LTD, O=ZAXAR LTD, L=Limassol, S=Limassol, C=CY","sourceIndex":"1218","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZaxarLoader.exe","companyName":"Zaxar LTD","fileVersion":"2.123","hashMD5":"5554c5ac8a1d7a261f13911a0013778f","hashSHA1":"2f0d3ffdb4e66ce7999c6ef1a7fc9ff3a29bb9d0","hashSHA256":"1dccd96b670e33c7721a3ef41a02717e1eed1be611e0e71bbb4eb7f39f439492","digitalCertThumbprint":"A1C39709FCEE75742A6C8EF58B55AB9BCB190A25","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=ZAXAR LTD, O=ZAXAR LTD, L=Limassol, S=Limassol, C=CY","sourceIndex":"1218","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZaxarSetup.4.000.1.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"69587b80b7d853a8a455e0c1fef3ff9e","hashSHA1":"2e1f88161d1de1c728af611dbfcfbcc70b789145","hashSHA256":"409beaccf4512688db511a2feeb8d7ca2896b3a2212db80115b5233b2e718314","digitalCertThumbprint":"A1C39709FCEE75742A6C8EF58B55AB9BCB190A25","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=ZAXAR LTD, O=ZAXAR LTD, L=Limassol, S=Limassol, C=CY","sourceIndex":"1218","avBlockList":["360 Total Security (20230223)","Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","Malwarebytes Premium (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Panda Dome (20230223)","Quick Heal Internet Security (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","Trend Micro Internet Security (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://zaxargames.com/","directDownloadingLink":"https://zaxargames.com/client/download.php?adv=&type=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zaxargames.com/client/download.php?adv=&type=","sourceIndex":"1218"}],"sampleFiles":["230215/ZaxarGameBrowser-230209/6.209/Samples/ZaxarGameBrowser.exe","230215/ZaxarGameBrowser-230209/6.209/Samples/ZaxarLoader.exe","230215/ZaxarGameBrowser-230209/6.209/Samples/ZaxarSetup.4.000.1.exe"],"imageFiles":["230215/ZaxarGameBrowser-230209/6.209/Images/ACR-084/ACR-084_Process.jpg","230215/ZaxarGameBrowser-230209/6.209/Images/ACR-048/ACR-048_ZaxarLoader.jpg","230215/ZaxarGameBrowser-230209/6.209/Images/ACR-010/Additional_Offers_1.jpg","230215/ZaxarGameBrowser-230209/6.209/Images/ACR-010/Additional_Offers_2.jpg"],"nonDeceptorImageFiles":["230215/ZaxarGameBrowser-230209/6.209/Images/ACR-038/ACR-038_FileProperties.jpg"],"guid":"6bd8f284-d852-47c3-9320-59982c35fd04_6.209_1","appID":"ZaxarGameBrowser-230209","dateAdded":"230215","deceptorType":"App","name":"Zaxar Game Browser","company":"Zaxar LTD","version":"6.209","lastKnownStatus":"6.209","lastKnownDate":"230215","type":"Windows Executable","category":"Bundlers & Downloaders, Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,display ads,sold in bundle","lastUpdate":"2023-02-15T23:02:22.2738985+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1103},{"violations":{"ACR-004":"The application only cleans 500MB off of the scan list, then it requires the user to subscribe to clean other items found during scan.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MaCleaner Pro","fileVersion":"0.","hashMD5":"ff2604cf79c622a1fa5e19a8407f22cd","hashSHA1":"e1c07cf6f0d3ade51069f0dfa8057deaf6b26245","hashSHA256":"1b888cf93ee6c6a841a660994075d84b5a8ba8ac633fcfb605f94dd3b23ea560","sourceIndex":"1217","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaning apps via MacOs App Store, set to US Region under Account settings","reference":"","landingPage":"https://macleaner.com/","directDownloadingLink":"https://apps.apple.com/ph/app/macleaner-pro-disk-cleaner/id953795652?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/macleaner-pro-disk-cleaner/id953795652?mt=12","sourceIndex":"1217"}],"sampleFiles":["230215/MaCleanerPro-230207/16.1.0/Samples/MaCleaner Pro"],"imageFiles":["230215/MaCleanerPro-230207/16.1.0/Images/ACR-004/ACR004-1.png","230215/MaCleanerPro-230207/16.1.0/Images/ACR-004/ACR004-2.png"],"nonDeceptorImageFiles":[],"guid":"bc894869-af73-4317-b901-0b4d7089d30b_16.1.0_1","appID":"MaCleanerPro-230207","dateAdded":"230215","deceptorType":"MacOS App","name":"MaCleaner Pro","company":"Everyday Tools LLC","version":"16.1.0","lastKnownStatus":"16.1.0","lastKnownDate":"230215","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-02-15T23:06:54.9259074+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1104},{"violations":{"ACR-003":"After scanning, the app shows the scan result with the message \"# issues\" detected labeled with red exclamation to drive urgency for non urgent items.\n","ACR-004":"App does not provide free fix for scanned items found. User must purchase the app first to perform clean function.\n"},"nonDeceptorViolations":{"ACR-065":"App does not include links to its EULA, Terms of Service in the Apps About Page\n"},"samples":[{"isRevoked":"False","fileName":"iCleanUp Pro","fileVersion":"0.","hashMD5":"728e631ebdf4de97fee53a01c2ee5c72","hashSHA1":"06f43dffd8343dd8e96084b3b72ba1f5bdec4e19","hashSHA256":"b642975d5a40c3398984d7528c0de2975c70f83d4f0be29c12ef5a4044b891c3","sourceIndex":"1219","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for \"Cache Clean\" in Mac App Store, under US Region settings","reference":"","landingPage":"","directDownloadingLink":"https://apps.apple.com/us/app/icleanup-pro/id979464160?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/icleanup-pro/id979464160?mt=12","sourceIndex":"1219"}],"sampleFiles":["230215/iCleanUpPro-230210/1.32/Samples/iCleanUp Pro"],"imageFiles":["230215/iCleanUpPro-230210/1.32/Images/ACR-004/ACR004-3.png","230215/iCleanUpPro-230210/1.32/Images/ACR-004/ACR004-2.png","230215/iCleanUpPro-230210/1.32/Images/ACR-004/ACR004_iCleanUpPro.mp4","230215/iCleanUpPro-230210/1.32/Images/ACR-004/ACR004-1.png","230215/iCleanUpPro-230210/1.32/Images/ACR-003/ACR003.png"],"nonDeceptorImageFiles":["230215/iCleanUpPro-230210/1.32/Images/ACR-065/ACR065.png"],"guid":"b1020c8a-ffba-4cb0-b573-ab03c1aaecc3_1.32_1","appID":"iCleanUpPro-230210","dateAdded":"230215","deceptorType":"MacOS App","name":"iCleanUp Pro","company":"Liu Kun","version":"1.32","lastKnownStatus":"1.32","lastKnownDate":"230215","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-02-15T22:57:55.147627+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1105},{"violations":{"ACR-004":"The application only cleans 1GB off of the disk every month, then it requires the user to subscribe to continue cleaning the items found during free scanning.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Disk Diag","fileVersion":"0.","hashMD5":"2067713abf08a5ad25d8a5355f023b42","hashSHA1":"5a764758bf892d751a04aebb9cbd9171e8e77153","hashSHA256":"affc6956dec7cb39534fa383487811f9e0a60ec73e7a444270c7f230c46ca960","sourceIndex":"1206","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for \"disk cleaner\" in the app store, under US Region","reference":"","landingPage":"https://rockysandstudio.com","directDownloadingLink":"https://apps.apple.com/us/app/disk-diag/id672206759?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/disk-diag/id672206759?mt=12","sourceIndex":"1206"}],"sampleFiles":["230215/DiskDiag-221205/2.0.4/Samples/Disk Diag"],"imageFiles":["230215/DiskDiag-221205/2.0.4/Images/ACR-004/ACR004.png","230215/DiskDiag-221205/2.0.4/Images/ACR-004/ACR004-2.png","230215/DiskDiag-221205/2.0.4/Images/ACR-004/ACR004-1.png","230215/DiskDiag-221205/2.0.4/Images/ACR-004/ACR004_DiskDiag.mp4"],"nonDeceptorImageFiles":[],"guid":"94cc3f2f-8e85-46c9-86e8-d6394bbdf687_2.0.4_1","appID":"DiskDiag-221205","dateAdded":"230215","deceptorType":"MacOS App","name":"Disk Diag","company":"Rocky Sand Studio Ltd","version":"2.0.4","firstVendorContactDate":"230227","firstAppEsteemReplyDate":"230301","firstResolvedDate":"230302","firstResolvedVersion":"2.0.4 (23)","resolved":"TRUE","lastKnownStatus":"2.0.3;2.0.4","lastKnownDate":"230215","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-03-03T02:34:36.735189+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1106},{"violations":{"ACR-004":"The application only cleans 1GB off of the disk every month, then it requires the user to subscribe to continue cleaning the items found during free scanning.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Disk Diag","fileVersion":"0.","hashMD5":"9524ca295aec7a6902bb96be004947c5","hashSHA1":"402529757adb3703a00acefb321c6af4dd347b70","hashSHA256":"e30044579157b25629cac17310813f230322e0b487728eef27711e8f273570f6","sourceIndex":"1274","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaner in the app store","reference":"","landingPage":"https://rockysandstudio.com","directDownloadingLink":"https://apps.apple.com/us/app/disk-diag/id672206759?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/disk-diag/id672206759?mt=12","sourceIndex":"1274"}],"sampleFiles":["221209/DiskDiag-221205/2.0.3/Samples/Disk Diag"],"imageFiles":["221209/DiskDiag-221205/2.0.3/Images/ACR-004/ACR004-2.mp4","221209/DiskDiag-221205/2.0.3/Images/ACR-004/ACR004.png"],"nonDeceptorImageFiles":[],"guid":"94cc3f2f-8e85-46c9-86e8-d6394bbdf687_2.0.3_1","appID":"DiskDiag-221205","dateAdded":"230215","deceptorType":"MacOS App","name":"Disk Diag","company":"Rocky Sand Studio Ltd","version":"2.0.3","firstVendorContactDate":"230227","firstAppEsteemReplyDate":"230301","firstResolvedDate":"230302","firstResolvedVersion":"2.0.4 (23)","resolved":"TRUE","lastKnownStatus":"2.0.3;2.0.4","lastKnownDate":"230215","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-03-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1107},{"violations":{"ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The offer requires the user to uncheck a checkbox in order to decline the offer. Unchecking the preselected item for installation is not a straightforward option for decline. Accept and Decline options should be made obvious for the Optional Offer.\n","ACR-155":"The optional offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not provide uninstall information in the software. \nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"JDownloaderSetup.exe","isInstaller":"True","companyName":"AppWork GmbH","fileVersion":"2.0","hashMD5":"d35c75079800d44ab7d3a12f959260c5","hashSHA1":"c3344b675f3d1a7ca5f2dcb3c56c30e2a3dc26aa","hashSHA256":"e6aca70f6f4dfe8a6564a23c627f0c29d745273824d6831424792a0c798fe3ac","digitalCertThumbprint":"04089A50A6A117B896325A0AAD5078EFB99027D4","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS2, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=AppWork GmbH, SERIALNUMBER=HRB 11927, OID.2.5.4.15=Private Organization, O=AppWork GmbH, OID.1.3.6.1.4.1.311.60.2.1.3=DE, L=Fürth, S=Bavaria, C=DE","sourceIndex":"1208","avBlockList":["Avast Premium Security (20230221)","AVG Internet Security (20230221)","Avira Internet Security (20230221)","Dr.Web Security Space (20230221)","ESET Internet Security (20230221)","K7 Total Security (20230221)","Kaspersky Internet Security (20230221)","McAfee Total Protection (20230221)","Norton Security (20230221)","Panda Dome (20230221)","Quick Heal Internet Security (20230221)","Sophos Home Premium (20230221)","SpyHunter5 (20230221)","Total AV Antivirus Pro (20230221)","VirIT eXplorer PRO (20230221)","Webroot SecureAnywhere (20230221)"],"avAllowList":["360 Total Security (20230221)","Bitdefender Internet Security (20230221)","COMODO Antivirus (20230221)","G DATA INTERNET SECURITY (20230221)","Malwarebytes Premium (20230221)","Trend Micro Internet Security (20230221)","VIPRE Advanced Security (20230221)","Windows Defender (20230221)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: download managers for windows","reference":"","landingPage":"https://beta.jdownloader.org/","directDownloadingLink":"https://jdownloader.org/scripts/dl2.php?v=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://jdownloader.org/scripts/dl2.php?v=1","sourceIndex":"1208"}],"sampleFiles":["230209/JDownloader-220219/2.0.0.3/Samples/JDownloaderSetup.exe"],"imageFiles":["230209/JDownloader-220219/2.0.0.3/Images/ACR-055/ACR-055_OptionalOffer.jpg","230209/JDownloader-220219/2.0.0.3/Images/ACR-057/McAfee Offer.png","230209/JDownloader-220219/2.0.0.3/Images/ACR-057/ACR-055_OptionalOffer.jpg","230209/JDownloader-220219/2.0.0.3/Images/ACR-155/ACR-155_OptionalOffer.jpg"],"nonDeceptorImageFiles":["230209/JDownloader-220219/2.0.0.3/Images/ACR-099/JDownloader_About.jpg","230209/JDownloader-220219/2.0.0.3/Images/ACR-099/JDownloaderLandingPage.png"],"guid":"2d70b0f3-80c7-4bd9-9a37-ace03d487826_2.0.0.3_1","appID":"JDownloader-220219","dateAdded":"230209","deceptorType":"App","name":"JDownloader","company":"AppWork GmbH","version":"2.0.0.3","firstVendorContactDate":"230215","firstAppEsteemReplyDate":"230216","firstResolvedDate":"230302","firstResolvedVersion":"2.0.1.0","resolved":"TRUE","lastKnownStatus":"2.0.0.0;2.0.0.3","lastKnownDate":"230209","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,display ads","lastUpdate":"2023-03-02T21:12:20.2120482+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1108},{"violations":{"ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-055":"The offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not provide uninstall information in the software. \nThe landing page does not display links to uninstall information.\n","ACR-123":"The app does not remove the \"JDownloader\" folder and files even after uninstall.\n","ACR-054":"The offer comes with a pre-checked checkbox and requires the user the uncheck it in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n"},"samples":[{"isRevoked":"False","fileName":"JDownloaderSetup.exe","isInstaller":"True","companyName":"AppWork GmbH","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"140e621227d1953cb73fccb432f4ee3b","hashSHA1":"2e46846156a05c16309e51bbc5e189bf48841143","hashSHA256":"1a452c1f3341e6e09e34d14166c859f5be2d3ce6c36e90e879abfb3327144944","digitalCertThumbprint":"880E93E44C7D03D8E78C0DF66549D3DBBCFB9306","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS2, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=AppWork GmbH, SERIALNUMBER=3334112, OID.2.5.4.15=Private Organization, O=AppWork GmbH, OID.1.3.6.1.4.1.311.60.2.1.1=Fürth, OID.1.3.6.1.4.1.311.60.2.1.2=Bavaria, OID.1.3.6.1.4.1.311.60.2.1.3=DE, L=Fürth, S=Bavaria, C=DE","sourceIndex":"1621","avBlockList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Avira Internet Security (20220428)","Bitdefender Internet Security (20220428)","Dr.Web Security Space (20220428)","ESET Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","Kaspersky Internet Security (20220428)","McAfee Total Protection (20220428)","Norton Security (20220428)","Panda Dome (20220428)","Quick Heal Internet Security (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Total AV Antivirus Pro (20220428)","Trend Micro Internet Security (20220428)","VIPRE Advanced Security (20220428)","VirIT eXplorer PRO (20220428)","Webroot SecureAnywhere (20220428)","Windows Defender (20220428)"],"avAllowList":["COMODO Antivirus (20220428)","Malwarebytes Premium (20220428)","Tencent PC Manager (20220428)"]}],"additionalFiles":[],"sources":[{"howFound":"topalter.com \"viddly\"","reference":"","landingPage":"https://jdownloader.org/","directDownloadingLink":"https://jdownloader.org/dl?v=101","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://jdownloader.org/dl?v=101","sourceIndex":"1621"}],"sampleFiles":["230209/JDownloader-220219/2.0.0.0/Samples/JDownloaderSetup.exe"],"imageFiles":["230209/JDownloader-220219/2.0.0.0/Images/ACR-055/McAfee Offer.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-055/Opera Offer.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-055/Adaware Offer.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-057/McAfee Offer.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-057/Opera Offer.png"],"nonDeceptorImageFiles":["230209/JDownloader-220219/2.0.0.0/Images/ACR-065/App About.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-065/JDownloader Landing Page.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-099/App About.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-099/JDownloader Landing Page.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-123/JDownloaded Retain Folder After Uninstall.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-123/JDownloader folder retain.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-054/McAfee Offer.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-054/Opera Offer.png","230209/JDownloader-220219/2.0.0.0/Images/ACR-054/Adaware Offer.png"],"guid":"2d70b0f3-80c7-4bd9-9a37-ace03d487826_2.0.0.0_1","appID":"JDownloader-220219","dateAdded":"230209","deceptorType":"App","name":"JDownloader","company":"AppWork GmbH","version":"2.0.0.0","firstVendorContactDate":"230215","firstAppEsteemReplyDate":"230216","firstResolvedDate":"230302","firstResolvedVersion":"2.0.1.0","resolved":"TRUE","lastKnownStatus":"2.0.0.0;2.0.0.3","lastKnownDate":"230209","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2023-03-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1109},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. It displays a \"Random/ Dummy\" cache count in the scan summary for all installed apps, which has a vast difference from the actual cache data of all the installed apps. When the user clicks the option to clean \"396 MB\", the app says “396 MB of junk cleared” but when viewed in the app settings it displays the same size of cache data that can be cleaned. Thus the app's value proposition can't be verified as it displays \"Random/ Dummy\" cache data that have a vast difference from the actual cache data, and also does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. It displays a \"Random/ Dummy\" cache count in the scan summary for all installed apps, which has a vast difference from the actual cache data of all the installed apps. When the user clicks the option to clean \"396 MB\", the app says “396 MB of junk cleared” but when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.htc.pitroad.apk","isInstaller":"True","productVersion":"1.90.1106613","fileVersion":"1.90.1106613","hashMD5":"52a814c0dad40d9c901bde711eaf4728","hashSHA1":"d81b57f7dbb80a804ec9afd98c903eaee8ca0fe5","hashSHA256":"990d5d3b45ab6c7c6142bcdf841ac760b9222134663fcf45547de84bb3f479fa","sourceIndex":"1221","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.htc.pitroad","ipv4":"","ipv6":"","sourceIndex":"1221"}],"sampleFiles":["230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Samples/com.htc.pitroad.apk"],"imageFiles":["230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Scan_Result_6.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_7.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Re-Scan_AfterFix_8.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_11.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_12.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Scan_Result_6.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Scan_Result_7.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Re-Scan_AfterFix_8.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_11.jpg","230207/BoostPlusSpeedCleanSecurity-230131/1.90.1106613/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_12.jpg"],"nonDeceptorImageFiles":[],"guid":"d980ae0a-c8d4-4c9b-a40a-46eb4cc3b129_1.90.1106613_1","appID":"BoostPlusSpeedCleanSecurity-230131","dateAdded":"230207","deceptorType":"Android App","name":"Boost Plus Speed Clean Security","company":"HTC Corporation","version":"1.90.1106613","lastKnownStatus":"1.90.1106613","lastKnownDate":"230207","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-02-07T22:47:30.3992901+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1112},{"violations":{"ACR-043":"The app drops the Opera setup without disclosing it during installation.\n","ACR-048":" 1. The app installs itself in a hidden folder %Appdata%\\Local\\ by default without allowing the user to change it. \n 2. At installation, the options to configure itself as the \"default browser\" and \"execute on every start-up\" is enabled by default but does not provide a way to remove startup entry within the app's settings after installation. \n 3. The process Orbitum P2P Updater continues to run in the background and creates a startup entry even after not allowing it to pass through firewall setting. \n","ACR-007":"During installation, app doesn't explicitly disclose that the user may join P2P network to use an app feature. It doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the dropped executables on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"orbitum.exe","companyName":"The Chromium Authors","fileVersion":"56.0","hashMD5":"05fb90ee1714dc78a2b317a54e050659","hashSHA1":"51f356ed1670e9bbc8559e855d2c4b67c32f8965","hashSHA256":"97813c0d61734a3ac87c23fdf82f400d61f5bd710f805dd335dcec32ce818075","digitalCertThumbprint":"970FC4FA19230E197F9D5ECE2C2037E693B95995","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Kluch LLC, O=Kluch LLC, STREET=\"Novokurkinskoye sh., 39, pom. I, kv. 71\", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1157746586084, OID.2.5.4.15=Private Organization","sourceIndex":"1220","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4d1163f30b8a63121e4a65ef977c5160","hashSHA1":"c790c5092645a470ca7acf0471ea3fd73f90a9df","hashSHA256":"ef4c782b2326521a49f1e2c97002a0c49fd38fe3cda4c8b8be64af4cdac4e115","digitalCertThumbprint":"A102DB570CF7D133AF4305B79184095923264668","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=GLOBAL MICROTRADING PTE. LTD., OU=IT, O=GLOBAL MICROTRADING PTE. LTD., L=Singapore, C=SG","sourceIndex":"1220","avBlockList":["360 Total Security (20230221)","Avast Premium Security (20230221)","AVG Internet Security (20230221)","Avira Internet Security (20230221)","COMODO Antivirus (20230221)","Dr.Web Security Space (20230221)","ESET Internet Security (20230221)","G DATA INTERNET SECURITY (20230221)","K7 Total Security (20230221)","Kaspersky Internet Security (20230221)","Norton Security (20230221)","Panda Dome (20230221)","Sophos Home Premium (20230221)","SpyHunter5 (20230221)","Total AV Antivirus Pro (20230221)","VirIT eXplorer PRO (20230221)","Webroot SecureAnywhere (20230221)"],"avAllowList":["Bitdefender Internet Security (20230221)","Malwarebytes Premium (20230221)","McAfee Total Protection (20230221)","Quick Heal Internet Security (20230221)","Trend Micro Internet Security (20230221)","VIPRE Advanced Security (20230221)","Windows Defender (20230221)"]}],"additionalFiles":[],"sources":[{"howFound":"browsers under a download site ","reference":"","landingPage":"https://orbitum.com/","directDownloadingLink":"https://orbitum.com/setup/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://orbitum.com/setup/","sourceIndex":"1220"}],"sampleFiles":["230207/Orbitum-230131/56.0.2924.89/Samples/orbitum.exe","230207/Orbitum-230131/56.0.2924.89/Samples/setup.exe"],"imageFiles":["230207/Orbitum-230131/56.0.2924.89/Images/ACR-043/OperaSetup.jpg","230207/Orbitum-230131/56.0.2924.89/Images/ACR-048/ACR-048_HiddenLocation.jpg","230207/Orbitum-230131/56.0.2924.89/Images/ACR-048/ACR-048_InstallationDefaults.jpg","230207/Orbitum-230131/56.0.2924.89/Images/ACR-048/ACR-048_Startup.jpg","230207/Orbitum-230131/56.0.2924.89/Images/ACR-048/ACR-048_OrbitumUpdater.jpg","230207/Orbitum-230131/56.0.2924.89/Images/ACR-048/Settings.gif","230207/Orbitum-230131/56.0.2924.89/Images/ACR-007/OrbitumP2P.jpg","230207/Orbitum-230131/56.0.2924.89/Images/ACR-007/Torrenting.jpg","230207/Orbitum-230131/56.0.2924.89/Images/ACR-118/ACR-118_DroppedExecutables.jpg"],"nonDeceptorImageFiles":[],"guid":"4689de2b-2fe7-4f51-831f-582572a64fa5_56.0.2924.89_1","appID":"Orbitum-230131","dateAdded":"230207","deceptorType":"App","name":"Orbitum ","company":"The Orbitum Authors","version":"56.0.2924.89","lastKnownStatus":"56.0.2924.89","lastKnownDate":"230207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2023-02-07T23:02:45.429705+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1111},{"violations":{"ACR-042":"The app and its components get installed in one click without obtaining the user's agreement and permission, not disclosing the installation path, and allowing the user to change it.\n","ACR-003":"The app displays \"Your location is unprotected\" when disconnected from the VPN, even when another VPN application is actively running. This can mislead the user with an unsubstantiated claim.\n","ACR-084":"The app continues to run in the background after closing it. It runs on systray without notifying the user.\n","ACR-014":"The app misleads the user by stating \"Your location is unprotected\", while another VPN service is already active running. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"securitykiss_winapp_1.1.0.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"f4909e470eeda7708b4fdc9b45eec19bc55cb2ee6ce3380d6c53e02c22ca0ef2","sourceIndex":"1223","avBlockList":["360 Total Security (20230221)","Avast Premium Security (20230221)","AVG Internet Security (20230221)","Avira Internet Security (20230221)","Dr.Web Security Space (20230221)","Norton Security (20230221)","Panda Dome (20230221)","Sophos Home Premium (20230221)","SpyHunter5 (20230221)","Total AV Antivirus Pro (20230221)","VirIT eXplorer PRO (20230221)"],"avAllowList":["Bitdefender Internet Security (20230221)","COMODO Antivirus (20230221)","ESET Internet Security (20230221)","G DATA INTERNET SECURITY (20230221)","K7 Total Security (20230221)","Kaspersky Internet Security (20230221)","Malwarebytes Premium (20230221)","McAfee Total Protection (20230221)","Quick Heal Internet Security (20230221)","Trend Micro Internet Security (20230221)","VIPRE Advanced Security (20230221)","Webroot SecureAnywhere (20230221)","Windows Defender (20230221)"]},{"isRevoked":"False","fileName":"securitykissvpn.exe","companyName":"SecurityKISS Ltd","fileVersion":"1.0","hashMD5":"d8d5ac8803bc2e43cd722649775dd3ba","hashSHA1":"71971bc1bec2017f990656031e73e7f16ceaef74","hashSHA256":"73eef79f84060c8dfffabe2485a4c4032c0350b1bae47d1677d94ad13565fc19","digitalCertThumbprint":"A5F690EE05F78FBB788720FA242DE9E116F2C591","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SecurityKISS Ltd, O=SecurityKISS Ltd, STREET=\"8-9 WESTMORELAND STREET,\", L=Dublin, C=IE","sourceIndex":"1223","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: vpn for windows","reference":"","landingPage":"https://securitykiss.com/","directDownloadingLink":"https://filestore.securitykiss.com/winappinstall/00000000/262b02ebe1b1cf86/securitykiss_winapp_1.1.0.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filestore.securitykiss.com/winappinstall/00000000/262b02ebe1b1cf86/securitykiss_winapp_1.1.0.msi","sourceIndex":"1223"}],"sampleFiles":["230207/SecurityKissVPN-230206/1.1.0/Samples/securitykiss_winapp_1.1.0.msi","230207/SecurityKissVPN-230206/1.1.0/Samples/securitykissvpn.exe"],"imageFiles":["230207/SecurityKissVPN-230206/1.1.0/Images/ACR-084/ACR-084_BackgroundProcess.jpg","230207/SecurityKissVPN-230206/1.1.0/Images/ACR-042/ACR-042_Installation.gif","230207/SecurityKissVPN-230206/1.1.0/Images/ACR-042/ACR-042_Loc1.jpg","230207/SecurityKissVPN-230206/1.1.0/Images/ACR-042/ACR-042_Loc2.jpg","230207/SecurityKissVPN-230206/1.1.0/Images/ACR-003/ACR-014_MisleadingStatus.jpg","230207/SecurityKissVPN-230206/1.1.0/Images/ACR-014/ACR-014_MisleadingStatus.jpg"],"nonDeceptorImageFiles":[],"guid":"be1584a8-7720-4d2f-9ff9-2c96766ceb29_1.1.0_1","appID":"SecurityKissVPN-230206","dateAdded":"230207","deceptorType":"App","name":"SecurityKISS VPN","company":"SecurityKISS Ltd","version":"1.1.0","lastKnownStatus":"1.1.0","lastKnownDate":"230207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-02-07T22:23:54.3647873+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1110},{"violations":{"ACR-103":"The app suggests cleaning up \"4.2 GB\" of junk/cache. After completing junk clean it says “4.1 GB junks cleaned”, but in the app settings, it displays the exact size of cache data that can be cleaned. The app's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"4.2 GB\" of junk/cache. After completing junk clean it says “4.1 GB junks cleaned”, but when viewed in the app settings it displays the exact size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"phonecleaner.rambooster.junkremover.cachecleaner.phoneboost.apk","isInstaller":"True","productVersion":"5.3","fileVersion":"5.3","hashMD5":"115c8d3c57d21d3ece7846c3dd22fd04","hashSHA1":"9020ebb48edddf31ef3487502436b5b53a5e67f1","hashSHA256":"c1245bee44b0ded82f3901cf41c38ebbb2de08b2386689f41e613e12d561a971","sourceIndex":"1225","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=phonecleaner.rambooster.junkremover.cachecleaner.phoneboost","ipv4":"","ipv6":"","sourceIndex":"1225"}],"sampleFiles":["230204/PhoneCleanerRAMCleaner-230124/5.3/Samples/phonecleaner.rambooster.junkremover.cachecleaner.phoneboost.apk"],"imageFiles":["230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_6.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","230204/PhoneCleanerRAMCleaner-230124/5.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg"],"nonDeceptorImageFiles":[],"guid":"c4ad95e6-0cf2-4baf-a019-96a08fcb7b9b_5.3_1","appID":"PhoneCleanerRAMCleaner-230124","dateAdded":"230204","deceptorType":"Android App","name":"Phone Cleaner RAM Cleaner","company":"Simple Phone Cleaner","version":"5.3","lastKnownStatus":"Deceptor:5.3","lastKnownDate":"230204","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-02-05T01:06:43.1937027+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1115},{"violations":{"ACR-055":"The Optional Offer requires the user to uncheck a checkbox in order to decline the offer. Accept/Decline options are not made obvious for the Optional Offer. Unchecking the preselected items for installation is not a straightforward option for decline.\n","ACR-155":" Offers are inserted into the install workflow with a pre-selected option to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"wincleaner.exe","companyName":"ScandinavianByte OU","productName":"Windows Cleaner","fileVersion":"2.2.30.1","hashMD5":"855f2aed3331643afc55cc617f1eb2b0","hashSHA1":"47ff7ea245299da2a5910b7bc125442f689421f8","hashSHA256":"fa71f4e828c85b5c3c6b65ec631793a4a468988b661f287734eb49868b7c76fa","sourceIndex":"1227","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WindowsCleanerSetup.exe","isInstaller":"True","companyName":"ScandinavianByte OU                                         ","productName":"Windows Cleaner Installer    ","fileVersion":"0.0","hashMD5":"f2189a8426afcf235e4e6884bca79aa0","hashSHA1":"460608b4ba2bcdebb7399c4046e66efedc04d50a","hashSHA256":"5ed997e88191b5fa1e30dcfa108ab3415e647f67b04e255da10945030c8ed670","digitalCertThumbprint":"9C6481C5BE97CCF0DF897E4689D634EFC27987B6","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=ScandinavianByte OU, O=ScandinavianByte OU, STREET=Pae tn 21, L=Tallinn, S=Harju maakond, C=EE, OID.1.3.6.1.4.1.311.60.2.1.3=EE, SERIALNUMBER=14033747, OID.2.5.4.15=Private Organization","sourceIndex":"1227","avBlockList":["360 Total Security (20230209)","Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","COMODO Antivirus (20230209)","Dr.Web Security Space (20230209)","ESET Internet Security (20230209)","K7 Total Security (20230209)","Kaspersky Internet Security (20230209)","McAfee Total Protection (20230209)","Panda Dome (20230209)","Quick Heal Internet Security (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)"],"avAllowList":["Bitdefender Internet Security (20230209)","G DATA INTERNET SECURITY (20230209)","Malwarebytes Premium (20230209)","Norton Security (20230209)","Trend Micro Internet Security (20230209)","VIPRE Advanced Security (20230209)","Windows Defender (20230209)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://windowscleaner.ru/","directDownloadingLink":"https://windowscleaner.ru/downloads/WindowsCleanerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://windowscleaner.ru/downloads/WindowsCleanerSetup.exe","sourceIndex":"1227"}],"sampleFiles":["230204/WindowsCleaner-230128/2.2.30.1/Samples/wincleaner.exe","230204/WindowsCleaner-230128/2.2.30.1/Samples/WindowsCleanerSetup.exe"],"imageFiles":["230204/WindowsCleaner-230128/2.2.30.1/Images/ACR-055/OptionalOffer.jpg","230204/WindowsCleaner-230128/2.2.30.1/Images/ACR-055/OptionalOffer-2.jpg","230204/WindowsCleaner-230128/2.2.30.1/Images/ACR-155/OptionalOffer.jpg","230204/WindowsCleaner-230128/2.2.30.1/Images/ACR-155/OptionalOffer-2.jpg"],"nonDeceptorImageFiles":[],"guid":"6325c32e-181e-497d-ae4f-f58c06f28085_2.2.30.1_1","appID":"WindowsCleaner-230128","dateAdded":"230204","deceptorType":"App","name":"Windows Cleaner","company":"ScandinavianByte OU","version":"2.2.30.1","lastKnownStatus":"Deceptor:2.2.30.1","lastKnownDate":"230204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads,sold in bundle","lastUpdate":"2023-02-05T00:05:17.1493963+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1114},{"violations":{"ACR-043":"The app installs WireVPNBrowser without disclosure and consent at installation. It drops \"hola\" executables which has no clear indication of its relationship to the main app. It also drops third party component \"The QT Company Ltd\" which are not disclosed to the consumer in the EULA during install. \n","ACR-007":"The app doesn't explicitly disclose that the user may join the P2P network to use the app during installation. It doesn't obtain explicit user consent about sharing resources which can reduce the consumer's security posture.\n","ACR-084":"The processes \"hola.exe\", \"Uphola.exe\" and \"WireVPNLauncher.exe\" keep running in the background, hiding the fact that it is active from the consumer without any notification.\n\n","ACR-097":"The \"hola\" executables are automatically added to the list of allowed apps through Windows Firewall without consent. It also installs hola as a \"System Service\" to evade notice by the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page has a customer reviews but no link to verify if the review is legit.\n","ACR-150":"The app's landing page displays  endorsements that are unable to be verified\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: vpn for windows","reference":"","landingPage":"https://wirevpn.app/","directDownloadingLink":"https://update.wirevpn.app/version/WireVpn_v1.0.0.9.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://update.wirevpn.app/version/WireVpn_v1.0.0.9.zip","sourceIndex":"1226"}],"sampleFiles":[],"imageFiles":["230204/WireVPN-230112/1.0..0.9/Images/ACR-043/WireVPNBrowser_.jpg","230204/WireVPN-230112/1.0..0.9/Images/ACR-043/WireVpnBrowser.jpg","230204/WireVPN-230112/1.0..0.9/Images/ACR-043/ACR-043_addedcomponents.jpg","230204/WireVPN-230112/1.0..0.9/Images/ACR-007/DeviceResources.jpg","230204/WireVPN-230112/1.0..0.9/Images/ACR-084/ACR-084_BackgroundProcess.jpg","230204/WireVPN-230112/1.0..0.9/Images/ACR-084/ACR-084_BackgroundProcess_hola_Service.jpg","230204/WireVPN-230112/1.0..0.9/Images/ACR-097/FirewallRules.jpg","230204/WireVPN-230112/1.0..0.9/Images/ACR-097/HolaAsSystemService.jpg"],"nonDeceptorImageFiles":["230204/WireVPN-230112/1.0..0.9/Images/ACR-150/ACR-161_Endorsements.jpg","230204/WireVPN-230112/1.0..0.9/Images/ACR-161/ACR-161_Testimonials.jpg"],"guid":"d70aeaa6-0f32-429f-8445-2aa524a929bd_1.0..0.9_1","appID":"WireVPN-230112","dateAdded":"230204","deceptorType":"App","name":"Wire VPN","company":"Shanghai Zherui Network Technology Co., Ltd.","version":"1.0..0.9","lastKnownStatus":"Deceptor:1.0..0.9","lastKnownDate":"230204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search,display ads","lastUpdate":"2023-02-05T00:40:20.4661621+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1113},{"violations":{"ACR-103":"The app suggests cleaning up \"2.3 GB\" of junk/cache. After completing junk clean it says “2.3 GB junk files cleaned”, but in the app settings, it displays the exact size of cache data that can be cleaned. The app's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"2.3 GB\" of junk/cache. After completing junk clean it says “2.3 GB junk files cleaned”, but when viewed in the app settings it displays the exact size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"phonecleaner.filemanager.storagecleaner.clearcache.rambooster.apk","isInstaller":"True","productVersion":"3.0","fileVersion":"3.0","hashMD5":"5a0201c6ab6b91e692407d58291b2cd8","hashSHA1":"8b98896d2a4da6c1bbc70919a426442179a84002","hashSHA256":"c0b864f4cf3061d71fb98fadbba0b5505d8d1dd50aaa42398097b04e2039695e","sourceIndex":"1224","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=phonecleaner.filemanager.storagecleaner.clearcache.rambooster","ipv4":"","ipv6":"","sourceIndex":"1224"}],"sampleFiles":["230204/PhoneCleanerClearJunks-230125/3.0/Samples/phonecleaner.filemanager.storagecleaner.clearcache.rambooster.apk"],"imageFiles":["230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_6.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","230204/PhoneCleanerClearJunks-230125/3.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg"],"nonDeceptorImageFiles":[],"guid":"15d01176-fc6a-4125-92ea-6bb723b7a467_3.0_1","appID":"PhoneCleanerClearJunks-230125","dateAdded":"230204","deceptorType":"Android App","name":"Phone Cleaner Clear Junks","company":"Lite Media","version":"3.0","lastKnownStatus":"Deceptor:3.0","lastKnownDate":"230204","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-02-05T01:10:02.1283569+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1116},{"violations":{"ACR-109":"The application silently installs the app \"TAP Driver Windows\" before the the user chose and agrees to install or without disclosing the relationship to the app during installation.\n","ACR-042":"1. Open source project \"The Qt Company Ltd.\" and \"Open VPN\" gets installed without any disclosure in EULA.\n2. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation.\n","ACR-043":"1. The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation.\n2. Third-party components 'The Qt Company Ltd.' and 'Open VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'The Qt Company Ltd.' and 'Open VPN'.\n","ACR-048":"The app does not provide any control to close the app completely and remove its background processes within the app's settings.\n","ACR-084":"On closing the app, all the processes run silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after closing it, with a greyed and hidden icon without notifying the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-071":"The \"MonoDefense 1 Year\" offer is opted-in by default on the Internal offers page (https://www.vpnunlimited.com/order/pickup?price=28855) and requires the user to opt-out of the payment.\n","ACR-059":"The offers are not marked as Offer, the recommended by \"who\" is unclear.\n","ACR-039":"The application silently installs the app \"TAP Driver Windows\" without disclosing the relationship to the app during installation.\n","ACR-124":"The app suggests the consumer exit the app completely in order to proceed with uninstallation but does not provide control to quit the app anywhere inside the app and the user can exit the app only from the systray. Thereby, preventing the targeted consumer from being able to reach the uninstall screen by adding unnecessary friction to the uninstallation process.\n","ACR-165":"The app does not provide detailed information about when users receive a notification for renewal, how to cancel the subscription, and the price amount after the time-bound discount expires on the Inline offers page.\nThe app does not provide detailed information about when users receive a notification for renewal, how to cancel the subscription and the price amount after the time-bound discount expires on the shopping cart\n\n\n(https://www.keepsolid.com/promo/order/pickup?tab=monodefense          ,                  https://www.keepsolid.com/monodefense/pricing?price=26440) \n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.vpnunlimited.com/downloads/windows  and  https://www.vpnunlimited.com/).\n","ACR-171":"The \"MonoDefense 1 Year\" offer has opt-in/opt-out checkboxes pre-checked on the Internal offers page (https://www.vpnunlimited.com/order/pickup?price=28855) and requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPN Unlimited\\vpn-unlimited.exe","companyName":"KeepSolid Inc.","productName":"VPN Unlimited","productVersion":"8.6.1","fileVersion":"8.6.1","hashMD5":"fd18c8be7959f20d06563f5bb109b2f4","hashSHA1":"b628d0c63a54377c34cf89eeae861487dc566138","hashSHA256":"0666ea0331d8970e68b709907085ebfb01622d54a9274b490bc633279cfffe5e","digitalCertThumbprint":"EBDEF3ED0F3F3F42B342D0F03A01F19B89436CA9","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Keepsolid Inc.","storeId":"","sourceIndex":"1231","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VPN Unlimited\\vpn-unlimited-daemon.exe","companyName":"KeepSolid Inc.","productName":"VPN Unlimited Service","productVersion":"8.6.1","fileVersion":"8.6.1","hashMD5":"44da03c9e0e6d31e2d676eb585634e1b","hashSHA1":"623fb89fd5dfcf40768fe5727addfa5897c21878","hashSHA256":"5c04486f49fa1ee4b4ae37bb86fb3ee3c681c8a6a9bd871faeda46757d1d7d38","digitalCertThumbprint":"EBDEF3ED0F3F3F42B342D0F03A01F19B89436CA9","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Keepsolid Inc.","storeId":"","sourceIndex":"1231","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VPN_Unlimited_v8.6.1.exe","isInstaller":"True","companyName":"KeepSolid Inc.                                              ","productName":"VPN Unlimited                                               ","productVersion":"8.6.1                                             ","fileVersion":"8.6.1               ","hashMD5":"9083b4f72937ca149143ae73846113f5","hashSHA1":"048aeb2255f8d6b81229274e4dac212c40f9e814","hashSHA256":"ba5cd9726b9adf0339649ae668a2b684393e52381d226dbfa282815a66aab42f","digitalCertThumbprint":"EBDEF3ED0F3F3F42B342D0F03A01F19B89436CA9","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Keepsolid Inc.","storeId":"","sourceIndex":"1231","avBlockList":["360 Total Security (20230209)","Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","K7 Total Security (20230209)","McAfee Total Protection (20230209)","Norton Security (20230209)","Panda Dome (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)"],"avAllowList":["Bitdefender Internet Security (20230209)","COMODO Antivirus (20230209)","Dr.Web Security Space (20230209)","ESET Internet Security (20230209)","G DATA INTERNET SECURITY (20230209)","Kaspersky Internet Security (20230209)","Malwarebytes Premium (20230209)","Quick Heal Internet Security (20230209)","Trend Micro Internet Security (20230209)","VIPRE Advanced Security (20230209)","Windows Defender (20230209)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN apps","reference":"","landingPage":"https://www.vpnunlimited.com/","directDownloadingLink":"https://www.vpnunlimited.com/api/keepsolid/vpn-download?platform=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vpnunlimited.com/api/keepsolid/vpn-download?platform=windows","sourceIndex":"1231"}],"sampleFiles":["230202/VPNUnlimited-230109/8.6.1/Samples/VPN_Unlimited_v8.6.1.exe"],"imageFiles":["230202/VPNUnlimited-230109/8.6.1/Images/ACR-109/ACR-109 (1).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-109/ACR-109 (2).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-039/ACR-039 (1).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-039/ACR-039 (2).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-043/ACR-043 (1).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-043/ACR-043 (2).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-043/ACR-043 (3).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-043/ACR-043 (4).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-107/ACR-107 (1).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-107/ACR-107 (2).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-042/ACR-042 (1).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-042/ACR-042 (2).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-042/ACR-042 (3).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-042/ACR-042 (4).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-084/ACR-084.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-084/ACR-084_1.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-048/ACR-048.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-048/ACR-048_1.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-048/ACR-048_2.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-118/ACR-118.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-124/ACR-124.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-165/ACR-165.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-059/ACR-059.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-071/ACR-071.jpg","230202/VPNUnlimited-230109/8.6.1/Images/ACR-165/ACR-165(1).JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-165/ACR-165(2).jpg"],"nonDeceptorImageFiles":["230202/VPNUnlimited-230109/8.6.1/Images/ACR-171/ACR-171.jpg","230202/VPNUnlimited-230109/8.6.1/Images/ACR-018/ACR-018.JPG","230202/VPNUnlimited-230109/8.6.1/Images/ACR-018/ACR-018_1.JPG"],"guid":"861ac13b-123d-44ff-a6c9-efa6bc149405_8.6.1_1","appID":"VPNUnlimited-230109","dateAdded":"230202","deceptorType":"App","name":"VPN Unlimited","company":"KeepSolid Inc.","version":"8.6.1","lastKnownStatus":"Deceptor:8.6.1","lastKnownDate":"230202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-02-02T11:54:21.5155093+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1118},{"violations":{"ACR-042":"The app and its components get dropped in one click in a hidden folder without obtaining user's permission and disclosing the installation path and allowing the user to change it.\n","ACR-006":"The browser performs connections to another link that is not clearly disclosed at installation before loading search results. It connects to \"Trovi Search\" before it changes to Bing making it appear like the search uses Bing.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing resources.\n","ACR-085":"The app collects reports from the user's system by default without the user's Knowledge and consent.\n\n","ACR-117":"In an attempt to uninstall the app using the conventional way, it does not show up the uninstall window. Instead when icon at the window taskbar is right-clicked, it allows the user to run the app again, impeding the removal of the app from the system.\n"},"nonDeceptorViolations":{"ACR-040":" The app installs itself in a hidden folders %Appdata%\\Roaming and %Appdata%\\Local\\ by default. \n"},"samples":[{"isRevoked":"False","fileName":"maelstrom.exe","companyName":"The Chromium Authors","productVersion":"44.0.1.3","fileVersion":"44.0.1.3","hashMD5":"5655e2125677c3a83cc821926c16386b","hashSHA1":"af73772e7a29b9362ce79312f9bf97e9f050983b","hashSHA256":"9b514b9cb882f71426b2446c2ccfeeb8d92e25b1c3f51297975823cab88fe82e","sourceIndex":"1230","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Maelstrom-setup.exe","isInstaller":"True","companyName":"The Chromium Authors","productVersion":"44.0.1.3","fileVersion":"44.0.1.3","hashMD5":"f91af7f38720325d32d7f216dce4d4e7","hashSHA1":"5bff940fb75cabdf7f66be7b6894e11af837b626","hashSHA256":"c6c12bd4f917a952ac3d9aae63b95f84762ea573788b8644e4a59a2570a60474","digitalCertThumbprint":"CC94057C4829F35E1EE219CD5F3B170800F148A5","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=BitTorrent Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BitTorrent Inc, L=San Francisco, S=California, C=US","sourceIndex":"1230","avBlockList":["360 Total Security (20230209)","Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","Dr.Web Security Space (20230209)","ESET Internet Security (20230209)","K7 Total Security (20230209)","Kaspersky Internet Security (20230209)","Norton Security (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)"],"avAllowList":["Bitdefender Internet Security (20230209)","COMODO Antivirus (20230209)","G DATA INTERNET SECURITY (20230209)","Malwarebytes Premium (20230209)","McAfee Total Protection (20230209)","Panda Dome (20230209)","Quick Heal Internet Security (20230209)","Trend Micro Internet Security (20230209)","VIPRE Advanced Security (20230209)","Windows Defender (20230209)"]}],"additionalFiles":[],"sources":[{"howFound":"search for chromium based browsers","reference":"","landingPage":"https://www.softpedia.com/get/Internet/Browsers/Project-Maelstrom.shtml","directDownloadingLink":"https://www.softpedia.com/get/Internet/Browsers/Project-Maelstrom.shtml#download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softpedia.com/get/Internet/Browsers/Project-Maelstrom.shtml#download","sourceIndex":"1230"}],"sampleFiles":["230202/Maelstrom-230118/44.0.1.3/Samples/maelstrom.exe","230202/Maelstrom-230118/44.0.1.3/Samples/Maelstrom-setup.exe"],"imageFiles":["230202/Maelstrom-230118/44.0.1.3/Images/ACR-042/ACR-048_HiddenFolder.jpg","230202/Maelstrom-230118/44.0.1.3/Images/ACR-085/ACR-085_SendsDatabyDefault.jpg","230202/Maelstrom-230118/44.0.1.3/Images/ACR-006/ACR-006_TroviSearchusingBing.gif","230202/Maelstrom-230118/44.0.1.3/Images/ACR-007/SharingSetting.jpg","230202/Maelstrom-230118/44.0.1.3/Images/ACR-117/ACR-117_MisleadingUninstallation.gif"],"nonDeceptorImageFiles":["230202/Maelstrom-230118/44.0.1.3/Images/ACR-040/ACR-040_HiddenFolder.jpg"],"guid":"8c5df786-0052-4fb7-8ab9-0e030982ebb0_44.0.1.3_1","appID":"Maelstrom-230118","dateAdded":"230202","deceptorType":"App","name":"Maelstrom","company":"BitTorrent, Inc.","version":"44.0.1.3","lastKnownStatus":"Deceptor:44.0.1.3","lastKnownDate":"230202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search,inject ads","lastUpdate":"2023-02-02T12:09:50.2293915+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1119},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. It displays a \"Random/ Dummy\" cache count in the scan summary for all installed apps, which has a vast difference from the actual cache data of all the installed apps, also for some apps the displayed cache count seems to be exaggerated due to random cache data. When the user clicks “Clean Junk 8.1 GB, the app says “OPTIMAL” but when viewed in the app settings it displays the same size of cache data that can be cleaned. Thus the app's value proposition can't be verified as it displays \"Random/ Dummy\" cache data that have a vast difference from the actual cache data, and also does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. It displays a \"Random/ Dummy\" cache count in the scan summary for all installed apps, which has a vast difference from the actual cache data of all the installed apps, also for some apps the displayed cache count seems to be exaggerated due to random cache data. When the user clicks “Clean Junk 8.1 GB, the app says “OPTIMAL” but when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.junk.cleaner.phone.booster.apk","isInstaller":"True","productVersion":"1.0.1","fileVersion":"1.0.1","hashMD5":"52dfe93c72bcf4fbd63093df63c75201","hashSHA1":"d5ec2f8d10d765a85b82205f1a8d4397c499ced0","hashSHA256":"0a04c911d79967e777514d5d67358b925abbfe0f601832c87a21a321d359793b","sourceIndex":"1229","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.junk.cleaner.phone.booster&hl=en_IN","ipv4":"","ipv6":"","sourceIndex":"1229"}],"sampleFiles":["230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Samples/com.junk.cleaner.phone.booster.apk"],"imageFiles":["230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_6.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","230202/JunkCleanerPhoneOptimizer-230123/1.0.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg"],"nonDeceptorImageFiles":[],"guid":"a0c00a24-031b-476a-bcfa-12be37bf4f05_1.0.1_1","appID":"JunkCleanerPhoneOptimizer-230123","dateAdded":"230202","deceptorType":"Android App","name":"Junk Cleaner Phone Optimizer","company":"Clean Solution","version":"1.0.1","lastKnownStatus":"Deceptor:1.0.1","lastKnownDate":"230202","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-02-02T12:12:25.9139346+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1120},{"violations":{"ACR-103":"The app suggests cleaning up \"593.4 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but in the app settings, it displays the exact size of cache data that can be cleaned. The app's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"593.4 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but when viewed in the app settings it displays the exact size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.sdvlgroup.app.supercleaner.apk","isInstaller":"True","productVersion":"1.0.11","fileVersion":"1.0.11","hashMD5":"5f48c29a55a3827905c6bea7fd9f56c7","hashSHA1":"494d72e36707487fe21d42e3cc017f70963dfcea","hashSHA256":"d9fda705d65aeaf0839522dbdfe86778779e017a50e0bdfad12322923e20815d","sourceIndex":"1228","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.sdvlgroup.app.supercleaner&hl=en_IN&gl=US","ipv4":"","ipv6":"","sourceIndex":"1228"}],"sampleFiles":["230202/DSCleanerPhoneCleaner-230124/1.0.11/Samples/com.sdvlgroup.app.supercleaner.apk"],"imageFiles":["230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_5.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_5.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","230202/DSCleanerPhoneCleaner-230124/1.0.11/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg"],"nonDeceptorImageFiles":[],"guid":"82e75934-2071-4943-af38-4faf578d10a4_1.0.11_1","appID":"DSCleanerPhoneCleaner-230124","dateAdded":"230202","deceptorType":"Android App","name":"DS Cleaner Phone Cleaner","company":"SDVL Entertainment","version":"1.0.11","lastKnownStatus":"Deceptor:1.0.11","lastKnownDate":"230202","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-02-02T12:15:27.8292487+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1121},{"violations":{"ACR-003":"The app shows \"You are not protected\" when disconnected from the VPN, even when another VPN application is connected. \n","ACR-014":"The app shows \"You are not protected\" when disconnected from the VPN, even when another VPN application is connected. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Zorro VPN","fileVersion":"0.","hashMD5":"0bacd17759e4f8052c8237731431ce54","hashSHA1":"fc199dd23d1997f21ed7092e3dcc19ead760e7fa","hashSHA256":"f30f868ee55e5fbec756d01df2cc1bb9ffef5dd72b3df2ba3c5b33d0ed83f020","sourceIndex":"1232","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for VPN under MacOS App Store, with US region selected under Account settings","reference":"","landingPage":"https://zorrovpn.io/","directDownloadingLink":"https://apps.apple.com/ph/app/zorro-vpn-vpn-wifi-proxy/id1466972350","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/zorro-vpn-vpn-wifi-proxy/id1466972350","sourceIndex":"1232"}],"sampleFiles":["230202/ZorroVPN-230109/2.2.0/Samples/Zorro VPN"],"imageFiles":["230202/ZorroVPN-230109/2.2.0/Images/ACR-003/ACR003-2.png","230202/ZorroVPN-230109/2.2.0/Images/ACR-003/ACR003-3.png","230202/ZorroVPN-230109/2.2.0/Images/ACR-003/ACR003-1.png","230202/ZorroVPN-230109/2.2.0/Images/ACR-003/ACR003-1.png","230202/ZorroVPN-230109/2.2.0/Images/ACR-014/ACR014-1.png"],"nonDeceptorImageFiles":[],"guid":"0d2803c8-f326-49fd-96a6-e7fc3e3a11eb_2.2.0_1","appID":"ZorroVPN-230109","dateAdded":"230202","deceptorType":"MacOS App","name":"Zorro VPN","company":"Wifi Map LLC","version":"2.2.0","lastKnownStatus":"Deceptor:2.2.0","lastKnownDate":"230202","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-02-02T11:45:40.9000932+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1117},{"violations":{"ACR-103":"The app suggests cleaning up \"162.7 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but in the app settings, it displays the same size of cache data that can be cleaned. The app's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"162.7 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.jm.tools.cleanamaster.apk","isInstaller":"True","productVersion":"1.1.3","fileVersion":"1.1.3","hashMD5":"19bbd32f46d7d9de44262883e791d8c9","hashSHA1":"672b687933bdd30f37333388269ff400233e3c79","hashSHA256":"f541c5864467578a6a12ea27d04603ca3e28c2c8474d44805bdd46a47d9bfe63","sourceIndex":"1235","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.jm.tools.cleanamaster&hl=en_IN&pli=1","ipv4":"","ipv6":"","sourceIndex":"1235"}],"sampleFiles":["230131/PhoneCleanerBoosterMaster-230123/1.1.3/Samples/com.jm.tools.cleanamaster.apk"],"imageFiles":["230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_5.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_5.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","230131/PhoneCleanerBoosterMaster-230123/1.1.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg"],"nonDeceptorImageFiles":[],"guid":"283b9a41-e779-4cb4-8e62-70d367aa3a5a_1.1.3_1","appID":"PhoneCleanerBoosterMaster-230123","dateAdded":"230131","deceptorType":"Android App","name":"Phone Cleaner Booster Master","company":"JMM Studio","version":"1.1.3","lastKnownStatus":"Deceptor:1.1.3","lastKnownDate":"230131","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-01-31T16:17:11.1639916+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1122},{"violations":{"ACR-097":"At installation, the app is added by default to Windows Firewall Exceptions for both setup options without providing explicit disclaim.  \n","ACR-057":"Accept/Decline options are not made obvious for the Optional Offer. Unchecking the agreement for the offer is not a straightforward option for decline.\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers. \n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DS-Setup[bxCkNr578].exe","isInstaller":"True","companyName":"Download Studio Project","productName":"Download Studio","fileVersion":"1.19.0.0","hashMD5":"98f8f26ee77666cd7f1df644530a508f","hashSHA1":"27bd166914bfdbefe2b562e84fd59d52a1f3a81f","hashSHA256":"f0e532171ff260e75260ca6a7d429ff06f9338b066fb77bf7d545e480afb4f5c","sourceIndex":"1233","avBlockList":["360 Total Security (20230209)","Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","Bitdefender Internet Security (20230209)","COMODO Antivirus (20230209)","Dr.Web Security Space (20230209)","ESET Internet Security (20230209)","G DATA INTERNET SECURITY (20230209)","K7 Total Security (20230209)","Kaspersky Internet Security (20230209)","Malwarebytes Premium (20230209)","McAfee Total Protection (20230209)","Norton Security (20230209)","Panda Dome (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","Trend Micro Internet Security (20230209)","VIPRE Advanced Security (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)"],"avAllowList":["Quick Heal Internet Security (20230209)","Windows Defender (20230209)"]},{"isRevoked":"False","fileName":"dstudio.exe","productName":"Download Studio Daemon","fileVersion":"1.3.1.0","hashMD5":"51db0f28362f9814a7e7de8e722deb81","hashSHA1":"00b624b70ed5a03c3c42cc4389d5d8b7512cb6ad","hashSHA256":"c43ce5b40728a96960d3a1942d980669e066758acd7b1a63723c6ef12ed25520","sourceIndex":"1233","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dstudio-gui.exe","productName":"Download Studio GUI","fileVersion":"1.19.0.0","hashMD5":"14d1c0e3f487fd1e82294fedcc41053a","hashSHA1":"87cabd7d474cbb8f3a11a25777ab30862f8ee3b2","hashSHA256":"96637a9039cfe9ce8632737f510aa9c36bcba767918fb7c417b483aa7f7952a9","sourceIndex":"1233","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://getdstudio.me/","directDownloadingLink":"https://getdstudio.me/31.html?aff_id=5&click_id=26190859451674563803&direct=1&link=&source_id=26&stream_id=622&vid=31","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://getdstudio.me/31.html?aff_id=5&click_id=26190859451674563803&direct=1&link=&source_id=26&stream_id=622&vid=31","sourceIndex":"1233"},{"howFound":"","reference":"","landingPage":"https://downloadstudio.net/","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"1234"}],"sampleFiles":["230131/DownloadStudio-230124/1.19.0.0/Samples/DS-Setup[bxCkNr578].exe","230131/DownloadStudio-230124/1.19.0.0/Samples/dstudio.exe","230131/DownloadStudio-230124/1.19.0.0/Samples/dstudio-gui.exe"],"imageFiles":["230131/DownloadStudio-230124/1.19.0.0/Images/ACR-059/360TS_OptionalOffer.jpg","230131/DownloadStudio-230124/1.19.0.0/Images/ACR-059/ACR-059_OperaOffer.jpg","230131/DownloadStudio-230124/1.19.0.0/Images/ACR-055/360TS_OptionalOffer.jpg","230131/DownloadStudio-230124/1.19.0.0/Images/ACR-097/ACR-097_WindowsFirewallException.jpg","230131/DownloadStudio-230124/1.19.0.0/Images/ACR-097/ACR-097_WindowsFirewallException-1.jpg","230131/DownloadStudio-230124/1.19.0.0/Images/ACR-057/360TS_OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"4248e07d-699b-487d-af90-faf63440bc05_1.19.0.0_1","appID":"DownloadStudio-230124","dateAdded":"230131","deceptorType":"App","name":"Download Studio","company":"Download Studio Project","version":"1.19.0.0","lastKnownStatus":"Deceptor:1.19.0.0","lastKnownDate":"230131","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-01-31T16:28:48.1731421+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1123},{"violations":{"ACR-103":"The app suggests cleaning up \"320.4 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but in the app settings, it displays the same size of cache data that can be cleaned and also it displays the same app and cache count for every scan performed even though the device has many apps that require junk/cache cleaning. The app's value proposition can't be verified as it does not clean any junk/cache. (EX: The Facebook app has a cache size of 183 MB but this app is not listed in the junk/cache scan result)\n","ACR-014":"The app suggests cleaning up \"320.4 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but in the app settings, it displays the same size of cache data that can be cleaned and also it displays the same app and cache count for every scan performed even though the device has many apps that require junk/cache cleaning, which misleads users. (EX: The Facebook app has a cache size of 183 MB but this app is not listed in the junk/cache scan result)\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.sp.expert.expertcleaner.apk","isInstaller":"True","productVersion":"1.0.4","fileVersion":"1.0.4","hashMD5":"4ba451f1ddad3759984c6ae2aed795cf","hashSHA1":"2b2dc1cea5fe4d7f5a300c17a20e1b82b6a4dde6","hashSHA256":"c4b01755417503f9dcd543895e223e90dfd9946b5cdc8ef0da55a9b0e41c9f75","sourceIndex":"1236","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.sp.expert.expertcleaner&hl=en_IN&pli=1","ipv4":"","ipv6":"","sourceIndex":"1236"}],"sampleFiles":["230130/ExpertCleanerFastBooster-230120/1.0.4/Samples/com.sp.expert.expertcleaner.apk"],"imageFiles":["230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_Scan_Result_3.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_Rescan_AfterFix_5.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-103/ACR-103_Software_NotListedApp_9.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_Scan_Result_3.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_Rescan_AfterFix_5.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","230130/ExpertCleanerFastBooster-230120/1.0.4/Images/ACR-014/ACR-014_Software_NotListedApp_9.jpg"],"nonDeceptorImageFiles":[],"guid":"af4f64e7-9e20-4b0f-a3ce-2be49eafc2c5_1.0.4_1","appID":"ExpertCleanerFastBooster-230120","dateAdded":"230130","deceptorType":"Android App","name":"Expert Cleaner Fast Booster","company":"Expert Games Lab","version":"1.0.4","lastKnownStatus":"Deceptor:1.0.4","lastKnownDate":"230130","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-01-30T23:02:32.1327613+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1124},{"violations":{"ACR-103":"The app suggests cleaning up \"465.7 MB\" of junk/cache. After completing junk clean it says “Free 543 MB storage”, but in the app settings, it displays the same size of cache data that can be cleaned, also the total cache size of the apps displayed after the Fix (543 MB) differs from the cache displayed in the scan result (465.7 MB). Thus the app's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"465.7 MB\" of junk/cache. After completing junk clean it says “Free 543 MB storage”, but in the app settings, it displays the same size of cache data that can be cleaned, also the total cache size of the apps displayed after the Fix (543 MB) differs from the cache displayed in the scan result (465.7 MB), thus misleading the users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"clean.antivirus.security.viruscleaner.apk","isInstaller":"True","productVersion":"1.3.0","fileVersion":"1.3.0","hashMD5":"1b054c051cb00a903143c2a4c467e754","hashSHA1":"30ca85a056cf5a946263bf68bd746def8ee55012","hashSHA256":"ab8a366f6cf12db167914ab6af77e5794fe69d7d9d7e2f64769ac2660ff9f939","sourceIndex":"1239","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=clean.antivirus.security.viruscleaner&hl=en_IN&pli=1","ipv4":"","ipv6":"","sourceIndex":"1239"}],"sampleFiles":["230120/Cleaner2023-230119/1.3.0/Samples/clean.antivirus.security.viruscleaner.apk"],"imageFiles":["230120/Cleaner2023-230119/1.3.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-103/ACR-103_Software_Scan_Result_3.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-014/ACR-014_Software_Scan_Result_3.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.jpg","230120/Cleaner2023-230119/1.3.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg"],"nonDeceptorImageFiles":[],"guid":"2921cb9f-ea07-4060-9808-98a9b162ffd4_1.3.0_1","appID":"Cleaner2023-230119","dateAdded":"230120","deceptorType":"Android App","name":"Cleaner 2023","company":"SEAMOBI","version":"1.3.0","lastKnownStatus":"Deceptor:1.3.0","lastKnownDate":"230120","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-01-20T13:58:40.515568+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1128},{"violations":{"ACR-043":"Third party components \"Open VPN\" is installed without any disclosure in the EULA.\n","ACR-107":"The app does not obtain any authorization for using third-party component: Open VPN\n","ACR-003":"The app displays \"Your IP is Unprotected\" when disconnected from the VPN. This is misleading with unsubstantiated claim.\n","ACR-007":"The app does not obtain explicit user consent to reduce the consumer's security posture caused by sharing IP/network connection for sharing internet resources.\n","ACR-084":"Quitting the app keeps other processes running in the background without notifying the consumer. Even after exiting the app from the systray, the process \"RabbitData.exe\" remains running in the background and may record system's Usage Data and metrics including IP. \n","ACR-117":"The app attempts to conceal the Uninstall button at Uninstall.\n","ACR-014":"The application presents misleading status \"Your IP is unprotected\" even when the system has a VPN program already installed.\n\n","ACR-039":"The app silently installs Tap windows program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"RabbitVPN.exe","companyName":"HIGH SPEED RABBIT LIMITED","productName":"RabbitVPN","productVersion":"1.22.11.11","fileVersion":"1.22.11.11","hashMD5":"a74df00ad46ec43b1eeb22fba4faa5bd","hashSHA1":"ca1cd5e826169f302fc1f7d5a28b39a06b7e2b7e","hashSHA256":"487ea660e32aedcd69885e577f40f08f9089032791c5c27bb8741e921610cd47","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"CN=WoTrus Code Signing 2021 CA, O=WoTrus CA Limited, C=CN","digitalCertIssuedTo":"CN=HIGH SPEED RABBIT LIMITED, O=HIGH SPEED RABBIT LIMITED, L=London, C=GB","sourceIndex":"273","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rabbitvpn1_32.exe","isInstaller":"True","companyName":"HIGH SPEED RABBIT LIMITED","productName":"RabbitVPN","fileVersion":"1.22.11.11","hashMD5":"f27b3477be720aa990889f0dbc508bab","hashSHA1":"df96fa47eba5e7592c256ea07459126426a7f6d6","hashSHA256":"608526575960710f06f463584109f43ec4c1026be8a66bb9bc85e956284280fa","digitalCertThumbprint":"B1476909A9370074A35F2D3E3906E7BC8859FEAB","digitalCertIssuer":"CN=WoTrus Code Signing 2021 CA, O=WoTrus CA Limited, C=CN","digitalCertIssuedTo":"CN=HIGH SPEED RABBIT LIMITED, O=HIGH SPEED RABBIT LIMITED, L=London, C=GB","sourceIndex":"273","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","COMODO Antivirus (20230126)","ESET Internet Security (20230126)","Kaspersky Internet Security (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VirIT eXplorer PRO (20230126)","Windows Defender (20230126)"],"avAllowList":["Bitdefender Internet Security (20230126)","Dr.Web Security Space (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Malwarebytes Premium (20230126)","Quick Heal Internet Security (20230126)","Trend Micro Internet Security (20230126)","VIPRE Advanced Security (20230126)","Webroot SecureAnywhere (20230126)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: vpn for windows","reference":"","landingPage":"https://en.freedownloadmanager.org/Windows-PC/Rabbit-VPN-FREE.html","directDownloadingLink":"https://download.freedownloadmanager.org/Windows-PC/Rabbit-VPN/FREE-1.22.11.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.freedownloadmanager.org/Windows-PC/Rabbit-VPN/FREE-1.22.11.html","sourceIndex":"273"}],"sampleFiles":["230120/RabbitVPN-230113/1.22.11.11/Samples/RabbitVPN.exe","230120/RabbitVPN-230113/1.22.11.11/Samples/rabbitvpn1_32.exe"],"imageFiles":["230120/RabbitVPN-230113/1.22.11.11/Images/ACR-039/ACR-039_TAPWindows.jpg","230120/RabbitVPN-230113/1.22.11.11/Images/ACR-043/ACR-043_107_OpenVPN.jpg","230120/RabbitVPN-230113/1.22.11.11/Images/ACR-107/ACR-043_107_OpenVPN.jpg","230120/RabbitVPN-230113/1.22.11.11/Images/ACR-007/ACR-007_Sharing_resources.jpg","230120/RabbitVPN-230113/1.22.11.11/Images/ACR-007/ACR-007_Data_Usage_Rules.jpg","230120/RabbitVPN-230113/1.22.11.11/Images/ACR-084/ACR_084_BackgroundProcess.jpg","230120/RabbitVPN-230113/1.22.11.11/Images/ACR-003/ACR-003_039_IPStatus.jpg","230120/RabbitVPN-230113/1.22.11.11/Images/ACR-014/ACR-003_039_IPStatus.jpg","230120/RabbitVPN-230113/1.22.11.11/Images/ACR-117/ACR-117_UninstallButtonConcealed.jpg"],"nonDeceptorImageFiles":[],"guid":"4723d9ef-b5b7-4096-b69d-84cad97f1d9b_1.22.11.11_1","appID":"RabbitVPN-230113","dateAdded":"230120","deceptorType":"App","name":"Rabbit VPN","company":"HIGH SPEED RABBIT LIMITED","version":"1.22.11.11","lastKnownStatus":"Deceptor:1.22.11.11","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-12-12T23:46:00.3664684+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1126},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. It displays a \"Random/ Dummy\" cache count in the scan summary for all installed apps, which has a vast difference from the actual cache data of all the installed apps. When the user clicks “Clean Junk 7.9 GB, the app says “Optimal” but when viewed in the app settings it displays the same size of cache data that can be cleaned. Thus the app's value proposition can't be verified as it displays  \"Random/ Dummy\" cache data that have a vast difference from the actual cache data, and also does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. It displays a \"Random/ Dummy\" cache count in the scan summary for all installed apps, which has a vast difference from the actual cache data of all the installed apps. When the user clicks “Clean Junk 7.9 GB, the app says “Optimal” but when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.goat.phone.clean.booster.apk","isInstaller":"True","productVersion":"2.6.0","fileVersion":"2.6.0","hashMD5":"75f7b1dbf1cf2540d2122a6b21730437","hashSHA1":"c7643c5d9bd386ba295225c4b6cdec935bd6a45f","hashSHA256":"eb06492e7ef56d38476b62dc4bf8840e5a346f2bc7355ed1ce58d1f09e863417","sourceIndex":"1240","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.goat.phone.clean.booster&hl=en_IN&gl=US","ipv4":"","ipv6":"","sourceIndex":"1240"}],"sampleFiles":["230120/PhoneCleanerSmartBooster-230119/2.6.0/Samples/com.goat.phone.clean.booster.apk"],"imageFiles":["230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_6.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","230120/PhoneCleanerSmartBooster-230119/2.6.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg"],"nonDeceptorImageFiles":[],"guid":"a7cff2f3-7c66-4e6d-93f0-21723c2a2ef3_2.6.0_1","appID":"PhoneCleanerSmartBooster-230119","dateAdded":"230120","deceptorType":"Android App","name":"Phone Cleaner Smart Booster","company":"Goat Tech Team","version":"2.6.0","lastKnownStatus":"Deceptor:2.6.0","lastKnownDate":"230120","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-01-20T13:56:01.0885521+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1127},{"violations":{"ACR-048":"The user is unable to cancel the offer while in the download process. Cannot cancel nor exit installation once the optional offer shows up.\n","ACR-055":"Accept and Decline options are not made obvious for the Offer that is not directly related to the main app. \n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\".\n"},"nonDeceptorViolations":{"ACR-152":"The user is unable to cancel the offer while in the download process. Cannot exit installation once the optional offer shows up.\n"},"samples":[{"isRevoked":"False","fileName":"YourFile.exe","companyName":"http://yourfiledownloader.com","fileVersion":"1.0","hashMD5":"3d53b02f7dd2164d66a47ad0ad31d352","hashSHA1":"fa7cb5bcc3ef1e909905829fada4f9009d306792","hashSHA256":"a7ec569526e4d3fe49599070cf3deb6b57949782e0e68d15219d8ea88c257770","digitalCertThumbprint":"55E5E7A9F790FE2E5C7A07A504620167A53748F2","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Via Advertising Group Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Via Advertising Group Limited, L=Nicosia, S=Nicosia, C=CY","sourceIndex":"1237","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"YourFileDownloader.exe","isInstaller":"True","companyName":"http://yourfiledownloader.com","fileVersion":"1.0","hashMD5":"077fda1e1533d2f88eb9345fbb24e0d6","hashSHA1":"982efc2f3cce306520072d60eb9577a55e60136b","hashSHA256":"de32da3c34d8c77edbb8427d2c262dcd5adb647358248c073cf54db421b00032","digitalCertThumbprint":"55E5E7A9F790FE2E5C7A07A504620167A53748F2","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Via Advertising Group Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Via Advertising Group Limited, L=Nicosia, S=Nicosia, C=CY","sourceIndex":"1237","avBlockList":["Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","Malwarebytes Premium (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Quick Heal Internet Security (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","Trend Micro Internet Security (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)"],"avAllowList":["360 Total Security (20230126)","Windows Defender (20230126)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.filefacts.com/yourfile-downloader-download","directDownloadingLink":"http://mirror3.filefacts.com/077fda1e1533d2f88eb9345fbb24e0d6/YourFileDownloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://mirror3.filefacts.com/077fda1e1533d2f88eb9345fbb24e0d6/YourFileDownloader.exe","sourceIndex":"1237"}],"sampleFiles":["230120/YourFileDownloader-230119/1.0.0.5/Samples/YourFile.exe","230120/YourFileDownloader-230119/1.0.0.5/Samples/YourFileDownloader.exe"],"imageFiles":["230120/YourFileDownloader-230119/1.0.0.5/Images/ACR-055/ACR-055_AcceptDeclineOptions.jpg","230120/YourFileDownloader-230119/1.0.0.5/Images/ACR-048/ACR-152_UnabletoCancelandExit.gif","230120/YourFileDownloader-230119/1.0.0.5/Images/ACR-059/ACR-059_OptionalOffer.jpg"],"nonDeceptorImageFiles":["230120/YourFileDownloader-230119/1.0.0.5/Images/ACR-152/ACR-152_UnabletoCancelandExit.gif"],"guid":"be139685-b62f-4737-85c7-f93a75357be2_1.0.0.5_1","appID":"YourFileDownloader-230119","dateAdded":"230120","deceptorType":"App","name":"Your File Downloader","company":"http://yourfiledownloader.com","version":"1.0.0.5","lastKnownStatus":"Deceptor:1.0.0.5","lastKnownDate":"230120","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps","lastUpdate":"2023-01-30T22:55:41.8722365+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1125},{"violations":{"ACR-042":"1. The app drops the Root Certificate files before obtaining the consumer's permission through explicit user action in the installation prompt.\n2. Open source project \"Open VPN\", \"Qt4\" and \"Tap Windows\" files get dropped without any disclosure in EULA.\n","ACR-043":"1. The app does not provide information regarding the Root Certificate files that are dropped and the potential risk introduced to the user system after its installation in the installation prompt.\n2. Open source projects \"Open VPN\", \"Qt4\" and \"Tap Windows\" files get dropped without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about \"OpenVPN\", \"Qt4\" and \"Tap Windows\".\n","ACR-048":"The app does not provide any control to close the app completely and remove its background processes within the app's settings.\n","ACR-007":"The app does not obtain user consent for dropping the Root Certificate files to reduce the consumer's security posture caused by the installation prompt.\n","ACR-084":"On closing the app, some of the processes run silently in the background, hiding the fact that it is active from the consumer. Also, the app runs in systray after closing it without notifying the user. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains its dropped Root Certificate on the device without the consumer's consent or notifying the user. \n","ACR-014":"The app misleads the user by stating \"Your computer is not protected\",  while the other VPN service is already active in the system and it also displays an unfair alarming (X) symbol.\n","ACR-124":"The app suggests the consumer to exit the app completely in order to proceed with uninstallation but does not provide control to quit the app anywhere inside the app and the user can exit the app only from the systray. Thereby, preventing the targeted consumer from being able to reach the uninstall screen and adding unnecessary friction to the uninstallation process.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the dropped Root Certificate files in the installation prompt.\n","ACR-092":"The app does not provide a digital signature for all the executables.\n","ACR-123":"The app does not remove the dropped Trusted Root certificate file even after uninstalling.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SlickVPN\\slickvpn.exe","companyName":"","productName":"SlickVPN","productVersion":"0.2.61.0","fileVersion":"0.2.61.0","hashMD5":"77d91ed9fb457519d3cd012d32fb3c21","hashSHA1":"874b86ede33f6bf896b25a37ca1709ac1e178c2d","hashSHA256":"62d15963bb0b96a68c62ded28c2da5cbfa30badfc51de89407167e19689cddae","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1242","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SlickVPN\\resources\\bin\\win32\\slickvpnsrvc\\slickvpnsrvc.exe","companyName":"SlickVPN","productName":"slickvpnsrvc","productVersion":"0.2.61","fileVersion":"0.2.61","hashMD5":"d3cf1c339f5e42f30e92afab3036b397","hashSHA1":"c6eb285588e06bfca6b5e015d9c83575d2b513e9","hashSHA256":"b28a0d5a553171b55bbd0eb362c978c39b08cafd0a4119d6f173f48e3cb2b8f0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1242","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"slickvpn_installer_v0.2.61_(gde9faf8).exe","isInstaller":"True","companyName":"SlickVPN                                                    ","productName":"SlickVPN                                                    ","productVersion":"0.2.61                                            ","fileVersion":"0.2.61              ","hashMD5":"6fe8abfacb6a5bf358ef5caee3e59516","hashSHA1":"5b60779aae0c58776c77e6a1c4667261160c1478","hashSHA256":"bee3857e2f3aee3be4223dee93e5ed0c568460c1ab41a823b388c73a6a23d2fd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1242","avBlockList":["360 Total Security (20230126)","Avira Internet Security (20230126)","K7 Total Security (20230126)","Malwarebytes Premium (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Quick Heal Internet Security (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)","Windows Defender (20230126)"],"avAllowList":["Avast Premium Security (20230126)","AVG Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","Kaspersky Internet Security (20230126)","Trend Micro Internet Security (20230126)","VIPRE Advanced Security (20230126)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN apps","reference":"","landingPage":"https://www.slickvpn.com/update/","directDownloadingLink":"https://slickvpn.com/vpn-client/slickvpn_installer_v0.2.61_(gde9faf8).exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://slickvpn.com/vpn-client/slickvpn_installer_v0.2.61_(gde9faf8).exe","sourceIndex":"1242"}],"sampleFiles":["230118/SlickVPN-230104/0.2.61/Samples/slickvpn_installer_v0.2.61_(gde9faf8).exe"],"imageFiles":["230118/SlickVPN-230104/0.2.61/Images/ACR-043/ACR-043_1.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-043/ACR-043_2.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-043/ACR-043_3.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-043/ACR-043_4.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-043/ACR-043_5.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-107/ACR-107 (1).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-107/ACR-107 (2).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-107/ACR-107 (3).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-042/ACR-042 (1).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-042/ACR-042 (2).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-042/ACR-042 (3).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-042/ACR-042 (4).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-042/ACR-042 (5).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-007/ACR-007 (1).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-007/ACR-007 (2).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-084/ACR-048_1.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-048/ACR-048_1.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-048/ACR-048_2.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-014/ACR-014.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-118/ACR-118.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-124/ACR-124.JPG"],"nonDeceptorImageFiles":["230118/SlickVPN-230104/0.2.61/Images/ACR-092/ACR-092_1.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-092/ACR-092_2.JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-045/ACR-045 (1).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-045/ACR-045 (2).JPG","230118/SlickVPN-230104/0.2.61/Images/ACR-123/ACR-123.JPG"],"guid":"4fdc8e20-411e-4f17-99c7-c39dee2b9d6e_0.2.61_1","appID":"SlickVPN-230104","dateAdded":"230118","deceptorType":"App","name":"Slick VPN","company":"SlickVPN","version":"0.2.61","lastKnownStatus":"Deceptor:0.2.61","lastKnownDate":"230118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-01-18T11:46:11.7775618+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1129},{"violations":{"ACR-003":"The application exaggerates missing, invalid empty registry keys and non-critical items known as junks like caches and outdated temp files as \"Problems\", misleading or scaring user to take action.\n\n","ACR-004":"The application exaggerates invalid empty registry keys as \"Problems\", and requires customer to purchase the app in order to complete the fix for the non-permanent issues.\n\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":" The application elevates its consumer trust level by displaying a unverifiable five star awards from multiple software reviewers on its landing page.\n"},"samples":[{"isRevoked":"False","fileName":"Kerish_Doctor_4.90.exe","isInstaller":"True","companyName":"Kerish Products                                             ","fileVersion":"4.90","hashMD5":"ba2586a369489194450ec77c8e99905a","hashSHA1":"5c8be5e2572f3fbd78a9aae980eae10836505096","hashSHA256":"f2c228ffeae9e487b204e37e1c5339e04d2fe9e025b5ddfdff65552792753c4d","digitalCertThumbprint":"E4F90F73B3C38CED81B1A73EFB7EF4E92196AC06","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA - G2, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=OOO AMA, O=OOO AMA, L=Voronezh, S=Voronezh region, C=RU","sourceIndex":"1238","avBlockList":["Avira Internet Security (20230124)","ESET Internet Security (20230124)","K7 Total Security (20230124)","Malwarebytes Premium (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Quick Heal Internet Security (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VirIT eXplorer PRO (20230124)","Webroot SecureAnywhere (20230124)"],"avAllowList":["360 Total Security (20230124)","Avast Premium Security (20230124)","AVG Internet Security (20230124)","Bitdefender Internet Security (20230124)","COMODO Antivirus (20230124)","Dr.Web Security Space (20230124)","G DATA INTERNET SECURITY (20230124)","Kaspersky Internet Security (20230124)","McAfee Total Protection (20230124)","Sophos Home Premium (20230124)","Trend Micro Internet Security (20230124)","VIPRE Advanced Security (20230124)","Windows Defender (20230124)"]},{"isRevoked":"False","fileName":"KerishDoctor.exe","companyName":"Kerish Products","fileVersion":"4.90","hashMD5":"4bc651a2f1804905d5dfe3f19c7feaf6","hashSHA1":"2272357d9089d78fad6b21de4be0151cb368d0f6","hashSHA256":"ea862031f0afcc175acc97c34c63cd6560ef49c988cc5e2243589c2a54384126","digitalCertThumbprint":"E4F90F73B3C38CED81B1A73EFB7EF4E92196AC06","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA - G2, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=OOO AMA, O=OOO AMA, L=Voronezh, S=Voronezh region, C=RU","sourceIndex":"1238","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searched for pc garbage cleaner","reference":"","landingPage":"https://www.kerish.org/en-us/","directDownloadingLink":"https://www.kerish.org/en-us/get_file.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.kerish.org/en-us/get_file.php","sourceIndex":"1238"}],"sampleFiles":["230118/KerishDoctor-230116/4.90/Samples/Kerish_Doctor_4.90.exe","230118/KerishDoctor-230116/4.90/Samples/KerishDoctor.exe"],"imageFiles":["230118/KerishDoctor-230116/4.90/Images/ACR-004/ACR-004_KDScanResults.jpg","230118/KerishDoctor-230116/4.90/Images/ACR-004/ACR-004_KDIncompleteFix.jpg","230118/KerishDoctor-230116/4.90/Images/ACR-003/ACR-003_KDScanResults.jpg","230118/KerishDoctor-230116/4.90/Images/ACR-003/ACR-004_KDScanResults.jpg"],"nonDeceptorImageFiles":["230118/KerishDoctor-230116/4.90/Images/ACR-065/ACR-065.jpg","230118/KerishDoctor-230116/4.90/Images/ACR-065/KD_About.jpg","230118/KerishDoctor-230116/4.90/Images/ACR-017/ACR-017_Awards.jpg"],"guid":"78e8160c-13e5-49ce-9033-520e49583970_4.90_1","appID":"KerishDoctor-230116","dateAdded":"230118","deceptorType":"App","name":"Kerish Doctor","company":"Kerish Products","version":"4.90","firstVendorContactDate":"230121","firstAppEsteemReplyDate":"230124","firstResolvedDate":"230124","firstResolvedVersion":"4.91","resolved":"TRUE","lastKnownStatus":"Deceptor:4.90","lastKnownDate":"230118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-01-25T00:45:35.2388929+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1130},{"violations":{"ACR-004":"The application does not provide a free clean for the scan items shown, and requires the user to subscribe to perform cleaning function.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links or displays of the apps terms of service and privacy policy in its about section\n"},"samples":[{"isRevoked":"False","fileName":"Advanced Disk Explorer","fileVersion":"0.","hashMD5":"2b701656f40c279db6d672b352c88468","hashSHA1":" b70dbb53f2a50f96e466729bce8d8b6ea68824f6","hashSHA256":"26db31a7dc17313bbf330dfbac72b8933076342b22b33c6e1f381f65b8004b15","sourceIndex":"1241","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for free cleaners in the app store, under US Region","reference":"","landingPage":"https://www.hopeitz.com/","directDownloadingLink":"https://apps.apple.com/us/app/advanced-disk-explorer/id1554037433?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/advanced-disk-explorer/id1554037433?mt=12","sourceIndex":"1241"}],"sampleFiles":["230118/AdvancedDiskExplorer-230111/1.3.1/Samples/Advanced Disk Explorer"],"imageFiles":["230118/AdvancedDiskExplorer-230111/1.3.1/Images/ACR-004/ACR004-1.png","230118/AdvancedDiskExplorer-230111/1.3.1/Images/ACR-004/ACR004-2.png","230118/AdvancedDiskExplorer-230111/1.3.1/Images/ACR-004/ACR004-3.png","230118/AdvancedDiskExplorer-230111/1.3.1/Images/ACR-004/ACR004-4.png","230118/AdvancedDiskExplorer-230111/1.3.1/Images/ACR-004/ACR004-5.png","230118/AdvancedDiskExplorer-230111/1.3.1/Images/ACR-004/ACR004-6.png","230118/AdvancedDiskExplorer-230111/1.3.1/Images/ACR-004/ACR004.mp4"],"nonDeceptorImageFiles":["230118/AdvancedDiskExplorer-230111/1.3.1/Images/ACR-065/About.png"],"guid":"8f1dac61-d4f2-4392-993f-f784671d9358_1.3.1_1","appID":"AdvancedDiskExplorer-230111","dateAdded":"230118","deceptorType":"MacOS App","name":"Advanced Disk Explorer","company":"Hopeitz Software","version":"1.3.1","lastKnownStatus":"Deceptor:1.3.1","lastKnownDate":"230118","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-01-18T12:00:33.7839243+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1131},{"violations":{"ACR-043":"Open source project \"ffmpeg.dll\" is installed without any disclosure in EULA.\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg'.\n","ACR-048":"The app does not provide proper control to remove the startup item, once the user manually enables it.\n","ACR-003":"1. The app does unsubstantiated claims about the identified items shown during the free scan.\n2. The app suggests cleaning up \"5.79 GB\" of Trash items on the first scan but upon fixing it removes only \"5.54 GB\" of identified issues. Also on other consecutive scans, it keeps on displaying issues in which only some of the Trash items get fixed, thus misleading the user to think that they have an issue/problem in their system.\n","ACR-004":"The app suggests cleaning up \"5.79 GB\" of Trash items without substantiating them, on the first scan but upon fixing it removes only \"5.54 GB\" of identified issues. Also on other consecutive scans, it keeps on displaying issues in which only some of the Trash items get fixed. Thus the app does not provide a complete \"Free Fix\" for all the identified issues shown during the Free scan.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"1. The app does not substantiate any of the identified items shown during the free scan.\n2. The app suggests cleaning up \"5.79 GB\" of Trash items on the first scan but upon fixing it removes only \"5.54 GB\" of identified issues. Also on other consecutive scans, it keeps on displaying issues in which only some of the Trash items get fixed, thus misleading the user. \n","ACR-165":"The app does not provide detailed information about when users receive a notification for renewal, how to cancel the subscription, and the price amount after the time-bound discount expires on the Inline offers page\nThe app does not provide detailed information about when users receive a notification for renewal, how to cancel the subscription and the price amount after the time-bound discount expires on the shopping cart (https://order.shareit.com/cart/view)\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide a digital signature for all the executables.\n","ACR-166":"The app does not disclose the license period to the consumer on the Inline Offers page.\nThe app does not disclose the license period to the consumer on the Internal Offers page (https://order.shareit.com/cart/view)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Lorien Cleaner\\LorienCleaner.exe","companyName":"Lorien Desktop [ELDAMAR STUDIO]","productName":"LorienCleaner","productVersion":"1.2.0","fileVersion":"1.2.0","hashMD5":"5b3ea5792c12896d2680bafcd8a8560a","hashSHA1":"601d02743a2b00593d057cba8f326c0f2156ec01","hashSHA256":"9b974ade68d230c40a0e6b0492b3f685fc23134c7475b4e8db1d793257b4314c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1244","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LorienCleanerSetup.exe","isInstaller":"True","companyName":"Lorien Desktop (Eldamar Studio)                             ","productName":"Lorien Cleaner                                              ","productVersion":"1.2.0                                             ","fileVersion":"                    ","hashMD5":"535a3ad8f5f4012dcae0ddc4fdf813ab","hashSHA1":"93017b74152495f0d32b25f896ab0e7d9587a368","hashSHA256":"c51f30294f60fbef0ff51272686f8ad9b6c02e4680f3ca737ffd43f968e313e9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1244","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","COMODO Antivirus (20230119)","ESET Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","K7 Total Security (20230119)","Kaspersky Internet Security (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Panda Dome (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)"],"avAllowList":["Dr.Web Security Space (20230119)","Malwarebytes Premium (20230119)","Quick Heal Internet Security (20230119)","Trend Micro Internet Security (20230119)","Webroot SecureAnywhere (20230119)","Windows Defender (20230119)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on cleaners","reference":"","landingPage":"https://lorien-cleaner.com/","directDownloadingLink":"https://lorien-cleaner.com/LorienCleanerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://lorien-cleaner.com/LorienCleanerSetup.exe","sourceIndex":"1244"}],"sampleFiles":["230113/LorienCleaner-230103/1.2.0/Samples/LorienCleanerSetup.exe"],"imageFiles":["230113/LorienCleaner-230103/1.2.0/Images/ACR-043/ACR-043.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-107/ACR-107.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-004/ACR-004 (1).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-004/ACR-004 (2).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-004/ACR-004 (3).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-004/ACR-004 (4).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-048/ACR-048.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-048/ACR-048_1.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-003/ACR-003 (1).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-003/ACR-003 (2).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-003/ACR-003 (3).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-003/ACR-003 (4).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-014/ACR-014 (1).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-014/ACR-014 (2).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-014/ACR-014 (3).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-014/ACR-014 (4).JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-118/ACR-118.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-165/ACR-165_1.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-165/ACR-165.jpg"],"nonDeceptorImageFiles":["230113/LorienCleaner-230103/1.2.0/Images/ACR-092/ACR-092.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-092/ACR-092_1.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-166/ACR-166_1.JPG","230113/LorienCleaner-230103/1.2.0/Images/ACR-166/ACR-166.JPG"],"guid":"5bc31307-6926-4eae-8096-4e3fe57c0443_1.2.0_1","appID":"LorienCleaner-230103","dateAdded":"230113","deceptorType":"App","name":"Lorien Cleaner","company":"Lorien Desktop [ELDAMAR STUDIO]","version":"1.2.0","lastKnownStatus":"Deceptor:1.2.0","lastKnownDate":"230113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-01-13T12:52:30.8376297+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1135},{"violations":{"ACR-103":"The app suggests cleaning up \"138.63 MB\" of junk/cache. After completing junk clean it says “139 MB Cleaned”, but in the app settings, it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"138.63 MB\" of junk/cache. After completing junk clean it says “139 MB Cleaned”, but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.litetools.anticleaner.apk","isInstaller":"True","productVersion":"1.2.2","fileVersion":"1.2.2","hashMD5":"11ece24c084dd0ac1963ef6902cd5da7","hashSHA1":"62228092c961084aa77e48b4229cccbad457f119","hashSHA256":"5ad31f10f9a440be55444ef5345859345814238987a55a2c1d0fc11744e0745f","sourceIndex":"1243","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.litetools.anticleaner&hl=en_IN&pli=1","ipv4":"","ipv6":"","sourceIndex":"1243"}],"sampleFiles":["230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Samples/com.litetools.anticleaner.apk"],"imageFiles":["230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_6.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","230113/ZSecurityCPUCoolerBoost-230103/1.2.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg"],"nonDeceptorImageFiles":[],"guid":"8d5e278b-63e9-43ac-b017-b2e47f4bcc57_1.2.2_1","appID":"ZSecurityCPUCoolerBoost-230103","dateAdded":"230113","deceptorType":"Android App","name":"Z Security CPU Cooler Boost","company":"Z APPs","version":"1.2.2","lastKnownStatus":"Deceptor:1.2.2","lastKnownDate":"230113","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-01-13T12:55:36.695234+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1132},{"violations":{"ACR-048":"The app is installed inside a hidden file directory, preventing the consumer from being able to find it. It also creates a startup entry without the user's knowledge and consent and does not provide setting control in the app to disable it.\n","ACR-084":"The app automatically runs silently in the background after installation hiding the fact that it is active from the consumer. It also creates a startup entry without the user's knowledge and consent. \"Quit Program\" still leaves the process running in background, which potentially collects system's Usage Data including IP, browsing activities. (Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.)\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder %Appdata%\\Roaming by default.\n"},"samples":[{"isRevoked":"False","fileName":"QScan.exe","isInstaller":"True","companyName":"System-Check","fileVersion":"1.0","hashMD5":"6da57be0dbb5a2435c255f9f7e060a14","hashSHA1":"699833053fc45cd9fa70969d33ee6a9a8ee68339","hashSHA256":"28f38c46bb11d6310867ef6d07f262e21b2570abe18cb1b11853875a9c9febf8","digitalCertThumbprint":"A67C7CCA7E5123425EDB88819577AC19E68C0BE1","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Ingenium AI Solutions LTD, O=Ingenium AI Solutions LTD, L=London, C=GB, SERIALNUMBER=12560956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1246","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","COMODO Antivirus (20230119)","ESET Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","Kaspersky Internet Security (20230119)","Malwarebytes Premium (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Panda Dome (20230119)","Quick Heal Internet Security (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)","Webroot SecureAnywhere (20230119)"],"avAllowList":["Dr.Web Security Space (20230119)","K7 Total Security (20230119)","Trend Micro Internet Security (20230119)","Windows Defender (20230119)"]},{"isRevoked":"False","fileName":"QuickScan_Install.exe","isInstaller":"True","companyName":"System-Check","fileVersion":"1.0","hashMD5":"a8624c2cb64f2dd08284d29d39ae6d9d","hashSHA1":"a2923d3af47d0f33aeb44c24904bffe8a3816f70","hashSHA256":"b7f0f63b8d8e9a820b2b1fc647173719fc1f2df680806de325f236b0f9299c6c","digitalCertThumbprint":"A67C7CCA7E5123425EDB88819577AC19E68C0BE1","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Ingenium AI Solutions LTD, O=Ingenium AI Solutions LTD, L=London, C=GB, SERIALNUMBER=12560956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1246","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","COMODO Antivirus (20230119)","ESET Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","K7 Total Security (20230119)","Kaspersky Internet Security (20230119)","Malwarebytes Premium (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Panda Dome (20230119)","Quick Heal Internet Security (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)","Webroot SecureAnywhere (20230119)"],"avAllowList":["Dr.Web Security Space (20230119)","Trend Micro Internet Security (20230119)","Windows Defender (20230119)"]}],"additionalFiles":[],"sources":[{"howFound":"searched similar sites for pc cleaners on our list","reference":"","landingPage":"https://www.quickscan.com/","directDownloadingLink":"https://www.quickscan.com/files/QuickScan_Install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.quickscan.com/files/QuickScan_Install.exe","sourceIndex":"1246"}],"sampleFiles":["230113/QuickScan-221122/1.1.0.0/Samples/QScan.exe","230113/QuickScan-221122/1.1.0.0/Samples/QuickScan_Install.exe"],"imageFiles":["230113/QuickScan-221122/1.1.0.0/Images/ACR-048/ACR-040_HiddenFolder.jpg","230113/QuickScan-221122/1.1.0.0/Images/ACR-048/ACR-048_084_Startup.jpg","230113/QuickScan-221122/1.1.0.0/Images/ACR-084/ACR-084_BackgroundProcess.jpg","230113/QuickScan-221122/1.1.0.0/Images/ACR-084/ACR-084_UnabletoQuitProcess.gif"],"nonDeceptorImageFiles":["230113/QuickScan-221122/1.1.0.0/Images/ACR-040/ACR-040_HiddenFolder.jpg"],"guid":"2a10b029-a795-41e5-84c2-188d8dc369ce_1.1.0.0_1","appID":"QuickScan-221122","dateAdded":"230113","deceptorType":"App","name":"Quick Scan","company":"System-Check","version":"1.1.0.0","lastKnownStatus":"Deceptor:1.1.0.0","lastKnownDate":"230113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2023-01-13T10:44:02.294915+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1133},{"violations":{"ACR-042":"The app and its components have been installed in hidden folder without obtaining the user's agreement and permission, not disclosing the installation path, and allowing the user to change it.\n\n","ACR-048":"The app installs itself in a hidden folder %Appdata%\\Roaming, %Appdata%\\Local\\, %Appdata%\\Local\\Programs by default. It also does not render setting control to remove the startup and process within the app's settings. There is no direct way to completely quit the app. The process keeps running in the background making it difficult to fully uninstall it in a conventional way. \n","ACR-005":"The app appears to mimic Chrome browser. Most consumers will be misled to think it is a normal Chrome Browser.\n\n","ACR-006":"The monetization approach by search (list of search providers used) and affiliates are not clearly disclosed during installation. \n\n","ACR-007":"The app's attribution on the main page is not clear. It redirects user searches to another search engine. The browser misleads consumers into thinking that it is a normal Chrome Browser by its similar appearance.\n","ACR-084":"The app does not provide a way to completely quit the app. The process keeps running in the background.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"Click.Here.to.Install.Ouroborosbrowser.exe","isInstaller":"True","companyName":"White Sand Media, Inc","fileVersion":"1.0","hashMD5":"2869491a0d2e9b8e2d54d2b26b021bd1","hashSHA1":"d28856cd30bc4f82410663b3846daeffc11914ea","hashSHA256":"a44438dc7bc072a67ce7988bf5be5f71e4affcb49a1999215e218802d804151f","digitalCertThumbprint":"2B84A2471FED5C0773EF20E48B9FA9F3F1AC61CF","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"White Sand Media, Inc.\", O=\"White Sand Media, Inc.\", L=Road Town, C=VG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=VG, SERIALNUMBER=1962939","sourceIndex":"274","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","K7 Total Security (20230119)","Kaspersky Internet Security (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Quick Heal Internet Security (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)","Webroot SecureAnywhere (20230119)"],"avAllowList":["COMODO Antivirus (20230119)","Dr.Web Security Space (20230119)","ESET Internet Security (20230119)","Malwarebytes Premium (20230119)","Panda Dome (20230119)","Trend Micro Internet Security (20230119)","Windows Defender (20230119)"]},{"isRevoked":"False","fileName":"Ouroborosbrowser.exe","companyName":"White Sand Media, Inc","fileVersion":"2.2","hashMD5":"86c3cd8b866fcbb0c4ea2762287c6856","hashSHA1":"92a677ed4b381633cd7528dbe99fa5741f8873ed","hashSHA256":"ac081aa3dbf7cb6e1dbe1f8b3e6776dc21adee780fc5655b02ee6440731d208c","sourceIndex":"274","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search","reference":"","landingPage":"https://ouroborosbrowser.com/","directDownloadingLink":"https://ouroborosbrowser.com/downloads/Click.Here.to.Install.Ouroborosbrowser.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ouroborosbrowser.com/downloads/Click.Here.to.Install.Ouroborosbrowser.exe","sourceIndex":"274"}],"sampleFiles":["230113/OuroborosBrowser-221130/1.0.4/Samples/Click.Here.to.Install.Ouroborosbrowser.exe","230113/OuroborosBrowser-221130/1.0.4/Samples/Ouroborosbrowser.exe"],"imageFiles":["230113/OuroborosBrowser-221130/1.0.4/Images/ACR-042/ACR-065_042-No_Agreement_at_Installation.mp4","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-042/ACR_042_Hidden_Folders.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-006/ACR-006_Search_Engines.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-084/ACR-048_084_BackgroundProcess.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-048/ACR_042_048_Hidden_Folders.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-048/ACR-048_Startup.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-048/ACR-048_Settings.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-048/ACR-048_084_BackgroundProcess.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-048/ACR-048_Removed_from_List_executable_running_retained.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-005/ACR-007_Similarity_to_ChromeBrowser.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-007/ACR-007_Similarity_to_ChromeBrowser.jpg","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-007/ACR-007_Vague_Attribution.mp4","230113/OuroborosBrowser-221130/1.0.4/Images/ACR-118/ACR-118_Retained_Excutables_and_Components.jpg"],"nonDeceptorImageFiles":["230113/OuroborosBrowser-221130/1.0.4/Images/ACR-065/ACR-065_042-No_Agreement_at_Installation.mp4"],"guid":"3b1ccbb8-2c09-4b76-90a4-cc91c9165249_1.0.4_1","appID":"OuroborosBrowser-221130","dateAdded":"230113","deceptorType":"App","name":"Ouroboros Browser","company":"White Sand Media, Inc","version":"1.0.4","lastKnownStatus":"Deceptor:1.0.4","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2024-12-12T23:40:11.9691102+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1134},{"violations":{"ACR-003":"The application exaggerates invalid registry items as errors, indicate these registry items have high impact to system health which is not substantiated, thereby misleading or scaring user to take action.\n","ACR-004":"Provides no free fixes for scan results shown.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that show the Returns and Cancellation Policy Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"ScanMyReg.exe","companyName":"YL Computing, Inc","fileVersion":"3.2","hashMD5":"3c36754b668742d15109f833eb1e7338","hashSHA1":"e93d713c4b41ecb810913e6e9347bd2afd3d583f","hashSHA256":"934afec156432387a67de1d89568b0b19831ac0bc256690c7a0f6c507b28729b","sourceIndex":"2987","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"smrinstaller.exe","isInstaller":"True","companyName":"YL Computing, Inc                                           ","productVersion":"3.21","fileVersion":"0.0","hashMD5":"b635b8f12ff31bcfbe5f190ff0217dbf","hashSHA1":"6e909f0b9fafc72e6b8dd09767df24270e97bba3","hashSHA256":"b16e0137ad74fa1a646e1631e5341d29daa7f22d1adac8f9086afdc1e5aff360","sourceIndex":"2987","avBlockList":["Avast Internet Security (20190429)","AVG Internet Security (20190429)","Avira Internet Security (20190429)","ESET Internet Security (20190429)","G DATA INTERNET SECURITY (20190429)","K7 Total Security (20190429)","Kaspersky Internet Security (20190429)","Malwarebytes Premium (20190429)","McAfee Total Protection (20190429)","Norton Security (20190429)","Panda Dome (20190429)","Sophos Home Premium (20190429)","Trend Micro Internet Security (20190429)","VirIT eXplorer PRO (20190429)","Webroot SecureAnywhere (20190429)","Windows Defender (20190429)","360 Total Security (20190429)","COMODO Antivirus (20190429)","Dr.Web Security Space (20190429)","Quick Heal Internet Security (20190429)","SpyHunter5 (20190429)","Tencent PC Manager (20190429)"],"avAllowList":["Bitdefender Internet Security (20190429)","F-PROT Antivirus for Windows (20190429)","VIPRE Advanced Security (20190429)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.top4download.com/","landingPage":"http://hi.ylcomputing.com/products/scanmyreg","directDownloadingLink":"http://file.ylcomputing.com/smrinstall.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://file.ylcomputing.com/smrinstall.exe","sourceIndex":"2987"}],"sampleFiles":["190616/ScanMyReg-171009/3.21/Samples/ScanMyReg.exe","190616/ScanMyReg-171009/3.21/Samples/smrinstaller.exe"],"imageFiles":["190616/ScanMyReg-171009/3.21/Images/ACR-003/ScanMyReg Scan Popup.png","190616/ScanMyReg-171009/3.21/Images/ACR-003/ScanMyReg Scan Results.png","190616/ScanMyReg-171009/3.21/Images/ACR-004/ScanMyReg Scan Popup.png"],"nonDeceptorImageFiles":["190616/ScanMyReg-171009/3.21/Images/ACR-065/ScanMyReg Install EULA.png","190616/ScanMyReg-171009/3.21/Images/ACR-065/ScanMyReg about page.png","190616/ScanMyReg-171009/3.21/Images/ACR-065/ScanMyReg Landing Page.png","190616/ScanMyReg-171009/3.21/Images/ACR-099/ScanMyReg about page.png","190616/ScanMyReg-171009/3.21/Images/ACR-099/acr_099_IO.PNG"],"guid":"aeae116c-d3af-4121-946b-9618936010bb_3.21_1","appID":"ScanMyReg-171009","dateAdded":"230107","deceptorType":"App","name":"ScanMyReg","company":"YL Computing, Inc","version":"3.21","sigName":"Deceptor:Win32/ScanmyReg!003004","lastKnownStatus":"Deceptor:3.21,3.2,3.25;4.0","lastKnownDate":"230107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-01-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1139},{"violations":{"ACR-004":"Scan results are not substantiated. It is not clear to the consumer what kind of items being recovered or fixed.\n\n"},"nonDeceptorViolations":{"ACR-065":"Install has no link that show the Returns and Cancellation Policy.\nApp has no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy,\nLanding Page has no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n"},"samples":[{"isRevoked":"False","fileName":"WinUtil.exe","companyName":"YL Software","productName":"WinUtilities","productVersion":"15.78","fileVersion":"15.78","hashMD5":"ba1ed612acbc901f7fbffbbbb443dd55","hashSHA1":"663260b5769b26a55178352e638d7ced9bbd942f","hashSHA256":"5b4f52999258efd054a3634a8103ce5f0872b66aef8250b14b6d37d714c57cc8","sourceIndex":"1416","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"wufinstall.exe","isInstaller":"True","companyName":"YL Computing, Inc                                           ","productName":"WinUtilities Free Edition    ","fileVersion":"15.78","hashMD5":"eb73d6ecf8be0be8d44cc85ff01f6e72","hashSHA1":"bc8c2a9644489b7ff724b1e904b2286161f5fb5c","hashSHA256":"8646674b87b7e7e2b60a6110b48d05bd79ad1817f64a3ff5192c2b2965ddd1db","sourceIndex":"1416","avBlockList":["360 Total Security (20221006)","Avast Premium Security (20221006)","AVG Internet Security (20221006)","Avira Internet Security (20221006)","COMODO Antivirus (20221006)","Dr.Web Security Space (20221006)","ESET Internet Security (20221006)","Malwarebytes Premium (20221006)","McAfee Total Protection (20221006)","Norton Security (20221006)","Panda Dome (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)"],"avAllowList":["Bitdefender Internet Security (20221006)","G DATA INTERNET SECURITY (20221006)","K7 Total Security (20221006)","Kaspersky Internet Security (20221006)","Quick Heal Internet Security (20221006)","Trend Micro Internet Security (20221006)","VIPRE Advanced Security (20221006)","Windows Defender (20221006)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: PC repair and optimizer","reference":"","landingPage":"https://www.pcclean.io/winutilities-free/","directDownloadingLink":"https://www.pcclean.io/winutilities-free/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcclean.io/winutilities-free/download/","sourceIndex":"1416"}],"sampleFiles":["220921/WinUtilities-220921/15.78/Samples/WinUtil.exe","220921/WinUtilities-220921/15.78/Samples/wufinstall.exe"],"imageFiles":["220921/WinUtilities-220921/15.78/Images/ACR-004/ACR-003_004_Scan.gif","220921/WinUtilities-220921/15.78/Images/ACR-004/ACR-003_004_Scan_and_Fix.jpg"],"nonDeceptorImageFiles":["220921/WinUtilities-220921/15.78/Images/ACR-065/ACR-065_Install.jpg","220921/WinUtilities-220921/15.78/Images/ACR-065/ACR-065_Software.jpg","220921/WinUtilities-220921/15.78/Images/ACR-065/WinUtilities_LandingPage.png"],"guid":"925d7d47-f2fc-4fad-893a-20cf62ed59e6_15.78_1","appID":"WinUtilities-220921","dateAdded":"230107","deceptorType":"App","name":"WinUtilities","company":"YL Computing, Inc","version":"15.78","lastKnownStatus":"Deceptor:15.78;15.84","lastKnownDate":"230107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-01-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1137},{"violations":{"ACR-003":"The application exaggerates invalid registry items as errors, indicate these registry items have high impact to system health which is not substantiated, thereby misleading or scaring user to take action.\n","ACR-004":"Provides no free fixes for scan results shown.\nuses the words \"errors\" and reports ncomputer damage: as high\n"},"nonDeceptorViolations":{"ACR-065":"There are links that show the Returns and Cancellation,  \nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, \n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"smrinstall2019.exe","isInstaller":"True","companyName":"YL Computing, Inc                                           ","productName":"","productVersion":"3.25","fileVersion":"0.0","hashMD5":"06f5f1bc48d97565b3f78b93c4d0ac79","hashSHA1":"3179cafe44fdfac176c58e618f84d9b1235b2b78","hashSHA256":"aebc6d80fa05e5f0ae57abebcd80f102c0f9251c6d5989f7b605bbae65fb74d2","digitalCertThumbprint":"B4760A79C0D36A2C6AA1E0F535FC2CBAC29A4362","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SuiNing Yilong Software Store, OU=IT, O=SuiNing Yilong Software Store, L=SuiNing, S=SiChuan, C=CN","sourceIndex":"2988","avBlockList":["360 Total Security (20190909)","Avast Internet Security (20190909)","AVG Internet Security (20190909)","Avira Internet Security (20190909)","Bitdefender Internet Security (20190909)","Dr.Web Security Space (20190909)","ESET Internet Security (20190909)","G DATA INTERNET SECURITY (20190909)","K7 Total Security (20190909)","Kaspersky Internet Security (20190909)","Malwarebytes Premium (20190909)","McAfee Total Protection (20190909)","Norton Security (20190909)","Panda Dome (20190909)","Sophos Home Premium (20190909)","Tencent PC Manager (20190909)","VIPRE Advanced Security (20190909)","VirIT eXplorer PRO (20190909)","Webroot SecureAnywhere (20190909)","Windows Defender (20190909)"],"avAllowList":["COMODO Antivirus (20190909)","Quick Heal Internet Security (20190909)","Trend Micro Internet Security (20190909)"]},{"isRevoked":"False","fileName":"ScanMyReg.exe","companyName":"YL Computing, Inc","productName":"ScanMyReg","productVersion":"3.25","fileVersion":"3.25","hashMD5":"f0eb3ae54237926c6273bc8d89ae463b","hashSHA1":"1ce71b7ba81b79447a564345f5d625be2a1e2c64","hashSHA256":"a50b0e3c21eb58b00518ad27cd96ca466ec84d369dd7b8698db327af243e1c8e","digitalCertThumbprint":"B4760A79C0D36A2C6AA1E0F535FC2CBAC29A4362","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SuiNing Yilong Software Store, OU=IT, O=SuiNing Yilong Software Store, L=SuiNing, S=SiChuan, C=CN","sourceIndex":"2988","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.top4download.com/","landingPage":"http://hi.ylcomputing.com/products/scanmyreg","directDownloadingLink":"https://www.pcclean.io/product-scanmyreg/smrinstall2019.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://file.ylcomputing.com/smrinstall.exe","sourceIndex":"2988"}],"sampleFiles":["190616/ScanMyReg-171009/3.25/Samples/smrinstall2019.exe","190616/ScanMyReg-171009/3.25/Samples/ScanMyReg.exe"],"imageFiles":["190616/ScanMyReg-171009/3.25/Images/ACR-003/errors.png","190616/ScanMyReg-171009/3.25/Images/ACR-003/high damage.png","190616/ScanMyReg-171009/3.25/Images/ACR-004/ScanMyReg Scan Popup.png","190616/ScanMyReg-171009/3.25/Images/ACR-004/errors.png","190616/ScanMyReg-171009/3.25/Images/ACR-004/high damage.png"],"nonDeceptorImageFiles":["190616/ScanMyReg-171009/3.25/Images/ACR-065/EULA.png","190616/ScanMyReg-171009/3.25/Images/ACR-065/privacy policy install.png","190616/ScanMyReg-171009/3.25/Images/ACR-065/privacy policy.png","190616/ScanMyReg-171009/3.25/Images/ACR-065/landing page.png","190616/ScanMyReg-171009/3.25/Images/ACR-099/IO page.png"],"guid":"aeae116c-d3af-4121-946b-9618936010bb_3.25_1","appID":"ScanMyReg-171009","dateAdded":"230107","deceptorType":"App","name":"ScanMyReg","company":"YL Computing, Inc","version":"3.25","lastKnownStatus":"Deceptor:3.21,3.2,3.25;4.0","lastKnownDate":"230107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-01-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1140},{"violations":{"ACR-003":"The application exaggerates registry keys as errors , thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"smrinstall.exe","isInstaller":"True","companyName":"YL Computing, Inc                                           ","fileVersion":"0.0","hashMD5":"0373d7d2b89f623d9cc083fa40ab4678","hashSHA1":"f4cbf4960c7ef33450d2358ecaffa02232e73922","hashSHA256":"e86562bfb6e4aabc6c1a715f7023b3375cd5baa3c9d7cdf1742a3735e221fcba","digitalCertThumbprint":"6C67DF5309930C638319C2405A8EAB60C160A408","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SuiNing Yilong Software Store, OU=IT, O=SuiNing Yilong Software Store, L=SuiNing, S=SiChuan, C=CN","sourceIndex":"3211","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)"],"avAllowList":["Bitdefender Internet Security (20190209)","Trend Micro Internet Security (20190209)","Windows Defender (20190209)"]},{"isRevoked":"False","fileName":"ScanMyReg.exe","isInstaller":"True","companyName":"YL Computing, Inc","fileVersion":"3.1","hashMD5":"5aa839306c69a7b2343a66eab0443730","hashSHA1":"6f2cdd1239c8be685a937f21c433589b27f136fd","hashSHA256":"caefdac95d8a5c75e67617054652f59b7e9aa68d3470c5b876b9cb65201c5d33","digitalCertThumbprint":"6C67DF5309930C638319C2405A8EAB60C160A408","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SuiNing Yilong Software Store, OU=IT, O=SuiNing Yilong Software Store, L=SuiNing, S=SiChuan, C=CN","sourceIndex":"3211","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","ESET Internet Security (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Webroot SecureAnywhere (20190209)"],"avAllowList":["Bitdefender Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.pcclean.io/scanmyreg/#","directDownloadingLink":"http://www.pcclean.io/product-scanmyreg/smrinstall.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcclean.io/product-scanmyreg/smrinstall.exe","sourceIndex":"3211"}],"sampleFiles":["190203/ScanMyReg-171009/3.1/Samples/smrinstall.exe","190203/ScanMyReg-171009/3.1/Samples/ScanMyReg.exe"],"imageFiles":["190203/ScanMyReg-171009/3.1/Images/ACR-003/acr_003.PNG","190203/ScanMyReg-171009/3.1/Images/ACR-003/acr_003_1.PNG"],"nonDeceptorImageFiles":["190203/ScanMyReg-171009/3.1/Images/ACR-065/acr_065_I.PNG","190203/ScanMyReg-171009/3.1/Images/ACR-065/acr_065_S.PNG","190203/ScanMyReg-171009/3.1/Images/ACR-065/acr_065_LP.PNG","190203/ScanMyReg-171009/3.1/Images/ACR-092/acr_092.PNG","190203/ScanMyReg-171009/3.1/Images/ACR-099/acr_099_S.PNG","190203/ScanMyReg-171009/3.1/Images/ACR-099/acr_099_LP.PNG","190203/ScanMyReg-171009/3.1/Images/ACR-099/acr_099_IO.PNG"],"guid":"aeae116c-d3af-4121-946b-9618936010bb_3.1_1","appID":"ScanMyReg-171009","dateAdded":"230107","deceptorType":"App","name":"ScanMyReg","company":"YL Computing, Inc","version":"3.1","sigName":"Deceptor:Win32/ScanMyReg!003","lastKnownStatus":"Deceptor:3.21,3.2,3.25;4.0","lastKnownDate":"230107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-01-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1141},{"violations":{"ACR-003":"The application exaggerates invalid registry items as errors, indicate these registry items have high impact to system health which is not substantiated, thereby misleading or scaring user to take action.\n","ACR-004":"Provides no free fixes for scan results shown.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"smrinstaller.exe","isInstaller":"True","companyName":"YL Computing, Inc                                           ","productName":"ScanMyReg","productVersion":"3.2","fileVersion":"0.0","hashMD5":"5de50eda55f6b87d4ddbdb0fbdec0fc8","hashSHA1":"a836ce434e1b0d7f67570778f1e963ee4f788513","hashSHA256":"78f4c21318f7e74d3287a0331a6a2a680af761400e47c4a30ca79d7fd7f33448","sourceIndex":"3212","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","ESET Internet Security (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)"],"avAllowList":["Bitdefender Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","Windows Defender (20190209)"]},{"isRevoked":"False","fileName":"ScanMyReg.exe","companyName":"YL Computing, Inc","productName":"ScanMyReg","productVersion":"3.2","fileVersion":"3.2","hashMD5":"95bb5f0bef1447af54cd4a37522a92b9","hashSHA1":"fa584d73ac8ac76cb8b18acb54696a7755e359e7","hashSHA256":"5a93bf976b7c168a51aadadbf781fc275cd2da1b4f7a1cba66c4d11b062f6125","sourceIndex":"3212","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.top4download.com/","landingPage":"http://www.pcclean.io/scanmyreg/","directDownloadingLink":"http://www.pcclean.io/scanmyreg/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcclean.io/scanmyreg/download/","sourceIndex":"3212"}],"sampleFiles":["190203/ScanMyReg-171009/3.2/Samples/smrinstaller.exe","190203/ScanMyReg-171009/3.2/Samples/ScanMyReg.exe"],"imageFiles":["190203/ScanMyReg-171009/3.2/Images/ACR-003/acr_003.PNG","190203/ScanMyReg-171009/3.2/Images/ACR-003/acr_003_1.PNG","190203/ScanMyReg-171009/3.2/Images/ACR-004/ACR_004-Software.png"],"nonDeceptorImageFiles":["190203/ScanMyReg-171009/3.2/Images/ACR-065/acr_065_I.PNG","190203/ScanMyReg-171009/3.2/Images/ACR-065/acr_065_S.PNG","190203/ScanMyReg-171009/3.2/Images/ACR-065/acr_065_LP.PNG","190203/ScanMyReg-171009/3.2/Images/ACR-099/acr_099_S.PNG","190203/ScanMyReg-171009/3.2/Images/ACR-099/acr_099_LP.PNG","190203/ScanMyReg-171009/3.2/Images/ACR-099/acr_099_IO.PNG"],"guid":"aeae116c-d3af-4121-946b-9618936010bb_3.2_1","appID":"ScanMyReg-171009","dateAdded":"230107","deceptorType":"App","name":"ScanMyReg","company":"YL Computing, Inc","version":"3.2","sigName":"Deceptor:Win32/ScanmyReg!003004","lastKnownStatus":"Deceptor:3.21,3.2,3.25;4.0","lastKnownDate":"230107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-01-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1142},{"violations":{"ACR-003":"The application exaggerates registry issues as errors and also adds urgency with the color red thereby misleading or scaring consumer to take action.\n","ACR-168":"The internal offer shopping cart page has a support phone number, but does not disclose that additional offers may be made.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to uninstall information on the about page. \n","ACR-161":"The landing page has a customer review but no link to verify if the review is legit.\n","ACR-092":"The installed application is using a different vendor name that what was specified in the EULA.\n","ACR-099":"The internal offer shopping cart page has no link to uninstall information.\nThe Landing page has no link to uninstall information on the about page.\nThe application has no link to uninstall information on the about page.\n","ACR-017":"The privacy policy webpage has logos of awards that is not clickable. \nThe Landing page has logos of awards of reviews that is not clickable which cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"smrinstall.exe","isInstaller":"True","companyName":"YL Computing, Inc","productName":"ScanMyReg","productVersion":"3.0","fileVersion":"0.0.0.0","hashMD5":"0c92569b54a9eb617a78047c2382f448","hashSHA1":"cf67daf7c539034a8cafb008c69d314badc58bdf","hashSHA256":"c792049d7a8dc388b43207b5f8360be108f95e0c61fb1101dd19bc3d76acbf07","digitalCertThumbprint":"6C67DF5309930C638319C2405A8EAB60C160A408","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"SuiNing Yilong Software Store","sourceIndex":"3213","avBlockList":["Avast Internet Security (20190211)","AVG Internet Security (20190211)","Avira Internet Security (20190211)","ESET Internet Security (20190211)","G DATA INTERNET SECURITY (20190211)","K7 Total Security (20190211)","Kaspersky Internet Security (20190211)","Malwarebytes Premium (20190211)","McAfee Total Protection (20190211)","Norton Security (20190211)","Panda Dome (20190211)","Sophos Home Premium (20190211)","VirIT eXplorer PRO (20190211)","Webroot SecureAnywhere (20190211)"],"avAllowList":["Bitdefender Internet Security (20190211)","Trend Micro Internet Security (20190211)","Windows Defender (20190211)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.top4download.com/","landingPage":"http://hi.ylcomputing.com/products/scanmyreg","directDownloadingLink":"http://file.ylcomputing.com/smrinstall.exe","ipv4":"","ipv6":"","sourceIndex":"3213"}],"sampleFiles":["190203/ScanMyReg-171009/3.0/Samples/smrinstall.exe"],"imageFiles":["190203/ScanMyReg-171009/3.0/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG","190203/ScanMyReg-171009/3.0/Images/ACR-003/ACR-003_SOFTWARE.PNG"],"nonDeceptorImageFiles":["190203/ScanMyReg-171009/3.0/Images/ACR-017/ACR-017_DOCS.PNG","190203/ScanMyReg-171009/3.0/Images/ACR-017/ACR-017_LANDING_PAGE.PNG","190203/ScanMyReg-171009/3.0/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","190203/ScanMyReg-171009/3.0/Images/ACR-092/ACR-092_SOFTWARE.PNG","190203/ScanMyReg-171009/3.0/Images/ACR-065/ACR-065_SOFTWARE.PNG","190203/ScanMyReg-171009/3.0/Images/ACR-099/ACR-099_SOFTWARE.PNG"],"guid":"aeae116c-d3af-4121-946b-9618936010bb_3.0_1","appID":"ScanMyReg-171009","dateAdded":"230107","deceptorType":"App","name":"ScanMyReg","company":"YL Computing, Inc","version":"3.0","sigName":"Deceptor:Win32/ScanMyReg!003168","lastKnownStatus":"Deceptor:3.21,3.2,3.25;4.0","lastKnownDate":"230107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-01-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1143},{"violations":{"ACR-004":"The application only cleans 500MB off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-065":"There are no Links to its Terms of Service in the App's About Page\n","ACR-054":"The Decline Offer is almost unnoticeable for the consumer to choose.\n"},"samples":[{"isRevoked":"False","fileName":"CleanMaster","fileVersion":"0.","hashMD5":"219429d8e48e6ad4107b5ca1faf930b0","hashSHA1":"24a10d2dda0150b0ae044c842eaf4835bc87f777","hashSHA256":"bf3b2b823c5220ae142133e800e44a9705f49919ad61b76d70c5810498077167","sourceIndex":"1249","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaning app via app store","reference":"","landingPage":"https://anycasesolutions.com/","directDownloadingLink":"https://apps.apple.com/us/app/cleanmaster-remove-junk-files/id1522432233?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/cleanmaster-remove-junk-files/id1522432233?mt=12","sourceIndex":"1249"}],"sampleFiles":["230107/CleanMaster-221007/2.1.5/Samples/CleanMaster"],"imageFiles":["230107/CleanMaster-221007/2.1.5/Images/ACR-004/ACR004-1.png","230107/CleanMaster-221007/2.1.5/Images/ACR-004/ACR004-2.png","230107/CleanMaster-221007/2.1.5/Images/ACR-004/ACR004-3.png","230107/CleanMaster-221007/2.1.5/Images/ACR-004/ACR004-4.mp4"],"nonDeceptorImageFiles":["230107/CleanMaster-221007/2.1.5/Images/ACR-065/ACR065.png","230107/CleanMaster-221007/2.1.5/Images/ACR-054/ACR054.png"],"guid":"d637fe52-12b0-40b5-8221-b4d474d6a845_2.1.5_1","appID":"CleanMaster-221007","dateAdded":"230107","deceptorType":"MacOS App","name":"CleanMaster","company":"Any Case Solutions","version":"2.1.5","lastKnownStatus":"Deceptor:2.1.4;2.1.5","lastKnownDate":"230107","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-01-07T11:08:48.4981912+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1144},{"violations":{"ACR-004":"The application only cleans 500MB off of the disk, then it requires the user to pay to continue cleaning the disk.\n"},"nonDeceptorViolations":{"ACR-054":"The Decline Offer is almost unnoticeable for the consumer to choose.\n"},"samples":[{"isRevoked":"False","fileName":"CleanMaster","fileVersion":"0.","hashMD5":"e03a00e5b339ff9ae9a20f9d9061e472","hashSHA1":"52680c96147d9cb82119335cfcf0f28a7d28bff5","hashSHA256":"c16d91d8a26eccbcf15ebb7cc4538b697c196c9c4d5603cb4d9553a13f683914","sourceIndex":"1383","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaning app via app store","reference":"https://anycasesolutions.com/","landingPage":"","directDownloadingLink":"https://apps.apple.com/ph/app/cleanmaster-remove-junk-files/id1522432233?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/cleanmaster-remove-junk-files/id1522432233?mt=12","sourceIndex":"1383"}],"sampleFiles":["221010/CleanMaster-221007/2.1.4/Samples/CleanMaster"],"imageFiles":["221010/CleanMaster-221007/2.1.4/Images/ACR-004/USE_AppLimit.mp4","221010/CleanMaster-221007/2.1.4/Images/ACR-004/USE_ScanLimit.png"],"nonDeceptorImageFiles":["221010/CleanMaster-221007/2.1.4/Images/ACR-054/USE_Offer2 copy.png"],"guid":"d637fe52-12b0-40b5-8221-b4d474d6a845_2.1.4_1","appID":"CleanMaster-221007","dateAdded":"230107","deceptorType":"MacOS App","name":"CleanMaster","company":"Any Case Solutions","version":"2.1.4","lastKnownStatus":"Deceptor:2.1.4;2.1.5","lastKnownDate":"230107","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2023-01-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1145},{"violations":{"ACR-003":"The app exaggerates invalid registry items as \"errors\" and uses alarming colors for the free scan results. It gauges the system health's status as Poor and meets High damage level compelling the user to take action.\n","ACR-004":"The app does not provide fix for free scan results. Also, scan results are displayed with alarming colors to make exaggerated claims about the system's health for the user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, \n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"ScanMyReg.exe","companyName":"YL Computing, Inc","fileVersion":"4.0","hashMD5":"6605e2699497ac19d0c183460ca00a0e","hashSHA1":"bd4e9f07234321fd25eabdff17d7f8a8f55991c8","hashSHA256":"72a1fabc118118dac67dd314eea6315d508b367341f978dcd2e731eaee32e5af","digitalCertThumbprint":"5AEEE3E72BB360E629C28693BC8058DFE175D399","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Suining YiLong Software Store, O=Suining YiLong Software Store, S=四川省, C=CN","sourceIndex":"1248","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"smrsetup.exe","isInstaller":"True","companyName":"YL Computing, Inc                                           ","fileVersion":"0.0","hashMD5":"e021e7a0d1a2788750b42827236e6091","hashSHA1":"3730091e2a1b28a9a23a91669f2652054bb9746f","hashSHA256":"03b68183351d07cd680dd159909ceccdc53ea3fbdad78bc21e18892468783d60","digitalCertThumbprint":"5AEEE3E72BB360E629C28693BC8058DFE175D399","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Suining YiLong Software Store, O=Suining YiLong Software Store, S=四川省, C=CN","sourceIndex":"1248","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","ESET Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","K7 Total Security (20230119)","Kaspersky Internet Security (20230119)","Malwarebytes Premium (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Panda Dome (20230119)","Quick Heal Internet Security (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","Trend Micro Internet Security (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)","Webroot SecureAnywhere (20230119)","Windows Defender (20230119)"],"avAllowList":["COMODO Antivirus (20230119)","Dr.Web Security Space (20230119)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.pcclean.io/scanmyreg/","directDownloadingLink":"https://www.pcclean.io/product-scanmyreg/smrsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcclean.io/product-scanmyreg/smrsetup.exe","sourceIndex":"1248"}],"sampleFiles":["230107/ScanMyReg-171009/4.0/Samples/ScanMyReg.exe","230107/ScanMyReg-171009/4.0/Samples/smrsetup.exe"],"imageFiles":["230107/ScanMyReg-171009/4.0/Images/ACR-003/ACR-004_ExaggeratedStatus.jpg","230107/ScanMyReg-171009/4.0/Images/ACR-003/ACR-004_NoFix.jpg","230107/ScanMyReg-171009/4.0/Images/ACR-004/ACR-004_ExaggeratedStatus.jpg","230107/ScanMyReg-171009/4.0/Images/ACR-004/ACR-004_NoFix.jpg"],"nonDeceptorImageFiles":["230107/ScanMyReg-171009/4.0/Images/ACR-065/ScanMyReg_About.jpg","230107/ScanMyReg-171009/4.0/Images/ACR-065/ScanMyReg_LandingPage.png","230107/ScanMyReg-171009/4.0/Images/ACR-099/ScanMyReg_About.jpg","230107/ScanMyReg-171009/4.0/Images/ACR-099/ScanMyReg_InternalOffer.png"],"guid":"aeae116c-d3af-4121-946b-9618936010bb_4.0_1","appID":"ScanMyReg-171009","dateAdded":"230107","deceptorType":"App","name":"ScanMyReg","company":"YL Computing, Inc","version":"4.0","lastKnownStatus":"Deceptor:3.21,3.2,3.25;4.0","lastKnownDate":"230107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-01-07T11:18:30.3905853+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1138},{"violations":{"ACR-004":"Scan results are not substantiated. The recovered/fixed items are not clearly presented.\n\n"},"nonDeceptorViolations":{"ACR-065":"Install has no link that show the Returns and Cancellation Policy.\nApp has no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy,\nLanding Page has no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n"},"samples":[{"isRevoked":"False","fileName":"WinUtil.exe","companyName":"YL Software","fileVersion":"15.8","hashMD5":"e64189d33d753804c0ed0ea790ead40b","hashSHA1":"33a8f08ecbc6f69df1e88337d429a2f915faa9a5","hashSHA256":"5eb8dcc7c5e35fdeb81300a77db70d2ba731ee051e7194f41e4ca0ff42e4f558","digitalCertThumbprint":"5AEEE3E72BB360E629C28693BC8058DFE175D399","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Suining YiLong Software Store, O=Suining YiLong Software Store, S=四川省, C=CN","sourceIndex":"1247","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"wufinstall.exe","isInstaller":"True","companyName":"YL Computing                                                ","fileVersion":"15.84","hashMD5":"431227e014ebbb967db6a3aba38cfa61","hashSHA1":"b76e5687938fea328888628aaa91d95ab81bfb3e","hashSHA256":"4ce14605f234915abfe286afcabefa0d02d92d5031dc56f7f836c8b2ee25dbd0","digitalCertThumbprint":"5AEEE3E72BB360E629C28693BC8058DFE175D399","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Suining YiLong Software Store, O=Suining YiLong Software Store, S=四川省, C=CN","sourceIndex":"1247","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","Malwarebytes Premium (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Quick Heal Internet Security (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","Trend Micro Internet Security (20230202)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: PC repair and optimizer","reference":"","landingPage":"https://www.pcclean.io/winutilities-free/","directDownloadingLink":"https://www.pcclean.io/product-winutilities-free/wufinstall.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcclean.io/product-winutilities-free/wufinstall.exe","sourceIndex":"1247"}],"sampleFiles":["230107/WinUtilities-220921/15.84/Samples/WinUtil.exe","230107/WinUtilities-220921/15.84/Samples/wufinstall.exe"],"imageFiles":["230107/WinUtilities-220921/15.84/Images/ACR-004/UnsubstantiatedScanResult-1.gif","230107/WinUtilities-220921/15.84/Images/ACR-004/UnsubstantiatedScanResult-2.jpg"],"nonDeceptorImageFiles":["230107/WinUtilities-220921/15.84/Images/ACR-065/ACR-065_Install.jpg","230107/WinUtilities-220921/15.84/Images/ACR-065/WinUtilities_About.jpg","230107/WinUtilities-220921/15.84/Images/ACR-065/WinUtilities_LandingPage.jpeg"],"guid":"925d7d47-f2fc-4fad-893a-20cf62ed59e6_15.84_1","appID":"WinUtilities-220921","dateAdded":"230107","deceptorType":"App","name":"WinUtilities","company":"YL Computing, Inc","version":"15.84","lastKnownStatus":"Deceptor:15.78;15.84","lastKnownDate":"230107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-01-07T11:39:34.3381526+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1136},{"violations":{"ACR-048":"1. App has no setting option for user to turn off the notification message in right bottom. User cannot uncheck the checkbox for \"Enable push messages\". 2. Also, in the attempt to completely close the app, it displays the offer twice before showing \"Full Close\" button to completely exit. 3. It tries to hide the close button by graying it out. 4. User is unable to disable the created scheduled task.\n","ACR-003":"The app does not substantiate all the identified issues to the consumer.\n","ACR-006":"The app doesn't disclose the call center name next to the phone number.\n","ACR-084":"1. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent. 2. The app runs in the background without notification, hiding the fact that it is active from the consumer.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal/cancellation in the internal offers.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n","ACR-167":"The return policy between offers made for the app is inconsistent.\n"},"samples":[{"isRevoked":"False","fileName":"PCCUREPRO.exe","productName":"PCCUREPRO - better PC","productVersion":"6.1.0.0","fileVersion":"6.1.0.0","hashMD5":"e50c3e86101a18de4bad57139473125e","hashSHA1":"ff636b871a676e785df028da0f7044c6a99eab7d","hashSHA256":"0e06190c8620adfbfc64a7ac6eaf000a9646bd2f8e6444a336c45c1929ebde45","digitalCertThumbprint":"76021AECE205FE147D3DBB1B808D80AFCBF19172","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Energizer Softech Private Limited, O=Energizer Softech Private Limited, S=Delhi, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72200DL2010PTC206723","sourceIndex":"281","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCCUREPRO.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"39372358a80abacb10157532ca453325711c7832c46926568cd4a43e237d57ef","sourceIndex":"281","avBlockList":["360 Total Security (20230119)","Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Dr.Web Security Space (20230119)","ESET Internet Security (20230119)","G DATA INTERNET SECURITY (20230119)","K7 Total Security (20230119)","Kaspersky Internet Security (20230119)","Malwarebytes Premium (20230119)","Norton Security (20230119)","Panda Dome (20230119)","Quick Heal Internet Security (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VirIT eXplorer PRO (20230119)","Windows Defender (20230119)"],"avAllowList":["Bitdefender Internet Security (20230119)","COMODO Antivirus (20230119)","McAfee Total Protection (20230119)","Trend Micro Internet Security (20230119)","VIPRE Advanced Security (20230119)","Webroot SecureAnywhere (20230119)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.pccurepro.com/","directDownloadingLink":"https://pccurepro.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pccurepro.com/download","sourceIndex":"281"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://pccurepro.com/speedbooster","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pccurepro.com/speedbooster","sourceIndex":"282"}],"sampleFiles":["230106/PCCurePro-180810/6.1.0.0/Samples/PCCUREPRO.exe","230106/PCCurePro-180810/6.1.0.0/Samples/PCCUREPRO.msi"],"imageFiles":["230106/PCCurePro-180810/6.1.0.0/Images/ACR-048/PushMessages.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-048/Popup2.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-048/Pop-up1.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-048/Pop-up3.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-048/ACR-048_ExitingTheApp.gif","230106/PCCurePro-180810/6.1.0.0/Images/ACR-048/ACR-048_GrayedOutCloseButton.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-048/ScheduledTask.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-048/ScheduledTask_1.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-003/ACR-003.gif","230106/PCCurePro-180810/6.1.0.0/Images/ACR-084/ScheduledTask.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-084/BackgroundProcess.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-165/PCCurePro_InternalOffer.png","230106/PCCurePro-180810/6.1.0.0/Images/ACR-006/ACR-006_CallCenter.jpg"],"nonDeceptorImageFiles":["230106/PCCurePro-180810/6.1.0.0/Images/ACR-123/ACR-123_ScheduledTask.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-167/ACR-167_RefundPolicy.jpg","230106/PCCurePro-180810/6.1.0.0/Images/ACR-167/ACR-167_RefundPolicy2.jpg"],"guid":"dc1df53e-3ee2-4b13-a5fc-73731752bd3b_6.1.0.0_1","appID":"PCCurePro-180810","dateAdded":"230106","deceptorType":"App","name":"PC Cure Pro","company":"Energizer Softech Pvt ltd","version":"6.1.0.0","lastKnownStatus":"Deceptor:2.0.0.0;5.0.0.0;6.1.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2026-05-04T14:37:15.8075601+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1149},{"violations":{"ACR-048":"App has not setting option for user to control to complete close app and not prompt the notification message in right bottom. In the app's settings, the user cannot uncheck the checkbox for \"Enable push messages\"\n","ACR-003":"The app does not substantiate all the identified issues to the consumer.\n","ACR-004":"The app does not provide a free fix for the identified issues scanned during \"Free scan\" and also does not provide a substantiated result summary of the shown issues.\n","ACR-006":"The app doesn't disclose the call center name next to the phone number\n","ACR-084":"1. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n2. The app runs silently in the background, hiding the fact that it is active from the consumer\n","ACR-168":"The app displays a support call center phone number but does not display that additional offers may be made during the one-on-one interaction with the consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not contain links to the EULA or Terms of Service, Terms of Service, Returns and Cancellations Policy, Privacy Policy during install.\nThe app does not contain links to the EULA or Terms of Service, Terms of Service, Returns and Cancellations Policy, Privacy Policy inside the software.\n","ACR-161":"The landing page(https://pccurepro.com/) has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-123":"The app does not remove the scheduled tasks even after uninstall and this scenario is observed even after closing and reopening the Task scheduler after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Energizer Softech Pvt ltd\\PC CURE PRO\\PCCUREPROApp.exe","companyName":"PCCUREPRO.com","productName":"PCCUREPRO","productVersion":"5.0.0.0","fileVersion":"5.0.0.0","hashMD5":"e3780a0d1b57caa5e2a2fc8c46bd8862","hashSHA1":"165d62e84625613a489df3b0e7c650e81d04279e","hashSHA256":"5b4a3e62aac7549feff73fb895c3f3ea8e0baa5b0fba77e1cafb47df1453ce1b","digitalCertThumbprint":"76021AECE205FE147D3DBB1B808D80AFCBF19172","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"Energizer Softech Private Limited","storeId":"","sourceIndex":"279","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pccureproSetup5.msi","isInstaller":"True","companyName":"pccureproSetup5.msi","productName":"","productVersion":"","fileVersion":"","hashMD5":"7122a34a42f1ace4df9c8d4c2b6d1c3f","hashSHA1":"c7add94f554f11874c0e2ce4d42bce36b5df1482","hashSHA256":"c24acc15ddec153f1329dc675fd8cff096f16bdf8662abaf9123f283dfd3844d","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"279","avBlockList":["360 Total Security (20220607)","Avast Premium Security (20220607)","AVG Internet Security (20220607)","Avira Internet Security (20220607)","Bitdefender Internet Security (20220607)","Dr.Web Security Space (20220607)","ESET Internet Security (20220607)","G DATA INTERNET SECURITY (20220607)","K7 Total Security (20220607)","Kaspersky Internet Security (20220607)","Malwarebytes Premium (20220607)","McAfee Total Protection (20220607)","Norton Security (20220607)","Panda Dome (20220607)","Sophos Home Premium (20220607)","SpyHunter5 (20220607)","Total AV Antivirus Pro (20220607)","VIPRE Advanced Security (20220607)","VirIT eXplorer PRO (20220607)","Windows Defender (20220607)"],"avAllowList":["COMODO Antivirus (20220607)","Quick Heal Internet Security (20220607)","Tencent PC Manager (20220607)","Trend Micro Internet Security (20220607)","Webroot SecureAnywhere (20220607)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://pccurepro.com/download","directDownloadingLink":"https://pccurepro.com/speedbooster","ipv4":"103.209.144.155","ipv6":"","directDownloadingLinkWildChar":"https://pccurepro.com/speedbooster","sourceIndex":"279"},{"howFound":"","reference":"","landingPage":"https://pccurepro.com/optimize-pc-tools/","directDownloadingLink":"https://pccurepro.com/optimize-pc-tools/#","ipv4":"","ipv6":"","sourceIndex":"280"}],"sampleFiles":["230106/PCCurePro-180810/5.0.0.0/Samples/pccureproSetup5.msi"],"imageFiles":["230106/PCCurePro-180810/5.0.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-048/ACR-048_1.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-048/ACR-048_2.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-048/ACR-048_3.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-048/ACR-048_Software_Notifications.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-048/ACR-048_Software_Notifications_1.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-003/ACR-003_Software_1.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-004/ACR-004_Software_1.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-004/ACR-004_Software_2.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-084/ACR-084_2.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-084/ACR-084.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-168/ACR-168_Software_No_Offers.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-006/ACR-006_Software_No_Call_Center.JPG"],"nonDeceptorImageFiles":["230106/PCCurePro-180810/5.0.0.0/Images/ACR-065/ACR-065_1.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-161/ACR-161_1.JPG","230106/PCCurePro-180810/5.0.0.0/Images/ACR-123/ACR-123_1.JPG"],"guid":"dc1df53e-3ee2-4b13-a5fc-73731752bd3b_5.0.0.0_1","appID":"PCCurePro-180810","dateAdded":"230106","deceptorType":"App","name":"PC Cure Pro","company":"Energizer Softech Pvt ltd","version":"5.0.0.0","lastKnownStatus":"Deceptor:2.0.0.0;5.0.0.0;6.1.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2026-05-04T14:37:15.7776486+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1148},{"violations":{"ACR-048":"App has not setting option for user to control to complete close app and not prompt the notification message in right bottom. In the app's settings, the user cannot uncheck the checkbox for \"Enable push messages\"\n","ACR-004":"The app does not fix free scan results of  the PC Cleaner category wherein it shows the Temporary Files, History and Cookies, Internet Cache results.\n","ACR-006":"App doesn't disclose the call center name next to phone number\n","ACR-168":"App doesn't disclose that additional offer will be made next to phone number during one-one interactive call\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy. \nThe app does not contain links to the EULA or Terms of Service, Terms of Service, Returns and Cancellations Policy, Privacy Policy\n","ACR-161":"The offer page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"PC CURE PRO.exe","fileVersion":"2.0","hashMD5":"e60bfbc7e303db29066fdb4f8ad7e80d","hashSHA1":"d63586e025a63088b7d53d640734bb07c4ded98d","hashSHA256":"0aa44ddc55a83a10109fc7017c1a619f349c933d0bd2c1e781c4ccffa8c02bfc","digitalCertThumbprint":"181453ACA9029AEEF6177EFD1248FEFABCE2BCA6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=IN, OID.2.5.4.15=Private Organization, CN=ENERGIZER SOFTECH PRIVATE LIMITED, SERIALNUMBER=U72200DL2010PTC206723, O=ENERGIZER SOFTECH PRIVATE LIMITED, L=New Delhi, S=Delhi, C=IN","sourceIndex":"278","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pccurepro.exe","isInstaller":"True","companyName":"Energizer Softech Pvt Ltd","fileVersion":"2.0","hashMD5":"90afb24a5bfb2c22fa3f3959f887c87b","hashSHA1":"102f94d1a19c1be0c56e2b99079d9f099bb9c7dc","hashSHA256":"414d2266c7ac8e2675255deec5f6e240ae2d41e4b85526d248ac40ea0eaab35c","digitalCertThumbprint":"181453ACA9029AEEF6177EFD1248FEFABCE2BCA6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=IN, OID.2.5.4.15=Private Organization, CN=ENERGIZER SOFTECH PRIVATE LIMITED, SERIALNUMBER=U72200DL2010PTC206723, O=ENERGIZER SOFTECH PRIVATE LIMITED, L=New Delhi, S=Delhi, C=IN","sourceIndex":"278","avBlockList":["360 Total Security (20210604)","Avast Premium Security (20210604)","AVG Internet Security (20210604)","Avira Internet Security (20210604)","COMODO Antivirus (20210604)","Dr.Web Security Space (20210604)","ESET Internet Security (20210604)","G DATA INTERNET SECURITY (20210604)","K7 Total Security (20210604)","Malwarebytes Premium (20210604)","McAfee Total Protection (20210604)","Norton Security (20210604)","Panda Dome (20210604)","Quick Heal Internet Security (20210604)","Sophos Home Premium (20210604)","SpyHunter5 (20210604)","Total AV Antivirus Pro (20210604)","Webroot SecureAnywhere (20210604)","Windows Defender (20210604)","VirIT eXplorer PRO (20210604)"],"avAllowList":["Bitdefender Internet Security (20210604)","Kaspersky Internet Security (20210604)","Tencent PC Manager (20210604)","Trend Micro Internet Security (20210604)","VIPRE Advanced Security (20210604)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.pccurepro.com/","directDownloadingLink":"https://pccurepro.com/downloads/pccurepro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pccurepro.com/downloads/pccurepro.exe","sourceIndex":"278"}],"sampleFiles":["230106/PCCurePro-180810/2.0.0.0/Samples/PC CURE PRO.exe","230106/PCCurePro-180810/2.0.0.0/Samples/pccurepro.exe"],"imageFiles":["230106/PCCurePro-180810/2.0.0.0/Images/ACR-048/PCCurePro_SideNotification [1].png","230106/PCCurePro-180810/2.0.0.0/Images/ACR-048/PCCurePro_Settings [1].png","230106/PCCurePro-180810/2.0.0.0/Images/ACR-004/PCCurePro_Interactions [4] PCCleaner.png","230106/PCCurePro-180810/2.0.0.0/Images/ACR-004/PCCurePro_Interactions [5] PCCleaner.png","230106/PCCurePro-180810/2.0.0.0/Images/ACR-168/PCCurePro_Interactions  [1].png","230106/PCCurePro-180810/2.0.0.0/Images/ACR-006/PCCurePro_Interactions  [1].png"],"nonDeceptorImageFiles":["230106/PCCurePro-180810/2.0.0.0/Images/ACR-065/PCCurePro_Install [1].png","230106/PCCurePro-180810/2.0.0.0/Images/ACR-161/PCCurePro_OfferPage [2].png","230106/PCCurePro-180810/2.0.0.0/Images/ACR-161/PCCurePro_LandingPage [2].png"],"guid":"dc1df53e-3ee2-4b13-a5fc-73731752bd3b_2.0.0.0_1","appID":"PCCurePro-180810","dateAdded":"230106","deceptorType":"App","name":"PC Cure Pro","company":"Energizer Softech Pvt ltd","version":"2.0.0.0","sigName":"Deceptor:Win32/PCCurePro!048004168006","lastKnownStatus":"Deceptor:2.0.0.0;5.0.0.0;6.1.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2026-05-04T14:37:15.7439082+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1147},{"violations":{"ACR-048":"App has not setting option for user to control to complete close app and not prompt the notification message in right bottom.\n","ACR-004":"The app perform partial scan and fix, providing not substantiated result summary, like 20%.  \n\n","ACR-006":"App doesn't disclose the call center name next to phone number\n","ACR-168":"App doesn't disclose that additional offer will be made next to phone number during one-one interactive call\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not contain links to the app's EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"pccurepro.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"fccbddbbb2d737641214a3c94c541377","hashSHA1":"9056d08c5724f450f9fa4295fb1d629de9494751","hashSHA256":"d8a19d9dafb164a2bcbfb755aab1e145cdf95efd2e21871ed2e7ffaa3a62f620","sourceIndex":"276","avBlockList":["360 Total Security (20210527)","Avast Premium Security (20210527)","AVG Internet Security (20210527)","Avira Internet Security (20210527)","Bitdefender Internet Security (20210527)","COMODO Antivirus (20210527)","Dr.Web Security Space (20210527)","ESET Internet Security (20210527)","G DATA INTERNET SECURITY (20210527)","K7 Total Security (20210527)","Kaspersky Internet Security (20210527)","Malwarebytes Premium (20210527)","McAfee Total Protection (20210527)","Norton Security (20210527)","Panda Dome (20210527)","Quick Heal Internet Security (20210527)","Sophos Home Premium (20210527)","SpyHunter5 (20210527)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20210527)","Trend Micro Internet Security (20210527)","VIPRE Advanced Security (20210527)","VirIT eXplorer PRO (20210527)","Windows Defender (20210527)"],"avAllowList":["Webroot SecureAnywhere (20210527)"]},{"isRevoked":"False","fileName":"PCCUREPRO.exe","fileVersion":"1.0","hashMD5":"20358d1d04640f3f9c059afe2f5c5500","hashSHA1":"e84aaa6c73dcf855dd6c45da7fa71eef2813d636","hashSHA256":"a18db0960615eedbe64100b1adcc16a2518f08399993882863f3afa492e1b114","digitalCertThumbprint":"2456877CEE8816FD8CF020CABCDF9053C827D252","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Energizer Softech Pvt ltd, O=Energizer Softech Pvt ltd, L=Delhi, S=Delhi, C=IN, SERIALNUMBER=206723, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"276","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pccurepro_2.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"e1f00810e04e379e0d8fee524e9c8236","hashSHA1":"01d3009eb066d42177c6b63644097fb30e1b792c","hashSHA256":"baf57e8aa808fe661099a9d322de5c8b8fcad173517b845bf212d1431b9f1f9d","sourceIndex":"276","avBlockList":["360 Total Security (20200924)","Avast Premium Security (20200924)","AVG Internet Security (20200924)","Avira Internet Security (20200924)","Bitdefender Internet Security (20200924)","COMODO Antivirus (20200924)","Dr.Web Security Space (20200924)","ESET Internet Security (20200924)","G DATA INTERNET SECURITY (20200924)","K7 Total Security (20200924)","Kaspersky Internet Security (20200924)","McAfee Total Protection (20200924)","Norton Security (20200924)","Panda Dome (20200924)","Sophos Home Premium (20200924)","SpyHunter5 (20200924)","Tencent PC Manager (20200924)","Total AV Antivirus Pro (20200924)","VIPRE Advanced Security (20200924)","VirIT eXplorer PRO (20200924)","Windows Defender (20200924)"],"avAllowList":["Malwarebytes Premium (20200924)","Quick Heal Internet Security (20200924)","Trend Micro Internet Security (20200924)","Webroot SecureAnywhere (20200924)"]},{"isRevoked":"False","fileName":"PCCUREPRO_2.exe","fileVersion":"1.0","hashMD5":"c2a41f9cd804051019fc733bb0d32e25","hashSHA1":"1c9413cf3e05ef1c1f4491a5a9050d2e45827f3e","hashSHA256":"302c2c28b81dd2a34904e7ac64cc6fa87c0fe199bbf978fc38ef16ade1ec3458","digitalCertThumbprint":"2456877CEE8816FD8CF020CABCDF9053C827D252","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Energizer Softech Pvt ltd, O=Energizer Softech Pvt ltd, L=Delhi, S=Delhi, C=IN, SERIALNUMBER=206723, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"276","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCCUREPRO_3.exe","companyName":"Energizer Softech Pvt Ltd","fileVersion":"1.0","hashMD5":"5305553e94d3b74f4bb73f7dcb46812a","hashSHA1":"ef04f3758aa2c02414abb8aeb7db7715a8aa0d1a","hashSHA256":"de1bacec1a10eb30ff6056b0330b2534472f2e912212e6abc75f369fa316d676","digitalCertThumbprint":"2456877CEE8816FD8CF020CABCDF9053C827D252","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Energizer Softech Pvt ltd, O=Energizer Softech Pvt ltd, L=Delhi, S=Delhi, C=IN, SERIALNUMBER=206723, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"276","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pccurepro_3.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"5a678410c132a5ed294c9f00cf7f29b4","hashSHA1":"14a5340075f58a14aa7477f73cbcd9384b713e4f","hashSHA256":"0c11a7567671d84db27a6cf4122ae24e99277f0221798195d86267fcf46cd0d4","sourceIndex":"276","avBlockList":["360 Total Security (20200924)","Avast Premium Security (20200924)","AVG Internet Security (20200924)","Avira Internet Security (20200924)","Bitdefender Internet Security (20200924)","COMODO Antivirus (20200924)","Dr.Web Security Space (20200924)","ESET Internet Security (20200924)","G DATA INTERNET SECURITY (20200924)","K7 Total Security (20200924)","Kaspersky Internet Security (20200924)","McAfee Total Protection (20200924)","Norton Security (20200924)","Panda Dome (20200924)","Quick Heal Internet Security (20200924)","Sophos Home Premium (20200924)","SpyHunter5 (20200924)","Tencent PC Manager (20200924)","Total AV Antivirus Pro (20200924)","VIPRE Advanced Security (20200924)","VirIT eXplorer PRO (20200924)","Windows Defender (20200924)"],"avAllowList":["Malwarebytes Premium (20200924)","Trend Micro Internet Security (20200924)","Webroot SecureAnywhere (20200924)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.pccurepro.com/","directDownloadingLink":"https://pccurepro.com/thank-you/","ipv4":"103.209.144.155","ipv6":"","directDownloadingLinkWildChar":"https://pccurepro.com/thank-you/","sourceIndex":"276"},{"howFound":"","reference":"","landingPage":"https://pccurepro.com/optimize-pc-tools/","directDownloadingLink":"https://pccurepro.com/optimize-pc-tools/#","ipv4":"","ipv6":"","sourceIndex":"277"}],"sampleFiles":["230106/PCCurePro-180810/1.0.0.0/Samples/pccurepro.msi","230106/PCCurePro-180810/1.0.0.0/Samples/PCCUREPRO.exe","230106/PCCurePro-180810/1.0.0.0/Samples/pccurepro_2.msi","230106/PCCurePro-180810/1.0.0.0/Samples/PCCUREPRO_2.exe","230106/PCCurePro-180810/1.0.0.0/Samples/PCCUREPRO_3.exe","230106/PCCurePro-180810/1.0.0.0/Samples/pccurepro_3.msi"],"imageFiles":["230106/PCCurePro-180810/1.0.0.0/Images/ACR-048/PCCurePro_048.JPG","230106/PCCurePro-180810/1.0.0.0/Images/ACR-004/ACR-004 Video.gif","230106/PCCurePro-180810/1.0.0.0/Images/ACR-004/ACR-004.png","230106/PCCurePro-180810/1.0.0.0/Images/ACR-168/PCCurePro_168.JPG","230106/PCCurePro-180810/1.0.0.0/Images/ACR-006/PCCurePro_168.JPG"],"nonDeceptorImageFiles":["230106/PCCurePro-180810/1.0.0.0/Images/ACR-065/About Page.png"],"guid":"dc1df53e-3ee2-4b13-a5fc-73731752bd3b_1.0.0.0_1","appID":"PCCurePro-180810","dateAdded":"230106","deceptorType":"App","name":"PC Cure Pro","company":"Energizer Softech Pvt ltd","version":"1.0.0.0","sigName":"Deceptor:Win32/PCCurePro!048004168006","lastKnownStatus":"Deceptor:2.0.0.0;5.0.0.0;6.1.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2024-12-12T23:30:26.6459711+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1146},{"violations":{"ACR-003":"The App exaggerates free scan results with alarming colors and assesses missing and invalid empty registry keys as \"problems\" contributing to medium to high risk of speed/performance loss. \n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using alarming colors.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable MSFT partner logo as if Microsoft is endorsing the app.\n","ACR-117":"The default buttons offered on the confirmation prompts are something other than \"uninstall\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Integrator.exe","companyName":"Ask4Expert Technologies Pvt Ltd.","fileVersion":"7.0.5.200","hashMD5":"fe9a7adeea0938fc7e7aae04966cd633","hashSHA1":"7827f7952019a30f1745e1508baaf34cebba7daa","hashSHA256":"ca8468278bced469b7697e0f702c21e67692e5241851e31b53cff274758e8293","digitalCertThumbprint":"C608187F33030B57C0888DEF9E6029C3B752A177","digitalCertIssuer":"SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Ask4expert Technologies Private Limited, O=Ask4expert Technologies Private Limited, L=Delhi, S=Delhi, C=IN","sourceIndex":"275","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"smartpcbooster-setup.exe","isInstaller":"True","companyName":"Ask4Expert Technologies Pvt Ltd","fileVersion":"7.2.0.254","hashMD5":"f2428d862eb53f305552c862289765c2","hashSHA1":"4e47730ac6decc240943b0cb17e671b9de967449","hashSHA256":"14fda17be0eb217bfa4219bdf5f50be956f54e7e8851986b00cee8db0983f18d","digitalCertThumbprint":"C608187F33030B57C0888DEF9E6029C3B752A177","digitalCertIssuer":"SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Ask4expert Technologies Private Limited, O=Ask4expert Technologies Private Limited, L=Delhi, S=Delhi, C=IN","sourceIndex":"275","avBlockList":["Avast Premium Security (20230119)","AVG Internet Security (20230119)","Avira Internet Security (20230119)","Bitdefender Internet Security (20230119)","Dr.Web Security Space (20230119)","ESET Internet Security (20230119)","K7 Total Security (20230119)","McAfee Total Protection (20230119)","Norton Security (20230119)","Quick Heal Internet Security (20230119)","Sophos Home Premium (20230119)","SpyHunter5 (20230119)","Total AV Antivirus Pro (20230119)","VIPRE Advanced Security (20230119)","VirIT eXplorer PRO (20230119)","Webroot SecureAnywhere (20230119)","Windows Defender (20230119)"],"avAllowList":["360 Total Security (20230119)","COMODO Antivirus (20230119)","G DATA INTERNET SECURITY (20230119)","Kaspersky Internet Security (20230119)","Malwarebytes Premium (20230119)","Panda Dome (20230119)","Trend Micro Internet Security (20230119)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: pc cleaners/optimizers","reference":"","landingPage":"https://smart-pc-booster.en.softonic.com/","directDownloadingLink":"https://smart-pc-booster.en.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://smart-pc-booster.en.softonic.com/download","sourceIndex":"275"}],"sampleFiles":["230103/SmartPCBooster-221230/7.0.5.200/Samples/Integrator.exe","230103/SmartPCBooster-221230/7.0.5.200/Samples/smartpcbooster-setup.exe"],"imageFiles":["230103/SmartPCBooster-221230/7.0.5.200/Images/ACR-004/ACR-003_ExaggeratedScanResults-2.jpg","230103/SmartPCBooster-221230/7.0.5.200/Images/ACR-003/ACR-003_ExaggeratedScanResults.jpg","230103/SmartPCBooster-221230/7.0.5.200/Images/ACR-003/ACR-003_ExaggeratedScanResults-2.jpg","230103/SmartPCBooster-221230/7.0.5.200/Images/ACR-017/ACR-017_MSFT.jpg","230103/SmartPCBooster-221230/7.0.5.200/Images/ACR-117/ACR-117_Uninstall.jpg"],"nonDeceptorImageFiles":[],"guid":"9952fc65-432b-4b7b-8579-8e4d721c90d0_7.0.5.200_1","appID":"SmartPCBooster-221230","dateAdded":"230103","deceptorType":"App","name":"Smart PC Booster","company":"Ask4Expert Technologies Pvt Ltd.","version":"7.0.5.200","lastKnownStatus":"Deceptor:7.0.5.200","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-12-12T23:36:22.445777+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1153},{"violations":{"ACR-048":"1. The app does not provide any control to disable the scheduled tasks.\n2. The app does not provide any control to close the process that runs silently in the background within the app's settings.\n3. When the app is minimized it hides itself in systray instead of taskbar without the user's knowledge.\n","ACR-004":"The app provides free scan results but does not provide a fully functional trial before requiring consumers to pay as it provides only a partial fix (Only a few items are fixed).\n","ACR-017":"The 3rd party endorsements ( https://www.trisunsoft.com/we/go-pro.htm?source=ui ) are not verifiable\n","ACR-084":"1. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer\n2. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TSS\\WinExt\\WinExt.exe","companyName":"TriSun Software Limited","productName":"WinExt","productVersion":"26.0.090","fileVersion":"26.0.090","hashMD5":"dbec86cf0478b9d9935c5c8b59857887","hashSHA1":"249d4a81a50c7790023eb634be4caac8cc558c4a","hashSHA256":"2a445c6082e3969765e431c8ae1c46ca836e61053cf2a84547c8212cc910cf63","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"TriSun Software Limited","storeId":"","sourceIndex":"1759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"win-ext.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"WinExt                                                      ","productVersion":"26.0.090.0                                        ","fileVersion":"26.0.090.0          ","hashMD5":"e2ee38418220e4de5c30824646a54173","hashSHA1":"dcb584aa29c88ba1d07ef4ccb1b99cfbd29dc05e","hashSHA256":"012d9b11c35085457edfcad91926431d6982bd084f6ccd59476e48356135a6ca","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"TriSun Software Limited","storeId":"","sourceIndex":"1759","avBlockList":["Avast Premium Security (20220329)","AVG Internet Security (20220329)","Avira Internet Security (20220329)","Bitdefender Internet Security (20220329)","ESET Internet Security (20220329)","G DATA INTERNET SECURITY (20220329)","K7 Total Security (20220329)","Kaspersky Internet Security (20220329)","McAfee Total Protection (20220329)","Norton Security (20220329)","Panda Dome (20220329)","Quick Heal Internet Security (20220329)","Sophos Home Premium (20220329)","SpyHunter5 (20220329)","Tencent PC Manager (20220329)","Total AV Antivirus Pro (20220329)","VIPRE Advanced Security (20220329)","VirIT eXplorer PRO (20220329)","Webroot SecureAnywhere (20220329)","Windows Defender (20220329)"],"avAllowList":["360 Total Security (20220329)","COMODO Antivirus (20220329)","Dr.Web Security Space (20220329)","Malwarebytes Premium (20220329)","Trend Micro Internet Security (20220329)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor from same company","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/files/win-ext.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/files/win-ext.zip","sourceIndex":"1759"}],"sampleFiles":["211220/WinExt-211219/26.0.090.0/Samples/win-ext.exe"],"imageFiles":["211220/WinExt-211219/26.0.090.0/Images/ACR-004/ACR-004_Software_No_Fix.JPG","211220/WinExt-211219/26.0.090.0/Images/ACR-004/ACR-004_Software_No_Fix_1.JPG","211220/WinExt-211219/26.0.090.0/Images/ACR-004/ACR-004_Software_No_Fix_2.JPG","211220/WinExt-211219/26.0.090.0/Images/ACR-084/ACR-084_Software_Background_Process.JPG","211220/WinExt-211219/26.0.090.0/Images/ACR-084/ACR-084_Software_Undiclosed_Task.JPG","211220/WinExt-211219/26.0.090.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","211220/WinExt-211219/26.0.090.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","211220/WinExt-211219/26.0.090.0/Images/ACR-048/ACR-048_Software_Minimizes_To_Tray.mp4","211220/WinExt-211219/26.0.090.0/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos.JPG"],"nonDeceptorImageFiles":[],"guid":"f8e54c7d-66b7-4ed0-9f7c-9caf057fd4d7_26.0.090.0_1","appID":"WinExt-211219","dateAdded":"230103","deceptorType":"App","name":"WinExt","company":"TriSun Software Limited","version":"26.0.090.0","sigName":"Deceptor:Win32/WinEXT!004084048017","lastKnownStatus":"Deceptor:26.0.090.0;29.0.097.0;30.0.099","lastKnownDate":"230103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-01-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1152},{"violations":{"ACR-048":"1. The app does not provide control to remove its task and background process completely within the app's settings.\n2. When the app is minimized it hides itself in the system tray instead of the taskbar without the user's knowledge.\n","ACR-004":"The app provides free scan results but does not provide a fully functional trial before requiring consumers to pay as it provides only a partial fix (Only a few items are fixed). Also, it limits the user to fixing only 9 items per fix, and after several fixes, the issue counts remain the same thus it didn't provide any fix for the identified issues.\n","ACR-017":"The 3rd party endorsements ( https://www.trisunsoft.com/we/go-pro.htm ) are not verifiable.\n","ACR-084":"On quitting the app, the process \"WinEXT Service.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TSS\\WinExt\\WinExt.exe","companyName":"TriSun Software Limited","productName":"WinExt®","productVersion":"29.0.097","fileVersion":"29.0.097","hashMD5":"14ffe2e6b5d21ca83925380f73be69de","hashSHA1":"6b6db6a5c3cc06e497b4b09a9334a273ec7ca33c","hashSHA256":"6831f87fe7587f8058a7bc379d85e88094a1fd840a961876ba4369de78dee0bc","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"TriSun Software Limited","storeId":"","sourceIndex":"1679","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"win-ext.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"WinExt                                                      ","productVersion":"29.0.097.0                                        ","fileVersion":"29.0.097.0          ","hashMD5":"56deeda6e498f85e126b2ae4d44128c4","hashSHA1":"16b64eb05be6a325d930c5adbefec7d2f0cefc35","hashSHA256":"fc31d4cdce2e37da3123ec5312c2dbabf5d47749f711b5437db525ff8da46c2f","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"TriSun Software Limited","storeId":"","sourceIndex":"1679","avBlockList":["Avira Internet Security (20220405)","Bitdefender Internet Security (20220405)","ESET Internet Security (20220405)","G DATA INTERNET SECURITY (20220405)","K7 Total Security (20220405)","Malwarebytes Premium (20220405)","McAfee Total Protection (20220405)","Norton Security (20220405)","Panda Dome (20220405)","Quick Heal Internet Security (20220405)","Sophos Home Premium (20220405)","SpyHunter5 (20220405)","Total AV Antivirus Pro (20220405)","Trend Micro Internet Security (20220405)","VIPRE Advanced Security (20220405)","VirIT eXplorer PRO (20220405)","Webroot SecureAnywhere (20220405)","Windows Defender (20220405)"],"avAllowList":["360 Total Security (20220405)","Avast Premium Security (20220405)","AVG Internet Security (20220405)","COMODO Antivirus (20220405)","Dr.Web Security Space (20220405)","Kaspersky Internet Security (20220405)","Tencent PC Manager (20220405)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.trisunsoft.com/we/","directDownloadingLink":"https://www.trisunsoft.com/files/win-ext.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/files/win-ext.zip","sourceIndex":"1679"}],"sampleFiles":["220318/WinExt-211219/29.0.097.0/Samples/win-ext.exe"],"imageFiles":["220318/WinExt-211219/29.0.097.0/Images/ACR-004/ACR-004_Software_No_Fix.JPG","220318/WinExt-211219/29.0.097.0/Images/ACR-004/ACR-004_Software_No_Fix_1.JPG","220318/WinExt-211219/29.0.097.0/Images/ACR-004/ACR-004_Software_No_Fix_2.JPG","220318/WinExt-211219/29.0.097.0/Images/ACR-084/ACR-084_Software_Background_Process.JPG","220318/WinExt-211219/29.0.097.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220318/WinExt-211219/29.0.097.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220318/WinExt-211219/29.0.097.0/Images/ACR-048/ACR-048_Software_Minimizes_To_Tray.mp4","220318/WinExt-211219/29.0.097.0/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos.JPG"],"nonDeceptorImageFiles":[],"guid":"f8e54c7d-66b7-4ed0-9f7c-9caf057fd4d7_29.0.097.0_1","appID":"WinExt-211219","dateAdded":"230103","deceptorType":"App","name":"WinExt","company":"TriSun Software Limited","version":"29.0.097.0","lastKnownStatus":"Deceptor:26.0.090.0;29.0.097.0;30.0.099","lastKnownDate":"230103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-01-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1151},{"violations":{"ACR-048":"App has no setting option for user to turn off the notification message in right bottom and deactivate push messages option. Also,  in the attempt to completely close the app, it displays the offer twice before showing \"Full Close\" button.\n\n","ACR-004":"The app does not provide a complete fix for the all the issues identified in the free scan.\n\n","ACR-006":"App doesn't disclose the call center name next to phone number.\n","ACR-055":"Accept/Decline options are not made obvious for the Optional Offer. Unchecking the preselected \"McAfee WebAdvisor\" installation is not a straightforward option for decline.\n","ACR-155":"The optional offer is designed to look like part of the install workflow.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal/cancellation in the internal offers.\n\n"},"nonDeceptorViolations":{"ACR-099":"The app does not contain links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n","ACR-054":"The option to decline the Inline Offer is not clear and unnoticeable for the consumer to choose. It makes it complicated for the consumer to close the offer window.\n        \n"},"samples":[{"isRevoked":"False","fileName":"RegistryCurePRO.exe","productName":"RegistryCurePRO","fileVersion":"4.0.0.0","hashMD5":"dfbe4137770277823eff6b1cc85eaf8c","hashSHA1":"1365d29ac6c4950d51061eeb0669116adc3b02d6","hashSHA256":"33349b1222f60650080d568efadeddea5733778c576aa36ce8e9aabb7098727c","digitalCertThumbprint":"76021AECE205FE147D3DBB1B808D80AFCBF19172","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Energizer Softech Private Limited, O=Energizer Softech Private Limited, S=Delhi, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72200DL2010PTC206723","sourceIndex":"284","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryCurePRO.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8bcf40580691b3a1a38ab3ea6933f6d39cd39ef2865ad82df67444f53bf39458","sourceIndex":"284","avBlockList":["360 Total Security (20230124)","Avast Premium Security (20230124)","AVG Internet Security (20230124)","Avira Internet Security (20230124)","COMODO Antivirus (20230124)","Dr.Web Security Space (20230124)","ESET Internet Security (20230124)","G DATA INTERNET SECURITY (20230124)","K7 Total Security (20230124)","Kaspersky Internet Security (20230124)","McAfee Total Protection (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Sophos Home Premium (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VirIT eXplorer PRO (20230124)"],"avAllowList":["Bitdefender Internet Security (20230124)","Malwarebytes Premium (20230124)","Quick Heal Internet Security (20230124)","Trend Micro Internet Security (20230124)","VIPRE Advanced Security (20230124)","Webroot SecureAnywhere (20230124)","Windows Defender (20230124)"]},{"isRevoked":"False","fileName":"RegistryCUREPRO-setup.exe","isInstaller":"True","companyName":"RCP001","productName":"Registry CURE PRO","fileVersion":"1.0.0.0","hashMD5":"3bde5dd6e706fd69c8f95994e59fd047","hashSHA1":"e807b5f00c919b1fbb68fa8b49c53b961219c8fe","hashSHA256":"17659be93b239dc9f800540135742ecec25c3f495a64b11e9f30a513b81cbd0a","digitalCertThumbprint":"76021AECE205FE147D3DBB1B808D80AFCBF19172","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Energizer Softech Private Limited, O=Energizer Softech Private Limited, S=Delhi, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72200DL2010PTC206723","sourceIndex":"284","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: registry cleaner","reference":"","landingPage":"https://registrycurepro.com/","directDownloadingLink":"https://registrycurepro.com/regcleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://registrycurepro.com/regcleaner","sourceIndex":"284"},{"howFound":"","reference":"","landingPage":"https://www.softpedia.com/get/Tweak/Registry-Tweak/Registry-Cure-Pro.shtml","directDownloadingLink":"https://www.softpedia.com/dyn-postdownload.php/7d1b862141c270fe1b32eadaed31c071/63afba86/413e0/0/1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softpedia.com/dyn-postdownload.php/7d1b862141c270fe1b32eadaed31c071/63afba86/413e0/0/1","sourceIndex":"285"}],"sampleFiles":["230103/RegistryCurePro-200715/4.0.0.0/Samples/RegistryCurePRO.exe","230103/RegistryCurePro-200715/4.0.0.0/Samples/RegistryCurePRO.msi","230103/RegistryCurePro-200715/4.0.0.0/Samples/RegistryCUREPRO-setup.exe"],"imageFiles":["230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-055/ACR-055_Preselected_OptionalOffer.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-004/ACR-004_IncompleteFix.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-004/ACR-004_IncompleteFix-2.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-048/Registry CURE PRO_Settings [4].png","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-048/ACR-048_DeactiviatePushMessage.mp4","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-048/ACR-048_Notif.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-048/Exit_RepeatedOffer.gif","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-006/ACR-006_CallCenter.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-155/ACR-155_OptionalOffer.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-165/RCP_OfferPage.png"],"nonDeceptorImageFiles":["230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-099/Registry CURE PRO_Interaction [2].png","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-099/RCP_AppInteraction.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-099/RCP_LandingPage.png","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-054/ACR-054_DeclineButton-1.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-054/ACR-054_DeclineButton-2.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-054/ACR-054_DeclineButton.jpg","230103/RegistryCurePro-200715/4.0.0.0/Images/ACR-099/RCP_OfferPage.png"],"guid":"30eeda09-2d05-4f5a-b2f2-dc68ac5678b8_4.0.0.0_1","appID":"RegistryCurePro-200715","dateAdded":"230103","deceptorType":"App","name":"Registry Cure Pro","company":"Energizer Softech Pvt Ltd","version":"4.0.0.0","lastKnownStatus":"Deceptor:1.0.0.0;4.0.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:15.8739601+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1155},{"violations":{"ACR-103":"The app suggests cleaning up \"400 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but in the app settings, it displays the exact size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"400 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but when viewed in the app settings it displays the exact size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"phone.master.junk.cleaner.apk","isInstaller":"True","productVersion":"2.7","fileVersion":"2.7","hashMD5":"22aca6e927e3a9dcb051e208bb072250","hashSHA1":"f63d2ac7a591204e14583983346aca543a0ab10f","hashSHA256":"523166a96148f0ae30abc4f7b90243f0918c15b45d49615783c28b36c1ffd0ef","sourceIndex":"1250","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=phone.master.junk.cleaner&pli=1","directDownloadingLink":"https://play.google.com/store/apps/details?id=phone.master.junk.cleaner&pli=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=phone.master.junk.cleaner&pli=1","sourceIndex":"1250"}],"sampleFiles":["230103/PhoneCleaner-221227/2.7/Samples/phone.master.junk.cleaner.apk"],"imageFiles":["230103/PhoneCleaner-221227/2.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","230103/PhoneCleaner-221227/2.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"48f493ee-086d-494f-ab66-88129bb44b18_2.7_1","appID":"PhoneCleaner-221227","dateAdded":"230103","deceptorType":"Android App","name":"Phone Cleaner","company":"Caller ID : Call App, Messages, Call Block","version":"2.7","lastKnownStatus":"Deceptor:2.7","lastKnownDate":"230103","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-01-03T23:43:19.9018338+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1156},{"violations":{"ACR-003":"The app identifies 69 MB of cache files for the following apps \"Ex: JioCinema, Netflix, Spotify, and Truecaller\" but, when viewed in app settings for these apps the total cache is 7.99 MB, thus the app exaggerates the identified results.\n","ACR-103":"The app suggests cleaning up \"2.4 GB\" of junk/cache. After completing junk clean it says “Free 2.4 GB storage”, but when viewed in the app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"1. The app suggests cleaning up \"2.4 GB\" of junk/cache. After completing junk clean it says “Free 2.4 GB storage”, but when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users. \n2. The app identifies 69 MB of cache files for the following apps \"Ex: JioCinema, Netflix, Spotify, and Truecaller\" but, when viewed in app settings for these apps the total cache is 7.99 MB, thus the app exaggerates the identified results.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.clean.booster.junk.cleaner.apk","isInstaller":"True","productVersion":"1.0.6","fileVersion":"1.0.6","hashMD5":"ef45a0106835c346dc20440daab54e94","hashSHA1":"72534984a78321691887d996b0ebe0322cb6301c","hashSHA256":"19e92e5c4482c81cb05bd02011fd4853e7bee9bc4ba0892806dff04e14281acf","sourceIndex":"1251","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.clean.booster.junk.cleaner&hl=en_IN&gl=US","ipv4":"","ipv6":"","sourceIndex":"1251"}],"sampleFiles":["230103/JunkMasterPhoneCleaner-221230/1.0.6/Samples/com.clean.booster.junk.cleaner.apk"],"imageFiles":["230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Scan_Result_6.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_7.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_11.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_1.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_2.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_3.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Scan_Result_4.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Scan_Result_5.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Scan_Result_6.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_ScanResult_AfterFix_7.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_8.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_9.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_10.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_11.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Scan_Result_6.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Scan_Result_7.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg","230103/JunkMasterPhoneCleaner-221230/1.0.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_11.jpg"],"nonDeceptorImageFiles":[],"guid":"de05c42e-d879-4467-9f4b-ad08c406c57f_1.0.6_1","appID":"JunkMasterPhoneCleaner-221230","dateAdded":"230103","deceptorType":"Android App","name":"Junk Master Phone Cleaner","company":"SEAMOBI","version":"1.0.6","lastKnownStatus":"Deceptor:1.0.6","lastKnownDate":"230103","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2023-01-03T23:40:38.8464055+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1157},{"violations":{"ACR-048":"App has no setting option for user to control to complete close app and not prompt the notification message in right bottom.\n","ACR-004":"The app does not provide a free fix for the all the issues identified in the free scan.\n","ACR-006":"App doesn't disclose the call center name next to phone number\n","ACR-168":"App doesn't disclose that additional offer will be made next to phone number during one-one interactive call\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain link to the Returns and Cancellation Policy\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy. \nThe link to the EULA or Terms of Service in the landing page is not working.\nThe link to the EULA or Terms of Service in the internal offer page is not working.\n","ACR-099":"The app not contain links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"RegistryCurePRO.exe","companyName":"Energizer Softech Pvt Ltd","fileVersion":"1.0","hashMD5":"12643294dc56662aeefc81b1d46a1e8d","hashSHA1":"fcc31ef45e500954c99f6e3f48f3959f90062475","hashSHA256":"48d6dfa4d63c9f48e9dfb97f57ace0bb985d070ec3f2a3ab942bd28b7cd0408e","digitalCertThumbprint":"2456877CEE8816FD8CF020CABCDF9053C827D252","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Energizer Softech Pvt ltd, O=Energizer Softech Pvt ltd, L=Delhi, S=Delhi, C=IN, SERIALNUMBER=206723, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"283","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"registrycurepro.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"773c7ff0af6ba7364aaf87f70bd48d3e3ec87451d8cebbc5c75ddf27704298c7","sourceIndex":"283","avBlockList":["360 Total Security (20200921)","Avast Premium Security (20200921)","AVG Internet Security (20200921)","Avira Internet Security (20200921)","Bitdefender Internet Security (20200921)","COMODO Antivirus (20200921)","Dr.Web Security Space (20200921)","ESET Internet Security (20200921)","G DATA INTERNET SECURITY (20200921)","K7 Total Security (20200921)","Malwarebytes Premium (20200921)","McAfee Total Protection (20200921)","Norton Security (20200921)","Panda Dome (20200921)","Quick Heal Internet Security (20200921)","Sophos Home Premium (20200921)","SpyHunter5 (20200921)","Tencent PC Manager (20200921)","Total AV Antivirus Pro (20200921)","VIPRE Advanced Security (20200921)","VirIT eXplorer PRO (20200921)","Windows Defender (20200921)"],"avAllowList":["Kaspersky Internet Security (20200921)","Trend Micro Internet Security (20200921)","Webroot SecureAnywhere (20200921)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://pccurepro.com/","directDownloadingLink":"http://34.71.106.19/pccurepro/registrycurepro.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://34.71.106.19/pccurepro/registrycurepro.msi","sourceIndex":"283"}],"sampleFiles":["230103/RegistryCurePro-200715/1.0.0.0/Samples/RegistryCurePRO.exe","230103/RegistryCurePro-200715/1.0.0.0/Samples/registrycurepro.msi"],"imageFiles":["230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-004/Registry CURE PRO_Scanning [4].gif","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-048/Registry CURE PRO_Settings [1].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-048/Registry CURE PRO_Settings [2].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-048/Registry CURE PRO_Settings [3].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-048/Registry CURE PRO_Settings [4].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-048/Registry CURE PRO_PromptNotification [1].gif","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-048/Registry CURE PRO_PromptNotification [2].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-168/Registry CURE PRO_Interaction [1].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-168/Registry CURE PRO_Interaction [2].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-006/Registry CURE PRO_Interaction [1].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-006/Registry CURE PRO_Interaction [2].png"],"nonDeceptorImageFiles":["230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-065/Registry CURE PRO_Install [1].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-065/Registry CURE PRO_Install [2].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-065/Registry CURE PRO_Install [3].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-065/Registry CURE PRO_Interaction [1].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-065/Registry CURE PRO_Interaction [2].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-099/Registry CURE PRO_Interaction [1].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-099/Registry CURE PRO_Interaction [2].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-099/Registry CURE PRO_Settings [1].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-099/Registry CURE PRO_Settings [2].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-099/Registry CURE PRO_Settings [3].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-099/Registry CURE PRO_Settings [4].png","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-065/Registry CURE PRO_LandingPage [2].gif","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-099/Registry CURE PRO_LandingPage [1].jpg","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-065/Registry CURE PRO_OfferPage [2].gif","230103/RegistryCurePro-200715/1.0.0.0/Images/ACR-099/Registry CURE PRO_OfferPage [1].png"],"guid":"30eeda09-2d05-4f5a-b2f2-dc68ac5678b8_1.0.0.0_1","appID":"RegistryCurePro-200715","dateAdded":"230103","deceptorType":"App","name":"Registry Cure Pro","company":"Energizer Softech Pvt Ltd","version":"1.0.0.0","sigName":"Deceptor:Win32/RegistryCurePro!004048168006","lastKnownStatus":"Deceptor:1.0.0.0;4.0.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:15.8384319+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1154},{"violations":{"ACR-048":"The app does not provide control to remove the created scheduled task and background process completely within the app's settings.\n","ACR-004":"The app provides free scan results but does not provide a fully functional trial. It claims it can only fix 9 issues each time yet after the attempt to Fix, the issue count remains the same. No fix was actually made for the identified issues.\n","ACR-017":"Third-party endorsements are not verifiable.\n","ACR-084":"On quitting the app, the process \"WinEXT Service.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"win-ext.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"WinExt","fileVersion":"30.0.099","hashMD5":"71c8cc4a3eb667dd784ff6a7137b832a","hashSHA1":"4f38bd2fa2c466a33001023588e17020079561b0","hashSHA256":"5389c84f22e61bb925b3b06b2203f9020160ca67681dbb852aee64765f0676c9","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1252","avBlockList":["Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","ESET Internet Security (20230209)","K7 Total Security (20230209)","Kaspersky Internet Security (20230209)","Malwarebytes Premium (20230209)","McAfee Total Protection (20230209)","Norton Security (20230209)","Panda Dome (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)","Windows Defender (20230209)"],"avAllowList":["360 Total Security (20230209)","Bitdefender Internet Security (20230209)","COMODO Antivirus (20230209)","Dr.Web Security Space (20230209)","G DATA INTERNET SECURITY (20230209)","Quick Heal Internet Security (20230209)","Trend Micro Internet Security (20230209)","VIPRE Advanced Security (20230209)"]},{"isRevoked":"False","fileName":"WinExt.exe","companyName":"TriSun Software Limited","productName":"WinExt®","fileVersion":"30.0.099","hashMD5":"c1956685fcfd29cfb1b86d94aa8eb980","hashSHA1":"ed3839b58c3533013ade6c6e5c8d8044075a522e","hashSHA256":"ccca2c5523ed009b397097d45f8255bcd94bba376ecd135567e4b90429a49ff4","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1252","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search: cleaner, optimizer for windows","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/files/win-ext.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/files/win-ext.zip","sourceIndex":"1252"}],"sampleFiles":["230103/WinExt-211219/30.0.099/Samples/win-ext.exe","230103/WinExt-211219/30.0.099/Samples/WinExt.exe"],"imageFiles":["230103/WinExt-211219/30.0.099/Images/ACR-004/IncompleteFix.jpg","230103/WinExt-211219/30.0.099/Images/ACR-004/PrivacyScan.jpg","230103/WinExt-211219/30.0.099/Images/ACR-004/RegistryScan.jpg","230103/WinExt-211219/30.0.099/Images/ACR-004/SystemScan.jpg","230103/WinExt-211219/30.0.099/Images/ACR-004/NoFixatAll.gif","230103/WinExt-211219/30.0.099/Images/ACR-084/ACR-084_Software_Background_Process.JPG","230103/WinExt-211219/30.0.099/Images/ACR-048/ACR-048_BackgroundProcess.jpg","230103/WinExt-211219/30.0.099/Images/ACR-048/ACR-048_ScheduledTask.jpg","230103/WinExt-211219/30.0.099/Images/ACR-017/ACR-017_Endorsements.jpg"],"nonDeceptorImageFiles":[],"guid":"f8e54c7d-66b7-4ed0-9f7c-9caf057fd4d7_30.0.099_1","appID":"WinExt-211219","dateAdded":"230103","deceptorType":"App","name":"WinExt","company":"TriSun Software Limited","version":"30.0.099","lastKnownStatus":"Deceptor:26.0.090.0;29.0.097.0;30.0.099","lastKnownDate":"230103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-01-03T23:38:08.643874+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1150},{"violations":{"ACR-103":"The app suggests cleaning up \"1.81 GB\" of junk/cache randomly displayed data on every consequent scan. After completing junk clean it says “1.95 GB CLEANED”, in the app settings it displays the exact size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"1.81 GB\" of junk/cache randomly displayed data on every consequent scan. After completing junk clean it says “1.95 GB CLEANED”, in the app settings it displays the exact size of cache data that can be cleaned, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.netqin.aotkiller.apk","isInstaller":"True","productVersion":"6.4.02.00","fileVersion":"6.4.02.00","hashMD5":"366cc82019d92595b64f7eaf7dcd9fbb","hashSHA1":"ab41194da5059c8dcbbae7bd113d3872ca58022f","hashSHA256":"4cbe0d1fe18e20a0cb5091fb371409028a3ddf6143a40fcf91cb978d2f73ff60","sourceIndex":"1257","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.netqin.aotkiller","ipv4":"","ipv6":"","sourceIndex":"1257"}],"sampleFiles":["221231/supertoolboxboostandclean-220822/6.4.02.00/Samples/com.netqin.aotkiller.apk"],"imageFiles":["221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-103/ACR-103_Software_Re-Scan_Result.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg","221231/supertoolboxboostandclean-220822/6.4.02.00/Images/ACR-014/ACR-014_Software_Re-Scan_Result.jpg"],"nonDeceptorImageFiles":[],"guid":"3cef85e8-246e-4317-8ced-1cab26914d0f_6.4.02.00_1","appID":"supertoolboxboostandclean-220822","dateAdded":"221231","deceptorType":"Android App","name":"Super Toolbox Boost And Clean","company":"cxzh.ltd","version":"6.4.02.00","lastKnownStatus":"Deceptor:6.3.08.00;6.4.02.00","lastKnownDate":"221231","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-12-31T08:12:02.9266816+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1158},{"violations":{"ACR-103":"The app suggests cleaning junk and cache in the device but it doesn’t seem to clean any junk/cache as it randomly displays data. When the user selects the “Clean up” option, it starts cleaning but displays different data to be cleaned again, thus unable to verify the app's value proposition.\n","ACR-014":"The app suggests cleaning junk and cache in the device but it doesn’t seem to clean any junk/cache as it randomly displays data. When the user selects the “Clean up” option, it starts cleaning but displays different data to be cleaned again, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.netqin.aotkiller.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"8bc07aff1c376b64634a5aabece364d7","hashSHA1":"3a2c31c629aa1f908ff3b3143c7e1d28e43624f6","hashSHA256":"a7a100f0cbfc11e530f4f78a5091cda6b32a7c4d71bde6490e3933e03702712d","sourceIndex":"1454","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.netqin.aotkiller","ipv4":"","ipv6":"","sourceIndex":"1454"}],"sampleFiles":["220823/supertoolboxboostandclean-220822/6.3.08.00/Samples/com.netqin.aotkiller.apk"],"imageFiles":["220823/supertoolboxboostandclean-220822/6.3.08.00/Images/ACR-103/ACR-103_Software.png","220823/supertoolboxboostandclean-220822/6.3.08.00/Images/ACR-103/ACR-103_Software_1.png","220823/supertoolboxboostandclean-220822/6.3.08.00/Images/ACR-014/ACR-014_Software.png","220823/supertoolboxboostandclean-220822/6.3.08.00/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"3cef85e8-246e-4317-8ced-1cab26914d0f_6.3.08.00_1","appID":"supertoolboxboostandclean-220822","dateAdded":"221231","deceptorType":"Android App","name":"Super Toolbox Boost And Clean","company":"cxzh.ltd","version":"6.3.08.00","lastKnownStatus":"Deceptor:6.3.08.00;6.4.02.00","lastKnownDate":"221231","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-12-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1159},{"violations":{"ACR-048":"The app does not provide control to remove its startup within the app's settings.\n","ACR-003":"The app uses alarming colors to increase urgency for issues found, thereby misleading or scaring user to take action.\n","ACR-004":"The app does not provide a functional trial. After a reboot, demo version has not perform any changes. The app requires the user to upgrade to provide complete fix for non-permanent issues. \n"},"nonDeceptorViolations":{"ACR-161":"The app's landing page shows testimonials with no links back to original source.\n"},"samples":[{"isRevoked":"False","fileName":"SpeedConnect10Setup.exe","isInstaller":"True","companyName":"CBS Software                                                ","productName":"SpeedConnect Internet Accelerator v.10.0    ","fileVersion":"0.0","hashMD5":"29dbe5b66bda94fbab1b7f062eba6df3","hashSHA1":"48b2463267baaef1c3c7d7c7a7ecf87481b159ae","hashSHA256":"28c2acf75c86b9d24fd61fa135f88d274b5b34a800e3c06da33f652da1056689","digitalCertThumbprint":"AFA5CA288CB69A05ED285737A18D7AEF7755400D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Impact Software, OU=www.cbs-soft.com, O=Impact Software, STREET=16119 SW EL RANCHO CT, L=BEAVERTON, S=OR, PostalCode=97007, C=US","sourceIndex":"1253","avBlockList":["Avast Premium Security (20230105)","AVG Internet Security (20230105)","Avira Internet Security (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","VirIT eXplorer PRO (20230105)"],"avAllowList":["360 Total Security (20230105)","Bitdefender Internet Security (20230105)","COMODO Antivirus (20230105)","Dr.Web Security Space (20230105)","ESET Internet Security (20230105)","G DATA INTERNET SECURITY (20230105)","K7 Total Security (20230105)","Kaspersky Internet Security (20230105)","Malwarebytes Premium (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Trend Micro Internet Security (20230105)","VIPRE Advanced Security (20230105)","Webroot SecureAnywhere (20230105)","Windows Defender (20230105)"]},{"isRevoked":"False","fileName":"SpeedConnectStartUp.exe","companyName":"CBS Software","productName":"SpeedConnect Internet Accelerator","fileVersion":"10.0","hashMD5":"1e57b0ba313ee1d5836d5280a230c536","hashSHA1":"1816d0f0d0cb5cd16b22e360ec2ce20ca53abbc9","hashSHA256":"b38d41237d2945886dea76508887f77673bb324b5eb72c06b964ba5eafa55125","digitalCertThumbprint":"AFA5CA288CB69A05ED285737A18D7AEF7755400D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Impact Software, OU=www.cbs-soft.com, O=Impact Software, STREET=16119 SW EL RANCHO CT, L=BEAVERTON, S=OR, PostalCode=97007, C=US","sourceIndex":"1253","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: internet accelerator","reference":"","landingPage":"https://www.cbs-soft.com/","directDownloadingLink":"https://www.cbs-soft.com/download_SpeedConnect10.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.cbs-soft.com/download_SpeedConnect10.htm","sourceIndex":"1253"}],"sampleFiles":["221231/SpeedConnect-221216/10.0/Samples/SpeedConnect10Setup.exe","221231/SpeedConnect-221216/10.0/Samples/SpeedConnectStartUp.exe"],"imageFiles":["221231/SpeedConnect-221216/10.0/Images/ACR-004/ACR-004_Trial.gif","221231/SpeedConnect-221216/10.0/Images/ACR-004/ACR-004_AfterReboot.jpg","221231/SpeedConnect-221216/10.0/Images/ACR-048/ACR-048_Startup.jpg","221231/SpeedConnect-221216/10.0/Images/ACR-003/ACR-003_004_AlarmingColors.jpg","221231/SpeedConnect-221216/10.0/Images/ACR-003/ACR-003_004_AlarmingColors-.jpg","221231/SpeedConnect-221216/10.0/Images/ACR-003/SpeedConnect_Report1.jpg","221231/SpeedConnect-221216/10.0/Images/ACR-003/SpeedConnect_Report2.jpg"],"nonDeceptorImageFiles":["221231/SpeedConnect-221216/10.0/Images/ACR-161/SpeedConnect_LandingPage.png"],"guid":"124e89af-7561-4230-8c44-20693fd44fd5_10.0_1","appID":"SpeedConnect-221216","dateAdded":"221231","deceptorType":"App","name":"SpeedConnect","company":"CBS Software","version":"10.0","lastKnownStatus":"Deceptor:10.0","lastKnownDate":"221231","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-01-02T22:34:33.126547+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1160},{"violations":{"ACR-004":"The application only cleans 500MB off of the disk, then it requires the user to subscribe to continue cleaning the disk items found during free scanning.\n"},"nonDeceptorViolations":{"ACR-002":"The Landing page shows MaCleaner 11, while MaCleaner 12 is displayed on the app about page and App Store Landing Page.\n","ACR-054":"The option to decline the upgrade offer is very little compared to their purchase button.\n"},"samples":[{"isRevoked":"False","fileName":"MaCleaner 12","fileVersion":"0.","hashMD5":"774b3788401cbdbb60e60b688b0a9d2d","hashSHA1":"587408a422a97051f7fde8dfe30f1837aa55c4ec","hashSHA256":"59dcf3fb34cb0b9a489bb68093bde014c46f50cdb7a8c1486b2cb956052dea0d","sourceIndex":"1254","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaning app via app store, under US region","reference":"","landingPage":"https://macleaner.com/","directDownloadingLink":"https://apps.apple.com/us/app/macleaner-12-top-disk-cleaner/id953795652?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/macleaner-12-top-disk-cleaner/id953795652?mt=12","sourceIndex":"1254"}],"sampleFiles":["221231/MaCleaner12-221011/16.0.6/Samples/MaCleaner 12"],"imageFiles":["221231/MaCleaner12-221011/16.0.6/Images/ACR-004/ACR004-1.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-004/ACR004-2.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-004/ACR004-3.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-004/ACR004-4.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-004/ACR004-5.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-004/ACR004.mp4"],"nonDeceptorImageFiles":["221231/MaCleaner12-221011/16.0.6/Images/ACR-002/About.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-002/ValueProposition1.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-002/ACR002.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-054/ACR054-1.png","221231/MaCleaner12-221011/16.0.6/Images/ACR-054/ACR054-2.png"],"guid":"3c3a47a3-df71-494b-9c02-22cdb90012bc_16.0.6_1","appID":"MaCleaner12-221011","dateAdded":"221231","deceptorType":"MacOS App","name":"MaCleaner 12 ","company":"Everyday Tools LLC","version":"16.0.6","firstVendorContactDate":"221012","lastKnownStatus":"Deceptor:16.0.5;16.0.6","lastKnownDate":"221231","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2026-05-04T14:37:45.913058+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1161},{"violations":{"ACR-003":"The app identifies 641 MB of cache files for the following apps \"Ex: Subway Surf, Ludo, Josh, Brave, and Pinterest\" but, when viewed in app settings for these apps the total cache is 80 MB, thus the app exaggerates the identified results\n","ACR-103":"The app suggests cleaning up \"9.48 GB\" of junk/cache. After completing junk clean it says “Cleaned 9.48 GB”,  in the app settings it displays the exact size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"1. The app suggests cleaning up \"9.48 GB\" of junk/cache. After completing junk clean it says “Cleaned 9.48 GB”, when viewed in app settings it displays the exact size of cache data that can be cleaned, which misleads users\n2. The app identifies 641 MB of cache files for the following apps \"Ex: Subway Surf, Ludo, Josh, Brave, and Pinterest\" but, when viewed in app settings for these apps the total cache is 80 MB, thus the app is misleading the users into taking action\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.oversea.clean.app.apk","isInstaller":"True","productVersion":"1.1.6","fileVersion":"1.1.6","hashMD5":"45c4406c69375bc91ed58607266b87f0","hashSHA1":"36654d3defb2fd6910b7f0441ce84dd7095d54cf","hashSHA256":"f2704cc2fe6e0c588d9064623c91e32daff3046ce4583e424576261008f2e53c","sourceIndex":"1256","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.oversea.clean.app","ipv4":"","ipv6":"","sourceIndex":"1256"}],"sampleFiles":["221231/boostermaster-220824/1.1.6/Samples/com.oversea.clean.app.apk"],"imageFiles":["221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning3.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning4.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning3.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning4.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_RescanrResults.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-003/ACR-003_Software_Scan_Result.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-003/ACR-003_Software_Scan_Result1.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data1.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data2.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data3.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data4.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning3.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning4.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning3.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning4.jpg","221231/boostermaster-220824/1.1.6/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_RescanResult.jpg"],"nonDeceptorImageFiles":[],"guid":"b3395dad-d0d1-49a8-93b6-7e90d539319d_1.1.6_1","appID":"boostermaster-220824","dateAdded":"221231","deceptorType":"Android App","name":"Booster Master","company":"nie bing","version":"1.1.6","lastKnownStatus":"Deceptor:1.1.0;1.1.6","lastKnownDate":"221231","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-12-31T08:18:31.4808938+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1163},{"violations":{"ACR-003":"The app displays exaggerated cache data and suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN JUNK” option, it starts cleaning and displays \"Cleaned\" but when viewing app details after cleaning, it displays cache data, thus misleading the user by providing false fix and displaying exaggerated data.\n","ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN JUNK” option, it starts cleaning and displays \"Cleaned\" but when viewing app details after cleaning, it displays cache data, thus unable to verify the app's value proposition. \n","ACR-014":"The app displays exaggerated cache data and suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN JUNK” option, it starts cleaning and displays \"Cleaned\" but when viewing app details after cleaning, it displays cache data, thus misleading the user by providing false fix and displaying exaggerated data.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.oversea.clean.app.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"15037e6e533fa5f76e93aca84b561b8d","hashSHA1":"109af606281785b9af97f92a0704ba936796528a","hashSHA256":"2740936abe78c52fab111c45035187e48822e32e88caa4f9a083908fc0b31479","sourceIndex":"1449","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.oversea.clean.app","ipv4":"","ipv6":"","sourceIndex":"1449"}],"sampleFiles":["220825/boostermaster-220824/1.1.0/Samples/com.oversea.clean.app.apk"],"imageFiles":["220825/boostermaster-220824/1.1.0/Images/ACR-103/ACR-103_Software.png","220825/boostermaster-220824/1.1.0/Images/ACR-103/ACR-103_Software_1.png","220825/boostermaster-220824/1.1.0/Images/ACR-103/ACR-103_Software_2.png","220825/boostermaster-220824/1.1.0/Images/ACR-103/ACR-103_Software_3.png","220825/boostermaster-220824/1.1.0/Images/ACR-103/ACR-103_Software_4.png","220825/boostermaster-220824/1.1.0/Images/ACR-103/ACR-103_Software_5.png","220825/boostermaster-220824/1.1.0/Images/ACR-003/ACR-003_Software.png","220825/boostermaster-220824/1.1.0/Images/ACR-003/ACR-003_Software_1.png","220825/boostermaster-220824/1.1.0/Images/ACR-003/ACR-003_Software_2.png","220825/boostermaster-220824/1.1.0/Images/ACR-003/ACR-003_Software_3.png","220825/boostermaster-220824/1.1.0/Images/ACR-003/ACR-003_Software_4.png","220825/boostermaster-220824/1.1.0/Images/ACR-003/ACR-003_Software_5.png","220825/boostermaster-220824/1.1.0/Images/ACR-014/ACR-014_Software.png","220825/boostermaster-220824/1.1.0/Images/ACR-014/ACR-014_Software_1.png","220825/boostermaster-220824/1.1.0/Images/ACR-014/ACR-014_Software_2.png","220825/boostermaster-220824/1.1.0/Images/ACR-014/ACR-014_Software_3.png","220825/boostermaster-220824/1.1.0/Images/ACR-014/ACR-014_Software_4.png","220825/boostermaster-220824/1.1.0/Images/ACR-014/ACR-014_Software_5.png"],"nonDeceptorImageFiles":[],"guid":"b3395dad-d0d1-49a8-93b6-7e90d539319d_1.1.0_1","appID":"boostermaster-220824","dateAdded":"221231","deceptorType":"Android App","name":"Booster Master","company":"nie bing","version":"1.1.0","lastKnownStatus":"Deceptor:1.1.0;1.1.6","lastKnownDate":"221231","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-12-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1164},{"violations":{"ACR-004":"The application only cleans 500MB off of the disk, then it requires the user to subscribe to continue cleaning the disk items found during free scanning.\n"},"nonDeceptorViolations":{"ACR-002":"The Landing page shows MaCleaner 11, instead of MaCleaner 12 in their App Store Page and actual software\n","ACR-054":"The option to decline the offer is very little compared to their purchase button.\n"},"samples":[{"isRevoked":"False","fileName":"MaCleaner 12","fileVersion":"0.","hashMD5":"a15f430ece689c74c4c7c7460e650516","hashSHA1":"1f322a078055de68d9cb3fd33a612a3ed2f7a9b4","hashSHA256":"bec8d4a105f5ce4e0fef5b771176f045134f70a90bc7d8b9194b8492860883ae","sourceIndex":"1376","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaning app via app store","reference":"","landingPage":"https://macleaner.com/","directDownloadingLink":"https://apps.apple.com/ph/app/macleaner-12-top-disk-cleaner/id953795652?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/macleaner-12-top-disk-cleaner/id953795652?mt=12","sourceIndex":"1376"}],"sampleFiles":["221012/MaCleaner12-221011/16.0.5/Samples/MaCleaner 12"],"imageFiles":["221012/MaCleaner12-221011/16.0.5/Images/ACR-004/USE_CleanFailError.png","221012/MaCleaner12-221011/16.0.5/Images/ACR-004/USE_CleanSample.mp4"],"nonDeceptorImageFiles":["221012/MaCleaner12-221011/16.0.5/Images/ACR-002/USE_AppAbout.png","221012/MaCleaner12-221011/16.0.5/Images/ACR-002/WEB_MaCleaner.png","221012/MaCleaner12-221011/16.0.5/Images/ACR-054/USE_Offer1_Button.png","221012/MaCleaner12-221011/16.0.5/Images/ACR-054/USE_Offer3 button.png"],"guid":"3c3a47a3-df71-494b-9c02-22cdb90012bc_16.0.5_1","appID":"MaCleaner12-221011","dateAdded":"221231","deceptorType":"MacOS App","name":"MaCleaner 12 ","company":"Everyday Tools LLC","version":"16.0.5","firstVendorContactDate":"221012","lastKnownStatus":"Deceptor:16.0.5;16.0.6","lastKnownDate":"221231","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2022-12-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1162},{"violations":{"ACR-103":"The app suggests cleaning up \"147 MB\" of junk/cache. After completing junk clean it says “Cleaned 154 MB”, but in the app settings, it displays the same size of cache data that can be cleaned, also the total cache size of the apps displayed after the Fix (154 MB) differs from the cache displayed in the scan result (147 MB). Thus the app's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"147 MB\" of junk/cache. After completing junk clean it says “Cleaned 154 MB”, but when viewed in app settings it displays the same size of cache data that can be cleaned and also the total cache size of the apps displayed after the Fix (154 MB) differs from the cache displayed in the scan result (147 MB), thus misleading the users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.phone.fast.boost.zclean.apk","isInstaller":"True","productVersion":"1.2.3","fileVersion":"1.2.3","hashMD5":"86304a7f99b85e3192cba6709021fd05","hashSHA1":"78058b821ca5363e8691d1ab10ac553d271a415e","hashSHA256":"69a1cc75a0885b9fa45c92645e33a59e3634d431964cf22232d24f6c3c0375d1","sourceIndex":"1259","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.phone.fast.boost.zclean&hl=en_IN&pli=1","ipv4":"","ipv6":"","sourceIndex":"1259"}],"sampleFiles":["221228/ZCleanerSecurityBooster-221223/1.2.3/Samples/com.phone.fast.boost.zclean.apk"],"imageFiles":["221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-103/ACR-103_Software_Scan_Result_3.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-014/ACR-014_Software_Scan_Result_3.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.jpg","221228/ZCleanerSecurityBooster-221223/1.2.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg"],"nonDeceptorImageFiles":[],"guid":"ca33b03a-4b60-4750-b7dd-1b026376c4c4_1.2.3_1","appID":"ZCleanerSecurityBooster-221223","dateAdded":"221228","deceptorType":"Android App","name":"Z Cleaner Security Booster","company":"Z APPs","version":"1.2.3","lastKnownStatus":"Deceptor:1.2.3","lastKnownDate":"221228","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-12-28T23:28:52.0973832+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1165},{"violations":{"ACR-003":"The app's registry cleaner exaggerates missing/invalid empty registry keys as \"errors\" and of high severity and improvement potential, misleading users to take action.\n","ACR-004":"The app does not provide complete fix for scanned registry issues.\n","ACR-097":"The app suggests the user to add itself to the exclusion list of the AV product in order to prevent detection.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"regsupreme.exe","isInstaller":"True","companyName":"Macecraft Software                                          ","fileVersion":"0.0","hashMD5":"80ef0b3517c6362d0b2044e1d95d1090","hashSHA1":"c7fc28612210f357375b549ad9f50fdead2753ba","hashSHA256":"ff65e052b6530b870b543205b7bd2f36b7093e39f58540abe8930a79cab584fa","sourceIndex":"1261","avBlockList":["Avira Internet Security (20230105)","ESET Internet Security (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","VirIT eXplorer PRO (20230105)","Webroot SecureAnywhere (20230105)"],"avAllowList":["360 Total Security (20230105)","Avast Premium Security (20230105)","AVG Internet Security (20230105)","Bitdefender Internet Security (20230105)","COMODO Antivirus (20230105)","Dr.Web Security Space (20230105)","G DATA INTERNET SECURITY (20230105)","K7 Total Security (20230105)","Kaspersky Internet Security (20230105)","Malwarebytes Premium (20230105)","Trend Micro Internet Security (20230105)","VIPRE Advanced Security (20230105)","Windows Defender (20230105)"]},{"isRevoked":"False","fileName":"RegSupremePro.exe","companyName":"Macecraft Software","productName":"jv16 PowerTools / RegSupreme Pro / RegSupreme","fileVersion":"1.8.0.472","hashMD5":"453d5636b92675cf211fccaa7cf0c1be","hashSHA1":"b61389f72ce0cfc2b7cff9e9a743c4d424dd12c6","hashSHA256":"3ccc784b04fdaea990ebbfa57bf2ca9708af1c0e1bf822f6a20cc454bc749d54","sourceIndex":"1261","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: fixers for windows","reference":"","landingPage":"https://iowin.net/en/regsupreme/","directDownloadingLink":"https://iowin.net/en/regsupreme/?download=true","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://iowin.net/en/regsupreme/?download=true","sourceIndex":"1261"}],"sampleFiles":["221228/RegSupreme-221220/1.8.0.472/Samples/regsupreme.exe","221228/RegSupreme-221220/1.8.0.472/Samples/RegSupremePro.exe"],"imageFiles":["221228/RegSupreme-221220/1.8.0.472/Images/ACR-004/ACR-004_IncompleteFix.jpg","221228/RegSupreme-221220/1.8.0.472/Images/ACR-097/ACR-097-ExclusionList.jpg","221228/RegSupreme-221220/1.8.0.472/Images/ACR-003/ACR-003_Registry_Errors.jpg"],"nonDeceptorImageFiles":[],"guid":"42f663c5-a102-49c8-9814-4c9210e3ddd3_1.8.0.472_1","appID":"RegSupreme-221220","dateAdded":"221228","deceptorType":"App","name":"RegSupreme Pro","company":"Macecraft Software","version":"1.8.0.472","lastKnownStatus":"Deceptor:1.8.0.472","lastKnownDate":"221228","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-12-28T22:49:29.9635058+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1166},{"violations":{"ACR-103":"The app suggests cleaning up \"280 MB\" of junk/cache. After completing junk clean it displays a tick mark that indicates that the junk/cache has been cleaned and it didn't show any junk/cache during rescan, but in the app settings, it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"280 MB\" of junk/cache. After completing junk clean it displays a tick mark that indicates that the junk/cache has been cleaned and it didn't show any junk/cache during rescan, but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.fc.p.vm.phone.booster.apk","isInstaller":"True","productVersion":"1.4","fileVersion":"1.4","hashMD5":"66e4e7ff3e6765bee95139b00960e707","hashSHA1":"47a807a2789986946779d34b688f1013da85361a","hashSHA256":"642e58e4d40279b387a5836bff0cc81998d17af2ca195425c172f9a5adcd003a","sourceIndex":"1258","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.fc.p.vm.phone.booster&hl=en_IN","ipv4":"","ipv6":"","sourceIndex":"1258"}],"sampleFiles":["221228/PhoneCleanerAndBoosterPro-221223/1.4/Samples/com.fc.p.vm.phone.booster.apk"],"imageFiles":["221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_Scan_Result_3.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_5.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_Scan_Result_3.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_5.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","221228/PhoneCleanerAndBoosterPro-221223/1.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg"],"nonDeceptorImageFiles":[],"guid":"f635a4a0-75dd-4947-ad91-90df5ad47b33_1.4_1","appID":"PhoneCleanerAndBoosterPro-221223","dateAdded":"221228","deceptorType":"Android App","name":"Phone Cleaner And Booster Pro","company":"HONEYBEE GLOBAL","version":"1.4","lastKnownStatus":"Deceptor:1.4","lastKnownDate":"221228","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-12-28T23:33:12.5535466+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1167},{"violations":{"ACR-007":"The app's attribution is not clear and the browser's search engines are similar to \"Chrome Browser\" which is misleading the consumer to think it is a \"Chrome Browser\".\n","ACR-085":"The app collects reports from the user's system by default without the user's Knowledge and consent.\n","ACR-055":"Accept/Decline options are not made obvious for the Offer that is not directly related to the main app. Unchecking the preselected Free VPN installation is not a straightforward option for decline.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Maxthon.exe","isInstaller":"True","companyName":"Maxthon Ltd.","fileVersion":"6.2","hashMD5":"a1b76f58aa68bb95cd8b2da38db4dc24","hashSHA1":"3ec57ac6c6bae4d4a3cd57aab271c2196ba2fc8d","hashSHA256":"f452915e3c090db0bbaa0c18c8f6955e699df662623c77d68dce6a8c7c89f304","digitalCertThumbprint":"EBA77039DD69874AF0B7A6CE852AA33F1A3B3198","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Maxthon Technology Co, Ltd.\", O=\"Maxthon Technology Co, Ltd.\", S=Beijing, C=CN","sourceIndex":"725","avBlockList":["McAfee Total Protection (20230207)","Norton Security (20230207)","Sophos Home Premium (20230207)","SpyHunter5 (20230207)","VirIT eXplorer PRO (20230207)"],"avAllowList":["360 Total Security (20230207)","Avast Premium Security (20230207)","AVG Internet Security (20230207)","Avira Internet Security (20230207)","Bitdefender Internet Security (20230207)","COMODO Antivirus (20230207)","Dr.Web Security Space (20230207)","ESET Internet Security (20230207)","G DATA INTERNET SECURITY (20230207)","K7 Total Security (20230207)","Kaspersky Internet Security (20230207)","Malwarebytes Premium (20230207)","Panda Dome (20230207)","Quick Heal Internet Security (20230207)","Total AV Antivirus Pro (20230207)","Trend Micro Internet Security (20230207)","VIPRE Advanced Security (20230207)","Webroot SecureAnywhere (20230207)","Windows Defender (20230207)"]},{"isRevoked":"False","fileName":"maxthon_6.2.0.2000_x64.exe","isInstaller":"True","companyName":"Maxthon Ltd.","fileVersion":"6.2","hashMD5":"bc85082b7e8e6b5ab2895525e48dc9af","hashSHA1":"a1afd5e3000ef0436c7eee6e43631a7fa32688e0","hashSHA256":"f3dd1f9f2df342dd2db67d114951a73b6c886b241403ff5a0168d136ddc2f65a","digitalCertThumbprint":"EBA77039DD69874AF0B7A6CE852AA33F1A3B3198","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Maxthon Technology Co, Ltd.\", O=\"Maxthon Technology Co, Ltd.\", S=Beijing, C=CN","sourceIndex":"725","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: browsers for windows","reference":"","landingPage":"https://www.maxthon.com/","directDownloadingLink":"https://github.com/aoyiteam/maxthon/releases/download/v6.2.0.2000/maxthon_6.2.0.2000_x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://github.com/aoyiteam/maxthon/releases/download/v6.2.0.2000/maxthon_6.2.0.2000_x64.exe","sourceIndex":"725"}],"sampleFiles":["221228/maxthonbrowser-220822/6.2.0.2000/Samples/maxthon_6.2.0.2000_x64.exe"],"imageFiles":["221228/maxthonbrowser-220822/6.2.0.2000/Images/ACR-055/ACR-055_OptionalOffer.jpg","221228/maxthonbrowser-220822/6.2.0.2000/Images/ACR-085/ACR-085_MaxthonBrowser_reports.jpg","221228/maxthonbrowser-220822/6.2.0.2000/Images/ACR-007/ACR-007_MaxthonBrowser.jpg","221228/maxthonbrowser-220822/6.2.0.2000/Images/ACR-059/ACR-059_OptionalOffer.jpg"],"nonDeceptorImageFiles":[],"guid":"8160f86f-abd3-4d61-88b8-c7b1e085a61f_6.2.0.2000_1","appID":"maxthonbrowser-220822","dateAdded":"221228","deceptorType":"App","name":"Maxthon Browser","company":"Maxthon Ltd.","version":"6.2.0.2000","firstVendorContactDate":"231128","firstAppEsteemReplyDate":"231128","firstResolvedDate":"240225","firstResolvedVersion":"7.1.8.6001","resolved":"TRUE","lastKnownStatus":"Deceptor:6.1.3.3000;6.2.0.2000","lastKnownDate":"221228","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2024-02-26T01:09:10.3569172+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1168},{"violations":{"ACR-007":"The app's attribution is not clear and the browser's search engines are similar to \"Chrome Browser\" which is misleading the consumer to think it is a \"Chrome Browser\".\n","ACR-085":"The app collects reports from the user's system by default without the user's Knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains all its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Maxthon\\Application\\Maxthon.exe","companyName":"Maxthon Ltd.","productName":"Maxthon","productVersion":"6.1.3.3000","fileVersion":"6.1.3.3000","hashMD5":"7c20e2805c91e2dbcac9fd7e1bf9b554","hashSHA1":"d5ccea424b5ee2cabf632e933e5f9e5a8a293cfd","hashSHA256":"cf98fb47407dd3e637f8c6da1d0113ff900e7a11afc1d44b5f7c220ad8239f80","digitalCertThumbprint":"EBA77039DD69874AF0B7A6CE852AA33F1A3B3198","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Maxthon Technology Co Ltd.","storeId":"","sourceIndex":"1440","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"maxthon_6.1.3.3000_x64.exe","isInstaller":"True","companyName":"Maxthon Ltd.","productName":"Maxthon Installer","productVersion":"6.1.3.3000","fileVersion":"6.1.3.3000","hashMD5":"152aee09228db66b67528852284f6308","hashSHA1":"baff41127a36c2015e300da913c8643a94bbed18","hashSHA256":"e4f0e8022a48815c8d73924ae6f2d12cf1072c62ae107f8cee7c08918805af3e","digitalCertThumbprint":"EBA77039DD69874AF0B7A6CE852AA33F1A3B3198","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Maxthon Technology Co Ltd.","storeId":"","sourceIndex":"1440","avBlockList":["Avira Internet Security (20220922)","K7 Total Security (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Quick Heal Internet Security (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","VirIT eXplorer PRO (20220922)","Windows Defender (20220922)"],"avAllowList":["360 Total Security (20220922)","Avast Premium Security (20220922)","AVG Internet Security (20220922)","Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","Dr.Web Security Space (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","Panda Dome (20220922)","Trend Micro Internet Security (20220922)","VIPRE Advanced Security (20220922)","Webroot SecureAnywhere (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"Downloadastro.com search on new apps","reference":"","landingPage":"https://www.maxthon.com/","directDownloadingLink":"https://www.maxthon.com/mx6/dl","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.maxthon.com/mx6/dl","sourceIndex":"1440"}],"sampleFiles":["220831/maxthonbrowser-220822/6.1.3.3000/Samples/maxthon_6.1.3.3000_x64.exe"],"imageFiles":["220831/maxthonbrowser-220822/6.1.3.3000/Images/ACR-085/ACR-085_1.JPG","220831/maxthonbrowser-220822/6.1.3.3000/Images/ACR-007/ACR-007.JPG","220831/maxthonbrowser-220822/6.1.3.3000/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":[],"guid":"8160f86f-abd3-4d61-88b8-c7b1e085a61f_6.1.3.3000_1","appID":"maxthonbrowser-220822","dateAdded":"221228","deceptorType":"App","name":"Maxthon Browser","company":"Maxthon Ltd.","version":"6.1.3.3000","firstVendorContactDate":"231128","firstAppEsteemReplyDate":"231128","firstResolvedDate":"240225","firstResolvedVersion":"7.1.8.6001","resolved":"TRUE","lastKnownStatus":"Deceptor:6.1.3.3000;6.2.0.2000","lastKnownDate":"221228","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-02-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1169},{"violations":{"ACR-103":"The app suggests cleaning up \"259.4 MB\" of junk/cache. After completing junk clean it says “259.4 MB Junk Cleaned”, but in the app settings, it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache. \n","ACR-014":"The app suggests cleaning up \"259.4 MB\" of junk/cache. After completing junk clean it says “259.4 MB Junk Cleaned”, but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.clean.phone.turbo.booster.one.master.apk","isInstaller":"True","productVersion":"6.8","fileVersion":"6.8","hashMD5":"7cba748518e3f448e7b9035f86f318bf","hashSHA1":"cd0485342dbf01cbf91d0dfea7139d16aa87a682","hashSHA256":"496f54112802a763a8c3e8536008039b3941561d96d9ae2ab58d610230c9e6b3","sourceIndex":"1264","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.clean.phone.turbo.booster.one.master&hl=en_IN&pli=1","ipv4":"","ipv6":"","sourceIndex":"1264"}],"sampleFiles":["221222/TurboBooster-221219/6.8/Samples/com.clean.phone.turbo.booster.one.master.apk"],"imageFiles":["221222/TurboBooster-221219/6.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221222/TurboBooster-221219/6.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221222/TurboBooster-221219/6.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221222/TurboBooster-221219/6.8/Images/ACR-103/ACR-103_Software_Scan_Result_3.jpg","221222/TurboBooster-221219/6.8/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.jpg","221222/TurboBooster-221219/6.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.jpg","221222/TurboBooster-221219/6.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.jpg","221222/TurboBooster-221219/6.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","221222/TurboBooster-221219/6.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221222/TurboBooster-221219/6.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221222/TurboBooster-221219/6.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221222/TurboBooster-221219/6.8/Images/ACR-014/ACR-014_Software_Scan_Result_3.jpg","221222/TurboBooster-221219/6.8/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.jpg","221222/TurboBooster-221219/6.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.jpg","221222/TurboBooster-221219/6.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.jpg","221222/TurboBooster-221219/6.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg"],"nonDeceptorImageFiles":[],"guid":"9d31b94f-81f3-49f3-9645-a04ba2ac4c45_6.8_1","appID":"TurboBooster-221219","dateAdded":"221222","deceptorType":"Android App","name":"Turbo Booster","company":"Begamob Global","version":"6.8","lastKnownStatus":"Deceptor:6.8","lastKnownDate":"221222","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-12-22T13:51:47.0438872+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1170},{"violations":{"ACR-048":"It does not provide setting control to disable scheduled task within the app.\n\n","ACR-003":"The app does not show details about the list of running processes. It displays a status that a process is SLOW when the trial has expired while no modification was made in the system, and provides no details to validate it. This tricks the user to upgrade to a full version.\n","ACR-014":"It displays the status of a Process from FAST to SLOW after trial has expired despite no modification was made in the system compelling the user to upgrade to a full version. \n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TURBO.exe","companyName":"Turbo","productName":"TURBO               ","fileVersion":"1.0.0.37","hashMD5":"b8fcd7bb6c2022ec1b6cb247aabc7c77","hashSHA1":"d5e9e441e70f750ec8b6d80f13e6cb3da89990e9","hashSHA256":"7e19c484f14ff23096191611b8844e52b713c918f22c88455e8ecd6272f01786","digitalCertThumbprint":"F7BE5F95704D02BE90540ABFDD591870BDDD037F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=C.K.Technologies Pvt Ltd, O=C.K.Technologies Pvt Ltd, STREET=\"#2 Reddy Colony\", STREET=Ramalingapuram, STREET=Nammalwarpet, L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"1262","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TURBO_Setup.exe","isInstaller":"True","companyName":"Turbo                                                       ","productName":"TURBO               ","fileVersion":"1.0.0.37 ","hashMD5":"f825b90143e2a3a305bc6f164803ad8c","hashSHA1":"55f82eba9ffe877e1d15e7a3f577a47ff9de5e1e","hashSHA256":"dedd6795c626d87ef4a1e65fc2a69271364cee07c2db73fdedc88c31fa0f2524","digitalCertThumbprint":"93B8B8A621EAEC8CEDAD26716F9C4A72FD00DAF7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=MAXIMUM SOFTWARE, O=MAXIMUM SOFTWARE, STREET=2105 Highway 31, L=Beebe, S=AR, PostalCode=72012, C=US","sourceIndex":"1262","avBlockList":["360 Total Security (20230103)","Avast Premium Security (20230103)","AVG Internet Security (20230103)","Avira Internet Security (20230103)","ESET Internet Security (20230103)","K7 Total Security (20230103)","Kaspersky Internet Security (20230103)","McAfee Total Protection (20230103)","Norton Security (20230103)","Panda Dome (20230103)","Quick Heal Internet Security (20230103)","Sophos Home Premium (20230103)","SpyHunter5 (20230103)","Total AV Antivirus Pro (20230103)","VirIT eXplorer PRO (20230103)","Windows Defender (20230103)"],"avAllowList":["Bitdefender Internet Security (20230103)","COMODO Antivirus (20230103)","Dr.Web Security Space (20230103)","G DATA INTERNET SECURITY (20230103)","Malwarebytes Premium (20230103)","Trend Micro Internet Security (20230103)","VIPRE Advanced Security (20230103)","Webroot SecureAnywhere (20230103)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search: Windows apps to speed up computer","reference":"","landingPage":"https://turboboost.io/","directDownloadingLink":"https://turboboost.io/TURBO_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://turboboost.io/TURBO_Setup.exe","sourceIndex":"1262"}],"sampleFiles":["221222/Turbo-221220/1.0.0.37/Samples/TURBO.exe","221222/Turbo-221220/1.0.0.37/Samples/TURBO_Setup.exe"],"imageFiles":["221222/Turbo-221220/1.0.0.37/Images/ACR-048/ACR-048_ScheduledTask.jpg","221222/Turbo-221220/1.0.0.37/Images/ACR-048/ACR-048_NoSettingonApp.jpg","221222/Turbo-221220/1.0.0.37/Images/ACR-003/ACR-003_UnsubstantiatedStatus.jpg","221222/Turbo-221220/1.0.0.37/Images/ACR-003/ACR-003_UnsubstantiatedStatus_Inactive.jpg","221222/Turbo-221220/1.0.0.37/Images/ACR-003/ACR-003_UnsubstantiatedStatus_Inactive_ProcEx.jpg","221222/Turbo-221220/1.0.0.37/Images/ACR-014/ACR-014_Trial_Active_Procex.jpg","221222/Turbo-221220/1.0.0.37/Images/ACR-014/ACR-014_Trial_Inactive_Procex.jpg","221222/Turbo-221220/1.0.0.37/Images/ACR-014/ACR-014_Trial_Active_Chrome.jpg","221222/Turbo-221220/1.0.0.37/Images/ACR-014/ACR-014_Trial_Inactive_Chrome.jpg"],"nonDeceptorImageFiles":[],"guid":"76e679fc-755b-490b-a924-5feb03d7543d_1.0.0.37_1","appID":"Turbo-221220","dateAdded":"221222","deceptorType":"App","name":"Turbo","company":"Turbo","version":"1.0.0.37","lastKnownStatus":"Deceptor:1.0.0.37","lastKnownDate":"221222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-12-22T14:26:15.8075439+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1171},{"violations":{"ACR-048":"The app does not provide control to disable created scheduled task.\n","ACR-003":"App exaggerates free scan results with alarming colors and assesses missing and invalid empty registry keys as errors with high risk of performance loss. It also gauges the system health's status as Low compelling user to take action.\n","ACR-004":"The app does not provide complete fix for free scan results. It uses errors identified during free scan to upsell to a subscription service in order to fix all results.\n","ACR-017":"Software displays MSFT partner logo as if MSFT endorsed PC Booster.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pcbinstall.exe","isInstaller":"True","productName":"","fileVersion":"0.0","hashMD5":"7d56bb2750ff7e8308a5579a7adab90a","hashSHA1":"36cab9b56a8a8453c08a8a8a74c51f8e4752ec19","hashSHA256":"c5b3a4e4c39e78df47e8dfefc4a83b41f1d08f04de9459359995f1b11bc4a6e5","digitalCertThumbprint":"070A1363B950BAB105531C6E73459558A3EAED69","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=eSellerate, OU=SECURE APPLICATION DEVELOPMENT, O=eSellerate, L=Lincoln, S=Nebraska, C=US","sourceIndex":"1266","avBlockList":["Avast Premium Security (20230103)","AVG Internet Security (20230103)","Avira Internet Security (20230103)","Dr.Web Security Space (20230103)","ESET Internet Security (20230103)","G DATA INTERNET SECURITY (20230103)","K7 Total Security (20230103)","Malwarebytes Premium (20230103)","McAfee Total Protection (20230103)","Norton Security (20230103)","Quick Heal Internet Security (20230103)","Sophos Home Premium (20230103)","SpyHunter5 (20230103)","Total AV Antivirus Pro (20230103)","VirIT eXplorer PRO (20230103)"],"avAllowList":["360 Total Security (20230103)","Bitdefender Internet Security (20230103)","COMODO Antivirus (20230103)","Kaspersky Internet Security (20230103)","Panda Dome (20230103)","Trend Micro Internet Security (20230103)","VIPRE Advanced Security (20230103)","Webroot SecureAnywhere (20230103)","Windows Defender (20230103)"]},{"isRevoked":"False","fileName":"PCBooster.exe","companyName":"PC Booster","productName":"PC Booster","fileVersion":"1.1.5.5","hashMD5":"daffa0f7b409e02d147360340e4b8ae5","hashSHA1":"19ef76e9d8ef20f43695b70eb2aadfa1f12a2e95","hashSHA256":"980471eefd591fe89e4a73623a2ce938aeed2f97a9a915650019d92610609ad6","digitalCertThumbprint":"B5BCD9ABA0EB68A7F1CFFB080E68E8FB15EB7940","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Energizer Softech, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Energizer Softech, L=Delhi, S=Delhi, C=IN","sourceIndex":"1266","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: PC fixer for windows","reference":"","landingPage":"https://pc-booster.en.softonic.com/support","directDownloadingLink":"https://en.softonic.com/download/pc-booster/windows/post-download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.softonic.com/download/pc-booster/windows/post-download","sourceIndex":"1266"}],"sampleFiles":["221222/PCBooster-221214/1.1.5.5/Samples/pcbinstall.exe","221222/PCBooster-221214/1.1.5.5/Samples/PCBooster.exe"],"imageFiles":["221222/PCBooster-221214/1.1.5.5/Images/ACR-004/ACR-004_IncompleteFix.jpg","221222/PCBooster-221214/1.1.5.5/Images/ACR-048/ACR-048_ScheduledTask.jpg","221222/PCBooster-221214/1.1.5.5/Images/ACR-003/ACR-003_ExaggeratedResults.jpg","221222/PCBooster-221214/1.1.5.5/Images/ACR-003/ACR-003_ExaggeratedSystemHealth.jpg","221222/PCBooster-221214/1.1.5.5/Images/ACR-003/ACR-003_Errors.jpg","221222/PCBooster-221214/1.1.5.5/Images/ACR-017/MSFT.jpg"],"nonDeceptorImageFiles":[],"guid":"f9526772-4db9-4235-973c-56c1e9c09299_1.1.5.5_1","appID":"PCBooster-221214","dateAdded":"221222","deceptorType":"App","name":"PC Booster","company":"PCBooster PC Booster","version":"1.1.5.5","lastKnownStatus":"Deceptor:1.1.5.5","lastKnownDate":"221222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-12-22T13:05:02.6418374+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1172},{"violations":{"ACR-043":"Open source project \"Open VPN\" installed without disclosing. 'FFmpeg' is installed without any disclosing\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package and  'OpenVPN'.\n","ACR-048":"The app does not provide control to remove its background processes completely within the app's settings.\n","ACR-007":"During installation, the app doesn't explicitly disclose that the user needs to join the P2P network to use the app, doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On closing the app, it runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n","ACR-039":"The app installs the Tap windows program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\StarVPN\\resources\\stub\\StarVPNStart.exe","companyName":"StarVPN","productName":"StarVPN","productVersion":"","fileVersion":"","hashMD5":"44eeb6189f2cd96230333a1ce92c7b49","hashSHA1":"3cfc34ac4590492a4f1a4c2d5b715850bfaba5ab","hashSHA256":"f2d625be8b89e288d54cd3563be3180ab7ba771a5fe4644ec75769a38fc0c528","digitalCertThumbprint":"E0018D22660D941801FEC99C874CD4A43505C977","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1669","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\StarVPN\\StarVPN.exe","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.18.0","fileVersion":"1.1.18","hashMD5":"11a38cdc26f4cf9e3f738c2995a425eb","hashSHA1":"cf681f65092b2268ddd3d67f33bc7ddac842ab43","hashSHA256":"b1d2116035dc63417c108a39168732e9dde7354af7921f7191083a6d3adba2e9","digitalCertThumbprint":"E0018D22660D941801FEC99C874CD4A43505C977","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1669","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StarVPN-FR1-x64-latest.exe","isInstaller":"True","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.18","fileVersion":"1.1.18","hashMD5":"b2a1026832a17832bc4272f544ab75d6","hashSHA1":"71b14f0ba84125f88f43217b9a7e9b136ab1e22e","hashSHA256":"d81da58a3544fcfaffae73d9247ececf0bb649e595acb537a6e74b5ab83e045c","digitalCertThumbprint":"E0018D22660D941801FEC99C874CD4A43505C977","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1669","avBlockList":["360 Total Security (20220407)","Avira Internet Security (20220407)","Bitdefender Internet Security (20220407)","Dr.Web Security Space (20220407)","G DATA INTERNET SECURITY (20220407)","K7 Total Security (20220407)","Kaspersky Internet Security (20220407)","McAfee Total Protection (20220407)","Norton Security (20220407)","Panda Dome (20220407)","Sophos Home Premium (20220407)","SpyHunter5 (20220407)","Total AV Antivirus Pro (20220407)","VIPRE Advanced Security (20220407)","VirIT eXplorer PRO (20220407)","Windows Defender (20220407)"],"avAllowList":["Avast Premium Security (20220407)","AVG Internet Security (20220407)","COMODO Antivirus (20220407)","ESET Internet Security (20220407)","Malwarebytes Premium (20220407)","Quick Heal Internet Security (20220407)","Tencent PC Manager (20220407)","Trend Micro Internet Security (20220407)","Webroot SecureAnywhere (20220407)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.starvpn.com/free-vpn/","directDownloadingLink":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","sourceIndex":"1669"}],"sampleFiles":["220328/starvpn-220328/1.1.18/Samples/StarVPN-FR1-x64-latest.exe"],"imageFiles":["220328/starvpn-220328/1.1.18/Images/ACR-039/ACR-039_Install_Tap_Installation.JPG","220328/starvpn-220328/1.1.18/Images/ACR-039/ACR-039_Install_Tap_Installation_1.JPG","220328/starvpn-220328/1.1.18/Images/ACR-043/ACR-043_Install.JPG","220328/starvpn-220328/1.1.18/Images/ACR-043/ACR-043_Install.JPG","220328/starvpn-220328/1.1.18/Images/ACR-043/ACR-043_Install_1.JPG","220328/starvpn-220328/1.1.18/Images/ACR-107/ACR-107_Install.JPG","220328/starvpn-220328/1.1.18/Images/ACR-107/ACR-107_Install_1.JPG","220328/starvpn-220328/1.1.18/Images/ACR-107/ACR-107_Install_2.JPG","220328/starvpn-220328/1.1.18/Images/ACR-084/ACR-084_Software_Process.JPG","220328/starvpn-220328/1.1.18/Images/ACR-048/ACR-048_Software_No_Control.JPG","220328/starvpn-220328/1.1.18/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220328/starvpn-220328/1.1.18/Images/ACR-007/ACR-007_Software.JPG","220328/starvpn-220328/1.1.18/Images/ACR-118/ACR-118_Uninstall.JPG","220328/starvpn-220328/1.1.18/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":[],"guid":"e0272a01-5995-4894-99ee-1cca96ef3830_1.1.18_1","appID":"starvpn-220328","dateAdded":"221214","deceptorType":"App","name":"StarVPN","company":"StarVPN","version":"1.1.18","firstVendorContactDate":"240308","firstAppEsteemReplyDate":"240308","firstResolvedDate":"240314","firstResolvedVersion":"1.1.29","resolved":"TRUE","lastKnownStatus":"1.1.18;1.1.19;1.1.20;1.1.22;1.1.24;1.1.25","lastKnownDate":"240314","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1178},{"violations":{"ACR-043":"Open source project \"Open VPN\" installed without disclosing. 'FFmpeg' is installed without any disclosing\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package and  'OpenVPN'.\n","ACR-048":"The app does not provide control to disable the notification and remove its background processes completely within the app's settings.\n","ACR-007":"During installation, the app doesn't explicitly disclose that the user needs to join the P2P network to use the app, doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On closing the app, it runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n","ACR-039":"The app installs the Tap windows program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\StarVPN\\StarVPN.exe","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.19.0","fileVersion":"1.1.19","hashMD5":"0d31b2be91f68959bfab4b493b4de406","hashSHA1":"42bd11731ffb6a645cbd09ffa959a0e0e7f08f5c","hashSHA256":"0f7e7b1fbdcb76eb6ba9655c9e7cc07337f39ff001152adbdfe5a7247a0a808e","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1646","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\StarVPN\\resources\\stub\\StarVPNStart.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b5ab5d02909d42ce7c71fceb978161ae","hashSHA1":"9d1a65f6f11637e96ecfb656ff102e42dd2faadd","hashSHA256":"f5263c51855df9bd61bccee785fe4fee120ca8a0b8c7ea329b827dfdf090770f","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1646","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StarVPN-FR1-x64-latest.exe","isInstaller":"True","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.19","fileVersion":"1.1.19","hashMD5":"5436bad4c4c9f8c050f1547edfb241a6","hashSHA1":"bdc9f7ae2593c38abe4193d84c40c150ffa6d808","hashSHA256":"37fdc8085eb9ce43a6f7b5db357b6ebb67df89cf959fe169317167bed518be70","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1646","avBlockList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Avira Internet Security (20220428)","K7 Total Security (20220428)","McAfee Total Protection (20220428)","Norton Security (20220428)","Panda Dome (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Total AV Antivirus Pro (20220428)","VirIT eXplorer PRO (20220428)"],"avAllowList":["Bitdefender Internet Security (20220428)","COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","ESET Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","Kaspersky Internet Security (20220428)","Malwarebytes Premium (20220428)","Quick Heal Internet Security (20220428)","Tencent PC Manager (20220428)","Trend Micro Internet Security (20220428)","VIPRE Advanced Security (20220428)","Webroot SecureAnywhere (20220428)","Windows Defender (20220428)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.starvpn.com/free-vpn/","directDownloadingLink":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","sourceIndex":"1646"}],"sampleFiles":["220413/starvpn-220328/1.1.19/Samples/StarVPN-FR1-x64-latest.exe"],"imageFiles":["220413/starvpn-220328/1.1.19/Images/ACR-039/ACR-039_Install_Tap_Installation.JPG","220413/starvpn-220328/1.1.19/Images/ACR-039/ACR-039_Install_Tap_Installation_1.JPG","220413/starvpn-220328/1.1.19/Images/ACR-043/ACR-043_Install.JPG","220413/starvpn-220328/1.1.19/Images/ACR-043/ACR-043_Install_1.JPG","220413/starvpn-220328/1.1.19/Images/ACR-043/ACR-043_Install_2.JPG","220413/starvpn-220328/1.1.19/Images/ACR-107/ACR-107_Install.JPG","220413/starvpn-220328/1.1.19/Images/ACR-107/ACR-107_Install_1.JPG","220413/starvpn-220328/1.1.19/Images/ACR-107/ACR-107_Install_2.JPG","220413/starvpn-220328/1.1.19/Images/ACR-084/ACR-084.JPG","220413/starvpn-220328/1.1.19/Images/ACR-048/ACR-048_Software_No_Control.JPG","220413/starvpn-220328/1.1.19/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220413/starvpn-220328/1.1.19/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220413/starvpn-220328/1.1.19/Images/ACR-007/ACR-007_1.JPG","220413/starvpn-220328/1.1.19/Images/ACR-118/ACR-118.JPG","220413/starvpn-220328/1.1.19/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":[],"guid":"e0272a01-5995-4894-99ee-1cca96ef3830_1.1.19_1","appID":"starvpn-220328","dateAdded":"221214","deceptorType":"App","name":"StarVPN","company":"StarVPN","version":"1.1.19","sigName":"Deceptor:Win32/StarVPN!039043107084048007118","firstVendorContactDate":"240308","firstAppEsteemReplyDate":"240308","firstResolvedDate":"240314","firstResolvedVersion":"1.1.29","resolved":"TRUE","lastKnownStatus":"1.1.18;1.1.19;1.1.20;1.1.22;1.1.24;1.1.25","lastKnownDate":"240314","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1177},{"violations":{"ACR-042":"Open source project \"Open VPN\", \"Wintun\" and 'FFmpeg' is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"Open VPN\", \"Wintun\" and 'FFmpeg' is installed without any disclosure in the EULA.\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package, \"Wintun\" and  'OpenVPN'.\n","ACR-048":"The app does not provide control to remove its background processes completely within the app's settings.\n","ACR-007":"During installation, the app doesn't explicitly disclose that the user needs to join the P2P network to use the app, doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On closing the app, many processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n","ACR-039":"The app installs the Wintun program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages (https://www.starvpn.com/free-vpn/  and  https://www.starvpn.com/category/blog/).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\StarVPN\\StarVPN.exe","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.24.0","fileVersion":"1.1.24","hashMD5":"3fc621d6400d69de6a5185a717dfe4f7","hashSHA1":"6a5ae21ff660a35fcca34323c27c9620152a8c19","hashSHA256":"945da5287b87ebda4c5eb36878bd6521e31feae0cf8f5a97192015f2ad3eb497","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1366","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StarVPN-x64-latest.exe","isInstaller":"True","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.24","fileVersion":"1.1.24","hashMD5":"e9c9a406d9eff8a7faf9becf032fd6fb","hashSHA1":"9b93c3635305f50bb38eef8cf91a6a7184fc6c36","hashSHA256":"7b88d3b1e19624be8f7da07cf9387592be38dcd57498b864311e3f59efe826a6","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1366","avBlockList":["360 Total Security (20230413)","Avast Premium Security (20230413)","AVG Internet Security (20230413)","Avira Internet Security (20230413)","COMODO Antivirus (20230413)","ESET Internet Security (20230413)","K7 Total Security (20230413)","Kaspersky Internet Security (20230413)","Malwarebytes Premium (20230413)","McAfee Total Protection (20230413)","Norton Security (20230413)","Panda Dome (20230413)","Quick Heal Internet Security (20230413)","Sophos Home Premium (20230413)","SpyHunter5 (20230413)","Total AV Antivirus Pro (20230413)","VirIT eXplorer PRO (20230413)","Webroot SecureAnywhere (20230413)"],"avAllowList":["Bitdefender Internet Security (20230413)","Dr.Web Security Space (20230413)","G DATA INTERNET SECURITY (20230413)","Trend Micro Internet Security (20230413)","VIPRE Advanced Security (20230413)","Windows Defender (20230413)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.starvpn.com/free-vpn/","directDownloadingLink":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","sourceIndex":"1366"}],"sampleFiles":["221017/starvpn-220328/1.1.24/Samples/StarVPN_Setup.exe"],"imageFiles":["221017/starvpn-220328/1.1.24/Images/ACR-039/ACR-039.JPG","221017/starvpn-220328/1.1.24/Images/ACR-039/ACR-039_1.JPG","221017/starvpn-220328/1.1.24/Images/ACR-043/ACR-043.JPG","221017/starvpn-220328/1.1.24/Images/ACR-043/ACR-043_1.JPG","221017/starvpn-220328/1.1.24/Images/ACR-043/ACR-043_2.JPG","221017/starvpn-220328/1.1.24/Images/ACR-043/ACR-043_3.JPG","221017/starvpn-220328/1.1.24/Images/ACR-107/ACR-107.JPG","221017/starvpn-220328/1.1.24/Images/ACR-107/ACR-107_1.JPG","221017/starvpn-220328/1.1.24/Images/ACR-107/ACR-107_2.JPG","221017/starvpn-220328/1.1.24/Images/ACR-107/ACR-107_3.JPG","221017/starvpn-220328/1.1.24/Images/ACR-042/ACR-042.JPG","221017/starvpn-220328/1.1.24/Images/ACR-042/ACR-042_1.JPG","221017/starvpn-220328/1.1.24/Images/ACR-042/ACR-042_2.JPG","221017/starvpn-220328/1.1.24/Images/ACR-042/ACR-042_3.JPG","221017/starvpn-220328/1.1.24/Images/ACR-084/ACR-084.JPG","221017/starvpn-220328/1.1.24/Images/ACR-084/ACR-084_1.JPG","221017/starvpn-220328/1.1.24/Images/ACR-048/ACR-048.JPG","221017/starvpn-220328/1.1.24/Images/ACR-048/ACR-048_1.JPG","221017/starvpn-220328/1.1.24/Images/ACR-048/ACR-048_2.JPG","221017/starvpn-220328/1.1.24/Images/ACR-007/ACR-007.JPG","221017/starvpn-220328/1.1.24/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221017/starvpn-220328/1.1.24/Images/ACR-018/ACR-018.JPG","221017/starvpn-220328/1.1.24/Images/ACR-018/ACR-018_1.JPG"],"guid":"e0272a01-5995-4894-99ee-1cca96ef3830_1.1.24_1","appID":"starvpn-220328","dateAdded":"221214","deceptorType":"App","name":"StarVPN","company":"StarVPN","version":"1.1.24","firstVendorContactDate":"240308","firstAppEsteemReplyDate":"240308","firstResolvedDate":"240314","firstResolvedVersion":"1.1.29","resolved":"TRUE","lastKnownStatus":"1.1.18;1.1.19;1.1.20;1.1.22;1.1.24;1.1.25","lastKnownDate":"240314","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1174},{"violations":{"ACR-042":"Open source project \"Open VPN\", \"Wintun\" and 'FFmpeg' is installed without any disclosure in EULA.\n","ACR-043":"Open source project \"Open VPN\", \"Wintun\" and 'FFmpeg' is installed without any disclosure in the EULA.\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package, \"Wintun\" and  'OpenVPN'.\n","ACR-048":"The app does not provide control to remove its background processes completely within the app's settings.\n","ACR-007":"During installation, the app doesn't explicitly disclose that the user needs to join the P2P network to use the app, doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On closing the app, many processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n","ACR-039":"The app installs the Wintun program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages (https://www.starvpn.com/free-vpn/  and  https://www.starvpn.com/category/blog/).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\STARVPN\\STARVPN.exe","companyName":"StarVPN","productName":"STARVPN","productVersion":"1.1.25.0","fileVersion":"1.1.25","hashMD5":"bafae2a23bb9bba2b355e29dcebbebbb","hashSHA1":"4f79877967d7763cbf38c03a401960c77bdcd80f","hashSHA256":"db391e0d58e0bb1ba62c85d0c7124b1cd5971cbdaa9856bafe18b7d52d843257","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"710","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StarVPN-FR1-x64-latest.exe","isInstaller":"True","companyName":"StarVPN","productName":"STARVPN","productVersion":"1.1.25","fileVersion":"1.1.25","hashMD5":"f4e97f0a6aeda435e0741db415aba2eb","hashSHA1":"147401caa806fecf6750fa8dec0abb679bfd400e","hashSHA256":"882886275ff0c2c89434d44697bf3f06970ed0945862a8a41036425502313f55","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"710","avBlockList":["360 Total Security (20230105)","Avast Premium Security (20230105)","AVG Internet Security (20230105)","Avira Internet Security (20230105)","Bitdefender Internet Security (20230105)","COMODO Antivirus (20230105)","ESET Internet Security (20230105)","G DATA INTERNET SECURITY (20230105)","K7 Total Security (20230105)","Kaspersky Internet Security (20230105)","Malwarebytes Premium (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","VIPRE Advanced Security (20230105)","VirIT eXplorer PRO (20230105)","Webroot SecureAnywhere (20230105)"],"avAllowList":["Dr.Web Security Space (20230105)","Trend Micro Internet Security (20230105)","Windows Defender (20230105)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.starvpn.com/free-vpn/","directDownloadingLink":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","sourceIndex":"710"}],"sampleFiles":["221214/starvpn-220328/1.1.25/Samples/StarVPN-FR1-x64-latest.exe"],"imageFiles":["221214/starvpn-220328/1.1.25/Images/ACR-039/ACR-039 (1).JPG","221214/starvpn-220328/1.1.25/Images/ACR-039/ACR-039 (2).JPG","221214/starvpn-220328/1.1.25/Images/ACR-043/ACR-043 (1).JPG","221214/starvpn-220328/1.1.25/Images/ACR-043/ACR-043 (2).JPG","221214/starvpn-220328/1.1.25/Images/ACR-043/ACR-043 (3).JPG","221214/starvpn-220328/1.1.25/Images/ACR-043/ACR-043 (4).JPG","221214/starvpn-220328/1.1.25/Images/ACR-107/ACR-107 (1).JPG","221214/starvpn-220328/1.1.25/Images/ACR-107/ACR-107 (2).JPG","221214/starvpn-220328/1.1.25/Images/ACR-107/ACR-107 (3).JPG","221214/starvpn-220328/1.1.25/Images/ACR-107/ACR-107 (4).JPG","221214/starvpn-220328/1.1.25/Images/ACR-042/ACR-042 (1).JPG","221214/starvpn-220328/1.1.25/Images/ACR-042/ACR-042 (2).JPG","221214/starvpn-220328/1.1.25/Images/ACR-042/ACR-042 (3).JPG","221214/starvpn-220328/1.1.25/Images/ACR-042/ACR-042 (4).JPG","221214/starvpn-220328/1.1.25/Images/ACR-084/ACR-084 (1).JPG","221214/starvpn-220328/1.1.25/Images/ACR-084/ACR-084 (2).JPG","221214/starvpn-220328/1.1.25/Images/ACR-048/ACR-048 (1).JPG","221214/starvpn-220328/1.1.25/Images/ACR-048/ACR-048 (2).JPG","221214/starvpn-220328/1.1.25/Images/ACR-048/ACR-048 (3).JPG","221214/starvpn-220328/1.1.25/Images/ACR-007/ACR-007.JPG","221214/starvpn-220328/1.1.25/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221214/starvpn-220328/1.1.25/Images/ACR-018/ACR-018.JPG","221214/starvpn-220328/1.1.25/Images/ACR-018/ACR-018_1.JPG"],"guid":"e0272a01-5995-4894-99ee-1cca96ef3830_1.1.25_1","appID":"starvpn-220328","dateAdded":"221214","deceptorType":"App","name":"StarVPN","company":"StarVPN","version":"1.1.25","firstVendorContactDate":"240308","firstAppEsteemReplyDate":"240308","firstResolvedDate":"240314","firstResolvedVersion":"1.1.29","resolved":"TRUE","lastKnownStatus":"1.1.18;1.1.19;1.1.20;1.1.22;1.1.24;1.1.25","lastKnownDate":"240314","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-14T18:57:13.2629524+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1173},{"violations":{"ACR-042":"Open source project \"Open VPN\", \"Wintun\" and 'FFmpeg' is installed without any disclosing.\n","ACR-043":"Open source project \"Open VPN\" , \"Wintun\" and 'FFmpeg' is installed without any disclosing\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package, \"Wintun\" and  'OpenVPN'.\n","ACR-048":"The app does not provide control to remove its background processes completely within the app's settings.\n","ACR-007":"During installation, the app doesn't explicitly disclose that the user needs to join the P2P network to use the app, doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On closing the app, many processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n","ACR-039":"The app installs the Wintun program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.starvpn.com/free-vpn/  and  https://www.starvpn.com/category/blog/)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\StarVPN\\StarVPN.exe","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.22.0","fileVersion":"1.1.22","hashMD5":"0322be0e8658e210faa67215b4649612","hashSHA1":"2dd0ba03247dd375cdbb86e458109889b57d1979","hashSHA256":"19f180105a2e293a1304666f7e697486d0e42cb14125e3d8ab62e3b425a02ed7","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1409","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\WindowsNetService\\windowsnetservicehelper.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"c48855fe677eb4d5c999c01eccfdb0bc","hashSHA1":"fa5d96cbde348756b0b9b10d5ab139913e636831","hashSHA256":"e721fce186944a3a5c0e822dd4ba71754b217f9cd153707c49d76fcfcb297c06","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1409","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StarVPN-FR1-x64-latest.exe","isInstaller":"True","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.22","fileVersion":"1.1.22","hashMD5":"cb19c03b1f3b8dcb8df664d32a3b3fa9","hashSHA1":"007265f78840e8f6077ad3f9e915c57cbefeb7b9","hashSHA256":"ae8e8af076b9ff068c99c8c4ae86ba222fbec519f9630226a8b2f6dc04ceed21","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1409","avBlockList":["360 Total Security (20230420)","Avast Premium Security (20230420)","AVG Internet Security (20230420)","Avira Internet Security (20230420)","Bitdefender Internet Security (20230420)","COMODO Antivirus (20230420)","ESET Internet Security (20230420)","K7 Total Security (20230420)","Kaspersky Internet Security (20230420)","Malwarebytes Premium (20230420)","McAfee Total Protection (20230420)","Norton Security (20230420)","Panda Dome (20230420)","Quick Heal Internet Security (20230420)","Sophos Home Premium (20230420)","SpyHunter5 (20230420)","Total AV Antivirus Pro (20230420)","VIPRE Advanced Security (20230420)","VirIT eXplorer PRO (20230420)","Webroot SecureAnywhere (20230420)"],"avAllowList":["Dr.Web Security Space (20230420)","G DATA INTERNET SECURITY (20230420)","Trend Micro Internet Security (20230420)","Windows Defender (20230420)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","directDownloadingLink":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","sourceIndex":"1409"}],"sampleFiles":["220926/starvpn-220328/1.1.22/Samples/StarVPN-FR1-x64-latest.exe"],"imageFiles":["220926/starvpn-220328/1.1.22/Images/ACR-039/ACR-039.JPG","220926/starvpn-220328/1.1.22/Images/ACR-039/ACR-039_1.JPG","220926/starvpn-220328/1.1.22/Images/ACR-043/ACR-043_Install_2.JPG","220926/starvpn-220328/1.1.22/Images/ACR-043/ACR-043 (1).JPG","220926/starvpn-220328/1.1.22/Images/ACR-043/ACR-043 (2).JPG","220926/starvpn-220328/1.1.22/Images/ACR-043/ACR-043_1.JPG","220926/starvpn-220328/1.1.22/Images/ACR-043/ACR-043_2.JPG","220926/starvpn-220328/1.1.22/Images/ACR-107/ACR-107_Install_3.JPG","220926/starvpn-220328/1.1.22/Images/ACR-107/ACR-107 (1).JPG","220926/starvpn-220328/1.1.22/Images/ACR-107/ACR-107 (2).JPG","220926/starvpn-220328/1.1.22/Images/ACR-107/ACR-107 (3).JPG","220926/starvpn-220328/1.1.22/Images/ACR-107/ACR-107 (4).JPG","220926/starvpn-220328/1.1.22/Images/ACR-042/ACR-042 (1).JPG","220926/starvpn-220328/1.1.22/Images/ACR-042/ACR-042 (2).JPG","220926/starvpn-220328/1.1.22/Images/ACR-042/ACR-042 (3).JPG","220926/starvpn-220328/1.1.22/Images/ACR-042/ACR-042 (4).JPG","220926/starvpn-220328/1.1.22/Images/ACR-084/ACR-084_1.JPG","220926/starvpn-220328/1.1.22/Images/ACR-084/ACR-084_2.JPG","220926/starvpn-220328/1.1.22/Images/ACR-048/ACR-048 (1).JPG","220926/starvpn-220328/1.1.22/Images/ACR-048/ACR-048 (2).JPG","220926/starvpn-220328/1.1.22/Images/ACR-048/ACR-048 (3).JPG","220926/starvpn-220328/1.1.22/Images/ACR-007/ACR-007_1.JPG","220926/starvpn-220328/1.1.22/Images/ACR-118/ACR-118_1.JPG","220926/starvpn-220328/1.1.22/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["220926/starvpn-220328/1.1.22/Images/ACR-018/ACR-018_1.JPG","220926/starvpn-220328/1.1.22/Images/ACR-018/ACR-018_2.JPG"],"guid":"e0272a01-5995-4894-99ee-1cca96ef3830_1.1.22_1","appID":"starvpn-220328","dateAdded":"221214","deceptorType":"App","name":"StarVPN","company":"StarVPN","version":"1.1.22","firstVendorContactDate":"240308","firstAppEsteemReplyDate":"240308","firstResolvedDate":"240314","firstResolvedVersion":"1.1.29","resolved":"TRUE","lastKnownStatus":"1.1.18;1.1.19;1.1.20;1.1.22;1.1.24;1.1.25","lastKnownDate":"240314","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1175},{"violations":{"ACR-043":"Open source project \"Open VPN\" installed without disclosing. 'FFmpeg' is installed without any disclosing\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package and  'OpenVPN'.\n","ACR-048":"The app does not provide control to remove its background processes completely within the app's settings.\n","ACR-007":"During installation, the app doesn't explicitly disclose that the user needs to join the P2P network to use the app, doesn't obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-084":"On closing the app, it runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user. \n","ACR-039":"The app installs the Tap windows program without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.starvpn.com/free-vpn/  and  https://www.starvpn.com/category/blog/)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\StarVPN\\StarVPN.exe","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.20.0","fileVersion":"1.1.20","hashMD5":"251496dfa7ec3eb5e3c1a712f6fdbe71","hashSHA1":"82adac7ea759d6c812ec3fd0e43b1ec256009f00","hashSHA256":"64b9b040bf71a317d6064bdd902128cb655608c1e632a4b60668706238b55ce3","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1612","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\StarVPN\\resources\\stub\\StarVPNStart.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"74a3cda6d8c1ab8417fc06e8d636bbf0","hashSHA1":"50fe34eb2ae666b9d52923d91e203072b8e8b294","hashSHA256":"ea0357173aaf6807e4fda49991d084beac7b48b5395452411b8c6221600178c7","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1612","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StarVPN-FR1-x64-latest.exe","isInstaller":"True","companyName":"StarVPN","productName":"StarVPN","productVersion":"1.1.20","fileVersion":"1.1.20","hashMD5":"ac30cef6b84e13d7cb37be88decdee2a","hashSHA1":"bf88605f5e351e12d43932570c3e5a2b1a45c695","hashSHA256":"03641963fd32bc4bd91964366401efcfd90f182e36214d66d80b9b9d565d5b0c","digitalCertThumbprint":"4A6E9D17F1E9BACAD755015858E93C1523BEA2D0","digitalCertIssuer":"Sectigo Public Code Signing CA EV R36","digitalCertIssuedTo":"StarVPN Inc.","storeId":"","sourceIndex":"1612","avBlockList":["360 Total Security (20221013)","Avast Premium Security (20221013)","AVG Internet Security (20221013)","Avira Internet Security (20221013)","Bitdefender Internet Security (20221013)","COMODO Antivirus (20221013)","ESET Internet Security (20221013)","G DATA INTERNET SECURITY (20221013)","K7 Total Security (20221013)","Kaspersky Internet Security (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","VIPRE Advanced Security (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)"],"avAllowList":["Dr.Web Security Space (20221013)","Malwarebytes Premium (20221013)","Quick Heal Internet Security (20221013)","Tencent PC Manager (20220524)","Trend Micro Internet Security (20221013)","Windows Defender (20221013)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":" https://www.starvpn.com/free-vpn/","directDownloadingLink":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.starvpn.com/downloads/winapp/StarVPN-FR1-x64-latest.exe","sourceIndex":"1612"}],"sampleFiles":["220513/starvpn-220328/1.1.20/Samples/StarVPN-FR1-x64-latest.exe"],"imageFiles":["220513/starvpn-220328/1.1.20/Images/ACR-039/ACR-039_Install_Tap_Installation.JPG","220513/starvpn-220328/1.1.20/Images/ACR-039/ACR-039_Install_Tap_Installation_1.JPG","220513/starvpn-220328/1.1.20/Images/ACR-043/ACR-043_Install_1.JPG","220513/starvpn-220328/1.1.20/Images/ACR-043/ACR-043_Install_2.JPG","220513/starvpn-220328/1.1.20/Images/ACR-043/ACR-043_Install_3.JPG","220513/starvpn-220328/1.1.20/Images/ACR-107/ACR-107_Install_1.JPG","220513/starvpn-220328/1.1.20/Images/ACR-107/ACR-107_Install_2.JPG","220513/starvpn-220328/1.1.20/Images/ACR-107/ACR-107_Install_3.JPG","220513/starvpn-220328/1.1.20/Images/ACR-084/ACR-084.JPG","220513/starvpn-220328/1.1.20/Images/ACR-048/ACR-048_Software_No_Control.JPG","220513/starvpn-220328/1.1.20/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220513/starvpn-220328/1.1.20/Images/ACR-007/ACR-007_1.JPG","220513/starvpn-220328/1.1.20/Images/ACR-118/ACR-118.JPG","220513/starvpn-220328/1.1.20/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["220513/starvpn-220328/1.1.20/Images/ACR-018/ACR-018_1.JPG","220513/starvpn-220328/1.1.20/Images/ACR-018/ACR-018_2.JPG"],"guid":"e0272a01-5995-4894-99ee-1cca96ef3830_1.1.20_1","appID":"starvpn-220328","dateAdded":"221214","deceptorType":"App","name":"StarVPN","company":"StarVPN","version":"1.1.20","firstVendorContactDate":"240308","firstAppEsteemReplyDate":"240308","firstResolvedDate":"240314","firstResolvedVersion":"1.1.29","resolved":"TRUE","lastKnownStatus":"1.1.18;1.1.19;1.1.20;1.1.22;1.1.24;1.1.25","lastKnownDate":"240314","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1176},{"violations":{"ACR-048":"Unable to control startup item and the scheduled task within the app's settings.\n","ACR-006":"The app redirect the user's search to undisclosed server and hijack the search result before loading search results.\n\n","ACR-007":"The app's attribution is not clear on the main page. The app redirects user searches to another search engine that is different from what is set in the settings. \n","ACR-084":"The app creates undisclosed scheduled tasks and startup items to perform actions without the consumer's knowledge and consent. The app continuously run in the background without notification and may record system's Usage Data and metrics including IP and browsing activities.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"webdefence.exe","companyName":"WebDefence Software","productName":"WebDefence","fileVersion":"1.34","hashMD5":"40af2d9b78a06498fd1e36b892b518e4","hashSHA1":"924fb325ed4e28bf23f7cdda99ed2f8e8663e492","hashSHA256":"ea8ee45bc5193fb02ce91edbaa3710b7fa1b49a6bdd6149fe671fe9d729dd23d","digitalCertThumbprint":"3556D2B70C59DEC52114748F7FAFA5A9ED30B79F","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=WebDefence Software, O=WebDefence Software, L=Wilmington, S=Delaware, C=US","sourceIndex":"286","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WebDefence-1.34.0.exe","isInstaller":"True","companyName":"WebDefence Software                                         ","productName":"WebDefence","fileVersion":"1.34","hashMD5":"8d2e888e6c6d396086eaf9fea1590e21","hashSHA1":"f5c6c37f358b2147296336d0f9e3e0b94bdf9cb5","hashSHA256":"7b00160223718af5f4507541409ae000632e075ea9eaaa591a27f457b22fd548","digitalCertThumbprint":"3556D2B70C59DEC52114748F7FAFA5A9ED30B79F","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=WebDefence Software, O=WebDefence Software, L=Wilmington, S=Delaware, C=US","sourceIndex":"286","avBlockList":["360 Total Security (20230103)","Avast Premium Security (20230103)","AVG Internet Security (20230103)","Avira Internet Security (20230103)","Bitdefender Internet Security (20230103)","COMODO Antivirus (20230103)","ESET Internet Security (20230103)","G DATA INTERNET SECURITY (20230103)","K7 Total Security (20230103)","Kaspersky Internet Security (20230103)","McAfee Total Protection (20230103)","Norton Security (20230103)","Panda Dome (20230103)","Quick Heal Internet Security (20230103)","Sophos Home Premium (20230103)","SpyHunter5 (20230103)","Total AV Antivirus Pro (20230103)","VIPRE Advanced Security (20230103)","VirIT eXplorer PRO (20230103)","Webroot SecureAnywhere (20230103)"],"avAllowList":["Dr.Web Security Space (20230103)","Malwarebytes Premium (20230103)","Trend Micro Internet Security (20230103)","Windows Defender (20230103)"]}],"additionalFiles":[],"sources":[{"howFound":"seached browsers on google","reference":"","landingPage":"https://www.webdefence.com/","directDownloadingLink":"https://www.webdefence.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.webdefence.com/download","sourceIndex":"286"}],"sampleFiles":["221210/WebDefence-221208/1.34.0.0/Samples/webdefence.exe","221210/WebDefence-221208/1.34.0.0/Samples/WebDefence-1.34.0.exe"],"imageFiles":["221210/WebDefence-221208/1.34.0.0/Images/ACR-084/ACR-048_ScheduledTask.jpg","221210/WebDefence-221208/1.34.0.0/Images/ACR-084/ACR-048_Startup.jpg","221210/WebDefence-221208/1.34.0.0/Images/ACR-084/ACR-084_BackgroundProcess.jpg","221210/WebDefence-221208/1.34.0.0/Images/ACR-084/ACR-084_UsageData.jpg","221210/WebDefence-221208/1.34.0.0/Images/ACR-048/ACR-048_Startup.jpg","221210/WebDefence-221208/1.34.0.0/Images/ACR-048/ACR-048_ScheduledTask.jpg","221210/WebDefence-221208/1.34.0.0/Images/ACR-048/ACR-048_Startup_Settings.mp4","221210/WebDefence-221208/1.34.0.0/Images/ACR-006/ACR-006_UndisclosedConnection.gif","221210/WebDefence-221208/1.34.0.0/Images/ACR-007/ACR-007_Redirection.gif","221210/WebDefence-221208/1.34.0.0/Images/ACR-007/ACR-005_007-Browser.jpg"],"nonDeceptorImageFiles":[],"guid":"d8ab1cf3-d734-42d3-ae25-9eaa25a79a8f_1.34.0.0_1","appID":"WebDefence-221208","dateAdded":"221210","deceptorType":"App","name":"WebDefence","company":"WebDefence Software","version":"1.34.0.0","lastKnownStatus":"1.34.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2024-12-12T23:20:16.5543929+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1179},{"violations":{"ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\".\n","ACR-155":"Offers are inserted into the install workflow with a pre-selected option to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"WinDjView-2.1-Setup.exe","isInstaller":"True","companyName":"Andrew Zhezherun","fileVersion":"2.1","hashMD5":"be7854e8f7d922c2269fabd448d82f9e","hashSHA1":"bbf32f86dc8db03a73c1331a04d73b41bc80c52b","hashSHA256":"91cde668b1f700b64677199e9b534f8da4ae45aef014f5439cefdc8c532418bf","sourceIndex":"1273","avBlockList":["Avira Internet Security (20230103)","ESET Internet Security (20230103)","McAfee Total Protection (20230103)","Norton Security (20230103)","Panda Dome (20230103)","Sophos Home Premium (20230103)","SpyHunter5 (20230103)","Total AV Antivirus Pro (20230103)","VirIT eXplorer PRO (20230103)","Webroot SecureAnywhere (20230103)"],"avAllowList":["360 Total Security (20230103)","Avast Premium Security (20230103)","AVG Internet Security (20230103)","Bitdefender Internet Security (20230103)","COMODO Antivirus (20230103)","Dr.Web Security Space (20230103)","G DATA INTERNET SECURITY (20230103)","K7 Total Security (20230103)","Kaspersky Internet Security (20230103)","Malwarebytes Premium (20230103)","Quick Heal Internet Security (20230103)","Trend Micro Internet Security (20230103)","VIPRE Advanced Security (20230103)","Windows Defender (20230103)"]}],"additionalFiles":[],"sources":[{"howFound":"google search","reference":"","landingPage":"https://djvu-reader.com/de/windjview-de.html","directDownloadingLink":"https://djvu-reader.com/wp-content/uploads/files/WinDjView-2.1-Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://djvu-reader.com/wp-content/uploads/files/WinDjView-2.1-Setup.exe","sourceIndex":"1273"}],"sampleFiles":["221209/WinDjView-221209/2.1/Samples/WinDjView-2.1-Setup.exe"],"imageFiles":["221209/WinDjView-221209/2.1/Images/ACR-055/ACR-055_No_Accept_Decline.jpg","221209/WinDjView-221209/2.1/Images/ACR-055/ACR-055_No_Accept_Decline-2.jpg","221209/WinDjView-221209/2.1/Images/ACR-059/ACR-059_Optional_Offer.jpg","221209/WinDjView-221209/2.1/Images/ACR-059/ACR-059_Optional_Offer-2.jpg","221209/WinDjView-221209/2.1/Images/ACR-155/ACR-155_OptionalOffer_InstallFlow.gif","221209/WinDjView-221209/2.1/Images/ACR-155/ACR-055_155_No_Accept_Decline.jpg","221209/WinDjView-221209/2.1/Images/ACR-155/ACR-055_155_No_Accept_Decline-2.jpg"],"nonDeceptorImageFiles":[],"guid":"c024e638-44ab-443f-acc3-4699650e5e1c_2.1_1","appID":"WinDjView-221209","dateAdded":"221209","deceptorType":"App","name":"WinDjView","company":"Andrew Zhezherun","version":"2.1","lastKnownStatus":"2.1","lastKnownDate":"221209","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2022-12-10T07:32:26.3194308+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1180},{"violations":{"ACR-003":"The app identifies 88.1 MB of cache files for the following apps \"Ex: Facebook, Flipkart, Josh, and Netflix\" but, when viewed in app settings for these apps the total cache is 4.14 MB, thus the app exaggerates the identified results.\n","ACR-103":"The app suggests cleaning up \"1.3 GB\" of junk/cache. After completing junk clean it says “Free 1.3 GB storage”, but when viewed in the app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache. \n","ACR-014":"1. The app suggests cleaning up \"1.3 GB\" of junk/cache. After completing junk clean it says “Free 1.3 GB storage”, but when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users.\n2. The app identifies 88.1 MB of cache files for the following apps \"Ex: Facebook, Flipkart, Josh, and Netflix\" but, when viewed in app settings for these apps the total cache is 4.14 MB, thus the app exaggerates the identified results.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.spring.cleaner.booster.security.lite.apk","isInstaller":"True","productVersion":"1.1.2","fileVersion":"1.1.2","hashMD5":"911edc7fd68dc8e5d9511b2293c25cd6","hashSHA1":"eaf5a64d1dad99828994e8d4dfd25be53ea038b1","hashSHA256":"c4f2e9feb1af8e4403eaf74e5d008a98ceac189e025b03252f875febdc1092f5","sourceIndex":"1272","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.spring.cleaner.booster.security.lite&hl=en_IN&gl=US","ipv4":"","ipv6":"","sourceIndex":"1272"}],"sampleFiles":["221209/SuperCleaner-221209/1.1.2/Samples/com.spring.cleaner.booster.security.lite.apk"],"imageFiles":["221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Scan_Result_6.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_7.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_11.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_1.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_2.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_3.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Scan_Result_4.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Scan_Result_5.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Scan_Result_6.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_ScanResult_AfterFix_7.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_8.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_9.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_10.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_11.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Scan_Result_6.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Scan_Result_7.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg","221209/SuperCleaner-221209/1.1.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_11.jpg"],"nonDeceptorImageFiles":[],"guid":"8c584be4-1ae9-44bf-8d88-e7423dfa4f92_1.1.2_1","appID":"SuperCleaner-221209","dateAdded":"221209","deceptorType":"Android App","name":"Super Cleaner","company":"Spring Tools Studio","version":"1.1.2","lastKnownStatus":"1.1.2","lastKnownDate":"221209","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-12-10T07:35:17.3683191+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1181},{"violations":{"ACR-003":"The app identifies 256.7 MB of cache files for the following apps \"Ex: Ludo, Subway surf, Netflix, and Snow Race!\" but, when viewed in app settings for these apps the total cache is  7.982 MB, thus the app exaggerates the identified results.\n","ACR-103":"The app suggests cleaning up \"1.42 GB\" of junk/cache. After completing junk clean it says “Device is cleaned!”, but when viewed in the app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"1. The app suggests cleaning up \"1.42 GB\" of junk/cache. After completing junk clean it says “Device is cleaned!”, but when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users.\n2. The app identifies 256.7 MB of cache files for the following apps \"Ex: Ludo, Subway surf, Netflix, and Snow Race!\" but, when viewed in app settings for these apps the total cache is  7.982 MB, thus the app exaggerates the identified results.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.phonecleaner.phonebooster.memorycleaner.cachecleaner.cleanmaster.apk","isInstaller":"True","productVersion":"1.0.19","fileVersion":"1.0.19","hashMD5":"89c2616ef66a8232cee92b013546ce5b","hashSHA1":"eb69d1ab1e4de3c2ee1240524d496c1ade014fc2","hashSHA256":"f20b964705066e2d1d3f4c728c8718c258b4cf196e1a0fbcd58fd872e3bdc2a9","sourceIndex":"1271","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.phonecleaner.phonebooster.memorycleaner.cachecleaner.cleanmaster&hl=en_IN&gl=US","ipv4":"","ipv6":"","sourceIndex":"1271"}],"sampleFiles":["221209/MobileCleanerKitRamCleaner-221209/1.0.19/Samples/com.phonecleaner.phonebooster.memorycleaner.cachecleaner.cleanmaster.apk"],"imageFiles":["221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_1.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_2.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_3.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Scan_Result_4.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Scan_Result_5.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_ScanResult_AfterFix_6.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_7.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_8.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_9.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_10.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Scan_Result_6.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","221209/MobileCleanerKitRamCleaner-221209/1.0.19/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg"],"nonDeceptorImageFiles":[],"guid":"76287907-5032-48b8-9861-bf7f211a3f60_1.0.19_1","appID":"MobileCleanerKitRamCleaner-221209","dateAdded":"221209","deceptorType":"Android App","name":"Mobile Cleaner Kit Ram Cleaner","company":"Suhaatech","version":"1.0.19","lastKnownStatus":"1.0.19","lastKnownDate":"221209","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-12-10T07:38:17.9565391+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1182},{"violations":{"ACR-103":"The app suggests cleaning up \"254.7 MB\" of junk/cache. After completing junk clean it says “254.7 MB CACHE CLEARED”, but in the app settings, it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"254.7 MB\" of junk/cache. After completing junk clean it says “254.7 MB CACHE CLEARED”, but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"k.cleanermaster.phonebooster.security.apk","isInstaller":"True","productVersion":"1.1.06","fileVersion":"1.1.06","hashMD5":"a9b4bf16793c6d8d5d5d1098eb7fa448","hashSHA1":"b98735d64e2246c5c7868538afba3498089d44f3","hashSHA256":"54d6924d474526816cf1b7ad03ad66d066d14f15b8ca1248e3d08c4658b95543","sourceIndex":"1270","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=k.cleanermaster.phonebooster.security","ipv4":"","ipv6":"","sourceIndex":"1270"}],"sampleFiles":["221209/kcleanersecurephonebooster-220923/1.1.06/Samples/k.cleanermaster.phonebooster.security.apk"],"imageFiles":["221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_6.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","221209/kcleanersecurephonebooster-220923/1.1.06/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg"],"nonDeceptorImageFiles":[],"guid":"140a3d91-963c-4b38-bf9a-1c1fb5fe283e_1.1.06_1","appID":"kcleanersecurephonebooster-220923","dateAdded":"221209","deceptorType":"Android App","name":"KCleaner Secure Phone Booster","company":"BeSecurity Master","version":"1.1.06","lastKnownStatus":"1.0.07;1.1.06","lastKnownDate":"221209","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,inject ads,up-sell to paid","lastUpdate":"2022-12-10T07:41:19.0019208+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1183},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN NOW” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus unable to verify the app's value proposition as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN NOW” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"k.cleanermaster.phonebooster.security.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"af2db52277f887e37b3c803340fe1a8e","hashSHA1":"3141bfa9da1200c4199837359e75b1eb79081170","hashSHA256":"9909a4cf19813f7ff0bd757992d4820d31527c9de625688d6c55c634a5e9fdb5","sourceIndex":"1407","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=k.cleanermaster.phonebooster.security","ipv4":"","ipv6":"","sourceIndex":"1407"}],"sampleFiles":["220926/kcleanersecurephonebooster-220923/1.0.07/Samples/k.cleanermaster.phonebooster.security.apk"],"imageFiles":["220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-103/ACR-103_Software_Scan_Result_3.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-014/ACR-014_Software_Scan_Result_3.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.png","220926/kcleanersecurephonebooster-220923/1.0.07/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.png"],"nonDeceptorImageFiles":[],"guid":"140a3d91-963c-4b38-bf9a-1c1fb5fe283e_1.0.07_1","appID":"kcleanersecurephonebooster-220923","dateAdded":"221209","deceptorType":"Android App","name":"KCleaner Secure Phone Booster","company":"BeSecurity Master","version":"1.0.07","sigName":"Deceptor:Android/KCleanerSecurePhoneBooster!103014","lastKnownStatus":"1.0.07;1.1.06","lastKnownDate":"221209","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,inject ads","lastUpdate":"2022-12-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1184},{"violations":{"ACR-004":"The app requires does not provide a fully functioning trial, and requires the user to purchase in order to perform cleaning of files.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FastDiskCleaner","fileVersion":"0.","hashMD5":"09be7cfb5cfcd3d97f1c37f3cfbd4e60","hashSHA1":"f71e560f06cf88e6c8d4927ffa23e158f646eba8","hashSHA256":"27c176a03e91fdf20062919b87a4a83ad30533ee9d8c155d59659f0465f4b85d","sourceIndex":"1278","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaner in the app store","reference":"","landingPage":"https://fastscannerapps.github.io/index.html","directDownloadingLink":"https://apps.apple.com/ph/app/fast-disk-cleaner/id494802180?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/fast-disk-cleaner/id494802180?mt=12","sourceIndex":"1278"}],"sampleFiles":["221205/FastDiskCleaner-221201/5.22/Samples/FastDiskCleaner"],"imageFiles":["221205/FastDiskCleaner-221201/5.22/Images/ACR-004/ACR004.png"],"nonDeceptorImageFiles":[],"guid":"9af84cb0-4156-4ec1-a0eb-2c78966091c5_5.22_1","appID":"FastDiskCleaner-221201","dateAdded":"221205","deceptorType":"MacOS App","name":"Fast Disk Cleaner","company":"Anytotal Team","version":"5.22","lastKnownStatus":"5.22","lastKnownDate":"221205","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","monetization":"in-app purchases,up-sell to paid","lastUpdate":"2022-12-06T06:17:39.4088577+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1185},{"violations":{"ACR-103":"The app suggests cleaning up \"328.4 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but in the app settings, it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache. \n","ACR-014":"The app suggests cleaning up \"328.4 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.caocao.supercleaner.apk","isInstaller":"True","productName":"","productVersion":"2.0.4","fileVersion":"2.0.4","hashMD5":"2969441332f6e3ce24dea8a0591bf012","hashSHA1":"6e5951ee0fdd312c7424b24f7e93d3a82cfa1aac","hashSHA256":"1167fd35f815df03cb2af55d4b69af96fec5312e513238f9f53628947baf42c1","sourceIndex":"1277","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.caocao.supercleaner&hl=en_IN","ipv4":"","ipv6":"","sourceIndex":"1277"}],"sampleFiles":["221205/BigCleanerCoolerMaster-221130/2.0.4/Samples/com.caocao.supercleaner.apk"],"imageFiles":["221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_4.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Scan_Result_6.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_7.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_11.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_12.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_4.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Scan_Result_6.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_7.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_11.jpg","221205/BigCleanerCoolerMaster-221130/2.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_12.jpg"],"nonDeceptorImageFiles":[],"guid":"b188a8c3-5ae4-45b5-b1f7-580e39298b99_2.0.4_1","appID":"BigCleanerCoolerMaster-221130","dateAdded":"221205","deceptorType":"Android App","name":"Big Cleaner Cooler Master","company":"King of Media Player Inc","version":"2.0.4","lastKnownStatus":"2.0.4","lastKnownDate":"221205","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,inject ads,display ads","lastUpdate":"2022-12-06T07:28:04.7101968+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1186},{"violations":{"ACR-048":"The app does not close when user clicks the red close window button.\n","ACR-003":"The app shows \"Status: Unprotected\" when disconnected from the VPN, even when another VPN application is connected. This can mislead the user with an unsubstantiated claim.\n","ACR-014":"Opening the app shows \"Status: Unprotected\" when disconnected from the VPN, even when another VPN application is running. This can mislead user with an unsubstantiated claim about the status of their system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SwoshsVPN","fileVersion":"0.","hashMD5":"804fa4ede80f625f377cec332eafd28b","hashSHA1":"7a5c421f2dba8fafbb951c8da000791ee7e38579","hashSHA256":"cfde8a8d62210040592d658f217bce6f68c68bead370808b8e147e65c42d5333","sourceIndex":"1282","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for VPN App via Apple Appstore","reference":"","landingPage":"https://swoshsvpn.com/free-trial?channel=apple","directDownloadingLink":"https://apps.apple.com/us/app/swoshsvpn-fast-secure-vpn/id1605083917","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/swoshsvpn-fast-secure-vpn/id1605083917","sourceIndex":"1282"}],"sampleFiles":["221204/Swoshsvpn-221125/1.0.32/Samples/SwoshsVPN"],"imageFiles":["221204/Swoshsvpn-221125/1.0.32/Images/ACR-048/ACR048.mp4","221204/Swoshsvpn-221125/1.0.32/Images/ACR-003/ACR003.png","221204/Swoshsvpn-221125/1.0.32/Images/ACR-014/ACR014.png"],"nonDeceptorImageFiles":[],"guid":"0cf3575c-64ce-4a93-8e01-1f99944d641a_1.0.32_1","appID":"Swoshsvpn-221125","dateAdded":"221204","deceptorType":"MacOS App","name":"Swoshsvpn","company":"ioTegrity Technology Inc","version":"1.0.32","lastKnownStatus":"1.0.32","lastKnownDate":"221204","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2022-12-05T00:57:12.4910052+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1187},{"violations":{"ACR-003":"The application shows the message \"You are vulnerable\" even when a VPN program is already running in the system. This misleads users with an unsubstantiated claim.\n","ACR-014":"The application shows the message \"You are vulnerable\" even when a VPN program is already running in the system. This misleads users with an unsubstantiated claim.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Steganos Online Shield","fileVersion":"0.","hashMD5":"915098cd0c7f5326b94eb52acd3edd7a","hashSHA1":"54c51f49bd882260adcd5789f132b3d3ffe20029","hashSHA256":"d977b0a4fb2fcc1821ddc4f1750f762c6ce629a684a1b064d138dead686552e9","sourceIndex":"1280","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searching for free vpn via appstore","reference":"","landingPage":"https://www.steganos.com/en/","directDownloadingLink":"https://apps.apple.com/ph/app/steganos-online-shield/id1253344453?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/steganos-online-shield/id1253344453?mt=12","sourceIndex":"1280"}],"sampleFiles":["221204/SteganosOnlineShield-221202/1.3/Samples/Steganos Online Shield"],"imageFiles":["221204/SteganosOnlineShield-221202/1.3/Images/ACR-003/ACR003.png","221204/SteganosOnlineShield-221202/1.3/Images/ACR-014/ACR014.png"],"nonDeceptorImageFiles":[],"guid":"8d88e70c-4493-4ddf-bf65-14aab59258c1_1.3_1","appID":"SteganosOnlineShield-221202","dateAdded":"221204","deceptorType":"MacOS App","name":"Steganos Online Shield","company":"Steganos Software","version":"1.3","lastKnownStatus":"1.3","lastKnownDate":"221204","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2022-12-05T03:54:07.0145469+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1188},{"violations":{"ACR-046":"Disclosures and options require scrolling and are presented in a way that is not easily readable.\n","ACR-048":"The app can't be cancelled during installation. The cancel and close option are disabled. It also does not supply setting controls to remove its startup and background process.\n","ACR-006":"The app promotes itself as a private browser yet browser performs connections to another link that is not clearly disclosed at installation before loading search results.\n","ACR-084":"Exiting the browser keeps the background process running which may potentially gather user data. Every time \"Gate.exe\" file is run, it silently installs components in the %Temp% folder consistently which contain scripts related to its ad-supported feature triggered during Search.\n\n","ACR-118":"App retains some components on the device without the user's knowledge and consent after uninstall.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in the default hidden folder (\"C:\\Users\\users\\AppData\\Roaming\\Gate\") without providing option  for user to change the location during installation.  \n","ACR-065":"The install does not display links to the EULA, Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"Gate Installer.exe","isInstaller":"True","companyName":"Gate","fileVersion":"8.1","hashMD5":"9c76436459c884392f713862fe7bcafc","hashSHA1":"447235e81eae1fc8231076b701cae8f4dfadb622","hashSHA256":"6ef0c0515f8afb1211012a13defa46681b553fb1684905b5ac3ea5ecb45f8928","sourceIndex":"1279","avBlockList":["360 Total Security (20230103)","Avast Premium Security (20230103)","AVG Internet Security (20230103)","Avira Internet Security (20230103)","Bitdefender Internet Security (20230103)","COMODO Antivirus (20230103)","ESET Internet Security (20230103)","G DATA INTERNET SECURITY (20230103)","K7 Total Security (20230103)","Kaspersky Internet Security (20230103)","Malwarebytes Premium (20230103)","McAfee Total Protection (20230103)","Norton Security (20230103)","Quick Heal Internet Security (20230103)","Sophos Home Premium (20230103)","SpyHunter5 (20230103)","Total AV Antivirus Pro (20230103)","VIPRE Advanced Security (20230103)","VirIT eXplorer PRO (20230103)","Webroot SecureAnywhere (20230103)","Windows Defender (20230103)"],"avAllowList":["Dr.Web Security Space (20230103)","Panda Dome (20230103)","Trend Micro Internet Security (20230103)"]},{"isRevoked":"False","fileName":"Gate.exe","companyName":"Gate Tech","productName":"Gate technologies","productVersion":"35.1.1535","fileVersion":"11.4.162","hashMD5":"4c252acd6280898757785f546bb4ea09","hashSHA1":"eac4a8cf533f771762ac302f0573f100a7b83b02","hashSHA256":"62a77e62b5be07febbf546aa5bcd927927eda1593756846bf55c372eea200124","sourceIndex":"1279","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search: browsers","reference":"","landingPage":"https://www.gatebrowser.com/","directDownloadingLink":"https://www.mediafire.com/file/c2qjc3lqlz2vsu5/Gate_Installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.mediafire.com/file/c2qjc3lqlz2vsu5/Gate_Installer.exe","sourceIndex":"1279"}],"sampleFiles":["221204/Gate-221202/11.4.162/Samples/Gate Installer.exe","221204/Gate-221202/11.4.162/Samples/Gate.exe"],"imageFiles":["221204/Gate-221202/11.4.162/Images/ACR-046/ACR-046_065.gif","221204/Gate-221202/11.4.162/Images/ACR-046/ACR-046_PP.jpg","221204/Gate-221202/11.4.162/Images/ACR-046/ACR-046_ToS.jpg","221204/Gate-221202/11.4.162/Images/ACR-048/ACR-048_UnabletoCancelInstall.jpg","221204/Gate-221202/11.4.162/Images/ACR-048/ACR_048_Startup.jpg","221204/Gate-221202/11.4.162/Images/ACR-048/ACR-048_084_BackgroundProcess.jpg","221204/Gate-221202/11.4.162/Images/ACR-048/GateBrowser_UI.jpg","221204/Gate-221202/11.4.162/Images/ACR-084/ACR-048_084_BackgroundProcess.jpg","221204/Gate-221202/11.4.162/Images/ACR-084/ACR_084_ComponentsinTemp.jpg","221204/Gate-221202/11.4.162/Images/ACR-084/ACR_084_SilentDload.jpg","221204/Gate-221202/11.4.162/Images/ACR-006/GatePrivateBrowser.jpg","221204/Gate-221202/11.4.162/Images/ACR-006/ACR-006_Appupdate.Herokuapp.gif","221204/Gate-221202/11.4.162/Images/ACR-118/ACR-118_RetainedComponents.jpg"],"nonDeceptorImageFiles":["221204/Gate-221202/11.4.162/Images/ACR-065/ACR-046_065.gif"],"guid":"455b426f-37e9-4673-88ea-c43595c91348_11.4.162_1","appID":"Gate-221202","dateAdded":"221204","deceptorType":"App","name":"Gate Browser","company":"Gate Tech","version":"11.4.162","lastKnownStatus":"11.4.162","lastKnownDate":"221204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search,display ads","lastUpdate":"2022-12-05T06:55:56.1785935+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1189},{"violations":{"ACR-003":"The app identifies 339.73 MB of cache files for the following apps \"Ex: Telegram, Snow race, Join & clash, Josh and Subway surf\" but, when viewed in app settings for these apps the total cache is 222.02 MB, thus the app exaggerates the identified results. \n","ACR-103":"The app suggests cleaning up \"362 MB\" of junk/cache. After completing junk clean it says “Optimized”, when viewed in the app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"1. The app suggests cleaning up \"362 MB\" of junk/cache. After completing junk clean it says “Optimized”, when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users.\n2. The app identifies 339.73 MB of cache files for the following apps \"Ex: Telegram, Snow race, Join & clash, Josh and Subway surf\" but, when viewed in app settings for these apps the total cache is 222.02 MB, thus the app exaggerates the identified results. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.amazing.booster.apk","isInstaller":"True","productVersion":"1.0.3","fileVersion":"1.0.3","hashMD5":"6dddcce2ab7990616e8114684f93fe7b","hashSHA1":"5aade5e743d1b45870655bc722e7a4d7fae23fff","hashSHA256":"4f425f6b39102d8dc4ef094844fe28882511950c9de47ecbe514ee9ac3ecdb06","sourceIndex":"1289","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.amazing.booster&hl=en_IN&gl=US","ipv4":"","ipv6":"","sourceIndex":"1289"}],"sampleFiles":["221129/AmazingBoosterFastCleaner-221124/1.0.3/Samples/com.amazing.booster.apk"],"imageFiles":["221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_4.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_11.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_1.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_2.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_3.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_4.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Scan_Result_5.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_ScanResult_AfterFix_6.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_7.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_8.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_9.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_10.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_11.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_4.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Scan_Result_6.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg","221129/AmazingBoosterFastCleaner-221124/1.0.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_11.jpg"],"nonDeceptorImageFiles":[],"guid":"144cb825-f562-43c6-8b75-e6c2e1c464e5_1.0.3_1","appID":"AmazingBoosterFastCleaner-221124","dateAdded":"221129","deceptorType":"Android App","name":"Amazing Booster Fast Cleaner","company":"Amazing-Team","version":"1.0.3","lastKnownStatus":"Deceptor:1.0.3","lastKnownDate":"221129","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-11-29T23:25:50.7386916+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1196},{"violations":{"ACR-003":"The app identifies 630 MB of cache files for the following apps \"Ex: Brave, Amazon, Subway surf, Truecaller and Facebook\" but, when viewed in app settings for these apps the total cache is 40.847 MB, thus the app exaggerates the identified results.\n","ACR-103":"The app suggests cleaning up junk/cache. After completing junk clean it says “Phone Optimized”, when viewed in the app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"1. The app suggests cleaning up junk/cache. After completing junk clean it says “Phone Optimized”, when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users.\n2. The app identifies 630 MB of cache files for the following apps \"Ex: Brave, Amazon, Subway surf, Truecaller and Facebook\" but, when viewed in app settings for these apps the total cache is 40.847 MB, thus the app exaggerates the identified results.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.theappsstorm.clean.boost.max.fast.cool.apk","isInstaller":"True","productVersion":"1.4.0","fileVersion":"1.4.0","hashMD5":"e57f4a9a16bbc862b564784a46925454","hashSHA1":"8199fac2a399dadec885e008aa9cd7d8c0eb08b4","hashSHA256":"3aa3b1640f86b08f54afc389d9a2c4c27810db654adffac76d455fddc49110ce","sourceIndex":"1283","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.theappsstorm.clean.boost.max.fast.cool&hl=en_IN&pli=1","ipv4":"","ipv6":"","sourceIndex":"1283"}],"sampleFiles":["221129/MaxBoosterSuperCleaner-221129/1.4.0/Samples/com.theappsstorm.clean.boost.max.fast.cool.apk"],"imageFiles":["221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_4.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Scan_Result_6.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_7.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_11.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_12.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_1.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_2.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_3.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_4.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Scan_Result_5.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Scan_Result_6.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_ScanResult_AfterFix_7.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_8.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_9.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_10.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_11.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_12.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_4.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Scan_Result_6.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_7.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_11.jpg","221129/MaxBoosterSuperCleaner-221129/1.4.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_12.jpg"],"nonDeceptorImageFiles":[],"guid":"da18304d-2f6a-4def-bdad-dad3572444ed_1.4.0_1","appID":"MaxBoosterSuperCleaner-221129","dateAdded":"221129","deceptorType":"Android App","name":"Max Booster Super Cleaner","company":"TheAppsStorm","version":"1.4.0","lastKnownStatus":"1.4.0","lastKnownDate":"221129","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-11-30T03:53:15.9426582+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1195},{"violations":{"ACR-003":"The app identifies 562 MB of cache files for the following apps \"Ex: Amazon, Brave, Subway surf and Truecaller\" but, when viewed in app settings for these apps the total cache is 59.669 MB, thus the app exaggerates the identified results.\n","ACR-103":"The app suggests cleaning up junk/cache. After completing junk clean it says “Phone is Optimized”, when viewed in the app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"1. The app suggests cleaning up junk/cache. After completing junk clean it says “Phone is Optimized”, when viewed in the app settings it displays the same size of cache data that can be cleaned, which misleads users.\n2. The app identifies 562 MB of cache files for the following apps \"Ex: Amazon, Brave, Subway surf and Truecaller\" but, when viewed in app settings for these apps the total cache is 59.669 MB, thus the app exaggerates the identified results.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.smartapps.boost.speed.phone.clean.memory.ram.apk","isInstaller":"True","productVersion":"1.2.8","fileVersion":"1.2.8","hashMD5":"3bee0dac1c9be4a3e98feb80f2314a4d","hashSHA1":"c737d7a48a174fac26eb57abea3e76bb5df10814","hashSHA256":"0b0bde6ab2bad4284d29a58c69f5cb7d1b4c7734eff08624f412797c169e0079","sourceIndex":"1288","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.smartapps.boost.speed.phone.clean.memory.ram&hl=en_IN&gl=US","ipv4":"","ipv6":"","sourceIndex":"1288"}],"sampleFiles":["221129/PhoneCleanerCacheCleaner-221125/1.2.8/Samples/com.smartapps.boost.speed.phone.clean.memory.ram.apk"],"imageFiles":["221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Scan_Result_6.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_7.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_11.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_1.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_2.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning_3.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Scan_Result_4.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Scan_Result_5.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Scan_Result_6.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_ScanResult_AfterFix_7.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_8.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_9.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_10.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-003/ACR-003_Software_Cache_After_Cleaning_11.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Scan_Result_6.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Scan_Result_7.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg","221129/PhoneCleanerCacheCleaner-221125/1.2.8/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_11.jpg"],"nonDeceptorImageFiles":[],"guid":"3e1f8e94-e368-40e3-9d10-cd46e5ba860a_1.2.8_1","appID":"PhoneCleanerCacheCleaner-221125","dateAdded":"221129","deceptorType":"Android App","name":"Phone Cleaner Cache Cleaner","company":"SmartApps Production","version":"1.2.8","lastKnownStatus":"Deceptor:1.2.8","lastKnownDate":"221129","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-11-29T23:41:42.377026+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1194},{"violations":{"ACR-004":"The app does not provide free fixes for the free scan results and requires the user to pay to perform cleaning.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not contain links to its EULA, Terms of Service, Cancellation Policy and Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"Pocket cleaner","fileVersion":"0.","hashMD5":"e69267c9b009fee5928612723a6c1040","hashSHA1":"ea1f4b85335e01ca8f940c0fbdbabcbdc05c0ddf","hashSHA256":"d440134f363fa79792e9e8685675c68a93e60a06bd26185462bc60945b4e0dbb","sourceIndex":"1285","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaner in the app store","reference":"","landingPage":"https://usensei.wixsite.com/apps","directDownloadingLink":"https://apps.apple.com/us/app/pocket-cleaner/id1467147639?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/pocket-cleaner/id1467147639?mt=12","sourceIndex":"1285"}],"sampleFiles":["221129/PocketCleaner-221129/1.6.1/Samples/Pocket cleaner"],"imageFiles":["221129/PocketCleaner-221129/1.6.1/Images/ACR-004/ACR004.gif","221129/PocketCleaner-221129/1.6.1/Images/ACR-004/ACR004_1.png","221129/PocketCleaner-221129/1.6.1/Images/ACR-004/ACR004_2.png"],"nonDeceptorImageFiles":["221129/PocketCleaner-221129/1.6.1/Images/ACR-065/AppAbout.png"],"guid":"f430a58c-5c94-4e77-8b22-81b4ad67cc32_1.6.1_1","appID":"PocketCleaner-221129","dateAdded":"221129","deceptorType":"MacOS App","name":"Pocket Cleaner","company":"Maksym Katrych","version":"1.6.1","lastKnownStatus":"1.6.1","lastKnownDate":"221129","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2022-11-30T03:20:45.8822851+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1193},{"violations":{"ACR-003":"The app displays \"Status: Unprotected\" when disconnected from the VPN. This is misleading with unsubstantiated claim.\n","ACR-014":" The application presents misleading status even when the system has a VPN program already installed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"swoshs_vpn.exe","companyName":"ioTegrity Technology Inc.","fileVersion":"1.0","hashMD5":"68005fd9cbe01dad63e20ec8747b6f21","hashSHA1":"c9b4dc4b72c3b930351ef4837fcf4e2c0a30a008","hashSHA256":"35bee30aa5ac4cb08ea72a8f38ea0e0ff241f95831a8ecb619c402e0a2f67999","digitalCertThumbprint":"C6FC45F28BF38E51F1F3A279F931E12638B65EAC","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=ioTegrity Technology Inc., OU=SwoshsVPN, O=ioTegrity Technology Inc., L=Road Town, C=VG, SERIALNUMBER=2083936, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=VG","sourceIndex":"1284","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SwoshsVPN.exe","isInstaller":"True","companyName":"SwoshsVPN","fileVersion":"1.0","hashMD5":"f62bfcb80bf91a18d1fd3649357d1ea7","hashSHA1":"0efb401b5b50a9c3d100e2ec11edbb34b7b9e13a","hashSHA256":"3d1e99398e0f9a6714a273fab1d1be079c4fbeecdefe5847f5e9b5b7c4990ca4","digitalCertThumbprint":"C6FC45F28BF38E51F1F3A279F931E12638B65EAC","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=ioTegrity Technology Inc., OU=SwoshsVPN, O=ioTegrity Technology Inc., L=Road Town, C=VG, SERIALNUMBER=2083936, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=VG","sourceIndex":"1284","avBlockList":["360 Total Security (20230105)","Avira Internet Security (20230105)","K7 Total Security (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","VirIT eXplorer PRO (20230105)","Webroot SecureAnywhere (20230105)","Windows Defender (20230105)"],"avAllowList":["Avast Premium Security (20230105)","AVG Internet Security (20230105)","Bitdefender Internet Security (20230105)","COMODO Antivirus (20230105)","Dr.Web Security Space (20230105)","ESET Internet Security (20230105)","G DATA INTERNET SECURITY (20230105)","Kaspersky Internet Security (20230105)","Malwarebytes Premium (20230105)","Trend Micro Internet Security (20230105)","VIPRE Advanced Security (20230105)"]},{"isRevoked":"False","fileName":"swsVpn.exe","companyName":"ioTegrity Technology Inc.","fileVersion":"1.0","hashMD5":"c6045e011f8ebd2273841a96c2004559","hashSHA1":"aefb54d8efa0886da1b89c4aa7308eabd73d4df5","hashSHA256":"0f6132258986790004b3f4bbad915570dd893656c6c3bad1b0ed5ea26ea308f8","digitalCertThumbprint":"C6FC45F28BF38E51F1F3A279F931E12638B65EAC","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=ioTegrity Technology Inc., OU=SwoshsVPN, O=ioTegrity Technology Inc., L=Road Town, C=VG, SERIALNUMBER=2083936, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=VG","sourceIndex":"1284","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://swoshsvpn.com/","directDownloadingLink":"https://artifacts.swoshsvpn.com/SwoshsVPN.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://artifacts.swoshsvpn.com/SwoshsVPN.exe","sourceIndex":"1284"}],"sampleFiles":["221129/SwoshsVPN-221128/1.0.32/Samples/swoshs_vpn.exe","221129/SwoshsVPN-221128/1.0.32/Samples/SwoshsVPN.exe","221129/SwoshsVPN-221128/1.0.32/Samples/swsVpn.exe"],"imageFiles":["221129/SwoshsVPN-221128/1.0.32/Images/ACR-003/ACR-003_014_UnprotectedStatus.jpg","221129/SwoshsVPN-221128/1.0.32/Images/ACR-014/ACR-003_014_UnprotectedStatus.jpg"],"nonDeceptorImageFiles":[],"guid":"b4a2c70b-b366-4840-a532-410e15725d4d_1.0.32_1","appID":"SwoshsVPN-221128","dateAdded":"221129","deceptorType":"App","name":"SwoshsVPN","company":"ioTegrity Technology Inc.","version":"1.0.32","lastKnownStatus":"1.0.32","lastKnownDate":"221129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-11-30T03:40:53.4761384+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1192},{"violations":{"ACR-003":"The app shows \"Your Connection is not protected\" when disconnected from the VPN, misleads the users with unsubstantiated claim.\n","ACR-014":"Opening the application shows the message \"Your connected is not protected\", which can mislead user with the status of their system.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"vpnify","isInstaller":"True","fileVersion":"0.","hashMD5":"c54f47194848b753731e119223702c23","hashSHA1":"0d9e521c235fea55c52d24235358bb71ab4cdd7a","hashSHA256":"a650f7e1635a9cf4b352c8ca73dde787f9dcca48db8c83dc9f2d9846c45e3c01","sourceIndex":"1287","avBlockList":["Avira Security for Mac (20230511)","Norton Security for Mac (20230511)","Sophos Home Premium For Mac (20230511)"],"avAllowList":["Avast Security for Mac (20230511)","Bitdefender Antivirus for Mac (20230511)","ESET Cyber Security Pro for Mac (20230511)","G DATA AntiVirus for Mac (20230511)","K7 Antivirus for Mac (20230511)","Kaspersky Internet Security for Mac (20230511)","McAfee Internet Security for Mac (20230511)","Trend Micro Antivirus for Mac (20230511)"]},{"isRevoked":"False","fileName":"Vpnify_1","fileVersion":"0.","hashMD5":"41caad74490d73448b075f426c8f7cbe","hashSHA1":"d54318858c3a917a2a20e360f0b5591ada44db71","hashSHA256":"ddd7ad6f1043b9d8a9a0267f987df33198a1e1c3b1b86e47d973aa765a4c6c10","sourceIndex":"1287","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for VPN App via Apple Appstore","reference":"","landingPage":"https://vpnifyapp.com","directDownloadingLink":"https://apps.apple.com/us/app/vpnify-unlimited-vpn/id1503251395","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/us/app/vpnify-unlimited-vpn/id1503251395","sourceIndex":"1287"}],"sampleFiles":["221129/Vpinify-221124/1.1.4/Samples/vpnify","221129/Vpinify-221124/1.1.4/Samples/Vpnify_1"],"imageFiles":["221129/Vpinify-221124/1.1.4/Images/ACR-003/Acr003.png","221129/Vpinify-221124/1.1.4/Images/ACR-014/Acr014.png"],"nonDeceptorImageFiles":[],"guid":"a31b9213-c7e3-4b75-bc14-151c55b62a0f_1.1.4_1","appID":"Vpinify-221124","dateAdded":"221129","deceptorType":"MacOS App","name":"VPNIFY","company":"Neonetworks Solutions Ltd","version":"1.1.4","lastKnownStatus":"Deceptor:1.1.4","lastKnownDate":"221129","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2022-11-29T23:52:36.5047715+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1191},{"violations":{"ACR-048":"The app does not provide any control to remove the startup item and the scheduled task within the app's settings. The search toolbar is dock at the top of the desktop and has no way to close it except through system tray. It also does not provide a way to disable Chromium running in background.\n","ACR-006":"The app does not disclose its monetization approach using other search engine.\n","ACR-007":"The app's attribution is not clear. It redirects user searches to another search engine. The browser's search engine looks similar to \"Chrome Browser\" which most consumers will be misled to think it is a normal Chrome Browser.\n","ACR-084":"The app creates undisclosed scheduled tasks and startup items to perform actions without the consumer's knowledge and consent. The app continuously run in the background and may record system's Usage Data and metrics including IP and browsing activities. (Usage Data may include information such as the device's IP address, browser type, browser version, the webpages visited, the time and date of the visit, the time spent on those pages, unique device identifiers and other diagnostic data.)\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"browser.exe","companyName":"","productName":"Browser","fileVersion":"63.0.3239.132","hashMD5":"6a52c01614c4e275ed5de3d50b1d9b09","hashSHA1":"27774adcbfc144afaa45648f82cb535ab66a35a2","hashSHA256":"b484dfde549691473d03752634f81bf2df5a3da507654d6ced5d42da9d20cd20","digitalCertThumbprint":"BB1B401359CBB4BC8ECB44B39D343596681CC2D9","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US","sourceIndex":"287","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"WebFox Media                                                ","productName":"WebFoxBrowser  ","fileVersion":"4.22.3       ","hashMD5":"647afd1be96f82fb88996dd4f9b554f3","hashSHA1":"5f4efc355dc7dddcacca22339cd2531392ab95e1","hashSHA256":"38395e133be6f82c2847510096b062bb1d8c305c2477f4e9a5ef03ca957bb80c","digitalCertThumbprint":"BB1B401359CBB4BC8ECB44B39D343596681CC2D9","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US","sourceIndex":"287","avBlockList":["360 Total Security (20230105)","Avast Premium Security (20230105)","AVG Internet Security (20230105)","Avira Internet Security (20230105)","Bitdefender Internet Security (20230105)","COMODO Antivirus (20230105)","Dr.Web Security Space (20230105)","ESET Internet Security (20230105)","G DATA INTERNET SECURITY (20230105)","K7 Total Security (20230105)","Kaspersky Internet Security (20230105)","Malwarebytes Premium (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","Trend Micro Internet Security (20230105)","VIPRE Advanced Security (20230105)","VirIT eXplorer PRO (20230105)","Webroot SecureAnywhere (20230105)","Windows Defender (20230105)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"seached browsers on google","reference":"","landingPage":"https://getwebfox.com/","directDownloadingLink":"https://getwebfox.com/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://getwebfox.com/setup.exe","sourceIndex":"287"}],"sampleFiles":["221129/WebFoxBrowser-221124/63.0.3239.132/Samples/browser.exe","221129/WebFoxBrowser-221124/63.0.3239.132/Samples/setup.exe"],"imageFiles":["221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-084/ACR-048_ScheduledTask.jpg","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-084/ACR-048_Stasrtup.jpg","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-084/ACR-084_Usage_Data.jpg","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-084/ACR-048_Cannot_disable_runnig on background.jpg","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-048/ACR-048_ScheduledTask.jpg","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-048/ACR-048_Startup_NoControl.jpg","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-048/ACR-048_Stasrtup.jpg","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-048/ACR-048_Dock.gif","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-006/ACR-007_Send_Query_to_Bing.gif","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-007/ACR-007_Send_Query_to_Bing.gif","221129/WebFoxBrowser-221124/63.0.3239.132/Images/ACR-007/ACR-007_WebFox_Browser.jpg"],"nonDeceptorImageFiles":[],"guid":"cc38d525-c95b-4a9f-acb4-2cb1e777a942_63.0.3239.132_1","appID":"WebFoxBrowser-221124","dateAdded":"221129","deceptorType":"App","name":"WebFox Browser","company":"WebFox Media","version":"63.0.3239.132","lastKnownStatus":"Deceptor:63.0.3239.132","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-12-12T23:18:28.1178284+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1190},{"violations":{"ACR-048":"The app does not provide any control to remove the startup item and the scheduled task within the app's settings. \n","ACR-006":"The app does not disclose its monetization approach using Yahoo Search.\nThe app does not disclose its monetization approach using Yahoo Search.\n","ACR-007":"The app's attribution (Clear Bar) is not clear on the main page. \n","ACR-084":"The app creates undisclosed scheduled tasks and startup items to perform actions without the consumer's knowledge and consent. \n","ACR-085":"1. The app collects reports from the user's system by default without the user's Knowledge and consent.\n2. The app does not encrypt the search queries used by the user.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in the “C:\\Users\\User\\AppData\\Local\\Programs” directory, which is a hidden folder thereby preventing the consumer from being able to find it. \n","ACR-139":"The \"Clear Bar\" uses the \"Yahoo\" search provider and gives no way to disable/change the search engine\n","ACR-036":"Search relationships with Yahoo! and other search providers are not disclosed in Docs.\n","ACR-058":"The app doesn't specify that it monetizes using 3rd party search engine and supported by advertisements\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\ClearBar\\1.0.5.2\\Chromium\\clearbrowser.exe","companyName":"ClearBrowser","productName":"ClearBrowser","productVersion":"102.0.5005.63","fileVersion":"102.0.5005.63","hashMD5":"bec0cfda0fda087cc01bf467ce428641","hashSHA1":"fd49741bb94aaac3fb9ea01162535f41ed3ec1bd","hashSHA256":"327bef27e0d7b7431299d874346849c56552702e0bfde3e9808a97670835cdcd","digitalCertThumbprint":"4C6C207DCFA5A3FBC336F8356F951765EB058F05","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tightrope Interactive Inc.","storeId":"","sourceIndex":"1290","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\ClearBar\\1.0.5.2\\ClearBar.exe","companyName":"","productName":"ClearBar","productVersion":"1.0.5.2","fileVersion":"1.0.5.2","hashMD5":"4906a59f983290232d56128bcbb1ac5d","hashSHA1":"ce703f7cb2e5ec94bfe63a133ebbab11791ea92c","hashSHA256":"b4cca2c211b8ac5cb4944e674f0e9fa26d6d9d5a90fcc325987334d711651281","digitalCertThumbprint":"4C6C207DCFA5A3FBC336F8356F951765EB058F05","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tightrope Interactive Inc.","storeId":"","sourceIndex":"1290","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyRecipesSearch.win11.ch.exe","isInstaller":"True","companyName":"ClearBar.App                                                ","productName":"ClearBar                                                    ","productVersion":"1.0.5.2//d0eebc4/2022-07-19T17:28:20-04:00/       ","fileVersion":"1.0.5.2             ","hashMD5":"cfee9dbd96c26b392e268bc17f03464d","hashSHA1":"d663e3a694c9421bf2b4aede98b6a7a048ba4374","hashSHA256":"4eb30fbf04fc5230d522ef20bd53100a9fa32e4b562995f9a54d01a242b183e6","digitalCertThumbprint":"4C6C207DCFA5A3FBC336F8356F951765EB058F05","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Tightrope Interactive Inc.","storeId":"","sourceIndex":"1290","avBlockList":["360 Total Security (20230105)","Avast Premium Security (20230105)","AVG Internet Security (20230105)","Avira Internet Security (20230105)","ESET Internet Security (20230105)","G DATA INTERNET SECURITY (20230105)","K7 Total Security (20230105)","Kaspersky Internet Security (20230105)","McAfee Total Protection (20230105)","Norton Security (20230105)","Panda Dome (20230105)","Quick Heal Internet Security (20230105)","Sophos Home Premium (20230105)","SpyHunter5 (20230105)","Total AV Antivirus Pro (20230105)","VirIT eXplorer PRO (20230105)","Webroot SecureAnywhere (20230105)","Windows Defender (20230105)"],"avAllowList":["Bitdefender Internet Security (20230105)","COMODO Antivirus (20230105)","Dr.Web Security Space (20230105)","Malwarebytes Premium (20230105)","Trend Micro Internet Security (20230105)","VIPRE Advanced Security (20230105)"]}],"additionalFiles":[],"sources":[{"howFound":"Partner report","reference":"","landingPage":"https://clearbar.app/","directDownloadingLink":"https://dp39row7pw6mx.cloudfront.net/prod/1.0.5.2/easyrecipessearch/nonstub_cliff/EasyRecipesSearch.exe?response-content-disposition=attachment%3B%20filename%3DEasyRecipesSearch.win11.ch.exe&Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kcDM5cm93N3B3Nm14LmNsb3VkZnJvbnQubmV0L3Byb2QvMS4wLjUuMi9lYXN5cmVjaXBlc3NlYXJjaC9ub25zdHViX2NsaWZmL0Vhc3lSZWNpcGVzU2VhcmNoLmV4ZT9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0IlMjBmaWxlbmFtZSUzREVhc3lSZWNpcGVzU2VhcmNoLndpbjExLmNoLmV4ZSIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTY2ODEzMjAwMDAwMH19fV19&Key-Pair-Id=K3I66AL3TQKE5J&Signature=misAdDMAhIUV1K4Lmst7AjU4RiaAd9HwE7GOo-cla6H~JDZmODGwKe5mCwI-0-i4cki3J8VC4WihOPmSq-WVu4W2Kc3gYXejtoXn-Nhth1ut6U1fJd-g5KFHGrXBuMrchvZjSE8eye7-Z2G8-HHScrb6a0Tu~x~v-penEIR6LdCwAfoHG~o2f2K63o04lyWO885DYutfFGusNDNJnXuY8OvlEXVg3WWzsamGOuiosqwIwjF3OwVB2JscrfIbg7bfALJE3jv~CSQroZ2swbksT-hKZq805xv-uvzrUsKvYsTmLX~8AMVUpJ70JSl6MSIBeDNMr0AYnqSUnf7pg8ol5w__","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dp39row7pw6mx.cloudfront.net/prod/1.0.5.2/easyrecipessearch/nonstub_cliff/EasyRecipesSearch.exe?response-content-disposition=attachment%3B%20filename%3DEasyRecipesSearch.win11.ch.exe&Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kcDM5cm93N3B3Nm14LmNsb3VkZnJvbnQubmV0L3Byb2QvMS4wLjUuMi9lYXN5cmVjaXBlc3NlYXJjaC9ub25zdHViX2NsaWZmL0Vhc3lSZWNpcGVzU2VhcmNoLmV4ZT9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0IlMjBmaWxlbmFtZSUzREVhc3lSZWNpcGVzU2VhcmNoLndpbjExLmNoLmV4ZSIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTY2ODEzMjAwMDAwMH19fV19&Key-Pair-Id=K3I66AL3TQKE5J&Signature=misAdDMAhIUV1K4Lmst7AjU4RiaAd9HwE7GOo-cla6H~JDZmODGwKe5mCwI-0-i4cki3J8VC4WihOPmSq-WVu4W2Kc3gYXejtoXn-Nhth1ut6U1fJd-g5KFHGrXBuMrchvZjSE8eye7-Z2G8-HHScrb6a0Tu~x~v-penEIR6LdCwAfoHG~o2f2K63o04lyWO885DYutfFGusNDNJnXuY8OvlEXVg3WWzsamGOuiosqwIwjF3OwVB2JscrfIbg7bfALJE3jv~CSQroZ2swbksT-hKZq805xv-uvzrUsKvYsTmLX~8AMVUpJ70JSl6MSIBeDNMr0AYnqSUnf7pg8ol5w__","sourceIndex":"1290"}],"sampleFiles":["221123/ClearBarBrowser-221112/1.0.5.2/Samples/EasyRecipesSearch.win11.ch.exe"],"imageFiles":["221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-085/ACR-085.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-085/ACR-085_1.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-006/ACR-006.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-084/ACR-084 (1).JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-084/ACR-084 (2).JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-048/ACR-048 (1).JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-048/ACR-048 (2).JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-048/ACR-048_2.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-006/ACR-006_1.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-007/ACR-007.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-007/ACR-007_1.JPG"],"nonDeceptorImageFiles":["221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-040/ACR-040_1.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-139/ACR-139.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-036/ACR-036.jpg","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-058/ACR-058.JPG","221123/ClearBarBrowser-221112/1.0.5.2/Images/ACR-006/ACR-006_2.jpg"],"guid":"36aa5764-3ee3-44e3-95d2-7f968c2c91b8_1.0.5.2_1","appID":"ClearBarBrowser-221112","dateAdded":"221123","deceptorType":"App","name":"Clear Bar Browser","company":"Tightrope Interactive, Inc.","version":"1.0.5.2","lastKnownStatus":"1.0.5.2","lastKnownDate":"221123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-11-24T06:31:50.8861305+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1197},{"violations":{"ACR-103":"The app suggests cleaning up \"106.6 MB\" of junk/cache. After completing junk clean it says “Done”, and during rescan, it does not show the apps displayed in the previous scan result but in the app settings, it displays the same size of cache data that can be cleaned. App's value proposition can't be verified as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up \"106.6 MB\" of junk/cache. After completing junk clean it says “Done”, and during rescan, it does not show the apps displayed in the previous scan result but when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"supers.cleaner.cache.clean.android.speed.phone.booster.apk","isInstaller":"True","productVersion":"1.0.4","fileVersion":"1.0.4","hashMD5":"6c880808f13e201c561465c531b45a9f","hashSHA1":"edcc40eeed6d15cb87d6bb6ecb4cfd315d7aadad","hashSHA256":"9170784ac1b8fa6e65ec46f924ec5070509f3f3c1d3cc26d5a883181f1ab0c70","sourceIndex":"1291","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=supers.cleaner.cache.clean.android.speed.phone.booster&hl=en_IN","ipv4":"","ipv6":"","sourceIndex":"1291"}],"sampleFiles":["221122/MTCleanerFastAndSecure-221121/1.0.4/Samples/supers.cleaner.cache.clean.android.speed.phone.booster.apk"],"imageFiles":["221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_3.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Scan_Result_4.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Scan_Result_5.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_10.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-103/ACR-103_Software_Rescan_AfterFix_11.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_3.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Scan_Result_4.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Scan_Result_5.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_6.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_10.jpg","221122/MTCleanerFastAndSecure-221121/1.0.4/Images/ACR-014/ACR-014_Software_Rescan_AfterFix_11.jpg"],"nonDeceptorImageFiles":[],"guid":"09e44862-2548-45f4-a68e-55873ac32904_1.0.4_1","appID":"MTCleanerFastAndSecure-221121","dateAdded":"221122","deceptorType":"Android App","name":"MT Cleaner Fast And Secure","company":"Superpix Lab","version":"1.0.4","sigName":"Deceptor:Android/MTCleanerFastAndSecure!103014","lastKnownStatus":"1.0.4","lastKnownDate":"221122","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,inject ads,display ads","lastUpdate":"2022-11-23T05:27:34.3926633+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1198},{"violations":{"ACR-053":"App doesn’t allow the consumer to skip all offers at once.\t\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of \"Recommended additional software to install\".\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"4k-video-downloader.g5255.exe","isInstaller":"True","fileVersion":"4.16","hashMD5":"ff20b76603c46045c4b529c2c81dfd7b","hashSHA1":"257b1eaec16510cf411d49d11878d48edc4bea93","hashSHA256":"c80cd7aa1075c3f4459cb66cebcf361b7467a619cdb937d90b49c76690a80789","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230110)","Avast Premium Security (20230110)","AVG Internet Security (20230110)","Avira Internet Security (20230110)","Bitdefender Internet Security (20230110)","COMODO Antivirus (20230110)","Dr.Web Security Space (20230110)","ESET Internet Security (20230110)","G DATA INTERNET SECURITY (20230110)","K7 Total Security (20230110)","Kaspersky Internet Security (20230110)","Malwarebytes Premium (20230110)","McAfee Total Protection (20230110)","Norton Security (20230110)","Panda Dome (20230110)","SpyHunter5 (20230110)","Total AV Antivirus Pro (20230110)","VIPRE Advanced Security (20230110)","VirIT eXplorer PRO (20230110)","Webroot SecureAnywhere (20230110)","Windows Defender (20230110)","Sophos Home Premium (20230110)"],"avAllowList":["Quick Heal Internet Security (20230110)","Trend Micro Internet Security (20230110)"]},{"isRevoked":"False","fileName":"adguard.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"bc3ed21df5bd5d30c82242595961dc6c","hashSHA1":"404c3f9356939c3a3578bc986afe96f809030e62","hashSHA256":"632b56c04070cc8c78f371201b3696fa9b2b725378c977e058552092d3d2d64d","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230110)","Avast Premium Security (20230110)","AVG Internet Security (20230110)","Avira Internet Security (20230110)","Bitdefender Internet Security (20230110)","COMODO Antivirus (20230110)","Dr.Web Security Space (20230110)","ESET Internet Security (20230110)","G DATA INTERNET SECURITY (20230110)","K7 Total Security (20230110)","Kaspersky Internet Security (20230110)","Malwarebytes Premium (20230110)","McAfee Total Protection (20230110)","Norton Security (20230110)","Panda Dome (20230110)","Quick Heal Internet Security (20230110)","Sophos Home Premium (20230110)","SpyHunter5 (20230110)","Total AV Antivirus Pro (20230110)","VIPRE Advanced Security (20230110)","VirIT eXplorer PRO (20230110)","Webroot SecureAnywhere (20230110)","Windows Defender (20230110)"],"avAllowList":["Trend Micro Internet Security (20230110)"]},{"isRevoked":"False","fileName":"adobe-flash-player.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"35a6bca1fa8f1f7ce95a5218d6521d78","hashSHA1":"0e9030235ef3004c78d55597860a496a6673b995","hashSHA256":"b8b889dba6b3526c10f14076d230d49c24c3d58fcd27d149498e707acb0ff0dd","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230110)","Avast Premium Security (20230110)","AVG Internet Security (20230110)","Avira Internet Security (20230110)","Bitdefender Internet Security (20230110)","COMODO Antivirus (20230110)","Dr.Web Security Space (20230110)","ESET Internet Security (20230110)","G DATA INTERNET SECURITY (20230110)","K7 Total Security (20230110)","Kaspersky Internet Security (20230110)","Malwarebytes Premium (20230110)","McAfee Total Protection (20230110)","Norton Security (20230110)","Panda Dome (20230110)","Quick Heal Internet Security (20230110)","Sophos Home Premium (20230110)","SpyHunter5 (20230110)","Total AV Antivirus Pro (20230110)","VIPRE Advanced Security (20230110)","VirIT eXplorer PRO (20230110)","Webroot SecureAnywhere (20230110)","Windows Defender (20230110)"],"avAllowList":["Trend Micro Internet Security (20230110)"]},{"isRevoked":"False","fileName":"aimp.g5255.exe","isInstaller":"True","fileVersion":"4.60","hashMD5":"607eef68a623363e6f0e824261f57dd9","hashSHA1":"d8dab3edc251c3cc6da14ebf92fe13f9fc767c86","hashSHA256":"b671835293266f6a73e592fca8472aebb955ac5f4aefca1e0c3ef30afc98d324","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230110)","Avast Premium Security (20230110)","AVG Internet Security (20230110)","Avira Internet Security (20230110)","Bitdefender Internet Security (20230110)","COMODO Antivirus (20230110)","Dr.Web Security Space (20230110)","ESET Internet Security (20230110)","G DATA INTERNET SECURITY (20230110)","K7 Total Security (20230110)","Kaspersky Internet Security (20230110)","Malwarebytes Premium (20230110)","McAfee Total Protection (20230110)","Norton Security (20230110)","Panda Dome (20230110)","Sophos Home Premium (20230110)","SpyHunter5 (20230110)","Total AV Antivirus Pro (20230110)","VIPRE Advanced Security (20230110)","VirIT eXplorer PRO (20230110)","Webroot SecureAnywhere (20230110)","Windows Defender (20230110)"],"avAllowList":["Quick Heal Internet Security (20230110)","Trend Micro Internet Security (20230110)"]},{"isRevoked":"False","fileName":"all-video-downloader.g5255.exe","isInstaller":"True","fileVersion":"6.0","hashMD5":"5954754bf564fb41f749f3db7bb3b4e7","hashSHA1":"aacef19583b1589741f939bbd4a40bf4051e7665","hashSHA256":"f5cceb3c2f9a9548ed43f56ac165a25f33bedf97c717d643c3ba057ef161bdff","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230110)","Avast Premium Security (20230110)","AVG Internet Security (20230110)","Avira Internet Security (20230110)","Bitdefender Internet Security (20230110)","COMODO Antivirus (20230110)","Dr.Web Security Space (20230110)","ESET Internet Security (20230110)","G DATA INTERNET SECURITY (20230110)","K7 Total Security (20230110)","Kaspersky Internet Security (20230110)","Malwarebytes Premium (20230110)","McAfee Total Protection (20230110)","Norton Security (20230110)","Panda Dome (20230110)","Quick Heal Internet Security (20230110)","Sophos Home Premium (20230110)","SpyHunter5 (20230110)","Total AV Antivirus Pro (20230110)","VIPRE Advanced Security (20230110)","VirIT eXplorer PRO (20230110)","Webroot SecureAnywhere (20230110)","Windows Defender (20230110)"],"avAllowList":["Trend Micro Internet Security (20230110)"]},{"isRevoked":"False","fileName":"anydesk.g5255.exe","isInstaller":"True","fileVersion":"6.1","hashMD5":"fd76c1745082fc11f161cf6e43dcc09a","hashSHA1":"3ec3df9f3ebefa508f773d1783235314f61ef5b6","hashSHA256":"98e14420c84a7b1bc73bd401fd7b6d3ea3b3cc92337175940d2fab909ee66153","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230124)","Avast Premium Security (20230124)","AVG Internet Security (20230124)","Avira Internet Security (20230124)","Bitdefender Internet Security (20230124)","COMODO Antivirus (20230124)","Dr.Web Security Space (20230124)","ESET Internet Security (20230124)","G DATA INTERNET SECURITY (20230124)","K7 Total Security (20230124)","Kaspersky Internet Security (20230124)","Malwarebytes Premium (20230124)","McAfee Total Protection (20230124)","Norton Security (20230124)","Panda Dome (20230124)","Quick Heal Internet Security (20230124)","Sophos Home Premium (20230124)","SpyHunter5 (20230124)","Total AV Antivirus Pro (20230124)","VIPRE Advanced Security (20230124)","VirIT eXplorer PRO (20230124)","Webroot SecureAnywhere (20230124)","Windows Defender (20230124)"],"avAllowList":["Trend Micro Internet Security (20230124)"]},{"isRevoked":"False","fileName":"artmoney-se.g5255.exe","isInstaller":"True","fileVersion":"8.12","hashMD5":"05a24460190d2fe4b355611ae1ef1132","hashSHA1":"25987b0b4d428695ca0964c1feb32612c728e30f","hashSHA256":"6194ecaa4fff21c24b91d708408df5471f54017d0a2fc9dd1a142fe7da13e76f","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","Malwarebytes Premium (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)"],"avAllowList":["Quick Heal Internet Security (20230126)","Trend Micro Internet Security (20230126)","Windows Defender (20230126)"]},{"isRevoked":"False","fileName":"audacity.g5255.exe","isInstaller":"True","fileVersion":"2.3","hashMD5":"3a4fdde9c5ff8041d30f5627e6965ea8","hashSHA1":"1b8fdad3ee679ca9f52c648d2f83b9a9e60c59ee","hashSHA256":"95cb41a42ac1b62f2f23d2af7eec276c6b0647fb1e464d67e39011f25c38d015","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)","Windows Defender (20230126)","Sophos Home Premium (20230126)"],"avAllowList":["Malwarebytes Premium (20230126)","Quick Heal Internet Security (20230126)","Trend Micro Internet Security (20230126)"]},{"isRevoked":"False","fileName":"bandicam-screen-recorder.g5255.exe","isInstaller":"True","fileVersion":"4.4","hashMD5":"bfb915e60900374e2791ebe9369764c1","hashSHA1":"b95a849a421381ddb4eade245b515d13ffef5c52","hashSHA256":"ef2bc937872b3ff209580f00746664d163b041ff2f3a5244e6ccd59c7cbb5b18","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","Malwarebytes Premium (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)","Windows Defender (20230126)"],"avAllowList":["Quick Heal Internet Security (20230126)","Trend Micro Internet Security (20230126)"]},{"isRevoked":"False","fileName":"battle-net.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fdbe79fd3046bbd55ba18f15febba234","hashSHA1":"795e2cb6add051cfcac58d901db6e401fba6051a","hashSHA256":"573ca47b0be5805ae94cd763745b485c6b3bfd29282d704505b6756a5b833bd1","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","Malwarebytes Premium (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)","Windows Defender (20230126)"],"avAllowList":["Quick Heal Internet Security (20230126)","Trend Micro Internet Security (20230126)"]},{"isRevoked":"False","fileName":"bitcomet.g5255.exe","isInstaller":"True","fileVersion":"1.1","hashMD5":"b5f55ea89d65b649cc537ff7fb5608ac","hashSHA1":"212f2276a2bdb5e44e532afe49fb86003fbc4b8d","hashSHA256":"8785e34166ab96f86547953f3006b9645dff64af9a674e481d364b4d722f471e","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","Malwarebytes Premium (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)","Windows Defender (20230126)"],"avAllowList":["Panda Dome (20230126)","Quick Heal Internet Security (20230126)","Trend Micro Internet Security (20230126)"]},{"isRevoked":"False","fileName":"bittorrent.g5255.exe","isInstaller":"True","fileVersion":"7.10","hashMD5":"976eed5d12625d525be809429d9a0ea1","hashSHA1":"02f0fd94a3763e9c6d4498f0ab91312b0aa7609f","hashSHA256":"3ed8221c4b7f030ab7fee6886474eecc60d56e64e120c91ac3c12ec2be1da203","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","Malwarebytes Premium (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)","Windows Defender (20230126)"],"avAllowList":["Quick Heal Internet Security (20230126)","Trend Micro Internet Security (20230126)"]},{"isRevoked":"False","fileName":"cent-browser.g5255.exe","isInstaller":"True","fileVersion":"1.2","hashMD5":"fea0bac9a7d757dd9f4bd4aa8d956005","hashSHA1":"f9deaa248f2c00b3b34398710615b5deac0d44ba","hashSHA256":"ce1efeb961fd1a31529bccbb665d49f06aed50ec0f08898ffd653c59d67c6f00","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","Malwarebytes Premium (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Quick Heal Internet Security (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)","Windows Defender (20230126)"],"avAllowList":["Trend Micro Internet Security (20230126)"]},{"isRevoked":"False","fileName":"cocoon.g5255.exe","isInstaller":"True","fileVersion":"4.42","hashMD5":"df28d964f750c39f908346d2aa2aa4dc","hashSHA1":"dc8d3a945574d6ac917e321ec7a6dd06f4d31f17","hashSHA256":"acad436aa2a76e7abb469c76490afa8efe86c3243d3516d5fee68f7ef1f7bdae","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230126)","Avast Premium Security (20230126)","AVG Internet Security (20230126)","Avira Internet Security (20230126)","Bitdefender Internet Security (20230126)","COMODO Antivirus (20230126)","Dr.Web Security Space (20230126)","ESET Internet Security (20230126)","G DATA INTERNET SECURITY (20230126)","K7 Total Security (20230126)","Kaspersky Internet Security (20230126)","McAfee Total Protection (20230126)","Norton Security (20230126)","Panda Dome (20230126)","Quick Heal Internet Security (20230126)","Sophos Home Premium (20230126)","SpyHunter5 (20230126)","Total AV Antivirus Pro (20230126)","VIPRE Advanced Security (20230126)","VirIT eXplorer PRO (20230126)","Webroot SecureAnywhere (20230126)","Windows Defender (20230126)"],"avAllowList":["Malwarebytes Premium (20230126)","Trend Micro Internet Security (20230126)"]},{"isRevoked":"False","fileName":"comodo-dragon.g5255.exe","isInstaller":"True","fileVersion":"12.0","hashMD5":"20df48785e1faf7bb00c81b0bb581139","hashSHA1":"85daa695cf0303a15544eeb37ce8d52a3c323441","hashSHA256":"61e578646874fe54d08b708556e6b96c3f5a369686072a87077d2d6253f7566b","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","Malwarebytes Premium (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Panda Dome (20230131)","Quick Heal Internet Security (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)"],"avAllowList":["Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"directx.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"63fdb01610588e9cce6d77ec76953e96","hashSHA1":"5ba1c8e7e6883dbf1ec68ecb91510dabc46a93ed","hashSHA256":"fc9f1e85c00dd7d5c8bc0a171646a488d865079f43199ec0a1cdde3e08d3419c","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","Malwarebytes Premium (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)"],"avAllowList":["Panda Dome (20230131)","Quick Heal Internet Security (20230131)","Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"discord.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c09d4be156fb344b31acaca49bcd0a37","hashSHA1":"e27735cdc595089d1d551de626f17e4189e11168","hashSHA256":"6502446edbd607ae1acbd5a78f97947dee1213e46ba616ea95df6204da10bd1d","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Panda Dome (20230131)","Quick Heal Internet Security (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)"],"avAllowList":["Malwarebytes Premium (20230131)","Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"download-master.g5255.exe","isInstaller":"True","fileVersion":"6.18","hashMD5":"313020bb7ae5dbf1dbb6f3bf8ffd6c1c","hashSHA1":"ac05ab63136d670884257d215c52bd15b76b845c","hashSHA256":"172f4834a4189f64784ab5b48055d4cc811c4fc63b49aa2836cc92739ecdf8e8","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","Malwarebytes Premium (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Panda Dome (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)"],"avAllowList":["Quick Heal Internet Security (20230131)","Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"dropbox.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"8e9bf55cf52f1ce727b7e05aefbf9e65","hashSHA1":"6141fab2b00179a017a0ccdeedbf41658c681fd3","hashSHA256":"cf23c77a7bb5d99438afda323fc5bee59fdbbf7a96ed4f727d064e9475c16870","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","Malwarebytes Premium (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)"],"avAllowList":["Panda Dome (20230131)","Quick Heal Internet Security (20230131)","Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"epic-browser.g5255.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"a7d619b36bb2a9454ded9e76b328cd87","hashSHA1":"3349b9a8771c54aaec19708927ed39e0ab3f1423","hashSHA256":"42eafda458b92a9230cca2e79517780694147a78a777d8af562b29e6f31f2d9d","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","Malwarebytes Premium (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Panda Dome (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)"],"avAllowList":["Quick Heal Internet Security (20230131)","Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"fortnite.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"59bf4bb603cba9be58ebaef50eee062d","hashSHA1":"f189529aa6ddd88725ed6e0a58d3287bcb63c57f","hashSHA256":"87c5d8493450c68d33ef1c20b3ffe14e267ff3468236a50eb3c70e27651b73d7","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","Malwarebytes Premium (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Panda Dome (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)","Sophos Home Premium (20230131)"],"avAllowList":["Quick Heal Internet Security (20230131)","Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"free-download-manager.g5255.exe","isInstaller":"True","fileVersion":"5.1","hashMD5":"18c0d6870d552204b981b67990b61246","hashSHA1":"f51b5428059d1375ce4d531c0cd94c36ec2917fa","hashSHA256":"4f7292b909106182e9a7187f030436a21576c31aae007a481b25f26580b62654","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","Malwarebytes Premium (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Panda Dome (20230131)","Quick Heal Internet Security (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)"],"avAllowList":["Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"free-vpn.g5255.exe","isInstaller":"True","fileVersion":"1.26","hashMD5":"3ba206633de379eaa00676a788463970","hashSHA1":"fef68a158f2487d1955ea4ac5f3fee701179fc33","hashSHA256":"e8ecdc0fb30aff6566d4766667681e6b9fb99ba378a3df239daa4a8f5a95d311","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Panda Dome (20230131)","Quick Heal Internet Security (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)","Total AV Antivirus Pro (20230131)"],"avAllowList":["Malwarebytes Premium (20230131)","Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"google-chrome.g5255.exe","isInstaller":"True","fileVersion":"1.3","hashMD5":"1a73f110088b6ad1f8a672d435e63b3e","hashSHA1":"a28064c2fbabbe1473085e8b2371948990647fe4","hashSHA256":"e2a6dfdd5891ef06ab3502ed0765edbfb6b971265b252b80547d76d96a63dccd","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230131)","Avast Premium Security (20230131)","AVG Internet Security (20230131)","Avira Internet Security (20230131)","Bitdefender Internet Security (20230131)","COMODO Antivirus (20230131)","Dr.Web Security Space (20230131)","ESET Internet Security (20230131)","G DATA INTERNET SECURITY (20230131)","K7 Total Security (20230131)","Kaspersky Internet Security (20230131)","Malwarebytes Premium (20230131)","McAfee Total Protection (20230131)","Norton Security (20230131)","Panda Dome (20230131)","Quick Heal Internet Security (20230131)","Sophos Home Premium (20230131)","SpyHunter5 (20230131)","Total AV Antivirus Pro (20230131)","VIPRE Advanced Security (20230131)","VirIT eXplorer PRO (20230131)","Webroot SecureAnywhere (20230131)","Windows Defender (20230131)"],"avAllowList":["Trend Micro Internet Security (20230131)"]},{"isRevoked":"False","fileName":"hamachi.g5255.exe","isInstaller":"True","fileVersion":"2.2","hashMD5":"ad97480d86ff83ef9855486c75367183","hashSHA1":"d07cfdb147168ca890ca760b0a6a1d964742a0b3","hashSHA256":"d7acb5f07f77f549f82c5d819697f563fb093dbd7202f5d820e026e0b00bc85f","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","Malwarebytes Premium (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"hotspot-shield.g5255.exe","isInstaller":"True","fileVersion":"7.15","hashMD5":"3cfd71b8953b0c345c960f4b57b3dd75","hashSHA1":"bcec6c70b3a5eabd3ffd94f7522641a18a779ee1","hashSHA256":"7dfd45034b3c04b798fc655375e70ac5a719f7c0bb9fc7ef1d4e07bdd4c517a6","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","Malwarebytes Premium (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"instagram-for-pc.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"887216c314c4fd1b1830fccb12f443fd","hashSHA1":"48d583ba5ee127c93162a834f7f6cb60e26fa0f9","hashSHA256":"11d40fa1c274cc9958db24dd8962f8ae7267aa4040b1720b5c952810541d1475","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","Trend Micro Internet Security (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Malwarebytes Premium (20230202)","Quick Heal Internet Security (20230202)"]},{"isRevoked":"False","fileName":"Install5KPlayer.58298.exe","isInstaller":"True","companyName":"VS, OOO","fileVersion":"2.11","hashMD5":"a23e1461810b6480ca1a790a89d5d20e","hashSHA1":"bb4e7e59ccd24a9356349f2445c2bdabbb05b8e8","hashSHA256":"737526d5ebdf92575934ebc2b2296fa7841d77acc21d58b1af1111ac05f8c103","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","Malwarebytes Premium (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Quick Heal Internet Security (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","Trend Micro Internet Security (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"internet-download-manager.g5255.exe","isInstaller":"True","fileVersion":"6.38","hashMD5":"295cc28e6b2ec17ba7d2e3e470a59ecd","hashSHA1":"4b30eca6f9cc0eb82976f2390436508e291f5c68","hashSHA256":"01b7c36da16c067c46cbec589f897b34a437b87146910190c74d230755019b3b","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","Malwarebytes Premium (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"k-lite-codec-pack.g5255.exe","isInstaller":"True","fileVersion":"15.7","hashMD5":"f4ebebb3c7b92f79bba4dd1249a87137","hashSHA1":"05521e3379047501c12d5a1b3da7f20dec699f79","hashSHA256":"547aebe10da689439a08346ee4dfcb4267d72e5577db129ca20ce5bbe62ddcef","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","Malwarebytes Premium (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"kmplayer.g5255.exe","isInstaller":"True","fileVersion":"4.2","hashMD5":"2e8a8b1a426d3155ae7c55d142cd61c6","hashSHA1":"c691acc67e1ffcc7723545e9ff91d37b6c05a8a5","hashSHA256":"b62a8c8420521ff1d88e4dd489f7ceb36bd51b54ff229a28eea5c9c30d3b410f","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Malwarebytes Premium (20230202)","Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"kodi.g5255.exe","isInstaller":"True","fileVersion":"18.2","hashMD5":"2ba8509a5f2ecc1eca5ae78a0f517cc4","hashSHA1":"4b9b350f64dbb7b779ad6f6cd7b89da03c3820bb","hashSHA256":"ff4f79759d2dc0bf6ef859d295d7686c3b34a905b0aa51f3759b766b16c4abb2","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["360 Total Security (20230202)","Malwarebytes Premium (20230202)","Panda Dome (20230202)","Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"minecraft.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c084245b8d217d7fb70d67744c9e936d","hashSHA1":"fde670a4158efc903afa481f87d4375ac15df71e","hashSHA256":"2e03185689e3bafc0379390f997ae2b4dacf4c5aa768a37b0518b1a92cbc7c6e","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","Malwarebytes Premium (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"mozilla-firefox.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6a9a3e3f965066226d690e5e372ed1b1","hashSHA1":"9137b928f3d5c0cc299028a0dd942af20b2553a4","hashSHA256":"0e1cdc9677d0ab3bee91fef91037f5216f9cd30de02bf207202bc5044d6985ad","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Malwarebytes Premium (20230202)","Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"openvpn.g5255.exe","isInstaller":"True","fileVersion":"2.0","hashMD5":"e3954be44b3ad1d0ab0c0d9fd16888a8","hashSHA1":"6102a6aefdf9b4586151f075ba6280884fcf7985","hashSHA256":"4beae23c69ab8a079416f710e704bbe88f29cd1c51c96804a2cdffb297386ba9","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230202)","Avast Premium Security (20230202)","AVG Internet Security (20230202)","Avira Internet Security (20230202)","Bitdefender Internet Security (20230202)","COMODO Antivirus (20230202)","Dr.Web Security Space (20230202)","ESET Internet Security (20230202)","G DATA INTERNET SECURITY (20230202)","K7 Total Security (20230202)","Kaspersky Internet Security (20230202)","Malwarebytes Premium (20230202)","McAfee Total Protection (20230202)","Norton Security (20230202)","Panda Dome (20230202)","Sophos Home Premium (20230202)","SpyHunter5 (20230202)","Total AV Antivirus Pro (20230202)","VIPRE Advanced Security (20230202)","VirIT eXplorer PRO (20230202)","Webroot SecureAnywhere (20230202)","Windows Defender (20230202)"],"avAllowList":["Quick Heal Internet Security (20230202)","Trend Micro Internet Security (20230202)"]},{"isRevoked":"False","fileName":"pale-moon.g5255.exe","isInstaller":"True","fileVersion":"29.0","hashMD5":"5ab5f5854a00e8c16322a6bbd4ed98cc","hashSHA1":"73588341ceeeac374d4a1f177b47a63749758284","hashSHA256":"69cc7ceecd5e411b4e118061e785d47ae7a58f8ea92fd805102857f8473cb62b","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230207)","Avast Premium Security (20230207)","AVG Internet Security (20230207)","Avira Internet Security (20230207)","Bitdefender Internet Security (20230207)","COMODO Antivirus (20230207)","Dr.Web Security Space (20230207)","ESET Internet Security (20230207)","G DATA INTERNET SECURITY (20230207)","K7 Total Security (20230207)","Kaspersky Internet Security (20230207)","Malwarebytes Premium (20230207)","McAfee Total Protection (20230207)","Norton Security (20230207)","Panda Dome (20230207)","Quick Heal Internet Security (20230207)","Sophos Home Premium (20230207)","SpyHunter5 (20230207)","Total AV Antivirus Pro (20230207)","VIPRE Advanced Security (20230207)","VirIT eXplorer PRO (20230207)","Webroot SecureAnywhere (20230207)","Windows Defender (20230207)"],"avAllowList":["Trend Micro Internet Security (20230207)"]},{"isRevoked":"False","fileName":"pdf-to-jpg.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"26c98e1cddc89141310fadee30583a39","hashSHA1":"2c3298c021d287960c68c07f33eaa28dd98b571f","hashSHA256":"a189d5b83c20abc9e991f1ab0e0f9304ec36e372d66e1a4a4225c931dc244219","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230207)","Avast Premium Security (20230207)","AVG Internet Security (20230207)","Avira Internet Security (20230207)","Bitdefender Internet Security (20230207)","COMODO Antivirus (20230207)","Dr.Web Security Space (20230207)","ESET Internet Security (20230207)","G DATA INTERNET SECURITY (20230207)","K7 Total Security (20230207)","Kaspersky Internet Security (20230207)","Malwarebytes Premium (20230207)","McAfee Total Protection (20230207)","Norton Security (20230207)","Sophos Home Premium (20230207)","SpyHunter5 (20230207)","Total AV Antivirus Pro (20230207)","VIPRE Advanced Security (20230207)","VirIT eXplorer PRO (20230207)","Webroot SecureAnywhere (20230207)","Windows Defender (20230207)"],"avAllowList":["Panda Dome (20230207)","Quick Heal Internet Security (20230207)","Trend Micro Internet Security (20230207)"]},{"isRevoked":"False","fileName":"potplayer.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"85835e3fcbdaaa00cb973ab4ae7df741","hashSHA1":"8f2b611742e5c3bcbf1d9d751f07858fe46bb256","hashSHA256":"dcf3da2ef0703c1d0d2ff4bd63b60231bf5eb29145a8dd6ae2e8f20a9c36949c","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230207)","Avast Premium Security (20230207)","AVG Internet Security (20230207)","Avira Internet Security (20230207)","Bitdefender Internet Security (20230207)","COMODO Antivirus (20230207)","Dr.Web Security Space (20230207)","ESET Internet Security (20230207)","G DATA INTERNET SECURITY (20230207)","K7 Total Security (20230207)","Kaspersky Internet Security (20230207)","McAfee Total Protection (20230207)","Norton Security (20230207)","Panda Dome (20230207)","Quick Heal Internet Security (20230207)","Sophos Home Premium (20230207)","SpyHunter5 (20230207)","Total AV Antivirus Pro (20230207)","VIPRE Advanced Security (20230207)","VirIT eXplorer PRO (20230207)","Webroot SecureAnywhere (20230207)","Windows Defender (20230207)"],"avAllowList":["Malwarebytes Premium (20230207)","Trend Micro Internet Security (20230207)"]},{"isRevoked":"False","fileName":"pubg.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"269202f7707c7f49fcabdfa826d3b5da","hashSHA1":"da82908a6ad54df1d33b72a5e241f4c078cad053","hashSHA256":"4a5c7aff49e00125ac8178a594ea86bf094387b108fcd1ef9573614f851ca625","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["Avast Premium Security (20230207)","AVG Internet Security (20230207)","Avira Internet Security (20230207)","Bitdefender Internet Security (20230207)","COMODO Antivirus (20230207)","Dr.Web Security Space (20230207)","ESET Internet Security (20230207)","G DATA INTERNET SECURITY (20230207)","K7 Total Security (20230207)","Kaspersky Internet Security (20230207)","Malwarebytes Premium (20230207)","McAfee Total Protection (20230207)","Norton Security (20230207)","Sophos Home Premium (20230207)","SpyHunter5 (20230207)","Total AV Antivirus Pro (20230207)","VIPRE Advanced Security (20230207)","VirIT eXplorer PRO (20230207)","Webroot SecureAnywhere (20230207)","Windows Defender (20230207)"],"avAllowList":["360 Total Security (20230207)","Panda Dome (20230207)","Quick Heal Internet Security (20230207)","Trend Micro Internet Security (20230207)"]},{"isRevoked":"False","fileName":"pubg-mobile.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0b41bd716dda2e93ff241f5091a5ac7f","hashSHA1":"0bb07df74b04b927eb1611abe24ad67dfa5ba3d4","hashSHA256":"e1d2428d37110f4a2bf219657392e5f713892dc3751d629a1c6a247ec9bf50e9","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["Avast Premium Security (20230207)","AVG Internet Security (20230207)","Avira Internet Security (20230207)","Bitdefender Internet Security (20230207)","COMODO Antivirus (20230207)","Dr.Web Security Space (20230207)","ESET Internet Security (20230207)","G DATA INTERNET SECURITY (20230207)","K7 Total Security (20230207)","Kaspersky Internet Security (20230207)","Malwarebytes Premium (20230207)","McAfee Total Protection (20230207)","Norton Security (20230207)","Sophos Home Premium (20230207)","SpyHunter5 (20230207)","Total AV Antivirus Pro (20230207)","Trend Micro Internet Security (20230207)","VIPRE Advanced Security (20230207)","VirIT eXplorer PRO (20230207)","Webroot SecureAnywhere (20230207)","Windows Defender (20230207)"],"avAllowList":["360 Total Security (20230207)","Panda Dome (20230207)","Quick Heal Internet Security (20230207)"]},{"isRevoked":"False","fileName":"quicktime.g5255.exe","isInstaller":"True","fileVersion":"7.79","hashMD5":"cc50f3199ea5daa432866313409ca53f","hashSHA1":"a761a1d77d786fd5016cf92e516ce113cd2674b0","hashSHA256":"f6597b1f6d1b2c9e12bb185be141f14d053e0f5f651175411ad8ca8313cd2bf0","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230207)","Avast Premium Security (20230207)","AVG Internet Security (20230207)","Avira Internet Security (20230207)","Bitdefender Internet Security (20230207)","COMODO Antivirus (20230207)","Dr.Web Security Space (20230207)","ESET Internet Security (20230207)","G DATA INTERNET SECURITY (20230207)","K7 Total Security (20230207)","Kaspersky Internet Security (20230207)","McAfee Total Protection (20230207)","Norton Security (20230207)","Sophos Home Premium (20230207)","SpyHunter5 (20230207)","Total AV Antivirus Pro (20230207)","VIPRE Advanced Security (20230207)","VirIT eXplorer PRO (20230207)","Webroot SecureAnywhere (20230207)","Windows Defender (20230207)"],"avAllowList":["Malwarebytes Premium (20230207)","Panda Dome (20230207)","Quick Heal Internet Security (20230207)","Trend Micro Internet Security (20230207)"]},{"isRevoked":"False","fileName":"safari.g5255.exe","isInstaller":"True","fileVersion":"5.34","hashMD5":"5906196f913d09c4a16e5f034f706a65","hashSHA1":"4661567e9383119f45fdf98d9b90b2fa5b929844","hashSHA256":"2a967af91491484b1bf574554003de36a01d94b00bc5c55f153dd95cdd4f295a","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230209)","Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","Bitdefender Internet Security (20230209)","COMODO Antivirus (20230209)","Dr.Web Security Space (20230209)","ESET Internet Security (20230209)","G DATA INTERNET SECURITY (20230209)","K7 Total Security (20230209)","Kaspersky Internet Security (20230209)","McAfee Total Protection (20230209)","Norton Security (20230209)","Panda Dome (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","VIPRE Advanced Security (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)","Windows Defender (20230209)"],"avAllowList":["Malwarebytes Premium (20230209)","Quick Heal Internet Security (20230209)","Trend Micro Internet Security (20230209)"]},{"isRevoked":"False","fileName":"seamonkey.g5255.exe","isInstaller":"True","fileVersion":"4.42","hashMD5":"7693d991ef8a6c43cfa1938c5c704665","hashSHA1":"9aa28288aadbf1a03879deac966ab2a81ac32e56","hashSHA256":"239c040659db0c306f7192607acebf9ab67545e95a1b2cf8d9dd8a1b23cea4c7","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230209)","Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","Bitdefender Internet Security (20230209)","COMODO Antivirus (20230209)","Dr.Web Security Space (20230209)","ESET Internet Security (20230209)","G DATA INTERNET SECURITY (20230209)","K7 Total Security (20230209)","Kaspersky Internet Security (20230209)","McAfee Total Protection (20230209)","Norton Security (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","VIPRE Advanced Security (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)","Windows Defender (20230209)"],"avAllowList":["Malwarebytes Premium (20230209)","Panda Dome (20230209)","Quick Heal Internet Security (20230209)","Trend Micro Internet Security (20230209)"]},{"isRevoked":"False","fileName":"secure-browser.g5255.exe","isInstaller":"True","fileVersion":"6.1","hashMD5":"4966f0fa89a53a683f68f4f116d29b62","hashSHA1":"c22c217781bf914e008306d844b05b48eaa8e4d4","hashSHA256":"5de157efa0fe0c67ba2d2d68a91c6a18fc620b35c25fbdc77bad376b5cbb8043","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230209)","Avast Premium Security (20230209)","AVG Internet Security (20230209)","Avira Internet Security (20230209)","Bitdefender Internet Security (20230209)","COMODO Antivirus (20230209)","Dr.Web Security Space (20230209)","ESET Internet Security (20230209)","G DATA INTERNET SECURITY (20230209)","K7 Total Security (20230209)","Kaspersky Internet Security (20230209)","Malwarebytes Premium (20230209)","McAfee Total Protection (20230209)","Norton Security (20230209)","Panda Dome (20230209)","Sophos Home Premium (20230209)","SpyHunter5 (20230209)","Total AV Antivirus Pro (20230209)","Trend Micro Internet Security (20230209)","VIPRE Advanced Security (20230209)","VirIT eXplorer PRO (20230209)","Webroot SecureAnywhere (20230209)","Windows Defender (20230209)"],"avAllowList":["Quick Heal Internet Security (20230209)"]},{"isRevoked":"False","fileName":"shareit.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f82f9ffd0f9869c765074a42ed6d6a84","hashSHA1":"15bef88f76f46c9dcd379ee6ff68ed0b79e0fd46","hashSHA256":"95360ea1128264dfdd1ed8814a22a78b1a7426855fc0e35ea3c97786f929631d","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230216)","Avast Premium Security (20230216)","AVG Internet Security (20230216)","Avira Internet Security (20230216)","Bitdefender Internet Security (20230216)","COMODO Antivirus (20230216)","Dr.Web Security Space (20230216)","ESET Internet Security (20230216)","G DATA INTERNET SECURITY (20230216)","K7 Total Security (20230216)","Kaspersky Internet Security (20230216)","Malwarebytes Premium (20230216)","McAfee Total Protection (20230216)","Norton Security (20230216)","Panda Dome (20230216)","Sophos Home Premium (20230216)","SpyHunter5 (20230216)","Total AV Antivirus Pro (20230216)","VIPRE Advanced Security (20230216)","VirIT eXplorer PRO (20230216)","Webroot SecureAnywhere (20230216)","Windows Defender (20230216)"],"avAllowList":["Quick Heal Internet Security (20230216)","Trend Micro Internet Security (20230216)"]},{"isRevoked":"False","fileName":"shareman.g5255.exe","isInstaller":"True","fileVersion":"102.3","hashMD5":"6dd77c6b59df99f3f20c5c5b36027c72","hashSHA1":"c8c3576eb334d8848434113ec272913de7a6ca77","hashSHA256":"e959d11cfda20fd8ac0caeceb89a4af1661e34cccd5f0e698e353dd0b78839db","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230216)","Avast Premium Security (20230216)","AVG Internet Security (20230216)","Avira Internet Security (20230216)","Bitdefender Internet Security (20230216)","COMODO Antivirus (20230216)","Dr.Web Security Space (20230216)","ESET Internet Security (20230216)","G DATA INTERNET SECURITY (20230216)","K7 Total Security (20230216)","Kaspersky Internet Security (20230216)","Malwarebytes Premium (20230216)","McAfee Total Protection (20230216)","Norton Security (20230216)","Panda Dome (20230216)","Quick Heal Internet Security (20230216)","Sophos Home Premium (20230216)","SpyHunter5 (20230216)","Total AV Antivirus Pro (20230216)","VIPRE Advanced Security (20230216)","VirIT eXplorer PRO (20230216)","Webroot SecureAnywhere (20230216)","Windows Defender (20230216)"],"avAllowList":["Trend Micro Internet Security (20230216)"]},{"isRevoked":"False","fileName":"skype.g5255.exe","isInstaller":"True","fileVersion":"8.49","hashMD5":"0d6c54e9f699ccd50ba941f56fbfe91b","hashSHA1":"0b0c83fc056346006fd3e8d29e04857f66466b0d","hashSHA256":"bdbf3383fb5f6df84a7d9d9378934de2605fd6a838d141ea5f65cf7bbcdc2fcb","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["Avast Premium Security (20230216)","AVG Internet Security (20230216)","Avira Internet Security (20230216)","Bitdefender Internet Security (20230216)","COMODO Antivirus (20230216)","Dr.Web Security Space (20230216)","ESET Internet Security (20230216)","G DATA INTERNET SECURITY (20230216)","K7 Total Security (20230216)","Kaspersky Internet Security (20230216)","Malwarebytes Premium (20230216)","McAfee Total Protection (20230216)","Norton Security (20230216)","Panda Dome (20230216)","Sophos Home Premium (20230216)","SpyHunter5 (20230216)","Total AV Antivirus Pro (20230216)","VIPRE Advanced Security (20230216)","VirIT eXplorer PRO (20230216)","Webroot SecureAnywhere (20230216)","Windows Defender (20230216)"],"avAllowList":["360 Total Security (20230216)","Quick Heal Internet Security (20230216)","Trend Micro Internet Security (20230216)"]},{"isRevoked":"False","fileName":"sony-vegas-pro.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"18bcc7ebfff8be8463b745a8841cc37c","hashSHA1":"278c5cadf6221923133f74881da1df47cafe3196","hashSHA256":"6d35f564d5a0d6363ca1f84d1d444dcc06c4f13dd45f65f4b13e0b762f9d4ba1","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230216)","Avast Premium Security (20230216)","AVG Internet Security (20230216)","Avira Internet Security (20230216)","Bitdefender Internet Security (20230216)","COMODO Antivirus (20230216)","Dr.Web Security Space (20230216)","ESET Internet Security (20230216)","G DATA INTERNET SECURITY (20230216)","K7 Total Security (20230216)","Kaspersky Internet Security (20230216)","Malwarebytes Premium (20230216)","McAfee Total Protection (20230216)","Norton Security (20230216)","Sophos Home Premium (20230216)","SpyHunter5 (20230216)","Total AV Antivirus Pro (20230216)","VIPRE Advanced Security (20230216)","VirIT eXplorer PRO (20230216)","Webroot SecureAnywhere (20230216)","Windows Defender (20230216)"],"avAllowList":["Panda Dome (20230216)","Quick Heal Internet Security (20230216)","Trend Micro Internet Security (20230216)"]},{"isRevoked":"False","fileName":"steam.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2e6823330865c8e4627f59cf8af08eb7","hashSHA1":"3a5a95ded27246fb8bd37f4fbdb903f6e29bf75e","hashSHA256":"f07d309e1371177993ad44aa47ff4d59d3f8a1048b80b658c9a966c84a7e205d","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230216)","Avast Premium Security (20230216)","AVG Internet Security (20230216)","Avira Internet Security (20230216)","Bitdefender Internet Security (20230216)","COMODO Antivirus (20230216)","Dr.Web Security Space (20230216)","ESET Internet Security (20230216)","G DATA INTERNET SECURITY (20230216)","K7 Total Security (20230216)","Kaspersky Internet Security (20230216)","Malwarebytes Premium (20230216)","McAfee Total Protection (20230216)","Norton Security (20230216)","Panda Dome (20230216)","Quick Heal Internet Security (20230216)","Sophos Home Premium (20230216)","SpyHunter5 (20230216)","Total AV Antivirus Pro (20230216)","VIPRE Advanced Security (20230216)","VirIT eXplorer PRO (20230216)","Webroot SecureAnywhere (20230216)","Windows Defender (20230216)"],"avAllowList":["Trend Micro Internet Security (20230216)"]},{"isRevoked":"False","fileName":"teamspeak.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"66abebb4c88dfdf2f70e6a55e5a7e436","hashSHA1":"d4b5a3b790dcb9a891d81f9808bb83cf7c286132","hashSHA256":"04fcb21257bebedaad867084c7c9ce207cc395b030e36794b1ab8b5ec234b01f","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["Avast Premium Security (20230216)","AVG Internet Security (20230216)","Avira Internet Security (20230216)","Bitdefender Internet Security (20230216)","COMODO Antivirus (20230216)","Dr.Web Security Space (20230216)","ESET Internet Security (20230216)","G DATA INTERNET SECURITY (20230216)","K7 Total Security (20230216)","Kaspersky Internet Security (20230216)","McAfee Total Protection (20230216)","Norton Security (20230216)","Sophos Home Premium (20230216)","SpyHunter5 (20230216)","Total AV Antivirus Pro (20230216)","VIPRE Advanced Security (20230216)","VirIT eXplorer PRO (20230216)","Webroot SecureAnywhere (20230216)","Windows Defender (20230216)"],"avAllowList":["360 Total Security (20230216)","Malwarebytes Premium (20230216)","Panda Dome (20230216)","Quick Heal Internet Security (20230216)","Trend Micro Internet Security (20230216)"]},{"isRevoked":"False","fileName":"teamviewer.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6b335eb57eb2a141a4234df30a90a22c","hashSHA1":"4f0ab0dd9275f7bbb13762589213163bea6faa86","hashSHA256":"c259b5a8fcf0a011c802f16d74ce5e4f12aff994c1ad5b30b5ee62d2df56c3a2","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230216)","Avast Premium Security (20230216)","AVG Internet Security (20230216)","Avira Internet Security (20230216)","Bitdefender Internet Security (20230216)","COMODO Antivirus (20230216)","Dr.Web Security Space (20230216)","ESET Internet Security (20230216)","G DATA INTERNET SECURITY (20230216)","K7 Total Security (20230216)","Kaspersky Internet Security (20230216)","Malwarebytes Premium (20230216)","McAfee Total Protection (20230216)","Norton Security (20230216)","Panda Dome (20230216)","Quick Heal Internet Security (20230216)","Sophos Home Premium (20230216)","SpyHunter5 (20230216)","Total AV Antivirus Pro (20230216)","VIPRE Advanced Security (20230216)","VirIT eXplorer PRO (20230216)","Webroot SecureAnywhere (20230216)","Windows Defender (20230216)"],"avAllowList":["Trend Micro Internet Security (20230216)"]},{"isRevoked":"False","fileName":"telegram-for-desktop.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c04014abab511edbcb0d3673a2ee9065","hashSHA1":"27b19dbd6828ff607c4ff54c470ef3c42488efc0","hashSHA256":"befcd7c218080d377e129e5c84147642f0d975dea4344a0c69819bb13fdcf10f","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230221)","Avast Premium Security (20230221)","AVG Internet Security (20230221)","Avira Internet Security (20230221)","Bitdefender Internet Security (20230221)","COMODO Antivirus (20230221)","Dr.Web Security Space (20230221)","ESET Internet Security (20230221)","G DATA INTERNET SECURITY (20230221)","K7 Total Security (20230221)","Kaspersky Internet Security (20230221)","Malwarebytes Premium (20230221)","McAfee Total Protection (20230221)","Norton Security (20230221)","Panda Dome (20230221)","Quick Heal Internet Security (20230221)","Sophos Home Premium (20230221)","SpyHunter5 (20230221)","Total AV Antivirus Pro (20230221)","VIPRE Advanced Security (20230221)","VirIT eXplorer PRO (20230221)","Webroot SecureAnywhere (20230221)","Windows Defender (20230221)"],"avAllowList":["Trend Micro Internet Security (20230221)"]},{"isRevoked":"False","fileName":"tiktok-for-pc.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0c997a2c26b39af5732303b6d9a89218","hashSHA1":"0b3cfb48d511949c705b8e5bc049a8a35b69fa85","hashSHA256":"6fc355404aa4f3dcca3451a98b3ea04a9f0d76987d0e302936dc6e24a4ee0043","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230221)","Avast Premium Security (20230221)","AVG Internet Security (20230221)","Avira Internet Security (20230221)","Bitdefender Internet Security (20230221)","COMODO Antivirus (20230221)","Dr.Web Security Space (20230221)","ESET Internet Security (20230221)","G DATA INTERNET SECURITY (20230221)","K7 Total Security (20230221)","Kaspersky Internet Security (20230221)","Malwarebytes Premium (20230221)","McAfee Total Protection (20230221)","Norton Security (20230221)","Panda Dome (20230221)","Quick Heal Internet Security (20230221)","Sophos Home Premium (20230221)","SpyHunter5 (20230221)","Total AV Antivirus Pro (20230221)","Trend Micro Internet Security (20230221)","VIPRE Advanced Security (20230221)","VirIT eXplorer PRO (20230221)","Webroot SecureAnywhere (20230221)","Windows Defender (20230221)"],"avAllowList":[]},{"isRevoked":"False","fileName":"tor-browser.g5255.exe","isInstaller":"True","fileVersion":"68.3","hashMD5":"c5622c637bd4a0208699e9256bcbed08","hashSHA1":"a598265c9be2f03084b579a5073730468ff3bb44","hashSHA256":"67528083556175ed15dace3ea32e8b72a3449b3c30eb32efa75691624d024c04","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230221)","Avast Premium Security (20230221)","AVG Internet Security (20230221)","Avira Internet Security (20230221)","Bitdefender Internet Security (20230221)","COMODO Antivirus (20230221)","Dr.Web Security Space (20230221)","ESET Internet Security (20230221)","G DATA INTERNET SECURITY (20230221)","K7 Total Security (20230221)","Kaspersky Internet Security (20230221)","Malwarebytes Premium (20230221)","McAfee Total Protection (20230221)","Norton Security (20230221)","Panda Dome (20230221)","Quick Heal Internet Security (20230221)","Sophos Home Premium (20230221)","SpyHunter5 (20230221)","Total AV Antivirus Pro (20230221)","VIPRE Advanced Security (20230221)","VirIT eXplorer PRO (20230221)","Webroot SecureAnywhere (20230221)","Windows Defender (20230221)"],"avAllowList":["Trend Micro Internet Security (20230221)"]},{"isRevoked":"False","fileName":"ummy-video-downloader.g5255.exe","isInstaller":"True","fileVersion":"1.10","hashMD5":"cf116c35d769d3b65d9944d25963756a","hashSHA1":"6fe757e5229316bcffe9393aba90c0c7bd5253a8","hashSHA256":"2be09228630b7f75b4a19326426571fede62508dff49c6ba9c35f7da9e3821c1","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230221)","Avast Premium Security (20230221)","AVG Internet Security (20230221)","Avira Internet Security (20230221)","Bitdefender Internet Security (20230221)","COMODO Antivirus (20230221)","Dr.Web Security Space (20230221)","ESET Internet Security (20230221)","G DATA INTERNET SECURITY (20230221)","K7 Total Security (20230221)","Kaspersky Internet Security (20230221)","Malwarebytes Premium (20230221)","McAfee Total Protection (20230221)","Norton Security (20230221)","Panda Dome (20230221)","Quick Heal Internet Security (20230221)","Sophos Home Premium (20230221)","SpyHunter5 (20230221)","Total AV Antivirus Pro (20230221)","VIPRE Advanced Security (20230221)","VirIT eXplorer PRO (20230221)","Webroot SecureAnywhere (20230221)","Windows Defender (20230221)"],"avAllowList":["Trend Micro Internet Security (20230221)"]},{"isRevoked":"False","fileName":"utorrent.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"69a1845ea787d70ef224e4722e2d6d42","hashSHA1":"3a56a77a0b6aeeba4e1234f4b6f8e797a5df012e","hashSHA256":"bf84f6d11c9064ffd485208ecd79c64f650b932057cff2d8ceb3447e42cc3e5a","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230223)","Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","Malwarebytes Premium (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":["Panda Dome (20230223)","Quick Heal Internet Security (20230223)","Trend Micro Internet Security (20230223)"]},{"isRevoked":"False","fileName":"vk-for-pc.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"623a325754a1617f4cf9cee7164146cd","hashSHA1":"6922dea9aa08db51051b9d7dbd431d2c8a709ba8","hashSHA256":"cf192f5855a3bd0a35348b5aff2640e70ab1bf09b333310819308a171546e7f0","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230223)","Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","Malwarebytes Premium (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Panda Dome (20230223)","Quick Heal Internet Security (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","Trend Micro Internet Security (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":[]},{"isRevoked":"False","fileName":"vlc-media-player.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"efce6192e24d042c924c888a82370f4d","hashSHA1":"28fb098b24f2b378b5969cf467b310f43fd3a09a","hashSHA256":"6a7d5a8ef18ee590198e140fd3f2507d44432f22d049169d1833d2846fceac60","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":["360 Total Security (20230223)","Malwarebytes Premium (20230223)","Panda Dome (20230223)","Quick Heal Internet Security (20230223)","Trend Micro Internet Security (20230223)"]},{"isRevoked":"False","fileName":"waterfox.g5255.exe","isInstaller":"True","fileVersion":"18.0","hashMD5":"6fb08ac8540da0fafa8dacabbc10af92","hashSHA1":"b80b6432d8b294545bcbf65d1b56c2cab1ad2a6e","hashSHA256":"ab42d8385a67b63e89d5f8ccec2b0e7fa2ab45f8d80f808b974d6c26deeeafbc","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230223)","Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","Malwarebytes Premium (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Panda Dome (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":["Quick Heal Internet Security (20230223)","Trend Micro Internet Security (20230223)"]},{"isRevoked":"False","fileName":"whatsapp.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"97ecb77de7d769daf036dfa4fb59d1a5","hashSHA1":"ff1b16dbfcd66b58e4c64b702e88556be178e180","hashSHA256":"7c4bb267863e17c7e57d60a6ff067d18da44a3af6b51c19aac5fba491b9bf9bc","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Panda Dome (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":["360 Total Security (20230223)","Malwarebytes Premium (20230223)","Quick Heal Internet Security (20230223)","Trend Micro Internet Security (20230223)"]},{"isRevoked":"False","fileName":"windscribe.g5255.exe","isInstaller":"True","fileVersion":"1.83","hashMD5":"1819c5f1bcb711c6812be17ea25b6a4b","hashSHA1":"a200df3d6ada1ed063ecc64d700c896824b59f6b","hashSHA256":"c6cbd6f5f70ef87185c45ef3d7393bad9fd6c88a5b66040214de0a8c76b5dc1f","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","Malwarebytes Premium (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":["360 Total Security (20230223)","Panda Dome (20230223)","Quick Heal Internet Security (20230223)","Trend Micro Internet Security (20230223)"]},{"isRevoked":"False","fileName":"zona.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ca2c18ad34c9e9697acd4e9e93e523e1","hashSHA1":"5a3f680460cc47c1f842da5c91527a4fe2126849","hashSHA256":"bda949bde560fa67476273a07130e6d0cb53361c118775e90cc36ae958d006f2","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230223)","Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Panda Dome (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":["Malwarebytes Premium (20230223)","Quick Heal Internet Security (20230223)","Trend Micro Internet Security (20230223)"]},{"isRevoked":"False","fileName":"zoom-client-for-conferences.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9dcfa6aa8fa4aac99fae793f4d92bbda","hashSHA1":"4eae72a18a2fff5861fa5dd886643d45e1f3d899","hashSHA256":"cfb6b19628c99c1490d2ee608c2ec4db6a9da8ae7c007f0f7a386cdd893da54e","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20230223)","Avast Premium Security (20230223)","AVG Internet Security (20230223)","Avira Internet Security (20230223)","Bitdefender Internet Security (20230223)","COMODO Antivirus (20230223)","Dr.Web Security Space (20230223)","ESET Internet Security (20230223)","G DATA INTERNET SECURITY (20230223)","K7 Total Security (20230223)","Kaspersky Internet Security (20230223)","Malwarebytes Premium (20230223)","McAfee Total Protection (20230223)","Norton Security (20230223)","Panda Dome (20230223)","Quick Heal Internet Security (20230223)","Sophos Home Premium (20230223)","SpyHunter5 (20230223)","Total AV Antivirus Pro (20230223)","VIPRE Advanced Security (20230223)","VirIT eXplorer PRO (20230223)","Webroot SecureAnywhere (20230223)","Windows Defender (20230223)"],"avAllowList":["Trend Micro Internet Security (20230223)"]},{"isRevoked":"False","fileName":"world-of-tanks.g5255.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"8ef115125032f619595d6d6f61e5a8fa","hashSHA1":"4fbb1d7068e9fe27a7c8e5e3f85a2446c0ea1666","hashSHA256":"c3fe5cb6e2213dea6d723e01c6682735c5806bbafc041a25996d96ddb4c319e3","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1295","avBlockList":["360 Total Security (20221206)","Avast Premium Security (20221206)","AVG Internet Security (20221206)","Avira Internet Security (20221206)","Bitdefender Internet Security (20221206)","COMODO Antivirus (20221206)","Dr.Web Security Space (20221206)","ESET Internet Security (20221206)","G DATA INTERNET SECURITY (20221206)","K7 Total Security (20221206)","Kaspersky Internet Security (20221206)","Malwarebytes Premium (20221206)","McAfee Total Protection (20221206)","Norton Security (20221206)","Panda Dome (20221206)","Quick Heal Internet Security (20221206)","Sophos Home Premium (20221206)","SpyHunter5 (20221206)","Total AV Antivirus Pro (20221206)","VIPRE Advanced Security (20221206)","VirIT eXplorer PRO (20221206)","Webroot SecureAnywhere (20221206)","Windows Defender (20221206)"],"avAllowList":["Trend Micro Internet Security (20221206)"]}],"additionalFiles":[],"sources":[{"howFound":"test an app from the download site","reference":"","landingPage":"https://appforwin.ru","ipv4":"","ipv6":"","sourceIndex":"1295"}],"sampleFiles":["221114/AppForWinDownloads-221111/5255/Samples/4k-video-downloader.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/adguard.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/adobe-flash-player.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/aimp.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/all-video-downloader.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/anydesk.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/artmoney-se.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/audacity.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/bandicam-screen-recorder.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/battle-net.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/bitcomet.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/bittorrent.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/cent-browser.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/cocoon.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/comodo-dragon.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/directx.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/discord.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/download-master.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/dropbox.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/epic-browser.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/fortnite.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/free-download-manager.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/free-vpn.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/google-chrome.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/hamachi.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/hotspot-shield.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/instagram-for-pc.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/internet-download-manager.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/k-lite-codec-pack.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/kmplayer.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/kodi.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/minecraft.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/mozilla-firefox.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/openvpn.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/pale-moon.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/pdf-to-jpg.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/potplayer.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/pubg.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/pubg-mobile.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/quicktime.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/safari.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/seamonkey.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/secure-browser.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/shareit.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/shareman.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/skype.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/sony-vegas-pro.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/steam.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/teamspeak.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/teamviewer.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/telegram-for-desktop.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/tiktok-for-pc.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/tor-browser.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/ummy-video-downloader.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/utorrent.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/vk-for-pc.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/vlc-media-player.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/waterfox.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/whatsapp.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/windscribe.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/zona.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/zoom-client-for-conferences.g5255.exe","221114/AppForWinDownloads-221111/5255/Samples/world-of-tanks.g5255.exe"],"imageFiles":["221114/AppForWinDownloads-221111/5255/Images/ACR-053/ACR-053_155_Offers.gif","221114/AppForWinDownloads-221111/5255/Images/ACR-055/Offer1.jpg","221114/AppForWinDownloads-221111/5255/Images/ACR-055/Offer2.jpg","221114/AppForWinDownloads-221111/5255/Images/ACR-055/Offer3.jpg","221114/AppForWinDownloads-221111/5255/Images/ACR-059/Offer1.jpg","221114/AppForWinDownloads-221111/5255/Images/ACR-059/Offer2.jpg","221114/AppForWinDownloads-221111/5255/Images/ACR-059/Offer3.jpg","221114/AppForWinDownloads-221111/5255/Images/ACR-155/ACR-053_155_Offers.gif"],"nonDeceptorImageFiles":[],"guid":"41a022aa-d5e4-49b5-adc0-97f1fd91e599_5255_1","appID":"AppForWinDownloads-221111","dateAdded":"221114","deceptorType":"App","name":"AppForWinDownloads","company":"LID LABS, OOO","version":"5255","sigName":"Deceptor:Win32/AppForWinDownloads!053055059155","lastKnownStatus":"5255","lastKnownDate":"221114","type":"Windows Executable","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-11-14T21:54:31.6884738+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1199},{"violations":{"ACR-010":"The website \"https://epicapps[.]ru\" distributes deceptors. The installers from this site are bundled with multiple tricky offers. Unrelated offers in the app should be marked as \"Optional Offer\" instead of \"Recommended additional software to install\". Furthermore, the Offers are designed to look like part of the install workflow and Accept/Decline options are not made obvious, misleading the consumers.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"searched similar sites appforwin.ru","reference":"","landingPage":"https://epicapps.ru","ipv4":"","ipv6":"","sourceIndex":"1328"}],"sampleFiles":[],"imageFiles":["221110/EpicApps-221110/221110/Images/ACR-010/Offer-1.jpg","221110/EpicApps-221110/221110/Images/ACR-010/Offer-2.jpg","221110/EpicApps-221110/221110/Images/ACR-010/Offer-3.jpg"],"nonDeceptorImageFiles":[],"guid":"83ec829e-f8be-40c6-8cd4-0203c61cda26_221110_1","appID":"EpicApps-221110","dateAdded":"221110","deceptorType":"Affiliate","name":"EpicApps","company":"epicapps.ru","version":"221110","sigName":"Deceptor:Affiliate/EpicAppsDotRu!010","lastKnownStatus":"221110","lastKnownDate":"221110","type":"Affiliate","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2022-11-11T05:48:47.381463+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1201},{"violations":{"ACR-103":"The app suggests cleaning up \"190 MB\" of junk/cache. After completing junk clean it says “190 MB Cleaned Up”,  in app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"190 MB\" of junk/cache. After completing junk clean it says “190 MB Cleaned Up”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.glgjing.vision.apk","isInstaller":"True","fileVersion":"9.2.0","hashMD5":"543e3eccf78d09868c2a7dc6283e40d6","hashSHA1":"996ee91c73fcea60cd9240d9e9d010109fb887d5","hashSHA256":"7f4d32fc89becc189e369997e3391d08a9df25eed0375b68ed8ca8553a824c58","sourceIndex":"1330","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.glgjing.vision","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.glgjing.vision","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.glgjing.vision","sourceIndex":"1330"}],"sampleFiles":["221110/PowerfulCleaner-221108/9.2.0/Samples/com.glgjing.vision.apk"],"imageFiles":["221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221110/PowerfulCleaner-221108/9.2.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"e93fe313-7f8b-46f5-aea4-4158439fde53_9.2.0_1","appID":"PowerfulCleaner-221108","dateAdded":"221110","deceptorType":"Android App","name":"Powerful Cleaner","company":"System monitor tools lab - Cpu Ram Battery","version":"9.2.0","lastKnownStatus":"9.2.0","lastKnownDate":"221110","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-11-10T23:26:13.5550792+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1200},{"violations":{"ACR-010":"The website \"https://appforwin[.]ru\" distributes deceptors. The installers from this site are bundled with multiple tricky offers. Unrelated offers in the app should be marked as \"Optional Offer\" instead of \"Recommended additional software to install\". Furthermore, the Offers are designed to look like part of the install workflow and Accept/Decline options are not made obvious, misleading the consumers.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"software download site","reference":"","landingPage":"https://appforwin.ru","ipv4":"","ipv6":"","sourceIndex":"1332"}],"sampleFiles":[],"imageFiles":["221110/AppForWin-221110/221110/Images/ACR-010/Offer-1.jpg","221110/AppForWin-221110/221110/Images/ACR-010/Offer-2.jpg","221110/AppForWin-221110/221110/Images/ACR-010/Offer-3.jpg"],"nonDeceptorImageFiles":[],"guid":"4bc97cbd-8a00-4e7a-afb4-43ba4ec62473_221110_1","appID":"AppForWin-221110","dateAdded":"221110","deceptorType":"Affiliate","name":"AppForWin","company":"appforwin.ru","version":"221110","sigName":"Deceptor:Affiliate/AppForWin!010","lastKnownStatus":"221110","lastKnownDate":"221110","type":"Affiliate","targetOS":"","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2022-11-10T23:22:26.6783155+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1202},{"violations":{"ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The Accept/Decline options are not made obvious to the consumer in the offers.\n","ACR-059":"Offers that are not related to the main app should be marked as \"Optional Offer\" instead of \"Recommended additional software to install\".\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"KMPlayer.exe","companyName":"PandoraTV","fileVersion":"4.2.2.70","hashMD5":"a38acb50593675eb031f2dd6632b18ec","hashSHA1":"b5520debaff8ab4f8e1a2c8bcbebfb8b6b841af9","hashSHA256":"5fa29e94a26b1e79c0673f7fc621fe960768d9e62571a3247755ce3de2cbd29e","digitalCertThumbprint":"96993661B66914702337AF98EEA353A7E8D5753A","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=\"PANDORATV Co.,Ltd\", O=\"PANDORATV Co.,Ltd\", L=Seongnam-si, S=Gyeonggi-do, C=KR","sourceIndex":"1335","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"kmplayer.g5255.exe","isInstaller":"True","productName":"KMPlayer 4.2  ","fileVersion":"4.2.2.43","hashMD5":"d20958fc5fd4a2cc42a19e94eef92af8","hashSHA1":"4a64f3c32b06149357f0baeaa424949b60d96ce9","hashSHA256":"5522a300256d136ef4b133af0c7cb69d781026c128e4a936dba3f8d15751d083","digitalCertThumbprint":"81075F6010EAEEC587BEC43A903979D19D7D1B12","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"LID LABS, OOO\", O=\"LID LABS, OOO\", STREET=d 27 litera B pom 22 proezd Tsentralny, L=Ivanteevka, PostalCode=141282, C=RU","sourceIndex":"1335","avBlockList":["360 Total Security (20221115)","Avira Internet Security (20221115)","COMODO Antivirus (20221115)","Dr.Web Security Space (20221115)","ESET Internet Security (20221115)","K7 Total Security (20221115)","Kaspersky Internet Security (20221115)","Malwarebytes Premium (20221115)","Norton Security (20221115)","Sophos Home Premium (20221115)","SpyHunter5 (20221115)","Total AV Antivirus Pro (20221115)","VirIT eXplorer PRO (20221115)","Webroot SecureAnywhere (20221115)","Windows Defender (20221115)"],"avAllowList":["Avast Premium Security (20221115)","AVG Internet Security (20221115)","Bitdefender Internet Security (20221115)","G DATA INTERNET SECURITY (20221115)","McAfee Total Protection (20221115)","Panda Dome (20221115)","Quick Heal Internet Security (20221115)","Trend Micro Internet Security (20221115)","VIPRE Advanced Security (20221115)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Media players ","reference":"","landingPage":"https://appforwin.ru/en/catalog/multimedia/video/kmplayer","directDownloadingLink":"https://files.appforwin.ru/wredirect/?u=7b2275746d5f736f75726365223a22646972656374222c2275746d5f6d656469756d223a22637063222c2275746d5f63616d706169676e223a226b6d706c61796572227d&file=kmplayer","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.appforwin.ru/wredirect/?u=7b2275746d5f736f75726365223a22646972656374222c2275746d5f6d656469756d223a22637063222c2275746d5f63616d706169676e223a226b6d706c61796572227d&file=kmplayer","sourceIndex":"1335"}],"sampleFiles":["221109/KMPlayer-221109/4.2.2.43/Samples/KMPlayer.exe","221109/KMPlayer-221109/4.2.2.43/Samples/kmplayer.g5255.exe"],"imageFiles":["221109/KMPlayer-221109/4.2.2.43/Images/ACR-053/ACR_053_155_Offers.gif","221109/KMPlayer-221109/4.2.2.43/Images/ACR-055/KMOffer_1.jpg","221109/KMPlayer-221109/4.2.2.43/Images/ACR-055/KMOffer_2.jpg","221109/KMPlayer-221109/4.2.2.43/Images/ACR-055/KMOffer_3.jpg","221109/KMPlayer-221109/4.2.2.43/Images/ACR-059/KMOffer_1.jpg","221109/KMPlayer-221109/4.2.2.43/Images/ACR-059/KMOffer_2.jpg","221109/KMPlayer-221109/4.2.2.43/Images/ACR-059/KMOffer_3.jpg","221109/KMPlayer-221109/4.2.2.43/Images/ACR-155/ACR_053_155_Offers.gif"],"nonDeceptorImageFiles":[],"guid":"97a0d848-c05d-4c5c-8fcf-de3bff63bb83_4.2.2.43_1","appID":"KMPlayer-221109","dateAdded":"221109","deceptorType":"App","name":"KMPlayer","company":"PandoraTV","version":"4.2.2.43","lastKnownStatus":"4.2.2.43","lastKnownDate":"221109","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2022-11-09T22:30:25.7671386+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1203},{"violations":{"ACR-103":"The app suggests cleaning up \"125 MB\" of junk/cache. After completing junk clean it says “CLEANED 125 MB”,  in app settings it displays same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"125 MB\" of junk/cache. After completing junk clean it says “CLEANED 125 MB”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.satyam.mobile.antivirus.cleaner.apk","isInstaller":"True","fileVersion":"6.0","hashMD5":"b1555f443f3cf2b0d1c25d6da09fd824","hashSHA1":"d77d620a698aaca225b2a36c089692b206e5d313","hashSHA256":"df27a06123fed8dbc52a13032b31d24cc7208c1a76282458f10b6f954adf38c3","sourceIndex":"1336","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.satyam.mobile.antivirus.cleaner","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.satyam.mobile.antivirus.cleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.satyam.mobile.antivirus.cleaner","sourceIndex":"1336"}],"sampleFiles":["221107/PowerfulCleanerBooster-221104/6.0/Samples/com.satyam.mobile.antivirus.cleaner.apk"],"imageFiles":["221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221107/PowerfulCleanerBooster-221104/6.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"20c207e4-6968-42e1-a8c0-f62c9f88e259_6.0_1","appID":"PowerfulCleanerBooster-221104","dateAdded":"221107","deceptorType":"Android App","name":"Powerful Cleaner - Booster","company":"Satyam Mobile Infotech","version":"6.0","lastKnownStatus":"6.0","lastKnownDate":"221107","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-11-07T19:19:06.2223658+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1204},{"violations":{"ACR-048":"The app installs itself in a hidden folder %Appdata%\\Roaming by default. It also creates a startup entry without the user's knowledge and consent and does not provide setting control in the app to disable it. \n","ACR-084":"The app runs silently in the background and runs in the system tray immediately after installation hiding the fact that it is active from the consumer. It also creates a startup entry without the user's knowledge and consent. \"Quit\" only close the app and remove it from systray, but the process is still running in background, which potentially collects system's usage data including IP, browsing activities (Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.)\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app installs itself in a hidden folder %Appdata%\\Roaming.\n","ACR-065":"The app does not display link to the Privacy Policy at install.\n"},"samples":[{"isRevoked":"False","fileName":"CRaccoon CRApp.exe","companyName":"CRaccoon","productName":"Clean Trash Panda","fileVersion":"1.5.0.0","hashMD5":"79be560355cc3e57001b77f170354397","hashSHA1":"e02f59adccd5d5b66c66adba744d80cc4d0ddc6e","hashSHA256":"fdf82def2a5d0ca45e302292598ed0e55661b04ebad1b38c421ba5639489966a","digitalCertThumbprint":"D369ACE5F2B6FB169FAF82E2C5B6319416EB2D1D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=contact@waterfall-technology.com, CN=Waterfall Technology LTD, O=Waterfall Technology LTD, STREET=71-75 Shelton Street, L=London, S=Greater London, C=GB, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=12560959, OID.2.5.4.15=Private Organization","sourceIndex":"1337","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"craccoon_setup_1.0.exe","isInstaller":"True","companyName":"Waterfall Technology LTD                                    ","productName":"CRACCOON ","fileVersion":"0.0","hashMD5":"47ae23d3b5c6fe2d2eeb5e9ccf0f9e32","hashSHA1":"43284dd1eae7a13f8c7011a8f4baab5ba75f4b78","hashSHA256":"6a9aa157a6d8d45d6741e9fa86ba132debb955493f8b3c9513c8587c303d4774","digitalCertThumbprint":"D369ACE5F2B6FB169FAF82E2C5B6319416EB2D1D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=contact@waterfall-technology.com, CN=Waterfall Technology LTD, O=Waterfall Technology LTD, STREET=71-75 Shelton Street, L=London, S=Greater London, C=GB, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=12560959, OID.2.5.4.15=Private Organization","sourceIndex":"1337","avBlockList":["360 Total Security (20221110)","Avast Premium Security (20221110)","AVG Internet Security (20221110)","Avira Internet Security (20221110)","Bitdefender Internet Security (20221110)","COMODO Antivirus (20221110)","Dr.Web Security Space (20221110)","K7 Total Security (20221110)","Kaspersky Internet Security (20221110)","Malwarebytes Premium (20221110)","McAfee Total Protection (20221110)","Norton Security (20221110)","Panda Dome (20221110)","Sophos Home Premium (20221110)","SpyHunter5 (20221110)","Total AV Antivirus Pro (20221110)","VIPRE Advanced Security (20221110)","VirIT eXplorer PRO (20221110)","Webroot SecureAnywhere (20221110)"],"avAllowList":["ESET Internet Security (20221110)","G DATA INTERNET SECURITY (20221110)","Quick Heal Internet Security (20221110)","Trend Micro Internet Security (20221110)","Windows Defender (20221110)"]}],"additionalFiles":[],"sources":[{"howFound":"searched in google","reference":"","landingPage":"https://www.craccoon.com/","directDownloadingLink":"https://www.craccoon.com/file/craccoon_setup_1.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.craccoon.com/file/craccoon_setup_1.0.exe","sourceIndex":"1337"},{"howFound":"","reference":"","landingPage":"https://www.updatestar.com/de/directdownload/craccoon/2471817","directDownloadingLink":"https://www.craccoon.com/file/craccoon_setup_1.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.craccoon.com/file/craccoon_setup_1.0.exe","sourceIndex":"1338"}],"sampleFiles":["221103/CRaccoon-221103/1.5.0.0/Samples/CRaccoon CRApp.exe","221103/CRaccoon-221103/1.5.0.0/Samples/craccoon_setup_1.0.exe"],"imageFiles":["221103/CRaccoon-221103/1.5.0.0/Images/ACR-084/ACR-084_BackgroundProcess.jpg","221103/CRaccoon-221103/1.5.0.0/Images/ACR-084/ACR-084_Startup.jpg","221103/CRaccoon-221103/1.5.0.0/Images/ACR-048/ACR-048_HiddenFolder.jpg","221103/CRaccoon-221103/1.5.0.0/Images/ACR-048/ACR-084_048_Startup.jpg"],"nonDeceptorImageFiles":["221103/CRaccoon-221103/1.5.0.0/Images/ACR-040/ACR-040_HiddenFolder.jpg","221103/CRaccoon-221103/1.5.0.0/Images/ACR-065/ACR-065_PP.jpg"],"guid":"5f0d0d33-bfe9-42f0-bc5d-6297d087eaa1_1.5.0.0_1","appID":"CRaccoon-221103","dateAdded":"221103","deceptorType":"App","name":"CRaccoon","company":"Waterfall Technology LTD","version":"1.5.0.0","lastKnownStatus":"1.5.0.0","lastKnownDate":"221103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none,sold in bundle","lastUpdate":"2022-11-03T22:15:53.7058213+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1206},{"violations":{"ACR-103":"The app suggests cleaning up \"82.75 MB\" of junk/cache. After completing junk clean it says “CLEANED 82.75 MB”,  in app settings it displays same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"82.75 MB\" of junk/cache. After completing junk clean it says “CLEANED 82.75 MB”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.powerful.cleaner.apk","isInstaller":"True","fileVersion":"3.1.9","hashMD5":"e57daaa07eed9108f5a802e431ae8df5","hashSHA1":"8a43ceb69c76f5095da52a5d7775c41d79fe688f","hashSHA256":"0efe3d2a2c542e248b2d5b5f4d5321cfb95037b079bdf4547075f30b19a96d27","sourceIndex":"1341","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on android app","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.powerful.cleaner","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.powerful.cleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.powerful.cleaner","sourceIndex":"1341"}],"sampleFiles":["221103/PowerfulCleanerBoostClean-221103/3.1.9/Samples/com.powerful.cleaner.apk"],"imageFiles":["221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg","221103/PowerfulCleanerBoostClean-221103/3.1.9/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg"],"nonDeceptorImageFiles":[],"guid":"edb51b44-92b5-4457-9fa2-6c99e0ce3a8f_3.1.9_1","appID":"PowerfulCleanerBoostClean-221103","dateAdded":"221103","deceptorType":"Android App","name":"Powerful Cleaner Boost & Clean","company":"Powerful cleaner dev","version":"3.1.9","lastKnownStatus":"3.1.9","lastKnownDate":"221103","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,display ads,inject ads","lastUpdate":"2022-11-03T20:07:22.6688284+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1205},{"violations":{"ACR-003":"App exaggerates free scan results with alarming colors and listed invalid empty registry keys as problems and errors.\n","ACR-004":"The app only fixes 25 issues for free and upsells the product to complete the fix for remaining problems. It exaggerates free scan results with alarming colors and listed invalid empty registry keys as problems and errors.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"1-Click PC Fix Cleanup.exe","fileVersion":"0.0","hashMD5":"91cfd32e65d8b0ece2d31080f0fac901","hashSHA1":"8d469eb582d51b53a67d21cdd2e7becfe6d4be50","hashSHA256":"def30cec562725d7d820f42b49bb581849b46198ffc7fc9d418660aa570bded8","digitalCertThumbprint":"2E70674C9634EC0A7BE1FBDED0ADDB0F194285FF","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Neurosoft Tech Private Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Neurosoft Tech Private Limited, L=Delhi, S=Delhi, C=IN","sourceIndex":"288","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"1-Click PC Fix.exe","fileVersion":"5.0","hashMD5":"e9c5c8f0cb5884ec4ecd608985813017","hashSHA1":"5ed3e4612c814183585627702f9dce9c3fcd1d3f","hashSHA256":"27b13dc025427df1744c89a3e59a55efbd120b72767e9eebbf532a66891e11bd","digitalCertThumbprint":"DB9C3EFAFFD0330408355D07F5F0F74CFAEE1842","digitalCertIssuer":"CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US","digitalCertIssuedTo":"CN=Neurosoft, O=Neurosoft, STREET=\"H-15, Sector 22\", L=Noida, S=Uttar Pradesh, PostalCode=201301, C=IN","sourceIndex":"288","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"1ClickPCfix.exe","isInstaller":"True","companyName":"1ClickPCFix.com                                             ","fileVersion":"0.0","hashMD5":"11f40f467aacd9f4115a5e2391e9b29a","hashSHA1":"2ebed9e22402fb34c24ba3ab0637c51bcf5de9c1","hashSHA256":"c006c99d8e88187da431c262915aaa2d0faf662ea01b351898493d2682967c57","digitalCertThumbprint":"070A1363B950BAB105531C6E73459558A3EAED69","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=eSellerate, OU=SECURE APPLICATION DEVELOPMENT, O=eSellerate, L=Lincoln, S=Nebraska, C=US","sourceIndex":"288","avBlockList":["360 Total Security (20221110)","Avast Premium Security (20221110)","AVG Internet Security (20221110)","Avira Internet Security (20221110)","Bitdefender Internet Security (20221110)","COMODO Antivirus (20221110)","Dr.Web Security Space (20221110)","ESET Internet Security (20221110)","G DATA INTERNET SECURITY (20221110)","K7 Total Security (20221110)","Kaspersky Internet Security (20221110)","McAfee Total Protection (20221110)","Norton Security (20221110)","Panda Dome (20221110)","Quick Heal Internet Security (20221110)","Sophos Home Premium (20221110)","SpyHunter5 (20221110)","Total AV Antivirus Pro (20221110)","VIPRE Advanced Security (20221110)","VirIT eXplorer PRO (20221110)","Webroot SecureAnywhere (20221110)"],"avAllowList":["Malwarebytes Premium (20221110)","Trend Micro Internet Security (20221110)","Windows Defender (20221110)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Pc Fix","reference":"","landingPage":"https://1-click-pc-fix.de.malavida.com/windows/","directDownloadingLink":"https://1-click-pc-fix.de.malavida.com/windows/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://1-click-pc-fix.de.malavida.com/windows/download","sourceIndex":"288"}],"sampleFiles":["221102/1ClickPCFix-221102/5.0.0.61/Samples/1-Click PC Fix Cleanup.exe","221102/1ClickPCFix-221102/5.0.0.61/Samples/1-Click PC Fix.exe","221102/1ClickPCFix-221102/5.0.0.61/Samples/1ClickPCfix.exe"],"imageFiles":["221102/1ClickPCFix-221102/5.0.0.61/Images/ACR-004/ACR-003_004_Exaggeration.jpg","221102/1ClickPCFix-221102/5.0.0.61/Images/ACR-004/ACR-004_IncompleteFix.jpg","221102/1ClickPCFix-221102/5.0.0.61/Images/ACR-003/ACR-003_004_Exaggeration.jpg"],"nonDeceptorImageFiles":[],"guid":"6f9ce6cb-f00a-412b-8d03-cfb7ac8d7a96_5.0.0.61_1","appID":"1ClickPCFix-221102","dateAdded":"221102","deceptorType":"App","name":"1Click PC Fix","company":"1ClickPCFix.com","version":"5.0.0.61","lastKnownStatus":"5.0.0.61","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-12-12T23:13:59.3120204+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1207},{"violations":{"ACR-006":"The call center is not clearly attributed (who is the call center service provider).\nThe call center in the Internal Offer is not clearly attributed (who is the call center service provider).\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable MSFT partner logo as if Microsoft is endorsing the app. \nThe Internal offer elevates its consumer trust level by displaying unverifiable MSFT partner logo as if Microsoft is endorsing the app. \n","ACR-014":"1. The App's value proposition for real-time protection and and prevention against latest spyware could not be verified. It only detects one of 20 samples of malware and published deceptor samples and leaves the installer unremoved.\n2. It does not update its scan results.\n"},"nonDeceptorViolations":{"ACR-150":"The Internal Offer displays unverifiable MSFT Partner logo, as if Microsoft is endorsing the app.\n","ACR-017":"The Landing page elevates its consumer trust level by displaying unverifiable MSFT partner logo as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"PCPSAntimalware.exe","companyName":"Crawler Group, LLC","productName":"PC Power Speed Antimalware","fileVersion":"1.2.0.103","hashMD5":"2178112d2b700ecdfd94867d7fd158f1","hashSHA1":"ed2a99962279e3e577a257c4c792130de35b4e7c","hashSHA256":"76b3438d94fc13b996305e44606be748443ff44287d58e505119bc231d60ed82","digitalCertThumbprint":"EF0A9B74CAC323619979D23997A52E6293FEBE8B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Crawler Group, LLC\", O=\"Crawler Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"1345","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCPSAntimalwareSetup.exe","isInstaller":"True","companyName":"Crawler Group                                               ","productName":"PC Power Speed Antimalware","fileVersion":"1.2.0.103","hashMD5":"2b24b84715873174c4a6e17b1f74eb8c","hashSHA1":"b90938563a3f87ab9e55764eeb74a0e7d1f274ef","hashSHA256":"3517a5d47b7662c3b7bcc24d30ef3273efee725bbb9ffe659a207708ae928e8b","digitalCertThumbprint":"EF0A9B74CAC323619979D23997A52E6293FEBE8B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Crawler Group, LLC\", O=\"Crawler Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"1345","avBlockList":["360 Total Security (20221103)","Avast Premium Security (20221103)","AVG Internet Security (20221103)","Avira Internet Security (20221103)","COMODO Antivirus (20221103)","Dr.Web Security Space (20221103)","G DATA INTERNET SECURITY (20221103)","K7 Total Security (20221103)","Kaspersky Internet Security (20221103)","Malwarebytes Premium (20221103)","McAfee Total Protection (20221103)","Norton Security (20221103)","Panda Dome (20221103)","Quick Heal Internet Security (20221103)","Sophos Home Premium (20221103)","SpyHunter5 (20221103)","Total AV Antivirus Pro (20221103)","VirIT eXplorer PRO (20221103)","Webroot SecureAnywhere (20221103)"],"avAllowList":["Bitdefender Internet Security (20221103)","ESET Internet Security (20221103)","Trend Micro Internet Security (20221103)","VIPRE Advanced Security (20221103)","Windows Defender (20221103)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: apps from crawler group","reference":"","landingPage":"https://antimalware.pcpowerspeed.com/Default.aspx","directDownloadingLink":"https://antimalware.pcpowerspeed.com/dnl/config/145/PCPSAntimalwareSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://antimalware.pcpowerspeed.com/dnl/config/145/PCPSAntimalwareSetup.exe","sourceIndex":"1345"}],"sampleFiles":["221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Samples/PCPSAntimalware.exe","221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Samples/PCPSAntimalwareSetup.exe"],"imageFiles":["221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-006/ACR-006_Software.jpg","221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-014/ACR-014_Software.mp4","221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-017/ACR-017_Software.jpg","221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-006/ACR-006_Internal_Offer_2.jpg","221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-006/ACR-006_InternalOffer_1.jpg","221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-017/PCPSAntimalware_InternalOffer.jpeg"],"nonDeceptorImageFiles":["221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-006/ACR-006_LandingPage.jpg","221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-017/ACR-017_LandingPage.jpg","221031/PCPowerSpeedAntimalware-221028/1.2.0.103/Images/ACR-150/PCPSAntimalware_InternalOffer.jpeg"],"guid":"a0b979b1-a31a-4fef-abaa-1dad80a6d81d_1.2.0.103_1","appID":"PCPowerSpeedAntimalware-221028","dateAdded":"221031","deceptorType":"App","name":"PC PowerSpeed Antimalware","company":"Crawler Group, LLC","version":"1.2.0.103","lastKnownStatus":"1.2.0.103","lastKnownDate":"221031","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-10-31T21:14:52.2839291+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1208},{"violations":{"ACR-010":"The apps from \"https://asoftwareplus.com\" distribute deceptor applications. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://asoftwareplus.com","ipv4":"","ipv6":"","sourceIndex":"1346"}],"sampleFiles":[],"imageFiles":["221028/ASoftwarePlus-221028/221028/Images/ACR-010/ACR-010_1.JPG"],"nonDeceptorImageFiles":[],"guid":"d4160161-613f-4462-875a-9c850a7d6d31_221028_1","appID":"ASoftwarePlus-221028","dateAdded":"221028","deceptorType":"Affiliate","name":"A Software Plus","company":"A Software Plus","version":"221028","sigName":"Deceptor:Affiliate/Asoftwareplus_com!010","lastKnownStatus":"221028","lastKnownDate":"221028","type":"Affiliate","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-10-28T18:26:19.90593+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1209},{"violations":{"ACR-006":"The call center is not clearly attributed (who is the call center service provider)\nThe call center in the Internal offer page is not clearly attributed (who is the call center service provider)\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable MSFT partner logo as if Microsoft is endorsing the app.\nThe Internal offer elevates its consumer trust level by displaying unverifiable MSFT partner logo as if Microsoft is endorsing the app.\n","ACR-085":"The app collects logs from the user's system by default without the user's knowledge and consent.\n\n","ACR-055":"Accept and decline for the optional offer must be obvious. Unchecking the preselected Web Security Guard installation is not a straightforward option for decline.\n\n","ACR-059":"Offer is not clearly mark as optional offer. The offer looks like part of the installation.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe Landing page has no link or information that shows how it can be uninstalled. \nThe Internal offer page has no link or information that shows how it can be uninstalled. \n","ACR-150":"The Internal Offer displays unverifiable MSFT Partner logo, as if Microsoft is endorsing the app.\n","ACR-017":"Landing page displays multiple endorsements/certification that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"SpywareTerminator.exe","companyName":"Crawler Group, LLC","fileVersion":"3.0","hashMD5":"73cad41fd3a7c7f11c9b9839a9294452","hashSHA1":"136adbc0609198870c3150dcee390ae5180b720a","hashSHA256":"4cf350ca02e524e5b16e5111a8585f968d49a9505b61e674de46e806706eef57","digitalCertThumbprint":"EF0A9B74CAC323619979D23997A52E6293FEBE8B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Crawler Group, LLC\", O=\"Crawler Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"289","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpywareTerminatorSetup.exe","isInstaller":"True","companyName":"Crawler Group                                               ","fileVersion":"3.0","hashMD5":"58a854103d57d3c083973129822b2260","hashSHA1":"c7a4758accf11e1defc9620563cdab99496cfd12","hashSHA256":"a0e033157f45abffdc382d3d93944a3c19726c5146cecdb307253e52316b8b48","digitalCertThumbprint":"EF0A9B74CAC323619979D23997A52E6293FEBE8B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Crawler Group, LLC\", O=\"Crawler Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"289","avBlockList":["Avast Premium Security (20221101)","AVG Internet Security (20221101)","Avira Internet Security (20221101)","COMODO Antivirus (20221101)","Dr.Web Security Space (20221101)","G DATA INTERNET SECURITY (20221101)","K7 Total Security (20221101)","Kaspersky Internet Security (20221101)","Malwarebytes Premium (20221101)","McAfee Total Protection (20221101)","Norton Security (20221101)","Panda Dome (20221101)","Quick Heal Internet Security (20221101)","Sophos Home Premium (20221101)","SpyHunter5 (20221101)","Total AV Antivirus Pro (20221101)","VirIT eXplorer PRO (20221101)"],"avAllowList":["360 Total Security (20221101)","Bitdefender Internet Security (20221101)","ESET Internet Security (20221101)","Trend Micro Internet Security (20221101)","VIPRE Advanced Security (20221101)","Webroot SecureAnywhere (20221101)","Windows Defender (20221101)"]},{"isRevoked":"False","fileName":"SpywareTerminatorShield.exe","companyName":"Crawler Group, LLC","fileVersion":"3.0","hashMD5":"5ac97b0aabb6326348cc99133c78cb3f","hashSHA1":"ef15a7eec6db722f6d2793642358ad62e8279608","hashSHA256":"2160a3082b4b118f6db8b063b4c785f0a782ea17056e961aac1f694edd62a5c9","digitalCertThumbprint":"EF0A9B74CAC323619979D23997A52E6293FEBE8B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Crawler Group, LLC\", O=\"Crawler Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"289","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpywareTerminatorUpdate.exe","companyName":"Crawler Group, LLC","fileVersion":"3.0","hashMD5":"c08aaee1e0606301ff4d47affa8a3c66","hashSHA1":"80207abff1586fc18e240d5b18c5ab94ac920b28","hashSHA256":"7541dc13e9e2f13ce6f393a43c1abf710f52a26f96dcca631f730bf6683dd900","digitalCertThumbprint":"EF0A9B74CAC323619979D23997A52E6293FEBE8B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Crawler Group, LLC\", O=\"Crawler Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"289","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: security software","reference":"","landingPage":"https://www.spywareterminator.com/Default.aspx","directDownloadingLink":"https://www.spywareterminator.com/dnl/config/170/SpywareTerminatorSetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.spywareterminator.com/dnl/config/170/SpywareTerminatorSetup.exe","sourceIndex":"289"},{"howFound":"","reference":"","landingPage":"https://www.pcrx.com/spywareterminator/ ","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"290"}],"sampleFiles":["221027/SpywareTerminator2015-221027/3.0.1.112/Samples/SpywareTerminator.exe","221027/SpywareTerminator2015-221027/3.0.1.112/Samples/SpywareTerminatorSetup.exe","221027/SpywareTerminator2015-221027/3.0.1.112/Samples/SpywareTerminatorShield.exe","221027/SpywareTerminator2015-221027/3.0.1.112/Samples/SpywareTerminatorUpdate.exe"],"imageFiles":["221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-055/ACR_055_059_065_Optional_Offer.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-085/ACR-085_Software.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-006/ACR-006_Call_Center.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-017/ACR-017_MSFT_Logo.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-059/ACR_055_059_065_Optional_Offer.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-006/ACR-006_InternalOffer.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-006/ACR-006_InternalOffer-2.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-017/SpywareTerminator_InternalOffer.jpeg"],"nonDeceptorImageFiles":["221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-099/SpywareTerminator_About.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-099/SpywareTerminator_LandingPage.jpeg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-006/ACR-006_LandingPage-1.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-006/ACR-006_LandingPage-2.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-017/ACR-017_LandingPage.jpg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-017/SpywareTerminator_LandingPage.jpeg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-150/SpywareTerminator_InternalOffer.jpeg","221027/SpywareTerminator2015-221027/3.0.1.112/Images/ACR-099/SpywareTerminator_InternalOffer.jpeg"],"guid":"5951b986-729d-4c8a-90ad-c4d22224fd0b_3.0.1.112_1","appID":"SpywareTerminator2015-221027","dateAdded":"221027","deceptorType":"App","name":"Spyware Terminator 2015","company":"Crawler Group, LLC","version":"3.0.1.112","lastKnownStatus":"3.0.1.112","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,paid","lastUpdate":"2024-12-12T21:55:02.4347652+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1210},{"violations":{"ACR-004":"The app does not provide free fixes for free scans. User is prompted to pay for subscription to clean the system\n"},"nonDeceptorViolations":{"ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n"},"samples":[{"isRevoked":"False","fileName":"Adware X-Out","fileVersion":"0.","hashMD5":"f8d271feccb6a84c05812ac5b74fda53","hashSHA1":"ea573242425452af2fba8861dbe5c96e49814863","hashSHA256":"7fe62408b500de72536c66a663cef8abcecd7d218c78a5c4d856aad2fd817f4c","sourceIndex":"1348","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaning app via app store","reference":"","landingPage":"https://x-out.cyberintellsolution.com/","directDownloadingLink":"https://apps.apple.com/ph/app/adware-x-out-browser-cleaner/id1514991871?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/adware-x-out-browser-cleaner/id1514991871?mt=12","sourceIndex":"1348"}],"sampleFiles":["221027/AdwareXOut-220929/1.0.5/Samples/Adware X-Out"],"imageFiles":["221027/AdwareXOut-220929/1.0.5/Images/ACR-004/USE_AdwarePurchase.png","221027/AdwareXOut-220929/1.0.5/Images/ACR-004/USE_ScanAlert2.png","221027/AdwareXOut-220929/1.0.5/Images/ACR-004/USE_ScanChange.gif","221027/AdwareXOut-220929/1.0.5/Images/ACR-004/USE_ScanComplete.png"],"nonDeceptorImageFiles":["221027/AdwareXOut-220929/1.0.5/Images/ACR-170/USE_AdwarePurchase.png","221027/AdwareXOut-220929/1.0.5/Images/ACR-170/USE_Page2.png","221027/AdwareXOut-220929/1.0.5/Images/ACR-170/USE_ScanComplete.png"],"guid":"2494b998-edc0-4a22-86ad-ae391c34365f_1.0.5_1","appID":"AdwareXOut-220929","dateAdded":"221027","deceptorType":"MacOS App","name":"AdwareX-Out","company":"Cyber Intell Solution LLC","version":"1.0.5","sigName":"Deceptor:MacOS/AdwareX-Out!004","lastKnownStatus":"1.0.5","lastKnownDate":"221027","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"Chrome,Firefox,Safari","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,in-app purchases","lastUpdate":"2022-10-28T05:13:55.9511164+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1213},{"violations":{"ACR-004":"The app does not provide free fixes for the items found during free scan. It requires a payment for a one time clean, or a full upgrade for continuous cleaning.\n"},"nonDeceptorViolations":{"ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n"},"samples":[{"isRevoked":"False","fileName":"Antivirus X-Out","fileVersion":"0.","hashMD5":"e8e18acc86b1506235f9745ae14b526d","hashSHA1":"1f4f9c2ef35ac5c8673ab89f01bbdc05affdc0f2","hashSHA256":"338dffde32afb2f6380c74078a60d503406589319094de661bda7291128ff82e","sourceIndex":"1347","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaning app via app store","reference":"","landingPage":"https://x-out.cyberintellsolution.com/","directDownloadingLink":"https://apps.apple.com/ph/app/antivirus-x-out-anti-virus/id1486746537?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/antivirus-x-out-anti-virus/id1486746537?mt=12","sourceIndex":"1347"}],"sampleFiles":["221027/AntiVirusXOutAntivirus-220929/1.5.6/Samples/Antivirus X-Out"],"imageFiles":["221027/AntiVirusXOutAntivirus-220929/1.5.6/Images/ACR-004/SCAN_PurchaseAlert.gif","221027/AntiVirusXOutAntivirus-220929/1.5.6/Images/ACR-004/USE_Buying1.png","221027/AntiVirusXOutAntivirus-220929/1.5.6/Images/ACR-004/USE_OneTimeClean.png","221027/AntiVirusXOutAntivirus-220929/1.5.6/Images/ACR-004/USE_PurchasePage.png"],"nonDeceptorImageFiles":["221027/AntiVirusXOutAntivirus-220929/1.5.6/Images/ACR-170/SCAN_PurchaseAlert.gif","221027/AntiVirusXOutAntivirus-220929/1.5.6/Images/ACR-170/USE_ScanComplete.png","221027/AntiVirusXOutAntivirus-220929/1.5.6/Images/ACR-170/USE_Scanning1.png"],"guid":"c2be5d0d-a3ad-4f3d-8b65-03d2ec2ed637_1.5.6_1","appID":"AntiVirusXOutAntivirus-220929","dateAdded":"221027","deceptorType":"MacOS App","name":"AntiVirusX-Out","company":"Cyber Intell Solution LLC","version":"1.5.6","sigName":"Deceptor:MacOS/AntiVirusX-Out!004","lastKnownStatus":"1.5.6","lastKnownDate":"221027","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:48.509696+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1212},{"violations":{"ACR-103":"The app suggests cleaning up \"317.8 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”,  in app settings, it displays the same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up \"317.8 MB\" of junk/cache. After completing junk clean it says “FINISHED! CLEANED”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.cleanphone.hutsalod.apk","isInstaller":"True","fileVersion":"1.3.6","hashMD5":"c72d9f674619c3774426b309a18f83e9","hashSHA1":"ebad05fb6a794e93bd4bb273443940a2856787e9","hashSHA256":"1f2ddcfb7a221c6e4ae59fd29cc17eccb22adbe3f718cb1f6b5edb565149a209","sourceIndex":"1349","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.cleanphone.hutsalod","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.cleanphone.hutsalod","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.cleanphone.hutsalod","sourceIndex":"1349"}],"sampleFiles":["221027/CleanfixMemoryCleaner-221027/1.3.6/Samples/com.cleanphone.hutsalod.apk"],"imageFiles":["221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221027/CleanfixMemoryCleaner-221027/1.3.6/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"ddb3dcbb-ca9d-485c-b1dd-7e2461da5df5_1.3.6_1","appID":"CleanfixMemoryCleaner-221027","dateAdded":"221027","deceptorType":"Android App","name":"Cleanfix Memory Cleaner","company":"Hutsalod App","version":"1.3.6","lastKnownStatus":"1.3.6","lastKnownDate":"221027","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,inject ads,display ads","lastUpdate":"2022-10-27T23:23:26.1925938+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1211},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"CompleteMobileMediaConverterSetup.exe (installer)\" and \"Complete Mobile Media Converter.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Complete Mobile Media Converter\\Complete Mobile Media Converter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"716eeae247671157c0c82d48bfa9a4e5","hashSHA1":"dab829b70fc7c29f9b8c8a4ea9547cac95a82600","hashSHA256":"bcf77b36b49d247b32aee7e7cd827931cb24be02bdab2b38ea9c7a3c97082afc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1353","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CompleteMobileMediaConverterSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Complete Mobile Media Converter                             ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"6e58031d62dfe646828a9c4f83641f34","hashSHA1":"095cd17187d9f1f0d13a7e1b6c80f4d6c83ddefe","hashSHA256":"ee73b31003cf74d5f9a302a82e54dcfb27b5d503dd7c15dcfe1dcdf67e08bb84","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1353","avBlockList":["360 Total Security (20221208)","Avast Premium Security (20221208)","AVG Internet Security (20221208)","Avira Internet Security (20221208)","Bitdefender Internet Security (20221208)","COMODO Antivirus (20221208)","Dr.Web Security Space (20221208)","ESET Internet Security (20221208)","G DATA INTERNET SECURITY (20221208)","K7 Total Security (20221208)","Kaspersky Internet Security (20221208)","Malwarebytes Premium (20221208)","McAfee Total Protection (20221208)","Norton Security (20221208)","Panda Dome (20221208)","Quick Heal Internet Security (20221208)","Sophos Home Premium (20221208)","SpyHunter5 (20221208)","Total AV Antivirus Pro (20221208)","Trend Micro Internet Security (20221208)","VIPRE Advanced Security (20221208)","VirIT eXplorer PRO (20221208)","Webroot SecureAnywhere (20221208)","Windows Defender (20221208)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com/mobile-media-converter.html","directDownloadingLink":"https://asoftwareplus.com/mobile-media-converter-download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/mobile-media-converter-download.html","sourceIndex":"1353"}],"sampleFiles":["221026/MobileMediaConverter-221026/1.0/Samples/CompleteMobileMediaConverterSetup.exe"],"imageFiles":["221026/MobileMediaConverter-221026/1.0/Images/ACR-109/ACR-109.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-048/ACR-048.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-010/ACR-010.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-118/ACR-118.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-057/ACR-057.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-059/ACR-059.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-071/ACR-071.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221026/MobileMediaConverter-221026/1.0/Images/ACR-106/ACR-106.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-092/ACR-092.JPG","221026/MobileMediaConverter-221026/1.0/Images/ACR-092/ACR-092_1.JPG"],"guid":"2188d684-4ff6-459d-bfb8-16f0cecee460_1.0_1","appID":"MobileMediaConverter-221026","dateAdded":"221026","deceptorType":"App","name":"Mobile Media Converter","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"221026","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-10-26T22:51:30.3413879+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1216},{"violations":{"ACR-003":"The app identifies 101.9 MB of cache files for the following apps \"Ex: Telegram, PhonePe, Speedtest, Outlook, and Firefox\" but, when viewed in app settings for these apps the total cache is 5.92 MB, thus the app exaggerates the identified results\n","ACR-103":"The app suggests cleaning up \"1.5 GB\" of junk/cache. After completing junk clean it says “Free 1.5 GB Storage”,  in app settings it displays same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"1. The app suggests cleaning up \"1.5 GB\" of junk/cache. After completing junk clean it says “Free 1.5 GB Storage”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n2. The app identifies 101.9 MB of cache files for the following apps \"Ex: Telegram, PhonePe, Speedtest, Outlook, and Firefox\" but, when viewed in app settings for these apps the total cache is 5.92 MB, thus the app exaggerates the identified results\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cleaner.fast.a.speed.boost.lite.apk","isInstaller":"True","fileVersion":"1.2.1","hashMD5":"ad1dbbb005c0e7f6b5cc3a5b40f1db14","hashSHA1":"d38b86f7711822be3e5211873d69b630c46eb79f","hashSHA256":"54e739c71e9784e6f65362aa39c0427681336d4957ef0acb2fc1996be9471871","sourceIndex":"1352","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=cleaner.fast.a.speed.boost.lite","directDownloadingLink":"https://play.google.com/store/apps/details?id=cleaner.fast.a.speed.boost.lite","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=cleaner.fast.a.speed.boost.lite","sourceIndex":"1352"}],"sampleFiles":["221026/Onecleaner-221026/1.2.1/Samples/cleaner.fast.a.speed.boost.lite.apk"],"imageFiles":["221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data1.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data2.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data3.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-003/ACR-003_Software_App's_Actual_Cache_Data4.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-003/ACR-003_Software_Scan_Result.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-003/ACR-003_Software_Scan_Result1.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-003/ACR-003_Software_Scan_Result2.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221026/Onecleaner-221026/1.2.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"61ec469e-4f01-4596-9143-067a4bada7a1_1.2.1_1","appID":"Onecleaner-221026","dateAdded":"221026","deceptorType":"Android App","name":"One cleaner","company":"Cleaner Pro inc.","version":"1.2.1","lastKnownStatus":"1.2.1","lastKnownDate":"221026","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"inject ads,display ads,up-sell to paid","lastUpdate":"2022-10-26T22:57:54.0271651+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1215},{"violations":{"ACR-003":"The app identifies 73 MB of cache files for the following apps \"Ex: Flipkart, Pinterest, PhonePe, Telegram and Speedtest\" but, when viewed in app settings for these apps the total cache is 175.96 KB, thus the app exaggerates the identified results\n","ACR-103":"The app suggests cleaning up \"1.7 GB\" of junk/cache. After completing junk clean it says “Free 1.7 GB Storage”,  in app settings it displays same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"1. The app suggests cleaning up \"1.7 GB\" of junk/cache. After completing junk clean it says “Free 1.7 GB Storage”, when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n2. The app identifies 73 MB of cache files for the following apps \"Ex: Flipkart, Pinterest, PhonePe, Telegram and Speedtest\" but, when viewed in app settings for these apps the total cache is 175.96 KB, thus the app exaggerates the identified results\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cleaner.fast.x.speed.boost.security.apk","isInstaller":"True","fileVersion":"1.2.3","hashMD5":"d9b4d82d359cc475e592d5490aab2e05","hashSHA1":"2d6d22725ed74e71cee15228e4fa5302e542605a","hashSHA256":"b8ff07686c9a9ff9efb69dcdf06232f4485cfdf8234208b4048d81eace854cf1","sourceIndex":"1351","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=cleaner.fast.x.speed.boost.security&pli=1","directDownloadingLink":"https://play.google.com/store/apps/details?id=cleaner.fast.x.speed.boost.security&pli=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=cleaner.fast.x.speed.boost.security&pli=1","sourceIndex":"1351"}],"sampleFiles":["221026/XCleaner-221026/1.2.3/Samples/cleaner.fast.x.speed.boost.security.apk"],"imageFiles":["221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning3.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Scan_Result1.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning3.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-003/ACR-003_Software_Scan_Result.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-003/ACR-003_Software_Exaggerated_Cache_Data.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-003/ACR-003_Software_Exaggerated_Cache_Data1.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-003/ACR-003_Software_Exaggerated_Cache_Data2.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-003/ACR-003_Software_Exaggerated_Cache_Data3.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-003/ACR-003_Software_Exaggerated_Cache_Data4.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-003/ACR-003_Software_Scan_Result1.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning3.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/Screenshot_20221026-103424_X Cleaner.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg","221026/XCleaner-221026/1.2.3/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning3.jpg"],"nonDeceptorImageFiles":[],"guid":"faa8758a-c7da-451e-b7f4-58b32281156b_1.2.3_1","appID":"XCleaner-221026","dateAdded":"221026","deceptorType":"Android App","name":"X Cleaner","company":"Cleaner Pro inc.","version":"1.2.3","lastKnownStatus":"1.2.3","lastKnownDate":"221026","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,inject ads,up-sell to paid","lastUpdate":"2022-10-26T23:04:13.7735002+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1214},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains a few components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation. \n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app does not have a digital signature for the following components: \"DVDPlayerSetup.exe (installer)\" and \"DVD Player.exe (Main exe)\". \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DVD Player\\DVD Player.exe","companyName":"asoftwareplus.com","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3263cef88dc66495ae6e4c7dcfb44e5c","hashSHA1":"b1b0e951cb4bb04f8f0f56864f0e16e48aa38fd8","hashSHA256":"4fd6e71eb3c5a018b9dceecfa8de9d02ba888d34131f65732c6ac764ecc11351","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1358","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DVDPlayerSetup.exe","isInstaller":"True","companyName":"asoftwareplus.com                                           ","productName":"DVD Player                                                  ","productVersion":"1.0.0.7                                           ","fileVersion":"1.0.0.7             ","hashMD5":"71fec4cff037df5cfa84b7146e52f079","hashSHA1":"4b73cf3bbe278f21f401772f55ea96a064ecd6bb","hashSHA256":"5101c45207820dadd6cc709833f568ed79e1c23f7f1d6b3ecbba796ba12aa27e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1358","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge related apps","reference":"","landingPage":"https://www.asoftwareplus.com/dvd-player.html","directDownloadingLink":"https://www.asoftwareplus.com/DVDPlayerSetup.ex","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.asoftwareplus.com/DVDPlayerSetup.ex","sourceIndex":"1358"}],"sampleFiles":["221025/DVDPlayer-221025/1.0/Samples/DVDPlayerSetup.exe"],"imageFiles":["221025/DVDPlayer-221025/1.0/Images/ACR-109/ACR-109.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-048/ACR-048.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-010/ACR-010.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-057/ACR-057.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-059/ACR-059.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-071/ACR-071.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-155/ACR-155.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-118/ACR-118-1.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-118/ACR-118-2.JPG"],"nonDeceptorImageFiles":["221025/DVDPlayer-221025/1.0/Images/ACR-106/ACR-106.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-092/ACR-092_1.JPG","221025/DVDPlayer-221025/1.0/Images/ACR-092/ACR-092_2.JPG"],"guid":"8ed21951-780b-48c1-9f5e-17399b9af99c_1.0_1","appID":"DVDPlayer-221025","dateAdded":"221025","deceptorType":"App","name":"DVD Player","company":"A Software Plus","version":"1.0","firstVendorContactDate":"221025","lastKnownStatus":"1.0","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-10-25T20:24:02.0147524+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1217},{"violations":{"ACR-003":"The app identifies 192 MB of cache files for the following apps \"Ex: Brave, Pinterest, and Twitter\" but, when viewed in app settings for these apps the total cache is 33MB, thus the app exaggerates the identified results\n","ACR-103":"The app suggests cleaning up 1.63 GB of junk/cache. After completing junk clean it says “CLEARED 1.63 GB”,  in app settings it displays the same size of cache data that can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up 1.63 GB of junk/cache. After completing junk clean it says “CLEARED 1.63 GB\", when viewed in app settings it displays the same size of cache data that can be cleaned, which misleads users\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.active.cleaner.apk","isInstaller":"True","fileVersion":"3.1","hashMD5":"5538c1eaae5ba8c2d1e470e8d1a30b16","hashSHA1":"d9497656df522825ce23841e8d23638b7d1a6afd","hashSHA256":"96da869614c06a7f609eed8f6a06e9659c9108ae515713e9290fc071417b8c65","sourceIndex":"1357","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.active.cleaner&hl=en_IN&gl=US","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.active.cleaner&hl=en_IN&gl=US","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.active.cleaner&hl=en_IN&gl=US","sourceIndex":"1357"}],"sampleFiles":["221025/ActiveCleanerQuickClean-221025/3.1/Samples/com.active.cleaner.apk"],"imageFiles":["221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-003/ACR-003_Software_Scan_Result.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning1.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning2.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221025/ActiveCleanerQuickClean-221025/3.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"99c2a75a-2df6-4b2d-9464-fc5bf30424e4_3.1_1","appID":"ActiveCleanerQuickClean-221025","dateAdded":"221025","deceptorType":"Android App","name":"Active Cleaner Quick Clean","company":"Svetlana Karmazina","version":"3.1","lastKnownStatus":"3.1","lastKnownDate":"221025","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-25T20:28:14.1375799+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1218},{"violations":{"ACR-003":"The app identifies 329 MB of cache files for the following apps \"Ex: Brave, Firefox, and Speedtest\" but, when viewed in app settings for these apps the total cache is 94MB, thus the app exaggerates the identified results\n","ACR-103":"The app suggests cleaning up 2.1 GB of junk/cache. After completing junk clean it says “CLEARED 2.1 GB”, when viewed in app settings it displays same size of cache data can be cleaned. Its value proposition can't be verified as it does not clean any junk/cache\n","ACR-014":"1. The app suggests cleaning up 2.1 GB of junk/cache. After completing junk clean it says “CLEARED 2.1 GB”, when viewed in app settings it displays same size of cache data can be cleaned, that misleads users. \n2. App exaggerates the identified results, that misleads users: App identifies 329 MB of cache files for the following apps \"Ex: Brave, Firefox, and Speedtest\" but, when viewed in app settings for these apps the total cache is 94MB, \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.auto.touch.cleaner.junk.apk","isInstaller":"True","fileVersion":"3.5","hashMD5":"277e864cfec9d28275f54629cc5cd4c3","hashSHA1":"7d49809b9f434e52c1ffadff88f09c6f54b55ca8","hashSHA256":"1cfffb65b2cb5ad94f160979a0fe03653e4c8b82a6b0dc20e633707be9087311","sourceIndex":"1360","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted from play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.auto.touch.cleaner.junk","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.auto.touch.cleaner.junk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.auto.touch.cleaner.junk","sourceIndex":"1360"}],"sampleFiles":["221021/CleaningThePhoneAutoCleaner-211022/3.5/Samples/com.auto.touch.cleaner.junk.apk"],"imageFiles":["221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_Scan_Result2.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-003/ACR-003_Software_Scan_Result.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-003/ACR-003_Software_Scan_Result1.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning1.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-003/ACR-003_Software_Cache_Before_Cleaning2.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_Scan_Result1.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221021/CleaningThePhoneAutoCleaner-211022/3.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"f1920485-6d2a-4ea7-8639-df9160038ffd_3.5_1","appID":"CleaningThePhoneAutoCleaner-211022","dateAdded":"221021","deceptorType":"Android App","name":"Cleaning the phone AutoCleaner","company":"Live Wallpaper Production","version":"3.5","lastKnownStatus":"3.5","lastKnownDate":"221021","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-21T21:56:42.4411327+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1220},{"violations":{"ACR-103":"The app suggests cleaning up 183.1 MB of junk/cache. After completing junk clean it says “CLEANED 183.98 MB”,  in app settings it displays same size of cache data can be cleaned. App's value proposition can't be verified  as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up 183.1 MB of junk/cache. After completing junk clean it says “CLEANED 183.98 MB”, when viewed in app settings it displays same size of cache data can be cleaned, that misleads users.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.powerd.cleaner.apk","isInstaller":"True","fileVersion":"3.2.5","hashMD5":"58b745c36ab676ee520472c45462932c","hashSHA1":"ac084fd352d5e2fb8b8096bec70053297591ceda","hashSHA256":"74db8ee45de55237e10c32308eff367a218d24ceebe5033922d2c46e673fcc4d","sourceIndex":"1361","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.powerd.cleaner","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.powerd.cleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.powerd.cleaner","sourceIndex":"1361"}],"sampleFiles":["221021/FastCleanerBoosterCleaner-211022/3.2.5/Samples/com.powerd.cleaner.apk"],"imageFiles":["221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221021/FastCleanerBoosterCleaner-211022/3.2.5/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"d84087fe-6d0b-4b12-b3c5-d5f1280b3ece_3.2.5_1","appID":"FastCleanerBoosterCleaner-211022","dateAdded":"221021","deceptorType":"Android App","name":"Fast Cleaner Booster Cleaner","company":"powerd dev team","version":"3.2.5","lastKnownStatus":"3.2.5","lastKnownDate":"221021","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-21T21:52:29.852863+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1219},{"violations":{"ACR-004":"The application only cleans 500MB off of the disk, then it requires the user to subscribe to continue cleaning the disk items found during free scanning.\n"},"nonDeceptorViolations":{"ACR-099":"App does not include links to uninstall information in the App About Page\n"},"samples":[{"isRevoked":"False","fileName":"MacCleaner","fileVersion":"0.","hashMD5":"d3d1245a4d341eb7d9bd3343a25f26cf","hashSHA1":"696f21adbe9c776c9ab0b9eac3dc94afb8a55f19","hashSHA256":"7c03048cdf7143cbbbbc684138b79a92ab7218a99b47fe8bf45bf5cffc0568de","sourceIndex":"1362","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for cleaning app via app store","reference":"","landingPage":"https://thinkyeah.com","directDownloadingLink":"https://apps.apple.com/ph/app/fancyclean/id1587301004?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/fancyclean/id1587301004?mt=12","sourceIndex":"1362"}],"sampleFiles":["221020/FancyClean-221020/1.3.3/Samples/MacCleaner"],"imageFiles":["221020/FancyClean-221020/1.3.3/Images/ACR-004/004Fail2.gif"],"nonDeceptorImageFiles":["221020/FancyClean-221020/1.3.3/Images/ACR-099/About.png"],"guid":"2dfe6de0-6f19-4ab2-8694-27c551ae92d2_1.3.3_1","appID":"FancyClean-221020","dateAdded":"221020","deceptorType":"MacOS App","name":"Fancy Clean","company":"Think Yeah","version":"1.3.3","lastKnownStatus":"1.3.3","lastKnownDate":"221020","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2022-10-20T21:01:27.5713661+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1221},{"violations":{"ACR-042":"Potential offer-related components get dropped into a hidden folder before obtaining user consent.\n","ACR-043":"Third party components get dropped in one click without asking user's permission and disclosing the installation path. \n","ACR-013":"During installation, the user is interrupted by non-consented offers to silently install unrelated software.\n","ACR-060":"The offer network does not disclose itself in its offers to silently install unrelated software.\n"},"nonDeceptorViolations":{"ACR-161":"The app's landing page shows testimonials with no links back to original source therefore cannot be verified.\n","ACR-099":"The landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"YouTubeSongDownloader-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"YouTube Song Downloader    ","fileVersion":"1.0","hashMD5":"1b1a258862667325ac7de84497940921","hashSHA1":"688817deba526cc8ddd86045a7de18927e857bca","hashSHA256":"952f96c4e60f6b5b1da830b1da345f4f3ce6c0e431163ea790037c7666d6d0f2","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1106","avBlockList":["Avast Premium Security (20221027)","AVG Internet Security (20221027)","Avira Internet Security (20221027)","ESET Internet Security (20221027)","K7 Total Security (20221027)","Panda Dome (20221027)","Sophos Home Premium (20221027)","SpyHunter5 (20221027)","Total AV Antivirus Pro (20221027)","VirIT eXplorer PRO (20221027)","Windows Defender (20221027)"],"avAllowList":["360 Total Security (20221027)","Bitdefender Internet Security (20221027)","COMODO Antivirus (20221027)","Dr.Web Security Space (20221027)","G DATA INTERNET SECURITY (20221027)","Malwarebytes Premium (20221027)","McAfee Total Protection (20221027)","Norton Security (20221027)","Quick Heal Internet Security (20221027)","Trend Micro Internet Security (20221027)","VIPRE Advanced Security (20221027)","Webroot SecureAnywhere (20221027)"]},{"isRevoked":"False","fileName":"YouTubeSongDownloader-setup-2.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"ab17ce93e21dc5c81bb9e1303bc610be","hashSHA1":"527500332dc0d167291cb8ee36663c1143b21733","hashSHA256":"b9335d01be2ab4b42dca5370fb4fb8665e2d6b5dbcb5b36ae9c3371cc4c1eedf","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1106","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searched Abelssoft","reference":"","landingPage":"https://www.abelssoft.de/en/windows/multimedia/youtube-song-downloader","directDownloadingLink":"https://www.abelssoft.de/YouTubeSongDownloader-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/YouTubeSongDownloader-setup.exe","sourceIndex":"1106"}],"sampleFiles":["221019/YouTubeSongDownloader-221018/1.0.0.0/Samples/YouTubeSongDownloader-setup.exe","221019/YouTubeSongDownloader-221018/1.0.0.0/Samples/YouTubeSongDownloader-setup-2.exe"],"imageFiles":["221019/YouTubeSongDownloader-221018/1.0.0.0/Images/ACR-043/YTSD_ACR-042_043.jpg","221019/YouTubeSongDownloader-221018/1.0.0.0/Images/ACR-042/YTSD_ACR-042_043.jpg","221019/YouTubeSongDownloader-221018/1.0.0.0/Images/ACR-013/YTSD_ACR-013_060.jpg","221019/YouTubeSongDownloader-221018/1.0.0.0/Images/ACR-060/YTSD_ACR-013_060.jpg"],"nonDeceptorImageFiles":["221019/YouTubeSongDownloader-221018/1.0.0.0/Images/ACR-099/YouTubeSongDownloader_LandingPage.jpeg","221019/YouTubeSongDownloader-221018/1.0.0.0/Images/ACR-161/YouTubeSongDownloader_LandingPage.jpeg"],"guid":"20bef3ac-db06-45b2-9f0a-f07357767f71_1.0.0.0_1","appID":"YouTubeSongDownloader-221018","dateAdded":"221019","deceptorType":"App","name":"YouTube Song Downloader","company":"Abelssoft","version":"1.0.0.0","firstVendorContactDate":"230510","firstAppEsteemReplyDate":"230512","firstResolvedDate":"230512","firstResolvedVersion":"23.4.0","resolved":"TRUE","lastKnownStatus":"1.0.0.0","lastKnownDate":"221019","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2023-05-13T00:33:20.0573407+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1222},{"violations":{"ACR-003":"The app uses a \"red\" warning sign to exaggerate urgency about system health.\n","ACR-004":"The app exaggerates urgency with the color \"red\" and the \"!\" warning sign.\n","ACR-055":"Accept and decline for the optional offer must be obvious. Unchecking the preselected Opera Browser installation is not a straightforward option for decline.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to app's EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's about page does not provide links to EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The app's landing page shows testimonials with no links back to original source.\n","ACR-099":"The app's about page does not provide links to uninstall information.\nThe app's landing page does not provide links to uninstall information.\nThe app's internal offers does not provide links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"AbLauncher.exe","productName":"AbLauncher","productVersion":"8.7","fileVersion":"8.7","hashMD5":"f4fb6991bd67ca09d29b0f0861cef925","hashSHA1":"ad93ff6f9a5fc2408cac9e092aa3d221c81df09b","hashSHA256":"e3e2c60f2a15fab6189dac69eb1281e167d8ba53f4982a290bcef9fee4c9612d","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1334","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcfresh-setup.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","productName":"PC Fresh  ","fileVersion":"1.0","hashMD5":"ab9889e16a955af8bbd7faa58bdd7f6e","hashSHA1":"98d24103842ea9f97e5bb025162d6549633df977","hashSHA256":"45a1fca678ea3c0adad1b32b1da4779ec2865f5860d25c80710fddf0f26d7a95","digitalCertThumbprint":"1DD08D1EC40FAE8963690EB1B5FE06D4E64C8F76","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"1334","avBlockList":["Avast Premium Security (20221027)","AVG Internet Security (20221027)","Avira Internet Security (20221027)","Bitdefender Internet Security (20221027)","ESET Internet Security (20221027)","K7 Total Security (20221027)","Panda Dome (20221027)","Sophos Home Premium (20221027)","SpyHunter5 (20221027)","Total AV Antivirus Pro (20221027)","VIPRE Advanced Security (20221027)","VirIT eXplorer PRO (20221027)","Windows Defender (20221027)"],"avAllowList":["360 Total Security (20221027)","COMODO Antivirus (20221027)","Dr.Web Security Space (20221027)","G DATA INTERNET SECURITY (20221027)","Kaspersky Internet Security (20221027)","Malwarebytes Premium (20221027)","McAfee Total Protection (20221027)","Norton Security (20221027)","Quick Heal Internet Security (20221027)","Trend Micro Internet Security (20221027)","Webroot SecureAnywhere (20221027)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.abelssoft.de/de/windows/system-tools/pc-fresh","directDownloadingLink":"https://www.abelssoft.de/pcfresh-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/pcfresh-setup.exe","sourceIndex":"1334"}],"sampleFiles":["221019/PCFresh-200610/8.7/Samples/AbLauncher.exe","221019/PCFresh-200610/8.7/Samples/pcfresh-setup.exe"],"imageFiles":["221019/PCFresh-200610/8.7/Images/ACR-055/ACR-055_OptionalOffer_Preselected.jpg","221019/PCFresh-200610/8.7/Images/ACR-003/ACR-003_Warning.jpg","221019/PCFresh-200610/8.7/Images/ACR-004/ACR-003_004_Warning.jpg"],"nonDeceptorImageFiles":["221019/PCFresh-200610/8.7/Images/ACR-065/ACR-065_Install.jpg","221019/PCFresh-200610/8.7/Images/ACR-065/ACR-065_Software.jpg","221019/PCFresh-200610/8.7/Images/ACR-161/ACR-161_Testimonials.jpg","221019/PCFresh-200610/8.7/Images/ACR-099/ACR-099_Software.jpg","221019/PCFresh-200610/8.7/Images/ACR-099/PCFresh_LandingPage.jpeg","221019/PCFresh-200610/8.7/Images/ACR-099/PCFresh_OfferPage.jpeg"],"guid":"b5577bd8-ed87-4ffc-8efb-1e44be8b958b_8.7_1","appID":"PCFresh-200610","dateAdded":"221019","deceptorType":"App","name":"PC Fresh","company":"Abelssoft","version":"8.7","firstVendorContactDate":"221107","firstAppEsteemReplyDate":"221110","firstResolvedDate":"221110","firstResolvedVersion":"8.08","resolved":"TRUE","lastKnownStatus":"8.7","lastKnownDate":"221110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-11-10T23:10:47.962786+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1223},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains a few components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation. \n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"MP4PlayerSetup.exe (installer)\" and \"MP4 Player.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MP4 Player\\MP4 Player.exe","companyName":"asoftwareplus.com","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d3e0e15e932643346b349ce33c5a2228","hashSHA1":"47b4c84930d5da16d71a689a23c63f0840b13fd3","hashSHA256":"4239690895fbe31e6282cbe683d1ea7bbffc98697f613710add9facb8ce3e98f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1363","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP4PlayerSetup.exe","isInstaller":"True","companyName":"asoftwareplus.com                                           ","productName":"MP4 Player                                                  ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"d110bf21d05995958c941c45ee1bdc5e","hashSHA1":"79ece9019250cd5c0b5f7c611a30dda8f23c8283","hashSHA256":"b742f5cb0a178b1d0889cba365fbac3ece73abfe6363fff7c097cc2f410e68d0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1363","avBlockList":["360 Total Security (20221027)","Avast Premium Security (20221027)","AVG Internet Security (20221027)","Avira Internet Security (20221027)","Bitdefender Internet Security (20221027)","COMODO Antivirus (20221027)","Dr.Web Security Space (20221027)","ESET Internet Security (20221027)","G DATA INTERNET SECURITY (20221027)","K7 Total Security (20221027)","Kaspersky Internet Security (20221027)","Malwarebytes Premium (20221027)","McAfee Total Protection (20221027)","Norton Security (20221027)","Panda Dome (20221027)","Quick Heal Internet Security (20221027)","Sophos Home Premium (20221027)","SpyHunter5 (20221027)","Total AV Antivirus Pro (20221027)","VIPRE Advanced Security (20221027)","VirIT eXplorer PRO (20221027)","Webroot SecureAnywhere (20221027)","Windows Defender (20221027)"],"avAllowList":["Trend Micro Internet Security (20221027)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.asoftwareplus.com/mp4-player.html","directDownloadingLink":"https://www.asoftwareplus.com/MP4PlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.asoftwareplus.com/MP4PlayerSetup.exe","sourceIndex":"1363"}],"sampleFiles":["221019/MP4Player-221018/1.0/Samples/MP4PlayerSetup.exe"],"imageFiles":["221019/MP4Player-221018/1.0/Images/ACR-109/ACR-109.JPG","221019/MP4Player-221018/1.0/Images/ACR-048/ACR-048.JPG","221019/MP4Player-221018/1.0/Images/ACR-010/ACR-010.JPG","221019/MP4Player-221018/1.0/Images/ACR-059/ACR-059.JPG","221019/MP4Player-221018/1.0/Images/ACR-071/ACR-071.JPG","221019/MP4Player-221018/1.0/Images/ACR-155/ACR-155.JPG","221019/MP4Player-221018/1.0/Images/ACR-057/ACR-057.JPG","221019/MP4Player-221018/1.0/Images/ACR-118/ACR-118.JPG","221019/MP4Player-221018/1.0/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["221019/MP4Player-221018/1.0/Images/ACR-106/ACR-106.JPG","221019/MP4Player-221018/1.0/Images/ACR-092/ACR-092.JPG","221019/MP4Player-221018/1.0/Images/ACR-092/ACR-092_1.JPG"],"guid":"72dac505-f970-4f25-8257-e83c1c14b5d8_1.0_1","appID":"MP4Player-221018","dateAdded":"221019","deceptorType":"App","name":"MP4 Player","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"221019","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-10-19T19:35:42.6710772+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1224},{"violations":{"ACR-004":"The app requires a one time payment to complete the delete process. The app does not provide a functioning free trial to delete the items found during free scan. \n"},"nonDeceptorViolations":{"ACR-099":"The app doesnt include links or instruction to uninstall the apps\n"},"samples":[{"isRevoked":"False","fileName":"Uninstaller sensei","fileVersion":"0.","hashMD5":"7cadbdbfb30e72ed53637b180b5d6f18","hashSHA1":"8a1d09ff0501a53d80d311f48fd3c7de54a66ed4","hashSHA256":"0114472d5812490a95302b06cca2a6694f580d21646d76e8e6622288bee09833","sourceIndex":"1364","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searching for utility apps in MacOs Appstore","reference":"","landingPage":"https://usensei.wixsite.com/apps","directDownloadingLink":"https://apps.apple.com/ph/app/uninstaller-sensei/id1373706803?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/uninstaller-sensei/id1373706803?mt=12","sourceIndex":"1364"}],"sampleFiles":["221017/UninstallSensei-221014/1.7.7/Samples/Uninstaller sensei"],"imageFiles":["221017/UninstallSensei-221014/1.7.7/Images/ACR-004/MainWindow1.png","221017/UninstallSensei-221014/1.7.7/Images/ACR-004/MainWindow2.png","221017/UninstallSensei-221014/1.7.7/Images/ACR-004/UpgradeOffer1.png","221017/UninstallSensei-221014/1.7.7/Images/ACR-004/UpgradeOffer2.png"],"nonDeceptorImageFiles":["221017/UninstallSensei-221014/1.7.7/Images/ACR-099/AppAbout.png"],"guid":"7e8ebb18-e00e-432b-b95d-2308e26bea0b_1.7.7_1","appID":"UninstallSensei-221014","dateAdded":"221017","deceptorType":"MacOS App","name":"Uninstall Sensei","company":"Maksym Katrych","version":"1.7.7","lastKnownStatus":"1.7.7","lastKnownDate":"221017","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2022-10-17T21:48:44.8059086+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1225},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains a few components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"ScrapNotifierSetup.exe (installer)\" and \"Scrap Notifier.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Scrap Notifier\\Scrap Notifier.exe","companyName":"","productName":"Scrap Notifier","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c165a9a6987c1486f8a762eea6061312","hashSHA1":"1f104df2f3235023e96f575be08027b26dd799d2","hashSHA256":"12ddf9273c881c05d6554b8c27afd1630f24d23ad1629e34d6e09edd6d7c91b3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"291","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ScrapNotifierSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Scrap Notifier                                              ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"85b027273bc8ccff2c7ce2ccd438ae01","hashSHA1":"a088d3e8ffeee236c46106d561fd3c5bfcfb0b90","hashSHA256":"144ad90c0953ca24c24953e69b7edd53bd87f221fd89f32072fe7e0ceca1554d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"291","avBlockList":["360 Total Security (20221025)","Avast Premium Security (20221025)","AVG Internet Security (20221025)","Avira Internet Security (20221025)","Bitdefender Internet Security (20221025)","COMODO Antivirus (20221025)","Dr.Web Security Space (20221025)","ESET Internet Security (20221025)","G DATA INTERNET SECURITY (20221025)","K7 Total Security (20221025)","Kaspersky Internet Security (20221025)","Malwarebytes Premium (20221025)","McAfee Total Protection (20221025)","Norton Security (20221025)","Panda Dome (20221025)","Quick Heal Internet Security (20221025)","Sophos Home Premium (20221025)","SpyHunter5 (20221025)","Total AV Antivirus Pro (20221025)","VIPRE Advanced Security (20221025)","VirIT eXplorer PRO (20221025)","Webroot SecureAnywhere (20221025)","Windows Defender (20221025)"],"avAllowList":["Trend Micro Internet Security (20221025)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com/scrap-notifier.html","directDownloadingLink":"https://asoftwareplus.com/scrap-notifier-download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/scrap-notifier-download.html","sourceIndex":"291"}],"sampleFiles":["221017/ScrapNotifier-221017/1.0/Samples/ScrapNotifierSetup.exe"],"imageFiles":["221017/ScrapNotifier-221017/1.0/Images/ACR-109/ACR-109.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-048/ACR-048.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-010/ACR-010.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-118/ACR-118.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-118/ACR-118_1.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-057/ACR-057.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-059/ACR-059.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-071/ACR-071.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221017/ScrapNotifier-221017/1.0/Images/ACR-106/ACR-106.JPG","221017/ScrapNotifier-221017/1.0/Images/ACR-092/ACR-092.JPG"],"guid":"cfc4bbe5-e9ad-4c85-ac41-d87d54c9ab3b_1.0_1","appID":"ScrapNotifier-221017","dateAdded":"221017","deceptorType":"App","name":"Scrap Notifier","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-12-12T21:52:40.3365501+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1226},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"MP3CutterPlusSetup.exe (installer)\" and \"MP3CutterPlus.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MP3 Cutter Plus\\MP3CutterPlus.exe","companyName":"A Software Plus","productName":"Mp3 Cutter Plus","productVersion":"1.00","fileVersion":"1.00","hashMD5":"90fd36ecad1b7df165d005ba0c25c30c","hashSHA1":"e873c9dffe1ae176f2ae02612ceff21f93b4c53d","hashSHA256":"e2910d8cac5ef366157937ce02a6652ffdadc7fbb8c0efaebfad595230023d34","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1367","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP3CutterPlusSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"MP3 Cutter Plus                                             ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"1ec11aa5e134bc84624761cb66ded313","hashSHA1":"f933d05e2c4991de77671e98857111ef37fc0d55","hashSHA256":"55dbfd70fe3c25d7c716f34bbe0d42296665772d8032273b49323f4392baf3f6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1367","avBlockList":["360 Total Security (20221025)","Avast Premium Security (20221025)","AVG Internet Security (20221025)","Avira Internet Security (20221025)","Bitdefender Internet Security (20221025)","COMODO Antivirus (20221025)","Dr.Web Security Space (20221025)","ESET Internet Security (20221025)","G DATA INTERNET SECURITY (20221025)","K7 Total Security (20221025)","Kaspersky Internet Security (20221025)","Malwarebytes Premium (20221025)","McAfee Total Protection (20221025)","Norton Security (20221025)","Panda Dome (20221025)","Quick Heal Internet Security (20221025)","Sophos Home Premium (20221025)","SpyHunter5 (20221025)","Total AV Antivirus Pro (20221025)","VIPRE Advanced Security (20221025)","VirIT eXplorer PRO (20221025)","Webroot SecureAnywhere (20221025)","Windows Defender (20221025)"],"avAllowList":["Trend Micro Internet Security (20221025)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com/mp3-cutter.html","directDownloadingLink":"https://asoftwareplus.com/mp3-cutter-download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/mp3-cutter-download.html","sourceIndex":"1367"}],"sampleFiles":["221017/Mp3CutterPlus-221014/1.0/Samples/MP3CutterPlusSetup.exe"],"imageFiles":["221017/Mp3CutterPlus-221014/1.0/Images/ACR-109/ACR_109.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-048/ACR_048.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-010/ACR_010.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-118/ACR-118.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-118/ACR-118_1.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-057/ACR_057.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-059/ACR_059.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-071/ACR_071.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-155/ACR_155.JPG"],"nonDeceptorImageFiles":["221017/Mp3CutterPlus-221014/1.0/Images/ACR-106/ACR-106.JPG","221017/Mp3CutterPlus-221014/1.0/Images/ACR-092/ACR-092.JPG"],"guid":"2c96a139-e54a-4968-a594-39b0ce485561_1.0_1","appID":"Mp3CutterPlus-221014","dateAdded":"221017","deceptorType":"App","name":"MP3 Cutter Plus","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"221017","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-10-17T17:29:56.9788577+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1227},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the  \"curl-ca-bundle.crt\" file on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"FullScreenWebImageViewerSetup.exe(installer)\" and \"fswiv.exe(Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Windows\\SysWOW64\\fswiv.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"1b27d585558c13376fed9bcf9c0062e7","hashSHA1":"f3e7fd5535f79e7ac626f19b84e180334588d7b0","hashSHA256":"4f7a142583619eb8396c4fa54b47bab594c17ef6f75e04255fd7391cab43a6b3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1372","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FullScreenWebImageViewerSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Full Screen Web Image Viewer                                ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"b021e2f884b359b0363e6851d8623a34","hashSHA1":"dba317d98601a633043835385c7f5157e41dda8a","hashSHA256":"079a8f7ce49d9d6bee34e29b6ac5eb72630877d99ad7d4ce0e14be5c9d30c41f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1372","avBlockList":["360 Total Security (20221025)","Avast Premium Security (20221025)","AVG Internet Security (20221025)","Avira Internet Security (20221025)","Bitdefender Internet Security (20221025)","COMODO Antivirus (20221025)","Dr.Web Security Space (20221025)","ESET Internet Security (20221025)","G DATA INTERNET SECURITY (20221025)","K7 Total Security (20221025)","Kaspersky Internet Security (20221025)","Malwarebytes Premium (20221025)","McAfee Total Protection (20221025)","Norton Security (20221025)","Panda Dome (20221025)","Quick Heal Internet Security (20221025)","Sophos Home Premium (20221025)","SpyHunter5 (20221025)","Total AV Antivirus Pro (20221025)","VIPRE Advanced Security (20221025)","VirIT eXplorer PRO (20221025)","Webroot SecureAnywhere (20221025)","Windows Defender (20221025)"],"avAllowList":["Trend Micro Internet Security (20221025)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com/full-screen-web-image-viewer.html","directDownloadingLink":"https://asoftwareplus.com/FullScreenWebImageViewerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/FullScreenWebImageViewerSetup.exe","sourceIndex":"1372"}],"sampleFiles":["221017/FullScreenWebImageViewer-221017/1.0/Samples/FullScreenWebImageViewerSetup.exe"],"imageFiles":["221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-109/ACR-109.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-048/ACR-048.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-010/ACR-010.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-118/ACR-118.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-057/ACR-057.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-059/ACR-059.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-071/ACR-071.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-106/ACR-106.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-092/ACR-092.JPG","221017/FullScreenWebImageViewer-221017/1.0/Images/ACR-092/ACR-092_1.JPG"],"guid":"8ea8ac74-7c4e-4d8a-b229-a07c25b07bbc_1.0_1","appID":"FullScreenWebImageViewer-221017","dateAdded":"221017","deceptorType":"App","name":"Full Screen WebImage Viewer Setup","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"221017","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-10-17T17:20:05.0334045+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1228},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor applications. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"DiskDefragSetup.exe(installer)\" and \"Disk Defrag.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Disk Defrag\\Disk Defrag.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"17d059d8e220b2e5fb23e621de80e8a7","hashSHA1":"b0431ba89824bb5f129575bd3ee31fd5e6e41733","hashSHA256":"abb943bfc9544e6eeed73c428245f9336fbba362b449d3e70d61b6cb5ebb948b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1370","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskDefragSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Disk Defrag                                                 ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"91937c67dac15d6caf9506a7328c9cdf","hashSHA1":"018fb5f7f22c7c0f714b1b845e752320ec5e7cfd","hashSHA256":"22169428e7428f99aadb18a3a01076553f91c2a65acceb6b00010e428b624b12","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1370","avBlockList":["360 Total Security (20221025)","Avast Premium Security (20221025)","AVG Internet Security (20221025)","Avira Internet Security (20221025)","Bitdefender Internet Security (20221025)","COMODO Antivirus (20221025)","Dr.Web Security Space (20221025)","ESET Internet Security (20221025)","G DATA INTERNET SECURITY (20221025)","K7 Total Security (20221025)","Kaspersky Internet Security (20221025)","Malwarebytes Premium (20221025)","McAfee Total Protection (20221025)","Norton Security (20221025)","Panda Dome (20221025)","Quick Heal Internet Security (20221025)","Sophos Home Premium (20221025)","SpyHunter5 (20221025)","Total AV Antivirus Pro (20221025)","VIPRE Advanced Security (20221025)","VirIT eXplorer PRO (20221025)","Webroot SecureAnywhere (20221025)","Windows Defender (20221025)"],"avAllowList":["Trend Micro Internet Security (20221025)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com/disk-defrag.html","directDownloadingLink":"https://asoftwareplus.com/DiskDefragSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/DiskDefragSetup.exe","sourceIndex":"1370"}],"sampleFiles":["221017/DiskDefrag-221017/1.0/Samples/DiskDefragSetup.exe"],"imageFiles":["221017/DiskDefrag-221017/1.0/Images/ACR-109/ACR-109.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-048/ACR-048.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-010/ACR-010.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-118/ACR-118.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-118/ACR-118_1.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-057/ACR-057.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-059/ACR-059.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-071/ACR-071.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221017/DiskDefrag-221017/1.0/Images/ACR-106/ACR-106.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-092/ACR-092.JPG","221017/DiskDefrag-221017/1.0/Images/ACR-092/ACR-092_1.JPG"],"guid":"b0e337b3-cbc0-4590-bd3c-78e38c51c670_1.0_1","appID":"DiskDefrag-221017","dateAdded":"221017","deceptorType":"App","name":"Disk Defrag","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"221017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-10-17T17:24:47.2412339+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1230},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains a few components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"DigitalAudioRecorderSetup.exe (installer)\" and \"DigitalAudioRecorder.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Digital Audio Recorder\\Digital Audio Recorder.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"eb215de3a67a1fa675851ff3e0ff245c","hashSHA1":"435ce3adcca48581731bb7636afa9f270948fd17","hashSHA256":"1e9be3e2ac1c701af2aee7d0e85e5be24547e173e9b5b1468af7f023be296f7b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1371","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DigitalAudioRecorderSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Digital Audio Recorder                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"a46c35af30145fb439f4c49313f54da5","hashSHA1":"7d2ba00eb60854319234c4e8b3cfe3b65d25595b","hashSHA256":"e6d9bdb591409775f4bbf6e3236d9b9acab2c091315152aca3741be08a520b40","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1371","avBlockList":["360 Total Security (20221025)","Avast Premium Security (20221025)","AVG Internet Security (20221025)","Avira Internet Security (20221025)","Bitdefender Internet Security (20221025)","COMODO Antivirus (20221025)","Dr.Web Security Space (20221025)","ESET Internet Security (20221025)","G DATA INTERNET SECURITY (20221025)","K7 Total Security (20221025)","Kaspersky Internet Security (20221025)","Malwarebytes Premium (20221025)","McAfee Total Protection (20221025)","Norton Security (20221025)","Panda Dome (20221025)","Quick Heal Internet Security (20221025)","Sophos Home Premium (20221025)","SpyHunter5 (20221025)","Total AV Antivirus Pro (20221025)","VIPRE Advanced Security (20221025)","VirIT eXplorer PRO (20221025)","Webroot SecureAnywhere (20221025)","Windows Defender (20221025)"],"avAllowList":["Trend Micro Internet Security (20221025)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com/digital-audio-recorder.html","directDownloadingLink":"https://asoftwareplus.com/digital-audio-recorder-download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/digital-audio-recorder-download.html","sourceIndex":"1371"}],"sampleFiles":["221017/DigitalAudioRecorder-221017/1.0/Samples/DigitalAudioRecorderSetup.exe"],"imageFiles":["221017/DigitalAudioRecorder-221017/1.0/Images/ACR-109/ACR-109.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-048/ACR-048.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-010/ACR-010.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-118/ACR-118.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-118/ACR-118_1.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-057/ACR-057.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-059/ACR-059.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-071/ACR-071.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221017/DigitalAudioRecorder-221017/1.0/Images/ACR-106/ACR-106.JPG","221017/DigitalAudioRecorder-221017/1.0/Images/ACR-092/ACR-092.JPG"],"guid":"3bfece4e-515d-48e7-b312-57f610929929_1.0_1","appID":"DigitalAudioRecorder-221017","dateAdded":"221017","deceptorType":"App","name":"Digital Audio Recorder","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"221017","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-10-17T17:21:13.4426021+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1231},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor applications. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"ConvertWAVToMP3Setup.exe(installer)\" and \"Convert WAV To MP3.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Convert WAV To MP3\\Convert WAV To MP3.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b1e7917ba068ad0a03e1fe9f77d91673","hashSHA1":"b3aec499800b92b23872bc667aa93c13dba0d9f6","hashSHA256":"83aa2ed5e78d1cad1acd1628b7765285e783561e9085bdd49bb879654cd0dda4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1368","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ConvertWAVToMP3Setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Convert WAV To MP3                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"475ab90d4646fd0b7a9378ff4d6465e0","hashSHA1":"a9003719053021f2064e2f97792727811b0acc6b","hashSHA256":"43bfe28ee6585786c80761033da8b73ddc70dd73a1b468399ee91243c939cac0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1368","avBlockList":["360 Total Security (20221025)","Avast Premium Security (20221025)","AVG Internet Security (20221025)","Avira Internet Security (20221025)","Bitdefender Internet Security (20221025)","COMODO Antivirus (20221025)","Dr.Web Security Space (20221025)","ESET Internet Security (20221025)","G DATA INTERNET SECURITY (20221025)","K7 Total Security (20221025)","Kaspersky Internet Security (20221025)","Malwarebytes Premium (20221025)","McAfee Total Protection (20221025)","Norton Security (20221025)","Quick Heal Internet Security (20221025)","Sophos Home Premium (20221025)","SpyHunter5 (20221025)","Total AV Antivirus Pro (20221025)","VIPRE Advanced Security (20221025)","VirIT eXplorer PRO (20221025)","Webroot SecureAnywhere (20221025)","Windows Defender (20221025)","Panda Dome (20221025)"],"avAllowList":["Trend Micro Internet Security (20221025)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.asoftwareplus.com/convert-wav-to-mp3.html","directDownloadingLink":"https://www.asoftwareplus.com/ConvertWAVToMP3Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.asoftwareplus.com/ConvertWAVToMP3Setup.exe","sourceIndex":"1368"}],"sampleFiles":["221017/ConvertWAVToMP3-221014/1.0/Samples/ConvertWAVToMP3Setup.exe"],"imageFiles":["221017/ConvertWAVToMP3-221014/1.0/Images/ACR-109/ACR-109.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-048/ACR-048.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-010/ACR-010.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-057/ACR-057.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-059/ACR-059.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-071/ACR-071.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-155/ACR-155.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-118/ACR-118.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["221017/ConvertWAVToMP3-221014/1.0/Images/ACR-106/ACR-106.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-092/ACR-092.JPG","221017/ConvertWAVToMP3-221014/1.0/Images/ACR-092/ACR-092_1.JPG"],"guid":"9046fb21-4ef9-491e-bf37-0b9209612426_1.0_1","appID":"ConvertWAVToMP3-221014","dateAdded":"221017","deceptorType":"App","name":"Convert WAV To MP3","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"221017","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2022-10-17T17:28:39.1967744+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1232},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains a few components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"DVDCutterPlusSetup.exe (installer)\" and \"DVDCutterPlus.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DVD Cutter Plus\\DVDCutterPlus.exe","companyName":"A Software Plus","productName":"DVD Cutter Plus","productVersion":"1.00","fileVersion":"1.00","hashMD5":"de2a6492009eabf29320b6ed38899a29","hashSHA1":"82793b7c9d08a1d65395f413bb58425f81e8eb80","hashSHA256":"3fa07112e0b6570324117277e43add8e5d8d579ce3f10ac79d389ab6f0f7cf76","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1369","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DVDCutterPlusSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"DVD Cutter Plus                                             ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"bb2b061a0cd1ae1519af238e0f5f0a19","hashSHA1":"9119dba9de7690726d54ffcb4fb4fb24a38bf502","hashSHA256":"8dae510a97b382c90c5ad38921c92a506efa314fd1e268f25627d9e5da08afa1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1369","avBlockList":["360 Total Security (20221025)","Avast Premium Security (20221025)","AVG Internet Security (20221025)","Avira Internet Security (20221025)","Bitdefender Internet Security (20221025)","COMODO Antivirus (20221025)","Dr.Web Security Space (20221025)","ESET Internet Security (20221025)","G DATA INTERNET SECURITY (20221025)","K7 Total Security (20221025)","Kaspersky Internet Security (20221025)","Malwarebytes Premium (20221025)","McAfee Total Protection (20221025)","Norton Security (20221025)","Panda Dome (20221025)","Quick Heal Internet Security (20221025)","Sophos Home Premium (20221025)","SpyHunter5 (20221025)","Total AV Antivirus Pro (20221025)","Trend Micro Internet Security (20221025)","VIPRE Advanced Security (20221025)","VirIT eXplorer PRO (20221025)","Webroot SecureAnywhere (20221025)","Windows Defender (20221025)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com/dvd-cutter.html","directDownloadingLink":"https://asoftwareplus.com/dvd-cutter-download.html","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/dvd-cutter-download.html","sourceIndex":"1369"}],"sampleFiles":["221017/DVDCutterPlus-221017/1.0/Samples/DVDCutterPlusSetup.exe"],"imageFiles":["221017/DVDCutterPlus-221017/1.0/Images/ACR-109/ACR-109.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-048/ACR-048.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-010/ACR-010.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-118/ACR-118.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-118/ACR-118_1.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-057/ACR-057.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-059/ACR-059.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-071/ACR-071.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221017/DVDCutterPlus-221017/1.0/Images/ACR-106/ACR-106.JPG","221017/DVDCutterPlus-221017/1.0/Images/ACR-092/ACR-092.JPG"],"guid":"40cc4372-dfa2-4128-8260-97db7def45eb_1.0_1","appID":"DVDCutterPlus-221017","dateAdded":"221017","deceptorType":"App","name":"DVD Cutter Plus","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"221017","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-10-17T17:25:55.3164089+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1229},{"violations":{"ACR-103":"The app suggests cleaning up 57 MB of junk/cache. After completing junk clean it says “CLEANED 60.72 MB” but, when viewed in app settings it displays cache data, thus unable to verify its value proposition as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up 57 MB of junk/cache. After completing junk clean it says “CLEANED 60.72 MB” but, when viewed in app settings it displays same size of cache data can be cleaned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.litetools.cleaner.apk","isInstaller":"True","fileVersion":"2.4.7","hashMD5":"fe5a289c340e556afeb007b26f79c67d","hashSHA1":"70e05f2bc74f86ee7de654458d46fe8206fa6072","hashSHA256":"b34214ce228815f5d1a856c38c59a2975c40b1b920c81ad3f880f1a9b98bcfc2","sourceIndex":"1374","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted from play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.litetools.cleaner","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.litetools.cleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.litetools.cleaner","sourceIndex":"1374"}],"sampleFiles":["221014/SmartCleanerPhoneBooster-221014/2.4.7/Samples/com.litetools.cleaner.apk"],"imageFiles":["221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221014/SmartCleanerPhoneBooster-221014/2.4.7/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"d9bd5cc2-3f48-4228-b422-ffac466de13d_2.4.7_1","appID":"SmartCleanerPhoneBooster-221014","dateAdded":"221014","deceptorType":"Android App","name":"Smart Cleaner - Phone Booster","company":"Lite Tools Studio","version":"2.4.7","lastKnownStatus":"2.4.7","lastKnownDate":"221014","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-14T18:54:02.2719775+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1233},{"violations":{"ACR-103":"The app suggests cleaning up 64 MB of junk/cache. After completing junk clean it says “CLEANED 67.58 MB” but, when viewed in app settings it displays cache data, thus unable to verify its value proposition as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up 64 MB of junk/cache. After completing junk clean it says “CLEANED 67.58 MB” but, when viewed in app settings it displays same size of the cache data can be cleaned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.litetools.speed.booster.apk","isInstaller":"True","fileVersion":"2.4.2","hashMD5":"a8ccebeefe8c8e6412b9379b336af8b2","hashSHA1":"aaf22f8f62acc455e4eb78faaf07c92c39408111","hashSHA256":"659bde5c0e53f4f4a761bb67e621e2823b74d7504f5aa7c61d93a4b2e48705b0","sourceIndex":"1373","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunted on play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.litetools.speed.booster","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.litetools.speed.booster","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.litetools.speed.booster","sourceIndex":"1373"}],"sampleFiles":["221014/PhoneSpeedBooster-221014/2.4.2/Samples/com.litetools.speed.booster.apk"],"imageFiles":["221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221014/PhoneSpeedBooster-221014/2.4.2/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"1ce614fc-bc05-4892-8dbd-737e19f43320_2.4.2_1","appID":"PhoneSpeedBooster-221014","dateAdded":"221014","deceptorType":"Android App","name":"Phone Speed Booster","company":"Lite Tools Studio","version":"2.4.2","lastKnownStatus":"2.4.2","lastKnownDate":"221014","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid","lastUpdate":"2022-10-14T18:55:41.0593635+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1234},{"violations":{"ACR-109":" The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains a few components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"InternetTextSpeakerSetup.exe (installer)\" and \"InternetTextSpeaker.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\InternetTextSpeaker.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"443f607f70c5e6432c3d8171ad76e781","hashSHA1":"e61ecf350c8a07825cc4e4a73f689721c2e14da2","hashSHA256":"98c2dac5ad6f11fda62290f79042bd3c617a5be5fd98bb1ea83f6cad1fa001ae","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"292","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"InternetTextSpeakerSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Internet Text Speaker                                       ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"e26bc94f4bf812981da27e1aef2221f8","hashSHA1":"2473813c0df415265f014c74262845daa3386c16","hashSHA256":"f8ed43404af365999ba3b1b5b1de4f1dd26b757fdf9b63f4191ebd5fc160dafa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"292","avBlockList":["360 Total Security (20221020)","Avast Premium Security (20221020)","AVG Internet Security (20221020)","Avira Internet Security (20221020)","Bitdefender Internet Security (20221020)","COMODO Antivirus (20221020)","Dr.Web Security Space (20221020)","ESET Internet Security (20221020)","G DATA INTERNET SECURITY (20221020)","K7 Total Security (20221020)","Kaspersky Internet Security (20221020)","Malwarebytes Premium (20221020)","McAfee Total Protection (20221020)","Norton Security (20221020)","Panda Dome (20221020)","Sophos Home Premium (20221020)","SpyHunter5 (20221020)","Total AV Antivirus Pro (20221020)","VIPRE Advanced Security (20221020)","VirIT eXplorer PRO (20221020)","Webroot SecureAnywhere (20221020)","Windows Defender (20221020)"],"avAllowList":["Quick Heal Internet Security (20221020)","Trend Micro Internet Security (20221020)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://asoftwareplus.com/internet-text-speaker.html","directDownloadingLink":"https://asoftwareplus.com/internet-text-speaker-download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://asoftwareplus.com/internet-text-speaker-download.html","sourceIndex":"292"}],"sampleFiles":["221012/InternetTextSpeaker-221011/1.0/Samples/InternetTextSpeakerSetup.exe"],"imageFiles":["221012/InternetTextSpeaker-221011/1.0/Images/ACR-109/ACR-109.JPG","221012/InternetTextSpeaker-221011/1.0/Images/ACR-048/ACR-048.JPG","221012/InternetTextSpeaker-221011/1.0/Images/ACR-010/ACR-010.JPG","221012/InternetTextSpeaker-221011/1.0/Images/ACR-118/ACR-118.JPG","221012/InternetTextSpeaker-221011/1.0/Images/ACR-057/ACR-057.JPG","221012/InternetTextSpeaker-221011/1.0/Images/ACR-059/ACR-059.JPG","221012/InternetTextSpeaker-221011/1.0/Images/ACR-071/ACR-071.JPG","221012/InternetTextSpeaker-221011/1.0/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["221012/InternetTextSpeaker-221011/1.0/Images/ACR-106/ACR-106.JPG","221012/InternetTextSpeaker-221011/1.0/Images/ACR-092/ACR-092.JPG"],"guid":"f77d8338-20ec-478c-861c-38e91f266935_1.0_1","appID":"InternetTextSpeaker-221011","dateAdded":"221012","deceptorType":"App","name":" Internet Text Speaker ","company":"A Software Plus","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2024-12-12T21:51:37.8430142+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1235},{"violations":{"ACR-004":"Application requires payment info without providing at lead seven days fully functional trial to fix issues reported during free scan.\n","ACR-008":"The customer has to decline the initial offer, in order to see the free 3-day trial of the app. \n"},"nonDeceptorViolations":{"ACR-054":"The option to decline, or upgrade later is very little compared to accept offer buttons\n"},"samples":[{"isRevoked":"False","fileName":"Antivirus Sniper","fileVersion":"0.","hashMD5":"89002ff8f8f40fe8ead81f6b0fd87df6","hashSHA1":"1f3ae619e8e3b72b837c3d0bc72bc03bc0792653","hashSHA256":"17b0871395208b637a0a74dba5defd36381582219b4d085102beac1548b40b0c","sourceIndex":"1356","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for free antivirus apps for mac","reference":"","landingPage":"https://sniper-guard.com/","directDownloadingLink":"https://apps.apple.com/ph/app/antivirus-sniper-virus-cleaner/id1516161012?mt=12","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://apps.apple.com/ph/app/antivirus-sniper-virus-cleaner/id1516161012?mt=12","sourceIndex":"1356"}],"sampleFiles":["221012/AntiVirusSniper-221012/1.11/Samples/Antivirus Sniper"],"imageFiles":["221012/AntiVirusSniper-221012/1.11/Images/ACR-004/ACR004_AnvirusSniper.JPG","221012/AntiVirusSniper-221012/1.11/Images/ACR-008/USE_FreeAfterScan.png","221012/AntiVirusSniper-221012/1.11/Images/ACR-008/ACR008_AnvirusSniper_2.JPG","221012/AntiVirusSniper-221012/1.11/Images/ACR-008/ACR008_AnvirusSniper_1.JPG"],"nonDeceptorImageFiles":["221012/AntiVirusSniper-221012/1.11/Images/ACR-054/USE_UpgradeOfferAfterScan Button.png"],"guid":"b319c2d3-1823-4c39-9282-3be09752d115_1.11_1","appID":"AntiVirusSniper-221012","dateAdded":"221012","deceptorType":"MacOS App","name":"Antivirus Sniper","company":"Sniper Guard Ltd","version":"1.11","lastKnownStatus":"1.11","lastKnownDate":"221025","type":"MacOS App","targetOS":"MacOS","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2022-10-25T23:11:34.3562506+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1236},{"violations":{"ACR-103":"The app suggests cleaning up 881 MB of junk/cache. After completing junk clean it says “Storage cleaned 881 MB” but, when viewed in app settings it displays cache data, thus unable to verify its value proposition as it does not clean any junk/cache.\n\n","ACR-014":"The app suggests cleaning up 881 MB of junk/cache. After completing junk clean it says “Storage cleaned 881 MB” but, when viewed in app settings it displays cache data, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.sup.phone.cleaner.booster.app_1.2.27.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"fc5d203a37e69bdd34925ad986fa87a6","hashSHA1":"d121c00bd7d36d1c81c5b3fc19f7e4ade4d22537","hashSHA256":"2377bbe74f0dddb82584229d18746c9925faccbc282ee73c83e136966a729f58","sourceIndex":"1379","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.sup.phone.cleaner.booster.app","ipv4":"","ipv6":"","sourceIndex":"1379"}],"sampleFiles":["221011/powerfulphonecleanerclean-220920/1.2.27/Samples/com.sup.phone.cleaner.booster.app_1.2.27.apk"],"imageFiles":["221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-103/ACR-103_Software_Scan_Result_3.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-014/ACR-014_Software_Scan_Result_3.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.png","221011/powerfulphonecleanerclean-220920/1.2.27/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.png"],"nonDeceptorImageFiles":[],"guid":"21472806-6d1a-4a54-a113-00a9ed1ccf7e_1.2.27_1","appID":"powerfulphonecleanerclean-220920","dateAdded":"221011","deceptorType":"Android App","name":"Powerful Phone Cleaner Clean","company":"Smooth Group","version":"1.2.27","lastKnownStatus":"Deceptor:1.2.27","lastKnownDate":"221011","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-11T09:38:58.2949601+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1237},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"The app calls itself \"secsvr.exe”, which is not related to the name \"Any Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-040":"The app is located inside of a hidden file directory, which prevents the consumer from being able to find it.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-099":"The software does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Common Files\\akl\\secsvr.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"c08402ccf5416d3041f9ea1f1ea6b151","hashSHA1":"02759b1c375d53e457f7b14fc54ce568a7d0d110","hashSHA256":"4998fe38c60e44881bf2db857dae5b117767f00b7e37192c77b573d4dd78b327","digitalCertThumbprint":"72FFA6D1007675C39827A4E8735A7CFA8278B576","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"PassTech Co.Ltd.","storeId":"","sourceIndex":"1382","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AnyKeylogger.exe","isInstaller":"True","companyName":"AnyKeylogger Inc.                                           ","productName":"AnyKeylogger                                                ","productVersion":"3.0                                               ","fileVersion":"                    ","hashMD5":"0f7fc870a65c8046b9bbcde09e6c8724","hashSHA1":"f6a431c88b7753c98b76e70e0ef2ebed0cabf083","hashSHA256":"e951b15571174e2e074db7e6901ea70781142222a239afd09a5dd3a8547fca20","digitalCertThumbprint":"72FFA6D1007675C39827A4E8735A7CFA8278B576","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"PassTech Co.Ltd.","storeId":"","sourceIndex":"1382","avBlockList":["360 Total Security (20221018)","Avast Premium Security (20221018)","AVG Internet Security (20221018)","Avira Internet Security (20221018)","Dr.Web Security Space (20221018)","ESET Internet Security (20221018)","K7 Total Security (20221018)","Kaspersky Internet Security (20221018)","Malwarebytes Premium (20221018)","McAfee Total Protection (20221018)","Norton Security (20221018)","Panda Dome (20221018)","Sophos Home Premium (20221018)","SpyHunter5 (20221018)","Total AV Antivirus Pro (20221018)","Trend Micro Internet Security (20221018)","VirIT eXplorer PRO (20221018)","Webroot SecureAnywhere (20221018)","Windows Defender (20221018)"],"avAllowList":["Bitdefender Internet Security (20221018)","COMODO Antivirus (20221018)","G DATA INTERNET SECURITY (20221018)","Quick Heal Internet Security (20221018)","VIPRE Advanced Security (20221018)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.updownload.com/windows/utilities","landingPage":"https://www.iseeguard.com/keylogger/","directDownloadingLink":"https://www.iseeguard.com/files/AnyKeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.iseeguard.com/files/AnyKeylogger.exe","sourceIndex":"1382"}],"sampleFiles":["221010/AnyKeylogger-210202/3.0/Samples/AnyKeyloggerSetup.exe"],"imageFiles":["221010/AnyKeylogger-210202/3.0/Images/ACR-084/ACR-084.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-084/ACR-084_1.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-084/ACR-084_2.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-084/ACR-084_3.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-086/ACR-086.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-086/ACR-086_1.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-048/ACR-048.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-007/ACR-007_1.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-007/ACR-007_2.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-014/ACR-014.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-116/ACR-116.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["221010/AnyKeylogger-210202/3.0/Images/ACR-038/ACR-038.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-040/ACR-040.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-065/ACR-065_Install.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-065/ACR-065_Software.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-099/ACR-099_Software.JPG","221010/AnyKeylogger-210202/3.0/Images/ACR-099/ACR-099_Landingpage.jpg"],"guid":"7396172b-357f-487a-953a-4d742102225d_3.0_1","appID":"AnyKeylogger-210202","dateAdded":"221010","deceptorType":"App","name":"AnyKeylogger","company":"anykeylogger software","version":"3.0","sigName":"Deceptor:Win32/AnyKeyloggerStalkerware!084086048007014116118","lastKnownStatus":"2.30;3.0","lastKnownDate":"221010","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-10-10T18:38:50.5735428+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1240},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"The app calls itself \"secsvr.exe”, which is not related to the name \"Any Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-040":"The app is located inside of a hidden file directory, which prevents the consumer from being able to find it.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"AnyKeylogger.exe","isInstaller":"True","companyName":"AnyKeylogger Inc.                                           ","fileVersion":"0.0","hashMD5":"cc9c166fd61c5b6cd3fedf638b97de33","hashSHA1":"d250328fd99d6cc2840b5fcd54c1a59d6ae4f10e","hashSHA256":"f216cea3c3fb71fc7422bcfbd5b18d23f0225effe1f0fc6ad4ddb00dfdc80724","digitalCertThumbprint":"A441611C33A9C3A1E2F8F35ED7E5090ADA67E820","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Kakasoft Software Co. Ltd, OU=技术, O=Kakasoft Software Co. Ltd, L=Shenzhen, S=Guangdong, C=CN","sourceIndex":"1997","avBlockList":["Avast Premium Security (20210629)","AVG Internet Security (20210629)","Avira Internet Security (20210629)","Bitdefender Internet Security (20210629)","COMODO Antivirus (20210629)","Dr.Web Security Space (20210629)","ESET Internet Security (20210629)","G DATA INTERNET SECURITY (20210629)","K7 Total Security (20210629)","Malwarebytes Premium (20210629)","McAfee Total Protection (20210629)","Norton Security (20210629)","Panda Dome (20210629)","Quick Heal Internet Security (20210629)","Sophos Home Premium (20210629)","SpyHunter5 (20210629)","Tencent PC Manager (20210629)","Total AV Antivirus Pro (20210629)","VIPRE Advanced Security (20210629)","VirIT eXplorer PRO (20210629)","Webroot SecureAnywhere (20210629)","Windows Defender (20210629)"],"avAllowList":["360 Total Security (20210629)","Kaspersky Internet Security (20210629)","Trend Micro Internet Security (20210629)"]},{"isRevoked":"False","fileName":"secsvr.exe","fileVersion":"0.0","hashMD5":"837c6e83b659e1d3ea5db76a1743026d","hashSHA1":"1875aeaf6435d13615b547801d30b71a241bb74b","hashSHA256":"75b2db54179a0fc63301b9108389e0aee95093a75d0e8982197c2251007a21dc","digitalCertThumbprint":"A441611C33A9C3A1E2F8F35ED7E5090ADA67E820","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Kakasoft Software Co. Ltd, OU=技术, O=Kakasoft Software Co. Ltd, L=Shenzhen, S=Guangdong, C=CN","sourceIndex":"1997","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.updownload.com/windows/utilities","landingPage":"http://www.anykeylogger.com","directDownloadingLink":"http://www.anykeylogger.com/files/AnyKeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.anykeylogger.com/files/AnyKeylogger.exe","sourceIndex":"1997"}],"sampleFiles":["210202/AnyKeylogger-210202/2.30/Samples/AnyKeylogger.exe","210202/AnyKeylogger-210202/2.30/Samples/secsvr.exe"],"imageFiles":["210202/AnyKeylogger-210202/2.30/Images/ACR-084/AnyKeylogger_Interactions [3].png","210202/AnyKeylogger-210202/2.30/Images/ACR-084/AnyKeylogger_HiddenDirectory [1].png","210202/AnyKeylogger-210202/2.30/Images/ACR-084/AnyKeylogger_Interactions [9].png","210202/AnyKeylogger-210202/2.30/Images/ACR-084/AnyKeylogger_Interactions [10].png","210202/AnyKeylogger-210202/2.30/Images/ACR-086/AnyKeylogger_Interactions [4].png","210202/AnyKeylogger-210202/2.30/Images/ACR-086/AnyKeylogger_Interactions [3].png","210202/AnyKeylogger-210202/2.30/Images/ACR-048/AnyKeylogger_Interactions [3].png","210202/AnyKeylogger-210202/2.30/Images/ACR-007/AnyKeylogger_Install [5].png","210202/AnyKeylogger-210202/2.30/Images/ACR-007/AnyKeylogger_Interactions [3].png","210202/AnyKeylogger-210202/2.30/Images/ACR-007/AnyKeylogger_Interactions [11].png","210202/AnyKeylogger-210202/2.30/Images/ACR-014/AnyKeylogger_RunningProcess [1].png","210202/AnyKeylogger-210202/2.30/Images/ACR-116/AnyKeylogger_ControlPanel [1].png","210202/AnyKeylogger-210202/2.30/Images/ACR-118/AnyKeylogger_FilesAfterUninstall [1].png"],"nonDeceptorImageFiles":["210202/AnyKeylogger-210202/2.30/Images/ACR-038/AnyKeylogger_FileProperty [2].png","210202/AnyKeylogger-210202/2.30/Images/ACR-040/AnyKeylogger_HiddenDirectory [1].png","210202/AnyKeylogger-210202/2.30/Images/ACR-065/AnyKeylogger_Install [1].png","210202/AnyKeylogger-210202/2.30/Images/ACR-065/AnyKeylogger_Install [2].png","210202/AnyKeylogger-210202/2.30/Images/ACR-065/AnyKeylogger_Install [3].png","210202/AnyKeylogger-210202/2.30/Images/ACR-065/AnyKeylogger_Install [4].png","210202/AnyKeylogger-210202/2.30/Images/ACR-065/AnyKeylogger_About [1].png","210202/AnyKeylogger-210202/2.30/Images/ACR-065/AnyKeylogger_LandingPage [1].jpg","210202/AnyKeylogger-210202/2.30/Images/ACR-099/AnyKeylogger_LandingPage [1].jpg","210202/AnyKeylogger-210202/2.30/Images/ACR-065/AnyKeylogger_OfferPage [1].png","210202/AnyKeylogger-210202/2.30/Images/ACR-099/AnyKeylogger_OfferPage [1].png"],"guid":"7396172b-357f-487a-953a-4d742102225d_2.30_1","appID":"AnyKeylogger-210202","dateAdded":"221010","deceptorType":"App","name":"AnyKeylogger","company":"anykeylogger software","version":"2.30","sigName":"Deceptor:Win32/AnyKeyloggerStalkerware!084086048007014116118","lastKnownStatus":"2.30;3.0","lastKnownDate":"221010","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-10-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1241},{"violations":{"ACR-103":"The app suggests cleaning up 94 MB of junk/cache. After completing junk clean it says “CLEANED 99.40 MB” but, when viewed in app settings it still displays same size of cache data can be cleaned, thus unable to verify its value proposition as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up 94 MB of junk/cache. After completing junk clean it says “CLEANED 99.40 MB” but, when viewed in app settings it still displays same size of cache data can be cleaned. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"cm.clean.master.cleaner.booster.cpu.cooler.apk","isInstaller":"True","fileVersion":"1.8.9","hashMD5":"f8c98ad29fa5b77efed62dd3be1d0ed5","hashSHA1":"76660775b9ae773128f489cb405c66d7401563b9","hashSHA256":"ac55316e6ade00224a42b9fb2fb7ccfc03051cc3543eafd909c967cf757d6348","sourceIndex":"1381","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=cm.clean.master.cleaner.booster.cpu.cooler","directDownloadingLink":"https://play.google.com/store/apps/details?id=cm.clean.master.cleaner.booster.cpu.cooler","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=cm.clean.master.cleaner.booster.cpu.cooler","sourceIndex":"1381"}],"sampleFiles":["221010/CPUCoolerPhoneCleaner-221007/1.8.9/Samples/cm.clean.master.cleaner.booster.cpu.cooler.apk"],"imageFiles":["221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221010/CPUCoolerPhoneCleaner-221007/1.8.9/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"960edeac-8f16-4e46-8820-21cd6b6872f9_1.8.9_1","appID":"CPUCoolerPhoneCleaner-221007","dateAdded":"221010","deceptorType":"Android App","name":"CPU Cooler - Phone Cleaner","company":"Lite Tools Studio","version":"1.8.9","sigName":"Deceptor:Android/CPUCoolerPhoneCleaner!014103","lastKnownStatus":"1.8.9","lastKnownDate":"221010","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-10T20:54:12.3021594+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1239},{"violations":{"ACR-103":"The app suggests cleaning up 103 MB of junk/cache. After completing junk clean it says “CLEANED” but, when viewed in app settings it displays same size of cache data can be cleaned, thus unable to verify its value proposition as it does not clean any junk/cache\n","ACR-014":"The app suggests cleaning up 103 MB of junk/cache. After completing junk clean it says “CLEANED” but, when viewed in app settings it displays same size of cache data can be cleaned.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.mytools.cleaner.booster.apk","isInstaller":"True","fileVersion":"1.42.0","hashMD5":"290dcb9bbbbcf41edf31ac66b4e1768d","hashSHA1":"8351cc625136938276089ac0343309f14167736e","hashSHA256":"7acc1aea7be5c28731512a809b913cf6aec04831c92ae5604f1ba4a0bb5be186","sourceIndex":"1380","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.mytools.cleaner.booster&pli=1","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.mytools.cleaner.booster&pli=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.mytools.cleaner.booster&pli=1","sourceIndex":"1380"}],"sampleFiles":["221010/SpeedBoosterPhoneBoost-221007/1.42.0/Samples/com.mytools.cleaner.booster.apk"],"imageFiles":["221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-103/ACR-103_Software_Scan_Result.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-014/ACR-014_Software_Scan_Result.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.jpg","221010/SpeedBoosterPhoneBoost-221007/1.42.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.jpg"],"nonDeceptorImageFiles":[],"guid":"e43bb22f-fad6-433d-bf17-05ccf392604f_1.42.0_1","appID":"SpeedBoosterPhoneBoost-221007","dateAdded":"221010","deceptorType":"Android App","name":"Speed Booster - Phone Boost","company":"Weather Forecast - WaiWao Studio","version":"1.42.0","sigName":"Deceptor:Android/SpeedBoosterPhoneBoost!014103","lastKnownStatus":"1.42.0","lastKnownDate":"221010","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-10T20:56:43.0579449+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1238},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN NOW” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus unable to verify the app's value proposition as it does not clean any junk/cache. \n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN NOW” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus misleading the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.newmax.cleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"54ca92bfc62518f9bf9761e92df18f76","hashSHA1":"114b4156e0b1798faa00b592d596263496cf7505","hashSHA256":"b613bfc1a1b194ec27462e2db18c61d95d20d595c4a47cd612078e1310ceba64","sourceIndex":"1386","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.newmax.cleaner","ipv4":"","ipv6":"","sourceIndex":"1386"}],"sampleFiles":["221003/maxcleanerbatterysaver-220930/1.0.11/Samples/com.newmax.cleaner.apk"],"imageFiles":["221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_Scan_Result_3.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-103/ACR-103_Software_Rescan_AfterFix_8.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_Scan_Result_3.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.png","221003/maxcleanerbatterysaver-220930/1.0.11/Images/ACR-014/ACR-014_Software_Rescan_AfterFix_8.png"],"nonDeceptorImageFiles":[],"guid":"89e919b2-2adb-4a49-ad56-6c482291dc1f_1.0.11_1","appID":"maxcleanerbatterysaver-220930","dateAdded":"221003","deceptorType":"Android App","name":"Max Cleaner Battery Saver","company":"MatCute Team","version":"1.0.11","sigName":"Deceptor:Android/MaxCleanerBatterySaver!103014","lastKnownStatus":"1.0.11","lastKnownDate":"221003","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,inject ads","lastUpdate":"2022-10-03T18:44:59.6015677+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1247},{"violations":{"ACR-103":"The app suggests cleaning up 212 MB of junk/cache. After completing junk clean it says “CLEANED 213 MB” but, when viewed in app settings it displays cache data, thus unable to verify its value proposition as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up 212 MB of junk/cache. After completing junk clean it says “CLEANED 213 MB” but, when viewed in app settings it displays cache data, thus misleading the user\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.myapp.phone.cleaner.booster.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"b3b8fb3b0aaae34176caadc919fd73b9","hashSHA1":"204702120b2360287e3157ff972ccfc2afbbd58a","hashSHA256":"5756d9814fd5bf8b4e7f823f1b1f72375d9c516d24eee083c89cf66b56da9399","sourceIndex":"1390","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.myapp.phone.cleaner.booster","ipv4":"","ipv6":"","sourceIndex":"1390"}],"sampleFiles":["221003/PhoneCleanerMasterofClean-220930/1.2.16/Samples/com.myapp.phone.cleaner.booster.apk"],"imageFiles":["221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning1.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning2.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Scan_Result.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Scan_Result1.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Scan_Result2.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning1.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning2.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning1.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning2.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Scan_Result.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Scan_Result1.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Scan_Result2.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning1.png","221003/PhoneCleanerMasterofClean-220930/1.2.16/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning2.png"],"nonDeceptorImageFiles":[],"guid":"9fc24456-a432-4156-9891-063f4562b84e_1.2.16_1","appID":"PhoneCleanerMasterofClean-220930","dateAdded":"221003","deceptorType":"Android App","name":"PhoneCleanerMasterofClean","company":"Weather Forecast ","version":"1.2.16","sigName":"Deceptor:Android/PhoneCleanerMasterofClean!103014","lastKnownStatus":"1.2.16","lastKnownDate":"221003","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-03T18:37:11.2714223+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1246},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN UP” option, it starts cleaning and displays \"OPTIMIZED\" but when viewing app details after cleaning, it displays cache data, thus unable to verify the app's value proposition as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN UP” option, it starts cleaning and displays \"OPTIMIZED\" but when viewing app details after cleaning, it displays cache data, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"booster.optimizer.cleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"f166d1d655a073a55c1444928a24c91e","hashSHA1":"51983650c4a398d15aa47fdc9bbfbac17f373f0a","hashSHA256":"763f58f4089161d364415ef9078a3651a946b5a8a37ced9cac5543de27140340","sourceIndex":"1389","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=booster.optimizer.cleaner","ipv4":"","ipv6":"","sourceIndex":"1389"}],"sampleFiles":["221003/360cleanerspeedbooster-220930/3.37/Samples/booster.optimizer.cleaner.apk"],"imageFiles":["221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Scan_Result_3.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Scan_Result_4.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Scan_Result_5.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_6.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_8.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_9.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Scan_Result_3.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Scan_Result_4.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Scan_Result_5.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_6.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_8.png","221003/360cleanerspeedbooster-220930/3.37/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_9.png"],"nonDeceptorImageFiles":[],"guid":"b3d3ef32-cb0e-41d8-87e0-f45c858d3299_3.37_1","appID":"360cleanerspeedbooster-220930","dateAdded":"221003","deceptorType":"Android App","name":"360 Cleaner Speed Booster","company":"Assistive Touch Team","version":"3.37","sigName":"Deceptor:Android/360CleanerSpeedBooster!103014","lastKnownStatus":"3.37","lastKnownDate":"221003","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,inject ads","lastUpdate":"2022-10-03T18:39:03.2131295+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1248},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN NOW” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus unable to verify the app's value proposition as it does not clean any junk/cache. \n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “CLEAN NOW” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus misleading the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.cleanner.master.junkcleanner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"2b749c259bbc6e7c27035ed77e1e3822","hashSHA1":"69486ac64d96ddbaeb151d81a55fb20530301cb1","hashSHA256":"3c41b7cef48f96df2625b8be0216d7c4d960a5041cb25865c9faca04178dc884","sourceIndex":"1387","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.cleanner.master.junkcleanner","ipv4":"","ipv6":"","sourceIndex":"1387"}],"sampleFiles":["221003/systemrepairandbooster-220930/1.1/Samples/com.cleanner.master.junkcleanner.apk"],"imageFiles":["221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_Scan_Result_3.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-103/ACR-103_Software_Rescan_AfterFix_8.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_Scan_Result_3.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.png","221003/systemrepairandbooster-220930/1.1/Images/ACR-014/ACR-014_Software_Rescan_AfterFix_8.png"],"nonDeceptorImageFiles":[],"guid":"818c69e6-231d-4956-8b05-e67e8344cee5_1.1_1","appID":"systemrepairandbooster-220930","dateAdded":"221003","deceptorType":"Android App","name":"System Repair and Booster","company":"Boogly","version":"1.1","sigName":"Deceptor:Android/SystemRepairandBooster!014103","lastKnownStatus":"1.1","lastKnownDate":"221003","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,inject ads","lastUpdate":"2022-10-03T18:43:27.1840695+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1243},{"violations":{"ACR-010":"The apps from \"http://www.videotool.net/\" distribute deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"http://www.videotool.net/","ipv4":"","ipv6":"","sourceIndex":"1388"}],"sampleFiles":[],"imageFiles":["221003/VideotoolNet-220930/220930/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":[],"guid":"7f3bf440-0bc5-4177-b6d8-629dc379dca5_220930_1","appID":"VideotoolNet-220930","dateAdded":"221003","deceptorType":"Affiliate","name":"Videotool.NET","company":"Videotool.NET","version":"220930","sigName":"Deceptor:Affiliate/VideotoolDotNET!010","lastKnownStatus":"221003","lastKnownDate":"221003","type":"Affiliate","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-03T18:41:54.6483017+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1242},{"violations":{"ACR-046":"To not install Yandex Browser, user action is required to unselect the checked box to install.\n","ACR-057":"Offer displays overlapped text in order to disguise the ability to decline the offer.\n","ACR-055":"The bundler made offers do not make the action of deselecting or declining offers obvious to the consumer due to the overlapped text.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-045":"The app overlaps text and makes it ineligible in the bundler-made offer in order to prevent the user from declining the offer.\n","ACR-054":"Offer comes with a pre-checked checkbox and requires the user to uncheck it in order to decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"SharemanSetup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"06d616c9b45ece909e690229bcdd9bee","hashSHA1":"fb276686e3a418b262bda229106cec7ad54bbbcb","hashSHA256":"5309c0158c29857459da7ffe4c76383e6dfe2cc8c899c9a4699f21c6c0e65050","sourceIndex":"2130","avBlockList":["Avast Premium Security (20200831)","AVG Internet Security (20200831)","Avira Internet Security (20200831)","ESET Internet Security (20200831)","Malwarebytes Premium (20200831)","McAfee Total Protection (20200831)","Norton Security (20200831)","Panda Dome (20200831)","Quick Heal Internet Security (20200831)","Sophos Home Premium (20200831)","SpyHunter5 (20200831)","Total AV Antivirus Pro (20200831)","VirIT eXplorer PRO (20200831)","Windows Defender (20200831)","K7 Total Security (20200831)"],"avAllowList":["360 Total Security (20200831)","Bitdefender Internet Security (20200831)","COMODO Antivirus (20200831)","Dr.Web Security Space (20200831)","G DATA INTERNET SECURITY (20200831)","Kaspersky Internet Security (20200831)","Tencent PC Manager (20200831)","Trend Micro Internet Security (20200831)","VIPRE Advanced Security (20200831)","Webroot SecureAnywhere (20200831)"]},{"isRevoked":"False","fileName":"Shareman.exe","fileVersion":"102.3","hashMD5":"8086ebbde4b50f54da27705d3daf76d9","hashSHA1":"3a5c3b0e14979a96e8cab2f0fd9d8dd4c44da2a5","hashSHA256":"ee8c070bb5c8b91196faf3c68c61c4a29cf6d8704cbc12169cc8e8d54d1c240b","sourceIndex":"2130","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://shareman.tv/","directDownloadingLink":"http://setup.shareman.tv/SharemanSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://setup.shareman.tv/SharemanSetup.exe","sourceIndex":"2130"}],"sampleFiles":["200817/Shareman-200721/102.3.78.218/Samples/SharemanSetup.exe","200817/Shareman-200721/102.3.78.218/Samples/Shareman.exe"],"imageFiles":["200817/Shareman-200721/102.3.78.218/Images/ACR-046/Screen Shot 2020-07-21 at 2.12.11 PM.png","200817/Shareman-200721/102.3.78.218/Images/ACR-055/Screen Shot 2020-07-21 at 2.12.11 PM.png","200817/Shareman-200721/102.3.78.218/Images/ACR-057/Screen Shot 2020-07-21 at 2.12.11 PM.png","200817/Shareman-200721/102.3.78.218/Images/ACR-155/Screen Shot 2020-07-21 at 2.12.11 PM.png"],"nonDeceptorImageFiles":["200817/Shareman-200721/102.3.78.218/Images/ACR-045/Screen Shot 2020-07-21 at 2.12.11 PM.png","200817/Shareman-200721/102.3.78.218/Images/ACR-054/Screen Shot 2020-07-21 at 2.12.11 PM.png"],"guid":"dd5a23af-733b-46ae-add4-a9fff1b864ac_102.3.78.218_1","appID":"Shareman-200721","dateAdded":"221003","deceptorType":"App","name":"Shareman","company":"Shareman","version":"102.3.78.218","sigName":"Deceptor:Win32/Shareman!046055057155","lastKnownStatus":"102.3.78.218;102.3.78.233","lastKnownDate":"221003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Android,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2022-10-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1245},{"violations":{"ACR-046":"The Yandex Offer is preselected in the installation and requires the user to uncheck a checkbox in order to decline the offer.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Shareman.exe","fileVersion":"102.3.78.233","hashMD5":"40e47440b35887f43b719c00803963d9","hashSHA1":"b18263ac3e0446061668d18a76956870acd1be1b","hashSHA256":"7570c04e803114f0963d6a832522a123e2e2c4ab4a1000d94e8ea6427bab7a29","sourceIndex":"1391","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SharemanSetup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a46b776b918fe6db2b03a8abe90dd2ff","hashSHA1":"40fe0df88e75c529119c0dca6e2e03fa6a07e169","hashSHA256":"4f056f2dd31d9fc3e20c10d3e0c0e2039363daaef0f9d9b20122c1dbfe085c73","sourceIndex":"1391","avBlockList":["360 Total Security (20221013)","Avast Premium Security (20221013)","AVG Internet Security (20221013)","Avira Internet Security (20221013)","Dr.Web Security Space (20221013)","ESET Internet Security (20221013)","G DATA INTERNET SECURITY (20221013)","Kaspersky Internet Security (20221013)","Malwarebytes Premium (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)","Windows Defender (20221013)"],"avAllowList":["Bitdefender Internet Security (20221013)","COMODO Antivirus (20221013)","K7 Total Security (20221013)","Quick Heal Internet Security (20221013)","Trend Micro Internet Security (20221013)","VIPRE Advanced Security (20221013)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://shareman.tv/","directDownloadingLink":"http://setup.shareman.tv/SharemanSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://setup.shareman.tv/SharemanSetup.exe","sourceIndex":"1391"}],"sampleFiles":["221003/Shareman-200721/102.3.78.233/Samples/Shareman.exe","221003/Shareman-200721/102.3.78.233/Samples/SharemanSetup.exe"],"imageFiles":["221003/Shareman-200721/102.3.78.233/Images/ACR-046/ACR-046_Yandex_Offer.jpg","221003/Shareman-200721/102.3.78.233/Images/ACR-155/Yandex_Offer.jpg"],"nonDeceptorImageFiles":[],"guid":"dd5a23af-733b-46ae-add4-a9fff1b864ac_102.3.78.233_1","appID":"Shareman-200721","dateAdded":"221003","deceptorType":"App","name":"Shareman","company":"Shareman","version":"102.3.78.233","lastKnownStatus":"102.3.78.218;102.3.78.233","lastKnownDate":"221003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Android,Windows XP,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2022-10-03T18:34:57.2196634+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1244},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" before disclosing them to the user and users agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed still downloads and runs “rkverify.exe”, a RelevantKnowledge file.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-103":"The \"Buy now\" option in the software and Landing page (http://www.videotool.net/buy.htm) returns an error page.\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded RelevantKnowledge files regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CuteVideoConverter\\CuteVideoConverter.exe","companyName":"Videotool.NET","productName":"","productVersion":"3.3.0.0","fileVersion":"4.8.0.16","hashMD5":"f991a97a97e60d90cedd98351014c1b8","hashSHA1":"22a9630096fad110e49aa2cfc43ad397e643efdf","hashSHA256":"5508fa038fa95e5871babc2e7111a3679878e6dad509298a9b33cef727535bb9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1395","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"videoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video Converter                                        ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"006a1e5ea5a6482c939831a0f531cf56","hashSHA1":"a5b484f105edb83ad94659683f5ddf73aa6a16b4","hashSHA256":"2bafdbe0fb9cb96d2882515f40bcb09b1f629e27f817fcc909874a8a1011ba1a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1395","avBlockList":["360 Total Security (20221006)","Avast Premium Security (20221006)","AVG Internet Security (20221006)","Avira Internet Security (20221006)","Bitdefender Internet Security (20221006)","Dr.Web Security Space (20221006)","ESET Internet Security (20221006)","G DATA INTERNET SECURITY (20221006)","K7 Total Security (20221006)","Kaspersky Internet Security (20221006)","Malwarebytes Premium (20221006)","McAfee Total Protection (20221006)","Norton Security (20221006)","Panda Dome (20221006)","Quick Heal Internet Security (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","VIPRE Advanced Security (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)","Windows Defender (20221006)"],"avAllowList":["COMODO Antivirus (20221006)","Trend Micro Internet Security (20221006)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.videotool.net/video-converter.htm","directDownloadingLink":"http://www.videotool.net/download/videoconverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.videotool.net/download/videoconverter.exe","sourceIndex":"1395"}],"sampleFiles":["220928/CuteVideoConverter-220928/4.8.0.16/Samples/videoconverter.exe"],"imageFiles":["220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-109/ACR-109.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-039/ACR-039.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-048/ACR-048.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-010/ACR-010.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-059/ACR-059.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-155/ACR-155.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-103/ACR-103.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-103/ACR-103_1.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-118/ACR-118.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-106/ACR-106.JPG","220928/CuteVideoConverter-220928/4.8.0.16/Images/ACR-092/ACR-092.JPG"],"guid":"3ed0f0d1-52ea-41a7-953f-57d0ecd145ca_4.8.0.16_1","appID":"CuteVideoConverter-220928","dateAdded":"220928","deceptorType":"App","name":"Cute Video Converter","company":"Videotool.NET","version":"4.8.0.16","lastKnownStatus":"4.8.0.16","lastKnownDate":"220928","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-28T17:44:45.0770887+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1249},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" before disclosing them to the user and users agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed still downloads and runs “rkverify.exe”, a RelevantKnowledge file.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-103":"The \"Buy now\" option in the software and Landing page (http://www.videotool.net/buy.htm) returns an error page.\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded RelevantKnowledge files regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CuteMOVConverter\\CuteMOVConverter.exe","companyName":"Videotool.NET","productName":"","productVersion":"3.3.0.0","fileVersion":"4.8.0.16","hashMD5":"843b855aa5bc12949c50e2990e1ecae6","hashSHA1":"88e71a0ee4b2b496db30d38ea110e10fd66639a1","hashSHA256":"5679bf2c1ff29130e936f9e396cb135bcc0f44f323c2a555179251d305233737","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1396","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"movconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute MOV Converter                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"c0323075acd4afe68df82093caab1b8a","hashSHA1":"0ee66f29285675bc95142889cc47464835d2c2ad","hashSHA256":"feba5edec89a1824b4efc98b5992eecd91a232b80f13b79f0e04e0b7a45e2f4f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1396","avBlockList":["360 Total Security (20221006)","Avast Premium Security (20221006)","AVG Internet Security (20221006)","Avira Internet Security (20221006)","Bitdefender Internet Security (20221006)","Dr.Web Security Space (20221006)","ESET Internet Security (20221006)","G DATA INTERNET SECURITY (20221006)","K7 Total Security (20221006)","Kaspersky Internet Security (20221006)","Malwarebytes Premium (20221006)","McAfee Total Protection (20221006)","Norton Security (20221006)","Panda Dome (20221006)","Quick Heal Internet Security (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","VIPRE Advanced Security (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)","Windows Defender (20221006)"],"avAllowList":["COMODO Antivirus (20221006)","Trend Micro Internet Security (20221006)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://videotool.net/mov-converter.htm","directDownloadingLink":"http://videotool.net/download/movconverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://videotool.net/download/movconverter.exe","sourceIndex":"1396"}],"sampleFiles":["220928/CuteMOVConverter-220928/4.8.0.16/Samples/movconverter.exe"],"imageFiles":["220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-109/ACR-109.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-039/ACR-039.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-048/ACR-048.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-010/ACR-010.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-103/ACR-103.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-103/ACR-103_1.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-118/ACR-118.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-118/ACR-118_1.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-059/ACR-059.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-106/ACR-106.JPG","220928/CuteMOVConverter-220928/4.8.0.16/Images/ACR-092/ACR-092.JPG"],"guid":"365b8088-318f-4b2c-85bc-eb401666229a_4.8.0.16_1","appID":"CuteMOVConverter-220928","dateAdded":"220928","deceptorType":"App","name":"Cute MOV Converter","company":"Videotool.NET","version":"4.8.0.16","lastKnownStatus":"4.8.0.16","lastKnownDate":"220928","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-09-28T17:43:47.7548478+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1250},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" before disclosing them to the user and users agree to download and run.\n","ACR-048":" There is a \"decline \" button that when pressed still downloads and runs “rkverify.exe”, a RelevantKnowledge file. \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-103":"The \"Buy now\" option in the software and Landing page (http://www.videotool.net/buy.htm) returns an error page.\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded RelevantKnowledge files regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Cute3GPVideoConverter\\Cute3gpVideoConverter.exe","companyName":"Videotool.NET","productName":"","productVersion":"3.3.0.0","fileVersion":"4.8.0.16","hashMD5":"2107173ddcf3e6c9fdba217ae3e9ac17","hashSHA1":"6a807bc6ba4def4c09ac1f42319c94fda1d5a784","hashSHA256":"e666a0d3628a9e4b92dae44c1af342ff12ad474fe4d69294d63ab9f7a002aa18","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1397","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"3gpvideoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute 3GP Video Converter                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"bd1250ffaebbd591181ba49cae1e3680","hashSHA1":"d6e1c0b781ae4798dbd47e1830637acc1a108354","hashSHA256":"2fa0a87352aa0c204376aac501d91e5f87c1468a4aec1a223687ea7fd9ad576d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1397","avBlockList":["360 Total Security (20221006)","Avast Premium Security (20221006)","AVG Internet Security (20221006)","Avira Internet Security (20221006)","Bitdefender Internet Security (20221006)","COMODO Antivirus (20221006)","Dr.Web Security Space (20221006)","ESET Internet Security (20221006)","G DATA INTERNET SECURITY (20221006)","K7 Total Security (20221006)","Kaspersky Internet Security (20221006)","Malwarebytes Premium (20221006)","McAfee Total Protection (20221006)","Norton Security (20221006)","Panda Dome (20221006)","Quick Heal Internet Security (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","VIPRE Advanced Security (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)","Windows Defender (20221006)"],"avAllowList":["Trend Micro Internet Security (20221006)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.videotool.net/3gp-video-converter.htm","directDownloadingLink":"http://www.videotool.net/download/3gpvideoconverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.videotool.net/download/3gpvideoconverter.exe","sourceIndex":"1397"}],"sampleFiles":["220928/Cute3GPVideoConverter-220928/4.8.0.16/Samples/3gpvideoconverter.exe"],"imageFiles":["220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-109/ACR-109.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-039/ACR-039.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-048/ACR-048.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-010/ACR-010.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-103/ACR-103.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-103/ACR-103_1.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-118/ACR-118.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-118/ACR-118_1.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-059/ACR-059.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-106/ACR-106.JPG","220928/Cute3GPVideoConverter-220928/4.8.0.16/Images/ACR-092/ACR-092.JPG"],"guid":"ce30c3a6-ca02-4dbb-97cc-cceb687e9dd0_4.8.0.16_1","appID":"Cute3GPVideoConverter-220928","dateAdded":"220928","deceptorType":"App","name":"Cute 3gp Video Converter","company":"Videotool.NET","version":"4.8.0.16","lastKnownStatus":"4.8.0.16","lastKnownDate":"220928","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-28T17:41:08.195797+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1251},{"violations":{"ACR-003":"App's use of a gauge in free scan results gives the user an exaggerated sense of urgency.\n","ACR-004":"The app does not provide free fixes for the free scan results and then requires the user to pay to continue using the app. App's use of a gauge in free scan results gives the user an exaggerated sense of urgency.\n","ACR-084":"The app does not provide any way to disable Notification Center.\n","ACR-118":"App retains its notification service after uninstall.\n"},"nonDeceptorViolations":{"ACR-065":"The landing page does not have links to the Returns and Cancellation Policy.\nThe app does not have links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe install has no links to the Returns and Cancellation Policy or the Privacy Policy\nThe internal offers page does not have links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"No links back to actual testimonials, or explanations about how they were collected.\n","ACR-099":"The app does not show any links to uninstall information.\nThe landing page does not show links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Macflypro_Installer.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"5781664580189b69b1553f65b5564c08baaf94c049c37a08151ec561e717897f","sourceIndex":"1398","avBlockList":["Avast Internet Security (20190506)","AVG Internet Security (20190506)","Avira Internet Security (20190506)","ESET Internet Security (20190506)","Windows Defender (20190506)","Avast Security for Mac (20221213)","Avira Security for Mac (20221213)","Bitdefender Antivirus for Mac (20221213)","ESET Cyber Security Pro for Mac (20221213)","G DATA AntiVirus for Mac (20221213)","K7 Antivirus for Mac (20221213)","Kaspersky Internet Security for Mac (20221213)","McAfee Internet Security for Mac (20221213)","Norton Security for Mac (20221213)","Sophos Home Premium For Mac (20221213)","Trend Micro Antivirus for Mac (20221213)"],"avAllowList":["360 Total Security (20190506)","Bitdefender Internet Security (20190506)","COMODO Antivirus (20190506)","Dr.Web Security Space (20190506)","G DATA INTERNET SECURITY (20190506)","K7 Total Security (20190506)","Kaspersky Internet Security (20190506)","Malwarebytes Premium (20190506)","Norton Security (20190506)","Panda Dome (20190506)","Quick Heal Internet Security (20190506)","Sophos Home Premium (20190506)","Tencent PC Manager (20190506)","Trend Micro Internet Security (20190506)","VIPRE Advanced Security (20190506)","VirIT eXplorer PRO (20190506)","Webroot SecureAnywhere (20190506)"]},{"isRevoked":"False","fileName":"MacFlyPro.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"1c79ad98272dbdf62ecd31dc11efd9a4c9da6097b3798285244a2535c6d17615","sourceIndex":"1398","avBlockList":["Avast Internet Security (20190506)","AVG Internet Security (20190506)","ESET Internet Security (20190506)","Norton Security (20190506)","Windows Defender (20190506)","Avast Security for Mac (20221213)","Avira Security for Mac (20221213)","Bitdefender Antivirus for Mac (20221213)","ESET Cyber Security Pro for Mac (20221213)","G DATA AntiVirus for Mac (20221213)","K7 Antivirus for Mac (20221213)","Kaspersky Internet Security for Mac (20221213)","McAfee Internet Security for Mac (20221213)","Norton Security for Mac (20221213)","Sophos Home Premium For Mac (20221213)","Trend Micro Antivirus for Mac (20221213)"],"avAllowList":["360 Total Security (20190506)","Avira Internet Security (20190506)","Bitdefender Internet Security (20190506)","COMODO Antivirus (20190506)","Dr.Web Security Space (20190506)","G DATA INTERNET SECURITY (20190506)","K7 Total Security (20190506)","Kaspersky Internet Security (20190506)","Malwarebytes Premium (20190506)","Panda Dome (20190506)","Quick Heal Internet Security (20190506)","Sophos Home Premium (20190506)","Tencent PC Manager (20190506)","Trend Micro Internet Security (20190506)","VIPRE Advanced Security (20190506)","VirIT eXplorer PRO (20190506)","Webroot SecureAnywhere (20190506)"]},{"isRevoked":"False","fileName":"MFP","fileVersion":"0.","hashMD5":"568b9e4245cfb49409937f1cdb9f7ccd","hashSHA1":"4ce31c8a19f2b58e04884729a910ae313149455d","hashSHA256":"5af05fca9f448cbb45183641d0b70e8170f96d3fe4b5f53a7a2e47c9c25b7b1b","sourceIndex":"1398","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacFlyProNEW.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3fb833bd77331daeddf50a200d688db96fa07f6105361a19b12dc5c979a87fb5","sourceIndex":"1398","avBlockList":["Avast Security for Mac (20230112)","Avira Security for Mac (20230112)","Bitdefender Antivirus for Mac (20230112)","ESET Cyber Security Pro for Mac (20230112)","G DATA AntiVirus for Mac (20230112)","K7 Antivirus for Mac (20230112)","Kaspersky Internet Security for Mac (20230112)","McAfee Internet Security for Mac (20230112)","Norton Security for Mac (20230112)","Sophos Home Premium For Mac (20230112)","Trend Micro Antivirus for Mac (20230112)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacFlyPro_.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"c3ae43a71baf3218fd2d14eee1e36f7c","hashSHA1":"9da4a5fad6a1d269829c25e1a1d247d7be18dd98","hashSHA256":"30397712f07cb4a1ba46659ac801fbc27d0ba42160f1e0bf1b8c636eb9f8eb0b","sourceIndex":"1398","avBlockList":["Avast Security for Mac (20230214)","Avira Security for Mac (20230214)","Bitdefender Antivirus for Mac (20230214)","ESET Cyber Security Pro for Mac (20230214)","G DATA AntiVirus for Mac (20230214)","K7 Antivirus for Mac (20230214)","McAfee Internet Security for Mac (20230214)","Norton Security for Mac (20230214)","Sophos Home Premium For Mac (20230214)","Trend Micro Antivirus for Mac (20230214)"],"avAllowList":["Kaspersky Internet Security for Mac (20230214)"]},{"isRevoked":"False","fileName":"MacFlyPro [2].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"9dee882aa51454374840308e756a1de0","hashSHA1":"1f34187f68438b4c07c34968df5f79d787f7641e","hashSHA256":"b7322a3e9615df5b61e7d5dc17e6d813c584a7260a2e87d9e55ef135e6baf767","sourceIndex":"1398","avBlockList":["Avast Security for Mac (20230314)","Avira Security for Mac (20230314)","Bitdefender Antivirus for Mac (20230314)","ESET Cyber Security Pro for Mac (20230314)","G DATA AntiVirus for Mac (20230314)","K7 Antivirus for Mac (20230314)","Kaspersky Internet Security for Mac (20230314)","McAfee Internet Security for Mac (20230314)","Norton Security for Mac (20230314)","Sophos Home Premium For Mac (20230314)","Trend Micro Antivirus for Mac (20230314)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacFlyPro[3].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"efa35c1c138676c8b82df6181afd0eee","hashSHA1":"2f878ba1f26a3d1d863e66a089060a01ee72162f","hashSHA256":"ddabefb1a2c58927b7c6cab422dd9af311f7d5340404d0ca112c21b625e3ef4e","sourceIndex":"1398","avBlockList":["Avast Security for Mac (20230314)","Bitdefender Antivirus for Mac (20230314)","ESET Cyber Security Pro for Mac (20230314)","G DATA AntiVirus for Mac (20230314)","K7 Antivirus for Mac (20230314)","Kaspersky Internet Security for Mac (20230314)","McAfee Internet Security for Mac (20230314)","Norton Security for Mac (20230314)","Sophos Home Premium For Mac (20230314)","Trend Micro Antivirus for Mac (20230314)","Avira Security for Mac (20230314)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacFlyPro[4].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"806f256e71301a24a228c7006e933ac0","hashSHA1":"2f6e5471837da95584d02650bc6cd8ac786579ee","hashSHA256":"f6ff09770dd09afa6ece04b5a37c8bde10ee5f1560188c0866acbfb1c1b1257f","sourceIndex":"1398","avBlockList":["Avast Security for Mac (20230314)","Avira Security for Mac (20230314)","Bitdefender Antivirus for Mac (20230314)","ESET Cyber Security Pro for Mac (20230314)","G DATA AntiVirus for Mac (20230314)","K7 Antivirus for Mac (20230314)","Kaspersky Internet Security for Mac (20230314)","McAfee Internet Security for Mac (20230314)","Norton Security for Mac (20230314)","Sophos Home Premium For Mac (20230314)","Trend Micro Antivirus for Mac (20230314)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MacFlyPro[5].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4c08f1ee0fb5e10d1e5307eac910c134","hashSHA1":"5304b081ede7d599d95e10a56c3d883b701db2eb","hashSHA256":"f8eb9c9eb9351d89d7e0fc8b031ba08620f2361368ac5cac09bed772c724bf6b","sourceIndex":"1398","avBlockList":["Avira Security for Mac (20211214)","Bitdefender Antivirus for Mac (20211214)","ESET Cyber Security Pro for Mac (20211214)","G DATA AntiVirus for Mac (20211214)","K7 Antivirus for Mac (20211214)","Kaspersky Internet Security for Mac (20211214)","Norton Security for Mac (20211214)","Sophos Home Premium For Mac (20211214)","Trend Micro Antivirus for Mac (20211214)"],"avAllowList":["Avast Security for Mac (20211214)","McAfee Internet Security for Mac (20211214)"]},{"isRevoked":"False","fileName":"MacFlyPro [6].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5181c24fa9225faa8938c624f6685228","hashSHA1":"0b0ab4eedadfdb5dfd73d7b8857849c91455e4ee","hashSHA256":"f463ff3c00d5cc1ff6cd2f5cce80aacf32e06b6922a9266d8c590f5967712d23","sourceIndex":"1398","avBlockList":["Avast Security for Mac (20230314)","Avira Security for Mac (20230314)","Bitdefender Antivirus for Mac (20230314)","ESET Cyber Security Pro for Mac (20230314)","G DATA AntiVirus for Mac (20230314)","K7 Antivirus for Mac (20230314)","Kaspersky Internet Security for Mac (20230314)","McAfee Internet Security for Mac (20230314)","Norton Security for Mac (20230314)","Sophos Home Premium For Mac (20230314)","Trend Micro Antivirus for Mac (20230314)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Adplexity","landingPage":"https://macflypro.com","directDownloadingLink":"https://macflypro.com/thank-you.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macflypro.com/thank-you.html","sourceIndex":"1398"},{"howFound":"Hunt.Submission","reference":"Hazel: cleanmacsafe.com rerouts to MacFlyPro","landingPage":"maccleanertool.com","directDownloadingLink":"https://maccleaningtool.com/thank-you.html?x-host=maccleanertool.com&cid=622958231.1556149114","ipv4":"","ipv6":"","sourceIndex":"1399"}],"sampleFiles":["220927/MacFlyPro-180122/1.0.231/Samples/Macflypro_Installer.pkg","220927/MacFlyPro-180122/1.0.231/Samples/MacFlyPro.dmg","220927/MacFlyPro-180122/1.0.231/Samples/MFP","220927/MacFlyPro-180122/1.0.231/Samples/MacFlyProNEW.dmg","220927/MacFlyPro-180122/1.0.231/Samples/MacFlyPro_.dmg","220927/MacFlyPro-180122/1.0.231/Samples/MacFlyPro [2].dmg","220927/MacFlyPro-180122/1.0.231/Samples/MacFlyPro[3].dmg","220927/MacFlyPro-180122/1.0.231/Samples/MacFlyPro[4].dmg","220927/MacFlyPro-180122/1.0.231/Samples/MacFlyPro[5].dmg","220927/MacFlyPro-180122/1.0.231/Samples/MacFlyPro [6].dmg"],"imageFiles":["220927/MacFlyPro-180122/1.0.231/Images/ACR-084/MacFlyPro ACR084.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-118/ACR-118 does not remove notification.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-003/MacFlyPro Scan Results.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-004/MacFlyPro Before Internal Offers.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-004/MacFlyPro Subscription.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-004/MacFlyPro Scan Results.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-004/MacFlyPro Internal Offers.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-004/MacFlyPro Your trial is over.png"],"nonDeceptorImageFiles":["220927/MacFlyPro-180122/1.0.231/Images/ACR-065/MacFlyPro Bottom of Landing Page.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-065/MacFlyPro About Page.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-065/MacFlyPro Install.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-065/MacFlyPro Internal Offers.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-161/MacFlyPro Testimonial.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-099/MacFlyPro About Page.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-099/MacFlyPro Bottom of Landing Page.png","220927/MacFlyPro-180122/1.0.231/Images/ACR-099/MacFlyPro Internal Offers.png"],"guid":"ee43d79e-0ffd-493e-b830-22fa8ab941e1_1.0.231_1","appID":"MacFlyPro-180122","dateAdded":"220927","deceptorType":"MacOS App","name":"MacFly Pro","company":"BGTech Ltd","version":"1.0.231","sigName":"Deceptor:MacOS/MacFlyPro!003004084118","lastKnownStatus":"Deceptor:1.0.231","lastKnownDate":"220927","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-09-27T22:58:57.9628804+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1253},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure. \n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide any control to close the process that runs silently in the background within the app's settings.\n","ACR-084":"On quitting the app, the processes \"IvacyService.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains most of its components on the device without the consumer's consent.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the internal offers (https://www.ivacy.com/buy-vpn/  &  https://www.ivacy.com/freedom-deal/).\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove \"IvacyService.exe\" process even after uninstall.\n","ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.ivacy.com/).\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ivacy\\Ivacy.exe","companyName":"","productName":"Ivacy","productVersion":"6.2.0.0","fileVersion":"6.2.0.0","hashMD5":"9f9b8e4910100e4a7f88f17728ecb83d","hashSHA1":"216cf1d055b3915cd1b62c51541192e15b120e2c","hashSHA256":"5bf05066f53cb2b8c4e1f755987c8c6526a0e0e65eee84450a09431dad6e0dfd","digitalCertThumbprint":"62E990CC0A26D58E1A150617357010EE53186707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"PMG PTE. LTD.","storeId":"","sourceIndex":"1402","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ivacy\\IvacyService.exe","companyName":"","productName":"Ivacy.WindowsService","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"46afa3f3a91625e423b37cbe2e732510","hashSHA1":"a3b9636cac5c20698b6d7243a98023995cdf7e2e","hashSHA256":"5cf485d4f8bf951de0649107c99d129fdfbea0d0a77a2270b508c79bf3e9747a","digitalCertThumbprint":"62E990CC0A26D58E1A150617357010EE53186707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"PMG PTE. LTD.","storeId":"","sourceIndex":"1402","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ivacy-windows-setup.exe","isInstaller":"True","companyName":"Ivacy                                                       ","productName":"Ivacy                                                       ","productVersion":"6.2.0.0                                           ","fileVersion":"6.2.0.0             ","hashMD5":"0f3b3babdd8f7e302f8750b29fc7f9a2","hashSHA1":"3515733b5b3ce465eedcf8f754dc02cd02197d81","hashSHA256":"0a5adad117d731185600266a8a20fe6fa3360571633c68988b71750d7fe5daad","digitalCertThumbprint":"62E990CC0A26D58E1A150617357010EE53186707","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"PMG PTE. LTD.","storeId":"","sourceIndex":"1402","avBlockList":["360 Total Security (20221013)","Avast Premium Security (20221013)","AVG Internet Security (20221013)","Avira Internet Security (20221013)","Dr.Web Security Space (20221013)","K7 Total Security (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)"],"avAllowList":["Bitdefender Internet Security (20221013)","COMODO Antivirus (20221013)","ESET Internet Security (20221013)","G DATA INTERNET SECURITY (20221013)","Kaspersky Internet Security (20221013)","Malwarebytes Premium (20221013)","McAfee Total Protection (20221013)","Quick Heal Internet Security (20221013)","Trend Micro Internet Security (20221013)","VIPRE Advanced Security (20221013)","Windows Defender (20221013)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN","reference":"","landingPage":"https://www.ivacy.com/download-vpn/vpn-for-windows/","directDownloadingLink":"https://s3.amazonaws.com/apps-ivacy/windows/ivacy-windows-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/apps-ivacy/windows/ivacy-windows-setup.exe","sourceIndex":"1402"}],"sampleFiles":["220927/IvacyVPN-220318/6.2.0.0/Samples/ivacy-windows-setup.exe"],"imageFiles":["220927/IvacyVPN-220318/6.2.0.0/Images/ACR-039/ACR-039.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-043/ACR-043.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-043/ACR-043_1.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-107/ACR-107.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-042/ACR-042.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-084/ACR-084.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-048/ACR-048.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-048/ACR-048_1.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-118/ACR-118.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-118/ACR-118_1.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-165/ACR-165.JPG"],"nonDeceptorImageFiles":["220927/IvacyVPN-220318/6.2.0.0/Images/ACR-123/ACR-123_1.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-018/ACR-018.JPG","220927/IvacyVPN-220318/6.2.0.0/Images/ACR-018/ACR-018_1.JPG"],"guid":"8e60e1bd-260a-46ff-a3bb-ca6153406276_6.2.0.0_1","appID":"IvacyVPN-220318","dateAdded":"220927","deceptorType":"App","name":"Ivacy VPN","company":"PMG PTE. LTD","version":"6.2.0.0","lastKnownStatus":"6.1.0.0;6.1.0.0.x;6.2.0.0","lastKnownDate":"220927","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-27T18:17:27.4563756+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1254},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to close the process that runs silently in the background within the app's settings.\n","ACR-084":"On quitting the app, the processes \"IvacyService.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains most of its components on the device without the consumer's consent.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the internal offers (https://www.ivacy.com/buy-vpn/  &  https://www.ivacy.com/best-vpn-deal-2022/?aff=95779&source=Aff).\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove \"IvacyService.exe\" process even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ivacy\\Ivacy.exe","companyName":"","productName":"Ivacy","productVersion":"6.1.0.0","fileVersion":"6.1.0.0","hashMD5":"d4ccc6089e2e25aa6d5b114a47e3a694","hashSHA1":"4ce3c79ad5d711ac04d6f0a32a05a61be9dd8f38","hashSHA256":"cbe7ce54be8369b2158da3f9fbfd37345c654151555adec0bd4d3ba3bef93ba3","digitalCertThumbprint":"EB9BC419C0CA72B972332083393AA829E56EE0C5","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"PMG PTE. LTD.","storeId":"","sourceIndex":"1668","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ivacy\\IvacyService.exe","companyName":"","productName":"Ivacy.WindowsService","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"f4c735415a48cfe2556ba70fc116664e","hashSHA1":"9f2d5913cf52a3219953891702fdc5ac97ebd3a5","hashSHA256":"d4549d563fa4fe6d6da3461fe3809f429f301a8e38554c8cc464ceb084cee8e1","digitalCertThumbprint":"EB9BC419C0CA72B972332083393AA829E56EE0C5","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"PMG PTE. LTD.","storeId":"","sourceIndex":"1668","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ivacy-windows-setup.exe","isInstaller":"True","companyName":"Ivacy                                                       ","productName":"Ivacy                                                       ","productVersion":"6.1.0.0                                           ","fileVersion":"6.1.0.0             ","hashMD5":"d78eb7685b31c56e4c927a32da5b1baf","hashSHA1":"404d47b249f9de1652bba2442ce10628da820c7d","hashSHA256":"512eec3e7f300f80c86ac0b2d56d46d0b69880b3825b6ee5c9e7f6108205b211","digitalCertThumbprint":"EB9BC419C0CA72B972332083393AA829E56EE0C5","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"PMG PTE. LTD.","storeId":"","sourceIndex":"1668","avBlockList":["360 Total Security (20220426)","Avira Internet Security (20220426)","Bitdefender Internet Security (20220426)","Dr.Web Security Space (20220426)","K7 Total Security (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Quick Heal Internet Security (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Total AV Antivirus Pro (20220426)","VIPRE Advanced Security (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)","Windows Defender (20220426)"],"avAllowList":["Avast Premium Security (20220426)","AVG Internet Security (20220426)","COMODO Antivirus (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","Kaspersky Internet Security (20220426)","Malwarebytes Premium (20220426)","Tencent PC Manager (20220426)","Trend Micro Internet Security (20220426)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN","reference":"","landingPage":"https://www.ivacy.com/download-vpn/vpn-for-windows/","directDownloadingLink":"https://s3.amazonaws.com/apps-ivacy/windows/ivacy-windows-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/apps-ivacy/windows/ivacy-windows-setup.exe","sourceIndex":"1668"}],"sampleFiles":["220328/IvacyVPN-220318/6.1.0.0.x/Samples/ivacy-windows-setup.exe"],"imageFiles":["220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-039/ACR-039.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-043/ACR-043.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-042/ACR-042.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-084/ACR-084_Software_Process.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-048/ACR-048_Software_No_Control.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-048/ACR-048_1.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-118/ACR-118.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-118/ACR-118_1.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-118/ACR-118_2.JPG","220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-165/ACR-165_InternalOffers.JPG"],"nonDeceptorImageFiles":["220328/IvacyVPN-220318/6.1.0.0.x/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"8e60e1bd-260a-46ff-a3bb-ca6153406276_6.1.0.0.x_1","appID":"IvacyVPN-220318","dateAdded":"220927","deceptorType":"App","name":"Ivacy VPN","company":"PMG PTE. LTD","version":"6.1.0.0.x","lastKnownStatus":"6.1.0.0;6.1.0.0.x;6.2.0.0","lastKnownDate":"220927","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1255},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide any control to close the process that runs silently in the background within the app's settings.\n","ACR-084":"On quitting the app, the processes \"IvacyService.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains most of its components on the device without the consumer's consent.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the internal offers (https://www.ivacy.com/buy-vpn/)\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove \"IvacyService.exe\" process even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"ivacy-windows-setup.exe","isInstaller":"True","companyName":"Ivacy                                                       ","productName":"Ivacy                                                       ","productVersion":"6.1.0.0                                           ","fileVersion":"6.1.0.0             ","hashMD5":"016b68a056a320f9ba8b12595e6b8f4b","hashSHA1":"b0f4ed3519f81527d2fac947f387aef14aa23f6e","hashSHA256":"b56a6234654a0bd691ac32429d1dbe011a07838309fd923f3844ed01f9d0b8b8","digitalCertThumbprint":"EB9BC419C0CA72B972332083393AA829E56EE0C5","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"PMG PTE. LTD.","storeId":"","sourceIndex":"1676","avBlockList":["360 Total Security (20220331)","Avira Internet Security (20220331)","Bitdefender Internet Security (20220331)","Dr.Web Security Space (20220331)","K7 Total Security (20220331)","McAfee Total Protection (20220331)","Norton Security (20220331)","Panda Dome (20220331)","Sophos Home Premium (20220331)","SpyHunter5 (20220331)","Tencent PC Manager (20220331)","VIPRE Advanced Security (20220331)","VirIT eXplorer PRO (20220331)","Webroot SecureAnywhere (20220331)","Windows Defender (20220331)","Total AV Antivirus Pro (20220331)"],"avAllowList":["Avast Premium Security (20220331)","AVG Internet Security (20220331)","COMODO Antivirus (20220331)","ESET Internet Security (20220331)","G DATA INTERNET SECURITY (20220331)","Kaspersky Internet Security (20220331)","Malwarebytes Premium (20220331)","Quick Heal Internet Security (20220331)","Trend Micro Internet Security (20220331)"]},{"isRevoked":"False","fileName":"IvacyService.exe","fileVersion":"1.0","hashMD5":"4cc4840e5235c8b189d9dc0eecde1a85","hashSHA1":"077e0300d31c9556ef4d62a6caeae7ce7325f90d","hashSHA256":"d52e253cd21ece8edc3fe29fe83a93d18eec74f05441e4a17c37bcf954508229","digitalCertThumbprint":"EB9BC419C0CA72B972332083393AA829E56EE0C5","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=PMG PTE. LTD., O=PMG PTE. LTD., L=Singapore, C=SG","sourceIndex":"1676","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Ivacy.exe","fileVersion":"6.1","hashMD5":"62ebd6d51f3c3cb6e8b6fbd3a1132e80","hashSHA1":"6cd9f6e3a838d2894a5682bd79a95c24f6f23e1c","hashSHA256":"b3e3b84353eb0c789b3b1448637ec2be507da8bd418416d2433a1b7df6b39670","digitalCertThumbprint":"EB9BC419C0CA72B972332083393AA829E56EE0C5","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=PMG PTE. LTD., O=PMG PTE. LTD., L=Singapore, C=SG","sourceIndex":"1676","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN","reference":"","landingPage":"https://www.ivacy.com/download-vpn/vpn-for-windows/","directDownloadingLink":"https://s3.amazonaws.com/apps-ivacy/windows/ivacy-windows-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/apps-ivacy/windows/ivacy-windows-setup.exe","sourceIndex":"1676"}],"sampleFiles":["220321/IvacyVPN-220318/6.1.0.0/Samples/ivacy-windows-setup.exe","220321/IvacyVPN-220318/6.1.0.0/Samples/IvacyService.exe","220321/IvacyVPN-220318/6.1.0.0/Samples/Ivacy.exe"],"imageFiles":["220321/IvacyVPN-220318/6.1.0.0/Images/ACR-039/ACR-039_Install.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-043/ACR-043_Install.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-042/ACR-042_Install.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-084/ACR-084_Software_Process.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-118/ACR-118_Uninstall.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-118/ACR-118_Uninstall_1.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-118/ACR-118_Uninstall_2.JPG","220321/IvacyVPN-220318/6.1.0.0/Images/ACR-165/ACR-165_InternalOffers.JPG"],"nonDeceptorImageFiles":["220321/IvacyVPN-220318/6.1.0.0/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"8e60e1bd-260a-46ff-a3bb-ca6153406276_6.1.0.0_1","appID":"IvacyVPN-220318","dateAdded":"220927","deceptorType":"App","name":"Ivacy VPN","company":"PMG PTE. LTD","version":"6.1.0.0","sigName":"Deceptor:Win32/IvacyVPN!039043042084048118165","lastKnownStatus":"6.1.0.0;6.1.0.0.x;6.2.0.0","lastKnownDate":"220927","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1256},{"violations":{"ACR-048":"The App has an option to hide itself from the menu bar & Launch at startup, limiting the target consumers ability to close, disable or uninstall the app.\n","ACR-084":"The App has an option to hide itself from the menu bar & Launch at startup. Also the app cannot be found on the mac launchpad, hiding itself as an installed app\n","ACR-086":"The app does not inform the targeted consumer how it collects data, and is able to collect information that the consumer inputs to the system.\n","ACR-116":"Since app is not available in the and status bar, app cannot be uninstalled using default platform features\n"},"nonDeceptorViolations":{"ACR-040":"App installs in a folder under Library/Application Support/Qustodio\n"},"samples":[{"isRevoked":"False","fileName":"Qustodio.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"4ea4ea38f790e1a568d290250d63ac6e","hashSHA1":"571a1116f01fcd656ebd458c1f81b65d946c652c","hashSHA256":"4bad3f69cd89845ca0797136da87805b2db39fe11ea12c532a19d165b201e6ee","sourceIndex":"1401","avBlockList":["Avast Security for Mac (20221213)","Avira Security for Mac (20221213)","Bitdefender Antivirus for Mac (20221213)","ESET Cyber Security Pro for Mac (20221213)","G DATA AntiVirus for Mac (20221213)","K7 Antivirus for Mac (20221213)","Norton Security for Mac (20221213)","Trend Micro Antivirus for Mac (20221213)"],"avAllowList":["Kaspersky Internet Security for Mac (20221213)","McAfee Internet Security for Mac (20221213)","Sophos Home Premium For Mac (20221213)"]},{"isRevoked":"False","fileName":"QAppTray","fileVersion":"0.","hashMD5":"5c23a946f0ebd1217fc91c671689a1ec","hashSHA1":"352c454ced86c73b10fd21172df8fd1cafc4587c","hashSHA256":"47e85419770e5313ca1fde7d70aeb1692494a45fed74c450cf1e02465032b1ab","sourceIndex":"1401","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searching for free software for macOs","reference":"","landingPage":"https://www.qustodio.com/en/","directDownloadingLink":"https://download.qustodio.com/pro/family/184_5_1232_1/Qustodio.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.qustodio.com/pro/family/184_5_1232_1/Qustodio.dmg","sourceIndex":"1401"}],"sampleFiles":["220927/Qustodio-220927/184.5.1232.1/Samples/Qustodio.dmg","220927/Qustodio-220927/184.5.1232.1/Samples/QAppTray"],"imageFiles":["220927/Qustodio-220927/184.5.1232.1/Images/ACR-084/USE_Setup2.png","220927/Qustodio-220927/184.5.1232.1/Images/ACR-084/USE_RunningProcess.png","220927/Qustodio-220927/184.5.1232.1/Images/ACR-084/USE_LaunchPad.png","220927/Qustodio-220927/184.5.1232.1/Images/ACR-086/USE_Monitoring7.png","220927/Qustodio-220927/184.5.1232.1/Images/ACR-086/USE_MonitorActivities.png","220927/Qustodio-220927/184.5.1232.1/Images/ACR-048/USE_LaunchPad.png","220927/Qustodio-220927/184.5.1232.1/Images/ACR-048/USE_Setup2.png","220927/Qustodio-220927/184.5.1232.1/Images/ACR-116/USE_LaunchPad.png"],"nonDeceptorImageFiles":["220927/Qustodio-220927/184.5.1232.1/Images/ACR-040/INS_AppLocation.png"],"guid":"7c917fc1-31cd-4742-84c1-a2a4fe25daec_184.5.1232.1_1","appID":"Qustodio-220927","dateAdded":"220927","deceptorType":"MacOS App","name":"Qustodio","company":"Qustodio Technologies SL","version":"184.5.1232.1","sigName":"Deceptor:MacOS/QustodioStalkerware!084086048116","lastKnownStatus":"184.5.1232.1","lastKnownDate":"220927","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-09-27T18:32:00.5340806+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1252},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite the declining of the RelevantKnowledge app, it is still downloaded the RelevantKnowledge file “rk_setup.exe”.  \n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"Upon uninstallation, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\To M4A Converter\\To Mp4a Converter.exe","companyName":"G.F. Software","productName":"To Mp4a Converter","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c59c41cc6000a64ad0db068e44fc1a37","hashSHA1":"69c4b2a9877a4060000025477f2eecb68caf632e","hashSHA256":"9d7d5eb35badeb8cc19d56f1fd432b14f3670d9abc6b8184d3b3c6fa222c556d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"674","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"to-m4a-converter-setup.exe","isInstaller":"True","companyName":"G.F. Software                                               ","productName":"To M4A Converter                                            ","productVersion":"1.1                                               ","fileVersion":"1.1                 ","hashMD5":"ea3433a34ec5a9b401b2075c26d4058f","hashSHA1":"c8d95876d7d9a053e44986d3da6709bddcbd344a","hashSHA256":"be30cc2df0459e2eebc92f82fb18c05bcd8cf4500e762cf1fd31be846318af93","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"674","avBlockList":["Avast Premium Security (20221006)","AVG Internet Security (20221006)","Avira Internet Security (20221006)","Bitdefender Internet Security (20221006)","ESET Internet Security (20221006)","G DATA INTERNET SECURITY (20221006)","K7 Total Security (20221006)","Kaspersky Internet Security (20221006)","Malwarebytes Premium (20221006)","McAfee Total Protection (20221006)","Norton Security (20221006)","Panda Dome (20221006)","Quick Heal Internet Security (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","VIPRE Advanced Security (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)","Windows Defender (20221006)"],"avAllowList":["360 Total Security (20221006)","COMODO Antivirus (20221006)","Dr.Web Security Space (20221006)","Trend Micro Internet Security (20221006)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge Search in VT","reference":"","landingPage":"https://www.gfsoftware.com/desktop/to-m4a-converter","directDownloadingLink":"https://www.gfsoftware.com/downloads/to-m4a-converter-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gfsoftware.com/downloads/to-m4a-converter-setup.exe","sourceIndex":"674"}],"sampleFiles":["220926/ToM4AConverter-220919/1.1/Samples/to-m4a-converter-setup.exe"],"imageFiles":["220926/ToM4AConverter-220919/1.1/Images/ACR-109/ACR-109.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-039/ACR-039.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-048/ACR-048_1.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-010/ACR-010.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-118/ACR-118.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-118/ACR-118_1.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-057/ACR-057.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-059/ACR-059.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-071/ACR-071.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220926/ToM4AConverter-220919/1.1/Images/ACR-065/ACR-065.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-106/ACR-106.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-092/ACR-092_1.JPG","220926/ToM4AConverter-220919/1.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"dd28a033-61a7-4160-9357-8fbba645b016_1.1_1","appID":"ToM4AConverter-220919","dateAdded":"220926","deceptorType":"App","name":"To M4A Converter","company":"G.F.Softwares","version":"1.1","lastKnownStatus":"1.1","lastKnownDate":"220926","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-03-27T18:34:11.1157096+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1257},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe”. \n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation. \n","ACR-059":"No optional offer is clearly marked in the offer. The offer looks like part of the install application. \n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":" The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app. \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The application installer & its main executable file does not have a digital signature. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\KB Piano 2\\KBPiano2.exe","companyName":"G.F. Software","productName":"KB Piano","productVersion":"2.05.0007","fileVersion":"2.05.0007","hashMD5":"910c64d4c733988eba0f69a05fe060cb","hashSHA1":"fd9c3394aa38c75cca30dce0338ba955aca4a4b9","hashSHA256":"259ed212c0ab39b5caa45f8204ecf1066d247d4a2f323f18cf13e43a38cd3228","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"669","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"kb-piano-setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"KB Piano                                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"7ee86b9a6996f9132c4da4decfbcf887","hashSHA1":"7e3b14be544ed3ea70c4566a817805619e52ef77","hashSHA256":"12de83a52f60da8def2e0fe9e536c761667528e3ada5d158e850a507f35f24c7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"669","avBlockList":["360 Total Security (20221004)","Avast Premium Security (20221004)","AVG Internet Security (20221004)","Avira Internet Security (20221004)","Bitdefender Internet Security (20221004)","ESET Internet Security (20221004)","G DATA INTERNET SECURITY (20221004)","K7 Total Security (20221004)","Kaspersky Internet Security (20221004)","Malwarebytes Premium (20221004)","McAfee Total Protection (20221004)","Norton Security (20221004)","Panda Dome (20221004)","Quick Heal Internet Security (20221004)","Sophos Home Premium (20221004)","SpyHunter5 (20221004)","Total AV Antivirus Pro (20221004)","VIPRE Advanced Security (20221004)","VirIT eXplorer PRO (20221004)","Webroot SecureAnywhere (20221004)"],"avAllowList":["COMODO Antivirus (20221004)","Dr.Web Security Space (20221004)","Trend Micro Internet Security (20221004)","Windows Defender (20221004)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge search in virustotal","reference":"","landingPage":"https://www.gfsoftware.com/desktop/kb-piano","directDownloadingLink":"https://www.gfsoftware.com/downloads/kb-piano-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gfsoftware.com/downloads/kb-piano-setup.exe","sourceIndex":"669"}],"sampleFiles":["220926/KBPiano-220916/2.5.1/Samples/kb-piano-setup.exe"],"imageFiles":["220926/KBPiano-220916/2.5.1/Images/ACR-109/ACR-109.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-039/ACR-039.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-048/ACR-048.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-010/ACR-010.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-118/ACR-118.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-057/ACR-057.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-059/ACR-059.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-071/ACR-071.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220926/KBPiano-220916/2.5.1/Images/ACR-065/ACR-065.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-106/ACR-106.JPG","220926/KBPiano-220916/2.5.1/Images/ACR-092/ACR-092.JPG"],"guid":"646bf087-4ec1-4f4c-bcc6-ec1d53e7b947_2.5.1_1","appID":"KBPiano-220916","dateAdded":"220926","deceptorType":"App","name":"KB Piano","company":"G.F.Software","version":"2.5.1","lastKnownStatus":"2.5.1","lastKnownDate":"220926","type":"Windows Executable","category":"Family & Kids","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-03-27T18:39:12.6283136+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1260},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe”.  \n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.  \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.  \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.  \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.  \n","ACR-059":"No optional offer is clearly marked in the offer. The offer looks like part of the install application.  \n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe”. \n","ACR-155":" The \"Relevant Knowledge\" offer is designed to look like part of the install workflow.  \n"},"nonDeceptorViolations":{"ACR-065":"The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.  \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.  \n","ACR-092":"The application installer & its main executable file does not have a digital signature.  \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Just sing\\Just sing.exe","companyName":"G.F. Software","productName":"Just sing","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"173c2b9c58d085c3292f5d1767b86c01","hashSHA1":"62ef3a049e2478ed0a3fa10540319a9534206044","hashSHA256":"17b4c6cc0ffeb75a27642be0c09605baea188569c34e72ad18e56e7d0b9cfc39","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"672","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"just-sing-setup.exe","isInstaller":"True","companyName":"G.F. Software                                               ","productName":"Just sing                                                   ","productVersion":"1.1                                               ","fileVersion":"1.1                 ","hashMD5":"83a871de846228a226b9da22edb6801d","hashSHA1":"24a383d953181f4d4bfff406d705cb0d84f09bde","hashSHA256":"580d07bb5ac967e8eaeb8b419a5a3acc4a023989afb217ce514283a8d08272e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"672","avBlockList":["360 Total Security (20221004)","Avast Premium Security (20221004)","AVG Internet Security (20221004)","Avira Internet Security (20221004)","Bitdefender Internet Security (20221004)","ESET Internet Security (20221004)","G DATA INTERNET SECURITY (20221004)","K7 Total Security (20221004)","Kaspersky Internet Security (20221004)","Malwarebytes Premium (20221004)","McAfee Total Protection (20221004)","Norton Security (20221004)","Panda Dome (20221004)","Quick Heal Internet Security (20221004)","Sophos Home Premium (20221004)","SpyHunter5 (20221004)","Total AV Antivirus Pro (20221004)","VIPRE Advanced Security (20221004)","VirIT eXplorer PRO (20221004)","Webroot SecureAnywhere (20221004)","Windows Defender (20221004)"],"avAllowList":["COMODO Antivirus (20221004)","Dr.Web Security Space (20221004)","Trend Micro Internet Security (20221004)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge Search in VT","reference":"","landingPage":"https://www.gfsoftware.com/desktop/just-sing","directDownloadingLink":"https://www.gfsoftware.com/downloads/just-sing-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gfsoftware.com/downloads/just-sing-setup.exe","sourceIndex":"672"}],"sampleFiles":["220926/JustSing-220919/1.1/Samples/just-sing-setup.exe"],"imageFiles":["220926/JustSing-220919/1.1/Images/ACR-109/ACR-109.JPG","220926/JustSing-220919/1.1/Images/ACR-039/ACR-039.JPG","220926/JustSing-220919/1.1/Images/ACR-048/ACR-048.JPG","220926/JustSing-220919/1.1/Images/ACR-010/ACR-010.JPG","220926/JustSing-220919/1.1/Images/ACR-118/ACR-118.JPG","220926/JustSing-220919/1.1/Images/ACR-118/ACR-118_1.JPG","220926/JustSing-220919/1.1/Images/ACR-057/ACR-057.JPG","220926/JustSing-220919/1.1/Images/ACR-059/ACR-059.JPG","220926/JustSing-220919/1.1/Images/ACR-071/ACR-071.JPG","220926/JustSing-220919/1.1/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220926/JustSing-220919/1.1/Images/ACR-065/ACR-065.JPG","220926/JustSing-220919/1.1/Images/ACR-106/ACR-106.JPG","220926/JustSing-220919/1.1/Images/ACR-092/ACR-092.JPG"],"guid":"02ccb12c-2d1f-40b8-b550-b231d6967e08_1.1_1","appID":"JustSing-220919","dateAdded":"220926","deceptorType":"App","name":"Just Sing","company":"G.F.Softwares","version":"1.1","lastKnownStatus":"1.1","lastKnownDate":"220926","type":"Windows Executable","category":"Family & Kids, Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-03-27T18:35:17.5463939+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1261},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device, when the user selects the “CLEAN NOW” option, it starts cleaning and moves back to the home screen after the fix, also, during rescan it does not show the apps displayed in the previous scan result which implies that those app caches are fixed but, while checking the app details (in device settings option) it does not clear the actual cache data, thus unable to verify its value proposition as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning junk/cache in the device, when the user selects the “CLEAN NOW” option, it starts cleaning and moves back to the home screen after the fix, also, during rescan it does not show the apps displayed in the previous scan result which implies that those app caches are fixed but, while checking the app details (in device settings option) it does not clear the actual cache data, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.newcleaner.junkcleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"e7e4166dfda462cc3011c00aa7aa4e95","hashSHA1":"2379b1660066a272dd48543849ba5b1603633d3a","hashSHA256":"f5b6010c32d907526fa558348627c9fc77d866c4575016c918080975f8eaf7ba","sourceIndex":"1406","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.newcleaner.junkcleaner","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"1406"}],"sampleFiles":["220926/junkcleaner-220923/2.0/Samples/com.newcleaner.junkcleaner.apk"],"imageFiles":["220926/junkcleaner-220923/2.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.png","220926/junkcleaner-220923/2.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.png","220926/junkcleaner-220923/2.0/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.png","220926/junkcleaner-220923/2.0/Images/ACR-103/ACR-103_Software_Scan_Result_3.png","220926/junkcleaner-220923/2.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_4.png","220926/junkcleaner-220923/2.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.png","220926/junkcleaner-220923/2.0/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.png","220926/junkcleaner-220923/2.0/Images/ACR-103/ACR-103_Software_Rescan_AfterFix_7.png","220926/junkcleaner-220923/2.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.png","220926/junkcleaner-220923/2.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.png","220926/junkcleaner-220923/2.0/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.png","220926/junkcleaner-220923/2.0/Images/ACR-014/ACR-014_Software_Scan_Result_3.png","220926/junkcleaner-220923/2.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_4.png","220926/junkcleaner-220923/2.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.png","220926/junkcleaner-220923/2.0/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.png","220926/junkcleaner-220923/2.0/Images/ACR-014/ACR-014_Software_Rescan_AfterFix_7.png"],"nonDeceptorImageFiles":[],"guid":"2923b4fb-1d41-4690-97db-0accdb08634a_2.0_1","appID":"junkcleaner-220923","dateAdded":"220926","deceptorType":"Android App","name":"Junk Cleaner","company":"JoelFroese","version":"2.0","sigName":"Deceptor:Android/JunkCleaner!103014","lastKnownStatus":"2.0","lastKnownDate":"220926","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,inject ads","lastUpdate":"2022-09-26T19:20:47.4514155+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1262},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe”.  \n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.  \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.  \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.  \n","ACR-059":"No optional offer is clearly marked in the offer. The offer looks like part of the install application.  \n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe”. \n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow.  \n"},"nonDeceptorViolations":{"ACR-065":"The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.  \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.  \n","ACR-092":"The application installer & its main executable file does not have a digital signature.  \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\JamApp\\JamApp.exe","companyName":"G.F. Software","productName":"JamApp","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"ee340a4bd600c512d158f6963490c450","hashSHA1":"cc9b86511d20cc4baa5e3f63b86157940c040d04","hashSHA256":"59295498419afee49e6c44db6f233177e14b116023234e159ab92ddc03dfaa67","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"675","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"jamapp-setup.exe","isInstaller":"True","companyName":"G.F. Software                                               ","productName":"JamApp                                                      ","productVersion":"1.1                                               ","fileVersion":"1.0                 ","hashMD5":"2c5b0cc669f0d24e74e20ea73902e4ba","hashSHA1":"c71eb0b7c9eaa4c8d88106788b09d7de3978eb20","hashSHA256":"760fccda5f352ac729b5235abe1b037de30552400c4de47d3c032b4af25bee19","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"675","avBlockList":["360 Total Security (20221004)","Avast Premium Security (20221004)","AVG Internet Security (20221004)","Avira Internet Security (20221004)","Bitdefender Internet Security (20221004)","ESET Internet Security (20221004)","G DATA INTERNET SECURITY (20221004)","K7 Total Security (20221004)","Kaspersky Internet Security (20221004)","Malwarebytes Premium (20221004)","McAfee Total Protection (20221004)","Norton Security (20221004)","Panda Dome (20221004)","Quick Heal Internet Security (20221004)","Sophos Home Premium (20221004)","SpyHunter5 (20221004)","Total AV Antivirus Pro (20221004)","VIPRE Advanced Security (20221004)","VirIT eXplorer PRO (20221004)","Webroot SecureAnywhere (20221004)","Windows Defender (20221004)"],"avAllowList":["COMODO Antivirus (20221004)","Dr.Web Security Space (20221004)","Trend Micro Internet Security (20221004)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevent Knowledge Search in VT","reference":"","landingPage":"https://www.gfsoftware.com/desktop/jamapp","directDownloadingLink":"https://www.gfsoftware.com/downloads/jamapp-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gfsoftware.com/downloads/jamapp-setup.exe","sourceIndex":"675"}],"sampleFiles":["220926/JamApp-220919/1.1/Samples/jamapp-setup.exe"],"imageFiles":["220926/JamApp-220919/1.1/Images/ACR-109/ACR-109.JPG","220926/JamApp-220919/1.1/Images/ACR-039/ACR-039.JPG","220926/JamApp-220919/1.1/Images/ACR-048/ACR-048.JPG","220926/JamApp-220919/1.1/Images/ACR-010/ACR-010.JPG","220926/JamApp-220919/1.1/Images/ACR-118/ACR-118.JPG","220926/JamApp-220919/1.1/Images/ACR-118/ACR-118_1.JPG","220926/JamApp-220919/1.1/Images/ACR-057/ACR-057.JPG","220926/JamApp-220919/1.1/Images/ACR-059/ACR-059.JPG","220926/JamApp-220919/1.1/Images/ACR-071/ACR-071.JPG","220926/JamApp-220919/1.1/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220926/JamApp-220919/1.1/Images/ACR-065/ACR-065.JPG","220926/JamApp-220919/1.1/Images/ACR-106/ACR-106.JPG","220926/JamApp-220919/1.1/Images/ACR-092/ACR-092.JPG"],"guid":"b3abaf6e-7d7d-446f-aac6-a14f8db4fdea_1.1_1","appID":"JamApp-220919","dateAdded":"220926","deceptorType":"App","name":"JamApp","company":"G.F.Softwares","version":"1.1","lastKnownStatus":"1.1","lastKnownDate":"220926","type":"Windows Executable","category":"Family & Kids","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-03-27T18:33:39.0234097+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1263},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" before disclosing them to the user and users agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed still downloads and runs “rkverify.exe”, a RelevantKnowledge file.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-103":"The \"Buy now\" option in the software and Landing page (http://www.videotool.net/buy.htm) returns an error page.\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded RelevantKnowledge files regardless. \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CuteMP4VideoConverter\\CuteMP4VideoConverter.exe","companyName":"Videotool.NET","productName":"","productVersion":"3.3.0.0","fileVersion":"4.8.0.16","hashMD5":"8f7283e501099c2837f0c642367f383e","hashSHA1":"240ee404b517d255d114cc915f24dcdaa36b9644","hashSHA256":"8ff8f12b18c9909d1d01161e64bed94e4f1a175717889f804753122843e274be","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1411","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mp4videoconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute MP4 Video Converter                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"67b320a78565bbe8f03ffeb1fcd47265","hashSHA1":"1a62531d5387cbf13171156b4c1615c45d0d673e","hashSHA256":"4c25bdd15a0f90ad8a10a1c0f0268b623495f3575b30e5df58679a2642073518","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1411","avBlockList":["360 Total Security (20221006)","Avast Premium Security (20221006)","AVG Internet Security (20221006)","Avira Internet Security (20221006)","Bitdefender Internet Security (20221006)","COMODO Antivirus (20221006)","Dr.Web Security Space (20221006)","ESET Internet Security (20221006)","G DATA INTERNET SECURITY (20221006)","K7 Total Security (20221006)","Kaspersky Internet Security (20221006)","Malwarebytes Premium (20221006)","McAfee Total Protection (20221006)","Norton Security (20221006)","Panda Dome (20221006)","Quick Heal Internet Security (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","Trend Micro Internet Security (20221006)","VIPRE Advanced Security (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)"],"avAllowList":["Windows Defender (20221006)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.videotool.net/mp4-video-converter.htm","directDownloadingLink":"http://www.videotool.net/download/mp4videoconverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.videotool.net/download/mp4videoconverter.exe","sourceIndex":"1411"}],"sampleFiles":["220926/CuteMP4VideoConverter-220923/4.8.0.16/Samples/mp4videoconverter.exe"],"imageFiles":["220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-109/ACR-109.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-039/ACR-039.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-048/ACR-048.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-010/ACR-010.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-103/ACR-103.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-103/ACR-103_1.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-118/ACR-118_1.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-118/ACR-118_2.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-059/ACR-059.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-106/ACR-106.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-092/ACR-092.JPG","220926/CuteMP4VideoConverter-220923/4.8.0.16/Images/ACR-092/ACR-092_1.JPG"],"guid":"e802e0b2-2772-4274-b4a1-384abdda8eef_4.8.0.16_1","appID":"CuteMP4VideoConverter-220923","dateAdded":"220926","deceptorType":"App","name":"Cute MP4 Video Converter","company":"Videotool.NET","version":"4.8.0.16","lastKnownStatus":"4.8.0.16","lastKnownDate":"220926","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-26T18:29:55.8110985+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1264},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" before disclosing them to the user and users agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed still downloads and runs “rkverify.exe”, a RelevantKnowledge file.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-103":"The \"Buy now\" option in the software and Landing page (http://www.videotool.net/buy.htm) returns an error page.\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded RelevantKnowledge files regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CuteMKVConverter\\CuteMKVConverter.exe","companyName":"Videotool.NET","productName":"","productVersion":"3.3.0.0","fileVersion":"4.8.0.16","hashMD5":"38fc7d0c88c307cca6abf1775b6fdff4","hashSHA1":"894cbfbc3aafcdac419d14123baa7b2e03f52f98","hashSHA256":"bba52371f1d8aef473276e6feac74cb9647e2827fe7be92b65c35950c2916f7c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1408","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mkvconverter.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute MKV Converter                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"ac45aeb526fe064beec6c38de736ea72","hashSHA1":"82ec08af37d3b86169204b7e288af08831abc9b7","hashSHA256":"2c148f939d47451532cb9f6e2fc928f87b55e870b6dfa4515bb3258c5bc22a85","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1408","avBlockList":["360 Total Security (20221004)","Avast Premium Security (20221004)","AVG Internet Security (20221004)","Avira Internet Security (20221004)","Bitdefender Internet Security (20221004)","Dr.Web Security Space (20221004)","ESET Internet Security (20221004)","G DATA INTERNET SECURITY (20221004)","K7 Total Security (20221004)","Kaspersky Internet Security (20221004)","Malwarebytes Premium (20221004)","McAfee Total Protection (20221004)","Norton Security (20221004)","Panda Dome (20221004)","Quick Heal Internet Security (20221004)","Sophos Home Premium (20221004)","SpyHunter5 (20221004)","Total AV Antivirus Pro (20221004)","VIPRE Advanced Security (20221004)","VirIT eXplorer PRO (20221004)","Webroot SecureAnywhere (20221004)","Windows Defender (20221004)"],"avAllowList":["COMODO Antivirus (20221004)","Trend Micro Internet Security (20221004)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.videotool.net/mkv-converter.htm","directDownloadingLink":"http://www.videotool.net/download/mkvconverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.videotool.net/download/mkvconverter.exe","sourceIndex":"1408"}],"sampleFiles":["220926/CuteMKVConverter-220923/4.8.0.16/Samples/mkvconverter.exe"],"imageFiles":["220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-109/ACR-109.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-039/ACR-039.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-048/ACR-048.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-010/ACR-010.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-103/ACR-103.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-103/ACR-103_1.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-118/ACR-118.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-118/ACR-118_1.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-059/ACR-059.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-106/ACR-106.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-092/ACR-092.JPG","220926/CuteMKVConverter-220923/4.8.0.16/Images/ACR-092/ACR-092_1.JPG"],"guid":"e8300a4c-01ab-4cb2-8a75-cf3fdb41bac0_4.8.0.16_1","appID":"CuteMKVConverter-220923","dateAdded":"220926","deceptorType":"App","name":"Cute MKV Converter","company":"Videotool.NET","version":"4.8.0.16","lastKnownStatus":"4.8.0.16","lastKnownDate":"220926","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-26T19:11:09.9575887+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1265},{"violations":{"ACR-048":"App requires a hotkey and a password to be opened, limiting the target consumers ability to close, delete and uninstall the app.\nApp is not displayed in the Launchpad and placed in the Applications folder, limiting the ability of the target consumer to close, delete or uninstall the app\n","ACR-007":"App does not provide notification that it is running to the target consumer, lowering their safety posture. Also the app requires a hotkey and a password to open it\n","ACR-084":"App can be set to launch at startup, as well as hide itself from the menu bar, hiding itself from the target consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled from the Applications Folder. App can uninstalled by opening the running app, which requires a hotkey and a password to do.\n"},"nonDeceptorViolations":{"ACR-040":"APP is installed in a folder named \"akm\" which is not the default location for applications.\n"},"samples":[{"isRevoked":"False","fileName":"Actual Keylogger for Mac.mpkg.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"a0c8375af120f207a0239b67b6562b59","hashSHA1":"3b1444c4f923e648c29b6d72341c2fdc89f97f3f","hashSHA256":"888fe233097a777f0bf6e85ae7607f2db9c57a359be3ae4c076f49ca09dbac3d","sourceIndex":"1405","avBlockList":["Avira Security for Mac (20221108)","Bitdefender Antivirus for Mac (20221108)","ESET Cyber Security Pro for Mac (20221108)","G DATA AntiVirus for Mac (20221108)","Norton Security for Mac (20221108)","Trend Micro Antivirus for Mac (20221108)"],"avAllowList":["Avast Security for Mac (20221011)","K7 Antivirus for Mac (20221108)","Kaspersky Internet Security for Mac (20221108)","McAfee Internet Security for Mac (20221108)"]},{"isRevoked":"False","fileName":"Actual","fileVersion":"0.","hashMD5":"2694b3db84098551d8e5d6bc73d875b0","hashSHA1":"bd22df4572d359cf28e98416340b5c9f5d95265c","hashSHA256":"2e547df7e6c8960a4658bc431cb6037631a2d22b958ce7eee600bc6a0741d07c","sourceIndex":"1405","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searching for keylogger for MacOS","reference":"","landingPage":"https://www.actualkeylogger.com/","directDownloadingLink":"https://www.actualkeylogger.com/download-mac/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.actualkeylogger.com/download-mac/","sourceIndex":"1405"}],"sampleFiles":["220926/ActualKeyloggerForMac-220923/8.0/Samples/Actual Keylogger for Mac.mpkg.zip","220926/ActualKeyloggerForMac-220923/8.0/Samples/Actual"],"imageFiles":["220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-048/USE_OpeningHiddenApp.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-048/USE_RunningProcess.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-048/INS_AppLocation.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-048/INS_HiddenAppfromLaunchPad.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-084/USE_RunningProcess.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-084/USE_Settings5.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-086/USE_Pref4.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-086/USE_Pref3.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-086/USE_Pref2.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-086/USE_OpeningHiddenApp.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-007/USE_Settings5.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-007/USE_Settings1.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-007/USE_Settings2.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-007/USE_OpeningHiddenApp.png","220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-116/UNI_Page1.png"],"nonDeceptorImageFiles":["220926/ActualKeyloggerForMac-220923/8.0/Images/ACR-040/INS_AppLocation.png"],"guid":"157ab2a2-ea53-4527-8fa7-bd0d317da500_8.0_1","appID":"ActualKeyloggerForMac-220923","dateAdded":"220926","deceptorType":"MacOS App","name":"Actual Keylogger for Mac","company":"Actual Keylogger Software","version":"8.0","sigName":"Deceptor:MacOS/ActualKeyloggerforMacStalkerware!048084086007116","lastKnownStatus":"8.0","lastKnownDate":"220926","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-09-26T19:29:39.0981477+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1266},{"violations":{"ACR-103":"The app suggests cleaning up 58.4 MB of junk/cache. After completing junk clean it says “Now in perfect state” but, when viewed in app settings it displays cache data, thus unable to verify its value proposition as it does not clean any junk/cache.\n","ACR-014":"The app suggests cleaning up 58.4 MB of junk/cache. After completing junk clean it says “Now in perfect state” but, when viewed in app settings it displays cache data, thus misleading the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.boostcleaner.best.cleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"efb56508fa46ca3669c7f9cae354a63a","hashSHA1":"9dedd14859b851773a4d2eb7af6d28bc105f31e5","hashSHA256":"dacfaac0e931d8e7d0d24a8cbd3fa1274a208e0b04b2397d23b6dd7302fcc843","sourceIndex":"1404","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.boostcleaner.best.cleaner","ipv4":"","ipv6":"","sourceIndex":"1404"}],"sampleFiles":["220926/magiccleanerpowerfulclean-220920/3.0.4/Samples/com.boostcleaner.best.cleaner.apk"],"imageFiles":["220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_1.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-103/ACR-103_Software_Cache_Before_Cleaning_2.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-103/ACR-103_Software_Scan_Result_3.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-103/ACR-103_Software_ScanResult_AfterFix_4.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_5.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_6.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-103/ACR-103_Software_Cache_After_Cleaning_7.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_1.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-014/ACR-014_Software_Cache_Before_Cleaning_2.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-014/ACR-014_Software_Scan_Result_3.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-014/ACR-014_Software_ScanResult_AfterFix_4.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_5.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_6.png","220926/magiccleanerpowerfulclean-220920/3.0.4/Images/ACR-014/ACR-014_Software_Cache_After_Cleaning_7.png"],"nonDeceptorImageFiles":[],"guid":"a1d71ba2-2ea3-44c2-a602-6dbc8c9ff0e5_3.0.4_1","appID":"magiccleanerpowerfulclean-220920","dateAdded":"220926","deceptorType":"Android App","name":"Magic Cleaner Powerful Clean","company":"iTechnologyMobi","version":"3.0.4","sigName":"Deceptor:Android/MagicCleanerPowerfulClean!103014","lastKnownStatus":"3.0.4","lastKnownDate":"220926","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-26T19:34:02.6739634+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1259},{"violations":{"ACR-003":"A pop-up displays a cleaning notification after installation which cannot be substantiated compelling user to take action. The app also displays different initial scan result between the pop-up notification and the app's main window which is misleading. \n","ACR-004":"The app affirms to provide a 1-day full featured trial but unable to fix all scanned items. It requires the consumer to register to complete the clean.\n"},"nonDeceptorViolations":{"ACR-088":" A pop-up notification displays as system scan result which is performed in the background automatically despite disabling the start scan after install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"Smart_DiskCleanup.exe","companyName":"Smart PC Solutions","productName":"Smart Disk Cleanup","fileVersion":"3.0.1          ","hashMD5":"a166c1d52cd452e504eeaec84955acec","hashSHA1":"7294c61df3da5376bffff11dca22980b708fe352","hashSHA256":"05267e6bc2b6768561db7f03ea1b6f55294bb7d89ef551166a7aff303002c208","digitalCertThumbprint":"A21B9C843E7AA7E5734D4B1BC81A00B05CB952D8","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=\"Smart PC Solutions, Inc.\", O=\"Smart PC Solutions, Inc.\", L=Alexandria, S=Virginia, C=US","sourceIndex":"1384","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"smartdiskcleanup.exe","isInstaller":"True","companyName":"Smart PC Solutions                                          ","productName":"Smart Disk Cleanup","fileVersion":"3.0.1          ","hashMD5":"f773de542f0e71fd36eab58a125e4185","hashSHA1":"8356ec07b213eec42896f972e0cfd220e5209272","hashSHA256":"d9c59410eae526d73a36044bb0345017dabe36dea4369a7e6eadb7fa139a90a4","digitalCertThumbprint":"A21B9C843E7AA7E5734D4B1BC81A00B05CB952D8","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=\"Smart PC Solutions, Inc.\", O=\"Smart PC Solutions, Inc.\", L=Alexandria, S=Virginia, C=US","sourceIndex":"1384","avBlockList":["Avast Premium Security (20221004)","AVG Internet Security (20221004)","Avira Internet Security (20221004)","Dr.Web Security Space (20221004)","ESET Internet Security (20221004)","Malwarebytes Premium (20221004)","McAfee Total Protection (20221004)","Norton Security (20221004)","Panda Dome (20221004)","Sophos Home Premium (20221004)","SpyHunter5 (20221004)","Total AV Antivirus Pro (20221004)","VirIT eXplorer PRO (20221004)","Webroot SecureAnywhere (20221004)"],"avAllowList":["360 Total Security (20221004)","Bitdefender Internet Security (20221004)","COMODO Antivirus (20221004)","G DATA INTERNET SECURITY (20221004)","K7 Total Security (20220929)","Kaspersky Internet Security (20221004)","Quick Heal Internet Security (20221004)","Trend Micro Internet Security (20221004)","VIPRE Advanced Security (20221004)","Windows Defender (20221004)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt Search: Cleanup tools","landingPage":"https://smartpctools.com/smart-disk-cleanup/","directDownloadingLink":"https://smartpctools.com/files/smartdiskcleanup.exe","landingPageWildChar":"","directDownloadingLinkWildChar":"https://smartpctools.com/files/smartdiskcleanup.exe","sourceIndex":"1384"}],"sampleFiles":["220926/smartdiskcleanup-180219/3.0.1/Samples/Smart_DiskCleanup.exe","220926/smartdiskcleanup-180219/3.0.1/Samples/smartdiskcleanup.exe"],"imageFiles":["220926/smartdiskcleanup-180219/3.0.1/Images/ACR-003/ACR-003_Inconsistent_Cleaning_Notif.jpg","220926/smartdiskcleanup-180219/3.0.1/Images/ACR-004/ACR-004_IncompleteFix.jpg","220926/smartdiskcleanup-180219/3.0.1/Images/ACR-004/ACR-004_Require_to_Register_to_Complete_Clean.png","220926/smartdiskcleanup-180219/3.0.1/Images/ACR-004/ACR-004_IncompleteFix.mp4"],"nonDeceptorImageFiles":["220926/smartdiskcleanup-180219/3.0.1/Images/ACR-088/ACR-088_Disable_Automatic_Scan.jpg","220926/smartdiskcleanup-180219/3.0.1/Images/ACR-088/ACR-088_Automatic_Scan_Notif.jpg","220926/smartdiskcleanup-180219/3.0.1/Images/ACR-099/SmartDiskCleanup_About.png","220926/smartdiskcleanup-180219/3.0.1/Images/ACR-099/SmartDiskCleanup_LandingPage.png","220926/smartdiskcleanup-180219/3.0.1/Images/ACR-099/SmartDiskCleanup_OfferPage.png"],"guid":"ee82f95e-a502-453c-9fc3-6b30e4e5be3a_3.0.1_1","appID":"smartdiskcleanup-180219","dateAdded":"220926","deceptorType":"App","name":"Smart Disk Cleanup","company":"Smart PC Solutions Inc","version":"3.0.1","lastKnownStatus":"3.0.1","lastKnownDate":"220926","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-10-06T18:47:56.4196609+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1258},{"violations":{"ACR-046":"Unrelated software offers are preselected in the installation and requires the user to uncheck a boxes in order to decline the offer. Decline option is also grayed-out showing unequal prominence with the next button. \n","ACR-003":"Upon launching the app, it automatically performs a system scan with exaggerated claims about the system health that requires installing another app to fix. The scan result cannot be validated and uses alarming color to compel user to take action. \n","ACR-004":"Application reports unsubstantiated issues found with unaware scanning in background. It doesn't provide the free fix, instead requires to install another application to fix it. \n","ACR-059":"Offers are not clearly mark as optional offer. \n"},"nonDeceptorViolations":{"ACR-088":"A pop-up notification displays as system scan result that cannot be substantiated to promote another app and compel user to take action for its unverifiable scan summary. \n"},"samples":[{"isRevoked":"False","fileName":"auslogics-browser-care-5-0-14-0.exe","isInstaller":"True","companyName":"Auslogics                                                  ","productName":"Auslogics Browser Care","fileVersion":"5.0.14.0","hashMD5":"1b7e570046e81599b29433a4d32c1b16","hashSHA1":"b64b630e1ff31c431d4b02f2449e47e74a3fb7fe","hashSHA256":"afc46320affd2c036a2fa0f8705faea4bcc2f54ad5ccc804f8fc8caf4ab59f3e","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU, SERIALNUMBER=45163028662, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"1392","avBlockList":["360 Total Security (20220927)","Avast Premium Security (20220927)","AVG Internet Security (20220927)","Avira Internet Security (20220927)","Dr.Web Security Space (20220927)","ESET Internet Security (20220927)","G DATA INTERNET SECURITY (20220927)","Kaspersky Internet Security (20220927)","Malwarebytes Premium (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Sophos Home Premium (20220927)","Total AV Antivirus Pro (20220927)","VirIT eXplorer PRO (20220927)","Webroot SecureAnywhere (20220927)"],"avAllowList":["Bitdefender Internet Security (20220927)","COMODO Antivirus (20220927)","K7 Total Security (20220927)","Quick Heal Internet Security (20220927)","SpyHunter5 (20220927)","Trend Micro Internet Security (20220927)","VIPRE Advanced Security (20220927)","Windows Defender (20220927)"]},{"isRevoked":"False","fileName":"BrowserCare.exe","companyName":"Auslogics","productName":"Browser Care","fileVersion":"5.0.14.0","hashMD5":"d71b573dc8510a0b5d53267fc09703df","hashSHA1":"400e21dd602daebf2c762f84a032a1a0d1a507ea","hashSHA256":"810fd8db2c1b201c9dd3a9c7602bc48653678a9ceefffa5642b26ac83e8e3e61","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"1392","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt search: browser app","reference":"","landingPage":"https://auslogics-browser-care.en.uptodown.com/windows","directDownloadingLink":"https://auslogics-browser-care.en.uptodown.com/windows/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://auslogics-browser-care.en.uptodown.com/windows/download","sourceIndex":"1392"}],"sampleFiles":["220922/AuslogicsBrowserCare-220922/5.0.14.0/Samples/auslogics-browser-care-5-0-14-0.exe","220922/AuslogicsBrowserCare-220922/5.0.14.0/Samples/BrowserCare.exe"],"imageFiles":["220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-046/ACR-046_ShieldDefense.jpg","220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-046/ACR-046_BootSpeed.jpg","220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-046/ACR-046_DriverUpdater.jpg","220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-004/ACR-003_Unsubstantiated_Scan_Result.jpg","220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-003/ACR-003_AutoScan.jpg","220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-003/ACR-003_Unsubstantiated_Scan_Result.jpg","220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-059/ACR-046_059_ShieldDefense.jpg","220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-059/ACR-046_059_BootSpeed.jpg","220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-059/ACR-046_059_DriverUpdater.jpg"],"nonDeceptorImageFiles":["220922/AuslogicsBrowserCare-220922/5.0.14.0/Images/ACR-088/ACR-088_BootSpeedScan.jpg"],"guid":"0c593579-2da5-4cd6-ab70-9f0cd4fb180b_5.0.14.0_1","appID":"AuslogicsBrowserCare-220922","dateAdded":"220922","deceptorType":"App","name":"Auslogics Browser Care","company":"Auslogics","version":"5.0.14.0","sigName":"","firstVendorContactDate":"220927","firstAppEsteemReplyDate":"220927","firstResolvedDate":"220930","lastKnownStatus":"5.0.14.0","lastKnownDate":"220922","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-09-30T19:33:36.8243629+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1269},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" before disclosing them to the user and users agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed still downloads and runs “rkverify.exe”, a RelevantKnowledge file.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-103":"The \"Buy now\" option in the software and Landing page (http://www.videotool.net/video-joiner.htm) returns an error page.\n","ACR-118":"Upon uninstallation, it retains some of its components on the device without the user's knowledge and consent.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded RelevantKnowledge files regardless. \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CuteVideoJoiner\\CuteVideoJoiner.exe","companyName":"Videotool.NET","productName":"","productVersion":"3.3.0.0","fileVersion":"4.8.0.20","hashMD5":"64310971a12cc0483149aa8adb337aab","hashSHA1":"c0dc83be3e9a8d9f3150798e0352114a0b5a464a","hashSHA256":"f394c494f019744762aad857a0ba9b611e671de707b26eba8faf70df6aed2c44","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1413","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"videojoiner.exe","isInstaller":"True","companyName":"                                                            ","productName":"Cute Video Joiner                                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"57853a8c66b92bcb82b25752507ad16e","hashSHA1":"225849f0872ca0517d5a455a8ba86ba00593d87d","hashSHA256":"8d73be377359a8e2a87efbd77fe5118d3d057e853853f129a6a09999dfed0416","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1413","avBlockList":["360 Total Security (20220929)","Avast Premium Security (20220929)","AVG Internet Security (20220929)","Avira Internet Security (20220929)","Bitdefender Internet Security (20220929)","Dr.Web Security Space (20220929)","ESET Internet Security (20220929)","G DATA INTERNET SECURITY (20220929)","K7 Total Security (20220929)","Kaspersky Internet Security (20220929)","Malwarebytes Premium (20220929)","McAfee Total Protection (20220929)","Norton Security (20220929)","Panda Dome (20220929)","Quick Heal Internet Security (20220929)","Sophos Home Premium (20220929)","SpyHunter5 (20220929)","Total AV Antivirus Pro (20220929)","VIPRE Advanced Security (20220929)","VirIT eXplorer PRO (20220929)","Webroot SecureAnywhere (20220929)","Windows Defender (20220929)"],"avAllowList":["COMODO Antivirus (20220929)","Trend Micro Internet Security (20220929)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"http://www.videotool.net/video-joiner.htm","directDownloadingLink":"http://www.videotool.net/download/videojoiner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.videotool.net/download/videojoiner.exe","sourceIndex":"1413"}],"sampleFiles":["220922/CuteVideoJoiner-220921/4.8.0.20/Samples/videojoiner.exe"],"imageFiles":["220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-109/ACR-109.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-039/ACR-039.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-048/ACR-048_1.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-010/ACR-010.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-103/ACR-103.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-103/ACR-103_1.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-103/ACR-103_2.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-118/ACR-118_1.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-118/ACR-118_2.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-059/ACR-059.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-106/ACR-106.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-092/ACR-092_1.JPG","220922/CuteVideoJoiner-220921/4.8.0.20/Images/ACR-092/ACR-092_2.JPG"],"guid":"4054f776-3fc1-453b-931a-211ec6096ca4_4.8.0.20_1","appID":"CuteVideoJoiner-220921","dateAdded":"220922","deceptorType":"App","name":"Cute Video Joiner","company":"Videotool.NET","version":"4.8.0.20","lastKnownStatus":"4.8.0.20","lastKnownDate":"220922","type":"Windows Executable","category":"Media editors","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-22T22:29:28.7352159+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1268},{"violations":{"ACR-004":"The application does not provide a fully functioning free trial. The app does not provide free fixes for the results identified during the free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide EULA & Privacy policy on the AppStore page.\nThe app does not provide EULA & Privacy policy on the Software.\n","ACR-088":"The app performs a system scan automatically without the consumer's action and authorization\n","ACR-099":"The app does not display links to uninstall information.\nThe app does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"DiskCleanLiteSetup.pkg","isInstaller":"True","companyName":"AppYogi Software","productName":"AppYogi Software","productVersion":"1.6","fileVersion":"1.6","hashMD5":"32f412062c09fbc4988c366c12300b8d","hashSHA1":"5533da697f41a4fae1ee002fed3240671091d5b9","hashSHA256":"159b039bfc1d8602dad36730232d3b5d318087f7ff2a2e6dccc9be29236be12f","digitalCertThumbprint":"06021909-3BBF-29B6-CB78-35DD27FD55AF","digitalCertIssuer":"Apple Root CA","sourceIndex":"1412","avBlockList":["Avast Security for Mac (20221108)","Avira Security for Mac (20221108)","Bitdefender Antivirus for Mac (20221108)","ESET Cyber Security Pro for Mac (20221108)","G DATA AntiVirus for Mac (20221108)","K7 Antivirus for Mac (20221108)","Norton Security for Mac (20221108)","Trend Micro Antivirus for Mac (20221108)"],"avAllowList":["Kaspersky Internet Security for Mac (20221108)","McAfee Internet Security for Mac (20221108)"]},{"isRevoked":"False","fileName":"Disk Cleaner Lite","companyName":"AppYogi Software","productName":"AppYogi Software","productVersion":"1.6","fileVersion":"1.6","hashMD5":"38f0aed9cf797f10432289a6e7ad0b32","hashSHA1":"aa6cc13c2ed24798e5f93662cca04f9037fdf931","hashSHA256":"942ca2a74c361fe1c9107c6574e4a51a8b2456fdeca4e90ef002987b5ba66d45","digitalCertThumbprint":"06021909-3BBF-29B6-CB78-35DD27FD55AF","digitalCertIssuer":"Apple Root CA","sourceIndex":"1412","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"diskcleanerlitehelper","companyName":"AppYogi Software","productName":"AppYogi Software","productVersion":"1.6","fileVersion":"1.6","hashMD5":"d4b8a4ccfdba6bd921aa68dd2afcc1e1","hashSHA1":"d1b1da156781b171ad75abd2cf109b6f1bfe5d0f","hashSHA256":"cdd858b5f4969962f24a9a56de633509bddec0b89390bbded781ddf0a3f2db20","digitalCertThumbprint":"06021909-3BBF-29B6-CB78-35DD27FD55AF","digitalCertIssuer":"Apple Root CA","sourceIndex":"1412","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search in Appstore","reference":"","landingPage":"https://apps.apple.com/in/app/disk-clean-lite-clean-master/id1407593317?mt=12","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"1412"}],"sampleFiles":["220922/DiskCleanLite-220921/1.6/Samples/DiskCleanLiteSetup.pkg","220922/DiskCleanLite-220921/1.6/Samples/Disk Cleaner Lite","220922/DiskCleanLite-220921/1.6/Samples/diskcleanerlitehelper"],"imageFiles":["220922/DiskCleanLite-220921/1.6/Images/ACR-004/ACR-004.png","220922/DiskCleanLite-220921/1.6/Images/ACR-004/ACR-004_1.png"],"nonDeceptorImageFiles":["220922/DiskCleanLite-220921/1.6/Images/ACR-065/ACR-065_Install.png","220922/DiskCleanLite-220921/1.6/Images/ACR-088/ACR-088.png","220922/DiskCleanLite-220921/1.6/Images/ACR-065/ACR-065.png","220922/DiskCleanLite-220921/1.6/Images/ACR-099/ACR-099.png","220922/DiskCleanLite-220921/1.6/Images/ACR-099/ACR-099.png","220922/DiskCleanLite-220921/1.6/Images/ACR-099/ACR-099_Landingpage.png"],"guid":"d9c9c7de-939e-4b14-9875-83465b9e29be_1.6_1","appID":"DiskCleanLite-220921","dateAdded":"220922","deceptorType":"MacOS App","name":"Disk Clean Lite","company":"AppYogi Software","version":"1.6","lastKnownStatus":"1.6","lastKnownDate":"220922","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-09-22T22:51:13.3830461+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1267},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method. \n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a Library Directory named \"skm\".\n","ACR-002":"The App shows different names as \"Spyrix Keylogger\" and \"skm\" in the running service/apps section. \n"},"samples":[{"isRevoked":"False","fileName":"skm","fileVersion":"0.","hashMD5":"17ca73ebaa39ce3a124260df537ea370","hashSHA1":"40256508967ac57acb299317c5f0f4156dc6f957","hashSHA256":"041a0c68fabbb98deca3a7c4455018848e367d9bd6ac14305d197e677f64a86a","sourceIndex":"2139","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Spyrix Keylogger for Mac 10.6.mpkg.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"28f13a23a660eaeb9e986048c653d01260e1b681b530a762c3cefd8d9c6f722e","sourceIndex":"2139","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Spyrix Keylogger for Mac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"215ae806737b93deae59fdaf3f231d9d","hashSHA1":"e6b2d4165976c1612454c69ad63297257ec6aedc","hashSHA256":"c579248c09a39e07ad6defe3347b7799730bdffa32baa53fefbc4d87f12bf8b1","sourceIndex":"2139","avBlockList":["Avast Security for Mac (20201208)","Avira Security for Mac (20200814)","Bitdefender Antivirus for Mac (20201208)","ESET Cyber Security Pro for Mac (20201208)","G DATA AntiVirus for Mac (20201208)","McAfee Internet Security for Mac (20201208)","Norton Security for Mac (20201208)","Sophos Home Premium For Mac (20201208)","Trend Micro Antivirus for Mac (20201208)"],"avAllowList":["K7 Antivirus for Mac (20201208)","Kaspersky Internet Security for Mac (20201208)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: macos keylogger","reference":"http://www.spyrix.com/spyrix-free-keylogger.php","landingPage":"https://spyrix.app/keylogger-for-mac-download.php","directDownloadingLink":"https://securespyrix.com/downloads/sk_mac.mpkg.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://securespyrix.com/downloads/sk_mac.mpkg.zip","sourceIndex":"2139"}],"sampleFiles":["200805/SpyrixKeylogger-200421/10.6/Samples/skm","200805/SpyrixKeylogger-200421/10.6/Samples/Spyrix Keylogger for Mac 10.6.mpkg.zip","200805/SpyrixKeylogger-200421/10.6/Samples/Spyrix Keylogger for Mac.pkg"],"imageFiles":["200805/SpyrixKeylogger-200421/10.6/Images/ACR-084/Spyrix Keylogger_RunningProcess [1].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-084/Spyrix Keylogger_Password [1].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-084/Spyrix Keylogger_Settings [5].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-084/Spyrix Keylogger_Interactions [2].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-086/Spyrix Keylogger_Settings [10].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-086/Spyrix Keylogger_Interactions [4].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-086/Spyrix Keylogger_Interactions [2].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-086/Spyrix Keylogger_Password [1].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-048/Spyrix Keylogger_Settings [3].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-048/Spyrix Keylogger_Settings [5].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-048/Spyrix Keylogger_Settings [6].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-048/Spyrix Keylogger_Settings [8].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-048/Spyrix Keylogger_Settings [10].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-007/Spyrix Keylogger_RunningProcess [1].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-007/Spyrix Keylogger_Password [1].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-007/Spyrix Keylogger_Settings [5].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-007/Spyrix Keylogger_Interactions [2].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-116/Spyrix Keylogger_InstalledApp [1].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-116/Spyrix Keylogger_InstalledApp [2].png"],"nonDeceptorImageFiles":["200805/SpyrixKeylogger-200421/10.6/Images/ACR-040/Spyrix Keylogger_Files [2].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-002/Spyrix Keylogger_RunningProcess [1].png","200805/SpyrixKeylogger-200421/10.6/Images/ACR-002/Spyrix Keylogger_About[1].png"],"guid":"ce2b192b-4a4b-44b6-b744-9af285f927c8_10.6_1","appID":"SpyrixKeylogger-200421","dateAdded":"220921","deceptorType":"MacOS App","name":"Spyrix Keylogger","company":"Spyrix Software","version":"10.6","sigName":"Deceptor:MacOS/SpyrixKeyloggerStalkerware!084086048007116","lastKnownStatus":"10.3;10.6;12.3","lastKnownDate":"220921","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2022-09-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1271},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. It also requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method. \n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a Library Directory named \"skm\".\n","ACR-002":"The App shows different names as \"Spyrix Keylogger\" and \"skm\" in the running service/apps section. \n"},"samples":[{"isRevoked":"False","fileName":"skm","fileVersion":"0.","hashMD5":"06ea63ec06d2a0d981459f3970b361b0","hashSHA1":"cfd6e39e8f9107538bdad989e5f205370519df4d","hashSHA256":"105907ab08e7b97318aef727d40154652c9f349221083562aadf7fd260413853","sourceIndex":"2493","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"skm-Helper","fileVersion":"0.","hashMD5":"1a86a5890350f9a47d3a42f331cda801","hashSHA1":"107ae2b9f737968e1574d38185da519e7da37bab","hashSHA256":"9d3b53253a58bb3fa2f6b6f0420297ca0b4e6e6b111d585d5c3a83bf75a68914","sourceIndex":"2493","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Spyrix Keylogger for Mac 10.3.mpkg.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"609083675cd13c1d13c8b0613d6614bb5db559efa16d6e82daa4e3944ea0bb85","sourceIndex":"2493","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Spyrix Keylogger for Mac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"e380bed8f0cbd73d882bab5be3c5c9bc","hashSHA1":"a9c8bdf56805fc11594c00ac7b5f8c2844c4a438","hashSHA256":"eb2e8792c697fd2ec39bddec39e340eada111d14e5eb60c9424710a15469deea","sourceIndex":"2493","avBlockList":["Avast Security for Mac (20200908)","Avira Security for Mac (20200908)","Bitdefender Antivirus for Mac (20200908)","ESET Cyber Security Pro for Mac (20200908)","G DATA AntiVirus for Mac (20200908)","K7 Antivirus for Mac (20200908)","McAfee Internet Security for Mac (20200908)","Norton Security for Mac (20200908)","Sophos Home Premium For Mac (20200908)","Trend Micro Antivirus for Mac (20200908)"],"avAllowList":["Kaspersky Internet Security for Mac (20200908)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: macos keylogger","reference":"http://www.spyrix.com/spyrix-free-keylogger.php","landingPage":"https://spyrix.app/keylogger-for-mac-download.php","directDownloadingLink":"https://securespyrix.com/downloads/sk_mac.mpkg.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://securespyrix.com/downloads/sk_mac.mpkg.zip","sourceIndex":"2493"}],"sampleFiles":["200422/SpyrixKeylogger-200421/10.3/Samples/skm","200422/SpyrixKeylogger-200421/10.3/Samples/skm-Helper","200422/SpyrixKeylogger-200421/10.3/Samples/Spyrix Keylogger for Mac.pkg"],"imageFiles":["200422/SpyrixKeylogger-200421/10.3/Images/ACR-084/SpyrixKeylogger_SettingWIzard [3].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-084/Running Process.png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-084/Application_Icon.png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-086/SpyrixKeylogger_SettingWIzard [3].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-086/SpyrixKeylogger_SettingWIzard [5].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-048/List of Application.png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-048/SpyrixKeylogger_Interaction [3].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-048/SKM Directory [2].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-007/SpyrixKeylogger_Interaction [3].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-007/SpyrixKeylogger_SettingWIzard [2].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-007/Running Process.png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-116/List of Application.png"],"nonDeceptorImageFiles":["200422/SpyrixKeylogger-200421/10.3/Images/ACR-040/SKM Directory [2].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-040/SKM Directory.png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-002/SpyrixKeylogger_Interaction [1].png","200422/SpyrixKeylogger-200421/10.3/Images/ACR-002/Running Process.png"],"guid":"ce2b192b-4a4b-44b6-b744-9af285f927c8_10.3_1","appID":"SpyrixKeylogger-200421","dateAdded":"220921","deceptorType":"MacOS App","name":"Spyrix Keylogger","company":"Spyrix Software","version":"10.3","sigName":"Deceptor:MacOS/SpyrixKeyloggerStalkerware!084086048007116","lastKnownStatus":"10.3;10.6;12.3","lastKnownDate":"220921","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-09-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1272},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"Despite the decline of the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rkverify.exe”.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"Upon uninstallation, it retains some executables on the device without the user's knowledge.\n","ACR-059":"No optional offer is clearly marked in the offer. The offer looks like part of the install application.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rkverify.exe”\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MP3 My MP3 4.2\\Mp3MyMp3 4.2.exe","companyName":"Adobe Systems Inc.","productName":"Director 11.5","productVersion":"11.5","fileVersion":"11.5r593","hashMD5":"3beb78f6766171cf829b88917f7e223c","hashSHA1":"a72cf95e493ea299049378723db1839ebabee338","hashSHA256":"4504162f824905d08ac952c0a2012b6537be442aa9d24a728b08032aa9535fbc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"670","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mp3mymp3install.exe","isInstaller":"True","companyName":"Bruce McArthur                                              ","productName":"MP3MyMP3                                                    ","productVersion":"4.2                                               ","fileVersion":"4.2                 ","hashMD5":"555e92b07b3caa1d3529131875124c6f","hashSHA1":"75668258879c341a042740cca2c186d46459ed07","hashSHA256":"a2541603a5473a02ab3b1cb1f09162ad1aa14446c8434ec585de8f4395c704b2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"670","avBlockList":["Avast Premium Security (20221013)","AVG Internet Security (20221013)","Avira Internet Security (20221013)","Bitdefender Internet Security (20221013)","COMODO Antivirus (20221013)","Dr.Web Security Space (20221013)","ESET Internet Security (20221013)","K7 Total Security (20221013)","Kaspersky Internet Security (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Quick Heal Internet Security (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","Trend Micro Internet Security (20221013)","VIPRE Advanced Security (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)","Windows Defender (20221013)"],"avAllowList":["360 Total Security (20221013)","G DATA INTERNET SECURITY (20221013)","Malwarebytes Premium (20221013)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search ","reference":"","landingPage":"https://mp3mymp3.digitalliquid.com/index.html","directDownloadingLink":"https://mp3mymp3.digitalliquid.com/tank/mp3mymp3install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mp3mymp3.digitalliquid.com/tank/mp3mymp3install.exe","sourceIndex":"670"}],"sampleFiles":["220921/Mp3MyMp3-220921/4.2/Samples/mp3mymp3install.exe"],"imageFiles":["220921/Mp3MyMp3-220921/4.2/Images/ACR-109/ACR-109.JPG","220921/Mp3MyMp3-220921/4.2/Images/ACR-039/ACR-039.JPG","220921/Mp3MyMp3-220921/4.2/Images/ACR-048/ACR-048.JPG","220921/Mp3MyMp3-220921/4.2/Images/ACR-010/ACR-010.JPG","220921/Mp3MyMp3-220921/4.2/Images/ACR-118/ACR-118.JPG","220921/Mp3MyMp3-220921/4.2/Images/ACR-118/ACR-118_1.JPG","220921/Mp3MyMp3-220921/4.2/Images/ACR-059/ACR-059.JPG","220921/Mp3MyMp3-220921/4.2/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220921/Mp3MyMp3-220921/4.2/Images/ACR-106/ACR-106.JPG","220921/Mp3MyMp3-220921/4.2/Images/ACR-092/ACR-092.JPG"],"guid":"065a8479-c400-4d95-a123-92e69ad3b9dc_4.2_1","appID":"Mp3MyMp3-220921","dateAdded":"220921","deceptorType":"App","name":"Mp3MyMp3","company":"digitalliquid.com","version":"4.2","lastKnownStatus":"4.2","lastKnownDate":"220921","type":"Windows Executable","category":"Media editors, Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-03-27T18:36:45.9383163+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1273},{"violations":{"ACR-017":"The app's internal offer webpage elevates its consumer trust level by displaying partner logos with unverifiable/invalid links.\n"},"nonDeceptorViolations":{"ACR-045":"The app claims to provide a trial version but is not functional. There is no way to evaluate the app before purchase as mentioned, which is misleading. \n","ACR-065":"The app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app's EULA and ToS in its Offer page links back to another app's EULA and ToS.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe landing page does not display links to uninstall information.\nThe internal offer webpage has no link that shows how to uninstall the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app's landing page contains endorsements with no links to original source, hence, unverifiable.\nThe app's internal offer page contains endorsements and partner logos with unverifiable/invalid links.\n","ACR-017":"The application elevates its consumer trust level by displaying partner logos with unverifiable/invalid links.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"LionSea SoftWare                                            ","fileVersion":"0.0","hashMD5":"35ca7069f880071fb54541469818883f","hashSHA1":"735fc6ba454d0fb07046d9ca6476e405c9052fea","hashSHA256":"e028fb2405a8498904b5316624fee1180ea0ce79c168c97c3d34d8b75e910318","digitalCertThumbprint":"6537B50F8404D3C5A98EF9084415B145DA652757","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"1414","avBlockList":["Avira Internet Security (20221013)","Dr.Web Security Space (20221013)","G DATA INTERNET SECURITY (20221013)","Malwarebytes Premium (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)"],"avAllowList":["360 Total Security (20221013)","Avast Premium Security (20221013)","AVG Internet Security (20221013)","Bitdefender Internet Security (20221013)","COMODO Antivirus (20221013)","ESET Internet Security (20221013)","K7 Total Security (20221013)","Kaspersky Internet Security (20221013)","Quick Heal Internet Security (20221013)","Trend Micro Internet Security (20221013)","VIPRE Advanced Security (20221013)","Windows Defender (20221013)"]},{"isRevoked":"False","fileName":"Video Converter Ultimate.exe","fileVersion":"0.0","hashMD5":"31a9dbf6969080d6970ca0261c94b399","hashSHA1":"abc98c39b7ad61915d1cf28ed4cec7e244bcc231","hashSHA256":"394dc86c56026a5758b9f629a754a5eb806d5ed0dc665c5e252885073c051405","sourceIndex":"1414","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searched for LionSea software","reference":"","landingPage":"www.lionsea.com","directDownloadingLink":"http://www.lionsea.com/download/video/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.lionsea.com/download/video/setup.exe","sourceIndex":"1414"}],"sampleFiles":["220921/LionSeaVideoConverterUltimate-220920/4.3.2/Samples/setup.exe","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Samples/Video Converter Ultimate.exe"],"imageFiles":["220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-017/LionSeaVideoConverterUltimate_OfferPage.png"],"nonDeceptorImageFiles":["220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-045/ACR-004_045_NoFreeTrial.gif","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-045/ACR-004_045_NoFreeTrial.jpg","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-065/ACR-065-LinkstoDocs.jpg","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-099/ACR-099_software.jpg","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-150/ACR-150_LandingPage.jpg","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-099/LionSeaVideoConverterUltimate_LP_FAQ.png","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-017/ACR-017-Unverifieable_Endorsements.jpg","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-150/LionSeaVideoConverterUltimate_OfferPage.png","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-065/ACR-065_InternalOffer_Docs.gif","220921/LionSeaVideoConverterUltimate-220920/4.3.2/Images/ACR-099/LionSeaVideoConverterUltimate_OfferPage.png"],"guid":"48fa9d1a-f177-4db9-96ed-4638c9fe09a9_4.3.2_1","appID":"LionSeaVideoConverterUltimate-220920","dateAdded":"220921","deceptorType":"App","name":"LionSea Video Converter Ultimate","company":"LionSea Software","version":"4.3.2","lastKnownStatus":"4.3.2","lastKnownDate":"220921","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-09-21T21:38:02.8168645+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1274},{"violations":{"ACR-043":"FFmpeg third-party library is installed without disclosure.\n\n(FFmpeg is the component that is required for this app to function. If this is only component added without disclosure, we usually let it pass)\n","ACR-048":"The application can't be closely completely. A running process left behind after application is closed. \n","ACR-084":"1) The app creates the startup entry for the process ProductUpdater without user's knowledge. The relation of ProductUpdater to the main App is not clear to the consumer. 2) When the user closes the main app, the processes ProductUpdater and FreemakeUtilsService keeps running in the background. \n","ACR-014":"The confusing price of the internal offer is unfair to user. \n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be fully activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n","ACR-002":"App's name is inconsistent, confusing the user as to which app has been installed.\nApp's name is inconsistent, confusing the user as to which app has been installed.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-120":"At uninstall, it attempts to re-advertise the same app at a very low offer price.\n\n","ACR-167":"The application only offers a 14-day refund policy.\n","ACR-068":"Each time the user opens, closes and even at the attempt to uninstall the App, the Internal/Discount offer for Lifetime Mega or All-in-one Bundle pack varies. This inconsistent offer seems misleading and confusing to the consumer.\n","ACR-017":"Landing page elevates consumer trust level by displaying Awards from tech blogs-- edorsements that are unverifiable.\n"},"samples":[{"isRevoked":"False","fileName":"FreemakeVC.exe","companyName":"Freemake","productName":"Freemake Video Converter","productVersion":"4.1.13.129","fileVersion":"4.1.13.129","hashMD5":"6fac5283bf214baebc2befa4555e0705","hashSHA1":"3f40c788b5fc45c6d5fb01fa1f9704a004f76654","hashSHA256":"81a8c2021b2f48f13f4b9424e99204430ce4d757a673af4dd93000bc34b827dc","digitalCertThumbprint":"335A57DB3B4C5125C5D746C1322AFE5447A56C3D","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"MIXBYTE, INC.\", O=\"MIXBYTE, INC.\", STREET=541 Jefferson Ave Ste 100, L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1419","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemakeVideoConverter.exe","companyName":"Freemake","productName":"Freemake Video Converter","fileVersion":"2.0.0.0","hashMD5":"6f32b6448b9391e1dd5d3c7bcad6ffb8","hashSHA1":"1fcf62e4b14736799dc81289d2fa9bdc35bc7262","hashSHA256":"2846617c8e73fa69d9aa7a669e6b79d141f1be27774c7223c20470309c8c95ce","digitalCertThumbprint":"335A57DB3B4C5125C5D746C1322AFE5447A56C3D","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"MIXBYTE, INC.\", O=\"MIXBYTE, INC.\", STREET=541 Jefferson Ave Ste 100, L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1419","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemakeVideoDownloaderSetup.exe","isInstaller":"True","companyName":"Mixbyte Inc.                                                ","productName":"Freemake Video Converter        ","productVersion":"4.1.13    ","fileVersion":"4.1.13.20        ","hashMD5":"0c65c78beac218d40a772fac8e626cfe","hashSHA1":"37728f0def494d3ef41da828f833f95f6b67c0a3","hashSHA256":"21922ffd9ea971e00f705eb876d21f04b8159a087000a589987bb4788b1f6477","digitalCertThumbprint":"4F3D78A23F16FB26564FA4727939BB6945229053","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Mixbyte Inc, O=Mixbyte Inc, STREET=\"541 Jefferson Ave, Ste 100\", L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1419","avBlockList":["360 Total Security (20221013)","Avast Premium Security (20221013)","AVG Internet Security (20221013)","Avira Internet Security (20221013)","Dr.Web Security Space (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Quick Heal Internet Security (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)"],"avAllowList":["Bitdefender Internet Security (20221013)","COMODO Antivirus (20221013)","ESET Internet Security (20221013)","G DATA INTERNET SECURITY (20221013)","K7 Total Security (20221013)","Kaspersky Internet Security (20221013)","Malwarebytes Premium (20221013)","Trend Micro Internet Security (20221013)","VIPRE Advanced Security (20221013)","Windows Defender (20221013)"]},{"isRevoked":"False","fileName":"ProductUpdater.exe","productName":"ProductUpdater","productVersion":"1.0.21.0","fileVersion":"1.0.21.0","hashMD5":"35c2a57c0d9650c99e4e10df3dc4a892","hashSHA1":"f970cc37273f094152ff2c311b2dbb6ec5978608","hashSHA256":"4326753794cbed999cb6a10dc6fc92549692d228c4b3dba33a654192803e325b","digitalCertThumbprint":"335A57DB3B4C5125C5D746C1322AFE5447A56C3D","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"MIXBYTE, INC.\", O=\"MIXBYTE, INC.\", STREET=541 Jefferson Ave Ste 100, L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1419","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://www.freemake.com/free_video_downloader_well/","directDownloadingLink":"https://download.freemake.net/products/0C65C78BEAC218D40A772FAC8E626CFE/FreemakeVideoDownloaderSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.freemake.net/products/0C65C78BEAC218D40A772FAC8E626CFE/FreemakeVideoDownloaderSetup.exe","sourceIndex":"1419"}],"sampleFiles":["220921/FreemakeVideoDownloader-220908/4.1.13.20/Samples/FreemakeVC.exe","220921/FreemakeVideoDownloader-220908/4.1.13.20/Samples/FreemakeVideoConverter.exe","220921/FreemakeVideoDownloader-220908/4.1.13.20/Samples/FreemakeVideoDownloaderSetup.exe","220921/FreemakeVideoDownloader-220908/4.1.13.20/Samples/ProductUpdater.exe"],"imageFiles":["220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-043/ACR-043_ffmpeg.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-084/ACR-084_ProductUpdater.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-084/ACR-084_Background_Processes.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-014/Uninstall_Counter_Offer_2.png","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-014/Uninstall_Counter_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-014/FVD_ExitApp_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-014/FVD_Discount_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-014/FVD_AfterUploadURL_Offer.jpg"],"nonDeceptorImageFiles":["220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-002/ACR-002_Inconsistent_AppName-1.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-002/ACR-002_Inconsistent_AppName-2.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-002/ACR-002_Inconsistent_AppName-1.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-002/ACR-002_Inconsistent_AppName-2.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-120/Uninstall_Counter_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-120/Uninstall_Counter_Offer_2.png","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-167/ACR-167_RefundPolicy.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-045/ACR-045-LandingPage.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-045/ACR-045_Free_Download.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-045/FVD_AfterUploadURL_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-017/ACR-017_Awards.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-161/ACR-161_Unverifiable_Testimonials.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-068/FVD_AfterUploadURL_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-068/FVD_Discount_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-068/FVD_ExitApp_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-068/FVD_ExitApp_Offer_2.png","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-068/Uninstall_Counter_Offer.jpg","220921/FreemakeVideoDownloader-220908/4.1.13.20/Images/ACR-068/Uninstall_Counter_Offer_2.png"],"guid":"25744fe4-9002-4d6d-861c-1846a717e0c8_4.1.13.20_1","appID":"FreemakeVideoDownloader-220908","dateAdded":"220921","deceptorType":"App","name":"Freemake Video Downloader","company":"Mixbyte Inc.","version":"4.1.13.20","lastKnownStatus":"4.1.13.20","lastKnownDate":"220921","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-09-21T17:56:59.9307498+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1275},{"violations":{"ACR-042":"The app installs a Trusted Root Certificate without obtaining the consumer's permission through explicit user action during installation.\n","ACR-043":"1. The app does not provide information during the installation regarding the self-signed Trusted Root Certificate that is installed.\n2. Third-party 'TOR' components are installed without any disclosure. \n","ACR-048":"The app does not provide any control to cancel the installation process.\nThe app does not provide any control to exit the app completely within the app's settings. When the app is closed it hides in the system tray.\n","ACR-007":"The app does not obtain user explicit consent during installation to reduce the consumer's security posture caused by installing the self signed trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. It runs silently in the background without notifying the user that it is active.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly during the installation process, what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AdFender\\AdFender.exe","companyName":"AdFender Inc.","productName":"AdFender","productVersion":"2.60","fileVersion":"2.6.0.0","hashMD5":"84760800086562066f1c04b9a7150b1f","hashSHA1":"c92d94632eb2445231e7a752f0f16b68e06b6e32","hashSHA256":"919cf99c4cd8ca6fd562c3eca2144f8735bf18f3dcc487c8b630efae26cd706f","digitalCertThumbprint":"D86831BC795BE6F35A6B7E6CD9FFD5A26CB66735","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AdFender Inc","storeId":"","sourceIndex":"1415","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AdFender\\AFHook.exe","companyName":"AdFender Inc.","productName":"AdFender","productVersion":"2.60","fileVersion":"2.6.0.0","hashMD5":"299e42e5a785c2711db4acc148ab8f93","hashSHA1":"3bad085956f66ecdac4ec28b673e2939ae148333","hashSHA256":"270a80c70ec7018d2d206b20f29206fbe39f87081285d0cce51873ab01f1efbd","digitalCertThumbprint":"D86831BC795BE6F35A6B7E6CD9FFD5A26CB66735","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AdFender Inc","storeId":"","sourceIndex":"1415","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"adfender-2.60-setup.exe","isInstaller":"True","companyName":"AdFender Inc.","productName":"AdFender","productVersion":"","fileVersion":"2.6.0.0","hashMD5":"72b71a91e9cbd9519e9e67cfd960c32c","hashSHA1":"dfc3974af550371aaa71651cebe223e53625e8ad","hashSHA256":"ee9db2cca9a7b6e66387f365874f0fa79172c2a7edbf1d7d37979a4f09026c0e","digitalCertThumbprint":"D86831BC795BE6F35A6B7E6CD9FFD5A26CB66735","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"AdFender Inc","storeId":"","sourceIndex":"1415","avBlockList":["360 Total Security (20221006)","Avira Internet Security (20221006)","Kaspersky Internet Security (20221006)","McAfee Total Protection (20221006)","Norton Security (20221006)","Sophos Home Premium (20221006)","SpyHunter5 (20221006)","Total AV Antivirus Pro (20221006)","VirIT eXplorer PRO (20221006)","Webroot SecureAnywhere (20221006)"],"avAllowList":["Avast Premium Security (20221006)","AVG Internet Security (20221006)","Bitdefender Internet Security (20221006)","COMODO Antivirus (20221006)","Dr.Web Security Space (20221006)","ESET Internet Security (20221006)","G DATA INTERNET SECURITY (20221006)","K7 Total Security (20221006)","Malwarebytes Premium (20221006)","Panda Dome (20221006)","Quick Heal Internet Security (20221006)","Trend Micro Internet Security (20221006)","VIPRE Advanced Security (20221006)","Windows Defender (20221006)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://adfender.com/index.html","directDownloadingLink":"https://download.adfender.com/current/adfender/adfender-2.60-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.adfender.com/current/adfender/adfender-2.60-setup.exe","sourceIndex":"1415"}],"sampleFiles":["220921/AdFender-220915/2.6.0.0/Samples/adfender-2.60-setup.exe"],"imageFiles":["220921/AdFender-220915/2.6.0.0/Images/ACR-043/ACR-043 (1).JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-043/ACR-043 (2).JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-043/ACR-043_1.JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-042/ACR-042 (1).JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-042/ACR-042 (2).JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-048/ACR-048_Install_1.JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-007/ACR-007 (1).JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-007/ACR-007 (2).JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-084/ACR-084.JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-048/ACR-048_1.JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-048/ACR-048_2.JPG"],"nonDeceptorImageFiles":["220921/AdFender-220915/2.6.0.0/Images/ACR-045/ACR-045 (1).JPG","220921/AdFender-220915/2.6.0.0/Images/ACR-045/ACR-045 (2).JPG"],"guid":"4b655a6a-7016-45fc-97b1-9203c919af08_2.6.0.0_1","appID":"AdFender-220915","dateAdded":"220921","deceptorType":"App","name":"AdFender","company":"AdFender Inc.","version":"2.6.0.0","lastKnownStatus":"2.6.0.0","lastKnownDate":"220921","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-21T20:53:23.4022035+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1276},{"violations":{"ACR-048":"The app requiring a passcode and hiding its presence, can make targeted consumer unable to close, delete or disable the app. The app also cannot be viewed on the launchpad, limiting the users ability to uninstall the file easily.\n","ACR-007":"The app does not inform the targeted user that they are being monitored, lowering their security and safety posture. App also has the ability to launch at startup, and remain hidden, making targeted user completely unaware and lowering their security posture\n","ACR-084":"The App has an option to hide itself from the menu bar & Launch at startup, and also requires a specific hotkey & passcode for the unsuspecting user to open the app. Also the app cannot be found on the mac launchpad, hiding itself as an installed app\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"App is not visible in the mac launchpad, making the user unable to uninstall it using standard methods.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a Library Directory named \"skm\".\n","ACR-002":"The App shows different names as \"Spyrix Keylogger\" and \"skm\" in the running service/apps section. \n"},"samples":[{"isRevoked":"False","fileName":"Spyrix","fileVersion":"0.","hashMD5":"1355129f1338649ac43d22d1592be715","hashSHA1":"c505226d4bae62dfa2ec740134ed8912539a905a","hashSHA256":"b464019b44493a2aab6fd5c137635eba0a6963a96ded3b2015609918413e4e82","sourceIndex":"1417","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Spyrix Keylogger for Mac 12.3.mpkg.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"d41d8cd98f00b204e9800998ecf8427e","hashSHA1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","hashSHA256":"652a15b162a3ff8771e7add24f0878e399916b481d0ba1a28e74d759cc99b2fb","sourceIndex":"1417","avBlockList":["Avast Security for Mac (20230314)","Avira Security for Mac (20230314)","Bitdefender Antivirus for Mac (20230314)","ESET Cyber Security Pro for Mac (20230314)","G DATA AntiVirus for Mac (20230314)","K7 Antivirus for Mac (20230314)","Norton Security for Mac (20230314)","Sophos Home Premium For Mac (20230314)","Trend Micro Antivirus for Mac (20230314)"],"avAllowList":["Kaspersky Internet Security for Mac (20230314)","McAfee Internet Security for Mac (20230214)"]}],"additionalFiles":[],"sources":[{"howFound":"Searching for Keylogger for Mac","reference":"https://www.spyrix.com/keylogger-for-mac.php","landingPage":"https://www.spyrix.com/keylogger-for-mac.php","directDownloadingLink":"https://securespyrix.com/downloads/sk_mac.mpkg.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://securespyrix.com/downloads/sk_mac.mpkg.zip","sourceIndex":"1417"}],"sampleFiles":["220921/SpyrixKeylogger-200421/12.3/Samples/Spyrix","220921/SpyrixKeylogger-200421/12.3/Samples/Spyrix Keylogger for Mac 12.3.mpkg.zip"],"imageFiles":["220921/SpyrixKeylogger-200421/12.3/Images/ACR-084/USE_OpeningApp.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-084/INS_HiddenApp.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-084/USE_Preferences7.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-086/USE_MainWindow.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-086/USE_OpeningApp.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-086/USE_Setup5.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-048/INS_HiddenApp.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-048/USE_OpeningApp.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-048/USE_RunningProcess.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-048/INS_HiddenApps2.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-007/USE_OpeningApp.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-007/USE_RunningProcess.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-007/USE_Preferences7.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-116/INS_HiddenApp.png"],"nonDeceptorImageFiles":["220921/SpyrixKeylogger-200421/12.3/Images/ACR-040/INS_AppLocation.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-002/USE_AppAbout.png","220921/SpyrixKeylogger-200421/12.3/Images/ACR-002/USE_RunningProcess.png"],"guid":"ce2b192b-4a4b-44b6-b744-9af285f927c8_12.3_1","appID":"SpyrixKeylogger-200421","dateAdded":"220921","deceptorType":"MacOS App","name":"Spyrix Keylogger","company":"Spyrix Software","version":"12.3","lastKnownStatus":"10.3;10.6;12.3","lastKnownDate":"220921","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2022-09-21T18:56:07.2573301+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1270},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite the declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":" The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Guitar and Bass\\GAB.exe","companyName":"","productName":"Guitar and Bass","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"df39d9fb8722cee73a3e8f79d26f9015","hashSHA1":"61eebf63c9f99db9c770ea24d485a9618a641e95","hashSHA256":"7ccf49fb4567f9abc30db884a829cd45fa3fbf85cd43d382d92c6b451e3f08b4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"673","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"guitar-and-bass-setup.exe","isInstaller":"True","companyName":"G.F. Software                                               ","productName":"Guitar and Bass                                             ","productVersion":"1.3                                               ","fileVersion":"1.3                 ","hashMD5":"e656e875277260cab725e884b05e9a71","hashSHA1":"4964700b15422d1ec7c55cd9a7e588a85284496b","hashSHA256":"13198ecf1c133b5d850951e17dda5e520d076f92062c121cddcc524352001dba","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"673","avBlockList":["360 Total Security (20220922)","Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Bitdefender Internet Security (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Quick Heal Internet Security (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","VIPRE Advanced Security (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["COMODO Antivirus (20220922)","Dr.Web Security Space (20220922)","K7 Total Security (20220922)","Trend Micro Internet Security (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge search in virustotal","reference":"","landingPage":"https://www.gfsoftware.com/desktop/guitar-and-bass","directDownloadingLink":"https://www.gfsoftware.com/downloads/guitar-and-bass-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gfsoftware.com/downloads/guitar-and-bass-setup.exe","sourceIndex":"673"}],"sampleFiles":["220915/GuitarAndBass-220915/1.3/Samples/guitar-and-bass-setup.exe"],"imageFiles":["220915/GuitarAndBass-220915/1.3/Images/ACR-109/ACR-109.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-039/ACR-039.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-048/ACR-048.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-010/ACR-010.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-118/ACR-118.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-057/ACR-057.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-059/ACR-059.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-071/ACR-071.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220915/GuitarAndBass-220915/1.3/Images/ACR-065/ACR-065.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-106/ACR-106.JPG","220915/GuitarAndBass-220915/1.3/Images/ACR-092/ACR-092.JPG"],"guid":"70e85aea-35e7-4750-b571-4c10826989d9_1.3_1","appID":"GuitarAndBass-220915","dateAdded":"220915","deceptorType":"App","name":"Guitar and Bass","company":"G.F.Softwares","version":"1.3","lastKnownStatus":"1.3","lastKnownDate":"220915","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-03-27T18:34:45.9727312+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1279},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite the declining of the RelevantKnowledge app, it is still downloaded the RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The application installer & its main executable file does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Little Piano\\Little Piano.exe","companyName":"","productName":"MiniPiano","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"04cfad81d4976995ca0d3e96f8d52d02","hashSHA1":"fb5f1f18258f9a67a95052be7b86841cd786f043","hashSHA256":"9c5317572f4e09d219d84c9a4afc2999d2534f61430d1933fe325ffc11f5999a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"671","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"little-piano-setup.exe","isInstaller":"True","companyName":"G.F. Software                                               ","productName":"Little Piano                                                ","productVersion":"1.3                                               ","fileVersion":"1.0                 ","hashMD5":"b6ccc13905cd2026dcac312924e0ccbc","hashSHA1":"03038882ddf17579011d384ad1046e5f5c970aa6","hashSHA256":"4cec8e9fdc94a4d9d0be454bb865c9eaeca3a539f6936016eea08fefcfaf2e0d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"671","avBlockList":["Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Bitdefender Internet Security (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","K7 Total Security (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","VIPRE Advanced Security (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["360 Total Security (20220922)","COMODO Antivirus (20220922)","Dr.Web Security Space (20220922)","Quick Heal Internet Security (20220922)","Trend Micro Internet Security (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant knowledge search in virus total","reference":"","landingPage":"https://www.gfsoftware.com/desktop/little-piano","directDownloadingLink":"https://www.gfsoftware.com/downloads/little-piano-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gfsoftware.com/downloads/little-piano-setup.exe","sourceIndex":"671"}],"sampleFiles":["220915/Littlepiano-220915/1.3/Samples/little-piano-setup.exe"],"imageFiles":["220915/Littlepiano-220915/1.3/Images/ACR-109/ACR-109.JPG","220915/Littlepiano-220915/1.3/Images/ACR-039/ACR-039.JPG","220915/Littlepiano-220915/1.3/Images/ACR-048/ACR-048.JPG","220915/Littlepiano-220915/1.3/Images/ACR-010/ACR-010.JPG","220915/Littlepiano-220915/1.3/Images/ACR-118/ACR-118.JPG","220915/Littlepiano-220915/1.3/Images/ACR-057/ACR-057.JPG","220915/Littlepiano-220915/1.3/Images/ACR-059/ACR-059.JPG","220915/Littlepiano-220915/1.3/Images/ACR-071/ACR-071.JPG","220915/Littlepiano-220915/1.3/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220915/Littlepiano-220915/1.3/Images/ACR-065/ACR-065.JPG","220915/Littlepiano-220915/1.3/Images/ACR-106/ACR-106.JPG","220915/Littlepiano-220915/1.3/Images/ACR-092/ACR-092.JPG"],"guid":"922e8cc5-91b4-45fd-a4b5-4ed758678def_1.3_1","appID":"Littlepiano-220915","dateAdded":"220915","deceptorType":"App","name":"Little piano","company":"G.F.Software","version":"1.3","lastKnownStatus":"1.3","lastKnownDate":"220915","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-03-27T18:36:19.2316091+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1278},{"violations":{"ACR-043":"Additional applications are installed and run without disclosing.\n","ACR-048":" 1. The app does not provide a clear option to cancel/exit the subscription window. \n 2. The Windows Taskbar gets locked after installation without user interaction and even if initially unchecked in the app.\n 3. The app creates startup entries without the user's knowledge and consent. Startup entries are not disabled even after a restart despite setting it to not start on Windows Startup.\n","ACR-008":"Free trial demo in the software is not clearly displayed. It initially provides the buying options and a countdown before it displays \"Click here to Continue\", trying to conceal the Free trial option.\n","ACR-084":"The app creates startup entries without the user's knowledge and consent. Startup entries are not disabled even after a restart despite setting it to not start on Windows Startup.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not obtain the user's consent to download and install the other application. The other downloaded app is launched immediately without user interaction after installation along with the main app.\n\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"pcxl.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"86876c35341acfb5ed3b65aa0706e9cd","hashSHA1":"6d85fbabb5bd9aa0f24697a52e8ff8041758df47","hashSHA256":"a4f13c1a1cee60530e551a0e4c19ccd76c7f06049be1c86193efffe6a055be1d","sourceIndex":"1422","avBlockList":["Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Dr.Web Security Space (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["360 Total Security (20220922)","Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","K7 Total Security (20220922)","Quick Heal Internet Security (20220922)","Trend Micro Internet Security (20220922)","VIPRE Advanced Security (20220922)"]},{"isRevoked":"False","fileName":"deskxl.exe","companyName":"DefendGate Inc.","fileVersion":"2.1","hashMD5":"f053f59d0c6f40d0e19e3cdce0f0fdc8","hashSHA1":"3dd52205c2341c148427dd3004a8cef5ef049892","hashSHA256":"7eb15af948a9e1b68e51855affcc7e727c645e17e73d2ecd2c5956af23f3be9c","sourceIndex":"1422","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcaccel.exe","companyName":"DefendGate Inc.","fileVersion":"1.5","hashMD5":"21ed1d5bbef4b47860250f295fd92ae9","hashSHA1":"31e90549609fef1728e5559b26a45090bcab1e6e","hashSHA256":"29082a7cb69bf40e57c1daa34090862ab6dc60b5e0a99a51f65abd79abdde871","sourceIndex":"1422","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcperf.exe","companyName":"DefendGate Inc.","fileVersion":"3.9","hashMD5":"f1a1de351bbd0814b429ffcf62ccbd79","hashSHA1":"e2aca9daa5effe51c183aa8e59d9461dcfa32450","hashSHA256":"bd146e45f7348b25b99248a66980feb5bb80b2c1cba05109ab686cfb9100c30b","sourceIndex":"1422","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: optimizers","reference":"","landingPage":"https://www.majorgeeks.com/files/details/pc_accelerator_2008.html","directDownloadingLink":"https://www.majorgeeks.com/mg/getmirror/pc_accelerator_2008,1.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.majorgeeks.com/mg/getmirror/pc_accelerator_2008,1.html","sourceIndex":"1422"}],"sampleFiles":["220915/PCAccelerator-220913/1.05.0148/Samples/pcxl.exe","220915/PCAccelerator-220913/1.05.0148/Samples/deskxl.exe","220915/PCAccelerator-220913/1.05.0148/Samples/pcaccel.exe","220915/PCAccelerator-220913/1.05.0148/Samples/pcperf.exe"],"imageFiles":["220915/PCAccelerator-220913/1.05.0148/Images/ACR-043/ACR-044_Running_apps.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-043/ACR-044_DesktopAccelerator.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-043/ACR-044_3_App_shortcuts.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-008/ACR-008_048_BuyOptions_NoExit.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-084/ACR-084_DesktAc_Startup_Unchecked.png","220915/PCAccelerator-220913/1.05.0148/Images/ACR-084/ACR-084_PCtAc_Startup_Unchecked.png","220915/PCAccelerator-220913/1.05.0148/Images/ACR-048/ACR-008_048_BuyOptions_NoExit.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-048/ACR-048_NoExit.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-048/ACR-048_LockedTaskbar.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-048/ACR-084_DesktAc_Startup_Unchecked.png","220915/PCAccelerator-220913/1.05.0148/Images/ACR-048/ACR-084_PCtAc_Startup_Unchecked.png"],"nonDeceptorImageFiles":["220915/PCAccelerator-220913/1.05.0148/Images/ACR-044/ACR_044_Software.mp4","220915/PCAccelerator-220913/1.05.0148/Images/ACR-044/ACR-044_3_App_shortcuts.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-044/ACR-044_DesktopAccelerator.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-044/ACR-044_Running_apps.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-065/ACR-065_Install.jpg","220915/PCAccelerator-220913/1.05.0148/Images/ACR-065/ACR-065_Software.jpg"],"guid":"ac34bf33-c8c3-49a5-bb10-9ea2adef1644_1.05.0148_1","appID":"PCAccelerator-220913","dateAdded":"220915","deceptorType":"App","name":"PC Accelerator","company":"DefendGate, Inc.","version":"1.05.0148","lastKnownStatus":"1.05.0148","lastKnownDate":"220915","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-09-15T20:13:35.5197688+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1277},{"violations":{"ACR-048":"The app is not able to be deleted from the Control Panel\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app cannot be uninstalled through Control Panel.\n","ACR-118":"After uninstalling from the app settings, \"webcheckhk.dll\" file remains on your computer. \n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"WebCheckPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"10.3","hashMD5":"150bbf46803db2fb26d63d3b02adaf64","hashSHA1":"9130f3f74d010a56360203aa32b59713412388d3","hashSHA256":"7cdcbe4a1b7509df51162ba92496e2d40c35bf721cf1bec96ca03c2d4bd1eb2f","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"2388","avBlockList":["360 Total Security (20200930)","Avast Premium Security (20200930)","AVG Internet Security (20200930)","Avira Internet Security (20200930)","Bitdefender Internet Security (20200930)","COMODO Antivirus (20200930)","Dr.Web Security Space (20200930)","ESET Internet Security (20200930)","G DATA INTERNET SECURITY (20200930)","K7 Total Security (20200930)","Kaspersky Internet Security (20200930)","Malwarebytes Premium (20200930)","McAfee Total Protection (20200930)","Norton Security (20200930)","Panda Dome (20200930)","Quick Heal Internet Security (20200930)","Sophos Home Premium (20200930)","SpyHunter5 (20200930)","Tencent PC Manager (20200930)","Total AV Antivirus Pro (20200930)","VIPRE Advanced Security (20200930)","VirIT eXplorer PRO (20200930)","Webroot SecureAnywhere (20200930)","Windows Defender (20200930)"],"avAllowList":["Trend Micro Internet Security (20200930)"]},{"isRevoked":"False","fileName":"webcheck.exe","companyName":"HeavenWard","fileVersion":"10.3","hashMD5":"22a95ce34888f08771a7bb2d9f91c223","hashSHA1":"fb503eb7ea6269c7700484afec300fb9c4fac192","hashSHA256":"63cafd4226a753e6b67e349a9907fc5569d5f02b2af4eef5c3ed5aa6cd37f70e","sourceIndex":"2388","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"webcheckui.exe","companyName":"HeavenWard","fileVersion":"10.3","hashMD5":"9232903ebbd4879d199958fe0b212595","hashSHA1":"a0da45a9ba84c35ff4812588494fe59dceeb38fb","hashSHA256":"5e5c8938cbd6b8aebec58f4887a73cb1567065b5af8eae47c095487a807c87bb","sourceIndex":"2388","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"191207","landingPage":"https://www.hwsuite.com/webcheck-parental-monitor.php","directDownloadingLink":"https://files.hw-2019.info/WebCheckPackage.exe?token=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/WebCheckPackage.exe?token=","sourceIndex":"2388"}],"sampleFiles":["200709/WebCheckParentalMonitor-191216/10.3.1.2/Samples/WebCheckPackage.exe","200709/WebCheckParentalMonitor-191216/10.3.1.2/Samples/webcheck.exe","200709/WebCheckParentalMonitor-191216/10.3.1.2/Samples/webcheckui.exe"],"imageFiles":["200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-048/114-WebCheckParentalMonitor.PNG","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-007/084-WebCheckParentalMonitor.PNG","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-084/084-WebCheckParentalMonitor.PNG","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-084/040-WebCheckParentalMonitor2.PNG","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-086/084-WebCheckParentalMonitor.PNG","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-116/114-WebCheckParentalMonitor.PNG","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-118/118-WebCheckParentalMonitorGIF.gif","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-118/118-WebCheckParentalMonitor.PNG"],"nonDeceptorImageFiles":["200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-040/040-WebCheckParentalMonitor2.PNG","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-099/Webcheck Parental Monitor Landing Page.png","200709/WebCheckParentalMonitor-191216/10.3.1.2/Images/ACR-099/099-WebCheckParentalMonitor.PNG"],"guid":"19cd53af-7078-49c6-ac99-7ced0039b287_10.3.1.2_1","appID":"WebCheckParentalMonitor-191216","dateAdded":"220913","deceptorType":"App","name":"WebCheck Parental Monitor","company":"HeavenWard","version":"10.3.1.2","sigName":"Deceptor:Win32/WebCheckParentalMonitorStalkerware!048007084086116118","lastKnownStatus":"Deceptor:10.2.0.0;10.3.1.2;10.3.2.14;10.3.2.15","lastKnownDate":"220913","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-09-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1282},{"violations":{"ACR-103":"The app suggests cleaning up the system cache. It displays the cache count of each installed app in KB's and Bytes (dummy cache), which has a vast difference from the actual cache data for all the installed apps.  When the user clicks “CLEAN (444.01 MB), the app says “Optimized” but, when viewed in app settings it displays cache data, thus unable to verify its value proposition as it displays random data of junk/cache. \n\n","ACR-014":"The app suggests cleaning up the system cache. It displays the cache count of each installed app in KB's and Bytes (dummy cache), which has a vast difference from the actual cache data for all the installed apps.  When the user clicks “CLEAN (444.01 MB), the app says “Optimized” but, when viewed in app settings it displays cache data, thus misleading the user by displaying random data of junk/cache.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.ace.cleaner.master.booster.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"9aecb1db25ec9261077f75c9f3143e1a","hashSHA1":"ec67ba00bc6523cbe3f819c6e4c4a726fb69e4bf","hashSHA256":"f693b659ab406bfebbc527bdedaadc07fd82b0fd9c21f3171f26b7c11f6eabf0","sourceIndex":"1424","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.ace.cleaner.master.booster&hl=en_IN&gl=US","ipv4":"","ipv6":"","sourceIndex":"1424"}],"sampleFiles":["220913/acecleanerphonebooster-220907/1.7.0/Samples/com.ace.cleaner.master.booster.apk"],"imageFiles":["220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-103/ACR-103_Software.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-103/ACR-103_Software_1.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-103/ACR-103_Software_2.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-103/ACR-103_Software_3.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-103/ACR-103_Software_4.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-014/ACR-014_Software.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-014/ACR-014_Software_1.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-014/ACR-014_Software_2.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-014/ACR-014_Software_3.png","220913/acecleanerphonebooster-220907/1.7.0/Images/ACR-014/ACR-014_Software_4.png"],"nonDeceptorImageFiles":[],"guid":"08d33b8a-2335-4b4a-9da8-8864622cc570_1.7.0_1","appID":"acecleanerphonebooster-220907","dateAdded":"220913","deceptorType":"Android App","name":"Ace Cleaner Phone Booster","company":"applianceper","version":"1.7.0","sigName":"Deceptor:Android/AceCleanerPhoneBooster!103014","lastKnownDate":"220913","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-13T19:49:13.4882195+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1287},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Disk Tuner","fileVersion":"0.","hashMD5":"7950c007fa7609c959f1a96483033dbe","hashSHA1":"cbb48ff990ef3b4c7525b566fa2f0a1f25cd9541","hashSHA256":"c7a7cea89ed378e8db613e8cc263b8777f15f9743d3434d63b153a2fbdd4c7bb","sourceIndex":"2010","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskTuner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"f31a4d0c643fd38a0e520ec0fb2dd6e4","hashSHA1":"4b8856f0f67f9220c29f64914b235fb7931ae98c","hashSHA256":"acde2979ff7bff5bbacd57a4bcb788caf20e7d6c29c5e18ceea8500cba40202e","sourceIndex":"2010","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","Bitdefender Antivirus for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["K7 Antivirus for Mac (20210511)","Kaspersky Internet Security for Mac (20210511)","McAfee Internet Security for Mac (20210511)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://maxsecureantivirus.com/index.htm","landingPage":"https://maxsecureantivirus.com/mac-tuner.htm","directDownloadingLink":"https://www.maxsecuremac.com/DiskTuner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.maxsecuremac.com/DiskTuner.pkg","sourceIndex":"2010"}],"sampleFiles":["210106/MaxDiskTunerMac-200106/1.0.4/Samples/Disk Tuner","210106/MaxDiskTunerMac-200106/1.0.4/Samples/DiskTuner.pkg"],"imageFiles":["210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-004/DiskTuner_Interactions [1].png","210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-004/DiskTuner_Interactions [2].png","210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-004/DiskTuner_Interactions [3].png"],"nonDeceptorImageFiles":["210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-065/DiskTuner_Install [1].png","210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-065/DiskTuner_Install [2].png","210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-065/DiskTuner_Install [3].png","210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-065/DiskTuner_About [1].png","210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-099/DiskTuner_About [1].png","210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-161/DiskTuner_LandingPage [2] Testimonials.png","210106/MaxDiskTunerMac-200106/1.0.4/Images/ACR-161/DiskTuner_LandingPage [3] Testimonials.png"],"guid":"84aa177d-e1a3-4b9e-9f36-a79d6fccdac5_1.0.4_1","appID":"MaxDiskTunerMac-200106","dateAdded":"220913","deceptorType":"MacOS App","name":"Max Disk Tuner- Mac","company":"Max Secure Software","version":"1.0.4","sigName":"Deceptor:MacOS/MaxDiskTunerMac!004","lastKnownStatus":"1.0.4;2.9","lastKnownDate":"220913","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-09-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1286},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n","ACR-103":"The \"Buy now\" button in the software returns an error page.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"disktuner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d04876dc6617ec8f9d1e5986a5f57868","hashSHA1":"d0d9ba2c362e3b242e71d2fe89f5b7a0a8984c9f","hashSHA256":"4d703da50a8a6f234885636c43a3be0c0b4a509740be2c083a3c73d4f3d24603","sourceIndex":"1427","avBlockList":["Avast Security for Mac (20230214)","Avira Security for Mac (20230214)","Bitdefender Antivirus for Mac (20230214)","ESET Cyber Security Pro for Mac (20230214)","G DATA AntiVirus for Mac (20230214)","McAfee Internet Security for Mac (20230214)","Norton Security for Mac (20230214)","Sophos Home Premium For Mac (20230214)","Trend Micro Antivirus for Mac (20230214)"],"avAllowList":["K7 Antivirus for Mac (20230214)","Kaspersky Internet Security for Mac (20230214)"]},{"isRevoked":"False","fileName":"Disk Tuner","fileVersion":"0.","hashMD5":"ef88e166ad35d8ca5de67861b890a698","hashSHA1":"7108c852b366d5436d562cf2ca6f9de9f3b4719b","hashSHA256":"ea9a8f540582f86170efce393300b00d4f2ce6b024d766724612b5045efc0624","sourceIndex":"1427","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://maxsecureantivirus.com/index.htm","landingPage":"https://maxsecureantivirus.com/mac-tuner.htm","directDownloadingLink":"https://www.maxsecuremac.com/DiskTuner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.maxsecuremac.com/DiskTuner.pkg","sourceIndex":"1427"}],"sampleFiles":["220913/MaxDiskTunerMac-200106/2.9/Samples/disktuner.dmg","220913/MaxDiskTunerMac-200106/2.9/Samples/Disk Tuner"],"imageFiles":["220913/MaxDiskTunerMac-200106/2.9/Images/ACR-004/ACR-004.JPG","220913/MaxDiskTunerMac-200106/2.9/Images/ACR-004/ACR-004_1.JPG","220913/MaxDiskTunerMac-200106/2.9/Images/ACR-004/ACR-004_2.png","220913/MaxDiskTunerMac-200106/2.9/Images/ACR-103/ACR-103_1.JPG","220913/MaxDiskTunerMac-200106/2.9/Images/ACR-103/ACR-103_2.JPG"],"nonDeceptorImageFiles":["220913/MaxDiskTunerMac-200106/2.9/Images/ACR-065/ACR-065_Software.JPG","220913/MaxDiskTunerMac-200106/2.9/Images/ACR-099/ACR-099.JPG","220913/MaxDiskTunerMac-200106/2.9/Images/ACR-099/ACR-099_landingpage.jpeg"],"guid":"84aa177d-e1a3-4b9e-9f36-a79d6fccdac5_2.9_1","appID":"MaxDiskTunerMac-200106","dateAdded":"220913","deceptorType":"MacOS App","name":"Max Disk Tuner- Mac","company":"Max Secure Software","version":"2.9","lastKnownStatus":"1.0.4;2.9","lastKnownDate":"220913","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-09-13T19:27:46.7210576+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1285},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “Clean Now” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus unable to verify the app's value proposition.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “Clean Now” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"phone.clean.master.cleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"b1d6483ac880571e1255cfa0592c117e","hashSHA1":"029bb1a08a1dd3c94c084fc90ae3feccbd27b2dd","hashSHA256":"90177ba777819ed96bdf4ce22c3178363ae8894275b580de7b11b9bec155ee35","sourceIndex":"1426","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=phone.clean.master.cleaner","ipv4":"","ipv6":"","sourceIndex":"1426"}],"sampleFiles":["220913/phonecleanergo-220910/2.9/Samples/phone.clean.master.cleaner.apk"],"imageFiles":["220913/phonecleanergo-220910/2.9/Images/ACR-103/ACR-103_Software.png","220913/phonecleanergo-220910/2.9/Images/ACR-103/ACR-103_Software_1.png","220913/phonecleanergo-220910/2.9/Images/ACR-103/ACR-103_Software_2.png","220913/phonecleanergo-220910/2.9/Images/ACR-103/ACR-103_Software_3.png","220913/phonecleanergo-220910/2.9/Images/ACR-103/ACR-103_Software_4.png","220913/phonecleanergo-220910/2.9/Images/ACR-103/ACR-103_Software_5.png","220913/phonecleanergo-220910/2.9/Images/ACR-014/ACR-014_Software.png","220913/phonecleanergo-220910/2.9/Images/ACR-014/ACR-014_Software_1.png","220913/phonecleanergo-220910/2.9/Images/ACR-014/ACR-014_Software_2.png","220913/phonecleanergo-220910/2.9/Images/ACR-014/ACR-014_Software_3.png","220913/phonecleanergo-220910/2.9/Images/ACR-014/ACR-014_Software_4.png","220913/phonecleanergo-220910/2.9/Images/ACR-014/ACR-014_Software_5.png"],"nonDeceptorImageFiles":[],"guid":"c15f01c5-cc22-4121-94c6-a1f8248e669a_2.9_1","appID":"phonecleanergo-220910","dateAdded":"220913","deceptorType":"Android App","name":"Phone Cleaner Go","company":"Appyhigh","version":"2.9","sigName":"Deceptor:Android/PhoneCleanerGo!103014","lastKnownStatus":"2.9","lastKnownDate":"220913","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-13T19:41:16.6802331+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1284},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app\n2. The app does not provide any control to disable the startup it created\n","ACR-007":"1. The app enables the consumer to hide it from the system tray, the desktop, and the installed apps list, which prevents the targeted consumer from being aware of the app's presence\n2. The app does not display an explicit notification when it is running and requires a hotkey to open it\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a hotkey to hide its presence and is located in a hidden folder. \n2. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer.\n3. The app creates a startup entry without the consumer's knowledge and consent\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to and how it collects data and also it uses a hotkey to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-118":"After uninstalling from the app settings, it retains \"webcheckhk.dll\" file.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself hidden under the \"Program Data\" folder\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\HeavenWard\\WebCheck\\webcheckui.exe","companyName":"HeavenWard","productName":"WebCheck Parental Monitor","productVersion":"10.3.2.14","fileVersion":"10.3.2.14","hashMD5":"742f5e54a4afaa659cdfe88c8e047c5e","hashSHA1":"0153d350d8c085f6a0ca7f5170c5856351cfbe71","hashSHA256":"f2e2283c4102e4928949a67235f1a6b23cb7606364f14eb20f5b1e4d9a6c53f9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1741","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WebCheckPackage.exe","isInstaller":"True","companyName":"HeavenWard","productName":"WebCheck Parental Monitor","productVersion":"","fileVersion":"10.3.2.14","hashMD5":"f345a5cf0c540e74e525ae477c27e17e","hashSHA1":"b198e0e6ceb98e4149167ddd0d0822ac8c03ba8f","hashSHA256":"02419c1adfc44418bfd1f325e983ef4c1aa84a46f9077c59249409fdfba3863a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1741","avBlockList":["360 Total Security (20220113)","Avast Premium Security (20220113)","AVG Internet Security (20220113)","Avira Internet Security (20220113)","Bitdefender Internet Security (20220113)","COMODO Antivirus (20220113)","ESET Internet Security (20220113)","G DATA INTERNET SECURITY (20220113)","K7 Total Security (20220113)","Kaspersky Internet Security (20220113)","Malwarebytes Premium (20220113)","McAfee Total Protection (20220113)","Norton Security (20220113)","Panda Dome (20220113)","Quick Heal Internet Security (20220113)","Sophos Home Premium (20220113)","SpyHunter5 (20220113)","Tencent PC Manager (20220113)","Total AV Antivirus Pro (20220113)","Trend Micro Internet Security (20220113)","VIPRE Advanced Security (20220113)","VirIT eXplorer PRO (20220113)","Webroot SecureAnywhere (20220113)","Windows Defender (20220113)"],"avAllowList":["Dr.Web Security Space (20220113)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Keylogger","reference":"","landingPage":"https://www.hwsuite.com/webcheck-parental-monitor.php","directDownloadingLink":"https://hwsuite.online/WebCheckPackage.exe?token=1640776514_531c1b7cd58d34f17ec2ad0885c661eaa60f43d5&fileName=WebCheckPackage.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite.online/WebCheckPackage.exe?token=1640776514_531c1b7cd58d34f17ec2ad0885c661eaa60f43d5&fileName=WebCheckPackage.exe","sourceIndex":"1741"}],"sampleFiles":["211229/WebCheckParentalMonitor-191216/10.3.2.14/Samples/WebCheckPackageInstaller.exe"],"imageFiles":["211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-048/ACR-048_Software_No_Control.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-048/ACR-048_Software_No_Control_3.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-007/ACR-007_Software.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-007/ACR-007_Software_1.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-007/ACR-007_Software_2.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-084/ACR-084_Software.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-084/ACR-084_Software_Hidden_1.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-084/ACR-084_Software_Process_2.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-084/ACR-084_Software_Startup_3.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-086/ACR-086_Software.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-116/ACR-116_Uninstall.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-118/ACR-118_Uninstall_Retains.JPG"],"nonDeceptorImageFiles":["211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-040/ACR-040_Install.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.JPG","211229/WebCheckParentalMonitor-191216/10.3.2.14/Images/ACR-099/ACR-099_InternalOffers_No_UninstallInfo.JPG"],"guid":"19cd53af-7078-49c6-ac99-7ced0039b287_10.3.2.14_1","appID":"WebCheckParentalMonitor-191216","dateAdded":"220913","deceptorType":"App","name":"WebCheck Parental Monitor","company":"HeavenWard","version":"10.3.2.14","lastKnownStatus":"Deceptor:10.2.0.0;10.3.1.2;10.3.2.14;10.3.2.15","lastKnownDate":"220913","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-09-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1281},{"violations":{"ACR-048":"1. The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app\n2. The app does not provide any control to disable the startup it created.\n3. App is not listed in Control Panel limiting the target user's ability to uninstall it using platform standard features\n","ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and control panel. The app uses a hotkey to hide its presence and is located in a hidden folder. \n2. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer.\n3. The app creates a startup entry without the consumer's knowledge and consent \n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to and how it collects data and also it uses a hotkey to hide its presence.\n","ACR-116":" he app enables the consumer to hide it from the targeted consumer by not listing it in the Control Panel, preventing the consumer from uninstalling it using platform standard features. \n","ACR-118":"After uninstalling from the app settings, it retains \"webcheckhk.dll\" file.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself hidden under the \"Program Data\" folder.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"webcheckhk.dll","fileVersion":"0.0","hashMD5":"1b06bbb125c58d4130127034258ad9a5","hashSHA1":"5eb03d7fd79ca768fdb9bea705aad81bfa60dfcd","hashSHA256":"33a16946464b1aae72561b6987271b71e8b2672525e5baa7419465a2cc69af41","sourceIndex":"1425","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WebCheckPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"10.3.2.15","hashMD5":"c2e598b294a4a59c26fcfe3099326454","hashSHA1":"71da1ffce6ebde36d83fd6f9559a29c50f092c5a","hashSHA256":"2ddfb9d990dd2ae1fe87477221a9731adffe8f01fa9fe6441ac42606b2bb62f5","sourceIndex":"1425","avBlockList":["360 Total Security (20230103)","Avast Premium Security (20230103)","AVG Internet Security (20230103)","Avira Internet Security (20230103)","Bitdefender Internet Security (20230103)","COMODO Antivirus (20230103)","ESET Internet Security (20230103)","G DATA INTERNET SECURITY (20230103)","Kaspersky Internet Security (20230103)","Malwarebytes Premium (20230103)","McAfee Total Protection (20230103)","Norton Security (20230103)","Panda Dome (20230103)","Quick Heal Internet Security (20230103)","Sophos Home Premium (20230103)","SpyHunter5 (20230103)","Total AV Antivirus Pro (20230103)","Trend Micro Internet Security (20230103)","VIPRE Advanced Security (20230103)","VirIT eXplorer PRO (20230103)","Webroot SecureAnywhere (20230103)","Windows Defender (20230103)"],"avAllowList":["Dr.Web Security Space (20230103)","K7 Total Security (20230103)"]},{"isRevoked":"False","fileName":"webcheckui.exe","companyName":"HeavenWard","productName":"WebCheck Parental Monitor","fileVersion":"10.3.2.15","hashMD5":"2b94a3a8438c8965c0df85d21fded866","hashSHA1":"e05c0424a774931283aa13024cd3c24d38685026","hashSHA256":"f2d2e71439badbc02007653fa47ff1ef93278b5cf58c2cc1156422f9f61f5b43","sourceIndex":"1425","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"191207","landingPage":"https://www.hwsuite.com/webcheck-parental-monitor.php","directDownloadingLink":"https://hwsuite.shop/WebCheckPackage.exe?token=1662787881_810b3f489405ed8bdf64cd79bef98dab1c58b58d","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hwsuite.shop/WebCheckPackage.exe?token=1662787881_810b3f489405ed8bdf64cd79bef98dab1c58b58d","sourceIndex":"1425"}],"sampleFiles":["220913/WebCheckParentalMonitor-191216/10.3.2.15/Samples/webcheckhk.dll","220913/WebCheckParentalMonitor-191216/10.3.2.15/Samples/WebCheckPackage.exe","220913/WebCheckParentalMonitor-191216/10.3.2.15/Samples/webcheckui.exe"],"imageFiles":["220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-048/ACR-048_084_Hotkey.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-048/ACR-048_084_Startup_HiddenPorcess.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-048/ACR-048_Not_listed_ControlPanel.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-048/ACR-086_Settings.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-007/ACR-007_048_084_Startup_HiddenPorcess.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-007/ACR-007_048_084_Hotkey.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-084/ACR-084_HiddenPorcess.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-084/ACR-086_Settings.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-084/ACR-007_048_084_Hotkey.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-086/ACR-086_Settings.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-116/ACR-048_116_Not_listed_ControlPanel.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-118/ACR-118_Retained_Component.mp4"],"nonDeceptorImageFiles":["220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-040/ACR-040_HiddenFolder.jpg","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-099/WebCheck_LandingPage.png","220913/WebCheckParentalMonitor-191216/10.3.2.15/Images/ACR-099/WebCheck_OfferPage.png"],"guid":"19cd53af-7078-49c6-ac99-7ced0039b287_10.3.2.15_1","appID":"WebCheckParentalMonitor-191216","dateAdded":"220913","deceptorType":"App","name":"WebCheck Parental Monitor","company":"HeavenWard","version":"10.3.2.15","lastKnownStatus":"Deceptor:10.2.0.0;10.3.1.2;10.3.2.14;10.3.2.15","lastKnownDate":"220913","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-09-13T19:43:01.1899617+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1280},{"violations":{"ACR-007":"The app does not provide explicit notification when it is running. It also requires a hotkey to open it. These prevent the targeted consumer from being notified or giving informed consent.\n","ACR-084":"The app requires a hotkey to open it and is saved in a hidden folder, which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the consumer how it transfers data. It also requires a hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted.\n","ACR-116":"The app cannot be uninstalled through Control Panel.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden folder \"Program Data\".\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"WebCheckPackage.exe","isInstaller":"True","companyName":"HeavenWard","fileVersion":"10.2","hashMD5":"6f55c53d7a985c88dc922ef2eab637f7","hashSHA1":"94917a7ab31b0836eb694cd80258913b80983869","hashSHA256":"a11ca0b74793a03548ff13073abb307ce8287e3258c71fa03b048e51219c2297","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"2585","avBlockList":["360 Total Security (20201006)","Avast Internet Security (20200121)","AVG Internet Security (20201006)","Avira Internet Security (20201006)","Bitdefender Internet Security (20201006)","COMODO Antivirus (20201006)","Dr.Web Security Space (20201006)","ESET Internet Security (20201006)","G DATA INTERNET SECURITY (20201006)","K7 Total Security (20201006)","Kaspersky Internet Security (20201006)","Malwarebytes Premium (20201006)","McAfee Total Protection (20201006)","Norton Security (20201006)","Panda Dome (20201006)","Quick Heal Internet Security (20201006)","Sophos Home Premium (20201006)","Tencent PC Manager (20201006)","VIPRE Advanced Security (20201006)","VirIT eXplorer PRO (20201006)","Webroot SecureAnywhere (20201006)","Windows Defender (20201006)","Avast Premium Security (20201006)","SpyHunter5 (20201006)","Total AV Antivirus Pro (20201006)"],"avAllowList":["Trend Micro Internet Security (20201006)"]},{"isRevoked":"False","fileName":"webcheckui.exe","companyName":"HeavenWard","fileVersion":"10.2","hashMD5":"21d23d391339ba411e42f53de4eb1223","hashSHA1":"778c26ab7653496947939d3ab5d52225ce1ba059","hashSHA256":"62c07604724a58c7728b810e2835032a25903737e31e2e314875d65eddb571ab","sourceIndex":"2585","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"191207","landingPage":"https://www.hwsuite.com/webcheck-parental-monitor.php","directDownloadingLink":"https://files.hw-2019.info/WebCheckPackage.exe?token=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/WebCheckPackage.exe?token=","sourceIndex":"2585"}],"sampleFiles":["191216/WebCheckParentalMonitor-191216/10.2.0.0/Samples/WebCheckPackage.exe","191216/WebCheckParentalMonitor-191216/10.2.0.0/Samples/webcheckui.exe"],"imageFiles":["191216/WebCheckParentalMonitor-191216/10.2.0.0/Images/ACR-007/Webcheck Parental Monitoring Hotkey.png","191216/WebCheckParentalMonitor-191216/10.2.0.0/Images/ACR-084/Webcheck Parental Monitoring Hotkey.png","191216/WebCheckParentalMonitor-191216/10.2.0.0/Images/ACR-084/Webcheck Parental Monitoring FIle Location.png","191216/WebCheckParentalMonitor-191216/10.2.0.0/Images/ACR-086/Webcheck Parental Monitoring Hotkey.png","191216/WebCheckParentalMonitor-191216/10.2.0.0/Images/ACR-116/Webcheck Parental Monitor Uninstall.png"],"nonDeceptorImageFiles":["191216/WebCheckParentalMonitor-191216/10.2.0.0/Images/ACR-040/Webcheck Parental Monitoring FIle Location.png","191216/WebCheckParentalMonitor-191216/10.2.0.0/Images/ACR-099/Webcheck Parental Monitor Landing Page.png","191216/WebCheckParentalMonitor-191216/10.2.0.0/Images/ACR-099/Webcheck Parental Monitor Internal Offers.png"],"guid":"19cd53af-7078-49c6-ac99-7ced0039b287_10.2.0.0_1","appID":"WebCheckParentalMonitor-191216","dateAdded":"220913","deceptorType":"App","name":"WebCheck Parental Monitor","company":"HeavenWard","version":"10.2.0.0","sigName":"Deceptor:Win32/WebCheckParentalStalkerWare!007084086116","lastKnownStatus":"Deceptor:10.2.0.0;10.3.1.2;10.3.2.14;10.3.2.15","lastKnownDate":"220913","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-09-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1283},{"violations":{"ACR-003":"The app lists registry issues as \"errors/problems\". This misleads consumers.\n","ACR-084":"App has no setting control for user to disable the created startup item.\n","ACR-014":"After \"Fix All Errors\" is done, the app displays \"Cleaning Completed!\", and the no. of scanned entries and fixed are equal. However, after rescan and attempting to do a refix, same remaining issues are still present which is confusing and misleading. \n"},"nonDeceptorViolations":{"ACR-065":"The App's about page does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-167":"The application only offers a 14-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"lavasoft-registry-tuner-1.0.exe","isInstaller":"True","companyName":"Lavasoft                                                    ","fileVersion":"0.0","hashMD5":"d65244c34cce123120b39dedea3dfca3","hashSHA1":"8f8e9a5eb39e85d351b3925953bbd898cfb4b92b","hashSHA256":"928b98881e4d41e3fb451b8bef7ef1889e1db664e39030777ab8d82f4627c40b","digitalCertThumbprint":"C6CB2A92FDD59F9BA9E4EC02E9555CC93078F32D","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Lavasoft AB, OU=Security Division, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lavasoft AB, L=Gothenburg, S=Vaestra Goetaland, C=SE","sourceIndex":"293","avBlockList":["Avira Internet Security (20220920)","ESET Internet Security (20220920)","K7 Total Security (20220920)","Norton Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)"],"avAllowList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","G DATA INTERNET SECURITY (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","McAfee Total Protection (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Trend Micro Internet Security (20220920)","VIPRE Advanced Security (20220920)","Windows Defender (20220920)"]},{"isRevoked":"False","fileName":"RegistryTuner.exe","companyName":"Lavasoft","fileVersion":"1.0","hashMD5":"cad03b72b6991dd2d81677502f6b9a47","hashSHA1":"2de6cad7102fc497c26b47de3c4fdd68cf291624","hashSHA256":"5e683693ea2e56b16a898071ec37044849a282c5eed1059c559b5aa48b09dc2a","digitalCertThumbprint":"C6CB2A92FDD59F9BA9E4EC02E9555CC93078F32D","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Lavasoft AB, OU=Security Division, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lavasoft AB, L=Gothenburg, S=Vaestra Goetaland, C=SE","sourceIndex":"293","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Registry clea","reference":"","landingPage":"http://registry.lavasoft.com/","directDownloadingLink":"https://lavasoft-registry-tuner.en.uptodown.com/windows/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://lavasoft-registry-tuner.en.uptodown.com/windows/download","sourceIndex":"293"}],"sampleFiles":["220908/RegistryTuner-220907/1.0/Samples/lavasoft-registry-tuner-1.0.exe","220908/RegistryTuner-220907/1.0/Samples/RegistryTuner.exe"],"imageFiles":["220908/RegistryTuner-220907/1.0/Images/ACR-084/ACR-084_Startup.jpg","220908/RegistryTuner-220907/1.0/Images/ACR-003/ACR-003_Registry_listed_as_errors_1.jpg","220908/RegistryTuner-220907/1.0/Images/ACR-003/ACR-003_Registry_listed_as_errors_2.jpg","220908/RegistryTuner-220907/1.0/Images/ACR-003/ACR-003_Registry_listed_as_problems.jpg","220908/RegistryTuner-220907/1.0/Images/ACR-014/ACR-004_014_Fix_for_scanned_issues.mp4","220908/RegistryTuner-220907/1.0/Images/ACR-014/ACR-014_Confusing_Fix_1.jpg","220908/RegistryTuner-220907/1.0/Images/ACR-014/ACR-014_Confusing_Fix_2.jpg"],"nonDeceptorImageFiles":["220908/RegistryTuner-220907/1.0/Images/ACR-065/RegistryTuner_About.jpg","220908/RegistryTuner-220907/1.0/Images/ACR-167/ACR-167_RefundPolicy.jpg"],"guid":"54cc00f9-fc2c-44f7-9cd9-e011a5f74986_1.0_1","appID":"RegistryTuner-220907","dateAdded":"220908","deceptorType":"App","name":"Registry Tuner","company":"Lavasoft","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-12-12T21:31:52.3843836+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1289},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-043":"\"Online Media Technologies Ltd.\" third-party libraries are installed without disclosure. \n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup on its own. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\nThe \"Premium Support\" offer is opted-in by default on the Internal offers page (https://secure.avangate.com/order/checkout.php?PRODS=4552843&QTY=1&CART=1) and requires the user to opt-out of the payment.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-014":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app doesn't provide the following information in the shopping cart(https://www.wave-max.com/purchase.html): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (WaveMaxFreeSoundRecorder.exe) does not have a digital signature. \n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\WaveMax Free Sound Recorder\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1436","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\WaveMax Free Sound Recorder\\WaveMaxFreeSoundRecorder.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6044a5533d641eb8658efdbf17f3b04d","hashSHA1":"942456c367ea064878f0a23e67144dfa82d7a96d","hashSHA256":"f9b3dca3fa408c5268951bb2ea9defa5bbef7ebda5ae920c03597019a04b7c67","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1436","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WaveMaxFreeSoundRecorder.exe","isInstaller":"True","companyName":"NITBits                                                     ","productName":"WaveMax Free Sound Recorder                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"ef9b0a03219e819ef278e7352816b18f","hashSHA1":"4cd50b2d7bb9e22c8f4ecf439746057533fe8cea","hashSHA256":"3b8b29bb268ea6452799bde9941b4381b75cfd44883867bbfd9488f47490ba66","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Beijing Tsingsoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1436","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","K7 Total Security (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","Trend Micro Internet Security (20220920)","VIPRE Advanced Security (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)","Windows Defender (20220920)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.wave-max.com/features_freesoundrecorder.php","directDownloadingLink":"http://www.wave-max.com/WaveMaxFreeSoundRecorder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wave-max.com/WaveMaxFreeSoundRecorder.exe","sourceIndex":"1436"}],"sampleFiles":["220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Samples/WaveMaxFreeSoundRecorder.exe"],"imageFiles":["220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-109/ACR-109.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-043/ACR-043_Install.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-047/ACR-047.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-047/ACR-047_1.mp4","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-048/ACR-048_Install.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-010/ACR-010.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-083/ACR-083.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-083/ACR-083_1.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-084/ACR-084.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-048/ACR-048.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-048/ACR-048_1.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-048/ACR-048_2.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-014/ACR-014.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-014/ACR-014_1.mp4","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-118/ACR-118.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-122/ACR-122_Uninstall.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-075/ACR-075.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-075/ACR-075_1.mp4","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-057/ACR-057.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-059/ACR-059.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-071/ACR-071.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-155/ACR-155.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-071/ACR-071_InternalOffers.jpg","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-071/ACR-071_InternalOffers_1.jpg","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-165/ACR-165_InternalOffers.jpg","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-165/ACR-165_InternalOffers_1.jpg"],"nonDeceptorImageFiles":["220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-106/ACR-106.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-092/ACR-092_Software.JPG","220908/wavemaxfreesoundrecorder-220830/8.8.2.4/Images/ACR-123/ACR-123.JPG"],"guid":"f877c707-4567-486e-beca-4bf8994b745f_8.8.2.4_1","appID":"wavemaxfreesoundrecorder-220830","dateAdded":"220908","deceptorType":"Bundler","name":"Wavemax Free Sound Recorder","company":"NITBits Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220908","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-08T19:12:09.7811716+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1288},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor applications. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user. \n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\nThe \"Premium Support\" offer is opted-in by default on the Internal offers page (https://secure.avangate.com/order/checkout.php?PRODS=4552839&QTY=1&CART=1) and requires the user to opt-out of the payment.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-014":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app doesn't provide the following information in the shopping cart(https://www.wave-max.com/purchase.html): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app's main executable (RecordMaxBurningStudio.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\RecordMax Burning Studio\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1431","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\RecordMax Burning Studio\\RecordMaxBurningStudio.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6ffe7af91717359fbf5b4e102f0e21e9","hashSHA1":"f887e4167e8daad747f40fabe5ffdab7f680f558","hashSHA256":"ed90d2a963d7fda1370bac16c3da8cd726338df7781f6ca709aa5be7455ccfd6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1431","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RecordMaxBurningStudio.exe","isInstaller":"True","companyName":"NITBits Co. Ltd.                                           ","productName":"RecordMax Burning Studio                                    ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3e5ba041a6ed93e44e38f5b0469ccebb","hashSHA1":"0afb7ecb9e57d3f508958de2672d4f4d69120dd3","hashSHA256":"88c2ce697c3d7235c0af45701d7947036a8a818d815cf8002305ddcefa06aa34","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Beijing Tsingsoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1431","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","K7 Total Security (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VIPRE Advanced Security (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)","Windows Defender (20220920)"],"avAllowList":["Trend Micro Internet Security (20220920)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.wave-max.com/features_burningstudio.php","directDownloadingLink":"http://www.wave-max.com/RecordMaxBurningStudio.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wave-max.com/RecordMaxBurningStudio.exe","sourceIndex":"1431"}],"sampleFiles":["220908/recordmaxburningstudio-220908/8.8.2.4/Samples/RecordMaxBurningStudio.exe"],"imageFiles":["220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-109/ACR-109.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-047/ACR-047.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-047/ACR-047.mp4","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-048/ACR-048.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-010/ACR-010.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-083/ACR-083.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-083/ACR-083_1.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-084/ACR-084.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-048/ACR-048_1.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-048/ACR-048_2.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-048/ACR-048_3.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-014/ACR-014.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-014/ACR-014.mp4","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-118/ACR-118.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-118/ACR-118_2.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-122/ACR-122.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-075/ACR-075.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-075/ACR-075.mp4","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-057/ACR-057.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-059/ACR-059.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-071/ACR-071.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-155/ACR-155.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-071/ACR-071 (1).jpg","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-071/ACR-071 (2).jpg","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-165/ACR-165.jpg","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-165/ACR-165_1.jpg"],"nonDeceptorImageFiles":["220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-106/ACR-106.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-092/ACR-092.JPG","220908/recordmaxburningstudio-220908/8.8.2.4/Images/ACR-123/ACR-123.JPG"],"guid":"6b99c9a9-2a6b-4c51-be13-0b3a875162b2_8.8.2.4_1","appID":"recordmaxburningstudio-220908","dateAdded":"220908","deceptorType":"App","name":"RecordMax Burning Studio","company":"NITBits Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220908","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-08T22:46:43.7438128+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1290},{"violations":{"ACR-048":"The app is always running in the background and requires  hotkey and password  to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it hides itself from the targeted consumer by requiring a hotkey and password to open it.\n","ACR-084":"The app is always running and uses the name \"mdworker\". It also requires a hotkey and password to open the app, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The application was installed in a data hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy or the EULA. \nThe internal offers page does not display links to the Returns and Cancellation Policy or the EULA.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the software and landing page.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"PKLite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"7cc285d85752b6e6a2729500bed867a4","hashSHA1":"aa091b0e86506cce5bdf0f35fab595d1519124ac","hashSHA256":"b6edfc0a8ca7783c4f22ad7028b141d8946d210610dcc9096c4d36cbf45babe9","sourceIndex":"1434","avBlockList":["Avast Security for Mac (20221011)","Avira Security for Mac (20221011)","Norton Security for Mac (20221011)"],"avAllowList":["Bitdefender Antivirus for Mac (20221011)","ESET Cyber Security Pro for Mac (20221011)","G DATA AntiVirus for Mac (20221011)","K7 Antivirus for Mac (20221011)","Kaspersky Internet Security for Mac (20221011)","McAfee Internet Security for Mac (20221011)","Sophos Home Premium For Mac (20220913)","Trend Micro Antivirus for Mac (20221011)"]},{"isRevoked":"False","fileName":"PKL","fileVersion":"0.","hashMD5":"3cd28c5323f9f67561e2b25fb1085a3d","hashSHA1":"fb441cae078c5390264cb97226bcaf5fa6cd5e0f","hashSHA256":"09dbfd33ca3b1878f8078cf105daf3ae46a35ef94566e2b1ea9629ac8465df8e","sourceIndex":"1434","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://mac-keylogger.org/","directDownloadingLink":"https://dxryqonso08qd.cloudfront.net/webscan/45916/8a6df0906e1af46cdcbba89b61128c037239c57efa611ec0cef19b06c01045f4/PKLiteMac19.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dxryqonso08qd.cloudfront.net/webscan/45916/8a6df0906e1af46cdcbba89b61128c037239c57efa611ec0cef19b06c01045f4/PKLiteMac19.zip","sourceIndex":"1434"}],"sampleFiles":["220908/PerfectKeyloggerforMacLite-211202/2.0/Samples/PKLite.dmg","220908/PerfectKeyloggerforMacLite-211202/2.0/Samples/PKL"],"imageFiles":["220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-084/PKLiteMac_Interactions [3].png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-084/ACR-084.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-084/ACR-084_1.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-084/ACR-084_2.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-048/ACR-048.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-048/ACR-048_1.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-048/ACR-048_2.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-007/ACR-007.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-007/ACR-007_1.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-007/ACR-007_2.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-116/ACR-116.png"],"nonDeceptorImageFiles":["220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-040/ACR-040.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-065/ACR-065_Install.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-065/ACR-065_Software.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-035/ACR-035_Landingpage.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-037/ACR-037_Landingpage.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-167/ACR-167.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-065/ACR-065_Landingpage.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-099/ACR-099_Landingpage.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-166/ACR-166.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-065/ACR-065_InternalOffers.png","220908/PerfectKeyloggerforMacLite-211202/2.0/Images/ACR-099/ACR-099_InternalOffers.png"],"guid":"cebd0380-7597-4f39-b3af-5ba980877de4_2.0_1","appID":"PerfectKeyloggerforMacLite-211202","dateAdded":"220908","deceptorType":"MacOS App","name":"Perfect Keylogger for Mac Lite","company":"BLAZINGTOOLS SOFTWARE","version":"2.0","lastKnownStatus":"1.9;2.0","lastKnownDate":"220908","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2022-09-08T22:22:02.5002493+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1291},{"violations":{"ACR-048":"The app is always running in the background and requires  hotkey and password  to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it hides itself from the targeted consumer by requiring a hotkey and password to open it.\n","ACR-084":"he app is always running and uses the name \"mdworker\". It also requires a hotkey and password to open the app, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The application was installed in a data hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy or the EULA. \nThe internal offers page does not display links to the Returns and Cancellation Policy or the EULA.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the software and landing page.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"PKL","fileVersion":"0.","hashMD5":"7820c1d9d2d1910948ce39cd28dca240","hashSHA1":"39367e5d92437e93005e085cecdc61be43d8c30f","hashSHA256":"b768df75811cafafb2a265d06c9c763c205b8a552fd95de1201837e36383f320","sourceIndex":"1772","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PKLite.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5c6a1b1d3a4d92de350fe9e32215b8a5","hashSHA1":"cfa87d19a42de488db9aea2e9fe8bfd14cf1628e","hashSHA256":"3a4512854cf641410ead1c02a4410978ba0632167e705426e38e56a30b8a2e92","sourceIndex":"1772","avBlockList":["Avast Security for Mac (20220208)","Avira Security for Mac (20220208)","Bitdefender Antivirus for Mac (20220208)","ESET Cyber Security Pro for Mac (20220208)","G DATA AntiVirus for Mac (20220208)","K7 Antivirus for Mac (20220208)","Norton Security for Mac (20220208)","Sophos Home Premium For Mac (20220208)","Trend Micro Antivirus for Mac (20220208)"],"avAllowList":["Kaspersky Internet Security for Mac (20220208)","McAfee Internet Security for Mac (20220208)"]},{"isRevoked":"False","fileName":"PKLiteMac19.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8a6df0906e1af46cdcbba89b61128c037239c57efa611ec0cef19b06c01045f4","sourceIndex":"1772","avBlockList":["Avast Security for Mac (20220208)","Avira Security for Mac (20220208)","Bitdefender Antivirus for Mac (20220208)","ESET Cyber Security Pro for Mac (20220208)","G DATA AntiVirus for Mac (20220208)","K7 Antivirus for Mac (20220208)","Norton Security for Mac (20220208)","Sophos Home Premium For Mac (20220208)","Trend Micro Antivirus for Mac (20220208)"],"avAllowList":["Kaspersky Internet Security for Mac (20220208)","McAfee Internet Security for Mac (20220208)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://mac-keylogger.org/","directDownloadingLink":"https://dxryqonso08qd.cloudfront.net/webscan/45916/8a6df0906e1af46cdcbba89b61128c037239c57efa611ec0cef19b06c01045f4/PKLiteMac19.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dxryqonso08qd.cloudfront.net/webscan/45916/8a6df0906e1af46cdcbba89b61128c037239c57efa611ec0cef19b06c01045f4/PKLiteMac19.zip","sourceIndex":"1772"}],"sampleFiles":["211202/PerfectKeyloggerforMacLite-211202/1.9/Samples/PKL","211202/PerfectKeyloggerforMacLite-211202/1.9/Samples/PKLite.dmg","211202/PerfectKeyloggerforMacLite-211202/1.9/Samples/PKLiteMac19.zip"],"imageFiles":["211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-084/PKLiteMac_RunningProcess [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-084/PKLiteMac_Interactions [2].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-084/PKLiteMac_Interactions [3].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-048/PKLiteMac_RunningProcess [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-048/PKLiteMac_Interactions [2].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-048/PKLiteMac_Interactions [3].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-007/PKLiteMac_Interactions [4].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-007/PKLiteMac_Interactions [2].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-007/PKLiteMac_Interactions [3].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-116/PKLiteMac_Apps [1].png"],"nonDeceptorImageFiles":["211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-040/PKLiteMac_Files [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-065/PKLiteMac_Install [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-065/PKLiteMac_Interactions [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-035/PKLiteMac_LandingPage [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-035/PKLiteMac_LandingPage [2].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-037/PKLiteMac_LandingPage [2].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-167/PKLiteMac_LandingPage [2].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-065/PKLiteMac_LandingPage [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-099/PKLiteMac_LandingPage [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-166/PKLiteMac_OfferPage [3].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-065/PKLiteMac_OfferPage [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-065/PKLiteMac_OfferPage [2].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-099/PKLiteMac_OfferPage [1].png","211202/PerfectKeyloggerforMacLite-211202/1.9/Images/ACR-099/PKLiteMac_OfferPage [2].png"],"guid":"cebd0380-7597-4f39-b3af-5ba980877de4_1.9_1","appID":"PerfectKeyloggerforMacLite-211202","dateAdded":"220908","deceptorType":"MacOS App","name":"Perfect Keylogger for Mac Lite","company":"BLAZINGTOOLS SOFTWARE","version":"1.9","sigName":"Deceptor:MacOS/PerfectKeyloggerforMacLite!084086048007116","lastKnownStatus":"1.9;2.0","lastKnownDate":"220908","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2022-09-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1292},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor applications. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\nThe \"Premium Support\" offer is opted-in by default on the Internal offers page (https://secure.avangate.com/order/checkout.php?CART_ID=32cb7d7dfaf9c829ba1204e8e82025d6) and requires the user to opt-out of the payment.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined.\n","ACR-014":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined.\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app doesn't provide the following information in the shopping cart(https://www.wave-max.com/purchase.html): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (DiscCoolDVDtoVideoConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DiscCool DVD to Video Converter\\DiscCoolDVDtoVideoConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"ab62a4fff8d2098a380f82e243ed8ce8","hashSHA1":"4a52df8e2df1f6a15f0522ef3d4f0e0cd81b96b5","hashSHA256":"1e7d5cc6bb144be77c2958cc280f2dddb02dfa70256e72f82d5458476068c3b3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1429","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DiscCool DVD to Video Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1429","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiscCoolDVDtoVideoConverter.exe","isInstaller":"True","companyName":"NITBits Co. Ltd.                                           ","productName":"DiscCool DVD to Video Converter                             ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"bac41601224c69e4d6705450e11e8338","hashSHA1":"1fc21a7e007ed5929b3e7bc421a600c50a42bbf4","hashSHA256":"66ff97b00c62ef571d4c2607f97ceabbbaa35965cb7bff4184a99178a2225b7b","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Beijing Tsingsoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1429","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","Dr.Web Security Space (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","K7 Total Security (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VIPRE Advanced Security (20220920)","VirIT eXplorer PRO (20220920)","Webroot SecureAnywhere (20220920)","Windows Defender (20220920)"],"avAllowList":["Quick Heal Internet Security (20220920)","Trend Micro Internet Security (20220920)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.wave-max.com/features_dvdconverter.php","directDownloadingLink":"http://www.wave-max.com/DiscCoolDVDtoVideoConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wave-max.com/DiscCoolDVDtoVideoConverter.exe","sourceIndex":"1429"}],"sampleFiles":["220908/disccooldvdtovideoconverter-220905/8.8.2.4/Samples/DiscCoolDVDtoVideoConverter.exe"],"imageFiles":["220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-109/ACR-109.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-047/ACR-047.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-047/ACR-047.mp4","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-010/ACR-010.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-083/ACR-083.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-083/ACR-083_1.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-084/ACR-084.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-048/ACR-048.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-048/ACR-048_1.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-048/ACR-048_2.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-014/ACR-014.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-014/ACR-014.mp4","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-118/ACR-118_2.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-122/ACR-122.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-075/ACR-075.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-075/ACR-075.mp4","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-057/ACR-057.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-059/ACR-059.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-071/ACR-071.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-155/ACR-155.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-071/ACR-071(1).jpg","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-071/ACR-071(2).jpg","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-165/ACR-165.jpg","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-165/ACR-165_1.jpg"],"nonDeceptorImageFiles":["220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-106/ACR-106.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-092/ACR-092_1.JPG","220908/disccooldvdtovideoconverter-220905/8.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"ec746841-43d9-49b3-9572-4c55861c231a_8.8.2.4_1","appID":"disccooldvdtovideoconverter-220905","dateAdded":"220908","deceptorType":"Bundler","name":"DiscCool DVD to Video Converter","company":"NITBits Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220908","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-08T23:24:34.6128939+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1293},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “Phone booster” option, it starts scanning and shows the scan results in which, the data for each installed app are displayed as 100kb and does not fix any identified issues also this scenario is observed in other categories as well, thus unable to verify the app's value proposition since it displays dummy cache data (100kb) that have a vast difference from the actual cache data for all the installed apps.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “Phone booster” option, it starts scanning and shows the scan results in which, the data for each installed app are displayed as 100kb and does not fix any identified issues also this scenario is observed in other categories as well, thus misleading the user by displaying dummy cache data (100kb) that have a vast difference from the actual cache data for all the installed apps.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.expert.cleaner.phone.cleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"d32856ff8fd9da96f436a1e628b6f1fd","hashSHA1":"cce1156638fe6d319c2a85d2d93b0256b1872b1e","hashSHA256":"bb89bf5e1be4cf0f8eba863af88ba17dd55cb7f0ea97992746dabfb7582270a8","sourceIndex":"1437","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.expert.cleaner.phone.cleaner.speed.booster&hl=en&gl=US","ipv4":"","ipv6":"","sourceIndex":"1437"}],"sampleFiles":["220907/expertcleanerphonecleaner-220830/8.0.8/Samples/com.expert.cleaner.phone.cleaner.apk"],"imageFiles":["220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-103/ACR-103_Software.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-103/ACR-103_Software_1.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-103/ACR-103_Software_2.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-103/ACR-103_Software_3.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-103/ACR-103_Software_4.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-103/ACR-103_Software_5.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-014/ACR-014_Software.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-014/ACR-014_Software_1.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-014/ACR-014_Software_2.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-014/ACR-014_Software_3.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-014/ACR-014_Software_4.png","220907/expertcleanerphonecleaner-220830/8.0.8/Images/ACR-014/ACR-014_Software_5.png"],"nonDeceptorImageFiles":[],"guid":"2d2e1390-a26d-4929-b2c2-a4e1e45af20a_8.0.8_1","appID":"expertcleanerphonecleaner-220830","dateAdded":"220907","deceptorType":"Android App","name":"Expert Cleaner Phone Cleaner","company":"Kito Apps","version":"8.0.8","lastKnownStatus":"Deceptor:8.0.8","lastKnownDate":"220907","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-07T08:53:09.8377407+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1297},{"violations":{"ACR-003":"The app lists non-critical items as \"problems\" and \"errors\" and does not provide free fix for the identified issues shown during the free scan under the System Cleaner category. This can be misleading, compelling the user to purchase the app in order to complete the full fix.\n","ACR-004":"The app does not provide free fix for free scan results under the \"System Cleaner\" category.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"jv16PT.exe","companyName":"Macecraft Software","fileVersion":"8.1","hashMD5":"a734843ba6bd411aa56f522064462090","hashSHA1":"0543d5f796c46c15e0c103d216f5ed1d04bb152d","hashSHA256":"ec20323fa3872d53dd582298c0db9cfeb3b783e8c1b25d3de9c63806b5707550","digitalCertThumbprint":"E7CB36BC087DCB73F1D1BB2116B796784030E7A1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Macecraft Software, O=Macecraft Software, S=Satakunta, C=FI","sourceIndex":"901","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"jv16pt_setup.exe","isInstaller":"True","companyName":"Macecraft Software","fileVersion":"8.1","hashMD5":"2b05a5c85cf3c426b2f8ab3f6a37f0ad","hashSHA1":"27afa948d0ec7861f463a1587bc8aa365bd1ddbd","hashSHA256":"a8fb086dadb6397ef820022fd8be5e9f7b6d70e0f402cbc00ffa6cab939a8e01","digitalCertThumbprint":"E7CB36BC087DCB73F1D1BB2116B796784030E7A1","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Macecraft Software, O=Macecraft Software, S=Satakunta, C=FI","sourceIndex":"901","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"PC Cleaner ","reference":"","landingPage":"https://jv16powertools.com/","directDownloadingLink":"https://jv16powertools.com/downloads/jv16pt_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://jv16powertools.com/downloads/jv16pt_setup.exe","sourceIndex":"901"}],"sampleFiles":["220907/jv16powertools-220530/8.1.0.1564/Samples/jv16pt.exe","220907/jv16powertools-220530/8.1.0.1564/Samples/jv16pt_setup.exe"],"imageFiles":["220907/jv16powertools-220530/8.1.0.1564/Images/ACR-004/ACR-004.jpg","220907/jv16powertools-220530/8.1.0.1564/Images/ACR-004/ACR-004-b.jpg","220907/jv16powertools-220530/8.1.0.1564/Images/ACR-003/Problems_Errors.jpg","220907/jv16powertools-220530/8.1.0.1564/Images/ACR-003/Problems_Errors-a.jpg","220907/jv16powertools-220530/8.1.0.1564/Images/ACR-003/Problems_Error-b.jpg","220907/jv16powertools-220530/8.1.0.1564/Images/ACR-003/Problems_Error-c.jpg","220907/jv16powertools-220530/8.1.0.1564/Images/ACR-003/ACR-004-b.jpg"],"nonDeceptorImageFiles":[],"guid":"16ddaa18-e835-4e44-b4e9-ba2c5ceb48db_8.1.0.1564_1","appID":"jv16powertools-220530","dateAdded":"220907","deceptorType":"App","name":"jv16 PowerTools","company":"Macecraft Software","version":"8.1.0.1564","lastKnownStatus":"8.1.0.1564","lastKnownDate":"220907","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2023-09-08T00:17:09.2166133+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1295},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-043":"\"Online Media Technologies Ltd.\" third-party libraries are installed without disclosure. \n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-107":"The app does not obtain any authorization for using \"Online Media Technologies Ltd.\" third-party library.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\nThe \"Premium Support\" offer is opted-in by default on the Internal offers page (https://secure.avangate.com/order/checkout.php?CART_ID=32cb7d7dfaf9c829ba1204e8e82025d6) and requires the user to opt-out of the payment.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-014":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app doesn't provide the following information in the shopping cart(https://www.wave-max.com/purchase.html): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (WaveMaxSoundEditor.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\WaveMax Sound Editor\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1438","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\WaveMax Sound Editor\\WaveMaxSoundEditor.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"cf2bde1502f5755a44a9d483f8ff2f0f","hashSHA1":"fa2cbf69227e89c577f6f526002a8f07a2b91980","hashSHA256":"9c95cae370ad4a614205b39e5cd3510ad76945e972ba3313de8c8e061bfd95a4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1438","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WaveMaxSoundEditor.exe","isInstaller":"True","companyName":"NITBits Co. Ltd.                                           ","productName":"WaveMax Sound Editor                                        ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5756d6f9f8641d9b5ac4edbe4e9fdd64","hashSHA1":"6078bf6fb513c5197e9cdde1d2e8fe7521521c71","hashSHA256":"213f9c21a69b89714ba67375cd4a70b0d4650ccc7feaaf101f270865020e3c9a","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Beijing Tsingsoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1438","avBlockList":["360 Total Security (20220922)","Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","Dr.Web Security Space (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","K7 Total Security (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","Trend Micro Internet Security (20220922)","VIPRE Advanced Security (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["Quick Heal Internet Security (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.wave-max.com/features_soundeditor.php","directDownloadingLink":"http://www.wave-max.com/WaveMaxSoundEditor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wave-max.com/WaveMaxSoundEditor.exe","sourceIndex":"1438"}],"sampleFiles":["220907/wavemaxsoundeditor-220830/8.8.2.4/Samples/WaveMaxSoundEditor.exe"],"imageFiles":["220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-109/ACR-109.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-043/ACR-043.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-047/ACR-047.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-047/ACR-047.mp4","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-107/ACR-107.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-010/ACR-010.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-083/ACR-083.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-083/ACR-083 (2).JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-084/ACR-084.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-048/ACR-048.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-048/ACR-048_1.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-048/ACR-048_2.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-014/ACR-014.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-014/ACR-014.mp4","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-118/ACR-118_2.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-122/ACR-122.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-075/ACR-075.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-075/ACR-075.mp4","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-057/ACR-057.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-059/ACR-059.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-071/ACR-071.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-155/ACR-155.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-071/ACR-071 (1).jpg","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-071/ACR-071 (2).jpg","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-165/ACR-165 (1).png","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-165/ACR-165 (2).png"],"nonDeceptorImageFiles":["220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-106/ACR-106.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-092/ACR-092.JPG","220907/wavemaxsoundeditor-220830/8.8.2.4/Images/ACR-123/ACR-123.JPG"],"guid":"84303af5-af52-40ab-9ab6-7ba655a67f4e_8.8.2.4_1","appID":"wavemaxsoundeditor-220830","dateAdded":"220907","deceptorType":"Bundler","name":"WaveMax Sound Editor","company":"NITBits Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"Deceptor:8.8.2.4","lastKnownDate":"220907","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-09-07T08:50:46.3561378+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1294},{"violations":{"ACR-048":"Application can't exit completely. The running process left behind after user close the application and no instruction how to exit completely.\n","ACR-084":"1) The app creates the startup entry for the process ProductUpdater without user's knowledge. The relation of ProductUpdater to the main App is not clear to the consumer. 2) When the user closes the main app, the processes ProductUpdater keeps running in the background without notification to user.\n\n","ACR-164":"The app needs to provide details about how to cancel online, when user to receive notification for renewal, and what's the price amount after the time bound discount expire.\n\n"},"nonDeceptorViolations":{"ACR-045":"Free Download\" highlights \"Free\" misleads users. There is an internal offer that requires consumer payment in order to be activated which is not clearly marked in the landing page. Internal offer is also misleading and not clear since landing page marked the Free Download as service with \"no limitations\". \n\nFree Download\" highlights \"Free\" misleads users. There is an internal offer that requires consumer payment in order to be activated which is not clearly marked in the landing page. Internal offer is also misleading and not clear since landing page marked the Free Download as service with \"no limitations\". \n\n","ACR-027":"Inline Offers must be marked as \"offer\" or \"optional offer\".\n\n","ACR-017":"Landing page elevates consumer trust level by displaying Awards from tech blogs-- edorsements that are unverifiable.\n\n"},"samples":[{"isRevoked":"False","fileName":"FreemakeAudioConverter.exe","companyName":"Freemake","productName":"Freemake Audio Converter","fileVersion":"1.0.0.1","hashMD5":"dbb680d06d40643b946dd7a4deb9315c","hashSHA1":"6a7e2e69e504fdb4862127dd5ea53370def848a2","hashSHA256":"ffa950b27488bfa6eabfb978f9ab5f7c0608ad5d56c59d00b71304928dfd90a6","digitalCertThumbprint":"95DC2A690F98C32BA2CC914FED88CE2F14D9762D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Mixbyte Inc, O=Mixbyte Inc, STREET=\"541 Jefferson Ave, Ste 100\", L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1420","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemakeAudioConverterSetup.exe","isInstaller":"True","companyName":"Ellora Assets Corporation                                   ","productName":"Freemake Audio Converter","fileVersion":"1.1.9.9","hashMD5":"2387742eba5f6c49d4166af7dbd17e08","hashSHA1":"20c3b04c8b0c928e9734611c83878a782050f278","hashSHA256":"978a1387f8e27cd7b73fd577fd3c759d6c66fd9a06559e3b63c482ce1fb81e51","digitalCertThumbprint":"95DC2A690F98C32BA2CC914FED88CE2F14D9762D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Mixbyte Inc, O=Mixbyte Inc, STREET=\"541 Jefferson Ave, Ste 100\", L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1420","avBlockList":["360 Total Security (20220920)","Avast Premium Security (20220920)","AVG Internet Security (20220920)","Avira Internet Security (20220920)","Dr.Web Security Space (20220920)","McAfee Total Protection (20220920)","Norton Security (20220920)","Panda Dome (20220920)","Quick Heal Internet Security (20220920)","Sophos Home Premium (20220920)","SpyHunter5 (20220920)","Total AV Antivirus Pro (20220920)","VirIT eXplorer PRO (20220920)"],"avAllowList":["Bitdefender Internet Security (20220920)","COMODO Antivirus (20220920)","ESET Internet Security (20220920)","G DATA INTERNET SECURITY (20220920)","K7 Total Security (20220920)","Kaspersky Internet Security (20220920)","Malwarebytes Premium (20220920)","Trend Micro Internet Security (20220920)","VIPRE Advanced Security (20220920)","Webroot SecureAnywhere (20220920)","Windows Defender (20220920)"]},{"isRevoked":"False","fileName":"FreemakeUtilsService.exe","companyName":"Freemake","productName":"FreemakeUtilsService","fileVersion":"1.0","hashMD5":"05f9c0a9ff2ec22b1ffdef0a4bf70cb8","hashSHA1":"dcdcf98c736cf2ca551d84314d7fe2d475467115","hashSHA256":"9da16458c437c8260e98d8b80ba12107d7065dc3ba4ea382a7148b6cd7817725","digitalCertThumbprint":"95DC2A690F98C32BA2CC914FED88CE2F14D9762D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Mixbyte Inc, O=Mixbyte Inc, STREET=\"541 Jefferson Ave, Ste 100\", L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1420","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ProductUpdater.exe","productName":"ProductUpdater","fileVersion":"1.0.20.0","hashMD5":"676dbba2ccac83ec63ad066a372c0c71","hashSHA1":"5539232e49b1c1a3aca87ec1c53f0ce9da324a1a","hashSHA256":"cc683eddf44ab288f875d5abefe38a10fa14dc0207b135a94374734e4840f5f5","digitalCertThumbprint":"95DC2A690F98C32BA2CC914FED88CE2F14D9762D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Mixbyte Inc, O=Mixbyte Inc, STREET=\"541 Jefferson Ave, Ste 100\", L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1420","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"media editor/player","reference":"","landingPage":"https://www.freemake.com/de/free_audio_converter/","directDownloadingLink":"https://www.freemake.com/de/download?id=FreemakeAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freemake.com/de/download?id=FreemakeAudioConverter.exe","sourceIndex":"1420"}],"sampleFiles":["220907/FreemakeAudioConverter-220830/1.1.9.9/Samples/FreemakeAudioConverter.exe","220907/FreemakeAudioConverter-220830/1.1.9.9/Samples/FreemakeAudioConverterSetup.exe","220907/FreemakeAudioConverter-220830/1.1.9.9/Samples/FreemakeUtilsService.exe","220907/FreemakeAudioConverter-220830/1.1.9.9/Samples/ProductUpdater.exe"],"imageFiles":["220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-084/ACR-084-ProductUpdater.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-048/ACR-084-ProductUpdater.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-164/ACR-164-InternalOffer.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-164/ACR-164_OfferPage.png"],"nonDeceptorImageFiles":["220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-045/ACR-045_LandingPage.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-045/ACR-045_AppOffer.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-017/ACR-017_Unverifiable_Endorsements.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-027/ACR-027_InlineOffer.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-027/ACR-027_InlineOffer-2.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-027/ACR-027_InlineOffer-3.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-045/ACR-045_LandingPage.jpg","220907/FreemakeAudioConverter-220830/1.1.9.9/Images/ACR-045/ACR-045_AppOffer.jpg"],"guid":"78e41911-7913-472d-a598-03388aef22b6_1.1.9.9_1","appID":"FreemakeAudioConverter-220830","dateAdded":"220907","deceptorType":"App","name":"Freemake Audio Converter","company":"Ellora Assets Corporation","version":"1.1.9.9","lastKnownStatus":"Deceptor:1.1.9.9","lastKnownDate":"220907","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2022-09-21T17:39:31.7378592+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1296},{"violations":{"ACR-043":"FFmpeg third-party library is installed without disclosure. \n\n","ACR-048":"The application can't be closed completely. The hidden running process is left after application is closed. \n","ACR-084":" 1) The app creates the startup entry for the process ProductUpdater without user's knowledge. The relation of ProductUpdater to the main App is not clear to the consumer. 2) When the user closes the main app, the processes ProductUpdater keeps running in the background without any notification to user.\n\n","ACR-014":"The confusing price for the internal offer is unfair and misleading to user.\n\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be fully activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n","ACR-167":"The application only offers a  14-day refund policy\n\n","ACR-068":"Each time the user opens, closes and even at the attempt to uninstall the App, the Internal/Discount offer for Lifetime Mega or All-in-one Bundle pack varies. This inconsistent offer seems misleading and confusing to the consumer.\n\n","ACR-017":" Landing page elevates consumer trust level by displaying Awards from tech blogs, endorsements that are unverifiable.\n"},"samples":[{"isRevoked":"False","fileName":"FreemakeVideoConverter.exe","companyName":"Freemake","productName":"Freemake Video Converter","fileVersion":"2.0","hashMD5":"9db2c0324531b496c70d2075471acb5b","hashSHA1":"f6fa1f1111b0b24f44c4b3c25fa3b7374de2c2aa","hashSHA256":"5e2eac3038eb367bb646ad100224f75c6a35f36bfa30ee58af07f0ebedda8de4","digitalCertThumbprint":"335A57DB3B4C5125C5D746C1322AFE5447A56C3D","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"MIXBYTE, INC.\", O=\"MIXBYTE, INC.\", STREET=541 Jefferson Ave Ste 100, L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1421","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemakeVideoConverterSetup.exe","isInstaller":"True","companyName":"Mixbyte Inc.                                                ","productName":"Freemake Video Converter             ","productVersion":"4.1.13         ","fileVersion":"4.1.13.28           ","hashMD5":"a15caab13b62d3c0be029931e0c98836","hashSHA1":"7e6ad25a7e884fa59b018d24a2a706ac1d9b9574","hashSHA256":"0c658951c574bcf0cfd23581c771fa2ae2a4cd9cc318e3ab51a8882168dc623f","digitalCertThumbprint":"4F3D78A23F16FB26564FA4727939BB6945229053","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Mixbyte Inc, O=Mixbyte Inc, STREET=\"541 Jefferson Ave, Ste 100\", L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1421","avBlockList":["360 Total Security (20220922)","Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Dr.Web Security Space (20220922)","K7 Total Security (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Quick Heal Internet Security (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","Trend Micro Internet Security (20220922)","VIPRE Advanced Security (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"FreemakeMusicBox","landingPage":"https://www.freemake.com/","directDownloadingLink":"https://download.freemake.net/products/A15CAAB13B62D3C0BE029931E0C98836/FreemakeVideoConverterSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.freemake.net/products/A15CAAB13B62D3C0BE029931E0C98836/FreemakeVideoConverterSetup.exe","sourceIndex":"1421"}],"sampleFiles":["220831/FreemakeVideoConverter-220826/4.1.13.28/Samples/FreemakeVideoConverter.exe","220831/FreemakeVideoConverter-220826/4.1.13.28/Samples/FreemakeVideoConverterSetup.exe"],"imageFiles":["220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-043/ACR-043_FFmpeg_NoDisclosure.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-084/ACR-084_ProductUpdater.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-084/ACR-084_ProductUpdater_Properties.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-048/ACR-084_ProductUpdater.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-014/ACR-014_Discount_Offer_1.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-014/Discount_Offer_3(a).jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-014/Discount_Offer_3.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-014/Discount_Offer_2.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-014/Discount_Offer.jpg"],"nonDeceptorImageFiles":["220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-167/ACR-167_RefundPolicy.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-045/ACR-045-LandingPage.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-045/ACR-045-LandingPage-1.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-045/ACR-045-Limited_Functionality.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-017/ACR-017_Unverifiable_Endorsements.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-068/ACR-068_Discount_Offer.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-068/ACR-068_Discount_Offer_1.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-068/ACR-068_Discount_Offer_2.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-068/ACR-068_Discount_Offer_2(a).jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-068/ACR-068_Discount_Offer_3.jpg","220831/FreemakeVideoConverter-220826/4.1.13.28/Images/ACR-068/ACR-068_Discount_Offer_3(a).jpg"],"guid":"d5297e37-15ee-40ef-aadd-22698eb0a351_4.1.13.28_1","appID":"FreemakeVideoConverter-220826","dateAdded":"220831","deceptorType":"App","name":"Freemake Video Converter","company":"Mixbyte Inc.","version":"4.1.13.28","lastKnownStatus":"4.1.13.28","lastKnownDate":"220831","type":"Windows Executable","category":"Media players, Media editors, SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-09-21T17:32:55.0627437+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1299},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device, when the user selects the “FINISH CLEANING (253.48MB)” option, it starts cleaning and displays \"You've cleaned 253.48MB junk!\" but, while checking the app details (in device settings option) it does not clear the actual cache data. Also, when tried again, the app suggests cleaning 173.86 MB, thus unable to verify its value proposition as it displays random data of junk/cache.\n","ACR-014":"The app suggests cleaning junk/cache in the device, when the user selects the “FINISH CLEANING (253.48MB)” option, it starts cleaning and displays \"You've cleaned 253.48MB junk!\" but, while checking the app details (in device settings option) it does not clear the actual cache data. Also, when tried again, the app suggests cleaning 173.86 MB, thus misleading the user by displaying random data of junk/cache.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"free.clean.phone.turbo.cleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"a5ed2a0f810f0e72cb7314859da90ac6","hashSHA1":"06dc4cb10eadcad7558c83da503045b81ecfc49b","hashSHA256":"98acb2f4716b7f5f245ada2935df6155cfbecc89a297547522be04fe075b1ca8","sourceIndex":"1441","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=free.clean.phone.turbo.cleaner","ipv4":"","ipv6":"","sourceIndex":"1441"}],"sampleFiles":["220831/turbocleanercleanjunkfile-220826/1.3.1.1/Samples/free.clean.phone.turbo.cleaner.apk"],"imageFiles":["220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-103/ACR-103_Software.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-103/ACR-103_Software_1.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-103/ACR-103_Software_2.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-103/ACR-103_Software_3.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-103/ACR-103_Software_4.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-014/ACR-014_Software.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-014/ACR-014_Software_1.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-014/ACR-014_Software_2.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-014/ACR-014_Software_3.png","220831/turbocleanercleanjunkfile-220826/1.3.1.1/Images/ACR-014/ACR-014_Software_4.png"],"nonDeceptorImageFiles":[],"guid":"2ed67511-7753-4117-8b21-1a209d8a0f44_1.3.1.1_1","appID":"turbocleanercleanjunkfile-220826","dateAdded":"220831","deceptorType":"Android App","name":"Turbo Cleaner Clean Junk File","company":"Innovative Connecting","version":"1.3.1.1","lastKnownStatus":"1.3.1.1","lastKnownDate":"220831","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-31T18:46:55.6509185+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1298},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “spt_setup.exe”.  \n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.   \n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.   \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.   \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.  \n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.  \n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “spt_setup.exe”.   \n","ACR-155":"Offers are designed to look like part of the install workflow.   \n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the app's Returns and Cancellation Policy, or Privacy Policy.  \nThe app does not display links to the app's Returns and Cancellation Policy, Privacy Policy & EULA.\nThe app does not provide working links to the app's Returns and Cancellation Policy, Privacy Policy & EULA.  \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.  \n","ACR-092":"Apps does not have a digital signature for their main executables and its installer.  \n","ACR-099":"The app does not display links to uninstall information in the software.   \nThe landing page does not provide working links to uninstall information.  \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free Audio Converter\\Free Audio Converter.exe","companyName":"Accmeware Corporation","productName":"Free Audio Converter","productVersion":"7. 6. 1. 0","fileVersion":"7. 6. 1. 0","hashMD5":"ba17c5faf1a20e06e0c4a99398d57a31","hashSHA1":"c3f0defce6d0a68e03dab5be1ed55a7736ba1873","hashSHA256":"e52d27028734da7d95f56b5fae22554533195c4a7c07878e8b1dc708051a6162","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1445","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConverterSetup.exe","isInstaller":"True","companyName":"FAR                                                         ","productName":"Free Audio Converter                                        ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"0f461e9e84d4cf0222a7d0d25d922355","hashSHA1":"40cf2abd08141338c7d1f42492b19199ddacf576","hashSHA256":"53d4ed4c6fde70b584b6b116a2b05c03d5733a774f39d6b0936a42aa6d9766f2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1445","avBlockList":["Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","Dr.Web Security Space (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","K7 Total Security (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Quick Heal Internet Security (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","Trend Micro Internet Security (20220922)","VIPRE Advanced Security (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["360 Total Security (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"downloadastro.com","reference":"","landingPage":"http://free-audio-converter.net/index.html","directDownloadingLink":"http://www.free-audio-converter.net/Downloads/FreeAudioConverter.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.free-audio-converter.net/Downloads/FreeAudioConverter.zip","sourceIndex":"1445"}],"sampleFiles":["220826/FreeAudioConverter-220825/7.6.1.0/Samples/FreeAudioConverterSetup.exe"],"imageFiles":["220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-109/ACR-109.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-039/ACR-039.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-048/ACR-048.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-118/ACR-118.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-057/ACR-057.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-059/ACR-059.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-071/ACR-071.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-155/ACR-155.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":["220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-065/ACR-065_Install.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-106/ACR-106.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-092/ACR-092.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-065/ACR-065_Software.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-099/ACR-099_Software.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-065/ACR-065_Landingpage.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-065/ACR-065_Landingpage_1.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-099/ACR-099_Landingpage.JPG","220826/FreeAudioConverter-220825/7.6.1.0/Images/ACR-099/ACR-099_Landingpage_1.JPG"],"guid":"69b0ce19-db9a-4bf1-9b59-689560a005fc_7.6.1.0_1","appID":"FreeAudioConverter-220825","dateAdded":"220826","deceptorType":"App","name":"Free Audio Converter","company":"Accmeware Corporation","version":"7.6.1.0","lastKnownStatus":"7.6.1.0","lastKnownDate":"220826","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-26T19:45:30.4753828+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1302},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “spt_setup.exe”.\n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “spt_setup.exe”.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executables and its installer.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free WAV to MP3 Converter\\Free WAV to MP3 Converter.exe","companyName":"Accmeware Corporation","productName":"Free WAV to MP3 Converter","productVersion":"7. 6. 1. 0","fileVersion":"7. 6. 1. 0","hashMD5":"280e3b1c10de0218623c35b3822aef77","hashSHA1":"20d94a3cc024a7ea2c7960108c49f5d002181fc6","hashSHA256":"26414d865e5c27cf4779dc0de6ace62b0ad482cf0d351bbe04cc2de649662b85","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1446","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeWAVToMP3Converter.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Free WAV to MP3 Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"54fc84d18e6d7f3083721d425c3a63fc","hashSHA1":"93a6848176d5a6af46e1af9dfdea88dc0ab56b09","hashSHA256":"03593d597b72d9223b22d9204f245f0a323eee62bfe24e2849267c7fe9793f21","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1446","avBlockList":["Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","Dr.Web Security Space (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","K7 Total Security (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","VIPRE Advanced Security (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["360 Total Security (20220922)","Quick Heal Internet Security (20220922)","Trend Micro Internet Security (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"downloadastro.com","reference":"","landingPage":"http://free-audio-converter.net/index.html","directDownloadingLink":"http://www.free-audio-converter.net/Downloads/FreeWAVToMP3Converter.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.free-audio-converter.net/Downloads/FreeWAVToMP3Converter.zip","sourceIndex":"1446"}],"sampleFiles":["220826/FreeWAVToMP3Converter-220825/7.6.1.0/Samples/FreeWAVToMP3Converter.exe"],"imageFiles":["220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-109/ACR-109.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-039/ACR-039.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-048/ACR-048.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-057/ACR-057.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-059/ACR-059.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-071/ACR-071.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-155/ACR-155.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-118/ACR-118_1.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-118/ACR-118_2.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-118/ACR-118_3.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":["220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-106/ACR-106.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-092/ACR-092_1.JPG","220826/FreeWAVToMP3Converter-220825/7.6.1.0/Images/ACR-092/ACR-092_2.JPG"],"guid":"8f7005fe-0848-419c-80b5-f32a29622e91_7.6.1.0_1","appID":"FreeWAVToMP3Converter-220825","dateAdded":"220826","deceptorType":"App","name":"Free WAV to MP3 Converter","company":"Accmeware Corporation","version":"7.6.1.0","lastKnownStatus":"7.6.1.0","lastKnownDate":"220826","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-26T19:40:19.3512609+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1301},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “spt_setup.exe”.\n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “spt_setup.exe”.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for its main executables and its installer.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free WMA to MP3 Converter\\Free WMA to MP3 Converter.exe","companyName":"Accmeware Corporation","productName":"Free WMA to MP3 Converter","productVersion":"7. 6. 1. 0","fileVersion":"7. 6. 1. 0","hashMD5":"e8ff285f6f6b9efc552dea887fb3e563","hashSHA1":"399a7f16d259e7f80337a299376faa4f26eb29ec","hashSHA256":"cc0b1800493163c8a528c4578248595ef68a283310806df539649c7f247da77b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1447","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeWMAToMP3Converter.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Free WMA to MP3 Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"a61f7b1cc61c302ebc3c8ff315e6f8b4","hashSHA1":"5574269a185ed6d8a8ddcd76b4e348a14186a397","hashSHA256":"72835b2b012d6d03c5b1e733e35feea6abbab062dce7f1bdcd72e83d34ce28b3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1447","avBlockList":["Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","Dr.Web Security Space (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","K7 Total Security (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Quick Heal Internet Security (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","Trend Micro Internet Security (20220922)","VIPRE Advanced Security (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["360 Total Security (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"downloadastro.com","reference":"","landingPage":"http://free-audio-converter.net/index.html","directDownloadingLink":"http://www.free-audio-converter.net/Downloads/FreeWMAToMP3Converter.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.free-audio-converter.net/Downloads/FreeWMAToMP3Converter.zip","sourceIndex":"1447"}],"sampleFiles":["220826/FreeWMAToMP3Converter-220824/7.6.1.0/Samples/FreeWMAToMP3Converter.exe"],"imageFiles":["220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-109/ACR-109.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-039/ACR-039.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-048/ACR-048.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-118/ACR-118_1.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-118/ACR-118_2.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-118/ACR-118_3.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-057/ACR-057.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-059/ACR-059.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-071/ACR-071.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-155/ACR-155.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":["220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-106/ACR-106.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-092/ACR-092.JPG","220826/FreeWMAToMP3Converter-220824/7.6.1.0/Images/ACR-092/ACR-092_1.JPG"],"guid":"a72a6281-f49b-4b17-83d7-cbb1c281b565_7.6.1.0_1","appID":"FreeWMAToMP3Converter-220824","dateAdded":"220826","deceptorType":"App","name":"Free WMA to MP3 Converter","company":"Accmeware Corporation","version":"7.6.1.0","lastKnownStatus":"7.6.1.0","lastKnownDate":"220826","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-26T19:37:37.9860955+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1300},{"violations":{"ACR-048":"The application can't be closed completely. A running process running behind after application is closed.\n","ACR-084":"1) The app creates the startup entry for the process ProductUpdater without user's knowledge. The relation of ProductUpdater to the main App is not clear to the consumer. 2) When the user closes the main app, the processes ProductUpdater and FreemakeUtilsService keeps running in the background.\n"},"nonDeceptorViolations":{"ACR-092":"The main app is not digitally-signed. \n\n","ACR-099":"The app does not display links to uninstall information.\n The landing page does not display links to uninstall information.\n\n","ACR-017":"Landing page elevates consumer trust level by displaying Awards from tech blogs, endorsements that are unverifiable.\n\n"},"samples":[{"isRevoked":"False","fileName":"FreemakeMusicBox.exe","companyName":"Freemake","productName":"Freemake Video MusicBox","fileVersion":"2.0.1.0","hashMD5":"f259dd6556f928d114ff1f7261305dd9","hashSHA1":"4fb9f44248450e5684db224412a6e75242929fb9","hashSHA256":"1bbc78f1e4d60553b00203334c3b19aff59b1e5de2846263d623110d4d7e5179","sourceIndex":"1418","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemakeMusicBoxFull.exe","isInstaller":"True","companyName":"Ellora Assets Corporation                                   ","productName":"Freemake Music Box        ","fileVersion":"1.0.7.18      ","hashMD5":"c3edca0d666c21950a9302bd8d31009a","hashSHA1":"74af1e55bd7353c74fbfc87eea0d84d90f442653","hashSHA256":"04922c36f059175a7ca21584f48cf4b5c51a320426260114dc0fcdd74f8a15d8","digitalCertThumbprint":"95DC2A690F98C32BA2CC914FED88CE2F14D9762D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Mixbyte Inc, O=Mixbyte Inc, STREET=\"541 Jefferson Ave, Ste 100\", L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1418","avBlockList":["360 Total Security (20220922)","Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Dr.Web Security Space (20220922)","ESET Internet Security (20220922)","K7 Total Security (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","VirIT eXplorer PRO (20220922)","Windows Defender (20220922)"],"avAllowList":["Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","G DATA INTERNET SECURITY (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","Quick Heal Internet Security (20220922)","Trend Micro Internet Security (20220922)","VIPRE Advanced Security (20220922)","Webroot SecureAnywhere (20220922)"]},{"isRevoked":"False","fileName":"FreemakeUtilsService.exe","companyName":"Freemake","productName":"FreemakeUtilsService","fileVersion":"1.0","hashMD5":"b728c68f08586b1bde918acdb654913e","hashSHA1":"2fc23b127a68026867e57b8ad02fae43115ec26c","hashSHA256":"6ce23dbbd04b07a5f8273deca50f152ef71564e203c9474a8c1ba2df8c6b2526","sourceIndex":"1418","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ProductUpdater.exe","companyName":"","productName":"ProductUpdater","fileVersion":"1.0.20.0","hashMD5":"24a600287ac8ddb655d151edddaae950","hashSHA1":"afbac45892fb0f28c7a01723c64616df4762d6b1","hashSHA256":"efec345a3ce2a5b11b95649ab3d033ce95c83bcd489e50b1c31033921b4345f0","digitalCertThumbprint":"95DC2A690F98C32BA2CC914FED88CE2F14D9762D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Mixbyte Inc, O=Mixbyte Inc, STREET=\"541 Jefferson Ave, Ste 100\", L=Redwood City, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=C4150990, OID.2.5.4.15=Private Organization","sourceIndex":"1418","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: media downloads","reference":"","landingPage":"https://www.freemake.com/free_music_box/","directDownloadingLink":"https://www.freemake.com/download?id=FreemakeMusicBox.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freemake.com/download?id=FreemakeMusicBox.exe","sourceIndex":"1418"}],"sampleFiles":["220825/FreemakeMusicBox-220823/1.0.7.18/Samples/FreemakeMusicBox.exe","220825/FreemakeMusicBox-220823/1.0.7.18/Samples/FreemakeMusicBoxFull.exe","220825/FreemakeMusicBox-220823/1.0.7.18/Samples/FreemakeUtilsService.exe","220825/FreemakeMusicBox-220823/1.0.7.18/Samples/ProductUpdater.exe"],"imageFiles":["220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-084/ACR-084_StartupEntry.jpg","220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-084/ACR-084_ProcessUpdater_Relation_Unclear.jpg","220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-084/ACR-084_Background_processes.jpg","220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-048/ACR-084_Background_processes (1).jpg"],"nonDeceptorImageFiles":["220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-092/ACR-092_Unsigned_Main_App.jpg","220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-099/ACR-099_Software.jpg","220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-099/FreemakeMusicBox_LandingPage.png","220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-099/LandingPage_HowTo.png","220825/FreemakeMusicBox-220823/1.0.7.18/Images/ACR-017/ACR-017_Unverifiable_Endorsements.jpg"],"guid":"ffce3084-bbcd-42e7-948b-953d50e4bda4_1.0.7.18_1","appID":"FreemakeMusicBox-220823","dateAdded":"220825","deceptorType":"App","name":"Freemake Music Box","company":"Ellora Assets Corporation","version":"1.0.7.18","lastKnownStatus":"1.0.7.18","lastKnownDate":"220825","type":"Windows Executable","category":"Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-09-21T18:35:36.6466848+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1305},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “Clean Now” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus unable to verify the app's value proposition.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “Clean Now” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"phone.master.junk.cleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"5272e2777e0d9b5db98d8557c8df0bf4","hashSHA1":"adbaa425d86b64e9b6bf905c6f15aa3c290b2be6","hashSHA256":"36137d2f77b347db04eb529e75bab654a133e6081a3c6de51df38859b03a4c29","sourceIndex":"1450","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=phone.master.junk.cleaner","ipv4":"","ipv6":"","sourceIndex":"1450"}],"sampleFiles":["220825/phonecleaner-220824/1.8/Samples/phone.master.junk.cleaner.apk"],"imageFiles":["220825/phonecleaner-220824/1.8/Images/ACR-103/ACR-103_Software.png","220825/phonecleaner-220824/1.8/Images/ACR-103/ACR-103_Software_1.png","220825/phonecleaner-220824/1.8/Images/ACR-103/ACR-103_Software_2.png","220825/phonecleaner-220824/1.8/Images/ACR-103/ACR-103_Software_3.png","220825/phonecleaner-220824/1.8/Images/ACR-014/ACR-014_Software.png","220825/phonecleaner-220824/1.8/Images/ACR-014/ACR-014_Software_1.png","220825/phonecleaner-220824/1.8/Images/ACR-014/ACR-014_Software_2.png","220825/phonecleaner-220824/1.8/Images/ACR-014/ACR-014_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"2a597b11-0595-44bb-bebd-0c55feef3480_1.8_1","appID":"phonecleaner-220824","dateAdded":"220825","deceptorType":"Android App","name":"Phone Cleaner","company":"Share Karo - File Transfer , File Manager","version":"1.8","lastKnownStatus":"1.8","lastKnownDate":"220825","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-25T08:05:44.7285893+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1303},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “spt_setup.exe”. \n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.  \n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.  \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.  \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation. \n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier. \n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “spt_setup.exe”.  \n","ACR-155":"Offers are designed to look like part of the install workflow.  \n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the app's Returns and Cancellation Policy, or Privacy Policy. \nThe app does not display links to the app's Returns and Cancellation Policy, Privacy Policy & EULA. \nThe app does not provide working links to the app's Returns and Cancellation Policy, Privacy Policy & EULA. \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"Apps does not have a digital signature for their main executables and its installer. \n","ACR-099":"The app does not display links to uninstall information in the software.  \n The landing page does not provide working links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free MP3 Converter\\Free MP3 Converter.exe","companyName":"Accmeware Corporation","productName":"Free MP3 Converter","productVersion":"7. 6. 1. 0","fileVersion":"7. 6. 1. 0","hashMD5":"08f78c7bc89b59f8709db8f6b2954f43","hashSHA1":"2f5bbdbd7a7da996a620d267828567ba23200d23","hashSHA256":"398c71fba2e7b2b35531cffe5dd4688aa2c2d778bad36e17cfe2414e8cd5f7cd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1451","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeMP3ConverterSetup.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","productName":"Free MP3 Converter                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"02652ae413010dfaa804d53dadd489ce","hashSHA1":"78f1cce582c897b2defd7fa240c12ca8151476a0","hashSHA256":"b1f75160227af2d38ae14e5bc72397f50d3af61dc12435b22411b2a7f724efcf","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1451","avBlockList":["360 Total Security (20220922)","Avast Premium Security (20220922)","AVG Internet Security (20220922)","Avira Internet Security (20220922)","Bitdefender Internet Security (20220922)","COMODO Antivirus (20220922)","Dr.Web Security Space (20220922)","ESET Internet Security (20220922)","G DATA INTERNET SECURITY (20220922)","K7 Total Security (20220922)","Kaspersky Internet Security (20220922)","Malwarebytes Premium (20220922)","McAfee Total Protection (20220922)","Norton Security (20220922)","Panda Dome (20220922)","Sophos Home Premium (20220922)","SpyHunter5 (20220922)","Total AV Antivirus Pro (20220922)","Trend Micro Internet Security (20220922)","VIPRE Advanced Security (20220922)","VirIT eXplorer PRO (20220922)","Webroot SecureAnywhere (20220922)","Windows Defender (20220922)"],"avAllowList":["Quick Heal Internet Security (20220922)"]}],"additionalFiles":[],"sources":[{"howFound":"downloadastro.com","reference":"","landingPage":"http://free-audio-converter.net/index.html","directDownloadingLink":"http://www.free-audio-converter.net/Downloads/FreeMP3Converter.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.free-audio-converter.net/Downloads/FreeMP3Converter.zip","sourceIndex":"1451"}],"sampleFiles":["220825/FreeMP3Converter-220824/7.6.1.0/Samples/FreeMP3ConverterSetup.exe"],"imageFiles":["220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-109/ACR-109.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-039/ACR-039.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-048/ACR-048.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-118/ACR-118.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-057/ACR-057.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-059/ACR-059.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-071/ACR-071.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-155/ACR-155.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":["220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-065/ACR-065_Install_NoPP.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-106/ACR-106.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-092/ACR-092.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-065/ACR-065_Software.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-099/ACR-099_Software.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-065/ACR-065_landingpage.jpg","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-065/ACR-065_landingpage_1.JPG","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-099/ACR-099_landingpage.jpg","220825/FreeMP3Converter-220824/7.6.1.0/Images/ACR-099/ACR-099_landingpage_1.JPG"],"guid":"f997a40a-52ce-46c0-aa26-285aa21b5c9d_7.6.1.0_1","appID":"FreeMP3Converter-220824","dateAdded":"220825","deceptorType":"App","name":"Free MP3 Converter","company":"Accmeware Corporation","version":"7.6.1.0","lastKnownStatus":"7.6.1.0","lastKnownDate":"220825","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-25T08:03:20.046069+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1304},{"violations":{"ACR-048":"Application has no control to disable startup and running in background despite changing the settings. Also, the \"Show other offers..\" under General Settings is always re-activated every time the app is re-opened, even after unchecking .\n\n","ACR-003":"The app shows (12) number of updates on initial scan and after updating (1) outdated driver, it shows (4) remaining drivers for update. \n","ACR-017":"Software shows MSFT partner logo as if MSFT endorsed DriverMax\n\n","ACR-084":"The app creates an undisclosed startup and a scheduled task, which can't be removed from the settings of the app. In an attempt to exit  the app from the system tray, still one process runs in the background.\n\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose Original filename, Company name, Product name, Product version, File version for some of the executables.\n\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n","ACR-065":"The app does not disclose EULA and Privacy policy in the software.\n","ACR-099":"The application does not display links to uninstall information. \nLanding page does not display links to uninstall information. \n","ACR-017":"Landing Page shows MSFT partner logo as if MSFT endorsed DriverMax.\n\n"},"samples":[{"isRevoked":"False","fileName":"drivermax.exe","companyName":"Innovative Solutions","productName":"DriverMax   ","productVersion":"14.14","fileVersion":"14.14.0.8","hashMD5":"ba0f3a539983d35b3e3fc6c76bd32fd9","hashSHA1":"33a3520078beac37c0f36eab5866c17df07ba2c5","hashSHA256":"48492ef1212aaf90caf70dfb62f0aad3409b5f0f7a220332ccaccb96c852523e","digitalCertThumbprint":"16CD38B4DED0F11AA3A4390020ADFE10025EA9DC","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=INNOVATIVE SOLUTIONS GRUP SRL, O=INNOVATIVE SOLUTIONS GRUP SRL, L=Bucuresti, S=Bucuresti, C=RO","sourceIndex":"1342","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"drivermax-setup.exe","isInstaller":"True","companyName":"Innovative Solutions                                        ","productName":"DriverMax   ","fileVersion":"0.0","hashMD5":"43998ebbea30799d21f570044ed4260f","hashSHA1":"bbd990bbaeaf249ede74313e1f73f8f3793f8f71","hashSHA256":"1d753c3d31b13b06d3788f525e49bbea1742f3743a2fe37a9454004e2198f5b3","digitalCertThumbprint":"16CD38B4DED0F11AA3A4390020ADFE10025EA9DC","digitalCertIssuer":"CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=INNOVATIVE SOLUTIONS GRUP SRL, O=INNOVATIVE SOLUTIONS GRUP SRL, L=Bucuresti, S=Bucuresti, C=RO","sourceIndex":"1342","avBlockList":["Avast Premium Security (20220927)","AVG Internet Security (20220927)","Avira Internet Security (20220927)","ESET Internet Security (20220927)","G DATA INTERNET SECURITY (20220927)","Kaspersky Internet Security (20220927)","Malwarebytes Premium (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Quick Heal Internet Security (20220927)","Sophos Home Premium (20220927)","SpyHunter5 (20220927)","Total AV Antivirus Pro (20220927)","VIPRE Advanced Security (20220927)","VirIT eXplorer PRO (20220927)","Webroot SecureAnywhere (20220927)","Windows Defender (20220927)"],"avAllowList":["360 Total Security (20220927)","Bitdefender Internet Security (20220927)","COMODO Antivirus (20220927)","Dr.Web Security Space (20220927)","K7 Total Security (20220927)","Trend Micro Internet Security (20220927)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt search: driver updater","reference":"","landingPage":"https://www.drivermax.com","directDownloadingLink":"https://www.drivermax.com/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drivermax.com/download.htm","sourceIndex":"1342"}],"sampleFiles":["220824/DriverMax-200412/14.14.0.8/Samples/drivermax.exe","220824/DriverMax-200412/14.14.0.8/Samples/drivermax-setup.exe"],"imageFiles":["220824/DriverMax-200412/14.14.0.8/Images/ACR-084/ACR-048_84_No_Control_to_Disable_Software.mp4","220824/DriverMax-200412/14.14.0.8/Images/ACR-084/ACR-048_084_Startup.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-084/ACR-084_Undisclosed_ScheduledTask.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-048/ACR-048_No_Control_to_Disable_Software.mp4","220824/DriverMax-200412/14.14.0.8/Images/ACR-048/ACR-048_084_Startup.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-003/ACR-003_Before_Update_Initial_Scan.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-003/ACR-003_After_1_Update.gif","220824/DriverMax-200412/14.14.0.8/Images/ACR-003/ACR-003_004_NoRealUpdate.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-017/ACR-017_MSFT_logo.jpg"],"nonDeceptorImageFiles":["220824/DriverMax-200412/14.14.0.8/Images/ACR-038/ACR-038_File_Properties.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-065/ACR-065_Software.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-099/ACR-099_Software.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-045/ACR-045_Free_Download.jpg","220824/DriverMax-200412/14.14.0.8/Images/ACR-099/DriverMax_LandingPage.png","220824/DriverMax-200412/14.14.0.8/Images/ACR-017/ACR-017_LandingPage_MSFT_logo.jpg"],"guid":"5e878a71-14c7-46c4-b7c2-a059d41e5a5f_14.14.0.8_1","appID":"DriverMax-200412","dateAdded":"220824","deceptorType":"App","name":"Driver Max","company":"Innovative Solutions","version":"14.14.0.8","firstVendorContactDate":"221031","firstAppEsteemReplyDate":"221102","firstResolvedDate":"221103","firstResolvedVersion":"14.15.0.12","resolved":"TRUE","lastKnownStatus":"11.15.0.27;14.14.0.8","lastKnownDate":"221103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,cross-sell other apps,up-sell to paid","lastUpdate":"2022-11-03T19:03:03.6951113+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1306},{"violations":{"ACR-048":"1) The app does not provide any control to disable the notification and startup it created.\n2) The app does not provide an option to completely close the app, the close(X) performs minimizing the app to system tray without any notification.\n","ACR-003":"The app shows exaggerated count \"11 updates\" on the initial scan, after 2 outdated driver updates it shows only 3 updates left, which is misleading the consumer to take action.\n","ACR-004":"1) The app shows the driver updated, but on manually checking in the device manager it shows it does not get updated.\n2) The app uses different colors to differentiate urgency for the identified issues.\n","ACR-017":"unable to verify the logo.\n","ACR-084":"1) The app creates an undisclosed startup and a scheduled task, which can't be removed from the settings of the app.\n2) On manually exiting the app from the system tray, still one process runs in the background.\n\n","ACR-164":"The app needs to provide details about how to cancel online, when user receive notification for renew and what's the price amount after the time bound discount expire.\n","ACR-165":"The app needs to provide details about how to cancel online, when user receive notification for renew and what's the price amount after the time bound discount expire.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose Original filename, Company name, Product name, Product version, File version for some of the executables.\n\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads users. The functionality that requires consumer payment in order to be activated needs to be marked clearly in the landing page. Otherwise, the app should remove the \"free\" word.\n","ACR-065":"The app does not disclose a privacy policy during the installation.\nThe app does not disclose EULA and Privacy policy in the software.\n","ACR-161":"Unable to verify the testimonials.\n","ACR-056":"One of the Main functionality \"Software Updates\" is not disclosed in the landing page.\n","ACR-092":"Digital signature is required for some of the executables.\n","ACR-099":"The app does not disclose the uninstall information in the software.\nThe app does not disclose the uninstall information in the landing page.\n","ACR-167":"The app needs to disclose the return policy for at least 30 days.\n","ACR-054":"The app needs to provide equal prominence to \"Activate Now\" and \"No Thanks\" buttons in the inline offer.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n\n","ACR-017":"unable to verify the logo.\n"},"samples":[{"isRevoked":"False","fileName":"drivermax.exe","isInstaller":"True","companyName":"Innovative Solutions                                        ","productName":"DriverMax                                                   ","productVersion":"11.15.0.27                                        ","fileVersion":"","hashMD5":"09d8b6a6f9b0af7e7231b59cb64a46a1","hashSHA1":"b25351fce73919d3824fdd2878a5adcb04948708","hashSHA256":"149d72fb1177b56a2f0f19f6c327e35e54be22adf5da69fae793d185d6a1ed9a","digitalCertThumbprint":"AB92C25EF9A6B373660D0E4613628B8329E468DA","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Innovative Solutions Grup SRL","sourceIndex":"2117","avBlockList":["Avast Premium Security (20200623)","AVG Internet Security (20200623)","Avira Internet Security (20200623)","Bitdefender Internet Security (20200623)","Dr.Web Security Space (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","K7 Total Security (20200623)","Kaspersky Internet Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Quick Heal Internet Security (20200623)","Sophos Home Premium (20200623)","SpyHunter5 (20200623)","Tencent PC Manager (20200623)","Total AV Antivirus Pro (20200623)","VIPRE Advanced Security (20200623)","VirIT eXplorer PRO (20200623)","Webroot SecureAnywhere (20200623)","Windows Defender (20200623)"],"avAllowList":["360 Total Security (20200623)","COMODO Antivirus (20200623)","Trend Micro Internet Security (20200623)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Innovative Solutions\\DriverMax\\drivermax.exe","companyName":"Innovative Solutions  ","productName":"DriverMax","productVersion":"11.15.","fileVersion":"11.15.0.27","hashMD5":"8654e8eb86bbc2f3c805c927d21eda7b","hashSHA1":"6c7b63ab460b5c2a42f2ae4b4c97e00fa7d3a394","hashSHA256":"42f7798b6778de4491916f72cf4a64654f165f02e99da5c684e6366357cd40a5","digitalCertThumbprint":"AB92C25EF9A6B373660D0E4613628B8329E468DA","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Innovative Solutions Grup SRL","sourceIndex":"2117","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Fix PC Error in google search","reference":"","landingPage":"https://www.drivermax.com","directDownloadingLink":"https://www.drivermax.com/download.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drivermax.com/download.htm","sourceIndex":"2117"}],"sampleFiles":["200413/DriverMax-200412/11.15.0.27/Samples/drivermax.exe"],"imageFiles":["200413/DriverMax-200412/11.15.0.27/Images/ACR-004/ACR-004_Software_NotProperDriverUpdate1.jpg","200413/DriverMax-200412/11.15.0.27/Images/ACR-004/ACR-004_Software_NotProperDriverUpdate2.jpg","200413/DriverMax-200412/11.15.0.27/Images/ACR-004/ACR-004_Software_NotProperDriverUpdate3.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-084/ACR-084_Software_CreatesStartup.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-084/ACR-084_Software_ProcessRunsInBackground.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-084/ACR-084_Software_SilentInstallation.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-084/ACR-084_Software_UndisclosedScheduledTasks.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-048/ACR-048_Software_NoControlToDisableTheNotification.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-048/ACR-048_Software_NoControlToDisableTheStartup.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-048/ACR-048_Software_NoControlToCloseTheApp.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-003/ACR-003_Software_Misleading1.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-003/ACR-003.PNG","200413/DriverMax-200412/11.15.0.27/Images/ACR-164/ACR-164_InternalOffers_NoDetails.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-165/ACR-165_InternalOffers_NoDetails.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-017/ACR-017_InternalOffers_UnverifiableLogo.JPG"],"nonDeceptorImageFiles":["200413/DriverMax-200412/11.15.0.27/Images/ACR-038/ACR-038_Install_NoFileDetails.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-056/ACR-056_Software_FunctionalityMismatch1.jpg","200413/DriverMax-200412/11.15.0.27/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-065/ACR-065_Software_NoEULA&PrivacyPolicy.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-099/ACR-099_Software_NoUninstallPolicy.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-167/ACR-167_Docs_NoRefund.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-045/ACR-045_Landingpage_FreeDownload.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-099/ACR-099_Landingpage_NoUninstallPolicy.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-017/ACR-017_Landingpage_UnverifiableLogo.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-161/ACR-161_Landingpage_UnableToVerifyTestimonials.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-054/ACR-054_InlineOffer_NoEqualProminance.JPG","200413/DriverMax-200412/11.15.0.27/Images/ACR-166/ACR-166_InternalOffers_NoTimeBound.JPG"],"guid":"5e878a71-14c7-46c4-b7c2-a059d41e5a5f_11.15.0.27_1","appID":"DriverMax-200412","dateAdded":"220824","deceptorType":"App","name":"Driver Max","company":"Innovative Solutions","version":"11.15.0.27","sigName":"Deceptor:Win32/DriverMax!004084048003164165017","firstVendorContactDate":"221031","firstAppEsteemReplyDate":"221102","firstResolvedDate":"221103","firstResolvedVersion":"14.15.0.12","resolved":"TRUE","lastKnownStatus":"11.15.0.27;14.14.0.8","lastKnownDate":"221103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,cross-sell other apps,up-sell to paid","lastUpdate":"2022-11-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1307},{"violations":{"ACR-004":"The app exaggeratedly reports the broken items in the registry as error, which misleads users with unfair urgency.\n","ACR-007":"The app does not display any warning message when Windows security component \"Security Health\" is disabled which will reduce the default system security in the Startup manager within the app.\n","ACR-008":"The app fails to provide a clear description regarding the free fix inside the software, it just runs a countdown and displays a \"Testing\" option for manual repair which is hidden and obscure.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains the main executable on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Vit Registry Fix Professional Setup.exe","isInstaller":"True","companyName":"Copyright (C) 2004-2022 VITSOFT","productName":"Vit Registry Fix: Pro","productVersion":"","fileVersion":"14.7.0","hashMD5":"9a95535324fa9ae4690c9179f6736ff9","hashSHA1":"09e55cb189141110f1237b4bf21fc7c68b5345ad","hashSHA256":"5ec159b395831834dc659591288b1b5b5278cb38828604816090204ea9a6acf6","digitalCertThumbprint":"CBA9FF6E84B81F6780E2882A7DA39589221A6B4E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Vitalii Mikhalko","storeId":"","sourceIndex":"1698","avBlockList":["Avira Internet Security (20220331)","Bitdefender Internet Security (20220331)","ESET Internet Security (20220331)","G DATA INTERNET SECURITY (20220331)","K7 Total Security (20220331)","Malwarebytes Premium (20220331)","McAfee Total Protection (20220331)","Norton Security (20220331)","Panda Dome (20220331)","Quick Heal Internet Security (20220331)","Sophos Home Premium (20220331)","SpyHunter5 (20220331)","Total AV Antivirus Pro (20220331)","Trend Micro Internet Security (20220331)","VIPRE Advanced Security (20220331)","VirIT eXplorer PRO (20220331)","Webroot SecureAnywhere (20220331)","Windows Defender (20220331)"],"avAllowList":["360 Total Security (20220331)","Avast Premium Security (20220331)","AVG Internet Security (20220331)","COMODO Antivirus (20220331)","Dr.Web Security Space (20220331)","Kaspersky Internet Security (20220331)","Tencent PC Manager (20220331)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VITSOFT\\Vit Registry Fix\\Vit Registry Fix.exe","companyName":"VITSOFT.NET","productName":"Vit Registry Fix™","productVersion":"14.07","fileVersion":"14.07","hashMD5":"82fad508542f7fbf3b140255ad11ac57","hashSHA1":"54eee5225c5eb3d36b77d7585550fc92a942c772","hashSHA256":"d13f05831a7125c08ef15eb8e57a335125cd92f0910b2a5530bd8bae5e11da7b","digitalCertThumbprint":"CBA9FF6E84B81F6780E2882A7DA39589221A6B4E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Vitalii Mikhalko","storeId":"","sourceIndex":"1698","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Product from VITsoft","reference":"","landingPage":"https://www.vitsoft.net/en/","directDownloadingLink":"https://www.vitsoft.net/Download/Vit%20Registry%20Fix%20Professional%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vitsoft.net/Download/Vit%20Registry%20Fix%20Professional%20Setup.exe","sourceIndex":"1698"}],"sampleFiles":["220302/vitregistryfix-220228/14.7.0/Samples/Vit Registry Fix Professional Setup.exe"],"imageFiles":["220302/vitregistryfix-220228/14.7.0/Images/ACR-007/ACR-007_Software_No_Warning_Message.mp4","220302/vitregistryfix-220228/14.7.0/Images/ACR-008/ACR-008_Software_Hiding_Free_Trial.mp4","220302/vitregistryfix-220228/14.7.0/Images/ACR-008/ACR-008_Software_Hiding_Free_Trial_1.mp4","220302/vitregistryfix-220228/14.7.0/Images/ACR-004/ACR-004_Software_Error_Word_Used.JPG","220302/vitregistryfix-220228/14.7.0/Images/ACR-118/ACR-118_Unintall_Retains_Components.JPG"],"nonDeceptorImageFiles":[],"guid":"ef7223ee-120d-4584-b2de-affd8c9a0713_14.7.0_1","appID":"vitregistryfix-220228","dateAdded":"220823","deceptorType":"App","name":"VIT Registry Fix","company":"VITSOFT Software","version":"14.7.0","sigName":"Deceptor:Win32/VITRegistryFix!007008004118","lastKnownStatus":"14.7.0;14.7.3","lastKnownDate":"220823","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1309},{"violations":{"ACR-103":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “Clean Now” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus unable to verify the app's value proposition.\n","ACR-014":"The app suggests cleaning junk/cache in the device but it doesn’t seem to clean any cache. When the user selects the “Clean Now” option, it starts cleaning and displays \"Finished! Cleaned\" but when viewing app details after cleaning, it displays cache data, thus misleading the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.turbobooster.cleanphone.phonemaster.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"b9c0d96bedb18072ec726daa842ced9d","hashSHA1":"89458596754ceed50e7ffcede8369d616c39a2a5","hashSHA256":"a248bbc2c645029d3d1298615af816a9fbdd724c7be53eaf410db40aedd19dbe","sourceIndex":"1453","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.turbobooster.cleanphone.phonemaster","ipv4":"","ipv6":"","sourceIndex":"1453"}],"sampleFiles":["220823/cleanphoneboostermaster-220822/4.1/Samples/com.turbobooster.cleanphone.phonemaster.apk"],"imageFiles":["220823/cleanphoneboostermaster-220822/4.1/Images/ACR-103/ACR-103_Software.png","220823/cleanphoneboostermaster-220822/4.1/Images/ACR-103/ACR-103_Software_1.png","220823/cleanphoneboostermaster-220822/4.1/Images/ACR-103/ACR-103_Software_2.png","220823/cleanphoneboostermaster-220822/4.1/Images/ACR-103/ACR-103_Software_3.png","220823/cleanphoneboostermaster-220822/4.1/Images/ACR-014/ACR-014_Software.png","220823/cleanphoneboostermaster-220822/4.1/Images/ACR-014/ACR-014_Software_1.png","220823/cleanphoneboostermaster-220822/4.1/Images/ACR-014/ACR-014_Software_2.png","220823/cleanphoneboostermaster-220822/4.1/Images/ACR-014/ACR-014_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"7452cac5-35b2-428a-abe6-3b0246dacf49_4.1_1","appID":"cleanphoneboostermaster-220822","dateAdded":"220823","deceptorType":"Android App","name":"Clean Phone Booster Master","company":"KEM PTE. Ltd.","version":"4.1","lastKnownStatus":"4.1","lastKnownDate":"220823","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-23T07:43:45.2676805+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1310},{"violations":{"ACR-004":"The app does not provide fully functional trial. It also exaggeratedly report broken items in the registry as error, which misleads users with unfair urgency.\n","ACR-008":"Free options in the software is not clearly described. It initially provides the option to Register and a countdown before it displays \"Testing\", trying to conceal the Free option.\n\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy\n\n","ACR-054":"In an attempt to upgrade Vit Registry Fix, another offer is checked by default. User needs to uncheck the offer to opt out.\n\n"},"samples":[{"isRevoked":"False","fileName":"Vit Registry Fix Professional Setup.exe","isInstaller":"True","companyName":"Copyright (C) 2004-2022 VITSOFT","fileVersion":"14.7","hashMD5":"fc316d75bcfade6925023d773dd23854","hashSHA1":"056822b3952443f1fbdbbaf3ff413e760848f2fe","hashSHA256":"d0c052c164ab814ffaa461a8030fcd37d460122aa204d09cf154c344e5e49ba3","digitalCertThumbprint":"CBA9FF6E84B81F6780E2882A7DA39589221A6B4E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Vitalii Mikhalko, O=Vitalii Mikhalko, L=Novohrad-Volyns'kyi, C=UA","sourceIndex":"1455","avBlockList":["360 Total Security (20220927)","Avira Internet Security (20220927)","ESET Internet Security (20220927)","K7 Total Security (20220927)","Malwarebytes Premium (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Quick Heal Internet Security (20220927)","Sophos Home Premium (20220927)","SpyHunter5 (20220927)","Total AV Antivirus Pro (20220927)","VirIT eXplorer PRO (20220927)","Webroot SecureAnywhere (20220927)","Windows Defender (20220927)"],"avAllowList":["Avast Premium Security (20220927)","AVG Internet Security (20220927)","Bitdefender Internet Security (20220927)","COMODO Antivirus (20220927)","Dr.Web Security Space (20220927)","G DATA INTERNET SECURITY (20220927)","Kaspersky Internet Security (20220927)","Trend Micro Internet Security (20220927)","VIPRE Advanced Security (20220927)"]},{"isRevoked":"False","fileName":"Vit Registry Fix.exe","companyName":"VITSOFT.NET","fileVersion":"14.7","hashMD5":"f480c807ab6ea5fa889e6e696dd7a815","hashSHA1":"14c6e37e07078c12d07b6c4c6ce976542ec3a167","hashSHA256":"044bb3d90ffb2710ba973ac79957b1775d3928abf0b891f23e8b945220f277fa","digitalCertThumbprint":"CBA9FF6E84B81F6780E2882A7DA39589221A6B4E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Vitalii Mikhalko, O=Vitalii Mikhalko, L=Novohrad-Volyns'kyi, C=UA","sourceIndex":"1455","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Product from VITsoft","reference":"","landingPage":"https://www.vitsoft.net/","directDownloadingLink":"https://www.vitsoft.net/Download/Vit%20Registry%20Fix%20Professional%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vitsoft.net/Download/Vit%20Registry%20Fix%20Professional%20Setup.exe","sourceIndex":"1455"}],"sampleFiles":["220823/vitregistryfix-220228/14.7.3/Samples/Vit Registry Fix Professional Setup.exe","220823/vitregistryfix-220228/14.7.3/Samples/Vit Registry Fix.exe"],"imageFiles":["220823/vitregistryfix-220228/14.7.3/Images/ACR-008/ACR-008_Unclear_trial_functionality.jpg","220823/vitregistryfix-220228/14.7.3/Images/ACR-008/ACR-008_Unclear_trial_functionality-1.jpg","220823/vitregistryfix-220228/14.7.3/Images/ACR-004/ACR-004_Incomplete_funcionality.jpg","220823/vitregistryfix-220228/14.7.3/Images/ACR-004/ACR-004_Registry_listed_as_Error.jpg","220823/vitregistryfix-220228/14.7.3/Images/ACR-004/ACR-004_Registry_listed_as_Error-1.jpg"],"nonDeceptorImageFiles":["220823/vitregistryfix-220228/14.7.3/Images/ACR-065/ACR-065_LinkstoDocs.jpg","220823/vitregistryfix-220228/14.7.3/Images/ACR-065/ACR-065_Software.jpg","220823/vitregistryfix-220228/14.7.3/Images/ACR-054/ACR-054_OfferPage.jpg"],"guid":"ef7223ee-120d-4584-b2de-affd8c9a0713_14.7.3_1","appID":"vitregistryfix-220228","dateAdded":"220823","deceptorType":"App","name":"VIT Registry Fix","company":"VITSOFT Software","version":"14.7.3","lastKnownStatus":"14.7.0;14.7.3","lastKnownDate":"220823","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-23T07:01:48.8536281+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1308},{"violations":{"ACR-004":"The app does not provide free fixes for the identified issues reported during the free scan. And exaggeratedly report the broken items in registry as error, which misleads user with unfair urgency.\n","ACR-007":"The app does not display any warning message when Windows security component \"Security Health\" is disabled that will reduce the default system security in the Startup manager within the app.\n","ACR-008":"The app fails to provide a clear description regarding the free fix inside the software, it just runs a countdown and displays a \"Continue\" option which seems to be hidden and obscure.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"JCleaner Setup.exe","isInstaller":"True","companyName":"VITSOFT","productName":"JCleaner","productVersion":"","fileVersion":"7.4.0.0","hashMD5":"faa2eae534773484a5991cb2e2ecde17","hashSHA1":"5dcdac1d3c4e905f3f032fd031b56a1186d847d0","hashSHA256":"e1d734d527e1512c1eec0cf07d83de3e33e66d9bdba5f3bb6b3a6fd8805786b3","digitalCertThumbprint":"CBA9FF6E84B81F6780E2882A7DA39589221A6B4E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Vitalii Mikhalko","storeId":"","sourceIndex":"1701","avBlockList":["Avira Internet Security (20220407)","Bitdefender Internet Security (20220407)","ESET Internet Security (20220407)","G DATA INTERNET SECURITY (20220407)","K7 Total Security (20220407)","Malwarebytes Premium (20220407)","McAfee Total Protection (20220407)","Norton Security (20220407)","Panda Dome (20220407)","Sophos Home Premium (20220407)","SpyHunter5 (20220407)","Total AV Antivirus Pro (20220407)","Trend Micro Internet Security (20220407)","VirIT eXplorer PRO (20220407)","Windows Defender (20220407)"],"avAllowList":["360 Total Security (20220407)","Avast Premium Security (20220407)","AVG Internet Security (20220407)","COMODO Antivirus (20220407)","Dr.Web Security Space (20220407)","Kaspersky Internet Security (20220407)","Quick Heal Internet Security (20220407)","Tencent PC Manager (20220407)","VIPRE Advanced Security (20220407)","Webroot SecureAnywhere (20220407)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VITSOFT\\JCleaner\\JCleaner.exe","companyName":"VITSOFT Software","productName":"JCleaner","productVersion":"7.4.0.0","fileVersion":"7.4.0.0","hashMD5":"ce9828c28c81bddc5e00cc554082f174","hashSHA1":"4003f7fec532ae2a3f12e0f32383ae49ecd04512","hashSHA256":"ea8079ec8e38d0f367673f7b33a519fd209ffb0cba3c65106ea7227afa564f1f","digitalCertThumbprint":"CBA9FF6E84B81F6780E2882A7DA39589221A6B4E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Vitalii Mikhalko","storeId":"","sourceIndex":"1701","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random Google search","reference":"","landingPage":"https://vitsoft.net/en/","directDownloadingLink":"https://www.vitsoft.net/download/JCleaner%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vitsoft.net/download/JCleaner%20Setup.exe","sourceIndex":"1701"}],"sampleFiles":["220224/jcleaner-220224/7.4.0.0/Samples/JCleaner Setup.exe"],"imageFiles":["220224/jcleaner-220224/7.4.0.0/Images/ACR-007/ACR-007_Software_No_Warning_Message.mp4","220224/jcleaner-220224/7.4.0.0/Images/ACR-004/ACR-004_Software_No_Free_Fix.JPG","220224/jcleaner-220224/7.4.0.0/Images/ACR-004/ACR-004_Software_No_Free_Fix_1.JPG","220224/jcleaner-220224/7.4.0.0/Images/ACR-004/ACR-004_Software_Hidden_Free_Trial.mp4","220224/jcleaner-220224/7.4.0.0/Images/ACR-008/ACR-008_Software_Hiding_Free_Trial.mp4"],"nonDeceptorImageFiles":[],"guid":"4b602ff5-aa8b-4971-997f-897de004d411_7.4.0.0_1","appID":"jcleaner-220224","dateAdded":"220822","deceptorType":"App","name":"JCleaner","company":"VITSOFT Software","version":"7.4.0.0","lastKnownStatus":"7.4.0.0;8.0.0.0","lastKnownDate":"220822","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1312},{"violations":{"ACR-042":"The app installs the \"Hola Browser\" app along with the Hola VPN, without any disclosure to the user.\n","ACR-043":"The app installs the \"Hola Browser\" app along with the Hola VPN, without any disclosure to the user.\n","ACR-048":"The app didn't provide control to remove its background process & its own startup item.\n","ACR-007":"1. App does not obtain user consent to reduce the consumer's security posture caused by sharing resource usage.\n2. App claims it provides a P2P server connection. However, the app doesn't explicitly disclose that the user needs to join the P2P network and obtain explicit user consent about joining the P2P network which can reduce the consumer's security posture. \n","ACR-084":"On quitting the app, some of the processes run in the background, hiding its presence from the consumer. The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-085":"The app collects user behavior information without user consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains one of its components on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the \"Hola Browser\" app along with the Hola VPN, without any disclosure to the user.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law on the FAQ page (https://hola.org/faq)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Hola\\app\\chromium\\hola_cr.exe","companyName":"Hola VPN Ltd.","productName":"Hola Browser","productVersion":"103.0.5060.114","fileVersion":"103.0.5060.114","hashMD5":"24bab97b1914b5c6ee1616af4ded2a39","hashSHA1":"643ab5823d0d1dfea071890565fd6e9a8c48ca03","hashSHA256":"c1c564b6768698525c733b21513d3ca441872bf3daaf1dfc264277b4ffd31988","digitalCertThumbprint":"782FC72C37F47C9A0157FBE812B79EF10234DA2D","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Hola VPN Ltd","storeId":"","sourceIndex":"696","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Hola\\app\\hola.exe","companyName":"Hola Networks Ltd.","productName":"Hola","productVersion":"1.201.272","fileVersion":"1.201.272","hashMD5":"5ecf7ac856088512b4dfc11bcedd6b7a","hashSHA1":"70ec0e344b9b754735dc37ee9cd397cfaad7f538","hashSHA256":"791b7e4084d7ab480d6c20a796c41d09340d5f640c0e0731501cc6e741c75330","digitalCertThumbprint":"782FC72C37F47C9A0157FBE812B79EF10234DA2D","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Hola VPN Ltd","storeId":"","sourceIndex":"696","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Hola\\app\\hola_svc.exe","companyName":"Hola Networks Ltd.","productName":"Hola","productVersion":"1.201.272","fileVersion":"1.201.272","hashMD5":"1f1cc5667ca14c9f7b92e7706993fbb9","hashSHA1":"99591992d4e3e549c9173ff9b70f5c088bc8ae0a","hashSHA256":"47b0dc59e79eedad522020174725b9b43745fe29c28448367eef1a052eda2489","digitalCertThumbprint":"782FC72C37F47C9A0157FBE812B79EF10234DA2D","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Hola VPN Ltd","storeId":"","sourceIndex":"696","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Hola\\app\\net_updater64.exe","companyName":"Bright Data Ltd.","productName":"Bright SDK","productVersion":"1.315.607","fileVersion":"1.315.607","hashMD5":"9e428fc22ef5c14bdedfe91876d3c017","hashSHA1":"a56c0873925faa6097ded9f2f4e3477a3c8202ce","hashSHA256":"951145cbfd2dc448672806b65ef7755816f05618171a6963dc44b1cb2689647d","digitalCertThumbprint":"E37007D5AD430ECCA48AAE923E539D4431924B37","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Bright Data Ltd","storeId":"","sourceIndex":"696","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Hola-Setup.exe","isInstaller":"True","companyName":"Hola VPN Ltd.","productName":"Hola Setup","productVersion":"1.199.956.0","fileVersion":"1.199.956.0","hashMD5":"a71e63ce830982afe14085aa43213087","hashSHA1":"c177a7e3f97e61cfa4c9ee703f9224a5a8958603","hashSHA256":"42e771b06e948517bb866da9ec73fe793296e613e40c07690fdd76c28260385f","digitalCertThumbprint":"782FC72C37F47C9A0157FBE812B79EF10234DA2D","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Hola VPN Ltd","storeId":"","sourceIndex":"696","avBlockList":["360 Total Security (20220825)","Avast Premium Security (20220825)","AVG Internet Security (20220825)","Avira Internet Security (20220825)","ESET Internet Security (20220825)","K7 Total Security (20220825)","Norton Security (20220825)","Panda Dome (20220825)","Sophos Home Premium (20220825)","SpyHunter5 (20220825)","VirIT eXplorer PRO (20220825)","Webroot SecureAnywhere (20220825)","Windows Defender (20220825)"],"avAllowList":["Bitdefender Internet Security (20220825)","COMODO Antivirus (20220825)","Dr.Web Security Space (20220825)","G DATA INTERNET SECURITY (20220825)","Kaspersky Internet Security (20220825)","Malwarebytes Premium (20220825)","McAfee Total Protection (20220825)","Quick Heal Internet Security (20220825)","Total AV Antivirus Pro (20220825)","Trend Micro Internet Security (20220825)","VIPRE Advanced Security (20220825)"]}],"additionalFiles":[],"sources":[{"howFound":"Random Hunt","reference":"","landingPage":"https://hola.org/download","directDownloadingLink":"https://cdn4.hola.org/static/v2/Hola-Setup.exe?web_installer_v2=1.199.956","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn4.hola.org/static/v2/Hola-Setup.exe?web_installer_v2=1.199.956","sourceIndex":"696"}],"sampleFiles":["220822/holavpn-220817/1.201.272/Samples/Hola-Setup.exe"],"imageFiles":["220822/holavpn-220817/1.201.272/Images/ACR-039/ACR-039_1.JPG","220822/holavpn-220817/1.201.272/Images/ACR-043/ACR-043.JPG","220822/holavpn-220817/1.201.272/Images/ACR-042/ACR-042.JPG","220822/holavpn-220817/1.201.272/Images/ACR-084/ACR-084.JPG","220822/holavpn-220817/1.201.272/Images/ACR-084/ACR-084_1.JPG","220822/holavpn-220817/1.201.272/Images/ACR-048/ACR-048_1.JPG","220822/holavpn-220817/1.201.272/Images/ACR-048/ACR-048_Software_1.JPG","220822/holavpn-220817/1.201.272/Images/ACR-048/ACR-048_3.JPG","220822/holavpn-220817/1.201.272/Images/ACR-085/ACR-085_1.JPG","220822/holavpn-220817/1.201.272/Images/ACR-007/ACR-007_1.JPG","220822/holavpn-220817/1.201.272/Images/ACR-007/ACR-007_2.JPG","220822/holavpn-220817/1.201.272/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["220822/holavpn-220817/1.201.272/Images/ACR-018/ACR-018_1.JPG"],"guid":"e670860b-7750-4d61-b453-bcd1a4381310_1.201.272_1","appID":"holavpn-220817","dateAdded":"220822","deceptorType":"App","name":"Hola VPN","company":"Hola VPN Ltd.","version":"1.201.272","firstVendorContactDate":"220824","firstAppEsteemReplyDate":"220824","firstResolvedDate":"220909","firstResolvedVersion":"1.201.687.0","resolved":"TRUE","lastKnownStatus":"1.201.272","lastKnownDate":"220822","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-03-27T16:30:10.0308863+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1313},{"violations":{"ACR-048":"The app does not provide a clear option to cancel/exit the subscription window.\n\n","ACR-004":"The app provides limited free fixes for the identified issues reported during the free scan. It requires the consumer to upgrade to complete the fix. The app exaggeratedly report the broken items in registry as error, which misleads user with unfair urgency. \n\n","ACR-007":"The app does not display any warning message when Windows Defender is disabled which may reduce the default system's security.\n","ACR-008":"Free options in the software is not clearly described. It initially provides the option to Register and a countdown before it displays \"Continue\", trying to conceal the Free option.\n\n\n\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy\n\nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy\n","ACR-054":"In an attempt to upgrade Jcleaner, another offer is checked by default. User needs to uncheck the offer to opt out.\n\n"},"samples":[{"isRevoked":"False","fileName":"JCleaner Setup.exe","isInstaller":"True","companyName":"VITSOFT.NET","productName":"JCleaner","productVersion":"8.0.0.0","fileVersion":"8.0.0.0","hashMD5":"533c167f5117f5a02905492c0926afdc","hashSHA1":"82688f7a5cf17863717d5e681999b1d32b07ec7f","hashSHA256":"046cb7b150afc3dfe3197ee4051924f810dcbe0f49bde2356434b2e49752b6fa","digitalCertThumbprint":"CBA9FF6E84B81F6780E2882A7DA39589221A6B4E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Vitalii Mikhalko, O=Vitalii Mikhalko, L=Novohrad-Volyns'kyi, C=UA","sourceIndex":"1456","avBlockList":["360 Total Security (20221013)","Avira Internet Security (20221013)","Bitdefender Internet Security (20221013)","ESET Internet Security (20221013)","G DATA INTERNET SECURITY (20221013)","Malwarebytes Premium (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","VIPRE Advanced Security (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)","Windows Defender (20221013)"],"avAllowList":["Avast Premium Security (20221013)","AVG Internet Security (20221013)","COMODO Antivirus (20221013)","Dr.Web Security Space (20221013)","K7 Total Security (20221013)","Kaspersky Internet Security (20221013)","Quick Heal Internet Security (20221013)","Trend Micro Internet Security (20221013)"]},{"isRevoked":"False","fileName":"JCleaner.exe","companyName":"VITSOFT.NET","productName":"JCleaner","productVersion":"8.0.0.0","fileVersion":"8.0.0.0","hashMD5":"1d6c062fe9d0da631eba51b63a10b576","hashSHA1":"e51e89bbef93c9acfdc2b436a88135897b69bab0","hashSHA256":"f1b84a1725e9894e0745c760045e09078c9efa5bc75dadfee268e2ddb0ad5fa5","digitalCertThumbprint":"CBA9FF6E84B81F6780E2882A7DA39589221A6B4E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Vitalii Mikhalko, O=Vitalii Mikhalko, L=Novohrad-Volyns'kyi, C=UA","sourceIndex":"1456","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random Google search","reference":"","landingPage":"https://vitsoft.net/","directDownloadingLink":"https://www.vitsoft.net/download/JCleaner%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vitsoft.net/download/JCleaner%20Setup.exe","sourceIndex":"1456"}],"sampleFiles":["220822/jcleaner-220224/8.0.0.0/Samples/JCleaner Setup.exe","220822/jcleaner-220224/8.0.0.0/Samples/JCleaner.exe"],"imageFiles":["220822/jcleaner-220224/8.0.0.0/Images/ACR-007/ACR-007.gif","220822/jcleaner-220224/8.0.0.0/Images/ACR-004/ACR-004_LimitedFix.jpg","220822/jcleaner-220224/8.0.0.0/Images/ACR-004/ACR-004_LimitedFix-1.jpg","220822/jcleaner-220224/8.0.0.0/Images/ACR-008/ACR-008_Unclear_trial_functionality.jpg","220822/jcleaner-220224/8.0.0.0/Images/ACR-008/ACR-008_Unclear_trial_functionality-1.jpg","220822/jcleaner-220224/8.0.0.0/Images/ACR-048/ACR-008_DetailsaboutFix.jpg"],"nonDeceptorImageFiles":["220822/jcleaner-220224/8.0.0.0/Images/ACR-065/ACR-065_LinkstoDocs.jpg","220822/jcleaner-220224/8.0.0.0/Images/ACR-065/ACR-065_Software.jpg","220822/jcleaner-220224/8.0.0.0/Images/ACR-054/JCleaner_OfferPage.png"],"guid":"4b602ff5-aa8b-4971-997f-897de004d411_8.0.0.0_1","appID":"jcleaner-220224","dateAdded":"220822","deceptorType":"App","name":"JCleaner","company":"VITSOFT Software","version":"8.0.0.0","lastKnownStatus":"7.4.0.0;8.0.0.0","lastKnownDate":"220822","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-23T06:33:27.673633+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1311},{"violations":{"ACR-109":"APP installed \"DVDVideoSoft Free Studio\" without users consent or without disclosing it during installation\n","ACR-043":"The APP \"DVD VideoSoft Free Studio was not disclosed before installation, during or even after installation process. \n","ACR-048":"User has no direct way to uninstall \"DVDVideoSoft Free Studio\" from control panel section\n","ACR-007":"Logo of Installer file looks a lot like microsoft, hence it can trick users to downloading and trusting the app easily\n","ACR-039":"There is no indication of the relationship of the \"DVD Video Free Studio\" during the installation process.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-044":"The APP did not disclose any information about the \"DVDVideoSoft Free Studio\" that it also downloaded after installation\n","ACR-040":"The APP installed \"DVDVideoSoft Free Studio\" in a different folder from the installed app, and does not include any README file to explain to the consumer \n","ACR-065":"Installation process does not display links to their Return and Cancellation Policy\nAPP About page does not display links for refund and return policies, Terms of Service, and EULA\nWhen attempting to upgrade your APP to Premium, Refunds/Cancellation Policy is not displayed\n","ACR-092":"","ACR-099":"No direct lnk to uninstall APP from its about page\nNo uninstall link found in landing page\n","ACR-007":"Website Logo for DVD Video Soft looks like Microsoft, hence potentially tricking users to trust and download easily.\n"},"samples":[{"isRevoked":"False","fileName":"FreeVideoEditor_1.4.57.311_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","fileVersion":"1.4","hashMD5":"437e40554a9a2733583228426ef5c64d","hashSHA1":"772aa05bd6320d24f4308de66f82d84f414eccfd","hashSHA256":"2df56c6c5a4409fd6bdfd4ad43947f314f7d5a72ffabbce814b8821dd9580d90","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1459","avBlockList":["Avast Premium Security (20220927)","AVG Internet Security (20220927)","Avira Internet Security (20220927)","Dr.Web Security Space (20220927)","K7 Total Security (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Quick Heal Internet Security (20220927)","Sophos Home Premium (20220927)","SpyHunter5 (20220927)","Total AV Antivirus Pro (20220927)","Webroot SecureAnywhere (20220927)","Windows Defender (20220927)","VirIT eXplorer PRO (20220927)"],"avAllowList":["360 Total Security (20220927)","Bitdefender Internet Security (20220927)","COMODO Antivirus (20220927)","ESET Internet Security (20220927)","G DATA INTERNET SECURITY (20220927)","Kaspersky Internet Security (20220927)","Malwarebytes Premium (20220927)","Tencent PC Manager (20220816)","Trend Micro Internet Security (20220927)","VIPRE Advanced Security (20220927)"]},{"isRevoked":"False","fileName":"FreeVideoEditor.exe","companyName":"Digital Wave Ltd","fileVersion":"1.4","hashMD5":"861d56073bf012bbc09cf18a9b2a07a8","hashSHA1":"18afb4e3dafeb81bc15163076fe085cf743e20b0","hashSHA256":"7352b8bd200d841fbb11b8c1e2d167137d5141e70bfb45a49c68f599937893b1","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1459","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"DVD Videosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/free-video-editor.htm#features","directDownloadingLink":"https://1581786557.rsc.cdn77.org/windows/offline/sc/FreeVideoEditor_1.4.57.311_o.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://1581786557.rsc.cdn77.org/windows/offline/sc/FreeVideoEditor_1.4.57.311_o.exe","sourceIndex":"1459"}],"sampleFiles":["220811/FreeVideoEditor-220811/1.4.57.311/Samples/FreeVideoEditor_1.4.57.311_o.exe","220811/FreeVideoEditor-220811/1.4.57.311/Samples/FreeVideoEditor.exe"],"imageFiles":["220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-109/INS_DroppedFiles.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-109/FreeStudioAPPLoc.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-039/INS_Install2.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-039/INS_Install3.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-043/INS_DroppedFiles.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-043/INS_Install2.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-043/INS_Install3.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-048/UNI_ControlPanel.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-007/INS_InstallerLogoName.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-007/INS_Install1.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-164/USE_UpgradeOffer.png"],"nonDeceptorImageFiles":["220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-044/INS_DroppedFiles.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-040/DVD VideoSoft Install Folder.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-065/INS_Install2.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-065/USE_AboutAPP.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-065/USE_UpgradeOffer.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-007/WEB_APPFunction.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-099/USE_AboutAPP.png","220811/FreeVideoEditor-220811/1.4.57.311/Images/ACR-099/WEB_Landingpage.png"],"guid":"753cb57f-c7f8-4162-9dc1-a4e3ffd7b346_1.4.57.311_1","appID":"FreeVideoEditor-220811","dateAdded":"220811","deceptorType":"Bundler","name":"Free Video Editor","company":"Digital Wave Ltd","version":"1.4.57.311","lastKnownStatus":"1.4.57.311","lastKnownDate":"220811","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-08-12T05:43:27.6436663+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1314},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\nThe \"Premium Support\" offer is opted-in by default on the Internal offers page (https://secure.avangate.com/order/checkout.php?CART_ID=32cb7d7dfaf9c829ba1204e8e82025d6) and requires the user to opt-out of the payment.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-014":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app doesn't provide the following information in the shopping cart(https://www.wave-max.com/purchase.html): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (VideoCoolVideoConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VideoCool Video Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1462","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VideoCool Video Converter\\VideoCoolVideoConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"c67308cb523907c0008633b02b9f0f65","hashSHA1":"29a1bb28a973e2e364102ea2abc02a3a04d15091","hashSHA256":"9a95cd9b10515f604a88760b682ceef62bdbed2eda5769cc643792fb821241f1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1462","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VideoCoolVideoConverter.exe","isInstaller":"True","companyName":"NITBits Co. Ltd.                                           ","productName":"VideoCool Video Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3d8fcf1ba78c9180d0259f18cf8d5f73","hashSHA1":"64720833fd3c2e2851eaf53826977b20ed11bf5d","hashSHA256":"e40f6092aaddfaac723e00c7aaa2a8f5ffd2d3599ddcc6cb26597aead44c8020","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Beijing Tsingsoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1462","avBlockList":["360 Total Security (20221018)","Avast Premium Security (20221018)","AVG Internet Security (20221018)","Avira Internet Security (20221018)","Bitdefender Internet Security (20221018)","COMODO Antivirus (20221018)","Dr.Web Security Space (20221018)","ESET Internet Security (20221018)","G DATA INTERNET SECURITY (20221018)","K7 Total Security (20221018)","Kaspersky Internet Security (20221018)","Malwarebytes Premium (20221018)","McAfee Total Protection (20221018)","Norton Security (20221018)","Panda Dome (20221018)","Quick Heal Internet Security (20221018)","Sophos Home Premium (20221018)","SpyHunter5 (20221018)","Total AV Antivirus Pro (20221018)","Trend Micro Internet Security (20221018)","VIPRE Advanced Security (20221018)","VirIT eXplorer PRO (20221018)","Webroot SecureAnywhere (20221018)","Windows Defender (20221018)"],"avAllowList":["Tencent PC Manager (20220816)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.wave-max.com/features_videoconverter.php","directDownloadingLink":"http://www.wave-max.com/VideoCoolVideoConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wave-max.com/VideoCoolVideoConverter.exe","sourceIndex":"1462"}],"sampleFiles":["220810/videocoolvideoconverter-220808/8.8.2.4/Samples/VideoCoolVideoConverter.exe"],"imageFiles":["220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-109/ACR-109_install_Installs_RK.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-048/ACR-048_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-048/ACR-048_2.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-048/ACR-048_3.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-010/ACR-010_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-083/ACR-083.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-083/ACR-083_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-084/ACR-084_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-057/ACR-057_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-059/ACR-059-1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-071/ACR-071_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-155/ACR-155-1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-047/ACR-047_1.mp4","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-047/ACR-047_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-014/ACR-014_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-014/ACR-014_1.mp4","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-122/ACR-122_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-075/ACR-075_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-075/ACR-075_1.mp4","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-071/ACR-071 (1).jpg","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-071/ACR-071 (2).jpg","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-165/ACR-165_1.jpg","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-165/ACR-165_2.jpg"],"nonDeceptorImageFiles":["220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-106/ACR-106_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-123/ACR-123_1.JPG","220810/videocoolvideoconverter-220808/8.8.2.4/Images/ACR-092/ACR-092_1.JPG"],"guid":"0464bec3-cba0-4d1c-add4-be49edea9982_8.8.2.4_1","appID":"videocoolvideoconverter-220808","dateAdded":"220810","deceptorType":"Bundler","name":"VideoCool Video Converter","company":"NITBits Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220810","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-10T21:26:06.6634759+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1315},{"violations":{"ACR-003":"The application lists non-critical items like caches, shared DLL and legitimate tools as \"errors\" and gauges system impact issues as MEDIUM or HIGH, thus misleading or scaring user to take action.\n\n","ACR-004":"The application exaggerates free scan results as \"errors\" and uses gauges to describe improvement potential. The application only provides 10 fixes for free scan results and upsells the product to complete the fix for remaining issues. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"registryoptimizer_trial.exe","isInstaller":"True","companyName":"X.M.Y International LLC                                     ","fileVersion":"0.0","hashMD5":"8f4724a2ba1cff51cd47f210b2536543","hashSHA1":"4cfea413bb5aa36f50ff37c5c1e9db84d7c3bc66","hashSHA256":"1d96f5b98f7fbe8ab456149dcea2486053d4daeb8ca0235a83672f35819043fc","sourceIndex":"1465","avBlockList":["360 Total Security (20221018)","Avast Premium Security (20221018)","AVG Internet Security (20221018)","Avira Internet Security (20221018)","Bitdefender Internet Security (20221018)","ESET Internet Security (20221018)","G DATA INTERNET SECURITY (20221018)","K7 Total Security (20221018)","Malwarebytes Premium (20221018)","McAfee Total Protection (20221018)","Norton Security (20221018)","Panda Dome (20221018)","Quick Heal Internet Security (20221018)","Sophos Home Premium (20221018)","SpyHunter5 (20221018)","Total AV Antivirus Pro (20221018)","VIPRE Advanced Security (20221018)","VirIT eXplorer PRO (20221018)","Webroot SecureAnywhere (20221018)","Windows Defender (20221018)"],"avAllowList":["COMODO Antivirus (20221018)","Dr.Web Security Space (20221018)","Kaspersky Internet Security (20221018)","Tencent PC Manager (20220816)","Trend Micro Internet Security (20221018)"]},{"isRevoked":"False","fileName":"RegOpt.exe","fileVersion":"0.0","hashMD5":"05702d212c351a588f4f79210835b094","hashSHA1":"4ce3ba091ed9084b1de3f37cb63a8e18a2e1e5aa","hashSHA256":"2a9631aadebd16678d3d9836d64c6a3f50d94faa7b7ef46663c93ae29ba41664","sourceIndex":"1465","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searched for registry optimizers","reference":"","landingPage":"https://registry-optimizer.de.softonic.com/","directDownloadingLink":"https://registry-optimizer.de.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://registry-optimizer.de.softonic.com/download","sourceIndex":"1465"}],"sampleFiles":["220810/RegistryOptimizer-220809/2.55/Samples/registryoptimizer_trial.exe","220810/RegistryOptimizer-220809/2.55/Samples/RegOpt.exe"],"imageFiles":["220810/RegistryOptimizer-220809/2.55/Images/ACR-004/ACR-004_Limited_Free_Fix_for_Scans.jpg","220810/RegistryOptimizer-220809/2.55/Images/ACR-004/ACR-004_Limited_Free_Fix_for_Scans-a.jpg","220810/RegistryOptimizer-220809/2.55/Images/ACR-004/ACR-004_Limited_Free_Fix_for_Scans-b.jpg","220810/RegistryOptimizer-220809/2.55/Images/ACR-003/ACR-003_Exaggerated_Lists_as_Errors.gif","220810/RegistryOptimizer-220809/2.55/Images/ACR-003/ACR-003_Exaggerated_Errors.jpg","220810/RegistryOptimizer-220809/2.55/Images/ACR-003/ACR-003_Exaggerated_Listing-cache.jpg","220810/RegistryOptimizer-220809/2.55/Images/ACR-003/ACR-003_Exaggerated_Listing-software.jpg","220810/RegistryOptimizer-220809/2.55/Images/ACR-003/ACR-003_Exaggerated_Listing-sharedDLLs.jpg","220810/RegistryOptimizer-220809/2.55/Images/ACR-003/ACR-003_004_RiskGauge_LimitedFunctionality.jpg"],"nonDeceptorImageFiles":[],"guid":"241d9d9c-675e-421b-ac80-e483ad6aecad_2.55_1","appID":"RegistryOptimizer-220809","dateAdded":"220810","deceptorType":"App","name":"Registry Optimizer","company":"X.M.Y International LLC","version":"2.55","lastKnownStatus":"2.55","lastKnownDate":"220810","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-10T21:05:22.5478087+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1316},{"violations":{"ACR-003":"The application presents a huge lists of scanned registries as \"errors\" and exaggeratedly warns consumer about the system problems it may encounter if the free scanned registries are not fixed, thus misleading and scaring user to take action.\n\n","ACR-004":"The application does not provide fixes for free scan results. It requires registration and purchase in order to fix registry issues. It also uses alarming colors to make exaggerated claims about the system's health and declares system optimization status as \"Medium\" prior to initial scanning.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"RegistryCleanMaster.exe","companyName":"Unfailing Soft","productName":"Registry Clean Master   ","productVersion":"1.0.7.332","fileVersion":"1.0.7.332","hashMD5":"e60c0c4083c585cfea2344d61fbe65f0","hashSHA1":"60b734fc78b94455263415094a00caa1aa4f57ed","hashSHA256":"33b273130a7db0ae36ce56760d4e203419d685375001aeab90f43e6eb187fcba","sourceIndex":"1467","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_registry_clean_master.exe","isInstaller":"True","companyName":"Unfailing Soft                                              ","productName":"Registry Clean Master   ","fileVersion":"1.0.7.13            ","hashMD5":"afea95fe76a25160b0c166a0b815ed97","hashSHA1":"09ba20cec2184844a3e2a5b4caf4db0911453826","hashSHA256":"1a1cfa450f25f919a74bde742b268d9ac036ebdd7895394c153dadbc9062c6ed","sourceIndex":"1467","avBlockList":["Avast Premium Security (20221013)","AVG Internet Security (20221013)","Avira Internet Security (20221013)","Bitdefender Internet Security (20221013)","ESET Internet Security (20221013)","G DATA INTERNET SECURITY (20221013)","K7 Total Security (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","VIPRE Advanced Security (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)","Windows Defender (20221013)"],"avAllowList":["360 Total Security (20221013)","COMODO Antivirus (20221013)","Dr.Web Security Space (20221013)","Kaspersky Internet Security (20221013)","Malwarebytes Premium (20221013)","Quick Heal Internet Security (20221013)","Tencent PC Manager (20220816)","Trend Micro Internet Security (20221013)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Registry Cleaners","reference":"","landingPage":"https://registry-clean-master.software.informer.com/","directDownloadingLink":"https://registry-clean-master.software.informer.com/download/?cfa5b78","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://registry-clean-master.software.informer.com/download/?cfa5b78","sourceIndex":"1467"}],"sampleFiles":["220810/RegistryCleanMaster-220810/1.0.7.332/Samples/RegistryCleanMaster.exe","220810/RegistryCleanMaster-220810/1.0.7.332/Samples/setup_registry_clean_master.exe"],"imageFiles":["220810/RegistryCleanMaster-220810/1.0.7.332/Images/ACR-004/ACR-003_Exaggerated_Warning.jpg","220810/RegistryCleanMaster-220810/1.0.7.332/Images/ACR-004/RegistryCleanMaster_App_Interaction.jpg","220810/RegistryCleanMaster-220810/1.0.7.332/Images/ACR-004/ACR-003_Exaggerated_Colors.jpg","220810/RegistryCleanMaster-220810/1.0.7.332/Images/ACR-003/ACR-003_Exaggerated_Warning.jpg","220810/RegistryCleanMaster-220810/1.0.7.332/Images/ACR-003/ACR-003_Exaggerated_Colors.jpg"],"nonDeceptorImageFiles":[],"guid":"0ce566b1-2644-45fc-b8c8-6b6ccb09b023_1.0.7.332_1","appID":"RegistryCleanMaster-220810","dateAdded":"220810","deceptorType":"App","name":"Registry Clean Master","company":"Unfailing Soft","version":"1.0.7.332","lastKnownStatus":"1.0.7.332","lastKnownDate":"220810","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-10T20:38:45.1288109+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1317},{"violations":{"ACR-103":"The app suggests cleaning junk and cache in the device but it doesn’t seem to clean any junk/cache as it randomly displays data. When the user selects the “Clean up” option, it starts cleaning but displays different data to be cleaned again, thus unable to verify the app's value proposition. \n","ACR-014":"The app suggests cleaning junk and cache in the device but it doesn’t seem to clean any junk/cache as it randomly displays data. When the user selects the “Clean up” option, it starts cleaning but displays different data to be cleaned again, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.master.phone.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"7c8dc76dc80e1e88c5e1e7f014401668","hashSHA1":"f3a783102d6bb03bddd1a9053b9095baf2add00d","hashSHA256":"3983f097d372853fdff7078a03566eec20449692d49c763829c180569cc7f55d","sourceIndex":"1460","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.master.phone","ipv4":"","ipv6":"","sourceIndex":"1460"}],"sampleFiles":["220810/phonemasterfasterandboost-220809/1.1.9/Samples/com.master.phone.apk"],"imageFiles":["220810/phonemasterfasterandboost-220809/1.1.9/Images/ACR-103/ACR-103_Software.png","220810/phonemasterfasterandboost-220809/1.1.9/Images/ACR-103/ACR-103_Software_1.png","220810/phonemasterfasterandboost-220809/1.1.9/Images/ACR-014/ACR-014_Software.png","220810/phonemasterfasterandboost-220809/1.1.9/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"344399bd-8b88-4aa0-932d-2a6cf7eef2a1_1.1.9_1","appID":"phonemasterfasterandboost-220809","dateAdded":"220810","deceptorType":"Android App","name":"Phone Master Faster And Boost","company":"Privacy Guard  ","version":"1.1.9","sigName":"Deceptor:Adroid/PhoneMasterFasterBoost!103014","lastKnownStatus":"1.1.9","lastKnownDate":"220810","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-10T21:31:39.8955592+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1318},{"violations":{"ACR-109":"APP installed \"DVDVideoSoft Free Studio\" without users consent or without disclosing it during installation\n","ACR-043":"The APP \"DVDVideoSoft Free Studio\" was not disclosed after installation, even the desktop shortcut made\n","ACR-048":"User is not able to uninstall  \"DVDVideo Free Studio\" using standard control panel add/remove programs\n","ACR-007":"Logo of DVDVideoSoft looks a lot like Microsoft, hence can trick users to downloading and trusting the page easily\n","ACR-039":"No indication of the relationship of the \"DVD Video Free Studio\" during the installation process.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-044":"The APP did not disclose any information about the \"DVDVideoSoft Free Studio\" that it also downloaded after installation\n","ACR-040":"The APP installed \"DVDVideoSoft Free Studio\" in a different folder from the installed app, and does not include any README file to explain to the consumer\n","ACR-065":"Installation does not Display links to their Returns and Cancellation Policy.\nAPP About page doesnt display links for refund and return policies\nWhen clicking Upgrade to Premium, Refunds/Return & Cancellation Policy is not displayed\n","ACR-099":"No direct link to uninstall APP from the about page\nNo uninstall link/info found in offer page\nNo uninstall link found in landing page\n","ACR-007":"Landing Page includes Logo for DVD VideoSoft, looking very similar to Microsoft Logo, and can trick users to downloading and even paying for their software\n"},"samples":[{"isRevoked":"False","fileName":"FreeInstagramDownload.exe","companyName":"Digital Wave Ltd","fileVersion":"2.1","hashMD5":"841932172bf8bb0d262ffbfaa43123cb","hashSHA1":"830143b7bf0735c36b3694603ec4f758b7987159","hashSHA256":"da3f09900134b9603c461b10571beaba6490cea386ef69e2a5c73ce10c39b454","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1466","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeInstagramDownload_2.1.31.315_d.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","fileVersion":"2.1","hashMD5":"bd42a76226c5dbf64f37599a10a142ce","hashSHA1":"3c1e41a389a5f48b8b655b162a0046689d284e77","hashSHA256":"8e46e0b308846051c4e803a564180335e84ded7804310131d64b3a95d16f9139","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1466","avBlockList":["Avast Premium Security (20221013)","AVG Internet Security (20221013)","Avira Internet Security (20221013)","Bitdefender Internet Security (20221013)","Dr.Web Security Space (20221013)","G DATA INTERNET SECURITY (20221013)","K7 Total Security (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","VIPRE Advanced Security (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)","Windows Defender (20221013)"],"avAllowList":["360 Total Security (20221013)","COMODO Antivirus (20221013)","ESET Internet Security (20221013)","Kaspersky Internet Security (20221013)","Malwarebytes Premium (20221013)","Quick Heal Internet Security (20221013)","Tencent PC Manager (20220816)","Trend Micro Internet Security (20221013)"]}],"additionalFiles":[],"sources":[{"howFound":"DvdVideoSoft Website","reference":"","landingPage":"https://www.dvdvideosoft.com/free-dvd-video-software-download.htm","directDownloadingLink":"https://1581786557.rsc.cdn77.org/windows/offline/sc/FreeInstagramDownload_2.1.31.315_d.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://1581786557.rsc.cdn77.org/windows/offline/sc/FreeInstagramDownload_2.1.31.315_d.exe","sourceIndex":"1466"}],"sampleFiles":["220810/FreeInstagramDownload-220809/2.1.31.315/Samples/FreeInstagramDownload.exe","220810/FreeInstagramDownload-220809/2.1.31.315/Samples/FreeInstagramDownload_2.1.31.315_d.exe"],"imageFiles":["220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-109/DVD VideoSoft Install Folder.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-039/InstallPage1.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-039/InstallPage2.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-039/InstallPage3.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-039/InstallPageLast.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-043/DVDVideoSoft.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-043/InstallPageLast.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-043/IntallPage2.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-048/UninstallPage.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-007/LogoLikeMS.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-007/LogoLikeMS3.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-164/OfferPage.png"],"nonDeceptorImageFiles":["220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-044/DVDVideoSoft.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-040/DVD VideoSoft Install Folder.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-065/InstallPage1.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-065/AboutPage1.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-065/OfferPage.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-007/LogoLikeMS2.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-099/AboutPage1.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-099/OfferPage.png","220810/FreeInstagramDownload-220809/2.1.31.315/Images/ACR-099/LandingPage.png"],"guid":"5f7c8f47-5d47-4e9d-a85b-412d0c2f40ce_2.1.31.315_1","appID":"FreeInstagramDownload-220809","dateAdded":"220810","deceptorType":"Bundler","name":"Free Instagram Download","company":"Digital Wave Ltd","version":"2.1.31.315","lastKnownStatus":"2.1.31.315","lastKnownDate":"220810","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP,Windows Server","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-08-10T20:48:25.801941+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1319},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining the RelevantKnowledge app, it is still downloaded the RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app distributes the deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user chooses to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining the RelevantKnowledge app, it still downloaded the RelevantKnowledge file “rk_setup.exe”. \n","ACR-155":"Offers are designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\nThe app does not display links to the app's Returns and Cancellation Policy, Privacy Policy & EULA.\nThe landing page does not display links to the Returns and Cancellation Policy, Privacy policy & EULA.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"Apps does not have a digital signature for their main executables and its installer.\n","ACR-099":"The app does not display links to uninstall information in the software. \nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Forest Life\\ForestLife.exe","companyName":"","productName":"M Application","productVersion":"1. 0. 0. 1","fileVersion":"1. 0. 0. 1","hashMD5":"516420d2f7c2bc49f0cb87068577edc2","hashSHA1":"175f893504b14930c0410a8905a0f8c91d5dd579","hashSHA256":"4498b5ef8a925f343e64d4b59f5ebf7a760ccfc75d72d56a8fe1ece1764c5458","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1464","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Forest Life\\Game.exe","companyName":"","productName":"Game Loader","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ccb91f3bbb021a056b720eee8fc9d412","hashSHA1":"416f1dd83c9d3ea364421ea06f655c06e58bc6ee","hashSHA256":"963df8b4ae710c1642daa429b47111e69079f8408b010aff1979b18c08984318","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1464","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ForestLifeSetup.exe","isInstaller":"True","companyName":"Free Games Downloads Inc.                                  ","productName":"Forest Life                                                 ","productVersion":"2.6.0.2                                           ","fileVersion":"                    ","hashMD5":"99ae79208ba62d34ef18510c2a0c3f54","hashSHA1":"bf6ed6234ea870c066b5e9c4444496d9c1da205f","hashSHA256":"e24310778846b005a3208f6218013512261c41dfe68a826f458b7edbcbec4d95","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1464","avBlockList":["360 Total Security (20220927)","Avast Premium Security (20220927)","AVG Internet Security (20220927)","Avira Internet Security (20220927)","Bitdefender Internet Security (20220927)","Dr.Web Security Space (20220927)","ESET Internet Security (20220927)","G DATA INTERNET SECURITY (20220927)","K7 Total Security (20220927)","Kaspersky Internet Security (20220927)","Malwarebytes Premium (20220927)","McAfee Total Protection (20220927)","Norton Security (20220927)","Panda Dome (20220927)","Sophos Home Premium (20220927)","SpyHunter5 (20220927)","Total AV Antivirus Pro (20220927)","VIPRE Advanced Security (20220927)","VirIT eXplorer PRO (20220927)","Windows Defender (20220927)"],"avAllowList":["COMODO Antivirus (20220927)","Quick Heal Internet Security (20220927)","Tencent PC Manager (20220816)","Trend Micro Internet Security (20220927)","Webroot SecureAnywhere (20220927)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant knowledge search in VirusTotal","reference":"","landingPage":"http://www.falcoware.com/ForestLife.php","directDownloadingLink":"http://falcogames.com/ForestLifeSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://falcogames.com/ForestLifeSetup.exe","sourceIndex":"1464"}],"sampleFiles":["220810/Forestlife-220809/2.6.0.2/Samples/ForestLifeSetup.exe"],"imageFiles":["220810/Forestlife-220809/2.6.0.2/Images/ACR-109/ACR-109.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-039/ACR-039.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-048/ACR-048.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-118/ACR-118.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-118/ACR-118_1.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-057/ACR-057.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-059/ACR-059.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-071/ACR-071.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-155/ACR-155.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":["220810/Forestlife-220809/2.6.0.2/Images/ACR-065/ACR-065.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-065/ACR-065_1.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-106/ACR-106.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-092/ACR-092.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-065/ACR-065_Software.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-099/ACR-099_Software.JPG","220810/Forestlife-220809/2.6.0.2/Images/ACR-065/ACR-065_Landingpage.jpg","220810/Forestlife-220809/2.6.0.2/Images/ACR-099/ACR-099_Landingpage.jpg"],"guid":"52f78172-c4ea-4225-bfab-c75b724d2946_2.6.0.2_1","appID":"Forestlife-220809","dateAdded":"220810","deceptorType":"App","name":"Forest life","company":"Free Games Downloads, Inc.","version":"2.6.0.2","lastKnownStatus":"2.6.0.2","lastKnownDate":"220810","type":"Windows Executable","category":"Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-08-10T21:07:17.7157391+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1320},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined. (Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its other components on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\nThe \"Premium Support\" offer is opted-in by default on the Internal offers page (https://secure.avangate.com/order/checkout.php?PRODS=4552840&QTY=1&CART=1) and requires the user to opt-out of the payment.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.(Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.(Unable to update and verify the scenario, as it throws an error message stating \"The server name or address could not be resolved\")\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n","ACR-165":"The app doesn't provide the following information in the shopping cart(https://www.wave-max.com/purchase.html): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price? 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (AudioCoolAudioConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AudioCool Audio Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1463","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AudioCool Audio Converter\\AudioCoolAudioConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"99285b66d4f93c270e2952974aed3f48","hashSHA1":"e30319dc07784b8c7bf467ae079389bc3eaffc9c","hashSHA256":"1f30a434cf86e9c0b748fab3da0742879decbfb0a25c455585528fe1efb83a48","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1463","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AudioCoolAudioConverter.exe","isInstaller":"True","companyName":"NITBits Co.Ltd.                                             ","productName":"AudioCool Audio Converter                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"eb32ffeb4ebcedfccfc5694f00b8473f","hashSHA1":"1d95dca62a2d51d43d764b96af878cdfa5d593e2","hashSHA256":"d9b08df5ca4a83a10047ba59803ddf2fef04e55c53acc9caf108ecbff1ef9f92","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Beijing Tsingsoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1463","avBlockList":["360 Total Security (20221013)","Avast Premium Security (20221013)","AVG Internet Security (20221013)","Avira Internet Security (20221013)","Bitdefender Internet Security (20221013)","COMODO Antivirus (20221013)","Dr.Web Security Space (20221013)","ESET Internet Security (20221013)","G DATA INTERNET SECURITY (20221013)","K7 Total Security (20221013)","Kaspersky Internet Security (20221013)","Malwarebytes Premium (20221013)","McAfee Total Protection (20221013)","Norton Security (20221013)","Panda Dome (20221013)","Sophos Home Premium (20221013)","SpyHunter5 (20221013)","Total AV Antivirus Pro (20221013)","Trend Micro Internet Security (20221013)","VIPRE Advanced Security (20221013)","VirIT eXplorer PRO (20221013)","Webroot SecureAnywhere (20221013)","Windows Defender (20221013)"],"avAllowList":["Quick Heal Internet Security (20221013)","Tencent PC Manager (20220816)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.wave-max.com/features_audioconverter.php","directDownloadingLink":"http://www.wave-max.com/AudioCoolAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wave-max.com/AudioCoolAudioConverter.exe","sourceIndex":"1463"}],"sampleFiles":["220810/audiocoolaudioconverter-220808/8.8.2.4/Samples/AudioCoolAudioConverter.exe"],"imageFiles":["220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-109/ACR-109_Install_Installs_RK.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-010/ACR-010_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-084/ACR-084_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-057/ACR-057_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-059/ACR-059-1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-071/ACR-071_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-155/ACR-155-1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-048/ACR-048_1 (1).JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-048/ACR-048_1 (2).JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-048/ACR-048-3.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-083/ACR-083 (1).JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-083/ACR-083 (2).JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-014/ACR-014.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-014/ACR-014.mp4","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-047/ACR-047_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-047/ACR-047.mp4","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-122/ACR-122_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-075/ACR-075_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-075/ACR-075_1.mp4","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-071/ACR-171 (1).jpg","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-071/ACR-071 (2).jpg","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-165/ACR-165_1.jpg","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-165/ACR-165_2.jpg"],"nonDeceptorImageFiles":["220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-106/ACR-106_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-092/ACR-092_Software_1.JPG","220810/audiocoolaudioconverter-220808/8.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"021e347b-dc2e-40f1-b921-bab22cbad848_8.8.2.4_1","appID":"audiocoolaudioconverter-220808","dateAdded":"220810","deceptorType":"Bundler","name":"AudioCool Audio Converter","company":"NITBits Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220810","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-10T21:24:06.8659123+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1321},{"violations":{"ACR-103":"The app suggests cleaning junk and cache in the device but it doesn’t seem to clean any junk/cache as it randomly displays data. When the user selects the “Clean” option, it starts cleaning but displays different data to be cleaned again, thus unable to verify the app's value proposition.\n","ACR-014":"The app suggests cleaning junk and cache in the device but it doesn’t seem to clean any junk/cache as it randomly displays data. When the user selects the “Clean” option, it starts cleaning but displays different data to be cleaned again, also does not substantiate the identified issues, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.thunder.new.cleanapp.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"6d5971f46982be656ca6954541ddaa41","hashSHA1":"70ac97b2c9aa7a9d5445df48ac2e5b83e5d1355b","hashSHA256":"ee72e57a67a60c05eba9da22ef90a25db3c16142dd3a569c0ec3db41500f5a54","sourceIndex":"1461","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.thunder.new.cleanapp","ipv4":"","ipv6":"","sourceIndex":"1461"}],"sampleFiles":["220810/thundercleanboosterfaster-220808/2.0.2/Samples/com.thunder.new.cleanapp.apk"],"imageFiles":["220810/thundercleanboosterfaster-220808/2.0.2/Images/ACR-103/ACR-103_Software.png","220810/thundercleanboosterfaster-220808/2.0.2/Images/ACR-103/ACR-103_Software_1.png","220810/thundercleanboosterfaster-220808/2.0.2/Images/ACR-014/ACR-014_Software.png","220810/thundercleanboosterfaster-220808/2.0.2/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"1700d78e-b588-4d09-87d6-7de6b9e9e8e0_2.0.2_1","appID":"thundercleanboosterfaster-220808","dateAdded":"220810","deceptorType":"Android App","name":"Thunder Clean Booster Faster","company":"hellow network","version":"2.0.2","sigName":"Deceptor:Android/ThunderCleanBoosterFaster!103014","lastKnownStatus":"2.0.2","lastKnownDate":"220810","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-10T21:29:27.7591594+00:00","notDistributed":false,"familyName":"FakeCleaner","numInFamily":6,"numInAppID":1,"sortOrder":1322},{"violations":{"ACR-103":"The app suggests cleaning junk issues \"2.94 GB\" on the device. After cleaning is done, it says cleaned but when the user clicks the clean option continuously for some time, it displays the same junk count \"2.94 GB\", thus unable to verify the app's value proposition.\n","ACR-014":"The app suggests cleaning junk \"2.94 GB\" on the device. After cleaning is done, it says cleaned but when the user clicks the clean option continuously for some time, it displays the same junk count \"2.94 GB\", thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.speedy.smooth.sweet.cleaner.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"fdfa222890149829471625acfca8d4b1","hashSHA1":"6c747e190dfe8ac2d38ec111e4ed4844861fb7e7","hashSHA256":"464d38f337ea54113bb68f956cdae1b6403a67b2c3670c5385f163d3d4d934f3","sourceIndex":"1468","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.speedy.smooth.sweet.cleaner","ipv4":"","ipv6":"","sourceIndex":"1468"}],"sampleFiles":["220808/speedycleanerandpowerboost-220808/1.0.43/Samples/com.speedy.smooth.sweet.cleaner.apk"],"imageFiles":["220808/speedycleanerandpowerboost-220808/1.0.43/Images/ACR-103/ACR-103_Software.png","220808/speedycleanerandpowerboost-220808/1.0.43/Images/ACR-103/ACR-103_Software_1.png","220808/speedycleanerandpowerboost-220808/1.0.43/Images/ACR-014/ACR-014_Software.png","220808/speedycleanerandpowerboost-220808/1.0.43/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"ee11b767-ab5a-4bc2-9596-54586eb4c1f0_1.0.43_1","appID":"speedycleanerandpowerboost-220808","dateAdded":"220808","deceptorType":"Android App","name":"Speedy Cleaner And Power Boost","company":"HitRun Lab","version":"1.0.43","sigName":"Deceptor:Android/SpeedyCleanerPowerBoost!103014","lastKnownStatus":"1.0.43","lastKnownDate":"220808","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-08T21:51:07.4209981+00:00","notDistributed":false,"familyName":"FakeCleaner","numInFamily":6,"numInAppID":1,"sortOrder":1323},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-043":"Third-party components from \"Online Media Technologies Ltd'\" are installed without disclosure. \n\n","ACR-107":" The app does not obtain any authorization for using third-party components \"Online Media Technologies Ltd.\".\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-002":"The App's version is inconsistent between App interaction and its install (version 14.8.2.5 vs version 14.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version 14.8.2.5 vs version 14.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"AudioRecorderforFree.exe","fileVersion":"0.0","hashMD5":"6044a5533d641eb8658efdbf17f3b04d","hashSHA1":"942456c367ea064878f0a23e67144dfa82d7a96d","hashSHA256":"f9b3dca3fa408c5268951bb2ea9defa5bbef7ebda5ae920c03597019a04b7c67","sourceIndex":"1470","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AudioRecorderforFree-setup.exe","isInstaller":"True","companyName":"Copyright© AudioToolMedia Software.                         ","fileVersion":"0.0","hashMD5":"4254b1b5ca890ea4711b694db3995f2f","hashSHA1":"9b580407c1cedb2ac333ad95b959780c5a0a7fd8","hashSHA256":"4d298c29c793d06129a5f8f505586dd68c505f3486363e58358b1db37ca3723a","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1470","avBlockList":["360 Total Security (20221018)","Avast Premium Security (20221018)","AVG Internet Security (20221018)","Avira Internet Security (20221018)","Bitdefender Internet Security (20221018)","Dr.Web Security Space (20221018)","ESET Internet Security (20221018)","G DATA INTERNET SECURITY (20221018)","K7 Total Security (20221018)","Kaspersky Internet Security (20221018)","Malwarebytes Premium (20221018)","McAfee Total Protection (20221018)","Norton Security (20221018)","Panda Dome (20221018)","Quick Heal Internet Security (20221018)","Sophos Home Premium (20221018)","SpyHunter5 (20221018)","Total AV Antivirus Pro (20221018)","Trend Micro Internet Security (20221018)","VIPRE Advanced Security (20221018)","VirIT eXplorer PRO (20221018)","Webroot SecureAnywhere (20221018)","Windows Defender (20221018)"],"avAllowList":["COMODO Antivirus (20221018)","Tencent PC Manager (20220811)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"CoolRecordEditPro","landingPage":"http://audio-tool.net/","directDownloadingLink":"http://audio-tool.net/AudioRecorderforFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://audio-tool.net/AudioRecorderforFree.exe","sourceIndex":"1470"}],"sampleFiles":["220808/AudioRecorderforFree-220805/14.8.1/Samples/AudioRecorderforFree.exe","220808/AudioRecorderforFree-220805/14.8.1/Samples/AudioRecorderforFree-setup.exe"],"imageFiles":["220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-043/ACR-043_107_NCT_thirdparty.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-010/RK.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-107/ACR-043_107_NCT_thirdparty.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-118/ACR-118_Retained_components.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-057/RK.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-059/RK.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-071/RK.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-065/RK.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-002/ACR-002_Mismatched_version.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-106/RK.jpg","220808/AudioRecorderforFree-220805/14.8.1/Images/ACR-002/ACR-002_Mismatched_version.jpg"],"guid":"c21cc326-e421-494a-acf5-7cde76404a1b_14.8.1_1","appID":"AudioRecorderforFree-220805","dateAdded":"220808","deceptorType":"App","name":"Audio Recorder for Free","company":"AudioToolMedia","version":"14.8.1","lastKnownStatus":"14.8.1","lastKnownDate":"220808","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-08-08T21:08:46.8830584+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1328},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 6.6.9 vs version 6.6.8) \n\nThe App's version is inconsistent between App interaction and its install (version 6.6.9 vs version 6.6.8) \n"},"samples":[{"isRevoked":"False","fileName":"AudioRecorder-setup.exe","isInstaller":"True","companyName":"Accmeware Corporation                                       ","fileVersion":"0.0","hashMD5":"1b7e19115fb79bf1634db9fec676ff26","hashSHA1":"1801386cf8404179cc9dcd61c86e63161f9efaa7","hashSHA256":"837a0d361ecf841d0dffadf2120ce48f7bac2608d4c9981ddc5582d73304833c","sourceIndex":"1471","avBlockList":["360 Total Security (20221018)","Avast Premium Security (20221018)","AVG Internet Security (20221018)","Avira Internet Security (20221018)","Bitdefender Internet Security (20221018)","COMODO Antivirus (20221018)","Dr.Web Security Space (20221018)","ESET Internet Security (20221018)","G DATA INTERNET SECURITY (20221018)","K7 Total Security (20221018)","Kaspersky Internet Security (20221018)","Malwarebytes Premium (20221018)","McAfee Total Protection (20221018)","Norton Security (20221018)","Panda Dome (20221018)","Quick Heal Internet Security (20221018)","Sophos Home Premium (20221018)","SpyHunter5 (20221018)","Total AV Antivirus Pro (20221018)","VIPRE Advanced Security (20221018)","VirIT eXplorer PRO (20221018)","Webroot SecureAnywhere (20221018)","Windows Defender (20221018)"],"avAllowList":["Tencent PC Manager (20220811)","Trend Micro Internet Security (20221018)"]},{"isRevoked":"False","fileName":"Free Audio Recorder.exe","companyName":"freeaudiorecorder.ner","fileVersion":"6.6","hashMD5":"8f862af26264f72c168d65b38cef3edf","hashSHA1":"ade4ae531ee45efb230c204818d6f136ae010900","hashSHA256":"d7d89d9530737aa97c1ed09045a91361e4f67acc2e39332ae7f77ba1b9acc10e","sourceIndex":"1471","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"CoolRecordEditPro","landingPage":"http://www.freeaudiorecorder.net/free_audio_recorder.html","directDownloadingLink":"http://www.freeaudiorecorder.net/Downloads/AudioRecorder.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiorecorder.net/Downloads/AudioRecorder.zip","sourceIndex":"1471"}],"sampleFiles":["220808/AudioRecorder-220805/6.6.8/Samples/AudioRecorder-setup.exe","220808/AudioRecorder-220805/6.6.8/Samples/Free Audio Recorder.exe"],"imageFiles":["220808/AudioRecorder-220805/6.6.8/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220808/AudioRecorder-220805/6.6.8/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220808/AudioRecorder-220805/6.6.8/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220808/AudioRecorder-220805/6.6.8/Images/ACR-118/ACR-118_RetainedComponents.jpg"],"nonDeceptorImageFiles":["220808/AudioRecorder-220805/6.6.8/Images/ACR-002/ACR-002_Mismatched_versions.jpg","220808/AudioRecorder-220805/6.6.8/Images/ACR-002/ACR-002_Mismatched_versions.jpg"],"guid":"999d95ad-43ac-463c-985f-d15b40bbf810_6.6.8_1","appID":"AudioRecorder-220805","dateAdded":"220808","deceptorType":"App","name":"Free Audio Recorder","company":"Accmeware Corporation","version":"6.6.8","lastKnownStatus":"6.6.8","lastKnownDate":"220808","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps","lastUpdate":"2022-08-08T20:42:07.355102+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1329},{"violations":{"ACR-103":"The app suggests cleaning junk in the device but it doesn’t seem to clean any junk as it randomly displays data. When the user selects the “Clean” option, it starts cleaning but displays different data to be cleaned again, thus unable to verify the app's value proposition. \n","ACR-014":"The app suggests cleaning junk in the device but it doesn’t seem to clean any junk as it randomly displays data. When the user selects the “Clean” option, it starts cleaning but displays different data to be cleaned again, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"com.smart.booster.clean.master.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"3e22602862d62ab9141ba62898817213","hashSHA1":"352a67daaa42bf93683ec1ad93604b4ef0d20084","hashSHA256":"73427deb982f4fb410ba95523888d2a746192fd809b30a22902cc11681cfe581","sourceIndex":"1469","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.smart.booster.clean.master","ipv4":"","ipv6":"","sourceIndex":"1469"}],"sampleFiles":["220808/cleanmasterboosterclean-220808/1.1.9/Samples/com.smart.booster.clean.master.apk"],"imageFiles":["220808/cleanmasterboosterclean-220808/1.1.9/Images/ACR-103/ACR-103_Software.png","220808/cleanmasterboosterclean-220808/1.1.9/Images/ACR-103/ACR-103_Software_1.png","220808/cleanmasterboosterclean-220808/1.1.9/Images/ACR-103/ACR-103_Software_2.png","220808/cleanmasterboosterclean-220808/1.1.9/Images/ACR-103/ACR-103_Software_3.png","220808/cleanmasterboosterclean-220808/1.1.9/Images/ACR-014/ACR-014_Software.png","220808/cleanmasterboosterclean-220808/1.1.9/Images/ACR-014/ACR-014_Software_1.png","220808/cleanmasterboosterclean-220808/1.1.9/Images/ACR-014/ACR-014_Software_2.png","220808/cleanmasterboosterclean-220808/1.1.9/Images/ACR-014/ACR-014_Software_3.png"],"nonDeceptorImageFiles":[],"guid":"6acf52fe-b91b-4f59-a7b5-4bba30c80d4b_1.1.9_1","appID":"cleanmasterboosterclean-220808","dateAdded":"220808","deceptorType":"Android App","name":"Clean Master Booster Clean","company":"Pace Corey","version":"1.1.9","sigName":"Deceptor:Android/CleanMasterBoosterClean!103014","lastKnownStatus":"1.1.9","lastKnownDate":"220808","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-08T21:48:28.421203+00:00","notDistributed":false,"familyName":"FakeCleaner","numInFamily":6,"numInAppID":1,"sortOrder":1324},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n The app does not provide an option to close the update prompt and cancel the startup on its own.\n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"TotalFreeSlideshowMaker.exe","fileVersion":"0.0","hashMD5":"639d1d5c5af89cd4ecc7eb3400c965ea","hashSHA1":"2c677d1afbf2acb8199b8cd31179e41af9db5928","hashSHA256":"e6cc3926e8f114bde7b0c944a1f02d4e47c860c033fbb84f4a94871d55d0515f","sourceIndex":"1474","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TotalFreeSlideshowMaker-setup.exe","companyName":"TotalAudio Soft, Inc.                                       ","fileVersion":"0.0","hashMD5":"41514325292ecaf6f044c8dcd86f0927","hashSHA1":"14103e8078b2b18f81ffbf70469adcf555f6b8b5","hashSHA256":"16d531e77998d5296bc4d9595c479b5bf2c6f7fb8ed6dab6739608fd47f6b20b","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1474","avBlockList":["360 Total Security (20220816)","Avast Premium Security (20220816)","AVG Internet Security (20220816)","Avira Internet Security (20220816)","Bitdefender Internet Security (20220816)","Dr.Web Security Space (20220816)","ESET Internet Security (20220816)","G DATA INTERNET SECURITY (20220816)","K7 Total Security (20220816)","Kaspersky Internet Security (20220816)","Malwarebytes Premium (20220816)","McAfee Total Protection (20220816)","Norton Security (20220816)","Panda Dome (20220816)","Quick Heal Internet Security (20220816)","Sophos Home Premium (20220816)","SpyHunter5 (20220816)","Total AV Antivirus Pro (20220816)","Trend Micro Internet Security (20220816)","VIPRE Advanced Security (20220816)","VirIT eXplorer PRO (20220816)","Webroot SecureAnywhere (20220816)","Windows Defender (20220816)"],"avAllowList":["COMODO Antivirus (20220816)","Tencent PC Manager (20220816)"]},{"isRevoked":"False","fileName":"TotalFreeYouTubeDownloader.exe","fileVersion":"0.0","hashMD5":"c67308cb523907c0008633b02b9f0f65","hashSHA1":"29a1bb28a973e2e364102ea2abc02a3a04d15091","hashSHA256":"9a95cd9b10515f604a88760b682ceef62bdbed2eda5769cc643792fb821241f1","sourceIndex":"1474","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TotalFreeYouTubeDownloader-setup.exe","isInstaller":"True","companyName":"TotalAudio Soft, Inc.                                       ","fileVersion":"0.0","hashMD5":"1b5bbbc4b7d841f417f7f1a3bfc4579e","hashSHA1":"7d2dabea30b9fdb3d5a318bbf893ffed07eda5ad","hashSHA256":"9eca81ac84cc724c08bf54fb0702bbcd778a382a48c97fd87d18405120278b8a","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1474","avBlockList":["360 Total Security (20220825)","Avast Premium Security (20220825)","AVG Internet Security (20220825)","Avira Internet Security (20220825)","Bitdefender Internet Security (20220825)","Dr.Web Security Space (20220825)","ESET Internet Security (20220825)","G DATA INTERNET SECURITY (20220825)","K7 Total Security (20220825)","Kaspersky Internet Security (20220825)","Malwarebytes Premium (20220825)","McAfee Total Protection (20220825)","Norton Security (20220825)","Panda Dome (20220825)","Quick Heal Internet Security (20220825)","Sophos Home Premium (20220825)","SpyHunter5 (20220825)","Total AV Antivirus Pro (20220825)","Trend Micro Internet Security (20220825)","VIPRE Advanced Security (20220825)","VirIT eXplorer PRO (20220825)","Webroot SecureAnywhere (20220825)","Windows Defender (20220825)"],"avAllowList":["COMODO Antivirus (20220825)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://www.totalaudioeditor.com/features_freeyoutubedownloader.php","directDownloadingLink":"http://www.totalaudioeditor.com/TotalFreeYouTubeDownloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.totalaudioeditor.com/TotalFreeYouTubeDownloader.exe","sourceIndex":"1474"}],"sampleFiles":["220804/TotalFreeYouTubeDownloader-220803/8.8.1/Samples/TotalFreeYouTubeDownloader.exe","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Samples/TotalFreeYouTubeDownloader-setup.exe"],"imageFiles":["220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-047/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-047/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-047/ACR-047_003_004_offer_declinedoffer.gif","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-010/RK.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-004/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-004/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-004/ACR-047_003_004_offer_declinedoffer.gif","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-083/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-083/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-048/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-048/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-003/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-003/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-003/ACR-047_003_004_offer_declinedoffer.gif","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-118/ACR-118_RetainedComponents.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-057/RK.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-059/RK.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-071/RK.jpg","220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["220804/TotalFreeYouTubeDownloader-220803/8.8.1/Images/ACR-106/RK.jpg"],"guid":"3a531f2f-17b1-41e2-a71d-9212f9b8e48e_8.8.1_1","appID":"TotalFreeYouTubeDownloader-220803","dateAdded":"220804","deceptorType":"App","name":"Total Free YouTube Downloader","company":"TotalAudio Soft, Inc.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220804","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-08-04T22:32:17.173443+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1330},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n The app does not provide an option to close the update prompt and cancel the startup on its own.\n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"TotalFreeSlideshowMaker.exe","fileVersion":"0.0","hashMD5":"639d1d5c5af89cd4ecc7eb3400c965ea","hashSHA1":"2c677d1afbf2acb8199b8cd31179e41af9db5928","hashSHA256":"e6cc3926e8f114bde7b0c944a1f02d4e47c860c033fbb84f4a94871d55d0515f","sourceIndex":"1475","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TotalFreeSlideshowMaker-setup.exe","isInstaller":"True","companyName":"TotalAudio Soft, Inc.                                       ","fileVersion":"0.0","hashMD5":"41514325292ecaf6f044c8dcd86f0927","hashSHA1":"14103e8078b2b18f81ffbf70469adcf555f6b8b5","hashSHA256":"16d531e77998d5296bc4d9595c479b5bf2c6f7fb8ed6dab6739608fd47f6b20b","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1475","avBlockList":["360 Total Security (20220816)","Avast Premium Security (20220816)","AVG Internet Security (20220816)","Avira Internet Security (20220816)","Bitdefender Internet Security (20220816)","Dr.Web Security Space (20220816)","ESET Internet Security (20220816)","G DATA INTERNET SECURITY (20220816)","K7 Total Security (20220816)","Kaspersky Internet Security (20220816)","Malwarebytes Premium (20220816)","McAfee Total Protection (20220816)","Norton Security (20220816)","Panda Dome (20220816)","Quick Heal Internet Security (20220816)","Sophos Home Premium (20220816)","SpyHunter5 (20220816)","Total AV Antivirus Pro (20220816)","Trend Micro Internet Security (20220816)","VIPRE Advanced Security (20220816)","VirIT eXplorer PRO (20220816)","Webroot SecureAnywhere (20220816)","Windows Defender (20220816)"],"avAllowList":["COMODO Antivirus (20220816)","Tencent PC Manager (20220816)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://www.totalaudioeditor.com/features_freeslideshowmaker.php","directDownloadingLink":"http://www.totalaudioeditor.com/TotalFreeSlideshowMaker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.totalaudioeditor.com/TotalFreeSlideshowMaker.exe","sourceIndex":"1475"}],"sampleFiles":["220804/TotalFreeSlideshowMaker-220803/8.8.1/Samples/TotalFreeSlideshowMaker.exe","220804/TotalFreeSlideshowMaker-220803/8.8.1/Samples/TotalFreeSlideshowMaker-setup.exe"],"imageFiles":["220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-047/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-047/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-047/ACR-047_003_004_intall_declined_offer.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-010/RK.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-004/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-004/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-004/ACR-047_003_004_intall_declined_offer.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-083/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-083/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-048/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-003/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-003/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-003/ACR-047_003_004_intall_declined_offer.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-118/ACR-118_Retained_components.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-057/RK.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-059/RK.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-071/RK.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-155/RK.jpg"],"nonDeceptorImageFiles":["220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-002/ACR-002_Mismatched_versions.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-106/RK.jpg","220804/TotalFreeSlideshowMaker-220803/8.8.1/Images/ACR-002/ACR-002_Mismatched_versions.jpg"],"guid":"cb42d24c-4b70-4456-a90a-d5bf7b8f27dc_8.8.1_1","appID":"TotalFreeSlideshowMaker-220803","dateAdded":"220804","deceptorType":"App","name":"Total Free Slideshow Maker","company":"TotalAudio Soft, Inc.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220804","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-08-04T22:30:39.9384468+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1331},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n The app does not provide an option to close the update prompt and cancel the startup on its own.\n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"TotalFreeAudioConverter.exe","fileVersion":"0.0","hashMD5":"c67308cb523907c0008633b02b9f0f65","hashSHA1":"29a1bb28a973e2e364102ea2abc02a3a04d15091","hashSHA256":"9a95cd9b10515f604a88760b682ceef62bdbed2eda5769cc643792fb821241f1","sourceIndex":"1476","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TotalFreeAudioConverter-setup.exe","isInstaller":"True","companyName":"TotalAudio Soft, Inc.                                       ","fileVersion":"0.0","hashMD5":"a33a8968f36c1f59fe9d12ac8d64b9c8","hashSHA1":"5ec6d5d19c27ad2c1b2df1ae5999c4b79ed50638","hashSHA256":"a94334778f1f343e1d67a6e8b547832070fb23d38e362588eaefdd2249507543","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1476","avBlockList":["360 Total Security (20220816)","Avast Premium Security (20220816)","AVG Internet Security (20220816)","Avira Internet Security (20220816)","Bitdefender Internet Security (20220816)","Dr.Web Security Space (20220816)","ESET Internet Security (20220816)","G DATA INTERNET SECURITY (20220816)","K7 Total Security (20220816)","Kaspersky Internet Security (20220816)","Malwarebytes Premium (20220816)","McAfee Total Protection (20220816)","Norton Security (20220816)","Panda Dome (20220816)","Quick Heal Internet Security (20220816)","Sophos Home Premium (20220816)","SpyHunter5 (20220816)","Total AV Antivirus Pro (20220816)","Trend Micro Internet Security (20220816)","VIPRE Advanced Security (20220816)","VirIT eXplorer PRO (20220816)","Webroot SecureAnywhere (20220816)","Windows Defender (20220816)"],"avAllowList":["COMODO Antivirus (20220816)","Tencent PC Manager (20220816)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://www.totalaudioeditor.com/features_freeaudioconverter.php","directDownloadingLink":"http://www.totalaudioeditor.com/TotalFreeAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.totalaudioeditor.com/TotalFreeAudioConverter.exe","sourceIndex":"1476"}],"sampleFiles":["220804/TotalFreeAudioConverter-220803/8.8.1/Samples/TotalFreeAudioConverter.exe","220804/TotalFreeAudioConverter-220803/8.8.1/Samples/TotalFreeAudioConverter-setup.exe"],"imageFiles":["220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-047/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-047/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-047/ACR-047_003_004_intall_declined_offer.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-003/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-003/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-003/ACR-047_003_004_intall_declined_offer.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-004/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-004/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-004/ACR-047_003_004_intall_declined_offer.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-083/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-083/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-048/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-048/ACR-048_047_003_004_083_RK_update_prompt.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-118/ACR-118_Retained_components.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-002/ACR-002_Mismatched_versions.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-106/RelevantKnowledge.jpg","220804/TotalFreeAudioConverter-220803/8.8.1/Images/ACR-002/ACR-002_Mismatched_versions.jpg"],"guid":"e4a635d1-b004-4681-b916-d45acaf8e29c_8.8.1_1","appID":"TotalFreeAudioConverter-220803","dateAdded":"220804","deceptorType":"App","name":"Total Free Audio Converter","company":"TotalAudio Soft, Inc.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220804","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-08-04T22:28:44.8210369+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1332},{"violations":{"ACR-109":"Apps download \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the apps are installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nUnable to close the update prompt.\n","ACR-010":"The apps from \"https://www.coolfreestudio.com/l\" bundler distribute deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The apps attempt to present the offer repeatedly via its update and startup.\n","ACR-084":"The apps create a startup entry without the user's knowledge and consent.\n","ACR-118":"Upon uninstallation, the apps retain some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.\n","ACR-122":"The apps display a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The apps bundle the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the apps are installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The apps mislead users that they need to install an update while actually, it tries to install the per-declined component by the user during the install.\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"Apps offer deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"Apps do not have a digital signature for their main executables.\n","ACR-123":"The apps do not remove their startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"MediaProSoftFreeRingtoneMaker.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"bf097f0f0a70a6eb1a41f02d9e890ac6","hashSHA1":"0af27a86606b351fe0888901ad63f69118733e49","hashSHA256":"121d794e8f38b4753393f023e21096b7c38171fdadabcbd41de9d6e3d176c883","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20221027)","AVG Internet Security (20221027)","Avira Internet Security (20221027)","Bitdefender Internet Security (20221027)","COMODO Antivirus (20221027)","Dr.Web Security Space (20221027)","ESET Internet Security (20221027)","G DATA INTERNET SECURITY (20221027)","K7 Total Security (20221027)","Kaspersky Internet Security (20221027)","Malwarebytes Premium (20221027)","McAfee Total Protection (20221027)","Norton Security (20221027)","Panda Dome (20221027)","Quick Heal Internet Security (20221027)","Sophos Home Premium (20221027)","SpyHunter5 (20221027)","Total AV Antivirus Pro (20221027)","VIPRE Advanced Security (20221027)","VirIT eXplorer PRO (20221027)","Webroot SecureAnywhere (20221027)","Windows Defender (20221027)"],"avAllowList":["360 Total Security (20221027)","Tencent PC Manager (20220811)","Trend Micro Internet Security (20221027)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeMP3Joiner.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"c8210e226e9d6028ee2f59d92f77d09b","hashSHA1":"bd8fcf797b2169d5101a5769077aacc8885b0152","hashSHA256":"a1dbcb1c970bab5f30948e275d9143bca6d9d9c4b0f026d5d93675c36028a8e3","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220811)","Avast Premium Security (20220811)","AVG Internet Security (20220811)","Avira Internet Security (20220811)","Bitdefender Internet Security (20220811)","COMODO Antivirus (20220811)","Dr.Web Security Space (20220811)","ESET Internet Security (20220811)","G DATA INTERNET SECURITY (20220811)","K7 Total Security (20220811)","Kaspersky Internet Security (20220811)","Malwarebytes Premium (20220811)","McAfee Total Protection (20220811)","Norton Security (20220811)","Panda Dome (20220811)","Quick Heal Internet Security (20220811)","Sophos Home Premium (20220811)","SpyHunter5 (20220811)","Total AV Antivirus Pro (20220811)","VIPRE Advanced Security (20220811)","VirIT eXplorer PRO (20220811)","Webroot SecureAnywhere (20220811)","Windows Defender (20220811)"],"avAllowList":["Tencent PC Manager (20220811)","Trend Micro Internet Security (20220811)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeMP3Cutter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"4bacff54ae61b93d05eb4481aa58d623","hashSHA1":"485771ab3e3b9e0942d07fe1a53ad529e951624f","hashSHA256":"1c10e86c254dc772f51355373e40b31392c4444de31758dea7d75bcc550d4abb","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220811)","Avast Premium Security (20220811)","AVG Internet Security (20220811)","Avira Internet Security (20220811)","Bitdefender Internet Security (20220811)","COMODO Antivirus (20220811)","Dr.Web Security Space (20220811)","ESET Internet Security (20220811)","G DATA INTERNET SECURITY (20220811)","K7 Total Security (20220811)","Kaspersky Internet Security (20220811)","Malwarebytes Premium (20220811)","McAfee Total Protection (20220811)","Norton Security (20220811)","Panda Dome (20220811)","Quick Heal Internet Security (20220811)","Sophos Home Premium (20220811)","SpyHunter5 (20220811)","Total AV Antivirus Pro (20220811)","Trend Micro Internet Security (20220811)","VIPRE Advanced Security (20220811)","VirIT eXplorer PRO (20220811)","Webroot SecureAnywhere (20220811)","Windows Defender (20220811)"],"avAllowList":["Tencent PC Manager (20220811)"]},{"isRevoked":"False","fileName":"FreeAudioEditor.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 FAEMedia, Inc.                         ","fileVersion":"0.0","hashMD5":"e646274c6f8c8f89cad6e9aa9975db04","hashSHA1":"128fafdfb591c3542fdf6fc96c72b89bcb459a11","hashSHA256":"9d30e013e6bd6574d96470c7d031a6a587c469503628f7fd01d9344c390f693b","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","McAfee Total Protection (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["360 Total Security (20220804)","COMODO Antivirus (20220804)","Tencent PC Manager (20220804)","Trend Micro Internet Security (20220804)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeHDVideoConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"c25cfd137a6b2171a8365f5499a5431b","hashSHA1":"4fdf0b00ca7badcda521544f95cee0c32862ddbc","hashSHA256":"221fc44746b3dcf6f955684c21eb6966ac49421bdd9269dc3f07ef356fa8c494","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220811)","Avast Premium Security (20220811)","AVG Internet Security (20220811)","Avira Internet Security (20220811)","Bitdefender Internet Security (20220811)","COMODO Antivirus (20220811)","Dr.Web Security Space (20220811)","ESET Internet Security (20220811)","G DATA INTERNET SECURITY (20220811)","K7 Total Security (20220811)","Kaspersky Internet Security (20220811)","Malwarebytes Premium (20220811)","McAfee Total Protection (20220811)","Norton Security (20220811)","Panda Dome (20220811)","Sophos Home Premium (20220811)","SpyHunter5 (20220811)","Total AV Antivirus Pro (20220811)","VIPRE Advanced Security (20220811)","VirIT eXplorer PRO (20220811)","Webroot SecureAnywhere (20220811)","Windows Defender (20220811)"],"avAllowList":["Quick Heal Internet Security (20220811)","Tencent PC Manager (20220811)","Trend Micro Internet Security (20220811)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubeDownloaderHD.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"0f28e308a188e616e8d8bc22f5e48b88","hashSHA1":"644aed2daa078d240a91c97f26e3720b6139afb6","hashSHA256":"a08ea2fdeb27c0259d949441c3b462f96e63852fb4080315cceebe61172a529d","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220816)","Avast Premium Security (20220816)","AVG Internet Security (20220816)","Avira Internet Security (20220816)","Bitdefender Internet Security (20220816)","COMODO Antivirus (20220816)","Dr.Web Security Space (20220816)","ESET Internet Security (20220816)","G DATA INTERNET SECURITY (20220816)","K7 Total Security (20220816)","Kaspersky Internet Security (20220816)","Malwarebytes Premium (20220816)","McAfee Total Protection (20220816)","Norton Security (20220816)","Panda Dome (20220816)","Quick Heal Internet Security (20220816)","Sophos Home Premium (20220816)","SpyHunter5 (20220816)","Total AV Antivirus Pro (20220816)","VIPRE Advanced Security (20220816)","VirIT eXplorer PRO (20220816)","Webroot SecureAnywhere (20220816)","Windows Defender (20220816)"],"avAllowList":["Tencent PC Manager (20220816)","Trend Micro Internet Security (20220816)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoAndroidConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"ab77cbbdb9fa799600320ca14ef7507d","hashSHA1":"31a6db661e82a8ae4fc1e79243e279518821f944","hashSHA256":"5cfc23d2236eebdab157147617f1b8e37bc57a906882c9d09cfb286f11dd1899","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["360 Total Security (20220818)","Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFree3GPVideoConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"a53c253d55867f82ed7bd6cb8ecf5d2b","hashSHA1":"ea51ed23512d87c753c0c9bc98c39a79bfae4fb7","hashSHA256":"87f5140b35b960daaeaa841f6b9c12fc5b3d51b947ef3acdb5bfbd7436cca7a5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["360 Total Security (20220818)","Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoMP3Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"e5025ac38f5b682368b7dc66ba5df166","hashSHA1":"b2641cd62e6af24896e12b983378040ac732ac8b","hashSHA256":"cf1e65b01ca7993379f96e82abb04c00e29325297e8e7b2b07af12fba6470213","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220818)","Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeAudioConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"27cc32a5f365865a3e83256658169671","hashSHA1":"cd3c5f1a78cbe294250e1a183f998dcacca68d27","hashSHA256":"974cc337296fe4318ba60f122aeace529522b8eef2f055db3b65a68047fb48f8","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["360 Total Security (20220818)","Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreePDFMergerSplitter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"ba920fa9aebbcb59db00aa6db5189f5b","hashSHA1":"a0dd67541103f949df387d2cc9dfa516b2f6ef99","hashSHA256":"361c74a82a34fae6adefaf5bd3b2d81474a56b2c2d38bcc81c40ee0883ea6d21","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["360 Total Security (20220818)","Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeISOBurner.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"e335218cb69b8ddec6b12dfcd0d22665","hashSHA1":"7cd73b227eb2075eb3212a9d2c057f9589527cdd","hashSHA256":"ee83a36632053fd4a16cf272e8aee4497d9d328cad5de539cede28690a3684ea","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220818)","Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","Trend Micro Internet Security (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["Tencent PC Manager (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeCDDVDBurner.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"e72e91cd097cbbb29cc1b454d0e7e5a3","hashSHA1":"0a52ffdd5f448f7008910fe777874ed270dd8d39","hashSHA256":"167ee5e0b3a5a0e98f12850c4fd373b52b2c7b7cd98073bdcde9e1731ce7b7de","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220818)","Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDtoiPodConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"5b41513f8b6fc91d0979d0c0307f6b50","hashSHA1":"e2b275174b25f61c5b91f32429791e471087aacc","hashSHA256":"513dc550186ab5aa6e8e91a95df92c20bd15378c543e85ceb121d1f75baff06b","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["360 Total Security (20220818)","Quick Heal Internet Security (20220818)","Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubetoAVIMPEGConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"ce1038f9818c4acddaadf0134deacfea","hashSHA1":"ef892b9e729819ff03dceb7196546ed6360e78df","hashSHA256":"9c1ece5bc3b80e78c8564b4edef32f1f0b34dee78e312207f7b3cd5f8d8987f5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["360 Total Security (20220818)","Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideoJoiner.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"055079237a6f1be3690afaa3e0ccdd8e","hashSHA1":"fd08ecd69fdb13d0a5bdfacce570fa5f1a4a666a","hashSHA256":"a444934ed96442ba20c72098fccf4ae0776a02276f1c6c195877b4decb7076d3","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["360 Total Security (20220818)","Quick Heal Internet Security (20220818)","Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoGIFConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"3942c831e994e49f2258793eaec7f6b6","hashSHA1":"a20b57c94d613b936047a417c0ce5e21ad339a0a","hashSHA256":"cb0ebbe9a8bcfcf79738e65386deffebcc7804824945610b5ddd3bda1cbcc044","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220818)","Avast Premium Security (20220818)","AVG Internet Security (20220818)","Avira Internet Security (20220818)","Bitdefender Internet Security (20220818)","COMODO Antivirus (20220818)","Dr.Web Security Space (20220818)","ESET Internet Security (20220818)","G DATA INTERNET SECURITY (20220818)","K7 Total Security (20220818)","Kaspersky Internet Security (20220818)","Malwarebytes Premium (20220818)","McAfee Total Protection (20220818)","Norton Security (20220818)","Panda Dome (20220818)","Quick Heal Internet Security (20220818)","Sophos Home Premium (20220818)","SpyHunter5 (20220818)","Total AV Antivirus Pro (20220818)","VIPRE Advanced Security (20220818)","VirIT eXplorer PRO (20220818)","Webroot SecureAnywhere (20220818)","Windows Defender (20220818)"],"avAllowList":["Tencent PC Manager (20220818)","Trend Micro Internet Security (20220818)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeSlideshowMaker_rS-TE01.exe","isInstaller":"True","fileVersion":"3.33","hashMD5":"7f4c8b8965614c70f69d50e92a35a392","hashSHA1":"4fc6760468b61a152d3f0195efca84c6a01ead4e","hashSHA256":"f9f88afc61dd8b016a449924263da578bcfe28cf705b006bfa0b644448ead8c2","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeOCR.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"76b37630f37d7f781c2d58d300c2b870","hashSHA1":"59adb7cb9d64ea7f473dd12d6a8e9920f0508ccb","hashSHA256":"3e30b1bfa24cb5ff5cf68697d3dbd1c0dd8b013f71caeb0eefeed63fa585174e","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeScantoPDF.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"c199e96cad7d2073c3beb9e7fe36225f","hashSHA1":"37f4e8bd1fad04547ffa10191c8211155bfce090","hashSHA256":"c3ec4c8805c5ac4fa1edfeff29fd2c700a4c6fbf9eb4c35ba3c3d9c90c9926c9","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeiPhoneVideoConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"3d18a58dc99db43949b370f426f7fd02","hashSHA1":"839967246f1900d74c9987215fdf4e16e55c00d1","hashSHA256":"5de382e773e718beff05832b233486ee219a3113e5467f7559f56ff429f546ab","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoiPodConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"b8f490b383415927a32bd39fce0b4442","hashSHA1":"39fedcd0823d49f0cdf35d187a6dc9cd95d584f0","hashSHA256":"1388a3e87b6006ab6a9ee0a00995809e5af14e70c06f5afb8badfa105334cf50","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeiPodConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"b807a72f1189cf677e2decd42da88903","hashSHA1":"972d6f33338d8879af803018689c0a1a4cafef68","hashSHA256":"ac75160629b05a144676bf1644f9b96a7e6c651c8b7ac52096cb5e2112f5b603","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoWMVConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"7ef8cb889d1d9b57b4331539f9409e0d","hashSHA1":"d095f7fd151bab53e0b8a8878eca06baeec2fc75","hashSHA256":"eaa05a0b5122a25eb72808cd4511d4a8e3bf3317ada23a2e1ecfeef22f21dcf1","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoAVIMPEGConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"9e8599ebdb5a1005a1d992e17e4a23d7","hashSHA1":"3258294463a4d031cb7744c37104abd58b8e1ee4","hashSHA256":"8f4b705233e45a348a321d9881f3dbf84781744d198e59609edc9226c645f547","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoiPadConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"60e8c97d374293b5e4aea1671beeadb1","hashSHA1":"1648869eb81f2d3843c6385ad25deb04c6f1ffe5","hashSHA256":"3286b463935312493961132960d92f85a12b8bd147d3cbaa05718a239250599f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoFLVConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"83c3c0743728debcad3512b0bdde0714","hashSHA1":"78a8a5370499fea1daf2248444be38394cc0ea40","hashSHA256":"393c7443f3cce8febb702d12cd4c78efbd86a834dced301eeee3a7ddcb1b8cca","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoMP4Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"550f89545ae9df81f8993b535c6f7067","hashSHA1":"de6dc1a46f2c0650bef24dce904548d28d338513","hashSHA256":"0ad58c12a48acad0d5302729af22817db8753365e58b709316f7829a87561006","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideoto3GPConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"49a6111b279b9d57839b533fe5dc7554","hashSHA1":"3c87df859df64b7113aac72a6c5acbedfe94fea8","hashSHA256":"ef01f541d8fdddb933971cd4d79be06c487585c8a6c5f622490934f12cd72509","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideotoPSPConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"3bf1e390bff1f0cf11d8c2e29a74f527","hashSHA1":"a31c3b719f00f89add33021997c3001ba368564a","hashSHA256":"d25419e42e50da29a366a1a29b68d698988855fd1de2f3c1e6c9169b5c909b7f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220825)","AVG Internet Security (20220825)","Avira Internet Security (20220825)","Bitdefender Internet Security (20220825)","COMODO Antivirus (20220825)","Dr.Web Security Space (20220825)","ESET Internet Security (20220825)","G DATA INTERNET SECURITY (20220825)","K7 Total Security (20220825)","Kaspersky Internet Security (20220825)","Malwarebytes Premium (20220825)","McAfee Total Protection (20220825)","Norton Security (20220825)","Panda Dome (20220825)","Quick Heal Internet Security (20220825)","Sophos Home Premium (20220825)","SpyHunter5 (20220825)","Total AV Antivirus Pro (20220825)","VIPRE Advanced Security (20220825)","VirIT eXplorer PRO (20220825)","Webroot SecureAnywhere (20220825)","Windows Defender (20220825)"],"avAllowList":["360 Total Security (20220825)","Trend Micro Internet Security (20220825)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeFLVtoAVIConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"4c44299d901308a635a785e3aa135203","hashSHA1":"812d9e7a8d7150a7aa89d921916e96ce64c20dc0","hashSHA256":"f06ba551e43daaa8a160fcb713a66fde1a24719279bcbd095703a613417e32c1","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220825)","AVG Internet Security (20220825)","Avira Internet Security (20220825)","Bitdefender Internet Security (20220825)","COMODO Antivirus (20220825)","Dr.Web Security Space (20220825)","ESET Internet Security (20220825)","G DATA INTERNET SECURITY (20220825)","K7 Total Security (20220825)","Kaspersky Internet Security (20220825)","Malwarebytes Premium (20220825)","McAfee Total Protection (20220825)","Norton Security (20220825)","Panda Dome (20220825)","Quick Heal Internet Security (20220825)","Sophos Home Premium (20220825)","SpyHunter5 (20220825)","Total AV Antivirus Pro (20220825)","VIPRE Advanced Security (20220825)","VirIT eXplorer PRO (20220825)","Webroot SecureAnywhere (20220825)","Windows Defender (20220825)"],"avAllowList":["360 Total Security (20220825)","Trend Micro Internet Security (20220825)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeMOVtoAVIConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"9356d811f92251c99e83f747079fc1f0","hashSHA1":"f3bf5644cd979d7f6570fe547208bee2d3e2d390","hashSHA256":"18b0e7179a8962894a1ee3aeb50223509fa10b282b6866b9a2c658d51766d048","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220825)","AVG Internet Security (20220825)","Avira Internet Security (20220825)","Bitdefender Internet Security (20220825)","COMODO Antivirus (20220825)","Dr.Web Security Space (20220825)","ESET Internet Security (20220825)","G DATA INTERNET SECURITY (20220825)","K7 Total Security (20220825)","Kaspersky Internet Security (20220825)","Malwarebytes Premium (20220825)","McAfee Total Protection (20220825)","Norton Security (20220825)","Panda Dome (20220825)","Quick Heal Internet Security (20220825)","Sophos Home Premium (20220825)","SpyHunter5 (20220825)","Total AV Antivirus Pro (20220825)","VIPRE Advanced Security (20220825)","VirIT eXplorer PRO (20220825)","Webroot SecureAnywhere (20220825)","Windows Defender (20220825)"],"avAllowList":["360 Total Security (20220825)","Trend Micro Internet Security (20220825)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeWMVtoAVIMPEGConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"a63fef4c9421a5fd36d6d0270bc2f2fc","hashSHA1":"85cc30bb9c8d2aeb35a1a542ab365e9fbaa86cd0","hashSHA256":"24b7fdbb4b9a3002c15723a988e5dccd93667730e6a8b2cda950b97456389d50","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220825)","AVG Internet Security (20220825)","Avira Internet Security (20220825)","Bitdefender Internet Security (20220825)","COMODO Antivirus (20220825)","Dr.Web Security Space (20220825)","ESET Internet Security (20220825)","G DATA INTERNET SECURITY (20220825)","K7 Total Security (20220825)","Kaspersky Internet Security (20220825)","Malwarebytes Premium (20220825)","McAfee Total Protection (20220825)","Norton Security (20220825)","Panda Dome (20220825)","Quick Heal Internet Security (20220825)","Sophos Home Premium (20220825)","SpyHunter5 (20220825)","Total AV Antivirus Pro (20220825)","VIPRE Advanced Security (20220825)","VirIT eXplorer PRO (20220825)","Webroot SecureAnywhere (20220825)","Windows Defender (20220825)"],"avAllowList":["360 Total Security (20220825)","Trend Micro Internet Security (20220825)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeWebMtoMP4Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"44216cecea865e29c6a93ffbce0f24b2","hashSHA1":"8c52a91d2709c7c88053f0a19fd652377ab5552c","hashSHA256":"1fd43bcf312ba16d89b3a952e0190c5cb9f4bc7153d7f37401a9d5619f0876cf","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220825)","Avast Premium Security (20220825)","AVG Internet Security (20220825)","Avira Internet Security (20220825)","Bitdefender Internet Security (20220825)","COMODO Antivirus (20220825)","Dr.Web Security Space (20220825)","ESET Internet Security (20220825)","G DATA INTERNET SECURITY (20220825)","K7 Total Security (20220825)","Kaspersky Internet Security (20220825)","Malwarebytes Premium (20220825)","McAfee Total Protection (20220825)","Norton Security (20220825)","Panda Dome (20220825)","Quick Heal Internet Security (20220825)","Sophos Home Premium (20220825)","SpyHunter5 (20220825)","Total AV Antivirus Pro (20220825)","VIPRE Advanced Security (20220825)","VirIT eXplorer PRO (20220825)","Webroot SecureAnywhere (20220825)","Windows Defender (20220825)"],"avAllowList":["Trend Micro Internet Security (20220825)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeMP4toAVIConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"e3ccf351c1ddd211f74066c1fb0e3b78","hashSHA1":"8b1a9bb83db519b70dc2bdad67fd600becad6a23","hashSHA256":"5beefd1a6ce70352a5dec508defab0c63240488cb69377e269a46aeeb4db52b8","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220825)","AVG Internet Security (20220825)","Avira Internet Security (20220825)","Bitdefender Internet Security (20220825)","COMODO Antivirus (20220825)","Dr.Web Security Space (20220825)","ESET Internet Security (20220825)","G DATA INTERNET SECURITY (20220825)","K7 Total Security (20220825)","Kaspersky Internet Security (20220825)","Malwarebytes Premium (20220825)","McAfee Total Protection (20220825)","Norton Security (20220825)","Panda Dome (20220825)","Quick Heal Internet Security (20220825)","Sophos Home Premium (20220825)","SpyHunter5 (20220825)","Total AV Antivirus Pro (20220825)","VIPRE Advanced Security (20220825)","VirIT eXplorer PRO (20220825)","Webroot SecureAnywhere (20220825)","Windows Defender (20220825)"],"avAllowList":["360 Total Security (20220825)","Trend Micro Internet Security (20220825)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubetoWMVConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"8abe0714de1a03b1cb078111f77c2c18","hashSHA1":"a439b65c545c1d483ca816118e2ed7d1b6219e7f","hashSHA256":"41c84a2e56c80c48ecc80e561322f02447d08e6e85e30fbc515ed0911aaf2520","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220830)","AVG Internet Security (20220830)","Avira Internet Security (20220830)","Bitdefender Internet Security (20220830)","COMODO Antivirus (20220830)","Dr.Web Security Space (20220830)","ESET Internet Security (20220830)","G DATA INTERNET SECURITY (20220830)","K7 Total Security (20220830)","Kaspersky Internet Security (20220830)","Malwarebytes Premium (20220830)","McAfee Total Protection (20220830)","Norton Security (20220830)","Panda Dome (20220830)","Quick Heal Internet Security (20220830)","Sophos Home Premium (20220830)","SpyHunter5 (20220830)","Total AV Antivirus Pro (20220830)","VIPRE Advanced Security (20220830)","VirIT eXplorer PRO (20220830)","Webroot SecureAnywhere (20220830)","Windows Defender (20220830)"],"avAllowList":["360 Total Security (20220830)","Trend Micro Internet Security (20220830)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeMobileMediaConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"89706bcfcbe29910a72e66f5f451bdb7","hashSHA1":"bcadf4ceebfe76457ca5f3d6dd604fab086e346f","hashSHA256":"2b7466aff2f8d1c2e54feac7beace96bc765c983099104410e3843c5927fcfc7","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220830)","AVG Internet Security (20220830)","Avira Internet Security (20220830)","Bitdefender Internet Security (20220830)","COMODO Antivirus (20220830)","Dr.Web Security Space (20220830)","ESET Internet Security (20220830)","G DATA INTERNET SECURITY (20220830)","K7 Total Security (20220830)","Kaspersky Internet Security (20220830)","Malwarebytes Premium (20220830)","McAfee Total Protection (20220830)","Norton Security (20220830)","Panda Dome (20220830)","Quick Heal Internet Security (20220830)","Sophos Home Premium (20220830)","SpyHunter5 (20220830)","Total AV Antivirus Pro (20220830)","VIPRE Advanced Security (20220830)","VirIT eXplorer PRO (20220830)","Webroot SecureAnywhere (20220830)","Windows Defender (20220830)"],"avAllowList":["360 Total Security (20220830)","Trend Micro Internet Security (20220830)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeMP4VideoConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"3efce96c6b632f48d79d434f5d979c57","hashSHA1":"41a46ac0e90c72793ac9a7886adc4149678af0e4","hashSHA256":"6a5f46245797042e0058b8115d5991193eea82858e043847d3c0dd980ce597ce","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220830)","AVG Internet Security (20220830)","Avira Internet Security (20220830)","Bitdefender Internet Security (20220830)","COMODO Antivirus (20220830)","Dr.Web Security Space (20220830)","ESET Internet Security (20220830)","G DATA INTERNET SECURITY (20220830)","K7 Total Security (20220830)","Kaspersky Internet Security (20220830)","Malwarebytes Premium (20220830)","McAfee Total Protection (20220830)","Norton Security (20220830)","Panda Dome (20220830)","Quick Heal Internet Security (20220830)","Sophos Home Premium (20220830)","SpyHunter5 (20220830)","Total AV Antivirus Pro (20220830)","VIPRE Advanced Security (20220830)","VirIT eXplorer PRO (20220830)","Webroot SecureAnywhere (20220830)","Windows Defender (20220830)"],"avAllowList":["360 Total Security (20220830)","Trend Micro Internet Security (20220830)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeFLVVideoConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"6b4f3b6af66d07a815db06e4013eacee","hashSHA1":"9a8c6b593e5e94e7de315a75af6177049242914e","hashSHA256":"3651046e2734c56762ad7095d5d06af31a4a677a42b2071ac378199e9dd82d61","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220830)","AVG Internet Security (20220830)","Avira Internet Security (20220830)","Bitdefender Internet Security (20220830)","COMODO Antivirus (20220830)","Dr.Web Security Space (20220830)","ESET Internet Security (20220830)","G DATA INTERNET SECURITY (20220830)","K7 Total Security (20220830)","Kaspersky Internet Security (20220830)","Malwarebytes Premium (20220830)","McAfee Total Protection (20220830)","Norton Security (20220830)","Panda Dome (20220830)","Quick Heal Internet Security (20220830)","Sophos Home Premium (20220830)","SpyHunter5 (20220830)","Total AV Antivirus Pro (20220830)","VIPRE Advanced Security (20220830)","VirIT eXplorer PRO (20220830)","Webroot SecureAnywhere (20220830)","Windows Defender (20220830)"],"avAllowList":["360 Total Security (20220830)","Trend Micro Internet Security (20220830)"]},{"isRevoked":"False","fileName":"MediaProSoftFree3GPtoAVIConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"5f2d0c72180ffcac97295fae4c584515","hashSHA1":"3a6a34ca9a69fec186f51f98c72e7ef4705fd7bd","hashSHA256":"af573d93ce5c32853f9b869f811fa8e6e17cc3057414666594cfdb75106965e9","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220830)","AVG Internet Security (20220830)","Avira Internet Security (20220830)","Bitdefender Internet Security (20220830)","COMODO Antivirus (20220830)","Dr.Web Security Space (20220830)","ESET Internet Security (20220830)","G DATA INTERNET SECURITY (20220830)","K7 Total Security (20220830)","Kaspersky Internet Security (20220830)","Malwarebytes Premium (20220830)","McAfee Total Protection (20220830)","Norton Security (20220830)","Panda Dome (20220830)","Sophos Home Premium (20220830)","SpyHunter5 (20220830)","Total AV Antivirus Pro (20220830)","VIPRE Advanced Security (20220830)","VirIT eXplorer PRO (20220830)","Webroot SecureAnywhere (20220830)","Windows Defender (20220830)"],"avAllowList":["360 Total Security (20220830)","Quick Heal Internet Security (20220830)","Trend Micro Internet Security (20220830)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubetoFLVConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"1fafbe6d55fce8cc7399081f45decadc","hashSHA1":"665d0b8d95052077e5ee7afcbd52119c1e20d837","hashSHA256":"e31c751491882f36847ddbe1ef968eb233f53bd58d65af9d35a8724f62f05c8f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220830)","AVG Internet Security (20220830)","Avira Internet Security (20220830)","Bitdefender Internet Security (20220830)","COMODO Antivirus (20220830)","Dr.Web Security Space (20220830)","ESET Internet Security (20220830)","G DATA INTERNET SECURITY (20220830)","K7 Total Security (20220830)","Kaspersky Internet Security (20220830)","Malwarebytes Premium (20220830)","McAfee Total Protection (20220830)","Norton Security (20220830)","Panda Dome (20220830)","Sophos Home Premium (20220830)","SpyHunter5 (20220830)","Total AV Antivirus Pro (20220830)","VIPRE Advanced Security (20220830)","VirIT eXplorer PRO (20220830)","Webroot SecureAnywhere (20220830)","Windows Defender (20220830)"],"avAllowList":["360 Total Security (20220830)","Quick Heal Internet Security (20220830)","Trend Micro Internet Security (20220830)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubetoMP4Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"ce6e909223eb2451e6cee811b937b8c7","hashSHA1":"3162f0b1763a7252ac4b358997c81572c4422e9b","hashSHA256":"d4a3be430d847f078aa1f91986c6181d542dc0bafc81387c52eeafd6a08a0904","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Quick Heal Internet Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubeto3GPConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"e4926143074e1612b939133f88b54410","hashSHA1":"9d2c77df5cfc771e6ae43e026a15f0d87d986581","hashSHA256":"81a748a5d924d90807c9775e32ff5577b017172498e2fa952cc9495b065821f0","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubetoPSPConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"1d697afdf9900f5663e8a87c6af6e935","hashSHA1":"7df575265de5d64274460ef175d6cd1347c701f4","hashSHA256":"10b2064e2f168920bdf578a599c7b9b30a6361dd6e55fc734bcdac7b4f959c3a","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220901)","Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubetoiPodConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"8cc5550d49f50c9662d03c0a8ec207b9","hashSHA1":"888d4a4027b2730ab6761fc6b281fab5cb78b9fd","hashSHA256":"d11edb018d134bc7f6827691fe2f1e17af341412fe10c7bbb0e2a42c8e996af9","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDtoiPadConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"4b147e45937c0991977401dff3f5eb91","hashSHA1":"2b05e1065b3629fe243a71a237369ff5b73b8027","hashSHA256":"30737cc60378388d286f13098cdff29202f6d6525e0b398b61e6a259ef147e64","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDtoAVIMPEGConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"8e31cac3009378d9621de06b509a0dce","hashSHA1":"545f648532a9f8720462e573e5efe3f11e9a766d","hashSHA256":"13901def1e491d9dfaf692e3f35e333112ad00d734a3cb0926036bc3277e7a87","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDtoWMVConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"de60302978f13b92177a7110577fd23c","hashSHA1":"91278822b489d94281228843ffd54a503e0d0dc1","hashSHA256":"9ed363ad9a81e07d4ca0d3fb49330b02013cd417effe9146c0cf2152dfb507f2","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Quick Heal Internet Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDRipper.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"d4e9964791c61f75d995300b81aa3fe4","hashSHA1":"7ddc97c50ddb8d469700256fdf9593b629e409ee","hashSHA256":"672caa01fee2be5fe3001218ec62a89aab0b619e6f68fe799816a2e8c85c5b23","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220901)","Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubetoMP3Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"83feed85596382f6dc8f4812fb4876c7","hashSHA1":"c982765a77b1d797ed941bccbd22345421b395e7","hashSHA256":"b4c601aa461d2ea0f28b502d0f70b32b0c0b8450aba56fb71e3d65207da83d2a","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDtoMP3Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"c0259f53fe4b919e46982914a63ceed6","hashSHA1":"c3be95aae884af3446367f1e300122f34466ffa8","hashSHA256":"017cb37b22443b1de30a1dc4740c93579f24dc19f31496f65e0b49bf0c7c9bc0","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDtoFLVConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"893a809ffa8ceae4868bfa4c47a45e4c","hashSHA1":"4a1a84d9e7428cb57750bbf5c272b9da306268cd","hashSHA256":"c87120ac10c307cd802c6ee17e8e14f3fdf3038b4258e12d1c5981e7e92822c5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220901)","AVG Internet Security (20220901)","Avira Internet Security (20220901)","Bitdefender Internet Security (20220901)","COMODO Antivirus (20220901)","Dr.Web Security Space (20220901)","ESET Internet Security (20220901)","G DATA INTERNET SECURITY (20220901)","K7 Total Security (20220901)","Kaspersky Internet Security (20220901)","Malwarebytes Premium (20220901)","McAfee Total Protection (20220901)","Norton Security (20220901)","Panda Dome (20220901)","Quick Heal Internet Security (20220901)","Sophos Home Premium (20220901)","SpyHunter5 (20220901)","Total AV Antivirus Pro (20220901)","VIPRE Advanced Security (20220901)","VirIT eXplorer PRO (20220901)","Webroot SecureAnywhere (20220901)","Windows Defender (20220901)"],"avAllowList":["360 Total Security (20220901)","Trend Micro Internet Security (20220901)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDtoMP4Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"50dbe622e660ca973d2c4840e49d6edb","hashSHA1":"8ff756fe5eec03d048038ed5cc193797be7ffba6","hashSHA256":"ee3576682a19d986bae5215ad8bd79af437e0145c49d84dda36a6c0f679606c3","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":["360 Total Security (20220906)","Trend Micro Internet Security (20220906)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDto3GPConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"0c91ed94465a84c98e158697a97f149d","hashSHA1":"7c8bac32f577784896408c8eb4318e5bb5ab1dd9","hashSHA256":"e8372125c59ff2069e534e9f5405c4fbc4f779b2c2a722dde771bbffdaa06f5a","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":["360 Total Security (20220906)","Trend Micro Internet Security (20220906)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeDVDtoPSPConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"0e7bfd44d3614a88c7c44e7f85044adc","hashSHA1":"9560d6bdc08ff2dc237d2bf2e5904a0addd525ee","hashSHA256":"29443535777422d39f8d259770adb28faecae12d69e0d7987bb05656e4fb9403","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":["360 Total Security (20220906)","Trend Micro Internet Security (20220906)"]},{"isRevoked":"False","fileName":"FreeSoundRecorder.exe","isInstaller":"True","companyName":"Copyright© 2005-2015 FreeSoundRecorder Technologies, Inc.   ","fileVersion":"0.0","hashMD5":"f8c8e40ce90482f461213e9f530b0b6e","hashSHA1":"6890b07d439d6be2c077c17c1594dec695983452","hashSHA256":"fa85833339b1110ea8e94d8fb223d2e65a6c56128c72d3486c44349aa2cd0a35","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220906)","Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","Trend Micro Internet Security (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreePDFtoWordTXTConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"792faca1f0eab389b3efb730f9dbf911","hashSHA1":"95f1b934e036195c1b873209deff7cbe1fa42144","hashSHA256":"90f8b977338400e85a31d638932b3980b70851b36684229be44d923eb636aae2","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":["360 Total Security (20220906)","Trend Micro Internet Security (20220906)"]},{"isRevoked":"False","fileName":"MediaProSoftFreePDFtoJPGConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"29a15e0082bf68f8ae6130e9031ae2d6","hashSHA1":"be5ae91a6914aa2e8dd53c1031655b64ccc0d238","hashSHA256":"eb874af20dff3924330547cd708b8f36859c06edf8484507a256a2b5cdbcab83","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220906)","Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":["Trend Micro Internet Security (20220906)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeFLACtoMP3Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"3237c131c47315deb4e1e7f43c6b41c6","hashSHA1":"ab7790bb612fd53b53446bcd273a15cf9939ea40","hashSHA256":"2d1a4bce62c3d62039e22e90d1573c01397925bc9637cb72e4c2c74953071493","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220906)","Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","Trend Micro Internet Security (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeM4atoMP3Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"3c179bcf245687213783756a15cc79b5","hashSHA1":"a756867df8a3426c05c9d884e970047b3f752237","hashSHA256":"e57654b1d76327ede2eb10b548451285af187af0f5999fe6814b4e62b9f3bb72","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":["360 Total Security (20220906)","Trend Micro Internet Security (20220906)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeWMAtoMP3Converter.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"26b19334240d37bcb0cdf2a1075b2f2b","hashSHA1":"5304577f16eec4116b29961bbd6b24c4fca6c18c","hashSHA256":"9fdf82b32f4b63587683679800469f1ad758b1a2c9d85d6f3c74b62e35c10f0e","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":["360 Total Security (20220906)","Trend Micro Internet Security (20220906)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeISOCreator.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"e1316294f75501b58b39295c2a1161d9","hashSHA1":"c5622117867a173917b60c101324eb7c33205806","hashSHA256":"4e3142468f9d9e8d2d2f73e60487b6c3a52b539e9f4a1c73e8970c0bfd5b1f15","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220908)","Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","COMODO Antivirus (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":["Trend Micro Internet Security (20220908)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeISORipper.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.                                      ","fileVersion":"0.0","hashMD5":"c3aa893a6382189a5ae4cc584858029b","hashSHA1":"68093644c835f7a92875fb1ef03cde541ba13fa0","hashSHA256":"28d182291a4c562fa43f505c20e87e0350dbe66ef0ae40fb95a731faaee3d324","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1472","avBlockList":["360 Total Security (20220908)","Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","COMODO Antivirus (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","Trend Micro Internet Security (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.coolfreestudio.com/","directDownloadingLink":"https://www.coolfreestudio.com/products.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.coolfreestudio.com/products.html","sourceIndex":"1472"}],"sampleFiles":["220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeRingtoneMaker.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeMP3Joiner.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeMP3Cutter.exe","220804/MediaProSoftBundle-220804/220804/Samples/FreeAudioEditor.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeHDVideoConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubeDownloaderHD.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoAndroidConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFree3GPVideoConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoMP3Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeAudioConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreePDFMergerSplitter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeISOBurner.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeCDDVDBurner.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDtoiPodConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubetoAVIMPEGConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideoJoiner.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoGIFConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeSlideshowMaker_rS-TE01.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeOCR.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeScantoPDF.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeiPhoneVideoConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoiPodConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeiPodConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoWMVConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoAVIMPEGConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoiPadConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoFLVConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoMP4Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideoto3GPConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeVideotoPSPConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeFLVtoAVIConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeMOVtoAVIConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeWMVtoAVIMPEGConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeWebMtoMP4Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeMP4toAVIConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubetoWMVConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeMobileMediaConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeMP4VideoConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeFLVVideoConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFree3GPtoAVIConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubetoFLVConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubetoMP4Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubeto3GPConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubetoPSPConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubetoiPodConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDtoiPadConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDtoAVIMPEGConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDtoWMVConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDRipper.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeYouTubetoMP3Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDtoMP3Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDtoFLVConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDtoMP4Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDto3GPConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeDVDtoPSPConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/FreeSoundRecorder.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreePDFtoWordTXTConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreePDFtoJPGConverter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeFLACtoMP3Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeM4atoMP3Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeWMAtoMP3Converter.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeISOCreator.exe","220804/MediaProSoftBundle-220804/220804/Samples/MediaProSoftFreeISORipper.exe"],"imageFiles":["220804/MediaProSoftBundle-220804/220804/Images/ACR-109/ACR-109_Install_Install_RK.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-047/ACR-047_1.mp4","220804/MediaProSoftBundle-220804/220804/Images/ACR-048/ACR-048_Install_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-010/ACR-010_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-083/ACR-083_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-083/ACR-083_2.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-084/ACR-084_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-048/ACR-048_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-014/ACR-014_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-014/ACR-014_1.mp4","220804/MediaProSoftBundle-220804/220804/Images/ACR-118/ACR-118_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-118/ACR-118_2.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-118/ACR-118_3.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-122/ACR-122_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-075/ACR-075_1.mp4","220804/MediaProSoftBundle-220804/220804/Images/ACR-057/ACR-057_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-059/ACR-059_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-071/ACR-071_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220804/MediaProSoftBundle-220804/220804/Images/ACR-106/ACR-106-1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-092/ACR-092_1.JPG","220804/MediaProSoftBundle-220804/220804/Images/ACR-123/ACR-123_.JPG"],"guid":"bb8e9472-06a6-4eca-a667-24303c35716f_220804_1","appID":"MediaProSoftBundle-220804","dateAdded":"220804","deceptorType":"Bundler","name":"MediaProSoft Bundle","company":"MediaProSoft Co., Ltd.","version":"220804","lastKnownStatus":"220804","lastKnownDate":"220804","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-04T22:35:18.2568566+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1333},{"violations":{"ACR-010":"The apps from \"https://www.coolfreestudio.com/\" distribute deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://www.coolfreestudio.com/","ipv4":"","ipv6":"","sourceIndex":"1473"}],"sampleFiles":[],"imageFiles":["220804/MediaProSoft-220804/220804/Images/ACR-010/ACR-010_1.JPG"],"nonDeceptorImageFiles":[],"guid":"f1663d8a-d98f-4450-90b8-edfe1a695a0e_220804_1","appID":"MediaProSoft-220804","dateAdded":"220804","deceptorType":"Affiliate","name":"MediaProSoft","company":"MediaProSoft Co., Ltd.","version":"220804","lastKnownStatus":"220804","lastKnownDate":"220804","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-04T22:33:50.2600822+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1334},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n The app does not provide an option to close the update prompt and cancel the startup on its own.\n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"TotalFreeVideoConverter.exe","fileVersion":"0.0","hashMD5":"c67308cb523907c0008633b02b9f0f65","hashSHA1":"29a1bb28a973e2e364102ea2abc02a3a04d15091","hashSHA256":"9a95cd9b10515f604a88760b682ceef62bdbed2eda5769cc643792fb821241f1","sourceIndex":"1479","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TotalFreeVideoConverter-setup.exe","isInstaller":"True","companyName":"TotalAudio Soft, Inc.                                       ","fileVersion":"0.0","hashMD5":"69200082120870840cfbfb29d35bebde","hashSHA1":"91b8376faa541322adc76a16cc9044f94c8397b7","hashSHA256":"6f083cbf774467387bc00243a05a8895a13b6f2f6d35573d24b5457283fec65f","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1479","avBlockList":["360 Total Security (20220908)","Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","COMODO Antivirus (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":["Trend Micro Internet Security (20220908)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://totalaudioeditor.com/features_freevideoconverter.php","directDownloadingLink":"http://www.totalaudioeditor.com/TotalFreeVideoConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.totalaudioeditor.com/TotalFreeVideoConverter.exe","sourceIndex":"1479"}],"sampleFiles":["220803/TotalFreeVideoConverter-220803/8.8.1/Samples/TotalFreeVideoConverter.exe","220803/TotalFreeVideoConverter-220803/8.8.1/Samples/TotalFreeVideoConverter-setup.exe"],"imageFiles":["220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-047/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-047/ACR-047_003_004_intall_declined_offer.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-047/ACR-048_047_003_004_083_RK_update_prompt.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-004/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-004/ACR-047_003_004_intall_declined_offer.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-004/ACR-048_047_003_004_083_RK_update_prompt.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-083/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-083/ACR-048_047_003_004_083_RK_update_prompt.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-048/ACR-048_047_003_004_083_RK_update_prompt.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-048/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-003/ACR-047_003_004_083_RK_update_prompt-startup.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-003/ACR-047_003_004_intall_declined_offer.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-118/ACR-118_Retained_components.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-002/ACR-002_Mismatched_versions.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-106/RelevantKnowledge.jpg","220803/TotalFreeVideoConverter-220803/8.8.1/Images/ACR-002/ACR-002_Mismatched_versions.jpg"],"guid":"0bf1c9b4-8275-4ebf-a01f-6a72e34bf775_8.8.1_1","appID":"TotalFreeVideoConverter-220803","dateAdded":"220803","deceptorType":"App","name":"Total Free Video Converter","company":"TotalAudio Soft, Inc.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220803","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-08-03T20:57:45.270187+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1335},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-043":"Third-party components 'FFMpeg' are installed without any disclosure.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'FFMpeg'.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (MediaProSoftFreeVideoConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MediaProSoft Free Video Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1477","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MediaProSoft Free Video Converter\\MediaProSoftFreeVideoConverter.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1477","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeVideoConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co. Ltd.                                      ","productName":"MediaProSoft Free Video Converter                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"5e83acb504f969cde22b086e49f37b33","hashSHA1":"412a2047277b1888eee60be63823c3f87f38d8a5","hashSHA256":"02826fd3c80300fa80a46285a2029a9329b453d65223f3ae230e819f3bda5157","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1477","avBlockList":["Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","COMODO Antivirus (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":["360 Total Security (20220908)","Trend Micro Internet Security (20220908)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.coolfreestudio.com/freevideoconverter/index.php","directDownloadingLink":"http://www.coolfreestudio.com/MediaProSoftFreeVideoConverter.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"http://www.coolfreestudio.com/MediaProSoftFreeVideoConverter.exe","sourceIndex":"1477"}],"sampleFiles":["220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Samples/MediaProSoftFreeVideoConverter.exe"],"imageFiles":["220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-109/ACR-109_Install_Install_RK.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-043/ACR-043_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-047/ACR-047_1.mp4","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-107/ACR-107.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-010/ACR-010_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-083/ACR-083_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-083/ACR-083_2.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-084/ACR-084_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-048/ACR-048_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-048/ACR-048_2.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-048/ACR-048_3.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-014/ACR-014_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-014/ACR-014_1.mp4","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-118/ACR-118_2.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-118/ACR-118_3.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-122/ACR-122_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-075/ACR-075_1.mp4","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-057/ACR-057_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-059/ACR-059_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-071/ACR-071_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-106/ACR-106-1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-092/ACR-092_1.JPG","220803/mediaprosoftfreevideoconverter-220803/8.8.2.4/Images/ACR-123/ACR-123_.JPG"],"guid":"eb73fd2e-f41a-4168-a1a6-78cb55a5c15b_8.8.2.4_1","appID":"mediaprosoftfreevideoconverter-220803","dateAdded":"220803","deceptorType":"Bundler","name":"MediaProSoft Free Video Converter","company":"MediaProSoft Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220803","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-03T21:00:15.4991135+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1336},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"After uninstall and reboot, the app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (MediaProSoftFreeJPGtoPDFConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MediaProSoft Free JPG to PDF Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1478","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MediaProSoft Free JPG to PDF Converter\\MediaProSoftFreeJPGtoPDFConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1478","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeJPGtoPDFConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co. Ltd.                                      ","productName":"MediaProSoft Free JPG to PDF Converter                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"05e055b121d360ecd57c7aa4c3bcc4ca","hashSHA1":"366da5ebaaa7e70caa96dca2b562f014d3417379","hashSHA256":"ff6851176ef33d4b1e69337160c49a2cbb8e74624a67ba007591f0bf01c5aef7","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1478","avBlockList":["Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","COMODO Antivirus (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":["360 Total Security (20220908)","Trend Micro Internet Security (20220908)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.coolfreestudio.com/freejpgtopdfconverter/index.php","directDownloadingLink":"http://www.coolfreestudio.com/MediaProSoftFreeJPGtoPDFConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.coolfreestudio.com/MediaProSoftFreeJPGtoPDFConverter.exe","sourceIndex":"1478"}],"sampleFiles":["220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Samples/MediaProSoftFreeJPGtoPDFConverter.exe"],"imageFiles":["220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-109/ACR-109_Install_Installs_RK.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-010/ACR-010_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-083/ACR-083_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-083/ACR-083_1 (2).JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-084/ACR-084_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-059/ACR-059_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-071/ACR-071_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-155/ACR-155_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-057/ACR-057_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-047/ACR-047_1.mp4","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-048/ACR-048-1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-048/ACR-048_2.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-048/ACR-048_3.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-014/ACR-014-1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-014/ACR-014-1.mp4","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-118/ACR-118_2.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-118/ACR-118_3.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-122/ACR-122_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-075/ACR-075_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-075/ACR-075_1.mp4"],"nonDeceptorImageFiles":["220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-106/ACR-106_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-092/ACR-092_1.JPG","220803/mediaprosoftfreejpgtopdfconverter-220803/8.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"84d2116d-401d-4f6f-a975-5e58b424017d_8.8.2.4_1","appID":"mediaprosoftfreejpgtopdfconverter-220803","dateAdded":"220803","deceptorType":"Bundler","name":"MediaProSoft Free JPG to PDF Converter","company":"MediaProSoft Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220803","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-03T20:59:01.7224985+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1337},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-043":"Third-party components 'FFMpeg' are installed without any disclosure.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'FFMpeg'\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”. \nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (MediaProSoftFreeYouTubeConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MediaProSoft Free YouTube Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1483","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MediaProSoft Free YouTube Converter\\MediaProSoftFreeYouTubeConverter.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1483","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreeYouTubeConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co. Ltd.                                      ","productName":"MediaProSoft Free YouTube Converter                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"901b661b4221978227f42dacf043eeb7","hashSHA1":"0f43c3d778095ebac59740dac4cf861332e31219","hashSHA256":"d8934708cebc9c66dd0cc7f740df7d80793fe5b3684f5631df71ace0a0c5e8e9","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1483","avBlockList":["Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","COMODO Antivirus (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":["360 Total Security (20220908)","Trend Micro Internet Security (20220908)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.coolfreestudio.com/freeyoutubeconverter/index.php","directDownloadingLink":"http://www.coolfreestudio.com/MediaProSoftFreeYouTubeConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.coolfreestudio.com/MediaProSoftFreeYouTubeConverter.exe","sourceIndex":"1483"}],"sampleFiles":["220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Samples/MediaProSoftFreeYouTubeConverter.exe"],"imageFiles":["220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-109/ACR-109_Install_Installs_RK.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-043/ACR-043_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-047/ACR-047.mp4","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-107/ACR-107_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-010/ACR-010_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-083/ACR-083_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-083/ACR-083_2.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-084/ACR-084_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-048/ACR-048_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-048/ACR-048_2.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-048/ACR-048_3.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-014/ACR-014_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-014/ACR-014_1.mp4","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-118/ACR-118_2.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-118/ACR-118_3.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-122/ACR-122_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-075/ACR-075_1.mp4","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-057/ACR-057_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-059/ACR-059_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-071/ACR-071_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-106/ACR-106_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-092/ACR-092_1.JPG","220802/mediaprosoftfreeyoutubeconverter-220802/8.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"448ffeeb-8899-46d8-9c26-a13dd443c4b6_8.8.2.4_1","appID":"mediaprosoftfreeyoutubeconverter-220802","dateAdded":"220802","deceptorType":"Bundler","name":"MediaProSoft Free YouTube Converter","company":"MediaProSoft Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220802","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-02T21:06:24.4437498+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1339},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup of its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the consumer's knowledge and consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"After uninstall and reboot, the app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"When the reboot is attempted after installation, it displays a prompt to the user with an \"Update Recommended\" message. This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"When the reboot is attempted after installation, it displays a prompt that misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (MediaProSoftFreePDFConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MediaProSoft Free PDF Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1482","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MediaProSoft Free PDF Converter\\MediaProSoftFreePDFConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8416de38390c16a0e3989e14dec05b73","hashSHA1":"c27608fcd80e396f5360a4d4afdb39943638ccfe","hashSHA256":"5973aeda541b52f0357cbb0fbffd3f33fb4775c0d34081e1fb3570c17e5f58e7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1482","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MediaProSoftFreePDFConverter.exe","isInstaller":"True","companyName":"MediaProSoft Co. Ltd.                                      ","productName":"MediaProSoft Free PDF Converter                             ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"d4b4a2ef1ff856dfbd31ef7e0c45fa75","hashSHA1":"3c96ee2e566e09c1ac67c2fd4523c0579b988a5d","hashSHA256":"10329133fbdec054836f91c71ad64d9d8493f1f0217e912bb836ad7a254c45f3","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1482","avBlockList":["Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","COMODO Antivirus (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":["360 Total Security (20220908)","Trend Micro Internet Security (20220908)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.coolfreestudio.com/freepdfconverter/index.php","directDownloadingLink":"http://www.coolfreestudio.com/MediaProSoftFreePDFConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.coolfreestudio.com/MediaProSoftFreePDFConverter.exe","sourceIndex":"1482"}],"sampleFiles":["220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Samples/MediaProSoftFreePDFConverter.exe"],"imageFiles":["220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-109/ACR-109_Install_Bundler_Installs.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-010/ACR-010.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-057/ACR-057.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-059/ACR-059.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-071/ACR-071.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-155/ACR-155.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-047/ACR-047_1.mp4","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-047/ACR-047_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-083/ACR-083_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-083/ACR-083_2.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-084/ACR-084_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-048/ACR-048.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-048/ACR-048_Software_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-048/ACR-048_Software_2.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-014/ACR-014_1.mp4","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-014/ACR-014_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-118/ACR-118_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-118/ACR-118_2.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-118/ACR-118_3.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-122/ACR-122_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-075/ACR-075_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-075/ACR-075_1.mp4"],"nonDeceptorImageFiles":["220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-106/ACR-106.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-092/ACR-092_1.JPG","220802/mediaprosoftfreepdfconverter-220802/8.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"c71594d1-a817-4694-b070-c21fcfe002f5_8.8.2.4_1","appID":"mediaprosoftfreepdfconverter-220802","dateAdded":"220802","deceptorType":"Bundler","name":"MediaProSoft Free PDF Converter","company":"MediaProSoft Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220802","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-02T21:08:35.3309977+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1340},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"HotDiscDVDCopy.exe","fileVersion":"1.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","sourceIndex":"1481","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"HotDiscDVDCopy-setup.exe","isInstaller":"True","companyName":"MEFMedia Co., Ltd.                                          ","fileVersion":"0.0","hashMD5":"f0aec3b79a3e524e49799c7184063f03","hashSHA1":"83c5d2ac2812df7c9a3a13d8b73a28de9eba1da1","hashSHA256":"d68ad14f725dce0662d097a9f225009110d9b33be9eec5c531530c76d61bbf09","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1481","avBlockList":["360 Total Security (20220908)","Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":["COMODO Antivirus (20220908)","Trend Micro Internet Security (20220908)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/hotdiscdvdcopy/","directDownloadingLink":"https://music-editor.net/HotDiscDVDCopy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/HotDiscDVDCopy.exe","sourceIndex":"1481"}],"sampleFiles":["220802/HotDiscDVDCopy-220802/8.8.2.4/Samples/HotDiscDVDCopy.exe","220802/HotDiscDVDCopy-220802/8.8.2.4/Samples/HotDiscDVDCopy-setup.exe"],"imageFiles":["220802/HotDiscDVDCopy-220802/8.8.2.4/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220802/HotDiscDVDCopy-220802/8.8.2.4/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220802/HotDiscDVDCopy-220802/8.8.2.4/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220802/HotDiscDVDCopy-220802/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220802/HotDiscDVDCopy-220802/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220802/HotDiscDVDCopy-220802/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220802/HotDiscDVDCopy-220802/8.8.2.4/Images/ACR-106/RelevantKnowledge.jpg","220802/HotDiscDVDCopy-220802/8.8.2.4/Images/ACR-002/ACR-002_MismatchedVersions.jpg"],"guid":"1b57e3ed-358c-4ec7-b76a-b44b385fdd0d_8.8.2.4_1","appID":"HotDiscDVDCopy-220802","dateAdded":"220802","deceptorType":"App","name":"Hot Disc DVD Copy","company":"MEFMedia Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220802","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps","lastUpdate":"2022-08-02T21:11:41.0493409+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1341},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-043":"Third-party components 'Online Media Technologies Ltd' are installed without any disclosure. \n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Online Media Technologies Ltd.'.\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n The app does not provide an option to close the update prompt and cancel the startup on its own.\n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"TotalRecorderEditor.exe","fileVersion":"0.0","hashMD5":"c1899a6f3c7b6935f4f6f3cce67a32b1","hashSHA1":"c3b76137c6976c48972c87093043058ace33491c","hashSHA256":"5833a7916d618bbce0540da27480801fa5b15217f97739a754ad0ad03180a767","sourceIndex":"1480","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TotalRecorderEditor-setup.exe","isInstaller":"True","companyName":"AdvancedAudioSoft Co., Ltd.                                 ","fileVersion":"0.0","hashMD5":"f5c47e1a71933042cd41c430f2bb200f","hashSHA1":"3d25bfd101574fe9e20c197c691349fe44108082","hashSHA256":"049a447c473d7daa808a08d67f49d6957086d9c339f9d567f6dacb6cf2948187","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1480","avBlockList":["360 Total Security (20220908)","Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":["COMODO Antivirus (20220908)","Trend Micro Internet Security (20220908)"]}],"additionalFiles":[],"sources":[{"howFound":"media editors","reference":"","landingPage":"https://totalaudioeditor.com/","directDownloadingLink":"https://totalaudioeditor.com/download_recordereditor.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://totalaudioeditor.com/download_recordereditor.html","sourceIndex":"1480"}],"sampleFiles":["220802/TotalRecorderEditor-220802/14.8.1/Samples/TotalRecorderEditor.exe","220802/TotalRecorderEditor-220802/14.8.1/Samples/TotalRecorderEditor-setup.exe"],"imageFiles":["220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-109/ACR-109_039_048_RK_setup.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-039/ACR-109_039_048_RK_setup.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-043/ACR-043_107_silent3rdpartyinstallation.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-047/ACR-003_004_047_048_083-RK_updateprompt.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-047/ACR-047_048-RK_updateprompt.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-047/ACR-047_048-RK_updateprompt_startup.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-048/ACR-109_039_048_RK_setup.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-010/RelevantKnowledge.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-004/ACR-003_004_047_048_083-RK_updateprompt.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-004/ACR-047_048-RK_updateprompt.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-004/ACR-047_048-RK_updateprompt_startup.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-083/ACR-047_048-RK_updateprompt.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-083/ACR-047_048-RK_updateprompt_startup.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-107/ACR-043_107_silent3rdpartyinstallation.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-048/ACR-047_048-RK_updateprompt.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-048/ACR-047_048-RK_updateprompt_startup.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-003/ACR-003_004_047_048_083-RK_updateprompt.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-003/ACR-047_048-RK_updateprompt.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-003/ACR-047_048-RK_updateprompt_startup.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-118/ACR-118_Retained_components.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-057/RelevantKnowledge.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-059/RelevantKnowledge.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-071/RelevantKnowledge.jpg","220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220802/TotalRecorderEditor-220802/14.8.1/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"de7ede2a-6b9b-4e47-a114-355b03980df2_14.8.1_1","appID":"TotalRecorderEditor-220802","dateAdded":"220802","deceptorType":"App","name":"Total Recorder Editor","company":"AdvancedAudioSoft Co., Ltd.","version":"14.8.1","lastKnownStatus":"14.8.1","lastKnownDate":"220802","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-08-02T21:15:02.6157043+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1338},{"violations":{"ACR-010":"The apps from \"https://www.swifturn.com\" distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge related apps","reference":"","landingPage":"https://www.swifturn.com","ipv4":"","ipv6":"","sourceIndex":"1486"}],"sampleFiles":[],"imageFiles":["220801/SwifturnSoft-220729/220729/Images/ACR-010/ACR-010.JPG"],"nonDeceptorImageFiles":[],"guid":"e28d75ab-b55f-4091-af4c-8e63cee9d01a_220729_1","appID":"SwifturnSoft-220729","dateAdded":"220801","deceptorType":"Affiliate","name":"Swifturn_com","company":"https://www.swifturn.com","version":"220729","lastKnownStatus":"220801","lastKnownDate":"220801","type":"Affiliate","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-01T20:27:03.5741258+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1343},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (SwifturnFreeAudioConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Swifturn Free Audio Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1489","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Swifturn Free Audio Converter\\SwifturnFreeAudioConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"9b0c216b84bc9dc07bf2f02c7dd62163","hashSHA1":"76e4c25a392f1a3f1063f9ce4acc63f07e09189a","hashSHA256":"e1a8b51dc97f189adb30b4a7edf2c9e9d0274c20d95761fb0fce6a80b550905a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1489","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SwifturnFreeAudioConverter.exe","isInstaller":"True","companyName":"Swifturn Software Co. Ltd.                                 ","productName":"Swifturn Free Audio Converter                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"97a721ad29d2445b6aa0787961686afb","hashSHA1":"51e68d224504fecdc181e1e43958f5e09326ab29","hashSHA256":"0fc94d73dd3735dcc0b54f2f0fc28c2545579fa6f405c9b272a25ed6540e23da","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1489","avBlockList":["360 Total Security (20220804)","Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","COMODO Antivirus (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","McAfee Total Protection (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","Trend Micro Internet Security (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["Tencent PC Manager (20220804)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.swifturn.com/audioconverter.php","directDownloadingLink":"http://www.swifturn.com/SwifturnFreeAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.swifturn.com/SwifturnFreeAudioConverter.exe","sourceIndex":"1489"}],"sampleFiles":["220801/swifturnfreeaudioconverter-220728/10.8.2.4/Samples/SwifturnFreeAudioConverter.exe"],"imageFiles":["220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-109/ACR-109_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-047/ACR-047_1.mp4","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-048/ACR-048_Install_No_Control.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-010/ACR-010_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-083/ACR-083_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-084/ACR-084_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-048/ACR-048_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-048/ACR-048_2.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-048/ACR-048_3.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-014/ACR-014-1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-014/ACR-014_2.mp4","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-118/ACR-118_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-118/ACR-118_2.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-118/ACR-118_3.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-122/ACR-122_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-075/ACR-075_1.mp4","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-057/ACR-057_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-059/ACR-059_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-071/ACR-071_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-155/ACR-155-1.JPG"],"nonDeceptorImageFiles":["220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-106/ACR-106_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-092/ACR-092_1.JPG","220801/swifturnfreeaudioconverter-220728/10.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"0245500d-722f-44ef-a8fd-1745190f084d_10.8.2.4_1","appID":"swifturnfreeaudioconverter-220728","dateAdded":"220801","deceptorType":"Bundler","name":"Swifturn Free Audio Converter","company":"Swifturn Software Co., Ltd.","version":"10.8.2.4","lastKnownStatus":"10.8.2.4","lastKnownDate":"220801","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-01T19:49:41.5414665+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1344},{"violations":{"ACR-109":"The app downloads \"\"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-002":"The App's version is inconsistent between App interaction and its install (version8.8.2.4 vs version 8.8.0) \n\nThe App's version is inconsistent between App interaction and its install (version8.8.2.4 vs version 8.8.0) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"SoundTasteAudioConverter-setup.exe","isInstaller":"True","companyName":"MEFMedia Co.Ltd.                                            ","productName":"SoundTaste Audio Converter     ","fileVersion":"0.0","hashMD5":"cb22d11d18591bd47b517628b32a0dff","hashSHA1":"3cb3857f31384f5a2dff63fb05a2cb252149e520","hashSHA256":"121d0e059db2197d3cb1d60cec9689e627a83ea8669bbbb7b450fb86bdca8c0c","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1488","avBlockList":["360 Total Security (20220804)","Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","McAfee Total Protection (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","Trend Micro Internet Security (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["COMODO Antivirus (20220804)","Tencent PC Manager (20220804)"]},{"isRevoked":"False","fileName":"SoundTasteAudioConverter.exe","fileVersion":"0.0","hashMD5":"7ae79f9cb0791a87c97e52ad62da9842","hashSHA1":"271316708c8582da627f893eaec49251248f695f","hashSHA256":"3cbdf281ec19b88f170b6aeac650c052daf1725c9e3666ca6f9ca59ebd718326","sourceIndex":"1488","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://music-editor.net/soundtasteaudioconverter/","directDownloadingLink":"https://music-editor.net/SoundTasteAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://music-editor.net/SoundTasteAudioConverter.exe","sourceIndex":"1488"}],"sampleFiles":["220801/SoundTasteAudioConverter-220729/8.8.0/Samples/SoundTasteAudioConverter-setup.exe","220801/SoundTasteAudioConverter-220729/8.8.0/Samples/SoundTasteAudioConverter.exe"],"imageFiles":["220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-109/ACR-109_039_048-RK_setup.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-039/ACR-109_039_048-RK_setup.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-048/ACR-109_039_048-RK_setup.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-010/RelevantKnowledge.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-057/RelevantKnowledge.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-059/RelevantKnowledge.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-071/RelevantKnowledge.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-002/ACR-002_Mismatched_versions.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-106/RelevantKnowledge.jpg","220801/SoundTasteAudioConverter-220729/8.8.0/Images/ACR-002/ACR-002_Mismatched_versions.jpg"],"guid":"26a94fd6-4c7d-4e51-b928-36c3d17f1062_8.8.0_1","appID":"SoundTasteAudioConverter-220729","dateAdded":"220801","deceptorType":"App","name":"SoundTaste Audio Converter","company":"MEFMedia","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"220801","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-08-01T20:18:39.2297947+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1345},{"violations":{"ACR-003":"App lists non-critical items like backup files, caches, and logs as \"errors/problems\", and gauges system health \"Dangerous\" misleading or scaring user to take action.\n\n","ACR-004":"The App requires registration to completely fix the issues in the scan result. It also lists non-critical items like caches, backup files and logs as \"errors/problems\" and gauges system health \"Dangerous\" which presents exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Final_PCProScan_Setup.exe","isInstaller":"True","companyName":"Active Edge Techs LLC                                       ","productName":"PC Pro Scan                                                 PC Pro Scan                                                 ","fileVersion":"2.0","hashMD5":"13f956d3175e771b20e1a7a3c65a068d","hashSHA1":"96f6c6c85e9e9b76e10f0dc65a108e16c4f538fb","hashSHA256":"b5cdbf08ff0fb4f6e4064ecf0506c5cdbc13229014d08cacec7cf21a0c150d20","digitalCertThumbprint":"1D4076E5158F527C729330A3BB9D275766BE0A7A","digitalCertIssuer":"CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Active Edge Techs LLC, O=Active Edge Techs LLC, STREET=1900 Campus Common Drive, STREET=Suite 100, L=Reston, S=VA, PostalCode=20191, C=US","sourceIndex":"294","avBlockList":["Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","COMODO Antivirus (20220804)","ESET Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","Trend Micro Internet Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["360 Total Security (20220804)","Bitdefender Internet Security (20220804)","Dr.Web Security Space (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","McAfee Total Protection (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Tencent PC Manager (20220804)","VIPRE Advanced Security (20220804)"]},{"isRevoked":"False","fileName":"PCProScan.exe","companyName":"Active Edge Techs LLC","fileVersion":"2.0.0.9","hashMD5":"fbca475352b0cb4abd0488002ed30209","hashSHA1":"6a2350ba4ff6ca41e2885a6cf344add78eb8abc4","hashSHA256":"66efc160d7d22e5d104bee757b0b8e54018229a8686a1e18c9dea81f318f7d55","digitalCertThumbprint":"1D4076E5158F527C729330A3BB9D275766BE0A7A","digitalCertIssuer":"CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Active Edge Techs LLC, O=Active Edge Techs LLC, STREET=1900 Campus Common Drive, STREET=Suite 100, L=Reston, S=VA, PostalCode=20191, C=US","sourceIndex":"294","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"PC Pro cleaners","reference":"","landingPage":"https://pc-pro-scan.en.softonic.com/","directDownloadingLink":"https://pc-pro-scan.en.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pc-pro-scan.en.softonic.com/download","sourceIndex":"294"}],"sampleFiles":["220801/PCProScan-220801/2.0/Samples/Final_PCProScan_Setup.exe","220801/PCProScan-220801/2.0/Samples/PCProScan.exe"],"imageFiles":["220801/PCProScan-220801/2.0/Images/ACR-004/ACR-004_LimitedFunctionalitygif.gif","220801/PCProScan-220801/2.0/Images/ACR-004/ACR-003_004.jpg","220801/PCProScan-220801/2.0/Images/ACR-004/ACR-003_004_exaggerated_alert.jpg","220801/PCProScan-220801/2.0/Images/ACR-004/ACR-003_004_exaggerated_systemhealth_status.jpg","220801/PCProScan-220801/2.0/Images/ACR-003/ACR-003_004.jpg","220801/PCProScan-220801/2.0/Images/ACR-003/ACR-003_004_exaggerated_alert.jpg","220801/PCProScan-220801/2.0/Images/ACR-003/ACR-003_004_exaggerated_systemhealth_status.jpg"],"nonDeceptorImageFiles":["220801/PCProScan-220801/2.0/Images/ACR-065/ACR-065_NoLinkstoDocs.jpg","220801/PCProScan-220801/2.0/Images/ACR-065/ACR-065_Software.jpg"],"guid":"c7659de8-cf43-470a-b472-9134ba6a48c5_2.0_1","appID":"PCProScan-220801","dateAdded":"220801","deceptorType":"App","name":"PC Pro Scan","company":"Active Edge Techs LLC","version":"2.0","lastKnownStatus":"2.0","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-12-12T21:16:50.4597782+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1346},{"violations":{"ACR-109":"Apps download \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-047":"After the apps are installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nUnable to close the update prompt.\n","ACR-010":"The apps from \"https://www.swifturn.com\" bundler distribute deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The apps attempt to present the offer repeatedly via its update and startup.\n","ACR-084":"The apps creates a startup entry without the user's knowledge and consent.\n","ACR-118":"Upon uninstallation, the apps retain some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the user's knowledge.\n","ACR-122":"The apps display a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The apps bundle the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the apps are installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The apps mislead users that they need to install an update while actually, it tries to install the per-declined component by the user during the install.\n","ACR-059":"The offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"Apps offer deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"Apps do not have a digital signature for their main executables.\n","ACR-123":"The apps do not remove their startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"SwifturnFreeYouTubeDownloader.exe","isInstaller":"True","companyName":"Swifturn Software Co. Ltd.                                 ","productName":"Swifturn Free YouTube Downloader                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"d7a5f14e827ea50567029f50da0fb940","hashSHA1":"8b7b284687b2b96b17d2dcdd7a6123fd393a97a4","hashSHA256":"0d4d02bfd698fcc2e526d3d91bfcd423d6059d0b0137d56e578dbfd305baba65","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1485","avBlockList":["360 Total Security (20220804)","Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","COMODO Antivirus (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","McAfee Total Protection (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","Trend Micro Internet Security (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["Tencent PC Manager (20220804)"]},{"isRevoked":"False","fileName":"SwifturnFreeDVDAudioExtractor.exe","isInstaller":"True","companyName":"SwifturnSoft Co. Ltd.                                      ","productName":"Swifturn Free DVD Audio Extractor                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b77a849aaa45d380230ba54aa3579331","hashSHA1":"8690da482927436380a60bba2ffad524a36356f6","hashSHA256":"3424d9d06d14ee1bae1cccc39d689ae696e7e4ab49c4d34a229241d63c9ea817","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1485","avBlockList":["360 Total Security (20220804)","Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","COMODO Antivirus (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","Trend Micro Internet Security (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["McAfee Total Protection (20220804)","Tencent PC Manager (20220804)"]},{"isRevoked":"False","fileName":"FreeAudioEditor.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 FAEMedia Inc.                         ","productName":"Free Audio Editor 2019                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e646274c6f8c8f89cad6e9aa9975db04","hashSHA1":"128fafdfb591c3542fdf6fc96c72b89bcb459a11","hashSHA256":"9d30e013e6bd6574d96470c7d031a6a587c469503628f7fd01d9344c390f693b","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Beijing QingSoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1485","avBlockList":["Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","McAfee Total Protection (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["360 Total Security (20220804)","COMODO Antivirus (20220804)","Tencent PC Manager (20220804)","Trend Micro Internet Security (20220804)"]},{"isRevoked":"False","fileName":"SwifturnFreeDVDCopy.exe","isInstaller":"True","companyName":"SwifturnSoft Co. Ltd.                                      ","productName":"Swifturn Free DVD Copy                                      ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"04c9fb656ab6d37d7a25b2e6b6212687","hashSHA1":"f89e1c4b3b9e575cf587baa4568cd4b898cc5ff5","hashSHA256":"3dbb02c5c64a374e252ddc7f771cf60ea91404a8ac1af89a53f9edde658818fd","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1485","avBlockList":["360 Total Security (20220804)","Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","COMODO Antivirus (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","Trend Micro Internet Security (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["McAfee Total Protection (20220804)","Tencent PC Manager (20220804)"]},{"isRevoked":"False","fileName":"FreeCDDVDBurner.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"Free CD DVD Burner                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2c548007fc87a46b922b0cfec44a878a","hashSHA1":"199d1fdb2001a1c1f53c8a5c6ff50fd67ed55988","hashSHA256":"bc672bc81c4eac0ee4739b765b9413fdbf7533f4e7c4c5b53832d3f35dfc41ca","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Beijing Tsingsoft Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1485","avBlockList":["360 Total Security (20220804)","Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","McAfee Total Protection (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","Trend Micro Internet Security (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["COMODO Antivirus (20220804)","Tencent PC Manager (20220804)"]},{"isRevoked":"False","fileName":"SwifturnFreeSoundExtractor.exe","isInstaller":"True","companyName":"Swifturn Software Co. Ltd.                                 ","productName":"Swifturn Free Sound Extractor                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"cdbe88c2bf9538e6101c353f227d1275","hashSHA1":"188fe1397debc290cd7db07c9934d088a6690fe1","hashSHA256":"c0b07d41424f3dcd6142e06787654c09468e1ba7d3e82d05ec4c95a6cb79af19","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1485","avBlockList":["360 Total Security (20220804)","Avast Premium Security (20220804)","AVG Internet Security (20220804)","Avira Internet Security (20220804)","Bitdefender Internet Security (20220804)","COMODO Antivirus (20220804)","Dr.Web Security Space (20220804)","ESET Internet Security (20220804)","G DATA INTERNET SECURITY (20220804)","K7 Total Security (20220804)","Kaspersky Internet Security (20220804)","Malwarebytes Premium (20220804)","McAfee Total Protection (20220804)","Norton Security (20220804)","Panda Dome (20220804)","Quick Heal Internet Security (20220804)","Sophos Home Premium (20220804)","SpyHunter5 (20220804)","Total AV Antivirus Pro (20220804)","Trend Micro Internet Security (20220804)","VIPRE Advanced Security (20220804)","VirIT eXplorer PRO (20220804)","Webroot SecureAnywhere (20220804)","Windows Defender (20220804)"],"avAllowList":["Tencent PC Manager (20220804)"]},{"isRevoked":"False","fileName":"SwifturnFreeVideoDVDConverter.exe","isInstaller":"True","companyName":"SwifturnSoft Co. Ltd.                                      ","productName":"Swifturn Free Video DVD Converter                           ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"7656cfbaebf8018cbbf1ec75a7535de2","hashSHA1":"c753331272d14c7b434e76667009338cd849c696","hashSHA256":"a8f8022bc012de180583328bfdf59ce9d62f8bcf49ec675578663f8aabbe2b82","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1485","avBlockList":["360 Total Security (20220908)","Avast Premium Security (20220908)","AVG Internet Security (20220908)","Avira Internet Security (20220908)","Bitdefender Internet Security (20220908)","COMODO Antivirus (20220908)","Dr.Web Security Space (20220908)","ESET Internet Security (20220908)","G DATA INTERNET SECURITY (20220908)","K7 Total Security (20220908)","Kaspersky Internet Security (20220908)","Malwarebytes Premium (20220908)","McAfee Total Protection (20220908)","Norton Security (20220908)","Panda Dome (20220908)","Quick Heal Internet Security (20220908)","Sophos Home Premium (20220908)","SpyHunter5 (20220908)","Total AV Antivirus Pro (20220908)","Trend Micro Internet Security (20220908)","VIPRE Advanced Security (20220908)","VirIT eXplorer PRO (20220908)","Webroot SecureAnywhere (20220908)","Windows Defender (20220908)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeSoundRecorder.exe","isInstaller":"True","companyName":"Copyright© 2005-2015 FreeSoundRecorder Technologies Inc.   ","productName":"Free Sound Recorder                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"f8c8e40ce90482f461213e9f530b0b6e","hashSHA1":"6890b07d439d6be2c077c17c1594dec695983452","hashSHA256":"fa85833339b1110ea8e94d8fb223d2e65a6c56128c72d3486c44349aa2cd0a35","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1485","avBlockList":["360 Total Security (20220906)","Avast Premium Security (20220906)","AVG Internet Security (20220906)","Avira Internet Security (20220906)","Bitdefender Internet Security (20220906)","COMODO Antivirus (20220906)","Dr.Web Security Space (20220906)","ESET Internet Security (20220906)","G DATA INTERNET SECURITY (20220906)","K7 Total Security (20220906)","Kaspersky Internet Security (20220906)","Malwarebytes Premium (20220906)","McAfee Total Protection (20220906)","Norton Security (20220906)","Panda Dome (20220906)","Quick Heal Internet Security (20220906)","Sophos Home Premium (20220906)","SpyHunter5 (20220906)","Total AV Antivirus Pro (20220906)","Trend Micro Internet Security (20220906)","VIPRE Advanced Security (20220906)","VirIT eXplorer PRO (20220906)","Webroot SecureAnywhere (20220906)","Windows Defender (20220906)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.swifturn.com/","directDownloadingLink":"https://www.swifturn.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.swifturn.com/download.html","sourceIndex":"1485"}],"sampleFiles":["220801/SwifturnSoftBundle-220729/10.8.2.4/Samples/SwifturnFreeYouTubeDownloader.exe","220801/SwifturnSoftBundle-220729/10.8.2.4/Samples/SwifturnFreeDVDAudioExtractor.exe","220801/SwifturnSoftBundle-220729/10.8.2.4/Samples/FreeAudioEditor.exe","220801/SwifturnSoftBundle-220729/10.8.2.4/Samples/SwifturnFreeDVDCopy.exe","220801/SwifturnSoftBundle-220729/10.8.2.4/Samples/FreeCDDVDBurner.exe","220801/SwifturnSoftBundle-220729/10.8.2.4/Samples/SwifturnFreeSoundExtractor.exe","220801/SwifturnSoftBundle-220729/10.8.2.4/Samples/SwifturnFreeVideoDVDConverter.exe","220801/SwifturnSoftBundle-220729/10.8.2.4/Samples/FreeSoundRecorder.exe"],"imageFiles":["220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-047/ACR-047_1.mp4","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-010/ACR-010_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-083/ACR-083_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-084/ACR-084_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-048/ACR-048_Software_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-014/ACR-014_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-014/ACR-014_2.mp4","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-118/ACR-118_2.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-122/ACR-122_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-075/ACR-075_1.mp4","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-057/ACR-057_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-059/ACR-059_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-071/ACR-071_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-106/ACR-106_1.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220801/SwifturnSoftBundle-220729/10.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"b8954720-d9ba-4c47-b724-6b7acaf07e54_10.8.2.4_1","appID":"SwifturnSoftBundle-220729","dateAdded":"220801","deceptorType":"Bundler","name":"Swifturn Soft Bundle","company":"Swifturn Soft","version":"10.8.2.4","lastKnownStatus":"10.8.2.4","lastKnownDate":"220801","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-01T20:28:30.1958687+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1342},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notifications of the app's presence from the targeted consumer. The app can then only be reopened with a password.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the system tray and uses password to re-open.\n","ACR-086":"The app requires a password to open the app which allows it to hide how it collects user data from the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-002":"The App shows different names as \"viewer.exe\" in the running service/apps section.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\ActivityMon Software\\ActivityMon\\Viewer.exe","companyName":"Roman Svihalek ActivityMon Software","productName":"ActivityMon","productVersion":"2. 0. 3. 149","fileVersion":"2. 0. 3. 149","hashMD5":"e0770b60ff6978781ca47a078dfe4326","hashSHA1":"35dcffe68c8c1d3b8b734c14cd9a6e22d189de45","hashSHA256":"27e61e8f79fe8c57fc8677e729fcc24c46ae35f9ddacdeb0ec3becc9da0451e5","digitalCertThumbprint":"242F38A310DCA936A932089FF609D57B487C060C","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Roman Švihálek","storeId":"","sourceIndex":"1491","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ActivityMonSetup.exe","isInstaller":"True","companyName":"Roman Svihalek ActivityMon Software","productName":"ActivityMon","productVersion":"2. 0. 3. 159","fileVersion":"2. 0. 3. 159","hashMD5":"396373db4198490a622e7ebdec8d7fad","hashSHA1":"4c0c4095b677d21b2cb1e84c2bdd942c1fef1d5e","hashSHA256":"8ae1dcbe7c1e8d722618f4465bb5a351f81087aa4e1c535fdb0b8ef1d0d63cef","digitalCertThumbprint":"242F38A310DCA936A932089FF609D57B487C060C","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Roman Švihálek","storeId":"","sourceIndex":"1491","avBlockList":["360 Total Security (20220802)","Avast Premium Security (20220802)","AVG Internet Security (20220802)","Avira Internet Security (20220802)","Bitdefender Internet Security (20220802)","ESET Internet Security (20220802)","G DATA INTERNET SECURITY (20220802)","K7 Total Security (20220802)","Kaspersky Internet Security (20220802)","McAfee Total Protection (20220802)","Norton Security (20220802)","Panda Dome (20220802)","Sophos Home Premium (20220802)","SpyHunter5 (20220802)","Total AV Antivirus Pro (20220802)","Trend Micro Internet Security (20220802)","VIPRE Advanced Security (20220802)","VirIT eXplorer PRO (20220802)","Webroot SecureAnywhere (20220802)","Windows Defender (20220802)"],"avAllowList":["COMODO Antivirus (20220802)","Dr.Web Security Space (20220802)","Malwarebytes Premium (20220802)","Quick Heal Internet Security (20220802)","Tencent PC Manager (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://softfamous.com/postdownload-file/activitymon/820/12/","landingPage":"https://www.activitymon.com/en/home","directDownloadingLink":"https://fs3.softfamous.com/downloads/tname-041220cg0f167/software/ActivityMonHomeSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fs3.softfamous.com/downloads/tname-041220cg0f167/software/ActivityMonHomeSetup.exe","sourceIndex":"1491"}],"sampleFiles":["220728/ActivityMon-210812/2.0.3.159/Samples/ActivityMonSetup.exe"],"imageFiles":["220728/ActivityMon-210812/2.0.3.159/Images/ACR-048/ACR-048.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-048/ACR-048_1.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-048/ACR-048_2.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-007/ACR-007.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-007/ACR-007_1.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-007/ACR-007_2.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-007/ACR-007_3.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-007/ACR-007_4.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-084/ACR-084.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-084/ACR-084_1.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-086/ACR-086.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-086/ACR-086_1.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-086/ACR-086_2.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-086/ACR-086_3.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-086/ACR-086_4.JPG"],"nonDeceptorImageFiles":["220728/ActivityMon-210812/2.0.3.159/Images/ACR-065/ACR-065_Install.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-065/ACR-065_Software.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-099/ACR-099_Software .JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-002/ACR-002.JPG","220728/ActivityMon-210812/2.0.3.159/Images/ACR-065/ACR-065_Landingpage.jpg","220728/ActivityMon-210812/2.0.3.159/Images/ACR-099/ACR-099_Landingpage.jpg"],"guid":"968ac172-986a-426f-adf9-6bc7ed036da3_2.0.3.159_1","appID":"ActivityMon-210812","dateAdded":"220728","deceptorType":"App","name":"ActivityMon","company":"ActivityMon Software","version":"2.0.3.159","lastKnownStatus":"2.0.2.142;2.0.3.159","lastKnownDate":"220728","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-07-29T00:30:05.5790488+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1351},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-043":"Third-party components 'Online Media Technologies Ltd' are installed without any disclosure.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-107":"The app does not obtain any authorization for using third-party components 'Online Media Technologies Ltd.'.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-103":"When the \"Purchase Online\" option is clicked in the software, it displays a \"Server Not Found\" error message on the Internal Offers Page (www.swifturn.com/ringtonemaker/help/Register.html).\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (SwifturnFreeRingtoneMaker.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Swifturn Free Ringtone Maker\\SwifturnFreeRingtoneMaker.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"df81f7a0470deaf480beb82d41eddd7f","hashSHA1":"b42c6485d0d55b03b0a457c3cf69dad68faeb948","hashSHA256":"93f357a0d7e04e07ff67b7b8ea0ce540e4ce909320c89784c3f4eea79c123a1a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1493","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Swifturn Free Ringtone Maker\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1493","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SwifturnFreeRingtoneMaker.exe","isInstaller":"True","companyName":"Swifturn Software Co. Ltd.                                 ","productName":"Swifturn Free Ringtone Maker                                ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"7349eecbe9ad4ff0333bed22ad85fbe8","hashSHA1":"705b01b50a24732fc840f95af7171bf3f8628aa2","hashSHA256":"eb07eee66ba10c4fadc99d14ccf092b2417934e9f2a1706f50ef52b713549c68","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1493","avBlockList":["360 Total Security (20220802)","Avast Premium Security (20220802)","AVG Internet Security (20220802)","Avira Internet Security (20220802)","Bitdefender Internet Security (20220802)","COMODO Antivirus (20220802)","Dr.Web Security Space (20220802)","ESET Internet Security (20220802)","G DATA INTERNET SECURITY (20220802)","K7 Total Security (20220802)","Kaspersky Internet Security (20220802)","Malwarebytes Premium (20220802)","McAfee Total Protection (20220802)","Norton Security (20220802)","Panda Dome (20220802)","Sophos Home Premium (20220802)","SpyHunter5 (20220802)","Total AV Antivirus Pro (20220802)","Trend Micro Internet Security (20220802)","VIPRE Advanced Security (20220802)","VirIT eXplorer PRO (20220802)","Webroot SecureAnywhere (20220802)","Windows Defender (20220802)"],"avAllowList":["Quick Heal Internet Security (20220802)","Tencent PC Manager (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.swifturn.com/ringtonemaker.php","directDownloadingLink":"http://www.swifturn.com/SwifturnFreeRingtoneMaker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.swifturn.com/SwifturnFreeRingtoneMaker.exe","sourceIndex":"1493"}],"sampleFiles":["220728/swifturnfreeringtonemaker-220728/10.8.2.4/Samples/SwifturnFreeRingtoneMaker.exe"],"imageFiles":["220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-043/ACR-043.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-047/ACR-047_1.mp4","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-107/ACR-107_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-048/ACR-048_Install_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-010/ACR-010_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-083/ACR-083.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-084/ACR-084_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-103/ACR-103.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-103/ACR-103_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-048/ACR-048_Software-1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-048/ACR-048_Software-2.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-048/ACR-048_Software-3.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-014/ACR-014-1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-014/ACR-014_2.mp4","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-118/ACR-118_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-118/ACR-118_2.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-118/ACR-118_3.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-118/ACR-118_4.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-122/ACR-122_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-075/ACR-075_1.mp4","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-057/ACR-057_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-059/ACR-059_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-071/ACR-071_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-106/ACR-106_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-092/ACR-092_1.JPG","220728/swifturnfreeringtonemaker-220728/10.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"046d113b-1470-42bd-a8ff-6e0381baead3_10.8.2.4_1","appID":"swifturnfreeringtonemaker-220728","dateAdded":"220728","deceptorType":"Bundler","name":"Swifturn Free Ringtone Maker","company":"Swifturn Software Co., Ltd.","version":"10.8.2.4","lastKnownStatus":"10.8.2.4","lastKnownDate":"220728","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-29T00:19:06.3391478+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1347},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray and even hide itself in the process list which limits the targeted consumer's ability to control the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer. It allows the app from showing on systray and locates its installation directory inside of a System32 folder using random filename and hash. It also allows to run invisibly by hiding itself in the process list.\n","ACR-014":"The app calls itself into random executable filename and hash, which is not related to the application name and misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory using random filename and hash, making its relation to the app unclear.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \n The landing page does not display links to the Returns and Cancellation Policy. \nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the executables.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"lepitu.dll","fileVersion":"0.0","hashMD5":"e9a0f52d0337453a79a7c0ffb23bb38e","hashSHA1":"6f221074f147a2f81e5964a2f7ba90a78fa190d6","hashSHA256":"49a3b57b8e82ec2c50e4ca537f39d6b38dfaaa63934c163f8c6ee64253116e21","sourceIndex":"1492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"lepitu.exe","fileVersion":"1.0","hashMD5":"ac0387c9d72f8beda95f18c0befeeecf","hashSHA1":"3fcb0b8e940d013b1ce90666b28623da864dda85","hashSHA256":"015c0ba67f74e5ea5d5891bc252998ec8fd42e4f9ce079d26e1950758a0bfb0a","sourceIndex":"1492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MiniKeyLog.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"f8ab35994bc2a4eaa829fa1e40f04a1b","hashSHA1":"3c4da40adff56ec5453d073f9e9f8aed5dc19b81","hashSHA256":"b800075b0cf0e8c0bf1dd55bf8ff6ff5eb5b294b8bde401493f0e43a3b6fa2c9","sourceIndex":"1492","avBlockList":["Avast Premium Security (20220802)","AVG Internet Security (20220802)","Avira Internet Security (20220802)","Bitdefender Internet Security (20220802)","ESET Internet Security (20220802)","G DATA INTERNET SECURITY (20220802)","K7 Total Security (20220802)","Kaspersky Internet Security (20220802)","McAfee Total Protection (20220802)","Norton Security (20220802)","Sophos Home Premium (20220802)","SpyHunter5 (20220802)","Tencent PC Manager (20220802)","Total AV Antivirus Pro (20220802)","Trend Micro Internet Security (20220802)","VIPRE Advanced Security (20220802)","VirIT eXplorer PRO (20220802)","Windows Defender (20220802)"],"avAllowList":["360 Total Security (20220802)","COMODO Antivirus (20220802)","Dr.Web Security Space (20220802)","Malwarebytes Premium (20220802)","Panda Dome (20220802)","Quick Heal Internet Security (20220802)","Webroot SecureAnywhere (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/mini-key-log/","directDownloadingLink":"https://www.blue-series.com/downloads/dc75f7459110e991ddf23a65eb50babf5f0b7db6/MiniKeyLog.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.blue-series.com/downloads/dc75f7459110e991ddf23a65eb50babf5f0b7db6/MiniKeyLog.exe","sourceIndex":"1492"}],"sampleFiles":["220728/MiniKeyLog-210302/7.6/Samples/lepitu.dll","220728/MiniKeyLog-210302/7.6/Samples/lepitu.exe","220728/MiniKeyLog-210302/7.6/Samples/MiniKeyLog.exe"],"imageFiles":["220728/MiniKeyLog-210302/7.6/Images/ACR-084/ACR-084_hide_process.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-084/ACR-084_RandomFilename_setup.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-084/ACR-084_RandomFilename.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-048/ACR-084_048_hide_process.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-014/ACR-084_014-RandomFilename.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-014/ACR-014_RandomFilename.jpg"],"nonDeceptorImageFiles":["220728/MiniKeyLog-210302/7.6/Images/ACR-038/ACR-038_Properties.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-040/ACR-040_RandomFilename.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-065/MiniKeyLog_Install [1].png","220728/MiniKeyLog-210302/7.6/Images/ACR-092/ACR-092_Unsigned.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-065/ACR-065_About.jpg","220728/MiniKeyLog-210302/7.6/Images/ACR-065/MiniKeyLog_LandingPage.jpeg","220728/MiniKeyLog-210302/7.6/Images/ACR-065/MiniKeyLog_Offer.jpeg","220728/MiniKeyLog-210302/7.6/Images/ACR-065/MiniKeyLog_Offer2.jpeg"],"guid":"53bba53e-c622-454b-a3a5-13b057b48cde_7.6_1","appID":"MiniKeyLog-210302","dateAdded":"220728","deceptorType":"App","name":"Mini Key Log ","company":"7TECH LTD","version":"7.6","lastKnownStatus":"7.3;7.4;7.6","lastKnownDate":"220728","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-07-29T00:24:16.6750077+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1348},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a System32 folder with random filename  and hash.\n","ACR-014":"The app calls itself into random executable filename  and hash, which is not related to the application name and misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory using random filename  and hash, which is completely unrelated to the app name. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \n The landing page does not display links to the Returns and Cancellation Policy. \nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the executables.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"mifixe.dll","fileVersion":"0.0","hashMD5":"46880f553cc0cfcc001dc5f77156a920","hashSHA1":"097a6a901615b138043c1f72a1c43cfbccaeac5b","hashSHA256":"2ab2ffa546165827eab2f4c647511d16796d6e641ee5430bc20827b61b5fdf19","sourceIndex":"1815","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mifixe.exe","fileVersion":"1.0","hashMD5":"70c275038b91de46723d10d04f06c2a2","hashSHA1":"1c76846622ce777623442b4ee714751ff87fd611","hashSHA256":"bc60a72f626dd7f9b52f426c5ca1ce52d46d7acb7e4b643d20ad145eb23d3a0f","sourceIndex":"1815","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MiniKeyLog.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"6fbe5e850259be23c931aab6dd60da41","hashSHA1":"d9d1441e3e235e2d5b82155a4d192251e1d51f68","hashSHA256":"51f12985555f29c602788e3b200984eb18551fdd050a31fcf4768d217cc4f2a3","sourceIndex":"1815","avBlockList":["360 Total Security (20211007)","Avast Premium Security (20211007)","AVG Internet Security (20211007)","Avira Internet Security (20211007)","Bitdefender Internet Security (20211007)","Dr.Web Security Space (20211007)","ESET Internet Security (20211007)","G DATA INTERNET SECURITY (20211007)","K7 Total Security (20211007)","Kaspersky Internet Security (20211007)","Malwarebytes Premium (20211007)","McAfee Total Protection (20211007)","Norton Security (20211007)","Panda Dome (20211007)","Quick Heal Internet Security (20211007)","Sophos Home Premium (20211007)","SpyHunter5 (20211007)","Tencent PC Manager (20211007)","Total AV Antivirus Pro (20211007)","VIPRE Advanced Security (20211007)","VirIT eXplorer PRO (20211007)","Windows Defender (20211007)"],"avAllowList":["COMODO Antivirus (20211007)","Trend Micro Internet Security (20211007)","Webroot SecureAnywhere (20211007)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/mini-key-log/","directDownloadingLink":"https://www.blue-series.com/downloads/9d467d4c39882a9ef7d465040f7596f8f008a3cd/MiniKeyLog.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.blue-series.com/downloads/9d467d4c39882a9ef7d465040f7596f8f008a3cd/MiniKeyLog.exe","sourceIndex":"1815"}],"sampleFiles":["210917/MiniKeyLog-210302/7.4/Samples/mifixe.dll","210917/MiniKeyLog-210302/7.4/Samples/mifixe.exe","210917/MiniKeyLog-210302/7.4/Samples/MiniKeyLog.exe"],"imageFiles":["210917/MiniKeyLog-210302/7.4/Images/ACR-084/MiniKeyLog_Files [1].png","210917/MiniKeyLog-210302/7.4/Images/ACR-084/MiniKeyLog_Interactions [5].png","210917/MiniKeyLog-210302/7.4/Images/ACR-048/MiniKeyLog_Interactions [5].png","210917/MiniKeyLog-210302/7.4/Images/ACR-014/MiniKeyLog_Files [1].png","210917/MiniKeyLog-210302/7.4/Images/ACR-014/MiniKeyLog_RunningProcess [1].png"],"nonDeceptorImageFiles":["210917/MiniKeyLog-210302/7.4/Images/ACR-038/MiniKeyLog_FileProperty [4].png","210917/MiniKeyLog-210302/7.4/Images/ACR-038/MiniKeyLog_FileProperty [5].png","210917/MiniKeyLog-210302/7.4/Images/ACR-040/MiniKeyLog_Files [1].png","210917/MiniKeyLog-210302/7.4/Images/ACR-065/MiniKeyLog_Install [1].png","210917/MiniKeyLog-210302/7.4/Images/ACR-092/MiniKeyLog_FileProperty [1].png","210917/MiniKeyLog-210302/7.4/Images/ACR-092/MiniKeyLog_FileProperty [2].png","210917/MiniKeyLog-210302/7.4/Images/ACR-092/MiniKeyLog_FileProperty [3].png","210917/MiniKeyLog-210302/7.4/Images/ACR-065/MiniKeyLog_About [1].png","210917/MiniKeyLog-210302/7.4/Images/ACR-065/MiniKeyLog_LandingPage [1].png","210917/MiniKeyLog-210302/7.4/Images/ACR-065/MiniKeyLog_OfferPage [1].png","210917/MiniKeyLog-210302/7.4/Images/ACR-065/MiniKeyLog_OfferPage [2].png"],"guid":"53bba53e-c622-454b-a3a5-13b057b48cde_7.4_1","appID":"MiniKeyLog-210302","dateAdded":"220728","deceptorType":"App","name":"Mini Key Log ","company":"7TECH LTD","version":"7.4","lastKnownStatus":"7.3;7.4;7.6","lastKnownDate":"220728","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-07-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1349},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a System32 folder with random filename  and hash.\n","ACR-014":"The app calls itself into random executable filename  and hash, which is not related to the application name and misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into System32 directory using random filename  and hash, which is completely unrelated to the app name. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy. \n The landing page does not display links to the Returns and Cancellation Policy. \nThe internal offers page does not display links to the Returns and Cancellation Policy\n","ACR-092":"The app does not provide Digital signature for the executables.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"kewenu.dll","fileVersion":"0.0","hashMD5":"38bf92503b0f3081a0872bcdb92331ff","hashSHA1":"9da4044f9e15bea5d2794e35d340e1362ba0b68b","hashSHA256":"ee1db8eda9cda9272a1ea8e5f53deabf5e3c0ef2d18a80cd7e68ae8a93e553a8","sourceIndex":"1984","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"kewenu.exe","fileVersion":"1.0","hashMD5":"adc770649e745c547b4baa498d75ffab","hashSHA1":"1c3611c1fecf8f3dc0e02e01dac02e7dd666e69a","hashSHA256":"4adefe526622902c34013327e9570dc06c8dac1fcc67c29744e78663bf4261c5","sourceIndex":"1984","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MiniKeyLog.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"1163549f8b8f4649f2fb880bebf5c3a4","hashSHA1":"c836d5b662299f150ab55ee62283628e9a3f9f7b","hashSHA256":"12cd44a0a9abb3f0ff0dde35eaabe3e62f0b4aae1a25d82e5920a41a39d430af","sourceIndex":"1984","avBlockList":["360 Total Security (20210323)","Avast Premium Security (20210323)","AVG Internet Security (20210323)","Avira Internet Security (20210323)","Bitdefender Internet Security (20210323)","Dr.Web Security Space (20210323)","ESET Internet Security (20210323)","G DATA INTERNET SECURITY (20210323)","K7 Total Security (20210323)","Malwarebytes Premium (20210323)","McAfee Total Protection (20210323)","Norton Security (20210323)","Panda Dome (20210323)","Quick Heal Internet Security (20210323)","Sophos Home Premium (20210323)","SpyHunter5 (20210323)","Tencent PC Manager (20210323)","Total AV Antivirus Pro (20210323)","Trend Micro Internet Security (20210323)","VIPRE Advanced Security (20210323)","VirIT eXplorer PRO (20210323)","Webroot SecureAnywhere (20210323)","Windows Defender (20210323)"],"avAllowList":["COMODO Antivirus (20210323)","Kaspersky Internet Security (20210323)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.blue-series.com/en/products/mini-key-log/","directDownloadingLink":"http://www.blue-series.com/downloads/ee7e09300ef8ba65170231b5cb0d27d0825a795b/MiniKeyLog.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.blue-series.com/downloads/ee7e09300ef8ba65170231b5cb0d27d0825a795b/MiniKeyLog.exe","sourceIndex":"1984"}],"sampleFiles":["210302/MiniKeyLog-210302/7.3/Samples/kewenu.dll","210302/MiniKeyLog-210302/7.3/Samples/kewenu.exe","210302/MiniKeyLog-210302/7.3/Samples/MiniKeyLog.exe"],"imageFiles":["210302/MiniKeyLog-210302/7.3/Images/ACR-084/MiniKey_Interactions [3].png","210302/MiniKeyLog-210302/7.3/Images/ACR-084/MiniKey_Files [1].png","210302/MiniKeyLog-210302/7.3/Images/ACR-048/MiniKey_Interactions [3].png","210302/MiniKeyLog-210302/7.3/Images/ACR-014/MiniKey_RunningProcess [1].png","210302/MiniKeyLog-210302/7.3/Images/ACR-014/MiniKey_About [2].png","210302/MiniKeyLog-210302/7.3/Images/ACR-014/MiniKey_Files [1].png"],"nonDeceptorImageFiles":["210302/MiniKeyLog-210302/7.3/Images/ACR-038/MiniKey_FileProperty [1].png","210302/MiniKeyLog-210302/7.3/Images/ACR-038/MiniKey_FileProperty [3].png","210302/MiniKeyLog-210302/7.3/Images/ACR-040/MiniKey_Files [1].png","210302/MiniKeyLog-210302/7.3/Images/ACR-065/MiniKey_Install [1].png","210302/MiniKeyLog-210302/7.3/Images/ACR-065/MiniKey_Install [2].png","210302/MiniKeyLog-210302/7.3/Images/ACR-065/MiniKey_Install [3].png","210302/MiniKeyLog-210302/7.3/Images/ACR-092/MiniKey_FileProperty [2].png","210302/MiniKeyLog-210302/7.3/Images/ACR-092/MiniKey_FileProperty [4].png","210302/MiniKeyLog-210302/7.3/Images/ACR-092/MiniKey_FileProperty [5].png","210302/MiniKeyLog-210302/7.3/Images/ACR-065/MiniKey_About [1].png","210302/MiniKeyLog-210302/7.3/Images/ACR-065/MiniKey_About [2].png","210302/MiniKeyLog-210302/7.3/Images/ACR-065/MiniKey_LandingPage [1].png","210302/MiniKeyLog-210302/7.3/Images/ACR-065/MiniKey_LandingPage [2].png","210302/MiniKeyLog-210302/7.3/Images/ACR-065/MiniKey_OfferPage [1].png"],"guid":"53bba53e-c622-454b-a3a5-13b057b48cde_7.3_1","appID":"MiniKeyLog-210302","dateAdded":"220728","deceptorType":"App","name":"Mini Key Log ","company":"7TECH LTD","version":"7.3","sigName":"Deceptor:Win32/MiniKeyLogStalkerware!084048014","lastKnownStatus":"7.3;7.4;7.6","lastKnownDate":"220728","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-07-28T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1350},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer. The app can then only be reopened with a password.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and uses password to re-open.\n","ACR-086":"The app requires a password to open the app which allows it to hide how it collects user data from the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App shows different names as \"viewer.exe\" in the running service/apps section.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"ActivityMonHomeSetup.exe","isInstaller":"True","companyName":"Roman Svihalek, ActivityMon Software","fileVersion":"2.0","hashMD5":"e10eaa219862f8492d314d84569936df","hashSHA1":"e88cedd06a3539952a574e7a0002a813864b17d8","hashSHA256":"3916b8d9861a942c65b8e77808ad1cb8922bfc2c74a6bcd090708d7ce1f29954","digitalCertThumbprint":"3E58028EC7D7BF954A86167666851CFE3A2A6EB3","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Roman Svihalek, O=Roman Svihalek, STREET=U dvojdomu 862/10, L=Praha 10 - Hostivar, S=Praha, PostalCode=10200, C=CZ","sourceIndex":"1828","avBlockList":["Avira Internet Security (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Quick Heal Internet Security (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)"],"avAllowList":["360 Total Security (20210921)","Avast Premium Security (20210921)","AVG Internet Security (20210921)","Bitdefender Internet Security (20210921)","COMODO Antivirus (20210921)","Dr.Web Security Space (20210921)","Kaspersky Internet Security (20210921)","Malwarebytes Premium (20210921)","Trend Micro Internet Security (20210921)","VIPRE Advanced Security (20210921)"]},{"isRevoked":"False","fileName":"Viewer.exe","companyName":"Roman Svihalek, ActivityMon Software","fileVersion":"2.0","hashMD5":"dcfe9edbaba8feb714ec97bf30502f1d","hashSHA1":"500444addde337c65dd2723b617db76faf672457","hashSHA256":"4d529a7f11cc32a7dad038d3d63b3fbb6bb1e0f9cbdd5ca456222392bab79647","digitalCertThumbprint":"3E58028EC7D7BF954A86167666851CFE3A2A6EB3","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Roman Svihalek, O=Roman Svihalek, STREET=U dvojdomu 862/10, L=Praha 10 - Hostivar, S=Praha, PostalCode=10200, C=CZ","sourceIndex":"1828","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://softfamous.com/postdownload-file/activitymon/820/12/","landingPage":"https://www.activitymon.com/en/home","directDownloadingLink":"https://fs3.softfamous.com/downloads/tname-041220cg0f167/software/ActivityMonHomeSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fs3.softfamous.com/downloads/tname-041220cg0f167/software/ActivityMonHomeSetup.exe","sourceIndex":"1828"}],"sampleFiles":["210812/ActivityMon-210812/2.0.2.142/Samples/ActivityMonHomeSetup.exe","210812/ActivityMon-210812/2.0.2.142/Samples/Viewer.exe"],"imageFiles":["210812/ActivityMon-210812/2.0.2.142/Images/ACR-048/ActivityMon_Install [5].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-048/ActivityMon_Interactions [5].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-048/ActivityMon_Interactions [6].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-007/ActivityMon_Install [5].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-007/ActivityMon_Install [8].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-007/ActivityMon_Interactions [2].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-007/ActivityMon_Interactions [5].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-007/ActivityMon_Interactions [6].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-084/ActivityMon_Install [5].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-084/ActivityMon_Interactions [2].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-086/ActivityMon_Interactions [2].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-086/ActivityMon_Interactions [3].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-086/ActivityMon_Interactions [5].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-086/ActivityMon_Interactions [7].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-086/ActivityMon_Interactions [8].png"],"nonDeceptorImageFiles":["210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_Install [1].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_Install [2].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_Install [5].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_Install [8].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_Install [9].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_Install [10].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_Interactions [1].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-099/ActivityMon_Interactions [1].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-002/ActivityMon_RunningProcess [1].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_LandingPage [1].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-099/ActivityMon_LandingPage [1].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-065/ActivityMon_OfferPage [1].png","210812/ActivityMon-210812/2.0.2.142/Images/ACR-099/ActivityMon_OfferPage [1].png"],"guid":"968ac172-986a-426f-adf9-6bc7ed036da3_2.0.2.142_1","appID":"ActivityMon-210812","dateAdded":"220728","deceptorType":"App","name":"ActivityMon","company":"ActivityMon Software","version":"2.0.2.142","sigName":"Deceptor:Win32/ActivityMon!048007084086","lastKnownStatus":"2.0.2.142;2.0.3.159","lastKnownDate":"220728","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-07-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1352},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the targerted consumer, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app allows the use of hotkey to open it and running in background which prevents the targeted consumer from being notified or giving informed consent. \n\n","ACR-084":"The app enables the use of hotkeys and running in the background to open it  which prevents the targeted consumer from finding it.\n","ACR-086":"The app does not inform the targeted consumer how it collects and transfers data. It also allows silent running and the use of hotkey to open it, which prevents the targeted consumer from understanding what data is collected and transmitted. \n"},"nonDeceptorViolations":{"ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information. \n","ACR-167":"The App does not offer an at least 30-day refund.\n"},"samples":[{"isRevoked":"False","fileName":"KeyTurion.exe","productVersion":"6.7.0.0","fileVersion":"6.9.0.0","hashMD5":"8d04a204dda8362e83d5553a363556df","hashSHA1":"d38e31ae28b2a62d4457b3286d3b7633c2729226","hashSHA256":"424250db79e2e8eb24f3db2cb31e3d1c39026516e2f3b0b5139c65131edb6f6c","sourceIndex":"295","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_free75.exe","isInstaller":"True","productName":"Keyturion Free    ","fileVersion":"0.0","hashMD5":"59f4dbff10c8c22632cb562503c6561d","hashSHA1":"701c00bd1b03d9cf7e298345fa34cc39d3c0896f","hashSHA256":"d411a03ecdacff84decaa22278fc02e95182678abc73f509ca103dd7d342e936","sourceIndex":"295","avBlockList":["360 Total Security (20220802)","Avast Premium Security (20220802)","AVG Internet Security (20220802)","Avira Internet Security (20220802)","ESET Internet Security (20220802)","K7 Total Security (20220802)","Kaspersky Internet Security (20220802)","McAfee Total Protection (20220802)","Norton Security (20220802)","Sophos Home Premium (20220802)","SpyHunter5 (20220802)","Total AV Antivirus Pro (20220802)","Trend Micro Internet Security (20220802)","VirIT eXplorer PRO (20220802)","Webroot SecureAnywhere (20220802)","Windows Defender (20220802)"],"avAllowList":["Bitdefender Internet Security (20220802)","COMODO Antivirus (20220802)","Dr.Web Security Space (20220802)","G DATA INTERNET SECURITY (20220802)","Malwarebytes Premium (20220802)","Panda Dome (20220802)","Quick Heal Internet Security (20220802)","Tencent PC Manager (20220802)","VIPRE Advanced Security (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt: keyloggers","reference":"","landingPage":"https://www.keyturion.com/free-keylogger/","directDownloadingLink":"https://www.keyturion.com/download/free_release/setup_free75.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.keyturion.com/download/free_release/setup_free75.exe","sourceIndex":"295"}],"sampleFiles":["220727/KeyturionFreeKeylogger-220727/6.9/Samples/KeyTurion.exe","220727/KeyturionFreeKeylogger-220727/6.9/Samples/setup_free75.exe"],"imageFiles":["220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-084/Keyturion_Hotkey.jpg","220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-084/KeyTurion_Settings.jpg","220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-086/Keyturion_Hotkey.jpg","220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-086/KeyTurion_Settings.jpg","220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-086/KeytTurion_Sending_CollectedData.jpg","220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-086/KeytTurion_Sending_CollectedData_server.jpg","220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-048/KeyTurion_Settings.jpg","220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-007/KeyTurion_Settings.jpg"],"nonDeceptorImageFiles":["220727/KeyturionFreeKeylogger-220727/6.9/Images/ACR-099/KeyTurion_LandingPage.jpeg"],"guid":"46c41e15-960a-4523-b9b6-cc89623f8e95_6.9_1","appID":"KeyturionFreeKeylogger-220727","dateAdded":"220727","deceptorType":"App","name":"KeyTurion Free Keylogger","company":"KeyTurion","version":"6.9","sigName":"Deceptor:Win32/KeyTurionFreeKeyloggerStalkerware!084086048007","lastKnownStatus":"6.9","lastKnownDate":"241212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2024-12-12T21:14:19.6562311+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1356},{"violations":{"ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer and locates its installation directory inside of a hidden directory.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method. \n","ACR-014":"The app calls itself \"csrts.exe”, which is not related to the name \"MiniKeylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app main executable does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version.\n","ACR-040":"The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real. \nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"mini-keylogger.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"f1dcc9670af5b21170269633b6ee0a490f884b2387a56695fdc457af2c76d7c2","sourceIndex":"1868","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MiniKeylogger.exe","isInstaller":"True","companyName":"MiniKeylogger","fileVersion":"0.0","hashMD5":"b71fd1387060639c8314f4622727ef40","hashSHA1":"552d8c513b3a7f265ca921c62c2f80b9f2337121","hashSHA256":"66e19a21e82794339abd6f13aa9804f346106a2bc1423f7e62fbcf6c05da1f9e","sourceIndex":"1868","avBlockList":["360 Total Security (20211104)","Avast Premium Security (20211104)","AVG Internet Security (20211104)","Avira Internet Security (20211104)","Bitdefender Internet Security (20211104)","ESET Internet Security (20211104)","G DATA INTERNET SECURITY (20211104)","K7 Total Security (20211104)","Kaspersky Internet Security (20211104)","Malwarebytes Premium (20211104)","McAfee Total Protection (20211104)","Norton Security (20211104)","Panda Dome (20211104)","Quick Heal Internet Security (20211104)","Sophos Home Premium (20211104)","SpyHunter5 (20211104)","Tencent PC Manager (20211104)","Total AV Antivirus Pro (20211104)","Trend Micro Internet Security (20211104)","VIPRE Advanced Security (20211104)","VirIT eXplorer PRO (20211104)","Webroot SecureAnywhere (20211104)","Windows Defender (20211104)"],"avAllowList":["COMODO Antivirus (20211104)","Dr.Web Security Space (20211104)"]},{"isRevoked":"False","fileName":"csrts.exe","fileVersion":"0.0","hashMD5":"5ab30e8cf1e2df44d068f7ebabb48b94","hashSHA1":"54e676900c62130c1276abba1575f7001eaa6723","hashSHA256":"5420afbde7023c05771f3cb93e206cd3193f7e53f4b73bd20c70dfc0f123f33f","sourceIndex":"1868","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.minikeylogger.com/","directDownloadingLink":"https://srv-store6.gofile.io/download/d26aa386-3bd3-41a0-9e73-b546942ff8f3/mini-keylogger.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://srv-store6.gofile.io/download/d26aa386-3bd3-41a0-9e73-b546942ff8f3/mini-keylogger.zip","sourceIndex":"1868"}],"sampleFiles":["210706/MiniKeylogger-210630/2.16/Samples/mini-keylogger.zip","210706/MiniKeylogger-210630/2.16/Samples/MiniKeylogger.exe","210706/MiniKeylogger-210630/2.16/Samples/csrts.exe"],"imageFiles":["210706/MiniKeylogger-210630/2.16/Images/ACR-084/MiniKeylogger_Files [2].png","210706/MiniKeylogger-210630/2.16/Images/ACR-086/MiniKeylogger_Interactions [3].png","210706/MiniKeylogger-210630/2.16/Images/ACR-086/MiniKeylogger_Interactions [5].png","210706/MiniKeylogger-210630/2.16/Images/ACR-086/MiniKeylogger_Interactions [6] Logs.png","210706/MiniKeylogger-210630/2.16/Images/ACR-014/MiniKeylogger_RunningProcess [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-116/MiniKeylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210706/MiniKeylogger-210630/2.16/Images/ACR-038/MiniKeylogger_FileProperty [2].png","210706/MiniKeylogger-210630/2.16/Images/ACR-040/MiniKeylogger_Files [2].png","210706/MiniKeylogger-210630/2.16/Images/ACR-065/MiniKeylogger_Install [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-092/MiniKeylogger_FileProperty [3].png","210706/MiniKeylogger-210630/2.16/Images/ACR-092/MiniKeylogger_FileProperty [4].png","210706/MiniKeylogger-210630/2.16/Images/ACR-065/MiniKeylogger_About [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-099/MiniKeylogger_About [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-065/MiniKeylogger_LandingPage [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-099/MiniKeylogger_LandingPage [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-161/MiniKeylogger_LandingPage [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-065/MiniKeylogger_OfferPage [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-099/MiniKeylogger_OfferPage [1].png","210706/MiniKeylogger-210630/2.16/Images/ACR-161/MiniKeylogger_OfferPage [1].png"],"guid":"21f19cfc-7c6b-4d6a-b89d-f4771b8500a6_2.16_1","appID":"MiniKeylogger-210630","dateAdded":"220727","deceptorType":"App","name":"MiniKeylogger","company":"MiniKeylogger.com","version":"2.16","sigName":"Deceptor:Win32/MiniKeyloggerStalkerware!084086014116","lastKnownStatus":"2.16;2.20","lastKnownDate":"220727","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1355},{"violations":{"ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer and locates its installation directory inside of a hidden directory.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method. \n","ACR-014":"The app calls itself \"csrts.exe”, which is not related to the name \"MiniKeylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app main executable does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version.\n","ACR-040":"The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real. \n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Microsoft\\Windows\\csrts.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"5ab30e8cf1e2df44d068f7ebabb48b94","hashSHA1":"54e676900c62130c1276abba1575f7001eaa6723","hashSHA256":"5420afbde7023c05771f3cb93e206cd3193f7e53f4b73bd20c70dfc0f123f33f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MiniKeylogger.exe","isInstaller":"True","companyName":"MiniKeylogger","productName":"MiniKeylogger","productVersion":"2.20","fileVersion":"2.20","hashMD5":"5eb5d5f73e092de599b37b8d64a7d5d7","hashSHA1":"e9a75264bb4e70e180af130b434dc92348628a20","hashSHA256":"71097e38d00ea2debae9c597e9b28bff714dcc393e7cb9037ffa46d3ca39bbee","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1495","avBlockList":["Avast Premium Security (20220802)","AVG Internet Security (20220802)","Avira Internet Security (20220802)","Bitdefender Internet Security (20220802)","Dr.Web Security Space (20220802)","ESET Internet Security (20220802)","G DATA INTERNET SECURITY (20220802)","K7 Total Security (20220802)","Kaspersky Internet Security (20220802)","Malwarebytes Premium (20220802)","McAfee Total Protection (20220802)","Norton Security (20220802)","Panda Dome (20220802)","Quick Heal Internet Security (20220802)","Sophos Home Premium (20220802)","SpyHunter5 (20220802)","Tencent PC Manager (20220802)","Total AV Antivirus Pro (20220802)","Trend Micro Internet Security (20220802)","VIPRE Advanced Security (20220802)","VirIT eXplorer PRO (20220802)","Webroot SecureAnywhere (20220802)","Windows Defender (20220802)"],"avAllowList":["360 Total Security (20220802)","COMODO Antivirus (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.minikeylogger.com/","directDownloadingLink":"https://srv-store6.gofile.io/download/d26aa386-3bd3-41a0-9e73-b546942ff8f3/mini-keylogger.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://srv-store6.gofile.io/download/d26aa386-3bd3-41a0-9e73-b546942ff8f3/mini-keylogger.zip","sourceIndex":"1495"}],"sampleFiles":["220727/MiniKeylogger-210630/2.20/Samples/MiniKeylogger.exe"],"imageFiles":["220727/MiniKeylogger-210630/2.20/Images/ACR-084/ACR-084.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-086/ACR-086.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-086/ACR-086_1.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-086/ACR-086_2.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-014/ACR-014.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["220727/MiniKeylogger-210630/2.20/Images/ACR-038/ACR-038.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-040/ACR-040.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-065/ACR-065_Install.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-092/ACR-092.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-092/ACR-092_1.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-065/ACR-065_Software.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-099/ACR-099_Software.JPG","220727/MiniKeylogger-210630/2.20/Images/ACR-065/ACR-065_Landingpage.jpg","220727/MiniKeylogger-210630/2.20/Images/ACR-099/ACR-099_Landingpage.jpg","220727/MiniKeylogger-210630/2.20/Images/ACR-161/ACR-161_Landingpage.jpg","220727/MiniKeylogger-210630/2.20/Images/ACR-065/ACR-065_InternalOffers.jpg","220727/MiniKeylogger-210630/2.20/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"21f19cfc-7c6b-4d6a-b89d-f4771b8500a6_2.20_1","appID":"MiniKeylogger-210630","dateAdded":"220727","deceptorType":"App","name":"MiniKeylogger","company":"MiniKeylogger.com","version":"2.20","lastKnownStatus":"2.16;2.20","lastKnownDate":"220727","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-27T17:54:21.335044+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1354},{"violations":{"ACR-109":"The app installs a \"Nero Start\" and \"Nero Market\" shortcut without disclosing it to the user and getting user consent. Also, the app launches the \"Nero Start\" application instead of the actual \"Nero TuneItUp\" app after installation.\n","ACR-042":"1. Application silently installs the app \"Nero Start\" and \"Nero Info\" apps without disclosing the relationship to the app during installation.\n2. The app installs a \"Nero Start\" and \"Nero Market\" shortcut without disclosing it to the user and gets user consent. Also, the app launches the \"Nero Start\" application instead of the actual \"Nero TuneItUp\" app after installation. \n","ACR-043":"1. Application silently installs the app \"Nero Start\" and \"Nero Info\" apps without disclosing the relationship to the app during installation.\n2. The app installs a \"Nero Start\" and \"Nero Market\" shortcut without disclosing it to the user and gets user consent. Also, the app launches the \"Nero Start\" application instead of the actual \"Nero TuneItUp\" app after installation. \n","ACR-048":"1. The app does not provide control to remove the \"Nero Info\" schedule task within the app's settings.\n2. When the Startup item is disabled from the app, the corresponding startup item gets removed in the Task Manager. But upon re-enabling it, the startup item doesn't get added up. Thus the app does not provide proper control to enable/disable every startup item within the app's \"Startup Booster\" feature.\n","ACR-003":"The app shows exclamation symbols on the scan summary page and also does not substantiate the identified issues shown during the free scan\n","ACR-004":"The app needs to provide a free fix for all the identified issues during the Free scan. The app exaggerates the identified issues by using big-sized exclamation symbols post-scan and does not substantiate the issues shown during the free scan. \n","ACR-007":"The app does not display any warning message when the Windows security component \"Security Health\" is disabled which will reduce the default system security in the Startup manager within the app.\n","ACR-017":"Unable to verify third-party endorsements on the Internal Offers Page(https://store.nero.com/order/checkout.php?CART_ID=cad17749d4ebc794f691b5604a72d180)\n","ACR-084":"The app creates an undisclosed scheduled task to perform actions without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains most of its components on the device without the consumer's consent.\n","ACR-039":"1. Application silently installs the app \"Nero Start\" and \"Nero Info\" apps without disclosing the relationship to the app during installation.\n2. The app installs a \"Nero Start\" and \"Nero Market\" shortcut without disclosing it to the user and gets user consent. Also, the app launches the \"Nero Start\" application instead of the actual \"Nero TuneItUp\" app after installation. \n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove the \"Nero Info\" scheduled task even after uninstall and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Nero\\Nero Apps\\NeroInfo\\NeroInfo.exe","companyName":"Nero AG","productName":"Nero Info","productVersion":"24.5.1.11","fileVersion":"24.5.1.11","hashMD5":"471076f52db6d88201682ac8e8c99590","hashSHA1":"91b7bed64b56c20e392fcdcee8fff6d1972308e1","hashSHA256":"94ebfd3d0bc6ee06ae50e7a8a2944663ba2b92ec92acf113efdcc2ec56cb4af7","digitalCertThumbprint":"C534244865E371CCF12506AD2D54E636F410F0CC","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Nero AG","storeId":"","sourceIndex":"1494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Nero\\Nero Common\\Nero Launcher\\NeroLauncher.exe","companyName":"Nero AG","productName":"NeroLauncher","productVersion":"24.5.89.0","fileVersion":"24.5.89","hashMD5":"c60b83758f63e45c0919c57b73f2bd1e","hashSHA1":"715c411e0d2502d45496df860fa1dfb786bec944","hashSHA256":"ce37c7c1b09a8aac93f57ce70668bb7e3be0c29a852adf7d0c181a4463444247","digitalCertThumbprint":"C534244865E371CCF12506AD2D54E636F410F0CC","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Nero AG","storeId":"","sourceIndex":"1494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Nero\\Nero Apps\\NTIU\\TuneItUp.exe","companyName":"Nero AG","productName":"TuneItUp","productVersion":"3.3.0.8","fileVersion":"3.3.0.8","hashMD5":"b31dfc54cfa6be2e22aa05296eaf0748","hashSHA1":"89f5d83bc066932c94445a651e79bcfe5ca98e5c","hashSHA256":"cc65abd37207f44bf34f90e5972803f2b918707829a07f9361ec234f425ff356","digitalCertThumbprint":"C534244865E371CCF12506AD2D54E636F410F0CC","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Nero AG","storeId":"","sourceIndex":"1494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"NTIU_1.2.0.22.exe","isInstaller":"True","companyName":"Nero AG","productName":"NeroInstaller","productVersion":"1.2.0.22","fileVersion":"1.2.0.22","hashMD5":"0bd8c9c525aa377edf806249c9fdd576","hashSHA1":"b90755e3c3e04ac11dde85438a6d15cd3717150d","hashSHA256":"73b3d7171f96085758f599e1ec86c16b1b12a641a39057be8e5b461ae845243a","digitalCertThumbprint":"C534244865E371CCF12506AD2D54E636F410F0CC","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Nero AG","storeId":"","sourceIndex":"1494","avBlockList":["Avast Premium Security (20220802)","AVG Internet Security (20220802)","ESET Internet Security (20220802)","G DATA INTERNET SECURITY (20220802)","K7 Total Security (20220802)","Norton Security (20220802)","SpyHunter5 (20220802)","Total AV Antivirus Pro (20220802)","VirIT eXplorer PRO (20220802)","Webroot SecureAnywhere (20220802)","Windows Defender (20220802)"],"avAllowList":["360 Total Security (20220802)","Avira Internet Security (20220802)","Bitdefender Internet Security (20220802)","COMODO Antivirus (20220802)","Dr.Web Security Space (20220802)","Kaspersky Internet Security (20220802)","Malwarebytes Premium (20220802)","McAfee Total Protection (20220802)","Panda Dome (20220802)","Quick Heal Internet Security (20220802)","Sophos Home Premium (20220802)","Tencent PC Manager (20220802)","Trend Micro Internet Security (20220802)","VIPRE Advanced Security (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"Random Hunt on Utility app","reference":"","landingPage":"https://www.nero.com/eng/products/nero-tuneitup/?vlang=in","directDownloadingLink":"https://marketing.nero.com/r/036d9451adbb0c8b24f04a651?ct=YTo1OntzOjY6InNvdXJjZSI7YToyOntpOjA7czoxNDoiY2FtcGFpZ24uZXZlbnQiO2k6MTtpOjE3Mzt9czo1OiJlbWFpbCI7aTozOTtzOjQ6InN0YXQiO3M6MjI6IjYyZTBjYjI2OGFlZmE3NDUyNDM5MDciO3M6NDoibGVhZCI7czo3OiI1NzQwNTMxIjtzOjc6ImNoYW5uZWwiO2E6MTp7czo1OiJlbWFpbCI7aTozOTt9fQ%3D%3D&","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://marketing.nero.com/r/036d9451adbb0c8b24f04a651?ct=YTo1OntzOjY6InNvdXJjZSI7YToyOntpOjA7czoxNDoiY2FtcGFpZ24uZXZlbnQiO2k6MTtpOjE3Mzt9czo1OiJlbWFpbCI7aTozOTtzOjQ6InN0YXQiO3M6MjI6IjYyZTBjYjI2OGFlZmE3NDUyNDM5MDciO3M6NDoibGVhZCI7czo3OiI1NzQwNTMxIjtzOjc6ImNoYW5uZWwiO2E6MTp7czo1OiJlbWFpbCI7aTozOTt9fQ%3D%3D&","sourceIndex":"1494"}],"sampleFiles":["220727/nerotuneitupfree-220727/24.5.89.0/Samples/NTIU_1.2.0.22.exe"],"imageFiles":["220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-109/ACR-109.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-039/ACR-039_1.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-039/ACR-039_2.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-039/ACR-039_3.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-043/ACR-043_1.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-043/ACR-043_2.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-043/ACR-043_3.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-042/ACR-042_1.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-042/ACR-042_2.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-042/ACR-042_3.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-004/ACR-004.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-004/ACR-004_1.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-084/ACR-084_Software_Undisclosed_Task.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-048/ACR-048_1.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-048/ACR-048_2.mp4","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-003/ACR-003.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-007/ACR-007_1.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-118/ACR-118.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-118/ACR-118_1.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-118/ACR-118-2.JPG","220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-017/ACR-017.JPG"],"nonDeceptorImageFiles":["220727/nerotuneitupfree-220727/24.5.89.0/Images/ACR-123/ACR-123.JPG"],"guid":"3c8a8638-86dd-4e90-959a-3aa2e3b15589_24.5.89.0_1","appID":"nerotuneitupfree-220727","dateAdded":"220727","deceptorType":"App","name":"Nero TuneItUp","company":"Nero AG","version":"24.5.89.0","lastKnownStatus":"24.5.89.0","lastKnownDate":"220727","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-27T19:10:10.3457287+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1353},{"violations":{"ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by sharing IP/network connection.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MaskVPN\\MaskVPN.exe","companyName":"Global Media (Thailand) Co. Ltd","productName":"MaskVPN","productVersion":"1.1.0.0","fileVersion":"1.1.0.31","hashMD5":"a220528f31dceddc955b791b13ac4989","hashSHA1":"57a83b83a11b6e27c9e88a7835d8a84744d79bdd","hashSHA256":"e801fa187027537337d8b4e4bde3a7da95499172f6b1477830a216d0a385518b","digitalCertThumbprint":"BA2CC98AE9760F4B584973A51436D6896BA20291","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"Global Media (Thailand) Co. Ltd","storeId":"","sourceIndex":"296","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MaskVPN\\MaskVPNUpdate.exe","companyName":"Global Media (Thailand) Co. Ltd","productName":"MaskVPN","productVersion":"1.1.0.0","fileVersion":"1.1.0.10","hashMD5":"ea4a5721c804e49f4073fc041c83c674","hashSHA1":"dd66319b55823baec0d21e69337f7a6fabbe5267","hashSHA256":"2aa89522da7f7fa7d3d7636c30e7415174073b1117e3eb1837548269b19e6776","digitalCertThumbprint":"BA2CC98AE9760F4B584973A51436D6896BA20291","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"Global Media (Thailand) Co. Ltd","storeId":"","sourceIndex":"296","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MaskVPN\\mask_svc.exe","companyName":"Global Media (Thailand) Co. Ltd","productName":"MaskVPN","productVersion":"1.1.0.0","fileVersion":"1.1.0.12","hashMD5":"c6b1934d3e588271f27a38bfeed42abb","hashSHA1":"08072ecb9042e6f7383d118c78d45b42a418864f","hashSHA256":"35ec7f4d10493f28d582440719e6f622d9a2a102e40a0bc7c4924a3635a7f5a8","digitalCertThumbprint":"BA2CC98AE9760F4B584973A51436D6896BA20291","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"Global Media (Thailand) Co. Ltd","storeId":"","sourceIndex":"296","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"maskvpn-setup.exe","isInstaller":"True","companyName":"Global Media (Thailand) Co. Ltd                            ","productName":"MaskVPN                                                     ","productVersion":"1.1.0.31            ","fileVersion":"1.1.0.31            ","hashMD5":"f9634d85ca0138cfddfe6e58fa1c6160","hashSHA1":"5ffa0b96b7257d804beddb87b0a21e871a1296b4","hashSHA256":"1013eb0e3dbbc16c8b6d0659cca46a084e767b2d9bb8e498e07016bfdb978780","digitalCertThumbprint":"BA2CC98AE9760F4B584973A51436D6896BA20291","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"Global Media (Thailand) Co. Ltd","storeId":"","sourceIndex":"296","avBlockList":["Avast Premium Security (20220802)","AVG Internet Security (20220802)","Avira Internet Security (20220802)","COMODO Antivirus (20220802)","Dr.Web Security Space (20220802)","ESET Internet Security (20220802)","McAfee Total Protection (20220802)","Norton Security (20220802)","Sophos Home Premium (20220802)","SpyHunter5 (20220802)","Total AV Antivirus Pro (20220802)","VirIT eXplorer PRO (20220802)","Webroot SecureAnywhere (20220802)"],"avAllowList":["360 Total Security (20220802)","Bitdefender Internet Security (20220802)","G DATA INTERNET SECURITY (20220802)","K7 Total Security (20220802)","Kaspersky Internet Security (20220802)","Malwarebytes Premium (20220802)","Panda Dome (20220802)","Quick Heal Internet Security (20220802)","Tencent PC Manager (20220802)","Trend Micro Internet Security (20220802)","VIPRE Advanced Security (20220802)","Windows Defender (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"Kreb blog","reference":"https://krebsonsecurity.com/2022/07/a-deep-dive-into-the-residential-proxy-service-911/","landingPage":"https://www.maskvpn.org/home","ipv4":"","ipv6":"","sourceIndex":"296"}],"sampleFiles":["220726/MaskVPN-220723/1.1.0.31/Samples/maskvpn-setup.exe"],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"85831002-2375-40b5-902c-b56119d0256d_1.1.0.31_1","appID":"MaskVPN-220723","dateAdded":"220726","deceptorType":"App","name":"MaskVPN","company":"Global Media (Thailand) Co., Ltd","version":"1.1.0.31","lastKnownStatus":"1.1.0.31","lastKnownDate":"241212","type":"Windows Executable","category":"Personalization & Search, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2024-12-12T21:13:00.7042211+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1357},{"violations":{"ACR-048":"The App does not provide an option to cancel the startup of its own.\n","ACR-003":"App lists non-critical items like history and shortcuts as \"errors\", compelling user to take action.\n","ACR-004":"The App only provides 20 fixes for free scan results and upsells the product to completely fix items listed as \"errors\", misleading and driving users to take action.\n","ACR-014":" App claims non-critical items like history and shortcuts as \"errors\", misleading and driving users to take action.\n\n"},"nonDeceptorViolations":{"ACR-099":"The application does not display links to uninstall information. \n\n"},"samples":[{"isRevoked":"False","fileName":"ARO.exe","companyName":"Sammsoft","productName":"Advanced Registry Optimizer","fileVersion":"5.1.386.556","hashMD5":"9b7740b19cc6ddd0143300834d8a8310","hashSHA1":"d25ddba7eeb477b0cc25cb3f57e68ac1eb1c6202","hashSHA256":"b02c545c4b0f222371ac82d5ee682fa10441442f364424bcc52254ee3b585f20","digitalCertThumbprint":"22D1B0DF7360B82F10506608986F56CBD2D03834","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Sammsoft, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sammsoft, L=Sammamish, S=Washington, C=US","sourceIndex":"298","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AROTr_52_sft.exe","isInstaller":"True","companyName":"Sammsoft                                                    ","fileVersion":"0.0","hashMD5":"7e24b3152b54939f093cd3c2f7ea2df6","hashSHA1":"7d3aaf2f3047ade3af7c38239680a6d29e975331","hashSHA256":"47970b2d424c3e0378c8bf0642cfee9b2e34ab5fc443a3e2bba54018f2a76699","digitalCertThumbprint":"BE964D48EA79BE5C0635B2B1D7C382238E19B1E4","digitalCertIssuer":"CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US","digitalCertIssuedTo":"CN=Sammsoft, O=Sammsoft, STREET=23316 NE Redmond-Fall City Road, L=Redmond, S=WA, PostalCode=98053, C=US","sourceIndex":"298","avBlockList":["Avast Premium Security (20220802)","AVG Internet Security (20220802)","Avira Internet Security (20220802)","Dr.Web Security Space (20220802)","ESET Internet Security (20220802)","K7 Total Security (20220802)","Norton Security (20220802)","Sophos Home Premium (20220802)","SpyHunter5 (20220802)","Total AV Antivirus Pro (20220802)","VirIT eXplorer PRO (20220802)","Webroot SecureAnywhere (20220802)","Windows Defender (20220802)"],"avAllowList":["360 Total Security (20220802)","Bitdefender Internet Security (20220802)","COMODO Antivirus (20220802)","G DATA INTERNET SECURITY (20220802)","Kaspersky Internet Security (20220802)","Malwarebytes Premium (20220802)","McAfee Total Protection (20220802)","Panda Dome (20220802)","Quick Heal Internet Security (20220802)","Tencent PC Manager (20220802)","Trend Micro Internet Security (20220802)","VIPRE Advanced Security (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"searched registry cleaners","reference":"","landingPage":"https://advanced-registry-optimizer.en.softonic.com/","directDownloadingLink":"https://en.softonic.com/download/advanced-registry-optimizer/windows/post-download?ext=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.softonic.com/download/advanced-registry-optimizer/windows/post-download?ext=1","sourceIndex":"298"}],"sampleFiles":["220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Samples/ARO.exe","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Samples/AROTr_52_sft.exe"],"imageFiles":["220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-004/Errors.jpg","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-004/Errors-b.jpg","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-004/ACR-004_LimitedFunctionality-b.jpg","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-004/ACR-004_LimitedFunctionality.jpg","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-048/ACR-048_Startup.jpg","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-003/Errors.jpg","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-003/Errors-b.jpg","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-014/Errors.jpg","220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-014/Errors-b.jpg"],"nonDeceptorImageFiles":["220726/AdvancedRegistryOptimizer-220726/5.1.386.556/Images/ACR-099/AdvancedRegistryOptimizer_About.jpg"],"guid":"678930af-878d-4f79-9944-fba1174b2222_5.1.386.556_1","appID":"AdvancedRegistryOptimizer-220726","dateAdded":"220726","deceptorType":"App","name":"Advanced Registry Optimizer","company":"Sammsoft","version":"5.1.386.556","lastKnownStatus":"5.1.386.556","lastKnownDate":"241211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-12-11T23:58:00.6611343+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1359},{"violations":{"ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by joining peer to peer network and sharing IP/network connection.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DewVPN-Setup.exe","isInstaller":"True","companyName":"Grand Media Ltd","fileVersion":"1.2","hashMD5":"8e8b072c93246808a7f24554ca593c59","hashSHA1":"d06418cacd11e25af37a41724d55dffc24d6fe5b","hashSHA256":"f422a38d72785c402948c94ae81336383a9fd48167272f29cdc434ce7e51e02b","digitalCertThumbprint":"89495FA18FC24E8BA2783A0933BEE8AAC1E0BA74","digitalCertIssuer":"CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Grand Media Ltd, O=Grand Media Ltd, L=Tortola, C=VG, SERIALNUMBER=1998149, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=VG","sourceIndex":"297","avBlockList":["Avira Internet Security (20220802)","McAfee Total Protection (20220802)","Norton Security (20220802)","Sophos Home Premium (20220802)","SpyHunter5 (20220802)","VirIT eXplorer PRO (20220802)","Webroot SecureAnywhere (20220802)"],"avAllowList":["360 Total Security (20220802)","Avast Premium Security (20220802)","AVG Internet Security (20220802)","Bitdefender Internet Security (20220802)","COMODO Antivirus (20220802)","Dr.Web Security Space (20220802)","ESET Internet Security (20220802)","G DATA INTERNET SECURITY (20220802)","K7 Total Security (20220802)","Kaspersky Internet Security (20220802)","Malwarebytes Premium (20220802)","Panda Dome (20220802)","Quick Heal Internet Security (20220802)","Tencent PC Manager (20220802)","Total AV Antivirus Pro (20220802)","Trend Micro Internet Security (20220802)","VIPRE Advanced Security (20220802)","Windows Defender (20220802)"]}],"additionalFiles":[],"sources":[{"howFound":"Kreb blog","reference":"","landingPage":"https://www.dewvpn.com/","ipv4":"","ipv6":"","sourceIndex":"297"}],"sampleFiles":["220726/DewVPN-220723/1.2.0.0/Samples/dewvpn-setup.exe"],"imageFiles":["220726/DewVPN-220723/1.2.0.0/Images/ACR-007/DewVPN_007.JPG"],"nonDeceptorImageFiles":[],"guid":"c0c7183b-c8fb-4464-a50e-a1bdb7586c82_1.2.0.0_1","appID":"DewVPN-220723","dateAdded":"220726","deceptorType":"App","name":"DewVPN","company":"Grand Media Ltd","version":"1.2.0.0","lastKnownStatus":"1.2.0.0","lastKnownDate":"241212","type":"Windows Executable","category":"Productivity, Personalization & Search","targetOS":"Windows 8,Windows 10,Windows XP,Windows 7,Windows Vista","targetBrowser":"None","ageAppropriate":"12+ appropriate","lastUpdate":"2024-12-12T21:11:14.9074758+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1358},{"violations":{"ACR-103":"The app suggests cleaning junk and cache in the device but it doesn’t seem to clean any junk/cache as it randomly displays data. When the user selects the “Tap to clean” option, it starts cleaning but displays different data to be cleaned again, thus unable to verify the app's value proposition.\n","ACR-014":"The app suggests cleaning junk and cache in the device but it doesn’t seem to clean any junk/cache as it randomly displays data. When the user selects the “Tap to clean” option, it starts cleaning but displays different data to be cleaned again, also does not substantiate the identified issues.\nSometimes after cleaning it shows “All clean” after which any activity on the app leads to start scanning again, which displays some junk data to be cleaned.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"CleanDroid1TapClearCacheAndPhoneCleaner.apk","isInstaller":"True","productName":"com.ruhax.cleandroid.apk","fileVersion":"0.","hashMD5":"45e7c7d810403fd72614aa129b498242","hashSHA1":"e9c94a47ee8617d8aa59f2a843d57f97d83b5cb9","hashSHA256":"3e717e44a33bc93e8d65edebcb3602d1b74e4f6df9ea67159e2aba32d287bcf4","sourceIndex":"1503","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.ruhax.cleandroid","ipv4":"","ipv6":"","sourceIndex":"1503"}],"sampleFiles":["220721/cleandroid1tapclearcacheandphonecleaner-220720/8.6/Samples/CleanDroid1TapClearCacheAndPhoneCleaner.apk"],"imageFiles":["220721/cleandroid1tapclearcacheandphonecleaner-220720/8.6/Images/ACR-103/ACR-103_Software.png","220721/cleandroid1tapclearcacheandphonecleaner-220720/8.6/Images/ACR-103/ACR-103_Software_1.png","220721/cleandroid1tapclearcacheandphonecleaner-220720/8.6/Images/ACR-014/ACR-014_Software.png","220721/cleandroid1tapclearcacheandphonecleaner-220720/8.6/Images/ACR-014/ACR-014_Software_1.png","220721/cleandroid1tapclearcacheandphonecleaner-220720/8.6/Images/ACR-014/ACR-014_Software_2.png"],"nonDeceptorImageFiles":[],"guid":"0f98d7e5-43f3-4358-a911-fd09ae885b1a_8.6_1","appID":"cleandroid1tapclearcacheandphonecleaner-220720","dateAdded":"220721","deceptorType":"Android App","name":"Clean Droid 1 Tap Clear Cache And Phone Cleaner","company":"Mobile Health Club","version":"8.6","sigName":"Deceptor:Android/CleanDroid1TapClearCacheAndPhoneCleaner!103014","lastKnownStatus":"8.6","lastKnownDate":"220721","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-21T23:02:53.1554087+00:00","notDistributed":false,"familyName":"FakeCleaner","numInFamily":6,"numInAppID":1,"sortOrder":1327},{"violations":{"ACR-103":"When the user selects search files, It says that it is cleaning malicious files and displays Files Deleted as 5 without details.  Repetitive “Search Files” (Cleaning) gives the same count as Files Deleted as 5. App has unverifiable value proposition.\n","ACR-014":"When the user selects search files, It says that it is cleaning malicious files and displays Files Deleted as 5 but does not substantiate. Repetitive “Search Files” (Cleaning) gives the same count as Files Deleted as 5, thus misleading the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"88a455720315d609c8380eeda483331c626853587b31bc0df9b790dc21d55df3","isInstaller":"True","productName":"com.cleanerultima.fastclean","fileVersion":"0.","hashMD5":"e20d799798b32d7e68b507486cc32047","hashSHA1":"6b669f8ae0611af3f242df54b21b7699906534a8","hashSHA256":"88a455720315d609c8380eeda483331c626853587b31bc0df9b790dc21d55df3","sourceIndex":"1502","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google play store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.cleanerultima.fastclean","ipv4":"","ipv6":"","sourceIndex":"1502"}],"sampleFiles":["220721/cleanphoneboosteroptimiz-220719/1.0.19/Samples/88a455720315d609c8380eeda483331c626853587b31bc0df9b790dc21d55df3.apk"],"imageFiles":["220721/cleanphoneboosteroptimiz-220719/1.0.19/Images/ACR-103/ACR-103_Software_1.png","220721/cleanphoneboosteroptimiz-220719/1.0.19/Images/ACR-103/ACR-103_Software_2.png","220721/cleanphoneboosteroptimiz-220719/1.0.19/Images/ACR-103/ACR-103_Software_3.png","220721/cleanphoneboosteroptimiz-220719/1.0.19/Images/ACR-014/ACR-014_Software_Misleading_2.png","220721/cleanphoneboosteroptimiz-220719/1.0.19/Images/ACR-014/ACR-014_Software_Misleading_3.png","220721/cleanphoneboosteroptimiz-220719/1.0.19/Images/ACR-014/ACR-014_Software_Misleading_4.png"],"nonDeceptorImageFiles":[],"guid":"f30caa10-cfaf-4cbe-be91-10b221421efa_1.0.19_1","appID":"cleanphoneboosteroptimiz-220719","dateAdded":"220721","deceptorType":"Android App","name":"Clean Phone Booster Optimiz","company":"Davit Shishmanashvili","version":"1.0.19","sigName":"Deceptor:Android/CleanPhoneBoosterOptimiz!103014","lastKnownStatus":"1.0.19","lastKnownDate":"220721","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-21T23:04:45.7187318+00:00","notDistributed":false,"familyName":"FakeCleaner","numInFamily":6,"numInAppID":1,"sortOrder":1326},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to rerun the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the previously declined offer repeatedly via its update and startup.\n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"AudioEditorDeluxe.exe","isInstaller":"True","companyName":"AudioEditorDeluxe Co., Ltd.                                 ","productName":"Audio Editor Deluxe   ","fileVersion":"0.0","hashMD5":"213ef9fab324abf4880e11b2fb59c106","hashSHA1":"a0386c0d08dc529022bd5114fb9ba139af76a48d","hashSHA256":"525909257e6f3370d1314967f47733256e0cb74972201207acfb1dc197b9579f","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1499","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","COMODO Antivirus (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Total AV Antivirus Pro (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"],"avAllowList":["Dr.Web Security Space (20220726)","Tencent PC Manager (20220726)","Trend Micro Internet Security (20220726)"]},{"isRevoked":"False","fileName":"AudioEditorDeluxe.exe","fileVersion":"0.0","hashMD5":"c1899a6f3c7b6935f4f6f3cce67a32b1","hashSHA1":"c3b76137c6976c48972c87093043058ace33491c","hashSHA256":"5833a7916d618bbce0540da27480801fa5b15217f97739a754ad0ad03180a767","sourceIndex":"1499","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: media downloads","reference":"","landingPage":"https://www.audioeditor.biz/features.html","directDownloadingLink":"http://www.audioeditor.biz/AudioEditorDeluxe.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.audioeditor.biz/AudioEditorDeluxe.exe","sourceIndex":"1499"}],"sampleFiles":["220721/AudioEditorDeluxe-220721/8.8.2.4/Samples/AudioEditorDeluxe-setup.exe","220721/AudioEditorDeluxe-220721/8.8.2.4/Samples/AudioEditorDeluxe.exe"],"imageFiles":["220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-109/ACR-109_039_048-RK_Setup.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-039/ACR-109_039_048-RK_Setup.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-047/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-047/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-048/ACR-109_039_048-RK_Setup.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-004/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-004/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-083/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-083/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-048/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-118/ACR-118_Retained_Components.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220721/AudioEditorDeluxe-220721/8.8.2.4/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"7e26c830-1ef7-42ef-9938-f6f63515c7e9_8.8.2.4_1","appID":"AudioEditorDeluxe-220721","dateAdded":"220721","deceptorType":"App","name":"Audio Editor Deluxe","company":"AudioEditorDeluxe Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220721","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2022-07-21T23:28:38.9613339+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1364},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the targerted consumer, which limits the targeted consumer's ability to close, delete, or uninstall the app. \n\n","ACR-007":"The app does not provide any notification to the targeted consumer. App allows installing consumer to enable stealth mode by hiding from windows screen while running in the background and continue screen recording.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it allows setting autostart at windows startup and invisibly screen recording using Hide+Win Startup button. \n\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting the remote screen link to. It does not inform the targeted consumer how it collects and archives recordings. It also uses a button in the app to set to start at windows startup and hide its presence from the unsuspecting user.\n"},"nonDeceptorViolations":{"ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy that includes the Name of the App in the Landing page and Software and Offer Page\n","ACR-167":"The App does not offer an at least 30-day refund.\n"},"samples":[{"isRevoked":"False","fileName":"wolfeye-RS-3.0.exe","isInstaller":"True","companyName":"wolfeye.de","productName":"Share your Screen!","productVersion":"1.00","fileVersion":"1.0","hashMD5":"7bebe57c5f1496edb0a870c327ae02c6","hashSHA1":"f97f4d7bb84cf2a9cef3b00f9aec993612f902ad","hashSHA256":"f26c14bfc640abf83b1d5de2a44a0f620e51a7d7786ce56a36906c4d5b9160ab","sourceIndex":"1500","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Tencent PC Manager (20220726)","Total AV Antivirus Pro (20220726)","Trend Micro Internet Security (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)","Windows Defender (20220726)"],"avAllowList":["COMODO Antivirus (20220726)","Dr.Web Security Space (20220726)","ESET Internet Security (20220726)","Webroot SecureAnywhere (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"related hunt ","reference":"wolfeye keylogger","landingPage":"https://www.wolfeye.de/us/","directDownloadingLink":"https://mega.nz/file/A0AXgC5B#Vs-VKvHo9kKjRDaoWVk2M4u4OcUt6CDHkGj09QucXDU","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/file/A0AXgC5B#Vs-VKvHo9kKjRDaoWVk2M4u4OcUt6CDHkGj09QucXDU","sourceIndex":"1500"}],"sampleFiles":["220721/WolfeyeRemoteScreen-220721/3.0/Samples/wolfeye-RS-3.0.exe"],"imageFiles":["220721/WolfeyeRemoteScreen-220721/3.0/Images/ACR-084/ACR-084_086_007-stealth_mode.jpg","220721/WolfeyeRemoteScreen-220721/3.0/Images/ACR-086/ACR-084_086_007-stealth_mode.jpg","220721/WolfeyeRemoteScreen-220721/3.0/Images/ACR-086/ACR-086_Email_URL-a.jpg","220721/WolfeyeRemoteScreen-220721/3.0/Images/ACR-048/ACR-084_086_007-stealth_mode.jpg","220721/WolfeyeRemoteScreen-220721/3.0/Images/ACR-007/ACR-084_086_007-stealth_mode.jpg"],"nonDeceptorImageFiles":["220721/WolfeyeRemoteScreen-220721/3.0/Images/ACR-035/Wolfeye_LandingPage.jpeg"],"guid":"e2a87d01-e1b5-4b67-a839-21e48d994cb0_3.0_1","appID":"WolfeyeRemoteScreen-220721","dateAdded":"220721","deceptorType":"App","name":"Wolfeye Remote Screen","company":"Wolfeye","version":"3.0","lastKnownStatus":"3.0","lastKnownDate":"220721","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2022-07-21T23:14:50.1293408+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1360},{"violations":{"ACR-109":"The app downloads \"\"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the previously declined offer repeatedly via its update and startup.\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeVideoConverterDeluxe.exe","fileVersion":"0.0","hashMD5":"c67308cb523907c0008633b02b9f0f65","hashSHA1":"29a1bb28a973e2e364102ea2abc02a3a04d15091","hashSHA256":"9a95cd9b10515f604a88760b682ceef62bdbed2eda5769cc643792fb821241f1","sourceIndex":"301","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeVideoConverterDeluxe-setup.exe","isInstaller":"True","companyName":"AudioEditorDeluxe, Inc.                                     ","productName":"Free Video Converter Deluxe        ","fileVersion":"0.0","hashMD5":"6840febbde72b3b5a766cf53cb03a0e2","hashSHA1":"b7216367079f875f127b8374e15dcd7ea028d23d","hashSHA256":"9aa7a40b1f636258c98d147341bbb5588698f0bf4ef4238f2cbe0e674434b6dc","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"301","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Total AV Antivirus Pro (20220726)","Trend Micro Internet Security (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"],"avAllowList":["COMODO Antivirus (20220726)","Dr.Web Security Space (20220726)","Tencent PC Manager (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: media downloads","reference":"","landingPage":"https://www.audioeditor.biz/features_freevideoconverterdeluxe.html","directDownloadingLink":"http://www.audioeditor.biz/FreeVideoConverterDeluxe.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.audioeditor.biz/FreeVideoConverterDeluxe.exe","sourceIndex":"301"}],"sampleFiles":["220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Samples/FreeVideoConverterDeluxe.exe","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Samples/FreeVideoConverterDeluxe-setup.exe"],"imageFiles":["220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-109/ACR-109_039_048-RK_Setup.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-039/ACR-109_039_048-RK_Setup.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-047/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-047/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-048/ACR-109_039_048-RK_Setup.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-004/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-004/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-083/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-118/ACR-118_Retained_Components.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220721/FreeVideoConverterDeluxe-220721/8.8.2.4/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"22d33f4d-4cde-4f6c-85c4-87ff3083c2e9_8.8.2.4_1","appID":"FreeVideoConverterDeluxe-220721","dateAdded":"220721","deceptorType":"App","name":"Free Video Converter Deluxe","company":"AudioEditorDeluxe Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241211","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps","lastUpdate":"2024-12-11T23:52:38.6188078+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1361},{"violations":{"ACR-109":"The app downloads \"\"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the previously declined offer repeatedly via its update and startup.\n\n","ACR-118":"At Uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeAudioRecorderDeluxe.exe","fileVersion":"0.0","hashMD5":"6044a5533d641eb8658efdbf17f3b04d","hashSHA1":"942456c367ea064878f0a23e67144dfa82d7a96d","hashSHA256":"f9b3dca3fa408c5268951bb2ea9defa5bbef7ebda5ae920c03597019a04b7c67","sourceIndex":"299","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioRecorderDeluxe-setup.exe","isInstaller":"True","companyName":"AudioEditorDeluxe Soft, Inc.                                ","productName":"Free Audio Recorder Deluxe            ","fileVersion":"0.0","hashMD5":"b7631741d8fe3eaf7e6ae9be39fba2a9","hashSHA1":"c211556a1ae081e84bc152a7f47630c318733c4e","hashSHA256":"042d598d48c9cb91023aafd346ddecd3d1b9a5aee94036a2cd0e8fb33ad53968","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"299","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","COMODO Antivirus (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Total AV Antivirus Pro (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"],"avAllowList":["Dr.Web Security Space (20220726)","Tencent PC Manager (20220726)","Trend Micro Internet Security (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: media downloads","reference":"","landingPage":"https://www.audioeditor.biz/features_freeaudiorecorderdeluxe.html","directDownloadingLink":"http://www.audioeditor.biz/FreeAudioRecorderDeluxe.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.audioeditor.biz/FreeAudioRecorderDeluxe.exe","sourceIndex":"299"}],"sampleFiles":["220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Samples/FreeAudioRecorderDeluxe.exe","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Samples/FreeAudioRecorderDeluxe-setup.exe"],"imageFiles":["220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-109/ACR-109_039_048-RK_Setup.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-039/ACR-109_039_048-RK_Setup.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-048/ACR-109_039_048-RK_Setup.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-004/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-004/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-083/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-048/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-118/ACR-118_Retained_Components.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220721/FreeAudioRecorderDeluxe-220721/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":[],"guid":"862f3462-ea41-4e22-a15f-1a1bda5de496_8.8.2.4_1","appID":"FreeAudioRecorderDeluxe-220721","dateAdded":"220721","deceptorType":"App","name":"Free Audio Recorder Deluxe","company":"AudioEditorDeluxe Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241211","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-12-11T23:55:42.2731916+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1362},{"violations":{"ACR-109":"The app downloads \"\"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to rerun the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “\"rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the previously declined offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeAudioConverterDeluxe.exe","fileVersion":"0.0","hashMD5":"c67308cb523907c0008633b02b9f0f65","hashSHA1":"29a1bb28a973e2e364102ea2abc02a3a04d15091","hashSHA256":"9a95cd9b10515f604a88760b682ceef62bdbed2eda5769cc643792fb821241f1","sourceIndex":"300","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConverterDeluxe-setup.exe","isInstaller":"True","companyName":"AudioEditorDeluxe, Inc.                                     ","productName":"Free Audio Converter Deluxe     ","fileVersion":"0.0","hashMD5":"d9228c975f28ae2b7992dafd27757f34","hashSHA1":"e7a8c1ceafb0048ac0d5d154928c06cc31087c9d","hashSHA256":"2c17639da16fcf19026649d421080ee91c03c5fa3ccdf05f1b4d70cbeaac62fe","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"300","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Total AV Antivirus Pro (20220726)","Trend Micro Internet Security (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"],"avAllowList":["COMODO Antivirus (20220726)","Dr.Web Security Space (20220726)","Tencent PC Manager (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: media downloads","reference":"","landingPage":"https://www.audioeditor.biz/features_freevideoconverterdeluxe.html","directDownloadingLink":"http://www.audioeditor.biz/FreeVideoConverterDeluxe.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.audioeditor.biz/FreeVideoConverterDeluxe.exe","sourceIndex":"300"}],"sampleFiles":["220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Samples/FreeAudioConverterDeluxe.exe","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Samples/FreeAudioConverterDeluxe-setup.exe"],"imageFiles":["220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-109/ACR-109_039_048-RK_Setup.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-039/ACR-109_039_048-RK_Setup.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-047/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-047/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-048/ACR-109_039_048-RK_Setup.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-004/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-004/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-083/ACR-003_004_047_048_083-RK_UpdatePrompt_startup.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-083/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-048/ACR-003_004_047_048_083-RK_UpdatePrompt.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-118/ACR-118_Retained_Components.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220721/FreeAudioConverterDeluxe-220721/8.8.2.4/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"9baa7b57-c762-41cc-ad07-97556f5fec72_8.8.2.4_1","appID":"FreeAudioConverterDeluxe-220721","dateAdded":"220721","deceptorType":"App","name":"Free Audio Converter Deluxe","company":"AudioEditorDeluxe Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"241211","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-12-11T23:53:57.7995457+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1363},{"violations":{"ACR-103":"When the user clicks on the clean junk button, it displays the junk file size to be cleaned but, after cleaning, if the clean option is selected again it displays a different junk file size, thus unable to verify the app's value proposition.\n","ACR-014":"When the user clicks on the clean junk button, it displays the junk file size to be cleaned but, after cleaning, if the clean option is selected again it displays a different junk file size to be cleaned. No matter how many times perform clean ( click clean button to do junk clean) it displays some MBs to be cleaned for every single attempt, providing no details for the junk file cleaned. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PowerFileManagerAndCleaner.apk","isInstaller":"True","productName":"\tcom.power.explorer.clean.files.manager","fileVersion":"0.","hashMD5":"2f68dcaf035ab8a3d0f603ecc4e5d3c1","hashSHA1":"d2aef14a454599762ad98019fa86e4adb6a38888","hashSHA256":"8c9ad8a5cdd1b8fb30df79c2a33e0617ead4493ab60d08bb4d77785741cbe1d8","sourceIndex":"1501","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Play Store","reference":"","landingPage":"https://play.google.com/store/apps/details?id=com.power.explorer.clean.files.manager","ipv4":"","ipv6":"","sourceIndex":"1501"}],"sampleFiles":["220721/powerfilemanagerandcleaner-220720/1.0.26/Samples/PowerFileManagerAndCleaner.apk"],"imageFiles":["220721/powerfilemanagerandcleaner-220720/1.0.26/Images/ACR-103/ACR-103_Software.png","220721/powerfilemanagerandcleaner-220720/1.0.26/Images/ACR-103/ACR-103_Software_1.png","220721/powerfilemanagerandcleaner-220720/1.0.26/Images/ACR-014/ACR-014_Software.png","220721/powerfilemanagerandcleaner-220720/1.0.26/Images/ACR-014/ACR-014_Software_1.png"],"nonDeceptorImageFiles":[],"guid":"e448946f-23f4-4664-be9e-32787de0974b_1.0.26_1","appID":"powerfilemanagerandcleaner-220720","dateAdded":"220721","deceptorType":"Android App","name":"Power File Manager And Cleaner","company":"sunny66746167@gmail.com","version":"1.0.26","sigName":"Deceptor:Android/PowerFileManagerAndCleaner!103014","lastKnownStatus":"1.0.26","lastKnownDate":"220721","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-21T23:10:31.1107103+00:00","notDistributed":false,"familyName":"FakeCleaner","numInFamily":6,"numInAppID":1,"sortOrder":1325},{"violations":{"ACR-055":"The accept/decline of the offer (AdGuard) is not obvious to consumer. \n","ACR-155":"The optional offer is inserted to masquerade as part of the installation flow. \n\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-120":"At uninstall, it attempts to re-advertise the same app and how to get it in full version for free, along with many other offers. \n\n","ACR-054":"Offer is checked by default. User needs to take additional action to decline the offer. \n","ACR-068":"The app's overall offer needs to be clear, understandable and consistent to the consumer. Information about Upgrade Policy after installation denies what it says in the License Agreement.\n"},"samples":[{"isRevoked":"False","fileName":"AudioJoiner.exe","companyName":"Magic Audio Tools","productName":"Magic Audio Joiner","productVersion":"2.9.6.1287","fileVersion":"2.9.6.1287","hashMD5":"15c7ad365ddee6482e4fc8e99a6bc9ee","hashSHA1":"f53937ee2a0d1eac7137764074bf1a8ba9f051af","hashSHA256":"b613f892918f2712204325d865e2826e80c4faf8d90d0df0b1840317e9876374","sourceIndex":"1507","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"magic-audio-joiner.exe","isInstaller":"True","companyName":"Magic Audio Tools                                           ","productName":"Magic Audio Joiner    ","fileVersion":"2.9.4","hashMD5":"40b8c1b36b0bc48140acef10f7a3f2dd","hashSHA1":"44183b56ea16476eb77e5dcc87677d64b0179120","hashSHA256":"1b1d773dafeac1ebb920e3dee431aea3f96359d6d502249f6b3487a86b384a83","sourceIndex":"1507","avBlockList":["360 Total Security (20220726)","Avira Internet Security (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Total AV Antivirus Pro (20220726)","VirIT eXplorer PRO (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"],"avAllowList":["Avast Premium Security (20220726)","AVG Internet Security (20220726)","Bitdefender Internet Security (20220726)","COMODO Antivirus (20220726)","Dr.Web Security Space (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Tencent PC Manager (20220726)","Trend Micro Internet Security (20220726)","VIPRE Advanced Security (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: media downloads","reference":"","landingPage":"https://www.magicaudiotools.com/magic-audio-joiner","directDownloadingLink":"https://www.magicaudiotools.com/downloads/magic-audio-joiner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magicaudiotools.com/downloads/magic-audio-joiner.exe","sourceIndex":"1507"}],"sampleFiles":["220720/MagicAudioJoiner-220720/2.9.6.1287/Samples/AudioJoiner.exe","220720/MagicAudioJoiner-220720/2.9.6.1287/Samples/magic-audio-joiner.exe"],"imageFiles":["220720/MagicAudioJoiner-220720/2.9.6.1287/Images/ACR-055/Offer.JPG","220720/MagicAudioJoiner-220720/2.9.6.1287/Images/ACR-155/Offer.JPG"],"nonDeceptorImageFiles":["220720/MagicAudioJoiner-220720/2.9.6.1287/Images/ACR-065/ACR-065_No_Links_to_Docs.jpg","220720/MagicAudioJoiner-220720/2.9.6.1287/Images/ACR-120/ACR-120_get_full_version_for_free.jpg","220720/MagicAudioJoiner-220720/2.9.6.1287/Images/ACR-054/Offer.JPG","220720/MagicAudioJoiner-220720/2.9.6.1287/Images/ACR-068/ACR-068_Inconsistent_Updrade_Policy.jpg","220720/MagicAudioJoiner-220720/2.9.6.1287/Images/ACR-068/ACR-068_Inconsistent_Updrade_Policy-b.jpg"],"guid":"8b7b8a27-25f6-4faa-acac-db0803b11b18_2.9.6.1287_1","appID":"MagicAudioJoiner-220720","dateAdded":"220720","deceptorType":"App","name":"Magic Audio Joiner","company":"Magic Audio Tools","version":"2.9.6.1287","lastKnownStatus":"2.9.6.1287","lastKnownDate":"220720","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-07-20T20:17:00.8574322+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1368},{"violations":{"ACR-007":"It allows the consumer to enable stealth mode as it records everything. It runs in the background and leaves components running in the process using different logo which makes their relationship with the app not clearly identifiable.\n","ACR-084":"After closing the control window, the app continues to run in the background and record everything.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The Original filename, Company name, Product name, Product version, File version for all the executables is not available/consistent.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy that includes the Name of the App in the Landing page and Software and Offer Page\n","ACR-167":"The App does not offer an at least 30-day refund.\n","ACR-068":"Details about the subscription is not clearly stated in the Internal Offer Page.\n"},"samples":[{"isRevoked":"False","fileName":"wolfeye_4.1.exe","isInstaller":"True","companyName":"Wolfeye Keylogger","productName":"Wolfeye Keylogger","productVersion":"1.00","fileVersion":"1.00","hashMD5":"c43ddc8d75bc05cebb70b542547d4013","hashSHA1":"b0115cac52e152dd42c49ed573efe6f51bf38cb7","hashSHA256":"96a27cda21a626352bbaf118114864642e9d5a6c866ea878ab8341a8f0eb14ae","sourceIndex":"302","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","COMODO Antivirus (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","K7 Total Security (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Tencent PC Manager (20220726)","Total AV Antivirus Pro (20220726)","Trend Micro Internet Security (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"],"avAllowList":["Dr.Web Security Space (20220726)","Panda Dome (20220726)"]},{"isRevoked":"False","fileName":"c.exe","companyName":"BKHN","productName":"Project1","productVersion":"1.00","fileVersion":"1.00","hashMD5":"907795597b7085340a13cce49284842a","hashSHA1":"8cf6e31a787732d42b0747f259c22b71be8c2dfb","hashSHA256":"b767e8ed801fb26602f40b74e03a52916b2873f7d350cad74e59e76af18ae81d","sourceIndex":"302","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"k.exe","fileVersion":"0.0","hashMD5":"f0cad874322582210043e8f12de78fb3","hashSHA1":"fd2316a26fd2445d3fdde5e33d5aa537f522f875","hashSHA256":"060b658db5ef91da154a3340aae16120ca7746011ae83d144543951cc35a5467","sourceIndex":"302","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"m.exe","companyName":"BKHN","productName":"Project1","productVersion":"1.00","fileVersion":"1.00","hashMD5":"dfb4f13bf77264d4d5794fb0f5789b0a","hashSHA1":"acad8ae5168b71e2b68a99b39fb28d28ab29eec3","hashSHA256":"ba43e8a056a21bf0abd11e6d71fc0feaf02784a14ea4449187e8a391565140c5","sourceIndex":"302","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"s.exe","companyName":"Edgemeal","productName":"DeskTop_To_JPG","productVersion":"3.00","fileVersion":"3.00","hashMD5":"f0770c4d7f0566220cb828d4164b24ff","hashSHA1":"058fa53e3060d73e834676747ef4a1688a45de5b","hashSHA256":"6a84fe667875f11539d3212f8cdfef19605c7cfe6cbc1e8aedd1206cfd275c63","sourceIndex":"302","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searched keyloggers","reference":"","landingPage":"https://www.wolfeye.de/keylogger-us/","directDownloadingLink":"https://mega.nz/file/89xDwKzK#_IgI4zs2av1eMR-IqxY1qAq6UJBN5Aiizw0uItpEBmE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/file/89xDwKzK#_IgI4zs2av1eMR-IqxY1qAq6UJBN5Aiizw0uItpEBmE","sourceIndex":"302"}],"sampleFiles":["220720/WolfeyeKeylogger-220718/4.0/Samples/wolfeye_4.1.exe","220720/WolfeyeKeylogger-220718/4.0/Samples/c.exe","220720/WolfeyeKeylogger-220718/4.0/Samples/k.exe","220720/WolfeyeKeylogger-220718/4.0/Samples/m.exe","220720/WolfeyeKeylogger-220718/4.0/Samples/s.exe"],"imageFiles":["220720/WolfeyeKeylogger-220718/4.0/Images/ACR-084/ACR-084_007_runs_in_background.jpg","220720/WolfeyeKeylogger-220718/4.0/Images/ACR-007/ACR-084_007_runs_in_background.jpg"],"nonDeceptorImageFiles":["220720/WolfeyeKeylogger-220718/4.0/Images/ACR-038/ACR-038_unidentifiable_components.jpg","220720/WolfeyeKeylogger-220718/4.0/Images/ACR-035/WolfeyeKeylogger_LandingPage.jpeg","220720/WolfeyeKeylogger-220718/4.0/Images/ACR-068/WolfEyeKeylogger-InternaOffer.jpeg"],"guid":"c5cbb58c-e0d9-43a1-8ca3-fa31ea7cf2e6_4.0_1","appID":"WolfeyeKeylogger-220718","dateAdded":"220720","deceptorType":"App","name":"Wolfeye Keylogger","company":"Wolfeye Keylogger","version":"4.0","lastKnownStatus":"4.0","lastKnownDate":"241211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2024-12-11T23:50:48.4840658+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1365},{"violations":{"ACR-055":"The accept/decline of the offer (AdGuard) is not obvious to consumer.\n","ACR-155":"The optional offer is inserted to masquerade as part of the installation flow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-120":"In an attempt to uninstall, it re-advertise the same app and how to get it in full version for free along with many other offers.\n","ACR-068":"The app's overall offer needs to be clear, understandable and consistent to the consumer. Information about Upgrade Policy after install denies what it says in the License Agreement.\n"},"samples":[{"isRevoked":"False","fileName":"MagicAudioConverterCDRipper.exe","companyName":"Digital Music Software","productName":"Magic Audio Converter and CD Ripper                         ","productVersion":"2.7.21.1303","fileVersion":"2.7.21.1303","hashMD5":"5ff109408120be7244a5b9f1ef56ace0","hashSHA1":"a7b535ca649816da4283752e02d610b03ce66fb9","hashSHA256":"59cb5f9eb6e284221f0aeae443731fae9eefed7450c5d3563af3950f0e167845","sourceIndex":"1506","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"magic-audio-converter-cd-ripper.exe","isInstaller":"True","companyName":"Magic Audio Tools                                           ","productName":"Magic Audio Converter and CD Ripper                         ","productVersion":"","fileVersion":"2.7.21      ","hashMD5":"c5852b4e9ac2a5bb15a12d17a9e29f6d","hashSHA1":"4f68964c68e17ae719e4a3b8908dd393f2d18383","hashSHA256":"734b998cf1126d839139aaa0c8f4f7b641fa7614a69a2cb8f3bb68b1dcdca329","sourceIndex":"1506","avBlockList":["Avira Internet Security (20220726)","COMODO Antivirus (20220726)","K7 Total Security (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Total AV Antivirus Pro (20220726)","VirIT eXplorer PRO (20220726)","Windows Defender (20220726)"],"avAllowList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Bitdefender Internet Security (20220726)","Dr.Web Security Space (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","Panda Dome (20220726)","Quick Heal Internet Security (20220726)","Tencent PC Manager (20220726)","Trend Micro Internet Security (20220726)","VIPRE Advanced Security (20220726)","Webroot SecureAnywhere (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search:  media downloads","reference":"","landingPage":"https://www.magicaudiotools.com/magic-audio-converter-and-cd-ripper","directDownloadingLink":"https://www.magicaudiotools.com/downloads/magic-audio-converter-cd-ripper.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.magicaudiotools.com/downloads/magic-audio-converter-cd-ripper.exe","sourceIndex":"1506"}],"sampleFiles":["220720/MagicAudioConverterandCDRipper-220720/2.7.21.1303/Samples/MagicAudioConverterCDRipper.exe","220720/MagicAudioConverterandCDRipper-220720/2.7.21.1303/Samples/magic-audio-converter-cd-ripper.exe"],"imageFiles":["220720/MagicAudioConverterandCDRipper-220720/2.7.21.1303/Images/ACR-055/Offer.JPG","220720/MagicAudioConverterandCDRipper-220720/2.7.21.1303/Images/ACR-155/Offer.JPG"],"nonDeceptorImageFiles":["220720/MagicAudioConverterandCDRipper-220720/2.7.21.1303/Images/ACR-065/ACR-065_Links_to_Docs.jpg","220720/MagicAudioConverterandCDRipper-220720/2.7.21.1303/Images/ACR-120/ACR-120_Uninstall_OfferFree.jpg","220720/MagicAudioConverterandCDRipper-220720/2.7.21.1303/Images/ACR-068/ACR-068_Inconsistent_Updrade_Policy.jpg","220720/MagicAudioConverterandCDRipper-220720/2.7.21.1303/Images/ACR-068/ACR-068_Inconsistent_Updrade_Policy-b.jpg"],"guid":"a1d0bcfa-bad1-448f-bed2-e9f10bc55b0a_2.7.21.1303_1","appID":"MagicAudioConverterandCDRipper-220720","dateAdded":"220720","deceptorType":"App","name":"Magic Audio Converter and CD Ripper","company":"Magic Audio Tools","version":"2.7.21.1303","lastKnownStatus":"2.7.21.1303","lastKnownDate":"220720","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-07-20T20:24:34.0651611+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1369},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a Hidden folder as “PW2” in Program Files Directory.\n","ACR-065":"The app's install does not provide links to the Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the Returns and Cancellations Policy.\n","ACR-002":"1. The App's version is not consistent between App interaction and its install  (version 2.105 vs version 2.103). \n\n1.\tThe App shows different names as \"setup.exe\" in the running service/apps section.\n2.\tThe App's version is not consistent between App interaction and its install  (version 2.105 vs version 2.103). \n\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"pl.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9f782c10b746267367c797645eb9eace","hashSHA1":"ffb90a3ee6b30e86a3869bfe0247606f2649f4eb","hashSHA256":"db8664895fbc7596c78ace920f7371a1b8694736fbbfea40770b01bbb5a85091","sourceIndex":"303","avBlockList":["360 Total Security (20210311)","Avast Premium Security (20210311)","AVG Internet Security (20210311)","Avira Internet Security (20210311)","Bitdefender Internet Security (20210311)","COMODO Antivirus (20210311)","Dr.Web Security Space (20210311)","ESET Internet Security (20210311)","G DATA INTERNET SECURITY (20210311)","K7 Total Security (20210311)","Kaspersky Internet Security (20210311)","Malwarebytes Premium (20210311)","McAfee Total Protection (20210311)","Norton Security (20210311)","Panda Dome (20210311)","Quick Heal Internet Security (20210311)","Sophos Home Premium (20210311)","SpyHunter5 (20210311)","Tencent PC Manager (20210311)","Total AV Antivirus Pro (20210311)","Trend Micro Internet Security (20210311)","VIPRE Advanced Security (20210311)","VirIT eXplorer PRO (20210311)","Webroot SecureAnywhere (20210311)","Windows Defender (20210311)"],"avAllowList":[]},{"isRevoked":"False","fileName":"pl.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"54091f1155fb2872a608e6575d10f5f505380b02bb75cb6cd14179a541bf2feb","sourceIndex":"303","avBlockList":["360 Total Security (20210311)","Avast Premium Security (20210311)","AVG Internet Security (20210311)","Avira Internet Security (20210311)","Bitdefender Internet Security (20210311)","COMODO Antivirus (20210311)","Dr.Web Security Space (20210311)","ESET Internet Security (20210311)","G DATA INTERNET SECURITY (20210311)","K7 Total Security (20210311)","Kaspersky Internet Security (20210311)","Malwarebytes Premium (20210311)","McAfee Total Protection (20210311)","Norton Security (20210311)","Panda Dome (20210311)","Quick Heal Internet Security (20210311)","Sophos Home Premium (20210311)","SpyHunter5 (20210311)","Tencent PC Manager (20210311)","Total AV Antivirus Pro (20210311)","Trend Micro Internet Security (20210311)","VIPRE Advanced Security (20210311)","Webroot SecureAnywhere (20210311)","Windows Defender (20210311)","VirIT eXplorer PRO (20210311)"],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","fileVersion":"2.103","hashMD5":"95476219d63561d62d364b922bb73e65","hashSHA1":"2c94bdf1497441ad99bcee9ce228db159de99038","hashSHA256":"c282b6909e04322164c14a476688cee190751c76d18cf7e737671d65b563e585","sourceIndex":"303","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"load[2].exe","fileVersion":"1.0","hashMD5":"86adc754b59c09ae4a17df6947eaac14","hashSHA1":"4b34e108e03165604401660e82bca78c297b9ec8","hashSHA256":"7895b8c9dbdc21c1070b05e4b169ac8dd9651e40baeda46fa605d6d83111bffb","sourceIndex":"303","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pl [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"71d558a2507390996236ae64c0316f57","hashSHA1":"67ad0e7eb0518956e96636e0dff8947a4b950cd1","hashSHA256":"3e0fefa19760084be9bbc19341d855f4e4c9fe9dfde1b2d64cbf8a68b3e22cce","sourceIndex":"303","avBlockList":["360 Total Security (20210323)","Avast Premium Security (20210323)","AVG Internet Security (20210323)","Avira Internet Security (20210323)","Bitdefender Internet Security (20210323)","Dr.Web Security Space (20210323)","ESET Internet Security (20210323)","G DATA INTERNET SECURITY (20210323)","K7 Total Security (20210323)","Malwarebytes Premium (20210323)","McAfee Total Protection (20210323)","Norton Security (20210323)","Panda Dome (20210323)","Quick Heal Internet Security (20210323)","Sophos Home Premium (20210323)","SpyHunter5 (20210323)","Tencent PC Manager (20210323)","Total AV Antivirus Pro (20210323)","VIPRE Advanced Security (20210323)","VirIT eXplorer PRO (20210323)","Webroot SecureAnywhere (20210323)","Windows Defender (20210323)"],"avAllowList":["COMODO Antivirus (20210323)","Kaspersky Internet Security (20210323)","Trend Micro Internet Security (20210323)"]},{"isRevoked":"False","fileName":"pl [3].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f1706cfc93570315aecb700c2decef6b","hashSHA1":"e18f7bae636b2aa2f9e23e1e09be48cc06d40fb1","hashSHA256":"114fce08a5f149fa02f50f1899a4d28c6c60b8191a3937f8957a8e8ee9618144","sourceIndex":"303","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup [3].exe","fileVersion":"2.103","hashMD5":"aa083dd572d013e247e912bbe9c3bc60","hashSHA1":"2677f0c9994059b009db3fc08ce60aaa2b93e608","hashSHA256":"d48ba65d90fda8fb67478a7e81d697e2ab00754a79f02e310c649bd660a15dd4","sourceIndex":"303","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://ematrixsoft.com/index.php","landingPage":"https://ematrixsoft.com/power-spy-lite.php","directDownloadingLink":"http://4.4.ematrixsoft.com/1/pl.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://4.4.ematrixsoft.com/1/pl.zip","sourceIndex":"303"}],"sampleFiles":["220720/PowerSpyLite-201005/2.105/Samples/pl.exe","220720/PowerSpyLite-201005/2.105/Samples/pl.zip","220720/PowerSpyLite-201005/2.105/Samples/setup.exe","220720/PowerSpyLite-201005/2.105/Samples/load[2].exe","220720/PowerSpyLite-201005/2.105/Samples/pl [2].exe","220720/PowerSpyLite-201005/2.105/Samples/pl [3].exe","220720/PowerSpyLite-201005/2.105/Samples/setup [3].exe"],"imageFiles":["220720/PowerSpyLite-201005/2.105/Images/ACR-084/PowerSpyLite_Interactions [2] HotKey.png","220720/PowerSpyLite-201005/2.105/Images/ACR-084/PowerSpyLite_Settings [3] Password.png","220720/PowerSpyLite-201005/2.105/Images/ACR-084/PowerSpyLite_Settings [4] Password.png","220720/PowerSpyLite-201005/2.105/Images/ACR-084/PowerSpyLite_Interactions [4] Configuration.png","220720/PowerSpyLite-201005/2.105/Images/ACR-086/PowerSpyLite_Interactions [2] HotKey.png","220720/PowerSpyLite-201005/2.105/Images/ACR-086/PowerSpyLite_Interactions [3] Logs.png","220720/PowerSpyLite-201005/2.105/Images/ACR-086/PowerSpyLite_Interactions [4] Configuration.png","220720/PowerSpyLite-201005/2.105/Images/ACR-086/PowerSpyLite_Interactions [5] Configuration.png","220720/PowerSpyLite-201005/2.105/Images/ACR-086/PowerSpyLite_Interactions [6] Configuration.png","220720/PowerSpyLite-201005/2.105/Images/ACR-086/PowerSpyLite_Interactions [7] Configuration.png","220720/PowerSpyLite-201005/2.105/Images/ACR-086/PowerSpyLite_Settings [3] Password.png","220720/PowerSpyLite-201005/2.105/Images/ACR-086/PowerSpyLite_Settings [4] Password.png","220720/PowerSpyLite-201005/2.105/Images/ACR-048/PowerSpyLite_Interactions [2] HotKey.png","220720/PowerSpyLite-201005/2.105/Images/ACR-048/PowerSpyLite_Settings [3] Password.png","220720/PowerSpyLite-201005/2.105/Images/ACR-048/PowerSpyLite_Settings [4] Password.png","220720/PowerSpyLite-201005/2.105/Images/ACR-048/PowerSpyLite_Interactions [4] Configuration.png","220720/PowerSpyLite-201005/2.105/Images/ACR-007/PowerSpyLite_Interactions [2] HotKey.png","220720/PowerSpyLite-201005/2.105/Images/ACR-007/PowerSpyLite_Settings [3] Password.png","220720/PowerSpyLite-201005/2.105/Images/ACR-007/PowerSpyLite_Settings [4] Password.png","220720/PowerSpyLite-201005/2.105/Images/ACR-007/PowerSpyLite_Interactions [4] Configuration.png","220720/PowerSpyLite-201005/2.105/Images/ACR-116/PowerSpyLite_ControlPanel [1].png"],"nonDeceptorImageFiles":["220720/PowerSpyLite-201005/2.105/Images/ACR-038/PowerSpyLite_Installer [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-040/PowerSpyLite_FileComponents [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_Installs [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_Installs [2].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_Installs [3].png","220720/PowerSpyLite-201005/2.105/Images/ACR-002/PowerSpyLite_Installs [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-002/PowerSpyLite_About [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-157/PowerSpyLite_MainExecutableUnsigned [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_About [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_Interactions [1] .png","220720/PowerSpyLite-201005/2.105/Images/ACR-002/PowerSpyLite_Running Process [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-002/PowerSpyLite_About [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-002/PowerSpyLite_Installs [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_LandingPage [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_LandingPage [2].png","220720/PowerSpyLite-201005/2.105/Images/ACR-099/PowerSpyLite_LandingPage [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-099/PowerSpyLite_LandingPage [2].png","220720/PowerSpyLite-201005/2.105/Images/ACR-166/PowerSpyLite_OfferPage [2].png","220720/PowerSpyLite-201005/2.105/Images/ACR-166/PowerSpyLite_OfferPage [3].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_OfferPage [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-065/PowerSpyLite_OfferPage [2].png","220720/PowerSpyLite-201005/2.105/Images/ACR-099/PowerSpyLite_OfferPage [1].png","220720/PowerSpyLite-201005/2.105/Images/ACR-099/PowerSpyLite_OfferPage [2].png"],"guid":"92aad110-6abc-42a0-9d6a-cc5eeaa1f221_2.105_1","appID":"PowerSpyLite-201005","dateAdded":"220720","deceptorType":"App","name":"Power Spy Lite ","company":"EMATRIXSOFT, Inc","version":"2.105","sigName":"Deceptor:Win32/PowerSpyLiteStalkerware!084086048007116","lastKnownStatus":"2.105;2.105.3","lastKnownDate":"241211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:16.5913212+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1366},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a Hidden folder as “PW2” in Program Files Directory.\n","ACR-065":"The app's install does not provide links to the Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the Returns and Cancellations Policy.\n","ACR-002":"The App's version is inconsistent between the software and its installation (version 2.105.3 vs version 2.103). \n\n1. The App shows a different name as \"setup.exe\" in the running service/apps section.\n2. The App's version is inconsistent between the software and its installation (version 2.105.3 vs version 2.103). \n\n","ACR-092":"The app does not provide Digital signatures for the installer & executables.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PW2\\setup.exe","companyName":"","productName":"0","productVersion":"2.103","fileVersion":"2.103","hashMD5":"f939522473e4b21462e5beb5aa74a52b","hashSHA1":"928ce5ef90ab2c941dcdc588f65e10ac3ed1f1d2","hashSHA256":"041b8e7cf2fdf10dc8be966844df996adddd209a5f1cf79daecd8d0feea6f3e1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"304","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pl.exe","isInstaller":"True","companyName":"                                                            ","productName":"                                                            ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"af35ae4a9756a343354689b39ac41e50","hashSHA1":"b95baa63201dd36643a6b89485cba9fe78de3224","hashSHA256":"e7a89a248aa1fd43f6b67347e90850508d385be1278ec91e6b6bba9d0579191d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"304","avBlockList":["360 Total Security (20220726)","Avast Premium Security (20220726)","AVG Internet Security (20220726)","Avira Internet Security (20220726)","Bitdefender Internet Security (20220726)","COMODO Antivirus (20220726)","ESET Internet Security (20220726)","G DATA INTERNET SECURITY (20220726)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20220726)","McAfee Total Protection (20220726)","Norton Security (20220726)","Quick Heal Internet Security (20220726)","Sophos Home Premium (20220726)","SpyHunter5 (20220726)","Tencent PC Manager (20220726)","Total AV Antivirus Pro (20220726)","VIPRE Advanced Security (20220726)","VirIT eXplorer PRO (20220726)"],"avAllowList":["Dr.Web Security Space (20220726)","K7 Total Security (20220726)","Panda Dome (20220726)","Trend Micro Internet Security (20220726)","Webroot SecureAnywhere (20220726)","Windows Defender (20220726)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Keylogger","reference":"https://ematrixsoft.com/index.php","landingPage":"https://ematrixsoft.com/power-spy-lite.php","directDownloadingLink":"http://4.4.ematrixsoft.com/1/pl.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://4.4.ematrixsoft.com/1/pl.zip","sourceIndex":"304"}],"sampleFiles":["220720/PowerSpyLite-201005/2.105.3/Samples/pl.exe"],"imageFiles":["220720/PowerSpyLite-201005/2.105.3/Images/ACR-084/ACR-084.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-084/ACR-084_1.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-084/ACR-084_2.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-084/ACR-084_3.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-086/ACR-086.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-086/ACR-086_1.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-086/ACR-086_2.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-086/ACR-086_3.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-086/ACR-086_4.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-086/ACR-086_5.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-086/ACR-086_6.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-048/ACR-048.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-048/ACR-048_1.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-048/ACR-048_2.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-048/ACR-048_3.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-007/ACR-007.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-007/ACR-007_1.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-007/ACR-007_2.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-007/ACR-007_3.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["220720/PowerSpyLite-201005/2.105.3/Images/ACR-038/ACR-038.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-040/ACR-040.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-065/ACR-065.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-002/ACR-002.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-002/ACR-002_1.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-092/ACR-092.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-092/ACR-092_1.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-065/ACR-065_Software.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-002/ACR-002.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-002/ACR-002_1.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-002/ACR-002_2.JPG","220720/PowerSpyLite-201005/2.105.3/Images/ACR-065/ACR-065_Landingpage.jpg","220720/PowerSpyLite-201005/2.105.3/Images/ACR-099/ACR-099_Landingpage.jpg","220720/PowerSpyLite-201005/2.105.3/Images/ACR-166/ACR-166_InternalOffers.jpg","220720/PowerSpyLite-201005/2.105.3/Images/ACR-166/ACR-166_InternalOffers_1.jpg","220720/PowerSpyLite-201005/2.105.3/Images/ACR-065/ACR-065_InternalOffers.jpg","220720/PowerSpyLite-201005/2.105.3/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"92aad110-6abc-42a0-9d6a-cc5eeaa1f221_2.105.3_1","appID":"PowerSpyLite-201005","dateAdded":"220720","deceptorType":"App","name":"Power Spy Lite ","company":"EMATRIXSOFT, Inc","version":"2.105.3","lastKnownStatus":"2.105;2.105.3","lastKnownDate":"241211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:16.6351172+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1367},{"violations":{"ACR-048":"The app does not provide control to cancel the installation process completely, as it drops \"Atom SDK Installer\" even after canceling the installation.\nThe app does not provide any control or instruction about how to close the processes that runs silently in the background.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.purevpn.com/servers  and  https://www.purevpn.com/blog/vpn-server-in-uae/). \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.5.0.4","hashMD5":"1fc8e15ecdccd092c2b60a5eaa26fecd","hashSHA1":"ac5d2369e1212170349353b20f0b94d53df136a2","hashSHA256":"7913840ea7c8d233dff613e5f4a6f9198eca8425a7720b77596ef426a5d68ea1","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1511","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPNInstaller.exe","companyName":"","productName":"PureVPNInstaller","productVersion":"9.5.0.4","fileVersion":"9.5.0.4","hashMD5":"539909af0b3ebbc6657fc2a58aceb03d","hashSHA1":"588ac5a7dd7c2e26ce7868007b7f86bcc04256fb","hashSHA256":"93e19dd74fe4e9e805789b7c064b1e5e23122a29b0a7b6e232ead71d62441be1","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1511","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.5.0.4","fileVersion":"9.5.0.4","hashMD5":"2e403cd69b63725aad8f4566fad33e9f","hashSHA1":"5196df237c1a3f75bfcc4fa9526080eadd29edc8","hashSHA256":"6dccd6b3821086949cf9b70c39d4ba4a9b048053ae820a781c08bb45792ac2a7","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1511","avBlockList":["360 Total Security (20220719)","Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Bitdefender Internet Security (20220719)","COMODO Antivirus (20220719)","Dr.Web Security Space (20220719)","G DATA INTERNET SECURITY (20220719)","Sophos Home Premium (20220719)","SpyHunter5 (20220719)","Total AV Antivirus Pro (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)"],"avAllowList":["ESET Internet Security (20220719)","K7 Total Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","McAfee Total Protection (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Quick Heal Internet Security (20220719)","Tencent PC Manager (20220719)","Trend Micro Internet Security (20220719)","Webroot SecureAnywhere (20220719)","Windows Defender (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.purevpn.com/download/windows-vpn","directDownloadingLink":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1511"}],"sampleFiles":["220714/PureVPN-220322/9.5.0.4/Samples/purevpn_setup.exe"],"imageFiles":["220714/PureVPN-220322/9.5.0.4/Images/ACR-048/ACR-048_Install.mp4","220714/PureVPN-220322/9.5.0.4/Images/ACR-048/ACR-048_Software.JPG","220714/PureVPN-220322/9.5.0.4/Images/ACR-057/ACR-057_In-bundleOffers.JPG","220714/PureVPN-220322/9.5.0.4/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220714/PureVPN-220322/9.5.0.4/Images/ACR-155/ACR-155_In-bundleOffers.JPG","220714/PureVPN-220322/9.5.0.4/Images/ACR-055/ACR-055_In-bundleOffers.JPG"],"nonDeceptorImageFiles":["220714/PureVPN-220322/9.5.0.4/Images/ACR-018/ACR-018.JPG","220714/PureVPN-220322/9.5.0.4/Images/ACR-018/ACR-018_1.JPG"],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.5.0.4_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.5.0.4","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T19:54:20.2934328+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1370},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement (https://www.purevpn.com/order) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.purevpn.com/servers  and  https://www.purevpn.com/blog/vpn-server-in-uae/). \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.3.0.15","hashMD5":"b9bd00ecd0d502fb97c868b263116b61","hashSHA1":"158f767732f31e9eb0be2ae2fec14d3eed1ff9b1","hashSHA256":"b3570da082cd689204a64d7f4b9eda5df337bbf18e67149be50b4109ddc669b6","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1565","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPNInstaller.exe","companyName":"","productName":"PureVPNInstaller","productVersion":"9.3.0.15","fileVersion":"9.3.0.15","hashMD5":"25db0ecf824476e8089b8dc4075ea18f","hashSHA1":"b0691e79f4b1d4dcbf9262ec7801d8645eb39eb6","hashSHA256":"434e1da81b14b0d81922886724af2843efff687733b3c32a243790e432d916dc","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1565","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.3.0.15","fileVersion":"9.3.0.15","hashMD5":"7f9875671a479074a06abede5ca89efa","hashSHA1":"4e2399e0b7bc9e91530cd84c18b940d3d89ca079","hashSHA256":"346eb760a99b755c7d7fa300df4a7437a1badabeac62128824972e91aae21823","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1565","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://www.purevpn.com/download/windows-vpn","directDownloadingLink":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1565"}],"sampleFiles":["220608/PureVPN-220322/9.3.0.15/Samples/purevpn_setup.exe"],"imageFiles":["220608/PureVPN-220322/9.3.0.15/Images/ACR-039/ACR-039_Install.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-043/ACR-043_Install.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-043/ACR-043_Install_1.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-107/ACR-107_Install.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-042/ACR-042_Install.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-084/ACR-084_Software.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-048/ACR-048_Software.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-057/ACR-057_In-bundleOffers.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-155/ACR-155_In-bundleOffers.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-055/ACR-055_In-bundleOffers.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-017/ACR-017_InternalOffers.JPG"],"nonDeceptorImageFiles":["220608/PureVPN-220322/9.3.0.15/Images/ACR-018/ACR-018.JPG","220608/PureVPN-220322/9.3.0.15/Images/ACR-018/ACR-018_1.JPG"],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.3.0.15_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.3.0.15","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1371},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-046":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious for user.\n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide control to cancel the installation process. \nThe app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement (https://www.purevpn.com/order) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.purevpn.com/servers  and  https://www.purevpn.com/blog/vpn-server-in-uae/). \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.2.1.4","hashMD5":"f9ca6f9508ac7e36c4aa718e4b2334af","hashSHA1":"5123d511816fd905dd5acceb0c93abc0376bb0b7","hashSHA256":"b5eb03334088463d1f8d3eb5ab626ba961bfa5f58f504466a8133357f501e828","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1575","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPNInstaller.exe","companyName":"","productName":"PureVPNInstaller","productVersion":"9.2.1.4","fileVersion":"9.2.1.4","hashMD5":"720ce31e58dc316c615777c73eb14bd1","hashSHA1":"65babed0436b928d805f33cf0958ca070c91cbb3","hashSHA256":"d4e0e35da18bf8e4e8c38d75fe7657b722e863d219a8bf9a3cce4468698dcd3d","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1575","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.2.1.4","fileVersion":"9.2.1.4","hashMD5":"f7314adae47fb19c944a2cf2d512533b","hashSHA1":"d7b2bde4ab20543d36a30711d941b56e27d3b12c","hashSHA256":"93e49bfa259515e3c07846909d0aca292d11e9f203ad804237386f3dba756542","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1575","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN app","reference":"","landingPage":"https://www.purevpn.com/download/windows-vpn","directDownloadingLink":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1575"}],"sampleFiles":["220602/PureVPN-220322/9.2.1.4/Samples/purevpn_setup.exe"],"imageFiles":["220602/PureVPN-220322/9.2.1.4/Images/ACR-039/ACR-039_Install.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-043/ACR-043_Install.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-043/ACR-043_Install_1.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-046/ACR-046_Install.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-107/ACR-107_Install.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-042/ACR-042_Install.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-048/ACR-048_Install.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-084/ACR-084_Software.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-048/ACR-048_Software.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-118/ACR-118_Uninstall.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-118/ACR-118_Uninstall_1.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-057/ACR-057_In-bundleOffers.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-155/ACR-155_In-bundleOffers.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-055/ACR-055_In-bundleOffers.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-017/ACR-017_InternalOffers.JPG"],"nonDeceptorImageFiles":["220602/PureVPN-220322/9.2.1.4/Images/ACR-018/ACR-018.JPG","220602/PureVPN-220322/9.2.1.4/Images/ACR-018/ACR-018_1.JPG"],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.2.1.4_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.2.1.4","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1372},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-046":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious for user.\n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide control to cancel the installation process. \nThe app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement (https://www.purevpn.com/order) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.purevpn.com/servers  and  https://www.purevpn.com/blog/vpn-server-in-uae/). \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.2.1.3","hashMD5":"06cc9348421159018a8a33242d0d276b","hashSHA1":"b1cb38b52a1350bd507d93cb78642a45e955ca3a","hashSHA256":"34a234cd630bb9ddfad2be08a004b9ef82321ef2eb0ca87ee22984528b5ed71e","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1584","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPNInstaller.exe","companyName":"","productName":"PureVPNInstaller","productVersion":"9.2.1.3","fileVersion":"9.2.1.3","hashMD5":"4a3293794f09baa5e5cc0a0c80c415c0","hashSHA1":"9955b11bdfeeef80535af6a0370a4e143864fc04","hashSHA256":"ececd79ba02b39d8ea83a41f189c7c0c3c2282161488feab9895515b5ef4d7cf","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1584","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.2.1.3","fileVersion":"9.2.1.3","hashMD5":"40a64482910b8d8057cc1dc48e867fd9","hashSHA1":"48b1731e03601af5075bfedd3b7d58888748f539","hashSHA256":"a37e2d3d9684d5389306ead6b0e36f2ac571cfbddf374fd6036999dfba1086e0","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1584","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.purevpn.com/download/windows-vpn","directDownloadingLink":"https://purevpn-dialer-assets.s3.amazonaws.com/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://purevpn-dialer-assets.s3.amazonaws.com/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1584"}],"sampleFiles":["220531/PureVPN-220322/9.2.1.3/Samples/purevpn_setup.exe"],"imageFiles":["220531/PureVPN-220322/9.2.1.3/Images/ACR-039/ACR-039_Install.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-043/ACR-043_Install.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-043/ACR-043_Install_1.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-046/ACR-046_Install.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-107/ACR-107_Install.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-042/ACR-042_Install.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-048/ACR-048_Install.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-084/ACR-084_Software.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-048/ACR-048_Software.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-118/ACR-118_Uninstall.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-118/ACR-118_Uninstall_1.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-057/ACR-057_In-bundleOffers.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-155/ACR-155_In-bundleOffers.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-055/ACR-055_In-bundleOffers.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-017/ACR-017_InternalOPffers.JPG"],"nonDeceptorImageFiles":["220531/PureVPN-220322/9.2.1.3/Images/ACR-018/ACR-018.JPG","220531/PureVPN-220322/9.2.1.3/Images/ACR-018/ACR-018_1.JPG"],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.2.1.3_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.2.1.3","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1373},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-046":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious for user.\n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide control to cancel the installation process. \nThe app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement (https://www.purevpn.com/order) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-018":"The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.purevpn.com/servers  and  https://www.purevpn.com/blog/vpn-server-in-uae/). \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.2.1.1","hashMD5":"aaced95cb0475d1734d35c10591f2173","hashSHA1":"09066a9cc015a80aa79ee0af8f1e19f626ab8695","hashSHA256":"ac23e0731fe7a09a49a3de49e5d53555a7add297c21e825658aeb81351a763f9","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1595","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPNInstaller.exe","companyName":"","productName":"PureVPNInstaller","productVersion":"9.2.1.1","fileVersion":"9.2.1.1","hashMD5":"7e144013b085bc75bccf3bf6b93e8204","hashSHA1":"895780d13131507ab1458fe3ac33c7feb12bd80b","hashSHA256":"0af7a3850907465b6f265eb575d5cc86c4371b2e69c3175083ce4f0667b05056","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1595","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.2.1.1","fileVersion":"9.2.1.1","hashMD5":"ceab12da3b925446ab98786ad3d7507e","hashSHA1":"aa20f0e064dad1693875211e7cce5431d331b8bb","hashSHA256":"4cad65c017e12a434874162b71099cdba0cdca71ce4e41b79d011e385fa544be","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1595","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Partner report","reference":"VPN Atom SDK","landingPage":"https://www.purevpn.com/download","directDownloadingLink":"https://purevpn-dialer-assets.s3.amazonaws.com/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://purevpn-dialer-assets.s3.amazonaws.com/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1595"}],"sampleFiles":["220523/PureVPN-220322/9.2.1.1/Samples/purevpn_setup.exe"],"imageFiles":["220523/PureVPN-220322/9.2.1.1/Images/ACR-039/ACR-039_Install_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-043/ACR-043_Install_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-043/ACR-043_Install_2.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-046/ACR-046_Install_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-107/ACR-107_Install_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-042/ACR-042_Install_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-048/ACR-048_Install_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-084/ACR-084_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-048/ACR-048_Software_No_Control.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-118/ACR-118_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-118/ACR-118_2.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-057/ACR-057_In-bundleOffers_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-059/ACR-059_In-bundleOffers_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-155/ACR-155_In-bundleOffers_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-055/ACR-055_In-bundleOffers_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-017/ACR-017.jpg"],"nonDeceptorImageFiles":["220523/PureVPN-220322/9.2.1.1/Images/ACR-018/ACR-018_1.JPG","220523/PureVPN-220322/9.2.1.1/Images/ACR-018/ACR-018_2.JPG"],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.2.1.1_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.2.1.1","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1374},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-046":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious for user.\n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide control to cancel the installation process. \nThe app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement (https://www.purevpn.com/order) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.purevpn.com/blog/vpn-server-in-uae/). \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.1.0.18","hashMD5":"a2fa0a1c99389f126b84cdc32555b91f","hashSHA1":"374647fe51a3538d870514a13c872ad7a4dcb083","hashSHA256":"039e656de6be8203fa3f9ac142cdd79e1fe079b96d7b9f6c11a8a2e685799d36","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1596","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPNInstaller.exe","companyName":"","productName":"PureVPNInstaller","productVersion":"9.1.0.18","fileVersion":"9.1.0.18","hashMD5":"c2378aead6b3cc0f6a7ecf24b3d74c7c","hashSHA1":"5f24980053f36174ef6f10287d78d03ad9a57ff8","hashSHA256":"50bd923b0310498208a08cace7aeefeb6bdc150c81c1f0c839de555ce9c77420","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1596","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.1.0.18","fileVersion":"9.1.0.18","hashMD5":"f5d682f6427bd677757e4729edc489cc","hashSHA1":"f21a8a25090deff4eb4c8d96f1e0467cbefcf573","hashSHA256":"381da5bab8d675e8ec24be12b957575096c944706440ff0acc52177136c450ed","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1596","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.purevpn.com/download/windows-vpn","directDownloadingLink":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1596"}],"sampleFiles":["220523/PureVPN-220322/9.1.0.18/Samples/purevpn_setup.exe"],"imageFiles":["220523/PureVPN-220322/9.1.0.18/Images/ACR-039/ACR-039_Install.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-043/ACR-043_Install.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-043/ACR-043_Install_1.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-046/ACR-046_Install.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-107/ACR-107_Install.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-042/ACR-042_Install.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-048/ACR-048_Install.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-084/ACR-084_Software.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-048/ACR-048_Software.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-118/ACR-118_Uninstall.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-118/ACR-118_Uninstall_1.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-057/ACR-057_In-bundleOffers.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-155/ACR-155_In-bundleOffers.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-055/ACR-055_In-bundleOffers.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-017/ACR-017_InternalOPffers.JPG"],"nonDeceptorImageFiles":["220523/PureVPN-220322/9.1.0.18/Images/ACR-018/ACR-018.JPG","220523/PureVPN-220322/9.1.0.18/Images/ACR-018/ACR-018_1.JPG"],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.1.0.18_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.1.0.18","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1375},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-046":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious for user.\n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide control to cancel the installation process. \nThe app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement (https://www.purevpn.com/order/?platform=windows&utm_medium=apps&utm_source=windows  and  https://www.purevpn.com/vpn-secret-deal) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-018":" The app is promoted using articles that offer to help the consumer break the law across the Landing Pages(https://www.purevpn.com/blog/vpn-server-in-uae/). \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.1.0.16","hashMD5":"72f9f76f95f37a6d43ad14c25837e2f4","hashSHA1":"753b4e43eaec683d6f3488089fe07f9a1324b02f","hashSHA256":"a98c9723f0af55ad0d62f16223f667e295f9a7ca5381f4f65568260173204d2e","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPNInstaller.exe","companyName":"","productName":"PureVPNInstaller","productVersion":"9.1.0.16","fileVersion":"9.1.0.16","hashMD5":"984ba56bfb3317c5952779dca829c9bc","hashSHA1":"f6c21d378e4b2df48126032327b512d4f3a78508","hashSHA256":"52a883ada6477557c9be88914fb53523b0bd9398d68b5be38bcf02b4050c69bf","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.1.0.16","fileVersion":"9.1.0.16","hashMD5":"77ff2e343db1a3510441d33b7be4ad06","hashSHA1":"cbf4469eccfad7b4f4bb68e37df28877d0ad476b","hashSHA256":"c2809aa5d664b6e661451fd4c8304148dc4c8fc95ed439b3a6eb8b3d055ae176","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1609","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Partner report","reference":"VPN Atom SDK","landingPage":"https://www.purevpn.com/download/windows-vpn","directDownloadingLink":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1609"}],"sampleFiles":["220516/PureVPN-220322/9.1.0.16/Samples/purevpn_setup.exe"],"imageFiles":["220516/PureVPN-220322/9.1.0.16/Images/ACR-039/ACR-039_Install_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-039/ACR-039_Install_2.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-043/ACR-043_Install_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-043/ACR-043_Install_2.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-043/ACR-043_Insall_OpenVPN_Dropped.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-046/ACR-046_Install_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-107/ACR-107_Insall_OpenVPN_Dropped.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-042/ACR-042_Install_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-042/ACR-042_Install_2.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-048/ACR-048_Install_No_Cancel.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-084/ACR-084.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-048/ACR-048_Software_No_Control.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-118/ACR-118_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-118/ACR-118_2.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-057/ACR-057_In-bundleOffers_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-059/ACR-059_In-bundleOffers_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-155/ACR-155_In-bundleOffers_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-055/ACR-055_In-bundleOffers_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos_1.jpg","220516/PureVPN-220322/9.1.0.16/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos_2.jpg"],"nonDeceptorImageFiles":["220516/PureVPN-220322/9.1.0.16/Images/ACR-018/ACR-018_1.JPG","220516/PureVPN-220322/9.1.0.16/Images/ACR-018/ACR-018_2.jpg"],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.1.0.16_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.1.0.16","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1376},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-046":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious for user.\n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide control to cancel the installation process. \nThe app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement (https://www.purevpn.com/order/?platform=windows&utm_medium=apps&utm_source=windows  and  https://www.purevpn.com/vpn-secret-deal) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.1.0.14","hashMD5":"ee75527a6c1ba4b87ea66de6f2a616e1","hashSHA1":"b267dbc415ead62170523d732188a13146ec994c","hashSHA256":"aea3b8803ce1e786351870ea7da2b0143868f71b1b87e875373bd081f7c13c9f","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1617","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPNInstaller.exe","companyName":"","productName":"PureVPNInstaller","productVersion":"9.1.0.14","fileVersion":"9.1.0.14","hashMD5":"7a040ff8c59b238fb45a2190a1f8f19e","hashSHA1":"2d1b91cc8d9df4ef0a9bba931b30cf950779c125","hashSHA256":"f978ca064d5c00023e6127c4e6a317f66cb5718caf5c7b5cf317c14b934c8cec","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1617","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.1.0.14","fileVersion":"9.1.0.14","hashMD5":"c83acf0ef0c9f163e5b6fabcb48126b4","hashSHA1":"65d5920824c35e85be08d7a4d32f66644d06093a","hashSHA256":"ee5ba6bf60a1e7820836e1e24324a3559b1b2c737b25fe73680bb173921dbcb1","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1617","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Partner report","reference":"VPN Atom SDK","landingPage":"https://www.purevpn.com/download","directDownloadingLink":"https://purevpn-dialer-assets.s3.amazonaws.com/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://purevpn-dialer-assets.s3.amazonaws.com/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1617"}],"sampleFiles":["220511/PureVPN-220322/9.1.0.14/Samples/purevpn_setup.exe"],"imageFiles":["220511/PureVPN-220322/9.1.0.14/Images/ACR-039/ACR-039_Install_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-039/ACR-039_Install_2.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-043/ACR-043_Install_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-043/ACR-043_Install_2.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-043/ACR-043_Insall_OpenVPN_Dropped.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-046/ACR-046_Install_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-107/ACR-107_Insall_OpenVPN_Dropped.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-042/ACR-042_Install_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-042/ACR-042_Install_2.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-048/ACR-048_Install_No_Cancel.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-048/ACR-048_Software_No_Control.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-118/ACR-118_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-118/ACR-118_2.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-057/ACR-057_In-bundleOffers_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-059/ACR-059_In-bundleOffers_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-155/ACR-155_In-bundleOffers_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-055/ACR-055_In-bundleOffers_1.JPG","220511/PureVPN-220322/9.1.0.14/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos.jpg","220511/PureVPN-220322/9.1.0.14/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos_1.png"],"nonDeceptorImageFiles":[],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.1.0.14_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.1.0.14","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1377},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"1. The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n2. Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-046":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious for user.\n","ACR-107":"Application misses the relevant license information about open source project used 'OpenVPN'.\n","ACR-048":"The app does not provide control to cancel the installation process. \nThe app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement (https://www.purevpn.com/order/?platform=windows&utm_medium=apps&utm_source=windows) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains one of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.1.0.11","hashMD5":"dc1db6cbd66eb0786ec92a39f4e2ea25","hashSHA1":"8236bda943424bb18781c1f1aead2bc3f9aead35","hashSHA256":"99f0f1f11a1aad537efd7c3c81f76ab89a845c3cb0cf4e0fd849a8e334fb02e8","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.1.0.11","fileVersion":"9.1.0.11","hashMD5":"6af5f457ca986387ce70ba4182bf0a90","hashSHA1":"bac99b99bbf22bb8bc32471a3a34466ae8f1c1da","hashSHA256":"d156e7020fb5b602d2c121e16b77d8ca3f6d2dcf984678968af1ffb65e4bc84c","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1644","avBlockList":["Avira Internet Security (20220503)","Dr.Web Security Space (20220503)","K7 Total Security (20220503)","McAfee Total Protection (20220503)","Norton Security (20220503)","Panda Dome (20220503)","Sophos Home Premium (20220503)","SpyHunter5 (20220503)","Total AV Antivirus Pro (20220503)","VirIT eXplorer PRO (20220503)","Webroot SecureAnywhere (20220503)"],"avAllowList":["360 Total Security (20220503)","Avast Premium Security (20220503)","AVG Internet Security (20220503)","Bitdefender Internet Security (20220503)","COMODO Antivirus (20220503)","ESET Internet Security (20220503)","G DATA INTERNET SECURITY (20220503)","Kaspersky Internet Security (20220503)","Malwarebytes Premium (20220503)","Quick Heal Internet Security (20220503)","Tencent PC Manager (20220503)","Trend Micro Internet Security (20220503)","VIPRE Advanced Security (20220503)","Windows Defender (20220503)"]}],"additionalFiles":[],"sources":[{"howFound":"Partner report","reference":"VPN Atom SDK","landingPage":"https://www.purevpn.com/","directDownloadingLink":"https://purevpn-dialer-assets.s3.amazonaws.com/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://purevpn-dialer-assets.s3.amazonaws.com/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1644"}],"sampleFiles":["220421/PureVPN-220322/9.1.0.11/Samples/purevpn_setup.exe"],"imageFiles":["220421/PureVPN-220322/9.1.0.11/Images/ACR-039/ACR-039_Install_1.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-039/ACR-039_Install_2.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-043/ACR-043_Install_1.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-043/ACR-043_Install_2.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-043/ACR-043_Insall_OpenVPN_Dropped.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-046/ACR-046_Install_1.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-107/ACR-107_Insall_OpenVPN_Dropped.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-042/ACR-042_Install_1.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-042/ACR-042_Install_2.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-048/ACR-048_Install_No_Cancel.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-048/ACR-048_Software_No_Control.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-057/ACR-057_In-bundleOffers_1.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-059/ACR-059_In-bundleOffers_1.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-155/ACR-155_In-bundleOffers_1.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-055/ACR-055_In-bundleOffers_1.JPG","220421/PureVPN-220322/9.1.0.11/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos.jpg"],"nonDeceptorImageFiles":[],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.1.0.11_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.1.0.11","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1378},{"violations":{"ACR-042":"The app silently installs the \"Apple Application Support(32-bit and 64-bit)\" and \"Apple Mobile Device Support\" applications without any disclosure to the user. \n","ACR-043":"Third-party components 'Apple Application Support(32-bit and 64-bit)' and 'Apple Mobile Device Support', 'FFMpeg', and other third-party MSI installers are installed without any disclosure.\n","ACR-048":"The app does not provide any control to enable/disable the \"IOTransfer SkipUAC (User)\" scheduled task and to remove the background processes completely within the app's settings\n","ACR-050":"The app appears to circumvent the platform security (UAC) with a scheduled task.\n","ACR-084":"On quitting the app, several processes run silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains many of its components on the device without the consumer's consent or notifying the user.\n\n","ACR-039":"The app silently installs the \"Apple Application Support(32-bit and 64-bit)\" and \"Apple Mobile Device Support\" applications without disclosing the relationship to the app during installation.\n","ACR-165":"The app doesn't provide the following information in the shopping cart(https://iotransfer.itopvpn.com/store/index.php): 1. What the price will be in the auto-renewal payment given the first payment is a discounted price. 2. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IOTransfer\\IOT\\IOTransfer.exe","companyName":"IOTransfer Studio","productName":"IOTransfer","productVersion":"4.3","fileVersion":"4.3.1.1561","hashMD5":"f76620aa0853ed56a689b01b2e7def7b","hashSHA1":"e74cf3923598f772627bf644bcb76562ddb4118b","hashSHA256":"2f3ba81f8bfd7ce6968f5c2bc825fd5b9e83ed9498469426f93a0fd8cbae2d95","digitalCertThumbprint":"3A6C75983C893EBDDC76E248D06862C5744A0160","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Chengdu Zhagu Technology Co. Ltd.","storeId":"","sourceIndex":"1512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IOTransfer\\IOT\\IOTUpdater.exe","companyName":"IOTransfer","productName":"IOTransfer","productVersion":"2.0.0.0","fileVersion":"2.1.6.6231","hashMD5":"e480ab2313a0a9df936c2d457d9dd306","hashSHA1":"910f51bf72c234a0e92d0a208943cb223604f480","hashSHA256":"ac8815685123aedd3b5e99c6bdd061c2e23195580a0ec4e8c9704ed4b28d7e3b","digitalCertThumbprint":"3A6C75983C893EBDDC76E248D06862C5744A0160","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Chengdu Zhagu Technology Co. Ltd.","storeId":"","sourceIndex":"1512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IOTransfer.exe","isInstaller":"True","companyName":"IOTransfer                                                  ","productName":"IOTransfer 4                                                ","productVersion":"4.3.1.1561                                        ","fileVersion":"4.3.1.1561          ","hashMD5":"68c928f98022aa0a77de9e0c7b6cc0d6","hashSHA1":"40f8cd1861a9f7aea6cdd0f9b5a34370873d90ef","hashSHA256":"bcd7f3481cb247c77dd825091b0ad9c99d621d9b62a4b5ce502eb257cdf8c2e7","digitalCertThumbprint":"3A6C75983C893EBDDC76E248D06862C5744A0160","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Chengdu Zhagu Technology Co. Ltd.","storeId":"","sourceIndex":"1512","avBlockList":["360 Total Security (20220719)","Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Dr.Web Security Space (20220719)","G DATA INTERNET SECURITY (20220719)","K7 Total Security (20220719)","McAfee Total Protection (20220719)","SpyHunter5 (20220719)","Total AV Antivirus Pro (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)","Windows Defender (20220719)"],"avAllowList":["Bitdefender Internet Security (20220719)","COMODO Antivirus (20220719)","ESET Internet Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Quick Heal Internet Security (20220719)","Sophos Home Premium (20220719)","Tencent PC Manager (20220719)","Trend Micro Internet Security (20220719)","Webroot SecureAnywhere (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"Offered app in IObit","reference":"","landingPage":"https://iotransfer.itopvpn.com/","directDownloadingLink":"https://iotransfer.itopvpn.com/downloadcenter.php?product=iotransferpc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://iotransfer.itopvpn.com/downloadcenter.php?product=iotransferpc","sourceIndex":"1512"}],"sampleFiles":["220714/iotransfer-220712/4.3.1.1561/Samples/IOTransfer.exe"],"imageFiles":["220714/iotransfer-220712/4.3.1.1561/Images/ACR-039/ACR-039_1.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-039/ACR-039_2.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-039/ACR-039_3.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-043/ACR-043_1.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-043/ACR-043_2.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-043/ACR-043_3.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-043/ACR-043_4.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-042/ACR-042_1.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-042/ACR-042_2.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-042/ACR-042_3.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-084/ACR-084_1.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-084/ACR-084_2.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-048/ACR-048_Software_No_Control_3.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-048/ACR-048_Software_No_Control_4.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-050/ACR-050_1.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-118/ACR-118_1 (1).JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-118/ACR-118_1 (2).JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-118/ACR-118_3.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-118/ACR-118_4.JPG","220714/iotransfer-220712/4.3.1.1561/Images/ACR-165/ACR-165_1.png"],"nonDeceptorImageFiles":[],"guid":"6e568e9f-d375-4922-b793-2818eb1fcc8c_4.3.1.1561_1","appID":"iotransfer-220712","dateAdded":"220714","deceptorType":"App","name":"IO Transfer","company":"IOTransfer Studio","version":"4.3.1.1561","lastKnownStatus":"4.3.1.1561","lastKnownDate":"220714","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-15T06:19:05.2590144+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1380},{"violations":{"ACR-042":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"AtomSDKInstaller\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-046":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The checkbox is not obvious for user.\n","ACR-048":"The app does not provide control to cancel the installation process. \nThe app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-017":"The 3rd party endorsement ( https://www.purevpn.com/order ) is not verifiable.\n","ACR-084":"On closing the app, the processes \"PureVPN.exe\" and \"Atom.SDK.WindowsService.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the \"PureVPN Proxy Extension for Chrome\" offer.\n","ACR-055":"The \"PureVPN Proxy Extension for Chrome\" offer requires the user to uncheck a checkbox in order to decline the offer. The accept/decline options are not made obvious to the consumer in the offers.\n","ACR-059":"The \"PureVPN Proxy Extension for Chrome\" Offer is not clearly marked as an offer.\n","ACR-039":"The app silently installs \"AtomSDKInstaller\" program without disclosing the relationship to the app during installation.\n","ACR-155":"The \"PureVPN Proxy Extension for Chrome\" offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\GZ Systems\\PureVPN\\PureVPN.exe","companyName":"GZ Systems","productName":"PureVPN","productVersion":"1","fileVersion":"9.0.0.11","hashMD5":"6e33fb503383001e01a53ae03e38e88d","hashSHA1":"8f050524c64c7ea23cc62bd6c8311d000317a7c2","hashSHA256":"8649373140acc907fc072fc974796b969ce6aa70f4ab99374a666247a80a84d8","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1675","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"purevpn_setup.exe","isInstaller":"True","companyName":"","productName":"PureVPN","productVersion":"9.0.0.11","fileVersion":"9.0.0.11","hashMD5":"d93d776a8b478b5ed095e31aedb4e262","hashSHA1":"c52df7806e897cb81462b253cd8c0b19f539a6c2","hashSHA256":"d3140bc8fb54faa7143f14600a636a49b7b5abb01909c56c780d7328a24fbb23","digitalCertThumbprint":"9595184E8BB6183847ADB1160DA4AA791A246B83","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"GZ Systems Limited","storeId":"","sourceIndex":"1675","avBlockList":["360 Total Security (20220405)","Avira Internet Security (20220405)","Dr.Web Security Space (20220405)","K7 Total Security (20220405)","McAfee Total Protection (20220405)","Norton Security (20220405)","Panda Dome (20220405)","Quick Heal Internet Security (20220405)","Sophos Home Premium (20220405)","SpyHunter5 (20220405)","Total AV Antivirus Pro (20220405)","VirIT eXplorer PRO (20220405)","Webroot SecureAnywhere (20220405)","Windows Defender (20220405)"],"avAllowList":["Avast Premium Security (20220405)","AVG Internet Security (20220405)","Bitdefender Internet Security (20220405)","COMODO Antivirus (20220405)","ESET Internet Security (20220405)","G DATA INTERNET SECURITY (20220405)","Kaspersky Internet Security (20220405)","Malwarebytes Premium (20220405)","Tencent PC Manager (20220405)","Trend Micro Internet Security (20220405)","VIPRE Advanced Security (20220405)"]}],"additionalFiles":[],"sources":[{"howFound":"Partner report","reference":"VPN Atom SDK","landingPage":"https://www.purevpn.com/download/windows-vpn","directDownloadingLink":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3uym7n1flvv1x.cloudfront.net/windows-2.0/packages/production/purevpn_setup.exe","sourceIndex":"1675"}],"sampleFiles":["220323/PureVPN-220322/9.0.0.11/Samples/purevpn_setup.exe"],"imageFiles":["220323/PureVPN-220322/9.0.0.11/Images/ACR-039/ACR-039_Install.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-039/ACR-039_Install_1.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-043/ACR-043_Install.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-043/ACR-043_Install_1.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-046/ACR-046_Install.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-042/ACR-042_Install.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-042/ACR-042_Install_1.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-048/ACR-048_Install_No_Control.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-084/ACR-084_Software_Process.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-048/ACR-048_Software_No_Control.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-057/ACR-057_In-bundleOffers.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-155/ACR-155_In-bundleOffers.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-055/ACR-055_In-bundleOffers.JPG","220323/PureVPN-220322/9.0.0.11/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.jpg"],"nonDeceptorImageFiles":[],"guid":"7e4d421c-bfda-415e-9306-dd9ac5d18781_9.0.0.11_1","appID":"PureVPN-220322","dateAdded":"220714","deceptorType":"App","name":"PureVPN","company":"GZ Systems Limited","version":"9.0.0.11","sigName":"Deceptor:Win32/PureVPN!039043046042048084057059155055017","firstVendorContactDate":"220613","firstAppEsteemReplyDate":"220613","firstResolvedDate":"220719","firstResolvedVersion":"9.6.0.0","resolved":"TRUE","lastKnownStatus":"9.0.0.11;9.1.0.11;9.1.0.14;9.1.0.16;9.1.0.18;9.2.1.1;9.2.1.3;9.2.1.4;9.3.0.15;9.5.0.4","lastKnownDate":"220719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1379},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"PowerSoundEditorFree.exe","fileVersion":"0.0","hashMD5":"539d6c941b081e9afbfe284363c10993","hashSHA1":"5d2bfbde0c949b6b6239496236c6558ee3f76350","hashSHA256":"4384d27dc5b2665fd8efc4bd77ca4d908e508dbfa12a91bc9dd9fb4986babeee","sourceIndex":"1514","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PowerSoundEditorFree-setup.exe","isInstaller":"True","companyName":"Copyright© 2005-2019 PowerSE, Inc.                          ","fileVersion":"0.0","hashMD5":"72cbfb8158bcdd125c8a89ed0ade4d76","hashSHA1":"b19a440f8301d767c15b54a1f3419483b1a876bc","hashSHA256":"3efc5766ce00c7133f7c0972f85d935ab533e59e36e747d719d7795565c9e0fb","digitalCertThumbprint":"561906D7998D780F5F5E93C36DCD77674F8236A3","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", S=Beijing Shi, C=CN","sourceIndex":"1514","avBlockList":["360 Total Security (20220719)","Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Bitdefender Internet Security (20220719)","COMODO Antivirus (20220719)","ESET Internet Security (20220719)","G DATA INTERNET SECURITY (20220719)","K7 Total Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","McAfee Total Protection (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Quick Heal Internet Security (20220719)","Sophos Home Premium (20220719)","SpyHunter5 (20220719)","Tencent PC Manager (20220719)","Total AV Antivirus Pro (20220719)","Trend Micro Internet Security (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)","Webroot SecureAnywhere (20220719)","Windows Defender (20220719)"],"avAllowList":["Dr.Web Security Space (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://free-sound-editor.com/","directDownloadingLink":"https://free-sound-editor.com/PowerSoundEditorFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-sound-editor.com/PowerSoundEditorFree.exe","sourceIndex":"1514"}],"sampleFiles":["220713/PowerSoundEditorFree-220713/8.8.2.5/Samples/PowerSoundEditorFree.exe","220713/PowerSoundEditorFree-220713/8.8.2.5/Samples/PowerSoundEditorFree-setup.exe"],"imageFiles":["220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-109/ACR-039_048_109_RKSetup.jpg","220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-039/ACR-039_048_109_RKSetup.jpg","220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-048/ACR-039_048_109_RKSetup.jpg","220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-010/RelevantKnowledge.jpg","220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-118/ACR-118_RetainedComponents.jpg","220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-057/RelevantKnowledge.jpg","220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-059/RelevantKnowledge.jpg","220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-071/RelevantKnowledge.jpg","220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220713/PowerSoundEditorFree-220713/8.8.2.5/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"bad78309-45d6-416a-9da9-e65b833a1743_8.8.2.5_1","appID":"PowerSoundEditorFree-220713","dateAdded":"220713","deceptorType":"App","name":"Power Sound Editor Free","company":"PowerSE Co. Ltd.","version":"8.8.2.5","lastKnownStatus":"8.8.2.5","lastKnownDate":"220713","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"sold in bundle","lastUpdate":"2022-07-13T22:38:51.6284645+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1381},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeAppLock.exe","fileVersion":"0.0","hashMD5":"2e6c51d0a10d1d3e2c5d85219f80e62c","hashSHA1":"45fe555be8911a3da2a230f4de672394f83c8a66","hashSHA256":"d1673c2685d2e160d1bf69b0ea28b4a07e76a3bc01e5bb6fbc10e4059ff2c935","sourceIndex":"1515","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAppLock2.exe","fileVersion":"0.0","hashMD5":"092ae606f0847edf1215b8223ac238af","hashSHA1":"cc96370aa0a2e0bb84da435a09175a65079ab8c1","hashSHA256":"90dafd8716df635be5c3fd8dba9cfe54febcab2c742b36f33896ea24b104bbd9","sourceIndex":"1515","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAppLock-setup.exe","isInstaller":"True","companyName":"FreeAppLock Co., Ltd.                                       ","fileVersion":"0.0","hashMD5":"5aaa2deb92da80406b224751d87529dc","hashSHA1":"f9d27ecb575516505b8f12ccbf23cf892189e255","hashSHA256":"f87f3e9109ff11b2868e3d321d2541ab0356abd9cf9df498ffd5f3a796bd51f8","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1515","avBlockList":["360 Total Security (20220719)","Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Bitdefender Internet Security (20220719)","Dr.Web Security Space (20220719)","ESET Internet Security (20220719)","G DATA INTERNET SECURITY (20220719)","K7 Total Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","McAfee Total Protection (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Quick Heal Internet Security (20220719)","Sophos Home Premium (20220719)","SpyHunter5 (20220719)","Total AV Antivirus Pro (20220719)","Trend Micro Internet Security (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)","Webroot SecureAnywhere (20220719)","Windows Defender (20220719)"],"avAllowList":["COMODO Antivirus (20220719)","Tencent PC Manager (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Free tools","reference":"","landingPage":"https://www.freeapplock.com/","directDownloadingLink":"http://freeapplock.com/FreeAppLock.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://freeapplock.com/FreeAppLock.exe","sourceIndex":"1515"}],"sampleFiles":["220713/FreeAppLock-220713/8.8.2.4/Samples/FreeAppLock.exe","220713/FreeAppLock-220713/8.8.2.4/Samples/FreeAppLock2.exe","220713/FreeAppLock-220713/8.8.2.4/Samples/FreeAppLock-setup.exe"],"imageFiles":["220713/FreeAppLock-220713/8.8.2.4/Images/ACR-109/ACR-039_048_109_RKSetup.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-039/ACR-039_048_109_RKSetup.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-047/Update_RelaunchRK - Copy.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-047/RK_UpdatePrompt - Copy.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-047/RK_UpdatePrompt-b - Copy.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-048/ACR-039_048_109_RKSetup.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-004/RK_UpdatePrompt.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-004/RK_UpdatePrompt-b.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-004/Update_RelaunchRK.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-083/RK_UpdatePrompt.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-083/RK_UpdatePrompt-b.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-048/RK_UpdatePrompt.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-003/RK_UpdatePrompt.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-003/RK_UpdatePrompt-b.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-003/Update_RelaunchRK.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-047/RK_UpdatePrompt.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-047/RK_UpdatePrompt-b.jpg","220713/FreeAppLock-220713/8.8.2.4/Images/ACR-047/Update_RelaunchRK.jpg"],"nonDeceptorImageFiles":["220713/FreeAppLock-220713/8.8.2.4/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"3d9c74a8-2abe-4e87-a460-3623db025fa8_8.8.2.4_1","appID":"FreeAppLock-220713","dateAdded":"220713","deceptorType":"App","name":"Free App Lock","company":"FreeAppLock, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2022-07-13T22:36:45.0761277+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1382},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n","ACR-099":"The app's about page does not display links to uninstall information.\nThe app's landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information. \n","ACR-167":" The application's has no mention of a 30 days refund policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"GameSwift.exe","fileVersion":"1.0","hashMD5":"d79255fdec12574bd2a2a586792059ff","hashSHA1":"780743de7c7be833560cb4971832e8cc707f9719","hashSHA256":"654db7d3642fb1e78f4ec735fa385119e7ddbba283285ac6612b296602c51b30","sourceIndex":"1517","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"gameswift-setup.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"54553d9e6df6421a6b726e3169a878b5","hashSHA1":"26a71cb1b89d2108286372c03baa869d50f48d92","hashSHA256":"de9a5e56dd11319f1fc8c88b79d9b49d1e9f8abf04da1e2b5c81ef9efc49f7ef","sourceIndex":"1517","avBlockList":["Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Bitdefender Internet Security (20220719)","Dr.Web Security Space (20220719)","ESET Internet Security (20220719)","G DATA INTERNET SECURITY (20220719)","K7 Total Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","McAfee Total Protection (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Quick Heal Internet Security (20220719)","Sophos Home Premium (20220719)","SpyHunter5 (20220719)","Total AV Antivirus Pro (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)","Webroot SecureAnywhere (20220719)","Windows Defender (20220719)"],"avAllowList":["360 Total Security (20220719)","COMODO Antivirus (20220719)","Tencent PC Manager (20220719)","Trend Micro Internet Security (20220719)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: pc fixer","reference":"PCMedik","landingPage":"http://www.pgware.com/products/gameswift/","directDownloadingLink":"http://www.pgware.com/downloads/gameswift.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pgware.com/downloads/gameswift.exe","sourceIndex":"1517"}],"sampleFiles":["220712/GameSwift-220711/2.3.7.2022/Samples/GameSwift.exe","220712/GameSwift-220711/2.3.7.2022/Samples/gameswift-setup.exe"],"imageFiles":["220712/GameSwift-220711/2.3.7.2022/Images/ACR-109/ACR-039_048_109_RKSetup.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-039/ACR-039_048_109_RKSetup.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-048/ACR-039_048_109_RKSetup.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-010/RelevantKnowledge.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-057/RelevantKnowledge.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-059/RelevantKnowledge.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-071/RelevantKnowledge.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220712/GameSwift-220711/2.3.7.2022/Images/ACR-065/ACR-065_LinkstoDocs.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-106/RelevantKnowledge.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-099/GameSwift-About.jpg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-099/GameSwift-LandingPage.jpeg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-166/GameSwift-InternalOffer.jpeg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-166/GameSwift-OfferPage.jpeg","220712/GameSwift-220711/2.3.7.2022/Images/ACR-099/GameSwift-OfferPage.jpeg"],"guid":"95e4ef70-63ec-4214-a61d-7748c0e598f6_2.3.7.2022_1","appID":"GameSwift-220711","dateAdded":"220712","deceptorType":"App","name":"GameSwift","company":"PGWARE LLC","version":"2.3.7.2022","lastKnownStatus":"2.3.7.2022","lastKnownDate":"220712","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-07-12T20:27:38.8645825+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1383},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer. It prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence\n","ACR-014":"The app calls itself \"svcnet2”, which is not related to the name \"Family Keylogger\", which misleads the targeted consumer.\nThe app hides its process and  attach its DLL component  to svchost.exe, which misleads the targeted consumer.\n\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The app's install does not provide links to the Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-092":"The app does not provide Digital signatures for the executables.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"desktop-spy-agent.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"98b07bc35908b54bb24fa55266922ae7d13cfd20144474583d9cab5479c00a90","sourceIndex":"308","avBlockList":["360 Total Security (20210318)","Avast Premium Security (20210318)","AVG Internet Security (20210318)","Avira Internet Security (20210318)","Bitdefender Internet Security (20210318)","COMODO Antivirus (20210318)","Dr.Web Security Space (20210318)","ESET Internet Security (20210318)","G DATA INTERNET SECURITY (20210318)","K7 Total Security (20210318)","Kaspersky Internet Security (20210318)","Malwarebytes Premium (20210318)","McAfee Total Protection (20210318)","Norton Security (20210318)","Panda Dome (20210318)","Quick Heal Internet Security (20210318)","Sophos Home Premium (20210318)","SpyHunter5 (20210318)","Tencent PC Manager (20210318)","Total AV Antivirus Pro (20210318)","Trend Micro Internet Security (20210318)","VIPRE Advanced Security (20210318)","VirIT eXplorer PRO (20210318)","Webroot SecureAnywhere (20210318)","Windows Defender (20210318)"],"avAllowList":[]},{"isRevoked":"False","fileName":"svcnet2.dll","fileVersion":"5.0","hashMD5":"4f3247820ec1a7667166845dc817e657","hashSHA1":"2fe536069bb64d059bffc400356f451bb9cdd9c3","hashSHA256":"9bd4230ac42e51aae014d3638997e95a539f451c21f5c01adc982270e6c400be","sourceIndex":"308","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"svcnet2.exe","fileVersion":"0.0","hashMD5":"f2c603238a845cd064bd91f429c331bf","hashSHA1":"55f72b5c77dd3b6475d88c053859d3893fafaab9","hashSHA256":"3fd1379edbdc799b9b7e13690f7a6ab8622161d6c96038f4e065ecfeb041f244","sourceIndex":"308","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fkl-setup (password=2013).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c36736049da2cb3c2a2c869786d1dacf","hashSHA1":"610f163876219b72484604b6fe8b1fb00921b2a4","hashSHA256":"70da6e4cb55096d995a5fffd4b858f9b3f1af7c730f4b88d005cef4b8cfd8121","sourceIndex":"308","avBlockList":["360 Total Security (20210916)","Avast Premium Security (20210916)","AVG Internet Security (20210916)","Avira Internet Security (20210916)","Bitdefender Internet Security (20210916)","COMODO Antivirus (20210916)","Dr.Web Security Space (20210916)","ESET Internet Security (20210916)","G DATA INTERNET SECURITY (20210916)","K7 Total Security (20210916)","Kaspersky Internet Security (20210916)","Malwarebytes Premium (20210916)","McAfee Total Protection (20210916)","Norton Security (20210916)","Panda Dome (20210916)","Quick Heal Internet Security (20210916)","Sophos Home Premium (20210916)","SpyHunter5 (20210916)","Tencent PC Manager (20210916)","Total AV Antivirus Pro (20210916)","Trend Micro Internet Security (20210916)","VIPRE Advanced Security (20210916)","VirIT eXplorer PRO (20210916)","Webroot SecureAnywhere (20210916)","Windows Defender (20210916)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://spyarsenal.com/familykeylogger/","landingPage":"https://spyarsenal.com/familykeylogger/","directDownloadingLink":"https://files.spyarsenal.com/dl.php?key61249da1ef28d4.00315912","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.spyarsenal.com/dl.php?key61249da1ef28d4.00315912","sourceIndex":"308"}],"sampleFiles":["220712/FamilyKeylogger-200106/5.20/Samples/desktop-spy-agent.zip","220712/FamilyKeylogger-200106/5.20/Samples/svcnet2.dll","220712/FamilyKeylogger-200106/5.20/Samples/svcnet2.exe","220712/FamilyKeylogger-200106/5.20/Samples/fkl-setup (password=2013).exe"],"imageFiles":["220712/FamilyKeylogger-200106/5.20/Images/ACR-084/Family Keylogger_Interactions [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-084/Family Keylogger_Interactions [2].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-084/Family Keylogger_Files [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-086/Family Keylogger_Interactions [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-048/Family Keylogger_Interactions [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-007/Family Keylogger_Interactions [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-014/Family Keylogger_RunningProcess [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-014/Family Keylogger_RunningProcess [2].png"],"nonDeceptorImageFiles":["220712/FamilyKeylogger-200106/5.20/Images/ACR-038/Family Keylogger_FileProperty [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-038/Family Keylogger_FileProperty [3].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-040/Family Keylogger_Files [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-065/Family Keylogger_Install [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-065/Family Keylogger_Install [2].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-065/Family Keylogger_Install [3].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-092/Family Keylogger_FileProperty [2].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-092/Family Keylogger_FileProperty [4].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-092/Family Keylogger_FileProperty [5].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-065/Family Keylogger_About [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-065/Family Keylogger_LandingPage [2].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-099/Family Keylogger_LandingPage [2].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-065/Family Keylogger_OfferPage [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-065/Family Keylogger_OfferPage [2].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-099/Family Keylogger_OfferPage [1].png","220712/FamilyKeylogger-200106/5.20/Images/ACR-099/Family Keylogger_OfferPage [2].png"],"guid":"5a08c9a2-5425-41d6-87f3-dba3e24b2354_5.20_1","appID":"FamilyKeylogger-200106","dateAdded":"220712","deceptorType":"App","name":"Family Keylogger","company":"SpyArsenal.com","version":"5.20","lastKnownStatus":"5.98;5.20;5.974","lastKnownDate":"241204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:16.7694638+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1384},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer. It prevents the app from showing in the system tray and locates its installation directory inside of a hidden system directory. The app uses a hotkey to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable the anti-virus list in order to prevent detection.\n","ACR-116":"The app cannot be uninstalled by the platform's standard uninstall method.\n","ACR-014":"The app calls itself \"mfc7sys.exe”, which is not related to the name \"Family Keylogger\", which misleads the targeted consumer. The app hides its process and attaches its DLL component to svchost.exe, which misleads the targeted consumer.\n\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The app's installation does not provide links to the Returns and Cancellation Policy & Privacy Policy. \nThe app's about page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-092":"The app does not provide Digital signatures for the executables.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Windows\\mfc7sys\\mfc7sys.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"2b724e7a5c26db05bb3c51222c66a1ba","hashSHA1":"46640d285bf836e5a61b1156658abd00ac66ae1a","hashSHA256":"85ee1095cc45eb475e9612775a213c4af323624a5ffffcf54312b20981f5f4cb","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"309","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Familykeylogger_Setup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"fb962ce27a566dee204a9d1daac3c8e8","hashSHA1":"4333dba14ec9db44990317d15766ab7a5627ef8f","hashSHA256":"d39e46a2a2eea36f7769dc6801618e898d95d9a1f066d873bb6c02c176850cc4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"309","avBlockList":["360 Total Security (20210401)","Avast Premium Security (20210401)","AVG Internet Security (20210401)","Avira Internet Security (20210401)","Bitdefender Internet Security (20210401)","COMODO Antivirus (20210401)","Dr.Web Security Space (20210401)","ESET Internet Security (20210401)","G DATA INTERNET SECURITY (20210401)","K7 Total Security (20210401)","Kaspersky Internet Security (20210401)","Malwarebytes Premium (20210401)","McAfee Total Protection (20210401)","Norton Security (20210401)","Panda Dome (20210401)","Quick Heal Internet Security (20210401)","Sophos Home Premium (20210401)","SpyHunter5 (20210401)","Tencent PC Manager (20210401)","Total AV Antivirus Pro (20210401)","Trend Micro Internet Security (20210401)","VIPRE Advanced Security (20210401)","VirIT eXplorer PRO (20210401)","Webroot SecureAnywhere (20210401)","Windows Defender (20210401)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://spyarsenal.com/familykeylogger/","landingPage":"https://spyarsenal.com/familykeylogger/","directDownloadingLink":"https://files.spyarsenal.com/dl.php?key5ff43718066c82.06125202","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.spyarsenal.com/dl.php?key5ff43718066c82.06125202","sourceIndex":"309"}],"sampleFiles":["220712/FamilyKeylogger-200106/5.974/Samples/Familykeylogger_Setup.exe"],"imageFiles":["220712/FamilyKeylogger-200106/5.974/Images/ACR-084/ACR-084.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-084/ACR-084_1.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-084/ACR-084_2.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-086/ACR-086.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-097/ACR-097.jpg","220712/FamilyKeylogger-200106/5.974/Images/ACR-048/ACR-048.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-007/ACR-007.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-014/ACR-014.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["220712/FamilyKeylogger-200106/5.974/Images/ACR-038/ACR-038.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-038/ACR-038_1.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-040/ACR-040.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-065/ACR-065_Install.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-092/ACR-092.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-065/ACR-065_Software.JPG","220712/FamilyKeylogger-200106/5.974/Images/ACR-099/ACR-099.jpg","220712/FamilyKeylogger-200106/5.974/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"5a08c9a2-5425-41d6-87f3-dba3e24b2354_5.974_1","appID":"FamilyKeylogger-200106","dateAdded":"220712","deceptorType":"App","name":"Family Keylogger","company":"SpyArsenal.com","version":"5.974","lastKnownStatus":"5.98;5.20;5.974","lastKnownDate":"241204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:16.8110899+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1385},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer.  It prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \"mfcsys”, which is not related to the name \"Family Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The app's install does not provide links to the Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-002":"The App shows different names as \"mfc7sys.exe\" in the running service section.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"fkl-setup (password=2017).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fb962ce27a566dee204a9d1daac3c8e8","hashSHA1":"4333dba14ec9db44990317d15766ab7a5627ef8f","hashSHA256":"d39e46a2a2eea36f7769dc6801618e898d95d9a1f066d873bb6c02c176850cc4","sourceIndex":"2009","avBlockList":["360 Total Security (20210401)","Avast Premium Security (20210401)","AVG Internet Security (20210401)","Avira Internet Security (20210401)","Bitdefender Internet Security (20210401)","COMODO Antivirus (20210401)","Dr.Web Security Space (20210401)","ESET Internet Security (20210401)","G DATA INTERNET SECURITY (20210401)","K7 Total Security (20210401)","Kaspersky Internet Security (20210401)","Malwarebytes Premium (20210401)","McAfee Total Protection (20210401)","Norton Security (20210401)","Panda Dome (20210401)","Quick Heal Internet Security (20210401)","Sophos Home Premium (20210401)","SpyHunter5 (20210401)","Tencent PC Manager (20210401)","Total AV Antivirus Pro (20210401)","Trend Micro Internet Security (20210401)","VIPRE Advanced Security (20210401)","VirIT eXplorer PRO (20210401)","Webroot SecureAnywhere (20210401)","Windows Defender (20210401)"],"avAllowList":[]},{"isRevoked":"False","fileName":"fkl-setup(1).zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"007b5b5d925e62e1cea8bf1b4a193fc29f3b377fb13890d52e28d7a8671fb977","sourceIndex":"2009","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mfc7sys.dll","fileVersion":"0.0","hashMD5":"3f9fd12455a0e81367a78a3dffc5654b","hashSHA1":"eff45420f0d77b4f410b48755abb6b862f39968c","hashSHA256":"1e8e6745483bf5d9ef72b291a54f0656a553bd7f4c08abe1f13b261b11ca1e22","sourceIndex":"2009","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mfc7sys.exe","fileVersion":"0.0","hashMD5":"2b724e7a5c26db05bb3c51222c66a1ba","hashSHA1":"46640d285bf836e5a61b1156658abd00ac66ae1a","hashSHA256":"85ee1095cc45eb475e9612775a213c4af323624a5ffffcf54312b20981f5f4cb","sourceIndex":"2009","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://spyarsenal.com/familykeylogger/","landingPage":"https://spyarsenal.com/familykeylogger/","directDownloadingLink":"https://files.spyarsenal.com/dl.php?key5ff43718066c82.06125202","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.spyarsenal.com/dl.php?key5ff43718066c82.06125202","sourceIndex":"2009"}],"sampleFiles":["210106/FamilyKeylogger-200106/5.98/Samples/fkl-setup (password=2017).exe","210106/FamilyKeylogger-200106/5.98/Samples/fkl-setup.zip","210106/FamilyKeylogger-200106/5.98/Samples/mfc7sys.dll","210106/FamilyKeylogger-200106/5.98/Samples/mfc7sys.exe"],"imageFiles":["210106/FamilyKeylogger-200106/5.98/Images/ACR-084/FamilyKeylogger_Interactions [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-084/FamilyKeylogger_File [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-084/FamilyKeylogger_Interactions [3].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-086/FamilyKeylogger_Interactions [3].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-086/FamilyKeylogger_Interactions [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-048/FamilyKeylogger_Interactions [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-007/FamilyKeylogger_Interactions [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-014/FamilyKeylogger_RunningProcess [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-014/FamilyKeylogger_File [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-116/FamilyKeylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210106/FamilyKeylogger-200106/5.98/Images/ACR-038/FamilyKeylogger_FileProperty [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-038/FamilyKeylogger_FileProperty [2].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-040/FamilyKeylogger_File [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-065/FamilyKeylogger_Install [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-065/FamilyKeylogger_Install [2].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-065/FamilyKeylogger_Install [3].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-092/FamilyKeylogger_FileProperty [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-092/FamilyKeylogger_FileProperty [2].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-065/FamilyKeylogger_About [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-002/FamilyKeylogger_RunningProcess [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-065/FamilyKeylogger_LandingPage [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-065/FamilyKeylogger_LandingPage [2].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-099/FamilyKeylogger_LandingPage [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-099/FamilyKeylogger_LandingPage [2].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-065/FamilyKeylogger_OfferPage [1].png","210106/FamilyKeylogger-200106/5.98/Images/ACR-099/FamilyKeylogger_OfferPage [1].png"],"guid":"5a08c9a2-5425-41d6-87f3-dba3e24b2354_5.98_1","appID":"FamilyKeylogger-200106","dateAdded":"220712","deceptorType":"App","name":"Family Keylogger","company":"SpyArsenal.com","version":"5.98","sigName":"Deceptor:MacOS/FamilyKeylogger!084086048007014116","lastKnownStatus":"5.98;5.20;5.974","lastKnownDate":"241204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2024-12-04T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1386},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-002":"The App's version in Install and Software are mismatched. (version 8.8.2.4 vs version 8.8.1) \n\nThe App's version in Install and Software are mismatched. (version 8.8.2.4 vs version 8.8.1) \n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"MP3EditorPro.exe","fileVersion":"0.0","hashMD5":"419db667cc7527eb90d22962ed844781","hashSHA1":"e9f92c01ac97fc3b517104f00d050661646e32f3","hashSHA256":"ef1f0a3c069fd2f5ae2af9271d11f7c37dc0022c5e64eff74855eef98d560a83","sourceIndex":"1520","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP3EditorPro-setup.exe","isInstaller":"True","companyName":"MEPMedia Co., Ltd.                                          ","productName":"MP3 Editor Pro   ","fileVersion":"0.0","hashMD5":"98298194b3e65c4ec07d33aed83c4f07","hashSHA1":"aa4cad222e0f2964517becfa7c68091d01b915f3","hashSHA256":"195323401671712430b20e6575b7acbc80586118e0208ec76eac09499e6b6bdb","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1520","avBlockList":["360 Total Security (20220714)","Avast Premium Security (20220714)","AVG Internet Security (20220714)","Avira Internet Security (20220714)","Bitdefender Internet Security (20220714)","COMODO Antivirus (20220714)","Dr.Web Security Space (20220714)","ESET Internet Security (20220714)","G DATA INTERNET SECURITY (20220714)","K7 Total Security (20220714)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20220714)","Norton Security (20220714)","Panda Dome (20220714)","Quick Heal Internet Security (20220714)","Sophos Home Premium (20220714)","SpyHunter5 (20220714)","Total AV Antivirus Pro (20220714)","VIPRE Advanced Security (20220714)","VirIT eXplorer PRO (20220714)","Webroot SecureAnywhere (20220714)","Windows Defender (20220714)"],"avAllowList":["McAfee Total Protection (20220714)","Tencent PC Manager (20220714)","Trend Micro Internet Security (20220714)"]}],"additionalFiles":[],"sources":[{"howFound":"software download from link found in Absolute Audio Converter app","reference":"Absolute Audio Converter","landingPage":"https://www.mp3editorpro.com/","directDownloadingLink":"https://www.mp3editorpro.com/Mp3EditorPro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.mp3editorpro.com/Mp3EditorPro.exe","sourceIndex":"1520"}],"sampleFiles":["220711/MP3EditorPro-220708/8.8.1/Samples/MP3EditorPro.exe","220711/MP3EditorPro-220708/8.8.1/Samples/MP3EditorPro-setup.exe"],"imageFiles":["220711/MP3EditorPro-220708/8.8.1/Images/ACR-109/ACR-039_048_109_RKSetup.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-039/ACR-039_048_109_RKSetup.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-048/ACR-039_048_109_RKSetup.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-118/ACR-118-RetainedComponents.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220711/MP3EditorPro-220708/8.8.1/Images/ACR-065/RelevantKnowledge.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-002/Install_Version.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-002/App_Version.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-106/RelevantKnowledge.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-002/Install_Version.jpg","220711/MP3EditorPro-220708/8.8.1/Images/ACR-002/App_Version.jpg"],"guid":"fa464821-30d2-4b2d-b3a4-bddaf803e436_8.8.1_1","appID":"MP3EditorPro-220708","dateAdded":"220711","deceptorType":"App","name":"MP3 Editor Pro","company":"MEPMedia Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220711","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,sold in bundle","lastUpdate":"2022-07-12T00:26:22.711416+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1387},{"violations":{"ACR-004":"The application shows free scan results, but does not offer a fully functional trial. It only cleans 20 items before requiring you to pay for a license.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not provide links to the Returns and Cancellation Policy and Privacy Policy.\nThe app's About page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-099":"The application does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"moleskinsoft-disk-cleaner-2-4.exe","isInstaller":"True","companyName":"Moleskinsoft                                                ","productName":"Moleskinsoft Disk Cleaner","fileVersion":"0.0","hashMD5":"e193f0dee5b24ef7d530c74d0f2a1a8f","hashSHA1":"f44609173121284648961b83e421251161bea69c","hashSHA256":"cc4fefd168102349da56e6e3e532843d004db933727d186eb41b0ddc4de6e35c","sourceIndex":"310","avBlockList":["Avast Premium Security (20220714)","AVG Internet Security (20220714)","Avira Internet Security (20220714)","COMODO Antivirus (20220714)","ESET Internet Security (20220714)","K7 Total Security (20220714)","McAfee Total Protection (20220714)","Panda Dome (20220714)","SpyHunter5 (20220714)","Total AV Antivirus Pro (20220714)","VirIT eXplorer PRO (20220714)","Windows Defender (20220714)"],"avAllowList":["360 Total Security (20220714)","Bitdefender Internet Security (20220714)","Dr.Web Security Space (20220714)","G DATA INTERNET SECURITY (20220714)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20220714)","Norton Security (20220714)","Quick Heal Internet Security (20220714)","Sophos Home Premium (20220714)","Tencent PC Manager (20220714)","Trend Micro Internet Security (20220714)","VIPRE Advanced Security (20220714)","Webroot SecureAnywhere (20220714)"]},{"isRevoked":"False","fileName":"pdcleaner.exe","companyName":"Moleskinsoft","productName":"Moleskinsoft Disk Cleaner","productVersion":"1.0.0.0","fileVersion":"2.4.1.160","hashMD5":"3228d053caff87f6efffc4294271f516","hashSHA1":"4c6d0492ab4da0d86a4861408cd66387390e6367","hashSHA256":"aa85d8fcaa2f0fc82bfb603a34b7f4e4760d4bf5d02d7ff577e229cd91e2c1b5","sourceIndex":"310","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search PC cleaner and booster","reference":"","landingPage":"https://www.forwin11.com/app/download-moleskinsoft-disk-cleaner.html","directDownloadingLink":"https://down10.software/download-moleskinsoft-disk-cleaner/post-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://down10.software/download-moleskinsoft-disk-cleaner/post-download/","sourceIndex":"310"}],"sampleFiles":["220706/MoleskinsoftDiskCleaner-220706/2.4.1.160/Samples/moleskinsoft-disk-cleaner-2-4.exe","220706/MoleskinsoftDiskCleaner-220706/2.4.1.160/Samples/pdcleaner.exe"],"imageFiles":["220706/MoleskinsoftDiskCleaner-220706/2.4.1.160/Images/ACR-004/ACR-004_limitedtrial_diskclean.jpg","220706/MoleskinsoftDiskCleaner-220706/2.4.1.160/Images/ACR-004/ACR-004_limitedtrial_registryclean.jpg"],"nonDeceptorImageFiles":["220706/MoleskinsoftDiskCleaner-220706/2.4.1.160/Images/ACR-099/MoleskinsoftDiskCleaner-About.jpg","220706/MoleskinsoftDiskCleaner-220706/2.4.1.160/Images/ACR-065/ACR-065-LinkstoDocs.gif","220706/MoleskinsoftDiskCleaner-220706/2.4.1.160/Images/ACR-065/MoleskinsoftDiskCleaner-About.jpg"],"guid":"4e1de7ac-031c-4826-baa7-fb644d7d6883_2.4.1.160_1","appID":"MoleskinsoftDiskCleaner-220706","dateAdded":"220706","deceptorType":"App","name":"Moleskinsoft Disk Cleaner","company":"Moleskinsoft","version":"2.4.1.160","lastKnownStatus":"2.4.1.160","lastKnownDate":"241204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-12-04T22:52:34.7296611+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1388},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"fas.exe","companyName":"??? ??????","productVersion":"1.0.0.0","fileVersion":"0.8.8.23","hashMD5":"e83b16a448d3016b4086eb1ef28baefe","hashSHA1":"18770aa5419efaab2265719d72c98316e9edf45d","hashSHA256":"d6f0d4a586eaec368f1c60518e06626863de8041ec7680b447e6148ca7c1251e","sourceIndex":"1523","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAutoShutdown.exe","isInstaller":"True","companyName":"FreeAutoShutdown Co., Ltd.                                  ","productName":"Free Auto Shutdown      ","productVersion":"","fileVersion":"0.0","hashMD5":"92a65ddbe7fbe6f1d7860d2c0689290f","hashSHA1":"fedae2e2c182649a2401e17029fd296509392704","hashSHA256":"9ef3b09763e011f6c030c5a935e2b56ec69ab3d83624823c09a5e01b1e4f34fc","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1523","avBlockList":["360 Total Security (20220714)","Avast Premium Security (20220714)","AVG Internet Security (20220714)","Avira Internet Security (20220714)","Bitdefender Internet Security (20220714)","ESET Internet Security (20220714)","G DATA INTERNET SECURITY (20220714)","K7 Total Security (20220714)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20220714)","McAfee Total Protection (20220714)","Norton Security (20220714)","Panda Dome (20220714)","Quick Heal Internet Security (20220714)","Sophos Home Premium (20220714)","SpyHunter5 (20220714)","Total AV Antivirus Pro (20220714)","Trend Micro Internet Security (20220714)","VIPRE Advanced Security (20220714)","VirIT eXplorer PRO (20220714)","Webroot SecureAnywhere (20220714)","Windows Defender (20220714)"],"avAllowList":["COMODO Antivirus (20220714)","Dr.Web Security Space (20220714)","Tencent PC Manager (20220714)"]}],"additionalFiles":[],"sources":[{"howFound":"similar sites freedriverbackup","reference":"","landingPage":"https://free-auto-shutdown.com/","directDownloadingLink":"http://www.free-auto-shutdown.com/FreeAutoShutdown.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.free-auto-shutdown.com/FreeAutoShutdown.exe","sourceIndex":"1523"}],"sampleFiles":["220705/FreeAutoShutdown-220705/8.8.2.4/Samples/fas.exe","220705/FreeAutoShutdown-220705/8.8.2.4/Samples/FreeAutoShutdown.exe"],"imageFiles":["220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-109/ACR-039_048_109_RKSetup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-039/ACR-039_048_109_RKSetup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-047/ACR-047_083_003_004-RKUpdatePrompt_startup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-047/ACR-048_003_004-RKUpdatePrompt_goup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-048/ACR-039_048_109_RKSetup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-004/ACR-047_083_003_004-RKUpdatePrompt_startup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-004/ACR-048_003_004-RKUpdatePrompt_goup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-083/ACR-047_083_003_004-RKUpdatePrompt_startup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-048/ACR-048_003_004-RKUpdatePrompt_goup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-003/ACR-047_083_003_004-RKUpdatePrompt_startup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-003/ACR-048_003_004-RKUpdatePrompt_goup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-118/ACR-118_RetainedComponents.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-047/ACR-047_083_003_004-RKUpdatePrompt_startup.jpg","220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-047/ACR-048_003_004-RKUpdatePrompt_goup.jpg"],"nonDeceptorImageFiles":["220705/FreeAutoShutdown-220705/8.8.2.4/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"96a54baf-4dbb-492e-aa3c-61990254000e_8.8.2.4_1","appID":"FreeAutoShutdown-220705","dateAdded":"220705","deceptorType":"App","name":"Free Auto Shutdown","company":"FreeAutoShutdown, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220705","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows Vista,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-07-05T22:33:03.784322+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1389},{"violations":{"ACR-003":"The app uses alarming colors to make exaggerated claims about the system's health.\n","ACR-004":"The app does not provide full functional fix for free scan results and uses alarming colors to make exaggerated claims about the system's health.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PCFixBooster.exe","companyName":"C.K Technologies Pvt Ltd ","productName":"PC Fix Booster","fileVersion":"1.0.0    ","hashMD5":"9b68e36f41bfae683550cc4d90a10b82","hashSHA1":"7328339927278dfadd3ccb9d35468274c0c4d271","hashSHA256":"095518b8232b656863041866a8009f55d674cda201b915aad9b7b998c2b4ee37","digitalCertThumbprint":"081176E5D744E6116339C0B3C9610A1D9DD7C7F9","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=C.K.Technologies Pvt Ltd, O=C.K.Technologies Pvt Ltd, STREET=\"#2 Reddy Colony\", STREET=Ramalingapuram, STREET=Nammalwarpet, L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"1524","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pc-fix-booster_en.exe","isInstaller":"True","companyName":"CK Technologies Pvt Ltd                                     ","productName":"PC Fix Booster","fileVersion":"3.0.5","hashMD5":"6390abf7d622ba1d6997969138b68932","hashSHA1":"c677ffe318b767a2b20524b97eaa087b8605ea0e","hashSHA256":"0543ab57999383287e4ab4cc2d7659dedf827b14825cb819bcaa6084d9c94c1b","digitalCertThumbprint":"081176E5D744E6116339C0B3C9610A1D9DD7C7F9","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=C.K.Technologies Pvt Ltd, O=C.K.Technologies Pvt Ltd, STREET=\"#2 Reddy Colony\", STREET=Ramalingapuram, STREET=Nammalwarpet, L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"1524","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","Panda Dome (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","G DATA INTERNET SECURITY (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Quick Heal Internet Security (20220707)","Sophos Home Premium (20220707)","Tencent PC Manager (20220707)","Trend Micro Internet Security (20220707)","VIPRE Advanced Security (20220707)"]}],"additionalFiles":[],"sources":[{"howFound":"google search PC cleaner and booster","reference":"","landingPage":"https://www.forwin11.com/app/download-pcfixbooster.html","directDownloadingLink":"https://www.forwin11.com/download.php?app=download-pcfixbooster","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.forwin11.com/download.php?app=download-pcfixbooster","sourceIndex":"1524"}],"sampleFiles":["220704/PCFixBooster-220701/3.0.5/Samples/PCFixBooster.exe","220704/PCFixBooster-220701/3.0.5/Samples/pc-fix-booster_en.exe"],"imageFiles":["220704/PCFixBooster-220701/3.0.5/Images/ACR-004/ACR-004_NoFreeFix.gif","220704/PCFixBooster-220701/3.0.5/Images/ACR-004/ACR-004_SystemHealth.jpg","220704/PCFixBooster-220701/3.0.5/Images/ACR-003/ACR-003_004_SystemHealth.jpg"],"nonDeceptorImageFiles":[],"guid":"bb13a9ee-7f6a-4e4b-a6b0-412ba5f5576a_3.0.5_1","appID":"PCFixBooster-220701","dateAdded":"220704","deceptorType":"App","name":"PC Fix Booster","company":"CK Technologies Pvt Ltd","version":"3.0.5","lastKnownStatus":"3.0.5","lastKnownDate":"220704","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-07-04T19:14:35.4435304+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1390},{"violations":{"ACR-042":"At installation, an additional shortcut that suggest to download another App is dropped without obtaining the consumer's knowledge and  permission through explicit user action.\n","ACR-003":"App exaggerates system health by listing registry issues as \"errors\" in orange text. This misleads user with unnecessary urgency.\n\n","ACR-004":"The app does not provide free fix for free scan results. It requires subscription and payment to fix the regularly recurring results reported in free scan.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Launcher.exe","companyName":"Ascentive LLC","productName":"Launcher","productVersion":"1.00.0002","fileVersion":"1.00.0002","hashMD5":"c1ccb75a585c8bbb3ce0cddabb5999fa","hashSHA1":"e5550969de01a51496f3b13beadb378b30415dfe","hashSHA256":"625a4f5c0c7c81adedb229ba71a4ac20cc60e727481450c07b18912cb4cc379c","digitalCertThumbprint":"767547C4AC1EC3ED062DB4B7C3408F6B33E45647","digitalCertIssuer":"CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=201 Spring Garden St, STREET=Suite 400, L=Philadelphia, S=PA, PostalCode=19123, C=US","sourceIndex":"1526","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryCleaner.exe","companyName":"Ascentive LLC","productName":"Registry Cleaner","productVersion":"","fileVersion":"7.07.0005","hashMD5":"22f0ba09f484cd6d53586e881e709781","hashSHA1":"e3405f3004a4e4e9cf0da6616d9dda3ded49d498","hashSHA256":"b1daff943d757f31b263ab207c13b360585d6ede0fc34df89cd4d7617ffd5330","digitalCertThumbprint":"767547C4AC1EC3ED062DB4B7C3408F6B33E45647","digitalCertIssuer":"CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=201 Spring Garden St, STREET=Suite 400, L=Philadelphia, S=PA, PostalCode=19123, C=US","sourceIndex":"1526","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryCleaner_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"e03699eeb926f10b2aaae36a0db4d492","hashSHA1":"8410d21448013b81e09c0453f428aeb724162934","hashSHA256":"fced5696f215e30ddb05e85cbbf678544ea17f38569ad81460883bdfca45a6e1","digitalCertThumbprint":"767547C4AC1EC3ED062DB4B7C3408F6B33E45647","digitalCertIssuer":"CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=201 Spring Garden St, STREET=Suite 400, L=Philadelphia, S=PA, PostalCode=19123, C=US","sourceIndex":"1526","avBlockList":["Avast Premium Security (20220705)","AVG Internet Security (20220705)","Avira Internet Security (20220705)","Bitdefender Internet Security (20220705)","Dr.Web Security Space (20220705)","ESET Internet Security (20220705)","G DATA INTERNET SECURITY (20220705)","K7 Total Security (20220705)","Malwarebytes Premium (20220705)","McAfee Total Protection (20220705)","Norton Security (20220705)","Panda Dome (20220705)","Quick Heal Internet Security (20220705)","Sophos Home Premium (20220705)","SpyHunter5 (20220705)","Total AV Antivirus Pro (20220705)","VIPRE Advanced Security (20220705)","VirIT eXplorer PRO (20220705)","Webroot SecureAnywhere (20220705)"],"avAllowList":["360 Total Security (20220705)","COMODO Antivirus (20220705)","Kaspersky Internet Security (20220705)","Tencent PC Manager (20220705)","Trend Micro Internet Security (20220705)","Windows Defender (20220705)"]}],"additionalFiles":[],"sources":[{"howFound":"google search PC cleaner and booster","reference":"PC Scan and Sweep","landingPage":"http://www.ascentive.com/de/products/home_user_center/registrycleaner/","directDownloadingLink":"http://www.ascentive.com/run/click/ascweb_de/go/de_RegistryCleaner_download?c1=de_ascweb_ProdPg_scan_regc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ascentive.com/run/click/ascweb_de/go/de_RegistryCleaner_download?c1=de_ascweb_ProdPg_scan_regc","sourceIndex":"1526"}],"sampleFiles":["220630/RegistryCleaner-220630/7.07.0005/Samples/Launcher.exe","220630/RegistryCleaner-220630/7.07.0005/Samples/RegistryCleaner.exe","220630/RegistryCleaner-220630/7.07.0005/Samples/RegistryCleaner_setup.exe"],"imageFiles":["220630/RegistryCleaner-220630/7.07.0005/Images/ACR-042/ACR-042_AddedShortcut.jpg","220630/RegistryCleaner-220630/7.07.0005/Images/ACR-004/ACR-004_NoFix.gif","220630/RegistryCleaner-220630/7.07.0005/Images/ACR-003/ACR-003_RegistyErrors.jpg"],"nonDeceptorImageFiles":[],"guid":"5b1ee86c-8746-44af-b64f-2d1c08724bfa_7.07.0005_1","appID":"RegistryCleaner-220630","dateAdded":"220630","deceptorType":"App","name":"Registry Cleaner","company":"Ascentive LLC","version":"7.07.0005","lastKnownStatus":"7.07.0005","lastKnownDate":"220630","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-06-30T22:01:50.7693483+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1391},{"violations":{"ACR-048":"A scheduled task is added to Windows Task Scheduler without user's knowledge and does not provide any control to enable/disable the scheduled it.\n\n","ACR-003":"App exaggerates system health, free scan results with alarming colors and declares scan results and registry keys as \"problems\", misleads user with unnecessary urgency.\n","ACR-004":"App does not provide free fix for free scan results. It also exaggerates status and free scan results with alarming colors and declares scan results and registry keys as \"problems\", thus, misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows Returns and Cancellation Policy, Privacy Policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"PerfectOptimizer.exe","companyName":"Miracle Technologies","productName":"NetClass学生端","productVersion":"5.0.0.28","fileVersion":"5.1.0.250","hashMD5":"37939904e9653ad9f855180c588cd786","hashSHA1":"884b41a4544fb08229062c9ed30c395645d11592","hashSHA256":"f908a1ad1c43d7810c4f2c9c8f3fb06e95b63218e26c4d840078482544bd6c1d","digitalCertThumbprint":"E8DC17F52E85884DA583CAFB8A27C3745E29283D","digitalCertIssuer":"CN=WoSign Code Signing Authority, O=\"WoSign, Inc.\", C=US","digitalCertIssuedTo":"CN=WeiSiTianYu Software Develop Service Center, OU=Class 3 - for Microsoft Authenticode Signing, O=WeiSiTianYu Software Develop Service Center, L=Beijing, S=Beijing, C=CN","sourceIndex":"311","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PERFECTOPTIMIZER-setup.exe","isInstaller":"True","companyName":"Miracle Technology                                          ","productName":"Perfect Optimizer 5.1             ","fileVersion":"5.1          ","hashMD5":"3c449379539a6b38082116e2a374e7a0","hashSHA1":"7d8da3e2c8d266d628edbd137f2604ad64ef8744","hashSHA256":"b3b7b7c2694fc74de891c53eafddddd95ae2a871870a5ea1a240cea94418e238","digitalCertThumbprint":"E8DC17F52E85884DA583CAFB8A27C3745E29283D","digitalCertIssuer":"CN=WoSign Code Signing Authority, O=\"WoSign, Inc.\", C=US","digitalCertIssuedTo":"CN=WeiSiTianYu Software Develop Service Center, OU=Class 3 - for Microsoft Authenticode Signing, O=WeiSiTianYu Software Develop Service Center, L=Beijing, S=Beijing, C=CN","sourceIndex":"311","avBlockList":["360 Total Security (20220705)","Avast Premium Security (20220705)","AVG Internet Security (20220705)","Avira Internet Security (20220705)","Bitdefender Internet Security (20220705)","COMODO Antivirus (20220705)","Dr.Web Security Space (20220705)","ESET Internet Security (20220705)","G DATA INTERNET SECURITY (20220705)","K7 Total Security (20220705)","Kaspersky Internet Security (20220705)","Malwarebytes Premium (20220705)","McAfee Total Protection (20220705)","Norton Security (20220705)","Panda Dome (20220705)","Quick Heal Internet Security (20220705)","Sophos Home Premium (20220705)","SpyHunter5 (20220705)","Tencent PC Manager (20220705)","Total AV Antivirus Pro (20220705)","Trend Micro Internet Security (20220705)","VIPRE Advanced Security (20220705)","VirIT eXplorer PRO (20220705)","Webroot SecureAnywhere (20220705)","Windows Defender (20220705)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searched pc optimizers","reference":"","landingPage":"http://downloads.fyxm.net/Perfect-Optimizer-103985.html","directDownloadingLink":"http://downloads.fyxm.net/download-file-103985.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.fyxm.net/download-file-103985.html","sourceIndex":"311"}],"sampleFiles":["220629/PerfectOptimizer-220629/5.1.0.250/Samples/PerfectOptimizer.exe","220629/PerfectOptimizer-220629/5.1.0.250/Samples/PERFECTOPTIMIZER-setup.exe1"],"imageFiles":["220629/PerfectOptimizer-220629/5.1.0.250/Images/ACR-004/AlarmingScanResults.jpg","220629/PerfectOptimizer-220629/5.1.0.250/Images/ACR-004/ScanResults_Problems.jpg","220629/PerfectOptimizer-220629/5.1.0.250/Images/ACR-004/PerfectOptimizer_SpeedUP.jpg","220629/PerfectOptimizer-220629/5.1.0.250/Images/ACR-048/ACR-048-ScheduledTask.jpg","220629/PerfectOptimizer-220629/5.1.0.250/Images/ACR-003/AlarmingScanResults.jpg","220629/PerfectOptimizer-220629/5.1.0.250/Images/ACR-003/ScanResults_Problems.jpg"],"nonDeceptorImageFiles":["220629/PerfectOptimizer-220629/5.1.0.250/Images/ACR-065/ACR-037_065_NoPrivacyReturnCancellationPolicy.gif"],"guid":"68c6adae-88b5-4f84-a68f-96a8aa890801_5.1.0.250_1","appID":"PerfectOptimizer-220629","dateAdded":"220629","deceptorType":"App","name":"Perfect Optimizer 5","company":"Miracle Technologies","version":"5.1.0.250","lastKnownStatus":"5.1.0.250","lastKnownDate":"241204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-12-04T21:29:05.3656631+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1392},{"violations":{"ACR-048":"The App doesn't provide option for user to turn off the background process that runs silently.\n","ACR-007":"App requires users to enable USB Debugging without explicitly disclosing its usage and impacts to user's system. It does not obtain consent to reduce the consumer's security posture caused by sharing the device's RSA fingerprint.  \n","ACR-084":"The App runs silently in the background, hiding the fact that it is active from the consumer. \nIt registers itself as a system service to ensure its automatic execution at every system startup.\n","ACR-118":"After uninstalling the program, it retains some of its other components on the device without the user's knowledge.\n","ACR-039":"The relation of Downloader.exe to the main app could not be verified. It's file properties are not disclosed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Mobogenie.exe1","companyName":"Mobogenie.com","productName":"Mobogenie","fileVersion":"3.3","hashMD5":"9c40c6ffc4a5360a430aa0416044d478","hashSHA1":"24948d9314dbae5dd5af788199b2ac7b702c6a59","hashSHA256":"9b4fcecb6a7bc90e5e6d3b0c840ef01b1d9984e22739fc315cfcadd0a883d25e","digitalCertThumbprint":"B585EA81A25908F25F39088B1FCC239EBF7088D8","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Beijing AmazGame Age Internet Technology Co., Ltd.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Beijing AmazGame Age Internet Technology Co., Ltd.\", L=Beijing, S=Beijing, C=CN","sourceIndex":"1527","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Mobogenie_Setup_3.3.7_10002.exe","isInstaller":"True","companyName":"Mobogenie.com","fileVersion":"3.3.5.45783","hashMD5":"2d18c828217d8d48ba8d6e0753b77936","hashSHA1":"95ff3e75aecc144b245f97b65c93cd2c35bb3462","hashSHA256":"28cdc58814d88f5bdf8f2d34fff66d8bd8ccbbde31cc928f07e869403834389f","digitalCertThumbprint":"B585EA81A25908F25F39088B1FCC239EBF7088D8","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Beijing AmazGame Age Internet Technology Co., Ltd.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Beijing AmazGame Age Internet Technology Co., Ltd.\", L=Beijing, S=Beijing, C=CN","sourceIndex":"1527","avBlockList":["Avast Premium Security (20220705)","AVG Internet Security (20220705)","Avira Internet Security (20220705)","COMODO Antivirus (20220705)","Dr.Web Security Space (20220705)","ESET Internet Security (20220705)","K7 Total Security (20220705)","Kaspersky Internet Security (20220705)","Malwarebytes Premium (20220705)","McAfee Total Protection (20220705)","Norton Security (20220705)","Panda Dome (20220705)","Quick Heal Internet Security (20220705)","SpyHunter5 (20220705)","Total AV Antivirus Pro (20220705)","Trend Micro Internet Security (20220705)","VirIT eXplorer PRO (20220705)","Windows Defender (20220705)"],"avAllowList":["360 Total Security (20220705)","Bitdefender Internet Security (20220705)","G DATA INTERNET SECURITY (20220705)","Sophos Home Premium (20220705)","Tencent PC Manager (20220705)","VIPRE Advanced Security (20220705)","Webroot SecureAnywhere (20220705)"]},{"isRevoked":"False","fileName":"MobogenieService.exe1","companyName":"Mobogenie.com","productName":"MobogenieService.exe","fileVersion":"1.0","hashMD5":"f57a690656a8cacfabb78e30d1e71ee1","hashSHA1":"ee009f079c053da55bd74c574a5edc8e1d8a1fc8","hashSHA256":"4da99871d623eaba135003ee7bb960770618090374fd655fa3091bd38f9000cb","digitalCertThumbprint":"B585EA81A25908F25F39088B1FCC239EBF7088D8","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Beijing AmazGame Age Internet Technology Co., Ltd.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Beijing AmazGame Age Internet Technology Co., Ltd.\", L=Beijing, S=Beijing, C=CN","sourceIndex":"1527","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: Windows free apps","reference":"","landingPage":"https://windows10freeapps.com/download-mobogenie-for-pc-windows-10-8-7-for-free/","directDownloadingLink":"https://mobogenie.en.uptodown.com/windows/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mobogenie.en.uptodown.com/windows/download","sourceIndex":"1527"}],"sampleFiles":["220629/Mobogenie-220525/3.3.7/Samples/Mobogenie.exe1","220629/Mobogenie-220525/3.3.7/Samples/Mobogenie_Setup_3.3.7_10002.exe1","220629/Mobogenie-220525/3.3.7/Samples/MobogenieService.exe1"],"imageFiles":["220629/Mobogenie-220525/3.3.7/Images/ACR-084/ACR-048_084_autostart.jpg","220629/Mobogenie-220525/3.3.7/Images/ACR-084/ACR-048_084_StartupRegistry.jpg","220629/Mobogenie-220525/3.3.7/Images/ACR-039/dloader.jpg","220629/Mobogenie-220525/3.3.7/Images/ACR-039/dloader_undisclosedproperties.jpg","220629/Mobogenie-220525/3.3.7/Images/ACR-048/ACR-048_084_autostart.jpg","220629/Mobogenie-220525/3.3.7/Images/ACR-048/ACR-048_084_StartupService.jpg","220629/Mobogenie-220525/3.3.7/Images/ACR-048/ACR-048_084_StartupRegistry.jpg","220629/Mobogenie-220525/3.3.7/Images/ACR-007/USBDebugging.jpg","220629/Mobogenie-220525/3.3.7/Images/ACR-118/Uninstall_Remnants.jpg"],"nonDeceptorImageFiles":[],"guid":"4a222ed3-2f27-4db6-bf87-5d02fa6146dd_3.3.7_1","appID":"Mobogenie-220525","dateAdded":"220629","deceptorType":"App","name":"Mobogenie","company":"Gamease Age Digital Technology Co., Ltd.","version":"3.3.7","lastKnownStatus":"3.3.7","lastKnownDate":"220629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,cross-sell other apps","lastUpdate":"2022-06-30T05:24:05.4784721+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1393},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (SwifturnFreeVideoConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Swifturn Free Video Converter\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1529","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Swifturn Free Video Converter\\SwifturnFreeVideoConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"9b0c216b84bc9dc07bf2f02c7dd62163","hashSHA1":"76e4c25a392f1a3f1063f9ce4acc63f07e09189a","hashSHA256":"e1a8b51dc97f189adb30b4a7edf2c9e9d0274c20d95761fb0fce6a80b550905a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1529","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SwifturnFreeVideoConverter.exe","isInstaller":"True","companyName":"Swifturn Software Co. Ltd.                                 ","productName":"Swifturn Free Video Converter                               ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"31d83c0df32bd0fc8abcfb55e1ef2886","hashSHA1":"a14abd9324821bfdfd5d5a0fb2c75f3f549ca84a","hashSHA256":"1969529d3873273847ad06ea79f32c6520568c023f5ce60f654b0499d8bef630","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1529","avBlockList":["360 Total Security (20220705)","Avast Premium Security (20220705)","AVG Internet Security (20220705)","Avira Internet Security (20220705)","Bitdefender Internet Security (20220705)","COMODO Antivirus (20220705)","Dr.Web Security Space (20220705)","ESET Internet Security (20220705)","G DATA INTERNET SECURITY (20220705)","K7 Total Security (20220705)","Kaspersky Internet Security (20220705)","Malwarebytes Premium (20220705)","McAfee Total Protection (20220705)","Norton Security (20220705)","Panda Dome (20220705)","Quick Heal Internet Security (20220705)","Sophos Home Premium (20220705)","SpyHunter5 (20220705)","Total AV Antivirus Pro (20220705)","Trend Micro Internet Security (20220705)","VIPRE Advanced Security (20220705)","VirIT eXplorer PRO (20220705)","Webroot SecureAnywhere (20220705)","Windows Defender (20220705)"],"avAllowList":["Tencent PC Manager (20220705)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.swifturn.com/videoconverter.php","directDownloadingLink":"http://www.swifturn.com/SwifturnFreeVideoConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.swifturn.com/SwifturnFreeVideoConverter.exe","sourceIndex":"1529"}],"sampleFiles":["220628/swifturnfreevideoconverter-220627/10.8.2.4/Samples/SwifturnFreeVideoConverter.exe"],"imageFiles":["220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-047/ACR-047_1.mp4","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-010/ACR-010_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-083/ACR-083_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-084/ACR-084_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-048/ACR-048_Software_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-048/ACR-048_Software_2.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-048/ACR-048_Software_3.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-014/ACR-014_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-014/ACR-014_2.mp4","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-118/ACR-118_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-118/ACR-118_2.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-118/ACR-118_3.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-122/ACR-122_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-075/ACR-075_1.mp4","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-057/ACR-057_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-059/ACR-059_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-071/ACR-071_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-106/ACR-106_1.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220628/swifturnfreevideoconverter-220627/10.8.2.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"ea4ba179-739a-4a49-9d67-045a9ba9f35d_10.8.2.4_1","appID":"swifturnfreevideoconverter-220627","dateAdded":"220628","deceptorType":"App","name":"Swifturn Free Video Converter","company":"Swifturn Software Co., Ltd.","version":"10.8.2.4","lastKnownStatus":"10.8.2.4","lastKnownDate":"220628","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-28T21:54:42.7442417+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1394},{"violations":{"ACR-042":"An additional application is installed without obtaining the consumer's permission through explicit user action.\n","ACR-004":"The app requires subscription and payment to fix the regularly recurring results reported in free scan. The items reported\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Launcher.exe","companyName":"Ascentive LLC","productName":"Launcher","fileVersion":"1.00.0002","hashMD5":"2b28dc835a653a21b0c120715d5b72fb","hashSHA1":"b57d5fba5aaaf6281dd1ef3e36f5dfb3d9792650","hashSHA256":"d66d4a878e32b617bdcde7152042fa4b94c932947dbe49070ce5a2e2af82df1b","digitalCertThumbprint":"767547C4AC1EC3ED062DB4B7C3408F6B33E45647","digitalCertIssuer":"CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=201 Spring Garden St, STREET=Suite 400, L=Philadelphia, S=PA, PostalCode=19123, C=US","sourceIndex":"1530","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCScanAndSweep.exe","companyName":"Ascentive LLC","productName":"PCScanAndSweep","fileVersion":"7.8.3","hashMD5":"f94a67ff2e7dfde96a7493646a7a3acf","hashSHA1":"f57f46d12dbed1d8c5beb5b75e532855794964e0","hashSHA256":"051bb27c602fc73a125eaa6f558ddbcf0c179b67e51897e799ad8d159a39e809","digitalCertThumbprint":"75850F82B1F34BE9B21AB4786E6AA0B818068BA0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=50 S 16TH ST STE 3575, L=Philadelphia, S=PA, PostalCode=19102, C=US","sourceIndex":"1530","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ScanAndSweep_setup.exe","isInstaller":"True","companyName":"Ascentive LLC.","fileVersion":"7.8.3","hashMD5":"601cf24403642f20e585fd30e65223a9","hashSHA1":"5b37a462f1a93c99f88b78ba2d3a9d526ccd8f08","hashSHA256":"e3a50fb3b4a7330f206fe0bbf6d6b06556a0c73afebef9ea93890f29b4250ca7","digitalCertThumbprint":"75850F82B1F34BE9B21AB4786E6AA0B818068BA0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=50 S 16TH ST STE 3575, L=Philadelphia, S=PA, PostalCode=19102, C=US","sourceIndex":"1530","avBlockList":["Avast Premium Security (20220705)","AVG Internet Security (20220705)","Avira Internet Security (20220705)","Bitdefender Internet Security (20220705)","COMODO Antivirus (20220705)","Dr.Web Security Space (20220705)","ESET Internet Security (20220705)","Malwarebytes Premium (20220705)","McAfee Total Protection (20220705)","Norton Security (20220705)","Panda Dome (20220705)","Quick Heal Internet Security (20220705)","SpyHunter5 (20220705)","Total AV Antivirus Pro (20220705)","VIPRE Advanced Security (20220705)","VirIT eXplorer PRO (20220705)","Webroot SecureAnywhere (20220705)","Windows Defender (20220705)"],"avAllowList":["360 Total Security (20220705)","G DATA INTERNET SECURITY (20220705)","K7 Total Security (20220705)","Kaspersky Internet Security (20220705)","Sophos Home Premium (20220705)","Tencent PC Manager (20220705)","Trend Micro Internet Security (20220705)"]}],"additionalFiles":[],"sources":[{"howFound":"google search PC cleaner and booster","reference":"","landingPage":"https://www.ascentive.com/products/scanandsweep/","directDownloadingLink":"http://www.ascentive.com/run/click/ascweb/go/ScanandSweep_download?c1=homepg2_scan_sswp_0829","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ascentive.com/run/click/ascweb/go/ScanandSweep_download?c1=homepg2_scan_sswp_0829","sourceIndex":"1530"}],"sampleFiles":["220628/PCScanandSweep-220624/7.8.3/Samples/Launcher.exe","220628/PCScanandSweep-220624/7.8.3/Samples/PCScanAndSweep.Exe","220628/PCScanandSweep-220624/7.8.3/Samples/ScanAndSweep_setup.exe"],"imageFiles":["220628/PCScanandSweep-220624/7.8.3/Images/ACR-042/ACR-042_UnknownAppInstalled.jpg","220628/PCScanandSweep-220624/7.8.3/Images/ACR-042/ACR-042_UnknownAppInstalled-2.jpg","220628/PCScanandSweep-220624/7.8.3/Images/ACR-042/ACR-042_UnknownAppInstalled-3.jpg","220628/PCScanandSweep-220624/7.8.3/Images/ACR-004/ACR-004_RequiresSubscription.gif","220628/PCScanandSweep-220624/7.8.3/Images/ACR-004/PCScanandSweep_Activate.jpg"],"nonDeceptorImageFiles":[],"guid":"7744d965-1d02-4315-9b8c-cd4a0db435e9_7.8.3_1","appID":"PCScanandSweep-220624","dateAdded":"220628","deceptorType":"App","name":"PC Scan and Sweep","company":"Ascentive LLC","version":"7.8.3","lastKnownStatus":"7.8.3","lastKnownDate":"220628","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2022-06-28T21:52:20.3231997+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1395},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\nThe app does not provide proper control to the \"Minimize\" option as the app moves to the system tray instead of Taskbar.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains its main executable and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"AutoClickerTyperSetup.exe (installer)\" and \"Auto Clicker Typer.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Auto Clicker Typer\\Auto Clicker Typer.exe","companyName":"A Software Plus","productName":"Auto Clicker Typer","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"0d35a8aa62f380644ae01392f76110cd","hashSHA1":"aa66cbb7a0cf549579b68c4a41c1fd92ce9b1523","hashSHA256":"4e6f327ee8a61879678ffa9ba71f3a99309129ffb72b9f8a69f770e7a0f34377","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1528","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AutoClickerTyperSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Auto Clicker Typer                                          ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"b73dd9e0fe2007e8ce70af58fbb398a5","hashSHA1":"c2ba3bb2ba4467729284fb9491231dc89e3299a2","hashSHA256":"6131550624db3541767950ddae6b8f7f2f5f3e61efe4976f9394e0563b5001d0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1528","avBlockList":["360 Total Security (20220705)","Avast Premium Security (20220705)","AVG Internet Security (20220705)","Avira Internet Security (20220705)","Bitdefender Internet Security (20220705)","COMODO Antivirus (20220705)","Dr.Web Security Space (20220705)","ESET Internet Security (20220705)","G DATA INTERNET SECURITY (20220705)","K7 Total Security (20220705)","Kaspersky Internet Security (20220705)","Malwarebytes Premium (20220705)","McAfee Total Protection (20220705)","Norton Security (20220705)","Panda Dome (20220705)","Quick Heal Internet Security (20220705)","Sophos Home Premium (20220705)","SpyHunter5 (20220705)","Total AV Antivirus Pro (20220705)","VIPRE Advanced Security (20220705)","VirIT eXplorer PRO (20220705)","Webroot SecureAnywhere (20220705)","Windows Defender (20220705)"],"avAllowList":["Tencent PC Manager (20220705)","Trend Micro Internet Security (20220705)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.asoftwareplus.com/auto-clicker-typer.html","directDownloadingLink":"https://www.asoftwareplus.com/AutoClickerTyperSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.asoftwareplus.com/AutoClickerTyperSetup.exe","sourceIndex":"1528"}],"sampleFiles":["220628/autoclickertyper-220624/1.0.0.0/Samples/AutoClickerTyperSetup.exe"],"imageFiles":["220628/autoclickertyper-220624/1.0.0.0/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-057/ACR-057_1.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-059/ACR-059_1.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-059/ACR-059_2.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-071/ACR-071_1.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-155/ACR-155_1.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-048/ACR-048_Software_1.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-048/ACR-048_Software_2.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-118/ACR-118_1.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-118/ACR-118_2.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-118/ACR-118_3.JPG"],"nonDeceptorImageFiles":["220628/autoclickertyper-220624/1.0.0.0/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-092/ACR-092_1.JPG","220628/autoclickertyper-220624/1.0.0.0/Images/ACR-092/ACR-092_2.JPG"],"guid":"ef7f0db8-6732-4558-b7a3-3521fd1d3085_1.0.0.0_1","appID":"autoclickertyper-220624","dateAdded":"220628","deceptorType":"App","name":"Auto Clicker Typer","company":"A Software Plus","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"220628","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-28T21:57:33.6262878+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1396},{"violations":{"ACR-004":"The app requires subscription and payment to address the regularly recurring results reported in free scan. \n\n","ACR-017":"Install displays not relevant and not verifiable logo during installation, for example \"Microsoft Partner Gold Application Development\", such logo is issued to software vendor by Microsoft not to application. \n\n"},"nonDeceptorViolations":{"ACR-163":" The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"ACTS-Setup.exe","isInstaller":"True","companyName":"Ascentive Inc.                                              ","productName":"Launcher","fileVersion":"9.1.1.6  ","hashMD5":"385c5ca0773a5f84d3a04d09e703c733","hashSHA1":"f4510ed3ab486f3198751ae7a7c08dd3db0fe1d2","hashSHA256":"cf437cade098702a04f4b0acaf8c841805ae9906d8c2cd48ed1c3fb9cb05c08f","digitalCertThumbprint":"DBAFC47C8922A5EE2DE97B2703B85B79CDF9EB94","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=50 S 16TH ST STE 3575, L=Philadelphia, S=PA, PostalCode=19102, C=US","sourceIndex":"1531","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","Trend Micro Internet Security (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["COMODO Antivirus (20220630)","Tencent PC Manager (20220630)"]},{"isRevoked":"False","fileName":"AS.EXE","companyName":"Ascentive LLC","productName":"ActiveSpeed","fileVersion":"7.07.0009","hashMD5":"a809a07f68f681d5f735fcd55a5e6899","hashSHA1":"59b5b534ac09a21ce8a1d270eeb04ae6d7081128","hashSHA256":"edb3ec204755a0f478a108ef2f3ca134a4a2b5257a8f180b6be468c268afbf0c","digitalCertThumbprint":"DBAFC47C8922A5EE2DE97B2703B85B79CDF9EB94","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=50 S 16TH ST STE 3575, L=Philadelphia, S=PA, PostalCode=19102, C=US","sourceIndex":"1531","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Launcher.exe","companyName":"Ascentive LLC","productName":"Vanilla-Setup    ","fileVersion":"1.00.0004","hashMD5":"8679aa101a70beade78bba483def8092","hashSHA1":"06402a0a0614e2ff06c030d64a5f212ad4b78eb2","hashSHA256":"ef5576d805518d0b0ecfbb5b665d93504f5f71081aa5a197d7ced89535c3847b","digitalCertThumbprint":"DBAFC47C8922A5EE2DE97B2703B85B79CDF9EB94","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=50 S 16TH ST STE 3575, L=Philadelphia, S=PA, PostalCode=19102, C=US","sourceIndex":"1531","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search PC cleaner and booster","reference":"PC Scan and Sweep","landingPage":"http://www.ascentive.com/products/activespeed/","directDownloadingLink":"http://www.ascentive.com/run/click/ascweb/go/ActiveSpeed_download?c1=homepg2_scan_acts_0829","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ascentive.com/run/click/ascweb/go/ActiveSpeed_download?c1=homepg2_scan_acts_0829","sourceIndex":"1531"}],"sampleFiles":["220627/ActiveSpeed-220627/7.07.0009/Samples/ACTS-Setup.exe","220627/ActiveSpeed-220627/7.07.0009/Samples/AS.EXE","220627/ActiveSpeed-220627/7.07.0009/Samples/Launcher.exe"],"imageFiles":["220627/ActiveSpeed-220627/7.07.0009/Images/ACR-017/ACR-017_MSLogoInstall.jpg","220627/ActiveSpeed-220627/7.07.0009/Images/ACR-004/ACR-004.gif"],"nonDeceptorImageFiles":["220627/ActiveSpeed-220627/7.07.0009/Images/ACR-170/ACR-004_170.gif","220627/ActiveSpeed-220627/7.07.0009/Images/ACR-168/ACR-168_CallCenter.jpg","220627/ActiveSpeed-220627/7.07.0009/Images/ACR-163/ACR-168_CallCenter.jpg"],"guid":"246137c8-3ff0-48fa-9cd2-78c8c12830c7_7.07.0009_1","appID":"ActiveSpeed-220627","dateAdded":"220627","deceptorType":"App","name":"Active Speed","company":"Ascentive LLC","version":"7.07.0009","lastKnownStatus":"7.07.0009","lastKnownDate":"220627","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,call center","lastUpdate":"2022-06-28T00:36:27.1649614+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1397},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update, instead there is no newer build, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"The RelevantKnowledge offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeShortcutFix.exe","productName":"    ","fileVersion":"0.0","hashMD5":"4a2bfdaa62977f91c4503410d050b83a","hashSHA1":"a53c69d81ebc490b3f4f83f09dea5e75131d6c2d","hashSHA256":"fb40bc0d9992e2bf5de6737b8554269d4cc56ae621525fc801732105e37abe52","sourceIndex":"1534","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeShortcutFix-setup.exe","isInstaller":"True","companyName":"FreeShortcutFix Co., Ltd.                                   ","productName":"Free Shortcut Fix      ","fileVersion":"0.0","hashMD5":"bfa7eaf4767a977c11da286bedf70b83","hashSHA1":"0650164be9fac6f18ece206de3017646342cf9b3","hashSHA256":"dd965bf78313ec44ac5b2d9e2e532a716241c36d876cb36dfbdea5ad9163f99c","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1534","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["Tencent PC Manager (20220628)","Trend Micro Internet Security (20220628)"]}],"additionalFiles":[],"sources":[{"howFound":"similar sites freedriverbackup","reference":"","landingPage":"https://shortcut-fixer.com/","directDownloadingLink":"http://www.shortcut-fixer.com/FreeShortcutFix.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.shortcut-fixer.com/FreeShortcutFix.exe","sourceIndex":"1534"}],"sampleFiles":["220623/FreeShortcutFix-220622/8.8.1/Samples/FreeShortcutFix.exe","220623/FreeShortcutFix-220622/8.8.1/Samples/FreeShortcutFix-setup.exe"],"imageFiles":["220623/FreeShortcutFix-220622/8.8.1/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-004/ACR-003_004_047_083-RKUpdatePrompt_startup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-004/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-083/ACR-003_004_047_083-RKUpdatePrompt_startup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-083/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-048/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-003/ACR-003_004_047_083-RKUpdatePrompt_startup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-003/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220623/FreeShortcutFix-220622/8.8.1/Images/ACR-065/RelevantKnowledge.jpg","220623/FreeShortcutFix-220622/8.8.1/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"98e2bbc3-8c65-4ae4-984e-f48de8835ba7_8.8.1_1","appID":"FreeShortcutFix-220622","dateAdded":"220623","deceptorType":"App","name":"Free Shortcut Fix     ","company":"FreeShortcutFix, Inc.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220623","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-06-23T18:01:08.6702105+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1399},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update, instead there is no newer build, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"Relevant Knowledge off is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeFileSplitterJoiner2.exe","fileVersion":"0.0","hashMD5":"08b015a33fb45f75e44a42215e43838f","hashSHA1":"3118ab1ac6dc58bf226dee782c3e4feb1926b58a","hashSHA256":"e2329dae8df129ec972f2788647d79df10795ea36de2d3de7f5441e11ff87efc","sourceIndex":"1535","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeFileSplitterJoiner-setup.exe","isInstaller":"True","companyName":"FreeFileSplitterJoiner Co., Ltd.                            ","fileVersion":"0.0","hashMD5":"210bf5f2ce7e9baad606b7ebbcdaff92","hashSHA1":"2668b669953000c24e1196d6dec2111dd993a9e0","hashSHA256":"c660878c37515a65317510109d899dd51e622a8c78423e7493abb6f22def0410","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1535","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","Tencent PC Manager (20220628)","Trend Micro Internet Security (20220628)"]},{"isRevoked":"False","fileName":"FreeFileSplitterJoiner.exe","productName":"Free File Splitter Joiner           ","fileVersion":"0.0","hashMD5":"84de5e1b20782b9e026b65d14f6e2a64","hashSHA1":"8ed147f2c76aaa0f8a4e5cd14b5dd61cc42ff7fb","hashSHA256":"b50476a769285bae189b0eab5bbaa1ead210902bb315f6e225d2344d520bc44e","sourceIndex":"1535","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"similar sites freedriverbackup","reference":"","landingPage":"https://filesplitterjoiner.com/","directDownloadingLink":"http://www.filesplitterjoiner.com/FreeFileSplitterJoiner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.filesplitterjoiner.com/FreeFileSplitterJoiner.exe","sourceIndex":"1535"}],"sampleFiles":["220623/FreeFileSplitterJoiner-220622/8.8.1/Samples/FreeFileSplitterJoiner2.exe","220623/FreeFileSplitterJoiner-220622/8.8.1/Samples/FreeFileSplitterJoiner-setup.exe","220623/FreeFileSplitterJoiner-220622/8.8.1/Samples/FreeFileSplitterJoiner.exe"],"imageFiles":["220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-004/ACR-003_004_047_083_RKUpdatePrompt_startup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-004/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-083/ACR-003_004_047_083_RKUpdatePrompt_startup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-083/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-048/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-003/ACR-003_004_047_083_RKUpdatePrompt_startup.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-118/ACR-118_RetainedComponents.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-071/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220623/FreeFileSplitterJoiner-220622/8.8.1/Images/ACR-065/RelevantKnowledge.jpg"],"guid":"6cee2041-7be1-485e-bac5-d610d6ade5b6_8.8.1_1","appID":"FreeFileSplitterJoiner-220622","dateAdded":"220623","deceptorType":"App","name":"Free File Splitter Joiner","company":"FreeFileSplitterJoiner Co., Ltd.    ","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220623","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-06-23T17:59:14.2348863+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1400},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update, instead there is no newer build, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-119":"At Uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"The Relevant Offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeFileShredder.exe","fileVersion":"0.0","hashMD5":"5ec9688f00cdbb6c3c78a1b26a5a4b18","hashSHA1":"9f4df6bb7bde5b1c0a7d8af89feb0a0e98fe6fb2","hashSHA256":"e504cd15cf16a2c4b7d9e586de3d39d4d67d1bd9f2443041be08d50947f14689","sourceIndex":"1537","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeFileShredder-setup.exe","isInstaller":"True","companyName":"FreeFileShredder Co., Ltd.                                  ","productName":"Free File Shredder          ","fileVersion":"0.0","hashMD5":"b6cd5e45eb90b1e9e17ff96e6a3334e4","hashSHA1":"1a5cb0f2d193b0872b50a668085936231da186ea","hashSHA256":"17d359aa436204011f173bbe3eded7e9cdece13ee84013855eb79e73a1a7c7ff","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1537","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","Trend Micro Internet Security (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","Tencent PC Manager (20220628)"]}],"additionalFiles":[],"sources":[{"howFound":"similar sites FAVSoft and FAEMedia","reference":"","landingPage":"https://file-shredder.net/","directDownloadingLink":"http://www.file-shredder.net/FreeFileShredder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.file-shredder.net/FreeFileShredder.exe","sourceIndex":"1537"}],"sampleFiles":["220623/FreeFileShredder-220623/8.8.1/Samples/FreeFileShredder.exe","220623/FreeFileShredder-220623/8.8.1/Samples/FreeFileShredder-setup.exe"],"imageFiles":["220623/FreeFileShredder-220623/8.8.1/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-004/ACR-003_004_047_083_RKUpdatePrompt.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-004/UpdatePrompt_goup.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-083/ACR-003_004_047_083_RKUpdatePrompt.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-083/UpdatePrompt_goup.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-048/UpdatePrompt_goup.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-003/ACR-003_004_047_083_RKUpdatePrompt.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-003/UpdatePrompt_goup.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-119/RelevantKnowledge.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220623/FreeFileShredder-220623/8.8.1/Images/ACR-065/RelevantKnowledge.jpg","220623/FreeFileShredder-220623/8.8.1/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"c4c3b437-0e58-44f1-bca7-a2c3be83dc96_8.8.1_1","appID":"FreeFileShredder-220623","dateAdded":"220623","deceptorType":"App","name":"Free File Shredder          ","company":"FreeFileShredder Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220623","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-06-23T17:53:04.5108688+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1401},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “rk_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update, instead there is no newer build, it attempts to run the installer and present the declined offers again \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rk_setup.exe” regardless.\n\n","ACR-155":"The Relevant Knowledge offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeEXEDLLResourceExtract.exe","fileVersion":"0.0","hashMD5":"7b8f8e5a855ae3567c61732b4402f5cd","hashSHA1":"57771946f0fce4db221177ea274ddd39eff153c2","hashSHA256":"2b579b5363856f1df7ebb5bb765b54fb71223b22703f63c5070a7a64c02731f3","sourceIndex":"1536","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeEXEDLLResourceExtract2.exe","fileVersion":"0.0","hashMD5":"092ae606f0847edf1215b8223ac238af","hashSHA1":"cc96370aa0a2e0bb84da435a09175a65079ab8c1","hashSHA256":"90dafd8716df635be5c3fd8dba9cfe54febcab2c742b36f33896ea24b104bbd9","sourceIndex":"1536","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeEXEDLLResourceExtract-setup.exe","isInstaller":"True","companyName":"FreeEXEDLLResourceExtract Co., Ltd.                         ","productName":"Free EXE DLL Resource Extract      ","fileVersion":"0.0","hashMD5":"49548a67f6c7de7b73fe0690a6366e5d","hashSHA1":"93dd1ed42eec31f390327be5dc4ce037428af7d7","hashSHA256":"a42140dc80733d5045a7e0a6c4fe185c6845db3480f57e305827e3291fa250b4","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1536","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","Trend Micro Internet Security (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["Tencent PC Manager (20220628)"]}],"additionalFiles":[],"sources":[{"howFound":"similar sites FAVSoft and FAEMedia","reference":"","landingPage":"https://resourceextract.com/","directDownloadingLink":"http://www.resourceextract.com/FreeEXEDLLResourceExtract.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.resourceextract.com/FreeEXEDLLResourceExtract.exe","sourceIndex":"1536"}],"sampleFiles":["220623/FreeEXEDLLResourceExtract-220623/8.8.1/Samples/FreeEXEDLLResourceExtract.exe","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Samples/FreeEXEDLLResourceExtract2.exe","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Samples/FreeEXEDLLResourceExtract-setup.exe"],"imageFiles":["220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-109/ACR-109_039_048-RKSetup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-039/ACR-109_039_048-RKSetup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-048/ACR-109_039_048-RKSetup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-004/ACR-003_004_047_083_RKUpdatePrompt_startup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-004/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-083/ACR-003_004_047_083_RKUpdatePrompt_startup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-083/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-048/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-003/ACR-003_004_047_083_RKUpdatePrompt_startup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-003/ACR-048_RKUpdatePrompt_goup.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-057/RelevantKnowledge.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-059/RelevantKnowledge.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-071/RelevantKnowledge.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-010/RelevantKnowledge.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-065/RelevantKnowledge.jpg","220623/FreeEXEDLLResourceExtract-220623/8.8.1/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"1875c148-05a3-4502-9172-d8f809ce3075_8.8.1_1","appID":"FreeEXEDLLResourceExtract-220623","dateAdded":"220623","deceptorType":"App","name":"Free EXE DLL Resource Extract","company":"FreeEXEDLLResourceExtract Co., Ltd.","version":"8.8.1","lastKnownStatus":"8.8.1","lastKnownDate":"220623","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-06-23T17:57:13.560882+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1402},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"At uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Gold Pack\" highlights \"Free\" misleads user. The functionality requires consumer payment as donation in order to be activated. Otherwise app should remove \"free\" word. \n\n","ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-002":"The App's version is inconsistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1) \n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeEasyDVDCopy_AppInteraction.jpg","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ef4126d59f881b4ace1a5a16bed5b16d39b53ef4de0d52a1f984e070422f9af8","sourceIndex":"1539","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeEasyDVDCopy-setup.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","productName":"Free Easy DVD Copy       ","fileVersion":"0.0","hashMD5":"ef94017383a3b0951bc7c1308e57a9ae","hashSHA1":"74da56a75dea015eb5209271d2fd648555e1e01d","hashSHA256":"346c37124f9cc1a65631c8610c63113016e56ba7c973c24932df6ecb9f3681b1","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1539","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["Tencent PC Manager (20220628)","Trend Micro Internet Security (20220628)"]},{"isRevoked":"False","fileName":"FreeEasyDVDCopy.exe","productName":"Free Easy DVD Copy       ","fileVersion":"1.0","hashMD5":"a9cefb316ac0c2da57081d88b67e843e","hashSHA1":"f64f68df08f14c5029ba55197b3ffdec4cb9218c","hashSHA256":"49b03b416419e4210e58c8398ab01c736200361f176f1d0f3bcd8128dcf43c51","sourceIndex":"1539","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://freeease.net/d-dvdcopy/overview.php","directDownloadingLink":"http://www.freeease.net/FreeEasyDVDCopy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeease.net/FreeEasyDVDCopy.exe","sourceIndex":"1539"}],"sampleFiles":["220623/FreeEasyDVDCopy-220616/8.8.2.4/Samples/FreeEasyDVDCopy-setup.exe","220623/FreeEasyDVDCopy-220616/8.8.2.4/Samples/FreeEasyDVDCopy.exe"],"imageFiles":["220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdatePrompt.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdatePrompt-reconnect.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-004/ACR-003_004_047_083_RKUpdatePrompt.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-004/ACR-003_004_047_083_RKUpdatePrompt-reconnect.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-083/ACR-003_004_047_083_RKUpdatePrompt.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-083/ACR-003_004_047_083_RKUpdatePrompt-reconnect.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-048/ACR_048_RKUpdatePrompt.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-003/ACR-003_004_047_083_RKUpdatePrompt-reconnect.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdatePrompt.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdatePrompt-reconnect.jpg"],"nonDeceptorImageFiles":["220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-002/ACR-002_DifferenAppVersion.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-106/RelevantKnowledge.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-045/ACR-045_InlineOffer.jpg","220623/FreeEasyDVDCopy-220616/8.8.2.4/Images/ACR-065/RelevantKnowledge.jpg"],"guid":"bd786847-a2cf-4b7b-a0ee-901f8a46c4bb_8.8.2.4_1","appID":"FreeEasyDVDCopy-220616","dateAdded":"220623","deceptorType":"App","name":"FreeEasyDVDCopy-220616","company":"Freeease.net","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220623","type":"Windows Executable","category":"SysTools & Utilities, Media editors, Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-23T17:44:06.0666974+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1403},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyVideoDVDCopy.exe","fileVersion":"1.0","hashMD5":"256bc08e4f66bc0c3df0600220853311","hashSHA1":"f08d3a1ed91755b9d58d5a4ffaa9c1cb9e0c1d9e","hashSHA256":"031de687b35b9a0619780172dbd5dced32a1206152865707c8e7db2dfe824020","sourceIndex":"1541","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyVideoDVDCopy-setup.exe","isInstaller":"True","companyName":"FAEMedia Co., Ltd.                                          ","fileVersion":"0.0","hashMD5":"07dd5390be1f0a1cdc26776b2770db2d","hashSHA1":"2b826a3a7c51afea54da898ece415769df915999","hashSHA256":"c0697208125989e3f2006c51004ef96c5f3b0b24d707be6fab6cacae13a0a889","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1541","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["Tencent PC Manager (20220628)","Trend Micro Internet Security (20220628)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://free-audio-editor.com/easyvideodvdcopy/","directDownloadingLink":"https://free-audio-editor.com/EasyVideoDVDCopy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyVideoDVDCopy.exe","sourceIndex":"1541"}],"sampleFiles":["220623/EasyVideoDVDCopy-220617/10.1.2.5/Samples/EasyVideoDVDCopy.exe","220623/EasyVideoDVDCopy-220617/10.1.2.5/Samples/EasyVideoDVDCopy-setup.exe"],"imageFiles":["220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-004/ACR-048_RKUpdate.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-004/RKUpdatePrompt.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-048/ACR-048_RKUpdate.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-003/ACR-048_RKUpdate.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-003/RKUpdatePrompt.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-118/ACR-118_RetainedComponents.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-065/RelevantKnowledge.jpg","220623/EasyVideoDVDCopy-220617/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"376cd24e-d738-4003-a1cb-c5aa5079d4a8_10.1.2.5_1","appID":"EasyVideoDVDCopy-220617","dateAdded":"220623","deceptorType":"App","name":"Easy Video DVD Copy","company":"FAEMedia Co., Ltd.","version":"10.1.2.5","lastKnownStatus":"10.1.2.5","lastKnownDate":"220623","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-23T17:37:28.1062178+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1404},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyBurningStudio.exe","fileVersion":"0.0","hashMD5":"6ffe7af91717359fbf5b4e102f0e21e9","hashSHA1":"f887e4167e8daad747f40fabe5ffdab7f680f558","hashSHA256":"ed90d2a963d7fda1370bac16c3da8cd726338df7781f6ca709aa5be7455ccfd6","sourceIndex":"1538","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyBurningStudio-setup.exe","isInstaller":"True","companyName":"FAEMedia Co., Ltd.                                          ","productName":"Easy Burning Studio","fileVersion":"0.0","hashMD5":"9a7974b32b0ceafd0a92c646c73c7fa1","hashSHA1":"f480d281a642e851881b5eda199f7b3a5dc446ac","hashSHA256":"0ef8d86bb35786b3ee104ae728fe084e3fa9c9b5b15572fc78e887685712f9b1","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1538","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["Tencent PC Manager (20220628)","Trend Micro Internet Security (20220628)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://free-audio-editor.com/easyburningstudio/","directDownloadingLink":"https://free-audio-editor.com/EasyBurningStudio.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyBurningStudio.exe","sourceIndex":"1538"}],"sampleFiles":["220623/EasyBurningStudio-220617/10.1.2.5/Samples/EasyBurningStudio.exe","220623/EasyBurningStudio-220617/10.1.2.5/Samples/EasyBurningStudio-setup.exe"],"imageFiles":["220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-004/ACR-003_004_047_083.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-004/ACR-048_RKUpdatePrompt.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-048/ACR-048_RKUpdatePrompt.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-003/ACR-003_004_047_083.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-003/ACR-048_RKUpdatePrompt.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-118/ACR-118_RetainedComponents.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-065/RelevantKnowledge.jpg","220623/EasyBurningStudio-220617/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"b8961e94-777a-4cf5-96d4-363e32715437_10.1.2.5_1","appID":"EasyBurningStudio-220617","dateAdded":"220623","deceptorType":"App","name":"Easy Burning Studio","company":"FAEMedia Co., Ltd.","version":"10.1.2.5","lastKnownStatus":"10.1.2.5","lastKnownDate":"220623","type":"Windows Executable","category":"SysTools & Utilities, Media editors","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-23T17:50:22.0191305+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1405},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"EasyAudioExtractor.exe","fileVersion":"0.0","hashMD5":"b117ed16e172d33e687b5d6269f445ae","hashSHA1":"dece43b1d1207303909a20a8ec133ca6891a2bc1","hashSHA256":"58ece159b7bda81662daa116373f3cebca7ed0505b7b8abf949fb865964a5c84","sourceIndex":"1540","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyAudioExtractor-setup.exe","isInstaller":"True","companyName":"FAEMedia Co., Ltd.                                          ","fileVersion":"0.0","hashMD5":"397a5f14e7f433dd57537dcab6cb5648","hashSHA1":"083e9ff5f1e44a48bf133ba91c123369ccbc4511","hashSHA256":"c369649ae6fe39527bdfac6e24228072939438e3da89856e01b61cd02ec5b3b8","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1540","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["Tencent PC Manager (20220628)","Trend Micro Internet Security (20220628)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://free-audio-editor.com/easyaudioextractor/","directDownloadingLink":"https://free-audio-editor.com/EasyAudioExtractor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/EasyAudioExtractor.exe","sourceIndex":"1540"}],"sampleFiles":["220623/EasyAudioExtractor-220617/10.1.2.5/Samples/EasyAudioExtractor.exe","220623/EasyAudioExtractor-220617/10.1.2.5/Samples/EasyAudioExtractor-setup.exe"],"imageFiles":["220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-004/ACR-048_RKUpdate.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-004/RKUpdatePrompt.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-048/ACR-048_RKUpdate.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-003/ACR-048_RKUpdate.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-003/RKUpdatePrompt.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-118/ACR-118_RetainedComponents.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220623/EasyAudioExtractor-220617/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"a410b8f6-9450-491b-9360-6bb8beb6d052_10.1.2.5_1","appID":"EasyAudioExtractor-220617","dateAdded":"220623","deceptorType":"App","name":"Easy Audio Extractor","company":"FAEMedia Co., Ltd.","version":"10.1.2.5","lastKnownStatus":"10.1.2.5","lastKnownDate":"220623","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-23T17:40:42.7440284+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1406},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation process.\nThe app does not provide any control to enable/disable the scheduled tasks, and notifications that appear while minimizing the app and removing the background process completely within the app's settings.\n","ACR-010":"The app offers the \"AlleyCat Junk Remover\" and \"PC SpeedCat\" apps are deceptor app. \n\n","ACR-017":"Unable to verify third-party endorsement shown during installation.\nUnable to verify third-party endorsement shown inside software.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent and the app runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without notifying user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SpeedCat\\RocketCat\\RocketCat.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"12956aa41e6b5cc83d3c40abb92b4470","hashSHA1":"2a8c0a74b5e00d68eb715a7d7c68471c9e050ca6","hashSHA256":"ed0190e1d319400eed117a053482efafb09e47b52016d1e47b91dbda0e29036d","digitalCertThumbprint":"EA0975B10DC232195CD33400A6721BEDE68F5489","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SpeedCat LLC","storeId":"","sourceIndex":"1542","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rocketcat.setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"IT-Setup                                                    ","productVersion":"11.2.1                                            ","fileVersion":"11.2.1              ","hashMD5":"92f23b45dd7616debb0d64dba57f66d7","hashSHA1":"451c2e93ff8fb44660f422cdc064679295f5bece","hashSHA256":"ab5be8558cb4ad30113ff07aaa50e21d9ed8a1d08aa8748b8fc789b9c4b6dbd6","digitalCertThumbprint":"EA0975B10DC232195CD33400A6721BEDE68F5489","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SpeedCat LLC","storeId":"","sourceIndex":"1542","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","Trend Micro Internet Security (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Windows Defender (20220628)"],"avAllowList":["Bitdefender Internet Security (20220628)","COMODO Antivirus (20220628)","K7 Total Security (20220628)","Tencent PC Manager (20220628)","Webroot SecureAnywhere (20220628)"]}],"additionalFiles":[],"sources":[{"howFound":"Other products of SpeedCat","reference":"","landingPage":"http://www.pcspeedcat.com/run/click/@363241428077/global/software/rcat_fix-errors.html?lang=EN&pi=%2Fsoftware18a%2Fgo%2Fsman&theme=&plan1id=&orderpackage1id=&plan1c=&upsell_code=&popuppage=&display=&referredby=@363241428077&c1=EN_AC_AboutDialog_RC&loadlink=&test=&product=rocketcat&upsell=rocketcat-2yr&upsell2=&op2red=No&vc=EC2&vc_custom=&ud=Yes&ds=Custom&ds_custom=sman_sw18&c1=EN_AC_AboutDialog_RC&canonical_url=&gcountry=IN&protocol=https_chrome_only","directDownloadingLink":"https://vold.pcspeedcat.com/setupit/sman_sw18/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vold.pcspeedcat.com/setupit/sman_sw18/download","sourceIndex":"1542"}],"sampleFiles":["220623/rocketcat-220623/2.1.5/Samples/rocketcat.setup.exe"],"imageFiles":["220623/rocketcat-220623/2.1.5/Images/ACR-048/ACR-048_Install_1.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-017/ACR-017_Install_1.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-084/ACR-084.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-084/ACR-084_1.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-048/ACR-048_1.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-048/ACR-048_2.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-048/ACR-048_3.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-048/ACR-048.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-017/ACR-017_Software_1.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-118/ACR-118_1.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-118/ACR-118_2.JPG","220623/rocketcat-220623/2.1.5/Images/ACR-010/ACR-010_In-BundleOffers_1.JPG"],"nonDeceptorImageFiles":[],"guid":"c502a260-3113-4b18-8a7b-fa61a0a934d8_2.1.5_1","appID":"rocketcat-220623","dateAdded":"220623","deceptorType":"App","name":"RocketCAT","company":"SpeedCat","version":"2.1.5","lastKnownStatus":"2.1.5","lastKnownDate":"220623","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-23T17:33:01.2509991+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1398},{"violations":{"ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"http://www.freeease.net","ipv4":"","ipv6":"","sourceIndex":"1545"}],"sampleFiles":[],"imageFiles":["220622/FreeEaseSoft-220616/220616/Images/ACR-010/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":[],"guid":"0d0ea08b-e3e2-4925-b50a-1f868af27b18_220616_1","appID":"FreeEaseSoft-220616","dateAdded":"220622","deceptorType":"Affiliate","name":"freeease.net","company":"http://www.freeease.net","version":"220616","lastKnownStatus":"220622","lastKnownDate":"220622","type":"Affiliate","category":"Media editors, Media players, SysTools & Utilities","targetOS":"","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-22T22:58:09.603142+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1408},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n\nThe App presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeEasy3GPVideoConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"04eae83d4a1b03528bd38e0d017d8f8c","hashSHA1":"5e8d3f99adeb0729e0b282195f91621160937dd9","hashSHA256":"4dcbf4359e1fc7a0298a74811fd20be22ac0a54141d715bfdb04115544aed5b8","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)","Trend Micro Internet Security (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyAudioEditor.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"6772b3119201653326ae5b2b8fefd2d9","hashSHA1":"c82efae5c3bbf95d1c84b43616e4b08f0a19f3f5","hashSHA256":"a8de911d25326833744b49129c8ddbcf94e8570d953e91e67cb2160e863eb183","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","Trend Micro Internet Security (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyAudioRecorder.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"4df38c88ae73fed51f18481e3e642e10","hashSHA1":"fc908c347b8e73cab5107df147cfb6e281d68c67","hashSHA256":"734ac5e5be9fcf07d014c1ef486bf3bd2e2caff344dd03f788b9820c3b1ee092","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)","Trend Micro Internet Security (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyAVIWMVMP4MPEGDIVXConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"6333f623475a2f7c95c9cc20030779d8","hashSHA1":"ee1b3fb61201dc0daca787ef44216c5c7840d7e9","hashSHA256":"62ed9eef539b98a33eccf70bf2c4940957ca9f0c250c5cd19c820a0390640f64","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)","Trend Micro Internet Security (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyCDBurnerRipper.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"ade544350e1e83984b1d9a571650c6a2","hashSHA1":"f66acb4b0e75eb54a8192c4fc1417ff25fad3f1e","hashSHA256":"45e8962a97fe06eeb230d30872a8cd784872caa16a0970f1e03f6232914b81b4","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","Trend Micro Internet Security (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyDVDCopy.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"ef94017383a3b0951bc7c1308e57a9ae","hashSHA1":"74da56a75dea015eb5209271d2fd648555e1e01d","hashSHA256":"346c37124f9cc1a65631c8610c63113016e56ba7c973c24932df6ecb9f3681b1","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","COMODO Antivirus (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","K7 Total Security (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["Tencent PC Manager (20220628)","Trend Micro Internet Security (20220628)"]},{"isRevoked":"False","fileName":"FreeEasyDVDCreator.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"744a4409eb9c3774e10db2b4776f267d","hashSHA1":"f254ab2a39a9f75364dfe896ecabdc1b3d2353fd","hashSHA256":"0b036170c44ffaabc1793903af6e8e955ba16f2cd62427cd08b31208e7e360b6","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","Trend Micro Internet Security (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyFLACtoMP3Converter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"6174cb428fc1fd279803720622d6a8b3","hashSHA1":"a9c7dd917fd4f9b24ed46736358c224156536ab0","hashSHA256":"45120874934e577892c1734e1e0f9edbd2a7ae4ce6704398702775ec83cf9336","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","Trend Micro Internet Security (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyFLVConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"ab4cd5370b00acac0e13e4c1a5c86c17","hashSHA1":"cd86d34ebb2cec276e04e108a71d96ce9c42b70f","hashSHA256":"58cc383b03df3e123f1c8d4096d433c8f89797d21a1a421c47ba47c0b33bb495","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)","Trend Micro Internet Security (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyHDVideoConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"cedc1461cf5b578fbc5310f8123266cf","hashSHA1":"73a9c2f6eb5f920a218d07176d9a3e5f91376458","hashSHA256":"4d16724a26db840763bb673f6ac7c425e9285380898a2ed95a7304fe0a4184d4","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220630)","Avast Premium Security (20220630)","AVG Internet Security (20220630)","Avira Internet Security (20220630)","Bitdefender Internet Security (20220630)","COMODO Antivirus (20220630)","Dr.Web Security Space (20220630)","ESET Internet Security (20220630)","G DATA INTERNET SECURITY (20220630)","K7 Total Security (20220630)","Kaspersky Internet Security (20220630)","Malwarebytes Premium (20220630)","McAfee Total Protection (20220630)","Norton Security (20220630)","Panda Dome (20220630)","Quick Heal Internet Security (20220630)","Sophos Home Premium (20220630)","SpyHunter5 (20220630)","Total AV Antivirus Pro (20220630)","VIPRE Advanced Security (20220630)","VirIT eXplorer PRO (20220630)","Webroot SecureAnywhere (20220630)","Windows Defender (20220630)"],"avAllowList":["Tencent PC Manager (20220630)","Trend Micro Internet Security (20220630)"]},{"isRevoked":"False","fileName":"FreeEasyiPodiPadiPhonePSPConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"b7b79f7118c97ad389662aebfd070b1a","hashSHA1":"a52543653bfdcc69448f56be027e5174d4aa3248","hashSHA256":"c953289f4093ac6d929f0f941abdf7cf5b996931a6e7d88604e4e6ea07640cd9","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220705)","Avast Premium Security (20220705)","AVG Internet Security (20220705)","Avira Internet Security (20220705)","Bitdefender Internet Security (20220705)","COMODO Antivirus (20220705)","Dr.Web Security Space (20220705)","ESET Internet Security (20220705)","G DATA INTERNET SECURITY (20220705)","K7 Total Security (20220705)","Kaspersky Internet Security (20220705)","Malwarebytes Premium (20220705)","McAfee Total Protection (20220705)","Norton Security (20220705)","Panda Dome (20220705)","Quick Heal Internet Security (20220705)","Sophos Home Premium (20220705)","SpyHunter5 (20220705)","Total AV Antivirus Pro (20220705)","VIPRE Advanced Security (20220705)","VirIT eXplorer PRO (20220705)","Webroot SecureAnywhere (20220705)","Windows Defender (20220705)"],"avAllowList":["Tencent PC Manager (20220705)","Trend Micro Internet Security (20220705)"]},{"isRevoked":"False","fileName":"FreeEasyISOMakerBurner.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"f70a7652c5417ebbc22a61b074045d4b","hashSHA1":"e2c1284f6c47354486369fa1d681391201798ca4","hashSHA256":"0352b3b938c0f092756c4f999f26aed3631de3b9a79b39fb63f5f7fb69cbebbd","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220705)","Avast Premium Security (20220705)","AVG Internet Security (20220705)","Avira Internet Security (20220705)","Bitdefender Internet Security (20220705)","COMODO Antivirus (20220705)","Dr.Web Security Space (20220705)","ESET Internet Security (20220705)","G DATA INTERNET SECURITY (20220705)","K7 Total Security (20220705)","Kaspersky Internet Security (20220705)","Malwarebytes Premium (20220705)","McAfee Total Protection (20220705)","Norton Security (20220705)","Panda Dome (20220705)","Sophos Home Premium (20220705)","SpyHunter5 (20220705)","Total AV Antivirus Pro (20220705)","Trend Micro Internet Security (20220705)","VIPRE Advanced Security (20220705)","VirIT eXplorer PRO (20220705)","Webroot SecureAnywhere (20220705)","Windows Defender (20220705)"],"avAllowList":["Quick Heal Internet Security (20220705)","Tencent PC Manager (20220705)"]},{"isRevoked":"False","fileName":"FreeEasyJPGtoPDFConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"f8e0e847294856f4b0c6d76709c5a408","hashSHA1":"faaf5f7bc1eeed31424ba72c21a72769159aecbd","hashSHA256":"23f5a048e6514e749f8f63deaf5b9c2388177ce86e101422e81a8b7d08562f06","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","Trend Micro Internet Security (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Quick Heal Internet Security (20220707)","Tencent PC Manager (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyM4AtoMP3Converter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"4aeb6041579cb136f82bda98414915aa","hashSHA1":"8647adddbebc2286d7dd8e1b1484e7ccb6451fd6","hashSHA256":"2be96677bf9dd0e3ec3ce99f1cbafadde228dd78d98a199ada3c89811f38edbf","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","Trend Micro Internet Security (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Quick Heal Internet Security (20220707)","Tencent PC Manager (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyMP3Joiner.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"c3ccfeb51122054bc906b4950e2e255a","hashSHA1":"2098a8a23345571edfe37f252790c826ec892d99","hashSHA256":"3be58811b4716db70017e212db8f09ffb01605ddc40032d0a87d15ea6e93a03c","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","Trend Micro Internet Security (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Quick Heal Internet Security (20220707)","Tencent PC Manager (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyMP3WMAWAVConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"7bb7aa120b236ffacd28102478938651","hashSHA1":"edffba6383190c8d41d5ec281ee7f7433f19f240","hashSHA256":"b5feb661fb568040e1fad29a64667584316e56ca04264bfb74bd218a2141c7eb","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Quick Heal Internet Security (20220707)","Tencent PC Manager (20220707)","Trend Micro Internet Security (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyMP4toAVIConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"377f345d969d2b679146e5ad0dfc533d","hashSHA1":"b9b0c44997b5e5364f565f379e4602fa02f5de30","hashSHA256":"f18eff275bf29135091a3b78ec83761aa210d1f5dd4736e063aba7b502ecfed6","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Quick Heal Internet Security (20220707)","Tencent PC Manager (20220707)","Trend Micro Internet Security (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyMP4VideoConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"d189f80611b2241ef82ed1d19c93afe2","hashSHA1":"a9a55209de554b240694f11650d12cdfff13d311","hashSHA256":"93026b06c138369fcab491239deda204759fab6ba78b30c8cbb4fe7215223cea","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Quick Heal Internet Security (20220707)","Tencent PC Manager (20220707)","Trend Micro Internet Security (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyOCR.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"62df0fcbbe991d688bdedf33ab672b80","hashSHA1":"46fe23e5ec9bd30ac29f83836b463c8ff4502662","hashSHA256":"8e3688d4606848f56dad6da08133758d33aa05a677e6dd27486c6fd366f4a64f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["360 Total Security (20220707)","Quick Heal Internet Security (20220707)","Tencent PC Manager (20220707)","Trend Micro Internet Security (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyPDFConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"a8cc7dc89dc836af5b338f27e8dd2124","hashSHA1":"881b485e1503899c9df8b1f35ee001e83291558e","hashSHA256":"e8d21a3ad372b6c7be87f4a195bb61785a2e210151504212afc0eef4e8202d6c","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","Trend Micro Internet Security (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Quick Heal Internet Security (20220707)","Tencent PC Manager (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyPDFMergerSplitter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"9e85abfa55f17af4985acd19b6bd674c","hashSHA1":"10295b6c02803b4e33dc9fcaa21655443000b6cb","hashSHA256":"fd890a77760c8860ae0587780b91fbf388c4dde9f0e75ce7de5ba42e3c6fde13","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220707)","Avast Premium Security (20220707)","AVG Internet Security (20220707)","Avira Internet Security (20220707)","Bitdefender Internet Security (20220707)","COMODO Antivirus (20220707)","Dr.Web Security Space (20220707)","ESET Internet Security (20220707)","G DATA INTERNET SECURITY (20220707)","K7 Total Security (20220707)","Kaspersky Internet Security (20220707)","Malwarebytes Premium (20220707)","McAfee Total Protection (20220707)","Norton Security (20220707)","Panda Dome (20220707)","Quick Heal Internet Security (20220707)","Sophos Home Premium (20220707)","SpyHunter5 (20220707)","Total AV Antivirus Pro (20220707)","Trend Micro Internet Security (20220707)","VIPRE Advanced Security (20220707)","VirIT eXplorer PRO (20220707)","Webroot SecureAnywhere (20220707)","Windows Defender (20220707)"],"avAllowList":["Tencent PC Manager (20220707)"]},{"isRevoked":"False","fileName":"FreeEasyPDFtoJPGPNGTIFConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"592ecc52eae272ab3386c812ee6f46a0","hashSHA1":"9617f7c77e2992ddd9e61a3b077c9b2070520a63","hashSHA256":"0e3c257d6b3210bbdc334a326acf60cbfcc6cb3d83067b7248b8d6315c3fdbad","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220714)","Avast Premium Security (20220714)","AVG Internet Security (20220714)","Avira Internet Security (20220714)","Bitdefender Internet Security (20220714)","COMODO Antivirus (20220714)","Dr.Web Security Space (20220714)","ESET Internet Security (20220714)","G DATA INTERNET SECURITY (20220714)","K7 Total Security (20220714)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20220714)","McAfee Total Protection (20220714)","Norton Security (20220714)","Panda Dome (20220714)","Quick Heal Internet Security (20220714)","Sophos Home Premium (20220714)","SpyHunter5 (20220714)","Total AV Antivirus Pro (20220714)","Trend Micro Internet Security (20220714)","VIPRE Advanced Security (20220714)","VirIT eXplorer PRO (20220714)","Webroot SecureAnywhere (20220714)","Windows Defender (20220714)"],"avAllowList":["Tencent PC Manager (20220714)"]},{"isRevoked":"False","fileName":"FreeEasyPDFtoWordConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"9c1d9c2a7e60c5a645f1f06cb305dcfd","hashSHA1":"2577bab858a7979de3ffef7a68c14c865098d822","hashSHA256":"dc7080f598789fbd071e9c3954c642a08a7b422adfe569bbf87430d0eece25e5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220714)","Avast Premium Security (20220714)","AVG Internet Security (20220714)","Avira Internet Security (20220714)","Bitdefender Internet Security (20220714)","COMODO Antivirus (20220714)","Dr.Web Security Space (20220714)","ESET Internet Security (20220714)","G DATA INTERNET SECURITY (20220714)","K7 Total Security (20220714)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20220714)","McAfee Total Protection (20220714)","Norton Security (20220714)","Panda Dome (20220714)","Quick Heal Internet Security (20220714)","Sophos Home Premium (20220714)","SpyHunter5 (20220714)","Total AV Antivirus Pro (20220714)","Trend Micro Internet Security (20220714)","VIPRE Advanced Security (20220714)","VirIT eXplorer PRO (20220714)","Webroot SecureAnywhere (20220714)","Windows Defender (20220714)"],"avAllowList":["Tencent PC Manager (20220714)"]},{"isRevoked":"False","fileName":"FreeEasyRingtoneMaker.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"fdef21bde708fafbae5fc94d20d55fcf","hashSHA1":"76233da59cbb24cec83ee8207896d1870cbd26cb","hashSHA256":"e586f856b019273cb4028f160dca1ba38652201667546bead38a324cc77781d9","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220714)","Avast Premium Security (20220714)","AVG Internet Security (20220714)","Avira Internet Security (20220714)","Bitdefender Internet Security (20220714)","COMODO Antivirus (20220714)","Dr.Web Security Space (20220714)","ESET Internet Security (20220714)","G DATA INTERNET SECURITY (20220714)","K7 Total Security (20220714)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20220714)","McAfee Total Protection (20220714)","Norton Security (20220714)","Panda Dome (20220714)","Quick Heal Internet Security (20220714)","Sophos Home Premium (20220714)","SpyHunter5 (20220714)","Total AV Antivirus Pro (20220714)","Trend Micro Internet Security (20220714)","VIPRE Advanced Security (20220714)","VirIT eXplorer PRO (20220714)","Webroot SecureAnywhere (20220714)","Windows Defender (20220714)"],"avAllowList":["Tencent PC Manager (20220714)"]},{"isRevoked":"False","fileName":"FreeEasyScantoPDF.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"1c19ebbeef3ae39aae9909c48c41c801","hashSHA1":"45238bcc9b7921e2db9a7ed0c79e0d9c159d1bb2","hashSHA256":"4f1b605845747f14d632575657ac237945621e5fab30451c6d61568b7077884f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","Trend Micro Internet Security (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220714)"]},{"isRevoked":"False","fileName":"FreeEasySlideshowMaker.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"057a5cbca312e286aaf21c07bc646bea","hashSHA1":"5a52700d98a5ab8eafdfbb6fc2e63e09381d4254","hashSHA256":"acc88c60c32fdb592483e41d1fad3469f9b600aef44d35b05e6e28c5312d9946","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220714)","Avast Premium Security (20220714)","AVG Internet Security (20220714)","Avira Internet Security (20220714)","Bitdefender Internet Security (20220714)","COMODO Antivirus (20220714)","Dr.Web Security Space (20220714)","ESET Internet Security (20220714)","G DATA INTERNET SECURITY (20220714)","K7 Total Security (20220714)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20220714)","McAfee Total Protection (20220714)","Norton Security (20220714)","Panda Dome (20220714)","Quick Heal Internet Security (20220714)","Sophos Home Premium (20220714)","SpyHunter5 (20220714)","Total AV Antivirus Pro (20220714)","Trend Micro Internet Security (20220714)","VIPRE Advanced Security (20220714)","VirIT eXplorer PRO (20220714)","Webroot SecureAnywhere (20220714)","Windows Defender (20220714)"],"avAllowList":["Tencent PC Manager (20220714)"]},{"isRevoked":"False","fileName":"FreeEasyVideoJoiner.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"d9641bc6228abde132f7245c869cc4eb","hashSHA1":"7279823db8a91955b51b66a6cb212da819558538","hashSHA256":"e1127babd7dd073e90188092665d4487c0d122c5512d5159174f2150ad6efe6c","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220714)","Avast Premium Security (20220714)","AVG Internet Security (20220714)","Avira Internet Security (20220714)","Bitdefender Internet Security (20220714)","COMODO Antivirus (20220714)","Dr.Web Security Space (20220714)","ESET Internet Security (20220714)","G DATA INTERNET SECURITY (20220714)","K7 Total Security (20220714)","Kaspersky Internet Security (20220714)","Malwarebytes Premium (20220714)","McAfee Total Protection (20220714)","Norton Security (20220714)","Panda Dome (20220714)","Sophos Home Premium (20220714)","SpyHunter5 (20220714)","Total AV Antivirus Pro (20220714)","VIPRE Advanced Security (20220714)","VirIT eXplorer PRO (20220714)","Webroot SecureAnywhere (20220714)","Windows Defender (20220714)"],"avAllowList":["Quick Heal Internet Security (20220714)","Tencent PC Manager (20220714)","Trend Micro Internet Security (20220714)"]},{"isRevoked":"False","fileName":"FreeEasyVideotoAndroidConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"51205e5047523327903e40900b91c28d","hashSHA1":"de5ad8023d7cd3fbc5710a75e52a41df1f5f089d","hashSHA256":"57a93e8b8243d871f48b0669550ef7eeaa14b346918a546addd79fa9dd5c3210","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220719)","Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Bitdefender Internet Security (20220719)","COMODO Antivirus (20220719)","Dr.Web Security Space (20220719)","ESET Internet Security (20220719)","G DATA INTERNET SECURITY (20220719)","K7 Total Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","McAfee Total Protection (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Quick Heal Internet Security (20220719)","Sophos Home Premium (20220719)","SpyHunter5 (20220719)","Total AV Antivirus Pro (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)","Webroot SecureAnywhere (20220719)","Windows Defender (20220719)"],"avAllowList":["Tencent PC Manager (20220719)","Trend Micro Internet Security (20220719)"]},{"isRevoked":"False","fileName":"FreeEasyVideotoGIFConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"98c3104b00d7a6d0b9964db9943dee3a","hashSHA1":"dd25737ad58c69b9a3922f9cef29bce666aa579c","hashSHA256":"33663fd58f90f5b1e32a91bff1dcd84cf335bb2ea4a6b0e691b6ccd665f35c16","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220719)","Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Bitdefender Internet Security (20220719)","COMODO Antivirus (20220719)","Dr.Web Security Space (20220719)","ESET Internet Security (20220719)","G DATA INTERNET SECURITY (20220719)","K7 Total Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","McAfee Total Protection (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Quick Heal Internet Security (20220719)","Sophos Home Premium (20220719)","SpyHunter5 (20220719)","Total AV Antivirus Pro (20220719)","Trend Micro Internet Security (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)","Webroot SecureAnywhere (20220719)","Windows Defender (20220719)"],"avAllowList":["Tencent PC Manager (20220719)"]},{"isRevoked":"False","fileName":"FreeEasyVideotoMP3Converter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"a9baa39f1a23e25162f228ed4c712ad7","hashSHA1":"7cf3836d61c5028c7d0cf5802fdbf4bd24a68d06","hashSHA256":"f0dd90c8b098f13660167b1b241bdc0f09003ce0af2eea941b0486ec84e34a4c","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220719)","Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Bitdefender Internet Security (20220719)","COMODO Antivirus (20220719)","Dr.Web Security Space (20220719)","ESET Internet Security (20220719)","G DATA INTERNET SECURITY (20220719)","K7 Total Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","McAfee Total Protection (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Quick Heal Internet Security (20220719)","Sophos Home Premium (20220719)","SpyHunter5 (20220719)","Total AV Antivirus Pro (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)","Webroot SecureAnywhere (20220719)","Windows Defender (20220719)"],"avAllowList":["Tencent PC Manager (20220719)","Trend Micro Internet Security (20220719)"]},{"isRevoked":"False","fileName":"FreeEasyWebMtoMP4Converterr.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"163c8688978ca9f542f6eec6697d9773","hashSHA1":"fbf22e4ec4d5ada1af0ac61bcc1d871505329dc7","hashSHA256":"413f355022ac1995fc7fd910ad0033f49e56c3d48d161dd645f0287f4eb531fd","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["Avast Premium Security (20220719)","AVG Internet Security (20220719)","Avira Internet Security (20220719)","Bitdefender Internet Security (20220719)","COMODO Antivirus (20220719)","Dr.Web Security Space (20220719)","ESET Internet Security (20220719)","G DATA INTERNET SECURITY (20220719)","K7 Total Security (20220719)","Kaspersky Internet Security (20220719)","Malwarebytes Premium (20220719)","McAfee Total Protection (20220719)","Norton Security (20220719)","Panda Dome (20220719)","Sophos Home Premium (20220719)","SpyHunter5 (20220719)","Total AV Antivirus Pro (20220719)","VIPRE Advanced Security (20220719)","VirIT eXplorer PRO (20220719)","Webroot SecureAnywhere (20220719)","Windows Defender (20220719)"],"avAllowList":["360 Total Security (20220719)","Quick Heal Internet Security (20220719)","Tencent PC Manager (20220719)","Trend Micro Internet Security (20220719)"]},{"isRevoked":"False","fileName":"FreeEasyWMAtoMP3Converter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"1587583e8663fcdf6e9bf138dc49caa3","hashSHA1":"ac72d4669066483cb29fa9104b840d8fb6b5ac3c","hashSHA256":"ee46888e2ef256979c63fde56d7cec49ba680722bc840798118724eeaa79e1ee","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220721)","Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","COMODO Antivirus (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["Tencent PC Manager (20220721)","Trend Micro Internet Security (20220721)"]},{"isRevoked":"False","fileName":"FreeEasyYouTubeConverter.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"104296cd7dd2b522f714fa44b328e3b6","hashSHA1":"b4a784efa074eefa318317d63bb09d2263d85ea6","hashSHA256":"3b0c94643957b3b735e51b9c462c82f4e203a8dbf1932cb33bb5fc77f464f012","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220721)","Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","COMODO Antivirus (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["Tencent PC Manager (20220721)","Trend Micro Internet Security (20220721)"]},{"isRevoked":"False","fileName":"FreeEasyYouTubeDownloader.exe","isInstaller":"True","companyName":"Freeease.net.                                               ","fileVersion":"0.0","hashMD5":"eb64cdc958eda9685bb18a592c6e0388","hashSHA1":"28c56efb708c82b31774fa922249932a65740e57","hashSHA256":"ad0e9ba580b0f4d957f60edee51d041f646e1901a3a3e6790efa1a8c03e718f5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1546","avBlockList":["360 Total Security (20220721)","Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","COMODO Antivirus (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["Tencent PC Manager (20220721)","Trend Micro Internet Security (20220721)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://www.freeease.net","directDownloadingLink":"https://www.freeease.net/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freeease.net/","sourceIndex":"1546"}],"sampleFiles":["220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasy3GPVideoConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyAudioEditor.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyAudioRecorder.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyAVIWMVMP4MPEGDIVXConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyCDBurnerRipper.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyDVDCopy.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyDVDCreator.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyFLACtoMP3Converter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyFLVConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyHDVideoConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyiPodiPadiPhonePSPConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyISOMakerBurner.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyJPGtoPDFConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyM4AtoMP3Converter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyMP3Joiner.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyMP3WMAWAVConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyMP4toAVIConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyMP4VideoConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyOCR.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyPDFConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyPDFMergerSplitter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyPDFtoJPGPNGTIFConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyPDFtoWordConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyRingtoneMaker.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyScantoPDF.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasySlideshowMaker.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyVideoJoiner.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyVideotoAndroidConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyVideotoGIFConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyVideotoMP3Converter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyWebMtoMP4Converterr.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyWMAtoMP3Converter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyYouTubeConverter.exe","220622/FreeEaseSoftBundle-220616/8.8.2.4/Samples/FreeEasyYouTubeDownloader.exe"],"imageFiles":["220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-047/ACR-047_003_RKUpdateprompt.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-004/ACR-047_003_RKUpdateprompt.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-083/ACR_048_RKUpdatePrompt.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-083/ACR-003_004_047_083_RKUpdatePrompt.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-083/ACR-003_004_047_083_RKUpdatePrompt-reconnect.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-048/ACR_048_RKUpdatePrompt.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-003/ACR-047_003_RKUpdateprompt.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-047/ACR-047_003_RKUpdateprompt.jpg"],"nonDeceptorImageFiles":["220622/FreeEaseSoftBundle-220616/8.8.2.4/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"0c2e8332-c993-41ba-8d4e-61ddb120ecda_8.8.2.4_1","appID":"FreeEaseSoftBundle-220616","dateAdded":"220622","deceptorType":"Bundler","name":"FreeEaseSoft Bundle","company":"Freeease.net","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220622","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-22T22:37:03.36675+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1407},{"violations":{"ACR-048":"The app does not provide proper control to cancel the installation process as it drops many of the app's components in \"C:\\Users\\User\\AppData\\Local\\Temp\\\"\nThe app does not provide any control to enable/disable the \"ACAT_SPCTApp@Runner\" scheduled task and notifications within the app's settings.\n","ACR-003":"The app shows alarming color graphs and exclamation symbols on the scan summary page while attempting to close the app, thus misleading the user to take action to purchase the app.\n","ACR-004":"The app does not provide a free fix for any of the identified issues shown during the “Free Scan” in any of the categories. Also, the app exaggerates the scan results by displaying color graphs, and an exclamation symbol, thus making the consumer believe they have an issue/problem in their system, and forcing the user to purchase the app.\n","ACR-010":"The app offers a \"PC SpeedCat\" app which has a deceptive behavior that fails under ACR-004 (No Free fix).\n","ACR-017":"Unable to verify third-party endorsement shown during installation.\nUnable to verify third-party endorsement shown inside software.\n","ACR-084":"The app creates an undisclosed scheduled task to perform an action without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-088":"The application starts a scan post installation without user interaction.\n","ACR-123":"The app does not remove the scheduled tasks after uninstallation and reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SpeedCat\\AlleyCat\\AlleyCat.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"510725c82f83be66530cf823d47a00fb","hashSHA1":"a6b8bdee761102364071bfe5c7792ca451118544","hashSHA256":"c8b1654570126eb46de06f193043ef1d332e4605c82a589327c1f83c790f76b9","digitalCertThumbprint":"EA0975B10DC232195CD33400A6721BEDE68F5489","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SpeedCat LLC","storeId":"","sourceIndex":"1544","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"alleycat.setup.exe","isInstaller":"True","companyName":"                                                            ","productName":"IT-Setup                                                    ","productVersion":"11.2.1                                            ","fileVersion":"11.2.1              ","hashMD5":"efa864d498f42cd1d2787270b837020a","hashSHA1":"b0ad707df56d3de92f8be839f062e7d1751c4968","hashSHA256":"7b788395d73bcb9da9fe6ee3ad0b1c3b4434d7f7b19ff49ce1d55326eaa470b9","digitalCertThumbprint":"EA0975B10DC232195CD33400A6721BEDE68F5489","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SpeedCat LLC","storeId":"","sourceIndex":"1544","avBlockList":["360 Total Security (20220628)","Avast Premium Security (20220628)","AVG Internet Security (20220628)","Avira Internet Security (20220628)","Bitdefender Internet Security (20220628)","Dr.Web Security Space (20220628)","ESET Internet Security (20220628)","G DATA INTERNET SECURITY (20220628)","Kaspersky Internet Security (20220628)","Malwarebytes Premium (20220628)","McAfee Total Protection (20220628)","Norton Security (20220628)","Panda Dome (20220628)","Quick Heal Internet Security (20220628)","Sophos Home Premium (20220628)","SpyHunter5 (20220628)","Total AV Antivirus Pro (20220628)","Trend Micro Internet Security (20220628)","VIPRE Advanced Security (20220628)","VirIT eXplorer PRO (20220628)","Webroot SecureAnywhere (20220628)","Windows Defender (20220628)"],"avAllowList":["COMODO Antivirus (20220628)","K7 Total Security (20220628)","Tencent PC Manager (20220628)"]}],"additionalFiles":[],"sources":[{"howFound":"Utility app","reference":"","landingPage":"https://win.topdownload.club/alleycat-junk-remover/","directDownloadingLink":"https://win.topdownload.club/rd.html?url=http%253A%252F%252Fwww.pcspeedcat.com%252Frun%252Fclick%252Fspeedcatweb%252Fgo%252Fdlsites-instant-alle%253Flang%253DEN&h=b9b93256ed924ac2f68a09d667269b11","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://win.topdownload.club/rd.html?url=http%253A%252F%252Fwww.pcspeedcat.com%252Frun%252Fclick%252Fspeedcatweb%252Fgo%252Fdlsites-instant-alle%253Flang%253DEN&h=b9b93256ed924ac2f68a09d667269b11","sourceIndex":"1544"}],"sampleFiles":["220622/alleycatjunkremover-220622/2.1.4/Samples/alleycat.setup.exe"],"imageFiles":["220622/alleycatjunkremover-220622/2.1.4/Images/ACR-048/ACR-048_Install_1.mp4","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-017/ACR-017_Install_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-004/ACR-004 (1).JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-004/ACR-004 (2).JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-004/ACR-004 (3).JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-004/ACR-004 (4).JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-004/ACR-004_Software_Exclamation.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-004/ACR-004_Software_Exclamation_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-004/ACR-004_Software_Exclamation_2.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-084/ACR-084_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-048/ACR-048_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-048/ACR-048_2.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-048/ACR-048_3.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-003/ACR-003_1 (1).JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-003/ACR-003_1 (2).JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-017/ACR-017_Software_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-017/ACR-017_Software_2.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-017/ACR-017_Software_3.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-118/ACR-118_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-059/ACR-059_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-059/ACR-059_2.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-010/ACR-010_Software_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-010/ACR-010_Software_2.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-010/ACR-010_Software_3.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-010/ACR-010_Software_4.JPG"],"nonDeceptorImageFiles":["220622/alleycatjunkremover-220622/2.1.4/Images/ACR-088/ACR-088_1.JPG","220622/alleycatjunkremover-220622/2.1.4/Images/ACR-123/ACR-123_1.JPG"],"guid":"387bed9f-0c3d-4eb9-bc32-108fefb2d987_2.1.4_1","appID":"alleycatjunkremover-220622","dateAdded":"220622","deceptorType":"App","name":"AlleyCAT Junk Remover","company":"SpeedCat","version":"2.1.4","lastKnownStatus":"2.1.4","lastKnownDate":"220622","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-23T00:16:46.0152304+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1409},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rkverify.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it sometimes leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"At Uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “rkverify.exe” nevertheless.\n\n","ACR-155":"The Relevant Knowledge Offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeDriverBackup.exe","fileVersion":"0.0","hashMD5":"d75bae7743dc6eabe38d41109787cb68","hashSHA1":"26a8370a79b74a7919782b71ca3497596404df2b","hashSHA256":"48ac81da4bdf1fa9be82264f9cb9f0eef95acf4d4fd6104fee68765dfa4725cc","sourceIndex":"1525","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeDriverBackup_mZUJ-U1.exe","isInstaller":"True","productName":"Beijing Aviation Trust Intellectual Property Consulting Co.,","fileVersion":"3.33.1           ","hashMD5":"2069ffee2f6cb3d8acdbcf116e60835d","hashSHA1":"bbf9a20e299e3dda5ecd4fa34a3c49b38413f89d","hashSHA256":"a9d1c1846fcacdf77411ba7a421feee9036e7c2e134afe0f1bc8dbc67b527d11","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1525","avBlockList":["Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Sophos Home Premium (20220623)","Total AV Antivirus Pro (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)"],"avAllowList":["360 Total Security (20220623)","COMODO Antivirus (20220623)","Quick Heal Internet Security (20220623)","SpyHunter5 (20220623)","Tencent PC Manager (20220623)","Trend Micro Internet Security (20220623)","Windows Defender (20220623)"]},{"isRevoked":"False","fileName":"FreeDriverBackup-setup.exe","isInstaller":"True","companyName":"FreeDriverBackup Co., Ltd.                                  ","productName":"Free Driver Backup        ","fileVersion":"0.0","hashMD5":"1e4e4542b2fb112b3e9aa4b3f922d3ab","hashSHA1":"f7b5745c6bfd745a58ff18528f6074c1ccf4833d","hashSHA256":"908349c91acaec9a6933132d999b412960465df17a1b2fe3da313ce723fdb39d","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1525","avBlockList":["360 Total Security (20220721)","Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","Trend Micro Internet Security (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["COMODO Antivirus (20220721)","Tencent PC Manager (20220721)"]}],"additionalFiles":[],"sources":[{"howFound":"Freeexelock related search","reference":"","landingPage":"http://www.freedriverbackup.com/","directDownloadingLink":"http://www.freedriverbackup.com/FreeDriverBackup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freedriverbackup.com/FreeDriverBackup.exe","sourceIndex":"1525"}],"sampleFiles":["220621/FreeDriverBackup-220621/8.8.2.4/Samples/FreeDriverBackup.exe","220621/FreeDriverBackup-220621/8.8.2.4/Samples/FreeDriverBackup_mZUJ-U1.exe","220621/FreeDriverBackup-220621/8.8.2.4/Samples/FreeDriverBackup-setup.exe"],"imageFiles":["220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-109/RKSetup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-039/RKSetup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-047/ACR-003_004_047_083-RKUpdatePrompt_rerun.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-047/ACR-003_004_047_083-RKUpdatePrompt_startup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt_goup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-048/RKSetup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-010/RelevantKnowledge_.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-004/ACR-003_004_047_083-RKUpdatePrompt_rerun.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-004/ACR-048_RKUpdatePrompt_goup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-083/ACR-003_004_047_083-RKUpdatePrompt_startup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-083/ACR-048_RKUpdatePrompt_goup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-083/ACR-003_004_047_083-RKUpdatePrompt_rerun.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-048/ACR-048_RKUpdatePrompt_goup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-003/ACR-003_004_047_083-RKUpdatePrompt_rerun.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-003/ACR-003_004_047_083-RKUpdatePrompt_startup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-118/ACR-118_RetainedComponents.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-057/RelevantKnowledge_.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-059/RelevantKnowledge_.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-071/RelevantKnowledge_.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-155/RelevantKnowledge_.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-047/ACR-003_004_047_083-RKUpdatePrompt_rerun.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-047/ACR-003_004_047_083-RKUpdatePrompt_startup.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-047/ACR-048_RKUpdatePrompt_goup.jpg"],"nonDeceptorImageFiles":["220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-065/RelevantKnowledge_.jpg","220621/FreeDriverBackup-220621/8.8.2.4/Images/ACR-106/RelevantKnowledge_.jpg"],"guid":"5e08204e-4186-4fdf-a4ee-08835ba7f34e_8.8.2.4_1","appID":"FreeDriverBackup-220621","dateAdded":"220621","deceptorType":"App","name":"Free Driver Backup","company":"FreeDriverBackup, Inc.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220621","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-07-01T19:39:50.8549063+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1410},{"violations":{"ACR-007":"The disclosure message is sufficient, but still, needs to obtain the user's explicit consent. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Passive Income app","reference":"resource borrowing","landingPage":"https://pawns.iproyal.com/","directDownloadingLink":"https://download.iproyal.com/pawns/latest/win64/IPRoyalPawnsSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iproyal.com/pawns/latest/win64/IPRoyalPawnsSetup.exe","sourceIndex":"1490"}],"sampleFiles":[],"imageFiles":["220620/IPRoyal-220107/1.12.3.604/Images/ACR-118/ACR-118_Uninstall.JPG","220620/IPRoyal-220107/1.12.3.604/Images/ACR-007/ACR-007_Install.JPG"],"nonDeceptorImageFiles":[],"guid":"b2f11480-184d-4c61-8471-2fed6d73eead_1.12.3.604_1","appID":"IPRoyal-220107","dateAdded":"220620","deceptorType":"App","name":"IPRoyal Pawns","company":"Dafisa Limited","version":"1.12.3.604","firstVendorContactDate":"220727","firstAppEsteemReplyDate":"220727","firstResolvedDate":"220729","firstResolvedVersion":"1.13.2.673","resolved":"TRUE","lastKnownStatus":"1.7.0;1.7.3;1.8.0;1.12.3.604","lastKnownDate":"220620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-29T23:27:55.8013864+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1411},{"violations":{"ACR-107":"The app installs FFmpeg package and doesn't include the open source license or the source code or link to the source code.\n","ACR-048":"The app didn't provide any control to cancel the installation process.\nThe app didn't provide any control to enable/disable the startup it created within the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IPRoyalPawns\\iproyal_pawns.exe","companyName":"GitHub Inc.","productName":"IPRoyal Pawns","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"eb799c83c1574a789f7cb89e22a4572d","hashSHA1":"70472f6afe76fa4e91dd4622e972b8afa238bd52","hashSHA256":"e7c1f90f0cfd8d3718d4562d0b9745ac8f0a59fc2a16d887f2cada223d3608c7","digitalCertThumbprint":"A85EC2692FCA067DBE54BEBF470EA2891402B29E","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Dafisa Limited","storeId":"","sourceIndex":"1707","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IPRoyalPawnsSetup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"d3653e0a7720722680995cb0f924295e","hashSHA1":"476f336bfee0496c915655eacee7b2437bc361b1","hashSHA256":"8ffa0fa157853f5960b297372fed329687b17455a121c22f56bf440eb6ce099a","digitalCertThumbprint":"A85EC2692FCA067DBE54BEBF470EA2891402B29E","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Dafisa Limited","storeId":"","sourceIndex":"1707","avBlockList":["360 Total Security (20220331)","Avast Premium Security (20220331)","AVG Internet Security (20220331)","Avira Internet Security (20220331)","Bitdefender Internet Security (20220331)","ESET Internet Security (20220331)","G DATA INTERNET SECURITY (20220331)","K7 Total Security (20220331)","Kaspersky Internet Security (20220331)","McAfee Total Protection (20220331)","Norton Security (20220331)","Panda Dome (20220331)","Sophos Home Premium (20220331)","SpyHunter5 (20220331)","Tencent PC Manager (20220331)","Total AV Antivirus Pro (20220331)","VIPRE Advanced Security (20220331)","VirIT eXplorer PRO (20220331)","Webroot SecureAnywhere (20220331)","Windows Defender (20220331)"],"avAllowList":["COMODO Antivirus (20220331)","Dr.Web Security Space (20220331)","Malwarebytes Premium (20220331)","Quick Heal Internet Security (20220331)","Trend Micro Internet Security (20220331)"]}],"additionalFiles":[],"sources":[{"howFound":"Passive Income app","reference":"resource borrowing","landingPage":"https://pawns.iproyal.com/","directDownloadingLink":"https://download.iproyal.com/pawns/latest/win64/IPRoyalPawnsSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iproyal.com/pawns/latest/win64/IPRoyalPawnsSetup.exe","sourceIndex":"1707"}],"sampleFiles":["220215/IPRoyal-220107/1.7.3/Samples/IPRoyalPawnsSetup.exe"],"imageFiles":["220215/IPRoyal-220107/1.7.3/Images/ACR-107/ACR-107_Install.JPG","220215/IPRoyal-220107/1.7.3/Images/ACR-048/ACR-048_Install_No_Control.JPG","220215/IPRoyal-220107/1.7.3/Images/ACR-048/ACR-048_Software_No_Control.JPG","220215/IPRoyal-220107/1.7.3/Images/ACR-116/ACR-116_Uninstall.JPG","220215/IPRoyal-220107/1.7.3/Images/ACR-118/ACR-118_Uninstall.JPG","220215/IPRoyal-220107/1.7.3/Images/ACR-007/ACR-007_Software.JPG","220215/IPRoyal-220107/1.7.3/Images/ACR-007/ACR-007_Software_1.JPG"],"nonDeceptorImageFiles":[],"guid":"b2f11480-184d-4c61-8471-2fed6d73eead_1.7.3_1","appID":"IPRoyal-220107","dateAdded":"220620","deceptorType":"App","name":"IPRoyal Pawns","company":"Dafisa Limited","version":"1.7.3","firstVendorContactDate":"220727","firstAppEsteemReplyDate":"220727","firstResolvedDate":"220729","firstResolvedVersion":"1.13.2.673","resolved":"TRUE","lastKnownStatus":"1.7.0;1.7.3;1.8.0;1.12.3.604","lastKnownDate":"220620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1413},{"violations":{"ACR-107":"The app installs FFmpeg package and doesn't include the open source license or the source code or link to the source code.\n","ACR-048":"The app didn't provide any control to cancel the installation process.\nThe app didn't provide any control enable/disable the startup in software it created.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"IPRoyalPawnsSetup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b3cc169e59c60533bc921fd3c3a64b1d","hashSHA1":"8c52f9578997e7ab98ffaad58122e3b7a11248c3","hashSHA256":"0794b35eca33673f9005056c60baeb1a5a6467356615bae57771bea33ea4d235","digitalCertThumbprint":"B108825EB1AE7C2C44DCFB78171258EFD35B5163","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Dafisa Limited","storeId":"","sourceIndex":"1736","avBlockList":["Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","ESET Internet Security (20220127)","K7 Total Security (20220127)","Kaspersky Internet Security (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Total AV Antivirus Pro (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":["360 Total Security (20220127)","Bitdefender Internet Security (20220127)","COMODO Antivirus (20220127)","Dr.Web Security Space (20220127)","G DATA INTERNET SECURITY (20220127)","Malwarebytes Premium (20220127)","Tencent PC Manager (20220127)","Trend Micro Internet Security (20220127)","VIPRE Advanced Security (20220127)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IPRoyalPawns\\iproyal_pawns.exe","companyName":"GitHub Inc.","productName":"IPRoyal Pawns","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"7c5489d06b7fffc3c7839e31a7677d40","hashSHA1":"584658c95b6ba91bed1951b708cc6f4801753241","hashSHA256":"42e07d1ebf252d7c5d777b110a2e4c959cebf88e39171bd75f797b4c4a3cc873","digitalCertThumbprint":"B108825EB1AE7C2C44DCFB78171258EFD35B5163","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Dafisa Limited","storeId":"","sourceIndex":"1736","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Passive Income app","reference":"resource borrowing","landingPage":"https://pawns.iproyal.com/","directDownloadingLink":"https://download.iproyal.com/pawns/latest/win64/IPRoyalPawnsSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iproyal.com/pawns/latest/win64/IPRoyalPawnsSetup.exe","sourceIndex":"1736"}],"sampleFiles":["220110/IPRoyal-220107/1.7.0/Samples/IPRoyalPawnsSetup.exe"],"imageFiles":["220110/IPRoyal-220107/1.7.0/Images/ACR-107/ACR-107_Install_Drops_Third_Party.JPG","220110/IPRoyal-220107/1.7.0/Images/ACR-048/ACR-048_Install_Unable_To_Cancel.JPG","220110/IPRoyal-220107/1.7.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220110/IPRoyal-220107/1.7.0/Images/ACR-116/ACR-116_Uninstall_App_Hidden.JPG","220110/IPRoyal-220107/1.7.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220110/IPRoyal-220107/1.7.0/Images/ACR-007/ACR-007_Install_1.JPG","220110/IPRoyal-220107/1.7.0/Images/ACR-007/ACR-007_Install_2.JPG"],"nonDeceptorImageFiles":[],"guid":"b2f11480-184d-4c61-8471-2fed6d73eead_1.7.0_1","appID":"IPRoyal-220107","dateAdded":"220620","deceptorType":"App","name":"IPRoyal Pawns","company":"Dafisa Limited","version":"1.7.0","sigName":"Deceptor:Win32/IPRoyalPawns!107048116118007","firstVendorContactDate":"220727","firstAppEsteemReplyDate":"220727","firstResolvedDate":"220729","firstResolvedVersion":"1.13.2.673","resolved":"TRUE","lastKnownStatus":"1.7.0;1.7.3;1.8.0;1.12.3.604","lastKnownDate":"220620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1414},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update, instead there is no newer build, it attempts to run the installer and present the declined offers again \n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"The Relevant Knowledge offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n"},"samples":[{"isRevoked":"False","fileName":"FreeEXELock.exe","isInstaller":"True","companyName":"FreeEXELock Co., Ltd.                                       ","productName":"Free EXE Lock         ","fileVersion":"0.0","hashMD5":"f5b331da23278a1fbac9a8108031e3dc","hashSHA1":"e3dce2f0992718eb5776cde02d68a3857e02c8d1","hashSHA256":"1cc419c96de3d3d7fe1cb6616a7775ea47e7d4570c0235fbf8f80a29b4afebe5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"695","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Total AV Antivirus Pro (20220623)","Trend Micro Internet Security (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":["COMODO Antivirus (20220623)","Tencent PC Manager (20220623)"]},{"isRevoked":"False","fileName":"FreeEXELock_VUQo-r1.exe","isInstaller":"True","productName":"Beijing Aviation Trust Intellectual Property Consulting Co.,         ","fileVersion":"3.33.1      ","hashMD5":"2069ffee2f6cb3d8acdbcf116e60835d","hashSHA1":"bbf9a20e299e3dda5ecd4fa34a3c49b38413f89d","hashSHA256":"a9d1c1846fcacdf77411ba7a421feee9036e7c2e134afe0f1bc8dbc67b527d11","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"695","avBlockList":["Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Sophos Home Premium (20220623)","Total AV Antivirus Pro (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)"],"avAllowList":["360 Total Security (20220623)","COMODO Antivirus (20220623)","Quick Heal Internet Security (20220623)","SpyHunter5 (20220623)","Tencent PC Manager (20220623)","Trend Micro Internet Security (20220623)","Windows Defender (20220623)"]},{"isRevoked":"False","fileName":"FreeEXELock2.exe","productName":"Free EXE Lock         ","fileVersion":"0.0","hashMD5":"092ae606f0847edf1215b8223ac238af","hashSHA1":"cc96370aa0a2e0bb84da435a09175a65079ab8c1","hashSHA256":"90dafd8716df635be5c3fd8dba9cfe54febcab2c742b36f33896ea24b104bbd9","sourceIndex":"695","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: site related to FAEMedia","reference":"","landingPage":"http://freeexelock.com/","directDownloadingLink":"http://www.freeexelock.com/FreeEXELock.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeexelock.com/FreeEXELock.exe","sourceIndex":"695"}],"sampleFiles":["220620/Freeexelock-220620/8.8.2.4/Samples/FreeEXELock.exe","220620/Freeexelock-220620/8.8.2.4/Samples/FreeEXELock_VUQo-r1.exe","220620/Freeexelock-220620/8.8.2.4/Samples/FreeEXELock2.exe"],"imageFiles":["220620/Freeexelock-220620/8.8.2.4/Images/ACR-109/ACR-109_039_048_RKsetup.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-039/ACR-109_039_048_RKsetup.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-048/ACR-109_039_048_RKsetup.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-048/ACR_048_RKUpdatePrompt_goup.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-004/ACR_048_RKUpdatePrompt_startup.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-004/ACR-003_004_047_083_FakeUpdatePrompt.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-083/ACR_048_RKUpdatePrompt_goup.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-083/ACR_048_RKUpdatePrompt_startup.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-047/ACR-003_004_047_083_FakeUpdatePrompt.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-047/ACR-003_004_047_083_FakeUpdatePrompt.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-003/ACR-003_004_047_083_FakeUpdatePrompt.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-010/RelevantKnowledge.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","220620/Freeexelock-220620/8.8.2.4/Images/ACR-118/ACR-118_RetainedComponents.jpg"],"nonDeceptorImageFiles":["220620/Freeexelock-220620/8.8.2.4/Images/ACR-065/RelevantKnowledge.jpg"],"guid":"3e5df9cd-bc46-4e0e-b7e2-d77833910368_8.8.2.4_1","appID":"Freeexelock-220620","dateAdded":"220620","deceptorType":"App","name":"Free EXE Lock","company":"FreeEXELock Co., Ltd.","version":"8.8.2.4","lastKnownStatus":"8.8.2.4","lastKnownDate":"220620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-03-27T18:29:22.7635835+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1415},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"Upon uninstallation, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it still downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n\n","ACR-155":"The \"Relevant Knowledge\" offer is designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-045":"","ACR-065":"Carrier app has no EULA screen. The first offer's (Relevant Knowledge) EULA misleads consumers into thinking it is the EULA for the carrier app.\n\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreeAudioConverter.exe","fileVersion":"0.0","hashMD5":"b117ed16e172d33e687b5d6269f445ae","hashSHA1":"dece43b1d1207303909a20a8ec133ca6891a2bc1","hashSHA256":"58ece159b7bda81662daa116373f3cebca7ed0505b7b8abf949fb865964a5c84","sourceIndex":"1553","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAudioConverter_rTweE-1.-setup.exe","isInstaller":"True","fileVersion":"3.33","hashMD5":"98264c42a113aa874d358520c979cb00","hashSHA1":"381a003db7cfaf48cde5ea6e2295c9a4d77bb055","hashSHA256":"831f6283d97c1045e444df5274d870f6b6822feb43bb90e0ecbaea628f2393ee","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1553","avBlockList":["Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","McAfee Total Protection (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","Total AV Antivirus Pro (20220621)","Trend Micro Internet Security (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["360 Total Security (20220621)","SpyHunter5 (20220621)","Tencent PC Manager (20220621)"]},{"isRevoked":"False","fileName":"FreeAudioConverter-setup.exe","isInstaller":"True","companyName":"FAEMedia Co., Ltd.                                          ","fileVersion":"0.0","hashMD5":"449295508865f8e35d172e6a56b8a27f","hashSHA1":"abe4ea1ed854836cbb857aa6decceb4cb2f97701","hashSHA256":"87ee9fb36f52a25c09df6d907704be7d6074eb6030716cc65ad88c8c0a194208","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1553","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Total AV Antivirus Pro (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":["Tencent PC Manager (20220623)","Trend Micro Internet Security (20220623)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://free-audio-editor.com/freeaudioconverter/","directDownloadingLink":"https://free-audio-editor.com/FreeAudioConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-audio-editor.com/FreeAudioConverter.exe","sourceIndex":"1553"}],"sampleFiles":["220620/FreeAudioConverter-220617/10.1.2.5/Samples/FreeAudioConverter.exe","220620/FreeAudioConverter-220617/10.1.2.5/Samples/FreeAudioConverter_rTweE-1.-setup.exe","220620/FreeAudioConverter-220617/10.1.2.5/Samples/FreeAudioConverter-setup.exe"],"imageFiles":["220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-109/ACR-109_039_048_RKSetup.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-039/ACR-109_039_048_RKSetup.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-048/ACR-109_039_048_RKSetup.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-004/ACR-048_RKSetup.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-004/RKUpdatePrompt.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-083/RKUpdatePrompt.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-048/ACR-048_RKSetup.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-003/ACR-048_RKSetup.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-003/RKUpdatePrompt.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-118/ACR-118_RetainedComponents.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-057/RelevantKnowledge.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-059/RelevantKnowledge.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-071/RelevantKnowledge.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-155/RelevantKnowledge.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-010/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-065/RelevantKnowledge.jpg","220620/FreeAudioConverter-220617/10.1.2.5/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"a92682ac-af47-473d-94f8-a39ad3243501_10.1.2.5_1","appID":"FreeAudioConverter-220617","dateAdded":"220620","deceptorType":"App","name":"Free Audio Converter","company":"FAEMedia Co., Ltd.","version":"10.1.2.5","lastKnownStatus":"10.1.2.5","lastKnownDate":"220620","type":"Windows Executable","category":"Media editors, SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-20T19:11:16.1848727+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1416},{"violations":{"ACR-048":"The app does not provide any control to enable/disable the scheduled task that it created and to remove the background process completely within the app's settings.\n","ACR-003":"1. The app shows alarming color graphs on the home screen and displays \"Attention\" status with the total scanned items inside a big red-colored circle when attempting to fix the identified issues, thus misleading the user to take action to purchase the app, and does not provide a free fix for the identified issues during the Free scan.\n2. The \"i\" icon near each category which is used to substantiate the identified issues seems to be greyed out and hidden.\n","ACR-004":"The app does not provide a free fix for any of the identified issues shown during the “Free Scan” in any of the categories. Also, the app exaggerates the scan results by displaying color graphs, big sized exclamation symbol with an \"Attention\" note when the \"Fix Now\" option is clicked, thus making the consumer believe they have an issue, a problem in their system, and forces the user to purchase the app.\n","ACR-084":"1. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n2. On closing the app, the process \"EPCSchedule.exe\" runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"The app uses the misleading words \"Obsolete\" in the software and exaggeratedly alerts the user with an \"Attention\" message when attempting to fix the identified issues, thus misleading and scaring the user. \n"},"nonDeceptorViolations":{"ACR-088":"The application starts a scan post installation without user interaction.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Endura PC Cleaner\\EnduraPCCleaner.exe","companyName":"Ascentan BPO LLP","productName":"Endura PC Cleaner","productVersion":"4.1.0.0","fileVersion":"4.1.0.0","hashMD5":"aa0da4d0d4935cabeecb4cdd2c6c98ed","hashSHA1":"9dde7db56cc610d8881276e175aec7f29477e349","hashSHA256":"5d60b8fcd24323184d7de3a4c57a18a927bed93b14893ffc16a01c4bf3fb22e8","digitalCertThumbprint":"436741F50B5EFDAB2490CAC976B70355687F1A95","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"Ascentan Bpo LLP","storeId":"","sourceIndex":"319","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Endura PC Cleaner\\EPCSchedule.exe","companyName":"Ascentan BPO LLP","productName":"Endura PC Cleaner Schedule","productVersion":"4.1.0.0","fileVersion":"4.1.0.0","hashMD5":"0f53559de68cb2232d8812ce02e3a4d5","hashSHA1":"f4d5b0e5394349f3d1df1d4621c39b47cf684a56","hashSHA256":"dd14a8e97a37c62ae7e5018c30ed15fcaf742daf62d44bc7a59e930be1ac13cf","digitalCertThumbprint":"436741F50B5EFDAB2490CAC976B70355687F1A95","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"Ascentan Bpo LLP","storeId":"","sourceIndex":"319","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EnduraPCCleaner.exe","isInstaller":"True","companyName":"Ascentan BPO LLP                                            ","productName":"Endura PC Cleaner                                           ","productVersion":"4.1                                               ","fileVersion":"4.1                 ","hashMD5":"a3db69b4e1b56c45f45572b0939b3aff","hashSHA1":"35982bc4415d9b148495a40fd897cbe70e657a21","hashSHA256":"d8847c62704b8b35d1acd2f752aab65d0800528f30039e16c16adc6b1fca590f","digitalCertThumbprint":"436741F50B5EFDAB2490CAC976B70355687F1A95","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"Ascentan Bpo LLP","storeId":"","sourceIndex":"319","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Sophos Home Premium (20220623)","Total AV Antivirus Pro (20220623)","VirIT eXplorer PRO (20220623)","Windows Defender (20220623)"],"avAllowList":["Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","G DATA INTERNET SECURITY (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Quick Heal Internet Security (20220623)","SpyHunter5 (20220623)","Tencent PC Manager (20220623)","Trend Micro Internet Security (20220623)","VIPRE Advanced Security (20220623)","Webroot SecureAnywhere (20220623)"]}],"additionalFiles":[],"sources":[{"howFound":"Utility app","reference":"","landingPage":"https://en.endurapc.com/categories/windows","directDownloadingLink":"https://download.cnet.com/Endura-PC-Cleaner/3001-18512_4-77590611.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cnet.com/Endura-PC-Cleaner/3001-18512_4-77590611.html","sourceIndex":"319"}],"sampleFiles":["220620/endurapccleaner-220617/4.1/Samples/EnduraPCCleaner.exe"],"imageFiles":["220620/endurapccleaner-220617/4.1/Images/ACR-004/ACR-004_Software_No_Free_Fix.mp4","220620/endurapccleaner-220617/4.1/Images/ACR-004/ACR-004_1.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-004/ACR-004_2.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-004/ACR-004_3.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-004/ACR-004_4.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-004/ACR-004_1 (1).JPG","220620/endurapccleaner-220617/4.1/Images/ACR-084/ACR-084_Software_1.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-084/ACR-084_Software_2.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-048/ACR-048_Software_No_Control.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-048/ACR-048_Software_No_Control_3.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-003/ACR-003_Software.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-003/ACR-003_Software_1.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-003/ACR-003_3.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-003/ACR-003_4.mp4","220620/endurapccleaner-220617/4.1/Images/ACR-003/ACR-003_Software_Unsunstantiated.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-003/ACR-003_Software_Unsunstantiated_1.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-014/ACR-014_Software_Misleading_1.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-014/ACR-014_2.JPG","220620/endurapccleaner-220617/4.1/Images/ACR-118/ACR-118_1.JPG"],"nonDeceptorImageFiles":["220620/endurapccleaner-220617/4.1/Images/ACR-088/ACR-088.JPG"],"guid":"05993efc-8e4e-4f46-96c7-443122024311_4.1_1","appID":"endurapccleaner-220617","dateAdded":"220620","deceptorType":"App","name":"Endura PC Cleaner","company":"Ascentan BPO LLP","version":"4.1","lastKnownStatus":"4.1","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T22:37:27.1741462+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1417},{"violations":{"ACR-107":"The app installs FFmpeg package and doesn't include the open source license or the source code or link to the source code.\n","ACR-048":"The app didn't provide any control to cancel the installation process.\nThe app didn't provide any control to enable/disable the startup it created within the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"IPRoyalPawnsSetup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b83200ffbb1318959b3655448632514a","hashSHA1":"e7e4a995a6b0b962bb3a94c6b5d61b7ff880d19e","hashSHA256":"22311af0d3b562ac5e60ee2bd7490313419132f7057146c825e882cb9f26042f","digitalCertThumbprint":"A85EC2692FCA067DBE54BEBF470EA2891402B29E","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Dafisa Limited","storeId":"","sourceIndex":"1699","avBlockList":["360 Total Security (20220505)","Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","ESET Internet Security (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","Kaspersky Internet Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","Trend Micro Internet Security (20220505)","VIPRE Advanced Security (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["COMODO Antivirus (20220505)","Dr.Web Security Space (20220505)","Malwarebytes Premium (20220505)","Quick Heal Internet Security (20220505)","Tencent PC Manager (20220505)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IPRoyalPawns\\iproyal_pawns.exe","companyName":"GitHub Inc.","productName":"IPRoyal Pawns","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"2c392ab7e9bc65dc8df245fd6e46bdbb","hashSHA1":"ddf4beae549cee57513df419a0140b32bbe98689","hashSHA256":"b4dc0c1f59f628010937331834ea7e4d8c157fb5917326e7540d3dc4ec697cc2","digitalCertThumbprint":"A85EC2692FCA067DBE54BEBF470EA2891402B29E","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Dafisa Limited","storeId":"","sourceIndex":"1699","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Passive Income app","reference":"resource borrowing","landingPage":"https://pawns.iproyal.com/","directDownloadingLink":"https://download.iproyal.com/pawns/latest/win64/IPRoyalPawnsSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.iproyal.com/pawns/latest/win64/IPRoyalPawnsSetup.exe","sourceIndex":"1699"}],"sampleFiles":["220302/IPRoyal-220107/1.8.0/Samples/IPRoyalPawnsSetup.exe"],"imageFiles":["220302/IPRoyal-220107/1.8.0/Images/ACR-107/ACR-107_Install_Undisclosed_Third_Party.JPG","220302/IPRoyal-220107/1.8.0/Images/ACR-048/ACR-048_Install_No_Control_To_Quit.JPG","220302/IPRoyal-220107/1.8.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220302/IPRoyal-220107/1.8.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.png","220302/IPRoyal-220107/1.8.0/Images/ACR-007/ACR-007_Install_Reduces_Security.JPG","220302/IPRoyal-220107/1.8.0/Images/ACR-007/ACR-007_Install_Reduces_Security_1.JPG"],"nonDeceptorImageFiles":[],"guid":"b2f11480-184d-4c61-8471-2fed6d73eead_1.8.0_1","appID":"IPRoyal-220107","dateAdded":"220620","deceptorType":"App","name":"IPRoyal Pawns","company":"Dafisa Limited","version":"1.8.0","firstVendorContactDate":"220727","firstAppEsteemReplyDate":"220727","firstResolvedDate":"220729","firstResolvedVersion":"1.13.2.673","resolved":"TRUE","lastKnownStatus":"1.7.0;1.7.3;1.8.0;1.12.3.604","lastKnownDate":"220620","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-07-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1412},{"violations":{"ACR-010":"The apps promoted in website are deceptive applications (https://customer.appesteem.com/deceptors?q=freemoresoftbundle). The Apps distribute deceptor application. The offer in the app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://freemoresoft.com/","ipv4":"","ipv6":"","sourceIndex":"1554"}],"sampleFiles":[],"imageFiles":["220615/Freemoresoft-220615/220615/Images/ACR-010/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":[],"guid":"87145491-7c25-483f-a56e-f8d12b44e0ca_220615_1","appID":"Freemoresoft-220615","dateAdded":"220615","deceptorType":"Affiliate","name":"freemoresoft.com","company":"https://freemoresoft.com/","version":"220615","sigName":"Deceptor:Affiliate/Freemoresoft_com!010","lastKnownStatus":"220615","lastKnownDate":"220615","type":"Affiliate","category":"Media players, Media editors","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-16T16:50:12.9311939+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1419},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file before disclosure and without the consumer's consent.\n\n","ACR-047":"The App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\nThe App presents the untruthful message that application needs to update, instead it attempts to re-run the application to present the declined offer again.  \n\n","ACR-048":"The \"Decline\" button does not have any control. Despite declining RelevantKnowledge app, it is still downloaded RelevantKnowledge file “spt_setup.exe” nevertheless.\n\nUnable to close the update prompt. \n\n","ACR-003":"The App misleads consumer they need to run update. There is no newer build, instead, it attempts to run the installer and present the declined offers again.\n\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" downloads nothing new, sometimes it leads to download the component(s) that user declined during install procedure, for example, it connected to dpd.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge. \n\n","ACR-010":"The app distributes deceptor application. The offer in this app, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n\n","ACR-083":"The App attempts to present the offer repeatedly via its update and startup.\n\n","ACR-118":"At Uninstall, it retains some executables and many of its other components along with a \"curl-ca-bundle.crt\" on the device without user's knowledge. \n\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer. \n\n","ACR-071":"It attempts to force the acceptance of \"Relevant Knowledge\" by graying out the Next button when the user choose to Decline. Thus, forcing the user to only accept the offer and proceed with the installation.\n\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. Despite declining RelevantKnowledge app, it downloaded RelevantKnowledge file “spt_setup.exe” regardless.\n","ACR-155":"Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n\n"},"samples":[{"isRevoked":"False","fileName":"FreemoreAudioEditor.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"966eada5e6c4b3b2871e9e1b07936a21","hashSHA1":"d79ba63e84e2d89dd037bbd6badacd400b660c8f","hashSHA256":"68fdcdaa91f1ba3e7dc1d7315889178177451b3995a7d0427aac909d28d2f7d2","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","McAfee Total Protection (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["Tencent PC Manager (20220621)","Trend Micro Internet Security (20220621)"]},{"isRevoked":"False","fileName":"FreemoreAudioRecorder_XO-zRg1.exe","isInstaller":"True","fileVersion":"3.33","hashMD5":"98264c42a113aa874d358520c979cb00","hashSHA1":"381a003db7cfaf48cde5ea6e2295c9a4d77bb055","hashSHA256":"831f6283d97c1045e444df5274d870f6b6822feb43bb90e0ecbaea628f2393ee","digitalCertThumbprint":"E323A663BC722856F054FADEE2B07EA215692ED4","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", O=\"Beijing QingSoft Creative Information Technology Co., Ltd.\", L=Beijing, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","McAfee Total Protection (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","Total AV Antivirus Pro (20220621)","Trend Micro Internet Security (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["360 Total Security (20220621)","SpyHunter5 (20220621)","Tencent PC Manager (20220621)"]},{"isRevoked":"False","fileName":"FreemoreAVIWMVMP4MPEGDIVXConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"65a0c93e464c63673915f44bb5a26772","hashSHA1":"91ce115a28024316ca798799869d13e0e1eb74e2","hashSHA256":"834dee8ef8ff04d7b7af6609ba13d813bc1bfa3c236ce2032faa71dee0a11e21","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["McAfee Total Protection (20220621)","Tencent PC Manager (20220621)","Trend Micro Internet Security (20220621)"]},{"isRevoked":"False","fileName":"FreemoreCDBurnerRipper.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"9c93cce166ba2211d41cade8a82216c3","hashSHA1":"caf4fb18d785922531564d23af2e68156fd3e46c","hashSHA256":"91fd1cc1b32257f45d9fa0afae598c51ebc6fca438dfd7d87c2908691a32ba6e","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["McAfee Total Protection (20220621)","Tencent PC Manager (20220621)","Trend Micro Internet Security (20220621)"]},{"isRevoked":"False","fileName":"FreemoreDVDCopy.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"1857cc7146b84815d42a92aa44dcf2ab","hashSHA1":"b85a77549abb32cb4382d3d470c5ddce621fd905","hashSHA256":"1422e6b7d3511127729741090eee1851cf5ae505d25cb2b603711ea137de02d8","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["McAfee Total Protection (20220621)","Tencent PC Manager (20220621)","Trend Micro Internet Security (20220621)"]},{"isRevoked":"False","fileName":"FreemoreFLACtoMP3Converter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"c09446957aa08be6e01d377739e58115","hashSHA1":"fc18a4bd49bf207fb535937641815bec141fd5f1","hashSHA256":"42db5d956261de319e1bc6eb7cee7db57c45e2651a7269e7c8765e3b076f21a7","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","Trend Micro Internet Security (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["McAfee Total Protection (20220621)","Tencent PC Manager (20220621)"]},{"isRevoked":"False","fileName":"FreemoreFLVConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"9861ddf28483e8551966311754ea24d7","hashSHA1":"bba9856130a133193d0f59cece4221dde6d6379b","hashSHA256":"9a5b172d5c3836ce9ad2c0e435d16d6e99e9202bbca206519d5422470be10ad2","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["McAfee Total Protection (20220621)","Tencent PC Manager (20220621)","Trend Micro Internet Security (20220621)"]},{"isRevoked":"False","fileName":"FreemoreHDVideoConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"0483f4a7a5b4842678df990f31d10f90","hashSHA1":"835ed4fae897ccff7d7164321879bf4ebff7b667","hashSHA256":"265de88a5b4face185a016105b62b998163c8c374b2ba72725319f2c31fa442d","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["McAfee Total Protection (20220621)","Tencent PC Manager (20220621)","Trend Micro Internet Security (20220621)"]},{"isRevoked":"False","fileName":"FreemoreiPodiPadiPhonePSPConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"93a06ebc399712f505c60a2db62a6362","hashSHA1":"326784a448c1d1031ea7c79d05ebe65848fd6fae","hashSHA256":"e31b48f5e0205ebec0e35ce5e5f9b824a3b16264a8534af999dfe61e442aee36","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["Dr.Web Security Space (20220621)","McAfee Total Protection (20220621)","Tencent PC Manager (20220621)","Trend Micro Internet Security (20220621)"]},{"isRevoked":"False","fileName":"FreemoreJPGtoPDFConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"9a1cb20260b69ae0085cca2b34e16db0","hashSHA1":"995bcb4ac2c7d7368b0e3a00183f38e8f91f053f","hashSHA256":"5de2b1c4a3ca8236ed9cbc21f40c9d6ece24984992081920f4ee9a26bae9a812","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","Trend Micro Internet Security (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["McAfee Total Protection (20220621)","Tencent PC Manager (20220621)"]},{"isRevoked":"False","fileName":"FreemoreM4AtoMP3Converter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"23d423d599d0931bdfa3431a18a75c5f","hashSHA1":"2a1c9ae304a0cc381fed8c4626f08bbd40f8956d","hashSHA256":"23384457d4f0881997cba9cd971957f4a4aac84e4e1ed98670d2d0299c32ffd2","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220621)","Avast Premium Security (20220621)","AVG Internet Security (20220621)","Avira Internet Security (20220621)","Bitdefender Internet Security (20220621)","COMODO Antivirus (20220621)","Dr.Web Security Space (20220621)","ESET Internet Security (20220621)","G DATA INTERNET SECURITY (20220621)","K7 Total Security (20220621)","Kaspersky Internet Security (20220621)","Malwarebytes Premium (20220621)","Norton Security (20220621)","Panda Dome (20220621)","Quick Heal Internet Security (20220621)","Sophos Home Premium (20220621)","SpyHunter5 (20220621)","Total AV Antivirus Pro (20220621)","Trend Micro Internet Security (20220621)","VIPRE Advanced Security (20220621)","VirIT eXplorer PRO (20220621)","Webroot SecureAnywhere (20220621)","Windows Defender (20220621)"],"avAllowList":["Tencent PC Manager (20220621)"]},{"isRevoked":"False","fileName":"FreemoreMP3Cutter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"7ed24e9b511b996a5dc91d61a6b4ac0d","hashSHA1":"ba3621ecfd2f8a80ebc091111fa94a74807c9c13","hashSHA256":"bff0dda86bf65d1376cf0aaa0133148aa5ce450987067f68c683b5620463a29a","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Total AV Antivirus Pro (20220623)","Trend Micro Internet Security (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":["Tencent PC Manager (20220623)"]},{"isRevoked":"False","fileName":"FreemoreMP3Joiner.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"c389b93f967943b3b2184803be1b05b6","hashSHA1":"478b0f382a8ee6c41f0bb92990204715fe7a2ab8","hashSHA256":"62f78378cd88fd19b6c304c2901617560304cd9d284da805b80e2bec5745bc31","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Total AV Antivirus Pro (20220623)","Trend Micro Internet Security (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":["Tencent PC Manager (20220623)"]},{"isRevoked":"False","fileName":"FreemoreMP3WMAWAVConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"e3a62ced41b7ab23dcc54af616c298d2","hashSHA1":"daf8ada5c3762cea2d9f3650773def60b25b59df","hashSHA256":"8b616c43202ed75defc02425d7ce291aac69610fb91651b2763109c3a0bd91ee","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Total AV Antivirus Pro (20220623)","Trend Micro Internet Security (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":["Tencent PC Manager (20220623)"]},{"isRevoked":"False","fileName":"FreemoreMP4toAVIConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"9b79efbdd1a373c7ccdf4c78847700d7","hashSHA1":"4f8d281cdea231677496cfb48e62067f19719122","hashSHA256":"c00fe59b72ccd94b4e44575aecd2702e2713549b98b4321b3b789dcb60d81372","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Total AV Antivirus Pro (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":["Tencent PC Manager (20220623)","Trend Micro Internet Security (20220623)"]},{"isRevoked":"False","fileName":"FreemoreMP4VideoConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"b2bb46b6547aec6bd7338692e82032f7","hashSHA1":"91e0a12478ef8ba6830363f81107222467a832b9","hashSHA256":"7e04709d6afc69efd4fe1daa46e3772319f9d38dd07beb9d7bfd78c17d1cfd37","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Tencent PC Manager (20220623)","Total AV Antivirus Pro (20220623)","Trend Micro Internet Security (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreemorePDFConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"53506a7f8ff065e8d420b6dd43da03bb","hashSHA1":"cefae8397e79f4d578ea2581d27c5cac6ad51eae","hashSHA256":"58a58a33ec38c80f9004accd00d185b36baed76eacf9e0244a1f3b5fbe07411d","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Total AV Antivirus Pro (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":["Tencent PC Manager (20220623)","Trend Micro Internet Security (20220623)"]},{"isRevoked":"False","fileName":"FreemorePDFMergerSplitter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"8f95125bbf6d6b155baad1350be4f69c","hashSHA1":"3d2141014403103ce657b2b8b9e94561c065c7d6","hashSHA256":"b8670a938bea295df202e1b9f6945419ef511adc3e150228815fffa44230e285","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220623)","Avast Premium Security (20220623)","AVG Internet Security (20220623)","Avira Internet Security (20220623)","Bitdefender Internet Security (20220623)","COMODO Antivirus (20220623)","Dr.Web Security Space (20220623)","ESET Internet Security (20220623)","G DATA INTERNET SECURITY (20220623)","K7 Total Security (20220623)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20220623)","McAfee Total Protection (20220623)","Norton Security (20220623)","Panda Dome (20220623)","Quick Heal Internet Security (20220623)","Sophos Home Premium (20220623)","SpyHunter5 (20220623)","Total AV Antivirus Pro (20220623)","Trend Micro Internet Security (20220623)","VIPRE Advanced Security (20220623)","VirIT eXplorer PRO (20220623)","Webroot SecureAnywhere (20220623)","Windows Defender (20220623)"],"avAllowList":["Tencent PC Manager (20220623)"]},{"isRevoked":"False","fileName":"FreemorePDFtoJPGPNGTIFConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"8ad6318b48af6442caedb2eb210e4bd9","hashSHA1":"5789122ead26e90018082e62348108daa20ca7f3","hashSHA256":"bb66f225715929e9741f0a7a4d998f36af4bf38cb228220087375ad4c7200649","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20250123)","Avast Premium Security (20250123)","AVG Internet Security (20250123)","Avira Internet Security (20250123)","Bitdefender Internet Security (20250123)","COMODO Antivirus (20250123)","Dr.Web Security Space (20250123)","ESET Internet Security (20250123)","G DATA INTERNET SECURITY (20250123)","K7 Total Security (20250123)","Kaspersky Internet Security (20220623)","Malwarebytes Premium (20250123)","McAfee Total Protection (20250123)","Norton Security (20250123)","Panda Dome (20250123)","Quick Heal Internet Security (20250123)","Sophos Home Premium (20250123)","SpyHunter5 (20250123)","Total AV Antivirus Pro (20250123)","VIPRE Advanced Security (20250123)","VirIT eXplorer PRO (20250123)","Webroot SecureAnywhere (20250123)","Windows Defender (20250123)","FortectPremium (20250123)","KasperskyPremium (20250123)"],"avAllowList":["Tencent PC Manager (20220623)","Trend Micro Internet Security (20250123)"]},{"isRevoked":"False","fileName":"FreemorePDFtoWordConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"5974ca138ca11a62a6ee4c208db2ed27","hashSHA1":"939ef3a80c2b879e3e0c257ea61c528e85d25163","hashSHA256":"1bbdb2c8bf323e8296c7e1496ff38c5a0e1f0504df9313e153937df1cbf071d0","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220721)","Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","COMODO Antivirus (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","Trend Micro Internet Security (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["Tencent PC Manager (20220721)"]},{"isRevoked":"False","fileName":"FreemoreRingtoneMaker.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"93b9910f978d9ca526fe3cc935545eb0","hashSHA1":"8b123831694b328af4ee0a3c70cd5bc8ebfefe78","hashSHA256":"16d82aa72bc5667ef43b49643dd43d2fb627d5f24f0e7ab7a5b666439f4f3bba","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220721)","Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","COMODO Antivirus (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","Trend Micro Internet Security (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["Tencent PC Manager (20220721)"]},{"isRevoked":"False","fileName":"FreemoreScantoPDF.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"5e4afd7e5e967f93e59c797de57c82f4","hashSHA1":"449662faa3c9ab9484e7c95e5fa4fa0f0b57e966","hashSHA256":"e730f9e26aca3dfa1fa6f7185112f443cddf8f3f9d302598e8fea08c8ef1b6fe","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","COMODO Antivirus (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","Trend Micro Internet Security (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["360 Total Security (20220721)","Tencent PC Manager (20220721)"]},{"isRevoked":"False","fileName":"FreemoreSlideshowMaker.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"947574e8b3404f82f249ae13374ed2c0","hashSHA1":"7116648bc942010dedfc3df17163ff95d9cc1cc1","hashSHA256":"cedc05b58382fd2084c1dc9901aaa5a8bd6138fc6ce4cee15b2c6930905315d1","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220721)","Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","COMODO Antivirus (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","Trend Micro Internet Security (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["Tencent PC Manager (20220721)"]},{"isRevoked":"False","fileName":"FreemoreVideoJoiner.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"51f109050a494c571a4ea4deebc11815","hashSHA1":"f368a8142ba9406e5ae7f21380ac42cdc659e890","hashSHA256":"b330ebea1021190e11c820d7871da0b764e604c7c9f395fbc7927cf5f40a9b40","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220721)","Avast Premium Security (20220721)","AVG Internet Security (20220721)","Avira Internet Security (20220721)","Bitdefender Internet Security (20220721)","COMODO Antivirus (20220721)","Dr.Web Security Space (20220721)","ESET Internet Security (20220721)","G DATA INTERNET SECURITY (20220721)","K7 Total Security (20220721)","Kaspersky Internet Security (20220721)","Malwarebytes Premium (20220721)","McAfee Total Protection (20220721)","Norton Security (20220721)","Panda Dome (20220721)","Quick Heal Internet Security (20220721)","Sophos Home Premium (20220721)","SpyHunter5 (20220721)","Total AV Antivirus Pro (20220721)","VIPRE Advanced Security (20220721)","VirIT eXplorer PRO (20220721)","Webroot SecureAnywhere (20220721)","Windows Defender (20220721)"],"avAllowList":["Tencent PC Manager (20220721)","Trend Micro Internet Security (20220721)"]},{"isRevoked":"False","fileName":"FreemoreVideotoGIFConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"afb00fed653698e93dc364dae3412d11","hashSHA1":"ab63690d2aedc9088338e57c1da884177773a81f","hashSHA256":"96cdfbb75e809aa9cfbae081d66824da13ceb08e1ca2d22cba72a6cb4d986308","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","Kaspersky Internet Security (20220726)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)","FortectPremium (20250121)","KasperskyPremium (20250121)"],"avAllowList":["Tencent PC Manager (20220726)","Trend Micro Internet Security (20250121)"]},{"isRevoked":"False","fileName":"FreemoreWMAtoMP3Converter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"b77b8dee2d37cb728a50bf2d4e60dc5f","hashSHA1":"93234cc9d543e332c682269315f122bd35b5c681","hashSHA256":"01671561b16b6389c667d80787a32d0fc6e38e40f27bee01c1db19e0cf14d457","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220728)","Avast Premium Security (20220728)","AVG Internet Security (20220728)","Avira Internet Security (20220728)","Bitdefender Internet Security (20220728)","COMODO Antivirus (20220728)","Dr.Web Security Space (20220728)","ESET Internet Security (20220728)","G DATA INTERNET SECURITY (20220728)","K7 Total Security (20220728)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20220728)","McAfee Total Protection (20220728)","Norton Security (20220728)","Panda Dome (20220728)","Quick Heal Internet Security (20220728)","Sophos Home Premium (20220728)","SpyHunter5 (20220728)","Total AV Antivirus Pro (20220728)","VIPRE Advanced Security (20220728)","VirIT eXplorer PRO (20220728)","Webroot SecureAnywhere (20220728)","Windows Defender (20220728)"],"avAllowList":["Tencent PC Manager (20220728)","Trend Micro Internet Security (20220728)"]},{"isRevoked":"False","fileName":"FreemoreYouTubeConverter.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"4b77525ef99acbd9afbc443dc7fe7a62","hashSHA1":"525d5882df9b5e16bf8c19023c6e273ad2afa16f","hashSHA256":"521707f740755c152b49cea86c41fe5c5cc4f157c3923ea927107827e7ca5204","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220728)","Avast Premium Security (20220728)","AVG Internet Security (20220728)","Avira Internet Security (20220728)","Bitdefender Internet Security (20220728)","COMODO Antivirus (20220728)","Dr.Web Security Space (20220728)","ESET Internet Security (20220728)","G DATA INTERNET SECURITY (20220728)","K7 Total Security (20220728)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20220728)","McAfee Total Protection (20220728)","Norton Security (20220728)","Panda Dome (20220728)","Quick Heal Internet Security (20220728)","Sophos Home Premium (20220728)","SpyHunter5 (20220728)","Total AV Antivirus Pro (20220728)","VIPRE Advanced Security (20220728)","VirIT eXplorer PRO (20220728)","Webroot SecureAnywhere (20220728)","Windows Defender (20220728)"],"avAllowList":["Tencent PC Manager (20220728)","Trend Micro Internet Security (20220728)"]},{"isRevoked":"False","fileName":"FreemoreYouTubeDownloader.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"0c3328d45e9539aeb7f4c709c02ee98a","hashSHA1":"d66c0e6fc6878be0ee507f23a5eb31045ee28427","hashSHA256":"30ac3ade79b40e918a50b959ee3c498bd593baa85838095726f647667910ff51","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1555","avBlockList":["360 Total Security (20220728)","Avast Premium Security (20220728)","AVG Internet Security (20220728)","Avira Internet Security (20220728)","Bitdefender Internet Security (20220728)","COMODO Antivirus (20220728)","Dr.Web Security Space (20220728)","ESET Internet Security (20220728)","G DATA INTERNET SECURITY (20220728)","K7 Total Security (20220728)","Kaspersky Internet Security (20220728)","Malwarebytes Premium (20220728)","McAfee Total Protection (20220728)","Norton Security (20220728)","Panda Dome (20220728)","Quick Heal Internet Security (20220728)","Sophos Home Premium (20220728)","SpyHunter5 (20220728)","Total AV Antivirus Pro (20220728)","VIPRE Advanced Security (20220728)","VirIT eXplorer PRO (20220728)","Webroot SecureAnywhere (20220728)","Windows Defender (20220728)"],"avAllowList":["Tencent PC Manager (20220728)","Trend Micro Internet Security (20220728)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: free media downloads","reference":"","landingPage":"https://freemoresoft.com","directDownloadingLink":"https://freemoresoft.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freemoresoft.com","sourceIndex":"1555"}],"sampleFiles":["220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreAudioEditor.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreAudioRecorder_XO-zRg1.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreAVIWMVMP4MPEGDIVXConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreCDBurnerRipper.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreDVDCopy.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreFLACtoMP3Converter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreFLVConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreHDVideoConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreiPodiPadiPhonePSPConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreJPGtoPDFConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreM4AtoMP3Converter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreMP3Cutter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreMP3Joiner.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreMP3WMAWAVConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreMP4toAVIConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreMP4VideoConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemorePDFConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemorePDFMergerSplitter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemorePDFtoJPGPNGTIFConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemorePDFtoWordConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreRingtoneMaker.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreScantoPDF.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreSlideshowMaker.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreVideoJoiner.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreVideotoGIFConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreWMAtoMP3Converter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreYouTubeConverter.exe","220615/FreemoresoftBundle-220615/10.8.2.4/Samples/FreemoreYouTubeDownloader.exe"],"imageFiles":["220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-109/ACR-109_039_048_RKsetup.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-039/ACR-109_039_048_RKsetup.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdate-2.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-047/ACR-048_RKpdatePrompt.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-048/ACR-109_039_048_RKsetup.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-004/ACR-003_004_047_083_RKUpdate-2.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-004/ACR-048_RKpdatePrompt.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-083/ACR-003_004_047_083_RKUpdate-2.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-048/ACR-048_RKpdatePrompt.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-003/ACR-003_004_047_083_RKUpdate-2.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-003/ACR-048_RKpdatePrompt.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-118/ACR-118_Remnants.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-057/RelevantKnowledge.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-059/RelevantKnowledge.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-071/RelevantKnowledge.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-155/RelevantKnowledge.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-047/ACR-003_004_047_083_RKUpdate-2.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-047/ACR-048_RKpdatePrompt.jpg","220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-010/RelevantKnowledge.jpg"],"nonDeceptorImageFiles":["220615/FreemoresoftBundle-220615/10.8.2.4/Images/ACR-106/RelevantKnowledge.jpg"],"guid":"9353c511-1f9c-42fc-b6a1-4649aa072b77_10.8.2.4_1","appID":"FreemoresoftBundle-220615","dateAdded":"220615","deceptorType":"Bundler","name":"Freemoresoft Bundle","company":"FreeMoreSoft, Inc.","version":"10.8.2.4","sigName":"Deceptor:Win32/FreemoresoftBundler!109039047048004083003118057059071155010","lastKnownStatus":"10.8.2.4","lastKnownDate":"220615","type":"Windows Executable","category":"Media editors, Media players, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-06-16T15:42:57.3618009+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1418},{"violations":{"ACR-003":"App lists non-critical items like backup files, caches, and logs as \"problems\", misleading or scaring user to take action.\n\n","ACR-004":"The App only provides 10 fixes for free scan results and upsells the product to complete the fix for remaining problems. It shows a warning pop up and uses alarming color to free scan results to present an exaggerated sense of urgency. \n\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display conspicuous links to the Returns and Cancellation Policy or the Privacy Policy.\n\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n The offer page does not display conspicuous links to the Returns and Cancellation Policy.\n\n","ACR-037":"No Privacy Policy is provided for the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"A1Cleanr.exe","productName":"A1Click Ultra PC Cleaner (Trial Version)        ","fileVersion":"1.03.07","hashMD5":"bd35dba2a544d2c3d84fb5ac12a564a4","hashSHA1":"e4389eb042cd2366072641116cdb24bc10961dfd","hashSHA256":"9321207ceb5be1173444b5d3d0f4f9412af896b88bbaec74a01a62499aaea5b1","sourceIndex":"320","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"a1cleanz.exe","isInstaller":"True","companyName":"Super Win Software, Inc.                                    ","productName":"A1Click Ultra PC Cleaner (Trial Version)        ","fileVersion":"1.03.07","hashMD5":"df1aa4ee18943b50cf1ad217bd5ae5e7","hashSHA1":"046006b5aef113108d2a6b25a6d85fe5f8867826","hashSHA256":"c510db7ddc9c4e3bf14f108258cd228f26cb2e404a1388a7b6d7639bd06bdd03","sourceIndex":"320","avBlockList":["Avast Premium Security (20220728)","AVG Internet Security (20220728)","Avira Internet Security (20220728)","ESET Internet Security (20220728)","Kaspersky Internet Security (20220728)","McAfee Total Protection (20220728)","Norton Security (20220728)","Panda Dome (20220728)","Sophos Home Premium (20220728)","SpyHunter5 (20220728)","Total AV Antivirus Pro (20220728)","VirIT eXplorer PRO (20220728)","Webroot SecureAnywhere (20220728)","Windows Defender (20220728)"],"avAllowList":["360 Total Security (20220728)","Bitdefender Internet Security (20220728)","COMODO Antivirus (20220728)","Dr.Web Security Space (20220728)","G DATA INTERNET SECURITY (20220728)","K7 Total Security (20220728)","Malwarebytes Premium (20220728)","Quick Heal Internet Security (20220728)","Tencent PC Manager (20220728)","Trend Micro Internet Security (20220728)","VIPRE Advanced Security (20220728)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: pc cleaner","reference":"","landingPage":"https://a1click-ultra-pc-cleaner.apponic.com/","directDownloadingLink":"https://regvac.com/downloads/a1cleanz.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://regvac.com/downloads/a1cleanz.exe","sourceIndex":"320"}],"sampleFiles":["220614/A1ClickUltraPCCleaner-220614/1.03.07/Samples/A1Cleanr.exe","220614/A1ClickUltraPCCleaner-220614/1.03.07/Samples/a1cleanz.exe"],"imageFiles":["220614/A1ClickUltraPCCleaner-220614/1.03.07/Images/ACR-004/ACR-003_004_AlarmingExaggeratedScanReults.jpg","220614/A1ClickUltraPCCleaner-220614/1.03.07/Images/ACR-004/ACR-004_nofullfix.jpg","220614/A1ClickUltraPCCleaner-220614/1.03.07/Images/ACR-003/ACR-003_004_AlarmingExaggeratedScanReults.jpg","220614/A1ClickUltraPCCleaner-220614/1.03.07/Images/ACR-003/ACR-003_Problems.jpg"],"nonDeceptorImageFiles":["220614/A1ClickUltraPCCleaner-220614/1.03.07/Images/ACR-065/ACR-065_Install.gif","220614/A1ClickUltraPCCleaner-220614/1.03.07/Images/ACR-065/ACR-065_Software.jpg","220614/A1ClickUltraPCCleaner-220614/1.03.07/Images/ACR-065/ACR-065_OfferPafe-2.jpeg","220614/A1ClickUltraPCCleaner-220614/1.03.07/Images/ACR-065/ACR-065_OfferPage-1.jpeg"],"guid":"5943d280-4886-4cef-834e-faecafc94202_1.03.07_1","appID":"A1ClickUltraPCCleaner-220614","dateAdded":"220614","deceptorType":"App","name":"A1Click Ultra PC Cleaner","company":"Super Win Software, Inc.","version":"1.03.07","lastKnownStatus":"1.03.07","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T22:28:55.2087355+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1420},{"violations":{"ACR-109":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe offer page does not display links to the Returns and Cancellation Policy.\n","ACR-092":"The app does not have a digital signature for all the executables.\n","ACR-099":"The app's about page does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"pcswift.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"60a5ff516cfbee9ec8bf2e569f2469fb","hashSHA1":"625a865239352f3c17ec200692511624d0729441","hashSHA256":"8b0862403161f6c005e138e1729e25361e103f7bf4b5944ff8dbc069ec12cbf2","sourceIndex":"2425","avBlockList":["Avast Premium Security (20200616)","AVG Internet Security (20200616)","Avira Internet Security (20200616)","Bitdefender Internet Security (20200616)","Dr.Web Security Space (20200616)","ESET Internet Security (20200616)","G DATA INTERNET SECURITY (20200616)","K7 Total Security (20200616)","Kaspersky Internet Security (20200616)","Malwarebytes Premium (20200616)","McAfee Total Protection (20200616)","Norton Security (20200616)","Panda Dome (20200616)","Quick Heal Internet Security (20200616)","Sophos Home Premium (20200616)","SpyHunter5 (20200616)","Tencent PC Manager (20200616)","Total AV Antivirus Pro (20200616)","Trend Micro Internet Security (20200616)","VIPRE Advanced Security (20200616)","VirIT eXplorer PRO (20200616)","Webroot SecureAnywhere (20200616)","Windows Defender (20200616)"],"avAllowList":["360 Total Security (20200616)","COMODO Antivirus (20200616)"]},{"isRevoked":"False","fileName":"PCSwift .exe","fileVersion":"1.0","hashMD5":"df7983faaa715a0a712b82fa276c53ad","hashSHA1":"f91ed6f6271c386df70d1bdd6fa95ae845e72103","hashSHA256":"2c848e91cd055ce4658e4aaf171f7a7d16801fefc689cab980f63a104f5cb513","sourceIndex":"2425","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCSwiftRegister.exe","fileVersion":"1.0","hashMD5":"8086747421e99111bf9ef38788c8d29c","hashSHA1":"f0876f0196b680e90ed75ef59779655d09d5fda1","hashSHA256":"77cc69487be653f93c0f5132f9a30a8254d38ad17bc405659172a9dc80bc1d58","sourceIndex":"2425","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCSwiftUpdate.exe","fileVersion":"1.0","hashMD5":"c9f558eaaed66e3a6fcce218f56189e8","hashSHA1":"880b0b4106d944a15e661b29a2e6bea934bcfb82","hashSHA256":"f1c051c945ed5bc3ce54eb91e210a32d38a83977ee402f2ea307359bba29c0fd","sourceIndex":"2425","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rkverify.exe","companyName":"T M R G  , INC.","fileVersion":"0.2","hashMD5":"d44a13d7e798ea394c7272fc256e5d10","hashSHA1":"03046f04352be9b222bc8f15bdbc8ce3a24252a8","hashSHA256":"47890bc80911e6afdeee8aa8de5b678c74757dafd45225565141fdfc05e1b5c6","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2425","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google.Search \"clean up windows junk file\"","reference":"https://www.pgware.com","landingPage":"https://www.pgware.com","directDownloadingLink":"https://www.pgware.com/downloads/pcswift.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pgware.com/downloads/pcswift.exe","sourceIndex":"2425"}],"sampleFiles":["200528/PCSwift-200528/2.5.25.2020/Samples/pcswift.exe","200528/PCSwift-200528/2.5.25.2020/Samples/PCSwift .exe","200528/PCSwift-200528/2.5.25.2020/Samples/PCSwiftRegister.exe","200528/PCSwift-200528/2.5.25.2020/Samples/PCSwiftUpdate.exe","200528/PCSwift-200528/2.5.25.2020/Samples/rkverify.exe"],"imageFiles":["200528/PCSwift-200528/2.5.25.2020/Images/ACR-109/PCSwift_Install [4] RKVERIFY_FileRunning.png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-109/PCSwift_RKVERIFY_FileProperty.png"],"nonDeceptorImageFiles":["200528/PCSwift-200528/2.5.25.2020/Images/ACR-065/PCSwift_Install [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-092/PCSwift_FileProperties [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-065/PCSwift_About [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-065/PCSwift_Interaction [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-099/PCSwift_About [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-065/PGWARE_LandingPage [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-065/PGWARE_LandingPage [2].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-099/PGWARE_LandingPage [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-099/PGWARE_LandingPage [2].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-065/PGWARE_OfferPage [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-065/PGWARE_OfferPage [2].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-099/PGWARE_OfferPage [1].png","200528/PCSwift-200528/2.5.25.2020/Images/ACR-099/PGWARE_OfferPage [2].png"],"guid":"9ee3620d-e9d9-489f-84c6-0d58280a7572_2.5.25.2020_1","appID":"PCSwift-200528","dateAdded":"220606","deceptorType":"Bundler","name":"PCSwift 2 ","company":"PGWARE LLC","version":"2.5.25.2020","sigName":"Deceptor:Win32/PCSwift!109","lastKnownStatus":"2.5.25.2020;2.8.23.2021;2.3.7.2022","lastKnownDate":"220606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1425},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rk_setup.exe\" without disclosing it to the user and get user consent\n","ACR-057":"User can't decline offer to proceed installation\n","ACR-059":"The Offer is not clearly marked as an offer and who is recommending the offer is not clear.\n","ACR-155":"The Offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe offer page does not display links to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n","ACR-092":"The app does not have a digital signature for the main executables.\n","ACR-099":"The app's about page does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"pcswift .exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"aef0613cad49257ba019fd9c4e157f5b","hashSHA1":"5c7d8a68cb378db8b63b6989b40439ac2ab191a0","hashSHA256":"e102e5b1cf2809cbcb96511c72fe634b648d5943abf555eb67d35fa86c3bf6c5","sourceIndex":"1751","avBlockList":["Avast Premium Security (20211230)","AVG Internet Security (20211230)","Avira Internet Security (20211230)","Bitdefender Internet Security (20211230)","ESET Internet Security (20211230)","G DATA INTERNET SECURITY (20211230)","K7 Total Security (20211230)","Kaspersky Internet Security (20211230)","Malwarebytes Premium (20211230)","McAfee Total Protection (20211230)","Norton Security (20211230)","Panda Dome (20211230)","Quick Heal Internet Security (20211230)","Sophos Home Premium (20211230)","SpyHunter5 (20211230)","Tencent PC Manager (20211230)","Total AV Antivirus Pro (20211230)","VIPRE Advanced Security (20211230)","VirIT eXplorer PRO (20211230)","Webroot SecureAnywhere (20211230)","Windows Defender (20211230)"],"avAllowList":["360 Total Security (20211230)","COMODO Antivirus (20211230)","Dr.Web Security Space (20211230)","Trend Micro Internet Security (20211230)"]},{"isRevoked":"False","fileName":"PCSwift.exe","fileVersion":"1.0","hashMD5":"df2dee95970fb985b86af3f940daf814","hashSHA1":"25cbed0516f470b05b99f542ca0589640bf34ae8","hashSHA256":"971aab189e468f63665dd8fa757279d55e48a9814de097506a5d513b10e5d77a","sourceIndex":"1751","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.pgware.com","landingPage":"https://www.pgware.com","directDownloadingLink":"https://www.pgware.com/downloads/pcswift.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pgware.com/downloads/pcswift.exe","sourceIndex":"1751"}],"sampleFiles":["211222/PCSwift-200528/2.8.23.2021/Samples/pcswift .exe","211222/PCSwift-200528/2.8.23.2021/Samples/PCSwift.exe"],"imageFiles":["211222/PCSwift-200528/2.8.23.2021/Images/ACR-109/PCSwift_Install [2].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-057/PCSwift_Install [3].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-059/PCSwift_Install [3].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-155/PCSwift_Install [3].png"],"nonDeceptorImageFiles":["211222/PCSwift-200528/2.8.23.2021/Images/ACR-065/PCSwift_Install [3].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-065/PCSwift_Install [4].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-065/PCSwift_Install [6].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-106/PCSwift_Install [3].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-092/PCSwift_FileProperties [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-092/PCSwift_FileProperty [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-092/PCSwift_FileProperty [2].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-092/PCSwift_FileProperty [3].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-065/PCSwift_About [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-099/PCSwift_About [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-167/PCSwift_LandingPage [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-065/PCSwift_LandingPage [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-099/PCSwift_LandingPage [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-166/PCSwift_OfferPage [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-166/PCSwift_OfferPage [2].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-166/PCSwift_OfferPage [3].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-166/PCSwift_OfferPage [4].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-065/PCSwift_OfferPage [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-065/PCSwift_OfferPage [2].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-099/PCSwift_OfferPage [1].png","211222/PCSwift-200528/2.8.23.2021/Images/ACR-099/PCSwift_OfferPage [2].png"],"guid":"9ee3620d-e9d9-489f-84c6-0d58280a7572_2.8.23.2021_1","appID":"PCSwift-200528","dateAdded":"220606","deceptorType":"Bundler","name":"PCSwift 2 ","company":"PGWARE LLC","version":"2.8.23.2021","sigName":"Deceptor:Win32/PCSwift2!109057059155","lastKnownStatus":"2.5.25.2020;2.8.23.2021;2.3.7.2022","lastKnownDate":"220606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1424},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe offer page does not display links to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":" The app does not have a digital signature for the following components: \"pcswiftsetup.exe (Installer)\" and \"PCSwift.exe (Main executable)\". \n","ACR-099":"The app's about page does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PGWARE\\PCSwift\\PCSwift.exe","companyName":"","productName":"PCSwift","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"31fe16017122073ae5d4981e1d3f7604","hashSHA1":"54e593b0400d723dce8ec9d575b6746ae3df49e0","hashSHA256":"6280c1510e8b13e79aafbf157e69f2262c58af34f77da99a768854ef800c31f8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1119","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcswiftsetup.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"PCSwift                                                     ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"6a36e846dff0ddaea4ade777556fcd20","hashSHA1":"20744213f2fd746d260ec14a2c3a8213da80ead4","hashSHA256":"d767f0482dec9e8a55adc7b1506f1896dcad646d657860ffe8815941ed3ff4b2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1119","avBlockList":["360 Total Security (20221004)","Avast Premium Security (20221004)","AVG Internet Security (20221004)","Avira Internet Security (20221004)","Bitdefender Internet Security (20221004)","Dr.Web Security Space (20221004)","ESET Internet Security (20221004)","G DATA INTERNET SECURITY (20221004)","K7 Total Security (20221004)","Kaspersky Internet Security (20221004)","Malwarebytes Premium (20221004)","McAfee Total Protection (20221004)","Norton Security (20221004)","Panda Dome (20221004)","Quick Heal Internet Security (20221004)","Sophos Home Premium (20221004)","SpyHunter5 (20221004)","Total AV Antivirus Pro (20221004)","VIPRE Advanced Security (20221004)","VirIT eXplorer PRO (20221004)","Webroot SecureAnywhere (20221004)","Windows Defender (20221004)"],"avAllowList":["COMODO Antivirus (20221004)","Trend Micro Internet Security (20221004)"]},{"isRevoked":"False","fileName":"pcswift_1_Install.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","productName":"PCSwift      ","productVersion":"1.0.0.1    ","fileVersion":"1.0","hashMD5":"54976be9422aa77289e2733e624401b0","hashSHA1":"ba0d8f7bb5874ade1d81bc0fca26f5c85fec0686","hashSHA256":"5970f46a33e8edf1c6f304f348218ae1e3a019072e66dcb1871ed0fe0e94dcf5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"1119","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google.Search \"clean up windows junk file\"","reference":"https://www.pgware.com","landingPage":"https://www.pgware.com","directDownloadingLink":"https://www.pgware.com/downloads/pcswift.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pgware.com/downloads/pcswift.exe","sourceIndex":"1119"}],"sampleFiles":["220606/PCSwift-200528/2.3.7.2022/Samples/pcswift.exe","220606/PCSwift-200528/2.3.7.2022/Samples/pcswift_1_Install.exe"],"imageFiles":["220606/PCSwift-200528/2.3.7.2022/Images/ACR-109/ACR-109_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-048/ACR-048-1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-118/ACR-118_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-118/ACR-118_2.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-057/ACR-057_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-059/ACR-059_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-071/ACR-071_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220606/PCSwift-200528/2.3.7.2022/Images/ACR-065/ACR-065_Install_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-106/ACR-106_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-092/ACR-092_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-092/ACR-092_2.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-065/ACR-065_Software_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-099/ACR-099_Software_1.JPG","220606/PCSwift-200528/2.3.7.2022/Images/ACR-167/ACR-167.jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-065/ACR-065_LandingPage_1.jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-099/ACR-099.jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-166/ACR-166_1 (1).jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-166/ACR-166_1 (2).jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-166/ACR-166_3.jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-065/ACR-065_InternalOffers_1.jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-065/ACR-065_InternalOffers_2.jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-099/ACR-099_1.jpg","220606/PCSwift-200528/2.3.7.2022/Images/ACR-099/ACR-099_2.jpg"],"guid":"9ee3620d-e9d9-489f-84c6-0d58280a7572_2.3.7.2022_1","appID":"PCSwift-200528","dateAdded":"220606","deceptorType":"Bundler","name":"PCSwift 2 ","company":"PGWARE LLC","version":"2.3.7.2022","lastKnownStatus":"2.5.25.2020;2.8.23.2021;2.3.7.2022","lastKnownDate":"220606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:41.200618+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1423},{"violations":{"ACR-042":"1. The app  installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. Application silently installs the app \"LAV Filters\" without any disclosure to the user.\n","ACR-043":"1. The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n2. Open source  'ffmpeg'  is installed without disclosure.\n3. Application silently installs the app \"LAV filters\" without disclosing the relationship to the app during installation.\n","ACR-107":"The app doesn't disclose relevant license information about using the open source project  'ffmpeg'.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a trust root certificate.\n","ACR-118":"1. The self-signed trusted root certificate is not removed from the system after the application is uninstalled.\n2. When the consumer attempts to completely uninstall the app, it retains the \"LAV Filters\" application and its components on the device without the consumer's consent or notifying the user.\n","ACR-039":"Application silently installs the app \"LAV filters\" without disclosing the relationship to the app during installation.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-092":"The app's installer (StereoscopicPlayer251.exe) does not have an active digital signature.\n","ACR-123":"The app does not remove the Trusted Root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Stereoscopic Player\\StereoPlayer.exe","companyName":"3dtv.at","productName":"Stereoscopic Player","productVersion":"2.5.1.0","fileVersion":"2.5.1.0","hashMD5":"1e23ed47761deb5131e4c933f1cead30","hashSHA1":"0316d6e61f7542aa8132b2791e404614214d27b4","hashSHA256":"cb06c1f049cd5e60295dc70e6ae827a93ef3fe8e9b3386497a53d7d4ce539e36","digitalCertThumbprint":"34234BC6E9CEAD9A2D9D0B8133D09DFA33D41792","digitalCertIssuer":"3dtv.at Root","digitalCertIssuedTo":"3dtv.at","storeId":"","sourceIndex":"1571","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StereoscopicPlayer251.exe","isInstaller":"True","companyName":"3dtv.at","productName":"Stereoscopic Player","productVersion":"2.5.1","fileVersion":"2.5.1","hashMD5":"f3349aa54f739dbb8ab21ea3aad954d8","hashSHA1":"82f3f84247e3270885ba1a7991e566fe1a15de08","hashSHA256":"cd08ac328d16f7b8eb32e09a091754b24c35d9581555c54c0e519c4defba7782","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1571","avBlockList":["360 Total Security (20220609)","Avast Premium Security (20220609)","AVG Internet Security (20220609)","Avira Internet Security (20220609)","McAfee Total Protection (20220609)","Norton Security (20220609)","Sophos Home Premium (20220609)","SpyHunter5 (20220609)","Total AV Antivirus Pro (20220609)","VirIT eXplorer PRO (20220609)","Webroot SecureAnywhere (20220609)","Windows Defender (20220609)"],"avAllowList":["Bitdefender Internet Security (20220609)","COMODO Antivirus (20220609)","Dr.Web Security Space (20220609)","ESET Internet Security (20220609)","G DATA INTERNET SECURITY (20220609)","K7 Total Security (20220609)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20220609)","Panda Dome (20220609)","Quick Heal Internet Security (20220609)","Tencent PC Manager (20220609)","Trend Micro Internet Security (20220609)","VIPRE Advanced Security (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Installs root certificate","reference":"","landingPage":"https://3dtv.at/Products/Player/Index_en.aspx","directDownloadingLink":"https://3dtv.at/Downloads/StereoscopicPlayer251.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://3dtv.at/Downloads/StereoscopicPlayer251.exe","sourceIndex":"1571"}],"sampleFiles":["220606/stereoscopicplayer-220603/2.5.1/Samples/StereoscopicPlayer251.exe"],"imageFiles":["220606/stereoscopicplayer-220603/2.5.1/Images/ACR-039/ACR-039_1.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-039/ACR-039_2.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-043/ACR-043_1.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-043/ACR-043 (1).JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-043/ACR-043 (2).JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-107/ACR-107_1.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-042/ACR-042_1.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-042/ACR-042_2.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-118/ACR-118_Uninstall_2.JPG"],"nonDeceptorImageFiles":["220606/stereoscopicplayer-220603/2.5.1/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220606/stereoscopicplayer-220603/2.5.1/Images/ACR-123/ACR-123_Uninstall_1.JPG"],"guid":"30b2d9d6-d3ec-48f3-90ee-b8926d75bc95_2.5.1_1","appID":"stereoscopicplayer-220603","dateAdded":"220606","deceptorType":"App","name":"Stereoscopic Player","company":"3dtv.at","version":"2.5.1","lastKnownStatus":"2.5.1","lastKnownDate":"220606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-06T20:05:28.9061053+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1422},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission.\n","ACR-043":"1. The \"webtorrent\" components get dropped in one click without disclosing.\n2. \"ffmpeg\" components are installed without disclosing it.\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package\n","ACR-048":"The app does not provide any control to close the processes that runs silently in the background within the app's settings.\n","ACR-084":"1. On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n2. The application runs in the system tray immediately after installation without any notification, thus attempting to hide its presence from the consumer.\n"},"nonDeceptorViolations":{"ACR-040":"The app is located inside a hidden system file, which prevents the consumer from being able to find it.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\WebTorrent\\app-0.24.0\\WebTorrent.exe","companyName":"WebTorrent","productName":"WebTorrent","productVersion":"0.24.0","fileVersion":"0.108.6","hashMD5":"5a5c4843dcc9fb8643f6a80d33e76228","hashSHA1":"80efa28c0d2c92c717f19132e616392443190b71","hashSHA256":"9d08f1f0215b0f7e18ca62a54d69c5ce32bf348561a65bd6caf1b10c537cbb02","digitalCertThumbprint":"51F7BBB795AB831B3B7ECE00EC212711875D68F4","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"WEBTORRENT LLC","storeId":"","sourceIndex":"1570","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\WebTorrent\\WebTorrent.exe","companyName":"WebTorrent","productName":"WebTorrent","productVersion":"0.24.0","fileVersion":"0.108.6","hashMD5":"552ebda2b2864c1ffdeffc862e167207","hashSHA1":"1614b2426599e95053c5644ebd12ef55127d8f3e","hashSHA256":"2b3e3c8fbfbafb5565e929ef48d6a1e436506cd91d868be38b77ac3bc12a9efa","digitalCertThumbprint":"51F7BBB795AB831B3B7ECE00EC212711875D68F4","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"WEBTORRENT LLC","storeId":"","sourceIndex":"1570","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WebTorrentSetup-v0.24.0.exe","isInstaller":"True","companyName":"WebTorrent LLC","productName":"WebTorrent","productVersion":"0.24.0","fileVersion":"0.24.0","hashMD5":"e3921e5c2119b846307a791b7e72add2","hashSHA1":"bff9ecd3a1cffcc0565958cdff1ce64acf025387","hashSHA256":"08b97a6a4b5999bd0f0c2f0eb368eb938a16c373999b672db24ea89664d35714","digitalCertThumbprint":"51F7BBB795AB831B3B7ECE00EC212711875D68F4","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"WEBTORRENT LLC","storeId":"","sourceIndex":"1570","avBlockList":["360 Total Security (20220609)","Avast Premium Security (20220609)","AVG Internet Security (20220609)","Avira Internet Security (20220609)","McAfee Total Protection (20220609)","Norton Security (20220609)","Panda Dome (20220609)","Sophos Home Premium (20220609)","SpyHunter5 (20220609)","Total AV Antivirus Pro (20220609)","VirIT eXplorer PRO (20220609)","Windows Defender (20220609)"],"avAllowList":["Bitdefender Internet Security (20220609)","COMODO Antivirus (20220609)","Dr.Web Security Space (20220609)","ESET Internet Security (20220609)","G DATA INTERNET SECURITY (20220609)","K7 Total Security (20220609)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20220609)","Quick Heal Internet Security (20220609)","Tencent PC Manager (20220609)","Trend Micro Internet Security (20220609)","VIPRE Advanced Security (20220609)","Webroot SecureAnywhere (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on torrent apps","reference":"","landingPage":"https://webtorrent.io/","directDownloadingLink":"https://webtorrent.io/desktop-download/windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://webtorrent.io/desktop-download/windows","sourceIndex":"1570"}],"sampleFiles":["220606/webtorrent-220603/0.24.0/Samples/WebTorrentSetup-v0.24.0.exe"],"imageFiles":["220606/webtorrent-220603/0.24.0/Images/ACR-043/ACR-043_Install.mp4","220606/webtorrent-220603/0.24.0/Images/ACR-043/ACR-043_Install_1.JPG","220606/webtorrent-220603/0.24.0/Images/ACR-107/ACR-107_Install.JPG","220606/webtorrent-220603/0.24.0/Images/ACR-042/ACR-042_Install.mp4","220606/webtorrent-220603/0.24.0/Images/ACR-084/ACR-084_Software.JPG","220606/webtorrent-220603/0.24.0/Images/ACR-084/ACR-084_Software.mp4","220606/webtorrent-220603/0.24.0/Images/ACR-048/ACR-048_Software.JPG"],"nonDeceptorImageFiles":["220606/webtorrent-220603/0.24.0/Images/ACR-040/ACR-040_Install.JPG","220606/webtorrent-220603/0.24.0/Images/ACR-040/ACR-040_Install_1.JPG"],"guid":"e049fbbe-94f1-478f-99f8-9a15ab7544c6_0.24.0_1","appID":"webtorrent-220603","dateAdded":"220606","deceptorType":"App","name":"Web Torrent","company":"WebTorrent, LLC","version":"0.24.0","lastKnownStatus":"0.24.0","lastKnownDate":"220606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-06T20:37:58.5071541+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1421},{"violations":{"ACR-109":" The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-043":"Open source  'ffmpeg'  is installed without disclosure.\n","ACR-047":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-107":"The app doesn't disclose relevant license information about using the open-source project  'ffmpeg'.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\nThe app does not provide an option to close the update prompt and cancel the startup on its own.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-083":"The app attempts to present the offer repeatedly via its update and startup.\n","ACR-084":"The app creates a startup entry without the user's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-122":"The app displays a notification stating \"Update recommended\" which downloads the app and asks the user to install it by displaying the install prompt. This scenario is observed after uninstall and reboot.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-075":"After the app is installed, it prompts the user with an \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app and re-runs the install and the offers that the consumer has previously declined.\n","ACR-014":"The app misleads users that they need to install an update while actually, it tries to install the pre-declined component by the user during the install.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app's main executable (FreeVideoToMp3WmaConverter.exe) does not have a digital signature.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Free Video to MP3 WMA Converter\\FreeVideoToMp3WmaConverter.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8e1fce3fd3f9e33e4608628f90039002","hashSHA1":"8db90ba8daa5839d4afa7902ccd5aab495f0a93f","hashSHA256":"0d6afa1b5e28953301c26e36227769014bb5b897c8c269da5d9806b009ca8025","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1572","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeVideoToMp3WmaConverter1.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech Inc.                                ","productName":"Free Video to MP3 WMA Converter                             ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"3525f0127ca93f7b3048ca24762308ae","hashSHA1":"0fcbcefdf0a6592431b11c53446448ac75d41f64","hashSHA256":"bf9792fb741df3e35965433f25ff2d29d87f56e6948303391261a3cb0684ef09","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1572","avBlockList":["Avast Premium Security (20220609)","AVG Internet Security (20220609)","Avira Internet Security (20220609)","Bitdefender Internet Security (20220609)","COMODO Antivirus (20220609)","Dr.Web Security Space (20220609)","ESET Internet Security (20220609)","G DATA INTERNET SECURITY (20220609)","K7 Total Security (20220609)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20220609)","McAfee Total Protection (20220609)","Norton Security (20220609)","Panda Dome (20220609)","Quick Heal Internet Security (20220609)","Sophos Home Premium (20220609)","SpyHunter5 (20220609)","Total AV Antivirus Pro (20220609)","Trend Micro Internet Security (20220609)","VIPRE Advanced Security (20220609)","VirIT eXplorer PRO (20220609)","Webroot SecureAnywhere (20220609)","Windows Defender (20220609)"],"avAllowList":["360 Total Security (20220609)","Tencent PC Manager (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Favsoft related apps","reference":"","landingPage":"https://www.freeaudiovideosoft.com/video-software-for-windows/free-video-to-mp3-converter/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeVideoToMp3WmaConverter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freeaudiovideosoft.com/files/FreeVideoToMp3WmaConverter.exe","sourceIndex":"1572"}],"sampleFiles":["220606/freevideotomp3wmaconverter-220603/8.8.0/Samples/FreeVideoToMp3WmaConverter.exe"],"imageFiles":["220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-109/ACR-109_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-043/ACR-043_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-047/ACR-047_1.mp4","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-107/ACR-107.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-048/ACR-048_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-083/ACR-083.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-084/ACR-084_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-048/ACR-048_Software_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-048/ACR-048_2.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-014/ACR-014_Software.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-014/ACR-014_Software_1.mp4","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-118/ACR-118_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-118/ACR-118_2.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-118/ACR-118_3.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-122/ACR-122.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-075/ACR-075_Bundler-MadeOffers.mp4","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-057/ACR-057_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-059/ACR-059_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-071/ACR-071_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-106/ACR-106_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-092/ACR-092_1.JPG","220606/freevideotomp3wmaconverter-220603/8.8.0/Images/ACR-123/ACR-123.JPG"],"guid":"a2802658-b8ef-4126-9505-3f24bfadcee0_8.8.0_1","appID":"freevideotomp3wmaconverter-220603","dateAdded":"220606","deceptorType":"Bundler","name":"Free Video to MP3 WMA Converter","company":"FreeAudioVideoSoftTech, Inc.","version":"8.8.0","lastKnownStatus":"8.8.0","lastKnownDate":"220606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-06T20:01:46.3105078+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1426},{"violations":{"ACR-003":"The App exaggerates free scan results with alarming colors and unsubstantiated risk level in the system to compel user to immediately take action. \n","ACR-004":"The App can only fix up to 5 system vulnerabilities and upsells to a subscription service. It also exaggerates free scan results with alarming colors and alarm the user by saying there is a severe security problem in the system to compel user to immediately take action. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-092":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"SystemDoctor.exe","companyName":"WinMend.com","fileVersion":"1.6","hashMD5":"01a11205c9502f3c0679bfe99718d7fc","hashSHA1":"8a302903bad4e6f444ea48c878b093a8c88250e4","hashSHA256":"6b1cc08800af2aa7958654ce1067ba221193f36f8648a0ace72ab4f72ae1f300","sourceIndex":"305","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinMend-System-Doctor.exe","isInstaller":"True","companyName":"WinMend.com                                                 ","fileVersion":"0.0","hashMD5":"f9dd1a504aa9c167fc56c55ed8e5b2d9","hashSHA1":"1ab4fe4c71e57038a58ea2ddb86786b13cf37629","hashSHA256":"c54cd1dcf2b87378537a8a9aeb668744c48f280bda18f33ac56a17e31ff6b37b","sourceIndex":"305","avBlockList":["Avast Premium Security (20220609)","AVG Internet Security (20220609)","Avira Internet Security (20220609)","Bitdefender Internet Security (20220609)","Dr.Web Security Space (20220609)","ESET Internet Security (20220609)","K7 Total Security (20220609)","Kaspersky Internet Security (20220609)","McAfee Total Protection (20220609)","Norton Security (20220609)","Panda Dome (20220609)","Sophos Home Premium (20220609)","SpyHunter5 (20220609)","Total AV Antivirus Pro (20220609)","VirIT eXplorer PRO (20220609)","Windows Defender (20220609)"],"avAllowList":["360 Total Security (20220609)","COMODO Antivirus (20220609)","G DATA INTERNET SECURITY (20220609)","Malwarebytes Premium (20220609)","Quick Heal Internet Security (20220609)","Tencent PC Manager (20220609)","Trend Micro Internet Security (20220609)","VIPRE Advanced Security (20220609)","Webroot SecureAnywhere (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search: System cleaner tools","reference":"","landingPage":"https://winmend-system-doctor.de.malavida.com/windows/","directDownloadingLink":"https://winmend-system-doctor.de.malavida.com/windows/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://winmend-system-doctor.de.malavida.com/windows/download","sourceIndex":"305"}],"sampleFiles":["220602/WinMendSystemDoctor-220602/1.6.7/Samples/SystemDoctor.exe","220602/WinMendSystemDoctor-220602/1.6.7/Samples/WinMend-System-Doctor.exe"],"imageFiles":["220602/WinMendSystemDoctor-220602/1.6.7/Images/ACR-004/ACR-004_ExaggeratedScanResult.jpg","220602/WinMendSystemDoctor-220602/1.6.7/Images/ACR-004/ACR-004_NoFix.jpg","220602/WinMendSystemDoctor-220602/1.6.7/Images/ACR-003/ACR-004_ExaggeratedScanResult.jpg","220602/WinMendSystemDoctor-220602/1.6.7/Images/ACR-003/ACR-003_ExaggeratedScanResults.gif"],"nonDeceptorImageFiles":["220602/WinMendSystemDoctor-220602/1.6.7/Images/ACR-065/NoLinkDocs.jpg","220602/WinMendSystemDoctor-220602/1.6.7/Images/ACR-092/ACR-092_NoDigiSig.jpg","220602/WinMendSystemDoctor-220602/1.6.7/Images/ACR-065/WinMendSysDoc_About.jpg","220602/WinMendSystemDoctor-220602/1.6.7/Images/ACR-099/WinMendSysDoc_About.jpg"],"guid":"b492f2e5-d318-4177-bb4b-8eab66888a00_1.6.7_1","appID":"WinMendSystemDoctor-220602","dateAdded":"220602","deceptorType":"App","name":"WinMend System Doctor","company":"WinMend.com","version":"1.6.7","lastKnownStatus":"1.6.7","lastKnownDate":"241211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-12-11T21:31:21.6646705+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1427},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-107":"The app does not disclose relevant license information about 'FFmpeg' package.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"MP4ConverterSetup.exe (Installer)\" and \"MP4 Converter.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MP4 Converter\\MP4 Converter.exe","companyName":"vsevensoft.com","productName":"MP4 Converter","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"26042c9541746a6c04919cc844bbcd26","hashSHA1":"7f69361ce3068dc0893d8f5e9c27f108337369fd","hashSHA256":"7663e92017af9f2794be4dce0361fa1b888015a626c4c35d9a859dd40625add3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1579","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MP4ConverterSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"VSeven MP4 Converter                                        ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"5ead5aaa931da0334581c97cbf25315e","hashSHA1":"de089199946943fbc74b8dbca5b6b56ccd11c63c","hashSHA256":"7d46e64261d8beb654a4d1bdb67aaa70dcbc3d57ab25f8997187f8a49b61f9ea","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1579","avBlockList":["360 Total Security (20220609)","Avast Premium Security (20220609)","AVG Internet Security (20220609)","Avira Internet Security (20220609)","Bitdefender Internet Security (20220609)","COMODO Antivirus (20220609)","Dr.Web Security Space (20220609)","ESET Internet Security (20220609)","G DATA INTERNET SECURITY (20220609)","K7 Total Security (20220609)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20220609)","McAfee Total Protection (20220609)","Norton Security (20220609)","Panda Dome (20220609)","Quick Heal Internet Security (20220609)","Sophos Home Premium (20220609)","SpyHunter5 (20220609)","Total AV Antivirus Pro (20220609)","Trend Micro Internet Security (20220609)","VIPRE Advanced Security (20220609)","VirIT eXplorer PRO (20220609)","Webroot SecureAnywhere (20220609)","Windows Defender (20220609)"],"avAllowList":["Tencent PC Manager (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.vsevensoft.com/mp4-converter.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/MP4ConverterSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/MP4ConverterSetup.exe","sourceIndex":"1579"}],"sampleFiles":["220601/mp4converter-220527/1.0.1/Samples/MP4ConverterSetup.exe"],"imageFiles":["220601/mp4converter-220527/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-107/ACR-107_1.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline..JPG","220601/mp4converter-220527/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-118/ACR-118_1.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-118/ACR-118_2.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-118/ACR-118_3.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-057/ACR-057_1.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-059/ACR-059_1.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-071/ACR-071_1.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220601/mp4converter-220527/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-092/ACR-092_1.JPG","220601/mp4converter-220527/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"b0004439-2593-4539-95cf-d336c762ee65_1.0.1_1","appID":"mp4converter-220527","dateAdded":"220601","deceptorType":"App","name":"MP4 Converter","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"220601","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-01T20:04:18.8504703+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1428},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"MOVPlayerSetup.exe (Installer)\" and \"MOV Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MOV Player\\MOV Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"a314665490ae6158b496d0452d43e8d7","hashSHA1":"64bf29bc5902a7eee719c790cd2d316ae52e9fb2","hashSHA256":"bb692e4b2e2bc882a6f6dfe4f518eb0bf5c4ef98b045abb1eef03505879edd58","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1580","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MOVPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"MOV Player                                                  ","productVersion":"1.0.2                                             ","fileVersion":"1.0.2               ","hashMD5":"d1fcca9a11d4d4399627cefd2909974c","hashSHA1":"ab4f2afc95bcd86b6a19d78872435f3d965c094d","hashSHA256":"d6a5dde82155104029c6727917b503705a717988e8d9c81b552a90eb520d0077","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1580","avBlockList":["360 Total Security (20220609)","Avast Premium Security (20220609)","AVG Internet Security (20220609)","Avira Internet Security (20220609)","Bitdefender Internet Security (20220609)","COMODO Antivirus (20220609)","Dr.Web Security Space (20220609)","ESET Internet Security (20220609)","G DATA INTERNET SECURITY (20220609)","K7 Total Security (20220609)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20220609)","McAfee Total Protection (20220609)","Norton Security (20220609)","Panda Dome (20220609)","Quick Heal Internet Security (20220609)","Sophos Home Premium (20220609)","SpyHunter5 (20220609)","Total AV Antivirus Pro (20220609)","Trend Micro Internet Security (20220609)","VIPRE Advanced Security (20220609)","VirIT eXplorer PRO (20220609)","Webroot SecureAnywhere (20220609)","Windows Defender (20220609)"],"avAllowList":["Tencent PC Manager (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.vsevensoft.com/mov-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/MOVPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/MOVPlayerSetup.exe","sourceIndex":"1580"}],"sampleFiles":["220601/movplayer-220527/1.0.2/Samples/MOVPlayerSetup.exe"],"imageFiles":["220601/movplayer-220527/1.0.2/Images/ACR-155/ACR-155_1.JPG","220601/movplayer-220527/1.0.2/Images/ACR-071/ACR-071_1.JPG","220601/movplayer-220527/1.0.2/Images/ACR-059/ACR-059_1.JPG","220601/movplayer-220527/1.0.2/Images/ACR-057/ACR-057_1.JPG","220601/movplayer-220527/1.0.2/Images/ACR-010/ACR-010.JPG","220601/movplayer-220527/1.0.2/Images/ACR-118/ACR-118_1.JPG","220601/movplayer-220527/1.0.2/Images/ACR-118/ACR-118_2.JPG","220601/movplayer-220527/1.0.2/Images/ACR-118/ACR-118_3.JPG","220601/movplayer-220527/1.0.2/Images/ACR-109/ACR-109.JPG","220601/movplayer-220527/1.0.2/Images/ACR-048/ACR-048_1.JPG"],"nonDeceptorImageFiles":["220601/movplayer-220527/1.0.2/Images/ACR-092/ACR-092_1.JPG","220601/movplayer-220527/1.0.2/Images/ACR-092/ACR-092_2.JPG","220601/movplayer-220527/1.0.2/Images/ACR-106/ACR-106.JPG"],"guid":"94dc32f6-5483-46ed-a82f-87dd78ad157b_1.0.2_1","appID":"movplayer-220527","dateAdded":"220601","deceptorType":"App","name":"MOV Player","company":"vsevensoft.com","version":"1.0.2","lastKnownStatus":"1.0.2","lastKnownDate":"220601","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-01T20:02:55.741843+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1429},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"XVIDPlayerSetup.exe (Installer)\" and \"XVID Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\XVID Player\\XVID Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"875baf2187ca620f2f995f64c84bd497","hashSHA1":"364aa441a492ebb6d3a3166bcca8db18f3930093","hashSHA256":"2b0b4fc9cfaff449a9a8b783175647e38e143491d47f142610b9f1076066d203","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1581","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"XVIDPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"XVID Player                                                 ","productVersion":"2.3                                               ","fileVersion":"2.3                 ","hashMD5":"6609e9faf86f98db485bb060ca108907","hashSHA1":"c9e37c171ada0372b3eea6be30dea2372c638c11","hashSHA256":"24f6deebf3e12ec9de175fda90391b86b1fbc44252c317e15018ba058d3ad600","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1581","avBlockList":["360 Total Security (20220607)","Avast Premium Security (20220607)","AVG Internet Security (20220607)","Avira Internet Security (20220607)","Bitdefender Internet Security (20220607)","COMODO Antivirus (20220607)","Dr.Web Security Space (20220607)","ESET Internet Security (20220607)","G DATA INTERNET SECURITY (20220607)","K7 Total Security (20220607)","Kaspersky Internet Security (20220607)","Malwarebytes Premium (20220607)","McAfee Total Protection (20220607)","Norton Security (20220607)","Panda Dome (20220607)","Quick Heal Internet Security (20220607)","Sophos Home Premium (20220607)","SpyHunter5 (20220607)","Total AV Antivirus Pro (20220607)","Trend Micro Internet Security (20220607)","VIPRE Advanced Security (20220607)","VirIT eXplorer PRO (20220607)","Webroot SecureAnywhere (20220607)","Windows Defender (20220607)"],"avAllowList":["Tencent PC Manager (20220607)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.vsevensoft.com/xvid-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/XVIDPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/XVIDPlayerSetup.exe","sourceIndex":"1581"}],"sampleFiles":["220531/xvidplayer-220527/2.3/Samples/XVIDPlayerSetup.exe"],"imageFiles":["220531/xvidplayer-220527/2.3/Images/ACR-109/ACR-109_1.JPG","220531/xvidplayer-220527/2.3/Images/ACR-048/ACR-048_1.JPG","220531/xvidplayer-220527/2.3/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220531/xvidplayer-220527/2.3/Images/ACR-118/ACR-118_1.JPG","220531/xvidplayer-220527/2.3/Images/ACR-118/ACR-118_2.JPG","220531/xvidplayer-220527/2.3/Images/ACR-118/ACR-118_3.JPG","220531/xvidplayer-220527/2.3/Images/ACR-057/ACR-057_1.JPG","220531/xvidplayer-220527/2.3/Images/ACR-059/ACR-059_1.JPG","220531/xvidplayer-220527/2.3/Images/ACR-071/ACR-071_1.JPG","220531/xvidplayer-220527/2.3/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220531/xvidplayer-220527/2.3/Images/ACR-106/ACR-106_1.JPG","220531/xvidplayer-220527/2.3/Images/ACR-092/ACR-092_1.JPG","220531/xvidplayer-220527/2.3/Images/ACR-092/ACR-092_2.JPG"],"guid":"0946a4f3-573f-4fc1-b4e8-d258b6e3eda3_2.3_1","appID":"xvidplayer-220527","dateAdded":"220531","deceptorType":"App","name":"XVID Player","company":"vsevensoft.com","version":"2.3","lastKnownStatus":"2.3","lastKnownDate":"220531","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-31T23:29:20.3265156+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1430},{"violations":{"ACR-003":"The app shows alarming color graphs and displays unsubstantiated status as \"Critical\" and \"Serious\", implying the issues that mislead the user to take action, and does not provide a free fix for the identified issues during the Free scan.\n","ACR-004":"The app does not provide a free fix for all the identified issues shown during the Free scan. The app repairs only a few items during the first fix and in the next subsequent fixes but does not completely fix all the issues that have been listed. Also, the app exaggerates by displaying big sized exclamation symbol with an \"Attention\" note before the scan thus making the consumer believe they have an issue, a problem in their system.\n","ACR-014":"The app displays the misleading words \"Errors\" and \"Problems\" in the software and exaggeratedly claims system health conditions as \"Critical\" and \"Serious\". \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\IQMango\\PCCleaner\\PC Cleaner.exe","companyName":"IQMango","productName":"PC_Cleaner","productVersion":"1.0.6","fileVersion":"1.0.6","hashMD5":"ed6e462f34146bdd92bcf8c9774e7745","hashSHA1":"a081d3e7b670911446c656e52f5d3a76a422acd1","hashSHA256":"f46e36f4c8d620d792e11793e5fb0a58ab51c2aac2f66fd132730101ad1911b7","digitalCertThumbprint":"B482F259680749F8D10903120C818BABFC90B17D","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"cyan soft ltd","storeId":"","sourceIndex":"1586","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IQmango_PCCleaner_1.0.6-Setup.exe","isInstaller":"True","companyName":"IQMango","productName":"PCCleaner","productVersion":"1.0.6","fileVersion":"1.0.6","hashMD5":"d6062529b19515d5ac69f2c50d7de745","hashSHA1":"8c60056f9ffd387bca8772cde22a1bf4fc68bfbd","hashSHA256":"25bb4cdebb020c38fd4bcb5490e6ba84c3811bff5c0c0dcdf82579762e331a3a","digitalCertThumbprint":"B482F259680749F8D10903120C818BABFC90B17D","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"cyan soft ltd","storeId":"","sourceIndex":"1586","avBlockList":["Avast Premium Security (20220609)","AVG Internet Security (20220609)","Avira Internet Security (20220609)","Bitdefender Internet Security (20220609)","ESET Internet Security (20220609)","G DATA INTERNET SECURITY (20220609)","K7 Total Security (20220609)","McAfee Total Protection (20220609)","Norton Security (20220609)","Sophos Home Premium (20220609)","SpyHunter5 (20220609)","Total AV Antivirus Pro (20220609)","VIPRE Advanced Security (20220609)","VirIT eXplorer PRO (20220609)","Webroot SecureAnywhere (20220609)","Windows Defender (20220609)"],"avAllowList":["360 Total Security (20220609)","COMODO Antivirus (20220609)","Dr.Web Security Space (20220609)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20220609)","Panda Dome (20220609)","Quick Heal Internet Security (20220609)","Tencent PC Manager (20220609)","Trend Micro Internet Security (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Random utility apps hunt","reference":"","landingPage":"http://iqmango.com/pc-cleaner.php","directDownloadingLink":"http://iqmango.com/thank_you.php?p=PCCLEANER","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://iqmango.com/thank_you.php?p=PCCLEANER","sourceIndex":"1586"}],"sampleFiles":["220531/pccleaner-220530/1.0.6/Samples/IQmango_PCCleaner_1.0.6-Setup.exe"],"imageFiles":["220531/pccleaner-220530/1.0.6/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","220531/pccleaner-220530/1.0.6/Images/ACR-004/ACR-004_Software_NoFreeFix_1.JPG","220531/pccleaner-220530/1.0.6/Images/ACR-004/ACR-004_Software_NoFreeFix_2.JPG","220531/pccleaner-220530/1.0.6/Images/ACR-004/ACR-004_Software_Exclamation.JPG","220531/pccleaner-220530/1.0.6/Images/ACR-003/ACR-003.JPG","220531/pccleaner-220530/1.0.6/Images/ACR-003/ACR-003_1.JPG","220531/pccleaner-220530/1.0.6/Images/ACR-003/ACR-003_2.JPG","220531/pccleaner-220530/1.0.6/Images/ACR-014/ACR-014_Software_Misleading_Words.JPG"],"nonDeceptorImageFiles":[],"guid":"bf699998-c8d0-4a7c-8562-2c8f63d14554_1.0.6_1","appID":"pccleaner-220530","dateAdded":"220531","deceptorType":"App","name":"PC Cleaner","company":"IQMango","version":"1.0.6","lastKnownStatus":"1.0.6","lastKnownDate":"220531","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-31T23:18:10.0260333+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1431},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"M4VPlayerSetup.exe (Installer)\" and \"M4V Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\M4V Player\\M4V Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8f51c9d4beac645f21c9a423391f34c0","hashSHA1":"0052beb844c2d962bfcec6f3fb3b0ff93320e13e","hashSHA256":"30c9bca02c72aa689fade5853a1d14babb374d215efc9d45e64328efed21a534","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1583","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"M4VPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"M4V Player                                                  ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"227be90dcacba9df27c43ed55577f194","hashSHA1":"04daca50d44640b63a7752ab92f86c6caf75cd8f","hashSHA256":"115d8dd82d99c15156ba5dcbd617edffbb8fb4abf106d17f211ba66b43e193a3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1583","avBlockList":["360 Total Security (20220609)","Avast Premium Security (20220609)","AVG Internet Security (20220609)","Avira Internet Security (20220609)","Bitdefender Internet Security (20220609)","COMODO Antivirus (20220609)","Dr.Web Security Space (20220609)","ESET Internet Security (20220609)","G DATA INTERNET SECURITY (20220609)","K7 Total Security (20220609)","Kaspersky Internet Security (20220609)","Malwarebytes Premium (20220609)","McAfee Total Protection (20220609)","Norton Security (20220609)","Panda Dome (20220609)","Quick Heal Internet Security (20220609)","Sophos Home Premium (20220609)","SpyHunter5 (20220609)","Total AV Antivirus Pro (20220609)","Trend Micro Internet Security (20220609)","VIPRE Advanced Security (20220609)","VirIT eXplorer PRO (20220609)","Webroot SecureAnywhere (20220609)","Windows Defender (20220609)"],"avAllowList":["Tencent PC Manager (20220609)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.vsevensoft.com/m4v-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/M4VPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/M4VPlayerSetup.exe","sourceIndex":"1583"}],"sampleFiles":["220531/m4vplayer-220527/1.0.1/Samples/M4VPlayerSetup.exe"],"imageFiles":["220531/m4vplayer-220527/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-057/ACR-057_1.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-059/ACR-059_1.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-071/ACR-071_1.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-155/ACR-155_1.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-118/ACR-118_1.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-118/ACR-118_2.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-118/ACR-118_3.JPG"],"nonDeceptorImageFiles":["220531/m4vplayer-220527/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-092/ACR-092_1.JPG","220531/m4vplayer-220527/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"578cdd21-9012-4535-8166-b57dbc3e496e_1.0.1_1","appID":"m4vplayer-220527","dateAdded":"220531","deceptorType":"App","name":"M4V Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"220531","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-31T23:25:43.1128736+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1432},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"FLACPlayerSetup.exe (Installer)\" and \"FLAC Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\FLAC Player\\FLAC Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"377231216ce56267c7e14a572e8907bb","hashSHA1":"1943b2b2bcc0c1d8e4939cc5c593c1a8a49f8c9a","hashSHA256":"8084ae3db32a691294b65b9a638dc8c1612854c07c9d77e880b88c91c963416f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1589","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FLACPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"FLAC Player                                                 ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"8e5a3590822dfad16a0d4778153b38b7","hashSHA1":"51bb1cd775ad9de16d1a0a78262dd5a705eb55db","hashSHA256":"9b5ca163593269e31104e374ce30a42e1caa706fbb341c33bf46fce04d0bbcf6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1589","avBlockList":["Avast Premium Security (20220602)","AVG Internet Security (20220602)","Avira Internet Security (20220602)","Bitdefender Internet Security (20220602)","COMODO Antivirus (20220602)","Dr.Web Security Space (20220602)","ESET Internet Security (20220602)","G DATA INTERNET SECURITY (20220602)","K7 Total Security (20220602)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Panda Dome (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","VIPRE Advanced Security (20220602)","VirIT eXplorer PRO (20220602)","Webroot SecureAnywhere (20220602)","Windows Defender (20220602)"],"avAllowList":["360 Total Security (20220602)","Quick Heal Internet Security (20220602)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.vsevensoft.com/flac-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/FLACPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/FLACPlayerSetup.exe","sourceIndex":"1589"}],"sampleFiles":["220526/flacplayer-220526/1.0.1/Samples/FLACPlayerSetup.exe"],"imageFiles":["220526/flacplayer-220526/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-118/ACR-118_1.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-118/ACR-118_2.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-118/ACR-118_3.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-057/ACR-057_1.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-059/ACR-059_1.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-071/ACR-071_1.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220526/flacplayer-220526/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-092/ACR-092_1.JPG","220526/flacplayer-220526/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"f45aa32f-0b5c-4bb9-b3a8-5343d3d4bf62_1.0.1_1","appID":"flacplayer-220526","dateAdded":"220526","deceptorType":"App","name":"FLAC Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"220526","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-27T04:42:48.9380766+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1433},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"3GPMediaPlayerSetup.exe (Installer)\" and \"3GP Media Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\3GP Media Player\\3GP Media Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6d4414c73caabc7285e556d7a3c4f24a","hashSHA1":"669f8b392b5a8d0f5f74ed4c224c21334352c6a1","hashSHA256":"b8b837765c2191ee5cca67c0885cb3647307b6030dab4d996890517cbf5136c9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1588","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"3GPMediaPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"3GP Media Player                                            ","productVersion":"1.0.2                                             ","fileVersion":"1.0.2               ","hashMD5":"931e3056d3d71c10ee72c1edd98d4f74","hashSHA1":"2c91584b68074463ed12c8dae30c9c7c5bd46dbc","hashSHA256":"802f99a1f986f6415819afa4231a961805408ecd19e4fac992883da11c242ef5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1588","avBlockList":["360 Total Security (20220602)","Avast Premium Security (20220602)","AVG Internet Security (20220602)","Avira Internet Security (20220602)","Bitdefender Internet Security (20220602)","COMODO Antivirus (20220602)","Dr.Web Security Space (20220602)","ESET Internet Security (20220602)","G DATA INTERNET SECURITY (20220602)","K7 Total Security (20220602)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Panda Dome (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","Trend Micro Internet Security (20220602)","VIPRE Advanced Security (20220602)","VirIT eXplorer PRO (20220602)","Webroot SecureAnywhere (20220602)","Windows Defender (20220602)"],"avAllowList":["Quick Heal Internet Security (20220602)","Tencent PC Manager (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant Knowledge apps","reference":"","landingPage":"https://www.vsevensoft.com/3gp-media-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/3GPMediaPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/3GPMediaPlayerSetup.exe","sourceIndex":"1588"}],"sampleFiles":["220526/3gpmediaplayer-220526/1.0.2/Samples/3GPMediaPlayerSetup.exe"],"imageFiles":["220526/3gpmediaplayer-220526/1.0.2/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-118/ACR-118_1.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-118/ACR-118_2.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-118/ACR-118_3.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-057/ACR-057_1.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-059/ACR-059_1.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-071/ACR-071_1.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-155/ACR-155_1.JPG"],"nonDeceptorImageFiles":["220526/3gpmediaplayer-220526/1.0.2/Images/ACR-106/ACR-106.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-092/ACR-092_1.JPG","220526/3gpmediaplayer-220526/1.0.2/Images/ACR-092/ACR-092_2.JPG"],"guid":"2a8607f5-a95d-476b-a0dc-131d69896150_1.0.2_1","appID":"3gpmediaplayer-220526","dateAdded":"220526","deceptorType":"App","name":"3GP Media Player","company":"vsevensoft.com","version":"1.0.2","lastKnownStatus":"1.0.2","lastKnownDate":"220526","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-27T04:44:07.6195254+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1434},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"AVIMediaPlayerSetup.exe (Installer)\" and \"AVI Media Player.exe (Main executable)\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AVI Media Player\\AVI Media Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"f364ca77d1e09305c269479f2078ed9e","hashSHA1":"64a2a809d286f867688213a899780407f8add2a7","hashSHA256":"448e0b7667e782dc716236aee7eabfbf4873984566d5eccca7391206f00936a7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1590","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AVIMediaPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"AVI Media Player                                            ","productVersion":"1.0.2                                             ","fileVersion":"1.0.2               ","hashMD5":"95ba2cd601f1c331c42b2f456cfd8bb6","hashSHA1":"48c235c26fa215787ed31dc45a0f25abddd90db5","hashSHA256":"dbee9cd545af993a851e1e60b12479724977bac26bf04573ab16bcd2b89ae214","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1590","avBlockList":["360 Total Security (20220531)","Avast Premium Security (20220531)","AVG Internet Security (20220531)","Avira Internet Security (20220531)","Bitdefender Internet Security (20220531)","COMODO Antivirus (20220531)","ESET Internet Security (20220531)","G DATA INTERNET SECURITY (20220531)","K7 Total Security (20220531)","Kaspersky Internet Security (20220531)","Malwarebytes Premium (20220531)","McAfee Total Protection (20220531)","Norton Security (20220531)","Panda Dome (20220531)","Quick Heal Internet Security (20220531)","Sophos Home Premium (20220531)","SpyHunter5 (20220531)","Total AV Antivirus Pro (20220531)","VIPRE Advanced Security (20220531)","VirIT eXplorer PRO (20220531)","Webroot SecureAnywhere (20220531)","Windows Defender (20220531)"],"avAllowList":["Dr.Web Security Space (20220531)","Tencent PC Manager (20220531)","Trend Micro Internet Security (20220531)"]}],"additionalFiles":[],"sources":[{"howFound":"Video Convert Tool - Uptodownload.com","reference":"","landingPage":"https://www.vsevensoft.com/","directDownloadingLink":"https://www.vsevensoft.com/downloads/AVIMediaPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/AVIMediaPlayerSetup.exe","sourceIndex":"1590"}],"sampleFiles":["220525/avimediaplayer-220520/1.0.2/Samples/AVIMediaPlayerSetup.exe"],"imageFiles":["220525/avimediaplayer-220520/1.0.2/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-118/ACR-118_1.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-118/ACR-118_2.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-118/ACR-118_3.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-057/ACR-057_1.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-059/ACR-059_Bundler-MadeOffers_No_Optional_Offer.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-071/ACR-071_1.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["220525/avimediaplayer-220520/1.0.2/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-092/ACR-092_Software_1.JPG","220525/avimediaplayer-220520/1.0.2/Images/ACR-092/ACR-092_Software_2.JPG"],"guid":"541e4ff0-0141-45a2-91c0-245a16f3c30d_1.0.2_1","appID":"avimediaplayer-220520","dateAdded":"220525","deceptorType":"App","name":"AVI Media Player","company":"vsevensoft.com","version":"1.0.2","lastKnownStatus":"1.0.2","lastKnownDate":"220525","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-25T21:32:56.9586804+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1435},{"violations":{"ACR-048":"1. The app didn't provide control to remove its background process & its own startup item within the app's setting. \n2. When the app is minimized it hides itself in systray instead of taskbar without the user's knowledge.\n3. The app runs silently in the background using a different icon from the installation.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"1. On quitting the app, one of the processes runs in the background, hiding its presence from the consumer.\n2. The app creates a startup entry without the consumer's knowledge and consent. \n","ACR-014":"The app misleads by displaying the status as \"Unprotected' in the software without substantiated facts. \n","ACR-155":"The GlobalHop SDK is included in the application installation by default without explicitly disclosing its usage and impacts to user's system in separate prompt. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Family Friendly DNS\\DNSservice.exe","companyName":"","productName":"DNSservice","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4e758b04cafdcdcd07cd6c88b488cc5d","hashSHA1":"f41168c7dd7d27162d9c7692f1787be616edbd09","hashSHA256":"ad0832535fc9b9ba51d22e3b8933b26d0033edf24c9c7e5bd00f1421d92bb83f","digitalCertThumbprint":"CFEB87A65844EE099CF460B5B46994D94D64FA70","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Globalhop Ltd","storeId":"","sourceIndex":"1448","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Family Friendly DNS\\Family Friendly DNS.exe","companyName":"","productName":"Family Friendly DNS","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"899a8da2cdc9e74cc142e9e0ff33cf1d","hashSHA1":"b5dcb7007427243f70a9ceda7dc87ea105889c7b","hashSHA256":"2982a60b1d202f0bc40d1a604aa34b1164b1f2551acfdb9c840ba9286a62ce11","digitalCertThumbprint":"CFEB87A65844EE099CF460B5B46994D94D64FA70","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Globalhop Ltd","storeId":"","sourceIndex":"1448","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ffdns_setup.exe","isInstaller":"True","companyName":"Family Friendly DNS","productName":"Family Friendly DNS","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"ae14579b37f12456a02e293ea0ab78a0","hashSHA1":"cf72190ffe231df2a796250b4a8111dfa4a9f4b6","hashSHA256":"4692b6c89e6708d7f68f26a8c222459607750d1d1e9776aea0592f172e3ae40d","digitalCertThumbprint":"CFEB87A65844EE099CF460B5B46994D94D64FA70","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Globalhop Ltd","storeId":"","sourceIndex":"1448","avBlockList":["Avast Premium Security (20220602)","AVG Internet Security (20220602)","Avira Internet Security (20220602)","ESET Internet Security (20220602)","K7 Total Security (20220602)","Kaspersky Internet Security (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Panda Dome (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","VirIT eXplorer PRO (20220602)","Webroot SecureAnywhere (20220602)","Windows Defender (20220602)"],"avAllowList":["360 Total Security (20220602)","Bitdefender Internet Security (20220602)","COMODO Antivirus (20220602)","Dr.Web Security Space (20220602)","G DATA INTERNET SECURITY (20220602)","Malwarebytes Premium (20220602)","Quick Heal Internet Security (20220602)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20220602)","VIPRE Advanced Security (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Globalhop SDK","reference":"","landingPage":"https://www.softpedia.com/get/Internet/Secure-Browsing-VPN/Family-Friendly-DNS.shtml#download","ipv4":"","ipv6":"","sourceIndex":"1448"}],"sampleFiles":["220525/FFDNS-220524/1.0.0.0/Samples/ffdns_setup.exe"],"imageFiles":["220525/FFDNS-220524/1.0.0.0/Images/ACR-007/ACR-007_Install.JPG","220525/FFDNS-220524/1.0.0.0/Images/ACR-084/ACR-084_Software.JPG","220525/FFDNS-220524/1.0.0.0/Images/ACR-084/ACR-084_Software_1.JPG","220525/FFDNS-220524/1.0.0.0/Images/ACR-048/ACR-048_Software.JPG","220525/FFDNS-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_1.JPG","220525/FFDNS-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_2.mp4","220525/FFDNS-220524/1.0.0.0/Images/ACR-048/ACR-048_Software_3.JPG","220525/FFDNS-220524/1.0.0.0/Images/ACR-014/ACR-014_Software.JPG","220525/FFDNS-220524/1.0.0.0/Images/ACR-155/ACR-155_InbundleOffers.JPG"],"nonDeceptorImageFiles":[],"guid":"5e26a55a-316e-4204-8f46-b648d592c550_1.0.0.0_1","appID":"FFDNS-220524","dateAdded":"220525","deceptorType":"App","name":"FFDNS","company":"Globalhop Ltd","version":"1.0.0.0","firstVendorContactDate":"220825","firstAppEsteemReplyDate":"220825","firstResolvedDate":"220825","resolved":"TRUE","lastKnownStatus":"1.0.0.0","lastKnownDate":"220525","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-08-25T18:09:54.1509652+00:00","notDistributed":true,"familyName":"Globalhop","numInFamily":17,"numInAppID":1,"sortOrder":264},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"User is forced to \"accept\" RelevantKnowledge to continue the installation. The \"Decline\" option is fake. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"M4APlayerSetup.exe (Installer)\" and \"M4A Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\M4A Player\\M4A Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"bfd95c84e27a126833a74f215d39f927","hashSHA1":"2371b1738a60eb077080a541f5c876888c4775be","hashSHA256":"f75aa38d5583493f77c118286cc5edd0017047da7a80f1bb9816b4de0489f4fd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1591","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"M4APlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"M4A Player                                                  ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"b0c616aca83b8ed346b9844c31c56d22","hashSHA1":"f34a3e4899da690c600e133c3c00c454e196bf98","hashSHA256":"241c96dfe0f8b453f7eb742d11893cfcce080bdb5ab37d80da46ce12be71064d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1591","avBlockList":["360 Total Security (20220602)","Avast Premium Security (20220602)","AVG Internet Security (20220602)","Avira Internet Security (20220602)","Bitdefender Internet Security (20220602)","Dr.Web Security Space (20220602)","ESET Internet Security (20220602)","G DATA INTERNET SECURITY (20220602)","K7 Total Security (20220602)","Kaspersky Internet Security (20220602)","Malwarebytes Premium (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Panda Dome (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","Trend Micro Internet Security (20220602)","VIPRE Advanced Security (20220602)","VirIT eXplorer PRO (20220602)","Webroot SecureAnywhere (20220602)","Windows Defender (20220602)"],"avAllowList":["Quick Heal Internet Security (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"Relevant knowledge related apps","reference":"","landingPage":"https://www.vsevensoft.com/m4a-player.html","directDownloadingLink":"https://www.vsevensoft.com/downloads/M4APlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/M4APlayerSetup.exe","sourceIndex":"1591"}],"sampleFiles":["220524/m4aplayer-220524/1.0.1/Samples/M4APlayerSetup.exe"],"imageFiles":["220524/m4aplayer-220524/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-010/ACR-010.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-118/ACR-118_1.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-118/ACR-118_2.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-118/ACR-118_3.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-057/ACR-057.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-059/ACR-059.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-071/ACR-071.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-155/ACR-155.JPG"],"nonDeceptorImageFiles":["220524/m4aplayer-220524/1.0.1/Images/ACR-106/ACR-106.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-092/ACR-092_1.JPG","220524/m4aplayer-220524/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"0684aa79-a766-467a-aa17-575335fde8ae_1.0.1_1","appID":"m4aplayer-220524","dateAdded":"220524","deceptorType":"App","name":"M4A Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"220524","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-24T17:16:50.9296025+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1436},{"violations":{"ACR-003":"The App uses the word \"problem\" in the scanned registry results.\nThe App displays exaggerated alerts and fake virus warning in system tray to trick the consumer into taking action and clicking the recommended ad/program.\n","ACR-009":"The App displays exaggerated alerts and fake virus warning in system tray to trick the consumer into taking action and clicking the recommended ad/program.\n","ACR-110":"The Apps homepage is replaced to promote its own sponsored contents or ads throughout the web sessions.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n"},"samples":[{"isRevoked":"False","fileName":"WDCRun.exe","fileVersion":"0.0","hashMD5":"a2832d0564ff0c1f16b5ce398229c8ad","hashSHA1":"b648dd89ed8cbc0db6d8c344ceb3c24e6f0fbc93","hashSHA256":"a78deac62bde7ad0c5f0fa5e522206177be998b50a2ad66d6d2e33d58df2a485","sourceIndex":"312","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WDCSetup.exe","isInstaller":"True","companyName":"EasyPCTool                                                  ","fileVersion":"0.0","hashMD5":"13f2d3c41c750c1611b806044b15851a","hashSHA1":"e0cb0c811a0c78b1517f5183d50beef0444e691e","hashSHA256":"36d0847816d85535a44ab5601fbea662d03e1d293e49ce8727fe7a70c84602f1","sourceIndex":"312","avBlockList":["Avast Premium Security (20220602)","AVG Internet Security (20220602)","Avira Internet Security (20220602)","Bitdefender Internet Security (20220602)","ESET Internet Security (20220602)","G DATA INTERNET SECURITY (20220602)","K7 Total Security (20220602)","Kaspersky Internet Security (20220602)","McAfee Total Protection (20220602)","Norton Security (20220602)","Panda Dome (20220602)","Quick Heal Internet Security (20220602)","Sophos Home Premium (20220602)","SpyHunter5 (20220602)","Total AV Antivirus Pro (20220602)","VIPRE Advanced Security (20220602)","VirIT eXplorer PRO (20220602)","Windows Defender (20220602)"],"avAllowList":["360 Total Security (20220602)","COMODO Antivirus (20220602)","Dr.Web Security Space (20220602)","Malwarebytes Premium (20220602)","Tencent PC Manager (20220602)","Trend Micro Internet Security (20220602)","Webroot SecureAnywhere (20220602)"]}],"additionalFiles":[],"sources":[{"howFound":"website easypccleaner.com is used by QuickPCPro, this leads to search for Easy PC Cleaner","reference":"QuickPCPro","landingPage":"https://www.softpedia.com/get/Tweak/System-Tweak/EasyPC-Cleaner-Free.shtml","directDownloadingLink":"https://www.softpedia.com/dyn-postdownload.php/5bcb6bd00a228c068fe1f2bdc3a65d83/628c46d5/32ce4/4/1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softpedia.com/dyn-postdownload.php/5bcb6bd00a228c068fe1f2bdc3a65d83/628c46d5/32ce4/4/1","sourceIndex":"312"}],"sampleFiles":["220524/EasyPCCleaner-220524/1.6.0.601/Samples/WDCRun.exe","220524/EasyPCCleaner-220524/1.6.0.601/Samples/WDCSetup.exe"],"imageFiles":["220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-009/FakeAlert1.jpg","220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-009/FakeAlert2.jpg","220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-009/FakeAlert3.jpg","220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-110/EasyPCCleaner_homepage_redirection.gif","220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-110/Redirections.jpg","220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-003/FakeAlert1.jpg","220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-003/FakeAlert2.jpg","220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-003/FakeAlert3.jpg","220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-003/ACR-003_RegistryProblems.jpg"],"nonDeceptorImageFiles":["220524/EasyPCCleaner-220524/1.6.0.601/Images/ACR-038/ACR-038_mainexecutable.jpg"],"guid":"d55771a9-b8d4-4640-8259-f5ba5dea9c14_1.6.0.601_1","appID":"EasyPCCleaner-220524","dateAdded":"220524","deceptorType":"App","name":"Easy PC Cleaner","company":"EasyPCTool","version":"1.6.0.601","lastKnownStatus":"1.6.0.601","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2024-11-27T23:43:05.1871903+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1437},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"DVDPlayerSetup.exe (Installer)\" and \"DVD Player.exe (Main executable)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DVD Player\\DVD Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"b514f9e0637c39472cbb631c64864278","hashSHA1":"d0198557df753bb68f65e01cff2e2901720fccfb","hashSHA256":"fffb3a38a51c7daef72665a565974be08fe8bda2ce700a34776563e8269badc7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1592","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DVDPlayerSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"DVD Player                                                  ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"7779c6ea8e38cb7ae2f966b9011b2839","hashSHA1":"3e73a0915b49e48e2ab3ef456bb0314217c26979","hashSHA256":"daff42e01cb0f38edea392b228befe7418fa6c5a117f2b1e91b11d9c18c26a08","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1592","avBlockList":["360 Total Security (20220526)","Avast Premium Security (20220526)","AVG Internet Security (20220526)","Avira Internet Security (20220526)","Bitdefender Internet Security (20220526)","COMODO Antivirus (20220526)","ESET Internet Security (20220526)","G DATA INTERNET SECURITY (20220526)","K7 Total Security (20220526)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20220526)","McAfee Total Protection (20220526)","Norton Security (20220526)","Panda Dome (20220526)","Quick Heal Internet Security (20220526)","Sophos Home Premium (20220526)","SpyHunter5 (20220526)","Total AV Antivirus Pro (20220526)","VIPRE Advanced Security (20220526)","VirIT eXplorer PRO (20220526)","Webroot SecureAnywhere (20220526)","Windows Defender (20220526)"],"avAllowList":["Dr.Web Security Space (20220526)","Tencent PC Manager (20220526)","Trend Micro Internet Security (20220526)"]}],"additionalFiles":[],"sources":[{"howFound":"Video Convert Tool - Uptodownload.com","reference":"","landingPage":"https://www.vsevensoft.com/","directDownloadingLink":"https://www.vsevensoft.com/downloads/DVDPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/DVDPlayerSetup.exe","sourceIndex":"1592"}],"sampleFiles":["220523/DVDPlayer-220520/1.0.1/Samples/DVDPlayerSetup.exe"],"imageFiles":["220523/DVDPlayer-220520/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-118/ACR-118_1.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-118/ACR-118_2.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-118/ACR-118_3.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-057/ACR-057_1.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-059/ACR-059_Bundler-MadeOffers_No_Optional_Offer.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-071/ACR-071_1.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["220523/DVDPlayer-220520/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-092/ACR-092_1.JPG","220523/DVDPlayer-220520/1.0.1/Images/ACR-092/ACR-092_2.JPG"],"guid":"409a1400-5f6c-4f5e-a801-89ffdb1c2a68_1.0.1_1","appID":"DVDPlayer-220520","dateAdded":"220523","deceptorType":"App","name":"DVD Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"220523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-24T05:01:11.6145148+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1438},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent. \n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”. \n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user. \n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer. \n","ACR-155":" Offers are designed to look like part of the install workflow. \n\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app does not have a digital signature for the following components: \"AACPlayerSetup.exe (Installer)\" and \"AAC Player.exe (Main executable)\" \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\AAC Player\\AAC Player.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"e979f6d9c6fc9bad6b1aec32a1a7c9c6","hashSHA1":"46d07c221392f75e57d2622f7062789aa05bf45c","hashSHA256":"1ca99a482bd8fbb65b721aae8257e3a2d1dfd18f2a31125be83eea67293626a6","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1593","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AACPlayerSetup.exe","isInstaller":"True","companyName":"vsevensoft.com                                              ","productName":"AAC Player                                                  ","productVersion":"1.0.1                                             ","fileVersion":"1.0.1               ","hashMD5":"1090b3e81be092e4b1a5476415e2a73e","hashSHA1":"5db7af43f0393e20e6f7d43ab11f122479c987cc","hashSHA256":"0ce2fc0a665acd0ca42f5f686870f29f75b3d2eb9c064fc7deab78d1c6efdbe3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1593","avBlockList":["360 Total Security (20220526)","Avast Premium Security (20220526)","AVG Internet Security (20220526)","Avira Internet Security (20220526)","Bitdefender Internet Security (20220526)","ESET Internet Security (20220526)","G DATA INTERNET SECURITY (20220526)","K7 Total Security (20220526)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20220526)","McAfee Total Protection (20220526)","Norton Security (20220526)","Panda Dome (20220526)","Quick Heal Internet Security (20220526)","Sophos Home Premium (20220526)","SpyHunter5 (20220526)","Total AV Antivirus Pro (20220526)","VIPRE Advanced Security (20220526)","VirIT eXplorer PRO (20220526)","Webroot SecureAnywhere (20220526)","Windows Defender (20220526)"],"avAllowList":["COMODO Antivirus (20220526)","Dr.Web Security Space (20220526)","Tencent PC Manager (20220526)","Trend Micro Internet Security (20220526)"]}],"additionalFiles":[],"sources":[{"howFound":"Video Convert Tool - Uptodownload.com","reference":"","landingPage":"https://www.vsevensoft.com/","directDownloadingLink":"https://www.vsevensoft.com/downloads/AACPlayerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/AACPlayerSetup.exe","sourceIndex":"1593"}],"sampleFiles":["220523/AACPlayerSetup-220520/1.0.1/Samples/AACPlayerSetup.exe"],"imageFiles":["220523/AACPlayerSetup-220520/1.0.1/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-118/ACR-118_Uninstall.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-118/ACR-118_Uninstall_1.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-118/ACR-118_Uninstall_2.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-057/ACR-057_Bundler-MadeOffers.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-059/ACR-059_Bundler-MadeOffers.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-071/ACR-071_Bundler-MadeOffers.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-155/ACR-155_Bundler-MadeOffers.JPG"],"nonDeceptorImageFiles":["220523/AACPlayerSetup-220520/1.0.1/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-092/ACR-092_Software.JPG","220523/AACPlayerSetup-220520/1.0.1/Images/ACR-092/ACR-092_Software_1.JPG"],"guid":"5452a4b3-b5e9-4832-850f-982ab33c66b6_1.0.1_1","appID":"AACPlayerSetup-220520","dateAdded":"220523","deceptorType":"App","name":"AAC Player","company":"vsevensoft.com","version":"1.0.1","lastKnownStatus":"1.0.1","lastKnownDate":"220523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-24T04:59:05.5822333+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1439},{"violations":{"ACR-055":"Accept and decline for the offer must be obvious. Unchecking the checkbox for \"install Fast Browser Cleaner\" is not a straightforward option for decline.\n","ACR-059":"The app was not clearly marked as an optional or additional offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's inline offer has no link to the Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Shopnoffer\" which is not disclosed in the app's offer.\n","ACR-120":"The application prompts during uninstall stating that consumer can get a free 15 days registration key for Fast Video Downloader.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"fastvd_bcvd.exe","isInstaller":"True","companyName":"FastPCTools                                                 ","productName":"Fast VD","productVersion":"3.1.0.5","fileVersion":"3.1.0.5","hashMD5":"ba1e83673e7818a662c48f9c19e43529","hashSHA1":"54ae18329d9ded83e808a1c0b0fc8deaf3f48abe","hashSHA256":"b9a62a86cae4f229436eb906070c115d0691748054fe27fc173d021203e8811f","digitalCertThumbprint":"959812B3EFA7C82BC52A04E598C6493089664BC5","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Shopnoffer, O=Shopnoffer, STREET=\"Ganesham Apartment,\", STREET=\"128, G1,  Gulabi Nagar, Sodala\", L=Jaipur, S=Rajasthan, PostalCode=302006, C=IN","sourceIndex":"2939","avBlockList":["Avast Internet Security (20190408)","AVG Internet Security (20190408)","Avira Internet Security (20190408)","ESET Internet Security (20190408)","G DATA INTERNET SECURITY (20190408)","K7 Total Security (20190408)","Kaspersky Internet Security (20190408)","Malwarebytes Premium (20190408)","McAfee Total Protection (20190408)","Norton Security (20190408)","Panda Dome (20190408)","Sophos Home Premium (20190408)","Trend Micro Internet Security (20190408)","VirIT eXplorer PRO (20190408)","Webroot SecureAnywhere (20190408)","Windows Defender (20190408)","360 Total Security (20190408)","Quick Heal Internet Security (20190408)"],"avAllowList":["Bitdefender Internet Security (20190408)","COMODO Antivirus (20190408)","Dr.Web Security Space (20190408)","F-PROT Antivirus for Windows (20190408)","SpyHunter5 (20190408)","Tencent PC Manager (20190408)","VIPRE Advanced Security (20190408)"]},{"isRevoked":"False","fileName":"FastVD.exe","companyName":"FastPcTools","productName":"Fast VD","productVersion":"3.1.0.5","fileVersion":"3.1.0.5","hashMD5":"86fe8a4fc465b39a0f8d1b67627b1021","hashSHA1":"5533620e45323e553562efdae0edd66fa67e2687","hashSHA256":"f8002a133263d0e97142aae9f1c5fbc8af6a6bd983d8679f6c4fa19b9d17154f","digitalCertThumbprint":"959812B3EFA7C82BC52A04E598C6493089664BC5","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Shopnoffer, O=Shopnoffer, STREET=\"Ganesham Apartment,\", STREET=\"128, G1,  Gulabi Nagar, Sodala\", L=Jaipur, S=Rajasthan, PostalCode=302006, C=IN","sourceIndex":"2939","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://fastpctools.com/fvd/","directDownloadingLink":"https://d3v9qubugpbr52.cloudfront.net/fastvd_bcvd.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3v9qubugpbr52.cloudfront.net/fastvd_bcvd.exe","sourceIndex":"2939"}],"sampleFiles":["190114/FastVideoDownloader-180713/3.1.0.5/Samples/fastvd_bcvd.exe","190114/FastVideoDownloader-180713/3.1.0.5/Samples/FastVD.exe"],"imageFiles":["190114/FastVideoDownloader-180713/3.1.0.5/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","190114/FastVideoDownloader-180713/3.1.0.5/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["190114/FastVideoDownloader-180713/3.1.0.5/Images/ACR-065/ACR_065_INSTALL.PNG","190114/FastVideoDownloader-180713/3.1.0.5/Images/ACR-065/ACR_065_SOFTWARE.PNG","190114/FastVideoDownloader-180713/3.1.0.5/Images/ACR-065/ACR_065_INLINE_OFFER.PNG","190114/FastVideoDownloader-180713/3.1.0.5/Images/ACR-092/ACR_092_SOFTWARE.PNG","190114/FastVideoDownloader-180713/3.1.0.5/Images/ACR-120/ACR_120_UNINSTALL.PNG","190114/FastVideoDownloader-180713/3.1.0.5/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"70fc6dd7-5171-4197-8a79-9287104c218a_3.1.0.5_1","appID":"FastVideoDownloader-180713","dateAdded":"220519","deceptorType":"App","name":"Fast Video Downloader","company":"FastPCTools","version":"3.1.0.5","sigName":"Deceptor:Win32/FastVideoDownloader!055059","firstVendorContactDate":"220526","firstAppEsteemReplyDate":"220526","firstResolvedDate":"220527","firstResolvedVersion":"4.0.0.37","resolved":"TRUE","lastKnownStatus":"Deceptor:3.1.0.5,3.1.0.19;4.0.0.33","lastKnownDate":"220519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2022-05-27T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1442},{"violations":{"ACR-055":"Accept and decline for the offer must be obvious. Unchecking the checkbox for \"install Fast Browser Cleaner\" is not a straightforward option for decline.\n","ACR-059":"The app was not clearly marked as an optional or additional offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's inline offer has no link to the Returns and Cancellation Policy, Privacy Policy.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"fastvd_bcvd.exe","isInstaller":"True","companyName":"FastPCTools                                                 ","fileVersion":"3.1","hashMD5":"90ec29fba5980907d06ea6396855e43e","hashSHA1":"b5e3ca7249b4297254f1950cca74f8da70a6d49d","hashSHA256":"989c2920e76bd0bb784989e5685c3f26fb468b706942630c41c8b2945ac0be7c","digitalCertThumbprint":"64975033AB1319FFB9ABAFA6A29057BA0E7D42C5","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=FastPCTools, O=FastPCTools, STREET=83 Suryanagar Gopalpura Bypass, L=Jaipur, S=Rajasthan, PostalCode=302015, C=IN","sourceIndex":"2940","avBlockList":["AVG Internet Security (20220524)","Avira Internet Security (20220524)","ESET Internet Security (20220524)","K7 Total Security (20220524)","Malwarebytes Premium (20220524)","McAfee Total Protection (20220524)","Norton Security (20220524)","Panda Dome (20220524)","Sophos Home Premium (20220524)","VirIT eXplorer PRO (20220524)","Webroot SecureAnywhere (20220524)","Windows Defender (20220524)","Kaspersky Internet Security (20220524)","Dr.Web Security Space (20220524)","SpyHunter5 (20220524)","Tencent PC Manager (20220524)","Avast Premium Security (20220524)","Total AV Antivirus Pro (20220524)"],"avAllowList":["Avast Internet Security (20190408)","Bitdefender Internet Security (20220524)","G DATA INTERNET SECURITY (20220524)","Trend Micro Internet Security (20220524)","360 Total Security (20220524)","COMODO Antivirus (20220524)","F-PROT Antivirus for Windows (20190408)","Quick Heal Internet Security (20220524)","VIPRE Advanced Security (20220524)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://fastpctools.com/fvd/","directDownloadingLink":"https://d3v9qubugpbr52.cloudfront.net/fastvd_bcvd.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3v9qubugpbr52.cloudfront.net/fastvd_bcvd.exe","sourceIndex":"2940"}],"sampleFiles":["190114/FastVideoDownloader-180713/3.1.0.19/Samples/fastvd_bcvd.exe"],"imageFiles":["190114/FastVideoDownloader-180713/3.1.0.19/Images/ACR-055/Capture1.PNG","190114/FastVideoDownloader-180713/3.1.0.19/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["190114/FastVideoDownloader-180713/3.1.0.19/Images/ACR-065/ACR_065_INSTALL.PNG","190114/FastVideoDownloader-180713/3.1.0.19/Images/ACR-065/Capture2.png","190114/FastVideoDownloader-180713/3.1.0.19/Images/ACR-065/Capture3.png","190114/FastVideoDownloader-180713/3.1.0.19/Images/ACR-065/Capture1.PNG","190114/FastVideoDownloader-180713/3.1.0.19/Images/ACR-167/Capture6.png","190114/FastVideoDownloader-180713/3.1.0.19/Images/ACR-167/Capture7.png"],"guid":"70fc6dd7-5171-4197-8a79-9287104c218a_3.1.0.19_1","appID":"FastVideoDownloader-180713","dateAdded":"220519","deceptorType":"App","name":"Fast Video Downloader","company":"FastPCTools","version":"3.1.0.19","sigName":"Deceptor:Win32/FastVideoDownloader!055059","firstVendorContactDate":"220526","firstAppEsteemReplyDate":"220526","firstResolvedDate":"220527","firstResolvedVersion":"4.0.0.37","resolved":"TRUE","lastKnownStatus":"Deceptor:3.1.0.5,3.1.0.19;4.0.0.33","lastKnownDate":"220519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2022-05-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1443},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\nThe app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed in a Hidden folder as “KSSIA” in Program Files Directory.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-002":"The App shows different names as \"setup.exe\" in the running service/apps section.\n","ACR-092":"The app does not provide Digital signature for the installer and main executable.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ks.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"bda5885e65b5ee060b25fed8ec15350d","hashSHA1":"4abfd7c609a2bd5dcf19d2fc907eb7a70c44f66b","hashSHA256":"1c04e098e903c7f805e2c59f21c06b3b830cdf5797340e4f327345d658917e19","sourceIndex":"1599","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","Dr.Web Security Space (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)","Windows Defender (20210601)"],"avAllowList":["COMODO Antivirus (20210601)","Trend Micro Internet Security (20210601)"]},{"isRevoked":"False","fileName":"ks.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8ded9f163a4f34fa965a77d7e1889307ca2906b33201accfe7fa018922342ff2","sourceIndex":"1599","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","Dr.Web Security Space (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)","Windows Defender (20210601)"],"avAllowList":["COMODO Antivirus (20210601)","Trend Micro Internet Security (20210601)"]},{"isRevoked":"False","fileName":"Setup.exe","fileVersion":"9.55","hashMD5":"a6939439086d1fc7d9a8f75e9efa576d","hashSHA1":"2db0533b3f7b1183197c9abfbdb6118b6b029e56","hashSHA256":"37975b408a546db3a5dba9ea8f57dc7d75f23a3f20f816934f897e76e5c504d9","sourceIndex":"1599","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ks[2]_.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"184659f6b2eecfd821267cc7eeadc45e","hashSHA1":"bc63f88609995de7c6e4cb0b186a3f4b9f1e5a13","hashSHA256":"3e17fa19a2c6aa2ae8000ecac33d0a92e1ce86200ff50dd6c41ab4472f417afd","sourceIndex":"1599","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)"],"avAllowList":["COMODO Antivirus (20210601)","Dr.Web Security Space (20210601)","Trend Micro Internet Security (20210601)","Windows Defender (20210601)"]},{"isRevoked":"False","fileName":"Setup[2].exe","fileVersion":"9.55","hashMD5":"1effffc28faf2d8cf6c9aa83898041e5","hashSHA1":"a3620646f9dad4b5f1e57f03fd0c4660b35426f1","hashSHA256":"5e28e86a959ebaa8877697ecc865c679652d9139fcd594862307d88746e831ec","sourceIndex":"1599","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ks[3].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3fd0cb6356c46b3b2ed9307528bb601d","hashSHA1":"7c9a33f8bd3b74e636de185208260a3f8a112ebe","hashSHA256":"efd9b0b61fad845aef964551ec8c182494e330d82bf20c190a7eca2673af8568","sourceIndex":"1599","avBlockList":["360 Total Security (20220524)","Avast Premium Security (20220524)","AVG Internet Security (20220524)","Avira Internet Security (20220524)","Bitdefender Internet Security (20220524)","Dr.Web Security Space (20220524)","ESET Internet Security (20220524)","G DATA INTERNET SECURITY (20220524)","K7 Total Security (20220524)","Kaspersky Internet Security (20220524)","McAfee Total Protection (20220524)","Norton Security (20220524)","Panda Dome (20220524)","Quick Heal Internet Security (20220524)","Sophos Home Premium (20220524)","SpyHunter5 (20220524)","Tencent PC Manager (20220524)","Total AV Antivirus Pro (20220524)","Trend Micro Internet Security (20220524)","VIPRE Advanced Security (20220524)","VirIT eXplorer PRO (20220524)","Windows Defender (20220524)"],"avAllowList":["COMODO Antivirus (20220524)","Malwarebytes Premium (20220524)","Webroot SecureAnywhere (20220524)"]},{"isRevoked":"False","fileName":"Setup[3].exe","fileVersion":"9.55","hashMD5":"a621f76d840fd7262011c31ba03a5b4d","hashSHA1":"5889ab8ea34ff6a0ddc58f3f0007cf8c942da635","hashSHA256":"2a94d6c944f9f21068922d247f9b60a3915d3356e766c7b2e3502d127e34fd5f","sourceIndex":"1599","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ks [4].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"887f6028b7c325f6ca62a52776970b14","hashSHA1":"9749b3c5856896313c712d8bf8674c94c73f2319","hashSHA256":"52e2240949d3af6f79bd92d15a09d2573f1c20acd969d85e061fab53cf0dd961","sourceIndex":"1599","avBlockList":["360 Total Security (20220526)","Avast Premium Security (20220526)","AVG Internet Security (20220526)","Avira Internet Security (20220526)","Bitdefender Internet Security (20220526)","COMODO Antivirus (20220526)","ESET Internet Security (20220526)","G DATA INTERNET SECURITY (20220526)","K7 Total Security (20220526)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20220526)","McAfee Total Protection (20220526)","Norton Security (20220526)","Panda Dome (20220526)","Quick Heal Internet Security (20220526)","Sophos Home Premium (20220526)","SpyHunter5 (20220526)","Total AV Antivirus Pro (20220526)","Trend Micro Internet Security (20220526)","VIPRE Advanced Security (20220526)","VirIT eXplorer PRO (20220526)","Webroot SecureAnywhere (20220526)","Windows Defender (20220526)"],"avAllowList":["Dr.Web Security Space (20220526)","Tencent PC Manager (20220526)"]},{"isRevoked":"False","fileName":"Setup [4].exe","fileVersion":"9.55","hashMD5":"95709c49a609a0a0b87a808c95933097","hashSHA1":"1709372c016067487967f115fced6f30a2b8c80a","hashSHA256":"798847c44cba2f0ecfd475f1a76f36f0841ceb840190aba5fea8f36ecce6b76b","sourceIndex":"1599","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://ematrixsoft.com/index.php","landingPage":"https://ematrixsoft.com/buy.php?p=keylogger-spy-monitor-software","directDownloadingLink":"http://4.5.ematrixsoft.com/1/ks.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://4.5.ematrixsoft.com/1/ks.zip","sourceIndex":"1599"}],"sampleFiles":["220519/KeyloggerSpyMonitor-201113/9.55/Samples/ks.exe","220519/KeyloggerSpyMonitor-201113/9.55/Samples/ks.zip","220519/KeyloggerSpyMonitor-201113/9.55/Samples/Setup.exe","220519/KeyloggerSpyMonitor-201113/9.55/Samples/ks[2]_.exe","220519/KeyloggerSpyMonitor-201113/9.55/Samples/Setup[2].exe","220519/KeyloggerSpyMonitor-201113/9.55/Samples/ks[3].exe","220519/KeyloggerSpyMonitor-201113/9.55/Samples/Setup[3].exe","220519/KeyloggerSpyMonitor-201113/9.55/Samples/ks [4].exe","220519/KeyloggerSpyMonitor-201113/9.55/Samples/Setup [4].exe"],"imageFiles":["220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-084/Keylogger Spy Monitor_Install [6].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-084/Keylogger Spy Monitor_Interactions [6] HotKey.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-086/Keylogger Spy Monitor_Interactions [6] HotKey.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-086/Keylogger Spy Monitor_Interactions [2] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-086/Keylogger Spy Monitor_Interactions [3] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-086/Keylogger Spy Monitor_Interactions [4] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-086/Keylogger Spy Monitor_Interactions [5] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-048/Keylogger Spy Monitor_Interactions [2] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-048/Keylogger Spy Monitor_Install [6].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-048/Keylogger Spy Monitor_Interactions [6] HotKey.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-007/Keylogger Spy Monitor_Install [6].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-007/Keylogger Spy Monitor_Interactions [6] HotKey.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-116/Keylogger Spy Monitor_ControlPanel [1].png"],"nonDeceptorImageFiles":["220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-038/Keylogger Spy Monitor_FileProperty [2].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-038/Keylogger Spy Monitor_FileProperty [1].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-040/Keylogger Spy Monitor_HiddenDirectory [1].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_Install [1].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_Install [2].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_Install [3].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-092/Keylogger Spy Monitor_FileProperty [3].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-092/Keylogger Spy Monitor_FileProperty [4].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_Interactions [1].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_Interactions [2] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_Interactions [3] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_Interactions [4] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_Interactions [5] Config.png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-002/Keylogger Spy Monitor_RunningProcess [1].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_LandingPage [1].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_LandingPage [3].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-099/Keylogger Spy Monitor_LandingPage [1].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-099/Keylogger Spy Monitor_LandingPage [3].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-065/Keylogger Spy Monitor_OfferPage [1].png","220519/KeyloggerSpyMonitor-201113/9.55/Images/ACR-099/Keylogger Spy Monitor_OfferPage [1].png"],"guid":"3fe996d4-3365-4e4c-b5d8-559c60cb9056_9.55_1","appID":"KeyloggerSpyMonitor-201113","dateAdded":"220519","deceptorType":"App","name":"Keylogger Spy Monitor","company":"EMATRIXSOFT, Inc","version":"9.55","sigName":"Deceptor:Win32/KeyloggerSpyMonitorStalkerware!084086048007116","lastKnownStatus":"9.55","lastKnownDate":"220519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2022-05-19T20:52:38.5453676+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1440},{"violations":{"ACR-048":"The app does not provide any control to completely close the app and remove the task within the app's settings.\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n","ACR-055":"Accept and decline for the offer must be obvious. Unchecking the checkbox for \"install Fast screen recorder\" is not a straightforward option for the decline.\n","ACR-059":"The app was not clearly marked as an optional or additional offer.\n","ACR-155":"The offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\FastPCTools\\Fast VD\\FastVD.exe","companyName":"FastPCTools","productName":"Fast VD","productVersion":"4.0.0.33","fileVersion":"4.0.0.33","hashMD5":"eb3da0fbbb0659ee4897b63954d7fd44","hashSHA1":"a81c201f9bcc22d3369dd3cbc3f90d7d157d9514","hashSHA256":"a2f259b536091e0273c006a51dc7b18712816e8eab0494639e0d2e6210d2d2e0","digitalCertThumbprint":"8A090E04C4969DB98662558A809CB2398B69EFAC","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"FastPCTools","storeId":"","sourceIndex":"1587","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fastvd_fpt.exe","isInstaller":"True","companyName":"FastPCTools                                                 ","productName":"Fast VD                                                     ","productVersion":"4.0.0.33                                          ","fileVersion":"4.0.0.33            ","hashMD5":"79db5eca8c08af1a298650cbd2fd7516","hashSHA1":"8607d2a0e04c6f5743957fc3d63aa39cb0151b7c","hashSHA256":"47d7ccb56865e274b889812bebe8c821942016980d4ddacc487427b130e55abd","digitalCertThumbprint":"8A090E04C4969DB98662558A809CB2398B69EFAC","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"FastPCTools","storeId":"","sourceIndex":"1587","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Download Sites - Uptodownload.com","reference":"","landingPage":"http://fastpctools.com/fvd/","directDownloadingLink":"https://d3v9qubugpbr52.cloudfront.net/fastvd_bcvd.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3v9qubugpbr52.cloudfront.net/fastvd_bcvd.exe","sourceIndex":"1587"}],"sampleFiles":["220519/FastVideoDownloader-180713/4.0.0.33/Samples/fastvd_fpt.exe"],"imageFiles":["220519/FastVideoDownloader-180713/4.0.0.33/Images/ACR-055/ACR-055_In-bundleOffers.JPG","220519/FastVideoDownloader-180713/4.0.0.33/Images/ACR-048/ACR-048_Software.JPG","220519/FastVideoDownloader-180713/4.0.0.33/Images/ACR-048/ACR-048_Software_1.JPG","220519/FastVideoDownloader-180713/4.0.0.33/Images/ACR-048/ACR-048_Software_2.JPG","220519/FastVideoDownloader-180713/4.0.0.33/Images/ACR-084/ACR-084_Software.JPG","220519/FastVideoDownloader-180713/4.0.0.33/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220519/FastVideoDownloader-180713/4.0.0.33/Images/ACR-155/ACR-155_In-bundleOffers.JPG"],"nonDeceptorImageFiles":["220519/FastVideoDownloader-180713/4.0.0.33/Images/ACR-123/ACR-123_Uninstall.JPG"],"guid":"70fc6dd7-5171-4197-8a79-9287104c218a_4.0.0.33_1","appID":"FastVideoDownloader-180713","dateAdded":"220519","deceptorType":"App","name":"Fast Video Downloader","company":"FastPCTools","version":"4.0.0.33","firstVendorContactDate":"220526","firstAppEsteemReplyDate":"220526","firstResolvedDate":"220527","firstResolvedVersion":"4.0.0.37","resolved":"TRUE","lastKnownStatus":"Deceptor:3.1.0.5,3.1.0.19;4.0.0.33","lastKnownDate":"220519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2022-05-31T19:00:22.4118907+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1441},{"violations":{"ACR-003":"The app exaggerates \"System Security\" and \"Internet Optimizer\" as a Poor system impact problems with unsubstantiated, no details supported numbers, thereby misleading or scaring the consumer to take action\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"CosmosPro3.exe","isInstaller":"True","companyName":"Support.com","productName":"Support.com Cosmos","fileVersion":"3.0.1590.6","hashMD5":"a24bbcdf1bdcf43d4a790c2e44813261","hashSHA1":"203d2a48d8d480693abb0bc5e00622bdaabe6875","hashSHA256":"ba65fdee2a9b938ee86355d3d11e107f3d7a133a3c06b5cf906301b886df1759","digitalCertThumbprint":"8C1D529C934576CAA59571C1135BBEA14133659C","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Support.com, Inc.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Support.com, Inc.\", L=Redwood City, S=California, C=US","sourceIndex":"1600","avBlockList":["360 Total Security (20220526)","Avast Premium Security (20220526)","AVG Internet Security (20220526)","Avira Internet Security (20220526)","Bitdefender Internet Security (20220526)","Dr.Web Security Space (20220526)","ESET Internet Security (20220526)","K7 Total Security (20220526)","Malwarebytes Premium (20220526)","Norton Security (20220526)","Quick Heal Internet Security (20220526)","Sophos Home Premium (20220526)","SpyHunter5 (20220526)","Total AV Antivirus Pro (20220526)","VIPRE Advanced Security (20220526)","VirIT eXplorer PRO (20220526)","Webroot SecureAnywhere (20220526)"],"avAllowList":["COMODO Antivirus (20220526)","G DATA INTERNET SECURITY (20220526)","Kaspersky Internet Security (20220526)","McAfee Total Protection (20220526)","Panda Dome (20220526)","Tencent PC Manager (20220526)","Trend Micro Internet Security (20220526)","Windows Defender (20220526)"]},{"isRevoked":"False","fileName":"sdccont.exe","companyName":"Support.com, Inc.","productName":"System tools and utilities","fileVersion":"4.0.72.0","hashMD5":"2fe226dca392b0bbcd9ddf50f7715733","hashSHA1":"78b3943eba4efcc0e1cca81c7a98f486ce258e43","hashSHA256":"8c8cfda8bd6ac0ad51f74e0d908ba4f241760a10f2bc502ade0650fdd077c9ea","digitalCertThumbprint":"A05B372391F4DB00F4F45D4C6FBDE5D3B5097672","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Support.com, Inc.\", OU=Operations, O=\"Support.com, Inc.\", L=Sunnyvale, S=California, C=US, SERIALNUMBER=2828381, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Sunnyvale, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"1600","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://sammsoft.com/Products.aspx","directDownloadingLink":"http://go.sammsoft.com/?linkid=101195&referrer=SO-NoRefsamm_default","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://go.sammsoft.com/?linkid=101195&referrer=SO-NoRefsamm_default","sourceIndex":"1600"},{"howFound":"hunt.search","reference":"","landingPage":"http://www.softoware.org/apps/get-cosmos-system-care-professional-for-windows.html","directDownloadingLink":"http://www.softoware.org/get-cosmos-system-care-professional.html?ir=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.softoware.org/get-cosmos-system-care-professional.html?ir=1","sourceIndex":"1601"}],"sampleFiles":["220519/D-K7-CosmosSystemCare-171103/4.0.72.0/Samples/CosmosPro3.exe","220519/D-K7-CosmosSystemCare-171103/4.0.72.0/Samples/sdcCont.exe"],"imageFiles":["220519/D-K7-CosmosSystemCare-171103/4.0.72.0/Images/ACR-003/ACR003_FakeAlert_Unsubstantiated.jpg","220519/D-K7-CosmosSystemCare-171103/4.0.72.0/Images/ACR-003/ACR003_FakeAlert.jpg","220519/D-K7-CosmosSystemCare-171103/4.0.72.0/Images/ACR-168/CosmosSC_Ads_Support.jpg"],"nonDeceptorImageFiles":[],"guid":"8a62009b-1e52-4b0c-9545-c59e4dc8fa67_4.0.72.0_1","appID":"D-K7-CosmosSystemCare-171103","dateAdded":"220519","deceptorType":"App","name":"Cosmos System Care","company":"Support.com Inc.","version":"4.0.72.0","lastKnownStatus":"Deceptor:4.0.18.4;4.0.72.0","lastKnownDate":"220519","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid, call center","lastUpdate":"2022-05-19T20:02:41.6858505+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1444},{"violations":{"ACR-003":"App exaggerates free scan results with alarming colors and gauges the system health's status as Poor and meets high damage level compelling the user to take action. The App only fixes 15 errors for free and upsells the product to complete the fix for remaining errors.\n","ACR-004":"App exaggerates free scan results with alarming colors and gauges the system health's status as Poor and meets high damage level compelling the user to take action. The App only fixes 15 errors for free and upsells the product to complete the fix for remaining errors.\n","ACR-084":"Scheduled tasks are added to Windows Task Scheduler without user's knowledge to run when any users log on, run at specific time of the day and week.\n"},"nonDeceptorViolations":{"ACR-065":"App does not display links for Returns and Cancellation Policy and Privacy Policy. As of this writing,  link to EULA is inaccessible.\n"},"samples":[{"isRevoked":"False","fileName":"SuperEasyRC.exe","companyName":"SuperEasy Software","productName":"SuperEasy Registry Cleaner","fileVersion":"1.0.65.1949","hashMD5":"6358d27bfa2492bd4fa3f06d9e66c76e","hashSHA1":"dd4a1be0feee694649d0d092f2a79d67b91a5691","hashSHA256":"64a3bfbe2606b68874b5a4662e68f26c3c00eeb96f644e405ffee8d3fa92570c","digitalCertThumbprint":"59066C7FF43B1128A6A16825F4F561B1178C9BAE","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SuperEasy Software GmbH & Co. KG, OU=www.supereasy.de, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SuperEasy Software GmbH & Co. KG, L=Dortmund, S=Nordrhein-Westfalen, C=DE","sourceIndex":"313","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"supereasy-registry-cleaner-1-0-65-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-dk-fi-gr-kr-no-se-tr-win.exe","isInstaller":"True","companyName":"SuperEasy Software                                          ","productName":"SuperEasy Registry Cleaner        ","fileVersion":"6.21","hashMD5":"82e0787c4e514dd94e8b2abde21a20e1","hashSHA1":"b50e529db64e36a3e40b40c3b5cb81ab6b8a0c1a","hashSHA256":"3497fd8fd24df45c33110ee52139acef6db45743b2734b3e79e14a4cccc07826","digitalCertThumbprint":"75201A3B0B9E34D22DF2A74FAF6BB6756471EEB7","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SuperEasy Software GmbH & Co. KG, OU=www.supereasy.de, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SuperEasy Software GmbH & Co. KG, L=Dortmund, S=Nordrhein-Westfalen, C=DE","sourceIndex":"313","avBlockList":["Avira Internet Security (20220524)","Bitdefender Internet Security (20220524)","Dr.Web Security Space (20220524)","ESET Internet Security (20220524)","G DATA INTERNET SECURITY (20220524)","K7 Total Security (20220524)","Kaspersky Internet Security (20220524)","Malwarebytes Premium (20220524)","McAfee Total Protection (20220524)","Norton Security (20220524)","SpyHunter5 (20220524)","Total AV Antivirus Pro (20220524)","VIPRE Advanced Security (20220524)","VirIT eXplorer PRO (20220524)","Webroot SecureAnywhere (20220524)","Windows Defender (20220524)"],"avAllowList":["360 Total Security (20220524)","Avast Premium Security (20220524)","AVG Internet Security (20220524)","COMODO Antivirus (20220524)","Panda Dome (20220524)","Quick Heal Internet Security (20220524)","Sophos Home Premium (20220524)","Tencent PC Manager (20220524)","Trend Micro Internet Security (20220524)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: System Cleaner","reference":"","landingPage":"https://www.forwin11.com/app/download-supereasy-registry-cleaner.html","directDownloadingLink":"https://www.forwin11.com/download.php?app=download-supereasy-registry-cleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.forwin11.com/download.php?app=download-supereasy-registry-cleaner","sourceIndex":"313"}],"sampleFiles":["220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Samples/SuperEasyRC.exe","220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Samples/supereasy-registry-cleaner-1-0-65-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-dk-fi-gr-kr-no-se-tr-win.exe"],"imageFiles":["220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Images/ACR-003/ACR003_004_SE_AppInteraction.jpg","220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Images/ACR-003/ACR003_004_SE_AppInteraction-b.jpg","220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Images/ACR-003/ACR003_004_SE_AppInteraction-c.jpg","220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Images/ACR-004/ACR003_004_SE_AppInteraction - Copy.jpg","220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Images/ACR-004/ACR003_004_SE_AppInteraction-b - Copy.jpg","220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Images/ACR-004/ACR003_004_SE_AppInteraction-c - Copy.jpg","220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Images/ACR-084/SE_ScheduledTask.jpg"],"nonDeceptorImageFiles":["220513/SuperEasyRegistryCleaner-220513/1.0.65.1949/Images/ACR-065/ACR099_065_SE.gif"],"guid":"a80cbe81-7f11-4ce7-aa2d-af069cd768d1_1.0.65.1949_1","appID":"SuperEasyRegistryCleaner-220513","dateAdded":"220513","deceptorType":"App","name":"SuperEasy Registry Cleaner","company":"SuperEasy Software","version":"1.0.65.1949","lastKnownStatus":"1.0.65.1949","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-11-27T23:39:49.2435876+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1445},{"violations":{"ACR-010":"App eventually respawns after closing like a malicious program. It limits the user to use its features compelling the user to buy the Pro version.\n","ACR-084":"App eventually respawns after closing. A scheduled task is also added to Windows Task Scheduler without user's knowledge. The scheduled task notifies the user that the App has discovered a missing component which when clicked prompts the user to buy the Pro version.\n","ACR-116":"App keeps respawning, preventing the program to be deleted.\n","ACR-117":"App keeps respawning, preventing the program to be deleted.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to Privacy Policy or Returns and Cancellation Policy.\n","ACR-161":"App’s landing page has testimonials that have links connecting to Win10 Tweaker youtube tutorial. It does not verify the source.\n","ACR-099":"The application does not display links to uninstall information. \nThe Landing page does not display links to uninstall information.\nThe Internal Offer does not display links to uninstall information.\n","ACR-167":"App does not offer refunds.\n"},"samples":[{"isRevoked":"False","fileName":"Win_10_Tweaker19.exe1","isInstaller":"True","companyName":"XpucT","fileVersion":"19.1","hashMD5":"98c4de6021ce27a81e4f08ca7685d14b","hashSHA1":"6afb3fbfb8ba607ace360500aaf00b17e4812672","hashSHA256":"60b633bd3d4c3e7fb7f5dba8d04ac786f297267a19d3f41571d6e34801d3bc01","sourceIndex":"1614","avBlockList":["360 Total Security (20220526)","Avast Premium Security (20220526)","Avira Internet Security (20220526)","Bitdefender Internet Security (20220526)","COMODO Antivirus (20220526)","ESET Internet Security (20220526)","G DATA INTERNET SECURITY (20220526)","K7 Total Security (20220526)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20220526)","McAfee Total Protection (20220526)","Norton Security (20220526)","Panda Dome (20220526)","Quick Heal Internet Security (20220526)","Sophos Home Premium (20220526)","SpyHunter5 (20220526)","Total AV Antivirus Pro (20220526)","Trend Micro Internet Security (20220526)","VIPRE Advanced Security (20220526)","VirIT eXplorer PRO (20220526)","Webroot SecureAnywhere (20220526)","Windows Defender (20220526)"],"avAllowList":["AVG Internet Security (20220526)","Dr.Web Security Space (20220526)","Tencent PC Manager (20220526)"]}],"additionalFiles":[],"sources":[{"howFound":"searched pc tweakers on google","reference":"","landingPage":"https://www.softportal.com/software-45430-win-10-tweaker.html","directDownloadingLink":"https://www.softportal.com/getsoft-45430-win-10-tweaker-1.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softportal.com/getsoft-45430-win-10-tweaker-1.html","sourceIndex":"1614"},{"howFound":"searched windows tweaker on google","reference":"","landingPage":"https://win10tweaker.ru","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://win10tweaker.ru/download/stable/?geturl=%2F&g-recaptcha-response=03AGdBq24tgLUQpOMZ7UHyVkJM8PPkUtQz60M5LIaoaSJddBqC5Kxnvi-BgpCN9GXv6w3y5mwJFgcMdb6xXSxVSeAlyjXPcuBRFtkTufVa6CURgiprFIMw5a942tU_SkXuahfhjDQDIut-cRLpM6M0v2DhOYVlbjfiZrsUk8iRHAh9eYVxeWUemWw_4JefR4Vch9q7DCx3MgZIV1RhDUvGwq15Ln5ZZGSCCk0lGTK2SrQWMAQg6lFfTFF8JVm3hJfN3fB-44kmt01NasMdhBvFrMy153FiIfBzfB2peqGOGDVP_WcTBDLGqJpxrlm9nNK06XYvj-Oxsj2_IXwWgLCtvr5xICv569-vyTNkA8iTJmnYt-Xx1QfeUURY_plzi7KxsjB8H6w5G1Bav-KfVQDwddNfRjsX7izMQV5LP8nl7snfv_75R7GWqLgM7iINl6oaqotFQJ2j8ZJvR6k3p3hmf9Xl5Iv2tVR58w&submit=Submit","sourceIndex":"1615"}],"sampleFiles":["220512/Win10Tweaker-220512/19.1.0.0/Samples/Win_10_Tweaker19.exe1"],"imageFiles":["220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-084/ACR084_Respawn.gif","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-084/ACR084_SystrayNotiftoOffer.gif","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-010/ACR010_Respawn.gif","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-116/ACR084_116_117_Respawn.gif","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-117/ACR084_116_117_Respawn.gif"],"nonDeceptorImageFiles":["220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-065/ACR065_Install.jpg","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-161/ACR161_Testimonials.gif","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-167/ACR167_NoRefund.jpg","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-099/ACR099_Software.jpg","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-099/ACR099-LandingPage.jpeg","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-099/ACR099-Offer1.jpg","220512/Win10Tweaker-220512/19.1.0.0/Images/ACR-099/ACR099-Offer2.jpeg"],"guid":"1baa731f-9661-44c6-95ad-db14dd581880_19.1.0.0_1","appID":"Win10Tweaker-220512","dateAdded":"220512","deceptorType":"App","name":"Win 10 Tweaker","company":"XpucT","version":"19.1.0.0","lastKnownStatus":"19.1.0.0","lastKnownDate":"220512","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-05-12T22:08:45.6259349+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1446},{"violations":{"ACR-043":"The app installs \"Jet Boost\" upon clicking the \"Booster\" button within the App. The other App was installed without disclosing it to the user and getting user consent.\n","ACR-003":"The application exaggerates registry keys, caches and logs item as \"problems\" and improvement potential, thereby misleading or scaring user to take action.\n","ACR-084":"A scheduled task is added to Windows Task Scheduler without user's knowledge to run when any users log on.\n","ACR-014":"App claims non-critical items (false positives) like caches, and logs as problems. \n","ACR-039":"The app installs \"Jet Boost\" upon clicking the \"Booster\" button within the App. The other App was installed without disclosing it to the user and its relation with the main app.\n"},"nonDeceptorViolations":{"ACR-065":" There are no links that shows Returns and Cancellation Policy and Privacy Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThere are no links that shows the app's Returns and Cancellation Policy.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled.\nThe landing page has no link or information that shows how it can be uninstalled.\n","ACR-167":" The application's has no mention of a 30 days refund policy.\n","ACR-011":"The Ad was not clearly labelled as an Ad, it was displayed as if it was a part of the app.\n","ACR-017":"The application elevates its user's trust level by displaying 5 star rated awards and a positive media review which are all unverifiable.\n"},"samples":[{"isRevoked":"False","fileName":"jetclean-setup.exe","isInstaller":"True","companyName":"BlueSprig                                                   ","fileVersion":"1.5.0.129   ","hashMD5":"da369354de604fb590fd424db6e2e9ee","hashSHA1":"5a54180c3a3b001974e7297f13fc3b8b5897e321","hashSHA256":"8c0bc3ebb4330e5c886fe49acc8a631cfcc6a2c848d4b99fadde3a2dc213c56f","sourceIndex":"316","avBlockList":["Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","COMODO Antivirus (20220519)","Dr.Web Security Space (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["360 Total Security (20220519)","Bitdefender Internet Security (20220519)","Kaspersky Internet Security (20220519)","Quick Heal Internet Security (20220519)","Tencent PC Manager (20220519)","Trend Micro Internet Security (20220519)","VIPRE Advanced Security (20220519)"]},{"isRevoked":"False","fileName":"JetBoost.exe","companyName":"BlueSprig","fileVersion":"2.0.0.67","hashMD5":"483fd05ef6dbd768850adb2c88cb073c","hashSHA1":"e569faee5426b7fe783ef37af0ebbc4653b68a6f","hashSHA256":"7b9af60d276a24dcd0d07260b97d9430f40a9246cb905a07e46ea0c90b1d3099","digitalCertThumbprint":"50BB4B5082AFC801E47F239B0297E6126D38A789","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"BlueSprig, Inc.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"BlueSprig, Inc.\", L=San Fransisco, S=California, C=US","sourceIndex":"316","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"JetClean.exe","companyName":"BlueSprig","fileVersion":"1.5.0.129","hashMD5":"281339b764cc89b87d29f1777cbb2ed8","hashSHA1":"d824adbf1b419a6dc62e88e18058c1d31e70068d","hashSHA256":"31bed96a90b56885a3505b1d9f04122877b4a6b33437a325c990d62b870ce9c1","sourceIndex":"316","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"searched system cleaner ","reference":"","landingPage":"http://www.bluesprig.com/","directDownloadingLink":"https://www.majorgeeks.com/index.php?ct=files&action=download&","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.majorgeeks.com/index.php?ct=files&action=download&","sourceIndex":"316"}],"sampleFiles":["220512/JetClean-220512/1.5.0.129/Samples/jetclean-setup.exe","220512/JetClean-220512/1.5.0.129/Samples/JetBoost.exe","220512/JetClean-220512/1.5.0.129/Samples/JetClean.exe"],"imageFiles":["220512/JetClean-220512/1.5.0.129/Images/ACR-014/ACR003_014_ScanResults.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-014/ACR003_014_ScanResultsProblems.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-003/ACR003_014_ScanResults.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-003/ACR003_014_ScanResultsProblems.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-084/ACR084_ScheduledTask.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-039/ACR039_043_OtherApp.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-039/ACR039_043_OtherApp(2).jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-043/ACR039_043_OtherApp(2).jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-043/ACR039_043_OtherApp.jpg"],"nonDeceptorImageFiles":["220512/JetClean-220512/1.5.0.129/Images/ACR-065/ACR065_Install.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-065/ACR065_About.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-065/ACR065_LandingPage.jpeg","220512/JetClean-220512/1.5.0.129/Images/ACR-099/ACR065_099_About.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-099/ACR099_LandingPage.jpeg","220512/JetClean-220512/1.5.0.129/Images/ACR-017/ACR017_FalseTrust.jpg","220512/JetClean-220512/1.5.0.129/Images/ACR-011/ACR011_Ads.jpg"],"guid":"b2e8d2ca-01ae-4dc3-9afe-044d4237c883_1.5.0.129_1","appID":"JetClean-220512","dateAdded":"220512","deceptorType":"App","name":"Jet Clean","company":"BlueSprig","version":"1.5.0.129","lastKnownStatus":"1.5.0.129","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,up-sell to paid,cross-sell other apps","lastUpdate":"2024-11-27T22:48:55.8226555+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1447},{"violations":{"ACR-046":"The option to send feedback is opted-in by default and can be viewed only when the Custom mode option is selected. \n","ACR-003":"The App displays exaggerated alerts and fake virus warning in system tray to trick the consumer into taking action and clicking the recommended ad/program.\n","ACR-007":"It is not clear to the consumer whether they are downloading and installing MPC AdCleaner on a different vendor app. The EULA and Privacy Policy does not seem to be related to the vendor DotCash Limited  nor the download manager Innova Media.\n","ACR-009":"The App displays exaggerated alerts and fake virus warning in system tray to trick the consumer into taking action and clicking the recommended ad/program.\n","ACR-110":"The Apps EULA and About links are replaced to promote its own sponsored contents or ads throughout the web sessions.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AdCleaner.exe","companyName":"DotCash Limited","productName":"MPC AdCleaner","fileVersion":"1.1.7351.0902","hashMD5":"e06d00ab61e0a8f89291ce76fdf6e493","hashSHA1":"c09f644057466a2cdc74053d8d4cbde0cd55ff63","hashSHA256":"2f708c358d8326c61bddf48dec52c4378988109c929f1f44145f0b0db030cc84","digitalCertThumbprint":"1671BCAF140E5B7F828C59038AF58EE1A568D21F","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=DotCash Limited, OU=IT, O=DotCash Limited, L=Hong Kong, S=Hong Kong, C=HK","sourceIndex":"318","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mpc-adcleaner.exe","isInstaller":"True","companyName":"DotCash Limited","productName":"MPC AdCleanerSetup","fileVersion":"1.1.7351.0902","hashMD5":"b81360ead53369a86f8380ae6a473082","hashSHA1":"57375708ebd02821f18b92973f8a3ea1cc11b198","hashSHA256":"92d34e4fcdbc9e9c7fbe3fd368802e1e3da3fe2261f87588f67fe0c6ba42ef6f","digitalCertThumbprint":"1671BCAF140E5B7F828C59038AF58EE1A568D21F","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=DotCash Limited, OU=IT, O=DotCash Limited, L=Hong Kong, S=Hong Kong, C=HK","sourceIndex":"318","avBlockList":["Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","Bitdefender Internet Security (20220519)","COMODO Antivirus (20220519)","Dr.Web Security Space (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","VIPRE Advanced Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["360 Total Security (20220519)","Tencent PC Manager (20220519)","Trend Micro Internet Security (20220519)"]},{"isRevoked":"False","fileName":"mpc-adcleaner_VkZP-c1.exe","isInstaller":"True","productName":"Innova Media d.o.o.      ","fileVersion":"2.3.3","hashMD5":"02cdecde6e3a25623928196143320f70","hashSHA1":"d7e0a2a6d670d362cfc7588effd1b8b779bf7aaa","hashSHA256":"de37bfd53ee07b38ea3cdc353c1e224c1cf1f417d14a48ccf6e5b7a6d7892704","digitalCertThumbprint":"4250C7557E1B1D0E2CEA957F8E706D6DE727A532","digitalCertIssuer":"CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL","digitalCertIssuedTo":"CN=INNOVA MEDIA d.o.o., O=INNOVA MEDIA d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"318","avBlockList":["360 Total Security (20220519)","Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","Bitdefender Internet Security (20220519)","COMODO Antivirus (20220519)","Dr.Web Security Space (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","Trend Micro Internet Security (20220519)","VIPRE Advanced Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["Tencent PC Manager (20220519)"]}],"additionalFiles":[],"sources":[{"howFound":"searched cleanup utilities on download sites","reference":"","landingPage":"https://mpc-adcleaner.fileplanet.com/download?msclkid=5e1341abcfa111eca125dd10d7977435","directDownloadingLink":"https://d1bgooya1uz6lz.cloudfront.net/xHK2BBznh/43.05.181.6/mpc-adcleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1bgooya1uz6lz.cloudfront.net/xHK2BBznh/43.05.181.6/mpc-adcleaner.exe","sourceIndex":"318"}],"sampleFiles":["220510/MPCAdCleaner-220509/1.1.7351.902/Samples/AdCleaner.exe","220510/MPCAdCleaner-220509/1.1.7351.902/Samples/mpc-adcleaner.exe","220510/MPCAdCleaner-220509/1.1.7351.902/Samples/mpc-adcleaner_VkZP-c1.exe"],"imageFiles":["220510/MPCAdCleaner-220509/1.1.7351.902/Images/ACR-046/ACR046_MPCAdCleaner.gif","220510/MPCAdCleaner-220509/1.1.7351.902/Images/ACR-110/AboutRedirection.gif","220510/MPCAdCleaner-220509/1.1.7351.902/Images/ACR-110/EULARedirection.gif","220510/MPCAdCleaner-220509/1.1.7351.902/Images/ACR-003/ACR003_MPCADCleaner_FakeAlerts.gif","220510/MPCAdCleaner-220509/1.1.7351.902/Images/ACR-009/ACR003_MPCADCleaner_FakeAlerts.gif","220510/MPCAdCleaner-220509/1.1.7351.902/Images/ACR-007/MPCAdCleaner_UnrelatedPrivacyPol.gif","220510/MPCAdCleaner-220509/1.1.7351.902/Images/ACR-118/MPCAdCleaner_Uninstall.jpg"],"nonDeceptorImageFiles":[],"guid":"6058dbed-4fb8-4faa-9308-c748064f94b9_1.1.7351.902_1","appID":"MPCAdCleaner-220509","dateAdded":"220510","deceptorType":"App","name":"MPC AdCleaner","company":"DotCash Limited","version":"1.1.7351.902","lastKnownStatus":"1.1.7351.902","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-11-27T22:40:32.6188431+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1448},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains its main executable and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"TakeScreenshotSetup.exe (installer)\" and \"Take Screenshot.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Take Screenshot\\Take Screenshot.exe","companyName":"","productName":"","productVersion":"1.0.4056.25252","fileVersion":"1.0.4056.25252","hashMD5":"105a2e2824730c8c5655125359e48455","hashSHA1":"a328b8a9abf9b878b3ef6bdacfb52bdb8488e1d8","hashSHA256":"c325ebe1c7dde545892b6f847088b0c2059bb53e9834c78fc096a71642063bbc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1620","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TakeScreenshotSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Take Screenshot                                             ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"2613b240145188dd311485f95616235f","hashSHA1":"ae84ed5b573c4005ffa5da9981dee30cf183d364","hashSHA256":"a4b3eb95ea9fa940c530145dfddf3b7bdb0d1643246fc845d1323599bccd7501","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1620","avBlockList":["Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","Bitdefender Internet Security (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","VIPRE Advanced Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["360 Total Security (20220519)","COMODO Antivirus (20220519)","Dr.Web Security Space (20220519)","Tencent PC Manager (20220519)","Trend Micro Internet Security (20220519)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge related apps","reference":"","landingPage":"https://www.asoftwareplus.com","directDownloadingLink":"https://www.asoftwareplus.com/TakeScreenshotSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.asoftwareplus.com/TakeScreenshotSetup.exe","sourceIndex":"1620"}],"sampleFiles":["220509/takescreenshot-220509/1.0.4056.25252/Samples/TakeScreenshotSetup.exe"],"imageFiles":["220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-118/ACR-118_1.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-118/ACR-118_2.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-118/ACR-118_3.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-057/ACR-057_1.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-059/ACR-059_1.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-071/ACR-071_1.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-092/ACR-092_1.JPG","220509/takescreenshot-220509/1.0.4056.25252/Images/ACR-092/ACR-092_2.JPG"],"guid":"1605bb77-e13b-4574-80c6-8e78e3db7ae7_1.0.4056.25252_1","appID":"takescreenshot-220509","dateAdded":"220509","deceptorType":"App","name":"Take Screenshot","company":"A Software Plus","version":"1.0.4056.25252","lastKnownStatus":"1.0.4056.25252","lastKnownDate":"220509","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-09T19:16:29.8770594+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1449},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains its main executable and many of its other components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'.\n","ACR-092":"The app does not have a digital signature for the following components: \"PhotoCutterSetup.exe (Installer)\" and \"Photo Cutter.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Photo Cutter\\Photo Cutter.exe","companyName":"","productName":"","productVersion":"1.0.4056.25018","fileVersion":"1.0.4056.25018","hashMD5":"d55938e813547cce5ca038e5f5d2fde2","hashSHA1":"a2fd3d845416218649639b26cb5a0f99d5405881","hashSHA256":"969a40f49e813dbb15986e1448146473250b5543db7e6a68da2f7277ddb620b0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1619","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PhotoCutterSetup.exe","isInstaller":"True","companyName":"A Software Plus                                             ","productName":"Photo Cutter                                                ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"bb7bc1dcabee784958342031f6239dce","hashSHA1":"5330ee45198980d38aa56aae3179fcc6024cece6","hashSHA256":"a07bebe7ec4ac3fa3f6428c66d7916571d46761ea393783ad8b65ab5d8ee4fe7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1619","avBlockList":["Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","Bitdefender Internet Security (20220519)","Dr.Web Security Space (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","VIPRE Advanced Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["360 Total Security (20220519)","COMODO Antivirus (20220519)","Tencent PC Manager (20220519)","Trend Micro Internet Security (20220519)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge related apps","reference":"","landingPage":"www.asoftwareplus.com","directDownloadingLink":"https://www.asoftwareplus.com/PhotoCutterSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.asoftwareplus.com/PhotoCutterSetup.exe","sourceIndex":"1619"}],"sampleFiles":["220509/photocutter-220509/1.0.4056.25018/Samples/PhotoCutterSetup.exe"],"imageFiles":["220509/photocutter-220509/1.0.4056.25018/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-010/ACR-010_Install_Bundles_Deceptor.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-118/ACR-118_1.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-118/ACR-118_2.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-118/ACR-118_3.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-057/ACR-057_1.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-059/ACR-059_1.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-071/ACR-071_1.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["220509/photocutter-220509/1.0.4056.25018/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-092/ACR-092_1.JPG","220509/photocutter-220509/1.0.4056.25018/Images/ACR-092/ACR-092_2.JPG"],"guid":"15aee150-294c-4d2b-af4a-7cf75409dfbe_1.0.4056.25018_1","appID":"photocutter-220509","dateAdded":"220509","deceptorType":"Bundler","name":"Photo Cutter","company":"A Software Plus","version":"1.0.4056.25018","sigName":"Deceptor:Win32/PhotoCutter!109048010118057059071155","lastKnownStatus":"1.0.4056.25018","lastKnownDate":"220509","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-09T19:18:48.7844342+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1450},{"violations":{"ACR-043":"The \"FreeStudioManager\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-048":"it does not provide an option to cancel the installation. \n\nThe non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\". \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user that it came and is related with the main app.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not obtain the user's consent to download and install the other application. \n","ACR-038":"Installed main executable has a different vendor name\n","ACR-099":" The application does not display links to uninstall information.\nThe landing page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"FreeHTML5VideoPlayerAndConverter.exe","companyName":"DVDVideoSoft Ltd.","fileVersion":"5.0.99.823","hashMD5":"997d36d8fd8c91630534ebf614cb4aed","hashSHA1":"97ada6470a38072263c6a5b3266b4381a722ee20","hashSHA256":"f55c2f102092c9719e2b49717d490efc2c5941068bff8d878f2182b9e3e741f0","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"317","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","fileVersion":"6.7.5.420","hashMD5":"49251a97d8e942047a9dbee62542bdd4","hashSHA1":"f2c7da4774425a33c307b320096809d99390a5d2","hashSHA256":"51d48cdfe4bdc8db42256ec4587dcf46647d5ba394f520f6908b6ff67438ada5","digitalCertThumbprint":"C934990D27B9D3CE6D5914E7494A993FA4F860E2","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"317","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeHTML5VideoPlayerAndConverter_5.0.99.823_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","fileVersion":"5.0.99.823","hashMD5":"8cfbff86028e54fe374fecd1b1e60a77","hashSHA1":"0f7cda75b617fd85761141eb257f4fff9a1f3f21","hashSHA256":"c05a979e61103a0519ffd49775fc4c54555332fe6376df4ad03e798aaadf313a","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"317","avBlockList":["Avast Premium Security (20220517)","AVG Internet Security (20220517)","Avira Internet Security (20220517)","Bitdefender Internet Security (20220517)","Dr.Web Security Space (20220517)","G DATA INTERNET SECURITY (20220517)","K7 Total Security (20220517)","McAfee Total Protection (20220517)","Norton Security (20220517)","Panda Dome (20220517)","Quick Heal Internet Security (20220517)","Sophos Home Premium (20220517)","SpyHunter5 (20220517)","Total AV Antivirus Pro (20220517)","VIPRE Advanced Security (20220517)","VirIT eXplorer PRO (20220517)","Webroot SecureAnywhere (20220517)","Windows Defender (20220517)"],"avAllowList":["360 Total Security (20220517)","COMODO Antivirus (20220517)","ESET Internet Security (20220517)","Kaspersky Internet Security (20220517)","Malwarebytes Premium (20220517)","Tencent PC Manager (20220517)","Trend Micro Internet Security (20220517)"]}],"additionalFiles":[],"sources":[{"howFound":"free media tools on google","reference":"","landingPage":"https://www.dvdvideosoft.com/de/products/dvd/Free-HTML5-Video-Player-and-Converter.htm","directDownloadingLink":"https://www.dvdvideosoft.com/de/download.htm?fname=FreeHTML5VideoPlayerAndConverter.exe&ls=allDownloads/FreeHTML5VideoPlayerAndConverter_5.0.99.823_o.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/de/download.htm?fname=FreeHTML5VideoPlayerAndConverter.exe&ls=allDownloads/FreeHTML5VideoPlayerAndConverter_5.0.99.823_o.exe","sourceIndex":"317"}],"sampleFiles":["220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Samples/FreeHTML5VideoPlayerAndConverter.exe","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Samples/FreeStudioManager.exe","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Samples/FreeHTML5VideoPlayerAndConverter_5.0.99.823_o.exe"],"imageFiles":["220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-043/FreeHTML5PC_Install.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-043/FreeHTML5PC_UnauthorizedInstallation.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-039/FreeHTML5PC_Install.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-039/FreeHTML5PC_UnauthorizedInstallation.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-048/ACR048FreeHTML5PC_Install.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-048/ACR048FreeHTML5PC_Software02.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-048/ACR048FreeHTML5PC_Install.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-017/FreeHTML5PC_Logo.jpg"],"nonDeceptorImageFiles":["220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-044/FreeHTML5PC_Install.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-044/FreeHTML5PC_UnauthorizedInstallation.jpg","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-038/ACR038_FreeHTMLPC.gif","220509/FreeHTML5VideoPlayerandConverter-220507/5.0.99.823/Images/ACR-099/FreeHTML5PC_LandingPage.jpeg"],"guid":"eb783905-2033-473e-bdf2-7b31a29880d3_5.0.99.823_1","appID":"FreeHTML5VideoPlayerandConverter-220507","dateAdded":"220509","deceptorType":"App","name":"Free HTML5 Video Player and Converter","company":"Digital Wave Ltd","version":"5.0.99.823","lastKnownStatus":"5.0.99.823","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities, Media players, Media editors","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T22:46:21.1571431+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1451},{"violations":{"ACR-109":"The app downloads \"spt_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “spt_setup.exe”.\n1. The app does not provide any control to enable/disable its own startup item inside the software.\n2) The app does not provide any control to fully exit the app, the process for update still runs in the background.\n3) Unable to close the update prompt.\n","ACR-004":"The app prompts an untruthful message that an update is needed whenever the user launches the app. The \"Update\" actually does nothing, on clicking it.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-084":"1. The app creates an undisclosed start-up of its own app without the user's knowledge and consent.\n2) The process for the update, still runs in the background on fully exiting the app.\n3) Unable to close the update prompt. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app does not have a digital signature for the \"SwifturnFreeVideoJoiner.exe\" executable.\n","ACR-123":"The app does not remove its startup item even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Swifturn Free Video Joiner\\goup.exe","companyName":"","productName":"","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b58001b7a3d8a4d2947b632accc613a0","hashSHA1":"4265de99ff08ce7170724cf56b6e3d87f211290d","hashSHA256":"0f0d36ef8b4de954e930fe85dc4e48fd83d2a2785a5a59cab4b3469afcb47989","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1623","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Swifturn Free Video Joiner\\SwifturnFreeVideoJoiner.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"9b0c216b84bc9dc07bf2f02c7dd62163","hashSHA1":"76e4c25a392f1a3f1063f9ce4acc63f07e09189a","hashSHA256":"e1a8b51dc97f189adb30b4a7edf2c9e9d0274c20d95761fb0fce6a80b550905a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1623","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SwifturnFreeVideoJoiner.exe","isInstaller":"True","companyName":"Swifturn Software Co. Ltd.                                 ","productName":"Swifturn Free Video Joiner                                  ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"e930c6f8d8c92f98cc0cfbfa79aaa50f","hashSHA1":"9125918958434ae91c40cf79732abddb1685301a","hashSHA256":"be6a2c69ebd49a438c0079b0468ff7b93df40df8c1bb4a162555b272ab0e4af1","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Qingruan Creative Information Technology Co. Ltd.","storeId":"","sourceIndex":"1623","avBlockList":["360 Total Security (20220517)","Avast Premium Security (20220517)","AVG Internet Security (20220517)","Avira Internet Security (20220517)","Bitdefender Internet Security (20220517)","COMODO Antivirus (20220517)","Dr.Web Security Space (20220517)","ESET Internet Security (20220517)","G DATA INTERNET SECURITY (20220517)","K7 Total Security (20220517)","Kaspersky Internet Security (20220517)","Malwarebytes Premium (20220517)","McAfee Total Protection (20220517)","Norton Security (20220517)","Panda Dome (20220517)","Quick Heal Internet Security (20220517)","Sophos Home Premium (20220517)","SpyHunter5 (20220517)","Total AV Antivirus Pro (20220517)","VIPRE Advanced Security (20220517)","VirIT eXplorer PRO (20220517)","Webroot SecureAnywhere (20220517)","Windows Defender (20220517)"],"avAllowList":["Tencent PC Manager (20220517)","Trend Micro Internet Security (20220517)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on Relevant Knowledge apps","reference":"","landingPage":"https://www.swifturn.com/videojoiner.php","directDownloadingLink":"http://www.swifturn.com/SwifturnFreeVideoJoiner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.swifturn.com/SwifturnFreeVideoJoiner.exe","sourceIndex":"1623"}],"sampleFiles":["220506/swifturnfreevideojoiner-220506/10.8.2.4/Samples/SwifturnFreeVideoJoiner.exe"],"imageFiles":["220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-004/ACR-004_Software_Alarming.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-084/ACR-084_Software_Undisclosed_Startup.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-084/ACR-084_1.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-048/ACR-048_Software_No_Control.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-048/ACR-048_Software_UnableToUpdate.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-118/ACR-118_1.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-118/ACR-118_2.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-118/ACR-118_3.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-118/1.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-057/ACR-057_1.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-059/ACR-059_1.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-071/ACR-071_1.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-092/ACR-092_1.JPG","220506/swifturnfreevideojoiner-220506/10.8.2.4/Images/ACR-123/ACR-123_Uninstall_Retains_Startup.JPG"],"guid":"6f92cfe4-a3b6-4ad0-a9ed-13298a1cdbf8_10.8.2.4_1","appID":"swifturnfreevideojoiner-220506","dateAdded":"220506","deceptorType":"Bundler","name":"Swifturn Free Video Joiner","company":"Swifturn Software Co., Ltd.","version":"10.8.2.4","lastKnownStatus":"10.8.2.4","lastKnownDate":"220506","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-06T18:26:48.4917084+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1452},{"violations":{"ACR-003":"The application exaggerates displays a virus problem on high danger levels, thereby misleading or scaring user to take action. It does not provide fixes for free scan results or offer protection during the free trial.\n","ACR-004":"The application exaggerates clean system file as worm, misleading or scaring user to take action. It does not provide system protection and fixes for free scan results. 30 days free trial doesn't provide free fix.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \n The landing page does not display links to the EULA/ToS or the Privacy Policy. \n","ACR-092":"The application does not have a digital signature.\n","ACR-035":"No EULA/ToS, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/ToS, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":" No Privacy Policy is provided for the app.\n","ACR-167":"The application has no mention of a refund policy but only for 7 days.\n"},"samples":[{"isRevoked":"False","fileName":"xspy_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0773a2e024c4718f168d33b6ed618127","hashSHA1":"1506dd32fa01709e41c2a281fabc92f19f58967e","hashSHA256":"a04fcba72789c90a8c5c5043ae59ed9a323ec5f5982bcc1467f4f6e690a9f03d","sourceIndex":"1626","avBlockList":["Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","ESET Internet Security (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","VirIT eXplorer PRO (20220519)","Windows Defender (20220519)"],"avAllowList":["360 Total Security (20220519)","Bitdefender Internet Security (20220519)","COMODO Antivirus (20220519)","Dr.Web Security Space (20220519)","G DATA INTERNET SECURITY (20220519)","Malwarebytes Premium (20220519)","Quick Heal Internet Security (20220519)","Tencent PC Manager (20220519)","Trend Micro Internet Security (20220519)","VIPRE Advanced Security (20220519)","Webroot SecureAnywhere (20220519)"]},{"isRevoked":"False","fileName":"XSpyShield.exe","companyName":"Elcor Software (http://www.elcor.net/)","productVersion":"4.0.1.1","fileVersion":"4.6.6.17","hashMD5":"c3a1a75c077e3f68203a366ed79115fc","hashSHA1":"7ce71c3ff0abbfc0d38148e0bcc76870e0bfd2ae","hashSHA256":"5d1db89759a784543d3fdf91b3abdc023f1364048d767dd8593bbe5d32c4c1e2","sourceIndex":"1626","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.elcor.net/xspy.php","directDownloadingLink":"https://www.elcor.net/download.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.elcor.net/download.php","sourceIndex":"1626"}],"sampleFiles":["220505/XSpyShield-220505/4.6.6.17/Samples/xspy_setup.exe","220505/XSpyShield-220505/4.6.6.17/Samples/XSpyShield.exe"],"imageFiles":["220505/XSpyShield-220505/4.6.6.17/Images/ACR-003/ACR003_XSpyShield (2).jpg","220505/XSpyShield-220505/4.6.6.17/Images/ACR-003/ACR003_XSpyShield.jpg","220505/XSpyShield-220505/4.6.6.17/Images/ACR-004/ACR003_XSpyShield (2).jpg","220505/XSpyShield-220505/4.6.6.17/Images/ACR-004/ACR003_XSpyShield.jpg"],"nonDeceptorImageFiles":["220505/XSpyShield-220505/4.6.6.17/Images/ACR-065/XSpyShield_Installation.gif","220505/XSpyShield-220505/4.6.6.17/Images/ACR-065/XSpyShield_About.jpg","220505/XSpyShield-220505/4.6.6.17/Images/ACR-065/XSpyShield_LandingPage.jpeg","220505/XSpyShield-220505/4.6.6.17/Images/ACR-092/ACR092-XSpyShield_nodigisig.jpg","220505/XSpyShield-220505/4.6.6.17/Images/ACR-092/ACR092-XSpyShield_nodigisig2.jpg","220505/XSpyShield-220505/4.6.6.17/Images/ACR-167/ACR167_XSpyShield.jpeg"],"guid":"2fdd832d-631e-412f-8c77-51e53e721e27_4.6.6.17_1","appID":"XSpyShield-220505","dateAdded":"220505","deceptorType":"App","name":"XSpy Shield","company":"Elcor Software","version":"4.6.6.17","lastKnownStatus":"4.6.6.17","lastKnownDate":"220505","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-05T17:56:35.1684345+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1453},{"violations":{"ACR-042":"The \"Media freeware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Media freeware\" components get dropped in one click without asking the user's permission and disclosing the installation path. \n","ACR-046":"The \"Media freeware\" offer is not conspicuous and the details provided in the install prompt regarding the offer is not clearly visible due to the small font size.\n","ACR-048":"1. The app does not provide any control to \"Opt-out\" from the Peer network within the app's setting\n2. The app didn't provide any control to disable the startup and remove the process completely within the app's settings. \n","ACR-084":" 1. The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\"\n2. The \"Media freeware\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":" The app doesn't provide a clear way for users to Accept/Decline the offer. \n","ACR-055":"The app has no buttons to Accept/Decline, the offered app \"Media freeware\".\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear. \n","ACR-039":"The app drops \"Media freeware\" without disclosing it to the user and getting user consent. \n","ACR-155":"The offer was inserted to masquerade as a part of the installation workflow. \n"},"nonDeceptorViolations":{"ACR-040":" The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\".\n","ACR-092":"The app does not provide Digital signatures for the installer (Free Apk Downloader_000114.msi) and the main executable (Free Apk Downloader.exe). \n","ACR-123":"The app does not remove its startup item and process even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Media Freeware\\Free Apk Downloader\\Free Apk Downloader.exe","companyName":"","productName":"FreeApkDownloader","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"74e6c78214500f360520925e8f7e5591","hashSHA1":"b4441eeb5a06cdc026d386b0336baed3b1c58268","hashSHA256":"2b7dd6ec62443b7067f97b65f1d69b5a7be59811ae422d6851ff7990f4b42499","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\\Media Freeware Setup.exe","companyName":"","productName":"Media Freeware Setup","productVersion":"1.9","fileVersion":"1.9","hashMD5":"96861052bb0d11aaf431db65420ff5a8","hashSHA1":"2c6156bd0d1b80aac9736ed82094d143ed20b8f2","hashSHA256":"46abfec51329c9a890579dea0d3549b360188179103de1e06a09c552b2e3b0f0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\\media_freeware_setup_updater.exe","companyName":"Media Freeware","productName":"Media Freeware Setup","productVersion":"1.9","fileVersion":"1.9","hashMD5":"3f9f96e5e3463933fac210f96963645a","hashSHA1":"ba6d0286ff413a10166e11f2844bbbda38a64752","hashSHA256":"ed8b25faa23887fd6f3dd02cda50ac23e85ba3b94113c41d2f75af77d86b80a4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\\MFService.exe","companyName":"","productName":"Media Freeware Service","productVersion":"1.9","fileVersion":"1.9","hashMD5":"90728914a558158e009ef66ceb1d48b0","hashSHA1":"d90b12caa40cedeaffd22a62c9ccc1186450eb1b","hashSHA256":"53032e1105a21c034d518e1eefa5ae66cdfb92e8c8af04dc628b6923b5e22974","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\\MFServiceUpdater.exe","companyName":"","productName":"MFServiceUpdater","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"f9ce22874ee866d54b3f34441746464d","hashSHA1":"a5e0742d41280d1b090302a9f5a77f219873b286","hashSHA256":"e429383bc815bdf183f69086f4dc64e6ebce85e7b87635a27e57dee4fe8de65f","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free Apk Downloader_000114.msi","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1d668ca0d5c174205916e31cbfdd4219","hashSHA1":"b38dff32f133725e5cfbeb9cdf2c7e3af16652ef","hashSHA256":"a8ed7464ce9bf40d1016e45e5cc76665af37b45933ec9b161237bcce2cf33954","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"1630","avBlockList":["360 Total Security (20220519)","Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","Bitdefender Internet Security (20220519)","COMODO Antivirus (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","Trend Micro Internet Security (20220519)","VIPRE Advanced Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["Dr.Web Security Space (20220519)","Tencent PC Manager (20220519)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on mediafreeware app","reference":"","landingPage":"","directDownloadingLink":"https://www.softpedia.com/get/Internet/Download-Managers/Free-APK-Downloader.shtml","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softpedia.com/get/Internet/Download-Managers/Free-APK-Downloader.shtml","sourceIndex":"1630"}],"sampleFiles":["220504/freeapkdownloader-220504/1.0.0.0/Samples/Free Apk Downloader_000114.msi"],"imageFiles":["220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-039/ACR-039_Install.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-043/ACR-043_Install.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-046/ACR-046_Install.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-042/ACR-042_Install.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-084/ACR-084_Software.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-084/ACR-084_Software_1.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_3.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-118/ACR-118_Uninstall.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_1.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-057/ACR-057_In-bundleOffers.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-155/ACR-155_In-bundleOffers.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-055/ACR-055_In-bundleOffers.JPG"],"nonDeceptorImageFiles":["220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-040/ACR-040_Install.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-092/ACR-092_Software.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-092/ACR-092_Software_1.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-123/ACR-123_Uninstall.JPG","220504/freeapkdownloader-220504/1.0.0.0/Images/ACR-123/ACR-123_Uninstall_1.JPG"],"guid":"40be2b10-b654-409c-8a2c-d36c78e56b11_1.0.0.0_1","appID":"freeapkdownloader-220504","dateAdded":"220504","deceptorType":"App","name":"Free APK Downloader","company":"Media Freeware","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"220504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-04T18:37:30.4181609+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1455},{"violations":{"ACR-003":"The App uses the alarming color to make exaggerated claims about the system's health. \nThe App also displays exaggerated alerts and fake virus warning in system tray claiming scan results from different known antivirus softwares.\n","ACR-004":"The App does not provide fixes for free scan results. The App requires customer to register the app to fix the non-permanent issues identified during free scan. Colors used in free scan results present an exaggerated sense of urgency.\n","ACR-084":"A scheduled task is added to Windows Task Scheduler without users´ knowledge in order to launch the program at various scheduled times.\n"},"nonDeceptorViolations":{"ACR-044":"The App installs itself in the system without disclosing the path and components and starts automatically.\n"},"samples":[{"isRevoked":"False","fileName":"PPC-software.exe1","companyName":"PPC-software","fileVersion":"3.1","hashMD5":"c2845501ac919219bd092d992c369711","hashSHA1":"a6d57cb5cd2992bcdbcbb403e99881355c054b0f","hashSHA256":"5d92afcd6e2903c3203176ec2674e7a3f805664b01a44e751884bf1cc372ef00","digitalCertThumbprint":"C3C83521F00E7CA0BD656E3C469C5FD381026970","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Rainmaker Software Group, LLC\", O=\"Rainmaker Software Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"1628","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PPC-softwareSetup.exe1","isInstaller":"True","companyName":"PPC-software","fileVersion":"3.1","hashMD5":"dbfe0376b0197f60cc57f027a4d7cb3f","hashSHA1":"d6ba892679c0f744251b24161a49d13098e0c876","hashSHA256":"916e01a0e94dbb1e9ac13c83cad45400dd74e598f09d1c9ed97194874664433f","digitalCertThumbprint":"C3C83521F00E7CA0BD656E3C469C5FD381026970","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Rainmaker Software Group, LLC\", O=\"Rainmaker Software Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"1628","avBlockList":["360 Total Security (20220519)","Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","COMODO Antivirus (20220519)","Dr.Web Security Space (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","Trend Micro Internet Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["Bitdefender Internet Security (20220519)","Tencent PC Manager (20220519)","VIPRE Advanced Security (20220519)"]}],"additionalFiles":[],"sources":[{"howFound":"searched free pc cleaner on google","reference":"","landingPage":"https://propccleaner.en.softonic.com","directDownloadingLink":"https://propccleaner.en.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://propccleaner.en.softonic.com/download","sourceIndex":"1628"},{"howFound":"","reference":"","landingPage":"ww1.propccleaner.com","directDownloadingLink":"https://safe-purchase.propccleaner.com/rsg2/.npropc?sku[0]=propc/1pk-2&1click=rsg-pro-password-guard","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://safe-purchase.propccleaner.com/rsg2/.npropc?sku[0]=propc/1pk-2&1click=rsg-pro-password-guard","sourceIndex":"1629"}],"sampleFiles":["220504/ProPCCleaner-300422/3.2.1/Samples/PPC-software.exe1","220504/ProPCCleaner-300422/3.2.1/Samples/PPC-softwareSetup.exe1"],"imageFiles":["220504/ProPCCleaner-300422/3.2.1/Images/ACR-004/Alert.jpg","220504/ProPCCleaner-300422/3.2.1/Images/ACR-084/TaskScheduled.jpg","220504/ProPCCleaner-300422/3.2.1/Images/ACR-003/Alert1.jpg","220504/ProPCCleaner-300422/3.2.1/Images/ACR-003/SystemTrayAlert.gif"],"nonDeceptorImageFiles":["220504/ProPCCleaner-300422/3.2.1/Images/ACR-044/Installation.gif","220504/ProPCCleaner-300422/3.2.1/Images/ACR-044/Installation2.jpg"],"guid":"1252ac5c-1512-4d80-95bb-f5f916ad2b3a_3.2.1_1","appID":"ProPCCleaner-300422","dateAdded":"220504","deceptorType":"App","name":"Pro PC Cleaner","company":"Rainmaker Software Group","version":"3.2.1","lastKnownStatus":"3.2.1","lastKnownDate":"220504","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2022-05-04T19:58:02.1082612+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1454},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempting to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app does not have a digital signature for the following components: \"ResizeImagesSetup.exe (installer)\" and \"Resize Images.exe (Main exe)\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Resize Images\\Resize Images.exe","companyName":"A Software Plus","productName":"Resize Images","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"6a7b69fb71e15ec8422e78184045db26","hashSHA1":"14c81567508ef460a749901f0935bd356d910b5f","hashSHA256":"d48131a39a5db55f412f5f90f5d722f38290537d7d34e3165d6d972862e91577","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1624","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ResizeImagesSetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Resize Images                                               ","productVersion":"1.0                                               ","fileVersion":"1.0                 ","hashMD5":"971311e5f3326538698d94f5495d757b","hashSHA1":"62a8fb01fe44237dea9e2e09b5e9545cadcef0aa","hashSHA256":"732a8875abf8a7ab665287b49a31ed194b458d601701a2f2a41e03524c2da1d5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1624","avBlockList":["Avast Premium Security (20220512)","AVG Internet Security (20220512)","Avira Internet Security (20220512)","Bitdefender Internet Security (20220512)","Dr.Web Security Space (20220512)","ESET Internet Security (20220512)","G DATA INTERNET SECURITY (20220512)","K7 Total Security (20220512)","Kaspersky Internet Security (20220512)","Malwarebytes Premium (20220512)","McAfee Total Protection (20220512)","Norton Security (20220512)","Panda Dome (20220512)","Quick Heal Internet Security (20220512)","Sophos Home Premium (20220512)","SpyHunter5 (20220512)","Total AV Antivirus Pro (20220512)","Trend Micro Internet Security (20220512)","VIPRE Advanced Security (20220512)","VirIT eXplorer PRO (20220512)","Webroot SecureAnywhere (20220512)","Windows Defender (20220512)"],"avAllowList":["360 Total Security (20220512)","COMODO Antivirus (20220512)","Tencent PC Manager (20220512)"]}],"additionalFiles":[],"sources":[{"howFound":"Apps using Relevant Knowledge","reference":"","landingPage":"www.asoftwareplus.com","directDownloadingLink":"https://www.asoftwareplus.com/ResizeImagesSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.asoftwareplus.com/ResizeImagesSetup.exe","sourceIndex":"1624"}],"sampleFiles":["220429/resizeimages-220429/1.0.0.0/Samples/ResizeImagesSetup.exe"],"imageFiles":["220429/resizeimages-220429/1.0.0.0/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-118/ACR-118_1.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-118/ACR-118_2.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-057/ACR-057_1.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-059/ACR-059_1.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-071/ACR-071_1.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["220429/resizeimages-220429/1.0.0.0/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-092/ACR-092_Software_1.JPG","220429/resizeimages-220429/1.0.0.0/Images/ACR-092/ACR-092_Software_2.JPG"],"guid":"0ab64c27-92a6-45ed-a76b-e8e6ca2b9dab_1.0.0.0_1","appID":"resizeimages-220429","dateAdded":"220429","deceptorType":"App","name":"Resize Images","company":"A Software Plus","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"220429","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-06T18:23:30.7075712+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1456},{"violations":{"ACR-109":"The app downloads \"rk_setup.exe\", a RelevantKnowledge file without the consumer's consent.\n","ACR-048":"The \"Decline\" button does not have any control but still drops a RelevantKnowledge file “rk_setup.exe”.\n","ACR-010":"The app bundler distributes deceptor application. The offer in this bundler, the Relevant Knowledge market survey application, allows deceptive affiliates to distribute without control. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components along with a \"curl-ca-bundle.crt\" on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app bundles the \"Relevant Knowledge\" offer which does not allow the consumer to decline the offer.\n","ACR-071":"The \"Relevant Knowledge\" offer cannot be declined independently as the installation is unable to proceed when attempted to decline the offer. Thus it forces the user to, only accept the offer and proceed with the installation.\n","ACR-059":"The Offer is not clearly marked as an offer. It is unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-106":"App offers deceptive application 'Relevant Knowledge market survey'. \n","ACR-092":"The app does not have a digital signature for the following components: \"MKVPlayerSetupD.exe (installer)\" and \"MKV Player.exe (Main exe)\"\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MKV Player\\MKV Player.exe","companyName":"vsevensoft.com","productName":"MKV Player","productVersion":"2.1.0.0","fileVersion":"2.1.0.0","hashMD5":"b5db874b2b559255cbcaa03e7a3557ce","hashSHA1":"4129db37fba8e8dee85c32315812bb99e806a32f","hashSHA256":"97e74d2f64333af551b945dd4735f9f50a472463691c9cbffce10bbd07797fac","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1625","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MKVPlayerSetupD.exe","isInstaller":"True","companyName":"                                                            ","productName":"MKV Player                                                  ","productVersion":"2.1.30                                            ","fileVersion":"2.1.30              ","hashMD5":"835459cfffe94e1541f507d440749d58","hashSHA1":"ba52a23e9a49b4b1841a5f23e8e0fa5a8aee0a7b","hashSHA256":"5e4a062179af23382301c5706899a6bb92da31036332d7066d66f425bccc6aa2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1625","avBlockList":["Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","COMODO Antivirus (20220505)","Dr.Web Security Space (20220505)","ESET Internet Security (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Quick Heal Internet Security (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VIPRE Advanced Security (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["360 Total Security (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on media player applications","reference":"","landingPage":"https://www.vsevensoft.com/","directDownloadingLink":"https://www.vsevensoft.com/downloads/MKVPlayerSetupD.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.vsevensoft.com/downloads/MKVPlayerSetupD.exe","sourceIndex":"1625"}],"sampleFiles":["220428/mkvplayer-220428/2.1.30/Samples/MKVPlayerSetupD.exe"],"imageFiles":["220428/mkvplayer-220428/2.1.30/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-118/ACR-118_Uninstall_1.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-118/ACR-118_1.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-057/ACR-057_1.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-059/ACR-059_Bundler-MadeOffers_No_Optional_Offer.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-071/ACR-071_1.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["220428/mkvplayer-220428/2.1.30/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-092/ACR-092_Software_1.JPG","220428/mkvplayer-220428/2.1.30/Images/ACR-092/ACR-092_Software_2.JPG"],"guid":"0833fa39-fa4c-4307-bd24-f03631680735_2.1.30_1","appID":"mkvplayer-220428","dateAdded":"220428","deceptorType":"App","name":"MKV Player","company":"vsevensoft.com","version":"2.1.30","sigName":"2.1.30","lastKnownDate":"220428","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-06T18:21:57.7775397+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1457},{"violations":{"ACR-042":"The app  installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to user system after its installation.\n","ACR-048":"The app does not provide any control to remove \"AtlasVPN.Worker.exe\" process within the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n\n","ACR-084":"On quitting the app, the \"AtlasVPN.Worker.exe\" process runs silently in the background, hiding the fact that it is active from the consumer.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-065":"App gets installed in one click without presenting EULA/ToS, Privacy policy to the user during installation.\n","ACR-099":"The application does not display links to uninstall information in the software.\nThe application does not display links to uninstall information in the landing page (https://atlasvpn.com/).\n","ACR-123":"The app does not remove its startup item even after uninstall.\n","ACR-014":"The app misleads by using the exaggerated word \"Unprotected\" on the landing page ( https://atlasvpn.com/ ) though the TunnelBear VPN is already connected.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\Bin\\AtlasVPN.exe","companyName":"AtlasVPN","productName":"AtlasVPN","productVersion":"2.4.0","fileVersion":"2.4.0.0","hashMD5":"446b920a2a2158ea0bf27757186cc4b5","hashSHA1":"303c5c5b8c63ac71a8370d6f2c7268d9a3f277e4","hashSHA256":"f370c2e49ffc9a276549e55406d84272cb464850ab10daa162fefcb48292ef45","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\Bin\\AtlasVPN.Worker.exe","companyName":"AtlasVPN.Worker","productName":"AtlasVPN.Worker","productVersion":"2.4.0","fileVersion":"2.4.0.0","hashMD5":"4b56495d111a0adcd23f177f7ae17af0","hashSHA1":"adff2682fc601eaa3c2241641a4b649c2d9ff997","hashSHA256":"6b27ef7e460c8241292fbfcd56d27df0a75605640f589450946aab7b70f2dc09","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AtlasVPN-x64.msi","isInstaller":"True","companyName":"AtlasVPN","productName":"AtlasVPN","productVersion":"2.4.0","fileVersion":"2.4.0.0","hashMD5":"8bb4b457b2d44c9c5c9f4c778cece4ca","hashSHA1":"328c694641884571afc1c79bd630742786f6a6ee","hashSHA256":"ae7ae81700b0da6be980d90b2c6d1519603b47c9b7abfb3febfba9c26a997be3","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","sourceIndex":"1607","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://atlasvpn.com/vpn-for-windows","directDownloadingLink":"https://atlasv.pn/get-app-for-windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://atlasv.pn/get-app-for-windows","sourceIndex":"1607"}],"sampleFiles":["220427/atlasvpn-220124/2.4.0.0/Samples/AtlasVPN-x64.msi"],"imageFiles":["220427/atlasvpn-220124/2.4.0.0/Images/ACR-043/ACR-043_Install.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-042/ACR-042_Install.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-084/ACR-084_Software.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-048/ACR-048_Software.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-048/ACR-048_Software_1.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-007/ACR-007_Software.JPG"],"nonDeceptorImageFiles":["220427/atlasvpn-220124/2.4.0.0/Images/ACR-045/ACR-045_Install.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-099/ACR-099_Software.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-123/ACR-123_Uninstall.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-099/ACR-099_Landingpage.JPG","220427/atlasvpn-220124/2.4.0.0/Images/ACR-014/ACR-014_Landingapage.JPG"],"guid":"caf11bd8-11e5-4d8a-b61b-b2d741b96ec9_2.4.0.0_1","appID":"atlasvpn-220124","dateAdded":"220427","deceptorType":"App","name":"Atlas VPN","company":"Peakstar Technologies Inc","version":"2.4.0.0","firstVendorContactDate":"220221","firstAppEsteemReplyDate":"220221","firstResolvedDate":"220516","firstResolvedVersion":"2.4.1.0","resolved":"TRUE","lastKnownStatus":"2.2.1.0;2.3.1;2.3.2;2.3.3;2.3.4;2.4.0.0","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T19:51:58.6562154+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1459},{"violations":{"ACR-042":"The app  installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to user system after its installation.\n","ACR-048":"The app does not provide any control to remove \"AtlasVPN.Worker.exe\" process within the app's settings\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n\n","ACR-084":"On quitting the app, the \"AtlasVPN.Worker.exe\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app misleads by using the exaggerated word \"Your connection is Unprotected\" in the software though the system already has an active VPN installed and running.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-065":"App gets installed in one click without presenting EULA/ToS, Privacy policy to the user during installation.\n","ACR-014":"The app misleads by using the exaggerated word \"Unprotected\" on the landing page ( https://atlasvpn.com/ ) though the TunnelBear VPN is already connected.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\Bin\\AtlasVPN.exe","companyName":"AtlasVPN","productName":"AtlasVPN","productVersion":"2.3.4","fileVersion":"2.3.4.0","hashMD5":"bd795b941edb0b212cde18c9c72c6fb8","hashSHA1":"52e8fde446ffac58ec4d9be789f9e7671f861bc0","hashSHA256":"0bbaa993ac20dd7e499e0f7593a1a7678365f7faf81c699294d820a6e020d3f8","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1611","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\Bin\\AtlasVPN.Worker.exe","companyName":"AtlasVPN.Worker","productName":"AtlasVPN.Worker","productVersion":"2.3.4","fileVersion":"2.3.4.0","hashMD5":"bf8a0a9bca14081c63bc047673198d10","hashSHA1":"61918ca567cfb199246a425722d8ce6e016934a4","hashSHA256":"136da0296a51928836dbb7ea79af9fc8a1350ffa6b6031e9fa1e2b20b8e05386","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1611","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AtlasVPN-x64.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"67b94de593eb31cb272159c09b895f97","hashSHA1":"910895d548458e430ff56a757998ea2b7d03b997","hashSHA256":"725d4f6be92ad6cd9fdd6474eea1c40e6463a44759ef0550a63c6ed997ca6f17","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"1611","avBlockList":["360 Total Security (20220421)","Avira Internet Security (20220421)","K7 Total Security (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","Panda Dome (20220421)","Sophos Home Premium (20220421)","SpyHunter5 (20220421)","Total AV Antivirus Pro (20220421)"],"avAllowList":["Avast Premium Security (20220421)","AVG Internet Security (20220421)","Bitdefender Internet Security (20220421)","COMODO Antivirus (20220421)","Dr.Web Security Space (20220421)","ESET Internet Security (20220421)","G DATA INTERNET SECURITY (20220421)","Kaspersky Internet Security (20220421)","Malwarebytes Premium (20220421)","Quick Heal Internet Security (20220421)","Tencent PC Manager (20220421)","Trend Micro Internet Security (20220421)","VIPRE Advanced Security (20220421)","VirIT eXplorer PRO (20220421)","Webroot SecureAnywhere (20220421)","Windows Defender (20220421)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://atlasvpn.com/vpn-for-windows","directDownloadingLink":"https://atlasv.pn/get-app-for-windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://atlasv.pn/get-app-for-windows","sourceIndex":"1611"}],"sampleFiles":["220427/atlasvpn-220124/2.3.4/Samples/AtlasVPN-x64.msi"],"imageFiles":["220427/atlasvpn-220124/2.3.4/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed_1.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_1.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-084/ACR-084_Software_1.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-048/ACR-048_Software_No_Control.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-007/ACR-007_Software_Root_Certificate_Installed.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-007/ACR-007_Software_Root_Certificate_Installed_1.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-014/ACR-014_Software_Misleading.JPG"],"nonDeceptorImageFiles":["220427/atlasvpn-220124/2.3.4/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG","220427/atlasvpn-220124/2.3.4/Images/ACR-014/ACR-014_LandingPage_Misleading.JPG"],"guid":"caf11bd8-11e5-4d8a-b61b-b2d741b96ec9_2.3.4_1","appID":"atlasvpn-220124","dateAdded":"220427","deceptorType":"App","name":"Atlas VPN","company":"Peakstar Technologies Inc","version":"2.3.4","firstVendorContactDate":"220221","firstAppEsteemReplyDate":"220221","firstResolvedDate":"220516","firstResolvedVersion":"2.4.1.0","resolved":"TRUE","lastKnownStatus":"2.2.1.0;2.3.1;2.3.2;2.3.3;2.3.4;2.4.0.0","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T18:58:52.4437664+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1460},{"violations":{"ACR-042":"The app  installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to user system after its installation.\n","ACR-048":"The app does not provide any control to remove \"AtlasVPN.Worker.exe\" process within the app's settings\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n\n","ACR-084":"On quitting the app, the \"AtlasVPN.Worker.exe\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app misleads by using the exaggerated word \"Your connection is Unprotected\" in the software though system already has an active VPN installed.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-065":"App gets installed in one click without presenting EULA/ToS, Privacy policy to the user during installation.\n","ACR-014":"The app misleads by using the exaggerated word \"Unprotected\" on the landing page ( https://atlasvpn.com/ ) though the TunnelBear VPN is already connected.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\Bin\\AtlasVPN.exe","companyName":"AtlasVPN","productName":"AtlasVPN","productVersion":"2.3.3","fileVersion":"2.3.3.0","hashMD5":"620a20485f38d699e089c8fba914f1a5","hashSHA1":"7308ab14488fa6455174dcd186824807076a422c","hashSHA256":"eccff1324e8b1a1a0ec236078bbe3938d0c31034f0a2a34be6e284ae22bc3b36","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1673","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\Bin\\AtlasVPN.Worker.exe","companyName":"AtlasVPN.Worker","productName":"AtlasVPN.Worker","productVersion":"2.3.3","fileVersion":"2.3.3.0","hashMD5":"8cb30903054f271c09b086b28dbcc811","hashSHA1":"9dee6ec381eb1fa432e8ee71a5de42a47152f346","hashSHA256":"a0a2fb1155cb17725a6ffc34274af14e88068b9cdcf4ba2a12375a7fab9f565b","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1673","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AtlasVPN-x64.msi","isInstaller":"True","companyName":"AtlasVPN","productName":"AtlasVPN","productVersion":"2.3.3","fileVersion":"2.3.3","hashMD5":"28b54afb833aa3c42bece735ccb88f59","hashSHA1":"5ccb323e72a1717a75cf987e55097bf72e2c2be1","hashSHA256":"389c6582757222fa51740df86ea1e89fd3447d2b5ce13a43ccacafc065faf11c","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","sourceIndex":"1673","avBlockList":["360 Total Security (20220331)","Avira Internet Security (20220331)","K7 Total Security (20220331)","McAfee Total Protection (20220331)","Norton Security (20220331)","Panda Dome (20220331)","Sophos Home Premium (20220331)","SpyHunter5 (20220331)","Total AV Antivirus Pro (20220331)"],"avAllowList":["Avast Premium Security (20220331)","AVG Internet Security (20220331)","Bitdefender Internet Security (20220331)","COMODO Antivirus (20220331)","Dr.Web Security Space (20220331)","ESET Internet Security (20220331)","G DATA INTERNET SECURITY (20220331)","Kaspersky Internet Security (20220331)","Malwarebytes Premium (20220331)","Quick Heal Internet Security (20220331)","Tencent PC Manager (20220331)","Trend Micro Internet Security (20220331)","VIPRE Advanced Security (20220331)","VirIT eXplorer PRO (20220331)","Webroot SecureAnywhere (20220331)","Windows Defender (20220331)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://atlasvpn.com/vpn-for-windows","directDownloadingLink":"https://downloads.atlasvpn.com/apps/windows/AtlasVPN-x64.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.atlasvpn.com/apps/windows/*","sourceIndex":"1673"}],"sampleFiles":["220321/atlasvpn-220124/2.3.3/Samples/AtlasVPN-x64.msi"],"imageFiles":["220321/atlasvpn-220124/2.3.3/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed_1.JPG","220321/atlasvpn-220124/2.3.3/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_1.JPG","220321/atlasvpn-220124/2.3.3/Images/ACR-084/ACR-084_Software.JPG","220321/atlasvpn-220124/2.3.3/Images/ACR-048/ACR-048_Software_No_Control.JPG","220321/atlasvpn-220124/2.3.3/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220321/atlasvpn-220124/2.3.3/Images/ACR-007/ACR-007_Software_Root_Certificate_Installed_1.JPG","220321/atlasvpn-220124/2.3.3/Images/ACR-014/ACR-014_Software_Misleading.JPG"],"nonDeceptorImageFiles":["220321/atlasvpn-220124/2.3.3/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220321/atlasvpn-220124/2.3.3/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG","220321/atlasvpn-220124/2.3.3/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"caf11bd8-11e5-4d8a-b61b-b2d741b96ec9_2.3.3_1","appID":"atlasvpn-220124","dateAdded":"220427","deceptorType":"App","name":"Atlas VPN","company":"Peakstar Technologies Inc","version":"2.3.3","sigName":"Deceptor:Win32/AtlasVPN!043042084048007014","firstVendorContactDate":"220221","firstAppEsteemReplyDate":"220221","firstResolvedDate":"220516","firstResolvedVersion":"2.4.1.0","resolved":"TRUE","lastKnownStatus":"2.2.1.0;2.3.1;2.3.2;2.3.3;2.3.4;2.4.0.0","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1461},{"violations":{"ACR-042":"The app  installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to user system after its installation.\n","ACR-048":"The app does not provide any control to remove \"AtlasVPN.Worker.exe\" process within the app's settings\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n\n","ACR-084":"On quitting the app, the \"AtlasVPN.Worker.exe\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app misleads by using the exaggerated word \"Your connection is Unprotected\" in the software though system already has an active VPN installed.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-065":"App gets installed in one click without presenting EULA/ToS, Privacy policy to the user during installation.\n","ACR-014":"The app misleads by using the exaggerated word \"Unprotected\" on the landing page ( https://atlasvpn.com/ ) though the TunnelBear VPN is already connected.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\Bin\\AtlasVPN.exe","companyName":"AtlasVPN","productName":"AtlasVPN","productVersion":"2.3.2","fileVersion":"2.3.2.0","hashMD5":"36c3f4f3c3816eac0ba9bb5ce0b65cf0","hashSHA1":"a4cb82fbcad89d5adfe099e4ae103bc674212ca8","hashSHA256":"8fa2306c6b93c2b4c618962c18b584118635a23380abb5a1692cacdba870538c","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1680","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AtlasVPN-x64.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"c5aef54c7c752aed89b872725c141fc7889e01a787387f66261f57fa1ca3a15e","sourceIndex":"1680","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://atlasvpn.com/vpn-for-windows","directDownloadingLink":"https://atlasv.pn/get-app-for-windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://atlasv.pn/get-app-for-windows","sourceIndex":"1680"}],"sampleFiles":["220317/atlasvpn-220124/2.3.2/Samples/AtlasVPN-x64.msi"],"imageFiles":["220317/atlasvpn-220124/2.3.2/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed_1.JPG","220317/atlasvpn-220124/2.3.2/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_1.JPG","220317/atlasvpn-220124/2.3.2/Images/ACR-084/ACR-084_Software.JPG","220317/atlasvpn-220124/2.3.2/Images/ACR-048/ACR-048_Software_No_Control.JPG","220317/atlasvpn-220124/2.3.2/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220317/atlasvpn-220124/2.3.2/Images/ACR-007/ACR-007_Software_Root_Certificate_Installed_1.JPG","220317/atlasvpn-220124/2.3.2/Images/ACR-014/ACR-014_Software_Misleading.JPG"],"nonDeceptorImageFiles":["220317/atlasvpn-220124/2.3.2/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220317/atlasvpn-220124/2.3.2/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG","220317/atlasvpn-220124/2.3.2/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"caf11bd8-11e5-4d8a-b61b-b2d741b96ec9_2.3.2_1","appID":"atlasvpn-220124","dateAdded":"220427","deceptorType":"App","name":"Atlas VPN","company":"Peakstar Technologies Inc","version":"2.3.2","firstVendorContactDate":"220221","firstAppEsteemReplyDate":"220221","firstResolvedDate":"220516","firstResolvedVersion":"2.4.1.0","resolved":"TRUE","lastKnownStatus":"2.2.1.0;2.3.1;2.3.2;2.3.3;2.3.4;2.4.0.0","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1462},{"violations":{"ACR-042":"The app  installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to user system after its installation.\n","ACR-048":"The app does not provide any control to close the app completely within the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing trust root certificate.\n","ACR-084":"On closing the app, application doesn't exit completely. It runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-014":"The app misleads by using the exaggerated word \"Your PC is Unprotected\" in the software though system already has an active VPN installed.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-065":"App gets installed in one click without presenting EULA/ToS, Privacy policy to the user during installation.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\AtlasVPN.exe","companyName":"AtlasVPN","productName":"AtlasVPN","productVersion":"2.2.1","fileVersion":"2.2.1.0","hashMD5":"fe3ebacaa20b19008ae0e261e5f60173","hashSHA1":"6b24907cfbe26f7d98d02c0c4fdd23122307b2f4","hashSHA256":"9f1036bc5a0433e4b7b5f77fc208c3fe851339a7481c7ff51dfa4f6ad774e692","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1685","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AtlasVPN-x64.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"fd0ef33a4055ba83ccadcdab6d94753a","hashSHA1":"218fdc0847abbb7ea878ca99f52d8212b089ead6","hashSHA256":"c624e8d53d9ab2602da44babe5c91528daf840a28477e435186c7366acd8c36e","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"1685","avBlockList":["360 Total Security (20220315)","Avira Internet Security (20220315)","ESET Internet Security (20220315)","G DATA INTERNET SECURITY (20220315)","K7 Total Security (20220315)","McAfee Total Protection (20220315)","Norton Security (20220315)","Panda Dome (20220315)","Sophos Home Premium (20220315)","SpyHunter5 (20220315)","Tencent PC Manager (20220315)","Total AV Antivirus Pro (20220315)","Windows Defender (20220315)"],"avAllowList":["Avast Premium Security (20220315)","AVG Internet Security (20220315)","Bitdefender Internet Security (20220315)","COMODO Antivirus (20220315)","Dr.Web Security Space (20220315)","Kaspersky Internet Security (20220315)","Malwarebytes Premium (20220315)","Quick Heal Internet Security (20220315)","Trend Micro Internet Security (20220315)","VIPRE Advanced Security (20220315)","VirIT eXplorer PRO (20220315)","Webroot SecureAnywhere (20220315)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://atlasvpn.com/vpn-for-windows","directDownloadingLink":"https://atlasv.pn/get-app-for-windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://atlasv.pn/get-app-for-windows","sourceIndex":"1685"}],"sampleFiles":["220311/atlasvpn-220124/2.2.1.0/Samples/AtlasVPN-x64.msi"],"imageFiles":["220311/atlasvpn-220124/2.2.1.0/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220311/atlasvpn-220124/2.2.1.0/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220311/atlasvpn-220124/2.2.1.0/Images/ACR-084/ACR-084_Software_Runs_In_Background.JPG","220311/atlasvpn-220124/2.2.1.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220311/atlasvpn-220124/2.2.1.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220311/atlasvpn-220124/2.2.1.0/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed.JPG","220311/atlasvpn-220124/2.2.1.0/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG"],"nonDeceptorImageFiles":["220311/atlasvpn-220124/2.2.1.0/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220311/atlasvpn-220124/2.2.1.0/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG"],"guid":"caf11bd8-11e5-4d8a-b61b-b2d741b96ec9_2.2.1.0_1","appID":"atlasvpn-220124","dateAdded":"220427","deceptorType":"App","name":"Atlas VPN","company":"Peakstar Technologies Inc","version":"2.2.1.0","firstVendorContactDate":"220221","firstAppEsteemReplyDate":"220221","firstResolvedDate":"220516","firstResolvedVersion":"2.4.1.0","resolved":"TRUE","lastKnownStatus":"2.2.1.0;2.3.1;2.3.2;2.3.3;2.3.4;2.4.0.0","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1463},{"violations":{"ACR-042":"The app  installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to user system after its installation.\n","ACR-048":"The app does not provide any control to remove \"AtlasVPN.Worker.exe\" process within the app's settings\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n\n","ACR-084":"On quitting the app, the \"AtlasVPN.Worker.exe\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-014":"The app misleads by using the exaggerated word \"Your connection is Unprotected\" in the software though system already has an active VPN installed.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-065":"App gets installed in one click without presenting EULA/ToS, Privacy policy to the user during installation.\n","ACR-014":"The app misleads by using the exaggerated word \"Unprotected\" on the landing page ( https://atlasvpn.com/ ) though the TunnelBear VPN is already connected.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\AtlasVPN\\Bin\\AtlasVPN.exe","companyName":"AtlasVPN","productName":"AtlasVPN","productVersion":"2.3.1","fileVersion":"2.3.1.0","hashMD5":"49ffd9c3e5a565b6165a55a186a65221","hashSHA1":"bb5eed1213a1ab98bff1546ea7493383b10ef76e","hashSHA256":"dbf82ecf414e221e9041b6d340be7fafc505d61151502ace95cf55c319485fee","digitalCertThumbprint":"9487FC3078285F1F0E8F2DE1B1576D7A09301CEF","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"peakstar technologies Inc.","storeId":"","sourceIndex":"1686","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AtlasVPN-x64.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b3d9f330cdcbfbb1928dd06f316265103ff613d1a36297728520f23e0091bf58","sourceIndex":"1686","avBlockList":["360 Total Security (20220505)","Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","G DATA INTERNET SECURITY (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VIPRE Advanced Security (20220505)","Windows Defender (20220505)","K7 Total Security (20220505)"],"avAllowList":["Avast Premium Security (20220505)","AVG Internet Security (20220505)","COMODO Antivirus (20220505)","Dr.Web Security Space (20220505)","ESET Internet Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","Quick Heal Internet Security (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt","reference":"","landingPage":"https://atlasvpn.com/vpn-for-windows","directDownloadingLink":"https://atlasv.pn/get-app-for-windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://atlasv.pn/get-app-for-windows","sourceIndex":"1686"}],"sampleFiles":["220311/atlasvpn-220124/2.3.1/Samples/AtlasVPN-x64.msi"],"imageFiles":["220311/atlasvpn-220124/2.3.1/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed_1.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_1.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-084/ACR-084_Software_Process.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-048/ACR-048_Software_No_Control.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed_1.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-014/ACR-014_Software_Misleading.JPG"],"nonDeceptorImageFiles":["220311/atlasvpn-220124/2.3.1/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220311/atlasvpn-220124/2.3.1/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"caf11bd8-11e5-4d8a-b61b-b2d741b96ec9_2.3.1_1","appID":"atlasvpn-220124","dateAdded":"220427","deceptorType":"App","name":"Atlas VPN","company":"Peakstar Technologies Inc","version":"2.3.1","firstVendorContactDate":"220221","firstAppEsteemReplyDate":"220221","firstResolvedDate":"220516","firstResolvedVersion":"2.4.1.0","resolved":"TRUE","lastKnownStatus":"2.2.1.0;2.3.1;2.3.2;2.3.3;2.3.4;2.4.0.0","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1464},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n","ACR-042":"On executing the installer, it directly installs the \"FreeStudioManager\" and its components without the user's permission and disclosing the installation path.\nThe app drops \"FreeStudioManager\" without disclosing it to the user and getting user consent. \n","ACR-043":" The \"FreeStudioManager\" components are installed without asking the user's permission and disclosing the installation path.\n","ACR-048":"The app does not provide an option to cancel the installation. \nThe non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\". \n","ACR-017":" The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user that it came and is related with the main app.\n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires. \n"},"nonDeceptorViolations":{"ACR-044":"The app does get the user's consent to download and install the other application.\n","ACR-065":" The install does not display links to the Returns and Cancellation Policy.\nThe app's About page does not have links to Returns and Cancellation Policy. \n","ACR-099":"The application does not display links to uninstall information.\n The landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","fileVersion":"6.6","hashMD5":"652e2a92e8283948cc071ed0c5c81969","hashSHA1":"a33936f3daf89c71070aa50df19c732d86ce0c86","hashSHA256":"6264c70db2be899daba688b675537d9dd38bfb11e70150f721796fbb76fea583","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"321","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeUploader.exe","companyName":"DVDVideoSoft Ltd.","fileVersion":"4.0","hashMD5":"5b44ecc0e5112adab662cd936bde52e0","hashSHA1":"ee8bfc3e93dd9cd416d263e6189ce10fcf8a8286","hashSHA256":"09cedcd232bf89db47746d9a36fe7a227d7ec433da7755176ac952ce7f9b2e45","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"321","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeUploader_4.0.66.1027_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","fileVersion":"4.0","hashMD5":"110e889aa2f0e3e0c28f4f60c1c44810","hashSHA1":"00b7c6b06f2efd5fb78469da9f87ad3b5781efca","hashSHA256":"99971e28014bc73e08197620f522dbeecda10aada2d72c8121b009f7bb3b7bef","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"321","avBlockList":["Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","Dr.Web Security Space (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Quick Heal Internet Security (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VIPRE Advanced Security (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["360 Total Security (20220505)","COMODO Antivirus (20220505)","ESET Internet Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)"]}],"additionalFiles":[],"sources":[{"howFound":"search related free app from dvdvideosoft in google","reference":"","landingPage":" https://www.dvdvideosoft.com/products/dvd/Free-YouTube-Uploader.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeUploader.exe&ls=topButton","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeUploader.exe&ls=topButton","sourceIndex":"321"}],"sampleFiles":["220427/FreeYouTubeUploader-220427/4.0.66.1027/Samples/FreeStudioManager.exe","220427/FreeYouTubeUploader-220427/4.0.66.1027/Samples/FreeYouTubeUploader.exe","220427/FreeYouTubeUploader-220427/4.0.66.1027/Samples/FreeYouTubeUploader_4.0.66.1027_o.exe"],"imageFiles":["220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-109/ACR-042.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-109/InstallationPath.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-109/UnauthorizedInstallation.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-039/InstallationPath.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-039/UnauthorizedInstallation.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-043/InstallationPath.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-043/UnauthorizedInstallation.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-042/InstallationPath.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-042/UnauthorizedInstallation.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-048/Installation.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-017/InstallationAppLogo.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-042/ACR-042.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-048/Uninstall.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-164/OfferPage.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-164/OfferPage-a.jpg"],"nonDeceptorImageFiles":["220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-044/InstallationPath.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-044/UnauthorizedInstallation.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-065/EULA.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-065/InstallationPath.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-065/About.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-099/About.jpg","220427/FreeYouTubeUploader-220427/4.0.66.1027/Images/ACR-099/LandingPage.jpg"],"guid":"894298a2-3a6c-4c9e-8aa7-31046c299623_4.0.66.1027_1","appID":"FreeYouTubeUploader-220427","dateAdded":"220427","deceptorType":"App","name":"Free YouTube Uploader","company":"Digital Wave Ltd","version":"4.0.66.1027","lastKnownStatus":"4.0.66.1027","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-27T21:51:01.3224132+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1458},{"violations":{"ACR-042":"On the first execution of the installer, the \"Media freeware\" components get dropped without asking the user's permission and disclosing the installation path. Only upon the second execution of the installer, the \"Media Freeware\" offer's screen is displayed and the installation flow of \"Free Photo Resizer\" is proceeded.\n","ACR-043":"Before the installation screen on \"Media freeware\" shows up, all the components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-046":"The \"Media freeware\" offer is not conspicuous and the details provided in the install prompt regarding the offer are not clearly visible due to the small font size.\n","ACR-048":"1. The app does not provide any control to \"Opt-out\" from the Peer network within the app's setting.\n2. The app doesn't provide any control to disable the startup item within the app's settings.\n","ACR-084":"1. The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\".\n2.  The app creates a startup entry without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the offer.\n","ACR-055":"The app has no buttons to Accept/Decline, the offered app \"Media freeware\".\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear.\n","ACR-039":"The app drops \"Media freeware\" without disclosing it to the user and getting user consent.\n","ACR-155":"The offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\".\n","ACR-123":"The app does not remove its startup item even after uninstall and this scenario is observed even after closing and reopening the Task manager even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\\Media Freeware Setup.exe","companyName":"","productName":"Media Freeware Setup","productVersion":"2","fileVersion":"2","hashMD5":"30b87ce1c9d88b6bce988bb3834a5063","hashSHA1":"029ef53a373a8ac6d42f9c30456ead5e08a04951","hashSHA256":"f8508c073eac2a42f5e10e5aa615584b27167a85ff512063224e5ef8eb280077","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"322","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\\MFService.exe","companyName":"","productName":"Media Freeware Service","productVersion":"2","fileVersion":"2","hashMD5":"8477206511ee0da0c12f3fb4de11776d","hashSHA1":"cc8ab11e934097148bc9b2c6dc55cd677192389d","hashSHA256":"6b5bda661e971709b00afba9a6e4a0926713ce49dcdd28365dbac0e526989f57","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"322","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free Photo Resizer_000099.msi","isInstaller":"True","companyName":"Free Photo Resizer_000099.msi","productName":"","productVersion":"","fileVersion":"","hashMD5":"a3b1478163fdd648d5203c6686eaf9b1","hashSHA1":"1ab8be93e28857711611a8a5c71c1756673d2ad0","hashSHA256":"49aabd3ec7ce3a3ba2ca1d9913ed541d5cfe8b9984b03102ec03f176a3c23cf3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"322","avBlockList":["360 Total Security (20220505)","Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","COMODO Antivirus (20220505)","ESET Internet Security (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Quick Heal Internet Security (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VIPRE Advanced Security (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["Dr.Web Security Space (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)"]}],"additionalFiles":[],"sources":[{"howFound":"Bundled Mediafreeware","reference":"","landingPage":"https://freerecorders.com/","directDownloadingLink":"https://v1.install80.com/setup?t=Free+Photo+Resizer&file=https%3A%2F%2Fwww.mediafreeware.com%2Fserve.html%3Ffrom%3Dhttps%3A%2F%2Fwww.mediafreeware.com%2Ffiles%2Fphotoresizer_setup.exe%26path%3Dfiles%2Fphotoresizer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://v1.install80.com/setup?t=Free+Photo+Resizer&file=https%3A%2F%2Fwww.mediafreeware.com%2Fserve.html%3Ffrom%3Dhttps%3A%2F%2Fwww.mediafreeware.com%2Ffiles%2Fphotoresizer_setup.exe%26path%3Dfiles%2Fphotoresizer_setup.exe","sourceIndex":"322"}],"sampleFiles":["220425/freephotoresizer-220422/1.0/Samples/Free Photo Resizer_000099.msi"],"imageFiles":["220425/freephotoresizer-220422/1.0/Images/ACR-039/ACR-039_Install_Drops_Mediaware.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-039/ACR-039_Install_Drops_Mediaware_1.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-043/ACR-043_Install_Drops_Mediware.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-043/ACR-043_Install_Drops_Mediware_1.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-043/ACR-043.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-046/ACR-046_Install_Unclear_Options.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-042/ACR-042_Install_Drops_Mediware.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-042/ACR-042_Install_Drops_Mediware_1.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-042/ACR-042.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-084/ACR-084_Software_Hides_Presence.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-084/ACR-084_Software_1.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-118/ACR-118_Uninstall_1.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-118/ACR-118_Uninstall_2.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-118/ACR-118_Uninstall_3.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-057/ACR-057_In-BundleOffers_No_Options.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-059/ACR-059_In-BundleOffers_Unclear_Offer.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-155/ACR-155_In-BundleOffers_Masqueraded_Offer.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-055/ACR-055_In-BundleOffers_No_Options.JPG"],"nonDeceptorImageFiles":["220425/freephotoresizer-220422/1.0/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","220425/freephotoresizer-220422/1.0/Images/ACR-123/ACR-123_Uninstall_1.JPG"],"guid":"26965fdc-b8bc-419a-b4a6-02043148e176_1.0_1","appID":"freephotoresizer-220422","dateAdded":"220425","deceptorType":"App","name":"Free Photo Resizer","company":"Free Recorders","version":"1.0","sigName":"Deceptor:Win32/FreePhotoResize!039043046042084048118057059155055","lastKnownStatus":"1.0","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T21:48:30.6900926+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1465},{"violations":{"ACR-004":"The application shows free scan results, but does not offer a fully functional trial. It only cleans 20 files before requiring you to pay for a license.\n","ACR-164":"The application needs to provide detailed information about the billing period, cancellation, renewal of payment and pricing terms for review before submitting orders.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not provide links to the Returns and Cancellation Policy and Privacy Policy.\nThe app's About page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.  \nThe internal offer page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application does not display links to uninstall information.\nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"There is no refund policy provided for this application.\n"},"samples":[{"isRevoked":"False","fileName":"mpcc-setup.exe","isInstaller":"True","companyName":"Manyprog                                                    ","productName":"Manyprog PC Cleaner","productVersion":"2.9.1","fileVersion":"0.0","hashMD5":"477682955c4dd45c170c3280542ee98f","hashSHA1":"4744691863f0a7ecc0be7fb78c728359595b43d5","hashSHA256":"91a71b778566653b170275d1367834a290bba6775dad713f921d0350ad9fdbb7","digitalCertThumbprint":"DC220EEC4069850ADC2484C35709C5FE59837B57","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Aleksandr Fedoseev, O=Aleksandr Fedoseev, STREET=st. Karbisheva 6 kv. 42, S=Perm, PostalCode=614030, C=RU","sourceIndex":"325","avBlockList":["Avast Premium Security (20220503)","AVG Internet Security (20220503)","Avira Internet Security (20220503)","Bitdefender Internet Security (20220503)","ESET Internet Security (20220503)","G DATA INTERNET SECURITY (20220503)","K7 Total Security (20220503)","Malwarebytes Premium (20220503)","McAfee Total Protection (20220503)","Norton Security (20220503)","Panda Dome (20220503)","Quick Heal Internet Security (20220503)","Sophos Home Premium (20220503)","SpyHunter5 (20220503)","Total AV Antivirus Pro (20220503)","VIPRE Advanced Security (20220503)","VirIT eXplorer PRO (20220503)","Webroot SecureAnywhere (20220503)"],"avAllowList":["360 Total Security (20220503)","COMODO Antivirus (20220503)","Dr.Web Security Space (20220503)","Kaspersky Internet Security (20220503)","Tencent PC Manager (20220503)","Trend Micro Internet Security (20220503)","Windows Defender (20220503)"]},{"isRevoked":"False","fileName":"mpcc.exe","fileVersion":"0.0","hashMD5":"47bc041568f137d643df911ecc13de03","hashSHA1":"faa765f25d25134202997680be8ee478ab6ddca8","hashSHA256":"a57cccaf8ab5cb36084e2da7167aa204b61cc994264bf4ecd332bf199460edbe","digitalCertThumbprint":"DC220EEC4069850ADC2484C35709C5FE59837B57","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Aleksandr Fedoseev, O=Aleksandr Fedoseev, STREET=st. Karbisheva 6 kv. 42, S=Perm, PostalCode=614030, C=RU","sourceIndex":"325","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://manyprog.com/pc-cleaner.php","directDownloadingLink":"https://manyprog.com/download/mpcc-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://manyprog.com/download/mpcc-setup.exe","sourceIndex":"325"}],"sampleFiles":["220421/ManyProgPCCleaner-200706/2.9.1/Samples/mpcc-setup.exe1","220421/ManyProgPCCleaner-200706/2.9.1/Samples/mpcc.exe"],"imageFiles":["220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-004/ManyProg_ACR004.gif","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-164/ManyProg_ACR164.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-164/ManyProg_ACR164_2.jpg"],"nonDeceptorImageFiles":["220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-065/ManyProg_ACR065.gif","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-065/ManyProg_ACR065a.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-065/ManyProg_ACR065Landing.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-065/ManyProg_ACR065Landing2.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-065/ManyProg_OfferPage.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-065/ManyProg_OfferPage2.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-065/ManyProg_OfferPage3.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-099/ManyProg_ACR099.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-099/ManyProg_ACR099Landing.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-099/ManyProg_ACR099Landing2.jpg","220421/ManyProgPCCleaner-200706/2.9.1/Images/ACR-099/ManyProg_ACR099InternalOffer.jpg"],"guid":"cb98d05e-edc3-49bf-a814-78647c4b6089_2.9.1_1","appID":"ManyProgPCCleaner-200706","dateAdded":"220421","deceptorType":"App","name":"ManyProg PC Cleaner","company":"ManyProg","version":"2.9.1","sigName":"Deceptor:Win32/ManyProgPCCleaner!004164","lastKnownStatus":"2.8;2.9.1","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:17.4551984+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1468},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 20 files before requiring you to pay for a license.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not provide links to the Returns and Cancellation Policy and Privacy Policy.\nThe app's About page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.  \nThe internal offer page does not have links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"There is no refund policy provided for this application.\n"},"samples":[{"isRevoked":"False","fileName":"mpcc-setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6ff4ceeb730c567d4188b1b8bb0cc885","hashSHA1":"7a632e6a94caabff207b68fa3c4c3606c3bed581","hashSHA256":"7be54e334a2c1054a8cfd62e8047a35ee19e5c0f8209e9b6f26417b3a829a912","digitalCertThumbprint":"DC220EEC4069850ADC2484C35709C5FE59837B57","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Aleksandr Fedoseev, O=Aleksandr Fedoseev, STREET=st. Karbisheva 6 kv. 42, S=Perm, PostalCode=614030, C=RU","sourceIndex":"324","avBlockList":["Avast Premium Security (20211104)","AVG Internet Security (20211104)","Avira Internet Security (20211104)","Bitdefender Internet Security (20211104)","Dr.Web Security Space (20211104)","ESET Internet Security (20211104)","G DATA INTERNET SECURITY (20211104)","K7 Total Security (20211104)","Malwarebytes Premium (20211104)","McAfee Total Protection (20211104)","Norton Security (20211104)","Panda Dome (20211104)","Quick Heal Internet Security (20211104)","Sophos Home Premium (20211104)","SpyHunter5 (20211104)","Tencent PC Manager (20211104)","Total AV Antivirus Pro (20211104)","VIPRE Advanced Security (20211104)","VirIT eXplorer PRO (20211104)","Webroot SecureAnywhere (20211104)","Windows Defender (20211104)"],"avAllowList":["360 Total Security (20211104)","COMODO Antivirus (20211104)","Kaspersky Internet Security (20211104)","Trend Micro Internet Security (20211104)"]},{"isRevoked":"False","fileName":"mpcc.exe","fileVersion":"0.0","hashMD5":"3490b68a7a155d34c5b11705c77cbbf1","hashSHA1":"6145a04f7f8c9ad11016b1daf7c0372acfac5f9d","hashSHA256":"4ad7c8f2558d19c7d0b0003a41853f22af12bc11ad1841cd5032169d975223a0","sourceIndex":"324","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mpcc-setup[2].exe","isInstaller":"True","companyName":"Manyprog                                                    ","fileVersion":"0.0","hashMD5":"f7565705cf548e23fe213212514e809d","hashSHA1":"76013a52c55c332dbe00fc8f47469bbb1dee2c72","hashSHA256":"6bdf0ea64d9b8ddf39dc57861337eae709f9a3a0898437031ffe5ac553c0673d","digitalCertThumbprint":"DC220EEC4069850ADC2484C35709C5FE59837B57","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Aleksandr Fedoseev, O=Aleksandr Fedoseev, STREET=st. Karbisheva 6 kv. 42, S=Perm, PostalCode=614030, C=RU","sourceIndex":"324","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mpcc[2].exe","fileVersion":"0.0","hashMD5":"6998f3657bf0230363c8b60672b70470","hashSHA1":"bb541d3a1cdc845046cb9c34aa14d38cb009826e","hashSHA256":"c461dc57c30ea5dfe7010ffdf617492f965fcbff7f7405265279fed953a0213d","digitalCertThumbprint":"DC220EEC4069850ADC2484C35709C5FE59837B57","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Aleksandr Fedoseev, O=Aleksandr Fedoseev, STREET=st. Karbisheva 6 kv. 42, S=Perm, PostalCode=614030, C=RU","sourceIndex":"324","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://manyprog.com/pc-cleaner.php","directDownloadingLink":"https://manyprog.com/download/mpcc-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://manyprog.com/download/mpcc-setup.exe","sourceIndex":"324"}],"sampleFiles":["220421/ManyProgPCCleaner-200706/2.8/Samples/mpcc-setup.exe","220421/ManyProgPCCleaner-200706/2.8/Samples/mpcc.exe","220421/ManyProgPCCleaner-200706/2.8/Samples/mpcc-setup[2].exe","220421/ManyProgPCCleaner-200706/2.8/Samples/mpcc[2].exe"],"imageFiles":["220421/ManyProgPCCleaner-200706/2.8/Images/ACR-004/ManyProgPCCleaner_Interactions [1].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-004/ManyProgPCCleaner_Interactions [2].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-004/ManyProgPCCleaner_Interactions [2] ScanResults.png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-004/ManyProgPCCleaner_Interactions [3] Register.png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-004/ManyProgPCCleaner_OfferPage [2].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-004/ManyProgPCCleaner_OfferPage [3].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-164/ManyProgPCCleaner_OfferPage [2].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-164/ManyProgPCCleaner_OfferPage [3].png"],"nonDeceptorImageFiles":["220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_Install [1].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_Install [2].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_Install [3].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_About[1].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_LandingPage [1].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_LandingPage [2].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_OfferPage [1].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_OfferPage [2].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-065/ManyProgPCCleaner_OfferPage [3].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-157/ManyProgPCCleaner_Digisig [4] MainExe.png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-099/ManyProgPCCleaner_About[1].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-099/ManyProgPCCleaner_LandingPage [1].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-099/ManyProgPCCleaner_LandingPage [2].png","220421/ManyProgPCCleaner-200706/2.8/Images/ACR-099/ManyProgPCCleaner_OfferPage [2].png"],"guid":"cb98d05e-edc3-49bf-a814-78647c4b6089_2.8_1","appID":"ManyProgPCCleaner-200706","dateAdded":"220421","deceptorType":"App","name":"ManyProg PC Cleaner","company":"ManyProg","version":"2.8","sigName":"Deceptor:Win32/ManyProgPCCleaner!004014","lastKnownStatus":"2.8;2.9.1","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:17.4178232+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1467},{"violations":{"ACR-004":"The app does not fix scan results for free if there are more than 20 results.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA.\nThe landing page does not display links to the EULA.\nThe internal offers page does not display links to the EULA.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"mpcc.exe","fileVersion":"0.0","hashMD5":"afd7707ed744a931285b9ea59528679f","hashSHA1":"7817abf07719d759f131238e87e0d1bbcd26d1a0","hashSHA256":"de7ee890c390effa71d336dd92bc492ebc7a4c0145b5d051c677b9e41e011c88","sourceIndex":"323","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mpcc-setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9836f4765733a76cefbffdbb8c86fcbe","hashSHA1":"8ee6ea658fe2b69dfe1107a2aeeaa3d2e8594e7f","hashSHA256":"faa7d56989b7bac5e1dc6e5f9ee9d8dc48e297403212b75a03a132fe94658054","digitalCertThumbprint":"DC220EEC4069850ADC2484C35709C5FE59837B57","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Aleksandr Fedoseev, O=Aleksandr Fedoseev, STREET=st. Karbisheva 6 kv. 42, S=Perm, PostalCode=614030, C=RU","sourceIndex":"323","avBlockList":["Avast Premium Security (20210708)","AVG Internet Security (20210708)","Bitdefender Internet Security (20210708)","Dr.Web Security Space (20210708)","ESET Internet Security (20210708)","K7 Total Security (20210708)","Malwarebytes Premium (20210708)","McAfee Total Protection (20210708)","Norton Security (20210708)","Panda Dome (20210708)","Sophos Home Premium (20210708)","SpyHunter5 (20210708)","Tencent PC Manager (20210708)","Trend Micro Internet Security (20210708)","VIPRE Advanced Security (20210708)","VirIT eXplorer PRO (20210708)","Webroot SecureAnywhere (20210708)","Windows Defender (20210708)"],"avAllowList":["360 Total Security (20210708)","Avira Internet Security (20210708)","COMODO Antivirus (20210708)","G DATA INTERNET SECURITY (20210708)","Kaspersky Internet Security (20210708)","Quick Heal Internet Security (20210708)","Total AV Antivirus Pro (20210708)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://manyprog.com/pc-cleaner.php","directDownloadingLink":"https://manyprog.com/download/mpcc-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://manyprog.com/download/mpcc-setup.exe","sourceIndex":"323"}],"sampleFiles":["220421/ManyProgPCCleaner-200706/2.7/Samples/mpcc.exe","220421/ManyProgPCCleaner-200706/2.7/Samples/mpcc-setup.exe"],"imageFiles":["220421/ManyProgPCCleaner-200706/2.7/Images/ACR-004/ManyProgPCCleaner 004.mp4"],"nonDeceptorImageFiles":["220421/ManyProgPCCleaner-200706/2.7/Images/ACR-065/ManyProgPCCleaner About.png","220421/ManyProgPCCleaner-200706/2.7/Images/ACR-065/ManyProgPCCleaner Landing Page.png","220421/ManyProgPCCleaner-200706/2.7/Images/ACR-065/ManyProgPCCleaner Internal Offers.png","220421/ManyProgPCCleaner-200706/2.7/Images/ACR-099/ManyProgPCCleaner About.png","220421/ManyProgPCCleaner-200706/2.7/Images/ACR-099/ManyProgPCCleaner Landing Page.png","220421/ManyProgPCCleaner-200706/2.7/Images/ACR-099/ManyProgPCCleaner Internal Offers.png"],"guid":"cb98d05e-edc3-49bf-a814-78647c4b6089_2.7_1","appID":"ManyProgPCCleaner-200706","dateAdded":"220421","deceptorType":"App","name":"ManyProg PC Cleaner","company":"ManyProg","version":"2.7","sigName":"Deceptor:Win32/ManyProgPCCleaner!004","lastKnownStatus":"2.8;2.9.1","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T21:45:32.185796+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1466},{"violations":{"ACR-042":"Application installs OpenVPN and non-disclosed self signing cert/Private Key without obtaining user's permission and explicit action. \n","ACR-043":"Application drops unlimited-use certificate and its private key, as well as self-signed ca cert, in hidden folder without disclosing it.\n","ACR-107":"Application installs and uses OpenVPN without providing relevant license details for it.\n","ACR-048":"Application doesn't provide the control to exit the application completely. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by dropping unlimited-use cert and its private key.\n","ACR-084":"After exit application, a process still running silently in background without notifying user.\n"},"nonDeceptorViolations":{"ACR-014":"Application misleads user about IP status with alarming claim \"Your status exposed\" although system is running another VPN protecting user's digital ID.\n"},"samples":[{"isRevoked":"False","fileName":"ZenMateSetup.exe","isInstaller":"True","companyName":"ZenGuard GmbH","fileVersion":"3.0","hashMD5":"582eca2618f695669779c0f6716a7cd2","hashSHA1":"72569d053a8eb98440b64ce639556ed42ade79da","hashSHA256":"0ba43f5c56d2fe6ae41445e32db75ebfb3e5cd55e9a27fb597924c846ca2016f","digitalCertThumbprint":"5668070D10F69B766DCDDC0E232C10EBA0DDCB15","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ZenGuard GmbH, O=ZenGuard GmbH, STREET=Am Treptower Park 28-30, STREET=\"Haus B, 3. OG.\", STREET=., L=Berlin, S=Berlin, PostalCode=12435, C=DE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 151355","sourceIndex":"1631","avBlockList":["360 Total Security (20220426)","Avira Internet Security (20220426)","K7 Total Security (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Total AV Antivirus Pro (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)"],"avAllowList":["Avast Premium Security (20220426)","AVG Internet Security (20220426)","Bitdefender Internet Security (20220426)","COMODO Antivirus (20220426)","Dr.Web Security Space (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","Kaspersky Internet Security (20220426)","Malwarebytes Premium (20220426)","Quick Heal Internet Security (20220426)","Tencent PC Manager (20220426)","Trend Micro Internet Security (20220426)","VIPRE Advanced Security (20220426)","Windows Defender (20220426)"]},{"isRevoked":"False","fileName":"ZenMate.exe","companyName":"ZenGuard GmbH","fileVersion":"5.0","hashMD5":"c30bb700203c0478cbf52a63b9f657c6","hashSHA1":"0a24641a225229320cf0e58f15efa5b47e999a30","hashSHA256":"bce1e0983710778622c0bd10ab9a7a470faae685787063e6d9f34356fb50cb08","digitalCertThumbprint":"B6B74443441B62A00E086211275FC39666595CF0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CYBERGHOST S.A., O=CYBERGHOST S.A., STREET=Str. DIONISIE LUPU   70-72, L=Bucuresti, S=Bucuresti, PostalCode=030195, C=RO","sourceIndex":"1631","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ZenMate.Service.exe","companyName":"ZenGuard GmbH","fileVersion":"5.0","hashMD5":"f15d100a6042fd39696841943709bd53","hashSHA1":"f1415f7565770dd2147adb6ed28d2dbd2f5a30df","hashSHA256":"7ebf03a7c3e9d2c47571eb1c493d65cb3f33b43b6f8442086ca5d9f1d28f5a96","digitalCertThumbprint":"B6B74443441B62A00E086211275FC39666595CF0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CYBERGHOST S.A., O=CYBERGHOST S.A., STREET=Str. DIONISIE LUPU   70-72, L=Bucuresti, S=Bucuresti, PostalCode=030195, C=RO","sourceIndex":"1631","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"CyberGhost related","reference":"","landingPage":"https://zenmate.com/","directDownloadingLink":"https://zenmate.com/products/vpn-for-windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://zenmate.com/products/vpn-for-windows","sourceIndex":"1631"}],"sampleFiles":["220415/ZenMateVPN-220414/3.0.1.8/Samples/ZenMateSetup.exe","220415/ZenMateVPN-220414/3.0.1.8/Samples/ZenMate.exe","220415/ZenMateVPN-220414/3.0.1.8/Samples/ZenMate.Service.exe"],"imageFiles":["220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-043/ZenMate_Cert.JPG","220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-042/ZenMate_OpenVPN.JPG","220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-042/ZenMate_Cert.JPG","220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-007/ZenMate_Cert.JPG","220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-084/ZenMate_BgProcess.JPG","220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-107/ZenMate_OpenVPN.JPG","220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-048/ZenMate_Setting.JPG","220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-048/ZenMate_BgProcess.JPG"],"nonDeceptorImageFiles":["220415/ZenMateVPN-220414/3.0.1.8/Images/ACR-014/ZenMate_MisleadingStatus.JPG"],"guid":"114770db-677f-424f-b350-8f57a3563e7b_3.0.1.8_1","appID":"ZenMateVPN-220414","dateAdded":"220415","deceptorType":"App","name":"ZenMateVPN","company":"ZenGuard GmbH","version":"3.0.1.8","firstVendorContactDate":"220428","firstAppEsteemReplyDate":"220428","firstResolvedDate":"220428","firstResolvedVersion":"5.0.14.5747","resolved":"TRUE","lastKnownStatus":"3.0.1.8","lastKnownDate":"220415","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-29T00:19:43.920897+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1469},{"violations":{"ACR-043":"1. The app installs some of the 3rd party components like Open VPN, wire guard without disclosure in EULA\n2. Drops unlimited-use cert and its private key without disclosure\n","ACR-046":"The \"Recurring details\" regarding a particular subscription is provided in small text ( Remains hidden ) and requires scrolling till the bottom of the internal offers page. \n","ACR-107":"The app uses open source project (open VPN, Wire Guard) without disclaiming and honoring open source license.\n","ACR-048":"The app does not provide any control to completely quit the app within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by dropping the cert and private key of an unlimited-use cert signed by CyberGhost's CA. \n","ACR-084":"On closing the app, it minimizes to system tray and a process keeps running in the background, hiding the fact that it is active from the consumer without any notification & even when the \"Exit\" option in the system tray is clicked.\n"},"nonDeceptorViolations":{"ACR-014":"The app misleads the user by showing that \"You're EXPOSED\" while the other VPN service is already active in the system.\n"},"samples":[{"isRevoked":"False","fileName":"cgsetup_en_.exe","isInstaller":"True","companyName":"CyberGhost S.A.","productName":"CyberGhost VPN","productVersion":"4.0.2.9","fileVersion":"4.0.2.9","hashMD5":"66f199a3b35535fde1c01da9425ce678","hashSHA1":"ab697706fbe466a3819a985cf1a45a4f9470158d","hashSHA256":"5777332574dc37c23aca84e134e44eb6179d15583978bded59d8f8cf5f17e246","digitalCertThumbprint":"4076006C47269541889E38441C8BCE0F554FF1E1","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CyberGhost S.R.L.","storeId":"","sourceIndex":"1638","avBlockList":["Avira Internet Security (20220421)","COMODO Antivirus (20220421)","K7 Total Security (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","Panda Dome (20220421)","SpyHunter5 (20220421)","Total AV Antivirus Pro (20220421)","VirIT eXplorer PRO (20220421)","Webroot SecureAnywhere (20220421)"],"avAllowList":["360 Total Security (20220421)","Avast Premium Security (20220421)","AVG Internet Security (20220421)","Bitdefender Internet Security (20220421)","Dr.Web Security Space (20220421)","ESET Internet Security (20220421)","G DATA INTERNET SECURITY (20220421)","Kaspersky Internet Security (20220421)","Malwarebytes Premium (20220421)","Quick Heal Internet Security (20220421)","Sophos Home Premium (20220421)","Tencent PC Manager (20220421)","Trend Micro Internet Security (20220421)","VIPRE Advanced Security (20220421)","Windows Defender (20220421)"]},{"isRevoked":"False","fileName":"Dashboard.exe","companyName":"CyberGhost S.R.L.","productVersion":"8.3.5.9052","fileVersion":"8.3.5.9052","hashMD5":"167a72c3a1bc23b485230c62e839c9b0","hashSHA1":"a8d745a4297261aecf6fd8550d5b763505ca35f7","hashSHA256":"20509f5c91c2fe427f1a2fedea238519e7f2f1d7b9a05230c6b9fd37877d18da","digitalCertThumbprint":"4076006C47269541889E38441C8BCE0F554FF1E1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CyberGhost S.R.L., O=CyberGhost S.R.L., STREET=\"Str. Dionisie Lupu NR 70-72 , SECTORUL 1\", L=Bucuresti, S=Bucuresti, C=RO","sourceIndex":"1638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Dashboard.Service.exe","companyName":"CyberGhost S.R.L.","productVersion":"8.3.5.9052","fileVersion":"8.3.5.9052","hashMD5":"edb0e757cfa4c8600df78352173da26e","hashSHA1":"e7521f99882325e8716eec4248a46103368a5828","hashSHA256":"88dde37b31c99fe88366fa7f9606f956cdf65d79b2b53169d8c02b7ee83f5823","digitalCertThumbprint":"4076006C47269541889E38441C8BCE0F554FF1E1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CyberGhost S.R.L., O=CyberGhost S.R.L., STREET=\"Str. Dionisie Lupu NR 70-72 , SECTORUL 1\", L=Bucuresti, S=Bucuresti, C=RO","sourceIndex":"1638","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Bundler from uTorrentWeb","reference":"","landingPage":"https://www.cyberghostvpn.com/en_US/","directDownloadingLink":"https://www.cyberghostvpn.com/en_US/apps/windows-vpn/download/latest","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.cyberghostvpn.com/en_US/apps/windows-vpn/download/latest","sourceIndex":"1638"}],"sampleFiles":["220414/cyberghostvpn-211129/8.3.5.9052/Samples/cgsetup_en_.exe","220414/cyberghostvpn-211129/8.3.5.9052/Samples/Dashboard.exe","220414/cyberghostvpn-211129/8.3.5.9052/Samples/Dashboard.Service.exe"],"imageFiles":["220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-043/CyberGhost_OpenSource.JPG","220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-043/CyberGhost_Cert.JPG","220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-107/CyberGhost_OpenSource.JPG","220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-007/CyberGhost_Cert.JPG","220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-084/ACR-084_Software_BackgroundProcess.JPG","220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-048/ACR-048_Software_No_Control.JPG","220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-046/ACR-046_InternalOffers_Details_Hidden.jpg","220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-046/ACR-046_InternalOffers_Details_Hidden_1.jpg"],"nonDeceptorImageFiles":["220414/cyberghostvpn-211129/8.3.5.9052/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"48dae580-e17b-473d-b516-c2484b11a00e_8.3.5.9052_1","appID":"cyberghostvpn-211129","dateAdded":"220414","deceptorType":"App","name":"CyberGhost VPN","company":"CyberGhost S.A.","version":"8.3.5.9052","sigName":"","firstVendorContactDate":"220421","firstAppEsteemReplyDate":"220421","firstResolvedDate":"220421","firstResolvedVersion":"8.3.5.9311","resolved":"TRUE","lastKnownStatus":"8.3.5.9052","lastKnownDate":"220414","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-21T19:51:15.1004839+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1470},{"violations":{"ACR-043":"The app installs extensions by default without any disclosure & the user's consent.\n","ACR-048":"The app does not provide control to remove the default extension and the scheduled task within the app's settings.\n","ACR-050":"The extensions were added by default without the user's knowledge and consent.\n","ACR-006":"Application uses search engines (DuckDuckGo & Private.sh) , it is not clearly disclosed during installation.\nThe default search engine (DuckDuckGo) used is not disclosed.\n\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent. \n","ACR-104":"The app does not clearly disclose the private search engine used in CyberGhost PrivateBrowser.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"1. The app misleads by stating \"Your IP is exposed\", even though another VPN (tunnel bear) is connected and running. \n2. The app claims providing ad-free browsing experience, it is not truthful (search result provided by duckduckgo, with paid ads)\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden location without disclosing to user and allowing user to change the installation location. \n","ACR-092":"The app does not provide a digital signature for the main executable \"cyberghost.exe\"\n","ACR-014":"The app misleads by displaying the status as \"Unprotected'\" on the landing pages (https://www.cyberghostvpn.com/en_US/private-browser), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\CyberghostBrowser\\Application\\cyberghost.exe","companyName":"The Chromium & CyberGhost Authors","productName":"CyberGhost Private Browser","productVersion":"90.0.4430.93","fileVersion":"90.0.4430.93","hashMD5":"f2103b945843de4638d91cbd8f188084","hashSHA1":"56ea64e71b315b228436a57b7cfdfb1f6848b096","hashSHA256":"7e8a6fe317b9b32fb4ecd3cc8265f06ddbbc8f1d08cb09d9ea51b35f0400bd34","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1647","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CyberGhostPrivateBrowser-90.0.4430.93.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"f3621e7daa06a1c1755a8f07afd8a3df","hashSHA1":"84cefb7753f585788d145c6310499cf23c625395","hashSHA256":"5c3a855104b2c5192cc05b86a94e4341027c626d436e37068aa165ff8e778e8d","digitalCertThumbprint":"4076006C47269541889E38441C8BCE0F554FF1E1","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"CyberGhost S.R.L.","storeId":"","sourceIndex":"1647","avBlockList":["Avast Premium Security (20220426)","AVG Internet Security (20220426)","Avira Internet Security (20220426)","K7 Total Security (20220426)","McAfee Total Protection (20220426)","Norton Security (20220426)","Panda Dome (20220426)","Quick Heal Internet Security (20220426)","Sophos Home Premium (20220426)","SpyHunter5 (20220426)","Total AV Antivirus Pro (20220426)","Trend Micro Internet Security (20220426)","VirIT eXplorer PRO (20220426)","Webroot SecureAnywhere (20220426)","Windows Defender (20220426)"],"avAllowList":["360 Total Security (20220426)","Bitdefender Internet Security (20220426)","COMODO Antivirus (20220426)","Dr.Web Security Space (20220426)","ESET Internet Security (20220426)","G DATA INTERNET SECURITY (20220426)","Kaspersky Internet Security (20220426)","Malwarebytes Premium (20220426)","Tencent PC Manager (20220426)","VIPRE Advanced Security (20220426)"]}],"additionalFiles":[],"sources":[{"howFound":"VPN related app","reference":"","landingPage":"https://www.cyberghostvpn.com/en_US/download-private-browser","directDownloadingLink":"https://www.cyberghostvpn.com/en_US/download-private-browser","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.cyberghostvpn.com/en_US/download-private-browser","sourceIndex":"1647"}],"sampleFiles":["220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Samples/CyberGhostPrivateBrowser-90.0.4430.93.exe"],"imageFiles":["220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-043/ACR-043_Install.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-006/ACR-006_Install.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-084/ACR-084_Software_Undisclosed.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-104/ACR-104_Software.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-104/CyberGhostBrowser.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-048/ACR-048_Software.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-050/ACR-050_Software.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-006/CyberGhostBrowser.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-014/ACR-014_Software.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-014/CyberGhostBrowser_valueclaim.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-040/CyberGhostBrowser_Install.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-092/ACR-092_Software.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-006/ACR-006_Landingpage.JPG","220412/CyberGhostPrivateBrowser-220408/90.0.4430.93/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"4869c8da-1ef5-4656-9268-ab48b6b3daa4_90.0.4430.93_1","appID":"CyberGhostPrivateBrowser-220408","dateAdded":"220412","deceptorType":"App","name":"CyberGhost PrivateBrowser","company":"CyberGhost S.R.L.","version":"90.0.4430.93","lastKnownStatus":"90.0.4430.93","lastKnownDate":"220412","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-13T00:03:01.4531872+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1471},{"violations":{"ACR-042":"The app installs a expired trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"Third-party components 'Open VPN' is installed without any disclosure.\n","ACR-107":"The app does not include the relevant license info for the open source project (Open VPN) used in application 'Open VPN'.\n","ACR-048":"The app does not provide control to remove its background process completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing a expired trusted root certificate.\n","ACR-084":"On closing the app, the application doesn't exit completely. The \"vpnmanagesvc\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The expired trusted root certificate installed by application is not removed from the system after the application is uninstalled.\n","ACR-014":"The app misleads by stating \"Not Protected\" in a big-sized font inside the software, even though another VPN (tunnel bear) is connected and running.\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly and straightforwardly what effect is caused to the user's system due to the installation of expired trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted Root certificate even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SumRando\\SumRando\\GUI\\SumRando.exe","companyName":"SumRando","productName":"SumRando","productVersion":"1.0.0.178","fileVersion":"1.0.0.178","hashMD5":"68936dc4d515a73b0f8e70bb33c82225","hashSHA1":"58547a3365d8bace5537941e29371ee34166d3bd","hashSHA256":"85cf62c2d34a758d20fe42b86a0912cf4760e040ababc2b9eddb164ab8a524f1","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1648","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SumRando\\SumRando\\misc\\vpnmanagesvc.exe","companyName":"SumRando","productName":"vpnmanagesvc","productVersion":"1.0.0.178","fileVersion":"1.0.0","hashMD5":"65b18ca6dd90648476c40d7fdd21f8a3","hashSHA1":"445a09f0c51881de82e98e077378ca65a7797101","hashSHA256":"dbd27752c1ce8348e475d1f75004d933ff6a65ecbe44fd32a6e499e36e081fa9","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1648","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sumrando_setup.exe","isInstaller":"True","companyName":"SumRando","productName":"SumRando","productVersion":"","fileVersion":"1.0.0.178","hashMD5":"6e17765ba81721d5c031b62013596990","hashSHA1":"1a8d693cc659df58e7948e811f9cf64644d41b2c","hashSHA256":"14dfafeaab4d67f2b5ddb016e9bf543798106953fe070c086e341c689461a1fc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1648","avBlockList":["Avira Internet Security (20220421)","Bitdefender Internet Security (20220421)","G DATA INTERNET SECURITY (20220421)","K7 Total Security (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","Panda Dome (20220421)","Sophos Home Premium (20220421)","SpyHunter5 (20220421)","Total AV Antivirus Pro (20220421)","VIPRE Advanced Security (20220421)","VirIT eXplorer PRO (20220421)","Webroot SecureAnywhere (20220421)","Windows Defender (20220421)"],"avAllowList":["360 Total Security (20220421)","Avast Premium Security (20220421)","AVG Internet Security (20220421)","COMODO Antivirus (20220421)","Dr.Web Security Space (20220421)","ESET Internet Security (20220421)","Kaspersky Internet Security (20220421)","Malwarebytes Premium (20220421)","Quick Heal Internet Security (20220421)","Tencent PC Manager (20220421)","Trend Micro Internet Security (20220421)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on VPN apps","reference":"","landingPage":"https://sumrando-vpn.en.softonic.com/","directDownloadingLink":"https://sumrando-vpn.en.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sumrando-vpn.en.softonic.com/download","sourceIndex":"1648"}],"sampleFiles":["220408/sumrandovpn-220405/1.0.0.178/Samples/sumrando_setup.exe"],"imageFiles":["220408/sumrandovpn-220405/1.0.0.178/Images/ACR-043/ACR-043_Install_Open_Vpn_Dropped.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-107/ACR-107_Install_Open_Vpn_Dropped.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-107/ACR-107_Install_Open_Vpn_Dropped.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_1.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_2.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed_1.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed_2.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed_1.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-048/ACR-048_Software_No_Control.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-118/ACR-118_Uninstall_2.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":["220408/sumrandovpn-220405/1.0.0.178/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_2.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG","220408/sumrandovpn-220405/1.0.0.178/Images/ACR-123/ACR-123_Uninstall_1.JPG"],"guid":"2bd4ff55-af5c-44ec-9d36-6badc393f97a_1.0.0.178_1","appID":"sumrandovpn-220405","dateAdded":"220408","deceptorType":"App","name":"Sumrando VPN","company":"SumRando","version":"1.0.0.178","lastKnownStatus":"1.0.0.178","lastKnownDate":"220408","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-08T17:18:53.6104837+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1472},{"violations":{"ACR-042":"The \"Media freeware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Media freeware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-046":"The \"Media freeware\" offer is not conspicuous and the details provided in the install prompt regarding the offer are not clearly visible due to the small font size.\n","ACR-048":"1. The app does not provide any control to \"Opt-out\" from the Peer network within the app's setting\n2. The app doesn't provide any control to disable the startup and remove the background process completely within the app's settings.\n","ACR-084":"1. The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\".\n2. The \"Media freeware\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the offer.\n","ACR-055":"The app has no buttons to Accept/Decline, the offered app \"Media freeware\".\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear.\n","ACR-039":"The app drops \"Media freeware\" without disclosing it to the user and getting user consent.\n","ACR-155":"The offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\".\n","ACR-092":"The app does not provide a digital signature for the installer \"Free Barcode Generator_000010.msi\" and the main executable \"FreeBarcodeGenerator.exe\" files.\n","ACR-123":"The app does not remove its startup item even after uninstall and this scenario is observed even after closing and reopening the Task manager even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"Free Barcode Generator_000010.msi","isInstaller":"True","companyName":"","productName":"N/A","productVersion":"1.0.0.0","fileVersion":"","hashMD5":"b78171e397c3e0666951f243c6d17975","hashSHA1":"75514fe13567ce4559e712726026ca8c8464a232","hashSHA256":"d5205513d2df9bf64e90d8a4e9fbfe34ea405f56f5f35e33ab02fa22c1c85001","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1652","avBlockList":["360 Total Security (20220421)","Avast Premium Security (20220421)","AVG Internet Security (20220421)","Avira Internet Security (20220421)","Bitdefender Internet Security (20220421)","COMODO Antivirus (20220421)","ESET Internet Security (20220421)","G DATA INTERNET SECURITY (20220421)","K7 Total Security (20220421)","Kaspersky Internet Security (20220421)","Malwarebytes Premium (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","Sophos Home Premium (20220421)","SpyHunter5 (20220421)","Total AV Antivirus Pro (20220421)","VIPRE Advanced Security (20220421)","VirIT eXplorer PRO (20220421)","Webroot SecureAnywhere (20220421)"],"avAllowList":["Dr.Web Security Space (20220421)","Panda Dome (20220421)","Quick Heal Internet Security (20220421)","Tencent PC Manager (20220421)","Trend Micro Internet Security (20220421)","Windows Defender (20220421)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted from Free PDF solutions","reference":"","landingPage":"https://www.mediafreeware.com/","directDownloadingLink":"https://v1.install80.com/setup?t=Free+Barcode+Generator&file=https%3A%2F%2Fwww.mediafreeware.com%2Fserve.html%3Ffrom%3Dhttps%3A%2F%2Fwww.mediafreeware.com%2Ffiles%2Fbarcodegenerator_setup.exe%26path%3Dfiles%2Fbarcodegenerator_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://v1.install80.com/setup?t=Free+Barcode+Generator&file=https%3A%2F%2Fwww.mediafreeware.com%2Fserve.html%3Ffrom%3Dhttps%3A%2F%2Fwww.mediafreeware.com%2Ffiles%2Fbarcodegenerator_setup.exe%26path%3Dfiles%2Fbarcodegenerator_setup.exe","sourceIndex":"1652"}],"sampleFiles":["220407/freebarcodegenerator-220407/1.0.0.0/Samples/Free Barcode Generator_000010.msi"],"imageFiles":["220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-039/ACR-039_Install_Drops_Mediaware.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-039/ACR-039_Install_Drops_Mediaware_1.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-043/ACR-043_Install_Drops_Mediware.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-043/ACR-043_Install_Drops_Mediware_1.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-046/ACR-046_Install_Unclear_Options.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-042/ACR-042_Install_Drops_Mediware.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-042/ACR-042_Install_Drops_Mediware_1.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-084/ACR-084_Software_Hides_Presence.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-084/ACR-084_Software_BG_Exists.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_3.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_1.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_2.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_3.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-057/ACR-057_In-BundleOffers_No_Options.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-059/ACR-059_In-BundleOffers_Unclear_Offer.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-155/ACR-155_In-BundleOffers_Masqueraded_Offer.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-055/ACR-055_In-BundleOffers_No_Options.JPG"],"nonDeceptorImageFiles":["220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-092/ACR-092_Software_1.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-092/ACR-092_Software_2.JPG","220407/freebarcodegenerator-220407/1.0.0.0/Images/ACR-123/ACR-123.JPG"],"guid":"7814c22b-7274-489f-8916-e88eddbe2516_1.0.0.0_1","appID":"freebarcodegenerator-220407","dateAdded":"220407","deceptorType":"App","name":"Free Barcode Generator","company":"Media Freeware","version":"1.0.0.0","sigName":"Deceptor:Win32/FreeBarcodeGenerator!039043046042084048118057059155055","lastKnownStatus":"1.0.0.0","lastKnownDate":"220407","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-07T19:10:36.5888181+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1474},{"violations":{"ACR-042":"On executing the installer, it directly installs the app and its components without asking any user's permission.\n","ACR-043":"1. The app drops components of \"Bright data\" before the user agrees and consents.\n2. Before obtaining the user's consent, the app drops all the files inside C:\\Users\\User\\AppData\\Roaming folder and launches the application immediately after executing the installer. \n","ACR-047":"The warning message repeatedly prompts even user decline it before.\n","ACR-048":"The app does not provide control to disable its startup item and remove its background process completely within the app's settings. \n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by sharing IP/network connection.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several BrightData processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates a startup entry without the consumer's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\". \n","ACR-092":"The app does not provide a digital signature for the installer \"Free JPG to PDF Converter - latest.msi\" and the main executable \"PDF_Converter.exe\" file.\n","ACR-054":"The app doesn't provide equal prominence to the \"Accept and Hide\" options and the Close icon inside the software.\n"},"samples":[{"isRevoked":"False","fileName":"Free JPG to PDF Converter - latest.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8224b65a2b585345c54fddbd5fe42fc2","hashSHA1":"39859eebc9f8a1e208e082482d13e782d7857600","hashSHA256":"bca144fdfc944527551c5c10d4b88ac998f30bbf04788b019bd1dd00c45904e4","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"1294","avBlockList":["360 Total Security (20220421)","Avira Internet Security (20220421)","ESET Internet Security (20220421)","K7 Total Security (20220421)","Kaspersky Internet Security (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","SpyHunter5 (20220421)","Total AV Antivirus Pro (20220421)","Trend Micro Internet Security (20220421)","VirIT eXplorer PRO (20220421)","Windows Defender (20220421)"],"avAllowList":["Avast Premium Security (20220421)","AVG Internet Security (20220421)","Bitdefender Internet Security (20220421)","COMODO Antivirus (20220421)","Dr.Web Security Space (20220421)","G DATA INTERNET SECURITY (20220421)","Malwarebytes Premium (20220421)","Panda Dome (20220421)","Quick Heal Internet Security (20220421)","Sophos Home Premium (20220421)","Tencent PC Manager (20220421)","VIPRE Advanced Security (20220421)","Webroot SecureAnywhere (20220421)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt on BrightData apps","reference":"","landingPage":"https://www.freepdfsolutions.com/","directDownloadingLink":"https://www.freepdfsolutions.com/setups/free-jpg-to-pdf-converter/Free%20JPG%20to%20PDF%20Converter%20-%20latest.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freepdfsolutions.com/setups/free-jpg-to-pdf-converter/Free%20JPG%20to%20PDF%20Converter%20-%20latest.msi","sourceIndex":"1294"}],"sampleFiles":["220407/freejpgtopdfconverter-220407/3.0.0.0/Samples/Free JPG to PDF Converter - latest.msi"],"imageFiles":["220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-043/ACR-043_Install_Drops_Immediately.mp4","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-043/ACR-043.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-042/ACR-042_Install_Drops_All_Files.mp4","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-007/ACR-007_1.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-084/ACR-084_Software_Undisclosed_Startup.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-047/ACR-014_Software_Tricking_Statement.JPG"],"nonDeceptorImageFiles":["220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-092/ACR-092_Software_1.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-092/ACR-092_Software_2.JPG","220407/freejpgtopdfconverter-220407/3.0.0.0/Images/ACR-054/ACR-054_Sofwtare_Equal_Prominence.JPG"],"guid":"565b0820-3ea1-406e-88a2-c58d35f4cfd3_3.0.0.0_1","appID":"freejpgtopdfconverter-220407","dateAdded":"220407","deceptorType":"App","name":"Free JPG to PDF converter","company":"Free PDF solutions","version":"3.0.0.0","sigName":"Deceptor:Win32/043042007084048047","firstResolvedVersion":"4.0.0.0","resolved":"TRUE","lastKnownStatus":"3.0.0.0","lastKnownDate":"220407","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-11-14T21:58:26.342692+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1473},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\iTop Private Browser\\AUpdate.exe","companyName":"iTop Inc.","productName":"iTop Private Browser","productVersion":"3.0","fileVersion":"1.0.0.1918","hashMD5":"80ba32934c0f217451070b9e185332b4","hashSHA1":"d227632e6210a9545f57ca88f3d9ab9620f72a6a","hashSHA256":"7d6c544a264d11992baf7f559ce155ea9dc9a32375420c588de8dfb51a842c5a","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1659","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\iTop Private Browser\\AutoUpdate.exe","companyName":"iTop Inc.","productName":"iTop Private Browser","productVersion":"3.0","fileVersion":"3.0.0.762","hashMD5":"49ecc903c2c3e01c7974c5985bc4cf0c","hashSHA1":"e7fb1bb303833c7f74531ac45e75ef277b6b975a","hashSHA256":"858792732068df9e358543a1af4fb72f2fe9c248345ee7332e2dfac082c9367d","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1659","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\iTop Private Browser\\iTopBrowser.exe","companyName":"iTop Inc.","productName":"iTop Private Browser","productVersion":"3.1.0.0","fileVersion":"3.1.0.255","hashMD5":"28b616c120af63365f1e8ea757da8378","hashSHA1":"7f760781dd93e91189fd715efaaec466a991b147","hashSHA256":"dc9cead42ce29748b90179e2264576dc49cc0ef79ba3f691736a966c3f67fbc9","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1659","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\iTop Private Browser\\ivBInit.exe","companyName":"iTop Inc.","productName":"iTop Private Browser","productVersion":"1.0","fileVersion":"1.0.0.119","hashMD5":"5d0a2d8ff8fa5c82c2d09b5319f80c6d","hashSHA1":"35635e9a8ac4e64001e37914e754e65f65af541e","hashSHA256":"e92b22dbb8a65158be46fc304212af66a39a1431ff0d3b1809b4d426b3b16933","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1659","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\iTop Private Browser\\Downloader\\IVB_Setup.exe","companyName":"iTop Inc.                                                   ","productName":"iTop Private Browser                                        ","productVersion":"3.1.0.255                                         ","fileVersion":"3.1.0.255           ","hashMD5":"812b2c4cbe8b577ac4a100ae1f320410","hashSHA1":"9199c9b65f2a39b2f840eef9f231921fc58f70f3","hashSHA256":"7139d47d4e1735216bc11c352a7c85bb90c97841fb8ac5b3565da3fdf643fbf2","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1659","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"itop_private_browser_setup.exe","isInstaller":"True","companyName":"iTop Inc.","productName":"iTop Private Browser","productVersion":"3.0.0.0","fileVersion":"3.0.0.235","hashMD5":"5bd72e8cbe7e8b1afc5fc3df9d8fba20","hashSHA1":"557ce1cdf871af4d9eed2efc8e8a455d168a34e3","hashSHA256":"129f0ea1aa1958d9a219415682164b15ea0c0eeba39c36f28926dcc8dcd7ae0a","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1659","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offered app of iTopVPN","reference":"","landingPage":"https://www.itopvpn.com/vpn-browser?name=ivb&ver=1.0.0.184&lan=&to=eula","directDownloadingLink":"https://goto.itopvpn.com/downloadcenter?product=itopbrowser","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://goto.itopvpn.com/downloadcenter?product=itopbrowser","sourceIndex":"1659"}],"sampleFiles":["220402/itopvpnbrowser-220225/3.0.0.235/Samples/itop_private_browser_setup.exe"],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"490ca65b-b17c-458f-9e0f-65a01b539ecd_3.0.0.235_1","appID":"itopvpnbrowser-220225","dateAdded":"220402","deceptorType":"App","name":"iTopVPN Browser","company":"iTop Inc.","version":"3.0.0.235","firstVendorContactDate":"220330","firstAppEsteemReplyDate":"220330","firstResolvedDate":"220402","firstResolvedVersion":"3.0.0.235","resolved":"TRUE","lastKnownStatus":"1.0.0.84;3.0.0.235","lastKnownDate":"220402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-02T20:51:04.921223+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1476},{"violations":{"ACR-048":"The app does not provide any control to disable the notification within the app's settings.\n","ACR-050":"The app appears to circumvent the platform security (UAC) with a scheduled task.\n","ACR-004":"The App uses exclamation marks in the software to exaggerate the identified issues and misleads the urgency for users to take action.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app misleads the user by showing unfair status that \"You're EXPOSED\" while the other VPN service is already active in the system and it also mentioned that \"Your online privacy is not protected\".\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://bit.ly/3JE9POS): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"iTopVPN_setup_Free.exe","isInstaller":"True","companyName":"iTop Inc.                                                   ","productName":"iTop VPN                                                    ","productVersion":"3.3.0.2773                                        ","fileVersion":"3.3.0.2773          ","hashMD5":"01a0c7482c25d1a3ea7289d9d8f29944","hashSHA1":"4788f76b7dfac7e049f31414162a8d00e84175aa","hashSHA256":"637718abc8841904f22c4ad0605f8fec72a807a463afdfc7e4dc38e6bf257152","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1654","avBlockList":["360 Total Security (20220331)","Avira Internet Security (20220331)","Dr.Web Security Space (20220331)","G DATA INTERNET SECURITY (20220331)","K7 Total Security (20220331)","McAfee Total Protection (20220331)","Norton Security (20220331)","Panda Dome (20220331)","Quick Heal Internet Security (20220331)","Sophos Home Premium (20220331)","SpyHunter5 (20220331)","Total AV Antivirus Pro (20220331)","VirIT eXplorer PRO (20220331)","Webroot SecureAnywhere (20220331)","Windows Defender (20220331)"],"avAllowList":["Avast Premium Security (20220331)","AVG Internet Security (20220331)","Bitdefender Internet Security (20220331)","COMODO Antivirus (20220331)","ESET Internet Security (20220331)","Kaspersky Internet Security (20220331)","Malwarebytes Premium (20220331)","Tencent PC Manager (20220331)","Trend Micro Internet Security (20220331)","VIPRE Advanced Security (20220331)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\atud.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.3.0.990","hashMD5":"f9e48147f37fb7721cdf87d324c9621b","hashSHA1":"7ad3ae8fc375aac71560b018921f8b204070a2bf","hashSHA256":"a55e17a860be09ba5c17acb25ac275e0dc5a90f8f1038414e9e1d0d0645f2b27","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1654","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\iTopInstaller.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.0.0.2509","hashMD5":"f10cc297c985d7a005e72e0ed604febb","hashSHA1":"d73abaa9d08977319a54ec2e19ef505256d0304c","hashSHA256":"e5a3916ea78731e235f9614659d4116db956d35b0881dd28b8f30c3a69ee3431","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1654","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\iTopVPN.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.3.0.2773","hashMD5":"74140213adb01d47f86bf474693776ec","hashSHA1":"a6796c622df007c7f7e32336372df7d67d4a4de7","hashSHA256":"6f88067ce6fc9a267f2f15294999a682f82fd0ff408ad6dd34c12d11295b1a8b","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1654","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\iTopVPNMini.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.3.0.2763","hashMD5":"71196fb27c4a035aa3b362addb38cafd","hashSHA1":"b7b843ef311aab888727e619b5bc02436095444f","hashSHA256":"df02739c76b9559f6ca39a0e510f3742de5abf647b50106acd27c3184bafca0f","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1654","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\ugin.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.1.0.369","hashMD5":"ae45c9a7f99cc7aee873e6982dd8aedc","hashSHA1":"c8ff481efe1b0aaf2c8a7ffcae65257278eaa84f","hashSHA256":"4bda76b931bbe09c93a2dc4c6fc57e0f8234b898491d3180851a1cb5304e485d","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1654","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\unpr.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.0.0.113","hashMD5":"96814fc81e7050ec806a1ef966cee652","hashSHA1":"126d8a3bf2853089d18ef0efc7a7a4cae9f6a917","hashSHA256":"47cb3d71ca832f4175149bdb3ddd52c07128c52523bc8dce8b5ff7c68750594c","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1654","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offered by smart game booster","reference":"","landingPage":"https://www.itopvpn.com/","directDownloadingLink":"https://goto.itopvpn.com/downloadcenter?product=itoppc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://goto.itopvpn.com/downloadcenter?product=itoppc","sourceIndex":"1654"}],"sampleFiles":["220402/itopvpn-211126/3.3.0.2773/Samples/iTopVPN_setup_Free.exe"],"imageFiles":["220402/itopvpn-211126/3.3.0.2773/Images/ACR-004/ACR-004_Software_Exclamation_Symbol.JPG","220402/itopvpn-211126/3.3.0.2773/Images/ACR-004/ACR-004_Software_Exclamation_Symbol_1.JPG","220402/itopvpn-211126/3.3.0.2773/Images/ACR-004/ACR-004_Software_Exclamation_Symbol_2.JPG","220402/itopvpn-211126/3.3.0.2773/Images/ACR-048/ACR-048_Software_Uncontrollable_Notification_1.JPG","220402/itopvpn-211126/3.3.0.2773/Images/ACR-048/ACR-048_Software_Uncontrollable_Notification_2.JPG","220402/itopvpn-211126/3.3.0.2773/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220402/itopvpn-211126/3.3.0.2773/Images/ACR-165/ACR-165_InternalOffers_Subscription_Details_Missing.JPG","220402/itopvpn-211126/3.3.0.2773/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220402/itopvpn-211126/3.3.0.2773/Images/ACR-050/ACR-050_Software_Undisclosed_Skip_UAC_Task.JPG"],"nonDeceptorImageFiles":[],"guid":"e8b24232-e4f4-4ae5-9081-d8e8efd6653c_3.3.0.2773_1","appID":"itopvpn-211126","dateAdded":"220402","deceptorType":"App","name":"iTop VPN","company":"iTop Inc.","version":"3.3.0.2773","firstVendorContactDate":"220330","firstAppEsteemReplyDate":"220330","firstResolvedDate":"220402","firstResolvedVersion":"3.3.0.2805","resolved":"TRUE","lastKnownStatus":"3.0.0.2327;3.2.0.2653;3.3.0.2773;3.3.0.2775","lastKnownDate":"220402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-02T20:59:07.0231876+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1477},{"violations":{"ACR-048":"The app does not provide any control to close the app completely & disable the notification  & remove all the scheduled tasks that it created within the app's settings.\n","ACR-050":"The app appears to circumvent the platform security (UAC) with a scheduled task.\n","ACR-004":"1. The app does not provide free fixes for the identified security issues reported via “Free Scan”, it requires users to upgrade to \"VIP\" to fix the few identified issues and under the \"Security Reinforce\" category the app fixes only 6 items among the 17 identified issues, thus providing only a partial fix.\n2. App uses exclamation mark in the software exaggerates the identified issues and misleads the urgency for user to take action.\n","ACR-008":"Under Tools-->Privacy protection-->Security Reinforce, the app shows 17 items initially. When the \"Protect\" option is clicked, it, in turn, displays a prompt in which upon clicking the \"Basic Protect\" option that is small, blurred font also appears to be hidden and not easy to spot immediately fixes only 6 items  (Partial fix).\n\n","ACR-084":"On quitting the app completely from the system tray, processes still run in the background hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app misleads the user by showing unfair status that \"You're EXPOSED\" while the other VPN service is already active in the system and it also mentioned that \"Your online privacy is not protected\".\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://bit.ly/3hfVbAN): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-054":"The app didn't provide equal prominence to the \"Protect All\" and \"Basic Protect\" buttons in the software.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\iTopVPN.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.2.0.2653","hashMD5":"d34471aa7936e399d54da495fa5c2059","hashSHA1":"a82c39319680521e904b23f9ee0222aee4df47dc","hashSHA256":"0359afb9946da2cf1b1920b9661f320199ecf7d817777be0e9ebaa8bd9d8b090","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1655","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iTopVPN_setup_Free.exe","isInstaller":"True","companyName":"iTop Inc.                                                   ","productName":"iTop VPN                                                    ","productVersion":"3.2.0.2653                                        ","fileVersion":"3.2.0.2653          ","hashMD5":"0a614e6de5721aa78a566b8911655036","hashSHA1":"3b551a37b776e6aa072ea4a08ff3af39845bd13e","hashSHA256":"231d63c4e5520b643680d5f91df206045211a5519862bde9abc6b905f65901ad","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1655","avBlockList":["Avira Internet Security (20220310)","Dr.Web Security Space (20220310)","ESET Internet Security (20220310)","K7 Total Security (20220310)","McAfee Total Protection (20220310)","Norton Security (20220310)","Panda Dome (20220310)","Quick Heal Internet Security (20220310)","Sophos Home Premium (20220310)","SpyHunter5 (20220310)","Total AV Antivirus Pro (20220310)","VirIT eXplorer PRO (20220310)","Webroot SecureAnywhere (20220310)","Windows Defender (20220310)"],"avAllowList":["360 Total Security (20220310)","Avast Premium Security (20220310)","AVG Internet Security (20220310)","Bitdefender Internet Security (20220310)","COMODO Antivirus (20220310)","G DATA INTERNET SECURITY (20220310)","Kaspersky Internet Security (20220310)","Malwarebytes Premium (20220310)","Tencent PC Manager (20220310)","Trend Micro Internet Security (20220310)","VIPRE Advanced Security (20220310)"]}],"additionalFiles":[],"sources":[{"howFound":"Offered by smart game booster","reference":"","landingPage":"https://www.itopvpn.com/","directDownloadingLink":"https://goto.itopvpn.com/downloadcenter?product=itoppc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://goto.itopvpn.com/downloadcenter?product=itoppc","sourceIndex":"1655"}],"sampleFiles":["220402/itopvpn-211126/3.2.0.2653/Samples/iTopVPN_setup_Free.exe"],"imageFiles":["220402/itopvpn-211126/3.2.0.2653/Images/ACR-004/ACR-004_Software_No_Free_Fix.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-004/ACR-004_Software_Exclamation_Symbol.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-004/ACR-004_Software_Exclamation_Symbol_1.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-004/ACR-004_Software_Exclamation_Symbol_2.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-004/ACR-004_Software_No_Free_Fix_1.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-004/ACR-004_Software_No_Free_Fix_2.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-048/ACR-048_Software_UNcontrollable_Background_Process.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-048/ACR-048_Software_Uncontrollable_Notification_1.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-048/ACR-048_Software_Uncontrollable_Schedule_Tasks.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-048/ACR-048_Software_No_Control.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-165/ACR-165_InternalOffers_Subscription_Details_Missing.jpg","220402/itopvpn-211126/3.2.0.2653/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-008/ACR-008_Software_Hidden1.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-008/ACR-008_Software_1.JPG","220402/itopvpn-211126/3.2.0.2653/Images/ACR-050/ACR-050_Software_Undisclosed_Skip_UAC_Task.JPG"],"nonDeceptorImageFiles":["220402/itopvpn-211126/3.2.0.2653/Images/ACR-054/ACR-054_InlineOffers_1.JPG"],"guid":"e8b24232-e4f4-4ae5-9081-d8e8efd6653c_3.2.0.2653_1","appID":"itopvpn-211126","dateAdded":"220402","deceptorType":"App","name":"iTop VPN","company":"iTop Inc.","version":"3.2.0.2653","firstVendorContactDate":"220330","firstAppEsteemReplyDate":"220330","firstResolvedDate":"220402","firstResolvedVersion":"3.3.0.2805","resolved":"TRUE","lastKnownStatus":"3.0.0.2327;3.2.0.2653;3.3.0.2773;3.3.0.2775","lastKnownDate":"220402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-02T20:58:38.6745038+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1478},{"violations":{"ACR-048":"The app does not have any control to close the app completely & to disable the notification within the app's settings & to remove all the scheduled tasks that it created.\n","ACR-050":"The app appears to circumvent the platform security (UAC) with a scheduled task.\n","ACR-004":"1. The app does not provide free fixes for the identified security issues reported via “Free Scan”, it requires paid to fix the few identified issues.\n2. App uses exclamation mark in the software exaggerates the identified issues and misleads the urgency for user to take action.\n","ACR-084":"1. On closing the app, it runs silently in the background, hiding the fact that it is active from the consumer.\n2. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app misleads the user by showing unfair status that \"You're EXPOSED\" while the other VPN service is already active in the system and it also mentioned that \"Your online privacy is not protected\".\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://estore.itopvpn.com/c/shop): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\iTopVPN.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3","fileVersion":"3.0.0.2327","hashMD5":"fe629acb8fff03051da280b064c7b180","hashSHA1":"a45cd0edae417df54adbdfcff9f2ef8754aed615","hashSHA256":"6b7f734f633b98c184bc13310d0abcaa04936a7f4ccf7758eb35744125257504","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1656","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iTopVPN_pc_setup.exe","isInstaller":"True","companyName":"iTop Inc.                                                   ","productName":"iTop VPN                                                    ","productVersion":"3.0.0.2327                                        ","fileVersion":"3.0.0.2327          ","hashMD5":"340f5467137c505c54b119934e794480","hashSHA1":"7e759fc5266dbbeb0a619a64f9e760469317a593","hashSHA256":"447a0556c44ee65e3a9b1ec92bfbee46047e56aa8c589213fd613d5d3f234c1f","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1656","avBlockList":["360 Total Security (20220315)","Avira Internet Security (20220315)","Bitdefender Internet Security (20220315)","Dr.Web Security Space (20220315)","ESET Internet Security (20220315)","G DATA INTERNET SECURITY (20220315)","K7 Total Security (20220315)","McAfee Total Protection (20220315)","Norton Security (20220315)","Panda Dome (20220315)","Quick Heal Internet Security (20220315)","Sophos Home Premium (20220315)","SpyHunter5 (20220315)","Total AV Antivirus Pro (20220315)","VIPRE Advanced Security (20220315)","VirIT eXplorer PRO (20220315)","Webroot SecureAnywhere (20220315)","Windows Defender (20220315)"],"avAllowList":["Avast Premium Security (20220315)","AVG Internet Security (20220315)","COMODO Antivirus (20220315)","Kaspersky Internet Security (20220315)","Malwarebytes Premium (20220315)","Tencent PC Manager (20220315)","Trend Micro Internet Security (20220315)"]}],"additionalFiles":[],"sources":[{"howFound":"Offered by smart game booster","reference":"","landingPage":"https://www.itopvpn.com/","directDownloadingLink":"https://goto.itopvpn.com/downloadcenter?product=itoppc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://goto.itopvpn.com/downloadcenter?product=itoppc","sourceIndex":"1656"}],"sampleFiles":["220402/itopvpn-211126/3.0.0.2327/Samples/iTopVPN_pc_setup.exe"],"imageFiles":["220402/itopvpn-211126/3.0.0.2327/Images/ACR-004/ACR-004_Software_No_Free_Fix.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-004/ACR-004_Software_Exclamation_Symbol.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-084/ACR-084_Software_Undisclosed_Schedule_Tasks.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-084/RunningProc.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-048/ACR-048_Software_UNcontrollable_Background_Process.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-048/ACR-048_Software_Uncontrollable_Notification.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-048/ACR-048_Software_Uncontrollable_Notification_1.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-048/ACR-048_Software_Uncontrollable_Schedule_Tasks.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-048/ACR-048_Software_No_Control.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-165/ACR-165_InternalOffers_Subscription_Details_Missing.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220402/itopvpn-211126/3.0.0.2327/Images/ACR-050/ACR-050_Software_Undisclosed_Skip_UAC_Task.JPG"],"nonDeceptorImageFiles":[],"guid":"e8b24232-e4f4-4ae5-9081-d8e8efd6653c_3.0.0.2327_1","appID":"itopvpn-211126","dateAdded":"220402","deceptorType":"App","name":"iTop VPN","company":"iTop Inc.","version":"3.0.0.2327","firstVendorContactDate":"220330","firstAppEsteemReplyDate":"220330","firstResolvedDate":"220402","firstResolvedVersion":"3.3.0.2805","resolved":"TRUE","lastKnownStatus":"3.0.0.2327;3.2.0.2653;3.3.0.2773;3.3.0.2775","lastKnownDate":"220402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-02T20:58:01.4193114+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1479},{"violations":{"ACR-048":"The app does not provide any control to disable the notification within the app's settings.\n","ACR-004":"The App uses exclamation marks in the software to exaggerate the identified issues and misleads the urgency for users to take action.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app misleads the user by showing unfair status that \"You're EXPOSED\" while the other VPN service is already active in the system and it also mentioned that \"Your online privacy is not protected\".\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://www.itopvpn.com/purchasecartb?name=itop&to=gudf&ref=subffnus&origin=pc&ver=3.3.0.2775&lan=&flw=700&con=0&status=10&utm_param=GlpAXwQfAFICUTshGxYcKVllK1QJBA0GSWVLUDUFCx0kG3h8KQM8R3AZMEZHXlpXAANaUUESQkUPbRJTC05YVAUeAFINQwwRCEBeQkAMDwZSVAxVGARcVksFSwZCWAMTQ1QWXx0TCRlWUVVVAQ1MHg%3D%3D&insday=1&insur=nosource&user=0 and https://www.itopvpn.com/top-speed-vpn?name=itop&to=gudf&ref=gudfbnr&origin=pc&ver=3.3.0.2775&lan=&status=10&utm_param=GlpAXwQfAFICUTshGxYcKVllK1QJBA0GSWVLUDUFCx0kG3h8KQM8R3AZMEZHXlpXAANaUUESQkUPbRJTC05YVAUeAFINQwwRCEBeQkAMDwZSVAxVGARcVksFSwZCWAMTQ1QWXx0TCRlWUVVVAQ1MHg%3D%3D&insday=1&insur=nosource&user=0): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\atud.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.3.0.990","hashMD5":"3d27836b93fa6081a5d5af2c51b48e22","hashSHA1":"0be5287310d730af5d716e42def91133ab70c4ce","hashSHA256":"30130c6989bc77324b8341ab71d851e9e71252b093a8dc1ac3f930d29d28c11a","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\aud.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.0.0.2400","hashMD5":"2dbeb6e05814cbcdb22d7cc427a5030f","hashSHA1":"4de398e63a5201c0faa0ba121b67c980560ef234","hashSHA256":"c2420694574619de812c0ae224b2fb01c678c6ecf35a0a91b40de04fff389e3a","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\icop64.exe","companyName":"iTop inc.","productName":"iTop VPN","productVersion":"1.0","fileVersion":"1.0.0.20","hashMD5":"3885da67dcf6af45d31931dd95521fc1","hashSHA1":"43a972c4e5578a7c98167231bffc5bb679b99c41","hashSHA256":"33a70d4ac0d041b82f3921b7110745feb03130aa9c4d88f9fedbef8d54c5416a","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\iTopInstaller.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.0.0.2509","hashMD5":"20294eef47aa01b1523c4e57be3d0c86","hashSHA1":"b7bd95367f682cb0fe31c0bc33a1b7586778b3d8","hashSHA256":"227a591fb41c7d892546a0d69f9da7cc849a0a66053e14c67e7b25527400c782","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\iTopVPN.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.3.0.2775","hashMD5":"5db2e2aceac1935020998cc1e76e2dba","hashSHA1":"5b4391379fae2327f03ba609c2d7ed80482beea6","hashSHA256":"88b6783b59e095aa8d157603807df7a649d6017fdad8d9d0e52d7417d82fc862","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\iTopVPNMini.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.3.0.2763","hashMD5":"4fceec82b06fb3cb9c01b76d7830a9a5","hashSHA1":"f38d95b4a7d4e981b09b6c87dc11c79461fa260b","hashSHA256":"bb3d06d2a38b9d6512d7992c6c3d7f39f35399514a0cfbded7264e91efd2bdb1","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\ugin.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.1.0.369","hashMD5":"ca2654ef1c041e0ea049c3079793aa77","hashSHA1":"edb3cd4b58173d8cafd4784442615722722ca1ed","hashSHA256":"d4fce62555d76f797d6bcdc092c542a412caabf63fe1c9a19dd8a5392e81fcf2","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\ullc.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"1.0","fileVersion":"1.0.0.1","hashMD5":"331b87fe07dae3ccbe7a192c193192ad","hashSHA1":"b39f45b96b26cee1f16288608b2703847e93e24c","hashSHA256":"061bfa7a5a094000418145b1fdaa1a6a7093b69a9bf4a82b0c2e01db54db26a9","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iTop VPN\\unpr.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.0.0.113","hashMD5":"6c25439bedccf6d0809de97adf82ba4b","hashSHA1":"d3c6ab1a6f48af60c85743db45d1d9ee31d86753","hashSHA256":"04cbb45dd08503c72c27f854f51c97ca617d714a49b852adf95ebe5ff19a63f4","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Temp\\is-SEC20.tmp\\Setup.exe","companyName":"iTop Inc.","productName":"iTop VPN","productVersion":"3.0","fileVersion":"3.0.0.2509","hashMD5":"20294eef47aa01b1523c4e57be3d0c86","hashSHA1":"b7bd95367f682cb0fe31c0bc33a1b7586778b3d8","hashSHA256":"227a591fb41c7d892546a0d69f9da7cc849a0a66053e14c67e7b25527400c782","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iTopVPN_setup_Free.exe","isInstaller":"True","companyName":"iTop Inc.                                                   ","productName":"iTop VPN                                                    ","productVersion":"3.3.0.2775                                        ","fileVersion":"3.3.0.2775          ","hashMD5":"992d8634acdffc48d17f4458f7dced7d","hashSHA1":"0999f5e6b5a8467c665ea4e54aceb0bcf999f714","hashSHA256":"8f54f8ae68c446da1bf9afae04a50412cae4fa901a67e07fd7c0e18adfb12d01","digitalCertThumbprint":"8D672F94AAF211F382C8D00D18E6A6549C7A8058","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1657","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offered by smart game booster","reference":"","landingPage":"https://www.itopvpn.com/","directDownloadingLink":"https://goto.itopvpn.com/downloadcenter?product=itoppc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://goto.itopvpn.com/downloadcenter?product=itoppc","sourceIndex":"1657"}],"sampleFiles":["220402/itopvpn-211126/3.3.0.2775/Samples/iTopVPN_setup_Free.exe"],"imageFiles":["220402/itopvpn-211126/3.3.0.2775/Images/ACR-004/ACR-004_Software_Exclamation_Symbol.JPG","220402/itopvpn-211126/3.3.0.2775/Images/ACR-004/ACR-004_Software_Exclamation_Symbol_1.JPG","220402/itopvpn-211126/3.3.0.2775/Images/ACR-004/ACR-004_Software_Exclamation_Symbol_2.JPG","220402/itopvpn-211126/3.3.0.2775/Images/ACR-048/ACR-048_Software_Uncontrollable_Notification_1.JPG","220402/itopvpn-211126/3.3.0.2775/Images/ACR-048/ACR-048_Software_Uncontrollable_Notification_2.JPG","220402/itopvpn-211126/3.3.0.2775/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220402/itopvpn-211126/3.3.0.2775/Images/ACR-165/ACR-165_InternalOffers_Subscription_Details_Missing.JPG","220402/itopvpn-211126/3.3.0.2775/Images/ACR-165/ACR-165_InternalOffers_Subscription_Details_Missing_1.JPG","220402/itopvpn-211126/3.3.0.2775/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG"],"nonDeceptorImageFiles":[],"guid":"e8b24232-e4f4-4ae5-9081-d8e8efd6653c_3.3.0.2775_1","appID":"itopvpn-211126","dateAdded":"220402","deceptorType":"App","name":"iTop VPN","company":"iTop Inc.","version":"3.3.0.2775","firstVendorContactDate":"220330","firstAppEsteemReplyDate":"220330","firstResolvedDate":"220402","firstResolvedVersion":"3.3.0.2805","resolved":"TRUE","lastKnownStatus":"3.0.0.2327;3.2.0.2653;3.3.0.2773;3.3.0.2775","lastKnownDate":"220402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-02T20:55:26.8455618+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1480},{"violations":{"ACR-048":"The app does not provide any control to disable/off extensions that were added by default & to remove all the scheduled tasks that it created within the app's settings.\n\n","ACR-050":"1. The app appears to circumvent the platform security (UAC) with a scheduled task.\n2.  The extensions were added by default without the user's knowledge and disclosure in EULA.\n","ACR-010":"The offered app \"iTop VPN\" contains deceptive behaviors. (See iTopVPN deceptor link)\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-014":"The app misleads the user by showing an unfair status that \"Unprotected\" while the other VPN service is already active in the system and it also says that the \"IP is exposed\".\n","ACR-165":"The app doesn't provide the following information in the shopping cart (https://bit.ly/35tsRs4): 1. How to cancel the auto-renewal easily via an online approach. 2. What's the price will be in the auto-renewal payment given the first payment is a discounted price. 3. When the user will receive the auto-renewal payment notification if auto-renew payment is selected.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"itop_vpn_browser_setup.exe","isInstaller":"True","companyName":"iTop Inc.","productName":"iTop VPN Browser","productVersion":"1.0.0.0","fileVersion":"1.0.0.196","hashMD5":"0ca73dff6d792925fe5dc4ceeb92be1f","hashSHA1":"08910ff0b6591ed19b030e919adafb786c519901","hashSHA256":"6ee61107d39a6651c5186bc55f7e0b3a597b24560389a533a64db2f82f54c571","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1658","avBlockList":["360 Total Security (20220329)","Avira Internet Security (20220329)","Dr.Web Security Space (20220329)","K7 Total Security (20220329)","McAfee Total Protection (20220329)","Norton Security (20220329)","Panda Dome (20220329)","Sophos Home Premium (20220329)","SpyHunter5 (20220329)","Total AV Antivirus Pro (20220329)","VirIT eXplorer PRO (20220329)","Windows Defender (20220329)"],"avAllowList":["Avast Premium Security (20220329)","AVG Internet Security (20220329)","Bitdefender Internet Security (20220329)","COMODO Antivirus (20220329)","ESET Internet Security (20220329)","G DATA INTERNET SECURITY (20220329)","Kaspersky Internet Security (20220329)","Malwarebytes Premium (20220329)","Quick Heal Internet Security (20220329)","Tencent PC Manager (20220329)","Trend Micro Internet Security (20220329)","VIPRE Advanced Security (20220329)","Webroot SecureAnywhere (20220329)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\iTop VPN Browser\\iTopVPNBrowser.exe","companyName":"iTop Inc.","productName":"iTop VPN Browser","productVersion":"1.0.0.0","fileVersion":"1.0.0.184","hashMD5":"96309b0e6722ee8c21524ac27b85cdfa","hashSHA1":"82aebcbde250949e98d6d2520fff452779416956","hashSHA256":"898958af4b83ede18c6ee0cc5c91ac9093950b16751da04dc17185c76efe82d4","digitalCertThumbprint":"5CBB00847F50BF480DE576E605A811C9FBE77DDB","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ORANGE VIEW LIMITED","storeId":"","sourceIndex":"1658","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Offered app of iTopVPN","reference":"","landingPage":"https://www.itopvpn.com/vpn-browser?name=ivb&ver=1.0.0.184&lan=&to=eula","directDownloadingLink":"https://goto.itopvpn.com/downloadcenter?product=itopbrowser","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://goto.itopvpn.com/downloadcenter?product=itopbrowser","sourceIndex":"1658"}],"sampleFiles":["220402/itopvpnbrowser-220225/1.0.0.184/Samples/itop_vpn_browser_setup.exe"],"imageFiles":["220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-165/ACR-165_InternalOffers_Subscription_Details_Missing.jpg","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-118/ACR-118_Uninstall_Retains_Files.JPG","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-050/ACR-050_Software_Undisclosed_Skip_UAC_Task.JPG","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-050/ACR-050_Software_1 - Copy.JPG","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-048/ACR-048_Software_Uncontrollable_Schedule_Tasks.JPG","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-048/ACR-048_Software_Uncontrollable_Schedule_Tasks_1.JPG","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-048/ACR-048_Software_No_Control.JPG","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-084/ACR-084_Software_Undisclosed_Schedule_Tasks.JPG","220402/itopvpnbrowser-220225/1.0.0.184/Images/ACR-010/ACR-004_Software_No_Free_Fix_1.JPG"],"nonDeceptorImageFiles":[],"guid":"490ca65b-b17c-458f-9e0f-65a01b539ecd_1.0.0.184_1","appID":"itopvpnbrowser-220225","dateAdded":"220402","deceptorType":"App","name":"iTopVPN Browser","company":"iTop Inc.","version":"1.0.0.184","firstVendorContactDate":"220330","firstAppEsteemReplyDate":"220330","firstResolvedDate":"220402","firstResolvedVersion":"3.0.0.235","resolved":"TRUE","lastKnownStatus":"1.0.0.84;3.0.0.235","lastKnownDate":"220402","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-02T20:52:50.1150332+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1475},{"violations":{"ACR-042":" The app drops and installs a expired Trusted Root Certificate (.crt file) without obtaining the consumer's permission through explicit user action.\n","ACR-043":"1. The app drops and installs a expired Trusted Root Certificate without disclosing it.\n2. 'Open VPN' components are installed without disclosing it.\n","ACR-107":"Application misses the relevant license information about open source project used \"OpenVPN\" \n\n","ACR-048":"The app does not provide any control to remove its background process completely within the app's settings.\n","ACR-084":"On quitting the app under disconnection status, the application doesn't exit completely. The \"VyprVPNService.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The expired trusted root certificate is not removed from system after application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":" The app doesn't describe clearly and straightforwardly main effects the expired Trusted Root certificate installed.\n","ACR-014":"The app misleads by displaying status as \"Unprotected'\" on the landing pages(https://www.vyprvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VyprVPN\\VyprVPN.exe","companyName":"Golden Frog GmbH.","productName":"VyprVpnGui","productVersion":"4.3.1.10763","fileVersion":"4.3.1.10763","hashMD5":"ce0c19ce04a12e3f68a9469962157ba6","hashSHA1":"d46c0ae736f4ebb761b00be4802cc749c4f78cfd","hashSHA256":"68b795f45c406e08298aa005376a36f2dd863087ba713ac88746a959637d26fa","digitalCertThumbprint":"7BBBD3E1644735C8B34BC63A0413EF1F0973EFDB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Golden Frog GmbH","storeId":"","sourceIndex":"1663","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VyprVPN\\VyprVPNService.exe","companyName":"Golden Frog GmbH.","productName":"VyprVPN","productVersion":"4.3.1.10763","fileVersion":"4.3.1.10763","hashMD5":"d164a4093e769a960c1723b889f7955c","hashSHA1":"d3145e34bfea84bdde879ca5f3457172e6f48c6c","hashSHA256":"56b671ff4392d58bfe038bd97f5a376b14a21aabc62f8dc1db17bd1523f548aa","digitalCertThumbprint":"7BBBD3E1644735C8B34BC63A0413EF1F0973EFDB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Golden Frog GmbH","storeId":"","sourceIndex":"1663","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VyprVPN-4.3.1.10763-installer.exe","isInstaller":"True","companyName":"Golden Frog GmbH","productName":"VyprVPN 4.3.1.10763","productVersion":"4.3.1.10763","fileVersion":"4.3.1.10763","hashMD5":"9dd8c4b316a45f0fddcce8bc8b1da8d7","hashSHA1":"ce61389ff40ecb9e054d72bd9b6b0bdf906c6cd4","hashSHA256":"6e9c8eb31b66541ce3f9bc1a4576d95c6f85d3ceca4d75e6c3372b93e9d05050","digitalCertThumbprint":"7BBBD3E1644735C8B34BC63A0413EF1F0973EFDB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Golden Frog GmbH","storeId":"","sourceIndex":"1663","avBlockList":["360 Total Security (20220414)","Avira Internet Security (20220414)","K7 Total Security (20220414)","McAfee Total Protection (20220414)","Norton Security (20220414)","Panda Dome (20220414)","Sophos Home Premium (20220414)","SpyHunter5 (20220414)","Total AV Antivirus Pro (20220414)","VirIT eXplorer PRO (20220414)","Webroot SecureAnywhere (20220414)"],"avAllowList":["Avast Premium Security (20220414)","AVG Internet Security (20220414)","Bitdefender Internet Security (20220414)","COMODO Antivirus (20220414)","Dr.Web Security Space (20220414)","ESET Internet Security (20220414)","G DATA INTERNET SECURITY (20220414)","Kaspersky Internet Security (20220414)","Malwarebytes Premium (20220414)","Quick Heal Internet Security (20220414)","Tencent PC Manager (20220414)","Trend Micro Internet Security (20220414)","VIPRE Advanced Security (20220414)","Windows Defender (20220414)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.vyprvpn.com/","directDownloadingLink":"https://en.softonic.com/download/vyprvpnforwindows/windows/post-download?ex=CAT-3508.2","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.softonic.com/download/vyprvpnforwindows/windows/post-download?ex=CAT-3508.2","sourceIndex":"1663"}],"sampleFiles":["220331/vyprvpn-220329/4.3.1.10763/Samples/VyprVPN-4.3.1.10763-installer.exe"],"imageFiles":["220331/vyprvpn-220329/4.3.1.10763/Images/ACR-043/ACR-043_Install.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-043/ACR-043_Install_1.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-043/ACR-043_Install_2.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-043/ACR-043_Install_3.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-043/ACR-043_Install_4.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-107/ACR-107_Install.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-042/ACR-042_Install.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-042/ACR-042_Install_1.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-042/ACR-042_Install_2.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-042/ACR-042_Install_3.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-084/ACR-084_Software_Process.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-048/ACR-048_1.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-118/ACR-118.JPG"],"nonDeceptorImageFiles":["220331/vyprvpn-220329/4.3.1.10763/Images/ACR-045/ACR-045_Install.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-045/ACR-045_Install_1.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-045/ACR-045_Install_2.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-045/ACR-045_Install_3.JPG","220331/vyprvpn-220329/4.3.1.10763/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"9dfca888-b8b7-4e01-b8a2-9746b2186237_4.3.1.10763_1","appID":"vyprvpn-220329","dateAdded":"220331","deceptorType":"App","name":"VyprVPN","company":"Golden Frog, GmbH","version":"4.3.1.10763","lastKnownStatus":"4.3.0.10746;4.3.1.10763","lastKnownDate":"220331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-03-31T18:29:40.7657829+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1481},{"violations":{"ACR-042":" The app drops and installs a expired Trusted Root Certificate (.crt file) without obtaining the consumer's permission through explicit user action.\n","ACR-043":"1. The app drops and installs a expired Trusted Root Certificate without disclosing it.\n2. 'Open VPN' components are installed without disclosing it.\n","ACR-107":"Application misses the relevant license information about open source project used \"OpenVPN\" \n\n","ACR-048":"The app does not provide any control to remove its background process completely within the app's settings.\n","ACR-084":"On quitting the app under disconnection status, the application doesn't exit completely. The \"VyprVPNService.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"The expired trusted root certificate is not removed from system after application is uninstalled.\n"},"nonDeceptorViolations":{"ACR-045":" The app doesn't describe clearly and straightforwardly main effects the expired Trusted Root certificate installed.\n","ACR-014":"The app misleads by displaying status as \"Unprotected'\" on the landing pages(https://www.vyprvpn.com/), even though another VPN (tunnel bear) is on and running.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VyprVPN\\VyprVPN.exe","companyName":"Golden Frog GmbH.","productName":"VyprVpnGui","productVersion":"4.3.0.10746","fileVersion":"4.3.0.10746","hashMD5":"5e658d173b3e016ed31d680d834e36d0","hashSHA1":"4ec404b9be7e002efd9274be28ee21bd924d2da9","hashSHA256":"167952838a552f9161b31f3c60346b7788f53eb4207be2a4d05da07c922cc371","digitalCertThumbprint":"7BBBD3E1644735C8B34BC63A0413EF1F0973EFDB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Golden Frog GmbH","storeId":"","sourceIndex":"1664","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\VyprVPN\\VyprVPNService.exe","companyName":"Golden Frog GmbH.","productName":"VyprVPN","productVersion":"4.3.0.10746","fileVersion":"4.3.0.10746","hashMD5":"ef48152f6b425abca9c3a56296b876cf","hashSHA1":"9b1f8a87ad577060c985549d28208cd8931c2ed3","hashSHA256":"c5f4036e606fa2ac891bfdd89f73cfe74dfb110792814287f79f68cf7e9b2943","digitalCertThumbprint":"7BBBD3E1644735C8B34BC63A0413EF1F0973EFDB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Golden Frog GmbH","storeId":"","sourceIndex":"1664","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VyprVPN-4.3.0.10746-installer.exe","isInstaller":"True","companyName":"Golden Frog GmbH","productName":"VyprVPN 4.3.0.10746","productVersion":"4.3.0.10746","fileVersion":"4.3.0.10746","hashMD5":"99ee07c38713f61ce7747631e39f906c","hashSHA1":"e691aefd1dd42c98ea2991a6158a48b1590a8b79","hashSHA256":"1234a946357925403221fb5a3ff82ddb40227313834e95105908ee37f7fd05b5","digitalCertThumbprint":"7BBBD3E1644735C8B34BC63A0413EF1F0973EFDB","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"Golden Frog GmbH","storeId":"","sourceIndex":"1664","avBlockList":["360 Total Security (20220428)","Avira Internet Security (20220428)","Bitdefender Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","Norton Security (20220428)","Panda Dome (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Total AV Antivirus Pro (20220428)","VIPRE Advanced Security (20220428)","VirIT eXplorer PRO (20220428)","Webroot SecureAnywhere (20220428)","Windows Defender (20220428)"],"avAllowList":["Avast Premium Security (20220428)","AVG Internet Security (20220428)","COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","ESET Internet Security (20220428)","Kaspersky Internet Security (20220428)","Malwarebytes Premium (20220428)","Quick Heal Internet Security (20220428)","Tencent PC Manager (20220428)","Trend Micro Internet Security (20220428)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- VPN","reference":"","landingPage":"https://www.vyprvpn.com/","directDownloadingLink":"https://en.softonic.com/download/vyprvpnforwindows/windows/post-download?ex=CAT-3508.2","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://en.softonic.com/download/vyprvpnforwindows/windows/post-download?ex=CAT-3508.2","sourceIndex":"1664"}],"sampleFiles":["220330/vyprvpn-220329/4.3.0.10746/Samples/VyprVPN-4.3.0.10746-installer.exe"],"imageFiles":["220330/vyprvpn-220329/4.3.0.10746/Images/ACR-043/ACR-043_Install.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-043/ACR-043_Install_1.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-043/ACR-043_Install_2.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-043/ACR-043_Install_3.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-043/ACR-043_Install_4.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-107/ACR-107_Install.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-042/ACR-042_Install.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-042/ACR-042_Install_1.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-042/ACR-042_Install_2.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-042/ACR-042_Install_3.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-084/ACR-084_Software_Process.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-048/ACR-048_Software_No_Control.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-048/ACR-048_Software_No_Control_1.JPG"],"nonDeceptorImageFiles":["220330/vyprvpn-220329/4.3.0.10746/Images/ACR-045/ACR-045_Install.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-045/ACR-045_Install_1.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-045/ACR-045_Install_2.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-045/ACR-045_Install_3.JPG","220330/vyprvpn-220329/4.3.0.10746/Images/ACR-014/ACR-014_Landingpage_Misleading.JPG"],"guid":"9dfca888-b8b7-4e01-b8a2-9746b2186237_4.3.0.10746_1","appID":"vyprvpn-220329","dateAdded":"220331","deceptorType":"App","name":"VyprVPN","company":"Golden Frog, GmbH","version":"4.3.0.10746","lastKnownStatus":"4.3.0.10746;4.3.1.10763","lastKnownDate":"220331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-03-31T00:01:11.6933859+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1482},{"violations":{"ACR-042":"1. The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. Application silently installs the app \"Surfshark TAP Driver Windows\" without any disclosure to the user.\n3. On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n2. Third-party components 'Avira' and 'Open VPN' are installed without any disclosure.\n3. All the components of Surf Shark get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not obtain any authorization for using third-party components  'Avira' and 'Open VPN'.\n","ACR-048":"The app does not provide control to cancel the installation process. Even on canceling the installation, the app gets installed in the system.\nThe app does not provide control to remove its background processes and disable the startup entry completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n","ACR-084":"1. On closing the app (VPN disconnected status), the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates undisclosed startups to perform actions without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-039":"Application silently installs the app \"Surfshark TAP Driver Windows\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Inline offers screen shown inside the software.\nThe app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription on the Internal offers page (https://bit.ly/3Di7vdQ).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted root certificate even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"SurfsharkSetup.exe","isInstaller":"True","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.4.3999","fileVersion":"3.4.3999","hashMD5":"905fab9b9358537ebe0372ee0d970fc1","hashSHA1":"99b47c0df5ce34ca4ad9e54f95c216fb2c3e994c","hashSHA256":"f85dda0870dc2413414a3e272cec935c8d5d373cd5141c31869eb387cd21cc04","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Surfshark B.V.","storeId":"","sourceIndex":"1662","avBlockList":["360 Total Security (20220421)","K7 Total Security (20220421)","McAfee Total Protection (20220421)","Norton Security (20220421)","Quick Heal Internet Security (20220421)","Sophos Home Premium (20220421)","SpyHunter5 (20220421)","VirIT eXplorer PRO (20220421)"],"avAllowList":["Avast Premium Security (20220421)","AVG Internet Security (20220421)","Avira Internet Security (20220421)","Bitdefender Internet Security (20220421)","COMODO Antivirus (20220421)","Dr.Web Security Space (20220421)","ESET Internet Security (20220421)","G DATA INTERNET SECURITY (20220421)","Kaspersky Internet Security (20220421)","Malwarebytes Premium (20220421)","Panda Dome (20220421)","Tencent PC Manager (20220421)","Total AV Antivirus Pro (20220421)","Trend Micro Internet Security (20220421)","VIPRE Advanced Security (20220421)","Webroot SecureAnywhere (20220421)","Windows Defender (20220421)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Surfshark\\Surfshark.exe","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.4.3.999","fileVersion":"3.4.3.999","hashMD5":"8d727f1f2f691a3011560a00cee1fbc7","hashSHA1":"dda5978790f8df9d30dc0ad421fd5dfcc7109e24","hashSHA256":"160bb57ec37532cb383b4e1c42d7258cb88b9f4786f3159ac3cd753de068da58","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Surfshark B.V.","storeId":"","sourceIndex":"1662","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Surfshark\\Surfshark.Service.exe","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.4.3.999","fileVersion":"3.4.3.999","hashMD5":"1cafa189bff364817c7e0e5a95358987","hashSHA1":"eae212c3d440d48eee32fccb15395fe278c1c62e","hashSHA256":"e90c7521d428b47fe4c8a553d9a1729a280a5b6cb580b31cf4d7d2003806b28b","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Surfshark B.V.","storeId":"","sourceIndex":"1662","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in yahoo search","reference":"\"Best Free VPN \"","landingPage":"https://surfshark.com/download/windows","directDownloadingLink":"https://downloads.surfshark.com/windows/latest/SurfsharkSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.surfshark.com/windows/latest/SurfsharkSetup.exe","sourceIndex":"1662"}],"sampleFiles":["220331/SurfShark-220318/3.4.3999/Samples/SurfsharkSetup.exe"],"imageFiles":["220331/SurfShark-220318/3.4.3999/Images/ACR-039/ACR-039_Install_TAP_Installed.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed_1.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-043/ACR-043_Install_Drops_Avira.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-043/ACR-043_Install_Drops_Immediately.mp4","220331/SurfShark-220318/3.4.3999/Images/ACR-107/ACR-107_Install_Drops_Avira.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_1.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-042/ACR-042_Install_Drops_Third_Party.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-042/ACR-042_Install_Drops_All_Files.mp4","220331/SurfShark-220318/3.4.3999/Images/ACR-048/ACR-048_Install_No_Control_To_Cancel.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-048/ACR-048_Install_No_Control_To_Cancel_1.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-007/ACR-007_Software_Root_Certificate_Installed.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-007/ACR-007_Software_Root_Certificate_Installed_!.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-084/ACR-084_Software_Undisclosed_Startup.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-048/ACR-048_Software_No_Control.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-048/ACR-048_Software_No_Control_For_Startup.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-165/ACR-165_InlineOffers_1.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-165/ACR-165_InternalOffers_1.JPG"],"nonDeceptorImageFiles":["220331/SurfShark-220318/3.4.3999/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG","220331/SurfShark-220318/3.4.3999/Images/ACR-123/ACR-123_Uninstall_Retains_Root_Cert.JPG"],"guid":"a1efc12d-5ccc-4250-a257-2a150ad3dfa0_3.4.3999_1","appID":"SurfShark-220318","dateAdded":"220331","deceptorType":"App","name":"SurfsharkVPN","company":"Surfshark","version":"3.4.3999","firstVendorContactDate":"220323","firstAppEsteemReplyDate":"220323","firstResolvedDate":"220516","firstResolvedVersion":"3.6.0999","resolved":"TRUE","lastKnownStatus":"3.4.2999;3.4.3999","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1484},{"violations":{"ACR-042":"1. The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. Application silently installs the app \"Surfshark TAP Driver Windows\" without any disclosure to the user.\n3. On executing the installer, it directly installs the app and its components without asking any user's permission. Even on canceling the installation, the app gets installed in the system.\n","ACR-043":"1. The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n2. Third-party components 'Avira' and 'Open VPN' are installed without any disclosure.\n3. All the components of Surf Shark get dropped in one click without asking the user's permission & disclosing its installation path.\n","ACR-107":"The app does not obtain any authorization for using third-party components  'Avira' and 'Open VPN'. \n","ACR-048":"The app does not provide control to cancel the installation process. Even on canceling the installation, the app gets installed in the system.\nThe app does not provide control to remove its background processes and disable the startup entry completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n","ACR-084":"1. On closing the app, the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates undisclosed startups to perform actions without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-039":"Application silently installs the app \"Surfshark TAP Driver Windows\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Inline offers screen shown inside the software\nThe app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription on the Internal offers page (https://bit.ly/3JtAaix).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-123":"The app does not remove the Trusted root certificate even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Surfshark\\Surfshark.exe","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.4.2.999","fileVersion":"3.4.2.999","hashMD5":"72d6649f6b050a251abb55bef103b925","hashSHA1":"f1129f830aa84377a353c07458801112e2a08b91","hashSHA256":"58e55e40cf79def5bbb7ee0268203c8f6d2b0d60fd1ded0454ea24e32c9a499f","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Surfshark B.V.","storeId":"","sourceIndex":"1674","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SurfsharkSetup.exe","isInstaller":"True","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.4.2999","fileVersion":"3.4.2999","hashMD5":"5efcdc05bc1dcb425d4fcafa08326744","hashSHA1":"89636a3eb76a221d80427bc65f2de644c2425b9f","hashSHA256":"541fb990e67f530e2368d07f02d05cd73927b6a617ae27c80450007bda0aeb19","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"GlobalSign GCC R45 EV CodeSigning CA 2020","digitalCertIssuedTo":"Surfshark B.V.","storeId":"","sourceIndex":"1674","avBlockList":["K7 Total Security (20220331)","McAfee Total Protection (20220331)","Norton Security (20220331)","Quick Heal Internet Security (20220331)","Sophos Home Premium (20220331)","SpyHunter5 (20220331)","VirIT eXplorer PRO (20220331)","Windows Defender (20220331)"],"avAllowList":["360 Total Security (20220331)","Avast Premium Security (20220331)","AVG Internet Security (20220331)","Avira Internet Security (20220331)","Bitdefender Internet Security (20220331)","COMODO Antivirus (20220331)","Dr.Web Security Space (20220331)","ESET Internet Security (20220331)","G DATA INTERNET SECURITY (20220331)","Kaspersky Internet Security (20220331)","Malwarebytes Premium (20220331)","Panda Dome (20220331)","Tencent PC Manager (20220331)","Total AV Antivirus Pro (20220331)","Trend Micro Internet Security (20220331)","VIPRE Advanced Security (20220331)","Webroot SecureAnywhere (20220331)"]},{"isRevoked":"False","fileName":"aipackagechainer.exe","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.4","fileVersion":"3.4","hashMD5":"467633b1b8354cf6765a4d376eec8f58","hashSHA1":"3ae1fdead195b333672e4ac9a28c72741649474e","hashSHA256":"a1ca4e5a2c092c8cc2bcf194865067f7ec22458f00e285e4b96ca32be5aec004","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=company-nl@surfshark.com, CN=Surfshark B.V., O=Surfshark B.V., STREET=Hessenbergweg 109, L=Amsterdam, S=Noord-Holland, C=NL, OID.1.3.6.1.4.1.311.60.2.1.3=NL, SERIALNUMBER=81967985, OID.2.5.4.15=Private Organization","sourceIndex":"1674","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"nssm.exe","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.0","fileVersion":"3.0","hashMD5":"5fb1fea38588d9483305955b8a739422","hashSHA1":"e84654abc4a7b475d29cd5740da908a6013705da","hashSHA256":"21a9eeb87262ba44c55c8e657de9af9e87d87fa682a0cf1676fbae03ced1ecf7","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=company-nl@surfshark.com, CN=Surfshark B.V., O=Surfshark B.V., STREET=Hessenbergweg 109, L=Amsterdam, S=Noord-Holland, C=NL, OID.1.3.6.1.4.1.311.60.2.1.3=NL, SERIALNUMBER=81967985, OID.2.5.4.15=Private Organization","sourceIndex":"1674","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Surfshark.AntivirusService.exe","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.4","fileVersion":"3.4","hashMD5":"5b9a1480e9b223813d82919026093bf3","hashSHA1":"8a8bbf5e2a0c8aa30138d1a2109c32dbe42a7617","hashSHA256":"656d814f74f5e91956cd18ee6bd69144ca5a8791eec2f1126b78820b935ce3ce","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=company-nl@surfshark.com, CN=Surfshark B.V., O=Surfshark B.V., STREET=Hessenbergweg 109, L=Amsterdam, S=Noord-Holland, C=NL, OID.1.3.6.1.4.1.311.60.2.1.3=NL, SERIALNUMBER=81967985, OID.2.5.4.15=Private Organization","sourceIndex":"1674","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Surfshark.Service.exe","companyName":"Surfshark","productName":"Surfshark","productVersion":"3.4","fileVersion":"3.4","hashMD5":"32e01c97dfbb26f82c9aa27fde966bb8","hashSHA1":"14e3823266469715b90b7b74805d16a24c7f56fb","hashSHA256":"c6a8304a632d537646da3ed73acd9ede703fcfff6c2f669000b2ea3de84c5f6f","digitalCertThumbprint":"40DE437723E058E41C6BF9878F9DF56F107754E6","digitalCertIssuer":"CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=company-nl@surfshark.com, CN=Surfshark B.V., O=Surfshark B.V., STREET=Hessenbergweg 109, L=Amsterdam, S=Noord-Holland, C=NL, OID.1.3.6.1.4.1.311.60.2.1.3=NL, SERIALNUMBER=81967985, OID.2.5.4.15=Private Organization","sourceIndex":"1674","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in yahoo search","reference":"\"Best Free VPN \"","landingPage":"https://surfshark.com/download/windows","directDownloadingLink":"https://downloads.surfshark.com/windows/latest/SurfsharkSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.surfshark.com/windows/latest/SurfsharkSetup.exe","sourceIndex":"1674"}],"sampleFiles":["220321/SurfShark-220318/3.4.2999/Samples/Surfshark.exe","220321/SurfShark-220318/3.4.2999/Samples/SurfsharkSetup.exe","220321/SurfShark-220318/3.4.2999/Samples/aipackagechainer.exe","220321/SurfShark-220318/3.4.2999/Samples/nssm.exe","220321/SurfShark-220318/3.4.2999/Samples/Surfshark.AntivirusService.exe","220321/SurfShark-220318/3.4.2999/Samples/Surfshark.Service.exe"],"imageFiles":["220321/SurfShark-220318/3.4.2999/Images/ACR-039/ACR-039_Install_1.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed_1.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-043/ACR-043_Install_Drops_Avira.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-043/ACR-043_Install_Drops_OpenVPN.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-043/ACR-043_Install_Drops_Immediately.mp4","220321/SurfShark-220318/3.4.2999/Images/ACR-107/ACR-107_Install_Drops_Avira.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-107/ACR-107_Install_Drops_OpenVPN.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_1.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-042/ACR-042_Install_Drops_Third_Party.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-042/ACR-042_Install_Drops_All_Files.mp4","220321/SurfShark-220318/3.4.2999/Images/ACR-048/ACR-048_Install_No_Control_To_Cancel.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-048/ACR-048_Install_No_Control_To_Cancel_1.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-007/ACR-007_Software_Root_Certificate_Installed.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-007/ACR-007_Software_Root_Certificate_Installed_1.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-084/ACR-084_Software_Undisclosed_Startup.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-048/ACR-048_Software_No_Control.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-048/ACR-048_Software_No_Control_For_Startup.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-165/ACR-165_InlineOffers_1.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-165/ACR-165_InternalOffers_1.JPG"],"nonDeceptorImageFiles":["220321/SurfShark-220318/3.4.2999/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG","220321/SurfShark-220318/3.4.2999/Images/ACR-123/ACR-123_Uninstall_Retains_Root_Cert.JPG"],"guid":"a1efc12d-5ccc-4250-a257-2a150ad3dfa0_3.4.2999_1","appID":"SurfShark-220318","dateAdded":"220331","deceptorType":"App","name":"SurfsharkVPN","company":"Surfshark","version":"3.4.2999","sigName":"Deceptor:Win32/Surfshark!039043107042048007084118165","firstVendorContactDate":"220323","firstAppEsteemReplyDate":"220323","firstResolvedDate":"220516","firstResolvedVersion":"3.6.0999","resolved":"TRUE","lastKnownStatus":"3.4.2999;3.4.3999","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1485},{"violations":{"ACR-042":"1. The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n2. Application silently installs the app \"Surfshark TAP Driver Windows\" without any disclosure to the user.\n","ACR-043":"1. The app does not provide information regarding the Trusted Root Certificate that is installed and the potential risk introduced to the user system after its installation.\n2. Third-party components 'Avira' and 'Open VPN' are installed without any disclosure.\n","ACR-107":"The app does not obtain any authorization for using third-party components  'Avira' and 'Open VPN'.\n","ACR-048":" The app does not provide control to cancel the installation process. Even on canceling the installation, the \"Surfshark TAP driver Windows\" gets installed in the system.\nThe app does not provide control to remove its background processes and startup entry completely within the app's settings.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by installing the trust root certificate.\n","ACR-084":"1. On closing the app (VPN disconnected status), the application doesn't exit completely. Several processes run in the background, hiding the fact that it is active from the consumer without any notification.\n2. The app creates undisclosed startups to perform actions without the consumer's knowledge and consent.\n","ACR-039":"Application silently installs the app \"Surfshark TAP Driver Windows\" without disclosing the relationship to the app during installation.\n","ACR-165":"The app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription in the Inline offers screen shown inside the software.\nThe app does not provide detailed information about how users will be notified for renewal and how to cancel the annual subscription on the Internal offers page (https://bit.ly/3Di7vdQ).\n"},"nonDeceptorViolations":{"ACR-045":"The app does not describe clearly what effect is caused to the user's system due to the installation of the Trusted Root Certificate.\n","ACR-065":"The app does not have links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application does not display links to uninstall information in the software.\nThe application does not display links to uninstall information in the landing page (https://surfshark.com/).\n","ACR-123":"The app does not remove the startup even after uninstall.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Free VPN in yahoo search","reference":"\"Best Free VPN \"","landingPage":"https://surfshark.com/download/windows","directDownloadingLink":"https://downloads.surfshark.com/windows/latest/SurfsharkSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.surfshark.com/windows/latest/SurfsharkSetup.exe","sourceIndex":"1608"}],"sampleFiles":[],"imageFiles":["220331/SurfShark-220318/3.5.1999/Images/ACR-039/ACR-039_Install.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-043/ACR-043_Install.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-043/ACR-043_Install_1.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-043/ACR-043_Install_2.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-107/ACR-107_Install.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-107/ACR-107_Install_1.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-042/ACR-042_Install.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-042/ACR-042_Install_1.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-048/ACR-048_Install.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-007/ACR-007_Software.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-084/ACR-084_Software.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-084/ACR-084_Software_1.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-048/ACR-048_Software.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-048/ACR-048_Software_1.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-165/ACR-165_InlineOffers.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-165/ACR-165_InternalOffers.JPG"],"nonDeceptorImageFiles":["220331/SurfShark-220318/3.5.1999/Images/ACR-045/ACR-045_Install.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-065/ACR-065_Software.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-099/ACR-099_Software.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-123/ACR-123_Uninstall.JPG","220331/SurfShark-220318/3.5.1999/Images/ACR-099/ACR-099_Landingpage.JPG"],"guid":"a1efc12d-5ccc-4250-a257-2a150ad3dfa0_3.5.1999_1","appID":"SurfShark-220318","dateAdded":"220331","deceptorType":"App","name":"SurfsharkVPN","company":"Surfshark","version":"3.5.1999","firstVendorContactDate":"220323","firstAppEsteemReplyDate":"220323","firstResolvedDate":"220516","firstResolvedVersion":"3.6.0999","resolved":"TRUE","lastKnownStatus":"3.4.2999;3.4.3999","lastKnownDate":"220516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-16T19:51:00.0541811+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1483},{"violations":{"ACR-043":"Open source  'Open VPN'  is installed without disclosure.\n","ACR-107":"App doesn't disclose relevant license information about using open source project  'Open VPN' .\n","ACR-048":"The app does not provide control to cancel the installation.\nThe app does not provide control to disable the \"iProVPN\" startup item and remove its background processes completely within the app's settings.\n","ACR-007":"App claims it provides P2P server connection.  However the app doesn't explicitly disclose that the user needs to join the P2P network and obtain explicit user consent about joining P2P network which can reduce the consumer's security posture.\n","ACR-017":"Unable to verify the endorsement logo in the offers page (https://bit.ly/35jPD5W)\n","ACR-084":"1. The app creates a startup entry without the consumer's knowledge and consent.\n2. The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-039":"The app installs the Tap windows program without disclosing the relationship to the app during installation.\n","ACR-164":"The app doesn't provide clear information on when and how users will be notified free trial expired and how they can opt-out for auto charging when the trial expires on the offers page (https://bit.ly/35jPD5W). \n","ACR-165":"The app does not provide details about how to cancel online on the offers page when the user receives a notification for renewal (https://bit.ly/35jPD5W).\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for the executables: Installer.exe and iProVPN.exe\n","ACR-014":"The app displays the status as \"Unprotected\" on the Landing Page(https://iprovpn.com/), even though another VPN (tunnel bear) is already present in the system\n"},"samples":[{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Fast Technology Limited","productName":"iProVPN","productVersion":"2.0.0.7","fileVersion":"2.0.0.7","hashMD5":"e97deb4077e91a6b7ee34ace9b51e3e8","hashSHA1":"5405788d8f3e6e480d76d0c0fa00ac5488efc442","hashSHA256":"36a821d1dce6ef290311e781edd133392c3ef8e5036081884c240d9b89493d12","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1670","avBlockList":["Avira Internet Security (20220407)","K7 Total Security (20220407)","McAfee Total Protection (20220407)","Norton Security (20220407)","Panda Dome (20220407)","Quick Heal Internet Security (20220407)","SpyHunter5 (20220407)","Tencent PC Manager (20220407)","VirIT eXplorer PRO (20220407)","Windows Defender (20220407)","Total AV Antivirus Pro (20220407)"],"avAllowList":["360 Total Security (20220407)","Avast Premium Security (20220407)","AVG Internet Security (20220407)","Bitdefender Internet Security (20220407)","COMODO Antivirus (20220407)","Dr.Web Security Space (20220407)","ESET Internet Security (20220407)","G DATA INTERNET SECURITY (20220407)","Kaspersky Internet Security (20220407)","Malwarebytes Premium (20220407)","Sophos Home Premium (20220331)","Trend Micro Internet Security (20220407)","VIPRE Advanced Security (20220407)","Webroot SecureAnywhere (20220407)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iProVPN\\iProVPN.exe","companyName":"","productName":"iProVPN","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"e5407c26ea7ae8b207915cb3f6dd0f40","hashSHA1":"1c3cab040c3fd4c8fec9ef866996b8cc7a385e41","hashSHA256":"ee8a6c02967396bed0106398aa2c2a0953ac57f77022e831bc89e0d64c09db5b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1670","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\iProVPN\\iProVPNService.exe","companyName":"","productName":"iProVPNService","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"40916433d6c45e942f545ebef120ab28","hashSHA1":"480795c4a373bb9df165a24507bc0ff2f98ad45f","hashSHA256":"26f42edc5836842f51ae927de6a8c8bc7b57b054b2814bb12502789183842451","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1670","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"VPN download","reference":"","landingPage":"https://iprovpn.com/","directDownloadingLink":"https://iprovpn.s3.amazonaws.com/downloads/iprovpn.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://iprovpn.s3.amazonaws.com/downloads/iprovpn.zip","sourceIndex":"1670"}],"sampleFiles":["220328/iProVPN-220325/2.0.0.7/Samples/Installer.exe"],"imageFiles":["220328/iProVPN-220325/2.0.0.7/Images/ACR-039/ACR-039_Install_Tap_Installation.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-039/ACR-039_Install_Tap_Installation_1.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-043/ACR-043_Install_Open_Vpn_Dropped.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-043/ACR-043_Install_Open_Vpn_Dropped_1.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-107/ACR-107_Install_OpenVpN_Dropped.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-107/ACR-107_Install_OpenVpN_Dropped_1.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-048/ACR-048_Install_No_Control.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-084/ACR-084_Software_Undisclosed_Startup.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-048/ACR-048_Software_Background_Process_Exists.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-048/ACR-048_Software_No_Control_For_Startup.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-007/ACR-007_Software_Uses_P2P.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-007/ACR-007_Software_Uses_P2P_1.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-118/ACR-118_Uninstall_Retains_Components_2.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-164/ACR-164_InternalOffers_No_Details.jpg","220328/iProVPN-220325/2.0.0.7/Images/ACR-165/ACR-165_InternalOffers_No_Details.jpg","220328/iProVPN-220325/2.0.0.7/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos.jpg"],"nonDeceptorImageFiles":["220328/iProVPN-220325/2.0.0.7/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-092/ACR-092_Software_No_Digital_Signature_1.JPG","220328/iProVPN-220325/2.0.0.7/Images/ACR-014/ACR-014_LandingPage_Misleading_Status.JPG"],"guid":"81a86095-e079-4d6f-80cc-c20c246d5c73_2.0.0.7_1","appID":"iProVPN-220325","dateAdded":"220328","deceptorType":"App","name":"iPro VPN","company":"iProVPN.com","version":"2.0.0.7","lastKnownStatus":"2.0.0.7","lastKnownDate":"220328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-03-29T05:16:16.6192675+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1486},{"violations":{"ACR-048":"The app does not provide control to remove its background process completely within the app's settings.\n","ACR-084":"On closing the app, the application doesn't exit completely. The \"Shieldservice.exe\" process runs in the background, hiding the fact that it is active from the consumer without any notification.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA or the Privacy Policy during installation.\nThe app does not display links to the EULA or the Privacy Policy inside the software.\nThe app does not display links to the Privacy Policy on the Landing page (https://vpnshield.website/).\n","ACR-161":"The app’s landing page (https://vpnshield.website/) has testimonials that have no links back to a source so consumers can verify.\n","ACR-092":"The app does not provide a digital signature for its main executable (vpn_shield.exe).\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://vpnshield.website/) does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\vpnshield\\vpn_shield.exe","companyName":"vpn_shield","productName":"vpn_shield","productVersion":"1.0.0","fileVersion":"1.0.0.2","hashMD5":"f09427fe220247175cde6983e71beb83","hashSHA1":"ad8ebee7ac4deecbe879f8a83d88062ba4d9015d","hashSHA256":"4923e96441a6b7138b5f9c631b14d5af4c9f13e1e3543672f410dc42e53d3700","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"326","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vpnshield-installer.exe","isInstaller":"True","companyName":"                                                            ","productName":"vpnshield                                                   ","productVersion":"1.0.0                                             ","fileVersion":"                    ","hashMD5":"dc494d672daf7a59d6dff4d9474a8f99","hashSHA1":"8de672d73d629a8cdd90ee9f88e08b99df7e5f64","hashSHA256":"da4fa7df40d25ee2497e74873b08c9353c8de7537b28ed18563fbd3d0b6145a3","digitalCertThumbprint":"B57AF0DF869100691424E08388F9BC2A1E3FE783","digitalCertIssuer":"SSL.com EV Code Signing Intermediate CA RSA R3","digitalCertIssuedTo":"BSD LIMITLESS LTD","storeId":"","sourceIndex":"326","avBlockList":["360 Total Security (20220322)","Avira Internet Security (20220322)","Bitdefender Internet Security (20220322)","COMODO Antivirus (20220322)","ESET Internet Security (20220322)","G DATA INTERNET SECURITY (20220322)","K7 Total Security (20220322)","Malwarebytes Premium (20220322)","McAfee Total Protection (20220322)","Norton Security (20220322)","Panda Dome (20220322)","Quick Heal Internet Security (20220322)","Sophos Home Premium (20220322)","SpyHunter5 (20220322)","Total AV Antivirus Pro (20220322)","Trend Micro Internet Security (20220322)","VIPRE Advanced Security (20220322)","VirIT eXplorer PRO (20220322)","Webroot SecureAnywhere (20220322)","Windows Defender (20220322)"],"avAllowList":["Avast Premium Security (20220322)","AVG Internet Security (20220322)","Dr.Web Security Space (20220322)","Kaspersky Internet Security (20220322)","Tencent PC Manager (20220322)"]}],"additionalFiles":[],"sources":[{"howFound":"Free VPN in Blur BI data","reference":"","landingPage":"https://vpnshield.website/","directDownloadingLink":"https://vpnshield.website/#elementor-action%3Aaction%3Dpopup%3Aopen%26settings%3DeyJpZCI6IjI2NSIsInRvZ2dsZSI6ZmFsc2V9","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vpnshield.website/#elementor-action%3Aaction%3Dpopup%3Aopen%26settings%3DeyJpZCI6IjI2NSIsInRvZ2dsZSI6ZmFsc2V9","sourceIndex":"326"}],"sampleFiles":["220311/VPNShield-220309/1.0.0/Samples/vpnshield-installer.exe"],"imageFiles":["220311/VPNShield-220309/1.0.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-048/ACR-048_Software_No_Control_For_Background_Process.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG"],"nonDeceptorImageFiles":["220311/VPNShield-220309/1.0.0/Images/ACR-065/ACR-065_Install_No_Docs.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-065/ACR-065_Install_No_Docs_1.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-065/ACR-065_Software_No_Docs.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-065/ACR-065_LandingPage_No_PP.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Info.JPG","220311/VPNShield-220309/1.0.0/Images/ACR-161/ACR-161_LandingPage_Unverifiable_Testimonials.JPG"],"guid":"cbf27d11-1f84-4f11-8252-c17153c84460_1.0.0_1","appID":"VPNShield-220309","dateAdded":"220311","deceptorType":"App","name":"VPN Shield","company":"BSD LIMITLESS LTD","version":"1.0.0","sigName":"Deceptor:Win32/VPNShield!084048043042007","lastKnownStatus":"1.0.0","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T21:36:33.4707124+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1487},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation process.\n1.  The app prevents consumer to opt-out sharing amount of idle resource separately from using VPN. \n2.  The app does not provide control to remove its background process completely within the app's settings when app is closed. \n","ACR-007":"The app makes the user agree on the exchange of Internet Bandwidth with the Free VPN service. But application doesn't provide sufficient information about potential risk introduced and obtain user consent to reduce the consumer's security posture caused by sharing network connection.\n","ACR-084":"On quitting the app, the application doesn't exit completely. Several processes runs in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying the user.\n","ACR-014":"The app misleads by stating \"Your IP is 'Exposed' \" inside the software, even though another VPN (tunnel bear) is Connected.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs in by default hidden folder \"C:\\Users\\User\\AppData\\Local\\Programs\" , instead of a standard location and it's not been mentioned during installation.\n","ACR-065":"The app does not display links to the EULA or the Privacy Policy inside the software.\nThe landing page (https://easyasvpn.com/) does not display links to the EULA or the Privacy Policy.\n","ACR-092":"The app does not provide a digital signature for its main executable (easyasvpn.exe).\n","ACR-099":"The app does not display links to uninstall information inside software.\nThe landing page (https://easyasvpn.com/) does not display links to uninstall information.\n","ACR-123":"The app does not remove the startup item \"EasyasVPN\" even after uninstall and this scenario is observed even after reboot.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Programs\\easyasvpn\\easyasvpn.exe","companyName":"GitHub Inc.","productName":"easyasvpn","productVersion":"2.2.0.0","fileVersion":"2.2.0","hashMD5":"a63a18e90f722593eea8d5a2e6757c86","hashSHA1":"b2454d030cb1ab5cd82b5dc066a0a9913104c6d7","hashSHA256":"f0646b9c82df633e3c1b91703937c3554f4fc945ea9a7312f6b9a8bdbac2ab99","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"327","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vpnsetup.exe","isInstaller":"True","companyName":"","productName":"easyasvpn","productVersion":"2.2.0","fileVersion":"2.2.0","hashMD5":"bdc6e395408c99a2e92b55144791ddd9","hashSHA1":"717d8c08a23372f89081dfbae71bf3bdd3407766","hashSHA256":"49b825a790800340ad85b4883741f78397fc27116a6c6da275eb67715b64538c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"327","avBlockList":["360 Total Security (20220322)","Avira Internet Security (20220322)","COMODO Antivirus (20220322)","Dr.Web Security Space (20220322)","K7 Total Security (20220322)","Kaspersky Internet Security (20220322)","McAfee Total Protection (20220322)","Norton Security (20220322)","Panda Dome (20220322)","Quick Heal Internet Security (20220322)","Sophos Home Premium (20220322)","SpyHunter5 (20220322)","Total AV Antivirus Pro (20220322)","VirIT eXplorer PRO (20220322)","Windows Defender (20220322)"],"avAllowList":["Avast Premium Security (20220322)","AVG Internet Security (20220322)","Bitdefender Internet Security (20220322)","ESET Internet Security (20220322)","G DATA INTERNET SECURITY (20220322)","Malwarebytes Premium (20220322)","Tencent PC Manager (20220322)","Trend Micro Internet Security (20220322)","VIPRE Advanced Security (20220322)","Webroot SecureAnywhere (20220322)"]}],"additionalFiles":[],"sources":[{"howFound":"Network sharing","reference":"","landingPage":"https://easyasvpn.com/","directDownloadingLink":"https://easyasvpn.com/download-vpn","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://easyasvpn.com/download-vpn","sourceIndex":"327"}],"sampleFiles":["220310/EasyasVPN-220309/2.2.0/Samples/vpnsetup.exe"],"imageFiles":["220310/EasyasVPN-220309/2.2.0/Images/ACR-048/ACR-048_Install_No_Control.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-014/ACR-014_Software_Word_Misleads.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-007/ACR-007_Install_1.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-084/ACR-084_Software_1.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-084/ACR-084_Software_2.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-048/ACR-048_Software_Limits_User.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-048/ACR-048_Software_Limits_User_1.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-048/ACR-048_Software_No_Control_In_App.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-118/ACR-118_Uninstall_1.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-118/ACR-118_Uninstall_3.JPG"],"nonDeceptorImageFiles":["220310/EasyasVPN-220309/2.2.0/Images/ACR-040/ACR-040_Install_Hidden_Location.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-092/ACR-092_Software_1.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-065/ACR-065_Software_No_Docs.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-123/ACR-123_Uninstall_Retains_Startup.JPG","220310/EasyasVPN-220309/2.2.0/Images/ACR-065/ACR-065_LandingPage_No_Docs.jpg","220310/EasyasVPN-220309/2.2.0/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Info.jpg"],"guid":"8239a462-7cf4-4bfc-aea7-8440d4dbe988_2.2.0_1","appID":"EasyasVPN-220309","dateAdded":"220310","deceptorType":"App","name":"EasyasVPN","company":"Secure Privacy Group Limited","version":"2.2.0","sigName":"Deceptor:Win32/EasyasVPN!048014007084118","lastKnownStatus":"2.2.0","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T21:33:30.992093+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1488},{"violations":{"ACR-048":"The app enables the consumer to hide the app from uninstalling using standard platform methods.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer by not listing it in the control panel. \n","ACR-086":"The app does not inform the targeted consumer to who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-065":"The install wizard does not display the link to Privacy Policy. \nThe app does not display links to the EULA or the Privacy Policy.\nThe landing page does not display links to the EULA or the Privacy Policy. \nThe internal offers page does not display links to the EULA or the Privacy Policy.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No Returns and Cancellation Policy or Privacy Policy is provided for the app\n","ACR-036":"No Returns and Cancellation Policy or Privacy Policy is provided for the app\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"Spytector.exe","isInstaller":"True","companyName":" Spytector","productName":"Spytector","productVersion":"2.1.0.3","fileVersion":"2.1.0.3","hashMD5":"6c95510605cee51b38a9f1cf37001252","hashSHA1":"c8a1cd1046651584ee47dd33a7eaf26855fd31a1","hashSHA256":"1f27a95a8d0c92beb984a8b19ff2ca148cde83d3e50a76daa6fd92937e1709ea","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1688","avBlockList":["360 Total Security (20220505)","Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","Bitdefender Internet Security (20220505)","Dr.Web Security Space (20220505)","ESET Internet Security (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Quick Heal Internet Security (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Tencent PC Manager (20220505)","Total AV Antivirus Pro (20220505)","Trend Micro Internet Security (20220505)","VIPRE Advanced Security (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["COMODO Antivirus (20220505)"]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Documents\\spytector-trial\\module.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"95beb50ed0da55962fd3bb7bcb8f5c4b","hashSHA1":"b1204b7f53d31981c14da0f6e2df658febfe9da7","hashSHA256":"ffc8601de6bb6fafeea04bfc321b4dccf14f84f6a358a523dbf55bc1695b4381","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1688","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"www.spytector.com","directDownloadingLink":"https://file23.gofile.io/download/c0d848aa-0e0f-48fb-857e-8210337ce9e2/spytector-trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://file23.gofile.io/download/c0d848aa-0e0f-48fb-857e-8210337ce9e2/spytector-trial.zip","sourceIndex":"1688"}],"sampleFiles":["220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Samples/Spytector.exe"],"imageFiles":["220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-084/ACR-084_Software_1.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-086/ACR-086_Software_Transmits_Data.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-086/ACR-086_Software_Transmits_Data_1.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-048/ACR-048_Software_1.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-116/ACR-116_Uninstall_Hidden.JPG"],"nonDeceptorImageFiles":["220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-038/ACR-038_Install_1.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-065/ACR-065_Install_No_Docs.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-092/ACR-092_Software_1.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-092/ACR-092_Software_2.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-065/ACR-065_Software_No_Docs.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.JPG","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-065/ACR-065_LandingPage_No_Docs.jpg","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Info.jpg","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-065/ACR-065_InternalOffers_No_Docs.jpg","220309/SpytectorRemoteKeylogger-210315/2.1.0.3/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Info.jpg"],"guid":"b89cb253-0ba8-4ff0-aa2a-6f2a418bfcaf_2.1.0.3_1","appID":"SpytectorRemoteKeylogger-210315","dateAdded":"220309","deceptorType":"App","name":"Spytector Remote Keylogger ","company":"Spytector","version":"2.1.0.3","lastKnownStatus":"2.0.1.8;2.0.1.9;2.1;2.1.0.3","lastKnownDate":"220309","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-03-09T18:14:04.9834638+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1492},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. \n","ACR-086":" The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app hides itself by attaching its process into svchost.exe, which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-040":"The app is installed into a hidden folder using user-defined filename which can be completely unrelated to the app name. The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No Returns and Cancellation Policy or Privacy Policy is provided for the app\n","ACR-036":"No Returns and Cancellation Policy or Privacy Policy is provided for the app\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"spytector-trial.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ab6bd1ea818855b8997cb50ac68d0b469acc0dbfa071d1c59fa949db813a1a3c","sourceIndex":"1846","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Spytector.exe","isInstaller":"True","companyName":"Spytector","productVersion":"2.1.0.0","fileVersion":"2.1.0.0","hashMD5":"fb310d9f7e145735b776a12ce24960f7","hashSHA1":"45eda2c5bf3f7561f6402d81eb1ad4fbb64fb75f","hashSHA256":"eae8016dafc880cc42555613be4efd2751bec006a49a16f78ebff91fa9113680","sourceIndex":"1846","avBlockList":["360 Total Security (20211209)","Avast Premium Security (20211209)","AVG Internet Security (20211209)","Avira Internet Security (20211209)","Bitdefender Internet Security (20211209)","ESET Internet Security (20211209)","G DATA INTERNET SECURITY (20211209)","K7 Total Security (20211209)","Kaspersky Internet Security (20211209)","Malwarebytes Premium (20211209)","McAfee Total Protection (20211209)","Norton Security (20211209)","Panda Dome (20211209)","Quick Heal Internet Security (20211209)","Sophos Home Premium (20211209)","SpyHunter5 (20211209)","Tencent PC Manager (20211209)","Total AV Antivirus Pro (20211209)","Trend Micro Internet Security (20211209)","VIPRE Advanced Security (20211209)","VirIT eXplorer PRO (20211209)","Webroot SecureAnywhere (20211209)","Windows Defender (20211209)"],"avAllowList":["COMODO Antivirus (20211209)","Dr.Web Security Space (20211209)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.spytector.com/","directDownloadingLink":"https://srv-store4.gofile.io/download/4GPGvG/spytector-trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://srv-store4.gofile.io/download/4GPGvG/spytector-trial.zip","sourceIndex":"1846"}],"sampleFiles":["210721/SpytectorRemoteKeylogger-210315/2.1/Samples/spytector-trial.zip","210721/SpytectorRemoteKeylogger-210315/2.1/Samples/Spytector.exe"],"imageFiles":["210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-084/Spytector Remote Keylogger_Files [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-084/Spytector Remote Keylogger_RunningProcess [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-086/Spytector Remote Keylogger_Interactions [4].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-086/Spytector Remote Keylogger_Interactions [5].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-048/Spytector Remote Keylogger_RunningProcess [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-014/Spytector Remote Keylogger_RunningProcess [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-116/Spytector Remote Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-038/Spytector Remote Keylogger_FileProperty [2].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-040/Spytector Remote Keylogger_Files [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-040/interactions.PNG","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-065/Spytector Remote Keylogger_Install [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-092/Spytector Remote Keylogger_FileProperty [3].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-092/Spytector Remote Keylogger_FileProperty [4].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-092/Spytector Remote Keylogger_FileProperty [5].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-065/Spytector Remote Keylogger_About [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-099/Spytector Remote Keylogger_About [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-065/Spytector Remote Keylogger_LandingPage [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-099/Spytector Remote Keylogger_LandingPage [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-065/Spytector Remote Keylogger_OfferPage [1].png","210721/SpytectorRemoteKeylogger-210315/2.1/Images/ACR-099/Spytector Remote Keylogger_OfferPage [1].png"],"guid":"b89cb253-0ba8-4ff0-aa2a-6f2a418bfcaf_2.1_1","appID":"SpytectorRemoteKeylogger-210315","dateAdded":"220309","deceptorType":"App","name":"Spytector Remote Keylogger ","company":"Spytector","version":"2.1","sigName":"Deceptor:Win32/SpytectorRemoteKeylogger!084086048014116","lastKnownStatus":"2.0.1.8;2.0.1.9;2.1;2.1.0.3","lastKnownDate":"220309","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-03-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1493},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. \n","ACR-086":" The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app hides itself by attaching its process into svchost.exe, which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-040":"The app is installed into a hidden folder using user-defined filename which can be completely unrelated to the app name. The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No Returns and Cancellation Policy or Privacy Policy is provided for the app\n","ACR-036":"No Returns and Cancellation Policy or Privacy Policy is provided for the app\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"module.exe","fileVersion":"0.0","hashMD5":"e2d551550837b45ac0c5db4d74ce3068","hashSHA1":"144da2848ea0e90d8e6da14547aedd286f6c456b","hashSHA256":"864eb275d6d9a05afe8abeef95fc8ceaa70bab5355e64bd36370ab2c5eb93503","sourceIndex":"1861","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Spytector.exe","isInstaller":"True","companyName":"Spytector","fileVersion":"0.0","hashMD5":"6fd0b454a48fb5fd4b6ab63630415411","hashSHA1":"804e90227064505b7a03e4b4ba94dfb75e8f80bc","hashSHA256":"24647565e3c740b6a3857dfe88f05df661e31be2372ccb6ea7e497872232c0dd","sourceIndex":"1861","avBlockList":["360 Total Security (20211125)","Avast Premium Security (20211125)","AVG Internet Security (20211125)","Avira Internet Security (20211125)","Bitdefender Internet Security (20211125)","ESET Internet Security (20211125)","G DATA INTERNET SECURITY (20211125)","K7 Total Security (20211125)","Kaspersky Internet Security (20211125)","Malwarebytes Premium (20211125)","McAfee Total Protection (20211125)","Norton Security (20211125)","Panda Dome (20211125)","Quick Heal Internet Security (20211125)","Sophos Home Premium (20211125)","SpyHunter5 (20211125)","Tencent PC Manager (20211125)","Total AV Antivirus Pro (20211125)","Trend Micro Internet Security (20211125)","VIPRE Advanced Security (20211125)","VirIT eXplorer PRO (20211125)","Webroot SecureAnywhere (20211125)","Windows Defender (20211125)"],"avAllowList":["COMODO Antivirus (20211125)","Dr.Web Security Space (20211125)"]},{"isRevoked":"False","fileName":"spytector-trial.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d3bc2c1d97b45e032f7fedb3686227fe2660a03b85c012bb292b863af5740ce0","sourceIndex":"1861","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.spytector.com/","directDownloadingLink":"https://store8.gofile.io/download/48188e2c-0662-4e25-b214-44b72e6f06ec/spytector-trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://store8.gofile.io/download/48188e2c-0662-4e25-b214-44b72e6f06ec/spytector-trial.zip","sourceIndex":"1861"}],"sampleFiles":["210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Samples/module.exe","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Samples/Spytector.exe","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Samples/spytector-trial.zip"],"imageFiles":["210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-084/Spytector Remote Keylogger_Files [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-084/Spytector Remote Keylogger_RunningProcess [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-086/Spytector Remote Keylogger_Interactions [4].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-086/Spytector Remote Keylogger_Interactions [5].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-048/Spytector Remote Keylogger_RunningProcess [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-014/Spytector Remote Keylogger_RunningProcess [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-116/Spytector Remote Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-038/Spytector Remote Keylogger_FileProperty [2].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-040/Spytector Remote Keylogger_Interactions [3].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-040/Spytector Remote Keylogger_Files [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-065/Spytector Remote Keylogger_Install [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-092/Spytector Remote Keylogger_FileProperty [3].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-092/Spytector Remote Keylogger_FileProperty [4].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-092/Spytector Remote Keylogger_FileProperty [5].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-065/Spytector Remote Keylogger_About [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-099/Spytector Remote Keylogger_About [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-065/Spytector Remote Keylogger_LandingPage [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-099/Spytector Remote Keylogger_LandingPage [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-065/Spytector Remote Keylogger_OfferPage [1].png","210707/SpytectorRemoteKeylogger-210315/2.0.1.9/Images/ACR-099/Spytector Remote Keylogger_OfferPage [1].png"],"guid":"b89cb253-0ba8-4ff0-aa2a-6f2a418bfcaf_2.0.1.9_1","appID":"SpytectorRemoteKeylogger-210315","dateAdded":"220309","deceptorType":"App","name":"Spytector Remote Keylogger ","company":"Spytector","version":"2.0.1.9","lastKnownStatus":"2.0.1.8;2.0.1.9;2.1;2.1.0.3","lastKnownDate":"220309","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-03-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1494},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. \n","ACR-086":" The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app hides itself by attaching its process into svchost.exe, which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-040":"The app is installed into a hidden folder using user-defined filename which can be completely unrelated to the app name. The app is installed in a hidden folder \"AppData”.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No Returns and Cancellation Policy or Privacy Policy is provided for the app\n","ACR-036":"No Returns and Cancellation Policy or Privacy Policy is provided for the app\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"Spytector.exe","isInstaller":"True","companyName":"Spytector","fileVersion":"0.0","hashMD5":"8151418e5107978c7d057c06ab89ca4a","hashSHA1":"44f95127fef822bd2fb8c3e68b937b97a489d92a","hashSHA256":"5519085f7a17defdccca7d47b2b102bd1e5ea8ed12ede438c3a6da5ff04a5a68","sourceIndex":"1978","avBlockList":["360 Total Security (20210525)","Avast Premium Security (20210525)","AVG Internet Security (20210525)","Avira Internet Security (20210525)","Bitdefender Internet Security (20210525)","COMODO Antivirus (20210525)","ESET Internet Security (20210525)","G DATA INTERNET SECURITY (20210525)","K7 Total Security (20210525)","Kaspersky Internet Security (20210525)","Malwarebytes Premium (20210525)","McAfee Total Protection (20210525)","Norton Security (20210525)","Panda Dome (20210525)","Quick Heal Internet Security (20210525)","Sophos Home Premium (20210525)","SpyHunter5 (20210525)","Tencent PC Manager (20210525)","Total AV Antivirus Pro (20210525)","Trend Micro Internet Security (20210525)","VIPRE Advanced Security (20210525)","VirIT eXplorer PRO (20210525)","Webroot SecureAnywhere (20210525)","Windows Defender (20210525)"],"avAllowList":["Dr.Web Security Space (20210525)"]},{"isRevoked":"False","fileName":"module .exe","fileVersion":"0.0","hashMD5":"0d14e5deac834df7b8d38a4cfde8ea9b","hashSHA1":"d7d96b31c13f532a7682321a01290f27454e6839","hashSHA256":"0b942cd074ee002dfac5d7724d17c65af880a9b01c6638ba0fdc2de948046628","sourceIndex":"1978","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"module.exe","fileVersion":"0.0","hashMD5":"f2b976ca523e7aeb0fb2c3d4c7e5925e","hashSHA1":"f347d3f1e2ac59b6af9a40407e57c6829f72d959","hashSHA256":"0ee12248d851e85b445739f1d30cff7c99c57db7b2d8e1faed4a913335ea9c3c","sourceIndex":"1978","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.spytector.com/","directDownloadingLink":"https://srv-store4.gofile.io/download/4GPGvG/spytector-trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://srv-store4.gofile.io/download/4GPGvG/spytector-trial.zip","sourceIndex":"1978"}],"sampleFiles":["210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Samples/Spytector.exe","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Samples/module .exe","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Samples/module.exe"],"imageFiles":["210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-084/Spytector Remote Keylogger_RunningProcess [2].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-084/Spytector Remote Keylogger_Files [2].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-086/Spytector Remote Keylogger_Interactions [3].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-086/Spytector Remote Keylogger_Interactions [4].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-048/Spytector Remote Keylogger_RunningProcess [2].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-014/Spytector Remote Keylogger_RunningProcess [2].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-116/Spytector Remote Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-038/Spytector Remote Keylogger_FileProperty [2].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-040/Spytector Remote Keylogger_Files [2].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-040/Spytector Remote Keylogger_Interactions [1].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-040/Spytector Remote Keylogger_Interactions [2].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-065/Spytector Remote Keylogger_Install [1].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-092/Spytector Remote Keylogger_FileProperty [3].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-092/Spytector Remote Keylogger_FileProperty [4].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-092/Spytector Remote Keylogger_FileProperty [5].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-065/Spytector Remote Keylogger_About [1].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-099/Spytector Remote Keylogger_About [1].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-065/Spytector Remote Keylogger_LandingPage [1].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-099/Spytector Remote Keylogger_LandingPage [1].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-065/Spytector Remote Keylogger_OfferPage [1].png","210318/SpytectorRemoteKeylogger-210315/2.0.1.8/Images/ACR-099/Spytector Remote Keylogger_OfferPage [1].png"],"guid":"b89cb253-0ba8-4ff0-aa2a-6f2a418bfcaf_2.0.1.8_1","appID":"SpytectorRemoteKeylogger-210315","dateAdded":"220309","deceptorType":"App","name":"Spytector Remote Keylogger ","company":"Spytector","version":"2.0.1.8","sigName":"Deceptor:Win32/SpytectorRemoteKeylogger!084086048014116","lastKnownStatus":"2.0.1.8;2.0.1.9;2.1;2.1.0.3","lastKnownDate":"220309","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-03-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1495},{"violations":{"ACR-042":"The components related to \"Bright data\" are dropped even before obtaining the consumer's consent and permission\n","ACR-043":"The \"Bright data\" related components are dropped before obtaining the consumer's consent.\n","ACR-047":"The prompt regarding the \"Bright data\" appears whenever the app is launched even though it was declined.\n","ACR-048":"The app does not provide any effective control to the \"Remove advertisement banner\" option. Even though the \"Remove Ads\" option is selected in the \"Bright data\" prompt, it does not reflect in the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-103":"The ads are displayed in the software even though the \"Remove advertisements banner\" option is already enabled in the app's settings.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Viddly YouTube Downloader\\Viddly.exe","companyName":"Viddly Inc.","productName":"Viddly YouTube Downloader","productVersion":"5.0.339","fileVersion":"5.0.339","hashMD5":"f77ff4bcb1e45949cb63004f7e136405","hashSHA1":"e2e3705f51cfc53e8bb7bf25c79070579fd32dfc","hashSHA256":"7b2994e9043b6216dd515f0df2259fb3bf4c978d68dfb4623e4e89b9c4cb735e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1639","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ViddlySetup.exe","isInstaller":"True","companyName":"Viddly Inc.                                                 ","productName":"Viddly YouTube Downloader                                   ","productVersion":"5.0.339                                           ","fileVersion":"5.0.339             ","hashMD5":"3e77eed1c9f26ecb4731fad4422600a5","hashSHA1":"1b69064f56710223a5ee482cb218f3239f27ec61","hashSHA256":"e1c1676283b5ac72304b16188cd6be93d29eb3f473e47cb46c88e323cff192cd","digitalCertThumbprint":"6AAFD4C3BB66735FDE0FEA3AF48DD53EB3BB33BA","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Vitzo LLC","storeId":"","sourceIndex":"1639","avBlockList":["Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","COMODO Antivirus (20220127)","ESET Internet Security (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","Malwarebytes Premium (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Total AV Antivirus Pro (20220127)","VirIT eXplorer PRO (20220127)","Windows Defender (20220127)"],"avAllowList":["360 Total Security (20220127)","Bitdefender Internet Security (20220127)","Dr.Web Security Space (20220127)","Kaspersky Internet Security (20220127)","Tencent PC Manager (20220127)","Trend Micro Internet Security (20220127)","VIPRE Advanced Security (20220127)","Webroot SecureAnywhere (20220127)"]}],"additionalFiles":[],"sources":[{"howFound":"youtube downloader in google","reference":"","landingPage":"https://viddly.net/en","directDownloadingLink":"https://get.vidd.ly/ViddlySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://get.vidd.ly/ViddlySetup.exe","sourceIndex":"1639"}],"sampleFiles":["220309/ViddlyYouTubeDownloader-220104/5.0.339/Samples/ViddlySetup.exe"],"imageFiles":["220309/ViddlyYouTubeDownloader-220104/5.0.339/Images/ACR-043/ACR-043_Install.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.339/Images/ACR-047/ACR-047_Install.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.339/Images/ACR-042/ACR-042_Install.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.339/Images/ACR-007/ACR-007_Software.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.339/Images/ACR-007/ACR-007_Software_1.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.339/Images/ACR-103/ACR-103_Software.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.339/Images/ACR-048/ACR-048_Software_No_Control.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.339/Images/ACR-048/ACR-048_Software_No_Control.mp4"],"nonDeceptorImageFiles":[],"guid":"3c133761-586c-4212-8ca8-28d71f9bec13_5.0.339_1","appID":"ViddlyYouTubeDownloader-220104","dateAdded":"220309","deceptorType":"App","name":"Viddly YouTube Downloader","company":"Viddly Inc","version":"5.0.339","firstVendorContactDate":"220421","firstAppEsteemReplyDate":"220421","firstResolvedDate":"220421","firstResolvedVersion":"5.0.359","resolved":"TRUE","lastKnownStatus":"5.0.336;5.0.339;5.0.345","lastKnownDate":"220421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-21T17:15:08.0734978+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1489},{"violations":{"ACR-042":"The components related to \"Bright data\" are dropped even before obtaining the consumer's permission.\n","ACR-047":"The prompt regarding the \"Bright data\" appears whenever the app is launched even though it is declined.\n","ACR-048":"The app does not provide any effective control to the \"Remove advertisement banner\" option. Even though the \"Remove Ads\" option is selected in the \"Bright data\" prompt, it does not reflect in the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-103":"The ads are displayed in the software even though the \"Remove advertisements banner\" option is already enabled in the app's settings.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"dywbflfo.exe\" (Installer) on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Viddly YouTube Downloader\\Viddly.exe","companyName":"Viddly Inc.","productName":"Viddly YouTube Downloader","productVersion":"5.0.336","fileVersion":"5.0.336","hashMD5":"1621df68d09c9b3e5f50ff4363145e93","hashSHA1":"1557d6cbd85cb689d2122d8c6e70f69a0a9853d0","hashSHA256":"156bf7d9b993d0b78bcc7506820a43f24e8d05540aa55815c60cdaa07f0608d3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1642","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ViddlySetup.exe","isInstaller":"True","companyName":"Viddly Inc.                                                 ","productName":"Viddly YouTube Downloader                                   ","productVersion":"5.0.336                                           ","fileVersion":"5.0.336             ","hashMD5":"751503119ac51195822f292742948b6c","hashSHA1":"0cac37f1d19a8d2376779306eaa5c186459b8313","hashSHA256":"84dae8bbd646680b5bd9abd770cf0ff5bc9244c4c670997f2be105bedf53b40d","digitalCertThumbprint":"6AAFD4C3BB66735FDE0FEA3AF48DD53EB3BB33BA","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Vitzo LLC","storeId":"","sourceIndex":"1642","avBlockList":["Avast Premium Security (20220317)","AVG Internet Security (20220317)","Avira Internet Security (20220317)","Bitdefender Internet Security (20220317)","COMODO Antivirus (20220317)","ESET Internet Security (20220317)","G DATA INTERNET SECURITY (20220317)","K7 Total Security (20220317)","Kaspersky Internet Security (20220317)","McAfee Total Protection (20220317)","Norton Security (20220317)","Panda Dome (20220317)","Quick Heal Internet Security (20220317)","Sophos Home Premium (20220317)","SpyHunter5 (20220317)","Tencent PC Manager (20220317)","Total AV Antivirus Pro (20220317)","VIPRE Advanced Security (20220317)","VirIT eXplorer PRO (20220317)","Webroot SecureAnywhere (20220317)","Windows Defender (20220317)"],"avAllowList":["360 Total Security (20220317)","Dr.Web Security Space (20220317)","Malwarebytes Premium (20220317)","Trend Micro Internet Security (20220317)"]}],"additionalFiles":[],"sources":[{"howFound":"youtube downloader in google","reference":"","landingPage":"https://viddly.net/en","directDownloadingLink":"https://get.vidd.ly/ViddlySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://get.vidd.ly/ViddlySetup.exe","sourceIndex":"1642"}],"sampleFiles":["220309/ViddlyYouTubeDownloader-220104/5.0.336/Samples/ViddlySetup.exe"],"imageFiles":["220309/ViddlyYouTubeDownloader-220104/5.0.336/Images/ACR-047/ACR-047_Install.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.336/Images/ACR-042/ACR-042_Install.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.336/Images/ACR-007/BrightDataBorrowingResource.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.336/Images/ACR-103/ACR-103_Software.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.336/Images/ACR-048/ACR-048_Software_No_Control.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.336/Images/ACR-048/ACR-048_Software.mp4","220309/ViddlyYouTubeDownloader-220104/5.0.336/Images/ACR-118/ACR-118_Uninstall_RetainsComponent.JPG"],"nonDeceptorImageFiles":[],"guid":"3c133761-586c-4212-8ca8-28d71f9bec13_5.0.336_1","appID":"ViddlyYouTubeDownloader-220104","dateAdded":"220309","deceptorType":"App","name":"Viddly YouTube Downloader","company":"Viddly Inc","version":"5.0.336","sigName":"Deceptor:Win32/ViddlyYouTubeDownloader!047042103048118","firstVendorContactDate":"220421","firstAppEsteemReplyDate":"220421","firstResolvedDate":"220421","firstResolvedVersion":"5.0.359","resolved":"TRUE","lastKnownStatus":"5.0.336;5.0.339;5.0.345","lastKnownDate":"220421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-21T17:08:49.4210332+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1491},{"violations":{"ACR-042":"The components related to \"Bright data\" are dropped even before obtaining the consumer's consent and permission\n","ACR-043":"The \"Bright data\" related components are dropped before obtaining the consumer's consent.\n","ACR-047":"The prompt regarding the \"Bright data\" appears whenever the app is launched even though it was declined.\n","ACR-048":"The app does not provide any effective control to the \"Remove advertisement banner\" option. Even though the \"Remove Ads\" option is selected in the \"Bright data\" prompt, it does not reflect in the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-103":"The ads are displayed in the software even though the \"Remove advertisements banner\" option is already enabled in the app's settings.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"etbd0cxx.exe\" on the device without notifying the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Viddly YouTube Downloader\\Viddly.exe","companyName":"Viddly Inc.","productName":"Viddly YouTube Downloader","productVersion":"5.0.345","fileVersion":"5.0.345","hashMD5":"20a98b6c4b45ac340cc6da472a385f42","hashSHA1":"4856405cd9712c316bfc7131298f9ee6afbfc08a","hashSHA256":"e293884b82f4c2004a774d797e85ed91f2104f55054d78a83950919a92bf6d1b","digitalCertThumbprint":"A7734A8F534D80ECB40D4E8BFEB18474CBD99A46","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Vitzo LLC","storeId":"","sourceIndex":"1640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ViddlySetup.exe","isInstaller":"True","companyName":"Viddly Inc.                                                 ","productName":"Viddly YouTube Downloader                                   ","productVersion":"5.0.345                                           ","fileVersion":"5.0.345             ","hashMD5":"66e0b462f71aa2b829a680a4c6702f7a","hashSHA1":"07a5cc870964c43aa823a464ea6a47e01e67f6a4","hashSHA256":"eda184e9f4fc2efedf1cea32a3aa170b79f6e30c8279cecc3a1d7dd61cb0cb37","digitalCertThumbprint":"A7734A8F534D80ECB40D4E8BFEB18474CBD99A46","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Vitzo LLC","storeId":"","sourceIndex":"1640","avBlockList":["360 Total Security (20220405)","Avast Premium Security (20220405)","AVG Internet Security (20220405)","Avira Internet Security (20220405)","Bitdefender Internet Security (20220405)","COMODO Antivirus (20220405)","ESET Internet Security (20220405)","G DATA INTERNET SECURITY (20220405)","K7 Total Security (20220405)","Kaspersky Internet Security (20220405)","Malwarebytes Premium (20220405)","McAfee Total Protection (20220405)","Norton Security (20220405)","Panda Dome (20220405)","Quick Heal Internet Security (20220405)","Sophos Home Premium (20220405)","SpyHunter5 (20220405)","Total AV Antivirus Pro (20220405)","VIPRE Advanced Security (20220405)","VirIT eXplorer PRO (20220405)","Webroot SecureAnywhere (20220405)","Windows Defender (20220405)"],"avAllowList":["Dr.Web Security Space (20220405)","Tencent PC Manager (20220405)","Trend Micro Internet Security (20220405)"]},{"isRevoked":"False","fileName":"ViddlySetup_220220.exe","isInstaller":"True","companyName":"Viddly Inc.                                                 ","productName":"Viddly YouTube Downloader                                   ","productVersion":"5.0.345  ","fileVersion":"5.0.345  ","hashMD5":"67fd28c624e62087ce51c3e60d57641b","hashSHA1":"3cf4c3acccd2e049bce4289ed0b5249865a59dfa","hashSHA256":"c8be4788d796ff60e2a119bf2222e8c9f01d5103dcaae75af244286003245058","digitalCertThumbprint":"A7734A8F534D80ECB40D4E8BFEB18474CBD99A46","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Vitzo LLC, O=Vitzo LLC, S=Delaware, C=US","sourceIndex":"1640","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"youtube downloader in google","reference":"","landingPage":"https://viddly.net/eng5","directDownloadingLink":"https://get.vidd.ly/ViddlySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://get.vidd.ly/ViddlySetup.exe","sourceIndex":"1640"},{"howFound":"","reference":"","landingPage":"https://viddly.net/eng7","directDownloadingLink":"https://viddly.net/eng7/download","ipv4":"","ipv6":"","sourceIndex":"1641"}],"sampleFiles":["220309/ViddlyYouTubeDownloader-220104/5.0.345/Samples/ViddlySetup.exe","220309/ViddlyYouTubeDownloader-220104/5.0.345/Samples/ViddlySetup_220220.exe"],"imageFiles":["220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-043/ACR-043_Install.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-047/ACR-047_Install.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-042/ACR-042_Install.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-007/ACR-007_Software.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-007/ACR-007_Software_1.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-103/ACR-103_Software.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-048/ACR-048_Software_No_Control.JPG","220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-048/ACR-048_Software_No_Control_1.mp4","220309/ViddlyYouTubeDownloader-220104/5.0.345/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":[],"guid":"3c133761-586c-4212-8ca8-28d71f9bec13_5.0.345_1","appID":"ViddlyYouTubeDownloader-220104","dateAdded":"220309","deceptorType":"App","name":"Viddly YouTube Downloader","company":"Viddly Inc","version":"5.0.345","firstVendorContactDate":"220421","firstAppEsteemReplyDate":"220421","firstResolvedDate":"220421","firstResolvedVersion":"5.0.359","resolved":"TRUE","lastKnownStatus":"5.0.336;5.0.339;5.0.345","lastKnownDate":"220421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-21T17:14:30.3401647+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1490},{"violations":{"ACR-043":"The \"Bright data\" related components are dropped before obtaining the user's agree and consent.\n","ACR-107":"App installs FFmpeg package and doesn't include the open-source license or the source code or link to the source code.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by sharing IP/network connections.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains many of its components on the device without the consumer's consent or notifying user.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a Digital signature for any of the dropped components.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\Megacubo\\megacubo.exe","companyName":"The NW.js Community","productName":"nwjs","productVersion":"0.37.4","fileVersion":"0.37.4","hashMD5":"e166da279b24fc4c03a6dd90d228175c","hashSHA1":"bfcba0cbab2ba704e15be57d75b677a806f10dca","hashSHA256":"049a7109cc82c30374160e10231eaaaa85a61949e6e71965383ef32e49a373a4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1606","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"megacubo_setup.exe","isInstaller":"True","companyName":"megacubo.tv                                                 ","productName":"Megacubo                                                    ","productVersion":"16.2.6                                            ","fileVersion":"                    ","hashMD5":"3d515a41aad3aaacee48a908d58b7415","hashSHA1":"c82fcd39c598c88da10c68f998413288fd8a4e67","hashSHA256":"14ead107746fd5a0aa6b61707de76b154a64a1c6e02a91ff398b4681c1840bae","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1606","avBlockList":["Avira Internet Security (20220329)","Bitdefender Internet Security (20220329)","ESET Internet Security (20220329)","G DATA INTERNET SECURITY (20220329)","K7 Total Security (20220329)","Kaspersky Internet Security (20220329)","McAfee Total Protection (20220329)","Norton Security (20220329)","Quick Heal Internet Security (20220329)","Sophos Home Premium (20220329)","SpyHunter5 (20220329)","Total AV Antivirus Pro (20220329)","Trend Micro Internet Security (20220329)","VirIT eXplorer PRO (20220329)","Windows Defender (20220329)"],"avAllowList":["360 Total Security (20220329)","Avast Premium Security (20220329)","AVG Internet Security (20220329)","COMODO Antivirus (20220329)","Dr.Web Security Space (20220329)","Malwarebytes Premium (20220329)","Panda Dome (20220329)","Tencent PC Manager (20220329)","VIPRE Advanced Security (20220329)","Webroot SecureAnywhere (20220329)"]},{"isRevoked":"False","fileName":"net_updater64.exe","companyName":"Bright Data Ltd.","fileVersion":"1.284","hashMD5":"8fd12673a8ac4eaafbccddfaea709c66","hashSHA1":"31e2c87b81e45d65163c4abd95d4fa4032a17be6","hashSHA256":"555ffd89131c765a1acc98e936e891b4b5a9455a00758ff890deb7f25369cc00","digitalCertThumbprint":"E37007D5AD430ECCA48AAE923E539D4431924B37","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Bright Data Ltd, O=Bright Data Ltd, L=Netanya, C=IL, SERIALNUMBER=514114842, OID.1.3.6.1.4.1.311.60.2.1.3=IL, OID.2.5.4.15=Private Organization","sourceIndex":"1606","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"allintext:\"the Bright SDK EULA\"","reference":"","landingPage":"https://megacubo.tv/en/","directDownloadingLink":"https://megacubo.tv/en/install/#start-download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://megacubo.tv/en/install/#start-download","sourceIndex":"1606"}],"sampleFiles":["220308/Megacubo-220307/16.2.6/Samples/megacubo_setup.exe"],"imageFiles":["220308/Megacubo-220307/16.2.6/Images/ACR-043/ACR-043_Install_Drops_Components.JPG","220308/Megacubo-220307/16.2.6/Images/ACR-007/ACR-007_Install_Reduces_Security.JPG","220308/Megacubo-220307/16.2.6/Images/ACR-118/ACR-118_Uninstall_RetainComponents.JPG","220308/Megacubo-220307/16.2.6/Images/ACR-107/ACR-107_Install_1.JPG"],"nonDeceptorImageFiles":["220308/Megacubo-220307/16.2.6/Images/ACR-092/ACR-092_Software_1.JPG"],"guid":"b6234414-8bf2-4846-8d8f-9631c1fbb2a3_16.2.6_1","appID":"Megacubo-220307","dateAdded":"220308","deceptorType":"App","name":"Megacubo","company":"megacubo.tv","version":"16.2.6","firstVendorContactDate":"220516","firstAppEsteemReplyDate":"220516","firstResolvedDate":"220517","firstResolvedVersion":"16.4.0","resolved":"TRUE","lastKnownStatus":"16.2.6","lastKnownDate":"220517","type":"Windows Executable","category":"SysTools & Utilities, Media players","targetOS":"Windows 7,Windows Vista,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-17T19:08:09.9834932+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1496},{"violations":{"ACR-042":"The app installs undisclosed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app installs Trusted Root certificate without disclosing why and potential risk introduced to user system. User is not offered to choose deny it.\n","ACR-048":"The app does not provide any control to disable the scheduled task & to close the app completely within the app's settings.\n","ACR-004":"The app exaggerates the system status using exclamation symbol without substantiated evidence.\n","ACR-007":"The app installs Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-017":"Unable to verify logo in the Internal offers page (https://bit.ly/3KV8V1j)\n","ACR-084":"On closing the app, application doesn't exit completely. It minimizes to tray and runs silently in the background, hiding the fact that it is active from the consumer without any notification.\n","ACR-085":"The app enables to collect technical and diagnostic information by default without user consent during application install.\n","ACR-014":"The app misleads by stating \"Your computer is not fully protected\" despite the fact Microsoft Windows Defender protection is ON.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly and straightforward what the effect it causes to user's system. For example, the Trusted Root certificate installed.\n"},"samples":[{"isRevoked":"False","fileName":"cryptobuster-1.0.823-setup.exe","isInstaller":"True","companyName":"Smart PC Utilities","productName":"CryptoBuster","productVersion":"1.0.823.0","fileVersion":"1.0.823.0","hashMD5":"c8b44ef5e8831a2fec5f2d04de77276b","hashSHA1":"be1cdb757e377eb84154ce121df67efd80bad672","hashSHA256":"29031b921e764360a229e76f8655fde7824c0a75ee5079c68a46e871a2ed29e4","digitalCertThumbprint":"95097CC4ECF84A5D04EB87BB6335FC5104230D41","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Ahmed Fathi","storeId":"","sourceIndex":"1689","avBlockList":["360 Total Security (20220217)","Avast Premium Security (20220217)","AVG Internet Security (20220217)","Avira Internet Security (20220217)","ESET Internet Security (20220217)","K7 Total Security (20220217)","McAfee Total Protection (20220217)","Norton Security (20220217)","Panda Dome (20220217)","Sophos Home Premium (20220217)","SpyHunter5 (20220217)","Total AV Antivirus Pro (20220217)","VirIT eXplorer PRO (20220217)","Webroot SecureAnywhere (20220217)","Windows Defender (20220217)"],"avAllowList":["Bitdefender Internet Security (20220217)","COMODO Antivirus (20220217)","Dr.Web Security Space (20220217)","G DATA INTERNET SECURITY (20220217)","Kaspersky Internet Security (20220217)","Malwarebytes Premium (20220217)","Quick Heal Internet Security (20220217)","Tencent PC Manager (20220217)","Trend Micro Internet Security (20220217)","VIPRE Advanced Security (20220217)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Smart PC Utilities\\CryptoBuster\\CryptoBuster.exe","companyName":"Smart PC Utilities Ltd.","productName":"CryptoBuster","productVersion":"1.0.823.0","fileVersion":"1.0.823.0","hashMD5":"794b2c79784644f81ffb4801e09d6cd2","hashSHA1":"9987e840f1b875a71c9ba65d6e74f22c6f062752","hashSHA256":"c76338972c542846b02d6783f9522fd8abf342970c8992b0328982158aa29ac7","digitalCertThumbprint":"D8D05DB8C4650B25859281786AE599CCEA4D07A2","digitalCertIssuer":"Smart PC Utilities","digitalCertIssuedTo":"Smart PC Utilities","storeId":"","sourceIndex":"1689","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related apps","reference":"","landingPage":"https://www.smartpcutilities.com/cryptobuster.html","directDownloadingLink":"https://www.smartpcutilities.com/files/cryptobuster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.smartpcutilities.com/files/cryptobuster.exe","sourceIndex":"1689"}],"sampleFiles":["220308/cryptobuster-220131/1.0.823.0/Samples/cryptobuster-1.0.823-setup.exe"],"imageFiles":["220308/cryptobuster-220131/1.0.823.0/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-007/ACR-007_Install_Root_Certificate_Installed.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-004/ACR-004_Software_Exclamation_Symbol.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-048/ACR-048_Software_No_Control_To_Quit_App.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-048/ACR-048_Software_No_Control_To_Quit_App_1.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-085/ACR-085_Software_1.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-014/ACR-014_Software_Misleading_Status.JPG","220308/cryptobuster-220131/1.0.823.0/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Testimonials.jpg"],"nonDeceptorImageFiles":["220308/cryptobuster-220131/1.0.823.0/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG"],"guid":"5e0dee4f-eb78-4d99-a293-c2f668d24453_1.0.823.0_1","appID":"cryptobuster-220131","dateAdded":"220308","deceptorType":"App","name":"Crypto Buster","company":"Smart PC Utilities Ltd","version":"1.0.823.0","firstVendorContactDate":"220301","firstAppEsteemReplyDate":"220305","firstResolvedDate":"220308","firstResolvedVersion":"1.0.935.0","resolved":"TRUE","lastKnownStatus":"1.0.823.0","lastKnownDate":"220131","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-03-09T04:52:32.8923225+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1498},{"violations":{"ACR-042":"The \"Media freeware\" components get dropped without asking the user's permission and disclosing the installation path.\n","ACR-043":"The \"Media freeware\" components get dropped in one click without asking the user's permission and disclosing the installation path.\n","ACR-046":"The \"Media freeware\" offer is not conspicuous and the details provided in the install prompt regarding the offer is not clearly visible due to the small font size.\n","ACR-048":"1. The app does not provide any control to \"Opt-out\" from the Peer network within the app's setting\n2. The app didn't provide any control to disable the startup.\n","ACR-084":"1. The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\"\n2. The \"Media freeware\" process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n","ACR-057":"The app doesn't provide a clear way for users to Accept/Decline the offer.\n","ACR-055":"The app has no buttons to Accept/Decline, the offered app \"Media freeware\".\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear.\n","ACR-039":"The app drops \"Media freeware\" without disclosing it to the user and getting user consent.\n","ACR-155":"The offer was inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs itself in a hidden location \"C:\\Users\\User\\AppData\\Roaming\\Media Freeware Setup\".\n","ACR-092":"The app does not provide Digital signatures for the installer (Free DOC to PDF_000421.msi) and the main executable.\n"},"samples":[{"isRevoked":"False","fileName":"Free DOC to PDF_000421.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"f747186c2bb6671c29abcc8de720ba90d8263194edec8abecb8a0820052e47de","sourceIndex":"1385","avBlockList":["360 Total Security (20220329)","Avast Premium Security (20220329)","AVG Internet Security (20220329)","Avira Internet Security (20220329)","COMODO Antivirus (20220329)","ESET Internet Security (20220329)","K7 Total Security (20220329)","Kaspersky Internet Security (20220329)","McAfee Total Protection (20220329)","Norton Security (20220329)","Panda Dome (20220329)","Sophos Home Premium (20220329)","SpyHunter5 (20220329)","Total AV Antivirus Pro (20220329)","VirIT eXplorer PRO (20220329)","Windows Defender (20220329)"],"avAllowList":["Bitdefender Internet Security (20220329)","Dr.Web Security Space (20220329)","G DATA INTERNET SECURITY (20220329)","Malwarebytes Premium (20220329)","Quick Heal Internet Security (20220329)","Tencent PC Manager (20220329)","Trend Micro Internet Security (20220329)","VIPRE Advanced Security (20220329)","Webroot SecureAnywhere (20220329)"]},{"isRevoked":"False","fileName":"Free Doc to PDF Converter.exe","fileVersion":"1.0","hashMD5":"7514fc023fa03d5c71471dabff2157fe","hashSHA1":"d1a2a39616d82c5aedafba4f3b082af1fb210f4c","hashSHA256":"c6eb4c1dbc66ce05f2ba9ea0ca6bb36550205bfa05da55e5969297ece1e96dcb","sourceIndex":"1385","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"allintext:\"the 066 114 105 103 104 116 SDK EULA\"","reference":"","landingPage":"https://www.freepdfsolutions.com/","directDownloadingLink":"https://v1.install80.com/setup?t=Free+DOC+to+PDF&file=https%3A%2F%2Ffreepdfsolutions.com%2Ffiles%2Fdoctopdf_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://v1.install80.com/setup?t=Free+DOC+to+PDF&file=https%3A%2F%2Ffreepdfsolutions.com%2Ffiles%2Fdoctopdf_setup.exe","sourceIndex":"1385"}],"sampleFiles":["220308/FreeDocToPDFConverter-220307/1.0.0.0/Samples/Free DOC to PDF_000421.msi"],"imageFiles":["220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-039/ACR-039_Install.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-043/ACR-043_Install.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-046/ACR-046_Install.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-042/ACR-042_Install.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-084/ACR-084_Software.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-084/ACR-084_Software_1.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-118/ACR-118_Uninstall.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_1.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_2.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-057/ACR-057_In-bundleOffers.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-059/ACR-059_In-bundleOffers.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-155/ACR-155_In-bundleOffers.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-055/ACR-055_In-bundleOffers.JPG"],"nonDeceptorImageFiles":["220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-040/ACR-040_Install.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-092/ACR-092_Software.JPG","220308/FreeDocToPDFConverter-220307/1.0.0.0/Images/ACR-092/ACR-092_Software_1.JPG"],"guid":"d0965fb0-3e5e-44ba-8c5b-611ea7941bf6_1.0.0.0_1","appID":"FreeDocToPDFConverter-220307","dateAdded":"220308","deceptorType":"App","name":"Free Doc To PDF Converter","company":"freepdfsolutions.com","version":"1.0.0.0","lastKnownStatus":"1.0.0.0","lastKnownDate":"220308","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-10-03T19:32:47.8417656+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1497},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer and requires a password to open the app, preventing the targeted consumer from accessing it.\n","ACR-086":"The app is password-protected and therefore does not inform the targeted consumer how it collects, stores, or transmits data via explicit notifications.\n","ACR-097":"The app prompts the user to turn off all antivirus software before installing.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install wizard does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy and Privacy Policy. \nThe app's about page does not provide links to the app's EULA or Terms of Service, Returns and Cancellations Policy and Privacy Policy. \nThe app's landing page does not provide links to the app's EULA or Terms of Service, Returns and Cancellations Policy and Privacy Policy. \nThe app's internal offers page does not provide links to the EULA or Terms of Service\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app discloses that there is a possibility that its functions may violate laws in certain states, enabling the consumer to violate laws.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app \nThe app's landing page does not provide links to uninstall information.\nThe app's internal offers page does not provide links to uninstall information.\n","ACR-150":"The app's landing page displays endorsements (reviews) with no link back to original source, preventing them from being verified.\n"},"samples":[{"isRevoked":"False","fileName":"Elite Keylogger","fileVersion":"0.","hashMD5":"29cc57ea0364901d54db1e45b4a1b285","hashSHA1":"addd04ee9dbf4536655b7b26e84f3653dfad49e4","hashSHA256":"d602e52237e61b41ef69c081bffc80c6f2ab7d89785616fb90b980b733706985","sourceIndex":"1696","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EliteMonitor.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"752726d70b527b6f3ed01d93a9479045","hashSHA1":"54753757ed8cbea7da9fcfc82f445f7865e33578","hashSHA256":"92f1e8c71f415d1d3638156515d191762b74157f6168180c43aa135053163b84","sourceIndex":"1696","avBlockList":["Avast Security for Mac (20220809)","Avira Security for Mac (20220809)","Bitdefender Antivirus for Mac (20220809)","ESET Cyber Security Pro for Mac (20220809)","G DATA AntiVirus for Mac (20220809)","K7 Antivirus for Mac (20220809)","Norton Security for Mac (20220809)","Sophos Home Premium For Mac (20220809)","Trend Micro Antivirus for Mac (20220809)"],"avAllowList":["Kaspersky Internet Security for Mac (20220809)","McAfee Internet Security for Mac (20220809)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.elitekeyloggers.com/elite-keylogger-mac","directDownloadingLink":"https://evc91.pcloud.com/dHZhFuff0Z1i0RPFZZZfE0Gi7Z2ZZn2RZkZ8S7JZ83lsFUXQLNjl0DNCE29CbjtDKCHy/EliteMonitor.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://evc91.pcloud.com/dHZhFuff0Z1i0RPFZZZfE0Gi7Z2ZZn2RZkZ8S7JZ83lsFUXQLNjl0DNCE29CbjtDKCHy/EliteMonitor.dmg","sourceIndex":"1696"}],"sampleFiles":["220303/EliteKeyloggerMac-200212/1.8.551/Samples/Elite Keylogger","220303/EliteKeyloggerMac-200212/1.8.551/Samples/EliteMonitor.dmg"],"imageFiles":["220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-086/Elite Keylogger_Install [9].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-086/Elite Keylogger_Interactions [1].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-086/Elite Keylogger_Interactions [2].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-086/Elite Keylogger_Interactions [3].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-086/Elite Keylogger_Interactions [4].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-097/Elite Keylogger_Install [2].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-097/Elite Keylogger_Install [3].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-097/Elite Keylogger_Install [5].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-007/Elite Keylogger_Install [9].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-007/Elite Keylogger_Interactions [1].png"],"nonDeceptorImageFiles":["220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [1].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [2].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [3].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [5].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [7].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [8].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [9].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [10].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_Install [11].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_About [1].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_LandingPage [1].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-065/Elite Keylogger_OfferPage [1].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-161/Elite Keylogger_LandingPage [2].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-082/Elite Keylogger_Install [7].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-082/Elite Keylogger_LandingPage [2].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-099/Elite Keylogger_About [1].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-099/Elite Keylogger_LandingPage [1].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-099/Elite Keylogger_OfferPage [1].png","220303/EliteKeyloggerMac-200212/1.8.551/Images/ACR-150/Elite Keylogger_LandingPage [3].png"],"guid":"b55320d7-f5de-418c-9b66-9d5add26b38c_1.8.551_1","appID":"EliteKeyloggerMac-200212","dateAdded":"220303","deceptorType":"MacOS App","name":"Elite Keylogger Mac","company":"WideStep","version":"1.8.551","lastKnownStatus":"1.8.501;1.8.503;1.8.504.2;1.8.551","lastKnownDate":"220303","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-03-03T22:27:19.4857283+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1499},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer and requires a password to open the app, preventing the targeted consumer from accessing it.\n","ACR-086":"The app is password-protected and therefore does not inform the targeted consumer how it collects, stores, or transmits data via explicit notifications.\n","ACR-097":"The app prompts the user to turn off all antivirus software before installing.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install wizard does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy and Privacy Policy. \nThe app's about page does not provide links to the app's EULA or Terms of Service, Returns and Cancellations Policy and Privacy Policy. \nThe app's landing page does not provide links to the app's EULA or Terms of Service, Returns and Cancellations Policy and Privacy Policy. \nThe app's internal offers page does not provide links to the EULA or Terms of Service\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app discloses that there is a possibility that its functions may violate laws in certain states, enabling the consumer to violate laws.\n","ACR-099":"The app's landing page does not provide links to uninstall information.\nThe app's internal offers page does not provide links to uninstall information.\n","ACR-150":"The app's landing page displays endorsements (reviews) with no link back to original source, preventing them from being verified.\n"},"samples":[{"isRevoked":"False","fileName":"EliteMonitor.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5c2f6003a3f85e552a9d8cfa6645814f","hashSHA1":"adf568d05c1960d31f0b0bedbc70cf4d0ce4e8ae","hashSHA256":"78ca50f4d6005542c05a34a8d760f0d2597af08517446372cfdc7890dfcc0419","sourceIndex":"2017","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"Elite Keylogger","fileVersion":"0.","hashMD5":"27c2eb7799799af5cca3af7ed5f8e5ac","hashSHA1":"1c7ea7d05ef37e66a29a97dbac96ad482d745746","hashSHA256":"09d86d098f27a3a97042a709beef8123cb9b409a60d3952127b3d63f43ffcdb1","sourceIndex":"2017","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.elitekeyloggers.com/elite-keylogger-mac","directDownloadingLink":"https://d1okwhlrullbtr.cloudfront.net/i5yu%2Ffile%2F397ef50866cb2bb328374ebd22dfedcf_EliteMonitor.dmg?response-content-disposition=attachment%3Bfilename%3D%22EliteMonitor.dmg%22%3B&response-content-encoding=binary&Expires=1609135303&Signature=BgzrBkG~pQ76XMFwyPjVlJm-bbUIR5jt7U~V-Yvn1XOvT~CZtaY-NFqb7kNDhGkO3lQvVzYJ3WV7JSJZD3xuL0~75rVbu2ANan2kpRFAV7vr-Oaowhu2JEEZXGcQ0SOIC-JFOOE-qXRzURi2DPazRVXaCH3NqH1fvVEVxAm~-7mLUzJjTfuMLsGBldkQ~AZZ~I9aKXoC4oKqzBCU~LvXsb84fsA5reZwauzbw3ra0allxR4Z~PJ~gM6koOAaI6uw7T5xBPNbacXpQXfmVPiyxIJ0h7y-K4NjYXOVDUNg~-Gl9jr59PsO3hwSQm6Yfi9K~mpIOu36GhYIz0-SKl2XgA__&Key-Pair-Id=APKAJT5WQLLEOADKLHBQ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1okwhlrullbtr.cloudfront.net/i5yu%2Ffile%2F397ef50866cb2bb328374ebd22dfedcf_EliteMonitor.dmg?response-content-disposition=attachment%3Bfilename%3D%22EliteMonitor.dmg%22%3B&response-content-encoding=binary&Expires=1609135303&Signature=BgzrBkG~pQ76XMFwyPjVlJm-bbUIR5jt7U~V-Yvn1XOvT~CZtaY-NFqb7kNDhGkO3lQvVzYJ3WV7JSJZD3xuL0~75rVbu2ANan2kpRFAV7vr-Oaowhu2JEEZXGcQ0SOIC-JFOOE-qXRzURi2DPazRVXaCH3NqH1fvVEVxAm~-7mLUzJjTfuMLsGBldkQ~AZZ~I9aKXoC4oKqzBCU~LvXsb84fsA5reZwauzbw3ra0allxR4Z~PJ~gM6koOAaI6uw7T5xBPNbacXpQXfmVPiyxIJ0h7y-K4NjYXOVDUNg~-Gl9jr59PsO3hwSQm6Yfi9K~mpIOu36GhYIz0-SKl2XgA__&Key-Pair-Id=APKAJT5WQLLEOADKLHBQ","sourceIndex":"2017"}],"sampleFiles":["201229/EliteKeyloggerMac-200212/1.8.504.2/Samples/EliteMonitor.dmg","201229/EliteKeyloggerMac-200212/1.8.504.2/Samples/Elite Keylogger"],"imageFiles":["201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-086/Elite Keylogger_Install [8].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-086/Elite Keylogger_Interactions [1].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-086/Elite Keylogger_Interactions [2].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-086/Elite Keylogger_Interactions [3].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-086/Elite Keylogger_Interactions [4].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-097/Elite Keylogger_Install [1].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-097/Elite Keylogger_Install [2].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-097/Elite Keylogger_Install [3].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-097/Elite Keylogger_Install [4].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-097/Elite Keylogger_Install [5].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-007/Elite Keylogger_Install [8].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-007/Elite Keylogger_Interactions [1].png"],"nonDeceptorImageFiles":["201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-065/Elite Keylogger_Install [1].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-065/Elite Keylogger_Install [2].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-065/Elite Keylogger_Install [3].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-065/Elite Keylogger_Interactions [2].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-065/Elite Keylogger_LandingPage [2].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-065/Elite Keylogger_OfferPage [1].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-161/Elite Keylogger_LandingPage [1] Testimonial.png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-082/Elite Keylogger_Install [6].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-082/Elite Keylogger_LandingPage [3].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-099/Elite Keylogger_LandingPage [2].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-099/Elite Keylogger_OfferPage [1].png","201229/EliteKeyloggerMac-200212/1.8.504.2/Images/ACR-150/Elite Keylogger_LandingPage [1] Testimonial.png"],"guid":"b55320d7-f5de-418c-9b66-9d5add26b38c_1.8.504.2_1","appID":"EliteKeyloggerMac-200212","dateAdded":"220303","deceptorType":"MacOS App","name":"Elite Keylogger Mac","company":"WideStep","version":"1.8.504.2","sigName":"Deceptor:MacOS/EliteKeyloggerMac!086097007","lastKnownStatus":"1.8.501;1.8.503;1.8.504.2;1.8.551","lastKnownDate":"220303","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-03-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1500},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer and requires a password to open the app, preventing the targeted consumer from accessing it.\n","ACR-086":"The app is password-protected and therefore does not inform the targeted consumer how it collects, stores, or transmits data via explicit notifications.\n","ACR-097":"The app prompts the user to turn off all antivirus software before installing.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install page does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy and Privacy Policy. \nThe app's about page does not provide links to the app's EULA or Terms of Service, Returns and Cancellations Policy and Privacy Policy. \nThe app's landing page does not provide links to the app's EULA or Terms of Service, Returns and Cancellations Policy and Privacy Policy. \nThe app's internal offers page does not provide links to the EULA or Terms of Service\n","ACR-161":"The app's landing page contains quotes with no links back to the original source, prevented them from being able to be verified.\n","ACR-082":"The app discloses that there is a possibility that its functions may violate laws in certain states, enabling the consumer to violate laws.\n","ACR-099":"The app's landing page does not provide links to uninstall information.\nThe app's internal offers page does not provide links to uninstall information.\n","ACR-150":"The app's landing page displays endorsements (reviews) with no link back to original source, preventing them from being verified.\n"},"samples":[{"isRevoked":"False","fileName":"Elite Keylogger","fileVersion":"0.","hashMD5":"3cd201a8b541d6ee75cbb1ef9dec8e37","hashSHA1":"d6b05f05e2ac24f649f6f7c6681d58be47d9cbf0","hashSHA256":"647f4e77c1f26f9f8ac5ce1eabe074bc0db0602252efd5fce306024b291653ac","sourceIndex":"2118","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EliteMonitor.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"458ce4ce6e561055c3aa25ad6fb0eefd","hashSHA1":"0dfa6ff21556bfce8651763707192551204bebcc","hashSHA256":"5213f9375cffd0203089f51021074d8b9ca2677da475379e71e4a471f372a051","sourceIndex":"2118","avBlockList":["Avast Security for Mac (20201013)","Avira Security for Mac (20201013)","Bitdefender Antivirus for Mac (20201013)","ESET Cyber Security Pro for Mac (20201013)","G DATA AntiVirus for Mac (20201013)","K7 Antivirus for Mac (20201013)","McAfee Internet Security for Mac (20201013)","Norton Security for Mac (20201013)","Sophos Home Premium For Mac (20201013)","Trend Micro Antivirus for Mac (20201013)"],"avAllowList":["Kaspersky Internet Security for Mac (20201013)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.elitekeyloggers.com/elite-keylogger-mac","directDownloadingLink":"https://mega.nz/file/OK5VHKAJ#qUEECkOaY9S8TAfMy74MyfOp7aJugiNtl6ZO5s3708U","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/file/OK5VHKAJ#qUEECkOaY9S8TAfMy74MyfOp7aJugiNtl6ZO5s3708U","sourceIndex":"2118"}],"sampleFiles":["200827/EliteKeyloggerMac-200212/1.8.503/Samples/Elite Keylogger","200827/EliteKeyloggerMac-200212/1.8.503/Samples/EliteMonitor.dmg"],"imageFiles":["200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-086/Elite Keylogger Mac_Interaction [3] Password.png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-086/Elite Keylogger Mac_Interaction [7] EnterPassword.png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-086/Elite Keylogger Mac_Interaction [8].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-086/Elite Keylogger Mac_Interaction [9].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-097/Elite Keylogger Mac_Install [2] TurnOffAV.png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-097/Elite Keylogger Mac_Install [3] TurnOffAV.png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-097/Elite Keylogger Mac_Install [4].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-007/Elite Keylogger Mac_Interaction [3] Password.png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-007/Elite Keylogger Mac_Interaction [7] EnterPassword.png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-007/Elite Keylogger Mac_Interaction [9].png"],"nonDeceptorImageFiles":["200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-065/Elite Keylogger Mac_Install [1].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-065/Elite Keylogger Mac_Install [3] TurnOffAV.png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-065/Elite Keylogger Mac_Install [4].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-065/Elite Keylogger Mac_About [1].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-065/Elite Keylogger Mac_LandingPage [5].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-065/Elite Keylogger Mac_LandingPage [6].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-065/Elite Keylogger Mac_OfferPage [3].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-065/Elite Keylogger Mac_OfferPage [4].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-161/Elite Keylogger Mac_LandingPage [1].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-161/Elite Keylogger Mac_LandingPage [2].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-082/Elite Keylogger Mac_Interaction [1].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-082/Elite Keylogger Mac_LandingPage [2] .png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-099/Elite Keylogger Mac_LandingPage [5].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-099/Elite Keylogger Mac_LandingPage [6].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-099/Elite Keylogger Mac_OfferPage [4].png","200827/EliteKeyloggerMac-200212/1.8.503/Images/ACR-150/Elite Keylogger Mac_LandingPage [2]_.png"],"guid":"b55320d7-f5de-418c-9b66-9d5add26b38c_1.8.503_1","appID":"EliteKeyloggerMac-200212","dateAdded":"220303","deceptorType":"MacOS App","name":"Elite Keylogger Mac","company":"WideStep","version":"1.8.503","sigName":"Deceptor:MacOS/EliteKeyloggerMac!086097007","lastKnownStatus":"1.8.501;1.8.503;1.8.504.2;1.8.551","lastKnownDate":"220303","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-03-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1501},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer and requires a password to open the app, preventing the targeted consumer from accessing it.\n","ACR-086":"The app is password protected and therefore does not inform the targeted consumer how it collects, stores, or transmits data via explicit notifications.\n","ACR-097":"The app prompts the user to turn off all antivirus software before installing.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install page does not provide links to the app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not provide links to the app's EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's landing page does not provide links to the app's EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's internal offers page does not provide links to the EULA.\n","ACR-161":"The app's landing page contains quotes with no links back to the original source, prevented them from being able to be verified.\n","ACR-082":"The app discloses that there is a possibility that its functions may violate laws in certain states, enabling the consumer to violate laws.\n","ACR-099":"The app's landing page does not provide links to uninstall information.\nThe app's internal offers page does not provide links to uninstall information.\n","ACR-150":"The app's landing page displays endorsements (reviews) with no link back to original source, preventing them from being verified.\n"},"samples":[{"isRevoked":"False","fileName":"EliteMonitor.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"7415f5c6d7c482d8fc347af9ada21404","hashSHA1":"8bb017635e18df874b07ce0b57fb5beea528f115","hashSHA256":"440bd3830b0d05d4e66fe44eecbef830dd8ba630501a90158e2faecc2e732b6d","sourceIndex":"2532","avBlockList":["Avast Security for Mac (20220614)","Avira Security for Mac (20220614)","Bitdefender Antivirus for Mac (20220614)","ESET Cyber Security Pro for Mac (20220614)","G DATA AntiVirus for Mac (20220614)","K7 Antivirus for Mac (20220614)","McAfee Internet Security for Mac (20220614)","Norton Security for Mac (20220614)","Sophos Home Premium For Mac (20220614)","Trend Micro Antivirus for Mac (20220614)"],"avAllowList":["Malwarebytes Premium (20200217)","Kaspersky Internet Security for Mac (20220614)"]},{"isRevoked":"False","fileName":"Elite Keylogger","fileVersion":"0.","hashMD5":"0509ccca2956c452afad2d541c42edd8","hashSHA1":"06f2da4c4517bee9e9f8ca3c6371c4c2d3388d43","hashSHA256":"949f669abbb4bdf4ba5fd24f3aad3687faf9f2072bc92a2a6cbdd59a1c437b3e","sourceIndex":"2532","avBlockList":["Avast Security for Mac (20200220)","Avira Security for Mac (20200220)","Bitdefender Antivirus for Mac (20200220)","ESET Cyber Security Pro for Mac (20200220)","G DATA AntiVirus for Mac (20200220)","McAfee Internet Security for Mac (20200220)","Norton Security for Mac (20200220)","Sophos Home Premium For Mac (20200220)","Trend Micro Antivirus for Mac (20200220)"],"avAllowList":["Malwarebytes Premium (20200217)","K7 Antivirus for Mac (20200220)","Kaspersky Internet Security for Mac (20200220)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.elitekeyloggers.com/elite-keylogger-mac","directDownloadingLink":"https://jumpshare.com/v/bUyNFDK7h9o8s2vlCu3D#","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://jumpshare.com/v/bUyNFDK7h9o8s2vlCu3D#","sourceIndex":"2532"}],"sampleFiles":["200213/EliteKeyloggerMac-200212/1.8.501/Samples/EliteMonitor.dmg"],"imageFiles":["200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-086/ACR-086.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-086/No Notifications.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-097/ACR-097.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-007/Password.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-007/No Notifications.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-007/ACR-007.png"],"nonDeceptorImageFiles":["200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-065/Install Page.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-065/About Page.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-065/Bottom of Landing Page.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-065/Internal Offers.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-161/Bottom of Landing Page.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-082/ACR-082.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-099/Bottom of Landing Page.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-099/Internal Offers.png","200213/EliteKeyloggerMac-200212/1.8.501/Images/ACR-150/Bottom of Landing Page.png"],"guid":"b55320d7-f5de-418c-9b66-9d5add26b38c_1.8.501_1","appID":"EliteKeyloggerMac-200212","dateAdded":"220303","deceptorType":"MacOS App","name":"Elite Keylogger Mac","company":"WideStep","version":"1.8.501","sigName":"Deceptor:MacOS/EliteKeyloggerMacStalkerware!086097007","lastKnownStatus":"1.8.501;1.8.503;1.8.504.2;1.8.551","lastKnownDate":"220303","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2022-03-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1502},{"violations":{"ACR-042":"Bits Browser components installed in hidden folder one click without obtaining the user's agreement and permission, not disclosing the installation path, and allowing the user to change it. \n","ACR-048":"The app does not provide any control to cancel the installation. Even on canceling it installs the application.\nThe app didn't provide any control to disable the startup, tasks, and process it created within the app's settings.\n","ACR-006":"BitsBrowser doesn't disclose the search engine it installs (PrivateSearch) and search result from Yahoo search.\n","ACR-007":"The app's attribution (BitsBrowser) is not clear in the main page.\n","ACR-084":"1. On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer.\n2. The app creates undisclosed tasks and startup to perform actions without the consumer's knowledge and consent. \n","ACR-104":"The app does not clearly disclose the private search engine used in BitsBrowser.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application is installed without presenting user EULA, Privacy Policy.\nThe software has no link to the EULA and/or Terms of Service, Privacy Policy. \n","ACR-036":"The app does not disclose the search relationships with \"Yahoo\" in Docs.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\Procog\\BitsBrowser\\Application\\BitsBrowser.exe","companyName":"The BitsBrowser Authors","productName":"BitsBrowser","productVersion":"80.55555.0.1024","fileVersion":"80.55555.0.1024","hashMD5":"0361ea31bb7afa91db91aec658062c82","hashSHA1":"e17de010b2bf57ed3ff12157552c9e81d93315d8","hashSHA256":"76c65d6b189f298c42f68e137723637727ff79e01eac2a3aecc97fdab3f82e9d","digitalCertThumbprint":"6C1B4A7BB483B0950889F3F346493075AB0A6301","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Procog LTD","storeId":"","sourceIndex":"328","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BitsBrowserSetupLp3.exe","isInstaller":"True","companyName":"Procog Inc.","productName":"Procog Update","productVersion":"1.3.35.22215","fileVersion":"1.3.35.22215","hashMD5":"afb934e281d351bf1028b9fd8bd79577","hashSHA1":"725564b86080eefeae05987794973700418b94e4","hashSHA256":"370f7593c0ceb7c2c82c4302584d42398c6dd4f4689bdc8c3681914dccb39752","digitalCertThumbprint":"6C1B4A7BB483B0950889F3F346493075AB0A6301","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Procog LTD","storeId":"","sourceIndex":"328","avBlockList":["360 Total Security (20220331)","Avira Internet Security (20220331)","COMODO Antivirus (20220331)","ESET Internet Security (20220331)","G DATA INTERNET SECURITY (20220331)","K7 Total Security (20220331)","Kaspersky Internet Security (20220331)","Malwarebytes Premium (20220331)","McAfee Total Protection (20220331)","Norton Security (20220331)","Panda Dome (20220331)","Quick Heal Internet Security (20220331)","Sophos Home Premium (20220331)","SpyHunter5 (20220331)","Total AV Antivirus Pro (20220331)","Trend Micro Internet Security (20220331)","VirIT eXplorer PRO (20220331)","Windows Defender (20220331)"],"avAllowList":["Avast Premium Security (20220331)","AVG Internet Security (20220331)","Bitdefender Internet Security (20220331)","Dr.Web Security Space (20220331)","Tencent PC Manager (20220331)","VIPRE Advanced Security (20220331)","Webroot SecureAnywhere (20220331)"]},{"isRevoked":"False","fileName":"BitsBrowserSetupWD.exe","isInstaller":"True","companyName":"Procog LTD","productName":"BitsBrowserSetup","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"d2dc4ae9ef7cd2b02a6e52c4af3a03c9","hashSHA1":"92e3470be3ebd2e123d18df74f1ee953a6d93dc2","hashSHA256":"b4b65da12d329583ff4742df6addf2231c4e714ff272ec5fc471b203436985a4","digitalCertThumbprint":"6C1B4A7BB483B0950889F3F346493075AB0A6301","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Procog LTD","storeId":"","sourceIndex":"328","avBlockList":["360 Total Security (20220331)","Avira Internet Security (20220331)","Bitdefender Internet Security (20220331)","COMODO Antivirus (20220331)","ESET Internet Security (20220331)","G DATA INTERNET SECURITY (20220331)","K7 Total Security (20220331)","Kaspersky Internet Security (20220331)","Malwarebytes Premium (20220331)","McAfee Total Protection (20220331)","Norton Security (20220331)","Panda Dome (20220331)","Quick Heal Internet Security (20220331)","Sophos Home Premium (20220331)","SpyHunter5 (20220331)","Total AV Antivirus Pro (20220331)","Trend Micro Internet Security (20220331)","VIPRE Advanced Security (20220331)","VirIT eXplorer PRO (20220331)","Webroot SecureAnywhere (20220331)","Windows Defender (20220331)"],"avAllowList":["Avast Premium Security (20220331)","AVG Internet Security (20220331)","Dr.Web Security Space (20220331)","Tencent PC Manager (20220331)"]}],"additionalFiles":[],"sources":[{"howFound":"Search \"Torch browser\"  using yahoo.com","reference":"","landingPage":"https://bitsbrowser.com/","directDownloadingLink":"https://dl2.bitsbrowser.com/files1/BitsBrowserSetupWD.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl2.bitsbrowser.com/files1/BitsBrowserSetupWD.exe","sourceIndex":"328"},{"howFound":"","reference":"","landingPage":"https://www.bitsbrowser.com/www-lp3/index.html?msclkid=fa8719c8c04a13d67bed7bd4a19bf005","directDownloadingLink":"https://dl2.bitsbrowser.com/files1/BitsBrowserSetupLp3.exe","ipv4":"","ipv6":"","landingPageWildChar":"","sourceIndex":"329"}],"sampleFiles":["220228/BitBrowser-220227/1.3.35.22215/Samples/BitsBrowserSetupLp3.exe","220228/BitBrowser-220227/1.3.35.22215/Samples/BitsBrowserSetupWD.exe"],"imageFiles":["220228/BitBrowser-220227/1.3.35.22215/Images/ACR-042/BitsBrowser_Install_folder.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-048/ACR-048 _Install_No_Cancel.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-006/ACR-006_Install.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-006/SearchEngine3.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-006/SearchEngine2.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-006/SearchEngine.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-084/ACR-084_Software_process.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-084/ACR-084_Software_Undisclosed.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-084/ACR-084_Software_Undisclosed_1.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-104/ACR-104_Software.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-048/ACR-048_Software_No_Control.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-007/ACR-007_Software.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-118/ACR-118_Uninstall.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-118/ACR-118_Uninstall_1.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-118/ACR-118_Uninstall_2.JPG"],"nonDeceptorImageFiles":["220228/BitBrowser-220227/1.3.35.22215/Images/ACR-065/ACR-065_Install_No_Docs.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-065/ACR-065_Software_No_Docs.JPG","220228/BitBrowser-220227/1.3.35.22215/Images/ACR-036/ACR-036_Docs.JPG"],"guid":"f2d17169-d54c-47a4-b2fa-b5cb3e9b14b0_1.3.35.22215_1","appID":"BitBrowser-220227","dateAdded":"220228","deceptorType":"App","name":"BitsBrowser","company":"Procog Inc.","version":"1.3.35.22215","lastKnownStatus":"1.3.35.22215","lastKnownDate":"241127","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2024-11-27T20:14:00.6791659+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1503},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.  \n","ACR-043":" The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent. It also downloads and installs \"FreeCodePack\" folder in Program Files.\n","ACR-048":"The app does not provide any control to cancel the installation.\nThe non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\"\n","ACR-017":"The application logo is way too similar to the windows and skype logo, misleading representation for the app source.\n","ACR-039":"The app installs \"FreeStudioManager\" without disclosing it to the user and getting user consent.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install. \n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in standard location/folder.\n\n","ACR-065":"The app does not display links to the EULA and/or Terms of Service, Privacy Policy.\n","ACR-099":"The app's landing page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.6.34.315","fileVersion":"6.6.34.315","hashMD5":"652e2a92e8283948cc071ed0c5c81969","hashSHA1":"a33936f3daf89c71070aa50df19c732d86ce0c86","hashSHA256":"6264c70db2be899daba688b675537d9dd38bfb11e70150f721796fbb76fea583","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"330","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeVideoCallRecorder_1.2.69.1027_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free Video Call Recorder for Skype","productVersion":"1.2.69.1027","fileVersion":"1.2.69.1027","hashMD5":"501de42d9d1bbc4087accefc387d119c","hashSHA1":"cd83937664c099ffdda4fc1a637dc805be7c8836","hashSHA256":"49c84715876a8da33501f38ab66753b90586e0e1c70a1ad95a8c85b89f908389","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"330","avBlockList":["Avira Internet Security (20220310)","Bitdefender Internet Security (20220310)","Dr.Web Security Space (20220310)","G DATA INTERNET SECURITY (20220310)","K7 Total Security (20220310)","McAfee Total Protection (20220310)","Norton Security (20220310)","Panda Dome (20220310)","Sophos Home Premium (20220310)","SpyHunter5 (20220310)","Total AV Antivirus Pro (20220310)","Webroot SecureAnywhere (20220310)","Windows Defender (20220310)","VirIT eXplorer PRO (20220310)"],"avAllowList":["360 Total Security (20220310)","Avast Premium Security (20220310)","AVG Internet Security (20220310)","COMODO Antivirus (20220310)","ESET Internet Security (20220310)","Kaspersky Internet Security (20220310)","Malwarebytes Premium (20220310)","Quick Heal Internet Security (20220310)","Tencent PC Manager (20220310)","Trend Micro Internet Security (20220310)","VIPRE Advanced Security (20220310)"]},{"isRevoked":"False","fileName":"FreeVideoCallRecorder.exe","companyName":"Digital Wave Ltd","productName":"Free Video Call Recorder for Skype","productVersion":"1.2.69.1027","fileVersion":"1.2.69.1027","hashMD5":"e5cb4e71e4628aa65660616f02d904fa","hashSHA1":"c0792c35a55b91f9538db935b6174d8e4d7c4c06","hashSHA256":"6e0d317ba7b3ead33bc6e16b381c92ee8cb0911a970bd904d6659f84748973ee","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"330","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-Video-Call-Recorder-for-Skype.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeVideoCallRecorder.exe&ls=topButton","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeVideoCallRecorder.exe&ls=topButton","sourceIndex":"330"}],"sampleFiles":["220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Samples/FreeStudioManager.exe","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Samples/FreeVideoCallRecorder_1.2.69.1027_o.exe","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Samples/FreeVideoCallRecorder.exe"],"imageFiles":["220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-109/FreeStudioManager.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-039/FreeStudioManager.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-043/FreeCodecPack.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-043/FreeStudioManager.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-048/App Install Can't Cancel.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-048/No FreeStudio in Control Panel.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-017/App Setup.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-017/Skype Logo.png"],"nonDeceptorImageFiles":["220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-044/App Installed.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-040/FreeStudioManager.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-065/App About.png","220225/FreeVideoCallRecorderforSkype-220225/1.2.69.1027/Images/ACR-099/App Landing Page.png"],"guid":"d8d6a9e6-c97f-4a63-85db-279dbeb3d2cd_1.2.69.1027_1","appID":"FreeVideoCallRecorderforSkype-220225","dateAdded":"220225","deceptorType":"App","name":"Free Video Call Recorder for Skype","company":"Digital Wave Ltd","version":"1.2.69.1027","lastKnownStatus":"1.2.69.1027","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2024-11-27T20:10:33.2926567+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1504},{"violations":{"ACR-048":"The app does not provide any control to disable the scheduled tasks & the offer popup within the app's settings.\n","ACR-050":"The app create scheduled task to circumvent the platform security (UAC) warning message without details why such scheduled task is needed for the application.\n\n","ACR-059":"After installation, the push notification displays a recommended app that is not marked as Offer & the recommended by \"who\" is not clear.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PCGameBoost\\Smart Game Booster\\5.2.0\\SgbMain.exe","companyName":"Smart Game Booster","productName":"Smart Game Booster","productVersion":"5.2","fileVersion":"5.2.0.567","hashMD5":"d4819d6aa864ee5f3aa33d392828e9d9","hashSHA1":"1b7e956ed6f4e8300575416bf2f8be38206a5438","hashSHA256":"b929a35e9619cf130c4fcaf83d278ec4c9202f15aa3d923e03833e6c384250fd","digitalCertThumbprint":"3A6C75983C893EBDDC76E248D06862C5744A0160","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Chengdu Zhagu Technology Co. Ltd.","storeId":"","sourceIndex":"331","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"smart_game_booster_setup.exe","isInstaller":"True","companyName":"Smart Game Booster                                          ","productName":"Smart Game Booster 5.2                                      ","productVersion":"5.2                                               ","fileVersion":"5.2.0.567           ","hashMD5":"11ac140533d4dc7664cab5b2353df199","hashSHA1":"7787dc4a1407b47f936988bf5c8f2bd89d2b3bd8","hashSHA256":"31c344b54c05cafa47c109995e134513497d7c5af17e9713bd819d18e57c1e44","digitalCertThumbprint":"3A6C75983C893EBDDC76E248D06862C5744A0160","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Chengdu Zhagu Technology Co. Ltd.","storeId":"","sourceIndex":"331","avBlockList":["Avira Internet Security (20220407)","Bitdefender Internet Security (20220407)","Dr.Web Security Space (20220407)","ESET Internet Security (20220407)","G DATA INTERNET SECURITY (20220407)","K7 Total Security (20220303)","Kaspersky Internet Security (20220407)","McAfee Total Protection (20220407)","Norton Security (20220407)","Panda Dome (20220407)","Sophos Home Premium (20220407)","SpyHunter5 (20220407)","Total AV Antivirus Pro (20220407)","VIPRE Advanced Security (20220407)","VirIT eXplorer PRO (20220407)","Windows Defender (20220407)"],"avAllowList":["360 Total Security (20220407)","Avast Premium Security (20220407)","AVG Internet Security (20220407)","COMODO Antivirus (20220407)","Malwarebytes Premium (20220407)","Quick Heal Internet Security (20220407)","Tencent PC Manager (20220407)","Trend Micro Internet Security (20220407)","Webroot SecureAnywhere (20220407)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Game Booster app","reference":"","landingPage":"https://www.pcgameboost.com/index.php","directDownloadingLink":"https://www.pcgameboost.com/download.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcgameboost.com/download.php","sourceIndex":"331"}],"sampleFiles":["220224/smartgamebooster-211126/5.2/Samples/smart_game_booster_setup.exe"],"imageFiles":["220224/smartgamebooster-211126/5.2/Images/ACR-048/ACR-048_Software_No_Control.JPG","220224/smartgamebooster-211126/5.2/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220224/smartgamebooster-211126/5.2/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220224/smartgamebooster-211126/5.2/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","220224/smartgamebooster-211126/5.2/Images/ACR-050/ACR-050_Software.JPG","220224/smartgamebooster-211126/5.2/Images/ACR-059/ACR-059_Bundler-madeoffers_Offer_Not_Clear.JPG","220224/smartgamebooster-211126/5.2/Images/ACR-059/ACR-059_Bundler-madeoffers_Offer_Not_Clear_1.JPG","220224/smartgamebooster-211126/5.2/Images/ACR-059/ACR-059_Bundler-madeoffers_Offer_Not_Clear.JPG","220224/smartgamebooster-211126/5.2/Images/ACR-059/ACR-059_Bundler-madeoffers_Offer_Not_Clear_1.JPG"],"nonDeceptorImageFiles":[],"guid":"b17a83da-dec6-481b-a04a-1b38fc9375e7_5.2_1","appID":"smartgamebooster-211126","dateAdded":"220224","deceptorType":"App","name":"Smart Game Booster","company":"SmartGameBooster","version":"5.2","lastKnownStatus":"5.2","lastKnownDate":"241127","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-27T19:56:29.7735554+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1505},{"violations":{"ACR-042":"Before obtaining proper user consent, the app drops all its files in the \"C:\\Users\\User\\AppData\\Roaming\\\" folder.\n","ACR-043":"The app drops all its components before user makes decision to agree about BrightData borrowing the system resource.\n","ACR-107":"The app installs FFmpeg package and doesn't include the open source license or the source code or link to the source code.\n","ACR-048":"Tthe app didn't provide any control within the app's settings to close the process that runs silently in the background. \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"On quitting the app completely from system tray, one of the processes still runs in the background hiding the fact that it is active from the consumer. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Free Snipping Tool\\App\\Free Snipping Tool.exe","companyName":"","productName":"Free Snipping Tool","productVersion":"5.8.0.0","fileVersion":"5.8.0.0","hashMD5":"a9e26a96ab879e0126f388166a767983","hashSHA1":"47ff78237590d6e37fa50d50ab2e4557c0750477","hashSHA256":"f10b1d4050ed4e57691ae1f4030534076ea09329627f62b0b97335c2374edc84","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","uriToBlock":"","sourceIndex":"1734","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free Snipping Tool - latest.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"0","hashMD5":"30a6f7d32afab50730fe7f8d9d2b1ba0","hashSHA1":"dc2a7c80177f299cf8153d44b49700822410dd35","hashSHA256":"7ce698f6f1790066a5b890c1e55d00355f451d712e8bd3115ae1f31b1e7064ec","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","uriToBlock":"","sourceIndex":"1734","avBlockList":["360 Total Security (20220125)","Avast Premium Security (20220125)","AVG Internet Security (20220125)","Avira Internet Security (20220125)","ESET Internet Security (20220125)","G DATA INTERNET SECURITY (20220125)","K7 Total Security (20220125)","McAfee Total Protection (20220125)","Norton Security (20220125)","Panda Dome (20220125)","Sophos Home Premium (20220125)","SpyHunter5 (20220125)","Total AV Antivirus Pro (20220125)","Trend Micro Internet Security (20220125)","VirIT eXplorer PRO (20220125)","Windows Defender (20220125)"],"avAllowList":["Bitdefender Internet Security (20220125)","COMODO Antivirus (20220125)","Dr.Web Security Space (20220125)","Kaspersky Internet Security (20220125)","Malwarebytes Premium (20220125)","Quick Heal Internet Security (20220125)","Tencent PC Manager (20220125)","VIPRE Advanced Security (20220125)","Webroot SecureAnywhere (20220125)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler","reference":"","landingPage":"https://freesnippingtool.com/download","directDownloadingLink":"https://freesnippingtool.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freesnippingtool.com/download","sourceIndex":"1734"}],"sampleFiles":["220113/FreeSnippingTool-220107/5.8.0.0/Samples/Free Snipping Tool - latest.msi"],"imageFiles":["220113/FreeSnippingTool-220107/5.8.0.0/Images/ACR-043/ACR-043_Install_Drops_All_Files.JPG","220113/FreeSnippingTool-220107/5.8.0.0/Images/ACR-107/ACR-107_Install_Third_Party.JPG","220113/FreeSnippingTool-220107/5.8.0.0/Images/ACR-042/ACR-042_Install_Files_Dropped.JPG","220113/FreeSnippingTool-220107/5.8.0.0/Images/ACR-007/ACR-007_Install_1.JPG","220113/FreeSnippingTool-220107/5.8.0.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220113/FreeSnippingTool-220107/5.8.0.0/Images/ACR-048/ACR-048_Software_No_Control_To_Exit.JPG","220113/FreeSnippingTool-220107/5.8.0.0/Images/ACR-048/ACR-048_Software_No_Control_To_Exit_1.JPG"],"nonDeceptorImageFiles":[],"guid":"1f3bef17-6e77-4266-aa48-fa2a710fadf4_5.8.0.0_1","appID":"FreeSnippingTool-220107","dateAdded":"220221","deceptorType":"Bundler","name":"Free Snipping Tool","company":"freesnippingtool.com","version":"5.8.0.0","sigName":"Deceptor:Win32/FreeSnippingTool!043107042007084048","firstResolvedVersion":"7.3.0.0","resolved":"TRUE","lastKnownStatus":"5.8.0.0;6.2.0.0","lastKnownDate":"220221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-02-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1507},{"violations":{"ACR-107":"The app installs FFmpeg package and doesn't include the open source license or the source code or link to the source code.\n","ACR-048":"The app does not provide any control to remove the startup it created.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"The app creates undisclosed startup item to perform actions without the consumer's knowledge and consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Free Snipping Tool - latest.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"792d26a1fa90ed2708f52bc4a7f945b62ef905f41d6d886e6b680012f3fc1002","sourceIndex":"1548","avBlockList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Avira Internet Security (20220428)","Bitdefender Internet Security (20220428)","ESET Internet Security (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","Kaspersky Internet Security (20220428)","Malwarebytes Premium (20220428)","McAfee Total Protection (20220428)","Norton Security (20220428)","Panda Dome (20220428)","Quick Heal Internet Security (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","Tencent PC Manager (20220428)","Total AV Antivirus Pro (20220428)","Trend Micro Internet Security (20220428)","VIPRE Advanced Security (20220428)","VirIT eXplorer PRO (20220428)","Windows Defender (20220428)"],"avAllowList":["COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","Webroot SecureAnywhere (20220428)"]},{"isRevoked":"False","fileName":"Snip.Clip.exe","companyName":"RSpark LLC","fileVersion":"6.2","hashMD5":"3b7cb90860eefb6394a3eec037581d2a","hashSHA1":"a65db2431a3077c6d24cb57a520f4f6d7194a1f3","hashSHA256":"8a87d0330e0ada616d92812034fc8aab471eb9c973654b78dc1ee0a43f4e9b6d","digitalCertThumbprint":"BF0EA01F5F73FBF75BDF4DC80F9418CDE8E537E6","digitalCertIssuer":"CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=Rspark Limited Liability Company, O=Rspark Limited Liability Company, S=Washington, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Washington, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=603 337 528","sourceIndex":"1548","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"BrightData newer versions","reference":"","landingPage":"https://freesnippingtool.com/","directDownloadingLink":"https://freesnippingtool.com/setups/Free%20Snipping%20Tool%20-%20latest.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://freesnippingtool.com/setups/Free%20Snipping%20Tool%20-%20latest.msi","sourceIndex":"1548"}],"sampleFiles":["220221/FreeSnippingTool-220107/6.2.0.0/Samples/Free Snipping Tool - latest.msi"],"imageFiles":["220221/FreeSnippingTool-220107/6.2.0.0/Images/ACR-107/ACR-107_Install_Third_Party.JPG","220221/FreeSnippingTool-220107/6.2.0.0/Images/ACR-007/ACR-007_Install_Shares_Resources.JPG","220221/FreeSnippingTool-220107/6.2.0.0/Images/ACR-084/ACR-084_Software_Undisclosed_Startup.JPG","220221/FreeSnippingTool-220107/6.2.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG"],"nonDeceptorImageFiles":[],"guid":"1f3bef17-6e77-4266-aa48-fa2a710fadf4_6.2.0.0_1","appID":"FreeSnippingTool-220107","dateAdded":"220221","deceptorType":"Bundler","name":"Free Snipping Tool","company":"freesnippingtool.com","version":"6.2.0.0","firstResolvedVersion":"7.3.0.0","resolved":"TRUE","lastKnownStatus":"5.8.0.0;6.2.0.0","lastKnownDate":"220221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-22T18:55:29.4456246+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1506},{"violations":{"ACR-109":"The app installs a Facebook shortcut without disclosing it to the user and gets user consent.\n","ACR-042":"The app installs a Facebook shortcut without disclosing it to the user and gets user consent.\n","ACR-043":"The app installs a Facebook shortcut without disclosing it to the user and gets user consent.\n","ACR-039":"The app installs a Facebook shortcut without disclosing it to the user and gets user consent.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not provide uninstall information in the software.\nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"OperaSetup.exe","isInstaller":"True","companyName":"Opera Software","productName":"Opera Installer","productVersion":"84.0.4316.14","fileVersion":"84.0.4316.14","hashMD5":"c4927e3a9c97aca1fe24226b4be811cd","hashSHA1":"e5edba06eb47ea4cd725b4e2a86b009770702edb","hashSHA256":"5870042bbe6812e41a39898f920aa90946f1703ae23bb4ff7b8032302c42de79","digitalCertThumbprint":"878B0B298671F44FC739C08D826BB22DB1A2A021","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Opera Software AS","storeId":"","sourceIndex":"218","avBlockList":["Bitdefender Internet Security (20220428)","ESET Internet Security (20220428)","Norton Security (20220428)","Quick Heal Internet Security (20220428)","Sophos Home Premium (20220428)","SpyHunter5 (20220428)","VIPRE Advanced Security (20220428)","Webroot SecureAnywhere (20220428)"],"avAllowList":["360 Total Security (20220428)","Avast Premium Security (20220428)","AVG Internet Security (20220428)","Avira Internet Security (20220428)","COMODO Antivirus (20220428)","Dr.Web Security Space (20220428)","G DATA INTERNET SECURITY (20220428)","K7 Total Security (20220428)","Kaspersky Internet Security (20220428)","Malwarebytes Premium (20220428)","McAfee Total Protection (20220428)","Panda Dome (20220428)","Tencent PC Manager (20220428)","Total AV Antivirus Pro (20220428)","Trend Micro Internet Security (20220428)","VirIT eXplorer PRO (20220428)","Windows Defender (20220428)"]}],"additionalFiles":[],"sources":[{"howFound":"Bundler from Outbyte Pcrepair App","reference":"","landingPage":"https://www.opera.com/computer?utm_campaign=%2300%20-%20WW%20-%20Search%20-%20EN%20-%20Branded&gclid=EAIaIQobChMI0vvbydK38wIVFiQrCh29LgRIEAAYASABEgKUO_D_BwE","directDownloadingLink":"https://www.opera.com/computer/thanks?ni=stable&os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.opera.com/computer/thanks?ni=stable&os=windows","sourceIndex":"218"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","landingPageWildChar":"https://www.opera.com/partner?utm_medium=pb&utm_source=softonic&utm_campaign=search","sourceIndex":"219"}],"sampleFiles":["220218/operabrowser-211007/84.0.4316.14/Samples/OperaSetup.exe"],"imageFiles":["220218/operabrowser-211007/84.0.4316.14/Images/ACR-109/ACR-109_Install.JPG","220218/operabrowser-211007/84.0.4316.14/Images/ACR-109/ACR-109_Install.mp4","220218/operabrowser-211007/84.0.4316.14/Images/ACR-039/ACR-039_Install.JPG","220218/operabrowser-211007/84.0.4316.14/Images/ACR-043/ACR-043_Install.JPG","220218/operabrowser-211007/84.0.4316.14/Images/ACR-042/ACR-042_Install.JPG"],"nonDeceptorImageFiles":["220218/operabrowser-211007/84.0.4316.14/Images/ACR-099/ACR-099_Software_No_UninstallInfo.JPG","220218/operabrowser-211007/84.0.4316.14/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.JPG"],"guid":"3bd3fd41-7547-46e2-a1ea-9f58e9c4f8f2_84.0.4316.14_1","appID":"operabrowser-211007","dateAdded":"220218","deceptorType":"App","name":"Opera Browser","company":"Opera Software","version":"84.0.4316.14","firstVendorContactDate":"250424","firstAppEsteemReplyDate":"250424","firstResolvedDate":"250424","firstResolvedVersion":"118.0.5461.60","resolved":"TRUE","lastKnownStatus":"83.0.4254.27;84.0.4316.14","lastKnownDate":"220218","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,search","lastUpdate":"2025-04-24T18:10:58.1808558+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1508},{"violations":{"ACR-109":"The app installs a Facebook shortcut without disclosing it to the user and gets user consent.\n","ACR-042":"The app installs a Facebook shortcut without disclosing it to the user and gets user consent.\n","ACR-043":"The app installs a Facebook shortcut without disclosing it to the user and gets user consent.\n","ACR-039":"The app installs a Facebook shortcut without disclosing it to the user and gets user consent.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not provide uninstall information in the software.\nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"OperaSetup.exe","isInstaller":"True","companyName":"Opera Software","productName":"Opera Internet Browser","productVersion":"83.0.4254.27","fileVersion":"83.0.4254.27","hashMD5":"127c6ca9ac6431e01a02c437811c4901","hashSHA1":"3634476bfb05dd1c2d3fd3ca83b3e9d141a7115f","hashSHA256":"945a4d3dc04de92606e95a3d68b127aef77c75580cfd6a5259ccd8d51f8e4aae","digitalCertThumbprint":"878B0B298671F44FC739C08D826BB22DB1A2A021","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Opera Software AS, O=Opera Software AS, L=Oslo, C=NO, SERIALNUMBER=916 368 127, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NO","sourceIndex":"1719","avBlockList":["Bitdefender Internet Security (20220217)","ESET Internet Security (20220217)","K7 Total Security (20220217)","McAfee Total Protection (20220217)","Norton Security (20220217)","Sophos Home Premium (20220217)","SpyHunter5 (20220217)","VIPRE Advanced Security (20220217)"],"avAllowList":["360 Total Security (20220217)","Avast Premium Security (20220217)","AVG Internet Security (20220217)","Avira Internet Security (20220217)","COMODO Antivirus (20220217)","Dr.Web Security Space (20220217)","G DATA INTERNET SECURITY (20220217)","Kaspersky Internet Security (20220217)","Malwarebytes Premium (20220217)","Panda Dome (20220217)","Quick Heal Internet Security (20220217)","Tencent PC Manager (20220217)","Total AV Antivirus Pro (20220217)","Trend Micro Internet Security (20220217)","VirIT eXplorer PRO (20220217)","Webroot SecureAnywhere (20220217)","Windows Defender (20220217)"]}],"additionalFiles":[],"sources":[{"howFound":"downloaded from https://filehippo.com/ website","reference":"","landingPage":"https://filehippo.com/download_opera/","directDownloadingLink":"https://www.opera.com/computer/thanks?ni=stable&os=windows","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.opera.com/computer/thanks?ni=stable&os=windows","sourceIndex":"1719"}],"sampleFiles":["220202/operabrowser-211007/83.0.4254.27/Samples/OperaSetup.exe"],"imageFiles":["220202/operabrowser-211007/83.0.4254.27/Images/ACR-109/Opera FB Shortcut.png","220202/operabrowser-211007/83.0.4254.27/Images/ACR-109/Opera Install Video.mp4","220202/operabrowser-211007/83.0.4254.27/Images/ACR-043/Opera FB Shortcut.png","220202/operabrowser-211007/83.0.4254.27/Images/ACR-042/Opera FB Shortcut.png"],"nonDeceptorImageFiles":["220202/operabrowser-211007/83.0.4254.27/Images/ACR-099/Opera About.png","220202/operabrowser-211007/83.0.4254.27/Images/ACR-099/Opera Landing Page.png"],"guid":"3bd3fd41-7547-46e2-a1ea-9f58e9c4f8f2_83.0.4254.27_1","appID":"operabrowser-211007","dateAdded":"220218","deceptorType":"App","name":"Opera Browser","company":"Opera Software","version":"83.0.4254.27","sigName":"Deceptor:Win32/OperaBrowserBundle!109039043042","firstVendorContactDate":"250424","firstAppEsteemReplyDate":"250424","firstResolvedDate":"250424","firstResolvedVersion":"118.0.5461.60","resolved":"TRUE","lastKnownStatus":"83.0.4254.27;84.0.4316.14","lastKnownDate":"220218","type":"Windows Executable","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,search","lastUpdate":"2025-04-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1509},{"violations":{"ACR-043":"The app drops all its components before accepting the \"Terms Of Use\".\n","ACR-048":"The app does not provide any control to enable/disable sharing network connection for money earning feature inside the software.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by sharing an ip/network connection.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying user\n"},"nonDeceptorViolations":{"ACR-045":"The app does not provide any control to enable/disable the sharing network connection for money earning feature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Honeygain\\Honeygain.exe","companyName":"","productName":"Honeygain","productVersion":"0.11.2.0","fileVersion":"0.11.2.0","hashMD5":"5b876f072f2b407bba7639e592f9edb7","hashSHA1":"9122666b6b953d86f4b7fb35104de2c5bf689543","hashSHA256":"bafc22c172d5d471f4c4c456ece29d136647f2d5611fb006b5d4951d28d4a178","digitalCertThumbprint":"904C0F0BAC79C07B0C877598F8FF836CDA93CB62","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"OOO ","storeId":"","sourceIndex":"1576","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Honeygain_install.exe","isInstaller":"True","companyName":"Honeygain","productName":"Honeygain","productVersion":"0.11.2.0","fileVersion":"0.11.2.0","hashMD5":"9581421048e56ac61b250e67b581a4da","hashSHA1":"de499df3b47f489a038bf33d07a8e55e47aecfcc","hashSHA256":"e99087b74d6aa0096bbf35dfb92334f37b19b518ebcb31fdb98695b54cfbf535","digitalCertThumbprint":"904C0F0BAC79C07B0C877598F8FF836CDA93CB62","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"OOO ","storeId":"","sourceIndex":"1576","avBlockList":["360 Total Security (20220317)","Avast Premium Security (20220317)","AVG Internet Security (20220317)","Avira Internet Security (20220317)","ESET Internet Security (20220317)","K7 Total Security (20220317)","Kaspersky Internet Security (20220317)","McAfee Total Protection (20220317)","Panda Dome (20220317)","Quick Heal Internet Security (20220317)","Sophos Home Premium (20220317)","SpyHunter5 (20220317)","Total AV Antivirus Pro (20220317)","VirIT eXplorer PRO (20220317)","Webroot SecureAnywhere (20220317)","Windows Defender (20220317)"],"avAllowList":["Bitdefender Internet Security (20220317)","COMODO Antivirus (20220317)","Dr.Web Security Space (20220317)","G DATA INTERNET SECURITY (20220317)","Malwarebytes Premium (20220317)","Norton Security (20220317)","Tencent PC Manager (20220317)","Trend Micro Internet Security (20220317)","VIPRE Advanced Security (20220317)"]}],"additionalFiles":[],"sources":[{"howFound":"Search share network passive  money","reference":"","landingPage":"https://www.honeygain.com","directDownloadingLink":"https://www.honeygain.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.honeygain.com/download/","sourceIndex":"1576"}],"sampleFiles":["220216/HoneyGain-220106/0.11.2.0/Samples/Honeygain_install.exe"],"imageFiles":["220216/HoneyGain-220106/0.11.2.0/Images/ACR-043/ACR-043_Install.JPG","220216/HoneyGain-220106/0.11.2.0/Images/ACR-007/ACR-007_Software.JPG","220216/HoneyGain-220106/0.11.2.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","220216/HoneyGain-220106/0.11.2.0/Images/ACR-118/ACR-118_Uninstall.JPG"],"nonDeceptorImageFiles":["220216/HoneyGain-220106/0.11.2.0/Images/ACR-045/ACR-045_Install.JPG"],"guid":"a3c44006-282b-482f-b9d3-8ea4072719ee_0.11.2.0_1","appID":"HoneyGain-220106","dateAdded":"220216","deceptorType":"App","name":"Honey gain","company":"Honeygain","version":"0.11.2.0","firstVendorContactDate":"220419","firstAppEsteemReplyDate":"220419","firstResolvedDate":"220601","firstResolvedVersion":"0.11.9.0","resolved":"TRUE","lastKnownStatus":"0.11.2.0","lastKnownDate":"220216","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-01T21:25:19.7576128+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1510},{"violations":{"ACR-043":"The app drops all its components before accepting the \"Terms Of Use\".\n","ACR-048":"The app does not provide any control to enable/disable sharing network connection for money earning feature inside the software.\n","ACR-007":"The app does not obtain user consent to reduce the consumer's security posture caused by sharing an ip/network connection.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying user\n"},"nonDeceptorViolations":{"ACR-045":"The app does not provide any control to enable/disable the sharing network connection for money earning feature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\Honeygain\\Honeygain.exe","companyName":"","productName":"Honeygain","productVersion":"0.10.7.0","fileVersion":"0.10.7.0","hashMD5":"5a25344a89b67d159aa8a67b9b340394","hashSHA1":"e4affc951a50edb710dd68252cc1694c139d9991","hashSHA256":"ebee5430dc2d9305cb41d337e3303ff179599aa272d5d9f1ce21c87b60550c9b","digitalCertThumbprint":"904C0F0BAC79C07B0C877598F8FF836CDA93CB62","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"OOO ","storeId":"","sourceIndex":"1705","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Honeygain_install.exe","isInstaller":"True","companyName":"Honeygain","productName":"Honeygain","productVersion":"0.10.7.0","fileVersion":"0.10.7.0","hashMD5":"a10804b42e9ac39cfb2843a6d367c777","hashSHA1":"331c0790f26df36868818ed9ddbaf3db95fe4ebc","hashSHA256":"3dd8c3a3b1689841c9bcc29091261ec39066453eb2edd5296cb27cb6744593f8","digitalCertThumbprint":"904C0F0BAC79C07B0C877598F8FF836CDA93CB62","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"OOO ","storeId":"","sourceIndex":"1705","avBlockList":["Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","ESET Internet Security (20220127)","Kaspersky Internet Security (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Total AV Antivirus Pro (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":["360 Total Security (20220127)","Bitdefender Internet Security (20220127)","COMODO Antivirus (20220127)","Dr.Web Security Space (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","Malwarebytes Premium (20220127)","Tencent PC Manager (20220127)","Trend Micro Internet Security (20220127)","VIPRE Advanced Security (20220127)"]}],"additionalFiles":[],"sources":[{"howFound":"Search share network passive  money","reference":"https://www.honeygain.com","landingPage":"https://www.honeygain.com/download/","ipv4":"","ipv6":"","sourceIndex":"1705"}],"sampleFiles":["220216/HoneyGain-220106/0.10.7.0/Samples/Honeygain_install.exe"],"imageFiles":["220216/HoneyGain-220106/0.10.7.0/Images/ACR-043/ACR-043_Install_1.JPG","220216/HoneyGain-220106/0.10.7.0/Images/ACR-048/ACR-048_Software_No_Control.png","220216/HoneyGain-220106/0.10.7.0/Images/ACR-118/ACR-118_Uninstall_1.JPG"],"nonDeceptorImageFiles":["220216/HoneyGain-220106/0.10.7.0/Images/ACR-045/ACR-045_Install_1.png"],"guid":"a3c44006-282b-482f-b9d3-8ea4072719ee_0.10.7.0_1","appID":"HoneyGain-220106","dateAdded":"220216","deceptorType":"App","name":"Honey gain","company":"Honeygain","version":"0.10.7.0","sigName":"Deceptor:Win32/Honeygain!043042007048118","firstVendorContactDate":"220419","firstAppEsteemReplyDate":"220419","firstResolvedDate":"220601","firstResolvedVersion":"0.11.9.0","resolved":"TRUE","lastKnownStatus":"0.11.2.0","lastKnownDate":"220216","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1511},{"violations":{"ACR-109":"The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020\n","ACR-042":"The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020\n","ACR-043":"The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020\n","ACR-048":"The app does not provide an option to cancel the installation.\n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source.\n","ACR-084":"The app_updater service is running in the background without the user's awareness, and lack of interface for the user to disable its service.\n","ACR-116":"The app cannot be uninstalled by the platform standard uninstall method.\n","ACR-039":"The app installs the following without disclosing it to the user and getting user consent. \n-FreeStudioManager\n-FreeCodecPack\n-BraveBrowserSetup-DVD020\n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires. \n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install. \n","ACR-040":"The app did not disclose components \"FreeStudioManager\" and \"BraveBrowser\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy. \n The app does not display links to the Returns and Cancellation Policy, Privacy Policy. \n The landing page does not display links to the Returns and Cancellation Policy. \nThe internal offers page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app's  About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe internal offers page does not contain links to uninstall information.\n","ACR-123":"An app uninstallation needs to revert the consumer's system state prior to the original app installation.\n"},"samples":[{"isRevoked":"False","fileName":"BraveBrowserSetup-DVD020.exe","companyName":"BraveSoftware Inc.","productName":"Brave Software","productVersion":"1.3.99.0","fileVersion":"1.3","hashMD5":"0519aebec30c49c3adb499b85785d657","hashSHA1":"e2782c8ca88ff8f8be19e1e416a8e9220f5c5f45","hashSHA256":"244eebc168e87dc352c86346091cb392145f57bf9795faefa7cead20eb1a744a","digitalCertThumbprint":"D8FB5FD2EC5048777426E06E40E9A07D2A31A958","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Brave Software, Inc.\", O=\"Brave Software, Inc.\", L=San Francisco, S=California, C=US","sourceIndex":"1710","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.7.3.1110","fileVersion":"6.7","hashMD5":"a34b76ecd943bee4bac9930c25c87d48","hashSHA1":"253c36c886b7e7728a7a70b2243b9443e5a5348d","hashSHA256":"8da4a6a74b53a851075d19ffb564a07ebb53137769e63005ad80b945b18ee126","digitalCertThumbprint":"DA8577A19BC10B481B0C91BD2AC66ED86699BC98","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=mail@vimpel.net, CN=Vympel LLC, O=Vympel LLC, STREET=\"Krasnoselskaya St., 11B, of. 328\", L=Nizhny Novgorod, S=Nizhegorodskaya oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Nizhegorodskaya oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1095262001438, OID.2.5.4.15=Private Organization","sourceIndex":"1710","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VimeoDownload_2.1.34.1110_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Vimeo Download","productVersion":"2.1.34.1110","fileVersion":"2.1","hashMD5":"82b9acfe99f486b32410c7c40ecf2f1b","hashSHA1":"f4eebc4deb9e3850c20b5d0b242265e58d6c60f1","hashSHA256":"cf3796652dd70c41f75c90d4abf31657995899de0f045d517a3b5940f444fc9d","digitalCertThumbprint":"DA8577A19BC10B481B0C91BD2AC66ED86699BC98","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=mail@vimpel.net, CN=Vympel LLC, O=Vympel LLC, STREET=\"Krasnoselskaya St., 11B, of. 328\", L=Nizhny Novgorod, S=Nizhegorodskaya oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Nizhegorodskaya oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1095262001438, OID.2.5.4.15=Private Organization","sourceIndex":"1710","avBlockList":["360 Total Security (20220505)","Avast Premium Security (20220505)","AVG Internet Security (20220505)","Avira Internet Security (20220505)","COMODO Antivirus (20220505)","Dr.Web Security Space (20220505)","G DATA INTERNET SECURITY (20220505)","K7 Total Security (20220505)","McAfee Total Protection (20220505)","Norton Security (20220505)","Panda Dome (20220505)","Quick Heal Internet Security (20220505)","Sophos Home Premium (20220505)","SpyHunter5 (20220505)","Total AV Antivirus Pro (20220505)","VirIT eXplorer PRO (20220505)","Webroot SecureAnywhere (20220505)","Windows Defender (20220505)"],"avAllowList":["Bitdefender Internet Security (20220505)","ESET Internet Security (20220505)","Kaspersky Internet Security (20220505)","Malwarebytes Premium (20220505)","Tencent PC Manager (20220505)","Trend Micro Internet Security (20220505)","VIPRE Advanced Security (20220505)"]},{"isRevoked":"False","fileName":"VimeoDownload.exe","companyName":"Digital Wave Ltd","productName":"Vimeo Download","productVersion":"2.1.34.1110","fileVersion":"2.1","hashMD5":"65c4826ecd08a462ffda793c7ce77f9d","hashSHA1":"91384d55ab451db56d0cc868db317faf2de60d77","hashSHA256":"3411cd81e6d0c29de7b137bc102039f0dfc063d2fd3cbc35b07db9bba12b9bea","digitalCertThumbprint":"DA8577A19BC10B481B0C91BD2AC66ED86699BC98","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=mail@vimpel.net, CN=Vympel LLC, O=Vympel LLC, STREET=\"Krasnoselskaya St., 11B, of. 328\", L=Nizhny Novgorod, S=Nizhegorodskaya oblast, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Nizhegorodskaya oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1095262001438, OID.2.5.4.15=Private Organization","sourceIndex":"1710","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Vimeo-Download.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=VimeoDownload.exe&ls=topWinPrimary","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=VimeoDownload.exe&ls=topWinPrimary","sourceIndex":"1710"}],"sampleFiles":["220214/VimeoDownload-220212/2.1.34.1110/Samples/BraveBrowserSetup-DVD020.exe","220214/VimeoDownload-220212/2.1.34.1110/Samples/FreeStudioManager.exe","220214/VimeoDownload-220212/2.1.34.1110/Samples/VimeoDownload_2.1.34.1110_o.exe","220214/VimeoDownload-220212/2.1.34.1110/Samples/VimeoDownload.exe"],"imageFiles":["220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-109/App Shortcut.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-109/BraveBrowser.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-109/FreeCodec Install.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-109/FreeStudioManager.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-039/App Shortcut.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-039/BraveBrowser.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-039/FreeCodec Install.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-039/FreeStudioManager.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-043/BraveBrowser.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-043/FreeCodec Install.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-043/FreeStudioManager.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-042/BraveBrowser.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-042/FreeCodec Install.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-042/FreeStudioManager.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-048/App Install.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-017/UAC.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-084/App Updater.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-116/Uninstall Video.mp4","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-164/Offer Page 1.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-164/Offer Page 2.png"],"nonDeceptorImageFiles":["220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-044/App Shortcut.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-040/BraveBrowser.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-040/FreeStudioManager.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-065/App EULA.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-065/App About.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-065/App Landing Page.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-065/Offer Page 1.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-065/Offer Page 2.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-099/App About.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-099/App Landing Page.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-099/Offer Page 1.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-099/Offer Page 2.png","220214/VimeoDownload-220212/2.1.34.1110/Images/ACR-123/Uninstall Video.mp4"],"guid":"29cecd4f-f35c-49e2-a13c-b5667064873c_2.1.34.1110_1","appID":"VimeoDownload-220212","dateAdded":"220214","deceptorType":"App","name":"Vimeo Download","company":"Digital Wave Ltd","version":"2.1.34.1110","sigName":"Deceptor:Win32/VimeoDownload!109039043042048017084116164","lastKnownStatus":"2.1.34.1110","lastKnownDate":"220214","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-02-14T17:46:57.0882181+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1512},{"violations":{"ACR-048":"The app install wizard does not allow to cancel the installation.\n","ACR-004":"The app needs to provide free fix for the identified issues identified during “Free Scan”\n","ACR-014":"The app displays \"Malicious Items were found\" when no threats are found after the scan misleading the consumer to take an action.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs \"wiperrm.exe\" in the system32 folder, not in application installed folder without disclosing it to the user and getting user consent.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy. \nThe landing page does not display links to the Returns and Cancellation Policy. \nThe offer page does not display links to the Returns and Cancellation Policy. \n"},"samples":[{"isRevoked":"False","fileName":"WiperSoft-installer.exe","isInstaller":"True","companyName":"Wiper Software, UAB","productName":"WiperSoft","productVersion":"1.1.120.32","fileVersion":"1.1.120.32","hashMD5":"26b56223fc79ac551b88b47dc8116358","hashSHA1":"eed5a3c1ec2c0812d35babca0fba7e9ca2e838fe","hashSHA256":"fd9dbb971a9995f6d146237933fbe27f18217d3cacbb6da121de4cc9590030be","digitalCertThumbprint":"9F603D3304D783DD6CA78239796E4D42399E25EB","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Wiper Software, UAB\", O=\"Wiper Software, UAB\", STREET=Spanguoliu g. 3, STREET=Radikių k, L=Kaunas, S=Kaunas, PostalCode=LT-54379, C=LT, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT, SERIALNUMBER=304294125","sourceIndex":"1561","avBlockList":["Avast Premium Security (20220222)","AVG Internet Security (20220222)","Avira Internet Security (20220222)","ESET Internet Security (20220222)","K7 Total Security (20220222)","Kaspersky Internet Security (20220222)","Malwarebytes Premium (20220222)","McAfee Total Protection (20220222)","Norton Security (20220222)","Panda Dome (20220222)","Sophos Home Premium (20220222)","Total AV Antivirus Pro (20220222)","Trend Micro Internet Security (20220222)","VirIT eXplorer PRO (20220222)","Windows Defender (20220222)"],"avAllowList":["360 Total Security (20220222)","Bitdefender Internet Security (20220222)","COMODO Antivirus (20220222)","Dr.Web Security Space (20220222)","G DATA INTERNET SECURITY (20220222)","Quick Heal Internet Security (20220222)","SpyHunter5 (20220222)","Tencent PC Manager (20220222)","VIPRE Advanced Security (20220222)","Webroot SecureAnywhere (20220222)"]},{"isRevoked":"False","fileName":"WiperSoft.exe","companyName":"Wiper Software, UAB","productName":"WiperSoft","productVersion":"1.1.1157.32","fileVersion":"1.1.1157.32","hashMD5":"95b4ece684412d030b6288d203750164","hashSHA1":"4a00a49cb898324d545c7f66655755462e05525c","hashSHA256":"c58278609570f0dd5b556f28d51e201009be76f3bfd71402a42366cd0baab757","digitalCertThumbprint":"9F603D3304D783DD6CA78239796E4D42399E25EB","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Wiper Software, UAB\", O=\"Wiper Software, UAB\", STREET=Spanguoliu g. 3, STREET=Radikių k, L=Kaunas, S=Kaunas, PostalCode=LT-54379, C=LT, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT, SERIALNUMBER=304294125","sourceIndex":"1561","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"spyfu.com \"outbyte.com\" competitor","reference":"","landingPage":"https://www.wipersoft.com/","directDownloadingLink":"https://www.wipersoft.com/download-instructions/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.wipersoft.com/download-instructions/","sourceIndex":"1561"}],"sampleFiles":["220212/WiperSoft-180124/1.1.1157.32/Samples/WiperSoft-installer.exe","220212/WiperSoft-180124/1.1.1157.32/Samples/WiperSoft.exe"],"imageFiles":["220212/WiperSoft-180124/1.1.1157.32/Images/ACR-048/App Install.png","220212/WiperSoft-180124/1.1.1157.32/Images/ACR-164/Payment Info.png","220212/WiperSoft-180124/1.1.1157.32/Images/ACR-164/Wipersoft Offer Page.png","220212/WiperSoft-180124/1.1.1157.32/Images/ACR-014/App Malicious were found.png","220212/WiperSoft-180124/1.1.1157.32/Images/ACR-014/App No Threats Found.png","220212/WiperSoft-180124/1.1.1157.32/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG"],"nonDeceptorImageFiles":["220212/WiperSoft-180124/1.1.1157.32/Images/ACR-040/Wiperrm in System32.png","220212/WiperSoft-180124/1.1.1157.32/Images/ACR-065/App EULA.png","220212/WiperSoft-180124/1.1.1157.32/Images/ACR-065/Wipersoft Landing Page.png","220212/WiperSoft-180124/1.1.1157.32/Images/ACR-065/Wipersoft Offer Page.png"],"guid":"71950966-674e-46df-9c2d-cb3a7ad967f5_1.1.1157.32_1","appID":"WiperSoft-180124","dateAdded":"220212","deceptorType":"App","name":"WiperSoft","company":"Wiper Software, UAB","version":"1.1.1157.32","firstVendorContactDate":"220606","firstAppEsteemReplyDate":"220606","firstResolvedDate":"220613","firstResolvedVersion":"1.1.1158.64","resolved":"TRUE","lastKnownStatus":"Deceptor:1.1.1142.64;1.1.1143.64;NonCertified:1.1.116.32;1.1.1157.32","lastKnownDate":"220212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-06-13T20:21:24.6896603+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1513},{"violations":{"ACR-004":"The app needs to provide free fix for the identified issues identified during “Free Scan”\n","ACR-014":"The app displays \"Computer is at risk\" without scanning and identifying issues is misleading the consumer to take an action.\n"},"nonDeceptorViolations":{"ACR-088":"The app performs system scan automatically without the consumer's action and authorization.\n","ACR-157":"The certified app should be signed with signing cert that is exclusively used for certified app. Please get the right signing cert ready for this app after it passes all other ACRs and get this final build be signed with right signing cert.\n","ACR-099":"The app needs to disclose uninstall information in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\WiperSoft\\WiperSoft-inst.exe","companyName":"WiperSoft","productName":"WiperSoft","productVersion":"1.1.113.32","fileVersion":"1.1.113.32","hashMD5":"9e3604e2f65d31c8a6a01fd3ddbecc39","hashSHA1":"d0efc6e4a424e277239c535802d66b619bd02872","hashSHA256":"af24fcdd574c1097cc1709c9be008fe129c7a9d0ec9690c7694940e3b482afa6","digitalCertThumbprint":"50FA70177010BFCBECB288815CE20B946D62355A","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Wiper Software UAB","sourceIndex":"3189","avBlockList":["ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Windows Defender (20190131)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\WiperSoft\\WiperSoft.exe","companyName":"WiperSoft","productName":"WiperSoft","productVersion":"1.1.1143.64","fileVersion":"1.1.1143.64","hashMD5":"221c1c1b3cfef8fb4c1490271e40b4f0","hashSHA1":"7fb09ccc03e5aa907e2a4d3935d61427330617df","hashSHA256":"7d8442cae7321a18430b02f03af76a1a4848e20459e8bda95dda3b27a420df84","digitalCertThumbprint":"50FA70177010BFCBECB288815CE20B946D62355A","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Wiper Software UAB","sourceIndex":"3189","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiperSoft-installer (1).exe","isInstaller":"True","companyName":"WiperSoft","productName":"WiperSoft","productVersion":"1.1.113.32","fileVersion":"1.1.113.32","hashMD5":"9e3604e2f65d31c8a6a01fd3ddbecc39","hashSHA1":"d0efc6e4a424e277239c535802d66b619bd02872","hashSHA256":"af24fcdd574c1097cc1709c9be008fe129c7a9d0ec9690c7694940e3b482afa6","digitalCertThumbprint":"50FA70177010BFCBECB288815CE20B946D62355A","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Wiper Software UAB","sourceIndex":"3189","avBlockList":["ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Windows Defender (20190131)"]},{"isRevoked":"False","fileName":"C:\\Windows\\System32\\wiperrm.exe","companyName":"Wiper Software","productName":"WiperSoft","productVersion":"1.1.1xxx.0000","fileVersion":"1.00.04.0000 built by: WinDDK","hashMD5":"6a9ef3c0dc959994ae68f4b75147532c","hashSHA1":"d924ad3880a68d382342bf3b189663ef606775e0","hashSHA256":"f7f5b0ef82f3a3ad9f87df6b609f7969572288871aa92eb600a71248887ce5e6","digitalCertThumbprint":"50FA70177010BFCBECB288815CE20B946D62355A","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Wiper Software UAB","sourceIndex":"3189","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"security partner report","landingPage":"https://www.wipersoft.com/","directDownloadingLink":"http://www.wipersoft.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wipersoft.com/download","sourceIndex":"3189"}],"sampleFiles":["190123/WiperSoft-180124/1.1.1143.64/Samples/WiperSoft-installer (1).exe"],"imageFiles":["190123/WiperSoft-180124/1.1.1143.64/Images/ACR-014/ACR-014_Software_MisleadingStatement.JPG","190123/WiperSoft-180124/1.1.1143.64/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","190123/WiperSoft-180124/1.1.1143.64/Images/ACR-004/WiperSoft_oo4.png"],"nonDeceptorImageFiles":["190123/WiperSoft-180124/1.1.1143.64/Images/ACR-088/ACR-088_Software_AutoScan_Post_Install.JPG","190123/WiperSoft-180124/1.1.1143.64/Images/ACR-099/ACR-099_LandingPage_NoUninstall_Info.JPG"],"guid":"71950966-674e-46df-9c2d-cb3a7ad967f5_1.1.1143.64_1","appID":"WiperSoft-180124","dateAdded":"220212","deceptorType":"App","name":"WiperSoft","company":"Wiper Software, UAB","version":"1.1.1143.64","firstVendorContactDate":"220606","firstAppEsteemReplyDate":"220606","firstResolvedDate":"220613","firstResolvedVersion":"1.1.1158.64","resolved":"TRUE","lastKnownStatus":"Deceptor:1.1.1142.64;1.1.1143.64;NonCertified:1.1.116.32;1.1.1157.32","lastKnownDate":"220212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-06-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1514},{"violations":{"ACR-003":"The app exaggerates Cookies as being threats, thereby misleading or scaring the consumer to take action.\n","ACR-014":"there is no way for the consumer to substantiate the claims of threats found.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"WiperSoft-installer.exe","isInstaller":"True","companyName":"WiperSoft","productName":"WiperSoft","productVersion":"1.1.112.32","fileVersion":"1.1.112.32","hashMD5":"1c0b84ce4fb449c6d8a859bcb4045849","hashSHA1":"9a04236169319139e7628fe6bacfbadc727f5919","hashSHA256":"fa1373eb95b42dc774377dfa5a9b04c548ba8c970d710282c43811eb32734304","digitalCertThumbprint":"50FA70177010BFCBECB288815CE20B946D62355A","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Wiper Software, UAB\", O=\"Wiper Software, UAB\", L=Kaunas, C=LT, SERIALNUMBER=304294125, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT","sourceIndex":"3319","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiperSoft.exe","companyName":"WiperSoft","productName":"WiperSoft","productVersion":"1.1.1142.64","fileVersion":"1.1.1142.64","hashMD5":"0319366621eb35c1f28bc3c30e7e391d","hashSHA1":"ae4e20b8961d38e939b4e741d10c309648c5ef17","hashSHA256":"69a1af880e89d37ddad105c93418bbfc5f1b84ea9bddabbcf853dd1555076b60","digitalCertThumbprint":"50FA70177010BFCBECB288815CE20B946D62355A","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Wiper Software, UAB\", O=\"Wiper Software, UAB\", L=Kaunas, C=LT, SERIALNUMBER=304294125, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=LT","sourceIndex":"3319","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"https://www.wipersoft.com/","directDownloadingLink":"http://wiper.wipersoft.com/downloadinst.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://wiper.wipersoft.com/downloadinst.php","sourceIndex":"3319"}],"sampleFiles":["190123/WiperSoft-180124/1.1.1142.64/Samples/WiperSoft-installer.exe","190123/WiperSoft-180124/1.1.1142.64/Samples/WiperSoft.exe"],"imageFiles":["190123/WiperSoft-180124/1.1.1142.64/Images/ACR-003/ACR_003_SOFTWARE.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-014/ACR_014_SOFTWARE_SCREENSHOT_1.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-014/ACR_014_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["190123/WiperSoft-180124/1.1.1142.64/Images/ACR-065/ACR_065_INSTALL.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-065/ACR_065_SOFTWARE.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_1.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_2.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_3.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_4.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-099/ACR_099_SOFTWARE.PNG","190123/WiperSoft-180124/1.1.1142.64/Images/ACR-099/INTERNAL_OFFER_WEBPAGE.PNG"],"guid":"71950966-674e-46df-9c2d-cb3a7ad967f5_1.1.1142.64_1","appID":"WiperSoft-180124","dateAdded":"220212","deceptorType":"App","name":"WiperSoft","company":"Wiper Software, UAB","version":"1.1.1142.64","sigName":"Deceptor:Win32/Wipersoft!003014","firstVendorContactDate":"220606","firstAppEsteemReplyDate":"220606","firstResolvedDate":"220613","firstResolvedVersion":"1.1.1158.64","resolved":"TRUE","lastKnownStatus":"Deceptor:1.1.1142.64;1.1.1143.64;NonCertified:1.1.116.32;1.1.1157.32","lastKnownDate":"220212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2022-06-13T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1515},{"violations":{"ACR-048":"The app does not provide control to the startup process that was added by default.\n","ACR-005":"The app appears to impersonate or mimic the chrome browser and its logo when first time run after installation.\n","ACR-006":"The monetization approach by affiliates, extensions and search engines installed (teslabrowser.com using bing search engine) is not clearly disclosed inside software.\nThe monetization approach by affiliates, extensions and search engines is not clearly disclosed during installation.\n","ACR-007":"The app's attribution is not clear and is misleading the consumer to think it is a \"Chrome Browser\" when it first run after installation \n","ACR-084":"The app creates undisclosed startups to perform actions without the consumer's knowledge and consent.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"teslabrowserinstaller.exe\" component on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"tesla-browser-install__34.exe","isInstaller":"True","companyName":"ROSTPAY LTD.","productName":"TeslaBrowser","productVersion":"95.0.4638.54","fileVersion":"2.0.0","hashMD5":"6179412df7e161fc9ab929ca28db725f","hashSHA1":"e3389c732723c30c8f79caaa457096c3e05cae4f","hashSHA256":"bdc0facbc882dfdd127da8c38ff7842970649874752da9ced4716026d82b6e8f","digitalCertThumbprint":"54333BC79AD6F5E807D9E44EE2CA306F878AEF41","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1660","avBlockList":["360 Total Security (20220224)","Avira Internet Security (20220224)","Bitdefender Internet Security (20220224)","COMODO Antivirus (20220224)","Dr.Web Security Space (20220224)","ESET Internet Security (20220224)","G DATA INTERNET SECURITY (20220224)","K7 Total Security (20220224)","Malwarebytes Premium (20220224)","McAfee Total Protection (20220224)","Norton Security (20220224)","Sophos Home Premium (20220224)","SpyHunter5 (20220224)","Total AV Antivirus Pro (20220224)","VIPRE Advanced Security (20220224)","VirIT eXplorer PRO (20220224)","Webroot SecureAnywhere (20220224)","Windows Defender (20220224)"],"avAllowList":["Avast Premium Security (20220224)","AVG Internet Security (20220224)","Kaspersky Internet Security (20220224)","Panda Dome (20220224)","Quick Heal Internet Security (20220224)","Tencent PC Manager (20220224)","Trend Micro Internet Security (20220224)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\TeslaBrowser\\TeslaBrowser.exe","companyName":"The Chromium Authors","productName":"Tesla Browser","productVersion":"97.0.4692.71","fileVersion":"97.0.4692.71","hashMD5":"fd8b82bba3e411f4baaf7d6821d17300","hashSHA1":"5ccf78f40638d95907371094abaebf9612f4b4ee","hashSHA256":"91dc600189f7dfab4602416e1ce7b752ccf122c9e1e2fc4f4418cd732e4a00cf","digitalCertThumbprint":"54333BC79AD6F5E807D9E44EE2CA306F878AEF41","digitalCertIssuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1","digitalCertIssuedTo":"ROSTPAY LTD","storeId":"","sourceIndex":"1660","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Potential deceptor reported from security partner","reference":"","landingPage":"https://www.teslabrowser.com/","directDownloadingLink":"https://www.teslabrowser.com/download/init","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.teslabrowser.com/download/init","sourceIndex":"1660"}],"sampleFiles":["220210/TeslaBrowser-220203/95.0.4638.54/Samples/tesla-browser-install__34.exe"],"imageFiles":["220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-007/ACR-007_Software_NoAttribution.JPG","220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-006/ACR-006_Software_NoMonetizationDetails.JPG","220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-006/ACR-006_Software_NoMonetizationDetails_1.png","220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-005/ACR-005_Software_MimicsChromeBrowser.JPG","220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-048/ACR-048_Software_NoControl.JPG","220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-048/ACR-048_Software_NoControl_1.JPG","220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-084/ACR-084_Software_UndisclosedStartup.JPG","220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-006/ACR-006_Install_NoMonetizationDetails.JPG"],"nonDeceptorImageFiles":["220210/TeslaBrowser-220203/95.0.4638.54/Images/ACR-006/ACR-006_landingPage_NoMonetizationDetails.jpg"],"guid":"41d79d4e-af94-4307-ae6d-c9b4ec5828f9_95.0.4638.54_1","appID":"TeslaBrowser-220203","dateAdded":"220210","deceptorType":"App","name":"Tesla Browser","company":"ROSTPAY LTD","version":"95.0.4638.54","sigName":"Deceptor:Win32/TeslaBrowser!118007006005048084","firstVendorContactDate":"220221","firstAppEsteemReplyDate":"220221","firstResolvedDate":"220401","firstResolvedVersion":"1.3.1.5445","resolved":"TRUE","lastKnownStatus":"95.0.4638.54","lastKnownDate":"220401","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2022-04-01T20:23:02.3172638+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1516},{"violations":{"ACR-109":"The app installs several shortcut link without first obtaining user consent.\n","ACR-042":"The app installs several apps without any explicit user action.\n","ACR-043":"The app installs several apps without disclosure.\n","ACR-005":"One of the installed app mimic Chrome browser. \n","ACR-097":"The install prompts the user to disable anti-virus list in order to prevent detection.\n","ACR-053":"The app doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The app does not provide a \"skip offers\" option.\nThe accept/decline options are not made obvious to the consumer in the offers.\n","ACR-039":"This app installs the following application without obtaining user consent.\n360 Total Security\nSearcherBar\nChrone Browser\nFirefox Browser\nOpera\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service.\n","ACR-161":"The install displays unsubstantiated testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-064":"The app runs an automatic install after the UAC prompt.\n","ACR-055":"The accept/decline options are not made obvious to the consumer in the offers.\n"},"samples":[{"isRevoked":"False","fileName":"DRP-17-Online_win10.exe","isInstaller":"True","companyName":"DriverPack                                                  ","productName":"DriverPack","productVersion":"17.11.106","fileVersion":"0.0","hashMD5":"dafda79bdff3b3ce8f4dc6f4dd4022b9","hashSHA1":"3ded30544eab08e1702ab6a5219cf2a8015120bb","hashSHA256":"1dd1fd93a979900c5694c1518f68ae933f7fd0bf287ddb0e323abebf43f49533","sourceIndex":"1781","avBlockList":["360 Total Security (20211209)","Avast Premium Security (20211209)","AVG Internet Security (20211209)","Avira Internet Security (20211209)","Bitdefender Internet Security (20211209)","Dr.Web Security Space (20211209)","ESET Internet Security (20211209)","G DATA INTERNET SECURITY (20211209)","K7 Total Security (20211209)","Kaspersky Internet Security (20211209)","Malwarebytes Premium (20211209)","McAfee Total Protection (20211209)","Norton Security (20211209)","Panda Dome (20211209)","Quick Heal Internet Security (20211209)","Sophos Home Premium (20211209)","SpyHunter5 (20211209)","Tencent PC Manager (20211209)","Total AV Antivirus Pro (20211209)","Trend Micro Internet Security (20211209)","VIPRE Advanced Security (20211209)","VirIT eXplorer PRO (20211209)","Webroot SecureAnywhere (20211209)"],"avAllowList":["COMODO Antivirus (20211209)","Windows Defender (20211209)"]}],"additionalFiles":[],"sources":[{"howFound":"google search new version of DriverPackSolution ","reference":"","landingPage":"https://driverpack.io/en/info/driverpack-online","directDownloadingLink":"https://dl.driverpack.io/17-online/DRP-17-Online_win10.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.driverpack.io/17-online/DRP-17-Online_win10.exe","sourceIndex":"1781"}],"sampleFiles":["211124/004-DriverPackSolution-180705/17.11.106/Samples/DRP-17-Online_win10.exe"],"imageFiles":["211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-053/Installation Started.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-109/App Installed.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-039/Installed Application.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-039/App Installed.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-043/Installed Application.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-043/App Installed.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-055/Start Installing.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-055/Bundled App Offer.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-042/Installed Application.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-042/App Installed.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-005/Fake Chrome Browser.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-097/Disable Antivirus.png"],"nonDeceptorImageFiles":["211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-044/Start Installing.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-038/File Properties.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-055/Install Offer.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-055/Download Offer.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-065/After UAC Prompt.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-161/DriverPack_Install [8].png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-064/DriverPack_Install [].png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-064/DriverPack_Install [1].png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-064/Start Installing.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-064/After UAC Prompt.png","211124/004-DriverPackSolution-180705/17.11.106/Images/ACR-064/Ready to Install.png"],"guid":"ebf42e4e-f30d-44d7-8cb5-6674c0c5247b_17.11.106_1","appID":"004-DriverPackSolution-180705","dateAdded":"220208","deceptorType":"App","name":"DriverPackSolution","company":"DriverPack","version":"17.11.106","lastKnownStatus":"4.4.14.0;17.11.62;17.11.106;17.11.28","lastKnownDate":"220208","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows 10,Windows 7,Windows Vista,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-02-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1519},{"violations":{"ACR-109":"The app installs several shortcut link without first obtaining user consent.\n","ACR-042":"The app installs several apps without any explicit user action.\n","ACR-043":"The app installs several shortcut link without disclosure.\n","ACR-048":"The app has does not appear in the Control Panel->Programs\n","ACR-097":"The install prompts the user to disable anti-virus list in order to prevent detection.\n","ACR-116":"The app does not appear as a program on Control Panel, and cannot be uninstalled from there. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. \n","ACR-040":"App installs in hidden folder %AppData%\n","ACR-161":"The install displays unsubstantiated testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-064":"The app runs an automatic install after the UAC prompt.\n"},"samples":[{"isRevoked":"False","fileName":"DriverPack-17-Online.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b2e44d9a821a3ca7e7be9c61033569c7","hashSHA1":"22f6161e939c4a54ce06e28c9843c7e1c23af451","hashSHA256":"fa5ba472c2f3629ae581f19d03990265f3a121e00e6eb551147c092bdc7ae5c1","digitalCertThumbprint":"7CADCA1AD0A7809121184AD8D877C3C44206D850","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kuzyakov Artur Vyacheslavovich, O=Kuzyakov Artur Vyacheslavovich, STREET=\"kv.29, 24K1 Tashkentskaya ul.\", L=Moscow, C=RU","sourceIndex":"1838","avBlockList":["360 Total Security (20210624)","Avast Premium Security (20210624)","AVG Internet Security (20210624)","Avira Internet Security (20210624)","Bitdefender Internet Security (20210624)","COMODO Antivirus (20210624)","Dr.Web Security Space (20210624)","ESET Internet Security (20210624)","G DATA INTERNET SECURITY (20210624)","K7 Total Security (20210624)","Kaspersky Internet Security (20210624)","Malwarebytes Premium (20210624)","McAfee Total Protection (20210624)","Norton Security (20210624)","Panda Dome (20210624)","Quick Heal Internet Security (20210624)","Sophos Home Premium (20210624)","SpyHunter5 (20210624)","Tencent PC Manager (20210624)","Total AV Antivirus Pro (20210624)","Trend Micro Internet Security (20210624)","VIPRE Advanced Security (20210624)","VirIT eXplorer PRO (20210624)","Webroot SecureAnywhere (20210624)","Windows Defender (20210624)"],"avAllowList":[]},{"isRevoked":"False","fileName":"DP.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b21ffcd5a782b112e32ef997b265e1b4","hashSHA1":"41240a80aa01c01709ed93e2accbdfd099ee4a23","hashSHA256":"5a3e2af19bd8e24b91b23554903c1d8f8a0ba8fd39c2a956f15d30d963125390","digitalCertThumbprint":"7CADCA1AD0A7809121184AD8D877C3C44206D850","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kuzyakov Artur Vyacheslavovich, O=Kuzyakov Artur Vyacheslavovich, STREET=\"kv.29, 24K1 Tashkentskaya ul.\", L=Moscow, C=RU","sourceIndex":"1838","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://drp.su/en/foradmin","directDownloadingLink":"https://dl.drp.su/17-online/DriverPack-17-Online.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.drp.su/17-online/DriverPack-17-Online.exe","sourceIndex":"1838"}],"sampleFiles":["210726/004-DriverPackSolution-180705/17.11.62/Samples/DriverPack-17-Online.exe","210726/004-DriverPackSolution-180705/17.11.62/Samples/DP.exe"],"imageFiles":["210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-109/DriverPack_InstalledApp.png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-043/DriverPack_InstalledApp.png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-042/DriverPack_InstalledApp.png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-048/DriverPack_ControlPanel.png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-097/DriverPack_Install [5] .png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-116/DriverPack_ControlPanel.png"],"nonDeceptorImageFiles":["210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-038/DriverPack_FileProperty.png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-040/DriverPack_Files.png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-161/DriverPack_Install [8].png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-064/DriverPack_Install2.png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-064/DriverPack_Install [].png","210726/004-DriverPackSolution-180705/17.11.62/Images/ACR-064/DriverPack_Install [1].png"],"guid":"ebf42e4e-f30d-44d7-8cb5-6674c0c5247b_17.11.62_1","appID":"004-DriverPackSolution-180705","dateAdded":"220208","deceptorType":"App","name":"DriverPackSolution","company":"DriverPack","version":"17.11.62","sigName":"Deceptor:Win32/DriverPackSolution!109043042048097116","lastKnownStatus":"4.4.14.0;17.11.62;17.11.106;17.11.28","lastKnownDate":"220208","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 7,Windows Vista,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-02-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1520},{"violations":{"ACR-109":"The app installs both Opera and Facebook shortcut link without first obtaining user consent.\n","ACR-042":"The app installs Opera and Facebook without any explicit user action.\n","ACR-043":"The app installs Opera and Facebook shortcut link without disclosure.\n","ACR-048":"The app has does not appear in the Control Panel->Programs\n","ACR-116":"The app does not appear as a program on Control Panel, and cannot be uninstalled from there. \n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden folder %AppData%\n","ACR-161":"The install displays unsubstantiated testimonials.\n","ACR-064":"The app runs an automatic install after the UAC prompt.\n"},"samples":[{"isRevoked":"False","fileName":"DriverPack-Alice.exe","fileVersion":"0.0","hashMD5":"e616df77731b0cd296fad94e7f651a26","hashSHA1":"f0cd976135e8b247ccbe020c353c7f42ca81361f","hashSHA256":"403f2c9bb0a4416d3bed7fb8eba2743b290008171d2364db4e35b651d1cd8069","digitalCertThumbprint":"F392C69060C6BE487562A6A823985EAB58E1AC96","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=\"kv.29, 24K1 Tashkentskaya ul.\", L=Moscow, S=Moscow, C=RU","sourceIndex":"2387","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverPack-17-Online_1902147806.1593718692.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0f51d6a45c8d838e31b5ea665a0b5f03","hashSHA1":"116456a4ee6d168c8b8667f2df27366023683fb6","hashSHA256":"3821895d6df56147856b21ad6f50711f074bc4d46ecb5a759ad00fbbe9856337","digitalCertThumbprint":"F392C69060C6BE487562A6A823985EAB58E1AC96","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=\"kv.29, 24K1 Tashkentskaya ul.\", L=Moscow, S=Moscow, C=RU","sourceIndex":"2387","avBlockList":["360 Total Security (20211207)","Avast Premium Security (20211207)","AVG Internet Security (20211207)","Avira Internet Security (20211207)","Bitdefender Internet Security (20211207)","COMODO Antivirus (20211207)","Dr.Web Security Space (20211207)","ESET Internet Security (20211207)","G DATA INTERNET SECURITY (20211207)","K7 Total Security (20211207)","Kaspersky Internet Security (20211207)","Malwarebytes Premium (20211207)","McAfee Total Protection (20211207)","Norton Security (20211207)","Panda Dome (20211207)","Quick Heal Internet Security (20211207)","Sophos Home Premium (20211207)","SpyHunter5 (20211207)","Tencent PC Manager (20211207)","Total AV Antivirus Pro (20211207)","Trend Micro Internet Security (20211207)","VIPRE Advanced Security (20211207)","VirIT eXplorer PRO (20211207)","Webroot SecureAnywhere (20211207)","Windows Defender (20211207)"],"avAllowList":[]},{"isRevoked":"False","fileName":"cloud.exe","companyName":"DriverPack Solution","fileVersion":"4.4","hashMD5":"d60a45d1254899aee137ecb1f2ffae8e","hashSHA1":"c8a27e6a73af402002142aaf9335ba77a232b252","hashSHA256":"326b50f40d55c8cf54eb12f5372b7b46306363d0aae9a2eb6ade07832e17ddc8","sourceIndex":"2387","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverPackAssistant.exe","fileVersion":"1.0","hashMD5":"6240b0cdff841559e960785fbbd43738","hashSHA1":"62d5c908394212f21700119e0f934555e0a95007","hashSHA256":"fc924a4c46667be6e82ccf6f4068fcd22da63e2a0cefcd01dc3b7dd014138fa4","digitalCertThumbprint":"F392C69060C6BE487562A6A823985EAB58E1AC96","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=\"kv.29, 24K1 Tashkentskaya ul.\", L=Moscow, S=Moscow, C=RU","sourceIndex":"2387","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://drp.su/en/foradmin","directDownloadingLink":"http://dl.drp.su/17-online/DriverPack-17-Online.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.drp.su/17-online/DriverPack-17-Online.exe","sourceIndex":"2387"}],"sampleFiles":["200709/004-DriverPackSolution-180705/4.4.14.0/Samples/DriverPack-Alice.exe","200709/004-DriverPackSolution-180705/4.4.14.0/Samples/DriverPack-17-Online_1902147806.1593718692.exe","200709/004-DriverPackSolution-180705/4.4.14.0/Samples/cloud.exe","200709/004-DriverPackSolution-180705/4.4.14.0/Samples/DriverPackAssistant.exe"],"imageFiles":["200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-109/109-DRP.gif","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-043/109-DRP.gif","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-042/109-drp.PNG","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-042/109-DRP.gif","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-048/116-drp-doesNotAppearInControlPanel.PNG","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-048/048-drp.PNG","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-116/116-drp-doesNotAppearInControlPanel.PNG","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-116/048-drp.PNG"],"nonDeceptorImageFiles":["200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-040/HiddenFolder.JPG","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-040/HiddenFolder1.JPG","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-161/161-drp.PNG","200709/004-DriverPackSolution-180705/4.4.14.0/Images/ACR-064/064-DRP GIF.gif"],"guid":"ebf42e4e-f30d-44d7-8cb5-6674c0c5247b_4.4.14.0_1","appID":"004-DriverPackSolution-180705","dateAdded":"220208","deceptorType":"App","name":"DriverPackSolution","company":"DriverPack","version":"4.4.14.0","sigName":"Deceptor:Win32/DriverPackSolution!109043042048116","lastKnownStatus":"4.4.14.0;17.11.62;17.11.106;17.11.28","lastKnownDate":"220208","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 7,Windows Vista,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-02-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1521},{"violations":{"ACR-109":"The app installs both Opera and Facebook shortcut link while creating a System Restore Point without use consent.\n","ACR-042":"The app installs Opera and Facebook without any user-consent.\n","ACR-043":"The app installs Opera and Facebook shortcut link while creating a system restore point.\n","ACR-050":"The app offers to disable automatic Windows updates\n","ACR-097":"During the install, the app recommends the user to disable their antivirus.\n","ACR-057":"The app only provides the consumer with a \"select all\" button or a \"skip\" button. The app also uses an accept and install button and a refuse button, which confuses the consumer.\n","ACR-055":"The app only provides the consumer with a \"select all\" button or a \"skip\" button, which presents the user with unclear accept and decline options.\n"},"nonDeceptorViolations":{"ACR-161":"The install displays unsubstantiated testimonials.\n","ACR-087":"The app offers to disable automatic Windows updates.\n","ACR-054":"The app uses small grayed-out text for the decline option and uses a much larger button for the accept option.\n","ACR-064":"The app runs an automatic install after the UAC prompt.\n"},"samples":[{"isRevoked":"False","fileName":"DriverPack-17-Online_1693490056.1575331632.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"eab54e3dd04650975fa9dc9c2f521405","hashSHA1":"7ec140290148cec2ae360b8bfaa6092257369a07","hashSHA256":"c4e9a26c8c5bd5dcb62054281e8699d033251bf30f1f1700aacbcfb666276d82","digitalCertThumbprint":"F392C69060C6BE487562A6A823985EAB58E1AC96","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=\"kv.29, 24K1 Tashkentskaya ul.\", L=Moscow, S=Moscow, C=RU","sourceIndex":"2588","avBlockList":["360 Total Security (20210604)","Avast Internet Security (20200113)","AVG Internet Security (20210604)","Avira Internet Security (20210604)","Bitdefender Internet Security (20210604)","COMODO Antivirus (20210604)","Dr.Web Security Space (20210604)","ESET Internet Security (20210604)","G DATA INTERNET SECURITY (20210604)","K7 Total Security (20210604)","Kaspersky Internet Security (20210604)","Malwarebytes Premium (20210604)","McAfee Total Protection (20210604)","Norton Security (20210604)","Panda Dome (20210604)","Quick Heal Internet Security (20210604)","Sophos Home Premium (20210604)","Tencent PC Manager (20210604)","Trend Micro Internet Security (20210604)","VIPRE Advanced Security (20210604)","VirIT eXplorer PRO (20210604)","Webroot SecureAnywhere (20210604)","Windows Defender (20210604)","Avast Premium Security (20210604)","SpyHunter5 (20210604)","Total AV Antivirus Pro (20210604)"],"avAllowList":[]},{"isRevoked":"False","fileName":"cloud.exe","companyName":"DriverPack Solution","fileVersion":"4.4","hashMD5":"6f8da76fabbaf2631c4681e65a74ecfe","hashSHA1":"8d4fa92b629a27f3e5a0e37496df077460fcdfbe","hashSHA256":"16021e08956835093ebf37d8da6cbd8be3f0a5f841e62f7795c0bbebfbc09bb5","sourceIndex":"2588","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://drp.su/en/foradmin","directDownloadingLink":"http://download.drp.su/17-online/DriverPack-17-Online_1417012319.1530808302.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.drp.su/17-online/DriverPack-17-Online_1417012319.1530808302.exe","sourceIndex":"2588"}],"sampleFiles":["191210/004-DriverPackSolution-180705/4.4.9/Samples/DriverPack-17-Online_1693490056.1575331632.exe","191210/004-DriverPackSolution-180705/4.4.9/Samples/cloud.exe"],"imageFiles":["191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-109/DriverPack Opera and Facebook.gif","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-043/DriverPack Opera and Facebook.gif","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-055/DriverPack Offers 2.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-042/DriverPack Opera and Facebook.gif","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-050/DriverPack System Integrity.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-097/DriverPack AV 1.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-097/DriverPack AV 2.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-097/DriverPack AV 3.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-057/DriverPack Offers 1.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-057/DriverPack Offers 2.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-057/DriverPack Offers 3.png"],"nonDeceptorImageFiles":["191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-161/DriverPack Testimonial.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-087/DriverPack System Integrity.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-064/DriverPack Auto-Install.gif","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-054/DriverPack Offers 2.png","191210/004-DriverPackSolution-180705/4.4.9/Images/ACR-054/DriverPack Offers 3.png"],"guid":"ebf42e4e-f30d-44d7-8cb5-6674c0c5247b_4.4.9_1","appID":"004-DriverPackSolution-180705","dateAdded":"220208","deceptorType":"App","name":"DriverPackSolution","company":"DriverPack","version":"4.4.9","lastKnownStatus":"4.4.14.0;17.11.62;17.11.106;17.11.28","lastKnownDate":"220208","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 7,Windows Vista,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2022-02-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1522},{"violations":{"ACR-109":"The app installs several shortcut link without first obtaining user consent.\n","ACR-042":"The app installs several apps without getting user consent.\n","ACR-048":"The app is hidden from standard uninstall entry, limiting users to remove/delete/uninstall it.\n","ACR-097":"The install prompts the user to disable anti-virus list in order to prevent detection.\n","ACR-053":"The app doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The app does not provide a \"skip offers\" option.\nThe accept/decline options are not made obvious to the consumer in the offers.\n","ACR-039":"This app installs the following application without obtaining user consent.\n360 Total Security\nSearcherBar\nFirefox Browser\nOpera Stable\n"},"nonDeceptorViolations":{"ACR-044":"The app does not get the user consent of the other application to download and install\n","ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service.\n","ACR-064":"The app runs an automatic install after the UAC prompt.\n","ACR-055":"The accept/decline options are not made obvious to the consumer in the offers.\n"},"samples":[{"isRevoked":"False","fileName":"DriverPack-17-Online_1633135298.1583503512 (1).exe","isInstaller":"True","companyName":"DriverPack","productName":"DriverPack","productVersion":"17.11.28","fileVersion":"0.0","hashMD5":"f9d8113ccfaa00f5fb6d1c8d88613d16","hashSHA1":"9cad0f98446f3cbe749084360b4e83104f93e9f8","hashSHA256":"d7eb9189ebf572a0b196fbb798ec038ce364a562c14d77ecc523451bee81ebba","digitalCertThumbprint":"F392C69060C6BE487562A6A823985EAB58E1AC96","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=\"kv.29, 24K1 Tashkentskaya ul.\", L=Moscow, S=Moscow, C=RU","sourceIndex":"1712","avBlockList":["360 Total Security (20220303)","Avast Premium Security (20220303)","AVG Internet Security (20220303)","Avira Internet Security (20220303)","Bitdefender Internet Security (20220303)","COMODO Antivirus (20220303)","Dr.Web Security Space (20220303)","ESET Internet Security (20220303)","G DATA INTERNET SECURITY (20220303)","K7 Total Security (20220303)","Kaspersky Internet Security (20220303)","Malwarebytes Premium (20220303)","McAfee Total Protection (20220303)","Norton Security (20220303)","Panda Dome (20220303)","Quick Heal Internet Security (20220303)","Sophos Home Premium (20220303)","SpyHunter5 (20220303)","Tencent PC Manager (20220303)","Total AV Antivirus Pro (20220303)","Trend Micro Internet Security (20220303)","VIPRE Advanced Security (20220303)","VirIT eXplorer PRO (20220303)","Webroot SecureAnywhere (20220303)","Windows Defender (20220303)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"filehippo.com download site","reference":"","landingPage":"https://driverpack.io/en/foradmin","directDownloadingLink":"https://filehippo.com/download_driverpack-solution-online/post_download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/download_driverpack-solution-online/post_download/","sourceIndex":"1712"}],"sampleFiles":["220208/004-DriverPackSolution-180705/17.11.28/Samples/DriverPack-17-Online_1633135298.1583503512 (1).exe"],"imageFiles":["220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-053/Install 2.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-109/Shortcut Installed.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-039/Control Panel.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-055/Install 2.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-055/Install 2.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-042/Control Panel.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-042/Install 2.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-048/Control Panel.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-097/Disable antivirus.png"],"nonDeceptorImageFiles":["220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-044/Install 2.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-038/File Properties.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-055/Install Offer.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-055/Download Offer.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-065/DP Start Install.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-064/Install 1.png","220208/004-DriverPackSolution-180705/17.11.28/Images/ACR-064/Install 2.png"],"guid":"ebf42e4e-f30d-44d7-8cb5-6674c0c5247b_17.11.28_1","appID":"004-DriverPackSolution-180705","dateAdded":"220208","deceptorType":"App","name":"DriverPackSolution","company":"DriverPack","version":"17.11.28","lastKnownStatus":"4.4.14.0;17.11.62;17.11.106;17.11.28","lastKnownDate":"220208","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 7,Windows Vista,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2022-02-08T18:09:39.1690373+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":5,"sortOrder":1518},{"violations":{"ACR-003":"The app needs to substantiate the identified issues to the user.\n","ACR-004":"The app needs to provide a free fix for all the issues identified during the “Free Scan” and also needs to substantiate those identified issues. Unable to verify free fix as it shows only the graph  (100%) and not the fixed issues.\n","ACR-165":"App doesn't provide following information in shopping cart: 1. When user will receive the auto renewal payment notification if auto renew payment is selected.\n"},"nonDeceptorViolations":{"ACR-038":"1. The app does not disclose the Original filename, Company name, Product name, Product version, File version for \"Pc Cleaner.exe\".\n2. The app has current version as \"1.0.0.0\" instead of \"1.0.0.1\" (Mis-matched). Suggested to provide consistent version info.\n","ACR-065":"The app needs to disclose the Privacy policy during installation.\n","ACR-087":"1.Upon installing the app, computer performance has been degraded and it is not functioning as usual. The app quits itself frequently while scanning and performing any functions.\n2. Some of the options like \"back\", \"Details\", \"fix now\" etc., in the app works only after multiple clicks. \n","ACR-092":"The app needs to provide digital signature for the executable: \"PC-Cleaner.exe (Installer)\".\n"},"samples":[{"isRevoked":"False","fileName":"PC_Cleaner.exe","isInstaller":"True","companyName":"Spreader Technology LLC","productName":"Spreader PC Cleaner Setup","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"5ef4089f9a03e95bcf70dee0c1a9da50","hashSHA1":"b1c96868a77bb1d31da659fcbc4d4e52775ec45f","hashSHA256":"ff4cbfe5edce9c7e541b3b147780d60902e0573f2b29a526476291ffd57555a2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"333","avBlockList":["360 Total Security (20220217)","Avira Internet Security (20220217)","COMODO Antivirus (20220217)","ESET Internet Security (20220217)","K7 Total Security (20220217)","Kaspersky Internet Security (20220217)","Malwarebytes Premium (20220217)","McAfee Total Protection (20220217)","Norton Security (20220217)","Panda Dome (20220217)","Sophos Home Premium (20220217)","SpyHunter5 (20220217)","Total AV Antivirus Pro (20220217)","Trend Micro Internet Security (20220217)","VirIT eXplorer PRO (20220217)","Windows Defender (20220217)"],"avAllowList":["Avast Premium Security (20220217)","AVG Internet Security (20220217)","Bitdefender Internet Security (20220217)","Dr.Web Security Space (20220217)","G DATA INTERNET SECURITY (20220217)","Quick Heal Internet Security (20220217)","Tencent PC Manager (20220217)","VIPRE Advanced Security (20220217)","Webroot SecureAnywhere (20220217)"]},{"isRevoked":"False","fileName":"PC Cleaner.exe","fileVersion":"0.0","hashMD5":"5b8cc71d441fd116c72b6bac12767a81","hashSHA1":"e79e43eaa848ba5f640e9100b5294cbf591a01d1","hashSHA256":"a05a2f91b941bce061db951dd91e8eafd6d557ef99787a699636f0da7a94cacb","digitalCertThumbprint":"DC8A822E9F53DD2BD0638336D59F050DDB319A79","digitalCertIssuer":"CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=\"DigiCert, Inc.\", C=US","digitalCertIssuedTo":"CN=Spreader Technology LLC, O=Spreader Technology LLC, L=Live Oak, S=Florida, C=US","sourceIndex":"333","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"https://spreadertechno.com/products/driver-pc-cleaner","directDownloadingLink":"https://spreadertechno.com/assets/utils/exe/Spreader_PC_Cleaner.exe","landingPageWildChar":"","directDownloadingLinkWildChar":"https://spreadertechno.com/assets/utils/exe/Spreader_PC_Cleaner.exe","sourceIndex":"333"}],"sampleFiles":["220208/spreaderpccleaner-211108/1.0.0.1/Samples/PC_Cleaner.exe","220208/spreaderpccleaner-211108/1.0.0.1/Samples/PC Cleaner.exe"],"imageFiles":["220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-004/ACR-004_Software_No_Free_Fix_Results_Not_Substantiated.JPG","220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-004/ACR-004_Software_No_Free_Fix_Results_Not_Substantiated_1.JPG","220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-003/ACR-003_Software_Results_Not_Substantiated.JPG","220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-003/ACR-003_Software_Results_Not_Substantiated_1.JPG","220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-165/ACR-165_InternalOffers_Renewal_Notification_Missing.JPG"],"nonDeceptorImageFiles":["220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-038/ACR-038_Install_No_Details.JPG","220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-038/ACR-038_Install_Inconsistent_Version.JPG","220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-065/ACR-065_Install_No_Privacy_Policy.JPG","220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-087/ACR-087_Software_Decreases_Reliability.mp4","220208/spreaderpccleaner-211108/1.0.0.1/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG"],"guid":"ed8e4def-c509-4917-b432-7f03ab3ae2ce_1.0.0.1_1","appID":"spreaderpccleaner-211108","dateAdded":"220208","deceptorType":"App","name":"Spreader PC Cleaner","company":"Spreader Technology LLC","version":"1.0.0.1","lastKnownStatus":"1.0.0.1","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 7","targetBrowser":"Chrome,Firefox,Edge,IE,Opera","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2026-05-04T14:37:17.6947559+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1517},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" and \"FreeDVDVideoBurner\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" and \"FreeDVDVideoBurner\" without disclosing it to the user and getting user consent. \n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" and \"Free DVD Video Burner\".\n","ACR-017":" The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-039":"The app installs \"FreeStudioManager\" and \"FreeDVDVideoBurner\" without disclosing it to the user and getting user consent. \n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install.\n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy.\nThe app is not working and does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy. \n","ACR-099":"The app's landing page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeDVDVideoBurner.exe","companyName":"DVDVideoSoft Ltd.","productName":"Free DVD Video Burner","productVersion":"3.2.54.823","fileVersion":"3.2.54.823","hashMD5":"c6e49e39c25f7694da43d7e4a7bdb3f3","hashSHA1":"d56a34f3f352c61c06ef8e5f053510a9b3a1641d","hashSHA256":"d8ec980ad19e460b0e1a38308a18d6bfd17caaa43966ef07c8b9599fba353552","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.6.34.315","fileVersion":"6.6.34.315","hashMD5":"652e2a92e8283948cc071ed0c5c81969","hashSHA1":"a33936f3daf89c71070aa50df19c732d86ce0c86","hashSHA256":"6264c70db2be899daba688b675537d9dd38bfb11e70150f721796fbb76fea583","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeToDVDConverter.exe","companyName":"DVDVideoSoft Ltd.","productName":"Free YouTube To DVD Converter","productVersion":"3.1.103.829","fileVersion":"3.1.103.829","hashMD5":"fa364c203c92e837958fd34f68eecc0f","hashSHA1":"dfe0fe0ed1a4f122db6e074e577f9bbdeece74e6","hashSHA256":"b6992572d95dd7d72cde838b24bbb223ff2b520e82f75280df4c05c83d243698","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeToDVDConverter_3.1.103.829_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"Free YouTube To DVD Converter","productVersion":"3.1.103.829","fileVersion":"3.1.103.829","hashMD5":"d2961f8ef4bd493445ec10c15ba6b424","hashSHA1":"f56a1fab33c900a8335562679d2c8a88ddd7851a","hashSHA256":"856c4a4d09bbe01de81cb3cb3b08ff0f42c8cfc6fe8f40d38c3f06b620001d99","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1713","avBlockList":["Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","Dr.Web Security Space (20220215)","K7 Total Security (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","Sophos Home Premium (20220215)","SpyHunter5 (20220215)","Total AV Antivirus Pro (20220215)","VirIT eXplorer PRO (20220215)","Webroot SecureAnywhere (20220215)","Windows Defender (20220215)"],"avAllowList":["360 Total Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","Kaspersky Internet Security (20220215)","Malwarebytes Premium (20220215)","Quick Heal Internet Security (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20220215)","VIPRE Advanced Security (20220215)"]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-DVD-Converter.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToDVDConverter.exe&ls=topButton","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=FreeYouTubeToDVDConverter.exe&ls=topButton","sourceIndex":"1713"}],"sampleFiles":["220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Samples/FreeDVDVideoBurner.exe","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Samples/FreeStudioManager.exe","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Samples/FreeYouTubeToDVDConverter.exe","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Samples/FreeYouTubeToDVDConverter_3.1.103.829_o.exe"],"imageFiles":["220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-109/Bundled App.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-109/FreeStudioManager Install.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-039/Bundled App.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-039/FreeStudioManager Install.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-043/Bundled App.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-043/FreeStudioManager Install.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-048/Bundled App x Control Panel.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-017/UAC.png"],"nonDeceptorImageFiles":["220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-044/Bundled App.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-040/FreeStudioManager Install.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-065/EULA.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-065/App Not Working.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-065/Landing Page.png","220207/FreeYouTubeToDVDConverter-220204/3.1.103.829/Images/ACR-099/Landing Page.png"],"guid":"09813da9-2ec3-4e68-b183-d74f7e6f650a_3.1.103.829_1","appID":"FreeYouTubeToDVDConverter-220204","dateAdded":"220207","deceptorType":"App","name":"Free YouTube To DVD Converter","company":"Digital Wave Ltd","version":"3.1.103.829","lastKnownStatus":"3.1.103.829","lastKnownDate":"220207","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-02-07T22:05:23.7212687+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1527},{"violations":{"ACR-048":"The app does not provide control to disable extensions, startup process, and scheduled tasks that were added by default.\n\n","ACR-005":"The app appears to mimic the chrome browser.\n","ACR-006":"The monetization approach is not clearly disclosed in software\n","ACR-084":"1) The app creates undisclosed scheduled tasks & startups to perform actions without the consumer's knowledge and consent.\n2) The process runs in the background on closing the app.\n3) The Secure browser process is disguised as \"Chrome.exe\", thus misleading the user to think the chrome browser is running.\n","ACR-103":"The value propositions claimed in landing page don't exist in software\n","ACR-104":"Search engine can't be changed as it claims.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"setdf.exe\" component on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BlazeMedia\\SecureBrowser\\Application\\SecureBrowserSetup.exe","companyName":"Blaze Media LLC.","productName":"BlazeMedia Update","productVersion":"1.3.105.0","fileVersion":"1.3.105.0","hashMD5":"bcd404c32ae808aafcdcbf4677c07116","hashSHA1":"afb78e4a169781e7b73889daec9742e737aea0bc","hashSHA256":"41b5051526fecb44ddf9adce894470aa1f4b4edc8b9500fd4e3c5ba10a8fd083","digitalCertThumbprint":"BC461FAAFBCDDB53BBD950A2DA62E4264E2B7FFC","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Blaze Media Inc.","storeId":"","sourceIndex":"335","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BlazeMedia\\SecureBrowser\\Application\\chrome.exe","companyName":"Blaze Media","productName":"Secure Browser","productVersion":"92.0.4515.131","fileVersion":"92.0.4515.131","hashMD5":"f01136fec7d116d46f2af227dd0908ad","hashSHA1":"5d648266f017ef2ad1589ce65b28e029196b518f","hashSHA256":"883e8fce0a28c83b5bff7628d7e9e33de021176b3b6b0c171abf1efaf87914ef","digitalCertThumbprint":"BC461FAAFBCDDB53BBD950A2DA62E4264E2B7FFC","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Blaze Media Inc.","storeId":"","sourceIndex":"335","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BlazeMedia\\Update\\1.3.105.0\\SecureBrowserCrashHandler.exe","companyName":"Blaze Media LLC.","productName":"BlazeMedia Update","productVersion":"1.3.105.0","fileVersion":"1.3.105.0","hashMD5":"595ddd03131f45f9461e61c6330a6841","hashSHA1":"9005996f63aa59935141092020f8a33b94a8d9c5","hashSHA256":"e2acf7794483054c3691cfce1aa019fc769a7239a901cb703bcb5c47cb1d684f","digitalCertThumbprint":"BC461FAAFBCDDB53BBD950A2DA62E4264E2B7FFC","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Blaze Media Inc.","storeId":"","sourceIndex":"335","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BlazeMedia\\Update\\1.3.105.0\\SecureBrowserCrashHandler64.exe","companyName":"Blaze Media LLC.","productName":"BlazeMedia Update","productVersion":"1.3.105.0","fileVersion":"1.3.105.0","hashMD5":"b97766c67da8eba8457e9933d5bccd4b","hashSHA1":"391fdbcc94c1c2d51e06527248e78dbfb981dbd6","hashSHA256":"69a714d3696fdbf22b01e57b6c70fe8c09c225b6345e3beb62217d2b2ea26b5a","digitalCertThumbprint":"BC461FAAFBCDDB53BBD950A2DA62E4264E2B7FFC","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Blaze Media Inc.","storeId":"","sourceIndex":"335","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SecBSv211206.msi","isInstaller":"True","companyName":"SecBSv211206.msi","productName":"","productVersion":"","fileVersion":"","hashMD5":"0","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":"7ae1bb09bf18b099cb01c14c453d1de3380db4937b6f3fbf7427877273734169","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","sourceIndex":"335","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Reported by customer","reference":"","landingPage":"https://secure-browser.io/","directDownloadingLink":"https://atlasox.s3.amazonaws.com/securebrowser.io/SecureBrowserSetup.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://atlasox.s3.amazonaws.com/securebrowser.io/SecureBrowserSetup.msi","sourceIndex":"335"}],"sampleFiles":["220207/Securebrowser-211030/1.3.105.0/Samples/SecBSv211206.msi"],"imageFiles":["220207/Securebrowser-211030/1.3.105.0/Images/ACR-084/ACR-084_Software_UndisclosedScheduledTask.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-084/ACR-084_Software_UndisclosedStartup.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-084/ACR-084_Software_HidesItPresenc.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-084/ACR-084_Software_ProcessRunsAfterClosing.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-103/ACR-103_Software_Missing_Proposition.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-104/ACR-104_Software_Search_Engine_Changed.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-048/ACR-048_Software_NoControl.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-048/ACR-048_Software_NoControlToChangeSearchEngine.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-048/ACR-048_Software_NoControlToExtension.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-005/ACR-005_Software_MimicsChromeBrowser.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-006/ACR-006_Software_NoDetails.JPG","220207/Securebrowser-211030/1.3.105.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG"],"nonDeceptorImageFiles":[],"guid":"0d480855-ca13-4468-8997-04b5d27a9eda_1.3.105.0_1","appID":"Securebrowser-211030","dateAdded":"220207","deceptorType":"App","name":"Secure Browser","company":"Blaze Media","version":"1.3.105.0","lastKnownStatus":"88.0.4324.96;1.3.105.0;21.11.11","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2024-11-26T23:42:10.7152207+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1525},{"violations":{"ACR-048":"The app does not provide control to disable extensions, startup process, and scheduled tasks that were added by default.\n\n","ACR-005":"The app appears to impersonate or mimic the chrome browser and its logo. \n","ACR-006":"The monetization approach is not clearly disclosed in software\n","ACR-084":"1) The app creates undisclosed scheduled tasks & startups to perform actions without the consumer's knowledge and consent.\n2) The process runs in the background on closing the app.\n3) The Secure browser process is disguised as \"Chrome.exe\", thus misleading the user to think the chrome browser is running.\n","ACR-103":"The value propositions claimed in landing page don't exist in software\n","ACR-104":"Search engine can't be changed as it claims.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SecureBrowserSetup.exe","companyName":"Blaze Media LLC.","fileVersion":"1.3","hashMD5":"0039db4b71d14b44de53dac30543fc95","hashSHA1":"8d95c065bd781a5265e6996ce3c0e40578c1ab73","hashSHA256":"1bf8224fa621d5a0f77ed98d99afc313dbdd0912e1af6af2498edccacd376f91","digitalCertThumbprint":"4C70057D607EB481241AF49CAB1166ABA3AFD958","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Blaze Media Inc., O=Blaze Media Inc., L=Panama City, S=Panama, C=PA, SERIALNUMBER=155704406, OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization","sourceIndex":"334","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"chrome.exe","companyName":"Blaze Media","fileVersion":"88.0","hashMD5":"7cfb48ccc52262e66e0825dde2e3b2e8","hashSHA1":"0fac27fd4f83b8a60d1f441e02767e95f3e10489","hashSHA256":"976b77aae2dcb03a38a337c5a2dca5708c2f55723ebb9f12402053fb0eb7fbd3","digitalCertThumbprint":"4C70057D607EB481241AF49CAB1166ABA3AFD958","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Blaze Media Inc., O=Blaze Media Inc., L=Panama City, S=Panama, C=PA, SERIALNUMBER=155704406, OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization","sourceIndex":"334","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SecureBrowserSetup.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3e26c9fbbda5509ac7e67307e83776ec29800a3a79692fb528250566fa3f84fe","sourceIndex":"334","avBlockList":["360 Total Security (20211130)","Avast Premium Security (20211130)","AVG Internet Security (20211130)","Avira Internet Security (20211130)","Bitdefender Internet Security (20211130)","COMODO Antivirus (20211130)","Dr.Web Security Space (20211130)","ESET Internet Security (20211130)","G DATA INTERNET SECURITY (20211130)","K7 Total Security (20211130)","Malwarebytes Premium (20211130)","McAfee Total Protection (20211130)","Norton Security (20211130)","Panda Dome (20211130)","Quick Heal Internet Security (20211130)","Sophos Home Premium (20211130)","SpyHunter5 (20211130)","Tencent PC Manager (20211130)","Total AV Antivirus Pro (20211130)","Trend Micro Internet Security (20211130)","VIPRE Advanced Security (20211130)","VirIT eXplorer PRO (20211130)","Windows Defender (20211130)"],"avAllowList":["Kaspersky Internet Security (20211130)","Webroot SecureAnywhere (20211130)"]},{"isRevoked":"False","fileName":"SecureBrowserCrashHandler.exe","companyName":"Blaze Media LLC.","fileVersion":"1.3","hashMD5":"591c79a6d21a69d211215d3092b2d883","hashSHA1":"dbea37c64af615ac668e8b5fdf1c346b503ee6f9","hashSHA256":"b472ca1ac53a07cf06d1480335f786019a53a8aa63dfce09890960447d72e418","digitalCertThumbprint":"4C70057D607EB481241AF49CAB1166ABA3AFD958","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Blaze Media Inc., O=Blaze Media Inc., L=Panama City, S=Panama, C=PA, SERIALNUMBER=155704406, OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization","sourceIndex":"334","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SecureBrowserCrashHandler64.exe","companyName":"Blaze Media LLC.","fileVersion":"1.3","hashMD5":"a8f2398587271c28ee22a2c99884f162","hashSHA1":"9c7bfeb0949a69606300cb25c4b9c6ee31547977","hashSHA256":"12e77a5bc90e52d7aa1a49c17565f9358c1aac3f1f192e3957fe0a5ec9607e11","digitalCertThumbprint":"4C70057D607EB481241AF49CAB1166ABA3AFD958","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Blaze Media Inc., O=Blaze Media Inc., L=Panama City, S=Panama, C=PA, SERIALNUMBER=155704406, OID.1.3.6.1.4.1.311.60.2.1.3=PA, OID.2.5.4.15=Private Organization","sourceIndex":"334","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Suggested by AE","reference":"","landingPage":"https://secure-browser.io/","directDownloadingLink":"https://atlasox.s3.amazonaws.com/securebrowser.io/SecureBrowserSetup.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://atlasox.s3.amazonaws.com/securebrowser.io/SecureBrowserSetup.msi","sourceIndex":"334"}],"sampleFiles":["220207/Securebrowser-211030/88.0.4324.96/Samples/chrome.exe","220207/Securebrowser-211030/88.0.4324.96/Samples/SecureBrowserSetup.msi","220207/Securebrowser-211030/88.0.4324.96/Samples/SecureBrowserCrashHandler.exe","220207/Securebrowser-211030/88.0.4324.96/Samples/SecureBrowserCrashHandler64.exe"],"imageFiles":["220207/Securebrowser-211030/88.0.4324.96/Images/ACR-084/ACR-084_Software_UndisclosedScheduledTask.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-084/ACR-084_Software_UndisclosedStartup.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-084/ACR-084_Software_HidesItPresence.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-084/ACR-084_Software_ProcessRunsAfterClosing.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-103/SecureBrowser_103.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-104/ACR-104.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-048/ACR-048_Software_NoControl.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-048/ACR-048_Software_NoControlToChangeSearchEngine.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-048/ACR-048_Software_NoControlToExtension.JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-005/ACR-005_Software_MimicsChromeBrowser3..JPG","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-005/ACR-005_Software_MimicsLogo.jpg","220207/Securebrowser-211030/88.0.4324.96/Images/ACR-006/ACR-006_Software_NoDetails.JPG"],"nonDeceptorImageFiles":[],"guid":"0d480855-ca13-4468-8997-04b5d27a9eda_88.0.4324.96_1","appID":"Securebrowser-211030","dateAdded":"220207","deceptorType":"App","name":"Secure Browser","company":"Blaze Media","version":"88.0.4324.96","sigName":"Deceptor:Win32/SecureBrowser!084103104048005006","lastKnownStatus":"88.0.4324.96;1.3.105.0;21.11.11","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2024-11-26T23:42:47.8157408+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1524},{"violations":{"ACR-109":"The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. \n","ACR-043":"The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. \n","ACR-048":"The non disclosed app components is hidden from standard uninstall entry, limits user to remove/delete/uninstall it: \"DVDVideoSoft Free Studio\" \n","ACR-017":"The application logo is way too similar to the windows logo, misleading representation for the app source. \n","ACR-084":"The app_updater service is running in the background without the user's awareness, and lack of interface for the user to disable its service.\n","ACR-039":"The app installs \"FreeStudioManager\" and \"FreeCodecPack\" without disclosing it to the user and getting user consent. \n","ACR-164":"The app needs to provide details about how to cancel online when users receive notification for renewal and what's the price amount after the time-bound discount expires.\n"},"nonDeceptorViolations":{"ACR-044":"The app does not disclose to users of the other application to download and install. \n","ACR-040":"The app did not disclose components \"FreeStudioManager\" are installed in the non-common folder. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\n The landing page does not display links to the Returns and Cancellation Policy. \n The internal offers page does not display links to the Returns and Cancellation Policy. \n","ACR-099":"The app's  About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information. \nThe internal offers page does not contain links to uninstall information. \n","ACR-123":"The app does not remove the \"FreeCodecPack\" folder and files even after uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"FreeStudioManager.exe","companyName":"Digital Wave Ltd","productName":"Free Studio Manager","productVersion":"6.6.34.315","fileVersion":"6.6.34.315","hashMD5":"652e2a92e8283948cc071ed0c5c81969","hashSHA1":"a33936f3daf89c71070aa50df19c732d86ce0c86","hashSHA256":"6264c70db2be899daba688b675537d9dd38bfb11e70150f721796fbb76fea583","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1714","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SoundCloudDownload_2.1.31.315_o.exe","isInstaller":"True","companyName":"Digital Wave Ltd                                            ","productName":"SoundCloud Download","productVersion":"2.1.31.315","fileVersion":"2.1.31.315","hashMD5":"7c4132759f6002fbc0011c4c57923073","hashSHA1":"793357dcfa86ebd65b7b8bd5218b12d9c83ae30c","hashSHA256":"efd736f1cf14807205a378b59675b93d39e526b0c3f40782f9dcb0c7826934a8","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1714","avBlockList":["Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","Dr.Web Security Space (20220215)","K7 Total Security (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","Sophos Home Premium (20220215)","SpyHunter5 (20220215)","Total AV Antivirus Pro (20220215)","VirIT eXplorer PRO (20220215)","Webroot SecureAnywhere (20220215)","Windows Defender (20220215)"],"avAllowList":["360 Total Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","Kaspersky Internet Security (20220215)","Malwarebytes Premium (20220215)","Quick Heal Internet Security (20220215)","Tencent PC Manager (20220215)","Trend Micro Internet Security (20220215)","VIPRE Advanced Security (20220215)"]},{"isRevoked":"False","fileName":"SoundCloudDownload.exe","companyName":"Digital Wave Ltd","productName":"SoundCloud Download","productVersion":"2.1.31.315","fileVersion":"2.1.31.315","hashMD5":"1ad813fd3b72891b8114fc3059f08bc2","hashSHA1":"01a44c6eee2f6eea9484f09152551466c8acc96d","hashSHA256":"98a92b3dac68a40a510d005a10036a23ae7bc0c525bac496f6ebb78ae48647f3","digitalCertThumbprint":"55833E878897E417BA9F3B90B8BBD2D1ECEEDF3D","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Digital Wave Ltd, O=Digital Wave Ltd, L=London, S=London, C=GB, SERIALNUMBER=06823196, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"1714","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"dvdvideosoft website","reference":"","landingPage":"https://www.dvdvideosoft.com/soundcloud-download.htm","directDownloadingLink":"https://www.dvdvideosoft.com/download.htm?fname=SoundCloudDownload.exe&ls=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dvdvideosoft.com/download.htm?fname=SoundCloudDownload.exe&ls=","sourceIndex":"1714"}],"sampleFiles":["220207/SoundCloudDownload-220204/2.1.31.315/Samples/FreeStudioManager.exe","220207/SoundCloudDownload-220204/2.1.31.315/Samples/SoundCloudDownload_2.1.31.315_o.exe","220207/SoundCloudDownload-220204/2.1.31.315/Samples/SoundCloudDownload.exe"],"imageFiles":["220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-109/FreeCodecPack Install Location.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-109/FreeStudioManager Install.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-039/FreeCodecPack Install Location.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-039/FreeStudioManager Install.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-043/FreeCodecPack Install Location.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-043/FreeStudioManager Install.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-048/App x Control Panel.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-017/Install Wizard.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-084/app_updater service.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-084/app_updater service info.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-164/OfferPage1.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-164/OfferPage2.png"],"nonDeceptorImageFiles":["220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-044/App Bundled.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-040/FreeStudioManager Install.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-065/EULA.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-065/App About.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-065/Landing Page.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-065/OfferPage1.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-065/OfferPage2.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-099/App About.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-099/Landing Page.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-099/OfferPage1.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-099/OfferPage2.png","220207/SoundCloudDownload-220204/2.1.31.315/Images/ACR-123/Retain FreeCodePack files.png"],"guid":"707c08f2-9069-40f8-bc54-5a8cf1aae106_2.1.31.315_1","appID":"SoundCloudDownload-220204","dateAdded":"220207","deceptorType":"App","name":"SoundCloud Download","company":"Digital Wave Ltd","version":"2.1.31.315","lastKnownStatus":"2.1.31.315","lastKnownDate":"220207","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-02-07T22:04:03.9602514+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1523},{"violations":{"ACR-048":"The app does not provide control to startup process, and scheduled tasks that were added by default.\n\n","ACR-005":"The app appears to mimic the chrome browser.\n","ACR-006":"The monetization approach is not clearly disclosed in software\n","ACR-084":"1) The app creates undisclosed scheduled tasks & startups to perform actions without the consumer's knowledge and consent.\n2) The process runs in the background on closing the app.\n3) The Secure browser process is disguised as \"Chrome.exe\", thus misleading the user to think the chrome browser is running.\n","ACR-103":"The value propositions claimed in the landing page don't exist in software and on clicking the \"Manage Extensions\", it only refreshes the current page. \n","ACR-104":"Search engine can't be changed as it claims.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"setdf.exe\" and \"SecureBrowserUpdate.exe6487b7\" components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SecureBrowserSetup.msi","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"0","hashMD5":"","hashSHA1":"","hashSHA256":"088cbcec6b80eba99eb691968e0f972935aae301e9cb6d1c6133699530dd5621","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","uriToBlock":"","sourceIndex":"336","avBlockList":["360 Total Security (20220215)","Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","Dr.Web Security Space (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","K7 Total Security (20220215)","Kaspersky Internet Security (20220215)","Malwarebytes Premium (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","SpyHunter5 (20220215)","Tencent PC Manager (20220215)","Total AV Antivirus Pro (20220215)","VIPRE Advanced Security (20220215)","VirIT eXplorer PRO (20220215)","Windows Defender (20220215)"],"avAllowList":["Quick Heal Internet Security (20220215)","Sophos Home Premium (20220215)","Trend Micro Internet Security (20220215)","Webroot SecureAnywhere (20220215)"]},{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Local\\BlazeMedia\\SecureBrowser\\Application\\chrome.exe","companyName":"Blaze Media","productName":"Secure Browser","productVersion":"95.0.4638.54","fileVersion":"95.0.4638.54","hashMD5":"d2d2cad3139b801a189a48b2a9714420","hashSHA1":"4a77f37c885379b2c4fbd94f4c4b194d8ad6c259","hashSHA256":"4ed3d7fdfa2a3a4587ca82d2dde6a98fdfe651dded1cbb7ee8b24ec12e96a0c7","digitalCertThumbprint":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuer":"Blaze Media Inc.","digitalCertIssuedTo":"","storeId":"","uriToBlock":"BC461FAAFBCDDB53BBD950A2DA62E4264E2B7FFC","sourceIndex":"336","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Suggested by AE","reference":"","landingPage":"https://secure-browser.io/","directDownloadingLink":"https://atlasox.s3.amazonaws.com/securebrowser.io/SecureBrowserSetup.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://atlasox.s3.amazonaws.com/securebrowser.io/SecureBrowserSetup.msi","sourceIndex":"336"}],"sampleFiles":["220207/Securebrowser-211030/21.11.11/Samples/SecureBrowserSetup.msi"],"imageFiles":["220207/Securebrowser-211030/21.11.11/Images/ACR-084/ACR-084_Software_UndisclosedScheduledTask.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-084/ACR-084_Software_UndisclosedStartup.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-084/ACR-084_Software_Name_Hidden.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-084/ACR-084_Software_ProcessRunsAfterClosing.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-103/ACR-103_Software_Missing_Proposition.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-103/ACR-103_Software_Missing_Proposition_1.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-104/ACR-104_Software_Search_Engine_Changed.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-048/ACR-048_Software_NoControl.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-048/ACR-048_Software_NoControlToExtension.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-005/ACR-005_Software_MimicsChromeBrowser.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-006/ACR-006_Software_NoDetails.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220207/Securebrowser-211030/21.11.11/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG"],"nonDeceptorImageFiles":[],"guid":"0d480855-ca13-4468-8997-04b5d27a9eda_21.11.11_1","appID":"Securebrowser-211030","dateAdded":"220207","deceptorType":"App","name":"Secure Browser","company":"Blaze Media","version":"21.11.11","lastKnownStatus":"88.0.4324.96;1.3.105.0;21.11.11","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2024-11-26T23:41:45.8240668+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1526},{"violations":{"ACR-109":"The app drops a folder that has Internet Shortcut files of other products of the \"NTechnologies Inc\" during installation without disclosing it to the user and gets user consent.\n","ACR-042":"The app drops a folder that has Internet Shortcut files of other products of the \"NTechnologies Inc\" during installation without disclosing it to the user and gets user consent.\n","ACR-043":"The app drops a folder that has Internet Shortcut files of other products of the \"NTechnologies Inc\" during installation without disclosing it to the user and gets user consent.\n","ACR-004":"The app does not provide any free fix for all the identified issues during the free scan, It only asks the user to register & purchase the product.\n","ACR-007":"The app does not display any warning message when Windows security component \"Security Health\" is disabled in the Startup manager within the app, thus leading lower the default security posture of system.\n","ACR-039":"The app drops a folder that has Internet Shortcut files of other products of the \"NTechnologies Inc\" during installation without disclosing it to the user and gets user consent.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not provide digital signature for the following executables: \"newutilitiessetup.exe\", \"newutilities.exe\".\n"},"samples":[{"isRevoked":"False","fileName":"newutilitiessetup.exe","isInstaller":"True","companyName":"NTechnologies Inc                                           ","productName":"New Utilities                                               ","productVersion":"4.0                                               ","fileVersion":"4.0                 ","hashMD5":"358c2bc90f12df109723dea874a6515a","hashSHA1":"e8dd9fe5a0c154df10f5f9c7378d61c2e4da31fe","hashSHA256":"660617cd0438cb5de98d49c918aff6a8604e01c93046c4e1e7c41d38b7b7effa","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"338","avBlockList":["Avast Premium Security (20220215)","AVG Internet Security (20220215)","Avira Internet Security (20220215)","ESET Internet Security (20220215)","G DATA INTERNET SECURITY (20220215)","K7 Total Security (20220215)","Malwarebytes Premium (20220215)","McAfee Total Protection (20220215)","Norton Security (20220215)","Panda Dome (20220215)","Quick Heal Internet Security (20220215)","Sophos Home Premium (20220215)","SpyHunter5 (20220215)","Total AV Antivirus Pro (20220215)","Trend Micro Internet Security (20220215)","VirIT eXplorer PRO (20220215)","Webroot SecureAnywhere (20220215)","Windows Defender (20220215)"],"avAllowList":["360 Total Security (20220215)","Bitdefender Internet Security (20220215)","COMODO Antivirus (20220215)","Dr.Web Security Space (20220215)","Kaspersky Internet Security (20220215)","Tencent PC Manager (20220215)","VIPRE Advanced Security (20220215)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\New Utilities\\NewUtilities.exe","companyName":"NTechnologies Inc","productName":"New Utilities","productVersion":"4.0.0.0","fileVersion":"4.0.0.0","hashMD5":"c18586a9a90a40d964bef8cfe3e3378d","hashSHA1":"f1177e7e472cf9a4cafc5b534cfeeb0ce76e4cfb","hashSHA256":"a1333094910b93d061465aebf4e19cb590af6107663b5477db8ba9e4b85a163a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"338","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random Google hunt","reference":"","landingPage":"http://www.new-utilities.net/","directDownloadingLink":"http://www.new-utilities.net/download/newutilitiessetup.exe?v4_0","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.new-utilities.net/download/newutilitiessetup.exe?v4_0","sourceIndex":"338"}],"sampleFiles":["220203/newutilities-220203/4.0.0.0/Samples/newutilitiessetup.exe"],"imageFiles":["220203/newutilities-220203/4.0.0.0/Images/ACR-109/ACR-109_Installs_Drops_Shortcut.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-109/ACR-109_Installs_Drops_Shortcut_Files.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-039/ACR-039_Installs_Drops_Shortcut.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-039/ACR-039_Installs_Drops_Shortcut_Files.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-043/ACR-043_Installs_Drops_Shortcut.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-043/ACR-043_Installs_Drops_Shortcut_Files.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-042/ACR-042_Installs_Drops_Shortcut.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-042/ACR-042_Installs_Drops_Shortcut_Files.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-004/ACR-004_Software_No_Free_Fix.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-004/ACR-004_Software_No_Free_Fix_1.JPG","220203/newutilities-220203/4.0.0.0/Images/ACR-007/ACR-007_Software_No_Warning_Message.JPG"],"nonDeceptorImageFiles":["220203/newutilities-220203/4.0.0.0/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG"],"guid":"4d6a467e-2a22-470c-a832-4dabe0049d10_4.0.0.0_1","appID":"newutilities-220203","dateAdded":"220203","deceptorType":"App","name":"New Utilities","company":"NTechnologies Inc","version":"4.0.0.0","lastKnownStatus":"4.0.0.0","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-26T23:32:53.5187082+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1528},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent. \n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear. RK offer is  presented as must accept offer\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part must accept offer in the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":"The install wizard did not display any EULA.\nThe app does not display links to the Privacy Policy.\n","ACR-106":" App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details. \n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n The application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying 3rd party endorsement logo without 3rd party approval.\n"},"samples":[{"isRevoked":"False","fileName":"dnwhe.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":".NET WYSIWYG HTML Editor","productVersion":"2.0.014","fileVersion":"2.0.14.0","hashMD5":"0811d70467592bf47f38a40b74f27f42","hashSHA1":"37ec9ae13acf41353fa173fc4643de234648fefe","hashSHA256":"77773820e0751c7731ae2a22662b3ae712aac20b77e218b4e8e22940d5c14e56","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1722","avBlockList":["Avast Premium Security (20220224)","AVG Internet Security (20220224)","Avira Internet Security (20220224)","Bitdefender Internet Security (20220224)","COMODO Antivirus (20220224)","Dr.Web Security Space (20220224)","ESET Internet Security (20220224)","G DATA INTERNET SECURITY (20220224)","K7 Total Security (20220224)","Kaspersky Internet Security (20220224)","Malwarebytes Premium (20220224)","McAfee Total Protection (20220224)","Norton Security (20220224)","Panda Dome (20220224)","Quick Heal Internet Security (20220224)","Sophos Home Premium (20220224)","SpyHunter5 (20220224)","Tencent PC Manager (20220224)","Total AV Antivirus Pro (20220224)","Trend Micro Internet Security (20220224)","VirIT eXplorer PRO (20220224)","Webroot SecureAnywhere (20220224)","Windows Defender (20220224)"],"avAllowList":["360 Total Security (20220224)","VIPRE Advanced Security (20220224)"]},{"isRevoked":"False","fileName":".NET WYSIWYG HTML Editor.exe","companyName":"TriSun Software Limited","productName":".NET WYSIWYG HTML Editor","productVersion":"2.0.014","fileVersion":"2.0.14.0","hashMD5":"611aecb1a917acdfca7e69121aa84132","hashSHA1":"a851e3e2a21de5a4d9098d5b24fcdafec2b0966f","hashSHA256":"9351196ecd83ded52ed3310645cefb09ce17df1a4310d59c329448055f919a92","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1722","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/freeware/net-wysiwyg-html-editor.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/freeware/net-wysiwyg-html-editor.zip","sourceIndex":"1722"}],"sampleFiles":["220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Samples/dnwhe.exe","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Samples/.NET WYSIWYG HTML Editor.exe"],"imageFiles":["220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-109/dotNet Install.png","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-039/RK EULA.png","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-039/RK_offer_decline.JPG","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-010/dotNet Install.png","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-059/dotNet Install.png","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-059/RK_offer_decline.JPG","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-155/dotNet Install.png"],"nonDeceptorImageFiles":["220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-065/dotNet Install Video.mp4","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-065/dotNet About.png","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-017/dotNet Badges.png","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-106/dotNet Install.png","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-099/dotNet About.png","220128/dotNETWYSIWYGHTMLEditor-220127/2.0.014/Images/ACR-099/DOTNET HTML Editor Landing Page.png"],"guid":"5fe1e61a-6c29-4819-9b1b-5aa2334d033d_2.0.014_1","appID":"dotNETWYSIWYGHTMLEditor-220127","dateAdded":"220128","deceptorType":"App","name":".NET WYSIWYG HTML Editor","company":"TriSun Software Limited","version":"2.0.014","lastKnownStatus":"2.0.014","lastKnownDate":"220128","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2022-01-29T03:07:55.0256245+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1530},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent. \n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":" The Offer is not clearly marked as an offer, who is recommending the offer is not clear. The decline option is not a truthful option. \n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Privacy Policy.\n The app does not display links to the Privacy Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled. \n","ACR-017":" The app elevates its consumer trust level by displaying 3rd party endorsement without 3rd party approval and being verifiable\n"},"samples":[{"isRevoked":"False","fileName":"1tree Installer.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"1Tree","productVersion":"7.0.078","fileVersion":"7.0.78.0","hashMD5":"3bc33d0be559bf60df4f84ece3a667cc","hashSHA1":"96d649db342dd9f6f7de2a6f73bdffaf618d14e3","hashSHA256":"5d4be3aad80888a0397bae3005c9ca2ea949ca16773090cf67b0a078b71ba186","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1725","avBlockList":["Avast Premium Security (20220224)","AVG Internet Security (20220224)","Avira Internet Security (20220224)","Bitdefender Internet Security (20220224)","COMODO Antivirus (20220224)","Dr.Web Security Space (20220224)","ESET Internet Security (20220224)","G DATA INTERNET SECURITY (20220224)","K7 Total Security (20220224)","Kaspersky Internet Security (20220224)","Malwarebytes Premium (20220224)","McAfee Total Protection (20220224)","Norton Security (20220224)","Panda Dome (20220224)","Quick Heal Internet Security (20220224)","Sophos Home Premium (20220224)","SpyHunter5 (20220224)","Tencent PC Manager (20220224)","Total AV Antivirus Pro (20220224)","VIPRE Advanced Security (20220224)","VirIT eXplorer PRO (20220224)","Webroot SecureAnywhere (20220224)","Windows Defender (20220224)"],"avAllowList":["360 Total Security (20220224)","Trend Micro Internet Security (20220224)"]},{"isRevoked":"False","fileName":"1Tree.exe","companyName":"TriSun Software Limited","productName":"1Tree","productVersion":"7.0.078","fileVersion":"7.0.78.0","hashMD5":"40349c39cc2069afc828f27ad0c4dccf","hashSHA1":"17217aedc1b6377ab15e863d177c138a8bebc48a","hashSHA256":"921bff03f7cb00f11e2e8f491f6bd353ea9c8e8eb6634e80187c6454d726d8a2","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1725","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://1tree.info/p/1tree.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://1tree.info/p/1tree.zip","sourceIndex":"1725"}],"sampleFiles":["220128/1Tree-220127/7.0.078/Samples/1tree Installer.exe","220128/1Tree-220127/7.0.078/Samples/1Tree.exe"],"imageFiles":["220128/1Tree-220127/7.0.078/Images/ACR-109/1Tree Install.png","220128/1Tree-220127/7.0.078/Images/ACR-039/1Tree Install.png","220128/1Tree-220127/7.0.078/Images/ACR-010/1Tree Install.png","220128/1Tree-220127/7.0.078/Images/ACR-059/RK EULA.png","220128/1Tree-220127/7.0.078/Images/ACR-059/RK_offer_decline.JPG","220128/1Tree-220127/7.0.078/Images/ACR-155/1Tree Install.png"],"nonDeceptorImageFiles":["220128/1Tree-220127/7.0.078/Images/ACR-065/1Tree EULA.png","220128/1Tree-220127/7.0.078/Images/ACR-065/1Tree About.png","220128/1Tree-220127/7.0.078/Images/ACR-017/1Tree Badges.png","220128/1Tree-220127/7.0.078/Images/ACR-106/1Tree Install.png","220128/1Tree-220127/7.0.078/Images/ACR-099/1Tree About.png","220128/1Tree-220127/7.0.078/Images/ACR-099/1Tree Landing Page.png"],"guid":"0705edbe-ebe6-4d0a-a126-105f57763c36_7.0.078_1","appID":"1Tree-220127","dateAdded":"220128","deceptorType":"App","name":"1Tree","company":"TriSun Software Limited","version":"7.0.078","lastKnownStatus":"7.0.078","lastKnownDate":"220128","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2022-01-29T00:03:53.1986868+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1531},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and getting user consent.\n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler is not declinable (the decline option is untruthful option, it is not working), Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear. App presents fake \"I decline\" option. When user choose \"I decline\" option, installer process can't be continued because \"next\" button keeps disabled.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":" The install wizard does not display links to the Privacy Policy.\nThe app does not display links to Privacy Policy. \n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application (Relevant Knowledge 1.1.0, installer SHA256: 53EF40C6950B12E766195905FFCC596D771B43398AD2EEB2F9A895AB5A8BB278). See Relevant Knowledge Deceptor details.\n","ACR-153":"RelevantKnowledge offer can't be declined. The \"I decline\" option is untruthful. User can't continue to install if \"I decline\" option is chosed. \n","ACR-017":"The app elevates its consumer trust level by displaying 3rd party endorsement logo without 3rd party approve and not verifiable. \n"},"samples":[{"isRevoked":"False","fileName":"wepp.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"WinExt Privacy Protector","productVersion":"1.0.001","fileVersion":"1.0.1.0","hashMD5":"dd62b791a3ac57f1039918ba4c998894","hashSHA1":"5679bb7a095ca5ad9a8dcf45bd502a8d77763181","hashSHA256":"67d3791b3c9562e2f0573e246a74c21eb6a4468908194cae1be351501fca858c","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1724","avBlockList":["Avast Premium Security (20220217)","AVG Internet Security (20220217)","Avira Internet Security (20220217)","Bitdefender Internet Security (20220217)","COMODO Antivirus (20220217)","Dr.Web Security Space (20220217)","ESET Internet Security (20220217)","G DATA INTERNET SECURITY (20220217)","K7 Total Security (20220217)","Kaspersky Internet Security (20220217)","Malwarebytes Premium (20220217)","McAfee Total Protection (20220217)","Norton Security (20220217)","Panda Dome (20220217)","Quick Heal Internet Security (20220217)","Sophos Home Premium (20220217)","SpyHunter5 (20220217)","Tencent PC Manager (20220217)","Total AV Antivirus Pro (20220217)","Trend Micro Internet Security (20220217)","VIPRE Advanced Security (20220217)","VirIT eXplorer PRO (20220217)","Webroot SecureAnywhere (20220217)","Windows Defender (20220217)"],"avAllowList":["360 Total Security (20220217)"]},{"isRevoked":"False","fileName":"WinExt Privacy Protector.exe","companyName":"TriSun Software Limited","productName":"WinExt Privacy Protector","productVersion":"1.0.001","fileVersion":"1.0.1.0","hashMD5":"f7dfc01345b63a22ecc4c18ac5b053fe","hashSHA1":"486e5e71b0273910884b84c52f86141b58874751","hashSHA256":"dfcbca8b01b0e8ff10830545b8f9b61b03e7d077f800cb97b23d3669fbade2c5","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1724","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"Trisun software bundler","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/files/wepp.zip","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/files/wepp.zip","sourceIndex":"1724"}],"sampleFiles":["220128/WinExtPrivacyProtector-220127/1.0.001/Samples/wepp.exe","220128/WinExtPrivacyProtector-220127/1.0.001/Samples/WinExt Privacy Protector.exe"],"imageFiles":["220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-109/WEPP Install.png","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-039/WEPP Install.png","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-010/WEPP Install.png","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-059/RK EULA.png","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-059/RK_offer_decline.JPG","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-155/WEPP Install.png"],"nonDeceptorImageFiles":["220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-065/WEPP EULA.png","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-065/WEPP About.png","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-017/WEPP Badges.png","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-106/WEPP Install.png","220128/WinExtPrivacyProtector-220127/1.0.001/Images/ACR-153/RK_offer_decline.JPG"],"guid":"7bf16665-4257-41ab-a8b9-575969586117_1.0.001_1","appID":"WinExtPrivacyProtector-220127","dateAdded":"220128","deceptorType":"App","name":"WinExt Privacy Protector","company":"TriSun Software Limited","version":"1.0.001","sigName":"Deceptor:Win32/WinExtPrivacyProtector!109039010059155","lastKnownStatus":"1.0.001","lastKnownDate":"220128","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2022-01-29T00:05:09.4453429+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1529},{"violations":{"ACR-043":"The app installs itself without the user accepting the \"Terms and Conditions\" or EULA.\n","ACR-046":"The app is automatically installed on the computer without providing disclosures and options beforehand.\n","ACR-048":"App minimizes to system tray when the user chooses to close the app. The app should provide an option to close&quit the app completely for user.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by automatically detecting clipboard.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying user.\n","ACR-164":"The app needs to provide detailed information about how users will be notified for renewal and how to cancel the annual subscription.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"AppData”.\n","ACR-045":"The app is automatically installed on the computer without providing disclosures and options beforehand.\n","ACR-065":"The app is automatically installed on the computer without providing disclosures and options beforehand.\nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information. \nThe internal offers page does not contain links to uninstall information.\n","ACR-123":"An app uninstallation needs to revert the consumer's system state prior to the original app installation.\n"},"samples":[{"isRevoked":"False","fileName":"YeetDL.exe","companyName":"Sofyeedo LLC","productName":"YeetDL","productVersion":"1.2.48","fileVersion":"1.2.48.0","hashMD5":"0a14afdcf0de511c20375bf9e9a22920","hashSHA1":"4b8aaf6a7143a43323694cb34cdf64218899ef50","hashSHA256":"d81b7677ac1e6e2c014086d3004f80d874d3c384f901ebccc3443158077486a3","digitalCertThumbprint":"2099CD8DA0103E0A61F3CEA699B6E3B8DA999694","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sofyeedo LLC, O=Sofyeedo LLC, STREET=11923 NE Sumner St, L=Portland, S=Oregon, PostalCode=97220, C=US","sourceIndex":"1677","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","companyName":"Sofyeedo LLC","productName":"YeetDL","productVersion":"1.2.48","fileVersion":"1.2.48.0","hashMD5":"76ed1dd95226f246cb5003664c5cc33f","hashSHA1":"ca33b1ef61cb07b368f8eed40dea299df7d49a26","hashSHA256":"e673e093690429e3ea648b94e2c4da3f4dd632e4a38a51b2d160d8d9a7026c9e","digitalCertThumbprint":"2099CD8DA0103E0A61F3CEA699B6E3B8DA999694","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sofyeedo LLC, O=Sofyeedo LLC, STREET=11923 NE Sumner St, L=Portland, S=Oregon, PostalCode=97220, C=US","sourceIndex":"1677","avBlockList":["360 Total Security (20220224)","Avast Premium Security (20220224)","AVG Internet Security (20220224)","Avira Internet Security (20220224)","COMODO Antivirus (20220224)","ESET Internet Security (20220224)","G DATA INTERNET SECURITY (20220224)","K7 Total Security (20220224)","McAfee Total Protection (20220224)","Norton Security (20220224)","Panda Dome (20220224)","Quick Heal Internet Security (20220224)","Sophos Home Premium (20220224)","SpyHunter5 (20220224)","Total AV Antivirus Pro (20220224)","Trend Micro Internet Security (20220224)","VirIT eXplorer PRO (20220224)","Windows Defender (20220224)"],"avAllowList":["Bitdefender Internet Security (20220224)","Dr.Web Security Space (20220224)","Kaspersky Internet Security (20220224)","Malwarebytes Premium (20220224)","Tencent PC Manager (20220224)","VIPRE Advanced Security (20220224)","Webroot SecureAnywhere (20220224)"]}],"additionalFiles":[],"sources":[{"howFound":"filehippo.com download site","reference":"","landingPage":"https://yeetdl.com/","directDownloadingLink":"https://yeetdl.com/en","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://yeetdl.com/en","sourceIndex":"1677"}],"sampleFiles":["220127/YeetDL-220125/1.2.48/Samples/YeetDL.exe","220127/YeetDL-220125/1.2.48/Samples/Setup.exe"],"imageFiles":["220127/YeetDL-220125/1.2.48/Images/ACR-043/YeetDL Installation.mp4","220127/YeetDL-220125/1.2.48/Images/ACR-046/YeetDL Installation.mp4","220127/YeetDL-220125/1.2.48/Images/ACR-046/YeetDL Installation.m4v","220127/YeetDL-220125/1.2.48/Images/ACR-048/YeetDL Close.png","220127/YeetDL-220125/1.2.48/Images/ACR-007/YeetDL Autodetect Clipboard.mp4","220127/YeetDL-220125/1.2.48/Images/ACR-118/YeetDL After Uninstall.png","220127/YeetDL-220125/1.2.48/Images/ACR-164/YeetDL Offer Page 2.png"],"nonDeceptorImageFiles":["220127/YeetDL-220125/1.2.48/Images/ACR-040/YeetDL Install Path.png","220127/YeetDL-220125/1.2.48/Images/ACR-045/YeetDL Installation.mp4","220127/YeetDL-220125/1.2.48/Images/ACR-045/YeetDL Installation.m4v","220127/YeetDL-220125/1.2.48/Images/ACR-065/YeetDL Installation.mp4","220127/YeetDL-220125/1.2.48/Images/ACR-065/YeetDL Installation.m4v","220127/YeetDL-220125/1.2.48/Images/ACR-065/YeetDL About.png","220127/YeetDL-220125/1.2.48/Images/ACR-065/YeetDL Offer Page 1.png","220127/YeetDL-220125/1.2.48/Images/ACR-065/YeetDL Offer Page 2.png","220127/YeetDL-220125/1.2.48/Images/ACR-161/YeetDL Testimonials.png","220127/YeetDL-220125/1.2.48/Images/ACR-099/YeetDL About.png","220127/YeetDL-220125/1.2.48/Images/ACR-099/YeetDL Landing Page.png","220127/YeetDL-220125/1.2.48/Images/ACR-099/YeetDL Offer Page.png","220127/YeetDL-220125/1.2.48/Images/ACR-123/YeetDL After Uninstall.png"],"guid":"f3bec441-990e-42e5-8838-733ac0347e90_1.2.48_1","appID":"YeetDL-220125","dateAdded":"220127","deceptorType":"App","name":"YeetDL","company":"Sofyeedo LLC","version":"1.2.48","sigName":"Deceptor:Win32/YeetDL!043046048007118164","firstVendorContactDate":"220308","firstAppEsteemReplyDate":"220308","firstResolvedDate":"220321","firstResolvedVersion":"1.2.54","resolved":"TRUE","lastKnownStatus":"1.2.48","lastKnownDate":"220321","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-03-21T18:43:38.5716602+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1532},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent. \n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear.\n","ACR-039":" There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application. \n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \n The landing page does not display links to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details. \n","ACR-099":" The application has no link to a webpage that shows how to uninstall the app. \n The application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page. \n"},"samples":[{"isRevoked":"False","fileName":"webr.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"WinExt Bulk Renamer","productVersion":"1.0.12.0","fileVersion":"1.0.12.0","hashMD5":"9496827344b1b98acdf1a01152ae2c96","hashSHA1":"49ec157c42803b9e752578ee306237164c0ad44b","hashSHA256":"c88c17ad2b1febbc489a21b095a62f956b54e98d31ae9c8125ed26f5a24976a8","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1727","avBlockList":["Avast Premium Security (20220224)","AVG Internet Security (20220224)","Avira Internet Security (20220224)","Bitdefender Internet Security (20220224)","COMODO Antivirus (20220224)","Dr.Web Security Space (20220224)","ESET Internet Security (20220224)","G DATA INTERNET SECURITY (20220224)","K7 Total Security (20220224)","Kaspersky Internet Security (20220224)","Malwarebytes Premium (20220224)","McAfee Total Protection (20220224)","Norton Security (20220224)","Panda Dome (20220224)","Quick Heal Internet Security (20220224)","Sophos Home Premium (20220224)","SpyHunter5 (20220224)","Tencent PC Manager (20220224)","Total AV Antivirus Pro (20220224)","VIPRE Advanced Security (20220224)","VirIT eXplorer PRO (20220224)","Webroot SecureAnywhere (20220224)","Windows Defender (20220224)"],"avAllowList":["360 Total Security (20220224)","Trend Micro Internet Security (20220224)"]},{"isRevoked":"False","fileName":"WinExt Bulk Renamer.exe","companyName":"TriSun Software Limited","productName":"WinExt Bulk Renamer","productVersion":"1.0.12.0","fileVersion":"1.0.12.0","hashMD5":"c5f3f8e5bb57a9e9ac87f3dcb9118c31","hashSHA1":"a67fbda5b3e9f256c2547311f1bd7bd6c3795d5e","hashSHA256":"c50deeae6693c7b38e5b0913540e7f40b025ed252c529b78e77f042b4a38c4c4","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1727","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/files/webr.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/files/webr.zip","sourceIndex":"1727"}],"sampleFiles":["220125/WinExtBulkRenamer-220125/1.0.12.0/Samples/webr.exe","220125/WinExtBulkRenamer-220125/1.0.12.0/Samples/WinExt Bulk Renamer.exe"],"imageFiles":["220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-109/RK Install.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-039/RK Install.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-010/RK Install.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-059/RK Install.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-155/RK Install.png"],"nonDeceptorImageFiles":["220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-065/WEBR EULA.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-065/WEBR About.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-065/WEBR Landing Page.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-017/WEBR Badges.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-106/RK Install.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-099/WEBR About.png","220125/WinExtBulkRenamer-220125/1.0.12.0/Images/ACR-099/WEBR Landing Page.png"],"guid":"648120a7-178f-4099-bbf3-a56313a33984_1.0.12.0_1","appID":"WinExtBulkRenamer-220125","dateAdded":"220125","deceptorType":"App","name":"WinExt Bulk Renamer","company":"TriSun Software Limited","version":"1.0.12.0","lastKnownStatus":"1.0.12.0","lastKnownDate":"220125","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,sold in bundle","lastUpdate":"2022-01-25T23:05:37.913018+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1533},{"violations":{"ACR-042":"The app installs undisclosed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app installs Trusted Root certificate without disclosing why and potential risk introduced to user system. User is not offered to choose deny it. \n","ACR-017":"Unable to verify logo in the Internal offers page (https://bit.ly/3IBWTba)\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly and straightforward what the effect it causes to user's system. For example, the Trusted Root certificate installed. \n"},"samples":[{"isRevoked":"False","fileName":"servicesoptimizer_setup.exe","isInstaller":"True","companyName":"Smart PC Utilities","productName":"PC Services Optimizer","productVersion":"4.0.1047.0","fileVersion":"4.0.1047.0","hashMD5":"8b48ebe7e2286c5724c44fb02de37f7c","hashSHA1":"b611471afabbee938ef98fba50b832f78c5e1589","hashSHA256":"3d36896fbacf289f0efb6b22247b8f425f41c57dc59ca45f0c7a79f14e78ff97","digitalCertThumbprint":"550249295409F02CB1A24F94CB17369D5CC6D4F7","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Ahmed Fathi","storeId":"","sourceIndex":"1728","avBlockList":["Avast Premium Security (20220224)","AVG Internet Security (20220224)","Avira Internet Security (20220224)","ESET Internet Security (20220224)","G DATA INTERNET SECURITY (20220224)","K7 Total Security (20220224)","McAfee Total Protection (20220224)","Norton Security (20220224)","Panda Dome (20220224)","Sophos Home Premium (20220224)","SpyHunter5 (20220224)","Total AV Antivirus Pro (20220224)","VirIT eXplorer PRO (20220224)","Windows Defender (20220224)"],"avAllowList":["360 Total Security (20220224)","Bitdefender Internet Security (20220224)","COMODO Antivirus (20220224)","Dr.Web Security Space (20220224)","Kaspersky Internet Security (20220224)","Malwarebytes Premium (20220224)","Quick Heal Internet Security (20220224)","Tencent PC Manager (20220224)","Trend Micro Internet Security (20220224)","VIPRE Advanced Security (20220224)","Webroot SecureAnywhere (20220224)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Smart PC Utilities\\PC Services Optimizer\\ServicesOptimizer.exe","companyName":"Smart PC Utilities Ltd.","productName":"PC Services Optimizer","productVersion":"4.0.1047.0","fileVersion":"4.0.1047.0","hashMD5":"d1cc620c94d3ac3304e822845fdac6cc","hashSHA1":"d00e3df5bc80c3f8483e61667c5cc620cbd859c3","hashSHA256":"7823471d69324fbd73d430de86411e4c9b7c6f142cd2205db8fbab45b6fb3962","digitalCertThumbprint":"D8D05DB8C4650B25859281786AE599CCEA4D07A2","digitalCertIssuer":"Smart PC Utilities","digitalCertIssuedTo":"Smart PC Utilities","storeId":"","sourceIndex":"1728","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random Hunt","reference":"","landingPage":"https://www.smartpcutilities.com/servicesoptimizer.html","directDownloadingLink":"https://www.smartpcutilities.com/files/servicesoptimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.smartpcutilities.com/files/servicesoptimizer.exe","sourceIndex":"1728"}],"sampleFiles":["220125/pcservicesoptimizer-220125/4.0.1047.0/Samples/servicesoptimizer_setup.exe"],"imageFiles":["220125/pcservicesoptimizer-220125/4.0.1047.0/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed.JPG","220125/pcservicesoptimizer-220125/4.0.1047.0/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed.JPG","220125/pcservicesoptimizer-220125/4.0.1047.0/Images/ACR-017/ACR-017_InternalOffers_Unverifiable_Logos.JPG"],"nonDeceptorImageFiles":["220125/pcservicesoptimizer-220125/4.0.1047.0/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed.JPG"],"guid":"c024f362-7b3c-431a-b94b-83837966221e_4.0.1047.0_1","appID":"pcservicesoptimizer-220125","dateAdded":"220125","deceptorType":"App","name":"PC Services Optimizer","company":"Smart PC Utilities","version":"4.0.1047.0","sigName":"Deceptor:Win32/PCServicesOptimizer!042043017","lastKnownStatus":"4.0.1047.0","lastKnownDate":"220125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-01-25T22:47:53.4069315+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1534},{"violations":{"ACR-042":"The app installs undisclosed Trusted Root Certificate without obtaining the consumer's permission through explicit user action.\n","ACR-043":"The app installs Trusted Root certificate without disclosing why and potential risk introduced to the user system. The user is not offered to choose deny it.\n","ACR-017":"Unable to verify the logos in the Internal offers page ( https://bit.ly/3rHlxQY )\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains \"SmartPCUtilities.cer\" on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-045":"The app doesn't describe clearly and straightforward what the effect it causes to user's system. For example, the Trusted Root certificate installed.  \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Smart PC Utilities\\Game Fire\\GameFire.exe","companyName":"Smart PC Utilities Ltd.","productName":"Game Fire","productVersion":"6.7.3800.0","fileVersion":"6.7.3800.0","hashMD5":"2c418b8dccc962345323d1b5503f029f","hashSHA1":"b37ed0bafd70f511fc7ec58fc599ee4d9389d8c0","hashSHA256":"b71ae1f9c13c72960af4f6c7bc725b494bbf3395a03666c0bad49ded21a9ac01","digitalCertThumbprint":"D8D05DB8C4650B25859281786AE599CCEA4D07A2","digitalCertIssuer":"Smart PC Utilities","digitalCertIssuedTo":"Smart PC Utilities","storeId":"","sourceIndex":"1708","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"gamefire.exe","isInstaller":"True","companyName":"Smart PC Utilities","productName":"Game Fire","productVersion":"6.7.3800.0","fileVersion":"6.7.3800.0","hashMD5":"bb85e2bd9e23305539cd41288fbf356a","hashSHA1":"05fda6f0752fb4bd5c81a08cdab188a8b7bf142f","hashSHA256":"da43f92e27c1e167519cb0224abbf0bed5e9a824eac3571ec3df10b12150e64b","digitalCertThumbprint":"95097CC4ECF84A5D04EB87BB6335FC5104230D41","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Ahmed Fathi","storeId":"","sourceIndex":"1708","avBlockList":["360 Total Security (20220203)","Avast Premium Security (20220203)","AVG Internet Security (20220203)","Avira Internet Security (20220203)","Bitdefender Internet Security (20220203)","ESET Internet Security (20220203)","G DATA INTERNET SECURITY (20220203)","K7 Total Security (20220203)","McAfee Total Protection (20220203)","Norton Security (20220203)","Panda Dome (20220203)","Sophos Home Premium (20220203)","SpyHunter5 (20220203)","Tencent PC Manager (20220203)","Total AV Antivirus Pro (20220203)","VIPRE Advanced Security (20220203)","VirIT eXplorer PRO (20220203)","Windows Defender (20220203)"],"avAllowList":["COMODO Antivirus (20220203)","Dr.Web Security Space (20220203)","Kaspersky Internet Security (20220203)","Malwarebytes Premium (20220203)","Quick Heal Internet Security (20220203)","Trend Micro Internet Security (20220203)","Webroot SecureAnywhere (20220203)"]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.smartpcutilities.com/game-booster-game-fire.html","directDownloadingLink":"https://www.smartpcutilities.com/files/gamefire.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.smartpcutilities.com/files/gamefire.exe","sourceIndex":"1708"}],"sampleFiles":["220125/gamefire-220125/6.7.3800/Samples/gamefire.exe"],"imageFiles":["220125/gamefire-220125/6.7.3800/Images/ACR-043/ACR-043_Install_Root_Certificate_Installed_1.JPG","220125/gamefire-220125/6.7.3800/Images/ACR-042/ACR-042_Install_Root_Certificate_Installed_1.JPG","220125/gamefire-220125/6.7.3800/Images/ACR-118/ACR-118_Uninstall_Retains.JPG","220125/gamefire-220125/6.7.3800/Images/ACR-017/ACR-017_InternalOffers_Unverifiable.JPG"],"nonDeceptorImageFiles":["220125/gamefire-220125/6.7.3800/Images/ACR-045/ACR-045_Install_Root_Certificate_Installed_1.JPG"],"guid":"707e6861-073f-4937-9927-a38c34f8f446_6.7.3800_1","appID":"gamefire-220125","dateAdded":"220125","deceptorType":"App","name":"Game Fire","company":"Smart PC Utilities","version":"6.7.3800","sigName":"Deceptor:Win32/GameFire!043042118017","firstVendorContactDate":"220207","firstAppEsteemReplyDate":"220210","firstResolvedDate":"220214","firstResolvedVersion":"6.8.3922","resolved":"TRUE","lastKnownStatus":"6.7.3800","lastKnownDate":"220125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-02-14T18:57:48.8280808+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1535},{"violations":{"ACR-043":"The \"Luminati\" related components are dropped before obtaining the user's consent and permission. \n","ACR-047":"The prompt regarding the \"Luminati\" appears whenever the app is launched even though it was declined. \n","ACR-048":"The app didn't provide control to close the app completely within the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection. \n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying user. \n","ACR-057":"The app fails to provide the consumer with clear and simple options to accept or decline associated offers.\n"},"nonDeceptorViolations":{"ACR-045":"The app didn't provide control to close the app completely within the app's settings.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\4dots Software\\Free Convert MP4 To MP3\\FreeConvertMP4ToMP3.exe","companyName":"","productName":"FreeFLACToMP3Converter4dots","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"01727c0d59febff21c760b8a3cd2b325","hashSHA1":"7cb9ef9640db717301d83523d7d1ef7f861cba42","hashSHA256":"5ffcc526add6acc97828ba92e745d761c7a6a585613e87a2b4ae4fa30f8ad5d5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1730","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeConvertMP4ToMP3Setup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"52629f42c089b63bcb57a0c3b65ea257","hashSHA1":"b90b9b0520154e4389616da0e4bec582c752cbd7","hashSHA256":"17ab70978b447ce37aacf1b8d9aa0a231b132ac73253ec99be9b05703877f71b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1730","avBlockList":["Avira Internet Security (20220127)","ESET Internet Security (20220127)","K7 Total Security (20220127)","Malwarebytes Premium (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Total AV Antivirus Pro (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":["360 Total Security (20220127)","Avast Premium Security (20220127)","AVG Internet Security (20220127)","Bitdefender Internet Security (20220127)","COMODO Antivirus (20220127)","Dr.Web Security Space (20220127)","G DATA INTERNET SECURITY (20220127)","Kaspersky Internet Security (20220127)","Quick Heal Internet Security (20220127)","Tencent PC Manager (20220127)","Trend Micro Internet Security (20220127)","VIPRE Advanced Security (20220127)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData","reference":"","landingPage":"https://www.softpedia.com/get/Multimedia/Audio/Audio-Convertors/Free-Convert-MP4-To-MP3.shtml","ipv4":"","ipv6":"","sourceIndex":"1730"}],"sampleFiles":["220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Samples/FreeConvertMP4ToMP3Setup.exe"],"imageFiles":["220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-043/ACR-043_Install.JPG","220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-047/ACR-047_Install.JPG","220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-007/ACR-007_Install.JPG","220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-084/ACR-084_Software_Process.JPG","220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-048/ACR-048_Software.JPG","220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-048/ACR-048_Software_1.JPG","220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-057/ACR-057_InlineOffers.JPG"],"nonDeceptorImageFiles":["220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-045/ACR-045_Install.JPG","220119/FreeConvertMp4ToMP3-220114/1.0.0.0/Images/ACR-045/ACR-045_Install_1.JPG"],"guid":"de040945-4736-4bdb-9b99-cb4916d629ae_1.0.0.0_1","appID":"FreeConvertMp4ToMP3-220114","dateAdded":"220119","deceptorType":"Bundler","name":"Free Convert Mp4 To MP3","version":"1.0.0.0","sigName":"Deceptor:Win32/FreeConvertMp4ToMP3!043047007084048118057","lastKnownStatus":"1.0.0.0","lastKnownDate":"220119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-01-20T01:41:05.1265739+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1537},{"violations":{"ACR-043":" The app drops \"BrightData\" components before user accepting the \"Terms and Policies\" of BrightData. \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n"},"nonDeceptorViolations":{"ACR-092":"The app didn't provide digital signature for the following executables: \"SunsetScreen_Setup.exe\" and \"SunsetScreen.exe\".\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\SunsetScreen_Trial\\SunsetScreen.exe","companyName":"Daniel White","productName":"SunsetScreen","productVersion":"1.32.0.0","fileVersion":"1.32.0.0","hashMD5":"8ca855f158d397b1dd6d41c97caa862b","hashSHA1":"461fd57c947324459da3fbecca5fb24f59f941ad","hashSHA256":"37564fd76eb275632836449f449f58cf081a0fdd0f2983c2284d100ea3bb7a4b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SunsetScreen_Setup.exe","isInstaller":"True","companyName":"Skytopia","productName":"SunsetScreen","productVersion":"","fileVersion":"2022.1.12.736","hashMD5":"d391cbddce1a6cb42c1d39885f97350e","hashSHA1":"0ad6147211dc9cf55dcee504f34ffb653d30a772","hashSHA256":"cb27332cf2d4461c07241892d919dbb294ca54060896a3f6a2df79b0fe7853d0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1651","avBlockList":["Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","Bitdefender Internet Security (20220127)","ESET Internet Security (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Tencent PC Manager (20220127)","Total AV Antivirus Pro (20220127)","VIPRE Advanced Security (20220127)","VirIT eXplorer PRO (20220127)","Windows Defender (20220127)"],"avAllowList":["360 Total Security (20220127)","COMODO Antivirus (20220127)","Dr.Web Security Space (20220127)","Kaspersky Internet Security (20220127)","Malwarebytes Premium (20220127)","Trend Micro Internet Security (20220127)","Webroot SecureAnywhere (20220127)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData","reference":"","landingPage":"https://sunsetscreen.en.lo4d.com/download","directDownloadingLink":"https://sunsetscreen.en.lo4d.com/download/mirror-hs1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sunsetscreen.en.lo4d.com/download/mirror-hs1","sourceIndex":"1651"}],"sampleFiles":["220119/SunsetScreen-220114/2022.1.12.736/Samples/SunsetScreen_Setup.exe"],"imageFiles":["220119/SunsetScreen-220114/2022.1.12.736/Images/ACR-043/ACR-043_Install_Files_Dropped.JPG","220119/SunsetScreen-220114/2022.1.12.736/Images/ACR-007/ACR-007_Install_1.JPG"],"nonDeceptorImageFiles":["220119/SunsetScreen-220114/2022.1.12.736/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG"],"guid":"1982260d-9587-4186-bcd3-4e2f7fb03e7f_2022.1.12.736_1","appID":"SunsetScreen-220114","dateAdded":"220119","deceptorType":"Bundler","name":"Sunset Screen","company":"Skytopia","version":"2022.1.12.736","firstVendorContactDate":"220407","firstAppEsteemReplyDate":"220407","firstResolvedDate":"220407","firstResolvedVersion":"2022.4.6.1918","resolved":"TRUE","lastKnownStatus":"2022.1.12.736","lastKnownDate":"220407","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-04-08T04:35:35.9377437+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1536},{"violations":{"ACR-043":"The \"Luminati\" related components are dropped before obtaining the user's consent and permission.  \n","ACR-047":"The prompt regarding the \"Luminati\" appears whenever the app is launched even though it was declined.\n","ACR-048":"The app didn't provide control to close the app completely within the app's settings.\n","ACR-007":" App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notify user.\n"},"nonDeceptorViolations":{"ACR-045":"The app didn't provide control to close the app completely within the app's settings.\n","ACR-092":"The app didn't provide digital signature for the following executables: \"FreeMPEGToMP3Converter.exe\" and \"FreeMPEGToMP3ConverterSetup.exe\".\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"BrightData","reference":"","landingPage":"https://www.softpedia.com/get/Multimedia/Video/Encoders-Converter-DIVX-Related/Free-MPEG-To-MP3-Converter-4dots.shtml","ipv4":"","ipv6":"","sourceIndex":"1729"}],"sampleFiles":[],"imageFiles":["220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-043/ACR-043_Install_Files_Dropped.JPG","220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-047/ACR-047_Install_1.JPG","220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-007/ACR-007_Install_1.JPG","220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-048/ACR-048_Software_No_Control_To_Quit.JPG","220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_Retains.JPG"],"nonDeceptorImageFiles":["220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-045/ACR-045_Install_1.JPG","220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-045/ACR-045_Install_2.JPG","220115/FreeMPEGToMP3Converter-220114/1.0.0.0/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG"],"guid":"9cb9f668-5eb3-4a85-9efb-00a2619c6357_1.0.0.0_1","appID":"FreeMPEGToMP3Converter-220114","dateAdded":"220115","deceptorType":"Bundler","name":"Free MPEG To MP3Converter","version":"1.0.0.0","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-01-20T01:43:38.7269121+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":1538},{"violations":{"ACR-043":"The \"Luminati\" related components are dropped before obtaining the user's consent and permission.\n","ACR-048":"The app didn't provide any control to cancel the installation process. \n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ares\\Ares.exe","companyName":"AresGalaxy","productName":"Ares p2p for windows","productVersion":"2.5","fileVersion":"2.5.7.3083","hashMD5":"ee43a66f3d357436330a3639320513ae","hashSHA1":"024b0e511cd6f9088a4ff93e9814d70c06c041fb","hashSHA256":"d29cc88ccf63474e7c67acd7d727892b7e7b5ddfb52cb3213da71dfaffa740c7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1605","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ares-2-5-7.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"d5328670dc3b70871bb14a2667a2ece7","hashSHA1":"9677368695b256a0c914d121193fbd81998816e5","hashSHA256":"0c5e72529f3d7ba22f1fe141deaf1fb0cd5e86b9d7bbee61a6e59d8eaca716dd","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1605","avBlockList":["360 Total Security (20220125)","Avira Internet Security (20220125)","Dr.Web Security Space (20220125)","ESET Internet Security (20220125)","K7 Total Security (20220125)","McAfee Total Protection (20220125)","Norton Security (20220125)","Panda Dome (20220125)","Sophos Home Premium (20220125)","SpyHunter5 (20220125)","Total AV Antivirus Pro (20220125)","Trend Micro Internet Security (20220125)","VirIT eXplorer PRO (20220125)","Webroot SecureAnywhere (20220125)","Windows Defender (20220125)"],"avAllowList":["Avast Premium Security (20220125)","AVG Internet Security (20220125)","Bitdefender Internet Security (20220125)","COMODO Antivirus (20220125)","G DATA INTERNET SECURITY (20220125)","Kaspersky Internet Security (20220125)","Malwarebytes Premium (20220125)","Quick Heal Internet Security (20220125)","Tencent PC Manager (20220125)","VIPRE Advanced Security (20220125)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler","reference":"","landingPage":"https://ares.en.uptodown.com/windows/download","directDownloadingLink":"https://ares.en.uptodown.com/windows/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ares.en.uptodown.com/windows/download","sourceIndex":"1605"}],"sampleFiles":["220113/Ares-220107/2.5.7/Samples/ares-2-5-7.exe"],"imageFiles":["220113/Ares-220107/2.5.7/Images/ACR-043/ACR-043_Install.JPG","220113/Ares-220107/2.5.7/Images/ACR-048/ACR-048_Install_No_Control.JPG","220113/Ares-220107/2.5.7/Images/ACR-007/ACR-007_Software.JPG","220113/Ares-220107/2.5.7/Images/ACR-007/ACR-007_Software_1.JPG"],"nonDeceptorImageFiles":[],"guid":"7b778fba-bb8c-4b4d-9aa0-f76c7b0eaf58_2.5.7_1","appID":"Ares-220107","dateAdded":"220113","deceptorType":"Bundler","name":"Ares","company":"AresGalaxy","version":"2.5.7","sigName":"Deceptor:Win32/Ares!043048007","firstResolvedDate":"220517","firstResolvedVersion":"2.5.8.3084","resolved":"TRUE","lastKnownStatus":"2.5.7","lastKnownDate":"220517","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-05-17T19:18:28.3358204+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1539},{"violations":{"ACR-043":"The \"Luminati\" related components are dropped before obtaining the user's agree and consent.\n","ACR-048":"The app didn't provide any control to cancel the installation process. \nThe app does not provide any control to the \"Disable Idle Resources\" option & to exit the app completely within the app's settings.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not provide any control to the \"Disable Idle Resources\" option. The process still runs even after 'disabling idle resources'.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Mouse Server\\MouseServer.exe","companyName":"wifimouse.necta.us","productName":"MouseServer","productVersion":"1.7.8.3","fileVersion":"1.7.8.3","hashMD5":"02b5442946c28b1aed99454dc9c78ecf","hashSHA1":"5827b7f9459de05203ab408045d95cbbe736a674","hashSHA256":"8523a51405fda941c11563a07406f43501fac377f742222301a5a54d10feeb29","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1552","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MouseServer.exe","isInstaller":"True","companyName":"Necta Inc.                                                  ","productName":"Mouse Server                                                ","productVersion":"1.7.8.3                                           ","fileVersion":"1.7.8.3             ","hashMD5":"c2785b667cf2ee94b10670d0fe48c7c0","hashSHA1":"2b3207845bbc80a87399e72195fb46499d717815","hashSHA256":"e72a00806e44ed0b03346b6c60a1f54f87f524b603b59dc12dd3d228920e6391","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1552","avBlockList":["Avast Premium Security (20220125)","AVG Internet Security (20220125)","Avira Internet Security (20220125)","ESET Internet Security (20220125)","McAfee Total Protection (20220125)","Norton Security (20220125)","Panda Dome (20220125)","Sophos Home Premium (20220125)","SpyHunter5 (20220125)","Total AV Antivirus Pro (20220125)","VirIT eXplorer PRO (20220125)","Windows Defender (20220125)"],"avAllowList":["360 Total Security (20220125)","Bitdefender Internet Security (20220125)","COMODO Antivirus (20220125)","Dr.Web Security Space (20220125)","G DATA INTERNET SECURITY (20220125)","K7 Total Security (20220125)","Kaspersky Internet Security (20220125)","Malwarebytes Premium (20220125)","Quick Heal Internet Security (20220125)","Tencent PC Manager (20220125)","Trend Micro Internet Security (20220125)","VIPRE Advanced Security (20220125)","Webroot SecureAnywhere (20220125)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler","reference":"","landingPage":"https://download.cnet.com/Mouse-Server/3000-7240_4-75691440.html","ipv4":"","ipv6":"","sourceIndex":"1552"}],"sampleFiles":["220112/MouseServer-220107/1.7.8.3/Samples/MouseServer.exe"],"imageFiles":["220112/MouseServer-220107/1.7.8.3/Images/ACR-043/ACR-043_Install.JPG","220112/MouseServer-220107/1.7.8.3/Images/ACR-048/ACR-048_Install_No_Control.JPG","220112/MouseServer-220107/1.7.8.3/Images/ACR-084/ACR-084_Software_Process.JPG","220112/MouseServer-220107/1.7.8.3/Images/ACR-048/ACR-048_Software_No_Control.JPG","220112/MouseServer-220107/1.7.8.3/Images/ACR-048/ACR-048_Software_Process.JPG","220112/MouseServer-220107/1.7.8.3/Images/ACR-007/ACR-007_Software.JPG"],"nonDeceptorImageFiles":["220112/MouseServer-220107/1.7.8.3/Images/ACR-045/ACR-045_Software_No_Control.JPG","220112/MouseServer-220107/1.7.8.3/Images/ACR-045/ACR-045_Software_Process.JPG"],"guid":"72c4d22b-16f8-4ce5-a238-529958fedfe2_1.7.8.3_1","appID":"MouseServer-220107","dateAdded":"220112","deceptorType":"App","name":"Mouse Server","company":"Necta Inc.","version":"1.7.8.3","sigName":"Deceptor:Win32/MouseServer!043048084007","firstResolvedVersion":"1.8.2.5","resolved":"TRUE","lastKnownStatus":"1.7.8.3","lastKnownDate":"220112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-21T00:11:01.5450324+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1540},{"violations":{"ACR-042":"Before obtaining user's consent, the app drops a file named \"AxSFADownloader.exe\" inside C:\\Users\\User\\AppData\\Local\\Temp folder.\n","ACR-043":"The app drops some of its components before user accepting the terms and a file named \"AxSFADownloader.exe\" is dropped without the user's knowledge. \n","ACR-048":"When the app is minimized, the app hides itself in tray instead of showing in task bar. Also, the app didn't provide any control within the app's settings to close the process that runs silently in the background.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-010":"The app drops a malicious file \"AxSFADownloader.exe\", which gets detected by one of the AVs as \"Trojan\".\n","ACR-084":"On quitting the app completely, one of the processes still runs in the background hiding the fact that it is active from the consumer.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent or notifying the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Alcohol Soft\\Alcohol 120\\Alcohol.exe","companyName":"Alcohol Soft Development Team","productName":"Alcohol 120%","productVersion":"2.1","fileVersion":"2.1.1.1019","hashMD5":"a9f8c03fdeaba9e56934fdefa9eb46f1","hashSHA1":"74bde8988bc723adc4a1f042a260a44b8fefab5f","hashSHA256":"4ac4b770c340b3522a0484aa8db3bb67718240caa1206e1967a3ad3423670ca8","digitalCertThumbprint":"6B5EE2E1B42BB594A4165C547E09538C89086E8F","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Quinton Mawhinney","storeId":"","sourceIndex":"1551","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Alcohol120_trial_2.1.1.1019.exe","isInstaller":"True","companyName":"Alcohol Soft Development Team","productName":"Alcohol 120%","productVersion":"4.45.1.1019","fileVersion":"4.45.1.1019","hashMD5":"c07c71995fcf610966b3dc72da2338df","hashSHA1":"4b28aa0311d1cca7bcd7edd89c3d127017a15cf4","hashSHA256":"1d49d19f171c1f0136dad7b9ca6384915344185f202590606d106f27f4493443","digitalCertThumbprint":"6B5EE2E1B42BB594A4165C547E09538C89086E8F","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Quinton Mawhinney","storeId":"","sourceIndex":"1551","avBlockList":["360 Total Security (20220127)","Avira Internet Security (20220127)","COMODO Antivirus (20220127)","ESET Internet Security (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","Malwarebytes Premium (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Total AV Antivirus Pro (20220127)","Trend Micro Internet Security (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":["Avast Premium Security (20220127)","AVG Internet Security (20220127)","Bitdefender Internet Security (20220127)","Dr.Web Security Space (20220127)","Kaspersky Internet Security (20220127)","Tencent PC Manager (20220127)","VIPRE Advanced Security (20220127)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData SDK bundler","reference":"","landingPage":"http://www.alcohol-soft.com/","directDownloadingLink":"http://www.filefacts.com/alcohol-120-info","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.filefacts.com/alcohol-120-info","sourceIndex":"1551"}],"sampleFiles":["220111/AlcoholSoft-220107/4.45.1.1019/Samples/Alcohol120_trial_2.1.1.1019.exe"],"imageFiles":["220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-118/ACR-118_Uninstall_Retains_Components_1.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-116/ACR-116_Uninstall_Hidden.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-048/ACR-048_Software_Minimizes_To_Tray.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-048/ACR-048_Software_Unable_To_Quit_App.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-043/ACR-043_Install_1.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-043/ACR-043_Install.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-042/ACR-042_Install.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-010/ACR-010_Install.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-010/ACR-010_Install_1.JPG","220111/AlcoholSoft-220107/4.45.1.1019/Images/ACR-007/ACR-007_Install.JPG"],"nonDeceptorImageFiles":[],"guid":"d7cdbed3-63d6-4afd-88d1-f95c7e9df466_4.45.1.1019_1","appID":"AlcoholSoft-220107","dateAdded":"220111","deceptorType":"Bundler","name":"Alcoholsoft","company":"Alcohol Soft Development Team","version":"4.45.1.1019","sigName":"Deceptor:Win32/Alcoholsoft!118116048084043042010007","firstResolvedVersion":"2.1.1.1422","resolved":"TRUE","lastKnownStatus":"4.45.1.1019","lastKnownDate":"220111","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-06-21T06:27:06.8969586+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1541},{"violations":{"ACR-042":"The app gets installed and drops all its component in one click without asking user's permission and disclose the installation path.\n","ACR-043":"App is installed and run in background secretly without notifying user even user choose \"close application\" and not \"I agree\" .  \n","ACR-048":"The app didn't provide control to remove its background process & its own startup item.\nThe app didn't provide any control to cancel the installation flow.\n","ACR-007":"App does not obtain user consent to reduce the consumer's security posture caused by sharing ip/network connection.\n","ACR-084":"On quitting the app, one of the processes runs in the background, hiding its presence from the consumer. The app creates a startup entry without the consumer's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"App doesn't present user the clear EULA/ToS, Privacy policy during installation and in software.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\EarnApp\\earnapp.exe","companyName":"Luminati Networks Ltd.","productName":"earnapp","productVersion":"1.274.588","fileVersion":"1.274.588","hashMD5":"0d62316a0f2d4f6495e5413111744e15","hashSHA1":"5f0b70c4a5236b13246bb19c51c69234de9f4f92","hashSHA256":"3e221618478ee57c67d30b4f495dc0e6f95e1fd6079efa66647ab061cb9ac96c","digitalCertThumbprint":"1A529EFB5CACFDA2DA4CA55344B1CA4FBE993A47","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Luminati Networks Ltd","storeId":"","sourceIndex":"1711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"earnapp-setup-1.274.588.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"7e2db944939691405ea8276541f0e875","hashSHA1":"b7203a56be031889abd199bdbc247758e53eda38","hashSHA256":"252d44ec2c5f0f1bf3d9f28ae6f9d4112cce8503906359cf7dc43b279067172f","digitalCertThumbprint":"1A529EFB5CACFDA2DA4CA55344B1CA4FBE993A47","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Luminati Networks Ltd","storeId":"","sourceIndex":"1711","avBlockList":["360 Total Security (20220127)","Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","Dr.Web Security Space (20220127)","ESET Internet Security (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","Kaspersky Internet Security (20220127)","Malwarebytes Premium (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Total AV Antivirus Pro (20220127)","Trend Micro Internet Security (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":["Bitdefender Internet Security (20220127)","COMODO Antivirus (20220127)","Tencent PC Manager (20220127)","VIPRE Advanced Security (20220127)"]}],"additionalFiles":[],"sources":[{"howFound":"BrightData related app","reference":"Viddly YouTuber Downloader","landingPage":"https://earnapp.com/","directDownloadingLink":"https://cdn.brightdata.com/static/earnapp-setup-1.274.588.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.brightdata.com/static/earnapp-setup-1.274.588.exe","sourceIndex":"1711"}],"sampleFiles":["220105/EarnApp-220104/1.274.588/Samples/earnapp-setup-1.274.588.exe"],"imageFiles":["220105/EarnApp-220104/1.274.588/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220105/EarnApp-220104/1.274.588/Images/ACR-084/ACR-084_Software_Creates_Startup_Without_Notice (2).JPG","220105/EarnApp-220104/1.274.588/Images/ACR-048/ACR-048_Software_No_Control.JPG","220105/EarnApp-220104/1.274.588/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","220105/EarnApp-220104/1.274.588/Images/ACR-043/ACR-043_Install_Drops_Components.JPG","220105/EarnApp-220104/1.274.588/Images/ACR-043/EarnApp_Inst.JPG","220105/EarnApp-220104/1.274.588/Images/ACR-042/ACR-042_Install_Drops_Files.JPG","220105/EarnApp-220104/1.274.588/Images/ACR-048/ACR-048_Instal_Unable_To_Cancel.JPG","220105/EarnApp-220104/1.274.588/Images/ACR-007/EarnAppBorrowingResource.JPG"],"nonDeceptorImageFiles":[],"guid":"e74574cd-53c5-4ad3-8d8d-8668c5892ed2_1.274.588_1","appID":"EarnApp-220104","dateAdded":"220105","deceptorType":"App","name":"Earn App","company":"Luminati Networks Ltd","version":"1.274.588","sigName":"Deceptor:Win32/EarnApp!084048043042","firstVendorContactDate":"220110","firstAppEsteemReplyDate":"220110","firstResolvedDate":"220209","firstResolvedVersion":"1.281.470","resolved":"TRUE","lastKnownStatus":"1.274.588","lastKnownDate":"220105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-02-09T19:43:08.1223568+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1542},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"RAMBOOSTER.EXE","companyName":"Chris P.C. srl","fileVersion":"5.0","hashMD5":"63c65bb81649fd996f514056b2bd2300","hashSHA1":"073deece6c631a4fafec41783187a9356683bd50","hashSHA256":"27a4d461cbd697b87908bd6f8ee4ed41900fead8147bde937f76068d8f8eb891","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2102","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_ram_booster_5_09_18.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"5.9","hashMD5":"b2b2d4b5113c5623ef560c56eb0e744d","hashSHA1":"29711ae018792f6db799f0708881925fcd395737","hashSHA256":"ddba4805da41bedc617ff333503509aaeb8fd2d8a174c6dce20c5f35570b2e74","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2102","avBlockList":["360 Total Security (20211116)","Avast Premium Security (20211116)","AVG Internet Security (20211116)","Avira Internet Security (20211116)","Bitdefender Internet Security (20211116)","COMODO Antivirus (20211116)","Dr.Web Security Space (20211116)","ESET Internet Security (20211116)","G DATA INTERNET SECURITY (20211116)","K7 Total Security (20211116)","Kaspersky Internet Security (20211116)","Malwarebytes Premium (20211116)","Norton Security (20211116)","Panda Dome (20211116)","Quick Heal Internet Security (20211116)","Sophos Home Premium (20211116)","SpyHunter5 (20211116)","Tencent PC Manager (20211116)","Total AV Antivirus Pro (20211116)","VIPRE Advanced Security (20211116)","VirIT eXplorer PRO (20211116)","Webroot SecureAnywhere (20211116)","Windows Defender (20211116)","McAfee Total Protection (20211116)"],"avAllowList":["Trend Micro Internet Security (20211116)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"https://www.chris-pc.com/index.html","landingPage":"https://ram-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=34&file=setup_chrispc_ram_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=34&file=setup_chrispc_ram_booster.exe","sourceIndex":"2102"}],"sampleFiles":["201001/RAMBooster-180420/5.09.18/Samples/RAMBooster.exe","201001/RAMBooster-180420/5.09.18/Samples/setup_chrispc_ram_booster_5_09_18.exe"],"imageFiles":["201001/RAMBooster-180420/5.09.18/Images/ACR-109/RAMBooster_Install [4] RelevantKnowledge.png","201001/RAMBooster-180420/5.09.18/Images/ACR-048/RAMBooster_Install [4] RelevantKnowledge.png","201001/RAMBooster-180420/5.09.18/Images/ACR-059/RAMBooster_Install [3] RelevantKnowledge.png","201001/RAMBooster-180420/5.09.18/Images/ACR-155/RAMBooster_Install [3] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201001/RAMBooster-180420/5.09.18/Images/ACR-065/RAMBooster_Install [1].png","201001/RAMBooster-180420/5.09.18/Images/ACR-065/RAMBooster_Install [2].png","201001/RAMBooster-180420/5.09.18/Images/ACR-065/RAMBooster_LandingPage [1].png","201001/RAMBooster-180420/5.09.18/Images/ACR-065/RAMBooster_LandingPage [2].png","201001/RAMBooster-180420/5.09.18/Images/ACR-065/RAMBooster_OfferPage [1].png","201001/RAMBooster-180420/5.09.18/Images/ACR-065/RAMBooster_OfferPage [2].png","201001/RAMBooster-180420/5.09.18/Images/ACR-065/RAMBooster_Interactions [1].png","201001/RAMBooster-180420/5.09.18/Images/ACR-065/RAMBooster_About [1].png","201001/RAMBooster-180420/5.09.18/Images/ACR-099/RAMBooster_About [1].png","201001/RAMBooster-180420/5.09.18/Images/ACR-099/RAMBooster_LandingPage [1].png","201001/RAMBooster-180420/5.09.18/Images/ACR-099/RAMBooster_LandingPage [2].png","201001/RAMBooster-180420/5.09.18/Images/ACR-099/RAMBooster_OfferPage [1].png","201001/RAMBooster-180420/5.09.18/Images/ACR-099/RAMBooster_OfferPage [2].png"],"guid":"fac3354f-aa39-4790-a721-4ec602739b52_5.09.18_1","appID":"RAMBooster-180420","dateAdded":"220103","deceptorType":"Bundler","name":"ChrisPC- RAMBooster","company":"Chris P.C. srl","version":"5.09.18","sigName":"Deceptor:Win32/ChrisPC- RAMBooster!109048059155","lastKnownStatus":"4.0.0.0;5.09.18;5.18.04;5.24.24","lastKnownDate":"220103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-01-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1545},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\nThe app does not provide any control to disable the start-up it created.\n","ACR-084":"On quitting the app, the app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"setup_chrispc_ram_booster_5_24_24.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","productName":"Chris-PC RAM Booster                                        ","productVersion":"5.24.24                                           ","fileVersion":"5.24.24.0           ","hashMD5":"dac838790cf6abde4b23e56aadc4b2b0","hashSHA1":"45083d14aa2b59c550bf5b3e3abab90f83eae056","hashSHA256":"05eed851c514d84c6dbd1c3b9667380cfbccd135e81767493560e9b841813bd4","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1738","avBlockList":["Avast Premium Security (20220127)","AVG Internet Security (20220127)","Avira Internet Security (20220127)","Bitdefender Internet Security (20220127)","COMODO Antivirus (20220127)","Dr.Web Security Space (20220127)","ESET Internet Security (20220127)","G DATA INTERNET SECURITY (20220127)","K7 Total Security (20220127)","Kaspersky Internet Security (20220127)","Malwarebytes Premium (20220127)","McAfee Total Protection (20220127)","Norton Security (20220127)","Panda Dome (20220127)","Quick Heal Internet Security (20220127)","Sophos Home Premium (20220127)","SpyHunter5 (20220127)","Tencent PC Manager (20220127)","Total AV Antivirus Pro (20220127)","VIPRE Advanced Security (20220127)","VirIT eXplorer PRO (20220127)","Webroot SecureAnywhere (20220127)","Windows Defender (20220127)"],"avAllowList":["360 Total Security (20220127)","Trend Micro Internet Security (20220127)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Chris-PC RAM Booster\\RAMBooster.exe","companyName":"Chris P.C. srl","productName":"Chris-PC RAM Booster","productVersion":"5.0.0.0","fileVersion":"5.0.35.210","hashMD5":"fa16d752088b91264383adf3c968beea","hashSHA1":"6666562b515a05045725aaba61e1726cda47bb02","hashSHA256":"d4b0647c76c820372ba05163924e434711aa60caada98c0b6f9f656d9e7bb8d4","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1738","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same vendor","reference":"","landingPage":"https://ram-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=34&file=setup_chrispc_ram_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=34&file=setup_chrispc_ram_booster.exe","sourceIndex":"1738"}],"sampleFiles":["220103/RAMBooster-180420/5.24.24/Samples/setup_chrispc_ram_booster_5_24_24.exe"],"imageFiles":["220103/RAMBooster-180420/5.24.24/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-048/ACR-048_Software_No_Control.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-084/ACR-084_Software_Creates_Startup.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-059/ACR-059_Bundler-MadeOffers_No_Optional_Offer.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["220103/RAMBooster-180420/5.24.24/Images/ACR-065/ACR-065_Install_No_Docs.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-065/ACR-065_LandingPage_No_Docs.jpg","220103/RAMBooster-180420/5.24.24/Images/ACR-065/ACR-065_InternalOffers_No_Docs.jpg","220103/RAMBooster-180420/5.24.24/Images/ACR-065/ACR-065_Software_No_Docs.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-161/ACR-161_InternalOffers_Unverifiable_Testimonials.jpg","220103/RAMBooster-180420/5.24.24/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.JPG","220103/RAMBooster-180420/5.24.24/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Info.jpg","220103/RAMBooster-180420/5.24.24/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Info.jpg"],"guid":"fac3354f-aa39-4790-a721-4ec602739b52_5.24.24_1","appID":"RAMBooster-180420","dateAdded":"220103","deceptorType":"Bundler","name":"ChrisPC- RAMBooster","company":"Chris P.C. srl","version":"5.24.24","lastKnownStatus":"4.0.0.0;5.09.18;5.18.04;5.24.24","lastKnownDate":"220103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-01-04T00:28:59.4005715+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1543},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"RAMBOOSTER.EXE","companyName":"Chris P.C. srl","fileVersion":"5.0","hashMD5":"2f5372567dcc8605d10f56c849057774","hashSHA1":"21297b15b97819feb363b7d6ad510b940dd63cb3","hashSHA256":"5ccccecab46ba0a6951882f80284878381569a70f7d8f459ce92f30f04a2910d","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1890","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"d5c548f03cf44e4373cd192b9b53cdfb","hashSHA1":"ea1b4696a1ab5e6daddb3f4f6d1c54681ea9fbcc","hashSHA256":"d7cfb34eca35adb1f99a1b61b06a7bc7d7d1769437ed1e23a862d0666ceaa4ad","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1890","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_ram_booster_5_18_04.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"5.18","hashMD5":"15e38bab630b944544a51edb97812a1a","hashSHA1":"7c6778487642d2224a7707e743713b74fb7378f9","hashSHA256":"e2c0cc3341e4bafdc8d5b7c32a654f47301c2a8b2e5339946e3615651f350cd8","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1890","avBlockList":["360 Total Security (20211111)","Avast Premium Security (20211111)","AVG Internet Security (20211111)","Avira Internet Security (20211111)","Bitdefender Internet Security (20211111)","COMODO Antivirus (20211111)","ESET Internet Security (20211111)","G DATA INTERNET SECURITY (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Tencent PC Manager (20211111)","Total AV Antivirus Pro (20211111)","VIPRE Advanced Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":["Dr.Web Security Space (20211111)","Trend Micro Internet Security (20211111)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"https://ram-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=34&file=setup_chrispc_ram_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=34&file=setup_chrispc_ram_booster.exe","sourceIndex":"1890"}],"sampleFiles":["210614/RAMBooster-180420/5.18.04/Samples/RAMBooster.exe","210614/RAMBooster-180420/5.18.04/Samples/rk_setup.exe","210614/RAMBooster-180420/5.18.04/Samples/setup_chrispc_ram_booster_5_18_04.exe"],"imageFiles":["210614/RAMBooster-180420/5.18.04/Images/ACR-109/Chris-PC RAM Booster_Install [9].png","210614/RAMBooster-180420/5.18.04/Images/ACR-048/Chris-PC RAM Booster_Install [9].png","210614/RAMBooster-180420/5.18.04/Images/ACR-059/RAMBooster_Install [3] RelevantKnowledge.png","210614/RAMBooster-180420/5.18.04/Images/ACR-155/RAMBooster_Install [3] RelevantKnowledge.png"],"nonDeceptorImageFiles":["210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_Install [1].png","210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_Install [2].png","210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_Install [7].png","210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_Install [10].png","210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_LandingPage [1].png","210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_LandingPage [2].png","210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_OfferPage [1].png","210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_OfferPage [2].png","210614/RAMBooster-180420/5.18.04/Images/ACR-065/Chris-PC RAM Booster_About [1].png","210614/RAMBooster-180420/5.18.04/Images/ACR-161/Chris-PC RAM Booster_OfferPage [1].png","210614/RAMBooster-180420/5.18.04/Images/ACR-099/Chris-PC RAM Booster_About [1].png","210614/RAMBooster-180420/5.18.04/Images/ACR-099/Chris-PC RAM Booster_LandingPage [1].png","210614/RAMBooster-180420/5.18.04/Images/ACR-099/Chris-PC RAM Booster_LandingPage [2].png","210614/RAMBooster-180420/5.18.04/Images/ACR-099/Chris-PC RAM Booster_OfferPage [1].png","210614/RAMBooster-180420/5.18.04/Images/ACR-099/Chris-PC RAM Booster_OfferPage [2].png"],"guid":"fac3354f-aa39-4790-a721-4ec602739b52_5.18.04_1","appID":"RAMBooster-180420","dateAdded":"220103","deceptorType":"Bundler","name":"ChrisPC- RAMBooster","company":"Chris P.C. srl","version":"5.18.04","sigName":"Deceptor:Win32/RAMBooster!109048059155","lastKnownStatus":"4.0.0.0;5.09.18;5.18.04;5.24.24","lastKnownDate":"220103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-01-03T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1544},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable the app.\n","ACR-007":"The app enables the consumer to hide it from the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer and it requires a hotkey and password to open it.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app is not found in the Applications folder and therefore cannot be uninstalled there.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"CleverControl for Mac.pkg","isInstaller":"True","companyName":"CleverControl LLC","productName":"Clever Control","productVersion":"11.6.15","fileVersion":"11.6.15","hashMD5":"a7093e0ac87f851de98ca22cafc2e562","hashSHA1":"1a3e2f01e09124ab62903beacefc709c4e764fd8","hashSHA256":"ca8db0c9b300190e3ae2ecc3e05003221c65fd2dd64a742aedc4db1e5f7c9907","digitalCertThumbprint":"DA040D70-423C-3CC5-FDDD-605147CAB143","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Anatoly Nevelev (92AY74H3M3)","storeId":"","uriToBlock":"","sourceIndex":"1743","avBlockList":["Avast Security for Mac (20220614)","Avira Security for Mac (20220614)","Bitdefender Antivirus for Mac (20220614)","ESET Cyber Security Pro for Mac (20220614)","G DATA AntiVirus for Mac (20220614)","K7 Antivirus for Mac (20220614)","Norton Security for Mac (20220614)","Sophos Home Premium For Mac (20220614)","Trend Micro Antivirus for Mac (20220614)"],"avAllowList":["Kaspersky Internet Security for Mac (20220614)","McAfee Internet Security for Mac (20220614)"]},{"isRevoked":"False","fileName":"CleverControl","companyName":"CleverControl LLC","productName":"Clever Control","productVersion":"11.6.15","fileVersion":"11.6.15","hashMD5":"68629b865d639a1b4479b709ce59c670","hashSHA1":"e115ed442d339929d24bf74c97e1da0a1a7c92d4","hashSHA256":"6554db4c6554db4c82bf8473721b811e7b91c29651a3c201f8bf21bdb25b69286107e31e82bf8473721b811e7b91c29651a3c201f8bf21bdb25b69286107e31e","digitalCertThumbprint":"DA040D70-423C-3CC5-FDDD-605147CAB143","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Anatoly Nevelev (92AY74H3M3)","storeId":"","uriToBlock":"","sourceIndex":"1743","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same vendor","reference":"","landingPage":"https://clevercontrol.com/","directDownloadingLink":"https://clevercontrol.net/mac/?email=yamixi1845%40wiicheat.com","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://clevercontrol.net/mac/","sourceIndex":"1743"}],"sampleFiles":["211229/clevercontrolformac-211228/11.6.15/Samples/CleverControl for Mac.pkg"],"imageFiles":["211229/clevercontrolformac-211228/11.6.15/Images/ACR-084/ACR-084_Software_Hidden.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-084/ACR-084_Software_Hidden_1.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-084/ACR-084_Software_Hidden_3.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-084/ACR-084_Software_Hidden_4.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-086/ACR-086_Software_Transmits_Data.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-086/ACR-086_Software_Transmits_Data_1.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-086/ACR-086_Software_Transmits_Data_2.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-086/ACR-086_Software_Transmits_Data_3.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-048/ACR-048_Software.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-048/ACR-048_Software_2.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-048/ACR-048_Software_3.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-048/ACR-048_Software_4.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-007/ACR-007_Software.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-007/ACR-007_Software_1.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-007/ACR-007_Software_2.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-007/ACR-007_Software_3.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-007/ACR-007_Software_4.png","211229/clevercontrolformac-211228/11.6.15/Images/ACR-116/ACR-116_Uninstall_App_Hidden.png"],"nonDeceptorImageFiles":[],"guid":"c76ed5e9-b0d5-45a7-a1dc-448c82190281_11.6.15_1","appID":"clevercontrolformac-211228","dateAdded":"211229","deceptorType":"MacOS App","name":"Clever Control","company":"CleverControl LLC","version":"11.6.15","lastKnownStatus":"11.6.15","lastKnownDate":"211229","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-12-30T05:28:35.485118+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1546},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent.\n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled. \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"file-folder-lister.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"File and Folder Lister","productVersion":"2.1.0.0","fileVersion":"2.1.0.0","hashMD5":"e9a86eb4cb1886454c66bbf517751cbf","hashSHA1":"a8f5504b4f1df0c605a2b4cb725bfbeb3329f92d","hashSHA256":"cd43692987e3fce2967a60c4c6635e8fa8f4401b483aa88cb3bee7dfbb869c83","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1746","avBlockList":["Avast Premium Security (20220106)","AVG Internet Security (20220106)","Avira Internet Security (20220106)","Bitdefender Internet Security (20220106)","COMODO Antivirus (20220106)","Dr.Web Security Space (20220106)","ESET Internet Security (20220106)","G DATA INTERNET SECURITY (20220106)","K7 Total Security (20220106)","Kaspersky Internet Security (20220106)","Malwarebytes Premium (20220106)","McAfee Total Protection (20220106)","Norton Security (20220106)","Panda Dome (20220106)","Quick Heal Internet Security (20220106)","Sophos Home Premium (20220106)","SpyHunter5 (20220106)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20220106)","VIPRE Advanced Security (20220106)","VirIT eXplorer PRO (20220106)","Webroot SecureAnywhere (20220106)","Windows Defender (20220106)"],"avAllowList":["360 Total Security (20220106)","Trend Micro Internet Security (20220106)"]},{"isRevoked":"False","fileName":"2FL.exe","companyName":"TriSun Software Limited","productName":"File and Folder Lister","productVersion":"2.1.0.0","fileVersion":"2.1.0.0","hashMD5":"acc82ee6984d4f64bcef3174382484f1","hashSHA1":"2cba73e1391b91035d491803f649916918b857c2","hashSHA256":"a2dfeebeaed54f13c0dd0079354b2a0729b7d40c987a1542a86cbd173d6f3f8c","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1746","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/freeware/file-folder-lister.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/freeware/file-folder-lister.zip","sourceIndex":"1746"}],"sampleFiles":["211223/FileFolderLister-211218/2.1.0.0/Samples/file-folder-lister.exe","211223/FileFolderLister-211218/2.1.0.0/Samples/2fl.exe"],"imageFiles":["211223/FileFolderLister-211218/2.1.0.0/Images/ACR-109/RK Offer and Install.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-039/RK Offer and Install.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-010/RK EULA.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-010/RK Offer and Install.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-059/RK EULA.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-155/RK Offer and Install.png"],"nonDeceptorImageFiles":["211223/FileFolderLister-211218/2.1.0.0/Images/ACR-065/FFL EULA.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-065/FFL About.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-065/FFL Landing Page.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-017/FFL Badges.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-106/RK Offer and Install.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-099/FFL About.png","211223/FileFolderLister-211218/2.1.0.0/Images/ACR-099/FFL Landing Page.png"],"guid":"9c668a80-ff8d-46da-a6ef-ebd9de2af535_2.1.0.0_1","appID":"FileFolderLister-211218","dateAdded":"211223","deceptorType":"Bundler","name":"File Folder Lister","company":"TriSun Software Limited","version":"2.1.0.0","lastKnownStatus":"2.1.0.0","lastKnownDate":"211223","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2021-12-24T05:23:23.0076337+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1547},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent.\n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"email-checker-basic.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"Email Checker Basic","productVersion":"1.0.018","fileVersion":"1.0.18.0","hashMD5":"18b36afeb42921fc1c4cbae1ba059d61","hashSHA1":"0686c781c114d6ea52457adf4c369afe882448b0","hashSHA256":"76e6f0a15fd4baa6af608ebb993caba2e5e44e2eafc8fbf8e94bf8d1869ee845","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1747","avBlockList":["Avast Premium Security (20220106)","AVG Internet Security (20220106)","Avira Internet Security (20220106)","Bitdefender Internet Security (20220106)","COMODO Antivirus (20220106)","Dr.Web Security Space (20220106)","ESET Internet Security (20220106)","G DATA INTERNET SECURITY (20220106)","K7 Total Security (20220106)","Kaspersky Internet Security (20220106)","Malwarebytes Premium (20220106)","McAfee Total Protection (20220106)","Norton Security (20220106)","Panda Dome (20220106)","Quick Heal Internet Security (20220106)","Sophos Home Premium (20220106)","SpyHunter5 (20220106)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20220106)","VIPRE Advanced Security (20220106)","VirIT eXplorer PRO (20220106)","Webroot SecureAnywhere (20220106)","Windows Defender (20220106)"],"avAllowList":["360 Total Security (20220106)","Trend Micro Internet Security (20220106)"]},{"isRevoked":"False","fileName":"Email Checker Basic.exe","companyName":"TriSun Software Limited","productName":"Email Checker Basic","productVersion":"1.0.018","fileVersion":"1.0.18.0","hashMD5":"e5668fe3814ef5321e979c48df139063","hashSHA1":"1be06b015f402f4226fe135b74c5350ac3951d6a","hashSHA256":"2e0ab733839355355c0d3de458be39cb6973edaf46aa26dd415326eb9f4e4285","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1747","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.automailsender.com/email-checker/email-checker-basic.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.automailsender.com/email-checker/email-checker-basic.zip","sourceIndex":"1747"}],"sampleFiles":["211223/EmailCheckerBasic-211218/1.0.018/Samples/email-checker-basic.exe","211223/EmailCheckerBasic-211218/1.0.018/Samples/Email Checker Basic.exe"],"imageFiles":["211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-109/RK Offer.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-039/RK Offer.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-010/RK Offer.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-059/RK Offer.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-155/RK Offer.png"],"nonDeceptorImageFiles":["211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-065/ECB EULA.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-065/ECB About.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-065/Email Checker Landing Page.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-017/ECB Badges.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-106/RK Offer.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-099/ECB About.png","211223/EmailCheckerBasic-211218/1.0.018/Images/ACR-099/Email Checker Landing Page.png"],"guid":"d34d817a-5efb-4a51-bd45-068d698ba29f_1.0.018_1","appID":"EmailCheckerBasic-211218","dateAdded":"211223","deceptorType":"Bundler","name":"Email Checker Basic","company":"TriSun Software Limited","version":"1.0.018","lastKnownStatus":"1.0.018","lastKnownDate":"211223","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2021-12-24T05:22:06.4196638+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1548},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent.\n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details \n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow. \n"},"nonDeceptorViolations":{"ACR-065":" The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details. \n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page. \n"},"samples":[{"isRevoked":"False","fileName":"ewtc.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"Easy Work Time Calculator","productVersion":"9.0.069.0","fileVersion":"9.0.69.0","hashMD5":"86f4acddff7b23120e6a73b502af57b0","hashSHA1":"c70393477a1066c6ea21f0d46ef3c3333a7a22df","hashSHA256":"9be260291350e3a3fae490fd6c8ccd85800fbc5b165289048824ce3cb421a372","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1748","avBlockList":["Avast Premium Security (20220106)","AVG Internet Security (20220106)","Avira Internet Security (20220106)","Bitdefender Internet Security (20220106)","COMODO Antivirus (20220106)","Dr.Web Security Space (20220106)","ESET Internet Security (20220106)","G DATA INTERNET SECURITY (20220106)","K7 Total Security (20220106)","Kaspersky Internet Security (20220106)","Malwarebytes Premium (20220106)","McAfee Total Protection (20220106)","Norton Security (20220106)","Panda Dome (20220106)","Quick Heal Internet Security (20220106)","Sophos Home Premium (20220106)","SpyHunter5 (20220106)","Tencent PC Manager (20220106)","Total AV Antivirus Pro (20220106)","VIPRE Advanced Security (20220106)","VirIT eXplorer PRO (20220106)","Webroot SecureAnywhere (20220106)","Windows Defender (20220106)"],"avAllowList":["360 Total Security (20220106)","Trend Micro Internet Security (20220106)"]},{"isRevoked":"False","fileName":"Easy Work Time Calculator.exe","companyName":"TriSun Software Limited","productName":"Easy Work Time Calculator","productVersion":"9.0.069.0","fileVersion":"9.0.69.0","hashMD5":"9f028d3e3b4f20fcc4e6ce05f96d8a97","hashSHA1":"1df2369918aba6655a1766030bca3f649b8c7ca4","hashSHA256":"7f830388545321fa986ac0d7bc27d65a2f2aa418f5569f9881eb3e5cdc1dc08a","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1748","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/easy-work-time-calculator/ewtc.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/easy-work-time-calculator/ewtc.zip","sourceIndex":"1748"}],"sampleFiles":["211223/EasyWorkTimeCalculator-211218/9.0.069.0/Samples/ewtc.exe","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Samples/Easy Work Time Calculator.exe"],"imageFiles":["211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-109/RK Offer and Install.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-039/RK Offer and Install.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-010/RK Offer.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-010/RK Offer and Install.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-059/RK Offer.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-155/RK Offer and Install.png"],"nonDeceptorImageFiles":["211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-065/EWTC EULA.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-065/EWTC About.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-065/EWTC Landing Page.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-017/EWTC Badges.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-106/RK Offer and Install.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-099/EWTC About.png","211223/EasyWorkTimeCalculator-211218/9.0.069.0/Images/ACR-099/EWTC Landing Page.png"],"guid":"fe7ba311-5970-478e-bc24-d42268debfc8_9.0.069.0_1","appID":"EasyWorkTimeCalculator-211218","dateAdded":"211223","deceptorType":"Bundler","name":"Easy Work Time Calculator","company":"TriSun Software Limited","version":"9.0.069.0","lastKnownStatus":"9.0.069.0","lastKnownDate":"211223","type":"Windows Executable","category":"Bundlers & Downloaders, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2021-12-24T05:20:00.1527633+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1549},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent.\n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear.\n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-106":" App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details. \n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"wesc.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"WinExt System Cleaner","productVersion":"1.0.001.0","fileVersion":"1.0.1.0","hashMD5":"8225472a132d4a30e3fc2ceae538e664","hashSHA1":"27fe2989c2016f3a6f8a1f710d0127ad5ed202b0","hashSHA256":"2bb56ccfec39068469cfc3e9c0621ee5115c12964b4119339f7ff170f9100bda","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1750","avBlockList":["Avast Premium Security (20220113)","AVG Internet Security (20220113)","Avira Internet Security (20220113)","Bitdefender Internet Security (20220113)","COMODO Antivirus (20220113)","Dr.Web Security Space (20220113)","ESET Internet Security (20220113)","G DATA INTERNET SECURITY (20220113)","K7 Total Security (20220113)","Kaspersky Internet Security (20220113)","Malwarebytes Premium (20220113)","McAfee Total Protection (20220113)","Norton Security (20220113)","Panda Dome (20220113)","Quick Heal Internet Security (20220113)","Sophos Home Premium (20220113)","SpyHunter5 (20220113)","Tencent PC Manager (20220113)","Total AV Antivirus Pro (20220113)","Trend Micro Internet Security (20220113)","VIPRE Advanced Security (20220113)","VirIT eXplorer PRO (20220113)","Webroot SecureAnywhere (20220113)","Windows Defender (20220113)"],"avAllowList":["360 Total Security (20220113)"]},{"isRevoked":"False","fileName":"WinExt System Cleaner.exe","companyName":"TriSun Software Limited","productName":"WinExt System Cleaner","productVersion":"1.0.001","fileVersion":"1.0.1.0","hashMD5":"ad8147138083ccfc1c9928defc7e5aa1","hashSHA1":"2bc1bb83f1d06dfa98494d586ec7ea133acc4fe3","hashSHA256":"cc64d6b3c7e3d0de8d4bbf9b2b3b4c8fb4e6c26a4bfeb9be8e5fe96d0a67f519","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1750","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/files/wesc.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/files/wesc.zip","sourceIndex":"1750"}],"sampleFiles":["211222/WinExtSystemCleaner-211218/1.0.001.0/Samples/wesc.exe","211222/WinExtSystemCleaner-211218/1.0.001.0/Samples/WinExt System Cleaner.exe"],"imageFiles":["211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-109/RK Offer and Install.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-039/RK Offer and Install.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-010/RK EULA.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-010/RK Offer and Install.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-059/RK EULA.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-155/RK Offer and Install.png"],"nonDeceptorImageFiles":["211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-065/WinExt SC EULA.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-065/WESC Landing Page.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-017/WESC Badges.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-106/RK EULA.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-106/RK Offer and Install.png","211222/WinExtSystemCleaner-211218/1.0.001.0/Images/ACR-099/WESC Landing Page.png"],"guid":"ec9a41ea-52e5-4ec9-beb0-09f68e2eafac_1.0.001.0_1","appID":"WinExtSystemCleaner-211218","dateAdded":"211222","deceptorType":"Bundler","name":"WinExt System Cleaner","company":"TriSun Software Limited","version":"1.0.001.0","sigName":"Deceptor:Win32/WinExt System Cleaner!109039010059155","lastKnownStatus":"1.0.001.0","lastKnownDate":"211222","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2021-12-23T04:12:08.3835907+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1550},{"violations":{"ACR-109":" The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent.\n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear. \n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page. \n"},"samples":[{"isRevoked":"False","fileName":"werf.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"WinExt Registry Fixer","productVersion":"2.1.004.0","fileVersion":"2.1.4.0","hashMD5":"c7f9f8096364602721a300d248087e93","hashSHA1":"ec717c8bf0e1efa0516de5c3e779ab70d4301eab","hashSHA256":"e56b737563a63d38d4c2856e59d5376dbdbd09e35010dbfa788c3b6886bde0da","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1749","avBlockList":["360 Total Security (20220113)","Avast Premium Security (20220113)","AVG Internet Security (20220113)","Avira Internet Security (20220113)","Bitdefender Internet Security (20220113)","COMODO Antivirus (20220113)","Dr.Web Security Space (20220113)","ESET Internet Security (20220113)","G DATA INTERNET SECURITY (20220113)","K7 Total Security (20220113)","Kaspersky Internet Security (20220113)","Malwarebytes Premium (20220113)","McAfee Total Protection (20220113)","Norton Security (20220113)","Panda Dome (20220113)","Quick Heal Internet Security (20220113)","Sophos Home Premium (20220113)","SpyHunter5 (20220113)","Tencent PC Manager (20220113)","Total AV Antivirus Pro (20220113)","Trend Micro Internet Security (20220113)","VIPRE Advanced Security (20220113)","VirIT eXplorer PRO (20220113)","Webroot SecureAnywhere (20220113)","Windows Defender (20220113)"],"avAllowList":[]},{"isRevoked":"False","fileName":"WinExt Registry Fixer.exe","companyName":"TriSun Software Limited","productName":"WinExt Registry Fixer","productVersion":"2.1.004.0","fileVersion":"2.1.4.0","hashMD5":"cf60c23d7136b1d5e0333f74040beb0b","hashSHA1":"55b51dc2e076fa0f886abff6280adea7efc988f1","hashSHA256":"d536155a10cd379aa31f82465f631556d3830eaa042966461b92d1d35d5261f6","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1749","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/files/werf.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/files/werf.zip","sourceIndex":"1749"}],"sampleFiles":["211222/WinExtRegistryFixer-211218/2.1.004.0/Samples/werf.exe","211222/WinExtRegistryFixer-211218/2.1.004.0/Samples/WinExt Registry Fixer.exe"],"imageFiles":["211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-109/RK EULA.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-109/RK Offer and Install.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-039/RK EULA.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-039/RK Offer and Install.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-010/RK EULA.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-010/RK Offer and Install.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-059/RK EULA.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-059/RK Offer and Install.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-155/RK EULA.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-155/RK Offer and Install.png"],"nonDeceptorImageFiles":["211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-065/RK EULA.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-065/WERF About.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-065/WERF Landing Page.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-017/WERF Landing Page.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-106/RK EULA.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-106/RK Offer and Install.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-099/WERF About.png","211222/WinExtRegistryFixer-211218/2.1.004.0/Images/ACR-099/WERF Landing Page.png"],"guid":"8a750ec1-da32-4d8d-9867-e7f7fe8265b1_2.1.004.0_1","appID":"WinExtRegistryFixer-211218","dateAdded":"211222","deceptorType":"Bundler","name":"WinExt Registry Fixer","company":"TriSun Software Limited","version":"2.1.004.0","lastKnownStatus":"2.1.004.0","lastKnownDate":"211222","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2021-12-23T04:19:28.9966793+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1551},{"violations":{"ACR-107":"App install FFmpeg package and doesn't include the open source license or the source code or link to the source code.\nApp is packed with a pirated version of VMProtect which is unauthorized. \n","ACR-165":"App doesn't provide following information in shopping cart: 1. Cancellation of Auto-renewal via online. 2. Notifying the user about auto renewal payment.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\YT Saver\\YT Saver.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"6d0e34cc157b0fba4b7648cbec962eca","hashSHA1":"79532db014e4eb9a0104684cd58aae99465c86e6","hashSHA256":"c0c4ac474e91c7effce8d1a65e08689387a9078260db0507447d072aaa34cb5c","digitalCertThumbprint":"023288FDA20C50F7718CAFA7D5B54D3EEEBC859E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"Shenzhen LuckyDog Technology Co. Ltd.","storeId":"","sourceIndex":"1756","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ytsaver.exe","isInstaller":"True","companyName":"LuckyDog Software Inc.                                     ","productName":"YT Saver                                                    ","productVersion":"5.0.0                                             ","fileVersion":"                    ","hashMD5":"7bf907d6c9b8a70f1e75599d56e34b43","hashSHA1":"35410889bb3a4a1090b511f11275b43ad08fb26f","hashSHA256":"84ca71a7fe5b11bfd66581536f84281dacfaee743dfc3f7fdd6e722bc3e68075","digitalCertThumbprint":"023288FDA20C50F7718CAFA7D5B54D3EEEBC859E","digitalCertIssuer":"DigiCert EV Code Signing CA","digitalCertIssuedTo":"Shenzhen LuckyDog Technology Co. Ltd.","storeId":"","sourceIndex":"1756","avBlockList":["Avira Internet Security (20220104)","K7 Total Security (20220104)","McAfee Total Protection (20220104)","Norton Security (20220104)","Panda Dome (20220104)","Quick Heal Internet Security (20220104)","Sophos Home Premium (20220104)","SpyHunter5 (20220104)","Total AV Antivirus Pro (20220104)","VirIT eXplorer PRO (20220104)"],"avAllowList":["360 Total Security (20220104)","Avast Premium Security (20220104)","AVG Internet Security (20220104)","Bitdefender Internet Security (20220104)","COMODO Antivirus (20220104)","Dr.Web Security Space (20220104)","ESET Internet Security (20220104)","G DATA INTERNET SECURITY (20220104)","Kaspersky Internet Security (20220104)","Malwarebytes Premium (20220104)","Tencent PC Manager (20220104)","Trend Micro Internet Security (20220104)","VIPRE Advanced Security (20220104)","Webroot SecureAnywhere (20220104)","Windows Defender (20220104)"]}],"additionalFiles":[],"sources":[{"howFound":"security partner report","reference":"","landingPage":"https://ytsaver.net/","directDownloadingLink":"https://ytsaver.net/download/?product=ytsaver.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ytsaver.net/download/?product=ytsaver.exe","sourceIndex":"1756"}],"sampleFiles":["211221/YTSaver-211218/5.0.0/Samples/ytsaver.exe"],"imageFiles":["211221/YTSaver-211218/5.0.0/Images/ACR-165/ACR-165_InternalOffers_No_Details.JPG","211221/YTSaver-211218/5.0.0/Images/ACR-165/ACR-165_InternalOffers_No_Details_1.JPG"],"nonDeceptorImageFiles":[],"guid":"a97bacd0-1722-409e-baaf-0d1389f63bba_5.0.0_1","appID":"YTSaver-211218","dateAdded":"211221","deceptorType":"App","name":"YT Saver","company":"LuckyDog Software, Inc.","version":"5.0.0","sigName":"Deceptor:Win32/YTSaver!165107","lastKnownStatus":"5.0.0","lastKnownDate":"211221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-12-21T19:09:37.703165+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1552},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a Hidden folder as “PW2” in Program Files Directory.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy and Privacy Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-002":"1. The App's version is not consistent between App interaction , its install and Landing Page (version 12.88 vs version 12.84). \n\n1.\tThe App shows different names as \"setup.exe\" in the running service/apps section.\n2.\tThe App's version is not consistent between App interaction , its install and Landing Page (version 12.88 vs version 12.84). \n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b2a4fbea06c8ac5cc93743044ad95175","hashSHA1":"631efa1438ae55cb00b7e61e0d621980f97ed879","hashSHA256":"3749cb2fa90d2d60e59e7e0cf62163b62decaacb1cbe806c6c9a521149e17701","sourceIndex":"341","avBlockList":["360 Total Security (20210527)","Avast Premium Security (20210527)","AVG Internet Security (20210527)","Avira Internet Security (20210527)","Bitdefender Internet Security (20210527)","Dr.Web Security Space (20210527)","ESET Internet Security (20210527)","G DATA INTERNET SECURITY (20210527)","K7 Total Security (20210527)","Kaspersky Internet Security (20210527)","Malwarebytes Premium (20210527)","McAfee Total Protection (20210527)","Norton Security (20210527)","Panda Dome (20210527)","Quick Heal Internet Security (20210527)","Sophos Home Premium (20210527)","SpyHunter5 (20210527)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20210527)","VIPRE Advanced Security (20210527)","VirIT eXplorer PRO (20210527)","Webroot SecureAnywhere (20210527)","Windows Defender (20210527)"],"avAllowList":["COMODO Antivirus (20210527)","Trend Micro Internet Security (20210527)"]},{"isRevoked":"False","fileName":"setup.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ba5a0de1e4731ac17038485392e6dcff9e3649e178d51d1b13864fc1809ae4c2","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Appdata.exe","companyName":"A","fileVersion":"1.0","hashMD5":"53acbac9f6339785e8319378719981d6","hashSHA1":"aa277a14d9e8ef5907adbedd7d5d848e51ae826d","hashSHA256":"1d27bbd3df300ce567e97685311fc782e21c0368fc8288a7b0e371b43c0108b9","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"load.exe","companyName":"A","fileVersion":"1.0","hashMD5":"6c1b5a31eda9050622c6dd5f1be486b3","hashSHA1":"e1f1e6ab46b146422096bc50f724c2d442d11ff3","hashSHA256":"0ca87dd7f977fa9c261f30f5292a7b76fe776e7326c00315b33175fa21f7cea6","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup1.exe","companyName":"A","fileVersion":"12.84","hashMD5":"5d74ef20c7ce8d751c2b080ee4e796e9","hashSHA1":"bd5a84b7a024b2a8ea835eae4fe7b5b9c8fbaeea","hashSHA256":"c43880a67e64749f162627a6f9fbc79e6c9a8f4ea3b94890a01cc9b1c9b3997b","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"load[2].exe","companyName":"A","fileVersion":"1.0","hashMD5":"942e6972d3f27e0ff870fd9f8e659d3a","hashSHA1":"c57032c76f7d8dee9c0aff1ff1e864246681bd62","hashSHA256":"0f1bdaa55015aa2aae2235cc5ecf92ea87ced7664e3e1e50dc11e22fa7cbbb22","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup[2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9854c5eec6452361d9ee83c4f872a0ea","hashSHA1":"cbaef40a1575714dd6c7f0a2d89a1d8178b32f29","hashSHA256":"6e4a280f98099c2d87fdc66ca572b4d456371cb7e257876439cfd44c753f2806","sourceIndex":"341","avBlockList":["360 Total Security (20210601)","Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Kaspersky Internet Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","Trend Micro Internet Security (20210601)","VIPRE Advanced Security (20210601)","VirIT eXplorer PRO (20210601)","Webroot SecureAnywhere (20210601)"],"avAllowList":["COMODO Antivirus (20210601)","Dr.Web Security Space (20210601)","Windows Defender (20210601)"]},{"isRevoked":"False","fileName":"setup [3 ].exe","companyName":"A","fileVersion":"12.84","hashMD5":"bce2fd1460e430ab34aa6bc8af3b656d","hashSHA1":"d97bf3fa62f2fa984266f097733f607c09285221","hashSHA256":"df59c043458d64ac0bbf49feebd1b04fff56db27e5ff6e8e69d1db49eb625de6","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup [3].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a9c66474305145caf8f906184ec37bda","hashSHA1":"95566e85e07e4088171623c007f38772614e5443","hashSHA256":"82fa375d81f80a5548870be16d7b7e5d774b9a1fdd77ea3ec890832b53d8437e","sourceIndex":"341","avBlockList":["360 Total Security (20210916)","Avast Premium Security (20210916)","AVG Internet Security (20210916)","Avira Internet Security (20210916)","Bitdefender Internet Security (20210916)","COMODO Antivirus (20210916)","ESET Internet Security (20210916)","G DATA INTERNET SECURITY (20210916)","K7 Total Security (20210916)","Kaspersky Internet Security (20210916)","Malwarebytes Premium (20210916)","McAfee Total Protection (20210916)","Norton Security (20210916)","Panda Dome (20210916)","Quick Heal Internet Security (20210916)","Sophos Home Premium (20210916)","SpyHunter5 (20210916)","Tencent PC Manager (20210916)","Total AV Antivirus Pro (20210916)","VIPRE Advanced Security (20210916)","VirIT eXplorer PRO (20210916)","Webroot SecureAnywhere (20210916)","Windows Defender (20210916)"],"avAllowList":["Dr.Web Security Space (20210916)","Trend Micro Internet Security (20210916)"]},{"isRevoked":"False","fileName":"Appdata4.exe","companyName":"A","fileVersion":"1.0","hashMD5":"0c4b7a2339edef44edf43af6f4ea0121","hashSHA1":"e730b572bc5870a06bb05fe2e721f321f59753d0","hashSHA256":"09613f0631c1d82f1698a0dfd44c15747ccd73f910b8662a82dc539017440f4c","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"load4.exe","companyName":"A","fileVersion":"1.0","hashMD5":"4e26bfd2719f113ee5af273fb5bcbdfe","hashSHA1":"87627c9f58cd8a0082f6472f2a7718cf66d0232c","hashSHA256":"304617ead5bdbd5d2d47b4313a29666507f234c60c91f0594583cbd4980aa872","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup[4].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"33ba1533cd72e42f229651be90111801","hashSHA1":"96a77a940b24ffa0e73b21526edbf322aae86fe5","hashSHA256":"8916485abc22fb24c5c039f32a3b31f9f27791b5a9c186be9fe6ce974c5be221","sourceIndex":"341","avBlockList":["360 Total Security (20210916)","Avast Premium Security (20210916)","AVG Internet Security (20210916)","Avira Internet Security (20210916)","Bitdefender Internet Security (20210916)","COMODO Antivirus (20210916)","ESET Internet Security (20210916)","G DATA INTERNET SECURITY (20210916)","K7 Total Security (20210916)","Malwarebytes Premium (20210916)","McAfee Total Protection (20210916)","Norton Security (20210916)","Panda Dome (20210916)","Quick Heal Internet Security (20210916)","Sophos Home Premium (20210916)","SpyHunter5 (20210916)","Tencent PC Manager (20210916)","Total AV Antivirus Pro (20210916)","Trend Micro Internet Security (20210916)","VIPRE Advanced Security (20210916)","VirIT eXplorer PRO (20210916)","Webroot SecureAnywhere (20210916)","Windows Defender (20210916)"],"avAllowList":["Dr.Web Security Space (20210916)","Kaspersky Internet Security (20210916)"]},{"isRevoked":"False","fileName":"setup4.exe","companyName":"A","fileVersion":"12.84","hashMD5":"5a6f8a6e27a2aa66da7873846816877f","hashSHA1":"60dc3069fe0c9b300ebd063068234321a554e3a3","hashSHA256":"6ee59382bc1e511c10868e2589eb9986c3db1051cb8f71b5f891bc90a608b980","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup[5].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fa01c468570c1418381b1f25f2cf9dbe","hashSHA1":"faf53cc7618c204f249e4d7a329491dd01d92b55","hashSHA256":"62ca09b155fa65b12382ee41618fefb8efac2fe76c70c1d66667260158b0f7c1","sourceIndex":"341","avBlockList":["Avast Premium Security (20210921)","AVG Internet Security (20210921)","Avira Internet Security (20210921)","Bitdefender Internet Security (20210921)","COMODO Antivirus (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","Malwarebytes Premium (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Quick Heal Internet Security (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20210921)","Trend Micro Internet Security (20210921)","VIPRE Advanced Security (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)"],"avAllowList":["360 Total Security (20210921)","Dr.Web Security Space (20210921)","Kaspersky Internet Security (20210921)"]},{"isRevoked":"False","fileName":"setup5.exe","companyName":"A","fileVersion":"12.84","hashMD5":"d02ed6a283a3e340db1c1dbf83e8f75e","hashSHA1":"995129957232e207ff87794be02922363c469ac6","hashSHA256":"dc72bb5127656bdf2f4081a447754f394cc9ce90041217024eca3b09e8122b05","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pstrial [6].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fefd4b7efbbc5cef08d50fe23d9246e7","hashSHA1":"bdedc87e41775dace4ade59c9bd985b4bf53e22e","hashSHA256":"63b8a8da4781646ab5d7ecc83686ed2e35f86a0d638bdf6a067a742eca632911","sourceIndex":"341","avBlockList":["Avast Premium Security (20220104)","AVG Internet Security (20220104)","Avira Internet Security (20220104)","Bitdefender Internet Security (20220104)","COMODO Antivirus (20220104)","ESET Internet Security (20220104)","G DATA INTERNET SECURITY (20220104)","K7 Total Security (20220104)","Kaspersky Internet Security (20220104)","Malwarebytes Premium (20220104)","McAfee Total Protection (20220104)","Norton Security (20220104)","Panda Dome (20220104)","Quick Heal Internet Security (20220104)","Sophos Home Premium (20220104)","SpyHunter5 (20220104)","Tencent PC Manager (20220104)","Total AV Antivirus Pro (20220104)","Trend Micro Internet Security (20220104)","VIPRE Advanced Security (20220104)","VirIT eXplorer PRO (20220104)","Webroot SecureAnywhere (20220104)","Windows Defender (20220104)"],"avAllowList":["360 Total Security (20220104)","Dr.Web Security Space (20220104)"]},{"isRevoked":"False","fileName":"setup6.exe","companyName":"A","fileVersion":"12.84","hashMD5":"2238da1103812beb94cb79f49e2ed847","hashSHA1":"6d7dd67811fa00f29df74ed955b9a490294e3385","hashSHA256":"249883a53971ba33a39a14a314a8def7e17fff6af7b8e6556ce8d4b341951b1e","sourceIndex":"341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"p5 [7].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fb02b095437008a0981e0b5cdb00bd2b","hashSHA1":"7d4b3e0d9744c064e25b6ffe8991b9fa789b3cc9","hashSHA256":"f4dbf9a3ef2e013f401372b03d0e06b10921bfd5be6fbd7f1f255b04c678d4b5","sourceIndex":"341","avBlockList":["Avast Premium Security (20220526)","AVG Internet Security (20220526)","Avira Internet Security (20220526)","Bitdefender Internet Security (20220526)","COMODO Antivirus (20220526)","ESET Internet Security (20220526)","G DATA INTERNET SECURITY (20220526)","K7 Total Security (20220526)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20220526)","McAfee Total Protection (20220526)","Norton Security (20220526)","Panda Dome (20220526)","Quick Heal Internet Security (20220526)","Sophos Home Premium (20220526)","SpyHunter5 (20220526)","Total AV Antivirus Pro (20220526)","VIPRE Advanced Security (20220526)","VirIT eXplorer PRO (20220526)","Webroot SecureAnywhere (20220526)","Windows Defender (20220526)"],"avAllowList":["360 Total Security (20220526)","Dr.Web Security Space (20220526)","Tencent PC Manager (20220526)","Trend Micro Internet Security (20220526)"]},{"isRevoked":"False","fileName":"setup [7].exe","companyName":"A","fileVersion":"12.84","hashMD5":"e651605671672948c60a27f51cbc15f7","hashSHA1":"756129a6f59fa059457587469a3c0b7cd2b774d8","hashSHA256":"ab54a0e384535e64bada62adc0d1124bea3c2c793cde9d5339d26d0cfb858ceb","sourceIndex":"341","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://ematrixsoft.com/index.php","landingPage":"https://ematrixsoft.com/power-spy-software.php","directDownloadingLink":"http://3.3.ematrixsoft.com/1/setup.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://3.3.ematrixsoft.com/1/setup.zip","sourceIndex":"341"}],"sampleFiles":["211221/PowerSpy-200907/12.84.0/Samples/setup.exe","211221/PowerSpy-200907/12.84.0/Samples/setup.zip","211221/PowerSpy-200907/12.84.0/Samples/Appdata.exe","211221/PowerSpy-200907/12.84.0/Samples/load.exe","211221/PowerSpy-200907/12.84.0/Samples/setup1.exe","211221/PowerSpy-200907/12.84.0/Samples/load[2].exe","211221/PowerSpy-200907/12.84.0/Samples/setup[2].exe","211221/PowerSpy-200907/12.84.0/Samples/setup [3 ].exe","211221/PowerSpy-200907/12.84.0/Samples/setup [3].exe","211221/PowerSpy-200907/12.84.0/Samples/Appdata4.exe","211221/PowerSpy-200907/12.84.0/Samples/load4.exe","211221/PowerSpy-200907/12.84.0/Samples/setup[4].exe","211221/PowerSpy-200907/12.84.0/Samples/setup4.exe","211221/PowerSpy-200907/12.84.0/Samples/setup[5].exe","211221/PowerSpy-200907/12.84.0/Samples/setup5.exe","211221/PowerSpy-200907/12.84.0/Samples/pstrial [6].exe","211221/PowerSpy-200907/12.84.0/Samples/setup6.exe","211221/PowerSpy-200907/12.84.0/Samples/p5 [7].exe","211221/PowerSpy-200907/12.84.0/Samples/setup [7].exe"],"imageFiles":["211221/PowerSpy-200907/12.84.0/Images/ACR-084/Power Spy_Configuration [1] StealthMode.png","211221/PowerSpy-200907/12.84.0/Images/ACR-084/Power Spy_Configuration [8] StealthMode.png","211221/PowerSpy-200907/12.84.0/Images/ACR-084/Power Spy_Interactions [3] HotKey.png","211221/PowerSpy-200907/12.84.0/Images/ACR-086/Power Spy_Configuration [1] StealthMode.png","211221/PowerSpy-200907/12.84.0/Images/ACR-086/Power Spy_Configuration [2].png","211221/PowerSpy-200907/12.84.0/Images/ACR-086/Power Spy_Configuration [3].png","211221/PowerSpy-200907/12.84.0/Images/ACR-086/Power Spy_Configuration [4].png","211221/PowerSpy-200907/12.84.0/Images/ACR-086/Power Spy_Configuration [5].png","211221/PowerSpy-200907/12.84.0/Images/ACR-086/Power Spy_Configuration [6].png","211221/PowerSpy-200907/12.84.0/Images/ACR-086/Power Spy_Configuration [7].png","211221/PowerSpy-200907/12.84.0/Images/ACR-086/Power Spy_Configuration [8] StealthMode.png","211221/PowerSpy-200907/12.84.0/Images/ACR-048/Power Spy_Configuration [1] StealthMode.png","211221/PowerSpy-200907/12.84.0/Images/ACR-048/Power Spy_Configuration [8] StealthMode.png","211221/PowerSpy-200907/12.84.0/Images/ACR-048/Power Spy_Interactions [3] HotKey.png","211221/PowerSpy-200907/12.84.0/Images/ACR-007/Power Spy_Configuration [1] StealthMode.png","211221/PowerSpy-200907/12.84.0/Images/ACR-007/Power Spy_Configuration [8] StealthMode.png","211221/PowerSpy-200907/12.84.0/Images/ACR-007/Power Spy_Interactions [3] HotKey.png","211221/PowerSpy-200907/12.84.0/Images/ACR-116/Power Spy_ControlPanel [1] .png"],"nonDeceptorImageFiles":["211221/PowerSpy-200907/12.84.0/Images/ACR-038/Power Spy_FileProperty [1] Installer 1.png","211221/PowerSpy-200907/12.84.0/Images/ACR-040/Power Spy_FileProperty [4] Hidden in ProgramFiles .png","211221/PowerSpy-200907/12.84.0/Images/ACR-065/Power Spy_Install [1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-065/Power Spy_Install [2].png","211221/PowerSpy-200907/12.84.0/Images/ACR-002/Power Spy_About[1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-002/Power Spy_Install [1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-065/Power Spy_About[1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-002/Power Spy_FileProperty [5] RunningProcess.png","211221/PowerSpy-200907/12.84.0/Images/ACR-002/Power Spy_About[1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-002/Power Spy_Install [1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-065/Power Spy_LandingPage [1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-065/Power Spy_LandingPage [2].png","211221/PowerSpy-200907/12.84.0/Images/ACR-099/Power Spy_LandingPage [1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-099/Power Spy_LandingPage [2].png","211221/PowerSpy-200907/12.84.0/Images/ACR-065/Power Spy_OfferPage [1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-065/Power Spy_OfferPage [2].png","211221/PowerSpy-200907/12.84.0/Images/ACR-065/Power Spy_OfferPage [3].png","211221/PowerSpy-200907/12.84.0/Images/ACR-099/Power Spy_OfferPage [1].png","211221/PowerSpy-200907/12.84.0/Images/ACR-099/Power Spy_OfferPage [2].png"],"guid":"18c1564a-f8e0-4622-a120-580ce24dd0d7_12.84.0_1","appID":"PowerSpy-200907","dateAdded":"211221","deceptorType":"App","name":"Power Spy","company":"EMATRIXSOFT, Inc","version":"12.84.0","sigName":"Deceptor:Win32/PowerSpyStalkerware!084086048007116","lastKnownStatus":"12.84.0","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:17.9537895+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1553},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a Hidden folder as “PW2” in Program Files Directory.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy and Privacy Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-002":"The App's version is not consistent between App interaction , its install and Landing Page (version 12.90 vs version 12.84).\n\n1. The App shows different names as \"setup.exe\" in the running service/apps section.\n2. The App's version is not consistent between App interaction, its installation, and Landing Page (version 12.90 vs version 12.84). \n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Google Search: windows keylogger","reference":"https://ematrixsoft.com/index.php","landingPage":"https://ematrixsoft.com/power-spy-software.php","directDownloadingLink":"http://3.3.ematrixsoft.com/1/setup.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://3.3.ematrixsoft.com/1/setup.zip","sourceIndex":"342"}],"sampleFiles":[],"imageFiles":["211221/PowerSpy-200907/12.90/Images/ACR-084/ACR-084_1.JPG","211221/PowerSpy-200907/12.90/Images/ACR-084/ACR-084_2.JPG","211221/PowerSpy-200907/12.90/Images/ACR-084/ACR-084.JPG","211221/PowerSpy-200907/12.90/Images/ACR-086/ACR-086.JPG","211221/PowerSpy-200907/12.90/Images/ACR-086/ACR-086_1.JPG","211221/PowerSpy-200907/12.90/Images/ACR-086/ACR-086_2.JPG","211221/PowerSpy-200907/12.90/Images/ACR-086/ACR-086_3.JPG","211221/PowerSpy-200907/12.90/Images/ACR-086/ACR-086_4.JPG","211221/PowerSpy-200907/12.90/Images/ACR-086/ACR-086_5.JPG","211221/PowerSpy-200907/12.90/Images/ACR-086/ACR-086_6.JPG","211221/PowerSpy-200907/12.90/Images/ACR-086/ACR-086_7.JPG","211221/PowerSpy-200907/12.90/Images/ACR-048/ACR-048.JPG","211221/PowerSpy-200907/12.90/Images/ACR-048/ACR-048_1.JPG","211221/PowerSpy-200907/12.90/Images/ACR-048/ACR-048_2.JPG","211221/PowerSpy-200907/12.90/Images/ACR-007/ACR-007.JPG","211221/PowerSpy-200907/12.90/Images/ACR-007/ACR-007_1.JPG","211221/PowerSpy-200907/12.90/Images/ACR-007/ACR-007_2.JPG","211221/PowerSpy-200907/12.90/Images/ACR-116/ACR-116.JPG"],"nonDeceptorImageFiles":["211221/PowerSpy-200907/12.90/Images/ACR-038/ACR-038.JPG","211221/PowerSpy-200907/12.90/Images/ACR-040/ACR-040.JPG","211221/PowerSpy-200907/12.90/Images/ACR-065/ACR-065_Install.JPG","211221/PowerSpy-200907/12.90/Images/ACR-065/ACR-065_Install_1.JPG","211221/PowerSpy-200907/12.90/Images/ACR-002/ACR-002_Install.JPG","211221/PowerSpy-200907/12.90/Images/ACR-002/ACR-002_Install_.JPG","211221/PowerSpy-200907/12.90/Images/ACR-065/ACR-065_Software.JPG","211221/PowerSpy-200907/12.90/Images/ACR-002/ACR-002_Software_1.JPG","211221/PowerSpy-200907/12.90/Images/ACR-002/ACR-002_Software_2.JPG","211221/PowerSpy-200907/12.90/Images/ACR-002/ACR-002_Software_3.JPG","211221/PowerSpy-200907/12.90/Images/ACR-065/ACR-065_Landingpage.jpg","211221/PowerSpy-200907/12.90/Images/ACR-099/ACR-065_Landingpage.jpg","211221/PowerSpy-200907/12.90/Images/ACR-065/ACR-065_InternalOffers.jpg","211221/PowerSpy-200907/12.90/Images/ACR-099/ACR-099_InternalOffers.jpg"],"guid":"18c1564a-f8e0-4622-a120-580ce24dd0d7_12.90_1","appID":"PowerSpy-200907","dateAdded":"211221","deceptorType":"App","name":"Power Spy","company":"EMATRIXSOFT, Inc","version":"12.90","lastKnownStatus":"12.84.0","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:17.9843524+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1554},{"violations":{"ACR-048":"1. The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable the app.\n2. The app does not provide any control to close the process that runs silently in the background within the app's settings.\n","ACR-007":"The app enables the consumer to hide it from the installed apps list, which prevents the targeted consumer from being aware of the app's presence. The app does not display explicit notification when it is running and requires a hotkey and password to open it.\n","ACR-084":"1. The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in the application list and locates its installation directory inside of a hidden system directory and it requires a hotkey and password to open it.\n2. On quitting the app, the process runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app is not found in the Applications folder and therefore cannot be uninstalled there.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"The app fails to remove all of its monetization components after the consumer uninstalls it.\n","ACR-014":"The app calls itself \"knd”, which is not related to the name \"KidInspector\", which misleads the targeted consumer. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"KidInspectorInstaller.pkg","fileVersion":"","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1754","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspector","companyName":"CleverControl LLC","productName":"KidInspector","productVersion":"11.6.15","fileVersion":"11.6.15","hashMD5":"07cb9c73719dd0177f1d466ecaa033ae","hashSHA1":"e27f90acd47585532086d293f5de67be07a91d9a","hashSHA256":"fdb29f9efeaac15889ccc2794f231ff2b49b63b26efb0a74cf1dbda418db3ffc","digitalCertThumbprint":"71B01523-7C87-3006-8838-5E155DA0473D","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Anatoly Nevelev (92AY74H3M3)","sourceIndex":"1754","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidInspectorInstaller.pkg","isInstaller":"True","companyName":"CleverControl LLC","productName":"KidInspector","productVersion":"11.6.15","fileVersion":"11.6.15","hashMD5":"","hashSHA1":"","hashSHA256":"d328b89d27f4762fd76fc2693f528f75c4720c00c754087c635ea8a1b84d4c87","digitalCertThumbprint":"71B01523-7C87-3006-8838-5E155DA0473D","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Anatoly Nevelev (92AY74H3M3)","sourceIndex":"1754","avBlockList":["Avast Security for Mac (20220614)","Avira Security for Mac (20220614)","Bitdefender Antivirus for Mac (20220614)","ESET Cyber Security Pro for Mac (20220614)","G DATA AntiVirus for Mac (20220614)","K7 Antivirus for Mac (20220614)","Norton Security for Mac (20220614)","Sophos Home Premium For Mac (20220614)","Trend Micro Antivirus for Mac (20220614)"],"avAllowList":["Kaspersky Internet Security for Mac (20220614)","McAfee Internet Security for Mac (20220614)"]}],"additionalFiles":[],"sources":[{"howFound":"Same vendor","reference":"","landingPage":"https://kidinspector.com/desktop-features","directDownloadingLink":"https://kidinspector.com/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidinspector.com/download/","sourceIndex":"1754"}],"sampleFiles":["211221/kidinspectorformac-211221/11.6.15/Samples/KidInspectorInstaller.pkg"],"imageFiles":["211221/kidinspectorformac-211221/11.6.15/Images/ACR-084/ACR-084_Software.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-084/ACR-084_Software_1.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-084/ACR-084_Software_2.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-084/ACR-084_Software_Process_3.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-086/ACR-086_Software.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-086/ACR-086_Software_1.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-086/ACR-086_Software_2.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-048/ACR-048_Software.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-048/ACR-048_Software_1.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-048/ACR-048_Software_2.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-048/ACR-048_Software_3.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-007/ACR-007_Software.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-007/ACR-007_Software_1.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-007/ACR-007_Software_2.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-007/ACR-007_Software_3.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-014/ACR-014_Software_Process.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-116/ACR-116_Software.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-118/ACR-118_Uninstall_Retains.png","211221/kidinspectorformac-211221/11.6.15/Images/ACR-119/ACR-119_Uninstall_Retains.png"],"nonDeceptorImageFiles":[],"guid":"84ab8cec-8add-4e88-954f-94bcb4309e4b_11.6.15_1","appID":"kidinspectorformac-211221","dateAdded":"211221","deceptorType":"MacOS App","name":"Kid Inspector For Mac","company":"CleverControl LLC","version":"11.6.15","sigName":"Deceptor:MacOS/KidInspectorForMacStalkerware!084086048007014116118119","lastKnownStatus":"11.6.15","lastKnownDate":"211221","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-12-21T23:36:40.41319+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1556},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app requires a hotkey and a password to open it.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app is installed in a Hidden folder as “SSSIA” in Program Files Directory.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the Returns and Cancellations Policy.\n","ACR-002":"The App's version is not consistent between App interaction and its install (version 9.53.0 vs version 9.52.0). \n1. The App's version is not consistent between App interaction and its install (version 9.53.0 vs version 9.52.0). \n2. The App shows different names as \"setup.exe\" in the running service/apps section.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"ss.exe","fileVersion":"0.0","hashMD5":"eea05d096ff77b06514e2bf8667a901f","hashSHA1":"25618949824090a92468bf96ab1a26f420f32f73","hashSHA256":"a320e9964b86fa1242bec0a99bd7ce88642dbee17cbe5a51bab3f3faf4445c5b","sourceIndex":"340","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","fileVersion":"9.52","hashMD5":"1f06ef38b6a8d0dbe9e2f7fb9b7c39dc","hashSHA1":"102af6151e652d5d9ccdba1400649d9999e381d1","hashSHA256":"247c63db9db872edcc0b15d6d088d1450dc673411f4ee9ab02725a62ebb10512","sourceIndex":"340","avBlockList":["360 Total Security (20201006)","Avast Premium Security (20201006)","AVG Internet Security (20201006)","Avira Internet Security (20201006)","Bitdefender Internet Security (20201006)","COMODO Antivirus (20201006)","ESET Internet Security (20201006)","G DATA INTERNET SECURITY (20201006)","K7 Total Security (20201006)","Malwarebytes Premium (20201006)","McAfee Total Protection (20201006)","Norton Security (20201006)","Panda Dome (20201006)","Sophos Home Premium (20201006)","SpyHunter5 (20201006)","Tencent PC Manager (20201006)","Total AV Antivirus Pro (20201006)","Trend Micro Internet Security (20201006)","VIPRE Advanced Security (20201006)","VirIT eXplorer PRO (20201006)","Webroot SecureAnywhere (20201006)","Windows Defender (20201006)"],"avAllowList":["Dr.Web Security Space (20201006)","Kaspersky Internet Security (20201006)","Quick Heal Internet Security (20201006)"]},{"isRevoked":"False","fileName":"ss.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3da2735086ebf22058ac091b177361e7c68f912629c684f2fe8b6a47ed29b1ab","sourceIndex":"340","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ss[2].exe","fileVersion":"0.0","hashMD5":"0f908bb363e0d75ae5bf106e2199d559","hashSHA1":"142e0be9015372ecf0cced2cd106d28c20086266","hashSHA256":"7836831d457b27456a3ef4f3c367ac890b6297f5d17555749a2780f6159de4c3","sourceIndex":"340","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup[2].exe","fileVersion":"9.52","hashMD5":"c74ab0c061239a34b4fdcb99e9ea884d","hashSHA1":"7ea78a7c2c5154dc6deed93d7477b4ef2b821a26","hashSHA256":"b3f10336b84e4c229e435cacf6339441e2d49d0c840e28c5e9570eae01d9f870","sourceIndex":"340","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup [3].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"22ff615551c57e8e5892d77bac13bb83","hashSHA1":"d69f5074413f09f8806c8821259859b686421ed9","hashSHA256":"71573889959049242ecc592edf24c316c09d9b924704ada234e72f5b564ad3be","sourceIndex":"340","avBlockList":["360 Total Security (20220104)","Avast Premium Security (20220104)","AVG Internet Security (20220104)","Avira Internet Security (20220104)","Bitdefender Internet Security (20220104)","COMODO Antivirus (20220104)","Dr.Web Security Space (20220104)","ESET Internet Security (20220104)","G DATA INTERNET SECURITY (20220104)","K7 Total Security (20220104)","Kaspersky Internet Security (20220104)","Malwarebytes Premium (20220104)","McAfee Total Protection (20220104)","Norton Security (20220104)","Panda Dome (20220104)","Quick Heal Internet Security (20220104)","Sophos Home Premium (20220104)","SpyHunter5 (20220104)","Tencent PC Manager (20220104)","Total AV Antivirus Pro (20220104)","VIPRE Advanced Security (20220104)","VirIT eXplorer PRO (20220104)","Webroot SecureAnywhere (20220104)","Windows Defender (20220104)"],"avAllowList":["Trend Micro Internet Security (20220104)"]},{"isRevoked":"False","fileName":"Setup[4].exe","fileVersion":"9.52","hashMD5":"4cc99b6da5a7d8a2c1a2003e4850dac2","hashSHA1":"03777231a3b23db5babe1ec19af3f7d23c546c17","hashSHA256":"23117e64747f5f4f44d1b987e7a22327586f541fd07d3283f5031a53c1824636","sourceIndex":"340","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ss [4].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ce1140e10c4b0bd2e91e40d29aac840e","hashSHA1":"70cb533e1558e9de0d6e97f5cd9ef1ec0d75d7f2","hashSHA256":"071cce63260ea4703d42daa4777707f7ee5799369e4a806e6a3a02634898642f","sourceIndex":"340","avBlockList":["360 Total Security (20220104)","Avast Premium Security (20220104)","AVG Internet Security (20220104)","Avira Internet Security (20220104)","Bitdefender Internet Security (20220104)","COMODO Antivirus (20220104)","ESET Internet Security (20220104)","G DATA INTERNET SECURITY (20220104)","K7 Total Security (20220104)","Kaspersky Internet Security (20220104)","Malwarebytes Premium (20220104)","McAfee Total Protection (20220104)","Norton Security (20220104)","Panda Dome (20220104)","Quick Heal Internet Security (20220104)","Sophos Home Premium (20220104)","SpyHunter5 (20220104)","Tencent PC Manager (20220104)","Total AV Antivirus Pro (20220104)","Trend Micro Internet Security (20220104)","VIPRE Advanced Security (20220104)","VirIT eXplorer PRO (20220104)","Webroot SecureAnywhere (20220104)","Windows Defender (20220104)"],"avAllowList":["Dr.Web Security Space (20220104)"]},{"isRevoked":"False","fileName":"ss [5].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b232e2f9d06895953893e229d87590b4","hashSHA1":"a2ad3e1a1516cbd0525704b492031b6ffdcdea0d","hashSHA256":"e0f7e6bfada1eee2d6de5f99430c7ea69143da9276d86c4e4b8d17815aaa1b80","sourceIndex":"340","avBlockList":["360 Total Security (20220526)","Avast Premium Security (20220526)","AVG Internet Security (20220526)","Avira Internet Security (20220526)","Bitdefender Internet Security (20220526)","COMODO Antivirus (20220526)","Dr.Web Security Space (20220526)","ESET Internet Security (20220526)","G DATA INTERNET SECURITY (20220526)","K7 Total Security (20220526)","Kaspersky Internet Security (20220526)","Malwarebytes Premium (20220526)","McAfee Total Protection (20220526)","Norton Security (20220526)","Panda Dome (20220526)","Quick Heal Internet Security (20220526)","Sophos Home Premium (20220526)","SpyHunter5 (20220526)","Total AV Antivirus Pro (20220526)","Trend Micro Internet Security (20220526)","VIPRE Advanced Security (20220526)","VirIT eXplorer PRO (20220526)","Webroot SecureAnywhere (20220526)","Windows Defender (20220526)"],"avAllowList":["Tencent PC Manager (20220526)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Hunt - Spy monitor","reference":"https://ematrixsoft.com/index.php","landingPage":"https://ematrixsoft.com/pc-screen-spy-monitor-software.php ","directDownloadingLink":"http://4.4.ematrixsoft.com/1/ss.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://4.4.ematrixsoft.com/1/ss.zip","sourceIndex":"340"}],"sampleFiles":["211221/PCScreenSpyMonitor-200921/9.52.0/Samples/ss.exe","211221/PCScreenSpyMonitor-200921/9.52.0/Samples/Setup.exe","211221/PCScreenSpyMonitor-200921/9.52.0/Samples/ss.zip","211221/PCScreenSpyMonitor-200921/9.52.0/Samples/ss[2].exe","211221/PCScreenSpyMonitor-200921/9.52.0/Samples/Setup[2].exe","211221/PCScreenSpyMonitor-200921/9.52.0/Samples/setup [3].exe","211221/PCScreenSpyMonitor-200921/9.52.0/Samples/Setup[4].exe","211221/PCScreenSpyMonitor-200921/9.52.0/Samples/ss [4].exe","211221/PCScreenSpyMonitor-200921/9.52.0/Samples/ss [5].exe"],"imageFiles":["211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-084/PC Screen Spy Monitor_Settings [2] Setup Password.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-084/PC Screen Spy Monitor_Settings [3] Password.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-084/PC Screen Spy Monitor_Interactions [1] HotKey.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-086/PC Screen Spy Monitor_Interactions [1] HotKey.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-086/PC Screen Spy Monitor_Settings [3] Password.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-086/PC Screen Spy Monitor_Interactions [6] Config.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-086/PC Screen Spy Monitor_Interactions [7] Config.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-086/PC Screen Spy Monitor_Interactions [8] Config.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-048/PC Screen Spy Monitor_Interactions [1] HotKey.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-048/PC Screen Spy Monitor_Settings [2] Setup Password.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-048/PC Screen Spy Monitor_Settings [3] Password.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-007/PC Screen Spy Monitor_Interactions [1] HotKey.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-007/PC Screen Spy Monitor_Settings [2] Setup Password.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-007/PC Screen Spy Monitor_Settings [3] Password.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-116/PC Screen Spy Monitor_ControlPanel [1].png"],"nonDeceptorImageFiles":["211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-038/PC Screen Spy Monitor_FileComponents [4] Properties.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-040/PC Screen Spy Monitor_FileComponents [1] Hidden.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_Install [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_Install [2].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_Install [3].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-002/PC Screen Spy Monitor_Install [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-002/PC Screen Spy Monitor_About [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_About [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-002/PC Screen Spy Monitor_About [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-002/PC Screen Spy Monitor_Install [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-002/PC Screen Spy Monitor_FileComponents [6] RunningProcess.png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_LandingPage [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_LandingPage [2].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-099/PC Screen Spy Monitor_LandingPage [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-099/PC Screen Spy Monitor_LandingPage [2].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_OfferPage [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_OfferPage [2].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-065/PC Screen Spy Monitor_OfferPage [3].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-099/PC Screen Spy Monitor_OfferPage [1].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-099/PC Screen Spy Monitor_OfferPage [2].png","211221/PCScreenSpyMonitor-200921/9.52.0/Images/ACR-099/PC Screen Spy Monitor_OfferPage [3].png"],"guid":"c02370fe-6b9d-4dce-a36e-38936f1cef2e_9.52.0_1","appID":"PCScreenSpyMonitor-200921","dateAdded":"211221","deceptorType":"App","name":"PC Screen Spy Monitor","company":"EMATRIXSOFT, Inc","version":"9.52.0","sigName":"Deceptor:Win32/PCScreenSpyMonitorStalkerware!084086048007116","lastKnownStatus":"9.52.0","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:17.9203+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1555},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent.\n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear. \n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-161":" The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"date-time-counter.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"Date Time Counter","productVersion":"9.0.056.0","fileVersion":"9.0.56.0","hashMD5":"35b4fbe52724a306c8e53cd22118c534","hashSHA1":"9f2b5794027393d3d9376fe97abf4e2f898b8fd1","hashSHA256":"e4d96e9e47bbc2d6971e8f7355a8c1ca280cd746c85bb50d2468dff237ea0359","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1755","avBlockList":["Avast Premium Security (20211230)","AVG Internet Security (20211230)","Avira Internet Security (20211230)","COMODO Antivirus (20211230)","Dr.Web Security Space (20211230)","ESET Internet Security (20211230)","G DATA INTERNET SECURITY (20211230)","K7 Total Security (20211230)","Kaspersky Internet Security (20211230)","Malwarebytes Premium (20211230)","McAfee Total Protection (20211230)","Norton Security (20211230)","Panda Dome (20211230)","Quick Heal Internet Security (20211230)","Sophos Home Premium (20211230)","SpyHunter5 (20211230)","Tencent PC Manager (20211230)","Total AV Antivirus Pro (20211230)","Trend Micro Internet Security (20211230)","VIPRE Advanced Security (20211230)","VirIT eXplorer PRO (20211230)","Webroot SecureAnywhere (20211230)","Windows Defender (20211230)"],"avAllowList":["360 Total Security (20211230)","Bitdefender Internet Security (20211230)"]},{"isRevoked":"False","fileName":"Date Time Counter.exe","companyName":"TriSun Software Limited","productName":"Date Time Counter","productVersion":"9.0.056.0","fileVersion":"9.0.56.0","hashMD5":"bf3c57a5c592e3b44ca00e9032e5c3da","hashSHA1":"b177f751c985b0ceb8c6e48713e1c629418b551d","hashSHA256":"0863bbc90f55a9d5592aa4b7b0ac706ba17611e33ba5cc1b7034c5f54ec0dd2e","digitalCertThumbprint":"E9FCF9B4824E341992340902AE0D6D9C87A6583E","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=Mong Kok, C=HK","sourceIndex":"1755","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/date-time-counter/date-time-counter.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/date-time-counter/date-time-counter.zip","sourceIndex":"1755"}],"sampleFiles":["211221/DateTimeCounter-211217/9.0.056.0/Samples/date-time-counter.exe","211221/DateTimeCounter-211217/9.0.056.0/Samples/Date Time Counter.exe"],"imageFiles":["211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-109/DTC RK Offer.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-039/DTC RK Offer.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-010/DTC RK Offer.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-010/RK EULA.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-059/RK EULA.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-155/DTC RK Offer.png"],"nonDeceptorImageFiles":["211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-065/DTC EULA.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-065/DTC About.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-065/TriSun Landing Page.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-017/DTC Badges.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-161/DTC Testimonials.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-106/DTC RK Offer.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-099/DTC About.png","211221/DateTimeCounter-211217/9.0.056.0/Images/ACR-099/DTC Landing page.png"],"guid":"37666fba-1405-4b16-bad3-9dd4111855e1_9.0.056.0_1","appID":"DateTimeCounter-211217","dateAdded":"211221","deceptorType":"Bundler","name":"Date Time Counter","company":"TriSun Software Limited","version":"9.0.056.0","sigName":"Deceptor:Win32/DateTimeCounter!109039010059155","lastKnownStatus":"9.0.056.0","lastKnownDate":"211221","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2021-12-21T22:56:29.8619571+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1557},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent.\n","ACR-010":"The app bundler distributes deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows the deceptive affiliates to distribute without control. See RelevantKnowledge deceptor details.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear. \n","ACR-039":"There are no clear indications of the relationship to the installer application. RelevantKnowledge is presented as part of the installer application.\n","ACR-155":"The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"winext-so.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"WinExt System Optimizer","productVersion":"1.0.001","fileVersion":"1.0.1.0","hashMD5":"d3195449635208d08df1518dde465410","hashSHA1":"3549bbe0191963c891da8eeceeac86585d884461","hashSHA256":"22dec0eb89e25703c765998ceeba1b97e09a4b423896a691f63caa4fea8246ac","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1757","avBlockList":["360 Total Security (20220104)","Avast Premium Security (20220104)","AVG Internet Security (20220104)","Avira Internet Security (20220104)","Bitdefender Internet Security (20220104)","COMODO Antivirus (20220104)","Dr.Web Security Space (20220104)","ESET Internet Security (20220104)","G DATA INTERNET SECURITY (20220104)","K7 Total Security (20220104)","Kaspersky Internet Security (20220104)","Malwarebytes Premium (20220104)","McAfee Total Protection (20220104)","Norton Security (20220104)","Panda Dome (20220104)","Quick Heal Internet Security (20220104)","Sophos Home Premium (20220104)","SpyHunter5 (20220104)","Tencent PC Manager (20220104)","Total AV Antivirus Pro (20220104)","VIPRE Advanced Security (20220104)","VirIT eXplorer PRO (20220104)","Webroot SecureAnywhere (20220104)","Windows Defender (20220104)"],"avAllowList":["Trend Micro Internet Security (20220104)"]},{"isRevoked":"False","fileName":"WinExt System Optimizer.exe","companyName":"TriSun Software Limited","productName":"WinExt System Optimizer","productVersion":"1.0.001","fileVersion":"1.0.1.0","hashMD5":"8d7e021246eb0ac347d1d6cfc654aa83","hashSHA1":"c78fff7041804ad389f3bf459ba39d8452e9722b","hashSHA256":"9789e1da31ce097e133b6835a2628c09bbf66d137503142277f2870451089fc1","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"1757","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"trisun website","reference":"","landingPage":"https://www.trisunsoft.com/","directDownloadingLink":"https://www.trisunsoft.com/files/weso.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.trisunsoft.com/files/weso.zip","sourceIndex":"1757"}],"sampleFiles":["211220/WinExtSystemOptimizer-211218/1.0.001/Samples/winext-so.exe","211220/WinExtSystemOptimizer-211218/1.0.001/Samples/WinExt System Optimizer.exe"],"imageFiles":["211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-109/RK Offer and Install.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-039/RK EULA.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-039/RK Offer and Install.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-010/RK EULA.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-010/RK Offer and Install.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-059/RK EULA.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-155/RK EULA.png"],"nonDeceptorImageFiles":["211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-065/WinExt SO EULA.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-065/WinExt SO About.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-065/WinExt SO Landing Page.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-017/WinExt SO Badges.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-106/RK EULA.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-106/RK Offer and Install.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-099/WinExt SO About.png","211220/WinExtSystemOptimizer-211218/1.0.001/Images/ACR-099/WinExt SO Landing Page.png"],"guid":"a4822378-f805-4b16-be37-aecdf1aedd7f_1.0.001_1","appID":"WinExtSystemOptimizer-211218","dateAdded":"211220","deceptorType":"Bundler","name":"WinExt System Optimizer","company":"TriSun Software Limited","version":"1.0.001","sigName":"Deceptor:Win32/WinExtSystemOptimizer!109039010059155","lastKnownStatus":"1.0.001","lastKnownDate":"211220","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2021-12-20T23:37:24.8492177+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1558},{"violations":{"ACR-048":"The app requires a password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer and it also prevents the app from showing in system tray.\n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offers page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"KidLogger.app.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8cbb1c130056ce46df421a42a7ed65796c5ee7770fd4c4b5fc0afe5ecc55e128","sourceIndex":"1758","avBlockList":["Avast Security for Mac (20220308)","Avira Security for Mac (20220308)","Bitdefender Antivirus for Mac (20220308)","ESET Cyber Security Pro for Mac (20220308)","G DATA AntiVirus for Mac (20220308)","K7 Antivirus for Mac (20220308)","Norton Security for Mac (20220308)","Sophos Home Premium For Mac (20220308)","Trend Micro Antivirus for Mac (20220308)"],"avAllowList":["Kaspersky Internet Security for Mac (20220308)","McAfee Internet Security for Mac (20220308)"]},{"isRevoked":"False","fileName":"setup-mac.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9ecd7788e26feb7bda846454435778f62d8cbd7cf1de9a090309eeb831c20bfd","sourceIndex":"1758","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidLogger","fileVersion":"0.","hashMD5":"7275f3f1de4907b601e4770ff1fbaf18","hashSHA1":"ae58cf6ea36f5a634c05693979927b3c0695ee69","hashSHA256":"924c75fe7aba7a0fb1252d244de5b2bc78883fcac0fb18714fa9cadf6cebcd02","sourceIndex":"1758","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://kidlogger.net/","landingPage":"https://kidlogger.net/","directDownloadingLink":"https://kidlogger.net/download/mac","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://kidlogger.net/download/mac","sourceIndex":"1758"}],"sampleFiles":["211220/Kidlogger-201119/1.8.21/Samples/KidLogger.app.zip","211220/Kidlogger-201119/1.8.21/Samples/setup-mac.zip","211220/Kidlogger-201119/1.8.21/Samples/KidLogger"],"imageFiles":["211220/Kidlogger-201119/1.8.21/Images/ACR-084/KidLogger_Interactions [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-084/KidLogger_Interactions [2].png","211220/Kidlogger-201119/1.8.21/Images/ACR-084/KidLogger_RunningProcess [2].png","211220/Kidlogger-201119/1.8.21/Images/ACR-086/KidLogger_Interactions [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-086/KidLogger_Interactions [2].png","211220/Kidlogger-201119/1.8.21/Images/ACR-086/KidLogger_Interactions [3].png","211220/Kidlogger-201119/1.8.21/Images/ACR-086/KidLogger_Interactions [4].png","211220/Kidlogger-201119/1.8.21/Images/ACR-086/KidLogger_Interactions [5].png","211220/Kidlogger-201119/1.8.21/Images/ACR-086/KidLogger_Interactions [6].png","211220/Kidlogger-201119/1.8.21/Images/ACR-086/KidLogger_Interactions [7].png","211220/Kidlogger-201119/1.8.21/Images/ACR-048/KidLogger_Interactions [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-048/KidLogger_Interactions [2].png","211220/Kidlogger-201119/1.8.21/Images/ACR-007/KidLogger_Interactions [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-007/KidLogger_Interactions [5].png","211220/Kidlogger-201119/1.8.21/Images/ACR-007/KidLogger_RunningProcess [2].png"],"nonDeceptorImageFiles":["211220/Kidlogger-201119/1.8.21/Images/ACR-065/KidLogger_Interactions [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-099/KidLogger_Interactions [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-167/KidLogger_OfferPage [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-167/KidLogger_OfferPage [2].png","211220/Kidlogger-201119/1.8.21/Images/ACR-065/KidLogger_LandingPage [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-065/KidLogger_LandingPage [2].png","211220/Kidlogger-201119/1.8.21/Images/ACR-099/KidLogger_LandingPage [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-099/KidLogger_LandingPage [2].png","211220/Kidlogger-201119/1.8.21/Images/ACR-161/KidLogger_LandingPage [3].png","211220/Kidlogger-201119/1.8.21/Images/ACR-065/KidLogger_OfferPage [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-065/KidLogger_OfferPage [2].png","211220/Kidlogger-201119/1.8.21/Images/ACR-099/KidLogger_OfferPage [1].png","211220/Kidlogger-201119/1.8.21/Images/ACR-099/KidLogger_OfferPage [2].png"],"guid":"44c44c64-0b4e-4832-8644-a6dbca9b5a05_1.8.21_1","appID":"Kidlogger-201119","dateAdded":"211220","deceptorType":"MacOS App","name":"Kidlogger for Mac","company":"SafeJKA SRL","version":"1.8.21","sigName":"Deceptor:MacOS/KidloggerforMac!084086048007","lastKnownStatus":"1.8.16;1.8.18;1.8.21","lastKnownDate":"211220","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2021-12-20T23:30:37.5905611+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1559},{"violations":{"ACR-048":"The app requires a password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. \n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n"},"nonDeceptorViolations":{"ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offers page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"KidLogger.app.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"c7fbda77da6b71dc0f42474f691687abe14ad4ac7da23705856862fa2c7b1670","sourceIndex":"2018","avBlockList":["Avast Security for Mac (20220614)","Bitdefender Antivirus for Mac (20220614)","ESET Cyber Security Pro for Mac (20220614)","G DATA AntiVirus for Mac (20220614)","K7 Antivirus for Mac (20220614)","McAfee Internet Security for Mac (20220614)","Norton Security for Mac (20220614)","Sophos Home Premium For Mac (20220614)","Trend Micro Antivirus for Mac (20220614)","Avira Security for Mac (20220614)"],"avAllowList":["Kaspersky Internet Security for Mac (20220614)"]},{"isRevoked":"False","fileName":"KidLogger","fileVersion":"0.","hashMD5":"661231f8d7001616b0c29a56852a0219","hashSHA1":"f4d647cf0f9bfb8f3d9271ede5dcbe013e56ad38","hashSHA256":"19960403787517576105f9c54ac12da96d8ed4ecec6789e00d390a948f24ba48","sourceIndex":"2018","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: keylogger for mac os","reference":"http://kidlogger.net/","landingPage":"http://kidlogger.net/","directDownloadingLink":"http://kidlogger.net/download/mac","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://kidlogger.net/download/mac","sourceIndex":"2018"}],"sampleFiles":["201229/Kidlogger-201119/1.8.18/Samples/KidLogger.app.zip","201229/Kidlogger-201119/1.8.18/Samples/KidLogger"],"imageFiles":["201229/Kidlogger-201119/1.8.18/Images/ACR-084/KidLogger_Interactions [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-084/KidLogger_Interactions [8].png","201229/Kidlogger-201119/1.8.18/Images/ACR-084/KidLogger_RunningProcess [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-084/KidLogger_RunningProcess [2] HiddenFiles.png","201229/Kidlogger-201119/1.8.18/Images/ACR-086/KidLogger_Interactions [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-086/KidLogger_Interactions [2].png","201229/Kidlogger-201119/1.8.18/Images/ACR-086/KidLogger_Interactions [3].png","201229/Kidlogger-201119/1.8.18/Images/ACR-086/KidLogger_Interactions [5].png","201229/Kidlogger-201119/1.8.18/Images/ACR-086/KidLogger_Interactions [6].png","201229/Kidlogger-201119/1.8.18/Images/ACR-086/KidLogger_Interactions [7].png","201229/Kidlogger-201119/1.8.18/Images/ACR-048/KidLogger_Interactions [2].png","201229/Kidlogger-201119/1.8.18/Images/ACR-007/KidLogger_Interactions [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-007/KidLogger_Interactions [5].png","201229/Kidlogger-201119/1.8.18/Images/ACR-007/KidLogger_RunningProcess [1].png"],"nonDeceptorImageFiles":["201229/Kidlogger-201119/1.8.18/Images/ACR-040/KidLogger_RunningProcess [2] HiddenFiles.png","201229/Kidlogger-201119/1.8.18/Images/ACR-065/KidLogger_Interactions [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-099/KidLogger_Interactions [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-065/KidLogger_LandingPage [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-099/KidLogger_LandingPage [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-161/KidLogger_LandingPage [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-065/KidLogger_OfferPage [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-065/KidLogger_OfferPage [2].png","201229/Kidlogger-201119/1.8.18/Images/ACR-099/KidLogger_OfferPage [1].png","201229/Kidlogger-201119/1.8.18/Images/ACR-099/KidLogger_OfferPage [2].png"],"guid":"44c44c64-0b4e-4832-8644-a6dbca9b5a05_1.8.18_1","appID":"Kidlogger-201119","dateAdded":"211220","deceptorType":"MacOS App","name":"Kidlogger for Mac","company":"SafeJKA SRL","version":"1.8.18","sigName":"Deceptor:MacOS/KidloggerforMacStalkerware!084086048007","lastKnownStatus":"1.8.16;1.8.18;1.8.21","lastKnownDate":"211220","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2021-12-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1560},{"violations":{"ACR-048":"The app requires a password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not provide explicit notifications to the targeted consumer, making it so the targeted consumer is not aware of its presence.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. \n","ACR-086":"The app does not inform the targeted user how it collects, transmits, and stores data.\n"},"nonDeceptorViolations":{"ACR-040":"The app is located inside of a hidden system file, which prevents the consumer from being able to find it.\n","ACR-065":"The app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offers page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"KidLogger","fileVersion":"0.","hashMD5":"17cc6b2716badaf84b922b565a61785f","hashSHA1":"7099efe76dd6025e5db99a2c9fab8c673229c228","hashSHA256":"d2819c20b6fc9203fa67b36f900ee87886ab54e65c930c58cce4ff8d1ee643d9","sourceIndex":"2041","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KidLogger.app.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d05e898bd422a29d9a317b52fb57d4ba14aa38c5b969b4ac969651dce06cb0da","sourceIndex":"2041","avBlockList":["Avast Premium Security (20201122)","AVG Internet Security (20201122)","Avira Internet Security (20201122)","Bitdefender Internet Security (20201122)","COMODO Antivirus (20201122)","Dr.Web Security Space (20201122)","G DATA INTERNET SECURITY (20201122)","Kaspersky Internet Security (20201122)","Norton Security (20201122)","Sophos Home Premium (20201122)","Tencent PC Manager (20201122)","Total AV Antivirus Pro (20201122)","VIPRE Advanced Security (20201122)","Windows Defender (20201122)","Avast Security for Mac (20201208)","Avira Security for Mac (20201208)","Bitdefender Antivirus for Mac (20201208)","G DATA AntiVirus for Mac (20201208)","McAfee Internet Security for Mac (20201208)","Norton Security for Mac (20201208)","Sophos Home Premium For Mac (20201208)","Trend Micro Antivirus for Mac (20201208)"],"avAllowList":["360 Total Security (20201122)","ESET Internet Security (20201122)","Malwarebytes Premium (20201122)","Panda Dome (20201122)","Quick Heal Internet Security (20201122)","SpyHunter5 (20201122)","Trend Micro Internet Security (20201122)","VirIT eXplorer PRO (20201122)","Webroot SecureAnywhere (20201122)","ESET Cyber Security Pro for Mac (20201208)","K7 Antivirus for Mac (20201208)","Kaspersky Internet Security for Mac (20201208)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: keylogger for mac os","reference":"http://kidlogger.net/","landingPage":"http://kidlogger.net/","directDownloadingLink":"http://kidlogger.net/download/mac","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://kidlogger.net/download/mac","sourceIndex":"2041"}],"sampleFiles":["201119/Kidlogger-201119/1.8.16/Samples/KidLogger","201119/Kidlogger-201119/1.8.16/Samples/KidLogger.app.zip"],"imageFiles":["201119/Kidlogger-201119/1.8.16/Images/ACR-084/KidLogger_Interactions [1_].png","201119/Kidlogger-201119/1.8.16/Images/ACR-084/KidLogger_Folder [1].png","201119/Kidlogger-201119/1.8.16/Images/ACR-084/KidLogger_RunningProcess [1].png","201119/Kidlogger-201119/1.8.16/Images/ACR-086/KidLogger_Interactions [2] Settings.png","201119/Kidlogger-201119/1.8.16/Images/ACR-086/KidLogger_Interactions [3] Settings.png","201119/Kidlogger-201119/1.8.16/Images/ACR-086/KidLogger_Interactions [4] Settings.png","201119/Kidlogger-201119/1.8.16/Images/ACR-086/KidLogger_Interactions [5] Settings.png","201119/Kidlogger-201119/1.8.16/Images/ACR-086/KidLogger_Interactions [6] Settings.png","201119/Kidlogger-201119/1.8.16/Images/ACR-086/KidLogger_Interactions [7] Settings.png","201119/Kidlogger-201119/1.8.16/Images/ACR-048/KidLogger_Interactions [2] Settings.png","201119/Kidlogger-201119/1.8.16/Images/ACR-048/KidLogger_Interactions [8] Password.png","201119/Kidlogger-201119/1.8.16/Images/ACR-048/KidLogger_Interactions [9] Password.png","201119/Kidlogger-201119/1.8.16/Images/ACR-007/KidLogger_Interactions [1].png","201119/Kidlogger-201119/1.8.16/Images/ACR-007/KidLogger_Interactions [5] Settings.png","201119/Kidlogger-201119/1.8.16/Images/ACR-007/KidLogger_RunningProcess [1].png"],"nonDeceptorImageFiles":["201119/Kidlogger-201119/1.8.16/Images/ACR-040/KidLogger_Files [1].png","201119/Kidlogger-201119/1.8.16/Images/ACR-065/KidLogger_Interactions [1].png","201119/Kidlogger-201119/1.8.16/Images/ACR-099/KidLogger_Interactions [1].png","201119/Kidlogger-201119/1.8.16/Images/ACR-065/KidLogger_LandingPage [2].png","201119/Kidlogger-201119/1.8.16/Images/ACR-099/KidLogger_LandingPage [2].png","201119/Kidlogger-201119/1.8.16/Images/ACR-161/KidLogger_LandingPage [1] Testimonials.png","201119/Kidlogger-201119/1.8.16/Images/ACR-065/KidLogger_OfferPage [2].png","201119/Kidlogger-201119/1.8.16/Images/ACR-099/KidLogger_OfferPage [2].png"],"guid":"44c44c64-0b4e-4832-8644-a6dbca9b5a05_1.8.16_1","appID":"Kidlogger-201119","dateAdded":"211220","deceptorType":"MacOS App","name":"Kidlogger for Mac","company":"SafeJKA SRL","version":"1.8.16","sigName":"Deceptor:MacOS/KidloggerforMacStalkerware!084086048007","lastKnownStatus":"1.8.16;1.8.18;1.8.21","lastKnownDate":"211220","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2021-12-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1561},{"violations":{"ACR-043":"Additional program AV Cloud is installed without explicit disclosure of its relationship with Protegent Antivirus. The app also installs a hidden folder in Drive C with a \"UBSuite\" folder in it which contains a lot of files.\n","ACR-084":"The app creates undisclosed scheduled tasks & startups to perform actions without the consumer's knowledge and consent. \n","ACR-116":"The app can't be uninstalled through the Control Panel, it needs administrator rights. \n","ACR-118":"App retains \"msash.dll\" in %Program Files%\\Protegent AV Cloud. It also retains a hidden folder in C:\\UNISTAL\\UBSuite.\n","ACR-014":"App misleads the consumer into thinking it has malware remover functionality, but malware remover did not detect a well-known malware in the wild.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \n","ACR-002":"The app calls itself Protogent AV cloud on install.\nThe app name shows as Protogent AV Cloud rather than Protegent Antivirus.\n","ACR-161":" The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The app does not provide uninstall information in the software. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-123":"The app retains a dll file \"msash.dll\" under %ProgramFiles%\\Protegent AV Cloud. It does not remove a hidden folder C:\\UNISTAL.\n"},"samples":[{"isRevoked":"False","fileName":"PAVSetup.exe","isInstaller":"True","companyName":"Unistal Systems Pvt. Ltd","productName":"Protegent AV","productVersion":"10.6.0.7","fileVersion":"0.0","hashMD5":"521dad4d9da420989c8a5487c4c2691a","hashSHA1":"4b2fb2a07d444ec8f84a8c9ab4da8d92c78eedd7","hashSHA256":"d411d71ae66f71d6249d91e311aeccd4d211a0b63b58aab183994ce3d3274ec3","digitalCertThumbprint":"04277E5F8E74C2D2E82B51ECD948AE8006CA644A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Unistal Systems Pvt. Ltd., O=Unistal Systems Pvt. Ltd., L=New Delhi, S=Delhi, C=IN","sourceIndex":"1761","avBlockList":["Avast Premium Security (20211223)","AVG Internet Security (20211223)","Avira Internet Security (20211223)","Dr.Web Security Space (20211223)","ESET Internet Security (20211223)","K7 Total Security (20211223)","McAfee Total Protection (20211223)","Norton Security (20211223)","Sophos Home Premium (20211223)","SpyHunter5 (20211223)","Total AV Antivirus Pro (20211223)","VirIT eXplorer PRO (20211223)","Webroot SecureAnywhere (20211223)","Windows Defender (20211223)"],"avAllowList":["360 Total Security (20211223)","Bitdefender Internet Security (20211223)","COMODO Antivirus (20211223)","G DATA INTERNET SECURITY (20211223)","Kaspersky Internet Security (20211223)","Malwarebytes Premium (20211223)","Panda Dome (20211223)","Quick Heal Internet Security (20211223)","Tencent PC Manager (20211223)","Trend Micro Internet Security (20211223)","VIPRE Advanced Security (20211223)"]},{"isRevoked":"False","fileName":"pgavgui.exe","companyName":"Unistal Systems Pvt. Ltd","productName":"Protegent AV","productVersion":"10.6.0.7","fileVersion":"10.6","hashMD5":"1dc52af9f0df66ddcb228c62503e1fa0","hashSHA1":"91c4f91aded6d9748505e555b93777e3208de362","hashSHA256":"ae127516f0b1c06e85d2658652c6a9fb5e4fdae429b025251b9b5080b8015a6c","digitalCertThumbprint":"04277E5F8E74C2D2E82B51ECD948AE8006CA644A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Unistal Systems Pvt. Ltd., O=Unistal Systems Pvt. Ltd., L=New Delhi, S=Delhi, C=IN","sourceIndex":"1761","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"search for new version of Unistal apps","reference":"","landingPage":"https://unistal.com/","directDownloadingLink":"https://www.unistal.com/demo-downloads/PAVSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.unistal.com/demo-downloads/PAVSetup.exe","sourceIndex":"1761"}],"sampleFiles":["211217/ProtegentAntivirus-211217/10.6.0.7/Samples/PAVSetup.exe","211217/ProtegentAntivirus-211217/10.6.0.7/Samples/pgavgui.exe"],"imageFiles":["211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-043/PAV Cloud EULA.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-043/PAV Cloud Install 2.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-043/Hidden Folder.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-014/PAV Eicar on Windows folder.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-014/PAV Scan History.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-084/MFC Startup under Hidden Folder.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-116/PAV Uninstall Control Panel.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-118/Msash.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-118/Hidden Folder.png"],"nonDeceptorImageFiles":["211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-065/PAV EULA.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-065/PAV Update.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-002/PAV Cloud EULA.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-002/PAV Cloud Install 2.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-002/PAV Home.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-161/Unistal Review.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-099/PAV Update.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-099/PAV Landing Page.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-099/PAV Offer Page.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-123/Msash.png","211217/ProtegentAntivirus-211217/10.6.0.7/Images/ACR-123/Hidden Folder.png"],"guid":"91b38abf-cfa6-4b5f-9484-e7166f030e0f_10.6.0.7_1","appID":"ProtegentAntivirus-211217","dateAdded":"211217","deceptorType":"App","name":"Protegent Antivirus","company":"Unistal Systems Pvt. Ltd.","version":"10.6.0.7","sigName":"Deceptor:Win32/ProtegentAntivirus!043014084116118","lastKnownStatus":"10.6.0.7","lastKnownDate":"211217","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-12-18T04:22:19.7523468+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1562},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"spt_setup.exe\" without disclosing it to the user and get user consent.\n","ACR-059":"The Offer is not clearly marked as an offer, who is recommending the offer is not clear. \n","ACR-155":" The offer is designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy and Privacy Policy.\n The app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy. \n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"duplicate-file-finder-free.exe","isInstaller":"True","companyName":"TriSun Software Limited                                     ","productName":"Duplicate File Finder Mini","productVersion":" 7.0.014.0","fileVersion":" 7.0.014.0","hashMD5":"021fa153302e4babe3741166efc74de2","hashSHA1":"ee26114e03957c747918e8ef55f6b3294ff53861","hashSHA256":"a50933c6464242436a6d7616a6e3fdacab4ca92ecf70b29ac0bf869b073a6152","digitalCertThumbprint":"AF30FACD58EE078EA6A34C28C19C16B216A2062D","digitalCertIssuer":"CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB","digitalCertIssuedTo":"CN=TriSun Software Limited, O=TriSun Software Limited, L=HUNG HOM, C=HK","sourceIndex":"676","avBlockList":["Avast Premium Security (20211223)","AVG Internet Security (20211223)","Avira Internet Security (20211223)","Bitdefender Internet Security (20211223)","COMODO Antivirus (20211223)","Dr.Web Security Space (20211223)","ESET Internet Security (20211223)","G DATA INTERNET SECURITY (20211223)","K7 Total Security (20211223)","Kaspersky Internet Security (20211223)","Malwarebytes Premium (20211223)","McAfee Total Protection (20211223)","Norton Security (20211223)","Panda Dome (20211223)","Quick Heal Internet Security (20211223)","Sophos Home Premium (20211223)","SpyHunter5 (20211223)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20211223)","VIPRE Advanced Security (20211223)","VirIT eXplorer PRO (20211223)","Webroot SecureAnywhere (20211223)","Windows Defender (20211223)"],"avAllowList":["360 Total Security (20211223)","Trend Micro Internet Security (20211223)"]}],"additionalFiles":[],"sources":[{"howFound":"softonic website","reference":"","landingPage":"https://duplicatefilefinder4pc.com/","directDownloadingLink":"https://duplicatefilefinder4pc.com/f/duplicate-file-finder-plus.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://duplicatefilefinder4pc.com/f/duplicate-file-finder-plus.zip","sourceIndex":"676"}],"sampleFiles":["211217/DuplicateFileFinderMini-211217/7.0.014.0/Samples/duplicate-file-finder-free.exe"],"imageFiles":["211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-109/RK Download.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-109/RK Install.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-059/RK EULA.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-155/DFFM Offer.png"],"nonDeceptorImageFiles":["211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-065/DFFM EULA.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-065/DFFM About.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-065/TriSun Landing Page.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-017/Trisun Badges.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-161/DFF Review.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-106/DFFM Offer.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-099/DFFM About.png","211217/DuplicateFileFinderMini-211217/7.0.014.0/Images/ACR-099/DFFM Landing Page.png"],"guid":"2ca1bad7-7a86-4574-9d9a-0b2d85844282_7.0.014.0_1","appID":"DuplicateFileFinderMini-211217","dateAdded":"211217","deceptorType":"Bundler","name":"Duplicate File Finder Mini","company":"TriSun Software Limited","version":"7.0.014.0","sigName":"Deceptor:Win32/DuplicateFileFinderMini!109059155","lastKnownStatus":"7.0.014.0","lastKnownDate":"211217","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-03-27T18:32:47.3743724+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1563},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. without user's consent.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-010":"The app bundler distribute deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows deceptive affiliate to distribute without control. See RelevantKnowledge deceptor details\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Chris-PC Game Booster\\GameBooster.exe","companyName":"Chris P.C. srl","productName":"Chris-PC Game Booster","productVersion":"5.0.0.0","fileVersion":"5.6.44.201","hashMD5":"3d8a6dfd0da1b7494745a659498625f0","hashSHA1":"a3922fd49409e7ab19174eb22a940d723b1dcec4","hashSHA256":"f525522937dc2375ad226acb0860449c21d94115fc28a2482a72feb873acfaf5","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1764","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_game_booster_5_24_09.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","productName":"Chris-PC Game Booster                                       ","productVersion":"5.24.09                                           ","fileVersion":"5.24.09             ","hashMD5":"a6d70e13381ca60c775840dc80933260","hashSHA1":"bf6953d2eda87c1cebf5e304858970d6dbcd98ea","hashSHA256":"91f6652375fe1fb9d0373d1260f5eed3835620401122c905f6684f9bb2e8ac35","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1764","avBlockList":["Avast Premium Security (20211223)","AVG Internet Security (20211223)","Avira Internet Security (20211223)","Bitdefender Internet Security (20211223)","COMODO Antivirus (20211223)","ESET Internet Security (20211223)","G DATA INTERNET SECURITY (20211223)","K7 Total Security (20211223)","Kaspersky Internet Security (20211223)","Malwarebytes Premium (20211223)","McAfee Total Protection (20211223)","Norton Security (20211223)","Panda Dome (20211223)","Quick Heal Internet Security (20211223)","Sophos Home Premium (20211223)","SpyHunter5 (20211223)","Tencent PC Manager (20211223)","Total AV Antivirus Pro (20211223)","VIPRE Advanced Security (20211223)","VirIT eXplorer PRO (20211223)","Webroot SecureAnywhere (20211223)","Windows Defender (20211223)"],"avAllowList":["360 Total Security (20211223)","Dr.Web Security Space (20211223)","Trend Micro Internet Security (20211223)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search","reference":"","landingPage":"https://game-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=30&file=setup_chrispc_game_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=30&file=setup_chrispc_game_booster.exe","sourceIndex":"1764"}],"sampleFiles":["211213/GameBooster-201002/5.24.09/Samples/setup_chrispc_game_booster_5_24_09.exe"],"imageFiles":["211213/GameBooster-201002/5.24.09/Images/ACR-109/ACR-109_Install_Drops_Third_Party.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-048/ACR-048_Install_No_Control_To_Decline.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-010/ACR-010_Software_Bundles_Deceptor.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-059/ACR-059_Bundler-MadeOffers_No_Optional_Offer.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["211213/GameBooster-201002/5.24.09/Images/ACR-065/ACR-065_Install_No_Docs.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-106/ACR-106_Software_Bundles_Deceptor.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-065/ACR-065_Software_No_Docs.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-065/ACR-065_LandingPage_No_Docs.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Info.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-065/ACR-065_InternalOffers_No_Docs.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Info.JPG","211213/GameBooster-201002/5.24.09/Images/ACR-161/ACR-161_InternalOffers_Unverifiable_Testimonials.JPG"],"guid":"0cfcd2bf-a0ad-42a6-917d-1307ae2deb9b_5.24.09_1","appID":"GameBooster-201002","dateAdded":"211213","deceptorType":"Bundler","name":"ChrisPC- Game Booster","company":"Chris P.C. srl","version":"5.24.09","sigName":"Deceptor:Win32/ChrisPCGameBooster!109048010059155","lastKnownStatus":"5.09.18;5.19.15;5.24.09","lastKnownDate":"211213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2021-12-14T00:31:58.4724721+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1564},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-010":"The app bundler distribute deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows deceptive affiliate to distribute without control. See RelevantKnowledge deceptor details\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"GAMEBOOSTER.EXE","companyName":"Chris P.C. srl","fileVersion":"5.0","hashMD5":"47048f76dff2d7621b5a40b591f4dc04","hashSHA1":"6eadcce748f7220bc1890bb09f87799e97e6b6de","hashSHA256":"ae03b2b1d9c92020c336ef41660cca7970c3861c695ee4745b359dfc503667f6","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1850","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_game_booster_5_19_15.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"5.19","hashMD5":"94d786c0a6867aa96821b51a524df390","hashSHA1":"aac9cf0a42e0e4ac0f3a2d58abf9e8c13f7dc476","hashSHA256":"5ee22afcdd35ad0e563073128fd6ef595fd8ae721c0be13c02d229d8a5d41577","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1850","avBlockList":["360 Total Security (20210928)","Avast Premium Security (20210928)","AVG Internet Security (20210928)","Avira Internet Security (20210928)","Bitdefender Internet Security (20210928)","COMODO Antivirus (20210928)","ESET Internet Security (20210928)","G DATA INTERNET SECURITY (20210928)","K7 Total Security (20210928)","Malwarebytes Premium (20210928)","McAfee Total Protection (20210928)","Norton Security (20210928)","Panda Dome (20210928)","Quick Heal Internet Security (20210928)","SpyHunter5 (20210928)","Tencent PC Manager (20210928)","Total AV Antivirus Pro (20210928)","VIPRE Advanced Security (20210928)","VirIT eXplorer PRO (20210928)","Webroot SecureAnywhere (20210928)","Windows Defender (20210928)","Sophos Home Premium (20210928)"],"avAllowList":["Dr.Web Security Space (20210928)","Kaspersky Internet Security (20210928)","Trend Micro Internet Security (20210928)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search","reference":"https://www.chris-pc.com/index.html","landingPage":"https://game-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=30&file=setup_chrispc_game_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=30&file=setup_chrispc_game_booster.exe","sourceIndex":"1850"}],"sampleFiles":["210716/GameBooster-201002/5.19.15/Samples/GameBooster.exe","210716/GameBooster-201002/5.19.15/Samples/setup_chrispc_game_booster_5_19_15.exe"],"imageFiles":["210716/GameBooster-201002/5.19.15/Images/ACR-109/ChrisPC – Game Booster_Install [9].png","210716/GameBooster-201002/5.19.15/Images/ACR-048/ChrisPC – Game Booster_Install [9].png","210716/GameBooster-201002/5.19.15/Images/ACR-010/ChrisPC – Game Booster_Install [8].png","210716/GameBooster-201002/5.19.15/Images/ACR-059/ChrisPC – Game Booster_Install [8].png","210716/GameBooster-201002/5.19.15/Images/ACR-155/ChrisPC – Game Booster_Install [8].png"],"nonDeceptorImageFiles":["210716/GameBooster-201002/5.19.15/Images/ACR-065/ChrisPC – Game Booster_Install [1].png","210716/GameBooster-201002/5.19.15/Images/ACR-065/ChrisPC – Game Booster_Install [2].png","210716/GameBooster-201002/5.19.15/Images/ACR-065/ChrisPC – Game Booster_Install [3].png","210716/GameBooster-201002/5.19.15/Images/ACR-065/ChrisPC – Game Booster_Install [10].png","210716/GameBooster-201002/5.19.15/Images/ACR-106/ChrisPC – Game Booster_Install [8].png","210716/GameBooster-201002/5.19.15/Images/ACR-065/ChrisPC – Game Booster_About [1].png","210716/GameBooster-201002/5.19.15/Images/ACR-099/ChrisPC – Game Booster_About [1].png","210716/GameBooster-201002/5.19.15/Images/ACR-065/ChrisPC – Game Booster_LandingPage [1].png","210716/GameBooster-201002/5.19.15/Images/ACR-099/ChrisPC – Game Booster_LandingPage [1].png","210716/GameBooster-201002/5.19.15/Images/ACR-065/ChrisPC – Game Booster_OfferPage [1].png","210716/GameBooster-201002/5.19.15/Images/ACR-065/ChrisPC – Game Booster_OfferPage [2].png","210716/GameBooster-201002/5.19.15/Images/ACR-099/ChrisPC – Game Booster_OfferPage [1].png","210716/GameBooster-201002/5.19.15/Images/ACR-099/ChrisPC – Game Booster_OfferPage [2].png","210716/GameBooster-201002/5.19.15/Images/ACR-161/ChrisPC – Game Booster_OfferPage [1].png","210716/GameBooster-201002/5.19.15/Images/ACR-161/ChrisPC – Game Booster_OfferPage [2].png"],"guid":"0cfcd2bf-a0ad-42a6-917d-1307ae2deb9b_5.19.15_1","appID":"GameBooster-201002","dateAdded":"211213","deceptorType":"Bundler","name":"ChrisPC- Game Booster","company":"Chris P.C. srl","version":"5.19.15","lastKnownStatus":"5.09.18;5.19.15;5.24.09","lastKnownDate":"211213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2021-12-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1565},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"GAMEBOOSTER.EXE","companyName":"Chris P.C. srl","fileVersion":"5.0","hashMD5":"d14e530be5b1eff02026968942a33b93","hashSHA1":"153ed8b45512cd85b210e80017c0d667f5bc1941","hashSHA256":"37b9152e7ce342f947ee62ba79f73ddbd8ee5b0d9ee5a3675e23b666fe10f79c","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2101","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GameBoosterRegister.exe","companyName":"Chris P.C. srl","fileVersion":"5.0","hashMD5":"b3b94a015ba1825027b635e269a95679","hashSHA1":"d2155a3697c9540dcd5db6d8fe1025d64bb701db","hashSHA256":"1c8edd95d5c895a2cb42ed471c461c2061fe79654316216e9f2c9428f0cca06b","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2101","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_game_booster_5_09_18.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"5.9","hashMD5":"171ac0056f33b7dc72d293421ec2e466","hashSHA1":"fc02ff67116a2149add5994877b7d25799cdcefd","hashSHA256":"c63eab6fc0a3e9b896f7bc97dc23417f5dcb0f8d92406eb7d6999fcb1259d5c7","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2101","avBlockList":["360 Total Security (20210824)","Avast Premium Security (20201008)","AVG Internet Security (20201008)","Avira Internet Security (20210824)","Bitdefender Internet Security (20210824)","COMODO Antivirus (20210824)","Dr.Web Security Space (20210824)","ESET Internet Security (20210824)","G DATA INTERNET SECURITY (20210824)","K7 Total Security (20210824)","Kaspersky Internet Security (20210824)","Malwarebytes Premium (20210824)","Norton Security (20210824)","Panda Dome (20210824)","Quick Heal Internet Security (20210824)","Sophos Home Premium (20210824)","SpyHunter5 (20210824)","Tencent PC Manager (20210824)","Total AV Antivirus Pro (20210824)","VIPRE Advanced Security (20210824)","VirIT eXplorer PRO (20210824)","Webroot SecureAnywhere (20210824)","Windows Defender (20210824)","McAfee Total Protection (20210824)"],"avAllowList":["Trend Micro Internet Security (20210824)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search","reference":"https://www.chris-pc.com/index.html","landingPage":"https://game-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=30&file=setup_chrispc_game_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=30&file=setup_chrispc_game_booster.exe","sourceIndex":"2101"}],"sampleFiles":["201002/GameBooster-201002/5.09.18/Samples/GameBooster.exe","201002/GameBooster-201002/5.09.18/Samples/GameBoosterRegister.exe","201002/GameBooster-201002/5.09.18/Samples/setup_chrispc_game_booster_5_09_18.exe"],"imageFiles":["201002/GameBooster-201002/5.09.18/Images/ACR-109/GameBooster_Installs [5] RelevantKnowledge.png","201002/GameBooster-201002/5.09.18/Images/ACR-048/GameBooster_Installs [5] RelevantKnowledge.png","201002/GameBooster-201002/5.09.18/Images/ACR-059/GameBooster_Installs [3] RelevantKnowledge.png","201002/GameBooster-201002/5.09.18/Images/ACR-155/GameBooster_Installs [3] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201002/GameBooster-201002/5.09.18/Images/ACR-065/GameBooster_Installs [1].png","201002/GameBooster-201002/5.09.18/Images/ACR-065/GameBooster_Installs [2].png","201002/GameBooster-201002/5.09.18/Images/ACR-065/GameBooster_About [1].png","201002/GameBooster-201002/5.09.18/Images/ACR-065/GameBooster_Interactions [1].png","201002/GameBooster-201002/5.09.18/Images/ACR-099/GameBooster_About [1].png","201002/GameBooster-201002/5.09.18/Images/ACR-065/GameBooster_LandingPage [1].png","201002/GameBooster-201002/5.09.18/Images/ACR-065/GameBooster_LandingPage [2].png","201002/GameBooster-201002/5.09.18/Images/ACR-099/GameBooster_LandingPage [1].png","201002/GameBooster-201002/5.09.18/Images/ACR-099/GameBooster_LandingPage [2].png","201002/GameBooster-201002/5.09.18/Images/ACR-065/GameBooster_OfferPage [1].png","201002/GameBooster-201002/5.09.18/Images/ACR-065/GameBooster_OfferPage [2].png","201002/GameBooster-201002/5.09.18/Images/ACR-099/GameBooster_OfferPage [1].png","201002/GameBooster-201002/5.09.18/Images/ACR-099/GameBooster_OfferPage [2].png","201002/GameBooster-201002/5.09.18/Images/ACR-161/GameBooster_Testimonials.png"],"guid":"0cfcd2bf-a0ad-42a6-917d-1307ae2deb9b_5.09.18_1","appID":"GameBooster-201002","dateAdded":"211213","deceptorType":"Bundler","name":"ChrisPC- Game Booster","company":"Chris P.C. srl","version":"5.09.18","sigName":"Deceptor:Win32/ChrisPCGameBooster!109048059155","lastKnownStatus":"5.09.18;5.19.15;5.24.09","lastKnownDate":"211213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2021-12-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1566},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 3GB of files) before requiring consumer to pay.\n","ACR-084":"The app hides itself from its own uninstaller, which disguises its presence. The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy or the Privacy Policy\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"BuhoCleaner","fileVersion":"0.","hashMD5":"deede9d35a5983e41d3c320a52a50233","hashSHA1":"11745c93703a820c4a2911ed45757fd9360e593e","hashSHA256":"4fb1c2061aa31bed95ca5ce21ddc5140d6ae62c1568f40f5a115969efecda7b5","sourceIndex":"1753","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"buhocleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"25dfa8e6618e1cc24f3af6be8e334493","hashSHA1":"ade7f2f477008f2a7cbf4664108002829a5a29dc","hashSHA256":"ffef88749ce56da336cdf9e9bc0f995252ec8031e2e88694137a5ed23dfa19bb","sourceIndex":"1753","avBlockList":["Avast Security for Mac (20211214)","Avira Security for Mac (20211214)","Bitdefender Antivirus for Mac (20211214)","ESET Cyber Security Pro for Mac (20211214)","G DATA AntiVirus for Mac (20211214)","Norton Security for Mac (20211214)"],"avAllowList":["K7 Antivirus for Mac (20211214)","Kaspersky Internet Security for Mac (20211214)","McAfee Internet Security for Mac (20211214)","Sophos Home Premium For Mac (20211214)","Trend Micro Antivirus for Mac (20211214)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"macos cleaner app\"","reference":"","landingPage":"https://www.drbuho.com","directDownloadingLink":"https://www.drbuho.com/download/buhocleaner.dmg ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.drbuho.com/download/buhocleaner.dmg ","sourceIndex":"1753"}],"sampleFiles":["211208/BuhoCleaner-211208/1.6.1 (89)/Samples/BuhoCleaner","211208/BuhoCleaner-211208/1.6.1 (89)/Samples/buhocleaner.dmg"],"imageFiles":["211208/BuhoCleaner-211208/1.6.1 (89)/Images/ACR-004/BuhoCleaner_Interactions [2].png","211208/BuhoCleaner-211208/1.6.1 (89)/Images/ACR-084/BuhoCleaner_Interactions [11].png","211208/BuhoCleaner-211208/1.6.1 (89)/Images/ACR-084/BuhoCleaner_AutoLogin.png","211208/BuhoCleaner-211208/1.6.1 (89)/Images/ACR-084/BuhoCleaner_Settings [1].png"],"nonDeceptorImageFiles":["211208/BuhoCleaner-211208/1.6.1 (89)/Images/ACR-065/BuhoCleaner_Install.png","211208/BuhoCleaner-211208/1.6.1 (89)/Images/ACR-065/BuhoCleaner_About [1].png","211208/BuhoCleaner-211208/1.6.1 (89)/Images/ACR-099/BuhoCleaner_About [1].png","211208/BuhoCleaner-211208/1.6.1 (89)/Images/ACR-161/BuhoCleaner_LandingPage [2].png"],"guid":"b78f93ef-5b6c-42fe-8968-e2cb2ff324ed_1.6.1 (89)_1","appID":"BuhoCleaner-211208","dateAdded":"211208","deceptorType":"MacOS App","name":"BuhoCleaner","company":"Dr.Buho Inc.","version":"1.6.1 (89)","firstVendorContactDate":"211215","firstAppEsteemReplyDate":"211216","firstResolvedDate":"211221","firstResolvedVersion":"1.6.2","resolved":"TRUE","lastKnownStatus":"1.6.1(89)","lastKnownDate":"211221","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-12-22T04:26:20.8249919+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1567},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. User has to choose \"I accept\" for RK to continue the install the application. Decline option is not functioning as it says.\n","ACR-048":"“rkverify.exe”, a RelevantKnowledge file is downloaded even user choose to decline.\nApp does not provide control to disable/remove the startup and background process completely.\n","ACR-084":"The control settings don't work as it presents. processes running in background and load during startup without user awareness.\n\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"The app does not provide Returns and Cancellation Policy, and Privacy Policy in the software,  and as well as EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the landing page.\n","ACR-036":"The app does not provide Returns and Cancellation Policy or Privacy Policy.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n","ACR-167":"The app has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Chris-PC CPU Booster\\CPUBooster.exe","companyName":"Chris P.C. srl","productName":"Chris-PC CPU Booster","productVersion":"1.0.0.0","fileVersion":"1.0.1.86","hashMD5":"867d38b0b3d6918dc726c47761e868c6","hashSHA1":"3f2b616595f62ca5045aaeaf3e2d35b06d22cb88","hashSHA256":"bbadac5584ac8d3f754e415f84a55d11ed861f45212d098270e140e4928ed8d0","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1774","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_cpu_booster_1_23_05.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","productName":"Chris-PC CPU Booster                                        ","productVersion":"1.23.05                                           ","fileVersion":"1.23.05.0           ","hashMD5":"78660f2e9de4a95c94c47a1f9585f44e","hashSHA1":"3e589b5ef8b2f09fce7524ba77b8caf5b2f6e855","hashSHA256":"579e51a0727fa5dfe7bc1a9a91783428ee3f43d7bf79c92c6021d556302843a8","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"ChrisPC Software SRL","storeId":"","sourceIndex":"1774","avBlockList":["Avast Premium Security (20220317)","AVG Internet Security (20220317)","Avira Internet Security (20220317)","Bitdefender Internet Security (20220317)","COMODO Antivirus (20220317)","Dr.Web Security Space (20220317)","ESET Internet Security (20220317)","G DATA INTERNET SECURITY (20220317)","K7 Total Security (20220317)","Kaspersky Internet Security (20220317)","Malwarebytes Premium (20220317)","McAfee Total Protection (20220317)","Norton Security (20220317)","Panda Dome (20220317)","Quick Heal Internet Security (20220317)","Sophos Home Premium (20220317)","SpyHunter5 (20220317)","Tencent PC Manager (20220317)","Total AV Antivirus Pro (20220317)","VIPRE Advanced Security (20220317)","VirIT eXplorer PRO (20220317)","Webroot SecureAnywhere (20220317)","Windows Defender (20220317)"],"avAllowList":["360 Total Security (20220317)","Trend Micro Internet Security (20220317)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://cpu-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=52&file=setup_chrispc_cpu_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=52&file=setup_chrispc_cpu_booster.exe","sourceIndex":"1774"}],"sampleFiles":["211206/ChrisPCCPUBooster-210326/1.23.05.0/Samples/setup_chrispc_cpu_booster_1_23_05.exe"],"imageFiles":["211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-109/ACR-109_Install_Downloads_RK.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-048/ACR-048_Install_No_Control.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-084/ACR-084_Software_Background_Process.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-084/ACR-084_Software_Startup_Added.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-048/ACR-048_Software_No_Control.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-048/ACR-048_Software_No_Control_2.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-059/ACR-059_Bundler-MadeOffers_Offer_Not_Clear.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masquerading_Offer.JPG"],"nonDeceptorImageFiles":["211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-065/ACR-065_Install_No_Docs.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-065/ACR-065_Software_No_Docs.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-099/ACR-099_Software_No_Uninstall_Information.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-035/ACR-035_Docs_No_Docs.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-036/ACR-036_Docs_No_Docs.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-037/ACR-037_Docs_No_Docs.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-065/ACR-065_LandingPage_No_Docs.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-099/ACR-099_LandingPage_No_Uninstall_Information.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-161/ACR-161_InternalOffers_Unverifiable_Testimonials.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-161/ACR-161_InternalOffers_Unverifiable_Testimonials_1.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-065/ACR-065_InternalOffers_No_Docs.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-065/ACR-065_InternalOffers_No_Docs_1.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Information.JPG","211206/ChrisPCCPUBooster-210326/1.23.05.0/Images/ACR-099/ACR-099_InternalOffers_No_Uninstall_Information_1.JPG"],"guid":"feb207b0-7a2d-4ad0-95de-d5fbae871043_1.23.05.0_1","appID":"ChrisPCCPUBooster-210326","dateAdded":"211206","deceptorType":"Bundler","name":"ChrisPC – CPU Booster ","company":"Chris P.C. srl.","version":"1.23.05.0","lastKnownStatus":"1.18.04;1.23.05.0","lastKnownDate":"211206","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-12-06T21:33:11.6496404+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1568},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. User has to choose \"I accept\" for RK to continue the install the application.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \n. The app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"The app does not provide Returns and Cancellation Policy, and Privacy Policy in the software,  and as well as EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the landing page.\n","ACR-036":"The app does not provide Returns and Cancellation Policy or Privacy Policy.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n","ACR-167":"The app has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"d5c548f03cf44e4373cd192b9b53cdfb","hashSHA1":"ea1b4696a1ab5e6daddb3f4f6d1c54681ea9fbcc","hashSHA256":"d7cfb34eca35adb1f99a1b61b06a7bc7d7d1769437ed1e23a862d0666ceaa4ad","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1973","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_cpu_booster_1_15_15.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"1.15","hashMD5":"53010c0fd9e1d4761976c4b06b56dbec","hashSHA1":"494180f21b3fed6fa893554c3e7743454731f868","hashSHA256":"34aa9fd7b2101fc71b6e1a307f344a5d73ee5dd1fe62460d90e8896e8a248855","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1973","avBlockList":["360 Total Security (20210525)","Avast Premium Security (20210525)","AVG Internet Security (20210525)","Avira Internet Security (20210525)","Bitdefender Internet Security (20210525)","COMODO Antivirus (20210525)","ESET Internet Security (20210525)","G DATA INTERNET SECURITY (20210525)","K7 Total Security (20210525)","Kaspersky Internet Security (20210525)","Malwarebytes Premium (20210525)","McAfee Total Protection (20210525)","Norton Security (20210525)","Panda Dome (20210525)","Quick Heal Internet Security (20210525)","Sophos Home Premium (20210525)","SpyHunter5 (20210525)","Tencent PC Manager (20210525)","Total AV Antivirus Pro (20210525)","VIPRE Advanced Security (20210525)","VirIT eXplorer PRO (20210525)","Webroot SecureAnywhere (20210525)","Windows Defender (20210525)"],"avAllowList":["Dr.Web Security Space (20210525)","Trend Micro Internet Security (20210525)"]},{"isRevoked":"False","fileName":"CPUBOOSTER.EXE","companyName":"Chris P.C. srl","fileVersion":"1.0","hashMD5":"4ef7144f71c57b46fa7c2c2bb7e259ac","hashSHA1":"7bbefe795d082bf37d09846b5a96b6aa6156d47f","hashSHA256":"dfef7bfdfcb6ba4f2c4c29838d65d2c881c662098c3e3408c822c58f11e73393","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1973","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://cpu-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=52&file=setup_chrispc_cpu_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=52&file=setup_chrispc_cpu_booster.exe","sourceIndex":"1973"}],"sampleFiles":["210326/ChrisPCCPUBooster-210326/1.15.15/Samples/rk_setup.exe","210326/ChrisPCCPUBooster-210326/1.15.15/Samples/setup_chrispc_cpu_booster_1_15_15.exe","210326/ChrisPCCPUBooster-210326/1.15.15/Samples/CPUBooster.exe"],"imageFiles":["210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-109/ChrisPC CPU Booster_Install [6] RK.png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-048/ChrisPC CPU Booster_Install [6] RK.png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-059/ChrisPC CPU Booster_Install [5] RK.png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-155/ChrisPC CPU Booster_Install [5] RK.png"],"nonDeceptorImageFiles":["210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-065/ChrisPC CPU Booster_Install [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-065/ChrisPC CPU Booster_Install [2].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-065/ChrisPC CPU Booster_Install [5] RK.png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-065/ChrisPC CPU Booster_Install [6].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-065/ChrisPC CPU Booster_About [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-099/ChrisPC CPU Booster_About [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-035/ChrisPC CPU Booster_About [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-035/ChrisPC CPU Booster_LandingPage [2].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-036/ChrisPC CPU Booster_About [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-037/ChrisPC CPU Booster_About [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-037/ChrisPC CPU Booster_LandingPage [2].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-065/ChrisPC CPU Booster_LandingPage [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-065/ChrisPC CPU Booster_LandingPage [2].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-099/ChrisPC CPU Booster_LandingPage [2].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-161/ChrisPC CPU Booster_OfferPage [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-065/ChrisPC CPU Booster_OfferPage [1].png","210326/ChrisPCCPUBooster-210326/1.15.15/Images/ACR-099/ChrisPC CPU Booster_OfferPage [1].png"],"guid":"feb207b0-7a2d-4ad0-95de-d5fbae871043_1.15.15_1","appID":"ChrisPCCPUBooster-210326","dateAdded":"211206","deceptorType":"Bundler","name":"ChrisPC – CPU Booster ","company":"Chris P.C. srl.","version":"1.15.15","sigName":"Deceptor:Win32/ChrisPCCPUBooster!109048059155","lastKnownStatus":"1.18.04;1.23.05.0","lastKnownDate":"211206","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2021-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1570},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. User has to choose \"I accept\" for RK to continue the install the application.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads “rkverify.exe”, a RelevantKnowledge file\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"The app does not provide Returns and Cancellation Policy, and Privacy Policy in the software,  and as well as EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the landing page.\n","ACR-036":"The app does not provide Returns and Cancellation Policy or Privacy Policy.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n","ACR-167":"The app has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"CPUBOOSTER.EXE","companyName":"Chris P.C. srl","fileVersion":"1.0","hashMD5":"5d4accc29175a07083eab1a938654baa","hashSHA1":"a846748380a290a1225b0a68688b9260f5719e89","hashSHA256":"abb9719a32ae2111fb79273873f7607291e96a0fc549beb40c991976d0d98b48","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1869","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1869","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"setup_chrispc_cpu_booster_1_18_04.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"1.18","hashMD5":"16f862eec84d4a4e0615eab8f8b4faac","hashSHA1":"ce61eb905b901f4e974ff564674e7d282fbdf4eb","hashSHA256":"25556b3cca2346e36491ae450b40fad398456405ef367cdfa3e166d41659d2a2","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1869","avBlockList":["360 Total Security (20210916)","Avast Premium Security (20210916)","AVG Internet Security (20210916)","Avira Internet Security (20210916)","Bitdefender Internet Security (20210916)","COMODO Antivirus (20210916)","ESET Internet Security (20210916)","G DATA INTERNET SECURITY (20210916)","K7 Total Security (20210916)","Malwarebytes Premium (20210916)","McAfee Total Protection (20210916)","Norton Security (20210916)","Panda Dome (20210916)","Quick Heal Internet Security (20210916)","Sophos Home Premium (20210916)","SpyHunter5 (20210916)","Tencent PC Manager (20210916)","Total AV Antivirus Pro (20210916)","VIPRE Advanced Security (20210916)","VirIT eXplorer PRO (20210916)","Webroot SecureAnywhere (20210916)","Windows Defender (20210916)"],"avAllowList":["Dr.Web Security Space (20210916)","Kaspersky Internet Security (20210916)","Trend Micro Internet Security (20210916)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://cpu-booster.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=52&file=setup_chrispc_cpu_booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=52&file=setup_chrispc_cpu_booster.exe","sourceIndex":"1869"}],"sampleFiles":["210706/ChrisPCCPUBooster-210326/1.18.04/Samples/CPUBooster.exe","210706/ChrisPCCPUBooster-210326/1.18.04/Samples/rk_setup.exe","210706/ChrisPCCPUBooster-210326/1.18.04/Samples/setup_chrispc_cpu_booster_1_18_04.exe"],"imageFiles":["210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-109/ChrisPC – CPU Booster_Install [8 ].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-048/ChrisPC – CPU Booster_Install [8 ].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-059/ChrisPC – CPU Booster_Install [8].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-155/ChrisPC – CPU Booster_Install [8].png"],"nonDeceptorImageFiles":["210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-065/ChrisPC – CPU Booster_Install [1].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-065/ChrisPC – CPU Booster_Install [2].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-065/ChrisPC – CPU Booster_Install [9].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-065/ChrisPC – CPU Booster_About [1].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-099/ChrisPC – CPU Booster_About [1].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-065/ChrisPC – CPU Booster_LandingPage [1].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-099/ChrisPC – CPU Booster_LandingPage [1].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-161/ChrisPC – CPU Booster_OfferPage [1].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-161/ChrisPC – CPU Booster_OfferPage [2].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-065/ChrisPC – CPU Booster_OfferPage [1].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-065/ChrisPC – CPU Booster_OfferPage [2].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-099/ChrisPC – CPU Booster_OfferPage [1].png","210706/ChrisPCCPUBooster-210326/1.18.04/Images/ACR-099/ChrisPC – CPU Booster_OfferPage [2].png"],"guid":"feb207b0-7a2d-4ad0-95de-d5fbae871043_1.18.04_1","appID":"ChrisPCCPUBooster-210326","dateAdded":"211206","deceptorType":"Bundler","name":"ChrisPC – CPU Booster ","company":"Chris P.C. srl.","version":"1.18.04","sigName":"Deceptor:Win32/ChrisPCCPUBooster!109048059155","lastKnownStatus":"1.18.04;1.23.05.0","lastKnownDate":"211206","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2021-12-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1569},{"violations":{"ACR-048":"The app hides in a hidden folder and requires a hotkey to open it.\n","ACR-007":"The app does not display explicit notification when it is running and requires a hotkey to open it.\n","ACR-084":"The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and requires a hotkey to open it.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"Library\".\n","ACR-065":"The app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Freekey","fileVersion":"0.","hashMD5":"c157014e72c48a88357abbc2604d87ae","hashSHA1":"cf97ccd679170c458535b4e053c04966e30406e7","hashSHA256":"4a6e6e98635b24d7252243d403d0c6d8674255a32b686703a11102772e87c289","sourceIndex":"2580","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeKeylogger.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"55b7efb15240dd7571ff0b98dfbec94f3dde32766a2aa719c442150c705519e4","sourceIndex":"2580","avBlockList":["Avast Security for Mac (20220308)","Avira Security for Mac (20220308)","Bitdefender Antivirus for Mac (20220308)","ESET Cyber Security Pro for Mac (20220308)","G DATA AntiVirus for Mac (20220308)","McAfee Internet Security for Mac (20220308)","Norton Security for Mac (20220308)","Trend Micro Antivirus for Mac (20220308)","Sophos Home Premium For Mac (20220308)"],"avAllowList":["K7 Antivirus for Mac (20220308)","Kaspersky Internet Security for Mac (20220308)"]}],"additionalFiles":[],"sources":[{"howFound":"keylogger screen recorder - Google Search","reference":"Hunt.Search","landingPage":"https://www.hwsuite.com/free-keylogger-mac/","directDownloadingLink":"https://www.hwsuite.com/free-keylogger-mac/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.hwsuite.com/free-keylogger-mac/download","sourceIndex":"2580"}],"sampleFiles":["191214/FreeKeylogger-191213/1.8/Samples/Freekey","191214/FreeKeylogger-191213/1.8/Samples/FreeKeylogger.dmg"],"imageFiles":["191214/FreeKeylogger-191213/1.8/Images/ACR-048/FreeKeylogger Location.png","191214/FreeKeylogger-191213/1.8/Images/ACR-048/FreeKeylogger Hotkey.png","191214/FreeKeylogger-191213/1.8/Images/ACR-007/FreeKeylogger Logs.png","191214/FreeKeylogger-191213/1.8/Images/ACR-007/FreeKeylogger Hotkey.png","191214/FreeKeylogger-191213/1.8/Images/ACR-084/FreeKeylogger Hotkey.png","191214/FreeKeylogger-191213/1.8/Images/ACR-084/FreeKeylogger Location.png","191214/FreeKeylogger-191213/1.8/Images/ACR-086/FreeKeylogger Logs.png","191214/FreeKeylogger-191213/1.8/Images/ACR-086/FreeKeylogger Hotkey.png"],"nonDeceptorImageFiles":["191214/FreeKeylogger-191213/1.8/Images/ACR-040/FreeKeylogger Location.png","191214/FreeKeylogger-191213/1.8/Images/ACR-065/FreeKeylogger About.png","191214/FreeKeylogger-191213/1.8/Images/ACR-099/FreeKeylogger About.png"],"guid":"6b047f72-501a-45b7-b90b-d85a3301cd61_1.8_1","appID":"FreeKeylogger-191213","dateAdded":"211201","deceptorType":"MacOS App","name":"Free Keylogger","company":"HeavenWard","version":"1.8","sigName":"Deceptor:MacOS/Free KeyloggerStalkerware!048007084086","lastKnownStatus":"1.8;1.9","lastKnownDate":"211201","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-12-01T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1572},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not display explicit notification when it is running and requires a hotkey to open it.\n","ACR-084":"The app is installed in a hidden folder and requires a hotkey to open it.\nThe app does not provide a way to disable the auto-launch of the app.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and requires a hotkey to open it.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder \"Library\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, Returns and Cancellation Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"FreeKeylogger.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"af33fb04e4a689244e0f0d2c0aa94535","hashSHA1":"c51691f91658dba99eac761da2b50bbebb036869","hashSHA256":"2f7f0c16565f18476e98f6de17a2634ad2e98a97d51b22e97202af26552c1158","sourceIndex":"1777","avBlockList":["Avast Security for Mac (20220208)","Avira Security for Mac (20220208)","Bitdefender Antivirus for Mac (20220208)","ESET Cyber Security Pro for Mac (20220208)","G DATA AntiVirus for Mac (20220208)","K7 Antivirus for Mac (20220208)","McAfee Internet Security for Mac (20220208)","Norton Security for Mac (20220208)","Sophos Home Premium For Mac (20220208)","Trend Micro Antivirus for Mac (20220208)"],"avAllowList":["Kaspersky Internet Security for Mac (20220208)"]},{"isRevoked":"False","fileName":"FreeKeylogger.pkg","fileVersion":"0.","hashMD5":"afe15a4386d5f6e24e5b65bd9d8367db","hashSHA1":"b24c2545579d11f466695e9026c525341a2c086c","hashSHA256":"14a0b81d40b3cddd9ab484ae94fbd1a1a3991bf1f259653fb8dbf0f8ba38dfc1","sourceIndex":"1777","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Freekey.app.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d074ca95473c8d0ab4facc88497c7488eefe218c44e941388f7116c12cf70543","sourceIndex":"1777","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Freekey","fileVersion":"0.","hashMD5":"ff38740f174fc6121e7263152547f9c2","hashSHA1":"df42a46b8dc3cb60fb185eceec41a4b4029111fa","hashSHA256":"d9221dc37ff08488f2389393cd51575beb62aea03ce7ed5c32161eb0d19b3e2a","sourceIndex":"1777","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeKeylogger [2].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"9c9944e523490c456d8343c7fd464173","hashSHA1":"75cbc712ef376b91c7cdef6e63fe02cb148dd3cb","hashSHA256":"55b7efb15240dd7571ff0b98dfbec94f3dde32766a2aa719c442150c705519e4","sourceIndex":"1777","avBlockList":["Avast Security for Mac (20220308)","Avira Security for Mac (20220308)","Bitdefender Antivirus for Mac (20220308)","ESET Cyber Security Pro for Mac (20220308)","G DATA AntiVirus for Mac (20220308)","McAfee Internet Security for Mac (20220308)","Norton Security for Mac (20220308)","Trend Micro Antivirus for Mac (20220308)","Sophos Home Premium For Mac (20220308)"],"avAllowList":["K7 Antivirus for Mac (20220308)","Kaspersky Internet Security for Mac (20220308)"]}],"additionalFiles":[],"sources":[{"howFound":"keylogger screen recorder - Google Search","reference":"Hunt.Search","landingPage":"https://www.hwsuite.com/free-keylogger-mac/","directDownloadingLink":"https://files.hw-2019.info/FreeKeylogger.dmg?token=1604410173_724d9b261f2d2efeb7c63555d6c3f4c1&fileName=FreeKeylogger.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.hw-2019.info/FreeKeylogger.dmg?token=1604410173_724d9b261f2d2efeb7c63555d6c3f4c1&fileName=FreeKeylogger.dmg","sourceIndex":"1777"}],"sampleFiles":["211201/FreeKeylogger-191213/1.9/Samples/FreeKeylogger.dmg","211201/FreeKeylogger-191213/1.9/Samples/FreeKeylogger.pkg","211201/FreeKeylogger-191213/1.9/Samples/Freekey","211201/FreeKeylogger-191213/1.9/Samples/FreeKeylogger [2].dmg"],"imageFiles":["211201/FreeKeylogger-191213/1.9/Images/ACR-048/FreeKeylogger_HiddenFiles [1].png","211201/FreeKeylogger-191213/1.9/Images/ACR-048/FreeKeylogger_Interactions [3].png","211201/FreeKeylogger-191213/1.9/Images/ACR-007/FreeKeylogger_Interactions [2].png","211201/FreeKeylogger-191213/1.9/Images/ACR-007/FreeKeylogger_Interactions [3].png","211201/FreeKeylogger-191213/1.9/Images/ACR-007/FreeKeylogger_HiddenFiles [1].png","211201/FreeKeylogger-191213/1.9/Images/ACR-084/FreeKeylogger_Interactions [3].png","211201/FreeKeylogger-191213/1.9/Images/ACR-084/FreeKeylogger_HiddenFiles [1].png","211201/FreeKeylogger-191213/1.9/Images/ACR-084/FreeKeylogger_AutoLaunch [3].png","211201/FreeKeylogger-191213/1.9/Images/ACR-086/FreeKeylogger_LogFile [1].png","211201/FreeKeylogger-191213/1.9/Images/ACR-086/FreeKeylogger_Interactions [3].png","211201/FreeKeylogger-191213/1.9/Images/ACR-086/FreeKeylogger_Interactions [2].png"],"nonDeceptorImageFiles":["211201/FreeKeylogger-191213/1.9/Images/ACR-040/FreeKeylogger_HiddenFiles [1].png","211201/FreeKeylogger-191213/1.9/Images/ACR-065/FreeKeylogger_Installs [1].png","211201/FreeKeylogger-191213/1.9/Images/ACR-065/FreeKeylogger_Installs [2].png","211201/FreeKeylogger-191213/1.9/Images/ACR-065/FreeKeylogger_Installs [3].png","211201/FreeKeylogger-191213/1.9/Images/ACR-065/FreeKeylogger_About [1].png","211201/FreeKeylogger-191213/1.9/Images/ACR-065/Free Keylogger for Mac - HeavenWard.png","211201/FreeKeylogger-191213/1.9/Images/ACR-099/FreeKeylogger_About [1].png","211201/FreeKeylogger-191213/1.9/Images/ACR-099/Free Keylogger for Mac - HeavenWard.png"],"guid":"6b047f72-501a-45b7-b90b-d85a3301cd61_1.9_1","appID":"FreeKeylogger-191213","dateAdded":"211201","deceptorType":"MacOS App","name":"Free Keylogger","company":"HeavenWard","version":"1.9","sigName":"Deceptor:MacOS/FreeKeyloggerStalkware!048007084086","lastKnownStatus":"1.8;1.9","lastKnownDate":"211201","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-12-01T14:40:50.0590014+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1571},{"violations":{"ACR-043":"Third party components that are offered during installation are dropped even after declining it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent.\n","ACR-119":"Monetization components are left after the consumer uninstalls the application.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Torrent Monster\\Torrent Monster.exe","companyName":"GoForSharing LLC","productName":"Torrent Monster","productVersion":"5. 5. 0. 0","fileVersion":"5. 5. 0. 0","hashMD5":"91020a741d9531ba5f027cfea8ed6bd1","hashSHA1":"9b1d5fb7abefe0c2974f3b5e58b59263ab23e732","hashSHA256":"56632a5e699ac425207925d34744e02792b55ed81110d405a079a560422e2643","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1783","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"torrent-monster-setup.exe","isInstaller":"True","companyName":"GoForSharing LLC","productName":"Torrent Monster","productVersion":"","fileVersion":"5.5.0.0","hashMD5":"672fead89aeba8f406e1b8934f2b493d","hashSHA1":"0c4e85bd091e2e57c2e2be0f27557ccf7d12b475","hashSHA256":"e5a81956b1619e69c9b5aefcec23bbe075d78690e3cc2479d6092c5753dcafb8","digitalCertThumbprint":"348100D491EE4D329290D1EFDFC3388368ADA01E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Prospera Software Inc.","storeId":"","sourceIndex":"1783","avBlockList":["360 Total Security (20211209)","Avast Premium Security (20211209)","AVG Internet Security (20211209)","Avira Internet Security (20211209)","Bitdefender Internet Security (20211209)","COMODO Antivirus (20211209)","Dr.Web Security Space (20211209)","ESET Internet Security (20211209)","G DATA INTERNET SECURITY (20211209)","K7 Total Security (20211209)","Kaspersky Internet Security (20211209)","Malwarebytes Premium (20211209)","McAfee Total Protection (20211209)","Norton Security (20211209)","Panda Dome (20211209)","Quick Heal Internet Security (20211209)","Sophos Home Premium (20211209)","SpyHunter5 (20211209)","Tencent PC Manager (20211209)","Total AV Antivirus Pro (20211209)","Trend Micro Internet Security (20211209)","VIPRE Advanced Security (20211209)","VirIT eXplorer PRO (20211209)","Webroot SecureAnywhere (20211209)","Windows Defender (20211209)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"GoForSharing Related Apps","reference":"","landingPage":"https://www.goforsharing.com/torrent-monster/","directDownloadingLink":"http://www.goforsharing.com/downloads/aktiv-torrent-monster-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.goforsharing.com/downloads/aktiv-torrent-monster-setup.exe","sourceIndex":"1783"}],"sampleFiles":["211121/aktivtorrentmonster-211119/5.5.0.0/Samples/torrent-monster-setup.exe"],"imageFiles":["211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_1.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_2.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_3.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-043/ACR-043_Install_Offers_Dropped_AfterDeclining.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_1.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","211121/aktivtorrentmonster-211119/5.5.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG"],"nonDeceptorImageFiles":[],"guid":"fa15f0bc-9619-4413-ab47-4970414432fb_5.5.0.0_1","appID":"aktivtorrentmonster-211119","dateAdded":"211121","deceptorType":"App","name":"Aktiv Torrent Monster","company":"GoForSharing LLC","version":"5.5.0.0","sigName":"Deceptor:Win32/AktivTorrentMonster!053043118119057055","lastKnownStatus":"5.5.0.0","lastKnownDate":"211121","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-22T01:30:53.5049501+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1573},{"violations":{"ACR-043":"Third party components that are offered during installation are dropped even after declining it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent.\n","ACR-119":"Monetization components are left after the consumer uninstalls the application. \n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-053":" App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Sharetastic\\Sharetastic.exe","companyName":"Goforsharing","productName":"Sharetastic","productVersion":"5. 2. 0. 0","fileVersion":"5. 2. 0. 0","hashMD5":"29d7d4fc605c39d54febf35f7b566379","hashSHA1":"bb247801305096adc7019c60b5e197fa367e7ad8","hashSHA256":"35b5ad00043973b9377e7a6734294ed2017edc52792bcdd50b1e2b6e6df0ad69","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1785","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sharetastic-setup.exe","isInstaller":"True","companyName":"GoForSharing LLC","productName":"Sharetastic","productVersion":"","fileVersion":"5.2.0.0","hashMD5":"a262f2905105e2960c723b787206ce89","hashSHA1":"89f962263457de473285e1ab5b9a9655a0dbd5db","hashSHA256":"8637639d3b92b98401d71d67ea1316c6f826bdaa144a770e8a96d76fc9d23f93","digitalCertThumbprint":"348100D491EE4D329290D1EFDFC3388368ADA01E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Prospera Software Inc.","storeId":"","sourceIndex":"1785","avBlockList":["360 Total Security (20211207)","Avast Premium Security (20211207)","AVG Internet Security (20211207)","Avira Internet Security (20211207)","Bitdefender Internet Security (20211207)","COMODO Antivirus (20211207)","Dr.Web Security Space (20211207)","ESET Internet Security (20211207)","G DATA INTERNET SECURITY (20211207)","K7 Total Security (20211207)","Kaspersky Internet Security (20211207)","Malwarebytes Premium (20211207)","McAfee Total Protection (20211207)","Norton Security (20211207)","Panda Dome (20211207)","Quick Heal Internet Security (20211207)","Sophos Home Premium (20211207)","SpyHunter5 (20211207)","Tencent PC Manager (20211207)","Total AV Antivirus Pro (20211207)","Trend Micro Internet Security (20211207)","VIPRE Advanced Security (20211207)","VirIT eXplorer PRO (20211207)","Webroot SecureAnywhere (20211207)","Windows Defender (20211207)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"GoForSharing Related Apps","reference":"","landingPage":"https://www.goforsharing.com/sharetastic/","directDownloadingLink":"http://www.goforsharing.com/downloads/aktiv-sharetastic-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.goforsharing.com/downloads/aktiv-sharetastic-setup.exe","sourceIndex":"1785"}],"sampleFiles":["211118/aktivsharetastic-211118/5.2.0.0/Samples/sharetastic-setup.exe"],"imageFiles":["211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_1.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_2.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_3.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-043/ACR-043_Install_Offers_Dropped_AfterDeclining.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_1.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","211118/aktivsharetastic-211118/5.2.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG"],"nonDeceptorImageFiles":[],"guid":"5fe06025-af76-4d3b-9aa1-ca878c0e90eb_5.2.0.0_1","appID":"aktivsharetastic-211118","dateAdded":"211118","deceptorType":"App","name":"Aktiv Sharetastic","company":"GoForSharing LLC","version":"5.2.0.0","sigName":"Deceptor:Win32/AktivSharetastic!053043118119057055","lastKnownStatus":"5.2.0.0","lastKnownDate":"211118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-18T16:54:14.4476165+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1574},{"violations":{"ACR-048":"1. The app does not provide any control to disable the start-up it created within the apps settings.\n2. The app does not provide any control to close the app completely from the app's settings.\n","ACR-084":"The app runs silently in the background even after exiting from tray manually.\n","ACR-014":"App misleads the consumer into thinking it has malware remover functionality also, in the landing page it describes the malware hunter as \"Ultimate virus detection and Protection capabilities\" , but malware remover detects only one malware out of well-known 40+ malware threat. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Glarysoft\\Malware Hunter\\MalwareHunter.exe","companyName":"Glarysoft Ltd","productName":"Glarysoft Malware Hunter","productVersion":"1.137.0.749","fileVersion":"1.137.0.749","hashMD5":"dc5e1a5c5cfcc137a31daf01bb074bbc","hashSHA1":"e49de55fe8b9fd1d31519f2606bc9fe3d220490b","hashSHA256":"8ba83e68eba9a63efb81fc5cd8d58b6456f26d5f4b45d705132ab7c368a7f423","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1782","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mhsetup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"645b2701e7a0db1a18b5be3a5f1737bf","hashSHA1":"f3b4380016e68e7c0d52f3270f8ebffc0ba22640","hashSHA256":"f9d15420f96bad02491ac521770cc6f5be538146d2c8a6f08cde5511ee17e740","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1782","avBlockList":["Avast Premium Security (20211123)","AVG Internet Security (20211123)","Avira Internet Security (20211123)","Bitdefender Internet Security (20211123)","ESET Internet Security (20211123)","G DATA INTERNET SECURITY (20211123)","K7 Total Security (20211123)","McAfee Total Protection (20211123)","Norton Security (20211123)","Quick Heal Internet Security (20211123)","SpyHunter5 (20211123)","Tencent PC Manager (20211123)","Total AV Antivirus Pro (20211123)","VIPRE Advanced Security (20211123)","VirIT eXplorer PRO (20211123)","Windows Defender (20211123)"],"avAllowList":["360 Total Security (20211123)","COMODO Antivirus (20211123)","Dr.Web Security Space (20211123)","Kaspersky Internet Security (20211123)","Malwarebytes Premium (20211123)","Panda Dome (20211123)","Sophos Home Premium (20211123)","Trend Micro Internet Security (20211123)","Webroot SecureAnywhere (20211123)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on other Glarysoft products","reference":"","landingPage":"https://www.glarysoft.com/malware-hunter/","directDownloadingLink":"https://download.glarysoft.com/mhsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/mhsetup.exe","sourceIndex":"1782"}],"sampleFiles":["211117/malwarehunter-211101/1.137.0.749/Samples/mhsetup.exe"],"imageFiles":["211117/malwarehunter-211101/1.137.0.749/Images/ACR-084/ACR-084_Software_Background_Process.JPG","211117/malwarehunter-211101/1.137.0.749/Images/ACR-048/ACR-048_Software_No_Control.JPG","211117/malwarehunter-211101/1.137.0.749/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","211117/malwarehunter-211101/1.137.0.749/Images/ACR-014/ACR-014_Software_Misleading.JPG","211117/malwarehunter-211101/1.137.0.749/Images/ACR-014/ACR-014_Software_Misleading_1.JPG"],"nonDeceptorImageFiles":[],"guid":"fbbcb1e0-7a27-45b3-9dca-a5ec26874768_1.137.0.749_1","appID":"malwarehunter-211101","dateAdded":"211117","deceptorType":"App","name":"Malware Hunter","company":"Glarysoft Ltd","version":"1.137.0.749","firstVendorContactDate":"211115","firstAppEsteemReplyDate":"211115","firstResolvedDate":"211122","firstResolvedVersion":"1.138.0.751","resolved":"TRUE","lastKnownStatus":"1.136.0.742;1.137.0.749","lastKnownDate":"211117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-23T19:01:31.3305582+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1576},{"violations":{"ACR-048":"1. The app does not provide any control to disable the start-up it created.\n2. The app does not provide any control to close the app completely from the app's settings.\n","ACR-007":"The app allows reducing Windows default security without providing explicit notification or consent.\n","ACR-084":"1. The app does not list its own startup item inside the software.\n2. The app runs silently in the background even after exiting from tray manually\n","ACR-014":"App misleads the consumer into thinking it has malware remover functionality, but malware remover detects only one malware out of well known 40+ malware in the wild.\n\n"},"nonDeceptorViolations":{"ACR-017":"Unable to verify logos presented on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Glarysoft\\Malware Hunter\\MalwareHunter.exe","companyName":"Glarysoft Ltd","productName":"Glarysoft Malware Hunter","productVersion":"1.136.0.742","fileVersion":"1.136.0.742","hashMD5":"3b64396947095322480dae13db8b1112","hashSHA1":"dd305a25e805e3b896403bb06e9b2bfee7ea317c","hashSHA256":"d7bceeb5c266da8992941f35537b348da32d8cfd9c84b96acf8c5b0a54eb6758","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1799","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mhsetup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3b6910c378413bda928dbda8269d5ef5","hashSHA1":"6100d75a1e7f9a05a861f4dec0062ed821c463f8","hashSHA256":"6344ee53bf747685febc17f5d50d3e8552471b9e1d51dab94dbcb84ee0609fb6","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1799","avBlockList":["Avast Premium Security (20211116)","AVG Internet Security (20211116)","Avira Internet Security (20211116)","Bitdefender Internet Security (20211116)","ESET Internet Security (20211116)","G DATA INTERNET SECURITY (20211116)","K7 Total Security (20211116)","McAfee Total Protection (20211116)","Norton Security (20211116)","Quick Heal Internet Security (20211116)","SpyHunter5 (20211116)","Tencent PC Manager (20211116)","Total AV Antivirus Pro (20211116)","VIPRE Advanced Security (20211116)","VirIT eXplorer PRO (20211116)","Webroot SecureAnywhere (20211116)","Windows Defender (20211116)"],"avAllowList":["360 Total Security (20211116)","COMODO Antivirus (20211116)","Dr.Web Security Space (20211116)","Kaspersky Internet Security (20211116)","Malwarebytes Premium (20211116)","Panda Dome (20211116)","Sophos Home Premium (20211116)","Trend Micro Internet Security (20211116)"]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt on other Glarysoft products","reference":"","landingPage":"https://www.glarysoft.com/malware-hunter/","directDownloadingLink":"https://download.glarysoft.com/mhsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/mhsetup.exe","sourceIndex":"1799"}],"sampleFiles":["211101/malwarehunter-211101/1.136.0.742/Samples/mhsetup.exe"],"imageFiles":["211101/malwarehunter-211101/1.136.0.742/Images/ACR-084/ACR-084_Software_Startup_Item_Not_Listed.JPG","211101/malwarehunter-211101/1.136.0.742/Images/ACR-084/ACR-084_Software_Background_Process_Exists.png","211101/malwarehunter-211101/1.136.0.742/Images/ACR-048/ACR-048_Software_Unable_To_Remove_Task.JPG","211101/malwarehunter-211101/1.136.0.742/Images/ACR-048/ACR-048_Software_No_Control_1.jpg","211101/malwarehunter-211101/1.136.0.742/Images/ACR-007/ACR-007_Software_No_Warning_Message.jpg","211101/malwarehunter-211101/1.136.0.742/Images/ACR-014/ACR-014_Software_Misleding_Functionality.JPG"],"nonDeceptorImageFiles":["211101/malwarehunter-211101/1.136.0.742/Images/ACR-017/ACR-017_LandingPage_Unverifiable_Logos.JPG","211101/malwarehunter-211101/1.136.0.742/Images/ACR-017/ACR-017_LandingPage_Unverifiable_Logos_1.JPG"],"guid":"fbbcb1e0-7a27-45b3-9dca-a5ec26874768_1.136.0.742_1","appID":"malwarehunter-211101","dateAdded":"211117","deceptorType":"App","name":"Malware Hunter","company":"Glarysoft Ltd","version":"1.136.0.742","sigName":"Deceptor:Win32/MalwareHunter!084048007014","firstVendorContactDate":"211115","firstAppEsteemReplyDate":"211115","firstResolvedDate":"211122","firstResolvedVersion":"1.138.0.751","resolved":"TRUE","lastKnownStatus":"1.136.0.742;1.137.0.749","lastKnownDate":"211117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1577},{"violations":{"ACR-043":"Third party components that are offered during installation are dropped even after declining it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"Monetization components are left after the consumer uninstalls the application.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TurboWire\\TurboWire.exe","companyName":"GoForSharing","productName":"TurboWire","productVersion":"5. 1. 0. 0","fileVersion":"5. 1. 0. 0","hashMD5":"e634e6723ee3a66fa3eb9c6b975bdef0","hashSHA1":"3deae852e3def0e1997a2bde9904722258de472f","hashSHA256":"640455591d485c0a1ff8ab8cbb9baa3dd138e7fc0b1669d64d8e4fffb8c7234b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"turbo-wire-setup.exe","isInstaller":"True","companyName":"GoForSharing LLC","productName":"TurboWire","productVersion":"","fileVersion":"5.1.0.0","hashMD5":"0420c8d86d91ba7eb558580c9817f347","hashSHA1":"b394c3bd080d82b5f80dfca42dddab40b9b07a8d","hashSHA256":"59ddd06d06816d7c39fc9c5019b0f87f70a3fcf0409b8fb7159176f4d99b536e","digitalCertThumbprint":"348100D491EE4D329290D1EFDFC3388368ADA01E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Prospera Software Inc.","storeId":"","sourceIndex":"1786","avBlockList":["360 Total Security (20211207)","Avast Premium Security (20211207)","AVG Internet Security (20211207)","Avira Internet Security (20211207)","Bitdefender Internet Security (20211207)","COMODO Antivirus (20211207)","Dr.Web Security Space (20211207)","ESET Internet Security (20211207)","G DATA INTERNET SECURITY (20211207)","K7 Total Security (20211207)","Kaspersky Internet Security (20211207)","Malwarebytes Premium (20211207)","McAfee Total Protection (20211207)","Norton Security (20211207)","Panda Dome (20211207)","Quick Heal Internet Security (20211207)","Sophos Home Premium (20211207)","SpyHunter5 (20211207)","Tencent PC Manager (20211207)","Total AV Antivirus Pro (20211207)","Trend Micro Internet Security (20211207)","VIPRE Advanced Security (20211207)","VirIT eXplorer PRO (20211207)","Webroot SecureAnywhere (20211207)","Windows Defender (20211207)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt using GoForSharing products","reference":"","landingPage":"https://www.goforsharing.com/turbowire/","directDownloadingLink":"http://www.goforsharing.com/downloads/turbo-wire-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.goforsharing.com/downloads/turbo-wire-setup.exe","sourceIndex":"1786"}],"sampleFiles":["211117/turbowire-211117/5.1.0.0/Samples/turbo-wire-setup.exe"],"imageFiles":["211117/turbowire-211117/5.1.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_1.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_2.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_3.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-043/ACR-043_Install_Offers_Dropped_AfterDeclining.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_1.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_2.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","211117/turbowire-211117/5.1.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG"],"nonDeceptorImageFiles":[],"guid":"b384f64a-8774-4799-9f6d-4fddd042d5d0_5.1.0.0_1","appID":"turbowire-211117","dateAdded":"211117","deceptorType":"App","name":"Turbo Wire","company":"GoForSharing LLC","version":"5.1.0.0","sigName":"Deceptor:Win32/TurboWire!053043118119057055","lastKnownStatus":"5.1.0.0","lastKnownDate":"211117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-17T18:39:41.7683606+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1575},{"violations":{"ACR-043":"Third party components that are offered during installation are dropped even after declining it.\n","ACR-084":"On closing the app, it runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"Monetization components are left after the consumer uninstalls the application.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{"ACR-092":"The main executable of the app \"Xcelerator.exe \" and every other component does not have digital signature. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Xcelerator\\Xcelerator.exe","companyName":"GoForSharing LLC.","productName":"Xcelerator","productVersion":"4. 9. 0. 0","fileVersion":"4. 9. 0. 0","hashMD5":"64feedaf15fdc27faf333b9fa3e5bf79","hashSHA1":"2dee571af7da86a0905d836a8efb7a286f238bd5","hashSHA256":"8c9cda2e1f35659553ed90c4c3b6ed155f1d20a3161382dab12c70b3351241d5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcelerator-setup.exe","isInstaller":"True","companyName":"GoForSharing LLC","productName":"Xcelerator","productVersion":"","fileVersion":"4.9.0.0","hashMD5":"12eb4578dd42b6fbb7e6518562e74182","hashSHA1":"0418092e3f95c4b788633e130891c675a5e3b22d","hashSHA256":"d990fdc7a86bc25d84532ac9bf587234c00a5b31f29fb4ac089e730bceef5204","digitalCertThumbprint":"348100D491EE4D329290D1EFDFC3388368ADA01E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Prospera Software Inc.","storeId":"","sourceIndex":"1787","avBlockList":["360 Total Security (20211207)","Avast Premium Security (20211207)","AVG Internet Security (20211207)","Avira Internet Security (20211207)","Bitdefender Internet Security (20211207)","COMODO Antivirus (20211207)","Dr.Web Security Space (20211207)","ESET Internet Security (20211207)","G DATA INTERNET SECURITY (20211207)","K7 Total Security (20211207)","Kaspersky Internet Security (20211207)","Malwarebytes Premium (20211207)","McAfee Total Protection (20211207)","Norton Security (20211207)","Panda Dome (20211207)","Quick Heal Internet Security (20211207)","Sophos Home Premium (20211207)","SpyHunter5 (20211207)","Tencent PC Manager (20211207)","Total AV Antivirus Pro (20211207)","Trend Micro Internet Security (20211207)","VIPRE Advanced Security (20211207)","VirIT eXplorer PRO (20211207)","Webroot SecureAnywhere (20211207)","Windows Defender (20211207)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"GoForSharing Related Apps","reference":"","landingPage":"https://www.goforsharing.com/xcelerator/","directDownloadingLink":"http://www.goforsharing.com/downloads/aktiv-xcelerator-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.goforsharing.com/downloads/aktiv-xcelerator-setup.exe","sourceIndex":"1787"}],"sampleFiles":["211116/aktivxcelerator-211116/4.9.0.0/Samples/xcelerator-setup.exe"],"imageFiles":["211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_1.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_2.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_3.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-043/ACR-043_Install_Offers_Dropped_AfterDeclining.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-084/ACR-084_Software_BackroungProcess.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_1.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_1.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_2.JPG","211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-055/ACR-055_BundlerMadeOffers_Inconsistent_Accept_Decline_Option_3.JPG"],"nonDeceptorImageFiles":["211116/aktivxcelerator-211116/4.9.0.0/Images/ACR-092/ACR-092_Software_No_DigitalSignature.JPG"],"guid":"2e465604-162e-4198-98b8-97454efdf7ad_4.9.0.0_1","appID":"aktivxcelerator-211116","dateAdded":"211116","deceptorType":"App","name":"Aktiv Xcelerator","company":"GoForSharing LLC","version":"4.9.0.0","lastKnownStatus":"4.9.0.0","lastKnownDate":"211116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-16T18:21:29.4474527+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1578},{"violations":{"ACR-014":"Content misleads user. Advertising to remove Adware Reimage by using Reimage.\n","ACR-016":"advertised application is downloaded directly when clicking the links in the content-advertisement without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"partner report","reference":"2-spyware.com","landingPage":"https://virusi.hr/","ipv4":"","ipv6":"","sourceIndex":"1789"}],"sampleFiles":[],"imageFiles":["211115/VirusiHr-211115/211115/Images/ACR-016/virusi_hr.JPG","211115/VirusiHr-211115/211115/Images/ACR-014/Virusi_hr_OfferReimageToRemoveReimage.JPG"],"nonDeceptorImageFiles":[],"guid":"9355dfa8-5d05-497d-b0fc-6427647fed67_211115_1","appID":"VirusiHr-211115","dateAdded":"211115","deceptorType":"Affiliate","name":"virusi.hr","company":"Virusi.hr","version":"211115","sigName":"Deceptor:Affiliate/virusi.hr!016014","lastKnownDate":"211115","type":"Affiliate","category":"Productivity, SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2021-11-15T22:01:37.4304872+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1579},{"violations":{"ACR-016":"advertised application is downloaded directly when clicking the links in the content-advertisement without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"partner report","reference":"2-spyware.com","landingPage":"https://odstranitvirus.cz/","ipv4":"","ipv6":"","sourceIndex":"1791"}],"sampleFiles":[],"imageFiles":["211115/OdstranitvirusCZ-211115/211115/Images/ACR-016/odstrainitvirus_cz.JPG"],"nonDeceptorImageFiles":[],"guid":"e5d9c1d8-7181-4f93-a2c4-4cd6cdd44c42_211115_1","appID":"OdstranitvirusCZ-211115","dateAdded":"211115","deceptorType":"Affiliate","name":"odstranitvirus.cz","company":"Odstranitvirus.CZ","version":"211115","lastKnownStatus":"Deceptor:Affiliate/odstranitvirus_cz!016","lastKnownDate":"211115","type":"Affiliate","category":"Productivity, SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2021-11-15T20:48:32.6220693+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1580},{"violations":{"ACR-016":"advertised application is downloaded directly when clicking the links in the content-advertisement without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Partner report","reference":"2-spyware.com","landingPage":"https://novirus.uk/","ipv4":"","ipv6":"","sourceIndex":"1790"}],"sampleFiles":[],"imageFiles":["211115/NovirusUk-211115/211115/Images/ACR-016/NoVirus_UK.JPG"],"nonDeceptorImageFiles":[],"guid":"3a52ca0f-4c21-4ebb-bd8a-498e5c0ad574_211115_1","appID":"NovirusUk-211115","dateAdded":"211115","deceptorType":"Affiliate","name":"novirus.uk","company":"Novirus.uk","version":"211115","sigName":"Deceptor:Affiliate/novirus.uk!016","lastKnownDate":"211115","type":"Affiliate","category":"Productivity, SysTools & Utilities","targetOS":"None","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2021-11-15T20:59:20.1902192+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1581},{"violations":{"ACR-016":"advertised application is downloaded directly when clicking the links in the content-advertisement without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Partner report","reference":"2-spyware.com","landingPage":"https://lesvirus.fr/","ipv4":"","ipv6":"","sourceIndex":"1788"}],"sampleFiles":[],"imageFiles":["211115/LesvirusFr-211115/211115/Images/ACR-016/lesvirus_fr.JPG"],"nonDeceptorImageFiles":[],"guid":"10eb2a30-7f3b-4dee-838d-0a838973cd1e_211115_1","appID":"LesvirusFr-211115","dateAdded":"211115","deceptorType":"Affiliate","name":"lesvirus.fr","company":"Lesvirus.fr","version":"211115","type":"Affiliate","category":"Productivity, SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer,enterprise","monetization":"display ads","lastUpdate":"2021-11-15T22:03:50.1263742+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":1582},{"violations":{"ACR-043":"Third party components that are offered during installation are dropped even after declining it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"Monetization components are left after the consumer uninstalls the application.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n"},"nonDeceptorViolations":{"ACR-092":"The main executable of the app \"Aktiv CD Ripper.exe\" does not have digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Aktiv CD Ripper\\Aktiv CD Ripper.exe","companyName":"GoForSharing","productName":"Aktiv CD Ripper Application","productVersion":"4.8.0","fileVersion":"4.8.0","hashMD5":"8ba1e683ce2aad50ea8013be50d04bfb","hashSHA1":"c21696ca28e83dafac902480276d27349d639f4b","hashSHA256":"459981acd35c2f82517aa17801498848551f467c7cb8557e3af0a825dafb718a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1793","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aktiv-cd-ripper-setup.exe","isInstaller":"True","companyName":"GoForSharing LLC","productName":"Aktiv CD Ripper","productVersion":"","fileVersion":"4.8.0.0","hashMD5":"0b995bec703ba09929efdb4134ff740f","hashSHA1":"30a79d8442b04bb04d90b3f7fe4c6685b03c1f16","hashSHA256":"b4b2ff5d4bc84b99a74613acb5b741ff676c79ef00a77b5f0e8bd18844c1e984","digitalCertThumbprint":"348100D491EE4D329290D1EFDFC3388368ADA01E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Prospera Software Inc.","storeId":"","sourceIndex":"1793","avBlockList":["360 Total Security (20211202)","Avast Premium Security (20211202)","AVG Internet Security (20211202)","Avira Internet Security (20211202)","Bitdefender Internet Security (20211202)","COMODO Antivirus (20211202)","Dr.Web Security Space (20211202)","ESET Internet Security (20211202)","G DATA INTERNET SECURITY (20211202)","K7 Total Security (20211202)","Kaspersky Internet Security (20211202)","Malwarebytes Premium (20211202)","McAfee Total Protection (20211202)","Norton Security (20211202)","Panda Dome (20211202)","Quick Heal Internet Security (20211202)","Sophos Home Premium (20211202)","SpyHunter5 (20211202)","Tencent PC Manager (20211202)","Total AV Antivirus Pro (20211202)","Trend Micro Internet Security (20211202)","VIPRE Advanced Security (20211202)","VirIT eXplorer PRO (20211202)","Webroot SecureAnywhere (20211202)","Windows Defender (20211202)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt using GoForSharing products","reference":"","landingPage":"https://www.goforsharing.com/aktiv-cd-ripper/","directDownloadingLink":"http://www.goforsharing.com/downloads/aktiv-cd-ripper-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.goforsharing.com/downloads/aktiv-cd-ripper-setup.exe","sourceIndex":"1793"}],"sampleFiles":["211115/aktivcdripper-211115/4.8.0.0/Samples/aktiv-cd-ripper-setup.exe"],"imageFiles":["211115/aktivcdripper-211115/4.8.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option.JPG","211115/aktivcdripper-211115/4.8.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_1.JPG","211115/aktivcdripper-211115/4.8.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_2.JPG","211115/aktivcdripper-211115/4.8.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211115/aktivcdripper-211115/4.8.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211115/aktivcdripper-211115/4.8.0.0/Images/ACR-043/ACR-043_Install_Offers_Dropped_AfterDeclining.JPG","211115/aktivcdripper-211115/4.8.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option.JPG","211115/aktivcdripper-211115/4.8.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_1.JPG","211115/aktivcdripper-211115/4.8.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_2.JPG"],"nonDeceptorImageFiles":["211115/aktivcdripper-211115/4.8.0.0/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG"],"guid":"c16aa005-3f90-4111-8365-be3995e303bf_4.8.0.0_1","appID":"aktivcdripper-211115","dateAdded":"211115","deceptorType":"App","name":"Aktiv CD Ripper","company":"GoForSharing LLC","version":"4.8.0.0","lastKnownStatus":"Deceptor:Win32/AktivCDRipper!057119118043053","lastKnownDate":"211115","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-15T18:01:27.7266259+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1583},{"violations":{"ACR-043":"Third party components that are offered during installation are dropped even after declining it.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"Monetization components are left after the consumer uninstalls the application. \n\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n"},"nonDeceptorViolations":{"ACR-092":"The main executable of the app \" Aktiv Player.exe \" and every other component does not have digital signature. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Aktiv Player\\Aktiv Player.exe","companyName":"GoForSharing","productName":"Aktiv Player","productVersion":"Aktiv Player 5.0.0","fileVersion":"Aktiv Player 5.0.0","hashMD5":"d59df90f22e8c6eb7d5ce66f17ab9552","hashSHA1":"cb7df973bc5757a324bf42b1b8357711388d195a","hashSHA256":"efaad39794efd062aa77bf9dcf4f2e5ff880129b1303c8dad76d2b56c46c924d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1794","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aktiv-player-setup.exe","isInstaller":"True","companyName":"GoForSharing LLC","productName":"Aktiv Player","productVersion":"","fileVersion":"5.0.0.0","hashMD5":"b9c0f3353b682017d41a90177cecbcea","hashSHA1":"87437a921d9cb0364575193b8132ae6777a108a5","hashSHA256":"6d3912f55c1f106622b44e7cdaee954e7ff97c7b4ecd2d34f64be329fa200746","digitalCertThumbprint":"348100D491EE4D329290D1EFDFC3388368ADA01E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Prospera Software Inc.","storeId":"","sourceIndex":"1794","avBlockList":["360 Total Security (20211130)","Avast Premium Security (20211130)","AVG Internet Security (20211130)","Avira Internet Security (20211130)","Bitdefender Internet Security (20211130)","COMODO Antivirus (20211130)","Dr.Web Security Space (20211130)","ESET Internet Security (20211130)","G DATA INTERNET SECURITY (20211130)","K7 Total Security (20211130)","Kaspersky Internet Security (20211130)","Malwarebytes Premium (20211130)","McAfee Total Protection (20211130)","Norton Security (20211130)","Panda Dome (20211130)","Quick Heal Internet Security (20211130)","Sophos Home Premium (20211130)","SpyHunter5 (20211130)","Tencent PC Manager (20211130)","Total AV Antivirus Pro (20211130)","Trend Micro Internet Security (20211130)","VIPRE Advanced Security (20211130)","VirIT eXplorer PRO (20211130)","Webroot SecureAnywhere (20211130)","Windows Defender (20211130)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"GoForSharing Related Apps","reference":"","landingPage":"https://www.goforsharing.com/aktiv-player/","directDownloadingLink":"http://www.goforsharing.com/downloads/aktiv-player-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.goforsharing.com/downloads/aktiv-player-setup.exe","sourceIndex":"1794"}],"sampleFiles":["211112/aktivplayer-211112/5.0.0/Samples/aktiv-player-setup.exe"],"imageFiles":["211112/aktivplayer-211112/5.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option.JPG","211112/aktivplayer-211112/5.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_1.JPG","211112/aktivplayer-211112/5.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_2.JPG","211112/aktivplayer-211112/5.0.0/Images/ACR-043/ACR-043_Install_Offers_Dropped_AfterDeclining.JPG","211112/aktivplayer-211112/5.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211112/aktivplayer-211112/5.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211112/aktivplayer-211112/5.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option.JPG","211112/aktivplayer-211112/5.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_1.JPG","211112/aktivplayer-211112/5.0.0/Images/ACR-057/ACR-057_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG"],"nonDeceptorImageFiles":["211112/aktivplayer-211112/5.0.0/Images/ACR-092/ACR-092_Software_No_Digital_Signautre.JPG"],"guid":"dc478638-0003-4023-af67-c6393eb0430b_5.0.0_1","appID":"aktivplayer-211112","dateAdded":"211112","deceptorType":"App","name":"Aktiv Player","company":"GoForSharing LLC","version":"5.0.0","sigName":"Deceptor:Win32/AktivPlayer!053043118119057","lastKnownStatus":"5.0.0","lastKnownDate":"211112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-12T23:18:44.2797422+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1584},{"violations":{"ACR-043":"Third party components that are offered during installation are dropped even after declining it.\n","ACR-084":"On closing the app, it runs silently in the background, hiding the fact that it is active from the consumer.\n\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"Monetization components are left after the consumer uninstalls the application.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-053":" App doesn’t allow the consumer to skip all offers at once.\n\n","ACR-055":"The accept/Decline options are not consistent for offers.\n"},"nonDeceptorViolations":{"ACR-092":"The main executable of the app \"Aktiv MP3 Recorder.exe\" does not have digital signature.\n\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Aktiv MP3 Recorder\\Aktiv MP3 Recorder.exe","companyName":"","productName":"Aktiv MP3 Recorder","productVersion":"5. 2. 0. 0","fileVersion":"5. 2. 0. 0","hashMD5":"65cbba6fe54b476651834e482e1ab4b5","hashSHA1":"7ecde86ef3679ca5c25e00380631d5901c38d3f9","hashSHA256":"5ec449c7def988ccc92653d29d81f41584799b3427f28adbede34d235833dc1b","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1795","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aktiv-mp3-recorder-setup.exe","isInstaller":"True","companyName":"GoForSharing LLC","productName":"Aktiv MP3 Recorder","productVersion":"","fileVersion":"5.2.0.0","hashMD5":"675d7816c633ca6a2cfb025dcc128cf9","hashSHA1":"ee300498f623238f773c66662f862bb4cbdb60f6","hashSHA256":"bb6ebcfe47094b9707af3d8638ea6469bc7bb93ddc3862a35297ad20788daa03","digitalCertThumbprint":"348100D491EE4D329290D1EFDFC3388368ADA01E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Prospera Software Inc.","storeId":"","sourceIndex":"1795","avBlockList":["360 Total Security (20211130)","Avast Premium Security (20211130)","AVG Internet Security (20211130)","Avira Internet Security (20211130)","Bitdefender Internet Security (20211130)","COMODO Antivirus (20211130)","Dr.Web Security Space (20211130)","ESET Internet Security (20211130)","G DATA INTERNET SECURITY (20211130)","K7 Total Security (20211130)","Kaspersky Internet Security (20211130)","Malwarebytes Premium (20211130)","McAfee Total Protection (20211130)","Norton Security (20211130)","Panda Dome (20211130)","Quick Heal Internet Security (20211130)","Sophos Home Premium (20211130)","SpyHunter5 (20211130)","Tencent PC Manager (20211130)","Total AV Antivirus Pro (20211130)","Trend Micro Internet Security (20211130)","VIPRE Advanced Security (20211130)","VirIT eXplorer PRO (20211130)","Webroot SecureAnywhere (20211130)","Windows Defender (20211130)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt using GoForSharing products","reference":"","landingPage":"https://www.goforsharing.com/aktiv-mp3-recorder/","directDownloadingLink":"http://www.goforsharing.com/downloads/aktiv-mp3-recorder-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.goforsharing.com/downloads/aktiv-mp3-recorder-setup.exe","sourceIndex":"1795"}],"sampleFiles":["211112/aktivmp3recorder-211211/5.2.0.0/Samples/aktiv-mp3-recorder-setup.exe"],"imageFiles":["211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_1.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_2.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-043/ACR-043_Install_Offers_Dropped_After_Declining.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-084/ACR-084_Software_Background Process.jpg","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_1.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_No_Accept_Decline_Option_2.JPG","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-055/Offer2.png","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-055/Offer1.png","211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-055/Offer3.png"],"nonDeceptorImageFiles":["211112/aktivmp3recorder-211211/5.2.0.0/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG"],"guid":"0399186b-afd3-46c5-83f8-d6ddd17cc17c_5.2.0.0_1","appID":"aktivmp3recorder-211211","dateAdded":"211112","deceptorType":"App","name":"Aktiv MP3 Recorder","company":"GoForSharing LLC","version":"5.2.0.0","sigName":"Deceptor:Win32/AktivMP3Recorder!053043084118119057055","lastKnownStatus":"5.2.0.0","lastKnownDate":"211112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-12T22:59:16.722857+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1585},{"violations":{"ACR-043":"Third party components that are offered during installation are dropped even after declining it.\n","ACR-048":"The app's startup is enabled by default before even it was not enabled in the software's settings. \n","ACR-084":"On closing the app, it runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent.\n","ACR-119":"Monetization components are left after the consumer uninstalls the application.\n","ACR-057":"Offers don't have clear way for user to accept or decline.\n","ACR-053":"App doesn’t allow the consumer to skip all offers at once.\n\n"},"nonDeceptorViolations":{"ACR-092":"The main executable of the app \" Aktiv Download Manager.exe \" and every other component does not have digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Aktiv Download Manager\\Aktiv Download Manager.exe","companyName":"GoForSharing","productName":"Aktiv Download Manager","productVersion":"5.03","fileVersion":"5.03","hashMD5":"e6644c0a24b7dc5e3112040876846baa","hashSHA1":"41551f863e7e2883131376d41f1d738377c9ceab","hashSHA256":"efac7bc2ba1f20db4b1a3ce242d29faddcd826d8845d417a9b9e5b8b27c4ae23","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1796","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aktiv-download-manager-setup.exe","isInstaller":"True","companyName":"GoForSharing LLC","productName":"Aktiv Download Manager","productVersion":"","fileVersion":"5.3.0.0","hashMD5":"856a686283a8a81cc58e51b0060c6177","hashSHA1":"bb97007012125c724f7656120101507bece8b7f6","hashSHA256":"bf29e081094bbb7655f6716aa9bc904200ba607fcb308834c422783f291795a8","digitalCertThumbprint":"348100D491EE4D329290D1EFDFC3388368ADA01E","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Prospera Software Inc.","storeId":"","sourceIndex":"1796","avBlockList":["360 Total Security (20211130)","Avast Premium Security (20211130)","AVG Internet Security (20211130)","Avira Internet Security (20211130)","Bitdefender Internet Security (20211130)","COMODO Antivirus (20211130)","Dr.Web Security Space (20211130)","ESET Internet Security (20211130)","G DATA INTERNET SECURITY (20211130)","K7 Total Security (20211130)","Kaspersky Internet Security (20211130)","Malwarebytes Premium (20211130)","McAfee Total Protection (20211130)","Norton Security (20211130)","Panda Dome (20211130)","Quick Heal Internet Security (20211130)","Sophos Home Premium (20211130)","SpyHunter5 (20211130)","Tencent PC Manager (20211130)","Total AV Antivirus Pro (20211130)","Trend Micro Internet Security (20211130)","VIPRE Advanced Security (20211130)","VirIT eXplorer PRO (20211130)","Webroot SecureAnywhere (20211130)","Windows Defender (20211130)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Random hunt using GoForSharing products","reference":"","landingPage":"https://www.goforsharing.com/aktiv-download-manager-app/","directDownloadingLink":"http://www.goforsharing.com/downloads/aktiv-download-manager-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.goforsharing.com/downloads/aktiv-download-manager-setup.exe","sourceIndex":"1796"}],"sampleFiles":["211111/aktivdownloadmanager-211011/5.3.0.0/Samples/aktiv-download-manager-setup.exe"],"imageFiles":["211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_1.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-053/ACR-053_Install_No_Skip_Offers_Option_2.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-043/ACR-043_Install_Offers_Dropped_After_Declining.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-084/ACR-084.png","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-048/ACR-048_Software_No_Proper_Control.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-057/ACR-055_BundlerMadeOffers_No_Accept_Decline_Option_2.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-057/ACR-055_BundlerMadeOffers_No_Accept_Decline_Option_1.JPG","211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-057/ACR-055_BundlerMadeOffers_No_Accept_Decline_Option.JPG"],"nonDeceptorImageFiles":["211111/aktivdownloadmanager-211011/5.3.0.0/Images/ACR-092/ACR-092_Software_No_Digital_Signature.JPG"],"guid":"df161377-62bd-4c56-9a21-1b95ffd96fa3_5.3.0.0_1","appID":"aktivdownloadmanager-211011","dateAdded":"211111","deceptorType":"App","name":"Aktiv Download Manager","company":"GoForSharing LLC","version":"5.3.0.0","lastKnownStatus":"Deceptor:Win32/Aktiv Download Manager!053043084048118119057","lastKnownDate":"211111","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-12T04:54:35.658314+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1586},{"violations":{"ACR-042":"The app's components are installed without obtaining the consumer's permission through explicit user action\n","ACR-048":"The app does not provide any control to disable the scheduled tasks.\n","ACR-005":"The app appears to impersonate or mimic chrome browser it's hard to distinguish the browser by the consumer\n","ACR-006":"The monetization approach by search (list of search providers used) and affiliates are not clearly disclosed during installation \n\nThe monetization approach by search (list of search providers used) and affiliates are not clearly disclosed in software. \n","ACR-007":"The app's attribution is not clear. Content and display misleads the consumer to think it is a \"Chrome Browser\"\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-036":"Search relationships with \"Yahoo\" and other search providers details are not disclosed in Docs\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\LiteBrowser.org\\LiteBrowser\\litebrowser.exe","companyName":"LiteBrowser","productName":"LiteBrowser","productVersion":"92.0.4515.166","fileVersion":"92.0.4515.166","hashMD5":"1318551a9d097ee237b8d6e139cfbf9b","hashSHA1":"8abfb000777b40dbacf893764f45cddb984eefe2","hashSHA256":"3c97fc03e1f5c15120d229add8cb93c7034c859a72e48e2f7ccaea27986e9b22","digitalCertThumbprint":"7B6C2EFD3E9202ED3AB589C7A8891CCDE9947825","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"102060877 Saskatchewan Ltd.","storeId":"","sourceIndex":"1798","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LiteBrowserSetup_st.exe","isInstaller":"True","companyName":"LiteBrowser.org","productName":"LiteBrowser","productVersion":"92.0.4517.166","fileVersion":"92.0.4517.166","hashMD5":"96cee05c8c704c2570122442178e8aa4","hashSHA1":"3d970b8a5f3d299c61a322fa538aaba1427c42a9","hashSHA256":"db82e00a333646e3941b192fca6cfce989ba75a4092a712c167971c4b9519b54","digitalCertThumbprint":"7B6C2EFD3E9202ED3AB589C7A8891CCDE9947825","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"102060877 Saskatchewan Ltd.","storeId":"","sourceIndex":"1798","avBlockList":["360 Total Security (20211130)","Avast Premium Security (20211130)","AVG Internet Security (20211130)","Avira Internet Security (20211130)","Bitdefender Internet Security (20211130)","ESET Internet Security (20211130)","G DATA INTERNET SECURITY (20211130)","K7 Total Security (20211130)","McAfee Total Protection (20211130)","Norton Security (20211130)","Panda Dome (20211130)","Quick Heal Internet Security (20211130)","Sophos Home Premium (20211130)","SpyHunter5 (20211130)","Tencent PC Manager (20211130)","Total AV Antivirus Pro (20211130)","Trend Micro Internet Security (20211130)","VIPRE Advanced Security (20211130)","VirIT eXplorer PRO (20211130)","Webroot SecureAnywhere (20211130)","Windows Defender (20211130)"],"avAllowList":["COMODO Antivirus (20211130)","Dr.Web Security Space (20211130)","Kaspersky Internet Security (20211130)","Malwarebytes Premium (20211130)"]}],"additionalFiles":[],"sources":[{"howFound":"Suggested from AE","reference":"","landingPage":"https://litebrowser.org/","directDownloadingLink":"https://litebrowser.org/lp1/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://litebrowser.org/lp1/","sourceIndex":"1798"}],"sampleFiles":["211101/litebrowser-211029/92.0.4515.166/Samples/LiteBrowserSetup_st.exe"],"imageFiles":["211101/litebrowser-211029/92.0.4515.166/Images/ACR-042/ACR-042.JPG","211101/litebrowser-211029/92.0.4515.166/Images/ACR-006/ACR-006.JPG","211101/litebrowser-211029/92.0.4515.166/Images/ACR-084/ACR-084_Software_Undisclosed_Schdeule_Tasks.JPG","211101/litebrowser-211029/92.0.4515.166/Images/ACR-048/ACR-048_Software_No_Control.JPG","211101/litebrowser-211029/92.0.4515.166/Images/ACR-048/ACR-048_Software_No_Control_1.JPG","211101/litebrowser-211029/92.0.4515.166/Images/ACR-005/ACR-005_Software_MImics_Chrome.JPG","211101/litebrowser-211029/92.0.4515.166/Images/ACR-006/ACR-006_Software_Monetization_Not_Disclosed.JPG","211101/litebrowser-211029/92.0.4515.166/Images/ACR-007/ACR-007_Software_No_Attribution.JPG"],"nonDeceptorImageFiles":["211101/litebrowser-211029/92.0.4515.166/Images/ACR-036/ACR-036.JPG"],"guid":"975454be-9243-4d13-b65b-f8d4347246bd_92.0.4515.166_1","appID":"litebrowser-211029","dateAdded":"211101","deceptorType":"App","name":"Lite Browser","company":"Lite Browser","version":"92.0.4515.166","sigName":"Deceptor:Win32/LiteBrowser!042006084048005007","lastKnownStatus":"92.0.4515.166","lastKnownDate":"211101","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","lastUpdate":"2021-11-01T23:34:35.2092374+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1587},{"violations":{"ACR-016":"advertised application is downloaded directly when clicking the links in the content-advertisement without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{"ACR-016":"advertised application is downloaded directly when clicking the links in the content-advertisement without presenting the consumer a full offer.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"security partner report","landingPage":"https://www.2-spyware.com/adware-removal","directDownloadingLink":"","ipv4":"","ipv6":"","landingPageWildChar":"https://www.2-spyware.com/*","sourceIndex":"1806"}],"sampleFiles":[],"imageFiles":["211028/2-spyware-com-180829/211028/Images/ACR-016/2SpywareCom.JPG"],"nonDeceptorImageFiles":["211028/2-spyware-com-180829/211028/Images/ACR-016/2SpywareCom.JPG"],"guid":"a312fa2f-e7e5-40c3-a004-d1cc71a798dd_211028_1","appID":"2-spyware-com-180829","dateAdded":"211028","deceptorType":"Affiliate","name":"www.2-spyware.com","company":"2-spyware.com","version":"211028","firstResolvedVersion":"","lastKnownStatus":"Deceptor:180904,180907,200427,211028","lastKnownDate":"211028","type":"Affiliate","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2021-10-28T23:58:45.2228737+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1588},{"violations":{"ACR-014":"The affiliate claims that a recommended app will uninstall the adware, but provides no substantiation for this claim: no link to the app's encyclopedia, no verification of the removal.\n","ACR-016":"Clicking the links in the content-advertisement and in the boxed \"ads\" downloads without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google searched how to remove winzip driver updater","landingPage":"https://www.2-spyware.com/review-reimage.html","directDownloadingLink":"","ipv4":"","ipv6":"","landingPageWildChar":"https://www.2-spyware.com/*","sourceIndex":"2485"}],"sampleFiles":[],"imageFiles":["200427/2-spyware-com-180829/180907/Images/ACR-014/ACR-014 unsubstandiated claim.png","200427/2-spyware-com-180829/180907/Images/ACR-014/Screen Shot 2020-04-27 at 1.08.42 AM.png","200427/2-spyware-com-180829/180907/Images/ACR-016/ACR-016 download direct from ads and content.gif","200427/2-spyware-com-180829/180907/Images/ACR-016/Screen Shot 2020-04-27 at 1.08.42 AM.png","200427/2-spyware-com-180829/180907/Images/ACR-016/Screen Shot 2020-04-27 at 1.31.38 AM.png"],"nonDeceptorImageFiles":[],"guid":"a312fa2f-e7e5-40c3-a004-d1cc71a798dd_180907_1","appID":"2-spyware-com-180829","dateAdded":"211028","deceptorType":"Affiliate","name":"www.2-spyware.com","company":"2-spyware.com","version":"180907","sigName":"Deceptor:Affiliate/2Spyware!014016","firstResolvedVersion":"","lastKnownStatus":"Deceptor:180904,180907,200427,211028","lastKnownDate":"211028","type":"Affiliate","category":"SysTools & Utilities","targetOS":"","targetBrowser":"","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2021-10-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1589},{"violations":{"ACR-043":"The offered \"Glary utilities\" bundler app gets dropped even after declining it. \n","ACR-010":"The \"Upgrade to pro\" option in the app takes user to the Offers page of \"Glary Utilities\" app which contains deceptive behaviour (ACR-014).\nThe offered app \"Glary Utilities\" contains deceptive behavior which fails in ACR-014. \n","ACR-059":"An offered app is not clearly marked as an offer and it is not recognizable as an offer.\n","ACR-155":"The offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer.  \n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide EULA/Terms of Service, Returns & Cancellation Policy, Privacy Policy for the offered app.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Glarysoft\\Glary Disk Explorer\\DiskAnalysis.exe","companyName":"Glarysoft Ltd","productName":"Glary Utilities","productVersion":"5.27.0.1","fileVersion":"5.27.1.67","hashMD5":"309e030b5a705c7b526e45b92b6bfe1f","hashSHA1":"56716710fef8c2befcaa1eaeb634eb161bd5ddc6","hashSHA256":"2c058ebe6dc2dfd978ffd947a4525ca51cffe3e8f1386dd96150156d26cf98ec","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1805","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"desetup.exe","isInstaller":"True","companyName":"Glarysoft Ltd","productName":"Disk Explorer","productVersion":"5.27.1.67","fileVersion":"5.27.1.67","hashMD5":"5d2d9507b0355248c134f296aaaddd1b","hashSHA1":"08c2ce14e25a95db35162506f091d8d2ed6aed9c","hashSHA256":"c03698710ab7555b43f90dc30cd6c08ca5aca573f357680a4e0dbfe3d9ebe346","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1805","avBlockList":["Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","ESET Internet Security (20211028)","K7 Total Security (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)","Sophos Home Premium (20211028)"],"avAllowList":["360 Total Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","G DATA INTERNET SECURITY (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","SpyHunter5 (20211028)","Trend Micro Internet Security (20211028)"]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.glarysoft.com/disk-explorer/","directDownloadingLink":"https://download.glarysoft.com/desetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/desetup.exe","sourceIndex":"1805"}],"sampleFiles":["211021/diskexplorer-211020/5.27.1.67/Samples/desetup.exe"],"imageFiles":["211021/diskexplorer-211020/5.27.1.67/Images/ACR-043/ACR-043_Install_Declined_Offer.JPG","211021/diskexplorer-211020/5.27.1.67/Images/ACR-010/ACR-010_Software.mp4","211021/diskexplorer-211020/5.27.1.67/Images/ACR-010/ACR-010_Software_1.JPG","211021/diskexplorer-211020/5.27.1.67/Images/ACR-059/ACR-059_In-bundleOffers_No_AcceptDecline_Option.JPG","211021/diskexplorer-211020/5.27.1.67/Images/ACR-155/ACR-155_In-bundleOffers_Masqueraded_Offer.JPG","211021/diskexplorer-211020/5.27.1.67/Images/ACR-010/ACR-010_In-bundleOffers_Offer_DeceptiveApp.JPG","211021/diskexplorer-211020/5.27.1.67/Images/ACR-010/ACR-010_In-bundleOffers_Offer_DeceptiveApp_1.JPG"],"nonDeceptorImageFiles":["211021/diskexplorer-211020/5.27.1.67/Images/ACR-065/ACR-065_In-bundleOffers_No_Docs.JPG"],"guid":"4bc78e5b-6640-4a30-955b-eaaca941a045_5.27.1.67_1","appID":"diskexplorer-211020","dateAdded":"211021","deceptorType":"App","name":"Disk Explorer","company":"Glarysoft Ltd","version":"5.27.1.67","sigName":"Deceptor:Win32/DiskExplorer!043010059155","firstVendorContactDate":"211022","firstAppEsteemReplyDate":"211022","firstResolvedDate":"211029","firstResolvedVersion":"5.27.1.68","resolved":"TRUE","lastKnownStatus":"5.27.1.67","lastKnownDate":"211029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-10-29T20:13:17.1308075+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1590},{"violations":{"ACR-043":"The offered \"Glary utilities\" bundler app gets dropped even after declining it.\n","ACR-010":"The \"Upgrade to pro\" option in the app takes user to the Offers page of \"Glary Utilities\" app which contains deceptive behaviour (ACR-014).\nThe offered app \"Glary Utilities\" contains deceptive behavior which fails in ACR-014.\n","ACR-059":"An offered app is not clearly marked as an offer and it is not recognizable as an offer.\n","ACR-155":"The offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide EULA/Terms of Service, Returns & Cancellation Policy, Privacy Policy for the offered app. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Glarysoft\\Absolute Uninstaller 5\\unInstaller.exe","companyName":"Glarysoft Ltd","productName":"Glary Utilities","productVersion":"5.3.0.1","fileVersion":"5.3.1.33","hashMD5":"49c828941869d446b576c678c310898a","hashSHA1":"e8484474f3b97454615cdd17f5d46d574ee1846f","hashSHA256":"4c5f93d7a211e04c4ef1370c51dad1b0a6e9625c063df47ccead07ec891f3890","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ausetup.exe","isInstaller":"True","companyName":"Glarysoft Ltd","productName":"Absolute Uninstaller","productVersion":"5.3.1.33","fileVersion":"5.3.1.33","hashMD5":"fe3cc7e22ad1d989a96812ccd76bb73e","hashSHA1":"1610ac29cbf616a55206fc72dc316c5f13a16ed7","hashSHA256":"ad26429f21f70ac4edba908bd0bca0f5b63e6d092c40501da695a78edf80ee23","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1804","avBlockList":["Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":["360 Total Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","SpyHunter5 (20211028)","Trend Micro Internet Security (20211028)"]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.glarysoft.com/absolute-uninstaller/","directDownloadingLink":"https://download.glarysoft.com/ausetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/ausetup.exe","sourceIndex":"1804"}],"sampleFiles":["211021/absoluteuninstaller-211012/5.3.1.33/Samples/ausetup.exe"],"imageFiles":["211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-043/ACR-043_Install_Declined_Offer.JPG","211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-010/ACR-010_Software.mp4","211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-010/ACR-010_Software_1.JPG","211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-059/ACR-059_In-bundleOffers_No_Accept_Decline_Option.JPG","211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-059/ACR-059_In-bundleOffers_No_Accept_Decline_Option_1.JPG","211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-155/ACR-155_In-bundleOffers_Masqueraded_Offer.JPG","211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-155/ACR-155_In-bundleOffers_Masqueraded_Offer_1.JPG","211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-010/ACR-010_In-bundleOffers_Offer_DeceptiveApp.JPG","211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-010/ACR-010_In-bundleOffers_Offer_DeceptiveApp_1.JPG"],"nonDeceptorImageFiles":["211021/absoluteuninstaller-211012/5.3.1.33/Images/ACR-065/ACR-065_In-bundleOffers_No_Docs.JPG"],"guid":"e9314b28-60ac-49e9-b5d0-abc4efd88c97_5.3.1.33_1","appID":"absoluteuninstaller-211012","dateAdded":"211021","deceptorType":"App","name":"Absolute Uninstaller","company":"Glarysoft Ltd","version":"5.3.1.33","firstVendorContactDate":"211022","firstAppEsteemReplyDate":"211022","firstResolvedDate":"211029","firstResolvedVersion":"5.3.1.34","resolved":"TRUE","lastKnownStatus":"5.3.1.33","lastKnownDate":"211029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-10-29T20:17:39.6476655+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1591},{"violations":{"ACR-003":"1. The app mentions System health as Critical or Bad, thus making the consumer to believe they have an issue, a problem with, or something missing from their system\n2. The app lists \" 0 out of 18827 \" items are protected under \"Spyware Defender\", which is unsubstantiated & misleading.\n3.The app uses exaggerated words like \"Problem\" to scare the user into taking action.\n","ACR-004":"1. The app lists \" 0 out of 18827 \" items are protected under \"Spyware Defender\", which is unsubstantiated & misleading and requires a premium version to apply for protection.\n2. The app shows alarming color patterns, implies the issues that mislead the user to take action, and does not provide a free fix for the identified issues for \"Registry Repair\".  \n","ACR-165":"The app does not mention clearly that the Auto-renewal policy and cancellation policy & does not disclose whether there might be a change in price after the subscription period.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Pegasun\\SystemUtilities\\SystemUtilities.exe","companyName":"Pegasun","productName":"Pegasun System Utilities","productVersion":"6.90.0.0","fileVersion":"6.90.0.0","hashMD5":"0efefd652afbbab7dce2cc1b4642570b","hashSHA1":"cf86f6d41f3467d9ee355c71ef42038bc4bb74e8","hashSHA256":"bf1f23ce310c17033dfac74f2181bfccf28feaec7bec82ccc7ccc3fdf1ee7e47","digitalCertThumbprint":"73058407569421F31FE5477FD1C1FFB39B3188FD","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Pegasun LLC","storeId":"","sourceIndex":"1797","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemUtilities_Installer.exe","isInstaller":"True","companyName":"Pegasun                                                     ","productName":"Pegasun System Utilities                                    ","productVersion":"6.9","fileVersion":"Speed up slow comput","hashMD5":"bccc08c2ff396f00dd7ff1d5b62cfa78","hashSHA1":"f3f4fb93273ef69c8d2ca9101f892f00641d4ed6","hashSHA256":"4a6eeda6c3433f127a5e0d2b46bf5fee198a857d44241cf64ff29e6604dc9804","digitalCertThumbprint":"73058407569421F31FE5477FD1C1FFB39B3188FD","digitalCertIssuer":"Sectigo Public Code Signing CA R36","digitalCertIssuedTo":"Pegasun LLC","storeId":"","sourceIndex":"1797","avBlockList":["Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":["360 Total Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","Quick Heal Internet Security (20211102)","Trend Micro Internet Security (20211102)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunted using the suggestion from AppEsteem","reference":"","landingPage":"https://pegasun.com/","directDownloadingLink":"https://pegasun.com/files/SystemUtilities/SystemUtilities.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://pegasun.com/files/SystemUtilities/SystemUtilities.exe","sourceIndex":"1797"}],"sampleFiles":["211019/systemutilities-211019/6.90.0.0/Samples/SystemUtilities_Installer.exe"],"imageFiles":["211019/systemutilities-211019/6.90.0.0/Images/ACR-004/ACR-004_Software_Count_Misleads.JPG","211019/systemutilities-211019/6.90.0.0/Images/ACR-004/ACR-004_Software_No_Free_Fix.JPG","211019/systemutilities-211019/6.90.0.0/Images/ACR-004/ACR-004_Software_No_Free_Fix_1.JPG","211019/systemutilities-211019/6.90.0.0/Images/ACR-003/ACR-003_Software_Misleading.JPG","211019/systemutilities-211019/6.90.0.0/Images/ACR-003/ACR-003_Software_Misleading_1.JPG","211019/systemutilities-211019/6.90.0.0/Images/ACR-003/ACR-003_Software_Misleading_2.JPG","211019/systemutilities-211019/6.90.0.0/Images/ACR-003/ACR-003_Software_Problem_Word_Misleads.JPG","211019/systemutilities-211019/6.90.0.0/Images/ACR-003/ACR-003_Software_Problem_Word_Misleads_1.JPG","211019/systemutilities-211019/6.90.0.0/Images/ACR-165/ACR-165_InternalOffers_Recurring_Info_Not-Provided.JPG"],"nonDeceptorImageFiles":[],"guid":"c9cfee1c-4445-4047-853a-cba89c53a5f4_6.90.0.0_1","appID":"systemutilities-211019","dateAdded":"211019","deceptorType":"App","name":"System utilities","company":"Pegasun","version":"6.90.0.0","sigName":"Deceptor:Win32/Systemutilities!003004165","firstVendorContactDate":"211029","firstAppEsteemReplyDate":"211102","firstResolvedDate":"211102","firstResolvedVersion":"7.1","resolved":"TRUE","lastKnownStatus":"6.90.0.0","lastKnownDate":"211103","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-11-03T17:03:00.2415895+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1592},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation. \n","ACR-010":"The \"Activate Now\" option in the app takes user to the Offers page of \"Glary Utilities\" app which contains deceptive behaviour (ACR-014).\n"},"nonDeceptorViolations":{"ACR-065":"The app didn't disclose Privacy Policy during installation.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Google search registry related apps","reference":"","landingPage":"https://www.glarysoft.com/registry-repair/","directDownloadingLink":"https://download.glarysoft.com/rrsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/rrsetup.exe","sourceIndex":"1800"}],"sampleFiles":[],"imageFiles":["211018/registryrepair-210924/5.0.1.122/Images/ACR-048/ACR-048_Install_Unable_To_Cancel_Installation.JPG","211018/registryrepair-210924/5.0.1.122/Images/ACR-010/ACR-010_Software_Offers_Deceptive_App.mp4","211018/registryrepair-210924/5.0.1.122/Images/ACR-010/ACR-010_Software_Offers_Deceptive_App.JPG"],"nonDeceptorImageFiles":["211018/registryrepair-210924/5.0.1.122/Images/ACR-065/ACR-065_Install_No_Privacy_Policy.JPG"],"guid":"3bbeb20c-f961-4e17-bf8a-50d24997866f_5.0.1.122_1","appID":"registryrepair-210924","dateAdded":"211018","deceptorType":"App","name":"Registry Repair","company":"Glarysoft Ltd","version":"5.0.1.122","firstVendorContactDate":"211013","firstAppEsteemReplyDate":"211014","firstResolvedDate":"211029","firstResolvedVersion":"5.0.1.123","resolved":"TRUE","lastKnownStatus":"5.0.1.122","lastKnownDate":"211029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-10-29T20:31:24.1999161+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1593},{"violations":{"ACR-048":"The app hides itself from the control panel uninstall screen, which limits the consumer's ability to uninstall the app.\n","ACR-007":"The app reduces security by capturing passwords, but does not provide explicit notification to the targeted consumer and it hides itself using a hotkey and password.\n","ACR-084":"The app hides from the targeted consumer by requiring them to use a hotkey and a password to access it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data, and it hides from the targeted consumer.\n","ACR-116":"The app hides from the control panel uninstall screen.\n","ACR-014":"The app uses a misleading name which is misleading to the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"emsvc.exe","fileVersion":"0.0","hashMD5":"32d17c24af0e21ab796fd29efe0d6e9e","hashSHA1":"0e5697d6e9cccbb96725828b9199078c02c38450","hashSHA256":"5529a7545bc4bfa8633f061843a2cde8826050d5a7f84924ec7935df944bca3b","sourceIndex":"1808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fkl_install.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"58b1053fbcb17b31d6ebcd9257a4d2df","hashSHA1":"2ebaee2fa5f71dc6814922a914ff44a3732e3eb7","hashSHA256":"93e1f101f0956005d6b5b83465c6fb9e03354eea655a671722969b95f7783fa2","sourceIndex":"1808","avBlockList":["360 Total Security (20210923)","Avast Internet Security (20191202)","AVG Internet Security (20210923)","Avira Internet Security (20210923)","Bitdefender Internet Security (20210923)","Dr.Web Security Space (20210923)","ESET Internet Security (20210923)","G DATA INTERNET SECURITY (20210923)","K7 Total Security (20210923)","Kaspersky Internet Security (20210923)","Malwarebytes Premium (20210923)","McAfee Total Protection (20210923)","Norton Security (20210923)","Panda Dome (20210923)","Quick Heal Internet Security (20210923)","Sophos Home Premium (20210923)","Tencent PC Manager (20210923)","Trend Micro Internet Security (20210923)","VIPRE Advanced Security (20210923)","VirIT eXplorer PRO (20210923)","Webroot SecureAnywhere (20210923)","Windows Defender (20210923)","Avast Premium Security (20210923)","SpyHunter5 (20210923)","Total AV Antivirus Pro (20210923)"],"avAllowList":["COMODO Antivirus (20210923)"]},{"isRevoked":"False","fileName":"logview.exe","fileVersion":"0.0","hashMD5":"f50aae27111ed7359caded9a3acfbed7","hashSHA1":"9e49d1c961e3de3b9fce0f27183905e211760a7e","hashSHA256":"8a8389b71a017a5d7bc2379f2e1587ed58028494f403683ad96a4ec0c76da239","sourceIndex":"1808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"emsvc[2].exe","fileVersion":"0.0","hashMD5":"c6e5a95000504c2ab0a129d44239d97c","hashSHA1":"b3e2e281f52b97cf2e01eb6848df43693401e5bc","hashSHA256":"ddc70326baf70c579adde7e3da1b549a9335ceebb938feae27cfb87837805479","sourceIndex":"1808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fk_install[2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3d9359c9b2b6416612dc52f063aaf194","hashSHA1":"ff5af56c6ecc77eac3cebfd4ae3109b6a8ec389f","hashSHA256":"26389154767f115fd69e6f11bb6d7800f2f6aef2a7aad0158b3fec60905ece09","sourceIndex":"1808","avBlockList":["360 Total Security (20210923)","Avast Premium Security (20210923)","AVG Internet Security (20210923)","Avira Internet Security (20210923)","Bitdefender Internet Security (20210923)","ESET Internet Security (20210923)","G DATA INTERNET SECURITY (20210923)","K7 Total Security (20210923)","Malwarebytes Premium (20210923)","McAfee Total Protection (20210923)","Norton Security (20210923)","Panda Dome (20210923)","Quick Heal Internet Security (20210923)","Sophos Home Premium (20210923)","SpyHunter5 (20210923)","Tencent PC Manager (20210923)","Total AV Antivirus Pro (20210923)","Trend Micro Internet Security (20210923)","VIPRE Advanced Security (20210923)","VirIT eXplorer PRO (20210923)","Webroot SecureAnywhere (20210923)","Windows Defender (20210923)"],"avAllowList":["COMODO Antivirus (20210923)","Dr.Web Security Space (20210923)","Kaspersky Internet Security (20210923)"]},{"isRevoked":"False","fileName":"logview[2].exe","fileVersion":"0.0","hashMD5":"4b21022c619c904132ba35f369453656","hashSHA1":"f1337b58f8b3dcc46c9999a011ddf4e2cdcaaf03","hashSHA256":"9e382b7436f38f1b43dd6657c96176439b6b831eb1de96c1331b925cceeb7610","sourceIndex":"1808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"emsvc [3].exe","fileVersion":"0.0","hashMD5":"ba18006d7dec5643bac47dd788b31fed","hashSHA1":"125ec8c2fb9a257c466ad42f3a61e9727905680a","hashSHA256":"f49723b59e6e9c71085ad0f72df7cbcaefdc76e9f1bb926a3f348a8885934434","sourceIndex":"1808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"logview [3].exe","fileVersion":"0.0","hashMD5":"c78cb862f25c5e3cea329ca33f899e8b","hashSHA1":"54307e6c609667f18842c8e1b1fe25be36ea6282","hashSHA256":"9891a27f8b2f1da3689cc1f81ef61ba0354b80c7b6e7b81b0233fac90915cd32","sourceIndex":"1808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fk_install [3].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9a0cda0da9fa1283cfa54674d408a120","hashSHA1":"36e7ea4ddd08c3b018233a426b03311aa8c3cd95","hashSHA256":"8f37261a7227139a4af8501c383d2ba47758a0017367bbdba49afb0aa25964d3","sourceIndex":"1808","avBlockList":["360 Total Security (20210923)","Avast Premium Security (20210923)","AVG Internet Security (20210923)","Avira Internet Security (20210923)","Bitdefender Internet Security (20210923)","COMODO Antivirus (20210923)","ESET Internet Security (20210923)","G DATA INTERNET SECURITY (20210923)","K7 Total Security (20210923)","Malwarebytes Premium (20210923)","McAfee Total Protection (20210923)","Norton Security (20210923)","Panda Dome (20210923)","Quick Heal Internet Security (20210923)","Sophos Home Premium (20210923)","SpyHunter5 (20210923)","Tencent PC Manager (20210923)","Total AV Antivirus Pro (20210923)","Trend Micro Internet Security (20210923)","VIPRE Advanced Security (20210923)","VirIT eXplorer PRO (20210923)","Webroot SecureAnywhere (20210923)","Windows Defender (20210923)"],"avAllowList":["Dr.Web Security Space (20210923)","Kaspersky Internet Security (20210923)"]},{"isRevoked":"False","fileName":"emsvc [4].exe","fileVersion":"0.0","hashMD5":"e30674c4e837c1f831fb4fe17d87adf5","hashSHA1":"1fbd260e6174a18f6bf443e406b8aa6d800e8341","hashSHA256":"b22f933576294d60c57497438d96444919e6e50580a4919fe8ad3dd71bf0a64f","sourceIndex":"1808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fk_install [4].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"572a6fbc49ae9a73875bed8ddf281f8b","hashSHA1":"96a22f4128d30532904c8bf5f3289b42e8cf6705","hashSHA256":"117db780867f1e20c65435b5c183bcb37fa39749477ae1072b65ac642da77a3d","sourceIndex":"1808","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","COMODO Antivirus (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","Trend Micro Internet Security (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":["Dr.Web Security Space (20211028)","Kaspersky Internet Security (20211028)"]},{"isRevoked":"False","fileName":"logview [4].exe","fileVersion":"0.0","hashMD5":"3aeaf5b99fd71daa75086f8401de055e","hashSHA1":"c80fcaa70571aaa68b53fb9732b75f8dba8ab36f","hashSHA256":"cb93fed5f76dea92f14b1f8dd6dd1f5d9121e9585f396895e0a48aac164e3f75","sourceIndex":"1808","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.geckoandfly.com/17868/best-free-keylogger-for-windows-mac-android-ios-to-monitor-your-kids-facebook/","reference":"Hunt.Search","landingPage":"https://www.iwantsoft.com/","directDownloadingLink":"https://mega.nz/#!lWxTDapL!X2INt09lgHmztH6_wH2cBHlzkIJvaoPeBrkturiX_FM","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/#!lWxTDapL!X2INt09lgHmztH6_wH2cBHlzkIJvaoPeBrkturiX_FM","sourceIndex":"1808"}],"sampleFiles":["211011/IwantsoftKeylogger-191030/5.3/Samples/emsvc.exe","211011/IwantsoftKeylogger-191030/5.3/Samples/fkl_install.exe","211011/IwantsoftKeylogger-191030/5.3/Samples/logview.exe","211011/IwantsoftKeylogger-191030/5.3/Samples/emsvc[2].exe","211011/IwantsoftKeylogger-191030/5.3/Samples/fk_install[2].exe","211011/IwantsoftKeylogger-191030/5.3/Samples/logview[2].exe","211011/IwantsoftKeylogger-191030/5.3/Samples/emsvc [3].exe","211011/IwantsoftKeylogger-191030/5.3/Samples/logview [3].exe","211011/IwantsoftKeylogger-191030/5.3/Samples/fk_install [3].exe","211011/IwantsoftKeylogger-191030/5.3/Samples/emsvc [4].exe","211011/IwantsoftKeylogger-191030/5.3/Samples/fk_install [4].exe","211011/IwantsoftKeylogger-191030/5.3/Samples/logview [4].exe"],"imageFiles":["211011/IwantsoftKeylogger-191030/5.3/Images/ACR-048/IwantSoft Uninstall.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-007/IwantSoft Monitoring Screen.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-007/IwantSoft Password 2.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-007/IwantSoft Password.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-014/IwantSoft Different Name.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-084/IwantSoft Password.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-084/IwantSoft Password 2.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-086/IwantSoft Password.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-086/IwantSoft Password 2.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-116/IwantSoft Uninstall.png"],"nonDeceptorImageFiles":["211011/IwantsoftKeylogger-191030/5.3/Images/ACR-065/IwantSoft Install.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-065/IwantSoft About.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-065/IwantSoft Bottom Landing Page.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-099/IwantSoft Bottom Landing Page.png","211011/IwantsoftKeylogger-191030/5.3/Images/ACR-099/IwantSoft Bottom of Internal Offers.png"],"guid":"4c97628f-f901-4080-95ad-445943217046_5.3_1","appID":"IwantsoftKeylogger-191030","dateAdded":"211011","deceptorType":"App","name":"Iwantsoft Free Keylogger","company":"Iwantsoft","version":"5.3","sigName":"Deceptor:Win32/IwantsoftStalkerware!007014048084086116","lastKnownStatus":"Deceptor:5.3","lastKnownDate":"211011","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-10-11T17:46:48.7748865+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1594},{"violations":{"ACR-043":"App installs the offered \"Glary Utilities\" app even if the consumer unchecks its offer box.\n","ACR-010":"The offered app \"Glarys Utilities\" contains deceptive behavior which fails in ACR-004, 007, 014 and 048.  \n","ACR-059":" An offered app is not clearly marked as an offer and it is not recognizable as an offer.\n","ACR-155":"The offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide EULA/Terms of Service, Returns & Cancellation Policy, Privacy Policy for the offered app.\n","ACR-088":"The application starts a scan post installation without user interaction.\n","ACR-099":"The app does not provide uninstall information in the software.\nThe app does not provide uninstall information in the landingpage.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Glarysoft\\Glary Disk Cleaner\\DiskCleaner.exe","companyName":"Glarysoft Ltd","productName":"Glary Utilities","productVersion":"5.0.0.1","fileVersion":"5.0.1.249","hashMD5":"29425a84730c8b7062630a90b707c2c1","hashSHA1":"d5e949710b1e06a3f12e4981c070aa8497e9c324","hashSHA256":"49590201c30e0015898bc1f0cd94b2c7da9adb0975f706109c86dc7fb6ca5118","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1801","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\dcsetup.exe","isInstaller":"True","companyName":"Glarysoft Ltd","productName":"Disk Cleaner","productVersion":"5.0.1.249","fileVersion":"5.0.1.249","hashMD5":"42790dd676decb0a669583e0e4eeb147","hashSHA1":"f4259fa063736eaf7be6ac109dff8343ce63a333","hashSHA256":"fbce647612eb5844b3c2ad0b2e4c7f7d2f3d346635de19aec44564ece8f2e7f0","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1801","avBlockList":["ESET Internet Security (20211026)","Quick Heal Internet Security (20211026)","SpyHunter5 (20211026)","VirIT eXplorer PRO (20211026)","Webroot SecureAnywhere (20211026)","Windows Defender (20211026)","Avast Premium Security (20211026)","AVG Internet Security (20211026)","Avira Internet Security (20211026)","K7 Total Security (20211026)","McAfee Total Protection (20211026)","Norton Security (20211026)","Sophos Home Premium (20211026)","Total AV Antivirus Pro (20211026)"],"avAllowList":["360 Total Security (20211026)","Bitdefender Internet Security (20211026)","COMODO Antivirus (20211026)","Dr.Web Security Space (20211026)","G DATA INTERNET SECURITY (20211026)","Kaspersky Internet Security (20211026)","Malwarebytes Premium (20211026)","Panda Dome (20211026)","Tencent PC Manager (20211026)","Trend Micro Internet Security (20211026)","VIPRE Advanced Security (20211026)"]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.glarysoft.com/disk-cleaner/","directDownloadingLink":"https://download.glarysoft.com/dcsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/dcsetup.exe","sourceIndex":"1801"}],"sampleFiles":["211008/diskcleaner-211008/5.0.1.249/Samples/dcsetup.exe"],"imageFiles":["211008/diskcleaner-211008/5.0.1.249/Images/ACR-043/ACR-043_Install_Declined_Offer.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-043/ACR-010_In-bunbleOffers_Offer_DeceptiveApp.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-059/ACR-059_In-bundleOffers_No_AcceptDecline_Option.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-155/ACR-155_In-bundleOffers_Masqueraded_Offer.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-010/ACR-010_In-bunbleOffers_Offer_DeceptiveApp.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-010/ACR-010_In-bunbleOffers_Offer_DeceptiveApp_1.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-010/ACR-010_In-bunbleOffers_Offer_DeceptiveApp_2.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-010/ACR-010_In-bunbleOffers_Offer_DeceptiveApp_3.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-010/ACR-010_In-bunbleOffers_Offer_DeceptiveApp_4.JPG"],"nonDeceptorImageFiles":["211008/diskcleaner-211008/5.0.1.249/Images/ACR-088/ACR-088_Software.mp4","211008/diskcleaner-211008/5.0.1.249/Images/ACR-099/ACR-099_Software_No_UninstallInfo.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.JPG","211008/diskcleaner-211008/5.0.1.249/Images/ACR-065/ACR-065_In-bundleOffers_No_Docs.JPG"],"guid":"e96423e3-78d3-4a83-b7fc-2a07d675a51b_5.0.1.249_1","appID":"diskcleaner-211008","dateAdded":"211008","deceptorType":"App","name":"Disk Cleaner","company":"Glarysoft Ltd","version":"5.0.1.249","sigName":"Deceptor:Win32/DiskCleaner:010043059155","firstVendorContactDate":"211013","firstAppEsteemReplyDate":"211014","firstResolvedDate":"211029","firstResolvedVersion":"5.0.1.251","resolved":"TRUE","lastKnownStatus":"Deceptor:5.0.1.249","lastKnownDate":"211029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-10-29T20:28:54.9816957+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1596},{"violations":{"ACR-048":"The app does not provide any control to cancel the installation.\nThe app does not provide any control to disable the start-up it created.\n","ACR-050":"The app appears to circumvent the platform security (UAC) with a scheduled task.\n","ACR-003":"App uses exaggerated words like \"problems\" and \"obsolete\" to scare the user into taking action.\n","ACR-007":"The app allows reducing Windows default security without providing explicit notification or consent.\n","ACR-084":"1. The app runs silently in the background, hiding the fact that it is active from the consumer.\n2. The app does not list its own startup & scheduled tasks inside the software.\n","ACR-014":"App misleads the consumer into thinking it will remove malware, but malware remover does not detect any common malware.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide Privacy Policy in the installation prompt.\n","ACR-161":"Quotes and testimonials are not verifiable.\n","ACR-099":"The app does not provide the uninstall information explicitly in the software.\n","ACR-017":"Unable to verify logos presented on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Glary Utilities 5\\Integrator.exe","companyName":"Glarysoft Ltd","productName":"Glary Utilities","productVersion":"5. 0. 0. 0","fileVersion":"5. 174. 0. 202","hashMD5":"78eec1c57b06ba32e1d58a8f983f16a4","hashSHA1":"2e7eb56e8e4485a296d296b13d4af27eeb2a5a31","hashSHA256":"21d5ed824504080c9fd7c59cabc25634f1f2b91c5099d762986a5e92e3e2d51a","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1802","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\User\\Desktop\\gu5setup.exe","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"8b8c24a975dc9e0ee4ab6e8c4f34ae69","hashSHA1":"42d28693c4d15887f7de1d023fd9ae5619befcc9","hashSHA256":"0cb9dd25fc07988028d68594f8323277d95cb084010b7222fa405833ad6a07eb","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1802","avBlockList":["ESET Internet Security (20211026)","Sophos Home Premium (20211026)","Tencent PC Manager (20211026)","VirIT eXplorer PRO (20211026)","Webroot SecureAnywhere (20211026)","Windows Defender (20211026)","Avast Premium Security (20211026)","AVG Internet Security (20211026)","Avira Internet Security (20211026)","K7 Total Security (20211026)","McAfee Total Protection (20211026)","Norton Security (20211026)","Total AV Antivirus Pro (20211026)"],"avAllowList":["360 Total Security (20211026)","Bitdefender Internet Security (20211026)","COMODO Antivirus (20211026)","Dr.Web Security Space (20211026)","G DATA INTERNET SECURITY (20211026)","Kaspersky Internet Security (20211026)","Malwarebytes Premium (20211026)","Panda Dome (20211026)","Quick Heal Internet Security (20211026)","SpyHunter5 (20211026)","Trend Micro Internet Security (20211026)","VIPRE Advanced Security (20211026)"]}],"additionalFiles":[],"sources":[{"howFound":"Seperate review for glarysoft utilities, said by Ap Esteem","reference":"","landingPage":"https://www.glarysoft.com/","directDownloadingLink":"https://www.glarysoft.com/aff/download.php?s=GU","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.glarysoft.com/aff/download.php?s=GU","sourceIndex":"1802"}],"sampleFiles":["211008/glaryutilities-211008/5.174.0.202/Samples/gu5setup.exe"],"imageFiles":["211008/glaryutilities-211008/5.174.0.202/Images/ACR-048/ACR-048_Install_Unable_To_Cancel_Installation.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-048/ACR-048_Software_No_Control_To_Disable_Startup.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-084/ACR-084_Software_Background_Process_Exists.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-084/ACR-084_Software_Quick_Search_Background_Process_Exists.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-084/ACR-084_Software_Startup_Item_Not_Listed.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-084/ACR-084_Software_Task_Not_Listed.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-050/ACR-050_Software_Skips_UAC.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-007/ACR_007_Software_No_Warning.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-003/ACR-014_Software_Problems2.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-003/ACR-014_Software_Misleading_Words_1.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-003/ACR-014_Software_Misleading_Words.JPG"],"nonDeceptorImageFiles":["211008/glaryutilities-211008/5.174.0.202/Images/ACR-065/ACR-065_Install_No_Privacy_Policy.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-099/ACR-099_Software_No_Uninstall_Information.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-017/ACR-017_LandingPage_Unverifiable_Logo.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-017/ACR-017_LandingPage_Unverifiable_Logo_1.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-017/ACR-017_LandingPage_Unverifiable_Logo_2.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-161/ACR-161_LandingPage_Unverifiable_Testimonials.JPG","211008/glaryutilities-211008/5.174.0.202/Images/ACR-161/ACR-161_LandingPage_Unverifiable_Testimonials_1.JPG"],"guid":"0c647a56-6fa8-4420-a114-8e94d769e1fd_5.174.0.202_1","appID":"glaryutilities-211008","dateAdded":"211008","deceptorType":"App","name":"Glary Utilities","company":"Glarysoft Ltd","version":"5.174.0.202","sigName":"Deceptor.Win32/GlaryUtilities!003007014048050165","firstVendorContactDate":"211013","firstAppEsteemReplyDate":"211014","firstResolvedDate":"211029","firstResolvedVersion":"5.175.0.203","resolved":"TRUE","lastKnownStatus":"Deceptor:5.174.0.202","lastKnownDate":"211029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-10-29T20:25:51.7298136+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1595},{"violations":{"ACR-042":"Unrelated files are dropped under the path ( C:\\Users\\User\\AppData\\Local )  without obtaining the user's permission.\n","ACR-043":"On installing the \"Free Driver Scout\" app, it drops some other apps executables in the user's system without any disclosure.\n","ACR-004":"The app shows alarming color patterns, implies the issues that misleads the user to take action.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"The app fails to remove all of its monetization components after the consumer uninstalls it.\n","ACR-057":"The app fails to provide the consumer with clear and simple options to accept or decline offer.\n","ACR-055":"The accept/decline options is not made obvious to the consumer in the offers.\n","ACR-059":"The offer is not marked as Offer.\n","ACR-155":"The app inserts bundler offer to download in the normal installation workflow.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs in the \"C:\\Users\\User\\AppData\\Local\" path, instead of a standard location. \n","ACR-065":"The app does not provide Privacy Policy in the installation prompt.\nThe app does not provide EULA/Terms of Service and Privacy Policy in the app's about page.\n","ACR-092":"The app does not provide any digital signature for all the components.\n","ACR-099":"The app needs to disclose the uninstall information explicitly in the software.\n","ACR-123":"An app uninstallation needs to revert the consumer's system state prior to the original app installation.\n","ACR-054":"The app needs to provide equal prominence to \"Decline\" and \"Next\" buttons and the \"No and Continue now\" and \"Yes and Continue now \" options in the Bundler-made offers.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Covus Freemium\\Free Driver Scout\\FreeDriverScout.exe","companyName":"","productName":"FreeDriverScout","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"dbb389bfadd39945626c5c3b7311e6d8","hashSHA1":"5f63f339babeef7807079736f23b4114c64b02b6","hashSHA256":"46c9943808856f28243d87d03eeb1c1ce6ac402dc68cbeb74a0f1cde1003e3f7","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1810","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"freedriverscoutsetup.exe","isInstaller":"True","companyName":"","productName":"DownloadGuide","productVersion":"2.5.0.107","fileVersion":"2.5.0.107","hashMD5":"5f359082bfa06a8528681e4264cfed03","hashSHA1":"2071ef5f81725f0e2ef6dd4a781536edaf26ecf9","hashSHA256":"beacdc49369bfc484bbffcaeef63329a19951974ceac4bfb497922b5147469c5","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1810","avBlockList":["360 Total Security (20211026)","Avast Premium Security (20211026)","AVG Internet Security (20211026)","Avira Internet Security (20211026)","Bitdefender Internet Security (20211026)","COMODO Antivirus (20211026)","Dr.Web Security Space (20211026)","ESET Internet Security (20211026)","G DATA INTERNET SECURITY (20211026)","K7 Total Security (20211026)","Kaspersky Internet Security (20211026)","Malwarebytes Premium (20211026)","McAfee Total Protection (20211026)","Norton Security (20211026)","Panda Dome (20211026)","Quick Heal Internet Security (20211026)","Sophos Home Premium (20211026)","SpyHunter5 (20211026)","Tencent PC Manager (20211026)","Total AV Antivirus Pro (20211026)","Trend Micro Internet Security (20211026)","VIPRE Advanced Security (20211026)","VirIT eXplorer PRO (20211026)","Webroot SecureAnywhere (20211026)","Windows Defender (20211026)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Softonic search-Driver app","reference":"","landingPage":"","directDownloadingLink":"https://free-driver-scout.en.softonic.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://free-driver-scout.en.softonic.com/download","sourceIndex":"1810"}],"sampleFiles":["211007/freedriverscout-210930/1.0.0.0/Samples/freedriverscoutsetup.exe"],"imageFiles":["211007/freedriverscout-210930/1.0.0.0/Images/ACR-043/ACR-042_Install_Unrelated_Files_Installed.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-055/ACR-055_Bundler-MadeOffers_Unclear_Accept_Decline_Options.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-042/ACR-042_Install_Unrelated_Files_Installed.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-004/ACR-004_Software_Graph_Raising_Urgency.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-119/ACR-119_Uninstall_Retains_Monetization_Components.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-057/ACR-057_Bundler-MadeOffers_Unclear_Options_To_Accept_And_Decline.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-059/ACR-059_Bundler-MadeOffers_Offer_Not-Mentioned_As_Offer.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-155/ACR-155_Bundler-MadeOffers_Masqueraded_Offer.JPG"],"nonDeceptorImageFiles":["211007/freedriverscout-210930/1.0.0.0/Images/ACR-040/ACR-040_Install_Hidden_Files.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-054/ACR-054_Bundler-MadeOffers_Equal_Prominence.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-065/ACR-065_Install_No_Privacy_Policy.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-065/ACR-065_Software_Eula_Pp_MIssing.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-099/ACR-099_Software_Uninstall_Information_Missing.JPG","211007/freedriverscout-210930/1.0.0.0/Images/ACR-123/ACR-123_Uninstall_Files_Not_Removed.JPG"],"guid":"cfa2bddb-ff5c-44cd-bf3d-3a7a8debb08f_1.0.0.0_1","appID":"freedriverscout-210930","dateAdded":"211007","deceptorType":"App","name":"Free Driver Scout","company":"Covus Freemium GmbH","version":"1.0.0.0","sigName":"Deceptor:Win32/FreeDriverScout!043055042004118119057059155","lastKnownStatus":"1.0.0.0","lastKnownDate":"211007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-10-07T21:02:24.4388363+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1597},{"violations":{"ACR-043":"The offered \"Glary utilities\" bundler app gets dropped even after declining it.\n","ACR-048":"The app does not provide any control to cancel the installation.\n","ACR-057":"The app fails to provide the consumer with clear and simple options to accept or decline an offer.\n","ACR-055":"The accept/decline options is not made obvious to the consumer in the offers.\n","ACR-059":"An offered app is not clearly marked as an offer and it is not recognizable as an offer.\n","ACR-155":"The offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide Privacy Policy during installation. \nThe app does not provide EULA/Terms of Service, Returns & Cancellation Policy, Privacy Policy for the offered app.\n","ACR-099":"The app does not provide uninstall information in the software.\nThe app does not provide uninstall information in the landingpage.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Glarysoft\\Glary Duplicate Cleaner\\Dupefinder.exe","companyName":"Glarysoft Ltd","productName":"Glary Utilities","productVersion":"5.0.0.1","fileVersion":"5.0.1.37","hashMD5":"6ff644338c9e2adf6710fe2b17e3dff0","hashSHA1":"418cd93c209a8eaf89a4cab550c4d1fa3adcb6ce","hashSHA256":"f4b5afa2e3b4fd6767cfb5b1f16215855c92dd1c169d6e805bd7479b25246187","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1803","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ducsetup.exe","isInstaller":"True","companyName":"Glarysoft Ltd","productName":"Duplicate Cleaner","productVersion":"5.0.1.37","fileVersion":"5.0.1.37","hashMD5":"1c2ff1258ead0b2b378fef64e6302a68","hashSHA1":"7f735f866f2a6e21867dab33d6ba70939262e40b","hashSHA256":"a378fc9497a8a177c03483a2e632cc5e37d471f22637533e1190d3c49683bc38","digitalCertThumbprint":"362EBB303E088105BDCC07D94E6B7875D30C0D06","digitalCertIssuer":"DigiCert Assured ID Code Signing CA-1","digitalCertIssuedTo":"Glarysoft LTD","storeId":"","sourceIndex":"1803","avBlockList":["Avast Premium Security (20211026)","AVG Internet Security (20211026)","Avira Internet Security (20211026)","Bitdefender Internet Security (20211026)","ESET Internet Security (20211026)","G DATA INTERNET SECURITY (20211026)","Sophos Home Premium (20211026)","SpyHunter5 (20211026)","Tencent PC Manager (20211026)","Total AV Antivirus Pro (20211026)","VIPRE Advanced Security (20211026)","VirIT eXplorer PRO (20211026)","Webroot SecureAnywhere (20211026)","Windows Defender (20211026)","K7 Total Security (20211026)","McAfee Total Protection (20211026)","Norton Security (20211026)"],"avAllowList":["360 Total Security (20211026)","COMODO Antivirus (20211026)","Dr.Web Security Space (20211026)","Kaspersky Internet Security (20211026)","Malwarebytes Premium (20211026)","Panda Dome (20211026)","Quick Heal Internet Security (20211026)","Trend Micro Internet Security (20211026)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search- Duplicate cleaner app","reference":"","landingPage":"https://www.glarysoft.com/duplicate-cleaner/","directDownloadingLink":"https://download.glarysoft.com/ducsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.glarysoft.com/ducsetup.exe","sourceIndex":"1803"}],"sampleFiles":["211007/duplicatecleaner-210930/5.0.1.37/Samples/ducsetup.exe"],"imageFiles":["211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-043/ACR-043_Install_Declined_Offer.JPG","211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-048/ACR-048_Install_No_Cancel.JPG","211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-057/ACR-057_InbundleOffers_No_Accept_Decline_Option.JPG","211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-059/ACR-059_InbundleOffers_No_Accept_Decline_Option.JPG","211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-155/ACR-155_InbundleOffers_Masqueraded_Offer.JPG","211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-055/ACR-055_InbundleOffers_No_Accept_Decline_Option.JPG"],"nonDeceptorImageFiles":["211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-065/ACR-065_Install_No_PrivacyPolicy.JPG","211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.JPG","211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-099/ACR-099_Landingpage_No_Uninstall_Info.JPG","211007/duplicatecleaner-210930/5.0.1.37/Images/ACR-065/ACR-065_InbundleOffers_No_Privacy_Policy.JPG"],"guid":"768e8e15-5d31-4815-87f1-63245027c5de_5.0.1.37_1","appID":"duplicatecleaner-210930","dateAdded":"211007","deceptorType":"App","name":"Duplicate Cleaner","company":"Glarysoft Ltd","version":"5.0.1.37","sigName":"Deceptor:Win32/DuplicateCleaner!043048057059155055","firstVendorContactDate":"211013","firstAppEsteemReplyDate":"211014","firstResolvedDate":"211029","firstResolvedVersion":"5.0.1.38","resolved":"TRUE","lastKnownStatus":"5.0.1.37","lastKnownDate":"211029","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-10-29T20:21:22.4783809+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1598},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Invisible Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install wizard prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executables.\n","ACR-040":"By default, the app is installed in a hidden folder named \"Best Free Keylogger\" in Program Files.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer and main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_trial.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ffb27149bfc975f8e6fc6f0e074de840","hashSHA1":"dbaabf000bf64f9d509948b160ce2b4e96ca4fd4","hashSHA256":"7eade806b4dccac16271b4b6d40f4d5d45e36bf4e1d3dc79077bac463db83d4a","sourceIndex":"1886","avBlockList":["360 Total Security (20211216)","Avast Premium Security (20211216)","AVG Internet Security (20211216)","Avira Internet Security (20211216)","Bitdefender Internet Security (20211216)","COMODO Antivirus (20211216)","Dr.Web Security Space (20211216)","ESET Internet Security (20211216)","G DATA INTERNET SECURITY (20211216)","K7 Total Security (20211216)","Kaspersky Internet Security (20211216)","Malwarebytes Premium (20211216)","McAfee Total Protection (20211216)","Norton Security (20211216)","Panda Dome (20211216)","Quick Heal Internet Security (20211216)","Sophos Home Premium (20211216)","SpyHunter5 (20211216)","Tencent PC Manager (20211216)","Total AV Antivirus Pro (20211216)","VIPRE Advanced Security (20211216)","VirIT eXplorer PRO (20211216)","Webroot SecureAnywhere (20211216)","Windows Defender (20211216)"],"avAllowList":["Trend Micro Internet Security (20211216)"]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.3","hashMD5":"68656c69143797a90784b73d62e8d5f0","hashSHA1":"8aeb3db313126b8e6c59ff81b7bbca90325f3d71","hashSHA256":"20ed885f26e43900dce1fca8a4bdc5ca53aadfa7f84c998754e4b7c483572e04","sourceIndex":"1886","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://bestxsoftware.com/index.html","directDownloadingLink":"https://c175.pcloud.com/dHZSEx571Z5ddQbgZZZeOvYv7Z2ZZ92RZkZIk19XZ5JQsWes08i4ugq9qASKB7bVRAljy/installer_trial.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://c175.pcloud.com/dHZSEx571Z5ddQbgZZZeOvYv7Z2ZZ92RZkZIk19XZ5JQsWes08i4ugq9qASKB7bVRAljy/installer_trial.exe","sourceIndex":"1886"}],"sampleFiles":["210622/BestFreeKeyloggerPro-210311/7.3.1/Samples/installer_trial.exe","210622/BestFreeKeyloggerPro-210311/7.3.1/Samples/syscrb.exe"],"imageFiles":["210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-084/Best Free Keylogger Pro_Interactions [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-084/Best Free Keylogger Pro_Interactions [3].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-084/Best Free Keylogger Pro_Interactions [4].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-084/Best Free Keylogger Pro_Interactions [5].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-084/Best Free Keylogger Pro_Settings [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-086/Best Free Keylogger Pro_Settings [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-086/Best Free Keylogger Pro_Settings [2].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-086/Best Free Keylogger Pro_Settings [3].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-086/Best Free Keylogger Pro_Settings [4].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-086/Best Free Keylogger Pro_Interactions [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-086/Best Free Keylogger Pro_Interactions [3].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-086/Best Free Keylogger Pro_Interactions [4].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-097/Best Free Keylogger Pro_Install [6].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-048/Best Free Keylogger Pro_Interactions [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-048/Best Free Keylogger Pro_Interactions [3].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-048/Best Free Keylogger Pro_Interactions [4].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-048/Best Free Keylogger Pro_Settings [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-048/Best Free Keylogger Pro_HiddenFolder [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-048/Best Free Keylogger Pro_Files [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-007/Best Free Keylogger Pro_Interactions [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-007/Best Free Keylogger Pro_Interactions [3].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-007/Best Free Keylogger Pro_Interactions [4].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-007/Best Free Keylogger Pro_Settings [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-014/Best Free Keylogger Pro_RunningProcess [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-116/Best Free Keylogger Pro_ControlPanel [1].png"],"nonDeceptorImageFiles":["210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-038/Best Free Keylogger Pro_FileProperty [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-038/Best Free Keylogger Pro_FileProperty [3].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-040/Best Free Keylogger Pro_HiddenFolder [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-040/Best Free Keylogger Pro_Files [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-065/Best Free Keylogger Pro_Install [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-065/Best Free Keylogger Pro_Install [3].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-065/Best Free Keylogger Pro_Install [6].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-065/Best Free Keylogger Pro_Install [9].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-092/Best Free Keylogger Pro_FileProperty [2].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-092/Best Free Keylogger Pro_FileProperty [4].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-002/Best Free Keylogger Pro_RunningProcess [1].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-167/Best Free Keylogger Pro_Bestxsoftware Refund Policy.png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-065/Best Free Keylogger Pro_LandingPage.png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-017/Best Free Keylogger Pro_LandingPage [3].png","210622/BestFreeKeyloggerPro-210311/7.3.1/Images/ACR-161/Best Free Keylogger Pro_LandingPage [2].png"],"guid":"b88a6d48-2392-4d0d-94de-fc3bab894b6b_7.3.1_1","appID":"BestFreeKeyloggerPro-210311","dateAdded":"211004","deceptorType":"App","name":"Best Free Keylogger Pro ","company":"Bestxsoftware","version":"7.3.1","sigName":"Deceptor:Win32/BestFreeKeyloggerPro!084086097048007014116","lastKnownStatus":"7.2.2;7.3.1;7.4.0","lastKnownDate":"211004","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-10-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1600},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"The app enables the consumer to install it in \"Invisible Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install wizard prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executables.\n","ACR-040":"By default, the app is installed in a hidden folder named \"Best Free Keylogger\" in Program Files.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer and main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_trial.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fb2866eac62594d96bd1c0f301e2b35d","hashSHA1":"98fa34c2b16f2f2897917880f7aa82e4fcab5279","hashSHA256":"ddcf6c406b0d4c6a616001c5da67ae7b4aaf17c40efd6d8a597dbe9774712830","sourceIndex":"1811","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","Trend Micro Internet Security (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":[]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.4","hashMD5":"625492318ffe2a439077dfaeebe428c0","hashSHA1":"c8ac5843a53a7dc6e2fbae0c8e0a0147d2278e77","hashSHA256":"59e40662a1b94841ce5bba6784fb0daa2c023da80acbd549309686db49240eda","sourceIndex":"1811","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://bestxsoftware.com/index.html","directDownloadingLink":"https://vc543.pcloud.com/dHZDsthJeZ0K5AWPZZZbJD3v7Z2ZZb6JZkZn0axXZpbpX7cNk6vVx86aAPjkIcmKfR99y/installer_trial.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vc543.pcloud.com/dHZDsthJeZ0K5AWPZZZbJD3v7Z2ZZb6JZkZn0axXZpbpX7cNk6vVx86aAPjkIcmKfR99y/installer_trial.exe","sourceIndex":"1811"}],"sampleFiles":["211004/BestFreeKeyloggerPro-210311/7.4.0/Samples/installer_trial.exe","211004/BestFreeKeyloggerPro-210311/7.4.0/Samples/syscrb.exe"],"imageFiles":["211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-084/Best Free Keylogger Pro_Interactions [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-084/Best Free Keylogger Pro_Interactions [2].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-084/Best Free Keylogger Pro_Interactions [3].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-084/Best Free Keylogger Pro_Interactions [4].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-084/Best Free Keylogger Pro_Interactions [6].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-086/Best Free Keylogger Pro_Interactions [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-086/Best Free Keylogger Pro_Interactions [2].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-086/Best Free Keylogger Pro_Interactions [3].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-086/Best Free Keylogger Pro_Interactions [4].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-086/Best Free Keylogger Pro_Interactions [6].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-086/Best Free Keylogger Pro_Interactions [7].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-086/Best Free Keylogger Pro_Interactions [8].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-097/Best Free Keylogger Pro_Install [5].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-097/Best Free Keylogger Pro_Interactions [10].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-048/Best Free Keylogger Pro_Interactions [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-048/Best Free Keylogger Pro_Interactions [2].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-048/Best Free Keylogger Pro_Interactions [3].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-048/Best Free Keylogger Pro_Interactions [4].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-048/Best Free Keylogger Pro_Files [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-048/Best Free Keylogger Pro_ControlPanel [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-048/Best Free Keylogger Pro_Interactions [6].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-007/Best Free Keylogger Pro_Interactions [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-007/Best Free Keylogger Pro_Interactions [2].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-007/Best Free Keylogger Pro_Interactions [3].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-007/Best Free Keylogger Pro_Interactions [4].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-007/Best Free Keylogger Pro_Interactions [6].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-014/Best Free Keylogger Pro_RunningProcess [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-116/Best Free Keylogger Pro_ControlPanel [1].png"],"nonDeceptorImageFiles":["211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-038/Best Free Keylogger Pro_FileProperty [3].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-038/Best Free Keylogger Pro_FileProperty [4].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-040/Best Free Keylogger Pro_Files [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-065/Best Free Keylogger Pro_Install [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-065/Best Free Keylogger Pro_Install [2].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-065/Best Free Keylogger Pro_Install [3].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-065/Best Free Keylogger Pro_Install [5].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-065/Best Free Keylogger Pro_Install [7].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-092/Best Free Keylogger Pro_FileProperty [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-092/Best Free Keylogger Pro_FileProperty [2].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-065/Best Free Keylogger Pro_About [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-002/Best Free Keylogger Pro_RunningProcess [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-167/Bestxsoftware Refund Policy.png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-065/Best Free Keylogger Pro_LandingPage [1].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-017/Best Free Keylogger Pro_LandingPage [2].png","211004/BestFreeKeyloggerPro-210311/7.4.0/Images/ACR-161/Best Free Keylogger Pro_LandingPage [3].png"],"guid":"b88a6d48-2392-4d0d-94de-fc3bab894b6b_7.4.0_1","appID":"BestFreeKeyloggerPro-210311","dateAdded":"211004","deceptorType":"App","name":"Best Free Keylogger Pro ","company":"Bestxsoftware","version":"7.4.0","lastKnownStatus":"7.2.2;7.3.1;7.4.0","lastKnownDate":"211004","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-10-04T20:18:05.0090439+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1599},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-084":"he app enables the consumer to install it in \"Invisible Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-097":"The install wizard prompts the user to exclude it from antivirus detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"syscrb.exe”, which is not related to the name \"Best Free Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"By default, the app is installed in a hidden folder named \"Best Free Keylogger\" in Program Files.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy.\n","ACR-002":"The App shows different names as \"syscrb.exe\" in the running service/apps section.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the installer and main executable.\n","ACR-167":"The app only provides a 15-day refund policy and not a 30-day refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"installer_trial.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b254997344bab39d4f517690ca4861f6","hashSHA1":"52f3cf3e3ed70ea54149038b0db78f6068e6b239","hashSHA256":"0cca71ad3b4931016bf4e68a81357f42874e2d0955c692054615a2677a538193","sourceIndex":"1981","avBlockList":["360 Total Security (20210527)","Avast Premium Security (20210527)","AVG Internet Security (20210527)","Avira Internet Security (20210527)","Bitdefender Internet Security (20210527)","COMODO Antivirus (20210527)","Dr.Web Security Space (20210527)","ESET Internet Security (20210527)","G DATA INTERNET SECURITY (20210527)","K7 Total Security (20210527)","Kaspersky Internet Security (20210527)","Malwarebytes Premium (20210527)","McAfee Total Protection (20210527)","Norton Security (20210527)","Panda Dome (20210527)","Quick Heal Internet Security (20210527)","Sophos Home Premium (20210527)","SpyHunter5 (20210527)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20210527)","VIPRE Advanced Security (20210527)","VirIT eXplorer PRO (20210527)","Webroot SecureAnywhere (20210527)","Windows Defender (20210527)"],"avAllowList":["Trend Micro Internet Security (20210527)"]},{"isRevoked":"False","fileName":"syscrb.exe","companyName":"bestxsoftware","fileVersion":"7.2","hashMD5":"933880c74a7a5a3336c7515c9aea3ed9","hashSHA1":"fd529a7ff5e921c27efcd91ca6e0d7b121339c10","hashSHA256":"30a504d8d2b94f0a6f35552c8e9b828324c52d75236c6152d724ff03b09598e9","sourceIndex":"1981","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://bestxsoftware.com/index.html","directDownloadingLink":"https://mega.nz/file/dNYwHZSZ#WRrNGKM2qciZGykuU87YO0B2zIk1w_dtt2E2TS52eqs","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/file/dNYwHZSZ#WRrNGKM2qciZGykuU87YO0B2zIk1w_dtt2E2TS52eqs","sourceIndex":"1981"}],"sampleFiles":["210311/BestFreeKeyloggerPro-210311/7.2.2/Samples/installer_trial.exe","210311/BestFreeKeyloggerPro-210311/7.2.2/Samples/syscrb.exe"],"imageFiles":["210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-084/Best Free Keylogger Pro_Interactions [4].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-084/Best Free Keylogger Pro_Interactions [5].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-084/Best Free Keylogger Pro_Interactions [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-084/Best Free Keylogger Pro_Interactions [2].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-084/Best Free Keylogger Pro_Interactions [3].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-084/Best Free Keylogger Pro_Interactions [7] Settings.png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-086/Best Free Keylogger Pro_Interactions [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-086/Best Free Keylogger Pro_Interactions [2].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-086/Best Free Keylogger Pro_Interactions [3].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-086/Best Free Keylogger Pro_Interactions [7] Settings.png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-086/Best Free Keylogger Pro_Interactions [8] Settings.png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-086/Best Free Keylogger Pro_Interactions [9] Settings.png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-097/Best Free Keylogger Pro_Install [5].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-048/Best Free Keylogger Pro_Interactions [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-048/Best Free Keylogger Pro_Interactions [2].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-048/Best Free Keylogger Pro_Interactions [3].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-048/Best Free Keylogger Pro_Interactions [4].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-048/Best Free Keylogger Pro_Interactions [7] Settings.png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-007/Best Free Keylogger Pro_Interactions [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-007/Best Free Keylogger Pro_Interactions [2].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-007/Best Free Keylogger Pro_Interactions [3].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-007/Best Free Keylogger Pro_Interactions [4].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-014/Best Free Keylogger Pro_RunningProcess [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-116/Best Free Keylogger Pro_ControlPanel [1].png"],"nonDeceptorImageFiles":["210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-038/Best Free Keylogger Pro_FileProperty [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-038/Best Free Keylogger Pro_FileProperty [3].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-040/Best Free Keylogger Pro_HiddenDirectory [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-065/Best Free Keylogger Pro_Install [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-065/Best Free Keylogger Pro_Install [2].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-065/Best Free Keylogger Pro_Install [3].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-065/Best Free Keylogger Pro_Install [5].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-065/Best Free Keylogger Pro_Install [8].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-092/Best Free Keylogger Pro_FileProperty [2].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-092/Best Free Keylogger Pro_FileProperty [4].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-065/Best Free Keylogger Pro_About [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-002/Best Free Keylogger Pro_RunningProcess [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-167/Best Free Keylogger_RefundPolicy [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-065/Best Free Keylogger_LandingPage [1].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-017/Best Free Keylogger_LandingPage [4].png","210311/BestFreeKeyloggerPro-210311/7.2.2/Images/ACR-161/Best Free Keylogger_LandingPage [3].png"],"guid":"b88a6d48-2392-4d0d-94de-fc3bab894b6b_7.2.2_1","appID":"BestFreeKeyloggerPro-210311","dateAdded":"211004","deceptorType":"App","name":"Best Free Keylogger Pro ","company":"Bestxsoftware","version":"7.2.2","sigName":"Deceptor:Win32/BestFreeKeyloggerProStalkerware!084086097048007014116","lastKnownStatus":"7.2.2;7.3.1;7.4.0","lastKnownDate":"211004","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-10-04T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1601},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily\n","ACR-007":"The app enables the consumer to hide all explicit notifications from the targeted consumer. After install, the app icon will be hidden from the user.\n","ACR-084":"The app is by default in stealth mode without consumer consent. The app enables the consumer to hide its app icon, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-097":"The app prompts the user to disable anti-virus list in order to prevent detection.\n","ACR-014":"The app calls itself \"Android\", which is not related to the name \"pcTattletale \", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app disguise as running service: \"Android”\n","ACR-065":"The install does not display links to the EULA or Terms of Service.\n","ACR-002":"The app shows different names as \"Android\"” in the running service/apps section.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-167":"Return and cancelation policy is restrictive and offers unnecessary friction, going so far as to advise the customer to order a chargeback order if they are unsatisfied with their policy\n"},"samples":[{"isRevoked":"False","fileName":"app125892-1632445115.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"59e0509c31fa3df859db32b99a3ae30d","hashSHA1":"df65167a3305ae4ae42f8953a340cf60285ac635","hashSHA256":"282c7b2e46f72ce844bb26f8359e34b5256800e55550c52cd912131bd7b2e423","sourceIndex":"1812","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.pctattletale.com","directDownloadingLink":"http://truewebmedia.com/dl/?id=125892&type=apk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://truewebmedia.com/dl/?id=125892&type=apk","sourceIndex":"1812"}],"sampleFiles":["210924/pcTattletale-210924/1.0/Samples/app125892-1632445115.apk"],"imageFiles":["210924/pcTattletale-210924/1.0/Images/ACR-084/pcTattletale_Install [3].png","210924/pcTattletale-210924/1.0/Images/ACR-084/pcTattletale_Task Manager [2].png","210924/pcTattletale-210924/1.0/Images/ACR-086/pcTattletale_Interactions [1].png","210924/pcTattletale-210924/1.0/Images/ACR-086/pcTattletale_Dashboard[1].png","210924/pcTattletale-210924/1.0/Images/ACR-097/pcTattletale_Dashboard[5].png","210924/pcTattletale-210924/1.0/Images/ACR-048/pcTattletale_Install [3].png","210924/pcTattletale-210924/1.0/Images/ACR-007/pcTattletale_Install [3].png","210924/pcTattletale-210924/1.0/Images/ACR-014/pcTattletale_Task Manager [2].png"],"nonDeceptorImageFiles":["210924/pcTattletale-210924/1.0/Images/ACR-038/pcTattletale_Task Manager [2].png","210924/pcTattletale-210924/1.0/Images/ACR-065/pcTattletale_Install [1].png","210924/pcTattletale-210924/1.0/Images/ACR-002/pcTattletale_Task Manager [2].png","210924/pcTattletale-210924/1.0/Images/ACR-167/pcTattletale_Refund Policy.png","210924/pcTattletale-210924/1.0/Images/ACR-161/pcTattletale_OfferPage [3].png"],"guid":"ddbeb700-e6fc-49ab-b695-b275f3b36a4f_1.0_1","appID":"pcTattletale-210924","dateAdded":"210924","deceptorType":"Android App","name":"pcTattletale","company":"Fleming Technologies, LLC","version":"1.0","sigName":"Deceptor:Android/pcTattletaleStalkerware!084086097048007014","lastKnownStatus":"1.0","lastKnownDate":"210924","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"mining,up-sell to paid","lastUpdate":"2021-09-24T15:59:09.9759006+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1602},{"violations":{"ACR-014":"The fraudulent content tricks individuals believing the notification or content is from reputable companies, it attempts to induce individuals to reveal personal information, such as passwords and credit card numbers.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunting","reference":"phishing tank","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"1817"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"00e4cb75-4924-40f5-b86d-c79b07c5e134_210909_1","appID":"AE-phishsite-210909","dateAdded":"210909","deceptorType":"Affiliate","name":"Phishsite","company":"phishing actor","version":"210909","lastKnownStatus":"210909","lastKnownDate":"210909","type":"Affiliate","category":"Productivity, Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2021-09-09T20:49:56.2672294+00:00","notDistributed":false,"familyName":"Phishsite","numInFamily":1,"numInAppID":1,"sortOrder":1603},{"violations":{"ACR-014":"Tricky website provides misleading and fake information to community, sometime intends to obtain internet users privacy data via attracting user with lottery wins, prizes, rewards and untruthful ads.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunting fake info","reference":"covid 19 vaccine, pandemic; covid, etc, hot trending words  ","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"1818"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"4a18b88e-13b9-4c88-9107-86047dd2c680_210909_1","appID":"AE-tricksite-210909","dateAdded":"210909","deceptorType":"Affiliate","name":"Tricksite","company":"Tricksite actors","version":"210909","lastKnownStatus":"210909","lastKnownDate":"210909","type":"Affiliate","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2021-09-09T20:39:49.9611444+00:00","notDistributed":false,"familyName":"AE-tricksite","numInFamily":1,"numInAppID":1,"sortOrder":1604},{"violations":{"ACR-107":"Cracksite usually provides unauthorized keygen programs to generate the license key for legitimate software, that never authorized by software vendors.\n","ACR-010":"Crack website usually provides a bunch of links for different keygen programs, that generate product licensing keys, like a serial number, which can activate the use of a software program. So software program can be used without paying for them. These keygens that are uploaded to the internet aren't even guaranteed to work and generate a valid key, especially if the intention is to actually load your device with viruses or ransomware. Crack websites are notoriously known to include worms, trojans, ransomware, and other viruses that can harm your computer or device.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunting for crack, keygen","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"1819"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"4cf00cab-807c-4d49-b75a-4f3dd0d4670d_210909_1","appID":"AE-cracksite-210909","dateAdded":"210909","deceptorType":"Affiliate","name":"Cracksite","company":"Cracksite actor","version":"210909","lastKnownStatus":"210909","lastKnownDate":"210909","type":"Affiliate","category":"Productivity, Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2021-09-09T20:38:35.342785+00:00","notDistributed":false,"familyName":"AE-Cracksite","numInFamily":1,"numInAppID":1,"sortOrder":1605},{"violations":{"ACR-003":"Exaggerated alerting message about system health, raises urgency for user to take action with exaggerated count of items found. For example, counts each empty temp file as junk file, reports exaggerated count of junk files. \n","ACR-004":"The app  provides free scan results and uses these results to upsell the consumer to a subscription service.\n","ACR-084":"The app creates scheduled tasks without the users knowledge.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app's About page does not contain links to the Returns and Cancellation Policy.\n","ACR-092":"Digital Signature is required for \"PCOptProCtxMenu.dll\".\n","ACR-099":"The internal offers page does not display links to uninstall information.\n","ACR-167":"There is a discrepancy between EULA's Money Back (30 days) , Support FAQs provided in the landing page , internal offer page and refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCOptimizerPro.exe","companyName":"Xportsoft Technologies","fileVersion":"8.1","hashMD5":"6ea4b3af17f4eac67b115550d3900375","hashSHA1":"921f5a489a748886839b2f5a42f3acb3e8cca7af","hashSHA256":"52077056319819f38892d4b912dd1a05aa6a4c364fcb1a13b95c4552b7a04724","digitalCertThumbprint":"C67692D4E6D9019F5D2541E4DB4A3785ECFE6A19","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Khojkipur\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"1824","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCOptimizerProInstaller.exe","isInstaller":"True","companyName":"Xportsoft.com","fileVersion":"8.1","hashMD5":"0d0b27bafae4e3b4eb06031ea079863d","hashSHA1":"12bdc4d3e48bc30c7c54f18753764c195dc5a56b","hashSHA256":"c23413e43ade43bf2d0cbbfa31f88caa9c4a7892054413d98ea8cfe36d189cd9","digitalCertThumbprint":"C67692D4E6D9019F5D2541E4DB4A3785ECFE6A19","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Khojkipur\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"1824","avBlockList":["360 Total Security (20211005)","Avast Premium Security (20211005)","AVG Internet Security (20211005)","Avira Internet Security (20211005)","Bitdefender Internet Security (20211005)","COMODO Antivirus (20211005)","Dr.Web Security Space (20211005)","ESET Internet Security (20211005)","G DATA INTERNET SECURITY (20211005)","K7 Total Security (20211005)","Kaspersky Internet Security (20211005)","Malwarebytes Premium (20211005)","McAfee Total Protection (20211005)","Norton Security (20211005)","Panda Dome (20211005)","Quick Heal Internet Security (20211005)","Sophos Home Premium (20211005)","SpyHunter5 (20211005)","Tencent PC Manager (20211005)","Total AV Antivirus Pro (20211005)","VIPRE Advanced Security (20211005)","VirIT eXplorer PRO (20211005)","Webroot SecureAnywhere (20211005)","Windows Defender (20211005)"],"avAllowList":["Trend Micro Internet Security (20211005)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://pcoptimizerpro.com/","directDownloadingLink":"https://www.pcoptimizerpro.com/downld/PCOptimizerProInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcoptimizerpro.com/downld/PCOptimizerProInstaller.exe","sourceIndex":"1824"}],"sampleFiles":["210823/D-PCOptimizerPro-170611/8.1.1.3/Samples/PCOptimizerPro.exe","210823/D-PCOptimizerPro-170611/8.1.1.3/Samples/PCOptimizerProInstaller.exe"],"imageFiles":["210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-003/PCOptimizerPro_Interactions[1].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-003/PCOptimizerPro_Interactions[3].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-003/PCOptimizerPro_Interactions[4].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-003/PCOptimizerPro_Interactions[5].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-003/PCOptimizerPro_Interactions[7].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-084/PCOptimizerPro_ScheduledTasks [1].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-084/PCOptimizerPro_ScheduledTasks [2].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-084/PCOptimizerPro_ScheduledTasks [3].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-004/PCOptimizerPro_Interactions[1].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-004/PCOptimizerPro_Interactions[2].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-004/PCOptimizerPro_Interactions[3].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-004/PCOptimizerPro_Interactions[4].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-004/PCOptimizerPro_Interactions[7].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-004/PCOptimizerPro_Interactions[8].png"],"nonDeceptorImageFiles":["210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-167/PCOptimizerPro_EULAPage [1].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-167/PCOptimizerPro_SupportPage [1].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-167/PCOptimizerPro_Refund [2].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-099/PCOptimizerPro_OfferPage [2].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-099/PCOptimizerPro_OfferPage [3].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-065/PCOptimizerPro_Install [1].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-065/PCOptimizerPro_Install [2].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-065/PCOptimizerPro_Install [6].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-092/PCOptimizerPro_Files [1].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-092/PCOptimizerPro_FIleProperty [2].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-092/PCOptimizerPro_FIleProperty [3].png","210823/D-PCOptimizerPro-170611/8.1.1.3/Images/ACR-065/PCOptimizerPro_About [1].png"],"guid":"ee64024b-c89f-4615-9fd8-0767085f640f_8.1.1.3_1","appID":"D-PCOptimizerPro-170611","dateAdded":"210823","deceptorType":"App","name":"PCOptimizerPro","company":"Xportsoft Technologies","version":"8.1.1.3","sigName":"Deceptor:Win32/PCOptimizerPro!003004084","firstResolvedVersion":"","lastKnownStatus":"Deceptor: 8.0.1.8;8.1.1.5;8.1.1.6;8.1.1.3","lastKnownDate":"210823","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-08-23T15:47:16.0785234+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1606},{"violations":{"ACR-003":"Exaggerated alerting message about system health, raises urgency for user to take action with exaggerated count of items found. For example, counts each empty temp file as junk file, reports exaggerated count of junk files. \n","ACR-004":"The app shows free scan result and requires payment to them.\n","ACR-084":"The app creates scheduled tasks without the users knowledge.\n"},"nonDeceptorViolations":{"ACR-065":"The landing page does not display links to the Returns and Cancellation Policy.\nThe install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"PCOptimizerPro.exe","companyName":"Xportsoft Technologies","fileVersion":"8.1","hashMD5":"869c331dbd273270d5e459e529770c79","hashSHA1":"39600923c9f28b79a8d61d06202573d3f112aa6b","hashSHA256":"628aa1e135c3dfe30e441a80c51efdafe49a69e6e21f9195bbdf43c84e8085d2","digitalCertThumbprint":"C67692D4E6D9019F5D2541E4DB4A3785ECFE6A19","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Khojkipur\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"1876","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCOptimizerProInstaller.exe","isInstaller":"True","companyName":"Xportsoft.com","fileVersion":"8.1","hashMD5":"18b260587ba339e9c7c7a5391f8e1ea1","hashSHA1":"cdc5712885ef58cd571d4cc83a19586fc9c4f8ed","hashSHA256":"5fda13b6afe0fa71a5f742ece8aa2c74b3e2de4e08010456be25e1d4e0ae2dc1","digitalCertThumbprint":"C67692D4E6D9019F5D2541E4DB4A3785ECFE6A19","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Khojkipur\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"1876","avBlockList":["360 Total Security (20210708)","Avast Premium Security (20210708)","AVG Internet Security (20210708)","Avira Internet Security (20210708)","Bitdefender Internet Security (20210708)","COMODO Antivirus (20210708)","Dr.Web Security Space (20210708)","ESET Internet Security (20210708)","G DATA INTERNET SECURITY (20210708)","K7 Total Security (20210708)","Kaspersky Internet Security (20210708)","Malwarebytes Premium (20210708)","McAfee Total Protection (20210708)","Norton Security (20210708)","Panda Dome (20210708)","Quick Heal Internet Security (20210708)","Sophos Home Premium (20210708)","Tencent PC Manager (20210708)","Total AV Antivirus Pro (20210708)","VIPRE Advanced Security (20210708)","VirIT eXplorer PRO (20210708)","Webroot SecureAnywhere (20210708)","Windows Defender (20210708)"],"avAllowList":["SpyHunter5 (20210708)","Trend Micro Internet Security (20210708)"]},{"isRevoked":"False","fileName":"PCOptimizerPro [2].exe","companyName":"Xportsoft Technologies","fileVersion":"8.1","hashMD5":"cbf686bfc49c18f0d7a46aa851fe5a59","hashSHA1":"53bdf08d49a9bb2d0ff1cad4817b8159557c93da","hashSHA256":"c1ec9101298f1092064b217ade5042b71a913f3ba7e4adc8fb2101873d9df0da","digitalCertThumbprint":"C67692D4E6D9019F5D2541E4DB4A3785ECFE6A19","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Khojkipur\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"1876","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCOptimizerProInstaller [2].exe","isInstaller":"True","companyName":"Xportsoft.com","fileVersion":"8.1","hashMD5":"3d76c3364c8b1a1432bb776e2ca97898","hashSHA1":"fce93fd40a27a6da38d6fa63596e35c354d62a7c","hashSHA256":"4537c67e202bc6beee633bd47f701fd354257dc1158efed3c85317cf6e4a320e","digitalCertThumbprint":"C67692D4E6D9019F5D2541E4DB4A3785ECFE6A19","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Khojkipur\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"1876","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Search pc optimizer with google search","landingPage":"http://www.pcoptimizerpro.com/","directDownloadingLink":"https://www.pcoptimizerpro.com/dwld.aspx","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcoptimizerpro.com/dwld.aspx","sourceIndex":"1876"}],"sampleFiles":["210627/D-PCOptimizerPro-170611/8.1.1.5/Samples/PCOptimizerPro.exe","210627/D-PCOptimizerPro-170611/8.1.1.5/Samples/PCOptimizerProInstaller.exe","210627/D-PCOptimizerPro-170611/8.1.1.5/Samples/PCOptimizerPro [2].exe","210627/D-PCOptimizerPro-170611/8.1.1.5/Samples/PCOptimizerProInstaller [2].exe"],"imageFiles":["210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-003/PCOptimizerPro Junk.png","210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-003/PCOptimizerPro Red.png","210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-084/PCOptimizerPro 86 1.png","210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-084/PCOptimizerPro 86.png","210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-004/PCOptimizerPro 004.gif"],"nonDeceptorImageFiles":["210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-099/PCOptimizerPro Internal Offers.png","210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-065/PCOptimizerPro Landing Page.png","210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-065/PCOptimizerPro Install.png","210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-065/PCOptimizerPro EULA.png","210627/D-PCOptimizerPro-170611/8.1.1.5/Images/ACR-065/PCOptimizerPro About.png"],"guid":"ee64024b-c89f-4615-9fd8-0767085f640f_8.1.1.5_1","appID":"D-PCOptimizerPro-170611","dateAdded":"210823","deceptorType":"App","name":"PCOptimizerPro","company":"Xportsoft Technologies","version":"8.1.1.5","sigName":"Deceptor:Win32/PCOptimizerPro!003004084","firstResolvedVersion":"","lastKnownStatus":"Deceptor: 8.0.1.8;8.1.1.5;8.1.1.6;8.1.1.3","lastKnownDate":"210823","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-08-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1607},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues (For example, counts each empty temp file as junk file, reports exaggerated count of junk files)  with \"Orange\" color bar  and reports as \"Check items Found for optimization on Your PC” thereby misleading or scaring the consumer to take action. \n","ACR-084":"The app creates scheduled tasks without the users knowledge.\n"},"nonDeceptorViolations":{"ACR-065":"The landing page does not display links to the Returns and Cancellation Policy.\nThe install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"PCOptimizerPro.exe","companyName":"Xportsoft Technologies","fileVersion":"8.1","hashMD5":"e3eaf30b68a0d5d7ecc66ee20245da04","hashSHA1":"2f5971b17b138dbcaf16a9a8edfb742e6720ca92","hashSHA256":"81ac2bf8338d5068bf224a058b9da8f45cf7cd19f76ead74dc356a1cab305dc4","digitalCertThumbprint":"B51B9A3F1136B904533D59134CB1F825880B9D01","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies private Ltd, O=Xportsoft Technologies private Ltd, STREET=\"Near Gugga Maadi,Khojkipur\", L=Ambala, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"2019","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCOptimizerProInstaller.exe","isInstaller":"True","companyName":"Xportsoft.com","fileVersion":"8.1","hashMD5":"a50c74202e2f4d938babf556b9f54725","hashSHA1":"6810db1606cac6ab19edbaa49620ba197ef7bc64","hashSHA256":"937ccad21c0271169104539269b5f3faa43d6ca2e36d676fbf9b6fa6df41b40a","digitalCertThumbprint":"B51B9A3F1136B904533D59134CB1F825880B9D01","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies private Ltd, O=Xportsoft Technologies private Ltd, STREET=\"Near Gugga Maadi,Khojkipur\", L=Ambala, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"2019","avBlockList":["360 Total Security (20210921)","Avast Premium Security (20210921)","AVG Internet Security (20210921)","Avira Internet Security (20210921)","Bitdefender Internet Security (20210921)","COMODO Antivirus (20210921)","Dr.Web Security Space (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","Kaspersky Internet Security (20210921)","Malwarebytes Premium (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Quick Heal Internet Security (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20210921)","Trend Micro Internet Security (20210921)","VIPRE Advanced Security (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Search pc optimizer with google search","landingPage":"http://www.pcoptimizerpro.com/","directDownloadingLink":"https://www.pcoptimizerpro.com/downld/PCOptimizerProInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcoptimizerpro.com/downld/PCOptimizerProInstaller.exe","sourceIndex":"2019"}],"sampleFiles":["201229/D-PCOptimizerPro-170611/8.1.1.6/Samples/PCOptimizerPro.exe","201229/D-PCOptimizerPro-170611/8.1.1.6/Samples/PCOptimizerProInstaller.exe"],"imageFiles":["201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-003/PCOptimizerPro_Interactions [4].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-003/PCOptimizerPro_Interactions [5].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-003/PCOptimizerPro_Interactions [6].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-003/PCOptimizerPro_Interactions [7].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-003/PCOptimizerPro_Interactions [8].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-084/PCOptimizerPro_ScheduledTask [1].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-084/PCOptimizerPro_ScheduledTask [2].png"],"nonDeceptorImageFiles":["201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-099/PCOptimizerPro_OfferPage [1].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-099/PCOptimizerPro_OfferPage [2].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-065/PCOptimizerPro_LandingPage [1].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-065/PCOptimizerPro_Install [1].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-065/PCOptimizerPro_Install [2].png","201229/D-PCOptimizerPro-170611/8.1.1.6/Images/ACR-065/PCOptimizerPro_About [1].png"],"guid":"ee64024b-c89f-4615-9fd8-0767085f640f_8.1.1.6_1","appID":"D-PCOptimizerPro-170611","dateAdded":"210823","deceptorType":"App","name":"PCOptimizerPro","company":"Xportsoft Technologies","version":"8.1.1.6","firstResolvedVersion":"","lastKnownStatus":"Deceptor: 8.0.1.8;8.1.1.5;8.1.1.6;8.1.1.3","lastKnownDate":"210823","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-08-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1608},{"violations":{"ACR-003":"Exaggerated alerting message about system health, raises urgency for user to take action with exaggerated count of items found. For example, counts each empty temp file as junk file, reports exaggerated count of junk files. \n","ACR-084":"The scheduled task is created without user awareness and there is no option for user to disable it in app setting \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PCOptimizerProInstaller.exe","isInstaller":"True","hashMD5":"ae99842b7c378bfd833b63b894e4ff43","hashSHA1":"1f1b808836ab6e710e3fd40f12501960dbce6538","hashSHA256":"fe09f775cf7b5c3fbaea9ad91342e97124767c7d825b328a2e8259af5e645f8c","digitalCertThumbprint":"394879527014113598B3F8F79D0537153911B771","digitalCertIssuer":"Xportsoft Technologies","digitalCertIssuedTo":"Xportsoft Technologies","sourceIndex":"3630","avBlockList":["360 Total Security (20210506)","Avast Premium Security (20210506)","AVG Internet Security (20210506)","Avira Internet Security (20210506)","Bitdefender Internet Security (20210506)","COMODO Antivirus (20210506)","Dr.Web Security Space (20210506)","ESET Internet Security (20210506)","G DATA INTERNET SECURITY (20210506)","K7 Total Security (20210506)","Kaspersky Internet Security (20210506)","Malwarebytes Premium (20210506)","McAfee Total Protection (20210506)","Norton Security (20210506)","Panda Dome (20210506)","Quick Heal Internet Security (20210506)","Sophos Home Premium (20210506)","SpyHunter5 (20210506)","Tencent PC Manager (20210506)","Total AV Antivirus Pro (20210506)","Trend Micro Internet Security (20210506)","VIPRE Advanced Security (20210506)","VirIT eXplorer PRO (20210506)","Webroot SecureAnywhere (20210506)","Windows Defender (20210506)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\PC Optimizer Pro\\PCOptimizerPro.exe","companyName":"Xportsoft Technologies","productName":"PC Optimizer Pro","productVersion":"8. 0. 1. 8","fileVersion":"8. 0. 1. 8","hashMD5":"18987d201df60ab02881458be7f005ef","hashSHA1":"4ad2f99c83007a478595d970486be0bd7e06e5ca","hashSHA256":"1fc9fec19ccefb6658f633dacdc0305b655ca2c6d26dcb3bd5ec7b6b4fb33fdb","digitalCertThumbprint":"394879527014113598B3F8F79D0537153911B771","digitalCertIssuer":"Xportsoft Technologies","digitalCertIssuedTo":"Xportsoft Technologies","sourceIndex":"3630","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Search pc optimizer with google search","landingPage":"http://www.pcoptimizerpro.com/","directDownloadingLink":"","ipv4":"","ipv6":"","sourceIndex":"3630"}],"sampleFiles":[],"imageFiles":["170726/D-PCOptimizerPro-170611/8.0.1.8/Images/ACR-003/EmptyTempFileReportAsJunkFile.PNG","170726/D-PCOptimizerPro-170611/8.0.1.8/Images/ACR-003/PCOptimizerProAlertMsg.PNG","170726/D-PCOptimizerPro-170611/8.0.1.8/Images/ACR-084/ScheduledTask_PCOptimizerPro.PNG"],"nonDeceptorImageFiles":[],"guid":"ee64024b-c89f-4615-9fd8-0767085f640f_8.0.1.8_1","appID":"D-PCOptimizerPro-170611","dateAdded":"210823","deceptorType":"App","name":"PCOptimizerPro","company":"Xportsoft Technologies","version":"8.0.1.8","sigName":"Deceptor:Win32/PCOptimizerPro!003084","firstResolvedVersion":"","lastKnownStatus":"Deceptor: 8.0.1.8;8.1.1.5;8.1.1.6;8.1.1.3","lastKnownDate":"210823","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-08-23T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":4,"sortOrder":1609},{"violations":{"ACR-048":"The app is hidden from the control panel, limiting the targeted consumer's ability to uninstall the app, as well as the required password required to open the app/stop monitoring prevents the targeted consumer from disabling the app.\n","ACR-007":"The app can only be reopened with a password.\n","ACR-084":"The app is automatically set to stealth mode which blocks notifications and prevents the targeted consumer from being aware of the app's presence and activity.\n","ACR-086":"The app requires a password to open the app which allows it to hide how it collects user data from the targeted consumer.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for the executable installer.\n","ACR-065":"The install wizard does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy or the Privacy Policy. \nThe app's About page does not contain links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe app's landing page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe app's internal offer page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offer  page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The landing page does not display link  to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"HomeGuard-Setup_x64.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a6f172b22f4d2f7d8e93827de97d55c5","hashSHA1":"ae483687069fe741ab1684b306ff1fb723f67ba8","hashSHA256":"eed3cccebdcbd5360c75b5b2a9b263df48cd460bf4c987496e16c27ebd5908cf","sourceIndex":"1825","avBlockList":["Avast Premium Security (20210921)","AVG Internet Security (20210921)","Avira Internet Security (20210921)","Bitdefender Internet Security (20210921)","Dr.Web Security Space (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","Malwarebytes Premium (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Quick Heal Internet Security (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20210921)","VIPRE Advanced Security (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)"],"avAllowList":["360 Total Security (20210921)","COMODO Antivirus (20210921)","Kaspersky Internet Security (20210921)","Trend Micro Internet Security (20210921)"]},{"isRevoked":"False","fileName":"HomeGuard.exe","companyName":"Veridium Software","fileVersion":"9.12","hashMD5":"2b19a273d0dbfea6118b4c248da8f5eb","hashSHA1":"6199686d57748ae61a84b7f3318bfcef3178fc07","hashSHA256":"56b329910e04729f0fce2d078e3e22ac3756f981f6640b0b0743b87c88e9e012","sourceIndex":"1825","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://veridium.net/homeguard-activity-monitor/","directDownloadingLink":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup_x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup_x64.exe","sourceIndex":"1825"}],"sampleFiles":["210820/HomeGuard-191126/9.12.3/Samples/HomeGuard-Setup_x64.exe","210820/HomeGuard-191126/9.12.3/Samples/HomeGuard.exe"],"imageFiles":["210820/HomeGuard-191126/9.12.3/Images/ACR-048/HomeGuard_Install [6].png","210820/HomeGuard-191126/9.12.3/Images/ACR-048/HomeGuard_Install [2].png","210820/HomeGuard-191126/9.12.3/Images/ACR-048/HomeGuard_ControlPanel [1].png","210820/HomeGuard-191126/9.12.3/Images/ACR-007/HomeGuard_Install [2].png","210820/HomeGuard-191126/9.12.3/Images/ACR-007/HomeGuard_Install [6].png","210820/HomeGuard-191126/9.12.3/Images/ACR-084/HomeGuard_Interactions [2].png","210820/HomeGuard-191126/9.12.3/Images/ACR-086/HomeGuard_Install [2].png","210820/HomeGuard-191126/9.12.3/Images/ACR-086/HomeGuard_Install [6].png","210820/HomeGuard-191126/9.12.3/Images/ACR-086/HomeGuard_Interactions [2].png","210820/HomeGuard-191126/9.12.3/Images/ACR-116/HomeGuard_ControlPanel [1].png"],"nonDeceptorImageFiles":["210820/HomeGuard-191126/9.12.3/Images/ACR-038/HomeGuard_FileProperty [2].png","210820/HomeGuard-191126/9.12.3/Images/ACR-065/HomeGuard_Install [1].png","210820/HomeGuard-191126/9.12.3/Images/ACR-065/HomeGuard_Install [2].png","210820/HomeGuard-191126/9.12.3/Images/ACR-065/HomeGuard_Install [4].png","210820/HomeGuard-191126/9.12.3/Images/ACR-065/HomeGuard_Install [5].png","210820/HomeGuard-191126/9.12.3/Images/ACR-065/HomeGuard_About [1].png","210820/HomeGuard-191126/9.12.3/Images/ACR-065/HomeGuard_LandingPage [1].png","210820/HomeGuard-191126/9.12.3/Images/ACR-065/HomeGuard_OfferPage [1].png","210820/HomeGuard-191126/9.12.3/Images/ACR-092/HomeGuard_FileProperty [3].png","210820/HomeGuard-191126/9.12.3/Images/ACR-092/HomeGuard_FileProperty [4].png","210820/HomeGuard-191126/9.12.3/Images/ACR-099/HomeGuard_LandingPage [1].png","210820/HomeGuard-191126/9.12.3/Images/ACR-099/HomeGuard_OfferPage [1].png","210820/HomeGuard-191126/9.12.3/Images/ACR-167/HomeGuard_LandingPage [1].png"],"guid":"379e1aae-df52-43de-8749-d17ffb8c8d44_9.12.3_1","appID":"HomeGuard-191126","dateAdded":"210820","deceptorType":"App","name":"Home Guard","company":"Veridium Software","version":"9.12.3","lastKnownStatus":"Deceptor:8.8.1.1,9.3.1;9.8.1.1;9.9.1.1;9.11.1;9.12.3","lastKnownDate":"210820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-08-21T00:15:09.916082+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1610},{"violations":{"ACR-048":"After first launch, consumer cannot close and cancel, which limits the consumer's ability to stop the installation.\nThe app is hidden from the control panel, limiting the targeted consumer's ability to uninstall the app, as well as the required password required to open the app/stop monitoring prevents the targeted consumer from disabling the app.\n","ACR-007":"The app can only be reopened with a password.\n","ACR-084":"The app is automatically set to stealth mode which blocks notifications and prevents the targeted consumer from being aware of the app's presence and activity.\n","ACR-086":"The app requires a password to open the app which allows it to hide how it collects user data from the targeted consumer.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for the executable installer.\n","ACR-065":"The install wizard does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy or the Privacy Policy. \nThe app's About page does not contain links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe app's landing page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe app's internal offer page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offer  page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The landing page does not display link  to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"HomeGuard-Setup_x64.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c36c6889577142f60f6a5b6721a905ed","hashSHA1":"a42167ea5cbf7d2cb9e702f1099bb8f76609e50f","hashSHA256":"edfd745fd152f9e2fc566d744d3bcab9405a8d5869f21c8a3b010076b719e08b","sourceIndex":"1904","avBlockList":["360 Total Security (20210727)","Avast Premium Security (20210727)","AVG Internet Security (20210727)","Avira Internet Security (20210727)","Bitdefender Internet Security (20210727)","Dr.Web Security Space (20210727)","ESET Internet Security (20210727)","G DATA INTERNET SECURITY (20210727)","K7 Total Security (20210727)","Malwarebytes Premium (20210727)","McAfee Total Protection (20210727)","Norton Security (20210727)","Panda Dome (20210727)","Quick Heal Internet Security (20210727)","Sophos Home Premium (20210727)","SpyHunter5 (20210727)","Total AV Antivirus Pro (20210727)","VIPRE Advanced Security (20210727)","VirIT eXplorer PRO (20210727)","Webroot SecureAnywhere (20210727)","Windows Defender (20210727)"],"avAllowList":["COMODO Antivirus (20210727)","Kaspersky Internet Security (20210727)","Tencent PC Manager (20210727)","Trend Micro Internet Security (20210727)"]},{"isRevoked":"False","fileName":"HomeGuard.exe","companyName":"Veridium Software","fileVersion":"9.11","hashMD5":"316a5ee3d9183f0768e03646e29b6655","hashSHA1":"aae1fee852ea1fce9b0282014bcfb4d08b71f8d4","hashSHA256":"b2ed3c709f45a7de7cb22889f5ef7c64b66ed7aa1c43cdfc1f48a61a49cdca01","sourceIndex":"1904","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://veridium.net/","landingPage":"https://veridium.net/homeguard-activity-monitor/","directDownloadingLink":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup_x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup_x64.exe","sourceIndex":"1904"}],"sampleFiles":["210603/HomeGuard-191126/9.11.1/Samples/HomeGuard-Setup_x64.exe","210603/HomeGuard-191126/9.11.1/Samples/HomeGuard.exe"],"imageFiles":["210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_Install [1].png","210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_Install [2].png","210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_Install [3].png","210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_Install [4].png","210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_Install [5].png","210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_Install [6].png","210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_ControlPanel [1].png","210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_Install [2].png","210603/HomeGuard-191126/9.11.1/Images/ACR-048/HomeGuard_Install [8].png","210603/HomeGuard-191126/9.11.1/Images/ACR-007/HomeGuard_Install [2].png","210603/HomeGuard-191126/9.11.1/Images/ACR-007/HomeGuard_Install [8].png","210603/HomeGuard-191126/9.11.1/Images/ACR-084/HomeGuard_Interactions [2].png","210603/HomeGuard-191126/9.11.1/Images/ACR-086/HomeGuard_Install [8].png","210603/HomeGuard-191126/9.11.1/Images/ACR-086/HomeGuard_Interactions [3].png","210603/HomeGuard-191126/9.11.1/Images/ACR-116/HomeGuard_ControlPanel [1].png"],"nonDeceptorImageFiles":["210603/HomeGuard-191126/9.11.1/Images/ACR-038/HomeGuard_FileProperty [2].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_Install [1].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_Install [2].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_Install [3].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_Install [5].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_Install [6].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_About [1].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_LandingPage [1].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_LandingPage [2].png","210603/HomeGuard-191126/9.11.1/Images/ACR-065/HomeGuard_OfferPage [1].png","210603/HomeGuard-191126/9.11.1/Images/ACR-092/HomeGuard_FileProperty [3].png","210603/HomeGuard-191126/9.11.1/Images/ACR-092/HomeGuard_FileProperty [4].png","210603/HomeGuard-191126/9.11.1/Images/ACR-099/HomeGuard_LandingPage [1].png","210603/HomeGuard-191126/9.11.1/Images/ACR-099/HomeGuard_LandingPage [2].png","210603/HomeGuard-191126/9.11.1/Images/ACR-167/HomeGuard_LandingPage [1].png","210603/HomeGuard-191126/9.11.1/Images/ACR-167/HomeGuard_LandingPage [2].png"],"guid":"379e1aae-df52-43de-8749-d17ffb8c8d44_9.11.1_1","appID":"HomeGuard-191126","dateAdded":"210820","deceptorType":"App","name":"Home Guard","company":"Veridium Software","version":"9.11.1","sigName":"Deceptor:Win32/HomeGuardStalkerware!048007084086116","lastKnownStatus":"Deceptor:8.8.1.1,9.3.1;9.8.1.1;9.9.1.1;9.11.1;9.12.3","lastKnownDate":"210820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-08-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1611},{"violations":{"ACR-048":"The install page prevents the user from cancelling the installation.\nThe app is hidden from the uninstall page and the control panel, limiting the targeted consumer's ability to uninstall the app, as well as the required password required to open the app/stop monitoring prevents the targeted consumer from disabling the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running, and it requests password to open the app panel.\n","ACR-084":"The app is automatically set to stealth mode which blocks notifications and prevents the targeted consumer from being aware of the app's presence and activity.\n","ACR-086":"The app requires a password to open the app which allows it to hide how it collects user data from the targeted consumer.\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app's About page does not contain links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe app's landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The landing page does not display links to uninstall information.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"HomeGuard-Setup_x64.exe","isInstaller":"True","companyName":"Veridium Software","fileVersion":"1.4","hashMD5":"be3cd9575a08ef55a98a05e79c06d4e9","hashSHA1":"14b5c7a201d0b57b8317363f8cc9f9d920e16633","hashSHA256":"2e2bd08272ab3757fc6a7da44c0bb7802eb541b2bd081c2bf7dc284ad7d1013f","sourceIndex":"2098","avBlockList":["360 Total Security (20211007)","Avast Premium Security (20211007)","AVG Internet Security (20211007)","Avira Internet Security (20211007)","Bitdefender Internet Security (20211007)","Dr.Web Security Space (20211007)","ESET Internet Security (20211007)","G DATA INTERNET SECURITY (20211007)","K7 Total Security (20211007)","Malwarebytes Premium (20211007)","McAfee Total Protection (20211007)","Norton Security (20211007)","Panda Dome (20211007)","Quick Heal Internet Security (20211007)","Sophos Home Premium (20211007)","SpyHunter5 (20211007)","Tencent PC Manager (20211007)","Total AV Antivirus Pro (20211007)","Trend Micro Internet Security (20211007)","VIPRE Advanced Security (20211007)","VirIT eXplorer PRO (20211007)","Webroot SecureAnywhere (20211007)","Windows Defender (20211007)"],"avAllowList":["COMODO Antivirus (20211007)","Kaspersky Internet Security (20211007)"]},{"isRevoked":"False","fileName":"HomeGuard.exe","companyName":"Veridium Software","fileVersion":"9.9","hashMD5":"8f969e035e52ffe50991499aff612774","hashSHA1":"43ec0de72ab6167d5d590cde5c5e20b367bec1e0","hashSHA256":"0780c900e24c3be31edbbd63aff43f5719e46e6d00c0ab155d0ed18d67b4dd6d","sourceIndex":"2098","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Partner Report","reference":"Stalkerware","landingPage":"https://download.cnet.com/HomeGuard-64-bit/3001-2162_4-75630352.html","ipv4":"","ipv6":"","sourceIndex":"2098"},{"howFound":"Partner report","reference":"Stalkerware","landingPage":"https://files.downloadnow-2.com/s/software/16/66/42/25/HomeGuard-Setup_x64.exe?token=1574821519_2f4801b4d006cbeb55f47dd89bcf7e77&fileName=HomeGuard-Setup_x64.exe","ipv4":"","ipv6":"","sourceIndex":"2099"},{"howFound":"Partner Report","reference":"Stalkerware","landingPage":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup.exe","ipv4":"","ipv6":"","sourceIndex":"2100"}],"sampleFiles":["201002/HomeGuard-191126/9.9.1.1/Samples/HomeGuard-Setup_x64.exe","201002/HomeGuard-191126/9.9.1.1/Samples/HomeGuard.exe"],"imageFiles":["201002/HomeGuard-191126/9.9.1.1/Images/ACR-048/ACR-048 Install.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-048/ACR-048.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-048/HomeGuard Uninstall.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-048/Password Set-up.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-007/Password Set-up.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-084/ACR-084 Monitoring Settings.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-086/Password.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-086/ACR-086 HomeGuard Home Page.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-116/ACR-116.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-116/HomeGuard Uninstall.png"],"nonDeceptorImageFiles":["201002/HomeGuard-191126/9.9.1.1/Images/ACR-065/HomeGuard Install.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-065/HomeGuard About Page.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-065/HomeGuard Landing Page.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-099/HomeGuard Landing Page.png","201002/HomeGuard-191126/9.9.1.1/Images/ACR-167/HomeGuard Landing Page.png"],"guid":"379e1aae-df52-43de-8749-d17ffb8c8d44_9.9.1.1_1","appID":"HomeGuard-191126","dateAdded":"210820","deceptorType":"App","name":"Home Guard","company":"Veridium Software","version":"9.9.1.1","sigName":"Deceptor:Win32/HomeGuardStalkerware!048007084086116","lastKnownStatus":"Deceptor:8.8.1.1,9.3.1;9.8.1.1;9.9.1.1;9.11.1;9.12.3","lastKnownDate":"210820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-08-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1612},{"violations":{"ACR-048":"Unable to cancel installation.\nThe app is hidden from the uninstall page on the control panel and settings, which limits the targeted consumer's ability to uninstall the app. The app also enables the user to require a password to open it. \n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running, and it requests password to open the app panel.\n","ACR-084":"The app is by default in stealth mode without consumer consent, which blocks all app notifications.\n","ACR-086":"The app does not inform the targeted consumer how it collects user data and it enables the consumer to hide the app from the targeted consumer by using a password.\n","ACR-116":"The app cannot be uninstalled through platform standard features.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not include Original filename, Company name, Product name, Product version, File version in the version info for all the executables.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-092":"The app does not have a digital signature for all the executables.\n","ACR-099":"The landing page does not display links to uninstall information.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"HomeGuard-Setup_x64.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c3b9cf1beca4da4345613a637f896bc3","hashSHA1":"522ff1fad65916c9be76785f382a33f016d53ff4","hashSHA256":"82a168597da47647fbfe418db088c57885d2adea54338ffe3215a58670da21ca","sourceIndex":"2542","avBlockList":["Avast Internet Security (20200224)","AVG Internet Security (20210610)","Avira Internet Security (20210610)","Bitdefender Internet Security (20210610)","COMODO Antivirus (20210610)","Dr.Web Security Space (20210610)","ESET Internet Security (20210610)","G DATA INTERNET SECURITY (20210610)","K7 Total Security (20210610)","Kaspersky Internet Security (20210610)","Malwarebytes Premium (20210610)","McAfee Total Protection (20210610)","Norton Security (20210610)","Panda Dome (20210610)","Quick Heal Internet Security (20210610)","Sophos Home Premium (20210610)","SpyHunter5 (20210610)","Tencent PC Manager (20210610)","Trend Micro Internet Security (20210610)","VIPRE Advanced Security (20210610)","VirIT eXplorer PRO (20210610)","Webroot SecureAnywhere (20210610)","Windows Defender (20210610)","Avast Premium Security (20210610)","Total AV Antivirus Pro (20210610)"],"avAllowList":["360 Total Security (20210610)"]},{"isRevoked":"False","fileName":"HomeGuard.exe","companyName":"Veridium Software","fileVersion":"9.3","hashMD5":"afaf5218382b4e4975d945df1eae41d0","hashSHA1":"4ce17cab3657ec8db3e1be241eb65e707fd604d5","hashSHA256":"a993c507bc11403364e93df73d0456b85194e633f22e0b84403f732de18c0f8c","sourceIndex":"2542","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Partner Report","reference":"Stalkerware","landingPage":"https://veridium.net/","directDownloadingLink":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup_x64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup_x64.exe","sourceIndex":"2542"},{"howFound":"Partner report","reference":"Stalkerware","landingPage":"https://files.downloadnow-2.com/s/software/16/66/42/25/HomeGuard-Setup_x64.exe?token=1574821519_2f4801b4d006cbeb55f47dd89bcf7e77&fileName=HomeGuard-Setup_x64.exe","ipv4":"","ipv6":"","sourceIndex":"2543"},{"howFound":"Partner Report","reference":"Stalkerware","landingPage":"https://download.cnet.com/HomeGuard-64-bit/3001-2162_4-75630352.html","ipv4":"","ipv6":"","sourceIndex":"2544"}],"sampleFiles":["200219/HomeGuard-191126/9.3.1/Samples/HomeGuard-Setup_x64.exe","200219/HomeGuard-191126/9.3.1/Samples/HomeGuard.exe"],"imageFiles":["200219/HomeGuard-191126/9.3.1/Images/ACR-048/HomeGuard Install 2.png","200219/HomeGuard-191126/9.3.1/Images/ACR-048/HomeGuard Uninstall.png","200219/HomeGuard-191126/9.3.1/Images/ACR-007/HomeGuard Password.png","200219/HomeGuard-191126/9.3.1/Images/ACR-007/HomeGuard Password 2.png","200219/HomeGuard-191126/9.3.1/Images/ACR-084/HomeGuard Settings.png","200219/HomeGuard-191126/9.3.1/Images/ACR-086/HomeGuard Main Page.png","200219/HomeGuard-191126/9.3.1/Images/ACR-086/HomeGuard Password.png","200219/HomeGuard-191126/9.3.1/Images/ACR-086/HomeGuard Password 2.png","200219/HomeGuard-191126/9.3.1/Images/ACR-116/HomeGuard Uninstall.png"],"nonDeceptorImageFiles":["200219/HomeGuard-191126/9.3.1/Images/ACR-038/HomeGuard sigcheck.png","200219/HomeGuard-191126/9.3.1/Images/ACR-065/HomeGuard EULA.png","200219/HomeGuard-191126/9.3.1/Images/ACR-065/HomeGuard About.png","200219/HomeGuard-191126/9.3.1/Images/ACR-065/HomeGuard Landing Page.png","200219/HomeGuard-191126/9.3.1/Images/ACR-092/HomeGuard sigcheck.png","200219/HomeGuard-191126/9.3.1/Images/ACR-099/HomeGuard Landing Page.png","200219/HomeGuard-191126/9.3.1/Images/ACR-167/HomeGuard Landing Page.png"],"guid":"379e1aae-df52-43de-8749-d17ffb8c8d44_9.3.1_1","appID":"HomeGuard-191126","dateAdded":"210820","deceptorType":"App","name":"Home Guard","company":"Veridium Software","version":"9.3.1","lastKnownStatus":"Deceptor:8.8.1.1,9.3.1;9.8.1.1;9.9.1.1;9.11.1;9.12.3","lastKnownDate":"210820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-08-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1614},{"violations":{"ACR-048":"Unable to cancel installation.\nThe app is hidden from the uninstall page on the control panel and settings, which limits the targeted consumer's ability to uninstall the app. The app also enables the user to require a password to open it. Close button will make the app minimize to system tray.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running, and it requests password to open the app panel.\n","ACR-084":"The app is by default in stealth mode without consumer consent. The app enables the consumer to hide its desktop icon, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects user data and it enables the consumer to hide the app from the targeted consumer by using a password.\n","ACR-116":"The app cannot be uninstalled in the control panel or in settings.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not include Original filename, Company name, Product name, Product version, File version in the version info for all the executables.\n","ACR-065":"The app's EULA is not disclosed clearly and does not disclose Privacy policy during installation.\nThe app does not disclose EULA and Privacy policy in the software.\nThe app does not disclose EULA, Refund Policy and Privacy policy in the landing page.\n","ACR-092":"The app does not have a digital signature for all the executables.\n","ACR-099":"The app does not disclose uninstall information in the software. \nThe app does not disclose uninstall information in the landing page. \n","ACR-035":"The app does not disclose the app's name to the consumer in all the docs.\n","ACR-167":"The app does not disclose Return policy in the landing page\n"},"samples":[],"additionalFiles":[{"isRevoked":"False","fileName":"HomeGuard-Setup.exe","isAdditional":"True","hashMD5":"ca8dc47bc5b2848ddfd666e087423c8f","hashSHA1":"a12512712e700206c9f92c47954efc3b2c45fb32","hashSHA256":"e91d466a02a29e751c283b578c50dbcf237291998f2c62a5727baaf0a177d7c4","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"2590","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"HomeGuard-Setup_x64.exe","isAdditional":"True","hashMD5":"ded1c97c55f6306f48b758cdd24c3872","hashSHA1":"a6758a6e14f09fe6ca960a1dc013f6094f010d87","hashSHA256":"2a143addc6840493485292872ea081358ab88e6d179a27897576a1b44fbfad19","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"2590","avBlockList":[],"avAllowList":[]}],"sources":[{"howFound":"Partner Report","reference":"Stalkerware","landingPage":"https://download.cnet.com/HomeGuard-64-bit/3001-2162_4-75630352.html","ipv4":"","ipv6":"","sourceIndex":"2590"},{"howFound":"Partner report","reference":"Stalkerware","landingPage":"https://files.downloadnow-2.com/s/software/16/66/42/25/HomeGuard-Setup_x64.exe?token=1574821519_2f4801b4d006cbeb55f47dd89bcf7e77&fileName=HomeGuard-Setup_x64.exe","ipv4":"","ipv6":"","sourceIndex":"2591"},{"howFound":"Partner Report","reference":"Stalkerware","landingPage":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup.exe","ipv4":"","ipv6":"","sourceIndex":"2592"}],"sampleFiles":["191129/HomeGuard-191126/8.8.1.1/Samples/HomeGuard-Setup.exe","191129/HomeGuard-191126/8.8.1.1/Samples/HomeGuard-Setup_x64.exe"],"imageFiles":["191129/HomeGuard-191126/8.8.1.1/Images/ACR-048/ACR-048_Install_UnableToCancel_Installation.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-048/ACR-048_Software_AppMinimizesToTray.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-048/ACR-048_Software_UnableToUninstall.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-007/ACR-007_Software_NotSureWhenItIsRunning.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-084/ACR-084_Software_AppHidesDesktopIcon.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-084/ACR-084_Software_AppUsesStealthMode.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-086/ACR-086_Software_HidesTheAppFromConsumer.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-116/ACR-116_Uninstall_UnableToUninstalByStandardPlatformFeature.JPG"],"nonDeceptorImageFiles":["191129/HomeGuard-191126/8.8.1.1/Images/ACR-038/ACR-038_Install_NoVersionInfo.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-065/ACR-065_Software_NoDocs.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-065/ACR-065_LandingPage_NoDocs.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-099/ACR-099_LandingPage_NoUninstall_Info.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-035/ACR-035_Docs_NoAppName.JPG","191129/HomeGuard-191126/8.8.1.1/Images/ACR-167/ACR-167_Docs_NoReturnPolicy.JPG"],"guid":"379e1aae-df52-43de-8749-d17ffb8c8d44_8.8.1.1_1","appID":"HomeGuard-191126","dateAdded":"210820","deceptorType":"App","name":"Home Guard","company":"Veridium Software","version":"8.8.1.1","sigName":"Deceptor:Win32/HomeGaurdStalkerware!048007084086116","lastKnownStatus":"Deceptor:8.8.1.1,9.3.1;9.8.1.1;9.9.1.1;9.11.1;9.12.3","lastKnownDate":"210820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-08-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1615},{"violations":{"ACR-048":"Unable to cancel installation.\nThe app is hidden from the uninstall page on the control panel and settings, which limits the targeted consumer's ability to uninstall the app. The app also enables the user to require a password to open it. \n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running, and it requests password to open the app panel.\n","ACR-084":"The app is by default in stealth mode without consumer consent, which blocks all app notifications.\n","ACR-086":"The app does not inform the targeted consumer how it collects user data and it enables the consumer to hide the app from the targeted consumer by using a password.\n","ACR-116":"The app cannot be uninstalled through platform standard features, and does not show up on the control panel uninstall tab.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The landing page does not display links to uninstall information.\n","ACR-167":"The landing page does not display links to a Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"HomeGuard.exe","companyName":"Veridium Software","fileVersion":"9.8","hashMD5":"657e87e52ed766a7673bcf096accd985","hashSHA1":"898e0eec174af6b5d75481845fa16f2076d23a8e","hashSHA256":"e692d27cce623e4f61870023b7c9ead937af9cffcd3e79d547265e13e6528708","digitalCertThumbprint":"2F8774BC05CAFA62C9F905CCA858D1409B154DC0","digitalCertIssuer":"CN=VeridiumSoftware","digitalCertIssuedTo":"CN=VeridiumSoftware","sourceIndex":"2162","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"HomeGuard-Setup_x64.exe","isInstaller":"True","companyName":"Veridium Software","fileVersion":"1.4","hashMD5":"7cd9a1e7df7bf76056aac3321d7a53a4","hashSHA1":"91b51e7e6f9b7831f830c3b03da228dd18e53caa","hashSHA256":"fde34b857c90276d68b4a74d892ca277a0f664b88cd04f433bfc8962786602a2","sourceIndex":"2162","avBlockList":["360 Total Security (20211104)","Avast Premium Security (20211104)","AVG Internet Security (20211104)","Avira Internet Security (20211104)","Bitdefender Internet Security (20211104)","Dr.Web Security Space (20211104)","ESET Internet Security (20211104)","G DATA INTERNET SECURITY (20211104)","K7 Total Security (20211104)","Kaspersky Internet Security (20211104)","Malwarebytes Premium (20211104)","McAfee Total Protection (20211104)","Norton Security (20211104)","Panda Dome (20211104)","Quick Heal Internet Security (20211104)","Sophos Home Premium (20211104)","SpyHunter5 (20211104)","Tencent PC Manager (20211104)","Total AV Antivirus Pro (20211104)","Trend Micro Internet Security (20211104)","VIPRE Advanced Security (20211104)","VirIT eXplorer PRO (20211104)","Webroot SecureAnywhere (20211104)","Windows Defender (20211104)"],"avAllowList":["COMODO Antivirus (20211104)"]}],"additionalFiles":[],"sources":[{"howFound":"Partner Report","reference":"Stalkerware","landingPage":"https://download.cnet.com/HomeGuard-64-bit/3001-2162_4-75630352.html","ipv4":"","ipv6":"","sourceIndex":"2162"},{"howFound":"Partner report","reference":"Stalkerware","landingPage":"https://files.downloadnow-2.com/s/software/16/66/42/25/HomeGuard-Setup_x64.exe?token=1574821519_2f4801b4d006cbeb55f47dd89bcf7e77&fileName=HomeGuard-Setup_x64.exe","ipv4":"","ipv6":"","sourceIndex":"2163"},{"howFound":"Partner Report","reference":"Stalkerware","landingPage":"https://veridium.net/files_u/hg/exe/HomeGuard-Setup.exe","ipv4":"","ipv6":"","sourceIndex":"2164"}],"sampleFiles":["200714/HomeGuard-191126/9.8.1.1/Samples/HomeGuard.exe","200714/HomeGuard-191126/9.8.1.1/Samples/HomeGuard-Setup_x64.exe"],"imageFiles":["200714/HomeGuard-191126/9.8.1.1/Images/ACR-048/HomeGuard Install 2.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-048/HomeGuard Uninstall.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-048/116-homeguard.PNG","200714/HomeGuard-191126/9.8.1.1/Images/ACR-007/HomeGuard Password 2.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-084/HomeGuard Settings.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-084/084-homeguard.PNG","200714/HomeGuard-191126/9.8.1.1/Images/ACR-086/HomeGuard Password 2.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-086/086-homeguard.PNG","200714/HomeGuard-191126/9.8.1.1/Images/ACR-116/HomeGuard Uninstall.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-116/116-homeguard.PNG"],"nonDeceptorImageFiles":["200714/HomeGuard-191126/9.8.1.1/Images/ACR-065/HomeGuard EULA.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-065/HomeGuard About.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-065/HomeGuard Landing Page.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-099/HomeGuard Landing Page.png","200714/HomeGuard-191126/9.8.1.1/Images/ACR-099/167-homeguard.PNG","200714/HomeGuard-191126/9.8.1.1/Images/ACR-167/167-homeguard.PNG"],"guid":"379e1aae-df52-43de-8749-d17ffb8c8d44_9.8.1.1_1","appID":"HomeGuard-191126","dateAdded":"210820","deceptorType":"App","name":"Home Guard","company":"Veridium Software","version":"9.8.1.1","sigName":"Deceptor:Win32/HomeGuard!048007084086116","lastKnownStatus":"Deceptor:8.8.1.1,9.3.1;9.8.1.1;9.9.1.1;9.11.1;9.12.3","lastKnownDate":"210820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-08-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1613},{"violations":{"EXR-017":"Extension urges the user to install another extension.\n\n"},"nonDeceptorViolations":{"EXR-042":"The Extension's privacy policy should be provided in detail.\n"},"samples":[{"isRevoked":"False","fileName":"PingPongClassic.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"392d714c25d3299302f787671b10736dc92732826ccc6cef5246f2974e1b6ceb","sourceIndex":"1827","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Ping-Pong.Classic.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"bd5b7d7b72371a8a11af2cc0cce78fbceba33e1db1e793320d218f5f3d2c2461","storeId":"omaoangojgdeimbhlnnfnephhklfnhpo","sourceIndex":"1827","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store Search-Pingpong","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/ping-pongclassic/omaoangojgdeimbhlnnfnephhklfnhpo/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/ping-pongclassic/omaoangojgdeimbhlnnfnephhklfnhpo/","sourceIndex":"1827"}],"sampleFiles":["210815/cx-PingPongClassic-210813/1.13/Samples/Ping-Pong.Classic.zip"],"imageFiles":["210815/cx-PingPongClassic-210813/1.13/Images/EXR-017/EXR-017.mp4"],"nonDeceptorImageFiles":["210815/cx-PingPongClassic-210813/1.13/Images/EXR-042/EXR-042.JPG"],"guid":"7a5e10fb-8239-49e3-8f10-c7b185fad5da_1.13_1","appID":"cx-PingPongClassic-210813","dateAdded":"210815","deceptorType":"Browser Extension","name":"Ping-Pong.Classic","company":"noreal.inv","version":"1.13","sigName":"Deceptor:BEX/PingPongClassic!017","lastKnownStatus":"1.13","lastKnownDate":"210815","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-08-15T21:56:06.9807344+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1616},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims.\n","EXR-038":"The extension only launches a third-party website and has no other functionality.\n","EXR-060":"Extension claims to provide free CarJongg Mahjong With Cars game, but this functionality is not contained within the extension.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided. \n\n","EXR-037":"The primary value proposition doesn't exist. \n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"CarJonggMahjongWithCars.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"54a09f84f1743753e8b94191f172624806e6a0c7337a5bf7ca4841c06553c614","sourceIndex":"1826","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CarJongg Mahjong With Cars.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"dea5c5aaa916da8c84bc484dd43b138ee533f640f7dc6790d2f2940ff6f62ccf","storeId":"jmnpeahpkgiibjiipekllmipipmppgeo","sourceIndex":"1826","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store Search-Games","reference":"","landingPage":"http://carjong.wickedgadgets.info/carjong.htm","directDownloadingLink":"https://chrome.google.com/webstore/detail/carjongg-mahjong-with-car/jmnpeahpkgiibjiipekllmipipmppgeo/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/carjongg-mahjong-with-car/jmnpeahpkgiibjiipekllmipipmppgeo/","sourceIndex":"1826"}],"sampleFiles":["210815/cx-CarJonggMahjongWithCars-210811/0.0.1.28/Samples/CarJongg Mahjong With Cars.zip"],"imageFiles":["210815/cx-CarJonggMahjongWithCars-210811/0.0.1.28/Images/EXR-025/EXR-025.mp4","210815/cx-CarJonggMahjongWithCars-210811/0.0.1.28/Images/EXR-038/EXR-038.mp4","210815/cx-CarJonggMahjongWithCars-210811/0.0.1.28/Images/EXR-060/EXR-060.mp4"],"nonDeceptorImageFiles":["210815/cx-CarJonggMahjongWithCars-210811/0.0.1.28/Images/EXR-002/EXR-002.JPG","210815/cx-CarJonggMahjongWithCars-210811/0.0.1.28/Images/EXR-037/EXR-037.mp4","210815/cx-CarJonggMahjongWithCars-210811/0.0.1.28/Images/EXR-042/EXR-042.JPG"],"guid":"85225dfb-d94f-4717-a2ec-08c8cb3f2e14_0.0.1.28_1","appID":"cx-CarJonggMahjongWithCars-210811","dateAdded":"210815","deceptorType":"Browser Extension","name":"CarJongg Mahjong With Cars","company":"Costel Ivu","version":"0.0.1.28","sigName":"Deceptor:BEX/CarJonggMahjongWithCars!025038060","lastKnownStatus":"0.0.1.28","lastKnownDate":"210815","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-08-15T22:06:27.1735534+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1617},{"violations":{"ACR-003":"App presents scanning results with alarming color and unsubstantiated system risk level. \n","ACR-004":"App requires user to register application to fix the issues reported. User has to make a call to a call center  register the application.\n","ACR-168":"Application doesn't provide non-interactive option for user to register the application. It doesn't disclose the additional offer may be offered during call.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PC-Cleaner-Perfect.exe","isInstaller":"True","companyName":"Tekpcsolutions","fileVersion":"1.0","hashMD5":"6b8a9d68e0ae9d11efaa9c973246fff4","hashSHA1":"60b65353eb5cc7aac86fe307bbd24f42da6e0900","hashSHA256":"2962fa42d3414f0881aa0f5e4a404146c347e6d727f7a86a0d32b4e8b0498f09","digitalCertThumbprint":"1BD1D8DED65127CDB32D676D94C9A1978F4DAA62","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TEK PC Solutions, O=TEK PC Solutions, L=Somerset, S=New Jersey, C=US","sourceIndex":"1829","avBlockList":["360 Total Security (20210921)","Avast Premium Security (20210921)","AVG Internet Security (20210921)","Avira Internet Security (20210921)","Bitdefender Internet Security (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20210921)","VIPRE Advanced Security (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)"],"avAllowList":["COMODO Antivirus (20210921)","Dr.Web Security Space (20210921)","Kaspersky Internet Security (20210921)","Malwarebytes Premium (20210921)","Quick Heal Internet Security (20210921)","Trend Micro Internet Security (20210921)"]},{"isRevoked":"False","fileName":"PC-Cleaner-Perfect - main exe.exe","fileVersion":"1.0","hashMD5":"4dca71609a4a821d669638c6af9e23d2","hashSHA1":"acb6848ef36b2687cd9125d648351b13a94f90f7","hashSHA256":"8b843d0f54cda59801982cd5bc884f873d70fd8953b6431725ca4b371a3f6a52","digitalCertThumbprint":"1BD1D8DED65127CDB32D676D94C9A1978F4DAA62","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=TEK PC Solutions, O=TEK PC Solutions, L=Somerset, S=New Jersey, C=US","sourceIndex":"1829","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Found on website","reference":"","landingPage":"https://filehippo.com/","directDownloadingLink":"https://filehippo.com/download_pc-cleaner-perfect/post_download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://filehippo.com/download_pc-cleaner-perfect/post_download/","sourceIndex":"1829"}],"sampleFiles":["210812/PcCleanerPerfect-210713/1.0.3.3453/Samples/PC-Cleaner-Perfect.exe","210812/PcCleanerPerfect-210713/1.0.3.3453/Samples/PC-Cleaner-Perfect - main exe.exe"],"imageFiles":["210812/PcCleanerPerfect-210713/1.0.3.3453/Images/ACR-003/PcCleaner ACR-003.PNG","210812/PcCleanerPerfect-210713/1.0.3.3453/Images/ACR-003/PCCleanerPerfect_003.JPG","210812/PcCleanerPerfect-210713/1.0.3.3453/Images/ACR-004/PCCleanerPerfect_004.JPG","210812/PcCleanerPerfect-210713/1.0.3.3453/Images/ACR-168/PCCleanerPerfect_168.JPG"],"nonDeceptorImageFiles":[],"guid":"b1ef1756-36ec-4149-a01e-367c4c5e1c33_1.0.3.3453_1","appID":"PcCleanerPerfect-210713","dateAdded":"210812","deceptorType":"App","name":"PC Cleaner Perfect","company":"TEK PC Solutions","version":"1.0.3.3453","sigName":"Deceptor:Win32/PCCleanerPerfect!003004168","lastKnownStatus":"1.0.3.3453","lastKnownDate":"210812","type":"Windows Executable","lastUpdate":"2021-08-12T20:02:11.4789467+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1618},{"violations":{"ACR-057":"The app does not provide clear and simple options to 'accept' or 'decline' an offer instead, it uses 'back' and 'next'.\n","ACR-053":"The app offers 3 bundler apps but the final offer doesn't have a \"Skip offers\" option.\n","ACR-055":"The app’s 'accept' & 'decline' options are not obvious as it only shows 'back & 'next' across the installation during the offer.\n","ACR-155":"The offers were inserted to masquerade as a part of the installation workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"b822.exe","isInstaller":"True","companyName":"WSD001","productName":"WSD001's Installer","productVersion":"1.0.0.3058","fileVersion":"1.0.0.3058","hashMD5":"8e269637020968ebceb4b45829faf81c","hashSHA1":"754a4d61c5a701d6ffc5ac9cc704b109bd284ffc","hashSHA256":"b82269cf079e31247a60702e2095539ede3848dcbc33ca83c08aba36c5fc31ac","digitalCertThumbprint":"5E901A865B262F59F895E35B549CE519DEB3E93B","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"6785719 Canada Inc.","storeId":"","sourceIndex":"1830","avBlockList":["360 Total Security (20210921)","Avast Premium Security (20210921)","AVG Internet Security (20210921)","Avira Internet Security (20210921)","Bitdefender Internet Security (20210921)","COMODO Antivirus (20210921)","Dr.Web Security Space (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","Malwarebytes Premium (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20210921)","Trend Micro Internet Security (20210921)","VIPRE Advanced Security (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)"],"avAllowList":["Kaspersky Internet Security (20210921)","Quick Heal Internet Security (20210921)"]},{"isRevoked":"False","fileName":"5a39.exe","isInstaller":"True","companyName":"WSD001","productName":"Winsoftwarede","productVersion":"1.0.1.4006","fileVersion":"6.0.2.4130","hashMD5":"fc399223b05c71d50c15b94d203a3a5b","hashSHA1":"7894e4bcdb23104ca548ea7c014282cfda5cf9a4","hashSHA256":"5a3994e5bf9487c3b0334acc0d4787bfd758178ba31a2efadaf0cdb967ad15fd","digitalCertThumbprint":"CEA7FCA3554B45A11B65470C0C27840EF7125AD0","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"Winsoftware.de GmbH & Co. KG","storeId":"","sourceIndex":"1830","avBlockList":["360 Total Security (20210921)","Avast Premium Security (20210921)","AVG Internet Security (20210921)","Avira Internet Security (20210921)","Bitdefender Internet Security (20210921)","COMODO Antivirus (20210921)","Dr.Web Security Space (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","Malwarebytes Premium (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20210921)","Trend Micro Internet Security (20210921)","VIPRE Advanced Security (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)"],"avAllowList":["Kaspersky Internet Security (20210921)","Quick Heal Internet Security (20210921)"]},{"isRevoked":"False","fileName":"Address4Me-pro_2.1.exe","isInstaller":"True","companyName":"WSD001","productName":"WSD001's Installer","productVersion":"1.0.0.3058","fileVersion":"1.0.0.3058","hashMD5":"9d976198c7edeb611d35a38e3a5506c2","hashSHA1":"7ddd9d119e54050dac07c32291419639e2b07474","hashSHA256":"33a0f3fb157ab9cb0222a9030f04e35d0467d3e4fc723362b00366a6e6d08fde","digitalCertThumbprint":"5E901A865B262F59F895E35B549CE519DEB3E93B","digitalCertIssuer":"Entrust Extended Validation Code Signing CA - EVCS1","digitalCertIssuedTo":"6785719 Canada Inc.","storeId":"","sourceIndex":"1830","avBlockList":["360 Total Security (20210921)","Avast Premium Security (20210921)","AVG Internet Security (20210921)","Avira Internet Security (20210921)","Bitdefender Internet Security (20210921)","COMODO Antivirus (20210921)","Dr.Web Security Space (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","Malwarebytes Premium (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Total AV Antivirus Pro (20210921)","VIPRE Advanced Security (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)"],"avAllowList":["Kaspersky Internet Security (20210921)","Quick Heal Internet Security (20210921)","Trend Micro Internet Security (20210921)"]}],"additionalFiles":[],"sources":[{"howFound":"Security Partner Report","reference":"Address4Me","landingPage":"https://www.winsoftware.de","directDownloadingLink":"https://www.winsoftware.de/DL-Software,address4me-pro,29060.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.winsoftware.de/DL-Software,address4me-pro,29060.htm","sourceIndex":"1830"}],"sampleFiles":["210811/WSDInstaller-210809/1.0.0.3058/Samples/b822.exe","210811/WSDInstaller-210809/1.0.0.3058/Samples/5a39.exe","210811/WSDInstaller-210809/1.0.0.3058/Samples/Address4Me pro_2.1.exe"],"imageFiles":["210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-053/ACR-053_Install_No_Skip_Option.JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-053/ACR_053_Install_No_Skip_Option(1).JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-053/ACR-053_Install_No_Skip_Option(2).JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-053/ACR-053_Install_No_Skip_Option(3).JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-057/ACR-057_Bundler-Made-Offers_Misleading_Options.JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-057/ACR-057_Bundler-Made-Offers_Misleading_Options(1).JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-155/ACR-155_Bundler-Made-Offers_Masqueraded_Offers.JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-155/ACR-155_Bundler-Made-Offers_Masqueraded_Offers(1).JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-055/ACR-055_Bundler-Made-Offers_Misleading_Options.JPG","210811/WSDInstaller-210809/1.0.0.3058/Images/ACR-055/ACR-055_Bundler-Made-Offers_Misleading_Options(1).JPG"],"nonDeceptorImageFiles":[],"guid":"7ed05eb6-78bd-4086-9829-8152832589a3_1.0.0.3058_1","appID":"WSDInstaller-210809","dateAdded":"210811","deceptorType":"Bundler","name":"WSD Installer","company":"Winsoftware.de GmbH ","version":"1.0.0.3058","sigName":"Deceptor:Win32/WSDInstaller!053057155055","lastKnownStatus":"1.0.0.3058","lastKnownDate":"210811","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 10,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2021-08-11T23:24:16.4269883+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1619},{"violations":{"EXR-038":"On adding this extension to the chrome, it redirects the user to another page, where the user can play the game.\n","EXR-060":"The extension claims to provide Death Racing game, but this functionality is not contained within the extension.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information was provided.\n"},"samples":[{"isRevoked":"False","fileName":"DeathRacing.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"491157897156532936077f46837795303685d5af2060d05d2df80c40e3e926a8","sourceIndex":"1831","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Death Racing.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8b15ae409dd5008090d8a3f22d6a6f79d50ae4e3abaeeeadad6cad0211d9bd15","storeId":"afpkfhjegipdjlgjfhhbcgohmnmhkicb","sourceIndex":"1831","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store Search-Games","reference":"","landingPage":"https://www.webfungames.com/game/death-racing.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/death-racing/afpkfhjegipdjlgjfhhbcgohmnmhkicb/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/death-racing/afpkfhjegipdjlgjfhhbcgohmnmhkicb/","sourceIndex":"1831"}],"sampleFiles":["210809/cx-DeathRacing-210809/2.0/Samples/Death Racing.zip"],"imageFiles":["210809/cx-DeathRacing-210809/2.0/Images/EXR-038/EXR-038.mp4","210809/cx-DeathRacing-210809/2.0/Images/EXR-060/EXR-060.mp4"],"nonDeceptorImageFiles":["210809/cx-DeathRacing-210809/2.0/Images/EXR-002/EXR-002.JPG"],"guid":"dc03237f-f6c6-45c9-a99d-2743531c2fb0_2.0_1","appID":"cx-DeathRacing-210809","dateAdded":"210809","deceptorType":"Browser Extension","name":"Death Racing","company":"www.webfungames.com","version":"2.0","sigName":"Deceptor:BEX/DeathRacing!038060","lastKnownStatus":"2.0","lastKnownDate":"210809","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-08-09T22:32:03.6723068+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1620},{"violations":{"ACR-048":"The app requires a hotkey or password and is in a hidden folder, limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-007":"The app does not provide explicit notifications to the targeted consumer and requires a hotkey or password to open, preventing the targeted consumer from being notified or able to open the app.\n","ACR-084":"The app is installed in a hidden folder, requires a hotkey to open, does not show icon, and does not provide explicit notifications, preventing the targeted consumer from being aware of its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects, stores, and transmits their data via explicit notifications.\n","ACR-116":"The app is not listed in the list of apps in the Control Panel and therefore cannot be uninstalled via platform standard features.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose Original filename, Company name, product name, product version for the executables \"wmpusrvc.exe\" and \"ultimatekeylogger.exe\".\n","ACR-040":"The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The app's about page does not contain links to the EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's install does not contain links to Returns and Cancellations Policy, Privacy Policy.\nThe app's landing page does not contain links to EULA, Terms of Service, Returns and Cancellation Policy.\nThe app's internal offers does not have a link to the EULA.\n","ACR-161":"The app's landing page shows endorsements with no links to original source, preventing them from being able to be verified.\n","ACR-099":"The app's about page does not provide links to uninstall information.\nThe app's landing page does not provide links to uninstall information.\nThe app's internal offers does not provide links to uninstall information.\n","ACR-150":"The app's landing page contains endorsements that are unable to verified.\n"},"samples":[{"isRevoked":"False","fileName":"wmpusrvc.exe","fileVersion":"0.0","hashMD5":"6bc685ba89c8ae7995468b0a3747d297","hashSHA1":"da8320c4751cd082bcb13af7da64ac1304a5cd02","hashSHA256":"448c1ce93b3de9eb953046dd95dd14345fc2b01c61ac9acadc75c5721f24c626","sourceIndex":"1834","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ultimatekeylogger.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"30e7412408735cd095e79c4ae4bd0909","hashSHA1":"8120ea694e7f94f9bda3c15605982f715cde7a3d","hashSHA256":"c391adf2d2f98b8f636b3b9a88a43779a9e4220d64228f8c2ebf3e843fbc66ef","sourceIndex":"1834","avBlockList":["360 Total Security (20210921)","Avast Internet Security (20200224)","AVG Internet Security (20210921)","Avira Internet Security (20210921)","Bitdefender Internet Security (20210921)","Dr.Web Security Space (20210921)","ESET Internet Security (20210921)","G DATA INTERNET SECURITY (20210921)","K7 Total Security (20210921)","Kaspersky Internet Security (20210921)","Malwarebytes Premium (20210921)","McAfee Total Protection (20210921)","Norton Security (20210921)","Panda Dome (20210921)","Quick Heal Internet Security (20210921)","Sophos Home Premium (20210921)","SpyHunter5 (20210921)","Tencent PC Manager (20210921)","Trend Micro Internet Security (20210921)","VIPRE Advanced Security (20210921)","VirIT eXplorer PRO (20210921)","Webroot SecureAnywhere (20210921)","Windows Defender (20210921)","Avast Premium Security (20210921)","Total AV Antivirus Pro (20210921)"],"avAllowList":["COMODO Antivirus (20210921)"]},{"isRevoked":"False","fileName":"freewarekeylogger [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"14609358a326eb69ab2c29df49765cf8","hashSHA1":"5dacddaa2cfbfe19a86d2d1f792b81c33dbe5a79","hashSHA256":"7d4107feffe0573c117bd29b739228f84abd602d96f74b71e9e0319a9d30f088","sourceIndex":"1834","avBlockList":["360 Total Security (20210923)","Avast Premium Security (20210923)","AVG Internet Security (20210923)","Avira Internet Security (20210923)","Bitdefender Internet Security (20210923)","COMODO Antivirus (20210923)","Dr.Web Security Space (20210923)","ESET Internet Security (20210923)","G DATA INTERNET SECURITY (20210923)","K7 Total Security (20210923)","Malwarebytes Premium (20210923)","McAfee Total Protection (20210923)","Norton Security (20210923)","Panda Dome (20210923)","Quick Heal Internet Security (20210923)","Sophos Home Premium (20210923)","SpyHunter5 (20210923)","Tencent PC Manager (20210923)","Total AV Antivirus Pro (20210923)","Trend Micro Internet Security (20210923)","VIPRE Advanced Security (20210923)","VirIT eXplorer PRO (20210923)","Webroot SecureAnywhere (20210923)","Windows Defender (20210923)"],"avAllowList":["Kaspersky Internet Security (20210923)"]},{"isRevoked":"False","fileName":"ultimatekeyloggerfree.exe","fileVersion":"0.0","hashMD5":"7aa14e6170c0c7bd800d6eaa261e3389","hashSHA1":"c7e47687846b9a5f6ac746a8a4510127345e5c12","hashSHA256":"e159c66a3dbb10c68f64d2820f9bb33a5e47dd4df4fe938ea5c091c665818091","sourceIndex":"1834","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"http://ultimatekeylogger.com/","directDownloadingLink":"http://www.ultimatekeylogger.com/downloads/ultimatekeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ultimatekeylogger.com/downloads/ultimatekeylogger.exe","sourceIndex":"1834"}],"sampleFiles":["210728/UltimateKeylogger-200210/2.20.75/Samples/wmpusrvc.exe","210728/UltimateKeylogger-200210/2.20.75/Samples/ultimatekeylogger.exe","210728/UltimateKeylogger-200210/2.20.75/Samples/freewarekeylogger [2].exe","210728/UltimateKeylogger-200210/2.20.75/Samples/ultimatekeyloggerfree.exe"],"imageFiles":["210728/UltimateKeylogger-200210/2.20.75/Images/ACR-048/ACR-048.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-048/ACR-048 hidden folder.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-007/ACR-007.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-007/Hotkey.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-084/Hotkey.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-084/ACR-038.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-084/Screen Shot 2020-02-10 at 5.20.14 PM.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-086/Notifications.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-116/ACR-116.png"],"nonDeceptorImageFiles":["210728/UltimateKeylogger-200210/2.20.75/Images/ACR-038/ACR-038.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-038/ACR-038 2 .png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-040/ACR-040.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-065/About Page.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-065/ACR-065 Install.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-065/Landing Page.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-065/Internal Offers.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-099/About Page.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-099/Landing Page.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-099/Internal Offers.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-161/ACR-161.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-161/Landing Page.png","210728/UltimateKeylogger-200210/2.20.75/Images/ACR-150/ACR-150.png"],"guid":"3c652b15-4e0d-4f6c-9999-a4842037792e_2.20.75_1","appID":"UltimateKeylogger-200210","dateAdded":"210728","deceptorType":"App","name":"Ultimate Keylogger","company":"UKL Solutions","version":"2.20.75","sigName":"Deceptor:Win32/UltimateKeylogger!048007084086116","lastKnownStatus":"Deceptor:2.20.75","lastKnownDate":"210728","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-07-28T19:26:48.5782859+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1621},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims.\n\n","EXR-038":"Extension only launches a website app, and has no other functionality.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n"},"samples":[{"isRevoked":"False","fileName":"BMXMonkey.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3ce984602707390bb73fae0779aa08d4841946e23188200ec49a5ab1bb2c0290","sourceIndex":"1832","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BMX Monkey.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"49b4891c6668c390d1200a238e2cc7ddef21c701c5f179b6d108252de3926448","storeId":"ibikgdeokcehahgnnhfnigfnjmookbeo","sourceIndex":"1832","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Webstore search - Games","reference":"","landingPage":"http://casual.unityplay.me/BmxMonkey/webplayer.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/bmx-monkey/ibikgdeokcehahgnnhfnigfnjmookbeo/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/bmx-monkey/ibikgdeokcehahgnnhfnigfnjmookbeo/","sourceIndex":"1832"}],"sampleFiles":["210728/cx-BMXMonkey-210715/1.9.9/Samples/BMX Monkey.zip"],"imageFiles":["210728/cx-BMXMonkey-210715/1.9.9/Images/EXR-025/EXR-025.mp4","210728/cx-BMXMonkey-210715/1.9.9/Images/EXR-038/EXR-038.mp4"],"nonDeceptorImageFiles":["210728/cx-BMXMonkey-210715/1.9.9/Images/EXR-002/EXR-002.JPG","210728/cx-BMXMonkey-210715/1.9.9/Images/EXR-037/EXR-037.mp4"],"guid":"85614ba2-d06f-4bb6-ae48-7fc6527102a5_1.9.9_1","appID":"cx-BMXMonkey-210715","dateAdded":"210728","deceptorType":"Browser Extension","name":"BMX Monkey","company":"casual.unityplay.me","version":"1.9.9","sigName":"Deceptor:BEX/BMXMonkey!025038","lastKnownStatus":"1.9.9","lastKnownDate":"210728","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows Server,Windows 10,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-07-28T22:56:46.1204376+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1622},{"violations":{"EXR-038":"Extension only launches a website and does nothing else.\n","EXR-060":"Extension claims to provide free PDF to Excel converter, but this functionality is not contained within the extension.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"PDFtoExcelConverter.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"a961a3fb07d97e9c9f238a148dfeb197454aca19c4ab83703758f48d50e1e3b8","sourceIndex":"1835","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PDF to Excel Converter.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"85a8d9e5563640c4eeb7ea2dc077c54f6dff34b818101563fea7d652a29911ac","storeId":"bjacddnnopjojabadgacmnhcibgmanjk","sourceIndex":"1835","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store Search - Converter","reference":"","landingPage":"https://online-converter.freepdfsolutions.com/#pdf-to-excel-converter","directDownloadingLink":"https://chrome.google.com/webstore/detail/pdf-to-excel-converter/bjacddnnopjojabadgacmnhcibgmanjk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/pdf-to-excel-converter/bjacddnnopjojabadgacmnhcibgmanjk","sourceIndex":"1835"}],"sampleFiles":["210727/cx-PDFtoExcelConverter-210629/1.0/Samples/PDF to Excel Converter.zip"],"imageFiles":["210727/cx-PDFtoExcelConverter-210629/1.0/Images/EXR-038/EXR-038.mp4","210727/cx-PDFtoExcelConverter-210629/1.0/Images/EXR-060/EXR-060.mp4"],"nonDeceptorImageFiles":["210727/cx-PDFtoExcelConverter-210629/1.0/Images/EXR-051/EXR-051.JPG","210727/cx-PDFtoExcelConverter-210629/1.0/Images/EXR-002/EXR-002.JPG","210727/cx-PDFtoExcelConverter-210629/1.0/Images/EXR-037/EXR-037.mp4","210727/cx-PDFtoExcelConverter-210629/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"87924a14-7195-46d4-b170-8ba63e7b66fd_1.0_1","appID":"cx-PDFtoExcelConverter-210629","dateAdded":"210727","deceptorType":"Browser Extension","name":"PDF to Excel Converter","company":"https://online-converter.freepdfsolutions.com","version":"1.0","sigName":"Deceptor:BEX/PDFtoExcelConverter!038060","lastKnownStatus":"1.0","lastKnownDate":"210727","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-07-27T20:22:42.0380602+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1624},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app. The app prevents itself from being uninstalled by the targeted consumer.\n\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. \n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory.\n","ACR-086":"The app does not inform the targeted consumer how it collects or stores their data.\n","ACR-116":"The app cannot be uninstall via platform standard features because it is not in the installed apps list.\n","ACR-014":"The app hides itself by attaching its process to explorer.exe  and other running processes, which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The application is installed in a directory that does not disclose the app's name, making it hard for the consumer to identify where it is located.\n","ACR-040":"The application is not installed in the standard location. The application was installed in a data hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy, or Privacy Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-082":"The app enables the consumer to violate many laws.\n","ACR-092":"The application does not have a digital signature.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy\n"},"samples":[{"isRevoked":"False","fileName":"setup-win-3qmqj.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"392117cf0018084b89f192d135283b030a587544b3e8f825975d734a21881aec","sourceIndex":"1836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"hw.dll","fileVersion":"10.1","hashMD5":"ea74d380052912ffdd57d456ab902c95","hashSHA1":"b6b4bb21c109d25f8a9ddf361aa4784ecb1d0260","hashSHA256":"cd6f5becb61ffc36308f27bf9ebf5d57e8f00e58c2ce0d37dfde95322875cc62","sourceIndex":"1836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"hw.exe","fileVersion":"10.2","hashMD5":"99b6199a68d0643ab6da954c4694f203","hashSHA1":"de059f58e0cee8636bb9a0d531e8351202c78469","hashSHA256":"cbdc46b178cc5b12110c5e8a23620c1f91a1259078f8e18b4d6f6a50433a6780","sourceIndex":"1836","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"hw-v10-2-1-4620.exe","isInstaller":"True","companyName":"Hoverwatch                                                  ","fileVersion":"10.2","hashMD5":"aecf04d138a4ab6654e34fca6fa5889d","hashSHA1":"edd6316caf76535dd28f2e9ce81440a6ef224c7b","hashSHA256":"85c484c34ec577f6e55889de5ca68ab885fedd139200a969342015e6053ccacd","sourceIndex":"1836","avBlockList":["360 Total Security (20210923)","Avast Premium Security (20210923)","AVG Internet Security (20210923)","Avira Internet Security (20210923)","Bitdefender Internet Security (20210923)","Dr.Web Security Space (20210923)","ESET Internet Security (20210923)","G DATA INTERNET SECURITY (20210923)","K7 Total Security (20210923)","Kaspersky Internet Security (20210923)","Malwarebytes Premium (20210923)","McAfee Total Protection (20210923)","Norton Security (20210923)","Panda Dome (20210923)","Quick Heal Internet Security (20210923)","Sophos Home Premium (20210923)","SpyHunter5 (20210923)","Tencent PC Manager (20210923)","Total AV Antivirus Pro (20210923)","Trend Micro Internet Security (20210923)","VIPRE Advanced Security (20210923)","VirIT eXplorer PRO (20210923)","Webroot SecureAnywhere (20210923)","Windows Defender (20210923)"],"avAllowList":["COMODO Antivirus (20210923)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.hoverwatch.com","landingPage":"","directDownloadingLink":"https://w.hw.cab/3qmqj/setup-win-3qmqj.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://w.hw.cab/3qmqj/setup-win-3qmqj.zip","sourceIndex":"1836"}],"sampleFiles":["210727/HoverwatchforWindows-210727/10.2.1.4620/Samples/setup-win-3qmqj[pass-hoverwatch].zip","210727/HoverwatchforWindows-210727/10.2.1.4620/Samples/hw.dll","210727/HoverwatchforWindows-210727/10.2.1.4620/Samples/hw.exe","210727/HoverwatchforWindows-210727/10.2.1.4620/Samples/hw-v10-2-1-4620.exe"],"imageFiles":["210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-048/Hoverwatch_Install [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-014/Hoverwatch_RunningProcess [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-014/Hoverwatch_RunningProcess [2].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-084/Hoverwatch_Install [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-084/Hoverwatch_Files [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-086/Hoverwatch_DashBoard [4].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-007/Hoverwatch_RunningProcess [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-007/Hoverwatch_RunningProcess [2].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-116/Hoverwatch_ControlPanel [1].png"],"nonDeceptorImageFiles":["210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-038/Hoverwatch_Files [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-040/Hoverwatch_Files [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-065/Hoverwatch_Install [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-065/Hoverwatch_Install [2].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-065/Hoverwatch_Install [3].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-065/Hoverwatch_Install [4].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-065/Hoverwatch_Install [5].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-082/Hoverwatch_LandingPage [3].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-092/Hoverwatch_FileProperty [2].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-092/Hoverwatch_FileProperty [4].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-092/Hoverwatch_FileProperty [5].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-065/Hoverwatch_LandingPage [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-099/Hoverwatch_LandingPage [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-161/Hoverwatch_LandingPage [2].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-065/Hoverwatch_OfferPage [1].png","210727/HoverwatchforWindows-210727/10.2.1.4620/Images/ACR-099/Hoverwatch_OfferPage [1].png"],"guid":"b8372004-d987-4de9-bd78-168dd7176015_10.2.1.4620_1","appID":"HoverwatchforWindows-210727","dateAdded":"210727","deceptorType":"App","name":"Hoverwatch for Windows","company":"Hoverwatch","version":"10.2.1.4620","sigName":"Deceptor:Win32/HoverwatchforWindows!048014084086007116","lastKnownStatus":"10.2.1.4620","lastKnownDate":"210727","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-27T16:25:17.2693136+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1623},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims.\n","EXR-038":"Extension only launches a website app, and has no other functionality.\n","EXR-060":"Extension claims to provide free Pool ball game, but this functionality is not contained within the extension\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided. \n"},"samples":[{"isRevoked":"False","fileName":"KingOfPoolBall.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"28cd5fcea3a5b04e87aa574d396907fb6da55b9bb2e62170421f35607397b7d8","sourceIndex":"1839","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"King Of Pool Ball.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d96a7d6fa121f5b157be8b9b93be38eab4452467be1ffdaeca685d95ae21808c","storeId":"ecinnhkeajdlichfghkcjegccpcillbn","sourceIndex":"1839","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store Search - Billiards","reference":"","landingPage":"http://www.droidcool.com/chrome/billiards_legend/webplayer.html?type=click","directDownloadingLink":"https://chrome.google.com/webstore/detail/king-of-pool-ball/ecinnhkeajdlichfghkcjegccpcillbn/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/king-of-pool-ball/ecinnhkeajdlichfghkcjegccpcillbn/","sourceIndex":"1839"}],"sampleFiles":["210726/cx-KingOfPoolBall-210722/2.0.0/Samples/King Of Pool Ball.zip"],"imageFiles":["210726/cx-KingOfPoolBall-210722/2.0.0/Images/EXR-025/EXR-025.mp4","210726/cx-KingOfPoolBall-210722/2.0.0/Images/EXR-038/EXR-038.mp4","210726/cx-KingOfPoolBall-210722/2.0.0/Images/EXR-060/EXR-060.mp4"],"nonDeceptorImageFiles":["210726/cx-KingOfPoolBall-210722/2.0.0/Images/EXR-002/EXR-002.JPG"],"guid":"28adf216-67dc-4965-86fc-c39185474b48_2.0.0_1","appID":"cx-KingOfPoolBall-210722","dateAdded":"210726","deceptorType":"Browser Extension","name":"King Of Pool Ball","company":"www.droidcool.com","version":"2.0.0","sigName":"Deceptor:BEX/KingOfPoolBall!025038060","lastKnownStatus":"2.0.0","lastKnownDate":"210726","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-07-26T20:30:26.9351413+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1625},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims.\n","EXR-038":"Extension only launches a website app, and has no other functionality.\n","EXR-060":"Extension claims to provide free Valley Gun Zombies game, but this functionality is not contained within the extension.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n"},"samples":[{"isRevoked":"False","fileName":"ValleyGunZombies.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"82b589079e9e881d10a64a2f8248a8c22e9e287d47b1293b28aefb0baf9006a6","sourceIndex":"1842","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Valley Gun Zombies.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d32360ae8630177b0e56e07258efcfef5b85dad912605c16278861ee3dfdb5c0","storeId":"kgmjpjiljgbebjjdggmecabbahapkbcl","sourceIndex":"1842","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as KingOfPoolBall ","reference":"","landingPage":"http://www.droidcool.com/chrome/gun_zombie/gun_zombie.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/valley-gun-zombies/kgmjpjiljgbebjjdggmecabbahapkbcl/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/valley-gun-zombies/kgmjpjiljgbebjjdggmecabbahapkbcl/","sourceIndex":"1842"}],"sampleFiles":["210723/cx-ValleyGunZombies-210722/1.8.9/Samples/Valley Gun Zombies.zip"],"imageFiles":["210723/cx-ValleyGunZombies-210722/1.8.9/Images/EXR-025/EXR-025.mp4","210723/cx-ValleyGunZombies-210722/1.8.9/Images/EXR-038/EXR-038.mp4","210723/cx-ValleyGunZombies-210722/1.8.9/Images/EXR-060/EXR-060.mp4"],"nonDeceptorImageFiles":["210723/cx-ValleyGunZombies-210722/1.8.9/Images/EXR-002/EXR-002.JPG","210723/cx-ValleyGunZombies-210722/1.8.9/Images/EXR-037/EXR-037.mp4"],"guid":"3b0fb27a-567f-4588-8362-44af4fb69bd1_1.8.9_1","appID":"cx-ValleyGunZombies-210722","dateAdded":"210723","deceptorType":"Browser Extension","name":"Valley Gun Zombies","company":"www.droidcool.com","version":"1.8.9","sigName":"Deceptor:BEX/ValleyGunZombies!025038060","lastKnownStatus":"1.8.9","lastKnownDate":"210723","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-07-24T00:01:25.0849011+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1626},{"violations":{"ACR-109":"1. The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n2. The app installs FFMPEG Addon program without user consent.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-010":"The app bundler distribute deceptor program. The offer in this bundler, Relevant Knowledge market survey application, allows deceptive affiliate to distribute without control. See RelevantKnowledge deceptor details\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-106":"App offers deceptive program Relevant Knowledge market survey application.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ChrisPCTube.exe","companyName":"Chris P.C. srl","fileVersion":"12.0","hashMD5":"c9476e0b7d93bfb9763bfce92e0b74c8","hashSHA1":"7d9cb192c2004dbf7adcdd308fe3b30d2bbf9dba","hashSHA256":"f369f12ca8b68668d69909c971a2552f29abc083f3671c7ec7e826698f4e3047","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1844","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_free_videotube_downloader_12_19_16.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"12.19","hashMD5":"15fd79d92b551ff6d07305c3e9bb0d99","hashSHA1":"8c954ecccfb1a67013de1e9cceac906764eab29a","hashSHA256":"436af4658cf6ad48da60dbc52b7c0aa10e9d4877876c2556b207553dcc7f8ee0","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1844","avBlockList":["360 Total Security (20211011)","Avast Premium Security (20211011)","AVG Internet Security (20211011)","Avira Internet Security (20211011)","Bitdefender Internet Security (20211011)","COMODO Antivirus (20211011)","ESET Internet Security (20211011)","G DATA INTERNET SECURITY (20211011)","K7 Total Security (20211011)","Malwarebytes Premium (20211011)","McAfee Total Protection (20211011)","Norton Security (20211011)","Panda Dome (20211011)","Quick Heal Internet Security (20211011)","Sophos Home Premium (20211011)","SpyHunter5 (20211011)","Tencent PC Manager (20211011)","Total AV Antivirus Pro (20211011)","VIPRE Advanced Security (20211011)","VirIT eXplorer PRO (20211011)","Webroot SecureAnywhere (20211011)","Windows Defender (20211011)"],"avAllowList":["Dr.Web Security Space (20211011)","Kaspersky Internet Security (20211011)","Trend Micro Internet Security (20211011)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.chris-pc.com/index.html","landingPage":"https://www.videoyoutubedownloader.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=18&file=setup_chrispc_free_videotube_downloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=18&file=setup_chrispc_free_videotube_downloader.exe","sourceIndex":"1844"}],"sampleFiles":["210723/ChrisPCFVTDownloader-201012/12.19.16/Samples/ChrisPCTube.exe","210723/ChrisPCFVTDownloader-201012/12.19.16/Samples/setup_chrispc_free_videotube_downloader_12_19_16.exe"],"imageFiles":["210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-109/ChrisPC – Free VideoTube Downloader_Install [8].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-109/ChrisPC – Free VideoTube Downloader_ControlPanel [1].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-048/ChrisPC – Free VideoTube Downloader_Install [8].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-010/ChrisPC – Free VideoTube Downloader_Install [7].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-010/ChrisPC – Free VideoTube Downloader_Install [8].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-059/ChrisPC – Free VideoTube Downloader_Install [7].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-155/ChrisPC – Free VideoTube Downloader_Install [7].png"],"nonDeceptorImageFiles":["210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-065/ChrisPC – Free VideoTube Downloader_Install [1].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-065/ChrisPC – Free VideoTube Downloader_Install [2].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-065/ChrisPC – Free VideoTube Downloader_Install [9].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-106/ChrisPC – Free VideoTube Downloader_Install [7].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-065/ChrisPC – Free VideoTube Downloader_About [1].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-099/ChrisPC – Free VideoTube Downloader_About [1].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-065/ChrisPC – Free VideoTube Downloader_LandingPage [1].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-099/ChrisPC – Free VideoTube Downloader_LandingPage [1].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-065/ChrisPC – Free VideoTube Downloader_OfferPage [1].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-065/ChrisPC – Free VideoTube Downloader_OfferPage [2].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-099/ChrisPC – Free VideoTube Downloader_OfferPage [1].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-099/ChrisPC – Free VideoTube Downloader_OfferPage [2].png","210723/ChrisPCFVTDownloader-201012/12.19.16/Images/ACR-161/ChrisPC – Free VideoTube Downloader_OfferPage [1].png"],"guid":"574c0868-9a0b-47f9-aa67-d3aad8a47a1d_12.19.16_1","appID":"ChrisPCFVTDownloader-201012","dateAdded":"210723","deceptorType":"Bundler","name":"ChrisPC – Free VideoTube Downloader","company":"Chris P.C. srl.","version":"12.19.16","sigName":"Deceptor:Win32/ChrisPCFreeVideoTubeDownloader!109048010059155","lastKnownStatus":"12.10.10;12.18.18;12.19.16","lastKnownDate":"210723","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-23T20:30:22.6482934+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1628},{"violations":{"ACR-109":"1. The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n2. The app installs FFMPEG Addon program without user consent.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ChrisPCTube.exe","companyName":"Chris P.C. srl","fileVersion":"12.0","hashMD5":"f4d62ba8d4f9fec6237651761101c6c7","hashSHA1":"8d4b0e00de6b8c8a6990860930916ace0224910b","hashSHA256":"aa812d2790efd582d1ffee37a3e703ee93266166e1736dbd2b3dd0e4d0886499","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1883","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"89c8796cd6169d14531791b7388bc0e9","hashSHA1":"473a91fc861a45122f9f60ee8cd807b57cd2f29d","hashSHA256":"53ef40c6950b12e766195905ffcc596d771b43398ad2eeb2f9a895ab5a8bb278","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1883","avBlockList":["Avast Premium Security (20240702)","AVG Internet Security (20240702)","Avira Internet Security (20240702)","Bitdefender Internet Security (20240702)","COMODO Antivirus (20240702)","Dr.Web Security Space (20240702)","ESET Internet Security (20240702)","FortectPremium (20240702)","G DATA INTERNET SECURITY (20240702)","K7 Total Security (20240702)","Kaspersky Internet Security (20240702)","Malwarebytes Premium (20240702)","Norton Security (20240702)","Panda Dome (20240702)","Quick Heal Internet Security (20240702)","Sophos Home Premium (20240702)","SpyHunter5 (20240702)","Total AV Antivirus Pro (20240702)","VIPRE Advanced Security (20240702)","VirIT eXplorer PRO (20240702)","Webroot SecureAnywhere (20240702)"],"avAllowList":["360 Total Security (20240702)","McAfee Total Protection (20240702)","Trend Micro Internet Security (20240702)","Windows Defender (20240702)"]},{"isRevoked":"False","fileName":"setup_chrispc_free_videotube_downloader_12_18_18.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"12.18","hashMD5":"c0df64c524e22ff25b25c4ca66cf9831","hashSHA1":"94781e6a0024343e6ee23a195ef18667952495d4","hashSHA256":"4e55058108eb940b2c33fa80b8218b7522ee314060d1cefab0b7778572d0770f","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1883","avBlockList":["360 Total Security (20210923)","Avast Premium Security (20210923)","AVG Internet Security (20210923)","Avira Internet Security (20210923)","Bitdefender Internet Security (20210923)","COMODO Antivirus (20210923)","ESET Internet Security (20210923)","G DATA INTERNET SECURITY (20210923)","K7 Total Security (20210923)","Malwarebytes Premium (20210923)","McAfee Total Protection (20210923)","Norton Security (20210923)","Panda Dome (20210923)","Quick Heal Internet Security (20210923)","Sophos Home Premium (20210923)","SpyHunter5 (20210923)","Tencent PC Manager (20210923)","Total AV Antivirus Pro (20210923)","VIPRE Advanced Security (20210923)","VirIT eXplorer PRO (20210923)","Webroot SecureAnywhere (20210923)","Windows Defender (20210923)"],"avAllowList":["Dr.Web Security Space (20210923)","Kaspersky Internet Security (20210923)","Trend Micro Internet Security (20210923)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.chris-pc.com/index.html","landingPage":"https://www.videoyoutubedownloader.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=18&file=setup_chrispc_free_videotube_downloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=18&file=setup_chrispc_free_videotube_downloader.exe","sourceIndex":"1883"}],"sampleFiles":["210623/ChrisPCFVTDownloader-201012/12.18.18/Samples/ChrisPCTube.exe","210623/ChrisPCFVTDownloader-201012/12.18.18/Samples/rk_setup.exe","210623/ChrisPCFVTDownloader-201012/12.18.18/Samples/setup_chrispc_free_videotube_downloader_12_18_18.exe"],"imageFiles":["210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-109/ChrisPC-Free VideoTube Downloader_Install [7 ].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-109/ChrisPC-Free VideoTube Downloader_ControlPanel [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-048/ChrisPC-Free VideoTube Downloader_Install [7 ].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-059/ChrisPC-Free VideoTube Downloader_Install [7].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-155/ChrisPC-Free VideoTube Downloader_Install [7].png"],"nonDeceptorImageFiles":["210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-065/ChrisPC-Free VideoTube Downloader_Install [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-065/ChrisPC-Free VideoTube Downloader_Install [2].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-065/ChrisPC-Free VideoTube Downloader_Install [7].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-065/ChrisPC-Free VideoTube Downloader_Install [8].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-065/ChrisPC-Free VideoTube Downloader_About [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-099/ChrisPC-Free VideoTube Downloader_About [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-065/ChrisPC-Free VideoTube Downloader_LandingPage [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-099/ChrisPC-Free VideoTube Downloader_LandingPage [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-065/ChrisPC-Free VideoTube Downloader_OfferPage [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-065/ChrisPC-Free VideoTube Downloader_OfferPage [2].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-099/ChrisPC-Free VideoTube Downloader_OfferPage [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-099/ChrisPC-Free VideoTube Downloader_OfferPage [2].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-161/ChrisPC-Free VideoTube Downloader_OfferPage [1].png","210623/ChrisPCFVTDownloader-201012/12.18.18/Images/ACR-161/ChrisPC-Free VideoTube Downloader_OfferPage [2].png"],"guid":"574c0868-9a0b-47f9-aa67-d3aad8a47a1d_12.18.18_1","appID":"ChrisPCFVTDownloader-201012","dateAdded":"210723","deceptorType":"Bundler","name":"ChrisPC – Free VideoTube Downloader","company":"Chris P.C. srl.","version":"12.18.18","sigName":"Deceptor:Win32/ChrisPCFreeVideoTubeDownloader!109048059155","lastKnownStatus":"12.10.10;12.18.18;12.19.16","lastKnownDate":"210723","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1629},{"violations":{"ACR-109":"1. The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n2. The app installs FFMPEG Addon program without user consent.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"setup_chrispc_free_videotube_downloader_12_10_10.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"12.10","hashMD5":"f87da5c4de0df626f903122d33e959b1","hashSHA1":"e7e5dc5fb4c487153b83c2201c803a70c6867a4f","hashSHA256":"ea4284fdf594d34b1027134184d507aa4450a0769eb59372c44a27b5fd57ecd6","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2092","avBlockList":["360 Total Security (20211005)","Avast Premium Security (20211005)","AVG Internet Security (20211005)","Avira Internet Security (20211005)","Bitdefender Internet Security (20211005)","COMODO Antivirus (20211005)","Dr.Web Security Space (20211005)","ESET Internet Security (20211005)","K7 Total Security (20211005)","Kaspersky Internet Security (20211005)","Malwarebytes Premium (20211005)","McAfee Total Protection (20211005)","Norton Security (20211005)","Panda Dome (20211005)","Quick Heal Internet Security (20211005)","Sophos Home Premium (20211005)","SpyHunter5 (20211005)","Tencent PC Manager (20211005)","Total AV Antivirus Pro (20211005)","VIPRE Advanced Security (20211005)","VirIT eXplorer PRO (20211005)","Webroot SecureAnywhere (20211005)"],"avAllowList":["G DATA INTERNET SECURITY (20211005)","Trend Micro Internet Security (20211005)","Windows Defender (20211005)"]},{"isRevoked":"False","fileName":"ChrisPCTube.exe","companyName":"Chris P.C. srl","fileVersion":"12.0","hashMD5":"e12c50d949c2dcce9d2804e5c63726fb","hashSHA1":"c9731eefbf85ce301aa39f2cd75d6a5947c53263","hashSHA256":"d0e93a419e6838806d0742497d33e14059451db515394ad8c5ae111fe07cf747","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2092","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.chris-pc.com/index.html","landingPage":"https://www.videoyoutubedownloader.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=18&file=setup_chrispc_free_videotube_downloader.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=18&file=setup_chrispc_free_videotube_downloader.exe","sourceIndex":"2092"}],"sampleFiles":["201012/ChrisPCFVTDownloader-201012/12.10.10/Samples/setup_chrispc_free_videotube_downloader_12_10_10.exe","201012/ChrisPCFVTDownloader-201012/12.10.10/Samples/ChrisPCTube.exe"],"imageFiles":["201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-109/ChrisPC – Free VideoTube Downloader_Install [4] RelevantKnowledge.png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-109/ChrisPC – Free VideoTube Downloader_FFMPEG Addon_Installed [1].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-109/ChrisPC – Free VideoTube Downloader_FFMPEG Addon_Installed [2].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-048/ChrisPC – Free VideoTube Downloader_Install [4] RelevantKnowledge.png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-059/ChrisPC – Free VideoTube Downloader_Install [3] RelevantKnowledge.png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-155/ChrisPC – Free VideoTube Downloader_Install [3] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-065/ChrisPC – Free VideoTube Downloader_Install [1].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-065/ChrisPC – Free VideoTube Downloader_Install [2].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-065/ChrisPC – Free VideoTube Downloader_About [1].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-099/ChrisPC – Free VideoTube Downloader_About [1].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-065/ChrisPC – Free VideoTube Downloader_LandingPage [1].jpg","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-065/ChrisPC_LandingPage [1].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-099/ChrisPC – Free VideoTube Downloader_LandingPage [1].jpg","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-161/ChrisPC – Free VideoTube Downloader_LandingPage [2] Testimonial.png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-065/ChrisPC – Free VideoTube Downloader_OfferPage [3].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-065/ChrisPC_OfferPage [1].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-099/ChrisPC – Free VideoTube Downloader_OfferPage [3].png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-161/ChrisPC – Free VideoTube Downloader_OfferPage [4] Testimonials.png","201012/ChrisPCFVTDownloader-201012/12.10.10/Images/ACR-161/ChrisPC – Free VideoTube Downloader_OfferPage [3].png"],"guid":"574c0868-9a0b-47f9-aa67-d3aad8a47a1d_12.10.10_1","appID":"ChrisPCFVTDownloader-201012","dateAdded":"210723","deceptorType":"Bundler","name":"ChrisPC – Free VideoTube Downloader","company":"Chris P.C. srl.","version":"12.10.10","sigName":"Deceptor:Win32/ChrisPCFreeVideoTubeDownloader!109048059155","lastKnownStatus":"12.10.10;12.18.18;12.19.16","lastKnownDate":"210723","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1630},{"violations":{"EXR-017":"Extension pops fake message and urges the user to install another extension.\n","EXR-025":"Extension misrepresents its functionality. It just launch a website and do nothing. The features described in extension overview is not extension feature, it is website content.\n","EXR-038":"The extension doing nothing but just install, and instruct user to open website, where it urges the user to install another extension.\n","EXR-039":"This extension is associated with the abuse of notifications such as ads, promotions, or unwanted messages that harm the user's browsing.\n","EXR-053":"Extension impersonate chrome browser warnings, prompt false message to urge the user to install an offer.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"CrescentSolitaire.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8439e4f5025b3f96363d6786a3a064adfc0869b76122e287870adaa0326dbdf0","sourceIndex":"1843","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Crescent Solitaire.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"c131409a3b84ce09c12cc0802477b234c1272f5b315a2780751f0941bcaaa4b9","storeId":"enlhdpmgpgjkceigaafndclapkffdonc","sourceIndex":"1843","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store Search - Games","reference":"","landingPage":"  http://crescentsolitaire.crazeforgames.com/crescentsolitaire.htm","directDownloadingLink":"https://chrome.google.com/webstore/detail/crescent-solitaire/enlhdpmgpgjkceigaafndclapkffdonc/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/crescent-solitaire/enlhdpmgpgjkceigaafndclapkffdonc/","sourceIndex":"1843"}],"sampleFiles":["210723/cx-CrescentSolitaire-210723/0.0.4.28/Samples/Crescent Solitaire.zip"],"imageFiles":["210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-053/EXR-053.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-053/EXR-053_1.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-053/EXR-053_2.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-053/EXR-053_3.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-053/EXR-053_4.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-053/EXR-053_5.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-053/EXR-053_6.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-017/EXR-017.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-017/EXR-017_1.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-017/EXR-017_2.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-017/EXR-017_3.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-017/EXR-017_4.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-017/EXR-017_5.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-017/EXR-017_6.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-017/EXR-017_7.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-025/EXR-025.mp4","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-038/EXR-038.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-039/EXR-039.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-039/EXR-039_1.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-039/EXR-039_2.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-039/EXR-039_3.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-039/EXR-039_4.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-039/EXR-039_5.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-039/EXR-039_6.JPG"],"nonDeceptorImageFiles":["210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-002/EXR-002.JPG","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-037/EXR-037.mp4","210723/cx-CrescentSolitaire-210723/0.0.4.28/Images/EXR-042/EXR-042.JPG"],"guid":"dc6a3b5e-aed6-42fd-b0c3-506fa918ee28_0.0.4.28_1","appID":"cx-CrescentSolitaire-210723","dateAdded":"210723","deceptorType":"Browser Extension","name":"Crescent Solitaire","company":"Toon Soolikah","version":"0.0.4.28","sigName":"Deceptor:BEX/CrescentSolitaire!053017025038039","lastKnownStatus":"0.0.4.28","lastKnownDate":"210723","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-07-23T23:46:28.258309+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1627},{"violations":{"ACR-057":"The first and third offer require the user to uncheck a prechecked checkbox in order to decline the offer. The second offer provides an accept and decline button.\n","ACR-053":"App offers three apps but does not provide a skip offers button on the offers.\n","ACR-055":"Decline options aren't consistent. The first and third offer require the user to uncheck a prechecked checkbox in order to decline the offer. The second offer provides an accept and decline button.\n","ACR-155":"Offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The offer requires the user to uncheck a prechecked checkbox in order to decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"DS-Loader_id10sa29bg.exe","isInstaller":"True","companyName":"Grand Media LLC                                             ","fileVersion":"1.11","hashMD5":"803f931716385b4bd39313e81b6cc821","hashSHA1":"336053066028454b6169d5c79e2a33873f9639df","hashSHA256":"d6aff85b4951d55f5db9dedd56e34fb4038e4e8dd198d3a548ce7e6dc965135a","digitalCertThumbprint":"ED590997827949E2FD6B9BE2C6066249E8F65970","digitalCertIssuer":"CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"CN=\"GRAND MEDIA, TOV\", O=\"GRAND MEDIA, TOV\", L=Odesa, S=Odesa, C=UA","sourceIndex":"2121","avBlockList":["360 Total Security (20210928)","Avast Premium Security (20210928)","AVG Internet Security (20210928)","Avira Internet Security (20210928)","Bitdefender Internet Security (20210928)","COMODO Antivirus (20210928)","Dr.Web Security Space (20210928)","ESET Internet Security (20210928)","G DATA INTERNET SECURITY (20210928)","K7 Total Security (20210928)","Kaspersky Internet Security (20210928)","Malwarebytes Premium (20210928)","McAfee Total Protection (20210928)","Norton Security (20210928)","Panda Dome (20210928)","Quick Heal Internet Security (20210928)","Sophos Home Premium (20210928)","SpyHunter5 (20210928)","Tencent PC Manager (20210928)","Total AV Antivirus Pro (20210928)","Trend Micro Internet Security (20210928)","VIPRE Advanced Security (20210928)","VirIT eXplorer PRO (20210928)","Webroot SecureAnywhere (20210928)","Windows Defender (20210928)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://getdstudio.com/10.html","directDownloadingLink":"http://dl2.dstud.io/d/10/DS-Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl2.dstud.io/d/10/DS-Setup.exe","sourceIndex":"2121"}],"sampleFiles":["200826/DownloadStudio-200825/1.11.1.4/Samples/DS-Loader_id10sa29bg.exe"],"imageFiles":["200826/DownloadStudio-200825/1.11.1.4/Images/ACR-053/Screen Shot 2020-08-25 at 2.29.52 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-053/Screen Shot 2020-08-25 at 2.30.16 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-053/Screen Shot 2020-08-25 at 2.31.50 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-055/Screen Shot 2020-08-25 at 2.29.52 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-055/Screen Shot 2020-08-25 at 2.30.16 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-055/Screen Shot 2020-08-25 at 2.31.50 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-057/Screen Shot 2020-08-25 at 2.29.52 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-057/Screen Shot 2020-08-25 at 2.31.50 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-155/Screen Shot 2020-08-25 at 2.31.50 PM.png"],"nonDeceptorImageFiles":["200826/DownloadStudio-200825/1.11.1.4/Images/ACR-054/Screen Shot 2020-08-25 at 2.29.52 PM.png","200826/DownloadStudio-200825/1.11.1.4/Images/ACR-054/Screen Shot 2020-08-25 at 2.31.50 PM.png"],"guid":"d982799e-3fc7-43c1-b0b9-e4f339c4d1c6_1.11.1.4_1","appID":"DownloadStudio-200825","dateAdded":"210721","deceptorType":"App","name":"Download Studio","company":"Download Studio Software","version":"1.11.1.4","sigName":"Deceptor:Win32/DownloadStudio!053055057155","firstVendorContactDate":"220414","firstAppEsteemReplyDate":"220414","firstResolvedDate":"220517","firstResolvedVersion":"1.19.0.0","resolved":"TRUE","lastKnownStatus":"1.11.1.4;1.16.1.2","lastKnownDate":"220517","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-05-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1635},{"violations":{"ACR-048":"The app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\n","ACR-084":"The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy\nThe internal offer page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"latestversion.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"02f66ec00bb594bbf97ece003078d518bc324e7a515e9a9cb74eb3ed323dbca9","sourceIndex":"1845","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"svchostFile.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"f56e433b83135d829f97031b6c29e8f6","hashSHA1":"3cfba0c07515db01007749415a964e901ae64ee4","hashSHA256":"2bf805ec118b865688e5d1ba491eb9c488d58a253842e849da3aee3720a9d4f7","sourceIndex":"1845","avBlockList":["360 Total Security (20210928)","Avast Premium Security (20210928)","AVG Internet Security (20210928)","Avira Internet Security (20210928)","Bitdefender Internet Security (20210928)","ESET Internet Security (20210928)","G DATA INTERNET SECURITY (20210928)","K7 Total Security (20210928)","Kaspersky Internet Security (20210928)","Malwarebytes Premium (20210928)","McAfee Total Protection (20210928)","Norton Security (20210928)","Panda Dome (20210928)","Quick Heal Internet Security (20210928)","Sophos Home Premium (20210928)","SpyHunter5 (20210928)","Tencent PC Manager (20210928)","Total AV Antivirus Pro (20210928)","VIPRE Advanced Security (20210928)","VirIT eXplorer PRO (20210928)","Webroot SecureAnywhere (20210928)","Windows Defender (20210928)"],"avAllowList":["COMODO Antivirus (20210928)","Dr.Web Security Space (20210928)","Trend Micro Internet Security (20210928)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.simplekeylogger.eu/","directDownloadingLink":"http://www.simplekeylogger.eu/latestversion.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.simplekeylogger.eu/latestversion.zip","sourceIndex":"1845"}],"sampleFiles":["210721/SimpleKeylogger-210719/1.0/Samples/latestversion.zip","210721/SimpleKeylogger-210719/1.0/Samples/svchostFile.exe"],"imageFiles":["210721/SimpleKeylogger-210719/1.0/Images/ACR-084/Simple Keylogger _Interactions [1].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-084/Simple Keylogger _Interactions [2].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-084/Simple Keylogger _Interactions [3].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-086/Simple Keylogger _Interactions [3].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-086/Simple Keylogger _Interactions [4].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-048/Simple Keylogger _Interactions [1].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-048/Simple Keylogger _Interactions [2].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-048/Simple Keylogger _Interactions [3].png"],"nonDeceptorImageFiles":["210721/SimpleKeylogger-210719/1.0/Images/ACR-038/Simple Keylogger_FileProperty [1].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-092/Simple Keylogger_FileProperty [2].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-065/Simple Keylogger _Interactions [3].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-099/Simple Keylogger _Interactions [3].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-065/Simple Keylogger _LandingPage [1].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-099/Simple Keylogger _LandingPage [1].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-065/Simple Keylogger _OfferPage [1].png","210721/SimpleKeylogger-210719/1.0/Images/ACR-099/Simple Keylogger _OfferPage [1].png"],"guid":"3b366549-d739-4ebd-b5a8-051b9ab340db_1.0_1","appID":"SimpleKeylogger-210719","dateAdded":"210721","deceptorType":"App","name":"Simple Keylogger","company":"KeySoftic","version":"1.0","sigName":"Deceptor:Win32/SimpleKeyloggerStalkerware!084086048","lastKnownStatus":"1.0","lastKnownDate":"210721","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"none","lastUpdate":"2021-07-21T22:58:02.7965543+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1631},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-007":"The app does not display explicit notification when it is running and requires a hotkey to open it.\n","ACR-084":"The app enables the user to hide the app from the system tray, the desktop, and the installed program list. The app is installed in a hidden folder and requires a hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence\n","ACR-097":"The app's FAQ page  recommends the user to disable anti-virus list in order to prevent detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \" uanx.exe”, which is not related to the name \"KISS Keylogger\", which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The app is installed in a hidden folder \"ProgramData\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App shows different names as \" uanx.exe \" in the running service/apps section.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"uanx.exe","companyName":"FI Soft","fileVersion":"3.4","hashMD5":"afb04adbbf5820f86eff3b8b620f17da","hashSHA1":"3f898d4e5e8244f10205bcbf21fb5f35653717cf","hashSHA256":"114d32dabda91b6ab94ffbb642d1951a9fc9cd9cfe58d613df926bf3d36b8884","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"1847","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"kisskeyloggerpkg_3.4.4.0.exe","isInstaller":"True","companyName":"FI Soft","fileVersion":"3.4","hashMD5":"c5c4b8cc9e4174a5ae95227ea4c362a9","hashSHA1":"29bbf47ed95e0bc48339a6426d0896022101228e","hashSHA256":"48d064e89f87908cadea5a0ed529331eef036fbbe7eb31305cd4ddcad3e0d96e","digitalCertThumbprint":"403E281F72B49E00B6936C3C7E32FCC2C03EC19B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valery Kuzniatsou, O=Valery Kuzniatsou, STREET=Slobodskaia st. 167-101, L=Minsk, S=Minsk, PostalCode=220025, C=BY","sourceIndex":"1847","avBlockList":["360 Total Security (20210928)","Avast Premium Security (20210928)","AVG Internet Security (20210928)","Avira Internet Security (20210928)","Bitdefender Internet Security (20210928)","Dr.Web Security Space (20210928)","ESET Internet Security (20210928)","G DATA INTERNET SECURITY (20210928)","K7 Total Security (20210928)","Kaspersky Internet Security (20210928)","Malwarebytes Premium (20210928)","McAfee Total Protection (20210928)","Norton Security (20210928)","Panda Dome (20210928)","Quick Heal Internet Security (20210928)","Sophos Home Premium (20210928)","SpyHunter5 (20210928)","Tencent PC Manager (20210928)","Total AV Antivirus Pro (20210928)","VIPRE Advanced Security (20210928)","VirIT eXplorer PRO (20210928)","Webroot SecureAnywhere (20210928)","Windows Defender (20210928)"],"avAllowList":["COMODO Antivirus (20210928)","Trend Micro Internet Security (20210928)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://windows.en.all-softwares.com/download-kisskey-keylogger-for-windows-8.php","directDownloadingLink":"http://download.all-softwares.com/kisskeyloggerpkg_3.4.4.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.all-softwares.com/kisskeyloggerpkg_3.4.4.0.exe","sourceIndex":"1847"}],"sampleFiles":["210721/KISSKeylogger-210721/3.4.4.0/Samples/uanx.exe","210721/KISSKeylogger-210721/3.4.4.0/Samples/kisskeyloggerpkg_3.4.4.0.exe"],"imageFiles":["210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-084/KISS Keylogger_Install [4].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-084/KISS Keylogger_Interactions [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-086/KISS Keylogger_Install [4].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-086/KISS Keylogger_Interactions [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-086/KISS Keylogger_Interactions [2].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-097/KISS Keylogger_LandingPage [2].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-048/KISS Keylogger_Interactions [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-007/KISS Keylogger_Interactions [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-007/KISS Keylogger_Install [4].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-007/KISS Keylogger_RunningProcess [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-014/KISS Keylogger_RunningProcess [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-116/KISS Keylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-040/KISS Keylogger_Files [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-065/KISS Keylogger_Install [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-065/KISS Keylogger_Install [2].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-065/KISS Keylogger_Install [3].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-065/KISS Keylogger_About [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-002/KISS Keylogger_RunningProcess [1].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-065/KISS Keylogger_LandingPage [4].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-161/KISS Keylogger_LandingPage [3].png","210721/KISSKeylogger-210721/3.4.4.0/Images/ACR-065/KISS Keylogger_OfferPage [1].png"],"guid":"44be5481-f719-4aa8-96ea-12b43f428e16_3.4.4.0_1","appID":"KISSKeylogger-210721","dateAdded":"210721","deceptorType":"App","name":"KISS Keylogger","company":"First International Soft","version":"3.4.4.0","sigName":"Deceptor:Win32/KISSKeylogger!084086097048007014116","lastKnownStatus":"3.4.4.0","lastKnownDate":"210721","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-21T18:44:42.0514918+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1632},{"violations":{"ACR-057":"The offer require the user to uncheck a prechecked checkbox in order to decline the offer. \n","ACR-059":"The offer is not clearly marked as offer in the installation flow.\n","ACR-155":"Offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DS-Setup_id10sb20dq.exe","isInstaller":"True","companyName":"Download Studio Software                                    ","fileVersion":"1.16","hashMD5":"e7f4bda803a1947e53b88930b23818a3","hashSHA1":"a693dd69f6afbe15645dc0a821f472431b6290fb","hashSHA256":"c125680407b3258c2c21cb319084270781b16bfd9e6f02473d10c10feab1d5a4","digitalCertThumbprint":"F134721AD8ED89B09DE7B3BC99D1F08A9B88F386","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NowusGroup ApS, O=NowusGroup ApS, STREET=Egå Havvej 2B, L=Egå, PostalCode=8250, C=DK","sourceIndex":"1604","avBlockList":["360 Total Security (20211111)","Avira Internet Security (20211111)","COMODO Antivirus (20211111)","Dr.Web Security Space (20211111)","ESET Internet Security (20211111)","G DATA INTERNET SECURITY (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Total AV Antivirus Pro (20211111)","Trend Micro Internet Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":["Avast Premium Security (20211111)","AVG Internet Security (20211111)","Bitdefender Internet Security (20211111)","Tencent PC Manager (20211111)","VIPRE Advanced Security (20211111)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://getdstudio.com/10.html","directDownloadingLink":"http://dl2.dstud.io/d/10/DS-Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl2.dstud.io/d/10/DS-Setup.exe","sourceIndex":"1604"}],"sampleFiles":["210721/DownloadStudio-200825/1.16.1.2/Samples/DS-Setup_id10sb20dq.exe"],"imageFiles":["210721/DownloadStudio-200825/1.16.1.2/Images/ACR-057/DSinstall.PNG","210721/DownloadStudio-200825/1.16.1.2/Images/ACR-057/DS_Offer_Opera.JPG","210721/DownloadStudio-200825/1.16.1.2/Images/ACR-059/DS_Offer_Opera.JPG","210721/DownloadStudio-200825/1.16.1.2/Images/ACR-155/Download Studio_Install [2].png"],"nonDeceptorImageFiles":[],"guid":"d982799e-3fc7-43c1-b0b9-e4f339c4d1c6_1.16.1.2_1","appID":"DownloadStudio-200825","dateAdded":"210721","deceptorType":"App","name":"Download Studio","company":"Download Studio Software","version":"1.16.1.2","sigName":"Deceptor:Win32/DownloadStudio!057059155","firstVendorContactDate":"220414","firstAppEsteemReplyDate":"220414","firstResolvedDate":"220517","firstResolvedVersion":"1.19.0.0","resolved":"TRUE","lastKnownStatus":"1.11.1.4;1.16.1.2","lastKnownDate":"220517","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-05-17T20:52:05.3249462+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1633},{"violations":{"ACR-057":"The offer require the user to uncheck a prechecked checkbox in order to decline the offer. \n","ACR-059":"The offer is not clearly marked as offer in the installation flow.\n","ACR-155":"Offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-054":"The offer requires the user to uncheck a prechecked checkbox in order to decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"DS-Loader_id10sc437h.exe","isInstaller":"True","companyName":"Download Studio Software                                    ","fileVersion":"1.16","hashMD5":"60f00fbae342a597dbc1f4ae93711915","hashSHA1":"758ed4b1cd3df997eb91a32372a1175e2c59a689","hashSHA256":"0b0e5f8ade3534e3da529588dc5036cb302439a72c32d40f7d3ab48bf20486e4","digitalCertThumbprint":"63A93476A4FA3F1BCCA57CFB7CA789588A3E463B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Kabelsmeden ApS, O=Kabelsmeden ApS, STREET=Virkeholm 3B, L=Herlev, PostalCode=2730, C=DK","sourceIndex":"1887","avBlockList":["360 Total Security (20210708)","Avira Internet Security (20210708)","Bitdefender Internet Security (20210708)","COMODO Antivirus (20210708)","Dr.Web Security Space (20210708)","ESET Internet Security (20210708)","G DATA INTERNET SECURITY (20210708)","K7 Total Security (20210708)","Kaspersky Internet Security (20210708)","Malwarebytes Premium (20210708)","McAfee Total Protection (20210708)","Norton Security (20210708)","Panda Dome (20210708)","Quick Heal Internet Security (20210708)","Sophos Home Premium (20210708)","SpyHunter5 (20210708)","Total AV Antivirus Pro (20210708)","VIPRE Advanced Security (20210708)","VirIT eXplorer PRO (20210708)","Webroot SecureAnywhere (20210708)","Windows Defender (20210708)"],"avAllowList":["Avast Premium Security (20210708)","AVG Internet Security (20210708)","Tencent PC Manager (20210708)","Trend Micro Internet Security (20210708)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://getdstudio.com/10.html","directDownloadingLink":"https://dl2.dstud.io/d/10/DS-Setup.exe?","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl2.dstud.io/d/10/DS-Setup.exe?","sourceIndex":"1887"}],"sampleFiles":["210617/DownloadStudio-200825/1.16.1.1/Samples/DS-Loader_id10sc437h.exe"],"imageFiles":["210617/DownloadStudio-200825/1.16.1.1/Images/ACR-057/Download Studio_Install [2].png","210617/DownloadStudio-200825/1.16.1.1/Images/ACR-059/Download Studio_Install [2].png","210617/DownloadStudio-200825/1.16.1.1/Images/ACR-155/Download Studio_Install [2].png"],"nonDeceptorImageFiles":["210617/DownloadStudio-200825/1.16.1.1/Images/ACR-054/Download Studio_Install [2].png"],"guid":"d982799e-3fc7-43c1-b0b9-e4f339c4d1c6_1.16.1.1_1","appID":"DownloadStudio-200825","dateAdded":"210721","deceptorType":"App","name":"Download Studio","company":"Download Studio Software","version":"1.16.1.1","sigName":"Deceptor:Win32/DownloadStudio!057059155","firstVendorContactDate":"220414","firstAppEsteemReplyDate":"220414","firstResolvedDate":"220517","firstResolvedVersion":"1.19.0.0","resolved":"TRUE","lastKnownStatus":"1.11.1.4;1.16.1.2","lastKnownDate":"220517","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-05-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1634},{"violations":{"ACR-057":"There is no clear way to decline the offer because the pre-checked checkbox is hidden in the icon.\n","ACR-055":"The bundler made offers do not make the action of deselecting or declining offers obvious to the consumer\n"},"nonDeceptorViolations":{"ACR-054":"The bundler made offers and did not provide option for user to decline the offers.\n"},"samples":[{"isRevoked":"False","fileName":"Freemake+Video+Downloader_049712546848.exe","isInstaller":"True","companyName":"-","fileVersion":"3.2","hashMD5":"325bfe9950697b0808ab259363188b25","hashSHA1":"1fc745f982ca435ee125bac4a54dec7c0f28e143","hashSHA256":"4e94d8ce172b6579b47b88805ba9d4a88fe90c8643856186e7938b1ee68eaaba","digitalCertThumbprint":"7ECDE614866D89E477F08865165C6D0C763CE4F8","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Guangdong Fengqi Technology Co., Ltd.\", OU=IT, O=\"Guangdong Fengqi Technology Co., Ltd.\", L=东莞市, S=广东省, C=CN, SERIALNUMBER=91441900MA4X7P7J07, OID.1.3.6.1.4.1.311.60.2.1.1=东莞市, OID.1.3.6.1.4.1.311.60.2.1.2=广东省, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization","sourceIndex":"1851","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://mydown.yesky.com/pcsoft/33521443.html","directDownloadingLink":"https://ys-ky.oss-cn-guangzhou.aliyuncs.com/download/Freemake+Video+Downloader_049712546848.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ys-ky.oss-cn-guangzhou.aliyuncs.com/download/Freemake+Video+Downloader_049712546848.exe","sourceIndex":"1851"}],"sampleFiles":["210715/FreemakeVideoDownloader-210715/3.8.3.8/Samples/Freemake+Video+Downloader_049712546848.exe"],"imageFiles":["210715/FreemakeVideoDownloader-210715/3.8.3.8/Images/ACR-057/FreeMake Video Downloader_Install [2].png","210715/FreemakeVideoDownloader-210715/3.8.3.8/Images/ACR-057/FreeMake Video Downloader_Install [3].png","210715/FreemakeVideoDownloader-210715/3.8.3.8/Images/ACR-055/FreeMake Video Downloader_Install [2].png","210715/FreemakeVideoDownloader-210715/3.8.3.8/Images/ACR-055/FreeMake Video Downloader_Install [3].png"],"nonDeceptorImageFiles":["210715/FreemakeVideoDownloader-210715/3.8.3.8/Images/ACR-054/FreeMake Video Downloader_Install [2].png","210715/FreemakeVideoDownloader-210715/3.8.3.8/Images/ACR-054/FreeMake Video Downloader_Install [3].png"],"guid":"9f08f347-bf7d-447c-ac5e-f748bc53d0f9_3.8.3.8_1","appID":"FreemakeVideoDownloader-210715","dateAdded":"210715","deceptorType":"Bundler","name":"Freemake Video Downloader ","company":"Guangdong Fengqi Technology Co., Ltd","version":"3.8.3.8","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"cross-sell other apps,display ads","lastUpdate":"2021-07-15T16:14:12.169908+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":1636},{"violations":{"ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer. The app can then only be reopened with a hotkey and password.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n","ACR-014":"The app calls itself \" wmpusrvc.exe”, which is not related to the name \"Silent Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer and main executable do not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables. The application is installed in a directory that does not disclose the app's name, making it hard for the consumer to identify where it is located.\n","ACR-040":"The application is not installed in the standard location. The application was installed in a App data hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy.\nThe internal offers page does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy.\n","ACR-002":"The App shows different names as \" wmpusrvc.exe\" in the running service/apps section.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"silentkeylogger.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"5038713ee8295ae45ab878a419e789f2","hashSHA1":"83d554c5153fe9a5e4aec2526b75390b71165653","hashSHA256":"450a21f78c3120063be361dd43127b4653b71b6e62200e74bc8c3bffbe482e80","sourceIndex":"1856","avBlockList":["360 Total Security (20210928)","Avast Premium Security (20210928)","AVG Internet Security (20210928)","Avira Internet Security (20210928)","Bitdefender Internet Security (20210928)","ESET Internet Security (20210928)","G DATA INTERNET SECURITY (20210928)","K7 Total Security (20210928)","Kaspersky Internet Security (20210928)","Malwarebytes Premium (20210928)","McAfee Total Protection (20210928)","Norton Security (20210928)","Panda Dome (20210928)","Quick Heal Internet Security (20210928)","Sophos Home Premium (20210928)","SpyHunter5 (20210928)","Tencent PC Manager (20210928)","Total AV Antivirus Pro (20210928)","Trend Micro Internet Security (20210928)","VIPRE Advanced Security (20210928)","VirIT eXplorer PRO (20210928)","Webroot SecureAnywhere (20210928)","Windows Defender (20210928)"],"avAllowList":["COMODO Antivirus (20210928)","Dr.Web Security Space (20210928)"]},{"isRevoked":"False","fileName":"wmpusrvc.exe","fileVersion":"0.0","hashMD5":"98abc223c500db8999dae4fd8af5e64e","hashSHA1":"8187bd956f078e29b77a3969309dc9caf4c32764","hashSHA256":"ab903ee9a4fa4a23e0557eeaccd2a095e8190aaae270ab4e06415d329f02f543","sourceIndex":"1856","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.silentkeylogger.com/","directDownloadingLink":"http://www.silentkeylogger.com/downloads/silentkeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.silentkeylogger.com/downloads/silentkeylogger.exe","sourceIndex":"1856"}],"sampleFiles":["210713/SilentKeylogger-210713/1.40.55/Samples/silentkeylogger.exe","210713/SilentKeylogger-210713/1.40.55/Samples/wmpusrvc.exe"],"imageFiles":["210713/SilentKeylogger-210713/1.40.55/Images/ACR-007/Silent Keylogger _Interactions [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-007/Silent Keylogger _Interactions [2].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-007/Silent Keylogger _Interactions [3].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-007/Silent Keylogger _Interactions [4].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-084/Silent Keylogger _Interactions [3].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-084/Silent Keylogger _Files[1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-084/Silent Keylogger _Interactions [2].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-084/Silent Keylogger _Interactions [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-086/Silent Keylogger _Interactions [3].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-086/Silent Keylogger _Interactions [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-086/Silent Keylogger _Interactions [2].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-014/Silent Keylogger _RunningProcess [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-116/Silent Keylogger _ControlPanel [1].png"],"nonDeceptorImageFiles":["210713/SilentKeylogger-210713/1.40.55/Images/ACR-038/Silent Keylogger _FileProperty [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-038/Silent Keylogger _Files[1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-040/Silent Keylogger _Files[1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-065/Silent Keylogger _Install [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-065/Silent Keylogger _Install [2].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-065/Silent Keylogger _Install [4].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-065/Silent Keylogger _About [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-002/Silent Keylogger _RunningProcess [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-065/Silent Keylogger _LandingPage [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-099/Silent Keylogger _LandingPage [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-017/Silent Keylogger _LandingPage [2].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-065/Silent Keylogger _OfferPage [1].png","210713/SilentKeylogger-210713/1.40.55/Images/ACR-099/Silent Keylogger _OfferPage [1].png"],"guid":"115f69c2-1e53-4bc7-8369-176e2fb6273d_1.40.55_1","appID":"SilentKeylogger-210713","dateAdded":"210713","deceptorType":"App","name":"Silent Keylogger","company":"Keylack Software, Inc","version":"1.40.55","sigName":"Deceptor:Win32/SilentKeyloggerStalkerware!007084086014116","lastKnownStatus":"1.40.55","lastKnownDate":"210713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-07-13T21:08:44.3413542+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1637},{"violations":{"ACR-048":"The app does not provide any control to close the process \"YoutubeToMP3.exe\".\n","ACR-084":"The process \"YoutubeToMP3.exe\" runs in background silently without any notification.\n","ACR-103":"The process \"YoutubeToMP3.exe\" runs in background after installation without displaying the software's UI, thus couldn't verify the value proposition of the app.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs in \"AppData/Roaming\", instead of a standard location, without any disclosure.\n","ACR-065":" The app does not provide Privacy policy during installation.\nThe app does not provide EULA and Privacy policy in the Software.\n","ACR-092":"The Digital signature is not provided for the executable: \"YoutubeToMP3.exe\" and also for any of the components of the software.\n","ACR-099":"The app does not provide uninstall information in the software.\nThe app does not provide uninstall information in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\User\\AppData\\Roaming\\YoutubeToMP3\\YoutubeToMP3.exe","companyName":"YoutubeToMP3 tech","productName":"YoutubeToMP3 Ltd","productVersion":"29.3.1768","fileVersion":"18.3.8444","hashMD5":"ce97ea87ab13114c998de9adcc14c917","hashSHA1":"70100fd4138989427903648ddaaf22de657809f3","hashSHA256":"a353aa91f93e9911e2094fa4799407fef789d3dd08d438bc0d37bda4bfcd0d3d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"1857","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"YoutubeToMP3 Installation.exe","isInstaller":"True","companyName":"YoutubeToMP3","productName":"YoutubeToMP3","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"9de7f5ccc1069218e4ee624037c0e18f","hashSHA1":"a7f08e999599ddca372d183d0aeb38cfabedc815","hashSHA256":"53436e9b4f73945e2d39db7bf838a40a536deef686be56f9aad98f374b4e69da","digitalCertThumbprint":"8D64596E4AEEF11527ED005D810DF0E366412134","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"OROMA LTD","storeId":"","sourceIndex":"1857","avBlockList":["360 Total Security (20211005)","Avast Premium Security (20211005)","AVG Internet Security (20211005)","Avira Internet Security (20211005)","Bitdefender Internet Security (20211005)","COMODO Antivirus (20211005)","ESET Internet Security (20211005)","G DATA INTERNET SECURITY (20211005)","K7 Total Security (20211005)","Kaspersky Internet Security (20211005)","Malwarebytes Premium (20211005)","McAfee Total Protection (20211005)","Norton Security (20211005)","Panda Dome (20211005)","Quick Heal Internet Security (20211005)","Sophos Home Premium (20211005)","SpyHunter5 (20211005)","Tencent PC Manager (20211005)","Total AV Antivirus Pro (20211005)","Trend Micro Internet Security (20211005)","VIPRE Advanced Security (20211005)","VirIT eXplorer PRO (20211005)","Webroot SecureAnywhere (20211005)","Windows Defender (20211005)"],"avAllowList":["Dr.Web Security Space (20211005)"]}],"additionalFiles":[],"sources":[{"howFound":"Ads pop up from blur.live data page","reference":"https://www.y2mate.com/es/youtube/KtjD7oCn7o8","landingPage":"https://www.verified-apps.com/YoutubeToMP3/welcome/p19pa.html","directDownloadingLink":"https://www.mediafire.com/file/6sqb7d9zq8908be/YoutubeToMP3_Installation.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.mediafire.com/file/6sqb7d9zq8908be/YoutubeToMP3_Installation.exe","sourceIndex":"1857"}],"sampleFiles":["210712/YoutubeToMp3-210708/1.0.0/Samples/YoutubeToMP3 Installation.exe"],"imageFiles":["210712/YoutubeToMp3-210708/1.0.0/Images/ACR-084/ACR-084_Software_RunsIn_Background.JPG","210712/YoutubeToMp3-210708/1.0.0/Images/ACR-048/ACR-048_Software_No_Control.JPG"],"nonDeceptorImageFiles":["210712/YoutubeToMp3-210708/1.0.0/Images/ACR-040/ACR-040_Install_HiddenLocation.JPG","210712/YoutubeToMp3-210708/1.0.0/Images/ACR-065/ACR-065_Install_No_Docs.JPG","210712/YoutubeToMp3-210708/1.0.0/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","210712/YoutubeToMp3-210708/1.0.0/Images/ACR-099/ACR-099_Landingpage_No_UninstallInfo.JPG"],"guid":"50d665eb-b894-474f-8120-2c5469ebf161_1.0.0_1","appID":"YoutubeToMp3-210708","dateAdded":"210712","deceptorType":"App","name":"Youtube To Mp3","company":"OROMA LTD","version":"1.0.0","sigName":"Deceptor:Win32/YoutubeToMp3!048084103","lastKnownDate":"210712","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Android,Chrome,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","lastUpdate":"2021-07-12T16:09:50.8405194+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1638},{"violations":{"ACR-004":"App doesn't provide substantiated details. Seeing details requires payment. App requires the payment to fix those items reported during free scan which are not able to be verified. \n","ACR-010":"Application displays ad of CleanDrive, which is a published deceptor. \n"},"nonDeceptorViolations":{"ACR-065":"The install page does not contain links to the app's Returns and Cancellations Policy and Privacy Policy. \nThe app does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe landing page does not display links to the EULA and/or Terms of Service.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\n","ACR-167":"There is no refund policy provided for this application.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"Autostart_Cleaner.exe","isInstaller":"True","companyName":"GSA","fileVersion":"2.4.5","hashMD5":"3c6fec61cc56add85b07787e876a8386","hashSHA1":"9ee71f2b672f25c82436762053e2eb7524621a4d","hashSHA256":"f52163e5d89adf542121c75379bb67eaecbc58bb5153877b8ff6d576d484feb2","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"1859","avBlockList":["360 Total Security (20211007)","Avast Premium Security (20211007)","AVG Internet Security (20211007)","Avira Internet Security (20211007)","ESET Internet Security (20211007)","K7 Total Security (20211007)","McAfee Total Protection (20211007)","Norton Security (20211007)","Panda Dome (20211007)","Sophos Home Premium (20211007)","SpyHunter5 (20211007)","Total AV Antivirus Pro (20211007)","VirIT eXplorer PRO (20211007)","Webroot SecureAnywhere (20211007)","Windows Defender (20211007)"],"avAllowList":["Bitdefender Internet Security (20211007)","COMODO Antivirus (20211007)","Dr.Web Security Space (20211007)","G DATA INTERNET SECURITY (20211007)","Kaspersky Internet Security (20211007)","Malwarebytes Premium (20211007)","Quick Heal Internet Security (20211007)","Tencent PC Manager (20211007)","Trend Micro Internet Security (20211007)","VIPRE Advanced Security (20211007)"]},{"isRevoked":"False","fileName":"autostart_cleaner_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"b571aacc4c1e0e1f46d2ed16aa26889e","hashSHA1":"6361f743e9e803b9a292f3433a66341b957cba5a","hashSHA256":"e386a5d7163c425ad5fcf0cc7d14e575cfe40c49d1ff166bd6e1f44d55a8393a","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"1859","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google search","landingPage":"https://www.gsa-online.de/product/autostart_cleaner/","directDownloadingLink":"https://www.gsa-online.de/download/autostart_cleaner_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/autostart_cleaner_setup.exe","sourceIndex":"1859"}],"sampleFiles":["210708/GSAAutostartCleaner-190610/2.45/Samples/Autostart_Cleaner.exe","210708/GSAAutostartCleaner-190610/2.45/Samples/autostart_cleaner_setup.exe"],"imageFiles":["210708/GSAAutostartCleaner-190610/2.45/Images/ACR-010/GSAAutostartCleaner_Interactions [4].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-004/GSAAutostartCleaner_Interactions [2].png"],"nonDeceptorImageFiles":["210708/GSAAutostartCleaner-190610/2.45/Images/ACR-065/GSAAutostartCleaner_Install [1].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-065/GSAAutostartCleaner_Install [6].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-065/GSAAutostartCleaner_About [1].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-065/GSAAutostartCleaner_LandingPage [3].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-161/GSAAutostartCleaner_LandingPage [1].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-099/GSAAutostartCleaner_About [1].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-099/GSAAutostartCleaner_LandingPage [3].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-167/GSAAutostartCleaner_LandingPage [2].png","210708/GSAAutostartCleaner-190610/2.45/Images/ACR-166/GSAAutostartCleaner_OfferPage [1].png"],"guid":"74a3d17a-8af4-449d-8349-7be56dcbeb74_2.45_1","appID":"GSAAutostartCleaner-190610","dateAdded":"210708","deceptorType":"App","name":"GSA Autostart Cleaner","company":"GSA Software","version":"2.45","lastKnownStatus":"Deceptor:2.42;2.4.3;2.44;2.45","lastKnownDate":"210708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows Vista,Windows XP,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2021-07-08T22:37:08.601426+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1639},{"violations":{"ACR-004":"App doesn't provide substantiated details. Seeing details requires payment. App requires the payment to fix those items reported during free scan which are not able to be verified. \n","ACR-010":"Application displays ad of CleanDrive, which is a published deceptor. \n"},"nonDeceptorViolations":{"ACR-065":"The install page does not contain links to the app's Returns and Cancellations Policy and Privacy Policy. \nThe app does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe landing page does not display links to the EULA and/or Terms of Service.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\n","ACR-167":"There is no refund policy provided for this application.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"autostart_cleaner_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"9a5b378ce3ba4d5163de6eff354c1cbb","hashSHA1":"70a945faee12384d09de13bc540ec3e1e0287f31","hashSHA256":"c9fd35a73301c013c0f5c2b703f42f39a704ba6bce626411d24214786cf68155","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"2031","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Bitdefender Internet Security (20210420)","ESET Internet Security (20210420)","K7 Total Security (20210420)","Malwarebytes Premium (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":["Avira Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","G DATA INTERNET SECURITY (20210420)","Kaspersky Internet Security (20210420)","McAfee Total Protection (20210420)","Total AV Antivirus Pro (20210420)","Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"Autostart_Cleaner.exe","companyName":"GSA","fileVersion":"2.4","hashMD5":"9d24a2505f42a5b46e9bfb919eca9060","hashSHA1":"28e6ed253b513e12f278a064e4f091bbeb6a1a44","hashSHA256":"35d5960b63a55105ba7d3c7e0ca9767ec8c7ffa5b2790a8be75d35a5f0747af7","digitalCertThumbprint":"F19B05B2C406A06B1A801B170955F1693C84C9C6","digitalCertIssuer":"CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US","digitalCertIssuedTo":"OID.1.3.6.1.4.1.311.60.2.1.3=DE, OID.1.3.6.1.4.1.311.60.2.1.2=Mecklenburg Vorpommern, OID.1.3.6.1.4.1.311.60.2.1.1=Rostock, OID.2.5.4.15=Private Organization, CN=Gesellschaft für Softwareentwicklung und Analytik GmbH, SERIALNUMBER=HRB 12514, O=Gesellschaft für Softwareentwicklung und Analytik GmbH, L=Rostock, S=Mecklenburg Vorpommern, C=DE","sourceIndex":"2031","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google search","landingPage":"https://www.gsa-online.de/product/autostart_cleaner/","directDownloadingLink":"https://www.gsa-online.de/download/autostart_cleaner_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/autostart_cleaner_setup.exe","sourceIndex":"2031"}],"sampleFiles":["201209/GSAAutostartCleaner-190610/2.44/Samples/autostart_cleaner_setup.exe","201209/GSAAutostartCleaner-190610/2.44/Samples/Autostart_Cleaner.exe"],"imageFiles":["201209/GSAAutostartCleaner-190610/2.44/Images/ACR-010/GSAAutostartCleaner_Interactions [4].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-004/GSAAutostartCleaner_Interactions [2].png"],"nonDeceptorImageFiles":["201209/GSAAutostartCleaner-190610/2.44/Images/ACR-065/GSAAutostartCleaner_Install [1].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-065/GSAAutostartCleaner_Install [6].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-065/GSAAutostartCleaner_About [1].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-065/GSAAutostartCleaner_LandingPage [3].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-161/GSAAutostartCleaner_LandingPage [1].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-099/GSAAutostartCleaner_About [1].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-099/GSAAutostartCleaner_LandingPage [3].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-167/GSAAutostartCleaner_LandingPage [2].png","201209/GSAAutostartCleaner-190610/2.44/Images/ACR-166/GSAAutostartCleaner_OfferPage [1].png"],"guid":"74a3d17a-8af4-449d-8349-7be56dcbeb74_2.44_1","appID":"GSAAutostartCleaner-190610","dateAdded":"210708","deceptorType":"App","name":"GSA Autostart Cleaner","company":"GSA Software","version":"2.44","sigName":"Deceptor:Win32/GSAAutostartCleaner!004010","lastKnownStatus":"Deceptor:2.42;2.4.3;2.44;2.45","lastKnownDate":"210708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows Vista,Windows XP,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,cross-sell other apps","lastUpdate":"2021-07-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1640},{"violations":{"ACR-004":"App doesn't provide substantiated details. Seeing details requires payment. App requires the payment to fix those items reported during free scan which are not able to be verified. \n","ACR-010":"Application displays ad of CleanDrive, which is a published deceptor. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"autostart_cleaner_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","fileVersion":"0.0","hashMD5":"086bb6965dfbcd9b478079c695610cb5","hashSHA1":"cc0b1ba9ca51675a8e09f5a5cdda7a1dde206209","hashSHA256":"f788c9438e33025dd0145b5d003659f2ae48cef7995f0a403fff4127ffe574a5","digitalCertThumbprint":"C790A0E6E549B741406F167658A6E7D5D402F674","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, O=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, STREET=Krischanweg 7, L=Rostock, S=Mecklenburg-Vorpommern, PostalCode=18059, C=DE","sourceIndex":"2152","avBlockList":["360 Total Security (20211209)","Avast Premium Security (20211209)","AVG Internet Security (20211209)","Avira Internet Security (20211209)","Dr.Web Security Space (20211209)","ESET Internet Security (20211209)","K7 Total Security (20211209)","Malwarebytes Premium (20211209)","McAfee Total Protection (20211209)","Norton Security (20211209)","Panda Dome (20211209)","Quick Heal Internet Security (20211209)","Sophos Home Premium (20211209)","SpyHunter5 (20211209)","VirIT eXplorer PRO (20211209)","Webroot SecureAnywhere (20211209)","Windows Defender (20211209)"],"avAllowList":["Bitdefender Internet Security (20211209)","COMODO Antivirus (20211209)","G DATA INTERNET SECURITY (20211209)","Kaspersky Internet Security (20211209)","Tencent PC Manager (20211209)","Total AV Antivirus Pro (20211209)","Trend Micro Internet Security (20211209)","VIPRE Advanced Security (20211209)"]},{"isRevoked":"False","fileName":"Autostart_Cleaner.exe","companyName":"GSA","fileVersion":"2.4","hashMD5":"86cc8fb59f4bed19f52bfa46ea11b709","hashSHA1":"908c338ee9ba1aed1d6b24bbfc453cc45db595fb","hashSHA256":"8bc3c11b828ea37efdb2d342440095a61301bd9646ac6f7296a775d771795af7","digitalCertThumbprint":"C790A0E6E549B741406F167658A6E7D5D402F674","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, O=GSA Geselschaft fuer Softwareentwicklung und Analytik GmbH, STREET=Krischanweg 7, L=Rostock, S=Mecklenburg-Vorpommern, PostalCode=18059, C=DE","sourceIndex":"2152","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google search","landingPage":"https://www.gsa-online.de/product/autostart_cleaner/","directDownloadingLink":"https://www.gsa-online.de/download/autostart_cleaner_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/autostart_cleaner_setup.exe","sourceIndex":"2152"}],"sampleFiles":["200722/GSAAutostartCleaner-190610/2.43/Samples/autostart_cleaner_setup.exe","200722/GSAAutostartCleaner-190610/2.43/Samples/Autostart_Cleaner.exe"],"imageFiles":["200722/GSAAutostartCleaner-190610/2.43/Images/ACR-010/010-GSAAutostartCleaner.PNG","200722/GSAAutostartCleaner-190610/2.43/Images/ACR-004/004-GSAAutostartCleaner.PNG"],"nonDeceptorImageFiles":[],"guid":"74a3d17a-8af4-449d-8349-7be56dcbeb74_2.43_1","appID":"GSAAutostartCleaner-190610","dateAdded":"210708","deceptorType":"App","name":"GSA Autostart Cleaner","company":"GSA Software","version":"2.43","sigName":"Deceptor:Win32/GSAAutostartCleaner!004010","lastKnownStatus":"Deceptor:2.42;2.4.3;2.44;2.45","lastKnownDate":"210708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2021-07-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1641},{"violations":{"ACR-004":"App doesn't provide substantiated details. Seeing details requires payment. App requires the payment to fix those items reported during free scan which are not able to be verified. \n","ACR-010":"Application displays ad of CleanDrive, which is a published deceptor. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"autostart_cleaner_setup.exe","isInstaller":"True","companyName":"GSA Software                                                ","productName":"GSA Autostart Cleaner","productVersion":"2.42","fileVersion":"0.0","hashMD5":"0307699d32e2e1c387479057a722d432","hashSHA1":"8d74a5e5ff098085a8f81444c00cf726dcf72bae","hashSHA256":"1cc0fd144ac9b16fb663bbcbe1256a17200ce5936b4dafa5af6b725179c0679d","digitalCertThumbprint":"765B93721F53918B60F79D99C312EB27B1B6D03F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Geselschaft fuer Softwareentwicklung und Analytik GmbH, O=Geselschaft fuer Softwareentwicklung und Analytik GmbH, STREET=Krischanweg 7, L=Rostock, S=Outside United States, PostalCode=18069, C=DE","sourceIndex":"2982","avBlockList":["Avast Internet Security (20190909)","AVG Internet Security (20211014)","Bitdefender Internet Security (20211014)","ESET Internet Security (20211014)","G DATA INTERNET SECURITY (20211014)","K7 Total Security (20211014)","Kaspersky Internet Security (20211014)","Malwarebytes Premium (20211014)","McAfee Total Protection (20211014)","Norton Security (20211014)","Panda Dome (20211014)","Quick Heal Internet Security (20211014)","Sophos Home Premium (20211014)","Tencent PC Manager (20211014)","Trend Micro Internet Security (20211014)","VIPRE Advanced Security (20211014)","VirIT eXplorer PRO (20211014)","Webroot SecureAnywhere (20211014)","Windows Defender (20211014)","Avast Premium Security (20211014)","SpyHunter5 (20211014)"],"avAllowList":["360 Total Security (20211014)","Avira Internet Security (20211014)","COMODO Antivirus (20211014)","Dr.Web Security Space (20211014)","Total AV Antivirus Pro (20211014)"]},{"isRevoked":"False","fileName":"Autostart_Cleaner.exe","companyName":"GSA","productName":"GSA Autostart Cleaner","productVersion":"2.42","fileVersion":"2.4","hashMD5":"f52e4c0d449de28a5d75385acc52cefd","hashSHA1":"17c4a835c38f24619cfaacddca80e58809359379","hashSHA256":"4cac1f66f5e6f1137d7ee45cf46abfe95d206eb0ee1227f2e72e180e1fe48ae1","digitalCertThumbprint":"765B93721F53918B60F79D99C312EB27B1B6D03F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Geselschaft fuer Softwareentwicklung und Analytik GmbH, O=Geselschaft fuer Softwareentwicklung und Analytik GmbH, STREET=Krischanweg 7, L=Rostock, S=Outside United States, PostalCode=18069, C=DE","sourceIndex":"2982","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google search","landingPage":"https://www.gsa-online.de/product/autostart_cleaner/","directDownloadingLink":"https://www.gsa-online.de/download/autostart_cleaner_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.gsa-online.de/download/autostart_cleaner_setup.exe","sourceIndex":"2982"}],"sampleFiles":["190617/GSAAutostartCleaner-190610/2.42/Samples/autostart_cleaner_setup.exe","190617/GSAAutostartCleaner-190610/2.42/Samples/Autostart_Cleaner.exe"],"imageFiles":["190617/GSAAutostartCleaner-190610/2.42/Images/ACR-010/ACR_010.PNG","190617/GSAAutostartCleaner-190610/2.42/Images/ACR-004/Screen Shot 2019-06-17 at 1.51.55 PM.png"],"nonDeceptorImageFiles":[],"guid":"74a3d17a-8af4-449d-8349-7be56dcbeb74_2.42_1","appID":"GSAAutostartCleaner-190610","dateAdded":"210708","deceptorType":"App","name":"GSA Autostart Cleaner","company":"GSA Software","version":"2.42","sigName":"Deceptor:Win32/GSAAutostartCleaner!004010","lastKnownStatus":"Deceptor:2.42;2.4.3;2.44;2.45","lastKnownDate":"210708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2021-07-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1642},{"violations":{"ACR-003":"The application exaggerates missing and invalid empty registry keys as problems and high danger levels, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or  the Privacy Policy. \n","ACR-092":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe landing page has no link or information that shows how it can be uninstalled. \n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application has no mention of a refund policy but only for 7 days.\n"},"samples":[{"isRevoked":"False","fileName":"AdvRegDocLite.exe","companyName":"Elcor Software (http://www.elcor.net/)","fileVersion":"8.1","hashMD5":"dab85446ddc5a705d4cc117bdd0c0b04","hashSHA1":"7d7e001653d17cf898303cd14b2cb2da107f0e80","hashSHA256":"3628112609856282eb490bfbad63b97dc9dc278d517b989a9d3890b6c0be0ded","sourceIndex":"1860","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ardlite_install.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"8ab4f5e64f689e2e646a733886dd513b","hashSHA1":"d22cbc1bbea562c44e0cddead74e14b326d2198b","hashSHA256":"ea5ff78bf519041c90488213cff385678ff66b391191debf87898be8e84e7a70","sourceIndex":"1860","avBlockList":["Avast Premium Security (20211007)","AVG Internet Security (20211007)","Avira Internet Security (20211007)","Bitdefender Internet Security (20211007)","Dr.Web Security Space (20211007)","ESET Internet Security (20211007)","G DATA INTERNET SECURITY (20211007)","K7 Total Security (20211007)","Kaspersky Internet Security (20211007)","Malwarebytes Premium (20211007)","McAfee Total Protection (20211007)","Norton Security (20211007)","Panda Dome (20211007)","Quick Heal Internet Security (20211007)","Sophos Home Premium (20211007)","SpyHunter5 (20211007)","Tencent PC Manager (20211007)","Total AV Antivirus Pro (20211007)","VIPRE Advanced Security (20211007)","VirIT eXplorer PRO (20211007)","Webroot SecureAnywhere (20211007)","Windows Defender (20211007)"],"avAllowList":["360 Total Security (20211007)","COMODO Antivirus (20211007)","Trend Micro Internet Security (20211007)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.elcor.net/","directDownloadingLink":"https://www.elcor.net/download/ardlite_install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.elcor.net/download/ardlite_install.exe","sourceIndex":"1860"}],"sampleFiles":["210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Samples/AdvRegDocLite.exe","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Samples/ardlite_install.exe"],"imageFiles":["210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-003/Advanced Registry Doctor Lite_Interactions [11].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-003/Advanced Registry Doctor Lite_Interactions [9].png"],"nonDeceptorImageFiles":["210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-065/Advanced Registry Doctor Lite_Install [1].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-065/Advanced Registry Doctor Lite_Install [2].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-065/Advanced Registry Doctor Lite_Install [6].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-065/Advanced Registry Doctor Lite_Install [7].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-092/Advanced Registry Doctor Lite_FileProperty [3].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-092/Advanced Registry Doctor Lite_FileProperty [4].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-065/Advanced Registry Doctor Lite_ABout [1].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-099/Advanced Registry Doctor Lite_ABout [1].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-167/RefundPolicy.png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-065/Advanced Registry Doctor Lite_LandingPage [1].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-099/Advanced Registry Doctor Lite_LandingPage [1].png","210708/AdvancedRegistryDoctorLite-210708/8.1.11.09/Images/ACR-099/Advanced Registry Doctor Lite_LandingPage [2].png"],"guid":"6f5d56dc-a209-4bbe-a77d-f612436549ad_8.1.11.09_1","appID":"AdvancedRegistryDoctorLite-210708","dateAdded":"210708","deceptorType":"App","name":"Advanced Registry Doctor Lite","company":"Elcor Software","version":"8.1.11.09","sigName":"Deceptor:Win32/AdvancedRegistryDoctorLite!003","lastKnownStatus":"8.1.11.09","lastKnownDate":"210708","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-07-08T19:34:58.6847766+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1643},{"violations":{"ACR-109":"FAVSoft bundler downloads the application before disclosure and consumer makes decision.\n","ACR-047":"FAVSoft bundler presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again. \nFAVSoft bundler presents the untruthful message that application needs to update, instead it attempts to re run the application to present the declined offer again. \n","ACR-003":"FAVSoft bundler misleads consumer they need to run update, instead there is no newer build, it attempts to run the installer and present the declined offers again\n","ACR-010":"FAVSoft bundler distribute deceptor program. The offer in FAVSoft bundler,  Relevant Knowledge market survey application, allows deceptive affiliate to distribute without control.    See RelevantKnowledge deceptor details\n","ACR-083":"FAVSoft bundler attempts to present the offer repeatedly via its update and startup \n","ACR-057":"The decline/accept is not clear\n","ACR-055":"The offer is not presented with clear decline/accept option. \n","ACR-059":"No optional offer is clearly marked in offer. The offer looks part of the install application.\n","ACR-039":"There is no clear indications of the relationship to the installer application. RelevantKnowledge is presented as the part of the installer application. Even consumer decline RelevantKnowledge app, it is still downloaded nevertheless.\n","ACR-155":"Consumer has to accept the offer to install the installer application. \n"},"nonDeceptorViolations":{"ACR-106":"FAVSoft bundler offers deceptive program Relevant Knowledge market survey application. See Relevant Knowledge Deceptor details\n"},"samples":[{"isRevoked":"False","fileName":"FreeCDDVDBurner.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"ea70230aeb10c5f2f3aff4e80650b120","hashSHA1":"75abbc43af12cdb51c4e22b94db08e7c43811db5","hashSHA256":"54e821649f2767e7eeb4068486b92f52cc7f823c711a26819b95c68ab252c7d4","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1862","avBlockList":["360 Total Security (20211007)","Avast Premium Security (20211007)","AVG Internet Security (20211007)","Avira Internet Security (20211007)","Bitdefender Internet Security (20211007)","COMODO Antivirus (20211007)","Dr.Web Security Space (20211007)","ESET Internet Security (20211007)","G DATA INTERNET SECURITY (20211007)","K7 Total Security (20211007)","Kaspersky Internet Security (20211007)","Malwarebytes Premium (20211007)","McAfee Total Protection (20211007)","Norton Security (20211007)","Panda Dome (20211007)","Quick Heal Internet Security (20211007)","Sophos Home Premium (20211007)","SpyHunter5 (20211007)","Tencent PC Manager (20211007)","Total AV Antivirus Pro (20211007)","Trend Micro Internet Security (20211007)","VIPRE Advanced Security (20211007)","VirIT eXplorer PRO (20211007)","Webroot SecureAnywhere (20211007)","Windows Defender (20211007)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeOCR.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"e8664fd52376da107349d64fa8eb4d87","hashSHA1":"62d8db133933d4fe4cf4e2511c985808395bbdab","hashSHA256":"7bb19de8255ff0c0ec7d6c62d6da2823ca9369ff65aae18d27d773d008597040","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1862","avBlockList":["360 Total Security (20211007)","Avast Premium Security (20211007)","AVG Internet Security (20211007)","Avira Internet Security (20211007)","Bitdefender Internet Security (20211007)","COMODO Antivirus (20211007)","Dr.Web Security Space (20211007)","ESET Internet Security (20211007)","G DATA INTERNET SECURITY (20211007)","K7 Total Security (20211007)","Kaspersky Internet Security (20211007)","Malwarebytes Premium (20211007)","McAfee Total Protection (20211007)","Norton Security (20211007)","Panda Dome (20211007)","Quick Heal Internet Security (20211007)","Sophos Home Premium (20211007)","SpyHunter5 (20211007)","Tencent PC Manager (20211007)","Total AV Antivirus Pro (20211007)","Trend Micro Internet Security (20211007)","VIPRE Advanced Security (20211007)","VirIT eXplorer PRO (20211007)","Webroot SecureAnywhere (20211007)","Windows Defender (20211007)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePDFtoJPGPNGTIFConverter.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"407e2fc28e2dff103c072bfad4877f95","hashSHA1":"673eaf42dc3b26f6131d1345751517cffc152973","hashSHA256":"b33285ee9a7d07f1380f241f08f3816c5b699340f09d0921a1f1b3a060cec386","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1862","avBlockList":["360 Total Security (20211007)","Avast Premium Security (20211007)","AVG Internet Security (20211007)","Avira Internet Security (20211007)","Bitdefender Internet Security (20211007)","COMODO Antivirus (20211007)","Dr.Web Security Space (20211007)","ESET Internet Security (20211007)","G DATA INTERNET SECURITY (20211007)","K7 Total Security (20211007)","Kaspersky Internet Security (20211007)","Malwarebytes Premium (20211007)","McAfee Total Protection (20211007)","Norton Security (20211007)","Panda Dome (20211007)","Quick Heal Internet Security (20211007)","Sophos Home Premium (20211007)","SpyHunter5 (20211007)","Tencent PC Manager (20211007)","Total AV Antivirus Pro (20211007)","VIPRE Advanced Security (20211007)","VirIT eXplorer PRO (20211007)","Webroot SecureAnywhere (20211007)","Windows Defender (20211007)"],"avAllowList":["Trend Micro Internet Security (20211007)"]},{"isRevoked":"False","fileName":"FreePhotoSlideshowMaker.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"473e90dfddc7870f48e71834b5fd26bb","hashSHA1":"7dd82d5b33a939e1441f2d5bcebb412def8e6864","hashSHA256":"cce3c3ce8b5ac273754567578cac6fda52d37abefdc63d89a1f004926bb6c07a","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1862","avBlockList":["360 Total Security (20211007)","Avast Premium Security (20211007)","AVG Internet Security (20211007)","Avira Internet Security (20211007)","Bitdefender Internet Security (20211007)","COMODO Antivirus (20211007)","Dr.Web Security Space (20211007)","ESET Internet Security (20211007)","G DATA INTERNET SECURITY (20211007)","K7 Total Security (20211007)","Kaspersky Internet Security (20211007)","Malwarebytes Premium (20211007)","McAfee Total Protection (20211007)","Norton Security (20211007)","Panda Dome (20211007)","Quick Heal Internet Security (20211007)","Sophos Home Premium (20211007)","SpyHunter5 (20211007)","Tencent PC Manager (20211007)","Total AV Antivirus Pro (20211007)","VIPRE Advanced Security (20211007)","VirIT eXplorer PRO (20211007)","Webroot SecureAnywhere (20211007)"],"avAllowList":["Trend Micro Internet Security (20211007)","Windows Defender (20211007)"]},{"isRevoked":"False","fileName":"FreeRingtoneMaker.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"8f97d07505261242101d430928f147ad","hashSHA1":"f16aeedb9cd93c85ff24ca9160482883a7a1fcb9","hashSHA256":"b6c68c47c4f82e7115121801a4ec0332a528b6dc2cb2fd2489833867ff860052","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1862","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","Trend Micro Internet Security (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeToMp3WmaConverter.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"3eee992a01c6acd3d3c4a309fb61e38f","hashSHA1":"14c692825643b7530f4c3a2133da214db16b5287","hashSHA256":"864eae9de4779ef0082ab6b6cd5818fb268032a69914603a21d6e140ae15dd1e","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1862","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":["Trend Micro Internet Security (20211028)"]},{"isRevoked":"False","fileName":"FreeAVIMPEGWMVMP4FLVVideoJoiner.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"b24b0fb37f093aa59a13e42f7873f210","hashSHA1":"ad3fe8b32de0753a25432f8aa650ea69dc490d44","hashSHA256":"c504a9b12376b80104c5ff0b3bc04bf9d0d913c72dfcdaf8cd0e7b79006aef17","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":["Trend Micro Internet Security (20211028)"]},{"isRevoked":"False","fileName":"FreeCDDVDBurner[2].exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"abd732b05a1daf359e3c014118e1c15d","hashSHA1":"b14f13b40324853dc4a9beeea9a4c376df54be1d","hashSHA256":"b4ea3cba30fba64325b731024e33bda34dcecffbc87c782af09ceb844ba2e0bb","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211028)","Avast Premium Security (20211028)","AVG Internet Security (20211028)","Avira Internet Security (20211028)","Bitdefender Internet Security (20211028)","COMODO Antivirus (20211028)","Dr.Web Security Space (20211028)","ESET Internet Security (20211028)","G DATA INTERNET SECURITY (20211028)","K7 Total Security (20211028)","Kaspersky Internet Security (20211028)","Malwarebytes Premium (20211028)","McAfee Total Protection (20211028)","Norton Security (20211028)","Panda Dome (20211028)","Quick Heal Internet Security (20211028)","Sophos Home Premium (20211028)","SpyHunter5 (20211028)","Tencent PC Manager (20211028)","Total AV Antivirus Pro (20211028)","Trend Micro Internet Security (20211028)","VIPRE Advanced Security (20211028)","VirIT eXplorer PRO (20211028)","Webroot SecureAnywhere (20211028)","Windows Defender (20211028)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeDVDRipperPlatinum.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"bb7342453e0ea043b85724d82b91bf12","hashSHA1":"50763d9156a8a44cca93dd1432f5acbe7128bb47","hashSHA256":"8330c5a8fbd64012f2941dc046b98a0b310fe02abcc096fd044afde7246903c5","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211102)","Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Quick Heal Internet Security (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":["Trend Micro Internet Security (20211102)"]},{"isRevoked":"False","fileName":"FreeMP3Joiner.exe","isInstaller":"True","companyName":"FreeMoreSoft, Inc.                                          ","fileVersion":"0.0","hashMD5":"ca3286ed007c902748275a94b362c327","hashSHA1":"0cc0a4d381f064a20efc23e266092998f1692d3d","hashSHA256":"bb8ed6ce7165bc7e1a9255cbc71b2706d06b5ebc4ab2b4b68f674fb154edfb66","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211102)","Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Quick Heal Internet Security (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","Trend Micro Internet Security (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeMP3WMACutter.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"dd8f170a8f99aee3484a2d73cad50ff0","hashSHA1":"069cf414c119ae0698ec2b88d4090aa41412dac5","hashSHA256":"ffb11dcbef7aece3c777cd32245a502239083b51e789d0e092faa1f6483cb6c8","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211102)","Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Quick Heal Internet Security (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","Trend Micro Internet Security (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeOCR [2].exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"026e1e24c7fbe81886d0d821eb9b83fd","hashSHA1":"0a91a7044f1b98c2eae99ea0f7370be6627dc339","hashSHA256":"4d6e624ce79ff6050024e734dd6e9ab717749d1ef58aa4b9815196bedaedba96","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211102)","Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Quick Heal Internet Security (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","Trend Micro Internet Security (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePDFtoJPGPNGTIFConverter [2].exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"614919a55612e9c5226c4db8080186ed","hashSHA1":"cf4b5cb0ff88caae3a3e5573d5408aa739c7907e","hashSHA256":"d0dc75c77d517cd15af732b57f7999a07a9801d37f3e4b8a4519343930d8565b","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211102)","Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Quick Heal Internet Security (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","Trend Micro Internet Security (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePhotoSlideshowMaker [2].exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"6e8187ac7b6927351a57c2d2afae696a","hashSHA1":"9a484f171d027b741c16fbfa37907dd93b538ce8","hashSHA256":"e9e866a02fd3bf017cc24e1f8a125881493afa160ed18318d0f1d357e1c1a1a0","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211102)","Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Quick Heal Internet Security (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","Trend Micro Internet Security (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeRingtoneMaker [2].exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"7f6380e430c8620ef59035d433f8ab7b","hashSHA1":"1d2a37b631a860dd4c18c5bd60beaf63bc0c4626","hashSHA256":"dd06d5d808d207bdd511fca451d61111d0574058a4450895a865df9e867695f4","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211102)","Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Quick Heal Internet Security (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","Trend Micro Internet Security (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeToMp3WmaConverter[2].exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.                                ","fileVersion":"0.0","hashMD5":"6d285e1bebc2834d1346ee3e42c80699","hashSHA1":"828261ea9421c292b9ae3ab84b1b4b9e518a6f64","hashSHA256":"52f6ad3dc135ea28a2e125bc0ada91607f0f8f9e7153b26ee791016b7e5f983f","digitalCertThumbprint":"347240ECC751AB91D4BA3282DC67ACC9A36D1128","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", O=\"Beijing Qingruan Creative Information Technology Co., Ltd.\", STREET=\"Chaoyang North Road 199, MOMA Building 1901, Chaoyang District\", L=Beijing, PostalCode=100026, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=911101056717485703","sourceIndex":"1862","avBlockList":["360 Total Security (20211102)","Avast Premium Security (20211102)","AVG Internet Security (20211102)","Avira Internet Security (20211102)","Bitdefender Internet Security (20211102)","COMODO Antivirus (20211102)","Dr.Web Security Space (20211102)","ESET Internet Security (20211102)","G DATA INTERNET SECURITY (20211102)","K7 Total Security (20211102)","Kaspersky Internet Security (20211102)","Malwarebytes Premium (20211102)","McAfee Total Protection (20211102)","Norton Security (20211102)","Panda Dome (20211102)","Quick Heal Internet Security (20211102)","Sophos Home Premium (20211102)","SpyHunter5 (20211102)","Tencent PC Manager (20211102)","Total AV Antivirus Pro (20211102)","VIPRE Advanced Security (20211102)","VirIT eXplorer PRO (20211102)","Webroot SecureAnywhere (20211102)","Windows Defender (20211102)"],"avAllowList":["Trend Micro Internet Security (20211102)"]}],"additionalFiles":[],"sources":[{"howFound":"cert used by Deceptor ","reference":"PCMate Bundler","landingPage":"https://www.freeaudiovideosoft.com/","directDownloadingLink":"https://www.freeaudiovideosoft.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freeaudiovideosoft.com/","sourceIndex":"1862"}],"sampleFiles":["210707/FAVSoftBundle-201011/8.8/Samples/FreeCDDVDBurner.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeOCR.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreePDFtoJPGPNGTIFConverter.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreePhotoSlideshowMaker.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeRingtoneMaker.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeYouTubeToMp3WmaConverter.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeAVIMPEGWMVMP4FLVVideoJoiner.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeCDDVDBurner[2].exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeDVDRipperPlatinum.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeMP3Joiner.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeMP3WMACutter.exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeOCR [2].exe","210707/FAVSoftBundle-201011/8.8/Samples/FreePDFtoJPGPNGTIFConverter [2].exe","210707/FAVSoftBundle-201011/8.8/Samples/FreePhotoSlideshowMaker [2].exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeRingtoneMaker [2].exe","210707/FAVSoftBundle-201011/8.8/Samples/FreeYouTubeToMp3WmaConverter[2].exe"],"imageFiles":["210707/FAVSoftBundle-201011/8.8/Images/ACR-109/FAVSoft_RKDownload1.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-039/FAVSoft_Offer1.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-047/UdpatePromptCantDismissed.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-047/FAVSoft_RKDownload.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-055/FAVSoft_Offer2.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-003/FAVSoft_RKDownload.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-083/FAVSoft_Startup.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-083/FAVSoft_RKDownload.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-057/FAVSoft_Offer2.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-059/FAVSoft_Offer1.JPG","210707/FAVSoftBundle-201011/8.8/Images/ACR-155/FAVSoft_Offer2.JPG"],"nonDeceptorImageFiles":[],"guid":"52086d9a-a5df-4365-8c3e-40a0b52cb197_8.8_1","appID":"FAVSoftBundle-201011","dateAdded":"210707","deceptorType":"Bundler","name":"FAVSoftBundle","company":"FreeAudioVideo Software","version":"8.8","sigName":"Deceptor:Win32/FAVSoftBundle!109039047055003010083057059155","lastKnownStatus":"8.8","lastKnownDate":"210707","type":"Windows Executable","category":"SysTools & Utilities, Media editors, Media players","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2021-07-07T17:56:22.6671106+00:00","notDistributed":false,"familyName":"Hangxin","numInFamily":6,"numInAppID":1,"sortOrder":1644},{"violations":{"ACR-003":"The app uses the alarming color to make exaggerated claims about the system's health.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's colors in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"fix-pc-cleaner.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"65a1b88b7d8d4e6cd8e53cabf3a763df","hashSHA1":"a72b06c396f8a1be40ffccc986a9611dff7b05ee","hashSHA256":"5179c3cdd5f4601d083575e04e84cf45c416b7a1f7a5ff7d9a793da135d351ba","digitalCertThumbprint":"44B7EB8E135FA565A7755296D4F9C6A01F444742","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Feneris Solutions Inc, O=Feneris Solutions Inc, L=Surrey, S=British Columbia, C=CA","sourceIndex":"1870","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FixPCV.exe","fileVersion":"1.0","hashMD5":"dd7f29544b43c0f32793b5edb5727438","hashSHA1":"519b12e22944aaf1e59638edde6001ce569d8536","hashSHA256":"2c9ad7890bc4c3c58ede6be8b2156e8359248c55b0b32be39f8f1e9fc550e7d4","digitalCertThumbprint":"44B7EB8E135FA565A7755296D4F9C6A01F444742","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Feneris Solutions Inc, O=Feneris Solutions Inc, L=Surrey, S=British Columbia, C=CA","sourceIndex":"1870","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://mjnsoftwares.com/","directDownloadingLink":"https://mjnsoftwares.com/download/fix-pc-cleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mjnsoftwares.com/download/fix-pc-cleaner.exe","sourceIndex":"1870"},{"howFound":"","reference":"","landingPage":"https://fix-pc-cleaner.en.softonic.com/download","directDownloadingLink":"https://gsf-sp.softonic.com/a72/b06/c396f8a1be40ffccc986a9611dff7b05ee/setup.exe?signature=1f2ccd5a8a3eb9e7f1dd00ab7a34d321&expires=1625534819&url=https%3A%2F%2Ffix-pc-cleaner.en.softonic.com&filename=setup.exe","ipv4":"","ipv6":"","sourceIndex":"1871"}],"sampleFiles":["210706/FixPCCleaner-210705/1.0.1/Samples/fix-pc-cleaner.exe","210706/FixPCCleaner-210705/1.0.1/Samples/FixPCV.exe"],"imageFiles":["210706/FixPCCleaner-210705/1.0.1/Images/ACR-004/Fix PC Cleaner_Interactions [4].png","210706/FixPCCleaner-210705/1.0.1/Images/ACR-004/Fix PC Cleaner_Interactions [7].png","210706/FixPCCleaner-210705/1.0.1/Images/ACR-003/Fix PC Cleaner_Interactions [4].png","210706/FixPCCleaner-210705/1.0.1/Images/ACR-003/Fix PC Cleaner_Interactions [7].png"],"nonDeceptorImageFiles":[],"guid":"bb09cad2-67f2-406d-8933-872c9cddbb0b_1.0.1_1","appID":"FixPCCleaner-210705","dateAdded":"210706","deceptorType":"App","name":"Fix PC Cleaner ","company":"Mjn softwares","version":"1.0.1","sigName":"Deceptor:Win32/FixPCCleaner!003004","lastKnownStatus":"1.0.1","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-07-06T18:24:34.6034695+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1650},{"violations":{"EXR-017":"Extension pops fake message and urge user to installer another applications.\n","EXR-039":"On adding this extension, it shows some ads or promotion notifications that harm the user's browsing experience.\n","EXR-053":"Extension impersonate chrome browser warnings, prompt false message to urge user to install an offer. \n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension asks for more permissions, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"JumpingDodo.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"f4a19527273ff6cf640c5489db9de8d8b89517c7eaf23c2491e20239bd1fc090","sourceIndex":"1866","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Jumping Dodo 2 Online Game.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d132755b8085f5b2f76af4058ea0e0432c0c65cdaeba18ba9e372d5b6ad856f8","storeId":"gollaplgcabblacakomoncpinjjhhpob","sourceIndex":"1866","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/jumping-dodo-2-online-gam/gollaplgcabblacakomoncpinjjhhpob","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/jumping-dodo-2-online-gam/gollaplgcabblacakomoncpinjjhhpob","sourceIndex":"1866"}],"sampleFiles":["210706/cx-JumpingDodo2OnlineGame-210705/4.0.1/Samples/Jumping Dodo 2 Online Game.zip"],"imageFiles":["210706/cx-JumpingDodo2OnlineGame-210705/4.0.1/Images/EXR-053/FakeMsg.JPG","210706/cx-JumpingDodo2OnlineGame-210705/4.0.1/Images/EXR-017/EXR-017.JPG","210706/cx-JumpingDodo2OnlineGame-210705/4.0.1/Images/EXR-017/FakeMsg.JPG","210706/cx-JumpingDodo2OnlineGame-210705/4.0.1/Images/EXR-039/EXR-039.JPG"],"nonDeceptorImageFiles":["210706/cx-JumpingDodo2OnlineGame-210705/4.0.1/Images/EXR-051/EXR-051.JPG","210706/cx-JumpingDodo2OnlineGame-210705/4.0.1/Images/EXR-002/EXR-002.JPG","210706/cx-JumpingDodo2OnlineGame-210705/4.0.1/Images/EXR-042/EXR-042.JPG"],"guid":"ce1edd3d-c7fb-4ad7-a452-ab2ef6eba583_4.0.1_1","appID":"cx-JumpingDodo2OnlineGame-210705","dateAdded":"210706","deceptorType":"Browser Extension","name":"Jumping Dodo 2 Online Game","company":"games in popup","version":"4.0.1","sigName":"Deceptor:BEX/JumpingDodo2OnlineGame!053017039","lastKnownStatus":"4.0.1","lastKnownDate":"210706","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-07-06T22:36:44.69716+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1651},{"violations":{"EXR-017":"On installing this extension, it urges the user to installer another extension. \n\n","EXR-038":"On adding this extension to the chrome, it redirects the user to another extension to download.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided. \n","EXR-042":" No valid privacy policy link provided. \n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"2048RetroClassicGames.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8a5aed55663b7c2fadd9fc63720d6437bec0fe0851045dadc6f8fb6f791eb460","sourceIndex":"1865","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"2048 - Retro Classic Games.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b413e9e4538fa3ccb92054a7fccc7f92b63975a98dc1581d1d36a11213722cb7","storeId":"djcabkpbhhcpkmnjogkjbcjcpeeammpb","sourceIndex":"1865","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/2048-retro-classic-games/djcabkpbhhcpkmnjogkjbcjcpeeammpb","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/2048-retro-classic-games/djcabkpbhhcpkmnjogkjbcjcpeeammpb","sourceIndex":"1865"}],"sampleFiles":["210706/cx-2048RetroClassicGames-210702/4.2.4/Samples/2048 - Retro Classic Games.zip"],"imageFiles":["210706/cx-2048RetroClassicGames-210702/4.2.4/Images/EXR-017/EXR-017.mp4","210706/cx-2048RetroClassicGames-210702/4.2.4/Images/EXR-038/EXR-038.mp4"],"nonDeceptorImageFiles":["210706/cx-2048RetroClassicGames-210702/4.2.4/Images/EXR-051/EXR-051.JPG","210706/cx-2048RetroClassicGames-210702/4.2.4/Images/EXR-002/EXR-002.JPG","210706/cx-2048RetroClassicGames-210702/4.2.4/Images/EXR-002/EXR-002_1.JPG","210706/cx-2048RetroClassicGames-210702/4.2.4/Images/EXR-042/EXR-042.JPG"],"guid":"2196ef8f-c7bc-4577-9e2b-9e08466f2d99_4.2.4_1","appID":"cx-2048RetroClassicGames-210702","dateAdded":"210706","deceptorType":"Browser Extension","name":"2048 - Retro Classic Games","company":"Browser Games","version":"4.2.4","sigName":"Deceptor:BEX/2048RetroClassicGames!017038","lastKnownStatus":"4.2.4","lastKnownDate":"210706","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-07-06T23:54:56.1371589+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1652},{"violations":{"EXR-017":"On installing this extension, it urges the user to installer another extension.\n","EXR-038":"On adding this extension to the chrome, it redirects the user to another extension to download.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided. \n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"2048MegaPackofClassicGames.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"fb454a0f859dd684a1a8e53243dd944048fa6575ef5af07065c868ac4ba80738","sourceIndex":"1867","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"2048 MegaPack of Classic Games.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"7831b6850b97a7715b04f11a1332f0ead0efeca0a1c4a4e04319f224982aeb68","storeId":"hnaenmhgjlogfiaikmlieimdpjdmbfgh","sourceIndex":"1867","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/2048-megapack-of-classic/hnaenmhgjlogfiaikmlieimdpjdmbfgh/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/2048-megapack-of-classic/hnaenmhgjlogfiaikmlieimdpjdmbfgh/","sourceIndex":"1867"}],"sampleFiles":["210706/cx-2048MegaPackofGames-210705/1.0.3/Samples/2048 - Mega Pack of Games.zip"],"imageFiles":["210706/cx-2048MegaPackofGames-210705/1.0.3/Images/EXR-017/EXR-017.mp4","210706/cx-2048MegaPackofGames-210705/1.0.3/Images/EXR-038/EXR-038.mp4"],"nonDeceptorImageFiles":["210706/cx-2048MegaPackofGames-210705/1.0.3/Images/EXR-051/EXR-051.JPG","210706/cx-2048MegaPackofGames-210705/1.0.3/Images/EXR-002/EXR-002.JPG","210706/cx-2048MegaPackofGames-210705/1.0.3/Images/EXR-002/EXR-002_1.JPG","210706/cx-2048MegaPackofGames-210705/1.0.3/Images/EXR-042/EXR-042.JPG"],"guid":"b30f8ebf-2b4a-4a40-990f-0dfa8057b570_1.0.3_1","appID":"cx-2048MegaPackofGames-210705","dateAdded":"210706","deceptorType":"Browser Extension","name":"2048 - Mega Pack of Games","company":"Retro Games","version":"1.0.3","sigName":"Deceptor:BEX/2048MegaPackofGames!017038","lastKnownStatus":"1.0.3","lastKnownDate":"210706","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-07-06T22:26:12.0257259+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1653},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. The app installs FFMPEG Addon program without user consent.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service,  Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ChrisPCConverter.exe","companyName":"Chris P.C. srl","fileVersion":"4.6","hashMD5":"2d9dca74c8e51e224a6747b1405a49e5","hashSHA1":"e9da7b896d3fae5ec452a0a1f332a16a2c6709f4","hashSHA256":"493769abe6adc417bc743cab10dc30cb1cd76e98e6c82123cde71891d83ff02a","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1873","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_free_video_converter_5_00.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"5.0","hashMD5":"1f3c67ca51e760bc73e6914c16fccce2","hashSHA1":"08ff3e5bec8787be734a4bf36ac10fd35823fec9","hashSHA256":"5f383c60f06e6073baba17f15559c0305929397581ce8a2e6305dc1d9fecfb60","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1873","avBlockList":["360 Total Security (20211104)","Avast Premium Security (20211104)","AVG Internet Security (20211104)","Avira Internet Security (20211104)","Bitdefender Internet Security (20211104)","COMODO Antivirus (20211104)","ESET Internet Security (20211104)","G DATA INTERNET SECURITY (20211104)","K7 Total Security (20211104)","Kaspersky Internet Security (20211104)","Malwarebytes Premium (20211104)","McAfee Total Protection (20211104)","Norton Security (20211104)","Panda Dome (20211104)","Quick Heal Internet Security (20211104)","Sophos Home Premium (20211104)","SpyHunter5 (20211104)","Tencent PC Manager (20211104)","Total AV Antivirus Pro (20211104)","VIPRE Advanced Security (20211104)","VirIT eXplorer PRO (20211104)","Webroot SecureAnywhere (20211104)","Windows Defender (20211104)"],"avAllowList":["Dr.Web Security Space (20211104)","Trend Micro Internet Security (20211104)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.chris-pc.com/","landingPage":"https://www.freevideoaudioconverter.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=23&files=setup_chrispc_free_video_converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=23&files=setup_chrispc_free_video_converter.exe","sourceIndex":"1873"}],"sampleFiles":["210629/ChrisPCFVConverter-201013/5.0/Samples/ChrisPCConverter.exe","210629/ChrisPCFVConverter-201013/5.0/Samples/setup_chrispc_free_video_converter_5_00.exe"],"imageFiles":["210629/ChrisPCFVConverter-201013/5.0/Images/ACR-109/ChrisPC – Free Video Converter_Install [7 ].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-109/ChrisPC – Free Video Converter_ControlPanel [1].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-048/ChrisPC – Free Video Converter_Install [7 ].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-059/ChrisPC – Free Video Converter_Install [7].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-155/ChrisPC – Free Video Converter_Install [7].png"],"nonDeceptorImageFiles":["210629/ChrisPCFVConverter-201013/5.0/Images/ACR-065/ChrisPC – Free Video Converter_Install [1].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-065/ChrisPC – Free Video Converter_Install [2].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-065/ChrisPC – Free Video Converter_Install [4].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-065/ChrisPC – Free Video Converter_Install [5].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-065/ChrisPC – Free Video Converter_Install [8].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-065/ChrisPC – Free Video Converter_About [1].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-099/ChrisPC – Free Video Converter_About [1].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-065/ChrisPC – Free Video Converter_LandingPage [1].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-099/ChrisPC – Free Video Converter_LandingPage [1].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-161/ChrisPC – Free Video Converter_LandingPage [2].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-099/ChrisPC – Free Video Converter_OfferPage [1].png","210629/ChrisPCFVConverter-201013/5.0/Images/ACR-161/ChrisPC – Free Video Converter_OfferPage [2].png"],"guid":"670fde30-deec-4189-8267-700ad330fdea_5.0_1","appID":"ChrisPCFVConverter-201013","dateAdded":"210629","deceptorType":"Bundler","name":"ChrisPC – Free Video Converter","company":"Chris P.C. srl.","version":"5.0","lastKnownStatus":"4.85;5.0","lastKnownDate":"210629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2021-06-29T19:24:32.5525154+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1654},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. The app installs FFMPEG Addon program without user consent.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service,  Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ChrisPCConverter.exe","companyName":"Chris P.C. srl","fileVersion":"4.6","hashMD5":"43c3205e03305edacd0ee455301d0de6","hashSHA1":"0fb42de94d675ed73fb9a472cb2e5c5be5abbbcb","hashSHA256":"a68b960bc6c3f6f42669fcebc85bc32a119f99aecd063a3abc301ab6a4dd5ea4","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2074","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_free_video_converter_4_85.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"4.8","hashMD5":"66ad56a9c0302d78f14f0d9e50a463a1","hashSHA1":"dc564d5ee565371ac00d676fa889797eb4ba6e68","hashSHA256":"8d837e11751d346666df30cb55685759a97dae13a721c0652042310fb7315d00","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2074","avBlockList":["360 Total Security (20211118)","Avast Premium Security (20211118)","AVG Internet Security (20211118)","Avira Internet Security (20211118)","Bitdefender Internet Security (20211118)","COMODO Antivirus (20211118)","Dr.Web Security Space (20211118)","ESET Internet Security (20211118)","G DATA INTERNET SECURITY (20211118)","K7 Total Security (20211118)","Kaspersky Internet Security (20211118)","Malwarebytes Premium (20211118)","McAfee Total Protection (20211118)","Norton Security (20211118)","Panda Dome (20211118)","Quick Heal Internet Security (20211118)","Sophos Home Premium (20211118)","SpyHunter5 (20211118)","Tencent PC Manager (20211118)","Total AV Antivirus Pro (20211118)","VIPRE Advanced Security (20211118)","VirIT eXplorer PRO (20211118)","Webroot SecureAnywhere (20211118)","Windows Defender (20211118)"],"avAllowList":["Trend Micro Internet Security (20211118)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.chris-pc.com/","landingPage":"https://www.freevideoaudioconverter.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=23&file=setup_chrispc_free_video_converter.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=23&file=setup_chrispc_free_video_converter.exe","sourceIndex":"2074"}],"sampleFiles":["201013/ChrisPCFVConverter-201013/4.85/Samples/ChrisPCConverter.exe","201013/ChrisPCFVConverter-201013/4.85/Samples/setup_chrispc_free_video_converter_4_85.exe"],"imageFiles":["201013/ChrisPCFVConverter-201013/4.85/Images/ACR-109/ChrisPC – Free Video Converter_Installs [4] RelevantKnowledge.png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-109/ChrisPC – Free Video Converter_FFMPEG Addon_Installed [1].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-109/ChrisPC – Free Video Converter_FFMPEG Addon_Installed [2].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-048/ChrisPC – Free Video Converter_Installs [4] RelevantKnowledge.png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-059/ChrisPC – Free Video Converter_Installs [3] RelevantKnowledge.png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-155/ChrisPC – Free Video Converter_Installs [3] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201013/ChrisPCFVConverter-201013/4.85/Images/ACR-065/ChrisPC – Free Video Converter_Installs [1].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-065/ChrisPC – Free Video Converter_Installs [2].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-065/ChrisPC – Free Video Converter_About [1].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-099/ChrisPC – Free Video Converter_About [1].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-065/ChrisPC – Free Video Converter_LandingPage [1].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-099/ChrisPC – Free Video Converter_LandingPage [1].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-161/ChrisPC – Free Video Converter_LandingPage [2] Testimonial.png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-065/ChrisPC – Free Video Converter_OfferPage [1].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-099/ChrisPC – Free Video Converter_OfferPage [1].png","201013/ChrisPCFVConverter-201013/4.85/Images/ACR-161/ChrisPC – Free Video Converter_OfferPage [2] Testimonial.png"],"guid":"670fde30-deec-4189-8267-700ad330fdea_4.85_1","appID":"ChrisPCFVConverter-201013","dateAdded":"210629","deceptorType":"Bundler","name":"ChrisPC – Free Video Converter","company":"Chris P.C. srl.","version":"4.85","sigName":"Deceptor:Win32/ChrisPCFreeVideoConverter!109048059155","lastKnownStatus":"4.85;5.0","lastKnownDate":"210629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,up-sell to paid","lastUpdate":"2021-06-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1655},{"violations":{"ACR-109":"The app downloads \"rkverify.exe, a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-075":"Cancelling the installation leaves the carrier and the offers installed.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or the Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 8.8.2.6 vs version 8.8.1) The App's version is not consistent between App interaction and its install.\nThe App's version is not consistent between App interaction and its install. (version 8.8.2.6 vs version 8.8.1) The App's version is not consistent between App interaction and its install.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"PCBoosterFreeStartupManager_.exe","isInstaller":"True","companyName":"PCBooster, Inc.                                             ","fileVersion":"0.0","hashMD5":"ff7932a2ca5831cd79e40fed7aacd2e7","hashSHA1":"28f0516e7a2610ba94c333a7959ad8013018fb4c","hashSHA256":"59c7e3e0300dcf215004b2db0b18045e7d6dd864cbc0c7ea1e1d77e76a6e7952","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1875","avBlockList":["360 Total Security (20210708)","Avast Premium Security (20210708)","AVG Internet Security (20210708)","Avira Internet Security (20210708)","Bitdefender Internet Security (20210708)","COMODO Antivirus (20210708)","Dr.Web Security Space (20210708)","ESET Internet Security (20210708)","G DATA INTERNET SECURITY (20210708)","K7 Total Security (20210708)","Kaspersky Internet Security (20210708)","Malwarebytes Premium (20210708)","McAfee Total Protection (20210708)","Norton Security (20210708)","Panda Dome (20210708)","Quick Heal Internet Security (20210708)","Sophos Home Premium (20210708)","SpyHunter5 (20210708)","Tencent PC Manager (20210708)","Total AV Antivirus Pro (20210708)","Trend Micro Internet Security (20210708)","VIPRE Advanced Security (20210708)","VirIT eXplorer PRO (20210708)","Webroot SecureAnywhere (20210708)","Windows Defender (20210708)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoosterFreeStartupManager.exe","companyName":"PCBooster Free Startup Manager","fileVersion":"7.2","hashMD5":"ee4be04a89be1607dddc076007619813","hashSHA1":"a53791f82dca93078ce1fab1b63ab152fabfc143","hashSHA256":"ee11d970d658a018d61ffc90d4f254a8a995504d82bf02b88c50845a0cc1ac85","sourceIndex":"1875","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoosterFreeStartupManager[2].exe","isInstaller":"True","companyName":"PCBooster, Inc.                                             ","fileVersion":"0.0","hashMD5":"b06ad27e1742ae5c24115ca95943a7e6","hashSHA1":"8d3fd8cc916655e80f5998e485cd70a630820caf","hashSHA256":"eed0ce607a71e8bda8e39cad8a1f4be142c5de16e0df5cc02e51ff0550cdbf80","digitalCertThumbprint":"8DE30AB3656EBCEE8A4700B7E737C99904A4A664","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Intellectual Property Rights Consulting Co., Ltd\", O=\"Beijing Hangxin Intellectual Property Rights Consulting Co., Ltd\", STREET=\"Room 201, No.17, Zhongjianzi Alley, Dongcheng District\", L=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101069553746X","sourceIndex":"1875","avBlockList":["360 Total Security (20211104)","Avast Premium Security (20211104)","AVG Internet Security (20211104)","Avira Internet Security (20211104)","Bitdefender Internet Security (20211104)","COMODO Antivirus (20211104)","Dr.Web Security Space (20211104)","ESET Internet Security (20211104)","G DATA INTERNET SECURITY (20211104)","K7 Total Security (20211104)","Kaspersky Internet Security (20211104)","Malwarebytes Premium (20211104)","McAfee Total Protection (20211104)","Norton Security (20211104)","Panda Dome (20211104)","Quick Heal Internet Security (20211104)","Sophos Home Premium (20211104)","SpyHunter5 (20211104)","Tencent PC Manager (20211104)","Total AV Antivirus Pro (20211104)","Trend Micro Internet Security (20211104)","VIPRE Advanced Security (20211104)","VirIT eXplorer PRO (20211104)","Webroot SecureAnywhere (20211104)","Windows Defender (20211104)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"PC Booster\"","reference":"","landingPage":"https://www.pc-booster.net","directDownloadingLink":"https://www.pc-booster.net/PCBoosterFreeStartupManager.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pc-booster.net/PCBoosterFreeStartupManager.exe","sourceIndex":"1875"}],"sampleFiles":["210627/PCBoosterFreeStartupManager-200701/8.8.1/Samples/PCBoosterFreeStartupManager_.exe","210627/PCBoosterFreeStartupManager-200701/8.8.1/Samples/PCBoosterFreeStartupManager.exe","210627/PCBoosterFreeStartupManager-200701/8.8.1/Samples/PCBoosterFreeStartupManager[2].exe"],"imageFiles":["210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-109/PCBoosterFreeStartupManager_RelevantKnowledgeFile [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-109/PCBoosterFreeStartupManager_RelevantKnowledgeFile [2].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-048/PCBoosterFreeStartupManager_RelevantKnowledgeFile [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-075/PCBoosterFreeStartupManager_Install [3].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-059/PCBoosterFreeStartupManager_Install [3].png"],"nonDeceptorImageFiles":["210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-065/PCBoosterFreeStartupManager_Install [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-002/PCBoosterFreeStartupManager_Install [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-002/PCBoosterFreeStartupManager_Interaction [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-065/PCBoosterFreeStartupManager_Interaction [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-099/PCBoosterFreeStartupManager_Interaction [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-002/PCBoosterFreeStartupManager_Install [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-002/PCBoosterFreeStartupManager_Interaction [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-099/PCBoosterFreeStartupManager_LandingPage [1].png","210627/PCBoosterFreeStartupManager-200701/8.8.1/Images/ACR-099/PCBoosterFreeStartupManager_LandingPage [2].png"],"guid":"e8d86cb6-f6cc-4de1-9eeb-c4c0404c72d2_8.8.1_1","appID":"PCBoosterFreeStartupManager-200701","dateAdded":"210627","deceptorType":"Bundler","name":"PCBooster Free Startup Manager ","company":"PCBooster, Inc.","version":"8.8.1","sigName":"Deceptor:Win32/PCBoosterStartupManager!109048075059","lastKnownStatus":"8.8.1","lastKnownDate":"210627","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-06-27T23:22:29.498638+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1656},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer.\nThe app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. The app uses a hotkey to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n\n","ACR-116":"The app can't be uninstalled through the Control Panel since it doesn't show up in the list of apps that can be uninstalled.\n","ACR-014":"The app calls itself \" SysMain.exe”, which is not related to the name \" SpyKing PC Spy \", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed into a hidden folder with the name \"KK\", which is completely unrelated to the app name. \n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy or the Privacy Policy\nThe internal offers page does not display links to the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The App shows different names as \"SysMain.exe\" in the running service/apps section.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-092":"The app does not provide Digital signatures for the installer and main executables.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-035":"No Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"setup .exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"709debadecd81f7214d4874458cc2c4c","hashSHA1":"85906129ebade7f67e486960291f79ff87797589","hashSHA256":"b3b373749072ae60091956309534d7a327274a715e40eb7dba8b6127b633a06d","sourceIndex":"1880","avBlockList":["360 Total Security (20211111)","Avast Premium Security (20211111)","AVG Internet Security (20211111)","Avira Internet Security (20211111)","Bitdefender Internet Security (20211111)","COMODO Antivirus (20211111)","ESET Internet Security (20211111)","G DATA INTERNET SECURITY (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Tencent PC Manager (20211111)","Total AV Antivirus Pro (20211111)","VIPRE Advanced Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":["Dr.Web Security Space (20211111)","Trend Micro Internet Security (20211111)"]},{"isRevoked":"False","fileName":"Setup.exe","fileVersion":"5.101","hashMD5":"99397f2b36b3d4984fe428e54236978a","hashSHA1":"945a01cf9c3324af74d866ebcd4a6f28931e0eda","hashSHA256":"388533b0329de1c7be126996c10538181288aabaf8dc4d4e591a2e14749436a7","sourceIndex":"1880","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SysMain.exe","companyName":"Ceramiche Ariostea","fileVersion":"1.0","hashMD5":"cf5fbb6e3c9fb5ae5dbfce28f9922eb8","hashSHA1":"b84992a351890ca0b7a2e7155a8a4effe87ae720","hashSHA256":"d1d4fb2c54ce8953cf072dfa5a710a0a259a7f3c8a703d5adcc7ae0359ad4d46","sourceIndex":"1880","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WsSvc.exe","fileVersion":"1.0","hashMD5":"7cb1b7972b14283ef71e79163f4043c8","hashSHA1":"2807a6cbae5abf6219e5cbbb0b108a7614b045c9","hashSHA256":"7667ea2e9d20a3864a93d132a2df90f9d72b66cfad5f002ee5994c50fae72171","sourceIndex":"1880","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://spysoftwareking.com/","directDownloadingLink":"https://prod.downloadnow.com/s/16/77/40/30/setup.zip?GoogleAccessId=download-sps-prod@i-cmb-prod.iam.gserviceaccount.com&Expires=1624534788&Signature=WehzXCODrX1KDBBppr0AZqE8ulz%2BJ774egc2QeJR81Y2AhVe6OGsWiiftP2%2FRh6Z3EV7PxRKLkmUDoXF2SUjDQPI4yacPA6X3ODrxuhRsxwx55UTLo8f4gbwmrz%2BK1CIGu%2FeQ62eEgpef09CuTz7Bd4a6qgnLzlenGod%2BjZ7xTijXqKlYODfNMDxAcM%2BCSL332a%2BLGdvsU9YPHziHF22xRDbyuz8IPcsQP0GiCJjPftXyTywv2Wit3zgi6zV81CvwpU5owFAKQRsAhDLJF0LvQk5RbDdO%2B1jxZOuNJbZOC9lHqz7Hvqt%2Fdelnebgx6utFb26FuVDvVUwAl3IYyWJyQ%3D%3D","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://prod.downloadnow.com/s/16/77/40/30/setup.zip?GoogleAccessId=download-sps-prod@i-cmb-prod.iam.gserviceaccount.com&Expires=1624534788&Signature=WehzXCODrX1KDBBppr0AZqE8ulz%2BJ774egc2QeJR81Y2AhVe6OGsWiiftP2%2FRh6Z3EV7PxRKLkmUDoXF2SUjDQPI4yacPA6X3ODrxuhRsxwx55UTLo8f4gbwmrz%2BK1CIGu%2FeQ62eEgpef09CuTz7Bd4a6qgnLzlenGod%2BjZ7xTijXqKlYODfNMDxAcM%2BCSL332a%2BLGdvsU9YPHziHF22xRDbyuz8IPcsQP0GiCJjPftXyTywv2Wit3zgi6zV81CvwpU5owFAKQRsAhDLJF0LvQk5RbDdO%2B1jxZOuNJbZOC9lHqz7Hvqt%2Fdelnebgx6utFb26FuVDvVUwAl3IYyWJyQ%3D%3D","sourceIndex":"1880"}],"sampleFiles":["210624/SpyKingPCSpy-210624/5.101.0/Samples/setup .exe","210624/SpyKingPCSpy-210624/5.101.0/Samples/Setup.exe","210624/SpyKingPCSpy-210624/5.101.0/Samples/SysMain.exe","210624/SpyKingPCSpy-210624/5.101.0/Samples/WsSvc.exe"],"imageFiles":["210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-007/SpyKing PC Spy_Settings [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-084/SpyKing PC Spy_Settings [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-084/SpyKing PC Spy_Files [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-084/SpyKing PC Spy_Files [2].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-084/SpyKing PC Spy_Interactions [4].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-086/SpyKing PC Spy_Settings [2].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-086/SpyKing PC Spy_Settings [3].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-086/SpyKing PC Spy_Settings [4].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-086/SpyKing PC Spy_Settings [5].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-086/SpyKing PC Spy_Interactions [2].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-086/SpyKing PC Spy_Interactions [3].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-086/SpyKing PC Spy_Interactions [4].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-048/SpyKing PC Spy_Settings [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-007/SpyKing PC Spy_Interactions [2].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-007/SpyKing PC Spy_Interactions [3].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-007/SpyKing PC Spy_Interactions [4].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-014/SpyKing PC Spy_RunningProcess [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-116/SpyKing PC Spy_ControlPanel [1].png"],"nonDeceptorImageFiles":["210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-040/SpyKing PC Spy_Files [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-065/SpyKing PC Spy_Install [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-065/SpyKing PC Spy_Install [2].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-065/SpyKing PC Spy_Install [4].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-092/SpyKing PC Spy_FileProperty [3].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-092/SpyKing PC Spy_FileProperty [4].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-092/SpyKing PC Spy_FileProperty [5].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-092/SpyKing PC Spy_FileProperty [6].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-065/SpyKing PC Spy_About [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-099/SpyKing PC Spy_About [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-002/SpyKing PC Spy_RunningProcess [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-065/SpyKing PC Spy_LandingPage [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-099/SpyKing PC Spy_LandingPage [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-017/SpyKing PC Spy_LandingPage [3].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-161/SpyKing PC Spy_LandingPage [2].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-065/SpyKing PC Spy_OfferPage [1].png","210624/SpyKingPCSpy-210624/5.101.0/Images/ACR-099/SpyKing PC Spy_OfferPage [1].png"],"guid":"89f7170a-1159-4b91-849d-dafe3f05267c_5.101.0_1","appID":"SpyKingPCSpy-210624","dateAdded":"210624","deceptorType":"App","name":"SpyKing PC Spy ","company":"spysoftwareking.com","version":"5.101.0","sigName":"Deceptor:Win32/SpyKingPCSpyStalkerware!007084086048014116","lastKnownStatus":"5.101.0","lastKnownDate":"210624","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-06-24T23:59:34.3454431+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1657},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims. It does not block any malicious websites that user visits.\n","EXR-057":"Extension change the new tab of chrome browser, that is  not related with functionality extension claims\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-051":"This extension has permission to read browsing history & Changes the search engine, which is not necessary for their functionality.\n\n"},"samples":[{"isRevoked":"False","fileName":"WebSecurerrBrowserProtection.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d905bebc7bf83518ab24fc44f0d732a757867d1ad353c54ea058abce01adb198","sourceIndex":"1884","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WebSecurerr Browser Protection.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b21fe91b280f270e2e71f2357e0499e60fbceaa5d39ffb6144cf914acb3c7f07","storeId":"odlnghcomkeenpeblhddfpacdncfjmna","sourceIndex":"1884","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- malware","reference":"","landingPage":"searchsecurer.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/websecurerr-browser-prote/odlnghcomkeenpeblhddfpacdncfjmna","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/websecurerr-browser-prote/odlnghcomkeenpeblhddfpacdncfjmna","sourceIndex":"1884"}],"sampleFiles":["210622/cx-WebSecurerrBrowserProtection-210618/1.1.1/Samples/WebSecurerr Browser Protection.zip"],"imageFiles":["210622/cx-WebSecurerrBrowserProtection-210618/1.1.1/Images/EXR-057/ChangeNewTab.JPG","210622/cx-WebSecurerrBrowserProtection-210618/1.1.1/Images/EXR-025/EXR-025.mp4"],"nonDeceptorImageFiles":["210622/cx-WebSecurerrBrowserProtection-210618/1.1.1/Images/EXR-051/EXR-051.JPG","210622/cx-WebSecurerrBrowserProtection-210618/1.1.1/Images/EXR-002/EXR-002.JPG","210622/cx-WebSecurerrBrowserProtection-210618/1.1.1/Images/EXR-002/EXR-002_1.JPG","210622/cx-WebSecurerrBrowserProtection-210618/1.1.1/Images/EXR-037/EXR-037.mp4"],"guid":"355cbfbc-9a34-44b5-8e93-30a437409306_1.1.1_1","appID":"cx-WebSecurerrBrowserProtection-210618","dateAdded":"210622","deceptorType":"Browser Extension","name":"WebSecurerr Browser Protection","company":"searchsecurer.com","version":"1.1.1","sigName":"Deceptor:BEX/WebSecurerr Browser Protection!057025","lastKnownStatus":"1.1.1","lastKnownDate":"210622","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-06-22T21:27:25.7362799+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1658},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\nThe app requires a hotkey or password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app.\nThe install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch.\n\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer. The app can then only be reopened with a password.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray and uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app hides itself by attaching its process to several processes such as svchost.exe, which misleads the targeted consumer.\n\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for installer.\nThe application is installed in a directory that does not disclose the app's name, making it hard for the consumer to identify where it is located.\n\n","ACR-040":"The app is not installed in a standard location and does not have an identifiable name in the install location.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"gigawatch_1.7.0.20.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"edf15d7d74a81b7eeab9d1fbd3f8a61c","hashSHA1":"0bec3633767cfab7b07f4d8a943db3758b9bab60","hashSHA256":"cdf2ddf9d60e7be9bb53f0770bebbbed850a6c17b3a67f1938f996a4a96078e4","digitalCertThumbprint":"13EB7E853735E94B6FBABBA00E88C5ADFE6BEC11","digitalCertIssuer":"CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=kubasg2@gmail.com, CN=Breakpoint Software Development, O=Breakpoint Software Development, C=PL","sourceIndex":"1888","avBlockList":["360 Total Security (20211111)","Avast Premium Security (20211111)","AVG Internet Security (20211111)","Avira Internet Security (20211111)","Bitdefender Internet Security (20211111)","COMODO Antivirus (20211111)","Dr.Web Security Space (20211111)","ESET Internet Security (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Tencent PC Manager (20211111)","Total AV Antivirus Pro (20211111)","VIPRE Advanced Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":["G DATA INTERNET SECURITY (20211111)","Trend Micro Internet Security (20211111)"]},{"isRevoked":"False","fileName":"globalw32.dll","companyName":"Breakpoint Software Development","fileVersion":"1.0","hashMD5":"127b5231d1da1d95189f0fea95ec8692","hashSHA1":"5baaa147c8b9141af004b1872d389c2f239033c4","hashSHA256":"74d5a34541b159843370c36938ca9ebb725c354aa26c5d86d6dd5684f5aaa65e","sourceIndex":"1888","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"gwhost32.exe","companyName":"Breakpoint Software Development","fileVersion":"1.0","hashMD5":"9c51bbfafb857231d116a9021a46515a","hashSHA1":"472d0d27738d92661cc950cbda08f0519c228f9a","hashSHA256":"69cf672e0239b0f27539b0a0a4430606f9272121d967f862e9b09aa88f78a205","digitalCertThumbprint":"13EB7E853735E94B6FBABBA00E88C5ADFE6BEC11","digitalCertIssuer":"CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=kubasg2@gmail.com, CN=Breakpoint Software Development, O=Breakpoint Software Development, C=PL","sourceIndex":"1888","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://download.cnet.com/developer/Breakpoint%20Software%20Development/i-10237886/","landingPage":"http://www.gigawatch.com","directDownloadingLink":"http://www.gigawatch.com/download/gigawatch_1.7.0.20.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.gigawatch.com/download/gigawatch_1.7.0.20.exe","sourceIndex":"1888"}],"sampleFiles":["210616/Gigawatch-210616/1.7.0.20/Samples/gigawatch_1.7.0.20.exe","210616/Gigawatch-210616/1.7.0.20/Samples/globalw32.dll","210616/Gigawatch-210616/1.7.0.20/Samples/gwhost32.exe"],"imageFiles":["210616/Gigawatch-210616/1.7.0.20/Images/ACR-048/Gigawatch_ControlPanel [1].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-048/Gigawatch_Install [4_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-048/Gigawatch_Install [5_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-048/Gigawatch_Install [4].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-007/Gigawatch_Install [3_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-007/Gigawatch_Install [5_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-014/Gigawatch_RunningProcess [1].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-014/Gigawatch_RunningProcess [2].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-084/Gigawatch_Install [3_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-084/Gigawatch_Install [4_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-084/Gigawatch_Install [5_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-086/Gigawatch_Install [3_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-086/Gigawatch_Install [4_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-086/Gigawatch_Install [5_].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-086/Gigawatch_Install [6].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-086/Gigawatch_Install [7].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-086/Gigawatch_Install [8].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-086/Gigawatch_Install [9].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-116/Gigawatch_ControlPanel [1].png"],"nonDeceptorImageFiles":["210616/Gigawatch-210616/1.7.0.20/Images/ACR-038/Gigawatch_FileProperty [1].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-038/Gigawatch_Files [1].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-040/Gigawatch_Files [1].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-065/Gigawatch_Install [1].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-065/Gigawatch_Install [2].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-065/Gigawatch_Install [3].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-065/Gigawatch_Install [4].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-065/Gigawatch_Install [13].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-065/Gigawatch_Interactions [2].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-099/Gigawatch_LandingPage [1].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-099/Gigawatch_OfferPage [1].png","210616/Gigawatch-210616/1.7.0.20/Images/ACR-099/Gigawatch_OfferPage [2].png"],"guid":"7cd4baa9-225f-4939-942a-204764dc5dde_1.7.0.20_1","appID":"Gigawatch-210616","dateAdded":"210616","deceptorType":"App","name":"Gigawatch","company":"Breakpoint Software Development","version":"1.7.0.20","sigName":"Deceptor:Win32/GigawatchStalkerware!048007014084086116","lastKnownStatus":"1.7.0.20","lastKnownDate":"210616","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-06-16T17:37:41.0415951+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1659},{"violations":{"CCR-017":"Call center (TLC, PremiumTechieSupport, MySupportPeople) uses deceptive practices during app interactions, pressure consumer to pay unnecessary service to fix the problems in user's system.  (https://www.youtube.com/watch?v=x5SSFsHOM4Y, credit to NeeP)\n","CCR-022":"Call center agent remotely login consumer's system and diagnose the consumer's problem, provide fake information about the system using deceptive tools.\n(https://www.pacermonitor.com/public/case/36699711/United_States_of_America_v_Cotter_et_al)\n"},"nonDeceptorViolations":{"CCR-012":"Call centers running with different names violates FTC guidelines.  https://www.pacermonitor.com/public/case/36699711/United_States_of_America_v_Cotter_et_al\n"},"samples":[],"additionalFiles":[{"isRevoked":"False","fileName":"premiumtechiesupport.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"techliveconnect.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"saburitlc.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"assistmysoftware.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"gdconcierge.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"globaldigitalconcierge.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"helpforsoftware.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"helpmysoftware.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myservicepeople.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysupportpeople.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcsupportninja.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"senseiware.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"softwarebesthelp.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"softwarehelponline.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"softwarehotshot.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"softwaremerchanthelp.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"softwaresellerhelp.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"softwaretruehelp.com ","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"supportforsoftware.com","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1891","avBlockList":[],"avAllowList":[]}],"sources":[{"howFound":"Neep report and FTC case","reference":"https://www.pacermonitor.com/public/case/36699711/United_States_of_America_v_Cotter_et_al","landingPage":"premiumtechiesupport.com  techliveconnect.com  saburitlc.com  assistmysoftware.com  gdconcierge.com  globaldigitalconcierge.com  helpforsoftware.com  helpmysoftware.com  myservicepeople.com  mysupportpeople.com  pcsupportninja.com  senseiware.com  softwarebesthelp.com  softwarehelponline.com  softwarehotshot.com  softwaremerchanthelp.com  softwaresellerhelp.com  softwaretruehelp.com  supportforsoftware.com","ipv4":"","ipv6":"","sourceIndex":"1891"}],"sampleFiles":[],"imageFiles":["210610/TechLiveConnect-210609/210609/Images/CCR-017/TLC_DeceptivePractice_FTC3.JPG","210610/TechLiveConnect-210609/210609/Images/CCR-017/TLC_DeceptivePractice_FTC2.JPG","210610/TechLiveConnect-210609/210609/Images/CCR-017/TLC_DeceptivePractice_FTC1.JPG","210610/TechLiveConnect-210609/210609/Images/CCR-022/TLC_DeceptivePractice_FTC3.JPG","210610/TechLiveConnect-210609/210609/Images/CCR-022/TLC_DeceptivePractice_FTC2.JPG","210610/TechLiveConnect-210609/210609/Images/CCR-022/TLC_DeceptivePractice_FTC1.JPG"],"nonDeceptorImageFiles":["210610/TechLiveConnect-210609/210609/Images/CCR-012/United States of America v. Cotter  et al.pdf"],"guid":"78212661-534c-4e20-b99f-8a3cbe8547a6_210609_1","appID":"TechLiveConnect-210609","dateAdded":"210610","deceptorType":"Call Center","name":"TechLiveConnect&PremiumTechieSupport&MySupportPeople","company":"Saburi TLC","version":"210609","sigName":"DeceptiveCallCenter: SaburiTLC ","lastKnownStatus":"210609","lastKnownDate":"210610","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","lastUpdate":"2021-06-10T16:55:43.5857716+00:00","notDistributed":true,"familyName":"Saburi TLC ","numInFamily":1,"numInAppID":1,"sortOrder":1660},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user and user's agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer and who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy\nThe app does not display links to the EULA and/or Terms of Service, or the Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 8.8.2.4 vs version 8.8.1) \nThe App's version is not consistent between App interaction and its install. (version 8.8.2.4 vs version 8.8.1) \n","ACR-092":"The application's main executable has no signed certificate,  it is unsigned.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"PCBoosterFreeRegistryCleaner .exe","isInstaller":"True","companyName":"PCBooster, Inc.                                             ","fileVersion":"0.0","hashMD5":"3c55a25ac01942c2a25deae0e1fd0f01","hashSHA1":"5f6d0b94b646c3262260a653ddf9413e6dc9a02f","hashSHA256":"8960e82f36eebf6c7459e79ce596e0fa9503b3326ea4801e6a249f0a055d62c0","digitalCertThumbprint":"8DE30AB3656EBCEE8A4700B7E737C99904A4A664","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Intellectual Property Rights Consulting Co., Ltd\", O=\"Beijing Hangxin Intellectual Property Rights Consulting Co., Ltd\", STREET=\"Room 201, No.17, Zhongjianzi Alley, Dongcheng District\", L=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101069553746X","sourceIndex":"1892","avBlockList":["360 Total Security (20210629)","Avast Premium Security (20210629)","AVG Internet Security (20210629)","Avira Internet Security (20210629)","Bitdefender Internet Security (20210629)","COMODO Antivirus (20210629)","Dr.Web Security Space (20210629)","ESET Internet Security (20210629)","G DATA INTERNET SECURITY (20210629)","K7 Total Security (20210629)","Kaspersky Internet Security (20210629)","Malwarebytes Premium (20210629)","McAfee Total Protection (20210629)","Norton Security (20210629)","Panda Dome (20210629)","Quick Heal Internet Security (20210629)","Sophos Home Premium (20210629)","SpyHunter5 (20210629)","Tencent PC Manager (20210629)","Total AV Antivirus Pro (20210629)","Trend Micro Internet Security (20210629)","VIPRE Advanced Security (20210629)","VirIT eXplorer PRO (20210629)","Webroot SecureAnywhere (20210629)","Windows Defender (20210629)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoosterFreeRegistryCleaner.exe","fileVersion":"1.0","hashMD5":"7fa08d6456dd33aa373359a73571e661","hashSHA1":"59c36684602e349e876a6d16b4f6a1384ba03c1a","hashSHA256":"69bbe5055dea7324160c019db526a52c5bf5c61476f94007d147508f4d0a8bc2","sourceIndex":"1892","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rk_setup.exe","companyName":"TMRG                                                        ","fileVersion":"1.1","hashMD5":"d5c548f03cf44e4373cd192b9b53cdfb","hashSHA1":"ea1b4696a1ab5e6daddb3f4f6d1c54681ea9fbcc","hashSHA256":"d7cfb34eca35adb1f99a1b61b06a7bc7d7d1769437ed1e23a862d0666ceaa4ad","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"1892","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.pc-booster.net/","landingPage":"https://www.pc-booster.net/freeregistrycleaner/overview.php","directDownloadingLink":"https://www.pc-booster.net/PCBoosterFreeRegistryCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pc-booster.net/PCBoosterFreeRegistryCleaner.exe","sourceIndex":"1892"}],"sampleFiles":["210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Samples/PCBoosterFreeRegistryCleaner .exe","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Samples/PCBoosterFreeRegistryCleaner.exe","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Samples/rk_setup.exe"],"imageFiles":["210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-109/PCBooster Free Registry Cleaner_Install [3].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-048/PCBooster Free Registry Cleaner_Install [3].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-059/PCBooster Free Registry Cleaner_Install [4].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-155/PCBooster Free Registry Cleaner_Install [4].png"],"nonDeceptorImageFiles":["210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-038/PCBooster Free Registry Cleaner_FileProperty [2].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-065/PCBooster Free Registry Cleaner_Install [1].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-065/PCBooster Free Registry Cleaner_Install [4].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-065/PCBooster Free Registry Cleaner_Install [7].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-065/PCBooster Free Registry Cleaner_Install [8].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-002/PCBooster Free Registry Cleaner_Install [1].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-092/PCBooster Free Registry Cleaner_FileProperty [3].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-065/PCBooster Free Registry Cleaner_About [1].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-099/PCBooster Free Registry Cleaner_About [1].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-002/PCBooster Free Registry Cleaner_About [1].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-099/PCBooster Free Registry Cleaner_LandingPage [1].png","210610/PCBoosterFreeRegistryCleaner-210610/8.8.1/Images/ACR-099/PCBooster Free Registry Cleaner_LandingPage [2].png"],"guid":"c59cba0d-c8d3-443a-a21d-487b7c7036c7_8.8.1_1","appID":"PCBoosterFreeRegistryCleaner-210610","dateAdded":"210610","deceptorType":"Bundler","name":"PCBooster Free Registry Cleaner","company":"PCBooster, Inc.","version":"8.8.1","sigName":"Deceptor:Win32/PCBoosterFreeRegistryCleaner!109048059155","lastKnownStatus":"8.8.1","lastKnownDate":"210610","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-06-10T16:26:47.873377+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1661},{"violations":{"ACR-109":"The app installs Falco Freeware Website shortcut links without user consent. The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user and user's agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer and who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app  does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction and its install - version 7.5 vs version 2.0.\nThe App's version is not consistent between App interaction and its install - version 7.5 vs version 2.0.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app. \n"},"samples":[{"isRevoked":"False","fileName":"Falco Browser.exe","fileVersion":"0.0","hashMD5":"9009b4f411deaddef797f7b541cf671e","hashSHA1":"a858abcb16d51fe502ccf35ef3efb6272b9ecd0e","hashSHA256":"494d2c6bc4ee62636779be8b3c57ac84b92746d6bc2154d2688138ca1914ba11","sourceIndex":"1899","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FalcoBrowserSetup.exe","isInstaller":"True","companyName":"FalcoWare, Inc.                                             ","fileVersion":"0.0","hashMD5":"612fd9230e2dec84a9e70c1032150508","hashSHA1":"2f1d5965a32bef0eae32a6e590c968e5526f5a04","hashSHA256":"0344cf4c13432bcc1f14b8e7f5f4443eeebc50f43c60da4b995051d5c7a944af","sourceIndex":"1899","avBlockList":["360 Total Security (20210629)","Avast Premium Security (20210629)","AVG Internet Security (20210629)","Avira Internet Security (20210629)","Bitdefender Internet Security (20210629)","COMODO Antivirus (20210629)","Dr.Web Security Space (20210629)","ESET Internet Security (20210629)","G DATA INTERNET SECURITY (20210629)","K7 Total Security (20210629)","Kaspersky Internet Security (20210629)","Malwarebytes Premium (20210629)","McAfee Total Protection (20210629)","Norton Security (20210629)","Panda Dome (20210629)","Quick Heal Internet Security (20210629)","Sophos Home Premium (20210629)","SpyHunter5 (20210629)","Tencent PC Manager (20210629)","Total AV Antivirus Pro (20210629)","Trend Micro Internet Security (20210629)","VIPRE Advanced Security (20210629)","VirIT eXplorer PRO (20210629)","Webroot SecureAnywhere (20210629)","Windows Defender (20210629)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt","reference":"","landingPage":"https://falcogames.com/","directDownloadingLink":"https://falcogames.com/rk-distributives/FalcoBrowserSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://falcogames.com/rk-distributives/FalcoBrowserSetup.exe","sourceIndex":"1899"}],"sampleFiles":["210609/FalcoBrowser-210609/2.0/Samples/Falco Browser.exe","210609/FalcoBrowser-210609/2.0/Samples/FalcoBrowserSetup.exe"],"imageFiles":["210609/FalcoBrowser-210609/2.0/Images/ACR-109/FalcoBrowser_Install [7].png","210609/FalcoBrowser-210609/2.0/Images/ACR-109/FalcoBrowser_AppsIntalled [1].png","210609/FalcoBrowser-210609/2.0/Images/ACR-048/FalcoBrowser_Install [7].png","210609/FalcoBrowser-210609/2.0/Images/ACR-059/FalcoBrowser_Install [8].png","210609/FalcoBrowser-210609/2.0/Images/ACR-155/FalcoBrowser_Install [8].png"],"nonDeceptorImageFiles":["210609/FalcoBrowser-210609/2.0/Images/ACR-038/FalcoBrowser_FileProperty [1].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_Install [1].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_Install [2].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_Install [3].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_Install [8].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_Install [9].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_Install [10].png","210609/FalcoBrowser-210609/2.0/Images/ACR-002/FalcoBrowser_Install [2].png","210609/FalcoBrowser-210609/2.0/Images/ACR-092/FalcoBrowser_FileProperty [3].png","210609/FalcoBrowser-210609/2.0/Images/ACR-092/FalcoBrowser_FileProperty [4].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_About [1].png","210609/FalcoBrowser-210609/2.0/Images/ACR-099/FalcoBrowser_About [1].png","210609/FalcoBrowser-210609/2.0/Images/ACR-002/FalcoBrowser_About [1].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_LandingPage [1].png","210609/FalcoBrowser-210609/2.0/Images/ACR-065/FalcoBrowser_LandingPage [2].png","210609/FalcoBrowser-210609/2.0/Images/ACR-099/FalcoBrowser_LandingPage [1].png","210609/FalcoBrowser-210609/2.0/Images/ACR-099/FalcoBrowser_LandingPage [2].png"],"guid":"d5def303-9b2b-4cd1-8da7-32e87022f490_2.0_1","appID":"FalcoBrowser-210609","dateAdded":"210609","deceptorType":"App","name":"Falco Browser","company":"Falco Software","version":"2.0","sigName":"Deceptor:Win32/FalcoBrowser!109048059155","lastKnownStatus":"2.0","lastKnownDate":"210609","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-06-09T17:00:30.8229012+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1662},{"violations":{"ACR-003":"The app exaggerates the identified issues with an alarming red color. The overall exaggerated scanning result leads misleading urgency for the user to take action fixing the identified issues. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThe install does not display link to the Privacy Policy , and Returns and Cancellation Policy \n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"DriverToolkit.exe","companyName":"Megaify Software Co., Ltd.","fileVersion":"8.3","hashMD5":"c68f834c6d3c249ce32385a63e536373","hashSHA1":"1fcfe449f989a31660048cd46ea50d14bb1879fe","hashSHA256":"568f085dcc665cf9ad774b94c92572da636fcfa9755b997ea79911ac447d1182","digitalCertThumbprint":"9A4EE2FB3D6160CCD4E888A2B9A44EADC672C27C","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Megaify Software Co.,Ltd.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Megaify Software Co.,Ltd.\", L=长沙, S=湖南, C=CN","sourceIndex":"1898","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverToolkitInstaller.exe","isInstaller":"True","companyName":"Megaify Software                                            ","fileVersion":"8.3","hashMD5":"b3df5478760ced4d30910eb8e8b594e2","hashSHA1":"d5c01df0ca4642eed24cba084036aac6cad0fa41","hashSHA256":"4ed7d3e09701097244e7eca577c20e88ec0c5d1ffbe2f957e1bb7bf6de4eccbd","digitalCertThumbprint":"9A4EE2FB3D6160CCD4E888A2B9A44EADC672C27C","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Megaify Software Co.,Ltd.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Megaify Software Co.,Ltd.\", L=长沙, S=湖南, C=CN","sourceIndex":"1898","avBlockList":["Avast Premium Security (20211116)","AVG Internet Security (20211116)","Avira Internet Security (20211116)","Bitdefender Internet Security (20211116)","Dr.Web Security Space (20211116)","ESET Internet Security (20211116)","G DATA INTERNET SECURITY (20211116)","K7 Total Security (20211116)","Kaspersky Internet Security (20211116)","Malwarebytes Premium (20211116)","McAfee Total Protection (20211116)","Norton Security (20211116)","Panda Dome (20211116)","Quick Heal Internet Security (20211116)","Sophos Home Premium (20211116)","SpyHunter5 (20211116)","Tencent PC Manager (20211116)","Total AV Antivirus Pro (20211116)","VIPRE Advanced Security (20211116)","VirIT eXplorer PRO (20211116)","Webroot SecureAnywhere (20211116)","Windows Defender (20211116)"],"avAllowList":["360 Total Security (20211116)","COMODO Antivirus (20211116)","Trend Micro Internet Security (20211116)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt","reference":"","landingPage":"https://drivertoolkit.en.softonic.com/","directDownloadingLink":" https://gsf-sp.softonic.com/d5c/01d/f0ca4642eed24cba084036aac6cad0fa41/DriverToolkitInstaller.exe?signature=48d5d92aac07da898b01845f13d13845&expires=1622668233&url=https%3A%2F%2Fdrivertoolkit.en.softonic.com&filename=DriverToolkitInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":" https://gsf-sp.softonic.com/d5c/01d/f0ca4642eed24cba084036aac6cad0fa41/DriverToolkitInstaller.exe?signature=48d5d92aac07da898b01845f13d13845&expires=1622668233&url=https%3A%2F%2Fdrivertoolkit.en.softonic.com&filename=DriverToolkitInstaller.exe","sourceIndex":"1898"}],"sampleFiles":["210609/DriverToolkit-180121/8.3.5/Samples/DriverToolkit.exe","210609/DriverToolkit-180121/8.3.5/Samples/DriverToolkitInstaller.exe"],"imageFiles":["210609/DriverToolkit-180121/8.3.5/Images/ACR-003/DriverToolkit_Interactions [1].png","210609/DriverToolkit-180121/8.3.5/Images/ACR-003/DriverToolkit_Interactions [2].png","210609/DriverToolkit-180121/8.3.5/Images/ACR-003/DriverToolkit_Interactions [3].png","210609/DriverToolkit-180121/8.3.5/Images/ACR-003/DriverToolkit_Interactions [4].png"],"nonDeceptorImageFiles":["210609/DriverToolkit-180121/8.3.5/Images/ACR-065/DriverToolkit_About [1].png","210609/DriverToolkit-180121/8.3.5/Images/ACR-065/DriverToolkit_Install [1].png","210609/DriverToolkit-180121/8.3.5/Images/ACR-065/DriverToolkit_Install [3].png","210609/DriverToolkit-180121/8.3.5/Images/ACR-065/DriverToolkit_Install [8].png","210609/DriverToolkit-180121/8.3.5/Images/ACR-099/DriverToolkit_About [1].png"],"guid":"80419ec6-0dd0-489c-89fe-819481d908e3_8.3.5_1","appID":"DriverToolkit-180121","dateAdded":"210609","deceptorType":"App","name":"DriverToolkit","company":"Megaify Software","version":"8.3.5","sigName":"Deceptor:Win32/DriverToolkit!003","firstResolvedVersion":"","lastKnownStatus":"Deceptor:8.0.166;NonCertified:8.6.0.1;Deceptor:8.5.0.0; Deceptor: 8.3.5","lastKnownDate":"210609","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-06-09T17:09:33.9038557+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1663},{"violations":{"ACR-003":"The app exaggerates the identified issues with an alarming red color. The overall exaggerated scanning result leads misleading urgency for the user to take action fixing the identified issues. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThe install does not display link to the Privacy Policy , and Returns and Cancellation Policy \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The landing page does not display links to uninstall information\nThe application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"DriverToolkit.exe","companyName":"Megaify Software Co., Ltd.","fileVersion":"8.5","hashMD5":"b35bcdc8758f44bb092590d92a8e744c","hashSHA1":"ed9f80437bd8c6de9a5d5969432574711d054eaa","hashSHA256":"a32a89ecbe1047c8644acbc85bb5306dfb9abcb8213e8c5253e68b196093a53a","digitalCertThumbprint":"8C228F9C88D0639884D7AA3481E7AFA35E6AED20","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Megaify Software Co.,Ltd.\", O=\"Megaify Software Co.,Ltd.\", L=长沙, S=湖南, C=CN","sourceIndex":"1996","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverToolkitInstaller (1).exe","isInstaller":"True","companyName":"Megaify Software                                            ","fileVersion":"8.5","hashMD5":"ade449592745b54724fa70ec488b99fd","hashSHA1":"9aa32c2a67da99465f6b4c8c88cd52b109a243c4","hashSHA256":"2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6","digitalCertThumbprint":"8C228F9C88D0639884D7AA3481E7AFA35E6AED20","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Megaify Software Co.,Ltd.\", O=\"Megaify Software Co.,Ltd.\", L=长沙, S=湖南, C=CN","sourceIndex":"1996","avBlockList":["Avast Premium Security (20211111)","AVG Internet Security (20211111)","Avira Internet Security (20211111)","Bitdefender Internet Security (20211111)","Dr.Web Security Space (20211111)","ESET Internet Security (20211111)","G DATA INTERNET SECURITY (20211111)","K7 Total Security (20211111)","Kaspersky Internet Security (20211111)","Malwarebytes Premium (20211111)","McAfee Total Protection (20211111)","Norton Security (20211111)","Panda Dome (20211111)","Quick Heal Internet Security (20211111)","Sophos Home Premium (20211111)","SpyHunter5 (20211111)","Tencent PC Manager (20211111)","Total AV Antivirus Pro (20211111)","Trend Micro Internet Security (20211111)","VIPRE Advanced Security (20211111)","VirIT eXplorer PRO (20211111)","Webroot SecureAnywhere (20211111)","Windows Defender (20211111)"],"avAllowList":["360 Total Security (20211111)","COMODO Antivirus (20211111)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.driverscape.com","directDownloadingLink":"https://www.driverscape.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.driverscape.com/download","sourceIndex":"1996"}],"sampleFiles":["210203/DriverToolkit-180121/8.5.0.0/Samples/DriverToolkit.exe","210203/DriverToolkit-180121/8.5.0.0/Samples/DriverToolkitInstaller (1).exe"],"imageFiles":["210203/DriverToolkit-180121/8.5.0.0/Images/ACR-003/DriverToolkit_Interactions [2].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-003/DriverToolkit_Interactions [3].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-003/DriverToolkit_Interactions [4].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-003/DriverToolkit_Interactions [7].png"],"nonDeceptorImageFiles":["210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_About [1].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_About[1].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_Install [1].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_Install [2].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_Install [3].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_Install [4].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_Install [1].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_Install [2].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_Install [3].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_LandingPage [1].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-065/DriverToolkit_LandingPage [1].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-099/DriverToolkit_LandingPage [1].png","210203/DriverToolkit-180121/8.5.0.0/Images/ACR-099/DriverToolkit_About [1].png"],"guid":"80419ec6-0dd0-489c-89fe-819481d908e3_8.5.0.0_1","appID":"DriverToolkit-180121","dateAdded":"210609","deceptorType":"App","name":"DriverToolkit","company":"Megaify Software","version":"8.5.0.0","firstResolvedVersion":"","lastKnownStatus":"Deceptor:8.0.166;NonCertified:8.6.0.1;Deceptor:8.5.0.0; Deceptor: 8.3.5","lastKnownDate":"210609","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-06-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1664},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims. The extension does not detects malicious URLs.\n","EXR-057":"The extension changes the search engine that is not unrelated functionality, it changes the search engine to Bing.\n"},"nonDeceptorViolations":{"EXR-037":"The primary value proposition doesn't exist. The app does not detects malicious URLs.\n"},"samples":[{"isRevoked":"False","fileName":"UrbanAntiMalware.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d06b4ec25324a976f66feedd4d5a3179d41540ded003c4cb8ca58650ffc9f4fa","storeId":"efbobpikdmjaaklfkdlgfopochnjadab","sourceIndex":"1896","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Urban Anti-Malware - Safe Browsing.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"5d41f9e84fcd31b2e57542f9c3ff716b30fae01a8d82941b02fb2236fd26019e","sourceIndex":"1896","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"https://www.urban-vpn.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/urban-anti-malware-safe-b/efbobpikdmjaaklfkdlgfopochnjadab","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/urban-anti-malware-safe-b/efbobpikdmjaaklfkdlgfopochnjadab","sourceIndex":"1896"}],"sampleFiles":["210609/cx-UrbanAntiMalware-210601/1.5.0/Samples/UrbanAntiMalware.crx","210609/cx-UrbanAntiMalware-210601/1.5.0/Samples/Urban Anti-Malware - Safe Browsing.zip"],"imageFiles":["210609/cx-UrbanAntiMalware-210601/1.5.0/Images/EXR-057/EXR-057.mp4","210609/cx-UrbanAntiMalware-210601/1.5.0/Images/EXR-025/EXR-025.JPG","210609/cx-UrbanAntiMalware-210601/1.5.0/Images/EXR-025/EXR-025_1.JPG"],"nonDeceptorImageFiles":["210609/cx-UrbanAntiMalware-210601/1.5.0/Images/EXR-037/EXR-037.JPG","210609/cx-UrbanAntiMalware-210601/1.5.0/Images/EXR-037/EXR-037_1.JPG"],"guid":"c342dac1-2272-4630-a7ef-9f44994bc07c_1.5.0_1","appID":"cx-UrbanAntiMalware-210601","dateAdded":"210609","deceptorType":"Browser Extension","name":"Urban Anti-Malware - Safe Browsing","company":"Urban VPN","version":"1.5.0","sigName":"Deceptor:BEX/Urban Anti-Malware - Safe Browsing!057025","lastKnownStatus":"1.5.0","lastKnownDate":"210609","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-06-09T21:01:30.8814655+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1666},{"violations":{"EXR-025":"The extension misrepresents its functionality. It claims that TV channels  are free but after watching the tv for a minute it asks for a subscription to continue watching.\n","EXR-039":"The extension misleads by using \"Play Now\", \"Watch Live Now\"  that looks like linked to TV channel playing, in fact it leads to click the ads. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"TVforGoogleChrome.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d99c9b690200e1c7a2b55bbff7544f91f927aa8d77f6f2743b787767c571fe45","storeId":"","sourceIndex":"1894","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TV for Google Chrome.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"79b129cba706784a1faa9cf612946b96fed5fbadd0db875ccd8e9bed96745499","storeId":"licccgnfdlgmmmgaddmbcepikfadcmpe","sourceIndex":"1894","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- TV","reference":"","landingPage":"http://www.tv-chrome.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/tv-for-google-chrome/licccgnfdlgmmmgaddmbcepikfadcmpe/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/tv-for-google-chrome/licccgnfdlgmmmgaddmbcepikfadcmpe/","sourceIndex":"1894"}],"sampleFiles":["210609/cx-TVforGoogleChrome-210604/3.2.1/Samples/TV for Google Chrome.zip"],"imageFiles":["210609/cx-TVforGoogleChrome-210604/3.2.1/Images/EXR-025/EXR-025.JPG","210609/cx-TVforGoogleChrome-210604/3.2.1/Images/EXR-025/EXR-025.mp4","210609/cx-TVforGoogleChrome-210604/3.2.1/Images/EXR-025/EXR-025_1.JPG","210609/cx-TVforGoogleChrome-210604/3.2.1/Images/EXR-039/EXR-039_1.JPG","210609/cx-TVforGoogleChrome-210604/3.2.1/Images/EXR-039/EXR-039_2.JPG","210609/cx-TVforGoogleChrome-210604/3.2.1/Images/EXR-039/EXR-039_3.JPG"],"nonDeceptorImageFiles":[],"guid":"df705493-d3ac-4a68-b2ba-2029c5c09bbe_3.2.1_1","appID":"cx-TVforGoogleChrome-210604","dateAdded":"210609","deceptorType":"Browser Extension","name":"TV for Google Chrome","company":"www.tv-chrome.com","version":"3.2.1","sigName":"Deceptor:BEX/TVforGoogleChrome!025039","lastKnownStatus":"3.2.1","lastKnownDate":"210609","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-06-09T23:46:02.9945313+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1667},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Avatar Plus.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"c1352bb18cdaa7d3a577be885f32f2ec8b4b181ebdc9a691de1f6df334268730","storeId":"mlckogcoeeoakenkcjngcjdmifkaddfp","sourceIndex":"1893","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Avatar Plus.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"35262f2deb4be74a8bd45df9d3490f356103ff0a68fe6b2d4ff75b9c02e87ff5","sourceIndex":"1893","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/avatar-plus/mlckogcoeeoakenkcjngcjdmifkaddfp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/avatar-plus/mlckogcoeeoakenkcjngcjdmifkaddfp","sourceIndex":"1893"}],"sampleFiles":["210609/cx-AvatarPlus-210528/1.0/Samples/AvatarPlus.crx","210609/cx-AvatarPlus-210528/1.0/Samples/Avatar Plus.zip"],"imageFiles":["210609/cx-AvatarPlus-210528/1.0/Images/EXR-025/EXR-025.JPG","210609/cx-AvatarPlus-210528/1.0/Images/EXR-025/EXR-025_1.JPG"],"nonDeceptorImageFiles":["210609/cx-AvatarPlus-210528/1.0/Images/EXR-002/EXR-002.JPG","210609/cx-AvatarPlus-210528/1.0/Images/EXR-037/EXR-037.JPG","210609/cx-AvatarPlus-210528/1.0/Images/EXR-037/EXR-037_1.JPG","210609/cx-AvatarPlus-210528/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"868ad157-2173-4e8c-a43f-b22fe5f59dfc_1.0_1","appID":"cx-AvatarPlus-210528","dateAdded":"210609","deceptorType":"Browser Extension","name":"Avatar Plus","company":"Avatar Plus","version":"1.0","sigName":"Deceptor:BEX/AvatarPlus!025","lastKnownStatus":"1.0","lastKnownDate":"210609","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-06-09T23:56:50.2660797+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1669},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims. It does not block any popular porn sites like XNXX, XVideos, and Pornhub, etc.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist. It does not block any adult or porn sites.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"ParentalControlPornBlocker.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"805054d8d3129296669d320fde4931de313ad10e463f9478dea8bca27c5a416e","storeId":"kmillccnmojidmkhhjngjlalnbhpobcl","sourceIndex":"1895","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Parental Control Porn Blocker.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"1d01597f9146697f0854bd3ba374b4fd8d3960275e7321c470ffd01babeeaa69","sourceIndex":"1895","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/parental-control-porn-blo/kmillccnmojidmkhhjngjlalnbhpobcl/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/parental-control-porn-blo/kmillccnmojidmkhhjngjlalnbhpobcl/","sourceIndex":"1895"}],"sampleFiles":["210609/cx-ParentalControlPornBlocker-210531/1.5.2/Samples/ParentalControlPornBlocker.crx","210609/cx-ParentalControlPornBlocker-210531/1.5.2/Samples/Parental Control Porn Blocker.zip"],"imageFiles":["210609/cx-ParentalControlPornBlocker-210531/1.5.2/Images/EXR-025/EXR-025.JPG","210609/cx-ParentalControlPornBlocker-210531/1.5.2/Images/EXR-025/EXR-025_1.JPG","210609/cx-ParentalControlPornBlocker-210531/1.5.2/Images/EXR-025/EXR-025_2.jpg"],"nonDeceptorImageFiles":["210609/cx-ParentalControlPornBlocker-210531/1.5.2/Images/EXR-002/EXR-002.JPG","210609/cx-ParentalControlPornBlocker-210531/1.5.2/Images/EXR-037/EXR-037.JPG","210609/cx-ParentalControlPornBlocker-210531/1.5.2/Images/EXR-037/EXR-037_1.JPG","210609/cx-ParentalControlPornBlocker-210531/1.5.2/Images/EXR-037/EXR-037_2.jpg","210609/cx-ParentalControlPornBlocker-210531/1.5.2/Images/EXR-042/EXR-042.JPG"],"guid":"45577857-9b64-4148-a66b-82aa8973f7ad_1.5.2_1","appID":"cx-ParentalControlPornBlocker-210531","dateAdded":"210609","deceptorType":"Browser Extension","name":"Parental Control: Porn Blocker","company":"Parental Control Tools","version":"1.5.2","sigName":"Deceptor:BEX/ParentalControlPornBlocker!025","lastKnownStatus":"1.5.2","lastKnownDate":"210609","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,MacOS,Windows Server","targetBrowser":"Chrome","lastUpdate":"2021-06-09T22:17:52.2300714+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1668},{"violations":{"ACR-003":"The application reports missing or corrupt drivers but details show that the driver currently installed is a newer driver than the one recommended by the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from launching on startup from the software preferences.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-161":"The application's displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"DriverToolkitInstaller.exe","isInstaller":"True","companyName":"Megaify Software","productName":"DriverToolkit","productVersion":"8.5.1.0","fileVersion":"8.5.1","hashMD5":"7d307e2225d784b3cb69473b4f816e15","hashSHA1":"51f3fc3fe81cbb1ce6590727cf79848c7630163b","hashSHA256":"b3e69ad90f3b0ab7b34d96c74851a0fd9d4c9c755fdc23b6ee211cae5d86f3a4","digitalCertThumbprint":"8C228F9C88D0639884D7AA3481E7AFA35E6AED20","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Megaify Software Co.,Ltd.","sourceIndex":"3665","avBlockList":["Avast Premium Security (20210615)","AVG Internet Security (20210615)","Avira Internet Security (20210615)","Bitdefender Internet Security (20210615)","COMODO Antivirus (20210615)","Dr.Web Security Space (20210615)","ESET Internet Security (20210615)","G DATA INTERNET SECURITY (20210615)","K7 Total Security (20210615)","Kaspersky Internet Security (20210615)","Malwarebytes Premium (20210615)","McAfee Total Protection (20210615)","Panda Dome (20210615)","Quick Heal Internet Security (20210615)","Sophos Home Premium (20210615)","SpyHunter5 (20210615)","Tencent PC Manager (20210615)","Total AV Antivirus Pro (20210615)","Trend Micro Internet Security (20210615)","VIPRE Advanced Security (20210615)","VirIT eXplorer PRO (20210615)","Webroot SecureAnywhere (20210615)","Windows Defender (20210615)"],"avAllowList":["360 Total Security (20210615)","Norton Security (20210615)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"http://www.drivertoolkit.com/","directDownloadingLink":"http://www.drivertoolkit.com/download","ipv4":"","ipv6":"","sourceIndex":"3665"}],"sampleFiles":["180123/DriverToolkit-180121/8.0.166/Samples/DriverToolkitInstaller.exe"],"imageFiles":["180123/DriverToolkit-180121/8.0.166/Images/ACR-003/ACR-003_software.JPG","180123/DriverToolkit-180121/8.0.166/Images/ACR-003/ACR-003_SOFTWARE1.JPG","180123/DriverToolkit-180121/8.0.166/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180123/DriverToolkit-180121/8.0.166/Images/ACR-065/ACR-065_software.JPG","180123/DriverToolkit-180121/8.0.166/Images/ACR-161/ACR-161_landingpage.JPG","180123/DriverToolkit-180121/8.0.166/Images/ACR-161/ACR-161_internaloffer.JPG","180123/DriverToolkit-180121/8.0.166/Images/ACR-099/ACR-099_software.JPG"],"guid":"80419ec6-0dd0-489c-89fe-819481d908e3_8.0.166_1","appID":"DriverToolkit-180121","dateAdded":"210609","deceptorType":"App","name":"DriverToolkit","company":"Megaify Software","version":"8.0.166","sigName":"Deceptor:Win32/DriverToolkit!003084","firstResolvedVersion":"","lastKnownStatus":"Deceptor:8.0.166;NonCertified:8.6.0.1;Deceptor:8.5.0.0; Deceptor: 8.3.5","lastKnownDate":"210609","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-06-09T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":3,"sortOrder":1665},{"violations":{"EXR-025":"The features described in extension overview is not contained in extension. Instead it opens website that do online scanning for URL and files. The features described in overview is not accurate and misleading. URL scanning just uses Dr. Web online scan to get the result.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition is broken. The file scanning doesn't work\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"AntivirusTotallProtection.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"fb85c985b16cacf496e679fb99bb233f4442b74e58f226152afbe0314be8ed58","storeId":"npegaambembapehhcojbmdalajagajio","sourceIndex":"1900","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Antivirus Totall Protection.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"15b2ed2454d2b54997725776de163ab69f35617708c172e038c08c8e01ac6c24","sourceIndex":"1900","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related Apps","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/antivirus-totall-protecti/npegaambembapehhcojbmdalajagajio","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/antivirus-totall-protecti/npegaambembapehhcojbmdalajagajio","sourceIndex":"1900"}],"sampleFiles":["210605/cx-AntivirusTotallProtection-210531/1.0.2/Samples/AntivirusTotallProtection.crx","210605/cx-AntivirusTotallProtection-210531/1.0.2/Samples/Antivirus Totall Protection.zip"],"imageFiles":["210605/cx-AntivirusTotallProtection-210531/1.0.2/Images/EXR-025/EXR-025.mp4","210605/cx-AntivirusTotallProtection-210531/1.0.2/Images/EXR-025/EXR-025_1.JPG","210605/cx-AntivirusTotallProtection-210531/1.0.2/Images/EXR-025/FakeAVTotal.JPG"],"nonDeceptorImageFiles":["210605/cx-AntivirusTotallProtection-210531/1.0.2/Images/EXR-002/EXR-002_.JPG","210605/cx-AntivirusTotallProtection-210531/1.0.2/Images/EXR-002/EXR-002_1.JPG","210605/cx-AntivirusTotallProtection-210531/1.0.2/Images/EXR-037/EXR-037.mp4","210605/cx-AntivirusTotallProtection-210531/1.0.2/Images/EXR-037/EXR-037_1.JPG","210605/cx-AntivirusTotallProtection-210531/1.0.2/Images/EXR-042/EXR-042.JPG"],"guid":"b94ce394-f082-41c6-97a3-c6313c9e49f5_1.0.2_1","appID":"cx-AntivirusTotallProtection-210531","dateAdded":"210605","deceptorType":"Browser Extension","name":"Antivirus Totall Protection","company":"ProApp","version":"1.0.2","sigName":"Deceptor:BEX/AntivirusTotallProtection!025","lastKnownStatus":"1.0.2","lastKnownDate":"210605","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-06-06T05:38:47.5641914+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1670},{"violations":{"EXR-057":"The extension changes the search engine in address bar and home page by setting newtab when open browser.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-051":"This extension request permission to changes the browser search engine (address bar search) and homepage when open the browser, which is beyond the extension focused area functions. \n\n"},"samples":[{"isRevoked":"False","fileName":"FiletoPDFConverter.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"c2b6d55a9d77bfe264bb1b45625144cb8e78bb029534993e705f632cd66a9894","storeId":"mmajglkodkfnjkfplgalflgkpmfgcajd","sourceIndex":"1901","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"File to PDF Converter.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"a3e04364498631a8436dec9ded7a99209dc69ae9e91e6ac0bfac3ab77b0f3398","sourceIndex":"1901","avBlockList":[],"avAllowList":[]}],"additionalFiles":[{"isRevoked":"False","fileName":"pdfconvert.live","isAdditional":"True","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"1901","avBlockList":[],"avAllowList":[]}],"sources":[{"howFound":"Web Store search- Converter","reference":"","landingPage":"http://pdfconvert.live","directDownloadingLink":"https://chrome.google.com/webstore/detail/file-to-pdf-converter/mmajglkodkfnjkfplgalflgkpmfgcajd/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/file-to-pdf-converter/mmajglkodkfnjkfplgalflgkpmfgcajd/","sourceIndex":"1901"}],"sampleFiles":["210603/cx-FiletoPDFConverter-210602/0.8/Samples/FiletoPDFConverter.crx","210603/cx-FiletoPDFConverter-210602/0.8/Samples/File to PDF Converter.zip"],"imageFiles":["210603/cx-FiletoPDFConverter-210602/0.8/Images/EXR-057/EXR-057.mp4"],"nonDeceptorImageFiles":["210603/cx-FiletoPDFConverter-210602/0.8/Images/EXR-051/EXR-051.JPG","210603/cx-FiletoPDFConverter-210602/0.8/Images/EXR-002/EXR--002.JPG"],"guid":"5cf58c6d-523f-4107-846a-b3aad5bbb57b_0.8_1","appID":"cx-FiletoPDFConverter-210602","dateAdded":"210603","deceptorType":"Browser Extension","name":"File to PDF Converter","company":"pdfconvert.live","version":"0.8","sigName":"Deceptor:BEX/FiletoPDFConverter!057","lastKnownStatus":"0.8","lastKnownDate":"210603","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-06-03T22:21:34.7790204+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1671},{"violations":{"ACR-048":"After first launch, consumer cannot close and cancel, which limits the consumer's ability to stop the installation.\n\nThe app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a non-standard directory.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-097":"The app prompts the user to disable anti-virus list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n","ACR-014":"The app calls itself \"mssched.exe” and \"jusched32.exe\", which is not related to the name \"pcTattletale \", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is not installed in a standard location and does not have an identifiable name in the install location.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-167":"Return and cancelation policy is restrictive and offers unnecessary friction, going so far as to advise the customer to order a chargeback order if they are unsatisfied with their policy\n"},"samples":[{"isRevoked":"False","fileName":"Setup116082-1621847546.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"243afa79d571d107c026a0a319242e4c","hashSHA1":"06233f9476f047241f5659ab61e9f2f3407cfe0c","hashSHA256":"ffdb41a975f297a9bcb463f5eb3b31b6865e5fd5c1c39b952a08a40c77f25d4d","digitalCertThumbprint":"E5EFC1DFE32C4F0C22218C08FB30300A7EBE5656","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=\"FLEMING TECHNOLOGIES, LLC\", O=\"FLEMING TECHNOLOGIES, LLC\", L=Bruce TWP, S=Michigan, C=US","sourceIndex":"1908","avBlockList":["360 Total Security (20210617)","Avast Premium Security (20210617)","AVG Internet Security (20210617)","Avira Internet Security (20210617)","Bitdefender Internet Security (20210617)","ESET Internet Security (20210617)","G DATA INTERNET SECURITY (20210617)","K7 Total Security (20210617)","Kaspersky Internet Security (20210617)","Malwarebytes Premium (20210617)","McAfee Total Protection (20210617)","Norton Security (20210617)","Panda Dome (20210617)","Quick Heal Internet Security (20210617)","Sophos Home Premium (20210617)","SpyHunter5 (20210617)","Tencent PC Manager (20210617)","Total AV Antivirus Pro (20210617)","VIPRE Advanced Security (20210617)","VirIT eXplorer PRO (20210617)","Webroot SecureAnywhere (20210617)","Windows Defender (20210617)"],"avAllowList":["COMODO Antivirus (20210617)","Dr.Web Security Space (20210617)","Trend Micro Internet Security (20210617)"]},{"isRevoked":"False","fileName":"jusched32.exe","companyName":"Microsoft","fileVersion":"1.0","hashMD5":"e9a0893720bed5e9b1b45ac58419d1df","hashSHA1":"8a0b555271ff55938990643547314b168fadd8d0","hashSHA256":"48ddff047c147ec166474164171865b43d6a7f902bfa8093149d2f63477f29c2","digitalCertThumbprint":"E5EFC1DFE32C4F0C22218C08FB30300A7EBE5656","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=\"FLEMING TECHNOLOGIES, LLC\", O=\"FLEMING TECHNOLOGIES, LLC\", L=Bruce TWP, S=Michigan, C=US","sourceIndex":"1908","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mssched.exe","companyName":"Microsoft","fileVersion":"1.0","hashMD5":"e678ec6d7f4b74449e4e0824494f12b3","hashSHA1":"7098f8d504d4d2f4c51f7a209c4dd7e1d024b7ec","hashSHA256":"575b5841acbc42effc7a15f18cc6c8086becb0ca41c048dd600fee6aaaab4fcb","digitalCertThumbprint":"E5EFC1DFE32C4F0C22218C08FB30300A7EBE5656","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=\"FLEMING TECHNOLOGIES, LLC\", O=\"FLEMING TECHNOLOGIES, LLC\", L=Bruce TWP, S=Michigan, C=US","sourceIndex":"1908","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.pctattletale.com/","landingPage":"https://www.pctattletale.com/","directDownloadingLink":"https://cutt.ly/anqRHEN","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cutt.ly/anqRHEN","sourceIndex":"1908"}],"sampleFiles":["210527/pcTattletale-210525/1.0/Samples/Setup116082-1621847546.exe","210527/pcTattletale-210525/1.0/Samples/jusched32.exe","210527/pcTattletale-210525/1.0/Samples/mssched.exe"],"imageFiles":["210527/pcTattletale-210525/1.0/Images/ACR-048/pcTattleTale_Install [1].png","210527/pcTattletale-210525/1.0/Images/ACR-048/pcTattleTale_Install [3].png","210527/pcTattletale-210525/1.0/Images/ACR-084/pcTattleTale_ControlPanel [1].png","210527/pcTattletale-210525/1.0/Images/ACR-084/pcTattleTale_RunningProcess [2].png","210527/pcTattletale-210525/1.0/Images/ACR-084/pcTattleTale_Files [1].png","210527/pcTattletale-210525/1.0/Images/ACR-086/pcTattleTale_Login [1]_.png","210527/pcTattletale-210525/1.0/Images/ACR-097/pcTattleTale_LandingPage [5].png","210527/pcTattletale-210525/1.0/Images/ACR-048/pcTattleTale_RunningProcess [3].png","210527/pcTattletale-210525/1.0/Images/ACR-014/pcTattleTale_RunningProcess [2].png","210527/pcTattletale-210525/1.0/Images/ACR-116/pcTattleTale_ControlPanel [1].png"],"nonDeceptorImageFiles":["210527/pcTattletale-210525/1.0/Images/ACR-038/pcTattleTale_FileProperty [1].png","210527/pcTattletale-210525/1.0/Images/ACR-038/pcTattleTale_FileProperty [2].png","210527/pcTattletale-210525/1.0/Images/ACR-040/pcTattleTale_Files [1].png","210527/pcTattletale-210525/1.0/Images/ACR-167/pcTattleTale_RefundPolicy [1].png","210527/pcTattletale-210525/1.0/Images/ACR-161/pcTattleTale_OfferPage [2].png"],"guid":"767839a8-9407-4a56-b0eb-5f41f9921b48_1.0_1","appID":"pcTattletale-210525","dateAdded":"210527","deceptorType":"App","name":"pcTattletale","company":"Fleming Technologies, LLC","version":"1.0","sigName":"Deceptor:Win32/PCTattletale!048084086097014116","lastKnownStatus":"1.0","lastKnownDate":"210527","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2021-05-28T03:04:56.6956622+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1672},{"violations":{"ACR-003":"The application exaggerates invalid registry keys as problems, thereby misleading or scaring user to take action.\n","ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 5 invalid registries) before requiring consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-157":"The application does not have a digital certificate.\n","ACR-099":"The app does not display links to uninstall information. \nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The consumer is required to opt-out of additional payment for download protection and backup media which was not previously disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"regcleaner.exe","isInstaller":"True","companyName":"Digeus, Inc                                               ","fileVersion":"12.0","hashMD5":"cd49b0f6574807d3bbd892fe353fce49","hashSHA1":"ae7da74a2c7ad2c8ec35e6fc2fef498ef0cdf8b2","hashSHA256":"65f90700c6a4804d0f0b1fce1d7cf4783a2d1d27d4e2801ef8f8b1419cf38fad","sourceIndex":"1909","avBlockList":["360 Total Security (20210622)","Avast Premium Security (20210622)","AVG Internet Security (20210622)","Avira Internet Security (20210622)","Bitdefender Internet Security (20210622)","ESET Internet Security (20210622)","G DATA INTERNET SECURITY (20210622)","K7 Total Security (20210622)","McAfee Total Protection (20210622)","Norton Security (20210622)","Panda Dome (20210622)","Quick Heal Internet Security (20210622)","Sophos Home Premium (20210622)","SpyHunter5 (20210622)","Tencent PC Manager (20210622)","Total AV Antivirus Pro (20210622)","VIPRE Advanced Security (20210622)","VirIT eXplorer PRO (20210622)","Webroot SecureAnywhere (20210622)","Windows Defender (20210622)"],"avAllowList":["COMODO Antivirus (20210622)","Dr.Web Security Space (20210622)","Kaspersky Internet Security (20210622)","Malwarebytes Premium (20210622)","Trend Micro Internet Security (20210622)"]},{"isRevoked":"False","fileName":"RegistryCleaner.exe","companyName":"Digeus, Inc.","fileVersion":"7.3","hashMD5":"7eb077ffda2c2a2b1b5ecfda49158460","hashSHA1":"ea59fbd30c2bc0ad94de86463b9ee07fa2efd360","hashSHA256":"af866e31e6670e4c784a0cbefa7ca86332a8f39c305279f1205bbd343e6101e2","sourceIndex":"1909","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Clean up junk files","reference":"http://digeus.com","landingPage":"http://www.digeus.com/products/regcleaner/registry-cleaner.html","directDownloadingLink":"http://digeus.com/downloads/regcleaner/files/regcleaner.exe","ipv4":"","ipv6":"","landingPageWildChar":"http://digeus.com/downloads/regcleaner/files/regcleaner.exe","directDownloadingLinkWildChar":"http://digeus.com/downloads/regcleaner/files/regcleaner.exe","sourceIndex":"1909"}],"sampleFiles":["210526/RegistryCleaner-200610/7.3/Samples/regcleaner.exe","210526/RegistryCleaner-200610/7.3/Samples/RegistryCleaner.exe"],"imageFiles":["210526/RegistryCleaner-200610/7.3/Images/ACR-004/Digeus Registry Cleaner_Interactions [2].png","210526/RegistryCleaner-200610/7.3/Images/ACR-004/Digeus Registry Cleaner_Interactions [3].png","210526/RegistryCleaner-200610/7.3/Images/ACR-004/Digeus Registry Cleaner_Interactions [4].png","210526/RegistryCleaner-200610/7.3/Images/ACR-004/Digeus Registry Cleaner_Interactions [5].png","210526/RegistryCleaner-200610/7.3/Images/ACR-004/Digeus Registry Cleaner_Interactions [6].png","210526/RegistryCleaner-200610/7.3/Images/ACR-003/Digeus Registry Cleaner_Interactions [2].png","210526/RegistryCleaner-200610/7.3/Images/ACR-003/Digeus Registry Cleaner_Interactions [3].png"],"nonDeceptorImageFiles":["210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_Install [1].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_Install [2].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_Install [3].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_Install [4].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_Install [5].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_Install [6].png","210526/RegistryCleaner-200610/7.3/Images/ACR-157/Digeus Registry Cleaner_FileProperty [1].png","210526/RegistryCleaner-200610/7.3/Images/ACR-157/Digeus Registry Cleaner_FileProperty [2].png","210526/RegistryCleaner-200610/7.3/Images/ACR-157/Digeus Registry Cleaner_FileProperty [3].png","210526/RegistryCleaner-200610/7.3/Images/ACR-157/Digeus Registry Cleaner_FileProperty [4].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_Interactions [7].png","210526/RegistryCleaner-200610/7.3/Images/ACR-099/Digeus Registry Cleaner_Interactions [7].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_LandingPage [1].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_LandingPage [2].png","210526/RegistryCleaner-200610/7.3/Images/ACR-099/Digeus Registry Cleaner_LandingPage [1].png","210526/RegistryCleaner-200610/7.3/Images/ACR-099/Digeus Registry Cleaner_LandingPage [2].png","210526/RegistryCleaner-200610/7.3/Images/ACR-171/Digeus Registry Cleaner_OfferPage [2].png","210526/RegistryCleaner-200610/7.3/Images/ACR-065/Digeus Registry Cleaner_OfferPage [1].png","210526/RegistryCleaner-200610/7.3/Images/ACR-099/Digeus Registry Cleaner_OfferPage [1].png"],"guid":"df331c77-c9f1-46c9-bb20-6796c0e3e665_7.3_1","appID":"RegistryCleaner-200610","dateAdded":"210526","deceptorType":"App","name":"Digeus Registry Cleaner ","company":"Digeus Incorporation","version":"7.3","sigName":"Deceptor:Win32/DigeusRegistryCleaner!003004","lastKnownStatus":"7.3","lastKnownDate":"210526","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-05-26T21:31:47.6716159+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1673},{"violations":{"ACR-003":"The application exaggerates invalid registry keys as problems, thereby misleading or scaring user to take action.\n","ACR-004":"The app provides free scan results, but does not provide a fully functional trial (only provides fixes for 5 invalid registries) before requiring consumer to pay.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-157":"The application does not have a digital certificate\n","ACR-099":"The app does not display links to uninstall information. \nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The consumer is required to opt-out of additional payment for download protection and backup media which was not previously disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"regcleaner_5_5.exe","isInstaller":"True","companyName":"Digeus, Inc.                                                 ","fileVersion":"16.0","hashMD5":"e2e32a3f62952c201722c671a21592b5","hashSHA1":"def188254a71956e67ed72ef62784d779cc1e96e","hashSHA256":"14d3ff90229baaf1e6a590adfd50c0e37071c9d97fc80935cc5a90c401d467c6","sourceIndex":"2415","avBlockList":["Avast Premium Security (20210624)","AVG Internet Security (20210624)","Avira Internet Security (20210624)","Bitdefender Internet Security (20210624)","ESET Internet Security (20210624)","K7 Total Security (20210624)","Malwarebytes Premium (20210624)","McAfee Total Protection (20210624)","Norton Security (20210624)","Panda Dome (20210624)","Sophos Home Premium (20210624)","SpyHunter5 (20210624)","Tencent PC Manager (20210624)","Total AV Antivirus Pro (20210624)","Trend Micro Internet Security (20210624)","VIPRE Advanced Security (20210624)","VirIT eXplorer PRO (20210624)","Webroot SecureAnywhere (20210624)","Windows Defender (20210624)"],"avAllowList":["360 Total Security (20210624)","COMODO Antivirus (20210624)","Dr.Web Security Space (20210624)","G DATA INTERNET SECURITY (20210624)","Kaspersky Internet Security (20210624)","Quick Heal Internet Security (20210624)"]},{"isRevoked":"False","fileName":"RegistryCleaner.exe","companyName":"Digeus, Inc.","fileVersion":"5.5","hashMD5":"d9e9a15fe9e5a93f4cecdbb3f8a9f415","hashSHA1":"c6cb3c166009a3501819a29a3328a75d9fcea25e","hashSHA256":"546404b26bfeffa66c706768b28640d56c9af693bef5d3939cb9c31c0265a561","sourceIndex":"2415","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Clean up junk files","reference":"http://digeus.com","landingPage":"http://digeus.com","directDownloadingLink":"http://digeus.com/downloads/regcleaner/files/5/regcleaner_5_5.exe","ipv4":"","ipv6":"","landingPageWildChar":"http://digeus.com/downloads/regcleaner/files/5/regcleaner_5_5.exe","directDownloadingLinkWildChar":"http://digeus.com/downloads/regcleaner/files/5/regcleaner_5_5.exe","sourceIndex":"2415"}],"sampleFiles":["200611/RegistryCleaner-200610/5.5/Samples/regcleaner_5_5.exe","200611/RegistryCleaner-200610/5.5/Samples/RegistryCleaner.exe"],"imageFiles":["200611/RegistryCleaner-200610/5.5/Images/ACR-004/Registry Cleaner_Interaction [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-004/Registry Cleaner_Interaction [2].png","200611/RegistryCleaner-200610/5.5/Images/ACR-004/Registry Cleaner_Interaction [3].png","200611/RegistryCleaner-200610/5.5/Images/ACR-004/Registry Cleaner_Interaction [12].png","200611/RegistryCleaner-200610/5.5/Images/ACR-003/Registry Cleaner_Interaction [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-003/Registry Cleaner_Interaction [9].png"],"nonDeceptorImageFiles":["200611/RegistryCleaner-200610/5.5/Images/ACR-065/Registry Cleaner_Install [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-065/Registry Cleaner_Install [2].png","200611/RegistryCleaner-200610/5.5/Images/ACR-157/Registry Cleaner_FileProperty [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-065/Registry Cleaner_Interaction [6].png","200611/RegistryCleaner-200610/5.5/Images/ACR-099/Registry Cleaner_Interaction [14].png","200611/RegistryCleaner-200610/5.5/Images/ACR-167/Registry Cleaner_LandingPage [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-167/Registry Cleaner_OfferPage [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-167/Registry Cleaner_OfferPage [2].png","200611/RegistryCleaner-200610/5.5/Images/ACR-065/Registry Cleaner_LandingPage [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-099/Registry Cleaner_LandingPage [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-171/Registry Cleaner_OfferPage [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-065/Registry Cleaner_OfferPage [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-065/Registry Cleaner_OfferPage [2].png","200611/RegistryCleaner-200610/5.5/Images/ACR-099/Registry Cleaner_OfferPage [1].png","200611/RegistryCleaner-200610/5.5/Images/ACR-099/Registry Cleaner_OfferPage [2].png"],"guid":"df331c77-c9f1-46c9-bb20-6796c0e3e665_5.5_1","appID":"RegistryCleaner-200610","dateAdded":"210526","deceptorType":"App","name":"Digeus Registry Cleaner ","company":"Digeus Incorporation","version":"5.5","sigName":"Deceptor:Win32/DigeusRegistryCleaner!003004","lastKnownStatus":"7.3","lastKnownDate":"210526","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-05-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1674},{"violations":{"ACR-004":"The app provides free scan results and uses these results to upsell the consumer to a subscription service.\n"},"nonDeceptorViolations":{"ACR-045":"\"Download Free Demo\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display link to the Returns and Cancellation Policy.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The app does not disclose whether the payments are recurring or not.\n"},"samples":[{"isRevoked":"False","fileName":"Disk Doctor Pro - Trial","fileVersion":"0.","hashMD5":"49df66bbbde085d7352c285807888aee","hashSHA1":"e75be14fa9dced08ee2689fa4f22b26c846b6b07","hashSHA256":"9ee3f3e877f69143b47d039061eaa9c69d62d7085b3e5cfd5b345c82a06bf7bb","sourceIndex":"1910","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Disk Doctor Pro - Trial.app.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"02dae11a0059a28c6cc917f7dac31b74c8579f941a967a8606aaf67248ba9bba","sourceIndex":"1910","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Disk-Doctor-Pro-Trial.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"d4b4366520638a338184d70f164a5c82","hashSHA1":"53ac14850a6fcbce3755e8eb40b51a634b6baff5","hashSHA256":"c641b8432a3ffd0275ea779e698ca41e8c8f1ca0cb0aa26f8724a80980e49691","sourceIndex":"1910","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt","reference":"https://fiplab.com/","landingPage":"https://fiplab.com/apps/disk-doctor-pro-for-mac","directDownloadingLink":"https://fiplab.com/trials/Disk-Doctor-Pro-Trial.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fiplab.com/trials/Disk-Doctor-Pro-Trial.zip","sourceIndex":"1910"}],"sampleFiles":["210520/DiskDoctorPro-210520/1.4/Samples/Disk Doctor Pro - Trial","210520/DiskDoctorPro-210520/1.4/Samples/Disk Doctor Pro - Trial.app.zip","210520/DiskDoctorPro-210520/1.4/Samples/Disk-Doctor-Pro-Trial.zip"],"imageFiles":["210520/DiskDoctorPro-210520/1.4/Images/ACR-004/Disk Doctor Pro_Interactions [1].png","210520/DiskDoctorPro-210520/1.4/Images/ACR-004/Disk Doctor Pro_Interactions [2].png","210520/DiskDoctorPro-210520/1.4/Images/ACR-004/Disk Doctor Pro_Interactions [3].png"],"nonDeceptorImageFiles":["210520/DiskDoctorPro-210520/1.4/Images/ACR-065/Disk Doctor Pro_Interactions [3].png","210520/DiskDoctorPro-210520/1.4/Images/ACR-099/Disk Doctor Pro_Interactions [3].png","210520/DiskDoctorPro-210520/1.4/Images/ACR-171/Disk Doctor Pro_OfferPage [1].png","210520/DiskDoctorPro-210520/1.4/Images/ACR-045/Disk Doctor Pro_LandingPage [2].png","210520/DiskDoctorPro-210520/1.4/Images/ACR-045/Disk Doctor Pro_LandingPage [3].png","210520/DiskDoctorPro-210520/1.4/Images/ACR-065/Disk Doctor Pro_LandingPage [4].png","210520/DiskDoctorPro-210520/1.4/Images/ACR-099/Disk Doctor Pro_LandingPage [4].png"],"guid":"cbd9a2ab-2a03-41b7-9236-369e3e3a3c71_1.4_1","appID":"DiskDoctorPro-210520","dateAdded":"210520","deceptorType":"MacOS App","name":"Disk Doctor Pro ","company":"FIPLAB Limited","version":"1.4","sigName":"Deceptor:MacOS/DiskDoctorPro!004","firstVendorContactDate":"210523","firstAppEsteemReplyDate":"210524","firstResolvedDate":"210524","lastKnownStatus":"1.4","lastKnownDate":"210520","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-05-25T22:13:01.6565467+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1675},{"violations":{"EXR-017":"On installing this extension, it pops a fake notification and urges the user to installer another extension.\n","EXR-038":"On adding this extension to the chrome, it redirects the user to another extension to download.\n","EXR-039":"This extension is associated with the abuse of notifications such as ads, promotions, or unwanted messages that harm the user's browsing.\n"},"nonDeceptorViolations":{"EXR-051":"The extension opens website (https://chromeapps.site/camera/) and perform the functionality it claims in website. While the extension requires permission to read frequently visited websites, changes the search settings, and the new tab which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"Appstation WebCamera Snapshot.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"5fe13fb9a6dc259a5ca0275076dd019ae49c10890d89dad237ae15e1393dcbc2","storeId":"mecgdjcageoaeecbeonobdaddmcedpak","sourceIndex":"1911","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Appstation WebCamera Snapshot.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"924c832bad5cf76a90cb358510fae562a0407b4dcf89dc26f77523a3a378ddab","sourceIndex":"1911","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-AppstationAntiVirusScan-210412","reference":"","landingPage":"https://chromeapps.site/camera/","directDownloadingLink":"https://chrome.google.com/webstore/detail/appstation-webcamera-snap/mecgdjcageoaeecbeonobdaddmcedpak","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/appstation-webcamera-snap/mecgdjcageoaeecbeonobdaddmcedpak","sourceIndex":"1911"}],"sampleFiles":["210520/cx-AppstationWebCameraSnapshot-210501/4.91/Samples/Appstation WebCamera Snapshot.crx","210520/cx-AppstationWebCameraSnapshot-210501/4.91/Samples/Appstation WebCamera Snapshot.zip"],"imageFiles":["210520/cx-AppstationWebCameraSnapshot-210501/4.91/Images/EXR-017/EXR-017.JPG","210520/cx-AppstationWebCameraSnapshot-210501/4.91/Images/EXR-017/EXR-017_1.JPG","210520/cx-AppstationWebCameraSnapshot-210501/4.91/Images/EXR-017/EXR-017_2.JPG","210520/cx-AppstationWebCameraSnapshot-210501/4.91/Images/EXR-038/EXR-038.JPG","210520/cx-AppstationWebCameraSnapshot-210501/4.91/Images/EXR-038/EXR-038_1.JPG","210520/cx-AppstationWebCameraSnapshot-210501/4.91/Images/EXR-039/EXR-039.JPG","210520/cx-AppstationWebCameraSnapshot-210501/4.91/Images/EXR-039/EXR-039_1.JPG"],"nonDeceptorImageFiles":["210520/cx-AppstationWebCameraSnapshot-210501/4.91/Images/EXR-051/EXR-051.JPG"],"guid":"c37cadec-4274-451d-8e57-a91f5d8bd0d2_4.91_1","appID":"cx-AppstationWebCameraSnapshot-210501","dateAdded":"210520","deceptorType":"Browser Extension","name":"Appstation WebCamera Snapshot","company":"Chromeapps","version":"4.91","sigName":"Deceptor:BEX/AppstationWebCameraSnapshot!051017038039","lastKnownStatus":"4.91","lastKnownDate":"210520","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-20T22:38:00.9435618+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1676},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims, it has no effect on clicking \"Start\" on the websites (typing.com) and (nitrotype.com).\n"},"nonDeceptorViolations":{"EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"AutoType.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8299d819545bf84c0632177f8815653976e32d71c1e462a88f0de0b55c6a8529","storeId":"kkekihlmohleodoonemhehnegliknelm","sourceIndex":"1913","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Auto Type.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"7581136334047cf9b485b20091131d31662536378d7b825e210f6f175780b471","sourceIndex":"1913","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related apps to Kahoot ","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/auto-type/kkekihlmohleodoonemhehnegliknelm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/auto-type/kkekihlmohleodoonemhehnegliknelm","sourceIndex":"1913"}],"sampleFiles":["210519/cx-AutoType-210519/0.12/Samples/AutoType.crx","210519/cx-AutoType-210519/0.12/Samples/Auto Type.zip"],"imageFiles":["210519/cx-AutoType-210519/0.12/Images/EXR-025/EXR-025.mp4","210519/cx-AutoType-210519/0.12/Images/EXR-025/EXR-025_1.mp4"],"nonDeceptorImageFiles":["210519/cx-AutoType-210519/0.12/Images/EXR-037/EXR-037.mp4","210519/cx-AutoType-210519/0.12/Images/EXR-037/EXR-037_1.mp4","210519/cx-AutoType-210519/0.12/Images/EXR-042/EXR-042.JPG"],"guid":"18fad2ab-c03f-453f-bdc8-367eb7299114_0.12_1","appID":"cx-AutoType-210519","dateAdded":"210519","deceptorType":"Browser Extension","name":"Auto Type","company":"raphaelfacredyn","version":"0.12","sigName":"Deceptor:BEX/AutoType!025","lastKnownStatus":"0.12","lastKnownDate":"210519","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-19T17:50:26.0289717+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1678},{"violations":{"EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims, the first four keys have no effects on pressing.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"KahootKeys.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4e03bc965ee5ec2b83d2a4682b32f774d62cc093a34963ef55a95fd0cc954119","storeId":"ppodmhbnneeclellfbmhjlkkojfpjjfn","sourceIndex":"1912","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KahootKeys.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9102be88538644c285d07236a3664445cdbcb9659f6348b7e5ab70c8d88f22d6","sourceIndex":"1912","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Kahoot","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/kahoot-keys/ppodmhbnneeclellfbmhjlkkojfpjjfn","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/kahoot-keys/ppodmhbnneeclellfbmhjlkkojfpjjfn","sourceIndex":"1912"}],"sampleFiles":["210519/cx-KahootKeys-210519/0.3/Samples/KahootKeys.crx","210519/cx-KahootKeys-210519/0.3/Samples/KahootKeys.zip"],"imageFiles":["210519/cx-KahootKeys-210519/0.3/Images/EXR-025/EXR-025.mp4","210519/cx-KahootKeys-210519/0.3/Images/EXR-025/EXR-025_1.JPG"],"nonDeceptorImageFiles":["210519/cx-KahootKeys-210519/0.3/Images/EXR-051/EXR-051.JPG","210519/cx-KahootKeys-210519/0.3/Images/EXR-002/EXR-002.JPG","210519/cx-KahootKeys-210519/0.3/Images/EXR-037/EXR-037.mp4","210519/cx-KahootKeys-210519/0.3/Images/EXR-042/EXR-042.JPG"],"guid":"082bb823-6ff7-428f-806e-77f596ee66a1_0.3_1","appID":"cx-KahootKeys-210519","dateAdded":"210519","deceptorType":"Browser Extension","name":"Kahoot Keys","company":"ebreakey","version":"0.3","sigName":"Deceptor:BEX/KahootKeys!025051","lastKnownStatus":"0.3","lastKnownDate":"210519","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-19T17:56:03.810796+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1677},{"violations":{"ACR-043":"Extensions are installed without disclosing any information about the shortcut links consumer in the EULA and landing page. \n","ACR-048":"The app does not have any control to disable/off extensions that were added by default.\nThe app does not provide control to the end process from its task manager as it is re-enabling the process o its own.\nThe app does not have the control to change the search engine\n","ACR-050":"The app changes the default search engine and does not allow the user to switch to a different search engine.\nThird-Party Extensions were added by default without the user's knowledge.\n","ACR-051":"The app does not have any control to disable/off extensions that were added by default.\n","ACR-006":"The monetization approach by search (list of search providers used), affiliates, and extensions are not clearly disclosed during installation.\nThe monetization approach by search (list of search providers used), affiliates, and extensions are not clearly disclosed in the software.\n","ACR-104":"App choose its specific search engine and provide no control for user to change to the search engine that user prefers. \n"},"nonDeceptorViolations":{"ACR-139":"The app requires the consumer to change the search provider and gives no way to change the search provider.\n","ACR-095":"The app does not provide control to the end process (Ex. Misspell and Amazon Button) from its own task manager as it is re-enabling the process on its own within few seconds of ending the process.\n","ACR-036":"Search relationship with \"Bing\" and other search providers should be disclosed in Docs. \n"},"samples":[{"isRevoked":"False","fileName":"WebDiscover-4.52.2.exe","isInstaller":"True","companyName":"WebDiscover Media                                           ","fileVersion":"4.52","hashMD5":"179009e87b006b50b7b76bc2954bd580","hashSHA1":"7eb40557a724794b6029fc55a9d97956a3d16bcc","hashSHA256":"eff1fdbb2ee91ec609219264eae8cce02e348001776edbbc355c12ca852857e4","digitalCertThumbprint":"B2E2FEFBFB0B0DA5C37AE87F5C562C05E30B0522","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=WEBDISCOVER MEDIA, O=WEBDISCOVER MEDIA, L=Victoria, S=British Columbia, C=CA","sourceIndex":"1917","avBlockList":["360 Total Security (20210629)","Avast Premium Security (20210629)","AVG Internet Security (20210629)","Avira Internet Security (20210629)","Bitdefender Internet Security (20210629)","COMODO Antivirus (20210629)","Dr.Web Security Space (20210629)","ESET Internet Security (20210629)","G DATA INTERNET SECURITY (20210629)","K7 Total Security (20210629)","Kaspersky Internet Security (20210629)","Malwarebytes Premium (20210629)","McAfee Total Protection (20210629)","Norton Security (20210629)","Panda Dome (20210629)","Quick Heal Internet Security (20210629)","Sophos Home Premium (20210629)","SpyHunter5 (20210629)","Tencent PC Manager (20210629)","Total AV Antivirus Pro (20210629)","Trend Micro Internet Security (20210629)","VIPRE Advanced Security (20210629)","VirIT eXplorer PRO (20210629)","Webroot SecureAnywhere (20210629)","Windows Defender (20210629)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"distributed via bundler","reference":"","landingPage":"https://getwebdiscover.com/","directDownloadingLink":"https://cdn.getwebdiscover.com/WebDiscover-4.52.2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.getwebdiscover.com/WebDiscover-4.52.2.exe","sourceIndex":"1917"}],"sampleFiles":["210518/WebDiscover-210107/4.52.2/Samples/WebDiscover-4.52.2.exe"],"imageFiles":["210518/WebDiscover-210107/4.52.2/Images/ACR-043/WebDiscover Browser_Interactions [1]_.png","210518/WebDiscover-210107/4.52.2/Images/ACR-043/WebDiscover Browser_Interactions [4]_.png","210518/WebDiscover-210107/4.52.2/Images/ACR-006/WebDiscover Browser_Install [1].png","210518/WebDiscover-210107/4.52.2/Images/ACR-104/WebDiscover Browser_Settings [1].png","210518/WebDiscover-210107/4.52.2/Images/ACR-048/WebDiscover Browser_Interactions [4]_.png","210518/WebDiscover-210107/4.52.2/Images/ACR-048/WebDiscover Browser_Interactions [3].png","210518/WebDiscover-210107/4.52.2/Images/ACR-048/WebDiscover Browser_Settings [1].png","210518/WebDiscover-210107/4.52.2/Images/ACR-050/WebDiscover Browser_Interactions [1]_.png","210518/WebDiscover-210107/4.52.2/Images/ACR-050/WebDiscover Browser_Interactions [4]_.png","210518/WebDiscover-210107/4.52.2/Images/ACR-050/WebDiscover Browser_Settings [1].png","210518/WebDiscover-210107/4.52.2/Images/ACR-051/WebDiscover Browser_Interactions [4]_.png","210518/WebDiscover-210107/4.52.2/Images/ACR-006/WebDiscover Browser_Interactions [8].png"],"nonDeceptorImageFiles":["210518/WebDiscover-210107/4.52.2/Images/ACR-095/WebDiscover Browser_Interactions [3].png","210518/WebDiscover-210107/4.52.2/Images/ACR-139/WebDiscover Browser_Settings [1].png","210518/WebDiscover-210107/4.52.2/Images/ACR-036/WebDiscover Browser_Interactions [10].png"],"guid":"f964aa58-067a-4b5c-8078-9ee3ba6ea276_4.52.2_1","appID":"WebDiscover-210107","dateAdded":"210518","deceptorType":"App","name":"Web Discover","company":"WebDiscover Media","version":"4.52.2","lastKnownStatus":"4.71.2","lastKnownDate":"210518","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"Chrome,Firefox,IE,Edge","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2021-05-18T20:46:25.0802984+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1679},{"violations":{"EXR-017":"On running this extension, it floods the kahoot site, which creates an adverse impact on it.\n","EXR-024":"The extension misleads the user by using the \"Kahoot\" icon.\n","EXR-025":"The extension misrepresents its functionality. The feature is not working as the extension claims, it opens the number of tabs as mentioned, but the name and code were not added automatically.\n"},"nonDeceptorViolations":{"EXR-012":"This extension offers to flood a third-party website.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"KahootFlooder.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6d12b65f110053b794130be10504eab63b3da524c47b82287073b7da6dd5e017","storeId":"nebfgdmbcckgdicofllbbkibfihmcddl","sourceIndex":"1916","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Kahoot Flooder.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"cb19390127f747b2b74762f937d62d418d9a409e96f39b14369cb339b85d36fe","sourceIndex":"1916","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/kahoot-flooder/nebfgdmbcckgdicofllbbkibfihmcddl/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/kahoot-flooder/nebfgdmbcckgdicofllbbkibfihmcddl/","sourceIndex":"1916"}],"sampleFiles":["210518/cx-KahootFlooder-210518/1.1/Samples/KahootFlooder.crx","210518/cx-KahootFlooder-210518/1.1/Samples/Kahoot Flooder.zip"],"imageFiles":["210518/cx-KahootFlooder-210518/1.1/Images/EXR-017/EXR-017.mp4","210518/cx-KahootFlooder-210518/1.1/Images/EXR-024/EXR-024.JPG","210518/cx-KahootFlooder-210518/1.1/Images/EXR-025/EXR-025.mp4","210518/cx-KahootFlooder-210518/1.1/Images/EXR-025/EXR-025_1.JPG"],"nonDeceptorImageFiles":["210518/cx-KahootFlooder-210518/1.1/Images/EXR-051/EXR-051.JPG","210518/cx-KahootFlooder-210518/1.1/Images/EXR-012/EXR-012.mp4","210518/cx-KahootFlooder-210518/1.1/Images/EXR-042/EXR-042.JPG"],"guid":"e4bfb215-a390-4682-91c8-58a4d4f4251e_1.1_1","appID":"cx-KahootFlooder-210518","dateAdded":"210518","deceptorType":"Browser Extension","name":"Kahoot Flooder","company":"gm","version":"1.1","sigName":"Deceptor:BEX/KahootFlooder!051017024025","lastKnownStatus":"1.1","lastKnownDate":"210518","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-18T22:20:04.3585967+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1682},{"violations":{"EXR-017":"On installing this extension, it pops a fake notification and urges the user to installer another extension.\n","EXR-039":"This extension is associated with the abuse of notifications such as ads, promotions, or unwanted messages that harm the user's browsing.\n","EXR-057":"The extension bundles the \"new tab\" feature with search engine changed to the functionality (audiovoicerecord) it claims. \n"},"nonDeceptorViolations":{"EXR-051":"This extension has permission to read frequently visited websites and changes the search settings, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"Audio Voice Recorder Pro.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"2626801527bdd754dff2350bde902b9d3170866ad43890ba2f7d5d04b8be382a","storeId":"pncgdoakinkkifgoemcaolhlpcaneelc","sourceIndex":"1914","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Audio Voice Recorder Pro.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ce484b59b2b71c96c7cdbe0b98b0a4ae23c4fe1a6cc7880ff4fa17f9809bfe53","sourceIndex":"1914","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-AppstationAntiVirusScan-210412","reference":"","landingPage":"https://chromeapps.site/online-audio-voice-recorder/","directDownloadingLink":"https://chrome.google.com/webstore/detail/audio-voice-recorder-pro/pncgdoakinkkifgoemcaolhlpcaneelc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/audio-voice-recorder-pro/pncgdoakinkkifgoemcaolhlpcaneelc","sourceIndex":"1914"}],"sampleFiles":["210518/cx-AudioVoiceRecorderPro-210430/6.21/Samples/Audio Voice Recorder Pro.crx","210518/cx-AudioVoiceRecorderPro-210430/6.21/Samples/Audio Voice Recorder Pro.zip"],"imageFiles":["210518/cx-AudioVoiceRecorderPro-210430/6.21/Images/EXR-017/EXR-017.JPG","210518/cx-AudioVoiceRecorderPro-210430/6.21/Images/EXR-017/EXR-017_1.JPG","210518/cx-AudioVoiceRecorderPro-210430/6.21/Images/EXR-057/AudioRecord.JPG","210518/cx-AudioVoiceRecorderPro-210430/6.21/Images/EXR-039/EXR-039_.JPG","210518/cx-AudioVoiceRecorderPro-210430/6.21/Images/EXR-039/EXR-039.JPG"],"nonDeceptorImageFiles":["210518/cx-AudioVoiceRecorderPro-210430/6.21/Images/EXR-051/EXR-051.JPG","210518/cx-AudioVoiceRecorderPro-210430/6.21/Images/EXR-051/EXR-051_1.JPG"],"guid":"b4203975-fef0-45bf-aa79-d4ae94457f2e_6.21_1","appID":"cx-AudioVoiceRecorderPro-210430","dateAdded":"210518","deceptorType":"Browser Extension","name":"Audio Voice Recorder Pro","company":"Chromeapps","version":"6.21","sigName":"Deceptor:BEX/AudioVoiceRecorderPro!051017057039","lastKnownStatus":"6.21","lastKnownDate":"210518","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-18T23:13:32.4379289+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1683},{"violations":{"EXR-025":"The extension misrepresent its functionality. The feature it claims is not contains in the extension. The extension functionality just open the website (https://pandalikes.xyz/)\n","EXR-038":"The extension just opens website (https://pandalikes.xyz/), and does nothing else.\n","EXR-039":"The website that the extension opens is associated with ads, promotions, or unwanted messages that harm the user's browsing.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PandaLikes™ - Free Youtube Views & Subs.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6939af40de388166f8b7ff178fcbd6ba763886bd5a3ffdb5cd30467a336d1703","storeId":"emgkbcmlfbdnegliahdolgpphgohhnom","sourceIndex":"1915","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PandaLikes.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"50c6a4f857bb5337f92bdbc2e8219f2211e59d2adc661228385cf938fe3f16db","sourceIndex":"1915","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Like","reference":"","landingPage":"https://pandalikes.xyz/","directDownloadingLink":"https://chrome.google.com/webstore/detail/pandalikes-free-youtube-v/emgkbcmlfbdnegliahdolgpphgohhnom","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/pandalikes-free-youtube-v/emgkbcmlfbdnegliahdolgpphgohhnom","sourceIndex":"1915"}],"sampleFiles":["210518/cx-PandaLikes-210507/1.1/Samples/PandaLikes™ - Free Youtube Views & Subs.crx","210518/cx-PandaLikes-210507/1.1/Samples/PandaLikes.zip"],"imageFiles":["210518/cx-PandaLikes-210507/1.1/Images/EXR-025/EXR-025.JPG","210518/cx-PandaLikes-210507/1.1/Images/EXR-025/EXR-025_1.jpg","210518/cx-PandaLikes-210507/1.1/Images/EXR-038/EXR-038.JPG","210518/cx-PandaLikes-210507/1.1/Images/EXR-039/EXR-039.JPG","210518/cx-PandaLikes-210507/1.1/Images/EXR-039/EXR-017_3.JPG","210518/cx-PandaLikes-210507/1.1/Images/EXR-039/EXR-017_2.JPG","210518/cx-PandaLikes-210507/1.1/Images/EXR-039/EXR-017.JPG","210518/cx-PandaLikes-210507/1.1/Images/EXR-039/EXR-017_1.JPG"],"nonDeceptorImageFiles":[],"guid":"0a55ce89-79b0-4d7e-b8ea-fec4fa60b901_1.1_1","appID":"cx-PandaLikes-210507","dateAdded":"210518","deceptorType":"Browser Extension","name":"PandaLikes - Free Youtube Views & Subs","company":"Leo Mello H. Studios","version":"1.1","sigName":"Deceptor:BEX/PandaLikes!025038039","lastKnownStatus":"1.1","lastKnownDate":"210518","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows Server,Windows 10,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-18T22:50:39.4377634+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1681},{"violations":{"ACR-043":"Extensions are installed without disclosing any information about the extensions to consumer in the EULA and landing page. \n","ACR-048":"The app does not have any control to disable/off extensions that were added by default.\nThe app does not provide control to the end process from its task manager as it is re-enabling the process o its own.\nThe app does not have the control to change the search engine\nThe \"startup and updates\" has ambiguous on/off. It always shows \"turnoff\". \n","ACR-050":"The app changes the default search engine and does not allow the user to switch to a different search engine.\nThird-Party Extensions were added by default without the user's knowledge.\n","ACR-051":"The app does not have any control to disable/off extensions that were added by default.\n","ACR-006":"The monetization approach by search (list of search providers used), affiliates, and extensions are not clearly disclosed during installation.\nThe monetization approach by search (list of search providers used), affiliates, and extensions are not clearly disclosed in the software.\n","ACR-104":"App choose its specific search engine and provide no control for user to change to the search engine that user prefers. \n"},"nonDeceptorViolations":{"ACR-139":"The app requires the consumer to change the search provider and gives no way to change the search provider.\n","ACR-095":"The app does not provide control to the end process (Ex. Misspell and Amazon Button) from its own task manager as it is re-enabling the process on its own within few seconds of ending the process.\n","ACR-036":"Search relationship with \"Yahoo!/Bing\" and other search providers should be disclosed in Docs. \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\WebDiscoverBrowser\\4.71.2\\browser.exe","companyName":"WebDiscover Media","productName":"WebDiscover Browser","productVersion":"4.71.2","fileVersion":"4.71.2","hashMD5":"848405acbd5dbbc04ef5e9eb1c4f9e29","hashSHA1":"581cab00e3b98556045cd911ac0209577986b757","hashSHA256":"76eed525001efff66946a0c67b5b1ed337d8f362cd8dd3b9ee629d3d5dbbda2c","digitalCertThumbprint":"B2E2FEFBFB0B0DA5C37AE87F5C562C05E30B0522","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"WEBDISCOVER MEDIA","storeId":"","sourceIndex":"2006","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WebDiscover-4.71.2.exe","isInstaller":"True","companyName":"WebDiscover Media                                           ","productName":"WebDiscover Browser                                         ","productVersion":"4.71.2                                            ","fileVersion":"4.71.2              ","hashMD5":"0920cabed581f67af0e9ffa40da894e5","hashSHA1":"9c0cb259c9e80996ed9d6f8316646398f0eebb71","hashSHA256":"e9fff117c0a0f4cfe7126d613e19e6c2e4b6101f5b93a72c0f20740a415655d7","digitalCertThumbprint":"B2E2FEFBFB0B0DA5C37AE87F5C562C05E30B0522","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"WEBDISCOVER MEDIA","storeId":"","sourceIndex":"2006","avBlockList":["360 Total Security (20210527)","Avast Premium Security (20210527)","AVG Internet Security (20210527)","Avira Internet Security (20210527)","Bitdefender Internet Security (20210527)","COMODO Antivirus (20210527)","Dr.Web Security Space (20210527)","ESET Internet Security (20210527)","G DATA INTERNET SECURITY (20210527)","K7 Total Security (20210527)","Malwarebytes Premium (20210527)","McAfee Total Protection (20210527)","Norton Security (20210527)","Panda Dome (20210527)","Quick Heal Internet Security (20210527)","Sophos Home Premium (20210527)","SpyHunter5 (20210527)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20210527)","Trend Micro Internet Security (20210527)","VIPRE Advanced Security (20210527)","VirIT eXplorer PRO (20210527)","Webroot SecureAnywhere (20210527)","Windows Defender (20210527)"],"avAllowList":["Kaspersky Internet Security (20210527)"]}],"additionalFiles":[],"sources":[{"howFound":"distributed via bundler","reference":"FakeCleaner","landingPage":"https://getwebdiscover.com/","directDownloadingLink":"https://getwebdiscover.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://getwebdiscover.com/download","sourceIndex":"2006"}],"sampleFiles":["210109/WebDiscover-210107/4.71.2/Samples/WebDiscover-4.71.2.exe"],"imageFiles":["210109/WebDiscover-210107/4.71.2/Images/ACR-043/ACR-043_Install_ThirdPartyExtension.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-006/ACR-006_Install_MonetizationNotClear.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-048/ACR-048_Software_NoControlToClose.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-048/ACR-048_Software_NoControlToClose1.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-048/ACR-048_Software_NoControlToEndProcess.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-048/ACR-048_Software_UnableToChangeSearchEngine.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-048/ACR-048_Software_NoControl.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-050/ACR-050_Software_ExtensionIsAddedByDefault.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-050/ACR-050_Software_UnableToChangeSearchEngine.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-051/ACR-051_Software_NoControlToDisable.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-006/ACR-006_Software_MonetizationNotClear.JPG"],"nonDeceptorImageFiles":["210109/WebDiscover-210107/4.71.2/Images/ACR-095/ACR-095_Software_NoControlToEndProcess.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-139/ACR-139_Software_UnableToChangeSearchEngine.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-006/ACR-006_Docs_MonetizationNotClear.JPG","210109/WebDiscover-210107/4.71.2/Images/ACR-006/ACR-006_LandingPage_MonetizationNotClear.JPG"],"guid":"f964aa58-067a-4b5c-8078-9ee3ba6ea276_4.71.2_1","appID":"WebDiscover-210107","dateAdded":"210518","deceptorType":"App","name":"Web Discover","company":"WebDiscover Media","version":"4.71.2","sigName":"Deceptor:Win32/WebDiscover!043006104048050051","lastKnownStatus":"4.71.2","lastKnownDate":"210518","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"Chrome,Firefox,IE,Edge","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2021-05-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1680},{"violations":{"EXR-025":"The extension misrepresent its functionality. The features doesn't work as it claims.\n"},"nonDeceptorViolations":{"EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Sneekr.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6f16f12abc55ae8987c7e93a1eaf802d9daa5a899bac34646c35dd7c1013566c","storeId":"plfkjhocdlikiendflhcgpbndefindap","sourceIndex":"1920","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Sneekr.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"82d32e73a6cad12b36c672c6e4e148276352c7d2a8ebfca7fbd00117c4f28fc7","sourceIndex":"1920","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- KeyLogger","reference":"","landingPage":"sneekr.net","directDownloadingLink":"https://chrome.google.com/webstore/detail/sneekr/plfkjhocdlikiendflhcgpbndefindap","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/sneekr/plfkjhocdlikiendflhcgpbndefindap","sourceIndex":"1920"}],"sampleFiles":["210517/cx-Sneekr-210426/1.0.3/Samples/Sneekr.crx","210517/cx-Sneekr-210426/1.0.3/Samples/Sneekr.zip"],"imageFiles":["210517/cx-Sneekr-210426/1.0.3/Images/EXR-025/EXR-025_1.mp4"],"nonDeceptorImageFiles":["210517/cx-Sneekr-210426/1.0.3/Images/EXR-037/EXR-037.mp4","210517/cx-Sneekr-210426/1.0.3/Images/EXR-042/EXR-042.JPG","210517/cx-Sneekr-210426/1.0.3/Images/EXR-042/EXR-042_1.JPG"],"guid":"6b33daca-00a6-4125-9ebd-cb83d42001b4_1.0.3_1","appID":"cx-Sneekr-210426","dateAdded":"210517","deceptorType":"Browser Extension","name":"Sneekr","company":"sneekr.net","version":"1.0.3","sigName":"Deceptor:BEX/Sneekr!025","lastKnownStatus":"1.0.3","lastKnownDate":"210517","type":"Chrome Extension","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 10,Windows 8,MacOS,Windows Server","targetBrowser":"Chrome","lastUpdate":"2021-05-17T22:39:54.5445354+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1686},{"violations":{"EXR-043":"The extension does not disclose or obtains consent when handling user data not closely related to the functionality.\n"},"nonDeceptorViolations":{"EXR-042":"No valid privacy link provided.\n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"fluany_2_0_0_0.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"bd7d827af52fbdb555e1a42ddaa1504bb4963de57620ac20cf24419627f58855","sourceIndex":"1921","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Fluany_2.0.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3df16494d36d13f48a73cc14cb91ed982acd0817fbd1ab032f458e657afd541f","storeId":"gijlnmefafhloacckomgabbndcepdnce","sourceIndex":"1921","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store homepage","reference":"","landingPage":"https://www.fluany.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/fluany/gijlnmefafhloacckomgabbndcepdnce/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/fluany/gijlnmefafhloacckomgabbndcepdnce/","sourceIndex":"1921"}],"sampleFiles":["210517/cx-fluany-210408/2.0.0/Samples/Fluany_2.0.zip"],"imageFiles":["210517/cx-fluany-210408/2.0.0/Images/EXR-043/EXR-043_1.JPG","210517/cx-fluany-210408/2.0.0/Images/EXR-043/EXR-043_2.JPG"],"nonDeceptorImageFiles":["210517/cx-fluany-210408/2.0.0/Images/EXR-051/EXR-051.JPG","210517/cx-fluany-210408/2.0.0/Images/EXR-042/EXR-042.JPG"],"guid":"4e00ba2b-2f8e-44da-b425-25627fbf7e78_2.0.0_1","appID":"cx-fluany-210408","dateAdded":"210517","deceptorType":"Browser Extension","name":"Fluany","company":"fluany","version":"2.0.0","sigName":"Deceptor:BEX/Fluany!051043","lastKnownStatus":"2.0.0","lastKnownDate":"210517","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-17T22:32:09.2097399+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1688},{"violations":{"EXR-011":"The extension uses the YouTube logo\n","EXR-024":"The Extension misleads the user by using the YouTube icon.\n","EXR-025":"The extension misrepresents its functionality. The feature not working as the extension claims.\n"},"nonDeceptorViolations":{"EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"Youtube hit count.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8ce765c497b135ddbf31a41cc331ceefb8e93f89eb01c337a183bfafb98d2e0c","storeId":"hejpfkgjeokmjcjlbgcjpfnjkccbgeei","sourceIndex":"1918","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Youtube hit count.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6307b859b56c43938f5c0ef849cdc684da441b2442f570f395d8efdd13dbf173","sourceIndex":"1918","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- YouTube","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/youtube-hit-count/hejpfkgjeokmjcjlbgcjpfnjkccbgeei","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/youtube-hit-count/hejpfkgjeokmjcjlbgcjpfnjkccbgeei","sourceIndex":"1918"}],"sampleFiles":["210517/cx-Youtubehitcount-210428/1.1/Samples/Youtube hit count.crx","210517/cx-Youtubehitcount-210428/1.1/Samples/Youtube hit count.zip"],"imageFiles":["210517/cx-Youtubehitcount-210428/1.1/Images/EXR-024/EXR-024.JPG","210517/cx-Youtubehitcount-210428/1.1/Images/EXR-011/EXR-011.JPG","210517/cx-Youtubehitcount-210428/1.1/Images/EXR-025/EXR-025.mp4"],"nonDeceptorImageFiles":["210517/cx-Youtubehitcount-210428/1.1/Images/EXR-051/EXR-051.JPG","210517/cx-Youtubehitcount-210428/1.1/Images/EXR-037/EXR-037.mp4","210517/cx-Youtubehitcount-210428/1.1/Images/EXR-042/EXR-042.JPG"],"guid":"6c152218-c82e-4300-923e-4aa13974716d_1.1_1","appID":"cx-Youtubehitcount-210428","dateAdded":"210517","deceptorType":"Browser Extension","name":"Youtube hit count","company":"sreekanth","version":"1.1","sigName":"Deceptor:BEX/Youtubehitcount!011024025051","lastKnownStatus":"1.1","lastKnownDate":"210517","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-17T23:16:54.3505927+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1684},{"violations":{"EXR-025":"The primary purpose of extension doesn't exist. Extension misrepresents its functionality in the app store.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Steam Switch.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"30857ab1914fe8988a6243e5243e6f27367f3387c4cba45653d2786ebf925038","storeId":"dlmedgfkoanhjfnoobbcehmdkikidlap","sourceIndex":"1922","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Steam Switch.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d74186569d3c49f332aea338c561ef9f55499ae2ec79083908b14725f50a3056","sourceIndex":"1922","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Steam","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/steam-switch/dlmedgfkoanhjfnoobbcehmdkikidlap","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/steam-switch/dlmedgfkoanhjfnoobbcehmdkikidlap","sourceIndex":"1922"}],"sampleFiles":["210517/cx-SteamSwitch-210517/1.0/Samples/Steamswitch.crx","210517/cx-SteamSwitch-210517/1.0/Samples/Steam Switch.zip"],"imageFiles":["210517/cx-SteamSwitch-210517/1.0/Images/EXR-025/EXR-025.JPG"],"nonDeceptorImageFiles":["210517/cx-SteamSwitch-210517/1.0/Images/EXR-002/EXR-002.JPG","210517/cx-SteamSwitch-210517/1.0/Images/EXR-037/EXR-037.JPG","210517/cx-SteamSwitch-210517/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"94ce15c0-31dd-48e1-8670-abb99e9a2633_1.0_1","appID":"cx-SteamSwitch-210517","dateAdded":"210517","deceptorType":"Browser Extension","name":"Steam Switch","company":"nmagnier","version":"1.0","sigName":"Deceptor:BEX/SteamSwitch!025","lastKnownStatus":"1.0","lastKnownDate":"210517","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-17T16:17:44.5117678+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1685},{"violations":{"EXR-025":"The extension doesn't serve the primary purpose of the extension.\n","EXR-031":"The extension uses the mining script to mine cryptocurrency.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"DFP Cryptocurrency Miner.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e5e3b6e207e839717b1951e33dc1536acfc2b83667c2100dddc35578d58d167a","storeId":"egnfmleidkolminhjlkaomjefheafbbb","sourceIndex":"1919","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DFP Cryptocurrency Miner.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"66692191387f3a5a60032ac60642dea0444d2c74f082d57405d53a332bb7a2c6","sourceIndex":"1919","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Crypto","reference":"","landingPage":"https://dfp.mystrikingly.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/dfp-cryptocurrency-miner/egnfmleidkolminhjlkaomjefheafbbb","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/dfp-cryptocurrency-miner/egnfmleidkolminhjlkaomjefheafbbb","sourceIndex":"1919"}],"sampleFiles":["210517/cx-DFPCryptocurrencyMiner-210426/3/Samples/DFP Cryptocurrency Miner.crx","210517/cx-DFPCryptocurrencyMiner-210426/3/Samples/DFP Cryptocurrency Miner.zip"],"imageFiles":["210517/cx-DFPCryptocurrencyMiner-210426/3/Images/EXR-031/EXR-031.JPG","210517/cx-DFPCryptocurrencyMiner-210426/3/Images/EXR-031/EXR-031_1.JPG","210517/cx-DFPCryptocurrencyMiner-210426/3/Images/EXR-025/EXR-025.mp4"],"nonDeceptorImageFiles":["210517/cx-DFPCryptocurrencyMiner-210426/3/Images/EXR-002/EXR-002.JPG","210517/cx-DFPCryptocurrencyMiner-210426/3/Images/EXR-037/EXR-037.mp4","210517/cx-DFPCryptocurrencyMiner-210426/3/Images/EXR-042/EXR-042.JPG"],"guid":"7ac138de-6934-4194-9b1a-43f3f033832a_3_1","appID":"cx-DFPCryptocurrencyMiner-210426","dateAdded":"210517","deceptorType":"Browser Extension","name":"DFP Cryptocurrency Miner","company":"CryptoLottery","version":"3","sigName":"Deceptor:BEX/DFPCryptocurrencyMiner!031025","lastKnownStatus":"3","lastKnownDate":"210517","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-17T22:42:59.1223574+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1689},{"violations":{"EXR-024":"The extension misleads the user by using the Tiktok icon.\n","EXR-025":"The extension misrepresents its functionality. The extension just launches a website, which asks for a username to provide likes but these always fail and lead to survey registration.\n","EXR-038":"The extension just launches a website (https://ursites.design/72211ce) and does nothing else. The offers described in the extension overview require users to fill in the survey to obtain.\n","EXR-060":"Extension offers TikTok likes and followers, but this functionality is not contained within the extension.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Free Tiktok Followers.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"96491c8d4d27a31269e4b872b8f6f83edee799793df11ad098112d943c80f59f","storeId":"dfdifjnbocbgoggionghkienccccgaef","sourceIndex":"1924","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free Tiktok Followers.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"a5845eda871bf356bcf06c3c847f34197093487a391c4b485737adc4c6c1c801","sourceIndex":"1924","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Tiktok followers","reference":"","landingPage":"https://ursites.design/72211ce","directDownloadingLink":"https://chrome.google.com/webstore/detail/free-tiktok-followers-tik/dfdifjnbocbgoggionghkienccccgaef/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/free-tiktok-followers-tik/dfdifjnbocbgoggionghkienccccgaef/","sourceIndex":"1924"}],"sampleFiles":["210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Samples/Free Tiktok Followers.crx","210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Samples/Free Tiktok Followers.zip"],"imageFiles":["210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Images/EXR-024/EXR-024.JPG","210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Images/EXR-025/EXR-025.JPG","210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Images/EXR-025/EXR-025_1.JPG","210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Images/EXR-025/EXR-025_2.JPG","210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Images/EXR-038/EXR-038.JPG","210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Images/EXR-038/EXR-038_1.JPG","210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Images/EXR-038/EXR-038_2.JPG","210517/cx-FreeTiktokFollowersTiktokFollowersFree-210517/1.0.0/Images/EXR-060/EXR-060.JPG"],"nonDeceptorImageFiles":[],"guid":"f8542dcc-90c4-4b4a-813d-96ca892e3324_1.0.0_1","appID":"cx-FreeTiktokFollowersTiktokFollowersFree-210517","dateAdded":"210517","deceptorType":"Browser Extension","name":"Free Tiktok Followers - Tiktok Followers Free","company":"visethdom","version":"1.0.0","sigName":"Deceptor:BEX/FreeTiktokFollowers!024025038060","lastKnownStatus":"1.0.0","lastKnownDate":"210517","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-17T16:12:33.2362519+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1687},{"violations":{"EXR-024":"The Extension misleads the user by using the \"Kahoot\" icon.\n","EXR-025":"Extension misrepresents its functionality. The functionality it claims doesn't work.\n"},"nonDeceptorViolations":{"EXR-012":"Extension offers a hack to Kahoot\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/kahoot-hack/efdcmgmnfkcikihmcmfdbbhpembnimfk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/kahoot-hack/efdcmgmnfkcikihmcmfdbbhpembnimfk","sourceIndex":"1927"}],"sampleFiles":[],"imageFiles":["210514/cx-KahootHack-210504/2.0/Images/EXR-024/EXR-024.JPG","210514/cx-KahootHack-210504/2.0/Images/EXR-025/EXR-025.JPG"],"nonDeceptorImageFiles":["210514/cx-KahootHack-210504/2.0/Images/EXR-012/EXR-024.JPG","210514/cx-KahootHack-210504/2.0/Images/EXR-037/EXR-037.JPG","210514/cx-KahootHack-210504/2.0/Images/EXR-042/EXR-042.JPG"],"guid":"88af2b83-4539-42aa-94b5-e57e9a623f24_2.0_1","appID":"cx-KahootHack-210504","dateAdded":"210514","deceptorType":"Browser Extension","name":"Kahoot Hack","company":"AK","version":"2.0","sigName":"Deceptor:BEX/KahootHack!024025","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"210514","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows Server,Windows 8,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-16T21:56:56.0021148+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1690},{"violations":{"EXR-025":"Extension claims to provide likes, but these always fail and lead to survey registration.\n","EXR-060":"Extension offers TikTok likes and followers, but this functionality is not contained within the extension\n"},"nonDeceptorViolations":{"EXR-037":"Extension's browser action leads to a broken functionality popup.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-GarenaFreeFireHackDiamonds-210513","reference":"","landingPage":"https://giftsdaily.xyz/Generator/TikTok/index.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/free-tiktok-followers-and/cganfcomodmgalkgldnnobigibhlcloo","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/free-tiktok-followers-and/cganfcomodmgalkgldnnobigibhlcloo","sourceIndex":"1938"}],"sampleFiles":[],"imageFiles":["210514/cx-FreeTiktokFollowersAndLike-210513/2.4.2/Images/EXR-025/EXR-025.JPG","210514/cx-FreeTiktokFollowersAndLike-210513/2.4.2/Images/EXR-025/EXR-025_1.JPG","210514/cx-FreeTiktokFollowersAndLike-210513/2.4.2/Images/EXR-060/Screen Shot 2021-05-14 at 12.22.28 PM.png"],"nonDeceptorImageFiles":["210514/cx-FreeTiktokFollowersAndLike-210513/2.4.2/Images/EXR-037/Screen Shot 2021-05-14 at 12.20.27 PM.png"],"guid":"42fc4aa2-3b48-4a3a-83c3-e598b7128c9d_2.4.2_1","appID":"cx-FreeTiktokFollowersAndLike-210513","dateAdded":"210514","deceptorType":"Browser Extension","name":"Free Tiktok Followers and Like 2021","company":"giftsdaily.xyz","version":"2.4.2","sigName":"Deceptor:BEX/FreeTiktokFollowersAndLike!025060","lastKnownStatus":"Deceptor:2.4.2","lastKnownDate":"210514","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T19:25:52.1776412+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1691},{"violations":{"EXR-038":"Extension only launches a web app game, and contains no other functionality.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history & read and change the bookmarks, which is not necessary for their functionality.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-StickWars2Hacked-210510","reference":"","landingPage":"https://www.apigame.com/extreme-bikers.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/extreme-bikers-unblocked/jlikcbmlcmlfpgheoihigfcppcmdgbjb/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/extreme-bikers-unblocked/jlikcbmlcmlfpgheoihigfcppcmdgbjb/","sourceIndex":"1934"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":["210514/cx-ExtremeBikersUnblockedGame-210513/1.0/Images/EXR-051/EXR-051.JPG","210514/cx-ExtremeBikersUnblockedGame-210513/1.0/Images/EXR-002/EXR-002.JPG","210514/cx-ExtremeBikersUnblockedGame-210513/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"7ec6d016-cf51-433b-9726-734213100bfb_1.0_1","appID":"cx-ExtremeBikersUnblockedGame-210513","dateAdded":"210514","deceptorType":"Browser Extension","name":"Extreme Bikers Unblocked Game","company":"apigame","version":"1.0","sigName":"Deceptor:BEX/ExtremeBikersUnblockedGame!038051","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"210514","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T19:52:42.7741711+00:00","notDistributed":false,"familyName":"bx-apigames","numInFamily":1,"numInAppID":1,"sortOrder":1692},{"violations":{"EXR-038":"Extension only loads website app and contains no other functionality\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history & read and change the bookmarks, which is not necessary for their functionality.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-StickWars2Hacked-210510","reference":"","landingPage":"https://www.apigame.com/parking-fury-3.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/parking-fury-3-unblocked/ljchadebnhcampogfdiiepladjidmckg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/parking-fury-3-unblocked/ljchadebnhcampogfdiiepladjidmckg","sourceIndex":"1932"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":["210514/cx-ParkingFury3UnblockedGame-210512/1.0/Images/EXR-051/EXR-051.JPG","210514/cx-ParkingFury3UnblockedGame-210512/1.0/Images/EXR-002/EXR-002.JPG","210514/cx-ParkingFury3UnblockedGame-210512/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"7a87ebb5-90c7-475a-b39a-bf5166a01569_1.0_1","appID":"cx-ParkingFury3UnblockedGame-210512","dateAdded":"210514","deceptorType":"Browser Extension","name":"Parking Fury 3 Unblocked Game","company":"apigame","version":"1.0","sigName":"Deceptor:BEX/ParkingFury3UnblockedGame","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"210514","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T19:56:59.0279362+00:00","notDistributed":false,"familyName":"bx-apigame","numInFamily":3,"numInAppID":1,"sortOrder":1693},{"violations":{"EXR-038":"Extension merely launches web app and contains no other functionality.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history & read and change the bookmarks, which is not necessary for their functionality.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-StickWars2Hacked-210510","reference":"","landingPage":"https://www.apigame.com/geometry-jump.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/geometry-dash-unblocked/ebllbejfgmgnonlmohknolkikjpfihgb","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/geometry-dash-unblocked/ebllbejfgmgnonlmohknolkikjpfihgb","sourceIndex":"1933"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":["210514/cx-GeometryDashUnblocked-210512/1.0/Images/EXR-051/EXR-051.JPG","210514/cx-GeometryDashUnblocked-210512/1.0/Images/EXR-002/EXR-002.JPG","210514/cx-GeometryDashUnblocked-210512/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"025884e1-3014-41b2-b3df-a2736230b28c_1.0_1","appID":"cx-GeometryDashUnblocked-210512","dateAdded":"210514","deceptorType":"Browser Extension","name":"Geometry Dash Unblocked","company":"apigame","version":"1.0","sigName":"Deceptor:BEX/GeometryDashUnblocked!038051","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"210514","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T19:55:20.5995555+00:00","notDistributed":false,"familyName":"bx-apigame","numInFamily":3,"numInAppID":1,"sortOrder":1694},{"violations":{"EXR-038":"Extension only launches a website app, and has no other functionality.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history & read and change the bookmarks, which is not necessary for their functionality.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-StickWars2Hacked-210510","reference":"","landingPage":"https://www.apigame.com/blast-away-ball-drop.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/blast-away-ball-drop-unbl/bhkdgiebhjoenfegkafdfbeikggibjip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/blast-away-ball-drop-unbl/bhkdgiebhjoenfegkafdfbeikggibjip","sourceIndex":"1936"}],"sampleFiles":[],"imageFiles":["210514/cx-BlastAwayBallDropUnblocked-210513/1.0/Images/EXR-038/Screen Shot 2021-05-14 at 12.43.28 PM.png"],"nonDeceptorImageFiles":["210514/cx-BlastAwayBallDropUnblocked-210513/1.0/Images/EXR-051/EXR-051.JPG","210514/cx-BlastAwayBallDropUnblocked-210513/1.0/Images/EXR-002/EXR-002.JPG","210514/cx-BlastAwayBallDropUnblocked-210513/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"76806319-19b9-4ad7-94cf-e9d36af5f147_1.0_1","appID":"cx-BlastAwayBallDropUnblocked-210513","dateAdded":"210514","deceptorType":"Browser Extension","name":"Blast Away Ball Drop Unblocked","company":"apigame","version":"1.0","sigName":"Deceptor:BEX/BlastAwayBallDropUnblocked!038051","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"210514","type":"Chrome Extension","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T19:47:11.4282829+00:00","notDistributed":false,"familyName":"bx-apigame","numInFamily":3,"numInAppID":1,"sortOrder":1695},{"violations":{"EXR-025":"The extension misrepresents its functionality. The extension does nothing but just install. The functionality the extension describes exists in website that user needs to open website and perform it. \n \n","EXR-038":"The extension doing nothing but just install, and instruct user to open website. While the website requires user to provide personal information to verify and get the free offers.\n","EXR-060":"The extension has no material functionality but just install. It offers user free offers/incentives to be installed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Garena Free Fire Hack Diamonds 2021.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"57578c521a9fcd4df274befe5a11518020d3f67b43bf30cfecb2de9042094290","storeId":"fmioaeddihfoclfcnhgmjgnnfopeoegd","sourceIndex":"1935","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Garena Free Fire Hack Diamonds 2021.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8069b0c8a2d75b161ff6a6c5f3f3971ecfca847c216e7753ea1d05526d3ccb7e","sourceIndex":"1935","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search-  Games","reference":"","landingPage":"https://giftsdaily.xyz/free-fire-generator","directDownloadingLink":"https://chrome.google.com/webstore/detail/garena-free-fire-hack-dia/fmioaeddihfoclfcnhgmjgnnfopeoegd/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/garena-free-fire-hack-dia/fmioaeddihfoclfcnhgmjgnnfopeoegd/","sourceIndex":"1935"}],"sampleFiles":["210513/cx-GarenaFreeFireHackDiamonds-210513/0.1/Samples/Garena Free Fire Hack Diamonds.crx","210513/cx-GarenaFreeFireHackDiamonds-210513/0.1/Samples/Garena Free Fire Hack Diamonds 2021.zip"],"imageFiles":["210513/cx-GarenaFreeFireHackDiamonds-210513/0.1/Images/EXR-025/FreeDiamond_038_1.JPG","210513/cx-GarenaFreeFireHackDiamonds-210513/0.1/Images/EXR-038/FreeDiamond_038.JPG","210513/cx-GarenaFreeFireHackDiamonds-210513/0.1/Images/EXR-038/FreeDiamond_038_1.JPG","210513/cx-GarenaFreeFireHackDiamonds-210513/0.1/Images/EXR-038/EXR-025_1.JPG","210513/cx-GarenaFreeFireHackDiamonds-210513/0.1/Images/EXR-038/EXR-025_.JPG","210513/cx-GarenaFreeFireHackDiamonds-210513/0.1/Images/EXR-060/FreeDiamond_038.JPG"],"nonDeceptorImageFiles":[],"guid":"a010301d-9e28-4746-9c8b-fba8f77ad56d_0.1_1","appID":"cx-GarenaFreeFireHackDiamonds-210513","dateAdded":"210513","deceptorType":"Browser Extension","name":"Garena Free Fire Hack Diamonds 2021","company":"giftsdaily.xyz","version":"0.1","sigName":"Deceptor:BEX/GarenaFreeFireHackDiamonds2021!025038060","lastKnownStatus":"0.1","lastKnownDate":"210513","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T19:48:35.3785151+00:00","notDistributed":false,"familyName":"bx-giftsdaily","numInFamily":1,"numInAppID":1,"sortOrder":1696},{"violations":{"EXR-038":"Extension only launches a website and does nothing else\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history & read and change the bookmarks, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"Johnny Upgrade Game.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d137ffabc92dd317d10edb83661daaa9f54bd2f8419e230e67f9686058fd1391","storeId":"gilngmddhkonhmkmoifojkjpmfamhjjp","sourceIndex":"1943","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Johnny Upgrade Game.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"980cd4f5a60ca8809905be5ccf38ba261887bc2a1bfeac8b49d94dbe1d6af10f","sourceIndex":"1943","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-StickWars2Hacked-210510","reference":"","landingPage":"https://www.apigame.com/johnny-upgrade.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/johnny-upgrade-game/gilngmddhkonhmkmoifojkjpmfamhjjp/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/johnny-upgrade-game/gilngmddhkonhmkmoifojkjpmfamhjjp/","sourceIndex":"1943"}],"sampleFiles":["210512/cx-JohnnyUpgradeGame-210512/1.0/Samples/Johnny Upgrade Game.crx","210512/cx-JohnnyUpgradeGame-210512/1.0/Samples/Johnny Upgrade Game.zip"],"imageFiles":["210512/cx-JohnnyUpgradeGame-210512/1.0/Images/EXR-038/BEX.JPG"],"nonDeceptorImageFiles":["210512/cx-JohnnyUpgradeGame-210512/1.0/Images/EXR-051/EXR-051.JPG","210512/cx-JohnnyUpgradeGame-210512/1.0/Images/EXR-002/EXR-002.JPG","210512/cx-JohnnyUpgradeGame-210512/1.0/Images/EXR-037/ACR-037.JPG","210512/cx-JohnnyUpgradeGame-210512/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"0e9d9409-047f-45f7-a568-a124ef83b288_1.0_1","appID":"cx-JohnnyUpgradeGame-210512","dateAdded":"210512","deceptorType":"Browser Extension","name":"Johnny Upgrade Game","company":"apigame","version":"1.0","sigName":"Deceptor:BEX/JohnnyUpgradeGame!051038","lastKnownStatus":"1.0","lastKnownDate":"210512","type":"Chrome Extension","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-12T22:20:40.0460327+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1697},{"violations":{"EXR-025":"Extension misrepresents its functionality, includes non-obvious functionality (asking users to fill the survey) that doesn't serve the primary purpose of the extension.\n","EXR-054":"The extension forces the user to click on ads or submit personal information for advertising purposes to fully use it.\n"},"nonDeceptorViolations":{"EXR-042":"No valid privacy policy link provided.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"https://relakzs.blogspot.com/2020/11/krunker-esp-aimbot-kr-generator.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/krunker-hacks-krunkerio-a/bgkmceogjcbfmlhlobbdcmcfnekjehng","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/krunker-hacks-krunkerio-a/bgkmceogjcbfmlhlobbdcmcfnekjehng","sourceIndex":"1944"}],"sampleFiles":[],"imageFiles":["210511/cx-KrunkerHacksKrunkerio-210504/1.1/Images/EXR-025/EXR-025.mp4","210511/cx-KrunkerHacksKrunkerio-210504/1.1/Images/EXR-054/EXR-054.mp4"],"nonDeceptorImageFiles":["210511/cx-KrunkerHacksKrunkerio-210504/1.1/Images/EXR-042/EXR-042.JPG"],"guid":"a2c26cf7-7890-45e9-8315-9b0c16efd81d_1.1_1","appID":"cx-KrunkerHacksKrunkerio-210504","dateAdded":"210511","deceptorType":"Browser Extension","name":"Krunker Hacks Krunker.io Aimbot + ESP Gen","company":"kamadskis","version":"1.1","sigName":"Deceptor:BEX/Krunker Hacks Krunker.io Aimbot + ESP Gen!025054","lastKnownStatus":"1.1","lastKnownDate":"210511","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-11T21:54:16.7776563+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1700},{"violations":{"EXR-017":"Extension pops fake message and urges the user to installer another extension.\n","EXR-025":"Extension misrepresents its functionality, includes non-obvious functionality (asking users to fill the survey) that doesn't serve the primary purpose of the extension.\n","EXR-038":"On adding this extension to the chrome, it redirects the user to another extension to download.\n","EXR-039":"This extension is associated with the abuse of notifications such as ads, promotions, or unwanted messages that harm the user's browsing.\n","EXR-054":"The extension forces the user to click on ads or submit personal information (asking users to fill the survey) for advertising purposes to fully use it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Dragon City Hack Cheats Free Gems.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d0cb733025f09f0c08067e8365e54baae675dd0db107c2645e0153a656260893","storeId":"ihefmbhjhjgijomeoapomhhkoigdlden","sourceIndex":"1945","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DRAGON CITY HACK CHEATS FREE GEMS.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ea827faa03ee8eda57cd8f9e45c39452fe472274799ff5a5cc6ae65c97b2080e","sourceIndex":"1945","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"https://enoot.eu/dragon","directDownloadingLink":"https://chrome.google.com/webstore/detail/dragon-city-hack-cheats-f/ihefmbhjhjgijomeoapomhhkoigdlden","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/dragon-city-hack-cheats-f/ihefmbhjhjgijomeoapomhhkoigdlden","sourceIndex":"1945"}],"sampleFiles":["210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Samples/Dragon City Hack Cheats Free Gems.crx","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Samples/DRAGON CITY HACK CHEATS FREE GEMS.zip"],"imageFiles":["210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-017/EXR-017.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-017/EXR-017_1.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-017/EXR-017_2.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-017/EXR-017_3.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-017/EXR-017_4.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-025/EXR-025_.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-025/EXR-025_1.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-025/EXR-025_2.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-038/EXR-038.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-038/EXR-038_1.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-039/EXR-039.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-039/EXR-039_1.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-039/EXR-039_2.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-039/EXR-039_3.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-054/EXR-054_.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-054/EXR-054_1.JPG","210511/cx-DragonCityHackCheatsFreeGems-210511/4.1.1/Images/EXR-054/EXR-054_2.JPG"],"nonDeceptorImageFiles":[],"guid":"d700d190-674f-402d-992f-81093b8fcfe0_4.1.1_1","appID":"cx-DragonCityHackCheatsFreeGems-210511","dateAdded":"210511","deceptorType":"Browser Extension","name":"Dragon City Hack Cheats Free Gems","company":"olivialay50645810","version":"4.1.1","sigName":"Deceptor:BEX/DragonCityHackCheatsFreeGems!017025038039054","lastKnownStatus":"4.1.1","lastKnownDate":"210511","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,MacOS,Windows Server","targetBrowser":"Chrome","lastUpdate":"2021-05-11T21:20:30.3424343+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1701},{"violations":{"EXR-025":"Extension misrepresents its functionality. It just launch a website and do nothing. The features described in extension overview is not extension feature, it is website content.  \n","EXR-038":"The extension just launch a website (https://pubskins.com/?s=chromeapp) and do nothing else. The offers described in extension overview requires user to fill in survey and install another app to obtain.\n","EXR-039":"This extension is associated with the abuse of notifications such as ads, promotions, or unwanted messages that harm the user's browsing.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Pubg mobile UC hack app.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"71a49a55e70d4434f78f5b9379bbac05d6913c03456e3ccfa2129db93e35c0a4","storeId":"ajfpihphgoobkpbhjkopjopkfbcplmob","sourceIndex":"1940","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Pubg mobile UC hack app.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"5cfd980ba8f9ffdb8b2e9eab9c88063ae432db1668bed41e95249e1ce149d889","sourceIndex":"1940","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"https://appsfly.co/pubgmobilehack/","directDownloadingLink":"https://chrome.google.com/webstore/detail/pubg-mobile-uc-hack-app-2/ajfpihphgoobkpbhjkopjopkfbcplmob/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/pubg-mobile-uc-hack-app-2/ajfpihphgoobkpbhjkopjopkfbcplmob/","sourceIndex":"1940"}],"sampleFiles":["210511/cx-PubgmobileUChackapp-210511/1.0.3/Samples/Pubg mobile UC hack app.crx","210511/cx-PubgmobileUChackapp-210511/1.0.3/Samples/Pubg mobile UC hack app.zip"],"imageFiles":["210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-025/EXR-025_.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-025/EXR-025_2.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-025/EXR-025_3.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-025/EXR-025_4.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-038/EXR-054_3.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-038/EXR-054_2.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-038/EXR-054_1.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-038/EXR-054_.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-039/EXR-039_.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-039/EXR-039_1.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-039/EXR-039_2.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-039/EXR-039_3.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-039/EXR-039_4.JPG"],"nonDeceptorImageFiles":["210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-002/EXR-002.JPG","210511/cx-PubgmobileUChackapp-210511/1.0.3/Images/EXR-042/EXR-042.JPG"],"guid":"b2de386c-f3a4-4606-86e3-e46ebb09622c_1.0.3_1","appID":"cx-PubgmobileUChackapp-210511","dateAdded":"210511","deceptorType":"Browser Extension","name":"Pubg mobile UC hack app 2021","company":"appsfly","version":"1.0.3","sigName":"Deceptor:BEX/PubgMobileUCHack!025039054","lastKnownStatus":"1.0.3","lastKnownDate":"210511","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-13T23:28:57.427079+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1699},{"violations":{"EXR-025":"The extension misrepresent its functionality. The extension just launch a website and do nothing. The game described in extension overview is not working in website also.\n","EXR-038":"The extension launch a website and do nothing. \n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history & read and change the bookmarks, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"Stick Wars 2 Hacked.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"2a2fab4ef45581d4a9a876583fd94e35a3c4002e9a664c672f74517a9c5e0663","storeId":"djmppibjkfaalgjbbobldcamcdbbpijc","sourceIndex":"1941","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Stick Wars 2 Hacked.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b9ecc199a3faf669340aeee6d003580bab1c63a83420850c150201d39ad5bfd6","sourceIndex":"1941","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"https://www.apigame.com/stick-war-2-hacked.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/stick-wars-2-hacked/djmppibjkfaalgjbbobldcamcdbbpijc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/stick-wars-2-hacked/djmppibjkfaalgjbbobldcamcdbbpijc","sourceIndex":"1941"}],"sampleFiles":["210511/cx-StickWars2Hacked-210510/1.0/Samples/Stick Wars 2 Hacked.crx","210511/cx-StickWars2Hacked-210510/1.0/Samples/Stick Wars 2 Hacked.zip"],"imageFiles":["210511/cx-StickWars2Hacked-210510/1.0/Images/EXR-025/EXR-025_1.jpg","210511/cx-StickWars2Hacked-210510/1.0/Images/EXR-038/StickWar_038.JPG"],"nonDeceptorImageFiles":["210511/cx-StickWars2Hacked-210510/1.0/Images/EXR-051/EXR-051.JPG","210511/cx-StickWars2Hacked-210510/1.0/Images/EXR-002/EXR-002.JPG","210511/cx-StickWars2Hacked-210510/1.0/Images/EXR-037/EXR-037_1.jpg","210511/cx-StickWars2Hacked-210510/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"7fc9be57-40c4-4889-9fb4-210613506120_1.0_1","appID":"cx-StickWars2Hacked-210510","dateAdded":"210511","deceptorType":"Browser Extension","name":"Stick Wars 2 Hacked","company":"apigame","version":"1.0","sigName":"Deceptor:BEX/StickWars2Hacked!051025","lastKnownStatus":"1.0","lastKnownDate":"210511","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-13T23:16:39.2377206+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1698},{"violations":{"EXR-025":"Extension misrepresents its functionality. The functionality presented is not available and not be verified.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"ytviewer.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"c89530f3282935c47de94b2ad546c41d0f08393b61eed2de74437008f88a76e0","storeId":"gfojiacpdilgdgenddokieocbjcajcaj","sourceIndex":"1939","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ytviewer.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d5580e260e8fcf44b9f85ae9fad2044ce76fbff6f33ee2fa222bd3328f624cde","sourceIndex":"1939","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- YouTube","reference":"","landingPage":"http://www.ytviewer.com/about.php","directDownloadingLink":"https://chrome.google.com/webstore/detail/ytviewer/gfojiacpdilgdgenddokieocbjcajcaj/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/ytviewer/gfojiacpdilgdgenddokieocbjcajcaj/","sourceIndex":"1939"}],"sampleFiles":["210510/cx-ytviewer-210510/1.1/Samples/ytviewer.crx","210510/cx-ytviewer-210510/1.1/Samples/ytviewer.zip"],"imageFiles":["210510/cx-ytviewer-210510/1.1/Images/EXR-025/EXR-025.JPG"],"nonDeceptorImageFiles":["210510/cx-ytviewer-210510/1.1/Images/EXR-051/EXR-051_.JPG","210510/cx-ytviewer-210510/1.1/Images/EXR-002/EXR-002.JPG","210510/cx-ytviewer-210510/1.1/Images/EXR-037/EXR-037.JPG","210510/cx-ytviewer-210510/1.1/Images/EXR-042/EXR-042.JPG"],"guid":"0ad6fc89-bd9b-4a91-816b-5b0b85bb42e0_1.1_1","appID":"cx-ytviewer-210510","dateAdded":"210510","deceptorType":"Browser Extension","name":"ytviewer","company":"ytviewer.com","version":"1.1","sigName":"Deceptor:BEX/ytviewer!051025","lastKnownStatus":"1.1","lastKnownDate":"210510","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T19:15:22.0747188+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1702},{"violations":{"EXR-017":"extension pops fake notifications to install the other products.\n","EXR-025":"Extension misrepresents its functionality, includes non-obvious functionality (asking users to fill the survey) that doesn't serve the primary purpose of the extension.\n","EXR-039":"This extension is associated with the abuse of notifications such as ads, promotions, or unwanted messages that harm the user's browsing.\n","EXR-054":"The extension forces the user to click on ads or submit personal information (asking users to fill the survey) for advertising purposes to fully use it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Free V Bucks Codes Generator 2021.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"fa64924dda0835d2d9846ee3290258ca8caac415d4bad950e69a1e64a6963c47","storeId":"oillgcefggfofpngfbkdlbedokknnodj","sourceIndex":"1946","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free V Bucks Codes Generator 2021.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ac0847741fa4552e65109abefa0cf5f7cf47cfc38847fcbf17887015fae51b52","sourceIndex":"1946","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related apps to krunken hacks","reference":"","landingPage":"https://fortnite.enoot.eu/","directDownloadingLink":"https://chrome.google.com/webstore/detail/free-v-bucks-codes-genera/oillgcefggfofpngfbkdlbedokknnodj/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/free-v-bucks-codes-genera/oillgcefggfofpngfbkdlbedokknnodj/","sourceIndex":"1946"}],"sampleFiles":["210510/cx-FreeVBucksCodesGenerator-210505/4/Samples/Free V Bucks Codes Generator.crx","210510/cx-FreeVBucksCodesGenerator-210505/4/Samples/Free V Bucks Codes Generator 2021.zip"],"imageFiles":["210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-017/EXR-017.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-017/EXR-017_1.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-017/EXR-017_2.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-025/EXR-025_1.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-025/EXR-025_2.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-039/EXR-039.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-039/EXR-039_1.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-039/EXR-039_2.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-039/EXR-039_3.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-054/EXR-054.JPG","210510/cx-FreeVBucksCodesGenerator-210505/4/Images/EXR-054/EXR-054_1.JPG"],"nonDeceptorImageFiles":[],"guid":"effbedec-29e7-4e36-8080-b11f634cb2f4_4_1","appID":"cx-FreeVBucksCodesGenerator-210505","dateAdded":"210510","deceptorType":"Browser Extension","name":"Free V Bucks Codes Generator 2021","company":"rcrissetarpumrb","version":"4","sigName":"Deceptor:BEX/FreeVBucksCodesGenerator2021!017025039054","lastKnownStatus":"4","lastKnownDate":"210510","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows Server,MacOS,Windows 7","targetBrowser":"Chrome","lastUpdate":"2021-05-10T21:58:33.2650683+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1703},{"violations":{"EXR-024":"The Extension misleads the user by using the \"steam\" icon.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Steam Security Suite.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9ca149d4005036e4bf3f2e0405f6466e0044792bd87aca82c4fa8cc5c3d894fd","storeId":"gicnbiillhmpffbemfhmhnelldbnjblb","sourceIndex":"1947","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Steam Security Suite.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"328ad5fd099dee41307908dc12008660e82447f81798afd92d0ba6e24472e304","sourceIndex":"1947","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Security","reference":"","landingPage":"https://github.com/Jessecar96/Steam-Community-Suite","directDownloadingLink":"https://chrome.google.com/webstore/detail/steam-security-suite/gicnbiillhmpffbemfhmhnelldbnjblb","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/steam-security-suite/gicnbiillhmpffbemfhmhnelldbnjblb","sourceIndex":"1947"}],"sampleFiles":["210509/cx-SteamSecuritySuite-210505/2.0/Samples/Steam Security Suite.crx","210509/cx-SteamSecuritySuite-210505/2.0/Samples/Steam Security Suite.zip"],"imageFiles":["210509/cx-SteamSecuritySuite-210505/2.0/Images/EXR-024/EXR-024.JPG"],"nonDeceptorImageFiles":["210509/cx-SteamSecuritySuite-210505/2.0/Images/EXR-002/EXR-002.JPG","210509/cx-SteamSecuritySuite-210505/2.0/Images/EXR-037/EXR-037.JPG","210509/cx-SteamSecuritySuite-210505/2.0/Images/EXR-042/EXR-042.JPG"],"guid":"37cfac39-3673-419f-be38-53ac303e0088_2.0_1","appID":"cx-SteamSecuritySuite-210505","dateAdded":"210509","deceptorType":"Browser Extension","name":"Steam Security Suite","company":"Jessecar","version":"2.0","sigName":"Deceptor:BEX/SteamSecuritySuite!024","lastKnownDate":"210509","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-09T23:11:42.8424776+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1704},{"violations":{"EXR-025":"Extension misrepresents its functionality. The functionality claimed not working.\n","EXR-054":"Extension asks user to login google account before using it. \n"},"nonDeceptorViolations":{"EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Fortnite Free Vbucks Codes Generator.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"f70c11b6dafaef2e50e8c6789b10845e03ac55fe3c4b905a64499cabad6cd0e8","storeId":"cfidhlgoeimcagaimikpodffbjlgbdna","sourceIndex":"1937","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Fortnite Free Vbucks Codes Generator.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"96039b89fd3b395a31f832612625ff90d0608360789c113fd906284edb811684","sourceIndex":"1937","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related apps to Fortnite Vbucks","reference":"","landingPage":"https://sites.google.com/view/fortnite-free-vbucks-gen/","directDownloadingLink":"https://chrome.google.com/webstore/detail/fortnite-free-vbucks-code/cfidhlgoeimcagaimikpodffbjlgbdna/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/fortnite-free-vbucks-code/cfidhlgoeimcagaimikpodffbjlgbdna/","sourceIndex":"1937"}],"sampleFiles":["210508/cx-FortniteFreeVbucksCodesGenerator-210506/0.1.0/Samples/Fortnite Free Vbucks Codes Generator.crx","210508/cx-FortniteFreeVbucksCodesGenerator-210506/0.1.0/Samples/Fortnite Free Vbucks Codes Generator.zip"],"imageFiles":["210508/cx-FortniteFreeVbucksCodesGenerator-210506/0.1.0/Images/EXR-025/EXR-025.JPG","210508/cx-FortniteFreeVbucksCodesGenerator-210506/0.1.0/Images/EXR-054/RequireLoginGoogleAcc.JPG"],"nonDeceptorImageFiles":["210508/cx-FortniteFreeVbucksCodesGenerator-210506/0.1.0/Images/EXR-037/EXR-037.JPG","210508/cx-FortniteFreeVbucksCodesGenerator-210506/0.1.0/Images/EXR-042/EXR-042.JPG"],"guid":"341ff538-cbe5-47a3-a14b-858077f2b265_0.1.0_1","appID":"cx-FortniteFreeVbucksCodesGenerator-210506","dateAdded":"210508","deceptorType":"Browser Extension","name":"Fortnite Free Vbucks Codes Generator","company":"visethdom","version":"0.1.0","sigName":"Deceptor:BEX/FortniteFreeVbucksCodesGenerator!025054","lastKnownStatus":"0.1.0","lastKnownDate":"210508","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T19:31:07.3656699+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1705},{"violations":{"EXR-025":"Extension misrepresents its functionality. Extension just launches the website. It claims provide free v-bucks, but these always fail and lead to asking user personal details.\n","EXR-038":"The extension open the website, and no other functionality.\n","EXR-060":"Extension offers free fortnite v-bucks, but this functionality is not contained within the extension\n"},"nonDeceptorViolations":{"EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Free Vbux Fortnite Free Vbux Generator.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8a34ed41b340563aca9edd858d152f9dbad6f93eb4040c604049d8de24dd2130","storeId":"efckagblkgbbgcgcdphmbndgaddmodii","sourceIndex":"1931","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free Vbux - Fortnite Free Vbux Generator.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e3bfd5f4442cc600463f2aeeb473fa90b8c249951160d1d150988b50f5592263","sourceIndex":"1931","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://ursites.design/c6ebf2b","directDownloadingLink":"https://chrome.google.com/webstore/detail/free-vbux-fortnite-free-v/efckagblkgbbgcgcdphmbndgaddmodii","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/free-vbux-fortnite-free-v/efckagblkgbbgcgcdphmbndgaddmodii","sourceIndex":"1931"}],"sampleFiles":["210507/cx-FreeVbuxFortniteFreeVbuxGenerator-210507/0.1.0/Samples/Free Vbux Fortnite Free Vbux Generator.crx","210507/cx-FreeVbuxFortniteFreeVbuxGenerator-210507/0.1.0/Samples/Free Vbux - Fortnite Free Vbux Generator.zip"],"imageFiles":["210507/cx-FreeVbuxFortniteFreeVbuxGenerator-210507/0.1.0/Images/EXR-025/EXR-025.JPG","210507/cx-FreeVbuxFortniteFreeVbuxGenerator-210507/0.1.0/Images/EXR-025/EXR-025_2.JPG","210507/cx-FreeVbuxFortniteFreeVbuxGenerator-210507/0.1.0/Images/EXR-038/VBucks_038.JPG","210507/cx-FreeVbuxFortniteFreeVbuxGenerator-210507/0.1.0/Images/EXR-060/Vbucks060.JPG"],"nonDeceptorImageFiles":["210507/cx-FreeVbuxFortniteFreeVbuxGenerator-210507/0.1.0/Images/EXR-042/EXR-042.JPG"],"guid":"3554200a-e42d-4dae-b086-7aa8f14e6038_0.1.0_1","appID":"cx-FreeVbuxFortniteFreeVbuxGenerator-210507","dateAdded":"210507","deceptorType":"Browser Extension","name":"Free Vbux - Fortnite Free Vbux Generator","company":"sammeas44","version":"0.1.0","sigName":"Deceptor:BEX/FreeVbuxGenerator!025054","lastKnownStatus":"0.1.0","lastKnownDate":"210507","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T20:03:44.5672057+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1706},{"violations":{"EXR-025":"Extension misrepresents its functionality. It claims to generate the vbucks, but these always fail and lead to survey registration and ask users' personal information.\n\n","EXR-038":"Extension only launches a website app, and has no other functionality.\n","EXR-054":"The extension spreads scam (https://www.onlinepromotionsusa.com) and forces the user to click on ads or submit personal information for advertising purposes to fully use it. \n","EXR-060":"Extension claims to provide free vBuck, but this functionality is not contained within the extension\n"},"nonDeceptorViolations":{"EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Free Vbux.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ce38eb28e65197c4a47f0c97b980572ce316cf070672c1305dab0f9249af5e49","storeId":"nlmfklmmjliglibpidlkkomddobpfbeo","sourceIndex":"1929","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free Vbux.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6880f069becd469356810df9718724a002d30e34aa0bf41acc1f5e6da17c7b30","sourceIndex":"1929","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Related apps to Fortnite Vbucks","reference":"","landingPage":"https://ursites.design/cf75d8d","directDownloadingLink":"https://chrome.google.com/webstore/detail/free-vbux/nlmfklmmjliglibpidlkkomddobpfbeo","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/free-vbux/nlmfklmmjliglibpidlkkomddobpfbeo","sourceIndex":"1929"}],"sampleFiles":["210506/cx-FreeVbux-210506/0.1.0/Samples/Free Vbux.crx","210506/cx-FreeVbux-210506/0.1.0/Samples/Free Vbux.zip"],"imageFiles":["210506/cx-FreeVbux-210506/0.1.0/Images/EXR-025/EXR-025.JPG","210506/cx-FreeVbux-210506/0.1.0/Images/EXR-025/EXR-025_1.JPG","210506/cx-FreeVbux-210506/0.1.0/Images/EXR-025/EXR-025_2.JPG","210506/cx-FreeVbux-210506/0.1.0/Images/EXR-038/VBucks_038_1.JPG","210506/cx-FreeVbux-210506/0.1.0/Images/EXR-054/EXR-054.JPG","210506/cx-FreeVbux-210506/0.1.0/Images/EXR-054/EXR-054_1.JPG","210506/cx-FreeVbux-210506/0.1.0/Images/EXR-054/EXR-054_2.JPG"],"nonDeceptorImageFiles":["210506/cx-FreeVbux-210506/0.1.0/Images/EXR-042/EXR-042.JPG"],"guid":"aca87b95-25d1-473a-886e-e42c5c74e762_0.1.0_1","appID":"cx-FreeVbux-210506","dateAdded":"210506","deceptorType":"Browser Extension","name":"Free Vbux","company":"vbux995","version":"0.1.0","sigName":"Deceptor:BEX/FreeVbux!025054","lastKnownStatus":"0.1.0","lastKnownDate":"210506","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T22:05:34.9683909+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1709},{"violations":{"EXR-025":"The primary purpose of extension doesn't exist. Extension misrepresent its functionality in app store. \n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Steam","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/steam-sheriff/gepneajfhahnllbbdfiamgbifcikpoie","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/steam-sheriff/gepneajfhahnllbbdfiamgbifcikpoie","sourceIndex":"1948"}],"sampleFiles":[],"imageFiles":["210506/cx-SteamSheriff-210506/0.3/Images/EXR-025/EXR-025.JPG"],"nonDeceptorImageFiles":["210506/cx-SteamSheriff-210506/0.3/Images/EXR-002/EXR-002.JPG","210506/cx-SteamSheriff-210506/0.3/Images/EXR-037/EXR-037.JPG","210506/cx-SteamSheriff-210506/0.3/Images/EXR-042/EXR-042.JPG"],"guid":"d5d1ad08-8a67-4364-90ed-f838b8017872_0.3_1","appID":"cx-SteamSheriff-210506","dateAdded":"210506","deceptorType":"Browser Extension","name":"Steam Sheriff","company":"zma4580","version":"0.3","sigName":"Deceptor:BEX/SteamSheriff!025","lastKnownStatus":"0.3","lastKnownDate":"210506","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-06T23:30:39.845113+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1707},{"violations":{"EXR-024":"The extension misleads the user extension from Xbox by using the \"XBOX\" icon.\n","EXR-025":"Extension misrepresents its functionality. It claims to provide free XBox codes, but no such functionality in the extension. \n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy policy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Free Xbox Codes 2021.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ef89224d872b62f891df0201627a6a6391e65c4d4d1a00e0ff057e7416f5136a","storeId":"higfieddhamnbligkkacainaiafbhbhe","sourceIndex":"1930","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free Xbox Codes 2021.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"bf0dea6c126f5afb4b729e5d71ebdd7b6a6f62239e98c8f12d1617a40e1cb511","sourceIndex":"1930","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Xbox","reference":"","landingPage":"https://freexboxcodes8.blogspot.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/free-xbox-codes-2021-xbox/higfieddhamnbligkkacainaiafbhbhe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/free-xbox-codes-2021-xbox/higfieddhamnbligkkacainaiafbhbhe","sourceIndex":"1930"}],"sampleFiles":["210506/cx-FreeXboxCodes2021-210506/1.0.0/Samples/Free Xbox Codes 2021.crx","210506/cx-FreeXboxCodes2021-210506/1.0.0/Samples/Free Xbox Codes 2021.zip"],"imageFiles":["210506/cx-FreeXboxCodes2021-210506/1.0.0/Images/EXR-024/EXR-024.JPG","210506/cx-FreeXboxCodes2021-210506/1.0.0/Images/EXR-025/EXR-025_1.JPG","210506/cx-FreeXboxCodes2021-210506/1.0.0/Images/EXR-025/EXR-025_2.JPG"],"nonDeceptorImageFiles":["210506/cx-FreeXboxCodes2021-210506/1.0.0/Images/EXR-002/EXR-002_.JPG","210506/cx-FreeXboxCodes2021-210506/1.0.0/Images/EXR-002/EXR-002_1.JPG","210506/cx-FreeXboxCodes2021-210506/1.0.0/Images/EXR-037/EXR-037_1.JPG","210506/cx-FreeXboxCodes2021-210506/1.0.0/Images/EXR-037/EXR-037_2.JPG","210506/cx-FreeXboxCodes2021-210506/1.0.0/Images/EXR-042/EXR-042.JPG"],"guid":"afcf9cb9-6083-4630-9dab-71eda4478351_1.0.0_1","appID":"cx-FreeXboxCodes2021-210506","dateAdded":"210506","deceptorType":"Browser Extension","name":"Free Xbox Codes 2021- Xbox Gift card codes","company":"freexboxcodes8","version":"1.0.0","sigName":"Deceptor:BEX/FreeXboxCodes2021!024025","lastKnownStatus":"1.0.0","lastKnownDate":"210506","type":"Chrome Extension","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-14T21:38:24.6971724+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1708},{"violations":{"EXR-025":"Extension misrepresents its functionality. The functionality it claims is not contained in extension.\n","EXR-038":"The extension just instruct user to open the website and contains no other functionality.\n"},"nonDeceptorViolations":{"EXR-042":"No valid privacy policy link is provided.\n"},"samples":[{"isRevoked":"False","fileName":"Pokemon Go Spoofer.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9c766b9a2d004212f859c0f1a200c2ed13777dcd55817d4c7fa0354ed615c681","storeId":"gbcmhmfgjjljgpdlnbaconlcnikbcklc","sourceIndex":"1928","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pokemon-go-spoofer.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"efb4f758432757554c71dcaff334bcb6854f12f29455a7bfb7ac284ed6ec9f38","sourceIndex":"1928","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"http://namegames.xyz/pokemon-go","directDownloadingLink":"https://chrome.google.com/webstore/detail/pokemon-go-spoofer-gps-io/gbcmhmfgjjljgpdlnbaconlcnikbcklc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/pokemon-go-spoofer-gps-io/gbcmhmfgjjljgpdlnbaconlcnikbcklc","sourceIndex":"1928"}],"sampleFiles":["210423/cx-PokemonGoSpooferGPS-210423/1.0/Samples/Pokemon Go Spoofer.crx","210423/cx-PokemonGoSpooferGPS-210423/1.0/Samples/pokemon-go-spoofer.zip"],"imageFiles":["210423/cx-PokemonGoSpooferGPS-210423/1.0/Images/EXR-025/EXR-025.JPG","210423/cx-PokemonGoSpooferGPS-210423/1.0/Images/EXR-025/EXR-025_1.mp4","210423/cx-PokemonGoSpooferGPS-210423/1.0/Images/EXR-025/EXR-025_2.mp4"],"nonDeceptorImageFiles":["210423/cx-PokemonGoSpooferGPS-210423/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"00997a95-5eea-4da8-812d-1dc5befbefc9_1.0_1","appID":"cx-PokemonGoSpooferGPS-210423","dateAdded":"210423","deceptorType":"Browser Extension","name":"Pokemon Go Spoofer GPS iOS Android 2021","company":"buzzingbees21","version":"1.0","sigName":"Deceptor:BEX/PokemonGoSpoofer!025054","lastKnownStatus":"1.0","lastKnownDate":"210423","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-05-16T21:53:13.4208465+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1710},{"violations":{"EXR-011":"The extension uses the TikTok logo.\n","EXR-024":"The Extension misleads the user by using the TikTok icon and screenshots.\n","EXR-054":"Extension force the user to click on ads or submit personal information for advertising purposes in order to fully use it.\n"},"nonDeceptorViolations":{"EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"TikTok - Make Your Day.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"f30042c1ff5003bf469d84c59a04e42c4b71269b1464e4c4f1e385a9678ba66d","sourceIndex":"1949","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TikTok - Make Your Day.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9a806881aeeedbe98493097c5d62e9a210d78c383994b422c1371985d3cdc808","storeId":"bnomchemkmkimnahgmolnkhijpoelnhc","sourceIndex":"1949","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store - tiktok","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/tiktok-make-your-day/bnomchemkmkimnahgmolnkhijpoelnhc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/tiktok-make-your-day/bnomchemkmkimnahgmolnkhijpoelnhc","sourceIndex":"1949"}],"sampleFiles":["210422/cx-TikTok-MakeYourDay-210417/1.0.0/Samples/TikTok - Make Your Day.zip"],"imageFiles":["210422/cx-TikTok-MakeYourDay-210417/1.0.0/Images/EXR-024/EXR-024.JPG","210422/cx-TikTok-MakeYourDay-210417/1.0.0/Images/EXR-011/EXR-011.JPG","210422/cx-TikTok-MakeYourDay-210417/1.0.0/Images/EXR-054/EXR-054.mp4"],"nonDeceptorImageFiles":["210422/cx-TikTok-MakeYourDay-210417/1.0.0/Images/EXR-037/EXR-037.mp4","210422/cx-TikTok-MakeYourDay-210417/1.0.0/Images/EXR-042/EXR-042.JPG"],"guid":"7fd50ee9-16f1-40c1-adab-3ad08f1e364f_1.0.0_1","appID":"cx-TikTok-MakeYourDay-210417","dateAdded":"210422","deceptorType":"Browser Extension","name":"TikTok - Make Your Day","company":"TikTok Mobile View","version":"1.0.0","sigName":"Deceptor:BEX/TikTok - Make Your Day!024011054","lastKnownStatus":"1.0.0","lastKnownDate":"210422","type":"Chrome Extension","targetOS":"Windows XP,Windows 7,Windows 8,Windows Vista,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-22T23:43:45.2002348+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1712},{"violations":{"EXR-025":"Extension misrepresents its functionality. The functionality it claims is not contained in extension, which is just instruct user to launch the website.\n","EXR-038":"The extension has no other functionality but just open website (instruct user to open website)\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link is provided.\n"},"samples":[{"isRevoked":"False","fileName":"Free YouTube Subscribers Generator.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"87c9a3036b969cbdb1f7c1ea5ff42649f637353bb5faafb1950ba3b60a19b91a","sourceIndex":"1926","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free YouTube Subscribers Generator.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"0797174f3175db91ce93b5b00f845e00795e991932bfc54e24a6adadf9cfa153","storeId":"fdfchfidjajpidpjilnlboncflgnjdda","sourceIndex":"1926","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-FacebookAccountHack-210420","reference":"","landingPage":"https://pointszone.net/v2/apps/youtubetools/","directDownloadingLink":"https://chrome.google.com/webstore/detail/free-youtube-subscribers/fdfchfidjajpidpjilnlboncflgnjdda/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/free-youtube-subscribers/fdfchfidjajpidpjilnlboncflgnjdda/","sourceIndex":"1926"}],"sampleFiles":["210422/cx-FreeYouTubeSubscribersGenerator-210421/1.0.9/Samples/Free YouTube Subscribers Generator.zip"],"imageFiles":["210422/cx-FreeYouTubeSubscribersGenerator-210421/1.0.9/Images/EXR-025/EXR-025.JPG","210422/cx-FreeYouTubeSubscribersGenerator-210421/1.0.9/Images/EXR-025/EXR-025_1.mp4"],"nonDeceptorImageFiles":["210422/cx-FreeYouTubeSubscribersGenerator-210421/1.0.9/Images/EXR-002/EXR-002.JPG","210422/cx-FreeYouTubeSubscribersGenerator-210421/1.0.9/Images/EXR-042/EXR-042.JPG"],"guid":"e7a63d2e-2cd9-4413-8a25-428a8030c41d_1.0.9_1","appID":"cx-FreeYouTubeSubscribersGenerator-210421","dateAdded":"210422","deceptorType":"Browser Extension","name":"Free YouTube Subscribers Generator App 2021","company":"pointszone.net","version":"1.0.9","sigName":"Deceptor:BEX/FreeYouTubeSubscribersGeneratorApp2021!025054","lastKnownStatus":"1.0.9","lastKnownDate":"210422","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows Server,MacOS,Windows 10","targetBrowser":"Chrome","lastUpdate":"2021-05-16T22:16:30.1125211+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1713},{"violations":{"EXR-025":"Extension misrepresents its functionality, includes non-obvious functionality (asking users to play a game that requires user registration) that doesn't serve the primary purpose of the extension.\n","EXR-054":"Extension force the user to click on ads or submit personal information (asking users to play a game that requires user registration) for advertising purposes in order to fully use it.\n"},"nonDeceptorViolations":{"EXR-042":"No valid privacy policy link is provided.\n"},"samples":[{"isRevoked":"False","fileName":"Free Onlyfans Hack Accounts.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d379c8bdb3347d83fdc847792e665e3d979f1940cb371d4288bd3d4edbcba3b3","storeId":"","sourceIndex":"1950","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Free Onlyfans Hack Accounts.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"aca5793e2709bde81c77440658e8a6c5a6783de4ccd4d6c4aa518462da06223c","storeId":"gjpkiibnmkabcdpdndnjnpgejlhpeoln","sourceIndex":"1950","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"https://hacksgames.online/OnlyFans/V2/","directDownloadingLink":"https://chrome.google.com/webstore/detail/free-onlyfans-hack-accoun/gjpkiibnmkabcdpdndnjnpgejlhpeoln","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/free-onlyfans-hack-accoun/gjpkiibnmkabcdpdndnjnpgejlhpeoln","sourceIndex":"1950"}],"sampleFiles":["210422/cx-FreeOnlyfansHackAccounts-210422/1.0.1/Samples/Free Onlyfans Hack Accounts.crx","210422/cx-FreeOnlyfansHackAccounts-210422/1.0.1/Samples/Free Onlyfans Hack Accounts.zip"],"imageFiles":["210422/cx-FreeOnlyfansHackAccounts-210422/1.0.1/Images/EXR-025/EXR-025.JPG","210422/cx-FreeOnlyfansHackAccounts-210422/1.0.1/Images/EXR-025/EXR-025_1.mp4","210422/cx-FreeOnlyfansHackAccounts-210422/1.0.1/Images/EXR-054/EXR-054.mp4"],"nonDeceptorImageFiles":["210422/cx-FreeOnlyfansHackAccounts-210422/1.0.1/Images/EXR-042/EXR-042.JPG"],"guid":"166055e3-8624-49ae-b5ab-6d72b630eaa0_1.0.1_1","appID":"cx-FreeOnlyfansHackAccounts-210422","dateAdded":"210422","deceptorType":"Browser Extension","name":"Free Onlyfans Hack Accounts 2021","company":"hacksgames.online","version":"1.0.1","sigName":"Deceptor:BEX/FreeOnlyfansHackAccounts2021!025054","lastKnownStatus":"1.0.1","lastKnownDate":"210422","type":"Chrome Extension","lastUpdate":"2021-04-22T23:33:05.234445+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1714},{"violations":{"ACR-048":"The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch\n","ACR-084":"The app does not disclose details about the autorun keys created that makes the app to run each time that a user logs on\n","ACR-103":"Application doesn't provide accessible function to detect any malicious program.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"App installs in hidden folder %AppData%\n"},"samples":[{"isRevoked":"False","fileName":"Malware Protection Live_Setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"08382837f767b2b54198922fa76858a0","hashSHA1":"d48a5eaf7cfd00903b06e343b59cbac16dec21cf","hashSHA256":"d556e7e2f3fe7810c8850dd91cb5816259f2e8b0ccd06355575adc77d8b2101d","digitalCertThumbprint":"11EC8C8F686FF106BF7F74E1EE6D26D913481EAB","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Malware Protection Live, O=Malware Protection Live, L=Fort Myers, S=Florida, C=US","sourceIndex":"1951","avBlockList":["Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","COMODO Antivirus (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Total AV Antivirus Pro (20210520)","Trend Micro Internet Security (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":["360 Total Security (20210520)","Tencent PC Manager (20210520)"]},{"isRevoked":"False","fileName":"MalwareProtectionClient.exe","fileVersion":"1.0","hashMD5":"5776759a54bdd1b9fd3759ac6ac99827","hashSHA1":"207f5204379d18e492b3382f8aa31c3fc9ce935b","hashSHA256":"b7a31531b432a611dfd1a607e83d25e3b0e0d4017b1c9fa227f435bfc0b54898","digitalCertThumbprint":"11EC8C8F686FF106BF7F74E1EE6D26D913481EAB","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Malware Protection Live, O=Malware Protection Live, L=Fort Myers, S=Florida, C=US","sourceIndex":"1951","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://malwareprotectionlive.com/","landingPage":"http://malwareprotectionlive.com/","ipv4":"","ipv6":"","sourceIndex":"1951"}],"sampleFiles":["210422/MalwareProtectionLive-210422/1.0/Samples/Malware Protection Live_Setup.exe","210422/MalwareProtectionLive-210422/1.0/Samples/MalwareProtectionClient.exe"],"imageFiles":["210422/MalwareProtectionLive-210422/1.0/Images/ACR-048/Malware Protection Live_Install [1].png","210422/MalwareProtectionLive-210422/1.0/Images/ACR-048/Malware Protection Live_Install [3].png","210422/MalwareProtectionLive-210422/1.0/Images/ACR-048/Malware Protection Live_Install [5].png","210422/MalwareProtectionLive-210422/1.0/Images/ACR-084/Malware Protection Live_Registry [1].png","210422/MalwareProtectionLive-210422/1.0/Images/ACR-084/Malware Protection Live_Registry [2].jpg"],"nonDeceptorImageFiles":["210422/MalwareProtectionLive-210422/1.0/Images/ACR-038/Malware Protection Live_FileProperty [2].png","210422/MalwareProtectionLive-210422/1.0/Images/ACR-040/Malware Protection Live_Files [1].png"],"guid":"d3439c04-051e-4ced-9fc4-e7c06796bcf2_1.0_1","appID":"MalwareProtectionLive-210422","dateAdded":"210422","deceptorType":"App","name":"Malware Protection Live","company":"Malware Protection Live","version":"1.0","sigName":"Deceptor:Win32/MalwareProtectionLive!048084103","lastKnownStatus":"1.0","lastKnownDate":"210422","type":"Windows Executable","category":"Travel & Navigation","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-04-22T22:19:48.3429098+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1711},{"violations":{"ACR-048":"The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch.\n","ACR-084":"The app does not disclose details about the registry keys created that makes the app to run each time that a user logs on.\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden folder %AppData%.\n"},"samples":[{"isRevoked":"False","fileName":"One Updater_Setup.exe","isInstaller":"True","companyName":"Mellifluous Company","fileVersion":"1.0","hashMD5":"5e473c8df1c2c0b19e371b034e5ba5e6","hashSHA1":"a7290cc571c7880e6d470d2c686820585d815e3d","hashSHA256":"f223f8a60a2732c8394cdc550b820f857ab3928246d1563425a0159e5aa595a9","digitalCertThumbprint":"4A780189BF458F5BCA4798C63DCFD268D91ED8AE","digitalCertIssuer":"CN=OneMellifluousUpdaterCode, E=start@onemellifluousupdatercore.info","digitalCertIssuedTo":"CN=OneMellifluousUpdaterCode, E=start@onemellifluousupdatercore.info","sourceIndex":"1954","avBlockList":["360 Total Security (20210520)","Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Tencent PC Manager (20210520)","Total AV Antivirus Pro (20210520)","Trend Micro Internet Security (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":["COMODO Antivirus (20210520)","Kaspersky Internet Security (20210520)"]},{"isRevoked":"False","fileName":"OneUpdater.exe","companyName":"Mellifluous Company","fileVersion":"1.0","hashMD5":"fc9a8f8698b2af40cabcba3021e57ef5","hashSHA1":"6b36c44e94d720e4eaa0f4dc8b47d9ad96755193","hashSHA256":"7e69d104b29fc7c7c86354df88627e91cffef902f2bb5f4ab4295b8710222161","digitalCertThumbprint":"7D4861415A32A96737842234D4C0CACA4425CBF4","digitalCertIssuer":"CN=OneMellifluousUpdaterCode, E=start@onemellifluousupdatercore.info","digitalCertIssuedTo":"CN=OneMellifluousUpdaterCode, E=start@onemellifluousupdatercore.info","sourceIndex":"1954","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://updater.one/","landingPage":"http://updater.one/","ipv4":"","ipv6":"","sourceIndex":"1954"}],"sampleFiles":["210421/OneUpdater-210421/1.0.0.0/Samples/One Updater_Setup.exe","210421/OneUpdater-210421/1.0.0.0/Samples/OneUpdater.exe"],"imageFiles":["210421/OneUpdater-210421/1.0.0.0/Images/ACR-048/OneUpdater_Install [1].png","210421/OneUpdater-210421/1.0.0.0/Images/ACR-048/OneUpdater_Install [2].png","210421/OneUpdater-210421/1.0.0.0/Images/ACR-048/OneUpdater_Install [3].png","210421/OneUpdater-210421/1.0.0.0/Images/ACR-048/OneUpdater_Install [4].png","210421/OneUpdater-210421/1.0.0.0/Images/ACR-048/OneUpdater_Install [5].png","210421/OneUpdater-210421/1.0.0.0/Images/ACR-084/OneUpdater_RegistryEntry [1].png"],"nonDeceptorImageFiles":["210421/OneUpdater-210421/1.0.0.0/Images/ACR-040/OneUpdater_Files [1].png"],"guid":"d1b047ae-9375-4912-bd04-908b963b3d95_1.0.0.0_1","appID":"OneUpdater-210421","dateAdded":"210421","deceptorType":"App","name":"One Updater","company":"OneMellifluousUpdaterCode","version":"1.0.0.0","sigName":"Deceptor:Win32/OneUpdater!048084","lastKnownStatus":"1.0.0.0","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-04-21T22:01:34.987231+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1715},{"violations":{"EXR-025":"Extension misrepresents its functionality, includes non-obvious functionality that doesn't serve the primary purpose of the extension.\n","EXR-054":"Extension force the user to click on ads or submit personal information for advertising purposes in order to fully use it.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link is provided.\n"},"samples":[{"isRevoked":"False","fileName":"Paypal money adder.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"14155e43fa4ee2a5b24664d60acd8a75ab6880b2674ad9ccaf1ed270582aa692","sourceIndex":"1952","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Paypal money adder.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9dfa5db2c66e713f01005350dd67f6388b34e26acffb52762748c8af5b5307c4","storeId":"eniolblfpohhnebgjodcjgieiinfengc","sourceIndex":"1952","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-FacebookAccountHack-210420","reference":"","landingPage":"https://pointszone.net/v2/apps/paypalmoneygenerator/","directDownloadingLink":"https://chrome.google.com/webstore/detail/paypal-money-adder-2021/eniolblfpohhnebgjodcjgieiinfengc/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/paypal-money-adder-2021/eniolblfpohhnebgjodcjgieiinfengc/","sourceIndex":"1952"}],"sampleFiles":["210421/cx-PaypalMoneyAdder-210421/1.2.9/Samples/Paypal money adder.zip"],"imageFiles":["210421/cx-PaypalMoneyAdder-210421/1.2.9/Images/EXR-025/EXR-025.JPG","210421/cx-PaypalMoneyAdder-210421/1.2.9/Images/EXR-025/EXR-025_1.mp4","210421/cx-PaypalMoneyAdder-210421/1.2.9/Images/EXR-054/EXR-054.mp4"],"nonDeceptorImageFiles":["210421/cx-PaypalMoneyAdder-210421/1.2.9/Images/EXR-002/EXR-002.JPG","210421/cx-PaypalMoneyAdder-210421/1.2.9/Images/EXR-042/EXR-042.JPG"],"guid":"5b49051d-bda4-4bef-8ade-792324a52a9d_1.2.9_1","appID":"cx-PaypalMoneyAdder-210421","dateAdded":"210421","deceptorType":"Browser Extension","name":"Paypal money adder 2021","company":"pointszone.net","version":"1.2.9","sigName":"Deceptor:BEX/PaypalMoneyAdder2021!025054","lastKnownStatus":"1.2.9","lastKnownDate":"210421","type":"Chrome Extension","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 10,Windows 8,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-22T00:16:52.2246893+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1716},{"violations":{"EXR-025":"Extension misrepresents its functionality, includes non-obvious functionality (asking user to fill the survey) that doesn't serve the primary purpose of the extension.\n","EXR-054":"Extension force the user to click on ads or submit personal information for advertising purposes in order to fully use it.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":"No valid privacy policy link is provided.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-FacebookAccountHack-210420","reference":"","landingPage":"https://pointszone.net/v2/apps/instagramtools/","directDownloadingLink":"https://chrome.google.com/webstore/detail/instagram-followers-hack/aofopnaabngmcifdeapgcbejmbendehi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/instagram-followers-hack/aofopnaabngmcifdeapgcbejmbendehi","sourceIndex":"1953"}],"sampleFiles":[],"imageFiles":["210421/cx-InstagramFollowersHack-210421/1.0.1/Images/EXR-025/EXR-025.JPG","210421/cx-InstagramFollowersHack-210421/1.0.1/Images/EXR-025/EXR-025_1.mp4","210421/cx-InstagramFollowersHack-210421/1.0.1/Images/EXR-054/EXR-054.mp4"],"nonDeceptorImageFiles":["210421/cx-InstagramFollowersHack-210421/1.0.1/Images/EXR-002/EXR-002.JPG","210421/cx-InstagramFollowersHack-210421/1.0.1/Images/EXR-042/EXR-042.JPG"],"guid":"40cd54ac-6d9f-4c55-a067-a88b5742c487_1.0.1_1","appID":"cx-InstagramFollowersHack-210421","dateAdded":"210421","deceptorType":"Browser Extension","name":"Instagram followers hack app 2021","company":"pointszone.net","version":"1.0.1","sigName":"Deceptor:BEX/InstagramFollowersHack!025054","lastKnownStatus":"1.0.1","lastKnownDate":"210421","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-21T22:41:54.6599879+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1717},{"violations":{"ACR-003":"1.\tThe application exaggerates the identified issues with an alarming red color. \n2.\tThe app exaggerates registry keys as errors, thereby misleading or scaring user to take action.\n\n","ACR-004":"1.\tThe app uses different colors and graphs for scan results to raise misleading sense of urgency to the user.\n2.\tThe app does not fix free scan results and describes registry issues as errors to exaggerate a sense of urgency.\n3.\tApp does not substantiate all the identified issues\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"RegSERVO_Installer.exe-1","isInstaller":"True","companyName":"TuneUp System Software Pvt Ltd.                             ","fileVersion":"2.0","hashMD5":"c34d487d7919a01a553b6f960f5a5abe","hashSHA1":"10f93e5d5ce3cb65e294fb7f20f135a29380f2ff","hashSHA256":"217020b264717fb724e9fab2697a7d07392f5289234bac900ce238f7fb6b5901","digitalCertThumbprint":"FA9C1A25F49083896D14611A5FB21946CDEFFF43","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Tuneup System Software Pvt Ltd, O=Tuneup System Software Pvt Ltd, L=Kaliakkavilai, S=Tamil Nadu, C=IN","sourceIndex":"1958","avBlockList":["360 Total Security (20210520)","Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Total AV Antivirus Pro (20210520)","Trend Micro Internet Security (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":["COMODO Antivirus (20210520)","Tencent PC Manager (20210520)"]},{"isRevoked":"False","fileName":"REGSERVO.exe","companyName":"Tuneup System Software Pvt Ltd.","fileVersion":"2.0","hashMD5":"8b4b16b8707141f8b2fb145b117d6487","hashSHA1":"31c99eb5a2f933294aaacbb817eb655db19b5a7a","hashSHA256":"3e4d89d36b4cce131e93e75946eb8c4c07530a25018b354414762d53c4131d1b","digitalCertThumbprint":"FA9C1A25F49083896D14611A5FB21946CDEFFF43","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Tuneup System Software Pvt Ltd, O=Tuneup System Software Pvt Ltd, L=Kaliakkavilai, S=Tamil Nadu, C=IN","sourceIndex":"1958","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"regservo.com","landingPage":"regservo.com","ipv4":"","ipv6":"","sourceIndex":"1958"}],"sampleFiles":["210420/Regservo-210420/2.0.0.3/Samples/RegSERVO_Installer.exe-1","210420/Regservo-210420/2.0.0.3/Samples/REGSERVO.exe"],"imageFiles":["210420/Regservo-210420/2.0.0.3/Images/ACR-004/REGSERVO_Interactions [3].png","210420/Regservo-210420/2.0.0.3/Images/ACR-004/REGSERVO_Interactions [4].png","210420/Regservo-210420/2.0.0.3/Images/ACR-004/REGSERVO_Interactions [8].png","210420/Regservo-210420/2.0.0.3/Images/ACR-004/REGSERVO_Interactions [9].png","210420/Regservo-210420/2.0.0.3/Images/ACR-003/REGSERVO_Interactions [3].png","210420/Regservo-210420/2.0.0.3/Images/ACR-003/REGSERVO_Interactions [4].png","210420/Regservo-210420/2.0.0.3/Images/ACR-003/REGSERVO_Interactions [8].png","210420/Regservo-210420/2.0.0.3/Images/ACR-003/REGSERVO_Interactions [10].png"],"nonDeceptorImageFiles":[],"guid":"bd8bea59-199e-4f6e-90a9-838dd44cd22e_2.0.0.3_1","appID":"Regservo-210420","dateAdded":"210420","deceptorType":"App","name":"Regservo","company":"Tuneup System Software Pvt Ltd","version":"2.0.0.3","sigName":"Deceptor:Win32/Regservo!003004","lastKnownStatus":"2.0.0.3","lastKnownDate":"210420","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-04-20T19:46:11.0854367+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1718},{"violations":{"EXR-025":"Extension misrepresents its functionality, include non-obvious functionality that doesn't serve the primary purpose of the extension. \n","EXR-054":"Extension force the user to click on ads or submit personal information for advertising purposes in order to fully use it.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-042":" No valid privacy link is provided.\n"},"samples":[{"isRevoked":"False","fileName":"Facebook account hack .crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"35167d166af1e72e22f92c0079e0b644f9ea48a75e7043eaae3cafe2ee5d978c","sourceIndex":"1957","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Facebook account hack .zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d7ce0e9ff1d1e0a072798397ccc90e43b3aa7e666a0af165692b8b5ad9ec7889","storeId":"nfkcognohlhgmbeinoooalpjgkmchgnp","sourceIndex":"1957","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Hack","reference":"","landingPage":"https://pointszone.net/v2/fsniper/","directDownloadingLink":"https://chrome.google.com/webstore/detail/facebook-account-hack-202/nfkcognohlhgmbeinoooalpjgkmchgnp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/facebook-account-hack-202/nfkcognohlhgmbeinoooalpjgkmchgnp","sourceIndex":"1957"}],"sampleFiles":["210420/cx-FacebookAccountHack-210420/1.0.2/Samples/Facebook account hack .zip"],"imageFiles":["210420/cx-FacebookAccountHack-210420/1.0.2/Images/EXR-025/EXR-025.JPG","210420/cx-FacebookAccountHack-210420/1.0.2/Images/EXR-025/EXR-025_1.mp4","210420/cx-FacebookAccountHack-210420/1.0.2/Images/EXR-054/EXR-054.mp4"],"nonDeceptorImageFiles":["210420/cx-FacebookAccountHack-210420/1.0.2/Images/EXR-002/EXR-002.JPG","210420/cx-FacebookAccountHack-210420/1.0.2/Images/EXR-042/EXR-042.JPG"],"guid":"c22d5c6d-395e-4009-a70f-ebc918ecabd4_1.0.2_1","appID":"cx-FacebookAccountHack-210420","dateAdded":"210420","deceptorType":"Browser Extension","name":"Facebook account hack 2021","company":"pointszone.net","version":"1.0.2","sigName":"Deceptor:BEX/FacebookAccountHack2021!025054","lastKnownStatus":"1.0.2","lastKnownDate":"210420","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-20T22:28:41.1385674+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1719},{"violations":{"EXR-024":"This Extension deceives or misleads users by using the \"AVG Antivirus\" title. \n","EXR-025":"The primary functionality of the extension is not served. \n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Avg Antivirus.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4e2dfc92d24ef1e0a9881bf889a2f7aff3a9018bc199186f2b44111f04c65edd","sourceIndex":"1956","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Avg Antivirus.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"42f91dd4e024901e91463b4cf1671ab0b81f001cbbfae2c41e80865c32da6d01","storeId":"obdbjfggeligjneffbfdalhochfimkgj","sourceIndex":"1956","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Antivirus","reference":"","landingPage":"http://teamsw.net/","directDownloadingLink":"https://chrome.google.com/webstore/detail/avg-antivirus/obdbjfggeligjneffbfdalhochfimkgj","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/avg-antivirus/obdbjfggeligjneffbfdalhochfimkgj","sourceIndex":"1956"}],"sampleFiles":["210420/cx-AvgAntivirus-210419/0.26/Samples/Avg Antivirus.zip"],"imageFiles":["210420/cx-AvgAntivirus-210419/0.26/Images/EXR-024/EXR-024.JPG","210420/cx-AvgAntivirus-210419/0.26/Images/EXR-025/EXR-025.mp4"],"nonDeceptorImageFiles":["210420/cx-AvgAntivirus-210419/0.26/Images/EXR-002/EXR-002.JPG","210420/cx-AvgAntivirus-210419/0.26/Images/EXR-037/EXR-037.mp4","210420/cx-AvgAntivirus-210419/0.26/Images/EXR-042/EXR-042.JPG"],"guid":"53ae8cfe-3af4-4ebe-888b-932df082eaec_0.26_1","appID":"cx-AvgAntivirus-210419","dateAdded":"210420","deceptorType":"Browser Extension","name":"Avg Antivirus","company":"onnumarahagi","version":"0.26","sigName":"Deceptor:BEX/AvgAntivirus!024025","lastKnownStatus":"0.26","lastKnownDate":"210420","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows Server,MacOS,Windows 10","targetBrowser":"Chrome","lastUpdate":"2021-04-20T22:43:10.8676345+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1720},{"violations":{"ACR-086":"The app does not inform the targeted consumer how it collects user data and it enables the consumer to hide the app from the targeted consumer\n"},"nonDeceptorViolations":{"ACR-038":"The app installers do not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app disguise as running service: \"Open Wifi\"\n","ACR-002":"The App's company name is not consistent across App interaction.\n It shows different names as \"Spy24\" and \"Open Wifi”  in the running service/apps section. \n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"WiFi-android-4-4-4-9-2.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"c61a62ca9618b7d10467a5c6fa836659","hashSHA1":"f2751a5efd6e26f62b95625ec8e3575ce0b975ad","hashSHA256":"1a59d42a9929483dd425dcd7f1bca7aef091fb55f9dd0ef2a5e666f7b05c51f9","sourceIndex":"1959","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiFi10.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"b7d0a68bedfe35a1a479d816f78d5bf9","hashSHA1":"400e41b33b09ac750a3317ebce6c4f1c31b15b0a","hashSHA256":"5b3609d3ed1c760ce757a89d1f101e182e72ab70e6126c3b312803e64f4e6043","sourceIndex":"1959","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiFiOpener.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"ab15cdd1619298826e15dcf834aeed3d","hashSHA1":"cd40ae935c30e092776fc19ff0e38877a93c014a","hashSHA256":"c728293850fe2442c992a58df7ef4f33b53cafe4e57c66ca38780a2c049d27c9","sourceIndex":"1959","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt","reference":"https://spy24.app/","landingPage":"https://spy24.app/android-spy-app/","directDownloadingLink":"https://demo.spy24.app/app.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://demo.spy24.app/app.zip","sourceIndex":"1959"}],"sampleFiles":["210414/Spy24-210414/1.0/Samples/WiFi-android-4-4-4-9-2.apk","210414/Spy24-210414/1.0/Samples/WiFi10.apk","210414/Spy24-210414/1.0/Samples/WiFiOpener.apk"],"imageFiles":["210414/Spy24-210414/1.0/Images/ACR-086/Spy24_Interactions [4].png","210414/Spy24-210414/1.0/Images/ACR-086/Spy24_DashBoard [1 ].png"],"nonDeceptorImageFiles":["210414/Spy24-210414/1.0/Images/ACR-038/Spy24_Files [1].png","210414/Spy24-210414/1.0/Images/ACR-038/Spy24_Interactions [2].png","210414/Spy24-210414/1.0/Images/ACR-038/Spy24_Running Service [1].png","210414/Spy24-210414/1.0/Images/ACR-002/Spy24_Files [1].png","210414/Spy24-210414/1.0/Images/ACR-002/Spy24_Interactions [2].png","210414/Spy24-210414/1.0/Images/ACR-002/Spy24_Running Service [1].png"],"guid":"b613f8a1-7c2d-4094-b911-dde796289fad_1.0_1","appID":"Spy24-210414","dateAdded":"210414","deceptorType":"Android App","name":"Spy24.APP","company":"SPY24™ Software","version":"1.0","sigName":"Deceptor:Android/Spy24APPStalkerware!086","lastKnownStatus":"1.0","lastKnownDate":"210414","type":"Android App","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,mining","lastUpdate":"2021-04-14T16:46:00.2004782+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1721},{"violations":{"EXR-011":"The extension uses the Avast logo.\n","EXR-024":"The extension misleads the user by using the Avast icon.\n"},"nonDeceptorViolations":{"EXR-012":"Extension violate the right of third party. It generate the third party product's active code without third party authorization.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Avast Premier License Key 2021 Update.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","hashSHA256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sourceIndex":"1960","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Avast Premier License Key 2021 Update.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9b9f6b43030a042432a99f360cf5502b69510a75e5e15c5601a68e48e0383c81","storeId":"doaigjgdhnlgomlccdimalflnlmcdnkd","sourceIndex":"1960","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AvastPremier LicenseKey2021Update.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ac2d4c46155c05be977a0cc98a9676f3f1f22fcd074d16f9280ca6fbb6e053f1","sourceIndex":"1960","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same Vendor as cx-MSOfficeProductKey-210409","reference":"","landingPage":"https://studyjk.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/avast-premier-license-key/doaigjgdhnlgomlccdimalflnlmcdnkd","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/avast-premier-license-key/doaigjgdhnlgomlccdimalflnlmcdnkd","sourceIndex":"1960"}],"sampleFiles":["210412/cx-AvastPremierLicenseKey-210412/1.0/Samples/Avast Premier License Key 2021 Update.zip"],"imageFiles":["210412/cx-AvastPremierLicenseKey-210412/1.0/Images/EXR-024/EXR-024.JPG","210412/cx-AvastPremierLicenseKey-210412/1.0/Images/EXR-011/EXR-011.JPG"],"nonDeceptorImageFiles":["210412/cx-AvastPremierLicenseKey-210412/1.0/Images/EXR-037/EXR-037.mp4","210412/cx-AvastPremierLicenseKey-210412/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"20603227-9682-493b-a848-082931f162b7_1.0_1","appID":"cx-AvastPremierLicenseKey-210412","dateAdded":"210412","deceptorType":"Browser Extension","name":"Avast Premier License Key 2021 Update","company":"studyjk","version":"1.0","sigName":"Deceptor:BEX/AvastPremierLicenseKey2021Update!024011","lastKnownStatus":"1.0","lastKnownDate":"210412","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-13T06:09:12.137058+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1722},{"violations":{"EXR-011":"The extension uses the Windows Security icon.\n","EXR-017":"extension pops fake message and urge user to installer another extension. \n","EXR-024":"The Extensions misleads the user by using the Windows Security icon.\n","EXR-025":"The primary functionality is not served. The result is same with any file or URL. The result is always the same.\n"},"nonDeceptorViolations":{"EXR-037":"The primary value proposition is always same for any file you upload.\n"},"samples":[{"isRevoked":"False","fileName":"AppstationAntiVirusScan.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","hashSHA256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sourceIndex":"1961","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AppstationAntiVirusScan.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"0e502b2004fe18efbc73a95ab9db3b73921c39440da98054a81dfc0268b3477c","sourceIndex":"1961","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AppstationAntiVirusScan.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"90889bcda1fc8da714dca1499c2d888fe1a4a479815892108adf54eb43b9e82f","storeId":"hcoihicblcninmmnhiopkpbmjjecjgie","sourceIndex":"1961","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store - Antivirus","reference":"","landingPage":"https://chromeapps.site/","directDownloadingLink":"https://chrome.google.com/webstore/detail/appstation-antivirus-scan/hcoihicblcninmmnhiopkpbmjjecjgie","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/appstation-antivirus-scan/hcoihicblcninmmnhiopkpbmjjecjgie","sourceIndex":"1961"}],"sampleFiles":["210412/cx-AppstationAntiVirusScan-210412/5.4/Samples/AppstationAntiVirusScan.zip"],"imageFiles":["210412/cx-AppstationAntiVirusScan-210412/5.4/Images/EXR-017/AppStation_OfferCRX.JPG","210412/cx-AppstationAntiVirusScan-210412/5.4/Images/EXR-017/AppStation_PopFakeMsg.JPG","210412/cx-AppstationAntiVirusScan-210412/5.4/Images/EXR-024/EXR-024.JPG","210412/cx-AppstationAntiVirusScan-210412/5.4/Images/EXR-011/EXR-011.JPG","210412/cx-AppstationAntiVirusScan-210412/5.4/Images/EXR-025/EXR-025_1.JPG","210412/cx-AppstationAntiVirusScan-210412/5.4/Images/EXR-025/EXR-025_2.JPG"],"nonDeceptorImageFiles":["210412/cx-AppstationAntiVirusScan-210412/5.4/Images/EXR-037/EXR-037.JPG","210412/cx-AppstationAntiVirusScan-210412/5.4/Images/EXR-037/EXR-037_1.JPG"],"guid":"ed7d208b-5a8c-457a-a58c-f7982065b842_5.4_1","appID":"cx-AppstationAntiVirusScan-210412","dateAdded":"210412","deceptorType":"Browser Extension","name":"Appstation AntiVirus Scan","company":"Chromeapps","version":"5.4","sigName":"Deceptor:BEX/AppstationAntiVirusScan!011017024025","lastKnownStatus":"5.4","lastKnownDate":"210412","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-13T05:56:25.6275282+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1723},{"violations":{"EXR-011":"The extension uses the MS office logo.\n","EXR-024":"The extension misleads the user by using the MS office icon.\n"},"nonDeceptorViolations":{"EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"MS Office Product Key 2021 Update_1_0_0_0.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b9bfe906dbb8d2f7563626d819725e8cd1651df674edd28450ed68ba21aeda11","sourceIndex":"1962","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MS Office Product Key 2021 Update.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4982359ac6aca382d458404dea68975e8201361c156c6e13a51437c436de6fc0","storeId":"pjemkdankafmenfbbalggfpokmkbneki","sourceIndex":"1962","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search - MS office key","reference":"","landingPage":"https://studyjk.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/ms-office-product-key-202/pjemkdankafmenfbbalggfpokmkbneki","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/ms-office-product-key-202/pjemkdankafmenfbbalggfpokmkbneki","sourceIndex":"1962"}],"sampleFiles":["210409/cx-MSOfficeProductKey-210409/1.0/Samples/MS Office Product Key 2021 Update.zip"],"imageFiles":["210409/cx-MSOfficeProductKey-210409/1.0/Images/EXR-024/EXR-024.JPG","210409/cx-MSOfficeProductKey-210409/1.0/Images/EXR-011/EXR-011.JPG"],"nonDeceptorImageFiles":["210409/cx-MSOfficeProductKey-210409/1.0/Images/EXR-037/EXR-037-2021-04-09T13-16-36-689080400Z.mp4","210409/cx-MSOfficeProductKey-210409/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"22b49871-f249-4f50-b8ba-0f47004f9691_1.0_1","appID":"cx-MSOfficeProductKey-210409","dateAdded":"210409","deceptorType":"Browser Extension","name":"MS Office Product Key 2021 Update","company":"studyjk","version":"1.0","sigName":"Deceptor:BEX/MSOfficeProductKey2021Update!024011","lastKnownStatus":"1.0","lastKnownDate":"210409","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-09T18:26:09.4380584+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1724},{"violations":{"EXR-043":"The extension does not disclose or obtains consent when handling user data not closely related to the functionality.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided.\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy link provided.\n","EXR-051":"This extension has permission to read browsing history, which is not necessary for their functionality.\n"},"samples":[{"isRevoked":"False","fileName":"MyGoogle_1_0_0_0.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"06104ad95bcb4ad3c3073f7ccb2e548c2e23af0c9f8a068f4ae371da5d34df62","sourceIndex":"1964","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"myGoogle_1.0.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"91c553d389101f80428b51732a8b681441b15c81656bfbb5dfa74416204e1e05","storeId":"aaiachpcledheonekpfpcjgdfjoceedp","sourceIndex":"1964","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- Google","reference":"","landingPage":"https://chrome.google.com/webstore/detail/mygoogle/aaiachpcledheonekpfpcjgdfjoceedp","directDownloadingLink":"https://chrome.google.com/webstore/detail/mygoogle/aaiachpcledheonekpfpcjgdfjoceedp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/mygoogle/aaiachpcledheonekpfpcjgdfjoceedp","sourceIndex":"1964"}],"sampleFiles":["210406/cx-myGoogle-210405/1.0/Samples/myGoogle_1.0.zip"],"imageFiles":["210406/cx-myGoogle-210405/1.0/Images/EXR-043/EXR-043_1.JPG","210406/cx-myGoogle-210405/1.0/Images/EXR-043/EXR-043.JPG"],"nonDeceptorImageFiles":["210406/cx-myGoogle-210405/1.0/Images/EXR-051/EXR-051.JPG","210406/cx-myGoogle-210405/1.0/Images/EXR-002/EXR-002.JPG","210406/cx-myGoogle-210405/1.0/Images/EXR-037/EXR-037.mp4","210406/cx-myGoogle-210405/1.0/Images/EXR-042/EXR-042.JPG"],"guid":"9527c859-85d4-4829-ac95-906c3f903bff_1.0_1","appID":"cx-myGoogle-210405","dateAdded":"210406","deceptorType":"Browser Extension","name":"myGoogle","company":"Chakri","version":"1.0","sigName":"Deceptor:BEX/myGoogle!051043","lastKnownStatus":"1.0","lastKnownDate":"210406","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-06T21:30:03.7736788+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1726},{"violations":{"ACR-048":"The installer has no way to stop the installation after the initial launch, cancel and close options are all disabled.\nThe application has no setting option for user to control to complete close app and not prompt the notification message in right bottom.\n","ACR-003":"The application exaggerates the identified issues with an alarming red color. The overall exaggerated scanning result leads misleading urgency for the user to take action fixing the identified issues.\n","ACR-004":"The application uses red color and alarming image for scan results to raise sense of urgency to the user. And uses these results to upsell the consumer to a subscription service.\n","ACR-168":"The application doesn't disclose that additional offer will be made next to phone number during one-one interactive call \n"},"nonDeceptorViolations":{"ACR-040":"The app is not installed in a standard location, “Appdata” folder, that by default is a hidden folder to user. \n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-171":"The internal offers shopping cart page has opt-in/opt-out check boxes pre-checked.\n"},"samples":[{"isRevoked":"False","fileName":"MarSpeedp.exe","companyName":"MarSpeedp Firm","fileVersion":"1.0","hashMD5":"619a5fae7eef2ea758715c1c8f4eeabb","hashSHA1":"f7cb2c7d12655c92d08b5d0808b008f224aad200","hashSHA256":"4384d804a5a4dede538f5a914974d6c2f938c3f295a5c66f87b1755fb061788c","digitalCertThumbprint":"E3BFC1EFA5840A7E86E881B4F61C2C706ED6C021","digitalCertIssuer":"CN=MarSpeedpFirm, E=Support@marspeedpfirm.edu","digitalCertIssuedTo":"CN=MarSpeedpFirm, E=Support@marspeedpfirm.edu","sourceIndex":"1965","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC Accelerate [1].exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"de6318700e4cdda86bd6dd5c19a90599","hashSHA1":"4729887e7de2fab8ec7da28cf466c43543229dba","hashSHA256":"3b51f240457ff8f48be60ee8c89b5ebfb38e925102c6e57859791bfbfce0d884","digitalCertThumbprint":"4142A38D274A787BD36F2EA7BCA5F88326846BAC","digitalCertIssuer":"CN=MarSpeedpFirm, E=Support@marspeedpfirm.edu","digitalCertIssuedTo":"CN=MarSpeedpFirm, E=Support@marspeedpfirm.edu","sourceIndex":"1965","avBlockList":["360 Total Security (20210520)","Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Total AV Antivirus Pro (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":["COMODO Antivirus (20210520)","Dr.Web Security Space (20210520)","Tencent PC Manager (20210520)","Trend Micro Internet Security (20210520)"]},{"isRevoked":"False","fileName":"PC Accelerate [2].exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"1f0a989d0353d15c984759aeef15e721","hashSHA1":"f98995870d8aa7b0fcc77435aa4a834c4c1ff778","hashSHA256":"5d7a9c31f64e87816e61f2b851b8b8b77a9f1962e351ccd7624acd0e0869d8a3","digitalCertThumbprint":"5FCCBF84E3E9A65CD2D2995E34340FFCC838C2B3","digitalCertIssuer":"CN=MarSpeedpFirm, E=Support@marspeedpfirm.edu","digitalCertIssuedTo":"CN=MarSpeedpFirm, E=Support@marspeedpfirm.edu","sourceIndex":"1965","avBlockList":["360 Total Security (20210520)","Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Total AV Antivirus Pro (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":["COMODO Antivirus (20210520)","Tencent PC Manager (20210520)","Trend Micro Internet Security (20210520)"]},{"isRevoked":"False","fileName":"PC Accelerate [3].exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"af195ec67deba4e7864863cc17c40e31","hashSHA1":"410cef7cc4c7384a95d87a5768de7cd452a1dbcb","hashSHA256":"5728828b3c86499058c37cdb25933115090aedd211d5288264526e4e0bb9fee5","digitalCertThumbprint":"C50A3005C99338B0CE64446EB231A4FC24483750","digitalCertIssuer":"CN=MarSpeedpFirm, E=Support@marspeedpfirm.edu","digitalCertIssuedTo":"CN=MarSpeedpFirm, E=Support@marspeedpfirm.edu","sourceIndex":"1965","avBlockList":["360 Total Security (20210520)","Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Total AV Antivirus Pro (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":["COMODO Antivirus (20210520)","Dr.Web Security Space (20210520)","Tencent PC Manager (20210520)","Trend Micro Internet Security (20210520)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://secure.pcacceleratepro.com/","landingPage":"https://secure.pcacceleratepro.com/","ipv4":"","ipv6":"","sourceIndex":"1965"}],"sampleFiles":["210406/PCAcceleratePro-210406/1.0.6.12/Samples/MarSpeedp.exe","210406/PCAcceleratePro-210406/1.0.6.12/Samples/PC Accelerate [1].exe","210406/PCAcceleratePro-210406/1.0.6.12/Samples/PC Accelerate [2].exe","210406/PCAcceleratePro-210406/1.0.6.12/Samples/PC Accelerate [3].exe"],"imageFiles":["210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-048/PC Accelerate_Install [1].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-048/PC Accelerate_Install [2].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-048/PC Accelerate_Install [3].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-048/PC Accelerate_Install [4].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-004/PC Accelerate_Interactions [5].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-004/PC Accelerate_Interactions [6].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-004/PC Accelerate_Interactions [9].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-048/PC Accelerate_Interactions [9].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-048/PC Accelerate_Interactions [11].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-168/PC Accelerate_Interactions [6].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-003/PC Accelerate_Interactions [5].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-003/PC Accelerate_Interactions [6].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-003/PC Accelerate_Interactions [9].png"],"nonDeceptorImageFiles":["210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-040/PC Accelerate_Files [1].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-065/PC Accelerate_Install [1].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-065/PC Accelerate_Install [2].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-065/PC Accelerate_Install [3].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-065/PC Accelerate_Install [4].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-065/PC Accelerate_About [1].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-099/PC Accelerate_About [1].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-099/PC Accelerate_LandingPage [1].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-171/PC Accelerate_OfferPage [2] .png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-099/PC Accelerate_OfferPage [2].png","210406/PCAcceleratePro-210406/1.0.6.12/Images/ACR-099/PC Accelerate_OfferPage [4].png"],"guid":"13460097-8800-47c6-b899-e8d6ea9ce049_1.0.6.12_1","appID":"PCAcceleratePro-210406","dateAdded":"210406","deceptorType":"App","name":"PC Accelerate Pro","company":"MarSpeedpFirm","version":"1.0.6.12","sigName":"Deceptor:Win32/PCAcceleratePro!048004168003","lastKnownStatus":"1.0.6.12","lastKnownDate":"210406","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-04-06T21:14:39.4110686+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1725},{"violations":{"ACR-043":"Application attempts to connect remote command and control: dqdqededqedqe.tk, that is C&C used by backdoor threat. \nhttp://dqdqededqedqe.tk/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-31BC882F16E4D8EE024DD5ACDB62D604.html\n","ACR-007":"Application is distributed in phishing website (Lnpixio.com) masquerading as legit company website \"inpixio.com\"\n","ACR-010":"Application attempts to download malware from remote C&C http://dqdqededqedqe.tk/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-31BC882F16E4D8EE024DD5ACDB62D604.html\nhttp://dqdqededqedqe.tk/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A57135E6520C0A883507E792A828F1A2.html\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"inPixioPhotoEditorFree.zip","fileVersion":"0.","hashMD5":"fbad7ca0f79302b08808316c3c7e4f1f","hashSHA1":"9b54faa5ac9ba1a0cab1b3ebef04977948ae8c72","hashSHA256":"9197879c166752702c8acd4bc4bddcdd14d2d19f08de221c1400f2ecb5ef2bcf","sourceIndex":"1966","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"inPixioPhotoEditorFree.exe","isInstaller":"True","companyName":"","fileVersion":"1.1","hashMD5":"bdc73bd8cd28ab3d40986c95db2386be","hashSHA1":"afd3374fec73fb6df6b907cf2f70e49794d45f0e","hashSHA256":"da006cce64f59ac8f4416f4bea51ff6422b5c4f1bc0e470110954c279ed03bf4","digitalCertThumbprint":"CA0CE78818E27A35FA76F8857A1A163EF3679729","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=win.rar GmbH, O=win.rar GmbH, STREET=Marienstrasse 12, L=Berlin, S=Berlin, PostalCode=10117, C=DE","sourceIndex":"1966","avBlockList":["360 Total Security (20210520)","Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","Total AV Antivirus Pro (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Windows Defender (20210520)"],"avAllowList":["COMODO Antivirus (20210520)","Malwarebytes Premium (20210520)","SpyHunter5 (20210520)","Tencent PC Manager (20210520)","Trend Micro Internet Security (20210520)","Webroot SecureAnywhere (20210520)"]}],"additionalFiles":[],"sources":[{"howFound":"customer report","reference":"Lnpixio.com masques as inpixio.com and distribute trojan","landingPage":"https://www.Lnpixio.com/free-photo-editor/index.htm","directDownloadingLink":"https://www.Lnpixio.com/free-photo-editor/index.htm","ipv4":"","ipv6":"","landingPageWildChar":"https://www.Lnpixio.com/*","directDownloadingLinkWildChar":"https://www.Lnpixio.com/free-photo-editor/index.htm","sourceIndex":"1966"},{"howFound":"customer report","reference":"Lnpixio.com masques as inpixio.com and distribute trojan","landingPage":"https://www.Lnpixio.com/","directDownloadingLink":"https://www.Lnpixio.com/*","ipv4":"","ipv6":"","sourceIndex":"1967"}],"sampleFiles":["210405/FakeinPixioPhotoEditorFree-210401/1.1.1.0/Samples/inPixioPhotoEditorFree.zip","210405/FakeinPixioPhotoEditorFree-210401/1.1.1.0/Samples/inPixioPhotoEditorFree.exe"],"imageFiles":["210405/FakeinPixioPhotoEditorFree-210401/1.1.1.0/Images/ACR-043/FakePhotoEditor_Traffic.JPG","210405/FakeinPixioPhotoEditorFree-210401/1.1.1.0/Images/ACR-007/FakePhotoEditor_LP.JPG"],"nonDeceptorImageFiles":[],"guid":"8da1c8ce-4992-4e9c-ad9f-a194b2d01780_1.1.1.0_1","appID":"FakeinPixioPhotoEditorFree-210401","dateAdded":"210405","deceptorType":"App","name":"FakeinPixioPhotoEditorFree","company":"FakeinPixio","version":"1.1.1.0","sigName":"Deceptor:Win32/FakeinPixioPhotoEditorFree!043007010","lastKnownStatus":"1.1.1.0","lastKnownDate":"210405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2021-04-05T16:32:35.6121739+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1727},{"violations":{"EXR-011":"The extension uses the Google logo.\n","EXR-024":"The Extensions misleads the user by using the google icon.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided\n","EXR-037":"The primary value proposition doesn't exist.\n","EXR-042":"No valid privacy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"Goole New custom Tab_1_8_0_0.crx","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"15ffe29361b9c17a33c81a1bfd7d06f6b55fa72c58c655b4b5df62cccdb8d22b","sourceIndex":"1968","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Goole New custom Tab_1.8.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d5085df01b81ff818169d1b7952fa59ed065d0308d2ea267c147610159c70513","storeId":"hhbihcbghmmegbffkljgcdeohdmbdefa","sourceIndex":"1968","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Web Store search- New tab","reference":"","landingPage":"https://chrome.google.com/webstore/detail/goole-new-custom-tab/hhbihcbghmmegbffkljgcdeohdmbdefa/","directDownloadingLink":"https://chrome.google.com/webstore/detail/goole-new-custom-tab/hhbihcbghmmegbffkljgcdeohdmbdefa/","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/goole-new-custom-tab/hhbihcbghmmegbffkljgcdeohdmbdefa/","sourceIndex":"1968"}],"sampleFiles":["210404/cx-GooleNewCustomTab-210401/1.8/Samples/Goole New custom Tab_1.8.zip"],"imageFiles":["210404/cx-GooleNewCustomTab-210401/1.8/Images/EXR-011/EXR-011.JPG","210404/cx-GooleNewCustomTab-210401/1.8/Images/EXR-024/EXR-024_1.JPG"],"nonDeceptorImageFiles":["210404/cx-GooleNewCustomTab-210401/1.8/Images/EXR-002/EXR-002.JPG","210404/cx-GooleNewCustomTab-210401/1.8/Images/EXR-037/EXR-037_1.JPG","210404/cx-GooleNewCustomTab-210401/1.8/Images/EXR-042/EXR-042.JPG"],"guid":"84292b22-44e8-4bde-9688-7d0cc1fba7b4_1.8_1","appID":"cx-GooleNewCustomTab-210401","dateAdded":"210404","deceptorType":"Browser Extension","name":"Goole New custom Tab","company":"serialebi.tv","version":"1.8","sigName":"Deceptor:BEX/GooleNewcustomTab!011024","lastKnownStatus":"1.8","lastKnownDate":"210404","type":"Chrome Extension","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server,MacOS","targetBrowser":"Chrome","lastUpdate":"2021-04-04T22:23:14.813848+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1728},{"violations":{"ACR-004":"The app reports out of date driver without substantiated information. It only reports driver version, no driver date. \n","ACR-168":"The additional offer may be made during one to one interaction during phone call is not clearly disclosed.\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden folder %AppData%\n","ACR-168":"The additional offer may be made during one to one interaction during phone call is not clearly disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"VuzeDriverBooster.exe","companyName":"Azureus Software, Inc.","fileVersion":"20.8","hashMD5":"0eb14ea6eb1ef61269e3914ced9d6894","hashSHA1":"112c715257173cf1b59baa7ce195f84a0295f686","hashSHA256":"abd7cb84781a01058b8bae2a1599fa79ba517edad0a4b892acf225f44d2a8188","digitalCertThumbprint":"C22DABEBB6B3F1258150C60BFF9DA7F255702421","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Azureus Software, Inc.\", O=\"Azureus Software, Inc.\", L=Incline Village, S=Nevada, C=US","sourceIndex":"1942","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VuzeDriverBoosterSetup.exe","isInstaller":"True","companyName":"Azureus Software, Inc.","fileVersion":"20.8","hashMD5":"e78f9cdf0b31281d8f7e30f1817c9cd2","hashSHA1":"0fd64893d5457effe62a39f75e40b855e58eecbb","hashSHA256":"8a72aed19b7266ec8a3ad4c7bd4819488b9f80f3d7035c7f04631e557dc3b42a","digitalCertThumbprint":"CD484B3450A9B80267A669CCCCCB089CEE5F8CFA","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Azureus Software, Inc.\", O=\"Azureus Software, Inc.\", L=Incline Village, S=Nevada, C=US, SERIALNUMBER=5162514, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Incline Village, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"1942","avBlockList":["Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Total AV Antivirus Pro (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":["360 Total Security (20210427)","COMODO Antivirus (20210427)","Dr.Web Security Space (20210427)","Kaspersky Internet Security (20210427)","Tencent PC Manager (20210427)","Trend Micro Internet Security (20210427)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.vuzedriverbooster.com/","directDownloadingLink":"http://www.vuzedriverbooster.com/installer/download.php?dist=vdb","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.vuzedriverbooster.com/installer/download.php?dist=vdb","sourceIndex":"1942"}],"sampleFiles":["210401/VuzeDriverBooster-200706/20.8.19.20/Samples/VuzeDriverBooster.exe","210401/VuzeDriverBooster-200706/20.8.19.20/Samples/VuzeDriverBoosterSetup.exe"],"imageFiles":["210401/VuzeDriverBooster-200706/20.8.19.20/Images/ACR-004/Vuze Driver Booster_Interactions [5 ].png","210401/VuzeDriverBooster-200706/20.8.19.20/Images/ACR-168/Vuze Driver Booster_Interactions [5_].png"],"nonDeceptorImageFiles":["210401/VuzeDriverBooster-200706/20.8.19.20/Images/ACR-040/Vuze Driver Booster_Files [1].png","210401/VuzeDriverBooster-200706/20.8.19.20/Images/ACR-168/Vuze Driver Booster_LandingPage [2].png"],"guid":"c38b0c12-2c7e-4c69-8468-a9f712a77c38_20.8.19.20_1","appID":"VuzeDriverBooster-200706","dateAdded":"210401","deceptorType":"App","name":"Vuze Driver Booster","company":"Azureus Software, Inc.","version":"20.8.19.20","firstVendorContactDate":"210428","firstAppEsteemReplyDate":"210428","firstResolvedDate":"210513","firstResolvedVersion":"21.4.21.2","resolved":"TRUE","lastKnownStatus":"20.2.28.1;20.8.19.20","lastKnownDate":"210401","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2021-05-13T17:21:07.5842929+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1729},{"violations":{"ACR-004":"The app reports out of date driver without substantiated information. It only reports driver version, no driver date. The alarming exclamation symbol raise the unnecessary urgency for user to upgrade to pro.\n","ACR-168":"The additional offer may be made during one to one interaction during phone call is not clearly disclosed.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"VuzeDriverBoosterSetup.exe","isInstaller":"True","companyName":"Azureus Software, Inc.","fileVersion":"20.2","hashMD5":"60bbd9de7ae0922aa329a7d41400f0a0","hashSHA1":"3fe1a469d86e3e10ab3422a9efc0ea301ed4281f","hashSHA256":"024f204ed7e37bc59ff1cf3a63a2714d3f0c024b72d8d7f796746fb848cabb0c","digitalCertThumbprint":"ED891BE8A384E5521D5E69414A1A4903E920E280","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Azureus Software, Inc.\", OU=Premium Apps, O=\"Azureus Software, Inc.\", L=Incline Village, S=Nevada, C=US","sourceIndex":"2384","avBlockList":["Avast Premium Security (20200928)","AVG Internet Security (20200928)","Avira Internet Security (20200928)","Bitdefender Internet Security (20200928)","Dr.Web Security Space (20200928)","ESET Internet Security (20200928)","G DATA INTERNET SECURITY (20200928)","K7 Total Security (20200928)","Malwarebytes Premium (20200928)","McAfee Total Protection (20200928)","Norton Security (20200928)","Panda Dome (20200928)","Quick Heal Internet Security (20200928)","Sophos Home Premium (20200928)","SpyHunter5 (20200928)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20200928)","VIPRE Advanced Security (20200928)","VirIT eXplorer PRO (20200928)","Webroot SecureAnywhere (20200928)","Windows Defender (20200928)"],"avAllowList":["360 Total Security (20200928)","COMODO Antivirus (20200928)","Kaspersky Internet Security (20200928)","Trend Micro Internet Security (20200928)"]},{"isRevoked":"False","fileName":"VuzeDriverBooster.exe","companyName":"Azureus Software, Inc.","fileVersion":"20.3","hashMD5":"6dc4dd7cba012fd99ff268ac4f6f5e09","hashSHA1":"6e2681a1b095b76101c76e701254fecbd6844a5e","hashSHA256":"268b125a70c50021ed28b0357d9cd4c81f575df4abb1265340e4b74ae6d17a68","digitalCertThumbprint":"ED891BE8A384E5521D5E69414A1A4903E920E280","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Azureus Software, Inc.\", OU=Premium Apps, O=\"Azureus Software, Inc.\", L=Incline Village, S=Nevada, C=US","sourceIndex":"2384","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.vuzedriverbooster.com/","directDownloadingLink":"http://www.vuzedriverbooster.com/download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.vuzedriverbooster.com/download.html","sourceIndex":"2384"}],"sampleFiles":["200713/VuzeDriverBooster-200706/20.2.28.1/Samples/VuzeDriverBoosterSetup.exe","200713/VuzeDriverBooster-200706/20.2.28.1/Samples/VuzeDriverBooster.exe"],"imageFiles":["200713/VuzeDriverBooster-200706/20.2.28.1/Images/ACR-004/Screen Shot 2020-07-01 at 3.53.56 PM.png","200713/VuzeDriverBooster-200706/20.2.28.1/Images/ACR-004/VuzeDriver_004.JPG","200713/VuzeDriverBooster-200706/20.2.28.1/Images/ACR-004/VuzeDriver_004_2.JPG","200713/VuzeDriverBooster-200706/20.2.28.1/Images/ACR-168/VuzeCallCenter_168.JPG"],"nonDeceptorImageFiles":[],"guid":"c38b0c12-2c7e-4c69-8468-a9f712a77c38_20.2.28.1_1","appID":"VuzeDriverBooster-200706","dateAdded":"210401","deceptorType":"App","name":"Vuze Driver Booster","company":"Azureus Software, Inc.","version":"20.2.28.1","sigName":"Deceptor:Win32/VuzeDriverBooster!004168","firstVendorContactDate":"210428","firstAppEsteemReplyDate":"210428","firstResolvedDate":"210513","firstResolvedVersion":"21.4.21.2","resolved":"TRUE","lastKnownStatus":"20.2.28.1;20.8.19.20","lastKnownDate":"210401","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2021-05-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1730},{"violations":{"ACR-048":"The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch \n","ACR-004":"The application provides free scan results and uses these results to upsell the consumer to a subscription service.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display link or content to the app's Returns and Cancellation Policy\nThe app does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display link to the Returns and Cancellation Policy \nThe internal offer page does not display link to the Returns and Cancellation Policy \n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get the program for a lower price.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DiskCleaner.exe","companyName":"SafeApp Software, LLC","fileVersion":"3.0","hashMD5":"261445f318c88dbe7788ce668d0b7f16","hashSHA1":"3668e5ec3a34854281480f8a9382684f715bbfd0","hashSHA256":"1bf6189a5b5db1b7ad091952f5dd4614b5462d12784217f85e85504eea69337d","digitalCertThumbprint":"D553FD038D919F0879459AB6D434F93A1A39A84F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"SafeApp Software, LLC\", O=\"SafeApp Software, LLC\", L=Harrison, S=New York, C=US","sourceIndex":"1969","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskCleanerSetup-EN.exe","isInstaller":"True","fileVersion":"1.2","hashMD5":"0b6ffe738fcb48985b8d0b0dc82015c1","hashSHA1":"25da37ffcef59319f0846aa3f97b14bb15e7fabe","hashSHA256":"91b993741aecda928947622bc5def661cec828f81549aee6c6abe6df3ff6bb68","digitalCertThumbprint":"D553FD038D919F0879459AB6D434F93A1A39A84F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"SafeApp Software, LLC\", O=\"SafeApp Software, LLC\", L=Harrison, S=New York, C=US","sourceIndex":"1969","avBlockList":["Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","COMODO Antivirus (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Total AV Antivirus Pro (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":["360 Total Security (20210520)","Tencent PC Manager (20210520)","Trend Micro Internet Security (20210520)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.safeappsoftware.com/dc/default.asp","landingPage":"http://www.safeappsoftware.com/dc/default.asp","directDownloadingLink":"http://www.safeappsoftware.com/dc/DiskCleanerSetup-EN.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.safeappsoftware.com/dc/DiskCleanerSetup-EN.exe","sourceIndex":"1969"}],"sampleFiles":["210331/DiskCleaner-210331/3.0.32/Samples/DiskCleaner.exe","210331/DiskCleaner-210331/3.0.32/Samples/DiskCleanerSetup-EN.exe"],"imageFiles":["210331/DiskCleaner-210331/3.0.32/Images/ACR-048/Disk Cleaner_Install [1].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-048/Disk Cleaner_Install [2].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-048/Disk Cleaner_Install [3].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-048/Disk Cleaner_Install [4].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-004/Disk Cleaner_Interactions [3].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-004/Disk Cleaner_Interactions [5].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-004/Disk Cleaner_Interactions [6].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-004/Disk Cleaner_Interactions [7].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-004/Disk Cleaner_Interactions [8].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-004/Disk Cleaner_Interactions [9].png"],"nonDeceptorImageFiles":["210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_Install [1].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_Install [2].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_Install [3].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_Install [4].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_Install [5].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_Install [6].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_About [1].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-099/Disk Cleaner_About [1].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-120/Disk Cleaner_OfferAfterUninstall [1].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-120/Disk Cleaner_OfferAfterUninstall [2].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_LandingPage [1].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_LandingPage [2].png","210331/DiskCleaner-210331/3.0.32/Images/ACR-065/Disk Cleaner_OfferPage [1].png"],"guid":"04a2b4aa-fe83-4269-a384-3af0ecb5b377_3.0.32_1","appID":"DiskCleaner-210331","dateAdded":"210331","deceptorType":"App","name":"Disk Cleaner ","company":"SafeApp Software, LLC","version":"3.0.32","sigName":"Deceptor:Win32/DiskCleaner!048004","lastKnownStatus":"3.0.32","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-03-31T21:22:35.0202308+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1731},{"violations":{"ACR-109":"1. The app downloads \"rkverify.exe\", a RelevantKnowledge file.  2.The app installs Avast Antivirus without giving the user the ability to decline.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-057":"The user is not provided with an accept or decline button. They can only continue the install without being able to decline the offer.\n","ACR-075":"Cancelling the installation leaves the carrier and the offers installed.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the app's EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the app's EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction and its install - version 8.8.1 vs version 8.8.2.6.\nThe App's version is not consistent between App interaction and its install - version 8.8.1 vs version 8.8.2.6.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's page does not shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"FreePhotoSlideshowMaker_.exe","isInstaller":"True","companyName":"HyperView Tech, Inc.                                        ","fileVersion":"0.0","hashMD5":"1d2f56142f7f2b03f1d335bf0e797e1d","hashSHA1":"dbefba08f760e01bac75c5045a1ac3eaa44ef2a8","hashSHA256":"d2e997bc5920c0f948f2218a28890538800a6c7af709e9c23a27f1418b504685","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1972","avBlockList":["360 Total Security (20210520)","Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","COMODO Antivirus (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Kaspersky Internet Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Tencent PC Manager (20210520)","Total AV Antivirus Pro (20210520)","Trend Micro Internet Security (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)","Windows Defender (20210520)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePhotoSlideshowMaker.exe","fileVersion":"0.0","hashMD5":"bbfcd1843e1f2e60f8f0f961e1cc813e","hashSHA1":"5df24dc6fa22b58700b273588ef77b9236c658aa","hashSHA256":"4c5af193c9c662f73028daf20a738e751c0d6e068cd2a47a0a5ad0b2fc5e1c7d","sourceIndex":"1972","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePhotoSlideshowMaker [2].exe","companyName":"HyperView Tech, Inc.                                        ","fileVersion":"0.0","hashMD5":"2dfb2e860191d707f7389dbfc32f10d4","hashSHA1":"c8e7389ff96bfac4789abf7ed91a72537d2ca000","hashSHA256":"6a51a3e777a8e6f50e835d3c9d165bd0467ecaf8985f3e6a48ccc7cec9cb685c","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1972","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreePhotoSlideshowMaker_Ua-QlZ1 [2].exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"a074d9779a058c63a469f62c33c532df","hashSHA1":"adf64e9f404403ecdcb7e60a846649796dbd16d4","hashSHA256":"60a7691bd5dcc05c1f06ad8e7eace435781d55f787abdbaf661ad64f1e90d54c","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1972","avBlockList":["Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","COMODO Antivirus (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Total AV Antivirus Pro (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)"],"avAllowList":["360 Total Security (20210520)","Kaspersky Internet Security (20210520)","Tencent PC Manager (20210520)","Trend Micro Internet Security (20210520)","Windows Defender (20210520)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search: \"Download free Tools\"","reference":"https://www.free-slideshow-maker.net/","landingPage":"https://www.free-slideshow-maker.net/","directDownloadingLink":"https://www.free-slideshow-maker.net/FreePhotoSlideshowMaker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-slideshow-maker.net/FreePhotoSlideshowMaker.exe","sourceIndex":"1972"}],"sampleFiles":["210326/FreePhotoSlideshowMaker-200904/8.8.1/Samples/FreePhotoSlideshowMaker_.exe","210326/FreePhotoSlideshowMaker-200904/8.8.1/Samples/FreePhotoSlideshowMaker.exe","210326/FreePhotoSlideshowMaker-200904/8.8.1/Samples/FreePhotoSlideshowMaker [2].exe","210326/FreePhotoSlideshowMaker-200904/8.8.1/Samples/FreePhotoSlideshowMaker_Ua-QlZ1 [2].exe"],"imageFiles":["210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-109/FreePhotoSlideshowMaker_Install [2] RelevantKnowledge Process.png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-109/FreePhotoSlideshowMaker_Install [2] RelevantKnowledge File.png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-109/FreePhotoSlideshowMaker_Install [3] Avast Free AV.png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-048/FreePhotoSlideshowMaker_Install [2] RelevantKnowledge File.png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-048/FreePhotoSlideshowMaker_Install [2] RelevantKnowledge Process.png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-057/FreePhotoSlideshowMaker_Install [3] Avast Free AV.png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-059/FreePhotoSlideshowMaker_Install [3] Avast Free AV.png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-155/FreePhotoSlideshowMaker_Install [3] Avast Free AV.png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-075/FreePhotoSlideshowMaker_Install [3] Avast Free AV.png"],"nonDeceptorImageFiles":["210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-065/FreePhotoSlideshowMaker_Install [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-065/FreePhotoSlideshowMaker_Install [4].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-002/FreePhotoSlideshowMaker_About [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-002/FreePhotoSlideshowMaker_Install [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-157/FreePhotoSlideshowMaker_NODigiSig [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-157/FreePhotoSlideshowMaker_NODigiSig [2].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-065/FreePhotoSlideshowMaker_About [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-099/FreePhotoSlideshowMaker_About [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-002/FreePhotoSlideshowMaker_About [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-002/FreePhotoSlideshowMaker_Install [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-099/FreePhotoSlideshowMaker_LandingPage [1].png","210326/FreePhotoSlideshowMaker-200904/8.8.1/Images/ACR-161/FreePhotoSlideshowMaker_LandingPage [2] Testimonials.png"],"guid":"8527d6f3-b018-4d8b-900a-dae44093a9e3_8.8.1_1","appID":"FreePhotoSlideshowMaker-200904","dateAdded":"210326","deceptorType":"Bundler","name":"Free Photo Slideshow Maker","company":"HyperView Tech, Inc.","version":"8.8.1","sigName":"Deceptor:Win32/FreePhotoSlideshowMakerDL!109048057059155075","lastKnownStatus":"8.8.1","lastKnownDate":"210326","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders, Media editors, Productivity","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-03-26T21:20:36.7467613+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1732},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-003":"App misleads user that they need to install update while actually it tries to install the pre-declined component by user during install\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA and/or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy. \n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 8.8.1 vs version 8.8.2.6) \nThe App's version is not consistent between App interaction and its install.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's page does not show how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"FreeAntiSpyware.exe","fileVersion":"1.0","hashMD5":"248efd5f0db73fad1056b8cd11f3e052","hashSHA1":"dd38512ecac5f6d97293ae88937c2ef3391cadb5","hashSHA256":"632d2aacde584c16ad7159d63558997d661a48dc9fc9c1a193285fd36eaec341","sourceIndex":"1971","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAntiSpyware2.exe","fileVersion":"0.0","hashMD5":"08b015a33fb45f75e44a42215e43838f","hashSHA1":"3118ab1ac6dc58bf226dee782c3e4feb1926b58a","hashSHA256":"e2329dae8df129ec972f2788647d79df10795ea36de2d3de7f5441e11ff87efc","sourceIndex":"1971","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAntiSpywareInstaller.exe","fileVersion":"0.0","hashMD5":"b34a9c5df2fcf69225bcf191d7ad7d18","hashSHA1":"44cad0d3b6a460c1f805728a2b3f84e049877efe","hashSHA256":"14f3a63aaa40e51eb095b3061305b70a1a056814f8b1d50766375a5218e722d8","sourceIndex":"1971","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAntiSpywareSchedule.exe","fileVersion":"1.0","hashMD5":"04fef78fa19372ed6ef39b3fc7af475f","hashSHA1":"d7d59a50664c741500b90ffeb1798fa38e531ea4","hashSHA256":"c47a70b99f3922e0bde459e9e26290a1da0e40a3f56a1c63ac8ff7872d442dfb","sourceIndex":"1971","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAntiSpyware.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8c0a8b0c723fa3ccc74d867ac6be6f0161ea192567a694bf28a07674ddb70dfb","sourceIndex":"1971","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeAntiSpyware_3C37.exe","isInstaller":"True","companyName":"LighterPC Corporation.                                      ","fileVersion":"0.0","hashMD5":"fe3a20803f74f45f23acfc0d8aa3631d","hashSHA1":"3d4833986aaa6bc9a4e42e6ddbd544ba65a69a56","hashSHA256":"3c37e48107b71edb74bf47c254823590c0cca0dd4e54fb478194ba50e912a570","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1971","avBlockList":["360 Total Security (20210525)","Avast Premium Security (20210525)","AVG Internet Security (20210525)","Avira Internet Security (20210525)","Bitdefender Internet Security (20210525)","COMODO Antivirus (20210525)","Dr.Web Security Space (20210525)","ESET Internet Security (20210525)","G DATA INTERNET SECURITY (20210525)","K7 Total Security (20210525)","Kaspersky Internet Security (20210525)","Malwarebytes Premium (20210525)","McAfee Total Protection (20210525)","Norton Security (20210525)","Panda Dome (20210525)","Quick Heal Internet Security (20210525)","Sophos Home Premium (20210525)","SpyHunter5 (20210525)","Tencent PC Manager (20210525)","Total AV Antivirus Pro (20210525)","VIPRE Advanced Security (20210525)","VirIT eXplorer PRO (20210525)","Webroot SecureAnywhere (20210525)","Windows Defender (20210525)"],"avAllowList":["Trend Micro Internet Security (20210525)"]},{"isRevoked":"False","fileName":"FreeAntiSpyware [2].exe","isInstaller":"True","companyName":"LighterPC Corporation.                                      ","fileVersion":"0.0","hashMD5":"4608eba67a1ed831d2f63db32d86a212","hashSHA1":"e31bef99656b43a0e79fc38954d9a7b20c31de3d","hashSHA256":"1f2079f8244af8ea8936d669c62dbfd9df5e3867847e2087dcc76bd42693f7ac","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1971","avBlockList":["360 Total Security (20210525)","Avast Premium Security (20210525)","AVG Internet Security (20210525)","Avira Internet Security (20210525)","Bitdefender Internet Security (20210525)","ESET Internet Security (20210525)","G DATA INTERNET SECURITY (20210525)","K7 Total Security (20210525)","Kaspersky Internet Security (20210525)","Malwarebytes Premium (20210525)","McAfee Total Protection (20210525)","Norton Security (20210525)","Panda Dome (20210525)","Quick Heal Internet Security (20210525)","Sophos Home Premium (20210525)","SpyHunter5 (20210525)","Tencent PC Manager (20210525)","Total AV Antivirus Pro (20210525)","VIPRE Advanced Security (20210525)","VirIT eXplorer PRO (20210525)","Webroot SecureAnywhere (20210525)","Windows Defender (20210525)"],"avAllowList":["COMODO Antivirus (20210525)","Dr.Web Security Space (20210525)","Trend Micro Internet Security (20210525)"]},{"isRevoked":"False","fileName":"FreeAntiSpyware_o3-xqZ1 [2].exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"a074d9779a058c63a469f62c33c532df","hashSHA1":"adf64e9f404403ecdcb7e60a846649796dbd16d4","hashSHA256":"60a7691bd5dcc05c1f06ad8e7eace435781d55f787abdbaf661ad64f1e90d54c","digitalCertThumbprint":"D0431C3B5BD506A1926F48FD629A6E71051C1376","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", O=\"Beijing Tsingsoft Creative Information Technology Co., Ltd.\", STREET=\"Unit 2302, Building 1, Sun AD South District, Anyuan East Road\", STREET=\"Taiyanggong District, Chaoyang District\", L=Beijing Shi, PostalCode=100020, C=CN","sourceIndex":"1971","avBlockList":["Avast Premium Security (20210520)","AVG Internet Security (20210520)","Avira Internet Security (20210520)","Bitdefender Internet Security (20210520)","COMODO Antivirus (20210520)","Dr.Web Security Space (20210520)","ESET Internet Security (20210520)","G DATA INTERNET SECURITY (20210520)","K7 Total Security (20210520)","Malwarebytes Premium (20210520)","McAfee Total Protection (20210520)","Norton Security (20210520)","Panda Dome (20210520)","Quick Heal Internet Security (20210520)","Sophos Home Premium (20210520)","SpyHunter5 (20210520)","Total AV Antivirus Pro (20210520)","VIPRE Advanced Security (20210520)","VirIT eXplorer PRO (20210520)","Webroot SecureAnywhere (20210520)"],"avAllowList":["360 Total Security (20210520)","Kaspersky Internet Security (20210520)","Tencent PC Manager (20210520)","Trend Micro Internet Security (20210520)","Windows Defender (20210520)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search : windows junk file cleanup download","reference":"","landingPage":"https://www.free-anti-spyware.com/index.php","directDownloadingLink":"https://www.free-anti-spyware.com/FreeAntiSpyware.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.free-anti-spyware.com/FreeAntiSpyware.exe","sourceIndex":"1971"}],"sampleFiles":["210326/FreeAntiSpyware-200929/8.8.1/Samples/FreeAntiSpyware.exe","210326/FreeAntiSpyware-200929/8.8.1/Samples/FreeAntiSpyware.zip","210326/FreeAntiSpyware-200929/8.8.1/Samples/FreeAntiSpyware_3C37.exe","210326/FreeAntiSpyware-200929/8.8.1/Samples/FreeAntiSpyware [2].exe","210326/FreeAntiSpyware-200929/8.8.1/Samples/FreeAntiSpyware_o3-xqZ1 [2].exe"],"imageFiles":["210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-109/FreeAntiSpyware_Install [4] RelevantKnowledge.png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-048/FreeAntiSpyware_Install [5] RelevantKnowledge.png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-003/FreeSpyware_003.JPG","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-059/FreeAntiSpyware_Install [3] RelevantKnowledge.png"],"nonDeceptorImageFiles":["210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-065/FreeAntiSpyware_Install [1].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-065/FreeAntiSpyware_Install [2].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-065/FreeAntiSpyware_Install [3] RelevantKnowledge.png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-065/FreeAntiSpyware_Install [7].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-002/FreeAntiSpyware_Install [1].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-157/FreeAntiSpyware_MainFileUnsigned [2].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-065/FreeAntiSpyware_About[1].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-099/FreeAntiSpyware_About[1].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-002/FreeAntiSpyware_About[1].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-065/FreeAntiSpyware_LandingPage [1].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-099/FreeAntiSpyware_LandingPage [1].png","210326/FreeAntiSpyware-200929/8.8.1/Images/ACR-161/FreeAntiSpyware_Testimonials [1].png"],"guid":"6c834823-e077-485a-b6c3-fe94281e0686_8.8.1_1","appID":"FreeAntiSpyware-200929","dateAdded":"210326","deceptorType":"Bundler","name":"Free AntiSpyware ","company":"LighterPC Corporation","version":"8.8.1","sigName":"Deceptor:Win32/FreeAntiSpyware!109048003059","lastKnownStatus":"8.8.1","lastKnownDate":"210326","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2021-03-26T21:21:53.1556264+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1733},{"violations":{"ACR-048":"The app requires a hotkey and password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app. It also enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer. The app can then only be reopened with a hotkey and password.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\n. The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"calert.exe","isInstaller":"True","companyName":"InfoWorks Technology Company                                ","fileVersion":"0.0","hashMD5":"8bdb2fe7900432a9905d04a3a81073f5","hashSHA1":"8d329f3ba28d701184889f5fe397be1be932bdb7","hashSHA256":"4235108bdc422d3f437c0a9403a6c66cfbda9a78961e2472e8a7701225622219","digitalCertThumbprint":"F9A6CAD55F4559D7F95780900BA1A4248B660CE4","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=InfoWorks Technology Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWorks Technology Company, L=Cranberry Township, S=Pennsylvania, C=US","sourceIndex":"1976","avBlockList":["Avast Premium Security (20210525)","AVG Internet Security (20210525)","Avira Internet Security (20210525)","Bitdefender Internet Security (20210525)","COMODO Antivirus (20210525)","ESET Internet Security (20210525)","G DATA INTERNET SECURITY (20210525)","K7 Total Security (20210525)","Kaspersky Internet Security (20210525)","Malwarebytes Premium (20210525)","McAfee Total Protection (20210525)","Norton Security (20210525)","Panda Dome (20210525)","Quick Heal Internet Security (20210525)","Sophos Home Premium (20210525)","SpyHunter5 (20210525)","Tencent PC Manager (20210525)","Total AV Antivirus Pro (20210525)","Trend Micro Internet Security (20210525)","VIPRE Advanced Security (20210525)","VirIT eXplorer PRO (20210525)","Webroot SecureAnywhere (20210525)","Windows Defender (20210525)"],"avAllowList":["360 Total Security (20210525)","Dr.Web Security Space (20210525)"]},{"isRevoked":"False","fileName":"OCACheck.exe","companyName":"InfoWorks Technology Company","fileVersion":"1.0","hashMD5":"08140975433c6ea0ad543cc3082e7454","hashSHA1":"d7aa072dfaa68f2a69ea79af6af816e3d529469a","hashSHA256":"4a892006a28aa2e5c5c1fc6250e3d43bef61ece79a58931674031b254b40a0b3","digitalCertThumbprint":"DCCC53E48662909D01FF4C681D0BEAEDD7BACA69","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=InfoWorks Technology Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWorks Technology Company, L=Sewickley, S=Pennsylvania, C=US","sourceIndex":"1976","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sysmsgr.exe","companyName":"InfoWorks Technology Company","fileVersion":"5.0","hashMD5":"f69f0550721bc45bc2b2f2e15f514f85","hashSHA1":"432c71e25c0ebbb706110078e05cadfe51dbb1cf","hashSHA256":"53cab3c7f81f39e27c1bdd063e35299eb3bcf688fd1e08bc56bb0c983560bf28","digitalCertThumbprint":"F9A6CAD55F4559D7F95780900BA1A4248B660CE4","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=InfoWorks Technology Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWorks Technology Company, L=Cranberry Township, S=Pennsylvania, C=US","sourceIndex":"1976","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.itcompany.com/","landingPage":"http://www.itcompany.com/oca.htm","directDownloadingLink":"http://www.itcompany.com/calert.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.itcompany.com/calert.exe","sourceIndex":"1976"}],"sampleFiles":["210318/OfficeCyberAlert-210318/5.05/Samples/calert.exe","210318/OfficeCyberAlert-210318/5.05/Samples/OCACheck.exe","210318/OfficeCyberAlert-210318/5.05/Samples/Sysmsgr.exe"],"imageFiles":["210318/OfficeCyberAlert-210318/5.05/Images/ACR-084/Office Cyber Alert_Setup [2].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-084/Office Cyber Alert_Setup [3].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-084/Office Cyber Alert_Setup [5].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-084/Office Cyber Alert_Interactions [2].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-084/Office Cyber Alert_Interactions [5].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-086/Office Cyber Alert_Interactions [6].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-086/Office Cyber Alert_Interactions [7].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-086/Office Cyber Alert_Interactions [8].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-048/Office Cyber Alert_Setup [2].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-048/Office Cyber Alert_Setup [3].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-048/Office Cyber Alert_Interactions [5].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-048/Office Cyber Alert_ControlPanel [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-048/Office Cyber Alert_RunnignProcess [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-007/Office Cyber Alert_Setup [2].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-007/Office Cyber Alert_Setup [3].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-007/Office Cyber Alert_Setup [5].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-007/Office Cyber Alert_Interactions [8].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-116/Office Cyber Alert_ControlPanel [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-116/Office Cyber Alert_RunnignProcess [1].png"],"nonDeceptorImageFiles":["210318/OfficeCyberAlert-210318/5.05/Images/ACR-065/Office Cyber Alert_Install [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-065/Office Cyber Alert_Install [2].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-065/Office Cyber Alert_Install [5].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-065/Office Cyber Alert_About [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-099/Office Cyber Alert_About [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-065/Office Cyber Alert_LandingPage [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-065/Office Cyber Alert_LandingPage [2].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-099/Office Cyber Alert_LandingPage [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-099/Office Cyber Alert_LandingPage [2].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-065/Office Cyber Alert_OfferPage [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-065/Office Cyber Alert_OfferPage [2].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-099/Office Cyber Alert_OfferPage [1].png","210318/OfficeCyberAlert-210318/5.05/Images/ACR-099/Office Cyber Alert_OfferPage [2].png"],"guid":"38b110a9-dce9-4f38-96c8-adea2a3d65f8_5.05_1","appID":"OfficeCyberAlert-210318","dateAdded":"210318","deceptorType":"App","name":"Office Cyber Alert ","company":"InfoWorks Technology","version":"5.05","sigName":"Deceptor:Win32/OfficeCyberAlert!084086048007116","lastKnownStatus":"5.05","lastKnownDate":"210318","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-03-19T03:19:38.7523032+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1734},{"violations":{"ACR-048":"The app requires a hotkey and password and is limiting the targeted consumer's ability to close, delete, disable, or uninstall the app. It also enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer. The app can then only be reopened with a hotkey and password\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence.\n","ACR-116":"The app enables the consumer to hide it from the installed apps list.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\n The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"falert.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4c14dee307ed5db78903426ad02466f8","hashSHA1":"487886ffed9a4eeadf447b474eb9da8db8a3da18","hashSHA256":"b543017e6307057f17ffd5f9a000e7812920400004370f993a9979c035d247f3","digitalCertThumbprint":"F9A6CAD55F4559D7F95780900BA1A4248B660CE4","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=InfoWorks Technology Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWorks Technology Company, L=Cranberry Township, S=Pennsylvania, C=US","sourceIndex":"1977","avBlockList":["360 Total Security (20210527)","Avast Premium Security (20210527)","AVG Internet Security (20210527)","Avira Internet Security (20210527)","Bitdefender Internet Security (20210527)","COMODO Antivirus (20210527)","ESET Internet Security (20210527)","G DATA INTERNET SECURITY (20210527)","K7 Total Security (20210527)","Kaspersky Internet Security (20210527)","Malwarebytes Premium (20210527)","McAfee Total Protection (20210527)","Norton Security (20210527)","Panda Dome (20210527)","Quick Heal Internet Security (20210527)","Sophos Home Premium (20210527)","SpyHunter5 (20210527)","Tencent PC Manager (20210527)","Total AV Antivirus Pro (20210527)","Trend Micro Internet Security (20210527)","VIPRE Advanced Security (20210527)","VirIT eXplorer PRO (20210527)","Webroot SecureAnywhere (20210527)","Windows Defender (20210527)"],"avAllowList":["Dr.Web Security Space (20210527)"]},{"isRevoked":"False","fileName":"FCACheck.exe","companyName":"InfoWorks Technology Company","fileVersion":"1.0","hashMD5":"14280067552e062b17a343790ea6042a","hashSHA1":"52f5335de2a451739d0e357e6328088cd2f0aacd","hashSHA256":"1c9cbd82be370787d63e3e17e1ae7788c8f7cfb73c8a34679d224ec0d27f8300","digitalCertThumbprint":"DCCC53E48662909D01FF4C681D0BEAEDD7BACA69","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=InfoWorks Technology Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWorks Technology Company, L=Sewickley, S=Pennsylvania, C=US","sourceIndex":"1977","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Syslogin.exe","companyName":"InfoWorks Technology Company","fileVersion":"5.0","hashMD5":"49daa1cb36144df530938699f77ecf85","hashSHA1":"36beb2b7da9797d6ec70217ebbda573d3b96d8c7","hashSHA256":"ec3252c1872f22e97034eb8a649358d80a89a53af1ec558d5db2862f982b4f07","digitalCertThumbprint":"F9A6CAD55F4559D7F95780900BA1A4248B660CE4","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=InfoWorks Technology Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWorks Technology Company, L=Cranberry Township, S=Pennsylvania, C=US","sourceIndex":"1977","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.itcompany.com/","landingPage":"http://www.itcompany.com/fca.htm","directDownloadingLink":"http://www.itcompany.com/falert.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.itcompany.com/falert.exe","sourceIndex":"1977"}],"sampleFiles":["210318/FamilyCyberAlert-210318/5.05/Samples/falert.exe","210318/FamilyCyberAlert-210318/5.05/Samples/FCACheck.exe","210318/FamilyCyberAlert-210318/5.05/Samples/Syslogin.exe"],"imageFiles":["210318/FamilyCyberAlert-210318/5.05/Images/ACR-084/Family Cyber Alert_Interactions [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-084/Family Cyber Alert_Interactions [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-086/Family Cyber Alert_Interactions [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-086/Family Cyber Alert_Interactions [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-048/Family Cyber Alert_Interactions [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-048/Family Cyber Alert_Interactions [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-048/Family Cyber Alert_ControlPanel [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-048/Family Cyber Alert_RunningProcess [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-007/Family Cyber Alert_Interactions [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-007/Family Cyber Alert_Interactions [8].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-007/Family Cyber Alert_Interactions [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-116/Family Cyber Alert_ControlPanel [1].png"],"nonDeceptorImageFiles":["210318/FamilyCyberAlert-210318/5.05/Images/ACR-065/Family Cyber Alert_Install [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-065/Family Cyber Alert_Install [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-065/Family Cyber Alert_Install [5].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-065/Family Cyber Alert_About [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-099/Family Cyber Alert_About [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-099/Family Cyber Alert_Interactions [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-065/Family Cyber Alert_LandingPage [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-065/Family Cyber Alert_LandingPage [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-099/Family Cyber Alert_LandingPage [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-099/Family Cyber Alert_LandingPage [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-017/Family Cyber Alert_LandingPage [2]_.png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-065/Family Cyber Alert_OfferPage [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-065/Family Cyber Alert_OfferPage [2].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-099/Family Cyber Alert_OfferPage [1].png","210318/FamilyCyberAlert-210318/5.05/Images/ACR-099/Family Cyber Alert_OfferPage [2].png"],"guid":"18a0a538-10e0-498d-a6e6-3d39f5f8c2f3_5.05_1","appID":"FamilyCyberAlert-210318","dateAdded":"210318","deceptorType":"App","name":"Family Cyber Alert","company":"InfoWorks Technology","version":"5.05","sigName":"Deceptor:Win32/FamilyCyberAlert!084086048007116","lastKnownStatus":"5.05","lastKnownDate":"210318","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-03-19T03:17:43.4046798+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1735},{"violations":{"ACR-016":"Download is launched directly from Ad.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Deceptor app's affiliate","reference":"WiperSoft","landingPage":"2-delete-spyware.com","directDownloadingLink":"http://www.2-delete-spyware.com/how-to-remove-feed-cf-se-com/","ipv4":"","ipv6":"","sourceIndex":"1979"}],"sampleFiles":[],"imageFiles":["210316/2deletespywarecom-210316/210316/Images/ACR-016/2-delete.JPG"],"nonDeceptorImageFiles":[],"guid":"fb7ad79f-722a-41d3-8c2e-a6a81a7821b5_210316_1","appID":"2deletespywarecom-210316","dateAdded":"210316","deceptorType":"Affiliate","name":"2-delete-spyware.com","company":"2-delete-spyware.com","version":"210316","sigName":"Deceptor:Affiliate/2-delete-spyware.com!016","lastKnownStatus":"210316","lastKnownDate":"210316","type":"Affiliate","category":"Personalization & Search, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Edge","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2021-03-16T22:23:16.799535+00:00","notDistributed":false,"familyName":"2-delete-spyware.com","numInFamily":1,"numInAppID":1,"sortOrder":1736},{"violations":{"EXR-025":"The primary functionality is not served. The safe search result is same with any search. The result is always the same.\n"},"nonDeceptorViolations":{"EXR-002":"No valid contact information provided\n","EXR-037":"The primary value proposition doesn't exist\n","EXR-042":"No valid privacy link provided.\n"},"samples":[{"isRevoked":"False","fileName":"SafeWebSearch.zip","productVersion":"2.13.0","fileVersion":"","hashMD5":"","hashSHA1":"","hashSHA256":"","storeId":"kjmpbfgdnbogkmojgejakecaedpfjooe","sourceIndex":"1983","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"webstore: safe search","reference":"","landingPage":"","directDownloadingLink":"https://chrome.google.com/webstore/detail/safe-web-search/kjmpbfgdnbogkmojgejakecaedpfjooe/related?hl=en","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/safe-web-search/kjmpbfgdnbogkmojgejakecaedpfjooe/related?hl=en","sourceIndex":"1983"}],"sampleFiles":["210308/CX-SafeWebSearch-210303/2.13.0/Samples/SafeWebSearch.zip"],"imageFiles":["210308/CX-SafeWebSearch-210303/2.13.0/Images/EXR-025/SafeWebBrowser_Result.JPG"],"nonDeceptorImageFiles":["210308/CX-SafeWebSearch-210303/2.13.0/Images/EXR-002/SafeWebBrowser_NoContact.JPG","210308/CX-SafeWebSearch-210303/2.13.0/Images/EXR-037/SafeWebBrowser_Result.JPG","210308/CX-SafeWebSearch-210303/2.13.0/Images/EXR-042/SafeWebBrowser_NoContact.JPG"],"guid":"711b67e6-f883-4476-bf2f-2c8dcda32b99_2.13.0_1","appID":"CX-SafeWebSearch-210303","dateAdded":"210308","deceptorType":"Browser Extension","name":"SafeWebSearch","company":"tembarinov","version":"2.13.0","sigName":"Deceptor:BEX/SafeWebSearch!025","lastKnownStatus":"2.13.0","lastKnownDate":"210308","type":"Chrome Extension","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2021-03-08T18:02:04.5085494+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1737},{"violations":{"ACR-004":"App requires activation and payment to fix the issues reported during free scanning\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the app's Privacy Policy  and Returns and Cancellation Policy\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-099":"The app’s about page does not display links to uninstall information\nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Drive Genius","fileVersion":"0.","hashMD5":"a81721ff7eb46464342e549e25896149","hashSHA1":"404591f2ffbfd1e92325818f102b289377a57094","hashSHA256":"d2c95cc01d1fce5e571b1be450198559b8ae0315cfed2ac60d10a6caf51ad2ee","sourceIndex":"1840","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriveGenius_6.2.0.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"54299fec177d441baa2bac20518e8bf3","hashSHA1":"aef876cc875825d27c0a9f1ce64688af6d7da7fe","hashSHA256":"eb627bcdeec63f6d8e0c468781f1beb952c841dc7b3642bf833a966f91dbb2f4","sourceIndex":"1840","avBlockList":["Avast Security for Mac (20210511)","Avira Security for Mac (20210511)","ESET Cyber Security Pro for Mac (20210511)","K7 Antivirus for Mac (20210511)","Norton Security for Mac (20210511)","Sophos Home Premium For Mac (20210511)","Trend Micro Antivirus for Mac (20210511)"],"avAllowList":["Bitdefender Antivirus for Mac (20210511)","G DATA AntiVirus for Mac (20210511)","Kaspersky Internet Security for Mac (20210511)","McAfee Internet Security for Mac (20210511)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.prosofteng.com","landingPage":"https://www.prosofteng.com/drive-genius-mac-protection-software","directDownloadingLink":"https://downloads.prosofteng.com/dg/stage/4/DriveGenius_6.2.0.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.prosofteng.com/dg/stage/4/DriveGenius_6.2.0.dmg","sourceIndex":"1840"}],"sampleFiles":["210223/DriveGenius-210223/6.2.0/Samples/Drive Genius","210223/DriveGenius-210223/6.2.0/Samples/DriveGenius_6.2.0.dmg"],"imageFiles":["210223/DriveGenius-210223/6.2.0/Images/ACR-004/DriveGenius_Interactions [9].png","210223/DriveGenius-210223/6.2.0/Images/ACR-004/DriveGenius_Interactions [10].png","210223/DriveGenius-210223/6.2.0/Images/ACR-004/DriveGenius_Interactions [11].png","210223/DriveGenius-210223/6.2.0/Images/ACR-004/DriveGenius_Interactions [12].png","210223/DriveGenius-210223/6.2.0/Images/ACR-004/DriveGenius_Interactions [13].png","210223/DriveGenius-210223/6.2.0/Images/ACR-004/DriveGenius_Interactions [14] Activate.png"],"nonDeceptorImageFiles":["210223/DriveGenius-210223/6.2.0/Images/ACR-065/DriveGenius_Install [1].png","210223/DriveGenius-210223/6.2.0/Images/ACR-065/DriveGenius_Install [2].png","210223/DriveGenius-210223/6.2.0/Images/ACR-065/DriveGenius_About [1].png","210223/DriveGenius-210223/6.2.0/Images/ACR-099/DriveGenius_About [1].png","210223/DriveGenius-210223/6.2.0/Images/ACR-099/DriveGenius_LandingPage [1].png","210223/DriveGenius-210223/6.2.0/Images/ACR-099/DriveGenius_OfferPage [1].png"],"guid":"ff3bb38f-3950-4b65-93c1-fa9e187fea11_6.2.0_1","appID":"DriveGenius-210223","dateAdded":"210223","deceptorType":"MacOS App","name":"Drive Genius","company":"Prosoft Engineering, Inc","version":"6.2.0","sigName":"Deceptor:MacOS/DriveGenius!004","firstVendorContactDate":"210722","firstAppEsteemReplyDate":"210726","firstResolvedDate":"210726","firstResolvedVersion":"6.2.1","resolved":"TRUE","lastKnownStatus":"6.2.0","lastKnownDate":"210223","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-26T16:00:58.9700981+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1738},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Control (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-004":"App doesn't provide the free fix for the items reported during Registry Maintenance catagory. \n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app's About page does not contain link to the Returns and Cancellation Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"CleanMyPC-1.11.0.exe","isInstaller":"True","companyName":"MacPaw, Inc.                                                ","fileVersion":"1.11","hashMD5":"377bed76123491bf7364b7ccf61e1f3d","hashSHA1":"3a5c2795ad74031f690f0954b5cfa5c30c4d92c5","hashSHA256":"dbd88a03177409afd1b0064a5db3343e3a4ea0fec20f6a9f7cdb807f5d44741c","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"1975","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleanMyPC.exe","companyName":"MacPaw Inc.","fileVersion":"1.11","hashMD5":"8424391aff8aae5db5afe4ee3cf75d3e","hashSHA1":"5eb7dd534df28c307d4070a98e59e91932918d0a","hashSHA256":"2ace1fd000ea318364f103f1af8be5d70228ea16518089eeaf5406aa5f1d2422","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"1975","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.macpaw.com/cleanmypc","directDownloadingLink":"https://dl.devmate.com/com.macpaw.cmpc/1.11.0/1613659613/CleanMyPC-1.11.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.devmate.com/com.macpaw.cmpc/1.11.0/1613659613/CleanMyPC-1.11.0.exe","sourceIndex":"1975"}],"sampleFiles":["210219/CleanMyPC-180920/1.11.0.2069/Samples/CleanMyPC-1.11.0.exe","210219/CleanMyPC-180920/1.11.0.2069/Samples/CleanMyPC.exe"],"imageFiles":["210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-050/CleanMyPC_ScheduledTask [1].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-050/CleanMyPC_Options [1].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-050/CleanMyPC_Options [2].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-050/CleanMyPC_Options [3].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-050/CleanMyPC_Options [4].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-004/PaytoFix_CleanMyPC.png"],"nonDeceptorImageFiles":["210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-065/CleanMyPC_Install [1].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-065/CleanMyPC_Install [2].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-065/CleanMyPC_Install [3].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-065/CleanMyPC_Install [4].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-065/CleanMyPC_About [1].png","210219/CleanMyPC-180920/1.11.0.2069/Images/ACR-065/CleanMyPC_About [2].png"],"guid":"7ce99758-a7fa-45bc-84b1-77403cb36f14_1.11.0.2069_1","appID":"CleanMyPC-180920","dateAdded":"210219","deceptorType":"App","name":"CleanMyPC","company":"MacPaw, Inc.","version":"1.11.0.2069","sigName":"Deceptor:Win32/CleanMyPC!004050","firstVendorContactDate":"200917","firstAppEsteemReplyDate":"200921","firstResolvedDate":"210324","firstResolvedVersion":"1.11.4.2099","resolved":"TRUE","lastKnownStatus":"1.10.6.2044;1.10.7.2050;1.10.8.2063;1.11.0.2069","lastKnownDate":"210324","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-03-24T23:05:37.9125644+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1739},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-004":"The app does not provide a fully functioning free trial for its search results. The app only fixes 500MB of \"junk\" from the free scans before it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":"The word \"Free\" in \"Free Download\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not contain links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app's About page does not contain links to the Returns and Cancellation Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"CleanMyPC .exe","companyName":"MacPaw Inc.","fileVersion":"1.10","hashMD5":"06b79a970a6d417eca1893b0739cdd4f","hashSHA1":"2abc6fc817b61fbd1ea468cabaaceb1c7ae85100","hashSHA256":"aa4d98ef78118f733d72ad017c89d9b32f9d066b58c2889d6f0ec3575e86d874","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2032","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleanMyPC.exe","isInstaller":"True","companyName":"MacPaw, Inc.                                                ","fileVersion":"1.10","hashMD5":"0023dfaf96bb3f06cf1a3a89887495ec","hashSHA1":"88632ab0843991c88e39b72b207ff75dfad34992","hashSHA256":"9853a725c7b1b98e4afc154943cdaeb0e5dac9a30c08a31929b290a60be28a77","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2032","avBlockList":["Avast Premium Security (20201222)","AVG Internet Security (20201222)","Avira Internet Security (20201222)","Bitdefender Internet Security (20201222)","Dr.Web Security Space (20201222)","ESET Internet Security (20201222)","G DATA INTERNET SECURITY (20201222)","K7 Total Security (20201222)","McAfee Total Protection (20201222)","Norton Security (20201222)","Panda Dome (20201222)","Quick Heal Internet Security (20201222)","Sophos Home Premium (20201222)","SpyHunter5 (20201222)","Tencent PC Manager (20201222)","Total AV Antivirus Pro (20201222)","VIPRE Advanced Security (20201222)","VirIT eXplorer PRO (20201222)","Windows Defender (20201222)"],"avAllowList":["360 Total Security (20201222)","COMODO Antivirus (20201222)","Kaspersky Internet Security (20201222)","Malwarebytes Premium (20201222)","Trend Micro Internet Security (20201222)","Webroot SecureAnywhere (20201222)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://macpaw.com/","landingPage":"https://macpaw.com/cleanmypc","directDownloadingLink":"https://dl.devmate.com/com.macpaw.cmpc/CleanMyPC.exe?cid=785911523.1607408643&fbp=fb.1.1607408645158.1890738233","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.devmate.com/com.macpaw.cmpc/CleanMyPC.exe?cid=785911523.1607408643&fbp=fb.1.1607408645158.1890738233","sourceIndex":"2032"}],"sampleFiles":["201208/CleanMyPC-180920/1.10.8.2063/Samples/CleanMyPC .exe","201208/CleanMyPC-180920/1.10.8.2063/Samples/CleanMyPC.exe"],"imageFiles":["201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-050/CleanMyPc_ScheduledTask [1].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-050/CleanMyPc_Settings [1].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-050/CleanMyPc_Settings [2].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-050/CleanMyPc_Settings [3].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-004/CleanMyPc_Scanning [1].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-004/CleanMyPc_Scanning [2].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-004/CleanMyPc_Scanning [3].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-004/CleanMyPc_Scanning [4].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-004/CleanMyPc_Scanning [5].png"],"nonDeceptorImageFiles":["201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-045/CleanMyPc_LandingPage [2].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-065/CleanMyPc_Install [1].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-065/CleanMyPc_Install [2].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-065/CleanMyPc_About [1].png","201208/CleanMyPC-180920/1.10.8.2063/Images/ACR-099/CleanMyPc_About [1].png"],"guid":"7ce99758-a7fa-45bc-84b1-77403cb36f14_1.10.8.2063_1","appID":"CleanMyPC-180920","dateAdded":"210219","deceptorType":"App","name":"CleanMyPC","company":"MacPaw, Inc.","version":"1.10.8.2063","sigName":"Deceptor:Win32/CleanMyPC!004050","firstVendorContactDate":"200917","firstAppEsteemReplyDate":"200921","firstResolvedDate":"210324","firstResolvedVersion":"1.11.4.2099","resolved":"TRUE","lastKnownStatus":"1.10.6.2044;1.10.7.2050;1.10.8.2063;1.11.0.2069","lastKnownDate":"210324","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-03-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1740},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-004":"The app does not provide a fully functioning free trial for its search results. The app only fixes 500MB of \"junk\" from the free scans before it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":"The word \"Free\" in \"Free Download\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not contain links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app's About page does not contain links to the Returns and Cancellation Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"CleanMyPC.exe","isInstaller":"True","companyName":"MacPaw, Inc.                                                ","fileVersion":"1.10","hashMD5":"3c55b3a79b8c528e363ad8984f287685","hashSHA1":"259a8d50bcf611ed1574f6857b1bcee858257214","hashSHA256":"9eda9ddf666cf10d1128214dccd7aacddc8240f2f783e671f8ad9d8b46ea94b7","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2073","avBlockList":["360 Total Security (20201103)","Avast Premium Security (20201103)","AVG Internet Security (20201103)","Avira Internet Security (20201103)","COMODO Antivirus (20201103)","Dr.Web Security Space (20201103)","ESET Internet Security (20201103)","K7 Total Security (20201103)","McAfee Total Protection (20201103)","Norton Security (20201103)","Panda Dome (20201103)","Quick Heal Internet Security (20201103)","Sophos Home Premium (20201103)","SpyHunter5 (20201103)","Total AV Antivirus Pro (20201103)","VirIT eXplorer PRO (20201103)","Windows Defender (20201103)"],"avAllowList":["Bitdefender Internet Security (20201103)","G DATA INTERNET SECURITY (20201103)","Kaspersky Internet Security (20201103)","Malwarebytes Premium (20201103)","Tencent PC Manager (20201103)","Trend Micro Internet Security (20201103)","VIPRE Advanced Security (20201103)","Webroot SecureAnywhere (20201103)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://macpaw.com/","directDownloadingLink":"https://dl.devmate.com/com.macpaw.cmpc/CleanMyPC.exe?cid=1753884245.1602030014&fbp=fb.1.1602030020376.1310192058","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.devmate.com/com.macpaw.cmpc/CleanMyPC.exe?cid=1753884245.1602030014&fbp=fb.1.1602030020376.1310192058","sourceIndex":"2073"}],"sampleFiles":["201013/CleanMyPC-180920/1.10.7.2050/Samples/CleanMyPC.exe"],"imageFiles":["201013/CleanMyPC-180920/1.10.7.2050/Images/ACR-004/ACR-004.png","201013/CleanMyPC-180920/1.10.7.2050/Images/ACR-004/ACR-004 [1].png","201013/CleanMyPC-180920/1.10.7.2050/Images/ACR-004/ACR-004 [2].png","201013/CleanMyPC-180920/1.10.7.2050/Images/ACR-004/ACR-004 [3].png"],"nonDeceptorImageFiles":["201013/CleanMyPC-180920/1.10.7.2050/Images/ACR-045/ACR-045.png","201013/CleanMyPC-180920/1.10.7.2050/Images/ACR-065/Install.png","201013/CleanMyPC-180920/1.10.7.2050/Images/ACR-065/About Page.png","201013/CleanMyPC-180920/1.10.7.2050/Images/ACR-099/About Page.png"],"guid":"7ce99758-a7fa-45bc-84b1-77403cb36f14_1.10.7.2050_1","appID":"CleanMyPC-180920","dateAdded":"210219","deceptorType":"App","name":"CleanMyPC","company":"MacPaw, Inc.","version":"1.10.7.2050","sigName":"Deceptor:Win32/CleanMyPC!050004","firstVendorContactDate":"200917","firstAppEsteemReplyDate":"200921","firstResolvedDate":"210324","firstResolvedVersion":"1.11.4.2099","resolved":"TRUE","lastKnownStatus":"1.10.6.2044;1.10.7.2050;1.10.8.2063;1.11.0.2069","lastKnownDate":"210324","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-03-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1741},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy\n","ACR-099":"The app's About page does not contain links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"CleanMyPC .exe","isInstaller":"True","companyName":"MacPaw, Inc.                                                ","fileVersion":"1.10","hashMD5":"bffce4f9a812c2b0776e4c76b99b0c23","hashSHA1":"ed7ffa2bb3e326e4ac73184bc32aec4568f87ee1","hashSHA256":"2eb19b17ab850ab14f7571568bcf03e510aff4b3d9c4cba59166b9fbb474fc3a","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2122","avBlockList":["360 Total Security (20200915)","Avast Premium Security (20200915)","AVG Internet Security (20200915)","Avira Internet Security (20200915)","Bitdefender Internet Security (20200915)","COMODO Antivirus (20200915)","Dr.Web Security Space (20200915)","ESET Internet Security (20200915)","G DATA INTERNET SECURITY (20200915)","K7 Total Security (20200915)","McAfee Total Protection (20200915)","Norton Security (20200915)","Panda Dome (20200915)","Sophos Home Premium (20200915)","SpyHunter5 (20200915)","Tencent PC Manager (20200915)","Total AV Antivirus Pro (20200915)","Trend Micro Internet Security (20200915)","VIPRE Advanced Security (20200915)","VirIT eXplorer PRO (20200915)","Webroot SecureAnywhere (20200915)","Windows Defender (20200915)"],"avAllowList":["Kaspersky Internet Security (20200915)","Malwarebytes Premium (20200915)","Quick Heal Internet Security (20200915)"]},{"isRevoked":"False","fileName":"CleanMyPC.exe","companyName":"MacPaw Inc.","fileVersion":"1.10","hashMD5":"669f6a9a7b6a0121ab3b1cd43111ba6c","hashSHA1":"41dc80596bbc00dad2301ba0e8906202b266d0de","hashSHA256":"ec0586171f1213072417d1c6c9029d4f51484d1be8f10a4e8a5fd9f57adb91ce","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2122","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleanMyPC.Tools.exe","companyName":"MacPaw Inc.","fileVersion":"1.10","hashMD5":"1a25485a7423901d34895174c8c45875","hashSHA1":"db98fe80ebdc40e153ae1355fde9944be03bf3e2","hashSHA256":"d17f2301f644dd552f3ef471ab30f3355243fa3391e546be95700a5ae7b7a2c8","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2122","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleanMyPCService.exe","companyName":"MacPaw Inc.","fileVersion":"1.10","hashMD5":"b57a07207fdb8a651537992a7bafcc97","hashSHA1":"52cd6d0974e95587af60fca714551b44f5f881fa","hashSHA256":"38ec620f1c66635263e4c533938c3a31400134239ddd4db1f7c4dbb4a71ab831","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2122","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleanMyPCShell.dll","companyName":"MacPaw Inc.","fileVersion":"1.8","hashMD5":"7f2ec05763ad9552c54c55a716b05aec","hashSHA1":"05bb085eda2a8977ab9aa71bb95b1d0e279af2b9","hashSHA256":"a3d86993f20980a98d8e514ec6967e95ac02e168f67bd1f97438629814feb12d","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2122","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleanMyPCSystemInterop.exe","companyName":"MacPaw Inc.","fileVersion":"1.10","hashMD5":"aed4cc7c245dcca459c0d5d0d8bfe185","hashSHA1":"15be249473c5e8de2d49facea23c4e96ff6844a0","hashSHA256":"46f29709ba03d719a023683c45505c4d9c9d8cefb9f9b58fc62d2c5bb703bd64","digitalCertThumbprint":"5493491BCA18A69651621CA5054EBF2BFB385831","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MacPaw INC, O=MacPaw INC, L=Santa Clara, S=California, C=US","sourceIndex":"2122","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://macpaw.com/","directDownloadingLink":"https://dl.devmate.com/com.macpaw.cmpc/CleanMyPC.exe?cid=1562109384.1598426299","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.devmate.com/com.macpaw.cmpc/CleanMyPC.exe?cid=1562109384.1598426299","sourceIndex":"2122"}],"sampleFiles":["200826/CleanMyPC-180920/1.10.6.2044/Samples/CleanMyPC .exe","200826/CleanMyPC-180920/1.10.6.2044/Samples/CleanMyPC.exe","200826/CleanMyPC-180920/1.10.6.2044/Samples/CleanMyPC.Tools.exe","200826/CleanMyPC-180920/1.10.6.2044/Samples/CleanMyPCService.exe","200826/CleanMyPC-180920/1.10.6.2044/Samples/CleanMyPCShell.dll","200826/CleanMyPC-180920/1.10.6.2044/Samples/CleanMyPCSystemInterop.exe"],"imageFiles":["200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-050/CleanMyPC_task scheduler[1].png","200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-004/CleanMyPC_ScanResults [1].png","200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-004/CleanMyPC_ScanResults [2].png","200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-004/CleanMyPC_ScanResults [3] Cleaning.png","200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-004/CleanMyPC_ScanResults [5] PurchasetoCompletecleanup.png"],"nonDeceptorImageFiles":["200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-045/CleanMyPC_LandingPage [1].png","200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-065/CleanMyPC_Install [1].png","200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-065/CleanMyPC_Install [2].png","200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-065/CleanMyPC_About.png","200826/CleanMyPC-180920/1.10.6.2044/Images/ACR-099/CleanMyPC_About.png"],"guid":"7ce99758-a7fa-45bc-84b1-77403cb36f14_1.10.6.2044_1","appID":"CleanMyPC-180920","dateAdded":"210219","deceptorType":"App","name":"CleanMyPC","company":"MacPaw, Inc.","version":"1.10.6.2044","sigName":"Deceptor:Win32/CleanMyPC!004050","firstVendorContactDate":"200917","firstAppEsteemReplyDate":"200921","firstResolvedDate":"210324","firstResolvedVersion":"1.11.4.2099","resolved":"TRUE","lastKnownStatus":"1.10.6.2044;1.10.7.2050;1.10.8.2063;1.11.0.2069","lastKnownDate":"210324","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-03-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1742},{"violations":{"ACR-048":"The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch \n","ACR-004":"The app does not fix free scan results and describes registry issues as errors to exaggerate a sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the app's Returns and Cancellation Policy\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThe landing page does not display links to the Returns and Cancellation Policy \nThe internal offer page does not display links to the Returns and Cancellation Policy \n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get the program for a lower price.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"RegistryHelperSetup-EN.exe","isInstaller":"True","companyName":"SafeApp Software, LLC","productName":"Registry Helper","productVersion":"3.0.260","fileVersion":"1.2","hashMD5":"11ba5c09f847b6efa14a8ea2dff02a69","hashSHA1":"deb368e8d9c68ebdf133b8aa63a1b67c944a2d8a","hashSHA256":"70f7feda2f3193669ddc07e07709d738020e19a9faf12d32fcbe34820eaa9b59","digitalCertThumbprint":"D553FD038D919F0879459AB6D434F93A1A39A84F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"SafeApp Software, LLC\", O=\"SafeApp Software, LLC\", L=Harrison, S=New York, C=US","sourceIndex":"356","avBlockList":["Avast Premium Security (20210601)","AVG Internet Security (20210601)","Avira Internet Security (20210601)","Bitdefender Internet Security (20210601)","COMODO Antivirus (20210601)","Dr.Web Security Space (20210601)","ESET Internet Security (20210601)","G DATA INTERNET SECURITY (20210601)","K7 Total Security (20210601)","Malwarebytes Premium (20210601)","McAfee Total Protection (20210601)","Norton Security (20210601)","Panda Dome (20210601)","Quick Heal Internet Security (20210601)","Sophos Home Premium (20210601)","SpyHunter5 (20210601)","Tencent PC Manager (20210601)","Total AV Antivirus Pro (20210601)","VIPRE Advanced Security (20210601)","Webroot SecureAnywhere (20210601)","Windows Defender (20210601)","VirIT eXplorer PRO (20210601)"],"avAllowList":["360 Total Security (20210601)","Kaspersky Internet Security (20210601)","Trend Micro Internet Security (20210601)"]},{"isRevoked":"False","fileName":"RegistryHelper.exe","companyName":"SafeApp Software, LLC","productName":"Registry Helper","productVersion":"3.00.0260","fileVersion":"3.00.0260","hashMD5":"0bf694c5f2f99147922e18ade16f8ed7","hashSHA1":"1e760b1bc2bd872406aaa5ca0f54593d6367a68d","hashSHA256":"ebfc5ed9c0cc22faa0b8f5e9774093962902255ec8c0a0ba5235db24b00aefcf","digitalCertThumbprint":"D553FD038D919F0879459AB6D434F93A1A39A84F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"SafeApp Software, LLC\", O=\"SafeApp Software, LLC\", L=Harrison, S=New York, C=US","sourceIndex":"356","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"registry helper\" page 2 of results http://www.safeappsoftware.com/rh/disclaimers.asp under products","landingPage":"http://www.safeappsoftware.com/rh/default.asp","directDownloadingLink":"http://www.safeappsoftware.com/rh/RegistryHelperSetup-EN.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.safeappsoftware.com/rh/RegistryHelperSetup-EN.exe","sourceIndex":"356"}],"sampleFiles":["210218/RegistryHelper-180208/3.0.260/Samples/RegistryHelperSetup-EN.exe","210218/RegistryHelper-180208/3.0.260/Samples/RegistryHelper.exe"],"imageFiles":["210218/RegistryHelper-180208/3.0.260/Images/ACR-048/RegistryHelper_Install [1].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-048/RegistryHelper_Install [2].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-004/RegistryHelper_Interactions [3].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-004/RegistryHelper_Interactions [4].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-004/RegistryHelper_Interactions [5].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-004/RegistryHelper_Interactions [6] Report.png","210218/RegistryHelper-180208/3.0.260/Images/ACR-004/RegistryHelper_OfferPage [2].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-004/RegistryHelper_OfferPage [3].png"],"nonDeceptorImageFiles":["210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_Install [1].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_Install [2].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_Install [3].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_Install [4].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_Install [5].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_Install [6].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_About [1].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/ACR-065_software.JPG","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_LandingPage [1].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_LandingPage [2].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_OfferPage [1].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_OfferPage [2].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-065/RegistryHelper_OfferPage [3].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-099/RegistryHelper_About [1].png","210218/RegistryHelper-180208/3.0.260/Images/ACR-099/ACR-099_software.JPG","210218/RegistryHelper-180208/3.0.260/Images/ACR-120/RegistryHelper_OfferPage [4] AfterUninstall.png"],"guid":"23b7de9a-28ae-4c6b-998a-99f9c2a4f63d_3.0.260_1","appID":"RegistryHelper-180208","dateAdded":"210218","deceptorType":"App","name":"Registry Helper","company":"SafeApp Software, LLC","version":"3.0.260","sigName":"Deceptor:Win32/RegistryHelper!084004","lastKnownStatus":"3.0.260","lastKnownDate":"241113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2026-05-04T14:37:18.3685348+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1743},{"violations":{"ACR-004":"App requires payment to fix the issues reported during free scanning if any item is not fixed during one time only free fix.\n","ACR-010":"The offered apps are deceptive app (e.g. BoostSpeed12)\n","ACR-103":"1. Unable to verify app value proposition as it does not detect well known 22+ malwares and 100+ PUA/PUP samples\n2. For all anti-virus app, certification requires antivirus solution provider to provide any one of the followings to support its value proposition:\n     1. App has a current and public certification from an AMTSO member tester. Or,\n     2. App vendor is a current Microsoft MVI member\n","ACR-014":"During uninstall, the app mentions system might be vulnerable when removed which is misleading as the Windows defender with realtime protection and cloud protection are present in the system\n","ACR-016":"A displayed ad leads to direct downloading and installation of an app without disclosing its docs to the consumer\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\"  misleads the consumer to think the app is offered as \"Free\" but the app does not provide an option to perform scan for more than once and require to pay for fix the free scanning items.\n","ACR-161":"Unable to verify testimonials for relevant app. \n","ACR-035":"The app does not disclose \"App Name\" in the docs\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Auslogics\\Anti-Malware\\AntiMalware.exe","companyName":"Auslogi˜cs","productName":"Anti-Malw˜are","productVersion":"1.x","fileVersion":"1.21.0.4","hashMD5":"967d411fc2f049b826abc68bc7488e94","hashSHA1":"e8e893a08c06c3e2bcfe104714da2e8142ca2140","hashSHA256":"83d17e49286bf53fcbacabf31e1c63258dfee74c4487edeccb927324c45f5c7a","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","storeId":"","sourceIndex":"2014","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"anti-malware-setup.exe","isInstaller":"True","companyName":"Auslogi˜cs                                                  ","productName":"Auslogi˜cs Anti-Malw˜are                                    ","productVersion":"1.21.0.4                                          ","fileVersion":"1.x                 ","hashMD5":"bf77399067aef46dc523d6a4a72425cd","hashSHA1":"1b4df647f6e98d9acf0ca1cb6a1de60a9bca642a","hashSHA256":"59a689f2493f745dcb4a63e2203bee03cf9465255a8beb9442540cbe07e0c0d1","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","storeId":"","sourceIndex":"2014","avBlockList":["360 Total Security (20210114)","Avast Premium Security (20210114)","AVG Internet Security (20210114)","Avira Internet Security (20210114)","Bitdefender Internet Security (20210114)","COMODO Antivirus (20210114)","Dr.Web Security Space (20210114)","ESET Internet Security (20210114)","G DATA INTERNET SECURITY (20210114)","K7 Total Security (20210114)","Malwarebytes Premium (20210114)","McAfee Total Protection (20210114)","Norton Security (20210114)","Panda Dome (20210114)","Quick Heal Internet Security (20210114)","Sophos Home Premium (20210114)","SpyHunter5 (20210114)","Tencent PC Manager (20210114)","Total AV Antivirus Pro (20210114)","VIPRE Advanced Security (20210114)","VirIT eXplorer PRO (20210114)","Webroot SecureAnywhere (20210114)","Windows Defender (20210114)"],"avAllowList":["Kaspersky Internet Security (20210114)","Trend Micro Internet Security (20210114)"]}],"additionalFiles":[],"sources":[{"howFound":"Re-review the resolved deceptor","reference":"","landingPage":"https://www.auslogics.com/en/software/anti-malware/","directDownloadingLink":"https://www.auslogics.com/en/software/anti-malware/after-download/","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.auslogics.com/en/software/anti-malware/after-download/","sourceIndex":"2014"}],"sampleFiles":["210102/AuslogicAntiMalware-181219/1.21.0.4/Samples/anti-malware-setup.exe"],"imageFiles":["210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-004/AM_RequirePaytoRemoveCookies.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-004/AM_ScanResult.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-103/ACR-103_Software_Doesn't_Detect_Any_Malware.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-103/ACR-103_Software_Doesn't_Detect_Any_Malware1.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-014/ACR-014_Uninstall_Misleading_Statement.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-016/ACR-016_AdsInsideApp_Install.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-016/ACR-016_AdsInsideApp_Direct_Install.JPG"],"nonDeceptorImageFiles":["210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-035/ACR-035_Docs_App_Name_Is_Missing.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-045/ACR-045_LandingPage_FreeDOwnload_Misleads_User.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials1.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials2.JPG","210102/AuslogicAntiMalware-181219/1.21.0.4/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials3.JPG"],"guid":"36924f43-eb31-4479-88de-8dee294784e4_1.21.0.4_1","appID":"AuslogicAntiMalware-181219","dateAdded":"210217","deceptorType":"App","name":"Auslogics Anti-Malware","company":"Auslogiÿcs Labs Pty Ltd","version":"1.21.0.4","sigName":"Deceptor:Win32/AuslogicsAntiMalware!004103014010016","firstVendorContactDate":"210105","firstAppEsteemReplyDate":"210105","firstResolvedDate":"210416","firstResolvedVersion":"1.21.0.6","resolved":"TRUE","lastKnownStatus":"Deceptor:1.19.0.0;NonCertified:1.20.0.0","lastKnownDate":"210317","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2021-04-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1745},{"violations":{"ACR-043":"The app installs “Avira” component without disclosure in EULA.\n","ACR-107":"App has Avira antivirus component without disclaiming and honoring open source license.\n","ACR-004":"1. The app needs to provide free fix for the identified issues for at least 24 hours as it provides only “Free Scan” 2. The app should avoid raising \"Urgency/Priority/Color Graphic\" for the identified issues.\n","ACR-010":"The offered app “Driver Updater” contains deceptive behavior. The carrier app needs to make sure that the offered app doesn’t have any deceptive behavior.\n","ACR-017":"The logos “Quality Gauranteed” and “Norton” are not verifiable. Microsoft Partner logo needs to disclose “Developed By” or “Using Technologies” and it should be verifiable.\n","ACR-103":"EULA in the software is not working (after clicking EULA, the page returns 404). \n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent.\n","ACR-059":"The offer is not marked as Offer, the recommended by \"who\" is not clear.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose original filename for \"anti-malware-setup.exe\" executable.\n","ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app needs to disclose EULA in the software as the provided link does not work.\n","ACR-099":"The app needs to disclose uninstall information in the software.\n","ACR-120":"During uninstallation, the app offers same product to the consumer at a lower price (30% off).\n","ACR-014":"The app needs to cleanup the word \"problems\" in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"anti-malware-setup.exe","isInstaller":"True","companyName":"Ausl˜ogics                                                  ","productName":"Ausl˜ogics Anti-Mal˜ware                                    ","productVersion":"1.19.0.0                                          ","fileVersion":"1.x                 ","hashMD5":"fe0a31046be748be19acfe2505cf5df1","hashSHA1":"b4d55e44a90505ffcc4bdacc44c3a04dd10ef564","hashSHA256":"7d956d181ba0e858428bfa24bc60c6e64911b2be68a35943a65038287c9af922","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"3203","avBlockList":["Avast Internet Security (20190214)","AVG Internet Security (20210304)","Avira Internet Security (20210304)","Bitdefender Internet Security (20210304)","ESET Internet Security (20210304)","G DATA INTERNET SECURITY (20210304)","K7 Total Security (20210304)","Malwarebytes Premium (20210304)","McAfee Total Protection (20210304)","Norton Security (20210304)","Panda Dome (20210304)","Sophos Home Premium (20210304)","VirIT eXplorer PRO (20210304)","Webroot SecureAnywhere (20210304)","Windows Defender (20210304)","Avast Premium Security (20210304)","COMODO Antivirus (20210304)","Dr.Web Security Space (20210304)","SpyHunter5 (20210304)","Tencent PC Manager (20210304)","Total AV Antivirus Pro (20210304)","VIPRE Advanced Security (20210304)"],"avAllowList":["Kaspersky Internet Security (20210304)","Trend Micro Internet Security (20210304)","360 Total Security (20210304)","Quick Heal Internet Security (20210304)"]}],"additionalFiles":[],"sources":[{"howFound":"Re-review the resolved deceptor","reference":"Auslogic resolved deceptor before ACR-004 being enforced","landingPage":"https://www.auslogics.com/en/software/anti-malware/","directDownloadingLink":"https://www.auslogics.com/en/software/anti-malware/after-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.auslogics.com/en/software/anti-malware/after-download/","sourceIndex":"3203"}],"sampleFiles":["181220/AuslogicAntiMalware-181219/1.19.0.0/Samples/anti-malware-setup.exe"],"imageFiles":["181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-043/ACR-043_Install_AviraComponentIsInstalledWithoutDisclosure.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-107/ACR-107_Install_AviraComponentIsInstalledWithoutDisclosure.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-010/ACR-010_Software_OffersDeceptorApp.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-017/ACR-017_Software_MisleadingLogo.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-004/ACR-004_Software_RaisesUrgency.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-103/ACR-103_Software_LinkToEULA_NotWorking.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-118/ACR-118_Uninstall_RetainsExecutables.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-059/ACR-059_In-BundleOffers_RecommendedByWhoIsNotClear.JPG"],"nonDeceptorImageFiles":["181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-038/ACR-038_Install_NoOriginalFilename.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-045/ACR-045_LandingPage_FreeIsHighlighted.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-065/ACR-065_Software_NoEULA.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-014/ACR-014_LandingPage_AppExaggerates.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-099/ACR-099_Software_NoUninstallInformation.JPG","181220/AuslogicAntiMalware-181219/1.19.0.0/Images/ACR-120/ACR-120_Uninstall_OffersDiscount.JPG"],"guid":"36924f43-eb31-4479-88de-8dee294784e4_1.19.0.0_1","appID":"AuslogicAntiMalware-181219","dateAdded":"210217","deceptorType":"App","name":"Auslogics Anti-Malware","company":"Auslogiÿcs Labs Pty Ltd","version":"1.19.0.0","sigName":"Deceptor:Win32/AuslogicsAntiMalware!004043107010017103118059","firstVendorContactDate":"210105","firstAppEsteemReplyDate":"210105","firstResolvedDate":"210416","firstResolvedVersion":"1.21.0.6","resolved":"TRUE","lastKnownStatus":"Deceptor:1.19.0.0;NonCertified:1.20.0.0","lastKnownDate":"210317","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1746},{"violations":{"ACR-003":" The app exaggerates the cookies items same as malware, using alarming color (red banner) for urgency to fix.\n","ACR-004":"1) App doesn't allow the user to perform a new scan after the user chooses to fix some of the reported items. This is not disclosed to the user in the software while fixing, because the user will lose the opportunity to fix the reported items anymore.\n2) App doesn't remove all the objects reported. \n","ACR-103":"App claims it is top-notch protection against malware. However its value proposition can't be verified as it does not detect well known threat in the wild, 22+ malware. (The site is still prompting this app as \"Top-notch protection against malware and data safety threats. It will help keep your PC secure and give you the peace of mind you want.\")\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\"  misleads the consumer to think the app is offered as \"Free\" but the app does not provide an option to perform scan for more than once \n","ACR-035":"The app does not disclose \"App Name\" in the docs\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Auslogics\\Anti-Malware\\AntiMalware.exe","companyName":"Auslog˜ics","productName":"Anti-Malw˜are","productVersion":"1.x","fileVersion":"1.21.0.5","hashMD5":"cd96b477f3a60bc2f69ed299938445dd","hashSHA1":"934d55ced3e0b2b6844a5835bd25b78a5167c131","hashSHA256":"713fe2da02c58a5131e7230c957eb04a635e2593998543e4f9fa96a4da35a384","digitalCertThumbprint":"AFF14BF93DC493E3E2DB13D1160D589EA7422F97","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","storeId":"","sourceIndex":"1955","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"auslogics-anti-malware-setup.exe","isInstaller":"True","companyName":"Auslog˜ics                                                  ","productName":"Auslog˜ics Anti-Malw˜are                                    ","productVersion":"1.21.0.5                                          ","fileVersion":"1.x                 ","hashMD5":"954e02255112bc1942c7419b4a15ecb4","hashSHA1":"f9cba2e92d7b2ebf7cdd834ebf820dd08cb16221","hashSHA256":"58628658cd9a21acf05943ea9b274d0eb91a4fb950693765011691e8ed7a1ba2","digitalCertThumbprint":"F7B04602A44A86A507480987BF3E6D3B7C469D85","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","storeId":"","sourceIndex":"1955","avBlockList":["360 Total Security (20210311)","Avast Premium Security (20210311)","AVG Internet Security (20210311)","Avira Internet Security (20210311)","Bitdefender Internet Security (20210311)","COMODO Antivirus (20210311)","Dr.Web Security Space (20210311)","ESET Internet Security (20210311)","G DATA INTERNET SECURITY (20210311)","K7 Total Security (20210311)","Malwarebytes Premium (20210311)","McAfee Total Protection (20210311)","Norton Security (20210311)","Panda Dome (20210311)","Quick Heal Internet Security (20210311)","Sophos Home Premium (20210311)","SpyHunter5 (20210311)","Tencent PC Manager (20210311)","Total AV Antivirus Pro (20210311)","VIPRE Advanced Security (20210311)","VirIT eXplorer PRO (20210311)","Webroot SecureAnywhere (20210311)","Windows Defender (20210311)"],"avAllowList":["Kaspersky Internet Security (20210311)","Trend Micro Internet Security (20210311)"]}],"additionalFiles":[],"sources":[{"howFound":"Re-review the resolved deceptor","reference":"Auslogic resolved deceptor before ACR-004 being enforced","landingPage":"https://www.auslogics.com/en/software/anti-malware/","directDownloadingLink":"https://www.auslogics.com/en/software/anti-malware/after-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.auslogics.com/en/software/anti-malware/after-download/","sourceIndex":"1955"}],"sampleFiles":["210217/AuslogicAntiMalware-181219/1.21.0.5/Samples/anti-malware-setup.exe"],"imageFiles":["210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-004/ACR-004_Software_ExaggeratedCount.JPG","210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-004/ACR-004_Software_ExaggeratedCount1.JPG","210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-004/ACR-004_Software_ScanAfter Fix.JPG","210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-004/Anti_malware2.JPG","210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-103/ACR-103_Software_NoMalwaresDetected.JPG","210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-103/Anti_malware.JPG","210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedCount.JPG","210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedCount1.JPG"],"nonDeceptorImageFiles":["210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-035/ACR-035.PNG","210217/AuslogicAntiMalware-181219/1.21.0.5/Images/ACR-045/ACR-045.JPG"],"guid":"36924f43-eb31-4479-88de-8dee294784e4_1.21.0.5_1","appID":"AuslogicAntiMalware-181219","dateAdded":"210217","deceptorType":"App","name":"Auslogics Anti-Malware","company":"Auslogiÿcs Labs Pty Ltd","version":"1.21.0.5","firstVendorContactDate":"210105","firstAppEsteemReplyDate":"210105","firstResolvedDate":"210416","firstResolvedVersion":"1.21.0.6","resolved":"TRUE","lastKnownStatus":"Deceptor:1.19.0.0;NonCertified:1.20.0.0","lastKnownDate":"210317","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,sold in bundle","lastUpdate":"2021-04-21T21:21:03.3245457+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1744},{"violations":{"ACR-048":"The app is installed in a hidden folder and requires a hotkey and password to open it, which limits the consumer's ability to close and uninstall the app.\n","ACR-007":"The app does not provide explicit notification when it is running and it allows the consumer to enable stealth mode, which hides all app activity from the targeted consumer. The app also enables the consumer to require a password and a hotkey to open it.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n","ACR-084":"The app enables the consumer to install it in \"Stealth Mode\", which hides all app icons and notifications. It also enables the consumer to require a password and hotkey to open it.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits user data, as it hides from them using a hotkey and password.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"scragent.exe”, which is not related to the name \"Sondle Screenshot Keylogger\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"By default, the app is installed in a hidden folder named \"Sondle Screenshot Keylogger\" in Program Files.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offer page does not display links to the EULA or Terms of Service,  or the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-002":"The App shows different names as \" scragent.exe\" in the running service/apps section.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"scragent.exe","fileVersion":"0.0","hashMD5":"0ebd6cea131ca59010fc5b4cbcf8b896","hashSHA1":"f487b357c2de1418bee45f3aaa6ebb5fa1c15952","hashSHA256":"c599472f90b4eb4ba53e5b863b6b410be3845eb65c093243de11ece351173fbc","sourceIndex":"1986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ScrKlg.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"1937f220383d2e6de685a4be1161ebe9","hashSHA1":"463138b6d3785b0997bc05a11d2c06567bef8808","hashSHA256":"2b553f7f3422a457a9ff1fe9ae6a2b8c38da25eb5811c09f55e3601f1bb3e12b","sourceIndex":"1986","avBlockList":["360 Total Security (20210604)","Avast Premium Security (20210604)","AVG Internet Security (20210604)","Avira Internet Security (20210604)","Bitdefender Internet Security (20210604)","COMODO Antivirus (20210604)","Dr.Web Security Space (20210604)","ESET Internet Security (20210604)","G DATA INTERNET SECURITY (20210604)","K7 Total Security (20210604)","Kaspersky Internet Security (20210604)","Malwarebytes Premium (20210604)","McAfee Total Protection (20210604)","Norton Security (20210604)","Panda Dome (20210604)","Quick Heal Internet Security (20210604)","Sophos Home Premium (20210604)","SpyHunter5 (20210604)","Tencent PC Manager (20210604)","Total AV Antivirus Pro (20210604)","VIPRE Advanced Security (20210604)","VirIT eXplorer PRO (20210604)","Webroot SecureAnywhere (20210604)","Windows Defender (20210604)"],"avAllowList":["Trend Micro Internet Security (20210604)"]},{"isRevoked":"False","fileName":"skgcfg.exe","companyName":"Sondle Software Corporation","fileVersion":"3.0","hashMD5":"f691af5b7a814d1dc697eb5b96773a36","hashSHA1":"57850f6ca768e05624274796813760ddf4c3af51","hashSHA256":"74a76838aa8cc69bdffd7196d65abd36de1947904c821e81a9f9baceb4255af6","sourceIndex":"1986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"skgmis.exe","fileVersion":"0.0","hashMD5":"bd170788f79f1de8a7a7b2f4c8813436","hashSHA1":"5adedabd8acb5cf7a884c59639c662c223154b98","hashSHA256":"420bcde65522f0a58ecc2c75f610529598a0010f4dcea68b21f2ae3654f155eb","sourceIndex":"1986","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"skgmon.exe","fileVersion":"0.0","hashMD5":"bd45a909b0790a6bd8f2faff8075b6b0","hashSHA1":"1661b0b86fd6996c595f9f4113674f1f512994cd","hashSHA256":"e577ed53dbc69e84a6b106ab843d6758e460782611cdd65562b5f265ea6f11f1","sourceIndex":"1986","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.sondle.com/","landingPage":"http://www.sondle.com/welcome/screenshot-keylogger.asp","directDownloadingLink":"http://down.sondle.com/software/ScrKlg.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://down.sondle.com/software/ScrKlg.exe","sourceIndex":"1986"}],"sampleFiles":["210216/SondleScreenshotKeylogger-210216/3.0.0.59/Samples/scragent.exe","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Samples/ScrKlg.exe","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Samples/skgcfg.exe","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Samples/skgmis.exe","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Samples/skgmon.exe"],"imageFiles":["210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-084/Sondle Screenshot Keylogger_HideIcon [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-084/Sondle Screenshot Keylogger_Interactions [1] Password.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-084/Sondle Screenshot Keylogger_Interactions [2] Hotkey.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-084/Sondle Screenshot Keylogger_Interactions [4] Password.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-084/Sondle Screenshot Keylogger_Interactions [9] PasswordHotkey.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-086/Sondle Screenshot Keylogger_Interactions [9] PasswordHotkey.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-086/Sondle Screenshot Keylogger_Interactions [1] Password.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-086/Sondle Screenshot Keylogger_Interactions [2] Hotkey.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-048/Sondle Screenshot Keylogger_HiddenFileDirectory [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-048/Sondle Screenshot Keylogger_Interactions [1] Password.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-048/Sondle Screenshot Keylogger_Interactions [2] Hotkey.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-007/Sondle Screenshot Keylogger_HideIcon [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-007/Sondle Screenshot Keylogger_Interactions [1] Password.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-007/Sondle Screenshot Keylogger_Interactions [2] Hotkey.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-007/Sondle Screenshot Keylogger_Interactions [9] PasswordHotkey.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-014/Sondle Screenshot Keylogger_RunningProcess [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-116/Sondle Screenshot Keylogger_ControlPanel [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-017/Sondle Screenshot Keylogger_OfferPage [1].png"],"nonDeceptorImageFiles":["210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-038/Sondle Screenshot Keylogger_FileProperty [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-038/Sondle Screenshot Keylogger_FileProperty [2].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-038/Sondle Screenshot Keylogger_FileProperty [4].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-040/Sondle Screenshot Keylogger_HiddenFileDirectory [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-065/Sondle Screenshot Keylogger_Install [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-065/Sondle Screenshot Keylogger_Install [2].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-065/Sondle Screenshot Keylogger_Install [3].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-065/Sondle Screenshot Keylogger_Install [4].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-092/Sondle Screenshot Keylogger_FileProperty [5].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-092/Sondle Screenshot Keylogger_FileProperty [6].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-092/Sondle Screenshot Keylogger_FileProperty [7].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-092/Sondle Screenshot Keylogger_FileProperty [8].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-092/Sondle Screenshot Keylogger_FileProperty [9].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-065/Sondle Screenshot Keylogger_About [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-002/Sondle Screenshot Keylogger_RunningProcess [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-065/Sondle Screenshot Keylogger_LandingPage [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-065/Sondle Screenshot Keylogger_LandingPage [2].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-017/Sondle Screenshot Keylogger_LandingPage [1].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-017/Sondle Screenshot Keylogger_LandingPage [2].png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-161/Sondle Screenshot Keylogger_LandingPage [2]_.png","210216/SondleScreenshotKeylogger-210216/3.0.0.59/Images/ACR-065/Sondle Screenshot Keylogger_OfferPage [1].png"],"guid":"9a74bace-b17e-44fd-ab4e-a561c398c9ef_3.0.0.59_1","appID":"SondleScreenshotKeylogger-210216","dateAdded":"210216","deceptorType":"App","name":"Sondle Screenshot Keylogger ","company":"Sondle Software Corporation","version":"3.0.0.59","lastKnownStatus":"Deceptor:Win32/SondleScreenshotKeyloggerStalkerware!084086048007014116017","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1747},{"violations":{"ACR-048":"The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch \n","ACR-004":"App reports out of date drivers with alarming color/symbol and pattern, raises sense of urgency.\n","ACR-014":"Offer claims no charge will be made if not completely satisfied, but fine print shows it's a negative option charge, consumer must opt out.\n","ACR-164":"App doesn't provide clear information when and how users will be notified free trial expired and how they can opt out for auto charging when trial expires.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not provide links to the Returns and Cancellation Policy, Privacy Policy. \nThe app does not have links to the app's Returns and Cancellation Policy.\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n"},"samples":[{"isRevoked":"False","fileName":"AbeAppsDriverUpdater.exe","companyName":"AbeApps Pte. Ltd.","fileVersion":"2.1","hashMD5":"d4e04eed2360b065d75376a61ae1f478","hashSHA1":"b0de1e2773246ee1c000ea6bc1ae060f0b9edbfb","hashSHA256":"1dac2ace74ba3bd2cd915fb1693e52fd2ecc88ac7f1b76a36c2cee1b3e8eca6d","digitalCertThumbprint":"C2A611F41B5DFE2153BDF18DD50CAF505E81CCF4","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=\"17 Phillip Street #05-01, Grand Building\", L=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"1988","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverWhiz.exe","isInstaller":"True","companyName":"Abe Apps Pte. Ltd.","fileVersion":"2.1","hashMD5":"bf01e4e3975a6c0277c685ec593943d6","hashSHA1":"b3226a7a695f77ed6ffd7212f00be6b8b9cc8816","hashSHA256":"c5d65fdb0aed1565d3554de6c0c7cdd1c374f1be597ef8b439bbd118347cb209","digitalCertThumbprint":"C2A611F41B5DFE2153BDF18DD50CAF505E81CCF4","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=\"17 Phillip Street #05-01, Grand Building\", L=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"1988","avBlockList":["Avast Premium Security (20210610)","AVG Internet Security (20210610)","Avira Internet Security (20210610)","Bitdefender Internet Security (20210610)","COMODO Antivirus (20210610)","Dr.Web Security Space (20210610)","ESET Internet Security (20210610)","G DATA INTERNET SECURITY (20210610)","K7 Total Security (20210610)","Kaspersky Internet Security (20210610)","Malwarebytes Premium (20210610)","McAfee Total Protection (20210610)","Norton Security (20210610)","Panda Dome (20210610)","Quick Heal Internet Security (20210610)","Sophos Home Premium (20210610)","SpyHunter5 (20210610)","Tencent PC Manager (20210610)","Total AV Antivirus Pro (20210610)","VIPRE Advanced Security (20210610)","VirIT eXplorer PRO (20210610)","Webroot SecureAnywhere (20210610)","Windows Defender (20210610)"],"avAllowList":["360 Total Security (20210610)","Trend Micro Internet Security (20210610)"]}],"additionalFiles":[],"sources":[{"landingPage":"https://driverwhiz.com/","directDownloadingLink":"https://download2.driverrestore.com/abeappsdw/abedwinternal/abeappsdw2.1.0.3/en/DriverWhiz.exe","directDownloadingLinkWildChar":"https://download2.driverrestore.com/abeappsdw/abedwinternal/abeappsdw2.1.0.3/en/DriverWhiz.exe","sourceIndex":"1988"}],"sampleFiles":["210214/170110-PEF-DWHIZ-00006/2.1.0.3/Samples/AbeAppsDriverUpdater.exe","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Samples/DriverWhiz.exe"],"imageFiles":["210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-048/DriverWhiz_Install [1].gif","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-004/DriverWhiz_Interactions [1].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-004/DriverWhiz_Interactions [2].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-004/DriverWhiz_Interactions [3].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-004/DriverWhiz_Interactions [4].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-004/DriverWhiz_Interactions [5].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-004/DriverWhiz_OfferPage [3].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-004/DriverWhiz_OfferPage [4].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-164/DriverWhiz_OfferPage [4].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-014/DriverWhiz_OfferPage [3].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-014/DriverWhiz_OfferPage [4].png"],"nonDeceptorImageFiles":["210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_Install [1].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_Install [2].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_Install [3].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_Install [4].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_Install [5].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_About [1].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_LandingPage [1].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_OfferPage [3].png","210214/170110-PEF-DWHIZ-00006/2.1.0.3/Images/ACR-065/DriverWhiz_OfferPage [5].png"],"guid":"212b6a0a-5ce2-41f8-8862-bdff0a8697d7_2.1.0.3_1","appID":"170110-PEF-DWHIZ-00006","dateAdded":"210214","deceptorType":"App","name":"DriverWhiz","company":"Abe Apps Pte. Ltd","version":"2.1.0.3","lastKnownStatus":"Deceptor:2.8.2,2.1.0.4,4.1.0.0","lastKnownDate":"201008","type":"Windows Executable","category":"SysTool & Utilities, SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"Consumer,consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid,paid,up-sell to paid","lastUpdate":"2021-02-15T01:53:53.5745053+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1748},{"violations":{"ACR-014":"Offer claims no charge will be made if not completely satisfied, but fine print shows it's a negative option charge: consumer must opt out.\n","ACR-164":"App doesn't provide clear information when and how users will be notified free trial expired and how they can opt out for auto charging when trial expires.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DriverWhiz.exe","isInstaller":"True","companyName":"Abe Apps Pte. Ltd.","fileVersion":"2.1","hashMD5":"70d06a188cd71f195dcdc0dd14c3feea","hashSHA1":"d378f53df9b256739fd987d5b613604c2ada88a5","hashSHA256":"2aa1d88c57d96bef2e549cd7a19add3927b387667ae537ca8180a876ae9fabc8","digitalCertThumbprint":"DE40EC5EA246C5A63972AF987534AF22E196E98B","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=17 Phillip Street, STREET=05-01 Grand Building, L=Singapore, S=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2161","avBlockList":["Avast Premium Security (20200924)","AVG Internet Security (20200924)","Avira Internet Security (20200924)","Bitdefender Internet Security (20200924)","COMODO Antivirus (20200924)","Dr.Web Security Space (20200924)","ESET Internet Security (20200924)","G DATA INTERNET SECURITY (20200924)","K7 Total Security (20200924)","Kaspersky Internet Security (20200924)","Malwarebytes Premium (20200924)","McAfee Total Protection (20200924)","Norton Security (20200924)","Panda Dome (20200924)","Quick Heal Internet Security (20200924)","Sophos Home Premium (20200924)","SpyHunter5 (20200924)","Tencent PC Manager (20200924)","VIPRE Advanced Security (20200924)","VirIT eXplorer PRO (20200924)","Webroot SecureAnywhere (20200924)","Windows Defender (20200924)","Total AV Antivirus Pro (20200924)"],"avAllowList":["360 Total Security (20200924)","Trend Micro Internet Security (20200924)"]},{"isRevoked":"False","fileName":"AbeAppsDriverUpdater.exe","companyName":"AbeApps Pte. Ltd.","fileVersion":"2.1","hashMD5":"28c6912ecec2c660d6fb545ec8dea397","hashSHA1":"f33deec38424ada0d207b57b78f4b67bfaaa8d75","hashSHA256":"648f706154351df2d4d87d92ecba7b3fc35666172585d730698f5c792c53758b","digitalCertThumbprint":"DE40EC5EA246C5A63972AF987534AF22E196E98B","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=17 Phillip Street, STREET=05-01 Grand Building, L=Singapore, S=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2161","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverWhiz_2.exe","isInstaller":"True","companyName":"Abe Apps Pte. Ltd.","fileVersion":"2.1","hashMD5":"15f56e31f966489f9f7c1308dd56eb08","hashSHA1":"dd333b3e307c786c0606bf1f773f89a55af413dd","hashSHA256":"635237519fd3dc0f6c1c4368b82256630c4204199dca880fba70468f0a76fd67","digitalCertThumbprint":"C2A611F41B5DFE2153BDF18DD50CAF505E81CCF4","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=\"17 Phillip Street #05-01, Grand Building\", L=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2161","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AbeAppsDriverUpdater_2.exe","companyName":"AbeApps Pte. Ltd.","fileVersion":"2.1","hashMD5":"c42c3ba2450863fdfcf378f84338177f","hashSHA1":"e5bb0fe17395ab127b53ffec9a8c78f0c67a670f","hashSHA256":"79c1ef3e6955ae0dca64f29e86886db77e7afe02f58fb4a0c0ceff86e7837b38","digitalCertThumbprint":"C2A611F41B5DFE2153BDF18DD50CAF505E81CCF4","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=\"17 Phillip Street #05-01, Grand Building\", L=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2161","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"customer report","reference":"deceptor submission","landingPage":"https://driverwhiz.com","directDownloadingLink":"https://download2.driverwhiz.com/abeappsdw/abedwinternal/abeappsdw2.1.0.4/en/DriverWhiz.exe","directDownloadingLinkWildChar":"https://download2.driverwhiz.com/abeappsdw/abedwinternal/abeappsdw2.1.0.4/en/DriverWhiz.exe","sourceIndex":"2161"}],"sampleFiles":["200714/170110-PEF-DWHIZ-00006/2.1.0.4/Samples/DriverWhiz.exe","200714/170110-PEF-DWHIZ-00006/2.1.0.4/Samples/AbeAppsDriverUpdater.exe","200714/170110-PEF-DWHIZ-00006/2.1.0.4/Samples/DriverWhiz_2.exe","200714/170110-PEF-DWHIZ-00006/2.1.0.4/Samples/AbeAppsDriverUpdater_2.exe"],"imageFiles":["200714/170110-PEF-DWHIZ-00006/2.1.0.4/Images/ACR-164/DriverWhiz_164_1.JPG","200714/170110-PEF-DWHIZ-00006/2.1.0.4/Images/ACR-014/DriverWhiz_164_1.JPG","200714/170110-PEF-DWHIZ-00006/2.1.0.4/Images/ACR-014/DriverWhiz_164.JPG"],"nonDeceptorImageFiles":[],"guid":"212b6a0a-5ce2-41f8-8862-bdff0a8697d7_2.1.0.4_1","appID":"170110-PEF-DWHIZ-00006","dateAdded":"210214","deceptorType":"App","name":"DriverWhiz","company":"Abe Apps Pte. Ltd","version":"2.1.0.4","sigName":"Deceptor:Win32/DriverWhiz!164014","lastKnownStatus":"Deceptor:2.8.2,2.1.0.4,4.1.0.0","lastKnownDate":"201008","type":"Windows Executable","category":"SysTool & Utilities, SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"Consumer,consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid,paid,up-sell to paid","lastUpdate":"2021-02-14T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1749},{"violations":{"ACR-004":"App claims to offer a seven day free trial, but it pre-collects payment details with its trial lasting only 24 hours before payment.\n","ACR-014":"Offer claims no charge will be made if not completely satisfied, but fine print shows it's a negative option charge: consumer must opt out.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DriverWhiz (1).exe","isInstaller":"True","companyName":"Abe Apps Pte. Ltd.","fileVersion":"4.1","hashMD5":"ec89112329c532485f19c92dc4514853","hashSHA1":"f6e7018dc683a98f19ee34dd4833a86b0adb9d22","hashSHA256":"63bcd0413aac0c8ddbe3e6a7ad9ead4b997fe0ec9cc8d5e66b575bf1386cff44","digitalCertThumbprint":"DE40EC5EA246C5A63972AF987534AF22E196E98B","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=17 Phillip Street, STREET=05-01 Grand Building, L=Singapore, S=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2526","avBlockList":["360 Total Security (20210708)","Avast Premium Security (20210708)","AVG Internet Security (20210708)","Avira Internet Security (20210708)","Bitdefender Internet Security (20210708)","COMODO Antivirus (20210708)","Dr.Web Security Space (20210708)","ESET Internet Security (20210708)","G DATA INTERNET SECURITY (20210708)","Malwarebytes Premium (20210708)","Norton Security (20210708)","Panda Dome (20210708)","Quick Heal Internet Security (20210708)","Sophos Home Premium (20210708)","SpyHunter5 (20210708)","Tencent PC Manager (20210708)","VIPRE Advanced Security (20210708)","VirIT eXplorer PRO (20210708)","Webroot SecureAnywhere (20210708)","Windows Defender (20210708)","K7 Total Security (20210708)","Kaspersky Internet Security (20210708)","McAfee Total Protection (20210708)","Total AV Antivirus Pro (20210708)"],"avAllowList":["Trend Micro Internet Security (20210708)"]},{"isRevoked":"False","fileName":"AbeAppsDriverUpdater.exe","companyName":"AbeApps Pte. Ltd.","fileVersion":"4.1","hashMD5":"1d1756b7169a34274cf452af7137a0fb","hashSHA1":"8eb42e3a81ad1aeacc111d1957e63bdf96ea9ae2","hashSHA256":"2043030395e39cc70f20f2baa1289da0d0ecfca83a33be1201cc86f8e546582f","digitalCertThumbprint":"DE40EC5EA246C5A63972AF987534AF22E196E98B","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=17 Phillip Street, STREET=05-01 Grand Building, L=Singapore, S=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2526","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"customer report","reference":"deceptor report","landingPage":"https://landing.driverwhiz.com/en/v1/index.jsp?brand=Canon","directDownloadingLink":"https://download2.driverwhiz.com/abeappsdw/abedwinternal/abeappsdw4.1.0.0/en/DriverWhiz.exe","directDownloadingLinkWildChar":"https://download2.driverwhiz.com/abeappsdw/abedwinternal/abeappsdw4.1.0.0/en/DriverWhiz.exe","sourceIndex":"2526"}],"sampleFiles":["200306/170110-PEF-DWHIZ-00006/4.1.0.0/Samples/DriverWhiz (1).exe","200306/170110-PEF-DWHIZ-00006/4.1.0.0/Samples/AbeAppsDriverUpdater.exe"],"imageFiles":["200306/170110-PEF-DWHIZ-00006/4.1.0.0/Images/ACR-004/acr-004 claim seven days but.png","200306/170110-PEF-DWHIZ-00006/4.1.0.0/Images/ACR-004/acr-004 really only 24.png","200306/170110-PEF-DWHIZ-00006/4.1.0.0/Images/ACR-004/acr-004 acr-014 auto charge in 24.png","200306/170110-PEF-DWHIZ-00006/4.1.0.0/Images/ACR-014/acr-004 really only 24.png","200306/170110-PEF-DWHIZ-00006/4.1.0.0/Images/ACR-014/acr-004 acr-014 auto charge in 24.png"],"nonDeceptorImageFiles":[],"guid":"212b6a0a-5ce2-41f8-8862-bdff0a8697d7_4.1.0.0_1","appID":"170110-PEF-DWHIZ-00006","dateAdded":"210214","deceptorType":"App","name":"DriverWhiz","company":"Abe Apps Pte. Ltd","version":"4.1.0.0","sigName":"Deceptor:Win32/DriverWhiz!004014","lastKnownStatus":"Deceptor:2.8.2,2.1.0.4,4.1.0.0","lastKnownDate":"201008","type":"Windows Executable","category":"SysTool & Utilities, SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"Consumer,consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid,paid,up-sell to paid","lastUpdate":"2021-02-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1750},{"violations":{"ACR-004":"App reports out of  date drivers with alarming color/symbol and pattern, raises sense of urgency. \n","ACR-084":"App creates scheduled tasks by default and no option for user to disable it. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DriverwhizSetup.exe","isInstaller":"True","companyName":"383 Media, Inc.","productVersion":"2.8.2","fileVersion":"3.3","hashMD5":"fcd9044ef9e5c2595f927027f24e6148","hashSHA1":"87fecfafb24643ccef462290a696cac39bfd4c36","hashSHA256":"2d3dcb9aa207b45e7705bed558aa184347ba2d3b5472c91ab0e64961000b298f","digitalCertThumbprint":"349825FE0B3D80B2F7EB4A93369F73A1DFB13767","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Secure Installer Inc, O=Secure Installer Inc, L=Pleasanton, S=California, C=US, SERIALNUMBER=C3712890, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"2527","avBlockList":["Avast Premium Security (20210604)","AVG Internet Security (20210604)","Avira Internet Security (20210604)","Bitdefender Internet Security (20210604)","COMODO Antivirus (20210604)","Dr.Web Security Space (20210604)","ESET Internet Security (20210604)","G DATA INTERNET SECURITY (20210604)","Malwarebytes Premium (20210604)","McAfee Total Protection (20210604)","Norton Security (20210604)","Panda Dome (20210604)","SpyHunter5 (20210604)","Tencent PC Manager (20210604)","Trend Micro Internet Security (20210604)","VIPRE Advanced Security (20210604)","VirIT eXplorer PRO (20210604)","Webroot SecureAnywhere (20210604)","Windows Defender (20210604)","K7 Total Security (20210604)","Kaspersky Internet Security (20210604)","Total AV Antivirus Pro (20210604)"],"avAllowList":["360 Total Security (20210604)","Quick Heal Internet Security (20210604)","Sophos Home Premium (20210604)"]}],"additionalFiles":[],"sources":[{"howFound":"Customer Report","reference":"","landingPage":"https://landing.driverwhiz.com/en/v1/index.jsp?brand=Canon","directDownloadingLink":"https://download2.driverwhiz.com/dw2/aedwinternal2/dw2.8.2/en/Driverwhiz.exe","landingPageWildChar":"http://landing.driverwhiz.com/en/v1/index.jsp?","directDownloadingLinkWildChar":"https://download2.driverwhiz.com/dw2/aedwinternal2/dw2.8.2/en/Driverwhiz.exe","sourceIndex":"2527"}],"sampleFiles":["200306/170110-PEF-DWHIZ-00006/2.8.2/Samples/DriverwhizSetup.exe"],"imageFiles":["200306/170110-PEF-DWHIZ-00006/2.8.2/Images/ACR-004/User Interface_Registration_Key [1].png","200306/170110-PEF-DWHIZ-00006/2.8.2/Images/ACR-084/DriverWhiz_282_2.JPG","200306/170110-PEF-DWHIZ-00006/2.8.2/Images/ACR-084/DriverWhiz_282_3.JPG"],"nonDeceptorImageFiles":[],"guid":"212b6a0a-5ce2-41f8-8862-bdff0a8697d7_2.8.2_1","appID":"170110-PEF-DWHIZ-00006","dateAdded":"210214","deceptorType":"App","name":"DriverWhiz","company":"Abe Apps Pte. Ltd","version":"2.8.2","sigName":"Deceptor:Win32/DriverWhiz!004084","lastKnownStatus":"Deceptor:2.8.2,2.1.0.4,4.1.0.0","lastKnownDate":"201008","type":"Windows Executable","category":"SysTool & Utilities, SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"Consumer,consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid,paid,up-sell to paid","lastUpdate":"2021-02-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1751},{"violations":{"ACR-003":"The application exaggerates the identified issues with an alarming red color. The overall exaggerated scanning result leads misleading urgency for the user to take action fixing the identified issues.\n","ACR-004":"The app does not fix free scan results and describes registry issues as errors to exaggerate a sense of urgency. It uses a gauge with traffic light colors to raise an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install wizard does not provide links to the Returns and Cancellation Policy, Privacy Policy. \nThe app does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's internal offer page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-163":"The app displays a support call center phone number but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n","ACR-092":"The application has no certificate information it is unsigned.\n","ACR-099":"The app’s about page does not display links to uninstall information. \nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the software and landing page.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"RegGear.exe","companyName":"Registry Gear","fileVersion":"2.1","hashMD5":"7207e6816e11348b2fc12c2f93968223","hashSHA1":"9b6b977a792139238be8b8660a8f68fab5e78298","hashSHA256":"82d9df0f928e6e350e6e6d69b4a37862147efe4aab25aa667df4e263fcc9e014","sourceIndex":"1992","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"registrygear.exe","isInstaller":"True","companyName":"Registry Gear, Inc.                                         ","fileVersion":"0.0","hashMD5":"f530010ec961d51f3d8a742eab6d5bb9","hashSHA1":"961029c96b9b69bfe865ce90a434e70f08e15802","hashSHA256":"f9405926ea4ab5ce136956e83c155f15e34ce41dbf91b02e5d7c3fa18e96051a","sourceIndex":"1992","avBlockList":["Avast Premium Security (20210610)","AVG Internet Security (20210610)","Avira Internet Security (20210610)","Bitdefender Internet Security (20210610)","ESET Internet Security (20210610)","G DATA INTERNET SECURITY (20210610)","K7 Total Security (20210610)","Kaspersky Internet Security (20210610)","Malwarebytes Premium (20210610)","McAfee Total Protection (20210610)","Norton Security (20210610)","Panda Dome (20210610)","Sophos Home Premium (20210610)","SpyHunter5 (20210610)","Tencent PC Manager (20210610)","Total AV Antivirus Pro (20210610)","VIPRE Advanced Security (20210610)","VirIT eXplorer PRO (20210610)","Webroot SecureAnywhere (20210610)"],"avAllowList":["360 Total Security (20210610)","COMODO Antivirus (20210610)","Dr.Web Security Space (20210610)","Quick Heal Internet Security (20210610)","Trend Micro Internet Security (20210610)","Windows Defender (20210610)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.registrygear.com/","directDownloadingLink":"http://www.registrygear.com/downloads/registrygear.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.registrygear.com/downloads/registrygear.exe","sourceIndex":"1992"}],"sampleFiles":["210211/RegistryGear-210211/2.1.2.618/Samples/RegGear.exe","210211/RegistryGear-210211/2.1.2.618/Samples/registrygear.exe"],"imageFiles":["210211/RegistryGear-210211/2.1.2.618/Images/ACR-004/RegistryGear_Interactions [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-004/RegistryGear_Interactions [2].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-004/RegistryGear_Interactions [3].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-004/RegistryGear_Interactions [4].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-004/RegistryGear_Interactions [5].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-004/RegistryGear_Interactions [6].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-003/RegistryGear_Interactions [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-003/RegistryGear_Interactions [2].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-003/RegistryGear_Interactions [3].png"],"nonDeceptorImageFiles":["210211/RegistryGear-210211/2.1.2.618/Images/ACR-092/RegistryGear_FileProperty [3].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-092/RegistryGear_FileProperty [4].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-065/RegistryGear_About [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-099/RegistryGear_About [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-035/RegistryGear_About [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-035/RegistryGear_LandingPage [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-037/RegistryGear_About [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-037/RegistryGear_LandingPage [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-065/RegistryGear_LandingPage [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-065/RegistryGear_LandingPage [2].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-099/RegistryGear_LandingPage [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-099/RegistryGear_LandingPage [2].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-163/RegistryGear_LandingPage [3].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-065/RegistryGear_OfferPage [1].png","210211/RegistryGear-210211/2.1.2.618/Images/ACR-099/RegistryGear_OfferPage [1].png"],"guid":"542e9b7d-a0be-452b-80a3-2a50092c2c64_2.1.2.618_1","appID":"RegistryGear-210211","dateAdded":"210211","deceptorType":"App","name":"Registry Gear","company":"RegistryGear.com","version":"2.1.2.618","sigName":"Deceptor:Win32/RegistryGear!003004","lastKnownStatus":"2.1.2.618","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1752},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. \n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. \n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus list in order to prevent detection.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \"proxycerts.exe”, which is not related to the name \" Easemon Online Employee Monitor\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-040":"The app is located inside of a system file directory, which prevents the consumer from being able to find it.\n","ACR-065":"The app's install wizard does not provide links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no certificate information it is unsigned.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Easemon","fileVersion":"1.0","hashMD5":"56f842abf2c536c2c8c806149fae0375","hashSHA1":"655777eb563b41336e070ccf490b22186e2d24ab","hashSHA256":"e76a9f27ebb1add4ff5cfdc5420e0b7663bc420e314ea810d3a443537f975f30","sourceIndex":"1993","avBlockList":["360 Total Security (20210610)","Avast Premium Security (20210610)","AVG Internet Security (20210610)","Avira Internet Security (20210610)","Bitdefender Internet Security (20210610)","ESET Internet Security (20210610)","G DATA INTERNET SECURITY (20210610)","K7 Total Security (20210610)","Kaspersky Internet Security (20210610)","Malwarebytes Premium (20210610)","McAfee Total Protection (20210610)","Norton Security (20210610)","Panda Dome (20210610)","Quick Heal Internet Security (20210610)","Sophos Home Premium (20210610)","SpyHunter5 (20210610)","Tencent PC Manager (20210610)","Total AV Antivirus Pro (20210610)","VIPRE Advanced Security (20210610)","VirIT eXplorer PRO (20210610)","Webroot SecureAnywhere (20210610)","Windows Defender (20210610)"],"avAllowList":["COMODO Antivirus (20210610)","Dr.Web Security Space (20210610)","Trend Micro Internet Security (20210610)"]},{"isRevoked":"False","fileName":"Installer.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"5c7537f5be41512174f4e1ccc2053ddd326b30c09ca6630cadaa7b1c51af41dc","sourceIndex":"1993","avBlockList":["360 Total Security (20210615)","Avast Premium Security (20210615)","AVG Internet Security (20210615)","Avira Internet Security (20210615)","Bitdefender Internet Security (20210615)","COMODO Antivirus (20210615)","Dr.Web Security Space (20210615)","ESET Internet Security (20210615)","G DATA INTERNET SECURITY (20210615)","K7 Total Security (20210615)","Kaspersky Internet Security (20210615)","Malwarebytes Premium (20210615)","McAfee Total Protection (20210615)","Norton Security (20210615)","Panda Dome (20210615)","Quick Heal Internet Security (20210615)","Sophos Home Premium (20210615)","SpyHunter5 (20210615)","Tencent PC Manager (20210615)","Total AV Antivirus Pro (20210615)","Trend Micro Internet Security (20210615)","VIPRE Advanced Security (20210615)","VirIT eXplorer PRO (20210615)","Webroot SecureAnywhere (20210615)","Windows Defender (20210615)"],"avAllowList":[]},{"isRevoked":"False","fileName":"proxycerts.exe","companyName":"Host Process for Windows Services","fileVersion":"1.2","hashMD5":"6059cec59a040df55eb2549cec5dc93a","hashSHA1":"bba959466953d76ca890e712509a4ccd25f8db88","hashSHA256":"e49f8b5111b91119f6c78acb6f66fe795fa5e5a2420d5dfd2dbf394caca8fa9a","sourceIndex":"1993","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.easemon.com/","directDownloadingLink":"https://emcpanel.com/index.php?m=device&a=create_config&id=1&license=YC68-HX75-RZ25-CX59&type=pc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://emcpanel.com/index.php?m=device&a=create_config&id=1&license=YC68-HX75-RZ25-CX59&type=pc","sourceIndex":"1993"}],"sampleFiles":["210210/Easemon-210210/1.0.0.1/Samples/Installer.exe","210210/Easemon-210210/1.0.0.1/Samples/Installer.zip","210210/Easemon-210210/1.0.0.1/Samples/proxycerts.exe"],"imageFiles":["210210/Easemon-210210/1.0.0.1/Images/ACR-084/Easemon_RunningProcess [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-084/Easemon_Interactions [2].png","210210/Easemon-210210/1.0.0.1/Images/ACR-084/Easemon_HiddenDirectory [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-086/Easemon_Interactions [2].png","210210/Easemon-210210/1.0.0.1/Images/ACR-086/Easemon_Interactions [3].png","210210/Easemon-210210/1.0.0.1/Images/ACR-086/Easemon_Interactions [4].png","210210/Easemon-210210/1.0.0.1/Images/ACR-086/Easemon_Interactions [6].png","210210/Easemon-210210/1.0.0.1/Images/ACR-097/Easemon_Install [2].png","210210/Easemon-210210/1.0.0.1/Images/ACR-048/Easemon_RunningProcess [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-007/Easemon_RunningProcess [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-014/Easemon_RunningProcess [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-116/Easemon_ControlPanel [1].png"],"nonDeceptorImageFiles":["210210/Easemon-210210/1.0.0.1/Images/ACR-040/Easemon_HiddenDirectory [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-065/Easemon_Install [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-065/Easemon_Install [2].png","210210/Easemon-210210/1.0.0.1/Images/ACR-065/Easemon_Install [3].png","210210/Easemon-210210/1.0.0.1/Images/ACR-065/Easemon_Install [4].png","210210/Easemon-210210/1.0.0.1/Images/ACR-092/Easemon_FileProperty [3].png","210210/Easemon-210210/1.0.0.1/Images/ACR-092/Easemon_FileProperty [4].png","210210/Easemon-210210/1.0.0.1/Images/ACR-065/Easemon_Interactions [6].png","210210/Easemon-210210/1.0.0.1/Images/ACR-065/Easemon_LandingPage [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-099/Easemon_LandingPage [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-161/Easemon_LandingPage [2].png","210210/Easemon-210210/1.0.0.1/Images/ACR-065/Easemon_OfferPage [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-065/Easemon_OfferPage [2].png","210210/Easemon-210210/1.0.0.1/Images/ACR-099/Easemon_OfferPage [1].png","210210/Easemon-210210/1.0.0.1/Images/ACR-099/Easemon_OfferPage [2].png"],"guid":"e0abca99-5e3b-45b2-811c-6fa99232f6bb_1.0.0.1_1","appID":"Easemon-210210","dateAdded":"210210","deceptorType":"App","name":"Easemon Online Employee Monitor for Windows","company":"Easemon Inc","version":"1.0.0.1","sigName":"Deceptor:Win32/EasemonOnlineEmployeeMonitorStalkerware!084086097048007014116","lastKnownStatus":"1.0.0.1","lastKnownDate":"210210","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-02-10T18:59:06.2769669+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1753},{"violations":{"ACR-003":"The application uses the alarming color and exaggerates registry keys as high with status level as critical , thereby misleading or scaring user to take action.\n","ACR-004":"The app does not fix free scan results and describes registry issues as errors to exaggerate a sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no links that shows the app's Returns and Cancellation Policy, and Privacy Policy \nThe app does not display links to the Terms of Service or EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe app's landing page does not have link to the Returns and Cancellations Policy.\nThe app's internal offer page does not have link to the Returns and Cancellations Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The internal offers page contains offers that were not pre-disclosed and are opt-out.\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"LionSea Software                                            ","fileVersion":"0.0","hashMD5":"b073e4ecb20ee8c3b3438fee7d4a208f","hashSHA1":"9e8a0feae7aa690dc2bf4dd09f639291fc05611a","hashSHA256":"f00432788f14910d432132a22da7e6a2252c6f44f0cb6b0622044fd9937dda4b","digitalCertThumbprint":"6537B50F8404D3C5A98EF9084415B145DA652757","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"1994","avBlockList":["Avast Premium Security (20210617)","AVG Internet Security (20210617)","Avira Internet Security (20210617)","Bitdefender Internet Security (20210617)","COMODO Antivirus (20210617)","Dr.Web Security Space (20210617)","ESET Internet Security (20210617)","G DATA INTERNET SECURITY (20210617)","K7 Total Security (20210617)","Kaspersky Internet Security (20210617)","Malwarebytes Premium (20210617)","McAfee Total Protection (20210617)","Norton Security (20210617)","Panda Dome (20210617)","Sophos Home Premium (20210617)","SpyHunter5 (20210617)","Tencent PC Manager (20210617)","Total AV Antivirus Pro (20210617)","Trend Micro Internet Security (20210617)","VIPRE Advanced Security (20210617)","VirIT eXplorer PRO (20210617)","Webroot SecureAnywhere (20210617)","Windows Defender (20210617)"],"avAllowList":["360 Total Security (20210617)","Quick Heal Internet Security (20210617)"]},{"isRevoked":"False","fileName":"SmartPCFixer.exe","fileVersion":"1.0","hashMD5":"2bd28853657c6aecb534f9b723060e1e","hashSHA1":"2cbe84b7ff3a50baa08f0a5ad3e281552bef7e61","hashSHA256":"72a88858e8f9f5d6f80de22f4e4d2e2bfab771fd0b81895d6590cb1abb007e8f","digitalCertThumbprint":"6537B50F8404D3C5A98EF9084415B145DA652757","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"1994","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.smartpcfixer.com/","directDownloadingLink":"http://www.smartpcfixer.com/download/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.smartpcfixer.com/download/setup.exe","sourceIndex":"1994"}],"sampleFiles":["210209/SmartPCFixer-210209/4.2/Samples/setup.exe","210209/SmartPCFixer-210209/4.2/Samples/SmartPcFixer.exe"],"imageFiles":["210209/SmartPCFixer-210209/4.2/Images/ACR-004/SmartPcFixer_Interactions [3].png","210209/SmartPCFixer-210209/4.2/Images/ACR-004/SmartPcFixer_Interactions [4].png","210209/SmartPCFixer-210209/4.2/Images/ACR-004/SmartPcFixer_Interactions [5].png","210209/SmartPCFixer-210209/4.2/Images/ACR-004/SmartPcFixer_Interactions [6].png","210209/SmartPCFixer-210209/4.2/Images/ACR-004/SmartPcFixer_Interactions [7].png","210209/SmartPCFixer-210209/4.2/Images/ACR-003/SmartPcFixer_Interactions [3].png","210209/SmartPCFixer-210209/4.2/Images/ACR-003/SmartPcFixer_Interactions [4].png","210209/SmartPCFixer-210209/4.2/Images/ACR-003/SmartPcFixer_Interactions [7].png"],"nonDeceptorImageFiles":["210209/SmartPCFixer-210209/4.2/Images/ACR-065/SmartPcFixer_Install [1].png","210209/SmartPCFixer-210209/4.2/Images/ACR-065/SmartPcFixer_Install [2].png","210209/SmartPCFixer-210209/4.2/Images/ACR-065/SmartPcFixer_Install [3].png","210209/SmartPCFixer-210209/4.2/Images/ACR-065/SmartPcFixer_Install [4].png","210209/SmartPCFixer-210209/4.2/Images/ACR-065/SmartPcFixer_Install [5].png","210209/SmartPCFixer-210209/4.2/Images/ACR-065/SmartPcFixer_Interactions [3].png","210209/SmartPCFixer-210209/4.2/Images/ACR-099/SmartPcFixer_Interactions [3].png","210209/SmartPCFixer-210209/4.2/Images/ACR-065/SmartPcFixer_LandingPage [1].png","210209/SmartPCFixer-210209/4.2/Images/ACR-017/SmartPcFixer_LandingPage [1].png","210209/SmartPCFixer-210209/4.2/Images/ACR-161/ SmartPCFixer Testmonials.png","210209/SmartPCFixer-210209/4.2/Images/ACR-171/SmartPcFixer_OfferPage [1].png","210209/SmartPCFixer-210209/4.2/Images/ACR-171/SmartPcFixer_OfferPage [2].png","210209/SmartPCFixer-210209/4.2/Images/ACR-065/SmartPcFixer_OfferPage [1].png","210209/SmartPCFixer-210209/4.2/Images/ACR-099/SmartPcFixer_OfferPage [1].png"],"guid":"ae3f8817-fb81-46b4-beae-65f9699b617f_4.2_1","appID":"SmartPCFixer-210209","dateAdded":"210209","deceptorType":"App","name":"SmartPCFixer ","company":"LionSea Software co., ltd","version":"4.2","sigName":"Deceptor:Win32/SmartPCFixer!003004","lastKnownStatus":"4.2","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1754},{"violations":{"ACR-004":"1) The app provides a free fix option, but the fix always stops at 29% or 98% and starts downloading again from 0%. It displays an error message as \"Updating of system drivers failed\" and also prompts to purchase the app, which is misleading.\n2) The app claims it provides free fix for invalid registry items, the free fix for 61 invalid registry items takes unreasonable long time (more than 20 mins) and not working. The intended prolonged free fixing is unfair to user and drives user to cancel the free fix to buy paid version. \n\n","ACR-007":"The app does not obtain informed consent before disabling the Windows Defender process in the startup manager.\n","ACR-165":"The app does not mention clearly that the Auto-renewal policy given in the cart page is applicable to both the apps or not.\n"},"nonDeceptorViolations":{"ACR-099":"The app does not have a uninstall information for the extension in the software.\nThe app does not have a uninstall information for the extension in the landing page.\n","ACR-068":"The offer is not clear. Irrespective of the subscription you choose, the \"Instant Activation\" always leads to the 6-month subscription and there is a price discrepancy between inline offer and cart page. Also, McAfee which is mentioned as free in the inline offer which is not the case as it is $4.99 monthly, which is misleading the consumer. \n","ACR-171":"The offered app \"McAfee\" is opted-in by default in the cart page, without any disclosures.\n","ACR-168":"The landing page displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Driver Magic\\drvmgc.exe","companyName":"thedrivermagic.com","productName":"Driver Magic","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"02ef54ae9e8d5a4c928858f9886cbc35","hashSHA1":"6a1df6001258b5d94e5f1f083fa9a2af92d09194","hashSHA256":"fd95a2130a4d38bd48339426eb1bc80bf3ce3d36b05a68573e77e2da3d63a229","digitalCertThumbprint":"C8E459E1C69F9D37184EEF35E90A1B9DCC9375E6","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"DRIVER MAGIC","storeId":"","sourceIndex":"1995","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"drivermagic.exe","isInstaller":"True","companyName":"thedrivermagic.com","productName":"Driver Magic","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b786d8405d5464dd5246b71b2c1372c4","hashSHA1":"bd2a7d0eded5a2b111b76cb79aae1ca3802080c2","hashSHA256":"762fd16dfac100e457829fe83ba0c36ab210d600e62dfad41d991df02d8cdc94","digitalCertThumbprint":"C8E459E1C69F9D37184EEF35E90A1B9DCC9375E6","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"DRIVER MAGIC","storeId":"","sourceIndex":"1995","avBlockList":["360 Total Security (20210617)","Avira Internet Security (20210617)","Bitdefender Internet Security (20210617)","COMODO Antivirus (20210617)","Dr.Web Security Space (20210617)","ESET Internet Security (20210617)","G DATA INTERNET SECURITY (20210617)","K7 Total Security (20210617)","Malwarebytes Premium (20210617)","McAfee Total Protection (20210617)","Norton Security (20210617)","Panda Dome (20210617)","Quick Heal Internet Security (20210617)","Sophos Home Premium (20210617)","SpyHunter5 (20210617)","Tencent PC Manager (20210617)","Total AV Antivirus Pro (20210617)","VIPRE Advanced Security (20210617)","VirIT eXplorer PRO (20210617)","Webroot SecureAnywhere (20210617)","Windows Defender (20210617)"],"avAllowList":["Avast Premium Security (20210617)","AVG Internet Security (20210617)","Kaspersky Internet Security (20210617)","Trend Micro Internet Security (20210617)"]}],"additionalFiles":[],"sources":[{"howFound":"expired certificated app review","reference":"DriverMagic","landingPage":"https://www.thedrivermagic.com/","directDownloadingLink":"https://stup.thedrivermagic.com/dmg/builds/apst/v1000/drivermagic.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://stup.thedrivermagic.com/dmg/builds/apst/v1000/drivermagic.exe","sourceIndex":"1995"}],"sampleFiles":["210208/DriverMagic-210204/1.0/Samples/drivermagic.exe"],"imageFiles":["210208/DriverMagic-210204/1.0/Images/ACR-004/ACR-004_unabletofix.JPG","210208/DriverMagic-210204/1.0/Images/ACR-004/FreeFixInvalidRegItem1.JPG","210208/DriverMagic-210204/1.0/Images/ACR-004/DriverMagicScanRes.JPG","210208/DriverMagic-210204/1.0/Images/ACR-007/ACR-007_Software_NoAlerts1.JPG","210208/DriverMagic-210204/1.0/Images/ACR-165/ACR-165_InternalOffers_NoDetails.JPG"],"nonDeceptorImageFiles":["210208/DriverMagic-210204/1.0/Images/ACR-099/ACR-099_Software_NoUninstall_Info.jpg","210208/DriverMagic-210204/1.0/Images/ACR-099/ACR-099_Software_NoUninstall_Info1.jpg","210208/DriverMagic-210204/1.0/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.jpg","210208/DriverMagic-210204/1.0/Images/ACR-168/ACR-168_Landingpage_NoDisclosure.JPG","210208/DriverMagic-210204/1.0/Images/ACR-006/ACR-006_Landingpage_NoDisclosure.JPG","210208/DriverMagic-210204/1.0/Images/ACR-068/ACR-068_InlineOffer_ConfusingfMcAfeeOffer.JPG","210208/DriverMagic-210204/1.0/Images/ACR-068/ACR-068_InlineOffer_ConfusingOffer1.JPG","210208/DriverMagic-210204/1.0/Images/ACR-171/ACR-171_InternalOffers_Default opt-In.JPG","210208/DriverMagic-210204/1.0/Images/ACR-171/ACR-171_InternalOffers_Default opt-In1.JPG","210208/DriverMagic-210204/1.0/Images/ACR-171/ACR-171_InternalOffers_Default opt-In2.JPG","210208/DriverMagic-210204/1.0/Images/ACR-171/ACR-171_InternalOffers_Default opt-In3.JPG"],"guid":"bca27bb8-2121-45a5-aff4-7bf6dd4ba7f5_1.0_1","appID":"DriverMagic-210204","dateAdded":"210208","deceptorType":"App","name":"Driver Magic","company":"DRIVER MAGIC","version":"1.0","lastKnownStatus":"1.0","lastKnownDate":"210208","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,cross-sell other apps,in-app purchases","lastUpdate":"2021-02-08T22:49:30.0260076+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1755},{"violations":{"ACR-004":"The app shows free scan results, then charges to get its non-permanent fixes. It only cleans 500 megabytes off of the disk, then it requires the user to pay to continue.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"450007e0f201a3a11175e56f61ea7aa0","hashSHA1":"6e2e1c65fa3d46aeb66ba17503d4bcb47328b633","hashSHA256":"10e81b4c5a9d6b7ed79fe2b4c762307ce26cf47ffb428872efe516eb7a91e9af","sourceIndex":"2774","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"b2de374a5e10e98817d7d21e565d7bab","hashSHA1":"35811c09b9527560c979b711b7aba30f891f0fe8","hashSHA256":"36ad9179e159980ee7a0f69d378cab26c724f50c83e9b0504b4e7235f88fd7db","sourceIndex":"2774","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.dmg","sourceIndex":"2774"}],"sampleFiles":["190919/MacMaster-190524/3.0.5/Samples/MacMaster","190919/MacMaster-190524/3.0.5/Samples/macmaster.dmg"],"imageFiles":["190919/MacMaster-190524/3.0.5/Images/ACR-004/MacMaster ACR004.gif"],"nonDeceptorImageFiles":["190919/MacMaster-190524/3.0.5/Images/ACR-065/MacMaster Install.png","190919/MacMaster-190524/3.0.5/Images/ACR-065/MacMaster About.png","190919/MacMaster-190524/3.0.5/Images/ACR-065/MacMaster Bottom of Landing Page.png","190919/MacMaster-190524/3.0.5/Images/ACR-099/MacMaster About.png","190919/MacMaster-190524/3.0.5/Images/ACR-099/MacMaster Bottom of Landing Page.png","190919/MacMaster-190524/3.0.5/Images/ACR-099/MacMaster Bottom of Internal Offers.png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_3.0.5_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"3.0.5","sigName":"Deceptor:MacOS/MacMaster!004","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1765},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 500MB before requiring you to pay for a license.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"1becd22cde4ee2f6f14f0c79225a7da1","hashSHA1":"675309b27fdeb6c722dd24aa6877b503ef93d27c","hashSHA256":"e1f02cfa6dd66919b2ec989d4c7f463ab81a77be45fa74c8aabddb84b2303619","sourceIndex":"2005","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"aa2ec662c8e312c81d7b40bd29ac4535","hashSHA1":"e1674615c44531657a05ab4e52553fe644f29ed9","hashSHA256":"8e1636293dc755c88f70b87361e1607c88265ae55d56b8c2c2dbe4828a07bfee","sourceIndex":"2005","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.pkg","sourceIndex":"2005"}],"sampleFiles":["210111/MacMaster-190524/4.0.9/Samples/MacMaster","210111/MacMaster-190524/4.0.9/Samples/macmaster.pkg"],"imageFiles":["210111/MacMaster-190524/4.0.9/Images/ACR-004/MacMaster_Interactions [1].png"],"nonDeceptorImageFiles":["210111/MacMaster-190524/4.0.9/Images/ACR-045/MacMaster_LandingPage [1].png","210111/MacMaster-190524/4.0.9/Images/ACR-045/MacMaster_LandingPage [2].png","210111/MacMaster-190524/4.0.9/Images/ACR-065/MacMaster_Install [1].png","210111/MacMaster-190524/4.0.9/Images/ACR-065/MacMaster_Install [2].png","210111/MacMaster-190524/4.0.9/Images/ACR-065/MacMaster_Install [3].png","210111/MacMaster-190524/4.0.9/Images/ACR-065/MacMaster_Install [4].png","210111/MacMaster-190524/4.0.9/Images/ACR-065/MacMaster_About [1].png","210111/MacMaster-190524/4.0.9/Images/ACR-161/MacMaster_LandingPage [4].png","210111/MacMaster-190524/4.0.9/Images/ACR-161/MacMaster_LandingPage [6].png","210111/MacMaster-190524/4.0.9/Images/ACR-099/MacMaster_About [1].png","210111/MacMaster-190524/4.0.9/Images/ACR-099/MacMaster_LandingPage [3].png","210111/MacMaster-190524/4.0.9/Images/ACR-099/MacMaster_LandingPage [4].png","210111/MacMaster-190524/4.0.9/Images/ACR-099/MacMaster_OfferPage [1].png","210111/MacMaster-190524/4.0.9/Images/ACR-099/MacMaster_OfferPage [2].png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_4.0.9_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"4.0.9","sigName":"Deceptor:MacOS/MacMaster!004","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1757},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 500MB before requiring you to pay for a license.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not show both links to the Returns and Cancellation Policy and Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"fdefd515d5d6e9e6ce4891326d50a170","hashSHA1":"d2ce4258d0879904e97055c7108b0e3ca6d56ede","hashSHA256":"c52961a79c9d8a6f03816a7de9032d2b1de7ed3a8d87aa7446d8aa7f40db36b1","sourceIndex":"2025","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"c2ee1bda36c1a05c0d21b4b0a8d8fb5e","hashSHA1":"9903ada38b374836f93790ad62c9e16b83ac382b","hashSHA256":"534d237c018f9fae3bf0673acaac02e5521fd4eaa214c5a9612904ad4f0d8d31","sourceIndex":"2025","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.pkg","sourceIndex":"2025"}],"sampleFiles":["201218/MacMaster-190524/4.0.8/Samples/MacMaster","201218/MacMaster-190524/4.0.8/Samples/macmaster.pkg"],"imageFiles":["201218/MacMaster-190524/4.0.8/Images/ACR-004/MacMaster_Interactions [1].png"],"nonDeceptorImageFiles":["201218/MacMaster-190524/4.0.8/Images/ACR-045/MacMaster_LandingPage[2].png","201218/MacMaster-190524/4.0.8/Images/ACR-065/MacMaster_Install [1].png","201218/MacMaster-190524/4.0.8/Images/ACR-065/MacMaster_Install [2].png","201218/MacMaster-190524/4.0.8/Images/ACR-065/MacMaster_Install [3].png","201218/MacMaster-190524/4.0.8/Images/ACR-065/MacMaster_Install [4].png","201218/MacMaster-190524/4.0.8/Images/ACR-065/MacMaster_About [1].png","201218/MacMaster-190524/4.0.8/Images/ACR-161/MacMaster_LandingPage[3] Testimonials.png","201218/MacMaster-190524/4.0.8/Images/ACR-099/MacMaster_About [1].png","201218/MacMaster-190524/4.0.8/Images/ACR-099/MacMaster_LandingPage[2].png","201218/MacMaster-190524/4.0.8/Images/ACR-099/MacMaster_OfferPage[1].png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_4.0.8_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"4.0.8","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1758},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 500MB before requiring you to pay for a license.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not show both links to the Returns and Cancellation Policy and Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"adf2bec7895adebd370262765fa41e69","hashSHA1":"e446ac0e1e894e174f6e05fca5f492a1a55aa312","hashSHA256":"d73f2a23428e4b909492f08ddc59a9362d31e1618af6b271644da29a0055c53f","sourceIndex":"2038","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"5c61d0ac3f7d244340d17273e7f47271","hashSHA1":"6e52af976028e183a3ee33e1b2d0e49ad6232116","hashSHA256":"97f8dc70106db9c3dd2122433c3953c897977550b3b76388eb778f766320fdb4","sourceIndex":"2038","avBlockList":["Avast Security for Mac (20201208)","Avira Security for Mac (20201208)","ESET Cyber Security Pro for Mac (20201208)","Norton Security for Mac (20201208)","Sophos Home Premium For Mac (20201208)"],"avAllowList":["Bitdefender Antivirus for Mac (20201208)","G DATA AntiVirus for Mac (20201208)","K7 Antivirus for Mac (20201208)","Kaspersky Internet Security for Mac (20201208)","McAfee Internet Security for Mac (20201208)","Trend Micro Antivirus for Mac (20201208)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.pkg","sourceIndex":"2038"}],"sampleFiles":["201127/MacMaster-190524/4.0.7/Samples/MacMaster","201127/MacMaster-190524/4.0.7/Samples/macmaster.pkg"],"imageFiles":["201127/MacMaster-190524/4.0.7/Images/ACR-004/MacMaster_Interactions [2].png"],"nonDeceptorImageFiles":["201127/MacMaster-190524/4.0.7/Images/ACR-045/MacMaster_LandingPage [2].png","201127/MacMaster-190524/4.0.7/Images/ACR-065/MacMaster_Install [1].png","201127/MacMaster-190524/4.0.7/Images/ACR-065/MacMaster_Install [2].png","201127/MacMaster-190524/4.0.7/Images/ACR-065/MacMaster_Install [3].png","201127/MacMaster-190524/4.0.7/Images/ACR-065/MacMaster_Install [4].png","201127/MacMaster-190524/4.0.7/Images/ACR-065/MacMaster_About [1].png","201127/MacMaster-190524/4.0.7/Images/ACR-065/MacMaster_About [2].png","201127/MacMaster-190524/4.0.7/Images/ACR-161/MacMaster_LandingPage [1] Testimonials.png","201127/MacMaster-190524/4.0.7/Images/ACR-099/MacMaster_About [2].png","201127/MacMaster-190524/4.0.7/Images/ACR-099/MacMaster_LandingPage [2].png","201127/MacMaster-190524/4.0.7/Images/ACR-099/MacMaster_OfferPage [1].png","201127/MacMaster-190524/4.0.7/Images/ACR-099/MacMaster_OfferPage [3].png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_4.0.7_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"4.0.7","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1759},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 500MB before requiring you to pay for a license.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app even though the \"Run Start up\" box is unchecked.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not show both links to the Returns and Cancellation Policy, Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"ae307dfd5c608da406f49133024c61a9","hashSHA1":"a6c13d9c6c30a2e6688117d00593a4c86753be5c","hashSHA256":"daf813bffb177d8fc0deded5fcd3cebda363b2815446a721d3e2a1a9c31206b5","sourceIndex":"2072","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"c37881fde3b53c448150517186aa9ac8","hashSHA1":"57f0a51c6ff1e7adbd56929789a6a3a2298b199e","hashSHA256":"ae7095c7f00c16245a112e53eeb01898e504d95d67bd9fc6a83d190643375846","sourceIndex":"2072","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.pkg","sourceIndex":"2072"}],"sampleFiles":["201013/MacMaster-190524/4.0.5/Samples/MacMaster","201013/MacMaster-190524/4.0.5/Samples/macmaster.pkg"],"imageFiles":["201013/MacMaster-190524/4.0.5/Images/ACR-004/MacMaster_Interactions [1].png","201013/MacMaster-190524/4.0.5/Images/ACR-084/MacMaster_AutoLaunch[1].png"],"nonDeceptorImageFiles":["201013/MacMaster-190524/4.0.5/Images/ACR-045/MacMaster_LandingPage [1].png","201013/MacMaster-190524/4.0.5/Images/ACR-045/MacMaster_LandingPage [2].png","201013/MacMaster-190524/4.0.5/Images/ACR-065/MacMaster_Installs [1].png","201013/MacMaster-190524/4.0.5/Images/ACR-065/MacMaster_Installs [2].png","201013/MacMaster-190524/4.0.5/Images/ACR-065/MacMaster_Installs [3].png","201013/MacMaster-190524/4.0.5/Images/ACR-065/MacMaster_Installs [4].png","201013/MacMaster-190524/4.0.5/Images/ACR-065/MacMaster_About [2].png","201013/MacMaster-190524/4.0.5/Images/ACR-065/MacMaster_Interactions [2].png","201013/MacMaster-190524/4.0.5/Images/ACR-161/MacMaster_LandingPage [3] Testimonials.png","201013/MacMaster-190524/4.0.5/Images/ACR-099/MacMaster_About [2].png","201013/MacMaster-190524/4.0.5/Images/ACR-099/MacMaster_LandingPage [1].png","201013/MacMaster-190524/4.0.5/Images/ACR-099/MacMaster_LandingPage [2].png","201013/MacMaster-190524/4.0.5/Images/ACR-099/MacMaster_OfferPage [1].png","201013/MacMaster-190524/4.0.5/Images/ACR-099/MacMaster_OfferPage [4].png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_4.0.5_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"4.0.5","sigName":"Deceptor:MacOS/MacMaster!004084","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1760},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 500MB before requiring you to pay for a license.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"30ea5582bc6e4898d1ed75f768bd1a85","hashSHA1":"9a4507ebbcaa8b3707d384b6e6463e1c1ab7ead2","hashSHA256":"41aadcfde1de4ab5604c3dc5b0357b09916ca51eb69e10d3778887e6e78b10a8","sourceIndex":"2108","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d63ea64b4509f78f0c734aef575ca494","hashSHA1":"a52ef6b242d7299db0b4e16af151d8bc9b7fd45f","hashSHA256":"10268c954c9f2a0f9719ab964fb7afcf3b75fd6024ad67f83a9a4376fd563ffb","sourceIndex":"2108","avBlockList":["Avast Security for Mac (20201013)","Avira Security for Mac (20201013)","ESET Cyber Security Pro for Mac (20201013)","K7 Antivirus for Mac (20201013)","McAfee Internet Security for Mac (20201013)","Norton Security for Mac (20201013)","Sophos Home Premium For Mac (20201013)"],"avAllowList":["Bitdefender Antivirus for Mac (20201013)","G DATA AntiVirus for Mac (20201013)","Kaspersky Internet Security for Mac (20201013)","Trend Micro Antivirus for Mac (20201013)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.dmg","sourceIndex":"2108"}],"sampleFiles":["200915/MacMaster-190524/4.0.4/Samples/MacMaster","200915/MacMaster-190524/4.0.4/Samples/macmaster.dmg"],"imageFiles":["200915/MacMaster-190524/4.0.4/Images/ACR-004/MacMaster_Interaction [2].png","200915/MacMaster-190524/4.0.4/Images/ACR-084/MacMaster_AutoLaunch [2] Settings.png"],"nonDeceptorImageFiles":["200915/MacMaster-190524/4.0.4/Images/ACR-045/MacMaster_LandingPage [3] FreeDownload.png","200915/MacMaster-190524/4.0.4/Images/ACR-065/MacMaster_Install [1].png","200915/MacMaster-190524/4.0.4/Images/ACR-065/MacMaster_About [2].png","200915/MacMaster-190524/4.0.4/Images/ACR-099/MacMaster_About [2].png","200915/MacMaster-190524/4.0.4/Images/ACR-099/MacMaster_LandingPage [1].png","200915/MacMaster-190524/4.0.4/Images/ACR-099/MacMaster_LandingPage [4].png","200915/MacMaster-190524/4.0.4/Images/ACR-099/MacMaster_OfferPage [1].png","200915/MacMaster-190524/4.0.4/Images/ACR-099/MacMaster_OfferPage [3].png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_4.0.4_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"4.0.4","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1761},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 500MB before requiring you to pay for a license.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"macmaster.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"46e5b6ff2f5c955b63da246cd1f9c181","hashSHA1":"d045d3aae0f0e427e838041ce021fd0b11fcb69f","hashSHA256":"3cf26d4353e5aa8848e5bc74acd1bb4bd1c934f73c66550fe19916a907de4b59","sourceIndex":"2131","avBlockList":["Avast Security for Mac (20200908)","Avira Security for Mac (20200908)","Bitdefender Antivirus for Mac (20200908)","ESET Cyber Security Pro for Mac (20200908)","G DATA AntiVirus for Mac (20200908)","K7 Antivirus for Mac (20200908)","McAfee Internet Security for Mac (20200908)","Norton Security for Mac (20200908)","Sophos Home Premium For Mac (20200908)","Trend Micro Antivirus for Mac (20200908)"],"avAllowList":["Kaspersky Internet Security for Mac (20200908)"]},{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"4e89a158bfa7b77d20c9c7024f9bb839","hashSHA1":"5ff9a8e9a65178d5d9819fcb4f0b3534deb6e062","hashSHA256":"0b90ea2ec1e4739280ae3afce8d3a622f67a39bcec922deb35f9758e66608fb0","sourceIndex":"2131","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.dmg","sourceIndex":"2131"}],"sampleFiles":["200817/MacMaster-190524/4.0.3/Samples/macmaster.dmg","200817/MacMaster-190524/4.0.3/Samples/MacMaster"],"imageFiles":["200817/MacMaster-190524/4.0.3/Images/ACR-004/MacMaster_Interaction [2].png","200817/MacMaster-190524/4.0.3/Images/ACR-084/MacMaster_AutoLaunch [1] KnockKnockLog.png","200817/MacMaster-190524/4.0.3/Images/ACR-084/MacMaster_AutoLaunch [1] LaunchDaemon.png","200817/MacMaster-190524/4.0.3/Images/ACR-084/MacMaster_About [2].png"],"nonDeceptorImageFiles":["200817/MacMaster-190524/4.0.3/Images/ACR-045/MacMaster_LandingPage [4_].png","200817/MacMaster-190524/4.0.3/Images/ACR-065/MacMaster_Install [1].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_About [1].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_About [2].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_LandingPage [3].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_LandingPage [4].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_OfferPage [3].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_OfferPage [10].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_OfferPage [11].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_OfferPage AfterInstall [8].png","200817/MacMaster-190524/4.0.3/Images/ACR-099/MacMaster_OfferPage AfterInstall [9].png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_4.0.3_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"4.0.3","sigName":"Deceptor:MacOS/MacMaster!004084","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1762},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 500MB before requiring you to pay for a license.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"e7d9a117b3fe08741f45f6c8ede8ba2b","hashSHA1":"6ad90491ec91b72fa1bfd60ccbaccf30c58f7ecf","hashSHA256":"657251c1667dcdbc7d647e00a21823cb334b67b8b5deb89e5978b76ae6b7782a","sourceIndex":"2427","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"b4491110f0be903e118283cdec250978","hashSHA1":"23050078ea7802fdb93b4f29122d81d4b8102182","hashSHA256":"928b5e8f590b4ba26a86f70f5aca6dc69050c5838b4daa3f9b41a103d1981a02","sourceIndex":"2427","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["K7 Antivirus for Mac (20210413)","Kaspersky Internet Security for Mac (20210413)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.dmg","sourceIndex":"2427"}],"sampleFiles":["200527/MacMaster-190524/4.0.0/Samples/MacMaster","200527/MacMaster-190524/4.0.0/Samples/macmaster.dmg"],"imageFiles":["200527/MacMaster-190524/4.0.0/Images/ACR-004/MacMaster_Interaction [1].png","200527/MacMaster-190524/4.0.0/Images/ACR-084/MacMaster_Interaction [2].png","200527/MacMaster-190524/4.0.0/Images/ACR-084/MacMaster_About [1].png","200527/MacMaster-190524/4.0.0/Images/ACR-084/MacMaster_AutoLaunch_KnockKnockLog.png","200527/MacMaster-190524/4.0.0/Images/ACR-084/MacMaster_AutoLaunch_LaunchDaemonFile.png"],"nonDeceptorImageFiles":["200527/MacMaster-190524/4.0.0/Images/ACR-045/MacMaster_LandingPage [3].png","200527/MacMaster-190524/4.0.0/Images/ACR-045/MacMaster_LandingPage [4].png","200527/MacMaster-190524/4.0.0/Images/ACR-065/MacMaster_Install [1].png","200527/MacMaster-190524/4.0.0/Images/ACR-065/MacMaster_About [1].png","200527/MacMaster-190524/4.0.0/Images/ACR-065/MacMaster_Interaction [2].png","200527/MacMaster-190524/4.0.0/Images/ACR-099/MacMaster_About [1].png","200527/MacMaster-190524/4.0.0/Images/ACR-099/MacMaster_LandingPage [1].png","200527/MacMaster-190524/4.0.0/Images/ACR-099/MacMaster_LandingPage [2].png","200527/MacMaster-190524/4.0.0/Images/ACR-099/MacMaster_OfferPage [3].png","200527/MacMaster-190524/4.0.0/Images/ACR-099/MacMaster_Purchase [1].png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_4.0.0_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"4.0.0","sigName":"Deceptor:MacOS/MacMaster!004084","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1763},{"violations":{"ACR-004":"The app shows free scan results, but does not offer a fully functional trial. The app only cleans 500MB before requiring you to pay for a license.\n"},"nonDeceptorViolations":{"ACR-065":"The install page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"e9500086baac72e301841cb6a0ee846d","hashSHA1":"2a2385b0fa4dab961f4c3b7c3c26e7dfbe008fb2","hashSHA256":"88f9cd5168b59127d22a66bc7428356de8ab6911fb653bd9537824099cc6bfc0","sourceIndex":"2773","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"bbeba044d856ce78491aa25beb3ecf13","hashSHA1":"39de3d7f70ccf682a6edb8f7075ea521fcead7ec","hashSHA256":"a03c8bc5752b5b04ea516274ff2f5c48831b37e2fd7bea53c56f520b85d8db45","sourceIndex":"2773","avBlockList":["Avast Security for Mac (20210608)","Avira Security for Mac (20210608)","Bitdefender Antivirus for Mac (20210608)","ESET Cyber Security Pro for Mac (20210608)","K7 Antivirus for Mac (20210608)","McAfee Internet Security for Mac (20210608)","Norton Security for Mac (20210608)","Sophos Home Premium For Mac (20210608)","Trend Micro Antivirus for Mac (20210608)"],"avAllowList":["G DATA AntiVirus for Mac (20210608)","Kaspersky Internet Security for Mac (20210608)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.dmg","sourceIndex":"2773"}],"sampleFiles":["190919/MacMaster-190524/3.0.6/Samples/macmaster.dmg"],"imageFiles":["190919/MacMaster-190524/3.0.6/Images/ACR-004/MacMaster ACR004.gif"],"nonDeceptorImageFiles":["190919/MacMaster-190524/3.0.6/Images/ACR-065/Installer Page.png","190919/MacMaster-190524/3.0.6/Images/ACR-065/MacMaster About Page.png","190919/MacMaster-190524/3.0.6/Images/ACR-065/Bottom of Landing Page.png","190919/MacMaster-190524/3.0.6/Images/ACR-099/MacMaster About Page.png","190919/MacMaster-190524/3.0.6/Images/ACR-099/Bottom of Landing Page.png","190919/MacMaster-190524/3.0.6/Images/ACR-099/Bottom of Internal Offers.png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_3.0.6_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"3.0.6","sigName":"Deceptor:MacOS/MacMaster!004","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-01-27T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1764},{"violations":{"ACR-004":"App does not provide free fixes for all the scan results that can't be permanently fixed, it can only clean 500MB then uses the remaining issues identified to upsell user the fix, requiring user to purchase subscription service to fix all results identified.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install wizard does not show both links to the Returns and Cancellation Policy and Privacy Policy.\nThe app's About page does not show both links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacMaster","fileVersion":"0.","hashMD5":"b212db14394732a52b535f1f8868cfc8","hashSHA1":"1ac354b2900b34c84ac93245bd723c4e408aac35","hashSHA256":"f29ba3a253a07bc48241f2f7d51e9c1aa5d194037aacbdedaf3e217321fc403b","sourceIndex":"1999","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macmaster.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"c7ff39a888af29aa88a8ff7e91787f56","hashSHA1":"f2ee89116cea5c9b2790af2f23c50e4caaa34f3f","hashSHA256":"304eeb4e4abed09e14723c37254bb3ccc0ae122f7da155b58544dab9e470508a","sourceIndex":"1999","avBlockList":["Avast Security for Mac (20210713)","Avira Security for Mac (20210713)","Bitdefender Antivirus for Mac (20210713)","ESET Cyber Security Pro for Mac (20210713)","G DATA AntiVirus for Mac (20210713)","K7 Antivirus for Mac (20210713)","McAfee Internet Security for Mac (20210713)","Norton Security for Mac (20210713)","Sophos Home Premium For Mac (20210713)","Trend Micro Antivirus for Mac (20210713)"],"avAllowList":["Kaspersky Internet Security for Mac (20210713)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://mac.fonepaw.com","directDownloadingLink":"https://www.fonepaw.com/downloads/macmaster.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.fonepaw.com/downloads/macmaster.pkg","sourceIndex":"1999"}],"sampleFiles":["210127/MacMaster-190524/4.1.0/Samples/MacMaster","210127/MacMaster-190524/4.1.0/Samples/macmaster.pkg"],"imageFiles":["210127/MacMaster-190524/4.1.0/Images/ACR-004/MacMaster_Interactions [1].png"],"nonDeceptorImageFiles":["210127/MacMaster-190524/4.1.0/Images/ACR-045/MacMaster_LandingPage [1].png","210127/MacMaster-190524/4.1.0/Images/ACR-045/MacMaster_LandingPage [5].png","210127/MacMaster-190524/4.1.0/Images/ACR-065/MacMaster_Install [1].png","210127/MacMaster-190524/4.1.0/Images/ACR-065/MacMaster_Install [2].png","210127/MacMaster-190524/4.1.0/Images/ACR-065/MacMaster_Install [3].png","210127/MacMaster-190524/4.1.0/Images/ACR-065/MacMaster_Install [6].png","210127/MacMaster-190524/4.1.0/Images/ACR-065/MacMaster_About [1].png","210127/MacMaster-190524/4.1.0/Images/ACR-161/MacMaster_LandingPage [3].png","210127/MacMaster-190524/4.1.0/Images/ACR-161/MacMaster_LandingPage [4] Testimonials.png","210127/MacMaster-190524/4.1.0/Images/ACR-099/MacMaster_About [1].png","210127/MacMaster-190524/4.1.0/Images/ACR-099/MacMaster_LandingPage [2].png","210127/MacMaster-190524/4.1.0/Images/ACR-099/MacMaster_LandingPage [3].png","210127/MacMaster-190524/4.1.0/Images/ACR-099/MacMaster_OfferPage [1].png","210127/MacMaster-190524/4.1.0/Images/ACR-099/MacMaster_OfferPage [3].png"],"guid":"8b313d84-107a-4e6f-897b-bb8793dd0031_4.1.0_1","appID":"MacMaster-190524","dateAdded":"210127","deceptorType":"MacOS App","name":"Mac Master","company":"FonePaw Technology Limited","version":"4.1.0","firstVendorContactDate":"200921","firstAppEsteemReplyDate":"200922","lastKnownStatus":"Deceptor:3.0.5,3.0.6;4.0.0;4.0.3;4.0.4;4.0.5;4.0.7;4.0.8;4.1.0","lastKnownDate":"210127","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-27T23:26:58.085657+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":10,"sortOrder":1756},{"violations":{"ACR-003":"The items reported during free scan is not substantiated with details. \n","ACR-004":"1) App report non substantiated out of date drivers found and requires user to buy app to fix the issues. While in shopping cart, the description of App says it is free.\n2) App report non substantiated windows errors detected, it exaggerates sense of urgency and doesn't provide free fix. Instead it requires user to install another app to check the details and fix it. \n\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-014":"The number of Days of Refund is not consistent between the Refund Page vs Offer Page.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real. The quote in shopping cart says app is FREE, which is misleading. \n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-171":"Offers requiring recurring and additional payments that were not pre-disclosed must not be opt-out.\n"},"samples":[{"isRevoked":"False","fileName":"biosagentplus_.exe","isInstaller":"True","companyName":"Copyright © 2018 eSupport.com, Inc • All Rights Reserved    ","fileVersion":"2.2019","hashMD5":"14f39e0e31428ff6cdb3dc2d11651933","hashSHA1":"81d078679e37ee5ed7b3f3deedd224fdde9d3a6d","hashSHA256":"b5d6709c191f33c6a29eb00d760cf12dd220010fc9edfae840138fccd8411915","digitalCertThumbprint":"37D3BDE607ADF8EA3B77EB5163A8968B0C4A5AFA","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"eSupport.com, Inc\", O=\"eSupport.com, Inc\", STREET=8540 DAYTON AVE, L=Fort Myers, S=FL, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=4833921, OID.2.5.4.15=Private Organization","sourceIndex":"357","avBlockList":["360 Total Security (20210629)","Avast Premium Security (20210629)","AVG Internet Security (20210629)","Avira Internet Security (20210629)","Dr.Web Security Space (20210629)","ESET Internet Security (20210629)","G DATA INTERNET SECURITY (20210629)","K7 Total Security (20210629)","Kaspersky Internet Security (20210629)","Malwarebytes Premium (20210629)","McAfee Total Protection (20210629)","Norton Security (20210629)","Panda Dome (20210629)","Quick Heal Internet Security (20210629)","Sophos Home Premium (20210629)","SpyHunter5 (20210629)","Total AV Antivirus Pro (20210629)","Trend Micro Internet Security (20210629)","VirIT eXplorer PRO (20210629)","Webroot SecureAnywhere (20210629)","Windows Defender (20210629)"],"avAllowList":["Bitdefender Internet Security (20210629)","COMODO Antivirus (20210629)","Tencent PC Manager (20210629)","VIPRE Advanced Security (20210629)"]},{"isRevoked":"False","fileName":"BIOSAgentPlus.exe","companyName":"Copyright © 2019 eSupport.com. All Rights Reserved.","fileVersion":"2.2019","hashMD5":"aaebad3ec93c0e6ef585a3f8d8ec7c1a","hashSHA1":"fe5b62e6fb6d748bfcf4a22026b1346ce9df79d5","hashSHA256":"6921048a0afae3ac7694669112dbe069c09038b4bbb83a73c8424894a0495181","digitalCertThumbprint":"37D3BDE607ADF8EA3B77EB5163A8968B0C4A5AFA","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"eSupport.com, Inc\", O=\"eSupport.com, Inc\", STREET=8540 DAYTON AVE, L=Fort Myers, S=FL, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=4833921, OID.2.5.4.15=Private Organization","sourceIndex":"357","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://biosagentplus.com/","directDownloadingLink":"https://biosagentplus.com/scan/biosagentplus.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://biosagentplus.com/scan/biosagentplus.exe","sourceIndex":"357"}],"sampleFiles":["210125/BIOSAgentPlus-210125/2.2019.1.31/Samples/biosagentplus_.exe","210125/BIOSAgentPlus-210125/2.2019.1.31/Samples/BIOSAgentPlus.exe"],"imageFiles":["210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_Interaction [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_Interaction [2].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_Interaction [4].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_Interaction [5].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_Interaction [6].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_OfferPage [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_OfferPage [2].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_Interaction [3]_.png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_Redirect [2].gif","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-004/BIOSAgentPlus_Redirect [1].gif","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-003/BIOSAgentPlus_Interaction [3]_.png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-118/BIOSAgentPlus_RetainedFileAfterUninstall [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-014/BIOSAgentPlus_Refund [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-014/BIOSAgentPlus_Refund [2].png"],"nonDeceptorImageFiles":["210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-065/BIOSAgentPlus_Interaction [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-065/BIOSAgentPlus_Interaction [2].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-065/BIOSAgentPlus_Interaction [3].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-099/BIOSAgentPlus_Interaction [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-099/BIOSAgentPlus_LandingPage [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-161/BIOSAgentPlus_LandingPage [2] Testimonial.png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-161/BIOSAgentPlus_LandingPage [3] Testimonial.png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-161/BIOSAgentPlus_OfferPage [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-171/BIOSAgentPlus_OfferPage [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-171/BIOSAgentPlus_OfferPage [2].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-099/BIOSAgentPlus_OfferPage [1].png","210125/BIOSAgentPlus-210125/2.2019.1.31/Images/ACR-099/BIOSAgentPlus_OfferPage [2].png"],"guid":"32af32f1-b011-4122-b52a-41fd23f13334_2.2019.1.31_1","appID":"BIOSAgentPlus-210125","dateAdded":"210125","deceptorType":"App","name":"BIOSAgent Plus","company":"eSupport.com, Inc.","version":"2.2019.1.31","sigName":"Deceptor:Win32/BIOSAgentPlus!004003118014","lastKnownStatus":"2.2019.1.31","lastKnownDate":"241113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:18.3987574+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1766},{"violations":{"ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer. The app can then only be reopened with a hotkey.\n","ACR-084":"The app enables the installing consumer to hide it from the system tray, which hides its presence from the targeted consumer. The app can then only be reopened with a hotkey.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data.\n","ACR-097":"The app tells the user that they must disable all antivirus software before downloading the app.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed into a folder with the name \"OYF\", which is completely unrelated to the app name. This folder is located inside \"ProgramData\", which is a hidden folder.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-082":"The app enables the consumer to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"setup (password=ardamax).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6172d3c25c92d401c50bbcfcc40b160b","hashSHA1":"ffd44d5c4c3083bb6e0391a5fea5fd6b067e5b1f","hashSHA256":"125fbd31bd98a7ca7f6b35fa87c92e6def50c6763b37f2d7a7983c18a622013a","sourceIndex":"2607","avBlockList":["360 Total Security (20210420)","Avast Internet Security (20191212)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","Tencent PC Manager (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)","Avast Premium Security (20210420)","SpyHunter5 (20210420)","Total AV Antivirus Pro (20210420)"],"avAllowList":["Dr.Web Security Space (20210420)","Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"OYF.exe","fileVersion":"0.0","hashMD5":"ef5e8613025f6f2a1be6f9b53e656147","hashSHA1":"80468ef918633d0babca0a9f1be08c4ee229b12a","hashSHA256":"76b7b3c1b2e04d2710bd7d21fc8afc7404fa913a9128c0fc408011330fc96eb0","sourceIndex":"2607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Viewer.exe","fileVersion":"0.0","hashMD5":"44e5f71e2df6cfa1feb55f345b750584","hashSHA1":"2a22b3535a39a08597d5f3b9b1da4bf5c3916f40","hashSHA256":"86c1306ae4da0fc48630574ae294bb30fd06078dbf0f71de055621fc51d01911","sourceIndex":"2607","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.elitekeyloggers.com/help/best-keylogger.html","reference":"Hunt.Search","landingPage":"https://www.ardamax.com/","directDownloadingLink":"https://mega.nz/#!8d5XBKDY!NLzgpGBb3sYmx_E7OvCjv8Fiul61U3237HNv63WVIfA","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/#!8d5XBKDY!NLzgpGBb3sYmx_E7OvCjv8Fiul61U3237HNv63WVIfA","sourceIndex":"2607"}],"sampleFiles":["191111/ArdamaxKeylogger-191106/5.1/Samples/setup (password=ardamax).exe","191111/ArdamaxKeylogger-191106/5.1/Samples/OYF.exe","191111/ArdamaxKeylogger-191106/5.1/Samples/Viewer.exe"],"imageFiles":["191111/ArdamaxKeylogger-191106/5.1/Images/ACR-007/Ardamax Hidden 1.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-007/Ardamax hidden 2.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-007/Ardamax hidden 3.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-084/Ardamax hidden 3.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-084/Ardamax hidden 2.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-084/Ardamax Hidden 1.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-086/Ardamax hidden 3.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-097/Ardamax Install.png"],"nonDeceptorImageFiles":["191111/ArdamaxKeylogger-191106/5.1/Images/ACR-040/Ardamax Install Location.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-065/Ardamax Install.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-065/Ardamax About.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-065/Ardamax Landing Page.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-065/Ardamax Internal Offers.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-082/Ardamax Install.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-099/Ardamax About.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-099/Ardamax Landing Page.png","191111/ArdamaxKeylogger-191106/5.1/Images/ACR-099/Ardamax Internal Offers.png"],"guid":"7215f6a1-504d-4be0-8a73-666ff9bf0633_5.1_1","appID":"ArdamaxKeylogger-191106","dateAdded":"210121","deceptorType":"App","name":"Ardamax Keylogger","company":"Ardamax Software","version":"5.1","sigName":"Deceptor:Win32/ArdamaxStalkerware!007084086097","lastKnownStatus":"Deceptor:5.1;5.2","lastKnownDate":"201022","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2021-01-21T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1769},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and/or password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray. The app uses a hotkey and/or password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus list in order to prevent detection.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is located inside of a system file directory, which prevents the consumer from being able to find it.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"pds-setup (password=2013).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"fa162891491c94a5cfb587bd5daa324d","hashSHA1":"e975f27bb00df78a6687780b0d4d490c06576642","hashSHA256":"cc403c4a3b5f7db2e65408e1b2bdef71baba3bd9e855709b6fcc1fd6227053e3","sourceIndex":"358","avBlockList":["360 Total Security (20210318)","Avast Premium Security (20210318)","AVG Internet Security (20210318)","Avira Internet Security (20210318)","Bitdefender Internet Security (20210318)","COMODO Antivirus (20210318)","Dr.Web Security Space (20210318)","ESET Internet Security (20210318)","G DATA INTERNET SECURITY (20210318)","K7 Total Security (20210318)","Kaspersky Internet Security (20210318)","Malwarebytes Premium (20210318)","McAfee Total Protection (20210318)","Norton Security (20210318)","Panda Dome (20210318)","Quick Heal Internet Security (20210318)","Sophos Home Premium (20210318)","SpyHunter5 (20210318)","Tencent PC Manager (20210318)","Total AV Antivirus Pro (20210318)","Trend Micro Internet Security (20210318)","VIPRE Advanced Security (20210318)","VirIT eXplorer PRO (20210318)","Webroot SecureAnywhere (20210318)","Windows Defender (20210318)"],"avAllowList":[]},{"isRevoked":"False","fileName":"desktop-spy-agent.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"98b07bc35908b54bb24fa55266922ae7d13cfd20144474583d9cab5479c00a90","sourceIndex":"358","avBlockList":["360 Total Security (20210318)","Avast Premium Security (20210318)","AVG Internet Security (20210318)","Avira Internet Security (20210318)","Bitdefender Internet Security (20210318)","COMODO Antivirus (20210318)","Dr.Web Security Space (20210318)","ESET Internet Security (20210318)","G DATA INTERNET SECURITY (20210318)","K7 Total Security (20210318)","Kaspersky Internet Security (20210318)","Malwarebytes Premium (20210318)","McAfee Total Protection (20210318)","Norton Security (20210318)","Panda Dome (20210318)","Quick Heal Internet Security (20210318)","Sophos Home Premium (20210318)","SpyHunter5 (20210318)","Tencent PC Manager (20210318)","Total AV Antivirus Pro (20210318)","Trend Micro Internet Security (20210318)","VIPRE Advanced Security (20210318)","VirIT eXplorer PRO (20210318)","Webroot SecureAnywhere (20210318)","Windows Defender (20210318)"],"avAllowList":[]},{"isRevoked":"False","fileName":"dsa.exe","fileVersion":"0.0","hashMD5":"eebf702acb8c9e28e55cda732e58df69","hashSHA1":"dd9de837bfdcc7f74fb4c3492869ac7783dffbf2","hashSHA256":"54d575646c6cb06a1d7f2095cc867abe5b0d7d1a2040e86e236d5968ca61cba7","sourceIndex":"358","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://spyarsenal.com/","landingPage":"https://www.spyarsenal.com/desktop-spy-agent/","directDownloadingLink":"https://files.spyarsenal.com/dl.php?key600809b98b4d84.93661389","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.spyarsenal.com/dl.php?key600809b98b4d84.93661389","sourceIndex":"358"}],"sampleFiles":["210121/PersonalDesktopSpy-210120/2.10/Samples/pds-setup (password=2013).exe","210121/PersonalDesktopSpy-210120/2.10/Samples/desktop-spy-agent.zip","210121/PersonalDesktopSpy-210120/2.10/Samples/dsa.exe"],"imageFiles":["210121/PersonalDesktopSpy-210120/2.10/Images/ACR-084/PersonalDesktopSpy_Interactions [3] Stealth_.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-084/PersonalDesktopSpy_Interactions [5] Hotkey.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-086/PersonalDesktopSpy_Interactions [3] Stealth_.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-086/PersonalDesktopSpy_Interactions [5] Hotkey.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-086/PersonalDesktopSpy_Interactions [7] Password.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-086/PersonalDesktopSpy_Interactions [8] Password.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-097/PersonalDesktopSpy_LandingPage [1].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-048/PersonalDesktopSpy_Interactions [3] Stealth.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-007/PersonalDesktopSpy_Interactions [3] Stealth_Password.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-007/PersonalDesktopSpy_Interactions [7] Password.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-007/PersonalDesktopSpy_Interactions [8] Password.png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-007/PersonalDesktopSpy_Interactions [5] Hotkey.png"],"nonDeceptorImageFiles":["210121/PersonalDesktopSpy-210120/2.10/Images/ACR-038/PersonalDesktopSpy_FileProperty [1].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-038/PersonalDesktopSpy_FileProperty [3].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-040/PersonalDesktopSpy_Files [1].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-065/PersonalDesktopSpy_Install [1].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-065/PersonalDesktopSpy_Install [2].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-065/PersonalDesktopSpy_Install [3].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-065/PersonalDesktopSpy_Install [4].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-092/PersonalDesktopSpy_FileProperty [2].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-092/PersonalDesktopSpy_FileProperty [4].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-065/PersonalDesktopSpy_About [1].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-099/PersonalDesktopSpy_About [1].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-099/PersonalDesktopSpy_LandingPage [3].png","210121/PersonalDesktopSpy-210120/2.10/Images/ACR-099/PersonalDesktopSpy_OfferPage [1].png"],"guid":"ad8d4d0b-4dfd-4a42-a1b3-14190e3a6268_2.10_1","appID":"PersonalDesktopSpy-210120","dateAdded":"210121","deceptorType":"App","name":"Personal Desktop Spy ","company":"SpyArsenal.com","version":"2.10","sigName":"Deceptor:Win32/PersonalDesktopSpy!084086097048007","lastKnownStatus":"2.10","lastKnownDate":"241113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:18.4289514+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1767},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close the app.\n","ACR-007":"The app enables the installing consumer to hide it from the system tray, which hides all notification of the app's presence from the targeted consumer. The app can then only be reopened with a hotkey.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden directory. The app uses a hotkey to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to.\nThe app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n\n","ACR-097":"The app prompts the user to disable anti-virus software in order to prevent detection.\n","ACR-014":"The app calls itself \" IWG”, which is not related to the name \"Ardamax Keylogger\", which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is installed into a folder with the name \"IWG\", which is completely unrelated to the app name. This folder is located inside \"ProgramData\", which is a hidden folder.\n","ACR-065":"The install wizard does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offers page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-082":"The app discloses that there is a possibility that its functions may violate laws in certain states, enabling the consumer to violate laws.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the software and landing page.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"IWG.exe","fileVersion":"0.0","hashMD5":"a2df05a6c90410e02ec8ff22fd074eb2","hashSHA1":"8d9ff832cccf0841d6c288fa9f012c7286c4041e","hashSHA256":"87369da28b6e8fbfce43c4c2b94e71c5eef51da5c12b1f414780f0e314a5e497","sourceIndex":"2000","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_akl32_18.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"a560899dc5abd7619bdbac44058d1ae4c4069747364a76d269c2e19a53ec49ed","sourceIndex":"2000","avBlockList":["360 Total Security (20210202)","Avast Premium Security (20210202)","AVG Internet Security (20210202)","Avira Internet Security (20210202)","Bitdefender Internet Security (20210202)","Dr.Web Security Space (20210202)","ESET Internet Security (20210202)","G DATA INTERNET SECURITY (20210202)","K7 Total Security (20210202)","Kaspersky Internet Security (20210202)","Malwarebytes Premium (20210202)","McAfee Total Protection (20210202)","Norton Security (20210202)","Panda Dome (20210202)","Quick Heal Internet Security (20210202)","Sophos Home Premium (20210202)","SpyHunter5 (20210202)","Tencent PC Manager (20210202)","VIPRE Advanced Security (20210202)","VirIT eXplorer PRO (20210202)","Webroot SecureAnywhere (20210202)","Windows Defender (20210202)"],"avAllowList":["COMODO Antivirus (20210202)","Total AV Antivirus Pro (20210202)","Trend Micro Internet Security (20210202)"]},{"isRevoked":"False","fileName":"setup_akl32 (password=ardamax).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c0d70a9e0e2eb233d570dd2c695189ec","hashSHA1":"57f3c5a602161c156584da775cef26c9a5c64cea","hashSHA256":"107e1e97064cdcbd73046d89b31d1cc8e38a1198c5552539c255d4a16e96702d","sourceIndex":"2000","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"http://www.updownload.com/","reference":"Hunt.Search","landingPage":"https://www.ardamax.com/","directDownloadingLink":"https://mega.nz/46b02d68-7148-495c-8015-2bc73b576863","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/46b02d68-7148-495c-8015-2bc73b576863","sourceIndex":"2000"}],"sampleFiles":["210121/ArdamaxKeylogger-191106/5.2/Samples/IWG.exe","210121/ArdamaxKeylogger-191106/5.2/Samples/setup_akl32_18.zip","210121/ArdamaxKeylogger-191106/5.2/Samples/setup_akl32 (password=ardamax).exe"],"imageFiles":["210121/ArdamaxKeylogger-191106/5.2/Images/ACR-048/Ardamax Keylogger_Interactions [2] Stealth.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-048/Ardamax Keylogger_Interactions [16].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-048/Ardamax Keylogger_Interactions [17] Stealth.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-007/Ardamax Keylogger_Interactions [2] Stealth.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-007/Ardamax Keylogger_Interactions [16].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-007/Ardamax Keylogger_Interactions [17] Stealth.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-014/Ardamax Keylogger_RunningProcess [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-084/Ardamax Keylogger_Interactions [2] Stealth.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-084/Ardamax Keylogger_Install [3].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-084/Ardamax Keylogger_Interactions [16].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-084/Ardamax Keylogger_Interactions [17] Stealth.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [17] Stealth.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [7] Monitoring.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [8] Monitoring.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [9] Monitoring.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [10] Monitoring.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [11] Monitoring.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [12] Delivery.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [13] Delivery.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [14] Delivery.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [15] Delivery.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [3] Password.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-086/Ardamax Keylogger_Interactions [4] Password.png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-097/Ardamax Keylogger_Install [1].png"],"nonDeceptorImageFiles":["210121/ArdamaxKeylogger-191106/5.2/Images/ACR-038/Ardamax Keylogger_FileProperty [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-038/Ardamax Keylogger_FileProperty [2].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-040/Ardamax Keylogger_Install [3].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-040/Ardamax Keylogger_Files [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-065/Ardamax Keylogger_Install [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-065/Ardamax Keylogger_Install [2].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-065/Ardamax Keylogger_Install [3].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-065/Ardamax Keylogger_Install [4].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-065/Ardamax Keylogger_About [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-065/Ardamax Keylogger_LandingPage [2].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-065/Ardamax Keylogger_OfferPage [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-082/Ardamax Keylogger_Install [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-092/Ardamax Keylogger_FileProperty [3].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-092/Ardamax Keylogger_FileProperty [4].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-099/Ardamax Keylogger_About [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-099/Ardamax Keylogger_LandingPage [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-099/Ardamax Keylogger_LandingPage [2].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-099/Ardamax Keylogger_OfferPage [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-035/Ardamax Keylogger_About [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-035/Ardamax Keylogger_LandingPage [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-035/Ardamax Keylogger_LandingPage [2].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-037/Ardamax Keylogger_LandingPage [1].png","210121/ArdamaxKeylogger-191106/5.2/Images/ACR-037/Ardamax Keylogger_LandingPage [2].png"],"guid":"7215f6a1-504d-4be0-8a73-666ff9bf0633_5.2_1","appID":"ArdamaxKeylogger-191106","dateAdded":"210121","deceptorType":"App","name":"Ardamax Keylogger","company":"Ardamax Software","version":"5.2","sigName":"Deceptor:Win32/ArdamaxKeyloggerStalkerware!048007014084086097","lastKnownStatus":"Deceptor:5.1;5.2","lastKnownDate":"201022","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-22T00:11:46.670568+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1768},{"violations":{"ACR-004":"The application provides free scan results and uses these results to upsell the consumer to a subscription service.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe app does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's company name is not consistent across App interaction. It shows as \"com.AngularTech.OsxHelper.plist\" in the LaunchDaemons Library (auto launch).\n","ACR-092":"The App shows different vendor name \"Guangxi Nanning Liangdu Technology Inc.\" that is not mentioned in the App's landing page and product information.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Osx_Uninstaller_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"cb5944ffcb1606a2d1baf166e98afcf6","hashSHA1":"246598654145e4a06f7937ce4cd6ce637147542a","hashSHA256":"405523c72c7c07a6d4e80892f905cd1b142247c69ad19d1d5a2e8e9ff149579c","sourceIndex":"1849","avBlockList":["Avast Security for Mac (20210608)","Avira Security for Mac (20210608)","Bitdefender Antivirus for Mac (20210608)","ESET Cyber Security Pro for Mac (20210608)","Norton Security for Mac (20210608)","Sophos Home Premium For Mac (20210608)","Trend Micro Antivirus for Mac (20210608)"],"avAllowList":["G DATA AntiVirus for Mac (20210608)","K7 Antivirus for Mac (20210608)","Kaspersky Internet Security for Mac (20210608)","McAfee Internet Security for Mac (20210608)"]},{"isRevoked":"False","fileName":"OsxUninstaller","fileVersion":"0.","hashMD5":"a8e40e3f78d6211f83ece8e79f7cbf15","hashSHA1":"1a868ef3def7c8e3f6767a7ef613a7a76c773ee3","hashSHA256":"d83d65f6d7eddcb8354078366177d588cc755b0c12cd6d7363b2cc98a73a91c4","sourceIndex":"1849","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://osxuninstaller.com","landingPage":"https://osxuninstaller.com","directDownloadingLink":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","sourceIndex":"1849"}],"sampleFiles":["210119/OsxUninstaller-191028/5.20.12.2801/Samples/Osx_Uninstaller_Setup.dmg","210119/OsxUninstaller-191028/5.20.12.2801/Samples/OsxUninstaller"],"imageFiles":["210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-004/OsxUninstaller_Interactions [1].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-004/OsxUninstaller_Interactions [2].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-004/OsxUninstaller_Interactions [3].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-084/OsxUninstaller_About [2].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-084/OsxUninstaller_AutoLaunch [1].png"],"nonDeceptorImageFiles":["210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-092/OsxUninstaller_OfferPage [3]_.png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-092/OsxUninstaller_LandingPage [1].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-092/OsxUninstaller_TOS [1].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-002/OsxUninstaller_About [2].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-002/OsxUninstaller_AutoLaunch [1].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-099/Osx Uninstaller_About [1].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-065/OsxUninstaller_Install [1].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-065/OsxUninstaller_About [1].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-065/OsxUninstaller_About [2].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-099/Osx Uninstaller_LandingPage [1].png","210119/OsxUninstaller-191028/5.20.12.2801/Images/ACR-099/Osx Uninstaller_OfferPage [1].png"],"guid":"296ab946-078f-46a8-ad97-ca7d97147358_5.20.12.2801_1","appID":"OsxUninstaller-191028","dateAdded":"210119","deceptorType":"MacOS App","name":"Osx Uninstaller","company":"osxuninstaller.com","version":"5.20.12.2801","sigName":"Deceptor:MacOS/OsxUninstaller!004084","firstResolvedVersion":"5.21.7.1206","resolved":"TRUE","lastKnownStatus":"3.19.7.23;3.20.2.1401;3.20.7.1702;5.20.9.205;5.20.11.901;5.20.12.2801","lastKnownDate":"210716","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-17T05:27:35.188951+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1770},{"violations":{"ACR-004":"The application provides free scan results and uses these results to upsell the consumer to a subscription service.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThe app does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App's company name is not consistent across App interaction. It shows as \"com.AngularTech.OsxHelper.plist\" in the LaunchDaemons Library (auto launch).\n","ACR-092":"The App shows different vendor name \"Guangxi Nanning Liangdu Technology Inc.\" that is not mentioned in the App's landing page and product information.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Osx_Uninstaller_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"6f9bf50052e48828602d04ad6a12a541","hashSHA1":"2c7613685911474bb39b772251b43d8df01a8c87","hashSHA256":"60060e8c7176a694db4a14037f496078f6ace63ac172d2218c2a0350cbec42c8","sourceIndex":"2070","avBlockList":["Avast Security for Mac (20201110)","Avira Security for Mac (20201110)","Bitdefender Antivirus for Mac (20201110)","ESET Cyber Security Pro for Mac (20201110)","G DATA AntiVirus for Mac (20201110)","K7 Antivirus for Mac (20201110)","McAfee Internet Security for Mac (20201110)","Norton Security for Mac (20201110)","Sophos Home Premium For Mac (20201110)","Trend Micro Antivirus for Mac (20201110)"],"avAllowList":["Kaspersky Internet Security for Mac (20201110)"]},{"isRevoked":"False","fileName":"OsxUninstaller","fileVersion":"0.","hashMD5":"1ca1b08174690d728a6272597a605e40","hashSHA1":"bb259b05781b95f033628b93e98b28f25a23c560","hashSHA256":"82cad2d16e472b1eddfe2db992acb4bda5f46d6fd161bccfe29fdb912ccb9c9a","sourceIndex":"2070","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Uninstall Unwanted Programs\"","reference":"https://osxuninstaller.com","landingPage":"https://osxuninstaller.com","directDownloadingLink":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","sourceIndex":"2070"}],"sampleFiles":["201014/OsxUninstaller-191028/5.20.9.205/Samples/Osx_Uninstaller_Setup.dmg","201014/OsxUninstaller-191028/5.20.9.205/Samples/OsxUninstaller"],"imageFiles":["201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-004/OsxUninstaller_Interactions [1].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-004/OsxUninstaller_Interactions [2] Scanning_.png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-004/OsxUninstaller_Interactions [3] Register_.png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-004/OsxUninstaller_OfferPage [1]_.png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-004/OsxUninstaller_OfferPage [2].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-084/OsxUninstaller_AutoLaunch [1].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-084/OsxUninstaller_Interactions [1].png"],"nonDeceptorImageFiles":["201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-092/OsxUninstaller_OfferPage [1]_.png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-092/OsxUninstaller_OfferPage [2].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-002/OsxUninstaller_About [1].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-002/OsxUninstaller_AutoLaunch [1].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-099/OsxUninstaller_About [1].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-099/OsxUninstaller_About [3].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-065/OsxUninstaller_Installs [1].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-065/OsxUninstaller_About [1].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-065/OsxUninstaller_About [3].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-099/OsxUninstaller_LandingPage [1].png","201014/OsxUninstaller-191028/5.20.9.205/Images/ACR-099/OsxUninstaller_OfferPage [1]_.png"],"guid":"296ab946-078f-46a8-ad97-ca7d97147358_5.20.9.205_1","appID":"OsxUninstaller-191028","dateAdded":"210119","deceptorType":"MacOS App","name":"Osx Uninstaller","company":"osxuninstaller.com","version":"5.20.9.205","sigName":"Deceptor:MacOS/OsxUninstaller!004084","firstResolvedVersion":"5.21.7.1206","resolved":"TRUE","lastKnownStatus":"3.19.7.23;3.20.2.1401;3.20.7.1702;5.20.9.205;5.20.11.901;5.20.12.2801","lastKnownDate":"210716","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1772},{"violations":{"ACR-004":"The application provides free scan results and uses these results to upsell the consumer to a subscription service.\n","ACR-084":"The Application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThe app does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App's company name is not consistent across App interaction. It shows as \"com.AngularTech.OsxHelper.plist\" in the LaunchDaemons Library (auto launch).\n","ACR-092":"The App shows different vendor name \"Guangxi Nanning Liangdu Technology Inc.\" that is not mentioned in the App's landing page and product information.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Osx_Uninstaller_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"cd0564e6fe5b0ec68ef744c459dd17a9","hashSHA1":"e8da7938abba3383e0ff43fd5f304e17acfcb802","hashSHA256":"67ebea50d6df667c7a456a8f39b25bb3417641ffad89d4104faa63e2fff2bc2a","sourceIndex":"2135","avBlockList":["Avast Security for Mac (20210112)","Avira Security for Mac (20210112)","Bitdefender Antivirus for Mac (20210112)","ESET Cyber Security Pro for Mac (20210112)","G DATA AntiVirus for Mac (20210112)","K7 Antivirus for Mac (20210112)","McAfee Internet Security for Mac (20210112)","Norton Security for Mac (20210112)","Sophos Home Premium For Mac (20210112)","Trend Micro Antivirus for Mac (20210112)"],"avAllowList":["Kaspersky Internet Security for Mac (20210112)"]},{"isRevoked":"False","fileName":"OsxUninstaller","fileVersion":"0.","hashMD5":"3650e124b58d111835d1af6fef06ad9e","hashSHA1":"1ae8ce65cb5cb11fc7adaad7a228b7688c13f0a9","hashSHA256":"25a1310308fe61d2901181b72d7ea7ee3d7572577dc1bee81414a90c5d06cae0","sourceIndex":"2135","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Uninstall Unwanted Programs\"","reference":"https://osxuninstaller.com","landingPage":"https://osxuninstaller.com","directDownloadingLink":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","sourceIndex":"2135"}],"sampleFiles":["200810/OsxUninstaller-191028/3.20.7.1702/Samples/Osx_Uninstaller_Setup.dmg","200810/OsxUninstaller-191028/3.20.7.1702/Samples/OsxUninstaller"],"imageFiles":["200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-004/OsxUninstaller_Interactions [2].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-004/OsxUninstaller_Interactions [2] Results.png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-004/OsxUninstaller_Interactions [3] Results.png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-004/OsxUninstaller_Interactions [4] Results.png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-004/OsxUninstaller_OfferPage [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-004/OsxUninstaller_OfferPage [2].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-084/OsxUninstaller_LaunchDaemon [1].png"],"nonDeceptorImageFiles":["200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-092/OsxUninstaller_OfferPage [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-092/OsxUninstaller_OfferPage [2].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-002/OsxUninstaller_About [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-002/OsxUninstaller_LaunchDaemon [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-099/OsxUninstaller_About [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-065/OsxUninstaller_Install [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-065/OsxUninstaller_About [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-065/OsxUninstaller_Interactions [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-099/OsxUninstaller_LandingPage [1].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-099/OsxUninstaller_LandingPage [2].png","200810/OsxUninstaller-191028/3.20.7.1702/Images/ACR-099/OsxUninstaller_OfferPage [1].png"],"guid":"296ab946-078f-46a8-ad97-ca7d97147358_3.20.7.1702_1","appID":"OsxUninstaller-191028","dateAdded":"210119","deceptorType":"MacOS App","name":"Osx Uninstaller","company":"osxuninstaller.com","version":"3.20.7.1702","sigName":"Deceptor:MacOS/OsxUninstaller!004084","firstResolvedVersion":"5.21.7.1206","resolved":"TRUE","lastKnownStatus":"3.19.7.23;3.20.2.1401;3.20.7.1702;5.20.9.205;5.20.11.901;5.20.12.2801","lastKnownDate":"210716","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1773},{"violations":{"ACR-004":"The application shows free results that request pay for subscription fee to fix them.\n","ACR-084":"App does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App's company name is not consistent across App interaction. It shows different names as \"AngularTech\" and \"osxuninstaller.com\" in the About section.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The App shows different vendor name \"Guangxi Nanning Liangdu Technology Inc.\" that is not mentioned in the App's landing page and product information.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"Osx_Uninstaller_Setup.dmg","isInstaller":"True","companyName":"AngularTech","productName":"Osx Uninstaller","productVersion":"3.19.7.23","fileVersion":"3.19.7.23","hashMD5":"8ecfdedb6dc45f71d0a128b0cf79f2ed","hashSHA1":"e099722cffe7324e5d706bc7ce7011c7e285222d","hashSHA256":"1a7d3e252903c51982cbc9b32ff0d13736eddd83d681fe3aaae5dd8757676e72","sourceIndex":"2644","avBlockList":["Avast Security for Mac (20210713)","Avira Security for Mac (20210713)","Bitdefender Antivirus for Mac (20210713)","ESET Cyber Security Pro for Mac (20210713)","K7 Antivirus for Mac (20210713)","McAfee Internet Security for Mac (20210713)","Norton Security for Mac (20210713)","Sophos Home Premium For Mac (20210713)","Trend Micro Antivirus for Mac (20210713)","Webroot SecureAnywhere AntiVirus for Mac (20200213)"],"avAllowList":["G DATA AntiVirus for Mac (20210713)","Kaspersky Internet Security for Mac (20210713)"]},{"isRevoked":"False","fileName":"/Applications/Osx Uninstaller.app/Contents/MacOS/Osx Uninstaller","companyName":"AngularTech","productName":"Osx Uninstaller","productVersion":"3.19.7.23","fileVersion":"3.19.7.23","hashMD5":"679aeee811da5832c81a4aa282dca76c","hashSHA1":"19d90ca0cd88d362f0205458b249d67cb4af727c","hashSHA256":"43850cc0ab1e4071b2e1b30acf95047ffb9347aae175e85b16148e32d4212447","sourceIndex":"2644","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Uninstall Unwanted Programs\"","reference":"https://osxuninstaller.com","landingPage":"https://osxuninstaller.com","directDownloadingLink":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","sourceIndex":"2644"}],"sampleFiles":["191029/OsxUninstaller-191028/3.19.7.23/Samples/Osx_Uninstaller_Setup.dmg","191029/OsxUninstaller-191028/3.19.7.23/Samples/Osx Uninstaller"],"imageFiles":["191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-004/analysis.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-004/004.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-004/buy.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-004/buy2.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-004/buy3.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-161/161.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-092/buy2.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-002/about.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-002/about2.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-099/099.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-099/about.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-065/install.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-065/about.png","191029/OsxUninstaller-191028/3.19.7.23/Images/ACR-065/about2.png"],"guid":"296ab946-078f-46a8-ad97-ca7d97147358_3.19.7.23_1","appID":"OsxUninstaller-191028","dateAdded":"210119","deceptorType":"MacOS App","name":"Osx Uninstaller","company":"osxuninstaller.com","version":"3.19.7.23","sigName":"Deceptor:MacOS/OsxUninstaller!004084","firstResolvedVersion":"5.21.7.1206","resolved":"TRUE","lastKnownStatus":"3.19.7.23;3.20.2.1401;3.20.7.1702;5.20.9.205;5.20.11.901;5.20.12.2801","lastKnownDate":"210716","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1775},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer: it prevents the app from showing in system tray, and locates its installation directory inside of a hidden system directory. The app uses a hotkey to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey to hide its presence\n","ACR-097":"Before downloading the installer, the app site prompts the user to disable anti-virus list in order to prevent detection.\n","ACR-116":"The app enables the consumer to hide it from the targeted consumer, which prevents them from uninstalling it using platform standard features.\n","ACR-014":"The app calls itself \" pdvserv.exe”, which is not related to the name \"Golden Keylogger\", which misleads the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-040":"The app is located inside of a hidden folder in the system file directory, which prevents the consumer from being able to find it.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction, install wizard and landing page\nThe App's version is not consistent between App interaction, install wizard and landing page\nThe App's version is not consistent between App interaction, install wizard and landing page\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"gkl-setup (password=2017).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6d94cc3a9f1c7d64c3274a24913d8764","hashSHA1":"c641d26afcd3e078925906bd01213ef27e2bdcaa","hashSHA256":"1fbf30e8530a69bdbeeefad16dfca9b16860b00f6dda41e104f9dffcfa334513","sourceIndex":"2001","avBlockList":["360 Total Security (20210202)","Avast Premium Security (20210202)","AVG Internet Security (20210202)","Avira Internet Security (20210202)","Bitdefender Internet Security (20210202)","COMODO Antivirus (20210202)","Dr.Web Security Space (20210202)","ESET Internet Security (20210202)","G DATA INTERNET SECURITY (20210202)","K7 Total Security (20210202)","Kaspersky Internet Security (20210202)","Malwarebytes Premium (20210202)","McAfee Total Protection (20210202)","Norton Security (20210202)","Panda Dome (20210202)","Quick Heal Internet Security (20210202)","Sophos Home Premium (20210202)","SpyHunter5 (20210202)","Tencent PC Manager (20210202)","Total AV Antivirus Pro (20210202)","Trend Micro Internet Security (20210202)","VIPRE Advanced Security (20210202)","VirIT eXplorer PRO (20210202)","Webroot SecureAnywhere (20210202)","Windows Defender (20210202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"gkl-setup.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3d230c52171c1638bd5be57df9f2d24b936e0d043c95998caf975c2be1fbafad","sourceIndex":"2001","avBlockList":["360 Total Security (20210202)","Avast Premium Security (20210202)","AVG Internet Security (20210202)","Avira Internet Security (20210202)","Bitdefender Internet Security (20210202)","COMODO Antivirus (20210202)","Dr.Web Security Space (20210202)","ESET Internet Security (20210202)","G DATA INTERNET SECURITY (20210202)","K7 Total Security (20210202)","Kaspersky Internet Security (20210202)","Malwarebytes Premium (20210202)","McAfee Total Protection (20210202)","Norton Security (20210202)","Panda Dome (20210202)","Quick Heal Internet Security (20210202)","Sophos Home Premium (20210202)","SpyHunter5 (20210202)","Tencent PC Manager (20210202)","Total AV Antivirus Pro (20210202)","Trend Micro Internet Security (20210202)","VIPRE Advanced Security (20210202)","VirIT eXplorer PRO (20210202)","Webroot SecureAnywhere (20210202)","Windows Defender (20210202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"pdvserv.exe","fileVersion":"0.0","hashMD5":"06b3cbb7116d26a214acf817f3eb9b77","hashSHA1":"af1840c6c02373cdca04d9f5f8948c3eceb78ae7","hashSHA256":"8065dadb875ef88af933fab5b58f25ed29a8b325e69bf013e04d0085baa639f3","sourceIndex":"2001","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://spyarsenal.com/","landingPage":"https://spyarsenal.com/golden-keylogger/","directDownloadingLink":"https://files.spyarsenal.com/dl.php?key5ffec495c91c95.59221269","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.spyarsenal.com/dl.php?key5ffec495c91c95.59221269","sourceIndex":"2001"}],"sampleFiles":["210119/GoldenKeylogger-210115/3.68/Samples/gkl-setup (password=2017).exe","210119/GoldenKeylogger-210115/3.68/Samples/gkl-setup.zip","210119/GoldenKeylogger-210115/3.68/Samples/pdvserv.exe"],"imageFiles":["210119/GoldenKeylogger-210115/3.68/Images/ACR-084/GoldenKeylogger_Interactions [3] Settings_.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-084/GoldenKeylogger_Interactions [5] Settings_.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-084/GoldenKeylogger_FIles [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-084/GoldenKeylogger_ControlPanel [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-086/GoldenKeylogger_Interactions [4] Settings.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-086/GoldenKeylogger_Interactions [3] Settings1.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-097/GoldenKeylogger_LandingPage [4].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-048/GoldenKeylogger_Interactions [3] Settings_.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-048/GoldenKeylogger_Interactions [5] Settings_.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-007/GoldenKeylogger_Interactions [3] Settings1.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-014/GoldenKeylogger_RunningProcess [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-116/GoldenKeylogger_Interactions [3] Settings_.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-116/GoldenKeylogger_ControlPanel [1].png"],"nonDeceptorImageFiles":["210119/GoldenKeylogger-210115/3.68/Images/ACR-038/GoldenKeylogger_FIleProperty [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-038/GoldenKeylogger_FIleProperty [2].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-040/GoldenKeylogger_FIles [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-065/GoldenKeylogger_Install [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-065/GoldenKeylogger_Install [2].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-065/GoldenKeylogger_Install [5].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_Install [1]_.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_About [1] .png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_LandingPage [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-092/GoldenKeylogger_FIleProperty [3].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-092/GoldenKeylogger_FIleProperty [4].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-065/GoldenKeylogger_About [1] .png","210119/GoldenKeylogger-210115/3.68/Images/ACR-099/GoldenKeylogger_About [1] .png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_About [1] .png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_Install [1]_.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_LandingPage [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-099/GoldenKeylogger_LandingPage [2].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-099/GoldenKeylogger_LandingPage [3].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_LandingPage [1].png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_About [1] .png","210119/GoldenKeylogger-210115/3.68/Images/ACR-002/GoldenKeylogger_Install [1]_.png","210119/GoldenKeylogger-210115/3.68/Images/ACR-099/GoldenKeylogger_OfferPage [1].png"],"guid":"d9c4b181-f8b5-4fe3-be7b-af32f6679a2b_3.68_1","appID":"GoldenKeylogger-210115","dateAdded":"210119","deceptorType":"App","name":"Golden Keylogger","company":"SpyArsenal.com","version":"3.68","sigName":"Deceptor:Win32/GoldenKeylogger!084086097048007014116","lastKnownStatus":"3.68","lastKnownDate":"210414","type":"Windows Executable","category":"Travel & Navigation","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-14T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1776},{"violations":{"ACR-004":"The application provides free scan results and uses these results to upsell the consumer to a subscription service.\n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThe app does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App's company name is not consistent across App interaction. It shows as \"com.AngularTech.OsxHelper.plist\" in the LaunchDaemons Library (auto launch).\n","ACR-092":"The App shows different vendor name \"Guangxi Nanning Liangdu Technology Inc.\" that is not mentioned in the App's landing page and product information.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Osx_Uninstaller_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"f2922ddb4752e39047985ec3de6c8b12","hashSHA1":"9c7f7cacc705eb8a7026da8facac3d4c1d908c89","hashSHA256":"52f5e73f0ba8c73435f124d96e82978c93cd6abbff755348f534b10ca3bb6014","sourceIndex":"2034","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","Bitdefender Antivirus for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"OsxUninstaller","fileVersion":"0.","hashMD5":"3c51ffe310e86e9e7ce5b348b36cc35b","hashSHA1":"f1c19cf4c7810c4aa8e9358ea29bcd18e18e9284","hashSHA256":"7e64249d43428f98015fac031fc38031e485ba79e90b5dcffeb32344470560ae","sourceIndex":"2034","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Uninstall Unwanted Programs\"","reference":"https://osxuninstaller.com","landingPage":"https://osxuninstaller.com","directDownloadingLink":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","sourceIndex":"2034"}],"sampleFiles":["201207/OsxUninstaller-191028/5.20.11.901/Samples/Osx_Uninstaller_Setup.dmg","201207/OsxUninstaller-191028/5.20.11.901/Samples/OsxUninstaller"],"imageFiles":["201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-004/Osx Uninstaller_Interactions [1].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-004/Osx Uninstaller_Interactions [2].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-004/Osx Uninstaller_Interactions [3].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-004/Osx Uninstaller_OfferPage [1].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-004/Osx Uninstaller_OfferPage [2].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-084/Osx Uninstaller_About [2].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-084/Osx Uninstaller_AutoLogin [1].png"],"nonDeceptorImageFiles":["201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-092/Osx Uninstaller_OfferPage [1].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-092/Osx Uninstaller_OfferPage [2].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-002/Osx Uninstaller_About [2].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-002/Osx Uninstaller_AutoLogin [1].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-099/Osx Uninstaller_About [1].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-065/Osx Uninstaller_Install [1].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-065/Osx Uninstaller_About [1].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-065/Osx Uninstaller_About [2].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-099/Osx Uninstaller_LandingPage [1].png","201207/OsxUninstaller-191028/5.20.11.901/Images/ACR-099/Osx Uninstaller_OfferPage [1].png"],"guid":"296ab946-078f-46a8-ad97-ca7d97147358_5.20.11.901_1","appID":"OsxUninstaller-191028","dateAdded":"210119","deceptorType":"MacOS App","name":"Osx Uninstaller","company":"osxuninstaller.com","version":"5.20.11.901","firstResolvedVersion":"5.21.7.1206","resolved":"TRUE","lastKnownStatus":"3.19.7.23;3.20.2.1401;3.20.7.1702;5.20.9.205;5.20.11.901;5.20.12.2801","lastKnownDate":"210716","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1771},{"violations":{"ACR-004":"The application provides free scan results and uses these results to upsell the consumer to a subscription service.\n","ACR-084":"The Application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThe application does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App's company name is not consistent across App interaction. It shows as \"com.AngularTech.OsxHelper.plist\" in the LaunchDaemons Library (autolaunch).\n","ACR-092":"The App shows different vendor name \"Guangxi Nanning Liangdu Technology Inc.\" that is not mentioned in the App's landing page and product information.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"Osx_Uninstaller_Setup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"cc6b7029937e6a40c7f80af833c808af","hashSHA1":"ddedc5540df38e50319e404f4593ce2e4cdb837d","hashSHA256":"fac835e4a37b28b2f183e9e731ea82beeefe3273721c5e899dc0c0a09b54b5a0","sourceIndex":"2472","avBlockList":["Avast Security for Mac (20201013)","Avira Security for Mac (20201013)","Bitdefender Antivirus for Mac (20201013)","ESET Cyber Security Pro for Mac (20201013)","G DATA AntiVirus for Mac (20201013)","K7 Antivirus for Mac (20201013)","McAfee Internet Security for Mac (20201013)","Norton Security for Mac (20201013)","Sophos Home Premium For Mac (20201013)","Trend Micro Antivirus for Mac (20201013)"],"avAllowList":["Kaspersky Internet Security for Mac (20201013)"]},{"isRevoked":"False","fileName":"OsxUninstaller","fileVersion":"0.","hashMD5":"33aedbd537ebe95cdae0bc36f74dd79d","hashSHA1":"fbea0ec51b9007dd9e73eb688f4e809a4db38961","hashSHA256":"da090eb624ef71f28c92962fbe81e5009aa2d51a4896f2887a189b9e8d4da4c6","sourceIndex":"2472","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"macos uninstaller\"","reference":"https://osxuninstaller.com","landingPage":"https://osxuninstaller.com","directDownloadingLink":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://osxuninstaller.com/Osx_Uninstaller_Setup.dmg","sourceIndex":"2472"}],"sampleFiles":["200505/OsxUninstaller-191028/3.20.2.1401/Samples/Osx_Uninstaller_Setup.dmg","200505/OsxUninstaller-191028/3.20.2.1401/Samples/OsxUninstaller"],"imageFiles":["200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-004/OsxUninstaller_Scanning [1].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-004/OsxUninstaller_Scanning [2].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-004/OsxUninstaller_Scanning [3].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-084/OsxUninstaller_AutoLaunch [2].png"],"nonDeceptorImageFiles":["200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-092/OsxUninstaller_OfferPage [4].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-002/OsxUninstaller_About [2].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-002/OsxUninstaller_AutoLaunch [1].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-099/OsxUninstaller_Interaction [1].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-099/OsxUninstaller_About [2].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-065/OsxUninstaller_Installs [1].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-065/OsxUninstaller_Interaction [1].png","200505/OsxUninstaller-191028/3.20.2.1401/Images/ACR-065/OsxUninstaller_About [2].png"],"guid":"296ab946-078f-46a8-ad97-ca7d97147358_3.20.2.1401_1","appID":"OsxUninstaller-191028","dateAdded":"210119","deceptorType":"MacOS App","name":"Osx Uninstaller","company":"osxuninstaller.com","version":"3.20.2.1401","sigName":"Deceptor:MacOS/OsxUninstaller!004084","firstResolvedVersion":"5.21.7.1206","resolved":"TRUE","lastKnownStatus":"3.19.7.23;3.20.2.1401;3.20.7.1702;5.20.9.205;5.20.11.901;5.20.12.2801","lastKnownDate":"210716","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":6,"sortOrder":1774},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the system tray, which limits the targeted consumer's ability to close, delete, or uninstall the app.\n","ACR-007":"The app does not provide any notification to the targeted consumer. The app requires a hotkey and a password to open it.\n","ACR-084":"The app enables the installing consumer to hide the app from the targeted consumer. It prevents the app from showing in system tray.The app uses a hotkey and password to hide its presence.\n","ACR-086":"The app does not inform the targeted consumer who it is transmitting their data to. The app does not inform the targeted consumer how it collects data and it uses a hotkey and password to hide its presence\n","ACR-014":"The app calls itself \"hostfilter”, which is not related to the name \"Personal Inspector\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy, Privacy Policy. \nThe app's about page does not have links to the app's EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction, install and landing page.\nThe App's version is not consistent between App interaction, install and landing page.\nThe App's version is not consistent between App interaction, install and landing page\n","ACR-092":"The app does not provide Digital signature for the installer and main executable file.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"pin-setup (password=2020).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"5368cae1ad0e2fd09a479098775766e6","hashSHA1":"698695b04fafd59ed17fa1ce786bd047a1d88c7c","hashSHA256":"8bffba63be5a59937f405d212021fffdfb63a6216255122383ff105701c27e73","sourceIndex":"2002","avBlockList":["360 Total Security (20210126)","Avast Premium Security (20210126)","AVG Internet Security (20210126)","Avira Internet Security (20210126)","Bitdefender Internet Security (20210126)","COMODO Antivirus (20210126)","ESET Internet Security (20210126)","G DATA INTERNET SECURITY (20210126)","K7 Total Security (20210126)","Kaspersky Internet Security (20210126)","Malwarebytes Premium (20210126)","McAfee Total Protection (20210126)","Norton Security (20210126)","Panda Dome (20210126)","Quick Heal Internet Security (20210126)","Sophos Home Premium (20210126)","SpyHunter5 (20210126)","Tencent PC Manager (20210126)","Total AV Antivirus Pro (20210126)","Trend Micro Internet Security (20210126)","VIPRE Advanced Security (20210126)","VirIT eXplorer PRO (20210126)","Webroot SecureAnywhere (20210126)","Windows Defender (20210126)"],"avAllowList":["Dr.Web Security Space (20210126)"]},{"isRevoked":"False","fileName":"pin-setup.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"5325a1018ee3e6bbc20563530baae1dd4a4ec7fb8d541c98ca26cf4f27506feb","sourceIndex":"2002","avBlockList":["360 Total Security (20210330)","Avast Premium Security (20210330)","AVG Internet Security (20210330)","Avira Internet Security (20210330)","Bitdefender Internet Security (20210330)","COMODO Antivirus (20210330)","ESET Internet Security (20210330)","G DATA INTERNET SECURITY (20210330)","K7 Total Security (20210330)","Kaspersky Internet Security (20210330)","Malwarebytes Premium (20210330)","McAfee Total Protection (20210330)","Norton Security (20210330)","Panda Dome (20210330)","Quick Heal Internet Security (20210330)","Sophos Home Premium (20210330)","SpyHunter5 (20210330)","Tencent PC Manager (20210330)","Total AV Antivirus Pro (20210330)","Trend Micro Internet Security (20210330)","VIPRE Advanced Security (20210330)","VirIT eXplorer PRO (20210330)","Webroot SecureAnywhere (20210330)","Windows Defender (20210330)"],"avAllowList":["Dr.Web Security Space (20210330)"]},{"isRevoked":"False","fileName":"hostfilter.exe","fileVersion":"0.0","hashMD5":"620b82e3dfa1111943b23cb70d825b9f","hashSHA1":"ab19ff77af890078c71e2069176494cbd3183cfc","hashSHA256":"d5b52b4dedef9df4607836c9ec030f83e48f47a01a4ea4074724f65e3143f6ae","sourceIndex":"2002","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://spyarsenal.com/","landingPage":"https://spyarsenal.com/personal-inspector/","directDownloadingLink":"https://files.spyarsenal.com/dl.php?key5ff44327af6a19.45203359","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.spyarsenal.com/dl.php?key5ff44327af6a19.45203359","sourceIndex":"2002"}],"sampleFiles":["210113/PersonalInspector-210113/7.0/Samples/pin-setup (password=2020).exe","210113/PersonalInspector-210113/7.0/Samples/pin-setup.zip","210113/PersonalInspector-210113/7.0/Samples/hostfilter.exe"],"imageFiles":["210113/PersonalInspector-210113/7.0/Images/ACR-014/PersonalInspector_Files [2].png","210113/PersonalInspector-210113/7.0/Images/ACR-084/PersonalInspector_Interactions [2].png","210113/PersonalInspector-210113/7.0/Images/ACR-084/PersonalInspector_Interactions [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-084/PersonalInspector_Interactions [5].png","210113/PersonalInspector-210113/7.0/Images/ACR-084/PersonalInspector_Interactions [6].png","210113/PersonalInspector-210113/7.0/Images/ACR-084/PersonalInspector_Interactions [7].png","210113/PersonalInspector-210113/7.0/Images/ACR-084/PersonalInspector_Interactions [11].png","210113/PersonalInspector-210113/7.0/Images/ACR-086/PersonalInspector_Interactions [2].png","210113/PersonalInspector-210113/7.0/Images/ACR-086/PersonalInspector_Interactions [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-086/PersonalInspector_Interactions [5].png","210113/PersonalInspector-210113/7.0/Images/ACR-086/PersonalInspector_Interactions [6].png","210113/PersonalInspector-210113/7.0/Images/ACR-086/PersonalInspector_Interactions [7].png","210113/PersonalInspector-210113/7.0/Images/ACR-086/PersonalInspector_Interactions [8].png","210113/PersonalInspector-210113/7.0/Images/ACR-086/PersonalInspector_Interactions [9].png","210113/PersonalInspector-210113/7.0/Images/ACR-086/PersonalInspector_Interactions [10].png","210113/PersonalInspector-210113/7.0/Images/ACR-048/PersonalInspector_Interactions [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-048/PersonalInspector_Interactions [5].png","210113/PersonalInspector-210113/7.0/Images/ACR-048/PersonalInspector_Interactions [7].png","210113/PersonalInspector-210113/7.0/Images/ACR-048/PersonalInspector_Interactions [11].png","210113/PersonalInspector-210113/7.0/Images/ACR-007/PersonalInspector_Interactions [6].png","210113/PersonalInspector-210113/7.0/Images/ACR-007/PersonalInspector_Interactions [2].png","210113/PersonalInspector-210113/7.0/Images/ACR-007/PersonalInspector_Interactions [7].png","210113/PersonalInspector-210113/7.0/Images/ACR-007/PersonalInspector_Interactions [3].png"],"nonDeceptorImageFiles":["210113/PersonalInspector-210113/7.0/Images/ACR-038/PersonalInspector_Files [1].png","210113/PersonalInspector-210113/7.0/Images/ACR-038/PersonalInspector_Files [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-065/PersonalInspector_Install [1].png","210113/PersonalInspector-210113/7.0/Images/ACR-065/PersonalInspector_Install [2].png","210113/PersonalInspector-210113/7.0/Images/ACR-065/PersonalInspector_Install [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-065/PersonalInspector_Install [5].png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_Interactions [1]About.png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_LandingPage [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_LandingPage [4].png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_Install [1].png","210113/PersonalInspector-210113/7.0/Images/ACR-092/PersonalInspector_Files [1].png","210113/PersonalInspector-210113/7.0/Images/ACR-092/PersonalInspector_Files [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-065/PersonalInspector_Interactions [1]About.png","210113/PersonalInspector-210113/7.0/Images/ACR-099/PersonalInspector_Interactions [1]About.png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_Install [1].png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_Interactions [1]About.png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_LandingPage [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_LandingPage [4].png","210113/PersonalInspector-210113/7.0/Images/ACR-099/PersonalInspector_LandingPage [1].png","210113/PersonalInspector-210113/7.0/Images/ACR-099/PersonalInspector_LandingPage [2].png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_Install [1].png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_Interactions [1]About.png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_LandingPage [3].png","210113/PersonalInspector-210113/7.0/Images/ACR-002/PersonalInspector_LandingPage [4].png","210113/PersonalInspector-210113/7.0/Images/ACR-099/PersonalInspector_OfferPage [1].png"],"guid":"fa0affb5-2704-49ad-bb71-13a453b4503f_7.0_1","appID":"PersonalInspector-210113","dateAdded":"210113","deceptorType":"App","name":"Personal Inspector ","company":"SpyArsenal.com","version":"7.0","sigName":"Deceptor:Win32/PersonalInspectorStalkerware!014084086048007","lastKnownStatus":"7.0","lastKnownDate":"210414","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2021-04-14T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1777},{"violations":{"ACR-042":"Download manager is downloaded during carrier app install process without  any disclosure and consumer's permission \n","ACR-107":"No authorization to distribute the app bundled in download manager. \n","ACR-014":"Website misleads user that they download the application it presented. Actually it downloads download manager and other offers without user permission. More detail in FShareDLManager entry.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Deceptive offer's download site","reference":"","landingPage":"http://www.updownload.com/","ipv4":"","ipv6":"","sourceIndex":"2007"}],"sampleFiles":[],"imageFiles":["210109/Updownload-210108/210108/Images/ACR-107/DLManagerDetails.JPG","210109/Updownload-210108/210108/Images/ACR-107/DownloadLink1.JPG","210109/Updownload-210108/210108/Images/ACR-107/DownloadLink2.JPG","210109/Updownload-210108/210108/Images/ACR-107/DownloadLink3.JPG","210109/Updownload-210108/210108/Images/ACR-107/FShareInstall.JPG","210109/Updownload-210108/210108/Images/ACR-107/FShareInstallDLFromBestWaysToDownloadDotNet.JPG","210109/Updownload-210108/210108/Images/ACR-042/DLManagerDetails.JPG","210109/Updownload-210108/210108/Images/ACR-042/DownloadLink1.JPG","210109/Updownload-210108/210108/Images/ACR-042/DownloadLink2.JPG","210109/Updownload-210108/210108/Images/ACR-042/DownloadLink3.JPG","210109/Updownload-210108/210108/Images/ACR-014/DLManagerDetails.JPG","210109/Updownload-210108/210108/Images/ACR-014/DownloadLink1.JPG","210109/Updownload-210108/210108/Images/ACR-014/DownloadLink2.JPG","210109/Updownload-210108/210108/Images/ACR-014/DownloadLink3.JPG"],"nonDeceptorImageFiles":[],"guid":"6ef77025-1255-4ad8-8705-c084df4d5c1d_210108_1","appID":"Updownload-210108","dateAdded":"210109","deceptorType":"Download Site","name":"UpDownload_Com","company":"updownload.com","version":"210108","sigName":"Deceptor:Affiliate/UpDownload_Com!107042014","lastKnownStatus":"210109","lastKnownDate":"210109","type":"Download Site","category":"Bundlers & Downloaders","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,display ads","lastUpdate":"2021-01-09T05:58:08.3333372+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1778},{"violations":{"ACR-042":"Download manager downloads and installs non related application without disclosure and user's permission\n","ACR-107":"it doesn't provide any authorization from the carrier to distribute carrier app in download manager. \n","ACR-010":"Download manager offer deceptive program (e.g webdiscover) during install.\n","ACR-059":"The offer is not clearly marked as offer during install. \n","ACR-039":"The application is presented as the carrier app, but it is actually a download manager stub. It then downloads download manager, then download the carrier app and offers. \n"},"nonDeceptorViolations":{"ACR-044":"Download Manager  does not disclose it is a download manager offering bundled offer with carrier. \n","ACR-106":"Download manager offer deceptive program.\n"},"samples":[{"isRevoked":"False","fileName":"The Cleaner- Speed up.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"b2967b4b6735802d41a1a90b3292a9b8","hashSHA1":"859d14402654f850d40271ffb815b5bcd3a286d0","hashSHA256":"bc63d028bf26ba58a05892074492caa759f9840476a4744d325d4fda1d1ed814","digitalCertThumbprint":"1E3DD5576FC57FA2DD778221A60BD33F97087F74","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Louhos Solutions Oy, O=Louhos Solutions Oy, L=Oulu, C=FI, SERIALNUMBER=3136831-8, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=FI","sourceIndex":"359","avBlockList":["360 Total Security (20210518)","Avast Premium Security (20210518)","AVG Internet Security (20210518)","Avira Internet Security (20210518)","Bitdefender Internet Security (20210518)","COMODO Antivirus (20210518)","Dr.Web Security Space (20210518)","ESET Internet Security (20210518)","G DATA INTERNET SECURITY (20210518)","K7 Total Security (20210518)","Malwarebytes Premium (20210518)","McAfee Total Protection (20210518)","Norton Security (20210518)","Panda Dome (20210518)","Quick Heal Internet Security (20210518)","Sophos Home Premium (20210518)","SpyHunter5 (20210518)","Tencent PC Manager (20210518)","Total AV Antivirus Pro (20210518)","VIPRE Advanced Security (20210518)","VirIT eXplorer PRO (20210518)","Windows Defender (20210518)"],"avAllowList":["Kaspersky Internet Security (20210518)","Trend Micro Internet Security (20210518)","Webroot SecureAnywhere (20210518)"]},{"isRevoked":"False","fileName":"Contenta_Video_Browser[1].exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"2b2da12ea43811c4fa65ce72acc59c59","hashSHA1":"88ad4e04c6651998e13e43acd49cfdfcc1be31b5","hashSHA256":"6e3b66bd9e3fa9bca6307196f3a566ae1b3f179a4ddacdd7d532bf77f4c219f6","digitalCertThumbprint":"0863638E67E31A42590A8AC447FA4B4194894E74","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SMART MOTORS, TOV\", O=\"SMART MOTORS, TOV\", STREET=Nezalezhnosti bulvar 14, L=Brovary, PostalCode=07400, C=UA","sourceIndex":"359","avBlockList":["360 Total Security (20210518)","Avast Premium Security (20210518)","AVG Internet Security (20210518)","Avira Internet Security (20210518)","Bitdefender Internet Security (20210518)","COMODO Antivirus (20210518)","Dr.Web Security Space (20210518)","ESET Internet Security (20210518)","G DATA INTERNET SECURITY (20210518)","K7 Total Security (20210518)","Kaspersky Internet Security (20210518)","Malwarebytes Premium (20210518)","McAfee Total Protection (20210518)","Norton Security (20210518)","Panda Dome (20210518)","Quick Heal Internet Security (20210518)","Sophos Home Premium (20210518)","SpyHunter5 (20210518)","Tencent PC Manager (20210518)","Total AV Antivirus Pro (20210518)","Trend Micro Internet Security (20210518)","VIPRE Advanced Security (20210518)","VirIT eXplorer PRO (20210518)","Webroot SecureAnywhere (20210518)","Windows Defender (20210518)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Updownload.com","reference":"utility","landingPage":"http://www.updownload.com/cleaner-speed-clean-pc/","ipv4":"","ipv6":"","sourceIndex":"359"}],"sampleFiles":["210108/FakeCleaner-210103/1.0.0.0/Samples/The Cleaner- Speed up.exe","210108/FakeCleaner-210103/1.0.0.0/Samples/Contenta_Video_Browser[1].exe"],"imageFiles":["210108/FakeCleaner-210103/1.0.0.0/Images/ACR-039/DownloadLink1.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-039/DownloadLink2.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-039/FShareInstall.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-039/FShareInstallDLFromBestWaysToDownloadDotNet.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-039/DLManagerDetails.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-039/DownloadLink3.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-107/DownloadLink1.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-107/DownloadLink2.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-107/DownloadLink3.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-042/addionalapp.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-042/FShareDLManager.mp4","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-059/FShareDLManager.mp4"],"nonDeceptorImageFiles":["210108/FakeCleaner-210103/1.0.0.0/Images/ACR-044/DownloadLink1.JPG","210108/FakeCleaner-210103/1.0.0.0/Images/ACR-044/DownloadLink2.JPG"],"guid":"742e2311-e644-462b-92d8-24900d8e5be2_1.0.0.0_1","appID":"FakeCleaner-210103","dateAdded":"210108","deceptorType":"App","name":"FshareDLManager","company":"Louhos Solutions Oy","version":"1.0.0.0","sigName":"Deceptor:Win32/FShareDLManager!039107042010059","lastKnownStatus":"1.0.0.0","lastKnownDate":"241113","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2024-11-13T22:29:37.7311086+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1779},{"violations":{"ACR-043":"Third party component \"setacl.exe\" is installed which is not disclosed to the consumer in the EULA and offer or landing page\n","ACR-003":"The app exaggerates \"Shared DLL\" as a problem and portrays the importance as a \"HIGH\" system impact issue, thereby misleading or scaring consumer to take action \n"},"nonDeceptorViolations":{"ACR-065":"The internal offer page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy.\nThe landing page does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy.\nThe install does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The internal offers page does not display links to uninstall information.\nThe landing page does not display links to uninstall information. \nThe app does not display links to uninstall information. \n","ACR-037":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"RegDoctor.exe","companyName":"RegDoctor","fileVersion":"1.25","hashMD5":"0e92fbb47563ce8569e6ff2e74420b16","hashSHA1":"3b8b815f9eaeb204b2140512c0be3bc583b9a0f0","hashSHA256":"da1e1efc9780782902a68472aead10440370d8b6940ed44839a78d41d33396a7","digitalCertThumbprint":"DCCC53E48662909D01FF4C681D0BEAEDD7BACA69","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=InfoWorks Technology Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWorks Technology Company, L=Sewickley, S=Pennsylvania, C=US","sourceIndex":"2011","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"regsetup.exe","isInstaller":"True","companyName":"InfoWorks Technology Company                                ","fileVersion":"0.0","hashMD5":"60e507862cb46a63b1d37019cd0acc99","hashSHA1":"f36687584c4bc38f2aed5511930b50eea378c1bf","hashSHA256":"4ba82d0750cf7be86d5d898130bae12b3ef5395a98be2c51752d17e790c8cc81","digitalCertThumbprint":"F9A6CAD55F4559D7F95780900BA1A4248B660CE4","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=InfoWorks Technology Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWorks Technology Company, L=Cranberry Township, S=Pennsylvania, C=US","sourceIndex":"2011","avBlockList":["360 Total Security (20210406)","Avast Premium Security (20210406)","AVG Internet Security (20210406)","Avira Internet Security (20210406)","Bitdefender Internet Security (20210406)","COMODO Antivirus (20210406)","ESET Internet Security (20210406)","G DATA INTERNET SECURITY (20210406)","K7 Total Security (20210406)","Kaspersky Internet Security (20210406)","Malwarebytes Premium (20210406)","McAfee Total Protection (20210406)","Norton Security (20210406)","Panda Dome (20210406)","Quick Heal Internet Security (20210406)","Sophos Home Premium (20210406)","SpyHunter5 (20210406)","Tencent PC Manager (20210406)","Total AV Antivirus Pro (20210406)","Trend Micro Internet Security (20210406)","VIPRE Advanced Security (20210406)","VirIT eXplorer PRO (20210406)","Webroot SecureAnywhere (20210406)","Windows Defender (20210406)"],"avAllowList":["Dr.Web Security Space (20210406)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"http://www.updownload.com/regdoctor/","landingPage":"http://www.itcompany.com/regdoctor.htm","directDownloadingLink":"http://www.itcompany.com/regsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.itcompany.com/regsetup.exe","sourceIndex":"2011"}],"sampleFiles":["210105/D-K7-RegDoctor-171109/2.37/Samples/RegDoctor.exe","210105/D-K7-RegDoctor-171109/2.37/Samples/regsetup.exe"],"imageFiles":["210105/D-K7-RegDoctor-171109/2.37/Images/ACR-043/RegDoctor_Files [1].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-003/RegDoctor_Interactions [2].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-003/RegDoctor_Interactions [3].png"],"nonDeceptorImageFiles":["210105/D-K7-RegDoctor-171109/2.37/Images/ACR-065/RegDoctor_OfferPage[1].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-099/RegDoctor_OfferPage[1].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-161/RegDoctor_LandingPage[2] Testimonials.png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-065/RegDoctor_LandingPage[1].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-099/RegDoctor_LandingPage[1].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-065/RegDoctor_Install [1].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-065/RegDoctor_Install [2].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-065/RegDoctor_Install [3].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-065/RegDoctor_About [1].png","210105/D-K7-RegDoctor-171109/2.37/Images/ACR-099/RegDoctor_About [1].png"],"guid":"c03fd45b-ca4b-458b-8b3c-54c04c996402_2.37_1","appID":"D-K7-RegDoctor-171109","dateAdded":"210105","deceptorType":"App","name":"RegDoctor","company":"InfoWorks Technology Company","version":"2.37","sigName":"Deceptor:Win32/RegDoctor!043003","lastKnownStatus":"Deceptor:1.25.0.0;2.37","lastKnownDate":"210414","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7, Windows 10, Windows XP, Windows Vista,Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid,paid,up-sell to paid","lastUpdate":"2021-04-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1780},{"violations":{"ACR-043":"Third party component \"setacl.exe\" is installed which is not disclosed to the consumer in the EULA and offer or landing page\n","ACR-003":"The app exaggerates \"Shared DLL\" as a problem and portrays the importance as a \"HIGH\" system impact issue, thereby misleading or scaring consumer to take action \n"},"nonDeceptorViolations":{"ACR-003":"The app exaggerates \"Shared DLL\" as a problem and portrays the importance as a \"HIGH\" system impact issue, thereby misleading or scaring consumer to take action \n"},"samples":[{"isRevoked":"False","fileName":"regsetup.exe","isInstaller":"True","companyName":"InfoWorks Technology Company","productName":"RegDoctor","productVersion":"2.37","fileVersion":"","hashMD5":"60e507862cb46a63b1d37019cd0acc99","hashSHA1":"f36687584c4bc38f2aed5511930b50eea378c1bf","hashSHA256":"4ba82d0750cf7be86d5d898130bae12b3ef5395a98be2c51752d17e790c8cc81","digitalCertThumbprint":"F9A6CAD55F4559D7F95780900BA1A4248B660CE4","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"InfoWorks Technology Company","sourceIndex":"3656","avBlockList":["360 Total Security (20210406)","Avast Premium Security (20210406)","AVG Internet Security (20210406)","Avira Internet Security (20210406)","Bitdefender Internet Security (20210406)","COMODO Antivirus (20210406)","ESET Internet Security (20210406)","G DATA INTERNET SECURITY (20210406)","K7 Total Security (20210406)","Kaspersky Internet Security (20210406)","Malwarebytes Premium (20210406)","McAfee Total Protection (20210406)","Norton Security (20210406)","Panda Dome (20210406)","Quick Heal Internet Security (20210406)","Sophos Home Premium (20210406)","SpyHunter5 (20210406)","Tencent PC Manager (20210406)","Total AV Antivirus Pro (20210406)","Trend Micro Internet Security (20210406)","VIPRE Advanced Security (20210406)","VirIT eXplorer PRO (20210406)","Webroot SecureAnywhere (20210406)","Windows Defender (20210406)"],"avAllowList":["Dr.Web Security Space (20210406)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.itcompany.com/regdoctor.htm","directDownloadingLink":"http://www.itcompany.com/regsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3656"}],"sampleFiles":[],"imageFiles":["171109/D-K7-RegDoctor-171109/1.25.0.0/Images/ACR-043/ACR-043_Install_ThirdParty_Components.JPG","171109/D-K7-RegDoctor-171109/1.25.0.0/Images/ACR-003/ACR-003_Software_Exaggeration (2).JPG","171109/D-K7-RegDoctor-171109/1.25.0.0/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171109/D-K7-RegDoctor-171109/1.25.0.0/Images/ACR-003/ACR-003_Software_Exaggeration.mp4"],"nonDeceptorImageFiles":["171109/D-K7-RegDoctor-171109/1.25.0.0/Images/ACR-003/ACR-003_Software_Exaggeration (2).JPG","171109/D-K7-RegDoctor-171109/1.25.0.0/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171109/D-K7-RegDoctor-171109/1.25.0.0/Images/ACR-003/ACR-003_Software_Exaggeration.mp4"],"guid":"c03fd45b-ca4b-458b-8b3c-54c04c996402_1.25.0.0_1","appID":"D-K7-RegDoctor-171109","dateAdded":"210105","deceptorType":"App","name":"RegDoctor","company":"InfoWorks Technology Company","version":"1.25.0.0","sigName":"Deceptor:Win32/RegDoctor!043003","lastKnownStatus":"Deceptor:1.25.0.0;2.37","lastKnownDate":"210414","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7, Windows 10, Windows XP, Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid","lastUpdate":"2021-04-14T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":1781},{"violations":{"ACR-003":"1) The app exaggerates the identified issues with an alarming red color. \n2) The app does not substantiate \"Unhealthy Registry Entries: 300\" and \"Junk Files: 1.2 GB\", but on clicking them it asks for scan and substantiates issues (which is not straight forward).\n3) The app exaggerates the system optimizer results by using red colored ( i ), which is misleading.\n\n","ACR-004":"1) The app exaggerates the identified issues with a alarming red color, which creates urgency for user to take action fixing the identified issues.\n2) The app only fix 5 issues at a time and to fix next 5 issues, the user has to rescan and fix it, which is tedious, making the user to purchase the product.\n3) The app exaggerates the system optimizer results by using red colored ( i ), which is misleading.\n4) The app calculates the score based on the issues found on the system out of 100, which misleads the user to think that something is wrong with their system because of the low score. Also the color of the score varies from red and orange.\n","ACR-007":"The app does not obtain informed consent before disabling the Windows Defender process in the startup manager.\n","ACR-014":"The app uses the word \"Obsolete\" and \"Problems\" to describe the items found in the software, exaggerates the system condition that is not substantiated. \n","ACR-165":"The app does not provide any details whether the payment is recurring or not.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free trial\" highlights \"Free\" misleads users. The app requires payment to activate the full functional version.\n","ACR-065":"The app does not disclose privacy policy during the installation.\nThe app does not provide EULA & Privacy policy in the software.\nThe app does not provide EULA & Privacy policy in the landing page.\n","ACR-088":"The app performs system scan automatically without the consumer's action and authorization\n","ACR-092":"Digital Signature is required for all the executables.\n","ACR-099":"The app does not provide the uninstall information in the software.\nThe app does not provide the uninstall information in the landing page.\n","ACR-167":"The app does not disclose Return Policy in the landing page.\n","ACR-166":"The app needs to disclose license period to the consumer in the internal offers.\n","ACR-014":"The app uses the word \"Error\" and \"Obsolete\" in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Registry Medic 2015\\RegMedic.exe","companyName":"Iomatic Ltd","productName":"Registry Medic 2015","productVersion":"7.0.5.1026","fileVersion":"7.0.5.1026","hashMD5":"b349c8364df78429e9df825afe2431b7","hashSHA1":"6af0ddeae6167630e93305d3107b943b2ac683d9","hashSHA256":"7a49995ad7fda8718c7c7ab12fe16f5a97f8114a7ded716492b67d856812500e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2012","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"registrymedic.exe","isInstaller":"True","companyName":"Iomatic Inc.                                               ","productName":"Registry Medic 2015                                         ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"572edc8519bad577ddeff0c226b9cc87","hashSHA1":"fbfa3054ef185f7700f8bcf9a55a17024adad9ba","hashSHA256":"7c6c07872fcc2c00520b281bd089991215b940c2d6b2c2d50ea473754eec2df2","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2012","avBlockList":["Avast Premium Security (20210406)","AVG Internet Security (20210406)","Avira Internet Security (20210406)","Bitdefender Internet Security (20210406)","ESET Internet Security (20210406)","G DATA INTERNET SECURITY (20210406)","K7 Total Security (20210406)","Kaspersky Internet Security (20210406)","Malwarebytes Premium (20210406)","McAfee Total Protection (20210406)","Norton Security (20210406)","Panda Dome (20210406)","Quick Heal Internet Security (20210406)","Sophos Home Premium (20210406)","SpyHunter5 (20210406)","Tencent PC Manager (20210406)","Total AV Antivirus Pro (20210406)","VIPRE Advanced Security (20210406)","VirIT eXplorer PRO (20210406)","Webroot SecureAnywhere (20210406)"],"avAllowList":["360 Total Security (20210406)","COMODO Antivirus (20210406)","Dr.Web Security Space (20210406)","Trend Micro Internet Security (20210406)","Windows Defender (20210406)"]}],"additionalFiles":[],"sources":[{"howFound":"Search system utility in uptodown.com site","reference":"","landingPage":"http://www.iomatic.com/","directDownloadingLink":"http://www.iomatic.com/download/rm/registrymedic.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.iomatic.com/download/rm/registrymedic.exe","sourceIndex":"2012"}],"sampleFiles":["210104/RegistryMedic-210102/2015/Samples/registrymedic.exe"],"imageFiles":["210104/RegistryMedic-210102/2015/Images/ACR-004/ACR-004_Software_AlarmingColors.JPG","210104/RegistryMedic-210102/2015/Images/ACR-004/ACR-004_Software_Only5Fix.JPG","210104/RegistryMedic-210102/2015/Images/ACR-004/ACR-004_Software_Exclamation.JPG","210104/RegistryMedic-210102/2015/Images/ACR-004/ACR-004_Software_Score.JPG","210104/RegistryMedic-210102/2015/Images/ACR-003/ACR-003_Software_AlarmingColors.JPG","210104/RegistryMedic-210102/2015/Images/ACR-003/ACR-003_Software_NoSubstantiation.JPG","210104/RegistryMedic-210102/2015/Images/ACR-003/ACR-003_Software_Exclamation.JPG","210104/RegistryMedic-210102/2015/Images/ACR-007/ACR-007_Software_NoAlerts.JPG","210104/RegistryMedic-210102/2015/Images/ACR-014/ACR-014_Software_WordObsolete.JPG","210104/RegistryMedic-210102/2015/Images/ACR-014/ACR-014_Software_Wordproblem.JPG","210104/RegistryMedic-210102/2015/Images/ACR-165/ACR-165_InternalOffers_NoDetails.jpg","210104/RegistryMedic-210102/2015/Images/ACR-165/ACR-165_InternalOffers_NoDetails1.jpg"],"nonDeceptorImageFiles":["210104/RegistryMedic-210102/2015/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","210104/RegistryMedic-210102/2015/Images/ACR-088/ACR-088_Software_AutoStarts.JPG","210104/RegistryMedic-210102/2015/Images/ACR-065/ACR-065_Software_NoDocs.JPG","210104/RegistryMedic-210102/2015/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","210104/RegistryMedic-210102/2015/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.jpg","210104/RegistryMedic-210102/2015/Images/ACR-045/ACR-045_Landingpage_FreeTrail.JPG","210104/RegistryMedic-210102/2015/Images/ACR-045/ACR-045_landingpage_Purchase.JPG","210104/RegistryMedic-210102/2015/Images/ACR-065/ACR-065_Landingpage_NoDocs.jpg","210104/RegistryMedic-210102/2015/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.jpg","210104/RegistryMedic-210102/2015/Images/ACR-014/ACR-014_Landingpage_WordError.JPG","210104/RegistryMedic-210102/2015/Images/ACR-014/ACR-014_Landingpage_WordError1.JPG","210104/RegistryMedic-210102/2015/Images/ACR-014/ACR-014_Landingpage_WordObsolete.JPG","210104/RegistryMedic-210102/2015/Images/ACR-166/ACR-166_InternalOffers_NoPeriodMentioned.jpg","210104/RegistryMedic-210102/2015/Images/ACR-166/ACR-166_InternalOffers_NoPeriodMentioned1.jpg"],"guid":"bfc36c95-aae0-4aed-9de4-4cfb587c913d_2015_1","appID":"RegistryMedic-210102","dateAdded":"210104","deceptorType":"App","name":"Registry Medic","company":"Iomatic, Inc.","version":"2015","sigName":"Deceptor:Win32/RegistryMedic!004003007014165","lastKnownStatus":"2015","lastKnownDate":"210104","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2021-01-04T18:46:07.2509651+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1782},{"violations":{"ACR-046":"The default setting \"send anonymous info\" is hidden under custom install. \n\n","ACR-048":"The upsell notification and Ads display can't be disabled unless user upgrade to pro.\n","ACR-004":"App reports the potential item need attention via notification, and requires to upgrade to pro to make the change. The notification prompt can't be disabled without upgrading to pro.\n","ACR-007":"App does not obtain informed consent before disabling security component Windows Defender process in startup manager.\n","ACR-059":"The offer is not marked as Offer\n"},"nonDeceptorViolations":{"ACR-002":"The running process name is not consistent with application name. \n","ACR-161":"Testimonials are not verifiable.\n","ACR-017":"Logo is not verifiable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Auslogics\\BoostSpeed\\BoostSpeed.exe","companyName":"Auslo˜gics","productName":"Boos˜tSpeed","productVersion":"12.x","fileVersion":"12.0.0.2","hashMD5":"90fee39e609d8c7f61e07a90fb8ef927","hashSHA1":"b9d2f72e0b47f67f194da38184faed570f223120","hashSHA256":"e0bbd1ddb3d494c5ea6b13cc19375fff72fe06e907415f15b468c4f20394a59c","digitalCertThumbprint":"AFF14BF93DC493E3E2DB13D1160D589EA7422F97","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","storeId":"","sourceIndex":"1989","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"boost-speed-setup.exe","isInstaller":"True","companyName":"Ausl˜ogics                                                  ","productName":"Ausl˜ogics Bo˜ostSpeed                                      ","productVersion":"12.0.0.2                                          ","fileVersion":"12.x                ","hashMD5":"e5fee393ba1d97a2c2f21809e27d9d84","hashSHA1":"ab007becedda706095423bbb065b9aab780beb62","hashSHA256":"6afdac0dc99902f303889fc4100871284174b1f54992c842ae78c7d456b8eba9","digitalCertThumbprint":"F7B04602A44A86A507480987BF3E6D3B7C469D85","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","storeId":"","sourceIndex":"1989","avBlockList":["Avast Premium Security (20210119)","AVG Internet Security (20210119)","Avira Internet Security (20210119)","Bitdefender Internet Security (20210119)","COMODO Antivirus (20210119)","Dr.Web Security Space (20210119)","ESET Internet Security (20210119)","G DATA INTERNET SECURITY (20210119)","K7 Total Security (20210119)","Malwarebytes Premium (20210119)","McAfee Total Protection (20210119)","Norton Security (20210119)","Panda Dome (20210119)","Sophos Home Premium (20210119)","SpyHunter5 (20210119)","Total AV Antivirus Pro (20210119)","VIPRE Advanced Security (20210119)","VirIT eXplorer PRO (20210119)","Webroot SecureAnywhere (20210119)"],"avAllowList":["360 Total Security (20210119)","Kaspersky Internet Security (20210119)","Quick Heal Internet Security (20210119)","Tencent PC Manager (20210119)","Trend Micro Internet Security (20210119)","Windows Defender (20210119)"]},{"isRevoked":"False","fileName":"boost-speed-setup_12001.exe","isInstaller":"True","companyName":"Auslo˜gics                                                  ","fileVersion":"12.0","hashMD5":"b621c5a6620fa5270c0de18257219cc4","hashSHA1":"2b29863cbd8900bc534e7cc3fcbe21ffecd4ccb5","hashSHA256":"7ba313b547ac06ee7a8a64e670512dc079cb3cc196d0879bb5a912fcb6d8ad5c","digitalCertThumbprint":"F7B04602A44A86A507480987BF3E6D3B7C469D85","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, S=New South Wales, C=AU, SERIALNUMBER=45163028662, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"1989","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BoostSpeed.exe","companyName":"Auslogi˜cs","fileVersion":"12.0","hashMD5":"f39b3ec3272f312227b54ff81d93da12","hashSHA1":"599fedee6456ae1d046b9878468bbd9e763193fe","hashSHA256":"ccf9e6eddde9b3a17a647045ab2a43efce501798142e3984277005fc497ec150","digitalCertThumbprint":"AFF14BF93DC493E3E2DB13D1160D589EA7422F97","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, S=New South Wales, C=AU","sourceIndex":"1989","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCert","reference":"check of older, not re-certified apps","landingPage":"https://www.auslogics.com/en/software/boost-speed","directDownloadingLink":"https://www.auslogics.com/en/software/boost-speed/after-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.auslogics.com/en/software/boost-speed/after-download/","sourceIndex":"1989"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"http://downloads.auslogics.com/en/boost-speed/10/000/free-scanner/boost-speed-setup-ddf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"1990"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://6bzv5q.securedfile.ru/b2/1/8/83879715875f718dbf5cc6c5e6e15165/boost-speed-setup.exe","ipv4":"","ipv6":"","sourceIndex":"1991"}],"sampleFiles":["201231/BoostSpeed-190114/12.0.0.2/Samples/boost-speed-setup.exe","201231/BoostSpeed-190114/12.0.0.2/Samples/boost-speed-setup_12001.exe","201231/BoostSpeed-190114/12.0.0.2/Samples/BoostSpeed.exe"],"imageFiles":["201231/BoostSpeed-190114/12.0.0.2/Images/ACR-046/SendingDataInCustomizeInstall.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-004/PromptForItemNeedPotentialFix.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-004/PromptForItemNeedPotentialFix_1.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-004/RequireUpdateToPro.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-004/SettingRequirePro.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-048/SettingRequirePro.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-007/ACR-007_Software_NoNotification.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-059/ACR-059_In-BundleOffers_OfferNotClear.JPG"],"nonDeceptorImageFiles":["201231/BoostSpeed-190114/12.0.0.2/Images/ACR-002/ACR-002_Software_AppNameIsDifferent.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-017/ACR-017_LandingPage_LogoNotVerifiable.JPG","201231/BoostSpeed-190114/12.0.0.2/Images/ACR-161/ACR-161_LandingPage_TestimonialsNotVerifiable.JPG"],"guid":"705e99af-e35b-4c7d-bf7d-63014e71251c_12.0.0.2_1","appID":"BoostSpeed-190114","dateAdded":"201231","deceptorType":"App","name":"Auslogics BoostSpeed 12","company":"Auslogics Labs Pty Ltd.","version":"12.0.0.2","firstVendorContactDate":"210105","firstAppEsteemReplyDate":"210105","firstResolvedDate":"210213","firstResolvedVersion":"12.0.0.4 (SHA256:27ACCD3E68A3BD2105FD2B83E3850E5AE8019746751CCFF7718E10F709E44B41)","resolved":"TRUE","lastKnownStatus":"Deceptor:10.0.21.0;11.0.1.2;11.1.0.0;12.0.0.2","lastKnownDate":"210213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases","lastUpdate":"2021-02-14T06:48:01.0916047+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1783},{"violations":{"ACR-004":"App exaggerates a sense of urgency by using gauges and traffic light colors with free scan results. App shows issues that have non-permanent \"fixes\", and offers a paid ongoing service to resolve them, but does provide free fixes for all the free scan results shown.\n","ACR-014":"App implies that that non-critical system measures could become much worse.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"boost-speed-setup.exe","isInstaller":"True","companyName":"Auslogics                                                   ","fileVersion":"10.0","hashMD5":"971241bb7f8a24c9afa63084bfa5eade","hashSHA1":"eaef0fc9684cc4fc2974db37e69ef9bea8e018ee","hashSHA256":"118f42dba5d6eca3d97dd16c41fb1d97cfa620884d096b03ad82e2f5db0935b7","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU, SERIALNUMBER=45163028662, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"2878","avBlockList":["Avast Internet Security (20190211)","AVG Internet Security (20190211)","ESET Internet Security (20190211)","G DATA INTERNET SECURITY (20190211)","K7 Total Security (20190211)","Malwarebytes Premium (20190211)","McAfee Total Protection (20190211)","Sophos Home Premium (20190211)","Webroot SecureAnywhere (20190211)"],"avAllowList":["Avira Internet Security (20190211)","Bitdefender Internet Security (20190211)","Kaspersky Internet Security (20190211)","Norton Security (20190211)","Panda Dome (20190211)","Trend Micro Internet Security (20190211)","VirIT eXplorer PRO (20190211)","Windows Defender (20190211)"]},{"isRevoked":"False","fileName":"Main.exe","companyName":"Auslogics","fileVersion":"10.0","hashMD5":"a34e6edc15889b5eb6ec925ecf855303","hashSHA1":"a42842cdeedb1b1a8d24c6ec7aec55165b648c20","hashSHA256":"168579e8dac0ad4bebb5f240f23aded2ce84d4910ed9792e6cb48671077e05ac","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"2878","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCert","reference":"check of older, not re-certified apps","landingPage":"https://www.auslogics.com/en/software/boost-speed/","directDownloadingLink":"https://www.auslogics.com/go/bsproductpagefeb2b/en/software/boost-speed/after-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.auslogics.com/go/bsproductpagefeb2b/en/software/boost-speed/after-download/","sourceIndex":"2878"}],"sampleFiles":["190822/BoostSpeed-190114/10.0.21.0/Samples/boost-speed-setup.exe","190822/BoostSpeed-190114/10.0.21.0/Samples/Main.exe"],"imageFiles":["190822/BoostSpeed-190114/10.0.21.0/Images/ACR-014/acr-003 -014 exaggerated results and unfair claim it could be worse.png","190822/BoostSpeed-190114/10.0.21.0/Images/ACR-014/acr-014 hinting it could be worse.png","190822/BoostSpeed-190114/10.0.21.0/Images/ACR-004/acr-004 partial fix only of free scan results.png","190822/BoostSpeed-190114/10.0.21.0/Images/ACR-004/acr-004 not fixing all free scan results.gif","190822/BoostSpeed-190114/10.0.21.0/Images/ACR-004/acr-004 using gauges in free scan results.png","190822/BoostSpeed-190114/10.0.21.0/Images/ACR-004/acr-004 showing gauges in free scan results.png","190822/BoostSpeed-190114/10.0.21.0/Images/ACR-004/acr-004 upsell offer is subscription service.png"],"nonDeceptorImageFiles":[],"guid":"705e99af-e35b-4c7d-bf7d-63014e71251c_10.0.21.0_1","appID":"BoostSpeed-190114","dateAdded":"201231","deceptorType":"App","name":"Auslogics BoostSpeed 12","company":"Auslogics Labs Pty Ltd.","version":"10.0.21.0","sigName":"Deceptor:Win32/BoostSpeed10!004014","firstVendorContactDate":"210105","firstAppEsteemReplyDate":"210105","firstResolvedDate":"210213","firstResolvedVersion":"12.0.0.4 (SHA256:27ACCD3E68A3BD2105FD2B83E3850E5AE8019746751CCFF7718E10F709E44B41)","resolved":"TRUE","lastKnownStatus":"Deceptor:10.0.21.0;11.0.1.2;11.1.0.0;12.0.0.2","lastKnownDate":"210213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2021-02-13T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1785},{"violations":{"ACR-004":"The app uses color graphic for the identified issues in all categories and overall status and raises the unsubstantiated urgency for user to fix them.\n","ACR-010":"The offered app “Auslogics driver updater” contains deceptive behavior. The carrier app needs to make sure that the offered app doesn’t have any deceptive behavior.\n","ACR-014":"The app uses exaggerated words like \"error\" and \"problem\" to describe the items it identified. It misleads user with unsubstantiated urgency to fix them.\n","ACR-059":"The offer is not marked as Offer, the recommended by \"who\" is not clear. The app should Change to “Recommended by Auslogics” or add at least “Offer” to clearly mark it is an offer. \n"},"nonDeceptorViolations":{"ACR-161":"App includes many testimonials that are not verifiable. The comments don't match from different sources.\n"},"samples":[{"isRevoked":"False","fileName":"boost-speed-setup.exe","isInstaller":"True","companyName":"Auslogi˜cs                                                  ","productName":"Auslogi˜cs BoostSp˜eed                                      ","productVersion":"11.0.1.2                                          ","fileVersion":"11.x                ","hashMD5":"fbe4bddb1cad9b947faea380842425ec","hashSHA1":"da6b1376bd31e59c3d8bb7e14819ce5ee65589c4","hashSHA256":"1776d7738b93e1e49b952638d23ee52c597fa6146b845b114860b14b05acae8b","digitalCertThumbprint":"F7B04602A44A86A507480987BF3E6D3B7C469D85","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"2879","avBlockList":["Avast Internet Security (20190905)","AVG Internet Security (20210107)","Avira Internet Security (20210107)","Bitdefender Internet Security (20210107)","Dr.Web Security Space (20210107)","ESET Internet Security (20210107)","G DATA INTERNET SECURITY (20210107)","K7 Total Security (20210107)","Kaspersky Internet Security (20210107)","Malwarebytes Premium (20210107)","McAfee Total Protection (20210107)","Norton Security (20210107)","Panda Dome (20210107)","Quick Heal Internet Security (20210107)","Sophos Home Premium (20210107)","Tencent PC Manager (20210107)","VIPRE Advanced Security (20210107)","VirIT eXplorer PRO (20210107)","Webroot SecureAnywhere (20210107)","Windows Defender (20210107)","Avast Premium Security (20210107)","SpyHunter5 (20210107)","Total AV Antivirus Pro (20210107)"],"avAllowList":["360 Total Security (20210107)","COMODO Antivirus (20210107)","Trend Micro Internet Security (20210107)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCert; resolved deceptor recheck","reference":"check of older, not re-certified apps","landingPage":"https://www.auslogics.com/en/software/boost-speed/","directDownloadingLink":"https://www.auslogics.com/go/bsproductpagefeb2b/en/software/boost-speed/after-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.auslogics.com/go/bsproductpagefeb2b/en/software/boost-speed/after-download/","sourceIndex":"2879"}],"sampleFiles":["190822/BoostSpeed-190114/11.0.1.2/Samples/boost-speed-setup.exe"],"imageFiles":["190822/BoostSpeed-190114/11.0.1.2/Images/ACR-010/ACR-010_InBundleOffer_TheAppPropagatesDeceptiveApps.JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-014/ACR-014_Software_TheAppNeedsToCleanUpTheWordError.JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-014/ACR-014_Software_TheAppNeedsToCleanUpTheWordProblem.JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-004/ACR-004_Software_TheAppUsesColorGraphForTheIdentifiedIssues. .JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-004/ACR-004_Software_TheAppUsesColorGraphForTheIdentifiedIssues. -1.JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-004/ACR-004_Software_TheAppUsesColorGraphToTheStatusOfTheSystem.JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-059/ACR-059_In-bundleOffer_TheOfferIsNotMarkedAsOfferAndRecommendedByWhoIsNotClear..JPG"],"nonDeceptorImageFiles":["190822/BoostSpeed-190114/11.0.1.2/Images/ACR-161/ACR-161_landingPage_TestimonialsAreNotVerifiable.JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-161/ACR-161_landingPage_TestimonialsInTheLandingPageDoesNotMatch.JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-161/ACR-161_landingPage_TestimonialsInTheLandingPageDoesNotMatch1.JPG","190822/BoostSpeed-190114/11.0.1.2/Images/ACR-161/ACR-161_landingPage_TestimonialsInTheLandingPageDoesNotMatch2.JPG"],"guid":"705e99af-e35b-4c7d-bf7d-63014e71251c_11.0.1.2_1","appID":"BoostSpeed-190114","dateAdded":"201231","deceptorType":"App","name":"Auslogics BoostSpeed 12","company":"Auslogics Labs Pty Ltd.","version":"11.0.1.2","sigName":"Deceptor:Win32/AuslogicsBoostSpeed10!010014004059 ","firstVendorContactDate":"210105","firstAppEsteemReplyDate":"210105","firstResolvedDate":"210213","firstResolvedVersion":"12.0.0.4 (SHA256:27ACCD3E68A3BD2105FD2B83E3850E5AE8019746751CCFF7718E10F709E44B41)","resolved":"TRUE","lastKnownStatus":"Deceptor:10.0.21.0;11.0.1.2;11.1.0.0;12.0.0.2","lastKnownDate":"210213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2021-02-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1786},{"violations":{"ACR-004":"The app uses color meter/gauge to show the severity of issues identified in all categories. It implies that potential high severe issues can be found in registry items, performance issues which is misleading.\n","ACR-014":"App misleads that performance issues can have a high impact on the system, thereby misleading the consumer to take action.\n","ACR-059":"The offer is not marked as Offer, the recommended by \"who\" is not clear. The app should Change to “Recommended by Auslogics” or add at least “Offer” to clearly mark it as an offer. \n"},"nonDeceptorViolations":{"ACR-161":"App includes many testimonials that are not verifiable. The comments don't match from different sources.\n"},"samples":[{"isRevoked":"False","fileName":"boost-speed-setup.exe","isInstaller":"True","companyName":"A˜uslogics                                                  ","productName":"A˜uslogics Bo˜ostSpeed                                      ","productVersion":"11.1.0.0                                          ","fileVersion":"11.x                ","hashMD5":"db0deae0ef401ba67551afc23a0ad437","hashSHA1":"3e6f4c92f10a4b211125292a28dc20f3daac58ce","hashSHA256":"90013b87ecc40b144c48d282cf277d187f0996301ba40d91d9fee39657057747","digitalCertThumbprint":"F7B04602A44A86A507480987BF3E6D3B7C469D85","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"2697","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCert","reference":"check of older, not re-certified apps","landingPage":"https://www.auslogics.com/en/software/boost-speed/","directDownloadingLink":"https://www.auslogics.com/go/bsproductpagefeb2b/en/software/boost-speed/after-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.auslogics.com/go/bsproductpagefeb2b/en/software/boost-speed/after-download/","sourceIndex":"2697"}],"sampleFiles":["190920/BoostSpeed-190114/11.1.0.0/Samples/boost-speed-setup.exe"],"imageFiles":["190920/BoostSpeed-190114/11.1.0.0/Images/ACR-014/ACR-014_Software_MisleadingByIndiactingHighImpactOnPerformanceIssues.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-014/ACR-014_Software_MisleadingTheUsersByUisngAlarmingColorsToDisplaysTheResult - Copy.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-004/ACR-004_Software_UsesAlarmingColorsToDisplaysTheResult.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-004/ACR-004_Software_RaisesUrgency1.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-004/ACR-004_Software_RaisesUrgency2.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-004/ACR-004_Software_UsesColorGraphToTheResults.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-004/ACR-004_Software_UsesColorGraphToTheSystemStatus.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-059/ACR-059_In-bundleoffers_RecommendedByWhoIsNotClear.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-059/ACR-059_In-bundleoffers_RecommendedByWhoIsNotClear1.JPG"],"nonDeceptorImageFiles":["190920/BoostSpeed-190114/11.1.0.0/Images/ACR-161/ACR-161_LandingPage_TestimonialsShouldBeVerifiable.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-161/ACR-161_LandingPage_TestimonialsShouldBeVerifiable1.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-161/ACR-161_LandingPage_TestimonialsShouldBeVerifiable2.JPG","190920/BoostSpeed-190114/11.1.0.0/Images/ACR-161/ACR-161_LandingPage_TestimonialsShouldBeVerifiable3.JPG"],"guid":"705e99af-e35b-4c7d-bf7d-63014e71251c_11.1.0.0_1","appID":"BoostSpeed-190114","dateAdded":"201231","deceptorType":"App","name":"Auslogics BoostSpeed 12","company":"Auslogics Labs Pty Ltd.","version":"11.1.0.0","firstVendorContactDate":"210105","firstAppEsteemReplyDate":"210105","firstResolvedDate":"210213","firstResolvedVersion":"12.0.0.4 (SHA256:27ACCD3E68A3BD2105FD2B83E3850E5AE8019746751CCFF7718E10F709E44B41)","resolved":"TRUE","lastKnownStatus":"Deceptor:10.0.21.0;11.0.1.2;11.1.0.0;12.0.0.2","lastKnownDate":"210213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2021-02-13T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1784},{"violations":{"ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying partner logos as if they have endorsed the app\nThe application's install wizard elevates its consumer trust level by displaying a Microsoft Partner logo as if Microsoft has endorsed the app\nThe application elevates its consumer trust level by displaying a Microsoft Partner logo as if Microsoft has endorsed the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying partner logos as if Microsoft and Intel have endorsed the app\n"},"samples":[{"isRevoked":"False","fileName":"DriverTuner.exe","companyName":"LionSea","fileVersion":"3.5","hashMD5":"c00393b892b31a3dfcb31bbde01bf51c","hashSHA1":"311a3a63df71d53af7eda25d7acaecaace1d6f9d","hashSHA256":"d5afea4b4c4a61cf29f2deaa4ec544edadee23b99059b976a92743d98548b354","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"2016","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"LionSea Software co., ltd                                   ","fileVersion":"0.0","hashMD5":"bccad4e41669c3a8a02ad7e62556ba17","hashSHA1":"91635fc5d489b73e9d913783fe76790024f00aec","hashSHA256":"f6b782e478cb2ef89f289d9382f02352b8093619e035eb39dc963696181c02a3","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"2016","avBlockList":["Avast Premium Security (20210415)","AVG Internet Security (20210415)","Avira Internet Security (20210415)","Dr.Web Security Space (20210415)","ESET Internet Security (20210415)","G DATA INTERNET SECURITY (20210415)","K7 Total Security (20210415)","Malwarebytes Premium (20210415)","McAfee Total Protection (20210415)","Norton Security (20210415)","Panda Dome (20210415)","Quick Heal Internet Security (20210415)","Sophos Home Premium (20210415)","SpyHunter5 (20210415)","Total AV Antivirus Pro (20210415)","VirIT eXplorer PRO (20210415)","Webroot SecureAnywhere (20210415)","Windows Defender (20210415)"],"avAllowList":["360 Total Security (20210415)","Bitdefender Internet Security (20210415)","COMODO Antivirus (20210415)","Kaspersky Internet Security (20210415)","Tencent PC Manager (20210415)","Trend Micro Internet Security (20210415)","VIPRE Advanced Security (20210415)"]},{"isRevoked":"False","fileName":"DPInst32.exe","companyName":"Microsoft Corporation","fileVersion":"2.1","hashMD5":"83a27a862340b21cb69baabe47127e06","hashSHA1":"aab8182f25efd022d9ba6153edee7b2c1e0bf604","hashSHA256":"8faf5788f8e4091eeaf2ae8fdc1cfb8e5c92850b0da7af8e49b82f1b06d2ad51","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"2016","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DPInst64.exe","companyName":"Microsoft Corporation","fileVersion":"2.1","hashMD5":"c7de48f2971ec49aa0a78bf02712fc36","hashSHA1":"d2957af138d952dbce8aaf4ec97c0e6f59b6cbfe","hashSHA256":"9122e0898769e445b3bdc7f110e85dd28b4b73da0951da3aac6c817e7eba06d9","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"2016","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://www.lionsea.com/category_pc.php","landingPage":"http://www.drivertuner.com/","directDownloadingLink":"http://www.lionsea.com/download/drivertuner/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.lionsea.com/download/drivertuner/setup.exe","sourceIndex":"2016"}],"sampleFiles":["201230/DriverTuner-171010/3.5.0.2/Samples/DriverTuner.exe","201230/DriverTuner-171010/3.5.0.2/Samples/setup.exe","201230/DriverTuner-171010/3.5.0.2/Samples/DPInst32.exe","201230/DriverTuner-171010/3.5.0.2/Samples/DPInst64.exe"],"imageFiles":["201230/DriverTuner-171010/3.5.0.2/Images/ACR-017/DriverTuner_OfferPage [1].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-017/DriverTuner_Interactions [1].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-084/DriverTuner_ScheduledTask [1].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-084/DriverTuner_ScheduledTask [2].png"],"nonDeceptorImageFiles":["201230/DriverTuner-171010/3.5.0.2/Images/ACR-099/DriverTuner_OfferPage [1].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-017/DriverTuner_LandingPage [1].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-017/DriverTuner_LandingPage [2].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-099/DriverTuner_LandingPage [1].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-099/DriverTuner_LandingPage [2].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-065/DriverTuner_Install [1].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-065/DriverTuner_Install [2].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-065/DriverTuner_Install [3].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-065/DriverTuner_Install [4].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-065/DriverTuner_Interactions [1].png","201230/DriverTuner-171010/3.5.0.2/Images/ACR-099/DriverTuner_Interactions [1].png"],"guid":"0c40a1fe-b9b0-4101-9ff0-eed0da5938ad_3.5.0.2_1","appID":"DriverTuner-171010","dateAdded":"201230","deceptorType":"App","name":"DriverTuner","company":"Lionsea Software co., ltd","version":"3.5.0.2","sigName":"Deceptor:Win32/DriverTuner!017084","lastKnownStatus":"Deceptor: 4.0;3.5.0.2","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1787},{"violations":{"ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying partner logos as if they have endorsed the app\nThe application's install wizard elevates its consumer trust level by displaying a Microsoft Partner logo as if Microsoft has endorsed the app\nThe application elevates its consumer trust level by displaying a Microsoft Partner logo as if Microsoft has endorsed the app.\nThe application's uninstall wizard elevates its consumer trust level by displaying a Microsoft Partner logo as if Microsoft has endorsed the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has a testimonials that that has no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get a trial of the program for a lower price.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying partner logos as if Microsoft and Intel have endorsed the app\n"},"samples":[{"isRevoked":"False","fileName":"DriverTuner_Setup.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"DriverTuner","productVersion":"3.5.0.1","hashMD5":"bdb5dce3b06815076262ab3a1df0bf69","hashSHA1":"2a44ac65a20d20df9e05e9f96e4fb34283cbbd08","hashSHA256":"41c427a06b53de0ee03070eaf516363bdd54c09aa367cfdb1f7cf1938f8c00d9","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3771","avBlockList":["Avast Premium Security (20210624)","AVG Internet Security (20210624)","Avira Internet Security (20210624)","Bitdefender Internet Security (20210624)","COMODO Antivirus (20210624)","Dr.Web Security Space (20210624)","ESET Internet Security (20210624)","G DATA INTERNET SECURITY (20210624)","K7 Total Security (20210624)","Kaspersky Internet Security (20210624)","Malwarebytes Premium (20210624)","McAfee Total Protection (20210624)","Norton Security (20210624)","Panda Dome (20210624)","Quick Heal Internet Security (20210624)","Sophos Home Premium (20210624)","SpyHunter5 (20210624)","Tencent PC Manager (20210624)","Total AV Antivirus Pro (20210624)","Trend Micro Internet Security (20210624)","VIPRE Advanced Security (20210624)","VirIT eXplorer PRO (20210624)","Webroot SecureAnywhere (20210624)","Windows Defender (20210624)"],"avAllowList":["360 Total Security (20210624)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.top4download.com","landingPage":"http://www.drivertuner.com/","directDownloadingLink":"http://www.drivertuner.com/download/DriverTuner_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3771"}],"sampleFiles":["180116/DriverTuner-171010/3.5.0.1/Samples/DriverTuner_Setup_Version_3.5.0.1.exe"],"imageFiles":["180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_INTERNAL_OFFER_SCREENSHOT_1.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_INTERNAL_OFFER_SCREENSHOT_2.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_INSTALL.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_SOFTWARE.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_UNINSTALL.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180116/DriverTuner-171010/3.5.0.1/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_1.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_2.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-120/ACR_120_UNINSTALL.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_INTERNAL_OFFER_SCREENSHOT_1.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_INTERNAL_OFFER_SCREENSHOT_2.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_INSTALL.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_SOFTWARE.PNG","180116/DriverTuner-171010/3.5.0.1/Images/ACR-017/ACR_017_UNINSTALL.PNG"],"guid":"0c40a1fe-b9b0-4101-9ff0-eed0da5938ad_3.5.0.1_1","appID":"DriverTuner-171010","dateAdded":"201230","deceptorType":"App","name":"DriverTuner","company":"Lionsea Software co., ltd","version":"3.5.0.1","sigName":"Deceptor:Win32/DriverTuner!017084","lastKnownStatus":"Deceptor: 4.0;3.5.0.2","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":3,"sortOrder":1788},{"violations":{"ACR-003":"The application exaggerates that PC performance may be compromised because their is one out of date driver, application calls updateble driver ancient to raise misleading urgency, thereby misleading or scaring the user to take action.\n","ACR-007":"The application elevates its user trust level by displaying unverifiable endorsement icons from Microsoft and Norton.\nThe application uninstall window elevates its user trust level by displaying an unverifiable endorsement icon from Microsoft.\n","ACR-084":"The application creates scheduled task to scan system while showing there is no scheduled tasks configured in its setting section.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to the privacy policy information. \n","ACR-161":"The landing page has a testimonials that that has no links back to the sources so consumers can verify they're real.\n","ACR-099":"The internal offer shopping cart webpage has no link to uninstall information.\nThe application has no link to uninstall information.\n","ACR-120":"The application prompts during uninstall stating that consumer can get a trial for a lower price for the same program.\n","ACR-003":"The application exaggerates that PC performance may be compromised because their is one out of date driver, application calls updateble driver ancient to raise misleading urgency, thereby misleading or scaring the user to take action.\n","ACR-007":"The application elevates its user trust level by displaying unverifiable endorsement icons from Microsoft and Norton.\nThe application uninstall window elevates its user trust level by displaying an unverifiable endorsement icon from Microsoft.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTuner_Setup.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"DriverTuner","productVersion":"4.0","fileVersion":"0.0.0.0","hashMD5":"2aff7b00b1dd8c1d73caede88dac2a36","hashSHA1":"f17677405bcb5f3d88930987028cb3b6c0c07c83","hashSHA256":"a2d1353e304ec405679ede4b82db1ff4d457ec1eebf64626588e5b19fe4bd8c5","digitalCertThumbprint":"8CC82BECF0DC086DE93F979F13AE3618341F7ECB","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3772","avBlockList":["Avast Premium Security (20210525)","AVG Internet Security (20210525)","Avira Internet Security (20210525)","Bitdefender Internet Security (20210525)","COMODO Antivirus (20210525)","Dr.Web Security Space (20210525)","ESET Internet Security (20210525)","G DATA INTERNET SECURITY (20210525)","K7 Total Security (20210525)","Kaspersky Internet Security (20210525)","Malwarebytes Premium (20210525)","McAfee Total Protection (20210525)","Norton Security (20210525)","Panda Dome (20210525)","Quick Heal Internet Security (20210525)","Sophos Home Premium (20210525)","SpyHunter5 (20210525)","Tencent PC Manager (20210525)","Total AV Antivirus Pro (20210525)","Trend Micro Internet Security (20210525)","VIPRE Advanced Security (20210525)","VirIT eXplorer PRO (20210525)","Webroot SecureAnywhere (20210525)","Windows Defender (20210525)"],"avAllowList":["360 Total Security (20210525)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.top4download.com","landingPage":"http://www.drivertuner.com/","directDownloadingLink":"http://www.drivertuner.com/download/DriverTuner_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3772"}],"sampleFiles":[],"imageFiles":["171013/DriverTuner-171010/4.0/Images/ACR-003/ACR-003_SOFTWARE.PNG","171013/DriverTuner-171010/4.0/Images/ACR-003/DriverTuner_Ancient.jpg","171013/DriverTuner-171010/4.0/Images/ACR-007/ACR-007_SOFTWARE.PNG","171013/DriverTuner-171010/4.0/Images/ACR-007/ACR - 007_UNINSTALL.PNG","171013/DriverTuner-171010/4.0/Images/ACR-084/ACR-084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171013/DriverTuner-171010/4.0/Images/ACR-065/ACR-065_INSTALL.PNG","171013/DriverTuner-171010/4.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_1.PNG","171013/DriverTuner-171010/4.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_2.PNG","171013/DriverTuner-171010/4.0/Images/ACR-099/ACR-099_SOFTWARE.PNG","171013/DriverTuner-171010/4.0/Images/ACR-120/ACR-120_UNINSTALL_SCREENSHOT_1.PNG","171013/DriverTuner-171010/4.0/Images/ACR-120/ACR-120_UNINSTALL_SCREENSHOT_2.PNG","171013/DriverTuner-171010/4.0/Images/ACR-003/ACR-003_SOFTWARE.PNG","171013/DriverTuner-171010/4.0/Images/ACR-003/DriverTuner_Ancient.jpg","171013/DriverTuner-171010/4.0/Images/ACR-007/ACR-007_SOFTWARE.PNG","171013/DriverTuner-171010/4.0/Images/ACR-007/ACR - 007_UNINSTALL.PNG"],"guid":"0c40a1fe-b9b0-4101-9ff0-eed0da5938ad_4.0_1","appID":"DriverTuner-171010","dateAdded":"201230","deceptorType":"App","name":"DriverTuner","company":"Lionsea Software co., ltd","version":"4.0","sigName":"Deceptor:Win32/DriverTuner!003084007","lastKnownStatus":"Deceptor: 4.0;3.5.0.2","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":3,"sortOrder":1789},{"violations":{"ACR-043":"App uses \"Cisco/Clambc.exe\" component without disclosing in EULA. \n","ACR-107":"App uses \"Cisco/Clambc.exe\" component without disclosing in EULA. \n","ACR-003":"1. \"Privacy Traces\" reports 446 items but on viewing its details it does not have 446 items, which is misleading (Count mismatch).\n2. \"Registry Items\" reports 830 items but on viewing its details it does not have 830 items, which is misleading (Count mismatch).\n3. \"Fragments\" is not substantiated. \n","ACR-004":"1. \"Privacy Traces\" reports 446 items but on viewing its details it does not have 446 items, which is misleading (Count mismatch).\n2. \"Disk cleaner\" reports 314.69, not sure about its calculation (count/MB/KB).\n3. \"Registry Items\" reports 830 items but on viewing its details it does not have 830 items, which is misleading (Count mismatch)\n4. \"Manual Repair\" option is obscure and not straightforward to the user, \"Repair\" takes the user to register now option.\n5. \"Fragments\" is not substantiated.\n6. After fix, rescanning the app shows 8 items in \"privacy traces\" and 6 in \"Registry Items\", but on clicking \"view details\" it is empty (Misleading user).\n7. Unable to fix \"startup optimization\", On rescanning it displays the same entries again.\n","ACR-103":" The malware cleaner value proposition can't be verified. During our review, none of the malware (22 malware samples) or Deceptors (100+ deceptor samples) was identified by the app. \n","ACR-014":"1.The app does not update outdated image in the landing page.\n2. Exaggerated scan results misleads the user (Privacy and Registry items).\n3. After fix, rescanning the app shows 8 items in \"privacy traces\" and 6 items in \"Registry Items\", but on clicking \"view details\" it is empty (Misleading user).\n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide privacy policy during installation.\nThe app does not provide EULA and privacy policy in the software.\nThe app does not provide EULA in the landing page as the provided link does not work.\n","ACR-092":" The app does not have digital signature for its executable. \n","ACR-019":"App uses support service from https://pcrepairspro.com. The service provides untruthful information to user. The software and services disclaimed in its term are fake and not authorized or developed by the software owner (RealDefense and ShieldApps)\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC Gold Optimizer and system repair\\PC Gold Optimizer and system repair.exe","companyName":"","productName":"PC Gold Optimizer and system repair","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"0332f07c3d01239cdeca6183b1c713c0","hashSHA1":"1c85bed13e6fb45f45690067bbed06b698526271","hashSHA256":"fc1289d4023d165319a83ca10e917274bd73a0a4a0401e214dcf18b717a9a11c","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"360","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup (1).exe","isInstaller":"True","companyName":"The Alliance Tech","productName":"PC Gold Optimizer and system repair","productVersion":"","fileVersion":"1.1.0.0","hashMD5":"8d8fd2ff5f32a0a80479730e6dd5442c","hashSHA1":"b05cc9e6996cb9c40fc11c5c707848fb3a3fc4e5","hashSHA256":"4ce4d1d24d4a1f144878ba50ba820f50969e37a6d915539962d08bfd79be6c8e","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"360","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":["Dr.Web Security Space (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","Trend Micro Internet Security (20210427)"]}],"additionalFiles":[{"isRevoked":"False","isAdditional":"True","companyName":"https://pcrepairspro.com/","hashMD5":"","hashSHA1":"","hashSHA256":"https://pcrepairspro.com/","sourceIndex":"360","avBlockList":[],"avAllowList":[]}],"sources":[{"howFound":"","reference":"https://www.thepcgold.com/","landingPage":"https://www.thepcgold.com/","directDownloadingLink":"https://www.thepcgold.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.thepcgold.com/","sourceIndex":"360"}],"sampleFiles":["201228/PCGoldOptimizer-200924/1.1.0.0/Samples/setup (1).exe"],"imageFiles":["201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_ExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_PrivacyItemsExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_DiskCleanerCountIsNotClear.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_RegistryItemsExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_ManualRepairIsNotObscure.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_FragmentsNotSubstantiated.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_MisleadingCountAfterFix1.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_MisleadingCountAfterFix.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-004/ACR-004_Software_NoFixForStartupOptimization.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-003/ACR-003_Software_ExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-003/ACR-003_Software_PrivacyItemsExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-003/ACR-003_Software_RegistryItemsExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-003/ACR-003_Software_FragmentsNotSubstantiated.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-014/ACR-014_LandingPage_OutdatedImage.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-014/ACR-014_Software_ExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-014/ACR-014_Software_PrivacyItemsExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-014/ACR-014_Software_RegistryItemsExaggeratingCount.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-014/ACR-014_Software_MisleadingCountAfterFix1.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-014/ACR-014_Software_MisleadingCountAfterFix2.JPG"],"nonDeceptorImageFiles":["201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-065/ACR-065_Software_NoEULA.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-065/ACR-065_Software_NoPrivacyPolicy.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-065/ACR-065_LandingPage_NoEULA.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-019/ServiceSupportTermForPCGold.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-019/ServiceSupportTermForPCGoldContact.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-019/ServiceSupportTermForPCGoldContact2.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-019/ServiceSupportTermForPCGoldWithFakeInfo.JPG","201228/PCGoldOptimizer-200924/1.1.0.0/Images/ACR-019/ServiceSupportTermForPCGoldWithFakeInfo2.JPG"],"guid":"192752c9-9717-49b3-9139-7f0cf5ebec73_1.1.0.0_1","appID":"PCGoldOptimizer-200924","dateAdded":"201228","deceptorType":"App","name":"PC Gold Optimizer and System Repair ","company":"The Alliance Tech","version":"1.1.0.0","firstVendorContactDate":"200927","firstAppEsteemReplyDate":"200927","lastKnownStatus":"1.0;1.1;1.1.0;1.1.0.0","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-12T23:21:36.4429483+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1790},{"violations":{"ACR-043":"App uses \"Cisco/Clambc.exe\" component without disclosing in EULA.\n","ACR-107":"App uses \"Cisco/Clambc.exe\" component without disclosing in EULA.\n","ACR-003":"1. \"Privacy Traces\" reports 354 items but on viewing its details it does not have 354 items, which is misleading (Count mismatch).\n2. \"Registry Items\" includes empty space in count of items to fix resulting in more number of identified items (Exaggerating the count)\n3. \"Fragments\" is not substantiated.\n","ACR-004":"1. \"Privacy Traces\" reports 354 items but on viewing its details it does not have 354 items, which is misleading.\n2. \"Disk cleaner\" reports 873.25, not sure about its calculation (count/MB/KB).\n3. The notification alert displays corrupt system files has identified 0 items but fix is recommended, which is misleading.\n4. \"Registry Items\" includes empty space in count of items to fix resulting in more number of identified items\n5. \"Manual Repair\" option is obscure and not straightforward to the user, \"Repair\" takes the user to register now option.\n6. \"Fragments\" is not substantiated.\n7. After fix, rescanning the app shows 33 items in \"privacy traces\", but on clicking \"view details\" it is empty (Misleading user).\n","ACR-103":"The malware cleaner value proposition can't be verified. During our review, none of the malware (22 malware samples) or Deceptors (25+ deceptor samples) was identified by the app (Unable to perform full scan).\n","ACR-014":"1.The app does not update outdated image in the landing page.\n2. Exaggerated scan results misleads the user.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide privacy policy during installation.\nThe app does not provide EULA and privacy policy in the software.\n","ACR-092":"The app does not have digital signature for its executable.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC Gold Optimizer and system repair\\PC Gold Optimizer and system repair.exe","companyName":"","productName":"PC Gold Optimizer and system repair","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"fd00202b7912b6360967becfe5685f3f","hashSHA1":"24155c98c97493a4aef0aa3076fa4fc3da2c69be","hashSHA256":"3279dc9d8743ca3428353fb40910dc3dfe75a3aded71f9f2ee66527f6f010431","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"361","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_6255.exe","isInstaller":"True","companyName":"The Alliance Tech","productName":"PC Gold Optimizer and system repair","productVersion":"","fileVersion":"1.1.0.0","hashMD5":"5cefef30d48d8844b5442a334365348e","hashSHA1":"7fc9625ba4c6bd3c4e548beab1e583e112d5856f","hashSHA256":"6255753daf7debcd20d721b46f1bd1e7aaaf943b7bdfce717cf5918c17220076","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"361","avBlockList":["360 Total Security (20201229)","Avast Premium Security (20201229)","AVG Internet Security (20201229)","Avira Internet Security (20201229)","COMODO Antivirus (20201229)","ESET Internet Security (20201229)","K7 Total Security (20201229)","McAfee Total Protection (20201229)","Norton Security (20201229)","Panda Dome (20201229)","Quick Heal Internet Security (20201229)","Sophos Home Premium (20201229)","SpyHunter5 (20201229)","Total AV Antivirus Pro (20201229)","VirIT eXplorer PRO (20201229)","Webroot SecureAnywhere (20201229)","Windows Defender (20201229)"],"avAllowList":["Bitdefender Internet Security (20201229)","Dr.Web Security Space (20201229)","G DATA INTERNET SECURITY (20201229)","Kaspersky Internet Security (20201229)","Malwarebytes Premium (20201229)","Tencent PC Manager (20201229)","Trend Micro Internet Security (20201229)","VIPRE Advanced Security (20201229)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.thepcgold.com/","landingPage":"https://www.thepcgold.com/","directDownloadingLink":"https://www.thepcgold.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.thepcgold.com/","sourceIndex":"361"}],"sampleFiles":["201228/PCGoldOptimizer-200924/1.1.0/Samples/setup_6255.exe"],"imageFiles":["201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_CountMismatch.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_PrivacyTracesCountMismatch1.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_DiskCleanerCountIsNotClear2.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_DiskCleanerCountIsNotClear.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_MisleadingAlert3.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_EmptySpaceInCount4.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_FreeFixOptionIsObscure5.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_NoSubstantiation6.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-004/ACR-004_Software_DoesNotFix7.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-003/ACR-003_Software_CountMismatch.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-003/ACR-003_Software_PrivacyTracesCountMismatch1.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-003/ACR-003_Software_EmptySpaceInCount2.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-003/ACR-003_Software_NoSubstantiationOfFragments3.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-014/ACR-014_LandingPage_OutdatedImage.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-014/ACR-014_Software_CountMismatch.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-014/ACR-014_Software_PrivacyTracesCountMismatch1.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-014/ACR-014_Software_EmptySpaceInCount2.JPG"],"nonDeceptorImageFiles":["201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-065/ACR-065_Software_NoEULA.JPG","201228/PCGoldOptimizer-200924/1.1.0/Images/ACR-065/ACR-065_Software_NoPrivacyPolicy.JPG"],"guid":"192752c9-9717-49b3-9139-7f0cf5ebec73_1.1.0_1","appID":"PCGoldOptimizer-200924","dateAdded":"201228","deceptorType":"App","name":"PC Gold Optimizer and System Repair ","company":"The Alliance Tech","version":"1.1.0","firstVendorContactDate":"200927","firstAppEsteemReplyDate":"200927","lastKnownStatus":"1.0;1.1;1.1.0;1.1.0.0","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-12T23:19:50.7094691+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1791},{"violations":{"ACR-048":"The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch \nApp does not have a setting option for user to control to complete close app and not prompt the notification message in right bottom.\n\n","ACR-003":"The app exaggerates the number of files found without substantiated information.\n","ACR-004":"The app reports issues without substantiated information and uses color red to raise the unnecessary urgency for user to upgrade to pro.\n","ACR-118":"After uninstall the app, it retains one or more executable without the consumer's knowledge\n","ACR-014":"Exaggerated scan results shown by the software are baseless and misleading because they are not substantiated.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-038":"The install does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-065":"The install does not display links to the EULA and/or Terms of Service,  Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service (page not found), the Returns and Cancellation Policy, or the Privacy Policy. \nThe Landing Page does not display links to the Returns and Cancellation Policy (page not found).\n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 1.0 vs version 1.1) \nThe App's version is not consistent between App interaction and its install.\n","ACR-099":"The landing page has no link or information that shows how it can be uninstalled. \n","ACR-167":"The application's has no mention of a 30 days refund policy. (PAGE NOT FOUND ERROR)\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"524ac21dfee8fe081c15872f1973e475","hashSHA1":"bab1e715d866984b125d2c53daffbdde79722c81","hashSHA256":"3615fc855a22ae05e4bb2f77635b664d81aec12e612b2ab850e413ec43169cb8","digitalCertThumbprint":"6822E12BAEE83D18166A24496F695A15997B1175","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alliance Antivirus Private Limited, O=Alliance Antivirus Private Limited, STREET=27/9 C DLF Phase 3, L=Gurgaon, S=Haryana, PostalCode=122008, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=085347","sourceIndex":"362","avBlockList":["360 Total Security (20210415)","Avast Premium Security (20210415)","AVG Internet Security (20210415)","Avira Internet Security (20210415)","Bitdefender Internet Security (20210415)","COMODO Antivirus (20210415)","Dr.Web Security Space (20210415)","ESET Internet Security (20210415)","G DATA INTERNET SECURITY (20210415)","K7 Total Security (20210415)","Kaspersky Internet Security (20210415)","Malwarebytes Premium (20210415)","McAfee Total Protection (20210415)","Norton Security (20210415)","Panda Dome (20210415)","Quick Heal Internet Security (20210415)","Sophos Home Premium (20210415)","SpyHunter5 (20210415)","Tencent PC Manager (20210415)","Total AV Antivirus Pro (20210415)","VIPRE Advanced Security (20210415)","VirIT eXplorer PRO (20210415)","Webroot SecureAnywhere (20210415)","Windows Defender (20210415)"],"avAllowList":["Trend Micro Internet Security (20210415)"]},{"isRevoked":"False","fileName":"PC Gold Optimizer and system repair.exe","fileVersion":"1.0","hashMD5":"40d98372009ca5b24bbd05ec06a65594","hashSHA1":"582546d6c63ee45945b34fc46689bfc97d5f07d9","hashSHA256":"d061cfa1a3f86a8cbabacabba0f419e99a868be96b2427a851f6d26558adc451","digitalCertThumbprint":"6822E12BAEE83D18166A24496F695A15997B1175","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alliance Antivirus Private Limited, O=Alliance Antivirus Private Limited, STREET=27/9 C DLF Phase 3, L=Gurgaon, S=Haryana, PostalCode=122008, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=085347","sourceIndex":"362","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_DF0E.exe","isInstaller":"True","companyName":"The Alliance Tech","fileVersion":"1.0","hashMD5":"b62f752fc7aec86804c254b04fbbf2f8","hashSHA1":"39b2206fff0df82cee1a85a67b33d25dbe525a98","hashSHA256":"df0ee877134a1bf14dd78b27bf9eb9e707a93f523d03dd13d6b9fea61b00890d","digitalCertThumbprint":"6822E12BAEE83D18166A24496F695A15997B1175","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alliance Antivirus Private Limited, O=Alliance Antivirus Private Limited, STREET=27/9 C DLF Phase 3, L=Gurgaon, S=Haryana, PostalCode=122008, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=085347","sourceIndex":"362","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_2E7F.exe","isInstaller":"True","companyName":"The Alliance Tech","fileVersion":"1.0","hashMD5":"73347b716a6ef93ce19cd5b35d8f72b8","hashSHA1":"77d1c9282e64db52af95ba12bd5d03b5a2b2a8c5","hashSHA256":"2e7f5c6c96400a5f1c216582dc5181898fe5ed887d7d2da9a61909f727a778cb","sourceIndex":"362","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.thepcgold.com/","landingPage":"https://www.thepcgold.com/","directDownloadingLink":"https://www.thepcgold.com/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.thepcgold.com/setup.exe","sourceIndex":"362"}],"sampleFiles":["201228/PCGoldOptimizer-200924/1.1/Samples/setup.exe","201228/PCGoldOptimizer-200924/1.1/Samples/PC Gold Optimizer and system repair.exe","201228/PCGoldOptimizer-200924/1.1/Samples/setup_DF0E.exe","201228/PCGoldOptimizer-200924/1.1/Samples/setup_2E7F.exe"],"imageFiles":["201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_Installs [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_Installs [2].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_Installs [3].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_Installs [4].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [3] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [4] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [5] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [6] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [7] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [8] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [9] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [10] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Interactions [11] Register.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-004/PC Gold_Offers [2].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_SideNotification [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_SideNotification [2].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_SideNotification [3].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_Interactions [2] Settings.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-048/PC Gold_SideNotification [4] Settings.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_Interactions [3] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_Interactions [4] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_Interactions [5] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_Interactions [6] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_Interactions [7] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_Interactions [8] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_Interactions [10] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_SideNotification [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_SideNotification [2].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-003/PC Gold_SideNotification [3].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-014/PC Gold_Interactions [4] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-014/PC Gold_Interactions [8] Scanning.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-014/PC Gold_SideNotification [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-014/PC Gold_SideNotification [2].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-014/PC Gold_SideNotification [3].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-118/PC Gold_RetainedAfterUninstall [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-164/PC Gold_Offers [1].png"],"nonDeceptorImageFiles":["201228/PCGoldOptimizer-200924/1.1/Images/ACR-038/PC Gold_InstallerFileProperty [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-065/PC Gold_Installs [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-065/PC Gold_Installs [2].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-002/PC Gold_About [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-002/PC Gold_Installs [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-002/PC Gold_Installs [2].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-002/PC Gold_Installs [4].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-065/PC Gold_About [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-065/PC Gold_Support [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-065/PC Gold_NOTFound [1] EULA.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-002/PC Gold_About [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-002/PC Gold_Installs [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-002/PC Gold_Installs [2].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-002/PC Gold_Installs [4].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-167/PC Gold_NOTFound [2] Refund.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-065/PC Gold_LandingPage [1].png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-065/PC Gold_NOTFound [2] Refund.png","201228/PCGoldOptimizer-200924/1.1/Images/ACR-099/PC Gold_LandingPage [1].png"],"guid":"192752c9-9717-49b3-9139-7f0cf5ebec73_1.1_1","appID":"PCGoldOptimizer-200924","dateAdded":"201228","deceptorType":"App","name":"PC Gold Optimizer and System Repair ","company":"The Alliance Tech","version":"1.1","sigName":"Deceptor:Win32/PCGoldOptimizerandSystemRepair!048004003014118164","firstVendorContactDate":"200927","firstAppEsteemReplyDate":"200927","lastKnownStatus":"1.0;1.1;1.1.0;1.1.0.0","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-12T23:17:40.4789868+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1792},{"violations":{"ACR-048":"The install greys out the close and cancel buttons, which limits the consumer's ability to stop after the initial launch \nApp does not have a setting option for user to control to complete close app and not prompt the notification message in right bottom.\n\n","ACR-003":"The app exaggerates the number of files found without substantiated information.\n","ACR-004":"The app reports issues without substantiated information and use them upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. The app also uses color red and alarming exclamation symbol to raise the unnecessary urgency for user to upgrade to pro.\n","ACR-118":"After uninstall the app, it retains one or more executable without the consumer's knowledge\n","ACR-014":"Scan results shown by the software are described using baseless but threatening-sounding language such as \"high\". Such description is unfair and misleading because they are not substantiated and do not provide any real insight to what the issue is.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-038":"The install does not have a name that allows it to be clearly identified by the targeted consumer as related to the app.\n","ACR-040":"The app installs itself in a hidden folder \"App Data \".\n","ACR-065":"The install does not display links to the EULA and/or Terms of Service,  Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA and/or Terms of Service (page not found), the Returns and Cancellation Policy, or the Privacy Policy. \nThe Landing Page does not display links to the Returns and Cancellation Policy (page not found).\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe landing page has no link or information that shows how it can be uninstalled. \n","ACR-167":"The application's has no mention of a 30 days refund policy. (PAGE NOT FOUND ERROR)\n"},"samples":[{"isRevoked":"False","fileName":"PC Gold Optimizer and system repair.exe","fileVersion":"1.0","hashMD5":"e76b41e2d9d9d993b283bc772ce56465","hashSHA1":"3b4f979446fb002870805a5efd1d237e06cc37b5","hashSHA256":"f8a2ba57dd09d5e00af37c3b5ddee8e354f3e9a9a7b0f54824736b74994d0373","digitalCertThumbprint":"6822E12BAEE83D18166A24496F695A15997B1175","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alliance Antivirus Private Limited, O=Alliance Antivirus Private Limited, STREET=27/9 C DLF Phase 3, L=Gurgaon, S=Haryana, PostalCode=122008, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=085347","sourceIndex":"363","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b2adc88b705c3e5b6ad149356ed49d40","hashSHA1":"e929c782e404250596025e1540e9149d9167e5f2","hashSHA256":"6273e51020bed156b40176a344c5e4e9d58b13e937fdfee745f013364fce32e5","digitalCertThumbprint":"6822E12BAEE83D18166A24496F695A15997B1175","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alliance Antivirus Private Limited, O=Alliance Antivirus Private Limited, STREET=27/9 C DLF Phase 3, L=Gurgaon, S=Haryana, PostalCode=122008, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=085347","sourceIndex":"363","avBlockList":["360 Total Security (20210624)","Avast Premium Security (20210624)","AVG Internet Security (20210624)","Avira Internet Security (20210624)","Bitdefender Internet Security (20210624)","COMODO Antivirus (20210624)","Dr.Web Security Space (20210624)","ESET Internet Security (20210624)","G DATA INTERNET SECURITY (20210624)","K7 Total Security (20210624)","Kaspersky Internet Security (20210624)","Malwarebytes Premium (20210624)","McAfee Total Protection (20210624)","Norton Security (20210624)","Panda Dome (20210624)","Quick Heal Internet Security (20210624)","Sophos Home Premium (20210624)","SpyHunter5 (20210624)","Tencent PC Manager (20210624)","Total AV Antivirus Pro (20210624)","VIPRE Advanced Security (20210624)","VirIT eXplorer PRO (20210624)","Webroot SecureAnywhere (20210624)","Windows Defender (20210624)"],"avAllowList":["Trend Micro Internet Security (20210624)"]},{"isRevoked":"False","fileName":"PC Gold Optimizer and system repair_D039.exe","fileVersion":"1.0","hashMD5":"ef799a9a6b095cc5c326f932eec1c0fe","hashSHA1":"7ef583f53bb7f65aa38d1d830294f981a48cd539","hashSHA256":"d0399c1b3285745ba64f576a85d6be3576d52f2d259cc9d65e8a451d9e9b4fe3","digitalCertThumbprint":"6822E12BAEE83D18166A24496F695A15997B1175","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alliance Antivirus Private Limited, O=Alliance Antivirus Private Limited, STREET=27/9 C DLF Phase 3, L=Gurgaon, S=Haryana, PostalCode=122008, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=085347","sourceIndex":"363","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_E8D3.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"921489338946df47b6f85348962e589f","hashSHA1":"826238c60c9d9e079b74ff53a428a932c4c24007","hashSHA256":"e8d300a87b48d522c88fd89946d261de6152437a6be69525735dc39381532413","digitalCertThumbprint":"6822E12BAEE83D18166A24496F695A15997B1175","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alliance Antivirus Private Limited, O=Alliance Antivirus Private Limited, STREET=27/9 C DLF Phase 3, L=Gurgaon, S=Haryana, PostalCode=122008, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=085347","sourceIndex":"363","avBlockList":["360 Total Security (20200930)","Avast Premium Security (20200930)","AVG Internet Security (20200930)","Avira Internet Security (20200930)","COMODO Antivirus (20200930)","ESET Internet Security (20200930)","K7 Total Security (20200930)","McAfee Total Protection (20200930)","Norton Security (20200930)","Sophos Home Premium (20200930)","SpyHunter5 (20200930)","VirIT eXplorer PRO (20200930)","Windows Defender (20200930)"],"avAllowList":["Bitdefender Internet Security (20200930)","Dr.Web Security Space (20200930)","G DATA INTERNET SECURITY (20200930)","Kaspersky Internet Security (20200930)","Malwarebytes Premium (20200930)","Panda Dome (20200930)","Quick Heal Internet Security (20200930)","Tencent PC Manager (20200930)","Total AV Antivirus Pro (20200930)","Trend Micro Internet Security (20200930)","VIPRE Advanced Security (20200930)","Webroot SecureAnywhere (20200930)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.thepcgold.com/","landingPage":"https://www.thepcgold.com/","directDownloadingLink":"https://www.thepcgold.com/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.thepcgold.com/","sourceIndex":"363"}],"sampleFiles":["201228/PCGoldOptimizer-200924/1.0/Samples/PC Gold Optimizer and system repair.exe","201228/PCGoldOptimizer-200924/1.0/Samples/setup.exe","201228/PCGoldOptimizer-200924/1.0/Samples/PC Gold Optimizer and system repair_D039.exe","201228/PCGoldOptimizer-200924/1.0/Samples/setup_E8D3.exe"],"imageFiles":["201228/PCGoldOptimizer-200924/1.0/Images/ACR-048/PC Gold_Install [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-048/PC Gold_Install [2].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-048/PC Gold_Install [3].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-048/PC Gold_Install [4].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-004/PC Gold_Interactions [2] Scanning [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-004/PC Gold_Interactions [2] Scanning [2].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-004/PC Gold_Interactions [2] Scanning [3].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-004/PC Gold_Interactions [2] Scanning [4].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-004/PC Gold_Interactions [4] ScanResults.png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-004/PC Gold_Interactions [5] Register.png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-048/PC Gold_Interactions [1] Setting.png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-048/PC Gold_SideNotification [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-048/PC Gold_SideNotification [2].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-048/PC Gold_SideNotification [3].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-003/PC Gold_Interactions [2] Scanning [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-003/PC Gold_Interactions [2] Scanning [2].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-003/PC Gold_Interactions [2] Scanning [3].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-003/PC Gold_Interactions [2] Scanning [4].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-003/PC Gold_SideNotification [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-003/PC Gold_SideNotification [2].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-003/PC Gold_SideNotification [3].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-014/PC Gold_Interactions [2] Scanning [3].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-014/PC Gold_Interactions [2] Scanning [4].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-118/PC Gold_RetainedAfterUninstall [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-118/PC Gold_RetainedAfterUninstall [2].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-164/PCGold_InternalOffer [1].png"],"nonDeceptorImageFiles":["201228/PCGoldOptimizer-200924/1.0/Images/ACR-038/PC Gold_InstallerFileProperty [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-040/PC Gold_FileComponents [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-065/PC Gold_Install [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-065/PC Gold_Install [4].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-065/PC Gold_About [1] .png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-065/PC Gold_Interactions [1] Support.png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-065/PC Gold_NOTFound [4] EULA.png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-099/PC Gold_About [1] .png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-099/PC Gold_Interactions [1] Support.png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-167/PC Gold_NOTFound [2] Refund.png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-065/PC Gold_LandingPage [1].png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-065/PC Gold_NOTFound [2] Refund.png","201228/PCGoldOptimizer-200924/1.0/Images/ACR-099/PC Gold_LandingPage [1].png"],"guid":"192752c9-9717-49b3-9139-7f0cf5ebec73_1.0_1","appID":"PCGoldOptimizer-200924","dateAdded":"201228","deceptorType":"App","name":"PC Gold Optimizer and System Repair ","company":"The Alliance Tech","version":"1.0","sigName":"Deceptor:Win32/PCGoldOptimizerandSystemRepair!048004003014118164","firstVendorContactDate":"200927","firstAppEsteemReplyDate":"200927","lastKnownStatus":"1.0;1.1;1.1.0;1.1.0.0","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-12T23:17:02.8415977+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1793},{"violations":{"ACR-048":"The app prevents itself from being uninstalled by the targeted consumer.\n","ACR-007":"The app does not explicit notification to the targeted consumer when it is running. \n","ACR-084":"The app removes itself from the All Apps page and hides from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or stores their data.\n","ACR-116":"The app cannot be uninstalled by platform standard uninstall method.\n","ACR-014":"The app calls itself \" sysmond”, which is not related to the name \"Hoverwatch\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not provide links to the app's Returns and Cancellation Policy. \nThe app's about page does not have links to the app's Returns and Cancellation Policy\nThe app's landing page does not have links to the app's Returns and Cancellations Policy.\nThe app's internal offer page does not have links to the app's Returns and Cancellations Policy.\n","ACR-002":"The app calls itself \"sysmond\" during and after the install, which is not consistent with the name \"Hoverwatch\".\n","ACR-161":"The landing offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The app does not display links to uninstall information\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Hoverwatch","fileVersion":"0.","hashMD5":"e8329aa2d1fa18ce23d96cb9b405ff57","hashSHA1":"4c4bce5b17c7a355dac048c1752c566548b6a94d","hashSHA256":"92ee2d64822a786209f4f7d6a5245923c3b50b8de7fca634c0c2212528926bcc","sourceIndex":"2021","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup-mac-3w47p[pass_hoverwatch].dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"a2e280829628d52b5a8d592feadad065","hashSHA1":"7a44a59b5ec46213fb0029c95adc43fd5b8a21ba","hashSHA256":"7a55936336888cce15bd070ed210d5787515df99596508bbd21e935fb8a279a9","sourceIndex":"2021","avBlockList":["Avast Security for Mac (20210309)","Avira Security for Mac (20210309)","K7 Antivirus for Mac (20210309)","McAfee Internet Security for Mac (20210309)","Norton Security for Mac (20210309)"],"avAllowList":["Bitdefender Antivirus for Mac (20210309)","ESET Cyber Security Pro for Mac (20210309)","G DATA AntiVirus for Mac (20210309)","Kaspersky Internet Security for Mac (20210309)","Trend Micro Antivirus for Mac (20210309)"]},{"isRevoked":"False","fileName":"sysmond","fileVersion":"0.","hashMD5":"5e281bf9115fd863be554c75394f3e81","hashSHA1":"e930ba939dac2feb174e7357f21ecbf15fcc2f26","hashSHA256":"49293cd6093eab37cff63fbdaf8aa0986fb14ebff50ed9b335083f28ee3dace2","sourceIndex":"2021","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search: Keylogger for Mac","reference":"","landingPage":"https://www.hoverwatch.com","directDownloadingLink":"https://m.hw.cab/3wmst/setup-mac-3wmst.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://m.hw.cab/3wmst/setup-mac-3wmst.dmg","sourceIndex":"2021"}],"sampleFiles":["201221/HoverwatchforMac-201221/1.6.3/Samples/Hoverwatch","201221/HoverwatchforMac-201221/1.6.3/Samples/setup-mac-3w47p[pass_hoverwatch].dmg","201221/HoverwatchforMac-201221/1.6.3/Samples/sysmond"],"imageFiles":["201221/HoverwatchforMac-201221/1.6.3/Images/ACR-084/Hoverwatch_AppsInstalled [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-086/Hoverwatch_Install [3].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-048/Hoverwatch_RunningProcess [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-048/Hoverwatch_AppsInstalled [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-007/Hoverwatch_Install [2].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-007/Hoverwatch_RunningProcess [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-014/Hoverwatch_RunningProcess [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-116/Hoverwatch_AppsInstalled [1].png"],"nonDeceptorImageFiles":["201221/HoverwatchforMac-201221/1.6.3/Images/ACR-065/Hoverwatch_Install [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-065/Hoverwatch_DashBoard [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-099/Hoverwatch_DashBoard [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-002/Hoverwatch_RunningProcess [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-065/Hoverwatch_LandingPage [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-161/Hoverwatch_LandingPage [2]Testimonial.png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-065/Hoverwatch_OfferPage [1].png","201221/HoverwatchforMac-201221/1.6.3/Images/ACR-099/Hoverwatch_OfferPage [1].png"],"guid":"708a1ac0-a8fe-4ff7-a60e-6717519abc75_1.6.3_1","appID":"HoverwatchforMac-201221","dateAdded":"201221","deceptorType":"MacOS App","name":"Hoverwatch for Mac ","company":"Hoverwatch","version":"1.6.3","sigName":"Deceptor:MacOS/HoverwatchforMac!084086048007014116","lastKnownStatus":"1.6.3","lastKnownDate":"201221","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-12-23T00:12:43.8168173+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1794},{"violations":{"ACR-016":"Instead of directing user to promoted application's landing page with more details about the application, the promoted application is downloaded directly from the clickable links.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Security Partner Report","reference":"Website provide wrong information about security process","landingPage":"http://windowsbulletin.com/files/exe","directDownloadingLink":"http://www.reimageplus.com/includes/router_land.php?tracking=BT&adgroup=WindowsBulletinTop&exec=run","ipv4":"","ipv6":"","landingPageWildChar":"http://windowsbulletin.com/files/exe/*","sourceIndex":"2023"}],"sampleFiles":[],"imageFiles":["201219/WindowsBulletinCom-190430/201219/Images/ACR-016/windowsbulletin_016.JPG","201219/WindowsBulletinCom-190430/201219/Images/ACR-016/windowsbulletin_016_1.JPG","201219/WindowsBulletinCom-190430/201219/Images/ACR-016/windowsbulletin_016_2.JPG"],"nonDeceptorImageFiles":[],"guid":"3ca8372b-6669-485d-8a63-0fc5b9873afd_201219_1","appID":"WindowsBulletinCom-190430","dateAdded":"201219","deceptorType":"Affiliate","name":"WindowsBulletin_Com","company":"WindowsBulletinCom","version":"201219","sigName":"Deceptor:Affiliate/WindowsBulletin_Com!016","lastKnownStatus":"201219","lastKnownDate":"201219","type":"Affiliate","category":"Productivity","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"display ads","lastUpdate":"2020-12-20T00:11:20.6541222+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1795},{"violations":{"ACR-014":"The affiliate website provides misleading information about security product process, that directs user with unfair information to download the application promoted by this affiliate. The said processes in the example screen captures will be high PC resource consumption during scanning system and processing files. \n","ACR-016":"Instead of directing user to promoted application's landing page with more details about the application, the promoted application is downloaded directly when user clicks the link \"Identify ekrn.exe related errors\"  or \"download\" button. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Security Partner Report","reference":"Website provide wrong information about security process","landingPage":"http://windowsbulletin.com/files/exe","directDownloadingLink":"http://windowsbulletin.com/files/exe/enigma-software-group/spyhunter/spyhunter4-exe","ipv4":"","ipv6":"","landingPageWildChar":"http://windowsbulletin.com/files/exe/*","sourceIndex":"3090"}],"sampleFiles":[],"imageFiles":["190430/WindowsBulletinCom-190430/190430/Images/ACR-014/Affiliate_TA_RI.PNG","190430/WindowsBulletinCom-190430/190430/Images/ACR-014/Affiliate_TA_RI_2.PNG","190430/WindowsBulletinCom-190430/190430/Images/ACR-014/Affiliate_TA_RI_3.PNG","190430/WindowsBulletinCom-190430/190430/Images/ACR-014/Affiliate_TA_RI_4.PNG","190430/WindowsBulletinCom-190430/190430/Images/ACR-016/Affiliate_TA_RI_2.PNG","190430/WindowsBulletinCom-190430/190430/Images/ACR-016/Affiliate_TA_RI_DirectDownload.PNG"],"nonDeceptorImageFiles":[],"guid":"3ca8372b-6669-485d-8a63-0fc5b9873afd_190430_1","appID":"WindowsBulletinCom-190430","dateAdded":"201219","deceptorType":"Affiliate","name":"WindowsBulletin_Com","company":"WindowsBulletinCom","version":"190430","sigName":"Deceptor:Affiliate/WindowsBulletinCom!014016","lastKnownStatus":"201219","lastKnownDate":"201219","type":"Affiliate","targetOS":"None","targetBrowser":"None","lastUpdate":"2020-12-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1796},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Red\" color bar  and reports as \"Your PC contains XXX items for optimization” thereby misleading or scaring the consumer to take action. \n","ACR-004":"App only provides free fixes for the  “50 pc items” scan results. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. \n","ACR-017":"The application elevates its consumer trust level by displaying an unverifiable Microsoft Partner logo.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-118":"There are some executable files were left behind even after app shows uninstall completed.\n"},"nonDeceptorViolations":{"ACR-065":"The application's landing page has no link to the Returns and Cancellation Policy.\nThe application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy. \nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction and install wizard.\nThe App's version is not consistent between App interaction and install wizard.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"QuickPCBooster.exe","companyName":"Xportsoft Technologies","fileVersion":"4.0","hashMD5":"40cc4136e40cae905dcd1e53e145cbdb","hashSHA1":"132bf6aa8eb3e3b31925cbd49d7e6099a08347b1","hashSHA256":"fb488d6ef037c5881509cbdd91a370013d50347a4bdce7c38e853de1fffa4e69","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Kardhan Road\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"364","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"QuickPCBoosterSetUp.exe","isInstaller":"True","companyName":"Xportsoft.com","fileVersion":"8.1","hashMD5":"c10da0c890b3b148ae79718e034d55ad","hashSHA1":"43cae0bd233ea285c2bd8bc04355b82f260b7944","hashSHA256":"d52010e3094c40f328871ab4936e454a7ef3d5c72712aaa79ba97e0905729bb3","digitalCertThumbprint":"B51B9A3F1136B904533D59134CB1F825880B9D01","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies private Ltd, O=Xportsoft Technologies private Ltd, STREET=\"Near Gugga Maadi,Khojkipur\", L=Ambala, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"364","avBlockList":["360 Total Security (20210415)","Avast Premium Security (20210415)","AVG Internet Security (20210415)","Avira Internet Security (20210415)","Bitdefender Internet Security (20210415)","COMODO Antivirus (20210415)","Dr.Web Security Space (20210415)","ESET Internet Security (20210415)","G DATA INTERNET SECURITY (20210415)","K7 Total Security (20210415)","Malwarebytes Premium (20210415)","McAfee Total Protection (20210415)","Norton Security (20210415)","Panda Dome (20210415)","Quick Heal Internet Security (20210415)","Sophos Home Premium (20210415)","SpyHunter5 (20210415)","Tencent PC Manager (20210415)","Total AV Antivirus Pro (20210415)","Trend Micro Internet Security (20210415)","VIPRE Advanced Security (20210415)","VirIT eXplorer PRO (20210415)","Webroot SecureAnywhere (20210415)","Windows Defender (20210415)"],"avAllowList":["Kaspersky Internet Security (20210415)"]},{"isRevoked":"False","fileName":"QuickPCBoosterTrays.exe","companyName":"Xportsoft Technologies","fileVersion":"1.1","hashMD5":"f6d4a14fcc29aab4a1e174090ccd6967","hashSHA1":"fc5607c09f5acd22ecd901b78fa6307f39cf9d34","hashSHA256":"a64b1a5ac1b86e9c43285523f82789b542356ddc734d3592ab04cf5223608492","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Kardhan Road\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"364","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StartApps.exe","companyName":"Xportsoft Technologies","fileVersion":"1.0","hashMD5":"b44fc9ef5a493df357e3c4e5fe5462a1","hashSHA1":"8817ac3fc3a38d2cf21a7d522e2c2bf3a1d7111f","hashSHA256":"0006468d0b30b38d12e96acad3fc367121b39b630c8db22bbc3613b276c287e0","sourceIndex":"364","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://xportsoft.com","landingPage":"https://www.quickpcbooster.com/","directDownloadingLink":"https://quickpcbooster.com/QuickPCBoosterSetUp.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://quickpcbooster.com/QuickPCBoosterSetUp.exe","sourceIndex":"364"}],"sampleFiles":["201216/QuickPCBooster-171011/4.0.6.6/Samples/QuickPCBooster.exe","201216/QuickPCBooster-171011/4.0.6.6/Samples/QuickPCBoosterSetUp.exe","201216/QuickPCBooster-171011/4.0.6.6/Samples/QuickPCBoosterTrays.exe","201216/QuickPCBooster-171011/4.0.6.6/Samples/StartApps.exe"],"imageFiles":["201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-003/QuickPCBooster_Interactions [3].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-003/QuickPCBooster_Interactions [6].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-017/QuickPCBooster_Interactions [3_].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-084/QuickPCBooster_Tasks [1].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-084/QuickPCBooster_Tasks [2].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-118/QuickPCBooster_UninstallRetainedFiles[1].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-004/QuickPCBooster_Interactions [3].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-004/QuickPCBooster_Interactions [6].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-004/QuickPCBooster_Interactions [7].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-004/QuickPCBooster_Interactions [8].png"],"nonDeceptorImageFiles":["201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-099/QuickPCBooster_OfferPage [1].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-065/QuickPCBooster_LandingPage [1].jpg","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-099/QuickPCBooster_LandingPage [1].jpg","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-168/QuickPCBooster_LandingPage [2].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-002/QuickPCBooster_Install [1].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-002/QuickPCBooster_About [1].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-002/QuickPCBooster_About [2] Updated.png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-065/QuickPCBooster_Install [1].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-065/QuickPCBooster_Install [2].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-065/QuickPCBooster_Install [3].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-002/QuickPCBooster_About [1].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-002/QuickPCBooster_About [2] Updated.png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-002/QuickPCBooster_Install [1].png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-065/QuickPCBooster_About [2] Updated.png","201216/QuickPCBooster-171011/4.0.6.6/Images/ACR-099/QuickPCBooster_About [2] Updated.png"],"guid":"8a87bbc3-471b-4a25-8705-a2c30f2c7919_4.0.6.6_1","appID":"QuickPCBooster-171011","dateAdded":"201216","deceptorType":"App","name":"Quick PC Booster","company":"Xportsoft Technologies","version":"4.0.6.6","sigName":"Deceptor:Win32/QuickPCBooster!003017084118004","firstVendorContactDate":"180406","firstAppEsteemReplyDate":"180406","lastKnownStatus":"Deceptor:4.0.6.1;4.0.6.6","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2026-05-04T14:37:18.6356878+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1797},{"violations":{"ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying unverifiable Microsoft Partner and Intel Software partner logos.\n The application elevates its consumer trust level by displaying an unverifiable Microsoft Partner logo. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\nThe application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and the Returns and Cancellation Policy.\nThe application's landing page has no link to the EULA and the Returns and Cancellation Policy.\nThe application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application internal offer shopping cart webpage has testimonials that has no links back to the sources so consumers can verify if they're real.\nThe landing page has a testimonials that has no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The shopping cart webpage provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"Contacted the phone number 1-866-364-6553 provided by Quick PC Booster the representative that answered the phone states the name of the company is 'OS Assist support' and only provide tech support for 'PC Optimizer Pro' currently. \n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get the program for a lower price.\n","ACR-017":"The application landing page elevates its consumer trust level by displaying unverifiable Microsoft Partner, Intel Software Partner and IBM Business Partner logos.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"QuickPCBoosterSetUp.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"0c0cce1dbd336bb984b6bb5f2bd64afa","hashSHA1":"cf370081738b53b5aeb21a0a37c6dea455d8df86","hashSHA256":"6e4e715b888d5a8f38bb96678897894a4a85574de32c1cddf882e88221e5800d","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Xportsoft Technologies","sourceIndex":"365","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://softdeluxe.com/","landingPage":"https://www.quickpcbooster.com/","directDownloadingLink":"https://www.quickpcbooster.com/QuickPCBoosterSetUp.exe","ipv4":"","ipv6":"","sourceIndex":"365"}],"sampleFiles":["201216/QuickPCBooster-171011/4.0.6.1/Samples/QuickPCBoosterSetUp.exe"],"imageFiles":["201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-017/017_3.png","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-017/017_1.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-084/ACR_084_SOFTWARE.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-161/ACR-161_INTERNAL_OFFERS.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-163/ACR-163_INTERNAL_OFFERS.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-017/017_2.png","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-168/ACR-168_LANDING_PAGE.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-163/ACR-163_SOFTWARE.PNG","201216/QuickPCBooster-171011/4.0.6.1/Images/ACR-120/ACR-120_UNINSTALL.PNG"],"guid":"8a87bbc3-471b-4a25-8705-a2c30f2c7919_4.0.6.1_1","appID":"QuickPCBooster-171011","dateAdded":"201216","deceptorType":"App","name":"Quick PC Booster","company":"Xportsoft Technologies","version":"4.0.6.1","sigName":"Deceptor:Win32/QuickPCBooster!084168017","firstVendorContactDate":"180406","firstAppEsteemReplyDate":"180406","lastKnownStatus":"Deceptor:4.0.6.1;4.0.6.6","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2024-11-12T23:09:09.9869192+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1798},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Red\" color bar  and reports as \"Your Privacy might be at Risk!\" thereby misleading or scaring the consumer to take action. \n","ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan. \n","ACR-084":"The application does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the Returns and Cancellation Policy, Privacy Policy information.\n The app does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThe landing page does not display link for the Apps Returns and Cancellation Policy.\nThe internal offer page does not display link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App's version is not consistent between App interaction, install and landing page.\nThe App's version is not consistent between App interaction, install and landing page.\nThe App's version is not consistent between App interaction, install and landing page.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The app has no link or information that shows how it can be uninstalled. \nThe landing page has no link or information that shows how it can be uninstalled.\nThe internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"OneClickPrivacy.exe","companyName":"XPortSoft Technologies","fileVersion":"3.7","hashMD5":"ecdba6ffb43b01187a6bad0eb9e1bfa5","hashSHA1":"f0caa30a438cf924fbccf959d7d1eca7fc8721de","hashSHA256":"dad829e7beccea43a2d16c2fcbed03d79378a20e8f72fb7f1c0c0bae798a1bb6","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Kardhan Road\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"2027","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OneClickPrivacySetup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"78762cf6f92badd41dc3b13e689d38fc","hashSHA1":"39ec89388490f448fb110707b0561feb39e6c816","hashSHA256":"8795ba56e3e050a6094985c4d488672fb8203e17e0464eb1132c122e8c3c619b","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Kardhan Road\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"2027","avBlockList":["360 Total Security (20210415)","Avast Premium Security (20210415)","AVG Internet Security (20210415)","Avira Internet Security (20210415)","Bitdefender Internet Security (20210415)","Dr.Web Security Space (20210415)","ESET Internet Security (20210415)","G DATA INTERNET SECURITY (20210415)","K7 Total Security (20210415)","Malwarebytes Premium (20210415)","McAfee Total Protection (20210415)","Norton Security (20210415)","Panda Dome (20210415)","Quick Heal Internet Security (20210415)","Sophos Home Premium (20210415)","SpyHunter5 (20210415)","Tencent PC Manager (20210415)","Total AV Antivirus Pro (20210415)","VIPRE Advanced Security (20210415)","VirIT eXplorer PRO (20210415)","Webroot SecureAnywhere (20210415)","Windows Defender (20210415)"],"avAllowList":["COMODO Antivirus (20210415)","Kaspersky Internet Security (20210415)","Trend Micro Internet Security (20210415)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: Windows Optimizer app","reference":"https://oneclickprivacy.com/","landingPage":"https://oneclickprivacy.com/","directDownloadingLink":"https://oneclickprivacy.com/OneClickPrivacySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://oneclickprivacy.com/OneClickPrivacySetup.exe","sourceIndex":"2027"}],"sampleFiles":["201215/OneClickPrivacy-201215/3.7.7/Samples/OneClickPrivacy.exe","201215/OneClickPrivacy-201215/3.7.7/Samples/OneClickPrivacySetup.exe"],"imageFiles":["201215/OneClickPrivacy-201215/3.7.7/Images/ACR-004/OneClickPrivacy_Interactions [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-004/OneClickPrivacy_Interactions [_1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-004/OneClickPrivacy_Interactions [_2].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-004/OneClickPrivacy_Interactions [_3].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-084/OneClickPrivacy_AutoLogin [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-003/OneClickPrivacy_Interactions [_1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-003/OneClickPrivacy_Interactions [_3].png"],"nonDeceptorImageFiles":["201215/OneClickPrivacy-201215/3.7.7/Images/ACR-065/OneClickPrivacy_Install [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-065/OneClickPrivacy_Install [2].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-065/OneClickPrivacy_Install [3].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_About [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_Install [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_LandingPage [2].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-065/OneClickPrivacy_About [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-099/OneClickPrivacy_About [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_About [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_Install [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_LandingPage [2].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-065/OneClickPrivacy_LandingPage [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-099/OneClickPrivacy_LandingPage [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_About [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_Install [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-002/OneClickPrivacy_LandingPage [2].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-161/OneClickPrivacy_LandingPage [3].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-065/OneClickPrivacy_OfferPage [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-065/OneClickPrivacy_OfferPage [2].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-099/OneClickPrivacy_OfferPage [1].png","201215/OneClickPrivacy-201215/3.7.7/Images/ACR-099/OneClickPrivacy_OfferPage [2].png"],"guid":"6f9b8c80-f7ca-4be5-8ea3-bc66e6cdb4d9_3.7.7_1","appID":"OneClickPrivacy-201215","dateAdded":"201215","deceptorType":"App","name":"One Click Privacy ","company":"Xportsoft Technologies","version":"3.7.7","sigName":"Deceptor:Win32/OneClickPrivacy!003004084","lastKnownStatus":"3.7.7","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1799},{"violations":{"ACR-003":"Clicking the \"Details\" link next to the issues displayed leads to a page that displays what files have issues, yet does not explain what such issues are. Additionally, the link itself is occasionally unresponsive altogether.  - When fix issues is clicked, it says that registration is required to fix it.\n","ACR-004":"App shows free scan results without providing free fixes for the non-permanent issues reported (e.g., registry settings, temporary and junk files).\n","ACR-014":"The app displays a misleading red meter that leads users to believe there is a growing problem, but does not specify what such problem is. \n\n"},"nonDeceptorViolations":{"ACR-065":"There is a link to the EULA but not the ToS, RCP, or PP\nThere is a link to the EULA but not the ToS, RCP, or PP\n","ACR-099":"uninstall instructions not provided\nUninstall instructions not provided\nNo link to Uninstall on the Internal Offers page.\n","ACR-167":"Return and cancelation policy is restrictive and offers unnecessary friction, going so far as to advise the customer to order a chargeback order if they are unsatisfied with their policy\n"},"samples":[{"isRevoked":"False","fileName":"PC_Win_Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","fileVersion":"10.7","hashMD5":"715eb0598bd20799a390089c48d553a3","hashSHA1":"60cfe2660ce66f340ead74e982ae6124ad6c3d63","hashSHA256":"7ace54b5137b07e7c4847eb420e1590505f752dc06858cf856bc136a708c48e3","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3037","avBlockList":["360 Total Security (20200716)","Avast Internet Security (20190829)","AVG Internet Security (20200716)","Avira Internet Security (20200716)","Bitdefender Internet Security (20200716)","Dr.Web Security Space (20200716)","ESET Internet Security (20200716)","G DATA INTERNET SECURITY (20200716)","K7 Total Security (20200716)","Kaspersky Internet Security (20200716)","Malwarebytes Premium (20200716)","McAfee Total Protection (20200716)","Norton Security (20200716)","Panda Dome (20200716)","Sophos Home Premium (20200716)","Tencent PC Manager (20200716)","VIPRE Advanced Security (20200716)","VirIT eXplorer PRO (20200716)","Webroot SecureAnywhere (20200716)","Windows Defender (20200716)","Avast Premium Security (20200716)","SpyHunter5 (20200716)","Total AV Antivirus Pro (20200716)"],"avAllowList":["COMODO Antivirus (20200716)","Quick Heal Internet Security (20200716)","Trend Micro Internet Security (20200716)"]},{"isRevoked":"False","fileName":"PCWinBooster.exe","fileVersion":"10.7","hashMD5":"619c63afd485931ed1fecc2a7e1c379e","hashSHA1":"c8e89c7cf868fde31ed16096e444f8a76d1d85e4","hashSHA256":"aea277e6a70fd758c935f3f31255bb63a6bf04e89f05e4af0225033033a87bc5","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3037","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HUNT.SEARCH","reference":"","landingPage":"PCWinBooster","directDownloadingLink":"http://sorentioapps.com/pc-win-booster","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://sorentioapps.com/pc-win-booster","sourceIndex":"3037"}],"sampleFiles":["190606/PCWinBooster-181130/10.7.1.513/Samples/PC_Win_Booster.exe","190606/PCWinBooster-181130/10.7.1.513/Samples/PCWinBooster.exe"],"imageFiles":["190606/PCWinBooster-181130/10.7.1.513/Images/ACR-003/results.png","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-003/Red results.png","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-003/capture2.PNG","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-003/Capture.PNG","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-014/Red results.png","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-014/Capture.PNG","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-004/2019-06-05_16-34-17.gif"],"nonDeceptorImageFiles":["190606/PCWinBooster-181130/10.7.1.513/Images/ACR-065/Eula install.png","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-065/Capture.PNG","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-065/EULA application.png","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-065/open app.png","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-065/Capture.PNG","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-099/Capture.PNG","190606/PCWinBooster-181130/10.7.1.513/Images/ACR-167/Refund policy.png"],"guid":"fb4a9c6b-9073-4ecb-806e-0381ab2a6a7e_10.7.1.513_1","appID":"PCWinBooster-181130","dateAdded":"201203","deceptorType":"App","name":"PC Win Booster","company":"Sorentio Systems Ltd","version":"10.7.1.513","lastKnownStatus":"Deceptor:10.4.5.377, 10.5.3.415,10.7.1.513,11.1.3.735;11.2.1.773;11.2.3.785;11.3.9.861","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1806},{"violations":{"ACR-003":"The application exaggerates the number of invalid registry keys, lists the normal browser extensions as problems, browser history and junk files as problems. The overall exaggerated scanning result leads misleading urgency for user to take action fixing the problems.\n","ACR-004":"App shows free scan results without providing free fixes for the non-permanent issues reported (e.g., registry settings, temporary and junk files).\n","ACR-014":"The app displays a misleading red meter that leads users to believe there is a growing problem, but does not specify what such problem is. \n\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \n","ACR-170":" The application requires payment prior to demonstrating its value and does not provide a trial.\n"},"samples":[{"isRevoked":"False","fileName":"PCWinBoosterFree.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","fileVersion":"11.2","hashMD5":"0f93e34caf5605aeec5b73678cc095af","hashSHA1":"0012c8079cb81100601cf145bc7246ace31bb64c","hashSHA256":"ee63a943cd60deb081b11dbdbdcb82d85c32d2b48ce6c1860d444ef2bda350a2","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2401","avBlockList":["360 Total Security (20200709)","Avira Internet Security (20200709)","Dr.Web Security Space (20200709)","K7 Total Security (20200709)","Malwarebytes Premium (20200709)","McAfee Total Protection (20200709)","Norton Security (20200709)","Panda Dome (20200709)","Sophos Home Premium (20200709)","SpyHunter5 (20200709)","Total AV Antivirus Pro (20200709)","VirIT eXplorer PRO (20200709)","Webroot SecureAnywhere (20200709)","Windows Defender (20200709)"],"avAllowList":["Avast Premium Security (20200709)","AVG Internet Security (20200709)","Bitdefender Internet Security (20200709)","COMODO Antivirus (20200709)","ESET Internet Security (20200709)","G DATA INTERNET SECURITY (20200709)","Kaspersky Internet Security (20200709)","Quick Heal Internet Security (20200709)","Tencent PC Manager (20200709)","Trend Micro Internet Security (20200709)","VIPRE Advanced Security (20200709)"]},{"isRevoked":"False","fileName":"PCWinBooster.exe-1.exe","fileVersion":"0.0","hashMD5":"d30ead3bd593e7eda547f6470c7473b0","hashSHA1":"23115f5492e3a828fd97c0cc29d4468632a9d8d9","hashSHA256":"1d7ce4453c5a6b396c9ca4113f45e188d0c466988831d8a46c7e3130690acb90","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2401","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC_Win_Booster.exe","companyName":"Sorentio Systems Ltd.                                       ","fileVersion":"11.2","hashMD5":"32a65b5506773a6ef0993c9de4ea31fc","hashSHA1":"d173892745e35daebb71e9e7c89876510e9442bf","hashSHA256":"27c587b29520726a3e385793e8ee85135a54f632e69e62440dc499ec70a6fcb8","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2401","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HUNT.SEARCH","reference":"","landingPage":"PCWinBooster","directDownloadingLink":"http://sorentioapps.com/pc-win-booster","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://sorentioapps.com/pc-win-booster","sourceIndex":"2401"}],"sampleFiles":["200626/PCWinBooster-181130/11.2.1.773/Samples/PCWinBoosterFree.exe","200626/PCWinBooster-181130/11.2.1.773/Samples/PCWinBooster_.exe","200626/PCWinBooster-181130/11.2.1.773/Samples/PC_Win_Booster.exe"],"imageFiles":["200626/PCWinBooster-181130/11.2.1.773/Images/ACR-003/PCWinBooster_Interaction [1].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-003/PCWinBooster_Interaction [2].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-014/PCWinBooster_Interaction [1].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-004/PCWinBooster_Interaction [3].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-004/PCWinBooster_Interaction [4].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-004/PCWinBooster_Interaction [5].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-004/PCWinBooster_OfferPage [1].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-004/PCWinBooster_OfferPage [2].png"],"nonDeceptorImageFiles":["200626/PCWinBooster-181130/11.2.1.773/Images/ACR-065/PCWinBooster_Install [1].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-065/PCWinBooster_Install [2].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-065/PCWinBooster_Install [3].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-065/PCWinBooster_About [1].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-170/PCWinBooster_Interaction [1].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-170/PCWinBooster_Interaction [2].png","200626/PCWinBooster-181130/11.2.1.773/Images/ACR-170/PCWinBooster_Interaction [5].png"],"guid":"fb4a9c6b-9073-4ecb-806e-0381ab2a6a7e_11.2.1.773_1","appID":"PCWinBooster-181130","dateAdded":"201203","deceptorType":"App","name":"PC Win Booster","company":"Sorentio Systems Ltd","version":"11.2.1.773","sigName":"Deceptor:Win32/","lastKnownStatus":"Deceptor:10.4.5.377, 10.5.3.415,10.7.1.513,11.1.3.735;11.2.1.773;11.2.3.785;11.3.9.861","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1802},{"violations":{"ACR-003":"The application exaggerates the number of invalid registry keys, lists the normal browser extensions as problems, browser history and junk files as problems. The overall exaggerated scanning result leads misleading urgency for user to take action fixing the problems.\n","ACR-004":"App shows free scan results without providing free fixes for the non-permanent issues reported (e.g., registry settings, temporary and junk files).\n","ACR-014":"The app displays a misleading red meter that leads users to believe there is a growing problem, but does not specify what such problem is. \n\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \n"},"samples":[{"isRevoked":"False","fileName":"PC_Win_Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","fileVersion":"11.2","hashMD5":"8e60881f23a5d9119532473fa171e754","hashSHA1":"5c2b39823a7a037e1518221d44c16ea1c7a80350","hashSHA256":"33497e7b039550f1b97411ee06149c3c0f7b0cd3d6efda3af30eda9034252c2b","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2160","avBlockList":["360 Total Security (20200921)","Avast Premium Security (20200921)","AVG Internet Security (20200921)","Avira Internet Security (20200921)","Bitdefender Internet Security (20200921)","Dr.Web Security Space (20200921)","ESET Internet Security (20200921)","G DATA INTERNET SECURITY (20200921)","K7 Total Security (20200921)","Malwarebytes Premium (20200921)","McAfee Total Protection (20200921)","Norton Security (20200921)","Panda Dome (20200921)","Quick Heal Internet Security (20200921)","Sophos Home Premium (20200921)","SpyHunter5 (20200921)","Tencent PC Manager (20200921)","Total AV Antivirus Pro (20200921)","VIPRE Advanced Security (20200921)","VirIT eXplorer PRO (20200921)","Webroot SecureAnywhere (20200921)","Windows Defender (20200921)"],"avAllowList":["COMODO Antivirus (20200921)","Kaspersky Internet Security (20200921)","Trend Micro Internet Security (20200921)"]},{"isRevoked":"False","fileName":"PCWinBooster.exe","fileVersion":"0.0","hashMD5":"d30ead3bd593e7eda547f6470c7473b0","hashSHA1":"23115f5492e3a828fd97c0cc29d4468632a9d8d9","hashSHA256":"1d7ce4453c5a6b396c9ca4113f45e188d0c466988831d8a46c7e3130690acb90","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2160","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HUNT.SEARCH","reference":"","landingPage":"PCWinBooster","directDownloadingLink":"http://sorentioapps.com/pc-win-booster","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://sorentioapps.com/pc-win-booster","sourceIndex":"2160"}],"sampleFiles":["200715/PCWinBooster-181130/11.2.3.785/Samples/PC_Win_Booster.exe","200715/PCWinBooster-181130/11.2.3.785/Samples/PCWinBooster.exe"],"imageFiles":["200715/PCWinBooster-181130/11.2.3.785/Images/ACR-003/PCWinBooster_Interaction [1].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-003/PCWinBooster_Interaction [2].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-014/PCWinBooster_Interaction [1].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-004/PCWinBooster_Interaction [3].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-004/PCWinBooster_Interaction [4].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-004/PCWinBooster_Interaction [5].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-004/PCWinBooster_OfferPage [1].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-004/PCWinBooster_OfferPage [2].png"],"nonDeceptorImageFiles":["200715/PCWinBooster-181130/11.2.3.785/Images/ACR-065/PCWinBooster_Install [1].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-065/PCWinBooster_Install [2].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-065/PCWinBooster_Install [3].png","200715/PCWinBooster-181130/11.2.3.785/Images/ACR-065/PCWinBooster_About [1].png"],"guid":"fb4a9c6b-9073-4ecb-806e-0381ab2a6a7e_11.2.3.785_1","appID":"PCWinBooster-181130","dateAdded":"201203","deceptorType":"App","name":"PC Win Booster","company":"Sorentio Systems Ltd","version":"11.2.3.785","sigName":"Deceptor:Win32/PCWinBooster!003004014","lastKnownStatus":"Deceptor:10.4.5.377, 10.5.3.415,10.7.1.513,11.1.3.735;11.2.1.773;11.2.3.785;11.3.9.861","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1801},{"violations":{"ACR-003":"The application exaggerates the number of invalid registry keys, lists the normal browser extensions as problems, browser history and junk files as problems. The overall exaggerated scanning result leads misleading urgency for user to take action fixing the problems.\n","ACR-004":"App shows free scan results without providing free fixes for the non-permanent issues reported (e.g., registry settings, temporary and junk files) and exaggerates a sense of urgency by using gauges to show free scan results.\n","ACR-014":"The app displays a misleading red meter that leads users to believe there is a growing problem, but does not specify what such problem is. \n\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy. \n"},"samples":[{"isRevoked":"False","fileName":"PC_Win_Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","fileVersion":"0.0","hashMD5":"f897fb4231b283f0d09a8796679d294f","hashSHA1":"be14eb02a3471f1c7e2eaf4abbaccbe7fd380a09","hashSHA256":"455c73593a20ec5b0a3d79cf3f317f834f3f4858af2eebf188e4d498fc9aea8d","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2035","avBlockList":["360 Total Security (20201224)","Avast Premium Security (20201224)","AVG Internet Security (20201224)","Avira Internet Security (20201224)","Bitdefender Internet Security (20201224)","Dr.Web Security Space (20201224)","ESET Internet Security (20201224)","G DATA INTERNET SECURITY (20201224)","K7 Total Security (20201224)","Malwarebytes Premium (20201224)","McAfee Total Protection (20201224)","Norton Security (20201224)","Panda Dome (20201224)","Sophos Home Premium (20201224)","SpyHunter5 (20201224)","Tencent PC Manager (20201224)","Total AV Antivirus Pro (20201224)","VIPRE Advanced Security (20201224)","VirIT eXplorer PRO (20201224)","Webroot SecureAnywhere (20201224)","Windows Defender (20201224)"],"avAllowList":["COMODO Antivirus (20201224)","Kaspersky Internet Security (20201224)","Quick Heal Internet Security (20201224)","Trend Micro Internet Security (20201224)"]},{"isRevoked":"False","fileName":"PCWinBooster.exe","fileVersion":"0.0","hashMD5":"d30ead3bd593e7eda547f6470c7473b0","hashSHA1":"23115f5492e3a828fd97c0cc29d4468632a9d8d9","hashSHA256":"1d7ce4453c5a6b396c9ca4113f45e188d0c466988831d8a46c7e3130690acb90","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2035","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HUNT.SEARCH","reference":"","landingPage":"http://sorentioapps.com/pc-win-booster","directDownloadingLink":"https://sorentioapps.com/downloads/PC_Win_Booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sorentioapps.com/downloads/PC_Win_Booster.exe","sourceIndex":"2035"}],"sampleFiles":["201203/PCWinBooster-181130/11.3.9.861/Samples/PC_Win_Booster.exe","201203/PCWinBooster-181130/11.3.9.861/Samples/PCWinBooster.exe"],"imageFiles":["201203/PCWinBooster-181130/11.3.9.861/Images/ACR-003/PCWinBooster_Interactions [2].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-003/PCWinBooster_Interactions [3].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-014/PCWinBooster_Interactions [4].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-004/PCWinBooster_Interactions [2].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-004/PCWinBooster_Interactions [3].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-004/PCWinBooster_Interactions [4].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-004/PCWinBooster_OfferPage [1].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-004/PCWinBooster_OfferPage [2].png"],"nonDeceptorImageFiles":["201203/PCWinBooster-181130/11.3.9.861/Images/ACR-065/PCWinBooster_Install [1].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-065/PCWinBooster_Install [2].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-065/PCWinBooster_Install [3].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-065/PCWinBooster_Install [4].png","201203/PCWinBooster-181130/11.3.9.861/Images/ACR-065/PCWinBooster_About [1].png"],"guid":"fb4a9c6b-9073-4ecb-806e-0381ab2a6a7e_11.3.9.861_1","appID":"PCWinBooster-181130","dateAdded":"201203","deceptorType":"App","name":"PC Win Booster","company":"Sorentio Systems Ltd","version":"11.3.9.861","lastKnownStatus":"Deceptor:10.4.5.377, 10.5.3.415,10.7.1.513,11.1.3.735;11.2.1.773;11.2.3.785;11.3.9.861","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1800},{"violations":{"ACR-003":"Clicking the \"Details\" link next to the issues displayed leads to a page that displays what files have issues, yet does not explain what such issues are. Additionally, the link itself is occasionally unresponsive altogether. \n\n","ACR-014":"The app displays a misleading red meter that leads users to believe there is a growing problem, but does not specify what such problem is. \n\n"},"nonDeceptorViolations":{"ACR-065":"There is a link to the EULA but not the ToS, RCP, or PP\nThere is a link to the EULA but not the ToS, RCP, or PP\n","ACR-099":"There is allegedly an option to delete the program, but selecting it does nothing. \n\n"},"samples":[{"isRevoked":"False","fileName":"PC_Win_Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","productName":"PC-Win-Booster","productVersion":"10.4.5.377","fileVersion":"10.4","hashMD5":"4fa9ecfc560de47b836a8faafe05b78d","hashSHA1":"2ff70e762f7d9108a993fb7cc1ecd21297eda96b","hashSHA256":"8cf15ecaa390c1595aad5715bac86a8512527e8bb82ad70a7f14ecd6ac524ff8","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3036","avBlockList":["Avast Internet Security (20190502)","AVG Internet Security (20190502)","Avira Internet Security (20190502)","Bitdefender Internet Security (20190502)","ESET Internet Security (20190502)","G DATA INTERNET SECURITY (20190502)","K7 Total Security (20190502)","Kaspersky Internet Security (20190502)","Malwarebytes Premium (20190502)","McAfee Total Protection (20190502)","Norton Security (20190502)","Panda Dome (20190502)","Sophos Home Premium (20190502)","Trend Micro Internet Security (20190502)","VirIT eXplorer PRO (20190502)","Webroot SecureAnywhere (20190502)","Windows Defender (20190502)","360 Total Security (20190502)","Quick Heal Internet Security (20190502)","SpyHunter5 (20190404)","Tencent PC Manager (20190502)","VIPRE Advanced Security (20190502)"],"avAllowList":["COMODO Antivirus (20190502)","Dr.Web Security Space (20190502)","F-PROT Antivirus for Windows (20190404)"]},{"isRevoked":"False","fileName":"PCWinBooster.exe","productVersion":"10.4","fileVersion":"10.4.5.377","hashMD5":"563fe23e3fb752c01ecd3e86d9d048fc","hashSHA1":"206da5947b92102005eaa15b5715445f2c77894c","hashSHA256":"1ab629aaa5e9df39bdc5cddcb690952ef47255c02e899767c09917834dfcc588","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3036","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HUNT.SEARCH","reference":"","landingPage":"PCWinBooster","directDownloadingLink":"http://sorentioapps.com/pc-win-booster","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sorentioapps.com/downloads/PC_Win_Booster.exe","sourceIndex":"3036"}],"sampleFiles":["190606/PCWinBooster-181130/10.4.5.377/Samples/PC_Win_Booster.exe","190606/PCWinBooster-181130/10.4.5.377/Samples/PCWinBooster.exe"],"imageFiles":["190606/PCWinBooster-181130/10.4.5.377/Images/ACR-003/capture2.PNG","190606/PCWinBooster-181130/10.4.5.377/Images/ACR-003/Capture.PNG","190606/PCWinBooster-181130/10.4.5.377/Images/ACR-014/Capture.PNG"],"nonDeceptorImageFiles":["190606/PCWinBooster-181130/10.4.5.377/Images/ACR-065/Capture.PNG","190606/PCWinBooster-181130/10.4.5.377/Images/ACR-065/Capture.PNG","190606/PCWinBooster-181130/10.4.5.377/Images/ACR-099/Capture.PNG"],"guid":"fb4a9c6b-9073-4ecb-806e-0381ab2a6a7e_10.4.5.377_1","appID":"PCWinBooster-181130","dateAdded":"201203","deceptorType":"App","name":"PC Win Booster","company":"Sorentio Systems Ltd","version":"10.4.5.377","sigName":"Deceptor:Win32/PCWinBooster!003014","lastKnownStatus":"Deceptor:10.4.5.377, 10.5.3.415,10.7.1.513,11.1.3.735;11.2.1.773;11.2.3.785;11.3.9.861","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1805},{"violations":{"ACR-003":"The application exaggerates the number of invalid registry keys, lists the normal browser extensions as problems, browser history and junk files as problems. The overall exaggerated scanning result leads misleading urgency for user to take action fixing the problems.\n","ACR-004":"App shows free scan results without providing free fixes for the non-permanent issues reported (e.g., registry settings, temporary and junk files).\n","ACR-014":"The app displays a misleading red meter that leads users to believe there is a growing problem, but does not specify what such problem is. \n\n"},"nonDeceptorViolations":{"ACR-065":"Does not show links to the app's Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install. \nDoes not show links to the app's Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":" The application requires payment prior to demonstrating its value and does not provide a trial.\n"},"samples":[{"isRevoked":"False","fileName":"PC_Win_Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","fileVersion":"11.1","hashMD5":"c396e9149cf7b22a63b01b2303310de7","hashSHA1":"c5543c8d5598104a9f79cf6702b3f86de21cae2d","hashSHA256":"4f7a2cb5ae4c2352ec94421e893493ef295076105eba70ab83d58622cd34a1da","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2490","avBlockList":["360 Total Security (20200709)","Avast Premium Security (20200709)","AVG Internet Security (20200709)","Avira Internet Security (20200709)","Bitdefender Internet Security (20200709)","Dr.Web Security Space (20200709)","ESET Internet Security (20200709)","G DATA INTERNET SECURITY (20200709)","K7 Total Security (20200709)","Malwarebytes Premium (20200709)","McAfee Total Protection (20200709)","Norton Security (20200709)","Panda Dome (20200709)","Quick Heal Internet Security (20200709)","Sophos Home Premium (20200709)","SpyHunter5 (20200709)","Tencent PC Manager (20200709)","Total AV Antivirus Pro (20200709)","Trend Micro Internet Security (20200709)","VIPRE Advanced Security (20200709)","Webroot SecureAnywhere (20200709)","Windows Defender (20200709)","VirIT eXplorer PRO (20200709)"],"avAllowList":["COMODO Antivirus (20200709)","Kaspersky Internet Security (20200709)"]},{"isRevoked":"False","fileName":"PCWinBooster.exe","fileVersion":"0.0","hashMD5":"a357a7f48a63c82721549643b500e91f","hashSHA1":"e71be4f6e2519adf9548900edcdba0fe81ed5588","hashSHA256":"1a3da9bb5e90be6815667318110e434c4fc053ba1f727832a59d5efbb2113595","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"2490","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HUNT.SEARCH","reference":"https://sorentioapps.com/","landingPage":"https://sorentioapps.com/","directDownloadingLink":"https://sorentioapps.com/downloads/PC_Win_Booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://sorentioapps.com/downloads/PC_Win_Booster.exe","sourceIndex":"2490"}],"sampleFiles":["200424/PCWinBooster-181130/11.1.3.735/Samples/PC_Win_Booster.exe","200424/PCWinBooster-181130/11.1.3.735/Samples/PCWinBooster.exe"],"imageFiles":["200424/PCWinBooster-181130/11.1.3.735/Images/ACR-003/PC_Win_Booster_Scanning.png","200424/PCWinBooster-181130/11.1.3.735/Images/ACR-003/PC_Win_Booster_Scanning [2].png","200424/PCWinBooster-181130/11.1.3.735/Images/ACR-003/PC_Win_Booster_Scanning [3].png","200424/PCWinBooster-181130/11.1.3.735/Images/ACR-014/PC_Win_Booster_Scanning [1].png","200424/PCWinBooster-181130/11.1.3.735/Images/ACR-004/PC_Win_Booster_Scanning [5].png","200424/PCWinBooster-181130/11.1.3.735/Images/ACR-004/PC_Win_Booster_Scanning [6].png"],"nonDeceptorImageFiles":["200424/PCWinBooster-181130/11.1.3.735/Images/ACR-065/PC_Win_Booster_Installs [1].png","200424/PCWinBooster-181130/11.1.3.735/Images/ACR-065/PC_Win_Booster_About [1].png","200424/PCWinBooster-181130/11.1.3.735/Images/ACR-170/PC_Win_Booster_Scanning [6].png","200424/PCWinBooster-181130/11.1.3.735/Images/ACR-170/PC_Win_Booster_Scanning [3].png"],"guid":"fb4a9c6b-9073-4ecb-806e-0381ab2a6a7e_11.1.3.735_1","appID":"PCWinBooster-181130","dateAdded":"201203","deceptorType":"App","name":"PC Win Booster","company":"Sorentio Systems Ltd","version":"11.1.3.735","lastKnownStatus":"Deceptor:10.4.5.377, 10.5.3.415,10.7.1.513,11.1.3.735;11.2.1.773;11.2.3.785;11.3.9.861","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1803},{"violations":{"ACR-003":"Clicking the \"Details\" link next to the issues displayed leads to a page that displays what files have issues, yet does not explain what such issues are. Additionally, the link itself is occasionally unresponsive altogether.  - When fix issues is clicked, it says that registration is required to fix it.\n","ACR-004":"App shows free scan results without providing free fixes for the non-permanent issues reported (e.g., registry settings, temporary and junk files).\n"},"nonDeceptorViolations":{"ACR-065":"There is a link to the EULA but not the ToS, RCP, or PP\nThere is a link to the EULA but not the ToS, RCP, or PP\n","ACR-099":"There is allegedly an option to delete the program, but selecting it does not show you how to uninstall it.\n\nNo link to Uninstall on the Internal Offers page.\n"},"samples":[{"isRevoked":"False","fileName":"PC_Win_Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","productName":"PC-Win-Booster","productVersion":"10.5.3.415","fileVersion":"10.5.3.415","hashMD5":"f3c8536bac4e7b1b3d3ea9e4e87966b3","hashSHA1":"bf973b352105b2228a105eb226578a6742e341a1","hashSHA256":"39462415876acda34958e39f69bbe355292d31038b5bd5f9864b53c2e7c258e2","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3035","avBlockList":["Avast Internet Security (20190502)","AVG Internet Security (20190502)","Avira Internet Security (20190502)","Bitdefender Internet Security (20190502)","ESET Internet Security (20190502)","G DATA INTERNET SECURITY (20190502)","K7 Total Security (20190502)","Kaspersky Internet Security (20190502)","Malwarebytes Premium (20190502)","McAfee Total Protection (20190502)","Norton Security (20190502)","Panda Dome (20190502)","Sophos Home Premium (20190502)","Trend Micro Internet Security (20190502)","VirIT eXplorer PRO (20190502)","Webroot SecureAnywhere (20190502)","Windows Defender (20190502)","360 Total Security (20190502)","Dr.Web Security Space (20190502)","Quick Heal Internet Security (20190502)","SpyHunter5 (20190404)","Tencent PC Manager (20190502)","VIPRE Advanced Security (20190502)"],"avAllowList":["COMODO Antivirus (20190502)","F-PROT Antivirus for Windows (20190404)"]},{"isRevoked":"False","fileName":"PCWinBooster.exe","companyName":"N/A","productName":"N/A","productVersion":"10.5","fileVersion":"10.5.3.415","hashMD5":"3d55a8455e8ee1fa2107d781e6d197be","hashSHA1":"72cd4e515aefe511992840884e188494a6206d7c","hashSHA256":"53e3cdfcf5f42abda86b5b5535c0ca52c7f5041867087d3aec64d078cf0c2c18","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3035","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HUNT.SEARCH","reference":"","landingPage":"PCWinBooster","directDownloadingLink":"http://sorentioapps.com/pc-win-booster","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://sorentioapps.com/pc-win-booster","sourceIndex":"3035"}],"sampleFiles":["190606/PCWinBooster-181130/10.5.3.415/Samples/PC_Win_Booster.exe","190606/PCWinBooster-181130/10.5.3.415/Samples/PCWinBooster.exe"],"imageFiles":["190606/PCWinBooster-181130/10.5.3.415/Images/ACR-003/PCWinBooster ACR_003 Software.png","190606/PCWinBooster-181130/10.5.3.415/Images/ACR-003/PCWinBooster ACR_003 Software2.png","190606/PCWinBooster-181130/10.5.3.415/Images/ACR-003/PCWinBooster ACR_003 Software3.png","190606/PCWinBooster-181130/10.5.3.415/Images/ACR-004/PCWinBooster ACR_004 Software (1).png","190606/PCWinBooster-181130/10.5.3.415/Images/ACR-004/PCWinBooster ACR_004 Software (2).png"],"nonDeceptorImageFiles":["190606/PCWinBooster-181130/10.5.3.415/Images/ACR-065/PCWinBooster ACR_065 Install.png","190606/PCWinBooster-181130/10.5.3.415/Images/ACR-065/PCWinBooster ACR_065 Software.png","190606/PCWinBooster-181130/10.5.3.415/Images/ACR-099/PCWinBooster ACR_099 Software.png","190606/PCWinBooster-181130/10.5.3.415/Images/ACR-099/PCWinBooster ACR_099 InternalOffers.png"],"guid":"fb4a9c6b-9073-4ecb-806e-0381ab2a6a7e_10.5.3.415_1","appID":"PCWinBooster-181130","dateAdded":"201203","deceptorType":"App","name":"PC Win Booster","company":"Sorentio Systems Ltd","version":"10.5.3.415","sigName":"Deceptor:Win32/PCWinBooster!003004","lastKnownStatus":"Deceptor:10.4.5.377, 10.5.3.415,10.7.1.513,11.1.3.735;11.2.1.773;11.2.3.785;11.3.9.861","lastKnownDate":"210511","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1804},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user and users agree to download and run.\n","ACR-047":"After app install and on every subsequent software start, bundler prompts user with \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app, and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-118":"There are some executable files were left behind even after app shows uninstall completed.\n","ACR-059":"The Offer is not clearly marked as an offer who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for the main executable.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction and install\nThe App's version is not consistent between App interaction and installs\n","ACR-161":"The app’s landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app. \n"},"samples":[{"isRevoked":"False","fileName":"PCTuneUpDriverBackup.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"d2f513c95ed0f928ff9d925aa67b0153","hashSHA1":"af0631dae1b45dd9905cd60ce9f97f5c47180d59","hashSHA256":"06bb313d97bc5c81900530fe2dd869504bd50dcd8a59a24dca8ec75ff082cf0b","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","Total AV Antivirus Pro (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":["Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"PCTuneUpWiFiHotspotCreator.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"06a488780045e6de670ebbb51dccee7b","hashSHA1":"82d6e52a0a3533ee226798f7cec493abcfe0282f","hashSHA256":"8b13d4a4fa7766ca18cc21cdb60fe02b3e2c45d6abb4a01ded2505c24952b756","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","Total AV Antivirus Pro (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":["Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"PCTuneUpAutoShutdown.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"f145065a117905b37cf074a8ea92259e","hashSHA1":"5eafbcf55902625da588da72d2a91ad1fcaaf05c","hashSHA256":"b62f0c783507bb14d1e87073b4138705671945494a6687cd62fa497426363b4f","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","Total AV Antivirus Pro (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":["Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"PCTuneUpBrokenShortcutRemoval.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"3a86e9b5ae0c3ed43496979725f9a964","hashSHA1":"4d1e412a91c9cdf611378c4abb58d8188b471a6b","hashSHA256":"c526b5305f6f874df255f768adf3a0e7690c983662fb9fe230efa5bf4b7a6592","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","Total AV Antivirus Pro (20210420)","Trend Micro Internet Security (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCTuneUpDeletedFileRecovery.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"4af8e0f6290bd8bd94aacf970353ff92","hashSHA1":"d752ef797453191200456e7b94ae5cded0cf0a7a","hashSHA256":"abd7cd26966a6892d988da3f020dafc573d43e81788f9acbd7866bbe2e0b7579","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","Total AV Antivirus Pro (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":["Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"PCTuneUpDiskCleaner.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"a9826d7fda979d3d68ac3fc1ee93648e","hashSHA1":"34576b9e6b598de7bc063e956b377b8031424ed4","hashSHA256":"a69943a59d17632efe027b37cee18f492ab58dbe6c3c8d03d5766e0e7d414c29","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","Total AV Antivirus Pro (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":["Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"PCTuneUpDuplicatesRemoval.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"860887e5d19c27074c1b292724293216","hashSHA1":"9256be6a2c61b1f417fe79303c3b50e39e89741b","hashSHA256":"83a5a2e2237ec6f90065e4268ac12186d159a60def7320a0bded106484619431","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","Total AV Antivirus Pro (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":["Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"PCTuneUpEmptyFolderRemoval.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"984c71f7445ddeec342c616a35b4bd80","hashSHA1":"cf2ebf92fb68e429f8a9b68c408f82f343fdb3cc","hashSHA256":"7e058871ded67eeb68a1e8d7e60e181c2129229e84515e1ca8770bb7b2634e7e","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210420)","Avast Premium Security (20210420)","AVG Internet Security (20210420)","Avira Internet Security (20210420)","Bitdefender Internet Security (20210420)","COMODO Antivirus (20210420)","Dr.Web Security Space (20210420)","ESET Internet Security (20210420)","G DATA INTERNET SECURITY (20210420)","K7 Total Security (20210420)","Kaspersky Internet Security (20210420)","Malwarebytes Premium (20210420)","McAfee Total Protection (20210420)","Norton Security (20210420)","Panda Dome (20210420)","Quick Heal Internet Security (20210420)","Sophos Home Premium (20210420)","SpyHunter5 (20210420)","Tencent PC Manager (20210420)","Total AV Antivirus Pro (20210420)","VIPRE Advanced Security (20210420)","VirIT eXplorer PRO (20210420)","Webroot SecureAnywhere (20210420)","Windows Defender (20210420)"],"avAllowList":["Trend Micro Internet Security (20210420)"]},{"isRevoked":"False","fileName":"PCTuneUpFileFolderMonitor.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"2e2233b02a05203eebf0866f41f529de","hashSHA1":"418b045e2e18e4fd2eaba434ac4a3618d4775d18","hashSHA256":"d238d33827fc8611bdaa90aa391f97255e9b84167eac4e682646f4858ed530b3","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":["Trend Micro Internet Security (20210422)"]},{"isRevoked":"False","fileName":"PCTuneUpFileShredder.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"c6eecce88f6cfcd0b5b5b2da0c9ac477","hashSHA1":"5b77393689234d46bd94025c707f48730d89a7dc","hashSHA256":"da3a915f4037b1dec6e3c1aa9c7b7ea7a854dc23a379720f30fa867dc94f8a36","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":["Trend Micro Internet Security (20210422)"]},{"isRevoked":"False","fileName":"PCTuneUpFileSplitJoin.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"fe32d9157d0353e010368efb86a46375","hashSHA1":"89694cd4519533b6d4bdce08a25a1e11dc397be5","hashSHA256":"135b157b2915aa909306cdf93f2841734f8f1ccd26d23b36b2ac068526679083","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":["Trend Micro Internet Security (20210422)"]},{"isRevoked":"False","fileName":"PCTuneUpFreeAutoClicker.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"be6a2aaaeb6cb3cbc1d75bfb411a93fc","hashSHA1":"31b1842d1d8342d9979b8cabe4abfdf6a6af33eb","hashSHA256":"e210c636483e85b48f027f0ffe06a7d12ece36846dcde6bddbf93bf28130f404","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":["Trend Micro Internet Security (20210422)"]},{"isRevoked":"False","fileName":"PCTuneUpProgramLock.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"2b4b7242dd67fc4f8ba35e76aa85f1a8","hashSHA1":"fd21e5d353ec037340df4a55fcdf879b55a47183","hashSHA256":"0f5cc02508ee0042c7edfda5fb9980a302d8b6f800745825521888b74e53e243","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":["Trend Micro Internet Security (20210422)"]},{"isRevoked":"False","fileName":"PCTuneUpResourceExtractor.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"7e84be0f8f7347ea654f6d64f6a59a8f","hashSHA1":"d7e2ccc8aa194ef6cfef302e037e8d2cf1a25dd8","hashSHA256":"27202a991148111603d2a68874515bbeb93bcd576ecc3500a3136259bc818b82","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":["Trend Micro Internet Security (20210422)"]},{"isRevoked":"False","fileName":"PCTuneUpStartupManager.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"fc7b0ebe4893d9da977c475c68836b8a","hashSHA1":"cf7e051fbd9a82340e43486f59eea9d55c17336c","hashSHA256":"2a9e7019b14218355591befc4a3bf33997d6b811bb4ae184e1477a1f8b4e7050","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":["Trend Micro Internet Security (20210422)"]},{"isRevoked":"False","fileName":"PCTuneUpUninstallManager.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"eabfc4702e3cdac392bf7bcd204bd035","hashSHA1":"7b538eeb8860fd8dcfe39fe744bd07642a0a5af4","hashSHA256":"ccc31d23fd12b0532f80fe217d1869950f4b45f3764499fc3ba89e33295d5346","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","Trend Micro Internet Security (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCTuneUpWebBrowserCleanup.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","fileVersion":"0.0","hashMD5":"3f0b7106388301d3fa0290cf44c07a6f","hashSHA1":"28ae560fa4e4552f45b70324b311d29a54e7941a","hashSHA256":"4ee0381c4a26b61a437837b4b743639e797e472f3df4ff89b76224dc4a3bca59","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"678","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":["Trend Micro Internet Security (20210422)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: history cleaner app","reference":"https://www.pctuneupsuite.com/index.php","landingPage":"https://www.pctuneupsuite.com/freedriverbackup/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpDriverBackup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpDriverBackup.exe","sourceIndex":"678"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freewifihotspotcreator/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpWiFiHotspotCreator.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpWiFiHotspotCreator.exe","sourceIndex":"679"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeautoshutdown/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpAutoShutdown.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpAutoShutdown.exe","sourceIndex":"680"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeautoclicker/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpFreeAutoClicker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpFreeAutoClicker.exe","sourceIndex":"681"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freediskcleaner/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpDiskCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpDiskCleaner.exe","sourceIndex":"682"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freefileshredder/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpFileShredder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpFileShredder.exe","sourceIndex":"683"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeexelock/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpProgramLock.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpProgramLock.exe","sourceIndex":"684"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freefilerecovery/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpDeletedFileRecovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpDeletedFileRecovery.exe","sourceIndex":"685"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freefilesplitterjoiner/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpFileSplitJoin.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpFileSplitJoin.exe","sourceIndex":"686"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeuninstaller/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpUninstallManager.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpUninstallManager.exe","sourceIndex":"687"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freestartupmanager/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpStartupManager.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpStartupManager.exe","sourceIndex":"688"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeresourceextractor/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpResourceExtractor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpResourceExtractor.exe","sourceIndex":"689"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeprivacycleaner/","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpWebBrowserCleanup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpWebBrowserCleanup.exe","sourceIndex":"690"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeduplicatefilefinder/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpDuplicatesRemoval.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpDuplicatesRemoval.exe","sourceIndex":"691"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeemptyfolderdelete/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpEmptyFolderRemoval.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpEmptyFolderRemoval.exe","sourceIndex":"692"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freefoldermonitor/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpFileFolderMonitor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpFileFolderMonitor.exe","sourceIndex":"693"},{"howFound":"","reference":"","landingPage":"https://www.pctuneupsuite.com/freeshortcutfixer/index.php","directDownloadingLink":"https://www.pctuneupsuite.com/PCTuneUpBrokenShortcutRemoval.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pctuneupsuite.com/PCTuneUpBrokenShortcutRemoval.exe","sourceIndex":"694"}],"sampleFiles":["201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpDriverBackup.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpWiFiHotspotCreator.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpAutoShutdown.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpBrokenShortcutRemoval.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpDeletedFileRecovery.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpDiskCleaner.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpDuplicatesRemoval.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpEmptyFolderRemoval.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpFileFolderMonitor.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpFileShredder.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpFileSplitJoin.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpFreeAutoClicker.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpProgramLock.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpResourceExtractor.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpStartupManager.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpUninstallManager.exe","201126/PCTuneUpBundler-201120/1.0/Samples/PCTuneUpWebBrowserCleanup.exe"],"imageFiles":["201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUp Free Driver Backup_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUp Free WiFi Hotspot Creator_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpAutoShutdown_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpFreeAutoClicker_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpDiskCleaner_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpFileShredder_Install [4] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpProgramLock_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpDeletedFileRecovery_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpFileSplitJoin_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpUninstallManager_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpStartupManager_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpResourceExtractor_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpWebBrowserCleanup_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpDuplicatesRemoval_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpEmptyFolderRemoval_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpFileFolderMonitor_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-109/PCTuneUpBrokenShortcutRemoval_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUp Free Driver Backup_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUp Free WiFi Hotspot Creator_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpAutoShutdown_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpFreeAutoClicker_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpDiskCleaner_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpFileShredder_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpProgramLock_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpDeletedFileRecovery_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpFileSplitJoin_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpUninstallManager_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpStartupManager_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpResourceExtractor_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpWebBrowserCleanup_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpDuplicatesRemoval_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpEmptyFolderRemoval_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpFileFolderMonitor_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-047/PCTuneUpBrokenShortcutRemoval_Update [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUp Free Driver Backup_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUp Free WiFi Hotspot Creator_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpAutoShutdown_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpFreeAutoClicker_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpDiskCleaner_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpFileShredder_Install [4] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpBrokenShortcutRemoval_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpDeletedFileRecovery_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpDuplicatesRemoval_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpEmptyFolderRemoval_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpFileFolderMonitor_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpFileSplitJoin_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpProgramLock_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpResourceExtractor_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpStartupManager_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpUninstallManager_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-048/PCTuneUpWebBrowserCleanup_Install [3] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUp Free Driver Backup_Uninstall_RetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUp Free WiFi Hotspot Creator_UninstalledRetainedFIles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpAutoShutdown_UnistallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpFreeAutoClicker_UninstallRetainedFIles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpDiskCleaner_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpFileShredder_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpBrokenShortcutRemoval_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpDeletedFileRecovery_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpDuplicatesRemoval_UninstallRetainedFiles [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpEmptyFolderRemoval_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpFileFolderMonitor_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpFileSplitJoin_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpProgramLock_UninstallRetainedFiles[1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpResourceExtractor_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpStartupManager_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpUninstallManager_UninstallRetainedFiles [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-118/PCTuneUpWebBrowserCleanup_UninstallRetainedFiles[1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUp Free Driver Backup_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUp Free Driver Backup_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUp Free WiFi Hotspot Creator_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUp Free WiFi Hotspot Creator_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUp Free WiFi Hotspot Creator_Install [6] AVAST.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpAutoShutdown_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpAutoShutdown_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpFreeAutoClicker_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpFreeAutoClicker_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpDiskCleaner_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpDiskCleaner_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpFileShredder_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpFileShredder_Install [5] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpBrokenShortcutRemoval_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpBrokenShortcutRemoval_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpDeletedFileRecovery_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpDuplicatesRemoval_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpDuplicatesRemoval_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpEmptyFolderRemoval_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpEmptyFolderRemoval_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpEmptyFolderRemoval_Install [5] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpFileFolderMonitor_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpFileFolderMonitor_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpFileSplitJoin_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpFileSplitJoin_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpProgramLock_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpProgramLock_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpResourceExtractor_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpResourceExtractor_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpResourceExtractor_Install [5] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpStartupManager_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpStartupManager_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpUninstallManager_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpUninstallManager_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpUninstallManager_Install [5] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpWebBrowserCleanup_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-155/PCTuneUpWebBrowserCleanup_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUp Free Driver Backup_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUp Free Driver Backup_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUp Free WiFi Hotspot Creator_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUp Free WiFi Hotspot Creator_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUp Free WiFi Hotspot Creator_Install [6] AVAST.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpAutoShutdown_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpAutoShutdown_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpFreeAutoClicker_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpFreeAutoClicker_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpDiskCleaner_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpDiskCleaner_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpFileShredder_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpFileShredder_Install [5] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpBrokenShortcutRemoval_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpBrokenShortcutRemoval_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpDeletedFileRecovery_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpDuplicatesRemoval_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpDuplicatesRemoval_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpEmptyFolderRemoval_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpEmptyFolderRemoval_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpEmptyFolderRemoval_Install [5] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpFileFolderMonitor_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpFileFolderMonitor_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpFileSplitJoin_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpFileSplitJoin_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpProgramLock_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpProgramLock_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpResourceExtractor_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpResourceExtractor_Install [4] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpResourceExtractor_Install [5] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpStartupManager_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpStartupManager_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpUninstallManager_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpUninstallManager_Install [4] Avast.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpUninstallManager_Install [5] McAfee.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpWebBrowserCleanup_Install [2] RelevantKnowledge.png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-059/PCTuneUpWebBrowserCleanup_Install [4] Avast.png"],"nonDeceptorImageFiles":["201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUp Free Driver Backup_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpAutoShutdown_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpDiskCleaner_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpFileShredder_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpProgramLock_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpFileSplitJoin_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpResourceExtractor_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpDuplicatesRemoval_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpFileFolderMonitor_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-038/PCTuneUpBrokenShortcutRemoval_FileProperty [2].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUp Free Driver Backup_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUp Free WiFi Hotspot Creator_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpAutoShutdown_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpFreeAutoClicker_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpDiskCleaner_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpFileShredder_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpBrokenShortcutRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpDeletedFileRecovery_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpDuplicatesRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpEmptyFolderRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpFileFolderMonitor_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpFileSplitJoin_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpProgramLock_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpResourceExtractor_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpStartupManager_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpUninstallManager_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpWebBrowserCleanup_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUp Free Driver Backup_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUp Free Driver Backup_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUp Free WiFi Hotspot Creator_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUp Free WiFi Hotspot Creator_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpAutoShutdown_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpAutoShutdown_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFreeAutoClicker_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFreeAutoClicker_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDiskCleaner_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDiskCleaner_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileShredder_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileShredder_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpProgramLock_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpProgramLock_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDeletedFileRecovery_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDeletedFileRecovery_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileSplitJoin_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileSplitJoin_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpUninstallManager_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpUninstallManager_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpStartupManager_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpStartupManager_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpResourceExtractor_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpResourceExtractor_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpWebBrowserCleanup_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpWebBrowserCleanup_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDuplicatesRemoval_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDuplicatesRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpEmptyFolderRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpEmptyFolderRemoval_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileFolderMonitor_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileFolderMonitor_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpBrokenShortcutRemoval_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpBrokenShortcutRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUp Free Driver Backup_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUp Free WiFi Hotspot Creator_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpAutoShutdown_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpFreeAutoClicker_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpDiskCleaner_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpFileShredder_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpBrokenShortcutRemoval_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpDeletedFileRecovery_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpDuplicatesRemoval_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpEmptyFolderRemoval_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpFileFolderMonitor_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpFileSplitJoin_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpProgramLock_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpResourceExtractor_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpStartupManager_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpUninstallManager_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-092/PCTuneUpWebBrowserCleanup_FileProperty [3].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUp Free Driver Backup_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUp Free WiFi Hotspot Creator_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpAutoShutdown_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpFreeAutoClicker_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpDiskCleaner_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpFileShredder_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpProgramLock_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpDeletedFileRecovery_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpFileSplitJoin_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpUninstallManager_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpStartupManager_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpResourceExtractor_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpWebBrowserCleanup_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpDuplicatesRemoval_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpEmptyFolderRemoval_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpFileFolderMonitor_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-065/PCTuneUpBrokenShortcutRemoval_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUp Free Driver Backup_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUp Free WiFi Hotspot Creator_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpAutoShutdown_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpFreeAutoClicker_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpDiskCleaner_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpFileShredder_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpProgramLock_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpDeletedFileRecovery_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpFileSplitJoin_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpUninstallManager_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpStartupManager_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpResourceExtractor_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpWebBrowserCleanup_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpDuplicatesRemoval_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpEmptyFolderRemoval_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpFileFolderMonitor_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUpBrokenShortcutRemoval_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUp Free Driver Backup_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUp Free Driver Backup_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUp Free WiFi Hotspot Creator_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUp Free WiFi Hotspot Creator_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpAutoShutdown_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpAutoShutdown_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFreeAutoClicker_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFreeAutoClicker_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDiskCleaner_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDiskCleaner_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileShredder_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileShredder_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpBrokenShortcutRemoval_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpBrokenShortcutRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDeletedFileRecovery_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDeletedFileRecovery_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDuplicatesRemoval_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpDuplicatesRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpEmptyFolderRemoval_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpEmptyFolderRemoval_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileFolderMonitor_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileFolderMonitor_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileSplitJoin_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpFileSplitJoin_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpProgramLock_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpProgramLock_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpStartupManager_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpStartupManager_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpUninstallManager_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpUninstallManager_Interactions [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpWebBrowserCleanup_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpWebBrowserCleanup_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpResourceExtractor_About [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-002/PCTuneUpResourceExtractor_Install [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-099/PCTuneUp_LandingPage [1].png","201126/PCTuneUpBundler-201120/1.0/Images/ACR-161/PCTuneUp_LandingPage [3] Testimonials.png"],"guid":"d2c8d8d7-87b4-4bf4-ba11-82695835f68a_1.0_1","appID":"PCTuneUpBundler-201120","dateAdded":"201126","deceptorType":"Bundler","name":"PCTuneUp Bundler","company":"PCTuneUp, Inc","version":"1.0","sigName":"Deceptor:Win32/PCTuneUpBundler!109047048118155059","lastKnownStatus":"1.0","lastKnownDate":"201126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-03-27T18:30:30.091141+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1807},{"violations":{"ACR-043":"On installing the app, malicious executables are dropped under different location\n","ACR-010":"The app drops malicious files under different location during installation that are vulnerable to the computer\n","ACR-084":"The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{"ACR-092":"The app does not have a digital signature for all the executables.\n"},"samples":[{"isRevoked":"False","fileName":"dynlink_1596908175372.exe","fileVersion":"0.0","hashMD5":"bae26c31bc0bd2abd9f9ace595b05c6d","hashSHA1":"4262e5c81eb18e36dc3707055421e5e3171f99be","hashSHA256":"1aa4087c5c536a86956175e1a22928a15253817646ff5d8621c33e546c2e0bcc","sourceIndex":"2008","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"safefinder.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"060404f288040959694844afbd102966","hashSHA1":"e0525e9ef6713fd7f269a669335ce3ddaab4b6a1","hashSHA256":"40517e822f3442a2f389a50e905f40a6a2c4930077c865e3ea7b1929405f760a","sourceIndex":"2008","avBlockList":["360 Total Security (20210422)","Avast Premium Security (20210422)","AVG Internet Security (20210422)","Avira Internet Security (20210422)","Bitdefender Internet Security (20210422)","COMODO Antivirus (20210422)","Dr.Web Security Space (20210422)","ESET Internet Security (20210422)","G DATA INTERNET SECURITY (20210422)","K7 Total Security (20210422)","Kaspersky Internet Security (20210422)","Malwarebytes Premium (20210422)","McAfee Total Protection (20210422)","Norton Security (20210422)","Panda Dome (20210422)","Quick Heal Internet Security (20210422)","Sophos Home Premium (20210422)","SpyHunter5 (20210422)","Tencent PC Manager (20210422)","Total AV Antivirus Pro (20210422)","Trend Micro Internet Security (20210422)","VIPRE Advanced Security (20210422)","VirIT eXplorer PRO (20210422)","Webroot SecureAnywhere (20210422)","Windows Defender (20210422)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Research","reference":"","landingPage":"http://linkury.s3-us-west-2.amazonaws.com/","directDownloadingLink":"http://linkury.s3-us-west-2.amazonaws.com/safefinder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://linkury.s3-us-west-2.amazonaws.com/safefinder.exe","sourceIndex":"2008"}],"sampleFiles":["201123/linkury-201123/1.0.0.0/Samples/safefinder.exe"],"imageFiles":["201123/linkury-201123/1.0.0.0/Images/ACR-043/ACR-043_Install_NoDisclosure.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-043/ACR-043_Install_NoDisclosure1.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-043/ACR-043_Install_NoDisclosure2.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-043/ACR-043_Install_NoDisclosure3.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-043/ACR-043_Install_NoDisclosure4.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-043/ACR-043_Install_NoDisclosure5.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-043/ACR-043_Install_NoDisclosure6.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-010/ACR-010_Install_VirusTotal.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-010/ACR-010_Install_VirusTotal1.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-010/ACR-010_Install_VirusTotal2.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-010/ACR-010_Install_VirusTotal3.jpg","201123/linkury-201123/1.0.0.0/Images/ACR-084/ACR-084_Software_RunsInBackground.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-118/ACR-118_UnInstall_RetainsFile.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-118/ACR-118_UnInstall_RetainsFile1.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-118/ACR-118_UnInstall_RetainsFile2.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-118/ACR-118_UnInstall_RetainsFile4.JPG","201123/linkury-201123/1.0.0.0/Images/ACR-118/ACR-118_Uninstall_FileRetains.JPG"],"nonDeceptorImageFiles":["201123/linkury-201123/1.0.0.0/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG"],"guid":"dbe52fb5-40c9-4f64-84f6-021ff024b068_1.0.0.0_1","appID":"linkury-201123","dateAdded":"201123","deceptorType":"App","name":"Linkury","company":"Linkury","version":"1.0.0.0","sigName":"Deceptor:Win32/Linkury!043010084118","lastKnownStatus":"1.0.0.0","lastKnownDate":"210511","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2021-05-11T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1808},{"violations":{"ACR-043":"Third-party components (ClamAV) are installed which are not disclosed to the consumer in the EULA or the landing page.\n","ACR-107":"The app includes \"ClamAV\" components during the installation without the explicitly disclose its opensource and redistribute under GNU General Public License v2.\n","ACR-103":"The malware cleaner value proposition can't be verified. The app did not detect any of the malware and deceptor during our review. The test set is well know malicious samples in the wild and published deceptors. \n","ACR-014":"On closing the app, it displays a prompt that \"PC will be Unsecured then\", even though windows defender is running in the system, which is misleading.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose EULA and Privacy policy during the installation.\nThe app does not disclose EULA and Privacy policy in the software.\nThe app does not disclose EULA and Privacy policy in the landing page.\n","ACR-002":"The app does not have an identical name across all points of consumer interaction.\n","ACR-092":"The app does not provide a digital signature for all the executables.\n","ACR-099":"The app does not disclose uninstall information in the software.\nThe app does not disclose uninstall information in the landing page.\n","ACR-035":"The app does not provide EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the software and landing page.\n","ACR-036":"The app does not provide EULA/Terms of Service and Privacy Policy in the software and landing page.\n","ACR-037":"The app does not provide Privacy Policy in the software and landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Onyx Mods LLC\\SpyBuster Free\\av.exe","companyName":"Onyx Mods LLC","productName":"Spybuster Free Antivirus","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d9a782b041755f50ac96cbaee8c2f6c3","hashSHA1":"88660cd7fef647d831052fe25e016b49ca874d76","hashSHA256":"fc59849134015c62e8869b7e082fb65c3a3233d4ce9a108342cfcb6a268fb542","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2045","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Spybuster Free 5.exe","isInstaller":"True","companyName":"Onyx Mods LLC","fileVersion":"0.0","hashMD5":"abccc57e62919ee537bbfb240d2ef9f4","hashSHA1":"6475554a7309346d05c655e878a7396cbdd77415","hashSHA256":"ce3c93add3a2512825a1d3bf3f06cf193a1468301357e50e6bc9bd5d95e37bc2","sourceIndex":"2045","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":["Dr.Web Security Space (20210427)","Trend Micro Internet Security (20210427)"]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor related app monitoring","reference":"rambuster","landingPage":"https://www.onyxmodsllc.com/","directDownloadingLink":"https://www.softpedia.com/get/Antivirus/Spybuster-Free.shtml","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.softpedia.com/get/Antivirus/Spybuster-Free.shtml","sourceIndex":"2045"}],"sampleFiles":["201117/Spybuster-201112/5/Samples/Spybuster Free 5.exe"],"imageFiles":["201117/Spybuster-201112/5/Images/ACR-043/ACR-043_Install_NoDisclosure1.JPG","201117/Spybuster-201112/5/Images/ACR-107/ACR-107_Install_NoDisclosure1.JPG","201117/Spybuster-201112/5/Images/ACR-103/ACR-103_Software_NoMalwaresDetected.JPG","201117/Spybuster-201112/5/Images/ACR-103/ACR-103_Software_NoCertifications.jpg","201117/Spybuster-201112/5/Images/ACR-014/ACR-014_Software_Misleading.JPG"],"nonDeceptorImageFiles":["201117/Spybuster-201112/5/Images/ACR-065/ACR-065_Install_NoDocs.JPG","201117/Spybuster-201112/5/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","201117/Spybuster-201112/5/Images/ACR-065/ACR-065_Software_NoDocs.JPG","201117/Spybuster-201112/5/Images/ACR-099/ACR-099_Software_NoUninstall_Information.JPG","201117/Spybuster-201112/5/Images/ACR-002/ACR-002 Software_NoNameConsistency.JPG","201117/Spybuster-201112/5/Images/ACR-002/ACR-002 Software_NoNameConsistency1.JPG","201117/Spybuster-201112/5/Images/ACR-035/ACR-035_Docs_NoDocs .JPG","201117/Spybuster-201112/5/Images/ACR-035/ACR-035_Docs_NoDocs.JPG","201117/Spybuster-201112/5/Images/ACR-036/ACR-036_Docs_NoDocs .JPG","201117/Spybuster-201112/5/Images/ACR-036/ACR-036_Docs_NoDocs1.JPG","201117/Spybuster-201112/5/Images/ACR-037/ACR-037_Docs_NoDocs.JPG","201117/Spybuster-201112/5/Images/ACR-037/ACR-037_Docs_NoDocs1.JPG","201117/Spybuster-201112/5/Images/ACR-065/ACR-065_Landingpage_NoDocs.JPG","201117/Spybuster-201112/5/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Information.JPG"],"guid":"42a40f5a-9545-4d8b-aa4a-480879d75284_5_1","appID":"Spybuster-201112","dateAdded":"201117","deceptorType":"App","name":"Spybuster","company":"Onyx Mods LLC","version":"5","sigName":"Deceptor:Win32/Spybuster!043107103014","lastKnownStatus":"5","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2020-11-17T21:36:19.7208142+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1809},{"violations":{"ACR-107":"If your antivirus engine/signature is licensed from any 3rd party or open source,  you need to disclose it in EULA. \n","ACR-003":"The app does not substantiate the identified results to the consumer. The reported 1PUPs is lack of details (which file, location, what it is, etc)\n","ACR-004":"The app does not substantiate the identified items and does not provide a free fix for the identified issues, raise misleading/unclear concern that leads user to purchase. \n","ACR-084":"The app logo is almost invisible in the taskbar, on minimizing the app, it looks like hiding its presence from the user. \n","ACR-103":"1) The malware cleaner value proposition can't be verified. During our review, none of the malware (22 malware and 1 eicar test file) was identified by the app. You can check them using any well-known windows malware set for example from VirusTotal. \n2) For all anti-virus app, certification requires antivirus solution provider to provide any one of the followings to support its value proposition:\na. App has a current and public certification from an AMTSO member tester. Or,\nb. App vendor is a current Microsoft MVI member\n3) The \"buy Lajunen Anti-malware license\" link from the software is not working.\n"},"nonDeceptorViolations":{"ACR-045":"App's landing page https://lajunentech.wordpress.com has incomplete information about application (not download/purchase/return policy/EULA/Privacy Policy/Uninstall instruction, etc.) It contains other pictures/information not related with application and may confuses user. (We assume landing page is under working in progress. If so, please mark it working in progress. ) \n","ACR-065":"The app needs to disclose the EULA & Privacy Policy during the installation.\nThe app needs to disclose the EULA &Privacy Policy in the app's Info page.\nThe app needs to disclose the EULA & Privacy Policy in the landing page.\nThe app needs to disclose the EULA & Privacy Policy in the internal offers page.\n","ACR-138":"The landing page must disclose clearly about what values they would receive and how they will be expected to pay for that value, as this app is required to be purchased to clean the identifies issues\n","ACR-170":"The app needs to disclose that the product must be activated in order to clean the identified issues in the landing page.\n","ACR-092":"Digital signature is required for the executables \"LajunenAV.exe\" and \"lajunenav_installer.exe\".\n","ACR-099":"The app needs to disclose uninstall information in the app’s about page.\nThe app needs to disclose uninstall information in the landing page.\n","ACR-035":"The app needs to disclose the EULA & Privacy policy to the consumer.\n","ACR-037":"The app needs to disclose the privacy policy in the landing page.\n","ACR-167":"The app needs to disclose the Return Policy in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Lajunen Technologies Ltd\\Lajunen Anti-Malware\\LajunenAV.exe","companyName":"Lajunen Technologies Ltd","productName":"LajunenAV","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a9418740a4f7000b4fb7c6d37f2e85fa","hashSHA1":"6ae1c8b6677cc88ebc1e65e50dd53612e34c711a","hashSHA256":"d1f6a44ba6bbcb1da8c9f0b0876099cce0e20c98d59d8f788a5d8fcfe94fe090","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2046","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Lajunen Technologies Ltd\\Lajunen Anti-Malware\\Uninstall.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"76b08fc1725b7770683bec0277a7f07e","hashSHA1":"478025079a5ae04f5d820850a923338c72b0b9d2","hashSHA256":"c0729922b2643cba6b2ea3d78b24d89a54d5ba31e643961122ff693a18a2e79d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2046","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"lajunenav_installer.exe","isInstaller":"True","companyName":"Lajunen Technologies Ltd","productName":"Lajunen Anti-Malware Setup","productVersion":"4","fileVersion":"4","hashMD5":"5f41037dcd390ea23b42817746814ed2","hashSHA1":"0cceae78ede9aa6516cb89bac315afdb89cf907d","hashSHA256":"3af0ad211dd62392f164a4cebae8e68da09cf72bf94bafc12e2c0db63c9e6381","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2046","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"https://lajunentech.wordpress.com/#","directDownloadingLink":"","landingPageWildChar":"","directDownloadingLinkWildChar":"","sourceIndex":"2046"}],"sampleFiles":["201112/lajunenanti-malware-200926/4/Samples/lajunenav_installer.exe"],"imageFiles":["201112/lajunenanti-malware-200926/4/Images/ACR-004/ACR-004_Software_NotFixingIssues.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-084/ACR-084_Software_IconInTaskbarLooksInvisible.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-084/ACR-084_Software_IconInTaskbarLooksInvisible1.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-103/ACR-103_Software_NoMalwareFound.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-103/ACR-103_Software_BuyNowLinkNotWorking1.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-003/ACR-003_Software_NoSubstantiatingOfResults .JPG"],"nonDeceptorImageFiles":["201112/lajunenanti-malware-200926/4/Images/ACR-065/ACR-065_Install_NoDocs.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-170/ACR-170_Landingpage_NoDisclosure.jpg","201112/lajunenanti-malware-200926/4/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-065/ACR-065_Software_NoDocs.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-138/ACR-138_Landingpage_NoDisclosure.jpg","201112/lajunenanti-malware-200926/4/Images/ACR-035/ACR-035_Docs_NoDocs.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-035/ACR-035_Docs_NoDocs1.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-037/ACR-037_Docs_NoPrivacyPolicy.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-065/ACR-065_Landingpage_NoDocs.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.JPG","201112/lajunenanti-malware-200926/4/Images/ACR-065/ACR-065_InternalOffers_NoDocs.JPG"],"guid":"052d625c-60ec-41db-b2ff-6fb2f179096e_4_1","appID":"lajunenanti-malware-200926","dateAdded":"201112","deceptorType":"App","name":"Lajunen Anti-Malware","company":"Lajunen Technologies","version":"4","sigName":"Deceptor:Win32/LajunenAntiMalware!004084103107003","lastKnownStatus":"4","lastKnownDate":"201112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Server,Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"in-app purchases,paid","lastUpdate":"2020-11-12T19:27:41.4725015+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1811},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user and users agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offer page does not display links to the Privacy Policy.\n","ACR-092":"The app does not provide digital signature for the main executable.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"gameboost.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"10886b36bef5aadd9e07b41b6a553b64","hashSHA1":"295143a23d812a291561869c90f30481acddd13c","hashSHA256":"9fe1a20d859bbe561700016c497a253f1cb34ea3f1bda2f9807d7ae9401ba476","sourceIndex":"2047","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","Dr.Web Security Space (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","Trend Micro Internet Security (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":[]},{"isRevoked":"False","fileName":"gamegain.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"817127c22532f3443dc35401e3c42126","hashSHA1":"b32aeb5b13edf516bb6eb535c2dca260e1ab70ca","hashSHA256":"2f2e5d16c033e69c92ca9ead19852e40f572d1b73df5e5588b76de0d786ae337","sourceIndex":"2047","avBlockList":["Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","Dr.Web Security Space (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","Trend Micro Internet Security (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":["360 Total Security (20210427)"]},{"isRevoked":"False","fileName":"gameswift.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"fea08972c3a1c24392dfc79a0a39661e","hashSHA1":"ce8baa9e00528436ea2af915704565f1f9863f24","hashSHA256":"264febaa4e84d55479102c1471552872f13a25015d721dd85ac936f2f348bf4c","sourceIndex":"2047","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","Dr.Web Security Space (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","Trend Micro Internet Security (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":[]},{"isRevoked":"False","fileName":"pcboost.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"c6be0c25504328f4a0443062edf32b2e","hashSHA1":"4cfb83080afef64ccf51174425d6901084ec592e","hashSHA256":"7a8d874d7a003be6694f7a30d1778d43e49b030db40d411025a3bb66a6df2f1e","sourceIndex":"2047","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","Dr.Web Security Space (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","Trend Micro Internet Security (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)","McAfee Total Protection (20210427)"],"avAllowList":[]},{"isRevoked":"False","fileName":"pcmedik.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"98a435b8ceaf3e18c951ae9f91134ecc","hashSHA1":"6c9fb27a028c2de11cd15297f4d7bca12b2db318","hashSHA256":"c88d3a526f5c7f92f5cd29109b401074e8f05cc5a5bfb1bd7b0c71638e35842a","sourceIndex":"2047","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","Dr.Web Security Space (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","Trend Micro Internet Security (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":[]},{"isRevoked":"False","fileName":"pcswift.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"b1fac6873aa14cd9dba8af99be94b7de","hashSHA1":"4f51fe32fc2a621da948caca655b10548920d644","hashSHA256":"3ce12cfe839f6baf211ae50ab6ad67e93d5764348db6f6f6caf93096622d4c32","sourceIndex":"2047","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","Dr.Web Security Space (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","Trend Micro Internet Security (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":[]},{"isRevoked":"False","fileName":"superram.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"4142eb7bda9a9500ece8774d1cd3755e","hashSHA1":"8aae44800b15621349ba09be942d9e386f1e40a7","hashSHA256":"06d35ade0cdb8bfea1cd551efd22a6a5e60b4d0da8bc2ea3944bc2346b6e638d","sourceIndex":"2047","avBlockList":["360 Total Security (20210427)","Avast Premium Security (20210427)","AVG Internet Security (20210427)","Avira Internet Security (20210427)","Bitdefender Internet Security (20210427)","COMODO Antivirus (20210427)","Dr.Web Security Space (20210427)","ESET Internet Security (20210427)","G DATA INTERNET SECURITY (20210427)","K7 Total Security (20210427)","Kaspersky Internet Security (20210427)","Malwarebytes Premium (20210427)","McAfee Total Protection (20210427)","Norton Security (20210427)","Panda Dome (20210427)","Quick Heal Internet Security (20210427)","Sophos Home Premium (20210427)","SpyHunter5 (20210427)","Tencent PC Manager (20210427)","Total AV Antivirus Pro (20210427)","Trend Micro Internet Security (20210427)","VIPRE Advanced Security (20210427)","VirIT eXplorer PRO (20210427)","Webroot SecureAnywhere (20210427)","Windows Defender (20210427)"],"avAllowList":[]},{"isRevoked":"False","fileName":"systemswift.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"f705a33f426f8a2fb60fb5baebf86f5c","hashSHA1":"832cd07645031a730602a1c4b9230e9b846f0845","hashSHA256":"8dbc964cddcefd7d5184f36713d301bf26aa1cc9bacfb1ed23a25a72a17a907e","sourceIndex":"2047","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","Trend Micro Internet Security (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":[]},{"isRevoked":"False","fileName":"throttle.exe","isInstaller":"True","companyName":"PGWARE LLC                                                  ","fileVersion":"1.0","hashMD5":"4c8aedd802bce61def4600369f4b16bd","hashSHA1":"3a2cf51641b569ea55b659bd18221995e17bf11d","hashSHA256":"7398ca6f1a91e51d6ddfb2c9c74e6725506b719edf1d3cfe6c1e52715a82e9a5","sourceIndex":"2047","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","Trend Micro Internet Security (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/throttle/","directDownloadingLink":"http://pgware.com/downloads/throttle.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/throttle.exe","sourceIndex":"2047"},{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/gamegain/","directDownloadingLink":"http://pgware.com/downloads/gamegain.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/gamegain.exe","sourceIndex":"2048"},{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/pcmedik/","directDownloadingLink":"http://pgware.com/downloads/pcmedik.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pcmedik.exe","sourceIndex":"2049"},{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/pcboost/","directDownloadingLink":"http://pgware.com/downloads/pcboost.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pcboost.exe","sourceIndex":"2050"},{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/superram/","directDownloadingLink":"http://pgware.com/downloads/superram.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/superram.exe","sourceIndex":"2051"},{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/gameswift/","directDownloadingLink":"http://pgware.com/downloads/gameswift.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/gameswift.exe","sourceIndex":"2052"},{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/gameboost/","directDownloadingLink":"http://pgware.com/downloads/gameboost.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/gameboost.exe","sourceIndex":"2053"},{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/pcswift/","directDownloadingLink":"http://pgware.com/downloads/pcswift.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/pcswift.exe","sourceIndex":"2054"},{"howFound":"","reference":"http://www.pgware.com/","landingPage":"http://pgware.com/products/systemswift/","directDownloadingLink":"http://pgware.com/downloads/systemswift.exe ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pgware.com/downloads/systemswift.exe ","sourceIndex":"2055"}],"sampleFiles":["201112/PGWareBundler-201112/1.0/Samples/gameboost.exe","201112/PGWareBundler-201112/1.0/Samples/gamegain.exe","201112/PGWareBundler-201112/1.0/Samples/gameswift.exe","201112/PGWareBundler-201112/1.0/Samples/pcboost.exe","201112/PGWareBundler-201112/1.0/Samples/pcmedik.exe","201112/PGWareBundler-201112/1.0/Samples/pcswift.exe","201112/PGWareBundler-201112/1.0/Samples/superram.exe","201112/PGWareBundler-201112/1.0/Samples/systemswift.exe","201112/PGWareBundler-201112/1.0/Samples/throttle.exe"],"imageFiles":["201112/PGWareBundler-201112/1.0/Images/ACR-109/GameBoost 3_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-109/GameSwift 2_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-109/PCBoost 5_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-109/PCMedik 8_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-109/PCSwift 2_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-109/SuperRam 7_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-109/SystemSwift 2_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-109/GameGain 4_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-109/Throttle 8_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/GameBoost 3_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/GameSwift 2_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/PCBoost 5_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/PCMedik 8_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/PCSwift 2_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/SuperRam 7_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/SystemSwift 2_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/GameGain 4_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-048/Throttle 8_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/GameGain 4_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/GameBoost 3_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/GameSwift 2_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/PCBoost 5_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/PCMedik 8_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/PCSwift 2_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/SuperRam 7_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/SystemSwift 2_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-059/Throttle 8_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/GameBoost 3_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/GameSwift 2_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/PCBoost 5_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/PCMedik 8_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/SuperRam 7_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/SystemSwift 2_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/GameGain 4_Install [3] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/Throttle 8_Install [4] RelevantKnowledge.png","201112/PGWareBundler-201112/1.0/Images/ACR-155/PCSwift 2_Install [3] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201112/PGWareBundler-201112/1.0/Images/ACR-065/GameBoost 3_Install [2].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameSwift 2_Install [2].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCBoost 5_Install [2].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCMedik 8_Install [2].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCSwift 2_Install [2].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/SuperRam 7_Install [2].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/SystemSwift 2_Install [2].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameGain 4_Install [2] EULA.png","201112/PGWareBundler-201112/1.0/Images/ACR-065/Throttle 8_Install [2] EULA.png","201112/PGWareBundler-201112/1.0/Images/ACR-092/GameBoost 3_FileProperty [4].png","201112/PGWareBundler-201112/1.0/Images/ACR-092/GameSwift 2_FileProperty [4].png","201112/PGWareBundler-201112/1.0/Images/ACR-092/PCMedik 8_FileProperty [4].png","201112/PGWareBundler-201112/1.0/Images/ACR-092/PCSwift 2_FileProperty [4].png","201112/PGWareBundler-201112/1.0/Images/ACR-092/SuperRam 7_FileProperty [4].png","201112/PGWareBundler-201112/1.0/Images/ACR-092/SystemSwift 2_FileProperty [4].png","201112/PGWareBundler-201112/1.0/Images/ACR-092/GameGain 4_FileProperty [4].png","201112/PGWareBundler-201112/1.0/Images/ACR-092/Throttle 8_FileProperty [4].png","201112/PGWareBundler-201112/1.0/Images/ACR-092/PCBoost 5_FileProperty [3].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameBoost 3_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameSwift 2_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCBoost 5_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCMedik 8_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCSwift 2_About[1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/SuperRam 7_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/SystemSwift 2_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameGain 4_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/Throttle 8_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameGain 4_Interactions [2] About.png","201112/PGWareBundler-201112/1.0/Images/ACR-099/Throttle 8_Interactions [2] About.png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameBoost 3_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameSwift 2_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCBoost 5_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCMedik 8_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCSwift 2_About[1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/SuperRam 7_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/SystemSwift 2_About [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameBoost 3_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameGain 4_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameSwift 2_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCBoost 5_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCMedik 8_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCSwift 2_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PGWare_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/SuperRam 7_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/SystemSwift 2_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/Throttle 8_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameBoost 3_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameGain 4_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameSwift 2_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCBoost 5_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCMedik 8_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCSwift 2_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PGWare_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/SuperRam 7_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/SystemSwift 2_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/Throttle 8_LandingPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameGain 4_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameBoost 3_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/GameSwift 2_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCBoost 5_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCMedik 8_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PCSwift 2_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/PGWare_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/SuperRam 7_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/SystemSwift 2_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-065/Throttle 8_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameGain 4_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameBoost 3_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/GameSwift 2_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCBoost 5_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCMedik 8_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PCSwift 2_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/PGWare_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/SuperRam 7_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/SystemSwift 2_OfferPage [1].png","201112/PGWareBundler-201112/1.0/Images/ACR-099/Throttle 8_OfferPage [1].png"],"guid":"f434f33a-2dab-466e-b54d-973076503afd_1.0_1","appID":"PGWareBundler-201112","dateAdded":"201112","deceptorType":"Bundler","name":"PGWare Bundler","company":"PGWARE LLC","version":"1.0","sigName":"Deceptor:Win32/PGWareBundler!109048059155","lastKnownStatus":"1.0","lastKnownDate":"201112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-12T17:54:54.0907893+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1810},{"violations":{"ACR-003":"The app exaggerates urgency and makes unsubstantiated claims by using the color \"red\" and the word \"infected\" for potential unwanted software\n","ACR-004":"The app does not provide a fully-functioning free trial when displaying free search results, in order to fix search results you must buy a license. The app also exaggerated urgency and makes unsubstantiated claims by using the color \"red\" and the word \"infected\" for potential unwanted software.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"nonDeceptorViolations":{"ACR-065":"The landing page does not contain links to the Returns and Cancellations policy.\nThe install page does not contain links to the Returns and Cancellations Policy or the Privacy Policy.\nThe app's about page does not contain links to the EULA and/or Terms of Service, Returns and Cancellations Policy, or Privacy Policy.\n","ACR-099":"The app's internal offers does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app does not contain links to uninstall information.\n","ACR-150":"The app's landing page displays endorsements that unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"TrojanKiller-Setup.exe","isInstaller":"True","companyName":"GridinSoft LLC","fileVersion":"2.0","hashMD5":"1c7e069bd65bb98587a4ef9a8b8e1088","hashSHA1":"d4bd844d4b28b648a42a8db44d720754b0d961f2","hashSHA256":"7bacedee9d6ca7f60bf1f6bdbe060de29c846dc13643195917f199ea1ffd8376","digitalCertThumbprint":"6C5AE3F8BC5FC1FA38502592E832496738E430B0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"GridinSoft, LLC\", O=\"GridinSoft, LLC\", L=Kyiv, C=UA","sourceIndex":"2044","avBlockList":["Avast Premium Security (20201117)","AVG Internet Security (20201117)","ESET Internet Security (20201117)","K7 Total Security (20201117)","McAfee Total Protection (20201117)","Norton Security (20201117)","SpyHunter5 (20201117)","Webroot SecureAnywhere (20201117)","Windows Defender (20201117)"],"avAllowList":["360 Total Security (20201117)","Avira Internet Security (20201117)","Bitdefender Internet Security (20201117)","COMODO Antivirus (20201117)","Dr.Web Security Space (20201117)","G DATA INTERNET SECURITY (20201117)","Kaspersky Internet Security (20201117)","Malwarebytes Premium (20201117)","Panda Dome (20201117)","Quick Heal Internet Security (20201117)","Sophos Home Premium (20201117)","Tencent PC Manager (20201117)","Total AV Antivirus Pro (20201117)","Trend Micro Internet Security (20201117)","VIPRE Advanced Security (20201117)","VirIT eXplorer PRO (20201117)"]},{"isRevoked":"False","fileName":"tk.exe","companyName":"Gridinsoft LLC","fileVersion":"2.1","hashMD5":"e09b10da615e454bf7be55ba68e88a0b","hashSHA1":"6f232482ec207bc99189f2e56376aabf954a02e9","hashSHA256":"d455f0f96c425ae3f1eba5394af18975908993a33e62ef120c349979d0cec9da","digitalCertThumbprint":"6C5AE3F8BC5FC1FA38502592E832496738E430B0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"GridinSoft, LLC\", O=\"GridinSoft, LLC\", L=Kyiv, C=UA","sourceIndex":"2044","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup-tk-2.1.44.exe","isInstaller":"True","companyName":"Gridinsoft LLC                                              ","fileVersion":"2.1","hashMD5":"51a14036d77045454cd66b53cb8454ed","hashSHA1":"721996f9b834ff1e277ffdf2471a0caf367679a9","hashSHA256":"a820630008a0eb89b65eb0e9b80b491a766dd0f41213ef7ce1487b5ee34371ef","digitalCertThumbprint":"6C5AE3F8BC5FC1FA38502592E832496738E430B0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"GridinSoft, LLC\", O=\"GridinSoft, LLC\", L=Kyiv, C=UA","sourceIndex":"2044","avBlockList":["Avast Premium Security (20201117)","AVG Internet Security (20201117)","Avira Internet Security (20201117)","ESET Internet Security (20201117)","K7 Total Security (20201117)","McAfee Total Protection (20201117)","Norton Security (20201117)","Panda Dome (20201117)","SpyHunter5 (20201117)","Total AV Antivirus Pro (20201117)","VirIT eXplorer PRO (20201117)","Windows Defender (20201117)"],"avAllowList":["360 Total Security (20201117)","Bitdefender Internet Security (20201117)","COMODO Antivirus (20201117)","Dr.Web Security Space (20201117)","G DATA INTERNET SECURITY (20201117)","Kaspersky Internet Security (20201117)","Malwarebytes Premium (20201117)","Quick Heal Internet Security (20201117)","Sophos Home Premium (20201117)","Tencent PC Manager (20201117)","Trend Micro Internet Security (20201117)","VIPRE Advanced Security (20201117)","Webroot SecureAnywhere (20201117)"]},{"isRevoked":"False","fileName":"tk_48.exe","companyName":"Gridinsoft LLC","fileVersion":"2.1","hashMD5":"8a2466b9c60904a4d15d9d0f5a5cba46","hashSHA1":"f437dbb8136f88be73289e443ee2fd0d3be93146","hashSHA256":"a9b3fb0ff4b92cecf893c9e675cda202b0f311ded8790cdf10ff5b694d918ba4","digitalCertThumbprint":"6C5AE3F8BC5FC1FA38502592E832496738E430B0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"GridinSoft, LLC\", O=\"GridinSoft, LLC\", L=Kyiv, C=UA","sourceIndex":"2044","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"tk32_48.exe","companyName":"Gridinsoft LLC","fileVersion":"2.1","hashMD5":"47643a8e0a06bd0b876cbd1cdfbd244b","hashSHA1":"ade7ca9326c8b2317a734a8cb66680fd31c19f7a","hashSHA256":"3e59881a2732d9a1b5c8ea99b6b86022dadf3ebb4f6261246656f75f52dd4af2","digitalCertThumbprint":"6C5AE3F8BC5FC1FA38502592E832496738E430B0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"GridinSoft, LLC\", O=\"GridinSoft, LLC\", L=Kyiv, C=UA","sourceIndex":"2044","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"tk64_48.exe","companyName":"Gridinsoft LLC","fileVersion":"2.1","hashMD5":"3ef6930052516ae66e35e8a325920a6e","hashSHA1":"48b95752412ca6be22bab0305eceb64e6d5597a6","hashSHA256":"ef9fb90f93dabbcd13ffa065deabdfd7bfaf281a39ef6634e0f51ab5e6807fef","digitalCertThumbprint":"6C5AE3F8BC5FC1FA38502592E832496738E430B0","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"GridinSoft, LLC\", O=\"GridinSoft, LLC\", L=Kyiv, C=UA","sourceIndex":"2044","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"potential deceptor submission","landingPage":"https://trojan-killer.com/","directDownloadingLink":"http://trojan-killer.com/get.php?install=full","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://trojan-killer.com/get.php?install=full","sourceIndex":"2044"}],"sampleFiles":["201110/D-TrojanKillerPortable-170621/2.1.44/Samples/TrojanKiller-Setup.exe","201110/D-TrojanKillerPortable-170621/2.1.44/Samples/tk.exe","201110/D-TrojanKillerPortable-170621/2.1.44/Samples/setup-tk-2.1.44.exe","201110/D-TrojanKillerPortable-170621/2.1.44/Samples/tk_48.exe","201110/D-TrojanKillerPortable-170621/2.1.44/Samples/tk32_48.exe","201110/D-TrojanKillerPortable-170621/2.1.44/Samples/tk64_48.exe"],"imageFiles":["201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-003/Urgency.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-017/ACR-017.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-004/Urgency.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-004/ACR-004.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-004/ACR-004 [1].png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-004/ACR-004 [2].png"],"nonDeceptorImageFiles":["201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-099/Internal Offers.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-150/ACR-150.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-065/Landing Page.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-099/Landing Page.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-065/Install.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-065/About Page.png","201110/D-TrojanKillerPortable-170621/2.1.44/Images/ACR-099/About Page.png"],"guid":"230735d4-dcf8-4fcb-aca0-87ad40b18a7e_2.1.44_1","appID":"D-TrojanKillerPortable-170621","dateAdded":"201110","deceptorType":"App","name":"TrojanKiller","company":"Gridinsoft, LLC","version":"2.1.44","sigName":"Deceptor:Win32/TrojanKiller!003004017","firstVendorContactDate":"201112","firstAppEsteemReplyDate":"201112","firstResolvedDate":"201117","firstResolvedVersion":"2.1.53.1849","resolved":"TRUE","lastKnownStatus":"Deceptor: 2.0.5;2.1.44","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-18T00:53:37.0711859+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1812},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it hides itself from the targeted consumer by requiring a hotkey to open it.\n","ACR-084":"The app is always running and uses the name \"DashboardClient\". It also requires a hotkey to open the app, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the  EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe internal offers page does not display links to the  EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-037":"The application has no Privacy Policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"BPK","fileVersion":"0.","hashMD5":"9a1cd6edd8638ed28e50683aa9b54a4e","hashSHA1":"f75bf286650260a36636b2c93e8c1f8ead542ccc","hashSHA256":"5f4abdbd94a487dad30c9ce647be74ecefcca9836d0167fe5988f78e2d0e0ed2","sourceIndex":"2056","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BPK_ML1015.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8a2213e1740e57a0b3b7f9e948ca4651cc3c70652ac8870795fd083c90f00813","sourceIndex":"2056","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Install Perfect Keylogger for Mac.app.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3035d8ea1a496b06f6f5a847f533cee715e854e15da22b50774e05af4a4c0476","sourceIndex":"2056","avBlockList":["Avast Security for Mac (20210309)","Avira Security for Mac (20210309)","Bitdefender Antivirus for Mac (20210309)","ESET Cyber Security Pro for Mac (20210309)","G DATA AntiVirus for Mac (20210309)","K7 Antivirus for Mac (20210309)","McAfee Internet Security for Mac (20210309)","Norton Security for Mac (20210309)","Sophos Home Premium For Mac (20210309)","Trend Micro Antivirus for Mac (20210309)"],"avAllowList":["Kaspersky Internet Security for Mac (20210309)"]},{"isRevoked":"False","fileName":"Installer","fileVersion":"0.","hashMD5":"e3464fbf8453cd0284a9b47ddccff4f8","hashSHA1":"aa77c7e1a63f2b5ee9e5c3c652000339f77732ac","hashSHA256":"3358ee503e905872837342fc87ccd6a134bb1fe32847fa38e583743b2e9621d3","sourceIndex":"2056","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google Search: Keylogger","landingPage":"https://www.blazingtools.com/mac_keylogger.html","directDownloadingLink":"https://blazing-download.cx/mactrial/BPK_ML1015.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://blazing-download.cx/mactrial/BPK_ML1015.zip","sourceIndex":"2056"}],"sampleFiles":["201109/PerfectKeylogger-200709/2.64/Samples/BPK","201109/PerfectKeylogger-200709/2.64/Samples/BPK_ML1015.zip","201109/PerfectKeylogger-200709/2.64/Samples/Install Perfect Keylogger for Mac.app.zip","201109/PerfectKeylogger-200709/2.64/Samples/Installer"],"imageFiles":["201109/PerfectKeylogger-200709/2.64/Images/ACR-048/Install Perfect Keylogger for Mac_Interactions [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-048/Install Perfect Keylogger for Mac_Interactions [9].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-084/Install Perfect Keylogger for Mac_RunningProcess [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-084/Install Perfect Keylogger for Mac_Interactions [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-086/Install Perfect Keylogger for Mac_Interactions [2] Screenshot.png","201109/PerfectKeylogger-200709/2.64/Images/ACR-086/Install Perfect Keylogger for Mac_Interactions [4] Email.png","201109/PerfectKeylogger-200709/2.64/Images/ACR-086/Install Perfect Keylogger for Mac_Interactions [5] FTP.png","201109/PerfectKeylogger-200709/2.64/Images/ACR-086/Install Perfect Keylogger for Mac_Interactions [6] Settings.png","201109/PerfectKeylogger-200709/2.64/Images/ACR-086/Install Perfect Keylogger for Mac_Interactions [7] Users.png","201109/PerfectKeylogger-200709/2.64/Images/ACR-086/Install Perfect Keylogger for Mac_Interactions [9].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-007/Install Perfect Keylogger for Mac_Interactions [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-007/Install Perfect Keylogger for Mac_Interactions [7] Users.png","201109/PerfectKeylogger-200709/2.64/Images/ACR-007/Install Perfect Keylogger for Mac_Interactions [9].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-007/Install Perfect Keylogger for Mac_Interactions [10].png"],"nonDeceptorImageFiles":["201109/PerfectKeylogger-200709/2.64/Images/ACR-040/Install Perfect Keylogger for Mac_HiddenFiles [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-065/Install Perfect Keylogger for Mac_Install [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-065/Install Perfect Keylogger for Mac_Interactions [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-065/Install Perfect Keylogger for Mac_Guide [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-065/Install Perfect Keylogger for Mac_LandingPage [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-065/Install Perfect Keylogger for Mac_LandingPage [2].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-099/Install Perfect Keylogger for Mac_LandingPage [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-099/Install Perfect Keylogger for Mac_LandingPage [2].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-166/Install Perfect Keylogger for Mac_OfferPage [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-166/Install Perfect Keylogger for Mac_OfferPage [2].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-065/Install Perfect Keylogger for Mac_OfferPage [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-065/Install Perfect Keylogger for Mac_OfferPage [2].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-099/Install Perfect Keylogger for Mac_OfferPage [1].png","201109/PerfectKeylogger-200709/2.64/Images/ACR-099/Install Perfect Keylogger for Mac_OfferPage [2].png"],"guid":"2ca1cf91-a83c-4bbc-98fb-8146fadb56cd_2.64_1","appID":"PerfectKeylogger-200709","dateAdded":"201109","deceptorType":"MacOS App","name":"Perfect Keylogger for Mac","company":"BlazingTools Software","version":"2.64","sigName":"Deceptor:MacOS/Perfect KeyloggerforMac!048084086007","lastKnownStatus":"1.8;2.64","lastKnownDate":"201109","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,paid","lastUpdate":"2020-11-09T18:22:35.8836037+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1813},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it hides itself from the targeted consumer by requiring a hotkey to open it.\n","ACR-084":"The app is always running and uses the name \"mdworker\". It also requires a hotkey to open the app, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer. \n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy or the EULA. \nThe internal offers page does not display links to the Returns and Cancellation Policy or the EULA.\n","ACR-099":"The landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"PKL.app.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"7b8e595b47235bb26d80e88170729bf11d33be4e3d52940f46d3ae7e9ae7227b","sourceIndex":"2389","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PKL","fileVersion":"0.","hashMD5":"cc8469780cc141d8963a7264855feecd","hashSHA1":"f74a3b293d912123cf8913a90d2c206ade1ee4ff","hashSHA256":"e58a1ea0d86fe7402572df8db5539cee7de6d64432d6d827008e0276c9b2c121","sourceIndex":"2389","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PKLite18.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"78f511311a83c655df1b326378d55801","hashSHA1":"ca7754fadc12fa09258622dd1018c0803f49bd48","hashSHA256":"d84389f51171a8f3560156f8344e06ec88271a249576063eaf026bde71f62440","sourceIndex":"2389","avBlockList":["Avast Security for Mac (20200717)","Avira Security for Mac (20200717)","Bitdefender Antivirus for Mac (20200717)","ESET Cyber Security Pro for Mac (20200717)","G DATA AntiVirus for Mac (20200717)","K7 Antivirus for Mac (20200717)","McAfee Internet Security for Mac (20200717)","Norton Security for Mac (20200717)","Sophos Home Premium For Mac (20200717)","Trend Micro Antivirus for Mac (20200717)"],"avAllowList":["Kaspersky Internet Security for Mac (20200717)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google Search: Keylogger","landingPage":"https://mac-keylogger.org/index.html","directDownloadingLink":"https://files.downloadnow.com/s/software/16/63/38/84/PKLite18.zip?token=1594301589_4a66e04e990ea11ab534f856069c7243&fileName=PKLite18.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.downloadnow.com/s/software/16/63/38/84/PKLite18.zip?token=1594301589_4a66e04e990ea11ab534f856069c7243&fileName=PKLite18.zip","sourceIndex":"2389"}],"sampleFiles":["200709/PerfectKeylogger-200709/1.8/Samples/PKL","200709/PerfectKeylogger-200709/1.8/Samples/PKLite18.zip"],"imageFiles":["200709/PerfectKeylogger-200709/1.8/Images/ACR-048/PerfectKeylogger_RunningProcess [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-048/PerfectKeylogger_Settings [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-048/PerfectKeylogger_Settings [2].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-084/PerfectKeylogger_RunningProcess [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-084/PerfectKeylogger_Settings [2].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-086/PerfectKeylogger_Settings [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-086/PerfectKeylogger_Settings [2].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-086/PerfectKeylogger_Settings [3].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-007/PerfectKeylogger_RunningProcess [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-007/PerfectKeylogger_Settings [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-007/PerfectKeylogger_Settings [2].png"],"nonDeceptorImageFiles":["200709/PerfectKeylogger-200709/1.8/Images/ACR-040/PerfectKeylogger_RunningProcess [2].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-040/PerfectKeylogger_Files [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-065/PerfectKeylogger_Install [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-065/PerfectKeylogger_Install [2].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-065/PerfectKeylogger_Settings [2].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-065/PerfectKeylogger_Settings [3].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-065/PerfectKeylogger_LandingPage [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-099/PerfectKeylogger_LandingPage [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-166/PerfectKeylogger_OfferPage [2].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-065/PerfectKeylogger_OfferPage [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-065/PerfectKeylogger_OfferPage [2].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-099/PerfectKeylogger_OfferPage [1].png","200709/PerfectKeylogger-200709/1.8/Images/ACR-099/PerfectKeylogger_OfferPage [2].png"],"guid":"2ca1cf91-a83c-4bbc-98fb-8146fadb56cd_1.8_1","appID":"PerfectKeylogger-200709","dateAdded":"201109","deceptorType":"MacOS App","name":"Perfect Keylogger for Mac","company":"BlazingTools Software","version":"1.8","sigName":"Deceptor:MacOS/PerfectKeyloggerStalkerware!048084086007","lastKnownStatus":"1.8;2.64","lastKnownDate":"201109","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid,paid","lastUpdate":"2020-11-09T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1814},{"violations":{"ACR-109":"The app installs FreeGamia Freeware and/or Falco Website shortcut link without user consent.\n The app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user and users agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer and who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app\nThe application's landing page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"AdsBlockerSetup.exe","isInstaller":"True","companyName":"FalcoWare, Inc.                                             ","fileVersion":"0.0","hashMD5":"326a77dcf1bba041b6d622314621b85e","hashSHA1":"67aa798b059f99ed87b9cc9867ce4b0901d7fbe4","hashSHA256":"b563753b145992cd944d209ac115166008db20781550bec1116d92b33d8f0aa0","sourceIndex":"2058","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":["Trend Micro Internet Security (20210429)"]},{"isRevoked":"False","fileName":"FalcoRegistryDoctorSetup.exe","isInstaller":"True","companyName":"Falco Software Inc                                          ","fileVersion":"0.0","hashMD5":"9c77f69e7d67a726925836f5ae31efe1","hashSHA1":"1b3cf76a84656385254182cc7c06fcd5bc41e653","hashSHA256":"4ce9cc76fcb44bed45cb9c9514a96ee4efab7227ed02ce271cf9ebaa2f3b4b10","sourceIndex":"2058","avBlockList":["360 Total Security (20201006)","Avast Premium Security (20201006)","AVG Internet Security (20201006)","Avira Internet Security (20201006)","Bitdefender Internet Security (20201006)","COMODO Antivirus (20201006)","Dr.Web Security Space (20201006)","ESET Internet Security (20201006)","G DATA INTERNET SECURITY (20201006)","K7 Total Security (20201006)","Malwarebytes Premium (20201006)","McAfee Total Protection (20201006)","Norton Security (20201006)","Panda Dome (20201006)","Quick Heal Internet Security (20201006)","Sophos Home Premium (20201006)","SpyHunter5 (20201006)","Tencent PC Manager (20201006)","Total AV Antivirus Pro (20201006)","Trend Micro Internet Security (20201006)","VIPRE Advanced Security (20201006)","VirIT eXplorer PRO (20201006)","Webroot SecureAnywhere (20201006)","Windows Defender (20201006)"],"avAllowList":["Kaspersky Internet Security (20201006)"]},{"isRevoked":"False","fileName":"FreeFaceBookDownloaderSetup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"626a40e3978292627494ecefc50088c4","hashSHA1":"d54fc0f2510756c58ace289d9521700a62758fd6","hashSHA256":"b720efe06377b87e966bb7db5837258d8a659ca923f702f62f60d7305dca39a8","sourceIndex":"2058","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","Trend Micro Internet Security (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeDownloaderSetup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"4b8375f19a87ed83d8895131b5277934","hashSHA1":"6a1c9749393996b7d1746c6a58a216579530399f","hashSHA256":"b9d56c2d3109ccdf23ba87a19b4af10fa6fff01696052e89cce1579010ee757f","sourceIndex":"2058","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":["Trend Micro Internet Security (20210429)"]},{"isRevoked":"False","fileName":"FreeYouTubeToMP3Setup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"139a9f67e735cf588db14899e36be985","hashSHA1":"77456eb656080bb80e4b6ed301db65060caaa08e","hashSHA256":"e6c49baf5d4b9644a5f9dd799dbc0d43023f305f261d67d8bbffa35c6587607b","sourceIndex":"2058","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":["G DATA INTERNET SECURITY (20210429)","Trend Micro Internet Security (20210429)"]},{"isRevoked":"False","fileName":"PCCleanerSetup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"0a8a091114568abe66896c5ed8dd2c64","hashSHA1":"7d5b847cd8071d929b77f33cda2eec97b2d64aba","hashSHA256":"c3d75fd6ebf6f4d8cbf9a25bf393bc7d4e39187199da23ae9236c330554a5376","sourceIndex":"2058","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","Trend Micro Internet Security (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PingMasterSetup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"871333dc17e183dff34a886f7f1c7c74","hashSHA1":"03bee829e4960605b2037f090804bbb8a4922094","hashSHA256":"2e88b038e3be4659177d861678fc4026bdc04085eba2c851b70a8e3426aef2fb","sourceIndex":"2058","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","Trend Micro Internet Security (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://softfreeway.com/","landingPage":"https://softfreeway.com/AdsBlocker.php","directDownloadingLink":"http://paul.falcoware.com/rk-distributives/AdsBlockerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://paul.falcoware.com/rk-distributives/AdsBlockerSetup.exe","sourceIndex":"2058"},{"howFound":"","reference":"","landingPage":"http://softfreeway.com/PCCleaner.php","directDownloadingLink":"http://paul.falcoware.com/rk-distributives/PCCleanerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://paul.falcoware.com/rk-distributives/PCCleanerSetup.exe","sourceIndex":"2059"},{"howFound":"","reference":"","landingPage":"https://softfreeway.com/PingMaster.php","directDownloadingLink":"http://paul.falcoware.com/rk-distributives/PingMasterSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://paul.falcoware.com/rk-distributives/PingMasterSetup.exe","sourceIndex":"2060"},{"howFound":"","reference":"","landingPage":"https://softfreeway.com/FreeYouTubeToMP3.php","directDownloadingLink":"http://paul.falcoware.com/rk-distributives/FreeYouTubeToMP3Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://paul.falcoware.com/rk-distributives/FreeYouTubeToMP3Setup.exe","sourceIndex":"2061"},{"howFound":"","reference":"","landingPage":"https://softfreeway.com/FalcoRegistryDoctor.php","directDownloadingLink":"http://falcoware.com/rk-distributives/FalcoRegistryDoctorSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://falcoware.com/rk-distributives/FalcoRegistryDoctorSetup.exe","sourceIndex":"2062"},{"howFound":"","reference":"","landingPage":"https://softfreeway.com/FreeFaceBookDownloader.php","directDownloadingLink":"http://falcoware.com/rk-distributives/FreeFaceBookDownloaderSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://falcoware.com/rk-distributives/FreeFaceBookDownloaderSetup.exe","sourceIndex":"2063"},{"howFound":"","reference":"","landingPage":"https://softfreeway.com/FreeYouTubeDownloader.php","directDownloadingLink":"http://falcoware.com/rk-distributives/FreeYouTubeDownloaderSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://falcoware.com/rk-distributives/FreeYouTubeDownloaderSetup.exe","sourceIndex":"2064"}],"sampleFiles":["201103/SoftfreewayBundler-201102/1.0/Samples/AdsBlockerSetup.exe","201103/SoftfreewayBundler-201102/1.0/Samples/FalcoRegistryDoctorSetup.exe","201103/SoftfreewayBundler-201102/1.0/Samples/FreeFaceBookDownloaderSetup.exe","201103/SoftfreewayBundler-201102/1.0/Samples/FreeYouTubeDownloaderSetup.exe","201103/SoftfreewayBundler-201102/1.0/Samples/FreeYouTubeToMP3Setup.exe","201103/SoftfreewayBundler-201102/1.0/Samples/PCCleanerSetup.exe","201103/SoftfreewayBundler-201102/1.0/Samples/PingMasterSetup.exe"],"imageFiles":["201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/AdsBlocker_GameShortcuts [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/AdsBlocker_Install [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/FalcoRegistryDoctor_GameShortcut [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/FalcoRegistryDoctor_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/FreeFaceBookDownloader_FreeGame Shortcut [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/FreeFaceBookDownloader_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/FreeYouTubeDownloader_FreeGame Shortcut [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/FreeYouTubeDownloader_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/FreeYouTubeToMP3_FreeGame Shortcut[1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/FreeYouTubeToMP3_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/PCCleaner_FreeGame Shortcut [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/PCCleaner_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/PingMaster_FreeGame Shortcut [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-109/PingMaster_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-048/AdsBlocker_Install [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-048/FalcoRegistryDoctor_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-048/FreeFaceBookDownloader_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-048/FreeYouTubeDownloader_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-048/FreeYouTubeToMP3_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-048/PCCleaner_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-048/PingMaster_Installs [3] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-155/AdsBlocker_Install [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-155/FalcoRegistryDoctor_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-155/FreeFaceBookDownloader_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-155/FreeYouTubeDownloader_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-155/FreeYouTubeToMP3_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-155/PingMaster_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-155/PCCleaner_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-059/AdsBlocker_Install [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-059/FalcoRegistryDoctor_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-059/FreeFaceBookDownloader_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-059/FreeYouTubeDownloader_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-059/FreeYouTubeToMP3_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-059/PCCleaner_Installs [2] RelevantKnowledge.png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-059/PingMaster_Installs [2] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201103/SoftfreewayBundler-201102/1.0/Images/ACR-038/AdsBlocker_FileProperty [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-038/FalcoRegistryDoctor_FileProperty [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-038/FreeFaceBookDownloader_FileProperty [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-038/FreeYouTubeDownloader_FileProperty [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-038/FreeYouTubeToMP3_FileProperty [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-038/PCCleaner_FileProperty [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-038/PingMaster_FileProperty [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/AdsBlocker_Install [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeFaceBookDownloader_Installs [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeYouTubeDownloader_Installs [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeYouTubeToMP3_Installs [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/PCCleaner_Installs [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/PingMaster_Installs [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-092/AdsBlocker_FileProperty [4].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-092/FalcoRegistryDoctor_FileProperty [4].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-092/FreeFaceBookDownloader_FileProperty [4].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-092/FreeYouTubeDownloader_FileProperty [4].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-092/FreeYouTubeToMP3_FileProperty [4].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-092/PCCleaner_FileProperty [4].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-092/PingMaster_FileProperty [4].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/AdsBlocker_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FalcoRegistryDoctor_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeFaceBookDownloader_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeYouTubeToMP3_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeYouTubeDownloader_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/PCCleaner_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/PingMaster_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/AdsBlocker_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/FalcoRegistryDoctor_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/FreeFaceBookDownloader_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/FreeYouTubeDownloader_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/FreeYouTubeToMP3_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/PCCleaner_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/PingMaster_Interactions [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/AdsBlocker_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FalcoRegistryDoctor_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeFaceBookDownloader_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeYouTubeDownloader_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/FreeYouTubeToMP3_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/PCCleaner_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-065/PingMaster_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/AdsBlocker_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/FalcoRegistryDoctor_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/FreeFaceBookDownloader_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/FreeYouTubeDownloader_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/FreeYouTubeToMP3_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/PCCleaner_LandingPage [1].png","201103/SoftfreewayBundler-201102/1.0/Images/ACR-099/PingMaster_LandingPage [1].png"],"guid":"753ebeb5-a780-4a46-8166-6be50b54633d_1.0_1","appID":"SoftfreewayBundler-201102","dateAdded":"201103","deceptorType":"Bundler","name":"Softfreeway Bundler","company":"Softfreeway","version":"1.0","sigName":"Deceptor:Win32/SoftfreewayBundler!109048155059","lastKnownStatus":"1.0","lastKnownDate":"201103","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders, Productivity","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2020-11-04T06:01:08.5920041+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1815},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app's about page does not contain links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-mac-cleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"2ba8713f501b3f01ee40d835c97c622f","hashSHA1":"6250ad6bf82e3a73c0f70b5f7fb7ade7eefbf181","hashSHA256":"359360ed726157d675f3a8e66212125e2b4f01b0baf4807f55891b089a6affb8","sourceIndex":"2065","avBlockList":["Avast Security for Mac (20201208)","Avira Security for Mac (20201208)","Bitdefender Antivirus for Mac (20201208)","ESET Cyber Security Pro for Mac (20201208)","G DATA AntiVirus for Mac (20201208)","McAfee Internet Security for Mac (20201208)","Norton Security for Mac (20201208)","Sophos Home Premium For Mac (20201208)"],"avAllowList":["K7 Antivirus for Mac (20201208)","Kaspersky Internet Security for Mac (20201208)","Trend Micro Antivirus for Mac (20201208)"]},{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"16c88ffed9701e7f1ae0eb8cecaa77c2","hashSHA1":"67cfc534b9a5b7dd4d48c99bd1ea1f59c5fc940b","hashSHA256":"8f08494c972181725959cad36642233254be454cf6dd9176f7617097eb658d5f","sourceIndex":"2065","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"Mac Cleaner\"","reference":"","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://download.imymac.com/download/imymac-mac-cleaner.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imymac.com/download/imymac-mac-cleaner.pkg","sourceIndex":"2065"}],"sampleFiles":["201030/MacCleaner-200702/3.0.6/Samples/imymac-mac-cleaner.pkg","201030/MacCleaner-200702/3.0.6/Samples/Mac Cleaner"],"imageFiles":["201030/MacCleaner-200702/3.0.6/Images/ACR-004/iMyMac_Interactions [2].png","201030/MacCleaner-200702/3.0.6/Images/ACR-004/iMyMac_Interactions [3].png","201030/MacCleaner-200702/3.0.6/Images/ACR-004/iMyMac_Interactions [4] Settings.png","201030/MacCleaner-200702/3.0.6/Images/ACR-004/iMyMac_Interactions [5] ScanResults.png","201030/MacCleaner-200702/3.0.6/Images/ACR-004/iMyMac_Interactions [6] Clean.png","201030/MacCleaner-200702/3.0.6/Images/ACR-004/iMyMac_OfferPage [1].png","201030/MacCleaner-200702/3.0.6/Images/ACR-004/iMyMac_OfferPage.png"],"nonDeceptorImageFiles":["201030/MacCleaner-200702/3.0.6/Images/ACR-065/iMyMac_Installs [1].png","201030/MacCleaner-200702/3.0.6/Images/ACR-065/iMyMac_Installs [2].png","201030/MacCleaner-200702/3.0.6/Images/ACR-065/iMyMac_Installs [3].png","201030/MacCleaner-200702/3.0.6/Images/ACR-065/iMyMac_Installs [4].png","201030/MacCleaner-200702/3.0.6/Images/ACR-065/iMyMac_Installs [5].png","201030/MacCleaner-200702/3.0.6/Images/ACR-065/iMyMac_About [1].png","201030/MacCleaner-200702/3.0.6/Images/ACR-065/iMyMac_About [2].png","201030/MacCleaner-200702/3.0.6/Images/ACR-099/iMyMac_About [1].png","201030/MacCleaner-200702/3.0.6/Images/ACR-099/iMyMac_About [2].png","201030/MacCleaner-200702/3.0.6/Images/ACR-045/iMyMac_LandingPage [1].png","201030/MacCleaner-200702/3.0.6/Images/ACR-045/iMyMac_LandingPage [2].png","201030/MacCleaner-200702/3.0.6/Images/ACR-099/iMyMac_LandingPage [3].png","201030/MacCleaner-200702/3.0.6/Images/ACR-161/iMyMac_LandingPage [2] UserReview.png","201030/MacCleaner-200702/3.0.6/Images/ACR-099/iMyMac_OfferPage [1].png"],"guid":"c1a50df7-82fa-494c-a0a0-bc8481ed2004_3.0.6_1","appID":"MacCleaner-200702","dateAdded":"201030","deceptorType":"MacOS App","name":"iMyMac Mac Cleaner","company":"iMyMac Technology Limited","version":"3.0.6","lastKnownStatus":"3.0.0;3.0.1;3.0.3;3.0.6","lastKnownDate":"201030","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-30T19:01:54.4870309+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1816},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n","ACR-084":"Disabling the auto-launch of the app does not work even the user un-checked the \"Run at Startup\" in the settings.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \nThe app's about page does not contain links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"11ce52db3fbc485e10e756300605e0e2","hashSHA1":"831d6d0f979a7f3a2dfb07567b6e9c08ee7ff28f","hashSHA256":"5743da34eadea2ae37de97099df32499be82255d6c791b2c5b82e49359f6404c","sourceIndex":"2116","avBlockList":["Avast Security for Mac (20210413)","Avira Security for Mac (20210413)","ESET Cyber Security Pro for Mac (20210413)","K7 Antivirus for Mac (20210413)","McAfee Internet Security for Mac (20210413)","Norton Security for Mac (20210413)","Sophos Home Premium For Mac (20210413)","Trend Micro Antivirus for Mac (20210413)"],"avAllowList":["Bitdefender Antivirus for Mac (20210413)","G DATA AntiVirus for Mac (20210413)","Kaspersky Internet Security for Mac (20210413)"]},{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"0ad152653751f820270f0531a2e61dc5","hashSHA1":"05f265fa01bb69031c517c2bb3335631feb022a3","hashSHA256":"09763384064be3ae54b7d996d498d022591d86a3b427ecdfe14ed19540e7bd98","sourceIndex":"2116","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"Mac Cleaner\"","reference":"https://www.imymac.com","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://www.imymac.com/download/imymac-mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-mac-cleaner.dmg","sourceIndex":"2116"}],"sampleFiles":["200902/MacCleaner-200702/3.0.3/Samples/imymac-mac-cleaner.dmg","200902/MacCleaner-200702/3.0.3/Samples/Mac Cleaner"],"imageFiles":["200902/MacCleaner-200702/3.0.3/Images/ACR-004/iMyMac Mac Cleaner_Interactions [2].png","200902/MacCleaner-200702/3.0.3/Images/ACR-004/iMyMac Mac Cleaner_Interactions [3] ScanResult.png","200902/MacCleaner-200702/3.0.3/Images/ACR-004/iMyMac Mac Cleaner_Interactions [4] ScanResult.png","200902/MacCleaner-200702/3.0.3/Images/ACR-004/iMyMac Mac Cleaner_OfferPage [1].png","200902/MacCleaner-200702/3.0.3/Images/ACR-004/iMyMac Mac Cleaner_OfferPage [2].png","200902/MacCleaner-200702/3.0.3/Images/ACR-004/iMyMac Mac Cleaner_OfferPage [3].png","200902/MacCleaner-200702/3.0.3/Images/ACR-004/iMyMac Mac Cleaner_OfferPage [4].png","200902/MacCleaner-200702/3.0.3/Images/ACR-084/iMyMac Mac Cleaner_AutoLaunch [1].png"],"nonDeceptorImageFiles":["200902/MacCleaner-200702/3.0.3/Images/ACR-065/iMyMac Mac Cleaner_Install [1].png","200902/MacCleaner-200702/3.0.3/Images/ACR-065/iMyMac Mac Cleaner_About [3].png","200902/MacCleaner-200702/3.0.3/Images/ACR-065/iMyMac Mac Cleaner_About [4].png","200902/MacCleaner-200702/3.0.3/Images/ACR-099/iMyMac Mac Cleaner_About [3].png","200902/MacCleaner-200702/3.0.3/Images/ACR-099/iMyMac Mac Cleaner_About [4].png","200902/MacCleaner-200702/3.0.3/Images/ACR-045/iMyMac Mac Cleaner_LandingPage [1] FreeDownload.png","200902/MacCleaner-200702/3.0.3/Images/ACR-045/iMyMac Mac Cleaner_LandingPage [2] FreeDownload.png","200902/MacCleaner-200702/3.0.3/Images/ACR-045/iMyMac Mac Cleaner_LandingPage [3] FreeDownload.png","200902/MacCleaner-200702/3.0.3/Images/ACR-045/iMyMac Mac Cleaner_LandingPage [4] FreeDownload.png","200902/MacCleaner-200702/3.0.3/Images/ACR-099/iMyMac Mac Cleaner_LandingPage [8].png","200902/MacCleaner-200702/3.0.3/Images/ACR-099/iMyMac Mac Cleaner_LandingPage [9].png","200902/MacCleaner-200702/3.0.3/Images/ACR-161/iMyMac Mac Cleaner_LandingPage [7] Testimonials.png","200902/MacCleaner-200702/3.0.3/Images/ACR-099/iMyMac Mac Cleaner_OfferPage [5].png"],"guid":"c1a50df7-82fa-494c-a0a0-bc8481ed2004_3.0.3_1","appID":"MacCleaner-200702","dateAdded":"201030","deceptorType":"MacOS App","name":"iMyMac Mac Cleaner","company":"iMyMac Technology Limited","version":"3.0.3","sigName":"Deceptor:MacOS/iMyMacMacCleaner!004084","lastKnownStatus":"3.0.0;3.0.1;3.0.3;3.0.6","lastKnownDate":"201030","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1817},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n","ACR-084":"Disabling the auto-launch of the app does not work even the user un-checked the \"Run at Startup\" in the settings.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy. \nThe app's about page does not contain links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"2ae4f0651bd7fcc8e42052e6c31ac92b","hashSHA1":"702d7e94be424ad6ae6a259b40c82cce052d76b6","hashSHA256":"39c0ce8df093d6139f180e5f08a850157bf4914fbe0aabcceef1a8c2299d81bf","sourceIndex":"2136","avBlockList":["Avast Security for Mac (20210309)","Avira Security for Mac (20210309)","Bitdefender Antivirus for Mac (20210309)","ESET Cyber Security Pro for Mac (20210309)","G DATA AntiVirus for Mac (20210309)","K7 Antivirus for Mac (20210309)","McAfee Internet Security for Mac (20210309)","Norton Security for Mac (20210309)","Sophos Home Premium For Mac (20210309)","Trend Micro Antivirus for Mac (20210309)"],"avAllowList":["Kaspersky Internet Security for Mac (20210309)"]},{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"9346ad187221ab739ef3a250b46bb687","hashSHA1":"ceb183440a3355ce048391e7936c51c7cd2c6090","hashSHA256":"3eb45836902ed0c160d663f233687a3cbcc702f8654a45f50a77eb022e79f503","sourceIndex":"2136","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"Macos Junk File Cleaner\"","reference":"","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://www.imymac.com/download/imymac-mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-mac-cleaner.dmg","sourceIndex":"2136"}],"sampleFiles":["200810/MacCleaner-200702/3.0.1/Samples/imymac-mac-cleaner.dmg","200810/MacCleaner-200702/3.0.1/Samples/Mac Cleaner"],"imageFiles":["200810/MacCleaner-200702/3.0.1/Images/ACR-004/iMyMac_MacCleaner_Interactions [1].png","200810/MacCleaner-200702/3.0.1/Images/ACR-004/iMyMac_MacCleaner_Interactions [3] ScanResults.png","200810/MacCleaner-200702/3.0.1/Images/ACR-004/iMyMac_MacCleaner_Interactions [4] Activation.png","200810/MacCleaner-200702/3.0.1/Images/ACR-004/iMyMac_MacCleaner_OfferPage [1].png","200810/MacCleaner-200702/3.0.1/Images/ACR-004/iMyMac_MacCleaner_OfferPage [2].png","200810/MacCleaner-200702/3.0.1/Images/ACR-004/iMyMac_MacCleaner_OfferPage [3].png","200810/MacCleaner-200702/3.0.1/Images/ACR-004/iMyMac_MacCleaner_OfferPage [4].png","200810/MacCleaner-200702/3.0.1/Images/ACR-084/iMyMac_MacCleaner_AutoLogin [4] KnockKnockLog.png","200810/MacCleaner-200702/3.0.1/Images/ACR-084/iMyMac_MacCleaner_AutoLogin [6] Settings.png"],"nonDeceptorImageFiles":["200810/MacCleaner-200702/3.0.1/Images/ACR-065/iMyMac_MacCleaner_Install [1].png","200810/MacCleaner-200702/3.0.1/Images/ACR-065/iMyMac_MacCleaner_About [1].png","200810/MacCleaner-200702/3.0.1/Images/ACR-065/iMyMac_MacCleaner_About [2].png","200810/MacCleaner-200702/3.0.1/Images/ACR-099/iMyMac_MacCleaner_About [1].png","200810/MacCleaner-200702/3.0.1/Images/ACR-099/iMyMac_MacCleaner_About [2].png","200810/MacCleaner-200702/3.0.1/Images/ACR-045/iMyMac_MacCleaner_LandingPage [1].png","200810/MacCleaner-200702/3.0.1/Images/ACR-045/iMyMac_MacCleaner_LandingPage [2].png","200810/MacCleaner-200702/3.0.1/Images/ACR-099/iMyMac_MacCleaner_LandingPage [4].png","200810/MacCleaner-200702/3.0.1/Images/ACR-161/iMyMac_MacCleaner_LandingPage [3] Testimonials.png","200810/MacCleaner-200702/3.0.1/Images/ACR-099/iMyMac_MacCleaner_OfferPage [5].png"],"guid":"c1a50df7-82fa-494c-a0a0-bc8481ed2004_3.0.1_1","appID":"MacCleaner-200702","dateAdded":"201030","deceptorType":"MacOS App","name":"iMyMac Mac Cleaner","company":"iMyMac Technology Limited","version":"3.0.1","sigName":"Deceptor:MacOS/iMyMacCleaner!004","lastKnownStatus":"3.0.0;3.0.1;3.0.3;3.0.6","lastKnownDate":"201030","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1818},{"violations":{"ACR-004":"The app only fixes 500MB of \"junk\" from the free scans and then it requires the user to pay to continue fixing free scan results.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy. \nThe app's about page does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"e541436549dbe0ad65868c87ed1741d5","hashSHA1":"ff340d8ca1094a820df65a697740018c3338b0f0","hashSHA256":"5a7c83b530add999b8c77c68d01c33eddeb7495f82dbce07750e83d138ba63db","sourceIndex":"2394","avBlockList":["Avast Security for Mac (20201110)","Avira Security for Mac (20201110)","ESET Cyber Security Pro for Mac (20201110)","K7 Antivirus for Mac (20201110)","Norton Security for Mac (20201110)","Sophos Home Premium For Mac (20201110)","Trend Micro Antivirus for Mac (20201110)"],"avAllowList":["Bitdefender Antivirus for Mac (20201110)","G DATA AntiVirus for Mac (20201110)","Kaspersky Internet Security for Mac (20201110)","McAfee Internet Security for Mac (20201110)"]},{"isRevoked":"False","fileName":"Mac Cleaner","fileVersion":"0.","hashMD5":"e1099b9f6f8592a5e5b2e2e12e5243af","hashSHA1":"89ff9dd9d9dbc8b398549d189874013a82c5e7a0","hashSHA256":"f66f36e802154b6d7a1aa04d3fcffe13160968eda24234d8c8472d8e7bda14f0","sourceIndex":"2394","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"Mac Cleaner\"","reference":"","landingPage":"https://www.imymac.com/mac-cleaner/","directDownloadingLink":"https://www.imymac.com/download/imymac-mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-mac-cleaner.dmg","sourceIndex":"2394"}],"sampleFiles":["200702/MacCleaner-200702/3.0.0/Samples/imymac-mac-cleaner.dmg","200702/MacCleaner-200702/3.0.0/Samples/Mac Cleaner"],"imageFiles":["200702/MacCleaner-200702/3.0.0/Images/ACR-004/imymac-mac-cleaner_Interaction [1].png","200702/MacCleaner-200702/3.0.0/Images/ACR-004/imymac-mac-cleaner_OfferPage [1].png","200702/MacCleaner-200702/3.0.0/Images/ACR-004/imymac-mac-cleaner_OfferPage [3].png"],"nonDeceptorImageFiles":["200702/MacCleaner-200702/3.0.0/Images/ACR-065/imymac-mac-cleaner_Install [1].png","200702/MacCleaner-200702/3.0.0/Images/ACR-065/imymac-mac-cleaner_About [1].png","200702/MacCleaner-200702/3.0.0/Images/ACR-099/imymac-mac-cleaner_About [1].png","200702/MacCleaner-200702/3.0.0/Images/ACR-045/imymac-mac-cleaner_LandingPage [1].png","200702/MacCleaner-200702/3.0.0/Images/ACR-045/imymac-mac-cleaner_LandingPage [2].png","200702/MacCleaner-200702/3.0.0/Images/ACR-099/imymac-mac-cleaner_LandingPage [1].png","200702/MacCleaner-200702/3.0.0/Images/ACR-099/imymac-mac-cleaner_LandingPage [2].png","200702/MacCleaner-200702/3.0.0/Images/ACR-099/imymac-mac-cleaner_OfferPage [1].png","200702/MacCleaner-200702/3.0.0/Images/ACR-099/imymac-mac-cleaner_OfferPage [2].png","200702/MacCleaner-200702/3.0.0/Images/ACR-099/imymac-mac-cleaner_OfferPage [3].png"],"guid":"c1a50df7-82fa-494c-a0a0-bc8481ed2004_3.0.0_1","appID":"MacCleaner-200702","dateAdded":"201030","deceptorType":"MacOS App","name":"iMyMac Mac Cleaner","company":"iMyMac Technology Limited","version":"3.0.0","lastKnownStatus":"3.0.0;3.0.1;3.0.3;3.0.6","lastKnownDate":"201030","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-30T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":4,"sortOrder":1819},{"violations":{"ACR-109":"The app installs Falco Freeware Website shortcut links without user consent.\nThe app downloads RelevantKnowledge files and run \"rkverify.exe\" without disclosing to user and user's agree to download and run.\n\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"The app does not provide Digital signatures for the main executable and/or installs\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"FalcoAutoShutdown.exe","fileVersion":"1.0","hashMD5":"4acabe74dbc55c171ba6028017c90528","hashSHA1":"cc7f9c9f27252699186100c50a8e2de39a8d66e4","hashSHA256":"435ce280f18de6ab00afb1f41196a306bc5049ea0daeb8bb6fc3368499d9132c","sourceIndex":"2066","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FalcoAutoShutdownSetup.exe","isInstaller":"True","companyName":"FalcoWare, Inc.                                             ","fileVersion":"0.0","hashMD5":"9aed7c9d9041395ce9a12b2b9de3e6b5","hashSHA1":"a42d8f90e75bf9df9f0280f215b13afb2eee6c4b","hashSHA256":"d1962e506395abd95b63d2411c18e9efbaf84d12975c1b42e5502befbdf56881","sourceIndex":"2066","avBlockList":["360 Total Security (20201229)","Avast Premium Security (20201229)","AVG Internet Security (20201229)","Avira Internet Security (20201229)","Bitdefender Internet Security (20201229)","COMODO Antivirus (20201229)","Dr.Web Security Space (20201229)","ESET Internet Security (20201229)","G DATA INTERNET SECURITY (20201229)","K7 Total Security (20201229)","Kaspersky Internet Security (20201229)","Malwarebytes Premium (20201229)","McAfee Total Protection (20201229)","Norton Security (20201229)","Panda Dome (20201229)","Quick Heal Internet Security (20201229)","Sophos Home Premium (20201229)","SpyHunter5 (20201229)","Tencent PC Manager (20201229)","Total AV Antivirus Pro (20201229)","Trend Micro Internet Security (20201229)","VIPRE Advanced Security (20201229)","VirIT eXplorer PRO (20201229)","Webroot SecureAnywhere (20201229)","Windows Defender (20201229)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SoftOrbitsCleaner.exe","companyName":"BMCleaner","fileVersion":"1.0","hashMD5":"ee3435417e832b26a935066f7cf33d39","hashSHA1":"54ccb9dba5d1e38dd03897110b1fb8b2d633431b","hashSHA256":"ab8de45919e31d4538779f420b6f98a166c9696904ff7d3c351c942cbb4e31ed","digitalCertThumbprint":"4DAEAB84609181843E5697070B1557812524D11C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SoftOrbits, O=SoftOrbits, L=Smolensk, C=RU","sourceIndex":"2066","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SoftOrbitsCleanerSetup.exe","isInstaller":"True","companyName":"Falco Software, Inc.                                        ","fileVersion":"0.0","hashMD5":"626ea466058b8d8a54152cc9bd1eb54c","hashSHA1":"42d8f5bfaf2b180025233e7ac4578c726eb08fa0","hashSHA256":"b3ad73b8e4555a1fcbfc17ef0034b739b70d39a105c522c6516a71caf102e451","sourceIndex":"2066","avBlockList":["360 Total Security (20201229)","Avast Premium Security (20201229)","AVG Internet Security (20201229)","Avira Internet Security (20201229)","Bitdefender Internet Security (20201229)","COMODO Antivirus (20201229)","Dr.Web Security Space (20201229)","ESET Internet Security (20201229)","G DATA INTERNET SECURITY (20201229)","K7 Total Security (20201229)","Kaspersky Internet Security (20201229)","Malwarebytes Premium (20201229)","McAfee Total Protection (20201229)","Norton Security (20201229)","Panda Dome (20201229)","Quick Heal Internet Security (20201229)","Sophos Home Premium (20201229)","SpyHunter5 (20201229)","Tencent PC Manager (20201229)","Total AV Antivirus Pro (20201229)","Trend Micro Internet Security (20201229)","VIPRE Advanced Security (20201229)","VirIT eXplorer PRO (20201229)","Webroot SecureAnywhere (20201229)","Windows Defender (20201229)"],"avAllowList":[]},{"isRevoked":"False","fileName":"AdsBlockerSetup.exe","isInstaller":"True","companyName":"FalcoWare, Inc.                                             ","fileVersion":"0.0","hashMD5":"326a77dcf1bba041b6d622314621b85e","hashSHA1":"67aa798b059f99ed87b9cc9867ce4b0901d7fbe4","hashSHA256":"b563753b145992cd944d209ac115166008db20781550bec1116d92b33d8f0aa0","sourceIndex":"2066","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":["Trend Micro Internet Security (20210429)"]},{"isRevoked":"False","fileName":"PingMasterSetup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"871333dc17e183dff34a886f7f1c7c74","hashSHA1":"03bee829e4960605b2037f090804bbb8a4922094","hashSHA256":"2e88b038e3be4659177d861678fc4026bdc04085eba2c851b70a8e3426aef2fb","sourceIndex":"2066","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","Trend Micro Internet Security (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeDownloaderSetup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"4b8375f19a87ed83d8895131b5277934","hashSHA1":"6a1c9749393996b7d1746c6a58a216579530399f","hashSHA256":"b9d56c2d3109ccdf23ba87a19b4af10fa6fff01696052e89cce1579010ee757f","sourceIndex":"2066","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":["Trend Micro Internet Security (20210429)"]},{"isRevoked":"False","fileName":"FreeYouTubeToMP3Setup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"139a9f67e735cf588db14899e36be985","hashSHA1":"77456eb656080bb80e4b6ed301db65060caaa08e","hashSHA256":"e6c49baf5d4b9644a5f9dd799dbc0d43023f305f261d67d8bbffa35c6587607b","sourceIndex":"2066","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":["G DATA INTERNET SECURITY (20210429)","Trend Micro Internet Security (20210429)"]},{"isRevoked":"False","fileName":"VideoToMp3ConverterSetup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"e286ad7f42bcb0cf8795fafb85bb5620","hashSHA1":"246d2f8a2207984209b70cfe00b2c514ca75c48a","hashSHA256":"791af26058d3ff47227de4e21cd9a91cd66138df42348eb89452ea5495c2d6db","sourceIndex":"2066","avBlockList":["360 Total Security (20201229)","Avast Premium Security (20201229)","AVG Internet Security (20201229)","Avira Internet Security (20201229)","Bitdefender Internet Security (20201229)","COMODO Antivirus (20201229)","Dr.Web Security Space (20201229)","ESET Internet Security (20201229)","G DATA INTERNET SECURITY (20201229)","K7 Total Security (20201229)","Kaspersky Internet Security (20201229)","Malwarebytes Premium (20201229)","McAfee Total Protection (20201229)","Norton Security (20201229)","Panda Dome (20201229)","Quick Heal Internet Security (20201229)","Sophos Home Premium (20201229)","SpyHunter5 (20201229)","Tencent PC Manager (20201229)","Total AV Antivirus Pro (20201229)","Trend Micro Internet Security (20201229)","VIPRE Advanced Security (20201229)","VirIT eXplorer PRO (20201229)","Webroot SecureAnywhere (20201229)","Windows Defender (20201229)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://falcoware.com/index.php","landingPage":"http://falcoware.com/download_tools.php","directDownloadingLink":"http://falcoware.com/download_tools.php","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"http://falcoware.com/download_tools.php","sourceIndex":"2066"}],"sampleFiles":["201028/FalcoWareBundler-201028/1.0/Samples/FalcoAutoShutdownSetup.exe","201028/FalcoWareBundler-201028/1.0/Samples/SoftOrbitsCleanerSetup.exe","201028/FalcoWareBundler-201028/1.0/Samples/AdsBlockerSetup.exe","201028/FalcoWareBundler-201028/1.0/Samples/PingMasterSetup.exe","201028/FalcoWareBundler-201028/1.0/Samples/FreeYouTubeDownloaderSetup.exe","201028/FalcoWareBundler-201028/1.0/Samples/FreeYouTubeToMP3Setup.exe","201028/FalcoWareBundler-201028/1.0/Samples/VideoToMp3ConverterSetup.exe"],"imageFiles":["201028/FalcoWareBundler-201028/1.0/Images/ACR-109/FalcoAutoShutdown_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/FalcoAutoShutdown_Free Game Shortcut [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/SoftOrbitsCleaner_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/SoftOrbitsCleaner_Free Game Shortcut [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/AdsBlocker_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/AdsBlocker_Game Shortcuts[1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/PingMaster_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/PingMaster_Free Game Shortcut  [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/FreeYouTubeDownloader_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/FreeYouTubeDownloader_Free Game Shortcut [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/FreeYouTubeToMP3_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/FreeYouTubeToMP3_Free Game Shortcut [1] .png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/VideoToMp3Converter_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-109/VideoToMp3Converter_Free Game Shortcut [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-048/FalcoAutoShutdown_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-048/AdsBlocker_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-048/FreeYouTubeDownloader_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-048/FreeYouTubeToMP3_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-048/PingMaster_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-048/SoftOrbitsCleaner_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-048/VideoToMp3Converter_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-059/AdsBlocker_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-059/FalcoAutoShutdown_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-059/FreeYouTubeDownloader_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-059/FreeYouTubeToMP3_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-059/PingMaster_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-059/SoftOrbitsCleaner_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-059/VideoToMp3Converter_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-155/AdsBlocker_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-155/FalcoAutoShutdown_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-155/FreeYouTubeDownloader_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-155/FreeYouTubeToMP3_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-155/PingMaster_Installs [2] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-155/SoftOrbitsCleaner_Installs [3] RelevantKnowledge.png","201028/FalcoWareBundler-201028/1.0/Images/ACR-155/VideoToMp3Converter_Installs [2] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201028/FalcoWareBundler-201028/1.0/Images/ACR-038/FalcoAutoShutdown_FileProperty [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-038/AdsBlocker_FileProperty [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-038/FreeYouTubeDownloader_FileProperty [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-038/FreeYouTubeToMP3_FileProperty [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-038/PingMaster_FileProperty [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-038/SoftOrbitsCleaner_FIleProperty [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-038/VideoToMp3Converter_FileProperty [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FalcoAutoShutdown_Installs [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/AdsBlocker_Installs [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FreeYouTubeDownloader_Installs [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FreeYouTubeToMP3_Installs [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/PingMaster_Installs [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/SoftOrbitsCleaner_Installs [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/VideoToMp3Converter_Installs [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/FalcoAutoShutdown_FileProperty [3].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/FalcoAutoShutdown_FileProperty [4].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/AdsBlocker_FileProperty [3].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/AdsBlocker_FileProperty [4].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/FreeYouTubeDownloader_FileProperty [3].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/FreeYouTubeDownloader_FileProperty [4].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/FreeYouTubeToMP3_FileProperty [3].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/FreeYouTubeToMP3_FileProperty [4].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/PingMaster_FileProperty [3].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/PingMaster_FileProperty [4].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/SoftOrbitsCleaner_FIleProperty [2].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/VideoToMp3Converter_FileProperty [3].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-092/VideoToMp3Converter_FileProperty [4].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FalcoAutoShutdown_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/AdsBlocker_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FreeYouTubeDownloader_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FreeYouTubeToMP3_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/PingMaster_About [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/SoftOrbitsCleaner_About [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/VideoToMp3Converter_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/FalcoAutoShutdown_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/AdsBlocker_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/FreeYouTubeDownloader_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/FreeYouTubeToMP3_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/PingMaster_About [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/SoftOrbitsCleaner_About [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/VideoToMp3Converter_Interactions [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FalcoWare_LandingPage [1].jpg","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/AdsBlocker_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FalcoAutoShutdown_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FreeYouTubeDownloader_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/PingMaster_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/SoftOrbitsCleaner_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/VideoToMp3Converter_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-065/FreeYouTubeToMP3_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/FalcoWare_LandingPage [1].jpg","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/AdsBlocker_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/FalcoAutoShutdown_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/FreeYouTubeDownloader_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/FreeYouTubeToMP3_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/PingMaster_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/SoftOrbitsCleaner_LandingPage [1].png","201028/FalcoWareBundler-201028/1.0/Images/ACR-099/VideoToMp3Converter_LandingPage [1].png"],"guid":"a7b91dfa-970d-4ac2-969b-03c2af79aba0_1.0_1","appID":"FalcoWareBundler-201028","dateAdded":"201028","deceptorType":"Bundler","name":"FalcoWare Bundler","company":"Falco Software","version":"1.0","sigName":"Deceptor:Win32/FalcoWareBundler!109048059155","lastKnownStatus":"1.0","lastKnownDate":"201028","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-10-29T21:32:54.5091673+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1820},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-167":"Return and cancelation policy is restrictive and offers unnecessary friction, going so far as to advise the customer to order a chargeback order if they are unsatisfied with their policy\n"},"samples":[{"isRevoked":"False","fileName":"iMyFone Umate Mac Cleaner","fileVersion":"0.","hashMD5":"9e64734e6c64489971c66367a0ff8635","hashSHA1":"192a16548f5de1673671528f24da6303e8ba7188","hashSHA256":"8f8b5c05a472c5b6ac0ce4f2602aec6759f0ba265add2b8e4b9eef32cbcd4dd3","sourceIndex":"2124","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"imyfone-umate-mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d2f068be09cc0bf725582b4a812582fe","hashSHA1":"3e2185188ecd50435b8311c6e82f046929f30aa5","hashSHA256":"141d3880fad4769b37b2db8a7328904eb68a51ad43604314a732a445bf539481","sourceIndex":"2124","avBlockList":["Avast Security for Mac (20201013)","Avira Security for Mac (20201013)","Bitdefender Antivirus for Mac (20201013)","ESET Cyber Security Pro for Mac (20201013)","G DATA AntiVirus for Mac (20201013)","K7 Antivirus for Mac (20201013)","McAfee Internet Security for Mac (20201013)","Norton Security for Mac (20201013)","Sophos Home Premium For Mac (20201013)","Trend Micro Antivirus for Mac (20201013)"],"avAllowList":["Kaspersky Internet Security for Mac (20201013)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"Mac Speed up\"","reference":"https://www.imyfone.com","landingPage":"https://www.imyfone.com/umate-mac-cleaner/","directDownloadingLink":"https://download.imyfone.com/imyfone-umate-mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imyfone.com/imyfone-umate-mac-cleaner.dmg","sourceIndex":"2124"}],"sampleFiles":["200825/iMyFoneUmateMacCleaner-200402/3.1.1/Samples/iMyFone Umate Mac Cleaner","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Samples/imyfone-umate-mac-cleaner.dmg"],"imageFiles":["200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-004/iMyFone Umate Mac Cleaner_Interaction [1].png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-004/iMyFone Umate Mac Cleaner_Interaction [2] Scanning.png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-004/iMyFone Umate Mac Cleaner_Interaction [3] ScanResults.png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-004/iMyFone Umate Mac Cleaner_Interaction [4] Register.png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-004/iMyFone Umate Mac Cleaner_Interaction [5] Register.png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-004/iMyFone Umate Mac Cleaner_OfferPage [4].png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-004/iMyFone Umate Mac Cleaner_OfferPage [5].png"],"nonDeceptorImageFiles":["200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-045/iMyFone Umate Mac Cleaner_LandingPage [3] Download.png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-065/iMyFone Umate Mac Cleaner_About [1].png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-065/iMyFone Umate Mac Cleaner_About [2].png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-167/iMyFone Umate Mac Cleaner_LandingPage [4] RefundPolicy.png","200825/iMyFoneUmateMacCleaner-200402/3.1.1/Images/ACR-161/iMyFone Umate Mac Cleaner_LandingPage [2] Testimonial.png"],"guid":"61691c05-b24e-42f2-b0d1-7f3c4218d695_3.1.1_1","appID":"iMyFoneUmateMacCleaner-200402","dateAdded":"201026","deceptorType":"MacOS App","name":"iMyFone Umate Mac Cleaner ","company":"iMyFone Technology Co. Ltd","version":"3.1.1","sigName":"Deceptor:MacOS/iMyFoneUmateMacCleaner!004","lastKnownStatus":"3.1.0;3.1.1;3.1.2","lastKnownDate":"201026","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases,paid","lastUpdate":"2020-10-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1822},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix,  requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app does not disclose EULA, Privacy policy and Refund policy in the software. \nThe landing page does not display links to the EULA.\n","ACR-167":"Return and cancelation policy is restrictive and offers unnecessary friction, going so far as to advise the customer to order a chargeback order if they are unsatisfied with their policy\n"},"samples":[{"isRevoked":"False","fileName":"imyfone-umate-mac-cleaner.dmg","isInstaller":"True","companyName":"","productName":"","productVersion":"","fileVersion":"3.1.0","hashMD5":"d279caa027945524b8c07b634460c1c8","hashSHA1":"dfa8bbfe22ae4df853bff2b23922cdea87d6d6b9","hashSHA256":"c2af172914a465d367ef19cc40e1b354fd593493535fd4101e14f217b8a636bc","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","uriToBlock":"","sourceIndex":"2511","avBlockList":["Avast Security for Mac (20200516)","Avira Security for Mac (20200516)","ESET Cyber Security Pro for Mac (20200516)","K7 Antivirus for Mac (20200516)","McAfee Internet Security for Mac (20200516)","Norton Security for Mac (20200516)","Sophos Home Premium For Mac (20200516)"],"avAllowList":["Bitdefender Antivirus for Mac (20200516)","G DATA AntiVirus for Mac (20200516)","Kaspersky Internet Security for Mac (20200516)","Trend Micro Antivirus for Mac (20200516)"]},{"isRevoked":"False","fileName":"iMyFone Umate Mac Cleaner","companyName":"","productName":"","productVersion":"","fileVersion":"3.1.0","hashMD5":"98aaf389f6a8ea5821a7ecd4f97b6381","hashSHA1":"sha1:   0ec1647a43976f3d101ae0dc998d0141b60348aa","hashSHA256":"2d6a97be72fe10d082dc16999e0fe5a22a892feb07601c91f3e4f15cf5386058","digitalCertThumbprint":"","digitalCertIssuer":"","digitalCertIssuedTo":"","storeId":"","uriToBlock":"","sourceIndex":"2511","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"Mac Speed up\"","reference":"https://www.imyfone.com","landingPage":"https://www.imyfone.com","directDownloadingLink":"https://download.imyfone.com/imyfone-umate-mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imyfone.com/imyfone-umate-mac-cleaner.dmg","sourceIndex":"2511"}],"sampleFiles":["200402/iMyFoneUmateMacCleaner-200402/3.1.0/Samples/imyfone-umate-mac-cleaner.dmg","200402/iMyFoneUmateMacCleaner-200402/3.1.0/Samples/iMyFone Umate Mac Cleaner"],"imageFiles":["200402/iMyFoneUmateMacCleaner-200402/3.1.0/Images/ACR-004/iMyFone_Scanning [1].png","200402/iMyFoneUmateMacCleaner-200402/3.1.0/Images/ACR-004/iMyFone_Scanning [2].png","200402/iMyFoneUmateMacCleaner-200402/3.1.0/Images/ACR-004/iMyFone_Scanning [3] purchase.png","200402/iMyFoneUmateMacCleaner-200402/3.1.0/Images/ACR-004/iMyFone_Scanning [4] purchase.png"],"nonDeceptorImageFiles":["200402/iMyFoneUmateMacCleaner-200402/3.1.0/Images/ACR-045/iMyFone_LandingPage [2].png","200402/iMyFoneUmateMacCleaner-200402/3.1.0/Images/ACR-065/iMyFone_Installation [1].png","200402/iMyFoneUmateMacCleaner-200402/3.1.0/Images/ACR-065/iMyFone_Support.png","200402/iMyFoneUmateMacCleaner-200402/3.1.0/Images/ACR-167/iMyFone_Refund [1].png"],"guid":"61691c05-b24e-42f2-b0d1-7f3c4218d695_3.1.0_1","appID":"iMyFoneUmateMacCleaner-200402","dateAdded":"201026","deceptorType":"MacOS App","name":"iMyFone Umate Mac Cleaner ","company":"iMyFone Technology Co. Ltd","version":"3.1.0","sigName":"Deceptor:MacOS/iMyFoneUmateMacCleaner!004","lastKnownStatus":"3.1.0;3.1.1;3.1.2","lastKnownDate":"201026","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases,paid","lastUpdate":"2020-10-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1823},{"violations":{"ACR-004":"App does not provide free fixes for the scan results that can't be permanently fixed. It uses issues identified during free scanning to upsell user the fix, requiring user to purchase subscription service to fix all results identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" and \"Try it Free\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe install does not display links to the EULA or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real. \n","ACR-167":"Return and cancelation policy is restrictive and offers unnecessary friction, going so far as to advise the customer to order a chargeback order if they are unsatisfied with their policy\n"},"samples":[{"isRevoked":"False","fileName":"imyfone-umate-mac-cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"5d346c292173e8946e9ea896207d0952","hashSHA1":"428916d4a1687fde397c81c516d851946ed0f03f","hashSHA256":"d0836e0aed745fc444b54dbd40728d6e9f30b47c49e742fc45f65881d7185676","sourceIndex":"2068","avBlockList":["Avast Security for Mac (20210309)","Avira Security for Mac (20210309)","ESET Cyber Security Pro for Mac (20210309)","K7 Antivirus for Mac (20210309)","McAfee Internet Security for Mac (20210309)","Norton Security for Mac (20210309)","Sophos Home Premium For Mac (20210309)","Trend Micro Antivirus for Mac (20210309)"],"avAllowList":["Bitdefender Antivirus for Mac (20210309)","G DATA AntiVirus for Mac (20210309)","Kaspersky Internet Security for Mac (20210309)"]},{"isRevoked":"False","fileName":"iMyFone Umate Mac Cleaner","fileVersion":"0.","hashMD5":"e6d4a569b9e655d6ae50d96b51a5a482","hashSHA1":"a372fc1d161cbfdab28740a961136581d3caf9f6","hashSHA256":"b50e9095f10fd29a3587eae6154c5767b5ed64f18f2bd9883fc3c2d4b79338f7","sourceIndex":"2068","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"Mac Speed up\"","reference":"https://www.imyfone.com","landingPage":"https://www.imyfone.com","directDownloadingLink":"https://download.imyfone.com/imyfone-umate-mac-cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.imyfone.com/imyfone-umate-mac-cleaner.dmg","sourceIndex":"2068"}],"sampleFiles":["201026/iMyFoneUmateMacCleaner-200402/3.1.2/Samples/imyfone-umate-mac-cleaner.dmg","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Samples/iMyFone Umate Mac Cleaner"],"imageFiles":["201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-004/iMyFone Umate Mac Cleaner_Interactions [1].png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-004/iMyFone Umate Mac Cleaner_Interactions [2] Scanning.png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-004/iMyFone Umate Mac Cleaner_Interactions [2] ScanResults.png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-004/iMyFone Umate Mac Cleaner_Interactions [3] Register.png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-004/iMyFone Umate Mac Cleaner_Interactions [10] Unlock All Features.png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-004/iMyFone Umate Mac Cleaner_OfferPage [3].png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-004/iMyFone Umate Mac Cleaner_OfferPage [4].png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-004/iMyFone Umate Mac Cleaner_OfferPage [6].png"],"nonDeceptorImageFiles":["201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-045/iMyFone Umate Mac Cleaner_LandingPage [1].png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-045/iMyFone Umate Mac Cleaner_OfferPage [1] .png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-065/iMyFone Umate Mac Cleaner_About [1].png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-065/iMyFone Umate Mac Cleaner_Installs [1].png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-167/iMyFone Umate Mac Cleaner_LandingPage [6] Refund.png","201026/iMyFoneUmateMacCleaner-200402/3.1.2/Images/ACR-161/iMyFone Umate Mac Cleaner_LandingPage [3] Reviews.png"],"guid":"61691c05-b24e-42f2-b0d1-7f3c4218d695_3.1.2_1","appID":"iMyFoneUmateMacCleaner-200402","dateAdded":"201026","deceptorType":"MacOS App","name":"iMyFone Umate Mac Cleaner ","company":"iMyFone Technology Co. Ltd","version":"3.1.2","sigName":"Deceptor:MacOS/iMyFoneUmateMacCleaner!004","lastKnownStatus":"3.1.0;3.1.1;3.1.2","lastKnownDate":"201026","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases,paid","lastUpdate":"2020-10-26T23:01:35.9471982+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1821},{"violations":{"ACR-048":"The install does not have the close or cancel buttons, which limits the consumer's ability to stop after the initial launch \n","ACR-006":"The offered alternative search engine is not disclosed and attributed clearly. \n","ACR-118":"There are some executable files were left behind even after app shows uninstall completed.\n","ACR-059":"The Offer is not clearly marked as an offer and who is recommending the offer is not clear.\n","ACR-155":"Offer is designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service,  Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \n"},"samples":[{"isRevoked":"False","fileName":"pdfmighty_.exe","isInstaller":"True","fileVersion":"1.1","hashMD5":"741059c98c5302fba413a4bf34b13127","hashSHA1":"c980fd8c70699de44ad6b72a6b5c3d5617bc4dae","hashSHA256":"0abc91ea1ea3ee7552f69019fd1fc66818b930d275b8a4ac736b3c2cdfa0a721","digitalCertThumbprint":"1BFA357E7B295F08279FD359A446E5948547B2E8","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=s2nmedialtd@gmail.com, CN=S2N Media Ltd, O=S2N Media Ltd, STREET=10 Kehilat venecia, L=Tel Aviv, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516231552, OID.2.5.4.15=Private Organization","sourceIndex":"367","avBlockList":["360 Total Security (20201231)","Avast Premium Security (20201231)","AVG Internet Security (20201231)","Avira Internet Security (20201231)","Bitdefender Internet Security (20201231)","COMODO Antivirus (20201231)","Dr.Web Security Space (20201231)","ESET Internet Security (20201231)","G DATA INTERNET SECURITY (20201231)","K7 Total Security (20201231)","Kaspersky Internet Security (20201231)","Malwarebytes Premium (20201231)","McAfee Total Protection (20201231)","Norton Security (20201231)","Panda Dome (20201231)","Quick Heal Internet Security (20201231)","Sophos Home Premium (20201231)","SpyHunter5 (20201231)","Tencent PC Manager (20201231)","Total AV Antivirus Pro (20201231)","Trend Micro Internet Security (20201231)","VIPRE Advanced Security (20201231)","VirIT eXplorer PRO (20201231)","Webroot SecureAnywhere (20201231)","Windows Defender (20201231)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PDFMighty.exe","fileVersion":"1.1","hashMD5":"d3992da997c1367e2b4eb361ac68681e","hashSHA1":"cec0976a6d5b7bd1c57141fcb07cd06ab2575521","hashSHA256":"1dc569750b94d3800a00e8cb825e2c2bcc88ce3f4243ca94354f60553ff80cd8","digitalCertThumbprint":"1BFA357E7B295F08279FD359A446E5948547B2E8","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=s2nmedialtd@gmail.com, CN=S2N Media Ltd, O=S2N Media Ltd, STREET=10 Kehilat venecia, L=Tel Aviv, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516231552, OID.2.5.4.15=Private Organization","sourceIndex":"367","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.pdfmighty.com","landingPage":"https://www.pdfmighty.com","directDownloadingLink":"https://downloadpdfmighty.com/download/1600331099414595/pdfmighty.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloadpdfmighty.com/download/1600331099414595/pdfmighty.exe","sourceIndex":"367"}],"sampleFiles":["201022/PDFMighty-201022/1.1.9.0/Samples/pdfmighty_.exe","201022/PDFMighty-201022/1.1.9.0/Samples/PDFMighty.exe"],"imageFiles":["201022/PDFMighty-201022/1.1.9.0/Images/ACR-048/PDFMighty_Installs [3].png","201022/PDFMighty-201022/1.1.9.0/Images/ACR-006/PDFMighty_Installs [2] Searchmighty.png","201022/PDFMighty-201022/1.1.9.0/Images/ACR-118/PDFMighty_Uninstalling [2] RetainedFiles.png","201022/PDFMighty-201022/1.1.9.0/Images/ACR-059/PDFMighty_Installs [2] Searchmighty.png","201022/PDFMighty-201022/1.1.9.0/Images/ACR-155/PDFMighty_Installs [2] Searchmighty.png"],"nonDeceptorImageFiles":["201022/PDFMighty-201022/1.1.9.0/Images/ACR-065/PDFMighty_Installs [1].png","201022/PDFMighty-201022/1.1.9.0/Images/ACR-065/PDFMighty_Interactions [1].png","201022/PDFMighty-201022/1.1.9.0/Images/ACR-099/PDFMighty_Interactions [1].png"],"guid":"ab077924-9d9d-4125-acd3-2f966f0275b9_1.1.9.0_1","appID":"PDFMighty-201022","dateAdded":"201022","deceptorType":"App","name":"PDF Mighty ","company":"S2N Media Ltd","version":"1.1.9.0","sigName":"Deceptor:Win32/PDFMighty!048006118059155","lastKnownStatus":"1.1.9.0","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-11-12T22:50:50.201329+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1825},{"violations":{"ACR-048":"The install does not have the close or cancel buttons, which limits the consumer's ability to stop after the initial launch \n","ACR-006":"The offered alternative search engine is not disclosed and attributed clearly.\n","ACR-118":"There are some executable files were left behind even after app shows uninstall completed.\n","ACR-059":"The Offer is not clearly marked as an offer and who is recommending the offer is not clear.\n","ACR-155":"Offer is designed to look like part of the install workflow\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service,  Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \n"},"samples":[{"isRevoked":"False","fileName":"zipconvertace .exe","isInstaller":"True","fileVersion":"1.1","hashMD5":"befae519d4c074971340a770ef194440","hashSHA1":"46bd42b2c31b31aa795e8e3934a630408ac82dd7","hashSHA256":"81619f7207797cb6e7f951010a15f5b89db8909a0bb4975ebb081be6a91b78e1","digitalCertThumbprint":"1BFA357E7B295F08279FD359A446E5948547B2E8","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=s2nmedialtd@gmail.com, CN=S2N Media Ltd, O=S2N Media Ltd, STREET=10 Kehilat venecia, L=Tel Aviv, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516231552, OID.2.5.4.15=Private Organization","sourceIndex":"366","avBlockList":["360 Total Security (20201231)","Avast Premium Security (20201231)","AVG Internet Security (20201231)","Avira Internet Security (20201231)","Bitdefender Internet Security (20201231)","COMODO Antivirus (20201231)","Dr.Web Security Space (20201231)","ESET Internet Security (20201231)","G DATA INTERNET SECURITY (20201231)","K7 Total Security (20201231)","Kaspersky Internet Security (20201231)","Malwarebytes Premium (20201231)","McAfee Total Protection (20201231)","Norton Security (20201231)","Panda Dome (20201231)","Quick Heal Internet Security (20201231)","Sophos Home Premium (20201231)","SpyHunter5 (20201231)","Tencent PC Manager (20201231)","Total AV Antivirus Pro (20201231)","Trend Micro Internet Security (20201231)","VIPRE Advanced Security (20201231)","VirIT eXplorer PRO (20201231)","Webroot SecureAnywhere (20201231)","Windows Defender (20201231)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ZipConvertAce.exe","fileVersion":"1.1","hashMD5":"3c3cef100091240df8cf1f87d9dd0244","hashSHA1":"914af968132ecaea274e48e1c3e7e2259e2e399d","hashSHA256":"a6f1c9e8b1b4250a4bb697a3425a6136cc45a6b110b4b4836895ffc38232fc63","digitalCertThumbprint":"1BFA357E7B295F08279FD359A446E5948547B2E8","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=s2nmedialtd@gmail.com, CN=S2N Media Ltd, O=S2N Media Ltd, STREET=10 Kehilat venecia, L=Tel Aviv, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516231552, OID.2.5.4.15=Private Organization","sourceIndex":"366","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"zipconvertace (1).exe","isInstaller":"True","fileVersion":"1.1","hashMD5":"f5a7f5edfd4751933160fc2376d84735","hashSHA1":"c5fd9d0766148c193cfec8e39f52e4c7ea01b9fe","hashSHA256":"51491743978a2db31f1d4b73e94e9bd41a972b06bcc015c0ce70c816fcad522b","digitalCertThumbprint":"1BFA357E7B295F08279FD359A446E5948547B2E8","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=s2nmedialtd@gmail.com, CN=S2N Media Ltd, O=S2N Media Ltd, STREET=10 Kehilat venecia, L=Tel Aviv, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516231552, OID.2.5.4.15=Private Organization","sourceIndex":"366","avBlockList":["360 Total Security (20201231)","Avast Premium Security (20201231)","AVG Internet Security (20201231)","Avira Internet Security (20201231)","Bitdefender Internet Security (20201231)","COMODO Antivirus (20201231)","Dr.Web Security Space (20201231)","ESET Internet Security (20201231)","G DATA INTERNET SECURITY (20201231)","K7 Total Security (20201231)","Kaspersky Internet Security (20201231)","Malwarebytes Premium (20201231)","McAfee Total Protection (20201231)","Norton Security (20201231)","Panda Dome (20201231)","Quick Heal Internet Security (20201231)","Sophos Home Premium (20201231)","SpyHunter5 (20201231)","Tencent PC Manager (20201231)","Total AV Antivirus Pro (20201231)","Trend Micro Internet Security (20201231)","VIPRE Advanced Security (20201231)","VirIT eXplorer PRO (20201231)","Webroot SecureAnywhere (20201231)","Windows Defender (20201231)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.zipconvertaceapp.com","landingPage":"https://www.zipconvertaceapp.com","directDownloadingLink":"https://downloadzipace.com/download/1591768052710849/zipconvertace.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloadzipace.com/download/1591768052710849/zipconvertace.exe","sourceIndex":"366"}],"sampleFiles":["201022/ZipConvertAce-201022/1.1.9.0/Samples/zipconvertace .exe","201022/ZipConvertAce-201022/1.1.9.0/Samples/ZipConvertAce.exe","201022/ZipConvertAce-201022/1.1.9.0/Samples/zipconvertace (1).exe"],"imageFiles":["201022/ZipConvertAce-201022/1.1.9.0/Images/ACR-048/ZipConvertAce_Installs [3].png","201022/ZipConvertAce-201022/1.1.9.0/Images/ACR-006/TheSearchAce.JPG","201022/ZipConvertAce-201022/1.1.9.0/Images/ACR-118/ZipConvertAce_Uninstalling [2] RetainedFiles.png","201022/ZipConvertAce-201022/1.1.9.0/Images/ACR-059/ZipConvertAce_Installs [2] thesearchace.png","201022/ZipConvertAce-201022/1.1.9.0/Images/ACR-155/ZipConvertAce_Installs [2] thesearchace.png"],"nonDeceptorImageFiles":["201022/ZipConvertAce-201022/1.1.9.0/Images/ACR-065/ZipConvertAce_Installs [1].png","201022/ZipConvertAce-201022/1.1.9.0/Images/ACR-065/ZipConvertAce_Interactions [1].png","201022/ZipConvertAce-201022/1.1.9.0/Images/ACR-099/ZipConvertAce_Interactions [1].png"],"guid":"4c50fcdf-524b-4040-bb66-0a8fea6937e0_1.1.9.0_1","appID":"ZipConvertAce-201022","dateAdded":"201022","deceptorType":"App","name":"Zip Convert Ace","company":"S2N Media Ltd","version":"1.1.9.0","sigName":"Deceptor:Win32/ZipConvertAce!048006118059155","lastKnownStatus":"1.1.9.0","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2024-11-12T22:57:37.9379299+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1824},{"violations":{"ACR-109":" The app downloads RelevantKnowledge files and  run \"rkverify.exe\" without disclosing to user and user's agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCLock.exe","companyName":"Chris P.C. srl","fileVersion":"3.4","hashMD5":"5c6de0d8604fe71f4269231c0e73c940","hashSHA1":"df2fc587d42d9989b24506417d94d46ae66bb14b","hashSHA256":"edeabaeeb2ae88cf2173d8457aebc761a5c984d32c783de0ed27173c5fb6517a","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2071","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chris_pclock_3_70.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"0.0","hashMD5":"ef24ebf7a92bd0e631af341d1b75611f","hashSHA1":"567e587cf62773d10e836bbc6fc94b112808afea","hashSHA256":"082b3db18eaafd34744700783535fa6f07f29b27345ae6abe48973f67769266c","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2071","avBlockList":["360 Total Security (20201231)","Avast Premium Security (20201231)","AVG Internet Security (20201231)","Avira Internet Security (20201231)","Bitdefender Internet Security (20201231)","COMODO Antivirus (20201231)","Dr.Web Security Space (20201231)","ESET Internet Security (20201231)","G DATA INTERNET SECURITY (20201231)","K7 Total Security (20201231)","Kaspersky Internet Security (20201231)","Malwarebytes Premium (20201231)","McAfee Total Protection (20201231)","Norton Security (20201231)","Panda Dome (20201231)","Quick Heal Internet Security (20201231)","Sophos Home Premium (20201231)","SpyHunter5 (20201231)","Tencent PC Manager (20201231)","Total AV Antivirus Pro (20201231)","VIPRE Advanced Security (20201231)","VirIT eXplorer PRO (20201231)","Webroot SecureAnywhere (20201231)","Windows Defender (20201231)"],"avAllowList":["Trend Micro Internet Security (20201231)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.chris-pc.com/index.html","landingPage":"https://pclock.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=5&file=setup_chrispc_lock.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=5&file=setup_chrispc_lock.exe","sourceIndex":"2071"}],"sampleFiles":["201014/ChrisPCLock-201014/3.70/Samples/PCLock.exe","201014/ChrisPCLock-201014/3.70/Samples/setup_chris_pclock_3_70.exe"],"imageFiles":["201014/ChrisPCLock-201014/3.70/Images/ACR-109/ChrisPC-Lock_Installs [4] RelevantKnowledge.png","201014/ChrisPCLock-201014/3.70/Images/ACR-048/ChrisPC-Lock_Installs [4] RelevantKnowledge.png","201014/ChrisPCLock-201014/3.70/Images/ACR-155/ChrisPC-Lock_Installs [3] RelevantKnowledge.png","201014/ChrisPCLock-201014/3.70/Images/ACR-059/ChrisPC-Lock_Installs [3] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201014/ChrisPCLock-201014/3.70/Images/ACR-065/ChrisPC-Lock_Installs [1].png","201014/ChrisPCLock-201014/3.70/Images/ACR-065/ChrisPC-Lock_Installs [2].png","201014/ChrisPCLock-201014/3.70/Images/ACR-065/ChrisPC-Lock_About [1].png","201014/ChrisPCLock-201014/3.70/Images/ACR-099/ChrisPC-Lock_About [1].png","201014/ChrisPCLock-201014/3.70/Images/ACR-065/ChrisPC-Lock_LandingPage [1].png","201014/ChrisPCLock-201014/3.70/Images/ACR-099/ChrisPC-Lock_LandingPage [1].png","201014/ChrisPCLock-201014/3.70/Images/ACR-161/ChrisPC-Lock_LandingPage [2] Testimonial.png","201014/ChrisPCLock-201014/3.70/Images/ACR-065/ChrisPC-Lock_OfferPage [1].png","201014/ChrisPCLock-201014/3.70/Images/ACR-099/ChrisPC-Lock_OfferPage [1].png","201014/ChrisPCLock-201014/3.70/Images/ACR-161/ChrisPC-Lock_OfferPage [2] Testimonial.png"],"guid":"b6f1bde1-1c9e-4d33-be27-b52f9705d8ba_3.70_1","appID":"ChrisPCLock-201014","dateAdded":"201014","deceptorType":"Bundler","name":"ChrisPC-Lock","company":"Chris P.C. srl.","version":"3.70","sigName":"Deceptor:Win32/ChrisPC-Lock!109048155059","lastKnownStatus":"3.70","lastKnownDate":"201014","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2020-10-14T22:15:20.889281+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1826},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and  run \"rkverify.exe\" without disclosing to user and user's agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ChrisPC Proxy.exe","companyName":"Chris P.C. srl","fileVersion":"8.0","hashMD5":"c7c12677e1cbfb60ea366d6a819233c2","hashSHA1":"18d20c7d0f76d6c28522d6b54bb71619df7adcee","hashSHA256":"c2279dff5cd416c8948c5246fc97f7d3fe69dfd428ea042925600d359baa66f5","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1881","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_free_anonymous_proxy_8_30.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"8.3","hashMD5":"29787b82f244e3298ac11fbdded4f2c6","hashSHA1":"ad023d6ba725c7005adbca480bcfde51bc817ee4","hashSHA256":"af7e3453c21206c6af8ca5a2495fbb1e24997ddefa79cd572d63b9ddd58a264f","digitalCertThumbprint":"4A7818A2819B6BA1A430592C742FD458A6507DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=STR. PARIS Nr 19-21 Etaj 2 Apartament 9B, L=Cluj-Napoca, PostalCode=400001, C=RO","sourceIndex":"1881","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.chris-pc.com/index.html","landingPage":"http://proxy.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=16&files=setup_chrispc_free_anonymous_proxy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=16&files=setup_chrispc_free_anonymous_proxy.exe","sourceIndex":"1881"}],"sampleFiles":["201013/ChrisPCAnonymousProxy-201013/8.30/Samples/ChrisPC Proxy.exe","201013/ChrisPCAnonymousProxy-201013/8.30/Samples/setup_chrispc_free_anonymous_proxy_8_30.exe"],"imageFiles":["201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-109/ChrisPC – Anonymous Proxy_Install [8 ].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-048/ChrisPC – Anonymous Proxy_Install [8 ].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-155/ChrisPC – Anonymous Proxy_Installs [4] RelevantKnowledge.png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-059/ChrisPC – Anonymous Proxy_Install [8].png"],"nonDeceptorImageFiles":["201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-065/ChrisPC – Anonymous Proxy_Install [1].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-065/ChrisPC – Anonymous Proxy_Install [2].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-065/ChrisPC – Anonymous Proxy_Install [9].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-065/ChrisPC – Anonymous Proxy_About [1].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-099/ChrisPC – Anonymous Proxy_About [1].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-065/ChrisPC – Anonymous Proxy_LandingPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-099/ChrisPC – Anonymous Proxy_LandingPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-065/ChrisPC – Anonymous Proxy_OfferPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-065/ChrisPC – Anonymous Proxy_OfferPage [2].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-099/ChrisPC – Anonymous Proxy_OfferPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-161/ChrisPC – Anonymous Proxy_OfferPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.30/Images/ACR-161/ChrisPC – Anonymous Proxy_OfferPage [2].png"],"guid":"53faf233-a3f2-4daa-8e7f-73230825a646_8.30_1","appID":"ChrisPCAnonymousProxy-201013","dateAdded":"201013","deceptorType":"Bundler","name":"ChrisPC – Anonymous Proxy","company":"Chris P.C. srl.","version":"8.30","sigName":"Deceptor:Win32/ChrisPCAnonymousProxy!109048155059","lastKnownStatus":"8.15;8.30","lastKnownDate":"201013","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2021-06-24T23:56:47.0303241+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1828},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and  run \"rkverify.exe\" without disclosing to user and user's agree to download and run.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe internal offer page does not display links to the EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ChrisPC Proxy.exe","companyName":"Chris P.C. srl","fileVersion":"8.0","hashMD5":"0f9cedcbb5b3bf0832c64a6c5481d780","hashSHA1":"cf65e948f9f06836762a92a22eebfa382a6a0b5a","hashSHA256":"138dd38f340d5d713d52a1b97643b3e246c64de4ef4196233a710503fbeaef35","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2075","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_chrispc_free_anonymous_proxy_8_15.exe","isInstaller":"True","companyName":"Chris P.C. srl                                              ","fileVersion":"8.1","hashMD5":"818d4338dcca1af91ef07f8f8428c1af","hashSHA1":"399d27e9ecf02f4d593e98fe6dfa94bb6c553e64","hashSHA256":"5a96165552c70e7e33c0ee87c0c65d42315583577ab79fbf951332c2cad3254c","digitalCertThumbprint":"1CA52C0B942327C40AE6115A02764F0E73D94F4A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ChrisPC Software SRL, O=ChrisPC Software SRL, STREET=Str. PARIS 19-21, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO","sourceIndex":"2075","avBlockList":["360 Total Security (20210105)","Avast Premium Security (20210105)","AVG Internet Security (20210105)","Avira Internet Security (20210105)","Bitdefender Internet Security (20210105)","COMODO Antivirus (20210105)","Dr.Web Security Space (20210105)","ESET Internet Security (20210105)","K7 Total Security (20210105)","Kaspersky Internet Security (20210105)","Malwarebytes Premium (20210105)","McAfee Total Protection (20210105)","Norton Security (20210105)","Panda Dome (20210105)","Quick Heal Internet Security (20210105)","Sophos Home Premium (20210105)","SpyHunter5 (20210105)","Tencent PC Manager (20210105)","Total AV Antivirus Pro (20210105)","VIPRE Advanced Security (20210105)","VirIT eXplorer PRO (20210105)","Webroot SecureAnywhere (20210105)","Windows Defender (20210105)"],"avAllowList":["G DATA INTERNET SECURITY (20210105)","Trend Micro Internet Security (20210105)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.chris-pc.com/index.html","landingPage":"http://proxy.chris-pc.com/","directDownloadingLink":"https://www.chris-pc.com/download.php?id=16&file=setup_chrispc_free_anonymous_proxy.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chris-pc.com/download.php?id=16&file=setup_chrispc_free_anonymous_proxy.exe","sourceIndex":"2075"}],"sampleFiles":["201013/ChrisPCAnonymousProxy-201013/8.15/Samples/ChrisPC Proxy.exe","201013/ChrisPCAnonymousProxy-201013/8.15/Samples/setup_chrispc_free_anonymous_proxy_8_15.exe"],"imageFiles":["201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-109/ChrisPC – Anonymous Proxy_Installs [3] RelevantKnowledge.png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-048/ChrisPC – Anonymous Proxy_Installs [3] RelevantKnowledge.png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-155/ChrisPC – Anonymous Proxy_Installs [4] RelevantKnowledge.png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-059/ChrisPC – Anonymous Proxy_Installs [4] RelevantKnowledge.png"],"nonDeceptorImageFiles":["201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-065/ChrisPC – Anonymous Proxy_Installs [1].png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-065/ChrisPC – Anonymous Proxy_Installs [2].png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-065/ChrisPC – Anonymous Proxy_About [1].png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-099/ChrisPC – Anonymous Proxy_About [1].png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-065/ChrisPC – Anonymous Proxy_LandingPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-099/ChrisPC – Anonymous Proxy_LandingPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-065/ChrisPC – Anonymous Proxy_OfferPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-099/ChrisPC – Anonymous Proxy_OfferPage [1].png","201013/ChrisPCAnonymousProxy-201013/8.15/Images/ACR-161/ChrisPC – Anonymous Proxy_OfferPage [2] Testimonial.png"],"guid":"53faf233-a3f2-4daa-8e7f-73230825a646_8.15_1","appID":"ChrisPCAnonymousProxy-201013","dateAdded":"201013","deceptorType":"Bundler","name":"ChrisPC – Anonymous Proxy","company":"Chris P.C. srl.","version":"8.15","sigName":"Deceptor:Win32/ChrisPCAnonymousProxy!109048155059","lastKnownStatus":"8.15;8.30","lastKnownDate":"201013","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2020-10-13T17:39:51.9417859+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1829},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file, that consumer not agreed to install.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and runs “rkverify.exe”, a RelevantKnowledge file.\n1) The app does not provide an option to cancel the startup of its own.\n2) The app does not provide any control to fully exit the app, the process for update still runs in the background.\n3) Unable to close the update prompt.\n","ACR-003":"The app needs to substantiate the identified results to the user.\n","ACR-004":"1) The app prompts an untruthful message that update is needed whenever the user launches the app. The \"Update\" actually does nothing, on clicking it.\n2) The app does not substantiate the identified results to the user.\n","ACR-084":"1) The app creates an undisclosed start-up of its own app.\n2) The process for the update, still runs in the background on fully exiting the app.\n3) Unable to close the update prompt.\n","ACR-118":"When uninstalling, the app retains some of the executables.\n","ACR-014":"The app uses the word \"Problem\" in the software.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The app does not disclose the privacy policy during installation.\nThe app does not disclose the EULA & Privacy Policy in the software.\n","ACR-002":"The App's version is not consistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1)\nThe App's version is not consistent between App interaction and its install (version 8.8.2.4 vs version 8.8.1)\n","ACR-161":"The app displays unverifiable testimonials. \n","ACR-092":"The app does not provide Digital signatures for all the executables.\n","ACR-099":"The app does not disclose the uninstall information in the software.\nThe app does not disclose the uninstall information in the landing page.\n","ACR-167":"The app does not provide a link for the refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n","ACR-014":"The app uses the word \"Problem\" and \"Error\" in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PCMate Free Privacy Cleaner\\PCMateFreePrivacyCleaner.exe","companyName":"PCMate Free Privacy Cleaner","productName":"PCMate Free Privacy Cleaner","productVersion":"6.5.1","fileVersion":"6.5.1","hashMD5":"20144ae9176a74e7a57b2eec46341707","hashSHA1":"802105699bfaca68255a4e78cfdf9045840c329d","hashSHA256":"e01b2d9a8f9af6cabe89f49a80b32cd009f056d3a60bd398bed4d63a817fa357","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"677","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreePrivacyCleaner.exe","isInstaller":"True","companyName":"PCMate Software Inc.                                       ","productName":"PCMate Free Privacy Cleaner                                 ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"86d7d913ad6ac373cb0db9736a808249","hashSHA1":"54d10533fb37998d75a7f8c7c2021b28864f3532","hashSHA256":"e31201b282865259f0f8a5e60ecefdbb59109ec7c16d0720927907819b89e9a2","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Hangxin Gaoke Intellectual Property Operation Co.Ltd","storeId":"","sourceIndex":"677","avBlockList":["360 Total Security (20210107)","Avast Premium Security (20210107)","AVG Internet Security (20210107)","Avira Internet Security (20210107)","Bitdefender Internet Security (20210107)","COMODO Antivirus (20210107)","Dr.Web Security Space (20210107)","ESET Internet Security (20210107)","G DATA INTERNET SECURITY (20210107)","K7 Total Security (20210107)","Kaspersky Internet Security (20210107)","Malwarebytes Premium (20210107)","McAfee Total Protection (20210107)","Norton Security (20210107)","Panda Dome (20210107)","Quick Heal Internet Security (20210107)","Sophos Home Premium (20210107)","SpyHunter5 (20210107)","Tencent PC Manager (20210107)","Total AV Antivirus Pro (20210107)","Trend Micro Internet Security (20210107)","VIPRE Advanced Security (20210107)","VirIT eXplorer PRO (20210107)","Webroot SecureAnywhere (20210107)","Windows Defender (20210107)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"free system software ","reference":"https://www.freesystemsoftware.com/software/index.html","landingPage":"https://www.freesystemsoftware.com/privacycleaner/index.php","directDownloadingLink":"http://www.freesystemsoftware.com/PCMateFreePrivacyCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freesystemsoftware.com/PCMateFreePrivacyCleaner.exe","sourceIndex":"677"}],"sampleFiles":["201013/PCMateFreePrivacyCleaner-201002/8.8.1/Samples/PCMateFreePrivacyCleaner.exe"],"imageFiles":["201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-109/ACR-109_Install_InstallsRK.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-048/ACR-048_Install_NoControl.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-004/ACR-004_Software_Alarming.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-004/ACR-004_Software_NotSubstantiate.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-084/ACR-084_Software_UndisclosedStart-Up.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-084/ACR-084_Software_RunsInBackground.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-084/ACR-084_Software_UnableToUpdate.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-048/ACR-048_Software_NoControl.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-048/ACR-048_Software_NoControl1.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-048/ACR-048_Software_UnableToUpdate.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-003/ACR-003_Software_NotSubstantiate.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-014/ACR-014_Software_WordProblem.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-118/ACR-118_Uninstall_RetainsComponents.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-059/ACR-059_BundlerMadeOffers_NotClear.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-155/ACR-155_BundlerMadeOffer_InstallWorkflow.JPG"],"nonDeceptorImageFiles":["201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-038/ACR-038_Install_NoDetails.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-002/ACR-002_Install_InconsistentVersion.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-002/ACR-002_Install_InconsistentVersion1.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-065/ACR-065_Software_NoDocs.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-099/ACR-099_Software_NoUninstall_Info.jpg","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-002/ACR-002_Software_InconsistentVersion1.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-002/ACR-002_Software_InconsistentVersion2.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-167/ACR-167_Docs_NoRefundPolicyof30Days.jpg","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.jpg","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-014/ACR-014_Landingpage_ErrorProblem.JPG","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-017/ACR-017_Landingpage_UnverifiableLogo.jpg","201013/PCMateFreePrivacyCleaner-201002/8.8.1/Images/ACR-161/ACR-161_Landingpage_UnverifiableTestimonails.jpg"],"guid":"aea130a9-aae8-4390-bfe5-a7725f3d54f0_8.8.1_1","appID":"PCMateFreePrivacyCleaner-201002","dateAdded":"201013","deceptorType":"App","name":"PCMateFreePrivacyCleaner","company":"PCMate Software, Inc.","version":"8.8.1","sigName":"Deceptor:Win32/PCMateFreePrivacyCleaner!109048004084003014118059155","lastKnownStatus":"8.8.1","lastKnownDate":"201013","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,none","lastUpdate":"2024-03-27T18:31:40.9805191+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1827},{"violations":{"ACR-109":"The app downloads RelevantKnowledge files and runs \"rkverify.exe\", a RelevantKnowledge file. \n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" actually downloads nothing new, sometime it leads to download the component(s) that user declined during install procedure.\n","ACR-118":"There are some executable files were left behind even after app shows uninstall completed.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the  EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction and its install  (version 8.8.2.4 vs version 8.8.1). \nThe App's version is not consistent between App interaction and its install  (version 8.8.2.4 vs version 8.8.1). \n","ACR-161":"The landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-157":"The application’s main executable file has no signed certificate, it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"PCMateFreeFileShredder.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"ab46e9b4112ad57a21055f0a98aa1493","hashSHA1":"1d726afde0d3af21ff03332269a60f917e26f061","hashSHA256":"727373c5e09b868727e269af33fb4a2974527d4c7b401ac00daaded36b6a2af7","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210107)","Avast Premium Security (20210107)","AVG Internet Security (20210107)","Avira Internet Security (20210107)","Bitdefender Internet Security (20210107)","COMODO Antivirus (20210107)","Dr.Web Security Space (20210107)","ESET Internet Security (20210107)","G DATA INTERNET SECURITY (20210107)","K7 Total Security (20210107)","Kaspersky Internet Security (20210107)","Malwarebytes Premium (20210107)","McAfee Total Protection (20210107)","Norton Security (20210107)","Panda Dome (20210107)","Quick Heal Internet Security (20210107)","Sophos Home Premium (20210107)","SpyHunter5 (20210107)","Tencent PC Manager (20210107)","Total AV Antivirus Pro (20210107)","Trend Micro Internet Security (20210107)","VIPRE Advanced Security (20210107)","VirIT eXplorer PRO (20210107)","Webroot SecureAnywhere (20210107)","Windows Defender (20210107)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeEmptyFolderDelete.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"4c85c038723168fb85a5480a7ef28460","hashSHA1":"a8f04e52adca88a4acf72812e8562955375dde41","hashSHA256":"9ee5489cf00cc216f10b5254a41d680f197a1625fd2b68e373215eb8c9b32faf","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210107)","Avast Premium Security (20210107)","AVG Internet Security (20210107)","Avira Internet Security (20210107)","Bitdefender Internet Security (20210107)","COMODO Antivirus (20210107)","Dr.Web Security Space (20210107)","ESET Internet Security (20210107)","G DATA INTERNET SECURITY (20210107)","K7 Total Security (20210107)","Kaspersky Internet Security (20210107)","Malwarebytes Premium (20210107)","McAfee Total Protection (20210107)","Norton Security (20210107)","Panda Dome (20210107)","Quick Heal Internet Security (20210107)","Sophos Home Premium (20210107)","SpyHunter5 (20210107)","Tencent PC Manager (20210107)","Total AV Antivirus Pro (20210107)","Trend Micro Internet Security (20210107)","VIPRE Advanced Security (20210107)","VirIT eXplorer PRO (20210107)","Webroot SecureAnywhere (20210107)","Windows Defender (20210107)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeShortcutFixer.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"689c342762de86c308376af6a00925ba","hashSHA1":"cf71165147584ecaf8bf9c348dd6cab4ef0542c9","hashSHA256":"3f16c56b964d14f4d978facf91026ab4d47105accd4dc1cd49b62dba7495b4eb","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210107)","Avast Premium Security (20210107)","AVG Internet Security (20210107)","Avira Internet Security (20210107)","Bitdefender Internet Security (20210107)","COMODO Antivirus (20210107)","Dr.Web Security Space (20210107)","ESET Internet Security (20210107)","G DATA INTERNET SECURITY (20210107)","K7 Total Security (20210107)","Kaspersky Internet Security (20210107)","Malwarebytes Premium (20210107)","McAfee Total Protection (20210107)","Norton Security (20210107)","Panda Dome (20210107)","Quick Heal Internet Security (20210107)","Sophos Home Premium (20210107)","SpyHunter5 (20210107)","Tencent PC Manager (20210107)","Total AV Antivirus Pro (20210107)","Trend Micro Internet Security (20210107)","VIPRE Advanced Security (20210107)","VirIT eXplorer PRO (20210107)","Webroot SecureAnywhere (20210107)","Windows Defender (20210107)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeFileEncryptor.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"a59e54785d8b7c489ca5d8ee467e6d41","hashSHA1":"1934c95f567f58ba3b61922d7044b893fe7d487c","hashSHA256":"d06ec3c367323bc4461c0f0d4c0cf2431b8d32d7812f28f734defa86a487866d","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210107)","Avast Premium Security (20210107)","AVG Internet Security (20210107)","Avira Internet Security (20210107)","Bitdefender Internet Security (20210107)","COMODO Antivirus (20210107)","Dr.Web Security Space (20210107)","ESET Internet Security (20210107)","G DATA INTERNET SECURITY (20210107)","K7 Total Security (20210107)","Kaspersky Internet Security (20210107)","Malwarebytes Premium (20210107)","McAfee Total Protection (20210107)","Norton Security (20210107)","Panda Dome (20210107)","Quick Heal Internet Security (20210107)","Sophos Home Premium (20210107)","SpyHunter5 (20210107)","Tencent PC Manager (20210107)","Total AV Antivirus Pro (20210107)","VIPRE Advanced Security (20210107)","VirIT eXplorer PRO (20210107)","Webroot SecureAnywhere (20210107)"],"avAllowList":["Trend Micro Internet Security (20210107)","Windows Defender (20210107)"]},{"isRevoked":"False","fileName":"PCMateFreeEXELock.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"453b080fb13c212aa475195cc3cc2311","hashSHA1":"1bac7a3da5f50f0b184462a9ddbed0867ed057ea","hashSHA256":"39b7285f4df22c577c672ad0052f3d00db8a329d0b08d46bb4c7d49233f73e62","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210126)","Avast Premium Security (20210126)","AVG Internet Security (20210126)","Avira Internet Security (20210126)","Bitdefender Internet Security (20210126)","COMODO Antivirus (20210126)","Dr.Web Security Space (20210126)","ESET Internet Security (20210126)","G DATA INTERNET SECURITY (20210126)","K7 Total Security (20210126)","Kaspersky Internet Security (20210126)","Malwarebytes Premium (20210126)","McAfee Total Protection (20210126)","Norton Security (20210126)","Panda Dome (20210126)","Quick Heal Internet Security (20210126)","Sophos Home Premium (20210126)","SpyHunter5 (20210126)","Tencent PC Manager (20210126)","Total AV Antivirus Pro (20210126)","Trend Micro Internet Security (20210126)","VIPRE Advanced Security (20210126)","VirIT eXplorer PRO (20210126)","Webroot SecureAnywhere (20210126)","Windows Defender (20210126)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeFileRecovery.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"7762967a84a0a57d29eafcb3304b99a4","hashSHA1":"305e20a75ce5c7b0b41fe23ec9373bc8f80bb047","hashSHA256":"da74110cf977145ea1d8a15b54849e1e8e8592324dab5c0f34ff2f8b8f189b20","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210126)","Avast Premium Security (20210126)","AVG Internet Security (20210126)","Avira Internet Security (20210126)","Bitdefender Internet Security (20210126)","COMODO Antivirus (20210126)","Dr.Web Security Space (20210126)","ESET Internet Security (20210126)","G DATA INTERNET SECURITY (20210126)","K7 Total Security (20210126)","Kaspersky Internet Security (20210126)","Malwarebytes Premium (20210126)","McAfee Total Protection (20210126)","Norton Security (20210126)","Panda Dome (20210126)","Quick Heal Internet Security (20210126)","Sophos Home Premium (20210126)","SpyHunter5 (20210126)","Tencent PC Manager (20210126)","Total AV Antivirus Pro (20210126)","VIPRE Advanced Security (20210126)","VirIT eXplorer PRO (20210126)","Webroot SecureAnywhere (20210126)","Windows Defender (20210126)"],"avAllowList":["Trend Micro Internet Security (20210126)"]},{"isRevoked":"False","fileName":"PCMateFreeFileSplitterJoiner.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"4aff3ecb6f808651da3dc2d3c860a4b0","hashSHA1":"7a18390feb38a4923e0105abb118ad8babac7b48","hashSHA256":"253b8ee74e197344a686f6cc86fd0b9580abcd208340d178a126a59dd19a41f5","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210126)","Avast Premium Security (20210126)","AVG Internet Security (20210126)","Avira Internet Security (20210126)","Bitdefender Internet Security (20210126)","COMODO Antivirus (20210126)","Dr.Web Security Space (20210126)","ESET Internet Security (20210126)","G DATA INTERNET SECURITY (20210126)","K7 Total Security (20210126)","Kaspersky Internet Security (20210126)","Malwarebytes Premium (20210126)","McAfee Total Protection (20210126)","Norton Security (20210126)","Panda Dome (20210126)","Quick Heal Internet Security (20210126)","Sophos Home Premium (20210126)","SpyHunter5 (20210126)","Tencent PC Manager (20210126)","Total AV Antivirus Pro (20210126)","VIPRE Advanced Security (20210126)","VirIT eXplorer PRO (20210126)","Webroot SecureAnywhere (20210126)","Windows Defender (20210126)"],"avAllowList":["Trend Micro Internet Security (20210126)"]},{"isRevoked":"False","fileName":"PCMateFreeResourceExtractor.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"3bdb25652983f4b95dee69d5bb52886d","hashSHA1":"78b83e91f9dda60c81005d13fd50c13e1459ea19","hashSHA256":"e97222aafbacc3dd255c719117137ad42f3f7a0a6b69c318ae5a308f8b9d0504","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210128)","Avast Premium Security (20210128)","AVG Internet Security (20210128)","Avira Internet Security (20210128)","Bitdefender Internet Security (20210128)","COMODO Antivirus (20210128)","Dr.Web Security Space (20210128)","ESET Internet Security (20210128)","G DATA INTERNET SECURITY (20210128)","K7 Total Security (20210128)","Kaspersky Internet Security (20210128)","Malwarebytes Premium (20210128)","McAfee Total Protection (20210128)","Norton Security (20210128)","Panda Dome (20210128)","Quick Heal Internet Security (20210128)","Sophos Home Premium (20210128)","SpyHunter5 (20210128)","Tencent PC Manager (20210128)","Total AV Antivirus Pro (20210128)","Trend Micro Internet Security (20210128)","VIPRE Advanced Security (20210128)","VirIT eXplorer PRO (20210128)","Webroot SecureAnywhere (20210128)","Windows Defender (20210128)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreePasswordManager.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"b5710faac887ee1dad4c595951cf8eaa","hashSHA1":"61769d66fa16354e57e7a8c1369f178ad9c3bedf","hashSHA256":"255be84debbceb7a27d10f3c01906109731f3a38b583f000902ca87f8dbce327","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210128)","Avast Premium Security (20210128)","AVG Internet Security (20210128)","Avira Internet Security (20210128)","Bitdefender Internet Security (20210128)","COMODO Antivirus (20210128)","Dr.Web Security Space (20210128)","ESET Internet Security (20210128)","G DATA INTERNET SECURITY (20210128)","K7 Total Security (20210128)","Kaspersky Internet Security (20210128)","Malwarebytes Premium (20210128)","McAfee Total Protection (20210128)","Norton Security (20210128)","Panda Dome (20210128)","Quick Heal Internet Security (20210128)","Sophos Home Premium (20210128)","SpyHunter5 (20210128)","Tencent PC Manager (20210128)","Total AV Antivirus Pro (20210128)","Trend Micro Internet Security (20210128)","VIPRE Advanced Security (20210128)","VirIT eXplorer PRO (20210128)","Webroot SecureAnywhere (20210128)","Windows Defender (20210128)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeAutoClicker.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"4fd9905b68e510f39a0206efce9dd21f","hashSHA1":"17c7ce4017c33ba9da631dd2b4206a1cc69ea5da","hashSHA256":"8c594b4290772201fffecfe6c47dde48bc1a5c3a3e1367ee1738b7b20672af6b","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210128)","Avast Premium Security (20210128)","AVG Internet Security (20210128)","Avira Internet Security (20210128)","Bitdefender Internet Security (20210128)","COMODO Antivirus (20210128)","Dr.Web Security Space (20210128)","ESET Internet Security (20210128)","G DATA INTERNET SECURITY (20210128)","K7 Total Security (20210128)","Kaspersky Internet Security (20210128)","Malwarebytes Premium (20210128)","McAfee Total Protection (20210128)","Norton Security (20210128)","Panda Dome (20210128)","Quick Heal Internet Security (20210128)","Sophos Home Premium (20210128)","SpyHunter5 (20210128)","Tencent PC Manager (20210128)","Total AV Antivirus Pro (20210128)","Trend Micro Internet Security (20210128)","VIPRE Advanced Security (20210128)","VirIT eXplorer PRO (20210128)","Webroot SecureAnywhere (20210128)","Windows Defender (20210128)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeAutoShutdown.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"333ea128713868f0e04fbf9634d8d6ca","hashSHA1":"417c3aecce990b7555182680ee4fdfea82108a48","hashSHA256":"520cbfe920db079f8630822acdffc1524c44dc0645794ad23aab4fde34e03a87","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210128)","Avast Premium Security (20210128)","AVG Internet Security (20210128)","Avira Internet Security (20210128)","Bitdefender Internet Security (20210128)","COMODO Antivirus (20210128)","Dr.Web Security Space (20210128)","ESET Internet Security (20210128)","G DATA INTERNET SECURITY (20210128)","K7 Total Security (20210128)","Kaspersky Internet Security (20210128)","Malwarebytes Premium (20210128)","McAfee Total Protection (20210128)","Norton Security (20210128)","Panda Dome (20210128)","Quick Heal Internet Security (20210128)","Sophos Home Premium (20210128)","SpyHunter5 (20210128)","Tencent PC Manager (20210128)","Total AV Antivirus Pro (20210128)","Trend Micro Internet Security (20210128)","VIPRE Advanced Security (20210128)","VirIT eXplorer PRO (20210128)","Webroot SecureAnywhere (20210128)","Windows Defender (20210128)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeWiFiHotspotCreator.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"61a69527bcc00b634594945f321fc5e5","hashSHA1":"93068f427a3bf5507526c0c926eed58938d9a21d","hashSHA256":"2b619e6b9735a1805b0995f0f0038786779243ecf3930a9874f3eb6e0f1c06e6","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210202)","Avast Premium Security (20210202)","AVG Internet Security (20210202)","Avira Internet Security (20210202)","Bitdefender Internet Security (20210202)","COMODO Antivirus (20210202)","Dr.Web Security Space (20210202)","ESET Internet Security (20210202)","G DATA INTERNET SECURITY (20210202)","K7 Total Security (20210202)","Kaspersky Internet Security (20210202)","Malwarebytes Premium (20210202)","McAfee Total Protection (20210202)","Norton Security (20210202)","Panda Dome (20210202)","Quick Heal Internet Security (20210202)","Sophos Home Premium (20210202)","SpyHunter5 (20210202)","Tencent PC Manager (20210202)","Total AV Antivirus Pro (20210202)","Trend Micro Internet Security (20210202)","VIPRE Advanced Security (20210202)","VirIT eXplorer PRO (20210202)","Webroot SecureAnywhere (20210202)","Windows Defender (20210202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeKeylogger.exe","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"42ba8d40bd62f5b1f395ce5cb2caed7c","hashSHA1":"a118c8d70788ac788462e93fcef66d52807b142a","hashSHA256":"9ac9ddcacdd6221b8d80e038debd4aa8b8edaf6a71df05f1d6c8d682bf2f566a","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeFolderMonitor.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"b3d8978c9f94f9824c9fee8006bdf395","hashSHA1":"26eae8bd60940802e9d61c52948102e40e88e071","hashSHA256":"fca295c5750c353f96f9e6279a1af46c55693d3a823a1998eb9a3b6f9e313307","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210202)","Avast Premium Security (20210202)","AVG Internet Security (20210202)","Avira Internet Security (20210202)","Bitdefender Internet Security (20210202)","COMODO Antivirus (20210202)","Dr.Web Security Space (20210202)","ESET Internet Security (20210202)","G DATA INTERNET SECURITY (20210202)","K7 Total Security (20210202)","Kaspersky Internet Security (20210202)","Malwarebytes Premium (20210202)","McAfee Total Protection (20210202)","Norton Security (20210202)","Panda Dome (20210202)","Quick Heal Internet Security (20210202)","Sophos Home Premium (20210202)","SpyHunter5 (20210202)","Tencent PC Manager (20210202)","Total AV Antivirus Pro (20210202)","Trend Micro Internet Security (20210202)","VIPRE Advanced Security (20210202)","VirIT eXplorer PRO (20210202)","Webroot SecureAnywhere (20210202)","Windows Defender (20210202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeStartupManager.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"10fb01e793991d00c8c85e0b63dfd491","hashSHA1":"708e1230a9e1b8b9ce08b0d12b60a58b653446eb","hashSHA256":"de65b1703a7a75d4efa9280cd72e843edb17bc6987a7df9a6f620fec5da6dcd6","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210202)","Avast Premium Security (20210202)","AVG Internet Security (20210202)","Avira Internet Security (20210202)","Bitdefender Internet Security (20210202)","COMODO Antivirus (20210202)","Dr.Web Security Space (20210202)","ESET Internet Security (20210202)","G DATA INTERNET SECURITY (20210202)","K7 Total Security (20210202)","Kaspersky Internet Security (20210202)","Malwarebytes Premium (20210202)","McAfee Total Protection (20210202)","Norton Security (20210202)","Panda Dome (20210202)","Quick Heal Internet Security (20210202)","Sophos Home Premium (20210202)","SpyHunter5 (20210202)","Tencent PC Manager (20210202)","Total AV Antivirus Pro (20210202)","VIPRE Advanced Security (20210202)","VirIT eXplorer PRO (20210202)","Webroot SecureAnywhere (20210202)","Windows Defender (20210202)"],"avAllowList":["Trend Micro Internet Security (20210202)"]},{"isRevoked":"False","fileName":"PCMateFreeUninstallManager.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"0c0c0dc1a273f35d5934b0532114d5e4","hashSHA1":"b3cd457da6759d46a273950894ac9d277b89330a","hashSHA256":"ebae43206b2f85953932c2d7346b1b49e58d98c88a995135fd267ea6af003351","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2076","avBlockList":["360 Total Security (20210202)","Avast Premium Security (20210202)","AVG Internet Security (20210202)","Avira Internet Security (20210202)","Bitdefender Internet Security (20210202)","COMODO Antivirus (20210202)","Dr.Web Security Space (20210202)","ESET Internet Security (20210202)","G DATA INTERNET SECURITY (20210202)","K7 Total Security (20210202)","Kaspersky Internet Security (20210202)","Malwarebytes Premium (20210202)","McAfee Total Protection (20210202)","Norton Security (20210202)","Panda Dome (20210202)","Quick Heal Internet Security (20210202)","Sophos Home Premium (20210202)","SpyHunter5 (20210202)","Tencent PC Manager (20210202)","Total AV Antivirus Pro (20210202)","Trend Micro Internet Security (20210202)","VIPRE Advanced Security (20210202)","VirIT eXplorer PRO (20210202)","Webroot SecureAnywhere (20210202)","Windows Defender (20210202)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.freesystemsoftware.com/","landingPage":"https://www.freesystemsoftware.com/fileshredder/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeFileShredder.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeFileShredder.exe","sourceIndex":"2076"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/software/foldershortcut.html","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeEmptyFolderDelete.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeEmptyFolderDelete.exe","sourceIndex":"2077"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/shortcutfixer/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeShortcutFixer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeShortcutFixer.exe","sourceIndex":"2078"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/fileencryptor/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeFileEncryptor.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeFileEncryptor.exe","sourceIndex":"2079"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/exelock/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeEXELock.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeEXELock.exe","sourceIndex":"2080"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/filerecovery/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeFileRecovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeFileRecovery.exe","sourceIndex":"2081"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/filesplitterjoiner/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeFileSplitterJoiner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeFileSplitterJoiner.exe","sourceIndex":"2082"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/resourceextractor/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeResourceExtractor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeResourceExtractor.exe","sourceIndex":"2083"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/software/passwordmanagement.html","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreePasswordManager.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreePasswordManager.exe","sourceIndex":"2084"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/autoclicker/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeAutoClicker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeAutoClicker.exe","sourceIndex":"2085"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/autoshutdown/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeAutoShutdown.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeAutoShutdown.exe","sourceIndex":"2086"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/wifihotspotcreator/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeWiFiHotspotCreator.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeWiFiHotspotCreator.exe","sourceIndex":"2087"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/keylogger/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeKeylogger.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeKeylogger.exe","sourceIndex":"2088"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/foldermonitor/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeFolderMonitor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeFolderMonitor.exe","sourceIndex":"2089"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/startupmanager/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeStartupManager.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeStartupManager.exe","sourceIndex":"2090"},{"howFound":"","reference":"","landingPage":"https://www.freesystemsoftware.com/uninstallmanager/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeUninstallManager.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeUninstallManager.exe","sourceIndex":"2091"}],"sampleFiles":["201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeFileShredder.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeEmptyFolderDelete.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeShortcutFixer.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeFileEncryptor.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeEXELock.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeFileRecovery.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeFileSplitterJoiner.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeResourceExtractor.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreePasswordManager.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeAutoClicker.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeAutoShutdown.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeWiFiHotspotCreator.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeFolderMonitor.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeStartupManager.exe","201012/PCMateBundler-201008/8.8.1/Samples/PCMateFreeUninstallManager.exe"],"imageFiles":["201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeFileShredder_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeEmptyFolderDelete_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeShortcutFixer_Install [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeFileEncryptor_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeEXELock_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeFileRecovery_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeFileSplitterJoiner_Install [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeResourceExtractor_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreePasswordManager_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeAutoClicker_FileProperty_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeAutoShutdown_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeWiFiHotspotCreator_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeFolderMonitor_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeStartupManager_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-109/PCMateFreeUninstallManager_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeFileShredder_Update[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeEmptyFolderDelete_Update [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeShortcutFixer_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeFileEncryptor_Update [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeEXELock_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeFileRecovery_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeFileSplitterJoiner_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeResourceExtractor_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreePasswordManager_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeAutoClicker_FileProperty_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeAutoShutdown_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeWiFiHotspotCreator_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeFolderMonitor_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeStartupManager_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-004/PCMateFreeUninstallManager_Updates [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeFileShredder_Uninstall [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeFileShredder_Uninstall [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeFolderDelete_Uninstall [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeShortcutFixer_FilesRetainedAfterUninstall [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeFileEncryptor_FilesRetainedAfterUninstall [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeEXELock_FileRetainedAfterUninstall [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeFileRecovery_Uninstall [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeFileRecovery_Uninstall [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeFileSplitterJoiner_Uninstall_FilesRetained.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeResourceExtractor_Uninstall_RetainedFile[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreePasswordManager_Uninstall_RetainedFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeAutoClicker_Uninstall_RetainedFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeAutoShutdown_Uninstall [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeAutoShutdown_Uninstall [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeWiFiHotspotCreator_Uninstall_RetainedFiles [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeFolderMonitor_Uninstall_RetainedFiles [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeStartupManager_UninstallRetainedFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeUninstallManager_UninstallRetainedFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-118/PCMateFreeUninstallManager_UninstallRetainedFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFileShredder_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFileShredder_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeEmptyFolderDelete_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeEmptyFolderDelete_Installs [4] McAfee1.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeShortcutFixer_Install [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeShortcutFixer_Install [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFileEncryptor_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFileEncryptor_Installs [3] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeEXELock_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeEXELock_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFileRecovery_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFileRecovery_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFileSplitterJoiner_Install [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFileSplitterJoiner_Install [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeResourceExtractor_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeResourceExtractor_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreePasswordManager_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreePasswordManager_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeAutoClicker_FileProperty_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeAutoClicker_FileProperty_Installs [4] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeAutoShutdown_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeAutoShutdown_Installs [5] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeAutoShutdown_Installs [7] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeWiFiHotspotCreator_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeWiFiHotspotCreator_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeWiFiHotspotCreator_Installs [6] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFolderMonitor_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFolderMonitor_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeFolderMonitor_Installs [5] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeStartupManager_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeStartupManager_Installs [4] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeStartupManager_Installs [5] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeUninstallManager_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeUninstallManager_Installs [4] McAfee1.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-059/PCMateFreeUninstallManager_Installs [5] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileShredder_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileShredder_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeEmptyFolderDelete_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeEmptyFolderDelete_Installs [4] McAfee1.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeShortcutFixer_Install [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeShortcutFixer_Install [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileEncryptor_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileEncryptor_Installs [3] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeEXELock_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeEXELock_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileRecovery_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileRecovery_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileSplitterJoiner_Install [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileSplitterJoiner_Install [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFileSplitterJoiner_Install [5] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeResourceExtractor_Installs [3] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeResourceExtractor_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreePasswordManager_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreePasswordManager_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeAutoClicker_FileProperty_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeAutoClicker_FileProperty_Installs [4] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeAutoShutdown_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeAutoShutdown_Installs [5] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeAutoShutdown_Installs [7] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeWiFiHotspotCreator_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeWiFiHotspotCreator_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeWiFiHotspotCreator_Installs [6] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFolderMonitor_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFolderMonitor_Installs [4] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeFolderMonitor_Installs [5] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeStartupManager_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeStartupManager_Installs [4] Avast.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeStartupManager_Installs [5] McAfee.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeUninstallManager_Installs [2] RelevantKnowledge.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeUninstallManager_Installs [4] McAfee1.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-155/PCMateFreeUninstallManager_Installs [5] Avast.png"],"nonDeceptorImageFiles":["201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFileShredder_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFileShredder_FileProperty_MainExecutable [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeShortcutFixer_FIleProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFileEncryptor_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFileEncryptor_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeEXELock_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFileRecovery_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFileSplitterJoiner_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFileSplitterJoiner_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeResourceExtractor_FileProperty_Installer [a].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeResourceExtractor_FileProperty_MainFile[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreePasswordManager_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreePasswordManager_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeAutoClicker_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeAutoShutdown_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeAutoShutdown_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeWiFiHotspotCreator_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeWiFiHotspotCreator_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFolderMonitor_FIleProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeFolderMonitor_FIleProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeStartupManager_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeStartupManager_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeUninstallManager_FileProperty_Installer [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-038/PCMateFreeUninstallManager_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFileShredder_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeEmptyFolderDelete_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeShortcutFixer_Install [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFileEncryptor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeEXELock_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFileRecovery_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFileSplitterJoiner_Install [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeResourceExtractor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreePasswordManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeAutoClicker_FileProperty_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeAutoShutdown_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeWiFiHotspotCreator_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFolderMonitor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeStartupManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeUninstallManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileShredder_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileShredder_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeEmptyFolderDelete_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeEmptyFolderDelete_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeShortcutFixer_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeShortcutFixer_Install [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileEncryptor_About[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileEncryptor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeEXELock_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeEXELock_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileRecovery_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileRecovery_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileSplitterJoiner_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileSplitterJoiner_Install [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeResourceExtractor_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeResourceExtractor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreePasswordManager_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreePasswordManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeAutoClicker_FileProperty_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeAutoClicker_FileProperty_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeAutoShutdown_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeAutoShutdown_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeWiFiHotspotCreator_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeWiFiHotspotCreator_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFolderMonitor_About[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFolderMonitor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeStartupManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeStartupManager_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeUninstallManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeUninstallManager_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeFileShredder_FileProperty_MainExecutable [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeFolderDelete_FileProperty_MainExecutable [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeShortcutFixer_FIleProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeFileEncryptor_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeEXELock_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeFileRecovery_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeFileSplitterJoiner_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeResourceExtractor_FileProperty_MainFile[2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreePasswordManager_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeAutoClicker_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeAutoShutdown_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeWiFiHotspotCreator_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeFolderMonitor_FIleProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeUninstallManager_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-092/PCMateFreeStartupManager_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeFileShredder_FileProperty_MainExecutable [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeFolderDelete_FileProperty_MainExecutable [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeShortcutFixer_FIleProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeFileEncryptor_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeEXELock_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeFileRecovery_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeFileSplitterJoiner_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeResourceExtractor_FileProperty_MainFile[2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreePasswordManager_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeAutoClicker_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeAutoShutdown_FileProperty_MainFile [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeWiFiHotspotCreator_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeFolderMonitor_FIleProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeStartupManager_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-157/PCMateFreeUninstallManager_FileProperty_MainFile [2].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFileShredder_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeEmptyFolderDelete_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeShortcutFixer_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFileEncryptor_About[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeEXELock_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFileRecovery_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFileSplitterJoiner_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeResourceExtractor_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreePasswordManager_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeAutoClicker_FileProperty_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeAutoShutdown_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeWiFiHotspotCreator_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeFolderMonitor_About[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeStartupManager_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-065/PCMateFreeUninstallManager_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFileShredder_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeEmptyFolderDelete_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeShortcutFixer_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFileEncryptor_About[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeEXELock_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFileRecovery_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFileSplitterJoiner_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeResourceExtractor_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreePasswordManager_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeAutoClicker_FileProperty_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeAutoShutdown_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeWiFiHotspotCreator_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFolderMonitor_About[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeStartupManager_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeUninstallManager_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileShredder_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileShredder_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeEmptyFolderDelete_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeEmptyFolderDelete_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeShortcutFixer_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeShortcutFixer_Install [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileEncryptor_About[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileEncryptor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeEXELock_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeEXELock_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileRecovery_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileRecovery_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileSplitterJoiner_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFileSplitterJoiner_Install [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeResourceExtractor_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeResourceExtractor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreePasswordManager_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreePasswordManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeAutoClicker_FileProperty_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeAutoClicker_FileProperty_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeAutoShutdown_About [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeAutoShutdown_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeWiFiHotspotCreator_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeWiFiHotspotCreator_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFolderMonitor_About[1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeFolderMonitor_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeStartupManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeStartupManager_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeUninstallManager_Installs [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-002/PCMateFreeUninstallManager_Interactions [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-167/PCMateFreeSystemCare Software - Legal Terms.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeSystemCare Software - LandingPage.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFileShredder_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeEmptyFolderDelete_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeShortcutFixer_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFileEncryptor_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeEXELock_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFileRecovery_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFileSplitterJoiner_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeResourceExtractor_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreePasswordManager_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeAutoClicker_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeAutoShutdown_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeWiFiHotspotCreator_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeFolderMonitor_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeStartupManager_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-099/PCMateFreeUninstallManager_LandingPage [1].png","201012/PCMateBundler-201008/8.8.1/Images/ACR-017/PCMateFreeSystemCare Awards.png","201012/PCMateBundler-201008/8.8.1/Images/ACR-161/PCMateFreeSystemCare Software - Client Testimonials.png"],"guid":"fbb73b37-70b1-4fc2-a876-c8f40d1cf268_8.8.1_1","appID":"PCMateBundler-201008","dateAdded":"201012","deceptorType":"Bundler","name":"PCMate Bundler","company":"PCMateFreeSystemCare Software","version":"8.8.1","sigName":"Deceptor:Win32/PCMateBundler!109004118059155","lastKnownStatus":"8.8.1","lastKnownDate":"201012","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2020-10-13T04:32:47.3132446+00:00","notDistributed":false,"familyName":"Hangxin","numInFamily":6,"numInAppID":1,"sortOrder":1645},{"violations":{"CCR-017":"1) Call at 08:24AM EST on 10/08/2020 to MySupportPeople.com call center phone number 1-833-505-0773 (call center phone number from Iobit Driver Updater). Call was answered as MySupportPeople. Caller asked if they were related to Saburi Tech Live Connect or PremiumTechieSupport, and agent answered \"no\". The call center agent provided misleading information, potentially tricking consumers\n\n2) Call center claims on both main page and \"about us\" page they are certified by AppEsteem, and they are not. This is misleading.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"NeeP Scambaiter","reference":"email on 10/8/2020","landingPage":"https://mysupportpeople.com/","ipv4":"","ipv6":"","sourceIndex":"2069"}],"sampleFiles":[],"imageFiles":["201012/MySupportPeople-201008/201008/Images/CCR-017/mspnumber.png","201012/MySupportPeople-201008/201008/Images/CCR-017/017-claim certification1.png","201012/MySupportPeople-201008/201008/Images/CCR-017/017-claim certification2.png"],"nonDeceptorImageFiles":[],"guid":"34a7039e-13a9-407c-9d6f-27c85f9c705d_201008_1","appID":"MySupportPeople-201008","dateAdded":"201012","deceptorType":"Call Center","name":"MySupportPeople.com","company":"SaburiTLC","version":"201008","sigName":"Deceptor:CallCenter/MySupportPeople!017","firstVendorContactDate":"201009","firstAppEsteemReplyDate":"201012","lastKnownStatus":"Deceptor:201008;NotDistributed:201020","lastKnownDate":"201020","type":"Call Center","targetOS":"None","targetBrowser":"None","lastUpdate":"2020-10-20T15:25:57.3828414+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1830},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file, that consumer not agreed to install.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" actually downloads nothing new, sometime it leads to download the component(s) that user declined during install procedure. for example, it connected to post.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge\n","ACR-118":"There are some executable file was left behind even after app shows uninstall completed.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction and its install  (version 8.8.2.4 vs version 8.8.1). \nThe App's version is not consistent between App interaction and its install  (version 8.8.2.4 vs version 8.8.1). \n","ACR-161":"The landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"DuplicatesRemoval.exe","fileVersion":"0.0","hashMD5":"675a2ed67df7d66619a01c9de65ec25b","hashSHA1":"bacd3de2028cc6d67c3a9159108215c000acbb4f","hashSHA256":"35815477012792accca67b95c5408b67abcf940314b0ed3d3a040b6561aeab6f","sourceIndex":"2095","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeDuplicatesDelete.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"a9acf57ede876be7231e14aeb8c4e48a","hashSHA1":"94fe2fe417d17b993f63d6205d53ffcbecd348fd","hashSHA256":"e881f41a0b05911b01a199e28e14e24840b0c2b87beca447bb7e72dbd3571722","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2095","avBlockList":["360 Total Security (20210218)","Avast Premium Security (20210218)","AVG Internet Security (20210218)","Avira Internet Security (20210218)","Bitdefender Internet Security (20210218)","COMODO Antivirus (20210218)","Dr.Web Security Space (20210218)","ESET Internet Security (20210218)","G DATA INTERNET SECURITY (20210218)","K7 Total Security (20210218)","Kaspersky Internet Security (20210218)","Malwarebytes Premium (20210218)","McAfee Total Protection (20210218)","Norton Security (20210218)","Panda Dome (20210218)","Quick Heal Internet Security (20210218)","Sophos Home Premium (20210218)","SpyHunter5 (20210218)","Tencent PC Manager (20210218)","Total AV Antivirus Pro (20210218)","Trend Micro Internet Security (20210218)","VIPRE Advanced Security (20210218)","VirIT eXplorer PRO (20210218)","Webroot SecureAnywhere (20210218)","Windows Defender (20210218)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.freesystemsoftware.com/","landingPage":"https://www.freesystemsoftware.com/duplicatesdelete/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeDuplicatesDelete.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeDuplicatesDelete.exe","sourceIndex":"2095"}],"sampleFiles":["201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Samples/DuplicatesRemoval.exe","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Samples/PCMateFreeDuplicatesDelete.exe"],"imageFiles":["201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-109/PCMateFreeDuplicatesDelete_Installs [3] RelevantKnowledge.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-048/PCMateFreeDuplicatesDelete_Installs [3] RelevantKnowledge.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-004/PCMateFreeDuplicatesDelete_Installs [6] Update.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-118/PCMateFreeDuplicatesDelete_RetainedFiles [1.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-059/PCMateFreeDuplicatesDelete_Installs [2] RelevantKnowledge.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-059/PCMateFreeDuplicatesDelete_Installs [4] McAfee.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-155/PCMateFreeDuplicatesDelete_Installs [2] RelevantKnowledge.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-155/PCMateFreeDuplicatesDelete_Installs [4] McAfee.png"],"nonDeceptorImageFiles":["201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-038/PCMateFreeDuplicatesDelete_MainFileProperty [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-065/PCMateFreeDuplicatesDelete_Installs [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-002/PCMateFreeDuplicatesDelete_About [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-002/PCMateFreeDuplicatesDelete_Installs [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-092/PCMateFreeDuplicatesDelete_MainFileProperty [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-092/PCMateFreeDuplicatesDelete_MainFileProperty [2].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-065/PCMateFreeDuplicatesDelete_About [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-099/PCMateFreeDuplicatesDelete_About [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-002/PCMateFreeDuplicatesDelete_About [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-002/PCMateFreeDuplicatesDelete_Installs [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-167/PCMateFreeSystemCare Software - Legal Terms.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-099/PCMateFreeDuplicatesDelete_LandingPage [1].png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-099/PCMateFreeSystemCare Software - LandingPage.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-017/PCMateFreeSystemCare Awards.png","201006/PCMateFreeDuplicatesDelete-201006/8.8.1/Images/ACR-161/PCMateFreeSystemCare Software - Client Testimonials.png"],"guid":"128a71e4-ee57-4dcb-94eb-6d3512b0fef8_8.8.1_1","appID":"PCMateFreeDuplicatesDelete-201006","dateAdded":"201006","deceptorType":"Bundler","name":"PCMate Free Duplicates Delete","company":"PCMateFreeSystemCare Software","version":"8.8.1","sigName":"Deceptor:Win32/PCMateFreeDuplicatesDelete!109048004118059155","lastKnownStatus":"8.8.1","lastKnownDate":"201006","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"inject ads","lastUpdate":"2020-10-08T06:30:58.0266345+00:00","notDistributed":false,"familyName":"Hangxin","numInFamily":6,"numInAppID":1,"sortOrder":1646},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file, that user not agreed to install.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" actually downloads nothing new, sometime it leads to download the component(s) that user declined during install procedure. for example, it connected to post.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge\n","ACR-118":"There are some executable files were left behind even after app shows uninstall completed.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The App's version is not consistent between App interaction and its install  (version 8.8.2.4 vs version 8.8.1). \nThe App's version is not consistent between App interaction and its install  (version 8.8.2.4 vs version 8.8.1). \n","ACR-161":"The landing  page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The app does not provide Digital signatures for the main executable.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n"},"samples":[{"isRevoked":"False","fileName":"DuplicatesRemoval.exe","fileVersion":"0.0","hashMD5":"675a2ed67df7d66619a01c9de65ec25b","hashSHA1":"bacd3de2028cc6d67c3a9159108215c000acbb4f","hashSHA256":"35815477012792accca67b95c5408b67abcf940314b0ed3d3a040b6561aeab6f","sourceIndex":"2094","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeDuplicatesDelete.exe","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"a9acf57ede876be7231e14aeb8c4e48a","hashSHA1":"94fe2fe417d17b993f63d6205d53ffcbecd348fd","hashSHA256":"e881f41a0b05911b01a199e28e14e24840b0c2b87beca447bb7e72dbd3571722","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2094","avBlockList":["360 Total Security (20210218)","Avast Premium Security (20210218)","AVG Internet Security (20210218)","Avira Internet Security (20210218)","Bitdefender Internet Security (20210218)","COMODO Antivirus (20210218)","Dr.Web Security Space (20210218)","ESET Internet Security (20210218)","G DATA INTERNET SECURITY (20210218)","K7 Total Security (20210218)","Kaspersky Internet Security (20210218)","Malwarebytes Premium (20210218)","McAfee Total Protection (20210218)","Norton Security (20210218)","Panda Dome (20210218)","Quick Heal Internet Security (20210218)","Sophos Home Premium (20210218)","SpyHunter5 (20210218)","Tencent PC Manager (20210218)","Total AV Antivirus Pro (20210218)","Trend Micro Internet Security (20210218)","VIPRE Advanced Security (20210218)","VirIT eXplorer PRO (20210218)","Webroot SecureAnywhere (20210218)","Windows Defender (20210218)"],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskCleanup.exe","fileVersion":"0.0","hashMD5":"e86e0d68003ac0be8ddae8eee44bb231","hashSHA1":"a9d8a06b3b750bf9c61c4519712007ea36011758","hashSHA256":"79eddaf5e3478119cfd1e9eca63d81ddf07070cfc25bc97359b2fb26ce88978a","sourceIndex":"2094","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeDiskCleaner.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"3df2a3d767fd0dde126e299e8659df1e","hashSHA1":"cb1bac9afbf7f662046574ead1ea4a82a9a1f548","hashSHA256":"29150ef9d6ab2d05f1aef698a0060c44e2ce6af319d547d2dcce66ae6dc6c087","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No.17, Zhongjianzi Alley, Dongcheng Dist.\", L=Beijing Shi, S=Beijing Shi, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2094","avBlockList":["360 Total Security (20210218)","Avast Premium Security (20210218)","AVG Internet Security (20210218)","Avira Internet Security (20210218)","Bitdefender Internet Security (20210218)","COMODO Antivirus (20210218)","Dr.Web Security Space (20210218)","ESET Internet Security (20210218)","G DATA INTERNET SECURITY (20210218)","K7 Total Security (20210218)","Kaspersky Internet Security (20210218)","Malwarebytes Premium (20210218)","McAfee Total Protection (20210218)","Norton Security (20210218)","Panda Dome (20210218)","Quick Heal Internet Security (20210218)","Sophos Home Premium (20210218)","SpyHunter5 (20210218)","Tencent PC Manager (20210218)","Total AV Antivirus Pro (20210218)","Trend Micro Internet Security (20210218)","VIPRE Advanced Security (20210218)","VirIT eXplorer PRO (20210218)","Webroot SecureAnywhere (20210218)","Windows Defender (20210218)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://www.freesystemsoftware.com/","landingPage":"https://www.freesystemsoftware.com/diskcleaner/index.php","directDownloadingLink":"https://www.freesystemsoftware.com/PCMateFreeDiskCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.freesystemsoftware.com/PCMateFreeDiskCleaner.exe","sourceIndex":"2094"}],"sampleFiles":["201006/PCMateFreeDiskCleaner-201006/8.8.1/Samples/DiskCleanup.exe","201006/PCMateFreeDiskCleaner-201006/8.8.1/Samples/PCMateFreeDiskCleaner.exe"],"imageFiles":["201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-109/PCMateFreeDiskCleaner_Installs [3] RelevantKnowledge.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-048/PCMateFreeDiskCleaner_Installs [3] RelevantKnowledge.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-004/PCMateFreeDiskCleaner_Installs [7] Update.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-118/PCMateFreeDiskCleaner_RetainedFiles [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-059/PCMateFreeDiskCleaner_Installs [2] RelevantKnowledge.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-059/PCMateFreeDiskCleaner_Installs [5] McAfee.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-155/PCMateFreeDiskCleaner_Installs [2] RelevantKnowledge.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-155/PCMateFreeDiskCleaner_Installs [5] McAfee.png"],"nonDeceptorImageFiles":["201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-038/PCMateFreeDiskCleaner_MainFileProperty [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-065/PCMateFreeDiskCleaner_Installs [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-065/PCMateFreeDiskCleaner_Installs [6].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-002/PCMateFreeDiskCleaner_About [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-002/PCMateFreeDiskCleaner_Installs [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-092/PCMateFreeDiskCleaner_MainFileProperty [2].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-065/PCMateFreeDiskCleaner_About [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-065/PCMateFreeDiskCleaner_EULA [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-099/PCMateFreeDiskCleaner_About [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-002/PCMateFreeDiskCleaner_About [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-002/PCMateFreeDiskCleaner_Installs [1].png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-167/PCMateFreeSystemCare Software - Legal Terms.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-099/PCMateFreeDiskCleaner_LandingPage.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-099/PCMateFreeSystemCare Software - LandingPage.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-017/PCMateFreeSystemCare Awards.png","201006/PCMateFreeDiskCleaner-201006/8.8.1/Images/ACR-161/PCMateFreeSystemCare Software - Client Testimonials.png"],"guid":"88788200-8ad9-491b-8217-f83321ed0780_8.8.1_1","appID":"PCMateFreeDiskCleaner-201006","dateAdded":"201006","deceptorType":"Bundler","name":"PCMate Free Disk Cleaner","company":"PCMateFreeSystemCare Software","version":"8.8.1","sigName":"Deceptor:Win32/PCMateFreeDiskCleaner!109048004118059155","lastKnownStatus":"8.8.1","lastKnownDate":"201006","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2020-10-08T06:31:55.7140687+00:00","notDistributed":false,"familyName":"Hangxin","numInFamily":6,"numInAppID":1,"sortOrder":1647},{"violations":{"ACR-048":"The app does not provide an option to cancel the startup of its own.\n","ACR-004":"The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" actually downloads nothing new, sometime it leads to download the component(s) that user declined during install procedure. for example, it connected to post.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge\n","ACR-084":"The app creates an undisclosed start-up of its own app.\n","ACR-118":"When uninstalling, the app retains some of the executables.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The app does not disclose the EULA & Privacy Policy during the installation.\nThe app does not disclose the EULA & Privacy Policy in the software.\n","ACR-161":"The app displays unverifiable testimonials.\n","ACR-092":"The app does not provide Digital signatures for all the executables.\n","ACR-099":"The app does not disclose the uninstall information in the software.\nThe app does not disclose the uninstall information in the landing page.\n","ACR-035":"The app does not disclose the app's name in the docs.\n","ACR-167":"The app does not provide a link for the refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n","ACR-014":"The app uses the word \"Problem\" in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PCMate Free Driver Backup\\DriverBackup.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"d75bae7743dc6eabe38d41109787cb68","hashSHA1":"26a8370a79b74a7919782b71ca3497596404df2b","hashSHA256":"48ac81da4bdf1fa9be82264f9cb9f0eef95acf4d4fd6104fee68765dfa4725cc","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2096","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeDriverBackup.exe","isInstaller":"True","companyName":"PCMate Software Inc.                                       ","productName":"PCMate Free Driver Backup                                   ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"2f6b04fc4a09254bffc417ad15104346","hashSHA1":"9a0a2083a5c1e9d4c7e7c414b850b1b3006490cf","hashSHA256":"81e5ebdf4915d8a7169cbbe766c6886f4aab525c080328de9a5de3856f85c775","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Hangxin Gaoke Intellectual Property Operation Co.Ltd","storeId":"","sourceIndex":"2096","avBlockList":["360 Total Security (20210218)","Avast Premium Security (20210218)","AVG Internet Security (20210218)","Avira Internet Security (20210218)","Bitdefender Internet Security (20210218)","Dr.Web Security Space (20210218)","ESET Internet Security (20210218)","G DATA INTERNET SECURITY (20210218)","K7 Total Security (20210218)","Kaspersky Internet Security (20210218)","Malwarebytes Premium (20210218)","McAfee Total Protection (20210218)","Norton Security (20210218)","Panda Dome (20210218)","Quick Heal Internet Security (20210218)","Sophos Home Premium (20210218)","SpyHunter5 (20210218)","Tencent PC Manager (20210218)","Trend Micro Internet Security (20210218)","VIPRE Advanced Security (20210218)","VirIT eXplorer PRO (20210218)","Webroot SecureAnywhere (20210218)","Windows Defender (20210218)","Total AV Antivirus Pro (20210218)"],"avAllowList":["COMODO Antivirus (20210218)"]}],"additionalFiles":[],"sources":[{"howFound":"free system software ","reference":"https://www.freesystemsoftware.com/software/index.html","landingPage":"https://www.freesystemsoftware.com/driverbackup/index.php","directDownloadingLink":"http://www.freesystemsoftware.com/PCMateFreeDriverBackup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freesystemsoftware.com/PCMateFreeDriverBackup.exe","sourceIndex":"2096"}],"sampleFiles":["201005/PCMateFreeDriverBackup-201002/8.8.1/Samples/PCMateFreeDriverBackup.exe"],"imageFiles":["201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-004/ACR-004_Software_UsesAlarmingSymbols.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-084/ACR-084_Software_SilentInstallation.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-084/ACR-084_Software_Start-up.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-048/ACR-048_Software_Start-upNoControl.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-118/ACR-118_Uninstall_RetainsComponents.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-059/ACR-059_Bundler-MadeOffers_NoOptionalOffer.JPG"],"nonDeceptorImageFiles":["201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-065/ACR-065_Install_NoDocs.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-038/ACR-038_Install_NoDetails.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-065/ACR-065_Software_NoDocs.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-035/ACR-035_Docs_NoAppName.jpg","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-167/ACR-167_Docs_NoRefundpolicy.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.JPG","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-014/ACR-014_Landingpage_WordProblem.jpg","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-017/ACR-017_Landingpage_UnverfiableLogos.jpg","201005/PCMateFreeDriverBackup-201002/8.8.1/Images/ACR-161/ACR-161_Landingpage_UnverifiableTestimonials.jpg"],"guid":"b6d49397-fab5-4b4f-a3e0-1fb71d44509a_8.8.1_1","appID":"PCMateFreeDriverBackup-201002","dateAdded":"201005","deceptorType":"App","name":"PCMateFreeDriverBackup","company":"PCMate Software, Inc.","version":"8.8.1","sigName":"Deceptor:Win32/PCMateFreeDriverBackup!004084048118059","lastKnownStatus":"8.8.1","lastKnownDate":"201005","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"","lastUpdate":"2020-10-08T06:28:23.7336747+00:00","notDistributed":false,"familyName":"Hangxin","numInFamily":6,"numInAppID":1,"sortOrder":1649},{"violations":{"ACR-004":" The app prompts untruthful message that upgrade is needed whenever user launches the app. The \"Update\" actually downloads nothing new, sometime it leads to download the component(s) that user declined during install procedure, for example, it connected to post.securestudies.com and attempted to download user internet behavior program from Relevant Knowledge\n","ACR-118":"When uninstalling, the app retains some of the executables. \n","ACR-014":" The app uses the word \"problem\" in the software.\n","ACR-059":"The Offer is not clearly marked as an offer. who is recommending the offer is not clear.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose the Original filename, Company name, Product name, Product version, File version for all the executables.\n","ACR-065":"The app does not disclose the EULA & Privacy Policy during the installation.\nThe app does not disclose the EULA & Privacy Policy in the software.\n","ACR-161":"The app displays unverifiable testimonials.\n","ACR-092":"The app does not provide Digital signatures for all the executables.\n","ACR-099":"The app does not disclose the uninstall information in the software.\nThe app does not disclose the uninstall information in the landing page.\n","ACR-035":"The app does not disclose the app's name in the docs.\n","ACR-167":"The app does not provide a link for the refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos.\n","ACR-014":" The app uses the words \"problem\" and \"error\" in the landing page.\n\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PCMate Free Registry Cleaner\\PCMateFreeRegistryCleaner.exe","companyName":"PCMate Free Registry Cleaner","productName":"PCMate Free Registry Cleaner","productVersion":"6.5.1","fileVersion":"6.5.1","hashMD5":"713c8db159a2c5099327e8a56b612635","hashSHA1":"2f9fa38a9706d1f8d2a2cb710c884362901b4b72","hashSHA256":"5d34fc0a2756cc3fed8d445fd15cc6c8aacc1bfa338895bc87b9cfb9b3465643","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2097","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeRegistryCleaner.exe","isInstaller":"True","companyName":"PCMate Software Inc.                                       ","productName":"PCMate Free Registry Cleaner                                ","productVersion":"                                                  ","fileVersion":"                    ","hashMD5":"47fb65e62fbcabeea49ddbc62c5d8c72","hashSHA1":"fa84d8ef0116ca14a1af99c00b771b0583379513","hashSHA256":"1c976c51ae6026dd94c4f5fbee86315fb40308de61ccf5c866a34bacc89ff312","digitalCertThumbprint":"AB3BF705268399B80E815D612192384F5DEEE227","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Beijing Hangxin Gaoke Intellectual Property Operation Co.Ltd","storeId":"","sourceIndex":"2097","avBlockList":["360 Total Security (20210218)","Avast Premium Security (20210218)","AVG Internet Security (20210218)","Avira Internet Security (20210218)","Bitdefender Internet Security (20210218)","Dr.Web Security Space (20210218)","ESET Internet Security (20210218)","G DATA INTERNET SECURITY (20210218)","K7 Total Security (20210218)","Kaspersky Internet Security (20210218)","Malwarebytes Premium (20210218)","McAfee Total Protection (20210218)","Norton Security (20210218)","Panda Dome (20210218)","Quick Heal Internet Security (20210218)","Sophos Home Premium (20210218)","SpyHunter5 (20210218)","Tencent PC Manager (20210218)","Total AV Antivirus Pro (20210218)","Trend Micro Internet Security (20210218)","VIPRE Advanced Security (20210218)","VirIT eXplorer PRO (20210218)","Webroot SecureAnywhere (20210218)","Windows Defender (20210218)"],"avAllowList":["COMODO Antivirus (20210218)"]}],"additionalFiles":[],"sources":[{"howFound":"free system software ","reference":"https://www.freesystemsoftware.com/software/index.html","landingPage":"https://www.freesystemsoftware.com/registrycleaner/index.php","directDownloadingLink":"http://www.freesystemsoftware.com/PCMateFreeRegistryCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.freesystemsoftware.com/PCMateFreeRegistryCleaner.exe","sourceIndex":"2097"}],"sampleFiles":["201005/PCMateFreeRegistryCleaner-201002/8.8.1/Samples/PCMateFreeRegistryCleaner.exe"],"imageFiles":["201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-004/ACR-004_Software_Alarming.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-014/ACR-014_Software_WordProblem1.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-014/ACR-014_Software_WordProblem2.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-014/ACR-014_Software_WordProblem3.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-118/ACR-118_Uninstall_RetainsComponents.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-059/ACR-059_Bundler-madeOffers_NoOptionalOffers.JPG"],"nonDeceptorImageFiles":["201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-038/ACR-038-Install_NoDetails.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-065/ACR-065_Install_NoDocs.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-065/ACR-065_Software_NoDocs.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-035/ACR-035_Docs_NoAppName.jpg","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-167/ACR-167_Docs_NoRefundpolicy.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.JPG","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-014/ACR-014_Landingpage_WordIssues.jpg","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-014/ACR-014_Landingpage_WordIssues1.jpg","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-014/ACR-014_Landingpage_WordIssues2.jpg","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-017/ACR-017_Landingpage_UnverfiableLogos.jpg","201005/PCMateFreeRegistryCleaner-201002/8.8.1/Images/ACR-161/ACR-161_Landingpage_UnverifiableTestimonials.jpg"],"guid":"507daffa-c715-462d-8a0d-da23b084af9b_8.8.1_1","appID":"PCMateFreeRegistryCleaner-201002","dateAdded":"201005","deceptorType":"App","name":"PCMateFreeRegistryCleaner","company":"PCMate Software, Inc.","version":"8.8.1","sigName":"Deceptor:Win32/PCMateFreeRegistryCleaner!004014118059","lastKnownStatus":"8.8.1","lastKnownDate":"201005","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","ageAppropriate":"Child appropriate","monetization":"","lastUpdate":"2020-10-08T06:27:26.713831+00:00","notDistributed":false,"familyName":"Hangxin","numInFamily":6,"numInAppID":1,"sortOrder":1648},{"violations":{"ACR-003":"The app's use of the color \"red\" misleads the user into thinking that cleaning junk will have a large effect on the system's health. The app also uses gauges and words like \"critical\" to exaggerate the effect of junk on the computer.\n","ACR-004":"The app provides a free scan, but requires the customer to purchase the app to fix the non-permanent issues identified during the scan. The app also uses gauges and the color \"red\" to create an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's install does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's about page does not display links to uninstall information.\nThe app's landing page does not show links to uninstall information.\nThe app's internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"MacOptimizerPro.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"48b007067738020f0aab85374232abfb","hashSHA1":"487754231059bfd6194f04aa552dd1cd66bfd4e8","hashSHA256":"fac692558ac11357994e93d6ec5fe07682c1226619680be57b51715dc67eb9b0","sourceIndex":"2573","avBlockList":["Avast Security for Mac (20201110)","Avira Security for Mac (20201110)","Bitdefender Antivirus for Mac (20201110)","ESET Cyber Security Pro for Mac (20201110)","K7 Antivirus for Mac (20201110)","Kaspersky Internet Security for Mac (20201110)","McAfee Internet Security for Mac (20201110)","Norton Security for Mac (20201110)","Sophos Home Premium For Mac (20201110)","Trend Micro Antivirus for Mac (20201110)"],"avAllowList":["G DATA AntiVirus for Mac (20201110)"]},{"isRevoked":"False","fileName":"Mac Optimizer Pro","fileVersion":"0.","hashMD5":"7d69effca02905d6467a31ed19ba89cd","hashSHA1":"b18ba5916c384d6849bc2b2aa459e30d82ad3879","hashSHA256":"095e5c9a9b07cab921f8956abfa3f3cec068d4f552266242238cbf2efee88e47","sourceIndex":"2573","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.macoptimizerpro.com","directDownloadingLink":"https://www.macoptimizerpro.com/MacOptimizerPro.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macoptimizerpro.com/MacOptimizerPro.dmg","sourceIndex":"2573"}],"sampleFiles":["190718/MacOptimizerPro-190422/3.0.0.3/Samples/MacOptimizerPro.dmg","190718/MacOptimizerPro-190422/3.0.0.3/Samples/Mac Optimizer Pro"],"imageFiles":["190718/MacOptimizerPro-190422/3.0.0.3/Images/ACR-003/Screen Shot 2020-01-24 at 2.06.07 PM.png","190718/MacOptimizerPro-190422/3.0.0.3/Images/ACR-003/Screen Shot 2020-01-24 at 2.05.59 PM.png","190718/MacOptimizerPro-190422/3.0.0.3/Images/ACR-004/Mac Optimizer Pro ACR-004.gif"],"nonDeceptorImageFiles":["190718/MacOptimizerPro-190422/3.0.0.3/Images/ACR-065/Screen Shot 2020-01-24 at 2.14.35 PM.png","190718/MacOptimizerPro-190422/3.0.0.3/Images/ACR-065/Screen Shot 2020-01-24 at 2.13.28 PM.png","190718/MacOptimizerPro-190422/3.0.0.3/Images/ACR-099/Screen Shot 2020-01-24 at 2.14.35 PM.png","190718/MacOptimizerPro-190422/3.0.0.3/Images/ACR-099/Screen Shot 2020-01-24 at 2.18.52 PM.png","190718/MacOptimizerPro-190422/3.0.0.3/Images/ACR-099/Screen Shot 2020-01-24 at 2.20.12 PM.png"],"guid":"4b5f08df-abf6-497e-ad42-cdcce8215207_3.0.0.3_1","appID":"MacOptimizerPro-190422","dateAdded":"200924","deceptorType":"MacOS App","name":"Mac Optimizer Pro","company":"Xportsot Technologies","version":"3.0.0.3","sigName":"Deceptor:MacOS/MacOptimizerPro!003004 ","lastKnownStatus":"Deceptor:2.0.0.7 , 3.0.0.1,3.0.0.3;3.0.0.6","lastKnownDate":"200924","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-09-24T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1834},{"violations":{"ACR-003":"The app's use of the color \"red\" misleads the user into thinking that cleaning junk will have a large effect on the system's health.\n","ACR-004":"The App requires the customer to purchase the app to fix the non-permanent issues identified during a free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's install does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's about page does not display links to uninstall information.\nThe app's landing page does not show links to uninstall information.\nThe app's internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Optimizer Pro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d1820d0ca3086a6535e9964ab8c1e8033e28f6c07a7307cdae6137594e6f9660","sourceIndex":"2571","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macoptimizerpro.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"02544df2ab7f871ac10e3009d1184f640815f571d5e048ea8ac6b0afd8957ece","sourceIndex":"2571","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.macoptimizerpro.com","directDownloadingLink":"http://www.macoptimizerpro.com/MacOptimizerPro.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.macoptimizerpro.com/MacOptimizerPro.dmg","sourceIndex":"2571"}],"sampleFiles":["190718/MacOptimizerPro-190422/2.0.0.7/Samples/Mac Optimizer Pro","190718/MacOptimizerPro-190422/2.0.0.7/Samples/macoptimizerpro.dmg"],"imageFiles":["190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-003/MacOptimizerPro Scan Results.png","190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-004/MacOptimizerPro Before Internal Offers.png","190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-004/MacOptimizerPro Get Full Version.png","190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-004/MacOptimizerPro Scan Results.png","190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-004/MacOptimizerPro Top of Internal Offers.png"],"nonDeceptorImageFiles":["190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-065/MacOptimizerPro About.png","190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-065/MacOptimizerPro Install.png","190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-099/MacOptimizerPro About.png","190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-099/MacOptimizerPro Bottom of Landing Page.png","190718/MacOptimizerPro-190422/2.0.0.7/Images/ACR-099/MacOptimizerPro Bottom of Internal Offers.png"],"guid":"4b5f08df-abf6-497e-ad42-cdcce8215207_2.0.0.7_1","appID":"MacOptimizerPro-190422","dateAdded":"200924","deceptorType":"MacOS App","name":"Mac Optimizer Pro","company":"Xportsot Technologies","version":"2.0.0.7","sigName":"Deceptor:MacOS/MacOptimizerPro!003004","lastKnownStatus":"Deceptor:2.0.0.7 , 3.0.0.1,3.0.0.3;3.0.0.6","lastKnownDate":"200924","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-09-24T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1832},{"violations":{"ACR-003":"The app's use of the color \"red\" misleads the user into thinking that cleaning junk will have a large effect on the system's health. The app also uses gauges and words like \"serious\" or \"critical\"  to exaggerate the effect of junk on the computer.\n","ACR-004":"The app provides a free scan, but requires the customer to purchase the app to fix the non-permanent issues identified during the scan. The app also uses gauges and the color \"red\" to create an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not show links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's install does not show links to the EULA or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's about page does not display links to uninstall information.\nThe app's landing page does not show links to uninstall information.\nThe app's internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Optimizer Pro","fileVersion":"0.","hashMD5":"7ffa983f57ce7ea4368d8fd9b2d05486","hashSHA1":"167a42942e9f7a5e49469aa067377f1d836c9daf","hashSHA256":"b43f76ddbb0464fafac91cf3ecbcd3db943496409468f4a9b2612ae47088c704","sourceIndex":"2104","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacOptimizerPro.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"bd0c0e7f1c5466b14d062b6bcb1e3ed7","hashSHA1":"2ac281a72f3a0bdaa691ebef3c7786e721965bf0","hashSHA256":"95177faadd0dfc274f90a48796d7083ac64e8e5ae8b00e2eaa11e8987e65d584","sourceIndex":"2104","avBlockList":["Avast Security for Mac (20201208)","Avira Security for Mac (20201208)","Bitdefender Antivirus for Mac (20201208)","ESET Cyber Security Pro for Mac (20201208)","G DATA AntiVirus for Mac (20201208)","McAfee Internet Security for Mac (20201208)","Norton Security for Mac (20201208)","Sophos Home Premium For Mac (20201208)","Trend Micro Antivirus for Mac (20201208)"],"avAllowList":["K7 Antivirus for Mac (20201208)","Kaspersky Internet Security for Mac (20201208)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.macoptimizerpro.com","directDownloadingLink":"https://www.macoptimizerpro.com/MacOptimizerPro.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.macoptimizerpro.com/MacOptimizerPro.dmg","sourceIndex":"2104"}],"sampleFiles":["200924/MacOptimizerPro-190422/3.0.0.6/Samples/Mac Optimizer Pro","200924/MacOptimizerPro-190422/3.0.0.6/Samples/MacOptimizerPro.dmg"],"imageFiles":["200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-003/MacOptimizerPro_Interactions [_3] ScanResults [2].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-003/MacOptimizerPro_Interactions [_3] ScanResults.png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-003/MacOptimizerPro_Interactions [_3] ScanResults [3].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-004/MacOptimizerPro_Interactions [_3] ScanResults [2].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-004/MacOptimizerPro_Interactions [_3] ScanResults [3].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-004/MacOptimizerPro_Interactions [_3] ScanResults [4].png"],"nonDeceptorImageFiles":["200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-065/MacOptimizerPro_About [1].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-065/MacOptimizerPro_About [2].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-065/MacOptimizerPro_Install [1].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-099/MacOptimizerPro_About [1].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-099/MacOptimizerPro_About [2].png","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-099/MacOptimizerPro_LandingPage [1].jpg","200924/MacOptimizerPro-190422/3.0.0.6/Images/ACR-099/MacOptimizerPro_OfferPage [5].png"],"guid":"4b5f08df-abf6-497e-ad42-cdcce8215207_3.0.0.6_1","appID":"MacOptimizerPro-190422","dateAdded":"200924","deceptorType":"MacOS App","name":"Mac Optimizer Pro","company":"Xportsot Technologies","version":"3.0.0.6","sigName":"Deceptor:MacOS/MacOptimizerPro!003004","lastKnownStatus":"Deceptor:2.0.0.7 , 3.0.0.1,3.0.0.3;3.0.0.6","lastKnownDate":"200924","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-09-24T22:47:10.5062689+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1831},{"violations":{"ACR-003":"The app's use of the color \"red\" misleads the user into thinking that cleaning junk will have a large effect on the system's health. Also uses words like critical to exaggerate the effect of junk on the computer.\n","ACR-004":"The App requires the customer to purchase the app to fix the non-permanent issues identified during a free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's install does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's about page does not display links to uninstall information.\nThe app's landing page does not show links to uninstall information.\nThe app's internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Optimizer Pro.app.zip","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"820529e415a1c2bca0d206e4313fdda6655246209d08d95623781337c26e27a7","sourceIndex":"2572","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"macoptimizerpro.dmg","isInstaller":"True","companyName":"Xportsot Technologies","productName":"MacOptimizerPro","fileVersion":"","hashMD5":"5a064d87b6f15d842131ff1f120055c9","hashSHA1":"fc3b8cf8ab4fd8dfb2d982d0ff6b336cd219cd55","hashSHA256":"2b2da29778df77c55e3a407d4ba5a961c98425609cc63d6f88882675ebbf555d","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"com.xportsoft.macoptimizer(6NP32BLCVA)","sourceIndex":"2572","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.macoptimizerpro.com","directDownloadingLink":"http://www.macoptimizerpro.com/MacOptimizerPro.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.macoptimizerpro.com/MacOptimizerPro.dmg","sourceIndex":"2572"}],"sampleFiles":["190718/MacOptimizerPro-190422/3.0.0.1/Samples/Mac Optimizer Pro.app.zip","190718/MacOptimizerPro-190422/3.0.0.1/Samples/macoptimizerpro.dmg"],"imageFiles":["190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-003/MacOptimizerPro Scan Results.png","190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-003/nonsubstantiatedseverity.png","190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-004/Guages.png","190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-004/No free trial.png"],"nonDeceptorImageFiles":["190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-065/Screen Shot 2019-06-19 at 5.06.59 PM.png","190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-065/Install Process.png","190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-099/Screen Shot 2019-06-19 at 5.06.59 PM.png","190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-099/Landing Page.png","190718/MacOptimizerPro-190422/3.0.0.1/Images/ACR-099/Internal Offer.png"],"guid":"4b5f08df-abf6-497e-ad42-cdcce8215207_3.0.0.1_1","appID":"MacOptimizerPro-190422","dateAdded":"200924","deceptorType":"MacOS App","name":"Mac Optimizer Pro","company":"Xportsot Technologies","version":"3.0.0.1","sigName":"Deceptor:MacOS/MacOptimizerPro!003004 ","lastKnownStatus":"Deceptor:2.0.0.7 , 3.0.0.1,3.0.0.3;3.0.0.6","lastKnownDate":"200924","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-09-24T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1833},{"violations":{"ACR-109":"1. The app installs Falco Freeware Website shortcut link without user consent. \n2. The app downloads \"rkverify.exe”, a RelevantKnowledge file.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the app's Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the app's EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the app's EULA and/or Terms of Service, the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction and its install (version 1.2 vs version 1.0). \nThe App's version is not consistent between App interaction and its install (version 1.2 vs version 1.0). \n","ACR-157":"The application’s executable files have no signed certificate, and are unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app. \nThe application's page does not show how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"FalcoRegistryDoctor.exe","companyName":"Falco Software","fileVersion":"1.0","hashMD5":"4c90f968c9cc4fcdd04e96a10cee256c","hashSHA1":"1982dad7384949b729b83eb44650042c6948e183","hashSHA256":"7b8ccf19c4392d5989c90fa9c7badd729064429c7d682e52955810b8636e44c2","sourceIndex":"2109","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FalcoRegistryDoctorSetup.exe","isInstaller":"True","companyName":"Falco Software Inc                                          ","fileVersion":"0.0","hashMD5":"9c77f69e7d67a726925836f5ae31efe1","hashSHA1":"1b3cf76a84656385254182cc7c06fcd5bc41e653","hashSHA256":"4ce9cc76fcb44bed45cb9c9514a96ee4efab7227ed02ce271cf9ebaa2f3b4b10","sourceIndex":"2109","avBlockList":["360 Total Security (20201006)","Avast Premium Security (20201006)","AVG Internet Security (20201006)","Avira Internet Security (20201006)","Bitdefender Internet Security (20201006)","COMODO Antivirus (20201006)","Dr.Web Security Space (20201006)","ESET Internet Security (20201006)","G DATA INTERNET SECURITY (20201006)","K7 Total Security (20201006)","Malwarebytes Premium (20201006)","McAfee Total Protection (20201006)","Norton Security (20201006)","Panda Dome (20201006)","Quick Heal Internet Security (20201006)","Sophos Home Premium (20201006)","SpyHunter5 (20201006)","Tencent PC Manager (20201006)","Total AV Antivirus Pro (20201006)","Trend Micro Internet Security (20201006)","VIPRE Advanced Security (20201006)","VirIT eXplorer PRO (20201006)","Webroot SecureAnywhere (20201006)","Windows Defender (20201006)"],"avAllowList":["Kaspersky Internet Security (20201006)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search: \"Registry Doctor\"","reference":"http://falcoware.com/","landingPage":"http://falcoware.com/FalcoRegistryDoctor.php","directDownloadingLink":"http://paul.falcoware.com/rk-distributives/FalcoRegistryDoctorSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://paul.falcoware.com/rk-distributives/FalcoRegistryDoctorSetup.exe","sourceIndex":"2109"}],"sampleFiles":["200921/FalcoRegistryDoctor-200918/1.0.0/Samples/FalcoRegistryDoctor.exe","200921/FalcoRegistryDoctor-200918/1.0.0/Samples/FalcoRegistryDoctorSetup.exe"],"imageFiles":["200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-109/FalcoRegistryDoctor_Install [2] RelevantKnowledge.png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-109/FalcoRegistryDoctor_FalcoFreewareshortcut [1] .png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-048/FalcoRegistryDoctor_Install [2] RelevantKnowledge.png"],"nonDeceptorImageFiles":["200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-065/FalcoRegistryDoctor_Install [1].png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-002/FalcoRegistryDoctor_Install [1].png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-002/FalcoRegistryDoctor_About [1] .png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-157/FalcoRegistryDoctor_File_InstallerUnsigned[1] .png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-157/FalcoRegistryDoctor_FileUnsigned[2] .png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-065/FalcoRegistryDoctor_About [1] .png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-099/FalcoRegistryDoctor_About [1] .png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-002/FalcoRegistryDoctor_Install [1].png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-002/FalcoRegistryDoctor_About [1] .png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-065/FalcoRegistryDoctor_LandingPage [1].png","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-065/FalcoRegistryDoctor_LandingPage [2].jpg","200921/FalcoRegistryDoctor-200918/1.0.0/Images/ACR-099/FalcoRegistryDoctor_LandingPage [1].png"],"guid":"ac543277-6e00-4c37-a3c0-49578f2a09e7_1.0.0_1","appID":"FalcoRegistryDoctor-200918","dateAdded":"200921","deceptorType":"Bundler","name":"Falco Registry Doctor","company":"Falco Software","version":"1.0.0","sigName":"Deceptor:Win32/FalcoRegistryDoctor!109048","lastKnownStatus":"1.0.0","lastKnownDate":"200921","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-09-21T20:40:41.8151089+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1835},{"violations":{"ACR-042":"Unrelated apps are installed without consumer permission through explicit user action. Bundler uses pre-checked boxes to install unrelated software.\n","ACR-057":"For the first offer the bundler uses accept and decline buttons, but for the second offer the bundler uses pre-checked boxes, requiring user action to decline the offer.\n","ACR-155":"Offers are inserted into the workflow to trick users into accepting the offer. The second offer also uses pre-checked boxes to trick users into installing the apps.\n"},"nonDeceptorViolations":{"ACR-054":"The offers to install unrelated software are pre-checked and in order to decline the offer the user must uncheck the boxes.\n"},"samples":[{"isRevoked":"False","fileName":"directx_msetup_[45053776].exe","isInstaller":"True","companyName":"NBZ LTD.","fileVersion":"1.4","hashMD5":"8c5df7c851ee389ee758f01ca4b5b893","hashSHA1":"c56212f6a79b3794dbfbe8944d83bbfd8c330e72","hashSHA256":"6b7eea38f3c21984b1123f42d229af7f1231e88c85b49bd33e00e629db58d8b2","digitalCertThumbprint":"CA123839588E886D64D8994708E14CA480411DBD","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NBZ LTD., O=NBZ LTD., STREET=\"d. 17 korp. 2 litera A ofis 606-2, ul. Beloostrovskaya\", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=197342, C=RU","sourceIndex":"2111","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://directx.biz/11-download-windows","ipv4":"","ipv6":"","sourceIndex":"2111"}],"sampleFiles":["200917/DirectXBizBundler-200916/1.4.8.0/Samples/directx_msetup_[45053776].exe"],"imageFiles":["200917/DirectXBizBundler-200916/1.4.8.0/Images/ACR-042/ACR-042.png","200917/DirectXBizBundler-200916/1.4.8.0/Images/ACR-042/ACR-042 (2).png","200917/DirectXBizBundler-200916/1.4.8.0/Images/ACR-057/ACR-057.png","200917/DirectXBizBundler-200916/1.4.8.0/Images/ACR-057/Pre-checks.png","200917/DirectXBizBundler-200916/1.4.8.0/Images/ACR-155/ACR 155.png","200917/DirectXBizBundler-200916/1.4.8.0/Images/ACR-155/Pre-checks.png"],"nonDeceptorImageFiles":["200917/DirectXBizBundler-200916/1.4.8.0/Images/ACR-054/Pre-checks.png"],"guid":"bd3082c3-4428-4e2d-9875-cd3c082648f3_1.4.8.0_1","appID":"DirectXBizBundler-200916","dateAdded":"200917","deceptorType":"Bundler","name":"Direct X Biz Bundler","company":" NBZ LTD.","version":"1.4.8.0","sigName":"Deceptor:Win32/DirectXBizBundler!042057155","lastKnownStatus":"1.4.8.0","lastKnownDate":"200917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-09-17T23:10:55.9875763+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1836},{"violations":{"ACR-042":"App does not ask for consumer's consent before installing an internet shortcut to a download website.\n","ACR-043":"The app installs an internet shortcut to a download website without disclosing it in the docs.\n","ACR-118":"After the uninstall process, app retains the files for the internet shortcut remain.\n","ACR-057":"In order to decline the offer the user needs to uncheck a prechecked checkbox.\n","ACR-155":"Offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-054":"In order to decline the offer the user needs to uncheck a prechecked checkbox.\n"},"samples":[{"isRevoked":"False","fileName":"dmaster.exe","isInstaller":"True","companyName":"WestByte                                                    ","fileVersion":"6.19","hashMD5":"5d52cbdee8ff850a42cd7fc7b8be954d","hashSHA1":"2e183d6b1ee0691117e6d669ff5b7b8f60b4aed1","hashSHA256":"79b2b022f7a1a5e7ebcbf4d0ebb2fe6c934a0a22b3561a0fbf21386862707343","digitalCertThumbprint":"E6F25B93834CE3A5FFBFD8B00261A04FBF3E6365","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Download Master, O=Download Master, STREET=Bud. 74 prospekt Peremogy, L=Kyiv, S=Kyivska, PostalCode=03113, C=UA","sourceIndex":"2113","avBlockList":["Avast Premium Security (20200909)","AVG Internet Security (20200909)","Avira Internet Security (20200909)","Bitdefender Internet Security (20200909)","ESET Internet Security (20200909)","G DATA INTERNET SECURITY (20200909)","K7 Total Security (20200909)","McAfee Total Protection (20200909)","Norton Security (20200909)","Panda Dome (20200909)","Quick Heal Internet Security (20200909)","SpyHunter5 (20200909)","Tencent PC Manager (20200909)","Total AV Antivirus Pro (20200909)","VIPRE Advanced Security (20200909)","Webroot SecureAnywhere (20200909)","Windows Defender (20200909)"],"avAllowList":["360 Total Security (20200909)","COMODO Antivirus (20200909)","Dr.Web Security Space (20200909)","Kaspersky Internet Security (20200909)","Malwarebytes Premium (20200909)","Sophos Home Premium (20200909)","Trend Micro Internet Security (20200909)","VirIT eXplorer PRO (20200909)"]},{"isRevoked":"False","fileName":"dmasterapp.exe","companyName":"WestByte","fileVersion":"6.19","hashMD5":"3433b54484c391892bc6ad71d450b5ff","hashSHA1":"4d80eaaff5301812f96eae0e70156e0d9fd31812","hashSHA256":"83856a6c2aa5cd8c17544512056ffda3b9e80f00a051bd15c6f6d05651777474","digitalCertThumbprint":"E6F25B93834CE3A5FFBFD8B00261A04FBF3E6365","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Download Master, O=Download Master, STREET=Bud. 74 prospekt Peremogy, L=Kyiv, S=Kyivska, PostalCode=03113, C=UA","sourceIndex":"2113","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.westbyte.com/dm/","directDownloadingLink":"https://download.downloadmaster.ru/dm/dmaster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.downloadmaster.ru/dm/dmaster.exe","sourceIndex":"2113"}],"sampleFiles":["200909/DownloadMaster-200817/6.19.5.1651/Samples/dmaster.exe","200909/DownloadMaster-200817/6.19.5.1651/Samples/dmasterapp.exe"],"imageFiles":["200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-043/Screen Shot 2020-08-25 at 1.39.59 PM.png","200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-043/Screen Shot 2020-08-25 at 1.26.01 PM.png","200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-043/Screen Shot 2020-08-25 at 1.51.11 PM.png","200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-042/Screen Shot 2020-08-25 at 1.51.11 PM.png","200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-042/Screen Shot 2020-08-25 at 2.19.19 PM.png","200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-118/Screen Shot 2020-08-25 at 2.07.33 PM.png","200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-057/Screen Shot 2020-08-25 at 2.19.19 PM.png","200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-155/Screen Shot 2020-08-25 at 2.19.19 PM.png"],"nonDeceptorImageFiles":["200909/DownloadMaster-200817/6.19.5.1651/Images/ACR-054/Screen Shot 2020-08-25 at 2.19.19 PM.png"],"guid":"07455610-ac6e-45ed-a591-f26f44edcc18_6.19.5.1651_1","appID":"DownloadMaster-200817","dateAdded":"200909","deceptorType":"App","name":"DownloadMaster","company":"WestByte","version":"6.19.5.1651","sigName":"Deceptor:Win32/DownloadMaster!043042118057155","firstVendorContactDate":"200904","firstAppEsteemReplyDate":"200904","firstResolvedDate":"200909","firstResolvedVersion":"6.19.6.1653","resolved":"TRUE","lastKnownStatus":"6.19.5.1651","lastKnownDate":"200909","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2020-09-09T22:24:25.6456882+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1837},{"violations":{"ACR-057":"The offer requires the user to to uncheck checkboxes within the displayed offer in order to decline it.\n","ACR-155":"Offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer\n"},"nonDeceptorViolations":{"ACR-054":"The offers require the user to uncheck pre-checked checkboxes within the ad in order to decline the offer. \n"},"samples":[{"isRevoked":"False","fileName":"Get_uBar-8104.exe","isInstaller":"True","companyName":"uBar","fileVersion":"1.9","hashMD5":"1ee26cfeebe5f48b38efa926dc563f45","hashSHA1":"6e2266c307686dd99fd4faaa0a781ba06d7f8121","hashSHA256":"19e8aaa07cf77f37271e5017a3b5d3ab59f474abd5ae74a29b337ea1d0b0bcdb","digitalCertThumbprint":"608CC3EF91449D9B457D56A91B11EFC4F19A04BB","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=IP Iaroslavskii Anton Andreevich, O=IP Iaroslavskii Anton Andreevich, STREET=\"Lenina str, 35-24,\", L=Petrozavodsk, S=Karelia, PostalCode=185000, C=RU","sourceIndex":"368","avBlockList":["Avast Premium Security (20200915)","AVG Internet Security (20200915)","Avira Internet Security (20200915)","Bitdefender Internet Security (20200915)","COMODO Antivirus (20200915)","Dr.Web Security Space (20200915)","ESET Internet Security (20200915)","G DATA INTERNET SECURITY (20200915)","K7 Total Security (20200915)","Kaspersky Internet Security (20200915)","Malwarebytes Premium (20200915)","McAfee Total Protection (20200915)","Norton Security (20200915)","Panda Dome (20200915)","Quick Heal Internet Security (20200915)","Sophos Home Premium (20200915)","SpyHunter5 (20200915)","Tencent PC Manager (20200915)","Total AV Antivirus Pro (20200915)","Trend Micro Internet Security (20200915)","VIPRE Advanced Security (20200915)","VirIT eXplorer PRO (20200915)","Webroot SecureAnywhere (20200915)"],"avAllowList":["360 Total Security (20200915)","Windows Defender (20200915)"]},{"isRevoked":"False","fileName":"uBar.exe","companyName":"uBar","fileVersion":"1.9","hashMD5":"c1676693fc2c5c26e245657584094095","hashSHA1":"93e3c8302718253b24bab8d291cccae5353fcd6e","hashSHA256":"7176db1cdcd8fe67be9b865d5f7071e3db66cb14f20750f1a3063d5ce2430e2d","digitalCertThumbprint":"608CC3EF91449D9B457D56A91B11EFC4F19A04BB","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=IP Iaroslavskii Anton Andreevich, O=IP Iaroslavskii Anton Andreevich, STREET=\"Lenina str, 35-24,\", L=Petrozavodsk, S=Karelia, PostalCode=185000, C=RU","sourceIndex":"368","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://ubar-pro4.ru/","directDownloadingLink":"https://ubar-pro4.ru/download/d/1/?i=dGl0bGU9JmRlc2NyaXB0aW9uPSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT0mZmlsZT0=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ubar-pro4.ru/download/d/1/?i=dGl0bGU9JmRlc2NyaXB0aW9uPSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT0mZmlsZT0=","sourceIndex":"368"}],"sampleFiles":["200826/uBar-200729/1.9.9.13/Samples/Get_uBar-8104.exe","200826/uBar-200729/1.9.9.13/Samples/uBar.exe"],"imageFiles":["200826/uBar-200729/1.9.9.13/Images/ACR-057/Screen Shot 2020-08-20 at 2.58.09 PM.png","200826/uBar-200729/1.9.9.13/Images/ACR-057/Screen Shot 2020-08-20 at 2.59.53 PM.png","200826/uBar-200729/1.9.9.13/Images/ACR-155/Screen Shot 2020-08-20 at 2.58.09 PM.png","200826/uBar-200729/1.9.9.13/Images/ACR-155/Screen Shot 2020-08-20 at 2.59.53 PM.png"],"nonDeceptorImageFiles":["200826/uBar-200729/1.9.9.13/Images/ACR-054/Screen Shot 2020-08-20 at 2.58.09 PM.png","200826/uBar-200729/1.9.9.13/Images/ACR-054/Screen Shot 2020-08-20 at 2.59.53 PM.png"],"guid":"798c60bb-5b3e-4420-8ff9-83b2793609cd_1.9.9.13_1","appID":"uBar-200729","dateAdded":"200826","deceptorType":"App","name":"uBar","company":"uBar","version":"1.9.9.13","sigName":"Deceptor:Win32/uBar!057155","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2024-11-12T22:47:57.9370809+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1838},{"violations":{"ACR-047":"Installer offers the same offer again after the user declined it the first time.\n","ACR-059":"The installer does not clearly label offers.\n"},"nonDeceptorViolations":{"ACR-072":"The installer offers the same offer twice.\n"},"samples":[{"isRevoked":"False","fileName":"CR_Downloader_for_project64_0265595621.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"80fb1b7822bc4717a9081ddf19425b72","hashSHA1":"003e11e451a902df9d112f9f85c46faa972f47d7","hashSHA256":"a6b6bf9f1315d2f51a76e8531c0785b3e0ad48176ee0d0bc6da6833e6b70ecd5","digitalCertThumbprint":"2FB13A3954F33FDBDC3E893EFDEDDA3F8C314EC7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Mode Wild (Superior Media Ltd.), O=Mode Wild (Superior Media Ltd.), STREET=121 Begin Menachem Rd., L=Tel Aviv, S=Tel Aviv, PostalCode=6701203, C=IL","sourceIndex":"2120","avBlockList":["360 Total Security (20200915)","Avira Internet Security (20200915)","Bitdefender Internet Security (20200915)","COMODO Antivirus (20200915)","Dr.Web Security Space (20200915)","ESET Internet Security (20200915)","G DATA INTERNET SECURITY (20200915)","K7 Total Security (20200915)","Kaspersky Internet Security (20200915)","Malwarebytes Premium (20200915)","McAfee Total Protection (20200915)","Norton Security (20200915)","Panda Dome (20200915)","Quick Heal Internet Security (20200915)","Sophos Home Premium (20200915)","SpyHunter5 (20200915)","Tencent PC Manager (20200915)","Total AV Antivirus Pro (20200915)","Trend Micro Internet Security (20200915)","VIPRE Advanced Security (20200915)","VirIT eXplorer PRO (20200915)","Webroot SecureAnywhere (20200915)","Windows Defender (20200915)"],"avAllowList":["Avast Premium Security (20200915)","AVG Internet Security (20200915)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://coolrom.com.au/emulators/n64/21/Project64.php","directDownloadingLink":"https://coolrom.com.au/downloader.php?id=21&emu=nm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://coolrom.com.au/downloader.php?id=21&emu=nm","sourceIndex":"2120"}],"sampleFiles":["200826/RilodiguSetup-200826/5.3.1.5/Samples/CR_Downloader_for_project64_0265595621.exe"],"imageFiles":["200826/RilodiguSetup-200826/5.3.1.5/Images/ACR-047/Screen Shot 2020-08-26 at 1.28.50 PM.png","200826/RilodiguSetup-200826/5.3.1.5/Images/ACR-047/Screen Shot 2020-08-26 at 1.31.16 PM.png","200826/RilodiguSetup-200826/5.3.1.5/Images/ACR-059/Screen Shot 2020-08-26 at 1.28.50 PM.png","200826/RilodiguSetup-200826/5.3.1.5/Images/ACR-059/Screen Shot 2020-08-26 at 1.31.16 PM.png"],"nonDeceptorImageFiles":["200826/RilodiguSetup-200826/5.3.1.5/Images/ACR-072/Screen Shot 2020-08-26 at 1.28.50 PM.png","200826/RilodiguSetup-200826/5.3.1.5/Images/ACR-072/Screen Shot 2020-08-26 at 1.31.16 PM.png"],"guid":"ed8b5568-6eb9-4cea-accd-5135a00d1e7b_5.3.1.5_1","appID":"RilodiguSetup-200826","dateAdded":"200826","deceptorType":"Bundler","name":"Rilodigu Setup","company":"Mode Wild (Superior Media Ltd.)","version":"5.3.1.5","sigName":"Deceptor:Win32/Rilodigu!047059","lastKnownStatus":"5.3.1.5","lastKnownDate":"200826","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"sold in bundle","lastUpdate":"2020-08-26T23:49:15.7224907+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1839},{"violations":{"ACR-048":"The mining component of the app has no user interface to let the consumer stop, pause, or disable mining.\n","ACR-084":"The mining component of the app continues to run in the background when the app is closed, with no user interface for the consumer beyond a Windows notification.\n","ACR-014":"The app calls their cryptocurrency miner \"update\", which misleads the consumer as to its true functionality.\n","ACR-155":"The optional offer regarding the cryptocurrency miner is designed as a EULA prompt and called \"update\".\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in Documents.\n","ACR-065":"The app does not display links to the EULA.\n"},"samples":[{"isRevoked":"False","fileName":"LockerSetup-win-x86.exe","isInstaller":"True","companyName":"AesLocker Inc.                                              ","fileVersion":"0.0","hashMD5":"118e02d777ca6fb5bab201f90e85df20","hashSHA1":"59833d2a518af36585ab0d066d593a880e3f5999","hashSHA256":"7565350e4eb55ac379ff40e25bf6abab08f4828c8ceb1f37d4b45e61eb811348","sourceIndex":"2119","avBlockList":["360 Total Security (20200827)","Avast Premium Security (20200827)","AVG Internet Security (20200827)","Avira Internet Security (20200827)","Bitdefender Internet Security (20200827)","COMODO Antivirus (20200827)","ESET Internet Security (20200827)","G DATA INTERNET SECURITY (20200827)","K7 Total Security (20200827)","Malwarebytes Premium (20200827)","McAfee Total Protection (20200827)","Norton Security (20200827)","Panda Dome (20200827)","Quick Heal Internet Security (20200827)","Sophos Home Premium (20200827)","SpyHunter5 (20200827)","Total AV Antivirus Pro (20200827)","VirIT eXplorer PRO (20200827)","Webroot SecureAnywhere (20200827)"],"avAllowList":["Dr.Web Security Space (20200827)","Kaspersky Internet Security (20200827)","Tencent PC Manager (20200827)","Trend Micro Internet Security (20200827)","VIPRE Advanced Security (20200827)","Windows Defender (20200827)"]},{"isRevoked":"False","fileName":"Locker_gui.exe","companyName":"AesLocker Inc.","fileVersion":"0.0","hashMD5":"f6bcbc1dfde33cad7cf600c609a702c5","hashSHA1":"627460f9b0618822d47faac3c3136df88bb91d46","hashSHA256":"d7fbb978a890da187bac470a7bb5001ca4cf8b24afc590f038e71b652f39a376","sourceIndex":"2119","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Locker_native.exe","companyName":"AesLocker Inc.","fileVersion":"0.1","hashMD5":"fb6e218fd7235635a1b49f0056e5c442","hashSHA1":"d611c3b7056d47cc047ddd4458ec7c4a964bee3e","hashSHA256":"45388edebf01a1117d94837bcfce360e9fee1b71f338ff3312ebef8387b632d9","sourceIndex":"2119","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.aeslocker.com/","directDownloadingLink":"https://drive.google.com/uc?export=download&id=1-KetlvbP-z1VU5gnAiSIwzNUry9wjGYp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://drive.google.com/uc?export=download&id=1-KetlvbP-z1VU5gnAiSIwzNUry9wjGYp","sourceIndex":"2119"}],"sampleFiles":["200826/AesLocker-200818/0.16/Samples/LockerSetup-win-x86.exe","200826/AesLocker-200818/0.16/Samples/Locker_gui.exe","200826/AesLocker-200818/0.16/Samples/Locker_native.exe"],"imageFiles":["200826/AesLocker-200818/0.16/Images/ACR-048/AesLocker Mining.gif","200826/AesLocker-200818/0.16/Images/ACR-014/AesLocker Threat.png","200826/AesLocker-200818/0.16/Images/ACR-014/AesLocker Offers.png","200826/AesLocker-200818/0.16/Images/ACR-084/AesLocker Mining.gif","200826/AesLocker-200818/0.16/Images/ACR-084/AesLocker In Background.png","200826/AesLocker-200818/0.16/Images/ACR-155/AesLocker Offers.png"],"nonDeceptorImageFiles":["200826/AesLocker-200818/0.16/Images/ACR-040/AesLocker Location.png","200826/AesLocker-200818/0.16/Images/ACR-065/AesLocker App.png"],"guid":"d5d149c8-05d9-4ea9-aaff-c15d02a17f54_0.16_1","appID":"AesLocker-200818","dateAdded":"200826","deceptorType":"App","name":"AesLocker","company":"AesLocker","version":"0.16","sigName":"Deceptor:Win32/AesLocker!014084155","firstVendorContactDate":"200821","firstAppEsteemReplyDate":"200821","firstResolvedDate":"200826","firstResolvedVersion":"0.17","resolved":"TRUE","lastKnownStatus":"0.16","lastKnownDate":"200826","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"mining","lastUpdate":"2020-08-27T03:31:00.7965589+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1840},{"violations":{"ACR-004":"The app does not fix any free scan results for free when malware scan results are found.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"CleanMyMac-MAS","fileVersion":"0.","hashMD5":"12c9ecfa1541ebf401c331889dd3838e","hashSHA1":"cfc146ca5bc6fa0aedadd9dcb3cfe6b9322afc2f","hashSHA256":"fa4a90845e0fef651ca16ff5912160c378a5251d45cbd88a1b60d4945e4e38db","sourceIndex":"2103","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CleanMyMacX.dmg","isInstaller":"True","companyName":"MacPaw Inc","productVersion":"4.6.11","fileVersion":"0.","hashMD5":"b935d95d5c89319fbcecd5ea19ba8370","hashSHA1":"99239af53b81ddae1edb42c7fac69f22decde74a","hashSHA256":"0477c63b9e9da4dbdb7afabab7a00300f608e364d6d7751a00da2cf33d6fe2e0","sourceIndex":"2103","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://apps.apple.com/us/app/cleanmymac-x/id1339170533?mt=12","ipv4":"","ipv6":"","sourceIndex":"2103"}],"sampleFiles":["200823/MAS-CleanMyMacX-200818/4.6.11/Samples/CleanMyMac-MAS","200823/MAS-CleanMyMacX-200818/4.6.11/Samples/CleanMyMacX.dmg"],"imageFiles":["200823/MAS-CleanMyMacX-200818/4.6.11/Images/ACR-004/MASCleanMyMacX 004.gif","200823/MAS-CleanMyMacX-200818/4.6.11/Images/ACR-004/Screen Shot 2020-08-17 at 8.12.13 PM.png"],"nonDeceptorImageFiles":["200823/MAS-CleanMyMacX-200818/4.6.11/Images/ACR-065/MASCleanMyMacX About.png"],"guid":"ed564e71-571b-426e-bc8d-b7f16c6a46b3_4.6.11_1","appID":"MAS-CleanMyMacX-200818","dateAdded":"200823","deceptorType":"App","name":"CleanMyMac X","company":"MacPaw Inc.","version":"4.6.11","firstVendorContactDate":"200907","firstAppEsteemReplyDate":"200908","firstResolvedDate":"200930","firstResolvedVersion":"4.6.14","resolved":"TRUE","lastKnownStatus":"Deceptor:MacOS/CleanMyMacX!004","lastKnownDate":"200823","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-10-01T06:01:52.7446569+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1841},{"violations":{"ACR-043":"The app does not disclose in the EULA that it will install additional apps.\n","ACR-057":"The bundler made offer requires the user to uncheck a prechecked checkbox in order to decline the offer.\n","ACR-039":"The app installs setup files for different apps and doesn't establish their relation in the EULA.\n","ACR-155":"Offer is inserted into the install workflow with pre-checked checkboxes to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-038":"The application setup file name does not match the app name, and the software's file name does not match the app name.\n","ACR-002":"The install/setup file 's name does not match the name of the app\nThe software's file name does not match the name of the app.\n","ACR-054":"The bundler made offer comes pre-checked and requires the user to uncheck the checkbox in order to decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"pcmastersetup_6.25.exe","isInstaller":"True","fileVersion":"6.2","hashMD5":"95b6b85256c9abc6936b9411d3994b96","hashSHA1":"408aa89685742d5f61bf6ac2af790107d0e41f49","hashSHA256":"a72fb3706d55db62835a3f7b1516b81bbd4a719c5a82fad403bcc2962f62a6bf","digitalCertThumbprint":"F02C3099D431FA042964725CCA1A772F760577DD","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Qingdao Ruanmei Network Technology Co.,Ltd.\", OU=IT, O=\"Qingdao Ruanmei Network Technology Co.,Ltd.\", L=Qingdao, S=Shandong, C=CN","sourceIndex":"2125","avBlockList":["Avast Premium Security (20200903)","AVG Internet Security (20200903)","Avira Internet Security (20200903)","Dr.Web Security Space (20200903)","ESET Internet Security (20200903)","G DATA INTERNET SECURITY (20200903)","K7 Total Security (20200903)","Kaspersky Internet Security (20200903)","Malwarebytes Premium (20200903)","McAfee Total Protection (20200903)","Norton Security (20200903)","Panda Dome (20200903)","Quick Heal Internet Security (20200903)","Sophos Home Premium (20200903)","SpyHunter5 (20200903)","Total AV Antivirus Pro (20200903)","Trend Micro Internet Security (20200903)","VirIT eXplorer PRO (20200903)","Webroot SecureAnywhere (20200903)"],"avAllowList":["360 Total Security (20200903)","Bitdefender Internet Security (20200903)","COMODO Antivirus (20200903)","Tencent PC Manager (20200903)","VIPRE Advanced Security (20200903)","Windows Defender (20200903)"]},{"isRevoked":"False","fileName":"PCMaster.exe","companyName":"青岛软媒网络科技有限公司","fileVersion":"6.2","hashMD5":"be2df0d8c81147ca3ea9ad9df27a6df9","hashSHA1":"8d769ce58f65aa92d727a89614cf8885e2f101b4","hashSHA256":"0a5ea1d202a8d060adcad952a42a06f55a59de61c93611278680960c8c38a6eb","digitalCertThumbprint":"F02C3099D431FA042964725CCA1A772F760577DD","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Qingdao Ruanmei Network Technology Co.,Ltd.\", OU=IT, O=\"Qingdao Ruanmei Network Technology Co.,Ltd.\", L=Qingdao, S=Shandong, C=CN","sourceIndex":"2125","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"mofang.ruanmei.com","directDownloadingLink":"https://d.ruanmei.com/pcmaster/pcmastersetup_6.25.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d.ruanmei.com/pcmaster/pcmastersetup_6.25.exe","sourceIndex":"2125"}],"sampleFiles":["200820/RubiksCube-200810/6.2.5.0/Samples/pcmastersetup_6.25.exe","200820/RubiksCube-200810/6.2.5.0/Samples/pcmaster.exe"],"imageFiles":["200820/RubiksCube-200810/6.2.5.0/Images/ACR-039/2020-08-11_12-33-49.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-039/Screen Shot 2020-08-10 at 2.01.39 PM.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-043/2020-08-11_12-33-49.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-043/Screen Shot 2020-08-10 at 2.01.39 PM.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-155/Screen Shot 2020-08-10 at 12.34.03 PM.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-057/Screen Shot 2020-08-10 at 12.34.03 PM.png"],"nonDeceptorImageFiles":["200820/RubiksCube-200810/6.2.5.0/Images/ACR-038/Screen Shot 2020-08-10 at 1.32.00 PM.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-038/Screen Shot 2020-08-10 at 2.00.47 PM.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-002/Screen Shot 2020-08-10 at 1.32.00 PM.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-002/Screen Shot 2020-08-10 at 2.00.47 PM.png","200820/RubiksCube-200810/6.2.5.0/Images/ACR-054/Screen Shot 2020-08-10 at 12.34.03 PM.png"],"guid":"b406e884-8312-4e00-8599-37ffc2ed02d8_6.2.5.0_1","appID":"RubiksCube-200810","dateAdded":"200820","deceptorType":"App","name":"RuanmeiCube","company":"Qingdao Ruanmei Network Technology Co.,Ltd.","version":"6.2.5.0","sigName":"Deceptor:Win32/RuanmeiCube!039043155057","lastKnownStatus":"6.2.5.0","lastKnownDate":"200820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows Vista,Windows 7,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2020-08-21T04:35:56.7245068+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1842},{"violations":{"ACR-046":"To not install McAfee WebAdvisor, user action is required to unselect the checked box to install.\n","ACR-057":"The install pre-checks the acceptance checkbox for the McAfee WebAdvisor Optional Offer. \n","ACR-055":"Offer does not have a clear accept or decline offer.\n","ACR-155":"In the optional offer for McAfee WebAdvisor, the offer is inserted into the install workflow with a pre-checked checkbox to trick the consumer into installing the offer. In the optional offer for WebDiscover, offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"YouTubeDownloaderSetup.exe","isInstaller":"True","companyName":"HOW Inc.","fileVersion":"4.6","hashMD5":"4a756149017baea7f78567647176462e","hashSHA1":"0f2d386d5f30882f6587c2c92d2c0c67ac65c065","hashSHA256":"95a8c549c04bd16b43671aba9ec1a73dbe043730708a6b2feeb819f40a7c67ab","digitalCertThumbprint":"CCC043BD38A7F49AD7948548BECEA3D85FF6AE71","digitalCertIssuer":"CN=Entrust Code Signing CA - OVCS1, OU=\"(c) 2015 Entrust, Inc. - for authorized use only\", OU=See www.entrust.net/legal-terms, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=Vitzo LLC, O=Vitzo LLC, L=Lewes, S=Delaware, C=US","sourceIndex":"2128","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"YouTubeDownloader.exe","companyName":"Vitzo Ltd.","fileVersion":"4.6","hashMD5":"a6dac03e1b49deadc77f9fe7d20e49fd","hashSHA1":"b206331bc54d97de8acab100132ec2098e7d4ffe","hashSHA256":"25f116ee016e875d4f23c6c2a56b4999e31bba797b8d99017d7ac98e6d4cb7fb","sourceIndex":"2128","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted 191120","reference":"","landingPage":"https://youtubedownloader.com/","directDownloadingLink":"https://youtubedownloader.com/en/downloaded","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://youtubedownloader.com/en/downloaded","sourceIndex":"2128"}],"sampleFiles":["200818/YouTubeDownloader-191202/4.6.1149/Samples/YouTubeDownloaderSetup.exe","200818/YouTubeDownloader-191202/4.6.1149/Samples/YouTubeDownloader.exe"],"imageFiles":["200818/YouTubeDownloader-191202/4.6.1149/Images/ACR-046/Install McAffee WebAdvisor.png","200818/YouTubeDownloader-191202/4.6.1149/Images/ACR-046/YoutubeDowloader_offer1.JPG","200818/YouTubeDownloader-191202/4.6.1149/Images/ACR-055/Install McAffee WebAdvisor.png","200818/YouTubeDownloader-191202/4.6.1149/Images/ACR-055/YoutubeDowloader_offer1.JPG","200818/YouTubeDownloader-191202/4.6.1149/Images/ACR-057/Install McAffee WebAdvisor.png","200818/YouTubeDownloader-191202/4.6.1149/Images/ACR-155/WebDiscover Offer.png","200818/YouTubeDownloader-191202/4.6.1149/Images/ACR-155/Install McAffee WebAdvisor.png"],"nonDeceptorImageFiles":[],"guid":"c856c18d-6ddb-4345-9c7d-4c104361e19e_4.6.1149_1","appID":"YouTubeDownloader-191202","dateAdded":"200818","deceptorType":"App","name":"YouTube Downloader","company":"HOW Incorporated","version":"4.6.1149","sigName":"Deceptor:Win32/YouTubeDownloader!046055057155","firstVendorContactDate":"200727","firstAppEsteemReplyDate":"200728","firstResolvedDate":"200818","firstResolvedVersion":"4.6.1163","resolved":"TRUE","lastKnownStatus":"1.8.4;4.6.1149","lastKnownDate":"200818","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,inject ads","lastUpdate":"2020-08-18T21:12:52.3317132+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1843},{"violations":{"ACR-059":"The app does not clearly label offers.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"YouTubeDownloaderSetup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a2b21813463aed498449a9bbacf96ff4","hashSHA1":"e29f13e2ec20882373032791ed1790ad1ee2019f","hashSHA256":"73066255f25e0fe56c61e7e424170b7dd677fcb497a463720227a9b0bf0efb8f","digitalCertThumbprint":"1EA5020E30E51F0BDF287A492DF7F29B7F330BCE","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Vitzo LLC, O=Vitzo LLC, STREET=16192 Coastal Highway, L=Lewes, S=Delaware, PostalCode=19958, C=US","sourceIndex":"2589","avBlockList":["360 Total Security (20200721)","AVG Internet Security (20200721)","Avira Internet Security (20200721)","Bitdefender Internet Security (20200721)","COMODO Antivirus (20200721)","Dr.Web Security Space (20200721)","ESET Internet Security (20200721)","G DATA INTERNET SECURITY (20200721)","K7 Total Security (20200721)","Kaspersky Internet Security (20200721)","Malwarebytes Premium (20200721)","McAfee Total Protection (20200721)","Norton Security (20200721)","Panda Dome (20200721)","Quick Heal Internet Security (20200721)","Sophos Home Premium (20200721)","Tencent PC Manager (20200721)","Trend Micro Internet Security (20200721)","VIPRE Advanced Security (20200721)","VirIT eXplorer PRO (20200721)","Webroot SecureAnywhere (20200721)","Windows Defender (20200721)","Avast Premium Security (20200721)","SpyHunter5 (20200721)","Total AV Antivirus Pro (20200721)"],"avAllowList":["Avast Internet Security (20200113)"]},{"isRevoked":"False","fileName":"YouTubeDownloader.exe","companyName":"Vitzo Ltd.","fileVersion":"4.6","hashMD5":"e2cb3d2de59d70e58bb0a35034e66c55","hashSHA1":"c9aa564db2222124b2f3b4ae9fbe2f887f873380","hashSHA256":"0fa0b759f2755c89052860625f76ec48c1dc4bfcefad00869ad3a14f4def449a","sourceIndex":"2589","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted 191120","reference":"","landingPage":"https://youtubedownloader.com/","directDownloadingLink":"https://get.youtubedownloader.com/YouTubeDownloaderSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://get.youtubedownloader.com/YouTubeDownloaderSetup.exe","sourceIndex":"2589"}],"sampleFiles":["191210/YouTubeDownloader-191202/1.8.4/Samples/YouTubeDownloaderSetup.exe","191210/YouTubeDownloader-191202/1.8.4/Samples/YouTubeDownloader.exe"],"imageFiles":["191210/YouTubeDownloader-191202/1.8.4/Images/ACR-059/YouTubeDownloader Offer.png"],"nonDeceptorImageFiles":["191210/YouTubeDownloader-191202/1.8.4/Images/ACR-065/YouTubeDownloader About.png"],"guid":"c856c18d-6ddb-4345-9c7d-4c104361e19e_1.8.4_1","appID":"YouTubeDownloader-191202","dateAdded":"200818","deceptorType":"App","name":"YouTube Downloader","company":"HOW Incorporated","version":"1.8.4","sigName":"Deceptor:Win32/YouTubeDownloader!059","firstVendorContactDate":"200727","firstAppEsteemReplyDate":"200728","firstResolvedDate":"200818","firstResolvedVersion":"4.6.1163","resolved":"TRUE","lastKnownStatus":"1.8.4;4.6.1149","lastKnownDate":"200818","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2020-08-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1844},{"violations":{"ACR-003":"Driver age is displayed as either \"old\" or \"very old\" even if scans indicate that the drivers are up to date. The app thus contradicts itself by simultaneously saying that the driver is both up to date and old, which is potentially misleading to consumers.\n","ACR-004":"App uses meter to present driver status, indicating it as \"old\" with no substantiation and unnecessary urgency.\n","ACR-014":"The app displays the driver age as either \"old\" or \"very old\" regardless of scan results, which could potentially mislead or confuse consumers into believing that there is an issue.\n"},"nonDeceptorViolations":{"ACR-088":"The application beings a scan immediately after installation without user consent. (it is notable that the landing page contains a section explaining how to disable this, but it's not visible unless you look for it)\n","ACR-099":"The application's landing page does not indicate how to uninstall it\n","ACR-120":"Immediately upon installation, a webpage is opened automatically offering the user another deal to reinstall. \n","ACR-171":"The advertised app does not have an indication of subscription length or renewal rate until the product is added to the user's cart. It also bundles two apps not originally advertised together with the purchase with the options pre-selected, which is misleading to consumers.\n"},"samples":[{"isRevoked":"False","fileName":"tptdriverupdatersetup.exe","isInstaller":"True","companyName":"Top PC Tools Software LLP                                   ","fileVersion":"2.7.1086.17687","hashMD5":"656de919d5ab9402947092dc6b34ba9a","hashSHA1":"8fd0549191e1434eac0f5e71521a5770649e675b","hashSHA256":"c6588c84c9da3127b42628acd7cd7e79d3f6220e67dd818b5d89a605324bc0a8","digitalCertThumbprint":"2E12E42447E4CA78562258545087D79EBF31BDA3","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software LLP, O=Top PC Tools Software LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"369","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20200928)","Avira Internet Security (20200928)","Bitdefender Internet Security (20200928)","ESET Internet Security (20200928)","G DATA INTERNET SECURITY (20200928)","K7 Total Security (20200928)","Kaspersky Internet Security (20200928)","Malwarebytes Premium (20200928)","McAfee Total Protection (20200928)","Norton Security (20200928)","Panda Dome (20200928)","Sophos Home Premium (20200928)","Trend Micro Internet Security (20200928)","VirIT eXplorer PRO (20200928)","Webroot SecureAnywhere (20200928)","Windows Defender (20200928)","360 Total Security (20200928)","Avast Premium Security (20200928)","COMODO Antivirus (20200928)","Dr.Web Security Space (20200928)","Quick Heal Internet Security (20200928)","SpyHunter5 (20200928)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20200928)","VIPRE Advanced Security (20200928)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.toppctools.com/","directDownloadingLink":"https://g4a2uta3m.vo.llnwd.net/js/tpct/driverupdater/tptdriverupdatersetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://g4a2uta3m.vo.llnwd.net/js/tpct/driverupdater/tptdriverupdatersetup.exe","sourceIndex":"369"}],"sampleFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Samples/tptdriverupdatersetup.exe"],"imageFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Images/ACR-003/tpt1.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Images/ACR-014/tpt1.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Images/ACR-004/tpt1.PNG"],"nonDeceptorImageFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Images/ACR-088/tpt5.mp4","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Images/ACR-099/tpt6.mp4","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Images/ACR-120/tpt7.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Images/ACR-171/tpt2.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17687/Images/ACR-171/tpt3.PNG"],"guid":"0eb4db19-48c7-479f-a703-b36f89c652c0_2.7.1086.17687_1","appID":"TopPCToolsDriverUpdater-180822","dateAdded":"200818","deceptorType":"App","name":"Top PC Tools Driver Updater","company":"Top PC Tools Software LLP","version":"2.7.1086.17687","lastKnownStatus":"Deceptor:2.7.1086.17637;2.7.1086.17687;2.7.1086.18012","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-12T22:34:53.8489453+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1846},{"violations":{"ACR-004":"The app uses different colors and graphs for scan results to raise misleading sense of urgency to the user. \n"},"nonDeceptorViolations":{"ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get 50% OFF the regular price of Driver Updater.\n"},"samples":[{"isRevoked":"False","fileName":"tptdriverupdatersetup.exe","isInstaller":"True","companyName":"Top PC Tools Software LLP                                   ","fileVersion":"2.7","hashMD5":"cd1ee9b570a94a4ab78843600f6dcec7","hashSHA1":"4c1693d052761ee2bba17bdf2e24a7a0b975cce0","hashSHA256":"2e8a34751b925e4bcf98fe7fc8f6d9586a2cf6535983f887662600019333f9d3","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software L.L.P., O=Top PC Tools Software L.L.P., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"371","avBlockList":["360 Total Security (20200903)","Avast Premium Security (20200903)","AVG Internet Security (20200903)","Avira Internet Security (20200903)","Bitdefender Internet Security (20200903)","COMODO Antivirus (20200903)","Dr.Web Security Space (20200903)","ESET Internet Security (20200903)","G DATA INTERNET SECURITY (20200903)","K7 Total Security (20200903)","Kaspersky Internet Security (20200903)","Malwarebytes Premium (20200903)","McAfee Total Protection (20200903)","Norton Security (20200903)","Panda Dome (20200903)","Quick Heal Internet Security (20200903)","Sophos Home Premium (20200903)","SpyHunter5 (20200903)","Tencent PC Manager (20200903)","Total AV Antivirus Pro (20200903)","Trend Micro Internet Security (20200903)","VIPRE Advanced Security (20200903)","VirIT eXplorer PRO (20200903)","Webroot SecureAnywhere (20200903)","Windows Defender (20200903)"],"avAllowList":[]},{"isRevoked":"False","fileName":"tptdu.exe","companyName":"Top PC Tools Software LLP","fileVersion":"2.7","hashMD5":"291b974ee13ada697a0a8a8bcb891a02","hashSHA1":"6f99369a92ceab0786ea104d180dee6815076894","hashSHA256":"c1a307d92a1cf5cbe3c0bb4ece9f88342912ed70ccad8d417c217ec435844d89","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software L.L.P., O=Top PC Tools Software L.L.P., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"371","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.toppctools.com/","directDownloadingLink":"https://g4a2uta3m.vo.llnwd.net/js/tpct/driverupdater/tptdriverupdatersetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://g4a2uta3m.vo.llnwd.net/js/tpct/driverupdater/tptdriverupdatersetup.exe","sourceIndex":"371"}],"sampleFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.18012/Samples/tptdriverupdatersetup.exe","200818/TopPCToolsDriverUpdater-180822/2.7.1086.18012/Samples/tptdu.exe"],"imageFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.18012/Images/ACR-004/ACR 004 Fail.png"],"nonDeceptorImageFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.18012/Images/ACR-088/ACR_088_SOFTWARE.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.18012/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.18012/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"0eb4db19-48c7-479f-a703-b36f89c652c0_2.7.1086.18012_1","appID":"TopPCToolsDriverUpdater-180822","dateAdded":"200818","deceptorType":"App","name":"Top PC Tools Driver Updater","company":"Top PC Tools Software LLP","version":"2.7.1086.18012","sigName":"Deceptor:Win32/TopPCToolsDriverUpdater!004","lastKnownStatus":"Deceptor:2.7.1086.17637;2.7.1086.17687;2.7.1086.18012","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:18.8624024+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1848},{"violations":{"ACR-057":"App doesn't provide clear way for user to decline or Accept\n\n","ACR-055":"The first offer has  \"accept\" and \"decline\" buttons. The second offer requires the user to uncheck a checkbox in order to decline the offer.   \n","ACR-155":"offer's EULA content inserted into the installer flow and masquerade as part of install workflow that needed to accept.\n"},"nonDeceptorViolations":{"ACR-054":"The offer comes with a pre-checked checkbox and requires the user the uncheck it in order to decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"Supercopier (1).exe","isInstaller":"True","companyName":"SoftFamous_Web","fileVersion":"1.0","hashMD5":"2c193946d072d0d899002e809b29ef26","hashSHA1":"8ceb917fe10883ed2e4a30ff8e709cfe7f85b649","hashSHA256":"1eb17aa0973f37ad56c595efaf41922abc877f089f4c26fb4dcdc5d70ae47f69","digitalCertThumbprint":"CB92349E45A18386810B32E38A06299378DCEA0B","digitalCertIssuer":"CN=Entrust Extended Validation Code Signing CA - EVCS1, OU=\"(c) 2015 Entrust, Inc. - for authorized use only\", OU=See www.entrust.net/legal-terms, O=\"Entrust, Inc.\", C=US","digitalCertIssuedTo":"CN=XLNT Web Services SRL, SERIALNUMBER=J40 / 6908/2015, OID.2.5.4.15=Private Organization, O=XLNT Web Services SRL, OID.1.3.6.1.4.1.311.60.2.1.3=RO, L=București, C=RO","sourceIndex":"2129","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://softfamous.com/supercopier/","directDownloadingLink":"https://softfamous.com/postdownload-file/supercopier/6804/2955/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://softfamous.com/postdownload-file/supercopier/6804/2955/","sourceIndex":"2129"}],"sampleFiles":["200818/SoftFamousBundler-200716/200716/Samples/Supercopier (1).exe"],"imageFiles":["200818/SoftFamousBundler-200716/200716/Images/ACR-055/Screen Shot 2020-07-16 at 10.13.51 AM.png","200818/SoftFamousBundler-200716/200716/Images/ACR-055/Screen Shot 2020-07-16 at 10.04.12 AM.png","200818/SoftFamousBundler-200716/200716/Images/ACR-057/Screen Shot 2020-07-16 at 10.04.12 AM.png","200818/SoftFamousBundler-200716/200716/Images/ACR-155/Screen Shot 2020-07-16 at 10.13.51 AM.png"],"nonDeceptorImageFiles":["200818/SoftFamousBundler-200716/200716/Images/ACR-054/Screen Shot 2020-07-16 at 10.04.12 AM.png"],"guid":"3941bd69-95c9-4e6b-95d6-93a7ab818ddf_200716_1","appID":"SoftFamousBundler-200716","dateAdded":"200818","deceptorType":"Bundler","name":"Soft Famous Bundler","company":"Soft Famous","version":"200716","sigName":"Deceptor:Win32/SoftFamousBundler!055057155","firstResolvedDate":"200818","firstResolvedVersion":"200818","resolved":"TRUE","lastKnownStatus":"200716","lastKnownDate":"200818","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows XP,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2020-08-18T21:11:32.5795431+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1849},{"violations":{"ACR-006":"Monetization approach is not clearly attributed. \n","ACR-168":"App promote call support to solve the error found during scanning. It doesn't disclose the additional service and offer will be made during the call support.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Analyzer911.exe","isInstaller":"True","companyName":"PCFix911","fileVersion":"1.0.2","hashMD5":"60065b23b4f7ef993a88c09565f3ae10","hashSHA1":"0245c97b82c579f340875b4795469d21328f8ff8","hashSHA256":"8e04fb6fb02359070260e6baa185466341b41b42550ccfc92a30454daf559289","digitalCertThumbprint":"CAE3B8AFB4EB3215D72266F23E60F66B46F6E940","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PcFix LTD, O=PcFix LTD, L=Sofia, S=Sofia, C=BG","sourceIndex":"372","avBlockList":["360 Total Security (20200909)","Avast Premium Security (20200909)","AVG Internet Security (20200909)","Avira Internet Security (20200909)","Bitdefender Internet Security (20200909)","Dr.Web Security Space (20200909)","ESET Internet Security (20200909)","G DATA INTERNET SECURITY (20200909)","K7 Total Security (20200909)","Malwarebytes Premium (20200909)","McAfee Total Protection (20200909)","Norton Security (20200909)","Panda Dome (20200909)","Quick Heal Internet Security (20200909)","Sophos Home Premium (20200909)","SpyHunter5 (20200909)","Tencent PC Manager (20200909)","Total AV Antivirus Pro (20200909)","Trend Micro Internet Security (20200909)","VIPRE Advanced Security (20200909)","VirIT eXplorer PRO (20200909)","Webroot SecureAnywhere (20200909)"],"avAllowList":["COMODO Antivirus (20200909)","Kaspersky Internet Security (20200909)","Windows Defender (20200909)"]},{"isRevoked":"False","fileName":"PCDefender.exe","fileVersion":"1.0.0","hashMD5":"2afe421e575377e1a74bf9bbc1fc85e6","hashSHA1":"c5c4b5cf09d5a85950558b61bd34c1bbabda25e9","hashSHA256":"b177242babd3b4575951395a92658a1b6a548df58e068c88898802330bb44707","sourceIndex":"372","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://antiscamplus.com","directDownloadingLink":"https://antiscamplus.com/dl/Analyzer911.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://antiscamplus.com/dl/Analyzer911.exe","sourceIndex":"372"}],"sampleFiles":["200818/Antiscampluscom-200812/200812/Samples/Analyzer911.exe","200818/Antiscampluscom-200812/200812/Samples/PCDefender.exe"],"imageFiles":["200818/Antiscampluscom-200812/200812/Images/ACR-168/PCFix_168.PNG","200818/Antiscampluscom-200812/200812/Images/ACR-006/PCFix_168.PNG"],"nonDeceptorImageFiles":[],"guid":"501bbd05-b56d-4937-b4c9-8f7982febac6_200812_1","appID":"Antiscampluscom-200812","dateAdded":"200818","deceptorType":"App","name":"AntiscamPCCleaner","company":"PcFix LTD","version":"200812","sigName":"Deceptor:Win32/AntiscamPCCleaner!168006","lastKnownStatus":"1.0.2","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center,up-sell to paid","lastUpdate":"2024-11-12T22:30:53.6907258+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1850},{"violations":{},"nonDeceptorViolations":{"ACR-016":"After clicking on the advertisement, it doesn't lead to offer, instead, a download is launched directly after.  \n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"chrome search yourmailtab hijacker ","landingPage":"https://www.viruspup.com/","ipv4":"","ipv6":"","sourceIndex":"2127"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":["200818/Viruspup-200811/200811/Images/ACR-016/MalwareFox Click on Ad.gif"],"guid":"c893fb84-1a8f-4058-9958-3dcc52a76dd2_200811_1","appID":"Viruspup-200811","dateAdded":"200818","deceptorType":"Affiliate","name":"Viruspup","company":"ViruspupCom","version":"200811","sigName":"Deceptor:Affiliate:/Viruspup!016","lastKnownStatus":"200818","lastKnownDate":"200818","type":"Affiliate","lastUpdate":"2020-08-19T03:35:24.9425075+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1845},{"violations":{"ACR-003":"App refers to driver age as \"old\" and \"very old\", which drives a false sense of urgency for driver updates.\n","ACR-014":"App results show an intent to deceive the consumer by implying that improvement potential could be \"Old\" or \"Very Old\" for system drivers.\n"},"nonDeceptorViolations":{"ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get 50% OFF the regular price of Driver Updater.\n"},"samples":[{"isRevoked":"False","fileName":"tptdriverupdatersetup.exe","isInstaller":"True","companyName":"Top PC Tools Software LLP                                   ","productName":"Driver Updater","productVersion":"2.7.1086.17637","fileVersion":"Top PC Tools","hashMD5":"f9c28a55640b7ed09f5fece07a1a9878","hashSHA1":"07d543731fd1be54ec9ad20490ca1cf25e3a273b","hashSHA256":"4adc25a3349ded109ac411282a23c72217d86a388f3d433dc87a5dd4f5158123","digitalCertThumbprint":"2E12E42447E4CA78562258545087D79EBF31BDA3","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software LLP, O=Top PC Tools Software LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"370","avBlockList":["360 Total Security (20200921)","Avast Premium Security (20200921)","AVG Internet Security (20200921)","Avira Internet Security (20200921)","Bitdefender Internet Security (20200921)","Dr.Web Security Space (20200921)","ESET Internet Security (20200921)","G DATA INTERNET SECURITY (20200921)","K7 Total Security (20200921)","Kaspersky Internet Security (20200921)","Malwarebytes Premium (20200921)","McAfee Total Protection (20200921)","Norton Security (20200921)","Panda Dome (20200921)","Quick Heal Internet Security (20200921)","Sophos Home Premium (20200921)","SpyHunter5 (20200921)","Tencent PC Manager (20200921)","Total AV Antivirus Pro (20200921)","Trend Micro Internet Security (20200921)","VIPRE Advanced Security (20200921)","VirIT eXplorer PRO (20200921)","Webroot SecureAnywhere (20200921)","Windows Defender (20200921)"],"avAllowList":["COMODO Antivirus (20200921)"]},{"isRevoked":"False","fileName":"tptdu.exe","companyName":"Top PC Tools Software LLP","productName":"Driver Updater","productVersion":"2.7.1086.17637","fileVersion":"2.7.1086.17637","hashMD5":"01004740611c52a6140e63492de200a9","hashSHA1":"a42df06203f33bc218f1c1bb7b27161d0daea9b6","hashSHA256":"12669f5979eed58f9ffea63f0f1fe50cc11d494a3abd89c219cf1a45173f2a2c","digitalCertThumbprint":"2E12E42447E4CA78562258545087D79EBF31BDA3","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software LLP, O=Top PC Tools Software LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"370","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.toppctools.com/","directDownloadingLink":"https://g4a2uta3m.vo.llnwd.net/js/tpct/driverupdater/tptdriverupdatersetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://g4a2uta3m.vo.llnwd.net/js/tpct/driverupdater/tptdriverupdatersetup.exe","sourceIndex":"370"}],"sampleFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.17637/Samples/tptdriverupdatersetup.exe","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17637/Samples/tptdu.exe"],"imageFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.17637/Images/ACR-003/ACR_014_SOFTWARE.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17637/Images/ACR-014/ACR_014_SOFTWARE.PNG"],"nonDeceptorImageFiles":["200818/TopPCToolsDriverUpdater-180822/2.7.1086.17637/Images/ACR-088/ACR_088_SOFTWARE.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17637/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","200818/TopPCToolsDriverUpdater-180822/2.7.1086.17637/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"0eb4db19-48c7-479f-a703-b36f89c652c0_2.7.1086.17637_1","appID":"TopPCToolsDriverUpdater-180822","dateAdded":"200818","deceptorType":"App","name":"Top PC Tools Driver Updater","company":"Top PC Tools Software LLP","version":"2.7.1086.17637","sigName":"Deceptor:Win32/TopPCToolsDriverUpdater!003014","lastKnownStatus":"Deceptor:2.7.1086.17637;2.7.1086.17687;2.7.1086.18012","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-12T22:34:25.4120617+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1847},{"violations":{"ACR-109":"The app downloads \"rkverify.exe, a RelevantKnowledge file.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-075":"Cancelling the installation leaves the carrier and the offers installed.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install opera browser\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the app's installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the application that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy. \n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The app has no mention of a 30 day refund policy on anything paid.\n"},"samples":[{"isRevoked":"False","fileName":"CleverPrivacyCleanerFree.exe","isInstaller":"True","companyName":"CleverPrivacyCleanerFree Co., Ltd.","fileVersion":"0.0","hashMD5":"c7838cc39b54887bd9c82afe97652537","hashSHA1":"462e03e03497b3f850fb5a749ad17cbb493fa8cc","hashSHA256":"b90e90ba480d706699696d451e364be1eec42fa9b95efee93943d295c95dd213","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"2132","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20200827)","Avira Internet Security (20200827)","Bitdefender Internet Security (20200827)","ESET Internet Security (20200827)","G DATA INTERNET SECURITY (20200827)","K7 Total Security (20200827)","Malwarebytes Premium (20200827)","McAfee Total Protection (20200827)","Norton Security (20200827)","Panda Dome (20200827)","Sophos Home Premium (20200827)","Trend Micro Internet Security (20200827)","VirIT eXplorer PRO (20200827)","Webroot SecureAnywhere (20200827)","Windows Defender (20200827)","360 Total Security (20200827)","Avast Premium Security (20200827)","COMODO Antivirus (20200827)","Dr.Web Security Space (20200827)","Kaspersky Internet Security (20200827)","Quick Heal Internet Security (20200827)","SpyHunter5 (20200827)","Tencent PC Manager (20200827)","Total AV Antivirus Pro (20200827)","VIPRE Advanced Security (20200827)"],"avAllowList":[]},{"isRevoked":"False","fileName":"CleverPrivacyCleanerFree_Setup[2].exe","isInstaller":"True","companyName":"CleverPrivacyCleanerFree Co., Ltd.                          ","fileVersion":"0.0","hashMD5":"e35aae6f2594fd6eafb34ce5dd91ffe4","hashSHA1":"5b9f88bdb7f1e969256ec83e9d7f6f8d4336176c","hashSHA256":"084d61d3f06b3740c9534fa8f056e91593907f2ec464356a09b7ecb517f61e8e","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2132","avBlockList":["360 Total Security (20200827)","Avast Premium Security (20200827)","AVG Internet Security (20200827)","Avira Internet Security (20200827)","Bitdefender Internet Security (20200827)","Dr.Web Security Space (20200827)","ESET Internet Security (20200827)","G DATA INTERNET SECURITY (20200827)","K7 Total Security (20200827)","Kaspersky Internet Security (20200827)","Malwarebytes Premium (20200827)","McAfee Total Protection (20200827)","Norton Security (20200827)","Panda Dome (20200827)","Quick Heal Internet Security (20200827)","Sophos Home Premium (20200827)","SpyHunter5 (20200827)","Tencent PC Manager (20200827)","Total AV Antivirus Pro (20200827)","Trend Micro Internet Security (20200827)","VIPRE Advanced Security (20200827)","VirIT eXplorer PRO (20200827)","Webroot SecureAnywhere (20200827)","Windows Defender (20200827)"],"avAllowList":["COMODO Antivirus (20200827)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.privacy-cleaner.net/","directDownloadingLink":"http://www.privacy-cleaner.net/CleverPrivacyCleanerFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.privacy-cleaner.net/CleverPrivacyCleanerFree.exe","sourceIndex":"2132"}],"sampleFiles":["200813/CleverPrivacyCleanerFree-181112/8.8.1/Samples/CleverPrivacyCleanerFree.exe","200813/CleverPrivacyCleanerFree-181112/8.8.1/Samples/CleverPrivacyCleanerFree_Setup[2].exe"],"imageFiles":["200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-109/CleverPrivacyCleanerFree_Install [1][3].png","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-109/CleverPrivacyCleanerFree_Install [2] [3].png","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-055/ACR-055_inlineoffer.JPG","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-048/CleverPrivacyCleanerFree_Install [1][3].png","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-048/CleverPrivacyCleanerFree_Install [2] [3].png","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-059/ACR-059_inlineoffer.JPG","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-075/CleverPrivacyCleanerFree_Install [1][4].png"],"nonDeceptorImageFiles":["200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-065/CleverPrivacyCleanerFree_Install [1].png","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-065/CleverPrivacyCleanerFree_Install [2].png","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-065/ACR-065_software.JPG","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-065/CleverPrivacyCleanerFree_LandingPage [1].png","200813/CleverPrivacyCleanerFree-181112/8.8.1/Images/ACR-099/ACR-099_software.JPG"],"guid":"f1b15aa4-9f97-439a-a732-469151fcccf8_8.8.1_1","appID":"CleverPrivacyCleanerFree-181112","dateAdded":"200813","deceptorType":"App","name":"Clever Privacy Cleaner Free","company":"RuiQing Software ","version":"8.8.1","sigName":"Deceptor:Win32/CleverPrivacyCleanerFreeBundler!055059109048075","lastKnownStatus":"Deceptor:8.8.1","lastKnownDate":"200813","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2020-08-13T07:12:31.5693548+00:00","notDistributed":false,"familyName":"ruiqing-bundler-ruich","numInFamily":5,"numInAppID":1,"sortOrder":1851},{"violations":{"ACR-003":"The app uses traffic light colors and rate situation is high to raise an exaggerated sense of urgency for the consumer.\n","ACR-004":"The app uses traffic light colors to raise an exaggerated sense of urgency for the consumer. The app does not fix free scan results for free.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-088":"The app automatically starts a scan post-install.\n","ACR-099":"The app does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Smart_Fix_It_Registry_Optimizer_Pro.exe","fileVersion":"1.0","hashMD5":"e025d733cfa9709a6ec5370685912b72","hashSHA1":"b5bfaf50405ab6361b36510195a755d8d8e4d9c8","hashSHA256":"3c271db8299e3cebc217aa6e22bdf483d50f68ef99e367706feeb7542a8b4256","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"2134","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Smart_Fix_It_Registry_Optimizer_Pro_Setup.exe","isInstaller":"True","companyName":"LionSea Software                                            ","fileVersion":"0.0","hashMD5":"3dcb2d23cbd50e63a6839ef0e4cd32e2","hashSHA1":"02459cfc9a2f5e59128342998abbb89b9d94952a","hashSHA256":"607c9d5290d282586c77ccd129c8ff613c85a0c60f3a6364409708c3b727df2b","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"2134","avBlockList":["Avast Premium Security (20200909)","AVG Internet Security (20200909)","Avira Internet Security (20200909)","Bitdefender Internet Security (20200909)","COMODO Antivirus (20200909)","Dr.Web Security Space (20200909)","ESET Internet Security (20200909)","G DATA INTERNET SECURITY (20200909)","K7 Total Security (20200909)","Kaspersky Internet Security (20200909)","Malwarebytes Premium (20200909)","McAfee Total Protection (20200909)","Norton Security (20200909)","Panda Dome (20200909)","Quick Heal Internet Security (20200909)","Sophos Home Premium (20200909)","SpyHunter5 (20200909)","Tencent PC Manager (20200909)","Total AV Antivirus Pro (20200909)","Trend Micro Internet Security (20200909)","VIPRE Advanced Security (20200909)","VirIT eXplorer PRO (20200909)","Webroot SecureAnywhere (20200909)","Windows Defender (20200909)"],"avAllowList":["360 Total Security (20200909)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.lionsea.com/","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Fix_It_Registry_Optimizer_Pro_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.lionsea.com/download/fixer/Smart_Fix_It_Registry_Optimizer_Pro_Setup.exe","sourceIndex":"2134"}],"sampleFiles":["200810/FixItRegistryOptimizer-200806/4.4.5/Samples/Smart_Fix_It_Registry_Optimizer_Pro.exe","200810/FixItRegistryOptimizer-200806/4.4.5/Samples/Smart_Fix_It_Registry_Optimizer_Pro_Setup.exe"],"imageFiles":["200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-003/FixItRegistryOptimizer 003.png","200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-004/FixItRegistryOptimizer 003.png","200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-004/FixItRegistryOptimizer 004.gif"],"nonDeceptorImageFiles":["200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-065/FixItRegistryOptimizer EULA.png","200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-065/FixItRegistryOptimizer Install.png","200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-065/FixItRegistryOptimizer Settings.png","200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-088/FixItRegistryOptimizer AutoScan.gif","200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-099/FixItRegistryOptimizer Settings.png","200810/FixItRegistryOptimizer-200806/4.4.5/Images/ACR-099/FixItRegistryOptimizer Internal Offers.png"],"guid":"acd8f196-5e4f-4d91-bb86-5b48e8525ea4_4.4.5_1","appID":"FixItRegistryOptimizer-200806","dateAdded":"200810","deceptorType":"App","name":"Smart Fix It Registry Optimizer","company":"LionSea Software co., ltd","version":"4.4.5","sigName":"Deceptor:Win32/FixItRegistryOptimizer!004003","lastKnownStatus":"4.4.5","lastKnownDate":"200810","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-08-10T20:21:35.5072624+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1856},{"violations":{"ACR-004":" The App requires customer to purchase the product to provide fix for the issues identified during free scan. \n","ACR-084":" The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent or without the option for user to disable it in app's setting.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages.\n","ACR-002":"The App/Brand name is not consistent in the Main page with name in the Terms and Condition, EULA, Privacy Policy pages.\n","ACR-163":"The app displays a support call center phone number and live chat but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer. \nThe app displays a support call center phone number and live chat but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer. Also tried the live-chat but it is not working. \n","ACR-092":"The app name and the vendor name are not consistent. The name \"PcFix LTD\" is never mentioned in the docs or landing pages.\n","ACR-160":" The app needs to use certified call center if all center is used to monetize the app.\n","ACR-099":" When the user click the \"Uninstall Instructions\", it will redirect to an error webpage.\n The application has no link to uninstall information on the App.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Antispam Cyber Privacy\\AntispamCyberPrivacy.exe","companyName":"PcFix LTD","productName":"Antispam Cyber Privacy","productVersion":"3.7.3.0","fileVersion":"3.7.3.0","hashMD5":"46cfc0179d5649584f1564fb8d9f113b","hashSHA1":"8b812fcf713b233b182bb95923e736dfa74579b6","hashSHA256":"bbe46f0d06a11e78136a74b0b60f9664b6199fec1c7ed7bf04ded72f71d7947a","digitalCertThumbprint":"CAE3B8AFB4EB3215D72266F23E60F66B46F6E940","sourceIndex":"373","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AntispamCyberPrivacySetup.exe","isInstaller":"True","companyName":"PcFix LTD","productName":"Antispam Cyber Privacy","productVersion":"3.7.3","fileVersion":"3.7.3","hashMD5":"486aeb1ed5b0de560d038a7b84815e3f","hashSHA1":"824a9e9f7447640e22ff869dc3535b826dbe9e5f","hashSHA256":"f474cb012d5a8c89c0df5910062d2c590b092308fed9beddf803066a93f7705a","digitalCertThumbprint":"CAE3B8AFB4EB3215D72266F23E60F66B46F6E940","sourceIndex":"373","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20200915)","Avira Internet Security (20200915)","Bitdefender Internet Security (20200915)","ESET Internet Security (20200915)","G DATA INTERNET SECURITY (20200915)","K7 Total Security (20200915)","Kaspersky Internet Security (20200915)","Malwarebytes Premium (20200915)","McAfee Total Protection (20200915)","Norton Security (20200915)","Panda Dome (20200915)","Sophos Home Premium (20200915)","Trend Micro Internet Security (20200915)","VirIT eXplorer PRO (20200915)","Webroot SecureAnywhere (20200915)","Windows Defender (20200915)","360 Total Security (20200915)","COMODO Antivirus (20200915)","Dr.Web Security Space (20200915)","Quick Heal Internet Security (20200915)","SpyHunter5 (20200915)","Tencent PC Manager (20200915)","VIPRE Advanced Security (20200915)","Avast Premium Security (20200915)","Total AV Antivirus Pro (20200915)"],"avAllowList":["F-PROT Antivirus for Windows (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://antiscamplus.com","directDownloadingLink":"https://antiscamplus.com/dl/AntispamCyberPrivacySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://antiscamplus.com/dl/AntispamCyberPrivacySetup.exe","sourceIndex":"373"}],"sampleFiles":["200810/AntispamCyberPrivacy-190104/3.7.3.0/Samples/AntispamCyberPrivacy.exe","200810/AntispamCyberPrivacy-190104/3.7.3.0/Samples/AntispamCyberPrivacySetup.exe"],"imageFiles":["200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-004/004.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-004/clean.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-084/schedule.png"],"nonDeceptorImageFiles":["200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-160/call1.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-160/call2.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-099/unins1.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-099/uninstall_page.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-099/uninstall.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-163/call1.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-163/call2.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-163/chat.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-002/name.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-065/terms_page.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-065/privacy_page.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-065/uninstall_page.png","200810/AntispamCyberPrivacy-190104/3.7.3.0/Images/ACR-092/app_name.png"],"guid":"b4f7eed0-9288-4d93-b017-6a5913819e9b_3.7.3.0_1","appID":"AntispamCyberPrivacy-190104","dateAdded":"200810","deceptorType":"App","name":"Antispam Cyber Privacy","company":"PcFix LTD","version":"3.7.3.0","sigName":"Deceptor:Win32/AntiSpamCyberPrivacy!004084","lastKnownStatus":"Deceptor:3.7.3.0;3.8.7","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:19.0335448+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1857},{"violations":{"ACR-006":"3rd party monetization entity is not accurately and clearly attributed.\n","ACR-084":" The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent or without the option for user to disable it in app's setting.\n","ACR-168":"No disclosure about additional offer will be made next to call center support phone number\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages.\n","ACR-002":"The App/Brand name is not consistent in the Main page with name in the Terms and Condition, EULA, Privacy Policy pages.\n","ACR-163":"The app displays a support call center phone number and live chat but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer. \n","ACR-092":"The app name and the vendor name are not consistent. The name \"PcFix LTD\" is never mentioned in the docs or landing pages.\n","ACR-160":" The app needs to use certified call center if all center is used to monetize the app.\n","ACR-099":" When the user click the \"Uninstall Instructions\", it will redirect to an error webpage.\n The application has no link to uninstall information on the App.\n"},"samples":[{"isRevoked":"False","fileName":"AntispamCyberPrivacySetup.exe","isInstaller":"True","companyName":"PcFix LTD","fileVersion":"3.8.7","hashMD5":"852c0c76f2b400f3644f69c4c28e442e","hashSHA1":"d721cb98cf477945a07cac861daa17e73dd4148e","hashSHA256":"af28aed84c63a08ffeb2093d6f1233aef6f6203e1f886cc1021b7c67c8e3eeb5","digitalCertThumbprint":"413FE847F5C4FDD3259C031854F65A44F4ED34E7","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PcFix LTD, O=PcFix LTD, L=Sofia, C=BG, SERIALNUMBER=204532846, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Sofia, OID.1.3.6.1.4.1.311.60.2.1.3=BG","sourceIndex":"374","avBlockList":["360 Total Security (20200917)","Avast Premium Security (20200917)","AVG Internet Security (20200917)","Avira Internet Security (20200917)","Bitdefender Internet Security (20200917)","Dr.Web Security Space (20200917)","ESET Internet Security (20200917)","G DATA INTERNET SECURITY (20200917)","K7 Total Security (20200917)","Malwarebytes Premium (20200917)","McAfee Total Protection (20200917)","Norton Security (20200917)","Panda Dome (20200917)","Quick Heal Internet Security (20200917)","Sophos Home Premium (20200917)","SpyHunter5 (20200917)","Tencent PC Manager (20200917)","Total AV Antivirus Pro (20200917)","Trend Micro Internet Security (20200917)","VIPRE Advanced Security (20200917)","VirIT eXplorer PRO (20200917)","Webroot SecureAnywhere (20200917)","Windows Defender (20200917)"],"avAllowList":["COMODO Antivirus (20200917)","Kaspersky Internet Security (20200917)"]},{"isRevoked":"False","fileName":"AntispamCyberPrivacy.exe","companyName":"PcFix LTD","fileVersion":"3.8.7","hashMD5":"56b2b92e319c0ee4358f2a382e45db9e","hashSHA1":"d040a7c04d799e8afb5df8d6a78699f17ff9fc24","hashSHA256":"d8bb8372727db98b359bbca2033f9cb47696dcb7ade08a4d8291c6b65edceead","digitalCertThumbprint":"413FE847F5C4FDD3259C031854F65A44F4ED34E7","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PcFix LTD, O=PcFix LTD, L=Sofia, C=BG, SERIALNUMBER=204532846, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Sofia, OID.1.3.6.1.4.1.311.60.2.1.3=BG","sourceIndex":"374","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://antiscamplus.com","directDownloadingLink":"https://antiscamplus.com/dl/AntispamCyberPrivacySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://antiscamplus.com/dl/AntispamCyberPrivacySetup.exe","sourceIndex":"374"}],"sampleFiles":["200810/AntispamCyberPrivacy-190104/3.8.7/Samples/AntispamCyberPrivacySetup.exe","200810/AntispamCyberPrivacy-190104/3.8.7/Samples/AntispamCyberPrivacy.exe"],"imageFiles":["200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-084/schedule.png","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-168/AntispamCyberPrivacy_168.JPG","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-006/AntispamCyberPrivacy_168.JPG"],"nonDeceptorImageFiles":["200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-160/call2.png","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-099/uninstall_page.png","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-099/uninstall.png","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-163/163-AntispamCyberPrivacy.PNG","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-002/name.png","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-065/065-AntispamCyberPrivacy.PNG","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-065/uninstall_page.png","200810/AntispamCyberPrivacy-190104/3.8.7/Images/ACR-092/app_name.png"],"guid":"b4f7eed0-9288-4d93-b017-6a5913819e9b_3.8.7_1","appID":"AntispamCyberPrivacy-190104","dateAdded":"200810","deceptorType":"App","name":"Antispam Cyber Privacy","company":"PcFix LTD","version":"3.8.7","sigName":"Deceptor:Win32/AntispamCyberPrivacy!084168006","lastKnownStatus":"Deceptor:3.7.3.0;3.8.7","lastKnownDate":"241112","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:19.0669486+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1858},{"violations":{"ACR-046":"The app auto-installs without any user options.\n","ACR-003":"The app uses traffic light colors and bars to raise an exaggerated sense of urgency for the consumer.\n","ACR-004":"The app does not fix free scan results for free. The app uses traffic light colors and bars to raise an exaggerated sense of urgency for the consumer.\n","ACR-059":"Offers are not clearly marked as offers and are opt-out.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-088":"The app automatically starts a scan post-install.\n","ACR-099":"The app does not display links to uninstall information.\n","ACR-171":"Offer for the 1-month subscription of McAfee Internet Security is opt-out.\n"},"samples":[{"isRevoked":"False","fileName":"Installer","isInstaller":"True","fileVersion":"0.","hashMD5":"1d85fe53c991f6b45d3292240ebd1258","hashSHA1":"f7c1a16a1d3b4b420b1181f0c3c5f9d91dc5cd20","hashSHA256":"f96f7750dc5df4c94cfc071c2707453efac504bd3ba65396dbbba049e3cb46e3","sourceIndex":"2140","avBlockList":["Avast Security for Mac (20200908)","Avira Security for Mac (20200908)","Bitdefender Antivirus for Mac (20200908)","ESET Cyber Security Pro for Mac (20200908)","G DATA AntiVirus for Mac (20200908)","K7 Antivirus for Mac (20200908)","Kaspersky Internet Security for Mac (20200908)","Norton Security for Mac (20200908)","Sophos Home Premium For Mac (20200908)","Trend Micro Antivirus for Mac (20200908)"],"avAllowList":["McAfee Internet Security for Mac (20200908)"]},{"isRevoked":"False","fileName":"Installer.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"b7fa02475387f68fe363760c7ed18153","hashSHA1":"c48288938a1c0c40aad35307fe0b26e292f1da8f","hashSHA256":"a3ff87ce23a01ba8d93a3ed97a0b58c4fff4601d95a9563cd390672d2c52adc4","sourceIndex":"2140","avBlockList":["Avast Security for Mac (20200908)","Avira Security for Mac (20200908)","Bitdefender Antivirus for Mac (20200908)","ESET Cyber Security Pro for Mac (20200908)","G DATA AntiVirus for Mac (20200908)","K7 Antivirus for Mac (20200908)","Kaspersky Internet Security for Mac (20200908)","McAfee Internet Security for Mac (20200908)","Norton Security for Mac (20200908)","Sophos Home Premium For Mac (20200908)","Trend Micro Antivirus for Mac (20200908)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Quick Mac Booster","fileVersion":"0.","hashMD5":"981868721c401f594cd1fd1a142f5ea3","hashSHA1":"d7ced1f78c67eb861b3c06e55eef90fc1e6d7ba9","hashSHA256":"3eb0e5b41a1bb98c11177dcce66c86fcee172f385718287106c2c525dae68e4f","sourceIndex":"2140","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://quickmacbooster.com","directDownloadingLink":"http://download.quickmacbooster.com/mac/qmbstr/builds/site/Installer.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.quickmacbooster.com/mac/qmbstr/builds/site/Installer.dmg","sourceIndex":"2140"}],"sampleFiles":["200805/QuickMacBooster-200729/2.0.3/Samples/Installer","200805/QuickMacBooster-200729/2.0.3/Samples/Installer.dmg","200805/QuickMacBooster-200729/2.0.3/Samples/Quick Mac Booster"],"imageFiles":["200805/QuickMacBooster-200729/2.0.3/Images/ACR-046/QuickMacBooster AutoInstall.gif","200805/QuickMacBooster-200729/2.0.3/Images/ACR-003/QuickMacBooster 003.png","200805/QuickMacBooster-200729/2.0.3/Images/ACR-004/QuickMacBooster 004.gif","200805/QuickMacBooster-200729/2.0.3/Images/ACR-004/QuickMacBooster 003.png","200805/QuickMacBooster-200729/2.0.3/Images/ACR-059/QuickMacBooster Offer.png"],"nonDeceptorImageFiles":["200805/QuickMacBooster-200729/2.0.3/Images/ACR-065/QuickMacBooster AutoInstall.gif","200805/QuickMacBooster-200729/2.0.3/Images/ACR-065/QuickMacBooster Install.png","200805/QuickMacBooster-200729/2.0.3/Images/ACR-065/QuickMacBooster About.png","200805/QuickMacBooster-200729/2.0.3/Images/ACR-088/QuickMacBooster Auto Scan.gif","200805/QuickMacBooster-200729/2.0.3/Images/ACR-099/QuickMacBooster About.png","200805/QuickMacBooster-200729/2.0.3/Images/ACR-171/QuickMacBooster Offer.png"],"guid":"ca8d219f-2dbd-4ca6-b71b-9cbedd841df0_2.0.3_1","appID":"QuickMacBooster-200729","dateAdded":"200805","deceptorType":"MacOS App","name":"Quick Mac Booster","company":"Digital Protection Services S.R.L","version":"2.0.3","sigName":"Deceptor:MacOS/QuickMacBooster!046003004059","lastKnownStatus":"2.0.3","lastKnownDate":"200805","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-08-05T21:21:11.2108606+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1859},{"violations":{"ACR-048":"The install greys out the close button, which limits the consumer's ability to close the app. \nThe app uses a hotkey to open it and is not located in the Applications folder, which limits the targeted consumer's ability to close, delete, and uninstall the app.\n","ACR-007":"The app does not provide explicit notifications to the targeted consumer and requires a password to open the app, preventing the targeted consumer from accessing it.\n","ACR-084":"The app allows the consumer to hide the app's notifications which allows the app to hide its presence from the consumer. The app also requires either a hotkey or password to open it, preventing targeted consumers from accessing the app and knowing if it is active.\n","ACR-086":"The app is password protected and therefore does not inform the targeted consumer how it collects, stores, or transmits data via explicit notifications.\n","ACR-116":"The app is not found in the Applications folder and therefore cannot be uninstalled there.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app disguise as running service: \"syslogd\"\n","ACR-040":"The app is installed into a hidden folder named \".refog\" inside of the Library directory.\n","ACR-065":"The install page does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"rfginst-ooo6nq9m.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"94b53dc5bd4897e341ed20fb6bf9a783","hashSHA1":"744f44f28624801b7d5eef9b8b5a18d4861c5806","hashSHA256":"2a0625de88259df77086697b12f264ea46ff2b021727a060c8412d47869d832a","sourceIndex":"2141","avBlockList":["Avast Security for Mac (20200908)","Avira Security for Mac (20200908)","Bitdefender Antivirus for Mac (20200908)","ESET Cyber Security Pro for Mac (20200908)","G DATA AntiVirus for Mac (20200908)","K7 Antivirus for Mac (20200908)","McAfee Internet Security for Mac (20200908)","Norton Security for Mac (20200908)","Sophos Home Premium For Mac (20200908)","Trend Micro Antivirus for Mac (20200908)"],"avAllowList":["Kaspersky Internet Security for Mac (20200908)"]},{"isRevoked":"False","fileName":"syslogd","fileVersion":"0.","hashMD5":"fea5d6a531df5d373c9e01eb13314a8f","hashSHA1":"24c26356fdad451f08ab5490c7ce64dbfb3cde47","hashSHA256":"2bf4674a4cb19e78a59e28cda65e38a4ef50da813750303f405ff8103fd4b89d","sourceIndex":"2141","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Refog","fileVersion":"0.","hashMD5":"1114dd19370b6ea1972d03b41ff2d7b8","hashSHA1":"7087609c0f716e5e4a20c63848ad4816ed57ea4d","hashSHA256":"b9504deabac0fab4727c2301af063e85b3dfc0af3fe339c26e4ddf131dcf0eb5","sourceIndex":"2141","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.refog.com/","reference":"Hunt.Search","landingPage":"https://www.refog.com/","directDownloadingLink":"https://rep2.refog.com/rfginst-ooo6nq9m.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://rep2.refog.com/rfginst-ooo6nq9m.dmg","sourceIndex":"2141"}],"sampleFiles":["200729/RefogPersonalMonitorMac-191101/4.0.4/Samples/rfginst-ooo6nq9m.dmg","200729/RefogPersonalMonitorMac-191101/4.0.4/Samples/syslogd","200729/RefogPersonalMonitorMac-191101/4.0.4/Samples/Refog"],"imageFiles":["200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-048/Refog Personal Monitor_Install [1].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-048/Refog Personal Monitor_Settings [1].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-048/Refog Personal Monitor_Settings [2] HotKey.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-048/Refog Personal Monitor_Settings [3] Password.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-048/Refog Personal Monitor_ListofApps [1].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-048/Refog Personal Monitor_ListofApps [2].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-007/Refog Personal Monitor_Settings [1].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-007/Refog Personal Monitor_Settings [2] HotKey.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-007/Refog Personal Monitor_Settings [3] Password.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-007/Refog Personal Monitor_Settings [4].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-007/Refog Personal Monitor_Settings [5] EmailSending.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-007/Refog Personal Monitor_Settings [6] EmailSending.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-084/Refog Personal Monitor_Settings [1].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-084/Refog Personal Monitor_Settings [2] HotKey.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-084/Refog Personal Monitor_Settings [3] Password.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-086/Refog Personal Monitor_Settings [3] Password.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-086/Refog Personal Monitor_Settings [4].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-086/Refog Personal Monitor_Settings [5] EmailSending.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-086/Refog Personal Monitor_Settings [6] EmailSending.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-116/StealthMode in Application list.png"],"nonDeceptorImageFiles":["200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-038/Refog Personal Monitor_RunningProcess [1].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-040/Refog Personal Monitor_HiddenFolder [1] KnockKnockLog.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-040/Refog Personal Monitor_HiddenFolder [2] KnockKnockLog.png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-040/Refog Personal Monitor_HiddenFolder_ [5].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-065/Refog Personal Monitor_Install [1].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-065/Refog Personal Monitor_Install [2].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-065/Refog Personal Monitor_About [1].png","200729/RefogPersonalMonitorMac-191101/4.0.4/Images/ACR-065/Refog Personal Monitor_Settings [9].png"],"guid":"b0969a13-63bc-4295-b3db-5e0ce10ef274_4.0.4_1","appID":"RefogPersonalMonitorMac-191101","dateAdded":"200729","deceptorType":"MacOS App","name":"Refog Personal Monitor for Mac","company":"Refog","version":"4.0.4","sigName":"Deceptor:MacOS/RefogPersonalMonitorStalkerware!048007084086116","lastKnownStatus":"Deceptor:3.7.2,4.0.1,4.0.2,4.0.4","lastKnownDate":"200729","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2020-07-29T16:39:39.3906357+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1860},{"violations":{"ACR-048":"The install greys out the close button, which limits the consumer's ability to close the app. \nThe app uses a hotkey to open it and is not located in the Applications folder, which limits the targeted consumer's ability to close, delete, and uninstall the app.\n","ACR-007":"The app does not provide explicit notifications to the targeted consumer and requires a password to open the app, preventing the targeted consumer from accessing it.\n","ACR-084":"The app allows the consumer to hide the app's notifications which allows the app to hide its presence from the consumer. The app also requires either a hotkey or password to open it, preventing targeted consumers from accessing the app and knowing if it is active.\n","ACR-086":"The app is password protected and therefore does not inform the targeted consumer how it collects, stores, or transmits data via explicit notifications.\n","ACR-116":"The app is not found in the Applications folder and therefore cannot be uninstalled there.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app disguise as running service: \"syslogd\"\n","ACR-040":"The app is installed into a hidden folder named \".smoke\" inside of the Library directory.\n","ACR-065":"The install page does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy.\n"},"samples":[{"isRevoked":"False","fileName":"Refog","fileVersion":"0.","hashMD5":"68925343a9fdaad6f478a05affbeea98","hashSHA1":"7d0bdd0508747d12cba7440f100094ad7d0caf13","hashSHA256":"88dbc53ea3f19a234f80979bae2a496c9c71be0c0b9ea001157511ff37f725f7","sourceIndex":"2497","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rfginst-tdp6nczw.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"1eb5fb953c4b0d4ae66f4f82290daeaa","hashSHA1":"6e27771426146167000fe00b13282c9660f31fa7","hashSHA256":"97c52abe190a44d90f9016aef8a6829ddeb3074fa7794a076d7f18d2b4a4664a","sourceIndex":"2497","avBlockList":["Avast Security for Mac (20200516)","Avira Security for Mac (20200516)","Bitdefender Antivirus for Mac (20200516)","ESET Cyber Security Pro for Mac (20200516)","G DATA AntiVirus for Mac (20200516)","K7 Antivirus for Mac (20200516)","McAfee Internet Security for Mac (20200516)","Norton Security for Mac (20200516)","Sophos Home Premium For Mac (20200516)","Trend Micro Antivirus for Mac (20200516)"],"avAllowList":["Kaspersky Internet Security for Mac (20200516)"]},{"isRevoked":"False","fileName":"syslogd","fileVersion":"0.","hashMD5":"8c09318d602ed9e9c070e1f7d3b24b0d","hashSHA1":"4a80ee1ac8897baaecc4192a8d751a1926464d79","hashSHA256":"7fb92316aecb010cbab873cf94b7ee54c2730c53866ca097dd61848e8fb39b02","sourceIndex":"2497","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Goggle Search Mac Keylogger","reference":"Hunt.Search","landingPage":"https://www.refog.com/","directDownloadingLink":"https://rep2.refog.com/rfginst-fbd6nl65.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://rep2.refog.com/rfginst-fbd6nl65.dmg","sourceIndex":"2497"}],"sampleFiles":["200418/RefogPersonalMonitorMac-191101/4.0.2/Samples/Refog","200418/RefogPersonalMonitorMac-191101/4.0.2/Samples/rfginst-tdp6nczw.dmg","200418/RefogPersonalMonitorMac-191101/4.0.2/Samples/syslogd"],"imageFiles":["200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-048/Refog_Installs [2] EULA.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-048/Refog_Interaction [2] Invisibility.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-048/StealthMode in Application list.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-007/Refog_Interaction [1].png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-007/Refog_Interaction [2] Invisibility.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-007/Refog_Interaction [2] LogSending.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-007/Refog_Interaction [3] LogIn.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-007/Refog_Interaction [4] Settings.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-084/Refog_Interaction [1].png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-084/Refog_Interaction [2] Invisibility.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-086/Refog_Interaction [2] LogSending.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-086/Refog_Interaction [3] LogIn.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-116/StealthMode in Application list.png"],"nonDeceptorImageFiles":["200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-038/StealthMode in Running Process list.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-040/HiddenFolder [1].png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-040/HiddenFolder [3].png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-065/Refog_About.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-065/Refog_Installs [1].png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-065/Refog_Installs [2] EULA.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-065/Refog_About.png","200418/RefogPersonalMonitorMac-191101/4.0.2/Images/ACR-065/Refog_Interaction [4] Settings.png"],"guid":"b0969a13-63bc-4295-b3db-5e0ce10ef274_4.0.2_1","appID":"RefogPersonalMonitorMac-191101","dateAdded":"200729","deceptorType":"MacOS App","name":"Refog Personal Monitor for Mac","company":"Refog","version":"4.0.2","sigName":"Deceptor:MacOS/RefogPersonalMonitorStalkerware!048007084086116","lastKnownStatus":"Deceptor:3.7.2,4.0.1,4.0.2,4.0.4","lastKnownDate":"200729","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-07-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1861},{"violations":{"ACR-048":"The install greys out the close button, which limits the consumer's ability to close the app.\nThe app uses a hotkey to open it and is not located in the Applications folder, which limits the targeted consumer's ability to delete or uninstall the app.\n","ACR-007":"The app enables the consumer to hide all app notifications from the targeted consumer.\n","ACR-084":"The app enables the consumer to hide app notifications, which disguises its presence from the targeted consumer. The app also allows the consumer to require a hotkey and password to open it.\n","ACR-086":"The app enables the consumer to hide all app notifications, which hides from the targeted consumer how the app collects and transmits the targeted consumer's data.\n","ACR-116":"The app cannot be uninstalled from the Applications folder.\n"},"nonDeceptorViolations":{"ACR-040":"The app is into a hidden folder named \".smoke\" inside of the libraries folder.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Refog","fileVersion":"0.","hashMD5":"232c60b705c3d58726eb94325b962baf","hashSHA1":"2c4aa91f99a2a536b06cdfcfa2c29fcf5a190dbe","hashSHA256":"61e7bb53c89f80d35569f7e13c441b6eba85dec0622fd421c7c79d4a3133f9bc","sourceIndex":"2638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rfginst-z8nn7pjc.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"b3e41dcb98ba7f23a9c7e38040f1a783","hashSHA1":"ada3495a4750f826d45eee0be497698e841a2305","hashSHA256":"40403ebdb33ffa716fc57f2e610e2ae239f6777cb8dfdbf89660f2a6a4292547","sourceIndex":"2638","avBlockList":["Avast Security for Mac (20201208)","Avira Security for Mac (20201208)","Bitdefender Antivirus for Mac (20201208)","ESET Cyber Security Pro for Mac (20201208)","G DATA AntiVirus for Mac (20201208)","K7 Antivirus for Mac (20201208)","Kaspersky Internet Security for Mac (20201208)","McAfee Internet Security for Mac (20201208)","Norton Security for Mac (20201208)","Sophos Home Premium For Mac (20201208)","Trend Micro Antivirus for Mac (20201208)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://remotekeyloggers.net/keyloggers-for-pc/","reference":"Hunt.Search","landingPage":"https://www.refog.com/","directDownloadingLink":"https://login.refog.com/api/v1/download?pid=rmpm&ver=3.7.2","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://login.refog.com/api/v1/download?pid=rmpm&ver=3.7.2","sourceIndex":"2638"}],"sampleFiles":["191101/RefogPersonalMonitorMac-191101/3.7.2/Samples/Refog","191101/RefogPersonalMonitorMac-191101/3.7.2/Samples/rfginst-z8nn7pjc.dmg"],"imageFiles":["191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-048/Refog Mac EULA.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-048/Refog Mac Uninstall.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-048/Refog Mac Hotkey.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-007/Refog Mac Hide.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-084/Refog Mac Hotkey.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-084/Refog Mac Hide.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-086/Refog Mac Hide.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-116/Refog Mac Uninstall.png"],"nonDeceptorImageFiles":["191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-040/Refog Mac Different Folder.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-065/Refog Mac EULA.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-065/Refog Mac About.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-065/Refog Mac Bottom of Landing Page.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-099/Refog Mac Bottom of Landing Page.png","191101/RefogPersonalMonitorMac-191101/3.7.2/Images/ACR-099/Refog Mac Internal Offers.png"],"guid":"b0969a13-63bc-4295-b3db-5e0ce10ef274_3.7.2_1","appID":"RefogPersonalMonitorMac-191101","dateAdded":"200729","deceptorType":"MacOS App","name":"Refog Personal Monitor for Mac","company":"Refog","version":"3.7.2","sigName":"Deceptor:MacOS/RefogPersonalMonitorStalkerware!007048084086116","lastKnownStatus":"Deceptor:3.7.2,4.0.1,4.0.2,4.0.4","lastKnownDate":"200729","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-07-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1863},{"violations":{"ACR-048":"The install greys out the close button, which limits the consumer's ability to close the app.\nThe app uses a hotkey to open it and is not located in the Applications folder, which limits the targeted consumer's ability to close, delete, and uninstall the app.\n","ACR-007":"The app enables the consumer to hide all explicit notifications from the targeted consumer.\n","ACR-084":"The app allows the consumer to hide the app's notifications which allows the app to hide its presence from the consumer. The app also requires either a hotkey or password to open it, preventing targeted consumers from accessing the app and knowing if it is active.\n","ACR-086":"The app allows the consumer to hide all app notifications, which hides information about how the app collects, stores, and transmits targeted consumer data from the targeted consumer.\n","ACR-116":"The app is not found in the Applications folder and therefore cannot be uninstalled there.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed into a hidden folder named \".smoke\" inside of the libraries folder.\n","ACR-065":"The install page does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app's landing page does not display links to uninstall information.\nThe app's internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"rfginst-zj66nrkp.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"1d7ad48fa079f036dc29323091c35b6f","hashSHA1":"a2cd437b799a9d1574e5e52515a2a8d8c57cb337","hashSHA256":"7fa2d3aea91116ea4bd418714211488552f9e8426e9bc9aaf92f4c6e974a7d76","sourceIndex":"2539","avBlockList":["Avast Security for Mac (20200319)","Avira Security for Mac (20200319)","Bitdefender Antivirus for Mac (20200319)","ESET Cyber Security Pro for Mac (20200319)","G DATA AntiVirus for Mac (20200319)","K7 Antivirus for Mac (20200319)","McAfee Internet Security for Mac (20200319)","Norton Security for Mac (20200319)","Sophos Home Premium For Mac (20200319)","Trend Micro Antivirus for Mac (20200319)"],"avAllowList":["Kaspersky Internet Security for Mac (20200319)"]},{"isRevoked":"False","fileName":"Refog","fileVersion":"0.","hashMD5":"be92011ebfc49e1c0b8c5cdfb84f4c8c","hashSHA1":"3ff82a3a60da25de6789c1876dc2c93922df5175","hashSHA256":"ad9705340e0b2e1265946a5587fbf681e3b515dd32430990b6b7ff08a262ddb0","sourceIndex":"2539","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://remotekeyloggers.net/keyloggers-for-pc/","reference":"Hunt.Search","landingPage":"https://www.refog.com/","directDownloadingLink":"https://login.refog.com/api/v1/download?pid=rmpm&ver=4.0.1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://login.refog.com/api/v1/download?pid=rmpm&ver=4.0.1","sourceIndex":"2539"}],"sampleFiles":["200212/RefogPersonalMonitorMac-191101/4.0.1/Samples/rfginst-zj66nrkp.dmg","200212/RefogPersonalMonitorMac-191101/4.0.1/Samples/Refog"],"imageFiles":["200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-048/Install.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-048/Hotkey.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-048/Applications.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-007/Refog Mac Hide.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-007/Screen Shot 2020-02-05 at 3.40.32 PM.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-084/Screen Shot 2020-02-05 at 3.40.32 PM.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-084/Hotkey.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-086/Screen Shot 2020-02-05 at 3.40.32 PM.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-116/Applications.png"],"nonDeceptorImageFiles":["200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-040/Screen Shot 2020-02-05 at 4.01.09 PM.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-065/ACR-065.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-065/About Page.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-065/Landing Page.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-099/Landing Page.png","200212/RefogPersonalMonitorMac-191101/4.0.1/Images/ACR-099/Screen Shot 2020-02-05 at 4.41.16 PM.png"],"guid":"b0969a13-63bc-4295-b3db-5e0ce10ef274_4.0.1_1","appID":"RefogPersonalMonitorMac-191101","dateAdded":"200729","deceptorType":"MacOS App","name":"Refog Personal Monitor for Mac","company":"Refog","version":"4.0.1","sigName":"Deceptor:MacOS/RefogPersonalMonitor!048007084086116","lastKnownStatus":"Deceptor:3.7.2,4.0.1,4.0.2,4.0.4","lastKnownDate":"200729","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-07-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1862},{"violations":{"ACR-046":"The app auto-installs without any user options.\n","ACR-003":"The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-004":"The app does not fix free scan results for free. The app uses traffic light colors and gauges to raise an exaggerated sense of urgency for the consumer.\n","ACR-164":"The app doesn't provide clear information when and how users will be notified free trial expired and how they can opt-out for auto charging when the trial expires.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-088":"The app starts a scan post-install.\n","ACR-099":"The app does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Installer.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"789abd583b29c812958d41b840a07e73","hashSHA1":"ce7259d4f5bb619a49217a459caa8207a64fa409","hashSHA256":"c3a50b714246bc059b29810bb2aeec5b54ac5e21807c07457492460fe57a4083","sourceIndex":"2142","avBlockList":["Avast Security for Mac (20200908)","Avira Security for Mac (20200908)","Bitdefender Antivirus for Mac (20200908)","ESET Cyber Security Pro for Mac (20200908)","G DATA AntiVirus for Mac (20200908)","K7 Antivirus for Mac (20200908)","McAfee Internet Security for Mac (20200908)","Norton Security for Mac (20200908)","Sophos Home Premium For Mac (20200908)","Trend Micro Antivirus for Mac (20200908)"],"avAllowList":["Kaspersky Internet Security for Mac (20200908)"]},{"isRevoked":"False","fileName":"Total Mac Fixer","fileVersion":"0.","hashMD5":"4508bad90486b593999c6f5a73658f64","hashSHA1":"4bf5174c7e4b5a1dc9beaa74b01d240e03c9c75b","hashSHA256":"eae3449b8ac858465156a7048beddaad1c04022f9a7ff6e386213d5509db54fd","sourceIndex":"2142","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://totalmacfixer.com","directDownloadingLink":"http://dwn.totalmacfixer.com/mac/tmf/builds/site/Installer.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dwn.totalmacfixer.com/mac/tmf/builds/site/Installer.dmg","sourceIndex":"2142"}],"sampleFiles":["200728/TotalMacFixer-200728/3.0.1/Samples/Installer.dmg","200728/TotalMacFixer-200728/3.0.1/Samples/Total Mac Fixer"],"imageFiles":["200728/TotalMacFixer-200728/3.0.1/Images/ACR-046/TotalMacFixer Auto Install.gif","200728/TotalMacFixer-200728/3.0.1/Images/ACR-003/TotalMacFixer 003.png","200728/TotalMacFixer-200728/3.0.1/Images/ACR-004/TotalMacFixer 004.gif","200728/TotalMacFixer-200728/3.0.1/Images/ACR-004/TotalMacFixer 003.png","200728/TotalMacFixer-200728/3.0.1/Images/ACR-164/TotalMacFixer Top Internal Offers.png"],"nonDeceptorImageFiles":["200728/TotalMacFixer-200728/3.0.1/Images/ACR-065/TotalMacFixer Auto Install.gif","200728/TotalMacFixer-200728/3.0.1/Images/ACR-065/TotalMacFixer Install.png","200728/TotalMacFixer-200728/3.0.1/Images/ACR-065/TotalMacFixer About.png","200728/TotalMacFixer-200728/3.0.1/Images/ACR-099/TotalMacFixer About.png","200728/TotalMacFixer-200728/3.0.1/Images/ACR-088/TotalMacFixer Auto Scan.gif"],"guid":"997190bd-d3d5-426e-bce0-813222eb7765_3.0.1_1","appID":"TotalMacFixer-200728","dateAdded":"200728","deceptorType":"MacOS App","name":"Total Mac Fixer","company":"N9NE B.V.","version":"3.0.1","sigName":"Deceptor:MacOS/TotalMacFixer!046003004164","lastKnownStatus":"3.0.1","lastKnownDate":"200728","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-07-29T04:54:17.8162877+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1864},{"violations":{"ACR-109":"User is told that the application is a driver updater, instead downloads malware file \"SearchIndexr\" in a hidden folder\n","ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"SearchIndexr.exe\".\n","ACR-043":"There is no EULA, Privacy Policy, or any readme files. The app also installs a malware file SearchIndexr.\n","ACR-047":"The app misleads the user into thinking it is a driver updater, and later installs a malware file asking for the user's windows serial number.\n","ACR-048":"The software is a malware file that locks the user's computer and prevents the user from accessing control panel, or any other software that could be used to uninstall the app\n","ACR-003":"After running the software, a hidden malware file locks the computer with a fake boot system error message \n","ACR-005":"Pretends to be a windows system error message\n","ACR-007":"Pretends to be a windows system error card\n","ACR-009":"After running the app, a hidden malware file locks the users computer with a fake error screen that prevents them from accessing anything else, unless they input their windows serial key.\n","ACR-010":"The app installs a malware file name \"SearchIndexr.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware locks the user's computer unless they input a serial key.\n","ACR-017":"The hidden malware file pretends to be a windows system error message, while not in any way being affiliated with the windows system\n","ACR-083":"The app installs a malware .exe file in a hidden folder. The system is locked with threatening message and user has no way to uninstall the app and remove the malware. \n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-103":"App says it is a driver updater, instead of updating drivers it installs malware and locks the consumer's computer\n","ACR-014":"The App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system.\nThe App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system.\n","ACR-039":"The app does not have a EULA, Privacy Policy, or any readme files and install malware in user's system.\n"},"nonDeceptorViolations":{"ACR-038":"Does not display information regarding the app source and name\n","ACR-040":"Downloads in hidden folder \"AppData\".\n","ACR-045":"The Landing Page informs the computer that the application updates the user's drivers, instead it downloads a malware file.\n","ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\n","ACR-056":"The landing page tells the user that the app they will install is a driver updater and will update their computer drives. The file installed was instead a malware file that locks the user's computer under a fake system error message asking for their windows serial key.\n","ACR-087":"The hidden malware locks the user's computer and prevents the user from accessing their computer\n","ACR-092":"The application does not have a digital signature.\n","ACR-093":"The app closes all your running programs and locks your computer behind a fake error message\n","ACR-094":"The app runs a hidden malware file that locks the computer behind a fake error message without informing the user\n","ACR-098":"The app runs a hidden malware file that locks the computer and prevents the user from doing anything\n","ACR-153":"The app installs a malware file and does not inform the user, user cannot accept/decline the install.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"App locks the user's computer and cannot be uninstalled while computer is locked\nLanding page does not display links to the uninstall information\n","ACR-035":"There is no EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy. There are also no Readme files in the download location.\n","ACR-017":"The website makes unsubstantiated claims about user reviews, while not providing any links to user testimonials or review websites\n","ACR-014":"The landing page makes unsubstantiated claims that they will update your drivers.\n"},"samples":[{"isRevoked":"False","fileName":"setup.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"66b73833d69b164bb6f3b6e271210666","hashSHA1":"7b6e3a9d8a1c4d9ea4d3fb98a59593ab080a945b","hashSHA256":"604f995445decd8b3ac3080101426148b889cda65c52b922f92dce68dffbc07a","sourceIndex":"2145","avBlockList":["360 Total Security (20200806)","Avast Premium Security (20200806)","AVG Internet Security (20200806)","Avira Internet Security (20200806)","Bitdefender Internet Security (20200806)","Dr.Web Security Space (20200806)","ESET Internet Security (20200806)","G DATA INTERNET SECURITY (20200806)","K7 Total Security (20200806)","Kaspersky Internet Security (20200806)","Malwarebytes Premium (20200806)","McAfee Total Protection (20200806)","Norton Security (20200806)","Quick Heal Internet Security (20200806)","Sophos Home Premium (20200806)","SpyHunter5 (20200806)","Tencent PC Manager (20200806)","Total AV Antivirus Pro (20200806)","Trend Micro Internet Security (20200806)","VIPRE Advanced Security (20200806)","Webroot SecureAnywhere (20200806)","Windows Defender (20200806)"],"avAllowList":["COMODO Antivirus (20200806)","Panda Dome (20200806)","VirIT eXplorer PRO (20200806)"]},{"isRevoked":"False","fileName":"SearchIndexr.exe","companyName":"Microsoft","fileVersion":"8.2","hashMD5":"395c946f07220d9626378d4ffb2a6d2a","hashSHA1":"a55355db25fd635e35cb1948daf246273ec2d50a","hashSHA256":"f02667709f1fe4e594e6fba2ebfeac3bd3f3789463f4174cdad99aef5d2e4301","sourceIndex":"2145","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"driver update fix\"","reference":"http://driverupdate.online/","landingPage":"http://driverupdate.online/","directDownloadingLink":"https://ln.sync.com/dl/902ac9da0/view/default/2134840010011#wze2uz77-bkghxcrz-sy7hfhkr-tmqukrbk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ln.sync.com/dl/902ac9da0/view/default/2134840010011#wze2uz77-bkghxcrz-sy7hfhkr-tmqukrbk","sourceIndex":"2145"}],"sampleFiles":["200724/A-DriverUpdate-190404/8.2.10.5/Samples/setup.msi","200724/A-DriverUpdate-190404/8.2.10.5/Samples/SearchIndexr.exe"],"imageFiles":["200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-042/010.png","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-042/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-010/010.png","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-010/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-084/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-014/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-014/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-109/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-109/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-039/039-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-043/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-043/039-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-047/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-047/045-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-048/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-003/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-005/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-007/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-009/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-017/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-083/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-103/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-103/019-DriverUpdate.PNG"],"nonDeceptorImageFiles":["200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-014/014-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-065/039-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-065/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-065/045-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-092/038-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-157/038-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-038/038-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-040/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-045/045-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-045/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-017/045-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-056/045-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-056/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-087/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-093/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-094/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-098/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-153/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-099/010-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-099/099-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-035/019-DriverUpdate.PNG","200724/A-DriverUpdate-190404/8.2.10.5/Images/ACR-035/039-DriverUpdate.PNG"],"guid":"a529efe8-ebcf-433b-b145-0b2e54c87f66_8.2.10.5_1","appID":"A-DriverUpdate-190404","dateAdded":"200724","deceptorType":"App","name":"Driver Update","company":"Driver Update Online LLC","version":"8.2.10.5","sigName":"Deceptor:Win32/DriverUpdate!010","lastKnownStatus":"Deceptor:1.0.0.0;8.2.10.5","lastKnownDate":"200929","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2020-09-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1866},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"SearchIndexr.exe\".\n","ACR-010":"The app installs a malware file name \"SearchIndexr.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system.\nThe App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"DeviceDoctor_Bundle.exe","isInstaller":"True","companyName":"Driver Update Online LLC","fileVersion":"1.0","hashMD5":"6ab06c19364d03de5e1cebc7e8f0bfbc","hashSHA1":"933a93f62410eefae8a31c210c0f7d241e7c384d","hashSHA256":"c473921c43f428b2984cd99da4e798323f23d0c20507506293467705da4a331a","sourceIndex":"3121","avBlockList":["360 Total Security (20200909)","Avast Internet Security (20190701)","AVG Internet Security (20200909)","Avira Internet Security (20200909)","Bitdefender Internet Security (20200909)","COMODO Antivirus (20200909)","Dr.Web Security Space (20200909)","ESET Internet Security (20200909)","G DATA INTERNET SECURITY (20200909)","K7 Total Security (20200909)","Kaspersky Internet Security (20200909)","Malwarebytes Premium (20200909)","McAfee Total Protection (20200909)","Norton Security (20200909)","Panda Dome (20200909)","Quick Heal Internet Security (20200909)","Sophos Home Premium (20200909)","SpyHunter5 (20200909)","Tencent PC Manager (20200909)","Trend Micro Internet Security (20200909)","VIPRE Advanced Security (20200909)","VirIT eXplorer PRO (20200909)","Webroot SecureAnywhere (20200909)","Windows Defender (20200909)","Avast Premium Security (20200909)","Total AV Antivirus Pro (20200909)"],"avAllowList":["F-PROT Antivirus for Windows (20190418)"]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Driver Update Online LLC\\Driver Update\\SearchIndexr.exe","companyName":"Microsoft","fileVersion":"8.2","hashMD5":"6c1b645b9afa57ce82bed35a7be2a0cb","hashSHA1":"1638c4b3bc833ebcc0eb031051e22fa1a20510d6","hashSHA256":"f44b9873b3c9809b7ead2318ee107fe3c0d49c7efd7841eca67bfd7ae0eb2b3f","sourceIndex":"3121","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"driver update fix\"","reference":"http://driverupdate.online/","landingPage":"http://driverupdate.online/","directDownloadingLink":"https://ln.sync.com/dl/902ac9da0/view/default/2134840010011#wze2uz77-bkghxcrz-sy7hfhkr-tmqukrbk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ln.sync.com/dl/902ac9da0/view/default/2134840010011#wze2uz77-bkghxcrz-sy7hfhkr-tmqukrbk","sourceIndex":"3121"}],"sampleFiles":["190405/A-DriverUpdate-190404/1.0.0.0/Samples/DeviceDoctor_Bundle.exe","190405/A-DriverUpdate-190404/1.0.0.0/Samples/SearchIndexr.ex_"],"imageFiles":["190405/A-DriverUpdate-190404/1.0.0.0/Images/ACR-042/010.png","190405/A-DriverUpdate-190404/1.0.0.0/Images/ACR-010/010.png","190405/A-DriverUpdate-190404/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":[],"guid":"a529efe8-ebcf-433b-b145-0b2e54c87f66_1.0.0.0_1","appID":"A-DriverUpdate-190404","dateAdded":"200724","deceptorType":"App","name":"Driver Update","company":"Driver Update Online LLC","version":"1.0.0.0","sigName":"Deceptor:Win32/DriverUpdateOnline!010014042084","lastKnownStatus":"Deceptor:1.0.0.0;8.2.10.5","lastKnownDate":"200929","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2020-09-29T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1867},{"violations":{"ACR-014":"The download site displays a \"download button\" in order to mislead the consumer into downloading another app.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an app instead of redirecting to a landing page which allows the consumer to make an informed decision whether to accept or decline the offer.\n","ACR-155":"The download ad is inserted to masquerade as part of the existing user workflow.  Ad's download button is prominently presented to user comparing with the software user intended to download.  \n"},"nonDeceptorViolations":{"ACR-014":"The download site displays a \"download button\" in order to mislead the consumer into downloading another app.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.softportal.com/","ipv4":"","ipv6":"","sourceIndex":"2146"}],"sampleFiles":[],"imageFiles":["200724/SoftPortal-200716/200716/Images/ACR-014/Screen Shot 2020-07-16 at 10.52.33 AM.png","200724/SoftPortal-200716/200716/Images/ACR-155/Screen Shot 2020-07-16 at 10.52.33 AM.png","200724/SoftPortal-200716/200716/Images/ACR-155/Softportal_DownloadSite.JPG","200724/SoftPortal-200716/200716/Images/ACR-016/2020-07-16_11-54-40 (1).gif"],"nonDeceptorImageFiles":["200724/SoftPortal-200716/200716/Images/ACR-014/Screen Shot 2020-07-16 at 10.52.33 AM.png"],"guid":"11fbd0bb-1029-4bb1-b35d-b1147f3e12cc_200716_1","appID":"SoftPortal-200716","dateAdded":"200724","deceptorType":"Download Site","name":"SoftPortal","company":"SoftPortal","version":"200716","sigName":"Deceptor:Affiliate/Softportal!016155014","lastKnownStatus":"200724","lastKnownDate":"200724","type":"Download Site","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2020-07-24T19:40:23.8546759+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1865},{"violations":{"ACR-003":"The app uses traffic light colors to raise an exaggerated sense of urgency and does not substantiate scan results post-scan.\n","ACR-004":"The app uses traffic light colors to raise an exaggerated sense of urgency for user to switch to premium and does not substantiate scan results post-scan. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the app's installer that show the Returns and Cancellation Policy or the Privacy Policy. \nThere are no links on the application that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no links or information that shows how to uninstall the app.\nThe application's landing page has no links or information that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"PrivacyProTech.exe","isInstaller":"True","companyName":"IHA Softwares","fileVersion":"2.0","hashMD5":"6fc44959e8978f092b645c8793df52a1","hashSHA1":"417c92ca6624227275107ea0b0b0db4f01ff7d4d","hashSHA256":"ce257bfa211bc29a31c55d081512eb573fe4d56ff9e4aa8d2ddaa3ec87ba7718","digitalCertThumbprint":"BEB5B8E74DDE223DD852E74921AA762BD8BA59A8","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=IHA SOFTWARES, O=IHA SOFTWARES, L=Portsmouth, S=New Hampshire, C=US","sourceIndex":"2148","avBlockList":["360 Total Security (20200806)","Avast Premium Security (20200806)","AVG Internet Security (20200806)","Avira Internet Security (20200806)","Bitdefender Internet Security (20200806)","COMODO Antivirus (20200806)","Dr.Web Security Space (20200806)","G DATA INTERNET SECURITY (20200806)","K7 Total Security (20200806)","Malwarebytes Premium (20200806)","McAfee Total Protection (20200806)","Norton Security (20200806)","Panda Dome (20200806)","Quick Heal Internet Security (20200806)","Sophos Home Premium (20200806)","Tencent PC Manager (20200806)","Total AV Antivirus Pro (20200806)","VIPRE Advanced Security (20200806)","VirIT eXplorer PRO (20200806)","Webroot SecureAnywhere (20200806)","Windows Defender (20200806)"],"avAllowList":["ESET Internet Security (20200806)","Kaspersky Internet Security (20200806)","SpyHunter5 (20200806)","Trend Micro Internet Security (20200806)"]},{"isRevoked":"False","fileName":"PrivacyProTech.exe","fileVersion":"1.1","hashMD5":"5bdb3a50afdf1231c6dc40cc99a9ceec","hashSHA1":"6890995b5c891dd9b5ee1744e78467d266d14b8b","hashSHA256":"880aede14e7135bdc78f08695644b626af4fbb1b5cbc8307a8cccce835e409c1","digitalCertThumbprint":"BEB5B8E74DDE223DD852E74921AA762BD8BA59A8","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=IHA SOFTWARES, O=IHA SOFTWARES, L=Portsmouth, S=New Hampshire, C=US","sourceIndex":"2148","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc privacy protection\"","landingPage":"http://privacyprotech.com/","directDownloadingLink":"http://privacyprotech.com/PrivacyProTech.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://privacyprotech.com/PrivacyProTech.exe","sourceIndex":"2148"}],"sampleFiles":["200723/PrivacyProTech-181112/2.0.1/Samples/PrivacyProTechInstall.exe","200723/PrivacyProTech-181112/2.0.1/Samples/PrivacyProTech.exe"],"imageFiles":["200723/PrivacyProTech-181112/2.0.1/Images/ACR-003/PrivacyProtech Scan.png","200723/PrivacyProTech-181112/2.0.1/Images/ACR-003/PrivacyProtech Results.png","200723/PrivacyProTech-181112/2.0.1/Images/ACR-004/PrivacyProtech Results.png","200723/PrivacyProTech-181112/2.0.1/Images/ACR-004/PrivacyProtech Scan.png"],"nonDeceptorImageFiles":["200723/PrivacyProTech-181112/2.0.1/Images/ACR-065/PrivacyProtech Install.png","200723/PrivacyProTech-181112/2.0.1/Images/ACR-065/PrivacyProtech About.png","200723/PrivacyProTech-181112/2.0.1/Images/ACR-088/PrivacyProtech PostInstall.gif","200723/PrivacyProTech-181112/2.0.1/Images/ACR-099/PrivacyProtech About.png","200723/PrivacyProTech-181112/2.0.1/Images/ACR-099/PrivacyProtech Landing Page.png"],"guid":"855ac510-94f2-4f9e-b316-e5e05f0a6b13_2.0.1_1","appID":"PrivacyProTech-181112","dateAdded":"200723","deceptorType":"App","name":"PrivacyProTech","company":"iHaveAnswer LLC","version":"2.0.1","sigName":"Deceptor:Win32/PrivacyProTech!003004","lastKnownStatus":"Deceptor:1.1.0,2.0.0.1;2.0.1","lastKnownDate":"200930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-09-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1868},{"violations":{"ACR-003":"The app raises a sense of artificial urgency, claiming that the user's privacy is not protected (your identity, web protection and network is at risk). The app does not provide substantiation for these claims.\n","ACR-014":"The app makes unsubstantiated claims about the systems protection and the user's privacy.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the app's installer that show the Returns and Cancellation Policy or the Privacy Policy. \nThere are no links on the application that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no links or information that shows how to uninstall the app.\nThe application's landing page has no links or information that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"PrivacyProTech.exe","fileVersion":"2.0","hashMD5":"7c5f35cbeb23c8884a0b403a7b204782","hashSHA1":"de28fd717c36d55d9635a852f0a313092c7a53c2","hashSHA256":"d22fad3a3869ab1238af49293c56a95b3c45181aa40876916ac150c2294d29a2","digitalCertThumbprint":"2F681DFEAF8E2BA9EA43B79D229FD5B16504E117","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=iHaveAnswer LLC, O=iHaveAnswer LLC, L=New Rochelle, S=New York, C=US","sourceIndex":"3155","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PrivacyProTechInstall.exe","isInstaller":"True","companyName":"iHaveAnswer LLC","fileVersion":"2.0","hashMD5":"d19d88f2b97aae625ed6c2948c36dba5","hashSHA1":"616142bc46faea17af25e1c4dee386164c2d4be5","hashSHA256":"7506c70ed51570c671ecfa26416a269db07482d653a574302d474b1a9fa77c08","digitalCertThumbprint":"2F681DFEAF8E2BA9EA43B79D229FD5B16504E117","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=iHaveAnswer LLC, O=iHaveAnswer LLC, L=New Rochelle, S=New York, C=US","sourceIndex":"3155","avBlockList":["Avast Internet Security (20190302)","AVG Internet Security (20190302)","Avira Internet Security (20190302)","G DATA INTERNET SECURITY (20190302)","K7 Total Security (20190302)","Kaspersky Internet Security (20190302)","Malwarebytes Premium (20190302)","Norton Security (20190302)","Panda Dome (20190302)","Sophos Home Premium (20190302)","VirIT eXplorer PRO (20190302)","Webroot SecureAnywhere (20190302)"],"avAllowList":["Bitdefender Internet Security (20190302)","ESET Internet Security (20190302)","McAfee Total Protection (20190302)","Trend Micro Internet Security (20190302)","Windows Defender (20190302)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc privacy protection\"","landingPage":"http://privacyprotech.com/","directDownloadingLink":"http://privacyprotech.com/PrivacyProTech.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://privacyprotech.com/PrivacyProTech.exe","sourceIndex":"3155"}],"sampleFiles":["190130/PrivacyProTech-181112/2.0.0.1/Samples/PrivacyProTech.exe","190130/PrivacyProTech-181112/2.0.0.1/Samples/PrivacyProTechInstall.exe"],"imageFiles":["190130/PrivacyProTech-181112/2.0.0.1/Images/ACR-003/PrivacyProTech Upgrade your Privacy Settings.png","190130/PrivacyProTech-181112/2.0.0.1/Images/ACR-014/PrivacyProTech Upgrade your Privacy Settings.png"],"nonDeceptorImageFiles":["190130/PrivacyProTech-181112/2.0.0.1/Images/ACR-065/PrivacyProTech First Page of Install.png","190130/PrivacyProTech-181112/2.0.0.1/Images/ACR-065/PrivacyProTech Settings Page.png","190130/PrivacyProTech-181112/2.0.0.1/Images/ACR-088/PrivacyProTech Scan Starting After Install.png","190130/PrivacyProTech-181112/2.0.0.1/Images/ACR-099/PrivacyProTech Settings Page.png","190130/PrivacyProTech-181112/2.0.0.1/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"855ac510-94f2-4f9e-b316-e5e05f0a6b13_2.0.0.1_1","appID":"PrivacyProTech-181112","dateAdded":"200723","deceptorType":"App","name":"PrivacyProTech","company":"iHaveAnswer LLC","version":"2.0.0.1","sigName":"Deceptor:Win32/PrivacyProTech!003014","lastKnownStatus":"Deceptor:1.1.0,2.0.0.1;2.0.1","lastKnownDate":"200930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-09-30T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1869},{"violations":{"ACR-003":"The app raises a sense of artificial urgency, claiming that the user's privacy is not protected (your identity, web protection and network is at risk). The app does not provide substantiation for these claims.\n","ACR-014":"The app makes unsubstantiated claims about the systems protection. The app claims that the user's privacy is not protected is not substantiated.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links to a webpage on the app's installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the application that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no links or information that shows how to uninstall the app.\nThe application's landing page has no links or information that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"PrivacyProTech.exe","isInstaller":"True","companyName":"iHaveAnswer LLC","productName":"PrivacyProTech","productVersion":"2.0.0.1","fileVersion":"2.0.0.1","hashMD5":"6c0f789123cc08da43f9d18c5acbd4e7","hashSHA1":"0168053472c6a6decb286d7255fee0c3d3b83bbb","hashSHA256":"7ee998cdba17a4c7a77bd4362195e076741b1e902a8478ad4f1a8484690b63b0","digitalCertThumbprint":"2F681DFEAF8E2BA9EA43B79D229FD5B16504E117","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=iHaveAnswer LLC, O=iHaveAnswer LLC, L=New Rochelle, S=New York, C=US","sourceIndex":"3223","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PrivacyProTech.exe","companyName":"n/a","productName":"PrivacyProTech","productVersion":"2.0.0.1","fileVersion":"2.0.0.1","hashMD5":"4b26ca518083bd010c9372d1f5365e31","hashSHA1":"b8c4cda6461f7c7aef610815b282fcde0b597b82","hashSHA256":"7cced3c7280c8b93ba17ead7daf9441447b7482fba02c8704e9fe881fb430a7b","digitalCertThumbprint":"2F681DFEAF8E2BA9EA43B79D229FD5B16504E117","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=iHaveAnswer LLC, O=iHaveAnswer LLC, L=New Rochelle, S=New York, C=US","sourceIndex":"3223","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc privacy protection\"","landingPage":"http://privacyprotech.com/","directDownloadingLink":"http://privacyprotech.com/PrivacyProTech.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://privacyprotech.com/PrivacyProTech.exe","sourceIndex":"3223"}],"sampleFiles":["190130/PrivacyProTech-181112/1.1.0/Samples/PrivacyProTechsetup.exe","190130/PrivacyProTech-181112/1.1.0/Samples/PrivacyProTech.exe"],"imageFiles":["190130/PrivacyProTech-181112/1.1.0/Images/ACR-003/ACR-003_software.JPG","190130/PrivacyProTech-181112/1.1.0/Images/ACR-014/ACR-014_software.JPG"],"nonDeceptorImageFiles":["190130/PrivacyProTech-181112/1.1.0/Images/ACR-065/ACR-065_installer.JPG","190130/PrivacyProTech-181112/1.1.0/Images/ACR-065/ACR-065_software.JPG","190130/PrivacyProTech-181112/1.1.0/Images/ACR-088/ACR-088_software.JPG","190130/PrivacyProTech-181112/1.1.0/Images/ACR-099/ACR-099_software.JPG","190130/PrivacyProTech-181112/1.1.0/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"855ac510-94f2-4f9e-b316-e5e05f0a6b13_1.1.0_1","appID":"PrivacyProTech-181112","dateAdded":"200723","deceptorType":"App","name":"PrivacyProTech","company":"iHaveAnswer LLC","version":"1.1.0","sigName":"Deceptor:Win32/PrivacyProTech!003014","lastKnownStatus":"Deceptor:1.1.0,2.0.0.1;2.0.1","lastKnownDate":"200930","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-09-30T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1870},{"violations":{"ACR-003":"Calling out the optimization items as problem.Raising urgency and exaggerates by saying \"Dangerous! Please Repair now\" .\n","ACR-117":"The default buttons offered on the confirmation prompts are something other than \"uninstall\".\n","ACR-059":"Inline Offer not clearly marked as an offer.\n","ACR-124":"When the user tries to uninstall, more than one confirmation prompts are given to the user.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"MPC.exe","companyName":"DotCash Limited","fileVersion":"1.2","hashMD5":"138d194a2f7a80b6a2da82174c7135d3","hashSHA1":"fa0415010276c5eb39d81d0133120c1ddde97f5a","hashSHA256":"c201d0add38e2cf7003c35eecd55845c17d2a0add2eea9aef31a4a56b1cd3d15","digitalCertThumbprint":"1671BCAF140E5B7F828C59038AF58EE1A568D21F","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=DotCash Limited, OU=IT, O=DotCash Limited, L=Hong Kong, S=Hong Kong, C=HK","sourceIndex":"2147","avBlockList":["360 Total Security (20200728)","Avast Premium Security (20200728)","AVG Internet Security (20200728)","Avira Internet Security (20200728)","Bitdefender Internet Security (20200728)","COMODO Antivirus (20200728)","Dr.Web Security Space (20200728)","ESET Internet Security (20200728)","G DATA INTERNET SECURITY (20200728)","K7 Total Security (20200728)","Kaspersky Internet Security (20200728)","McAfee Total Protection (20200728)","Norton Security (20200728)","Panda Dome (20200728)","Quick Heal Internet Security (20200728)","Sophos Home Premium (20200728)","Tencent PC Manager (20200728)","Total AV Antivirus Pro (20200728)","VIPRE Advanced Security (20200728)","VirIT eXplorer PRO (20200728)","Webroot SecureAnywhere (20200728)","Windows Defender (20200728)"],"avAllowList":["Malwarebytes Premium (20200728)","SpyHunter5 (20200728)","Trend Micro Internet Security (20200728)"]},{"isRevoked":"False","fileName":"mpc-cleaner-1-2-5222-0610-multi-win.exe","isInstaller":"True","companyName":"DotCash Limited","fileVersion":"1.2","hashMD5":"d5d473b0fdd3d0219ee98d4b5a13d144","hashSHA1":"d754bef79c647de2f356a1a41eee5b15a0af2cd2","hashSHA256":"8a049fbb669fbbffefdbac1daad2b14f40dcb4cbf549c4be755dd2dcbf12897a","digitalCertThumbprint":"1671BCAF140E5B7F828C59038AF58EE1A568D21F","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=DotCash Limited, OU=IT, O=DotCash Limited, L=Hong Kong, S=Hong Kong, C=HK","sourceIndex":"2147","avBlockList":["360 Total Security (20200917)","Avast Premium Security (20200917)","AVG Internet Security (20200917)","Avira Internet Security (20200917)","Bitdefender Internet Security (20200917)","COMODO Antivirus (20200917)","Dr.Web Security Space (20200917)","ESET Internet Security (20200917)","G DATA INTERNET SECURITY (20200917)","K7 Total Security (20200917)","Kaspersky Internet Security (20200917)","Malwarebytes Premium (20200917)","McAfee Total Protection (20200917)","Norton Security (20200917)","Panda Dome (20200917)","Quick Heal Internet Security (20200917)","Sophos Home Premium (20200917)","SpyHunter5 (20200917)","Tencent PC Manager (20200917)","Total AV Antivirus Pro (20200917)","Trend Micro Internet Security (20200917)","VIPRE Advanced Security (20200917)","VirIT eXplorer PRO (20200917)","Webroot SecureAnywhere (20200917)","Windows Defender (20200917)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mpc-cleaner-1-2-5222-0610-multi-win_4150150659.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"7c4e73c1ee7b1d55dcb74d3e34567901","hashSHA1":"586df34897360ea854af4c9673d1530d612f6c32","hashSHA256":"6f485ecb974e5f3d363fd39e29a2e46afca4556f9b5edf4bb31fd5c0eb9b4945","digitalCertThumbprint":"F8D8BA0937539D9BBF2874C0D56C3F602A0E3634","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=bronze paradise (Superior Media Ltd.), O=bronze paradise (Superior Media Ltd.), STREET=28 Begin Menachem Rd, L=Tel Aviv, S=Tel Aviv, PostalCode=6618208, C=IL","sourceIndex":"2147","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"edge search mpc cleaner","landingPage":"https://yepdownload.com/mpc-cleaner","directDownloadingLink":"https://yepdownload.com/download/8741","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://yepdownload.com/download/8741","sourceIndex":"2147"}],"sampleFiles":["200723/MPCCleaner-190612/1.2.5222.610/Samples/MPC.exe","200723/MPCCleaner-190612/1.2.5222.610/Samples/mpc-cleaner-1-2-5222-0610-multi-win.exe","200723/MPCCleaner-190612/1.2.5222.610/Samples/mpc-cleaner-1-2-5222-0610-multi-win_4150150659.exe"],"imageFiles":["200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-003/dangerous1.png","200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-003/dangerous2.png","200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-059/ad1.png","200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-059/ad2.png","200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-124/Screen Shot 2019-06-12 at 5.32.51 PM.png","200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-124/uninstall2.png","200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-117/Screen Shot 2019-06-12 at 5.32.51 PM.png","200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-117/uninstall.png"],"nonDeceptorImageFiles":["200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-099/Screen Shot 2019-06-12 at 4.57.55 PM.png","200723/MPCCleaner-190612/1.2.5222.610/Images/ACR-099/Screen Shot 2019-06-12 at 4.59.31 PM.png"],"guid":"f4bbb233-b8c1-4654-aefc-ef623ab3175b_1.2.5222.610_1","appID":"MPCCleaner-190612","dateAdded":"200723","deceptorType":"App","name":"MPC Cleaner","company":"MPC","version":"1.2.5222.610","sigName":"Deceptor:Win32/MPCCleaner!003159124117","lastKnownStatus":"3.4.9743.0311;1.2.5222.610","lastKnownDate":"200929","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-09-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1871},{"violations":{"ACR-117":"The default buttons offered on the confirmation prompts are something other than \"uninstall\".\n","ACR-039":"App installs MPC AdCleaner without disclosing clearly and getting user agreement.\n","ACR-111":"Application does not explicitly inform the user that they will be manipulating webpage content and change browser startup page\n","ACR-124":"When the user tries to uninstall, more than one confirmation prompts are given to the user.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"MPC_3.4.9743.0311.exe","isInstaller":"True","companyName":"DotC United Inc","productName":"MPCSetup","productVersion":"3.4.9743.0311","fileVersion":"3.4.9743.0311","hashMD5":"0f50db8ad54090d36963c095a4b23a2b","hashSHA1":"b8de5e33f0be599cc5b2f5d9c5265987cc84ed42","hashSHA256":"f0f4b0b56e2f84bdd12c07052da8282f5aee65df781ab34ec8a222906838008f","digitalCertThumbprint":"1671BCAF140E5B7F828C59038AF58EE1A568D21F","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=DotCash Limited, OU=IT, O=DotCash Limited, L=Hong Kong, S=Hong Kong, C=HK","sourceIndex":"2985","avBlockList":["Avast Internet Security (20190909)","AVG Internet Security (20200813)","Avira Internet Security (20200813)","Bitdefender Internet Security (20200813)","COMODO Antivirus (20200813)","Dr.Web Security Space (20200813)","ESET Internet Security (20200813)","G DATA INTERNET SECURITY (20200813)","K7 Total Security (20200813)","Kaspersky Internet Security (20200813)","McAfee Total Protection (20200813)","Norton Security (20200813)","Panda Dome (20200813)","Sophos Home Premium (20200813)","Tencent PC Manager (20200813)","Trend Micro Internet Security (20200813)","VIPRE Advanced Security (20200813)","VirIT eXplorer PRO (20200813)","Webroot SecureAnywhere (20200813)","Windows Defender (20200813)","Avast Premium Security (20200813)","SpyHunter5 (20200813)","Total AV Antivirus Pro (20200813)"],"avAllowList":["360 Total Security (20200813)","Malwarebytes Premium (20200813)","Quick Heal Internet Security (20200813)"]},{"isRevoked":"False","fileName":"MPC.exe","companyName":"DotC United Inc","productName":"MPCCleaner","productVersion":"3.4.9743.0311","fileVersion":"3.4.9743.0311","hashMD5":"968c4e1cde2d799c59e3d3f6f05cbf1b","hashSHA1":"cd5fe761e2d751ea8a0af840eb28a73a0e35328a","hashSHA256":"6e4246341e42ee6385cd2e1958a3b1c1de1a07e53b4e138384cfbde577c25fa2","digitalCertThumbprint":"1671BCAF140E5B7F828C59038AF58EE1A568D21F","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=DotCash Limited, OU=IT, O=DotCash Limited, L=Hong Kong, S=Hong Kong, C=HK","sourceIndex":"2985","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google search","landingPage":"http://www.mpc.am/","directDownloadingLink":"http://down.mpc.am/app/down?type=mpc","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://down.mpc.am/app/down?type=mpc","sourceIndex":"2985"}],"sampleFiles":["190616/MPCCleaner-190612/3.4.9743.0311/Samples/MPC_3.4.9743.0311.exe","190616/MPCCleaner-190612/3.4.9743.0311/Samples/MPC.exe"],"imageFiles":["190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-111/Screen Shot 2019-06-12 at 4.48.25 PM.png","190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-111/Screen Shot 2019-06-12 at 4.52.04 PM.png","190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-111/Screen Shot 2019-06-12 at 4.51.22 PM.png","190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-039/MPCAdCleaner.PNG","190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-124/Screen Shot 2019-06-12 at 5.32.51 PM.png","190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-124/Screen Shot 2019-06-12 at 5.34.44 PM.png","190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-117/Screen Shot 2019-06-12 at 5.32.51 PM.png","190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-117/Screen Shot 2019-06-12 at 5.34.44 PM.png"],"nonDeceptorImageFiles":["190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-099/Screen Shot 2019-06-12 at 4.57.55 PM.png","190616/MPCCleaner-190612/3.4.9743.0311/Images/ACR-099/Screen Shot 2019-06-12 at 4.59.31 PM.png"],"guid":"f4bbb233-b8c1-4654-aefc-ef623ab3175b_3.4.9743.0311_1","appID":"MPCCleaner-190612","dateAdded":"200723","deceptorType":"App","name":"MPC Cleaner","company":"MPC","version":"3.4.9743.0311","sigName":"Deceptor:Win32/MPCCleaner!111039124117","lastKnownStatus":"3.4.9743.0311;1.2.5222.610","lastKnownDate":"200929","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2020-09-29T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1872},{"violations":{"ACR-004":"App request user to pay for fixing the issues reported during free scan. App exaggerates the reported issues ad threats.\n","ACR-006":"3rd party call center is not clearly attributed.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"App misleads the consumer by marking search history entries, local traces as threats, and accentuating with red color\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps Privacy Policy information.\nThere is no link for the Apps Privacy Policy information.\nThere is no link for the Apps Privacy Policy information.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-037":"There is no link for the Apps Privacy Policy information.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsements and awards.\n"},"samples":[{"isRevoked":"False","fileName":"IDSafeXpressSetup.exe","isInstaller":"True","companyName":"ID SafeXpress","fileVersion":"3.2","hashMD5":"9d5301403e1df40f4d6439d92f620fb2","hashSHA1":"c588fe54bf69e276cfe2878d499bb01e1be59f1b","hashSHA256":"9b64e66fcd6bd5434580dbd2d99712634b062fc5313dc748721a74c25b378bc5","digitalCertThumbprint":"290AFB46B0CA1646892CF95640507AAB8D484CCC","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Echosoft Infocomm Pvt Ltd, OU=Contact Center, O=Echosoft Infocomm Pvt Ltd, L=Delhi, S=Delhi, C=IN","sourceIndex":"2150","avBlockList":["360 Total Security (20200921)","Avast Premium Security (20200921)","AVG Internet Security (20200921)","Avira Internet Security (20200921)","Bitdefender Internet Security (20200921)","COMODO Antivirus (20200921)","Dr.Web Security Space (20200921)","ESET Internet Security (20200921)","G DATA INTERNET SECURITY (20200921)","K7 Total Security (20200921)","Kaspersky Internet Security (20200921)","Malwarebytes Premium (20200921)","McAfee Total Protection (20200921)","Norton Security (20200921)","Panda Dome (20200921)","Quick Heal Internet Security (20200921)","Sophos Home Premium (20200921)","SpyHunter5 (20200921)","Tencent PC Manager (20200921)","Total AV Antivirus Pro (20200921)","Trend Micro Internet Security (20200921)","VIPRE Advanced Security (20200921)","VirIT eXplorer PRO (20200921)","Webroot SecureAnywhere (20200921)","Windows Defender (20200921)"],"avAllowList":[]},{"isRevoked":"False","fileName":"IDSafeXpress.exe","companyName":"ID SafeXpress","fileVersion":"3.2","hashMD5":"a311e816b25e5e884f3decf79be55402","hashSHA1":"7c76a93de02a925a5d8fdce21f7d9ddc1e3994e8","hashSHA256":"fd49964985f005f15fa7cb87d3981f05048b6277c42d120284bf8cbc1d894a90","digitalCertThumbprint":"290AFB46B0CA1646892CF95640507AAB8D484CCC","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Echosoft Infocomm Pvt Ltd, OU=Contact Center, O=Echosoft Infocomm Pvt Ltd, L=Delhi, S=Delhi, C=IN","sourceIndex":"2150","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"active guard suite\"","reference":"https://www.idsafexpress.com/our-packages/","landingPage":"https://www.idsafexpress.com","directDownloadingLink":"https://www.idsafexpress.com/trial-pack/IDSafeXpressSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.idsafexpress.com/trial-pack/IDSafeXpressSetup.exe","sourceIndex":"2150"}],"sampleFiles":["200723/IDSafeXpress-190605/3.2.5.0/Samples/IDSafeXpressSetup.exe","200723/IDSafeXpress-190605/3.2.5.0/Samples/IDSafeXpress.exe"],"imageFiles":["200723/IDSafeXpress-190605/3.2.5.0/Images/ACR-168/IDSafeX_168_006.JPG","200723/IDSafeXpress-190605/3.2.5.0/Images/ACR-014/014-IDSafeXpress_2.PNG","200723/IDSafeXpress-190605/3.2.5.0/Images/ACR-014/IDSafeX_004_2.JPG","200723/IDSafeXpress-190605/3.2.5.0/Images/ACR-004/IDSafeX_004.JPG","200723/IDSafeXpress-190605/3.2.5.0/Images/ACR-004/IDSafeX_004_2.JPG","200723/IDSafeXpress-190605/3.2.5.0/Images/ACR-006/IDSafeX_168_006.JPG"],"nonDeceptorImageFiles":["200723/IDSafeXpress-190605/3.2.5.0/Images/ACR-017/017.png","200723/IDSafeXpress-190605/3.2.5.0/Images/ACR-161/161.png"],"guid":"754d2ebc-c8ea-4546-bd2f-8359c4434b3d_3.2.5.0_1","appID":"IDSafeXpress-190605","dateAdded":"200723","deceptorType":"App","name":"ID SafeXpress ","company":"Echosoft LLC","version":"3.2.5.0","sigName":"Deceptor:Win32/IDSafeXpress!004014006168","lastKnownStatus":"Deceptor:3.8.9.0;3.2.5.0","lastKnownDate":"201005","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1873},{"violations":{"ACR-048":"The App remaps the \"application close\" functionality to \"minimize\" and stay in the system tray.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"App misleads the consumer on the scan results. During the second scan, it shows results on the Browser History, but clicking the \"Review\" button will not show the details. And looking on the Browser History tab, there are no results shown.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps Privacy Policy information.\nThere is no link for the Apps Privacy Policy information.\nThere is no link for the Apps Privacy Policy information.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n","ACR-037":"There is no link for the Apps Privacy Policy information.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsements and awards.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ID SafeXpress\\IDSafeXpress.exe","companyName":"ID SafeXpress","productName":"ID SafeXpress","productVersion":"3.8.9.0","fileVersion":"3.8.9.0","hashMD5":"7999ab960fd9ca48ee0c29d64c8536c3","hashSHA1":"293b4a2d4627f469d1c10a1e78ef9a90b807601d","hashSHA256":"55a7a90c0ca25d120b90e3d52d43870a98cb6d7bc58ec5f661dafa27a0f3b2b2","digitalCertThumbprint":"376CFAFE62F53A0173669C6A95ADEDD3C0E75F11","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Echosoft LLC, OU=IDsafExpress, O=Echosoft LLC, L=RICHMOND, S=Virginia, C=US","sourceIndex":"3034","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IDSafeXpressSetup.exe","isInstaller":"True","companyName":"ID SafeXpress","productName":"ID SafeXpress","productVersion":"3.8.9","fileVersion":"3.8.9","hashMD5":"56c1d9fe6770fb339782f2042bfefbcc","hashSHA1":"0efab90e2b8e2badfe5ca2cc81cea9a5541818ea","hashSHA256":"b34b16055647f3524184ef2e00eee7869e13d776714bce16b383ee8f3a627d98","digitalCertThumbprint":"376CFAFE62F53A0173669C6A95ADEDD3C0E75F11","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Echosoft LLC, OU=IDsafExpress, O=Echosoft LLC, L=RICHMOND, S=Virginia, C=US","sourceIndex":"3034","avBlockList":["360 Total Security (20200813)","Avast Internet Security (20190829)","AVG Internet Security (20200813)","Avira Internet Security (20200813)","Bitdefender Internet Security (20200813)","COMODO Antivirus (20200813)","Dr.Web Security Space (20200813)","ESET Internet Security (20200813)","G DATA INTERNET SECURITY (20200813)","K7 Total Security (20200813)","Kaspersky Internet Security (20200813)","Malwarebytes Premium (20200813)","McAfee Total Protection (20200813)","Norton Security (20200813)","Panda Dome (20200813)","Quick Heal Internet Security (20200813)","Sophos Home Premium (20200813)","Tencent PC Manager (20200813)","Trend Micro Internet Security (20200813)","VIPRE Advanced Security (20200813)","VirIT eXplorer PRO (20200813)","Webroot SecureAnywhere (20200813)","Windows Defender (20200813)","Avast Premium Security (20200813)","SpyHunter5 (20200813)","Total AV Antivirus Pro (20200813)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"active guard suite\"","reference":"https://www.idsafexpress.com/our-packages/","landingPage":"https://www.idsafexpress.com","directDownloadingLink":"https://www.idsafexpress.com/trial-pack/IDSafeXpressSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.idsafexpress.com/trial-pack/IDSafeXpressSetup.exe","sourceIndex":"3034"}],"sampleFiles":["190606/IDSafeXpress-190605/3.8.9.0/Samples/IDSafeXpress.exe","190606/IDSafeXpress-190605/3.8.9.0/Samples/IDSafeXpressSetup.exe"],"imageFiles":["190606/IDSafeXpress-190605/3.8.9.0/Images/ACR-048/048.png","190606/IDSafeXpress-190605/3.8.9.0/Images/ACR-168/scan.png","190606/IDSafeXpress-190605/3.8.9.0/Images/ACR-014/014.mp4"],"nonDeceptorImageFiles":["190606/IDSafeXpress-190605/3.8.9.0/Images/ACR-017/017.png","190606/IDSafeXpress-190605/3.8.9.0/Images/ACR-161/161.png","190606/IDSafeXpress-190605/3.8.9.0/Images/ACR-168/168.png"],"guid":"754d2ebc-c8ea-4546-bd2f-8359c4434b3d_3.8.9.0_1","appID":"IDSafeXpress-190605","dateAdded":"200723","deceptorType":"App","name":"ID SafeXpress ","company":"Echosoft LLC","version":"3.8.9.0","sigName":"Deceptor:Win32/IDSafeXpress!048014168","lastKnownStatus":"Deceptor:3.8.9.0;3.2.5.0","lastKnownDate":"201005","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1874},{"violations":{"ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running, and it allows the consumer to require a hotkey and password to open the app.\n","ACR-084":"The app enables the consumer to put it into stealth mode, which requires the targeted consumer to enter a password and use a hotkey to access it.\n","ACR-086":"The app does not inform the targeted consumer how it collects user data and it enables the consumer to hide the app from the targeted consumer by using a hotkey and password.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy. \nThe landing page does not display links to the EULA or the Returns and Cancellation Policy \n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-171":"The offer for \"Extended Download Warranty\" requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"KeystrokeSpyMacTrial.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"5eebac436f4d6f3085fa4a27a474c5ee","hashSHA1":"d9f4585244f7a9bb833f7b31b13cb0989717c469","hashSHA256":"1699bf3e56dacde174f674b456c75b95b81771667bcacfa7e763e5943ffb87e9","sourceIndex":"2153","avBlockList":["Avast Security for Mac (20201013)","Bitdefender Antivirus for Mac (20201013)","ESET Cyber Security Pro for Mac (20201013)","G DATA AntiVirus for Mac (20201013)","K7 Antivirus for Mac (20201013)","McAfee Internet Security for Mac (20201013)","Norton Security for Mac (20201013)","Sophos Home Premium For Mac (20201013)","Trend Micro Antivirus for Mac (20201013)"],"avAllowList":["Avira Security for Mac (20201013)","Kaspersky Internet Security for Mac (20201013)"]},{"isRevoked":"False","fileName":"ksysconfig","fileVersion":"0.","hashMD5":"1237b0359d32433258186e78b59e5f19","hashSHA1":"dbf60489c04943657a29556fbba2619eb23d7281","hashSHA256":"98e3c260f17a01adea1a9a165efa6ef552be5ab2efc03f2dfb7cb380a70d25ea","sourceIndex":"2153","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"mac keylogger\"","landingPage":"https://www.spytech-web.com/","directDownloadingLink":"https://www.spytech-web.com/download.shtml","ipv4":"","ipv6":"","landingPageWildChar":"https://www.spytech-web.com/download-trial.php?productid=KeystrokeSpyMac&key=0.6503264992048469","directDownloadingLinkWildChar":"https://www.spytech-web.com/download.shtml","sourceIndex":"2153"}],"sampleFiles":["200722/KeystrokeSpy-200722/2.20.20/Samples/KeystrokeSpyMacTrial.pkg","200722/KeystrokeSpy-200722/2.20.20/Samples/ksysconfig"],"imageFiles":["200722/KeystrokeSpy-200722/2.20.20/Images/ACR-084/Keystroke Spy_Settings [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-084/Keystroke Spy_Settings [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-084/Keystroke Spy_Settings [3].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-084/Keystroke Spy_Settings [5].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-084/Keystroke Spy_Settings [6].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-084/Keystroke Spy_Interaction [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-084/Keystroke Spy_Interaction [3].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-086/Keystroke Spy_Interaction [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-086/Keystroke Spy_Interaction [3].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-086/Keystroke Spy_Interaction [5].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-086/Keystroke Spy_Interaction [6].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-086/Keystroke Spy_Interaction [7].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-086/Keystroke Spy_Interaction [8].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-007/Keystroke Spy_Settings [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-007/Keystroke Spy_Settings [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-007/Keystroke Spy_Settings [3].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-007/Keystroke Spy_Settings [5].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-007/Keystroke Spy_Settings [6].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-007/Keystroke Spy_RunningProcesses [1].png"],"nonDeceptorImageFiles":["200722/KeystrokeSpy-200722/2.20.20/Images/ACR-065/Keystroke Spy_Install [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-065/Keystroke Spy_Install [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-065/Keystroke Spy_Install [3].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-065/Keystroke Spy_Interaction [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-065/Keystroke Spy_Interaction [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-065/Keystroke Spy_Interaction [3].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_Interaction [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_Interaction [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_Interaction [3].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-065/Keystroke Spy_LandingPage [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-065/Keystroke Spy_LandingPage [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_LandingPage [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_LandingPage [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-161/Keystroke Spy_CustomerTestimonial [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-171/Keystroke Spy_OfferPage [6]_.png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_OfferPage [1].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_OfferPage [2].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_OfferPage [3].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_OfferPage [4].png","200722/KeystrokeSpy-200722/2.20.20/Images/ACR-099/Keystroke Spy_OfferPage [6].png"],"guid":"85565ff3-5fc4-470a-bbf6-b347cd8aa04f_2.20.20_1","appID":"KeystrokeSpy-200722","dateAdded":"200722","deceptorType":"MacOS App","name":"Spytech Keystroke Spy for Mac","company":"Spytech Software and Design Inc.","version":"2.20.20","sigName":"Deceptor:MacOS/SpytechKeystrokeSpyStalkerware!084086007","lastKnownStatus":"2.20.20","lastKnownDate":"200722","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-22T21:39:50.751166+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1876},{"violations":{"ACR-048":"The user is redirected to a fake windows support page that, if the user is using microsoft edge, will block the closing of the web page with a microsoft edge notification box, asking the user for their sign in and password and cannot be closed without being re-opened moments later.\n","ACR-005":"The redirected page is a fake windows support page, with the words 'windows support' in the upper left on the banner, despite not being the official windows support page\n","ACR-007":"The page that the user gets redirected to claims to be from Microsoft and does not provide any disclaimers or explicit notifications otherwise.\n","ACR-009":"The user is told that their computer is corrupted or infected with a virus, despite not being in any way.\n","ACR-017":"The redirected website claims to be from windows support while not actually affiliated with microsoft or windows in any direct fasion\n","ACR-014":"the redirected site makes unsubstantiated claims that the user's computer is infected with a virus and does not back these claims up\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"redirect from pcpurifier.co/","reference":"","landingPage":"pcpurifier.co","ipv4":"","ipv6":"","sourceIndex":"2151"}],"sampleFiles":[],"imageFiles":["200722/PCPurifier-200722/200722/Images/ACR-048/007-pcpurifier.PNG","200722/PCPurifier-200722/200722/Images/ACR-005/007-pcpurifier.PNG","200722/PCPurifier-200722/200722/Images/ACR-007/007-pcpurifier.PNG","200722/PCPurifier-200722/200722/Images/ACR-009/007-pcpurifier.PNG","200722/PCPurifier-200722/200722/Images/ACR-014/007-pcpurifier.PNG","200722/PCPurifier-200722/200722/Images/ACR-017/007-pcpurifier.PNG"],"nonDeceptorImageFiles":[],"guid":"c773c8d7-c010-4cfe-b2bd-56c52a688e6e_200722_1","appID":"PCPurifier-200722","dateAdded":"200722","deceptorType":"Affiliate","name":"TechScam","company":"pcpurifier.co","version":"200722","sigName":"Deceptor:Affiliate/TechScam!048005007009014017","lastKnownStatus":"200722","lastKnownDate":"200722","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"display ads,call center,up-sell to paid","lastUpdate":"2020-07-23T03:10:54.0493272+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1875},{"violations":{"ACR-003":"The application does not substantiate all the identified issues and uses words \"critical\" and other highlighted alarming sentences, thereby misleading or scaring user to take action.\n","ACR-004":"The app does not provide free fixes for the free scan results, requires customer to purchase the app, and exaggerates urgency using the color \"red\" and words like \"critical issues\".\n","ACR-014":"The app makes unsubstantiated claim that the issues found are \"critical\" during free scan, but no details as to why is a critical issue.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials that does not provide any links back to a source so they can be verified. \n","ACR-167":"There is no Returns and Cancellation Policy information.\n"},"samples":[{"isRevoked":"False","fileName":"CSRobot.exe","isInstaller":"True","fileVersion":"3.0","hashMD5":"8a768c0f44361c850be2e66d623bd2f8","hashSHA1":"c038709f9fa5edc3f183a91a89b6d81d9e47dcb4","hashSHA256":"c572944912883a8db639c44da1d4f06b69aec326ef13371938d8526defbb9d16","digitalCertThumbprint":"CABA0DC5C811E05BB18349A4733D76E022CF6F41","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"FHQ, Inc.\", O=\"FHQ, Inc.\", STREET=6300 Wilshire Blvd suite 2030, L=Los Angeles, S=California, PostalCode=90048, C=US","sourceIndex":"1853","avBlockList":["360 Total Security (20200806)","Avast Premium Security (20200806)","AVG Internet Security (20200806)","Avira Internet Security (20200806)","Bitdefender Internet Security (20200806)","ESET Internet Security (20200806)","G DATA INTERNET SECURITY (20200806)","K7 Total Security (20200806)","Malwarebytes Premium (20200806)","McAfee Total Protection (20200806)","Norton Security (20200806)","Panda Dome (20200806)","Quick Heal Internet Security (20200806)","Sophos Home Premium (20200806)","SpyHunter5 (20200806)","Tencent PC Manager (20200806)","Total AV Antivirus Pro (20200806)","Trend Micro Internet Security (20200806)","VIPRE Advanced Security (20200806)","VirIT eXplorer PRO (20200806)","Webroot SecureAnywhere (20200806)","Windows Defender (20200806)"],"avAllowList":["COMODO Antivirus (20200806)","Dr.Web Security Space (20200806)","Kaspersky Internet Security (20200806)"]},{"isRevoked":"False","fileName":"CSRobot [2].exe","isInstaller":"True","fileVersion":"3.0","hashMD5":"654a43ddc888f471b1393bb0f5187f48","hashSHA1":"26d0b124ed581d4d679ad02f9b0ec2c8397fbfed","hashSHA256":"2ff3ca3b67dd29ded1495139323e7d146a9d933a9ffa173529276f14a16be92a","digitalCertThumbprint":"D0CDDE69D35E6D0E39FC2E1537BC0BF220954A3F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"FHQ, Inc\", O=\"FHQ, Inc\", STREET=6300 Wilshire Blvd Suite, L=Los Angeles, S=California, PostalCode=90048, C=US","sourceIndex":"1853","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Delete Privacy Risks\"","reference":"https://www.itinvestigator.com/cybersecurity-robot/","landingPage":"https://www.itinvestigator.com/","directDownloadingLink":"https://d24qt5xqnkirix.cloudfront.net/products/077/960/195/1574776882/CSRobot.exe?Expires=1595305710&Signature=XCTK8YQnVhdabfegg3M-4pQL-Py6~dHHvFb14Iy0lcgfDLrker3633ewK0~m9dvz0dbxy42nOHulcjj1C1vBC31E61zxWDUwaaoVTQKTnx5Px1TfnAYCjti-ePl3bdAXAUn1rM2j7WM9sIRJ97uoAZ4QJqvBZ18RaMr70Nj0utPK~q718bxgaPpaxmZARUc7q5ZD2WzCqfUBIWO~KEZcX89ggH9n1Id8sVaQA4eYy3d9Sh2d-M22Mi4Vg8ZyiMb7skpJ~VVnhbDDo0r6bqgqYQHUhd90ACIiqZ~wFf5JXQK7b5~GzLSXxt4QdxyhYDE6nDiAFpEktQHrurOozncHTA__&Key-Pair-Id=APKAJDNSAFU754MPDIOQ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24qt5xqnkirix.cloudfront.net/products/077/960/195/1574776882/CSRobot.exe?Expires=1595305710&Signature=XCTK8YQnVhdabfegg3M-4pQL-Py6~dHHvFb14Iy0lcgfDLrker3633ewK0~m9dvz0dbxy42nOHulcjj1C1vBC31E61zxWDUwaaoVTQKTnx5Px1TfnAYCjti-ePl3bdAXAUn1rM2j7WM9sIRJ97uoAZ4QJqvBZ18RaMr70Nj0utPK~q718bxgaPpaxmZARUc7q5ZD2WzCqfUBIWO~KEZcX89ggH9n1Id8sVaQA4eYy3d9Sh2d-M22Mi4Vg8ZyiMb7skpJ~VVnhbDDo0r6bqgqYQHUhd90ACIiqZ~wFf5JXQK7b5~GzLSXxt4QdxyhYDE6nDiAFpEktQHrurOozncHTA__&Key-Pair-Id=APKAJDNSAFU754MPDIOQ","sourceIndex":"1853"}],"sampleFiles":["200721/CyberSecurityRobot-190613/3.0.0.0/Samples/CSRobot.exe","200721/CyberSecurityRobot-190613/3.0.0.0/Samples/CSRobot [2].exe"],"imageFiles":["200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-014/Cybersecurity_Results [3].gif","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-003/Cybersecurity_Interaction [2].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-003/Cybersecurity_Results [1].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-003/Cybersecurity_Results [3].gif","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-004/Cybersecurity_Results [1].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-004/Cybersecurity_Results [3].gif"],"nonDeceptorImageFiles":["200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-161/Cybersecurity_Testimonial [1].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-065/Cybersecurity_Install [1].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-065/Cybersecurity_Interaction [1].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-065/Cybersecurity_LandingPage [1].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-065/Cybersecurity_LandingPage [2].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-167/Cybersecurity_OfferPage [1].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-167/Cybersecurity_OfferPage [2].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-045/Cybersecurity_LandingPage [3].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-065/Cybersecurity_OfferPage [1].png","200721/CyberSecurityRobot-190613/3.0.0.0/Images/ACR-065/Cybersecurity_OfferPage [2].png"],"guid":"865b7b72-e5b1-4f01-982b-1defd34e93f4_3.0.0.0_1","appID":"CyberSecurityRobot-190613","dateAdded":"200721","deceptorType":"App","name":"Cybersecurity Robot","company":"FHQ, Inc.","version":"3.0.0.0","sigName":"Deceptor:Win32/CybersecurityRobot!003004014","lastKnownStatus":"Deceptor:2.0.0.0;3.0.0.0","lastKnownDate":"210714","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-14T22:34:32.11823+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1877},{"violations":{"ACR-003":"The application does not substantiate all the identified issues and uses words \"critical\" and other highlighted alarming sentences, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix all issues identified during free scan.\n","ACR-014":"The app makes unsubstantiated claim that the issues found are \"critical\" during free scan, but no details as to why is a critical issue.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"There is no Returns and Cancellation Policy information.\n"},"samples":[{"isRevoked":"False","fileName":"CyberSecurityRobot.exe","isInstaller":"True","companyName":"FHQ, Inc.","productName":"ITinvestigator scanner","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"b2559710b1ed2126db58d0affaa5104a","hashSHA1":"8f62fc6fb1ff4f2e5a1606b2ff85327de3a671a0","hashSHA256":"3432c28748e9ef654de4189449bd08f8dad972b34ab08319af7698ed15585660","digitalCertThumbprint":"7D4659131D6B6A6BC576AF5A872C66534E14BDCA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"FHQ, Inc.\", O=\"FHQ, Inc.\", STREET=6300 Wilshire Blvd suite 2030, L=Los Angeles, S=California, PostalCode=90048, C=US","sourceIndex":"2989","avBlockList":["360 Total Security (20200820)","Avast Internet Security (20190909)","AVG Internet Security (20200820)","Avira Internet Security (20200820)","Bitdefender Internet Security (20200820)","Dr.Web Security Space (20200820)","ESET Internet Security (20200820)","G DATA INTERNET SECURITY (20200820)","K7 Total Security (20200820)","Kaspersky Internet Security (20200820)","Malwarebytes Premium (20200820)","McAfee Total Protection (20200820)","Norton Security (20200820)","Panda Dome (20200820)","Quick Heal Internet Security (20200820)","Sophos Home Premium (20200820)","Tencent PC Manager (20200820)","Trend Micro Internet Security (20200820)","VIPRE Advanced Security (20200820)","VirIT eXplorer PRO (20200820)","Webroot SecureAnywhere (20200820)","Windows Defender (20200820)","Avast Premium Security (20200820)","SpyHunter5 (20200820)","Total AV Antivirus Pro (20200820)"],"avAllowList":["COMODO Antivirus (20200820)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Delete Privacy Risks\"","reference":"https://www.itinvestigator.com/cybersecurity-robot/#","landingPage":"https://www.itinvestigator.com/","directDownloadingLink":"https://d24qt5xqnkirix.cloudfront.net/products/077/960/195/1559764878/CyberSecurityRobot.exe?Expires=1560452752&Signature=LLRBoo14mSnVlqxLlghb8rTtQJlYULclmuGXSHpwt8H3gyk1juSP5YaOjVY8Yce61p7sZUZ9nyq7e31GfL9FXWOY6S~haD7SnYP0rZyc-zLwEPQ9hr5WzEl4q0J9MN~yOVy3wP0Vk9xLXxBov1sEOo4iuFDSK2lDc5RajP~yV9EqrscF3UbDDjYWXhvCNTkqBWldumaQD22bBg6ke5W5ymb7nQiWm7kK0lY5k6rn7o6XR2tKiatX04y1tK4sRqtpBiwJqzkT3H-4-S4ScsQEz6nV-egfDCPv~vqFSED~dsCzf-rq2wXMj77~vLiXHkp~vKWgT-TCTgcGqZClCrN1FQ__&Key-Pair-Id=APKAJDNSAFU754MPDIOQ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d24qt5xqnkirix.cloudfront.net/products/077/960/195/1559764878/CyberSecurityRobot.exe?Expires=1560452752&Signature=LLRBoo14mSnVlqxLlghb8rTtQJlYULclmuGXSHpwt8H3gyk1juSP5YaOjVY8Yce61p7sZUZ9nyq7e31GfL9FXWOY6S~haD7SnYP0rZyc-zLwEPQ9hr5WzEl4q0J9MN~yOVy3wP0Vk9xLXxBov1sEOo4iuFDSK2lDc5RajP~yV9EqrscF3UbDDjYWXhvCNTkqBWldumaQD22bBg6ke5W5ymb7nQiWm7kK0lY5k6rn7o6XR2tKiatX04y1tK4sRqtpBiwJqzkT3H-4-S4ScsQEz6nV-egfDCPv~vqFSED~dsCzf-rq2wXMj77~vLiXHkp~vKWgT-TCTgcGqZClCrN1FQ__&Key-Pair-Id=APKAJDNSAFU754MPDIOQ","sourceIndex":"2989"}],"sampleFiles":["190614/CyberSecurityRobot-190613/2.0.0.0/Samples/CyberSecurityRobot.exe"],"imageFiles":["190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-014/scanned.png","190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-014/004.png","190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-003/scanned.png","190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-003/004.png","190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-004/scanned.png","190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-004/004.png","190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-004/004_2.png"],"nonDeceptorImageFiles":["190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-161/161.png","190614/CyberSecurityRobot-190613/2.0.0.0/Images/ACR-167/purchase.png"],"guid":"865b7b72-e5b1-4f01-982b-1defd34e93f4_2.0.0.0_1","appID":"CyberSecurityRobot-190613","dateAdded":"200721","deceptorType":"App","name":"Cybersecurity Robot","company":"FHQ, Inc.","version":"2.0.0.0","sigName":"Deceptor:Win32/CybersecurityRobot!003004014","lastKnownStatus":"Deceptor:2.0.0.0;3.0.0.0","lastKnownDate":"210714","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1878},{"violations":{"ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, privacy policy. \nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n"},"samples":[{"isRevoked":"False","fileName":"ScanUtilities.exe","isInstaller":"True","companyName":"Canous Technologies Pvt. Ltd.","productName":"ScanUtilities Setup","productVersion":"2.3","fileVersion":"2.3","hashMD5":"4c9205884b87f9cc8211944f0b703a27","hashSHA1":"788bad54d171e7d0000e03a09ce051c80fb58083","hashSHA256":"50719bc5acdaf294e230c8666113df551d64d78b6cdf3f0e91e01c1dbdb6c8bf","digitalCertThumbprint":"7215C30672353407D6610D1E8F5B87DDC594AF36","sourceIndex":"348","avBlockList":["Avira Internet Security (20201008)","Bitdefender Internet Security (20201008)","ESET Internet Security (20201008)","G DATA INTERNET SECURITY (20201008)","K7 Total Security (20201008)","Malwarebytes Premium (20201008)","McAfee Total Protection (20201008)","Norton Security (20201008)","Panda Dome (20201008)","Sophos Home Premium (20201008)","Trend Micro Internet Security (20201008)","VirIT eXplorer PRO (20201008)","Webroot SecureAnywhere (20201008)","Windows Defender (20201008)","360 Total Security (20201008)","COMODO Antivirus (20201008)","Dr.Web Security Space (20201008)","SpyHunter5 (20201008)","Tencent PC Manager (20201008)","VIPRE Advanced Security (20201008)","Total AV Antivirus Pro (20201008)"],"avAllowList":["Avast Internet Security (20190520)","AVG Internet Security (20201008)","Kaspersky Internet Security (20201008)","F-PROT Antivirus for Windows (20190422)","Quick Heal Internet Security (20201008)","Avast Premium Security (20201008)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ScanUtilities\\ScanUtilities.exe","companyName":"Canous Technologies Private Limited.","productName":"ScanUtilities","productVersion":"2.3","fileVersion":"2.3","hashMD5":"da521e537b5148ce7476a107b0752c38","hashSHA1":"60a91985e3e65a14144263195e7814b181c9623b","hashSHA256":"8dfcdd3c96efebf8d66528f09225eeee8225c0b829011835193d94c7e5ab0bdf","digitalCertThumbprint":"7215C30672353407D6610D1E8F5B87DDC594AF36","sourceIndex":"348","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Computer Optimizer\"","reference":"https://www.scanutilities.com/","landingPage":"https://www.scanutilities.com/","directDownloadingLink":"https://www.scanutilities.com/downloads/ScanUtilities.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.scanutilities.com/downloads/ScanUtilities.exe","sourceIndex":"348"}],"sampleFiles":["200720/ScanUtilities-190221/9.20.0.0/Samples/ScanUtilities.exe","200720/ScanUtilities-190221/9.20.0.0/Samples/ScanUtilities(main_exe).exe"],"imageFiles":["200720/ScanUtilities-190221/9.20.0.0/Images/ACR-004/004.png","200720/ScanUtilities-190221/9.20.0.0/Images/ACR-004/004_2.png","200720/ScanUtilities-190221/9.20.0.0/Images/ACR-004/004_3.png"],"nonDeceptorImageFiles":["200720/ScanUtilities-190221/9.20.0.0/Images/ACR-161/161.png","200720/ScanUtilities-190221/9.20.0.0/Images/ACR-065/main_2.png","200720/ScanUtilities-190221/9.20.0.0/Images/ACR-065/no_eula.png"],"guid":"1c524ff7-9d1c-4e16-9d42-0f8c7ed7ddd0_9.20.0.0_1","appID":"ScanUtilities-190221","dateAdded":"200720","deceptorType":"App","name":"ScanUtilities","company":"Canous Technologies Private Limited","version":"9.20.0.0","sigName":"Deceptor:Win32/ScanUtilities!004","lastKnownStatus":"Deceptor:9.20.0.0;2.7","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:18.1409253+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1880},{"violations":{"ACR-004":"The app does not provide a fully functional free trial when requiring purchase to fix the non-permanent issues identified in the free scan.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The app starts to scan automatically when app launches post-install.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-167":"There is no Returns and Cancellation Policy information.\n"},"samples":[{"isRevoked":"False","fileName":"scanutilities_setup.exe","isInstaller":"True","companyName":"Canous Technologies Pvt. Ltd.","fileVersion":"9.20","hashMD5":"028fcfeefbbec996610cd9c49d94904c","hashSHA1":"8383bee2b3a8bee9d696e8ecb8ee6275d14e018e","hashSHA256":"731fcc954d8c4b031ae45f3d2a1151b12c9126aa175457d2c5e26e69ecf4aac5","digitalCertThumbprint":"9582F7D6EC7770A9EFC294C963FDBC4D8C86EB7D","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Canous Technologies Private Limited, O=Canous Technologies Private Limited, STREET=\"No 7 Krupa Nilaya, 2 nd Cross, Patelappa, Layout, Nagashettihalli, RMV 2nd Stage, SANJAYNAGAR\", L=Bangalore, S=Karnataka, PostalCode=560094, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72900KA2018PTC112758","sourceIndex":"347","avBlockList":["360 Total Security (20200813)","Avast Premium Security (20200813)","AVG Internet Security (20200813)","Avira Internet Security (20200813)","Bitdefender Internet Security (20200813)","Dr.Web Security Space (20200813)","ESET Internet Security (20200813)","G DATA INTERNET SECURITY (20200813)","K7 Total Security (20200813)","Malwarebytes Premium (20200813)","McAfee Total Protection (20200813)","Norton Security (20200813)","Panda Dome (20200813)","Quick Heal Internet Security (20200813)","Sophos Home Premium (20200813)","SpyHunter5 (20200813)","Tencent PC Manager (20200813)","Total AV Antivirus Pro (20200813)","Trend Micro Internet Security (20200813)","VIPRE Advanced Security (20200813)","VirIT eXplorer PRO (20200813)","Webroot SecureAnywhere (20200813)","Windows Defender (20200813)"],"avAllowList":["COMODO Antivirus (20200813)","Kaspersky Internet Security (20200813)"]},{"isRevoked":"False","fileName":"ScanUtilities.exe","companyName":"Canous Technologies Private Limited.","fileVersion":"2.7","hashMD5":"7e33abccfd75a594c90b870f9a698f7b","hashSHA1":"e49a6abcdd934c75508ac3a6eda058a4d619a057","hashSHA256":"ee5f12197c93de0f7b0a2ccb3f96a8256c326bf1663523c103bdf778c1edb40e","digitalCertThumbprint":"7215C30672353407D6610D1E8F5B87DDC594AF36","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Canous Technologies Private Limited, O=Canous Technologies Private Limited, STREET=No 7 Krupa Nilaya 2nd Cross Patelappa Layout Nagashettihalli RMV 2nd Stage SANJAYNAGAR, L=Bangalore, S=Karnataka, PostalCode=560094, C=IN","sourceIndex":"347","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ScanUtilExt.dll","companyName":"Canous Technologies Private Limited.","fileVersion":"3.2","hashMD5":"62ac723941b653ad3bf649af21b63e8d","hashSHA1":"ad5b487ac93ec669c013c76d63d0bd12f3c071c6","hashSHA256":"e63f44c0eb1402d9b22c6e018c9f4592b8a3228b028a35a1a852ec142b9cc7d8","digitalCertThumbprint":"7215C30672353407D6610D1E8F5B87DDC594AF36","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Canous Technologies Private Limited, O=Canous Technologies Private Limited, STREET=No 7 Krupa Nilaya 2nd Cross Patelappa Layout Nagashettihalli RMV 2nd Stage SANJAYNAGAR, L=Bangalore, S=Karnataka, PostalCode=560094, C=IN","sourceIndex":"347","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Computer Optimizer\"","reference":"https://www.scanutilities.com/","landingPage":"https://www.scanutilities.com/","directDownloadingLink":"http://scanutilities.com/downloads/scanutilities_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://scanutilities.com/downloads/scanutilities_setup.exe","sourceIndex":"347"}],"sampleFiles":["200720/ScanUtilities-190221/2.7/Samples/scanutilities_setup.exe","200720/ScanUtilities-190221/2.7/Samples/ScanUtilities.exe","200720/ScanUtilities-190221/2.7/Samples/ScanUtilExt.dll"],"imageFiles":["200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_Scanning_Files [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_Scanning_Files [2].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_ScanResult_Files [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_Scanning_Registries [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_Scanning_Registries [2].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_ScanResult_Registries [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_LandingPage_Register [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_OfferPage [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_Purchase [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_Purchase [2].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_Purchase [3].png","200720/ScanUtilities-190221/2.7/Images/ACR-004/ScanUtilities_Purchase [4].png"],"nonDeceptorImageFiles":["200720/ScanUtilities-190221/2.7/Images/ACR-088/ScanUtilities_Install [1].gif","200720/ScanUtilities-190221/2.7/Images/ACR-161/ScanUtilities_LandingPage [2].png","200720/ScanUtilities-190221/2.7/Images/ACR-099/ScanUtilities_Interaction [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-099/ScanUtilities_LandingPage [3].png","200720/ScanUtilities-190221/2.7/Images/ACR-099/ScanUtilities_OfferPage [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-065/ScanUtilities_Install [2].png","200720/ScanUtilities-190221/2.7/Images/ACR-065/ScanUtilities_Install [3].png","200720/ScanUtilities-190221/2.7/Images/ACR-065/ScanUtilities_Install [4].png","200720/ScanUtilities-190221/2.7/Images/ACR-065/ScanUtilities_Install [5].png","200720/ScanUtilities-190221/2.7/Images/ACR-065/ScanUtilities_LandingPage [3].png","200720/ScanUtilities-190221/2.7/Images/ACR-045/ScanUtilities_LandingPage [1].png","200720/ScanUtilities-190221/2.7/Images/ACR-167/ScanUtilities_OfferPage [1].png"],"guid":"1c524ff7-9d1c-4e16-9d42-0f8c7ed7ddd0_2.7_1","appID":"ScanUtilities-190221","dateAdded":"200720","deceptorType":"App","name":"ScanUtilities","company":"Canous Technologies Private Limited","version":"2.7","sigName":"Deceptor:Win32/ScanUtilities!004","lastKnownStatus":"Deceptor:9.20.0.0;2.7","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:18.1109132+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1879},{"violations":{"ACR-003":"The app shows gauges and words \"problems\", \"errors\" & \"issues\" in red colors that indicates misleading urgency. The application exaggerates scanned items as a HIGH or MEDIUM system impact issue, thereby misleading or scaring the user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's scan schedule is not set, however the app has created scheduled task in the windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, privacy policy. \nThere are no links that shows the app's EULA & Returns and Cancellation Policy.\n","ACR-002":"The app name is not consistent across all points of user interaction. The App name is \"Abrasive\" but the scheduled task set is named \"RegProtech_Daily\".\n","ACR-014":"From a different landing page \"https://www.softology.co/abrasive.html\", it implies that the App is a Device Driver updater app but it is actually a PC optimizer and registry fixer application.\n"},"samples":[{"isRevoked":"False","fileName":"abrasive.exe","isInstaller":"True","companyName":"Click Aurum Pvt Ltd","productName":"Abrasive","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"033791b9190844fd6b6d150be2928c46","hashSHA1":"3205630829acebfb93c0aa1a1e2e4f0be4e8e868","hashSHA256":"9322a15f1601de3a756125b3433f50bf482b0cb6e6aa28da3a392615043827b1","digitalCertThumbprint":"B5F4AE4E40F3A504D510A918432CF090A914B6C2","sourceIndex":"350","avBlockList":["360 Total Security (20200806)","Avast Internet Security (20191031)","AVG Internet Security (20200806)","Avira Internet Security (20200806)","Bitdefender Internet Security (20200806)","COMODO Antivirus (20200806)","Dr.Web Security Space (20200806)","ESET Internet Security (20200806)","G DATA INTERNET SECURITY (20200806)","K7 Total Security (20200806)","Kaspersky Internet Security (20200806)","Malwarebytes Premium (20200806)","McAfee Total Protection (20200806)","Norton Security (20200806)","Panda Dome (20200806)","Quick Heal Internet Security (20200806)","Sophos Home Premium (20200806)","Tencent PC Manager (20200806)","Trend Micro Internet Security (20200806)","VIPRE Advanced Security (20200806)","VirIT eXplorer PRO (20200806)","Webroot SecureAnywhere (20200806)","Windows Defender (20200806)","Avast Premium Security (20200806)","SpyHunter5 (20200806)","Total AV Antivirus Pro (20200806)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Click Aurum Pvt Ltd\\Abrasive\\Abrasive.exe","companyName":"Click Aurum Pvt Ltd","productName":"Abresive","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"0ee44089678ae58c53b39e61b49bfb22","hashSHA1":"0a24d1ba414bc03435f9c24f12255b27455bec6f","hashSHA256":"234bfaf0291412ee5d365662abd9ef99b8de0e52bff7ad15c234cea989bdfe68","digitalCertThumbprint":"B5F4AE4E40F3A504D510A918432CF090A914B6C2","sourceIndex":"350","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Abrasive (main_exe_2).exe","companyName":"Click Aurum Pvt Ltd","fileVersion":"1.0","hashMD5":"ebaec0e5ad6840529aa0fb41ac46ec3e","hashSHA1":"62aa7843081fc04121c18d1549e97674e59336a2","hashSHA256":"efc7aeaa4de12cf8da127333da3cf48da398bea0077bf3c5cab2b8b0b0fc0a9c","digitalCertThumbprint":"B5F4AE4E40F3A504D510A918432CF090A914B6C2","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=CLICK AURUM PVT LTD, O=CLICK AURUM PVT LTD, L=Noida, S=Uttar Pradesh, C=IN","sourceIndex":"350","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"abrasive_2.exe","isInstaller":"True","companyName":"Click Aurum Pvt Ltd","fileVersion":"1.0","hashMD5":"bb78e294c0e184bc9b9b781dd3d1914c","hashSHA1":"34cf180b1cc98cd2816797d0469be6d4f0830b53","hashSHA256":"f2d53e57e0d4ad7a077dc65fcd03f97a1fb3fe14a3db4d1b1d60e636b17ae710","digitalCertThumbprint":"B5F4AE4E40F3A504D510A918432CF090A914B6C2","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=CLICK AURUM PVT LTD, O=CLICK AURUM PVT LTD, L=Noida, S=Uttar Pradesh, C=IN","sourceIndex":"350","avBlockList":["360 Total Security (20200806)","Avast Premium Security (20200806)","AVG Internet Security (20200806)","Avira Internet Security (20200806)","Bitdefender Internet Security (20200806)","COMODO Antivirus (20200806)","Dr.Web Security Space (20200806)","ESET Internet Security (20200806)","G DATA INTERNET SECURITY (20200806)","K7 Total Security (20200806)","Kaspersky Internet Security (20200806)","Malwarebytes Premium (20200806)","McAfee Total Protection (20200806)","Norton Security (20200806)","Panda Dome (20200806)","Quick Heal Internet Security (20200806)","Sophos Home Premium (20200806)","SpyHunter5 (20200806)","Tencent PC Manager (20200806)","Total AV Antivirus Pro (20200806)","Trend Micro Internet Security (20200806)","VIPRE Advanced Security (20200806)","VirIT eXplorer PRO (20200806)","Webroot SecureAnywhere (20200806)","Windows Defender (20200806)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Diagnose and fix PC problems\"","reference":"https://abrasive.app/","landingPage":"https://abrasive.app/","directDownloadingLink":"https://abrasive.app/abrasive.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://abrasive.app/abrasive.exe","sourceIndex":"350"},{"howFound":"","reference":"","landingPage":"https://www.softology.co/abrasive.html","ipv4":"","ipv6":"","sourceIndex":"351"}],"sampleFiles":["200717/Abrasive-190806/1.0.0.0/Samples/abrasive.exe","200717/Abrasive-190806/1.0.0.0/Samples/Abrasive (main_exe).exe","200717/Abrasive-190806/1.0.0.0/Samples/Abrasive (main_exe_2).exe","200717/Abrasive-190806/1.0.0.0/Samples/abrasive_2.exe"],"imageFiles":["200717/Abrasive-190806/1.0.0.0/Images/ACR-003/scan.png","200717/Abrasive-190806/1.0.0.0/Images/ACR-003/registry_scan.png","200717/Abrasive-190806/1.0.0.0/Images/ACR-003/main.png","200717/Abrasive-190806/1.0.0.0/Images/ACR-004/004.png","200717/Abrasive-190806/1.0.0.0/Images/ACR-004/004_2.png","200717/Abrasive-190806/1.0.0.0/Images/ACR-084/task.png"],"nonDeceptorImageFiles":["200717/Abrasive-190806/1.0.0.0/Images/ACR-002/task.png","200717/Abrasive-190806/1.0.0.0/Images/ACR-065/about.png","200717/Abrasive-190806/1.0.0.0/Images/ACR-065/065.png","200717/Abrasive-190806/1.0.0.0/Images/ACR-014/014.png"],"guid":"ea941218-3433-4d40-9295-f74a7d1ee78d_1.0.0.0_1","appID":"Abrasive-190806","dateAdded":"200717","deceptorType":"App","name":"Abrasive","company":"CLICK AURUM PVT LTD","version":"1.0.0.0","sigName":"Deceptor:Win32/Abrasive!003004084","lastKnownStatus":"1.0.0.0","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:18.2072627+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1881},{"violations":{"ACR-042":"App installs securedsearch browser extension silently without disclosing and obtaining user's permission.\n","ACR-048":"The application can't be cancelled during installation. The cancel and close option are disabled.\n","ACR-004":"App report untruthful threat (in this case, it reports legit program as high risk) and requires user to pay for fix the threats reported during free scan. \n"},"nonDeceptorViolations":{"ACR-065":"The app's does not contain link about page to it's EULA, Returns and Cancellation Policy, or the Privacy Policy. \nThe app's landing page does not contain link about page to it's  Returns and Cancellation Policy\nThe app's Internal offer page does not contain link about page to it's Returns and Cancellation Policy\nThe app's install does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-088":"The application performs a system scan automatically without the consumer's action and authorization.\n","ACR-099":"Uninstall information is not available in the software \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsement logo \n"},"samples":[{"isRevoked":"False","fileName":"bytefence-installer-needle-5.5.0.7.exe","isInstaller":"True","companyName":"Byte Technologies LLC","fileVersion":"5.5","hashMD5":"45fbd83019773b9e3380edc88418cf9a","hashSHA1":"569ca0e178804f5967dc3497e984d9dfdab177b3","hashSHA256":"7101a243d7275ed853ed7bf600e966823ab57de8c9394a9601270011f374d296","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2439","avBlockList":["360 Total Security (20200813)","Avast Premium Security (20200813)","AVG Internet Security (20200813)","Avira Internet Security (20200813)","Bitdefender Internet Security (20200813)","Dr.Web Security Space (20200813)","ESET Internet Security (20200813)","G DATA INTERNET SECURITY (20200813)","K7 Total Security (20200813)","Malwarebytes Premium (20200813)","McAfee Total Protection (20200813)","Norton Security (20200813)","Panda Dome (20200813)","Quick Heal Internet Security (20200813)","Sophos Home Premium (20200813)","SpyHunter5 (20200813)","Tencent PC Manager (20200813)","Total AV Antivirus Pro (20200813)","VIPRE Advanced Security (20200813)","VirIT eXplorer PRO (20200813)","Webroot SecureAnywhere (20200813)","Windows Defender (20200813)"],"avAllowList":["COMODO Antivirus (20200813)","Kaspersky Internet Security (20200813)","Trend Micro Internet Security (20200813)"]},{"isRevoked":"False","fileName":"bytefence-installer-needle-5.5.0.7 (1).exe","companyName":"Byte Technologies LLC","fileVersion":"5.5","hashMD5":"0a5a3b94f9aa0d409a8bdb3d552e8306","hashSHA1":"3769f5f3c8306ab2db2e8cc41b44151415aa6496","hashSHA256":"19a1851a01d6298a1213e8dc7b835b70a932472a1771f71d9e9123099d9c7d5c","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2439","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ByteFence.exe","companyName":"Byte Technologies LLC","fileVersion":"5.5","hashMD5":"b821cd61e2d66b1ca5c795230f6b1b8e","hashSHA1":"a2e0cea3af916f98233ad73992cbac1dea55b234","hashSHA256":"16e0d6966e98794aa18719606e41f4d4ae74683d652e81374717282fc8b3239e","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2439","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ByteFenceScan.exe","companyName":"Byte Technologies LLC","fileVersion":"5.5","hashMD5":"6e0e63eb8b8022286b9cceddce76c5dc","hashSHA1":"8bafea55708917c27f98c44920f6d0bc8ca2a37a","hashSHA256":"434e30c59249506dde85ce9e22ffacb2dcfbb05625c5853e9e72397c22f2cc53","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2439","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ByteFenceService.exe","companyName":"Byte Technologies LLC","fileVersion":"5.5","hashMD5":"b7748eb9fd8de26917eed1f341e3cd99","hashSHA1":"275ad76abb350fbb0c77050d99fff8c8696b0de3","hashSHA256":"ee8b257ada017afdec76c7bbaa436afa2d77ac6887c6ff84431866517396a956","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2439","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"security partner report","landingPage":"https://www.bytefence.com/","directDownloadingLink":"https://shield.bytefence.com/bytefence-installer-needle-5.5.0.7.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://shield.bytefence.com/bytefence-installer-needle-5.5.0.7.exe","sourceIndex":"2439"}],"sampleFiles":["200513/ByteFenceFree-180116/5.5.07/Samples/bytefence-installer-needle-5.5.0.7.exe","200513/ByteFenceFree-180116/5.5.07/Samples/bytefence-installer-needle-5.5.0.7 (1).exe","200513/ByteFenceFree-180116/5.5.07/Samples/ByteFence.exe","200513/ByteFenceFree-180116/5.5.07/Samples/ByteFenceScan.exe","200513/ByteFenceFree-180116/5.5.07/Samples/ByteFenceService.exe"],"imageFiles":["200513/ByteFenceFree-180116/5.5.07/Images/ACR-048/ByteFence_Installs [2].png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-042/SecureSearchCRXInstalledSilently.JPG","200513/ByteFenceFree-180116/5.5.07/Images/ACR-042/SecuredSearchInstalledwithoutpermission.png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-004/FakeAV.JPG","200513/ByteFenceFree-180116/5.5.07/Images/ACR-004/PayforFix.JPG","200513/ByteFenceFree-180116/5.5.07/Images/ACR-004/warning.JPG"],"nonDeceptorImageFiles":["200513/ByteFenceFree-180116/5.5.07/Images/ACR-065/ByteFence_Interaction [2].png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-065/ByteFence Download Free Antivirus for PC.png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-065/ByteFence - Download Free Antivirus for PC.png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-065/ByteFence Download Free Antivirus for PC [1] .png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-065/ByteFence_Installs [1].png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-065/ByteFence_Installs [2].png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-065/ByteFence_Installs [3].png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-017/ByteFence Download Free Antivirus for PC [1] .png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-088/ByteFence-Installation-AutomaticScan.gif","200513/ByteFenceFree-180116/5.5.07/Images/ACR-099/ByteFence_Interaction [2].png","200513/ByteFenceFree-180116/5.5.07/Images/ACR-099/ByteFence_Interaction [5].png"],"guid":"202c6741-1db1-4511-ab6a-8457a1d277ae_5.5.07_1","appID":"ByteFenceFree-180116","dateAdded":"200716","deceptorType":"App","name":"ByteFence Anti-Malware","company":"ByteFence","version":"5.5.07","sigName":"Deceptor:Win32/ByteFenceAntiMalware!004048042","lastKnownStatus":"5.5.0.7;5.6.2.0;5.6.4.0;5.6.5.0","lastKnownDate":"201007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1887},{"violations":{"ACR-042":"App installs securedsearch browser extension silently without disclosing and obtaining user's permission.\n","ACR-048":"The application can't be cancelled during installation. The cancel and close option are disabled.\n","ACR-004":"App report untruthful threat (in this case, it reports legit program as high risk) and requires user to pay for fix the threats reported during free scan. \n"},"nonDeceptorViolations":{"ACR-065":"The app's does not contain link about page to it's EULA, Returns and Cancellation Policy, or the Privacy Policy. \nThe app's landing page does not contain link about page to it's  Returns and Cancellation Policy\nThe app's Internal offer page does not contain link about page to it's Returns and Cancellation Policy\nThe app's install does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-088":"The application performs a system scan automatically without the consumer's action and authorization.\n","ACR-099":"Uninstall information is not available in the software \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsement logo \n"},"samples":[{"isRevoked":"False","fileName":"bytefence-installer-needle-5.6.2.0.exe","isInstaller":"True","companyName":"Byte Technologies LLC","fileVersion":"5.6","hashMD5":"5469a9d718d285f8977aa5d1c550ceb9","hashSHA1":"c5adfafb7c4868ddea8618ac32985ab3179c59ca","hashSHA256":"07c83dd178127fd2f99e52d1c1e7793effddbd9db4cf0f897b11007277c0ce26","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2438","avBlockList":["360 Total Security (20200716)","Avast Premium Security (20200716)","AVG Internet Security (20200716)","Avira Internet Security (20200716)","Bitdefender Internet Security (20200716)","ESET Internet Security (20200716)","G DATA INTERNET SECURITY (20200716)","K7 Total Security (20200716)","Malwarebytes Premium (20200716)","McAfee Total Protection (20200716)","Norton Security (20200716)","Panda Dome (20200716)","Quick Heal Internet Security (20200716)","Sophos Home Premium (20200716)","SpyHunter5 (20200716)","Tencent PC Manager (20200716)","Total AV Antivirus Pro (20200716)","VIPRE Advanced Security (20200716)","VirIT eXplorer PRO (20200716)","Webroot SecureAnywhere (20200716)","Windows Defender (20200716)"],"avAllowList":["COMODO Antivirus (20200716)","Dr.Web Security Space (20200716)","Kaspersky Internet Security (20200716)","Trend Micro Internet Security (20200716)"]},{"isRevoked":"False","fileName":"ByteFence.exe","companyName":"Byte Technologies LLC","fileVersion":"5.6","hashMD5":"0a72dc87ec2be23ef3b6ac2d5f67ccd1","hashSHA1":"1174a8eed0791bc042bfc0c9ba42fd48477a1bea","hashSHA256":"8b5e79b49ec1006148eea9c7ad9d74eb52f45232a47f61bdd9bc15482d49e28f","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2438","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"","landingPage":"https://www.bytefence.com/","directDownloadingLink":"https://shield.bytefence.com/bytefence-installer-needle-5.6.2.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://shield.bytefence.com/bytefence-installer-needle-5.6.2.0.exe","sourceIndex":"2438"}],"sampleFiles":["200513/ByteFenceFree-180116/5.6.2.0/Samples/bytefence-installer-needle-5.6.2.0.exe","200513/ByteFenceFree-180116/5.6.2.0/Samples/ByteFence.exe"],"imageFiles":["200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-048/ByteFence_Installs [2].png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-042/SecureSearchCRXInstalledSilently.JPG","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-042/SecuredSearchInstalledwithoutpermission.png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-004/FakeAV.JPG","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-004/PayforFix.JPG","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-004/warning.JPG"],"nonDeceptorImageFiles":["200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-065/ByteFence_Interaction [2].png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-065/ByteFence Download Free Antivirus for PC.png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-065/ByteFence - Download Free Antivirus for PC.png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-065/ByteFence Download Free Antivirus for PC [1] .png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-065/ByteFence_Installs [1].png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-065/ByteFence_Installs [2].png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-065/ByteFence_Installs [3].png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-017/ByteFence Download Free Antivirus for PC [1] .png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-088/ByteFence-Installation-AutomaticScan.gif","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-099/ByteFence_Interaction [2].png","200513/ByteFenceFree-180116/5.6.2.0/Images/ACR-099/ByteFence_Interaction [5].png"],"guid":"202c6741-1db1-4511-ab6a-8457a1d277ae_5.6.2.0_1","appID":"ByteFenceFree-180116","dateAdded":"200716","deceptorType":"App","name":"ByteFence Anti-Malware","company":"ByteFence","version":"5.6.2.0","sigName":"Deceptor:Win32/ByteFenceAntiMalware!004042048","lastKnownStatus":"5.5.0.7;5.6.2.0;5.6.4.0;5.6.5.0","lastKnownDate":"201007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1886},{"violations":{"ACR-048":"The application can't be cancelled during installation. The cancel and close option are disabled.\n","ACR-004":"App report untruthful threat, reporting legit program as suspicious or high risk threat.\n","ACR-084":"Active processes and services running in background even the app is completed quit and with real time protection disabled. \n"},"nonDeceptorViolations":{"ACR-065":"The app's does not contain link about page to it's EULA, Returns and Cancellation Policy, or the Privacy Policy. \nThe app's landing page does not contain link about page to it's  Returns and Cancellation Policy\nThe app's Internal offer page does not contain link about page to it's Returns and Cancellation Policy\nThe app's install does not contain links to it's Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-099":"Uninstall information is not available in the software \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsement logo \n"},"samples":[{"isRevoked":"False","fileName":"bytefence-installer-5.6.4.0.exe","isInstaller":"True","companyName":"Byte Technologies LLC","fileVersion":"5.6","hashMD5":"10525022fb3247c0a59d162b75ad9af8","hashSHA1":"d9531131fa253f2008f177dd99a8ea3bf954d6eb","hashSHA256":"8ce346105fed4a7054c950b0c41c643f34d3771b2076eaaa47cc8ae9bec3df80","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2437","avBlockList":["Avast Premium Security (20200917)","AVG Internet Security (20200917)","Avira Internet Security (20200917)","Bitdefender Internet Security (20200917)","Dr.Web Security Space (20200917)","ESET Internet Security (20200917)","G DATA INTERNET SECURITY (20200917)","K7 Total Security (20200917)","Malwarebytes Premium (20200917)","McAfee Total Protection (20200917)","Panda Dome (20200917)","Quick Heal Internet Security (20200917)","Sophos Home Premium (20200917)","SpyHunter5 (20200917)","Tencent PC Manager (20200917)","Total AV Antivirus Pro (20200917)","VIPRE Advanced Security (20200917)","VirIT eXplorer PRO (20200917)","Webroot SecureAnywhere (20200917)","Windows Defender (20200917)","Norton Security (20200917)"],"avAllowList":["360 Total Security (20200917)","COMODO Antivirus (20200917)","Kaspersky Internet Security (20200917)","Trend Micro Internet Security (20200917)"]},{"isRevoked":"False","fileName":"bytefence-installer-5.6.4.0 [2].exe","isInstaller":"True","companyName":"Byte Technologies LLC","fileVersion":"5.6","hashMD5":"1f387f641093f16bc1f9f59043f42046","hashSHA1":"7cdcaf74562b7f875cd2987c822d42f71991c7f4","hashSHA256":"13d8bd37ece418995dc507ce276072ffcd584d5713f56469a76b9c7ef6cd820c","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2437","avBlockList":["360 Total Security (20200611)","Avira Internet Security (20200611)","Bitdefender Internet Security (20200611)","ESET Internet Security (20200611)","G DATA INTERNET SECURITY (20200611)","K7 Total Security (20200611)","Malwarebytes Premium (20200611)","McAfee Total Protection (20200611)","Panda Dome (20200611)","Quick Heal Internet Security (20200611)","Sophos Home Premium (20200611)","SpyHunter5 (20200611)","Tencent PC Manager (20200611)","Total AV Antivirus Pro (20200611)","VIPRE Advanced Security (20200611)","VirIT eXplorer PRO (20200611)","Webroot SecureAnywhere (20200611)","Windows Defender (20200611)","Avast Premium Security (20200611)","AVG Internet Security (20200611)","Norton Security (20200611)"],"avAllowList":["COMODO Antivirus (20200611)","Dr.Web Security Space (20200611)","Kaspersky Internet Security (20200611)","Trend Micro Internet Security (20200611)"]},{"isRevoked":"False","fileName":"ByteFence.exe","companyName":"Byte Technologies LLC","fileVersion":"5.6","hashMD5":"e29402b3dcb7ef6d2b2a661f612f2c13","hashSHA1":"a0d9d120b3e82bbd4ce5c3e180528a2ba501a6c7","hashSHA256":"c336ee13dd94d55aef8e826cfd3eec157730405890275d4c632d6b71781838d2","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2437","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"","landingPage":"https://www.bytefence.com/features.html","directDownloadingLink":"https://cdn.bytefence.com/bytefence-installer-5.6.4.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.bytefence.com/bytefence-installer-5.6.4.0.exe","sourceIndex":"2437"}],"sampleFiles":["200518/ByteFenceFree-180116/5.6.4.0/Samples/bytefence-installer-5.6.4.0.exe","200518/ByteFenceFree-180116/5.6.4.0/Samples/bytefence-installer-5.6.4.0 [2].exe","200518/ByteFenceFree-180116/5.6.4.0/Samples/ByteFence.exe"],"imageFiles":["200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-048/ByteFence_Installs [4].png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-084/QuitByteFence.JPG","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-084/RealTimeProtection.JPG","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-084/RealTimeProtectionTurnOff.JPG","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-084/RunningProcessCannotKill.JPG","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-004/ByteFence_Scanning [5].png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-004/ReportUntruthfulThreatJPG.JPG"],"nonDeceptorImageFiles":["200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-065/ByteFence Download Free Antivirus for PC.png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-065/ByteFence - Download Free Antivirus for PC.png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-065/ByteFence Download Free Antivirus for PC [1] .png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-065/ByteFence_Installs [1].png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-065/ByteFence_Installs [2].png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-065/ByteFence_Installs [5].png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-017/ByteFence_OfferPage [2].png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-099/ByteFence_Interaction [1].png","200518/ByteFenceFree-180116/5.6.4.0/Images/ACR-099/ByteFence_Interaction [2].png"],"guid":"202c6741-1db1-4511-ab6a-8457a1d277ae_5.6.4.0_1","appID":"ByteFenceFree-180116","dateAdded":"200716","deceptorType":"App","name":"ByteFence Anti-Malware","company":"ByteFence","version":"5.6.4.0","lastKnownStatus":"5.5.0.7;5.6.2.0;5.6.4.0;5.6.5.0","lastKnownDate":"201007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1885},{"violations":{"ACR-048":"The application can't be cancelled during installation. The cancel and close option are disabled. \nWhen the app is closed with disabled real time protection and on re-opening the app, real time protection is re-enabled automatically.\n","ACR-004":"App report untruthful threat, reporting legit program system internal tools, Vdisk, testing tools such as regshot, explore suite, etc...as suspicious or high risk threat and it adds PUP to the malware count.\n"},"nonDeceptorViolations":{"ACR-099":"Uninstall information is not available in the software  \nUninstall information is not available in the landing page  \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsement logo \n"},"samples":[{"isRevoked":"False","fileName":"ByteFence-Anti-Malware-Installer.exe","isInstaller":"True","companyName":"Byte Technologies LLC","productName":"ByteFence Anti-Malware","productVersion":"5.6.5.0","fileVersion":"5.6.5.0","hashMD5":"e638a7d92c1824013b8cc7489860b8bc","hashSHA1":"fbdd9f498ee7fd9f7cece8a9e4ce1d5801566e69","hashSHA256":"6f654e272429b6ad72eb4850506c3aa70958452a47e26232188ea444d6afe3c4","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Byte Technologies LLC","storeId":"","sourceIndex":"2156","avBlockList":["AVG Internet Security (20200928)","Avira Internet Security (20200928)","Bitdefender Internet Security (20200928)","Dr.Web Security Space (20200928)","ESET Internet Security (20200928)","G DATA INTERNET SECURITY (20200928)","K7 Total Security (20200928)","Malwarebytes Premium (20200928)","McAfee Total Protection (20200928)","Norton Security (20200928)","Panda Dome (20200928)","Quick Heal Internet Security (20200928)","Sophos Home Premium (20200928)","SpyHunter5 (20200928)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20200928)","VIPRE Advanced Security (20200928)","VirIT eXplorer PRO (20200928)","Windows Defender (20200928)"],"avAllowList":["360 Total Security (20200928)","Avast Premium Security (20200928)","COMODO Antivirus (20200928)","Kaspersky Internet Security (20200928)","Trend Micro Internet Security (20200928)","Webroot SecureAnywhere (20200928)"]},{"isRevoked":"False","fileName":"ByteFence_0701.exe","companyName":"Byte Technologies LLC","fileVersion":"5.6","hashMD5":"7c5138d6cb24aaab07ff02ce18dd231c","hashSHA1":"14c4144ed6ff81c08358dffaec1e104ff46e3e3f","hashSHA256":"5a7aa9e531eea40eb165a7314b1175b4a2a23644edc20435fb88e4b1f93895b8","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ByteFence-AntiMalware-Installer_0701.exe","isInstaller":"True","companyName":"Byte Technologies LLC","fileVersion":"5.6","hashMD5":"59404814481178e0e2623abff2020936","hashSHA1":"8e1d4c8b86759c755d9424e34b4ec897dce75891","hashSHA256":"ef2127b025b0e84da7a65c0016d6b076c2398aca246ec843520fdf9b1bec7430","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2156","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ByteFence.exe","companyName":"Byte Technologies LLC","fileVersion":"5.6","hashMD5":"b47a42c369a1955fd8ed5c4d260ca6b0","hashSHA1":"ae58f623b28c08fb15ecd78ed3a963e384f92559","hashSHA256":"11cf3b913dbcbac210a9ecfbd2a076226ad8aa1de8cbf4e889e1b3fe19c0e1ac","digitalCertThumbprint":"EEAAFBFD025C65BF6722964196505025119C4A11","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Byte Technologies LLC, O=Byte Technologies LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"2156","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"Deceptor tracking","landingPage":"https://www.bytefence.com/","directDownloadingLink":"https://cdn.bytefence.com/ByteFence-Anti-Malware-Installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.bytefence.com/ByteFence-Anti-Malware-Installer.exe","sourceIndex":"2156"}],"sampleFiles":["200716/ByteFenceFree-180116/5.6.5.0/Samples/ByteFence-Anti-Malware-Installer.exe","200716/ByteFenceFree-180116/5.6.5.0/Samples/ByteFence_0701.exe","200716/ByteFenceFree-180116/5.6.5.0/Samples/ByteFence-AntiMalware-Installer_0701.exe","200716/ByteFenceFree-180116/5.6.5.0/Samples/ByteFence.exe"],"imageFiles":["200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-048/ACR-048_Install_UnableToCancel_Installation.JPG","200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-048/ACR-048_Software_RealTimeProtectionRe_enabled.JPG","200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-004/ACR-004_Software_MisleadingInfo.JPG","200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-004/ACR-004_Software_MisleadingInfo1.JPG","200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-004/ACR-004_Software_MisleadingInfo2.JPG","200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-004/ACR-004_Software_MisleadingInfo3.JPG"],"nonDeceptorImageFiles":["200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogo.JPG","200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","200716/ByteFenceFree-180116/5.6.5.0/Images/ACR-099/ACR-099_LandingPage_NoUninstall_Info.JPG"],"guid":"202c6741-1db1-4511-ab6a-8457a1d277ae_5.6.5.0_1","appID":"ByteFenceFree-180116","dateAdded":"200716","deceptorType":"App","name":"ByteFence Anti-Malware","company":"ByteFence","version":"5.6.5.0","sigName":"Deceptor:Win32/ByteFenceAntiMalware!004048","lastKnownStatus":"5.5.0.7;5.6.2.0;5.6.4.0;5.6.5.0","lastKnownDate":"201007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1884},{"violations":{"ACR-003":"The website uses a computer generated voice to inform the user that their computer's IP address had been hacked.\n","ACR-009":"The website has an audio clip that informs the user that their computer will be locked and to call their support number in order to stop identity theft\n","ACR-014":"The website uses the windows logo and the header states that it is 'Windows Support'. It also phish user to provide username and password \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"redirect from fullpccare.co","reference":"http://fullpccare.co/","landingPage":"64.227.54.202/xxxx16-2020-edgechromium-xxxx/?phone=+1-(866)-781-8276&","ipv4":"","ipv6":"","sourceIndex":"2158"}],"sampleFiles":[],"imageFiles":["200716/FullPCCare-200716/200716/Images/ACR-003/005-64.227.54.202.mp4","200716/FullPCCare-200716/200716/Images/ACR-014/014-64.227.54.202.PNG","200716/FullPCCare-200716/200716/Images/ACR-009/005-64.227.54.202.mp4"],"nonDeceptorImageFiles":[],"guid":"e1fa880f-29e8-4b67-a1ec-e0f0adc49722_200716_1","appID":"FullPCCare-200716","dateAdded":"200716","deceptorType":"Affiliate","name":"fullpccare","company":"fullpccare.co","version":"200716","sigName":"Deceptor:Affiliate/FullPCCare!003014009","lastKnownDate":"200716","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"call center","lastUpdate":"2020-07-16T21:16:06.7856081+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1882},{"violations":{"ACR-003":"The app does not substantiate identified results that need to be cleaned.\n","ACR-006":"App doesn't disclose the call center name next to phone number\n","ACR-168":"App doesn't disclose that additional offer will be made next to phone number during one-one interactive call\n"},"nonDeceptorViolations":{"ACR-040":"App installs in hidden folder %AppData%\n","ACR-065":"The install does not contain link to the Returns and Cancellation Policy\nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy. \nThe link to the EULA or Terms of Service in the landing page is not working.\nThe link to the EULA or Terms of Service in the internal offer page is not working.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"DISKCUREPRO.exe","companyName":"Energizer Softech Pvt Ltd","fileVersion":"1.0","hashMD5":"132b0b12f2c66d0c32abc2994e7bd293","hashSHA1":"582dc6b9148834859190f5838979dcc54ba667f5","hashSHA256":"31ef9db88b5ef73b4a7798047a3639875caf1b6561d41b0728cc30a1bc460893","digitalCertThumbprint":"2456877CEE8816FD8CF020CABCDF9053C827D252","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Energizer Softech Pvt ltd, O=Energizer Softech Pvt ltd, L=Delhi, S=Delhi, C=IN, SERIALNUMBER=206723, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"349","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"diskcurepro.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ae1ebbb5d001fdfcaea85f0d5d38d35c659275d5e7b64e8865c9bcef3ef4b1c5","sourceIndex":"349","avBlockList":["360 Total Security (20200813)","Avast Premium Security (20200813)","AVG Internet Security (20200813)","Avira Internet Security (20200813)","Bitdefender Internet Security (20200813)","COMODO Antivirus (20200813)","Dr.Web Security Space (20200813)","ESET Internet Security (20200813)","G DATA INTERNET SECURITY (20200813)","K7 Total Security (20200813)","Malwarebytes Premium (20200813)","McAfee Total Protection (20200813)","Norton Security (20200813)","Panda Dome (20200813)","Quick Heal Internet Security (20200813)","Sophos Home Premium (20200813)","SpyHunter5 (20200813)","Tencent PC Manager (20200813)","Total AV Antivirus Pro (20200813)","VIPRE Advanced Security (20200813)","VirIT eXplorer PRO (20200813)","Webroot SecureAnywhere (20200813)","Windows Defender (20200813)"],"avAllowList":["Kaspersky Internet Security (20200813)","Trend Micro Internet Security (20200813)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://pccurepro.com/","directDownloadingLink":"http://34.71.106.19/pccurepro/diskcurepro.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://34.71.106.19/pccurepro/diskcurepro.msi","sourceIndex":"349"}],"sampleFiles":["200716/DiskCurePro-200716/1.0.0.0/Samples/DISKCUREPRO.exe","200716/DiskCurePro-200716/1.0.0.0/Samples/diskcurepro.msi"],"imageFiles":["200716/DiskCurePro-200716/1.0.0.0/Images/ACR-168/DISK CURE PRO_Interaction [1].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-168/DISK CURE PRO_Interaction [2].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-003/DISK CURE PRO_Interaction [5].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-006/DISK CURE PRO_Interaction [1].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-006/DISK CURE PRO_Interaction [2].png"],"nonDeceptorImageFiles":["200716/DiskCurePro-200716/1.0.0.0/Images/ACR-040/DISK CURE PRO_Files [3].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-065/DISK CURE PRO_Install [1].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-065/DISK CURE PRO_Install [2].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-065/DISK CURE PRO_Install [3].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-065/DISK CURE PRO_Interaction [1].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-065/DISK CURE PRO_Interaction [9].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-065/DISK CURE PRO_Interaction [12].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-099/DISK CURE PRO_Interaction [1].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-099/DISK CURE PRO_Interaction [2].png","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-065/Disk CURE PRO_LandingPage [2] copy.gif","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-099/DISK CURE PRO_LandingPage [1].jpg","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-065/Disk CURE PRO_TermsofService_OfferPage [1].gif","200716/DiskCurePro-200716/1.0.0.0/Images/ACR-099/DISK CURE PRO_OfferPage [1].png"],"guid":"03c44bba-3f47-4667-be51-d4c8a1ec7d7c_1.0.0.0_1","appID":"DiskCurePro-200716","dateAdded":"200716","deceptorType":"App","name":"Disk Cure Pro","company":"Energizer Softech Pvt Ltd","version":"1.0.0.0","sigName":"Deceptor:Win32/DiskCurePro!003006168","lastKnownStatus":"1.0.0.0","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:18.1710804+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1883},{"violations":{"ACR-057":"The install pre-checks the acceptance checkbox and doesn't provide a clear way to decline (have to click on \"настроить\" and uncheck boxes).\n","ACR-055":"Accept and decline for the offer must be obvious. Clicking \"настроить\" is not an obvious way to decline offer.\n","ACR-155":"Offers are inserted into the install workflow with pre-checked checkboxs to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not contain links to EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The about page does not provide links to uninstall information.\n","ACR-064":"The bundler-made offer download is initiated by hidden pre-checked checkboxes.\n"},"samples":[{"isRevoked":"False","fileName":"UDLSetup_1594753644.exe","isInstaller":"True","companyName":"MAYAK, OOO                                                  ","fileVersion":"1.0","hashMD5":"1543e49d7c3cd454296152544fbff9f1","hashSHA1":"81dba43c67442942c08b71810e24ebdca9341f9c","hashSHA256":"e3b094395cb63c0faee141d13388b209c9653f302bca2ef30a8c0bf4ca2e3f4b","digitalCertThumbprint":"50EF27015DAEFBCDBCA7C37FCA4DCA3E93B226E7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"MAYAK, OOO\", O=\"MAYAK, OOO\", STREET=proezd Tsentralny 27, L=Ivanteevka, S=Moskovskaya oblast, PostalCode=141282, C=RU","sourceIndex":"1597","avBlockList":["360 Total Security (20200806)","Avast Premium Security (20200806)","AVG Internet Security (20200806)","Avira Internet Security (20200806)","Bitdefender Internet Security (20200806)","Dr.Web Security Space (20200806)","ESET Internet Security (20200806)","G DATA INTERNET SECURITY (20200806)","K7 Total Security (20200806)","Malwarebytes Premium (20200806)","McAfee Total Protection (20200806)","Norton Security (20200806)","Panda Dome (20200806)","Quick Heal Internet Security (20200806)","Sophos Home Premium (20200806)","SpyHunter5 (20200806)","Tencent PC Manager (20200806)","Total AV Antivirus Pro (20200806)","Trend Micro Internet Security (20200806)","VIPRE Advanced Security (20200806)","VirIT eXplorer PRO (20200806)","Webroot SecureAnywhere (20200806)","Windows Defender (20200806)"],"avAllowList":["COMODO Antivirus (20200806)","Kaspersky Internet Security (20200806)"]},{"isRevoked":"False","fileName":"ClientLauncher.exe","companyName":"MAYAK, OOO","fileVersion":"1.1","hashMD5":"d7321738fe6fa4475d0477620b488017","hashSHA1":"0a0bafe7d62254442a9094ceedcd3964667791b4","hashSHA256":"bdfed1854ea3fc611d2dde52cbbe448d3b8173b6ca293611ec2c11a937ea45d8","digitalCertThumbprint":"72B215E2DA31BDD33185FB749BF5885B8E2F7008","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"MAYAK, OOO\", O=\"MAYAK, OOO\", STREET=proezd Tsentralny 27, L=Ivanteevka, S=Moscow region, PostalCode=141282, C=RU","sourceIndex":"1597","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://getudl.ru/en/","directDownloadingLink":"https://getudl.ru/latest","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://getudl.ru/latest","sourceIndex":"1597"}],"sampleFiles":["200715/UniDownloader-200616/1.1.2.1/Samples/UDLSetup_1594753644.exe","200715/UniDownloader-200616/1.1.2.1/Samples/ClientLauncher.exe"],"imageFiles":["200715/UniDownloader-200616/1.1.2.1/Images/ACR-055/057-uniDownloader.PNG","200715/UniDownloader-200616/1.1.2.1/Images/ACR-057/ACR-057.gif","200715/UniDownloader-200616/1.1.2.1/Images/ACR-057/057-uniDownloader_2.PNG","200715/UniDownloader-200616/1.1.2.1/Images/ACR-155/ACR-155 [1].png","200715/UniDownloader-200616/1.1.2.1/Images/ACR-155/ACR-155 [2].png"],"nonDeceptorImageFiles":["200715/UniDownloader-200616/1.1.2.1/Images/ACR-065/About page.png","200715/UniDownloader-200616/1.1.2.1/Images/ACR-099/About page.png","200715/UniDownloader-200616/1.1.2.1/Images/ACR-064/Offers.png","200715/UniDownloader-200616/1.1.2.1/Images/ACR-064/ACR-064.png"],"guid":"ddff870b-623c-43c8-b0ab-fb8807c72221_1.1.2.1_1","appID":"UniDownloader-200616","dateAdded":"200715","deceptorType":"App","name":"uniDownloader","company":"MAYAK, OOO","version":"1.1.2.1","sigName":"Deceptor:Win32/uniDownloader!055057155","firstVendorContactDate":"220513","firstAppEsteemReplyDate":"220518","firstResolvedDate":"220520","firstResolvedVersion":"2.5.19.1520","resolved":"TRUE","lastKnownStatus":"1.5.0.4650;1.1.2.1","lastKnownDate":"220520","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-05-20T19:10:46.2658998+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1888},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action.\n","ACR-057":"The install pre-checks the acceptance checkbox and doesn't provide a clear way to decline (have to click on \"настроить\" and uncheck boxes).\n","ACR-055":"Accept and decline for the offer must be obvious. Clicking \"настроить\" is not an obvious way to decline offer.\n","ACR-155":"Offers are inserted into the install workflow with pre-checked checkboxs to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The app's about page does not contain links to EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The about page does not provide links to uninstall information.\n","ACR-064":"The bundler-made offer download is initiated by hidden pre-checked checkboxes.\n"},"samples":[{"isRevoked":"False","fileName":"UDLSetup.exe","isInstaller":"True","companyName":"MAYAK, OOO                                                  ","fileVersion":"0.0","hashMD5":"26765f9bb3bb8cba6dc8612768d0c9c9","hashSHA1":"68f96aaf8c7fb7a58e692cb54c3ac3b1fe093436","hashSHA256":"ec7e5734c26d14fc57edc5f44463b5e42d6f984035b8e0046b938f0d8232b0c7","digitalCertThumbprint":"72B215E2DA31BDD33185FB749BF5885B8E2F7008","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"MAYAK, OOO\", O=\"MAYAK, OOO\", STREET=proezd Tsentralny 27, L=Ivanteevka, S=Moscow region, PostalCode=141282, C=RU","sourceIndex":"2159","avBlockList":["360 Total Security (20200917)","Avast Premium Security (20200917)","AVG Internet Security (20200917)","Avira Internet Security (20200917)","Bitdefender Internet Security (20200917)","Dr.Web Security Space (20200917)","ESET Internet Security (20200917)","G DATA INTERNET SECURITY (20200917)","K7 Total Security (20200917)","Kaspersky Internet Security (20200917)","Malwarebytes Premium (20200917)","McAfee Total Protection (20200917)","Norton Security (20200917)","Panda Dome (20200917)","Quick Heal Internet Security (20200917)","Sophos Home Premium (20200917)","SpyHunter5 (20200917)","Tencent PC Manager (20200917)","Total AV Antivirus Pro (20200917)","Trend Micro Internet Security (20200917)","VIPRE Advanced Security (20200917)","VirIT eXplorer PRO (20200917)","Webroot SecureAnywhere (20200917)","Windows Defender (20200917)"],"avAllowList":["COMODO Antivirus (20200917)"]},{"isRevoked":"False","fileName":"ClientLauncher.exe","companyName":"MAYAK, OOO","fileVersion":"1.1","hashMD5":"b2e985c3ac710b55dbaf921780cd738e","hashSHA1":"5d3b213ed60c492f461baedb3342028982518834","hashSHA256":"4e277c603c4d68c6d6e7d5931753a08453e03c57fa608f72162c56f070efa034","digitalCertThumbprint":"72B215E2DA31BDD33185FB749BF5885B8E2F7008","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"MAYAK, OOO\", O=\"MAYAK, OOO\", STREET=proezd Tsentralny 27, L=Ivanteevka, S=Moscow region, PostalCode=141282, C=RU","sourceIndex":"2159","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://getudl.ru/en/","directDownloadingLink":"https://getudl.ru/latest","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://getudl.ru/latest","sourceIndex":"2159"}],"sampleFiles":["200715/UniDownloader-200616/1.1.2.0/Samples/UDLSetup.exe","200715/UniDownloader-200616/1.1.2.0/Samples/ClientLauncher.exe"],"imageFiles":["200715/UniDownloader-200616/1.1.2.0/Images/ACR-055/ACR-055.gif","200715/UniDownloader-200616/1.1.2.0/Images/ACR-042/Downloaded apps.png","200715/UniDownloader-200616/1.1.2.0/Images/ACR-057/ACR-057.gif","200715/UniDownloader-200616/1.1.2.0/Images/ACR-155/ACR-155 [1].png","200715/UniDownloader-200616/1.1.2.0/Images/ACR-155/ACR-155 [2].png"],"nonDeceptorImageFiles":["200715/UniDownloader-200616/1.1.2.0/Images/ACR-065/About page.png","200715/UniDownloader-200616/1.1.2.0/Images/ACR-099/About page.png","200715/UniDownloader-200616/1.1.2.0/Images/ACR-064/Offers.png","200715/UniDownloader-200616/1.1.2.0/Images/ACR-064/ACR-064.png"],"guid":"ddff870b-623c-43c8-b0ab-fb8807c72221_1.1.2.0_1","appID":"UniDownloader-200616","dateAdded":"200715","deceptorType":"App","name":"uniDownloader","company":"MAYAK, OOO","version":"1.1.2.0","sigName":"Deceptor:Win32/uniDownloader!055042057155","firstVendorContactDate":"220513","firstAppEsteemReplyDate":"220518","firstResolvedDate":"220520","firstResolvedVersion":"2.5.19.1520","resolved":"TRUE","lastKnownStatus":"1.5.0.4650;1.1.2.1","lastKnownDate":"220520","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2022-05-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1889},{"violations":{"ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running, and it allows the consumer to require a hotkey and password to open the app.\n","ACR-084":"The app enables the consumer to put it into stealth mode, which requires the targeted consumer to enter a password and use a hotkey to access it.\n","ACR-086":"The app does not inform the targeted consumer how it collects user data and it enables the consumer to hide the app from the targeted consumer by using a hotkey and password.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder called \"ksysconfig\" in \"Program FIles (x86)\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Setup(password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"bca9e83444e07fb38754ccdafb52c13e","hashSHA1":"e30605417f03290e48c3ddc71b51dbbe578453e9","hashSHA256":"43c494272c9b5c673ba8ef93a52e31947c1ef0d3ebe048b7c0b4273c52314856","digitalCertThumbprint":"E964AC4701E77109973F5FBCFA618EEE8659D256","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2166","avBlockList":["360 Total Security (20200928)","Avast Premium Security (20200928)","AVG Internet Security (20200928)","Avira Internet Security (20200928)","Bitdefender Internet Security (20200928)","COMODO Antivirus (20200928)","Dr.Web Security Space (20200928)","ESET Internet Security (20200928)","G DATA INTERNET SECURITY (20200928)","K7 Total Security (20200928)","Kaspersky Internet Security (20200928)","Malwarebytes Premium (20200928)","McAfee Total Protection (20200928)","Norton Security (20200928)","Panda Dome (20200928)","Quick Heal Internet Security (20200928)","Sophos Home Premium (20200928)","SpyHunter5 (20200928)","Tencent PC Manager (20200928)","Total AV Antivirus Pro (20200928)","Trend Micro Internet Security (20200928)","VIPRE Advanced Security (20200928)","VirIT eXplorer PRO (20200928)","Webroot SecureAnywhere (20200928)","Windows Defender (20200928)"],"avAllowList":[]},{"isRevoked":"False","fileName":"smss.exe","fileVersion":"0.0","hashMD5":"863788d8086317b2960c64ce7c331c96","hashSHA1":"7345b445665840c35b5e7149cc97f77796dbd169","hashSHA256":"fe973ec5937ac2b0ffd5a5fde30f2c2a1368a08f3786fcffec21fe1c5b917b25","digitalCertThumbprint":"E964AC4701E77109973F5FBCFA618EEE8659D256","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2166","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/keystroke-spy.shtml","directDownloadingLink":"https://www.spytech-web.com/download-trial.php?productid=KeystrokeSpy&key=dafe674948804cb17118caea5e11434e015466612d1788dc7b","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/download-trial.php?productid=KeystrokeSpy&key=dafe674948804cb17118caea5e11434e015466612d1788dc7b","sourceIndex":"2166"}],"sampleFiles":["200714/KeystrokeSpy-191118/5.30.19/Samples/Setup(password=spytech).exe","200714/KeystrokeSpy-191118/5.30.19/Samples/smss.exe"],"imageFiles":["200714/KeystrokeSpy-191118/5.30.19/Images/ACR-007/Keystroke Spy Password 2.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-007/Keystroke Spy Password 1.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-007/Keystroke Spy Hotkey.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-007/086-KeystrokeSpy.PNG","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-084/Keystroke Spy Password 2.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-084/Keystroke Spy Password 1.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-084/Keystroke Spy Stealth 1.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-084/Keystroke Spy Hotkey.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-084/086-KeystrokeSpy.PNG","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-086/Keystroke Spy Password 2.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-086/Keystroke Spy Password 1.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-086/Keystroke Spy Hotkey.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-086/Keystroke Spy Stealth 1.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-086/086-KeystrokeSpy.PNG"],"nonDeceptorImageFiles":["200714/KeystrokeSpy-191118/5.30.19/Images/ACR-040/Keystroke Spy Install Location 2.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-040/Keystroke Spy Install Location.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-065/Keystroke Spy Install.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-065/Keystroke Spy EULA.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-065/Keystroke Spy About.png","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-065/099-KeystrokeSpy.PNG","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-099/099-KeystrokeSpy_2.PNG","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-099/099-KeystrokeSpy.PNG","200714/KeystrokeSpy-191118/5.30.19/Images/ACR-099/099-KeystrokeSpy_3.PNG"],"guid":"670e0d8a-7ba7-48b8-8575-2f8dbb3db70b_5.30.19_1","appID":"KeystrokeSpy-191118","dateAdded":"200714","deceptorType":"App","name":"Keystroke Spy","company":"Spytech Software and Design Inc.","version":"5.30.19","sigName":"Deceptor:Win32/KeystrokeSpy!007084086","lastKnownStatus":"Deceptor:5.20.19;5.30.19","lastKnownDate":"201007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-10-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1891},{"violations":{"ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running, and it allows the consumer to require a hotkey and password to open the app.\n","ACR-084":"The app enables the consumer to put it into stealth mode, which requires the targeted consumer to enter a password and use a hotkey to access it.\n","ACR-086":"The app does not inform the targeted consumer how it collects user data and it enables the consumer to hide the app from the targeted consumer by using a hotkey and password.\n"},"nonDeceptorViolations":{"ACR-040":"By default, the app is installed in a hidden folder called \"ksysconfig\" in \"Program FIles (x86)\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Setup(password=spytech).exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6ddbd4d6178de604caf611e7e1e84c00","hashSHA1":"da089034e08ae366664c1448fb7f909d96a77354","hashSHA256":"38bf3de3444224dadcdc85c654f494732ccf259ff620cc8a449b2936ec57ff8a","digitalCertThumbprint":"E964AC4701E77109973F5FBCFA618EEE8659D256","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2601","avBlockList":["360 Total Security (20200924)","Avast Internet Security (20191219)","AVG Internet Security (20200924)","Avira Internet Security (20200924)","Bitdefender Internet Security (20200924)","COMODO Antivirus (20200924)","Dr.Web Security Space (20200924)","ESET Internet Security (20200924)","G DATA INTERNET SECURITY (20200924)","K7 Total Security (20200924)","Kaspersky Internet Security (20200924)","Malwarebytes Premium (20200924)","McAfee Total Protection (20200924)","Norton Security (20200924)","Panda Dome (20200924)","Quick Heal Internet Security (20200924)","Sophos Home Premium (20200924)","Tencent PC Manager (20200924)","Trend Micro Internet Security (20200924)","VIPRE Advanced Security (20200924)","VirIT eXplorer PRO (20200924)","Webroot SecureAnywhere (20200924)","Windows Defender (20200924)","Avast Premium Security (20200924)","SpyHunter5 (20200924)","Total AV Antivirus Pro (20200924)"],"avAllowList":[]},{"isRevoked":"False","fileName":"smss.exe","fileVersion":"0.0","hashMD5":"3cad9e7a9b12c7dea1694deecf5ccb2a","hashSHA1":"dac14f66dfc6f0dd7637c08825831a4d606cc475","hashSHA256":"849254f52d7f057e3b651a71e39bc41c400508047de88a5462994ffa949b4abf","digitalCertThumbprint":"E964AC4701E77109973F5FBCFA618EEE8659D256","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Spytech Software and Design, Inc.\", O=\"Spytech Software and Design, Inc.\", STREET=3505 Wild Turkey Lane, L=Red Wing, S=Minnesota, PostalCode=55066, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Minnesota, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=12K-305","sourceIndex":"2601","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.spytector.com/request-sent.html","reference":"Hunt.Search","landingPage":"https://www.spytech-web.com/keystroke-spy.shtml","directDownloadingLink":"https://www.spytech-web.com/download-trial.php?productid=KeystrokeSpy&key=dafe674948804cb17118caea5e11434e015466612d1788dc7b","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spytech-web.com/download-trial.php?productid=KeystrokeSpy&key=dafe674948804cb17118caea5e11434e015466612d1788dc7b","sourceIndex":"2601"}],"sampleFiles":["191119/KeystrokeSpy-191118/5.20.19/Samples/Setup(password=spytech).exe","191119/KeystrokeSpy-191118/5.20.19/Samples/smss.exe"],"imageFiles":["191119/KeystrokeSpy-191118/5.20.19/Images/ACR-007/Keystroke Spy Password 2.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-007/Keystroke Spy Password 1.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-007/Keystroke Spy Hotkey.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-084/Keystroke Spy Password 2.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-084/Keystroke Spy Password 1.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-084/Keystroke Spy Stealth 1.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-084/Keystroke Spy Hotkey.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-086/Keystroke Spy Password 2.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-086/Keystroke Spy Password 1.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-086/Keystroke Spy Hotkey.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-086/Keystroke Spy Stealth 1.png"],"nonDeceptorImageFiles":["191119/KeystrokeSpy-191118/5.20.19/Images/ACR-040/Keystroke Spy Install Location 2.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-040/Keystroke Spy Install Location.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-065/Keystroke Spy Install.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-065/Keystroke Spy EULA.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-065/Keystroke Spy About.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-065/Keystroke Spy Landing Page.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-099/Keystroke Spy About.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-099/Keystroke Spy Landing Page.png","191119/KeystrokeSpy-191118/5.20.19/Images/ACR-099/Keystroke Spy Internal Offers.png"],"guid":"670e0d8a-7ba7-48b8-8575-2f8dbb3db70b_5.20.19_1","appID":"KeystrokeSpy-191118","dateAdded":"200714","deceptorType":"App","name":"Keystroke Spy","company":"Spytech Software and Design Inc.","version":"5.20.19","sigName":"Deceptor:Win32/KeystrokeSpyStalkerware!007084086","lastKnownStatus":"Deceptor:5.20.19;5.30.19","lastKnownDate":"201007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-10-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1892},{"violations":{"ACR-006":"Third part monetization, call center, is not clearly attributed.\n","ACR-014":"Offer claims no charge will be made if not completely satisfied, but fine print shows it's a negative option charge: consumer must opt out.\n","ACR-164":"App doesn't provide clear information when and how users will be notified free trial expired and how they can opt out for auto charging when trial expires.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"FixBit.exe","isInstaller":"True","companyName":"Abe Apps Pte. Ltd.","fileVersion":"4.1","hashMD5":"1e4c857ccf49e956a275788ba0138da8","hashSHA1":"45aeec8c60d8e7203bb5121e9ac4df1c17706914","hashSHA256":"df0a1674afdb940f8974cfe2a50b9360f0358c7203dfb105bc838bd2a93dc3a4","digitalCertThumbprint":"DE40EC5EA246C5A63972AF987534AF22E196E98B","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=17 Phillip Street, STREET=05-01 Grand Building, L=Singapore, S=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2013","avBlockList":["360 Total Security (20200924)","Avast Premium Security (20200924)","AVG Internet Security (20200924)","Avira Internet Security (20200924)","Bitdefender Internet Security (20200924)","COMODO Antivirus (20200924)","Dr.Web Security Space (20200924)","ESET Internet Security (20200924)","G DATA INTERNET SECURITY (20200924)","K7 Total Security (20200924)","Malwarebytes Premium (20200924)","McAfee Total Protection (20200924)","Norton Security (20200924)","Panda Dome (20200924)","Quick Heal Internet Security (20200924)","Sophos Home Premium (20200924)","SpyHunter5 (20200924)","Tencent PC Manager (20200924)","Total AV Antivirus Pro (20200924)","VIPRE Advanced Security (20200924)","VirIT eXplorer PRO (20200924)","Webroot SecureAnywhere (20200924)"],"avAllowList":["Kaspersky Internet Security (20200924)","Trend Micro Internet Security (20200924)","Windows Defender (20200924)"]},{"isRevoked":"False","fileName":"AbeAppsDriverUpdater.exe","companyName":"AbeApps Pte. Ltd.","fileVersion":"4.0","hashMD5":"4768e4a5f4bd141aebdd52e92ec2d3e8","hashSHA1":"445027e314374e65b3c54ca67b8b63fc9468044a","hashSHA256":"ba17abad458b0eb62b80e20591dadb483624f137569be5ede5c6cfe37aab96e3","digitalCertThumbprint":"DE40EC5EA246C5A63972AF987534AF22E196E98B","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=17 Phillip Street, STREET=05-01 Grand Building, L=Singapore, S=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2013","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FixBit2.exe","isInstaller":"True","companyName":"Abe Apps Pte. Ltd.","fileVersion":"4.1","hashMD5":"af7557ed1647b3a83ce44c6cf3dd6553","hashSHA1":"540ac8dde8ee042ac194e8b434f1c139bef03c4e","hashSHA256":"8f02de99f87fd5f81728aee68e34c0ac047299da1a634a9dab7f3395ecfc89ee","digitalCertThumbprint":"C2A611F41B5DFE2153BDF18DD50CAF505E81CCF4","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Abe Apps Pte. Ltd., O=Abe Apps Pte. Ltd., STREET=\"17 Phillip Street #05-01, Grand Building\", L=Singapore, PostalCode=048695, C=SG, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201711092Z","sourceIndex":"2013","avBlockList":["360 Total Security (20210107)","Avast Premium Security (20210107)","AVG Internet Security (20210107)","Avira Internet Security (20210107)","COMODO Antivirus (20210107)","Dr.Web Security Space (20210107)","ESET Internet Security (20210107)","G DATA INTERNET SECURITY (20210107)","K7 Total Security (20210107)","McAfee Total Protection (20210107)","Norton Security (20210107)","Panda Dome (20210107)","Sophos Home Premium (20210107)","SpyHunter5 (20210107)","Total AV Antivirus Pro (20210107)","VirIT eXplorer PRO (20210107)"],"avAllowList":["Bitdefender Internet Security (20210107)","Kaspersky Internet Security (20210107)","Malwarebytes Premium (20210107)","Quick Heal Internet Security (20210107)","Tencent PC Manager (20210107)","Trend Micro Internet Security (20210107)","VIPRE Advanced Security (20210107)","Webroot SecureAnywhere (20210107)","Windows Defender (20210107)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"driver update\"","reference":"https://fixbit.com/","landingPage":"https://fixbit.com/","directDownloadingLink":"https://download2.fixbit.com/abeappsfb/aefixbit/abeappsfb4.1.0.0/en/FixBit.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://download2.fixbit.com/abeappsfb/aefixbit/abeappsfb4.1.0.0/en/FixBit.exe","sourceIndex":"2013"}],"sampleFiles":["200714/FixBit-190813/4.1.0.0/Samples/FixBit.exe","200714/FixBit-190813/4.1.0.0/Samples/AbeAppsDriverUpdater.exe","200714/FixBit-190813/4.1.0.0/Samples/FixBit2.exe"],"imageFiles":["200714/FixBit-190813/4.1.0.0/Images/ACR-014/FixBit_164_1.JPG","200714/FixBit-190813/4.1.0.0/Images/ACR-014/FixBit_164_2.JPG","200714/FixBit-190813/4.1.0.0/Images/ACR-164/FixBit_164_1.JPG","200714/FixBit-190813/4.1.0.0/Images/ACR-006/FixBit_Interaction [1].png","200714/FixBit-190813/4.1.0.0/Images/ACR-006/FixBit_Interaction [2].png"],"nonDeceptorImageFiles":[],"guid":"5a0b9a8e-a758-4fa4-87c3-2f9e986e7142_4.1.0.0_1","appID":"FixBit-190813","dateAdded":"200714","deceptorType":"App","name":"FixBit","company":"Abe Apps Pte. Ltd.","version":"4.1.0.0","sigName":"Deceptor:Win32/FIxBit!014006164","firstResolvedVersion":"stop distributing on Aug 20 after warning","lastKnownStatus":"4.1.0.0","lastKnownDate":"210102","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-01-03T06:45:17.2584673+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1893},{"violations":{"ACR-043":"One or more third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page. Ex.: SDService.exe, changeq.exe, commonwnd.dll\n","ACR-084":"1. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent. 2. The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the user attempts to completely uninstall the application, app retains some of its components on the device without the consumer's consent\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not contain links to it's Returns and Cancellation Policy, Privacy Policy\nThe app's about page does not contain links to it's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThe app’s landing page does not contain links to it's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThe app's internal offers page does not contain links to it's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 2.2.0 vs version 2.3.0 ) The App's version is not consistent between App interaction and its install.\nThe App's version is not consistent between App interaction and its install. (version 2.2.0 vs version 2.3.0 ) The App's version is not consistent between App interaction and its install.\n","ACR-092":"The application files do not have a digital signature.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe app’s landing page does not display links to uninstall information.\nThe app's internal offers page does not contain links to uninstall information.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"DataRecovery.exe","companyName":"Winmend.com","fileVersion":"2.2","hashMD5":"16c54c962fa465b89238f27bd96d540e","hashSHA1":"2b54ce38887f29450f37f2698d769b147e99749f","hashSHA256":"01c422f16cce8c98bd6548c0a3adc3ea4bc3b1f52c2eec7589969670c2be0fde","sourceIndex":"2165","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinMend-Data-Recovery.exe","isInstaller":"True","companyName":"WinMend.com                                                 ","fileVersion":"0.0","hashMD5":"fc24b96d41a32795614ed65ddb5479e3","hashSHA1":"ccba0140dc4e956aa46cea16e813cd024bbcc540","hashSHA256":"55cc75986d36599a756768fbabb113c0b440e7d7e67753ee8e6d140e5f629827","sourceIndex":"2165","avBlockList":["Avast Premium Security (20200924)","AVG Internet Security (20200924)","Avira Internet Security (20200924)","Bitdefender Internet Security (20200924)","Dr.Web Security Space (20200924)","ESET Internet Security (20200924)","G DATA INTERNET SECURITY (20200924)","K7 Total Security (20200924)","Kaspersky Internet Security (20200924)","Malwarebytes Premium (20200924)","McAfee Total Protection (20200924)","Norton Security (20200924)","Panda Dome (20200924)","Quick Heal Internet Security (20200924)","Sophos Home Premium (20200924)","SpyHunter5 (20200924)","Tencent PC Manager (20200924)","Total AV Antivirus Pro (20200924)","Trend Micro Internet Security (20200924)","VIPRE Advanced Security (20200924)","VirIT eXplorer PRO (20200924)","Webroot SecureAnywhere (20200924)","Windows Defender (20200924)"],"avAllowList":["360 Total Security (20200924)","COMODO Antivirus (20200924)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"windows data recovery\"","landingPage":"http://www.winmend.com","directDownloadingLink":"http://www.winmend.com/pad/download/WinMend-Data-Recovery.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.winmend.com/pad/download/WinMend-Data-Recovery.exe","sourceIndex":"2165"}],"sampleFiles":["200714/WinMendDataRecovery-200714/2.2.0.0/Samples/DataRecovery.exe","200714/WinMendDataRecovery-200714/2.2.0.0/Samples/WinMend-Data-Recovery.exe"],"imageFiles":["200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-043/WinMend Data Recovery_Files [3].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-084/WinMend Data Recovery_ScheduledTasks [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-084/WinMend Data Recovery_Files [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-118/WinMend Data Recovery_FilesAfterUninstall [1].png"],"nonDeceptorImageFiles":["200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-065/WinMend Data Recovery_Install [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-065/WinMend Data Recovery_Install [2].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-065/WinMend Data Recovery_Install [3].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-002/WinMend Data Recovery_About [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-002/WinMend Data Recovery_Install [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-092/WinMend Data Recovery_Files [2].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-065/WinMend Data Recovery_About [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-099/WinMend Data Recovery_About [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-002/WinMend Data Recovery_About [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-002/WinMend Data Recovery_Install [1].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-065/Screenshot_2020-07-14 WinMend - Free Download System Doctor, Registry Cleaner, Disk Cleaner, History Cleaner, Data Recovery[...].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-099/Screenshot_2020-07-14 WinMend - Free Download System Doctor, Registry Cleaner, Disk Cleaner, History Cleaner, Data Recovery[...].png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-166/Screenshot_2020-07-14 MyCommerce Online Store(1).png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-065/Screenshot_2020-07-14 WinMend com Online Order(1).png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-065/Screenshot_2020-07-14 MyCommerce Online Store(1).png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-099/Screenshot_2020-07-14 WinMend com Online Order(1).png","200714/WinMendDataRecovery-200714/2.2.0.0/Images/ACR-099/Screenshot_2020-07-14 MyCommerce Online Store(1).png"],"guid":"6faaae7b-c73d-474d-98ba-2e7ff21a2071_2.2.0.0_1","appID":"WinMendDataRecovery-200714","dateAdded":"200714","deceptorType":"App","name":"WinMend Data Recovery","company":"Winmend.com","version":"2.2.0.0","sigName":"Deceptor:Win32/WinMendDataRecovery!043084118","lastKnownStatus":"2.2.0.0","lastKnownDate":"201007","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1890},{"violations":{"ACR-016":"The application being prompted is downloaded directly from the advertisements to user's system. It doesn't direct user to application's offer page. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"App monitoring","reference":"","landingPage":"https://howtofix.guide/","directDownloadingLink":"https://howtofix.guide/bytefence-anti-malware/","ipv4":"","ipv6":"","sourceIndex":"2155"}],"sampleFiles":[],"imageFiles":["200713/HowToFix-200713/200713/Images/ACR-016/HowToFixDirectDownload.mp4"],"nonDeceptorImageFiles":[],"guid":"2afba63d-c33a-453a-8b72-8c61de27ee9d_200713_1","appID":"HowToFix-200713","dateAdded":"200713","deceptorType":"Affiliate","name":"HowToFix-200713","company":"https://howtofix.guide/","version":"200713","sigName":"Deceptor:Affiiate/HowToFix!016","firstVendorContactDate":"200714","firstAppEsteemReplyDate":"200714","firstResolvedDate":"200719","firstResolvedVersion":"200719","resolved":"TRUE","lastKnownStatus":"200713","lastKnownDate":"200713","type":"Affiliate","category":"Personalization & Search, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2020-07-19T18:41:29.9468648+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1894},{"violations":{"ACR-050":"Add its files to windows defender's exclusion list without user's permission. \n","ACR-004":"It reports clean component as dangerous. raising urgency with untruthful information.\n","ACR-007":"The app does not obtain informed consent before disabling the Windows Defender process in the startup manager.\n","ACR-014":"The app reports \"You are unprotected\" despite the fact that the Windows has an inbuilt virus protection and raises urgency for non-urgent \"issues\", thereby misleading or scaring users to take action.\nThe app shows that \"System will be unprotected\" prompt during un-installation even though Windows Defender is running in the system, which is misleading.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an app instead of redirecting to a landing page which allows the consumer to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose the privacy policy during the installation.\nThe app does not disclose the EULA and privacy policy in the software.\n","ACR-099":"The app does not provide uninstall information in the software.\n","ACR-120":"During uninstallation, the app offers the same product to the consumer at a lower price (50% off).\n","ACR-035":"The app does not disclose the app name in the docs.\n","ACR-167":"The app’s returns policy must be at least 30 days.\n","ACR-017":"The app displays an unverifiable logo in the landing page.\n","ACR-014":"The app uses outdated images in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"unhackme_setup.exe","isInstaller":"True","companyName":"Greatis Software LLC.                                      ","productName":"UnHackMe                                                    ","productVersion":"11.70.0.970                                       ","fileVersion":"11.70.0.970         ","hashMD5":"073a99f6a628f17d13e865c0f5a70c73","hashSHA1":"c13491c107a816ad6ac7cc67ad2ebed540b8c189","hashSHA256":"3f6a37df1e24dc404f5262fb6f1f32b644629e9b3af38e9d60146d8332a69303","digitalCertThumbprint":"ADE8083CD79AE850923524A3BCDF4E8E69A9382C","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Greatis Software LLC","storeId":"","sourceIndex":"2391","avBlockList":["Avast Premium Security (20200707)","AVG Internet Security (20200707)","Avira Internet Security (20200707)","ESET Internet Security (20200707)","K7 Total Security (20200707)","Malwarebytes Premium (20200707)","McAfee Total Protection (20200707)","Norton Security (20200707)","Panda Dome (20200707)","SpyHunter5 (20200707)","VirIT eXplorer PRO (20200707)","Webroot SecureAnywhere (20200707)","Windows Defender (20200707)","Total AV Antivirus Pro (20200707)"],"avAllowList":["360 Total Security (20200707)","Bitdefender Internet Security (20200707)","COMODO Antivirus (20200707)","Dr.Web Security Space (20200707)","G DATA INTERNET SECURITY (20200707)","Kaspersky Internet Security (20200707)","Quick Heal Internet Security (20200707)","Sophos Home Premium (20200707)","Tencent PC Manager (20200707)","Trend Micro Internet Security (20200707)","VIPRE Advanced Security (20200707)"]},{"isRevoked":"False","fileName":"unhackme_980setup.exe","isInstaller":"True","companyName":"Greatis Software, LLC.                                      ","productName":"UnHackMe ","productVersion":"11.70.0.970   ","fileVersion":"11.80.0.980","hashMD5":"2a7574c5043087cd2f0928eaa428b8b4","hashSHA1":"f91040ac99c649d34418f924b7f9586968883a75","hashSHA256":"5a35feb4253bd7c627d82a5efdf736374b4bb0b54e90aa5c99db53d6e09e707b","digitalCertThumbprint":"A113B0282629984318842B467AEC7780EDA5752E","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Greatis Software, OOO\", O=\"Greatis Software, OOO\", L=Yaroslavl, C=RU, SERIALNUMBER=1027600847229, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=RU","sourceIndex":"2391","avBlockList":["360 Total Security (20200707)","Avast Premium Security (20200707)","AVG Internet Security (20200707)","Avira Internet Security (20200707)","ESET Internet Security (20200707)","K7 Total Security (20200707)","Malwarebytes Premium (20200707)","McAfee Total Protection (20200707)","Norton Security (20200707)","Panda Dome (20200707)","Sophos Home Premium (20200707)","SpyHunter5 (20200707)","VirIT eXplorer PRO (20200707)","Webroot SecureAnywhere (20200707)","Windows Defender (20200707)","Total AV Antivirus Pro (20200707)"],"avAllowList":["Bitdefender Internet Security (20200707)","COMODO Antivirus (20200707)","Dr.Web Security Space (20200707)","G DATA INTERNET SECURITY (20200707)","Kaspersky Internet Security (20200707)","Quick Heal Internet Security (20200707)","Tencent PC Manager (20200707)","Trend Micro Internet Security (20200707)","VIPRE Advanced Security (20200707)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://greatis.com/","directDownloadingLink":"https://greatis.com/unhackme/thankyou.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://greatis.com/unhackme/thankyou.htm","sourceIndex":"2391"}],"sampleFiles":["200707/UnHackMe-200520/11.70.0.970/Samples/unhackme_setup.exe","200707/UnHackMe-200520/11.70.0.970/Samples/unhackme_980setup.exe"],"imageFiles":["200707/UnHackMe-200520/11.70.0.970/Images/ACR-004/ACR-004_AlarmingColors.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-004/ACR-004_Software_DetectsWindowsComponents.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-004/ACR-004_Software_WordProblem.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-050/ExcludedSetting.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-007/ACR-007_Software_NoAlert.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-014/ACR-014_Software_MisleadingMessage.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-014/ACR-014_Software_MisleadingMessage1.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-014/ACR-014_Uninstall_Misleading.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-016/ACR-016_AdsInsideApp_DirectDownload.JPG"],"nonDeceptorImageFiles":["200707/UnHackMe-200520/11.70.0.970/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-065/ACR-065_Software_NoDocs.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-099/ACR-099_Software_NoUninstallPolicy.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-120/ACR-120_Uninstall_OfferDuringUninstall.JPG","200707/UnHackMe-200520/11.70.0.970/Images/ACR-035/ACR-035_Docs_NoAppName.jpg","200707/UnHackMe-200520/11.70.0.970/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.jpg","200707/UnHackMe-200520/11.70.0.970/Images/ACR-014/ACR-014_Landingpage_OutdatedImages.jpg","200707/UnHackMe-200520/11.70.0.970/Images/ACR-017/ACR-017_Landingpage_UnableToVerifyLogo.JPG"],"guid":"dbfdb1cf-b799-4e89-bbd3-1779e3f03207_11.70.0.970_1","appID":"UnHackMe-200520","dateAdded":"200707","deceptorType":"App","name":"UnHackMe","company":"Greatis Software LLC","version":"11.70.0.970","sigName":"Deceptor:Win32/UnHackMe!004007014016","firstVendorContactDate":"200629","firstAppEsteemReplyDate":"200629","firstResolvedDate":"200705","firstResolvedVersion":"11.84.0.984","resolved":"TRUE","lastKnownStatus":"11.70.0.970;11.80.0.980","lastKnownDate":"201010","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,in-app purchases","lastUpdate":"2020-10-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1895},{"violations":{"ACR-003":"The app uses the alarming color to make exaggerated claims about the system's health.\n","ACR-004":"The app does not provide a fully functional free trial when requiring purchase to fix issues identified in the free scan.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-065":"The install page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's about page does not contain links to the app's Returns and Cancellations Policy.\n","ACR-099":"The app's about page does not contain links to uninstall information.\n","ACR-171":"The offer for McAfee Internet Security requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"Installer.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ab0c7435e490309b0bfae24ef7e14127","hashSHA1":"0bcb6e6bad5e98cd9cfb5a738520afbdf28ffa63","hashSHA256":"89c17c7254d9da050b3ac5d283a440a93034613359a3b0e0184bfba15b4b95ac","sourceIndex":"2496","avBlockList":["Avast Security for Mac (20200717)","Avira Security for Mac (20200717)","Bitdefender Antivirus for Mac (20200717)","ESET Cyber Security Pro for Mac (20200717)","G DATA AntiVirus for Mac (20200717)","K7 Antivirus for Mac (20200717)","McAfee Internet Security for Mac (20200717)","Norton Security for Mac (20200717)","Sophos Home Premium For Mac (20200717)","Trend Micro Antivirus for Mac (20200717)"],"avAllowList":["Kaspersky Internet Security for Mac (20200717)"]},{"isRevoked":"False","fileName":"Easy Mac Care","fileVersion":"0.","hashMD5":"f370975e56145dd17fbd19c4d0db88e0","hashSHA1":"f46c58872aa00fe8a6e21e9d5cc4a4b87f7d0987","hashSHA256":"6bfb498c05df9ccb3b3751165f918430fe448ff29dc8cb5bc15979ec0e9f8388","sourceIndex":"2496","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://easymaccare.com","directDownloadingLink":"https://download.easymaccare.com/mac/emc/setups/zp/Installer.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.easymaccare.com/mac/emc/setups/zp/Installer.dmg","sourceIndex":"2496"}],"sampleFiles":["200422/EasyMacCare-200422/3.1.9/Samples/Installer.dmg","200422/EasyMacCare-200422/3.1.9/Samples/Easy Mac Care"],"imageFiles":["200422/EasyMacCare-200422/3.1.9/Images/ACR-003/EasyMacCare ACR-003.png","200422/EasyMacCare-200422/3.1.9/Images/ACR-003/ACR-003 [1].png","200422/EasyMacCare-200422/3.1.9/Images/ACR-004/EasyMacCare ACR-004.gif","200422/EasyMacCare-200422/3.1.9/Images/ACR-164/EasyMacCare Internal Offers.png"],"nonDeceptorImageFiles":["200422/EasyMacCare-200422/3.1.9/Images/ACR-065/Install Page.png","200422/EasyMacCare-200422/3.1.9/Images/ACR-065/About page.png","200422/EasyMacCare-200422/3.1.9/Images/ACR-171/EasyMacCare Internal Offers.png","200422/EasyMacCare-200422/3.1.9/Images/ACR-099/EasyMacCare About Page .png"],"guid":"2f6d288e-7ed3-4ed7-b95f-f8f5aa814e0a_3.1.9_1","appID":"EasyMacCare-200422","dateAdded":"200707","deceptorType":"MacOS App","name":"Easy Mac Care","company":"Digital Protection Services S.R.L.","version":"3.1.9","sigName":"Deceptor:MacOS/EasyMacCare!003004164","lastKnownStatus":"3.1.9;4.0.16","lastKnownDate":"201010","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-10-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1897},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Orange\" color bar or \"Red\" font, thereby misleading or scaring the consumer to take action. \n","ACR-004":"The app provides free scan results, but does not provide a fully functional trial before requiring consumer to pay.\n","ACR-084":"The app does not provide a way to disable the auto-launch of the app.\n","ACR-164":"The app needs to provide detailed information about how to cancel, renew notification and next payment term's price with these time-bound discount items.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the app's EULA and/or Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's about page does not display links to the app's Returns and Cancellations Policy.\n","ACR-099":"The app's about page does not contain links to uninstall information.\n","ACR-171":"The offer for McAfee Internet Security requires the user to opt-out of the payment.\n"},"samples":[{"isRevoked":"False","fileName":"Easy Mac Care","fileVersion":"0.","hashMD5":"b5fb29a47366003e1cfebb15b75c6032","hashSHA1":"9ea166134d9c44cac7c4ab28348029e67b7f9dd5","hashSHA256":"27423341cab38367148b4309215c1295f6f767b027e87dfb916452ce201fe523","sourceIndex":"2392","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Installer.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"ab0c7435e490309b0bfae24ef7e14127","hashSHA1":"0bcb6e6bad5e98cd9cfb5a738520afbdf28ffa63","hashSHA256":"89c17c7254d9da050b3ac5d283a440a93034613359a3b0e0184bfba15b4b95ac","sourceIndex":"2392","avBlockList":["Avast Security for Mac (20200717)","Avira Security for Mac (20200717)","Bitdefender Antivirus for Mac (20200717)","ESET Cyber Security Pro for Mac (20200717)","G DATA AntiVirus for Mac (20200717)","K7 Antivirus for Mac (20200717)","McAfee Internet Security for Mac (20200717)","Norton Security for Mac (20200717)","Sophos Home Premium For Mac (20200717)","Trend Micro Antivirus for Mac (20200717)"],"avAllowList":["Kaspersky Internet Security for Mac (20200717)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://easymaccare.com","directDownloadingLink":"https://download.easymaccare.com/mac/emc/setups/zp/Installer.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.easymaccare.com/mac/emc/setups/zp/Installer.dmg","sourceIndex":"2392"}],"sampleFiles":["200707/EasyMacCare-200422/4.0.16/Samples/Easy Mac Care","200707/EasyMacCare-200422/4.0.16/Samples/Installer.dmg"],"imageFiles":["200707/EasyMacCare-200422/4.0.16/Images/ACR-003/Easy Mac Care_Interaction [1].png","200707/EasyMacCare-200422/4.0.16/Images/ACR-003/Easy Mac Care_Interaction [10] ActivateNow.png","200707/EasyMacCare-200422/4.0.16/Images/ACR-004/Easy Mac Care_Interaction [1].png","200707/EasyMacCare-200422/4.0.16/Images/ACR-004/Easy Mac Care_Interaction [8] InstantActivation.png","200707/EasyMacCare-200422/4.0.16/Images/ACR-004/Easy Mac Care_Interaction [9] InstantActivation.png","200707/EasyMacCare-200422/4.0.16/Images/ACR-004/Easy Mac Care_Interaction [10] ActivateNow.png","200707/EasyMacCare-200422/4.0.16/Images/ACR-164/Easy Mac Care_OfferPage [4]_.png","200707/EasyMacCare-200422/4.0.16/Images/ACR-084/Easy Mac Care_About [1].png","200707/EasyMacCare-200422/4.0.16/Images/ACR-084/Easy Mac Care_Settings [1].png","200707/EasyMacCare-200422/4.0.16/Images/ACR-084/Easy Mac Care_KnockKnockLog [1].png"],"nonDeceptorImageFiles":["200707/EasyMacCare-200422/4.0.16/Images/ACR-065/Easy Mac Care_Install [1].png","200707/EasyMacCare-200422/4.0.16/Images/ACR-065/Easy Mac Care_Install [2].png","200707/EasyMacCare-200422/4.0.16/Images/ACR-065/Easy Mac Care_About [1].png","200707/EasyMacCare-200422/4.0.16/Images/ACR-171/Easy Mac Care_OfferPage [4]_.png","200707/EasyMacCare-200422/4.0.16/Images/ACR-099/Easy Mac Care_About [1].png"],"guid":"2f6d288e-7ed3-4ed7-b95f-f8f5aa814e0a_4.0.16_1","appID":"EasyMacCare-200422","dateAdded":"200707","deceptorType":"MacOS App","name":"Easy Mac Care","company":"Digital Protection Services S.R.L.","version":"4.0.16","sigName":"Deceptor:MacOS/EasyMacCare!003004084164","lastKnownStatus":"3.1.9;4.0.16","lastKnownDate":"201010","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2020-10-10T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1896},{"violations":{},"nonDeceptorViolations":{"ACR-014":"The app downloaded (Advanced System Repair) is not the app being advertised (PCCleanerPro).\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Google Search \"PC Cleaner\"","reference":"","landingPage":"https://www.speedupmypcfree.com/","directDownloadingLink":"https://advancedsystemrepair.com/ASR-Elite-Installer-E4.exe","ipv4":"","ipv6":"","sourceIndex":"2395"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":["200702/Speedupmypcfreecom-200702/200702/Images/ACR-014/Screenshot_2020-07-02 Speed Up My PC FREE Accelerate Your Computers Performance Today .png","200702/Speedupmypcfreecom-200702/200702/Images/ACR-014/Screen Shot 2020-07-02 at 2.09.40 PM.png"],"guid":"35d3d3fe-8b25-4778-8c4c-32b6e23862f0_200702_1","appID":"Speedupmypcfreecom-200702","dateAdded":"200702","deceptorType":"Affiliate","name":"Speedupmypcfreecom","company":"Speed My PC FREE","version":"200702","sigName":"Deceptor:Affiliate/Speedupmypcfree!014","lastKnownStatus":"200702","lastKnownDate":"200702","type":"Affiliate","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-07-02T18:55:53.7355644+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1898},{"violations":{"ACR-014":"The app downloaded (Advanced System Repair) is not the app being advertised (PCCleanerPro). \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Certified app  monitoring","reference":"ASR","landingPage":"http://www.pccleanerpro.com","directDownloadingLink":"http://www.pccleanerpro.com/install","ipv4":"","ipv6":"","sourceIndex":"2396"}],"sampleFiles":[],"imageFiles":["200701/PccleanerproCom-200630/200630/Images/ACR-014/PCCleanerPro_014.JPG"],"nonDeceptorImageFiles":[],"guid":"143486f8-a955-4428-9c79-91f5c0b10ba2_200630_1","appID":"PccleanerproCom-200630","dateAdded":"200701","deceptorType":"Affiliate","name":"PCCleanerProCom","company":"PC Cleaner Inc","version":"200630","sigName":"Deceptor:Affiliate/PCCleanerProCom!014","lastKnownStatus":"200701","lastKnownDate":"200701","type":"Affiliate","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","lastUpdate":"2020-07-01T05:55:43.1553869+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1899},{"violations":{"ACR-003":"The app does not substantiate identified results that need to be optimized.\n","ACR-017":"Norton Secured log in the internal offers page can't be verified\n","ACR-118":"The app deliberately retain its components post uninstallation\n","ACR-014":"1. The app does not substantiate identified results.\n"},"nonDeceptorViolations":{"ACR-045":"The landing displays \"Free Download\" and does not provide free trial, as the word \"Free\" misleads the consumer to take an action\nThe app uses tiny font to disclose EULA during install, which is difficult for the consumer to read\n","ACR-065":"The app does not disclose \"Privacy Policy\" during installation\nThe app does not disclose \"EULA & Privacy Policy\" in the app's about page\n","ACR-161":"Testimonials are not verifiable\n","ACR-099":"The app does not disclose uninstall information in the app's about page.\nThe app does not disclose uninstall information for \"Advanced Network Care\" in the landing page (Uninstall info is provided for MacBooster)\n","ACR-035":"The app does not disclose \"App Name\" in the docs.\n","ACR-014":"The app uses exaggerated word \"Problem\" in the landing page\n"},"samples":[{"isRevoked":"False","fileName":"AdvancedNetworkCare.pkg","isInstaller":"True","companyName":"IObit","productName":"Advanced Network Care","productVersion":"1.0.1","fileVersion":"1.0.1","hashMD5":"2bf288734524a1d6360e39c98894149e","hashSHA1":"8fb192bd615e080fef7aaed5b35461aa9d224855","hashSHA256":"b9930532c492274b1371474e1e1532c08dfee6de15279c1707d2e7fd3edc70b4","digitalCertThumbprint":"4638629E-2097-2B0E-A2EB-0B6470B93CB3","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Apperience Corporation (MA9EDUZPCW)","sourceIndex":"2398","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Advanced Network Care.app.zip","companyName":"IObit","productName":"Advanced Network Care","productVersion":"1.0.1","fileVersion":"1.0.1","hashMD5":"39f1704a1aa93259bd86a63aa481d14c","hashSHA1":"4a045c0036e7188fd55d380414c4018f68baafc0","hashSHA256":"4b8d495f1e0878fe28f9563ec05dffcd9e17233743a91ac87998f32b873c64c9","digitalCertThumbprint":"4638629E-2097-2B0E-A2EB-0B6470B93CB3","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Apperience Corporation (MA9EDUZPCW)","sourceIndex":"2398","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor monitoring","reference":"","landingPage":"macbooster.net","ipv4":"","ipv6":"","sourceIndex":"2398"}],"sampleFiles":["200629/AdvancedNetworkCare-200627/1.0.1/Samples/AdvancedNetworkCare.pkg"],"imageFiles":["200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-003/ACR-003_Software_Doesn't_Substanitate_Identified_Results 2.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-014/ACR-014_Software_Doesn't_Substanitate_Identified_Results 2.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-014/ACR-014_Software_Uses_Exaggerated_Word.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-118/ACR-118_Uninstall.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-017/ACR-017_InternalOffers.png"],"nonDeceptorImageFiles":["200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-045/ACR-045_LandingPage_Misleads_User.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-045/ACR-045_Install_TinyFont.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-065/ACR-065_Install_PrivacyPolicy_Is_Missing.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-065/ACR-065_Software_Missing_Docs.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-099/ACR-099_Software_Missing_Uninstall_Info.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-035/ACR-035_Docs_App_Name_Missing.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-006/ACR-006.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-006/ACR-006_LandingPage_Call_Center_Attribution_Required.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-014/ACR-014_LandingPage_Uses_Exaggerated_Word.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-014/ACR-014_LandingPage_Uses_Exaggerated_Word1.png","200629/AdvancedNetworkCare-200627/1.0.1/Images/ACR-161/ACR-161_LandingPage.png"],"guid":"7e2908eb-5f7d-44d3-9f54-aa2ea1866144_1.0.1_1","appID":"AdvancedNetworkCare-200627","dateAdded":"200629","deceptorType":"MacOS App","name":"Advanced Network Care","company":"IObit","version":"1.0.1","sigName":"Deceptor:MacOS/AdvancedNetworkCare!003014118017","lastKnownStatus":"1.0.1","lastKnownDate":"200629","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid,call center","lastUpdate":"2020-06-29T16:52:25.4806985+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1900},{"violations":{"ACR-003":"The app exaggerates system issues and raises urgency for the identified issues with \"Red\" color bar, thereby misleading or scaring the consumer to take action. \n"},"nonDeceptorViolations":{"ACR-045":"ACR-045\n\"Free version\" highlights \"free\" misleads user. \nThe app needs to disclose upfront to the consumer that it requires a payment after 7 days free trial for full functionality. \n\n","ACR-092":" Digital signature is required for the following executable's : \"uninst.exe\" and \"IGSCleanerTrays.exe\".\n","ACR-168":"The landing page displays a phone number without disclosing that additional offers may be made.\n"},"samples":[{"isRevoked":"False","fileName":"igscleanersetup.exe","isInstaller":"True","companyName":"igscleaner.com","fileVersion":"1.0","hashMD5":"d4d74961408311513dc07b370cfc7264","hashSHA1":"18cf09465c49a37f64133ff43accc1aeccd69fa0","hashSHA256":"322f67895e5b1e1c8386fce2d71500fca3640b2961b641d2f6b75f838d1013db","digitalCertThumbprint":"C3E9E414B13AFA4DC748609F27F573457D99872D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=IGlobe Solutions, OU=IGS Cleaner, O=IGlobe Solutions, POBox=302019, STREET=\"560-561, Symphony Pride, Nirman Nagar\", L=Jaipur, S=Rajasthan, PostalCode=302019, C=IN","sourceIndex":"352","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IGSCleanerTrays.exe","companyName":"IGS Cleaner","fileVersion":"1.1","hashMD5":"6098bed3985273bb71af999a69cd456c","hashSHA1":"f04dbfc5e62ed2f146eee21e07552cfcd82bca18","hashSHA256":"e99a8d579be80799072c8033f46947ef27eb47e9792fd4638e383193b938e5fa","sourceIndex":"352","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IGS Cleaner.exe","companyName":"IGS Cleaner","fileVersion":"1.0","hashMD5":"d6feb8f5fc1f40457e0bd021e2f63c54","hashSHA1":"a399428ba03b36ec32e39eb7f9bc0e74c738752d","hashSHA256":"a340b1a253e06d6fe90c395efb871458d9a4b5acc64326e223663d23d892b4e6","digitalCertThumbprint":"C3E9E414B13AFA4DC748609F27F573457D99872D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=IGlobe Solutions, OU=IGS Cleaner, O=IGlobe Solutions, POBox=302019, STREET=\"560-561, Symphony Pride, Nirman Nagar\", L=Jaipur, S=Rajasthan, PostalCode=302019, C=IN","sourceIndex":"352","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"https://www.igscleaner.com","directDownloadingLink":"","landingPageWildChar":"","directDownloadingLinkWildChar":"","sourceIndex":"352"}],"sampleFiles":["200628/igscleaner-181022/1.0.3.3/Samples/igscleanersetup.exe","200628/igscleaner-181022/1.0.3.3/Samples/IGSCleanerTrays.exe","200628/igscleaner-181022/1.0.3.3/Samples/IGS Cleaner.exe"],"imageFiles":["200628/igscleaner-181022/1.0.3.3/Images/ACR-003/IGS Cleaner_Interaction [4].png","200628/igscleaner-181022/1.0.3.3/Images/ACR-003/IGS Cleaner_Interaction [5].png","200628/igscleaner-181022/1.0.3.3/Images/ACR-003/IGS Cleaner_Interaction [8].png"],"nonDeceptorImageFiles":["200628/igscleaner-181022/1.0.3.3/Images/ACR-092/IGS Cleaner_FileProperty[1].png","200628/igscleaner-181022/1.0.3.3/Images/ACR-045/IGS Cleaner_LandingPage [1].png","200628/igscleaner-181022/1.0.3.3/Images/ACR-168/IGS Cleaner_LandingPage [1].png"],"guid":"7c09dc84-a956-4ba6-ba4d-95174645e645_1.0.3.3_1","appID":"igscleaner-181022","dateAdded":"200628","deceptorType":"App","name":"IGS Cleaner","company":"IGS Cleaner","version":"1.0.3.3","sigName":"Deceptor:Win32/IGSCleaner!003","lastKnownStatus":"Deceptor:1.0.1.7;1.0.3.3","lastKnownDate":"241119","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:18.237754+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1901},{"violations":{"ACR-057":"There is no clear way to decline the offer because the pre-checked checkbox is hidden in the icon.\n","ACR-055":"The bundler made offers do not make the action of deselecting or declining offers obvious to the consumer\n"},"nonDeceptorViolations":{"ACR-054":"The bundler made offers and did not provide option for user to decline the offers.\n"},"samples":[{"isRevoked":"False","fileName":"FastDownloader.exe","isInstaller":"True","companyName":"-","fileVersion":"3.2.0.8","hashMD5":"6defe3d2298fe9e3d802634fd5b2ca38","hashSHA1":"807e2cef24297148286b5c121456bf79dfd5d3b7","hashSHA256":"8b34468070c6a2d9b6977b2999655c64d6dc08143608d8ec34ebd27fedf3c4b2","digitalCertThumbprint":"625E0C2B530ECF73052C0B513BA34EE922531604","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Guangdong Fengqi Technology Co., Ltd.\", O=\"Guangdong Fengqi Technology Co., Ltd.\", L=东莞, S=广东, C=CN, SERIALNUMBER=91441900MA4X7P7J07, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=dongguan, OID.1.3.6.1.4.1.311.60.2.1.2=guangdong, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"2400","avBlockList":["Avast Premium Security (20200709)","AVG Internet Security (20200709)","Avira Internet Security (20200709)","Bitdefender Internet Security (20200709)","COMODO Antivirus (20200709)","ESET Internet Security (20200709)","G DATA INTERNET SECURITY (20200709)","K7 Total Security (20200709)","Kaspersky Internet Security (20200709)","Malwarebytes Premium (20200709)","McAfee Total Protection (20200709)","Norton Security (20200709)","Panda Dome (20200709)","Quick Heal Internet Security (20200709)","Sophos Home Premium (20200709)","SpyHunter5 (20200709)","Tencent PC Manager (20200709)","Total AV Antivirus Pro (20200709)","Trend Micro Internet Security (20200709)","VIPRE Advanced Security (20200709)","VirIT eXplorer PRO (20200709)","Webroot SecureAnywhere (20200709)","Windows Defender (20200709)"],"avAllowList":["360 Total Security (20200709)","Dr.Web Security Space (20200709)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://mydown.yesky.com/pcsoft/34468619.html","directDownloadingLink":"http://mydown.yesky.com/xzdown/421352?isxzq=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://mydown.yesky.com/xzdown/421352?isxzq=1","sourceIndex":"2400"}],"sampleFiles":["200626/TinderSecuritySoftware-200625/3.2.0.8/Samples/FastDownloader.exe"],"imageFiles":["200626/TinderSecuritySoftware-200625/3.2.0.8/Images/ACR-055/offer2.JPG","200626/TinderSecuritySoftware-200625/3.2.0.8/Images/ACR-057/offer2.JPG"],"nonDeceptorImageFiles":["200626/TinderSecuritySoftware-200625/3.2.0.8/Images/ACR-054/Offer1.JPG","200626/TinderSecuritySoftware-200625/3.2.0.8/Images/ACR-054/offer2.JPG"],"guid":"f64b9c0f-30d1-4243-9c56-ed196c241ad6_3.2.0.8_1","appID":"TinderSecuritySoftware-200625","dateAdded":"200626","deceptorType":"Bundler","name":"YeSkyDownloader","company":"Guangdong Fengqi Technology Co., Ltd","version":"3.2.0.8","sigName":"Deceptor:Win32/YeSkyDownloader!055057","lastKnownStatus":"3.2.0.8","lastKnownDate":"200626","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows Vista,Windows XP,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2020-06-27T04:06:44.9558371+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1902},{"violations":{"ACR-004":"App uses \"traffic light\" colors to create an exaggerated sense of urgency. App instructs user to purchase the license to do clean up. The free fix option is hidden behind the 15 sec count down disabled \"continues\" button. \n","ACR-097":"App instructs user to disable the security product to perform optimization.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's about page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe landing page does not contain links to the app's Returns and Cancellations Policy.\n","ACR-161":"The landing page contains testimonials with no link back to original source, making them unable to be verified.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe landing page does not contain links to uninstall information.\nThe app's internal offers does not contain links to uninstall information.\n","ACR-150":"The landing page contains endorsements that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"reg-organizer-setup.exe","isInstaller":"True","companyName":"ChemTable Software                                          ","fileVersion":"0.0","hashMD5":"4c25104f011d71da0fe85853580d3f46","hashSHA1":"852f8f6497918b451f1e6a2d36c1b080d084986d","hashSHA256":"c442f95bed22a587da823cf40230efffcdc6b6914818bd1aad50b38a5f6e302b","digitalCertThumbprint":"4014A694D8B42B7608C7F375AF4CD070E94A55BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Konstantin Polyakov IP, O=Konstantin Polyakov IP, STREET=\"of. 300, 3 Sofi Kovalevskoi ul.\", L=Ekaterinburg, S=Sverdlovskaya Oblast, PostalCode=620049, C=RU","sourceIndex":"2154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegOrganizer.exe","companyName":"Chemtable Software","fileVersion":"8.43","hashMD5":"720df1748af802a738d2fc6395ad1ce4","hashSHA1":"73d70415adb01b0e2f62f20ff2349a81b50b7fd2","hashSHA256":"8cbf69f1736490f1d53d0153c9b386396b7bcfecfa97a909a79db8681dc19552","digitalCertThumbprint":"4014A694D8B42B7608C7F375AF4CD070E94A55BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Konstantin Polyakov IP, O=Konstantin Polyakov IP, STREET=\"of. 300, 3 Sofi Kovalevskoi ul.\", L=Ekaterinburg, S=Sverdlovskaya Oblast, PostalCode=620049, C=RU","sourceIndex":"2154","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google search","landingPage":"https://www.chemtable.com/organizer.htm","directDownloadingLink":"https://www.chemtable.com/downloading-reg-organizer.htm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chemtable.com/downloading-reg-organizer.htm","sourceIndex":"2154"}],"sampleFiles":["200625/RegOrganizer-190607/8.43/Samples/reg-organizer-setup.exe","200625/RegOrganizer-190607/8.43/Samples/RegOrganizer.exe"],"imageFiles":["200625/RegOrganizer-190607/8.43/Images/ACR-004/ACR-004.png","200625/RegOrganizer-190607/8.43/Images/ACR-004/ACR-004 [2].png","200625/RegOrganizer-190607/8.43/Images/ACR-004/ACR_004.JPG","200625/RegOrganizer-190607/8.43/Images/ACR-097/ACR_097.JPG"],"nonDeceptorImageFiles":["200625/RegOrganizer-190607/8.43/Images/ACR-065/Install.png","200625/RegOrganizer-190607/8.43/Images/ACR-065/About Page.png","200625/RegOrganizer-190607/8.43/Images/ACR-065/Landing Page.png","200625/RegOrganizer-190607/8.43/Images/ACR-161/ACR-161.png","200625/RegOrganizer-190607/8.43/Images/ACR-099/About Page.png","200625/RegOrganizer-190607/8.43/Images/ACR-099/Landing Page.png","200625/RegOrganizer-190607/8.43/Images/ACR-099/Internal Offers.png","200625/RegOrganizer-190607/8.43/Images/ACR-150/ACR-150.png","200625/RegOrganizer-190607/8.43/Images/ACR-150/ACR-150 [2].png"],"guid":"63d9537a-a293-47a1-8834-4febf1c47743_8.43_1","appID":"RegOrganizer-190607","dateAdded":"200625","deceptorType":"App","name":"Reg Organizer","company":"ChemTable","version":"8.43","sigName":"Deceptor:Win32/RegOrganizer!004097","firstVendorContactDate":"200624","firstAppEsteemReplyDate":"200624","firstResolvedDate":"200625","firstResolvedVersion":"8.44","resolved":"TRUE","lastKnownStatus":"8.43","lastKnownDate":"201010","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"in-app purchases","lastUpdate":"2020-10-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1903},{"violations":{"ACR-004":"App uses \"traffic light\" colors to raise an exaggerated sense of urgency.\n","ACR-097":"App instructs user to disable the security product to perform optimization\n","ACR-059":"The bundler-made offer is not clearly marked as an optional offer.\n","ACR-155":"Offers are inserted into the install workflow with a pre-checked checkbox to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the Returns and Cancellation Policy, or the Privacy Policy. \nThe app does not display links to the EULA, the Returns and Cancellation Policy, Privacy Policy. \nThe landing page does not display links to the Returns and Cancellation Policy\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n","ACR-064":"The bundler-made offer download is initiated by a pre-checked checkbox.\nThe bundler-made offer download is initiated by a pre-checked checkbox.\n"},"samples":[{"isRevoked":"False","fileName":"registry-life-setup.exe","isInstaller":"True","companyName":"ChemTable Software                                          ","fileVersion":"0.0","hashMD5":"f71b3c3d72862a1da560aa761eb1e02d","hashSHA1":"39f1b20c18d1379629a1ddaeeb2a44005bc389f2","hashSHA256":"41403ffa3c061d6437e3714f1995f0db645aa866fa5c4a06c7cab1a0d1aef843","digitalCertThumbprint":"4014A694D8B42B7608C7F375AF4CD070E94A55BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Konstantin Polyakov IP, O=Konstantin Polyakov IP, STREET=\"of. 300, 3 Sofi Kovalevskoi ul.\", L=Ekaterinburg, S=Sverdlovskaya Oblast, PostalCode=620049, C=RU","sourceIndex":"2402","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryLife.exe","companyName":"Chemtable Software","fileVersion":"5.20","hashMD5":"ee9dc1f2f7edbc6ee266fdfa82ddafc3","hashSHA1":"aa2ff5d9eb4b6f4f2b5b5f92def4b8fbd5deace9","hashSHA256":"6413a61ada97d346d60b9d4e1f670683e49a23c1871f423e26736e3aa5755c34","digitalCertThumbprint":"4014A694D8B42B7608C7F375AF4CD070E94A55BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Konstantin Polyakov IP, O=Konstantin Polyakov IP, STREET=\"of. 300, 3 Sofi Kovalevskoi ul.\", L=Ekaterinburg, S=Sverdlovskaya Oblast, PostalCode=620049, C=RU","sourceIndex":"2402","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.chemtable.com","landingPage":"https://www.chemtable.com","directDownloadingLink":"https://www.chemtable.com/files/registry-life-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chemtable.com/files/registry-life-setup.exe","sourceIndex":"2402"}],"sampleFiles":["200625/RegistryLife-171211/5.20/Samples/registry-life-setup.exe","200625/RegistryLife-171211/5.20/Samples/RegistryLife.exe"],"imageFiles":["200625/RegistryLife-171211/5.20/Images/ACR-155/Registry Life Offer.png","200625/RegistryLife-171211/5.20/Images/ACR-059/Registry Life Offer.png","200625/RegistryLife-171211/5.20/Images/ACR-097/ACR_097_1.JPG","200625/RegistryLife-171211/5.20/Images/ACR-004/Registry Life_Interaction[1].png"],"nonDeceptorImageFiles":["200625/RegistryLife-171211/5.20/Images/ACR-155/Registry Life_Install [3].png","200625/RegistryLife-171211/5.20/Images/ACR-064/Registry Life Offer.png","200625/RegistryLife-171211/5.20/Images/ACR-064/Registry Life_Install [3].png","200625/RegistryLife-171211/5.20/Images/ACR-099/Registry Life_Interaction[1].png","200625/RegistryLife-171211/5.20/Images/ACR-099/Registry Life_OfferPage [1].png","200625/RegistryLife-171211/5.20/Images/ACR-099/Registry Life_OfferPage [2].png","200625/RegistryLife-171211/5.20/Images/ACR-065/Registry Life_Install [1].png","200625/RegistryLife-171211/5.20/Images/ACR-065/Registry Life_Install [2].png","200625/RegistryLife-171211/5.20/Images/ACR-065/Registry Life_Install [3].png","200625/RegistryLife-171211/5.20/Images/ACR-065/Registry Life_Install [4].png","200625/RegistryLife-171211/5.20/Images/ACR-065/Registry Life Colors.png","200625/RegistryLife-171211/5.20/Images/ACR-065/Registry Life_LandingPage [1].png","200625/RegistryLife-171211/5.20/Images/ACR-065/Registry Life_LandingPage [2].png"],"guid":"45c4f155-54c0-4df2-aa82-e07add721a70_5.20_1","appID":"RegistryLife-171211","dateAdded":"200625","deceptorType":"App","name":"Registry Life","company":"Chemtable Software","version":"5.20","sigName":"Deceptor:Win32/RegistryLife!155059097004","firstVendorContactDate":"200624","firstAppEsteemReplyDate":"200624","firstResolvedDate":"200625","firstResolvedVersion":"5.22","resolved":"TRUE","lastKnownStatus":"5.15;5.20","lastKnownDate":"200625","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2020-06-25T23:07:43.2400498+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1904},{"violations":{"ACR-109":"The app downloads \"rkverify.exe, a RelevantKnowledge file.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-075":"Cancelling the installation leaves the carrier and the offers installed.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or the Privacy Policy. \n","ACR-002":"he App's version is not consistent between App interaction and its install. (version 8.8.2.6 vs version 8.8.1) The App's version is not consistent between App interaction and its install.\nhe App's version is not consistent between App interaction and its install. (version 8.8.2.6 vs version 8.8.1) The App's version is not consistent between App interaction and its install.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"PCBoosterFreeBrowserCleaner.exe","isInstaller":"True","companyName":"PCBooster, Inc.                                             ","fileVersion":"0.0","hashMD5":"f5e76a0e8af64ee5481a2ff6fdcce1e8","hashSHA1":"c2110331b71c3d5bda6862e3682d945f63dcda11","hashSHA256":"59b045ae2242ce13c361132c73976fc16e325033ab0e2f664afb4632ffb72b4c","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"1879","avBlockList":["360 Total Security (20200702)","Avast Premium Security (20200702)","AVG Internet Security (20200702)","Avira Internet Security (20200702)","Bitdefender Internet Security (20200702)","Dr.Web Security Space (20200702)","ESET Internet Security (20200702)","G DATA INTERNET SECURITY (20200702)","K7 Total Security (20200702)","Malwarebytes Premium (20200702)","McAfee Total Protection (20200702)","Norton Security (20200702)","Panda Dome (20200702)","Quick Heal Internet Security (20200702)","Sophos Home Premium (20200702)","SpyHunter5 (20200702)","Tencent PC Manager (20200702)","Total AV Antivirus Pro (20200702)","Trend Micro Internet Security (20200702)","VIPRE Advanced Security (20200702)","VirIT eXplorer PRO (20200702)","Webroot SecureAnywhere (20200702)","Windows Defender (20200702)"],"avAllowList":["COMODO Antivirus (20200702)","Kaspersky Internet Security (20200702)"]},{"isRevoked":"False","fileName":"PCBoosterFreeBrowserCleaner.exe","companyName":"PCBooster Free Browser Cleaner","fileVersion":"7.2","hashMD5":"69a3c3cfe371e1f6f0723845c3b43616","hashSHA1":"80aa4e82194dd6e93fcc70f1bd440efde6450fd4","hashSHA256":"7c55a9b50fe1ebe555214a79da6c805df3912e3e28f8f42c75cfa5913cb64845","sourceIndex":"1879","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoosterFreeBrowserCleaner [2].exe","isInstaller":"True","companyName":"PCBooster, Inc.                                             ","fileVersion":"0.0","hashMD5":"553352b8eb107aebc26267df7e475704","hashSHA1":"c7e8036338f32e09badc4dd65636e18f15d59098","hashSHA256":"f07d5ce95c01e00de5981dfa076c045e1f18c47809a35cd4b84b767327354062","digitalCertThumbprint":"8DE30AB3656EBCEE8A4700B7E737C99904A4A664","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Intellectual Property Rights Consulting Co., Ltd\", O=\"Beijing Hangxin Intellectual Property Rights Consulting Co., Ltd\", STREET=\"Room 201, No.17, Zhongjianzi Alley, Dongcheng District\", L=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101069553746X","sourceIndex":"1879","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"PC Booster\"","reference":"","landingPage":"https://www.pc-booster.net","directDownloadingLink":"https://www.pc-booster.net/PCBoosterFreeBrowserCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pc-booster.net/PCBoosterFreeBrowserCleaner.exe","sourceIndex":"1879"}],"sampleFiles":["200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Samples/PCBoosterFreeBrowserCleaner_.exe","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Samples/PCBoosterFreeBrowserCleaner.exe","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Samples/PCBoosterFreeBrowserCleaner [2].exe"],"imageFiles":["200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-109/PCBoosterFreeBrowserCleaner_Install [5]_.png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-109/PCBoosterFreeBrowserCleaner_DownloadedRKVerifyFile[1].png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-048/PCBoosterFreeBrowserCleaner_Install [5]_.png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-075/PCBoosterFreeBrowserCleaner_Install [6].png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-059/PCBoosterFreeBrowserCleaner_Install [6].png"],"nonDeceptorImageFiles":["200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-065/PCBoosterFreeBrowserCleaner_Install [1].png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-002/PCBoosterFreeBrowserCleaner_Install [1]_.png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-065/PCBoosterFreeBrowserCleaner_About [1].png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-099/PCBoosterFreeBrowserCleaner_About [1].png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-002/PCBoosterFreeBrowserCleaner_About [1]_.png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-099/PCBoosterFreeBrowserCleaner_LandingPage [1].png","200625/PCBoosterFreeBrowserCleaner-200619/8.8.1/Images/ACR-099/PCBoosterFreeBrowserCleaner_LandingPage [2].png"],"guid":"ecc65332-c90f-4280-af25-79cc243bc883_8.8.1_1","appID":"PCBoosterFreeBrowserCleaner-200619","dateAdded":"200625","deceptorType":"Bundler","name":"PCBooster Free Browser Cleaner","company":"PCBooster, Inc.","version":"8.8.1","sigName":"Deceptor:Win32/PCBoosterFreeBrowserCleaner!109048075059","lastKnownStatus":"8.8.1","lastKnownDate":"200625","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2021-06-25T19:45:26.7028191+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1906},{"violations":{"ACR-004":"App uses \"traffic light\" colors to raise an exaggerated sense of urgency.\n","ACR-097":"App tells users to disable all antivirus software before performing registry optimization.\n","ACR-059":"The bundler-made offer is not clearly marked as an optional offer.\n","ACR-155":"Offers are inserted into the install workflow with a pre-checked checkbox to trick the consumer to install the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe bundler-made offer does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe bundler-made offers do not display links to uninstall information.\n","ACR-064":"The bundler-made offer download is initiated by a pre-checked checkbox.\n"},"samples":[{"isRevoked":"False","fileName":"RegistryLife.exe","companyName":"Chemtable Software","fileVersion":"5.15","hashMD5":"a99b44ce116322c4085c0559b07bf9e1","hashSHA1":"23652b1322eccbeda2f13a7ec309b8aff7ff6453","hashSHA256":"9acd15c3ba6a601e92c878348cf4e6c549f257b4f058e499ac3d921b27e6b5d9","digitalCertThumbprint":"4014A694D8B42B7608C7F375AF4CD070E94A55BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Konstantin Polyakov IP, O=Konstantin Polyakov IP, STREET=\"of. 300, 3 Sofi Kovalevskoi ul.\", L=Ekaterinburg, S=Sverdlovskaya Oblast, PostalCode=620049, C=RU","sourceIndex":"2420","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"registry-life-setup.exe","isInstaller":"True","companyName":"ChemTable Software                                          ","fileVersion":"0.0","hashMD5":"593261e928cfe03da4cd6251625a1079","hashSHA1":"9681e3178a7c7f714353c4005323d7e21d0dfd2e","hashSHA256":"af0748178a24259d225c924716a0061625af7f7a20e7b7ba91ad702114d4ae4c","digitalCertThumbprint":"4014A694D8B42B7608C7F375AF4CD070E94A55BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Konstantin Polyakov IP, O=Konstantin Polyakov IP, STREET=\"of. 300, 3 Sofi Kovalevskoi ul.\", L=Ekaterinburg, S=Sverdlovskaya Oblast, PostalCode=620049, C=RU","sourceIndex":"2420","avBlockList":["360 Total Security (20200618)","Avast Premium Security (20200618)","AVG Internet Security (20200618)","Avira Internet Security (20200618)","ESET Internet Security (20200618)","K7 Total Security (20200618)","Malwarebytes Premium (20200618)","McAfee Total Protection (20200618)","Panda Dome (20200618)","Sophos Home Premium (20200618)","SpyHunter5 (20200618)","Total AV Antivirus Pro (20200618)","Trend Micro Internet Security (20200618)","VirIT eXplorer PRO (20200618)","Webroot SecureAnywhere (20200618)","Windows Defender (20200618)","Norton Security (20200618)"],"avAllowList":["Bitdefender Internet Security (20200618)","COMODO Antivirus (20200618)","Dr.Web Security Space (20200618)","G DATA INTERNET SECURITY (20200618)","Kaspersky Internet Security (20200618)","Quick Heal Internet Security (20200618)","Tencent PC Manager (20200618)","VIPRE Advanced Security (20200618)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.chemtable.com/RegistryLife.htm","directDownloadingLink":"https://www.chemtable.com/files/registry-life-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.chemtable.com/files/registry-life-setup.exe","sourceIndex":"2420"}],"sampleFiles":["200601/RegistryLife-171211/5.15/Samples/RegistryLife.exe","200601/RegistryLife-171211/5.15/Samples/registry-life-setup.exe"],"imageFiles":["200601/RegistryLife-171211/5.15/Images/ACR-155/Registry Life Offer.png","200601/RegistryLife-171211/5.15/Images/ACR-059/Registry Life Offer.png","200601/RegistryLife-171211/5.15/Images/ACR-097/Registry Life 097.png","200601/RegistryLife-171211/5.15/Images/ACR-004/Registry Life Colors.png"],"nonDeceptorImageFiles":["200601/RegistryLife-171211/5.15/Images/ACR-064/Registry Life Offer.png","200601/RegistryLife-171211/5.15/Images/ACR-099/Registry Life Colors.png","200601/RegistryLife-171211/5.15/Images/ACR-099/Registry Life Landing Page.png","200601/RegistryLife-171211/5.15/Images/ACR-099/Registry Life Offer.png","200601/RegistryLife-171211/5.15/Images/ACR-065/Registry Life Colors.png","200601/RegistryLife-171211/5.15/Images/ACR-065/Registry Life Offer.png"],"guid":"45c4f155-54c0-4df2-aa82-e07add721a70_5.15_1","appID":"RegistryLife-171211","dateAdded":"200625","deceptorType":"App","name":"Registry Life","company":"Chemtable Software","version":"5.15","sigName":"Deceptor:Win32/RegistryLife!155059097004","firstVendorContactDate":"200624","firstAppEsteemReplyDate":"200624","firstResolvedDate":"200625","firstResolvedVersion":"5.22","resolved":"TRUE","lastKnownStatus":"5.15;5.20","lastKnownDate":"200625","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,cross-sell other apps","lastUpdate":"2020-06-25T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1905},{"violations":{"ACR-014":"Information about application being advertised is not truthful and confusing. \n","ACR-016":"Download is launched directly from the advertisment \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Certified app monitor","reference":"","landingPage":"https://techloris.com/geforce-experience-error-code-0x0003/","ipv4":"","ipv6":"","sourceIndex":"2404"},{"howFound":"Certified app monitor Ads from Techloris.com","reference":"","landingPage":"https://techloris.com/lp/error8.php?&c=1504749485&ag=107475757148&ad=428762509603&k={placeholder}&p1=&p2=&p3=&gclid=EAIaIQobChMIsqmhtMWb6gIVTy5-Ch0hKQb-EAEYASAAEgJFXvD_BwE&gclid=EAIaIQobChMIsqmhtMWb6gIVTy5-Ch0hKQb-EAEYASAAEgJFXvD_BwE","ipv4":"","ipv6":"","sourceIndex":"2405"}],"sampleFiles":[],"imageFiles":["200624/TechlorisDotCom-200624/200624/Images/ACR-014/TechlorisCom.mp4"],"nonDeceptorImageFiles":[],"guid":"6bf76be3-08f6-436e-9b5b-15748794ab4b_200624_1","appID":"TechlorisDotCom-200624","dateAdded":"200624","deceptorType":"Affiliate","name":"TechlorisCom","company":"techloris.com","version":"200624","sigName":"Deceptor:Affiliate/TechlorisCom!014016","lastKnownStatus":"200624","lastKnownDate":"200624","type":"Affiliate","category":"Personalization & Search, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"in-app purchases,display ads","lastUpdate":"2020-06-24T23:40:23.9848077+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1907},{"violations":{"ACR-109":"The app downloads \"rkverify.exe, a RelevantKnowledge file.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-075":"Cancelling the installation leaves the carrier and the offers installed.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or the Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 8.8.2.6 vs version 7.8.2) The App's version is not consistent between App interaction and its install.\nThe App's version is not consistent between App interaction and its install. (version 8.8.2.6 vs version 7.8.2) The App's version is not consistent between App interaction and its install.\n","ACR-099":"The app does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \n"},"samples":[{"isRevoked":"False","fileName":"PCBoosterFreeAntiSpyware.exe","fileVersion":"1.0","hashMD5":"33bf6e940a8cb9590ebe785ffbc9bf9b","hashSHA1":"2749f5ca2aecfe28df57dd710cbcf28e25fce40f","hashSHA256":"6cbbc2db06b99b4c0163bb9e5b97adfdb6c6fb0b3f4c1720668ece9c17688459","sourceIndex":"2412","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoosterFreeAntiSpyware_setup.exe","isInstaller":"True","companyName":"PC Booster, Inc.                                            ","fileVersion":"0.0","hashMD5":"67fdf9ddb81c958fc254dd9901ed75e8","hashSHA1":"ad20737bc1c647a1f3bedbd41469ac052b734113","hashSHA256":"63dd7ad9057b8d1a82fb82f7f712bfacc82e53d606cc6bf552ea95afb0ef2423","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2412","avBlockList":["360 Total Security (20200630)","Avast Premium Security (20200630)","AVG Internet Security (20200630)","Avira Internet Security (20200630)","Bitdefender Internet Security (20200630)","Dr.Web Security Space (20200630)","ESET Internet Security (20200630)","G DATA INTERNET SECURITY (20200630)","K7 Total Security (20200630)","Malwarebytes Premium (20200630)","McAfee Total Protection (20200630)","Norton Security (20200630)","Panda Dome (20200630)","Quick Heal Internet Security (20200630)","Sophos Home Premium (20200630)","SpyHunter5 (20200630)","Tencent PC Manager (20200630)","Total AV Antivirus Pro (20200630)","VIPRE Advanced Security (20200630)","VirIT eXplorer PRO (20200630)","Webroot SecureAnywhere (20200630)","Windows Defender (20200630)"],"avAllowList":["COMODO Antivirus (20200630)","Kaspersky Internet Security (20200630)","Trend Micro Internet Security (20200630)"]}],"additionalFiles":[],"sources":[{"howFound":"Google.Search","reference":"https://www.pc-booster.net","landingPage":"https://www.pc-booster.net","directDownloadingLink":"https://www.pc-booster.net/PCBoosterFreeAntiSpyware.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pc-booster.net/PCBoosterFreeAntiSpyware.exe","sourceIndex":"2412"}],"sampleFiles":["200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Samples/PCBoosterFreeAntiSpyware.exe","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Samples/PCBoosterFreeAntiSpyware_setup.exe"],"imageFiles":["200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-109/PCBoosterFreeAntiSpyware_Install [2].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-109/PCBoosterFreeAntiSpyware_DownloadedFile [1].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-048/PCBoosterFreeAntiSpyware_Install [2].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-048/PCBoosterFreeAntiSpyware_DownloadedFile [1].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-048/PCBoosterFreeAntiSpyware_RunningRKVerifyFile[1]_.png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-075/PCBoosterFreeAntiSpyware_Install [3].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-059/PCBoosterFreeAntiSpyware_Install [3].png"],"nonDeceptorImageFiles":["200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-065/PCBoosterFreeAntiSpyware_Install [1].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-002/PCBoosterFreeAntiSpyware_Install [1]_.png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-065/PCBoosterFreeAntiSpyware_Interaction [1].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-065/PCBoosterFreeAntiSpyware_About [1].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-099/PCBoosterFreeAntiSpyware_About [1].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-099/PCBoosterFreeAntiSpyware_Interaction [5].png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-002/PCBoosterFreeAntiSpyware_About [1]_.png","200617/PCBoosterFreeAntiSpyware-200617/7.8.2/Images/ACR-099/PCBoosterFreeAntiSpyware_LandingPage [1].png"],"guid":"e61836ea-9d2b-430c-8f59-968447b3cc6c_7.8.2_1","appID":"PCBoosterFreeAntiSpyware-200617","dateAdded":"200617","deceptorType":"Bundler","name":"PCBooster Free AntiSpyware","company":"PCBooster, Inc.","version":"7.8.2","sigName":"Deceptor:Win32/PCBoosterFreeAntiSpyware!109048075059","lastKnownStatus":"7.8.2","lastKnownDate":"200617","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Server,Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-06-18T05:25:25.0709612+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1908},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action.\n\nUnrelated apps are installed without obtaining the consumer's permission through explicit user action.\n","ACR-043":"Third party components from AVIRA and OpenVPN are installed without being disclosed to the user in the EULA (during install) and offer/landing page.\n","ACR-107":"The application uses the open source software 'OpenVPN' without following its open source licenses (no copy of the OpenVPN EULA in the distribution)\n"},"nonDeceptorViolations":{"ACR-065":"The application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n"},"samples":[{"isRevoked":"False","fileName":"orangedefender_setup.exe","isInstaller":"True","companyName":"Innovative Solutions                                        ","fileVersion":"0.0","hashMD5":"c5fd38cd599f053ee5fbfaaef6c82b4a","hashSHA1":"74c6ff1a7b4acd0eb5bf27a801e7fdf4b75a0728","hashSHA256":"cfe035950a13999a791b0685b4c05e58540527312cd4d097eb0d1a5ea7cb137d","digitalCertThumbprint":"EA141696CEA1AA8A417F1DF7EBCF92C0B46EA5A3","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Innovative Solutions Grup SRL, O=Innovative Solutions Grup SRL, L=Bucuresti, S=Bucuresti, C=RO","sourceIndex":"1457","avBlockList":["Avast Premium Security (20200428)","AVG Internet Security (20200428)","Bitdefender Internet Security (20200428)","Dr.Web Security Space (20200428)","ESET Internet Security (20200428)","G DATA INTERNET SECURITY (20200428)","K7 Total Security (20200428)","Kaspersky Internet Security (20200428)","Malwarebytes Premium (20200428)","McAfee Total Protection (20200428)","Norton Security (20200428)","Panda Dome (20200428)","Quick Heal Internet Security (20200428)","Sophos Home Premium (20200428)","SpyHunter5 (20200428)","Tencent PC Manager (20200428)","VIPRE Advanced Security (20200428)","VirIT eXplorer PRO (20200428)","Webroot SecureAnywhere (20200428)","Windows Defender (20200428)"],"avAllowList":["360 Total Security (20200428)","Avira Internet Security (20200428)","COMODO Antivirus (20200428)","Trend Micro Internet Security (20200428)","Total AV Antivirus Pro (20200428)"]},{"isRevoked":"False","fileName":"orangedefender.exe","companyName":"Innovative Solutions","fileVersion":"3.37","hashMD5":"ecddfdc65aec28c791e6ad52820b44e4","hashSHA1":"6d9a30678feff25a7c01a4d44b0f407b22824adc","hashSHA256":"f7c8fc3b9d12688e765e8a19f10caa73d37d337a3f9171ef5f02472a5199ad2c","digitalCertThumbprint":"EA141696CEA1AA8A417F1DF7EBCF92C0B46EA5A3","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Innovative Solutions Grup SRL, O=Innovative Solutions Grup SRL, L=Bucuresti, S=Bucuresti, C=RO","sourceIndex":"1457","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search Optimizer","reference":"https://www.innovative-sol.com/","landingPage":"https://www.orange-defender.com","directDownloadingLink":"http://www.orange-defender.com/soft/orange-defender/orangedefender_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.orange-defender.com/soft/orange-defender/orangedefender_setup.exe","sourceIndex":"1457"}],"sampleFiles":["200615/OrangeDefender-180123/3.37.0.205/Samples/orangedefender_setup.exe","200615/OrangeDefender-180123/3.37.0.205/Samples/orangedefender.exe"],"imageFiles":["200615/OrangeDefender-180123/3.37.0.205/Images/ACR-043/Avira_FileProperty [1].png","200615/OrangeDefender-180123/3.37.0.205/Images/ACR-043/Avira_FileProperty [3].png","200615/OrangeDefender-180123/3.37.0.205/Images/ACR-043/OpenVPN_FileProperty [1].png","200615/OrangeDefender-180123/3.37.0.205/Images/ACR-107/OpenVPN_FileProperty [1].png","200615/OrangeDefender-180123/3.37.0.205/Images/ACR-042/Avira_FileProperty [1].png","200615/OrangeDefender-180123/3.37.0.205/Images/ACR-042/OpenVPN_FileProperty [1].png"],"nonDeceptorImageFiles":["200615/OrangeDefender-180123/3.37.0.205/Images/ACR-065/LandingPage [2].png","200615/OrangeDefender-180123/3.37.0.205/Images/ACR-065/LandingPage [3].png"],"guid":"9e0ce2e4-f3f7-4d31-a218-f6cb46ebe47f_3.37.0.205_1","appID":"OrangeDefender-180123","dateAdded":"200615","deceptorType":"App","name":"Orange Defender Antivirus","company":"Innovative Solutions Group SRL","version":"3.37.0.205","firstVendorContactDate":"200605","firstAppEsteemReplyDate":"200612","firstResolvedDate":"200615","firstResolvedVersion":"3.43.0.217 ","resolved":"TRUE","lastKnownStatus":"Deceptor:3.25.0.182;3.31.0.195;3.37.0.205","lastKnownDate":"200615","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2022-08-23T06:10:37.1194334+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1909},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action.\n","ACR-043":"Third party components from AVIRA and OpenVPN are installed without being disclosed to the user in the EULA and offer/landing page. \n","ACR-107":"The application uses the open source software 'OpenVPN' without following its open source licenses (no copy of the OpenVPN EULA in the distribution)\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"181217Installer.exe","isInstaller":"True","companyName":"Innovative Solutions                                        ","productName":"Orange Defender Antivirus","productVersion":"3.31.0.195","fileVersion":"","hashMD5":"0a2d3b509eac91656db101803ef6552c","hashSHA1":"fa89c5a1c510a36f7ed976159fe4a7610aea29cf","hashSHA256":"cbbb40e09d6e4bc18d18306a9d94915965f3724f3c1cfd045fda52230054433b","digitalCertThumbprint":"EA141696CEA1AA8A417F1DF7EBCF92C0B46EA5A3","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Innovative Solutions Grup SRL, O=Innovative Solutions Grup SRL, L=Bucuresti, S=Bucuresti, C=RO","sourceIndex":"2413","avBlockList":["Bitdefender Internet Security (20200428)","ESET Internet Security (20200428)","G DATA INTERNET SECURITY (20200428)","K7 Total Security (20200428)","Malwarebytes Premium (20200428)","McAfee Total Protection (20200428)","Panda Dome (20200428)","Sophos Home Premium (20200428)","VirIT eXplorer PRO (20200428)","Webroot SecureAnywhere (20200428)","Windows Defender (20200428)","AVG Internet Security (20200428)","Kaspersky Internet Security (20200428)","Avast Premium Security (20200428)","COMODO Antivirus (20200428)","Dr.Web Security Space (20200428)","Norton Security (20200428)","Quick Heal Internet Security (20200428)","SpyHunter5 (20200428)","Tencent PC Manager (20200428)","VIPRE Advanced Security (20200428)"],"avAllowList":["Avira Internet Security (20200428)","Trend Micro Internet Security (20200428)","Avast Internet Security (20190211)","360 Total Security (20200428)","Total AV Antivirus Pro (20200428)"]},{"isRevoked":"False","fileName":"181217MainApp .exe","companyName":"Innovative Solutions","productName":"Orange Defender Antivirus","productVersion":"3.31","fileVersion":"3.31.0.195","hashMD5":"99a1732be183cd190b30f75b161065c8","hashSHA1":"dc4514108fcdc8dbb215a605246d3f159f5344ad","hashSHA256":"2c0b80cc1646ca7d8ad0be79ef128e5747e3570e37151e19aba5ec89cb81ce32","digitalCertThumbprint":"EA141696CEA1AA8A417F1DF7EBCF92C0B46EA5A3","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Innovative Solutions Grup SRL, O=Innovative Solutions Grup SRL, L=Bucuresti, S=Bucuresti, C=RO","sourceIndex":"2413","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"http://www.orange-defender.com/","directDownloadingLink":"http://www.orange-defender.com/soft/orange-defender/orangedefender_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.orange-defender.com/soft/orange-defender/orangedefender_setup.exe","sourceIndex":"2413"}],"sampleFiles":["200615/OrangeDefender-180123/3.31.0.195/Samples/181217Installer.exe","200615/OrangeDefender-180123/3.31.0.195/Samples/181217MainApp .exe"],"imageFiles":["200615/OrangeDefender-180123/3.31.0.195/Images/ACR-043/ACR_043_INSTALL.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-043/ACR_107_SOFTWARE.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-107/ACR_107_SOFTWARE.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-042/ACR_043_INSTALL.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-042/ACR_107_SOFTWARE.PNG"],"nonDeceptorImageFiles":["200615/OrangeDefender-180123/3.31.0.195/Images/ACR-065/Orange About Page.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-065/Orange Internal Offers Page.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-099/Orange About Page.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-099/Orange Bottom Landing Page.PNG","200615/OrangeDefender-180123/3.31.0.195/Images/ACR-099/Orange Internal Offers Page.PNG"],"guid":"9e0ce2e4-f3f7-4d31-a218-f6cb46ebe47f_3.31.0.195_1","appID":"OrangeDefender-180123","dateAdded":"200615","deceptorType":"App","name":"Orange Defender Antivirus","company":"Innovative Solutions Group SRL","version":"3.31.0.195","sigName":"Deceptor:Win32/OrangeDefenderAntivirus!042043107","firstVendorContactDate":"200605","firstAppEsteemReplyDate":"200612","firstResolvedDate":"200615","firstResolvedVersion":"3.43.0.217 ","resolved":"TRUE","lastKnownStatus":"Deceptor:3.25.0.182;3.31.0.195;3.37.0.205","lastKnownDate":"200615","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-06-15T17:11:21.3645951+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1910},{"violations":{"ACR-043":"Third party components from AVIRA and OpenVPN are installed without being disclosed to the user in the EULA and offer/landing page. \n","ACR-107":"The application uses the open source software 'OpenVPN' without following its open source licenses (no copy of the OpenVPN EULA in the distribution)\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n","ACR-107":"The application uses the open source software 'OpenVPN' without following its open source licenses (no copy of the OpenVPN EULA in the distribution)\n"},"samples":[{"isRevoked":"False","fileName":"orangedefender_setup.exe","isInstaller":"True","companyName":"Innovative Solutions","productName":"Orange Defender Antivirus","productVersion":"3.25.0.182","hashMD5":"c18a40f63772fdf81d16058eca488be9","hashSHA1":"0fea315b48cd6d875c945643bfa8fdb6c21e1663","hashSHA256":"2236df3e67e905014a7096a3fd1389b14adc4dc0fbcaea22d920c0447616324d","digitalCertThumbprint":"B22EAC044566F5B3DC42412639D863C0D8BC5799","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Innovative Solutions Grup SRL","sourceIndex":"3810","avBlockList":["Bitdefender Internet Security (20200409)","ESET Internet Security (20200409)","G DATA INTERNET SECURITY (20200409)","K7 Total Security (20200409)","Kaspersky Internet Security (20200409)","Malwarebytes Premium (20200409)","Panda Dome (20200409)","Sophos Home Premium (20200409)","Trend Micro Internet Security (20200409)","VirIT eXplorer PRO (20200409)","Webroot SecureAnywhere (20200409)","Windows Defender (20200409)","AVG Internet Security (20200409)","360 Total Security (20200409)","Avast Premium Security (20200409)","Dr.Web Security Space (20200409)","Norton Security (20200409)","Quick Heal Internet Security (20200409)","SpyHunter5 (20200409)","Tencent PC Manager (20200409)","VIPRE Advanced Security (20200409)"],"avAllowList":["Avira Internet Security (20200409)","McAfee Total Protection (20200409)","Avast Internet Security (20190211)","COMODO Antivirus (20200409)","Total AV Antivirus Pro (20200409)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Innovative Solutions\\Orange Defender Antivirus\\orangedefender.exe","companyName":"Innovative Solutions","productName":"Orange Defender Antivirus","productVersion":"3.25","fileVersion":"3.25.0.182","hashMD5":"4c6b7d23e74f792b80843d8daf7c9003","hashSHA1":"92af63a722931f8508e7b937b5656d2a03e8865e","hashSHA256":"b12ad00070fb8caf90b47278753c9a7031419e6eed991cc527de9a70fb8c09fd","digitalCertThumbprint":"B22EAC044566F5B3DC42412639D863C0D8BC5799","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Innovative Solutions Grup SRL","sourceIndex":"3810","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"http://www.orange-defender.com/","directDownloadingLink":"http://www.orange-defender.com/soft/orange-defender/orangedefender_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3810"}],"sampleFiles":["180126/OrangeDefender-180123/3.25.0.182/Samples/orangedefender_setup.exe"],"imageFiles":["180126/OrangeDefender-180123/3.25.0.182/Images/ACR-043/ACR_043_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-043/ACR_107_SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-046/ACR_046_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-047/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-047/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-047/ACR_047_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-107/ACR_107_SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-048/ACR_048_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-048/ACR_048_SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-084/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-086/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-089/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-103/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-116/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-117/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-057/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-057/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-071/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-071/INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180126/OrangeDefender-180123/3.25.0.182/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-065/ACR_065_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-046/ACR_046_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-047/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-047/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-047/ACR_047_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-107/ACR_107_SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-003/ACR_003_UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-005/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-007/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-009/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-010/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/INSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/SOFTWARE.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-017/UNINSTALL.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-057/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-057/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-071/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180126/OrangeDefender-180123/3.25.0.182/Images/ACR-071/INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"9e0ce2e4-f3f7-4d31-a218-f6cb46ebe47f_3.25.0.182_1","appID":"OrangeDefender-180123","dateAdded":"200615","deceptorType":"App","name":"Orange Defender Antivirus","company":"Innovative Solutions Group SRL","version":"3.25.0.182","sigName":"Deceptor:Win32/OrangeDefender!043107","firstVendorContactDate":"200605","firstAppEsteemReplyDate":"200612","firstResolvedDate":"200615","firstResolvedVersion":"3.43.0.217 ","resolved":"TRUE","lastKnownStatus":"Deceptor:3.25.0.182;3.31.0.195;3.37.0.205","lastKnownDate":"200615","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-06-15T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":3,"sortOrder":1911},{"violations":{"ACR-003":"The application exaggerates the system health status as \"DANGER\" and shows the cleaning urgency as high, thereby misleading or scaring user to take action.\n","ACR-007":"The app lowers the user's system security by using an unsecured page to collect the user's sensitive information.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the system's task scheduler which cannot be disabled from the software's interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application's internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no valid links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"EVOBULLS, INC\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"There is no mention of a 30-days refund policy provided for the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"SystemCareProSetup.exe","isInstaller":"True","companyName":"System Care Pro","productName":"System Care Pro","productVersion":"3.0.3","fileVersion":"3.0.3","hashMD5":"74ee096caf8a95c7ab2b4f597cbbec7c","hashSHA1":"67b58a2753301b2727b7907fadd7ef2eaca24f67","hashSHA256":"ea3bbd061b5825d35b745eb8d09bbbce6edfb5f3e1dc31553e0ceb3e36077fe6","digitalCertThumbprint":"7D3CACFE6EE9148B226E58096462F9867483BD28","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"EVOBULLS, INC\", O=\"EVOBULLS, INC\", STREET=141 Stevens Ave Ste 5, L=Oldsmar, S=FL, PostalCode=34677, C=US","sourceIndex":"375","avBlockList":["360 Total Security (20200623)","Avast Premium Security (20200623)","AVG Internet Security (20200623)","Avira Internet Security (20200623)","Bitdefender Internet Security (20200623)","COMODO Antivirus (20200623)","Dr.Web Security Space (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","K7 Total Security (20200623)","Kaspersky Internet Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Quick Heal Internet Security (20200623)","Sophos Home Premium (20200623)","SpyHunter5 (20200623)","Tencent PC Manager (20200623)","Total AV Antivirus Pro (20200623)","Trend Micro Internet Security (20200623)","VIPRE Advanced Security (20200623)","VirIT eXplorer PRO (20200623)","Webroot SecureAnywhere (20200623)","Windows Defender (20200623)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemCarePro.exe","companyName":"System Care Pro","productName":"System Care Pro","productVersion":"3.0.3.0","fileVersion":"3.0.3.0","hashMD5":"c4e68cf41a432fd1fdf9c69c451afb8a","hashSHA1":"9123b9047282b007cd083b41b19adb2b3bb80b63","hashSHA256":"90787932cc399c42b2dbfb884e532362c502bff36cdbb928a9c473fdefcf1393","digitalCertThumbprint":"7D3CACFE6EE9148B226E58096462F9867483BD28","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"EVOBULLS, INC\", O=\"EVOBULLS, INC\", STREET=141 Stevens Ave Ste 5, L=Oldsmar, S=FL, PostalCode=34677, C=US","sourceIndex":"375","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.systemcarepro.net/","directDownloadingLink":"http://www.systemcarepro.net/download/SystemCareProSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.systemcarepro.net/download/SystemCareProSetup.exe","sourceIndex":"375"}],"sampleFiles":["200611/SystemCarePro-180314/3.0.3/Samples/SystemCareProSetup.exe","200611/SystemCarePro-180314/3.0.3/Samples/SystemCarePro.exe"],"imageFiles":["200611/SystemCarePro-180314/3.0.3/Images/ACR-003/ACR-003_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-003/ACR-003_software1.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-003/ACR-003_software2.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-084/ACR-084_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-168/ACR-168_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-168/ACR-168_internaloffer.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-007/ACR-007_internaloffer.JPG"],"nonDeceptorImageFiles":["200611/SystemCarePro-180314/3.0.3/Images/ACR-065/ACR-065_install.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-065/ACR-065_install1.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-065/ACR-065_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-065/ACR-065_landingpage.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-065/ACR-065_internaloffer.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-161/ACR-161_landingpage.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-163/ACR-163_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-163/ACR-163_uninstall.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-088/ACR-088_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-092/ACR-092_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-160/ACR-160_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-099/ACR-099_software.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-099/ACR-099_internaloffer.JPG","200611/SystemCarePro-180314/3.0.3/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"a1043e1b-836a-4bcf-bfcc-6d4322b385dc_3.0.3_1","appID":"SystemCarePro-180314","dateAdded":"200611","deceptorType":"App","name":"SystemCarePro","company":"System Care Pro","version":"3.0.3","sigName":"Deceptor:Win32/EvoBullsSystemCarePro","lastKnownStatus":"Deceptor:3.0.3;3.0.6","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2024-11-07T23:45:47.2018955+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1912},{"violations":{"ACR-003":"The app shows gauges indicating the registry items, have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"125 Records Found\" , and exaggerates the system health status as \"DANGER\" and shows the cleaning urgency as high, thereby misleading or scaring user to take action.\n","ACR-004":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. The App perform a free scan and requiring customer to purchase the app to fix the issues found.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules control option within the software, however the app has created multiple tasks in the system's task scheduler which cannot be disabled from the software's interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user. \nThe application's internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"EVOBULLS, INC\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled. \nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy or Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"There is no mention of a 30-days refund policy provided for the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"SystemCareProSetup.exe","isInstaller":"True","companyName":"System Care Pro","fileVersion":"3.0","hashMD5":"0bb0d77721c4e052f7ef5255066ec291","hashSHA1":"9281509fcb85904215aa65127e57401d84509117","hashSHA256":"a103d2cfe11b5d4c900a673a7173a44d81615bc2f80202d03634bba08adfff92","digitalCertThumbprint":"28CA18B636B2881A59F1CAB58D55BA2051B629A8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Evobulls Inc, O=Evobulls Inc, STREET=141 Stevens Ave STE 5E, L=Oldsmar, S=FL, PostalCode=34677, C=US","sourceIndex":"376","avBlockList":["360 Total Security (20200623)","Avast Premium Security (20200623)","AVG Internet Security (20200623)","Avira Internet Security (20200623)","Bitdefender Internet Security (20200623)","Dr.Web Security Space (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","K7 Total Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Quick Heal Internet Security (20200623)","Sophos Home Premium (20200623)","SpyHunter5 (20200623)","Tencent PC Manager (20200623)","Total AV Antivirus Pro (20200623)","VIPRE Advanced Security (20200623)","VirIT eXplorer PRO (20200623)","Webroot SecureAnywhere (20200623)","Windows Defender (20200623)"],"avAllowList":["COMODO Antivirus (20200623)","Kaspersky Internet Security (20200623)","Trend Micro Internet Security (20200623)"]},{"isRevoked":"False","fileName":"Splash.exe","fileVersion":"3.0","hashMD5":"52d192059c8832d138a9d91bb66f1616","hashSHA1":"b0999bf315d39d7c42e1fae8b08ff834b3514843","hashSHA256":"424a3e6725d35ec38349f193c3975bf7ef327444552f031845b15ef9d28abff5","digitalCertThumbprint":"28CA18B636B2881A59F1CAB58D55BA2051B629A8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Evobulls Inc, O=Evobulls Inc, STREET=141 Stevens Ave STE 5E, L=Oldsmar, S=FL, PostalCode=34677, C=US","sourceIndex":"376","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemCarePro.exe","companyName":"System Care Pro","fileVersion":"3.0","hashMD5":"ef4c2f8345ec6fc7ac90bdf42e56b273","hashSHA1":"ada83730b481a40dd104e5eb4661f360c5f36410","hashSHA256":"8751a0499a8d8e7ddf6a117eb89e31fc640576afa0fd3ffa43f83391a0224465","digitalCertThumbprint":"28CA18B636B2881A59F1CAB58D55BA2051B629A8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Evobulls Inc, O=Evobulls Inc, STREET=141 Stevens Ave STE 5E, L=Oldsmar, S=FL, PostalCode=34677, C=US","sourceIndex":"376","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://systemcarepro.net/","landingPage":"http://www.systemcarepro.net/","directDownloadingLink":"https://www.systemcarepro.net/exe/systemcareprosetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.systemcarepro.net/exe/systemcareprosetup.exe","sourceIndex":"376"}],"sampleFiles":["200611/SystemCarePro-180314/3.0.6/Samples/systemcareprosetup.exe","200611/SystemCarePro-180314/3.0.6/Samples/Splash.exe","200611/SystemCarePro-180314/3.0.6/Samples/SystemCarePro.exe"],"imageFiles":["200611/SystemCarePro-180314/3.0.6/Images/ACR-003/System Care Pro_ScanResults [5].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-003/System Care Pro_ScanResults [6].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-003/System Care Pro_ScanResults [7].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-003/System Care Pro_ScanResults [9].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-084/System Care Pro_TaskScheduled [2].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-084/System Care Pro_Settings [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-168/System Care Pro_Interactions [2].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-168/System Care Pro_OfferPage [2].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-004/System Care Pro_ScanResults [5].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-004/System Care Pro_ScanResults [6].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-004/System Care Pro_ScanResults [7].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-004/System Care Pro_ScanResults [8].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-004/System Care Pro_ScanResults [9].png"],"nonDeceptorImageFiles":["200611/SystemCarePro-180314/3.0.6/Images/ACR-065/System Care Pro_Install [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-065/System Care Pro_EULA [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-065/System Care Pro_About [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-065/System Care Pro_LandingPage [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-065/System Care Pro_LandingPage [3].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-065/System Care Pro_OfferPage [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-065/System Care Pro_OfferPage [2].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-065/System Care Pro_OfferPage [3].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-161/System Care Pro_LandingPageTestimonials [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-163/System Care Pro_ScanResults [5].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-163/System Care Pro_Uninstall [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-088/System Care Pro_Scanning [2].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-092/System Care Pro_LandingPage [3].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-092/System Care Pro_DigitalCertificate [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-160/System Care Pro_Tools [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-099/System Care Pro_About [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-099/System Care Pro_LandingPage [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-099/System Care Pro_LandingPage [3].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-099/System Care Pro_OfferPage [1].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-099/System Care Pro_OfferPage [2].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-099/System Care Pro_OfferPage [3].png","200611/SystemCarePro-180314/3.0.6/Images/ACR-168/System Care Pro_Contact [1].png"],"guid":"a1043e1b-836a-4bcf-bfcc-6d4322b385dc_3.0.6_1","appID":"SystemCarePro-180314","dateAdded":"200611","deceptorType":"App","name":"SystemCarePro","company":"System Care Pro","version":"3.0.6","sigName":"Deceptor:Win32/SystemCarePro!003004084168","lastKnownStatus":"Deceptor:3.0.3;3.0.6","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2026-05-04T14:37:19.1347906+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1913},{"violations":{"ACR-003":"The app exaggerates urgency for Internet and Windows Junk files by using the alarming and exaggerated the system overall status with unsubstantiated severity\n","ACR-004":"App exaggerates a sense of urgency by using gauges to show free scan results. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The internal offers page does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe application does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"sm_dm.exe","isInstaller":"True","companyName":"iolo technologies, LLC","fileVersion":"4.0","hashMD5":"c6d7d65481b1679c236e240a3fe80403","hashSHA1":"2baa37f6abd060642811f6c822cfcc9e0f8d6d14","hashSHA256":"8053bd1a5c42eb7e76bc047d6cfd649b22fb5ea51fbfac5f1b4ed8714853148c","digitalCertThumbprint":"10C6FC2012A9CFB83F1D5A130DF4A517FDC854C5","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"iolo technologies, LLC\", O=\"iolo technologies, LLC\", STREET=150 S Los Robles Avenue Suite 500, L=Pasadena, S=California, PostalCode=91101, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=199934310017","sourceIndex":"2414","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemMechanicSTDInstaller.exe","isInstaller":"True","companyName":"iolo Technologies","fileVersion":"20.3","hashMD5":"556bd05d3c428e585f8959e1eef5ca06","hashSHA1":"19589214a12b7bbc9597f410d7100b6a5b542a7a","hashSHA256":"653f1776b73f3df50969850cd3321da2ea3e6c43e040fa2e3f72fd1362d7d6c6","digitalCertThumbprint":"A28818EDC2E7875F57CB3427CB47DD6F9B3EF039","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"iolo technologies, LLC\", O=\"iolo technologies, LLC\", STREET=150 S Los Robles Ave, L=Pasadena, S=California, PostalCode=91101, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=199934310017","sourceIndex":"2414","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemMechanic.exe","companyName":"iolo technologies, LLC","fileVersion":"20.3","hashMD5":"37c2391a3d5885325ee14024824b0bf4","hashSHA1":"76ea0866310f72c19149bc5be9a129e740a1de9d","hashSHA256":"46f68684f2e44ee88a3ec86f1eafa4586b96a7b2cbf75ec9358ebdb746d43978","digitalCertThumbprint":"A28818EDC2E7875F57CB3427CB47DD6F9B3EF039","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"iolo technologies, LLC\", O=\"iolo technologies, LLC\", STREET=150 S Los Robles Ave, L=Pasadena, S=California, PostalCode=91101, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=199934310017","sourceIndex":"2414","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"www.iolo.com","landingPage":"www.iolo.com","directDownloadingLink":"http://download.iolo.net/dm/partners/iolo/en/sm_dm.exe","ipv4":"","ipv6":"","landingPageWildChar":"http://download.iolo.net/dm/partners/iolo/en/sm_dm.exe","directDownloadingLinkWildChar":"http://download.iolo.net/dm/partners/iolo/en/sm_dm.exe","sourceIndex":"2414"}],"sampleFiles":["200609/D-K7-SystemMechanic-171023/20.3.0.3/Samples/sm_dm.exe","200609/D-K7-SystemMechanic-171023/20.3.0.3/Samples/SystemMechanicSTDInstaller.exe","200609/D-K7-SystemMechanic-171023/20.3.0.3/Samples/SystemMechanic.exe"],"imageFiles":["200609/D-K7-SystemMechanic-171023/20.3.0.3/Images/ACR-003/System Mechanic_Scanning [2].png","200609/D-K7-SystemMechanic-171023/20.3.0.3/Images/ACR-003/System Mechanic_Scanning [3].png","200609/D-K7-SystemMechanic-171023/20.3.0.3/Images/ACR-004/System Mechanic_Scanning [2].png","200609/D-K7-SystemMechanic-171023/20.3.0.3/Images/ACR-004/System Mechanic_Scanning [3].png"],"nonDeceptorImageFiles":["200609/D-K7-SystemMechanic-171023/20.3.0.3/Images/ACR-099/System Mechanic_OfferPage[2].png","200609/D-K7-SystemMechanic-171023/20.3.0.3/Images/ACR-099/System Mechanic_LandingPage[1].png","200609/D-K7-SystemMechanic-171023/20.3.0.3/Images/ACR-065/System Mechanic_Scanning [2].png","200609/D-K7-SystemMechanic-171023/20.3.0.3/Images/ACR-099/System Mechanic_About [1].png"],"guid":"8d850675-0e42-45c6-b1d4-c8c8ba272a78_20.3.0.3_1","appID":"D-K7-SystemMechanic-171023","dateAdded":"200609","deceptorType":"App","name":"System Mechanic","company":"iolo technologies LLC","version":"20.3.0.3","sigName":"Deceptor:Win32/SystemMechanic!003004","firstVendorContactDate":"200610","firstAppEsteemReplyDate":"200612","firstResolvedDate":"200611","lastKnownStatus":"Deceptor:15.5.0.61;20.3.0.3","lastKnownDate":"200609","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid,up-sell to paid","lastUpdate":"2020-06-13T04:27:51.7612537+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1914},{"violations":{"ACR-016":"The displayed Ad leads to download the promoted application directly. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://www.system-tips.net/subsectivexer-club-push-notifications-how-to-delete/","ipv4":"","ipv6":"","sourceIndex":"2416"}],"sampleFiles":[],"imageFiles":["200607/SystemTips-200604/200604/Images/ACR-016/SystemTips 016.png"],"nonDeceptorImageFiles":[],"guid":"0fb54233-5230-4809-bf0e-2284de4f70d5_200604_1","appID":"SystemTips-200604","dateAdded":"200607","deceptorType":"Affiliate","name":"System Tips","company":"SystemTips","version":"200604","sigName":"Deceptor:Affiliate/SystemTipsDotNet!016","firstVendorContactDate":"200608","firstAppEsteemReplyDate":"200608","firstResolvedDate":"200611","resolved":"TRUE","lastKnownStatus":"200607","lastKnownDate":"200607","type":"Affiliate","category":"Personalization & Search, SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2020-06-12T00:32:15.3561337+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1915},{"violations":{"ACR-003":"The app uses the color red to raise an exaggerated sense of urgency for registry issues and other minor issues.\n","ACR-004":"The app does not fix free scan results for free. The app uses the color red to raise an exaggerated sense of urgency for registry issues and other minor issues.\n","ACR-014":"The app uses the color red to raise an exaggerated sense of urgency for registry issues and other minor issues.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA.\n","ACR-088":"The app starts a system scan without user consent.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"pc_optimizer.exe","isInstaller":"True","companyName":"Lavasoft Limited                                            ","fileVersion":"3.2","hashMD5":"f29cb366dc3af09d5a45ac248b1e9cb4","hashSHA1":"fc863b6090d2dd658067356550b3eb5953c0736e","hashSHA256":"e3ba7a518863ba1a1ea09b99a29a410c759b53c25c3b46ae20939f705ab697f3","digitalCertThumbprint":"81F5202DCB2C2530569920CD5BA091DC20A3CCE7","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Lavasoft Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lavasoft Limited, L=sliema, S=Malta, C=MT","sourceIndex":"2419","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCOptimizer.exe","companyName":"Lavasoft Limited","fileVersion":"3.2","hashMD5":"e40cb2e0dee182596765f37cf7fee143","hashSHA1":"71fc1875594b32a9b2a7b0917374b8368f415b8b","hashSHA256":"8b4a4d3a82f04ccd617c6f0b681b87eb1a36afda9eff2f7de8851b54254e9cfb","digitalCertThumbprint":"81F5202DCB2C2530569920CD5BA091DC20A3CCE7","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Lavasoft Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lavasoft Limited, L=sliema, S=Malta, C=MT","sourceIndex":"2419","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://secure.lavasoft.com/products/lavasoft-pc-optimizer.php","directDownloadingLink":"http://secure.lavasoft.com/download/trial/pc_optimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://secure.lavasoft.com/download/trial/pc_optimizer.exe","sourceIndex":"2419"}],"sampleFiles":["200602/LavasoftPCOptimizer-200601/3.2/Samples/pc_optimizer.exe","200602/LavasoftPCOptimizer-200601/3.2/Samples/PCOptimizer.exe"],"imageFiles":["200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-003/LavasoftPCOptimizer Red 2.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-003/LavasoftPCOptimizer red 3.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-003/LavasoftPCOptimizer Red.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-014/LavasoftPCOptimizer Red 2.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-014/LavasoftPCOptimizer red 3.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-014/LavasoftPCOptimizer Red.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-004/LavasoftPCOptimizer Red 2.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-004/LavasoftPCOptimizer red 3.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-004/LavasoftPCOptimizer Red.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-004/LavasoftPCOptimizer 004.gif"],"nonDeceptorImageFiles":["200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-065/LavasoftPCOptimizer Install EULA.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-065/LavasoftPCOptimizer About.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-065/LavasoftPCOptimizer Internal Offers.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-088/LavasoftPCOptimizer 088.gif","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-099/LavasoftPCOptimizer About.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-099/LavasoftPCOptimizer Landing Page.png","200602/LavasoftPCOptimizer-200601/3.2/Images/ACR-099/LavasoftPCOptimizer Internal Offers.png"],"guid":"1314613d-3b8b-4653-bc2f-451e391ab1d1_3.2_1","appID":"LavasoftPCOptimizer-200601","dateAdded":"200602","deceptorType":"App","name":"Lavasoft PC Optimizer","company":"Lavasoft","version":"3.2","sigName":"Deceptor:Win32/LavasoftPCOptimizer!003004014","lastKnownStatus":"3.2","lastKnownDate":"200602","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2020-06-03T23:24:08.8811925+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1916},{"violations":{"ACR-107":"Website is not an authorized affiliate by application being offered\n","ACR-014":"Website is not an authorized affiliate by application being offered. Website provides untruthful information about application being offered. \n\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Affiliate monitor","reference":"","landingPage":"https://www.pccleaner.buzz/","ipv4":"","ipv6":"","sourceIndex":"2422"}],"sampleFiles":[],"imageFiles":["200531/PCCleanerBuzz-200531/200531/Images/ACR-014/PCCleanerBuzz_014.JPG"],"nonDeceptorImageFiles":[],"guid":"05e720d1-3e44-4594-ac79-441d35a66f14_200531_1","appID":"PCCleanerBuzz-200531","dateAdded":"200531","deceptorType":"Affiliate","name":"PCCleanerBuzz","company":"PCCleaner.Buzz","version":"200531","sigName":"Deceptor:Affiliate/PCCleanerBuzz!014107","lastKnownStatus":"200531","lastKnownDate":"200531","type":"Affiliate","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"Edge,Chrome,Firefox,IE,Opera","lastUpdate":"2020-06-01T03:40:28.3179139+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1917},{"violations":{"ACR-004":"App display non substantiated number for issues even before starting scan. The items under each category are not substantiated. \n","ACR-084":"The app does not provide a way to disable the auto-launch of the app. Even though consumer can un-check the “Run at Windows startup” in the App Setting, the app process will still run once system restart.\nThe app runs silently in the background after user close the app, hiding the fact that it is active from the consumer.\n\n","ACR-168":"App claims that there is no additional offers applicable on call, however it does sell additional offers via same call center support\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA (displays error page) , the Returns and Cancellation Policy or the Privacy Policy (displays error page) . \n","ACR-002":"The App's name is not consistent across the Landing Page. The page shows product such as Anti Virus and Realtime Optimizer. But the 2 products only download same file as “setup.exe”.\n","ACR-092":"The app does not have a digital signature for all the executables.\n","ACR-099":"The app's about page does not display links to uninstall information (Error Page). \nThe landing page does not display links to uninstall information\nThe internal offers page does not display links to uninstall information.\n","ACR-010":"Prompting message alerting user flash player needs to update,  after user click ok, it downloads not suspicious application. \n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"PC Gold","fileVersion":"3.8","hashMD5":"dfd60b3546f9333f24e51b0848a0c1c8","hashSHA1":"7eb005e50a1d18b4d5b119ca464d83a42ca7e9fd","hashSHA256":"6dc213de2125b23d3fa31615c71826055a8e9ee73c39b7000374e1305b6b6b6d","sourceIndex":"2107","avBlockList":["360 Total Security (20200616)","Avast Premium Security (20200616)","AVG Internet Security (20200616)","Avira Internet Security (20200616)","Bitdefender Internet Security (20200616)","COMODO Antivirus (20200616)","ESET Internet Security (20200616)","G DATA INTERNET SECURITY (20200616)","K7 Total Security (20200616)","Malwarebytes Premium (20200616)","McAfee Total Protection (20200616)","Norton Security (20200616)","Panda Dome (20200616)","Quick Heal Internet Security (20200616)","Sophos Home Premium (20200616)","SpyHunter5 (20200616)","Tencent PC Manager (20200616)","Total AV Antivirus Pro (20200616)","Trend Micro Internet Security (20200616)","VIPRE Advanced Security (20200616)","VirIT eXplorer PRO (20200616)","Webroot SecureAnywhere (20200616)","Windows Defender (20200616)"],"avAllowList":["Dr.Web Security Space (20200616)","Kaspersky Internet Security (20200616)"]},{"isRevoked":"False","fileName":"PC Gold.msi","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4adb6f5d51790066d040f4be604035b5f6e73d0e0dbd393c63111a0b96d70555","sourceIndex":"2107","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC  Gold.exe","fileVersion":"3.8","hashMD5":"cc02405f12d14916ce18a2c4f246e0fb","hashSHA1":"89fefac094da253e163371b367d64358f5a8ac47","hashSHA256":"83aaa423054a8f2a83b371892889d18ebca4ee2054c5f86e7ac22b9090e75e2e","sourceIndex":"2107","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC Gold.exe","fileVersion":"3.8","hashMD5":"efa0be69662cf17c63bccb078fa5d5f0","hashSHA1":"041cef526d3173387f6dcda7f4f54bb5f270bd82","hashSHA256":"d888757ad5d0bdcee69af79400f3e31e0c869e498e873142379e9278eaedddd4","sourceIndex":"2107","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCGold.exe","companyName":"PCGold","fileVersion":"3.8","hashMD5":"2842fe26f0ecd2a40bd95ae7412d8210","hashSHA1":"a671506d01e2a9aefa197fe52b65fb89ad453c08","hashSHA256":"e4963767176703d8f2eae524295ef29afaee5422aadb988df10b74d5bb2792f9","sourceIndex":"2107","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://thealliancetech.com/","landingPage":"https://thealliancetech.com/","directDownloadingLink":"https://thealliancetech.com/wp-content/uploads/2020/05/setup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://thealliancetech.com/wp-content/uploads/2020/05/setup.exe","sourceIndex":"2107"}],"sampleFiles":["200528/PCGold-200521/3.8.5.4/Samples/setup.exe","200528/PCGold-200521/3.8.5.4/Samples/PC Gold.msi","200528/PCGold-200521/3.8.5.4/Samples/PC  Gold.exe","200528/PCGold-200521/3.8.5.4/Samples/PC Gold.exe","200528/PCGold-200521/3.8.5.4/Samples/PCGold.exe"],"imageFiles":["200528/PCGold-200521/3.8.5.4/Images/ACR-004/AferScan.JPG","200528/PCGold-200521/3.8.5.4/Images/ACR-004/BeforeScan.JPG","200528/PCGold-200521/3.8.5.4/Images/ACR-084/PCGold_Optimizer_Setting[2].png","200528/PCGold-200521/3.8.5.4/Images/ACR-084/PCGold Optimizer_RegistryEntry [1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-084/PCGold Optimizer_RegistryEntry [2].png","200528/PCGold-200521/3.8.5.4/Images/ACR-084/PCGold Optimizer_RunningProcess [1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-084/PCGold Optimizer_RunningProcess [2].png","200528/PCGold-200521/3.8.5.4/Images/ACR-168/BeforeScan.JPG","200528/PCGold-200521/3.8.5.4/Images/ACR-168/TheOffersFromAllianceTech.JPG"],"nonDeceptorImageFiles":["200528/PCGold-200521/3.8.5.4/Images/ACR-065/PCGold_Optimizer_Install [3].png","200528/PCGold-200521/3.8.5.4/Images/ACR-065/PCGold_Optimizer_Install [7].png","200528/PCGold-200521/3.8.5.4/Images/ACR-092/PCGold Optimizer_FileProperty [1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-092/PCGold Optimizer_FileProperty [3].png","200528/PCGold-200521/3.8.5.4/Images/ACR-065/PCGold_Optimizer_Interaction [1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-065/PCGold_Optimizer_Setting[1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-065/PCGold_Optimizer_ErrorPage [1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-099/PCGold_Optimizer_Setting[1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-099/PCGold_Optimizer_ErrorPage [1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-099/PCGold_Optimizer_LandingPage [2].png","200528/PCGold-200521/3.8.5.4/Images/ACR-002/PCGold_Optimizer_Landing[1].jpg","200528/PCGold-200521/3.8.5.4/Images/ACR-010/TheAllianceTechOffers.mp4","200528/PCGold-200521/3.8.5.4/Images/ACR-010/TheAllianceTechFakeFlash.JPG","200528/PCGold-200521/3.8.5.4/Images/ACR-099/PCGold_Optimizer_OfferPage [1].png","200528/PCGold-200521/3.8.5.4/Images/ACR-099/PCGold_Optimizer_OfferPage [2].png"],"guid":"049e9f45-f3dc-40aa-9499-092433276e68_3.8.5.4_1","appID":"PCGold-200521","dateAdded":"200528","deceptorType":"App","name":"PCGold Optimizer ","company":"Alliance Tech","version":"3.8.5.4","sigName":"Deceptor:Win32/PCGoldOptimizer!004084168","firstVendorContactDate":"200923","firstAppEsteemReplyDate":"200923","firstResolvedDate":"200923","firstResolvedVersion":"","lastKnownStatus":"Deceptor:3.8.5.4","lastKnownDate":"200528","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-09-23T21:51:53.2810417+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1918},{"violations":{"ACR-109":"The app installs AVG Antivirus without giving the user the ability to decline.\n","ACR-057":"The user is not provided with an accept or decline button. They can only continue the install without being able to decline the offer.\n","ACR-055":"The app does not provide a decline or accept option for second offer, automatically accepted for the consumer without consent.\n","ACR-059":"Offers are not marked as optional.\n","ACR-155":"Offers are designed to look like part of the install workflow.\n"},"nonDeceptorViolations":{"ACR-064":"AVG Antivirus downloads without the user clearly accepting the offer.\n"},"samples":[{"isRevoked":"False","fileName":"AdvancedWinUtilitiesFree.exe","fileVersion":"0.0","hashMD5":"7e239c61889f840d9b0715e80ba482d7","hashSHA1":"1d5be1b7ee4a1448b011694367085511e9711b9b","hashSHA256":"0a57f7570fd7f7248deecec5d9ac188accb8f999a2b7da325ad09c0d08849a40","sourceIndex":"377","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdvancedWinUtilitiesFreeInstall.exe","isInstaller":"True","companyName":"Win Utilities Software, Inc.                                ","fileVersion":"0.0","hashMD5":"d9a145bc31ffb0b642d376906a3293e9","hashSHA1":"4c467de4875992dca175f82c0b391ed50cc5405f","hashSHA256":"4a7c466b7cc6816d424fac18a64a2ad1e8edbe18d976251e7dade1cd3356e69e","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"377","avBlockList":["360 Total Security (20200616)","Avast Premium Security (20200616)","AVG Internet Security (20200616)","Avira Internet Security (20200616)","Bitdefender Internet Security (20200616)","Dr.Web Security Space (20200616)","ESET Internet Security (20200616)","G DATA INTERNET SECURITY (20200616)","K7 Total Security (20200616)","Malwarebytes Premium (20200616)","McAfee Total Protection (20200616)","Norton Security (20200616)","Panda Dome (20200616)","Quick Heal Internet Security (20200616)","Sophos Home Premium (20200616)","SpyHunter5 (20200616)","Tencent PC Manager (20200616)","Total AV Antivirus Pro (20200616)","Trend Micro Internet Security (20200616)","VIPRE Advanced Security (20200616)","VirIT eXplorer PRO (20200616)","Webroot SecureAnywhere (20200616)","Windows Defender (20200616)"],"avAllowList":["COMODO Antivirus (20200616)","Kaspersky Internet Security (20200616)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://win-utilities.net/","directDownloadingLink":"http://www.win-utilities.net/AdvancedWinUtilitiesFree.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.win-utilities.net/AdvancedWinUtilitiesFree.exe","sourceIndex":"377"}],"sampleFiles":["200528/AdvancedWinUtilitiesFree-200527/8.8.1/Samples/AdvancedWinUtilitiesFree.exe","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Samples/AdvancedWinUtilitiesFreeInstall.exe"],"imageFiles":["200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-109/WinUtilities AVG.png","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-109/WinUtilities Offer 2.png","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-055/WinUtilities Offer 2.png","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-057/WinUtilities Offer 2.png","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-059/WinUtilities Offer 1.png","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-059/WinUtilities Offer 2.png","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-155/WinUtilities Offer 1.png","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-155/WinUtilities Offer 2.png"],"nonDeceptorImageFiles":["200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-064/WinUtilities AVG.png","200528/AdvancedWinUtilitiesFree-200527/8.8.1/Images/ACR-064/WinUtilities Offer 2.png"],"guid":"466cdd94-71bc-4c55-ab7b-b4f0ce77882e_8.8.1_1","appID":"AdvancedWinUtilitiesFree-200527","dateAdded":"200528","deceptorType":"App","name":"Advanced Win Utilities Free","company":"Win Utilities Software Inc.","version":"8.8.1","sigName":"Deceptor:Win32/AdvancedWinUtilities!109055057059155","lastKnownStatus":"8.8.1","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 8,Windows 10,Windows 7,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"sold in bundle","lastUpdate":"2024-11-07T23:42:22.36386+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1920},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but requires the user to pay to fix the problems. The app exaggerates urgency about system health using gauges, words like \"serious\", \"high\", \"critical\", and the color \"red\".\n","ACR-004":"The app does not provide fully functional free trial. The app requires purchase to clean items identified during the free scan. The app also exaggerates urgency using the color \"red\" and words like \"serious\" and \"high\".\n","ACR-006":"App does not disclose the monetization approach through the call center. The monetization should be clearly attributed.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install page does not contain links to the EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\nThe app's About page does not contains links to app's EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\nThe app's internal offers does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"iMacCleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"51f59cf9eaa4cf305b8356eda84d282b","hashSHA1":"217bcdb46523a474b609fd9f1ec5480ae29d3be9","hashSHA256":"87ed3d2d1eabc202ff97b46f8481ec18d50aa16161753082e05112e8677f6714","sourceIndex":"2423","avBlockList":["Avast Security for Mac (20201110)","Avira Security for Mac (20201110)","Bitdefender Antivirus for Mac (20201110)","ESET Cyber Security Pro for Mac (20201110)","K7 Antivirus for Mac (20201110)","Kaspersky Internet Security for Mac (20201110)","McAfee Internet Security for Mac (20201110)","Norton Security for Mac (20201110)","Sophos Home Premium For Mac (20201110)","Trend Micro Antivirus for Mac (20201110)"],"avAllowList":["G DATA AntiVirus for Mac (20201110)"]},{"isRevoked":"False","fileName":"iMacCleaner","fileVersion":"0.","hashMD5":"2b8b9922cec411b5340c0ce63fcaeb8d","hashSHA1":"5033864ceccc8d565b165a53a964a444b133fa68","hashSHA256":"00642228a6ea7bbb63aa46984fb7a1b125683b07ce39c785ca0556b9a212a8c5","sourceIndex":"2423","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.imaccleaner.com","directDownloadingLink":"https://www.imaccleaner.com/images/iMacCleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imaccleaner.com/images/iMacCleaner.dmg","sourceIndex":"2423"}],"sampleFiles":["200528/iMacCleaner-200528/2.0.0.3/Samples/iMacCleaner.dmg","200528/iMacCleaner-200528/2.0.0.3/Samples/iMacCleaner"],"imageFiles":["200528/iMacCleaner-200528/2.0.0.3/Images/ACR-006/Software ACR-006.png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-003/iMacCleaner ACR-003.png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-003/iMac Cleaner ACR-003 [2].png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-003/ACR-003 [3].png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-004/iMacCleaner ACR-004 .gif"],"nonDeceptorImageFiles":["200528/iMacCleaner-200528/2.0.0.3/Images/ACR-065/Install Page.png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-065/About Page.png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-006/LP ACR-006.png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-099/About Page.png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-099/Landing Page.png","200528/iMacCleaner-200528/2.0.0.3/Images/ACR-099/Internal Offers Page.png"],"guid":"f3b19d91-42b1-4fca-9d63-022ed1538cdc_2.0.0.3_1","appID":"iMacCleaner-200528","dateAdded":"200528","deceptorType":"MacOS App","name":"iMac Cleaner","company":"Diven and Nuch Co. Ltd.","version":"2.0.0.3","sigName":"Deceptor:MacOS/iMacCleaner!003004006","lastKnownStatus":"2.0.0.3","lastKnownDate":"200528","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-05-29T19:12:02.3333387+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1919},{"violations":{"ACR-016":"The displayed Ad leads to download the promoted application directly. The application itself is deceptor.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"WiperSoft","landingPage":"http://www.pulsetheworld.com/?s=Adware&post_type=post","directDownloadingLink":"http://www.pulsetheworld.com/?s=*","ipv4":"","ipv6":"","sourceIndex":"2433"}],"sampleFiles":[],"imageFiles":["200522/Pulsetheworld-200521/200521/Images/ACR-016/WiperAffilate.JPG"],"nonDeceptorImageFiles":[],"guid":"df339af2-28ed-4483-9b8e-070746071ded_200521_1","appID":"Pulsetheworld-200521","dateAdded":"200522","deceptorType":"Affiliate","name":"Pulsetheworld","company":"pulsetheworld.com","version":"200521","sigName":"Deceptor:Affiliate/Pulsetheworld!016","lastKnownStatus":"200521","lastKnownDate":"200521","type":"Affiliate","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2020-05-22T00:17:05.5569335+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1921},{"violations":{"ACR-050":"extension changes the default search engine and disable user to switch to different search engine without disabling extension itself.\n","ACR-005":"The new tab extension does not identify itself and displays an unattributed search dialog, which leads the consumer to believe that this is the default chrome new tab.\n","ACR-017":"Extension was found installed silently by ByeFence Antivirus desktop application (5.6.2.0 and 5.5.0.7) without any user's permission and awareness.\n","ACR-104":"Extension changes the default search engine, that is beyond its value proposition offered to user. \n"},"nonDeceptorViolations":{"ACR-045":"The app does not disclose that app will change default search engine changing in user's browser.\n","ACR-065":"The app does not disclose EULA in the software.\n","ACR-139":"The app requires the consumer to change the search provider and gives no way to disable this capability, even though the search value offers no accessible intrinsic value to the app.\n","ACR-099":"The app does not disclose the uninstall information in the software.\nThe app does not disclose the uninstall information explicitly in the landing page.\n","ACR-035":"The app does not provide the app name in the docs.\n","ACR-036":"The app does not disclose the search relationship with yahoo and bing in EULA or privacy policy.\n","ACR-046":"The disclosure is not easy to find and requires excessive scrolling down in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"Secured Search(10.1.4.60)2020-05-16.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4022a43bd5f0c82b5045262f05a873b2b970c9f0722396303a1dde88237243fd","sourceIndex":"2436","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Silently installed by ByteFenceAntivirus","reference":"","landingPage":"http://www.securedsearch.org/securedsearch/securedsearch/n/zz","directDownloadingLink":"https://chrome.google.com/webstore/detail/secured-search/ilnidodcffjfecahcfiihlhiohnaobic","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/secured-search/ilnidodcffjfecahcfiihlhiohnaobic","sourceIndex":"2436"}],"sampleFiles":["200518/SecuredSearch-200513/10.1.4.60/Samples/Secured Search(10.1.4.60)2020-05-16.crx"],"imageFiles":["200518/SecuredSearch-200513/10.1.4.60/Images/ACR-104/searchenginelocked.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-050/searchenginelocked.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-005/ACR-005_Software_NewTabDoesNotIdentifyItself.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-017/SecuredSearchInstalledwithoutpermission.png","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-017/SecureSearchCRXInstalledSilently.JPG"],"nonDeceptorImageFiles":["200518/SecuredSearch-200513/10.1.4.60/Images/ACR-139/ACR-139_Software_NoDisable.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-065/ACR-065_Software_NoEula.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-035/ACR-035_Docs_NoAppName.jpg","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-036/ACR-036_Docs_NoDisclosureForYahoo&Bing1.jpg","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-045/ACR-045_Landingpage_NoDisclosureForYahoo&Bing1.jpg","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-045/SecuredSearchLP.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-046/ImportantInfoNotInMainPage.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.JPG","200518/SecuredSearch-200513/10.1.4.60/Images/ACR-006/ACR-006_Landingpage_NoDisclosureForAffiliates.JPG"],"guid":"31a709b5-97f4-40d4-959c-fe30a7f984c8_10.1.4.60_1","appID":"SecuredSearch-200513","dateAdded":"200518","deceptorType":"Chrome Extension","name":"Secured Search","company":"ByteFence","version":"10.1.4.60","sigName":"Deceptor:CRX/SecuredSearch!104050005017","lastKnownStatus":"10.1.4.60","lastKnownDate":"200518","type":"Chrome Extension","category":"SysTools & Utilities","targetOS":"Chrome","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2020-05-18T21:25:14.6928543+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1922},{"violations":{"ACR-003":"Displays fake threat scamming message and scare user to download additional application to clean up.\n","ACR-014":"Display fake threat information via scamming message, thus scare user to download the additional application for monetizing. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"http://www.microsoft.com-maintaining-pc.live/tonic2/?ip=76.169.151.154&city=Santa%20Ana&os=Windows%2010&model=Desktop&td=tracking.blue&zn=14879380&sc=5542fa6a-4b32-43e2-b2cf-d62aeabb4957&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.157%20Safari%2F537.36&browser=Chrome&browserversion=Chrome%2074&language=en&connection=CABLE&isp=Charter%20Communications&carrier=&campid=f0e909bb-8e72-4613-a6a9-1662fb1ab746&cep=dCIMSuHXhELoe-iHYc9B6V5A7u0QQHhlRQxP7Is48Ttid372SEOnUuf058AQ5mrAh0XcboR6oMzIUR-KcB8rztSWme6hkHiq3zM2rDCetOqNbEgLcUk7zOfo30Oh4TxhmPtouArDL6pa6JurkLGSXbQ2_S7vkGSaF7Sa0TD98LhZTHmXcD7McJE1wTgunIlnW64YLNKpdSo-axNAY9QC2Q7ydp12KkmfC51d09saSuNiUepR_csysid36fCwFDL2D7xe4EXwwKDLs1HxfJb2bg&PLACEMENT_ID=14879380&LANDING_ID=1842112&COUNTRY_CODE=US&CAMPAIGN_ID=228869&externalid=e8b7d7b38bfba19ed31abe79808c6aca","landingPage":"http://www.microsoft.com-maintaining-pc.live/tonic2/?ip=*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.microsoft.com-maintaining-pc.live/tonic2/?ip=*","sourceIndex":"2440"},{"howFound":"","reference":"http://cleanerdesktop.pro/?rzi=462966&rsz=462966&rid=","landingPage":"http://cleanerdesktop.pro/?rzi=*&rsz=*&rid=","ipv4":"","ipv6":"","landingPageWildChar":"http://cleanerdesktop.pro/?rzi=*&rsz=*&rid=","sourceIndex":"2441"},{"howFound":"","reference":"http://pccleaner.pro/?rzi=1579777&rsz=1579777&rid=","landingPage":"http://pccleaner.pro/?rzi=*&rsz=*&rid=","directDownloadingLink":"","ipv4":"","ipv6":"","landingPageWildChar":"http://pccleaner.pro/?rzi=*&rsz=*&rid=","sourceIndex":"2442"},{"howFound":"","reference":"Qbit","landingPage":"http://www.microsoft.com-windows-booster.live/tonic2/?ip=81.171.107.160&campid=65605e6a-1840-49a7-8af5-6c84a19fefca&zn=victor-sin-gLGZLytw&sc=f1be0f9b-24b9-4ef6-b115-1b6525e2d391&browser=Firefox&browserversion=Firefox%2066&city=Paris&os=Windows&osv=Windows%2010&model=Desktop&td=tracking.marketing&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A66.0%29%20Gecko%2F20100101%20Firefox%2F66.0&language=fr&connection=BROADBAND&isp=Eweka%20Internet%20Services%20B.V.&carrier=&country=FR&cep=hi9SIJrkv__TUzl8EIGaEKvZWJCkSpXCkI3bLCTRZN6XH4gKfde4AJ2Dr8tx89sJBr_4ImWW48lav4naw3qWS0mHy-7oyiufSS10-rd2FCQfCCditKrc-S8KJnojlmMmz-8TgW-r8Achu-skbf-slx3Xb-QWd6JrT1OR9mQu4upL1mf4Lx5B8t7dyXrQLqnEYOI_lz0OWlvtAtlDrMUV99H3nngUYdkjywCXE06DoJjXTqcZ2Z7yfl-cQfws84zfDYYMQuXhwM77qFndPcOBJZAVO7d7oUKVmOVhmjCYO6GFa4xhz4ddSxR6lxZ32d0gSDyCz3D4Zk6eTrys0LThhHK9BjnybeWb7nsnHD5NJUvoFzEpMJa1fZGbIkDCQkD2JzmJgCEJY72yqmVCFaWXGHwI7pGNLskNRSTSKs3A5pRRLbF00U5_dSsTZvfAb94y","ipv4":"","ipv6":"","landingPageWildChar":"http://www.microsoft.com-*.live/tonic2/?ip=*","sourceIndex":"2443"},{"howFound":"","reference":"","landingPage":"https://analisis.soporte-tecnico.club/_89.29.160.242/lp1/index.html?osversion=Windows%208.1&cep=Tt6fFxlW4ufX4AYAIAiuaw5gpafTUdJGf_tdQk_bf_WdXQJp4WTbIN6Mzpqi-QqFpxUD6d_szp9LLpkWspxLh19qvp1B1I89orp57KB9HZNlzUw2vieAve6BhnLxDQcjlncs4pmzCUPzI1lPcwoQ2rkpmspKRrQiFDRMmCHgwHvhSDUYBqlgnL_9tLqwk8I4DOTmDXAJXbPdo-i8tv3HE79tyDR1ye9ZfzOghhzrd0yz1XvvqBOLPDy5acsXhKH1dxXhgSJBH9NMUrltFlFI5a5FjvgSaAwemeo9ek8HGg0Kp3FxEHYSYZsMYwG3afC5TdtHk0UPgb7eUGXfqY2Uebj1UreW4VwQky6TbQdxZNpBYCyeNQ44TjCNjK77SYzwBf-LeU8_towiYyDj8aK_qRrEm27XpZx908qMvJIsqPg&zone=2235499-3396103643-0&lang=ES&time=1559119681&campaign=154833420&ban=22678484&ssp=Schwifty.media&udid=&org=Televideo%20Novelda,%20S.A.U.&advertiser=128334&clickid=15591196721495113970050480950007563","ipv4":"","ipv6":"","landingPageWildChar":"https://analisis.soporte-tecnico.*/*/lp1/*cep=*","sourceIndex":"2444"},{"howFound":"","reference":"SystemKeeper","landingPage":"http://useratrisk.today/us/1/?rzi=1572209&rsz=1572209&rid=","ipv4":"","ipv6":"","sourceIndex":"2445"},{"howFound":"","reference":"","landingPage":"http://support.microsoft.com.traffic-redir.com/v/windows_defender/index.html#b","ipv4":"","ipv6":"","sourceIndex":"2446"},{"howFound":"","reference":"Qbit","landingPage":"http://www.microsoft.com-shields-devices.live/tonic2/?ip=84.243.213.242&campid=50d60598-823d-49a8-86fe-fda0c22ede69&zn=1726862&sc=56f7076e-d0d8-4538-9d72-8ec80962b924&browser=Chrome&browserversion=Chrome%2073&city=Culemborg&os=Windows&osv=Windows%208.1&model=Desktop&td=tracking.blue&ua=Mozilla%2F5.0%20%28Windows%20NT%206.3%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F73.0.3683.86%20Safari%2F537.36&language=nl&connection=BROADBAND&isp=Redhosting%20Bv%20As%20Number&carrier=&country=NL&cep=4v-Wc7M06RlZa8hGu5jfDTRBsRig7O37KyPUxievzTcO2V8v7_TNAUw7MZgry4nOXxsNUchvGKqCbZ27lQS-V8RmhmXlzu-puPu_Of-7wTj7nM9tFDgpbef6hEh5RjrfcxLtTVfbvja2lK7Y9Kl-Udff3fFdvA5wR3nkvQ-U7pGuj3zcCSy-ZdIshuCtNNQkHLe4qH3KyoNSG8sxlvlys8P1ANpkuOnO27P2e11Be3e7HsASfTuXehnrcSmT2d8UIAF-4jML9lRToXWO7v3N-kQIxZEGkQDwIY28Zj4psRufqSIg52FSDWSdT_Yls1tVvc2PGA3pqyNpHC7QRrc3PAg1ce8HRAqC2l3ElYRUeTkab9s0TFdbABJAdKxG5z32p-o7iW1NDUtS50ZT03H3GR_n0OQRhPdttwVjNypo_hOKNkxUz8hbRA-p_HrhMnGy9bewMZGH5EEMF7tbHai3XtRM-yGiqLF15eqwRZpgyEwX9TfG56OnMdXZzetsXMW1&zoneid=1726862&campaignid=2131228&region=fr&osversion=win8&countryname=NL&useragent=Mozilla/5.0%20(Windows%20NT%206.3;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/73.0.3683.86%20Safari/537.36&cost=0.002333&visitor_id=159266563814334646","ipv4":"","ipv6":"","landingPageWildChar":"http://www.microsoft.com-*.live/tonic2/?ip=*","sourceIndex":"2447"},{"howFound":"","reference":"SystemKeeper","landingPage":"https://www.mscheck005.com/sk/465bd014/us/?clid=15640884910790272218274086632652323&p1=1368301","ipv4":"","ipv6":"","landingPageWildChar":"https://www.mscheck005.com/sk/*","sourceIndex":"2448"},{"howFound":"","reference":"https://protectyourpc-al.club/antivirus/no/update/v3/?device_name=Desktop&browser_name=Firefox&device_brand=Desktop&device_model=Desktop&os_name=Windows&country=Norway&language=no-NO&uclick=cirnuo6j","landingPage":"http://protectyourpc-al.club/antivirus/no/update/v3/*","ipv4":"","ipv6":"","sourceIndex":"2449"},{"howFound":"","reference":"https://www.websafetyfirst.com/offer/fr?cep=EHkyt_gPNXxxFtQhSV4hd76mW_vb3v5hplZ5SMFpC_ewtA2gpjCI4I8zw1yxOGLq65Ypixc0xkYBbmjWJZj9uLm7H07gGKb6ttglKHClo7uuDLwAAC0z-iYT9HJSkAhxuGFErFWv51YsDgyqFNdZSV3GHYqASyxzhYBgDYZSa4M1IqD-CsW9MOXfT5FAfCMhkeRVn-XbwUEs5M2oLnCK5jPSUHOwW1UQjBGpBJi0dVIVJQ0ce1e34WXtPqXD7fjm0Mc1o-_c1fy6GJ1LSnKU57Esst-EBXy3W003TROV6zS1zO3pyLWKmGsBMto_stbfkP86cs7WDliCcdKpdbyKKw&lptoken=15d1646b146f81a18608&CampID=%7BCAMPAIGN_ID%7D&SiteId=","landingPage":"https://www.websafetyfirst.com/offer/*?cep","ipv4":"","ipv6":"","sourceIndex":"2450"},{"howFound":"","reference":"https://learntoreadacademy.com/alert-nl/# (distribute reimage)","landingPage":"https://learntoreadacademy.com/alert-nl/*","ipv4":"","ipv6":"","sourceIndex":"2451"},{"howFound":"","reference":"","landingPage":"https://www.one4all.xyz/lp/lp1/sa/1.html?bemobdata*","directDownloadingLink":"https://www.one4all.xyz/lp/lp1/sa/1.html?bemobdata=c%3D69126e9f-6fbf-4467-ac4e-c2b48bec8c81..a%3D0..b%3D0..z%3D0.00058211..e%3D2500637592..c1%3D1898906..c2%3D5..c3%3D6..c4%3DSA..c5%3DDesktop%252FNotebook..c6%3D6271219..c7%3DonesafeSA..c8%3D1920x1080..c9%3D*..r%3Dhttps%253A%252F%252Fserve.popads.net%252Fs%253Fcid%253D6271419%2526iuid%253D1047135997%2526ts%253D1562015594%2526ps%253D1360564578%2526pw%253D601%2526pl%253D%252521mEDt%25252B93VmRjABgYUzR2FWr4orob%25252BX%25252FvWK2Jn7Fiqqtpipo3jf37jkuwrXMQ%25252FyrSfQlnn5eN2%25252B0mLXY%25252FYOI1Vgqx4e6vS9pIEYid2i3QbE6MVOiFoL8eCR%25252B1lJuXeuRmtrf2nxMzeXb87HfZ6opvDElhc%25252BXGFNpBqYffDwiSFbY5KeHMfo31PNfMhYHdGITVIHZELzCqX7SrmOBRcgptI%25252BE3%25252FiTK72plWCSih4EI4q3KsbE7lXE2B%25252FWCdl3ai9yEcg3w8Bhp%25252BiwThRqdXzGtI7EV%25252FD0jZknUV8GjHF9X6aK5p2%25252BlXt1xwsHXESyOxyiLE9g6%25252FYIzcuMb4i5S2KTUAq7vIxCAHfUFn21Mapv8QB%25252BEbp9yadMhycfuITQk8ifEvkia92CSBgRwRiD2DS4oD9pZDgluxX0OeqcJDpz3iP5szaY%25252Flb2y0Z9IyTnBMdQoD0FcNC1buBe8cwlwrlomKV8hKs3epw%25252BWrTpI93E3ZZ3l2b5227nR3Z%25252FlKaDDpY8zgF%25252FqT%25252BXYdydghVDL0aU07iRzQqgEMIG0%25252FxO1LyzU8BV9agvggTJywVIRDChLn%25252BTwKO%25252Bi2cp%25252BmF8NyfKLeLuEe3g%25253D%25253D","ipv4":"","ipv6":"","sourceIndex":"2452"},{"howFound":"","reference":"https://scan.pcsafe.top/fr/?osversion=Windows%208.1&cep=3gqxLUfKDJRtHg2-_Pm00BQctK0CBNlciTWgjZAjr5wp7RV930kmwlvxIFmkXAdCoE5Ls_gT3zbPcErO8GbpqtSkS5zNHcm3vDddRvU9IjPY3J5tb4nKjbIIBf3Xy1WSvfpG7LfsUiYg99Yk-BV5Uc352hFnevyNbs_fTKp__1RtoohQ7i_pzXsUcCeuL2ZaMq-QCOoXJqxcjGXpOUoy4TVOrOXgluxqDRN1UwZ0gLfEyEcF4BGv2Ii1iBYI63w0R0n3hoH-e5EB9EaFBt0Ihftg9qbiMtibV5-kZ7bmsy92ZsKCRM-QpX2A0t3ec-p9VgvuhRneSS5qLLVaJU6UdReNqSTky3LcagY7f4qqbH3_PKgowpPtZBI-mQosQA3v","landingPage":"https://scan.pcsafe.top/fr/*","ipv4":"","ipv6":"","sourceIndex":"2453"},{"howFound":"","reference":"http://updatemiicrosoft.info/?rzi=462966&rsz=462966&rid= (distribute reimage)","landingPage":"http://updatemiicrosoft.info/*","ipv4":"","ipv6":"","sourceIndex":"2454"},{"howFound":"","reference":" Xtron PC Speedup","landingPage":"https://tool.customer-services.online/*","directDownloadingLink":"https://tool.customer-services.online/_149.54.181.131/v3/index.html?&language=en&os_name=Windows&&cep=_zNOd8LUcQbj15iXytCwtZBcKA5bbm4JT6YzPZhMBwyYlKxhUXlUy4C2nso-bYU3WUXMcce-Mt6sKzXZ4B2fqOp149MDAtWW9tY_nbxYQXAX1eR53IcQpboBXjBf4CVsKTaLcr6uQpAalbrY7ZQwiclw75lau_dMuClvcDXsv_owW5zpj3JePtewB9ZqQs8-tVLo-sTQCiBMtJCMrhcLpDOfFhFNxKc4PFU2xDZdomLTcYy82ndAJwcFiOAaIj3hXZDLblm07b6ESSB8daP-QBCozCtL90DOcoj5_gE5OAyUUEaTIXT-kF9UB2RBnMF__ZGIyPeZCvDKq3CF_RvEm0Nb-AiuPKCcnjB-NkRRWO6fnaX25DAM6WQ88hS9vMdk1knd4NyUTCwQwEGM9iEKBNks09WDgVqYXer-lphA_6FRmqf_zdIklAE1cTTsBFMQLLouLpo4M4ZJZGhitH4bjQ&lptoken=15d364ac101568d10410&zone=1282399&time=1564105000&campaign=163721220&ban=22729608&ssp=&udid=&org=Itec%20Hankyu%20Hanshin%20Co.,ltd.&advertiser=128334&clickid=15641049742503390595270654849513314#","ipv4":"","ipv6":"","sourceIndex":"2455"},{"howFound":"","reference":"Mac Heal Pro","landingPage":"http://ceba5dc1dc0e293eb8fb-c582f02022ec3ee06d1a5496029924fc.r92.cf1.rackcdn.com/dy-nolo/directx.html?*","directDownloadingLink":"http://ceba5dc1dc0e293eb8fb-c582f02022ec3ee06d1a5496029924fc.r92.cf1.rackcdn.com/dy-nolo/directx.html?osv=MacOS%2010.14%20Mojave&dom=t.macadlinkingnow.com&lang=en&cep=1-L8oeivj9nh40CsTrUp5UcMunVs5Nx5AVmTX856o_JURjZtuGLLmh9jY5IHUP4kBrLbZqWFJnmPLoWZV4nDIt7wgVtykSDyKRxlZbTA3nM0xoFXIhewO6OPGyongCsZZjESgFKc9-lZrNsKmh5Yvu2NDe_Tgt8m1QKs05hr93VHy5lP2U9ZpM1FVDQ0p73sW6eCV6Nizd5PfyNJb2Fm4OpsyUxwnGEhgccat__GksH9NBbcYqpMpWQDaqYH_hf6f1qZzpMF4TsgVgHBA7-8jpfGwqpRMsqCQ-A0yPqd321jZqVrTv_1Dq8XbGhMxS2b3KmrohAZtwvC5debdXCanFBc4WLKkGmzZUlQcbKLZzOKUDJ0Mpjhm1sWmj_YiSXE&lptoken=15eb651083a6047b40ac&zone=150211&country=MX&time=1565828638&cid=15658286242202592370211454438314268","ipv4":"","ipv6":"","sourceIndex":"2456"},{"howFound":"","reference":"Speedup Mac Pro (QbitMac)","landingPage":"http://lp.mbitmacspeed.live/clkdlr/4/?x-context=cbc4c556c64c4ed691c8d90fa92b1f089075&utm_source=mmcdmomm&utm_campaign=mmcdmomm&pxl=MMC3601_MMC3529_RUNT&utm_pubid=21650&x-at=&override=1","ipv4":"","ipv6":"","sourceIndex":"2457"},{"howFound":"","reference":"","landingPage":"http://multitive.xyz/lands/fr/2/?key=5pt4jjj5qacpryxsow7u&CLICKID=s_2929223319328146377_152&CPC=0.0900&SOURCE_ID=s152_W5DKOw268Jg3Hj2aKawO1892s1892&CAMPAIGN_ID=247334&COUNTRY=US&BROWSER=Chrome","ipv4":"","ipv6":"","sourceIndex":"2458"},{"howFound":"","reference":"https://mondegh.com/lands/fr/2/?key=0ogjiowfsovx75btv5ii&visitor_id=239358979900190815&cost=0.051&zoneid=2970963&campaignid=2969382&bannerid=4917166&user_activity={user_activity}&zone_type=in-page-push","landingPage":"https://mondegh.com/lands/fr/2/","ipv4":"","ipv6":"","sourceIndex":"2459"},{"howFound":"customer report","reference":"","landingPage":"http://www.securethechecks.club","directDownloadingLink":"http://www.securethechecks.club/volwan/first/indexip-nol.html?osv=Windows% 2010&trk=q.goneoutnow.site&lang=ja&ip=59.84.222.121&cep=rG07SgYRH4bDuKCueWi0X_6dO0YsLS 7RKmeBm1lxswOPUte-5fUp3mjgk7JiumRScRIhsm7yz9sKqrKY9IgXJS4gQOfmolFkyGR7d9LEZUOQZnM4MXHJtnVkNpxwk4eZ8KiR2AubtgrB5vMfvMYQmNKV9x1XOYDv3uWaxFdLh_ o rOvLclTJfo7yN8LDVKTshWeFD0rpbi3uPcPYNDNVmIaygOGmvSjwODlK28f48AckE4Yq0yAJHtUGCHxKi1-5s iP4XcTMkBXjnYWJJnUdXgrCovq84dkKmWY8PP4yyYTeFvjTg993Y1KBK2H2pYflJ54fUx_ qRYGOAlimBtIK3_kjR4UNcEuBzkH TEiUcYzskl9kTWSDJnELgIUOjGtUkBpfGIaW77C7N7zDfTw8joSqIlNjgebFcrqSAgwbnCvuS9hgDsA5_ vJRbbCqEUP&lptoken=15437820590e3519658d&zone=2840559-2536294854 -0&country=JP&time=1578591765&cid=15785917650995417721266949901349377&acsc=191019660","ipv4":"","ipv6":"","sourceIndex":"2460"},{"howFound":"customer report","reference":"https://optiorax.com/click.php?key=4o1ra307gv5oz3mcycw1&CLICK_ID=1170-1170-7-5bce09ad-0855-5911-bab2-41a506a1cb58&BID_PRICE=0.03&SITE_ID=affba7b9db3dc7b1991043eec7872063&SUB_LIST_ID=1170&PLACEMENT_ID=b76a32c4c4f7881876e4b0865ca43d40&OS=Windows+10&USER_ID=desktop%3Aceba3d8b5cda622d5788a656cccfa607&CAMPAIGN_ID=1845676&CREATIVE_ID=1735492&PUBLISHER_ID=0667b2f5f1325b0d31cf99e0f6135205","landingPage":"http://optiorax.com/lands/*/?uclick=","ipv4":"","ipv6":"","sourceIndex":"2461"},{"howFound":"customer report","reference":"https://atlantola.com/click.php?key=apiddl3u1da550fogti8&click_id=%7Bclick_id%7D&bid=%7Bbid%7D&placement_id=%7Bplacement_id%7D&campaign_id=%7Bcampaign_id%7D&site_id=%7Bsite_id%7D&creative_id=%7Bcreative_id%7D&age=%7Bage%7D&rc=%7Binline%7D&mc=%7Bprocessed%7D","landingPage":"https://atlantola.com/click.php?key=","ipv4":"","ipv6":"","sourceIndex":"2462"},{"howFound":"","reference":"https://protostence.com/click.php?key=apiddl3u1da550fogti8&click_id=%7Bclick_id%7D&bid=%7Bbid%7D&placement_id=%7Bplacement_id%7D&campaign_id=%7Bcampaign_id%7D&site_id=%7Bsite_id%7D&creative_id=%7Bcreative_id%7D&age=%7Bage%7D&rc=%7Binline%7D&mc=%7Bprocessed%7D","landingPage":"https://protostence.com/click.php?key=","ipv4":"","ipv6":"","sourceIndex":"2463"},{"howFound":"","reference":"http://optiorax.com/lands/BE/?uclick=52p2zw5m&uclickhash=52p2zw5m-52p2zw5m-lpgm-7sqd-c8kt-8r3zbl-8r3z8n-8f093e","landingPage":"http://optiorax.com/lands/*/?uclick=","directDownloadingLink":"","ipv4":"","ipv6":"","sourceIndex":"2464"}],"sampleFiles":[],"imageFiles":["200515/ScamAffiliatePC-190522/190522/Images/ACR-003/2019-05-22_ReimageRepair.mp4","200515/ScamAffiliatePC-190522/190522/Images/ACR-003/2019-05-22_ReimagePlus_2.mp4","200515/ScamAffiliatePC-190522/190522/Images/ACR-003/ScamAffiliate.JPG","200515/ScamAffiliatePC-190522/190522/Images/ACR-003/ScamAffiliate_AV.mp4","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/ScamAffiliatePC_014.PNG","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/ScamAffiliatePC_014_2.PNG","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/ScamAffiliatePC_014_3.PNG","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/ScamAffiliatePC_014_4PNG.PNG","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/Affiliate_ClickDealerPublisher.PNG","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/Affiliate_ClickDealerPublisher2.PNG","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/xtron1.png","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/machealpro.png","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/machealpro2.png","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/qbitmac.png","200515/ScamAffiliatePC-190522/190522/Images/ACR-014/ScamInJanpa.JPG"],"nonDeceptorImageFiles":[],"guid":"032b1593-23d3-44e3-a595-9fe4e77d9977_190522_1","appID":"ScamAffiliatePC-190522","dateAdded":"200515","deceptorType":"Affiliate","name":"ScamAffiliatePC","version":"190522","sigName":"Deceptor:Affiliate/ScamAffiliatePC!003014","lastKnownStatus":"200515","lastKnownDate":"201016","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-10-16T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1923},{"violations":{"ACR-048":"The app hides from the consumer by removing its icon from the All Apps page. This makes it difficult for the targeted consumer to uninstall the app.\n","ACR-007":"The app hides itself and all app notifications from the targeted consumer.\n","ACR-084":"The app hides its icon from the All Apps page. The app called itself \"System Service\" once installed.\n","ACR-086":"Once installed, the app does not inform the targeted consumer how it collects and transmits data. It only informs the consumer who installs the app, which is insufficient.\n","ACR-097":"The app tells the user to disable Play Protect, which allows the app to evade security investigation or detection. Once installed, the app calls itself \"System Service\" to evade notice by the targeted consumer.\n","ACR-014":"After install, the app calls itself \"System Service\", which is misleading to the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app calls itself \"System Service\" during and after the install.\n","ACR-002":"The application refers to itself as \"System Service\" after it is installed. After installing, the app refers to itself as \"System Service\".\n","ACR-099":"The app does not provide links to uninstall information.\nThe landing page does not provide links to uninstall information.\nThe internal offers page does not provide links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"TheTruthSpy.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"95ad42063d593c0b7af3cb188456085e175baa2b48c764cfa8ab256a8c20e277","sourceIndex":"2466","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://thetruthspy.com/","directDownloadingLink":"https://android.thetruthspy.com/downloader/androidapp/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://android.thetruthspy.com/downloader/androidapp/","sourceIndex":"2466"}],"sampleFiles":["200511/TheTruthSpy-200508/9.10/Samples/TheTruthSpy.apk"],"imageFiles":["200511/TheTruthSpy-200508/9.10/Images/ACR-048/TheTruthSpy All Apps.png","200511/TheTruthSpy-200508/9.10/Images/ACR-007/TheTruthSpy All Apps.png","200511/TheTruthSpy-200508/9.10/Images/ACR-007/TheTruthSpy Hide.png","200511/TheTruthSpy-200508/9.10/Images/ACR-014/TheTruthSpy Different Name.png","200511/TheTruthSpy-200508/9.10/Images/ACR-014/TheTruthSpy About.png","200511/TheTruthSpy-200508/9.10/Images/ACR-084/TheTruthSpy All Apps.png","200511/TheTruthSpy-200508/9.10/Images/ACR-084/TheTruthSpy Different Name.png","200511/TheTruthSpy-200508/9.10/Images/ACR-084/TheTruthSpy different name 2.png","200511/TheTruthSpy-200508/9.10/Images/ACR-084/TheTruthSpy Name bad.png","200511/TheTruthSpy-200508/9.10/Images/ACR-086/TheTruthSpy All Apps.png","200511/TheTruthSpy-200508/9.10/Images/ACR-097/TheTruthSpy 097.png","200511/TheTruthSpy-200508/9.10/Images/ACR-097/TheTruthSpy 097 4.png","200511/TheTruthSpy-200508/9.10/Images/ACR-097/TheTruthSpy 097 3.png","200511/TheTruthSpy-200508/9.10/Images/ACR-097/TheTruthSpy 097 2.png"],"nonDeceptorImageFiles":["200511/TheTruthSpy-200508/9.10/Images/ACR-038/TheTruthSpy Different Name.png","200511/TheTruthSpy-200508/9.10/Images/ACR-002/TheTruthSpy Name bad.png","200511/TheTruthSpy-200508/9.10/Images/ACR-002/TheTruthSpy different name 2.png","200511/TheTruthSpy-200508/9.10/Images/ACR-002/TheTruthSpy Different Name.png","200511/TheTruthSpy-200508/9.10/Images/ACR-099/TheTruthSpy About.png","200511/TheTruthSpy-200508/9.10/Images/ACR-099/TheTruthSpy Landing Page.png","200511/TheTruthSpy-200508/9.10/Images/ACR-099/TheTruthSpy Internal Offers.png"],"guid":"464c90c0-9cc5-4bd7-8b19-00f90773dc22_9.10_1","appID":"TheTruthSpy-200508","dateAdded":"200511","deceptorType":"Android App","name":"The Truth Spyu  ","company":"TheTruthSpy LLC.","version":"9.10","sigName":"Deceptor:Android/TheTruthSpyuStalkerware!048007014084086097","lastKnownStatus":"9.10","lastKnownDate":"201016","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-10-16T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1924},{"violations":{"ACR-003":"The application reports working properly driver is in condition of being severe and raises urgency for user to fix it. The driver recommended by app even has lower driver version.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\nThe application's install wizard fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"Contacted the phone number 800-720-4542 provided by DriverUpdatePlus and got a representative that stated that the company name is PC First AID.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"DriverUpdatePlus.exe","isInstaller":"True","companyName":"Speedbit Technology","productName":"DriverUpdate Plus","productVersion":"1.0.50.0","fileVersion":"1.0.50.0","hashMD5":"93fa702e1d5465d1375850a838d13df3","hashSHA1":"adac57f0b90e423e6589d55458f71ab21dcb6b37","hashSHA256":"00a64f652e0b56c8b1bf17313f9227a275bf89d311313142424ec9ef9b225c9b","digitalCertThumbprint":"6B6BBA6BA7AF6CC4CA25802A46E9D06636070396","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Speedbit Technology","sourceIndex":"2467","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverUpdatePlus_51.exe","isInstaller":"True","companyName":"Speedbit Technology","productName":"DriverUpdate Plus","productVersion":"1.0.51.0","fileVersion":"1.0.51.0","hashMD5":"119754999a3ad4f2c3858c4fc011c7e8","hashSHA1":"3eb73096950c761cf6c6c5ff38ad6a9bd69fae3e","hashSHA256":"7ad2fa5f60a91e0b887d65a54af9125e84713f578094e2a13792644f5bd52242","digitalCertThumbprint":"6b6bba6ba7af6cc4ca25802a46e9d06636070396","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Speedbit Technology","sourceIndex":"2467","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://en.freedownloadmanager.org/","landingPage":"http://www.driverupdateplus.com/index.html","directDownloadingLink":"http://download.driverupdateplus.com/DriverUpdatePlus.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.driverupdateplus.com/DriverUpdatePlus.exe","sourceIndex":"2467"}],"sampleFiles":["200508/DriverUpdatePlus-171026/1.0.50/Samples/DriverUpdatePlus.exe","200508/DriverUpdatePlus-171026/1.0.50/Samples/DriverUpdatePlus_51.exe"],"imageFiles":["200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-017/ACR-017_INTERNAL_OFFERS.PNG","200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-017/ACR-017_INSTALL.PNG","200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-003/ACR-003_SOFTWARE.PNG","200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-003/DriverUpdatePlus.PNG","200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-003/DriverUpdatePlus1.PNG","200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-168/ACR-168_SOFTWARE.PNG","200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-118/ACR-118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-168/ACR-168_LANDING_PAGE.png","200508/DriverUpdatePlus-171026/1.0.50/Images/ACR-163/ACR-163_SOFTWARE.PNG"],"guid":"87945acc-ae48-4f76-ac6d-10432bba1bf0_1.0.50_1","appID":"DriverUpdatePlus-171026","dateAdded":"200508","deceptorType":"App","name":"DriverUpdatePlus","company":"Speedbit Technology","version":"1.0.50","sigName":"Deceptor:Win32/DriverUpdatePlus!017003118168","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.0.50.0;1.0.60","lastKnownDate":"201019","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-10-19T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1925},{"violations":{"ACR-048":"The app does not provide any control to disable the voice control, notifications, scheduled tasks, and to completely close the app.\n","ACR-003":"The app uses the color red and color gradient to increase urgency for non-urgent \"issues\", thereby misleading or scaring user to take action\n","ACR-004":"1) The app does not fix the identified issue, the app shows that the driver is updated but on manually checking it’s not updated, even on rescanning the same issue found. \n2) The app uses a color gradient to indicate severity to the identified issues.\n3) The app does not substantiate about the date details of the identified issues.\n","ACR-006":"The monetization should be clearly attributed. The call center name and website should be disclosed next to a phone number.\nThe monetization should be clearly attributed. The call center name and website should be disclosed next to a phone number.\n","ACR-017":"The offers web page fraudulently elevates its consumer trust level by displaying an unverifiable Microsoft Partner logo and Norton logo.\nThe app's install wizard fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\n","ACR-084":"1) The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n2) The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-168":"The app displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-119":"The app fails to remove all of its monetization components after the consumer uninstalls it.\n","ACR-014":"1. The app uses sound alert once the scan is complete\n2. App misleads user that driver items can have high impact on system performance which is not substantiated claim\n","ACR-164":"The app needs to provide payment invoice details and cancellation options that are shared with the consumers.\n","ACR-165":"The app needs to provide payment invoice details and cancellation options that are shared with the consumers.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose the EULA & Privacy Policy in the app's about page.\n","ACR-163":"The app provides non-interactive(chat) to the customer, but the link redirects to a blank page.\n","ACR-160":"The app does not use the \"Certified\" Call Center.\n","ACR-099":"The app does not disclose the uninstall information in the app's about page.\n","ACR-166":"The app needs to disclose the license period to the consumer in the internal offers.\n","ACR-171":"The offered product is \"Opt-in\" by default and also no details about whether the payment is recurring or not.\n","ACR-017":"The app elevates its consumer trust level by displaying the unverifiable logo.\n","ACR-014":"The app uses the word \"old drivers\" and outdated images in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DriverUpdaterPlus\\DriverUpdatePlus.exe","companyName":"","productName":"","productVersion":"","fileVersion":"","hashMD5":"3fe5364b57916fa91237eb7964d03199","hashSHA1":"bf4d60f10a1d0422d4d8c480ceba8ca3bb252c85","hashSHA256":"c1e6e1fb1e6f6f404a493d966936667f6c4ea33bc0c5d4a79ac62a095c975810","digitalCertThumbprint":"910B578B43488C7BEEE5074A42264531418D00A8","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Speedbit Technology","storeId":"","sourceIndex":"2468","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"Speedbit Technology","productName":"Driver Update Plus","productVersion":"1.0.60","fileVersion":"1.0.60","hashMD5":"6b18893b39039d2c32cc093efe910e7c","hashSHA1":"d7dcbdecf9f6874ea80505365770444dbbe11d81","hashSHA256":"41ebee8e3833d37bb3fb841947f4c7e86eb694b2de730bdecc8e40496ba5e469","digitalCertThumbprint":"910B578B43488C7BEEE5074A42264531418D00A8","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Speedbit Technology","storeId":"","sourceIndex":"2468","avBlockList":["360 Total Security (20200611)","Avast Premium Security (20200611)","AVG Internet Security (20200611)","Avira Internet Security (20200611)","Bitdefender Internet Security (20200611)","Dr.Web Security Space (20200611)","ESET Internet Security (20200611)","G DATA INTERNET SECURITY (20200611)","K7 Total Security (20200611)","Kaspersky Internet Security (20200611)","Malwarebytes Premium (20200611)","McAfee Total Protection (20200611)","Norton Security (20200611)","Panda Dome (20200611)","Quick Heal Internet Security (20200611)","Sophos Home Premium (20200611)","SpyHunter5 (20200611)","Tencent PC Manager (20200611)","Total AV Antivirus Pro (20200611)","VIPRE Advanced Security (20200611)","VirIT eXplorer PRO (20200611)","Webroot SecureAnywhere (20200611)","Windows Defender (20200611)"],"avAllowList":["COMODO Antivirus (20200611)","Trend Micro Internet Security (20200611)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://en.freedownloadmanager.org/","landingPage":"http://www.driverupdateplus.com/index.html","directDownloadingLink":"http://download.driverupdateplus.com/DriverUpdatePlus.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.driverupdateplus.com/DriverUpdatePlus.exe","sourceIndex":"2468"}],"sampleFiles":["200508/DriverUpdatePlus-171026/1.0.60/Samples/setup.exe"],"imageFiles":["200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-017/ACR-017_InternalOffers_UnverifiableLogo.jpg","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-164/ACR-164_InternalOffers_NoDetails.jpg","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-165/ACR-165_InternalOffers_NoDetails.jpg","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-168/ACR-168_InternalOffers_NoDisclosureForAdditonalOffers.jpg","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-017/ACR-017_Install_UnverifiableLogo.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-003/ACR-003_Software_ExaggeratedResults.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-084/ACR-084_Software_UndisclosedScheduledTasks.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-084/ACR-084_Software_BackgroundProcess.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-048/ACR-048_Software_NoControl.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-048/ACR-048_Software_NoControlToCloseTheApp.mp4","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-048/ACR-048_Software_NoControlToDisableTheScheduledTasks.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-048/ACR-048_Software_NoControlToDisableTheVoiceNotification.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-118/ACR-118_Uninstall_RetainsFile.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-119/ACR-119_Uninstall_RetainsFile.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-004/ACR-004_Software_NoDateSubstantiation.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-004/ACR-004_Software_NoFix.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-004/ACR-004_Software_NoFix1.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-004/ACR-004_Software_UsesColorGradient.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_Software_NoDisclosureForMonetization.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_Software_NoDisclosureForMonetization1.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-014/ACR-014_Software_ExaggeratedResults.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_InternalOffers_NoDisclosureForMonetization.jpg"],"nonDeceptorImageFiles":["200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-166/ACR-166_InternalOffers_NoLicensePeriod.jpg","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-171/ACR-171_InternalOffers_DefaultOpt-in.jpg","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-017/ACR-017_Landingpage_UnverifiableLogo.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-017/ACR-017_Landingpage_UnverifiableLogo1.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-017/ACR-017_Landingpage_UnverifiableLogo2.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-163/ACR-163_Landingpage_ChatNotWorking.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-160/ACR-160_Software_NoCertifiedCallCenter.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-160/ACR-160_Software_NoCertifiedCallCenter1.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-160/ACR-160_Software_NoCertifiedCallCenter2.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-160/ACR-160_Software_NoCertifiedCallCenter3.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-160/ACR-160_Software_NoCertifiedCallCenter4.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-160/ACR-160_Software_NoCertifiedCallCenter5.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-160/ACR-160_Software_NoCertifiedCallCenter6.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-065/ACR-065_Software_NOEULA&PrivacyPolicy.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_Landingpage_NoDisclosureForMonetization.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_Landingpage_NoDisclosureForMonetization1.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_Landingpage_NoDisclosureForMonetization2.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_Landingpage_NoDisclosureForMonetization3.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_Landingpage_NoDisclosureForMonetization4.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-006/ACR-006_Landingpage_NoDisclosureForMonetization5.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-014/ACR-014_Landingpage_OldDrivers.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-014/ACR-014_Landingpage_OutdatedImages.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-014/ACR-014_Landingpage_OutdatedImages1.JPG","200508/DriverUpdatePlus-171026/1.0.60/Images/ACR-014/ACR-014_Landingpage_OutdatedImages2.JPG"],"guid":"87945acc-ae48-4f76-ac6d-10432bba1bf0_1.0.60_1","appID":"DriverUpdatePlus-171026","dateAdded":"200508","deceptorType":"App","name":"DriverUpdatePlus","company":"Speedbit Technology","version":"1.0.60","sigName":"Deceptor:Win32/DriverUpdatePlus!017164165168003084048118119004006014","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.0.50.0;1.0.60","lastKnownDate":"201019","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-10-19T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1926},{"violations":{"ACR-109":"The app downloads \"rkverify.exe\", a RelevantKnowledge file.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-075":"Cancelling the installation leaves the carrier and the offers installed.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or the Privacy Policy. \n","ACR-002":"The App's version is not consistent between App interaction and its install. (version 8.8.2.6 vs version 8.8.1)\nThe App's version is not consistent between App interaction and its install.\n","ACR-092":"The app does not have a digital signature for all the executables.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's page does not shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"PCBoosterFreeUninstaller.exe","isInstaller":"True","companyName":"PCBooster, Inc.                                             ","fileVersion":"0.0","hashMD5":"810ddacd714c79b94f2a794280c41953","hashSHA1":"aa60b59458ae3a14829b927605d01220b06197b9","hashSHA256":"21e7b0b004a9821150091cb0c9358ff0e62db0dfde10b1be4e9d5ec422ea4314","digitalCertThumbprint":"E1CAA9E850D616A0C2A245A157E0767A5DDCB431","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", O=\"Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd\", STREET=\"Room 431B, No. 17, Middle Scissor Lane, Dongcheng District,\", L=Beijing, S=Beijing, PostalCode=100005, C=CN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110101MA003B6P68","sourceIndex":"2470","avBlockList":["360 Total Security (20200611)","Avast Premium Security (20200611)","AVG Internet Security (20200611)","Avira Internet Security (20200611)","Bitdefender Internet Security (20200611)","Dr.Web Security Space (20200611)","ESET Internet Security (20200611)","G DATA INTERNET SECURITY (20200611)","K7 Total Security (20200611)","Kaspersky Internet Security (20200611)","Malwarebytes Premium (20200611)","McAfee Total Protection (20200611)","Norton Security (20200611)","Panda Dome (20200611)","Quick Heal Internet Security (20200611)","Sophos Home Premium (20200611)","SpyHunter5 (20200611)","Tencent PC Manager (20200611)","Total AV Antivirus Pro (20200611)","Trend Micro Internet Security (20200611)","VIPRE Advanced Security (20200611)","VirIT eXplorer PRO (20200611)","Webroot SecureAnywhere (20200611)","Windows Defender (20200611)"],"avAllowList":["COMODO Antivirus (20200611)"]},{"isRevoked":"False","fileName":"PCBoosterFreeUninstaller [1].exe","companyName":"PCBooster Free Uninstaller","fileVersion":"7.2","hashMD5":"b214b3697e59db4e5872a3ce361b09e8","hashSHA1":"3af27584eb141c5c05476f776b0e73b2cf466782","hashSHA256":"0fe3aabb6d5ab3df79359a605803a925af00668a5cd50bd04678dafb0b3ae89b","sourceIndex":"2470","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Uninstall Unwanted Programs\"","reference":"http://www.pc-booster.net","landingPage":"http://www.pc-booster.net","directDownloadingLink":"https://www.pc-booster.net/PCBoosterFreeUninstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pc-booster.net/PCBoosterFreeUninstaller.exe","sourceIndex":"2470"}],"sampleFiles":["200507/PCBoosterFreeUninstaller-200507/8.8.1/Samples/PCBoosterFreeUninstaller.exe","200507/PCBoosterFreeUninstaller-200507/8.8.1/Samples/PCBoosterFreeUninstaller [1].exe"],"imageFiles":["200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-109/PCBoosterFreeUninstaller_Installs [3] Offer_RelevantKnowledge.png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-109/PCBoosterFreeUninstaller_RelevantKnowledgeFileRunning [1].png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-048/PCBoosterFreeUninstaller_RelevantKnowledgeFileRunning [1].png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-048/PCBoosterFreeUninstaller_Installs [3] Offer_RelevantKnowledge.png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-075/PCBoosterFreeUninstaller_Installs [4] Offer_AvastAntivirus.png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-059/PCBoosterFreeUninstaller_Installs [4] Offer_AvastAntivirus.png"],"nonDeceptorImageFiles":["200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-065/PCBoosterFreeUninstaller_Installs [2].png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-002/PCBoosterFreeUninstaller_Installs [2].png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-002/PCBoosterFreeUninstaller_Interaction [2].png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-092/PCBoosterFreeUninstaller_ExecutableFileProperty [1].png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-065/PCBoosterFreeUninstaller_Interaction [1].png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-099/PCBoosterFreeUninstaller_Interaction [1].png","200507/PCBoosterFreeUninstaller-200507/8.8.1/Images/ACR-099/PCBoosterFreeUninstaller_LandingPage[1].png"],"guid":"34d1a32d-c25a-4935-b509-97760cfdf29b_8.8.1_1","appID":"PCBoosterFreeUninstaller-200507","dateAdded":"200507","deceptorType":"Bundler","name":"PCBooster Free Uninstaller ","company":"PCBooster, Inc.","version":"8.8.1","sigName":"Deceptor:Win32/PCBoosterFreeUninstaller!109048075059","lastKnownStatus":"8.8.1","lastKnownDate":"200507","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2020-05-07T16:49:25.9166918+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1927},{"violations":{"ACR-003":"The app exaggerated claims about the system health. For example, High in Cleaning Urgency level (DANGER) with 204 records. Raises urgency to take action on the consumer side.\n","ACR-004":"The application provides free scan results and uses these results to upsell the consumer to a subscription service.\n","ACR-084":"The App creates scheduled tasks by default and no option for user to disable it. \n"},"nonDeceptorViolations":{"ACR-065":"The install does not display link for the Returns and Cancellation Policy, Privacy Policy information. \nThe App does not display link for the EULA, Returns and Cancellation Policy, Privacy Policy information. \n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"SpeedFixTool.exe","isInstaller":"True","companyName":"FixBliss","fileVersion":"3.2","hashMD5":"77b3a4b75917f76cdb00fce4153edb69","hashSHA1":"fe12e1f349591ed4cc329e2a9e28ac56e0e127a3","hashSHA256":"7d0ed597f3743a4814efb25534bc8fade506bf2d606e26f1a6b900c95b1b352c","digitalCertThumbprint":"47391063B6A9C208C4443CADDFA59798999A732C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=UAB INTERADS, O=UAB INTERADS, STREET=Vytenio 12-28, L=Kaunas, S=Kaunas, PostalCode=48421, C=LT","sourceIndex":"2471","avBlockList":["360 Total Security (20200611)","Avast Premium Security (20200611)","AVG Internet Security (20200611)","Avira Internet Security (20200611)","Bitdefender Internet Security (20200611)","COMODO Antivirus (20200611)","Dr.Web Security Space (20200611)","ESET Internet Security (20200611)","G DATA INTERNET SECURITY (20200611)","K7 Total Security (20200611)","Kaspersky Internet Security (20200611)","Malwarebytes Premium (20200611)","McAfee Total Protection (20200611)","Norton Security (20200611)","Panda Dome (20200611)","Quick Heal Internet Security (20200611)","Sophos Home Premium (20200611)","SpyHunter5 (20200611)","Tencent PC Manager (20200611)","Total AV Antivirus Pro (20200611)","Trend Micro Internet Security (20200611)","VIPRE Advanced Security (20200611)","VirIT eXplorer PRO (20200611)","Webroot SecureAnywhere (20200611)","Windows Defender (20200611)"],"avAllowList":[]},{"isRevoked":"False","fileName":"SpeedFixTool2018.exe","companyName":"FixBliss","fileVersion":"3.2","hashMD5":"2b5a48a5efda29f77fa2325c245e7c13","hashSHA1":"9d2cee96b82b13b97df403dbe9577a7c947d6146","hashSHA256":"830b69d40119be13d8179865c0a347d062cab1cbbd8f98f89ed102914fa87e28","digitalCertThumbprint":"47391063B6A9C208C4443CADDFA59798999A732C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=UAB INTERADS, O=UAB INTERADS, STREET=Vytenio 12-28, L=Kaunas, S=Kaunas, PostalCode=48421, C=LT","sourceIndex":"2471","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"PC clean up\"","reference":"https://speedfixtool.com/","landingPage":"https://speedfixtool.com/","directDownloadingLink":"http://d3lpz348p245e9.cloudfront.net/SpeedFixTool.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://d3lpz348p245e9.cloudfront.net/SpeedFixTool.exe","sourceIndex":"2471"}],"sampleFiles":["200506/D-SpeedFixToolPro-170611/3.2.3/Samples/SpeedFixTool.exe","200506/D-SpeedFixToolPro-170611/3.2.3/Samples/SpeedFixTool2018.exe"],"imageFiles":["200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-003/SpeedFixTool_ScanningResults [3].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-003/SpeedFixTool_ScanningResults [5].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-084/SpeedFixTool_ScheduledTasks [1].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-084/SpeedFixTool_Settings [1].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-004/SpeedFixTool_ScanningResults [1].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-004/SpeedFixTool_ScanningResults [2].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-004/SpeedFixTool_ScanningResults [3].png"],"nonDeceptorImageFiles":["200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-065/SpeedFixTool_Installs[1].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-065/SpeedFixTool_ScanningResults [5].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-065/SpeedFixTool_About [1].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-099/SpeedFixTool_Settings [1].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-099/SpeedFixTool_ScanningResults [5].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-006/SpeedFixTool_LandingPage [3].png","200506/D-SpeedFixToolPro-170611/3.2.3/Images/ACR-006/SpeedFixTool_LandingPage [4].png"],"guid":"197eb1a5-05b7-414e-850a-add089a97067_3.2.3_1","appID":"D-SpeedFixToolPro-170611","dateAdded":"200506","deceptorType":"App","name":"SpeedFixTool2018","company":"FixBliss","version":"3.2.3","sigName":"Deceptor:Win32/SpeedFixTool!003084004","lastKnownStatus":"Deceptor: 3.0.3,3.2.3","lastKnownDate":"201010","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1928},{"violations":{"ACR-003":"The application makes unsubstantiated claims about system health by showing that the system has problems but provide no details as to what the problems are.\n","ACR-014":"The application makes unsubstantiated claims about system health by showing that the system has problems but provide no details as to what the problems are.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no links or information that shows how to uninstall the app.\nThe application's landing page has no links or information that shows how to uninstall the app.\nThe application's internal offer page has no links or information that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"setup_pcrepairtools64.exe","isInstaller":"True","companyName":"Layer Solutions Inc.","productName":"PC Repair Tools","productVersion":"8.3.0","fileVersion":"8.3.0","hashMD5":"94e40aab9a09cf6e2782f1863af27713","hashSHA1":"d7c3be99f0187b68bb3062656b3fe73ba3fe7a63","hashSHA256":"a9f0b88071bf5a8c831f578509dde09cc205a65000a85829efd461d61e8edb4b","digitalCertThumbprint":"6E7C7697E5C604C36AEAD864C7829E85F3098CB9","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Layer Solutions Inc., O=Layer Solutions Inc., L=CLEARWATER, S=Florida, C=US, SERIALNUMBER=P18000005856, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"378","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20200616)","Avira Internet Security (20200616)","Bitdefender Internet Security (20200616)","ESET Internet Security (20200616)","G DATA INTERNET SECURITY (20200616)","K7 Total Security (20200616)","Kaspersky Internet Security (20200616)","Malwarebytes Premium (20200616)","McAfee Total Protection (20200616)","Norton Security (20200616)","Panda Dome (20200616)","Sophos Home Premium (20200616)","Trend Micro Internet Security (20200616)","VirIT eXplorer PRO (20200616)","Webroot SecureAnywhere (20200616)","Windows Defender (20200616)","360 Total Security (20200616)","Avast Premium Security (20200616)","Dr.Web Security Space (20200616)","SpyHunter5 (20200616)","Tencent PC Manager (20200616)","Total AV Antivirus Pro (20200616)","VIPRE Advanced Security (20200616)"],"avAllowList":["COMODO Antivirus (20200616)","Quick Heal Internet Security (20200616)"]},{"isRevoked":"False","fileName":"StartCenter.exe","companyName":"Layer Solutions Inc.","productName":"PC Repair Tools - Start Center","productVersion":"8.3.0.0","fileVersion":"8.3.0.0","hashMD5":"61a2475d5e194eb7a8a6f678fa408448","hashSHA1":"374f2e9d4df73b207124c69b658acdca094dc028","hashSHA256":"b445e85ef2681192778eabea9fbea1a4b20df59c1ed37e76fff4f250b9710a03","digitalCertThumbprint":"6E7C7697E5C604C36AEAD864C7829E85F3098CB9","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Layer Solutions Inc., O=Layer Solutions Inc., L=CLEARWATER, S=Florida, C=US, SERIALNUMBER=P18000005856, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"378","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_pcrepairtools64_821.exe","isInstaller":"True","companyName":"Layer Solutions Inc.","productName":"PC Repair Tools","productVersion":"8.2.1","fileVersion":"8.2.1","hashMD5":"4df001e6f79bf31febc987c67a81c7e3","hashSHA1":"06203c38b7b0dd6b604a45249616ba173a0220e4","hashSHA256":"eb1f07749e25b1bc184f72e20b1567e0e74e506f801acc1f4509381fb12910d8","digitalCertThumbprint":"6E7C7697E5C604C36AEAD864C7829E85F3098CB9","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Layer Solutions Inc., O=Layer Solutions Inc., L=CLEARWATER, S=Florida, C=US, SERIALNUMBER=P18000005856, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"378","avBlockList":["360 Total Security (20200611)","Avast Internet Security (20191021)","AVG Internet Security (20200611)","Avira Internet Security (20200611)","Bitdefender Internet Security (20200611)","Dr.Web Security Space (20200611)","ESET Internet Security (20200611)","G DATA INTERNET SECURITY (20200611)","K7 Total Security (20200611)","Kaspersky Internet Security (20200611)","Malwarebytes Premium (20200611)","McAfee Total Protection (20200611)","Norton Security (20200611)","Panda Dome (20200611)","Quick Heal Internet Security (20200611)","Sophos Home Premium (20200611)","Tencent PC Manager (20200611)","Trend Micro Internet Security (20200611)","VIPRE Advanced Security (20200611)","VirIT eXplorer PRO (20200611)","Webroot SecureAnywhere (20200611)","Windows Defender (20200611)","Avast Premium Security (20200611)","SpyHunter5 (20200611)","Total AV Antivirus Pro (20200611)"],"avAllowList":["COMODO Antivirus (20200611)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc repair\"","landingPage":"https://www.pcrepairtools.net/index.html","directDownloadingLink":"https://www.pcrepairtools.net/download/setup_pcrepairtools64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcrepairtools.net/download/setup_pcrepairtools64.exe","sourceIndex":"378"}],"sampleFiles":["200504/PCRepairTools-181029/8.3.0/Samples/setup_pcrepairtools64.exe","200504/PCRepairTools-181029/8.3.0/Samples/StartCenter.exe","200504/PCRepairTools-181029/8.3.0/Samples/setup_pcrepairtools64_821.exe"],"imageFiles":["200504/PCRepairTools-181029/8.3.0/Images/ACR-003/ACR-003_software.JPG","200504/PCRepairTools-181029/8.3.0/Images/ACR-003/ACR-003_software1.JPG","200504/PCRepairTools-181029/8.3.0/Images/ACR-014/ACR-014_software.JPG","200504/PCRepairTools-181029/8.3.0/Images/ACR-014/ACR-014_software1.JPG"],"nonDeceptorImageFiles":["200504/PCRepairTools-181029/8.3.0/Images/ACR-065/ACR-065_install.JPG","200504/PCRepairTools-181029/8.3.0/Images/ACR-065/ACR-065_software.JPG","200504/PCRepairTools-181029/8.3.0/Images/ACR-099/ACR-099_software.JPG","200504/PCRepairTools-181029/8.3.0/Images/ACR-099/ACR-099_landingpage.JPG","200504/PCRepairTools-181029/8.3.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"c4a9a65e-6ade-480d-beb4-d34977f10c74_8.3.0_1","appID":"PCRepairTools-181029","dateAdded":"200504","deceptorType":"App","name":"PCRepairTools","company":"Layer Solutions Inc.","version":"8.3.0","sigName":"Deceptor:Win32/PCRepairTools!003014","lastKnownStatus":"Deceptor:8.3.0;8.2.1,8.3.2","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-07T23:38:19.9945216+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1929},{"violations":{"ACR-048":"The app does not provide any control in the app's settings to disable its own startup item and no control provided to close the app completely\n","ACR-003":"The app does not substantiate identified results for the consumer to review and take action\n","ACR-004":"The app does not provide any free fix for the identified issues and does not provide an option to review the identified results.\n","ACR-007":"The app does not obtain informed consent before disabling the Windows Defender process in the startup manager.\n","ACR-084":"1. The app creates an undisclosed startup to perform actions without the consumer's knowledge and consent\n2. The app's close button performs minimize to tray function and runs silently in the background without notifying the consumer\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent.\n","ACR-119":"The app does not to remove all of its monetization components after the consumer uninstalls it.\n","ACR-014":"The app uses the exaggerated word \"Problems\" and does not substantiate the identified results.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights that the app is provided for \"Free\", which misleads consumer to take action\n","ACR-065":"The app does not disclose the Privacy Policy during the installation.\nThe app does not disclose the EULA and Privacy Policy in the app's about page.\n","ACR-002":"The app does not use identical name across all points of consumer interaction.\n","ACR-161":"The quotes and testimonials need to be verifiable.\n","ACR-099":"The app does not disclose uninstall information in the app’s about page.\nThe app does not disclose uninstall information in the landing page.\n","ACR-167":"The app does not provide a returns policy of least 30 days.\n","ACR-166":"The app does not disclose the license period to the consumer in the internal offers.\n","ACR-171":"The app needs to provide details about whether the payment is recurring or not.\n","ACR-017":"The app elevates its consumer trust level by displaying the unverifiable logo.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\PC Repair Tools\\StartCenter.exe","companyName":"Layer Solutions Inc.","productName":"PC Repair Tools - Start Center","productVersion":"8.3.2.0","fileVersion":"8.3.2.0","hashMD5":"57c79d31444b9857f32b5d932be69726","hashSHA1":"39770512bef8fd7af8a82c25744831a803cb84a0","hashSHA256":"318be007b256d38e93fe47da63e57357601985157191bc1c228cbc25bd4f8f3a","digitalCertThumbprint":"6E7C7697E5C604C36AEAD864C7829E85F3098CB9","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Layer Solutions Inc.","storeId":"","sourceIndex":"379","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_pcrepairtools64.exe","isInstaller":"True","companyName":"Layer Solutions Inc.","productName":"PC Repair Tools","productVersion":"8.3.0","fileVersion":"8.3.0","hashMD5":"e9abe44d1a7439d703f62b3ab4e74d33","hashSHA1":"2b11d8f2f8be2b7df109f4c058dbfabaae714094","hashSHA256":"fe5a93c889e2625412c72b8b1ccb4eb5d5bf223c95a3532465493bf3cfd7c73d","digitalCertThumbprint":"6E7C7697E5C604C36AEAD864C7829E85F3098CB9","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Layer Solutions Inc.","storeId":"","sourceIndex":"379","avBlockList":["360 Total Security (20200616)","Avast Premium Security (20200616)","AVG Internet Security (20200616)","Avira Internet Security (20200616)","Bitdefender Internet Security (20200616)","Dr.Web Security Space (20200616)","ESET Internet Security (20200616)","G DATA INTERNET SECURITY (20200616)","K7 Total Security (20200616)","Kaspersky Internet Security (20200616)","Malwarebytes Premium (20200616)","McAfee Total Protection (20200616)","Norton Security (20200616)","Panda Dome (20200616)","Quick Heal Internet Security (20200616)","Sophos Home Premium (20200616)","SpyHunter5 (20200616)","Tencent PC Manager (20200616)","Total AV Antivirus Pro (20200616)","Trend Micro Internet Security (20200616)","VIPRE Advanced Security (20200616)","VirIT eXplorer PRO (20200616)","Webroot SecureAnywhere (20200616)","Windows Defender (20200616)"],"avAllowList":["COMODO Antivirus (20200616)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc repair\"","landingPage":"https://www.pcrepairtools.net/index.html","directDownloadingLink":"https://www.pcrepairtools.net/download/setup_pcrepairtools64.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcrepairtools.net/download/setup_pcrepairtools64.exe","sourceIndex":"379"}],"sampleFiles":["200504/PCRepairTools-181029/8.3.2/Samples/setup_pcrepairtools64.exe"],"imageFiles":["200504/PCRepairTools-181029/8.3.2/Images/ACR-048/ACR-048_Software_NoControlToDisableTheStartup.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-048/ACR-048_Software_NoControlToDisableTheStartup1.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-048/ACR-048_Software_UnableToCloseTheAppCompletely.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-003/ACR-003_Software_NotSubstantiatingTheResults.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-007/ACR-007_Software_NoAlerts.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-014/ACR-014_Software_WordProblem.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-084/ACR-084_Software_NoControlToDisableTheStartup1.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-084/ACR-084_Software_RunningInBackGround.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-118/ACR-118_Uninstall_RetainsFile.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-119/ACR-119_Uninstall_RetainsFile.JPG"],"nonDeceptorImageFiles":["200504/PCRepairTools-181029/8.3.2/Images/ACR-045/ACR-045_Landingpage_FreeDownload.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-045/ACR-045_Landingpage_FreeDownload1.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-045/ACR-045_Landingpage_FreeDownload2.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-045/ACR-045_Landingpage_FreeDownload3.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-065/ACR-065_Software_NoEULA&PrivacyPolicy.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-002/ACR-002_Software_NoNameConsistency.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-017/ACR-017_Landingpage_UnableToVerifyLogo.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-161/ACR-161_Landingpage_UnableToVerifyTestimonials.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-099/ACR-099_Landingpage_NoUninstall_Info.JPG","200504/PCRepairTools-181029/8.3.2/Images/ACR-167/ACR-167_Docs_RefundAtleast30Days.jpg","200504/PCRepairTools-181029/8.3.2/Images/ACR-166/ACR-166_InternalOffers_NoDetailsOfLicen eseValidity.jpg","200504/PCRepairTools-181029/8.3.2/Images/ACR-171/ACR-171_InternalOffers_NoDetailsAboutRecurringPayment.jpg"],"guid":"c4a9a65e-6ade-480d-beb4-d34977f10c74_8.3.2_1","appID":"PCRepairTools-181029","dateAdded":"200504","deceptorType":"App","name":"PCRepairTools","company":"Layer Solutions Inc.","version":"8.3.2","sigName":"Deceptor:Win32/PCRepairTools!048003007014004084118119","lastKnownStatus":"Deceptor:8.3.0;8.2.1,8.3.2","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-07T23:37:32.8540836+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1930},{"violations":{"ACR-016":"Ads in website leads to downloading directly.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"affiliate monitor","reference":"","landingPage":"https://www.pcerror-fix.com/","directDownloadingLink":"https://www.pcerror-fix.com/tips-fixing-common-driver-problems","ipv4":"","ipv6":"","sourceIndex":"2474"}],"sampleFiles":[],"imageFiles":["200504/PCErrorFix-200504/200504/Images/ACR-016/2020-05-04_17-05-24_PCErrorFix.mp4"],"nonDeceptorImageFiles":[],"guid":"56321b47-682a-4990-998e-913be8af5a3d_200504_1","appID":"PCErrorFix-200504","dateAdded":"200504","deceptorType":"Affiliate","name":"PCErrorFix","company":"pcerror-fix.com","version":"200504","sigName":"Deceptor:Affiliate/PCErrorFix!016","lastKnownStatus":"200504","lastKnownDate":"200504","type":"Affiliate","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"Adults only","monetization":"display ads","lastUpdate":"2020-05-05T00:25:11.1061573+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1931},{"violations":{"ACR-003":"The app displays identified “junk”  without details. The scanning results are not verifiable by user. Unsubstantiated claims require payment to see details.\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not contain links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy. \nThe app's does not contain link about page to it's EULA, Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-099":"The app's about page does not display links to uninstall information. \nThe landing page does not display links to uninstall information. \nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"iBeesoft iCleaner","fileVersion":"0.","hashMD5":"7f3049a48ba825868611abdb7a7e15b3","hashSHA1":"501ee6267a30d4b59206ef0414702e5fab06af59","hashSHA256":"786c8c4b8c757b9b7eddcc9d886b6ad6910168420e22bd77e69f3b01b2114e6b","sourceIndex":"2475","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"iBeesoft-iCleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"d0fd7a636ecefe751c3496b2f79ae76a","hashSHA1":"271e585cf2a921b76a494f5512e16a9dbefd7801","hashSHA256":"ec35df2d8dce2f2a4dcdf59b89c2473328f06153d5179ace09601cbaf75daadf","sourceIndex":"2475","avBlockList":["Avast Security for Mac (20200516)","Avira Security for Mac (20200516)","ESET Cyber Security Pro for Mac (20200516)","K7 Antivirus for Mac (20200516)","McAfee Internet Security for Mac (20200516)","Norton Security for Mac (20200516)","Sophos Home Premium For Mac (20200516)"],"avAllowList":["Bitdefender Antivirus for Mac (20200516)","G DATA AntiVirus for Mac (20200516)","Kaspersky Internet Security for Mac (20200516)","Trend Micro Antivirus for Mac (20200516)"]}],"additionalFiles":[],"sources":[{"howFound":"Google Search : apps to \"clean up\" macos","reference":"https://www.ibeesoft.com","landingPage":"https://www.ibeesoft.com/mac-cleaner/","directDownloadingLink":"https://www.ibeesoft.com/download/iBeesoft-iCleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ibeesoft.com/download/iBeesoft-iCleaner.dmg","sourceIndex":"2475"}],"sampleFiles":["200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Samples/iBeesoft iCleaner","200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Samples/iBeesoft-iCleaner.dmg"],"imageFiles":["200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Images/ACR-003/iBeesoftiCleaner_ScanResults [1].png","200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Images/ACR-003/iBeesoftiCleaner_ScanResults [2].png"],"nonDeceptorImageFiles":["200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Images/ACR-065/iBeesoftiCleaner_Installs [1].png","200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Images/ACR-065/iBeesoftiCleaner_Interaction [1].png","200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Images/ACR-099/iBeesoftiCleaner_Interaction [1].png","200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Images/ACR-099/iBeesoftiCleaner_LandingPage [1].png","200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Images/ACR-099/iBeesoftiCleaner_LandingPage [2].png","200504/iBeesoftiCleaner-200504/2.0.0 (build 1)/Images/ACR-099/iBeesoftiCleaner_OfferPage [2].png"],"guid":"10dc1430-eaf6-465c-bcca-f63aef08079a_2.0.0 (build 1)_1","appID":"iBeesoftiCleaner-200504","dateAdded":"200504","deceptorType":"MacOS App","name":"iBeesoft iCleaner ","company":"iBeesoft","version":"2.0.0 (build 1)","sigName":"Deceptor:MacOS/iBeesoftiCleaner!003","lastKnownStatus":"2.0.0","lastKnownDate":"200504","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-05T00:19:51.4472265+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1932},{"violations":{"ACR-016":"Ad leads to direct downloading. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Search \"Windows 10 Repair Tool\"","reference":"","landingPage":"https://www.how2fixerror.com/","directDownloadingLink":"https://www.how2fixerror.com/tricks-resolve-30180-28-ms-office-installation-upgrade-error/","ipv4":"","ipv6":"","sourceIndex":"2477"}],"sampleFiles":[],"imageFiles":["200504/How2fixerror-200503/200503/Images/ACR-016/How2FixError_016.JPG"],"nonDeceptorImageFiles":[],"guid":"dee9c3ee-69ec-4e78-8357-fd60b94dedea_200503_1","appID":"How2fixerror-200503","dateAdded":"200504","deceptorType":"Affiliate","name":"How2fixerrorCom","company":"how2fixerror.com/","version":"200503","sigName":"Deceptor:Affiliate/How2fixerrorCom!016","lastKnownStatus":"200503","lastKnownDate":"200503","type":"Affiliate","category":"SysTools & Utilities, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"display ads","lastUpdate":"2020-05-04T01:08:22.7108702+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1933},{"violations":{"ACR-014":"The description about the application in Ads is not same as the one being downloaded. \n","ACR-016":"Ads leads to direct downloading.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://errortools.com/","directDownloadingLink":"https://errortools.com/malware/hijacker/how-to-obliterate-pylocky-ransomware-crypto-malware-ransomware/","ipv4":"","ipv6":"","sourceIndex":"2478"}],"sampleFiles":[],"imageFiles":["200503/ErrorTools-200503/200503/Images/ACR-014/2020-05-03_16-11-37.mp4","200503/ErrorTools-200503/200503/Images/ACR-016/2020-05-03_16-11-37.mp4"],"nonDeceptorImageFiles":[],"guid":"f141a571-75e2-4774-bd6f-c5528520a8c4_200503_1","appID":"ErrorTools-200503","dateAdded":"200503","deceptorType":"Affiliate","name":"ErrorTools","company":"https://errortools.com/","version":"200503","sigName":"Deceptor:Affiliate/ErrorTools!014016","lastKnownStatus":"200503","lastKnownDate":"200503","type":"Affiliate","category":"Personalization & Search, SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"display ads","lastUpdate":"2020-05-03T23:22:20.6282738+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1934},{"violations":{"ACR-010":"The website provides application that is pretended to be MyCleanPC installer, instead it is a malicious program (h x x ps://gocleanpc.com/us/download-instructions.html, hash: 5ec9f628eeed41ae3d13575c7a05b04d71ad69eda9370e2e8853851103d90a8b). \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"vendor report","reference":"fake mycleanpc","landingPage":"https://www.gocleanpc.com/","directDownloadingLink":"https://gocleanpc.com/us/download-instructions.html","ipv4":"","ipv6":"","sourceIndex":"2481"}],"sampleFiles":[],"imageFiles":["200429/GoCleanPC-200429/200429/Images/ACR-010/FakeMyCleanPC1.JPG","200429/GoCleanPC-200429/200429/Images/ACR-010/FakeMyCleanPC1_1.JPG"],"nonDeceptorImageFiles":[],"guid":"0b686ccb-2d42-408c-b950-524cbf30c1bc_200429_1","appID":"GoCleanPC-200429","dateAdded":"200429","deceptorType":"Affiliate","name":"GocleanpcCom","company":"www.gocleanpc.com","version":"200429","sigName":"Deceptor:Affiliate/GocleanpcCom!010","lastKnownStatus":"200429","lastKnownDate":"200429","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"call center","lastUpdate":"2020-04-29T22:27:41.6275645+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1935},{"violations":{"ACR-048":"The app limits the users ability to restart later after a completed driver installation. It prominently displays an \"update to pro\" message that misleads the consumer to think it is necessary to complete the update.\n","ACR-004":"The app uses a circular gauge with \"traffic light colors\", which raises an exaggerated sense of urgency for the consumer. The desktop icon displays the number of out of date drivers left on the consumer's computer which also raises a sense of urgency.\n","ACR-097":"The app recommends the consumer to temporarily disable security software during driver installation.\n"},"nonDeceptorViolations":{"ACR-171":"Offer for \"Ad Guardian Plus\" requires the consumer to opt-out.\n"},"samples":[{"isRevoked":"False","fileName":"qdu.exe","companyName":"Digital Protection Services S.R.L","fileVersion":"1.0","hashMD5":"929ef5d78c558a00d1670be1f5df4522","hashSHA1":"03ffbb7f70063d3dc6f8308242731165e678aff7","hashSHA256":"2ccd215f20e6ae381c07c3e25d770e62eac669c7cd8390535a15c023689297b9","digitalCertThumbprint":"C738259BB7E58BCF2048CB925204ED8FAFA9D726","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DIGITAL PROTECTION SERVICES S.R.L., O=DIGITAL PROTECTION SERVICES S.R.L., STREET=STR. LUNGA NR. 65 AP. 37, L=SIBIU, S=Sibiu, PostalCode=550107, C=RO","sourceIndex":"2486","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qdurtsetup.exe","isInstaller":"True","companyName":"Digital Protection Services S.R.L                           ","fileVersion":"1.0","hashMD5":"c1be5797c23c44974835640977dd1af5","hashSHA1":"a797fb121b2567b5ab72aa9d63fa36b48f0be259","hashSHA256":"2caa68ac7cc68a0e27074787b6b133143d2a563e487d23797a476b387a15400f","digitalCertThumbprint":"C738259BB7E58BCF2048CB925204ED8FAFA9D726","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DIGITAL PROTECTION SERVICES S.R.L., O=DIGITAL PROTECTION SERVICES S.R.L., STREET=STR. LUNGA NR. 65 AP. 37, L=SIBIU, S=Sibiu, PostalCode=550107, C=RO","sourceIndex":"2486","avBlockList":["360 Total Security (20200428)","Avast Premium Security (20200428)","AVG Internet Security (20200428)","Avira Internet Security (20200428)","Dr.Web Security Space (20200428)","ESET Internet Security (20200428)","K7 Total Security (20200428)","Malwarebytes Premium (20200428)","McAfee Total Protection (20200428)","Norton Security (20200428)","Panda Dome (20200428)","Quick Heal Internet Security (20200428)","Sophos Home Premium (20200428)","SpyHunter5 (20200428)","Total AV Antivirus Pro (20200428)","VirIT eXplorer PRO (20200428)","Webroot SecureAnywhere (20200428)","Windows Defender (20200428)"],"avAllowList":["Bitdefender Internet Security (20200428)","COMODO Antivirus (20200428)","G DATA INTERNET SECURITY (20200428)","Kaspersky Internet Security (20200428)","Tencent PC Manager (20200428)","Trend Micro Internet Security (20200428)","VIPRE Advanced Security (20200428)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.quickdriverupdater.com/","directDownloadingLink":"https://webcf.quickdriverupdater.com/win/qdu/builds/v1000/qdurtsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://webcf.quickdriverupdater.com/win/qdu/builds/v1000/qdurtsetup.exe","sourceIndex":"2486"}],"sampleFiles":["200428/QuickDriverUpdater-200420/1.0.0.0/Samples/qdu.exe","200428/QuickDriverUpdater-200420/1.0.0.0/Samples/qdurtsetup.exe"],"imageFiles":["200428/QuickDriverUpdater-200420/1.0.0.0/Images/ACR-048/Quick Driver Updater Restart.png","200428/QuickDriverUpdater-200420/1.0.0.0/Images/ACR-004/Quick Driver Updater 004.png","200428/QuickDriverUpdater-200420/1.0.0.0/Images/ACR-097/Quick Driver Updater 097.png"],"nonDeceptorImageFiles":["200428/QuickDriverUpdater-200420/1.0.0.0/Images/ACR-171/Quick Driver Updater Internal Offers.png"],"guid":"8beb7183-edfc-4e75-a6ce-4ae774bc4c10_1.0.0.0_1","appID":"QuickDriverUpdater-200420","dateAdded":"200428","deceptorType":"App","name":"Quick Driver Updater","company":"Digital Protection Services S.R.L","version":"1.0.0.0","sigName":"Deceptor:Win32/QuickDriverUpdater!004048097","firstVendorContactDate":"200421","firstAppEsteemReplyDate":"200421","firstResolvedDate":"200428","firstResolvedVersion":"1.0.0.3","resolved":"TRUE","lastKnownDate":"200428","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-04-28T16:16:18.4907786+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1937},{"violations":{"ACR-004":"1. App uses exclamation symbol, alarming red colour and represents the identified space that can be recovered (60.2MB). \n2. The app does not provide a free fix for the identified issues during free scan.\n","ACR-006":"App doesn't clearly attribute call center next to call center phone number. \n","ACR-168":"The purchase now is not working. It leaves user the only option is to make a call for purchase and active the app for fix the issues. \n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" which misleads the consumer. The functionality that requires consumer payment in order to be activated does not marked clearly in landing page.\n","ACR-167":"1. The app does not disclose Return Policy in the docs.\n2. The landing page does not display links to a Returns and Cancellations Policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"Wise Mac Care","fileVersion":"0.","hashMD5":"dacb3a5061acd3d95ee96f9c1ee8da24","hashSHA1":"d79630b00201b99a3c62c4d0f178aaddeee42c32","hashSHA256":"6a655ccbf905c15dfc1dc7c23e299c6c12d981f2c3d2a3e4697acc4308cf4052","sourceIndex":"2473","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"wisemaccare.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"299eaa9b1d11e73a95580f5fc2cd1acd","hashSHA1":"579ec0552df613b55663ae02ed2feb7101adce6b","hashSHA256":"04f48baff6b83f8ee030ce3f821c91dcfb7880c102fca0a540b5d90b3222360c","sourceIndex":"2473","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search \"Clean up Mac\"","reference":"http://www.wisemaccare.com","landingPage":"http://www.wisemaccare.com","directDownloadingLink":"http://www.wisemaccare.com/download/wisemaccare.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wisemaccare.com/download/wisemaccare.pkg","sourceIndex":"2473"}],"sampleFiles":["200428/WiseMacCare-200428/3.2/Samples/Wise Mac Care","200428/WiseMacCare-200428/3.2/Samples/wisemaccare.pkg"],"imageFiles":["200428/WiseMacCare-200428/3.2/Images/ACR-004/WiseMacCare_Scan [7].png","200428/WiseMacCare-200428/3.2/Images/ACR-168/WiseMacCare_Scan [1]_websiteUnavailable.png","200428/WiseMacCare-200428/3.2/Images/ACR-168/WiseMacCare_Scan [2].png.png","200428/WiseMacCare-200428/3.2/Images/ACR-168/Screen Shot 2020-04-27 at 3.04.08 AM.png","200428/WiseMacCare-200428/3.2/Images/ACR-006/Screen Shot 2020-04-27 at 3.04.08 AM.png"],"nonDeceptorImageFiles":["200428/WiseMacCare-200428/3.2/Images/ACR-045/WiseMacCare_LandingPage [2] FreeTrial.png","200428/WiseMacCare-200428/3.2/Images/ACR-167/WiseMacCare_Scan [1].png","200428/WiseMacCare-200428/3.2/Images/ACR-167/WiseMacCare_LandingPage [4].png"],"guid":"ecfd984f-71ca-4bb6-b378-1a7797d8a4ac_3.2_1","appID":"WiseMacCare-200428","dateAdded":"200428","deceptorType":"MacOS App","name":"Wise Mac Care","company":"Wise Tech Labs Private Limited","version":"3.2","sigName":"Deceptor:MacOS/WiseMacCare!004006168","firstVendorContactDate":"200503","firstAppEsteemReplyDate":"200504","firstResolvedDate":"200504","firstResolvedVersion":"3.3","resolved":"TRUE","lastKnownStatus":"3.2","lastKnownDate":"200428","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-05T00:57:57.8935285+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1936},{"violations":{"ACR-004":"App uses gauges to show severity level of free scans. App offers to fix non-permanent items, but does not offer free fixes for the free scan results.\n","ACR-168":"App does not disclose that additional offers may be made to the consumer when calling for \"live help\"\n"},"nonDeceptorViolations":{"ACR-163":"App does not provide ways to get support that are not one-to-one interactive.\n","ACR-171":"The shopping cart has recurring charges as opt-out, but app provided no pre-disclosure that there would be recurring charges.\n"},"samples":[{"isRevoked":"False","fileName":"Cleaner","fileVersion":"0.","hashMD5":"12ff5eb67afb8c02b42a7d15f97f1f38","hashSHA1":"40066e6ac6c81f11452230ee23d0192d51a19923","hashSHA256":"2e0a348c530af2cd8e8232e542e7b2a0e8c284b1d4f90eb06f6c6a4f0bb131df","sourceIndex":"2482","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Install ReimageCleaner.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"cf75636f704e464bc3afdfe03396b4d7","hashSHA1":"1b54f1d7e3e8099b6fcdd91936d7095cc2d81291","hashSHA256":"68ce26a2ee0147437b0378ae35ec7e2feefe28218cb2985b74e9e00c0d441d56","sourceIndex":"2482","avBlockList":["Avast Security for Mac (20200516)","Avira Security for Mac (20200516)","Bitdefender Antivirus for Mac (20200516)","ESET Cyber Security Pro for Mac (20200516)","McAfee Internet Security for Mac (20200516)","Norton Security for Mac (20200516)","Sophos Home Premium For Mac (20200516)"],"avAllowList":["G DATA AntiVirus for Mac (20200516)","K7 Antivirus for Mac (20200516)","Kaspersky Internet Security for Mac (20200516)","Trend Micro Antivirus for Mac (20200516)"]},{"isRevoked":"False","fileName":"ReimageCleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"3f88935c5a9890df311469d6ee663862","hashSHA1":"6ee59e91b27599c955aaeff741cc631ee8fa32c9","hashSHA256":"fdf672a96e9f2afd84cb776b84e5164ae88bc19a21875bf6b806a3d50375405f","sourceIndex":"2482","avBlockList":["Avast Security for Mac (20200516)","Avira Security for Mac (20200516)","Bitdefender Antivirus for Mac (20200516)","ESET Cyber Security Pro for Mac (20200516)","McAfee Internet Security for Mac (20200516)","Norton Security for Mac (20200516)","Sophos Home Premium For Mac (20200516)"],"avAllowList":["G DATA AntiVirus for Mac (20200516)","K7 Antivirus for Mac (20200516)","Kaspersky Internet Security for Mac (20200516)","Trend Micro Antivirus for Mac (20200516)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"hazel ref.","landingPage":"http://www.reimagemac.com/lp/mndn/index.php","directDownloadingLink":"http://cdnrep.reimageplus.com/mac/ReimageCleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdnrep.reimageplus.com/mac/ReimageCleaner.dmg","sourceIndex":"2482"},{"howFound":"","reference":"","landingPage":"http://reimagemac.com/mac","ipv4":"","ipv6":"","sourceIndex":"2483"},{"howFound":"","reference":"","landingPage":"www.2-spyware.com/download/ReimageRepair","directDownloadingLink":"cdnrep.reimageplus.com","ipv4":"","ipv6":"","sourceIndex":"2484"}],"sampleFiles":["200427/ReimageCleaner-190215/1.0.0.6/Samples/Cleaner","200427/ReimageCleaner-190215/1.0.0.6/Samples/Install ReimageCleaner.pkg","200427/ReimageCleaner-190215/1.0.0.6/Samples/ReimageCleaner.dmg"],"imageFiles":["200427/ReimageCleaner-190215/1.0.0.6/Images/ACR-004/acr-004 uses gauges and severity to show free scan results.png","200427/ReimageCleaner-190215/1.0.0.6/Images/ACR-004/acr-004 charges to fix free scan results for non permanent fixes.png","200427/ReimageCleaner-190215/1.0.0.6/Images/ACR-004/acr-004 requres purchase to continue.png","200427/ReimageCleaner-190215/1.0.0.6/Images/ACR-168/acr-168 no disclosure of offers.png"],"nonDeceptorImageFiles":["200427/ReimageCleaner-190215/1.0.0.6/Images/ACR-163/acr-168 no disclosure of offers.png","200427/ReimageCleaner-190215/1.0.0.6/Images/ACR-171/acr-004 charges to fix free scan results for non permanent fixes.png"],"guid":"7b32c7c0-fe7a-482b-93c2-c176306c6005_1.0.0.6_1","appID":"ReimageCleaner-190215","dateAdded":"200427","deceptorType":"MacOS App","name":"Reimage Cleaner","company":"Reimage, Ltd.","version":"1.0.0.6","sigName":"Deceptor:MacOS/ReimageCleaner!004168","lastKnownStatus":"Deceptor:1.0.0.6","lastKnownDate":"200427","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-04-29T05:08:46.7568191+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1938},{"violations":{"ACR-003":"1) The app detects Windows components as a security issue, reporting fake AV issues. \n2) The app does not substantiate the results under the \"Event Logs\" as it takes to event viewer but doesn't display the identified issues.\n","ACR-004":"The app reports fake AV issues (svchost.exe process in clean system) and issues that it can't fix it (e.g. errors log in event log). It raises the urgency for user to make the call to fix the issue doesn't exist (fake AV items)\n\n","ACR-103":"App redirects to page not found.\n"},"nonDeceptorViolations":{"ACR-056":"One of the main functionalities of the app \"Security Search\" and \"Find Duplicate files\"' are not disclosed in the landing page.\n","ACR-168":"The app displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TweakBit\\PCRepairKit\\PCRepairKit.exe","companyName":"TweakBit","productName":"PCRepairKit","productVersion":"2.x","fileVersion":"2.0.0.55435","hashMD5":"fa82b4d4849665714ce57599d20a3806","hashSHA1":"255726aecc4e21aac90ba56b5541fc7af1c8b29b","hashSHA256":"f748480fe8f34a5461828fed3911ce770a5a8d1c1f83e6d9d64bc04ce9441733","digitalCertThumbprint":"97A7DFBB0071B9A0758DCF6C52E90BD0951E35D7","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"Tweakbit Pty Ltd","storeId":"","sourceIndex":"2469","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pc-repair-kit-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit PCRepairKit                                        ","productVersion":"2.0.0.55435                                       ","fileVersion":"2.x                 ","hashMD5":"84ebc7cb81dd5406968a52f814e15efc","hashSHA1":"286a00fb5f897132f8f05e59a3b524cf05c40911","hashSHA256":"6abc062fe231ace052d99a752fbbb6c62cdd0a8dc884d3f8894a453bc6fa3711","digitalCertThumbprint":"CF865D6FACD8C1754AAB2C0D9716B6EC318E1A84","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","storeId":"","sourceIndex":"2469","avBlockList":["360 Total Security (20200430)","Avast Premium Security (20200430)","AVG Internet Security (20200430)","Avira Internet Security (20200430)","Dr.Web Security Space (20200430)","ESET Internet Security (20200430)","G DATA INTERNET SECURITY (20200430)","K7 Total Security (20200430)","Malwarebytes Premium (20200430)","McAfee Total Protection (20200430)","Norton Security (20200430)","Panda Dome (20200430)","Sophos Home Premium (20200430)","SpyHunter5 (20200430)","Total AV Antivirus Pro (20200430)","VirIT eXplorer PRO (20200430)"],"avAllowList":["Bitdefender Internet Security (20200430)","COMODO Antivirus (20200430)","Kaspersky Internet Security (20200430)","Quick Heal Internet Security (20200430)","Tencent PC Manager (20200430)","Trend Micro Internet Security (20200430)","VIPRE Advanced Security (20200430)","Webroot SecureAnywhere (20200430)","Windows Defender (20200430)"]}],"additionalFiles":[],"sources":[{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-repair-kit/","directDownloadingLink":"http://www.tweakbit.com/pc-repair-kit/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/pc-repair-kit/download/","sourceIndex":"2469"}],"sampleFiles":["200424/TweakBitPCRepairKit-181220/2.0.0.55435/Samples/pc-repair-kit-setup.exe"],"imageFiles":["200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-003/ACR-003_Software_DetectsWindowsFile.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-003/ACR-003_Software_DetectsWindowsFile1.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-003/ACR-003_Software_NotSubstantiatingTheEventLogs.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-004/PCRepairKit_004_55435.PNG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-004/PCRepairKit_004_55435_2.PNG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-004/PCRepairKit_AfterFreeFix_55345.PNG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-103/ACR-103_Software_PageNotFound.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-103/ACR-103_Software_PageNotFound1.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-103/ACR-103_Software_PageNotFound2.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-103/ACR-103_Software_PageNotFound3.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-103/ACR-103_Software_LinkNotWorking.JPG"],"nonDeceptorImageFiles":["200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-056/ACR-056_Software_FunctionalitiesMismatch.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-168/ACR-168_Landingpage_NoDisclosureForAdditionalOffers.JPG","200424/TweakBitPCRepairKit-181220/2.0.0.55435/Images/ACR-006/ACR-006_Landingpage_NoDisclosureForCallCenter.JPG"],"guid":"76522c51-61f5-498a-83bb-7c7edc372ec2_2.0.0.55435_1","appID":"TweakBitPCRepairKit-181220","dateAdded":"200424","deceptorType":"App","name":"TweakBit PC Repair Kit","company":"Tweakbit Pty Ltd","version":"2.0.0.55435","firstVendorContactDate":"200505","firstAppEsteemReplyDate":"200507","firstResolvedDate":"200507","firstResolvedVersion":"2.0.0.55916","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.1,1.8.4.3,1.8.4.2;NonCertified:1.8.4.8;Deceptor:1.8.4.17;1.8.4.18;1.8.4.16;2.0.0.55435","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-08T01:52:20.1637476+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1939},{"violations":{"ACR-003":"The app uses bars with \"traffic light\" colors to mislead the consumer.\n","ACR-004":"The app does not provide free fixes for free scan results.\n","ACR-071":"The offer for \"File Recovery\" cannot be declined independently.\n","ACR-014":"The app uses bars and \"traffic light\" colors to mislead the consumer.\n","ACR-165":"App does not disclose whether the offered product is free for lifetime or there might be a change in price after subscription period.\n"},"nonDeceptorViolations":{"ACR-171":"The additional offer presented to the consumer is default opt-in instead of opt-out.\n","ACR-014":"The landing page displays outdated screenshots of the app.\n"},"samples":[{"isRevoked":"False","fileName":"pc-repair-kit-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","fileVersion":"1.8","hashMD5":"10db3ac64b8d52689131bc6a20e56cc1","hashSHA1":"ada6e7ef7f042701be868d53833a3397a071db35","hashSHA256":"51636e48710e8ced1620d29a3fabf3d87f57e9b18c60512b3d86164636cdc477","digitalCertThumbprint":"EAEAA52A54FDF3D05D1323937BB07CFFE3480955","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU, SERIALNUMBER=624 255 956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"2522","avBlockList":["360 Total Security (20200302)","Avast Internet Security (20200224)","AVG Internet Security (20200302)","Avira Internet Security (20200302)","Bitdefender Internet Security (20200302)","COMODO Antivirus (20200302)","Dr.Web Security Space (20200302)","ESET Internet Security (20200302)","G DATA INTERNET SECURITY (20200302)","K7 Total Security (20200302)","Kaspersky Internet Security (20200302)","Malwarebytes Premium (20200302)","McAfee Total Protection (20200302)","Panda Dome (20200302)","Quick Heal Internet Security (20200302)","Sophos Home Premium (20200302)","SpyHunter5 (20200302)","VIPRE Advanced Security (20200302)","VirIT eXplorer PRO (20200302)","Webroot SecureAnywhere (20200302)","Avast Premium Security (20200302)"],"avAllowList":["Norton Security (20200302)","Tencent PC Manager (20200302)","Trend Micro Internet Security (20200302)","Windows Defender (20200302)"]},{"isRevoked":"False","fileName":"PCRepairKit.exe","companyName":"TweakBit","fileVersion":"1.8","hashMD5":"27fd0bbaf60091bbc57017c92a8d75f6","hashSHA1":"f379349745b2e99cd6a1a9aa57da367e287b4f46","hashSHA256":"a00fe64831573cd4276f66a6d5f715dd6294376715eba796992024bb20b06554","digitalCertThumbprint":"4A58FC351F89EA0D0E78FDB78D59F394CE0B1461","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, STREET=\"Suite 301, Level 3, 77 King Street\", L=Sydney, S=NSW, PostalCode=2000, C=AU","sourceIndex":"2522","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-repair-kit/","directDownloadingLink":"http://www.tweakbit.com/pc-repair-kit/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/pc-repair-kit/download/","sourceIndex":"2522"},{"howFound":"Google Ad","reference":"https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwiohJaLpK_nAhXTFn0KHe7fBLYYABAAGgJwdg&ohost=www.google.com&cid=CAASEuRoKu-T8HnEgDKrmHqMsDw8Cw&sig=AOD64_1WGnpy6lIcfzg5GUjuvncJ_T-8WQ&q=&ved=2ahUKEwiY0ZCLpK_nAhXMqp4KHdYJAJAQ0Qx6BAgNEAE&adurl=","landingPage":"https://www.tweakbit.com/land/multiproduct/1?build=ppc&gclid=EAIaIQobChMIqISWi6Sv5wIV0xZ9Ch3u3wS2EAAYASAAEgIWmPD_BwE","directDownloadingLink":"https://tweakbit.com/pc-repair-kit/download1?_sid=mK62W8EAjb&_auid=AU1.1.2d3k5v.bc43b57b0ccdd","ipv4":"","ipv6":"","sourceIndex":"2523"}],"sampleFiles":["200207/TweakBitPCRepairKit-181220/1.8.4.16/Samples/pc-repair-kit-setup.exe","200207/TweakBitPCRepairKit-181220/1.8.4.16/Samples/PCRepairKit.exe"],"imageFiles":["200207/TweakBitPCRepairKit-181220/1.8.4.16/Images/ACR-003/TweakBit PC Repair Kit Bars.png","200207/TweakBitPCRepairKit-181220/1.8.4.16/Images/ACR-014/TweakBit PC Repair Kit Bars.png","200207/TweakBitPCRepairKit-181220/1.8.4.16/Images/ACR-004/TweakBit PC Repair Kit 004.gif","200207/TweakBitPCRepairKit-181220/1.8.4.16/Images/ACR-071/TweakBit PC Repair Kit Internal Offers.png","200207/TweakBitPCRepairKit-181220/1.8.4.16/Images/ACR-165/TweakBit PC Repair Kit Internal Offers.png"],"nonDeceptorImageFiles":["200207/TweakBitPCRepairKit-181220/1.8.4.16/Images/ACR-014/TweakBit PC Repair Kit Congrats.png","200207/TweakBitPCRepairKit-181220/1.8.4.16/Images/ACR-171/TweakBit PC Repair Kit Internal Offers.png","200207/TweakBitPCRepairKit-181220/1.8.4.16/Images/ACR-006/TweakBit PC Repair Kit Congrats.png"],"guid":"76522c51-61f5-498a-83bb-7c7edc372ec2_1.8.4.16_1","appID":"TweakBitPCRepairKit-181220","dateAdded":"200424","deceptorType":"App","name":"TweakBit PC Repair Kit","company":"Tweakbit Pty Ltd","version":"1.8.4.16","sigName":"Deceptor:Win32/TweakBitPCRepairKit!003014004071165","firstVendorContactDate":"200505","firstAppEsteemReplyDate":"200507","firstResolvedDate":"200507","firstResolvedVersion":"2.0.0.55916","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.1,1.8.4.3,1.8.4.2;NonCertified:1.8.4.8;Deceptor:1.8.4.17;1.8.4.18;1.8.4.16;2.0.0.55435","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1940},{"violations":{"ACR-003":"The app doesn't substantiate identified issues under stability.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pc-repair-kit-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit PCRepairKit                                        ","productVersion":"1.8.4.18                                          ","fileVersion":"1.x                 ","hashMD5":"6581303908e3c89cdefea08c012a256a","hashSHA1":"b30ffff71b607a5a4822c5b2cac8df8877a7ca27","hashSHA256":"ead0b21ee74b7f4d0a4c8bc4d75cf3ba8dc14c2885f9eb9b23639f53fffc0936","digitalCertThumbprint":"EAEAA52A54FDF3D05D1323937BB07CFFE3480955","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"2647","avBlockList":["360 Total Security (20200309)","Avast Internet Security (20200217)","AVG Internet Security (20200309)","Bitdefender Internet Security (20200309)","Dr.Web Security Space (20200309)","ESET Internet Security (20200309)","G DATA INTERNET SECURITY (20200309)","K7 Total Security (20200309)","Kaspersky Internet Security (20200309)","Malwarebytes Premium (20200309)","Norton Security (20200309)","Panda Dome (20200309)","Quick Heal Internet Security (20200309)","Sophos Home Premium (20200309)","SpyHunter5 (20200309)","Tencent PC Manager (20200309)","VIPRE Advanced Security (20200309)","VirIT eXplorer PRO (20200309)","Webroot SecureAnywhere (20200309)","Windows Defender (20200309)","McAfee Total Protection (20200309)","Avast Premium Security (20200309)"],"avAllowList":["Avira Internet Security (20200309)","COMODO Antivirus (20200309)","Trend Micro Internet Security (20200309)"]}],"additionalFiles":[],"sources":[{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-repair-kit/","directDownloadingLink":"http://www.tweakbit.com/pc-repair-kit/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/pc-repair-kit/download/","sourceIndex":"2647"}],"sampleFiles":["191008/TweakBitPCRepairKit-181220/1.8.4.18/Samples/pc-repair-kit-setup.exe"],"imageFiles":["191008/TweakBitPCRepairKit-181220/1.8.4.18/Images/ACR-003/ACR-003_Software_NotSubstantiatingTheResults.JPG","191008/TweakBitPCRepairKit-181220/1.8.4.18/Images/ACR-003/004_3.png"],"nonDeceptorImageFiles":[],"guid":"76522c51-61f5-498a-83bb-7c7edc372ec2_1.8.4.18_1","appID":"TweakBitPCRepairKit-181220","dateAdded":"200424","deceptorType":"App","name":"TweakBit PC Repair Kit","company":"Tweakbit Pty Ltd","version":"1.8.4.18","firstVendorContactDate":"200505","firstAppEsteemReplyDate":"200507","firstResolvedDate":"200507","firstResolvedVersion":"2.0.0.55916","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.1,1.8.4.3,1.8.4.2;NonCertified:1.8.4.8;Deceptor:1.8.4.17;1.8.4.18;1.8.4.16;2.0.0.55435","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1941},{"violations":{"ACR-003":"App exaggerates the urgency of the free scan results with colors and gauges. App does not substantiate some of its free scan results.\n","ACR-004":"The application shows free scan results that request pay for subscription fee to fix them. App uses graphics of gauges to present the unsubstantiated different level of severity for the items reported during free scan\n","ACR-017":"Internal Offers Page displays non-verifiable certifications.\n","ACR-071":"The user is not able to independently buy PCRepairKit, they must also get FileRecovery.\n","ACR-014":"App makes claims about junk files, and alerts but does not substantiate them with details.\n","ACR-165":"Internal Offers Page does not disclose whether the offered product is free for lifetime or there might be a change in price after subscription period.\n"},"nonDeceptorViolations":{"ACR-160":"The app does not use certified call center\n","ACR-171":"The consumer is required to opt-out of additional payments for TweakBit FileRecovery and TweakBit PCBooster, which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"pc-repair-kit-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit PCRepairKit                                        ","productVersion":"1.8.4.17                                          ","fileVersion":"1.x                 ","hashMD5":"d3776f5bc0b96e050debfc6e37d9ac33","hashSHA1":"41824f3ba0176662f06794daa9a6655645145c69","hashSHA256":"15cb12e736a0729d39c604c265aca50c40fc77505a30df4467e80a4d7d9e1c1c","digitalCertThumbprint":"EAEAA52A54FDF3D05D1323937BB07CFFE3480955","sourceIndex":"2698","avBlockList":["360 Total Security (20191007)","Avast Internet Security (20191007)","AVG Internet Security (20191007)","Avira Internet Security (20191007)","Bitdefender Internet Security (20191007)","Dr.Web Security Space (20191007)","ESET Internet Security (20191007)","G DATA INTERNET SECURITY (20191007)","K7 Total Security (20191007)","Malwarebytes Premium (20191007)","McAfee Total Protection (20191007)","Sophos Home Premium (20191007)","Tencent PC Manager (20191007)","VIPRE Advanced Security (20191007)","VirIT eXplorer PRO (20191007)","Webroot SecureAnywhere (20191007)","Windows Defender (20191007)"],"avAllowList":["COMODO Antivirus (20191007)","Kaspersky Internet Security (20191007)","Norton Security (20191007)","Panda Dome (20191007)","Quick Heal Internet Security (20191007)","Trend Micro Internet Security (20191007)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TweakBit\\PCRepairKit\\PCRepairKit.exe","companyName":"TweakBit","productName":"PCRepairKit","productVersion":"1.x","fileVersion":"1.8.4.17","hashMD5":"78b2d9981c5dcc99ff59566e8bab76fb","hashSHA1":"dfc1a6c1545898243a36c72ddacb81afc2c550bf","hashSHA256":"645b71c9ec00941b2df3038962ff3fe10617cf7674ec49066ef0a671de61b2ff","digitalCertThumbprint":"4A58FC351F89EA0D0E78FDB78D59F394CE0B1461","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, STREET=\"Suite 301, Level 3, 77 King Street\", L=Sydney, S=NSW, PostalCode=2000, C=AU","sourceIndex":"2698","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"reported as possible deceptor (email)","reference":"https://www.tweakbit.com/en/land/pc-repair/support?build=velis&content=velis&exit=3&clkn=velismedia&clkid=1625x5227x2019092102373842b522&utm_source=velismedia&utm_medium=pc-repair-kit&utm_term=US_&utm_campaign=Velis-Media-PCRspprt-EN-US&startdownload=6 ","landingPage":"https://www.tweakbit.com/en/land/pc-repair/support?build=velis&content=velis&exit=3&clkn=velismedia&clkid=1625x5227x2019092102373842b522&utm_source=velismedia&utm_medium=pc-repair-kit&utm_term=US_&utm_campaign=Velis-Media-PCRspprt-EN-US&startdownload=6","directDownloadingLink":"http://dynamicdownloads.tweakbit.com/prk/def/pc-repair-kit-setup","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dynamicdownloads.tweakbit.com/prk/def/pc-repair-kit-setup","sourceIndex":"2698"}],"sampleFiles":["190920/TweakBitPCRepairKit-181220/1.8.4.17/Samples/pc-repair-kit-setup.exe","190920/TweakBitPCRepairKit-181220/1.8.4.17/Samples/PCRepairKit.exe"],"imageFiles":["190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-003/003.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-003/main.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-003/004.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-003/004_3.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-014/003.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-014/004_3.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-017/017.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-004/004.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-004/main.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-004/160.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-004/004_2.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-004/171.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-004/004_3.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-071/071.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-165/071.png"],"nonDeceptorImageFiles":["190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-160/160.png","190920/TweakBitPCRepairKit-181220/1.8.4.17/Images/ACR-171/171.png"],"guid":"76522c51-61f5-498a-83bb-7c7edc372ec2_1.8.4.17_1","appID":"TweakBitPCRepairKit-181220","dateAdded":"200424","deceptorType":"App","name":"TweakBit PC Repair Kit","company":"Tweakbit Pty Ltd","version":"1.8.4.17","firstVendorContactDate":"200505","firstAppEsteemReplyDate":"200507","firstResolvedDate":"200507","firstResolvedVersion":"2.0.0.55916","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.1,1.8.4.3,1.8.4.2;NonCertified:1.8.4.8;Deceptor:1.8.4.17;1.8.4.18;1.8.4.16;2.0.0.55435","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1942},{"violations":{"ACR-003":"App does not substantiate the claims about the system's health.\n","ACR-004":"The application shows free scan results that request pay for subscription fee to fix them. App uses graphics of gauges to present the unsubstantiated different level of severity for the items reported during free scan\n","ACR-017":"Internal Offers Page displays non-verifiable certifications.\n","ACR-071":"The user is not able to independently buy PCRepairKit, they must also get FileRecovery.\n","ACR-014":"App makes claims about junk files, and alerts but does not substantiate them with details.\n","ACR-055":"The option needs to be made obvious to the consumer as the app displays \"Exit without resolving issues\", which attempts to guilt the consumer to take action.\n","ACR-165":"Internal Offers Page does not disclose whether the offered product is free for lifetime or there might be a change in price after subscription period.\n"},"nonDeceptorViolations":{"ACR-160":"App does not use a certified call center.\n","ACR-099":"Uninstall information is not displayed on the Internal Offers Page.\n","ACR-171":"The consumer is required to opt-out of additional payments for TweakBit FileRecovery and TweakBit PCBooster, which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"pc-repair-kit-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","fileVersion":"1.8","hashMD5":"afb55a007ce483824dc5ba5314d9c8da","hashSHA1":"6a2ad7af62675778de1bd1af8e9134b43c1f17a2","hashSHA256":"038379bada91c64d5999aaf4a0edb6b2636c0b50a6312e051d2ce59aaadb2423","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU, SERIALNUMBER=624 255 956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"3091","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","Avira Internet Security (20190404)","ESET Internet Security (20190404)","K7 Total Security (20190404)","Kaspersky Internet Security (20190404)","Malwarebytes Premium (20190404)","McAfee Total Protection (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","COMODO Antivirus (20190404)","Dr.Web Security Space (20190404)"],"avAllowList":["Bitdefender Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","Norton Security (20190404)","Trend Micro Internet Security (20190404)","360 Total Security (20190404)","F-PROT Antivirus for Windows (20190404)","Quick Heal Internet Security (20190404)","SpyHunter5 (20190404)","Tencent PC Manager (20190404)","VIPRE Advanced Security (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-repair-kit/","directDownloadingLink":"http://www.tweakbit.com/pc-repair-kit/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/pc-repair-kit/download/","sourceIndex":"3091"},{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-speed-up","ipv4":"","ipv6":"","sourceIndex":"3092"}],"sampleFiles":["190305/TweakBitPCRepairKit-181220/1.8.4.2/Samples/pc-repair-kit-setup.exe"],"imageFiles":["190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-055/PCRepairKit Before Closing Tweakbit.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-003/PCRepairKit Unsubstantiated Claims.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-014/PCRepairKit Unsubstantiated Claims.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-017/PCRepairKit Bottom of Internal Offers Page.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-004/PCRepairKit Before Internal Offers Page.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-004/PCRepairKit Internal Offers Page.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-004/PCRepairKit Register Now.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-004/PCRepairKit Scan Results.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-071/TweakbitRepairKit.PNG","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-165/PCRepairKit Internal Offers Page.png"],"nonDeceptorImageFiles":["190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-160/PCRepairKit Register Now.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-099/PCRepairKit Bottom of Internal Offers Page.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-165/PCRepairKit Free File Recovery.png","190305/TweakBitPCRepairKit-181220/1.8.4.2/Images/ACR-171/PCRepairKit Before Internal Offers Page.png"],"guid":"76522c51-61f5-498a-83bb-7c7edc372ec2_1.8.4.2_1","appID":"TweakBitPCRepairKit-181220","dateAdded":"200424","deceptorType":"App","name":"TweakBit PC Repair Kit","company":"Tweakbit Pty Ltd","version":"1.8.4.2","sigName":"Deceptor:Win32/TweakBitPCRepairKit!055003014017004071 ","firstVendorContactDate":"200505","firstAppEsteemReplyDate":"200507","firstResolvedDate":"200507","firstResolvedVersion":"2.0.0.55916","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.1,1.8.4.3,1.8.4.2;NonCertified:1.8.4.8;Deceptor:1.8.4.17;1.8.4.18;1.8.4.16;2.0.0.55435","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1943},{"violations":{"ACR-003":"App does not substantiate the claims about the system's health.\n","ACR-004":"App does not provide free fix for the identified issues identified during “Free Scan”. App exaggerates the urgency of the free scan results with colors and gauges. App does not substantiate some of its free scan results.\n","ACR-168":"The app displays a bigger font support call center phone number, but does not provide an equally prominent non-interaction option to the consumer\nThe app displays a support call center phone number in the internal offers page, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n","ACR-014":"App make claims about the registry, junk files, and alerts, but does not substantiate them with details.\n","ACR-055":"The option needs to be made obvious to the consumer as the app displays \"Exit without resolving issues\", which attempts to guilt the consumer to take action.\n","ACR-165":"The internal offers page does not disclose enough information about the time-bound discounts whether there might be a change in the pricing after 3 months (The renewal price is still based on discounted price or back to original price). \n"},"nonDeceptorViolations":{"ACR-088":"The app performs system scan automatically without the consumer's action and authorization.\n","ACR-160":"App does not use a certified call center.\n"},"samples":[{"isRevoked":"False","fileName":"PCRepairKit.exe","companyName":"TweakBit","fileVersion":"1.8","hashMD5":"b8ca458121375bce58ac0515e50eea28","hashSHA1":"c511e119949fa14998e3086d6ef563935935343f","hashSHA256":"cf85c3fe6e35e910e705c21e46378dfcaea93ae192b3bd6356800cd30d7b6d12","digitalCertThumbprint":"0779654A4BB176E3864104E3D2F8FA96359C6877","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU","sourceIndex":"3205","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pc-repair-kit-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","fileVersion":"1.8","hashMD5":"0079667f3ba9099501bbc1b4079f731b","hashSHA1":"adfd5c0cf17a1e8fc61ad48f065d0ba7327843a8","hashSHA256":"226f1b71ae6bf5d7ce2acd21056453c55acfc3ef267c347bad7ec78903ec3933","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU, SERIALNUMBER=624 255 956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"3205","avBlockList":["Avast Internet Security (20200217)","AVG Internet Security (20200309)","Avira Internet Security (20200309)","Bitdefender Internet Security (20200309)","ESET Internet Security (20200309)","G DATA INTERNET SECURITY (20200309)","K7 Total Security (20200309)","Kaspersky Internet Security (20200309)","Malwarebytes Premium (20200309)","McAfee Total Protection (20200309)","Norton Security (20200309)","Panda Dome (20200309)","Sophos Home Premium (20200309)","VirIT eXplorer PRO (20200309)","Webroot SecureAnywhere (20200309)","Windows Defender (20200309)","360 Total Security (20200309)","COMODO Antivirus (20200309)","Dr.Web Security Space (20200309)","Quick Heal Internet Security (20200309)","SpyHunter5 (20200309)","Tencent PC Manager (20200309)","VIPRE Advanced Security (20200309)","Avast Premium Security (20200309)"],"avAllowList":["Trend Micro Internet Security (20200309)","F-PROT Antivirus for Windows (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-repair-kit/","directDownloadingLink":"http://www.tweakbit.com/pc-repair-kit/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/pc-repair-kit/download/","sourceIndex":"3205"}],"sampleFiles":["190207/TweakBitPCRepairKit-181220/1.8.4.3/Samples/PCRepairKit.exe","190207/TweakBitPCRepairKit-181220/1.8.4.3/Samples/pc-repair-kit-setup.exe"],"imageFiles":["190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-055/TweakBit Before Closing.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-003/TweakBit Event Log and Junk Files.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-003/TweakBit Stability Issues.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-014/TweakBit Stability Issues.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-014/TweakBit Event Log and Junk Files.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-004/PCRepairKit Register.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-004/PCRepairKit Scan Results.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-004/TweakBit Stability Issues.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-004/TweakBit Event Log and Junk Files.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-168/PCRepairKit Register.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-168/PCRepairKit Checkout Page.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-165/PCRepairKit Checkout Page.png"],"nonDeceptorImageFiles":["190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-160/TweakBit PC Repair Kit AutoScan.png","190207/TweakBitPCRepairKit-181220/1.8.4.3/Images/ACR-165/PCRepairKit Free File Recovery.png"],"guid":"76522c51-61f5-498a-83bb-7c7edc372ec2_1.8.4.3_1","appID":"TweakBitPCRepairKit-181220","dateAdded":"200424","deceptorType":"App","name":"TweakBit PC Repair Kit","company":"Tweakbit Pty Ltd","version":"1.8.4.3","sigName":"Deceptor:Win32/PCRepairKit!003004014055168","firstVendorContactDate":"200505","firstAppEsteemReplyDate":"200507","firstResolvedDate":"200507","firstResolvedVersion":"2.0.0.55916","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.1,1.8.4.3,1.8.4.2;NonCertified:1.8.4.8;Deceptor:1.8.4.17;1.8.4.18;1.8.4.16;2.0.0.55435","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1945},{"violations":{"ACR-050":"The app bypasses User Account Controls (UAC) at application launch by default. App did not disclose this information to the user in the EULA or during installation.\n","ACR-004":"The app does not fix free scan results for free.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"DG_Setup.exe","isInstaller":"True","companyName":"Driver-Soft Inc.                                            ","fileVersion":"20.0","hashMD5":"81bbc8b51619d815d2154240c4dd523f","hashSHA1":"b421a057078adb0e3b946c5e11a44199173846fe","hashSHA256":"a07f1c0930698dedd8448be09c01d6a9596eda81d57b1a35e2741faf512df8da","digitalCertThumbprint":"6CFAA6D1B2B605E6A5070234942150085A7AA6FA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Driver Information Technology Co., Ltd.\", O=\"Driver Information Technology Co., Ltd.\", L=ChangSha, S=HuNan, C=CN","sourceIndex":"2479","avBlockList":["Avast Premium Security (20200428)","AVG Internet Security (20200430)","Avira Internet Security (20200430)","Dr.Web Security Space (20200430)","ESET Internet Security (20200430)","K7 Total Security (20200430)","Norton Security (20200430)","Panda Dome (20200430)","SpyHunter5 (20200430)","Total AV Antivirus Pro (20200430)","Webroot SecureAnywhere (20200430)","VirIT eXplorer PRO (20200430)"],"avAllowList":["360 Total Security (20200430)","Bitdefender Internet Security (20200430)","COMODO Antivirus (20200430)","G DATA INTERNET SECURITY (20200430)","Kaspersky Internet Security (20200430)","Malwarebytes Premium (20200430)","McAfee Total Protection (20200430)","Quick Heal Internet Security (20200430)","Tencent PC Manager (20200430)","Trend Micro Internet Security (20200430)","VIPRE Advanced Security (20200430)","Windows Defender (20200430)","Sophos Home Premium (20200430)"]},{"isRevoked":"False","fileName":"DriverGenius.exe","companyName":"Driver-Soft Inc.","fileVersion":"20.0","hashMD5":"50c96160839d8d10b35248ccba232488","hashSHA1":"c732061e9c42f8b4c7a1c344db300734bbaeaaaa","hashSHA256":"e36389fe25d7d3bfc042985f9fef21f5ef4c088b538a53b5c447a9b7549e1485","digitalCertThumbprint":"6CFAA6D1B2B605E6A5070234942150085A7AA6FA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Driver Information Technology Co., Ltd.\", O=\"Driver Information Technology Co., Ltd.\", L=ChangSha, S=HuNan, C=CN","sourceIndex":"2479","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com (update drivers for free)","landingPage":"http://www.driver-soft.com/","directDownloadingLink":"https://gsf-cf.softonic.com/956/601/e363efe6af0f04ff7784efaa0f0276e004/DG_Setup_17.exe?SD_used=0&channel=WEB&fdh=no&id_file=53624&instance=softonic_en&type=PROGRAM&Expires=1519881003&Signature=bKEtxw0SUHS7dGADZn0pD6haApaNstZNYE2UP3SFtKUTKW445czF2-Xn08SeWr7mTGCCVgLqt2hgePwGXMP8OhiYUbRYOcLATbtQAIFUa9xENeqTdwFUETfJGA08YQsw~5hhwWbCN-XaxHNsC94Zu6PiXEksHB8s171dFfT3crs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=DG_Setup_17.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://gsf-cf.softonic.com/956/601/e363efe6af0f04ff7784efaa0f0276e004/DG_Setup_17.exe?SD_used=0&channel=WEB&fdh=no&id_file=53624&instance=softonic_en&type=PROGRAM&Expires=1519881003&Signature=bKEtxw0SUHS7dGADZn0pD6haApaNstZNYE2UP3SFtKUTKW445czF2-Xn08SeWr7mTGCCVgLqt2hgePwGXMP8OhiYUbRYOcLATbtQAIFUa9xENeqTdwFUETfJGA08YQsw~5hhwWbCN-XaxHNsC94Zu6PiXEksHB8s171dFfT3crs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=DG_Setup_17.exe","sourceIndex":"2479"}],"sampleFiles":["200424/DriverGenius-180228/20.0/Samples/DG_Setup.exe","200424/DriverGenius-180228/20.0/Samples/DriverGenius.exe"],"imageFiles":["200424/DriverGenius-180228/20.0/Images/ACR-050/DriverGenius UAC.png","200424/DriverGenius-180228/20.0/Images/ACR-004/DriverGenius 004.gif"],"nonDeceptorImageFiles":["200424/DriverGenius-180228/20.0/Images/ACR-065/DriverGenius EULA1.png","200424/DriverGenius-180228/20.0/Images/ACR-065/DriverGenius Install.png","200424/DriverGenius-180228/20.0/Images/ACR-065/DriverGenius About.png","200424/DriverGenius-180228/20.0/Images/ACR-091/ACR_091_SCREENSHOT_1.PNG","200424/DriverGenius-180228/20.0/Images/ACR-091/ACR_091_SCREENSHOT_2.PNG","200424/DriverGenius-180228/20.0/Images/ACR-099/DriverGenius About.png","200424/DriverGenius-180228/20.0/Images/ACR-099/DriverGenius Landing Page.png","200424/DriverGenius-180228/20.0/Images/ACR-099/DriverGenius Landing Page.png"],"guid":"46323603-dc8f-4cde-bfb9-a1e5807c2036_20.0_1","appID":"DriverGenius-180228","dateAdded":"200424","deceptorType":"App","name":"Driver Genius","company":"Driver-Soft Inc.","version":"20.0","sigName":"Deceptor:Win32/DriverGenius!004050","firstVendorContactDate":"200430","firstAppEsteemReplyDate":"200430","firstResolvedDate":"200502","firstResolvedVersion":"20.0.0.124","resolved":"TRUE","lastKnownStatus":"20.0","lastKnownDate":"200424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2020-05-03T21:24:55.0648502+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1946},{"violations":{"ACR-016":"Clicking the \"Download Now\" button auto-downloads without directing user to offered app's landing page or making an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Affiliate monitor","reference":"https://adwareremoval.info/","landingPage":"https://adwareremoval.info/","ipv4":"","ipv6":"","sourceIndex":"2476"}],"sampleFiles":[],"imageFiles":["200424/AdwareremovalInfo-200423/200423/Images/ACR-016/AdwareremoveInfo_016.JPG"],"nonDeceptorImageFiles":[],"guid":"a876454e-c4fe-456e-aa50-25dbea01d2f2_200423_1","appID":"AdwareremovalInfo-200423","dateAdded":"200424","deceptorType":"Affiliate","name":"AdwareremovalInfo","company":"adwareremoval.info","version":"200423","sigName":"Deceptor:Affiliate/AdwareremovalInfo!016","firstVendorContactDate":"200430","firstAppEsteemReplyDate":"200430","firstResolvedDate":"200504","firstResolvedVersion":"200504","resolved":"TRUE","lastKnownStatus":"200424","lastKnownDate":"200424","type":"Affiliate","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","monetization":"display ads","lastUpdate":"2020-05-04T20:25:59.7415071+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1947},{"violations":{"ACR-003":"The app needs to substantiate all the identified issues to the consumer.\n","ACR-004":"1. The app needs to provide free fix for the identified issues identified during “Free Scan” 2. The app should avoid raising \"Urgency/Priority/Color Graphic\" for the identified issues. \n","ACR-168":"The app displays a bigger font support call center phone number, but does not provide an equally prominent non-interaction option to the consumer\n","ACR-055":"The option needs to be made obvious to the consumer as the app displays \"Exit without resolving issues\", which attempts to guilt the consumer to take action.\n","ACR-165":"The internal offers page does not disclose enough information about the time-bound discounts whether there might be a change in the pricing after 3 months (The renewal price is still based on discounted price or back to original price). \n"},"nonDeceptorViolations":{"ACR-088":"The app performs system scan automatically without the consumer's action and authorization.\n","ACR-160":"The app needs to use certified call center.\n","ACR-168":"The app displays a support call center phone number in the landing page, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n","ACR-014":"The app needs to replace \"Outdated\" images with \"Up-to-date\" images in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"pc-repair-kit-setup_sidf4dpivipst.exe","isInstaller":"True","companyName":"TweakBit","productName":"PCRepairKit","productVersion":"1.x","fileVersion":"1.8.4.1","hashMD5":"b271d79992e938ced0c0f798f9f62dbe","hashSHA1":"e65adf675967a5149e7666c31f902f462ef55426","hashSHA256":"9f1ebd51419ed228e5fd20237d1349cb283a4aa8ec40aa6a122d6dc5287494c9","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"3184","avBlockList":["Avira Internet Security (20190121)","ESET Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","K7 Total Security (20190121)","Kaspersky Internet Security (20190121)","Malwarebytes Premium (20190121)","McAfee Total Protection (20190121)","Panda Dome (20190121)","Sophos Home Premium (20190121)","VirIT eXplorer PRO (20190121)","Webroot SecureAnywhere (20190121)"],"avAllowList":["Avast Internet Security (20190121)","AVG Internet Security (20190121)","Bitdefender Internet Security (20190121)","Norton Security (20190121)","Trend Micro Internet Security (20190121)","Windows Defender (20190121)"]}],"additionalFiles":[],"sources":[{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-repair-kit/","directDownloadingLink":"http://www.tweakbit.com/pc-repair-kit/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/pc-repair-kit/download/","sourceIndex":"3184"}],"sampleFiles":["190207/TweakBitPCRepairKit-181220/1.8.4.1/Samples/pc-repair-kit-setup_sidf4dpivipst.exe"],"imageFiles":["190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-055/ACR-055_InlineOffers_NegativeStatement.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-003/ACR-003_Software_NeedsToSubstantiateIssues.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-004/ACR-004_Software_RaisesUrgency.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-168/ACR-168_InlineOffers_NoNonInteractiveOption.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-165/ACR-165_InternalOffers_NeedInfoOnTimeBoundDiscount1.JPG"],"nonDeceptorImageFiles":["190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-014/ACR-014_LandingPage_NeedsToUpdateScreenshot.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-014/ACR-014_LandingPage_NeedsToUpdateScreenshot1.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-014/ACR-014_LandingPage_NeedsToUpdateScreenshots.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-088/ACR-088_Software_AutoScanPostInstall.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-160/ACR-160_Software_NeedsToUseCertifiedCallCenter.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-168/ACR-168_LandingPage_NoDisclosureAboutAdditionalOffers.JPG","190207/TweakBitPCRepairKit-181220/1.8.4.1/Images/ACR-165/ACR-165_LandingPage_NeedInfoOnTimeBoundDiscount.JPG"],"guid":"76522c51-61f5-498a-83bb-7c7edc372ec2_1.8.4.1_1","appID":"TweakBitPCRepairKit-181220","dateAdded":"200424","deceptorType":"App","name":"TweakBit PC Repair Kit","company":"Tweakbit Pty Ltd","version":"1.8.4.1","sigName":"Deceptor:Win32/TweakBitPCRepairKit!004055003168","firstVendorContactDate":"200505","firstAppEsteemReplyDate":"200507","firstResolvedDate":"200507","firstResolvedVersion":"2.0.0.55916","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.1,1.8.4.3,1.8.4.2;NonCertified:1.8.4.8;Deceptor:1.8.4.17;1.8.4.18;1.8.4.16;2.0.0.55435","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-05-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":7,"sortOrder":1944},{"violations":{"ACR-010":"The website provides application that is pretended to be MyCleanPC installer, instead it is a malicious program (h x x p s://pccleaner.site/njw437jl.exe, hash: 01b9fd5f72aaa7b92767370c08f9fe1561c1cbb536ed6fe68a66cc66e8afa5fd). The installer is crafted with signing cert which was issued to MyCleanPC program. \n\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"PCCleaner.site","ipv4":"","ipv6":"","sourceIndex":"2491"}],"sampleFiles":[],"imageFiles":["200423/PCCleanerSite-200423/200423/Images/ACR-010/FakeMyCleanPC.JPG","200423/PCCleanerSite-200423/200423/Images/ACR-010/FakeMyCleanPC_1.JPG","200423/PCCleanerSite-200423/200423/Images/ACR-010/FakeMyCleanPC_2.JPG"],"nonDeceptorImageFiles":[],"guid":"e5f922e5-2c3a-49fe-b69e-4f6f2944276d_200423_1","appID":"PCCleanerSite-200423","dateAdded":"200423","deceptorType":"Affiliate","name":"PCCleanerSite","company":"PCCleaner.Site","version":"200423","type":"Affiliate","targetOS":"None","targetBrowser":"None","lastUpdate":"2020-04-23T22:42:48.0107194+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":1948},{"violations":{"ACR-109":"The app installs FreeGamia shortcut link without user consent. The app downloads \"rkverify.exe, a RelevantKnowledge file.\n","ACR-048":"There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \nThe app does not display links to the EULA or the Privacy Policy. \n","ACR-092":"The app does not have a digital signature for all the executables.\n"},"samples":[{"isRevoked":"False","fileName":"PCCleanerSetup.exe","isInstaller":"True","companyName":"FreeGamia, Inc.                                             ","fileVersion":"0.0","hashMD5":"0a8a091114568abe66896c5ed8dd2c64","hashSHA1":"7d5b847cd8071d929b77f33cda2eec97b2d64aba","hashSHA256":"c3d75fd6ebf6f4d8cbf9a25bf393bc7d4e39187199da23ae9236c330554a5376","sourceIndex":"2495","avBlockList":["360 Total Security (20210429)","Avast Premium Security (20210429)","AVG Internet Security (20210429)","Avira Internet Security (20210429)","Bitdefender Internet Security (20210429)","COMODO Antivirus (20210429)","Dr.Web Security Space (20210429)","ESET Internet Security (20210429)","G DATA INTERNET SECURITY (20210429)","K7 Total Security (20210429)","Kaspersky Internet Security (20210429)","Malwarebytes Premium (20210429)","McAfee Total Protection (20210429)","Norton Security (20210429)","Panda Dome (20210429)","Quick Heal Internet Security (20210429)","Sophos Home Premium (20210429)","SpyHunter5 (20210429)","Tencent PC Manager (20210429)","Total AV Antivirus Pro (20210429)","Trend Micro Internet Security (20210429)","VIPRE Advanced Security (20210429)","VirIT eXplorer PRO (20210429)","Webroot SecureAnywhere (20210429)","Windows Defender (20210429)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCCleaner.exe","fileVersion":"0.0","hashMD5":"5745a885e12cc89e48a1d1190a4ad237","hashSHA1":"8fd17429ea3bad6a79efc94af5f2373b432dfd5d","hashSHA256":"26cb4231aaa753dd605edda412e2bd5ee4814d92389850e5f76db82777654afb","sourceIndex":"2495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rkverify.exe","companyName":"T M R G  , INC.","fileVersion":"0.2","hashMD5":"d44a13d7e798ea394c7272fc256e5d10","hashSHA1":"03046f04352be9b222bc8f15bdbc8ce3a24252a8","hashSHA256":"47890bc80911e6afdeee8aa8de5b678c74757dafd45225565141fdfc05e1b5c6","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2495","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Google Search PC Cleaner","reference":"https://falcoware.com/PCCleaner.php","landingPage":"https://falcoware.com/PCCleaner.php","directDownloadingLink":"http://paul.falcoware.com/rk-distributives/PCCleanerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"2495"}],"sampleFiles":["200422/AgataSoftPCCleaner-200422/1.0/Samples/PCCleanerSetup.exe","200422/AgataSoftPCCleaner-200422/1.0/Samples/PCCleaner.exe","200422/AgataSoftPCCleaner-200422/1.0/Samples/rkverify.exe"],"imageFiles":["200422/AgataSoftPCCleaner-200422/1.0/Images/ACR-109/FileInstalled_DeclineRelevantKnowledge.png","200422/AgataSoftPCCleaner-200422/1.0/Images/ACR-048/FileInstalled_DeclineRelevantKnowledge.png","200422/AgataSoftPCCleaner-200422/1.0/Images/ACR-048/RunningProcess.png"],"nonDeceptorImageFiles":["200422/AgataSoftPCCleaner-200422/1.0/Images/ACR-065/PCCleaner_Installs [1].png","200422/AgataSoftPCCleaner-200422/1.0/Images/ACR-092/FileDetails_Executable.png","200422/AgataSoftPCCleaner-200422/1.0/Images/ACR-092/FileDetails_Installer.png","200422/AgataSoftPCCleaner-200422/1.0/Images/ACR-065/PCCleaner_Scanning [1].png"],"guid":"e20dab52-1dff-43a1-a30b-5f2cb5e3bf09_1.0_1","appID":"AgataSoftPCCleaner-200422","dateAdded":"200422","deceptorType":"Bundler","name":"AgataSoft PC Cleaner","company":"AgataSoft","version":"1.0","sigName":"Deceptor:Win32/AgataSoftPCCleaner!109048","lastKnownStatus":"1.0","lastKnownDate":"200422","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-04-23T01:24:48.1309461+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1949},{"violations":{"ACR-003":"The app uses gauges with alarming patterns/colors to raise an exaggerated sense of urgency.\n","ACR-004":"When the user no longer has beans (in-app currency), the app no longer fixes free scan results. The app uses gauges with alarming colors to raise an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not provide links to the Privacy Policy.\nThe app does not display links to the Privacy Policy.\nThe internal offers page does not display links to the EULA or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"beanox_pcbc14_setup.exe","isInstaller":"True","companyName":"BeanOX UG","fileVersion":"14.6","hashMD5":"24bea79273d37905aea690591bc54203","hashSHA1":"64d5b8f687551f904e7aad8ad3bb1b83f30bd8b1","hashSHA256":"e9760d5525a84c3584c9594b0acb3b62bb33e45ecb2e4b35d7cb005c905a8ce6","digitalCertThumbprint":"767EB0431357E99E80654A728512932CBC4F560B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=BeanOX UG, O=BeanOX UG, STREET=Am Moersbach 9, L=Messel, S=Hesse, PostalCode=64409, C=DE","sourceIndex":"2498","avBlockList":["Avast Premium Security (20200618)","AVG Internet Security (20200618)","Bitdefender Internet Security (20200618)","ESET Internet Security (20200618)","K7 Total Security (20200618)","Kaspersky Internet Security (20200618)","Malwarebytes Premium (20200618)","McAfee Total Protection (20200618)","Norton Security (20200618)","Panda Dome (20200618)","Sophos Home Premium (20200618)","SpyHunter5 (20200618)","VIPRE Advanced Security (20200618)","VirIT eXplorer PRO (20200618)","Webroot SecureAnywhere (20200618)","Windows Defender (20200618)"],"avAllowList":["360 Total Security (20200618)","Avira Internet Security (20200618)","COMODO Antivirus (20200618)","Dr.Web Security Space (20200618)","G DATA INTERNET SECURITY (20200618)","Quick Heal Internet Security (20200618)","Tencent PC Manager (20200618)","Total AV Antivirus Pro (20200423)","Trend Micro Internet Security (20200618)"]},{"isRevoked":"False","fileName":"SUStarter.exe","companyName":"BeanOX UG","fileVersion":"14.6","hashMD5":"94a583904aef954ee62ff5c14e83aaaf","hashSHA1":"88165be0edd2be2e9e250c677f2a2a51403ef12d","hashSHA256":"9a2c9cbe4be10a1252542943880596b3e1d136177301518423a0588a4b64edc5","digitalCertThumbprint":"767EB0431357E99E80654A728512932CBC4F560B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=BeanOX UG, O=BeanOX UG, STREET=Am Moersbach 9, L=Messel, S=Hesse, PostalCode=64409, C=DE","sourceIndex":"2498","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.beanox.com/products/pc-bean-and-clean","directDownloadingLink":"http://download.beanox.com/pcbc14/beanox_pcbc14_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.beanox.com/pcbc14/beanox_pcbc14_setup.exe","sourceIndex":"2498"}],"sampleFiles":["200417/BeanAndClean-200416/14.6.1.10005/Samples/beanox_pcbc14_setup.exe","200417/BeanAndClean-200416/14.6.1.10005/Samples/SUStarter.exe"],"imageFiles":["200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-003/PC BeanClean App.png","200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-004/PC BeanClean 004.gif","200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-004/PC BeanClean App.png"],"nonDeceptorImageFiles":["200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-065/PC BeanClean Install.png","200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-065/PC BeanClean About.png","200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-065/PC BeanClean Internal Offers Page.png","200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-099/PC BeanClean App.png","200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-099/PC BeanClean Landing Page.png","200417/BeanAndClean-200416/14.6.1.10005/Images/ACR-099/PC BeanClean Internal Offers Page.png"],"guid":"f279d5bb-bc87-4850-91a1-67ec1a370022_14.6.1.10005_1","appID":"BeanAndClean-200416","dateAdded":"200417","deceptorType":"App","name":"Bean & Clean","company":"BeanOX UG","version":"14.6.1.10005","sigName":"Deceptor:Win32/BeanClean!003004","lastKnownStatus":"14.6.1.10005","lastKnownDate":"201019","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"in-app purchases","lastUpdate":"2020-10-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1950},{"violations":{"ACR-043":"Third party (Avira) components are installed which are not disclosed to the consumer in the EULA (during install).\n","ACR-003":"The app makes exaggerated claims by labelling items as \"problems\" and using the color red to raise urgency, misleading the user to take action. The app also does not substantiate the issues.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-014":" The app uses exaggerated words \"errors\" and \"problems\" during the scan and does not substantiate the results.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose Privacy Policy during the installation.\nThe app does not contain links to the EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page contains testimonials with no link back to the original source, preventing them from being verified.\n","ACR-099":"The app's about page does not contain links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"WiseAntiMalware.exe","companyName":"WiseCleaner.com","fileVersion":"2.2","hashMD5":"844689b5f9b41b426918887142996871","hashSHA1":"11630397dc7f6cb7aef317f0cd3206aa241960a1","hashSHA256":"9ae67e24b02491a691bcd9de86cdec6305fb36fdbfbc15f0bdc97616123748cb","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"2501","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseAntiMalware_FullInstaller_2.2.1.110.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","fileVersion":"2.2","hashMD5":"5f3ee28374d4350c82d2fc8e072c3e44","hashSHA1":"2cff68dac14518f65eadfe8b1c3a8f5306cb91e5","hashSHA256":"0e974fad9b5bf5b2aea8ddcc64aaaa9bfb36b16aa060d6275e0289440043f49e","digitalCertThumbprint":"2D22CA45602F5AEB44C42F4C6A9CD879D8A23FF7","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"2501","avBlockList":["Avira Internet Security (20200623)","Bitdefender Internet Security (20200623)","Dr.Web Security Space (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","K7 Total Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Quick Heal Internet Security (20200623)","Sophos Home Premium (20200623)","SpyHunter5 (20200623)","Tencent PC Manager (20200623)","Total AV Antivirus Pro (20200623)","VIPRE Advanced Security (20200623)","VirIT eXplorer PRO (20200623)","Webroot SecureAnywhere (20200623)","Windows Defender (20200623)"],"avAllowList":["360 Total Security (20200623)","Avast Premium Security (20200623)","AVG Internet Security (20200623)","COMODO Antivirus (20200623)","Kaspersky Internet Security (20200623)","Trend Micro Internet Security (20200623)"]}],"additionalFiles":[],"sources":[{"howFound":"google search allintext: PC Fix Error","reference":"WiseCleaner.com","landingPage":"https://www.wisecleaner.com/","directDownloadingLink":"http://downloads.wisecleaner.com/soft/WiseAntiMalware_FullInstaller_2.2.1.110.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.wisecleaner.com/soft/WiseAntiMalware_FullInstaller_2.2.1.110.exe","sourceIndex":"2501"}],"sampleFiles":["200414/WiseAntimalware-191216/2.2.1/Samples/WiseAntiMalware.exe","200414/WiseAntimalware-191216/2.2.1/Samples/WiseAntiMalware_FullInstaller_2.2.1.110.exe"],"imageFiles":["200414/WiseAntimalware-191216/2.2.1/Images/ACR-043/ACR-043.png","200414/WiseAntimalware-191216/2.2.1/Images/ACR-084/ACR-084.png","200414/WiseAntimalware-191216/2.2.1/Images/ACR-003/ACR-003.png","200414/WiseAntimalware-191216/2.2.1/Images/ACR-003/ACR-003 [2].png","200414/WiseAntimalware-191216/2.2.1/Images/ACR-003/ACR-003 [3].png","200414/WiseAntimalware-191216/2.2.1/Images/ACR-014/ACR-014.png"],"nonDeceptorImageFiles":["200414/WiseAntimalware-191216/2.2.1/Images/ACR-065/Install.png","200414/WiseAntimalware-191216/2.2.1/Images/ACR-065/About Page.png","200414/WiseAntimalware-191216/2.2.1/Images/ACR-161/ACR-161.png"],"guid":"407b5c3b-c84e-442f-a390-252d11a2d5ca_2.2.1_1","appID":"WiseAntimalware-191216","dateAdded":"200414","deceptorType":"App","name":"Wise Anti Malware","company":"Lespeed Technology Ltd.","version":"2.2.1","lastKnownStatus":"Deceptor:2.1.8,2.2.1","lastKnownDate":"201016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,in-app purchases,display ads","lastUpdate":"2020-10-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1951},{"violations":{"ACR-043":"Third party (Avira) components are installed which are not disclosed to the consumer in the EULA (during install).\n","ACR-003":"App reports 4355 problems about system. The identified issues are not substantiating\n","ACR-084":"1.The silence installation option exist in the app. The usage of this silence installation does not disclosed if this is necessary for app.\" \"<WiseAntiMalware_FullInstaller.exe>\" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART \" . 2.The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n","ACR-103":"On clicking buy now from the register button, it takes the consumer to some other product cart page.\n","ACR-014":" The app uses exaggerated words \"error\" and \"problem\" in the app and does not substantiate identified results\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose Privacy Policy during the installation.\nThe app does not disclose EULA, Returns, Cancellation Policy & Privacy Policy in the app's about page.\nThe app does not disclose EULA, Returns & Cancellation Policy, Privacy Policy in the landing page.\n","ACR-161":"Testimonials are not verifiable.\n","ACR-099":"The app does not disclose uninstall information in the app’s about page.\nThe app does not to disclose uninstall information in the landing page.\n","ACR-167":"The app does not disclose Return Policy in the docs.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Wise\\Wise Anti Malware\\WiseAntiMalware.exe","companyName":"WiseCleaner.com","productName":"Wise Anti-Malware","productVersion":"2.1","fileVersion":"2.1.8.106","hashMD5":"4426f2ab65a78cfa46c6ba4ead253285","hashSHA1":"500de0be95c3747c42936433d00e2b489868b2a9","hashSHA256":"5282764581c648cdb233c96e1c1786f50d5f8d6317d14753b209475a49b54ed4","digitalCertThumbprint":"F66018BD6DA44B00489098A317E127BA9C59C6AD","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Lespeed Technology Ltd.","sourceIndex":"2546","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseAntiMalware_FullInstaller.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","productName":"Wise Anti Malware                                           ","productVersion":"2.1.8                                             ","fileVersion":"2.1.8               ","hashMD5":"d5cf95b7b23734196405d6336b3ef209","hashSHA1":"28a45cd627ff361cba138021c53aac806dd384bd","hashSHA256":"d555865b574a7567f8ab443995aab9dbead3d72418f4abfdeac59751d9d22f03","digitalCertThumbprint":"F66018BD6DA44B00489098A317E127BA9C59C6AD","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Lespeed Technology Ltd.","sourceIndex":"2546","avBlockList":["Avira Internet Security (20200623)","Dr.Web Security Space (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","K7 Total Security (20200623)","Kaspersky Internet Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Quick Heal Internet Security (20200623)","Sophos Home Premium (20200623)","VirIT eXplorer PRO (20200623)","Windows Defender (20200623)","SpyHunter5 (20200623)","Total AV Antivirus Pro (20200623)"],"avAllowList":["360 Total Security (20200623)","Avast Internet Security (20200121)","AVG Internet Security (20200623)","Bitdefender Internet Security (20200623)","COMODO Antivirus (20200623)","Tencent PC Manager (20200623)","Trend Micro Internet Security (20200623)","VIPRE Advanced Security (20200623)","Webroot SecureAnywhere (20200623)","Avast Premium Security (20200623)"]}],"additionalFiles":[],"sources":[{"howFound":"google search allintext: PC Fix Error","reference":"WiseCleaner.com","landingPage":"https://www.wisecleaner.com/download.html","directDownloadingLink":"http://downloads.wisecleaner.com/soft/WiseAntiMalware_FullInstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.wisecleaner.com/soft/WiseAntiMalware_FullInstaller.exe","sourceIndex":"2546"}],"sampleFiles":["191218/WiseAntimalware-191216/2.1.8/Samples/WiseAntiMalware_FullInstaller.exe"],"imageFiles":["191218/WiseAntimalware-191216/2.1.8/Images/ACR-043/ACR-043_Install_AviraComponentInstalledWithoutDisclosure.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-084/ACR-084_Software_SilentInstallationOccurs.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-084/ACR-084_Software_UnableToDisableScheduledTask.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-103/ACR-103_Software_LinkDoesNotWork.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-003/ACR-003_Software_UnsubstantiatedResults.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-014/ACR-014_Software_UsingExaggeratedWords.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-014/ACR-014_Software_UsingExaggeratedWords2.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-014/ACR-014_Software_AppExaggerates.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-014/ACR-014_Software_AppExaggerates1.JPG"],"nonDeceptorImageFiles":["191218/WiseAntimalware-191216/2.1.8/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-065/ACR-065_Software_NoEULAAndNoPrivacyPolicy.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-099/ACR-099_Software_NoUninstallationPolicy.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-065/ACR-065_Landingpage_NoEULA.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-065/ACR-065_Landingpage_NoEULA1.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-099/ACR-099_Landingpage_NoUninstallationPolicy.JPG","191218/WiseAntimalware-191216/2.1.8/Images/ACR-161/ACR-161_LandingPage_UnableToVerifyTestimonials.JPG"],"guid":"407b5c3b-c84e-442f-a390-252d11a2d5ca_2.1.8_1","appID":"WiseAntimalware-191216","dateAdded":"200414","deceptorType":"App","name":"Wise Anti Malware","company":"Lespeed Technology Ltd.","version":"2.1.8","sigName":"Deceptor:Win32/WiseAntimalware!043084103003014","lastKnownStatus":"Deceptor:2.1.8,2.2.1","lastKnownDate":"201016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,in-app purchases,display ads","lastUpdate":"2020-10-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1952},{"violations":{"ACR-004":"App only provides free fixes for some of the scan results shown and uses the unused scan results to upsell the consumer to a subscription service.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The install does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy. \nThe app does not display links to the EULA, Terms of Service, Returns and Cancellation Policy, or Privacy Policy. \nThe landing page does not display links to the EULA.\n","ACR-099":"The app does not display uninstall information. The landing page does not display links to uninstall information. The internal offers page does not display links to uninstall information.\nThe app does not display uninstall information. The landing page does not display links to uninstall information. The internal offers page does not display links to uninstall information.\nThe app does not display uninstall information. The landing page does not display links to uninstall information. The internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"iMac Cleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"07372c38a63248ecf7621c76e188bb9c","hashSHA1":"c019a86ec9f37851f00e217482f1c619f3f3bfe2","hashSHA256":"bc06284427fed26959537254334b4b092e0abb56e1be2f654c9a970ae05f0ac8","sourceIndex":"1296","avBlockList":["Avast Security for Mac (20200516)","Avira Security for Mac (20200516)","ESET Cyber Security Pro for Mac (20200516)","K7 Antivirus for Mac (20200516)","McAfee Internet Security for Mac (20200516)","Norton Security for Mac (20200516)","Sophos Home Premium For Mac (20200516)"],"avAllowList":["Bitdefender Antivirus for Mac (20200516)","G DATA AntiVirus for Mac (20200516)","Kaspersky Internet Security for Mac (20200516)","Trend Micro Antivirus for Mac (20200516)"]},{"isRevoked":"False","fileName":"iMacCleaner","fileVersion":"0.","hashMD5":"c4865eca56df4d40b3ba9fa798590514","hashSHA1":"44faf63706047f99ff7b6ccd712771fa3fec528e","hashSHA256":"9028580cfcdb199b8f927536790228f4b0083a9914b6c01d0366a74788ff2fc1","sourceIndex":"1296","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search : clean up and optimize macos app","reference":"https://www.ccleanmac.com","landingPage":"https://www.ccleanmac.com","directDownloadingLink":"https://www.ccleanmac.com/iMac%20Cleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ccleanmac.com/iMac%20Cleaner.dmg","sourceIndex":"1296"}],"sampleFiles":["200414/iMacCleaner-200414/2.9/Samples/iMac Cleaner.dmg","200414/iMacCleaner-200414/2.9/Samples/iMacCleaner"],"imageFiles":["200414/iMacCleaner-200414/2.9/Images/ACR-004/iMacCleaner_Scanning [1].png","200414/iMacCleaner-200414/2.9/Images/ACR-004/iMacCleaner_Scanning [2].png","200414/iMacCleaner-200414/2.9/Images/ACR-004/iMacCleaner_Scanning [3].png","200414/iMacCleaner-200414/2.9/Images/ACR-004/iMacCleaner_Scanning [4].png"],"nonDeceptorImageFiles":["200414/iMacCleaner-200414/2.9/Images/ACR-045/iMacCleaner_Landing [3].png","200414/iMacCleaner-200414/2.9/Images/ACR-065/iMacCleaner_Installation [1].png","200414/iMacCleaner-200414/2.9/Images/ACR-065/iMacCleaner_Scanning [1].png","200414/iMacCleaner-200414/2.9/Images/ACR-065/iMacCleaner_Landing [2].png","200414/iMacCleaner-200414/2.9/Images/ACR-099/iMacCleaner_Scanning [1].png","200414/iMacCleaner-200414/2.9/Images/ACR-099/iMacCleaner_Landing [2].png","200414/iMacCleaner-200414/2.9/Images/ACR-099/iMacCleaner_Landing [4].png"],"guid":"5da89a3b-847a-4e94-b7f1-65e54272f3f6_2.9_1","appID":"iMacCleaner-200414","dateAdded":"200414","deceptorType":"MacOS App","name":"iMacCleaner ","company":"Elimisoft Inc.","version":"2.9","sigName":"Deceptor:MacOS/iMacCleaner!004","lastKnownStatus":"2.9","lastKnownDate":"200414","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-11-11T21:24:49.0068583+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1953},{"violations":{"ACR-046":"SearchProTools is installed silently by bundler without user consent and awareness  (for example, download manager from Megaup.net, see deceptor affiliate entry for Megaup.net). \n","ACR-048":"The app does not provide control to close it completely and does not remove scheduled task even after uninstalling the app.\n","ACR-006":"The app uses different search providers but does not clearly disclose monetization approach details to the consumer\n","ACR-084":"1. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n2. The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-104":"The app does not disclose clearly that the search is part of the value prop.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose Original filename and Product name for the executables \"sprotools.exe\" and \"SearchProTools_Setup.exe\"\n","ACR-065":"The app does not disclose EULA and Privacy policy in the software.\n","ACR-092":"The app does not have Digital Signature.\n","ACR-099":"The app does not have uninstall information in the software.\nThe app does not have uninstall information in the landing page.\n","ACR-123":"The app does not remove scheduled task even after uninstall\n","ACR-014":"The app does not have up-to-date images in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\US Media Capital\\SearchPro Tools\\sprotools.exe","companyName":"USMC","productName":"","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"4116fe3274e3a0c853d1fd71405ba98f","hashSHA1":"e9f2b73b32b3c1d730b3560ebc306cb473ba7dc5","hashSHA256":"aef325eed9e5636745032955094ccd0a13f40509816809032a4a4452c4d3c9ea","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2504","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\US Media Capital\\SearchPro Tools\\unins000.exe","companyName":"","productName":"","productVersion":"","fileVersion":"51.52.0.0","hashMD5":"6d9136ffbc86b62b0032ed1ee072a18f","hashSHA1":"e8b8c3b7048c365b79289c25fc0e6f7de84ec61e","hashSHA256":"a81130c3f51ce4a30beaf8e234bab0bd5f69cf5dba86bcdca16528bc0df99420","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2504","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SearchProTools_Setup.exe","isInstaller":"True","companyName":"US Media Capital                                            ","productName":"Search Tools                                                ","productVersion":"2.0                                               ","fileVersion":"                    ","hashMD5":"ba02ea2d4fc33f7282f0fd31d65d4cf5","hashSHA1":"bb03872c5045e11307e31ba182191d62d2ec7c23","hashSHA256":"20b1a294e23ce09222ff79b4bbfa0da011b9281c3b73f1414f0eeff86db84919","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","storeId":"","sourceIndex":"2504","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate hunting","reference":"MegaUp.net bundle this app in silent installation","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"2504"}],"sampleFiles":["200413/SearchProTools-200411/2.0.0.0/Samples/SearchProTools_Setup.exe"],"imageFiles":["200413/SearchProTools-200411/2.0.0.0/Images/ACR-006/ACR-006_Install_NoMonetizationInfoForSearch.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-084/ACR-084_Software_ProcessIsRunningInTheBackground.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-084/ACR-084_Software_SilentInstallationExist.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-084/ACR-084_Software_UnableToDisableScheduledTask.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-104/ACR-104_Install_NoInfoForSearch.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-048/ACR-048_Software_UnableToCloseApp.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-048/ACR-048_Software_UnableToRemoveTask.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-046/ProgramInstalled_3.JPG"],"nonDeceptorImageFiles":["200413/SearchProTools-200411/2.0.0.0/Images/ACR-038/ACR-038_Install_NoVersionInfo.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-065/ACR-065_Software_NoDocs.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-123/ACR-123_Uninstall_UnableToRemoveTask.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-099/ACR-099_LandingPage_NoUninstall_Info.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-006/ACR-006_LandingPage_NoMonetizationInfoForSearch.JPG","200413/SearchProTools-200411/2.0.0.0/Images/ACR-014/ACR-014_LandingPage_NeedsToUpdateScreenshots.JPG"],"guid":"0edf37ca-c069-47aa-a59e-5a32847d8a4c_2.0.0.0_1","appID":"SearchProTools-200411","dateAdded":"200413","deceptorType":"App","name":"SearchProTools","company":"US Media Capital","version":"2.0.0.0","sigName":"Deceptor:Win32/SearchProTools!006084104048046","lastKnownStatus":"2.0.0.0","lastKnownDate":"201019","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2020-10-19T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1954},{"violations":{"ACR-046":"App is installed silently by bundler without user consent and awareness (for example, download manager from Megaup.net, see deceptor affiliate entry for Megaup.net).\n","ACR-003":"•\tThe application makes exaggerated claims about the system's optimization, using red bars  e.g. start up, internet tuning, disk defragmentation, service and driver load, hard drive clean , registry cleaner that indicates misleading urgency. It also states the unsubstantiated sentence “ Performance of your computer will increase by XX%” in red color, thereby misleading or scaring user to take action.\n•\tIndividual subcategory does not show consumer detailed logs, raising an exaggerated sense of urgency. When the button “Optimize State” is selected, the app does not provide details on what files or registry are deleted or how the system is optimized.\n\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose Privacy policy and Refund policy in the software. \nThe landing page does not display links to the Returns and Cancellation Policy.\n","ACR-092":"The app does not have a digital signature for all the executables.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Customer Report","reference":"https://oberonbooster.com/","landingPage":"https://oberonbooster.com/","directDownloadingLink":"https://oberonbooster.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://oberonbooster.com/download","sourceIndex":"2503"}],"sampleFiles":[],"imageFiles":["200413/OberonBooster-200413/1.1/Images/ACR-003/OberonBooster_Scan [1].png","200413/OberonBooster-200413/1.1/Images/ACR-003/OberonBooster_Scan [2].png","200413/OberonBooster-200413/1.1/Images/ACR-003/OberonBooster_Scan [3].png","200413/OberonBooster-200413/1.1/Images/ACR-003/OberonBooster_Scan [4].png","200413/OberonBooster-200413/1.1/Images/ACR-046/ProgramInstalled_2.JPG"],"nonDeceptorImageFiles":["200413/OberonBooster-200413/1.1/Images/ACR-065/OberonBooster_Scan [1].png","200413/OberonBooster-200413/1.1/Images/ACR-065/Oberon_LandingPage [3].png","200413/OberonBooster-200413/1.1/Images/ACR-065/Oberon_LandingPage [1].png","200413/OberonBooster-200413/1.1/Images/ACR-092/OberonBooster_Installer [1].png","200413/OberonBooster-200413/1.1/Images/ACR-092/OberonBooster_MainExecutable[1].png"],"guid":"f85d1725-4156-4a07-b11e-ffa98ac7d349_1.1_1","appID":"OberonBooster-200413","dateAdded":"200413","deceptorType":"App","name":"Oberon Booster ","company":"Oberonn","version":"1.1","sigName":"Deceptor:Win32/OberonBooster!003046","lastKnownStatus":"1.1","lastKnownDate":"200413","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2020-04-13T17:17:59.9914662+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1955},{"violations":{"ACR-048":"The app limit user to restart later to complete driver update. It displays \"update to pro message\" prominently that misleads user that it is a necessary step to complete the update. \n\n","ACR-004":"The app uses \"Urgency/Priority/Color Graphic\" for the identified issues. The icon left in the desktop with number of out of date driver  misleads user with a sense of urgency.\n\n","ACR-164":"The app needs to provide detailed information about how to cancel and next payment term's price with these time-bound discount items \n"},"nonDeceptorViolations":{"ACR-171":"The app \"Ad Guardian Plus\" is opted-in by default in the internal offers page.\n"},"samples":[{"isRevoked":"False","fileName":"bitdurtsetup.exe","isInstaller":"True","companyName":"Bit Guardian GmbH                                           ","productName":"Bit Driver Updater                                          ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1                                                                           ","hashMD5":"252990b0471bbaf4eeb7448e267b5738","hashSHA1":"b0b63cee70adbc65b10123592174872545fd07f7","hashSHA256":"056149c6bfc8053079117ead3814a3ad54011ed14dfee094a9e8be9fd7b489e2","digitalCertThumbprint":"449C77C122C9330CDDE6317C54EA2624CF22EECF","digitalCertIssuer":"Sectigo RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Bit Guardian GmbH","sourceIndex":"2489","avBlockList":["360 Total Security (20200421)","Bitdefender Internet Security (20200421)","Dr.Web Security Space (20200421)","ESET Internet Security (20200421)","G DATA INTERNET SECURITY (20200421)","K7 Total Security (20200421)","Malwarebytes Premium (20200421)","McAfee Total Protection (20200421)","Norton Security (20200421)","Panda Dome (20200421)","Sophos Home Premium (20200421)","SpyHunter5 (20200421)","VIPRE Advanced Security (20200421)","VirIT eXplorer PRO (20200421)","Webroot SecureAnywhere (20200421)","Windows Defender (20200421)"],"avAllowList":["Avast Premium Security (20200421)","AVG Internet Security (20200421)","Avira Internet Security (20200421)","COMODO Antivirus (20200421)","Kaspersky Internet Security (20200421)","Quick Heal Internet Security (20200421)","Tencent PC Manager (20200421)","Total AV Antivirus Pro (20200421)","Trend Micro Internet Security (20200421)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Bit Driver Updater\\bitdu.exe","companyName":"Bit Guardian GmbH    ","productName":"Bit Driver Updater       ","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"fdf807de567554924530a48e6d4daa57","hashSHA1":"802e0beaa845c8dc1d29c049c4db0d5976664d26","hashSHA256":"24bf2680e1f99d449ee7413ff067e17680869404c549e5a8d55305b85a4cd96b","digitalCertThumbprint":"449C77C122C9330CDDE6317C54EA2624CF22EECF","digitalCertIssuer":"Sectigo RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Bit Guardian GmbH","sourceIndex":"2489","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Fix my PC in google","reference":"","landingPage":"https://www.bitdriverupdater.com/","directDownloadingLink":"https://webcf.bitdriverupdater.com/bitdrvupdt/builds/v1001/bitdurtsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://webcf.bitdriverupdater.com/bitdrvupdt/builds/v1001/bitdurtsetup.exe","sourceIndex":"2489"}],"sampleFiles":["200413/BitDriverUpdater-200412/1.0.0.1/Samples/bitdurtsetup.exe"],"imageFiles":["200413/BitDriverUpdater-200412/1.0.0.1/Images/ACR-004/ACR-004_Software_Colorgraph.JPG","200413/BitDriverUpdater-200412/1.0.0.1/Images/ACR-004/ACR-004_Software_TakesLongerTime.JPG","200413/BitDriverUpdater-200412/1.0.0.1/Images/ACR-048/ACR-048_Software_NoOptionToRestartLater.JPG","200413/BitDriverUpdater-200412/1.0.0.1/Images/ACR-164/ACR-164_InternalOffers_NoDetails.JPG"],"nonDeceptorImageFiles":["200413/BitDriverUpdater-200412/1.0.0.1/Images/ACR-171/ACR-171_InternalOffers_DefaultOpt-in.JPG"],"guid":"6f8e63e0-cb68-48ff-bc06-9083d4bdf307_1.0.0.1_1","appID":"BitDriverUpdater-200412","dateAdded":"200413","deceptorType":"App","name":"Bit Driver Updater","company":"Bit Guardian GmbH","version":"1.0.0.1","sigName":"Deceptor:Win32/BitDriverUpdater!004048164","firstVendorContactDate":"200421","firstAppEsteemReplyDate":"200421","firstResolvedDate":"200423","firstResolvedVersion":"1.0.0.5","resolved":"TRUE","lastKnownStatus":"1.0.0.1","lastKnownDate":"200413","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2020-04-24T22:14:50.8265114+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1957},{"violations":{"ACR-014":"The alarming message intends to promote the app mentioned, the content is unfair and substantiated. \nThe content describing application is not truthful and misleading\n","ACR-016":"Ad leads to download directly\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Fix My PC search in google","reference":"","landingPage":"https://www.fixmypcfree.com/blog/opening-microsoft-word-excel-or-powerpoint-in-safe-mode-on-windows-10/","ipv4":"","ipv6":"","sourceIndex":"2502"}],"sampleFiles":[],"imageFiles":["200413/FixMyPCFee-200413/200413/Images/ACR-014/FixMyPCFree.JPG","200413/FixMyPCFee-200413/200413/Images/ACR-016/FixMyPCFree_Ad.JPG","200413/FixMyPCFee-200413/200413/Images/ACR-014/FixMyPCFree_Ad.JPG"],"nonDeceptorImageFiles":[],"guid":"eced3273-a800-47c4-a06c-5d7b03bdf00a_200413_1","appID":"FixMyPCFee-200413","dateAdded":"200413","deceptorType":"Affiliate","name":"FixMyPCFree","company":"FixMyPCFree.com","version":"200413","sigName":"Deceptor:Affiliate/FixMyPCFree!014016","lastKnownStatus":"200413","lastKnownDate":"200413","type":"Affiliate","category":"Productivity, Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,cross-sell other apps","lastUpdate":"2020-04-13T23:48:37.2458341+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1956},{"violations":{"ACR-109":"MegaDownloader downloads and installs the offers on user's system silently without user awareness, changes browser setting silently to allow notification and allow popup ads from https://ssacredvecto.info:443\n","ACR-042":"MegaUp.Net provides the service for user to upload the file to share. After user uploads the file for share, MegaUp creates the download package and download link for share. It adds additional components in the download package without user permission. The added components/programs are installed silently without user permission when user download the package and install it.\n","ACR-043":"MegaDownload installs additional apps silently without user awareness. \n","ACR-097":"MegaUpDownloader change for each download bundler. (Select_setup.exe is installed under AppData/Roaming folder and its hashes is different for each bundler downloaded from megaup.net)\n","ACR-116":"MegaDownloader can't be uninstalled via standard uninstall feature provided by platform. It installs its downloader (select_setup.exe)  under AppData\\Roaming folder, not easily accessible to user and there is no uninstall entry for it unless user manually delete it. \n","ACR-057":"MegaUp downloader doesn't provide any options for user to choose offer and make decision. The offers were installed silently.\n","ACR-059":"MegaUp downloader doesn't clearly mark the marketing advertisement as \"Offer\" in offer page. \n"},"nonDeceptorViolations":{"ACR-044":"MegaUp downloader doesn't disclose the significant functions and offer of bundler. MegaUp download portal that is a affiliate of 2update.siteofupdates.info (https://2update.siteofupdates.info/help/affiliates.php)\n"},"samples":[{"isRevoked":"False","fileName":"Setup_9157.exe","fileVersion":"2.0","hashMD5":"7dc7abe9e664f5857ff08244254cb600","hashSHA1":"07542867429c82a5a178d5636c7e3e5b91756620","hashSHA256":"94185d4356ceff38a24310c58630240b73370d94472ecbcb8af15f5de0ecaa90","digitalCertThumbprint":"2034B845D6EFC7FEE5A36D0E2CDC8916EC9166B3","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=ATF Online Limited, O=ATF Online Limited, L=Auckland, C=NZ, SERIALNUMBER=7332799, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NZ","sourceIndex":"2505","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Select_Setup.exe","fileVersion":"1.0","hashMD5":"8aa4bd906b62f617536354948a6a5c95","hashSHA1":"e2b184af5e0d107074ddb94c6471cd80b23f4607","hashSHA256":"39c9bd080d6a3a95423976f189863fe62ce4ca6788c17cf2d208d2015b61bb36","sourceIndex":"2505","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup_4318.exe","isInstaller":"True","fileVersion":"4.0","hashMD5":"d4a3a1456bbba216c544d9075d67bd3d","hashSHA1":"8c737399b05f5bac379ec12580a4e59624e1693c","hashSHA256":"d0b4f0e542b1d34895560592090733a95fc2022aa07685f2fe236e710ba9a938","digitalCertThumbprint":"2034B845D6EFC7FEE5A36D0E2CDC8916EC9166B3","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=ATF Online Limited, O=ATF Online Limited, L=Auckland, C=NZ, SERIALNUMBER=7332799, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=NZ","sourceIndex":"2505","avBlockList":["360 Total Security (20200623)","Avast Premium Security (20200623)","AVG Internet Security (20200623)","Avira Internet Security (20200623)","Bitdefender Internet Security (20200623)","COMODO Antivirus (20200623)","Dr.Web Security Space (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","K7 Total Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Quick Heal Internet Security (20200623)","Sophos Home Premium (20200623)","SpyHunter5 (20200623)","Tencent PC Manager (20200623)","Total AV Antivirus Pro (20200623)","Trend Micro Internet Security (20200623)","VIPRE Advanced Security (20200623)","VirIT eXplorer PRO (20200623)","Webroot SecureAnywhere (20200623)","Windows Defender (20200623)"],"avAllowList":["Kaspersky Internet Security (20200623)"]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate review","reference":"","landingPage":"https://megaup.net","directDownloadingLink":"https://megaup.net/1w09v/notepad.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://megaup.net/1w09v/notepad.exe","sourceIndex":"2505"}],"sampleFiles":["200411/MegaupNetSetup-200410/1.0.0.0/Samples/Setup_9157.exe","200411/MegaupNetSetup-200410/1.0.0.0/Samples/Select_Setup.exe","200411/MegaupNetSetup-200410/1.0.0.0/Samples/Setup_4318.exe"],"imageFiles":["200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-109/ProgramInstalled.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-109/ProgramInstalled_2.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-109/ProgramInstalled_3.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-109/ProgramInstalled_4.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-109/MegaUpNetBundleDownload.mp4","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-109/ssacredvecto.info_Popup.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-043/AdditionalAppInstalled.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-043/ProgramInstalled_2.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-043/ProgramInstalled_3.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-042/ACR-042_Software_InstallsUnrelatedComponents.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-042/ACR-042_Software_InstallsUnrelatedComponents4.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-116/AdditionalAppInstalled.JPG","200411/MegaupNetSetup-200410/1.0.0.0/Images/ACR-059/MarketingOffer.JPG"],"nonDeceptorImageFiles":[],"guid":"c75381ef-c0fd-498f-8d69-349fbfe6bea0_1.0.0.0_1","appID":"MegaupNetSetup-200410","dateAdded":"200411","deceptorType":"App","name":"MegaUpNetDownload","company":"MegaUp.net","version":"1.0.0.0","sigName":"Deceptor:Win32/MegaUpDownloader!109043097042116057059","lastKnownStatus":"1.0.0.0","lastKnownDate":"201019","type":"Windows Executable","category":"Personalization & Search, Productivity","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"display ads,cross-sell other apps","lastUpdate":"2020-10-19T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1958},{"violations":{"ACR-042":"MegaUp.Net provides the service for user to upload the file to share. After user uploads the file for share, MegaUp creates the download package and download link for share. It adds additional components in the download package without user permission. The added components/programs are installed silently without user permission when user download the package and install it. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Partner Report","reference":"https://megaup.net","landingPage":"https://megaup.net/1w09v/notepad.exe","ipv4":"","ipv6":"","landingPageWildChar":"https://megaup.net/*","sourceIndex":"2506"}],"sampleFiles":[],"imageFiles":["200410/MegaUpNet-200409/200409/Images/ACR-042/MegaupUpload.JPG","200410/MegaUpNet-200409/200409/Images/ACR-042/MegaupNetdownload.JPG","200410/MegaUpNet-200409/200409/Images/ACR-042/AdditionalAppInstalled.JPG","200410/MegaUpNet-200409/200409/Images/ACR-042/MegaUpNetBundleDownload.mp4","200410/MegaUpNet-200409/200409/Images/ACR-042/MegaUpPopup.JPG"],"nonDeceptorImageFiles":[],"guid":"136c2af8-f2c2-4851-b569-0e6d1e93e20a_200409_1","appID":"MegaUpNet-200409","dateAdded":"200410","deceptorType":"Download Site","name":"MegaUpNetDownload","company":"Megaup.net","version":"200409","sigName":"Deceptor:Affilicate/MegaUpNetDownload!042","lastKnownStatus":"200410","lastKnownDate":"200410","type":"Download Site","category":"Personalization & Search, Productivity","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"display ads,cross-sell other apps","lastUpdate":"2020-04-10T07:12:02.5645147+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1959},{"violations":{"ACR-003":"The app displays idenified threat defentitions but does not provide an option to review those threats (File path not given)\n","ACR-004":"The app does not substantiate the identified threats with file path and does not offer free fix for \"Antivirus\", \"Privacy Scanner\" and \"Uninstaller\" identified results.\n","ACR-084":"The app does not list its own software in the \"Uninstaller\" category\n"},"nonDeceptorViolations":{"ACR-161":"Unable to verify testimonials\nUnable to verify testimonials\n","ACR-054":"An offers page does not provide an equal prominence to \"Upgrade To Premium\" and \"Maybe Later\"\n"},"samples":[{"isRevoked":"False","fileName":"combocleaner.dmg","isInstaller":"True","companyName":"UAB RCS LT","productName":"ComboCleaner ","productVersion":"1.3.2","fileVersion":"1.3.2","hashMD5":"414bfe67fef077562ca9c1fce494b97b","hashSHA1":"3adf55ca8fd2f17e25a207054e3712ff57a6471e","hashSHA256":"814ffd6f94ae020e36f4d802bc07de9db7415ee2ce02b217c31da97606f12cc7","digitalCertThumbprint":"426F7C55-C375-D464-6A30-699D7A4F0C1E","digitalCertIssuer":"Apple Root CA ","digitalCertIssuedTo":"UAB RCS LT (XMTCBFY79R)","sourceIndex":"2508","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Combo Cleaner","companyName":"UAB RCS LT","productName":"ComboCleaner ","productVersion":"1.3.2","fileVersion":"1.3.2","hashMD5":"ea625c0cd453077460d6d295ce183244","hashSHA1":"e5d10505d673261470b8e3156890e441d7b580d1","hashSHA256":"2fc22dccdc64bc826d8796c3b28612a4414e814a41e11f4cb68c2eef4b2cd5f6","digitalCertThumbprint":"426F7C55-C375-D464-6A30-699D7A4F0C1E","digitalCertIssuer":"Apple Root CA ","digitalCertIssuedTo":"UAB RCS LT (XMTCBFY79R)","sourceIndex":"2508","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Mac Speedup Pro search","reference":"","landingPage":"https://www.pcrisk.com/download-combo-cleaner","directDownloadingLink":"https://www.pcrisk.com/files/combocleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pcrisk.com/files/combocleaner.dmg","sourceIndex":"2508"}],"sampleFiles":["200407/ComboCleaner-200405/1.3.2/Samples/combocleaner.dmg","200407/ComboCleaner-200405/1.3.2/Samples/Combo Cleaner"],"imageFiles":["200407/ComboCleaner-200405/1.3.2/Images/ACR-004/ACR-004_Software_Doesn't_Provide_An_Option_To_Review_Identified_Results 2.png","200407/ComboCleaner-200405/1.3.2/Images/ACR-004/ACR-004_Software_Doesn't_Provide_Free_Fix.png","200407/ComboCleaner-200405/1.3.2/Images/ACR-004/ACR-004_Software_Doesn't_Provide_Free_Fix1.png","200407/ComboCleaner-200405/1.3.2/Images/ACR-084/ACR-084_Software_Doesn't_List_Its_Own_App_In_Uninstaller.png","200407/ComboCleaner-200405/1.3.2/Images/ACR-003/ACR-003_Software_Doesn't_Provide_An_Option_To_Review_Identified_Results 2 2.png"],"nonDeceptorImageFiles":["200407/ComboCleaner-200405/1.3.2/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials.png","200407/ComboCleaner-200405/1.3.2/Images/ACR-054/ACR-054_InlineOffers_No_Equal_Prominence.png","200407/ComboCleaner-200405/1.3.2/Images/ACR-161/ACR-161_InternalOffers_Unable_To_Verify_Testimonials.png"],"guid":"6886b508-9b0e-4025-b6a2-6829fe87ffcc_1.3.2_1","appID":"ComboCleaner-200405","dateAdded":"200407","deceptorType":"MacOS App","name":"Combo Cleaner","company":"UAB RCS LT","version":"1.3.2","sigName":"Deceptor:MacOS/ComboCleaner!003004084","firstVendorContactDate":"200408","firstAppEsteemReplyDate":"200408","firstResolvedDate":"200408","firstResolvedVersion":"1.3.3","resolved":"TRUE","lastKnownStatus":"1.3.2","lastKnownDate":"200407","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-04-08T23:12:22.2502014+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1961},{"violations":{"ACR-003":"App exaggeratedly claims invalid registry items as problem that can fast PC by fixing these \"problems\"\n","ACR-084":"App creates scheduled task and leaves no option in App UI for consumer to disable it.\n","ACR-168":"App has a phone number to call for live help but does not specify if additional offers will be made\n"},"nonDeceptorViolations":{"ACR-065":"App has no link to the Privacy Policy on the setup screen\nApp has no link to the Privacy Policy or EULA on the About screen\n","ACR-161":"Testimonials have no externals links to consumer reviews to verify if they are legit \n","ACR-163":"Landing Page has the message ' 24/7 Live Help Call Now 1-888-966-6559' \nApp provides a phone number to get help \nApp provides a toll free number to get Easy PC Optimizer professional support\n","ACR-170":"In order for app to be fully tested it has to be purchased first even though app is offered as a trial\n","ACR-099":"Landing page has no uninstall information or link to it\nApp has no uninstall information or link on the About section of the App Interaction Options screen\n","ACR-120":"After uninstalling app a website loads automatically re-advertising the Same app for a lower price\n","ACR-167":"EULA states that there is a no refund policy \n","ACR-168":"Landing Page has a phone number to call for 24/7 live help but does not specify if additional offers will be made\n"},"samples":[{"isRevoked":"False","fileName":"easypcoptimizersetup.exe","isInstaller":"True","companyName":"WebMinds, Inc.","productName":"Easy PC Optimizer","productVersion":"1.6.1.207","fileVersion":"1.6.1.207","hashMD5":"5e704e158e8a4886f4b5501996281323","hashSHA1":"4f8855076a597adccc321a936a7d4ffaf30591f8","hashSHA256":"3621e866bf5ad1835b5a186880bd1ccb188bf7265133a58953ff690ffd628db3","digitalCertThumbprint":"AA19E087F588A9C3E032B0050D1C20C962771771","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G2","digitalCertIssuedTo":"WebMinds, Inc.","sourceIndex":"2500","avBlockList":["360 Total Security (20200416)","Avast Premium Security (20200416)","AVG Internet Security (20200416)","Avira Internet Security (20200416)","Bitdefender Internet Security (20200416)","Dr.Web Security Space (20200416)","ESET Internet Security (20200416)","G DATA INTERNET SECURITY (20200416)","K7 Total Security (20200416)","Kaspersky Internet Security (20200416)","Malwarebytes Premium (20200416)","McAfee Total Protection (20200416)","Norton Security (20200416)","Panda Dome (20200416)","Quick Heal Internet Security (20200416)","Sophos Home Premium (20200416)","SpyHunter5 (20200416)","Tencent PC Manager (20200416)","Total AV Antivirus Pro (20200416)","Trend Micro Internet Security (20200416)","VIPRE Advanced Security (20200416)","VirIT eXplorer PRO (20200416)","Webroot SecureAnywhere (20200416)","Windows Defender (20200416)"],"avAllowList":["COMODO Antivirus (20200416)"]},{"isRevoked":"False","fileName":"easypcoptimizersetup32218.exe","isInstaller":"True","companyName":"WebMinds, Inc.                                              ","productName":"Easy PC Optimizer","productVersion":"1.6.2.210","fileVersion":"1.6.2.210","hashMD5":"8f72ffedb63ddf4ab112d9743caead1d","hashSHA1":"57f8c74702a8ffdf365aae703f84fd3ed3194582","hashSHA256":"47e1393b739b50112008b93565a82a5fddb25af06c1d81401640541ab3f45dc9","digitalCertThumbprint":"AA19E087F588A9C3E032B0050D1C20C962771771","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"Webminds, Inc.\", O=\"Webminds, Inc.\", STREET=8540 Dayton Ave., L=Fort Myers, S=FL, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=L14000087452, OID.2.5.4.15=Private Organization","sourceIndex":"2500","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com","landingPage":"https://www.easypcoptimizer.com/","directDownloadingLink":"https://www.easypcoptimizer.com/download_start.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.easypcoptimizer.com/download_start.php","sourceIndex":"2500"}],"sampleFiles":["200407/EasyPCOptimizer-170926/1.6.1.207/Samples/easypcoptimizersetup.exe","200407/EasyPCOptimizer-170926/1.6.1.207/Samples/easypcoptimizersetup32218.exe"],"imageFiles":["200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-003/ACR 003 Screenshot 1.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-003/ACR 003 Screenshot 2.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-084/EasyPCOptimizerNonDsclosedScheduledTask.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-168/ACR 168 Software.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-168/EasyPCOptimizer.PNG"],"nonDeceptorImageFiles":["200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-167/ACR 167 Docs (EULA).PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-161/ACR 161 Testimonial Screenshot 1.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-161/ACR 161 Testimonial Screenshot 2.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-161/ACR 161 Testimonial Screenshot 3.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-161/ACR 161 Testimonial Screenshot 4.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-161/ACR 161 Testimonial Screenshot 5.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-163/ACR 163 - Landing Page.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-099/ACR 099 Landing Page.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-168/ACR 168 Landing Page.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-065/ACR 065 (Install).PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-163/ACR 163 - Software.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-170/ACR 170 Screenshot 1.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-170/ACR 170 Screenshot 2.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-065/ACR 065 (Software).PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-099/ACR 099.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-163/ACR 163 - Uninstall.PNG","200407/EasyPCOptimizer-170926/1.6.1.207/Images/ACR-120/ACR 120 Uninstall.PNG"],"guid":"1a7f085c-da35-4b99-9fe4-e0927dc3b1a0_1.6.1.207_1","appID":"EasyPCOptimizer-170926","dateAdded":"200407","deceptorType":"App","name":"Easy PC Optimizer","company":"WebMinds, Inc.","version":"1.6.1.207","sigName":"Deceptor:Win32/EasyPCOptimizer!003084168","firstVendorContactDate":"200415","firstAppEsteemReplyDate":"200415","firstResolvedDate":"200415","firstResolvedVersion":"2.0.19.428","resolved":"TRUE","lastKnownStatus":"Deceptor: 1.6.1.207; nonCertified: 2.0.19.428","lastKnownDate":"200407","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,call center","lastUpdate":"2020-04-16T00:21:56.5881403+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1960},{"violations":{"ACR-048":"The app does not provide control to cancel installation\nThe app does not provide a control to reports and startup items in the app settings as it does not remove schedule tasks\n","ACR-003":"The app does not substantiate all the identified issues.\n","ACR-004":"1. App reports issues under pro features but does not provide an option to fix those issues\n2. App does not substantiate all the identified issues\n3. App uses color bar for performance issues and reports as \"Your PC Health Status\" is \"Fair\"\n","ACR-007":"App does not obtain informed consent before disabling Windows Defender process in startup manager\n","ACR-017":"The logos are not verifiable\n","ACR-084":"The app does not disclose details about the schedule tasks and a process runs silently in the background without the consumers knowledge\n","ACR-103":"The \"Activate\" from the app takes it to \"Buy Now\" which does not work, the page returns \"Error\"\n","ACR-014":"The app uses exaggerated words during the installation\nThe app uses exaggerated words in the software\n","ACR-016":"A displayed ad leads to direct downloading and installation of an app\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\" highlights \"Free\" which misleads the consumer. The functionality that requires consumer payment in order to be activated does not marked clearly in landing page.\n","ACR-065":"The app does not disclose Privacy Policy and Refund Policy in the landing page\n","ACR-161":"Testimonial is not verifiable in the landing page\n","ACR-099":"The app does not disclose uninstall information in the app's about page\nThe app does not disclose uninstall information in the landing page\n","ACR-035":"The \"App Name\" is not disclosed in the docs\n","ACR-167":"The app does not disclose \"Refund Policy\" in the landing page\n","ACR-068":"The app's internal offers page differs from the landing page internal offers page, which is not clearly understandable to the consumer.\n","ACR-171":"The app does not disclose enough details about the recurring payment details to the consumer\n","ACR-017":"The logos are not verifiable\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\CompuClever\\CompuClever PC TuneUp\\ccpcc.exe","companyName":"CompuClever","productName":"CompuClever PC TuneUp","productVersion":"2.5.3.72","fileVersion":"2.5.3.72","hashMD5":"2d48e1f7231491acb39b6f450b1a797f","hashSHA1":"654b95b9385e63bc632930eb5da60dd5b5b81f80","hashSHA256":"94a1eac0f7e03b32f165c407eb1b46c15cb32e3bd5b6724bfaf336a606ff780c","digitalCertThumbprint":"D246BA93B58FBC38DE2CD1E5E4C3712D2AF45DE5","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"CompuClever Systems Inc.","storeId":"","sourceIndex":"2410","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"compucleverpctuneup_setup.exe","isInstaller":"True","companyName":"CompuClever System Inc.","productName":"CompuClever System Inc. CompuClever PC TuneUp","productVersion":"2.5.3.72","fileVersion":"2.5.3.72","hashMD5":"ad16d2377baec43af43a9710826906d8","hashSHA1":"62531c1ae738a2607309afd3f4be054456fe7a2e","hashSHA256":"1d16cca2bc62f8c95be9e8a5504557464200d30b55a85abbec07aeb878a7a38d","digitalCertThumbprint":"D246BA93B58FBC38DE2CD1E5E4C3712D2AF45DE5","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"CompuClever Systems Inc.","storeId":"","sourceIndex":"2410","avBlockList":["360 Total Security (20200428)","Avast Premium Security (20200428)","AVG Internet Security (20200428)","Avira Internet Security (20200428)","Bitdefender Internet Security (20200428)","Dr.Web Security Space (20200428)","ESET Internet Security (20200428)","G DATA INTERNET SECURITY (20200428)","K7 Total Security (20200428)","Kaspersky Internet Security (20200428)","Malwarebytes Premium (20200428)","Norton Security (20200428)","Quick Heal Internet Security (20200428)","Sophos Home Premium (20200428)","SpyHunter5 (20200428)","Tencent PC Manager (20200428)","VIPRE Advanced Security (20200428)","VirIT eXplorer PRO (20200428)","Webroot SecureAnywhere (20200428)","Windows Defender (20200428)","Total AV Antivirus Pro (20200428)"],"avAllowList":["COMODO Antivirus (20200428)","Panda Dome (20200428)","Trend Micro Internet Security (20200428)","McAfee Total Protection (20200428)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"download.cnet.com","landingPage":"https://www.compuclever.com/products/compuclever-pc-tuneup/","directDownloadingLink":"https://www.compuclever.com/products/compuclever-pc-tuneup/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.compuclever.com/products/compuclever-pc-tuneup/download/","sourceIndex":"2410"}],"sampleFiles":["200326/CompuCleverPCTuneUp-200323/2.5.3.72/Samples/ccpcc.exe","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Samples/compucleverpctuneup_setup.exe"],"imageFiles":["200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-048/ACR-048_Install_Can't_Cancel.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-014/ACR-014_Install_Uses_Exaggerated_Word.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-004/ACR-004_Software_Doesn't_Fix_The_Identified_Issues.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-004/ACR-004_Software_Doesn't_Fix_The_Identified_Issues2.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-004/ACR-004_Software_Uses_Color_Bar_And_Reports_The_System_Performance_Is_Fair.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-084/ACR-084_Software_Creates_Schedule_Tasks_WIthout_Users_Knowledge.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-084/ACR-084_Software_Process_Runs_Silently.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-103/ACR-103_Software_Activate_Returns_Error.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-103/ACR-103_Software_Activate_Returns_Error1.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-048/ACR-048_Software_Doesn't_Provide_Control.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-048/ACR-048_Software_Doesn't_Provide_Control1.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-003/ACR-003_Software_Doesn't_Substantiate_All_Identified_Issues.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-003/ACR-003_Software_Doesn't_Substantiate_All_Identified_Issues1.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-003/ACR-003_Software_Doesn't_Substantiate_All_Identified_Issues2.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-003/ACR-003_Software_Doesn't_Substantiate_All_Identified_Issues3.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-003/ACR-003_Software_Doesn't_Substantiate_All_Identified_Issues4.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-007/ACR-007_Software_Removes_WinSecurity_Startup_Item.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-014/ACR-014_Install_Uses_Exaggerated_Word1.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-014/ACR-014_Software_Warns_Some_Items_Are_Risk_Which_Is_Confusing.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-017/ACR-017_InternalOffers_Logos_Aren't_Verifiable.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-016/ACR-016_AdsInsideApp_Downloads_Automatically.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-016/ACR-016_AdsInsideApp_Downloads_Automatically1.JPG"],"nonDeceptorImageFiles":["200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-099/ACR-099_Software_Uninstall_Info_Is_Missing.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-035/ACR-035_Docs_No_App_Name.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-167/ACR-167_Docs_Refund_Policy_Is_Missing.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-045/ACR-045_LandingPage_Free_Trial_Is_Misleading.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-065/ACR-065_LandingPage_PrivacyPolicy_Is_Missing.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info_Is_Missing.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info_Is_Missing1.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-017/ACR-017_LandingPage_Logo_Is_Not_Verifiable.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-017/ACR-017_LandingPage_Logo_Is_Not_Verifiable1.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-068/ACR-068_InternalOffers_Is_Confusing.JPG","200326/CompuCleverPCTuneUp-200323/2.5.3.72/Images/ACR-171/ACR-171_InternalOffers_Recurring_Details_Not_Provided.JPG"],"guid":"ae893e44-f170-4176-9898-975a16099042_2.5.3.72_1","appID":"CompuCleverPCTuneUp-200323","dateAdded":"200326","deceptorType":"App","name":"PC TuneUp Pro","company":"CompuClever System Inc","version":"2.5.3.72","sigName":"Deceptor:Win32/CompuCleverPCTuneUp!048014004084103003007017016","firstVendorContactDate":"200619","firstAppEsteemReplyDate":"200619","firstResolvedDate":"200619","lastKnownStatus":"Deceptor:2.5.3.72","lastKnownDate":"200326","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,sold in bundle,display ads","lastUpdate":"2020-06-20T04:34:57.3871422+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1965},{"violations":{"ACR-003":"The application exaggerates registry keys as errors, thereby misleading or scaring user to take action.\n","ACR-017":"The application's installer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's internal offer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not provide links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not provide links with uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"pctuneupmaestro_setup.exe","isInstaller":"True","companyName":"CompuClever Systems Inc.","productName":"PC TuneUp Maestro","productVersion":"7.1.3.361","fileVersion":"7.1.3.361","hashMD5":"c4284a27f4097c252fa25614336c8d73","hashSHA1":"1b34355e12f714eb3760343274906aced155ddb9","hashSHA256":"f88a395f13c8950cbe7c5ec14bd23303ba27383a9ed74b1dcf402b41a6c0aa5a","digitalCertThumbprint":"FD58B41859BD6AF901ADF01A936ABC78F368FCE5","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=CompuClever Systems Inc., O=CompuClever Systems Inc., L=Victoria, S=British Columbia, C=CA","sourceIndex":"2409","avBlockList":["360 Total Security (20200428)","Avast Premium Security (20200428)","AVG Internet Security (20200428)","Avira Internet Security (20200428)","Bitdefender Internet Security (20200428)","Dr.Web Security Space (20200428)","ESET Internet Security (20200428)","G DATA INTERNET SECURITY (20200428)","Kaspersky Internet Security (20200428)","Malwarebytes Premium (20200428)","Norton Security (20200428)","Quick Heal Internet Security (20200428)","Sophos Home Premium (20200428)","SpyHunter5 (20200428)","Tencent PC Manager (20200428)","VIPRE Advanced Security (20200428)","VirIT eXplorer PRO (20200428)","Windows Defender (20200428)","K7 Total Security (20200428)","Total AV Antivirus Pro (20200428)"],"avAllowList":["COMODO Antivirus (20200428)","McAfee Total Protection (20200428)","Panda Dome (20200428)","Trend Micro Internet Security (20200428)","Webroot SecureAnywhere (20200428)"]},{"isRevoked":"False","fileName":"pctum.exe","companyName":"CompuClever Systems Inc","productName":"PC TuneUp Maestro","productVersion":"7.1.3.361","fileVersion":"7.1.3.361","hashMD5":"6c88af8246e5fb971e35424ef5e5ff71","hashSHA1":"37094f3e61da19a86542ec2e172f4e99eb62eebd","hashSHA256":"63352e912128eef3e8cdca3294a24877accf2395910db8f1ab19395345db3d9d","digitalCertThumbprint":"FD58B41859BD6AF901ADF01A936ABC78F368FCE5","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=CompuClever Systems Inc., O=CompuClever Systems Inc., L=Victoria, S=British Columbia, C=CA","sourceIndex":"2409","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.compuclever.com/products/pc-tuneup-maestro/index.php","directDownloadingLink":"http://dl10.compuclever.com/pctuneupmaestro_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl10.compuclever.com/pctuneupmaestro_setup.exe","sourceIndex":"2409"}],"sampleFiles":["200326/004-PCTuneupMaestro-180727/7.1.3.361/Samples/pctuneupmaestro_setup.exe","200326/004-PCTuneupMaestro-180727/7.1.3.361/Samples/pctum.exe"],"imageFiles":["200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-003/PC Tuneup Maestro red 2.png","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-003/PC Tuneup Maestro red.png","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-003/ACR-003_software.JPG","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-003/ACR-003_software1.JPG","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-017/PC Tuneup Maestro Install.png","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-017/ACR-017_install.JPG","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-017/PC Tuneup Maestro About.png","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-017/ACR-017_software.JPG","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-017/PC Tuneup Maestro Internal Offers.png","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-017/ACR-017_internaloffer.JPG","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-084/ACR-084_software.JPG","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-084/PC Clean Maestro unscheduled.png"],"nonDeceptorImageFiles":["200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-065/PC Tuneup Maestro EULA.png","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-065/ACR-065_installer.JPG","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-099/PC Tuneup Maestro About.png","200326/004-PCTuneupMaestro-180727/7.1.3.361/Images/ACR-099/ACR-099_software.JPG"],"guid":"a45aec13-b525-40b4-9d14-199bce8a77e7_7.1.3.361_1","appID":"004-PCTuneupMaestro-180727","dateAdded":"200326","deceptorType":"App","name":"PCTuneupMaestro","company":"CompuClever Systems Inc","version":"7.1.3.361","sigName":"Deceptor:Win32/PCTuneupMaestro!003017084","firstVendorContactDate":"200619","firstAppEsteemReplyDate":"200619","firstResolvedDate":"200619","lastKnownStatus":"Deceptor:7.1.3.361","lastKnownDate":"200326","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-06-20T04:36:06.5815976+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1966},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries as errors, thereby misleading or scaring the user to take action. \n","ACR-017":"The internal offer page elevates its user trust level by displaying unverifiable endorsements. The internal offer page displays award endorsements like editor pack, download3000, and file cluster that are not clickable so there is no way to verify the endorsement. \n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n","ACR-119":"The application fails to remove all of its monetization components after the user uninstalls it\n\n\n"},"nonDeceptorViolations":{"ACR-065":"The internal offer page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-163":"The landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n\n","ACR-088":"A scan Post-install was started without any user action.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get a trial or a lower price for the same program.\n\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"Tuneup Pro.exe","isInstaller":"True","companyName":"The Phone Support Pvt. Ltd.","productName":"Tuneup Pro","productVersion":"2.7.81.246","fileVersion":"2.7.81.246","hashMD5":"8be37946561e81c39194a2909d196ee6","hashSHA1":"7e5c1faf355530c822aa1998f1050e026f498ae0","hashSHA256":"a71445d30ec89a5c9e44869cac7d8d418e603d94a7532bec864ea868a0aa234b","digitalCertThumbprint":"52EE199C35AF329561ADB2D6F3202287505235BD","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"The Phone Support Pvt. Ltd.","sourceIndex":"380","avBlockList":["Avast Premium Security (20200623)","AVG Internet Security (20200623)","Avira Internet Security (20200623)","Bitdefender Internet Security (20200623)","COMODO Antivirus (20200623)","Dr.Web Security Space (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","K7 Total Security (20200623)","Kaspersky Internet Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Quick Heal Internet Security (20200623)","Sophos Home Premium (20200623)","SpyHunter5 (20200623)","Tencent PC Manager (20200623)","VIPRE Advanced Security (20200623)","VirIT eXplorer PRO (20200623)","Webroot SecureAnywhere (20200623)","Windows Defender (20200623)","Total AV Antivirus Pro (20200623)"],"avAllowList":["360 Total Security (20200623)","Trend Micro Internet Security (20200623)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.tuneuppro.com/","directDownloadingLink":"https://d2ct7xlg6sc6l3.cloudfront.net/tupp/downloads/tuppsetup_site_default.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2ct7xlg6sc6l3.cloudfront.net/tupp/downloads/tuppsetup_site_default.exe","sourceIndex":"380"}],"sampleFiles":["200326/TuneUpPro-171016/2.7.81.246/Samples/tuppsetup_site_default.exe"],"imageFiles":["200326/TuneUpPro-171016/2.7.81.246/Images/ACR-017/acr_017_offer_page.PNG","200326/TuneUpPro-171016/2.7.81.246/Images/ACR-003/acr_003.PNG","200326/TuneUpPro-171016/2.7.81.246/Images/ACR-003/acr_003_1.PNG","200326/TuneUpPro-171016/2.7.81.246/Images/ACR-084/acr_084.PNG","200326/TuneUpPro-171016/2.7.81.246/Images/ACR-168/one_to_one_interaction_software.PNG","200326/TuneUpPro-171016/2.7.81.246/Images/ACR-119/acr_119.PNG"],"nonDeceptorImageFiles":["200326/TuneUpPro-171016/2.7.81.246/Images/ACR-163/one_to_one_interaction_landing_page.PNG","200326/TuneUpPro-171016/2.7.81.246/Images/ACR-168/one_to_one_interaction_landing_page.PNG","200326/TuneUpPro-171016/2.7.81.246/Images/ACR-163/one_to_one_interaction_software.PNG","200326/TuneUpPro-171016/2.7.81.246/Images/ACR-120/offer_after_uninstalling.PNG"],"guid":"a0df7b42-83f4-4abd-8fe6-a7803aa16b2f_2.7.81.246_1","appID":"TuneUpPro-171016","dateAdded":"200326","deceptorType":"App","name":"Tuneup Pro","company":"The Phone Support Pvt. Ltd.","version":"2.7.81.246","sigName":"Deceptor:Win32/TuneupPro!003017084119168","lastKnownStatus":"Deceptor:2.7.81.246,2.7.81.152","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2024-11-07T22:39:03.0936715+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1962},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries as errors, thereby misleading or scaring the user to take action. \n","ACR-004":"The app does not provide free fixes for the scan results, requires purchase to fix all results identified. It also created an exaggerated sense of urgency by labeling the results as \"errors\", raise misleading urgency for user to take action.\n","ACR-017":"The app's internal offers displays endorsements that don't have a link back to the original page, preventing them from being verified.\n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n","ACR-119":"The application fails to remove all of its monetization components after the user uninstalls it\n\n\n"},"nonDeceptorViolations":{"ACR-065":"The internal offer page contains no links for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe app's install does not contain links to the app's Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe application contains no links for the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n\n","ACR-088":"A scan Post-install was started without any user action.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get a trial or a lower price for the same program.\n\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"tuneuppro.com                                               ","fileVersion":"1.8","hashMD5":"b4d040e7b9056db6de32171415339fb9","hashSHA1":"51428bbc3c1a27d77870b56b10cb0f720bfafb5e","hashSHA256":"13ba7cf06521bfbce8fa7b10c89d701c37cf2dcb486eb3df803d4abac497aa29","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"381","avBlockList":["360 Total Security (20200623)","Avast Premium Security (20200623)","AVG Internet Security (20200623)","Avira Internet Security (20200623)","Bitdefender Internet Security (20200623)","COMODO Antivirus (20200623)","Dr.Web Security Space (20200623)","ESET Internet Security (20200623)","G DATA INTERNET SECURITY (20200623)","Kaspersky Internet Security (20200623)","Malwarebytes Premium (20200623)","McAfee Total Protection (20200623)","Norton Security (20200623)","Panda Dome (20200623)","Quick Heal Internet Security (20200623)","Sophos Home Premium (20200623)","SpyHunter5 (20200623)","Tencent PC Manager (20200623)","Trend Micro Internet Security (20200623)","VIPRE Advanced Security (20200623)","VirIT eXplorer PRO (20200623)","Webroot SecureAnywhere (20200623)","Windows Defender (20200623)","K7 Total Security (20200623)","Total AV Antivirus Pro (20200623)"],"avAllowList":[]},{"isRevoked":"False","fileName":"TuneupPro.exe","companyName":"Tuneup Pro","fileVersion":"2.7","hashMD5":"a12a5899f39c71c288e6d71ee97d0fb3","hashSHA1":"ce45f0a1db3126077f93b39c3200caf9070fbc18","hashSHA256":"ba0ccf8ad73c07a8d4e447fb97c3b811d2671ff3d12188955f5fe2fa4059c049","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"381","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.tuneuppro.com/","directDownloadingLink":"http://www.tuneuppro.com/download.aspx","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tuneuppro.com/download.aspx","sourceIndex":"381"}],"sampleFiles":["200326/TuneUpPro-171016/2.7.81.152/Samples/setup.exe","200326/TuneUpPro-171016/2.7.81.152/Samples/TuneupPro.exe"],"imageFiles":["200326/TuneUpPro-171016/2.7.81.152/Images/ACR-017/Endorsements.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-003/ACR-003.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-084/ACR-084.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-168/ACR-168.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-119/ACR-119.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-004/TuneUp Pro ACR-004.gif"],"nonDeceptorImageFiles":["200326/TuneUpPro-171016/2.7.81.152/Images/ACR-065/Internal Offers Page.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-065/Install Page.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-163/Phone number.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-065/TuneUp Pro About Page.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-099/Install Page.png","200326/TuneUpPro-171016/2.7.81.152/Images/ACR-120/ACR-120.png"],"guid":"a0df7b42-83f4-4abd-8fe6-a7803aa16b2f_2.7.81.152_1","appID":"TuneUpPro-171016","dateAdded":"200326","deceptorType":"App","name":"Tuneup Pro","company":"The Phone Support Pvt. Ltd.","version":"2.7.81.152","lastKnownStatus":"Deceptor:2.7.81.246,2.7.81.152","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2024-11-07T22:38:04.9686663+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1963},{"violations":{"ACR-003":"The app uses a red font when describing the size of junk files, raising an exaggerated sense of urgency.\n","ACR-004":"The app does not fix all free scan results for free.\n","ACR-017":"The app displays unverifiable certifications.\nThe internal offers page displays unverifiable certifications.\n","ACR-084":"The app continues creates scheduled tasks after the user has disabled them.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not provide links to the Returns and Cancellation Policy.\nThe app does not provide links to the Returns and Cancellation Policy.\nThe landing page does not provide links to the Returns and Cancellation Policy.\n","ACR-017":"The landing page displays unverifiable certifications.\n"},"samples":[{"isRevoked":"False","fileName":"pccum.exe","companyName":"CompuClever Systems Inc","fileVersion":"4.4","hashMD5":"6095be2ad09cab9ea931b728d085a425","hashSHA1":"5d559b4ee7c79ae5b1ad6f197ba81c362f3ab7e3","hashSHA256":"dd88664b87cf65c19808c2fec8ddd37eeb55b801fa4080326f62c102215d5581","digitalCertThumbprint":"FD58B41859BD6AF901ADF01A936ABC78F368FCE5","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=CompuClever Systems Inc., O=CompuClever Systems Inc., L=Victoria, S=British Columbia, C=CA","sourceIndex":"2411","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pccleanmaestro_setup.exe","isInstaller":"True","companyName":"CompuClever Systems Inc.","fileVersion":"4.4","hashMD5":"49f1d1dcc48966c3eb9377b66d3d9fe1","hashSHA1":"d5e36493e3e9049aa890e90124f9a5d20cc8cd19","hashSHA256":"88ec8d191565b5e6c64965f61b8a03154423e3b7b378339f0b45cd245618593b","digitalCertThumbprint":"FD58B41859BD6AF901ADF01A936ABC78F368FCE5","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=CompuClever Systems Inc., O=CompuClever Systems Inc., L=Victoria, S=British Columbia, C=CA","sourceIndex":"2411","avBlockList":["Avast Premium Security (20200428)","AVG Internet Security (20200428)","Avira Internet Security (20200428)","Bitdefender Internet Security (20200428)","Dr.Web Security Space (20200428)","ESET Internet Security (20200428)","G DATA INTERNET SECURITY (20200428)","K7 Total Security (20200428)","Kaspersky Internet Security (20200428)","Malwarebytes Premium (20200428)","Norton Security (20200428)","Sophos Home Premium (20200428)","SpyHunter5 (20200428)","Tencent PC Manager (20200428)","VIPRE Advanced Security (20200428)","VirIT eXplorer PRO (20200428)","Windows Defender (20200428)","Total AV Antivirus Pro (20200428)"],"avAllowList":["360 Total Security (20200428)","COMODO Antivirus (20200428)","Panda Dome (20200428)","Quick Heal Internet Security (20200428)","Trend Micro Internet Security (20200428)","Webroot SecureAnywhere (20200428)","McAfee Total Protection (20200428)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.compuclever.com/products/pc-clean-maestro/","directDownloadingLink":"http://www.compuclever.com/products/pc-clean-maestro/download/","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"","sourceIndex":"2411"}],"sampleFiles":["200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Samples/pccum.exe","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Samples/pccleanmaestro_setup.exe"],"imageFiles":["200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-003/PC Clean Maestro red.png","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-017/PC Clean Maestro 004 1.png","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-017/PC Clean Maestro top internal offers.png","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-004/PC Clean Maestro 004 1.png","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-004/PC Clean Maestro 004 vid.gif","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-084/PC Clean Maestro unscheduled.png"],"nonDeceptorImageFiles":["200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-065/PC Clean Maestro Install.png","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-065/PC Clean Maestro EULA.png","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-065/PC Clean Maestro About.png","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-065/PC Clean Maestro Landing Page.png","200326/D-K7-PCCleanMaestro-171106/4.4.3.171/Images/ACR-017/PC Clean Maestro Landing Page.png"],"guid":"8b77f67e-d2e3-48ca-a2a1-94ad737bac14_4.4.3.171_1","appID":"D-K7-PCCleanMaestro-171106","dateAdded":"200326","deceptorType":"App","name":"PC Clean Maestro","company":"CompuClever Systems","version":"4.4.3.171","sigName":"Deceptor:Win32/PCCleanMaestro!003017004084","firstVendorContactDate":"200619","firstAppEsteemReplyDate":"200619","firstResolvedDate":"200619","lastKnownStatus":"Deceptor:4.4.3.171","lastKnownDate":"200326","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-06-20T04:34:00.3751757+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1964},{"violations":{"ACR-048":"The app does not provide any control to disable the notifications, and called PUA items as threat.\n","ACR-004":"1) The app uses \"Urgency/Priority/Color Graphic\" for the identified PUA program and listed them as severe threat, providing misleading information to user and raise urgency for user to take action.\n2) The app does not provide any free fix for the identified issues.\n","ACR-006":"The monetization should be clearly attributed. The call center name and website are not disclosed next to a phone number.\nThe monetization should be clearly attributed. The call center name and website are not disclosed next to a phone number.\n","ACR-014":"1) The app reports PUP as \"High\" severity issues, which misleads the consumer into taking action\n2)The app shows that the \"Protection is Low\", even though the windows defender is turned on.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not disclose \"EULA\" and \"Refund Policy\" in the internal offers page.\n","ACR-099":"The app does not have uninstall information in the software.\n","ACR-166":"The app does not disclose the license period to the consumer in the internal offers.\n","ACR-171":"The app does not disclose recurring payment information in the internal offers.\n"},"samples":[{"isRevoked":"False","fileName":"antivirus-setup.exe","isInstaller":"True","companyName":"Outbyte","productName":"Antivirus","productVersion":"3.x","fileVersion":"3.1.7.54560","hashMD5":"d7b8c5f3456581d4ed523ba77125b317","hashSHA1":"b11c2e347bba1eaa9a92a7df5fbc15d0be5e36bf","hashSHA256":"f898ceec823b79e81cd3a2b1d4dd623df1ee3e7bcfe17ffeeb42bf85293e71dd","digitalCertThumbprint":"A672BA253AC55FBD453A320BDE246A6AC92166AE","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Outbyte Computing Pty Ltd","sourceIndex":"2512","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Outbyte\\Antivirus\\Antivirus.exe","companyName":"Outbyte","productName":"Antivirus","productVersion":"3.x","fileVersion":"3.1.7.54560","hashMD5":"2338ce24826c201e570245a4d947f5e5","hashSHA1":"0b01ec0bf2be1b1ffd4406035c73a1c2cdc865bc","hashSHA256":"e80ffe243d2d942be77d1f3179fd79001d687ed9fa828b38863adf9c7deac902","digitalCertThumbprint":"8D4F2B1D8921CA0D2464ABAC231A5F4835FE9356","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Outbyte Computing Pty Ltd","sourceIndex":"2512","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Affiliate search \"software\"","reference":"","landingPage":"https://outbyte.com/en/software/antivirus/","directDownloadingLink":"https://outbyte.com/software/antivirus/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://outbyte.com/software/antivirus/download/","sourceIndex":"2512"}],"sampleFiles":["200323/OutByteAntivirus-200320/3.1.7.54560/Samples/antivirus-setup.exe"],"imageFiles":["200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-004/ACR-004_Software_exaggeratedResults.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-048/ACR-048_Software_NoOptionToDisableTheNotification.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-006/ACR-006_Software_NoDisclosureForMonetization.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-006/ACR-006_Software_NoDisclosureForMonetization1.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-014/ACR-014_Software_Exaggeration.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-014/ACR-014_Software_exaggeratedResults.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-006/ACR-006_InternalOffers_NoDisclosureForMonetization.JPG"],"nonDeceptorImageFiles":["200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-166/ACR-166_InternalOffers_NoInfoAbtTheLicenseAggrement.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-171/ACR-171_InternalOffers_NoInfoAbtTheAutoRenewal.JPG","200323/OutByteAntivirus-200320/3.1.7.54560/Images/ACR-065/ACR-065_InternalOffers_NoEula&RefundPolicy.JPG"],"guid":"18bc3b83-652c-4f43-bef8-73578238ca4f_3.1.7.54560_1","appID":"OutByteAntivirus-200320","dateAdded":"200323","deceptorType":"App","name":"Outbyte Antivirus","company":"Outbyte Computing Pty Ltd","version":"3.1.7.54560","sigName":"Deceptor:Win32/OutbyteAntivirus!004048006014","firstVendorContactDate":"200324","firstAppEsteemReplyDate":"200324","firstResolvedDate":"200324","lastKnownStatus":"3.1.7.54560","lastKnownDate":"200323","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid","lastUpdate":"2020-03-26T22:57:35.9244056+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1969},{"violations":{"ACR-003":"The app describes Invalid CLSID Entries as errors, which raises an exaggerated sense of urgency for the consumer.\n","ACR-004":"The app does not fix free scan results.\n","ACR-014":"The app misleads the consumer into thinking there is a serious problem with their system by describing Registry issues as Errors.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial. There is also no mention of a 30 day money back guarantee.\n","ACR-099":"The app does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"PcBugDoctor.EXE","fileVersion":"1.0","hashMD5":"46ab16eedb37920a9f23f004fdd57622","hashSHA1":"5393de83e763a36f15309439ac0c2a6227afb899","hashSHA256":"acb08ad65a785bd706382e352b69c1db5d9cf5e25bcca33347f6121c366ff2c4","sourceIndex":"382","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBugDoctor_newsetup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"1a5ec6f7ba6351f8fb22b0528c11dfe4","hashSHA1":"ef90fea278fecd4b845cc1c72d399ac17ead2af6","hashSHA256":"c654da2d309c9f019ce7c0183bec6c22314ecf97e553497f5c2bb3642980fbcd","sourceIndex":"382","avBlockList":["360 Total Security (20200625)","Avast Premium Security (20200625)","AVG Internet Security (20200625)","Avira Internet Security (20200625)","Bitdefender Internet Security (20200625)","Dr.Web Security Space (20200625)","ESET Internet Security (20200625)","G DATA INTERNET SECURITY (20200625)","K7 Total Security (20200625)","Kaspersky Internet Security (20200625)","Malwarebytes Premium (20200625)","McAfee Total Protection (20200625)","Norton Security (20200625)","Panda Dome (20200625)","Quick Heal Internet Security (20200625)","Sophos Home Premium (20200625)","SpyHunter5 (20200625)","Tencent PC Manager (20200625)","Total AV Antivirus Pro (20200625)","Trend Micro Internet Security (20200625)","VIPRE Advanced Security (20200625)","VirIT eXplorer PRO (20200625)","Windows Defender (20200625)"],"avAllowList":["COMODO Antivirus (20200625)","Webroot SecureAnywhere (20200625)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (registry)","landingPage":"","directDownloadingLink":"https://files.downloadnow.com/s/software/10/37/23/04/PCBugDoctor_newsetup.exe?token=1585037296_36977307cbc36bc5e4a00672b0af49c0&fileName=PCBugDoctor_newsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.downloadnow.com/s/software/10/37/23/04/PCBugDoctor_newsetup.exe?token=1585037296_36977307cbc36bc5e4a00672b0af49c0&fileName=PCBugDoctor_newsetup.exe","sourceIndex":"382"}],"sampleFiles":["200323/BugDoctor-171213/1.0.0.4/Samples/PCBugDoctor.exe","200323/BugDoctor-171213/1.0.0.4/Samples/PCBugDoctor_newsetup.exe"],"imageFiles":["200323/BugDoctor-171213/1.0.0.4/Images/ACR-003/BugDoctor 1 Error.png","200323/BugDoctor-171213/1.0.0.4/Images/ACR-014/BugDoctor 1 Error.png","200323/BugDoctor-171213/1.0.0.4/Images/ACR-004/Bug Doctor 1 Unlock.png","200323/BugDoctor-171213/1.0.0.4/Images/ACR-004/BugDoctor 1 Error.png"],"nonDeceptorImageFiles":["200323/BugDoctor-171213/1.0.0.4/Images/ACR-065/BugDoctor 1 Install.png","200323/BugDoctor-171213/1.0.0.4/Images/ACR-065/BugDoctor 1 Support.png","200323/BugDoctor-171213/1.0.0.4/Images/ACR-170/Bug Doctor 1 Unlock.png","200323/BugDoctor-171213/1.0.0.4/Images/ACR-170/BugDoctor 1 Error.png","200323/BugDoctor-171213/1.0.0.4/Images/ACR-099/BugDoctor 1 Support.png"],"guid":"03b8cb58-6d93-47ac-9ecf-b63d6dc82b95_1.0.0.4_1","appID":"BugDoctor-171213","dateAdded":"200323","deceptorType":"App","name":"Bug Doctor","company":"Maximum Software","version":"1.0.0.4","sigName":"Deceptor:Win32/BugDoctor!003014004","lastKnownStatus":"Deceptor:7.1.1.2;3.0.3.8;1.0.0.4","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-07T22:34:49.232214+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1970},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from scanning on startup from the software interface.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the install that shows the app's Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n\n","ACR-161":"The application has testimonials on the landing page but does not provide links back to a source so consumers can verify if they're real.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial. There is also no mention of a 30 day money back guarantee.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The software has no link or information that shows how it can be uninstalled.\nThe application's landing page has no links or information that shows how it can be uninstalled.\nThe application's internal offer has no links or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The consumer is required to opt-out of recurring payment.\nThe consumer is required to opt-out of recurring payment.\n"},"samples":[{"isRevoked":"False","fileName":"BugDoc-setup.exe","isInstaller":"True","companyName":"Maximum Publishing","productName":"Bug Doctor","productVersion":"7.1.1.2","fileVersion":"7.1.1.2","hashMD5":"98112808bd52cf03df3963b7139e8ab8","hashSHA1":"0b0fa88b383c88418fd84da1526948e13d10d3e0","hashSHA256":"248c032b43b596935fc7f3eb557a4f4e97bce6a79c55cf4232f195219575ea29","digitalCertThumbprint":"7ADBBC245A7F2EE48A156ED45186550B94738EE0","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Maximum Publishing LLC","sourceIndex":"3801","avBlockList":["360 Total Security (20200625)","Avira Internet Security (20200625)","Bitdefender Internet Security (20200625)","COMODO Antivirus (20200625)","Dr.Web Security Space (20200625)","ESET Internet Security (20200625)","G DATA INTERNET SECURITY (20200625)","K7 Total Security (20200625)","Kaspersky Internet Security (20200625)","Malwarebytes Premium (20200625)","McAfee Total Protection (20200625)","Norton Security (20200625)","Panda Dome (20200625)","Quick Heal Internet Security (20200625)","Sophos Home Premium (20200625)","SpyHunter5 (20200625)","Tencent PC Manager (20200625)","Trend Micro Internet Security (20200625)","VIPRE Advanced Security (20200625)","VirIT eXplorer PRO (20200625)","Webroot SecureAnywhere (20200625)","Windows Defender (20200625)","Total AV Antivirus Pro (20200625)"],"avAllowList":["Avast Premium Security (20200625)","AVG Internet Security (20200625)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (registry)","landingPage":"http://www.thebugdoctor.com/","directDownloadingLink":"http://www.thebugdoctor.com/BugDoc-setup.exe","ipv4":"","ipv6":"","sourceIndex":"3801"}],"sampleFiles":["171215/BugDoctor-171213/7.1.1.2/Samples/BugDoc-setup.exe"],"imageFiles":["171215/BugDoctor-171213/7.1.1.2/Images/ACR-084/ACR_084_software.JPG"],"nonDeceptorImageFiles":["171215/BugDoctor-171213/7.1.1.2/Images/ACR-065/ACR-065_internaloffer.JPG","171215/BugDoctor-171213/7.1.1.2/Images/ACR-065/ACR-065_install.JPG","171215/BugDoctor-171213/7.1.1.2/Images/ACR-065/ACR-065_software.JPG","171215/BugDoctor-171213/7.1.1.2/Images/ACR-161/ACR-161_landingpage.JPG","171215/BugDoctor-171213/7.1.1.2/Images/ACR-161/ACR-161_landingpage1.JPG","171215/BugDoctor-171213/7.1.1.2/Images/ACR-099/ACR-099_software.JPG","171215/BugDoctor-171213/7.1.1.2/Images/ACR-171/ACR-171_internaloffer.JPG","171215/BugDoctor-171213/7.1.1.2/Images/ACR-171/ACR-171_landingpage.JPG"],"guid":"03b8cb58-6d93-47ac-9ecf-b63d6dc82b95_7.1.1.2_1","appID":"BugDoctor-171213","dateAdded":"200323","deceptorType":"App","name":"Bug Doctor","company":"Maximum Software","version":"7.1.1.2","sigName":"Deceptor:Win32/BugDoctor!084","lastKnownStatus":"Deceptor:7.1.1.2;3.0.3.8;1.0.0.4","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-07T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":3,"sortOrder":1972},{"violations":{"ACR-004":"The app provided list of outdated drivers, presenting alarming message to mislead user and raise urgency. App uses alarming color and graph and timer representing drivers status, misleading user about severity and urgency. \n","ACR-017":"App uses false and unverifiable 3rd party representations (for example: silver Microsoft Partner) to mislead user. \nApp uses false and unverifiable 3rd party representations (for example: silver Microsoft Partner) to mislead user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driver-updater-setup.exe","isInstaller":"True","companyName":"Au˜slogics                                                  ","fileVersion":"1.23","hashMD5":"ddc1b77c53113dced717d9317d665bb4","hashSHA1":"96c3d95c874aabab3fae83c6027d11380bdd91a8","hashSHA256":"50e7e6dca79f49887bb7a42d23db40c706963c7acc9d639de8c42f551c53de74","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU, SERIALNUMBER=45163028662, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"2492","avBlockList":["360 Total Security (20200423)","Avast Premium Security (20200423)","AVG Internet Security (20200423)","Avira Internet Security (20200423)","Bitdefender Internet Security (20200423)","COMODO Antivirus (20200423)","Dr.Web Security Space (20200423)","ESET Internet Security (20200423)","G DATA INTERNET SECURITY (20200423)","K7 Total Security (20200423)","Malwarebytes Premium (20200423)","McAfee Total Protection (20200423)","Norton Security (20200423)","Panda Dome (20200423)","Quick Heal Internet Security (20200423)","Sophos Home Premium (20200423)","SpyHunter5 (20200423)","Tencent PC Manager (20200423)","Trend Micro Internet Security (20200423)","VIPRE Advanced Security (20200423)","VirIT eXplorer PRO (20200423)","Webroot SecureAnywhere (20200423)","Windows Defender (20200423)","Total AV Antivirus Pro (20200423)"],"avAllowList":["Kaspersky Internet Security (20200423)"]},{"isRevoked":"False","fileName":"DriverHiveEngine.dll","companyName":"Bootstrap Development, LLC","fileVersion":"1.0","hashMD5":"5e05e36ab1ed4db8b9ca62115e421c7a","hashSHA1":"ddd781564f8b1f8c2d85e1f9108b1e4036588ae2","hashSHA256":"76e10c3cfa400be87498e0dbbd56aade9c5ecec1c1957c5ae9c292a79e41260e","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"2492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverUpdater.exe","companyName":"Au˜slogics","fileVersion":"1.23","hashMD5":"620a48b86fe857e52989a00bed34d599","hashSHA1":"ecfffd4d33d2d45fd0192c1419a4e40d0bef6e0a","hashSHA256":"d4077034ec8bb596ae56e8abf85d453845684b1211f007a08a24178e53c2fd01","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"2492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverUpdaterHelper.dll","companyName":"Auslog˜ics","fileVersion":"1.23","hashMD5":"cf44472e27cec71e4edffd8ba24d2fa4","hashSHA1":"a285b912cf0118b94e35bc7744b76348d33ffed1","hashSHA256":"611aab1243d1dad93cac23fa3fdd26e61b56e11cf701daa1ba063390f164da9e","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"2492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"unins000.exe","fileVersion":"0.0","hashMD5":"2b2b1a81f366657dc1e2826a959761f7","hashSHA1":"c3a09030479d8b373ffc72a1a5382fc7100100b0","hashSHA256":"d133ecaebb3bb16e3006abcc89dd195541a492c98eaf73ecaecd139d649a2b64","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"2492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GoogleAnalyticsHelper.dll","companyName":"A˜uslogics","fileVersion":"3.1","hashMD5":"41d0ac90e1d8a3f8162d4cc8f7532fa0","hashSHA1":"cda864ba140931f6537595f8b38af20a0673b373","hashSHA256":"3b1b10be4a00ef1d9149ac127084b9a29091a561e998d07429f3cca05861880a","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"2492","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Review current deceptor version","reference":"","landingPage":"https://www.auslogics.com/en/software/driver-updater/","directDownloadingLink":"http://downloads.auslogics.com/en/driver-updater/driver-updater-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.auslogics.com/en/driver-updater/driver-updater-setup.exe","sourceIndex":"2492"}],"sampleFiles":["200323/AuslogicsDriverUpdater-181219/1.23.0.2/Samples/driver-updater-setup.exe","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Samples/DriverHiveEngine.dll","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Samples/DriverUpdater.exe","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Samples/DriverUpdaterHelper.dll","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Samples/unins000.exe","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Samples/GoogleAnalyticsHelper.dll"],"imageFiles":["200323/AuslogicsDriverUpdater-181219/1.23.0.2/Images/ACR-017/ACR-017_1.JPG","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Images/ACR-017/ACR-004_3.JPG","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Images/ACR-004/[9] AuslogicDriverUpdater_Diagnosis [3].png","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Images/ACR-004/[9] AuslogicDriverUpdater_Diagnosis [4].png","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Images/ACR-004/[9] AuslogicDriverUpdater_Diagnosis [5].png","200323/AuslogicsDriverUpdater-181219/1.23.0.2/Images/ACR-004/[11] AuslogicDriverUpdater_Payment.png"],"nonDeceptorImageFiles":[],"guid":"29b7c614-bdf4-4a10-8011-7a845ced1d01_1.23.0.2_1","appID":"AuslogicsDriverUpdater-181219","dateAdded":"200323","deceptorType":"App","name":"Auslogics Driver Updater","company":"Auslogics Labs Pty Ltd","version":"1.23.0.2","sigName":"Deceptor:Win32/AuslogicsDriverUpdater!004017","firstResolvedVersion":"1.24.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.18.0.0;1.21.2.0;1.23.0.2","lastKnownDate":"200323","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-04-23T05:58:05.8662614+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1973},{"violations":{"ACR-048":"Close button will make the app minimize to the system tray. The app doesn't have an option to turn this off in settings or show a notification that the app is still running in the background.\n","ACR-004":"The app doesn't display its scan result after scan completes in overview. Instead it shows the scan results when user move mouse over the app icon in systray. To fix them, app asks subscription service payment (annual payment) to fix them without providing the approach for user to verify its service, like free trial to verify its service or just one time fix payment.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free Trial\", \"Free to try\" and \"Free Download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The testimonials needs to be verifiable.\n","ACR-088":"The app performs a scan without consumer consent or action\n","ACR-055":"The option needs to be made obvious to the consumer as the app displays \"I don’t want to speed up my pc\", which attempts to guilt the consumer to take action.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable logos and the Microsoft Partner logo needs to disclose “Developed By” or “Using Technologies”.\n\n","ACR-014":"The app needs to update \"Outdated\" images to the \"Up-To-Date\" images in the landing page\n"},"samples":[{"isRevoked":"False","fileName":"driver-updater-setup.exe","isInstaller":"True","companyName":"Auslogics                                                   ","productName":"Auslogics Driver Updater                                    ","productVersion":"1.21.2.0                                          ","fileVersion":"1.x                 ","hashMD5":"99b5cafde096044269fd334f969a82bb","hashSHA1":"3494ad587a7c59bddf7d7886c733e8982e5ba1b9","hashSHA256":"4e1e8711bd90f462afda162426083b37204634e9467789eaa329269ce0820ad3","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"2868","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Re-review the resolved deceptor","reference":"","landingPage":"https://www.auslogics.com/en/software/driver-updater/","directDownloadingLink":"https://www.auslogics.com/en/software/driver-updater/after-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.auslogics.com/en/software/driver-updater/after-download/","sourceIndex":"2868"}],"sampleFiles":["190822/AuslogicsDriverUpdater-181219/1.21.2.0/Samples/driver-updater-setup.exe"],"imageFiles":["190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-048/ACR_048_Software_ApplicationIsNotClosing.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-004/ACR-004_AnnualSubscriptionForTheApp.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-004/ACR-004_System_ ShowsTheScanResultsWhenUserMoveMouseOverTheAppIconInSystray.JPG"],"nonDeceptorImageFiles":["190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-045/ACR-045_LandingPage_FreeIsHighlighted.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-045/ACR-045_LandingPage_FreeIsHighlighted1.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-045/ACR-045_LandingPage_FreeDownload_Is_Misleading.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-055/ACR-055_LandingPage_NegativeStatement.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-014/ACR-014_LandingPage_TheScreenshotsOfTheAppAvailableInTheLandingPageNeedsToBeupdated.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-014/ACR-014_LandingPage_TheScreenshotsOfTheAppAvailableInTheLandingPageNeedsToBeupdated1.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-017/ACR-017_LandingPage_UnverifiableLogo.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-017/ACR-017_LandingPage_UnverifiableLogo1.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-161/ACR-161_LandingPage_TestimonialsShouldBeVerifiable.JPG","190822/AuslogicsDriverUpdater-181219/1.21.2.0/Images/ACR-088/ACR-088_Software_TheAppPerformsScanWithoutConsumerConsent.JPG"],"guid":"29b7c614-bdf4-4a10-8011-7a845ced1d01_1.21.2.0_1","appID":"AuslogicsDriverUpdater-181219","dateAdded":"200323","deceptorType":"App","name":"Auslogics Driver Updater","company":"Auslogics Labs Pty Ltd","version":"1.21.2.0","sigName":"Deceptor:Win32/AuslogicsDriverUpdater!004048","firstResolvedVersion":"1.24.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.18.0.0;1.21.2.0;1.23.0.2","lastKnownDate":"200323","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-03-23T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1974},{"violations":{"ACR-003":"The app exaggerates the outdated drivers as \"Obsolete\", thereby misleading or scaring the consumer to take action. The app needs to cleanup the word \"Obsolete\" in the software.\n","ACR-004":"1. App requires the pay to service to fix the \"obsoleted\" driver issues.\n2. App should avoid raising \"Urgency/Priority/Color Graphic\" for the identified issues. App uses alarming color to differentiate the priority and urgency. (suggest to avoid Red/Orange/Yellow colors pattern that is commonly used  for alarming and urgency purpose).\n","ACR-010":"The offered app “Anti-Malware” contains deceptive behavior. The carrier app needs to make sure that the offered app doesn’t have any deceptive behavior.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable or expired endorsements as \"Norton\" logo is unable to validate. Microsoft Partner logo needs to disclose “Developed By” or “Using Technologies” and should be verifiable. \nThe app elevates its consumer trust level by displaying unverifiable or expired endorsements. Microsoft Partner logo needs to disclose “Developed By” or “Using Technologies” and should be verifiable. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components on the device without the consumer's consent.\n","ACR-059":"The offer is not marked as Offer, the recommended by \"who\" is not clear.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose original filename for \"driver-updater-setup.exe\" executable.\n","ACR-045":"\"Free Trial\" and \"Free to try\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-065":"The app needs to disclose privacy policy during installation.\nThe app needs to disclose EULA, as the provided link takes the consumer to privacy policy.\n","ACR-099":"The app needs to disclose uninstall information in the software.\n","ACR-120":"During uninstallation, the app offers same product to the consumer at a lower price (30% off).\n","ACR-055":"The option needs to be made obvious to the consumer as the app displays \"I don’t want to speed up my pc\", which attempts to guilt the consumer to take action.\n","ACR-017":"Microsoft Partner logo needs to disclose “Developed By” or “Using Technologies” and should be verifiable. \n"},"samples":[{"isRevoked":"False","fileName":"driver-updater-setup.exe","isInstaller":"True","companyName":"Aus˜logics                                                  ","productName":"Aus˜logics Dri˜ver Updater                                  ","productVersion":"1.18.0.0                                          ","fileVersion":"1.x                 ","hashMD5":"46b5ccab570700044ff9d583c06cb786","hashSHA1":"e572eee8f25c42e18ece90ba470649022627e9e2","hashSHA256":"398423e8979380f15a99433152cd5f8fb60790d7c62733b4e416cfd838d5b1cd","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"2880","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Malwarebytes Premium (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","Kaspersky Internet Security (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Trend Micro Internet Security (20190228)","Windows Defender (20190228)"]}],"additionalFiles":[],"sources":[{"howFound":"Re-review the resolved deceptor","reference":"","landingPage":"https://www.auslogics.com/en/software/driver-updater/","directDownloadingLink":"https://www.auslogics.com/en/software/driver-updater/after-download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.auslogics.com/en/software/driver-updater/after-download/","sourceIndex":"2880"}],"sampleFiles":["190822/AuslogicsDriverUpdater-181219/1.18.0.0/Samples/driver-updater-setup.exe"],"imageFiles":["190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-003/ACR-003_Software_AppExaggerates.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-010/ACR-010_Software_OffersDeceptorApp.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-017/ACR-017_Install_MisleadingLogo.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-017/ACR-017_Software_MisleadingLogo.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-017/ACR-017_Software_MisleadingLogo1.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-004/ACR-004_Software_RaisesUrgency.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-004/ACR-004_Software_RaisesUrgency1.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-004/DriverUpdater_004.PNG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-118/ACR-118_Uninstall_RetainsExecutables.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-059/ACR-059_In-BundleOffers_RecommendedByWhoIsNotClear.JPG"],"nonDeceptorImageFiles":["190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-038/ACR-038_Install_NoOriginalFileName.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-045/ACR-045_LandingPage_FreeIsHighlighted.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-045/ACR-045_LandingPage_FreeIsHighlighted1.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-055/ACR-055_LandingPage_NegativeStatement.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-065/ACR-065_Software_NoEULA.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-017/ACR-017_LandingPage_MisleadingLogo.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-099/ACR-099_Software_NoUninstallInfo.JPG","190822/AuslogicsDriverUpdater-181219/1.18.0.0/Images/ACR-120/ACR-120_Uninstall_OffersDiscount.JPG"],"guid":"29b7c614-bdf4-4a10-8011-7a845ced1d01_1.18.0.0_1","appID":"AuslogicsDriverUpdater-181219","dateAdded":"200323","deceptorType":"App","name":"Auslogics Driver Updater","company":"Auslogics Labs Pty Ltd","version":"1.18.0.0","sigName":"Deceptor:Win32/AuslogicsDriverUpdater!003010017004118059 ","firstResolvedVersion":"1.24.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.18.0.0;1.21.2.0;1.23.0.2","lastKnownDate":"200323","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-03-23T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1975},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries with a severity level above \"Low\" (e.g. \"Medium\", \"High\", \"Danger\", etc.) and uses red to mislead and/or scare the user.\n","ACR-004":"The app does not provide a fully functional trial and requires purchase to fix all scan results.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n\n"},"nonDeceptorViolations":{"ACR-065":"The software does not contain links to the app's EULA, Terms of Service, Returns and Cancellations Policy, Privacy Policy.\n","ACR-099":"The landing page does not contain links to uninstall information.\nThe software does not provide links to uninstall information anywhere on the app.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n\n"},"samples":[{"isRevoked":"False","fileName":"Smart_PC_Privacy_Cleaner_Pro_Setup.exe","isInstaller":"True","companyName":"LionSea Software                                            ","fileVersion":"0.0","hashMD5":"078e08d99a6ef38a0ddb64419789a45a","hashSHA1":"ed9e125ed9ffd687ba156eddd54618a5d65b1a9b","hashSHA256":"a2d915a436036fc1fff7517771563b21e3288d30b05c7c06eddc63a6d0c300ed","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"2513","avBlockList":["Avast Premium Security (20200625)","AVG Internet Security (20200625)","Avira Internet Security (20200625)","Bitdefender Internet Security (20200625)","COMODO Antivirus (20200625)","Dr.Web Security Space (20200625)","ESET Internet Security (20200625)","G DATA INTERNET SECURITY (20200625)","K7 Total Security (20200625)","Kaspersky Internet Security (20200625)","Malwarebytes Premium (20200625)","McAfee Total Protection (20200625)","Norton Security (20200625)","Panda Dome (20200625)","Quick Heal Internet Security (20200625)","Sophos Home Premium (20200625)","SpyHunter5 (20200625)","Tencent PC Manager (20200625)","Trend Micro Internet Security (20200625)","VIPRE Advanced Security (20200625)","VirIT eXplorer PRO (20200625)","Webroot SecureAnywhere (20200625)","Windows Defender (20200625)","Total AV Antivirus Pro (20200625)"],"avAllowList":["360 Total Security (20200625)"]},{"isRevoked":"False","fileName":"Smart_PC_Privacy_Cleaner_Pro.exe","fileVersion":"1.0","hashMD5":"bb35473298e021191a050db42361e85b","hashSHA1":"14f7523393e5540db5c4648c5f31b77921fd97f3","hashSHA256":"59fad9a5391a3a9326c60deaf85350d01b68ce88e942f0ab3916f57b2e3609d7","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"2513","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.lionsea.com/product_pcprivacycleanerfixer.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_PC_Privacy_Cleaner_Pro_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.lionsea.com/download/fixer/Smart_PC_Privacy_Cleaner_Pro_Setup.exe","sourceIndex":"2513"}],"sampleFiles":["200323/SmartPCPrivacyCleaner-171103/4.6.6/Samples/Smart_PC_Privacy_Cleaner_Pro_Setup.exe","200323/SmartPCPrivacyCleaner-171103/4.6.6/Samples/Smart_PC_Privacy_Cleaner_Pro.exe"],"imageFiles":["200323/SmartPCPrivacyCleaner-171103/4.6.6/Images/ACR-017/Internal Offers.png","200323/SmartPCPrivacyCleaner-171103/4.6.6/Images/ACR-003/ACR-003.png","200323/SmartPCPrivacyCleaner-171103/4.6.6/Images/ACR-004/PC Privacy Cleaner ACR-004.gif"],"nonDeceptorImageFiles":["200323/SmartPCPrivacyCleaner-171103/4.6.6/Images/ACR-017/Landing Page.png","200323/SmartPCPrivacyCleaner-171103/4.6.6/Images/ACR-099/Landing Page.png","200323/SmartPCPrivacyCleaner-171103/4.6.6/Images/ACR-065/Home Page.png","200323/SmartPCPrivacyCleaner-171103/4.6.6/Images/ACR-099/Home Page.png"],"guid":"43bd1d82-a97a-44b9-bae7-dc0253ef7741_4.6.6_1","appID":"SmartPCPrivacyCleaner-171103","dateAdded":"200323","deceptorType":"App","name":"PC privacy Cleaner","company":"LionSea Software co., ltd","version":"4.6.6","sigName":"Deceptor:Win32/PCprivacyCleaner!003004017","lastKnownStatus":"Deceptor: 4.2.0.0; 4.6.6","lastKnownDate":"201019","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-19T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1967},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries with a severity level above \"Low\" (e.g. \"Medium\", \"High\", \"Danger\", etc.), to mislead and/or scare the user\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n"},"nonDeceptorViolations":{"ACR-065":"Software missing Eula and privacy policy links.\n","ACR-099":"Landing page is missing uninstall link.\nSoftware is missing uninstall link.\n","ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries with a severity level above \"Low\" (e.g. \"Medium\", \"High\", \"Danger\", etc.), to mislead and/or scare the user\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n"},"samples":[{"isRevoked":"False","fileName":"Smart_PC_Privacy_Cleaner.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"Smart_PC_Privacy_Cleaner","productVersion":"4.6.6","fileVersion":"1.0.0.l","hashMD5":"078e08d99a6ef38a0ddb64419789a45a","hashSHA1":"ed9e125ed9ffd687ba156eddd54618a5d65b1a9b","hashSHA256":"a2d915a436036fc1fff7517771563b21e3288d30b05c7c06eddc63a6d0c300ed","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3707","avBlockList":["Avast Premium Security (20200625)","AVG Internet Security (20200625)","Avira Internet Security (20200625)","Bitdefender Internet Security (20200625)","COMODO Antivirus (20200625)","Dr.Web Security Space (20200625)","ESET Internet Security (20200625)","G DATA INTERNET SECURITY (20200625)","K7 Total Security (20200625)","Kaspersky Internet Security (20200625)","Malwarebytes Premium (20200625)","McAfee Total Protection (20200625)","Norton Security (20200625)","Panda Dome (20200625)","Quick Heal Internet Security (20200625)","Sophos Home Premium (20200625)","SpyHunter5 (20200625)","Tencent PC Manager (20200625)","Trend Micro Internet Security (20200625)","VIPRE Advanced Security (20200625)","VirIT eXplorer PRO (20200625)","Webroot SecureAnywhere (20200625)","Windows Defender (20200625)","Total AV Antivirus Pro (20200625)"],"avAllowList":["360 Total Security (20200625)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.lionsea.com/product_pcprivacycleanerfixer.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_PC_Privacy_Cleaner_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3707"}],"sampleFiles":[],"imageFiles":["180119/SmartPCPrivacyCleaner-171103/4.2.0.0/Images/ACR-003/acr_003.PNG","180119/SmartPCPrivacyCleaner-171103/4.2.0.0/Images/ACR-003/acr_003_1.PNG","180119/SmartPCPrivacyCleaner-171103/4.2.0.0/Images/ACR-017/acr_017_OP.PNG","180119/SmartPCPrivacyCleaner-171103/4.2.0.0/Images/ACR-017/acr_017_LP.PNG"],"nonDeceptorImageFiles":["180119/SmartPCPrivacyCleaner-171103/4.2.0.0/Images/ACR-003/acr_003.PNG","180119/SmartPCPrivacyCleaner-171103/4.2.0.0/Images/ACR-003/acr_003_1.PNG","180119/SmartPCPrivacyCleaner-171103/4.2.0.0/Images/ACR-017/acr_017_OP.PNG","180119/SmartPCPrivacyCleaner-171103/4.2.0.0/Images/ACR-017/acr_017_LP.PNG"],"guid":"43bd1d82-a97a-44b9-bae7-dc0253ef7741_4.2.0.0_1","appID":"SmartPCPrivacyCleaner-171103","dateAdded":"200323","deceptorType":"App","name":"PC privacy Cleaner","company":"LionSea Software co., ltd","version":"4.2.0.0","sigName":"Deceptor:Win32/SmartPCPrivacyCleaner!003017","lastKnownStatus":"Deceptor: 4.2.0.0; 4.6.6","lastKnownDate":"201019","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-19T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":1968},{"violations":{"ACR-003":"The app describes Invalid CLSID Entries as errors, which raises an exaggerated sense of urgency for the consumer.\n","ACR-004":"The app does not fix free scan results.\n","ACR-014":"The app misleads the consumer into thinking there is a serious problem with their system by describing Registry issues as Errors.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial. There is also no mention of a 30 day money back guarantee.\n","ACR-099":"The app does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"BugDoctor.EXE","fileVersion":"3.0","hashMD5":"bf893255a3fa35fe923b6efdc35b8a46","hashSHA1":"4082af2843c573f87530067a17a85a54b37ad993","hashSHA256":"d9b184503686b76262cda41992e14dd6f36687dafb2159f847a9ad85a97df8ee","sourceIndex":"2514","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BugdoctorSetup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"1e8fdc87c5dbe9340def2015620ca564","hashSHA1":"666c46c62b51736a257350c25b465330503e5ab3","hashSHA256":"32f7dd78e227b7c35447773702d622f39061411cd318e63963104871aed8f287","digitalCertThumbprint":"5B77A8668D52C5D5C83E0272AFD88939E1A93E69","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Maximum Publishing LLC, OU=of Corperations, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Maximum Publishing LLC, L=Lewes, S=Delaware, C=US","sourceIndex":"2514","avBlockList":["Avast Premium Security (20250204)","AVG Internet Security (20250204)","Avira Internet Security (20250204)","Bitdefender Internet Security (20250204)","COMODO Antivirus (20250204)","Dr.Web Security Space (20250204)","ESET Internet Security (20250204)","G DATA INTERNET SECURITY (20250204)","Kaspersky Internet Security (20200625)","Malwarebytes Premium (20250204)","McAfee Total Protection (20250204)","Norton Security (20250204)","Panda Dome (20250204)","Quick Heal Internet Security (20250204)","Sophos Home Premium (20250204)","SpyHunter5 (20250204)","Tencent PC Manager (20200625)","Trend Micro Internet Security (20250204)","VIPRE Advanced Security (20250204)","VirIT eXplorer PRO (20250204)","Webroot SecureAnywhere (20250204)","Windows Defender (20250204)","Total AV Antivirus Pro (20250204)","FortectPremium (20250204)","KasperskyPremium (20250204)"],"avAllowList":["360 Total Security (20250204)","K7 Total Security (20250204)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (registry)","landingPage":"","directDownloadingLink":"http://www.tucows.com/thankyou.html?swid=507152","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tucows.com/thankyou.html?swid=507152","sourceIndex":"2514"}],"sampleFiles":["200323/BugDoctor-171213/3.0.3.8/Samples/BugDoctor.exe","200323/BugDoctor-171213/3.0.3.8/Samples/BugdoctorSetup.exe"],"imageFiles":["200323/BugDoctor-171213/3.0.3.8/Images/ACR-003/BugDoctor 3 errors.png","200323/BugDoctor-171213/3.0.3.8/Images/ACR-014/BugDoctor 3 errors.png","200323/BugDoctor-171213/3.0.3.8/Images/ACR-004/BugDoctor 3 errors.png","200323/BugDoctor-171213/3.0.3.8/Images/ACR-004/BugDoctor 3 unlock.png"],"nonDeceptorImageFiles":["200323/BugDoctor-171213/3.0.3.8/Images/ACR-065/BugDoctor 3 Install.png","200323/BugDoctor-171213/3.0.3.8/Images/ACR-065/BugDoctor 3 suppirt.png","200323/BugDoctor-171213/3.0.3.8/Images/ACR-170/BugDoctor 3 errors.png","200323/BugDoctor-171213/3.0.3.8/Images/ACR-170/BugDoctor 3 unlock.png","200323/BugDoctor-171213/3.0.3.8/Images/ACR-099/BugDoctor 3 suppirt.png"],"guid":"03b8cb58-6d93-47ac-9ecf-b63d6dc82b95_3.0.3.8_1","appID":"BugDoctor-171213","dateAdded":"200323","deceptorType":"App","name":"Bug Doctor","company":"Maximum Software","version":"3.0.3.8","sigName":"Deceptor:Win32/BugDoctor!003014004","lastKnownStatus":"Deceptor:7.1.1.2;3.0.3.8;1.0.0.4","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":1971},{"violations":{"ACR-016":"The downloads are launched directly from the advertised app's ad. Example of direct download link is https://wiki-tech.net/software/pc-repair/download?_tdsurl=n1yMdT&ow_download\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"affiliate search with key word \"crash\" \"registry\" \"scan\" \"fix\"","reference":"","landingPage":"https://wiki-tech.net/","ipv4":"","ipv6":"","sourceIndex":"2432"}],"sampleFiles":[],"imageFiles":["200321/wikitechnet-200321/020321/Images/ACR-016/ACR-016_1.JPG","200321/wikitechnet-200321/020321/Images/ACR-016/ACR-016_2.JPG"],"nonDeceptorImageFiles":[],"guid":"32bb3d90-de6c-4e35-a73b-1340758e4fd8_020321_1","appID":"wikitechnet-200321","dateAdded":"200321","deceptorType":"Affiliate","name":"Wiki-Tech_Net","company":"wiki-tech.net/","version":"020321","sigName":"Deceptor:Affiliate/WikiTechNet!016","firstResolvedVersion":"200522","resolved":"TRUE","lastKnownStatus":"200321","lastKnownDate":"200321","type":"Affiliate","category":"Productivity, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE,Opera","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2020-05-23T00:13:14.723232+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1976},{"violations":{"ACR-003":"The application exaggerates shared Junk Files, File Association, Registry files Evidence files, IE settings and ActiveX  as problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying unverifiable 5 star review rating logos.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and Returns and Cancellation Policy.\nThe application's landing page has no link to the EULA and Returns and Cancellation Policy.\nThe application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that has no links back to the sources so consumers cannot verify if they're real.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-157":"The application has no signed certificate it is unsigned.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get the program for free.\n","ACR-167":"The application has no mention of a refund policy in the Docs.\n","ACR-064":"The landing page has the download button displayed as 'Free Scan' and does not clarify that it is download button.\n","ACR-171":"The internal offers shopping cart page has opt-in/opt-out check boxes pre-checked.\n","ACR-003":"The application exaggerates shared Junk Files, File Association, Registry files Evidence files, IE settings and ActiveX  as problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying unverifiable 5 star review rating logos.\n"},"samples":[{"isRevoked":"False","fileName":"wisepcdoctor_Standard_Setup.exe","isInstaller":"True","companyName":"Wise PC Doctor","productName":"Wise PC Doctor","productVersion":"3.9.8","fileVersion":"3.9.8","hashMD5":"2f1b5c72ad2a41fb3897fd83d534cfe4","hashSHA1":"b4d499fd45c9c8723b99570fce49e9aba1f5f21e","hashSHA256":"c54d84d4a520165539d9c271538fa0c8431d50971fb569e487df4cbccd4bfd87","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3709","avBlockList":["Avast Premium Security (20200625)","AVG Internet Security (20200625)","Avira Internet Security (20200625)","Bitdefender Internet Security (20200625)","COMODO Antivirus (20200625)","Dr.Web Security Space (20200625)","ESET Internet Security (20200625)","G DATA INTERNET SECURITY (20200625)","K7 Total Security (20200625)","Kaspersky Internet Security (20200625)","Malwarebytes Premium (20200625)","McAfee Total Protection (20200625)","Norton Security (20200625)","Panda Dome (20200625)","Quick Heal Internet Security (20200625)","Sophos Home Premium (20200625)","SpyHunter5 (20200625)","Tencent PC Manager (20200625)","Trend Micro Internet Security (20200625)","VIPRE Advanced Security (20200625)","VirIT eXplorer PRO (20200625)","Webroot SecureAnywhere (20200625)","Windows Defender (20200625)","Total AV Antivirus Pro (20200625)"],"avAllowList":["360 Total Security (20200625)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://softdeluxe.com/","landingPage":"http://www.wisepcdoctor.com/","directDownloadingLink":"http://www.wisepcdoctor.com/wisepcdoctor_Standard_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3709"}],"sampleFiles":["180103/WisePCDoctor-171013/3.9.8/Samples/wisepcdoctor_Standard_Setup.exe"],"imageFiles":["180103/WisePCDoctor-171013/3.9.8/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-017/ACR_017_LANDING_PAGE.PNG"],"nonDeceptorImageFiles":["180103/WisePCDoctor-171013/3.9.8/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_1.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_2.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-120/ACR-120_UNINSTALL.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-064/ACR-064_LANDING_PAGE.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-171/ACR-171_INTERNAL_OFFERS.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","180103/WisePCDoctor-171013/3.9.8/Images/ACR-017/ACR_017_LANDING_PAGE.PNG"],"guid":"018295a6-2456-45a8-aa87-0e64feca057c_3.9.8_1","appID":"WisePCDoctor-171013","dateAdded":"200317","deceptorType":"App","name":"Wise PC Doctor","company":"wisepcdoctor.com","version":"3.9.8","sigName":"Deceptor:Win32/WisePCDoctor!003","lastKnownStatus":"Deceptor:3.9.8,3.8.6","lastKnownDate":"201022","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows XP,Windows Vista,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-10-22T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":1978},{"violations":{"ACR-003":"The application exaggerates shared Junk Files, File Association, Registry files Evidence files, IE settings and ActiveX as problems/errors, thereby misleading or scaring users to take action.\n","ACR-004":"The app does not fix free scan results and describes registry issues as errors to exaggerate a sense of urgency.\n","ACR-014":"The app describes registry issues as errors in red text to exaggerate a sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The internal offers page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy\nThe application's landing page has no link to the Returns and Cancellation Policy.\nThe install does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page displays unsubstantiated testimonials.\n","ACR-092":"The application has no signed certificate it is unsigned.\n","ACR-157":"The application has no signed certificate it is unsigned.\n","ACR-099":"The internal offers page does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe app does not display links to uninstall information.\n","ACR-120":"The application prompts during uninstall stating that consumer can get the program for free.\n","ACR-064":"The landing page has the download button displayed as 'Free Scan' and does not clarify that it is download button.\n","ACR-171":"The internal offers shopping cart page has opt-in/opt-out check boxes pre-checked.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying unverifiable 5 star review rating logos.\n"},"samples":[{"isRevoked":"False","fileName":"WisePCDoctor.exe","fileVersion":"3.8","hashMD5":"547dde5ef0abd78cdf9afd89ae4b7d01","hashSHA1":"9c4577cef428f2258b47f07fcf426b67399b950c","hashSHA256":"0592cf7e0f9f9549253b97e8e579aa12c04387cd618538d30b738bc51895f79b","sourceIndex":"2521","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"wisepcdoctor_Setup.exe","isInstaller":"True","companyName":"LineTo Soft, Co,.Ltd                                        ","productName":"Wise PC Doctor","productVersion":"3.8.6","fileVersion":"0.0","hashMD5":"c3d571f6d589a98c5d97453620f091ce","hashSHA1":"a465f11ff91b066fd708041f8f1b0676169b7f2d","hashSHA256":"96c4225bc0b0e28d6932e646b2589a489f056fa0f251d2fec9aa47cda0dfa494","sourceIndex":"2521","avBlockList":["360 Total Security (20200625)","Avast Premium Security (20200625)","AVG Internet Security (20200625)","Avira Internet Security (20200625)","Bitdefender Internet Security (20200625)","Dr.Web Security Space (20200625)","ESET Internet Security (20200625)","G DATA INTERNET SECURITY (20200625)","K7 Total Security (20200625)","Kaspersky Internet Security (20200625)","Malwarebytes Premium (20200625)","McAfee Total Protection (20200625)","Norton Security (20200625)","Panda Dome (20200625)","Quick Heal Internet Security (20200625)","Sophos Home Premium (20200625)","SpyHunter5 (20200625)","Tencent PC Manager (20200625)","Trend Micro Internet Security (20200625)","VIPRE Advanced Security (20200625)","VirIT eXplorer PRO (20200625)","Webroot SecureAnywhere (20200625)","Windows Defender (20200625)","Total AV Antivirus Pro (20200625)"],"avAllowList":["COMODO Antivirus (20200625)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://softdeluxe.com/","landingPage":"http://www.wisepcdoctor.com/","directDownloadingLink":"http://www.wisepcdoctor.com/wisepcdoctor_Standard_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wisepcdoctor.com/wisepcdoctor_Standard_Setup.exe","sourceIndex":"2521"}],"sampleFiles":["200317/WisePCDoctor-171013/3.8.6/Samples/WisePcDoctor.exe","200317/WisePCDoctor-171013/3.8.6/Samples/wisepcdoctor_Setup.exe"],"imageFiles":["200317/WisePCDoctor-171013/3.8.6/Images/ACR-003/Wise PC Doctor Errors.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-003/Wise PC Doctor Problems 2.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-014/Wise PC Doctor Errors.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-004/Wise PC Doctor.gif"],"nonDeceptorImageFiles":["200317/WisePCDoctor-171013/3.8.6/Images/ACR-171/Wise PC Doctor Internal Offers.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-065/Wise PC Doctor Internal Offers.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-099/Wise PC Doctor Internal Offers.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-017/Wise PC Doctor Landing Page.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-161/Wise PC Doctor Landing Page.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-064/Wise PC Doctor Landing Page.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-065/Wise PC Doctor Landing Page.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-099/Wise PC Doctor Landing Page.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-065/Wise PC Doctor Install.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-092/Wise PC Doctor Cert.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-157/Wise PC Doctor Cert.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-065/Wise PC Doctor Settings.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-099/Wise PC Doctor Settings.png","200317/WisePCDoctor-171013/3.8.6/Images/ACR-120/Wise PC Doctor Uninstall.png"],"guid":"018295a6-2456-45a8-aa87-0e64feca057c_3.8.6_1","appID":"WisePCDoctor-171013","dateAdded":"200317","deceptorType":"App","name":"Wise PC Doctor","company":"wisepcdoctor.com","version":"3.8.6","sigName":"Deceptor:Win32/WisePCDoctor!003004014","lastKnownStatus":"Deceptor:3.9.8,3.8.6","lastKnownDate":"201022","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows XP,Windows Vista,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-10-22T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1977},{"violations":{"ACR-016":"The download button doesn't redirect user to application's website, instead it download the application directly\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"external report","reference":"https://wikifixes.com","landingPage":"https://wikifixes.com/articles/fix-and-clean-up-registry?gclid=Cj0KCQjwu6fzBRC6ARIsAJUwa2Q56psEaikThpjLEHUgYxbNAvpuKZQpx3gsLl4xIKeh5XcDGparXYYaAtgTEALw_wcB","ipv4":"","ipv6":"","sourceIndex":"2431"}],"sampleFiles":[],"imageFiles":["200314/wikifixescom-200313/200313/Images/ACR-016/wikifix_016.JPG","200314/wikifixescom-200313/200313/Images/ACR-016/wikifix_016_2.JPG"],"nonDeceptorImageFiles":[],"guid":"be5f5ddd-28ca-4997-bb85-ac84e9fcfce1_200313_1","appID":"wikifixescom-200313","dateAdded":"200314","deceptorType":"Affiliate","name":"wikifixes_com","company":"https://wikifixes.com","version":"200313","sigName":"Deceptor:Affiliate/Wikifixes!016","firstResolvedDate":"200525","firstResolvedVersion":"200525","resolved":"TRUE","lastKnownStatus":"200313","lastKnownDate":"200525","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"Chrome,Firefox,Edge,IE","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2020-05-25T19:45:32.5341906+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1979},{"violations":{"ACR-048":"The app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily.\nThe app enables the consumer to hide the app from the installed app list, which prevents it from being uninstalled easily. \n","ACR-007":"The app enables the consumer to hide all explicit notifications from the targeted consumer.\n","ACR-084":"The app is by default in stealth mode without consumer consent. The app enables the consumer to hide its app icon, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects user data and it enables the consumer to hide the app from the targeted consumer\n","ACR-097":" The app recommends users to disable \"Play Protect\" before installing.\n"},"nonDeceptorViolations":{"ACR-038":"The app installer does not have a name that allows it to be clearly identified by the targeted consumer as related to the app. The app disguise as running service: \"System Update Service\"\n","ACR-002":" The App's company name is not consistent across App interaction. It shows different names as \"KidsGuard\" and \"System Update Service\" in the running service/apps section.\n The App's company name is not consistent across App interaction. It shows different names as \"KidsGuard\" and \"System Update Service\" in the running service/apps section.\n","ACR-087":"The app offers to disable Google Play Protect.\n"},"samples":[{"isRevoked":"False","fileName":"app-release.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e8abd4e4f8095a676187a4f1ae221b81439dbd2d25a067959f7a86c9942ebecc","sourceIndex":"2529","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"customer report","reference":"https://www.clevguard.com","landingPage":"http://www.installapp.net/setup.apk","directDownloadingLink":"http://www.installapp.net/setup.apk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.installapp.net/setup.apk","sourceIndex":"2529"}],"sampleFiles":["200226/KidsGuard-200226/3.4.0/Samples/app-release.apk"],"imageFiles":["200226/KidsGuard-200226/3.4.0/Images/ACR-084/Running Services.png","200226/KidsGuard-200226/3.4.0/Images/ACR-048/KidsGuard_after_installation [2].png","200226/KidsGuard-200226/3.4.0/Images/ACR-048/KidsGuard_after_installation [3].png","200226/KidsGuard-200226/3.4.0/Images/ACR-048/Running Services.png","200226/KidsGuard-200226/3.4.0/Images/ACR-086/Stalker_Dashboard.png","200226/KidsGuard-200226/3.4.0/Images/ACR-048/KidsGuard_after_installation [3].png"],"nonDeceptorImageFiles":["200226/KidsGuard-200226/3.4.0/Images/ACR-038/Running Services.png","200226/KidsGuard-200226/3.4.0/Images/ACR-002/Running Services.png","200226/KidsGuard-200226/3.4.0/Images/ACR-002/KidsGuardPro.png","200226/KidsGuard-200226/3.4.0/Images/ACR-002/Running Services.png","200226/KidsGuard-200226/3.4.0/Images/ACR-087/Disable_GooglePlayProtect.png"],"guid":"0d06567e-6371-43ce-87bb-545455a11afd_3.4.0_1","appID":"KidsGuard-200226","dateAdded":"200226","deceptorType":"Android App","name":"KidsGuard Pro","company":"ClevGuard","version":"3.4.0","sigName":"Deceptor:Android/KidsGuardProStalkerware!084048007086097","lastKnownStatus":"3.4.0","lastKnownDate":"200226","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-02-27T07:28:43.3748715+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1981},{"violations":{"ACR-109":"The app installs Falcon Games shortcut link without user consent.\n The app downloads \"rlservice.exe\" and/or \"rkverify.exe, RelevantKnowledge files.\n","ACR-048":" There is a \"decline \" button that when pressed it still downloads and run “rkverify.exe”, a RelevantKnowledge file.\n","ACR-118":"xecutable component “rlvknlg.exe” is still left on the system after uninstall is performed.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy. \n"},"samples":[{"isRevoked":"False","fileName":"PiratesTreasuresSetup.exe","isInstaller":"True","companyName":"FalcoWare, Inc.                                             ","fileVersion":"0.0","hashMD5":"6da3077dbffa184daf8900c76c73da6a","hashSHA1":"3d750197c565cb29552584009fb8db1ef0410161","hashSHA256":"0275a669638c43967460aa1556bdc36b61c4e70ee2f44d466eecc7eca2bdb9e5","digitalCertThumbprint":"F7D96F2D19AC3895AD8F234F562D1BC58F4FA8CF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Valeriy Sokolov, O=Valeriy Sokolov, STREET=\"Kievskaya street, 59-52\", L=Tomsk, S=Russia, PostalCode=634061, C=RU","sourceIndex":"2530","avBlockList":["360 Total Security (20200702)","Avast Premium Security (20200702)","AVG Internet Security (20200702)","Avira Internet Security (20200702)","Bitdefender Internet Security (20200702)","Dr.Web Security Space (20200702)","ESET Internet Security (20200702)","G DATA INTERNET SECURITY (20200702)","K7 Total Security (20200702)","Kaspersky Internet Security (20200702)","Malwarebytes Premium (20200702)","McAfee Total Protection (20200702)","Norton Security (20200702)","Panda Dome (20200702)","Quick Heal Internet Security (20200702)","Sophos Home Premium (20200702)","SpyHunter5 (20200702)","Tencent PC Manager (20200702)","VIPRE Advanced Security (20200702)","VirIT eXplorer PRO (20200702)","Webroot SecureAnywhere (20200702)","Windows Defender (20200702)","Total AV Antivirus Pro (20200702)"],"avAllowList":["COMODO Antivirus (20200702)","Trend Micro Internet Security (20200702)"]},{"isRevoked":"False","fileName":"PiratesTreasures.exe","companyName":"Adobe Systems, Inc.","fileVersion":"10.1","hashMD5":"d9328eac47ba65ce3f3ba8b8328504f1","hashSHA1":"4da62da62da49f07a6a83662849d30ecc4cd791b","hashSHA256":"4ba2bb16884111a7dd53e590b9717b1068a105a4fb69fcc38e92d113f61d371d","digitalCertThumbprint":"C066E010388F4C26E918FCCF14B78389478D7286","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Adobe Systems Incorporated, OU=Information Systems, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US","sourceIndex":"2530","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlservice.exe","companyName":"TMRG,  Inc.","fileVersion":"1.1","hashMD5":"f152f6875d09d0f6dcb4f0a8a9154d06","hashSHA1":"3ca7406ccbd5354995a27e7e2f392a8e0884cfa5","hashSHA256":"e49560cf8dc047125096251d5f5062f83d7ffa3b85d3c7fee7cc018dfa128a48","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2530","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg.exe","companyName":"TMRG,  Inc.","fileVersion":"1.3","hashMD5":"20d56898d692ea6f5b9282e40b1c2dda","hashSHA1":"30d8c442efb81e61b3fab494f62c0949e423695d","hashSHA256":"d0fe36199bceadcd3b1a2a6980cc3182120abd2875d6d417151729f314d1813f","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2530","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg32.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"c357700dd45a217d337aa08f9f617e5d","hashSHA1":"84d300f23a1c5dbf96b36aea5c9a8cabdfb87743","hashSHA256":"0aa6b7bbf648fd59d395cb0c1ce7c1046ada6e9be5084c70ceb2363539c02a6f","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2530","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rlvknlg64.exe","companyName":"TMRG,  Inc.","fileVersion":"1.0","hashMD5":"0e59a198a35d0ef9ba043b68c993bb22","hashSHA1":"e919c11704c3b7e4b4ae3b11e31d8ad25bda7008","hashSHA256":"445f421d40f7a34b0d65ef988a79f3843cdbedef7d66fd24e737ad2d8a9d2f29","digitalCertThumbprint":"D362EC5A4BE2AAB2A814455AD92B99021DA22C51","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"TMRG, Inc.\", O=\"TMRG, Inc.\", STREET=11950 Democracy Drive, STREET=Suite 600, L=Reston, S=Virginia, PostalCode=20190, C=US","sourceIndex":"2530","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"free-games-download\"","reference":"","landingPage":"https://falcoware.com/PiratesTreasures.php","directDownloadingLink":"http://falcogames.com/rk-distributives/PiratesTreasuresSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"2530"}],"sampleFiles":["200226/PiratesTreasures-200224/1.0/Samples/PiratesTreasuresSetup.exe","200226/PiratesTreasures-200224/1.0/Samples/PiratesTreasures.exe","200226/PiratesTreasures-200224/1.0/Samples/rlservice.exe","200226/PiratesTreasures-200224/1.0/Samples/rlvknlg.exe","200226/PiratesTreasures-200224/1.0/Samples/rlvknlg32.exe","200226/PiratesTreasures-200224/1.0/Samples/rlvknlg64.exe"],"imageFiles":["200226/PiratesTreasures-200224/1.0/Images/ACR-109/Pirate Treasure Bundled Apps.png","200226/PiratesTreasures-200224/1.0/Images/ACR-109/Relevant Knowledge_Accept.png","200226/PiratesTreasures-200224/1.0/Images/ACR-109/Relevant Knowledge_Decline [2].png","200226/PiratesTreasures-200224/1.0/Images/ACR-048/Relevant Knowledge_Decline [1].png","200226/PiratesTreasures-200224/1.0/Images/ACR-048/Relevant Knowledge_Decline [2].png","200226/PiratesTreasures-200224/1.0/Images/ACR-118/Uninstall.png","200226/PiratesTreasures-200224/1.0/Images/ACR-118/Uninstall_remaining files.png"],"nonDeceptorImageFiles":["200226/PiratesTreasures-200224/1.0/Images/ACR-065/Pirate Treasure Installation [1].png","200226/PiratesTreasures-200224/1.0/Images/ACR-065/Pirate Treasure Installation [2].png","200226/PiratesTreasures-200224/1.0/Images/ACR-065/Pirate Treasure Installation [3].png","200226/PiratesTreasures-200224/1.0/Images/ACR-065/Pirate Treasure Installation [4].png","200226/PiratesTreasures-200224/1.0/Images/ACR-065/Pirate Treasure Installation [5].png","200226/PiratesTreasures-200224/1.0/Images/ACR-065/Pirate Treasure Installation [6].png"],"guid":"3f6e67ed-bcc8-4282-96fb-aa8bdde032ae_1.0_1","appID":"PiratesTreasures-200224","dateAdded":"200226","deceptorType":"Bundler","name":"Pirates Treasures ","company":"FalcoWare","version":"1.0","sigName":"Deceptor:Win32/PiratesTreasuresBundle!109048118","lastKnownStatus":"1.0","lastKnownDate":"200226","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","monetization":"none","lastUpdate":"2020-02-27T07:16:55.0896571+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1980},{"violations":{"ACR-004":"The app requests the paid subscription (yearly $24.99)to fix the threats reported during free scan. \n"},"nonDeceptorViolations":{"ACR-161":"The landing page displays unsubstantiated testimonials.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-171":""},"samples":[{"isRevoked":"False","fileName":"Antivirus Cyber Byte Pro","isInstaller":"True","fileVersion":"0.","hashMD5":"4a7058767105bac1c5c7113eba3937ff","hashSHA1":"82a70da08e9304d284dd16c2d4db8220c12a9933","hashSHA256":"4e4e1625e2f4da56c8bb5b5032a490ec810346f68ea71c67cd60efa9a6013f8a","sourceIndex":"1326","avBlockList":["Bitdefender Antivirus for Mac (20200109)","ESET Cyber Security Pro for Mac (20200109)","G DATA AntiVirus for Mac (20200109)","McAfee Internet Security for Mac (20200109)","Norton Security for Mac (20200109)","Trend Micro Antivirus for Mac (20200109)"],"avAllowList":["Avast Security for Mac (20200109)","Avira Security for Mac (20200109)","K7 Antivirus for Mac (20200109)","Kaspersky Internet Security for Mac (20200109)"]}],"additionalFiles":[],"sources":[{"howFound":"DeceptorReport","reference":"111419","landingPage":"https://mac.cyberbyte.org","directDownloadingLink":"https://mac.cyberbyte.org/download/CyberByte.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mac.cyberbyte.org/download/CyberByte.zip","sourceIndex":"1326"}],"sampleFiles":["200218/CyberByteAntivirus-191211/3.7.1/Samples/Antivirus Cyber Byte Pro"],"imageFiles":["200218/CyberByteAntivirus-191211/3.7.1/Images/ACR-004/CyberButeAntivirus 004.gif"],"nonDeceptorImageFiles":["200218/CyberByteAntivirus-191211/3.7.1/Images/ACR-161/CyberButeAntivirus Testimonial.png","200218/CyberByteAntivirus-191211/3.7.1/Images/ACR-099/CyberButeAntivirus Bottom of Landing Page.png","200218/CyberByteAntivirus-191211/3.7.1/Images/ACR-099/CyberButeAntivirus Internal Offers.png","200218/CyberByteAntivirus-191211/3.7.1/Images/ACR-171/Recurring.png"],"guid":"bc1e956f-3461-4250-b600-c2ea2097d257_3.7.1_1","appID":"CyberByteAntivirus-191211","dateAdded":"200218","deceptorType":"MacOS App","name":"CyberByte Antivirus","company":"Cyberyte","version":"3.7.1","sigName":"Deceptor:MacOS/CyberByteAntivirus!004","lastKnownStatus":"3.7.1;3.8.1","lastKnownDate":"200218","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-11-11T21:13:24.1493553+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1983},{"violations":{"ACR-004":"The app requests the paid subscription (yearly $24.99)to fix the threats reported during free scan. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA or the Privacy Policy.\n","ACR-161":"The landing page displays unsubstantiated testimonials.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-171":"The internal offers page does not disclose that the app is a recurring payment.\n"},"samples":[{"isRevoked":"False","fileName":"Antivirus Cyber Byte Pro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"7ac3367bad8f684c94be144098ef3a72218293a87b19f1f82b2e8d95adeae1d6","sourceIndex":"1325","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"DeceptorReport","reference":"111419","landingPage":"https://mac.cyberbyte.org","directDownloadingLink":"https://mac.cyberbyte.org/download/CyberByte.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mac.cyberbyte.org/download/CyberByte.zip","sourceIndex":"1325"}],"sampleFiles":["200218/CyberByteAntivirus-191211/3.8.1/Samples/Antivirus Cyber Byte Pro"],"imageFiles":["200218/CyberByteAntivirus-191211/3.8.1/Images/ACR-004/CyberByte Antivirus 3.8.1 004.gif"],"nonDeceptorImageFiles":["200218/CyberByteAntivirus-191211/3.8.1/Images/ACR-065/CyberByte Antivirus 3.8.1 About.png","200218/CyberByteAntivirus-191211/3.8.1/Images/ACR-161/CyberByte Antivirus 3.8.1 Testimonials.png","200218/CyberByteAntivirus-191211/3.8.1/Images/ACR-099/CyberByte Antivirus 3.8.1 About.png","200218/CyberByteAntivirus-191211/3.8.1/Images/ACR-099/CyberByte Antivirus 3.8.1 Landing Page.png","200218/CyberByteAntivirus-191211/3.8.1/Images/ACR-099/CyberByte Antivirus 3.8.1 Internal Offers.png","200218/CyberByteAntivirus-191211/3.8.1/Images/ACR-171/CyberByte Antivirus 3.8.1 Internal Offers.png"],"guid":"bc1e956f-3461-4250-b600-c2ea2097d257_3.8.1_1","appID":"CyberByteAntivirus-191211","dateAdded":"200218","deceptorType":"MacOS App","name":"CyberByte Antivirus","company":"Cyberyte","version":"3.8.1","sigName":"Deceptor:MacOS/CyberByteAntivirus!004","lastKnownStatus":"3.7.1;3.8.1","lastKnownDate":"200218","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-11-11T21:13:51.2298284+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1982},{"violations":{"ACR-003":"The application uses the Word errors to increase urgency for non-urgent \"issues”, thereby misleading or scaring user to take action.\n","ACR-004":"The app does not offer a fully functional free trial as it only fixes a portion of the \"errors\" for free.\n","ACR-017":"The application fraudulently elevates its consumer trust level by displaying an unverifiable Intel and Microsoft Partner logo.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service.\nThe application's internal offer webpage has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-092":"The application has no signed certificate.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"MaxUtilities.exe","isInstaller":"True","fileVersion":"2013.0","hashMD5":"16a3a6ac024c738d162d8d209c3a2317","hashSHA1":"7e641a1ffe4227869c9b25fd46cb47561ceaca10","hashSHA256":"0e550ac5cb160de766aad52d349e65930d5523fdd3060da34768479e7eb240af","digitalCertThumbprint":"78EFA6B4E9CE41FA68D6D79BCC24A82DBFC915B2","digitalCertIssuer":"CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN","digitalCertIssuedTo":"E=tech@sdzlaser.com, CN=Beijing SaiDaZi Laser Tech Ltd., O=Beijing SaiDaZi Laser Tech Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"2537","avBlockList":["Avast Internet Security (20200224)","AVG Internet Security (20200707)","Avira Internet Security (20200707)","Bitdefender Internet Security (20200707)","COMODO Antivirus (20200707)","Dr.Web Security Space (20200707)","ESET Internet Security (20200707)","G DATA INTERNET SECURITY (20200707)","K7 Total Security (20200707)","Malwarebytes Premium (20200707)","McAfee Total Protection (20200707)","Norton Security (20200707)","Panda Dome (20200707)","Quick Heal Internet Security (20200707)","Sophos Home Premium (20200707)","SpyHunter5 (20200707)","Tencent PC Manager (20200707)","Trend Micro Internet Security (20200707)","VIPRE Advanced Security (20200707)","VirIT eXplorer PRO (20200707)","Webroot SecureAnywhere (20200707)","Windows Defender (20200707)","Kaspersky Internet Security (20200707)","Avast Premium Security (20200707)","Total AV Antivirus Pro (20200707)"],"avAllowList":["360 Total Security (20200707)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com(speed up my computer)","landingPage":"http://www.vsksoft.com/maxutilities/","directDownloadingLink":"http://www.vsksoft.com/software/MaxUtilities.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.vsksoft.com/software/MaxUtilities.exe","sourceIndex":"2537"}],"sampleFiles":["200214/MaxUtilities-171115/2013.0.0.0/Samples/MaxUtilities.exe"],"imageFiles":["200214/MaxUtilities-171115/2013.0.0.0/Images/ACR-003/ACR_003_SOFTWARE.PNG","200214/MaxUtilities-171115/2013.0.0.0/Images/ACR-003/ScanResult.JPG","200214/MaxUtilities-171115/2013.0.0.0/Images/ACR-017/ACR_017_SOFTWARE.PNG","200214/MaxUtilities-171115/2013.0.0.0/Images/ACR-004/MaxUtilitiesScreenshot1.PNG"],"nonDeceptorImageFiles":[],"guid":"5ad11fa9-e9c3-489b-936b-56bd19f8fe9e_2013.0.0.0_1","appID":"MaxUtilities-171115","dateAdded":"200214","deceptorType":"App","name":"Max Utilities","company":"Vsksoft Inc.","version":"2013.0.0.0","sigName":"Deceptor:Win32/MaxUtilities!003017004","lastKnownStatus":"Deceptor:2014,2013.0.0.0","lastKnownDate":"200214","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 8,Windows 10,Windows 7,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-02-14T20:15:31.1128686+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1985},{"violations":{"ACR-003":"The application uses the Word errors to increase urgency for non-urgent \"issues”, thereby misleading or scaring user to take action.\n","ACR-017":"The application fraudulently elevates its consumer trust level by displaying an unverifiable Intel and Microsoft Partner logo.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service.\nThe application's internal offer webpage has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-092":"The application has no signed certificate.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"MaxUtilities.exe","isInstaller":"True","companyName":"","productName":"Max Utilities 1.0","productVersion":"2014","fileVersion":"2014","hashMD5":"411ee73d7ccc4793ccc770377dde0d7a","hashSHA1":"9a5dae37341cae37077410620bb3da9ab17acdb7","hashSHA256":"b22f6bcae01bda9d1cfbea2624de346fceb5200555ac7c6a251a5edebf11a5f8","sourceIndex":"2536","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com(speed up my computer)","landingPage":"http://www.vsksoft.com/maxutilities/","directDownloadingLink":"http://www.vsksoft.com/software/MaxUtilities.exe","ipv4":"","ipv6":"","sourceIndex":"2536"}],"sampleFiles":[],"imageFiles":["200214/MaxUtilities-171115/2014.0.0.0/Images/ACR-003/ACR_003_SOFTWARE.PNG","200214/MaxUtilities-171115/2014.0.0.0/Images/ACR-017/ACR_017_SOFTWARE.PNG"],"nonDeceptorImageFiles":[],"guid":"5ad11fa9-e9c3-489b-936b-56bd19f8fe9e_2014.0.0.0_1","appID":"MaxUtilities-171115","dateAdded":"200214","deceptorType":"App","name":"Max Utilities","company":"Vsksoft Inc.","version":"2014.0.0.0","sigName":"Deceptor:Win32/MaxUtilities!003","lastKnownStatus":"Deceptor:2014,2013.0.0.0","lastKnownDate":"200214","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 8,Windows 10,Windows 7,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-02-14T20:17:43.3017484+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":1984},{"violations":{"ACR-010":"Almost every download link is redirected to https://driverfixersoftware.com/, which is a deceptive website.\n","ACR-155":"Interstitial offers are inserted into the user's workflow, which tricks the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.submission","reference":"","landingPage":"https://www.torrentmac.net/","ipv4":"","ipv6":"","sourceIndex":"2541"}],"sampleFiles":[],"imageFiles":["200212/TorrentMac-200129/200129/Images/ACR-155/TorrentMac 155.gif"],"nonDeceptorImageFiles":[],"guid":"0528855a-0c44-4794-b575-b3a8980a7f12_200129_1","appID":"TorrentMac-200129","dateAdded":"200212","deceptorType":"Download Site","name":"Mac Torrent","company":"MacTorrents","version":"200129","sigName":"Deceptor:Affiliate/MacTorrent_Net","lastKnownStatus":"200212","lastKnownDate":"200212","type":"Download Site","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-02-12T22:41:27.9374521+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1986},{"violations":{"ACR-004":"1)The app should avoid raising \"Urgency/Priority/Color Graphic\" for the identified issues. \n2)App uses alarming color to differentiate the priority and urgency.\n3) App requires service subscription term payment for the issues identified during free scan\n","ACR-010":"The offered app “TweakBit PCBooster” contains deceptive behavior. The carrier app needs to make sure that the offered app doesn’t have any deceptive behavior.\n","ACR-071":"App offers the app \"FileRecovery\" for free, but with no way for the consumer to decline.\n"},"nonDeceptorViolations":{"ACR-163":"The app displays a support call center phone number, but does not provide other interactive option to the consumer.\n","ACR-160":"The app vendor needs to use certified call center for certified app or self certify own call center by following call center requirement. https://customer.appesteem.com/Home/CallCenters.\n","ACR-171":"The additional offer is presented to the consumer as \"Opt-In\" by default instead of \"Opt-Out\".\n","ACR-168":"The app displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n","ACR-014":"App presents the non-substantiated claims that misleads user its value.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Resovled Deceptor re-review","reference":"","landingPage":"https://www.tweakbit.com/driver-updater/","directDownloadingLink":"http://www.tweakbit.com/driver-updater/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/driver-updater/download/","sourceIndex":"2882"}],"sampleFiles":[],"imageFiles":["190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-010/TweakBitDriverUpdater ACR_010 InternalOffers.png","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-004/ACR-004_Software_Exaggeration1.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-004/ACR-004_Software_Exaggeration2.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-004/DriverUpdater_004.PNG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-071/ACR_071 no decline.png"],"nonDeceptorImageFiles":["190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-014/ACR-014_Landingpage_Exaggeration1.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-014/ACR-014_Landingpage_Need_To_Update_Screenshot.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-163/ACR-163_Landingpage_No_Non-Interactive_Option_Available1.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-160/ACR-160_Software_Not_a_Certified_Call_Center.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-168/ACR-168_Landingpage_No_Non-Interactive_Option_Available1.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-165/ACR-165_Landingpage_Lifetime_Free.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.3/Images/ACR-171/ACR-171_Landingpage_Opt-In_By_Default.JPG"],"guid":"94630347-23b0-40f4-885c-05514d737946_2.0.1.3_1","appID":"TweakBitDriverUpdater-181220","dateAdded":"200207","deceptorType":"App","name":"TweakBitDriverUpdater","company":"Tweakbit Pty Ltd","version":"2.0.1.3","firstVendorContactDate":"200212","firstAppEsteemReplyDate":"200218","firstResolvedDate":"200313","firstResolvedVersion":"2.2.4.54043","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.1.2,2.0.1.3, 2.0.1.8,2.2.1.53406","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-03-13T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1990},{"violations":{"ACR-004":"1)The app should avoid raising \"Urgency/Priority/Color Graphic\" for the identified issues. \n2)App uses alarming color to differentiate the priority and urgency.\n3) App requires service subscription term payment for the issues identified during free scan\n","ACR-010":"The offered app “TweakBit PCBooster” contains deceptive behavior. The carrier app needs to make sure that the offered app doesn’t have any deceptive behavior.\n","ACR-071":"App offers the app \"FileRecovery\" for free, but with no way for the consumer to decline.\n"},"nonDeceptorViolations":{"ACR-163":"The app displays a support call center phone number, but does not provide other interactive option to the consumer.\n","ACR-160":"The app vendor needs to use certified call center for certified app or self certify own call center by following call center requirement. https://customer.appesteem.com/Home/CallCenters.\n","ACR-171":"The additional offer is presented to the consumer as \"Opt-In\" by default instead of \"Opt-Out\".\n","ACR-168":"The app displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n","ACR-014":"App presents the non-substantiated claims that misleads user its value.\n"},"samples":[{"isRevoked":"False","fileName":"driver-updater-setup_sidf4dpivipst.exe","isInstaller":"True","companyName":"TweakBit","productName":"Driver Updater","productVersion":"2.x","fileVersion":"2.0.1.2","hashMD5":"5cfc7d7ccd994bb87ef73d9a0eb8d42f","hashSHA1":"ef85347e67fda184d4a8a5bf29eb01c0798c6851","hashSHA256":"3f2f693480853c58ba4959e858574c492d4ebca7366a0f08e268c5c789279607","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"2881","avBlockList":["Avast Internet Security (20190121)","AVG Internet Security (20190121)","Avira Internet Security (20190121)","ESET Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","K7 Total Security (20190121)","Kaspersky Internet Security (20190121)","Malwarebytes Premium (20190121)","McAfee Total Protection (20190121)","Panda Dome (20190121)","Sophos Home Premium (20190121)","Webroot SecureAnywhere (20190121)"],"avAllowList":["Bitdefender Internet Security (20190121)","Norton Security (20190121)","Trend Micro Internet Security (20190121)","VirIT eXplorer PRO (20190121)","Windows Defender (20190121)"]}],"additionalFiles":[],"sources":[{"howFound":"Resovled Deceptor re-review","reference":"","landingPage":"https://www.tweakbit.com/driver-updater/","directDownloadingLink":"http://www.tweakbit.com/driver-updater/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/driver-updater/download/","sourceIndex":"2881"}],"sampleFiles":["190821/TweakBitDriverUpdater-181220/2.0.1.2/Samples/driver-updater-setup_sidf4dpivipst.exe"],"imageFiles":["190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-010/ACR-010_Internaloffers_Offers_Deceptor_App.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-004/ACR-004_Software_Exaggeration1.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-004/ACR-004_Software_Exaggeration2.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-004/DriverUpdater_004.PNG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-071/ACR_071 no decline.png"],"nonDeceptorImageFiles":["190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-014/ACR-014_Landingpage_Exaggeration1.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-014/ACR-014_Landingpage_Need_To_Update_Screenshot.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-163/ACR-163_Landingpage_No_Non-Interactive_Option_Available1.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-160/ACR-160_Software_Not_a_Certified_Call_Center.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-168/ACR-168_Landingpage_No_Non-Interactive_Option_Available1.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-165/ACR-165_Landingpage_Lifetime_Free.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.2/Images/ACR-171/ACR-171_Landingpage_Opt-In_By_Default.JPG"],"guid":"94630347-23b0-40f4-885c-05514d737946_2.0.1.2_1","appID":"TweakBitDriverUpdater-181220","dateAdded":"200207","deceptorType":"App","name":"TweakBitDriverUpdater","company":"Tweakbit Pty Ltd","version":"2.0.1.2","sigName":"Deceptor:Win32/TweakBitDriverUpdater!004010","firstVendorContactDate":"200212","firstAppEsteemReplyDate":"200218","firstResolvedDate":"200313","firstResolvedVersion":"2.2.4.54043","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.1.2,2.0.1.3, 2.0.1.8,2.2.1.53406","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-03-13T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1989},{"violations":{"ACR-048":"Close button will make the app minimize to system tray. App doesn't have an option to turn this off in settings or show notification that app is still running in background.\n","ACR-004":"The app doesn't display its scan result after scan completes in overview. Instead it shows the scan results when user move mouse over the app icon in systray. To fix them, app asks subscription service payment (annual payment) to fix them without providing the approach for user to verify its service, like free trial to verify its service or just one time fix payment.\n","ACR-071":"App offers the app \"FileRecovery\" for free, (it is not clear it is life time free or term based free), there is no option for the consumer to decline this unclear free offer\n"},"nonDeceptorViolations":{"ACR-088":"The app performs scan without consumer consent\n","ACR-035":"The app needs to disclose app's name to the consumer during installation.\n","ACR-168":"The app displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer\n"},"samples":[{"isRevoked":"False","fileName":"driver-updater-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit Driver Updater                                     ","productVersion":"2.0.1.8                                           ","fileVersion":"2.x                 ","hashMD5":"0464c2346857b62b0d858be3fe263c08","hashSHA1":"a10b4dbf36b2cab5d56f79c8cd9f02bfb782f3a0","hashSHA256":"04c9e9a7cadf0075c335f2b367f704d8ed094ae03399c820290753a88529f5e4","digitalCertThumbprint":"EAEAA52A54FDF3D05D1323937BB07CFFE3480955","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"2875","avBlockList":["Avast Internet Security (20200217)","AVG Internet Security (20200309)","Avira Internet Security (20200309)","Bitdefender Internet Security (20200309)","COMODO Antivirus (20200309)","Dr.Web Security Space (20200309)","ESET Internet Security (20200309)","G DATA INTERNET SECURITY (20200309)","K7 Total Security (20200309)","Malwarebytes Premium (20200309)","McAfee Total Protection (20200309)","Norton Security (20200309)","Panda Dome (20200309)","Quick Heal Internet Security (20200309)","Sophos Home Premium (20200309)","SpyHunter5 (20200309)","Tencent PC Manager (20200309)","VIPRE Advanced Security (20200309)","VirIT eXplorer PRO (20200309)","Webroot SecureAnywhere (20200309)","Windows Defender (20200309)","Kaspersky Internet Security (20200309)","Avast Premium Security (20200309)"],"avAllowList":["360 Total Security (20200309)","Trend Micro Internet Security (20200309)"]}],"additionalFiles":[],"sources":[{"howFound":"Resovled Deceptor re-review","reference":"","landingPage":"https://www.tweakbit.com/driver-updater/","directDownloadingLink":"http://www.tweakbit.com/driver-updater/download1/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/driver-updater/download1/","sourceIndex":"2875"}],"sampleFiles":["190821/TweakBitDriverUpdater-181220/2.0.1.8/Samples/driver-updater-setup.exe"],"imageFiles":["190821/TweakBitDriverUpdater-181220/2.0.1.8/Images/ACR-048/ACR-048_Software_ExitMinimizesToTray.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.8/Images/ACR-004/ACR-004_Software_NeedsToAvoidMonthlySubscription.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.8/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.8/Images/ACR-071/ACR-071_InternalOffers_NoDeclineOption.JPG"],"nonDeceptorImageFiles":["190821/TweakBitDriverUpdater-181220/2.0.1.8/Images/ACR-088/ACR-088_Software_AutoScanPostInstall.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.8/Images/ACR-168/ACR-168_LandingPage_NoDisclosureAboutAdditionalOffers.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.8/Images/ACR-035/ACR-035_Docs_NoAppName.JPG","190821/TweakBitDriverUpdater-181220/2.0.1.8/Images/ACR-165/ACR-165_LandingPage_NoTiemBoundDiscounts.JPG"],"guid":"94630347-23b0-40f4-885c-05514d737946_2.0.1.8_1","appID":"TweakBitDriverUpdater-181220","dateAdded":"200207","deceptorType":"App","name":"TweakBitDriverUpdater","company":"Tweakbit Pty Ltd","version":"2.0.1.8","sigName":"Deceptor:Win32/TweakBitDriverUpdater!004048071","firstVendorContactDate":"200212","firstAppEsteemReplyDate":"200218","firstResolvedDate":"200313","firstResolvedVersion":"2.2.4.54043","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.1.2,2.0.1.3, 2.0.1.8,2.2.1.53406","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-03-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1988},{"violations":{"ACR-003":"The app exaggerates the driver status and the uses bars and gauges to mislead the consumer.\n","ACR-006":"The app does not disclose additional offers will be made on the phone number provided on the activation screen. The call center is not clearly attributed.\n","ACR-168":"The app displays a phone number without disclosing that additional offers may be made.\n","ACR-014":"The app refers to outdated drivers as \"obsolete\", which misleads the consumer.\n"},"nonDeceptorViolations":{"ACR-007":"The landing page misleads the consumer about the app's source with the use of a Microsoft Windows logo along with the words \"Download Certified for Windows®\".\n","ACR-168":"The landing page displays a phone number without disclosing that additional offers may be made.\n","ACR-014":"The landing page displays outdated images of the app, which confuses the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"DriverUpdater.exe","companyName":"TweakBit","fileVersion":"2.2","hashMD5":"cf21026547e58deaa363385a0e2c9557","hashSHA1":"4cf6bac2e455239082a29fe46319922ebc1fb87d","hashSHA256":"61de6a62a51c65d4600c72e5a841198af1ff0a480ee4dc16a0d6417f9bcc7dd9","digitalCertThumbprint":"97A7DFBB0071B9A0758DCF6C52E90BD0951E35D7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, STREET=\"Suite 301, Level 3, 77 King Street\", L=Sydney, S=New South Wales, PostalCode=2000, C=AU","sourceIndex":"2524","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driver-updater-setup.exe","isInstaller":"True","companyName":"TweakBit","fileVersion":"2.2","hashMD5":"9cde4a00b6b67850e79c40a61d9e0574","hashSHA1":"a0a05273d69ceae495177e63b841ac667e716bb8","hashSHA256":"b0bca52e7f362a3e0aa8602a55f9d7c607f35290244b2c207fa44d47e8253928","digitalCertThumbprint":"CF865D6FACD8C1754AAB2C0D9716B6EC318E1A84","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU, SERIALNUMBER=624 255 956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"2524","avBlockList":["360 Total Security (20200309)","Avast Internet Security (20200217)","AVG Internet Security (20200309)","Bitdefender Internet Security (20200309)","COMODO Antivirus (20200309)","Dr.Web Security Space (20200309)","ESET Internet Security (20200309)","G DATA INTERNET SECURITY (20200309)","Malwarebytes Premium (20200309)","Panda Dome (20200309)","Quick Heal Internet Security (20200309)","Sophos Home Premium (20200309)","SpyHunter5 (20200309)","Tencent PC Manager (20200309)","VIPRE Advanced Security (20200309)","VirIT eXplorer PRO (20200309)","Webroot SecureAnywhere (20200309)","Windows Defender (20200309)","Avira Internet Security (20200309)","K7 Total Security (20200309)","Kaspersky Internet Security (20200309)","McAfee Total Protection (20200309)","Avast Premium Security (20200309)"],"avAllowList":["Norton Security (20200309)","Trend Micro Internet Security (20200309)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.tweakbit.com/driver-updater/","directDownloadingLink":"http://www.tweakbit.com/driver-updater/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/driver-updater/download/","sourceIndex":"2524"},{"howFound":"Ad Click","reference":"https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwj_lvLroa7nAhVLvcAKHbdLD0kYABACGgJpbQ&ohost=www.google.com&cid=CAASE-RoYb0SefW9_yzrT_ThCVsshaI&sig=AOD64_1FVd4rF2jGIgJEy45n6-OyPMgrjQ&rct=j&q=&ved=2ahUKEwiorOrroa7nAhUPVa0KHXL7BY0Q0Qx6BAgREAE&adurl=","landingPage":"https://www.tweakbit.com/land/driver-updater/support?build=ppc&gclid=EAIaIQobChMI_5by66Gu5wIVS73ACh23Sw9JEAMYAiAAEgIu9fD_BwE","directDownloadingLink":"https://tweakbit.com/driver-updater/download1?_sid=Gw5A8zVXpy&_auid=AU1.1.2sb7zl.c10cd88160e30","ipv4":"","ipv6":"","sourceIndex":"2525"}],"sampleFiles":["200207/TweakBitDriverUpdater-181220/2.2.1.53406/Samples/DriverUpdater.exe","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Samples/driver-updater-setup.exe"],"imageFiles":["200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-003/TweakBit Driver Updater Obsolete Words.png","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-003/TweakBit Driver Updater Gauge.png","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-014/TweakBit Driver Updater Obsolete Words.png","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-168/TweakBit Driver Updater Phone Number.png","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-006/TweakBit Driver Updater Phone Number.png"],"nonDeceptorImageFiles":["200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-007/TweakBit Driver Updater Landing Page.png","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-014/TweakBit Driver Updater Bad Pictures.png","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-014/TweakBit Driver Updater Bad Pictures 2.png","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-168/TweakBit Driver Updater Landing Page.png","200207/TweakBitDriverUpdater-181220/2.2.1.53406/Images/ACR-006/TweakBit Driver Updater Landing Page.png"],"guid":"94630347-23b0-40f4-885c-05514d737946_2.2.1.53406_1","appID":"TweakBitDriverUpdater-181220","dateAdded":"200207","deceptorType":"App","name":"TweakBitDriverUpdater","company":"Tweakbit Pty Ltd","version":"2.2.1.53406","firstVendorContactDate":"200212","firstAppEsteemReplyDate":"200218","firstResolvedDate":"200313","firstResolvedVersion":"2.2.4.54043","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.1.2,2.0.1.3, 2.0.1.8,2.2.1.53406","lastKnownDate":"200207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-03-13T22:19:25.5328049+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":1987},{"violations":{"ACR-048":"The app calls itself \"guard\", which limits the consumer's ability to detect and uninstall the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and gives the consumer an option to hide it from the home screen.\n","ACR-084":"The app calls itself \"guard\", which hides its presence from the targeted consumer.\n","ACR-086":"The app does not show the targeted consumer how it uses their data.\n","ACR-097":"The app recommends users to disable \"Play Protect\" before installing.\n"},"nonDeceptorViolations":{"ACR-038":"The app calls itself \"guard\", which has no relation to the app name.\n","ACR-065":"The install does not display links to the EULA.\nThe app does not display links to the EULA.\nThe landing page does not display links to the EULA.\n","ACR-002":"The app calls itself \"NeoSpy\" on the landing page but later calls itself \"guard\".\n","ACR-161":"The landing page provides unsubstantiated testimonials.\n"},"samples":[{"isRevoked":"False","fileName":"neospy.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"4ef524d63eeea72d06dff070b9158f89","hashSHA1":"cc042873b1c3d76bffe0bf430669ca375c33d735","hashSHA256":"fdb3c91e2573ba4fa05678eaddad1e56592a9675a6dde1cad5229c5d284fe013","sourceIndex":"2577","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://neospy.net/","directDownloadingLink":"https://www.sendspace.com/pro/dl/zh81lg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.sendspace.com/pro/dl/zh81lg","sourceIndex":"2577"}],"sampleFiles":["200123/NeoSpyMobile-200122/2.023/Samples/neospy.apk"],"imageFiles":["200123/NeoSpyMobile-200122/2.023/Images/ACR-048/NeoSpyMobile About.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-007/NeoSpyMobile Hidden.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-084/NeoSpyMobile About.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-084/NeoSpyMobile Different Name.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-086/NeoSpyMobile About.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-086/NeoSpyMobile Hidden.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-097/NeoSpyMobile Play Protect.png"],"nonDeceptorImageFiles":["200123/NeoSpyMobile-200122/2.023/Images/ACR-038/NeoSpyMobile Install.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-065/NeoSpyMobile Install.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-065/NeoSpyMobile About.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-065/NeoSpy Landing Page.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-002/NeoSpyMobile Install.png","200123/NeoSpyMobile-200122/2.023/Images/ACR-161/NeoSpy Testimonials.png"],"guid":"cff0f4a7-a383-47e7-8893-b8aff0de17f4_2.023_1","appID":"NeoSpyMobile-200122","dateAdded":"200123","deceptorType":"Android App","name":"NeoSpy Mobile","company":"NeoSpy","version":"2.023","sigName":"Deceptor:Android/NeoSpyMobileStalkerware!048007084086097","lastKnownStatus":"2.023","lastKnownDate":"200123","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-01-23T19:16:07.9082981+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1991},{"violations":{"ACR-071":"The install offers 6 apps at the same time.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA.\nThe bundler-made offer does not display links to the EULA.\n","ACR-082":"Some of the games are labeled as cracked games, which violates applicable laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe Bundler-made offers do not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"部落与弯刀破解版@58_63401.exe","isInstaller":"True","fileVersion":"4.0","hashMD5":"3ebb19dc6921bf12dbb5a5df0453f721","hashSHA1":"07fc4e9db01da0184d8d3a0b024978dad6d78ad3","hashSHA256":"418bb7b823e4bfea009f09ace0ab6e7be96123e902aea8457db2af8299d8d303","digitalCertThumbprint":"A083189ED45A498F463B3604DE7CB57BA1E33D6E","digitalCertIssuer":"CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Anhui Shabake Network Technology Co., Ltd.\", OU=运营, O=\"Anhui Shabake Network Technology Co., Ltd.\", L=Ma'anshan, S=Anhui, C=CN","sourceIndex":"383","avBlockList":["Avast Internet Security (20200210)","AVG Internet Security (20200210)","Avira Internet Security (20200210)","Bitdefender Internet Security (20200210)","COMODO Antivirus (20200210)","Dr.Web Security Space (20200210)","ESET Internet Security (20200210)","G DATA INTERNET SECURITY (20200210)","K7 Total Security (20200210)","Kaspersky Internet Security (20200210)","Malwarebytes Premium (20200210)","McAfee Total Protection (20200210)","Norton Security (20200210)","Panda Dome (20200210)","Quick Heal Internet Security (20200210)","Sophos Home Premium (20200210)","Tencent PC Manager (20200210)","Trend Micro Internet Security (20200210)","VIPRE Advanced Security (20200210)","VirIT eXplorer PRO (20200210)","Webroot SecureAnywhere (20200210)","SpyHunter5 (20200210)"],"avAllowList":["360 Total Security (20200210)","Windows Defender (20200210)"]},{"isRevoked":"False","fileName":"WYGM.exe","companyName":"游创网络","fileVersion":"5.7","hashMD5":"9a64d7db0c5d5f26bb2514e7c01c7fb1","hashSHA1":"5be79adf0e360c5367ca14fa6d382493b8bc809e","hashSHA256":"61453eccb883fad288e4367ac9bd51932898125279a588f16832e1bf5d03f8d7","digitalCertThumbprint":"AD8638C1814D21E759F18B97E9BC032E91596BBC","digitalCertIssuer":"CN=WoTrus Code Signing CA, O=WoTrus CA Limited, C=CN","digitalCertIssuedTo":"E=youchuang@163.com, CN=上海游创网络科技有限公司, S=上海市, L=上海市, O=上海游创网络科技有限公司, C=CN","sourceIndex":"383","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Blur Research","reference":"","landingPage":"https://www.wanyx.com/game/63401.html","directDownloadingLink":"http://35216.url.7wkw.com/xiaz/部落与弯刀破解版@58_63401.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://35216.url.7wkw.com/xiaz/部落与弯刀破解版@58_63401.exe","sourceIndex":"383"}],"sampleFiles":["200107/WanyxGameLauncher-200106/4.0.0.1226/Samples/部落与弯刀破解版@58_63401.exe","200107/WanyxGameLauncher-200106/4.0.0.1226/Samples/WYGM.exe"],"imageFiles":["200107/WanyxGameLauncher-200106/4.0.0.1226/Images/ACR-071/Wanyx Game Launcher Offer.png"],"nonDeceptorImageFiles":["200107/WanyxGameLauncher-200106/4.0.0.1226/Images/ACR-065/Wanyx Game Launcher ABout.png","200107/WanyxGameLauncher-200106/4.0.0.1226/Images/ACR-065/Wanyx Game Launcher Offer.png","200107/WanyxGameLauncher-200106/4.0.0.1226/Images/ACR-082/Wanyx Game Launcher Game.png","200107/WanyxGameLauncher-200106/4.0.0.1226/Images/ACR-099/Wanyx Game Launcher ABout.png","200107/WanyxGameLauncher-200106/4.0.0.1226/Images/ACR-099/Wanyx Game Launcher Landing Page.png","200107/WanyxGameLauncher-200106/4.0.0.1226/Images/ACR-099/Wanyx Game Launcher Offer.png"],"guid":"5bcd4024-95ea-4bae-8dfb-ffab93df2adc_4.0.0.1226_1","appID":"WanyxGameLauncher-200106","dateAdded":"200107","deceptorType":"App","name":"Wanyx Game Launcher","company":"www.wanyx.com","version":"4.0.0.1226","sigName":"Deceptor:Win32/WanyxGameLauncher!071","lastKnownStatus":"4.0.0.1226","lastKnownDate":"241107","type":"Windows Executable","category":"Games","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,up-sell to paid","lastUpdate":"2024-11-07T20:37:23.9639414+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1992},{"violations":{"ACR-059":"The bundler does not clearly label offers.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Easy WiFi-4.0.110_0589596273.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0d4ab8aef250a00ef60d3b426ebdd48b","hashSHA1":"58c5d03fa4d8eed83ef35e3ab2be9f791a66d0a5","hashSHA256":"90a606651ce88c932d78a7221133f7a6d5d860fc22b638f9c89c5eacc0dd9799","digitalCertThumbprint":"3A0A074486E81BBF7B46CD80ED09CA2A7EF2BCCF","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Parsec Media S.L., OU=IT, O=Parsec Media S.L., L=Sant Cugat del Vallès, S=Barcelona, C=ES","sourceIndex":"1120","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"blur.live customer","reference":"","landingPage":"http://rockybytes.com/","ipv4":"","ipv6":"","sourceIndex":"1120"}],"sampleFiles":["200107/ParsecMediaBundler-200106/200106/Samples/Easy WiFi-4.0.110_0589596273.exe"],"imageFiles":["200107/ParsecMediaBundler-200106/200106/Images/ACR-059/Parsec Media Bundler Offer.png"],"nonDeceptorImageFiles":[],"guid":"1b6b112d-1711-4cc1-8cba-d0bebd7bfcef_200106_1","appID":"ParsecMediaBundler-200106","dateAdded":"200107","deceptorType":"Bundler","name":"Parsec Media Bundler","company":"Parsec Media SL","version":"200106","sigName":"Deceptor:Win32/ParsecMediaBundler!059","firstResolvedDate":"230504","firstResolvedVersion":"230504","resolved":"TRUE","lastKnownStatus":"200106","lastKnownDate":"200107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2023-05-04T20:19:42.8584129+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1993},{"violations":{"ACR-059":"The app does not clearly label offers.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MP3Rocket_Setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"d1942deaf4dbbaed954cc3b030adb006","hashSHA1":"ab9d078df84146f7e52955b3ac6ae459d676d3ea","hashSHA256":"1545328017327d3321499735cf4eaf846c3b1652160aef3d1697c528779df14c","digitalCertThumbprint":"9816A851844C09E3A818ECC55A14291608F8FC9F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MP3 TechSupport LLC, O=MP3 TechSupport LLC, L=Lehi, S=Utah, C=US","sourceIndex":"384","avBlockList":["360 Total Security (20200210)","Avira Internet Security (20200210)","Bitdefender Internet Security (20200210)","COMODO Antivirus (20200210)","Dr.Web Security Space (20200210)","ESET Internet Security (20200210)","G DATA INTERNET SECURITY (20200210)","K7 Total Security (20200210)","Kaspersky Internet Security (20200210)","Malwarebytes Premium (20200210)","McAfee Total Protection (20200210)","Norton Security (20200210)","Panda Dome (20200210)","Quick Heal Internet Security (20200210)","Sophos Home Premium (20200210)","Tencent PC Manager (20200210)","VIPRE Advanced Security (20200210)","VirIT eXplorer PRO (20200210)","Webroot SecureAnywhere (20200210)","Windows Defender (20200210)","SpyHunter5 (20200210)"],"avAllowList":["Avast Internet Security (20200210)","AVG Internet Security (20200210)","Trend Micro Internet Security (20200210)"]}],"additionalFiles":[],"sources":[{"howFound":"blur.live customer","reference":"","landingPage":"https://mp3rocket.vip/windows/","directDownloadingLink":"https://www.dropbox.com/speedbump/dl/jdjhky113a2w73v/?content_link=https%3A%2F%2Fuc9a147c979ad1722ef593349e76.dl.dropboxusercontent.com%2Fcd%2F0%2Fget%2FAvZSP-xn9sVsMLmZgEiGdstbpz75J3zJLZVrbh461nnWnzNTGIcnCNhmYGb_3m-IfcA4cZhcLveqp_9xTzoPoGC661lQrFJsndsKdzVb_1I_C0JTVWI4HDPMg0a6jtnVBkE%2Ffile%3Fdl%3D1%23&hmac=AFLC_kOyPV-ihTptuczD7RGzTPChJlnG5g91Zr-DdryRNg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dropbox.com/speedbump/dl/jdjhky113a2w73v/?content_link=https%3A%2F%2Fuc9a147c979ad1722ef593349e76.dl.dropboxusercontent.com%2Fcd%2F0%2Fget%2FAvZSP-xn9sVsMLmZgEiGdstbpz75J3zJLZVrbh461nnWnzNTGIcnCNhmYGb_3m-IfcA4cZhcLveqp_9xTzoPoGC661lQrFJsndsKdzVb_1I_C0JTVWI4HDPMg0a6jtnVBkE%2Ffile%3Fdl%3D1%23&hmac=AFLC_kOyPV-ihTptuczD7RGzTPChJlnG5g91Zr-DdryRNg","sourceIndex":"384"}],"sampleFiles":["200107/MP3Rocket-200102/4.0.8/Samples/MP3Rocket_Setup.exe"],"imageFiles":["200107/MP3Rocket-200102/4.0.8/Images/ACR-059/MP3 Rocket Offer.png"],"nonDeceptorImageFiles":[],"guid":"7b81a14b-43dc-40df-8727-407bdc828f8e_4.0.8_1","appID":"MP3Rocket-200102","dateAdded":"200107","deceptorType":"App","name":"MP3 Rocket","company":"MP3 TechSupport LLC","version":"4.0.8","sigName":"Deceptor:Win32/MP3Rocket!059","lastKnownStatus":"4.0.8","lastKnownDate":"241107","type":"Windows Executable","category":"Media players","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"none","lastUpdate":"2024-11-07T20:32:09.4944046+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1994},{"violations":{"ACR-048":"Unable to cancel the installation.\n","ACR-003":"The app reports identified items as problems and portrays the importance as \"Your PC Health\" is Bad/MEDIUM system impact issue, thereby misleading or scaring the consumer to take action\n","ACR-004":"1. App uses exclamation symbol, alarming red colour and represents the identified issues as \"Bad/Medium/Good\" to differentiate the priority and urgency.  2. The app does not provide a free fix for the identified issues, as it provides only “Free Scan”. 3. For Registry defrag it is not sure whether the free fix is available or not.\n","ACR-006":"App does not disclose the monetization approach through the call center.\n","ACR-084":"On closing the app, it silently runs in the system tray and does not provide an option in the app's settings to close the app completely.\n","ACR-168":"The offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n","ACR-014":"1. The app uses the exaggerated word \"problem\" to report the identified issues in the software. 2. App misleads user that junk, registry and optimization, items can have high impact on system performance. This is not substantiated claim.\n"},"nonDeceptorViolations":{"ACR-038":"The app does not disclose Original filename, Company name, Product name for the following executables: \"AddAffiliateToRegistry.exe\", \"DefinitionsCategory.dll\", \"CategoryFactory.dll\", \"CPCTuneUp.exe\", \"CPluginService.exe\", \"CPluginServicePS.dll\", \"feedback.dll\", \"ForceDelete.dll\", \"Plugin.dll\", \"AutorunsScannerPlugin.dll\", \"cloud.dll\", \"compmgr.dll\", \"cross_platform.dll\", \"fast.dll\", \"framework.dll\", \"net.dll\", \"signmgr.dll\", \"util.dll\", \"DiskScannerPlugin.dll\", \"EventsScannerPlugin.dll\", \"MalwareScannerPlugin.dll\", \"RegistryScannerPlugin.dll\", \"RegistrySettingsScannerPlugin.dll\", \"RegistryDefrag.dll\", \"cptsetup_3971.exe\".\n","ACR-065":"The app does not disclose EULA & Privacy Policy in the app's about page.\nThe app does not disclose EULA & Privacy Policy in the landing page.\n","ACR-002":"The app does not have an identical name across all points of consumer interaction.\n","ACR-088":"The app performs an post-installation auto scan without any disclosure.\n","ACR-092":"The app does not include digital signature for some of the executables. E.g. “AddAffiliateToRegistry.exe\", \"feedback.dll\", \"ForceDelete.dll\", \"cloud.dll\", \"compmgr.dll\", \"cross_platform.dll\",\"fast.dll\",\"framework.dll\", \"net.dll\", \"signmgr.dll\", \"util.dll\".\n","ACR-160":"The app vendor does not use a \"Certified\" call center.\n","ACR-099":"No uninstall information in the app's about page.\nNo uninstall information in the landing page.\n","ACR-167":"The app does not disclose Return Policy.\n","ACR-064":"The download starts automatically without the consumer action, which is not clearly labelled download button.\n","ACR-068":"The app offers needs to be clear and understandable to the consumer.\n","ACR-171":"The app does not disclose recurring payment details in the internal offers page or in the cart page, which redirects from the software\n","ACR-017":"Unable to verify the user reviews.\n","ACR-014":"The app uses the exaggerated word \"problem\", \"error\", \"bad\" and \"very bad\" in the landing page.  2. App shows outdated screenshots in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\COMODO\\PC TuneUP\\CPCTuneUp.exe","companyName":"Comodo Security Solutions Inc.","productVersion":"1. 0. 0. 1","fileVersion":"1. 0. 0. 1","hashMD5":"f5f0d621dbbb1446fd33d21c75ce3a1b","hashSHA1":"87568e43088ada8da1be237d17a652bc69ca99b3","hashSHA256":"0933ec624c5c42b4346abb7a6a9e26f2e2b0ab380d051be58131884831a62b67","digitalCertThumbprint":"E83EBEE4D57E514A34DC5E9F03C9FDA9FB30AAD5","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Comodo Security Solutions","sourceIndex":"2581","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cptsetup_3971.exe","isInstaller":"True","companyName":"Comodo Security Solutions Inc.","productVersion":"1.0 build 46","fileVersion":"1.0 build 46","hashMD5":"ca2dc1defffb7af38860065a9153e9a6","hashSHA1":"e3e3d14489311b5d83f7d95d5372d18ad04f7dba","hashSHA256":"c3200832ead1316edc05c9d267cb0b7f744cbd289b7001d277361711e03aa573","digitalCertThumbprint":"E83EBEE4D57E514A34DC5E9F03C9FDA9FB30AAD5","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Comodo Security Solutions","sourceIndex":"2581","avBlockList":["Avast Internet Security (20200203)","AVG Internet Security (20200203)","Avira Internet Security (20200203)","Bitdefender Internet Security (20200203)","Dr.Web Security Space (20200203)","ESET Internet Security (20200203)","G DATA INTERNET SECURITY (20200203)","K7 Total Security (20200203)","Kaspersky Internet Security (20200203)","Sophos Home Premium (20200203)","VIPRE Advanced Security (20200203)","VirIT eXplorer PRO (20200203)","Windows Defender (20200203)","SpyHunter5 (20200203)"],"avAllowList":["360 Total Security (20200203)","COMODO Antivirus (20200203)","Malwarebytes Premium (20200203)","McAfee Total Protection (20200203)","Norton Security (20200203)","Panda Dome (20200203)","Quick Heal Internet Security (20200203)","Tencent PC Manager (20200203)","Trend Micro Internet Security (20200203)","Webroot SecureAnywhere (20200203)"]}],"additionalFiles":[],"sources":[{"howFound":"Google search Allintext: \"Fix PC Issues\"","reference":"","landingPage":"https://www.comodo.com/email/pctuneup/index.php","directDownloadingLink":"http://download.comodo.com/cpt/download/setups/cptsetup_3971.exe#_ga=2.193461293.1676076067.1577063324-1126106279.1577063324","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.comodo.com/cpt/download/setups/cptsetup_3971.exe#_ga=2.193461293.1676076067.1577063324-1126106279.1577063324","sourceIndex":"2581"}],"sampleFiles":["191229/PCTuneUp-191222/1.0.46/Samples/cptsetup_3971.exe"],"imageFiles":["191229/PCTuneUp-191222/1.0.46/Images/ACR-048/ACR-048_Install_UnableToCancelTheInstallation.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-004/ACR-004_Software_CreatesUrgency.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-004/ACR-004_Software_CreatesUrgency1.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-004/ACR-004_Software_CreatesUrgency2.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-004/ACR-004_Software_NoFreeFix.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-004/ACR-004_Software_NotSureWhetherFreeFixIsAvailable.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-084/ACR-084_Software_RunsInBackground.mp4","191229/PCTuneUp-191222/1.0.46/Images/ACR-003/ACR-003_Software_SystemHealth.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-014/ACR-014_Software_ExaggeratedWords.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-014/ACR-014_Software_ExaggeratedWords1.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-014/ACR-014_Software_ExaggeratedWords2.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-014/ACR-014_Software_ExaggeratedWords3.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-014/ACR-014_Software_ExaggeratedWords4.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-168/ACR-168_InternalOffers_NoDisclosureOfAdditionalOffers.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-006/ACR-006_InternalOffers_NoDisclosureOfCallCenter.JPG"],"nonDeceptorImageFiles":["191229/PCTuneUp-191222/1.0.46/Images/ACR-038/ACR-038_Install_NoFileDetails.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-088/ACR-088_Software_PostInstallationAutoScan.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-160/ACR-160_Software_NotACertifiedCallCenter.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-065/ACR-065_Software_NoDocs.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-099/ACR-099_Software_NoUninstallInfo.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-064/ACR-064_Landingpage_DownloadNotClear.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-065/ACR-065_LandingPage_NoDocs.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-099/ACR-099_Landingpage_NoUninstallInfo.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-014/ACR-014_Landingpage_ExaggeratedWords.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-014/ACR-014_Landingpage_ExaggeratedWords1.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-014/ACR-014_LandingPage_OutdatedImages.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-017/ACR-017_Landingpage_UnableToVerifyLogo.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-068/ACR-068_Landingpage_ConfusingOffer.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-068/ACR-068_InternalOffers_ConfusingOffers1.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-171/ACR-171_internalOffers_NoInfoAboutRecurringPayment.JPG","191229/PCTuneUp-191222/1.0.46/Images/ACR-002/ACR-002_InternalOffers_NameNotConsistent.JPG"],"guid":"fdcb50d1-af13-4e6e-8837-24596ded5bbd_1.0.46_1","appID":"PCTuneUp-191222","dateAdded":"191229","deceptorType":"App","name":"PC Tuneup","company":"Comodo Security Solutions, Inc.","version":"1.0.46","sigName":"Deceptor:Win32/PCTuneup!048004084003014168006","lastKnownStatus":"1.0.46","lastKnownDate":"201016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-10-16T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1995},{"violations":{"ACR-004":"The app exaggerates the cookies as threats. Misleading information raises unnecessary urgency for user to purchase the app.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Simple Leads LLC\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"SpyRemoverPro.exe","isInstaller":"True","companyName":"Support King LLC","productName":"SpyRemover Pro Installer","productVersion":"1.0.1.6","fileVersion":"1.0.1.6","hashMD5":"9659ef9c1954b11f68f82e550937ad0d","hashSHA1":"bd011ec00554abb5c7b934213ca1e1f2ad447dd3","hashSHA256":"0f2085f90937b59e546fc1fb6bae7af0f64358ff784435f973a638157c65656a","digitalCertThumbprint":"0C6ECD0A77FC23820C1EB806A6742E8169099846","digitalCertIssuer":"CN=DigiCert SHA2 High Assurance Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Simple Leads LLC, O=Simple Leads LLC, L=White Plains, S=New York, C=US","sourceIndex":"385","avBlockList":["360 Total Security (20200113)","Avast Internet Security (20200113)","AVG Internet Security (20200113)","Avira Internet Security (20200113)","Bitdefender Internet Security (20200113)","ESET Internet Security (20200113)","G DATA INTERNET SECURITY (20200113)","K7 Total Security (20200113)","Kaspersky Internet Security (20200113)","Malwarebytes Premium (20200113)","McAfee Total Protection (20200113)","Norton Security (20200113)","Panda Dome (20200113)","Quick Heal Internet Security (20200113)","Sophos Home Premium (20200113)","Tencent PC Manager (20200113)","Trend Micro Internet Security (20200113)","VIPRE Advanced Security (20200113)","VirIT eXplorer PRO (20200113)","Webroot SecureAnywhere (20200113)","Windows Defender (20200113)"],"avAllowList":["COMODO Antivirus (20200113)","Dr.Web Security Space (20200113)"]},{"isRevoked":"False","fileName":"SpyRemover Pro.exe","companyName":"Support King LLC","productName":"SpyRemover","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"c16d61be315e4382600a5748a35bc2d4","hashSHA1":"37836ddeafd22dc984514dbb12222091968b4006","hashSHA256":"fb6300c3d25b9d2ea49b500da4697d6adf6ec08a9ca8539204491ab75ef5d53e","digitalCertThumbprint":"0C6ECD0A77FC23820C1EB806A6742E8169099846","digitalCertIssuer":"CN=DigiCert SHA2 High Assurance Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Simple Leads LLC, O=Simple Leads LLC, L=White Plains, S=New York, C=US","sourceIndex":"385","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"Existing deceptor review","landingPage":"https://www.fixmypcerror.com/","directDownloadingLink":"https://s3-us-west-2.amazonaws.com/spy-remover-pro/SpyRemoverPro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3-us-west-2.amazonaws.com/spy-remover-pro/SpyRemoverPro.exe","sourceIndex":"385"},{"howFound":"Deceptor review","reference":"","landingPage":"https://www.spyremoverpro.com","directDownloadingLink":"https://www.spyremoverpro.com/download/","ipv4":"","ipv6":"","sourceIndex":"386"},{"howFound":"","reference":"","landingPage":"https://bestantivirus.us.com/antivirus/spyremover-pro","ipv4":"","ipv6":"","sourceIndex":"387"}],"sampleFiles":["191210/SpyRemoverPro-180611/1.0.1.6/Samples/SpyRemoverPro.exe","191210/SpyRemoverPro-180611/1.0.1.6/Samples/SpyRemover Pro.exe"],"imageFiles":["191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-004/NonThreatReport.PNG","191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-004/NonThreatReport_purchase.PNG"],"nonDeceptorImageFiles":["191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-065/ACR_065_INSTALL.PNG","191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-065/ACR_065_SOFTWARE.PNG","191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-092/ACR_092_SOFTWARE.PNG","191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-099/ACR_099_SOFTWARE.PNG","191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","191210/SpyRemoverPro-180611/1.0.1.6/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"bd788375-3451-410a-8e72-8dc64eefe2c1_1.0.1.6_1","appID":"SpyRemoverPro-180611","dateAdded":"191210","deceptorType":"App","name":"SpyRemover Pro","company":"Support King LLC","version":"1.0.1.6","sigName":"Deceptor:Win32/SpyRemoverPro!004","lastKnownStatus":"1.0.1.6","lastKnownDate":"241107","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-07T20:28:23.0422534+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1996},{"violations":{"ACR-003":"The app reports registry entry (microsoft component) as a threat (in a clean system) and displays system status as \"Risk\" even though windows defender is running in the system, which is misleading the consumer.\n","ACR-004":"App exaggerated the scanning result,  it counts each object as threat and malicious. \n"},"nonDeceptorViolations":{"ACR-065":"The app needs to disclose the privacy policy during installation.\nThe app needs to disclose EULA and Privacy policy in the software.\nThe app needs to disclose EULA, Privacy policy and Refund policy in the landing page as the provided links for docs are not working.\n","ACR-161":"The testimonials needs to be verifiable.\n","ACR-099":"The app needs to disclose uninstall information in the software.\nThe app needs to disclose uninstall information in the landing page.\n","ACR-035":"The app needs to disclose the app's name to the consumer in all the docs.\n","ACR-167":"The app needs to disclose Return Policy and the app’s return policy must be at least 30 days.\n","ACR-168":"The app/offer displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n","ACR-014":" Needs to replace \"Outdated\" images with \"Up-to-date\" images in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"setup-antimalware-gscm.exe","isInstaller":"True","companyName":"GridinSoft LLC","productName":"GridinSoft Anti-Malware Setup","productVersion":"4.0.23","fileVersion":"1.0.4.560","hashMD5":"d84fc33e2ce5372fab46cf45f5903a9d","hashSHA1":"d9b27eb8561d830ad86e7cf229e6c851515aa288","hashSHA256":"c83676bb42a34a1fd5b29b6568691a378afaeec6f1ba1b93bf9e6314126df28f","digitalCertThumbprint":"6C5AE3F8BC5FC1FA38502592E832496738E430B0","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"GridinSoft LLC","sourceIndex":"2593","avBlockList":["G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Quick Heal Internet Security (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VirIT eXplorer PRO (20191128)","Windows Defender (20191128)"],"avAllowList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","COMODO Antivirus (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Sophos Home Premium (20191128)","VIPRE Advanced Security (20191128)","Webroot SecureAnywhere (20191128)"]}],"additionalFiles":[],"sources":[{"howFound":"External Customer Report","reference":"","landingPage":"https://get.anti-malware.gridinsoft.com/","directDownloadingLink":"https://get.anti-malware.gridinsoft.com/01/?aff=gscm&act=download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://get.anti-malware.gridinsoft.com/01/?aff=gscm&act=download","sourceIndex":"2593"}],"sampleFiles":["191129/GridinsoftAntiMalware-190930/4.0.23/Samples/setup-antimalware-gscm.exe"],"imageFiles":["191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-003/ACR_003_Software_Misleading.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-004/ACR-004_Software_ShouldAvoidColorGraphic.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-004/exaggeratedresult_004.PNG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-004/exaggeratedresult_004_2.PNG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-004/exaggeratedresult_004_3.PNG"],"nonDeceptorImageFiles":["191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-065/ACR-065_Software_NoEulaNoPrivacyPolicy.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-065/ACR-065_Landingpage_EulaAndPrivacyPolicyNotWorking.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-014/ACR-014_Landingpage_NeedToUpdateTheImages.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-161/ACR-161_Landingpage_TestimonialsShouldBeVerifiable.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-099/ACR-099_Software_NoUninstallInstruction.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-099/ACR-099_LandingPage_NoUninstallInformation.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-099/ACR-099_LandingPage_NoUninstallInformation1.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-099/ACR-099_LandingPage_NoUninstallInformation2.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-168/ACR-168_Landingpage_AdditionalOffersNotDisclosed.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-035/ACR-035_Docs_NoAppNameInEula.JPG","191129/GridinsoftAntiMalware-190930/4.0.23/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.JPG"],"guid":"8bfe4144-13a0-4f72-a009-1ab61c800a2f_4.0.23_1","appID":"GridinsoftAntiMalware-190930","dateAdded":"191129","deceptorType":"App","name":"Gridinsoft AntiMalware","company":"Gridinsoft","version":"4.0.23","sigName":"Deceptor:Win32/GSAntiMalware!003004","firstResolvedVersion":"4.1.14","resolved":"TRUE","lastKnownStatus":"Deceptor:4.0.23","lastKnownDate":"191129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-11-30T06:54:15.3276632+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1997},{"violations":{"ACR-048":"The app works invisibly in your system, which hides the consumer's ability to close, delete, disable, and uninstall the app. The app is also not in the list of installed apps in, making it impossible for the user to uninstall the app.\n","ACR-007":"The app enables the consumer to hide it from the system tray, task manager, and installed apps, which prevents the targeted consumer from being aware of the app's presence, and explicit notifications are not sent to the targeted consumer because the app works invisibly.\n","ACR-084":"The app discloses that it will work invisibly in your system, disguising whether or not it is active.\n","ACR-086":"The app does not inform the targeted user how it collects and transmits data, and to whom it provides it to since it works invisibly in the system.\n","ACR-097":"The app prompts the user to disable Windows Defender in order to evade detection.\n","ACR-116":"The app is not in the installed apps list and therefore cannot be uninstalled via platform standard features.\n"},"nonDeceptorViolations":{"ACR-038":"The app is installed in a directory that does not disclose the app's name, making it hard for the consumer to find the app.\n","ACR-040":"The installer is not installed in a standard location and the name is not clearly identified, making it harder to identify the installer's location.\n","ACR-065":"The app's landing page does not contain links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe app's install page does not provide links to the Returns and Cancellation policy.\n","ACR-161":"The landing page includes endorsements from external sources, but does not provide links to the external sources preventing them from being verified.\n","ACR-082":"The app discloses the possibility that it may violate certain local laws, therefore is designed for the purpose of engaging in activity that may violate certain laws.\n","ACR-099":"The application's landing page does not provide links to uninstall information.\nThe application's internal offers does not provide links to uninstall information.\n","ACR-035":"The app's Terms of Service, Returns and Cancellations Policy, and Privacy Policy does not identify the name of the App.\n","ACR-167":"The app only provides a 14-day refund policy not a 30-day refund policy.\n","ACR-150":"The application's landing page displays endorsements from CNET and other users that are not able to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"RMActsvr.exe","fileVersion":"6.0","hashMD5":"3d4427b9144eefbe985774813829b121","hashSHA1":"0a3f63d080d9e3de93618bc8e8817f2543d7f88c","hashSHA256":"0b11f713d81e4a163acbd5255e9cdfcdde235fb8a0bca24c21c4b639906926ef","sourceIndex":"2595","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_ek_062120.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"67b81fffbf31252f54caf716a8befa03","hashSHA1":"3bc8d6941da192739d741dade480300036b6cebd","hashSHA256":"db0e1b302775e21cc57a33730cdc33e7f5bcf408447dcf3e3b012edd7952a95a","sourceIndex":"2595","avBlockList":["360 Total Security (20191226)","Avast Internet Security (20191226)","AVG Internet Security (20191226)","Bitdefender Internet Security (20191226)","COMODO Antivirus (20191226)","Dr.Web Security Space (20191226)","ESET Internet Security (20191226)","G DATA INTERNET SECURITY (20191226)","K7 Total Security (20191226)","Kaspersky Internet Security (20191226)","Malwarebytes Premium (20191226)","McAfee Total Protection (20191226)","Norton Security (20191226)","Panda Dome (20191226)","Quick Heal Internet Security (20191226)","Sophos Home Premium (20191226)","Tencent PC Manager (20191226)","Trend Micro Internet Security (20191226)","VIPRE Advanced Security (20191226)","VirIT eXplorer PRO (20191226)","Webroot SecureAnywhere (20191226)","Windows Defender (20191226)"],"avAllowList":["Avira Internet Security (20191226)"]},{"isRevoked":"False","fileName":"ek_setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"0ef2fde929b4937c5e48a5ad686f79e1","hashSHA1":"a618afff0ef465f357d90589ba1e515b6675242d","hashSHA256":"2703a1b7a53ec18a520874b238fa5afa472996a18d00280166dcb70f7d451a36","sourceIndex":"2595","avBlockList":["360 Total Security (20191226)","Avast Internet Security (20191226)","AVG Internet Security (20191226)","Bitdefender Internet Security (20191226)","COMODO Antivirus (20191226)","Dr.Web Security Space (20191226)","ESET Internet Security (20191226)","G DATA INTERNET SECURITY (20191226)","K7 Total Security (20191226)","Kaspersky Internet Security (20191226)","Malwarebytes Premium (20191226)","McAfee Total Protection (20191226)","Norton Security (20191226)","Panda Dome (20191226)","Quick Heal Internet Security (20191226)","Sophos Home Premium (20191226)","Tencent PC Manager (20191226)","Trend Micro Internet Security (20191226)","VIPRE Advanced Security (20191226)","VirIT eXplorer PRO (20191226)","Webroot SecureAnywhere (20191226)","Windows Defender (20191226)"],"avAllowList":["Avira Internet Security (20191226)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://www.elitekeyloggers.com/","directDownloadingLink":"https://mega.nz/#!7HAiACJC!86HjcCrikBpyVvgiaJF6iZYBAvgIs3V1owRk2RLgbQQ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/#!7HAiACJC!86HjcCrikBpyVvgiaJF6iZYBAvgIs3V1owRk2RLgbQQ","sourceIndex":"2595"}],"sampleFiles":["191126/EliteKeylogger-191120/6.0.0.621/Samples/RMActsvr.exe","191126/EliteKeylogger-191120/6.0.0.621/Samples/setup_ek_062120.exe","191126/EliteKeylogger-191120/6.0.0.621/Samples/ek_setup.exe"],"imageFiles":["191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-048/Screen Shot 2019-11-20 at 1.56.42 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-048/Screen Shot 2019-11-25 at 5.09.44 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-084/Screen Shot 2019-11-20 at 1.55.46 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-007/Screen Shot 2019-10-30 at 3.20.21 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-086/Screen Shot 2019-11-06 at 4.01.21 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-086/Screen Shot 2019-11-06 at 3.27.32 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-097/Screen Shot 2019-11-06 at 3.27.32 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-097/Screen Shot 2019-11-20 at 1.55.46 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-097/Screen Shot 2019-11-20 at 1.56.11 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-097/Screen Shot 2019-11-20 at 1.56.42 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-116/Screen Shot 2019-11-25 at 5.09.44 PM.png"],"nonDeceptorImageFiles":["191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-082/Screen Shot 2019-11-20 at 1.56.53 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-040/Screen Shot 2019-11-20 at 2.46.45 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-065/Elite Keylogger Landing Page.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-065/Install Page.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-161/Elite Keylogger Endorsements.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-099/Elite Keylogger Landing Page.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-099/Internal Offers.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-167/Revocation Policy.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-150/Elite Keylogger Endorsements.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-035/Screen Shot 2019-11-25 at 5.58.26 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-035/Screen Shot 2019-11-25 at 5.58.40 PM.png","191126/EliteKeylogger-191120/6.0.0.621/Images/ACR-035/Screen Shot 2019-11-25 at 5.58.50 PM.png"],"guid":"e357cd43-5f6d-4e14-8553-ef8f4f3b73ab_6.0.0.621_1","appID":"EliteKeylogger-191120","dateAdded":"191126","deceptorType":"App","name":"Elite Keylogger","company":"WideStep","version":"6.0.0.621","sigName":"Deceptor:Win32/EliteKeyloggerStalkerware!048084007086097116","lastKnownStatus":"Deceptor:6.0.0.621","lastKnownDate":"201023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"MacOS,Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-10-23T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1998},{"violations":{"ACR-048":"The app is always running in the background and requires a hotkey to be opened, which limits the consumer's ability to close the app.\n","ACR-007":"The app does not provide explicit notification to the targeted consumer when it is running and it hides itself from the targeted consumer by requiring a hotkey to open it.\n","ACR-084":"The app is always running and uses the name \"mdworker\". It also requires a hotkey to open the app, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or transmits their data and it hides from the targeted consumer.\n","ACR-116":"The app cannot be uninstalled in the Applications Folder.\n"},"nonDeceptorViolations":{"ACR-040":"The app is installed in a hidden folder.\n","ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offers page does not display links to the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The landing page displays an unverifiable testimonial.\n","ACR-099":"The landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"PKL","isInstaller":"True","fileVersion":"0.","hashMD5":"cc8469780cc141d8963a7264855feecd","hashSHA1":"f74a3b293d912123cf8913a90d2c206ade1ee4ff","hashSHA256":"e58a1ea0d86fe7402572df8db5539cee7de6d64432d6d827008e0276c9b2c121","sourceIndex":"2602","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://mac-keylogger.org/","reference":"Hunt.Search","landingPage":"https://mac-keylogger.org/","directDownloadingLink":"https://files.downloadnow.com/s/software/16/63/38/84/PKLite18.zip?token=1573732304_7fc355386d5e506292dbe9ff470817e0&fileName=PKLite18.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.downloadnow.com/s/software/16/63/38/84/PKLite18.zip?token=1573732304_7fc355386d5e506292dbe9ff470817e0&fileName=PKLite18.zip","sourceIndex":"2602"}],"sampleFiles":["191118/PrivacyKeylogger-191113/1.6/Samples/PKL"],"imageFiles":["191118/PrivacyKeylogger-191113/1.6/Images/ACR-048/PrivacyKeylogger Hide and Start.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-048/PrivacyKeylogger Hotkey.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-007/PrivacyKeylogger Hide and Start.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-007/PrivacyKeylogger Hotkey.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-084/PrivacyKeylogger Activity Monitor.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-084/PrivacyKeylogger Hide and Start.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-084/PrivacyKeylogger Hotkey.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-086/PrivacyKeylogger Hide and Start.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-086/PrivacyKeylogger Hotkey.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-116/PrivacyKeylogger Applications Folder.png"],"nonDeceptorImageFiles":["191118/PrivacyKeylogger-191113/1.6/Images/ACR-040/PrivacyKeylogger Install Location.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-065/Privacy Keylogger README.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-065/Privacy Keylogger Install.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-065/PrivacyKeylogger App.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-065/PrivacyKeylogger Landing Page.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-065/PrivacyKeylogger Internal Offers.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-099/PrivacyKeylogger Landing Page.png","191118/PrivacyKeylogger-191113/1.6/Images/ACR-099/PrivacyKeylogger Internal Offers.png"],"guid":"cb488ccb-adf8-4222-8d29-1e589fef62f7_1.6_1","appID":"PrivacyKeylogger-191113","dateAdded":"191118","deceptorType":"MacOS App","name":"Privacy Keylogger","company":"BLAZINGTOOLS SOFTWARE","version":"1.6","sigName":"Deceptor:MacOS/Privacy KeyloggerStalkerware!007048084086116","lastKnownStatus":"Deceptor:1.6","lastKnownDate":"191118","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-11-18T21:50:47.6783896+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":1999},{"violations":{"ACR-007":"The app does not provide explicit notification to the targeted consumer.\n","ACR-084":"The app enables the consumer to hide its desktop icon, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how it collects or stores their user activities.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"StaffCop_580_setup.exe","isInstaller":"True","companyName":"Atom Security Inc.","fileVersion":"2.2","hashMD5":"752893f0da53ea258c23514c59936670","hashSHA1":"69ff7324efc3e310e5d17462b6dc0ec7e267763e","hashSHA256":"1e97b53f7c6f84e96374985c46f8ba51d3f2853babaf95983c6a09c2ae6f5acf","digitalCertThumbprint":"B37EAC11CB5719C1E6ED6A218B8522A37F598DAF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Atom Security OOO, OU=development, O=Atom Security OOO, STREET=\"Academician Koptyuga Prospect, 4,office 158\", L=Novosibirsk, S=nso, PostalCode=630090, C=RU","sourceIndex":"2180","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StaffCop.exe","fileVersion":"0.0","hashMD5":"8b3dd77d32092127b4811a3bef920dcc","hashSHA1":"55947f61d860c56b4ddf63897d8f20c613b39efd","hashSHA256":"3cca4682ecd983638fd7d472a84839a6573227a6ae0118c46a9f2595e352fdbe","digitalCertThumbprint":"B37EAC11CB5719C1E6ED6A218B8522A37F598DAF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Atom Security OOO, OU=development, O=Atom Security OOO, STREET=\"Academician Koptyuga Prospect, 4,office 158\", L=Novosibirsk, S=nso, PostalCode=630090, C=RU","sourceIndex":"2180","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.keyloggers.com/","reference":"Hunt.Search","landingPage":"https://www.staffcop.com/standard/","directDownloadingLink":"https://s3-eu-west-1.amazonaws.com/dist.staffcop.com/download/StaffCop_580_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3-eu-west-1.amazonaws.com/dist.staffcop.com/download/StaffCop_580_setup.exe","sourceIndex":"2180"}],"sampleFiles":["191116/StaffCopStandard-191115/5.8.911.0/Samples/StaffCop_580_setup.exe","191116/StaffCopStandard-191115/5.8.911.0/Samples/StaffCop.exe"],"imageFiles":["191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-007/StaffCop Standard Watching.png","191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-084/StaffCop Standard Hide Icon.png","191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-086/StaffCop Standard Watching.png"],"nonDeceptorImageFiles":["191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-065/StaffCop Standard Install.png","191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-065/StaffCop Standard EULA.png","191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-065/StaffCop Standard About.png","191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-065/StaffCop Standard Landing Page.png","191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-099/StaffCop Standard About.png","191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-099/StaffCop Standard Landing Page.png","191116/StaffCopStandard-191115/5.8.911.0/Images/ACR-099/StaffCop Standard Internal Offers.png"],"guid":"553bd5c3-63b3-4953-94a1-cf58c4698d39_5.8.911.0_1","appID":"StaffCopStandard-191115","dateAdded":"191116","deceptorType":"App","name":"StaffCop Standard","company":"Atom Security Inc","version":"5.8.911.0","lastKnownDate":"200713","type":"Windows Executable","targetOS":"Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"enterprise","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-07-14T03:28:21.6376871+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2000},{"violations":{"ACR-046":"The application does not display the Disclosures and Options. The App installs automatically after running the installer file.\n","ACR-003":"The app shows gauges and words, \"errors\", \"issues\", \"poor\" & \"you are no longer protected\" in red/orange/yellow colors that indicates misleading urgency.\n","ACR-004":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. The App perform a free scan even if the trial version is already expired and requiring customer to purchase the app to fix the issues found.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-124":"The option to continue uninstall is not obvious and clear, not presented as if it is clickable to continue uninstall.\n"},"nonDeceptorViolations":{"ACR-065":" The app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy. \n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"pcmechanicplus.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.","productName":"PC Mechanic Plus","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"db690592896d8e06fcd3c6c21d255c86","hashSHA1":"c767b53806cf029e9de2894007a0ff57cc4d507b","hashSHA256":"5d3e03c7382b9e214394fc613d9664d1e7e22ec3e34537d29ff93567f646d464","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Econosoft Global Services PTE. LTD., O=Econosoft Global Services PTE. LTD., STREET=\"10 Anson Road, 22-02 International Plaza\", L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201811987R, OID.2.5.4.15=Private Organization","sourceIndex":"2609","avBlockList":["360 Total Security (20191212)","Avast Internet Security (20191212)","AVG Internet Security (20191212)","Avira Internet Security (20191212)","Bitdefender Internet Security (20191212)","COMODO Antivirus (20191212)","Dr.Web Security Space (20191212)","ESET Internet Security (20191212)","G DATA INTERNET SECURITY (20191212)","K7 Total Security (20191212)","Kaspersky Internet Security (20191212)","Malwarebytes Premium (20191212)","McAfee Total Protection (20191212)","Norton Security (20191212)","Panda Dome (20191212)","Quick Heal Internet Security (20191212)","Sophos Home Premium (20191212)","Tencent PC Manager (20191212)","Trend Micro Internet Security (20191212)","VIPRE Advanced Security (20191212)","VirIT eXplorer PRO (20191212)","Windows Defender (20191212)"],"avAllowList":["Webroot SecureAnywhere (20191212)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC Mechanic Plus\\pcmechanicplus.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"pcmechanicplus","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"6db9ee2c64f1b3d01d124d49866663f1","hashSHA1":"7ceb4e341db91c8cff706d2b936706f5411e904f","hashSHA256":"d6cb6015d7f000ba813bb4dafda7da3c8bc63e40cef4ad93f3a55a185190f909","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Econosoft Global Services PTE. LTD., O=Econosoft Global Services PTE. LTD., STREET=\"10 Anson Road, 22-02 International Plaza\", L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201811987R, OID.2.5.4.15=Private Organization","sourceIndex":"2609","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC Mechanic Plus\\pcmechanicplus_protection.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"pcmechanicplus_protection","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c546ebed31d82082937ffefc16e79b07","hashSHA1":"31b18b1dceb58258bbdcc73eb79feb7724744ea4","hashSHA256":"aa41b19b31623e4e1eb27f3ef026654518e17a4cf432c20b9b6d00b1975f5270","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Econosoft Global Services PTE. LTD., O=Econosoft Global Services PTE. LTD., STREET=\"10 Anson Road, 22-02 International Plaza\", L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201811987R, OID.2.5.4.15=Private Organization","sourceIndex":"2609","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"PC Cleaner Software\"","reference":"https://pcmechanicplus.com/en/index.php","landingPage":"https://pcmechanicplus.com/en/index.php","directDownloadingLink":"https://pcmechanicplus.com/downloads/exe/sm/en/pcmechanicplus.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pcmechanicplus.com/downloads/exe/sm/en/pcmechanicplus.exe","sourceIndex":"2609"}],"sampleFiles":["191111/PCMechanicPlus-191108/1.0.0.0/Samples/pcmechanicplus.exe","191111/PCMechanicPlus-191108/1.0.0.0/Samples/pcmechanicplus(main_exe).exe","191111/PCMechanicPlus-191108/1.0.0.0/Samples/pcmechanicplus_protection.exe"],"imageFiles":["191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-003/scan.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-003/004.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-003/details.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-004/scan.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-004/004_2.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-004/004.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-004/activate.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-004/buy.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-004/buy2.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-084/084.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-168/scan.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-168/124.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-124/124.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-046/installation.mp4"],"nonDeceptorImageFiles":["191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-168/168.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-161/161.png","191111/PCMechanicPlus-191108/1.0.0.0/Images/ACR-099/about.png"],"guid":"60ebf8f3-a99f-4691-b7d1-465cc27887fb_1.0.0.0_1","appID":"PCMechanicPlus-191108","dateAdded":"191111","deceptorType":"App","name":"PC Mechanic Plus","company":"Econosoft Global Services PTE. LTD.","version":"1.0.0.0","sigName":"Deceptor:Win32/PCMechanicPlus!003004084046124168","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"191111","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-11-11T22:00:12.2867556+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2002},{"violations":{"ACR-048":"The app is hidden from the uninstall page on the control panel and settings, which limits the targeted consumer's ability to uninstall the app. The app also enables the user to require a hotkey to open it.\n","ACR-007":"The app does not display an explicit notification to the targeted consumer when it is running.\n","ACR-086":"The app does not inform the targeted consumer about how it collects or stores data. It also enables the installing consumer to use a hotkey to open it which allows them to easily hide it from the targeted consumer.\n","ACR-116":"The app cannot be uninstalled in the control panel or in settings.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Privacy Policy, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"True","fileName":"StaffCopHome - Shortcut.lnk","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9f654470bee4ed8d59675740b692515c7b629d8a2d1fe9cbce0cc264597f431f","sourceIndex":"2181","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"StaffCopHome_570_setup.exe","isInstaller":"True","companyName":"AtomSecurity","fileVersion":"2.2","hashMD5":"737ca4880e2f1d5690f7c28db07e2d6f","hashSHA1":"ca9f597b0460f0d61ce087f4bb31ea46cdace1db","hashSHA256":"5688ec2534aacb033b5f47ae94b0472006a68f8ff3e5500a9335268845d214ac","digitalCertThumbprint":"B37EAC11CB5719C1E6ED6A218B8522A37F598DAF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Atom Security OOO, OU=development, O=Atom Security OOO, STREET=\"Academician Koptyuga Prospect, 4,office 158\", L=Novosibirsk, S=nso, PostalCode=630090, C=RU","sourceIndex":"2181","avBlockList":["360 Total Security (20191212)","Avast Internet Security (20191212)","AVG Internet Security (20191212)","Bitdefender Internet Security (20191212)","COMODO Antivirus (20191212)","ESET Internet Security (20191212)","G DATA INTERNET SECURITY (20191212)","K7 Total Security (20191212)","Kaspersky Internet Security (20191212)","Malwarebytes Premium (20191212)","McAfee Total Protection (20191212)","Norton Security (20191212)","Panda Dome (20191212)","Quick Heal Internet Security (20191212)","Sophos Home Premium (20191212)","Tencent PC Manager (20191212)","VIPRE Advanced Security (20191212)","VirIT eXplorer PRO (20191212)","Webroot SecureAnywhere (20191212)"],"avAllowList":["Avira Internet Security (20191212)","Dr.Web Security Space (20191212)","Trend Micro Internet Security (20191212)","Windows Defender (20191212)"]},{"isRevoked":"False","fileName":"StaffCopHome.exe","fileVersion":"0.0","hashMD5":"8fee8ffeb0e49942a880ee218843b1df","hashSHA1":"b2998efb3204d564657843a274c687d15002de58","hashSHA256":"6e39ec91c6e13469ac4112ed5397f78fc4cbcda4fc6e12f80dd8f5e1a618e7ad","digitalCertThumbprint":"B37EAC11CB5719C1E6ED6A218B8522A37F598DAF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Atom Security OOO, OU=development, O=Atom Security OOO, STREET=\"Academician Koptyuga Prospect, 4,office 158\", L=Novosibirsk, S=nso, PostalCode=630090, C=RU","sourceIndex":"2181","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://www.keyloggers.com/","reference":"Hunt.Search","landingPage":"https://www.staffcop.com/home/","directDownloadingLink":"https://s3-eu-west-1.amazonaws.com/dist.staffcop.com/download/StaffCopHome_570_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3-eu-west-1.amazonaws.com/dist.staffcop.com/download/StaffCopHome_570_setup.exe","sourceIndex":"2181"}],"sampleFiles":["191111/StaffCopHome-191108/5.7.107.0/Samples/StaffCopHome_570_setup.exe","191111/StaffCopHome-191108/5.7.107.0/Samples/StaffCopHome.exe"],"imageFiles":["191111/StaffCopHome-191108/5.7.107.0/Images/ACR-048/StaffCopHome Hotkey.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-048/StaffCopHome Settings.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-048/StaffCopHome Control Panel.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-007/StaffCopHome Screenshots.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-086/StaffCopHome Screenshots.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-086/StaffCopHome Hotkey.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-116/StaffCopHome Settings.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-116/StaffCopHome Control Panel.png"],"nonDeceptorImageFiles":["191111/StaffCopHome-191108/5.7.107.0/Images/ACR-065/StaffCopHome Install.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-065/StaffCopHome About.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-065/StaffCopHome Landing Page.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-065/StaffCopHome Internal Offers.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-099/StaffCopHome About.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-099/StaffCopHome Landing Page.png","191111/StaffCopHome-191108/5.7.107.0/Images/ACR-099/StaffCopHome Internal Offers.png"],"guid":"25b5cc75-ac9b-4466-af55-1ff5efe4a135_5.7.107.0_1","appID":"StaffCopHome-191108","dateAdded":"191111","deceptorType":"App","name":"StaffCop Home","company":"Atom Security","version":"5.7.107.0","sigName":"Deceptor:Win32/StaffCopStalkerware!007048086116","lastKnownStatus":"Deceptor:5.7.107.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2020-07-14T03:26:39.5866132+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2001},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Advanced Driver Booster.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Advanced Driver Booster) to the user\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Advanced Driver Booster\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays star awards from Tucows, CNET, Top Reviews and Softonic that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"ioscsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"IObyte System-Care                                          ","productVersion":"1.0.1.1                                           ","fileVersion":"1.0.1.1             ","hashMD5":"d080f1a9269d1268f8fa391ecae04b69","hashSHA1":"790f4747f53956ea3e67c75af61330d885fe9690","hashSHA256":"ec0fd72e0f97695ffc999719e87d6fbeba5735e7c496418ff90f5b88f39b7d89","digitalCertThumbprint":"2B328A0E2D2FEA57B87DB4E7681E747A5AAAEE97","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGlES, O=SYSCLEAN TECHNOLOGlES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2212","avBlockList":["360 Total Security (20191209)","Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Quick Heal Internet Security (20191209)","Sophos Home Premium (20191209)","Tencent PC Manager (20191209)","Trend Micro Internet Security (20191209)","VIPRE Advanced Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\IObyte System-Care_username\\pglc.exe","productName":"Super-PC-Cleaner","productVersion":"1.0.1.1","fileVersion":"1.0.1.1","hashMD5":"b18a6c4fe9a6d578a0d66ab77965c6fa","hashSHA1":"02c2449b24daa198574b02c77f5b5f0dd323db03","hashSHA256":"bba515fcc39031985ee1b283f84bec70447e4675d4199478c6969b013f4e8551","digitalCertThumbprint":"2B328A0E2D2FEA57B87DB4E7681E747A5AAAEE97","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGlES, O=SYSCLEAN TECHNOLOGlES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2212","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ioscsetup (1.0.1.1).exe","isInstaller":"True","productVersion":"1.0.1.1","fileVersion":"1.0.1.1","hashMD5":"d45f02a467611c039acc3d246277effa","hashSHA1":"d4cb0bb1e47333d9bcfb911ebd15275c5ea40b52","hashSHA256":"898ab0044134cc74c3e72865c793f313168760174ead5809ae341b44f7493ad3","digitalCertThumbprint":"87FD5EBDB0D4A78E044DF5570E72BDC1FE3656B7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RANOTECH SOFTWARES, OU=IT, O=RANOTECH SOFTWARES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2213","avBlockList":["360 Total Security (20191209)","Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Quick Heal Internet Security (20191209)","Sophos Home Premium (20191209)","Tencent PC Manager (20191209)","Trend Micro Internet Security (20191209)","VIPRE Advanced Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ioscsetup (1.0.1.80).exe","isInstaller":"True","productVersion":"1.0.1.80","fileVersion":"1.0.1.80","hashMD5":"4b5484d14000426be849d822901a00d7","hashSHA1":"87d11371a736576161b46d8b2b58066a5056442e","hashSHA256":"7d771c64c9b33ae7003f1447382a1f7719b2ff45a008fd9770250dae526f3246","digitalCertThumbprint":"A37A23EEC118CF1C745AA12ADB6AAB5ADBDE24DE","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTlONS, O=TECHNOSOFT SOLUTlONS, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2214","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ioscsetup (1.0.1.190).exe","isInstaller":"True","productVersion":"1.0.1.190","fileVersion":"1.0.1.190","hashMD5":"bda522e5708efdcd4440d3ff213e07f0","hashSHA1":"0ab80a93d1ae4ca88c6c0270ab61d65e9c3f2c8a","hashSHA256":"8f6cf59fd9bbf1434b3f2e2ca9e12d3922e6fd31812621105fa73e3b55ebe006","digitalCertThumbprint":"A37A23EEC118CF1C745AA12ADB6AAB5ADBDE24DE","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTlONS, O=TECHNOSOFT SOLUTlONS, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2215","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ioscsetup (1.0.2.20).exe","isInstaller":"True","productVersion":"1.0.2.20","fileVersion":"1.0.2.20","hashMD5":"5321694a4074dcf5be40c1484d749203","hashSHA1":"080ccfe9bd2d31b31b9c4a63f9556005681c7058","hashSHA256":"86361e32e15b8d1910934b4767b9fcd6d0d7fe1cc52a916841fb2135fd22fbfc","digitalCertThumbprint":"0BF3ABD880233F2BCC11C48D8C7CBB7C5527F720","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGlCS, O=INFOSOFT LOGlCS, STREET=\"291, Jyoti Furniture, Dholi Mandi, Chomu\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2216","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","COMODO Antivirus (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ioscsetup (1.0.1.202).exe","isInstaller":"True","productVersion":"1.0.1.202","fileVersion":"1.0.1.202","hashMD5":"af3e7ef3e2f680cfa7899f6d1b98e589","hashSHA1":"1e07df2dc4373009dea5f96b7ff914817109f29d","hashSHA256":"25f85fa54ab016029ab094346397152d42885e4cf0e517fc285009cfafe92ea4","digitalCertThumbprint":"E1C8ACC09A347489F4ADD45DB941F65C13E712C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT INFO SERVlCES, O=CONNECT INFO SERVlCES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2217","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":["COMODO Antivirus (20200102)"]},{"isRevoked":"False","fileName":"ioscsetup (1.0.2.20) 2.exe","isInstaller":"True","productVersion":"1.0.2.20","fileVersion":"1.0.2.20","hashMD5":"9b2630758990cf661fb745b2182b4664","hashSHA1":"6adca85085bdc12e5ffab5434cf39737393b174f","hashSHA256":"976a3fda282c815479d4ee49e2f775ad8d7aab6c39a78b84c59596a8b45749aa","digitalCertThumbprint":"E1C8ACC09A347489F4ADD45DB941F65C13E712C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT INFO SERVlCES, O=CONNECT INFO SERVlCES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2218","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","COMODO Antivirus (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ioscsetup (1.0.2.20) 3.exe","isInstaller":"True","productVersion":"1.0.2.20","fileVersion":"1.0.2.20","hashMD5":"24c77ba8c56eb64dd066a1931e012586","hashSHA1":"deb5c8e7a1bca9213bd6d58e34775d19fd8d1d72","hashSHA256":"491cebc9ec7fa59818ea71715a159b04404679647684a4dfb7de6a2bc10d75fc","digitalCertThumbprint":"A37A23EEC118CF1C745AA12ADB6AAB5ADBDE24DE","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTlONS, O=TECHNOSOFT SOLUTlONS, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2219","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":["COMODO Antivirus (20191128)"]},{"isRevoked":"False","fileName":"ioscsetup (1.0.2.20) 4.exe","isInstaller":"True","productVersion":"1.0.2.20","fileVersion":"1.0.2.20","hashMD5":"d028116823e94e260fe3456488eb2ae2","hashSHA1":"cb8d7d8551e65c47c8673be3dcbfe9dd12d882f4","hashSHA256":"c688318c4c1cc69cc922b0876628b4da79086f179889c041b25fc59714b070e9","digitalCertThumbprint":"50D245425EEBABAA5DBD39C984E2BABDC3C37C90","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GENNEXT PC LOGlCS, O=GENNEXT PC LOGlCS, STREET=WARD NUMBER 12 SULTANA, L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2220","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":["COMODO Antivirus (20191204)"]},{"isRevoked":"False","fileName":"ioscsetup (1.0.2.20) 5.exe","isInstaller":"True","productVersion":"1.0.2.20","fileVersion":"1.0.2.20","hashMD5":"49061368e3c5128fb504b510308bd01e","hashSHA1":"c4e19a0c6bde89b477e8a45f0f383a3da7e51451","hashSHA256":"0c1527404033588f39f613325a7c12d3fabe6206793864d868295b893fcbdfc8","digitalCertThumbprint":"E1C8ACC09A347489F4ADD45DB941F65C13E712C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT INFO SERVlCES, O=CONNECT INFO SERVlCES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2221","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ioscsetup (1.0.2.20) 6.exe","isInstaller":"True","productVersion":"1.0.2.20","fileVersion":"1.0.2.20","hashMD5":"47042cdb43fa83e8dfddd05b388a84e5","hashSHA1":"0493391a877ae14c64dbca0853e61d7465de442d","hashSHA256":"20565ebf98e3b5415ff05889982e29857e8f0b1bfddeffcb120f5b2bacb8239e","digitalCertThumbprint":"0BF3ABD880233F2BCC11C48D8C7CBB7C5527F720","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGlCS, O=INFOSOFT LOGlCS, STREET=\"291, Jyoti Furniture, Dholi Mandi, Chomu\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2222","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":["COMODO Antivirus (20191204)"]},{"isRevoked":"False","fileName":"ioscsetup (1.0.2.20) 7.exe","isInstaller":"True","productVersion":"1.0.2.20","fileVersion":"1.0.2.20","hashMD5":"cf7fbc799c536f22fe08ff55a2770837","hashSHA1":"63484994e9c492cf5d18adc386aaba62fd75a561","hashSHA256":"96a934ab7d17bb010032626acadd743a529d728028b3d3772136c8f1e8e0854c","digitalCertThumbprint":"38D2B10FC52D7C70912E112CA1322B0A801D1BC9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=XPERTMINDS SOFTWARES, O=XPERTMINDS SOFTWARES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2223","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ioscsetup (1.0.2.20) 8.exe","isInstaller":"True","productVersion":"1.0.2.20","fileVersion":"1.0.2.20","hashMD5":"b39e16d069f6c9bd6854c540fc63bf52","hashSHA1":"19a2e97810b9929eec6326b7cb1a2b2af80b7518","hashSHA256":"5628c5061864cd77cf87ef3e3cb715d9e9888ae5961c53d893be816af81e7bb0","digitalCertThumbprint":"A37A23EEC118CF1C745AA12ADB6AAB5ADBDE24DE","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTlONS, O=TECHNOSOFT SOLUTlONS, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2224","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Speed up your PC now\"","reference":"http://onlinepctools.today/","landingPage":"http://onlinepctools.today/","directDownloadingLink":"https://dl.onlinepctools.today/iosc/srcbulid/onlinepctools_today/ioscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.onlinepctools.today/iosc/srcbulid/onlinepctools_today/ioscsetup.exe","sourceIndex":"2212"},{"howFound":"","reference":"","landingPage":"http://systemspeedup.best/","directDownloadingLink":"https://dl.systemspeedup.best/iosc/srcbulid/systemspeedup_best/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2213"},{"howFound":"","reference":"","landingPage":"http://www.advance-pctool.life/","directDownloadingLink":"https://dl.advance-pctool.life/iosc/srcbulid/advance-pctool_life/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2214"},{"howFound":"","reference":"","landingPage":"http://app-cleanup.live/","directDownloadingLink":"https://dl.app-cleanup.live/iosc/srcbulid/app-cleanup_live/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2215"},{"howFound":"","reference":"","landingPage":"http://www.win-appcleanup.best/","directDownloadingLink":"https://dl.win-appcleanup.best/iosc/srcbulid/win-appcleanup_best/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2216"},{"howFound":"","reference":"","landingPage":"http://www.super-cleaner.xyz/","directDownloadingLink":"https://dl.super-cleaner.xyz/iosc/srcbulid/super-cleaner_xyz/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2217"},{"howFound":"","reference":"","landingPage":"http://www.win-appscleanup.today/","directDownloadingLink":"https://dl.win-appscleanup.today/iosc/srcbulid/win-appscleanup_today/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2218"},{"howFound":"","reference":"","landingPage":"http://www.win-appscleanup.world/","directDownloadingLink":"https://dl.win-appscleanup.world/iosc/srcbulid/win-appscleanup_world/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2219"},{"howFound":"","reference":"","landingPage":"http://www.win-appscleanup.live/","directDownloadingLink":"https://dl.win-appscleanup.live/iosc/srcbulid/win-appscleanup_live/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2220"},{"howFound":"","reference":"","landingPage":"http://www.win-appscleanup.best/","directDownloadingLink":"https://dl.win-appscleanup.best/iosc/srcbulid/win-appscleanup_best/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2221"},{"howFound":"","reference":"","landingPage":"http://www.win-appscleanup.life/","directDownloadingLink":"https://dl.win-appscleanup.life/iosc/srcbulid/win-appscleanup_life/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2222"},{"howFound":"","reference":"","landingPage":"http://www.win-appscleanup.win/","directDownloadingLink":"https://dl.win-appscleanup.win/iosc/srcbulid/win-appscleanup_win/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2223"},{"howFound":"","reference":"","landingPage":"http://www.win-appscleanup.download/","directDownloadingLink":"https://dl.win-appscleanup.download/iosc/srcbulid/win-appscleanup_download/ioscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2224"}],"sampleFiles":["191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup.exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/pglc.exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.1.1).exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.1.80).exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.1.190).exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.2.20).exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.1.202).exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.2.20) 2.exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.2.20) 3.exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.2.20) 4.exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.2.20) 5.exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.2.20) 6.exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.2.20) 7.exe","191107/IObyteSystemCare-190918/1.0.1.1/Samples/ioscsetup (1.0.2.20) 8.exe"],"imageFiles":["191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-042/010.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-048/048.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-003/scan.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-003/main.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-003/048.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-004/scan.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-004/150.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-010/010.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-084/084.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-168/168.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-057/010.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-055/010.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-059/010.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-161/161.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-099/099.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-150/150.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-171/150.png","191107/IObyteSystemCare-190918/1.0.1.1/Images/ACR-171/171.png"],"guid":"10089c38-7c27-4489-95d4-54ce4aac8a50_1.0.1.1_1","appID":"IObyteSystemCare-190918","dateAdded":"191107","deceptorType":"App","name":"IObyte System Care","company":"SYSCLEAN TECHNOLOGlES","version":"1.0.1.1","sigName":"Deceptor:Win32/IObyteSystemCare!042048003004010084168057055059155","lastKnownStatus":"1.0.1.1","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T03:24:21.6528161+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2004},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Advanced Driver Booster.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Advanced Driver Booster) to the user\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Advanced Driver Booster\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays star awards from Tucows, CNET, Top Reviews and Softonic that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Universal-PC Care_username\\pglc.exe","productName":"Super-Cleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"5be1db0b1596665ffbd9ccc72a8607c7","hashSHA1":"97e15fdd76c43e74b14fbbd5c22781a1b87021f8","hashSHA256":"4af875fd566b1e4ae095635dbc314288365b6786e7f32a655208725c0f874565","digitalCertThumbprint":"D26C333D5FDE2FDD6A71A3A5448BB0496FD6CB6B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, O=SYSCLEAN TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2182","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Universal-PC Care                                           ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"c0aadd7582406ce409b7a3a1462b4a05","hashSHA1":"615429fe8528f84ce5023a72f1cbfb8ef1a07d8f","hashSHA256":"ac6aad9682b6955e4f4d2cc1f23047d7ea6ed7c00e58701ce60b555086e52f72","digitalCertThumbprint":"D26C333D5FDE2FDD6A71A3A5448BB0496FD6CB6B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, O=SYSCLEAN TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2182","avBlockList":["360 Total Security (20191212)","Avast Internet Security (20191212)","AVG Internet Security (20191212)","Avira Internet Security (20191212)","Bitdefender Internet Security (20191212)","COMODO Antivirus (20191212)","Dr.Web Security Space (20191212)","ESET Internet Security (20191212)","G DATA INTERNET SECURITY (20191212)","K7 Total Security (20191212)","Kaspersky Internet Security (20191212)","Malwarebytes Premium (20191212)","McAfee Total Protection (20191212)","Norton Security (20191212)","Panda Dome (20191212)","Quick Heal Internet Security (20191212)","Sophos Home Premium (20191212)","Tencent PC Manager (20191212)","Trend Micro Internet Security (20191212)","VIPRE Advanced Security (20191212)","VirIT eXplorer PRO (20191212)","Webroot SecureAnywhere (20191212)","Windows Defender (20191212)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c5a33e5e9a77e56375d85f700338695e","hashSHA1":"12461699b2500fd7d9e097f42e8925de5c444b79","hashSHA256":"5e61e7c92e8ae754ad5b7be4b5f582071cf0677ceca55f9565bbb165c3a5a0e0","digitalCertThumbprint":"CA6477FBE19734CC55AB2CEFD4B20B792483DBD7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2183","avBlockList":["360 Total Security (20191212)","Avast Internet Security (20191212)","AVG Internet Security (20191212)","Avira Internet Security (20191212)","Bitdefender Internet Security (20191212)","COMODO Antivirus (20191212)","Dr.Web Security Space (20191212)","ESET Internet Security (20191212)","G DATA INTERNET SECURITY (20191212)","K7 Total Security (20191212)","Kaspersky Internet Security (20191212)","Malwarebytes Premium (20191212)","McAfee Total Protection (20191212)","Norton Security (20191212)","Panda Dome (20191212)","Quick Heal Internet Security (20191212)","Sophos Home Premium (20191212)","Tencent PC Manager (20191212)","Trend Micro Internet Security (20191212)","VIPRE Advanced Security (20191212)","VirIT eXplorer PRO (20191212)","Webroot SecureAnywhere (20191212)","Windows Defender (20191212)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.0) 2.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a1d5fce4e62ac32ba54fc32606ac96c9","hashSHA1":"9b20dadb3135d75c5435afddf2810dcd5acf51a9","hashSHA256":"98a354ce655183fa070aad127a6b8f540dccc9e119bcf6b6a0f64c280a25fb9a","digitalCertThumbprint":"D26C333D5FDE2FDD6A71A3A5448BB0496FD6CB6B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, O=SYSCLEAN TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2184","avBlockList":["360 Total Security (20191104)","Avast Internet Security (20191104)","AVG Internet Security (20191104)","Avira Internet Security (20191104)","Bitdefender Internet Security (20191104)","COMODO Antivirus (20191104)","Dr.Web Security Space (20191104)","ESET Internet Security (20191104)","G DATA INTERNET SECURITY (20191104)","K7 Total Security (20191104)","Kaspersky Internet Security (20191104)","Malwarebytes Premium (20191104)","McAfee Total Protection (20191104)","Norton Security (20191104)","Panda Dome (20191104)","Quick Heal Internet Security (20191104)","Sophos Home Premium (20191104)","Tencent PC Manager (20191104)","Trend Micro Internet Security (20191104)","VIPRE Advanced Security (20191104)","VirIT eXplorer PRO (20191104)","Webroot SecureAnywhere (20191104)","Windows Defender (20191104)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.0) 3.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3c7bec6ed71e2e650524692f63aee091","hashSHA1":"db11e89cf11131f0233f648059231a5da581eebf","hashSHA256":"fe4a232991ee61b619a24b32d84af6aaf6f6dd701b33279b17e2eba7373f24a5","digitalCertThumbprint":"D8B8593470FD0619D2B0ACDA03D933EFF6D0E14E","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GENNEXT PC LOGICS, OU=IT, O=GENNEXT PC LOGICS, POBox=333028, STREET=WARD NUMBER 12 SULTANA, L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2185","avBlockList":["360 Total Security (20191104)","Avast Internet Security (20191104)","AVG Internet Security (20191104)","Avira Internet Security (20191104)","Bitdefender Internet Security (20191104)","COMODO Antivirus (20191104)","Dr.Web Security Space (20191104)","ESET Internet Security (20191104)","G DATA INTERNET SECURITY (20191104)","K7 Total Security (20191104)","Kaspersky Internet Security (20191104)","Malwarebytes Premium (20191104)","McAfee Total Protection (20191104)","Norton Security (20191104)","Panda Dome (20191104)","Quick Heal Internet Security (20191104)","Sophos Home Premium (20191104)","Tencent PC Manager (20191104)","Trend Micro Internet Security (20191104)","VIPRE Advanced Security (20191104)","VirIT eXplorer PRO (20191104)","Webroot SecureAnywhere (20191104)","Windows Defender (20191104)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.0) 4.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1bef5d26eae57773b7e04a9c68561e5f","hashSHA1":"dbf81d7497bf6c292b4f10c3dfa6cb86f74212d5","hashSHA256":"77bb44b6c956cd5b89e97340ed01261fe5b79700703f24ef8c9f53403ac91c07","digitalCertThumbprint":"87FD5EBDB0D4A78E044DF5570E72BDC1FE3656B7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RANOTECH SOFTWARES, OU=IT, O=RANOTECH SOFTWARES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2186","avBlockList":["360 Total Security (20191104)","Avast Internet Security (20191104)","AVG Internet Security (20191104)","Avira Internet Security (20191104)","Bitdefender Internet Security (20191104)","COMODO Antivirus (20191104)","Dr.Web Security Space (20191104)","ESET Internet Security (20191104)","G DATA INTERNET SECURITY (20191104)","K7 Total Security (20191104)","Kaspersky Internet Security (20191104)","Malwarebytes Premium (20191104)","McAfee Total Protection (20191104)","Norton Security (20191104)","Panda Dome (20191104)","Quick Heal Internet Security (20191104)","Sophos Home Premium (20191104)","Tencent PC Manager (20191104)","Trend Micro Internet Security (20191104)","VIPRE Advanced Security (20191104)","VirIT eXplorer PRO (20191104)","Webroot SecureAnywhere (20191104)","Windows Defender (20191104)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.0) 5.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"7d4ddfdae06cade7590e2997d94e797c","hashSHA1":"53cd4dd115411306531bb00346320a9861ac8fce","hashSHA256":"4e9ccd74edad16805419efa29af8b9598f5cb93d4905ed1604f549a46915c046","digitalCertThumbprint":"87FD5EBDB0D4A78E044DF5570E72BDC1FE3656B7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RANOTECH SOFTWARES, OU=IT, O=RANOTECH SOFTWARES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2187","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45).exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"9b073b4d97e5a629f44b78b3bdfc334b","hashSHA1":"88c8ff731f12d3a66dd97a9648397072aff4b52e","hashSHA256":"87486312e88690ab1393bca3bdd694936e0d855028aaa03ae18655b9c9fadba4","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2188","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup(1.0.0.45).exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"941f9d808a9d2249298f4abd11e5b3e2","hashSHA1":"cba17a87147ca916b6e6f84a9ac24255795d69f7","hashSHA256":"c6ea6a45617d22617d096da2d1f6ba04563bedf96550f334553ac4dab619b0a8","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2189","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45) 2.exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"cc629e5c09cf763bfe28aa90165935ce","hashSHA1":"676c50c254fb5f86c88e7a9503ef800287d4852f","hashSHA256":"c5138c3c501916039d1fc159ad2dc296b4f606c525268d366e3b85b474eb4edc","digitalCertThumbprint":"55B656E47D4DF81DF9E71354ABE388301AFCDF3F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CLEANIT SOFTWARES, OU=IT, O=CLEANIT SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2190","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.18).exe","isInstaller":"True","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"1bae3398438ae5d04504ca67e4d8947f","hashSHA1":"b546ea7bf61e7ae58650a75e6c436e0a4b6f251c","hashSHA256":"ddd1998ca51952ef933f4c3c7c555080282d13fa6baadeffdfb9029889be310b","digitalCertThumbprint":"4801BCA3B8A705FA74DBECB08FF311C82FCC44D1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGICS, OU=IT, O=INFOSOFT LOGICS, POBox=303802, STREET=\"291, \tJyoti Furniture, Dholi Mandi, Chomu\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2191","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.18) 2.exe","isInstaller":"True","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"752f56098b44e24c8d1a6daf5edbde9e","hashSHA1":"e88ff4873730b53178011f87a515daffa67c0297","hashSHA256":"86b2547e467fe24429b1dab0f1c40cbed464d1275ea65114a6eceb8b450c6733","digitalCertThumbprint":"D26C333D5FDE2FDD6A71A3A5448BB0496FD6CB6B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, O=SYSCLEAN TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2192","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45) 3.exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"fef98662aa101c5958e0fd7117bc7734","hashSHA1":"b7c0097e3ca310ddbd15eea29be1d7847f57b8a2","hashSHA256":"ff9d42dcbe1dd322793f55c2a353a5712eeb9a7934f9b4d22a28d8044318957a","digitalCertThumbprint":"91F20EB94A0922716A48504EC95EE595532FDBE5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=APPIYAN PC SOLUTIONS, OU=IT, O=APPIYAN PC SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2193","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45) 4.exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"a6f5cbe20dc2f065a2954d89405bc248","hashSHA1":"c2295f19b66c02f2ec0d5f0691f995edc9498cf0","hashSHA256":"b7b764d3a9b093360be472a210b62d978890959a72e8a4525480ad5b95a3315b","digitalCertThumbprint":"F7EB821D589B21D57E800FAFB537568B48DF34D4","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRETECH SOLUTIONS, OU=IT, O=ASPIRETECH SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2194","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45) 5.exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"6d279fee19e30f2199f60266751c17e3","hashSHA1":"8ef3ced6820a0467a861afc426d0e65e8fa5d7a9","hashSHA256":"917980ebb0126b1d6ee92f8267e6f5ab254d4db510c0ce85bcbee3c660c7a1b3","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2195","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.1.18).exe","isInstaller":"True","productVersion":"1.0.1.18","fileVersion":"1.0.1.18","hashMD5":"6ce6041174f39edc3d7b98c343433c2e","hashSHA1":"6366762446dd0f0a01bcf03c625dd678aa3457b5","hashSHA256":"043afda46265eabc8521846de6a61c8786320abed2fa364c90a6e84103f995ae","digitalCertThumbprint":"100A8EC4EE5F4DD4671C7D63B3E9B935EE0C89E8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, O=QBIT SOFTWARE SERVICES, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2196","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.1.18) 2.exe","isInstaller":"True","productVersion":"1.0.1.18","fileVersion":"1.0.1.18","hashMD5":"4e584ad8b59d5e2cb99c8a62e915e35f","hashSHA1":"b71b6d6ecf24f04f35417c0043256258ce70679d","hashSHA256":"eb5a3ffaf880887726bc40f27fab2c7c9f7d857f3fc1dc1028268bd80a5ee941","digitalCertThumbprint":"4801BCA3B8A705FA74DBECB08FF311C82FCC44D1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGICS, OU=IT, O=INFOSOFT LOGICS, POBox=303802, STREET=\"291, \tJyoti Furniture, Dholi Mandi, Chomu\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2197","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.1.18) 3.exe","isInstaller":"True","productVersion":"1.0.1.18","fileVersion":"1.0.1.18","hashMD5":"d8a1e2c9bd02ee01e2bf41e6b58201da","hashSHA1":"e09c4712616fd931547a1c92824dbfffc5a511ba","hashSHA256":"641e3dae32146cb4e388c106c0cf5d166b9bd3524a621720f1cc46057f161fdd","digitalCertThumbprint":"100A8EC4EE5F4DD4671C7D63B3E9B935EE0C89E8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, O=QBIT SOFTWARE SERVICES, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2198","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45) 6.exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"9ec65c7775856137ec406c1cad5f4683","hashSHA1":"25d79444bb271965ecacbe1049458dc72d6fefcb","hashSHA256":"aec5d35f4d1a7f859e2628cc565b0c89b1fcb63b1d9ecaff943d4c6167e6dd32","digitalCertThumbprint":"91F20EB94A0922716A48504EC95EE595532FDBE5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=APPIYAN PC SOLUTIONS, OU=IT, O=APPIYAN PC SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2199","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45) 7.exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"019d6055aec5225ca620e223adddbd12","hashSHA1":"edc00c01ddeac9ac9172681c45ad8bbb24e315df","hashSHA256":"6e0e5e8d71f392e698525d34ac368d1db91336f6c9ffc98f3597b497871cf0c9","digitalCertThumbprint":"F7EB821D589B21D57E800FAFB537568B48DF34D4","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRETECH SOLUTIONS, OU=IT, O=ASPIRETECH SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2200","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45) 8.exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"568a827f93933a8a2e2a3019acf49cad","hashSHA1":"270002ba55e6bd8ad97fe71e89532c2f47591700","hashSHA256":"5c3d304591bc430ff939fcbe9b2e2496d7217a2513e96b56d77ad3cfe8ef9f20","digitalCertThumbprint":"55B656E47D4DF81DF9E71354ABE388301AFCDF3F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CLEANIT SOFTWARES, OU=IT, O=CLEANIT SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2201","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.0.45) 9.exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"932cab0a92d683aec28555f6db0891dc","hashSHA1":"d565d43e78d914af47e761cc4861d1f9e7b0d56d","hashSHA256":"cf371140cdf45eac34e1b762e008ceb2795de26e70306fa1ca3973c6bee58a0e","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2202","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.3.0).exe","isInstaller":"True","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"8d6e0d15c08017ad4b9f1c6fd99baf00","hashSHA1":"97b3d44d5dbda5a5dc2f1362a8424ac30e044170","hashSHA256":"61d2b0c6e2341b78674df7245baad6e33c69ede98e203ee68a157229bd26ed01","digitalCertThumbprint":"A6E6ACC0A8C89EFE75F82E0BCD499F09202E914A","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, O=INTELLECT SOFTWARES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2203","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":["COMODO Antivirus (20200102)"]},{"isRevoked":"False","fileName":"upcsetup (2.0.5.35).exe","isInstaller":"True","productVersion":"2.0.5.35","fileVersion":"2.0.5.35","hashMD5":"72151c20cac1aaf1937f2718a5e32a47","hashSHA1":"333e0fe5f093cd3d66a59e2b68c1ab1104c81a2f","hashSHA256":"37a4b4f7d65a98d2aa5e0b244327fea0888cbeb550ffccc4c690ac457790c8d7","digitalCertThumbprint":"551EFF56F0190706526646EB209119A0EF0D2A84","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC LOGICS, O=ADEQUATE PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2204","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","COMODO Antivirus (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.3.0) 2.exe","isInstaller":"True","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"863ad0643b55efdb866a6ef2e92c1146","hashSHA1":"5db400ead10ac190d21acd7e19580594a8f75564","hashSHA256":"f7b61676c885320b35d74fd37575259e976984e55179aa0c2464733f3b3710d0","digitalCertThumbprint":"56102EECB46C04443857F020286889C3037DDCF1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, O=SYSLOGIX SOFTWARES, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2205","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","COMODO Antivirus (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (2.0.5.35) 2.exe","isInstaller":"True","productVersion":"2.0.5.35","fileVersion":"2.0.5.35","hashMD5":"ab72e4a31fae69cb63b5b0783155f26e","hashSHA1":"e678abfeaf06df94a3a66d0ce13c5d6da2fa8ed8","hashSHA256":"05bce6bd1648dc38da36c6c9449106096ce45635581827e5ac03660c203d42d4","digitalCertThumbprint":"0A18076E87A037D7C1971F5EB62E96E624428BFF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, O=SOFTBITS PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2206","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":["COMODO Antivirus (20191128)"]},{"isRevoked":"False","fileName":"upcsetup (1.0.3.0) 3.exe","isInstaller":"True","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"9d67953a00dbf577a1c71ac554f94bb3","hashSHA1":"a8c8678b6135e26c19aef288ff65fd5ba55fdc04","hashSHA256":"77428f699b4a1df4dc5b1cbcab092fdfdc172720a744c3870ea33031eff2e589","digitalCertThumbprint":"A6E6ACC0A8C89EFE75F82E0BCD499F09202E914A","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, O=INTELLECT SOFTWARES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2207","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.3.0) 4.exe","isInstaller":"True","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"99eb63858553c1d123ed97abbbf238f9","hashSHA1":"bec542808c369652d08e63abe3ee4ba1415d94e6","hashSHA256":"640100bcdec17e8cb28e63fea380fbd56a42724abaf7ed6a2b89871f27beacaf","digitalCertThumbprint":"0A18076E87A037D7C1971F5EB62E96E624428BFF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, O=SOFTBITS PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2208","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (1.0.3.0) 5.exe","isInstaller":"True","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"876863660392bd3656575404b98b2ac0","hashSHA1":"b7d2a4b6d93c20c588f5471489a50453dc669468","hashSHA256":"68573407bea52536004640e8ccea9032ffac0d1e2f9b6586a02e5e39c57f8e5b","digitalCertThumbprint":"0A18076E87A037D7C1971F5EB62E96E624428BFF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, O=SOFTBITS PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2209","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)"],"avAllowList":["COMODO Antivirus (20191204)","Trend Micro Internet Security (20191204)","Windows Defender (20191204)"]},{"isRevoked":"False","fileName":"upcsetup (1.0.3.0) 6.exe","isInstaller":"True","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"b3884a092aa7ef33fd6e164df920c636","hashSHA1":"c5cd1eabd609236a8a15412a18d20253bd82312c","hashSHA256":"6e1a793e2edce70c871a43d1dd52dbd31e81841df95609df9a8b8c75a3686198","digitalCertThumbprint":"67195BD317D27B2BDB61771C3788EEBC5DF96ACC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRE SOFTWARES, O=ASPIRE SOFTWARES, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2210","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"upcsetup (2.0.5.35) 3.exe","isInstaller":"True","productVersion":"2.0.5.35","fileVersion":"2.0.5.35","hashMD5":"918db9624b8535bd43d5d822419cd1b4","hashSHA1":"4abcebeadfc39e99ccd2f446089c6c7098b766ac","hashSHA256":"752722d9358d312be7a42137602b66995d74af2cc39c2e65905f8de7ac002f7f","digitalCertThumbprint":"A6E6ACC0A8C89EFE75F82E0BCD499F09202E914A","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, O=INTELLECT SOFTWARES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2211","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"designed and tested with utmost care to keep your PCs running smooth\"","reference":"http://faster-pctool.best/","landingPage":"http://faster-pctool.best/","directDownloadingLink":"https://dl.faster-pctool.best/upc/srcbulid/faster-pctool_best/upcsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.faster-pctool.best/upc/srcbulid/faster-pctool_best/upcsetup.exe","sourceIndex":"2182"},{"howFound":"","reference":"","landingPage":"http://www.quickcleaner.club/","directDownloadingLink":"https://dl.quickcleaner.club/upc/srcbulid/quickcleaner_club/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2183"},{"howFound":"","reference":"","landingPage":"http://www.quickcleaner.best/","directDownloadingLink":"https://dl.quickcleaner.best/upc/srcbulid/quickcleaner_best/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2184"},{"howFound":"","reference":"","landingPage":"http://faster-systool.club/","directDownloadingLink":"https://dl.faster-systool.club/upc/srcbulid/faster-systool_club/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2185"},{"howFound":"","reference":"","landingPage":"http://fasterpctool.club/","directDownloadingLink":"https://dl.fasterpctool.club/upc/srcbulid/fasterpctool_club/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2186"},{"howFound":"","reference":"","landingPage":"http://www.quick-cleaner.best/","directDownloadingLink":"https://dl.quick-cleaner.best/upc/srcbulid/quick-cleaner_best/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2187"},{"howFound":"","reference":"","landingPage":"http://www.onlinepctools.win/","directDownloadingLink":"https://dl.onlinepctools.win/upc/srcbulid/onlinepctools_win/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2188"},{"howFound":"","reference":"","landingPage":"http://www.pconlinecleanup.best/","directDownloadingLink":"https://dl.pconlinecleanup.best/upc/srcbulid/pconlinecleanup_best/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2189"},{"howFound":"","reference":"","landingPage":"http://www.pconlinecleanup.club/","directDownloadingLink":"https://dl.pconlinecleanup.club/upc/srcbulid/pconlinecleanup_club/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2190"},{"howFound":"","reference":"","landingPage":"http://www.onlinepctools.best/","directDownloadingLink":"https://dl.onlinepctools.best/upc/srcbulid/onlinepctools_best/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2191"},{"howFound":"","reference":"","landingPage":"http://www.onlinepctools.club/","directDownloadingLink":"https://dl.onlinepctools.club/upc/srcbulid/onlinepctools_club/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2192"},{"howFound":"","reference":"","landingPage":"http://www.smartcleanup.club/","directDownloadingLink":"https://dl.smartcleanup.club/upc/srcbulid/smartcleanup_club/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2193"},{"howFound":"","reference":"","landingPage":"http://www.smartcleanup.best/","directDownloadingLink":"https://dl.smartcleanup.best/upc/srcbulid/smartcleanup_best/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2194"},{"howFound":"","reference":"","landingPage":"http://www.smartcleaner.best/","directDownloadingLink":"https://dl.smartcleaner.best/upc/srcbulid/smartcleaner_best/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2195"},{"howFound":"","reference":"","landingPage":"http://advance-pctool.win/","directDownloadingLink":"https://dl.advance-pctool.win/upc/srcbulid/advance-pctool_win/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2196"},{"howFound":"","reference":"","landingPage":"http://www.onlinepctools.live/","directDownloadingLink":"https://dl.onlinepctools.live/upc/srcbulid/onlinepctools_live/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2197"},{"howFound":"","reference":"","landingPage":"http://onlinepctools.life/","directDownloadingLink":"https://dl.onlinepctools.life/upc/srcbulid/onlinepctools_life/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2198"},{"howFound":"","reference":"","landingPage":"http://www.smartbooster.club/","directDownloadingLink":"https://dl.smartbooster.club/upc/srcbulid/smartbooster_club/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2199"},{"howFound":"","reference":"","landingPage":"http://smartbooster.best/","directDownloadingLink":"https://dl.smartbooster.best/upc/srcbulid/smartbooster_best/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2200"},{"howFound":"","reference":"","landingPage":"http://onlinepc-tools.club/","directDownloadingLink":"https://dl.onlinepc-tools.club/upc/srcbulid/onlinepc-tools_club/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2201"},{"howFound":"","reference":"","landingPage":"http://onlinepc-tools.best/","directDownloadingLink":"https://dl.onlinepc-tools.best/upc/srcbulid/onlinepc-tools_best/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2202"},{"howFound":"","reference":"","landingPage":"http://www.windows-softinstallpc.win/","directDownloadingLink":"https://dl.windows-softinstallpc.win/upc/srcbulid/windows-softinstallpc_win/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2203"},{"howFound":"","reference":"","landingPage":"http://www.windows-softinstallpc.world/","directDownloadingLink":"https://dl.windows-softinstallpc.world/upc/srcbulid/windows-softinstallpc_world/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2204"},{"howFound":"","reference":"","landingPage":"http://www.fastersoft-windows.win/","directDownloadingLink":"https://dl.fastersoft-windows.win/upc/srcbulid/fastersoft-windows_win/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2205"},{"howFound":"","reference":"","landingPage":"http://windowscleanuppc.life/","directDownloadingLink":"https://dl.windowscleanuppc.life/upc/srcbulid/windowscleanuppc_life/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2206"},{"howFound":"","reference":"","landingPage":"http://www.windowsbooster.world/","directDownloadingLink":"https://dl.windowsbooster.world/upc/srcbulid/windowsbooster_world/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2207"},{"howFound":"","reference":"","landingPage":"http://www.windowsbooster.win/","directDownloadingLink":"https://dl.windowsbooster.win/upc/srcbulid/windowsbooster_win/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2208"},{"howFound":"","reference":"","landingPage":"http://onlinewindowstools.win/","directDownloadingLink":"https://dl.onlinewindowstools.win/upc/srcbulid/onlinewindowstools_win/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2209"},{"howFound":"","reference":"","landingPage":"https://windows-speedsoft.world/","directDownloadingLink":"https://dl.windows-speedsoft.world/upc/srcbulid/windows-speedsoft_world/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2210"},{"howFound":"","reference":"","landingPage":"http://windows-speedsoft.life/","directDownloadingLink":"https://dl.windows-speedsoft.life/upc/srcbulid/windows-speedsoft_life/upcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2211"}],"sampleFiles":["191107/UniversalPCCare-190906/1.0.0.0/Samples/pglc.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.0).exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.0) 2.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.0) 3.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.0) 4.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.0) 5.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45).exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup(1.0.0.45).exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45) 2.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.18).exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.18) 2.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45) 3.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45) 4.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45) 5.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.1.18).exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.1.18) 2.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.1.18) 3.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45) 6.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45) 7.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45) 8.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.0.45) 9.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.3.0).exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (2.0.5.35).exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.3.0) 2.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (2.0.5.35) 2.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.3.0) 3.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.3.0) 4.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.3.0) 5.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (1.0.3.0) 6.exe","191107/UniversalPCCare-190906/1.0.0.0/Samples/upcsetup (2.0.5.35) 3.exe"],"imageFiles":["191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-042/010.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-048/048.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-003/scan.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-003/main.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-003/048.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-004/scan.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-004/150.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-010/010.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-084/084.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-168/168.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-057/010.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-055/010.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-059/010.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-161/161.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-099/099.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-150/150.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-171/150.png","191107/UniversalPCCare-190906/1.0.0.0/Images/ACR-171/171.png"],"guid":"d9971627-e458-4de4-bc54-a6ecbbed4eca_1.0.0.0_1","appID":"UniversalPCCare-190906","dateAdded":"191107","deceptorType":"App","name":"Universal PC Care","company":"SYSCLEAN TECHNOLOGIES","version":"1.0.0.0","sigName":"Deceptor:Win32/UniversalPCCare!042048003004010084168057055059155","lastKnownStatus":"1.0.0.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T03:24:52.144112+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2003},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Advanced Driver Booster.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Advanced Driver Booster) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Advanced Driver Booster\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-002":"The app name is not consistent across in landing pages. It shows different names as \"Xbits Speedup Pro\" and \"Xtron Optimizer Pro\".\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"xspsetup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"57ee82f6eeafcd8e4326acf7424e3c7b","hashSHA1":"50c9e81e238bd9f416b8c4fa763af95217362f9b","hashSHA256":"b38a8b4e93de0e83a9db884fd727adcaf3c84066dfd2aa7aa6b47e4e4b3efea6","digitalCertThumbprint":"D1133C2CF75243B14DC0D2FBEA9F31E9EC4E83B6","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT INFO SERVICES, O=CONNECT INFO SERVICES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2225","avBlockList":["360 Total Security (20191202)","Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xspsetup (1.0.0.8).exe","isInstaller":"True","productVersion":"1.0.0.8","fileVersion":"1.0.0.8","hashMD5":"3b41795fd52233c5153d968bd57ced4e","hashSHA1":"6c3554fcabdaff021ae4d8bfc8bde31e9690f0a8","hashSHA256":"6cd77a7540bc1b13e36cdfca99570b53034eb07de2e54422637a7d78e815566c","digitalCertThumbprint":"D26C333D5FDE2FDD6A71A3A5448BB0496FD6CB6B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, O=SYSCLEAN TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2226","avBlockList":["360 Total Security (20191202)","Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xspsetup (1.0.0.8) 2.exe","isInstaller":"True","productVersion":"1.0.0.8","fileVersion":"1.0.0.8","hashMD5":"416d7fdc47d4db1df3c5bffe8112f8ab","hashSHA1":"67ae32b2d04881ba74e4a18c757e1c9d2474bf41","hashSHA256":"49880e3219ea21ad8a7d087b547f7f77cfb95d7fd29c970e131683ed01a7bb9f","digitalCertThumbprint":"CA6477FBE19734CC55AB2CEFD4B20B792483DBD7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2227","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xspsetup(1.0.0.100).exe","isInstaller":"True","productName":"Xbits Speedup Pro","productVersion":"1.0.0.100","fileVersion":"1.0.0.100","hashMD5":"99e34df196c0ea873614bad9861a1c45","hashSHA1":"be59179b7e58dc5729fe55b2235178bdd79f8efd","hashSHA256":"49c4bf462c2d7e6dfb29d4c3dee9fea8796586428e0b67494a19b089c0deb060","digitalCertThumbprint":"87FD5EBDB0D4A78E044DF5570E72BDC1FE3656B7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RANOTECH SOFTWARES, OU=IT, O=RANOTECH SOFTWARES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2228","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":["COMODO Antivirus (20191204)"]},{"isRevoked":"False","fileName":"xspsetup (1.0.1.50).exe","isInstaller":"True","productVersion":"1.0.1.50","fileVersion":"1.0.1.50","hashMD5":"6fefea173caa6faed69ab4a1675e37f6","hashSHA1":"bc06d81082d5ddea8684469fb08dc8e2087c5b5a","hashSHA256":"da777dba3f38cf54fc3d84fa6629f34178dac51703a5ad9cf0f62f86a50c95a1","digitalCertThumbprint":"4801BCA3B8A705FA74DBECB08FF311C82FCC44D1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGICS, OU=IT, O=INFOSOFT LOGICS, POBox=303802, STREET=\"291, \tJyoti Furniture, Dholi Mandi, Chomu\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2229","avBlockList":["360 Total Security (20191209)","Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Quick Heal Internet Security (20191209)","Sophos Home Premium (20191209)","Tencent PC Manager (20191209)","Trend Micro Internet Security (20191209)","VIPRE Advanced Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xspsetup (1.0.1.50) 2.exe","isInstaller":"True","productVersion":"1.0.1.50","fileVersion":"1.0.1.50","hashMD5":"b31e2048515afcb0fab09c9033a11d7b","hashSHA1":"5718f64d199291f4b3589a6615f7013abe4c580b","hashSHA256":"3937186e943c8bb8bcc7d8b68162febbebd3c14c31e8c1ac128358a5aba0d7de","digitalCertThumbprint":"100A8EC4EE5F4DD4671C7D63B3E9B935EE0C89E8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, O=QBIT SOFTWARE SERVICES, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2230","avBlockList":["360 Total Security (20191028)","Avast Internet Security (20191028)","AVG Internet Security (20191028)","Avira Internet Security (20191028)","Bitdefender Internet Security (20191028)","COMODO Antivirus (20191028)","Dr.Web Security Space (20191028)","ESET Internet Security (20191028)","G DATA INTERNET SECURITY (20191028)","K7 Total Security (20191028)","Kaspersky Internet Security (20191028)","Malwarebytes Premium (20191028)","McAfee Total Protection (20191028)","Norton Security (20191028)","Panda Dome (20191028)","Quick Heal Internet Security (20191028)","Sophos Home Premium (20191028)","Tencent PC Manager (20191028)","Trend Micro Internet Security (20191028)","VIPRE Advanced Security (20191028)","VirIT eXplorer PRO (20191028)","Webroot SecureAnywhere (20191028)","Windows Defender (20191028)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xspsetup (1.0.1.50) 3.exe","isInstaller":"True","productVersion":"1.0.1.50","fileVersion":"1.0.1.50","hashMD5":"916fe68745189ef5b879050e39b8b351","hashSHA1":"86bf21bd3080444352afd95dd91df77c446da8c2","hashSHA256":"25f40b413a1ed81fbbe4b2278d2104787a3d528165c48665ee28bd1b813268d6","digitalCertThumbprint":"87FD5EBDB0D4A78E044DF5570E72BDC1FE3656B7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RANOTECH SOFTWARES, OU=IT, O=RANOTECH SOFTWARES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2231","avBlockList":["360 Total Security (20191028)","Avast Internet Security (20191028)","AVG Internet Security (20191028)","Avira Internet Security (20191028)","Bitdefender Internet Security (20191028)","COMODO Antivirus (20191028)","Dr.Web Security Space (20191028)","ESET Internet Security (20191028)","G DATA INTERNET SECURITY (20191028)","K7 Total Security (20191028)","Kaspersky Internet Security (20191028)","Malwarebytes Premium (20191028)","McAfee Total Protection (20191028)","Norton Security (20191028)","Panda Dome (20191028)","Quick Heal Internet Security (20191028)","Sophos Home Premium (20191028)","Tencent PC Manager (20191028)","Trend Micro Internet Security (20191028)","VIPRE Advanced Security (20191028)","VirIT eXplorer PRO (20191028)","Webroot SecureAnywhere (20191028)","Windows Defender (20191028)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xspsetup (1.0.1.200).exe","isInstaller":"True","productVersion":"1.0.1.200","fileVersion":"1.0.1.200","hashMD5":"a6922adf4df6011af6678f9d29300e8d","hashSHA1":"6ae2286fbff33ceb40a35ba257d4110d2b9d292e","hashSHA256":"9f45a2f123baeb50b5ecc3f6e3c3b645a41dc6f06843bb7c21cd66d4cde5d7cb","digitalCertThumbprint":"A37A23EEC118CF1C745AA12ADB6AAB5ADBDE24DE","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTlONS, O=TECHNOSOFT SOLUTlONS, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2232","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xspsetup (1.0.1.200) 2.exe","isInstaller":"True","productVersion":"1.0.1.200","fileVersion":"1.0.1.200","hashMD5":"f16fd891443e0e0a9f8d698e7941dd0b","hashSHA1":"0c4e6f3ca2954c6af68c876988f706b92ff34c5e","hashSHA256":"b4dcb9f08cf715fc5e4268073adbb829bf0502ec671a912b604538ca3cc407d8","digitalCertThumbprint":"A37A23EEC118CF1C745AA12ADB6AAB5ADBDE24DE","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTlONS, O=TECHNOSOFT SOLUTlONS, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2233","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xspsetup (1.0.0.100).exe","isInstaller":"True","productVersion":"1.0.0.100","fileVersion":"1.0.0.100","hashMD5":"0251eeaa74944f7423487fd1596ff515","hashSHA1":"f9f80452edbf871a1b111657bdfdcd1e1066a9a7","hashSHA256":"0dbf45fc009084946379d4737680d1584521a75276e4f0c4e05e130df45e3bad","digitalCertThumbprint":"4801BCA3B8A705FA74DBECB08FF311C82FCC44D1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGICS, OU=IT, O=INFOSOFT LOGICS, POBox=303802, STREET=\"291, \tJyoti Furniture, Dholi Mandi, Chomu\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2234","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","COMODO Antivirus (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)"],"avAllowList":["Windows Defender (20200102)"]},{"isRevoked":"False","fileName":"xspsetup (1.0.0.100) 2.exe","isInstaller":"True","productVersion":"1.0.0.100","fileVersion":"1.0.0.100","hashMD5":"8e1f4667e97e7fdfb5c2c3e0214a78c5","hashSHA1":"ea8b1fd4655a67c6377abc42ddbc2b285a2f006c","hashSHA256":"5f966215810318199f01545cc4ce5b10953c0c8a0e8140cc43d07011e623e08d","digitalCertThumbprint":"100A8EC4EE5F4DD4671C7D63B3E9B935EE0C89E8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, O=QBIT SOFTWARE SERVICES, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2235","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":["COMODO Antivirus (20200102)"]},{"isRevoked":"False","fileName":"xspsetup (1.0.1.200) 3.exe","isInstaller":"True","productVersion":"1.0.1.200","fileVersion":"1.0.1.200","hashMD5":"1bbff76c829690a12855376cd374d1a4","hashSHA1":"3f4e108657d1c82ef24e443740e770118660cc5c","hashSHA256":"481d85d46a48c29565269d45ab227b4152eee7cb2d5f925625a52ee34b09c5da","digitalCertThumbprint":"8B8618A227240B027061D2F359D96CEA55C06224","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CLOVER PC UTlLlTlES, O=CLOVER PC UTlLlTlES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2236","avBlockList":["360 Total Security (20191125)","Avast Internet Security (20191125)","AVG Internet Security (20191125)","Avira Internet Security (20191125)","Bitdefender Internet Security (20191125)","COMODO Antivirus (20191125)","Dr.Web Security Space (20191125)","ESET Internet Security (20191125)","G DATA INTERNET SECURITY (20191125)","K7 Total Security (20191125)","Kaspersky Internet Security (20191125)","Malwarebytes Premium (20191125)","McAfee Total Protection (20191125)","Norton Security (20191125)","Panda Dome (20191125)","Quick Heal Internet Security (20191125)","Sophos Home Premium (20191125)","Tencent PC Manager (20191125)","Trend Micro Internet Security (20191125)","VIPRE Advanced Security (20191125)","VirIT eXplorer PRO (20191125)","Webroot SecureAnywhere (20191125)","Windows Defender (20191125)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"syscarestore.com\"","reference":"https://www.syscarestore.com/xsp/price","landingPage":"http://www.fast-systool.club/","directDownloadingLink":"https://dl.fast-systool.club/xsp/srcbulid/fast-systool_club/xspsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.fast-systool.club/xsp/srcbulid/fast-systool_club/xspsetup.exe","sourceIndex":"2225"},{"howFound":"","reference":"","landingPage":"http://www.smartpc.best/","directDownloadingLink":"https://dl.smartpc.best/xsp/srcbulid/smartpc_best/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2226"},{"howFound":"","reference":"","landingPage":"http://systemspeedup.club/","directDownloadingLink":"https://dl.systemspeedup.club/xsp/srcbulid/systemspeedup_club/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2227"},{"howFound":"","reference":"Xbits Speedup Pro","landingPage":"http://www.onlinepctools.world/","directDownloadingLink":"https://dl.onlinepctools.world/xsp/srcbulid/onlinepctools_world/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2228"},{"howFound":"","reference":"","landingPage":"http://advance-pctool.world/","directDownloadingLink":"https://dl.advance-pctool.world/xsp/srcbulid/advance-pctool_world/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2229"},{"howFound":"","reference":"","landingPage":"http://advance-pctool.today/","directDownloadingLink":"https://dl.advance-pctool.today/xsp/srcbulid/advance-pctool_today/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2230"},{"howFound":"","reference":"","landingPage":"http://advance-pctool.live/","directDownloadingLink":"https://dl.advance-pctool.live/xsp/srcbulid/advance-pctool_live/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2231"},{"howFound":"","reference":"","landingPage":"http://app-cleanup.club/","directDownloadingLink":"https://dl.app-cleanup.club/xsp/srcbulid/app-cleanup_club/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2232"},{"howFound":"","reference":"","landingPage":"http://app-cleanup.life/","directDownloadingLink":"https://dl.app-cleanup.life/xsp/srcbulid/app-cleanup_life/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2233"},{"howFound":"","reference":"","landingPage":"http://www.super-cleaner.live/","directDownloadingLink":"https://dl.super-cleaner.live/xsp/srcbulid/super-cleaner_live/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2234"},{"howFound":"","reference":"","landingPage":"http://instant-cleaner.live/","directDownloadingLink":"https://dl.instant-cleaner.live/xsp/srcbulid/instant-cleaner_live/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2235"},{"howFound":"","reference":"","landingPage":"http://app-cleanup.download/","directDownloadingLink":"https://dl.app-cleanup.download/xsp/srcbulid/app-cleanup_download/xspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2236"}],"sampleFiles":["191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup.exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.0.8).exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.0.8) 2.exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup(1.0.0.100).exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.1.50).exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.1.50) 2.exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.1.50) 3.exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.1.200).exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.1.200) 2.exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.0.100).exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.0.100) 2.exe","191106/XbitsSpeedupPro-190829/1.0.0.0/Samples/xspsetup (1.0.1.200) 3.exe"],"imageFiles":["191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-042/010.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-048/048.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-003/scan.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-003/main.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-003/048.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-004/scan.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-004/buy.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-010/010.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-084/084.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-057/010.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-055/010.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-059/010.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-161/161.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-099/099.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-150/buy.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-171/buy.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-171/171.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-002/buy.png","191106/XbitsSpeedupPro-190829/1.0.0.0/Images/ACR-002/171.png"],"guid":"48f2bcf7-5d5a-46f8-b5ee-b8ffb4339a44_1.0.0.0_1","appID":"XbitsSpeedupPro-190829","dateAdded":"191106","deceptorType":"App","name":"Xbits Speedup Pro","company":"CONNECT INFO SERVICES","version":"1.0.0.0","sigName":"Deceptor:Win32/XbitsSpeedupPro!042048003004010084057055059155","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T03:23:44.2480231+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2005},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Advanced Driver Booster.\n","ACR-003":"App exaggerates the state of system health with alarming colors and gauges for non-alarming categories. The application exaggerates registry entries, system files and junk files as being HIGH/MEDIUM issue and having severe system impact, claims system in POOR performance thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Advanced Driver Booster) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Advanced Driver Booster\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-150":"The app displays five star awards from Tucows, CNET, Top Reviews and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Complete System Care for DESKTOP-8QAR3KI\\cpcpro.exe","productName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"fc93ce8a67d47979a5c6713999505ef6","hashSHA1":"bd944dfd37b05db53e095f9a09d6e1ff89c0f8ce","hashSHA256":"bd4cb12da80d2634016bb1d52d338f7cb6a33cb730814a17907fc9f6ac7334bc","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","sourceIndex":"2620","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup.exe","isInstaller":"True","companyName":"Complete System Care","productName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"8a0fb14f448a7d319eaf2b0ef7bd8280","hashSHA1":"dced41bf091937e4ea149086804052a2391b4401","hashSHA256":"c9c0a062baf498c228fd22d33143b8bce0f0311d735b6cbb47bccc7153923c0c","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","sourceIndex":"2620","avBlockList":["360 Total Security (20191216)","Avast Internet Security (20191216)","AVG Internet Security (20191216)","Avira Internet Security (20191216)","Bitdefender Internet Security (20191216)","COMODO Antivirus (20191216)","Dr.Web Security Space (20191216)","ESET Internet Security (20191216)","G DATA INTERNET SECURITY (20191216)","K7 Total Security (20191216)","Kaspersky Internet Security (20191216)","Malwarebytes Premium (20191216)","McAfee Total Protection (20191216)","Norton Security (20191216)","Panda Dome (20191216)","Quick Heal Internet Security (20191216)","Sophos Home Premium (20191216)","Tencent PC Manager (20191216)","Trend Micro Internet Security (20191216)","VIPRE Advanced Security (20191216)","VirIT eXplorer PRO (20191216)","Webroot SecureAnywhere (20191216)","Windows Defender (20191216)"],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 2.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3d8f99b9e48c1484148db98be201124c","hashSHA1":"c7a1635fd3b0cbcb8f615ca4cb7b1f0c6938481f","hashSHA256":"6d3571fa006dd83b286683b48b5483c7918e405ece8f4666f55ce37be07fe3d4","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, O=NETCOM PC LOGICS, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2621","avBlockList":["360 Total Security (20191216)","Avast Internet Security (20191216)","AVG Internet Security (20191216)","Avira Internet Security (20191216)","Bitdefender Internet Security (20191216)","COMODO Antivirus (20191216)","Dr.Web Security Space (20191216)","ESET Internet Security (20191216)","G DATA INTERNET SECURITY (20191216)","K7 Total Security (20191216)","Kaspersky Internet Security (20191216)","Malwarebytes Premium (20191216)","McAfee Total Protection (20191216)","Norton Security (20191216)","Panda Dome (20191216)","Quick Heal Internet Security (20191216)","Sophos Home Premium (20191216)","Tencent PC Manager (20191216)","Trend Micro Internet Security (20191216)","VIPRE Advanced Security (20191216)","VirIT eXplorer PRO (20191216)","Webroot SecureAnywhere (20191216)","Windows Defender (20191216)"],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 3.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"8724cb2b092b76643f01949de550f873","hashSHA1":"5fae6373dac432e37563fb971959a8819f197087","hashSHA256":"ce28c44cd64e751a9fa5e0f5638af76d5bd97793e01f47d2787a1e49d9501d24","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, O=NETCOM PC LOGICS, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2622","avBlockList":["360 Total Security (20191202)","Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 4.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"05529392bd37573a08baaedc275d8c51","hashSHA1":"74cf61cdce4c4d165028feb1f455170c92362975","hashSHA256":"3f4e0d5004718de97c9c7855bca496a44bb315f061d5e7a7f7fbce5ac518c849","digitalCertThumbprint":"38D2B10FC52D7C70912E112CA1322B0A801D1BC9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=XPERTMINDS SOFTWARES, O=XPERTMINDS SOFTWARES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2623","avBlockList":["360 Total Security (20191114)","Avast Internet Security (20191114)","AVG Internet Security (20191114)","Avira Internet Security (20191114)","Bitdefender Internet Security (20191114)","COMODO Antivirus (20191114)","Dr.Web Security Space (20191114)","ESET Internet Security (20191114)","G DATA INTERNET SECURITY (20191114)","K7 Total Security (20191114)","Kaspersky Internet Security (20191114)","Malwarebytes Premium (20191114)","McAfee Total Protection (20191114)","Norton Security (20191114)","Panda Dome (20191114)","Quick Heal Internet Security (20191114)","Sophos Home Premium (20191114)","Tencent PC Manager (20191114)","Trend Micro Internet Security (20191114)","VIPRE Advanced Security (20191114)","VirIT eXplorer PRO (20191114)","Webroot SecureAnywhere (20191114)","Windows Defender (20191114)"],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 5.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"393af205ff86ec177a0f44700739dee9","hashSHA1":"ae348b1f7c97555c5253ba3d7a7623bd51001956","hashSHA256":"ba9d3ec94c9606ecd18b8387a983b17850453f2d8e84cbececd4e67a95a1bd66","digitalCertThumbprint":"551EFF56F0190706526646EB209119A0EF0D2A84","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC LOGICS, O=ADEQUATE PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2624","avBlockList":["360 Total Security (20191114)","Avast Internet Security (20191114)","AVG Internet Security (20191114)","Avira Internet Security (20191114)","Bitdefender Internet Security (20191114)","COMODO Antivirus (20191114)","Dr.Web Security Space (20191114)","ESET Internet Security (20191114)","G DATA INTERNET SECURITY (20191114)","K7 Total Security (20191114)","Kaspersky Internet Security (20191114)","Malwarebytes Premium (20191114)","McAfee Total Protection (20191114)","Norton Security (20191114)","Panda Dome (20191114)","Quick Heal Internet Security (20191114)","Sophos Home Premium (20191114)","Tencent PC Manager (20191114)","Trend Micro Internet Security (20191114)","VIPRE Advanced Security (20191114)","VirIT eXplorer PRO (20191114)","Webroot SecureAnywhere (20191114)","Windows Defender (20191114)"],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 6.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"16665db320cee9314a56bc5d50750a4c","hashSHA1":"4ad22950d7bb9fa8f887d8354c410e7a48f968ba","hashSHA256":"031410efa006871cff64c1b66747c2de9e14fe19bd6abd822f1a4f4e751fe3a1","digitalCertThumbprint":"551EFF56F0190706526646EB209119A0EF0D2A84","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC LOGICS, O=ADEQUATE PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2625","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 7.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"63acf712aa2ed21a5351446a12ce918b","hashSHA1":"025fb68d2dc853fc2898a55c0a33ceaece0fdc38","hashSHA256":"82ae6167dd7e588897660751214cacc2c60e118068260d565e7ca143d9730c27","digitalCertThumbprint":"38D2B10FC52D7C70912E112CA1322B0A801D1BC9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=XPERTMINDS SOFTWARES, O=XPERTMINDS SOFTWARES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2626","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 8.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"894046cf1ab859704a7dcd898388c317","hashSHA1":"bac4cd0d9760963e00521adaec8a43ff8606e7e9","hashSHA256":"ee40ceedb354bd854a9e09b8ad19f867321717bbb48ccf6ebfa39836997626a9","digitalCertThumbprint":"38D2B10FC52D7C70912E112CA1322B0A801D1BC9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=XPERTMINDS SOFTWARES, O=XPERTMINDS SOFTWARES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2627","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 9.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4c2d3d50ac354c14eb8f0d2fd475f520","hashSHA1":"b2771d531f15bb685a1b2ec197f9c17f071c8961","hashSHA256":"e679fb37e7935869c6e56cf5189d04f866d39d916a4c51057a6f2cdc79fda2ce","digitalCertThumbprint":"551EFF56F0190706526646EB209119A0EF0D2A84","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC LOGICS, O=ADEQUATE PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2628","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 10.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"16299cef1c2c10a8d8e2c02c258400cc","hashSHA1":"a27d575e221c79091ef43f5fc5fbffea8d5a4913","hashSHA256":"4df486c55836cace423b7678142949b9e3de70e62ee1ff9e8f02ef0e1fe9ee3b","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, O=NETCOM PC LOGICS, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2629","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 11.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"f11c6261fd8bc5fd8e51e296a6204390","hashSHA1":"cacdc2a56c4f4eef13111ae7edda3d566a66b75c","hashSHA256":"174f2b7385c5ecfaef97f05ac4330f3a9f809265da34190738effa2c6ca1df22","digitalCertThumbprint":"0E9DB986B352458938413A6E4F97E003872658B9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUANTUM TECHNOLOGIES, O=QUANTUM TECHNOLOGIES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2630","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 12.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"e74c6ee02edeaa965877af60e7b47bd0","hashSHA1":"47d5eabd653eb65ee5cf7359a61e662b3e2b23dc","hashSHA256":"544d9b56d4de02abc083b2ac2b770d651c773343f0a573d1706cae7d0159ace9","digitalCertThumbprint":"0E9DB986B352458938413A6E4F97E003872658B9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUANTUM TECHNOLOGIES, O=QUANTUM TECHNOLOGIES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2631","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 13.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1c4523cd8baccb6f585408492d10249d","hashSHA1":"3686a9c5bf2105517287a707a9a41d3375e1c2b8","hashSHA256":"f527649065f1572a13788d51e09e0ccc730b8e680272e934cfa1357e0bd7f27d","digitalCertThumbprint":"38D2B10FC52D7C70912E112CA1322B0A801D1BC9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=XPERTMINDS SOFTWARES, O=XPERTMINDS SOFTWARES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2632","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 14.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"0d282fcdd28c095e8ac1be3b5192e5d0","hashSHA1":"2d5bfd19e8d2436c70410ee30320e762f64d5318","hashSHA256":"4be8f24dbb17bb4ad7846be5a5271b02ba858965e5e6117c501a8a9a724aba28","digitalCertThumbprint":"56102EECB46C04443857F020286889C3037DDCF1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, O=SYSLOGIX SOFTWARES, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2633","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 15.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a96aac97e50722c6543e5cebec43dbc5","hashSHA1":"4752e5fb5032fb936235b2951ed6fcc8a38de9e8","hashSHA256":"8396d2e1ad2d4bd364c3b53e106271e57e484aef02696d732af46327e7bee7ac","digitalCertThumbprint":"56102EECB46C04443857F020286889C3037DDCF1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, O=SYSLOGIX SOFTWARES, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2634","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 16.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"9e30be9d4df939d1270e16fd194f06e5","hashSHA1":"8d1dcb8d5aa802bb21912bb57b1a5df20c5797a8","hashSHA256":"68544a07d3fc056bcc621a1c6072cde864a6f743ae57b880419ade02f312a50d","digitalCertThumbprint":"0E9DB986B352458938413A6E4F97E003872658B9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUANTUM TECHNOLOGIES, O=QUANTUM TECHNOLOGIES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2635","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.0) 17.exe","isInstaller":"True","companyName":"Complete System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"31c95d940d02a57149d2ebc51d7c7b7b","hashSHA1":"d0a533cc4e69b15a63c0fc0453582d56856326cb","hashSHA256":"494ee5dd394af260437d0b5b77e7b7b62f10efd34117d2bbc8a443477719dbff","digitalCertThumbprint":"0E9DB986B352458938413A6E4F97E003872658B9","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUANTUM TECHNOLOGIES, O=QUANTUM TECHNOLOGIES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2636","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cscsetup (1.0.0.1).exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"9439702ac2d394467321bdc40424d768","hashSHA1":"3b768d2d4fac245d4ea36e120271f6af0296fca1","hashSHA256":"fe9c5a8213f2fd52939fbf3154f3d9d4844826b03d23e9957dc442410cc083e3","digitalCertThumbprint":"0A18076E87A037D7C1971F5EB62E96E624428BFF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, O=SOFTBITS PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2637","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","COMODO Antivirus (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":["Tencent PC Manager (20200102)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"PCs running smooth, fast and error free\"","reference":"http://advance-booster.win/","landingPage":"http://advance-booster.win/","directDownloadingLink":"https://dl.advance-booster.win/csc/srcbulid/advance-booster_win/cscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.advance-booster.win/csc/srcbulid/advance-booster_win/cscsetup.exe","sourceIndex":"2620"},{"howFound":"","reference":"","landingPage":"http://advance-booster.today/","directDownloadingLink":"https://dl.advance-booster.today/csc/srcbulid/advance-booster_today/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2621"},{"howFound":"","reference":"","landingPage":"http://advance-booster.world/","directDownloadingLink":"https://dl.advance-booster.world/csc/srcbulid/advance-booster_world/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2622"},{"howFound":"","reference":"","landingPage":"http://advance-system.today/","directDownloadingLink":"https://dl.advance-system.today/csc/srcbulid/advance-system_today/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2623"},{"howFound":"","reference":"","landingPage":"http://advance-system.life/","directDownloadingLink":"https://dl.advance-system.life/csc/srcbulid/advance-system_life/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2624"},{"howFound":"","reference":"","landingPage":"http://advance-system.club/","directDownloadingLink":"https://dl.advance-system.club/csc/srcbulid/advance-system_club/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2625"},{"howFound":"","reference":"","landingPage":"http://advance-system.win/","directDownloadingLink":"https://dl.advance-system.win/csc/srcbulid/advance-system_win/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2626"},{"howFound":"","reference":"","landingPage":"http://advance-system.world/","directDownloadingLink":"https://dl.advance-system.world/csc/srcbulid/advance-system_world/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2627"},{"howFound":"","reference":"","landingPage":"http://advance-system.live/","directDownloadingLink":"https://dl.advance-system.live/csc/srcbulid/advance-system_live/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2628"},{"howFound":"","reference":"","landingPage":"http://advance-system.best/","directDownloadingLink":"https://dl.advance-system.best/csc/srcbulid/advance-system_best/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2629"},{"howFound":"","reference":"","landingPage":"http://advance-pctool.best/","directDownloadingLink":"https://dl.advance-pctool.best/csc/srcbulid/advance-pctool_best/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2630"},{"howFound":"","reference":"","landingPage":"http://advance-pctools.today/","directDownloadingLink":"https://dl.advance-pctools.today/csc/srcbulid/advance-pctools_today/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2631"},{"howFound":"","reference":"","landingPage":"http://advance-pctools.best/","directDownloadingLink":"https://dl.advance-pctools.best/csc/srcbulid/advance-pctools_best/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2632"},{"howFound":"","reference":"","landingPage":"http://advance-pctools.live/","directDownloadingLink":"https://dl.advance-pctools.live/csc/srcbulid/advance-pctools_live/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2633"},{"howFound":"","reference":"","landingPage":"http://advance-pctools.life/","directDownloadingLink":"https://dl.advance-pctools.life/csc/srcbulid/advance-pctools_life/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2634"},{"howFound":"","reference":"","landingPage":"http://advance-pctools.world/","directDownloadingLink":"https://dl.advance-pctools.world/csc/srcbulid/advance-pctools_world/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2635"},{"howFound":"","reference":"","landingPage":"http://advance-pctools.win/","directDownloadingLink":"https://dl.advance-pctools.win/csc/srcbulid/advance-pctools_win/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2636"},{"howFound":"","reference":"","landingPage":"http://advance-system.download/","directDownloadingLink":"https://dl.advance-system.download/csc/srcbld/advance-system_download/cscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2637"}],"sampleFiles":["191106/CompleteSystemCare-191014/1.0.0.0/Samples/cpcpro.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 2.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 3.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 4.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 5.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 6.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 7.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 8.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 9.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 10.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 11.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 12.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 13.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 14.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 15.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 16.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.0) 17.exe","191106/CompleteSystemCare-191014/1.0.0.0/Samples/cscsetup (1.0.0.1).exe"],"imageFiles":["191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-042/010.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-003/main.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-003/scan.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-003/junk_cleaner.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-004/main.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-004/scan.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-004/junk_cleaner.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-004/150.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-010/010.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-084/084.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-057/010.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-055/010.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-059/010.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-161/161.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-150/150.png","191106/CompleteSystemCare-191014/1.0.0.0/Images/ACR-171/171.png"],"guid":"ba14648f-0ab7-4e42-8d6e-bcd3cc4a593b_1.0.0.0_1","appID":"CompleteSystemCare-191014","dateAdded":"191106","deceptorType":"App","name":"Complete System Care","company":"NETCOM PC LOGICS","version":"1.0.0.0","sigName":"Deceptor:Win32/CompleteSystemCare!042003004010084057055059155","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2007},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"epizyHost.exe\" or \"sihosts.exe\".\n","ACR-004":"When trying to fix the registry issues found during the free scan, the app hangs and cannot perform any other option only to close the app.\n","ACR-010":"The app installs a malware file name \"epizyHost.exe\" or \"sihosts.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and fix registry issues, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\n","ACR-002":"The app name is not consistent across in landing pages. It shows different names  as \"Webmoka Pc Cleaner\", \"Webmoka Pc Cleaner 2018\", \"Pcregcleaner\" and \"Microsoft Cleanup\".\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app's landing page displays Lifehack, Engadget, Entrepreneur, The Huffington Post and TNW endorsements that are unable to be verified.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"WRCFree.exe","isInstaller":"True","companyName":"Webmoka LLC","productName":"Webmoka Pc Cleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"5be9404826359ea540c8a65e28539193","hashSHA1":"3c3fdfbe0a1e4c68eae2c30a2d9a37cbdac7d25c","hashSHA256":"15a419c79fc97031a59001c99bc598cd143b0c7afd3bb745abf901bc30563f51","sourceIndex":"2610","avBlockList":["360 Total Security (20191114)","Avast Internet Security (20191114)","AVG Internet Security (20191114)","Avira Internet Security (20191114)","Bitdefender Internet Security (20191114)","COMODO Antivirus (20191114)","Dr.Web Security Space (20191114)","ESET Internet Security (20191114)","G DATA INTERNET SECURITY (20191114)","K7 Total Security (20191114)","Kaspersky Internet Security (20191114)","Malwarebytes Premium (20191114)","McAfee Total Protection (20191114)","Norton Security (20191114)","Panda Dome (20191114)","Quick Heal Internet Security (20191114)","Sophos Home Premium (20191114)","Tencent PC Manager (20191114)","Trend Micro Internet Security (20191114)","VIPRE Advanced Security (20191114)","VirIT eXplorer PRO (20191114)","Webroot SecureAnywhere (20191114)","Windows Defender (20191114)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Webmoka LLC\\Webmoka Cleaner\\Webmoka.exe","companyName":"Webmoka","fileVersion":"8.5","hashMD5":"93428ec24a1730559b0c9bc8b7836dcd","hashSHA1":"f3b52e3a9a223281cd4fcf4f048dc18e5032b397","hashSHA256":"5d1876229dcc62b8474ad43f4b60326621291b326395e54ca266534ae3d25480","sourceIndex":"2610","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Microsoft Cleaner\\Microsoft Cleaner\\MicrosoftCleanup.exe","companyName":"MicrosoftCleanup","fileVersion":"8.5","hashMD5":"b95ea5d294dde4d82b67ff71c808615e","hashSHA1":"6a059b17e00e8266ad3ac9ac35df19a21d41d937","hashSHA256":"e47e7608aaf649817700816bce770ed6d2b8d814fb25741c9234fdd5b4f1512f","sourceIndex":"2611","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Microsoft Cleaner\\Microsoft Cleaner\\background\\sihosts.exe","companyName":"Microsoft","fileVersion":"5.1","hashMD5":"78071ad40bdcac5ef770e345ab9545bc","hashSHA1":"8b0901e3ba4c924a8a4240bc6033f3adfb52ec14","hashSHA256":"92025b5b1983f93d8904ef9ba71a051dd381ac60f2e9046e035aad47920a86d2","sourceIndex":"2611","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WRCFree (1).exe","isInstaller":"True","companyName":"Microsoft Cleaner","productName":"Microsoft Cleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1cf1c0fce12453821b149bec9905c5d9","hashSHA1":"645acb1e5cb6698fb091862439755b6a053ad0aa","hashSHA256":"ae4d81a075ecf63b269669dd0e3509c2acf9fdaf1bc1a7d2e767cb64f40ddc69","sourceIndex":"2611","avBlockList":["360 Total Security (20191028)","Avast Internet Security (20191028)","AVG Internet Security (20191028)","Avira Internet Security (20191028)","Bitdefender Internet Security (20191028)","COMODO Antivirus (20191028)","ESET Internet Security (20191028)","G DATA INTERNET SECURITY (20191028)","K7 Total Security (20191028)","Kaspersky Internet Security (20191028)","Malwarebytes Premium (20191028)","McAfee Total Protection (20191028)","Norton Security (20191028)","Panda Dome (20191028)","Quick Heal Internet Security (20191028)","Sophos Home Premium (20191028)","Tencent PC Manager (20191028)","Trend Micro Internet Security (20191028)","VIPRE Advanced Security (20191028)","VirIT eXplorer PRO (20191028)","Webroot SecureAnywhere (20191028)","Windows Defender (20191028)"],"avAllowList":["Dr.Web Security Space (20191028)"]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Registrydoc LLC\\Registrydoc\\RegistryDoc.exe","companyName":"RegistryDoc","fileVersion":"8.5","hashMD5":"2f9efd350ec6fe2780d47eed51c98d1f","hashSHA1":"519dcf04b640e84425f2284eeadff54fadb91555","hashSHA256":"67497509aadedc89a2e32c6eed5d31a2bed606638a6f490b2a492bed686c942b","sourceIndex":"2612","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WRCFree (2).exe","isInstaller":"True","companyName":"Registrydoc LLC","productName":"RegistryDoc","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c1bd7065338236f21c3d5af1f5b40b6f","hashSHA1":"62eb3df44d6271e24d33ec4180b87c97e49139cd","hashSHA256":"16fc992072974097ebefe30dd007bde2c518089bf61ba28a6d39119bedc7de9c","sourceIndex":"2612","avBlockList":["360 Total Security (20191031)","Avast Internet Security (20191031)","AVG Internet Security (20191031)","Avira Internet Security (20191031)","Bitdefender Internet Security (20191031)","Dr.Web Security Space (20191031)","ESET Internet Security (20191031)","G DATA INTERNET SECURITY (20191031)","K7 Total Security (20191031)","Kaspersky Internet Security (20191031)","Malwarebytes Premium (20191031)","McAfee Total Protection (20191031)","Norton Security (20191031)","Panda Dome (20191031)","Quick Heal Internet Security (20191031)","Sophos Home Premium (20191031)","Tencent PC Manager (20191031)","Trend Micro Internet Security (20191031)","VIPRE Advanced Security (20191031)","VirIT eXplorer PRO (20191031)","Webroot SecureAnywhere (20191031)","Windows Defender (20191031)"],"avAllowList":["COMODO Antivirus (20191031)"]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Reg Cleanerz\\Reg Cleanerz\\Regcleanerz.exe","companyName":"EpizyCleanup","fileVersion":"8.5","hashMD5":"80c052046e8c50d3380fbe5a3b4a0cda","hashSHA1":"4875628cebab2cc37914bfabb8cc128b590eda71","hashSHA256":"c0eb3cddddf2ab421ca0e414183ee5c0e5cfd12dc85ec4f793d780a05f341535","sourceIndex":"2613","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WRCFree (3).exe","isInstaller":"True","companyName":"Reg Cleanerz","productName":"Reg Cleanerz Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"04044fdb4a85dbef3c5e8a4c0a6378b3","hashSHA1":"653667f214da9ebe3500b2c750131e8ff4eac071","hashSHA256":"948939417e487c1a50da95c7b57e5fca4abdda6931692ec8ea2f2a59e461884e","sourceIndex":"2613","avBlockList":["360 Total Security (20190909)","Avast Internet Security (20190909)","AVG Internet Security (20190909)","Avira Internet Security (20190909)","Bitdefender Internet Security (20190909)","Dr.Web Security Space (20190909)","ESET Internet Security (20190909)","G DATA INTERNET SECURITY (20190909)","K7 Total Security (20190909)","Kaspersky Internet Security (20190909)","Malwarebytes Premium (20190909)","McAfee Total Protection (20190909)","Norton Security (20190909)","Panda Dome (20190909)","Quick Heal Internet Security (20190909)","Sophos Home Premium (20190909)","Tencent PC Manager (20190909)","VIPRE Advanced Security (20190909)","VirIT eXplorer PRO (20190909)","Webroot SecureAnywhere (20190909)","Windows Defender (20190909)"],"avAllowList":["COMODO Antivirus (20190909)","Trend Micro Internet Security (20190909)"]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Registry Doc\\Registry Doc\\RegistryDoc.exe","companyName":"EpizyCleanup","fileVersion":"8.5","hashMD5":"37112f7f3dd2bf8d8c887443dc97fe19","hashSHA1":"b457730425ba8ab0798727bb452c3eb6558fdcaf","hashSHA256":"284dfb7595ec8ef8760f2b7ed02ddc4e10e9197903e26db7a775348451092766","sourceIndex":"2614","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WRCFree (4).exe","isInstaller":"True","companyName":"Registry Doc","productName":"Registry Doc","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a6a228ca1ebe0a517c7857c943fe2367","hashSHA1":"f62235ccc2500d3544ff938ed976cf0221dfc56c","hashSHA256":"852a058cdc8c1815e43c75e254c8af994f1e7b8f8ac3adc49b2a2bc2fdf06b0f","sourceIndex":"2614","avBlockList":["360 Total Security (20190916)","Avast Internet Security (20190916)","AVG Internet Security (20190916)","Avira Internet Security (20190916)","Bitdefender Internet Security (20190916)","Dr.Web Security Space (20190916)","ESET Internet Security (20190916)","G DATA INTERNET SECURITY (20190916)","K7 Total Security (20190916)","Kaspersky Internet Security (20190916)","Malwarebytes Premium (20190916)","McAfee Total Protection (20190916)","Norton Security (20190916)","Panda Dome (20190916)","Quick Heal Internet Security (20190916)","Sophos Home Premium (20190916)","Tencent PC Manager (20190916)","Trend Micro Internet Security (20190916)","VIPRE Advanced Security (20190916)","VirIT eXplorer PRO (20190916)","Webroot SecureAnywhere (20190916)","Windows Defender (20190916)"],"avAllowList":["COMODO Antivirus (20190916)"]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Registry Mechanic\\Registry Mechanic\\RegistryMechanic.exe","companyName":"EpizyCleanup","fileVersion":"8.5","hashMD5":"52b7d3c0c1068307b40b65088ac3a4f0","hashSHA1":"634e7ee30e5d0e9f08dd749efea16c1fb450a4a5","hashSHA256":"6157a27a7af51579c76e9dfa4edd8a8785dc43f3086e75a5765f14ce107e2b10","sourceIndex":"2615","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WRCFree (5).exe","isInstaller":"True","companyName":"Registry Mechanic","productName":"Registry Mechanic","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1ee2b81d5087c84b68365c84f32dc361","hashSHA1":"519a652d77393f9de0f893e69b0dae8ab2e0973d","hashSHA256":"b30081b60ab74908e2657dd640b28b869ca1069b8dae3dc9656e3a3347a18bbf","sourceIndex":"2615","avBlockList":["360 Total Security (20190916)","Avast Internet Security (20190916)","AVG Internet Security (20190916)","Avira Internet Security (20190916)","Bitdefender Internet Security (20190916)","COMODO Antivirus (20190916)","Dr.Web Security Space (20190916)","ESET Internet Security (20190916)","G DATA INTERNET SECURITY (20190916)","K7 Total Security (20190916)","Kaspersky Internet Security (20190916)","Malwarebytes Premium (20190916)","McAfee Total Protection (20190916)","Norton Security (20190916)","Panda Dome (20190916)","Quick Heal Internet Security (20190916)","Sophos Home Premium (20190916)","Tencent PC Manager (20190916)","Trend Micro Internet Security (20190916)","VIPRE Advanced Security (20190916)","VirIT eXplorer PRO (20190916)","Webroot SecureAnywhere (20190916)","Windows Defender (20190916)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Pcsoftinstall LLC\\Pcsoftinstall\\Pcsoftinstall.exe","companyName":"Pcsoftinstall","fileVersion":"18.10","hashMD5":"049c3b002a900a9bb323aa66f65440a4","hashSHA1":"dc159ad3ef1df818518d16d867bac16495c641d9","hashSHA256":"3d0200571f89322e4be78ba867aac8adb5c61ab6f8f952b8b6ee80681003a894","sourceIndex":"2616","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"wordmui.exe","isInstaller":"True","companyName":"Pcsoftinstall LLC","productName":"Pcsoftinstall","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"cd8d8059d5f79da42c42152af78ca081","hashSHA1":"b920f20e60e7f564f66c51ebb4336008b016a847","hashSHA256":"b5fcb280d0bbc78ea367a9109748acf7323861a37cf2ade7d94088f41af891af","sourceIndex":"2616","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","Dr.Web Security Space (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Webroot SecureAnywhere (20191223)","Windows Defender (20191223)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Fast Cleaner\\Woogle.tech\\FastCleaner.exe","fileVersion":"1.0","hashMD5":"b789288952cf38cc0526a11fea093cc4","hashSHA1":"bbf1ccf266cd5ede646defe3b3e432115b23530f","hashSHA256":"93f1f27aa54e31f19dabc31e9eed49db47e2e10b8c55b8ed8dd16e8bc42e4557","sourceIndex":"2617","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoosterSetup.exe","isInstaller":"True","companyName":"Fast Cleaner","productName":"WiseRegCleaner","fileVersion":"1.0","hashMD5":"6c07a4217f8eab9794f464f64c67673b","hashSHA1":"532f68ed653eb97cf5133347fd9e610ced830bcb","hashSHA256":"b005aae944f4136035fb488946831736802259e716cb87a361a6e96a0f3cf5d4","sourceIndex":"2617","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Windows Defender (20191204)"],"avAllowList":["Webroot SecureAnywhere (20191204)"]},{"isRevoked":"False","fileName":"ccsetup561.exe","isInstaller":"True","companyName":"Smart PC Clean","fileVersion":"1.0","hashMD5":"f11a9db7857dcff2fe362dd93e73f78e","hashSHA1":"670b373f58c404e608e8066d39407cf7637c0ddd","hashSHA256":"ac13c9f821e9b2d1b166f71d1aebfd55dd1913e36511b6a07abd048fe31a47d0","sourceIndex":"2618","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Smart PC Clean\\Smart PC Clean\\background\\SerivceProjectSmart.exe","fileVersion":"1.0","hashMD5":"d2fd39fe1ff51c1aa72e358fb745bffd","hashSHA1":"814c8a63bf0a7416619ae221e8613b76c7455ce6","hashSHA256":"a4d1357f819ea11d11abce4cf209d65c65d357b4c98346d972c9498b42abe846","sourceIndex":"2618","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Smart PC Clean\\Smart PC Clean\\smartpccleaner.exe","fileVersion":"1.0","hashMD5":"bcfe7241caa708b78a8126093be3a5bc","hashSHA1":"a89a8811f92667201ffb20674fdeebace8eb868c","hashSHA256":"1a14478b1b5cf3faf4b0460c836e57bb3d20960129d0d72181ff184a758b6707","sourceIndex":"2618","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WRCFree (6).exe","isInstaller":"True","companyName":"Cube Cleaner","productName":"Cube Cleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"18455991327f4e8c6eba01a0c982c9f7","hashSHA1":"e9fe7aac267bbf2c6c099256d387e04cde35799b","hashSHA256":"6ecb6a11994aa70b09cf796fa44dfd2e41990d79e1038fcb792c0553dac779e9","sourceIndex":"2619","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","COMODO Antivirus (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Cube Cleaner\\Cube Cleaner\\cubecleaner.exe","productName":"FastCleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a811fd869c0101047a87ce0accd0e1a1","hashSHA1":"90f45e88419c4f4f2c6cdced865825c886a951c2","hashSHA256":"80ee57cd3153360d8ec84f8d8daf1e2733953841ad5384b3a2781525b1236043","sourceIndex":"2619","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"Start your PC Faster\"","reference":"http://webmoka.site/index.php","landingPage":"http://webmoka.site/index.php","directDownloadingLink":"https://mega.nz/#!zlJWwSqI!tRvvNYMZam-2BzUIZ6h5ZXZvpOA01utMEZLbDO33HdQ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/#!zlJWwSqI!tRvvNYMZam-2BzUIZ6h5ZXZvpOA01utMEZLbDO33HdQ","sourceIndex":"2610"},{"howFound":"","reference":"Microsoft Cleanup","landingPage":"https://microsoftcleanup.com/index.php","directDownloadingLink":"https://ln.sync.com/dl/3a1a6ba60/view/default/1667329320011#3eqgja7u-hrhc8kj4-qt4j8y8u-eprf4pqy","ipv4":"","ipv6":"","sourceIndex":"2611"},{"howFound":"","reference":"RegistryDoc","landingPage":"http://registrydoc.online/","directDownloadingLink":"https://mega.nz/#!3wQh3AqS!_vu0GxrA837hovxs0GtLDapeZYkzb3PWTe-2Eo_-oMc","ipv4":"","ipv6":"","sourceIndex":"2612"},{"howFound":"","reference":"RegCleanerz Pro","landingPage":"http://www.regcleanerz.xyz/","directDownloadingLink":"https://ln.sync.com/dl/2e890b0b0/view/default/2420970630011#a9t8t3k9-6ycq97bu-q4rzh4dc-pe5daw8w","ipv4":"","ipv6":"","sourceIndex":"2613"},{"howFound":"","reference":"RegistryDoc","landingPage":"http://registrydoc.xyz/index.php","directDownloadingLink":"https://ln.sync.com/dl/36058b510/view/default/2526407930011#vyuxj5ew-n5u3kdxf-kdr9uhm3-8wiyq6ub","ipv4":"","ipv6":"","sourceIndex":"2614"},{"howFound":"","reference":"RegistryMechanic","landingPage":"http://www.registrymechanic.xyz/index.php","directDownloadingLink":"https://ln.sync.com/dl/11fb6b490/3rfhk7f2-axxyi8jn-99yx2tm2-q7wufppg/view/default/2529669400011","ipv4":"","ipv6":"","sourceIndex":"2615"},{"howFound":"","reference":"Pcsoftinstall","landingPage":"http://pcsoftinstall.info/","directDownloadingLink":"https://ln.sync.com/dl/0915b6a70/2q5xk823-ew6n5nqy-42aeg4in-4jfi8t56/view/default/3129114810011","ipv4":"","ipv6":"","sourceIndex":"2616"},{"howFound":"","reference":"WiseRegCleaner","landingPage":"http://woogle.tech/index.php","directDownloadingLink":"https://public.boxcloud.com/d/1/b1!r3_qXC4lHTryckaNNdafLSSPZ_Ex2PIwZGo1XbG6Q7RpB2ocplEBEl3_ySBdfjm22b67oeBqZCj_5IKnIqBbYY0VAMVSDuM8G9YqH5jfZ1NfqbfAHGjrYtTGxXK-tzdUeA1TgGMbfu8RrMuK0MWhrBelLAxECvyyHkVx0VPie4GEAXr2FVXssWse9i1gSoGaMmaFMOBLRpptXlsNtqejBEvGpsofNVW2ABWFLr7G5BfW5GfZhah10XTijAQ4dLbvFQZzff3gCTYbozFmwK5OgQAZx7oIpRylpk4PzFVnnBeEBQFDux-tO_w9UsPZcL6ei2J_Y__kyE-sF-heQ7PrACqjb56XOU86Q_oOnmySi1BbNAdTAou6Ifv3_CslRr9x_06LTx8ogNOPOJ3FWB5FL4SrVU6_SmHeciyx4qFaNPikIR_vDip04doTXnDc3K2kGRLpwYdslJGtQgfIQv4rxnOjGJUv64dXHEsrqkXUFBW0eaXzRW_blbTjtHPYSKq1coZg35mpnSfhvQvSxBVb7iuVoUFzjexp1yUxm-1tNvZPDgXW87TXklaDrY-uRxT0h4RT0MFUHQQNjjzqQ2o-Qgr19ULZwUsvJp0KUrK8Rq5wnYX74ZXIPfK3gZ7Ai32ET3TJ0t0kUC_noNqToTy_IzFQd1EUHkdMKirpHk9D5MJAenKMRWIv0XtMh9cCY-jCHhpUrU5vBNC82YYyHtK1FjVuqDupzomNB9SApmgXjSmRNSWNqiEWFv6gskEiZ95d7iP-E3PCUnUZtk-eOJ9XSbGMTS-xiILdsw9qkx9-c7D4YkkfvVvJeLXrfpt7hnsN7WwwYm9Xj7WsdGJBZxgKyPtxE2JA4Y4WISlHZig1dK0cDMVsBmBTThHSbvXXNgM0R3258xElcdomSmdkPn0DJhpldLQJPvWKV7QvAFI4quIb4yPofl39EbKrw4VC-Joj6aJWMxKVJYeKRAt9NtonzP9FKLI0YzqfCuTIhOp5I1LEdA1kT5nRYNAi-rHPa86VQARg-hZl1_vZkQ_ONq8gIYuQAOFWJ6tVQ0tQM46tOkMX1rvuUCAQsaC6GvgRelFCzf64NE0E-bgotdilMuwMuXlxQON0l6ofDgwWdg4UQa1C8gZ66C3YxxLtJ87dejlF_Wc2DHPa0XrJcbnNFHSA87otSDNPJbHNBOfrA6luxgrp2spoWV_COsXWl0_o300GBeeHAv0-0HtN5yXoRWLw27ZWP5gSLwTQ4R4rvSRFn0nFYE7Vqthq0K5quCdJVW2DiwqC5HfROg../download","ipv4":"","ipv6":"","sourceIndex":"2617"},{"howFound":"","reference":"Smart Pc Clean","landingPage":"http://smartpcclean.com/index.php","directDownloadingLink":"http://smartpcclean.com/softs/ccsetup561.exe","ipv4":"","ipv6":"","sourceIndex":"2618"},{"howFound":"","reference":"Cube Cleaner","landingPage":"http://cubecleaner.online/","directDownloadingLink":"https://ln2.sync.com/dl/9c6891f80/b6wju4g3-i5ciiuiw-utrbqzv4-nqkdgbhg/view/default/8607862750007","ipv4":"","ipv6":"","sourceIndex":"2619"}],"sampleFiles":["191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/WRCFree.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/Webmoka.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/MicrosoftCleanup.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/sihosts.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/WRCFree (1).exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/RegistryDoc.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/WRCFree (2).exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/Regcleanerz.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/WRCFree (3).exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/RegistryDoc(2).exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/WRCFree (4).exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/RegistryMechanic.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/WRCFree (5).exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/Pcsoftinstall.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/wordmui.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/FastCleaner.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/PCBoosterSetup.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/ccsetup561.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/SerivceProjectSmart.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/smartpccleaner.exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/WRCFree (6).exe","191106/WebmokaPcCleaner-190814/1.0.0.0/Samples/cubecleaner.exe"],"imageFiles":["191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-042/010.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-042/010_2.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-004/fixing.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-010/010.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-010/010_2.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-065/install.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-065/main.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-002/002.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-002/002_2.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-002/payment.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-150/150.png","191106/WebmokaPcCleaner-190814/1.0.0.0/Images/ACR-168/payment.png"],"guid":"71c7682e-dde5-4664-950b-556124e22cf5_1.0.0.0_1","appID":"WebmokaPcCleaner-190814","dateAdded":"191106","deceptorType":"App","name":"Webmoka Cleaner","company":"Webmoka LLC","version":"1.0.0.0","sigName":"Deceptor:Win32/WebmokaCleaner!004014010042084","lastKnownStatus":"1.0.0.0","lastKnownDate":"201023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2020-10-23T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2006},{"violations":{"ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled\n","ACR-150":"The app displays star awards from Tucows, CNET, Tech Radar and Software.Informer that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Xtron System Care for DESKTOP-8QAR3KI\\rgcl.exe","productName":"Xtron System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3c1dfda43752b0742a09fd2761a60624","hashSHA1":"be8b3ffef5f737de11a271c9321e870e0dff02d8","hashSHA256":"2be9e0e9abd48cc733aa31ee1f1921a452acaa0cac6db65b52ea4dc1c5befc8a","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2237","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup.exe","isInstaller":"True","companyName":"Xtron System Care","productName":"Xtron System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"525e3d14c89ba9c9a99bcb782b6c91fa","hashSHA1":"2ed135db6552312c80c0a32535c629871b01739a","hashSHA256":"32591bd3f981c4ae45e39894e3f4b757e6e565cd0a3d6c82a09d6ce9bab2a5ef","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2237","avBlockList":["360 Total Security (20190829)","Avast Internet Security (20190829)","AVG Internet Security (20190829)","Avira Internet Security (20190829)","COMODO Antivirus (20190829)","Dr.Web Security Space (20190829)","ESET Internet Security (20190829)","G DATA INTERNET SECURITY (20190829)","K7 Total Security (20190829)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Panda Dome (20190829)","Quick Heal Internet Security (20190829)","Sophos Home Premium (20190829)","Trend Micro Internet Security (20190829)","VirIT eXplorer PRO (20190829)","Webroot SecureAnywhere (20190829)","Windows Defender (20190829)"],"avAllowList":["Bitdefender Internet Security (20190829)","Tencent PC Manager (20190829)","VIPRE Advanced Security (20190829)"]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.0) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"0e12926982b7c55cb1f45199f3168328","hashSHA1":"98ed41c51ee6777acd30cb2ba4e16dcfd859e002","hashSHA256":"2bd2c863fd0d2394555ae4e367334f2667bf8f53c9754f0a6f07ea80447b06cf","digitalCertThumbprint":"F0F5A27291E140C6388121045EC881B591997BFA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUANTUM PC TOOLS, O=QUANTUM PC TOOLS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2237","avBlockList":["360 Total Security (20190829)","Avast Internet Security (20190829)","AVG Internet Security (20190829)","Avira Internet Security (20190829)","Bitdefender Internet Security (20190829)","COMODO Antivirus (20190829)","Dr.Web Security Space (20190829)","ESET Internet Security (20190829)","G DATA INTERNET SECURITY (20190829)","K7 Total Security (20190829)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Panda Dome (20190829)","Quick Heal Internet Security (20190829)","Sophos Home Premium (20190829)","Tencent PC Manager (20190829)","Trend Micro Internet Security (20190829)","VIPRE Advanced Security (20190829)","VirIT eXplorer PRO (20190829)","Webroot SecureAnywhere (20190829)","Windows Defender (20190829)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.0) 3.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ce4f4e13912dd82c87722a589e2de5f8","hashSHA1":"b26b1064e42c20443a14363f31cc1aae734ad105","hashSHA256":"b41635cc4a9501a9a7e2a72648aa8b32234b1e55375ec75df409e64dd2a422f9","digitalCertThumbprint":"6A5800872C788017AA96DA522A71DE2AB052AFCA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC Utilities, OU=IT, O=NETCOM PC Utilities, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2237","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.12) 2.exe","isInstaller":"True","companyName":"","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"5450ad43deac6696ef36f21d59a1d18f","hashSHA1":"960b62d5fb2576f54add097c62cd732fd6115155","hashSHA256":"c49ca2099ecefd70e6bb3f37fc3cc6e4676af71f2ef02a9b75998964a0b0d054","digitalCertThumbprint":"0930FFBEEC55314AD0B1AD4BEDC26E612891D618","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DAZZLE PC LOGICS, OU=IT, O=DAZZLE PC LOGICS, POBox=302039, STREET=\"G-15B, VIJAY BADI PATH 1, KHAITAN HOSPITAL, SIKAR ROAD, DEHAR KE BALAJI\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2237","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (2).exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"74a6ff24c6b789773c53c98d3ea176af","hashSHA1":"3981565ab055dde99bc5371e5abe4b2dee800119","hashSHA256":"2c085bda89994896717f134c0f524ea06a9a8cab85290348079279927cc783bf","digitalCertThumbprint":"1BE3A9ECD66B3B43C979674BDBBE10D904FCBFE1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, OU=IT, O=NETCOM PC LOGICS, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2238","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1).exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"e37b0bf89a52ca969ab20e55b436a6eb","hashSHA1":"294b4ddbedbddda13bdedf7aee51ecfebbdfe055","hashSHA256":"773219729d33de366665462377198345e6a1c649cbc834e81f21079aa5000d00","digitalCertThumbprint":"1BE3A9ECD66B3B43C979674BDBBE10D904FCBFE1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, OU=IT, O=NETCOM PC LOGICS, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2240","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 2.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"cad317b8f37c166e43766ab03bc341fc","hashSHA1":"fa2e87caf7b68f973b513cb5d6b6e43b42a34e19","hashSHA256":"cd828e149bf9ec0414f501427c00c94ec6cf4c2c2d947a050e9fda5ef176f94f","digitalCertThumbprint":"4F0858E66A2893AEAE165BDA74249C6574E6D91F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC LOGICS, OU=IT, O=ADEQUATE PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2241","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 3.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"269ea9d2008fb8f7af6e0979c46fdbbd","hashSHA1":"6a8f52e0fdf3652f1bfa3759d92ddb1342f2c52d","hashSHA256":"34c38492b134f31db29f0cb9821e39c0f7198c68511fd0f0ca1c8cb4f3d8f985","digitalCertThumbprint":"13FA2C24FEDE7660915303E91F73998266C2084F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=XPERTMINDS SOFTWARES, OU=IT, O=XPERTMINDS SOFTWARES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2242","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 4.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"26afc807e831c0a9769d9aabd40b0564","hashSHA1":"9faa6e1232710834f46306752d6da414db7fa113","hashSHA256":"b9bbc20583d1480ac0ca7ae1e37c54f8d3c1b121f14526b29ba4d7583f06f4c0","digitalCertThumbprint":"1BE3A9ECD66B3B43C979674BDBBE10D904FCBFE1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, OU=IT, O=NETCOM PC LOGICS, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2243","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.0) 2.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2e245ed6dd4f5fe1dc4586a1908bbc7d","hashSHA1":"0d7d2f86fe66ca70084bbc7bac23335e4ae8d67e","hashSHA256":"8757c06a6be28dc95380b9899a795dc6812f3fba24b03f454a8e31f38a92f68b","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2244","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.0) 3.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"9438d18c44751a8f4f0b7fa0bbb52a25","hashSHA1":"e36ddf9777450fc013e412e04d25b28c5d7ac617","hashSHA256":"c8716ec598ee4d708c0e7b9a11c10dac987ed5ae78301975b034d092e9991976","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2245","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 5.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"ebb4a293df94a283bb55c6f44de588b4","hashSHA1":"d817dcee719ecfcfea6259a26d5c455ddcd1c46b","hashSHA256":"7d0a457b5fa1f6e16b8f7c321b02a63a2cadfb4e3fd2c993d1cc89a7358e1683","digitalCertThumbprint":"33DA78E552BCDFDA31F274D5591C8BDD73F3929D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRE SOFTWARES, OU=IT, O=ASPIRE SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2246","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 6.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"e35fc428bf45d2d8ca420452b03f1b0a","hashSHA1":"ff731ff5236f776e693cfa64dc1f413aafeaaace","hashSHA256":"f1476900914658e78b74f457a36cb6ead02750763b6c7c2e6d47fe8cf9074df1","digitalCertThumbprint":"4F0858E66A2893AEAE165BDA74249C6574E6D91F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC LOGICS, OU=IT, O=ADEQUATE PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2247","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 7.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"60770053c269fd396892d8aa3081166b","hashSHA1":"a8dd60a3b2d360dba0a8b9b2e60fbbb23c0c8c7b","hashSHA256":"1ddb67c7cf8ed03751e08bfdfc422a3b9d0aa12c5728b56030f228f9bf7e5204","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2248","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 8.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"aac6c754c7f0dac88a6237d246f19942","hashSHA1":"3ffa05f1904beb0b797151eaf6c258f7bea6a521","hashSHA256":"ccef50145198feee1368f1d05f788674f29d0e4d576d38d27ba50628b19acfa1","digitalCertThumbprint":"4F0858E66A2893AEAE165BDA74249C6574E6D91F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC LOGICS, OU=IT, O=ADEQUATE PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2249","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 9.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"1d81522ff7014cbcf0fe23acd4172a18","hashSHA1":"61097c0b21851ec3b59cd31ede3df77d079478ec","hashSHA256":"622667f4c169742c56a3fda3899bea261bbd96cd6270a7b58559661234c98759","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2250","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 10.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"6ea960e45c1a340d2d6a91f12b527a30","hashSHA1":"048daa5f2ecd111b2777a4961e9757c5d1a89c6e","hashSHA256":"c4e27eabda79778bb4f95437fdb2b0f2c2d6fcf3bf2c33dff4f066bfb1ca5293","digitalCertThumbprint":"33DA78E552BCDFDA31F274D5591C8BDD73F3929D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRE SOFTWARES, OU=IT, O=ASPIRE SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2251","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 11.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"7308859bae4c663e8dd8e84700ae358e","hashSHA1":"957cc6dc5994dea3eed38e1bf26094d1c87d081a","hashSHA256":"492d5e136b1727656e66badcb7eec69ea989036128f27f622e38664510672fc8","digitalCertThumbprint":"33DA78E552BCDFDA31F274D5591C8BDD73F3929D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRE SOFTWARES, OU=IT, O=ASPIRE SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2252","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.3).exe","isInstaller":"True","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"5ea5575c5e4afa1545961afce0842969","hashSHA1":"d02c73a38b34f37f0956ac897c9aff042445d921","hashSHA256":"fa2bff769849741e19d6e981f043908902e75f9f649b2662eb3026fa1a83103b","digitalCertThumbprint":"0CBC326DE11C5353B45ED764D65E46BE939DEA97","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS SERVICES, OU=IT, O=SOFTBITS SERVICES, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2253","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.2).exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"893c9bfa6d7e281367caf60c80b2096e","hashSHA1":"c79845603b1c058d5247584a6ba1662b31deda5d","hashSHA256":"834894357f68ce050998f388163cceca7e37fc12a2c9345f98672d5f41e45fad","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2254","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.5).exe","isInstaller":"True","productVersion":"1.0.0.5","fileVersion":"1.0.0.5","hashMD5":"0cc0eebb157e9617eaf07e24e5aac1b6","hashSHA1":"06d69433d11c1a167f2dd462d84af65079a1989b","hashSHA256":"1e1e793c8a2ccbccd385208bb00377263e3034681ffb7d8e20cf7e2b392b3d37","digitalCertThumbprint":"0E53653FB94FFAED4E05A8188003D4625B8600DA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRE PC TOOLS, OU=IT, O=ASPIRE PC TOOLS, POBox=302039, STREET=\"G-15B, VIJAY BADI PATH 1, KHAITAN HOSPITAL, SIKAR ROAD, DEHAR KE BALAJI\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2255","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1fcc61b5ce5616b6eb911073ed7fe9ac","hashSHA1":"6b6059c4527ad84785e493ff83b17ef3018d93d5","hashSHA256":"d251e7a10332bda8326ef9c9a7915573d6e6e8278b415fdcd960a1c0f7020938","digitalCertThumbprint":"F0F5A27291E140C6388121045EC881B591997BFA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUANTUM PC TOOLS, O=QUANTUM PC TOOLS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2257","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.7).exe","isInstaller":"True","productVersion":"1.0.0.7","fileVersion":"1.0.0.7","hashMD5":"24c2c7dbd46b9c2da6e1894c3da85b23","hashSHA1":"949f5d8107ba1d3dbdd4769a223399480bbc1be1","hashSHA256":"98dff6003a09450283a53156fc0dc6d52c2a8fa6e1ab591881342520b2f62098","digitalCertThumbprint":"6A5800872C788017AA96DA522A71DE2AB052AFCA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC Utilities, OU=IT, O=NETCOM PC Utilities, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2258","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.9).exe","isInstaller":"True","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"564209d77f4b435b38ce1229c1ad8496","hashSHA1":"8926edae3d3dbdd02730f4c180fd68b883687ab4","hashSHA256":"afc1e6808b6720fe50a1cd3128817a3f5a97d1cffd7d42cf583f763c237a71c3","digitalCertThumbprint":"0930FFBEEC55314AD0B1AD4BEDC26E612891D618","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DAZZLE PC LOGICS, OU=IT, O=DAZZLE PC LOGICS, POBox=302039, STREET=\"G-15B, VIJAY BADI PATH 1, KHAITAN HOSPITAL, SIKAR ROAD, DEHAR KE BALAJI\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2259","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.12).exe","isInstaller":"True","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"9370f8dce355ee04def66914cc81305d","hashSHA1":"13d9edc1588d926ec594a5333eeebd9a880194af","hashSHA256":"5e44b365c90c47bc6dfc6adb0f26b64e97644848ab419f939102ac0ea8762f89","digitalCertThumbprint":"6A5800872C788017AA96DA522A71DE2AB052AFCA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC Utilities, OU=IT, O=NETCOM PC Utilities, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2260","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.9) 2.exe","isInstaller":"True","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"c6b05397b116a3ca5c6a3bba5da33093","hashSHA1":"97f6c35247adb54189fa6d78f9f3b0a3045bbe00","hashSHA256":"8883008faabb73de7e5e491466120d73607041540345443676f88e8820d4cd33","digitalCertThumbprint":"6A5800872C788017AA96DA522A71DE2AB052AFCA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC Utilities, OU=IT, O=NETCOM PC Utilities, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2263","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.18).exe","isInstaller":"True","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"a976b8132f98c629eb10aadb0c81401e","hashSHA1":"857c05d3de04b7201e76af24bf9a3a478710bbf2","hashSHA256":"2de1cec252fe5d88ddd31cc13ee9caa2701dab2afad7ade732a8b3043e1beed6","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2264","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xpssetup(1.0.0.0).exe","isInstaller":"True","companyName":"Xtron PC Speedup","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3f197144b3c6de0a1f3922a02ab61b77","hashSHA1":"1473df707f0f3a558e28f162eaf1e94661a68dc2","hashSHA256":"dc02a8e862f86f32dbb458e804e7faa6b9a1dfda5649293abfcb3b509f19b12c","digitalCertThumbprint":"0930FFBEEC55314AD0B1AD4BEDC26E612891D618","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DAZZLE PC LOGICS, OU=IT, O=DAZZLE PC LOGICS, POBox=302039, STREET=\"G-15B, VIJAY BADI PATH 1, KHAITAN HOSPITAL, SIKAR ROAD, DEHAR KE BALAJI\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2265","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xopsetup (1.0.0.1) 12.exe","isInstaller":"True","companyName":"Xtron Optimizer Pro","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"1b2eabcd279ac1cf14d164a237f4a220","hashSHA1":"4e247ee14e9a9fd2ecb4f9d54bd3fc8f299a06ba","hashSHA256":"68825c646cacae078326bedc10b074de2e1b265f50adb49edffa4aefb15f50ba","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2267","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xopsetup (1.0.0.6).exe","isInstaller":"True","companyName":"Xtron Optimizer Pro","productVersion":"1.0.0.6","fileVersion":"1.0.0.6","hashMD5":"60f3deee72137e610a87c7965eb24524","hashSHA1":"6031402e059948686c4efa75da497c5f774de605","hashSHA256":"99498194150bcce11b1304a86f9dd14a8e37655da75a4d3106da313491432e77","digitalCertThumbprint":"AD07DBDE930258D2D42D5877AAC1F9B01E860DCC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE TECHNOLOGIES, OU=IT, O=SYSCARE TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2268","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.018).exe","isInstaller":"True","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"9c65dcb4b83c4bd738d5d765cc44054c","hashSHA1":"c0f3123db296f84291d95218357ca4a26164f965","hashSHA256":"28cd7b9636b7578c337edb286a0fc98a56ce94c70eb04cf6e461b48377603795","digitalCertThumbprint":"FAA51CCC506861B00F2BDF2ED8989E63BCB27F94","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT PC LOGICS, OU=IT, O=INTELLECT PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2269","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.1).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"b9770edd43c15d17d125df93dd6c3268","hashSHA1":"179494c903b8619078e058ee0970c7eab178e269","hashSHA256":"fb63e98c70446157c7f95f656701fcb17697aaebf63779e2b09776c05f606a69","digitalCertThumbprint":"AD07DBDE930258D2D42D5877AAC1F9B01E860DCC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE TECHNOLOGIES, OU=IT, O=SYSCARE TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2270","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xopsetup (1.0.0.1).exe","isInstaller":"True","companyName":"Xtron Optimizer Pro","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"c0b68275fff608151268312b1dd658be","hashSHA1":"b3309b1e31d4bc1617e6bb028653b6c5f61a3d76","hashSHA256":"ece73df2c4617a2c0174349c027276ca3407519a0583c57c46f55c90516abe2c","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2271","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.5) 2.exe","isInstaller":"True","productVersion":"1.0.0.5","fileVersion":"1.0.0.5","hashMD5":"44de57753d936e143895fbe6b51bfd8a","hashSHA1":"e84c489d3b019b56047c026a8dd5d1be9637e579","hashSHA256":"e6c4664b5b27c8a6e2bf02e1e802989aaca4944b49b3146888f048e2b004fc62","digitalCertThumbprint":"0E53653FB94FFAED4E05A8188003D4625B8600DA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRE PC TOOLS, OU=IT, O=ASPIRE PC TOOLS, POBox=302039, STREET=\"G-15B, VIJAY BADI PATH 1, KHAITAN HOSPITAL, SIKAR ROAD, DEHAR KE BALAJI\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2273","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.3) 2.exe","isInstaller":"True","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"bfdc8421d510b377724afc9fd281bccf","hashSHA1":"0b052f21102b992206c82bd57b72ae9374c7b3e5","hashSHA256":"1696b6a344f2445267efec5a0a15291d8658e304eddb06aa3951cddaa650f2bb","digitalCertThumbprint":"6A5800872C788017AA96DA522A71DE2AB052AFCA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC Utilities, OU=IT, O=NETCOM PC Utilities, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2274","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.18) 2.exe","isInstaller":"True","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"e83b722f66d3620cf38a4eac9b7b2676","hashSHA1":"7d6a9ff697d69e18e115d022a9c1fe88028e3177","hashSHA256":"10a26474eb74e1a6fdc28303574a8d56b6f3a1a243afc502d4a143583f2e254c","digitalCertThumbprint":"66E5C147885944AA0606781EA05FE506A46BA3AB","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2275","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.1) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"79e939078c759db737d97943370f7dec","hashSHA1":"143e61e47becf2fc3cf2170a375006cc2848bc0d","hashSHA256":"41ca9ea4b143edb3f944d29fc29a7aff89ec1a3a8b838b3226877bd42617446b","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2278","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xopsetup (1.0.0.1) 2.exe","isInstaller":"True","companyName":"Xtron Optimizer Pro","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"6adbcc984e4c2976eb71a196152165af","hashSHA1":"9a83060eb1e5b14d244a1da9b70d3d0c01db3ee3","hashSHA256":"b87281ebc8c2887052e09983133af168f86a7895f91ca0a492c7084b9457eda8","digitalCertThumbprint":"66E5C147885944AA0606781EA05FE506A46BA3AB","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2279","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xopsetup (1.0.0.6) 2.exe","isInstaller":"True","companyName":"Xtron Optimizer Pro","productVersion":"1.0.0.6","fileVersion":"1.0.0.6","hashMD5":"38833d49b13886e600707cd1024c661a","hashSHA1":"bb6f9c04903d0fd7e34173aed8ddcc1bea46663e","hashSHA256":"e188ba187d1863be39637204b449ddf43511a43f4bfccf5669dddca8c2cbadf8","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2282","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.18) 3.exe","isInstaller":"True","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"c8bf8ccd90defdb534b9145efbef7233","hashSHA1":"95017cf6653aa6f68ef59d881a22a94efb368159","hashSHA256":"0f4f1ffb17cf7a65b6e66dc2e8a57d9d1c5f43ad19f3e5a0fb2c79a63b4919f8","digitalCertThumbprint":"6A5800872C788017AA96DA522A71DE2AB052AFCA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC Utilities, OU=IT, O=NETCOM PC Utilities, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2283","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.12) 3.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"4e1fe50be1f651153cc10333a06d5f1e","hashSHA1":"28cbff217c9369e7c6c43ab7b2eff2b4b218cdc4","hashSHA256":"0a992ba248236b57b1782e11166a5d778aa42ef0abdf439b49c5ec4fa5b92415","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2284","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","Dr.Web Security Space (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Webroot SecureAnywhere (20191223)","Windows Defender (20191223)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.3) 3.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"e5d08d6014a51da4bc909d20f5aebb98","hashSHA1":"6d1ccc7d19f77d237d4a9727d66bd1d4e48664f9","hashSHA256":"6ed7853304e4b5263ac743a45f0fc4c58fb725246294d68258b50376ab85707f","digitalCertThumbprint":"A784F1CD9FEE46C9D23A00DC0D36BFAE8FA95A04","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SERVICES, OU=IT, O=SYSLOGIX SERVICES, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2285","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","Dr.Web Security Space (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Webroot SecureAnywhere (20191223)","Windows Defender (20191223)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.2) 2.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"481541632c76e9139430226d9a18bc75","hashSHA1":"9cd55164d8fba8476be78c2bc4aa891815e7e053","hashSHA256":"a27def0d522bc01a86360feb6144b2d77630f1ce812dffeab2a803e8e420f1a4","digitalCertThumbprint":"33DA78E552BCDFDA31F274D5591C8BDD73F3929D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRE SOFTWARES, OU=IT, O=ASPIRE SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2286","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xopsetup (1.0.0.35).exe","isInstaller":"True","companyName":"Xtron Optimizer Pro","productVersion":"1.0.0.35","fileVersion":"1.0.0.35","hashMD5":"70b061a399e31e5de696683d5fa554cc","hashSHA1":"98e54740769c80683e855000ca2a1d020ceccbaa","hashSHA256":"8576ff0072706774b7be886424daa0f6ba21aff272372843218071908a8c3004","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2287","avBlockList":["360 Total Security (20191121)","Avast Internet Security (20191121)","AVG Internet Security (20191121)","Avira Internet Security (20191121)","Bitdefender Internet Security (20191121)","COMODO Antivirus (20191121)","Dr.Web Security Space (20191121)","ESET Internet Security (20191121)","G DATA INTERNET SECURITY (20191121)","K7 Total Security (20191121)","Kaspersky Internet Security (20191121)","Malwarebytes Premium (20191121)","McAfee Total Protection (20191121)","Norton Security (20191121)","Panda Dome (20191121)","Quick Heal Internet Security (20191121)","Sophos Home Premium (20191121)","Tencent PC Manager (20191121)","Trend Micro Internet Security (20191121)","VIPRE Advanced Security (20191121)","VirIT eXplorer PRO (20191121)","Webroot SecureAnywhere (20191121)","Windows Defender (20191121)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.0) 4.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"be571c4af3083e33fbbbf597eb03fb8d","hashSHA1":"a56959e4c7ed74e3316f311e78e7943d783dafae","hashSHA256":"d469caf393040443dea1c92a2de65d744a74371b39a8da027b193d246b9f4da5","digitalCertThumbprint":"6A5800872C788017AA96DA522A71DE2AB052AFCA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC Utilities, OU=IT, O=NETCOM PC Utilities, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2288","avBlockList":["360 Total Security (20191121)","Avast Internet Security (20191121)","AVG Internet Security (20191121)","Avira Internet Security (20191121)","Bitdefender Internet Security (20191121)","COMODO Antivirus (20191121)","Dr.Web Security Space (20191121)","ESET Internet Security (20191121)","G DATA INTERNET SECURITY (20191121)","K7 Total Security (20191121)","Kaspersky Internet Security (20191121)","Malwarebytes Premium (20191121)","McAfee Total Protection (20191121)","Norton Security (20191121)","Panda Dome (20191121)","Quick Heal Internet Security (20191121)","Sophos Home Premium (20191121)","Tencent PC Manager (20191121)","Trend Micro Internet Security (20191121)","VIPRE Advanced Security (20191121)","VirIT eXplorer PRO (20191121)","Webroot SecureAnywhere (20191121)","Windows Defender (20191121)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.12) 4.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"466232dbe45d38230d7aff11abc83690","hashSHA1":"6b3a373dce5eedfd82857e1a5d8e49c5c997cefa","hashSHA256":"49f59151ea8df63fa5f0ac1646eea96a01c3cbcd6aa490c217069ff3b1460ae4","digitalCertThumbprint":"FAA51CCC506861B00F2BDF2ED8989E63BCB27F94","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT PC LOGICS, OU=IT, O=INTELLECT PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2289","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.3) 4.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"0fc87f18eb46de897503bb20231d09e6","hashSHA1":"646482636da3255ba7639c470f16d2acc8515ce4","hashSHA256":"330ecbfe63e54cd72fc342928e209fda049c0e15dc2f1ffc3200fe9e9b4c6654","digitalCertThumbprint":"0CBC326DE11C5353B45ED764D65E46BE939DEA97","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS SERVICES, OU=IT, O=SOFTBITS SERVICES, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2290","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.3) 5.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"9540629e6a4ded2444a9c4de58ea9b20","hashSHA1":"7c5ba58eb6c4fb875ffe28fc5a9dd8f89117a25c","hashSHA256":"60f93b772cefda5a28dd40b1c857976e5b4b2bcd405da44826e41620bf492e97","digitalCertThumbprint":"A784F1CD9FEE46C9D23A00DC0D36BFAE8FA95A04","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SERVICES, OU=IT, O=SYSLOGIX SERVICES, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2291","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.9) 3.exe","isInstaller":"True","companyName":"Xtron System Care","productName":"","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"af039e38e326558d10ab32e4cc792222","hashSHA1":"dfcdbc79448b64d0a3e6fa33ccff2f8ad876293f","hashSHA256":"e1874842043fd049498d81b98b8e6c13cffba96baf0a7261cd418a1e128ff594","digitalCertThumbprint":"4480DE31ABF50F62DF419432E6AC1ED40F7043D8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC TOOLS, OU=IT, O=ADEQUATE PC TOOLS, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2292","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.7) 2.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.7","fileVersion":"1.0.0.7","hashMD5":"271ca8932119c90d96a35be4a770210a","hashSHA1":"bccdb1961b0062feb86f6fbbcfb1d04f8114eb49","hashSHA256":"51d6e1dbe5b57be9a187d1756ed1ad03ba71a2c40175e1fdb62037daff305781","digitalCertThumbprint":"FAA51CCC506861B00F2BDF2ED8989E63BCB27F94","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT PC LOGICS, OU=IT, O=INTELLECT PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2293","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.0) 5.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"8109a38cdab82ed5acde7d40dd9da7db","hashSHA1":"c2e931b8054ea8296c09f426f5bbe541efee31b8","hashSHA256":"0c02c7eb8289fc655e0e14f3bbc280f88530eeb9df24fc5dbaabc17d933a60e0","digitalCertThumbprint":"6A5800872C788017AA96DA522A71DE2AB052AFCA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC Utilities, OU=IT, O=NETCOM PC Utilities, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2294","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xpssetup (1.0.1.55).exe","isInstaller":"True","companyName":"Xtron PC Speedup","productVersion":"1.0.1.55","fileVersion":"1.0.1.55","hashMD5":"1cc894887a133efc703b70bdb1bcbead","hashSHA1":"0b7a840de7102e37f34d869b677869207f2c3be6","hashSHA256":"de616d294374acd815acb4f2f7a79c0f2958865ec9487afc5316c28bdffa29a4","digitalCertThumbprint":"CA6477FBE19734CC55AB2CEFD4B20B792483DBD7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2295","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.9) 4.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"f699d6aec2c70d4350462b8593ea412e","hashSHA1":"00353815a267ab31f620a2221f202ac5e4c0c2bc","hashSHA256":"ac466c58eacde78004a3663ba1a7f6c325672b36ffb51076dd288d8953580c5d","digitalCertThumbprint":"4480DE31ABF50F62DF419432E6AC1ED40F7043D8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC TOOLS, OU=IT, O=ADEQUATE PC TOOLS, POBox=302012, STREET=\"33-B, PARMANAND NAGAR, NIWARU ROAD, JHOTWADA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2296","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xpssetup (1.0.1.60).exe","isInstaller":"True","companyName":"Xtron PC Speedup","productVersion":"1.0.1.60","fileVersion":"1.0.1.60","hashMD5":"1a762a788d36da85cc1d1e4461ce9081","hashSHA1":"28f4661bae4f2568acd00cf884f8d62297effa51","hashSHA256":"4843aa3f657a43a1ad0baa439411a30b8e07cdef0a50393152cf570f0037f11c","digitalCertThumbprint":"8FBC13C6E25841DF079A7C6E4432383DD7331A1D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPETENCE TECHNOLOGIES, O=COMPETENCE TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2297","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xpssetup (1.0.0.30).exe","isInstaller":"True","companyName":"Xtron PC Speedup","productVersion":"1.0.0.30","fileVersion":"1.0.0.30","hashMD5":"fdf4b8e9ca218750798460a96eff64c9","hashSHA1":"e66fbedf88d2ad9cf5ca80cca3c498a9ba7114a2","hashSHA256":"1efcce8ae346eea1b63ebf809707590bdb96b5cd810fc4ed31456f3041de801c","digitalCertThumbprint":"CA6477FBE19734CC55AB2CEFD4B20B792483DBD7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2298","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.1) 3.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"96d4aac0b6e89ae1b9556922e70c4ea2","hashSHA1":"bc7c93f56d0c6ad7096738ebf2dced382945c0ed","hashSHA256":"443b7dede9332053eb84a3f4a2931d135f064e556c4f4d33f65a6a259bd50a74","digitalCertThumbprint":"AD07DBDE930258D2D42D5877AAC1F9B01E860DCC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE TECHNOLOGIES, OU=IT, O=SYSCARE TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2299","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.12) 3.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"421988122372ea48a1b2c18eef00daee","hashSHA1":"87ad9f6bd1aac35e2b88aa87874a989de40a2019","hashSHA256":"30af272fe51a028e63f7b7874643e8ed27dcc5a6bb92b4a656bfcdddc2de02e5","digitalCertThumbprint":"0930FFBEEC55314AD0B1AD4BEDC26E612891D618","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DAZZLE PC LOGICS, OU=IT, O=DAZZLE PC LOGICS, POBox=302039, STREET=\"G-15B, VIJAY BADI PATH 1, KHAITAN HOSPITAL, SIKAR ROAD, DEHAR KE BALAJI\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2300","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24).exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"4103609dbf4ae028fdb7f1e726f16ea7","hashSHA1":"0f2ff911545efc6d2f732c9c82ac17be5a0a0392","hashSHA256":"6e836157fed9320b15cb978112a44bd92c8e0d70e7a661c6da49e69c0bca6f49","digitalCertThumbprint":"20A9AA831C6518BA54EC99835D26327DD2F5122D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2301","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 2.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"f782048e9447b1cc8ebe0bebe281bc98","hashSHA1":"d3ee02706dcbf529b30ef086f86ca2a43244f155","hashSHA256":"f0200a798d92933002249aa2d4a23f19047eef014da1732c6f4c7cba034ffd06","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2302","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.13).exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.13","fileVersion":"1.0.0.13","hashMD5":"24fc4cebfd0380807a21f88afb151c85","hashSHA1":"6a7956ade7c5d20490502da98e8596389072fad5","hashSHA256":"f4d1be7f06694e62f28db3d2159a0e321a3670980db949af95545dd1e4a35857","digitalCertThumbprint":"20A9AA831C6518BA54EC99835D26327DD2F5122D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2303","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.18).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"b26e2e21287f691f4c85af1bdeaf8253","hashSHA1":"837c0f3bde3f8285057fb4459c7e210c814ffee5","hashSHA256":"547ffe864c3485115b7b4f69cc9597b9c2763bba4999225a70e167be69e03580","digitalCertThumbprint":"4801BCA3B8A705FA74DBECB08FF311C82FCC44D1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGICS, OU=IT, O=INFOSOFT LOGICS, POBox=303802, STREET=\"291, \tJyoti Furniture, Dholi Mandi, Chomu\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2304","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.18) 4.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"695fff78a58a78d539335ce4b878e63c","hashSHA1":"36f11fdf357d9b8e5530e1c589bf6143d6529b38","hashSHA256":"b88234bed93b0dc20312e44e5581075f632c856cf1dacb5f41da0828a57992f9","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2305","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 3.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"66ce26e4b25014920378ac3894d26ddb","hashSHA1":"ba5d4ed6106c8af2ab15ae08b14e2996243de650","hashSHA256":"fefb1375a1ccc5a88989efaa315120ddb19b56b7dcec60210034c9efdb42f5dd","digitalCertThumbprint":"100A8EC4EE5F4DD4671C7D63B3E9B935EE0C89E8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, O=QBIT SOFTWARE SERVICES, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2306","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 4.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"c8f26faf0de3af58e7ba93381c97d85d","hashSHA1":"c657de9cccfd06d5bc4aeb9c95aa1a80db89606d","hashSHA256":"ed6c3298ac1af90e874386ae1492349c0e1cb7689098bd0324527a6afb03c935","digitalCertThumbprint":"20A9AA831C6518BA54EC99835D26327DD2F5122D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2307","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.13) 2.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.13","fileVersion":"1.0.0.13","hashMD5":"4ec670a7aa8c45cf8ffee192cf1e94f8","hashSHA1":"ba350ff759cd1bcbd4c248efcc9d4717aaf1f387","hashSHA256":"cd825688a3535b05684a496e9bea7bd44fedb8bf10aaf8ffb6c1d65518ddbad7","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2308","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 5.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"6f14955508da93e03e26f7ceb413b9ab","hashSHA1":"b1ce4d221def4ab94ff40ce97593f826380460ff","hashSHA256":"9b4a91bc906a27867a0745e7e288e0d88e6e25ffbafa62a28c23141a72f05e4f","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2309","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.18) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"eff92f82fd9c83bfe6e211c09fa0b2bd","hashSHA1":"a82a9e6407864547cc9dd51f1718315b8fe2c551","hashSHA256":"ccf73816d9e8b70e36fd33847ce9c9618b2d6ccf7f6ea806bb99d0a40ad214eb","digitalCertThumbprint":"4801BCA3B8A705FA74DBECB08FF311C82FCC44D1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGICS, OU=IT, O=INFOSOFT LOGICS, POBox=303802, STREET=\"291, \tJyoti Furniture, Dholi Mandi, Chomu\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2310","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.13) 3.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.13","fileVersion":"1.0.0.13","hashMD5":"77ddeb2afad20bbbc7fc23bedbc5239a","hashSHA1":"9b34a64b96fc6e1ea2ead53316f223d237e62e6d","hashSHA256":"b5f486b73c0ea736441a590acf1ca774326ced567349a51080ade47fd7294389","digitalCertThumbprint":"66E5C147885944AA0606781EA05FE506A46BA3AB","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2311","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.14).exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.14","fileVersion":"1.0.0.14","hashMD5":"416481a358102dadb7dc60d6c543762a","hashSHA1":"040d318ae20b59c2639876d8139f5dc6255875c3","hashSHA256":"649d2cb2ad7d0f37acab58f75a8d9dab8733fb4b829101dc1b21b1b23521ba43","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2312","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 6.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"c35c53419a5317a439e3b49c5f486062","hashSHA1":"ea0a77bd570ca407e4d97f6de3bd78bd09f3ecd5","hashSHA256":"ca528ea1f76883b31b880aecc33b31a066f6dc0664df14d8bf58da51927a8ee2","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2313","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.14) 2.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.14","fileVersion":"1.0.0.14","hashMD5":"2ac95452ff106adf91daea88be0eac7e","hashSHA1":"04b239ed527da791f1c4946804f25cd6bbc420f4","hashSHA256":"e586333af40967e6fa4c7aaf70417709d73f74a24cf0db3d4d1c751a8791f566","digitalCertThumbprint":"20A9AA831C6518BA54EC99835D26327DD2F5122D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2314","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 7.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"13d7aebdfadf7b292cc73e4957abe3a6","hashSHA1":"dbe12c43cfb70cab0f173a86b565406481ace78d","hashSHA256":"36daa7d454989de40a5035a36a1e0c401779a5b559b413de79f0c3e6590d9c64","digitalCertThumbprint":"66E5C147885944AA0606781EA05FE506A46BA3AB","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2315","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 8.exe","isInstaller":"True","companyName":"Xtron System Care","productName":"","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"1225928bb2624b8b9587279a594f7220","hashSHA1":"8fd2c3e64a0570912d33ff2e2c0c8421791636fe","hashSHA256":"8e9798c1524ef0331bdd201d257b18d008dcbb3b5d0101edad4ea46462bf4187","digitalCertThumbprint":"66E5C147885944AA0606781EA05FE506A46BA3AB","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2316","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 9.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"ea5d5a1ed295f328001762c915a03df2","hashSHA1":"2925000c66f94d05dce5bdff384df154df978713","hashSHA256":"c1ad45bce6c6ebae9372ec81eec543d8dda0e5954045839fbdb441f3ffa912b3","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2317","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.13) 4.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.13","fileVersion":"1.0.0.13","hashMD5":"d897863ee82bb80aa89d7df920479108","hashSHA1":"0dea9bed8ca6e7c14727b383615f00ccaa2116e7","hashSHA256":"b589a2e7df21c14b6bf908a851bb77d236612e4b612976c1e943f18944f3d924","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2318","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.14) 3.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.14","fileVersion":"1.0.0.14","hashMD5":"6ce05221f7e3f7499147de728d3eaecc","hashSHA1":"48b4ba0dd632ff4371829129d166eb9d2030ecff","hashSHA256":"a12d460f7606067ad48f9dde90a1ebb01da7ee75c12a609410e86166bba8e7c5","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2319","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.15).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.15","fileVersion":"1.0.0.15","hashMD5":"a984a049708daa2ebce14783c056f8bb","hashSHA1":"b03dab2837fba6db6bf81a419ef5277eab6c54b7","hashSHA256":"6b852dbc4560180453c48a8f562b2a1e59f0250e4f8b38f2030fff2d7574cabe","digitalCertThumbprint":"100A8EC4EE5F4DD4671C7D63B3E9B935EE0C89E8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, O=QBIT SOFTWARE SERVICES, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2321","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.35).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.35","fileVersion":"1.0.0.35","hashMD5":"5a7c5467a359183a7c09b8e3c993b5ab","hashSHA1":"c5a8f304ad2c265ebc4a9ea33efdfe02d010a0ed","hashSHA256":"82650ca0cdb59bd000f1c7e6a5dbcb6ee4c921f100c282af78be622334c65d30","digitalCertThumbprint":"100A8EC4EE5F4DD4671C7D63B3E9B935EE0C89E8","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, O=QBIT SOFTWARE SERVICES, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2322","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.35) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.35","fileVersion":"1.0.0.35","hashMD5":"91a7fced86ba0e17f126840f24daff14","hashSHA1":"0cc6498ed93daf81e08fc3755ebf4fa3f3bd8523","hashSHA256":"c27f3a48e38b9ee1c981789e05ab22a5035c0d4ebfa00e914e866c4ea7f716e5","digitalCertThumbprint":"4801BCA3B8A705FA74DBECB08FF311C82FCC44D1","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGICS, OU=IT, O=INFOSOFT LOGICS, POBox=303802, STREET=\"291, \tJyoti Furniture, Dholi Mandi, Chomu\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2323","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.14) 4.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.14","fileVersion":"1.0.0.14","hashMD5":"dc3972b8156335331276a906753cc083","hashSHA1":"4bc6ea378c81355bab432b4a9910f7bb902e5e86","hashSHA256":"ce3722627b8e5216e213868d8914aa1021a09b81d1f09a3ae2c09fa76d9125d6","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2324","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.2) 3.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"d0d097f95a4c7f776ebdd168f9a0ccf3","hashSHA1":"11df9514595f297e5c06aa4e71d66db35c0ddabe","hashSHA256":"701a97d48169cb83463e01883236511fb407485b07847bb70d2df246ebbb270c","digitalCertThumbprint":"4F0858E66A2893AEAE165BDA74249C6574E6D91F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE PC LOGICS, OU=IT, O=ADEQUATE PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2325","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup.exe (1.0.0.3).exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"82fd54a88d5c67675a2465716aae5fbf","hashSHA1":"8aa20a55f7d52c07f5a539059901fe7b419e690f","hashSHA256":"af3f31325f4844809ddf1ac31085abbcf3c2882f238c0cd2eefc8f32fbb70d01","digitalCertThumbprint":"BA9114FE52FF2AB15F9E88F8D3C1F22DA5221F71","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=VINACLE PC LOGICS, OU=IT, O=VINACLE PC LOGICS, POBox=302039, STREET=\"G-15B, VIJAY BADI PATH 1, KHAITAN HOSPITAL, SIKAR ROAD, DEHAR KE BALAJI\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2326","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xpssetup(1.0.0.25).exe","isInstaller":"True","companyName":"Xtron PC Speedup","productVersion":"1.0.0.25","fileVersion":"1.0.0.25","hashMD5":"eebf5515356c6004e90054f4020171be","hashSHA1":"fcc75d54c72fefa437431977e3484097345adc8b","hashSHA256":"3eda08a1eb11cbcfa06d9c5c2ccbe95322d411ac2029b6b7e8c608cb29af6e1a","digitalCertThumbprint":"D26C333D5FDE2FDD6A71A3A5448BB0496FD6CB6B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, O=SYSCLEAN TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2327","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.50).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.50","fileVersion":"1.0.1.50","hashMD5":"06f770ffbb80778dce2caadd95f25912","hashSHA1":"6510af4784c62d41301a5af76b8cb37fa6e71c2c","hashSHA256":"d5a9fae88c681b855721d6875fa8d38beea2b0b7220d07f0ee1696b2d5a6947e","digitalCertThumbprint":"CA6477FBE19734CC55AB2CEFD4B20B792483DBD7","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2328","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"01dd960b4ebbec2295b33b1d2293384c","hashSHA1":"d06d79c7d8507da98484873cbdb14a90b344d441","hashSHA256":"6bfb19b5b65bee9cd64a93d5cebbb22a226e1682a83052ac78f2390ef7fcb70e","digitalCertThumbprint":"F7EB821D589B21D57E800FAFB537568B48DF34D4","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRETECH SOLUTIONS, OU=IT, O=ASPIRETECH SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2329","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"59dbbb1f50978d9c6ff6f7d00d7a7d26","hashSHA1":"4eda6b9ad1d4d4806a6da2236c3037a4871c4fa8","hashSHA256":"a68d758ee6fd7e49c86ef3f50e72ab5acb8ac1da3997f9a3219314a1a65010fd","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2330","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 3.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"625f0570b1fc109ba728a1fc391d0e4e","hashSHA1":"082fe8a19b402bb83385506963b10ac33ca21ada","hashSHA256":"bebf689cb511bd4367219ee8f9afe42123e288da7f465e75e62d603690f92672","digitalCertThumbprint":"91F20EB94A0922716A48504EC95EE595532FDBE5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=APPIYAN PC SOLUTIONS, OU=IT, O=APPIYAN PC SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2331","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 4.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"dab56e478b700b38c1bded0d1fdf108d","hashSHA1":"cf1ebad6d7b78dec37b5163201e0c1652f8114e5","hashSHA256":"e8448d15713e202335af5491d35ec895bfcb468a3fd79255ed65e87096019da6","digitalCertThumbprint":"91F20EB94A0922716A48504EC95EE595532FDBE5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=APPIYAN PC SOLUTIONS, OU=IT, O=APPIYAN PC SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2332","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 5.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"d5c0cab12ea8904894ac81a87ac90f90","hashSHA1":"df9a377cd5a75facf54fd649ffaa6a20cd185ecb","hashSHA256":"d89f9519a83c06f5b20307c77065db881353aa738653590d1a2efebd22a59889","digitalCertThumbprint":"2904C038227E558279CA9D2F233D313902C8E158","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPETENCE TECHNOLOGlES, O=COMPETENCE TECHNOLOGlES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2333","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 6.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"57d59a9fa59af8586925c4fb92906cd4","hashSHA1":"137b0e4b7e2eef20cb549df82c23f5e13b3208b5","hashSHA256":"35fff03df895f096a3933cda4df3d829f208258a62679c12233f5315f38e7dfc","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2334","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 7.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"316c9a83869021db15692195ff2042e3","hashSHA1":"d539842d429d8292d2ce10bfb92b0aa074f6b149","hashSHA256":"db4afbf4f9a7a9c42e9da8514170f1c891e37511892cc20c224124a95aa864ad","digitalCertThumbprint":"8B8618A227240B027061D2F359D96CEA55C06224","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CLOVER PC UTlLlTlES, O=CLOVER PC UTlLlTlES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2335","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 8.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"4df595ab39ff60217ba2275ec638babc","hashSHA1":"f334cbd6f8ec2daa2cc77bfc0e8f52c9f63bd789","hashSHA256":"5d8331d2ea6194b52c7986b87acafa6346a50bf39c2c9c1e7dfe1a3f8476adfc","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2336","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 9.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"b6a74a72b3d3e7450295c6f2214b808e","hashSHA1":"2037f4a3a6e6d78f7c9965867222373a9be0f19f","hashSHA256":"3c3ee4b310542032808741be340fca5a29b07e06991d3b87f13b9f506d847ecb","digitalCertThumbprint":"F7EB821D589B21D57E800FAFB537568B48DF34D4","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ASPIRETECH SOLUTIONS, OU=IT, O=ASPIRETECH SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2337","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.180) 10.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.180","fileVersion":"1.0.1.180","hashMD5":"8e5b754a8b5fd23b2d0a59cd47b96088","hashSHA1":"3d8999fd72b1b40be09b990afb11c16a3d16b662","hashSHA256":"0aaae179a55c8d8dbd6596decc67b0b51324317bf5b8573d5708a837fc3cd27d","digitalCertThumbprint":"2904C038227E558279CA9D2F233D313902C8E158","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPETENCE TECHNOLOGlES, O=COMPETENCE TECHNOLOGlES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2338","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.125).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.125","fileVersion":"1.0.1.125","hashMD5":"f32c6cf1a7b2c40072483f36846e8d78","hashSHA1":"d4d19b025a50c82d019e69344a18eb7c50a7d2e7","hashSHA256":"14cd1197a78e307a656ca10bb7eaacc089ad12e86d3031e53cde92ed5dc2e433","digitalCertThumbprint":"91F20EB94A0922716A48504EC95EE595532FDBE5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=APPIYAN PC SOLUTIONS, OU=IT, O=APPIYAN PC SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2339","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.15).exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.15","fileVersion":"1.0.0.15","hashMD5":"b0a73df45f7b79c6f2b948be12ef2787","hashSHA1":"9c4638cbcf068a335fd9d45b69760048dfd13935","hashSHA256":"d60eef81301cac182edd922d103aa416685d3f49484f899ae056a81a0e743fe4","digitalCertThumbprint":"20A9AA831C6518BA54EC99835D26327DD2F5122D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2340","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.3).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.3","fileVersion":"1.0.2.3","hashMD5":"9ac8cd3615bf01210077104cbad62c53","hashSHA1":"2c78551e2e08f5dde8e9395d9aa592ce1cfb638e","hashSHA256":"6e72a7c50f71317134d889fa473a3d01084aa3ee1c939ed7b77fd0360930bd97","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2341","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.3) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.3","fileVersion":"1.0.2.3","hashMD5":"a9bd811a19d8d2f25a7870d7882169f9","hashSHA1":"8579bf8e45f938959ef222868e0dde2c24adfbcf","hashSHA256":"b1b85dd015b37a66e596e521b3fa443a0c30e843a5f7c8f82a86ac0f48e548e3","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2342","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.3) 3.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.3","fileVersion":"1.0.2.3","hashMD5":"bd4efea534abde4db8a4e54d785930dc","hashSHA1":"cafc8db25f8a96afadd9713df9f77b1aa7ca5d88","hashSHA256":"2161319a0b2acf46dfc618e514b80aba22208c2fea1fd9d012b59d801f376bf5","digitalCertThumbprint":"A37A23EEC118CF1C745AA12ADB6AAB5ADBDE24DE","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTlONS, O=TECHNOSOFT SOLUTlONS, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2343","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.3) 4.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.3","fileVersion":"1.0.2.3","hashMD5":"a86c05f0b1a7db3edecac51648a834ec","hashSHA1":"f7e93278606af6517199e0383e57be8244a18837","hashSHA256":"f6dfd9fc7051526bd4da1744c4578384f9b3699317c584c1774e00428c87f5ac","digitalCertThumbprint":"91F20EB94A0922716A48504EC95EE595532FDBE5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=APPIYAN PC SOLUTIONS, OU=IT, O=APPIYAN PC SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2344","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.14) 5.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.14","fileVersion":"1.0.0.14","hashMD5":"c702a104aff7f5234f9d12d50e895767","hashSHA1":"1c8bcbfe4303f3d4b66d036ad17cd0bcb37a2b04","hashSHA256":"0e0fc4bfb683007ac51b334adc766d5eddc9ed1b98b6a0b3503a0487df751d1d","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2345","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.1) 12.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"69f448f2da8ced425ded0553920e8de2","hashSHA1":"5ce4cf2ea66b566d62851157f7e4f81db3a1fbfb","hashSHA256":"507eeccbd555cf0cae9061ec6146f0bf6577b6f78d18c13a74405da5567db0b1","digitalCertThumbprint":"7266FD68C89DE584618B68C6144FEB2270F9E287","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2346","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.18) 5.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.18","fileVersion":"1.0.0.18","hashMD5":"2b473762b5ad0a3f7e3d1277a8da1769","hashSHA1":"e4bcb188715a750ef5061d04e0e43e74dee6de98","hashSHA256":"a7bff5a4d7ada356a0f97eed70ee9aaa07b5b767e3195886a7ace437a352a15f","digitalCertThumbprint":"66E5C147885944AA0606781EA05FE506A46BA3AB","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2347","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.0.15) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.0.15","fileVersion":"1.0.0.15","hashMD5":"820eecfa62e6f4ee9dd64c0c1cb9b25f","hashSHA1":"ae0e99ff1eaf1bdb401c6c96ef76bf7aa965f127","hashSHA256":"004ec9a057dbb3fbe57f4bdeb463c9f29c72df6f161d411a5ade310485b09a66","digitalCertThumbprint":"D26C333D5FDE2FDD6A71A3A5448BB0496FD6CB6B","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, O=SYSCLEAN TECHNOLOGIES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2350","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xscsetup (1.0.0.24) 10.exe","isInstaller":"True","companyName":"Xtron System Care","productVersion":"1.0.0.24","fileVersion":"1.0.0.24","hashMD5":"3e3514b51191bd7994e72f2bfd980a5f","hashSHA1":"da3ec8c253b9ac9972284810fcea8fd896eaf917","hashSHA256":"11284c84c5eab36fb476384efa610fd82426486991f86336e0d31b2d88620e07","digitalCertThumbprint":"20A9AA831C6518BA54EC99835D26327DD2F5122D","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2351","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.125) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.125","fileVersion":"1.0.1.125","hashMD5":"aa9622286b1f65a468861e03dd7c096d","hashSHA1":"5099c5235f41369039b0c8e4f5e06d02d0cfaa41","hashSHA256":"ecc21e09b7a8f302878dd670782afaf64662d995bea4c1576abb684a90262d45","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2352","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.100).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.100","fileVersion":"1.0.1.100","hashMD5":"e743cb75bb6cb87f5914307ce2b5de6b","hashSHA1":"3cce8844c7bec4e77f1e7c05ceb550d32a27012a","hashSHA256":"53547a2ed57cdeeecc2002b1818df1d2fcfd1d13a3c5098fa82b60c5548be4b7","digitalCertThumbprint":"650CAA83450550E1DB1AE5F002A896A79FABFDBA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=X2LABS SOFTWARES, OU=IT, O=X2LABS SOFTWARES, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2353","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.40).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.40","fileVersion":"1.0.2.40","hashMD5":"d06647357c2100bfa02a2b563f0a1532","hashSHA1":"d5cae613c86b351ce588988cc434793cdb5fd76f","hashSHA256":"87bd6f20a971d0571d3f48aafdc45f10919c2655aad5299c49a5003532598399","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, O=NETCOM PC LOGICS, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2354","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.40) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.40","fileVersion":"1.0.2.40","hashMD5":"5ee4fb30edec1e9381e1f743d676df6a","hashSHA1":"b37edf93bdaaaf03a029a149fe65bd6984231eb0","hashSHA256":"3163f1a02c56aad67ef3f7337c9c371758406528dbbcbe679d17efca0bd54e9d","digitalCertThumbprint":"0A18076E87A037D7C1971F5EB62E96E624428BFF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, O=SOFTBITS PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2355","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.40) 3.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.40","fileVersion":"1.0.2.40","hashMD5":"399e40306d64169055bfb56064495cd0","hashSHA1":"6ea0bd6e8f5dc99b9bf29e535ad95cdae2c24af9","hashSHA256":"875f13c71d4d22864dbc7266cc59e1d9ac53e0d83cefe58c3097ac74c2fa06c9","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, O=NETCOM PC LOGICS, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2356","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.40) 4.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.40","fileVersion":"1.0.2.40","hashMD5":"8a2f3a523ec082af381666bb791c5372","hashSHA1":"e41965860a2de01f60c8a19d104c8e97554b7da6","hashSHA256":"aa30352139012c8aca610aef45b847ea06385db801b7181b4f90344d07839997","digitalCertThumbprint":"A6E6ACC0A8C89EFE75F82E0BCD499F09202E914A","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, O=INTELLECT SOFTWARES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2357","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.40) 5.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.40","fileVersion":"1.0.2.40","hashMD5":"8b6b538243f5365d77c59a6974507ab9","hashSHA1":"ee8621031dcf065ff5a1b235eae47fe3f0bb6927","hashSHA256":"37da8bd23e732d5ea0b239c6db3dac9fda1d6b39e8bb61a5fb91e5f3b7e7b92a","digitalCertThumbprint":"0A18076E87A037D7C1971F5EB62E96E624428BFF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, O=SOFTBITS PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2358","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.40) 6.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.40","fileVersion":"1.0.2.40","hashMD5":"7a4a4eea7da2c64a5d9304d9592391d5","hashSHA1":"ef63f99defd182f7384b21e2ab670473b782d39c","hashSHA256":"6299ff53f7e56c45b6a1b381deee6d649e5a0170272ff302ce4831ab4f0288ea","digitalCertThumbprint":"A6E6ACC0A8C89EFE75F82E0BCD499F09202E914A","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, O=INTELLECT SOFTWARES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2359","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.5).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.5","fileVersion":"1.0.2.5","hashMD5":"0578b927e32a730b1475190d9f3fc03a","hashSHA1":"f9f673ffe5186e65ef5d65c7bb8c4c73f927d91a","hashSHA256":"ecc295a102acb2de57b873aed4405210edfabfe41a80f4da41b1e58b411d028f","digitalCertThumbprint":"0BF3ABD880233F2BCC11C48D8C7CBB7C5527F720","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGlCS, O=INFOSOFT LOGlCS, STREET=\"291, Jyoti Furniture, Dholi Mandi, Chomu\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2360","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.5) 2.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.5","fileVersion":"1.0.2.5","hashMD5":"b9e196821165f0c2783bb8b53d678c66","hashSHA1":"53ed4f51b7d54d7c0c35a50447592e81fdb21f3f","hashSHA256":"8ee86486a6085df3965c959bb61caaba45424cc1e195650cfd8fbf587ab38a4d","digitalCertThumbprint":"E1C8ACC09A347489F4ADD45DB941F65C13E712C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT INFO SERVlCES, O=CONNECT INFO SERVlCES, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2361","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.5) 3.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.5","fileVersion":"1.0.2.5","hashMD5":"19115367870cca50b248e42bc1243948","hashSHA1":"82040abeed1794923f51de18b4bec8de39f497c5","hashSHA256":"4ed3b108ad0a7b6513126f6caa1d87f3f90b178f7f6030433776eca823399605","digitalCertThumbprint":"0BF3ABD880233F2BCC11C48D8C7CBB7C5527F720","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INFOSOFT LOGlCS, O=INFOSOFT LOGlCS, STREET=\"291, Jyoti Furniture, Dholi Mandi, Chomu\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2362","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.5) 4.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.5","fileVersion":"1.0.2.5","hashMD5":"0e55794b6d92fc4a38b0f05e4b7c0135","hashSHA1":"541f37936644d04404a6397513a35e46283b0a21","hashSHA256":"932af818356a3a246a849c502836973980fd7241acd4fac8dba4364543d118e5","digitalCertThumbprint":"50D245425EEBABAA5DBD39C984E2BABDC3C37C90","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GENNEXT PC LOGlCS, O=GENNEXT PC LOGlCS, STREET=WARD NUMBER 12 SULTANA, L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2363","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.5) 5.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.5","fileVersion":"1.0.2.5","hashMD5":"73d62317d648b0aca1cebbc0b34b3c6e","hashSHA1":"c68f623815839cf03ccf24a98286ecd89fec3563","hashSHA256":"b6617a7b15d492db28b0878d22642f5c12df64ef03aee74cab9dcb82e79799ad","digitalCertThumbprint":"50D245425EEBABAA5DBD39C984E2BABDC3C37C90","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GENNEXT PC LOGlCS, O=GENNEXT PC LOGlCS, STREET=WARD NUMBER 12 SULTANA, L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2364","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xpssetup (1.0.3.8).exe","isInstaller":"True","companyName":"Xtron PC Speedup","productVersion":"1.0.3.8","fileVersion":"1.0.3.8","hashMD5":"ea0ca998d1561fc6319bc43b3436d443","hashSHA1":"84dc226e516180b0ca97bcdbc4818a3a9531cfa7","hashSHA256":"9ea828dbe718b29b64bddc1d6a6dcca229d032a43cced88904593b8a76b5d641","digitalCertThumbprint":"0A18076E87A037D7C1971F5EB62E96E624428BFF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, O=SOFTBITS PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2367","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","COMODO Antivirus (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","Trend Micro Internet Security (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xcpsetup (1.0.3.7).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.3.7","fileVersion":"1.0.3.7","hashMD5":"4796af8e636d334f0bfb6b2204a75c19","hashSHA1":"9bfb0ce55f2e155fc7d811d4d3c7e5ce3f1d8f80","hashSHA256":"f7bd209a2cb5b2dea914bd19fe270e65e46da5faae9d5c6d19affbcbaaf91474","digitalCertThumbprint":"0A18076E87A037D7C1971F5EB62E96E624428BFF","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, O=SOFTBITS PC LOGICS, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2368","avBlockList":["360 Total Security (20200102)","Avast Internet Security (20200102)","AVG Internet Security (20200102)","Avira Internet Security (20200102)","Bitdefender Internet Security (20200102)","Dr.Web Security Space (20200102)","ESET Internet Security (20200102)","G DATA INTERNET SECURITY (20200102)","K7 Total Security (20200102)","Kaspersky Internet Security (20200102)","Malwarebytes Premium (20200102)","McAfee Total Protection (20200102)","Norton Security (20200102)","Panda Dome (20200102)","Quick Heal Internet Security (20200102)","Sophos Home Premium (20200102)","Tencent PC Manager (20200102)","VIPRE Advanced Security (20200102)","VirIT eXplorer PRO (20200102)","Webroot SecureAnywhere (20200102)","Windows Defender (20200102)"],"avAllowList":["COMODO Antivirus (20200102)","Trend Micro Internet Security (20200102)"]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.40) 7.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.40","fileVersion":"1.0.2.40","hashMD5":"06de41cf263525b41a10da95e95a2027","hashSHA1":"0734dd5a95e6d97ab474aa2f0f71214bd18febff","hashSHA256":"8fe9c84ef042976be41516754893f54e1f0b73394b0bf5ed673711b3bd8a5b73","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, O=NETCOM PC LOGICS, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2369","avBlockList":["Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":["360 Total Security (20191202)","Quick Heal Internet Security (20191202)","Trend Micro Internet Security (20191202)"]},{"isRevoked":"False","fileName":"xcpsetup (1.0.1.135).exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.1.135","fileVersion":"1.0.1.135","hashMD5":"ceed21ff7a5867f685e0f3cbe3ae8e97","hashSHA1":"85bbcbd01118382561a92a79254356e8ad09252b","hashSHA256":"e9ba00d35a63faf03c815bbaac395dfdc46df8d73516975159f5406d84c86bf1","digitalCertThumbprint":"91F20EB94A0922716A48504EC95EE595532FDBE5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=APPIYAN PC SOLUTIONS, OU=IT, O=APPIYAN PC SOLUTIONS, POBox=302015, STREET=\"F-9 , MADHUBHAN COLONY , NEAR TONK PATHAK , TONK ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302015, C=IN","sourceIndex":"2370","avBlockList":["360 Total Security (20191202)","Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"xpssetup (1.0.3.8) 2.exe","isInstaller":"True","companyName":"Xtron PC Speedup","productVersion":"1.0.3.8","fileVersion":"1.0.3.8","hashMD5":"3101634d61113f692c53721ef7a645de","hashSHA1":"0a40e5e60ff8831fbd31c1078c318f0f7e7c8b5b","hashSHA256":"4fcfe9689e5a54cdca72685d32c3601abe3fdb259f0012164b955d0a2fadbf89","digitalCertThumbprint":"A6E6ACC0A8C89EFE75F82E0BCD499F09202E914A","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, O=INTELLECT SOFTWARES, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2371","avBlockList":["Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Windows Defender (20191202)"],"avAllowList":["360 Total Security (20191202)","Trend Micro Internet Security (20191202)","Webroot SecureAnywhere (20191202)"]},{"isRevoked":"False","fileName":"xcpsetup (1.0.2.40) 8.exe","isInstaller":"True","companyName":"Xtron Cleanup Pro","productVersion":"1.0.2.40","fileVersion":"1.0.2.40","hashMD5":"b38fd81275a103364840ae9680d81ca2","hashSHA1":"ba5461458d59ea028cc9afb6a9b84a40c5a77a5b","hashSHA256":"b7ec5dc5ec18569fbbee162604b84f2c4eb33c28a5c954463ec30e0f49ee504b","digitalCertThumbprint":"59814FA259AFBF3A271F92BCF9783446F2270434","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=NETCOM PC LOGICS, O=NETCOM PC LOGICS, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2372","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"To fix these, you need to purchase the activation key\"","reference":"http://www.pc-faster.xyz/","landingPage":"http://www.pc-faster.xyz/","directDownloadingLink":"http://dl.pc-faster.xyz/xsc/srcbulid/pc-faster_xyz/xscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.pc-faster.xyz/xsc/srcbulid/pc-faster_xyz/xscsetup.exe","sourceIndex":"2237"},{"howFound":"","reference":"","landingPage":"http://www.mypcfixer-tool.fun/","directDownloadingLink":"http://dl.mypcfixer-tool.fun/xsc/srcbulid/mypcfixer-tool_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2238"},{"howFound":"","reference":"","landingPage":"http://www.super-fastclean.xyz/","directDownloadingLink":"https://dl.super-fastclean.xyz/xsc/srcbulid/super-fastclean_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2239"},{"howFound":"","reference":"","landingPage":"http://www.win-pccleaner.fun/","directDownloadingLink":"http://dl.win-pccleaner.fun/xsc/srcbulid/win-pccleaner_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2240"},{"howFound":"","reference":"","landingPage":"http://winsystem-cleaner.xyz/","directDownloadingLink":"http://dl.winsystem-cleaner.xyz/xsc/srcbulid/winsystem-cleaner_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2241"},{"howFound":"","reference":"","landingPage":"http://winpc-cleaner.xyz/","directDownloadingLink":"http://dl.winpc-cleaner.xyz/xsc/srcbulid/winpc-cleaner_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2242"},{"howFound":"","reference":"","landingPage":"http://www.winsystems-cleaner.xyz/","directDownloadingLink":"http://dl.winsystems-cleaner.xyz/xsc/srcbulid/winsystems-cleaner_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2243"},{"howFound":"","reference":"","landingPage":"http://system-faster.xyz/","directDownloadingLink":"http://dl.system-faster.xyz/xsc/srcbulid/system-faster_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2244"},{"howFound":"","reference":"","landingPage":"http://system-pcfast.xyz/","directDownloadingLink":"http://dl.system-pcfast.xyz/xsc/srcbulid/system-pcfast_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2245"},{"howFound":"","reference":"","landingPage":"http://www.super-cleanpc.xyz/","directDownloadingLink":"https://dl.super-cleanpc.xyz/xsc/srcbulid/super-cleanpc_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2246"},{"howFound":"","reference":"","landingPage":"http://www.instants-cleaners.xyz/","directDownloadingLink":"https://dl.instants-cleaners.xyz/xsc/srcbulid/instants-cleaners_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2247"},{"howFound":"","reference":"","landingPage":"http://www.secure-toolpcs.xyz/","directDownloadingLink":"https://dl.secure-toolpcs.xyz/xsc/srcbulid/secure-toolpcs_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2248"},{"howFound":"","reference":"","landingPage":"http://pc-optimizers.xyz/","directDownloadingLink":"https://dl.pc-optimizers.xyz/xsc/srcbulid/pc-optimizers_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2249"},{"howFound":"","reference":"","landingPage":"http://www.systems-booster.xyz/","directDownloadingLink":"https://dl.systems-booster.xyz/xsc/srcbulid/systems-booster_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2250"},{"howFound":"","reference":"","landingPage":"http://systems-cleaners.xyz/","directDownloadingLink":"https://dl.systems-cleaners.xyz/xsc/srcbulid/systems-cleaners_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2251"},{"howFound":"","reference":"","landingPage":"http://pc-cleaners.xyz/","directDownloadingLink":"https://dl.pc-cleaners.xyz/xsc/srcbulid/pc-cleaners_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2252"},{"howFound":"","reference":"","landingPage":"http://pcs-boost.xyz/","directDownloadingLink":"http://dl.pcs-boost.xyz/xsc/srcbulid/pcs-boost_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2253"},{"howFound":"","reference":"","landingPage":"http://www.instant-pcclean.xyz/","directDownloadingLink":"https://dl.instant-pcclean.xyz/xsc/srcbulid/instant-pcclean_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2254"},{"howFound":"","reference":"","landingPage":"http://systems-cleaner.club/","directDownloadingLink":"http://dl.systems-cleaner.club/xsc/srcbulid/systems-cleaner_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2255"},{"howFound":"","reference":"","landingPage":"http://www.secure-pctools.club/","directDownloadingLink":"http://dl.secure-pctools.club/xsc/srcbulid/secure-pctools_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2256"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://quick-cleaner.xyz/","directDownloadingLink":"https://dl.quick-cleaner.xyz/xcp/srcbulid/quick-cleaner_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2257"},{"howFound":"","reference":"","landingPage":"http://www.systems-boost.club/","directDownloadingLink":"http://dl.systems-boost.club/xsc/srcbulid/systems-boost_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2258"},{"howFound":"","reference":"","landingPage":"http://quick-cleaner.club/","directDownloadingLink":"http://dl.quick-cleaner.club/xsc/srcbulid/quick-cleaner_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2259"},{"howFound":"","reference":"","landingPage":"http://optimize-system.club/","directDownloadingLink":"http://dl.optimize-system.club/xsc/srcbulid/optimize-system_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2260"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://optimize-system.xyz/","directDownloadingLink":"https://dl.optimize-system.xyz/xcp/srcbulid/optimize-system_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2261"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.fast-systools.xyz/","directDownloadingLink":"https://dl.fast-systools.xyz/xcp/srcbulid/fast-systools_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2262"},{"howFound":"","reference":"","landingPage":"http://www.fast-systools.club/","directDownloadingLink":"http://dl.fast-systools.club/xsc/srcbulid/fast-systools_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2263"},{"howFound":"","reference":"","landingPage":"http://www.smartoptimizev.fun/","directDownloadingLink":"https://dl.smartoptimizev.fun/xsc/srcbulid/smartoptimizev_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2264"},{"howFound":"","reference":"Xtron PC Speedup","landingPage":"http://www.superpc-tools.xyz/","directDownloadingLink":"https://dl.superpc-tools.xyz/xps/srcbulid/superpc-tools_xyz/xpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2265"},{"howFound":"","reference":"","landingPage":"http://www.superpc-tools.club/","directDownloadingLink":"http://dl.superpc-tools.club/xsc/srcbulid/superpc-tools_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2266"},{"howFound":"","reference":"Xtron Optimizer Pro","landingPage":"http://pc-boost.live/","directDownloadingLink":"https://dl.pc-boost.live/xop/srcbulid/pc-boost_live/xopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2267"},{"howFound":"","reference":"Xtron Optimizer Pro","landingPage":"http://pc-boost.xyz/","directDownloadingLink":"https://dl.pc-boost.xyz/xop/srcbulid/pc-boost_xyz/xopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2268"},{"howFound":"","reference":"","landingPage":"http://pc-boost.club/","directDownloadingLink":"https://dl.pc-boost.club/xsc/srcbulid/pc-boost_club/xscsetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","sourceIndex":"2269"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://optimize-tools.xyz/","directDownloadingLink":"https://dl.optimize-tools.xyz/xcp/srcbulid/optimize-tools_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2270"},{"howFound":"","reference":"Xtron Optimizer Pro","landingPage":"http://optimize-tools.live/","directDownloadingLink":"https://dl.optimize-tools.live/xop/srcbulid/optimize-tools_live/xopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2271"},{"howFound":"","reference":"","landingPage":"http://optimize-tools.club/","directDownloadingLink":"http://dl.optimize-tools.club/xsc/srcbulid/optimize-tools_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2272"},{"howFound":"","reference":"","landingPage":"http://supers-cleaner.club/","directDownloadingLink":"http://dl.supers-cleaner.club/xsc/srcbulid/supers-cleaner_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2273"},{"howFound":"","reference":"","landingPage":"http://supers-cleaner.live/","directDownloadingLink":"https://dl.supers-cleaner.live/xsc/srcbulid/supers-cleaner_live/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2274"},{"howFound":"","reference":"","landingPage":"http://www.instant-cleaner.club/","directDownloadingLink":"http://dl.instant-cleaner.club/xsc/srcbulid/instant-cleaner_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2275"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.instant-cleaner.xyz/","directDownloadingLink":"https://dl.instant-cleaner.xyz/xcp/srcbulid/instant-cleaner_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2276"},{"howFound":"","reference":"","landingPage":"http://www.system-boost.club/","directDownloadingLink":"http://dl.system-boost.club/xsc/srcbulid/system-boost_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2277"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.system-boost.xyz/","directDownloadingLink":"https://dl.system-boost.xyz/xcp/srcbulid/system-boost_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2278"},{"howFound":"","reference":"Xtron Optimizer Pro","landingPage":"http://www.system-boost.live","directDownloadingLink":"https://dl.system-boost.live/xop/srcbulid/system-boost_live/xopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2279"},{"howFound":"","reference":"","landingPage":"http://www.mypcfixer-tool.fun/","directDownloadingLink":"http://dl.mypcfixer-tool.fun/xsc/securerc/mypcfixer-tool_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2280"},{"howFound":"","reference":"","landingPage":"http://www.mypcfixer-tool.xyz/","directDownloadingLink":"http://dl.mypcfixer-tool.xyz/xsc/securerc/mypcfixer-tool_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2281"},{"howFound":"","reference":"Xtron Optimizer Pro","landingPage":"http://www.pc-booster.xyz/","directDownloadingLink":"https://dl.pc-booster.xyz/xop/srcbulid/pc-booster_xyz/xopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2282"},{"howFound":"","reference":"","landingPage":"http://www.pc-booster.club/","directDownloadingLink":"https://dl.pc-booster.club/xsc/srcbulid/pc-booster_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2283"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.super-cleanerh.fun/","directDownloadingLink":"https://dl.super-cleanerh.fun/xcp/srcbulid/super-cleanerh_fun/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2284"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://pcs-optimize.club/","directDownloadingLink":"http://dl.pcs-optimize.club/xsc/srcbulid/pcs-optimize_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2285"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://pcs-optimize.live/","directDownloadingLink":"https://dl.pcs-optimize.live/xsc/srcbulid/pcs-optimize_live/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2286"},{"howFound":"","reference":"Xtron Optimizer Pro","landingPage":"http://faster-pctools.live/","directDownloadingLink":"https://dl.faster-pctools.live/xop/srcbulid/faster-pctools_live/xopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2287"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://faster-pctools.xyz/","directDownloadingLink":"https://dl.faster-pctools.xyz/xcp/srcbulid/faster-pctools_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2288"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://faster-pctools.club/","directDownloadingLink":"http://dl.faster-pctools.club/xsc/srcbulid/faster-pctools_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2289"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://secures-pctools.club/","directDownloadingLink":"http://dl.secures-pctools.club/xsc/srcbulid/secures-pctools_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2290"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pcs-booster.xyz/","directDownloadingLink":"http://dl.pcs-booster.xyz/xsc/srcbulid/pcs-booster_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2291"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pcs-booster.club/","directDownloadingLink":"http://dl.pcs-booster.club/xsc/srcbulid/pcs-booster_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2292"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://optimizes-tools.club/","directDownloadingLink":"http://dl.optimizes-tools.club/xsc/srcbulid/optimizes-tools_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2293"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.pc-optimize.xyz/","directDownloadingLink":"https://dl.pc-optimize.xyz/xcp/srcbulid/pc-optimize_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2294"},{"howFound":"","reference":"Xtron PC Speedup","landingPage":"http://www.pc-optimize.live/","directDownloadingLink":"https://dl.pc-optimize.live/xps/srcbulid/pc-optimize_live/xpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2295"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pc-optimize.club/","directDownloadingLink":"http://dl.pc-optimize.club/xsc/srcbulid/pc-optimize_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2296"},{"howFound":"","reference":"Xtron PC Speedup","landingPage":"https://www.onlinecleanern.icu/","directDownloadingLink":"https://dl.onlinecleanern.icu/xps/srcbulid/onlinecleanern_icu/xpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2297"},{"howFound":"","reference":"Xtron PC Speedup","landingPage":"http://www.system-cleaner.live/","directDownloadingLink":"https://dl.system-cleaner.live/xps/srcbulid/system-cleaner_live/xpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2298"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.system-cleaner.xyz/","directDownloadingLink":"https://dl.system-cleaner.xyz/xcp/srcbulid/system-cleaner_xyz/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2299"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.system-cleaner.club/","directDownloadingLink":"http://dl.system-cleaner.club/xsc/srcbulid/system-cleaner_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2300"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.instant-boostk.fun/","directDownloadingLink":"https://dl.instant-boostk.fun/xsc/srcbulid/instant-boostk_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2301"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.super-cleanq.fun/","directDownloadingLink":"https://dl.super-cleanq.fun/xsc/srcbulid/super-cleanq_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2302"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.fast-systoolsp.fun/","directDownloadingLink":"https://dl.fast-systoolsp.fun/xsc/srcbulid/fast-systoolsp_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2303"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.pc-boosterq.fun/","directDownloadingLink":"https://dl.pc-boosterq.fun/xcp/srcbulid/pc-boosterq_fun/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2304"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pc-optimizeb.icu/","directDownloadingLink":"https://dl.pc-optimizeb.icu/xsc/srcbulid/pc-optimizeb_icu/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2305"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.smartboostera.fun/","directDownloadingLink":"https://dl.smartboostera.fun/xsc/srcbulid/smartboostera_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2306"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pc-optimizen.fun/","directDownloadingLink":"https://dl.pc-optimizen.fun/xsc/srcbulid/pc-optimizen_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2307"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.faster-pctoolss.fun/","directDownloadingLink":"https://dl.faster-pctoolss.fun/xsc/srcbulid/faster-pctoolss_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2308"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.secure-pctoolsl.fun/","directDownloadingLink":"https://dl.secure-pctoolsl.fun/xsc/srcbulid/secure-pctoolsl_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2309"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.system-boostt.fun/","directDownloadingLink":"https://dl.system-boostt.fun/xcp/srcbulid/system-boostt_fun/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2310"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.optimize-systemt.fun/","directDownloadingLink":"https://dl.optimize-systemt.fun/xsc/srcbulid/optimize-systemt_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2311"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.instant-boostw.icu/","directDownloadingLink":"https://dl.instant-boostw.icu/xsc/srcbulid/instant-boostw_icu/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2312"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.secure-pctoolsj.pw/","directDownloadingLink":"https://dl.secure-pctoolsj.pw/xsc/srcbulid/secure-pctoolsj_pw/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2313"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.system-cleanerf.pw/","directDownloadingLink":"https://dl.system-cleanerf.pw/xsc/srcbulid/system-cleanerf_pw/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2314"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.system-boosto.icu/","directDownloadingLink":"https://dl.system-boosto.icu/xsc/srcbulid/system-boosto_icu/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2315"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pc-cleanerm.fun/","directDownloadingLink":"https://dl.pc-cleanerm.fun/xsc/srcbulid/pc-cleanerm_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2316"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.optimize-toolsn.fun/","directDownloadingLink":"https://dl.optimize-toolsn.fun/xsc/srcbulid/optimize-toolsn_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2317"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.superpc-toolsu.icu/","directDownloadingLink":"https://dl.superpc-toolsu.icu/xsc/srcbulid/superpc-toolsu_icu/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2318"},{"howFound":"","reference":"http://www.superpc-toolsu.icu/","landingPage":"http://www.optimize-systemx.icu/","directDownloadingLink":"https://dl.optimize-systemx.icu/xsc/srcbulid/optimize-systemx_icu/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2319"},{"howFound":"","reference":"Xtron PC Speedup","landingPage":"https://www.onlinecleanero.fun/","directDownloadingLink":"https://dl.onlinecleanero.fun/xps/srcbulid/onlinecleanero_fun/xpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2320"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.pconlinecleanerx.pw/","directDownloadingLink":"https://dl.pconlinecleanerx.pw/xcp/srcbulid/pconlinecleanerx_pw/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2321"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.instantoptimizec.icu/","directDownloadingLink":"https://dl.instantoptimizec.icu/xcp/srcbulid/instantoptimizec_icu/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2322"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.pcspeedupb.pw/","directDownloadingLink":"https://dl.pcspeedupb.pw/xcp/srcbulid/pcspeedupb_pw/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2323"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.fast-systoolsc.icu","directDownloadingLink":"https://dl.fast-systoolsc.icu/xsc/srcbulid/fast-systoolsc_icu/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2324"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pcs-cleaner.live/","directDownloadingLink":"https://dl.pcs-cleaner.live/xsc/srcbulid/pcs-cleaner_live/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2325"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pcs-cleaner.club/","directDownloadingLink":"http://dl.pcs-cleaner.club/xsc/srcbulid/pcs-cleaner_club/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2326"},{"howFound":"","reference":"Xtron PC Speedup","landingPage":"http://www.smartcleaner.club/","directDownloadingLink":"https://dl.smartcleaner.club/xps/srcbulid/superpc-tools_xyz/xpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2327"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"https://www.pconlinecleanupi.pw/","directDownloadingLink":"https://dl.pconlinecleanupi.pw/xcp/srcbulid/pconlinecleanupi_pw/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2328"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://app-cleanup.today/","directDownloadingLink":"http://dl.app-cleanup.today/xcp/srcbulid/app-cleanup_today/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2329"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://app-cleanup.world/","directDownloadingLink":"http://dl.app-cleanup.world/xcp/srcbulid/app-cleanup_world/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2330"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://app-cleanup.win/","directDownloadingLink":"http://dl.app-cleanup.win/xcp/srcbulid/app-cleanup_win/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2331"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.windows-cleanup.today/","directDownloadingLink":"http://dl.windows-cleanup.today/xcp/srcbulid/windows-cleanup_today/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2332"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.windows-cleanup.world/","directDownloadingLink":"http://dl.windows-cleanup.world/xcp/srcbulid/windows-cleanup_world/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2333"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.windows-cleanup.win/","directDownloadingLink":"http://dl.windows-cleanup.win/xcp/srcbulid/windows-cleanup_win/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2334"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.windows-cleanup.club/","directDownloadingLink":"http://dl.windows-cleanup.club/xcp/srcbulid/windows-cleanup_club/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2335"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.windows-cleanup.life/","directDownloadingLink":"http://dl.windows-cleanup.life/xcp/srcbulid/windows-cleanup_life/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2336"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.windows-cleanup.live/","directDownloadingLink":"http://dl.windows-cleanup.live/xcp/srcbulid/windows-cleanup_live/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2337"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.windows-cleanup.best/","directDownloadingLink":"http://dl.windows-cleanup.best/xcp/srcbulid/windows-cleanup_best/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2338"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.advance-pccarel.icu/","directDownloadingLink":"https://dl.advance-pccarel.icu/xcp/srcbulid/advance-pccarel_icu/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2339"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.quick-cleanero.fun/","directDownloadingLink":"https://dl.quick-cleanero.fun/xsc/srcbulid/quick-cleanero_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2340"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://advance-booster.club/","directDownloadingLink":"http://dl.advance-booster.club/xcp/srcbulid/advance-booster_club/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2341"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://advance-booster.live/","directDownloadingLink":"http://dl.advance-booster.live/xcp/srcbulid/advance-booster_live/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2342"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://advance-booster.best/","directDownloadingLink":"http://dl.advance-booster.best/xcp/srcbulid/advance-booster_best/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2343"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://advance-booster.life/","directDownloadingLink":"http://dl.advance-booster.life/xcp/srcbulid/advance-booster_life/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2344"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.system-cleanere.fun/","directDownloadingLink":"https://dl.system-cleanere.fun/xsc/srcbulid/system-cleanere_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2345"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pc-cleanere.pw/","directDownloadingLink":"https://dl.pc-cleanere.pw/xsc/srcbulid/pc-cleanere_pw/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2346"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.pconlineboostery.pw/","directDownloadingLink":"https://dl.pconlineboostery.pw/xsc/srcbulid/pconlineboostery_pw/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2347"},{"howFound":"","reference":"Xtron System Care","landingPage":"https://www.winsystem-cleaner.top/","directDownloadingLink":"http://dl.winsystem-cleaner.top/xsc/securerc/winsystem-cleaner_top/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2348"},{"howFound":"","reference":"Xtron System Care","landingPage":"https://www.winsystem-cleaner.fun/","directDownloadingLink":"http://dl.winsystem-cleaner.fun/xsc/securerc/winsystem-cleaner_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2349"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.pcspeedupz.fun/","directDownloadingLink":"https://dl.pcspeedupz.fun/xcp/srcbulid/pcspeedupz_fun/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2350"},{"howFound":"","reference":"Xtron System Care","landingPage":"http://www.superpc-toolsr.fun/","directDownloadingLink":"https://dl.superpc-toolsr.fun/xsc/srcbulid/superpc-toolsr_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2351"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.system-speedupr.icu/","directDownloadingLink":"https://dl.system-speedupr.icu/xcp/srcbulid/system-speedupr_icu/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2352"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.advance-pccarem.fun/","directDownloadingLink":"https://dl.advance-pccarem.fun/xcp/srcbulid/advance-pccarem_fun/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2353"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://windows-booster.life/","directDownloadingLink":"http://dl.windows-booster.life/xcp/srcbulid/windows-booster_life/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2354"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://windows-booster.today/","directDownloadingLink":"http://dl.windows-booster.today/xcp/srcbulid/windows-booster_today/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2355"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://windows-booster.win/","directDownloadingLink":"http://dl.windows-booster.win/xcp/srcbulid/windows-booster_win/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2356"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://windows-booster.world/","directDownloadingLink":"http://dl.windows-booster.world/xcp/srcbulid/windows-booster_world/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2357"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://windows-booster.best/","directDownloadingLink":"http://dl.windows-booster.best/xcp/srcbulid/windows-booster_best/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2358"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://windows-booster.live/","directDownloadingLink":"http://dl.windows-booster.live/xcp/srcbulid/windows-booster_live/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2359"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.win-appcleanup.life/","directDownloadingLink":"http://dl.win-appcleanup.life/xcp/srcbulid/win-appcleanup_life/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2360"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.win-appcleanup.today/","directDownloadingLink":"http://dl.win-appcleanup.today/xcp/srcbulid/win-appcleanup_today/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2361"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.win-appcleanup.win/","directDownloadingLink":"http://dl.win-appcleanup.win/xcp/srcbulid/win-appcleanup_win/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2362"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.win-appcleanup.world/","directDownloadingLink":"http://dl.win-appcleanup.world/xcp/srcbulid/win-appcleanup_world/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2363"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.win-appcleanup.live/","directDownloadingLink":"http://dl.win-appcleanup.live/xcp/srcbulid/win-appcleanup_live/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2364"},{"howFound":"","reference":"Xtron System Care","landingPage":"https://www.winpcs-cleaner.xyz/","directDownloadingLink":"http://dl.winpcs-cleaner.xyz/xsc/securerc/winpcs-cleaner_xyz/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2365"},{"howFound":"","reference":"Xtron System Care","landingPage":"https://www.winpcs-cleaner.fun/","directDownloadingLink":"http://dl.winpcs-cleaner.fun/xsc/securerc/winpcs-cleaner_fun/xscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2366"},{"howFound":"","reference":"Xtron PC Speedup","landingPage":"http://onlinewindowstools.download/","directDownloadingLink":"http://dl.onlinewindowstools.download/xps/srcbulid/onlinewindowstools_download/xpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2367"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://www.windowsbooster.download/","directDownloadingLink":"http://dl.windowsbooster.download/xcp/srcbulid/windowsbooster_download/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2368"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://advance-booster.download/","directDownloadingLink":"http://dl.advance-booster.download/xcp/srcbulid/advance-booster_download/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2369"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://advance-pctool.download/","directDownloadingLink":"https://dl.advance-pctool.download/xcp/srcbulid/advance-pctool_download/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2370"},{"howFound":"","reference":"Xtron PC Speedup","landingPage":"http://www.windows-softinstallpc.download/","directDownloadingLink":"http://dl.windows-softinstallpc.download/xps/srcbulid/windows-softinstallpc_download/xpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2371"},{"howFound":"","reference":"Xtron Cleanup Pro","landingPage":"http://windows-booster.download/","directDownloadingLink":"http://dl.windows-booster.download/xcp/srcbulid/windows-booster_download/xcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2372"}],"sampleFiles":["191105/XtronSystemCare-190709/1.0.0.0/Samples/rgcl.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.0) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.0) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.12) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (2).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.0) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.0) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 6.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 7.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 8.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 9.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 10.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 11.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.3).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.2).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.5).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.7).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.9).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.12).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.9) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.18).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xpssetup(1.0.0.0).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xopsetup (1.0.0.1) 12.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xopsetup (1.0.0.6).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.018).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.1).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xopsetup (1.0.0.1).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.5) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.3) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.18) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.1) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xopsetup (1.0.0.1) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xopsetup (1.0.0.6) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.18) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.12) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.3) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.2) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xopsetup (1.0.0.35).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.0) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.12) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.3) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.3) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.9) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.7) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.0) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xpssetup (1.0.1.55).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.9) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xpssetup (1.0.1.60).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xpssetup (1.0.0.30).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.1) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.12) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.13).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.18).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.18) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.13) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.18) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.13) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.14).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 6.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.14) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 7.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 8.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 9.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.13) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.14) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.15).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.35).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.35) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.14) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.2) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup.exe (1.0.0.3).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xpssetup(1.0.0.25).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.50).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 6.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 7.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 8.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 9.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.180) 10.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.125).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.15).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.3).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.3) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.3) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.3) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.14) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.1) 12.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.18) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.0.15) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xscsetup (1.0.0.24) 10.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.125) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.100).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.40).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.40) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.40) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.40) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.40) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.40) 6.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.5).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.5) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.5) 3.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.5) 4.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.5) 5.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xpssetup (1.0.3.8).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.3.7).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.40) 7.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.1.135).exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xpssetup (1.0.3.8) 2.exe","191105/XtronSystemCare-190709/1.0.0.0/Samples/xcpsetup (1.0.2.40) 8.exe"],"imageFiles":["191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-048/048.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-003/003.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-003/main.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-003/048.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-004/003.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-004/150.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-084/084.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-168/scanning.png"],"nonDeceptorImageFiles":["191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-161/161.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-099/099.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-150/150.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-171/150.png","191105/XtronSystemCare-190709/1.0.0.0/Images/ACR-171/171.png"],"guid":"acf7df03-2076-42cc-b563-0e7ad70b6515_1.0.0.0_1","appID":"XtronSystemCare-190709","dateAdded":"191105","deceptorType":"App","name":"Xtron System Care","company":"INTELLECT SOFTWARES","version":"1.0.0.0","sigName":"Deceptor:Win32/XtronSystemCare!048003004084168","lastKnownStatus":"1.0.0.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T03:13:54.3387958+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2008},{"violations":{"ACR-003":"Outdated drivers found do not substantiate that they're out of date, as only showing the potentially wrong date of the driver is not enough detail.\n","ACR-004":"App requires to register the paid service and doesn't provide the free trial to fix the issues identified during free scan. App uses an alarming color pattern to differentiate the priority of the issues identified. \n","ACR-118":"Main executable component and DLL component still left on the system after uninstall is performed. (This is not consistent, sometime happens)\n","ACR-014":"App claims a scan was run even if user selected option to not run a scan during the installation process.\n"},"nonDeceptorViolations":{"ACR-161":"The quotes and testimonials needs to be verifiable in the landingpage. Link to the original source of the testimonials should be included. If no link exists then either remove them or if they were received via email/internally, ensure you have evidence of these in case antivirus companies require proof they are real. \n","ACR-064":"The download starts automatically when the consumer clicks on other than \"Download Now\" option in the landing page \"https://www.driverturbo.com/*\", which are not clearly labelled download button. The consumer must be able to download the app only from \"Download Now\" button and not from the other options.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsements. Endorsement's need to be verifiable by linking them back to their source (user should be able to click on them and see the source of this endorsement) \n","ACR-014":"Need to remove the word \"Problem\" from the webpage that appears after app is uninstalled (https://www.driverturbo.com/register/en/uninstalled.php)\n"},"samples":[{"isRevoked":"False","fileName":"DriverTurboSetup.exe","isInstaller":"True","companyName":"DeskToolsSoft","productName":"DriverTurbo","productVersion":"3.6.0.0","fileVersion":"3.6.0","hashMD5":"d32c85b781ea64725c51a415aaca1d1b","hashSHA1":"7346797687c26058f4c2365fc84e4ff3b991fdb7","hashSHA256":"a2b26a321af6406b13e719431148c0ccb82fa93823b749a2786dd33246eebeaa","digitalCertThumbprint":"ACCC9689D87B8A7B63D2F5A03E18D56D62BB9C67","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"DeskToolsSoft B.V.","sourceIndex":"2603","avBlockList":["Avast Internet Security (20190318)","AVG Internet Security (20190318)","Avira Internet Security (20190318)","Bitdefender Internet Security (20190318)","ESET Internet Security (20190318)","G DATA INTERNET SECURITY (20190318)","K7 Total Security (20190318)","Malwarebytes Premium (20190318)","McAfee Total Protection (20190318)","Panda Dome (20190318)","Sophos Home Premium (20190318)","VirIT eXplorer PRO (20190318)"],"avAllowList":["Norton Security (20190318)","Trend Micro Internet Security (20190318)","Webroot SecureAnywhere (20190318)","Windows Defender (20190318)","Kaspersky Internet Security (20190318)"]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"http://www.driverturbo.com/","directDownloadingLink":"https://www.driverturbo.com/download.php","landingPageWildChar":"http://www.driverturbo.com/*","directDownloadingLinkWildChar":"","sourceIndex":"2603"}],"sampleFiles":["191104/driverturbo-180514/3.6.0/Samples/DriverTurboSetup.exe"],"imageFiles":["191104/driverturbo-180514/3.6.0/Images/ACR-004/ACR-004-ColorsReasingUrgency.jpg","191104/driverturbo-180514/3.6.0/Images/ACR-004/ACR-004-NoFreeFix.jpg","191104/driverturbo-180514/3.6.0/Images/ACR-004/DriverTurbo_004.PNG","191104/driverturbo-180514/3.6.0/Images/ACR-004/DriverTurbo_004_PayService.PNG","191104/driverturbo-180514/3.6.0/Images/ACR-003/ACr-003-moresubstantiateddetails.jpg","191104/driverturbo-180514/3.6.0/Images/ACR-014/ACR-014-contradictoryDescrption.jpg","191104/driverturbo-180514/3.6.0/Images/ACR-118/ACR-118.jpg"],"nonDeceptorImageFiles":["191104/driverturbo-180514/3.6.0/Images/ACR-064/ACR-064_Landingpage_Exaggeration.JPG","191104/driverturbo-180514/3.6.0/Images/ACR-064/ACR-064_LandingPage_Downloads_The_App_Automatically.mp4","191104/driverturbo-180514/3.6.0/Images/ACR-014/ACR-014-ProblemUninstallPage.jpg","191104/driverturbo-180514/3.6.0/Images/ACR-017/ACR-017_Landingpage_Logo's_Unverfiable.jpg","191104/driverturbo-180514/3.6.0/Images/ACR-161/ACR-161_Landingpage_Testimonials_Unverifiable.jpg","191104/driverturbo-180514/3.6.0/Images/ACR-161/ACR-161_Landingpage_Testimonials_Unverifiable.JPG"],"guid":"9f74cbd6-3178-4e47-ae78-5a73d5b19f9f_3.6.0_1","appID":"driverturbo-180514","dateAdded":"191104","deceptorType":"App","name":"DriverTurbo","company":"DeskToolsSoft","version":"3.6.0","sigName":"Deceptor:Win32/DriverTurbo!003004014118","firstResolvedVersion":"","resolved":"TRUE","lastKnownStatus":"Certified:3.7.0","lastKnownDate":"191114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid","lastUpdate":"2019-11-15T19:52:11.47066+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2009},{"violations":{"ACR-043":"App doesn't disclose that it will install/use a third party AV engine.\n","ACR-107":"Application uses Avira antivirus components without disclosing it in the Eula and honoring the same level license requirement.\n","ACR-007":"App does not obtain informed consent before disabling Windows Defender process during startup. Need to let user know that Windows Defender is the built-in Windows antivirus and removing this entry will leave system vulnerable.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"Software requires one to one interaction in order to purchase, active or receive support.\n","ACR-093":"App automatically disabled Defender without obtaining explicit user consent.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\NetsperPro\\NetsperProLauncher.exe","companyName":"Brain Bear Systems Private Limited","productName":"NetsperPro Suite","productVersion":"3.1.295.0","fileVersion":"3.1.295.0","hashMD5":"916594bea1cf9cf2af397702392afb28","hashSHA1":"a2a11ab84c0adac596d7a80e0436a7d5aa5a32c0","hashSHA256":"e88a1d8cf8774a954d5aa85d943b2562e694319ac4a88306c0c487fb5d7fdb28","digitalCertThumbprint":"3FA0A243C3F1E155EC772F0C8944230D183C0FDB","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Brainbear Systems Private Limited, OU=NetsPerPro, O=Brainbear Systems Private Limited, L=Noida, S=Uttar Pradesh, C=IN","sourceIndex":"2642","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"NetsperPro_AntiVirus_4.6.0Full.exe","isInstaller":"True","companyName":"Brain Bear Systems Private Limited","productName":"NetsperPro AntiVirus","productVersion":"4.6.0.0","fileVersion":"4.6.0.0","hashMD5":"4fd90e5747e5c31e080934d6e686e687","hashSHA1":"5703c0c079d163ace4fa1f1e5f6a9ed584bcf926","hashSHA256":"06a9784dac00db09f2e2bf4740edbba78dac47d666e85e79724716ea226f8f2a","digitalCertThumbprint":"3FA0A243C3F1E155EC772F0C8944230D183C0FDB","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Brainbear Systems Private Limited, OU=NetsPerPro, O=Brainbear Systems Private Limited, L=Noida, S=Uttar Pradesh, C=IN","sourceIndex":"2642","avBlockList":["360 Total Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Trend Micro Internet Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":["Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","Tencent PC Manager (20191202)","VIPRE Advanced Security (20191202)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"removing invalid registry entries\"","reference":"https://www.netsperpro.com/index.html","landingPage":"https://www.netsperpro.com/anti-virus.html","directDownloadingLink":"https://www.netsperpro.com/SoftwareDownloads/NetsperPro_AntiVirus_4.6.0Full.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.netsperpro.com/SoftwareDownloads/NetsperPro_AntiVirus_4.6.0Full.exe","sourceIndex":"2642"}],"sampleFiles":["191101/NetsperProAntivirus-191030/4.6.0.0/Samples/NetsperProLauncher.exe","191101/NetsperProAntivirus-191030/4.6.0.0/Samples/NetsperPro_AntiVirus_4.6.0Full.exe"],"imageFiles":["191101/NetsperProAntivirus-191030/4.6.0.0/Images/ACR-007/007.png","191101/NetsperProAntivirus-191030/4.6.0.0/Images/ACR-043/107.png","191101/NetsperProAntivirus-191030/4.6.0.0/Images/ACR-107/107.png","191101/NetsperProAntivirus-191030/4.6.0.0/Images/ACR-168/main.png","191101/NetsperProAntivirus-191030/4.6.0.0/Images/ACR-168/account.png"],"nonDeceptorImageFiles":["191101/NetsperProAntivirus-191030/4.6.0.0/Images/ACR-093/007.png","191101/NetsperProAntivirus-191030/4.6.0.0/Images/ACR-161/161.png","191101/NetsperProAntivirus-191030/4.6.0.0/Images/ACR-163/163.png"],"guid":"99e124e6-3a9e-4099-9bad-74baef59b5d8_4.6.0.0_1","appID":"NetsperProAntivirus-191030","dateAdded":"191101","deceptorType":"App","name":"NetsperPro Antivirus","company":"Brainbear Systems Private Limited","version":"4.6.0.0","sigName":"Deceptor:Win32/NetsperProAntivirus!007043107168","lastKnownStatus":"Deceptor:4.6.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2011},{"violations":{"ACR-048":"The app enables the consumer to limit the targeted consumer's ability to uninstall the app by bringing up uninstall protection prompts.\n","ACR-086":"The app does not inform the targeted consumer what or who it is transmitting data too.\n","ACR-116":"The app enables the consumer to enable \"uninstall protection\", which prevents the targeted consumer from being able to reach the uninstall screen.\n","ACR-117":"The app enables the consumer to enable \"uninstall protection\", which prevents the targeted consumer from being able to reach the uninstall screen.\n","ACR-124":"The app enables the consumer to enable \"uninstall protection\", which prevents the targeted consumer from being able to reach the uninstall screen and adds unnecessary friction to the uninstallation process.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offers page does not display links to the Returns and Cancellation Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"com.qustodio.qustodioapp_180.19.2.2-family.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"b66b2cfce990a72230bb2b27f0c7f40e","hashSHA1":"7175411083982d824649808e8efadb78ec64017b","hashSHA256":"0fc1825ae0aa4ca8094ec6d88e7c899a7e18e561a361920f6e29ea04f97e5bdb","sourceIndex":"2640","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"qustodio\"","reference":"Hunt.Search","landingPage":"https://www.qustodio.com/","directDownloadingLink":"https://play.google.com/store/apps/details?id=com.qustodio.qustodioapp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://play.google.com/store/apps/details?id=com.qustodio.qustodioapp","sourceIndex":"2640"},{"howFound":"google search \"qustodio\"","reference":"Hunt.Search","landingPage":"https://www.qustodio.com/","directDownloadingLink":"https://apkcombo.com/qustodio-parental-control/com.qustodio.qustodioapp/download/apk","ipv4":"","ipv6":"","sourceIndex":"2641"}],"sampleFiles":["191101/Qustodio-190923/180.19.2/Samples/com.qustodio.qustodioapp_180.19.2.2-family.apk"],"imageFiles":["191101/Qustodio-190923/180.19.2/Images/ACR-048/Qustodio Uninstall Protection.png","191101/Qustodio-190923/180.19.2/Images/ACR-048/Qustodio No Uninstall.gif","191101/Qustodio-190923/180.19.2/Images/ACR-048/Qustodio Device Admin App.png","191101/Qustodio-190923/180.19.2/Images/ACR-086/Qustodio Notification.png","191101/Qustodio-190923/180.19.2/Images/ACR-117/Qustodio Uninstall Protection.png","191101/Qustodio-190923/180.19.2/Images/ACR-117/Qustodio No Uninstall.gif","191101/Qustodio-190923/180.19.2/Images/ACR-117/Qustodio Device Admin App.png","191101/Qustodio-190923/180.19.2/Images/ACR-116/Qustodio Uninstall Protection.png","191101/Qustodio-190923/180.19.2/Images/ACR-116/Qustodio No Uninstall.gif","191101/Qustodio-190923/180.19.2/Images/ACR-124/Qustodio Uninstall Protection.png","191101/Qustodio-190923/180.19.2/Images/ACR-124/Qustodio No Uninstall.gif"],"nonDeceptorImageFiles":["191101/Qustodio-190923/180.19.2/Images/ACR-065/Qustodio Terms and Privacy Policy.png","191101/Qustodio-190923/180.19.2/Images/ACR-065/Qustodio App.png","191101/Qustodio-190923/180.19.2/Images/ACR-065/Qustodio Bottom of Landing Page.png","191101/Qustodio-190923/180.19.2/Images/ACR-065/Qustodio Bottom Internal Offers.png","191101/Qustodio-190923/180.19.2/Images/ACR-099/Qustodio App.png","191101/Qustodio-190923/180.19.2/Images/ACR-099/Qustodio Bottom of Landing Page.png","191101/Qustodio-190923/180.19.2/Images/ACR-099/Qustodio Bottom Internal Offers.png"],"guid":"1310548f-81cb-4d43-8e72-d668be438af6_180.19.2_1","appID":"Qustodio-190923","dateAdded":"191101","deceptorType":"Android App","name":"Qustodio Parental Control","company":"Qustodio LLC.","version":"180.19.2","sigName":"Deceptor:Android/QustodioStalkerware!048086116117124","lastKnownStatus":"Deceptor:180.19.2","lastKnownDate":"191101","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-11-01T22:32:57.9097616+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2010},{"violations":{"ACR-003":"The app shows gauges and words, \"errors\" & \"issues\"in red/orange/yellow colors and exaggerates scanned items as a HIGH or MEDIUM system impact issue, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. Scheduled scan task remains even if user disabled the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"The App implies that it is fixing the issues resulted from free scan, but did not shows if the fix is successful. When user perform re-scan the App shows the same issues again.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-002":"The App uses a different name (Smart_Reg_Optimizer.exe) for the main executable.\nThe App mentioned a different name \"Smart Reg Care\" in the landing page.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"BetaRegOptimizerPro.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"Beta Reg Optimizer Pro                                      ","productVersion":"V6.9.0                                            ","fileVersion":"6.9.0              ","hashMD5":"e6bec1f14f4ca02f5e9ee5b7a383deaf","hashSHA1":"89210e4429b9c8800526a4591c1f08ba4687b2db","hashSHA256":"bf6bb4916cbb3b156bef7741962b78ce3344b21c2864f2915407aa8abd7fb340","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2645","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","Dr.Web Security Space (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Webroot SecureAnywhere (20191223)","Windows Defender (20191223)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Beta Reg Optimizer Pro\\Smart_Reg_Optimizer.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"Smart_Reg_Optimizer","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"20df74cee82d03356039ba68580f0208","hashSHA1":"2d48092991daeee153b2f6fe62e3636bcceead86","hashSHA256":"9965d1d9bae706fa6013b563b0af461b200703ae075bf1025a0a6439bfab791e","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2645","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"related to TruePCBoosterMaster (gallerysofts.com)","reference":"https://gallerysofts.com/betaregoptimizer","landingPage":"https://gallerysofts.com/betaregoptimizer","directDownloadingLink":"https://gallerysofts.com/Downloads/exe/BetaRegOptimizerPro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://gallerysofts.com/Downloads/exe/BetaRegOptimizerPro.exe","sourceIndex":"2645"}],"sampleFiles":["191028/BetaRegOptimizerPro-191022/6.9.0/Samples/BetaRegOptimizerPro.exe","191028/BetaRegOptimizerPro-191022/6.9.0/Samples/Smart_Reg_Optimizer.exe"],"imageFiles":["191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-003/scan.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-003/detials.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-003/main.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-084/084.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-168/main.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-014/fixing.png"],"nonDeceptorImageFiles":["191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-065/about.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-161/161.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-099/about.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-002/002.png","191028/BetaRegOptimizerPro-191022/6.9.0/Images/ACR-002/002_2.png"],"guid":"adfb5fde-5890-4836-88e8-1442f3b520b2_6.9.0_1","appID":"BetaRegOptimizerPro-191022","dateAdded":"191028","deceptorType":"App","name":"Beta Reg Optimizer Pro","company":"Econosoft Global Services PTE. LTD.","version":"6.9.0","sigName":"Deceptor:Win32/BetaRegOptimizerPro!003014084168","lastKnownStatus":"Deceptor:6.9.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2012},{"violations":{"ACR-003":"App reports update-able driver as ancient driver. It misleads user and raise unnecessary urgency for user to take action\n","ACR-004":"App doesn't provide free fix or free trial fix or one time paid fix for the issues identified during free scan.\n","ACR-168":"The application displays additional support through call center phone number but does not explicitly disclose that additional offers may be made as a result of one-on-one interaction with the user. The expended information is presented only when user clicks the phone number. \n","ACR-014":"The app is using gauges and misleading words to present the untruthful information to user about the driver issues that can be identified in system.\n"},"nonDeceptorViolations":{"ACR-065":"There are no link's on the app to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-160":"This application uses a non-certified call center to monetize the app\n","ACR-099":"The application has no information/no link on where you can uninstall the application in the software and the landing page.\n","ACR-171":"The additional offers are not disclosed,  User is forced to choose one.\n","ACR-168":"The application displays additional support through call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"driverupdaterplus_site.exe","isInstaller":"True","companyName":"Jawego Partners LLC                                         ","productName":"Driver Updater Plus","productVersion":"2.81.1086.17687","fileVersion":"Driver Updater Plus","hashMD5":"a74f6e8eb1a9afe8029020bd8ba797db","hashSHA1":"c76488543a763f88f7e99df1bfa24b33b3645bee","hashSHA256":"938c31a799022001b6c90771a81d2906c2b616388546087dab45560f68356b56","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"390","avBlockList":["Avast Internet Security (20190321)","AVG Internet Security (20190321)","Avira Internet Security (20190321)","ESET Internet Security (20190321)","G DATA INTERNET SECURITY (20190321)","K7 Total Security (20190321)","Kaspersky Internet Security (20190321)","Malwarebytes Premium (20190321)","McAfee Total Protection (20190321)","Norton Security (20190321)","Panda Dome (20190321)","Sophos Home Premium (20190321)","VirIT eXplorer PRO (20190321)","Webroot SecureAnywhere (20190321)"],"avAllowList":["Bitdefender Internet Security (20190321)","Trend Micro Internet Security (20190321)","Windows Defender (20190321)"]},{"isRevoked":"False","fileName":"dup.exe","companyName":"Jawego Partners LLC","productName":"Driver Updater Plus","productVersion":"2.81.1086.17687","fileVersion":"2.81.1086.17687","hashMD5":"721e5be4481b8a4c319990cd2c08d5fc","hashSHA1":"0c70636bf789fc1265cef55bd0d2088411c747f2","hashSHA256":"bc468819c7f792afc467b00d65306c2ff45d661c4f62d79ec3a4772ff3f33725","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"390","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"","landingPage":"http://www.driverupdaterplus.com/downloadnow","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/driverupdaterplus/setups/driverupdaterplus_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/driverupdaterplus/setups/driverupdaterplus_site.exe","sourceIndex":"390"}],"sampleFiles":["191026/DriverUpdaterPlus-181205/2.81.1086.17687/Samples/driverupdaterplus_site.exe","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Samples/dup.exe"],"imageFiles":["191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-014/Capture15.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-014/Capture6.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-003/DriverUpdaterPlus_003_2.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-004/DriverUpdaterPlus_003_2.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-168/Capture13.PNG"],"nonDeceptorImageFiles":["191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-065/DriverUpdaterPlus_099.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-099/DriverUpdaterPlus_099.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-160/Capture10.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-168/Capture11.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-171/DriverUpdaterPlus_171.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-171/DriverUpdaterPlus_171_2.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.17687/Images/ACR-171/DriverUpdaterPlus_171_3.PNG"],"guid":"a1087308-ef91-425d-bdd0-daf422504eb0_2.81.1086.17687_1","appID":"DriverUpdaterPlus-181205","dateAdded":"191026","deceptorType":"App","name":"Driver Updater Plus","company":"Jawego Partners LLC","version":"2.81.1086.17687","sigName":"Deceptor:Win32/DriverUpdaterPlus!003004014168","lastKnownStatus":"Deceptor:2.81.1086.17687;2.81.1086.18011","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T23:19:23.4907164+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2014},{"violations":{"ACR-003":"The app reports update-able drivers as \"Ancient\" on a scale of \"Old\" to \"Ancient\", misleading a user to think they have an issue and take action. The app does not provide free fixes for scan results.\n","ACR-014":"The app is using gauges and misleading words to present untruthful information to the user about the driver issues that can be identified in system and does not provide evidence for the driver evaluations.\n"},"nonDeceptorViolations":{"ACR-065":"The app's About page does not contain links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe install page does not contain links to the app's Terms of Service and Returns and Cancellation Policy.\nThe app's landing page does not display links to the app's Returns and Cancellation Policy.\n","ACR-099":"The app's About page does not contain links to uninstall information.\nThe app's landing page does not contain links to uninstall information.\n","ACR-171":"The internal offers page contains offers that were not pre-disclosed and are opt-out.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable or expired endorsements on the internal offers page.\n"},"samples":[{"isRevoked":"False","fileName":"driverupdaterplus_site.exe","isInstaller":"True","companyName":"Jawego Partners LLC                                         ","productName":"Driver Updater Plus","productVersion":"2.81.1086.18011","fileVersion":"Driver Updater Plus","hashMD5":"156c8ca92e812dfec9725883ee790dfe","hashSHA1":"92e2ed32e301af6ddec775eebbd12510d6487cb1","hashSHA256":"44b068cf39218f0434571018481c4d4eaeb33a2015709bb39c9fb06be856ccaa","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software L.L.P., O=Top PC Tools Software L.L.P., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"391","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","Dr.Web Security Space (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Webroot SecureAnywhere (20191223)","Windows Defender (20191223)"],"avAllowList":[]},{"isRevoked":"False","fileName":"dup.exe","companyName":"Jawego Partners LLC","productName":"Driver Updater Plus","productVersion":"2.81.1086.18011","fileVersion":"2.81.1086.18011","hashMD5":"d3d4e3c0cde3806efa61a24e4f700a67","hashSHA1":"f9a048141d079990f3706dc9d32e36617829709c","hashSHA256":"31942848b9130b31256f1e0c7289401dc6745c1c15c360d3b5ec8a2623edb23c","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software L.L.P., O=Top PC Tools Software L.L.P., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"391","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"","landingPage":"http://www.driverupdaterplus.com","directDownloadingLink":"http://www.driverupdaterplus.com/downloadnow","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"391"}],"sampleFiles":["191026/DriverUpdaterPlus-181205/2.81.1086.18011/Samples/driverupdaterplus_site.exe","191026/DriverUpdaterPlus-181205/2.81.1086.18011/Samples/dup.exe"],"imageFiles":["191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-014/DriverUpdaterPlus ACR-014.gif","191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-003/DriverUpdaterPlus ACR-003.gif"],"nonDeceptorImageFiles":["191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-065/DriverUpdaterPlus About Page.png","191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-099/DriverUpdaterPlus_099.PNG","191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-065/Driver Updater Installer Page.png","191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-065/DriverUpdaterPlus Bottom of Landing Page.png","191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-099/DriverUpdaterPlus Bottom of Landing Page.png","191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-017/DriverUpdaterPlus Internal Offers.png","191026/DriverUpdaterPlus-181205/2.81.1086.18011/Images/ACR-171/DriverUpdaterPlus ACR-171.gif"],"guid":"a1087308-ef91-425d-bdd0-daf422504eb0_2.81.1086.18011_1","appID":"DriverUpdaterPlus-181205","dateAdded":"191026","deceptorType":"App","name":"Driver Updater Plus","company":"Jawego Partners LLC","version":"2.81.1086.18011","sigName":"Deceptor:Win32/DriverUpdaterPlus!003014","lastKnownStatus":"Deceptor:2.81.1086.17687;2.81.1086.18011","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T23:19:01.0617078+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2015},{"violations":{"ACR-003":"The app shows gauges and words, \"errors\", \"issues\"& \"poor\" in red/orange/yellow colors that indicates misleading urgency.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-124":"The option to continue uninstall is not obvious and clear, not presented as if it is clickable to continue uninstall.\n"},"nonDeceptorViolations":{"ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"Digital signature is required for one of the main executable \"pcpowerplus_protection.exe\" installed.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\True PC Booster Master\\pcpowerplus.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"True PC Booster Master","productVersion":"1.3.0.0","fileVersion":"1.3.0.0","hashMD5":"223fc5e36883eb9108ed584893ed3a43","hashSHA1":"b1ac1320c641aac2f90e292b4ea9397a040f4b02","hashSHA256":"5a8d38800eecc14532f6cc7426da00d176c9b99408bbb36f9dffef6260c8820a","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Econosoft Global Services PTE. LTD., O=Econosoft Global Services PTE. LTD., STREET=\"10 Anson Road, 22-02 International Plaza\", L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201811987R, OID.2.5.4.15=Private Organization","sourceIndex":"2373","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"truepcboostermaster.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"True PC Booster Master                                      ","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"2f98d86278ac77a8b5754236a5f82f04","hashSHA1":"6f8e4c9cbf0c47f9bf5d6520124656a9bd139fa8","hashSHA256":"99013636e3cd0cdb7715c1cd324edb952ba3fbc0b18f66d428de5d858b891609","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Econosoft Global Services PTE. LTD., O=Econosoft Global Services PTE. LTD., STREET=\"10 Anson Road, 22-02 International Plaza\", L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201811987R, OID.2.5.4.15=Private Organization","sourceIndex":"2373","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","Dr.Web Security Space (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Windows Defender (20191223)"],"avAllowList":["Webroot SecureAnywhere (20191223)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\True PC Booster Master\\pcpowerplus_protection.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"True PC Booster Master Protection","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3060114afeff1cbd5d4daa0f903d52ff","hashSHA1":"4d03d1fba1b063926214de90277551345eab0151","hashSHA256":"f214f68990e48f2ec10c1bc5b5c52b499b2b88b09a439720bf5234c511670eed","sourceIndex":"2373","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"PC Optimizer Tool\"","reference":"https://gallerysofts.com/truepcboostermaster","landingPage":"https://gallerysofts.com/truepcboostermaster","directDownloadingLink":"https://gallerysofts.com/Downloads/exe/truepcboostermaster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://gallerysofts.com/Downloads/exe/truepcboostermaster.exe","sourceIndex":"2373"}],"sampleFiles":["191026/TruePCBoosterMaster-191022/1.0.0/Samples/pcpowerplus.exe","191026/TruePCBoosterMaster-191022/1.0.0/Samples/truepcboostermaster.exe","191026/TruePCBoosterMaster-191022/1.0.0/Samples/pcpowerplus_protection.exe"],"imageFiles":["191026/TruePCBoosterMaster-191022/1.0.0/Images/ACR-003/system_cleaner.png","191026/TruePCBoosterMaster-191022/1.0.0/Images/ACR-003/details.png","191026/TruePCBoosterMaster-191022/1.0.0/Images/ACR-084/084.png","191026/TruePCBoosterMaster-191022/1.0.0/Images/ACR-168/system_cleaner.png","191026/TruePCBoosterMaster-191022/1.0.0/Images/ACR-124/124.png"],"nonDeceptorImageFiles":["191026/TruePCBoosterMaster-191022/1.0.0/Images/ACR-161/161.png","191026/TruePCBoosterMaster-191022/1.0.0/Images/ACR-092/092.png","191026/TruePCBoosterMaster-191022/1.0.0/Images/ACR-099/about.png"],"guid":"11222549-fd55-452b-bb5d-f1ddb3ff7a20_1.0.0_1","appID":"TruePCBoosterMaster-191022","dateAdded":"191026","deceptorType":"App","name":"True PC Booster Master","company":"Econosoft Global Services PTE. LTD.","version":"1.0.0","sigName":"Deceptor:Win32/TruePCBoosterMaster!003084124168","lastKnownStatus":"1.0.0.","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T03:07:03.4382231+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2013},{"violations":{"ACR-004":"The application shows free results that request pay for subscription fee to fix them.\n","ACR-084":"App does not provide a way to disable the auto-launch of the app.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"mcprsite.pkg","isInstaller":"True","companyName":"SABURI TLC WORLDWIDE SERVICES PRIVATE LIMITED","productName":"MacCleansePro","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"f7d736afbb39a29f4402eb28837cd604","hashSHA1":"f13c42923ae9ee64a11ed54fdbcb09b3ecead6b0","hashSHA256":"6caef1c34094d9721b1f3cabf69cd17c8d8d75b2162f5dc6c66119731c69ce59","digitalCertIssuedTo":"ABURI TLC WORLDWIDE SERVICES PRIVATE LIMITED (5M675HJQM8)","sourceIndex":"2566","avBlockList":["Avast Security for Mac (20200116)","Avira Security for Mac (20200116)","Bitdefender Antivirus for Mac (20200116)","ESET Cyber Security Pro for Mac (20200116)","G DATA AntiVirus for Mac (20200116)","McAfee Internet Security for Mac (20200116)","Norton Security for Mac (20200116)","Sophos Home Premium For Mac (20200116)","Trend Micro Antivirus for Mac (20200116)"],"avAllowList":["K7 Antivirus for Mac (20200116)","Kaspersky Internet Security for Mac (20200116)"]},{"isRevoked":"False","fileName":"MacCleansePro","companyName":"SABURI TLC WORLDWIDE SERVICES PRIVATE LIMITED","productName":"MacCleansePro","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"7eec71343aba159228f4eac6fa54d292","hashSHA1":"926e3ba9fcc34452b30c6da6f3b7af5c13a9383a","hashSHA256":"77f844f1be712aa873c4667ce824635d5bfdc3e78f83e14a759f71999950fcc0","digitalCertIssuedTo":"ABURI TLC WORLDWIDE SERVICES PRIVATE LIMITED (5M675HJQM8)","sourceIndex":"2566","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Keep Your Mac Clean\"","reference":"http://maccleansepro.com","landingPage":"http://maccleansepro.com","directDownloadingLink":"https://dl.maccleansepro.com/mcep/builds/mcprsite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.maccleansepro.com/mcep/builds/mcprsite.pkg","sourceIndex":"2566"}],"sampleFiles":["191025/MacCleansePro-191024/1.0.0/Samples/mcprsite.pkg","191025/MacCleansePro-191024/1.0.0/Samples/MacCleansePro"],"imageFiles":["191025/MacCleansePro-191024/1.0.0/Images/ACR-004/main.png","191025/MacCleansePro-191024/1.0.0/Images/ACR-004/004.png","191025/MacCleansePro-191024/1.0.0/Images/ACR-004/buy.png","191025/MacCleansePro-191024/1.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["191025/MacCleansePro-191024/1.0.0/Images/ACR-171/004.png","191025/MacCleansePro-191024/1.0.0/Images/ACR-171/buy.png","191025/MacCleansePro-191024/1.0.0/Images/ACR-099/099.png","191025/MacCleansePro-191024/1.0.0/Images/ACR-099/099_2.png"],"guid":"b1ac970c-a834-45f3-a7a2-59e224e4e8a9_1.0.0_1","appID":"MacCleansePro-191024","dateAdded":"191025","deceptorType":"MacOS App","name":"Mac Cleanse Pro","company":"SABURI TLC WORLDWIDE SERVICES PRIVATE LIMITED","version":"1.0.0","sigName":"Deceptor:MacOS/MacCleansePro!004084","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"200203","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-02-04T00:27:00.4337127+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2017},{"violations":{"ACR-003":"The app shows gauges and words, \"errors\" & \"issues\"in red/orange/yellow colors and exaggerates scanned items as a HIGH or MEDIUM system impact issue, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. Scheduled scan task remains even if user disabled the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"The App implies that it is fixing the issues resulted from free scan, but did not shows if the fix is successful.  When user perform re-scan the App shows the same issues again.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"Smart_Reg_Optimizer.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"Smart Reg Optimizer                                         ","productVersion":"V6.9.0                                            ","fileVersion":"                    ","hashMD5":"0e1ad5ba02e6b80a6461e314f6858a5f","hashSHA1":"7f12f281038e82bb8b8d993eab0c0737a0bb4ee1","hashSHA256":"b6dc5dc2169f9ccd6d18f95f033d56582954f1b58ffd3133532dfd2251446f93","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2374","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","COMODO Antivirus (20191223)","Dr.Web Security Space (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Windows Defender (20191223)"],"avAllowList":["Quick Heal Internet Security (20191223)","Webroot SecureAnywhere (20191223)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Smart Reg Optimizer\\Smart_Reg_Optimizer.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"Smart_Reg_Optimizer","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"267277d9cd45ef09fb0b2b86338db654","hashSHA1":"1f5e1913f9704a164af77f171c8676585d7e6be1","hashSHA256":"5fc1a5a72794dc61312fdbaaa91a212183b1752f056af8142e8c387b86b992fe","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2374","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"related to PC Power Plus (www.smartregcare.com)","reference":"https://www.smartregcare.com/smartregoptimiser","landingPage":"https://www.smartregcare.com/smartregoptimiser","directDownloadingLink":"https://www.smartregcare.com/Downloads/exe/Smart_Reg_Optimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.smartregcare.com/Downloads/exe/Smart_Reg_Optimizer.exe","sourceIndex":"2374"}],"sampleFiles":["191025/SmartRegOptimizer-191022/6.9.0/Samples/Smart_Reg_Optimizer.exe","191025/SmartRegOptimizer-191022/6.9.0/Samples/Smart_Reg_Optimizer(main_exe).exe"],"imageFiles":["191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-003/scan.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-003/details.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-003/main.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-084/084.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-168/main.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-168/register.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-014/fixing.png"],"nonDeceptorImageFiles":["191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-168/168.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-161/161.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-099/about.png","191025/SmartRegOptimizer-191022/6.9.0/Images/ACR-065/about.png"],"guid":"a96db486-64d3-4eb4-9031-83464fcf6301_6.9.0_1","appID":"SmartRegOptimizer-191022","dateAdded":"191025","deceptorType":"App","name":"Smart Reg Optimizer","company":"Econosoft Global Services PTE. LTD.","version":"6.9.0","sigName":"Deceptor:Win32/SmartRegOptimizer!003084014168","lastKnownStatus":"Deceptor:6.9.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T03:05:09.5127675+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2016},{"violations":{"ACR-043":"App doesn't disclose that it will install/use a third party AV engine.\n","ACR-107":"Application uses Avira antivirus components without disclosing it in the Eula and honoring the same level license requirement.\n","ACR-003":"After scanning, the App displays a voice message saying \"Warning!\" BitSecureAV has detected [xxx] unwanted items which can be critical to your Microsoft Windows [X] system's performance. Click on Get Protected to fix these items.\", thereby misleading or scaring user to take action.\n","ACR-017":"Using unverifiable 3rd party award logo of AppEsteem and Checkmark Certified for misleading endorsement. The offered app have never pass AppEsteem certification.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n"},"nonDeceptorViolations":{"ACR-167":"The application only offers a 14 days return policy. It is also unclear if the refund policy is 14 days or 60 days.\n"},"samples":[{"isRevoked":"False","fileName":"bitsecureav.exe","isInstaller":"True","companyName":"bitsecureav.com","productName":"BitSecure AV","productVersion":"1.0.0.10","fileVersion":"1.0.0.10","hashMD5":"ea01b35cab9a23984564f6b208b34a93","hashSHA1":"abfa1c4377ffe0937ae5843ba89a54a9a5a39830","hashSHA256":"c8dc3d71e7386fd3ceb801d12433566e16ef5594194a2ddc1e206539aa19c614","digitalCertThumbprint":"7D34507288B331FD512E677F66048351E705F3C2","sourceIndex":"2598","avBlockList":["360 Total Security (20191121)","Avast Internet Security (20191121)","AVG Internet Security (20191121)","Bitdefender Internet Security (20191121)","Dr.Web Security Space (20191121)","ESET Internet Security (20191121)","G DATA INTERNET SECURITY (20191121)","K7 Total Security (20191121)","Kaspersky Internet Security (20191121)","Malwarebytes Premium (20191121)","McAfee Total Protection (20191121)","Norton Security (20191121)","Panda Dome (20191121)","Quick Heal Internet Security (20191121)","Sophos Home Premium (20191121)","Tencent PC Manager (20191121)","Trend Micro Internet Security (20191121)","VIPRE Advanced Security (20191121)","VirIT eXplorer PRO (20191121)","Webroot SecureAnywhere (20191121)","Windows Defender (20191121)"],"avAllowList":["Avira Internet Security (20191121)","COMODO Antivirus (20191121)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitSecure AV\\bsav.exe","companyName":"bitsecureav.com","productName":"BitSecure AV","productVersion":"1.0.0.10","fileVersion":"1.0.0.10","hashMD5":"91e24a4d50353befed2b548b9a8eb71f","hashSHA1":"44993d402adae45849129c483c8c426b5cc5563f","hashSHA256":"679ded7c33f3b1ae56271411d224049c48731a8e7d2450596f15bef1b01fba75","digitalCertThumbprint":"7D34507288B331FD512E677F66048351E705F3C2","sourceIndex":"2598","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\BitSecure AV\\bsavprotection.exe","companyName":"bitsecureav.com","productName":"BitSecure AV","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"e4568a3ccf7569be58be8a7fe050c4a7","hashSHA1":"2dfa1ae4960238abf134fa64c225f15382052bb4","hashSHA256":"83a4480b14f11a15a8606a243c58f818e58cbecd3c6ce470177b6edfb617a080","digitalCertThumbprint":"7D34507288B331FD512E677F66048351E705F3C2","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DIGITAL PROTECTION SERVICES S.R.L., O=DIGITAL PROTECTION SERVICES S.R.L., STREET=Str. Crisanei Nr.9, L=Sibiu, S=Sibiu, PostalCode=550012, C=RO, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=RO, SERIALNUMBER=39653528","sourceIndex":"2598","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"advanced real-time protection\"","reference":"https://bitsecureav.com/","landingPage":"https://bitsecureav.com/","directDownloadingLink":"https://bgtc.bitsecureav.com/btsav/builds/10010/bitsecureav.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://bgtc.bitsecureav.com/btsav/builds/10010/bitsecureav.exe","sourceIndex":"2598"}],"sampleFiles":["191022/BitSecureAV-191016/1.0.0.10/Samples/bitsecureav.exe","191022/BitSecureAV-191016/1.0.0.10/Samples/bsav.exe","191022/BitSecureAV-191016/1.0.0.10/Samples/bsavprotection.exe"],"imageFiles":["191022/BitSecureAV-191016/1.0.0.10/Images/ACR-107/107.png","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-107/107_2.png","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-017/017.png","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-084/084.png","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-003/003_014.mp4","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-003/scan.png","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-003/004.png","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-043/107.png"],"nonDeceptorImageFiles":["191022/BitSecureAV-191016/1.0.0.10/Images/ACR-165/auto_renew.png","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-167/167.png","191022/BitSecureAV-191016/1.0.0.10/Images/ACR-167/167_2.png"],"guid":"a0143989-c4cb-4f8f-a740-a85bebb45e61_1.0.0.10_1","appID":"BitSecureAV-191016","dateAdded":"191022","deceptorType":"App","name":"Bit Secure AV","company":"DIGITAL PROTECTION SERVICES S.R.L.","version":"1.0.0.10","sigName":"Deceptor:Win32/BitSecureAV!107017084003043","lastKnownStatus":"Deceptor: 1.0.0.10","lastKnownDate":"191022","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-11-22T22:25:45.6597637+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2019},{"violations":{"ACR-003":"The app shows gauges and words, \"errors\", \"issues\" & \"poor\" in red/orange/yellow colors that indicates misleading urgency.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"Digital signature is required for one of the main executable \"pcpowerplus_protection.exe\" installed.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"pcpowerplus.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"PC Power Plus                                               ","productVersion":"1.0","fileVersion":"0.0.0.0         ","hashMD5":"7f21400219f8aaff3ab0079e59fc8829","hashSHA1":"ae299a4a21af2674836155956dde96299991f01d","hashSHA256":"7d2e8d01313aec0ac8cb4f4d99ed0148ec7d641d1fa3a0411905646103afdb6a","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2167","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","McAfee Total Protection (20191219)","Norton Security (20191219)","Panda Dome (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","Tencent PC Manager (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)","Windows Defender (20191219)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC Power Plus\\pcpowerplus.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"PC Power Plus","productVersion":"1.3.0.0","fileVersion":"1.3.0.0","hashMD5":"d14c001df5714781770df99502bc7454","hashSHA1":"810fc08bef787ea31355ec8e224e95f2e1150a6f","hashSHA256":"5fe331ae73a93fea4badeaddfad4a0e2aa5f924139bd3688ffcaf5c83ded0ec3","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2167","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC Power Plus\\pcpowerplus_protection.exe","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"PC Power Plus","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"d29964b93a1c05962b0c7b616b4e654d","hashSHA1":"c09f7b58b5e538a310ab0150a9900ed91b1d8dbc","hashSHA256":"56431cdaed9ceadbaeeb41d2a25fef328adcad03339ac70d062fbb2508cf6be3","sourceIndex":"2167","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"PC Optimizer Tool\"","reference":"https://www.smartregcare.com/Pcpowerplus","landingPage":"https://www.smartregcare.com/Pcpowerplus","directDownloadingLink":"https://www.smartregcare.com/Downloads/exe/pcpowerplus.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.smartregcare.com/Downloads/exe/pcpowerplus.exe","sourceIndex":"2167"}],"sampleFiles":["191022/PCPowerPlus-191021/1.0.0.0/Samples/pcpowerplus.exe","191022/PCPowerPlus-191021/1.0.0.0/Samples/pcpowerplus(main_exe).exe","191022/PCPowerPlus-191021/1.0.0.0/Samples/pcpowerplus_protection.exe"],"imageFiles":["191022/PCPowerPlus-191021/1.0.0.0/Images/ACR-003/system_cleaner.png","191022/PCPowerPlus-191021/1.0.0.0/Images/ACR-003/details.png","191022/PCPowerPlus-191021/1.0.0.0/Images/ACR-084/084.png","191022/PCPowerPlus-191021/1.0.0.0/Images/ACR-168/system_cleaner.png"],"nonDeceptorImageFiles":["191022/PCPowerPlus-191021/1.0.0.0/Images/ACR-168/168.png","191022/PCPowerPlus-191021/1.0.0.0/Images/ACR-161/161.png","191022/PCPowerPlus-191021/1.0.0.0/Images/ACR-092/092.png","191022/PCPowerPlus-191021/1.0.0.0/Images/ACR-099/about.png"],"guid":"c3e1910e-5569-44a6-a434-b4ebb046b0d6_1.0.0.0_1","appID":"PCPowerPlus-191021","dateAdded":"191022","deceptorType":"App","name":"PC Power Plus","company":"Econosoft Global Services PTE. LTD.","version":"1.0.0.0","sigName":"Deceptor:Win32/PCPowerPlus!003084168","lastKnownStatus":"1.0.0.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T04:40:18.1574016+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2018},{"violations":{"ACR-003":"App exaggerates the state of system health with alarming colors and gauges for non-alarming categories.\n","ACR-004":"App upsells to a subscription service, but does not provide free fixes for the free scan results shown. App exaggerates free scan results with alarming colors and uses gauges to describe \"improvement potential\".\n","ACR-084":"App does not provide a way to disable the auto-launch of the app\n","ACR-097":"App does not show itself in its own login item manager.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-038":"App installs to two install directories: one that does not refer to the product name.\n","ACR-040":"App installs part of the app in non-standard directory (smbstr)\n","ACR-161":"The application's webpage displays testimonial but does not provide any links back to a source so they can be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"smbstr_mtwsite.pkg","isInstaller":"True","companyName":"Isha Sharma","productName":"Smart Mac Booster","productVersion":"1.30.0","fileVersion":"1.30.0","hashMD5":"e317363b4bb87af5270a8107179a9db5","hashSHA1":"561da74c705a485a75aa32169c2aac7ebc110e48","hashSHA256":"ac023b13298c078caeb5a2819a4c0a1355e4b9ce515583efb61f05ceb417a0de","digitalCertThumbprint":"F2 74 2E 76 53 BB 47 3C 76 B9 04 A6 A5 5E 9C 50 05 3C 00 EB","digitalCertIssuer":"Apple Certification Authority","digitalCertIssuedTo":"Isha Sharma (LN8JAQSY3S)","sourceIndex":"1297","avBlockList":["Avast Security for Mac (20200116)","Avira Security for Mac (20200116)","Bitdefender Antivirus for Mac (20200116)","ESET Cyber Security Pro for Mac (20200116)","G DATA AntiVirus for Mac (20200116)","Kaspersky Internet Security for Mac (20200116)","Norton Security for Mac (20200116)","Trend Micro Antivirus for Mac (20200116)"],"avAllowList":["K7 Antivirus for Mac (20200116)","McAfee Internet Security for Mac (20200116)","Sophos Home Premium For Mac (20200116)"]},{"isRevoked":"False","fileName":"smbstrhlpr","companyName":"Isha Sharma","productVersion":"1.30.0","fileVersion":"1.30.0","hashMD5":"781003608621732dfeadc32f7bfeb4f1","hashSHA1":"e901f172ba398603dd4d04478f5483519458cf23","hashSHA256":"336189880a7f406226fd7908edc4deb7ea06b45edc4b5100521d5734227f1e7e","digitalCertIssuer":"","sourceIndex":"1297","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mmspd_mtwsite.pkg","isInstaller":"True","companyName":"Isha Sharma","productName":"My Mac Speedup","productVersion":"1.30.1 ","fileVersion":"1.30.1 ","hashMD5":"f3378b3684ab3fab0525c8b9c3fd73f2","hashSHA1":"f7515f13e8bf0ab39f554b7e71d5816c0abb7301","hashSHA256":"a6ce9757f368d51396505e4d5f21e06cd05aea245fe584d2e036f3398274650c","digitalCertThumbprint":"F2 74 2E 76 53 BB 47 3C 76 B9 04 A6 A5 5E 9C 50 05 3C 00 EB","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Isha Sharma (LN8JAQSY3S)","sourceIndex":"1298","avBlockList":["Avast Security for Mac (20200201)","Avira Security for Mac (20200201)","Bitdefender Antivirus for Mac (20200201)","ESET Cyber Security Pro for Mac (20200201)","G DATA AntiVirus for Mac (20200201)","K7 Antivirus for Mac (20200201)","Kaspersky Internet Security for Mac (20200201)","McAfee Internet Security for Mac (20200201)","Norton Security for Mac (20200201)","Sophos Home Premium For Mac (20200201)","Trend Micro Antivirus for Mac (20200201)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mcp_mcpsite.pkg","isInstaller":"True","companyName":"vijay ameta","productName":"Mac Cleanup Pro","productVersion":"4.1.0 ","fileVersion":"4.1.0 ","hashMD5":"a8021fe87bd9ff2ddd85bff5e91aac52","hashSHA1":"63ea994143c383b4a980f3520b86c2cedaf8c4f8","hashSHA256":"d706539101acaeff7b228c5f46a83b974e3f904313b4aa6ec2203ab7af1a9cc5","digitalCertThumbprint":"52 34 84 9B 89 D4 52 45 0D 68 5A 29 CB 41 31 0D FF 19 4C 75","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"vijay ameta (3Q3PBWQ48N)","sourceIndex":"1299","avBlockList":["Avast Security for Mac (20200206)","Avira Security for Mac (20200206)","Bitdefender Antivirus for Mac (20200206)","ESET Cyber Security Pro for Mac (20200206)","G DATA AntiVirus for Mac (20200206)","K7 Antivirus for Mac (20200206)","Kaspersky Internet Security for Mac (20200206)","McAfee Internet Security for Mac (20200206)","Norton Security for Mac (20200206)","Sophos Home Premium For Mac (20200206)","Trend Micro Antivirus for Mac (20200206)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ambstr_mtwsite.pkg","isInstaller":"True","companyName":"Lokanksha Sharma ","productName":"Auto Mac Booster","productVersion":"1.28.0 ","fileVersion":"1.28.0 ","hashMD5":"42bcd41c82769a0a4be53bc99fe5842d","hashSHA1":"bb39c72706d369c67f8d501d0fcb5ea237ff16f6","hashSHA256":"b2b25d7d54cb56a946f63b1e38048edc734546bf59c42c736d238d4997999aa6","digitalCertThumbprint":"3C 44 11 5E 44 92 76 7D 1E 21 F0 F3 A1 A6 E6 5F ED 34 5A A9","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Lokanksha Sharma (36MP935N57)","sourceIndex":"1300","avBlockList":["Avast Security for Mac (20200213)","Avira Security for Mac (20200213)","Bitdefender Antivirus for Mac (20200213)","ESET Cyber Security Pro for Mac (20200213)","G DATA AntiVirus for Mac (20200213)","K7 Antivirus for Mac (20200213)","Kaspersky Internet Security for Mac (20200213)","McAfee Internet Security for Mac (20200213)","Norton Security for Mac (20200213)","Sophos Home Premium For Mac (20200213)","Trend Micro Antivirus for Mac (20200213)","Webroot SecureAnywhere AntiVirus for Mac (20200213)"],"avAllowList":[]},{"isRevoked":"False","fileName":"amspd_mtwsite.pkg","isInstaller":"True","companyName":"Bimal Sharma","productName":"Auto Mac Speedup","productVersion":"1.30.0","fileVersion":"1.30.0","hashMD5":"d2e7eda4cea09568af473ee09c63c36b","hashSHA1":"6676d7d2df9479c45d409530aa430eb25f78974f","hashSHA256":"16ca66e09667681ba70f18b0c051e80d489a4c6e1188deac83acca25b4587770","digitalCertThumbprint":"4D 8A B7 A8 9E 84 8E 4D EB C7 5D E6 71 85 F4 15 4E B9 88 7C","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Bimal Sharma (WQZ6U6WDNS)","sourceIndex":"1301","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mentzr_mtwsite.pkg","isInstaller":"True","companyName":"lakshya Sharma","productName":"Mac Entizer","productVersion":"1.29.0","fileVersion":"1.29.0","hashMD5":"77923340bf2f965f82db379ae7037813","hashSHA1":"e7c36464a622200f903cd9ce447b9252d6e19b9e","hashSHA256":"dbc287504799917253d6896970f11f4088dff4a061579cc8a8327d008f207213","digitalCertThumbprint":"36 85 BB 65 B1 01 C0 68 B4 6B 9D F4 64 0B 28 EB 8D 9D C5 33","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"lakshya Sharma (8WR5NHF36F)","sourceIndex":"1302","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sprmc_mtwsite.pkg","isInstaller":"True","companyName":"Rahul Gahlot","productName":"Super Mac Cleaner","productVersion":"1.30.0","fileVersion":"1.30.0","hashMD5":"3e0631d2f69871fe9e838ab1fe6a184d","hashSHA1":"9eb5f33cbf1f95d964ce1b8d745e66fc05636c10","hashSHA256":"b5bb70b5e65e0d511d9609c0eb9e0ead3a6f09d31704217732edac51f311356b","digitalCertThumbprint":"4C 92 F7 30 95 1C 59 A6 1D 2E 64 68 FA 5A A7 D8 08 07 09 57","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Rahul Gahlot (RZ74UYT742)","sourceIndex":"1303","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"msp_mtwsite.pkg","isInstaller":"True","companyName":"vijay ameta","productName":"Mac Speedup Pro","productVersion":"1.31.0 ","fileVersion":"1.31.0 ","hashMD5":"668c41e53bc970226fc6858d53e71082","hashSHA1":"e02b0aa70abd85c52658d856bf34a4f52a124f99","hashSHA256":"e734cd127ccaeeeba6a4c865b136c54e2aebdc154070b948ee14edf7169b7e8a","digitalCertThumbprint":"52 34 84 9B 89 D4 52 45 0D 68 5A 29 CB 41 31 0D FF 19 4C 75","digitalCertIssuer":"Apple Root CAsm","digitalCertIssuedTo":"vijay ameta (3Q3PBWQ48N)","sourceIndex":"1304","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"amb_mtwsite.pkg","isInstaller":"True","companyName":"lakshya Sharma","productName":"Advanced Mac Booster","productVersion":"1.30.0","fileVersion":"1.30.0","hashMD5":"e88d6a045e5916c78801786be1020676","hashSHA1":"c66351a8ba91b749ae8b1e75636d01a3805767bepkg","hashSHA256":"3fdb626d75898aa8aedbb0b60b642709f965093abf0a5bb17dd2314a495f28b9","digitalCertIssuedTo":"lakshya Sharma (8WR5NHF36F)","sourceIndex":"1305","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"msp_mtwsite-2.pkg","isInstaller":"True","companyName":"Tanvi Jain ","productName":"Mac Tuneup","productVersion":"1.31.0","fileVersion":"1.31.0","hashMD5":"dd55fe4f89f094bc2002eb5fb54e925e","hashSHA1":"7f56898bf4e60b97ecbb479ae2b2f175aac8f2f3","hashSHA256":"97d6b4a6ce2b95c6275d8adf12468d0e206745162daed10324efa40cc1b53ef0","digitalCertThumbprint":"08 85 5F 8E 99 D5 A9 DB 23 60 FD 7D 1C 69 43 9D 8F 33 B0 6E","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Tanvi Jain (PY4XW57S8W)","sourceIndex":"1306","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spdmpr_mtwsite.pkg","isInstaller":"True","companyName":"Kapil Dev Singh","productName":"Speedup Mac Pro","productVersion":"1.30.1 ","fileVersion":"1.30.1 ","hashMD5":"f3c8683735d5b9789594bacd96507cd3","hashSHA1":"3a5b6cf99284ac4676d7b5cedddfeabf67f5dcfb","hashSHA256":"998140793828ed35adb8611310ed2692d69f36c1a904150670ec701d6d8ecf0f","digitalCertThumbprint":"88 34 61 0A 99 B2 1C B5 6E 4F E0 0A 77 D7 56 F3 17 ED 4F 71","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Kapil Dev Singh (UFCZVF8F93)","sourceIndex":"1307","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bstmmc_mtwsite.pkg","isInstaller":"True","companyName":"Himanshu Sirohi","productName":"Boost My Mac","productVersion":"1.29.0","fileVersion":"1.29.0","hashMD5":"d5eaad5139bce928ff6992395abd4b60","hashSHA1":"52c7b0ad55bba1409b38bdebc1967069fe0612b3","hashSHA256":"394efda26ab4ef21bd5306cffa9654fb4894331bc3c3e69d81bc5ba4f05dbe13","digitalCertThumbprint":"4 81 B3 D6 7D 99 34 6B 9A 8E 8B 48 98 AC B4 3D AA 13 84 38","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Himanshu Sirohi (4462G24G8D)","sourceIndex":"1308","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qmspd_mtwsite.pkg","isInstaller":"True","companyName":"Tanvi Jain","productName":"Qbit Mac Speedup","productVersion":"1.29.0 ","fileVersion":"1.29.0 ","hashMD5":"34a18cd80bb5243b1708478840e98d0a","hashSHA1":"1940723a66095835164648c52c5983c1e1a5a90d","hashSHA256":"73c4d1a8b70b8beeff0813db400155a3a9d4da546de8ee43cea40140db648fc7","digitalCertThumbprint":"08 85 5F 8E 99 D5 A9 DB 23 60 FD 7D 1C 69 43 9D 8F 33 B0 6E","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Tanvi Jain (PY4XW57S8W)","sourceIndex":"1309","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"maccleaner.pkg","isInstaller":"True","companyName":"praveen kumar","productName":"Mac Tweak","productVersion":"1.28.0","fileVersion":"1.28.0","hashMD5":"335fed2ea3c9db3a608b2c27570f7364","hashSHA1":"b330b4266e68c52ea6e4d364c589213f31f3ef75","hashSHA256":"2d28c5de295e6e573bbc7f270610be146230fbb042cb6c7c7cede9555322bd3d","digitalCertThumbprint":"1D 01 27 72 98 1F 70 BE 92 17 A0 E0 CE 56 BD DB 88 A2 8D E7","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"praveen kumar (QUXQNS9D6T)","sourceIndex":"1311","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mrp_mrpsite.pkg","isInstaller":"True","companyName":"Techyutils Software Private Limited","productName":"MacRapidizer","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"a4eb0e3b6fcd677e1b96f35468d5f010","hashSHA1":"ad79e23f8199e0448aaadeda4cf90fe6c666455b","hashSHA256":"b7504f40d1e03ea76e76b509a5d31da7ad5a95625a5726b576f9639d9157f073","digitalCertThumbprint":"EE 85 1B E2 07 07 8F F9 3D 8D CA 8A F0 FE B5 F0 4B 75 70 0E","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Techyutils Software Private Limited (VS9Q8BRRRJ)","sourceIndex":"1312","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mmc_site.pkg","isInstaller":"True","companyName":"vijay ameta","productName":"Mac Mechanic","productVersion":"1.21.0","fileVersion":"1.21.0","hashMD5":"14268940703f0e787a0ac80742db6c29","hashSHA1":"d30611af55db30d33121d866b29043529a3d62a7","hashSHA256":"cf05a7e1c05bfd03273cac82e6aad2cf7d2bddd2ecfccd64168ad582f8ffdca9","digitalCertThumbprint":"52 34 84 9B 89 D4 52 45 0D 68 5A 29 CB 41 31 0D FF 19 4C 75","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"vijay ameta (3Q3PBWQ48N)","sourceIndex":"1313","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cpmc_mtwsite.pkg","isInstaller":"True","companyName":"Kapil Dev Singh","productName":"Cleanup My Mac","productVersion":"1.31.0","fileVersion":"1.31.0","hashMD5":"1c0c02a9ea071a22333412b80c5d32e0","hashSHA1":"43639de1f0ff0260d9515c2c8492a89525739304","hashSHA256":"ca0a2d6a935dea7efbb320dcc3468e5a202dc64e1c6a5b3f9b273104b57c02d4","digitalCertThumbprint":"88 34 61 0A 99 B2 1C B5 6E 4F E0 0A 77 D7 56 F3 17 ED 4F 71","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Kapil Dev Singh (UFCZVF8F93)","sourceIndex":"1314","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"maccleaner (1.32.0).pkg","isInstaller":"True","companyName":"Baldev Sharma","productName":"Smart Mac Cleaner","productVersion":"1.32.0","fileVersion":"1.32.0","hashMD5":"d0886ea2fb9a3f4e0e193dfef950a5ff","hashSHA1":"99fa29640b1aada0ff85a218b41db8a44dee5d67","hashSHA256":"1346ca414cea7ef240dabc78280c72593424a97de59556c56090ab56458422fc","digitalCertThumbprint":"22 35 04 BE 2E 93 43 27 15 EF 9B 90 7D 79 D9 C3 FC FA 01 15","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Baldev Sharma (2D9989J3P2)","sourceIndex":"1315","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qmc_mtwsite.pkg","isInstaller":"True","companyName":"Baldev Sharma","productName":"Qbit Mac Cleaner","productVersion":"1.29.0","fileVersion":"1.29.0","hashMD5":"932f2a9f69ce1dd55fa3b68065221976","hashSHA1":"795098226a7ceaf739379c56f4f07049002ddaf7","hashSHA256":"bc21cbf8921d4efd2396c1b14aa74471a06f15a51a2dc233b336acfb433f9ab5","digitalCertThumbprint":"22 35 04 BE 2E 93 43 27 15 EF 9B 90 7D 79 D9 C3 FC FA 01 15","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Baldev Sharma (2D9989J3P2)","sourceIndex":"1316","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"maccleaner (1.30.2).pkg","isInstaller":"True","companyName":"Kapil Dev Singh","productName":"Speedup Mac Pro","productVersion":"1.30.2","fileVersion":"1.30.2","hashMD5":"7a4dee940c1f9abc21bed4385512533f","hashSHA1":"e69d7faacdfed37aff01d6657deb4cf61bca73bc","hashSHA256":"c1d0d6bcc1695e365d30ed47133fad45fde1a37efe6f1ff1c80d4e11806dd814","digitalCertThumbprint":"88 34 61 0A 99 B2 1C B5 6E 4F E0 0A 77 D7 56 F3 17 ED 4F 71","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Kapil Dev Singh (UFCZVF8F93)","sourceIndex":"1317","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mfrp_mtwsite.pkg","isInstaller":"True","companyName":"Lokanksha Sharma","productName":"Mac Fixer Pro","productVersion":"1.29.0","fileVersion":"1.29.0","hashMD5":"c70df01a0affcc501633685345dabf78","hashSHA1":"5085136f87b8b9200e11aaf45adbc53b064d90c2","hashSHA256":"d79e86d55a0236839bc5e438a8ac3ba47c0479cdeea8ef88c175cb95828be2ee","digitalCertThumbprint":"86 E6 82 C0 39 3F 83 FB 6B EF B5 B8 24 D5 03 C5 59 7E B0 D8","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Lokanksha Sharma (36MP935N57)","sourceIndex":"1320","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Free Scan. Purchase is required to unlock full functionality.\" QbitMac","reference":"smartmacbooster.com","landingPage":"smartmacbooster.com","directDownloadingLink":"http://dl.smartmacbooster.com/smbstr/builds/smbstr_mtwsite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.smartmacbooster.com/smbstr/builds/smbstr_mtwsite.pkg","sourceIndex":"1297"},{"howFound":"","reference":"My Mac Speedup","landingPage":"http://mymacspeedup.com","directDownloadingLink":"http://dl.mymacspeedup.com/mmspd/builds/mmspd_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1298"},{"howFound":"","reference":"Mac Cleanup Pro","landingPage":"http://www.maccleanuppro.com","directDownloadingLink":"http://cdn.maccleanuppro.com/mcp/builds/mcp_mcpsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1299"},{"howFound":"","reference":"Auto Mac Booster","landingPage":"http://automacbooster.com/","directDownloadingLink":"http://dl.automacbooster.com/ambstr/builds/ambstr_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1300"},{"howFound":"","reference":"Auto Mac Speedup","landingPage":"http://www.automacspeedup.com","directDownloadingLink":"http://dl.automacspeedup.com/amspd/builds/amspd_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1301"},{"howFound":"","reference":"Mac Entizer","landingPage":"http://mac-entizer.com/","directDownloadingLink":"http://dl.mac-entizer.com/mentzr/builds/mentzr_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1302"},{"howFound":"","reference":"Super Mac Cleaner","landingPage":"http://www.supermaccleaner.com/","directDownloadingLink":"http://dl.supermaccleaner.com/sprmc/builds/sprmc_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1303"},{"howFound":"","reference":"Mac Speedup Pro","landingPage":"http://mac-speedup-pro.com/","directDownloadingLink":"http://dl.mac-speedup-pro.com/msp/builds/msp_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1304"},{"howFound":"","reference":"Advanced Mac Booster","landingPage":"http://www.advancedmacbooster.com/","directDownloadingLink":"http://dl.advancedmacbooster.com/amb/builds/amb_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1305"},{"howFound":"","reference":"Mac Tuneup","landingPage":"http://mactune-up.com/","directDownloadingLink":"http://dl.mactune-up.com/mtpu/builds/msp_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1306"},{"howFound":"","reference":"Speedup Mac Pro","landingPage":"http://www.speedupmacpro.com/","directDownloadingLink":"http://dl.speedupmacpro.com/spdmpr/builds/spdmpr_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1307"},{"howFound":"","reference":"Boost My Mac","landingPage":"http://boost-mymac.com/","directDownloadingLink":"http://dl.boost-mymac.com/bstmmc/builds/bstmmc_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1308"},{"howFound":"","reference":"Qbit Mac Speedup","landingPage":"http://qbitmacspeedup.com/","directDownloadingLink":"http://dl.qbitmacspeedup.com/qmspd/builds/qmspd_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1309"},{"howFound":"","reference":"Mac Cleanup Pro","landingPage":"http://www.macclean-pro.com","directDownloadingLink":"http://cdn.macclean-pro.com/mcp/builds/mcp_mcpsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1310"},{"howFound":"","reference":"Mac Tweak","landingPage":"http://mac-tweak.com","directDownloadingLink":"http://cdn.mac-tweak.com/mtw/builds/mtwsite/maccleaner.pkg","ipv4":"","ipv6":"","sourceIndex":"1311"},{"howFound":"","reference":"MacRapidizer","landingPage":"http://www.mac-rapidizer.com","directDownloadingLink":"http://cdn.mac-rapidizer.com/mrp/builds/mrp_mrpsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1312"},{"howFound":"","reference":"Mac Mechanic","landingPage":"http://www.maccleanuptools.co","directDownloadingLink":"http://cdn.advancedmactools.com/mmc/builds/mmc_site.pkg","ipv4":"","ipv6":"","sourceIndex":"1313"},{"howFound":"","reference":"Cleanup My Mac","landingPage":"http://cleanup-mymac.com","directDownloadingLink":"http://dl.cleanup-mymac.com/cpmc/builds/cpmc_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1314"},{"howFound":"","reference":"Smart Mac Cleaner","landingPage":"http://www.smart-maccleaner.com","directDownloadingLink":"http://dl.smart-maccleaner.com/smrtc/builds/smrtc_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1315"},{"howFound":"","reference":"Qbit Mac Cleaner","landingPage":"http://qbitmaccleaner.com","directDownloadingLink":"http://dl.qbitmaccleaner.com/qmc/builds/qmc_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1316"},{"howFound":"","reference":"Speedup Mac Pro","landingPage":"http://mbitmacspeed.live","directDownloadingLink":"http://dl.mbitmacspeed.live/setups/spdmpr/c9/l1/maccleaner.pkg","ipv4":"","ipv6":"","sourceIndex":"1317"},{"howFound":"","reference":"Mac Mechanic","landingPage":"http://www.advancemactools.com","directDownloadingLink":"http://cdn.advancedmactools.com/mmc/builds/mmc_site.pkg","ipv4":"","ipv6":"","sourceIndex":"1318"},{"howFound":"","reference":"Advanced Mac Cleaner","landingPage":"http://advancedmactuner.com","directDownloadingLink":"http://cdn.maccleanertools.com/amc/builds/amc_amcapstm.pkg","ipv4":"","ipv6":"","sourceIndex":"1319"},{"howFound":"","reference":"Mac Fixer Pro","landingPage":"http://www.macfixerpro.com","directDownloadingLink":"http://dl.macfixerpro.com/mfrp/builds/mfrp_mtwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"1320"}],"sampleFiles":["191016/SmartMacBooster-190529/1.30.0/Samples/smbstr_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/smbstrhlpr","191016/SmartMacBooster-190529/1.30.0/Samples/mmspd_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/mcp_mcpsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/ambstr_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/amspd_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/mentzr_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/sprmc_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/msp_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/amb_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/msp_mtwsite-2.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/spdmpr_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/bstmmc_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/qmspd_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/maccleaner.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/mrp_mrpsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/mmc_site.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/cpmc_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/maccleaner (1.32.0).pkg","191016/SmartMacBooster-190529/1.30.0/Samples/qmc_mtwsite.pkg","191016/SmartMacBooster-190529/1.30.0/Samples/maccleaner (1.30.2).pkg","191016/SmartMacBooster-190529/1.30.0/Samples/mfrp_mtwsite.pkg"],"imageFiles":["191016/SmartMacBooster-190529/1.30.0/Images/ACR-003/scan.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-003/main.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-004/scan.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-004/main.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-004/048.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-004/004_171.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-004/004_2.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-084/084.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-014/scan.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-097/097.png"],"nonDeceptorImageFiles":["191016/SmartMacBooster-190529/1.30.0/Images/ACR-171/004_171.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-171/004_2.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-161/161.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-038/038_040.png","191016/SmartMacBooster-190529/1.30.0/Images/ACR-040/038_040.png"],"guid":"230f8c3a-039b-4b90-828f-d6e49974d320_1.30.0_1","appID":"SmartMacBooster-190529","dateAdded":"191016","deceptorType":"MacOS App","name":"QbitMac","company":"Isha Sharma","version":"1.30.0","sigName":"Deceptor:MacOS/QbitMac!003004084014097 ","lastKnownStatus":"1.30.0","lastKnownDate":"191016","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:47.585646+00:00","notDistributed":true,"familyName":"Qbit","numInFamily":4,"numInAppID":1,"sortOrder":2020},{"violations":{"ACR-003":"The app shows gauges and words, \"errors\", \"issues\", \"poor\" & \"you are no longer protected\" in red/orange/yellow colors that indicates misleading urgency.\n","ACR-004":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. The App perform a free scan even if the trial version is already expired and requiring customer to purchase the app to fix the issues found.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"Digital signature is required for one of the main executable \"thepcpower_protection.exe\" installed.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\The PC Power\\thepcpower.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"The PC Power","productVersion":"1.3.0.0","fileVersion":"1.3.0.0","hashMD5":"bd8609454e4a9ba7f09615fa363d12a1","hashSHA1":"8a64c1b11b7e85f120b0b84eb3706ba773b6c780","hashSHA256":"e1b31698e733364e6a5313278ddbc5f456bbc4485102b64e194018766e694e86","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2168","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"thepcpower.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"The PC Power                                                ","productVersion":"V1.0.0                                            ","fileVersion":"                    ","hashMD5":"404b6b103ad4040ae515eb1d25ca87af","hashSHA1":"6dca431172251de92b708f432ca2c979fb796f20","hashSHA256":"1aad6d1ea08890ea79abf077e7d4c2ec9875224221d95b59ebb985494bc0a806","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Econosoft Global Services PTE. LTD., O=Econosoft Global Services PTE. LTD., STREET=\"10 Anson Road, 22-02 International Plaza\", L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201811987R, OID.2.5.4.15=Private Organization","sourceIndex":"2168","avBlockList":["360 Total Security (20191209)","Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Quick Heal Internet Security (20191209)","Sophos Home Premium (20191209)","Tencent PC Manager (20191209)","Trend Micro Internet Security (20191209)","VIPRE Advanced Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\The PC Power\\thepcpower_protection.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"The PC Power Protection","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1797bb536a33f3dd28d66aad0e0f2d7a","hashSHA1":"c55982ed2f8605e9fa04e72b85a231810ffe7c7e","hashSHA256":"aa312d06b126354a5e66d4ddb920e267b4ce053eb2f33c2616460c4043c2b03c","sourceIndex":"2168","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"PC Optimizer Tool\"","reference":"https://thepcpower.com/en/index.php","landingPage":"https://thepcpower.com/en/index.php","directDownloadingLink":"https://thepcpower.com/downloads/exe/sm/en/thepcpower.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://thepcpower.com/downloads/exe/sm/en/thepcpower.exe","sourceIndex":"2168"}],"sampleFiles":["191011/ThePCPower-191011/1.0.0.0/Samples/thepcpower (main_exe).exe","191011/ThePCPower-191011/1.0.0.0/Samples/thepcpower.exe","191011/ThePCPower-191011/1.0.0.0/Samples/thepcpower_protection.exe"],"imageFiles":["191011/ThePCPower-191011/1.0.0.0/Images/ACR-003/scan.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-003/004.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-003/003.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-004/scan.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-004/004_2.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-004/004.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-004/004_3.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-004/004_4.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-004/004_5.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-084/084.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-168/scan.png"],"nonDeceptorImageFiles":["191011/ThePCPower-191011/1.0.0.0/Images/ACR-168/168.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-161/161.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-092/092.png","191011/ThePCPower-191011/1.0.0.0/Images/ACR-099/about.png"],"guid":"6fd3a97c-164f-431c-947b-460d58c0b288_1.0.0.0_1","appID":"ThePCPower-191011","dateAdded":"191011","deceptorType":"App","name":"The PC Power","company":"Econosoft Global Services PTE. LTD.","version":"1.0.0.0","sigName":"Deceptor:Win32/ThePCPower!003004084168","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2020-07-14T04:39:17.4288667+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2024},{"violations":{"ACR-005":"The extension's homepage doesn't indicate that it's an extension, leading users to believe the extension is part of chrome. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google searched \"If you have any questions about this Privacy Policy, or the practices of our Service, please contact us at\"","landingPage":"http://www.homenewtab.com/welcome.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/home-new-tab-page/ehhkfhegcenpfoanmgfpfhnmdmflkbgk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/home-new-tab-page/ehhkfhegcenpfoanmgfpfhnmdmflkbgk","sourceIndex":"3320"}],"sampleFiles":[],"imageFiles":["190121/Homenewtab-181015/1.12.21.1/Images/ACR-005/newtab1.PNG"],"nonDeceptorImageFiles":[],"guid":"46d076b8-b218-48b5-a999-9b565ff9dae6_1.12.21.1_1","appID":"Homenewtab-181015","dateAdded":"191008","deceptorType":"Chrome Extension","name":"Homenewtab","company":"www.homenewtab.com","version":"1.12.21.1","sigName":"Deceptor:CRX/Homenewtab!005","lastKnownStatus":"Deceptor:1.10.15.1,1.12.21.1,2.4.8.1,2.9.13.1","lastKnownDate":"191008","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2019-10-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2026},{"violations":{"ACR-005":"The newtab page is lacking attribution, which leaves the consumer thinking this extension is part of chrome.\n","ACR-006":"Extension doesn't disclose all value propositions. It uses Yahoo! search engine in new tab page.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"extension_2_9_13_1.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"0144aee9b11ef492995b974b73f6b1279eed8379833b8ea28d64ed5926dcae25","sourceIndex":"2648","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google searched \"If you have any questions about this Privacy Policy, or the practices of our Service, please contact us at\"","landingPage":"http://www.homenewtab.com/welcome.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/home-new-tab-page/ehhkfhegcenpfoanmgfpfhnmdmflkbgk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/home-new-tab-page/ehhkfhegcenpfoanmgfpfhnmdmflkbgk","sourceIndex":"2648"}],"sampleFiles":["191008/Homenewtab-181015/2.9.13.1/Samples/extension_2_9_13_1.crx"],"imageFiles":["191008/Homenewtab-181015/2.9.13.1/Images/ACR-005/ACR-005 Software .png","191008/Homenewtab-181015/2.9.13.1/Images/ACR-006/DiscloseValueProposition.PNG"],"nonDeceptorImageFiles":[],"guid":"46d076b8-b218-48b5-a999-9b565ff9dae6_2.9.13.1_1","appID":"Homenewtab-181015","dateAdded":"191008","deceptorType":"Chrome Extension","name":"Homenewtab","company":"www.homenewtab.com","version":"2.9.13.1","lastKnownStatus":"Deceptor:1.10.15.1,1.12.21.1,2.4.8.1,2.9.13.1","lastKnownDate":"191008","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2019-10-08T23:24:22.5751818+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2025},{"violations":{"ACR-005":"The newtab page is lacking attribution, which leaves the consumer thinking this extension is part of chrome.\n","ACR-085":"The app does not use encryption to protect the user data during searches.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Home-New-Tab-Page_v1.10.15.1.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"76a1f77f5d6321205fa8e865d9388f50","hashSHA1":"dea4843b2231bb12c3d526105a87f8aa7a7e4739","hashSHA256":"b50c722aaccaebc450c7369c587a190e574a7b74a1852774a1fd1968342b6f41","sourceIndex":"3545","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google searched \"If you have any questions about this Privacy Policy, or the practices of our Service, please contact us at\"","landingPage":"http://www.homenewtab.com/welcome.html","directDownloadingLink":"https://chrome.google.com/webstore/detail/home-new-tab-page/ehhkfhegcenpfoanmgfpfhnmdmflkbgk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/home-new-tab-page/ehhkfhegcenpfoanmgfpfhnmdmflkbgk","sourceIndex":"3545"}],"sampleFiles":["181018/Homenewtab-181015/1.10.15.1/Samples/Home-New-Tab-Page_v1.10.15.1.crx"],"imageFiles":["181018/Homenewtab-181015/1.10.15.1/Images/ACR-085/ACR-085_software.mp4","181018/Homenewtab-181015/1.10.15.1/Images/ACR-005/ACR-005_software.JPG"],"nonDeceptorImageFiles":[],"guid":"46d076b8-b218-48b5-a999-9b565ff9dae6_1.10.15.1_1","appID":"Homenewtab-181015","dateAdded":"191008","deceptorType":"Chrome Extension","name":"Homenewtab","company":"www.homenewtab.com","version":"1.10.15.1","sigName":"Deceptor:CRX/Homenewtab!005","lastKnownStatus":"Deceptor:1.10.15.1,1.12.21.1,2.4.8.1,2.9.13.1","lastKnownDate":"191008","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2019-10-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2027},{"violations":{"ACR-014":"It uses fake error messages to trick users into calling hotlines and paying for unnecessary tech support services or downloading unnecessary application to fix issues that was not truthful.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","companyName":"1-866-534-2263","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-917-3258","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-476-8508","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-903-4211","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-781-0416","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-903-4181","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-781-0565","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-781-0188","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-208-8870","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-818-629-1592","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-261-3704","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-268-0666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-260-6968","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-319-6992","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-378-0714","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-212-9242","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-646-0795","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-441-0439","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-303-4313","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-441-0788","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-537-8961","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-441-0807","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-510-6166","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"09-70-18-13-67","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-921-1222","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-748-5728","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-659-7999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-346-1036","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(0)2070220828","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(013)02238060","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(013)42590058","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(03)86575266","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(03)8657-5321","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(030)30807257","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(040)87407257","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(07)3062-7243","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(1-833-870-9055","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(20)888-6480","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(32)025881811","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(32)063680584","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(33)0176363336","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(43)215-5911","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(6901443158195","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(833)332-3666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(833)332-3999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(833)801-6989","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(833)802-8800","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)200-3935","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)200-3946","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)-325-0270","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)378-0666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)393-0450","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)393-0484","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)393-0486","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)-584-7375","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)-731-1261","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)793-5936","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)869-5777","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(844)966-5100","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-205-9531","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)209-6074","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)214-7894","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-225-7708","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-225-8066","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)231-0539","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-239-2183","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-241-3845","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)241-4667","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-250-8770","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-257-7114","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-266-4554","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)266-4742","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)278-4738","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-322-7973","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)340-7428","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-351-1668","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-355-5293","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-356-7339","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-369-2906","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)391-2888","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)405-7100","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-447-0411","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-533-5796","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)550-2111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)622-1162","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)624-7391","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-649-8770","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-656-6781","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-700-0815","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)739-7816","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-739-7820","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-740-4839","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-744-7535","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)862-0306","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)-889-3085","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(855)894-7489","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)201-6421","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)201-6980","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)203-7969","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-230-0166","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-242-4511","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-246-4836","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-260-0177","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-273-6495","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)281-2116","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-285-2709","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)288-2359","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-290-5160","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-291-8355","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)298-8191","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-298-8192","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)304-3926","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)315-0847","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)332-5687","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-350-2508","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)366-2406","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)374-5877","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-383-9914","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-383-9915","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)402-1473","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-423-1070","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)424-8189","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-424-8267","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-428-8273","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-433-0787","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-433-0852","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)446-2174","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)455-9175","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)455-9333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-461-1815","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)475-7161","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)475-9024","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-491-1840","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)491-1851","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-537-8476","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-537-8543","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)644-1220","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-664-7153","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)664-7178","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-671-2872","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-745-9526","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-799-3813","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-804-9341","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-809-9055","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-811-5999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)811-6155","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-847-7752","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-853-5456","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-877-0206","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)888-0929","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(866)-897-2725","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-207-1433","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)211-6638","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-211-6638","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)217-6241","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)219-6084","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-219-6439","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)226-0927","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-245-8680","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-248-6220","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-249-0169","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)249-0473","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-257-5169","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)265-0722","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)384-3140","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-393-8186","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-507-9671","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)520-4840","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)636-0404","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-678-1575","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-679-5793","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)855-3653","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-855-3653","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)855-3656","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-856-4665","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)856-4874","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)870-1153","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(877)-873-3392","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)206-1755","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)215-8523","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-216-2759","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-218-0528","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-223-4021","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)241-1223","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)2444556","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)248-8302","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)271-9836","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)2839922","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)283-9922","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)289-1009","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-319-2624","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-453-1072","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-453-1525","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)466-6309","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-501-9477","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-563-5301","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)623-3295","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-649-3908","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-649-9652","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)660-1761","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)694-2168","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)694-2197","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-761-9452","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-799-5199","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)810-5341","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)810-8342","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)811-4180","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)829-5571","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)829-5736","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-829-5799","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-835-3145","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-857-7032","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-858-8266","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-858-8361","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)858-8437","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)869-4769","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)886-8732","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)-892-6972","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)894-5790","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"(888)992-3346","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-800-291-7514","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-800-741-0438","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-800-862-3971","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-833-248-5444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-833-248-5777","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-844-217-3666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-844-416-1777","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-844-441-4490","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-855-340-0999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-855-371-9444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-855-382-4333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-855-433-1222","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-855-433-1666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-855-433-5111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-888-334-1444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-888-549-8666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-888-578-9666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-888-696-0666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"001-888-711-6011","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"010-8080698","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-70-71-29-83","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-76-35-02-82","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-76-38-04-17","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-76-44-01-87","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-82-68","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-82-69","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-82-80","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-82-88","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-182-888-313","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-83-23","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-83-28","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-83-34","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-83-50","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-83-55","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-83-64","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-83-85","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-84-15","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-84-18","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-82-88-84-33","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-84-88-00-78","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-84-88-46-81","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-84-88-64-48","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-86-26-23-76","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-86-26-42-69","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"01-86-26-99-87","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-28-08-44-42","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"040-87407257","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-408-740-8503","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-408-740-9127","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"076-888-8369","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"07  6-888-8645","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-014-8580","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-041-8236","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-041-8255","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-041-8266","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-046-5039","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-046-5067","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-046-5230","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-046-5257","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-046-5264","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-046-5275","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-069-8038","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0800-086-9887","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0800-086-9891","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0800-086-9895","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0800-086-9897","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0800-086-9967","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-090-3815","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-098-8251","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0800-183-3316","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-800-183-8114","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-805-081-394","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0-808-164-4743","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"0808-189-4081","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"085-208-4376","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"085-208-5236","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"09-75-18-92-61","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"11480248","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1234567567","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"12807848","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-300-596-397","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-300-596-398","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1510072932","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1510159041","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1510160969","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1510245655","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-704-467-8894","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"176363501","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"176363506","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"176391769","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-208-4060","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-208-4060-","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-209-1664","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-214-7440","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-219-713","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-230-6165","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-230-6593","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-236-1513","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-273-5970","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-281-6897","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-284-7304","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-285-6111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-291-7514","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-297-6859","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-316-1942","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-353-2506","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-431-283","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-431-357","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-431-362","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-431-395","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-431-452","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-469-1480","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-473-7579","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-523-8091","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-556-3984","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-569-0786","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-581-607","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-602-312","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-617-3364","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-630-3153","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-640-3506","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-646-717","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-653-1183","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-658-8214","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-683-9841","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-745-9386","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-774-1799","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-775-452","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-826-5638","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-861-585","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-865-9812","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-905-6904","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-949-31","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-953-925","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1800-954-357","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18009568510","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-969-507","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-800-985-5120","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18022255900","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1817-237-9401","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"182886069","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-224-8222","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-248-4555","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-300-5666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-334-8999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-335-1333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-336-8633","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-337-6555","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-337-666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-339-7733","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-399-999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-414-5500","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-414-8800","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1833-425-7961","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-432-7770","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-543-8896","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-706-4400","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-706-8800","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-776-8324","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-783-7700","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-802-2200","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-863-6600","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-870-9054","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-870-9055","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1833-990-7999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-995-1999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-1625","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-1653","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-1712","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-1713","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-1716","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-1751","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-1859","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-1890","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-2560","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-2574","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-2578","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-2629","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-2650","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-2870","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4091","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4098","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4099","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4116","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4203","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4243","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4246","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4249","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4323","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4379","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4473","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4474","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4485","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-200-4486","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-204-9149","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-212-8344","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18442296999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-229-6999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-237-2411","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-237-2411-","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-238-9924","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-240-732","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-241-5999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-241-7912","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-248-2909","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-252-6111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-284-8623","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-301-371","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-305-5027","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-307-1915","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-313-2994","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-313-6006","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-313-9175","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18443189400","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-318-9400","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-326-3137","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-350-4289","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-352-9401","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-366-5999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-370-2707","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-371-8869","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-378-6561","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-378-6777","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-378-6888","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-400-9542","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-411-4922","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-422-5281","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-428-3630","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-470-9939","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-489-6111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-539-5778","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-539-5784","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-542-4107","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1844-554-2336","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-554-2336","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-556-2898","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-556-7758","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-558-1757","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-573-4082","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-577-2888","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-594-0202","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-594-202","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-613-8256","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-613-8256-","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-622-9881","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-651-2555","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-653-8666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-656-1695","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1844-662-9666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-662-9666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-665-6888","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-675-2565","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-675-8730","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-693-9511","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-712-8372","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-712-8372-","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-715-0111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-715-111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-719-6166","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-724-6592","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-730-7111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-743-6449","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-750-6258","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-755-0510","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-775-6410","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-775-8407","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-779-444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1844-781-9888","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-792-2887","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-800-6856","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-801-5941","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-805-0111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-807-4555","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-811-1823","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-811-606","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-816-7270","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-843-5125","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18448559343","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-855-9343","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-858-5647","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-866-408","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"-4212","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-872-1286","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-873-1596","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-882-29","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-885-1444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-891-1947","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-891-4879","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-895-3281","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1845-203-3355","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-845-205-9081","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-845-233-6465","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"184883029","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"184886445","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"184887053","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-850-583-3302","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18552033941","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-203-6745","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18552054077","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-205-4077","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18552054170","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1855-228-920","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-261-444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-269-5777","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-278-5777","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-287-5222","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-297-8444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-302-8333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-307-6690","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-307-6690-","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-307-6697","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-325-1775","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-336-7111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-340-999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-372-4111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-374-9888","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-382-4333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-389-2999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-389-4333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-390-1666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-393-4537","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-400-5988","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-428-2297","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-433-5111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-441-7442","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-441-7646","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-442-4430","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-490-1999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-490-3222","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-501-3222","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-534-8622","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-558-6111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18556221162","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-633-1666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-654-999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-676-6410","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-687-6111","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-697-5333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-707-865","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-718-9786","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-755-0999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-844-199","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-844-8599","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-937-4376","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-955-2511","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18559993678","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1858-386-79","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"186266232","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"186269998","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-202-1086","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-215-1667","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-217-246","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-217-365","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-217-8834","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-217-8835","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-218-3112","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-218-3116","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-249-7329","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-279-9569","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-281-2116","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-338-7786","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-343-8297","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1866-370-410","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-389-1479","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-450-3079","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-497-4002","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-511-7594","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"186653930","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-625-5558","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-626-3808","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-664-7164","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1866-686-7503","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-841-9124","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-866-847-7743","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1870-513-108","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-211-2480","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-217-5947","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-219-1029","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-219-1485","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-219-1996","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-219-5966","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-219-994","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1877-220-3072","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-220-5017","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-220-6098","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-220-8783","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-220-9321","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-220-9962","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-221-1366","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-221-8289","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18772236199","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-224-2895","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-244-0727","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-244-727","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-264-2122","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-268-9059","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-268-9059-","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-293-4440","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1877-393-8186","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-393-8186","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-396-6777","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1877-420-5230","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-433-3061","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-469-2140","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-503-7614","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-509-8343","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-510-5544","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-691-3469","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-750-7842","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-818-5969","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-824-9312","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-836-562","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-843-3339","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-877-863-4795","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-88-450-3444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18882028995","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-202-8995","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18882047932","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-206-1755","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18882093323","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-209-7130","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-210-0673","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18882109250","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-210-9250","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18882158523","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18882193660","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-223-4021","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-223-7642","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18882248590","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-225-465","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18882261173","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-228-4154","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-228-9998","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-231-1966","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-232-2902","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-243-9401","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-244-4119","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-244-4578","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-244-5014","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-244-6132","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-258-6033","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-258-9055","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-267-7999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-268-516","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-270-291","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-271-859","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-279-3119","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-287-0989","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-300-4330","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-302-0646","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18883084902","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18883084903","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18883084972","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-308-4972","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-308-4985","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18883085694","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-309-7042","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18883100770","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18883107656","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-316-5842","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-316-7391","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-316-8777","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-325-1924","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-331-3064","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-334-666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-335-7633","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-346-4666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-351-9666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-372-9389","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-384-3226","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-403-6867","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-412-7333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1888-423-3886","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-423-3886","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-440-3005","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-444-325","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-450-3444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-496-666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-501-9477","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-505-6572","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-521-0529","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-526-7488","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-530-7555","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-545-9220","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-552-5210","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-554-6480","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-554-8205","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-554-8266","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-558-2612","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-589-7758","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-598-7976","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"18886070666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-621-0834","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-651-5889","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-652-1304","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-696-0666","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-728-7333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-728-9143","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-799-0599","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-801-0627","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1888-801-1571","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-801-5424","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-802-2529","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-802-7120","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-804-5441","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-839-9985","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-843-1126","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-844-85","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-858-8356","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-870-3813","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-876-4011","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-879-9789","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-881-9364","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-883-9798","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-884-4139","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-884-6349","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-885-1701","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-885-4967","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-885-8695","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-886-9457","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-887-8691","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-917-5333","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1888-944-6229","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-944-6229","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-888-965-8445","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-925-526-4637","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"2080683410","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"2080687448","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"20-8886480","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"20-888-6480","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"2147483646","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"23-966661","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-025881811","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3215480175","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3225881811","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-2-588-5758","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-2-808-2080","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-2-80-82-114","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-2-80-83-354","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-2-808-5711","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-2-808-5741","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-2-808-5742","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-28-8-44-20","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-28-8-52-42","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"32-28-8-57-41","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3238084491","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3253280459","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3263680469","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3263680484","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3263680580","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33-0176363336","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33176363169","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33-182-888-433","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33-18-28-88-433","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33186269672","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33186269674","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33186650134","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33-805-81-394","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33-805-81-95","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33974591199","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"33975181600","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-518-88-93-96","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-857-880-139","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-857-88-1-41","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34881800","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34918299733","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-921-88-0-17","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-921-88-0-23","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-926-18-0-69","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-927-88-0-45","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-932-20-2-11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-954-5-1-35","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-965-2-17-13","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"34-967-80-5-80","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"358-16-469-1359","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3.58753E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3726682442","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3728803282","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3728803283","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3728807869","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"383758531","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"383758532","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3.90173E+12","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3.90173E+12","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3.9041E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3.90426E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3.90695E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"3.90999E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"41265880437","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"41265880485","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"41325800376","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"41-43-508-74-83","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"41565880326","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"41565880500","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"41717","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"42990","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"42991","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"42992","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"43-2155911","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"43-215-5911","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"43-720902540","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"4.41631E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-163-843-8026","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"4.41722E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-203-808-8593","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-330-808-4617","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-800-48-8166","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-800-86-9326","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-800-86-9374","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-800-88-5062","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"4.48082E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-808-189-764","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"44-870-820-510","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"4532-725-473","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"46101388408","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"46472690807","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"46472690837","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"46775868165","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"48838881236","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"4.98007E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"507-8339138","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"61-1800-431-245","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"61-1800-431-249","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"61-1800-431-259","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"6.118E+11","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"61-1800-581-607","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"61-1800-861-588","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"61-267-111-644","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"64800453791","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"65-31631471","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"6.90144E+12","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"720231278","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"78-75-95-72","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79063411189","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79063446907","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79600569468","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79610485439","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79626057542","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79626057590","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79626059060","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79626059067","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79626059071","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79649583861","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79649813542","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79653906770","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79656518090","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79659167620","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79672278895","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79676190358","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79676190359","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79676190363","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79677229508","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79677263582","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79677280316","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79677280434","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79677280561","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79677281060","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79677281254","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79677281512","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79686616290","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"79688632614","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"8000148581","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"8000418255","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"8000465243","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"8000868271","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"800-242-6157","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"800-257-1671","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"800-276-0340","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"800-279-0225","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"800-552-8133","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"800-552-8162","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"8081011552","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"8081017544","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"8081644738","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"81143615","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"81345902886","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"815880322","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"824689029","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"82888323","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"844-200-1869","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"844-200-3946","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"844-386-8372","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"844-411-4921","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-239-2183","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-297-8444","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-355-5073","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-369-2906","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-391-2888","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-447-0411","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-533-5796","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-624-7504","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-879-8218","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-889-3070","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"855-894-7714","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"857880151","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-256-9876","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-291-8355","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-350-2508","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-371-4328","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-402-1473","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-424-8267","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-433-0852","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-475-9024","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-778-4651","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-809-9055","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-888-0929","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"866-888-1059","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"877-219-6439","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"8772565767","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"877-265-0730","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"877-367-0132","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"877-390-9713","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"877-393-8186","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"877-507-9671","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"877-806-7606","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-223-4021","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-248-8302","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-252-2050","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-267-7999","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-310-3274","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-415-4135","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-442-2565","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-466-6458","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-487-2409","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-545-9209","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-554-8150","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-660-1761","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-694-2164","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-694-2168","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-694-2197","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-795-1528","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-797-8817","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-797-9349","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-797-9350","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-810-5341","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-811-4180","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-829-5571","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-829-5736","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-858-8437","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"900423469","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"900838103","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"900838948","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"900839155","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"900861783","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"900868596","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"91-8979038113","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"970736352","hashMD5":" ","hashSHA1":"","hashSHA256":"","digitalCertThumbprint":" ","sourceIndex":"2651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-855-907-6870","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"2684","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-378-8777","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"2685","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-833-830-7981","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"2690","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"888-493-1190","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"2693","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"966-640-3843","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"2694","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","companyName":"1-844-225-2120","hashMD5":"","hashSHA1":"","hashSHA256":"","sourceIndex":"2695","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor Monitor; CSA ","reference":"","landingPage":"http://support.microsoft.com.traffic-redir.com/v/windows_defender/index.html         ","ipv4":"","ipv6":"","sourceIndex":"2651"},{"howFound":"","reference":"","landingPage":"https://pcsafedataaccess.tk/Call-Windows-SupportFIRIE18449173258/","ipv4":"","ipv6":"","sourceIndex":"2652"},{"howFound":"","reference":"","landingPage":"http://acaridea.icu/story/index.php","ipv4":"","ipv6":"","sourceIndex":"2653"},{"howFound":"","reference":"","landingPage":"http://tuneably.icu/story/index.php","ipv4":"","ipv6":"","sourceIndex":"2654"},{"howFound":"","reference":"","landingPage":"http://ecodeme.club/story/","ipv4":"","ipv6":"","sourceIndex":"2655"},{"howFound":"","reference":"","landingPage":"http://elaeometer.club/story/","ipv4":"","ipv6":"","sourceIndex":"2656"},{"howFound":"","reference":"","landingPage":"http://ubieties.club/story/","ipv4":"","ipv6":"","sourceIndex":"2657"},{"howFound":"","reference":"http://aerohydrous.club/story/","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"2658"},{"howFound":"","reference":"","landingPage":"http://abashless.icu/story/","ipv4":"","ipv6":"","sourceIndex":"2659"},{"howFound":"google search \"Speed Up Your PC in Minutes\"","reference":"","landingPage":"https://storage.googleapis.com/techbuck/restrict-error/index.html","ipv4":"","ipv6":"","sourceIndex":"2660"},{"howFound":"google search \"Speed Up Your PC in Minutes\"","reference":"","landingPage":"https://storage.googleapis.com/techbuck/poisio-error/index.html","ipv4":"","ipv6":"","sourceIndex":"2661"},{"howFound":"google search \"Speed Up Your PC in Minutes\"","reference":"","landingPage":"https://storage.googleapis.com/techbuck/prosys-error/index.html","ipv4":"","ipv6":"","sourceIndex":"2662"},{"howFound":"google search \"Speed Up Your PC in Minutes\"","reference":"","landingPage":"https://storage.googleapis.com/techbuck/reflec-error/index.html","ipv4":"","ipv6":"","sourceIndex":"2663"},{"howFound":"google search \"Speed Up Your PC in Minutes\"","reference":"","landingPage":"https://storage.googleapis.com/techbuck/remain-error/index.html","ipv4":"","ipv6":"","sourceIndex":"2664"},{"howFound":"google search \"Speed Up Your PC in Minutes\"","reference":"","landingPage":"https://storage.googleapis.com/techbuck/secure-error/index.html","ipv4":"","ipv6":"","sourceIndex":"2665"},{"howFound":"google search \"Fix your PC errors\"","reference":"","landingPage":"http://45.76.253.249/code0666s/chrome_win/","ipv4":"","ipv6":"","sourceIndex":"2666"},{"howFound":"google search \"speed up your pc\"","reference":"","landingPage":"https://polloxube.club/ttyy/ty/","ipv4":"","ipv6":"","sourceIndex":"2667"},{"howFound":"google search \"speed up your pc\"","reference":"","landingPage":"https://ubisof143.ga/Call-for-SecurityCH-Issue18773196992/","ipv4":"","ipv6":"","sourceIndex":"2668"},{"howFound":"","reference":"\"apple support alert\"","landingPage":"https://tatoo.world/","ipv4":"","ipv6":"","sourceIndex":"2669"},{"howFound":"","reference":"","landingPage":"callforsupport.club","ipv4":"","ipv6":"","sourceIndex":"2670"},{"howFound":"","reference":"","landingPage":"http://78.141.206.238/callforhelp/CHFIR_sdsddshelpX/","ipv4":"","ipv6":"","sourceIndex":"2671"},{"howFound":"","reference":"","landingPage":"https://4mly6p8.gq/sslvuaxazo/vwan0omarj/iuh3lhpf9n/?p_x=1%20(866)%20534%202263","ipv4":"","ipv6":"","sourceIndex":"2672"},{"howFound":"","reference":"","landingPage":"http://167.71.117.125/systemerror-win-chx/?phone=+1-(888)-441-0439&","ipv4":"","ipv6":"","sourceIndex":"2673"},{"howFound":"","reference":"","landingPage":"http://techsupport24.xyz/scanner-online/urgent/WINxxggddgg6callvv-now1XX/ ","ipv4":"","ipv6":"","sourceIndex":"2674"},{"howFound":"","reference":"","landingPage":"http://167.71.153.147/systemerror-win-chx/?phone=+1-(888)-441-0788&","ipv4":"","ipv6":"","sourceIndex":"2675"},{"howFound":"","reference":"","landingPage":"http://iypfr.j.evangelinepublishing.com/fus/x1dn232324343sasreert343c_CH/","ipv4":"","ipv6":"","sourceIndex":"2676"},{"howFound":"","reference":"","landingPage":"http://157.245.173.84/systemerror-win-chx/?phone=+1-(888)-441-0807&","ipv4":"","ipv6":"","sourceIndex":"2677"},{"howFound":"","reference":"","landingPage":"https://o84be22.gq/56biybld98/ufgf503e6e/47t98n8azj/?p_x=1%20(844)%20510%206166","ipv4":"","ipv6":"","sourceIndex":"2678"},{"howFound":"","reference":"","landingPage":"https://deeamxdqwrexc.cloudfront.net/xxxch72xx88/?phone=09-70-18-13-67&","ipv4":"","ipv6":"","sourceIndex":"2679"},{"howFound":"","reference":"","landingPage":"http://windoshelp.club/Xaxdhjfjdhjdfhjdhfdhfhdhfdh33jh/","ipv4":"","ipv6":"","sourceIndex":"2680"},{"howFound":"","reference":"","landingPage":"http://supporrtioshelp.info/micr/ch/","ipv4":"","ipv6":"","sourceIndex":"2681"},{"howFound":"","reference":"","landingPage":"https://www.authfailedwinalertedsecurity.club/XXMSHelpCallNow1XX/","ipv4":"","ipv6":"","sourceIndex":"2682"},{"howFound":"","reference":"","landingPage":"http://serveronlineservererror.epizy.com/AChfbdsfdsXjhfbjfX/","ipv4":"","ipv6":"","sourceIndex":"2683"},{"howFound":"","reference":"","landingPage":"https://windows-security-alert-malware-found-computer-blocked.s3.us-east-2.amazonaws.com/chrome_win/index.htm","ipv4":"","ipv6":"","sourceIndex":"2684"},{"howFound":"","reference":"(+1-844-378-8777)","landingPage":"https://properseaches.xyz/QEWrsfatSgat354677&TahstAyauQWEueQuaioP1255&1mchTWy/AChfbdsfdsXjhfbjfX/index.html","ipv4":"","ipv6":"","sourceIndex":"2685"},{"howFound":"","reference":"(+1-844-378-8777)","landingPage":"https://socialform.xyz/10.255.255.251/Scanning_Error=215422898&QEWrastAg46573&Code_error=102/AChfbdsfdsXjhfbjfX/index.html","ipv4":"","ipv6":"","sourceIndex":"2686"},{"howFound":"","reference":"(+1-844-378-8777)","landingPage":"https://trackdesign.xyz/102.23.51.11/Scanning_Error=215422898&QEWrastAg46573&Code_error=102/AChfbdsfdsXjhfbjfX/index.html","ipv4":"","ipv6":"","sourceIndex":"2687"},{"howFound":"","reference":"(+1-844-378-8777)","landingPage":"https://utilityrun.xyz/QEWrsfatSgat354677&TahstAyauQWEueQuaioP1255&1mchTWy/AChfbdsfdsXjhfbjfX/index.html","ipv4":"","ipv6":"","sourceIndex":"2688"},{"howFound":"","reference":"(+1-844-378-8777)","landingPage":"https://filterdown.xyz/TASresfga&1254dsgdTArs/Call_For_Help/AChfbdsfdsXjhfbjfX/index.html","ipv4":"","ipv6":"","sourceIndex":"2689"},{"howFound":"","reference":"(+1-833-830-7981)","landingPage":"https://ojhp7od.gq/yicbgk57bk/rjm32uq2kv/is2tze741s/?p_x=1%20(833)%20830%207981","ipv4":"","ipv6":"","sourceIndex":"2690"},{"howFound":"","reference":"(+1-833-830-7981)","landingPage":"https://rwxfa81.gq/yicbgk57bk/rjm32uq2kv/is2tze741s/?p_x=1%20(833)%20830%207981","ipv4":"","ipv6":"","sourceIndex":"2691"},{"howFound":"","reference":"(+1-833-830-7981)","landingPage":"https://rwxfa81.gq/yicbgk57bk/rjm32uq2kv/is2tze741s/?p_x=1%20(855)%20625%200817","ipv4":"","ipv6":"","sourceIndex":"2692"},{"howFound":"","reference":"(888-493-1190)","landingPage":"http://scarehead.tk/story/?pagex=5&s1=rFFzRedYVBTh4eZLJUAPE7YNuoNSolM_PLbGb29lnq7GA4vPd-kp352a61Qia3aopFrQPqcSC_myHebq7jzxbTTaFOf3yEVE1MrCx9dd15HhviWpERI-QlE7kGgRZoSS&os=Windows&browser=Chrome&isp=Comcast%20Cable%20Communications%20inc.&ip=76.22.19.201&geo=US&q1=mwtWocKFYFlWXtCF7LwP2qHLZxWG_JU9ty4WuKjrGfY%2C&q2=H0QEsENb-IPr_ScVbgk16nkqSGstMqwL6X8iduG3qgM,","ipv4":"","ipv6":"","sourceIndex":"2693"},{"howFound":"","reference":"(966-640-3843)","landingPage":"http://aquanaut.gq/story/?pagex=5&s1=ne3tji_hc1cKKKV6smk74YeOwy1G-V03vgFo0rxWT8kNPKYIEqK6L5L5bV4Qdfpo-hqMLUE29w_rEaTv_zm2tmO6ghBveY2ZCuOXrxq8ILLv12b7af30WAbLjO29s0_P&os=Windows&browser=Chrome&isp=Comcast%20Cable%20Communications%20inc.&ip=76.22.19.201&geo=US&q1=nzoKG4GzCxHR5XZ1-GNAaDAbaF0G-BOd_uw1Ju27Rg4%2C&q2=H0QEsENb-IPr_ScVbgk16nkqSGstMqwL6X8iduG3qgM,","ipv4":"","ipv6":"","sourceIndex":"2694"},{"howFound":"","reference":"(+1-844-225-2120)","landingPage":"http://68.183.174.36/systemerror-win-chx/?phone=+&","ipv4":"","ipv6":"","sourceIndex":"2695"}],"sampleFiles":[],"imageFiles":["191004/TechSupportScam-190605/190605/Images/ACR-014/Affiliate_TechSupportScam.PNG","191004/TechSupportScam-190605/190605/Images/ACR-014/014.png","191004/TechSupportScam-190605/190605/Images/ACR-014/ecodeme_club.png","191004/TechSupportScam-190605/190605/Images/ACR-014/elaeometer_club.png","191004/TechSupportScam-190605/190605/Images/ACR-014/ubieties_club.png","191004/TechSupportScam-190605/190605/Images/ACR-014/aerohydrous_club.png","191004/TechSupportScam-190605/190605/Images/ACR-014/abashless_icu.png","191004/TechSupportScam-190605/190605/Images/ACR-014/techbuck_1.png","191004/TechSupportScam-190605/190605/Images/ACR-014/techbuck_2.png","191004/TechSupportScam-190605/190605/Images/ACR-014/techbuck_3.png","191004/TechSupportScam-190605/190605/Images/ACR-014/chrome_win.png","191004/TechSupportScam-190605/190605/Images/ACR-014/polloxube.png","191004/TechSupportScam-190605/190605/Images/ACR-014/ubisof143.png","191004/TechSupportScam-190605/190605/Images/ACR-014/tatoo_world_MAC.png","191004/TechSupportScam-190605/190605/Images/ACR-014/callforsupport_club.png","191004/TechSupportScam-190605/190605/Images/ACR-014/8884410439.png","191004/TechSupportScam-190605/190605/Images/ACR-014/techsupport24.png","191004/TechSupportScam-190605/190605/Images/ACR-014/evangeline.png","191004/TechSupportScam-190605/190605/Images/ACR-014/o84be22.png","191004/TechSupportScam-190605/190605/Images/ACR-014/TSC_1.PNG","191004/TechSupportScam-190605/190605/Images/ACR-014/windoshelp.png","191004/TechSupportScam-190605/190605/Images/ACR-014/supporrtioshelp.png","191004/TechSupportScam-190605/190605/Images/ACR-014/malware_found_computer.png"],"nonDeceptorImageFiles":[],"guid":"ea695015-e655-4796-a3af-0b6a561395c1_190605_1","appID":"TechSupportScam-190605","dateAdded":"191004","deceptorType":"Affiliate","name":"TechSupportScam","company":"Deceptor Call Center","version":"190605","sigName":"Deceptor:Affiliate/TechSupportScam!014","lastKnownStatus":"190930","lastKnownDate":"191004","type":"Affiliate","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-10-04T18:32:15.694722+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2028},{"violations":{"ACR-107":"Download site doesn't obtain proper authorization from the carrier to distribute the software. In this case, it is NMAP\n","ACR-071":"A app needs to provide an option to accept each offers independently by the consumer.\n","ACR-055":"The app does not provide \"Accept/Yes\" and \"Decline/No\" option for the presented offer, needs to be made obvious to the consumer during the installation.\n","ACR-059":"The offer is not marked as Offer, the recommended by \"who\" is not clear.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"nmap-6.49BETA4-setup.exe","isInstaller":"True","hashMD5":"0b156a35abbbbae0460b94dec9e984bf","hashSHA1":"a9f3e5952498179eb5aa95d5d82cafe174c6aff5","hashSHA256":"f852977ad702932864feaf0d5220d12199899df17721b0ec053c8692478b27e0","digitalCertThumbprint":"DC99FD079F14AF05BFA58B601FD0FDD0BCD7C407","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Internet Info s.r.o.","sourceIndex":"2650","avBlockList":["360 Total Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":["Avast Internet Security (20191202)","AVG Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","Malwarebytes Premium (20191202)"]}],"additionalFiles":[],"sources":[{"howFound":"security partner report","reference":"","landingPage":"https://www.slunecnice.cz/sw/nmap-security-scanner/","ipv4":"","ipv6":"","sourceIndex":"2650"}],"sampleFiles":["191004/DMSlunecnice-190915/1.0/Samples/nmap-6.49BETA4-setup.exe"],"imageFiles":["191004/DMSlunecnice-190915/1.0/Images/ACR-055/ACR-055_Inlineoffers_NoAcceptDeclineOptionForOfferedApp.JPG","191004/DMSlunecnice-190915/1.0/Images/ACR-059/ACR-059_Inlineoffers_RecommendedByWhoIsNotClear.JPG","191004/DMSlunecnice-190915/1.0/Images/ACR-071/ACR-071_Inlineoffers_EveryOfferMustHaveAcceptAndDecline.JPG"],"nonDeceptorImageFiles":[],"guid":"9b2c12ac-e20f-4957-9031-3b8fca08cf5a_1.0_1","appID":"DMSlunecnice-190915","dateAdded":"191004","deceptorType":"Bundler","name":"SlunecniceDL","company":"slunecnice.cz","version":"1.0","sigName":"Deceptor:Win32/SlunecniceDL!107055059071","lastKnownStatus":"1.0","lastKnownDate":"191004","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-10-04T23:14:27.3485768+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2029},{"violations":{"ACR-043":"App uses 3rd party scan engine (reason software company) which is not disclosed \n","ACR-107":"App doesn't disclose in document and software that it is authorized to use 3rd party scan engine (reason software company)\n","ACR-048":"App can't be cancelled during install\n","ACR-003":"The sentence \"Your computer is not secure!\" before performing a system scan despite the fact Windows Defender is already present in the computer is exaggerating the consumer to take an action.\n","ACR-004":"The app does not provide a free fix as it performs only system scan and it uses alarming pattern to raise urgency to the consumer\n","ACR-124":"The app shows more than one confirmation prompt for uninstall. \"Yes\" option doesn't work.\n"},"nonDeceptorViolations":{"ACR-065":"The app doesn't provide EULA and PP in software\n","ACR-161":"Unable to verify testimonials\n","ACR-099":"The app does not provide Uninstall information.  \nThe app does not provide Uninstall information.  \n","ACR-035":"The app needs to disclose App's name to the consumer in all the docs.\n","ACR-036":"App fails to disclose its main function that is from 3rd party (reason security)\n"},"samples":[{"isRevoked":"False","fileName":"SegurazoSetup.exe","isInstaller":"True","companyName":"Digital Communications Inc ©","productName":"1.0.6.9","fileVersion":"1.0.6.9","hashMD5":"9117233ba3a15f81b3d84438426d9030","hashSHA1":"7636b9114a227493d34d3255c72827ab4a4ded38","hashSHA256":"6968ea76f8e26b57957509f7c1f49b3e28d6a2d7a44310089c39112a3e5f522b","digitalCertThumbprint":"17815B0EFF321A21E7E854B38EB7AEDBD23396FF","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Digital Communications Inc., O=Digital Communications Inc., STREET=1712 Pioneer Ave, L=Cheyenne, S=Wyoming, PostalCode=82001, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Wyoming, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=2015-000694953","sourceIndex":"418","avBlockList":["360 Total Security (20191111)","Avast Internet Security (20191111)","AVG Internet Security (20191111)","Avira Internet Security (20191111)","Bitdefender Internet Security (20191111)","Dr.Web Security Space (20191111)","ESET Internet Security (20191111)","G DATA INTERNET SECURITY (20191111)","K7 Total Security (20191111)","Kaspersky Internet Security (20191111)","Malwarebytes Premium (20191111)","McAfee Total Protection (20191111)","Norton Security (20191111)","Panda Dome (20191111)","Quick Heal Internet Security (20191111)","Sophos Home Premium (20191111)","Trend Micro Internet Security (20191111)","VIPRE Advanced Security (20191111)","VirIT eXplorer PRO (20191111)","Webroot SecureAnywhere (20191111)","Windows Defender (20191111)"],"avAllowList":["COMODO Antivirus (20191111)","Tencent PC Manager (20191111)"]}],"additionalFiles":[],"sources":[{"howFound":"External partner report ","reference":"","landingPage":"https://www.segurazo.com","directDownloadingLink":"https://www.segurazo.com/pro.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.segurazo.com/pro.html","sourceIndex":"418"}],"sampleFiles":["191001/SegurazoAntivirus-190819/1.0.6.9/Samples/SegurazoSetup.exe"],"imageFiles":["191001/SegurazoAntivirus-190819/1.0.6.9/Images/ACR-043/ACR-043.PNG","191001/SegurazoAntivirus-190819/1.0.6.9/Images/ACR-048/ACR-048.PNG","191001/SegurazoAntivirus-190819/1.0.6.9/Images/ACR-003/ACR-003.PNG","191001/SegurazoAntivirus-190819/1.0.6.9/Images/ACR-124/ACR-124.PNG","191001/SegurazoAntivirus-190819/1.0.6.9/Images/ACR-004/ACR-004.PNG"],"nonDeceptorImageFiles":["191001/SegurazoAntivirus-190819/1.0.6.9/Images/ACR-065/ACR-065.PNG","191001/SegurazoAntivirus-190819/1.0.6.9/Images/ACR-161/ACR-161.PNG"],"guid":"d1a42acc-23cb-4261-8099-8054e20d30f1_1.0.6.9_1","appID":"SegurazoAntivirus-190819","dateAdded":"191001","deceptorType":"App","name":"SegurazoAntivirus","company":"Segurazo","version":"1.0.6.9","sigName":"Deceptor:Win32/SegurazoAntivirus!043048003124004","lastKnownStatus":"1.0.6.9","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-11-05T21:43:59.8556454+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2030},{"violations":{"ACR-048":"During the installation of the app, it is unable to cancel the installation or close the window.\n","ACR-003":"The app identifies virtualbox component and microsoft component as \"High and Medium\" risk issues thus consumer would be removing those components based on the scanned results, this might lead to system corrupt the computer or VMs.\n","ACR-004":"The app does not provide a free fix (failed while fixing the identified issues) as it performs only system scan and it uses alarming pattern to raise urgency to the consumer\n","ACR-124":"During uninstall, the app prompts the consumer to confirm uninstallation more than once.\n"},"nonDeceptorViolations":{"ACR-065":"The app needs to disclose EULA and Privacy Policy in the app's about page.\n","ACR-161":"The testimonials needs to be verifiable.\n","ACR-099":"The landing page does not provide uninstall information.  \nThe app does not provide uninstall information.  \n","ACR-035":"The app needs to disclose app's name to the consumer in all the docs.\n","ACR-036":"App fails to disclose its main function that is from 3rd party (reason security)\n"},"samples":[{"isRevoked":"False","fileName":"SegurazoSetup.exe","isInstaller":"True","companyName":"Digital Communications Inc ©","productName":"Segurazo Antivirus","productVersion":"1.0.6.9","fileVersion":"1.0.6.9","hashMD5":"f569405567d73b19b773530549668a96","hashSHA1":"ed8fb96ffa0b27672e8f3159b6e6ba5cd390ea66","hashSHA256":"8edc1dc6f11fec9999e257fc7c99f9b4bc590f6ac9015f3b5d49f3f90394c642","digitalCertThumbprint":"17815B0EFF321A21E7E854B38EB7AEDBD23396FF","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Digital Communications Inc.","sourceIndex":"419","avBlockList":["360 Total Security (20191226)","Avira Internet Security (20191226)","Bitdefender Internet Security (20191226)","COMODO Antivirus (20191226)","Dr.Web Security Space (20191226)","ESET Internet Security (20191226)","G DATA INTERNET SECURITY (20191226)","K7 Total Security (20191226)","Kaspersky Internet Security (20191226)","Malwarebytes Premium (20191226)","McAfee Total Protection (20191226)","Norton Security (20191226)","Panda Dome (20191226)","Quick Heal Internet Security (20191226)","Sophos Home Premium (20191226)","Tencent PC Manager (20191226)","Trend Micro Internet Security (20191226)","VIPRE Advanced Security (20191226)","VirIT eXplorer PRO (20191226)","Webroot SecureAnywhere (20191226)","Windows Defender (20191226)"],"avAllowList":["Avast Internet Security (20191226)","AVG Internet Security (20191226)"]}],"additionalFiles":[],"sources":[{"howFound":"External partner report ","reference":"","landingPage":"https://www.segurazo.com","directDownloadingLink":"https://www.segurazo.com/pro.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.segurazo.com/pro.html","sourceIndex":"419"}],"sampleFiles":["191001/SegurazoAntivirus-190819/1.0.6.9.x/Samples/SegurazoSetup.exe"],"imageFiles":["191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-048/ACR-048_Install_UnableToCancelInstallation.JPG","191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-003/ACR-003_Software_MisleadingTheUsers.JPG","191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-124/ACR-124_Uninstall_MoreThanOnePromptToUninstall.JPG","191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-004/ACR-004_Software_AlarmingColor.JPG"],"nonDeceptorImageFiles":["191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-065/ACR-065_Software_DoesNotProvideEULAAndPrivacypolicyinTheSoftware.JPG","191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-161/ACR-161_LandingPage_UnableToVerifyTestimonials.JPG","191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-099/ACR-099_LandingPage_NoUninstallInformation.JPG","191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-099/ACR-099_Software_NoUninstallInformation.JPG","191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-035/ACR-035_LandingPage_NeedsToDicloseAppNameInTheDocs.JPG","191001/SegurazoAntivirus-190819/1.0.6.9.x/Images/ACR-036/ACR-036_Docs_NoDisclosureOfThirdPartyInTheDocs.JPG"],"guid":"d1a42acc-23cb-4261-8099-8054e20d30f1_1.0.6.9.x_1","appID":"SegurazoAntivirus-190819","dateAdded":"191001","deceptorType":"App","name":"SegurazoAntivirus","company":"Segurazo","version":"1.0.6.9.x","sigName":"Deceptor:Win32/SegurazoAntivirus!003004048124","lastKnownStatus":"1.0.6.9","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2024-11-05T21:43:34.9402812+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2031},{"violations":{"ACR-003":"App exaggerates the state of system health with alarming colors and gauges for non-alarming categories.\n","ACR-004":"App upsells to a subscription service, but does not provide free fixes for the free scan results shown. App exaggerates free scan results with alarming colors and uses gauges to describe \"improvement potential\".\n","ACR-084":"App does not provide a way to disable the auto-launch of the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-161":"The application's webpage displays testimonial but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The app does not provide a refund policy.\n","ACR-171":"The consumer is required to opt-out of additional payment for Tweak Photos and Special Disk Analysis Tools which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"macpurifier_site.pkg","isInstaller":"True","companyName":"Jawego Partners LLC","productName":"Mac Purifier","productVersion":"1.1.0","fileVersion":"1.1.0","hashMD5":"d96b4006d714ea3c548669f65ab82df3","hashSHA1":"b0ec2e42c03bf77ce066a48f2bd3d4a2fe244d0c","hashSHA256":"baf01fe8b792cac3d7326ff756b06c1de5670365abd313b9761dc29aa2146175","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2562","avBlockList":["Avast Security for Mac (20200116)","Avira Security for Mac (20200116)","Bitdefender Antivirus for Mac (20200116)","ESET Cyber Security Pro for Mac (20200116)","G DATA AntiVirus for Mac (20200116)","Kaspersky Internet Security for Mac (20200116)","Norton Security for Mac (20200116)","Trend Micro Antivirus for Mac (20200116)"],"avAllowList":["K7 Antivirus for Mac (20200116)","McAfee Internet Security for Mac (20200116)","Sophos Home Premium For Mac (20200116)"]},{"isRevoked":"False","fileName":"/Applications/Mac Purifier.app/Contents/MacOS/Mac Purifier","companyName":"Jawego Partners LLC","productName":"Mac Purifier","productVersion":"1.1.0","fileVersion":"1.1.0","hashMD5":"c9ef3349c7faa1a85b1c1fba2f4b988e","hashSHA1":"4939da2c0ecdd414e1cd309ed5eb9699cf75598d","hashSHA256":"a6f14714e6cc93ec3fc9e2c224712e4cf96d1558338d85145a24014113079d15","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2562","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Mac Purifier (2.0)","companyName":"Jawego Partners LLC ","productName":"Mac Purifier","productVersion":"2.0.0","fileVersion":"2.0.0","hashMD5":"8e036cfcb56aa6a683cd7773bb2795db","hashSHA1":"fd5ed039a75b7d09d9e1ee8211eb195b94e180cb","hashSHA256":"59a1ad4f24ca48fd7a8d48124a4f256c3fbda534e458d259dd47b56f197d61ca","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2562","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"maccleanpro_m9jwsite.pkg","isInstaller":"True","companyName":"Jawego Partners LLC ","productName":"Mac Clean Pro","productVersion":"1.1.0","fileVersion":"1.1.0","hashMD5":"39209216b9d232a17ad48db89d6bae90","hashSHA1":"d3b5f725d4903ddfd52276ab602520d0f565501c","hashSHA256":"b1d6c51458e40bf70d0557574d391e8678396847627f867cbe04a9d061a1456a","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2563","avBlockList":["Avast Security for Mac (20200201)","Avira Security for Mac (20200201)","Bitdefender Antivirus for Mac (20200201)","ESET Cyber Security Pro for Mac (20200201)","G DATA AntiVirus for Mac (20200201)","K7 Antivirus for Mac (20200201)","Kaspersky Internet Security for Mac (20200201)","McAfee Internet Security for Mac (20200201)","Norton Security for Mac (20200201)","Trend Micro Antivirus for Mac (20200201)"],"avAllowList":["Sophos Home Premium For Mac (20200201)"]},{"isRevoked":"False","fileName":"/Applications/Mac Clean Pro.app/Contents/MacOS/Mac Clean Pro","companyName":"Jawego Partners LLC ","productName":"Mac Clean Pro","productVersion":"1.1.0","fileVersion":"1.1.0","hashMD5":"b799d96609465fa2103e939aad4f576c","hashSHA1":"90df2af6f665a93e4ae6076b3b71593df3a8e677","hashSHA256":"ee5d124e148a99abab1f6d0e5a16969dd15b0d252cd2dbfcd2f4e36a7de7b848","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2563","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Mac Clean Pro (2.0)","companyName":"Jawego Partners LLC ","productName":"Mac Clean Pro","productVersion":"2.0.0","fileVersion":"2.0.0","hashMD5":"0559697998d53d82a3daa121f9cbb773","hashSHA1":"f24d1ed416439b802b3b1975ee77a9a1fd0d2a7e","hashSHA256":"1a6f5a825815faba6dcb22f486795eb62c14d6f1369614430fa597ed7d07752f","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2563","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"safecleanerformac_site.pkg","isInstaller":"True","companyName":"Jawego Partners LLC ","productName":"Safe Cleaner for Mac","productVersion":"1.1.0","fileVersion":"1.1.0","hashMD5":"9d7305730184d940b2d127fb01a80754","hashSHA1":"e54d59fd2953793e3cad27b659277ef4e62c70b6","hashSHA256":"8e28d7f67f6750ce8b28d8d333f1a739dc1b8654933c9d7985564ad8567e7e08","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2564","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"/Applications/Safe Cleaner for Mac.app/Contents/MacOS/Safe Cleaner for Mac","companyName":"Jawego Partners LLC ","productName":"Safe Cleaner for Mac","productVersion":"1.1.0","fileVersion":"1.1.0","hashMD5":"27dcca109a796af47cffce53ff77b82b","hashSHA1":"e3f54ebcd944c7ccb656a3e6a2619d26dd137850","hashSHA256":"13a816a951b87ef76f350d33a1dcd4d7a1e3df2722babc716c5414144a632760","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2564","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Safe Cleaner for Mac (2.0)","companyName":"Jawego Partners LLC ","productName":"Safe Cleaner for Mac","productVersion":"2.0.0","fileVersion":"2.0.0","hashMD5":"72d955e3f7f469078b37a033d3487095","hashSHA1":"51da3cdd7a9348f57a61d11e207ce729910738f6","hashSHA256":"a33a55bfa47c8bd410d05616e3f576f9af1edcde3e3504bdc93dd43e068f05f1","digitalCertThumbprint":"D5 B1 0D 91 CB 5E 36 D5 4D 90 A3 BC 75 83 7F 81 EB 58 83 B4","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"Jawego Partners LLC (3EJLHU8U5D)","sourceIndex":"2564","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Optimize your Mac\"","reference":"http://www.macpurifier.com/","landingPage":"http://www.macpurifier.com/","directDownloadingLink":"http://cdn.macpurifier.com/js/macpurifier/setups/macpurifier_site.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.macpurifier.com/js/macpurifier/setups/macpurifier_site.pkg","sourceIndex":"2562"},{"howFound":"","reference":"Mac Clean Pro","landingPage":"http://www.maccleanpro.com/","directDownloadingLink":"http://cdn.maccleanpro.com/js/maccleanpro/setup/maccleanpro_m9jwsite.pkg","ipv4":"","ipv6":"","sourceIndex":"2563"},{"howFound":"","reference":"Safe Cleaner For Mac","landingPage":"http://www.safecleanerformac.com","directDownloadingLink":"https://b34df4ra1.vo.llnwd.net/js/safecleanerformac/setup/safecleanerformac_site.pkg","ipv4":"","ipv6":"","sourceIndex":"2564"}],"sampleFiles":["191001/MacPurifier-190927/1.1.0/Samples/macpurifier_site.pkg","191001/MacPurifier-190927/1.1.0/Samples/Mac Purifier","191001/MacPurifier-190927/1.1.0/Samples/Mac Purifier (2.0)","191001/MacPurifier-190927/1.1.0/Samples/maccleanpro_m9jwsite.pkg","191001/MacPurifier-190927/1.1.0/Samples/Mac Clean Pro","191001/MacPurifier-190927/1.1.0/Samples/Mac Clean Pro (2.0)","191001/MacPurifier-190927/1.1.0/Samples/safecleanerformac_site.pkg","191001/MacPurifier-190927/1.1.0/Samples/Safe Cleaner for Mac","191001/MacPurifier-190927/1.1.0/Samples/Safe Cleaner for Mac (2.0)"],"imageFiles":["191001/MacPurifier-190927/1.1.0/Images/ACR-003/scan.png","191001/MacPurifier-190927/1.1.0/Images/ACR-003/main.png","191001/MacPurifier-190927/1.1.0/Images/ACR-003/003.png","191001/MacPurifier-190927/1.1.0/Images/ACR-004/scan.png","191001/MacPurifier-190927/1.1.0/Images/ACR-004/main.png","191001/MacPurifier-190927/1.1.0/Images/ACR-004/004.png","191001/MacPurifier-190927/1.1.0/Images/ACR-004/161.png","191001/MacPurifier-190927/1.1.0/Images/ACR-004/171.png","191001/MacPurifier-190927/1.1.0/Images/ACR-084/084.png","191001/MacPurifier-190927/1.1.0/Images/ACR-014/scan.png","191001/MacPurifier-190927/1.1.0/Images/ACR-168/scan.png"],"nonDeceptorImageFiles":["191001/MacPurifier-190927/1.1.0/Images/ACR-161/161.png","191001/MacPurifier-190927/1.1.0/Images/ACR-171/171.png"],"guid":"aa661de2-4a42-4c0b-82ca-23affa8bc219_1.1.0_1","appID":"MacPurifier-190927","dateAdded":"191001","deceptorType":"MacOS App","name":"Mac Purifier","company":"Jawego Partners LLC","version":"1.1.0","sigName":"Deceptor:MacOS/MacPurifier!003004014048084168","lastKnownStatus":"1.1.0","lastKnownDate":"200203","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-02-04T00:29:05.5774595+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2032},{"violations":{"ACR-003":"App exaggerates the state of system health with alarming colors and gauges for non-alarming categories.\n","ACR-004":"App upsells to a subscription service, but does not provide free fixes for the free scan results shown. App exaggerates free scan results with alarming colors and uses gauges to describe \"improvement potential\".\n","ACR-084":"App does not provide a way to disable the auto-launch of the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-161":"The application's webpage displays testimonial but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"k9-macoptimizer_macsite.pkg","isInstaller":"True","companyName":"THE PHONE SUPPORT PRIVATE LIMITED","productName":"K9-MacOptimizer","productVersion":"9.1.2","fileVersion":"9.1.2","hashMD5":"89798f90a67ff8986021a31b977f8839","hashSHA1":"5fa676ec7913354edadeee525dab3fbf32700fb7","hashSHA256":"5b9733622caf1b8cae3019777ce6e3ea42e69d0611050375e8ccc17e7b0a6e85","digitalCertThumbprint":"A7 1B D5 DF B0 02 D8 4D B9 4C D5 A5 3D 82 88 FF A3 D5 84 EC","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"THE PHONE SUPPORT PRIVATE LIMITED (2H238V5E72)","sourceIndex":"1321","avBlockList":["Avast Security for Mac (20200116)","Avira Security for Mac (20200116)","Bitdefender Antivirus for Mac (20200116)","ESET Cyber Security Pro for Mac (20200116)","G DATA AntiVirus for Mac (20200116)","Kaspersky Internet Security for Mac (20200116)","Sophos Home Premium For Mac (20200116)","Trend Micro Antivirus for Mac (20200116)"],"avAllowList":["K7 Antivirus for Mac (20200116)","McAfee Internet Security for Mac (20200116)","Norton Security for Mac (20200116)"]},{"isRevoked":"False","fileName":"/Applications/K9-MacOptimizer.app/Contents/MacOS/K9-MacOptimizer","companyName":"THE PHONE SUPPORT PRIVATE LIMITED","productName":"K9-MacOptimizer","productVersion":"9.1.2","fileVersion":"9.1.2","hashMD5":"9ee43f451c2ea97f7c48ec7011cbe0ac","hashSHA1":"1f1b545fa923021bdda2218249170456dfad4dad","hashSHA256":"5d443ac7ca510aa4a6d6967acd3f7b6f9e048893d4ae53fa333dcc887488873e","digitalCertThumbprint":"A7 1B D5 DF B0 02 D8 4D B9 4C D5 A5 3D 82 88 FF A3 D5 84 EC","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"THE PHONE SUPPORT PRIVATE LIMITED (2H238V5E72)","sourceIndex":"1321","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"optimize your Mac\"","reference":"http://www.k9macoptimizer.com/","landingPage":"http://www.k9macoptimizer.com/","directDownloadingLink":"http://b34df4ra1.vo.llnwd.net/images/k9tools/k9mo/setups/k9-macoptimizer_macsite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://b34df4ra1.vo.llnwd.net/images/k9tools/k9mo/setups/k9-macoptimizer_macsite.pkg","sourceIndex":"1321"}],"sampleFiles":["191001/K9MacOptimizer-190927/9.1.2/Samples/k9-macoptimizer_macsite.pkg","191001/K9MacOptimizer-190927/9.1.2/Samples/K9-MacOptimizer"],"imageFiles":["191001/K9MacOptimizer-190927/9.1.2/Images/ACR-003/scan.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-003/main.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-003/003.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-004/scan.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-004/main.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-004/004.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-004/161.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-004/buy.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-084/084.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-168/scan.png","191001/K9MacOptimizer-190927/9.1.2/Images/ACR-014/scan.png"],"nonDeceptorImageFiles":["191001/K9MacOptimizer-190927/9.1.2/Images/ACR-161/161.png"],"guid":"590873d0-83a7-4d93-a5b8-5d005cad42af_9.1.2_1","appID":"K9MacOptimizer-190927","dateAdded":"191001","deceptorType":"MacOS App","name":"K9-MacOptimizer","company":"The Phone Support Private Limited","version":"9.1.2","sigName":"Deceptor:MacOS/K9MacOptimizer!003004014084168","lastKnownStatus":"9.1.2","lastKnownDate":"191001","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:47.6173342+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2033},{"violations":{"ACR-004":"App makes claims about junk files, and alerts but does not substantiate them with details. The App perform a free scan even if the trial version is already expired and requiring customer to purchase the app to fix the issues found.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-116":"When uninstalled, it did not delete the main executable file even deleting it manually.\n","ACR-014":"App makes claims about junk files, and alerts but does not substantiate them with details. The App perform a free scan even if the trial version is already expired and requiring customer to purchase the app to fix the issues found.\n"},"nonDeceptorViolations":{"ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"Digital signature is required for one of the main executable \"PC Wiper.exe\" installed.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The app does not provide a refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"makefast-system-cleanup.exe","isInstaller":"True","companyName":"Circuit Software LLC                                        ","fileVersion":"0.0","hashMD5":"6efec1f52cce4f001b6f4a8235f7d6d1","hashSHA1":"76c9d82f5a5e5ef9b77591f4405936175ec8d6aa","hashSHA256":"3b34115a3cc691a74a494a99e3e1aeb25e8dca1dfdccce9580547483c1edf12d","digitalCertThumbprint":"25A4B4857C8F7DD590C2CB5D3AD142E3413CDFFD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Circuit Software LLC, O=Circuit Software LLC, STREET=\"1162 ST, Georges Ave, STE # 314\", L=Avenel, S=NJ, PostalCode=07001-1263, C=US","sourceIndex":"2169","avBlockList":["360 Total Security (20191223)","Avast Internet Security (20191223)","AVG Internet Security (20191223)","Avira Internet Security (20191223)","Bitdefender Internet Security (20191223)","Dr.Web Security Space (20191223)","ESET Internet Security (20191223)","G DATA INTERNET SECURITY (20191223)","K7 Total Security (20191223)","Kaspersky Internet Security (20191223)","Malwarebytes Premium (20191223)","McAfee Total Protection (20191223)","Norton Security (20191223)","Panda Dome (20191223)","Quick Heal Internet Security (20191223)","Sophos Home Premium (20191223)","Tencent PC Manager (20191223)","Trend Micro Internet Security (20191223)","VIPRE Advanced Security (20191223)","VirIT eXplorer PRO (20191223)","Webroot SecureAnywhere (20191223)","Windows Defender (20191223)"],"avAllowList":["COMODO Antivirus (20191223)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Makefast\\System Cleanup\\PC Wiper.exe","fileVersion":"1.0","hashMD5":"79a6e2addd8de0b7a81780cb377067d4","hashSHA1":"d8505fa65cd0d32ead21bc82832df81333130549","hashSHA256":"201b92df64b963cc69018b22d74a8d425396cac607048f493c421b93c060b2cb","sourceIndex":"2169","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"System Cleanup\"","reference":"https://makefast.us/system-cleanup.aspx","landingPage":"https://makefast.us/system-cleanup.aspx","directDownloadingLink":"https://makefast.us/software/makefast-system-cleanup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://makefast.us/software/makefast-system-cleanup.exe","sourceIndex":"2169"}],"sampleFiles":["190930/MakefastSystemCleanup-190927/1.2.00/Samples/makefast-system-cleanup.exe","190930/MakefastSystemCleanup-190927/1.2.00/Samples/PC Wiper.exe"],"imageFiles":["190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-004/scan.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-004/004.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-004/payment.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-014/scan.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-014/014.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-014/004.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-168/main.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-116/116.png"],"nonDeceptorImageFiles":["190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-161/161.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-161/161_2.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-092/092.png","190930/MakefastSystemCleanup-190927/1.2.00/Images/ACR-099/about.png"],"guid":"e6260dcb-1864-47b1-b6d1-6f93b6f9f28d_1.2.00_1","appID":"MakefastSystemCleanup-190927","dateAdded":"190930","deceptorType":"App","name":"Makefast System Cleanup","company":"Circuit Software LLC","version":"1.2.00","sigName":"Deceptor:Win32/MakefastSystemCleanup!004014168116","lastKnownStatus":"1.2.0.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T04:34:37.0868167+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2034},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Win ~PC~ Repair2018 for DESKTOP-8QAR3KI\\mpr.exe","productName":"Booster Tool","productVersion":"1.0.2.4","fileVersion":"1.0.2.4","hashMD5":"ab376ea7354891102f9e1be8f222ae94","hashSHA1":"a7bb5a7de4c029a38a379387fecfb7cc86fad5dd","hashSHA256":"969b160dc66f7c7c7cbf42b051a39337823dcd6b34699d303efeea6b5dc9a45e","digitalCertThumbprint":"B6797750B2F697895114B3F6DDF7F55965EAA5C0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC SPEEDUP TOOIS INC, OU=PC SPEEDUP TOOIS INC, O=PC SPEEDUP TOOIS INC, POBox=302013, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"2375","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"wprsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Win ~PC~ Repair2018                                         ","productVersion":"1.0.2.4                                           ","fileVersion":"1.0.2.4             ","hashMD5":"88ea32d3fac5dfcb34930c2a2a191f5b","hashSHA1":"d87e542890eeeecf59aa0a1d7ba6f78b1f5d47c3","hashSHA256":"6884d61414be27171f36f5337c89bbe261608de1ceb9da8d8c058dca926a4c26","digitalCertThumbprint":"B6797750B2F697895114B3F6DDF7F55965EAA5C0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC SPEEDUP TOOIS INC, OU=PC SPEEDUP TOOIS INC, O=PC SPEEDUP TOOIS INC, POBox=302013, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"2375","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","McAfee Total Protection (20191219)","Norton Security (20191219)","Panda Dome (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","SpyHunter5 (20190429)","Tencent PC Manager (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)","Windows Defender (20191219)"],"avAllowList":["F-PROT Antivirus for Windows (20190429)"]},{"isRevoked":"False","fileName":"wprsetup.exe","isInstaller":"True","productName":"Win ~PC~ Repair2018 ","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b55e6e1b34feff8b27a5aaf4631b6faf","hashSHA1":"4b325939426bfbf42f33cfdd692964c6a410ed01","hashSHA256":"313a7cc3613102ad383c590faca704b27b25a39722d7afdf61a2943f02e77f36","digitalCertThumbprint":"BE29E9F9C2E8FF6D10A69877EA7F8976F1DF7F1C","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Connect AB Infoline Private Limited, O=Connect AB Infoline Private Limited, L=New Delhi, S=Delhi, C=IN","sourceIndex":"2376","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","Bitdefender Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":[]},{"isRevoked":"False","fileName":"wprsetup (3.0.0.30).exe","isInstaller":"True","productVersion":"3.0.0.30","fileVersion":"3.0.0.30","hashMD5":"9676735f93676b24ceab0bee912f3f08","hashSHA1":"b2d661a55dca83e2c5b7f700a5632bb2985bd7db","hashSHA256":"bfdcda88949a080721c3615a3f8c88a666868295d35d4c4156eede880877d82f","digitalCertThumbprint":"DC3371E007CA35CCEDA30986ED41F493EB84A8C0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tune-Up PC Tools, OU=Tune-Up PC Tools, O=Tune-Up PC Tools, POBox=302004, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2377","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":[]},{"isRevoked":"False","fileName":"wprsetup (3.0.0.30) 2.exe","isInstaller":"True","productVersion":"3.0.0.30","fileVersion":"3.0.0.30","hashMD5":"9337f61f88166269a6cf47950a1d54a9","hashSHA1":"cba10542cd9d44b49760c183b76d19257b8a6c0b","hashSHA256":"11de3393dccf7363200d4692ec674fac8699c102b85d4fcb357d6e0fe49e462b","digitalCertThumbprint":"E5EA4480E4236899D0E9279ED30ACCCD4483AC92","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=stellar pc solutions, OU=stellar pc solutions, O=stellar pc solutions, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2378","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","McAfee Total Protection (20191219)","Norton Security (20191219)","Panda Dome (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","Tencent PC Manager (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)","Windows Defender (20191219)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Click the \"Scan now\" button to detect errors and abnormalities\"","reference":"https://www.quickspeedup.store/lp/alfs/?x-context=dEP50HMJLEN09OSFHSLE2I0G&utm_source=msmalfdn&utm_campaign=msmalfdn8&pxl=MSM3551_MSM3479_RUNT&utm_pubid=GHIGHI&x-at=GHIGHIdEP50HMJLEN09OSFHSLE2I0G","landingPage":"https://www.quickspeedup.store/","directDownloadingLink":"http://dl.quickspeedup.store/wpr/securerc/i2/wprsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.quickspeedup.store/wpr/securerc/i2/wprsetup.exe","sourceIndex":"2375"},{"howFound":"","reference":"","landingPage":"http://www.powersyscare.org/","directDownloadingLink":"http://dl.powersyscare.org/wpr/securerc/u4/wprsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2376"},{"howFound":"","reference":"","landingPage":"http://www.superpcutils.co/","directDownloadingLink":"http://dl.superpcutils.co/wpr/securerc/j4/wprsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2377"},{"howFound":"","reference":"","landingPage":"http://supersystools.co/","directDownloadingLink":"http://dl.supersystools.co/wpr/securerc/k4/wprsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2378"},{"howFound":"","reference":"","landingPage":"http://supersystools.com/","directDownloadingLink":"http://dl.supersystools.com/wpr/securerc/k2/wprsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2379"}],"sampleFiles":["190926/WinPCRepair2018-190411/1.0.2.4/Samples/mpr.exe","190926/WinPCRepair2018-190411/1.0.2.4/Samples/wprsetup.exe","190926/WinPCRepair2018-190411/1.0.2.4/Samples/wprsetup (1.0.0.0).exe","190926/WinPCRepair2018-190411/1.0.2.4/Samples/wprsetup (3.0.0.30).exe","190926/WinPCRepair2018-190411/1.0.2.4/Samples/wprsetup (3.0.0.30) 2.exe"],"imageFiles":["190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-042/010.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-048/048.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-003/scan.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-003/main.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-003/048.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-004/scan.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-004/150_171.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-010/010.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-084/084.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-097/startup.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-168/scan.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-168/168.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-057/010.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-055/010.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-059/010.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-161/161.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-099/099.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-150/150_171.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-171/150_171.png","190926/WinPCRepair2018-190411/1.0.2.4/Images/ACR-171/171.png"],"guid":"b61f454b-7a74-440e-8f0e-b3bee8d435c8_1.0.2.4_1","appID":"WinPCRepair2018-190411","dateAdded":"190926","deceptorType":"App","name":"Win PC Repair 2018","company":"PC SPEEDUP TOOIS INC","version":"1.0.2.4","sigName":"Deceptor:Win32/WinPCRepair2018!003004010042048055057059084097155168","lastKnownStatus":"Deceptor:1.0.2.4","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T02:53:53.7265304+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2035},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"CONNECT-AB INFOLINE PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"aupssetup.exe","isInstaller":"True","productName":"Auto ~PC~Speedup","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"a0fd9aca7667d30b0a60aa69b622cc1a","hashSHA1":"8fd34aee1473da4abb5e6857b95aacc6b4bf0077","hashSHA256":"86ab39f23002045ff8c36b853f15d7a9ca5cbb4a71d05835edadfbf6f06159cd","digitalCertThumbprint":"D7B165637EDB82DBE1E50FEC4707A46D6AC642B4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, OU=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2170","avBlockList":["Avast Internet Security (20190302)","AVG Internet Security (20190302)","Avira Internet Security (20190302)","Bitdefender Internet Security (20190302)","ESET Internet Security (20190302)","G DATA INTERNET SECURITY (20190302)","K7 Total Security (20190302)","Kaspersky Internet Security (20190302)","Malwarebytes Premium (20190302)","McAfee Total Protection (20190302)","Norton Security (20190302)","Panda Dome (20190302)","Sophos Home Premium (20190302)","VirIT eXplorer PRO (20190302)","Webroot SecureAnywhere (20190302)","Windows Defender (20190302)"],"avAllowList":["Trend Micro Internet Security (20190302)"]},{"isRevoked":"False","fileName":"iytr.exe","companyName":"n/a","productName":"Booster Tool","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"de68504c6a844d949ac1f25707fe4d7f","hashSHA1":"2ed81d731fd84f976e3896180a3f67b85a16de6d","hashSHA256":"9401aa3f2244f075f5bd757047313940bcf78731a23ba12af9ef1b267b3d2933","digitalCertThumbprint":"D7B165637EDB82DBE1E50FEC4707A46D6AC642B4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, OU=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2170","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aupssetup (3.0.0.37).exe","isInstaller":"True","productName":"Auto-PC Speedup","productVersion":"3.0.0.37","fileVersion":"3.0.0.37","hashMD5":"65bef8a45ebbfe282995898da8057e79","hashSHA1":"16d19610d8bbf60b93aa4ecf34432ccc71030c38","hashSHA256":"401673de6dea086f42b831a8065487ad15a8de74df1d2b6339f77d22284702fa","digitalCertThumbprint":"B603A71CE7F875CF4965EFE9AB63EC327831D0D2","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-CARE-TOOiS, OU=PC-CARE-TOOiS, O=PC-CARE-TOOiS, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2170","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","Bitdefender Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aupssetup (1.0.0.1).exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"223d8b59d458071f54ec80791d5fac6e","hashSHA1":"63d05f8254d2e8845413d19752a3c2cde1e44dc9","hashSHA256":"84530537af2d7b9e7415c63bb88cf605d37076ecfc47b8ff10953fdd1d765c99","digitalCertThumbprint":"D7B165637EDB82DBE1E50FEC4707A46D6AC642B4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, OU=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2170","avBlockList":["360 Total Security (20191209)","Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Quick Heal Internet Security (20191209)","Sophos Home Premium (20191209)","Tencent PC Manager (20191209)","VIPRE Advanced Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)"],"avAllowList":["Trend Micro Internet Security (20191209)"]},{"isRevoked":"False","fileName":"aupssetup (3.0.0.26).exe","isInstaller":"True","productVersion":"3.0.0.26","fileVersion":"3.0.0.26","hashMD5":"05bdd014ed04241b6f7424720f6ce0d9","hashSHA1":"d17608357b1138eaf1cf322756ad74a52e7cc0ef","hashSHA256":"84e2946851512ca2d4e8a79e0e0bd0bae6a91bdfd8b8b8759dc9e4fa71c62b2f","digitalCertThumbprint":"B77509CF95470CBB324D49FC47709AFD983B26A4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB-REACH TECHNOLOGIES PRIVATE LIMITED, O=AB-REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2171","avBlockList":["360 Total Security (20191209)","Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Quick Heal Internet Security (20191209)","Sophos Home Premium (20191209)","Tencent PC Manager (20191209)","Trend Micro Internet Security (20191209)","VIPRE Advanced Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aupssetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"f158d6ab5cafd67ad7e5de986c64565d","hashSHA1":"ea56027d2920cfd27bc7b98f640565c140eacfd3","hashSHA256":"743dbc49b83f8ab1f2505d695fa90c26ccaf5a78d4f8a83ec5123af3e0c5b584","digitalCertThumbprint":"46E6232066541F336C2793BB6E4C85E21183D65C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2173","avBlockList":["360 Total Security (20191202)","Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)","Kaspersky Internet Security (20191202)"],"avAllowList":["Quick Heal Internet Security (20191202)"]},{"isRevoked":"False","fileName":"aupssetup (3.0.0.21).exe","isInstaller":"True","productVersion":"3.0.0.21","fileVersion":"3.0.0.21","hashMD5":"91be7cdf5a5cd4c04bb0c9ae59365b56","hashSHA1":"f62ca72b17d8b497c63cf1e62152a42f7addb64d","hashSHA256":"9151a16273e4f677407709ef969aaa5598a7a9996b5f64bbecdb13f44b33fa91","digitalCertThumbprint":"46E6232066541F336C2793BB6E4C85E21183D65C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2174","avBlockList":["Avast Internet Security (20191010)","AVG Internet Security (20191010)","Avira Internet Security (20191010)","Bitdefender Internet Security (20191010)","COMODO Antivirus (20191010)","Dr.Web Security Space (20191010)","ESET Internet Security (20191010)","G DATA INTERNET SECURITY (20191010)","K7 Total Security (20191010)","Kaspersky Internet Security (20191010)","Malwarebytes Premium (20191010)","McAfee Total Protection (20191010)","Norton Security (20191010)","Panda Dome (20191010)","Quick Heal Internet Security (20191010)","Sophos Home Premium (20191010)","Tencent PC Manager (20191010)","Trend Micro Internet Security (20191010)","VIPRE Advanced Security (20191010)","VirIT eXplorer PRO (20191010)","Webroot SecureAnywhere (20191010)","Windows Defender (20191010)"],"avAllowList":["360 Total Security (20191010)"]},{"isRevoked":"False","fileName":"aupssetup (3.0.0.36).exe","isInstaller":"True","productVersion":"3.0.0.36","fileVersion":"3.0.0.36","hashMD5":"2b1fff14e6883c1663506c4716233dcc","hashSHA1":"b034695a592fd64adfca82ea399330f894fe24b0","hashSHA256":"13d22bb014f6a0dcb9aa3d261bd481a4c05705b1069bf545fbe7deafe18cffad","digitalCertThumbprint":"2F26F29F5F146793B69B04E13828601F12D52347","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TuneUp-PC-Tools, OU=TuneUp-PC-Tools, O=TuneUp-PC-Tools, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2175","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aupssetup (3.0.0.37) 2.exe","isInstaller":"True","productVersion":"3.0.0.37","fileVersion":"3.0.0.37","hashMD5":"4dc3e33384c3952e9912b8f7a871a760","hashSHA1":"38ee20721e0e5c91c3993e93b92d8bf57bc3d1ed","hashSHA256":"ee80a0d46c6624f894a89107f4de93458b6340a75c064aff2bc51049a283ec78","digitalCertThumbprint":"B603A71CE7F875CF4965EFE9AB63EC327831D0D2","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-CARE-TOOiS, OU=PC-CARE-TOOiS, O=PC-CARE-TOOiS, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2176","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","McAfee Total Protection (20191219)","Norton Security (20191219)","Panda Dome (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","Tencent PC Manager (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)","Windows Defender (20191219)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aupssetup (3.0.0.37) 4.exe","isInstaller":"True","productVersion":"3.0.0.37","fileVersion":"3.0.0.37","hashMD5":"33a2d572ad323ca01a777f4c3d4c5b6d","hashSHA1":"e8e5a7df454a7afd83776f30063f1ce6bfac5198","hashSHA256":"f1c1a739ca1907d90f491695bea95c9dcc3783fd690cb35f494044e3939cf41c","digitalCertThumbprint":"2BDA8D4FF957E3742C1D9DEA05CC99C479920C5B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tune-Up PC Tools, OU=Tune-Up PC Tools, O=Tune-Up PC Tools, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2178","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","McAfee Total Protection (20191219)","Norton Security (20191219)","Panda Dome (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","Tencent PC Manager (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)","Windows Defender (20191219)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Sophos","landingPage":"http://smartsysutils.info/ ","directDownloadingLink":"http://dl.smartsysutils.info/aups/securerc/b10/aupssetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.smartsysutils.info/aups/securerc/b10/aupssetup.exe","sourceIndex":"2170"},{"howFound":"","reference":"","landingPage":"http://smartsysutils.com/","directDownloadingLink":"http://dl.smartsysutils.com/aups/securerc/b2/aupssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2171"},{"howFound":"","reference":"","landingPage":"http://smartsysutils.net/","directDownloadingLink":"http://dl.smartsysutils.net/aups/securerc/b8/aupssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2172"},{"howFound":"","reference":"","landingPage":"http://smartsysutils.org/","directDownloadingLink":"http://dl.smartsysutils.org/aups/securerc/b6/aupssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2173"},{"howFound":"","reference":"","landingPage":"http://www.pccleantools.org/","directDownloadingLink":"http://dl.pccleantools.org/aups/securerc/c6/aupssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2174"},{"howFound":"","reference":"","landingPage":"http://www.pccleantools.info/","directDownloadingLink":"http://dl.pccleantools.info/aups/securerc/g8/aupssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2175"},{"howFound":"","reference":"","landingPage":"http://supersystools.net/","directDownloadingLink":"http://dl.supersystools.net/aups/securerc/m2/aupssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2176"},{"howFound":"","reference":"","landingPage":"http://supersystools.org/","directDownloadingLink":"http://dl.supersystools.org/aups/securerc/m4/aupssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2177"},{"howFound":"","reference":"","landingPage":"http://supersystools.info/","directDownloadingLink":"http://dl.supersystools.info/aups/securerc/m6/aupssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2178"}],"sampleFiles":["190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup.exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/iytr.exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup (3.0.0.37).exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup (1.0.0.1).exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup (3.0.0.26).exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup (1.0.0.0).exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup (3.0.0.21).exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup (3.0.0.36).exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup (3.0.0.37) 2.exe","190926/AutoPCSpeedup-181128/1.0.0.1/Samples/aupssetup (3.0.0.37) 4.exe"],"imageFiles":["190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-055/ACR-055_inlineoffer.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-003/ACR-003_software.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-003/ACR-003_software1.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-010/ACR-010_inlineoffer.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-010/ACR-010_adsinsideapp.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-014/ACR-014_software.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-088/ACR-088_software.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-092/ACR-092_software.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-099/ACR-099_landingpage.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-150/ACR-150_internaloffer.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-171/ACR-171_internaloffer.JPG","190926/AutoPCSpeedup-181128/1.0.0.1/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"8e6f0f2c-83e9-4717-b083-0fa9c6095c7f_1.0.0.1_1","appID":"AutoPCSpeedup-181128","dateAdded":"190926","deceptorType":"App","name":"AutoPCSpeedup","company":"Connect AB Infoline","version":"1.0.0.1","sigName":"Deceptor:Win32/AutoPCSpeedup!003010014055059","lastKnownStatus":"Deceptor:1.0.0.1","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T04:32:52.3928002+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2036},{"violations":{"ACR-004":"The App requires customer to purchase the app to fix all non-permanent issues identified during free scan.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The app does not provide a refund policy.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"ComputerJockey (installer).exe","isInstaller":"True","companyName":"Computer Jockey                                             ","productName":"Computer Jockey                                             ","productVersion":"1.0.0.0","fileVersion":"1.0.0.0            ","hashMD5":"1abdc159b87997a036e2afbe424e53e8","hashSHA1":"bc97c5caca9a8e8f3087e3a96951851c10513932","hashSHA256":"f48761189e015f8c4fb7dd8f38c3a9d9eec1574bb264cc9a9535cecd1cb87ef9","digitalCertThumbprint":"67F20B3DC9E7AD39685511D943FC2B6A2E68462C","sourceIndex":"2179","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","McAfee Total Protection (20191219)","Norton Security (20191219)","Panda Dome (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","Tencent PC Manager (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)","Windows Defender (20191219)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Computer Jockey\\computerjockey.exe","productName":"Computer Jockey","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1e645da23145208d20045e8aad6cc9ca","hashSHA1":"4d2b8c25a0e9e5f305b0a8d6a69085ba9a245853","hashSHA256":"7d8940fe1c95d5f45bdd2fc3c06acf477168eed4a6ce5077192567f98860130b","digitalCertThumbprint":"67F20B3DC9E7AD39685511D943FC2B6A2E68462C","sourceIndex":"2179","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"pc cleaner\"","reference":"http://www.computerjockey.net/pc-cleaner-download/","landingPage":"http://www.computerjockey.net","directDownloadingLink":"http://computerjockey.net/download/ComputerJockey.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://computerjockey.net/download/ComputerJockey.exe","sourceIndex":"2179"}],"sampleFiles":["190925/ComputerJockey-190920/1.0/Samples/ComputerJockey (installer).exe","190925/ComputerJockey-190920/1.0/Samples/computerjockey.exe"],"imageFiles":["190925/ComputerJockey-190920/1.0/Images/ACR-004/main.png","190925/ComputerJockey-190920/1.0/Images/ACR-004/004.png","190925/ComputerJockey-190920/1.0/Images/ACR-168/main.png","190925/ComputerJockey-190920/1.0/Images/ACR-168/support.png","190925/ComputerJockey-190920/1.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["190925/ComputerJockey-190920/1.0/Images/ACR-168/168.png","190925/ComputerJockey-190920/1.0/Images/ACR-163/004.png","190925/ComputerJockey-190920/1.0/Images/ACR-099/about.png","190925/ComputerJockey-190920/1.0/Images/ACR-065/install.png","190925/ComputerJockey-190920/1.0/Images/ACR-065/about.png","190925/ComputerJockey-190920/1.0/Images/ACR-161/161.png"],"guid":"eefba6d7-994d-486f-b7b0-47ad9b49829a_1.0_1","appID":"ComputerJockey-190920","dateAdded":"190925","deceptorType":"App","name":"Computer Jockey","company":"365 DAYS ON LLC","version":"1.0","sigName":"Deceptor:Win32/ComputerJockey!004084168","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T04:31:55.384423+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2100},{"violations":{"ACR-003":"The app shows gauges and words, \"errors\", \"issues\", \"poor\" & \"you are no longer protected\" in red/orange/yellow colors that indicates misleading urgency. \n","ACR-004":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. The App perform a free scan even if the trial version is already expired and requiring customer to purchase the app to fix the issues found.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"Digital signature is required for one of the main executable \"quickpctuneup_protection.exe\" installed.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"quickpctuneup(installer).exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"Quick PC Tuneup                                             ","productVersion":"v1.0.0                                            ","fileVersion":"                    ","hashMD5":"c9e46f9c5471741c60e729b61764c229","hashSHA1":"41ac7fadde30c0580cc29dadbf46dd3470d46b38","hashSHA256":"7f9d480378801bc3c9b362d255f094f894a13cae3952499618981e79ee2a9d17","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Econosoft Global Services PTE. LTD., O=Econosoft Global Services PTE. LTD., STREET=\"10 Anson Road, 22-02 International Plaza\", L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201811987R, OID.2.5.4.15=Private Organization","sourceIndex":"2380","avBlockList":["360 Total Security (20191219)","Avast Internet Security (20191219)","AVG Internet Security (20191219)","Avira Internet Security (20191219)","Bitdefender Internet Security (20191219)","COMODO Antivirus (20191219)","Dr.Web Security Space (20191219)","ESET Internet Security (20191219)","G DATA INTERNET SECURITY (20191219)","K7 Total Security (20191219)","Kaspersky Internet Security (20191219)","Malwarebytes Premium (20191219)","McAfee Total Protection (20191219)","Norton Security (20191219)","Panda Dome (20191219)","Quick Heal Internet Security (20191219)","Sophos Home Premium (20191219)","Tencent PC Manager (20191219)","Trend Micro Internet Security (20191219)","VIPRE Advanced Security (20191219)","VirIT eXplorer PRO (20191219)","Webroot SecureAnywhere (20191219)","Windows Defender (20191219)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Quick PC Tuneup\\quickpctuneup.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"Quick PC Tuneup","productVersion":"1.3.0.0","fileVersion":"1.3.0.0","hashMD5":"83c695ef09f0e065ce88ebecf7c9754d","hashSHA1":"992830f5378ade48fe30e0aa5511900939f625ad","hashSHA256":"496fe2686eecd2034c9286df0ca2d1fdf68e0b8e82cf0047a283ca00165b5188","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Econosoft Global Services PTE. LTD., O=Econosoft Global Services PTE. LTD., STREET=\"10 Anson Road, 22-02 International Plaza\", L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=201811987R, OID.2.5.4.15=Private Organization","sourceIndex":"2380","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Quick PC Tuneup\\quickpctuneup_protection.exe","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"Quick PC Tuneup Protection","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"e7f112f66f0cbcaa2753e3b9adc18434","hashSHA1":"e6f2cb016c72f0f894fa11d2e9922d64cb3482d6","hashSHA256":"a20d02ba293c89bf978912d2be65a0506654fef2286fcd48350cb906ca1f4d33","sourceIndex":"2380","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"pc optimizer tool\"","reference":"https://quickpctuneup.com/en/","landingPage":"https://quickpctuneup.com/en/","directDownloadingLink":"https://quickpctuneup.com/downloads/exe/sm/en/quickpctuneup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://quickpctuneup.com/downloads/exe/sm/en/quickpctuneup.exe","sourceIndex":"2380"}],"sampleFiles":["190925/QuickPCTuneup-190923/1.0.0/Samples/quickpctuneup(installer).exe","190925/QuickPCTuneup-190923/1.0.0/Samples/quickpctuneup.exe","190925/QuickPCTuneup-190923/1.0.0/Samples/quickpctuneup_protection.exe"],"imageFiles":["190925/QuickPCTuneup-190923/1.0.0/Images/ACR-003/scan.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-003/004_2.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-003/system_cleaner.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-084/084.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-168/scan.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-004/scan.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-004/004.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-004/004_2.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-004/004_3.png"],"nonDeceptorImageFiles":["190925/QuickPCTuneup-190923/1.0.0/Images/ACR-168/168.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-161/161.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-099/about.png","190925/QuickPCTuneup-190923/1.0.0/Images/ACR-092/092.png"],"guid":"de9dd336-2006-4539-b54b-3b8649f823a8_1.0.0_1","appID":"QuickPCTuneup-190923","dateAdded":"190925","deceptorType":"App","name":"Quick PC Tuneup","company":"Econosoft Global Services PTE. LTD.","version":"1.0.0","sigName":"Deceptor:Win32/QuickPCTuneup!003004084168","lastKnownStatus":"1.0.0.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T02:48:46.5830125+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2099},{"violations":{"ACR-043":"Express installation installs another app: BoostSpeed without disclosing it during installation and in app document\n","ACR-003":"App exaggerates system healthy problems. Fixing them need to install another app BoostSpeed\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Auslogics Registry Cleaner.exe","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"Auslogics Registry Cleaner","productVersion":"6.1.2.0","fileVersion":"6.1.2.0","hashMD5":"db97a521a9928322fde59241563bf63b","hashSHA1":"1e5c7dd2e8ce0fa1c680ad093efcb119c5d89961","hashSHA256":"9175606fdd7232fff82f8380048611553b6ce32f4640d5c4e2664c73dd84e053","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"2876","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"https://www.pissedconsumer.com/auslogics/RT-F.html","landingPage":"https://www.auslogics.com/en/software/registry-cleaner/","directDownloadingLink":"http://static.auslogics.com/en/registry-cleaner/registry-cleaner-setup.exe","ipv4":"198.232.127.32","directDownloadingLinkWildChar":"http://static.auslogics.com/en/registry-cleaner/registry-cleaner-setup.exe","sourceIndex":"2876"}],"sampleFiles":[],"imageFiles":["190822/D-RegistryCleaner-00007/6.1/Images/ACR-003/Exaggerated_system_health.PNG","190822/D-RegistryCleaner-00007/6.1/Images/ACR-043/Downloads_and_installs_software_without_informing.PNG"],"nonDeceptorImageFiles":[],"guid":"70afce65-061b-4b83-96f8-21b4c418e47b_6.1_1","appID":"D-RegistryCleaner-00007","dateAdded":"190920","deceptorType":"App","name":"Registry Cleaner","company":"Auslogics Labs Pty Ltd","version":"6.1","sigName":"Deceptor:Win32/RegistryCleaner!043003","firstResolvedVersion":"8.1.0.0.x(SHA256:0666E60CC8A805D72C70EA36380D7BEF9356EFBB26BE26ABB200CAA54EDAF302)","resolved":"TRUE","lastKnownStatus":"Deceptor:6.1.2.0;8.0.0.2;8.1.0.0","lastKnownDate":"190920","type":"Windows Executable","lastUpdate":"2019-09-20T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2102},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Ab Reach Technologies Private Limited\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-171":" The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"ppcsetup.exe","isInstaller":"True","productName":"Power PC Care 2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1a60f73782e87ab504ebe25232640c79","hashSHA1":"d12c60319a4507576d50b56b09d6b81d30f35282","hashSHA256":"d99604a24c723776b7aeebffb6c730a3eeaa8bff32225ff56cd3bee7917ddea8","digitalCertThumbprint":"9D5D3D50AAB2029AD194B1419C0B47FA9D30581E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ab Reach Technologies Private Limited, O=Ab Reach Technologies Private Limited, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=JAIPUR, S=RAJASTHAN, PostalCode=110092, C=IN","sourceIndex":"3563","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ptcr.exe","companyName":"n/a","productName":"Booster Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4dd4a32bff1d07942292292360b0a3bd","hashSHA1":"d15545e8f5736691ab212ae3574e7a3226449ed1","hashSHA256":"398d99da357f58699bf6f6ba4b60bee483334403d6565c0cd9761c01de59be73","digitalCertThumbprint":"9D5D3D50AAB2029AD194B1419C0B47FA9D30581E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ab Reach Technologies Private Limited, O=Ab Reach Technologies Private Limited, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=JAIPUR, S=RAJASTHAN, PostalCode=110092, C=IN","sourceIndex":"3563","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword: fix pc 2018 privacy policy)","landingPage":"http://www.systemlogics.org/","directDownloadingLink":"http://dl.systemlogics.org/ppc/securerc/b2/ppcsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.systemlogics.org/ppc/securerc/b2/ppcsetup.exe","sourceIndex":"3563"}],"sampleFiles":["180904/PowerPCCare2018-180203/1.0.0.0/Samples/ppcsetup.exe","180904/PowerPCCare2018-180203/1.0.0.0/Samples/ptcr.exe"],"imageFiles":["180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180904/PowerPCCare2018-180203/1.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"ed217870-d5b9-4125-8e60-5a48b0136b20_1.0.0.0_1","appID":"PowerPCCare2018-180203","dateAdded":"190920","deceptorType":"App","name":"Power PC Care 2018","company":"Ab Reach Technologies Private Limited","version":"1.0.0.0","sigName":"Deceptor:Win32/PowerPCCare2018!003010055059","lastKnownStatus":"Deceptor:1.0.0.0,3.0.0.33","lastKnownDate":"190920","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2019-09-20T00:00:00+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":2,"sortOrder":2039},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Ab Reach Technologies Private Limited\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-171":" The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"ppcsetup.exe","isInstaller":"True","fileVersion":"3.0","hashMD5":"6e9edf3a8581f9899856736b33282722","hashSHA1":"8e07daf28d45d77e8aa9b3d1fcf5b0ad1bd529d7","hashSHA256":"a06de6b394b5a97d4d01c039c005f886246ae0d9cc4a636ed7be5b58c28e790c","digitalCertThumbprint":"9D5D3D50AAB2029AD194B1419C0B47FA9D30581E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ab Reach Technologies Private Limited, O=Ab Reach Technologies Private Limited, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=JAIPUR, S=RAJASTHAN, PostalCode=110092, C=IN","sourceIndex":"2701","avBlockList":["Avast Internet Security (20191216)","AVG Internet Security (20191216)","Avira Internet Security (20191216)","Bitdefender Internet Security (20191216)","ESET Internet Security (20191216)","G DATA INTERNET SECURITY (20191216)","K7 Total Security (20191216)","Kaspersky Internet Security (20191216)","Malwarebytes Premium (20191216)","McAfee Total Protection (20191216)","Norton Security (20191216)","Panda Dome (20191216)","Sophos Home Premium (20191216)","Trend Micro Internet Security (20191216)","VirIT eXplorer PRO (20191216)","Webroot SecureAnywhere (20191216)","Windows Defender (20191216)","360 Total Security (20191216)","COMODO Antivirus (20191216)","Dr.Web Security Space (20191216)","Tencent PC Manager (20191216)","VIPRE Advanced Security (20191216)"],"avAllowList":["Quick Heal Internet Security (20191216)"]},{"isRevoked":"False","fileName":"ppcsetup (3.0.2.48).exe","isInstaller":"True","productName":"Power~PC-Care","productVersion":"3.0.2.48","fileVersion":"3.0.2.48","hashMD5":"84560cff1098e67333f9eba6273b2a29","hashSHA1":"247d3059268d7472f423f9c3071a210174896ef8","hashSHA256":"3e917ebd73581363b09e9ebe32c664b6716f8be966f6f6b991605a1ec4798f78","digitalCertThumbprint":"BC8E2ABB13988EDC4BF8A8C131B978BB15521DEC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2705","avBlockList":["Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Trend Micro Internet Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["360 Total Security (20190815)","Bitdefender Internet Security (20190815)","Tencent PC Manager (20190815)","VIPRE Advanced Security (20190815)"]},{"isRevoked":"False","fileName":"ppcsetup (3.0.0.26).exe","isInstaller":"True","productVersion":"3.0.0.26","fileVersion":"3.0.0.26","hashMD5":"82d81da6e3372a06d75f3d2097d1bed9","hashSHA1":"03b903cbe168e527ebd7b0e0e616e4ff6820f834","hashSHA256":"8b4dc7a64863c7b040845cd44dea8811d75a936a868bdff9fd871493809adeb9","digitalCertThumbprint":"423982B7ECAD4E1CDF57702DF4B0D7C205B88689","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WHlZSOFT SERVICES, OU=WHlZSOFT SERVICES, O=WHlZSOFT SERVICES, POBox=303802, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2706","avBlockList":["360 Total Security (20191202)","Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":["Quick Heal Internet Security (20191202)"]},{"isRevoked":"False","fileName":"ppcsetup (3.0.0.36).exe","isInstaller":"True","productVersion":"3.0.0.36","fileVersion":"3.0.0.36","hashMD5":"285bbceb5f44c1d4aa2ecc91fc6bcb55","hashSHA1":"62dd464827e751052e6af4e83a1a9f4dba5e2060","hashSHA256":"5bc0e8f0a48df747a0ecbbd80f9c148d6e26f6ab84875161be3295a26babbe79","digitalCertThumbprint":"423982B7ECAD4E1CDF57702DF4B0D7C205B88689","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WHlZSOFT SERVICES, OU=WHlZSOFT SERVICES, O=WHlZSOFT SERVICES, POBox=303802, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2707","avBlockList":["360 Total Security (20191216)","Avast Internet Security (20191216)","AVG Internet Security (20191216)","Avira Internet Security (20191216)","Bitdefender Internet Security (20191216)","COMODO Antivirus (20191216)","Dr.Web Security Space (20191216)","ESET Internet Security (20191216)","G DATA INTERNET SECURITY (20191216)","K7 Total Security (20191216)","Kaspersky Internet Security (20191216)","Malwarebytes Premium (20191216)","McAfee Total Protection (20191216)","Norton Security (20191216)","Panda Dome (20191216)","Quick Heal Internet Security (20191216)","Sophos Home Premium (20191216)","Tencent PC Manager (20191216)","Trend Micro Internet Security (20191216)","VIPRE Advanced Security (20191216)","VirIT eXplorer PRO (20191216)","Webroot SecureAnywhere (20191216)","Windows Defender (20191216)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword: fix pc 2018 privacy policy)","landingPage":"http://www.systemlogics.org/","directDownloadingLink":"http://dl.systemlogics.org/ppc/securerc/b2/ppcsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.systemlogics.org/ppc/securerc/b2/ppcsetup.exe","sourceIndex":"2701"},{"howFound":"Hunt.Update","reference":"bad affilliate","landingPage":"http://www.microsoft.com-fix-windows.live/tonic2","directDownloadingLink":"https://www.techypctools.info/lp/fxmrkt/?x-context=wE989CTDN2K0B31I1F0LJMJM&utm_source=wfxmrkt&utm_campaign=wfxmrkt&pxl=WFX3591_WFX3519_RUNT&utm_pubid=&x-at=XXXXX&override=1","ipv4":"","ipv6":"","landingPageWildChar":"http://www.microsoft.com-repair-windows.live/tonic*","directDownloadingLinkWildChar":"https://www.techypctools.info/*","sourceIndex":"2702"},{"howFound":"Hunt.Update","reference":"bad affiliate","landingPage":"http://www.microsoft.com-repair-windows.live/tonic2","directDownloadingLink":"https://www.techypctools.info/lp/fxmrkt/?x-context=wA1GQ9POPBQQIC1I1IGCE4H8&utm_source=wfxmrkt&utm_campaign=wfxmrkt&pxl=WFX3591_WFX3519_RUNT&utm_pubid=&x-at=XXXXX&override=1","ipv4":"","ipv6":"","landingPageWildChar":"http://www.microsoft.com-repair-windows.live/tonic*","directDownloadingLinkWildChar":"https://www.techypctools.info/*","sourceIndex":"2703"},{"howFound":"","reference":"","landingPage":"http://sdpcutils.club/","directDownloadingLink":"http://dl.sdpcutils.club/ppc/securerc/sdpcutils_club/ppcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2704"},{"howFound":"","reference":"","landingPage":"http://www.tunepcsoftutils.live/","directDownloadingLink":"http://dl.tunepcsoftutils.live/ppc/securerc/tunepcsoftutils_live/ppcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2705"},{"howFound":"","reference":"","landingPage":"http://www.onesysutils.info/","directDownloadingLink":"http://dl.onesysutils.info/ppc/securerc/c2/ppcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2706"},{"howFound":"","reference":"","landingPage":"http://onesysutils.biz/","directDownloadingLink":"http://dl.onesysutils.biz/ppc/securerc/c4/ppcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2707"}],"sampleFiles":["190920/PowerPCCare2018-180203/3.0.0.33/Samples/ppcsetup.exe","190920/PowerPCCare2018-180203/3.0.0.33/Samples/ppcsetup (3.0.2.48).exe","190920/PowerPCCare2018-180203/3.0.0.33/Samples/ppcsetup (3.0.0.26).exe","190920/PowerPCCare2018-180203/3.0.0.33/Samples/ppcsetup (3.0.0.36).exe"],"imageFiles":["190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-088/ACR_088_SOFTWARE.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-092/ACR_092_SOFTWARE.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","190920/PowerPCCare2018-180203/3.0.0.33/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"ed217870-d5b9-4125-8e60-5a48b0136b20_3.0.0.33_1","appID":"PowerPCCare2018-180203","dateAdded":"190920","deceptorType":"App","name":"Power PC Care 2018","company":"Ab Reach Technologies Private Limited","version":"3.0.0.33","sigName":"Deceptor:Win32/PowerPCCare!003010055059","lastKnownStatus":"Deceptor:1.0.0.0,3.0.0.33","lastKnownDate":"190920","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2019-09-20T21:20:46.7542833+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":2,"sortOrder":2038},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"globalsoft logics\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"pscsetup.exe","isInstaller":"True","productName":"Power- System-Care","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"39ae38d0ed8d4df0f9ea2f5f269324e4","hashSHA1":"aa8d3c9df4ce02a005c0030233353c01ed80a132","hashSHA256":"50954ebbc7b5d4ca3ca909ca8b43ee75b3c35d261123d32a37ecea2b1a2a27d3","digitalCertThumbprint":"41100EE16D33910FE21F3EA890CD67A58C7869C3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=globalsoft logics, OU=globalsoft logics, O=globalsoft logics, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2699","avBlockList":["Avast Internet Security (20191216)","AVG Internet Security (20191216)","Avira Internet Security (20191216)","Bitdefender Internet Security (20191216)","ESET Internet Security (20191216)","G DATA INTERNET SECURITY (20191216)","K7 Total Security (20191216)","Kaspersky Internet Security (20191216)","Malwarebytes Premium (20191216)","McAfee Total Protection (20191216)","Norton Security (20191216)","Panda Dome (20191216)","Sophos Home Premium (20191216)","Trend Micro Internet Security (20191216)","VirIT eXplorer PRO (20191216)","Webroot SecureAnywhere (20191216)","Windows Defender (20191216)","360 Total Security (20191216)","COMODO Antivirus (20191216)","Dr.Web Security Space (20191216)","Quick Heal Internet Security (20191216)","Tencent PC Manager (20191216)","VIPRE Advanced Security (20191216)"],"avAllowList":[]},{"isRevoked":"False","fileName":"iytr.exe","companyName":"n/a","productName":"PC Tool","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"c5e9cd14bb13640979c66475a82f34e3","hashSHA1":"cccf137506aad9077977f95a14590d14308c8d47","hashSHA256":"24d2d8149d19bc0e93cd43aaf6db0b729535a21cfde55a23809258c0da25fbfd","digitalCertThumbprint":"41100EE16D33910FE21F3EA890CD67A58C7869C3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=globalsoft logics, OU=globalsoft logics, O=globalsoft logics, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2699","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pscsetup (3.0.0.8).exe","isInstaller":"True","productName":"Power System Care","productVersion":"3.0.0.8","fileVersion":"3.0.0.8","hashMD5":"3074552c32de0dc2367d3209665572ee","hashSHA1":"5fe37e29e37427102e3f5335e191a6025708855f","hashSHA256":"c919f54fec47b7fdb159113f2909afa6471f45b127350903d747adcd781a531a","digitalCertThumbprint":"AB68CFDD1B9C9E4A003AE6807ADD93762677FA26","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=adroit pc solutions, OU=adroit pc solutions, O=adroit pc solutions, POBox=333028, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2700","avBlockList":["360 Total Security (20191216)","Avast Internet Security (20191216)","AVG Internet Security (20191216)","Avira Internet Security (20191216)","Bitdefender Internet Security (20191216)","COMODO Antivirus (20191216)","Dr.Web Security Space (20191216)","ESET Internet Security (20191216)","G DATA INTERNET SECURITY (20191216)","K7 Total Security (20191216)","Kaspersky Internet Security (20191216)","Malwarebytes Premium (20191216)","McAfee Total Protection (20191216)","Norton Security (20191216)","Panda Dome (20191216)","Quick Heal Internet Security (20191216)","Sophos Home Premium (20191216)","Tencent PC Manager (20191216)","Trend Micro Internet Security (20191216)","VIPRE Advanced Security (20191216)","VirIT eXplorer PRO (20191216)","Webroot SecureAnywhere (20191216)","Windows Defender (20191216)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword :\"We collect information through active as well as passive manners.\")","landingPage":"http://www.powersyscare.net/","directDownloadingLink":"http://dl.powersyscare.net/psc/securerc/b10/pscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.powersyscare.net/psc/securerc/b10/pscsetup.exe","sourceIndex":"2699"},{"howFound":"","reference":"Power System Care","landingPage":"http://www.superpcutils.info/","directDownloadingLink":"http://dl.superpcutils.info/psc/securerc/u2/pscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2700"}],"sampleFiles":["190920/PowerSystemCare2018-180903/2.0.0.0/Samples/pscsetup.exe","190920/PowerSystemCare2018-180903/2.0.0.0/Samples/iytr.exe","190920/PowerSystemCare2018-180903/2.0.0.0/Samples/pscsetup (3.0.0.8).exe"],"imageFiles":["190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-014/ACR_014_SOFTWARE.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","190920/PowerSystemCare2018-180903/2.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"e6f4c3c7-67c5-4eab-8ca8-0b5a622f05b9_2.0.0.0_1","appID":"PowerSystemCare2018-180903","dateAdded":"190920","deceptorType":"App","name":"Power System Care","company":"Ab Reach Technologies Private Limited","version":"2.0.0.0","sigName":"Deceptor:Win32/PowerSystemCare2018!003010014055059","lastKnownStatus":"Deceptor:2.0.0.0","lastKnownDate":"190920","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2019-09-20T21:32:01.8420775+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2037},{"violations":{"ACR-004":"The app uses meters to show the severity of issues identified. It implies the potential high severe issues can be found in registry items, this is misleading.\n","ACR-010":"App promotes “AuslogicsDriverUpdater”, which is deceptor app (version 1.21.2.0)\n","ACR-014":"The app uses exaggerated words like  \"Problems\" and \"errors\" to describe the invalid registry items identified. It delivers misleading and unfair information to user.\n","ACR-055":"App fails to provide separate Decline/Accept options for offered app from its installation flow. Clicking \"Next\" will include offered app by default is misleading\n","ACR-059":"The offers are not marked as Offer clearly in app offer pages.\n"},"nonDeceptorViolations":{"ACR-017":"App uses unverifiable endorsement logo/rate that misleads user.\n"},"samples":[{"isRevoked":"False","fileName":"registry-cleaner-setup.exe","isInstaller":"True","companyName":"Auslo˜gics                                                  ","productName":"Auslo˜gics Registry˜ Cleaner                                ","productVersion":"8.0.0.2                                           ","fileVersion":"8.x                 ","hashMD5":"6e829aad5afa85e0c10eb2eec640f9f0","hashSHA1":"33d3a611eaddc738e1609db2537f8be902a17222","hashSHA256":"9f15f89675d577494166f7f45553dc6cdd1a0785772112da527cd461f0877592","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"2877","avBlockList":["Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)"],"avAllowList":["360 Total Security (20190905)","Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","Kaspersky Internet Security (20190905)","Sophos Home Premium (20190905)","Tencent PC Manager (20190905)","Trend Micro Internet Security (20190905)","VIPRE Advanced Security (20190905)","Windows Defender (20190905)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment; resolved deceptor re-check","reference":"https://www.pissedconsumer.com/auslogics/RT-F.html","landingPage":"https://www.auslogics.com/en/software/registry-cleaner/","directDownloadingLink":"http://static.auslogics.com/en/registry-cleaner/registry-cleaner-setup.exe","ipv4":"198.232.127.32","directDownloadingLinkWildChar":"http://static.auslogics.com/en/registry-cleaner/registry-cleaner-setup.exe","sourceIndex":"2877"}],"sampleFiles":["190822/D-RegistryCleaner-00007/8.0.0.2/Samples/registry-cleaner-setup.exe"],"imageFiles":["190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-055/ACR-055_Install_AcceptOptionNotObvious (1).JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-055/ACR-055_Install_AcceptOptionNotObvious (2).JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-014/ACR-014_Software_AppExaggerates.JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-014/ACR-014_Software_AppExaggerates1.JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-014/ACR-014_Software_AppExaggerates2.JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-014/ACR-014_Software_AppExaggerates3.JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-014/ACR-014_Software_AppExaggerates4.JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-014/ACR-014_Software_AppExaggerates5.JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-014/ACR-014_Software_AppExaggerates6.JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-004/ACR-004_Software_RaisesUrgency.JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-059/ACR-059_In-BundleOffers_RecommendedByWhoIsNotClear (2).JPG","190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-059/ACR-059_In-BundleOffers_RecommendedByWhoIsNotClear1.JPG"],"nonDeceptorImageFiles":["190822/D-RegistryCleaner-00007/8.0.0.2/Images/ACR-017/ACR-017_LandingPage_MisleadingLogo.JPG"],"guid":"70afce65-061b-4b83-96f8-21b4c418e47b_8.0.0.2_1","appID":"D-RegistryCleaner-00007","dateAdded":"190920","deceptorType":"App","name":"Registry Cleaner","company":"Auslogics Labs Pty Ltd","version":"8.0.0.2","sigName":"Deceptor:Win32/AuslogicsRegistryCleaner!010055014004059","firstResolvedVersion":"8.1.0.0.x(SHA256:0666E60CC8A805D72C70EA36380D7BEF9356EFBB26BE26ABB200CAA54EDAF302)","resolved":"TRUE","lastKnownStatus":"Deceptor:6.1.2.0;8.0.0.2;8.1.0.0","lastKnownDate":"190920","type":"Windows Executable","lastUpdate":"2019-09-20T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2103},{"violations":{"ACR-004":"The app uses color meter/gauge to show the severity of issues identified in all categories. It implies that potential high severe issues can be found in registry items, this is misleading.\n","ACR-010":"The offered app “Auslogics Boostspeed” contains deceptive behavior. The carrier app needs to make sure that the offered app doesn’t have any deceptive behavior.\n","ACR-059":"The offer is not marked as Offer, the recommended by \"who\" is not clear. The app should Change to “Recommended by Auslogics” or add at least “Offer” to clearly mark it as an offer.\n"},"nonDeceptorViolations":{"ACR-161":"App includes many testimonials that are not verifiable.\n","ACR-017":"App uses unverifiable endorsement logo/rate that misleads user.\n"},"samples":[{"isRevoked":"False","fileName":"registry-cleaner-setup.exe","isInstaller":"True","companyName":"Auslo˜gics                                                  ","productName":"Auslo˜gics Registry Cle˜aner                                ","productVersion":"8.1.0.0                                           ","fileVersion":"8.x                 ","hashMD5":"b5496f0b684dd4f4e11af24340b3250a","hashSHA1":"0056490be480c61637ac5e48d264542f87f13553","hashSHA256":"3a037a0b716f623b0eaff785a896776079d13b9227d7c0b79e6dca2e7739edbc","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"2696","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"https://www.pissedconsumer.com/auslogics/RT-F.html","landingPage":"https://www.auslogics.com/en/software/registry-cleaner/","directDownloadingLink":"http://static.auslogics.com/en/registry-cleaner/registry-cleaner-setup.exe","ipv4":"198.232.127.32","directDownloadingLinkWildChar":"http://static.auslogics.com/en/registry-cleaner/registry-cleaner-setup.exe","sourceIndex":"2696"}],"sampleFiles":["190920/D-RegistryCleaner-00007/8.1.0.0/Samples/registry-cleaner-setup.exe"],"imageFiles":["190920/D-RegistryCleaner-00007/8.1.0.0/Images/ACR-010/ACR-010_InBundleOffer_OfferIsNotClear.JPG","190920/D-RegistryCleaner-00007/8.1.0.0/Images/ACR-004/ACR-004_Software_RaisesUrgency.JPG","190920/D-RegistryCleaner-00007/8.1.0.0/Images/ACR-059/ACR-059_InBundleOffer_OfferIsNotClear.JPG"],"nonDeceptorImageFiles":["190920/D-RegistryCleaner-00007/8.1.0.0/Images/ACR-017/ACR-017_LandingPage_LogoNeedsToBeVerifiable.JPG","190920/D-RegistryCleaner-00007/8.1.0.0/Images/ACR-161/ACR-161_LandingPage_TestimonialsNeedsToBeVerifiable.JPG"],"guid":"70afce65-061b-4b83-96f8-21b4c418e47b_8.1.0.0_1","appID":"D-RegistryCleaner-00007","dateAdded":"190920","deceptorType":"App","name":"Registry Cleaner","company":"Auslogics Labs Pty Ltd","version":"8.1.0.0","firstResolvedVersion":"8.1.0.0.x(SHA256:0666E60CC8A805D72C70EA36380D7BEF9356EFBB26BE26ABB200CAA54EDAF302)","resolved":"TRUE","lastKnownStatus":"Deceptor:6.1.2.0;8.0.0.2;8.1.0.0","lastKnownDate":"190920","type":"Windows Executable","lastUpdate":"2019-10-02T18:18:17.2508564+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2101},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic\n","ACR-097":"Qbit keeps changing its signing cert and application name and home page to evade blocking by security products. Example home page:\n\nhttp://www.mbitspcutils.club/\nhttp://www.qbitspeedytool.club/\nhttp://www.qbitboostnow.club/\nhttp://www.qbitcleanpc.xyz\nhttp://tunepc.xyz/\nhttp://qbitpcutils.xyz/\nhttp://www.qbitmypctools.club/\nhttp://www.opcspeedtools.club/\nhttp://www.tunetoppctool.club\nhttp://www.tunepcutils.live/\n\nexample signing cert:\n0c97fad2205b97b8ec62cbb0ea7b7da172b5cbbc\n9a1eda89340461c3684a1c5567f30e181aadf310\nad415220b846ee9ad01dd706b30d466318e00d6f\ne4660f629aa5bc2d2889514f25e8885063fbd1bd\n597edd49ddc0246c4d6f1042dc5976a4081e634e\n074067b0c482d950e072960711723313080fd305\n\n"},"nonDeceptorViolations":{"ACR-003":"Displays fake threat scamming message and scare user to download additional application to clean up.\n"},"samples":[{"isRevoked":"False","fileName":"qbpssetup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"8f18c8858c1572d82e4a1031ec361dca","hashSHA1":"16c2d639c43550952e91d491b8f1cfb8a4ae59e4","hashSHA256":"c2236c93ad4bcc59a16175d698d3240580d12be3ec15394a0b169dcdf6c70660","digitalCertThumbprint":"EAE1B1CCBDBF4E8D74CE59C0FDA20C1438404AF0","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GENNEXT PC LOGICS, OU=IT, O=GENNEXT PC LOGICS, POBox=333028, STREET=WARD NUMBER 12 SULTANA, L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Avira Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":["Trend Micro Internet Security (20190610)"]},{"isRevoked":"False","fileName":"qbopsetup.exe","isInstaller":"True","fileVersion":"1.0.0.28","hashMD5":"07b9da7a03ec12b4016083f0fb5e95c4","hashSHA1":"57b059405c417dbcdde56d57c69a8c5fda01822d","hashSHA256":"9ffeedd904342648c3bd88bdd25a33c8109947ee91de168c71a7e122b1fb8bf8","digitalCertThumbprint":"EAE1B1CCBDBF4E8D74CE59C0FDA20C1438404AF0","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GENNEXT PC LOGICS, OU=IT, O=GENNEXT PC LOGICS, POBox=333028, STREET=WARD NUMBER 12 SULTANA, L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":["Avira Internet Security (20190610)","Panda Dome (20190610)"]},{"isRevoked":"False","fileName":"qbopsetup.exe.1","isInstaller":"True","fileVersion":"1.0.0.42","hashMD5":"678deb52cf7ad0b6210cb997f02973b1","hashSHA1":"dc88e514a9e907f93a06c92515c37dc8e5499556","hashSHA256":"c8270423e348d92db67d8ba489f73f55521d90d788fe4fe882d55b78018d48a2","digitalCertThumbprint":"9A1EDA89340461C3684A1C5567F30E181AADF310","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPETENCE TECHNOLOGIES, OU=IT, O=COMPETENCE TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190607)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":["Avira Internet Security (20190610)","Panda Dome (20190610)"]},{"isRevoked":"False","fileName":"qbpssetup_0319.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"aa5a7695e6f77782a0cf532d1ad107c2","hashSHA1":"6bebccf8c271048b2e71e646a0514b4f946bafc1","hashSHA256":"522d33eba3ff4d1c6d17ef23313e7b2225cc42cd12dc0b9c58cabfd9855c114f","digitalCertThumbprint":"B182925B44634CEF4262FE8F8148F0AE990511C3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADROlT PC SOLUTIONS, O=ADROlT PC SOLUTIONS, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)"],"avAllowList":["Avira Internet Security (20190610)","Windows Defender (20190610)"]},{"isRevoked":"False","fileName":"qbpssetup1_0319.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"30670c80a4d42ab82e81bc291460d628","hashSHA1":"926f823ea8a8a0a42908c2c1c07a3ce1387bb55c","hashSHA256":"cea575695894c56693397368177d3410fca29126196274a460993f84313272ca","digitalCertThumbprint":"074067B0C482D950E072960711723313080FD305","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE SOFTWARES, O=ADEQUATE SOFTWARES, STREET=\"WARD NO. 12, SULTANA,\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":["Avira Internet Security (20190610)","Trend Micro Internet Security (20190610)"]},{"isRevoked":"False","fileName":"qbpssetup2_0319.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"93d0c4c73771bb97e7e0e2b1d713f336","hashSHA1":"4e73c2cfaf9e5513fc37a3a9b38438eb5f94f082","hashSHA256":"7e1311eb4cc0d6c21bda3d43878dacb0be8900892e18a3b7838a8c242e883ae5","digitalCertThumbprint":"E4660F629AA5BC2D2889514F25E8885063FBD1BD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=STELLAR PC SOLUTlONS, O=STELLAR PC SOLUTlONS, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190530)","Avast Internet Security (20190530)","AVG Internet Security (20190530)","Avira Internet Security (20190530)","Bitdefender Internet Security (20190530)","COMODO Antivirus (20190530)","Dr.Web Security Space (20190530)","ESET Internet Security (20190530)","G DATA INTERNET SECURITY (20190530)","K7 Total Security (20190530)","Kaspersky Internet Security (20190530)","Malwarebytes Premium (20190530)","McAfee Total Protection (20190530)","Norton Security (20190530)","Panda Dome (20190530)","Quick Heal Internet Security (20190530)","Sophos Home Premium (20190530)","Tencent PC Manager (20190530)","Trend Micro Internet Security (20190530)","VIPRE Advanced Security (20190530)","VirIT eXplorer PRO (20190530)","Webroot SecureAnywhere (20190530)","Windows Defender (20190530)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbpssetup3_0510.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"64b675c18e6a2f7f66667fdd644b1d4f","hashSHA1":"cc320fde486c974c797a1cd5cef26879115186da","hashSHA256":"c88c5673c6b5e6f440f6ea2207d35c03e3daf74db4af5c6694929ceed7e9ce2d","digitalCertThumbprint":"C8E617840E1DBF83C88086283BE654721FA593C6","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, OU=IT, O=QBIT SOFTWARE SERVICES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Avira Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.20).exe","isInstaller":"True","productName":"Qbit~System Care","productVersion":"1.0.0.20","fileVersion":"1.0.0.20","hashMD5":"3e5abc3270746322a1927222c8bf15c0","hashSHA1":"54341667a16d0463fc26ce1a20d3b1c9c63a649e","hashSHA256":"e217941e7a23e1ed19ef725795a1bc98390ad57d4d880df0d7d7ce08f73f30e7","digitalCertThumbprint":"9A1EDA89340461C3684A1C5567F30E181AADF310","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPETENCE TECHNOLOGIES, OU=IT, O=COMPETENCE TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":["Avira Internet Security (20190610)"]},{"isRevoked":"False","fileName":"qbopsetup (1.0.0.48).exe","isInstaller":"True","productVersion":"1.0.0.48","fileVersion":"1.0.0.48","hashMD5":"7171c8b5084fa6159a602a0ddfc4eaba","hashSHA1":"1677c932da72ac05a9a84c0a977f4d8ab54df070","hashSHA256":"4d9e37819b26f328543f9dffe7b8a4f6a174878a78a36a666d3cdde70f0e2a55","digitalCertThumbprint":"95053C45D819333BDD9C9259F9BEDC371A5D50DB","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT INFO SERVICES, OU=IT, O=CONNECT INFO SERVICES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Avira Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)","Norton Security (20190610)"],"avAllowList":["Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Trend Micro Internet Security (20190610)"]},{"isRevoked":"False","fileName":"qbpssetup (1.0.0.13).exe","isInstaller":"True","productVersion":"1.0.0.13","fileVersion":"1.0.0.13","hashMD5":"a4c7dc44a210e37a4aaa666fa3b83f19","hashSHA1":"4e1e463509b43932bbb04481a2fdc9307b7f4b0b","hashSHA256":"dbdd32218581b4da96681023c0d16a9f71ee32256f49dab3ba86bb066b637c4a","digitalCertThumbprint":"AD415220B846EE9AD01DD706B30D466318E00D6F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CLOVER PC UTILITIES, OU=IT, O=CLOVER PC UTILITIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":["Avira Internet Security (20190610)"]},{"isRevoked":"False","fileName":"qbpssetup_0319_5522.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"f657b48706dc0c17e9d30fe217adee97","hashSHA1":"7e4b0b87f366aca5a8fb4ba54d8b84dde7d51750","hashSHA256":"78fcd89e1b504c5ce3a64dfdb39b9b8fe6c40bc18faabf6e2c2e11f5f987f087","digitalCertThumbprint":"55226FC682F823418357EE6AE3586F69BC6F7926","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE TECHNOIOGIES, O=SYSCARE TECHNOIOGIES, STREET=\"421, MANI RAM JI KI KHOTO KA RASTA\", STREET=JOHRI BAZAR, L=JAIPUR, S=RAJASTHAN, PostalCode=302003, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":["Avira Internet Security (20190610)"]},{"isRevoked":"False","fileName":"qbcpsetup (1.0.0.33).exe","isInstaller":"True","productVersion":"1.0.0.33","fileVersion":"1.0.0.33","hashMD5":"425a8edda430a4f91aeb612a51785575","hashSHA1":"ce2c402faa756aa7abf75140d0f3f534455e9581","hashSHA256":"33fa1c39abac7f56172c10487f2f02163a20a0dadc3a657b00b4ced3804899b2","digitalCertThumbprint":"C8E617840E1DBF83C88086283BE654721FA593C6","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QBIT SOFTWARE SERVICES, OU=IT, O=QBIT SOFTWARE SERVICES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)","AVG Internet Security (20190610)"],"avAllowList":["Avira Internet Security (20190610)"]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"cd3fd6a77145a0640125d7843aa82ed1","hashSHA1":"8a2422fd60e8c267c37912a0ad3a5c862f8bf390","hashSHA256":"b749517f2e364fe86b9ba02ca08c87ced66157ff6aea092a98d2f8c036e77583","digitalCertThumbprint":"074067B0C482D950E072960711723313080FD305","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE SOFTWARES, O=ADEQUATE SOFTWARES, STREET=\"WARD NO. 12, SULTANA,\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2708","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Avira Internet Security (20190610)","Bitdefender Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190610)","Panda Dome (20190610)","Quick Heal Internet Security (20190610)","Sophos Home Premium (20190610)","Tencent PC Manager (20190610)","Trend Micro Internet Security (20190610)","VIPRE Advanced Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbscsetup.exe","isInstaller":"True","companyName":"Tuneup PC Tools","productName":"Qbit-System Care","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"e19c1d162461335fa18c2169c519328d","hashSHA1":"0869231c2e0007739890a684eb7ce938441b9b8e","hashSHA256":"1a462d0ccf48c3bf909095e0a03e3ddf306743ad215211351dea8572d51cc57a","digitalCertThumbprint":"597EDD49DDC0246C4D6F1042DC5976A4081E634E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools, O=Tuneup PC Tools, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2709","avBlockList":["360 Total Security (20190607)","Avast Internet Security (20190607)","AVG Internet Security (20190607)","Avira Internet Security (20190607)","Bitdefender Internet Security (20190607)","COMODO Antivirus (20190607)","Dr.Web Security Space (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Panda Dome (20190607)","Quick Heal Internet Security (20190607)","Sophos Home Premium (20190607)","Tencent PC Manager (20190607)","Trend Micro Internet Security (20190607)","VIPRE Advanced Security (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbcpsetup.exe","isInstaller":"True","productName":"Qbit~Clean~Pro","productVersion":"1.0.0.25","fileVersion":"1.0.0.25","hashMD5":"ea5f677344ccd63e781a41549bb596e1","hashSHA1":"1a8ceb0f47856be4263733ef068491f4c726725f","hashSHA256":"f59cbff842ce3877013b8918b6836035a304f9f4b7858e691ee0137b4a3f25ee","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2710","avBlockList":["360 Total Security (20190607)","Avast Internet Security (20190607)","AVG Internet Security (20190607)","Avira Internet Security (20190607)","Bitdefender Internet Security (20190607)","COMODO Antivirus (20190607)","Dr.Web Security Space (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Panda Dome (20190607)","Quick Heal Internet Security (20190607)","Sophos Home Premium (20190607)","Tencent PC Manager (20190607)","Trend Micro Internet Security (20190607)","VIPRE Advanced Security (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup.exe","isInstaller":"True","productName":"Qbit-Speedup-Pro","productVersion":"1.0.0.17","fileVersion":"1.0.0.17","hashMD5":"a5d0b3aec97550beeae22bfbcaaf404f","hashSHA1":"2f563990b6014640d4248cf67d5ecd03f1559fd5","hashSHA256":"d85157b2bfb66392b8c299d7ccb2afd51ced55ddbe5f3065de88dd155ce8f21d","digitalCertThumbprint":"AD415220B846EE9AD01DD706B30D466318E00D6F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CLOVER PC UTILITIES, OU=IT, O=CLOVER PC UTILITIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2711","avBlockList":["360 Total Security (20190607)","Avast Internet Security (20190607)","AVG Internet Security (20190607)","Avira Internet Security (20190607)","Bitdefender Internet Security (20190607)","COMODO Antivirus (20190607)","Dr.Web Security Space (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Panda Dome (20190607)","Quick Heal Internet Security (20190607)","Sophos Home Premium (20190607)","Tencent PC Manager (20190607)","Trend Micro Internet Security (20190607)","VIPRE Advanced Security (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbscsetup.exe.1","isInstaller":"True","fileVersion":"1.0","hashMD5":"4a502c610b151e8b7854b8fd65bd4c9d","hashSHA1":"2b8f1de94004808ae54fc927cb548e73fe7abe53","hashSHA256":"82511194cfb995282f8c17b88c6cc252cef6bb7d6c076a4978fbcf58e62443d8","digitalCertThumbprint":"9A1EDA89340461C3684A1C5567F30E181AADF310","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPETENCE TECHNOLOGIES, OU=IT, O=COMPETENCE TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2712","avBlockList":["360 Total Security (20190607)","Avast Internet Security (20190607)","AVG Internet Security (20190607)","Avira Internet Security (20190607)","Bitdefender Internet Security (20190607)","COMODO Antivirus (20190607)","Dr.Web Security Space (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Panda Dome (20190607)","Quick Heal Internet Security (20190607)","Sophos Home Premium (20190607)","Tencent PC Manager (20190607)","Trend Micro Internet Security (20190607)","VIPRE Advanced Security (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbscsetup.exe.2","isInstaller":"True","fileVersion":"1.0","hashMD5":"7421008b8028d2820f0f751e3dda0120","hashSHA1":"62adab3f185b16da554129df6633366282acfe02","hashSHA256":"467553c7e842441d314650d64cad9d0bf4abef9d49961ed50e683150ab2610d7","digitalCertThumbprint":"074067B0C482D950E072960711723313080FD305","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE SOFTWARES, O=ADEQUATE SOFTWARES, STREET=\"WARD NO. 12, SULTANA,\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2713","avBlockList":["360 Total Security (20190607)","Avast Internet Security (20190607)","AVG Internet Security (20190607)","Avira Internet Security (20190607)","Bitdefender Internet Security (20190607)","COMODO Antivirus (20190607)","Dr.Web Security Space (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Panda Dome (20190607)","Quick Heal Internet Security (20190607)","Sophos Home Premium (20190607)","Tencent PC Manager (20190607)","Trend Micro Internet Security (20190607)","VIPRE Advanced Security (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)","Norton Security (20190607)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup.exe.1","isInstaller":"True","fileVersion":"1.0","hashMD5":"8d59001c067a1ea48afa5a6a6f235338","hashSHA1":"c72da685e5564fe97d71aeed013fe1e6abec600e","hashSHA256":"51715e023e8bee71677d632ae671078d010309e46870e0c169c4578a01bf11c0","digitalCertThumbprint":"597EDD49DDC0246C4D6F1042DC5976A4081E634E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools, O=Tuneup PC Tools, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2714","avBlockList":["360 Total Security (20190607)","Avast Internet Security (20190607)","AVG Internet Security (20190607)","Avira Internet Security (20190607)","Bitdefender Internet Security (20190607)","COMODO Antivirus (20190607)","Dr.Web Security Space (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Panda Dome (20190607)","Quick Heal Internet Security (20190607)","Sophos Home Premium (20190607)","Tencent PC Manager (20190607)","VIPRE Advanced Security (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)"],"avAllowList":["Trend Micro Internet Security (20190607)"]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.45).exe","isInstaller":"True","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"9ea4ecbf341eb349e5878c81c2adc49b","hashSHA1":"4bf6e571c18421bf370a8ec7f51df8370cb707e0","hashSHA256":"cfe5a523768072106a67adab30da3eb0be02264ec32b1355813cee9ce77680fa","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2728","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbcpsetup (1.0.0.62).exe","isInstaller":"True","productVersion":"1.0.0.62","fileVersion":"1.0.0.62","hashMD5":"b59844fac6ebe414f3d2bbef31c2ff7f","hashSHA1":"1f5a8cfdee59c69f28ecad4dde41e9c03565d447","hashSHA256":"c60ef5670575502d874d833a55e5e2982ff1db0c641e23fd30986743a6274971","digitalCertThumbprint":"B464A711FB2AD3748EB5F6F0E764B79D4DF4E1ED","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2729","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Panda Dome (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbcpsetup (1.0.0.62) 2.exe","isInstaller":"True","productVersion":"1.0.0.62","fileVersion":"1.0.0.62","hashMD5":"94a804a34fa29d55e286289d355225be","hashSHA1":"bf7af0a1adbd16f70ac8365cba3aee56ddca68bf","hashSHA256":"35df4f130aeed5c800fde1f93b0e0f69f093c81f03d320102962b0d292685e38","digitalCertThumbprint":"AD415220B846EE9AD01DD706B30D466318E00D6F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CLOVER PC UTILITIES, OU=IT, O=CLOVER PC UTILITIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2730","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Panda Dome (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.53).exe","isInstaller":"True","productVersion":"1.0.0.53","fileVersion":"1.0.0.53","hashMD5":"a46aadfb6648a3355de57685c1507faa","hashSHA1":"930a3b65ccb5b1012499d7d727e57edfda6f844b","hashSHA256":"a313b753a68686e449eb2832c2eb7c97ea1834348e22f85e87b1c17282610749","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2731","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbopsetup (1.0.0.42).exe","isInstaller":"True","productVersion":"1.0.0.42","fileVersion":"1.0.0.42","hashMD5":"3ab2a9835101417f2cf86a1154b2cfdb","hashSHA1":"2138f0a0e46a3e8e6dfa440fcc4024cee232f790","hashSHA256":"3627f02af81e6058a16acc3b6299090f711cbaee4807f70a486b1329204af20a","digitalCertThumbprint":"95053C45D819333BDD9C9259F9BEDC371A5D50DB","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT INFO SERVICES, OU=IT, O=CONNECT INFO SERVICES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2732","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190610)","Quick Heal Internet Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbcpsetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"5ac5c75e555dc77bd0429f4121572c55","hashSHA1":"56d6234188b3151d46390ad9f22fa2cd782b08e0","hashSHA256":"5f36fbfc6642b77ba8d1240677856340123b696a784c8f58227500a4788501ae","digitalCertThumbprint":"135E8FFCA1DC786B30255FEBD50AA6DEC22ECB97","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANER SOFTWARES, OU=IT, O=PC CLEANER SOFTWARES, POBox=333028, STREET=\"Ward No: 12, Sultana\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2733","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)","Norton Security (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4745f104c9e8be10b576f9f77f7c07af","hashSHA1":"21482416d35f231e7cdbeaec57bb13e00ba77161","hashSHA256":"768e269057b61710edc210097e86eec40b4006ef8e500ba1e6c8f9457270792e","digitalCertThumbprint":"DD5D238E52F7FF4E7FEA5FD9F088AB9BB09A3B36","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANUP UTILITIES, OU=Back Office, O=PC CLEANUP UTILITIES, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2734","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)","Norton Security (20190613)"]},{"isRevoked":"False","fileName":"qbopsetup (1.0.0.42) 2.exe","isInstaller":"True","productVersion":"1.0.0.42","fileVersion":"1.0.0.42","hashMD5":"0b40a33872149e00ccbd5379ec974134","hashSHA1":"7889ab2efc3e958488a546a40a0224df50562512","hashSHA256":"6674975c433229ca453defc1f4e1da48028ca3ca14cc1f4e4e6c9ea0126a17dc","digitalCertThumbprint":"9A1EDA89340461C3684A1C5567F30E181AADF310","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPETENCE TECHNOLOGIES, OU=IT, O=COMPETENCE TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2735","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Quick Heal Internet Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.51).exe","isInstaller":"True","productVersion":"1.0.0.51","fileVersion":"1.0.0.51","hashMD5":"76de409546eb3d49b3aea7f7917d899a","hashSHA1":"627633ed2551ba3a3d32959731ffb156d5f53157","hashSHA256":"7b21e656e32ea2d55df6fb149fb2d86586bb2976262a3edb365977cd6166c945","digitalCertThumbprint":"B464A711FB2AD3748EB5F6F0E764B79D4DF4E1ED","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2736","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190610)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.12).exe","isInstaller":"True","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"b5e4b121c650518a48b23b3c0d2eea07","hashSHA1":"f91d380330778184608fd6acbcc0b99f8b1880d1","hashSHA256":"a6fd8b737b8d54c2b9bdc86dd49cc7b16702ad862ed2fe7ccce1b71d0699d949","digitalCertThumbprint":"E62C6E98CAAC271270035177A39DB38EE5268C86","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2737","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.2).exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"fec40182988ec89bc2816abe1eac6146","hashSHA1":"e640db6f1acdd928451dd67aad19e75e730a8745","hashSHA256":"09dc8079e48f850d1397a765b7a57ca7964dcd0577502ff6ab32d3a423e82b94","digitalCertThumbprint":"2A71A0869A7FC7923F13FCBB479BBDA481E8F15B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WHlZSOFT SERVICES, O=WHlZSOFT SERVICES, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2738","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.2) 2.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"63ad834bae345ba64060400168639b30","hashSHA1":"11c3b5e00a1424b214fa43910f6670f8fa815001","hashSHA256":"e8016dcef2fc6648e8008c7d7ebad8452f432ead616a6da380454d2863a12283","digitalCertThumbprint":"597EDD49DDC0246C4D6F1042DC5976A4081E634E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools, O=Tuneup PC Tools, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2739","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190610)","Quick Heal Internet Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.2) 3.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"0b16c31da07fb0aed133988eba940b2a","hashSHA1":"568c5916252046e51742e17a762750a3c5fd831a","hashSHA256":"7c3305ff45842e1ee280a3c51cbc64c7d549959f37e9d8803a5ebff535073204","digitalCertThumbprint":"E4660F629AA5BC2D2889514F25E8885063FBD1BD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=STELLAR PC SOLUTlONS, O=STELLAR PC SOLUTlONS, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2740","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.12) 2.exe","isInstaller":"True","productVersion":"1.0.0.12","fileVersion":"1.0.0.12","hashMD5":"f248cdd90c40d2c5ad18480ed7358b0b","hashSHA1":"a45a1ef7128ab4f26f2b2d257f2269afa896cf74","hashSHA256":"a71bf354acf10ac596e6d941281a923b070fdd40430e595d09e65f7fe5f95629","digitalCertThumbprint":"E62C6E98CAAC271270035177A39DB38EE5268C86","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2741","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Quick Heal Internet Security (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbpssetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b251873d47e5b69eabc057c1883e190b","hashSHA1":"2527a632a1063eec05f8db32ec6c3e015ac3ae10","hashSHA256":"06e44abd665be20355cdb591b3fefc9a62ca9653a62cf725d14c9e54a0f39731","digitalCertThumbprint":"B182925B44634CEF4262FE8F8148F0AE990511C3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADROlT PC SOLUTIONS, O=ADROlT PC SOLUTIONS, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2742","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Sophos Home Premium (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.51) 2.exe","isInstaller":"True","productVersion":"1.0.0.51","fileVersion":"1.0.0.51","hashMD5":"7134a9c637923794cb1c364752da307f","hashSHA1":"32442e51e4797437bb11d617694be6b142047a00","hashSHA256":"b90bf5a9c3e981741f14751fab4f7b39eb764fb2e2ca8f46efb020d68d19e7be","digitalCertThumbprint":"B464A711FB2AD3748EB5F6F0E764B79D4DF4E1ED","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2743","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Sophos Home Premium (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":[]},{"isRevoked":"False","fileName":"qbcpsetup (1.0.0.0) 2.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"19cdf8b83d70092ec6a3c20af356658d","hashSHA1":"faedddf5b8e1e7c76ba09841c4a31b9608ae33a3","hashSHA256":"05e1e92f4f3f8ea043884e0497298b275135423f1f86c5d83d3186c25fb0e123","digitalCertThumbprint":"DD5D238E52F7FF4E7FEA5FD9F088AB9BB09A3B36","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANUP UTILITIES, OU=Back Office, O=PC CLEANUP UTILITIES, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2744","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)","Norton Security (20190613)"]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.53) .exe","isInstaller":"True","productVersion":"1.0.0.53","fileVersion":"1.0.0.53","hashMD5":"500258104db6a89b015d26b67bee8a66","hashSHA1":"3f1dcc7e41075dfe1890aa20c0b39fc84f20acd8","hashSHA256":"88b816a8e21cea66bfb8950689c4a296b43394f7bce17a944367c91c85062b00","digitalCertThumbprint":"553CDDD6B6BF267199379548194D3F2F13C084C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, OU=IT, O=SYSLOGIX SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2746","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbpssetup (1.0.0.13) 2.exe","isInstaller":"True","productVersion":"1.0.0.13","fileVersion":"1.0.0.13","hashMD5":"9a0b73958333aca508079b79417d8ddf","hashSHA1":"70a258ebe29b794bc7426b2fb38e8a8bec3ca0cd","hashSHA256":"c54c18dd48da4c547c3416b67c4a8cf85de3f928337081ed407b75e2812243da","digitalCertThumbprint":"AD415220B846EE9AD01DD706B30D466318E00D6F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CLOVER PC UTILITIES, OU=IT, O=CLOVER PC UTILITIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2747","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.2) 4.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"b22a623857ff11254f64c8c9e29d923a","hashSHA1":"f858b69f15e3b03a3162b98b83635aa46140a2ff","hashSHA256":"dea7933b4b4e7515e9374d892f1a672c3076ee607bc6e6826b9d4dc1d7ef9d5e","digitalCertThumbprint":"597EDD49DDC0246C4D6F1042DC5976A4081E634E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools, O=Tuneup PC Tools, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2748","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.2) 5.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"b9f779de0ce0e2ee0df58fc124962fa7","hashSHA1":"1c4e036d57e201db3d31d45f13a1d35a09b22b81","hashSHA256":"3aa79c9583aaeb6d24a0647c9cd153ffd563e595286870c7f08ccf45871a81fe","digitalCertThumbprint":"E4660F629AA5BC2D2889514F25E8885063FBD1BD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=STELLAR PC SOLUTlONS, O=STELLAR PC SOLUTlONS, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2749","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbcpsetup (1.0.0.22).exe","isInstaller":"True","productVersion":"1.0.0.22","fileVersion":"1.0.0.22","hashMD5":"48ffdc69d8b373cbfa5291e139239b0d","hashSHA1":"0744e3ee3356b82eade7246447a1333090f404a6","hashSHA256":"43fc6a22270130ccb0f2dde31bc2faa5dc3ce3cce2e84695c6962743445f5ef8","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2750","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.40).exe","isInstaller":"True","productVersion":"1.0.0.40","fileVersion":"1.0.0.40","hashMD5":"38e3aacafdb3ae694cf3ed0aa625d72c","hashSHA1":"a1a3a2d423cc5017a3b38e639755dce139670ffd","hashSHA256":"6baa8bf1f91df73c3d525bc15a8754e0cad7f28fcedd1b7f45dec57d96075c36","digitalCertThumbprint":"3909A459CFDA96751EE385EBFB88CCD57E833E02","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2751","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbcpsetup (1.0.0.29).exe","isInstaller":"True","productVersion":"1.0.0.29","fileVersion":"1.0.0.29","hashMD5":"7cb39a4ef052b5a36b3fab652ddc9a21","hashSHA1":"ac05480d559163fee031b2737b469e0a52de46a6","hashSHA256":"f23dca53ef9ba6a357932176b577c5d1b876cd8fe31937a8d48c00331741b8a8","digitalCertThumbprint":"9A1EDA89340461C3684A1C5567F30E181AADF310","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPETENCE TECHNOLOGIES, OU=IT, O=COMPETENCE TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2752","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbopsetup (1.0.0.45).exe","isInstaller":"True","productName":"QBIT Optimizer Pro","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"7f52ef77d310ce3da75a8b6ad0ed51c7","hashSHA1":"02b6c8afc85f73fd1bc451b2248851a429a72643","hashSHA256":"8039ead5bcab351fb1c72db8b2c65255b0a00ccee10c54ca9146df4fc636b292","digitalCertThumbprint":"8D641E19DD9AEB54DEA66123A4D023F0B5948E16","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE UTILITIES, OU=IT, O=PC CARE UTILITIES, POBox=333028, STREET=\"124,MAHAVEER NAGAR-2,MAHARANI FARM,DURGAPURA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2754","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbopsetup (1.0.0.45) 2.exe","isInstaller":"True","productName":"QBIT Optimizer Pro","productVersion":"1.0.0.45","fileVersion":"1.0.0.45","hashMD5":"09ef1484576b252fd54a63e9e87beb36","hashSHA1":"ce07fab4b4b8c69192412e02460074d085288aa1","hashSHA256":"ff9707d0e152e932818cf5fd632b23566544645b869199cd5236573321ea15ad","digitalCertThumbprint":"39405747CADE5092A3C77D1D25A5F14E0CDD218F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2755","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.0)2.exe","isInstaller":"True","productName":"QBIT Speedup Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c2d07f4b8e24876d7be817d9c5f260b2","hashSHA1":"49e318d086b457a9b29df7bc052c509ebd7a27fb","hashSHA256":"7a237bbde42ccff433fba74888d4f0b38c32a500b5fbbe5297811756ce62953f","digitalCertThumbprint":"14361D2E1CAD235DDD1130731A18EC2804147928","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"2756","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.40) 2.exe","isInstaller":"True","productName":"Qbit Speedup pro","productVersion":"1.0.0.40","fileVersion":"1.0.0.40","hashMD5":"97950aa3d2ddad245fc9a307ca474359","hashSHA1":"617af87d63b5918197e68b21ca52552870f8a0cc","hashSHA256":"7f520dcdcfef0dd940aefbd5736e873775bb78272ed898afecb1593dd1296576","digitalCertThumbprint":"8D641E19DD9AEB54DEA66123A4D023F0B5948E16","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE UTILITIES, OU=IT, O=PC CARE UTILITIES, POBox=333028, STREET=\"124,MAHAVEER NAGAR-2,MAHARANI FARM,DURGAPURA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2757","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbscsetup (1.0.0.0) 3.exe","isInstaller":"True","productName":"Qbit-System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"803e670cdc61dd191f8170b88bbae619","hashSHA1":"67e695cc8778be38a91b8e2e1814f8a24215ca9f","hashSHA256":"cea7be2dc69eef5aaf83d86cf184fa56301acf20c94a531bcb69df2371d1abd8","digitalCertThumbprint":"34BBAF071CE0C5AD46E234ACACC52A93E7C1AE2E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TWEAK PC TOOLS, OU=IT, O=TWEAK PC TOOLS, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2758","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.70).exe","isInstaller":"True","productName":"Qbit Speedup pro","productVersion":"1.0.0.70","fileVersion":"1.0.0.70","hashMD5":"39415134049a9c1c601160f75f75641b","hashSHA1":"2356f7d2b375e255426d66aadba4e3da7e772936","hashSHA256":"5a1addc15add46685128849d495bfbeef384b2fee2902c9eb0bcae12f58b0c7b","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2759","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.50).exe","isInstaller":"True","productName":"QBIT Speedup Pro","productVersion":"1.0.0.50","fileVersion":"1.0.0.50","hashMD5":"c7ff8bcc38fa5cb5f848eada4a52e490","hashSHA1":"f23cc809aa0537c9cee7622883b41277f2df0499","hashSHA256":"ebf1593b6b2fe657766d2b05ffde214d5cbee5abd85d21312e59d9b4ab5fd389","digitalCertThumbprint":"3909A459CFDA96751EE385EBFB88CCD57E833E02","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2760","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.50) 2.exe","isInstaller":"True","productName":"QBIT Speedup Pro","productVersion":"1.0.0.50","fileVersion":"1.0.0.50","hashMD5":"3a409625acaa5817c7a498b88b9ff2ea","hashSHA1":"d68277d0f6be651bf6a226941c5148bad3d2209e","hashSHA256":"9bf2ec54114def43a993654a7631c0ae82eaede4d876cd429491e550253c6968","digitalCertThumbprint":"39405747CADE5092A3C77D1D25A5F14E0CDD218F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2761","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.14).exe","isInstaller":"True","productName":"QBIT Speedup Pro","productVersion":"1.0.0.14","fileVersion":"1.0.0.14","hashMD5":"8632eb257aa28584d956d663729ef403","hashSHA1":"430f70b9f90aa62d64874b724aa341496517f7a5","hashSHA256":"a3dc21e37e0bffc1cb9da36fc34ca6c4bf63c38933d709d6c146774ba73ae369","digitalCertThumbprint":"3909A459CFDA96751EE385EBFB88CCD57E833E02","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2763","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbopsetup (1.0.0.30).exe","isInstaller":"True","productName":"QBIT Optimizer Pro","productVersion":"1.0.0.30","fileVersion":"1.0.0.30","hashMD5":"3398edf0b054d7ba549e9f7b80c4780f","hashSHA1":"2e271bc5f63d58c96d0f36a6e6263f8d95335966","hashSHA256":"137e0b8dae0d5ed56e0a1f0c54a901e7704750677a0c71464ca26f6c357e79fc","digitalCertThumbprint":"FC559C06A893958F50329BDB8D1FB2F8EF2FC8B2","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2764","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.25).exe","isInstaller":"True","productName":"QBIT Speedup Pro","productVersion":"1.0.0.25","fileVersion":"1.0.0.25","hashMD5":"11b13f16ce538289122eabc0fc611377","hashSHA1":"54864b575974d740480e8751fab7a70c88c94bf9","hashSHA256":"9f064995182d637562293bc0ea49d392c986cae260c612cff6f8670e6d1866e6","digitalCertThumbprint":"3909A459CFDA96751EE385EBFB88CCD57E833E02","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2765","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.53) 2.exe","isInstaller":"True","productName":"QBIT Speedup Pro","productVersion":"1.0.0.53","fileVersion":"1.0.0.53","hashMD5":"03ffbb981af312758468e2797d73cde0","hashSHA1":"da4a07cc18a8cc20663503d1534202d53d2462c4","hashSHA256":"43883f69b3599bf623d0dc874d3f1d0c484e78a61091051b1950e6544a18ebbb","digitalCertThumbprint":"553CDDD6B6BF267199379548194D3F2F13C084C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, OU=IT, O=SYSLOGIX SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qbspsetup (1.0.0.50) 3.exe","isInstaller":"True","productName":"QBIT Speedup Pro","productVersion":"1.0.0.50","fileVersion":"1.0.0.50","hashMD5":"785804f60823884101b7e75ed727d3ec","hashSHA1":"25dde76ab8a6c5ec85b1620b3fc55c81996cace5","hashSHA256":"62d6c5a57eea6ff61ab027e6e91b1f4984deb1e1df81de30685292be061cb33a","digitalCertThumbprint":"3909A459CFDA96751EE385EBFB88CCD57E833E02","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC BOOSTER UTILITIES, OU=IT, O=PC BOOSTER UTILITIES, POBox=302004, STREET=\"13, SHIVAM APPARTMENT, OPPOSIT MOTI DOONGRI THANA, JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2767","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"scamming affiliate","reference":"QBIT","landingPage":"http://www.qbitmypctools.club/lp/brtbm/1/?fd=qbsc&x-context=wDHBE30PO63K1L6MH85TMTA4&utm_source=wbtbm&utm_campaign=wbtbm&pxl=WBT4277_WBT4179_RUNT&utm_pubid=d975b414-e79a-48eb-a43b-48ac6da6d285&x-at=XXXXX&override=1","directDownloadingLink":"http://dl.qbitmypctools.club/qbsc/securerc/qbitmypctools_club/qbscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.qbitmypctools.club/qbsc/securerc/qbitmypctools_club/qbscsetup.exe","sourceIndex":"2708"},{"howFound":"","reference":"","landingPage":"http://www.qbitmypctools.club/","directDownloadingLink":"http://dl.qbitmypctools.club/qbsc/securerc/qbitmypctools_club/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2709"},{"howFound":"","reference":"","landingPage":"http://www.mbitspcutils.club/","directDownloadingLink":"http://dl.mbitspcutils.club/qbcp/securerc/mbitspcutils_club/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2710"},{"howFound":"","reference":"","landingPage":"http://www.qbitboostnow.club/","directDownloadingLink":"http://dl.qbitboostnow.club/qbsp/securerc/qbitboostnow_club/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2711"},{"howFound":"","reference":"","landingPage":"http://www.qbitcleanpc.xyz","directDownloadingLink":"http://dl.qbitcleanpc.xyz/qbsc/securerc/qbitcleanpc_xyz/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2712"},{"howFound":"","reference":"","landingPage":"http://tunepc.xyz/","directDownloadingLink":"http://dl.tunepc.xyz/qbsp/securerc/tunepc_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2713"},{"howFound":"","reference":"","landingPage":"http://www.tunetoppctool.club","directDownloadingLink":"http://dl.tunetoppctool.club/qbsc/securerc/tunetoppctool_club/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2714"},{"howFound":"","reference":"","landingPage":"www.unifysmarttools.xyz","directDownloadingLink":"http://dl.unifysmarttools.xyz/qbps/securerc/unifysmarttools_xyz/qbpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2715"},{"howFound":"","reference":"","landingPage":"http://unifysuperutils.club","ipv4":"","ipv6":"","sourceIndex":"2716"},{"howFound":"","reference":"","landingPage":"http://unotechyutils.xyz/","ipv4":"","ipv6":"","sourceIndex":"2717"},{"howFound":"","reference":"","landingPage":"http://www.osysboostutils.club/","ipv4":"","ipv6":"","sourceIndex":"2718"},{"howFound":"","reference":"","landingPage":"http://www.opcspeedtools.club","ipv4":"","ipv6":"","sourceIndex":"2719"},{"howFound":"","reference":"","landingPage":"http://www.unifypctools.live","directDownloadingLink":"https://dl.unifypctools.live/qbps/securerc/unifypctools_live/qbpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2720"},{"howFound":"","reference":"","landingPage":"http://www.opcboosttools.xyz","directDownloadingLink":"http://dl.opcboosttools.xyz/qbps/securerc/opcboosttools_xyz/qbpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2721"},{"howFound":"","reference":"","landingPage":"http://qbitsyspcboost.xyz/","directDownloadingLink":"http://dl.qbitsyspcboost.xyz/qbsc/securerc/qbitsyspcboost_xyz/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2722"},{"howFound":"","reference":"","landingPage":"http://unosuperutils.xyz/","directDownloadingLink":"http://dl.unosuperutils.xyz/qbop/securerc/unosuperutils_xyz/qbopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2723"},{"howFound":"","reference":"","landingPage":"http://qbitcleanpc.club/","directDownloadingLink":"https://dl.qbitcleanpc.club/qbps/securerc/qbitcleanpc_club/qbpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2724"},{"howFound":"","reference":"","landingPage":"http://www.unomastertools.live/","directDownloadingLink":"http://dl.unomastertools.live/qbcp/securerc/unomastertools_live/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2725"},{"howFound":"","reference":"","landingPage":"http://tunetoppc.live/","directDownloadingLink":"http://dl.tunetoppc.live/qbsc/securerc/tunetoppc_live/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2726"},{"howFound":"","reference":"","landingPage":"http://unifypctools.live/","directDownloadingLink":"https://dl.unifypctools.live/qbps/securerc/unifypctools_live/qbpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2727"},{"howFound":"","reference":"","landingPage":"http://unosmarttools.live/","directDownloadingLink":"http://dl.unosmarttools.live/qbsp/securerc/unosmarttools_live/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2728"},{"howFound":"","reference":"","landingPage":"http://unotechytools.club/","directDownloadingLink":"http://dl.unotechytools.club/qbcp/securerc/unotechytools_club/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2729"},{"howFound":"","reference":"","landingPage":"http://www.unotechnotools.club/","directDownloadingLink":"http://dl.unotechnotools.club/qbcp/securerc/unotechnotools_club/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2730"},{"howFound":"","reference":"","landingPage":"http://www.unotechnotools.xyz/","directDownloadingLink":"http://dl.unotechnotools.xyz/qbsc/securerc/unotechnotools_xyz/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2731"},{"howFound":"","reference":"","landingPage":"http://www.unifypctools.xyz/","directDownloadingLink":"http://dl.unifypctools.xyz/qbop/securerc/unifypctools_xyz/qbopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2732"},{"howFound":"","reference":"","landingPage":"http://unosystemutils.live/","directDownloadingLink":"http://dl.unosystemutils.live/qbcp/securerc/unosystemutils_live/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2733"},{"howFound":"","reference":"","landingPage":"http://unopcutils.live/","directDownloadingLink":"http://dl.unopcutils.live/qbsp/securerc/unopcutils_live/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2734"},{"howFound":"","reference":"","landingPage":"http://unopcutils.xyz/","directDownloadingLink":"http://dl.unopcutils.xyz/qbop/securerc/unopcutils_xyz/qbopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2735"},{"howFound":"","reference":"","landingPage":"http://www.qbitboostnow.xyz/","directDownloadingLink":"http://dl.qbitboostnow.xyz/qbsc/securerc/qbitboostnow_xyz/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2736"},{"howFound":"","reference":"","landingPage":"http://www.qbitcleanpc.live/","directDownloadingLink":"https://dl.qbitcleanpc.live/qbsp/securerc/qbitcleanpc_live/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2737"},{"howFound":"","reference":"","landingPage":"http://qbitpcutils.club/","directDownloadingLink":"http://dl.qbitpcutils.club/qbsc/securerc/qbitpcutils_club/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2738"},{"howFound":"","reference":"","landingPage":"http://qbitpcutils.live/","directDownloadingLink":"http://dl.qbitpcutils.live/qbsc/securerc/qbitpcutils_live/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2739"},{"howFound":"","reference":"","landingPage":"http://www.qbitmypctools.live/","directDownloadingLink":"http://dl.qbitmypctools.live/qbsc/securerc/qbitmypctools_live/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2740"},{"howFound":"","reference":"","landingPage":"http://www.qbitmypctools.xyz/","directDownloadingLink":"https://dl.qbitmypctools.xyz/qbsp/securerc/qbitmypctools_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2741"},{"howFound":"","reference":"","landingPage":"http://www.tunepcutils.club/","directDownloadingLink":"http://dl.tunepcutils.club/qbps/securerc/tunepcutils_club/qbpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2742"},{"howFound":"","reference":"","landingPage":"http://www.unifysmarttools.club/","directDownloadingLink":"http://dl.unifysmarttools.club/qbsc/securerc/unifysmarttools_club/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2743"},{"howFound":"","reference":"","landingPage":"http://unosuperutils.live/","directDownloadingLink":"http://dl.unosuperutils.live/qbcp/securerc/unosuperutils_live/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2744"},{"howFound":"","reference":"","landingPage":"http://www.qbitcleanpc.live/","directDownloadingLink":"https://dl.qbitcleanpc.live/qbsp/securerc/qbitcleanpc_live/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2745"},{"howFound":"","reference":"","landingPage":"http://systems-boost.xyz/","directDownloadingLink":"http://dl.systems-boost.xyz/qbsp/securerc/systems-boost_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2746"},{"howFound":"","reference":"QBIT PC Speedup","landingPage":"http://qbitcleanup.club/","directDownloadingLink":"https://dl.qbitcleanup.club/qbps/securerc/qbitcleanup_club/qbpssetup.exe","ipv4":"","ipv6":"","sourceIndex":"2747"},{"howFound":"","reference":"QBIT System Care","landingPage":"http://qbitsystems.club/","directDownloadingLink":"http://dl.qbitsystems.club/qbsc/securerc/qbitsystems_club/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2748"},{"howFound":"","reference":"QBIT System Care","landingPage":"http://qbitsystems.live/","directDownloadingLink":"http://dl.qbitsystems.live/qbsc/securerc/qbitsystems_live/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2749"},{"howFound":"","reference":"QBIT Clean Pro","landingPage":"http://pcbitsoltools.live/","directDownloadingLink":"http://dl.pcbitsoltools.live/qbcp/securerc/pcbitsoltools_live/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2750"},{"howFound":"","reference":"Qbit Speedup pro","landingPage":"http://unifytechyutils.xyz/","directDownloadingLink":"http://dl.unifytechyutils.xyz/qbsp/securerc/unifytechyutils_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2751"},{"howFound":"","reference":"QBIT Clean Pro","landingPage":"http://unifytechyutils.club/","directDownloadingLink":"http://dl.unifytechyutils.club/qbcp/securerc/unifytechyutils_club/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2752"},{"howFound":"","reference":"QBIT Clean Pro","landingPage":"http://www.mbitspcutils.club/","directDownloadingLink":"http://dl.mbitspcutils.club/qbcp/securerc/mbitspcutils_club/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2753"},{"howFound":"","reference":"QBIT Optimizer Pro","landingPage":"http://www.unosystemtools.xyz/","directDownloadingLink":"http://dl.unosystemtools.xyz/qbop/securerc/unosystemtools_xyz/qbopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2754"},{"howFound":"","reference":"QBIT Optimizer Pro","landingPage":"http://www.unosystemtools.club/","directDownloadingLink":"http://dl.unosystemtools.club/qbop/securerc/unosystemtools_club/qbopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2755"},{"howFound":"","reference":"QBIT Speedup Pro","landingPage":"http://unospeedytools.xyz/","directDownloadingLink":"http://dl.unospeedytools.xyz/qbsp/securerc/unospeedytools_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2756"},{"howFound":"","reference":"QBIT Speedup Pro","landingPage":"http://unospeedytools.live/","directDownloadingLink":"http://dl.unospeedytools.live/qbsp/securerc/unospeedytools_live/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2757"},{"howFound":"","reference":"QBIT System Care","landingPage":"http://unospeedytools.club/","directDownloadingLink":"http://dl.unospeedytools.club/qbsc/securerc/unospeedytools_club/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2758"},{"howFound":"","reference":"Qbit Speedup pro","landingPage":"http://sjsystemutils.live/","directDownloadingLink":"http://dl.sjsystemutils.live/qbsp/securerc/sjsystemutils_live/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2759"},{"howFound":"","reference":"QBIT Speedup Pro","landingPage":"http://pcs-optimize.xyz/","directDownloadingLink":"http://dl.pcs-optimize.xyz/qbsp/securerc/pcs-optimize_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2760"},{"howFound":"","reference":"QBIT Speedup Pro","landingPage":"http://secures-pctools.xyz/","directDownloadingLink":"http://dl.secures-pctools.xyz/qbsp/securerc/secures-pctools_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2761"},{"howFound":"","reference":"Qbit System Care","landingPage":"http://www.unifysmartutils.live","directDownloadingLink":"http://dl.unifysmartutils.live/qbsc/securerc/unifysmartutils_live/qbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2762"},{"howFound":"","reference":"QBIT Speedup Pro","landingPage":"http://unotechnoutils.live/","directDownloadingLink":"https://dl.unotechnoutils.live/qbsp/securerc/unotechnoutils_live/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2763"},{"howFound":"","reference":"QBIT Optimizer Pro","landingPage":"http://unomasterutils.club/","directDownloadingLink":"http://dl.unomasterutils.club/qbop/securerc/unomasterutils_club/qbopsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2764"},{"howFound":"","reference":"QBIT Speedup Pro","landingPage":"http://unomasterutils.xyz/","directDownloadingLink":"https://dl.unomasterutils.xyz/qbsp/securerc/unomasterutils_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2765"},{"howFound":"","reference":"QBIT Speedup Pro","landingPage":"http://optimizes-tools.xyz/","directDownloadingLink":"http://dl.optimizes-tools.xyz/qbsp/securerc/optimizes-tools_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2766"},{"howFound":"","reference":"QBIT Speedup Pro","landingPage":"http://www.pcs-cleaner.xyz/","directDownloadingLink":"http://dl.pcs-cleaner.xyz/qbsp/securerc/pcs-cleaner_xyz/qbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2767"}],"sampleFiles":["190919/QBIT-190502/1.0.0.25/Samples/qbpssetup.exe","190919/QBIT-190502/1.0.0.25/Samples/qbopsetup.exe","190919/QBIT-190502/1.0.0.25/Samples/qbopsetup.exe.1","190919/QBIT-190502/1.0.0.25/Samples/qbpssetup_0319.exe","190919/QBIT-190502/1.0.0.25/Samples/qbpssetup1_0319.exe","190919/QBIT-190502/1.0.0.25/Samples/qbpssetup2_0319.exe","190919/QBIT-190502/1.0.0.25/Samples/qbpssetup3_0510.exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.20).exe","190919/QBIT-190502/1.0.0.25/Samples/qbopsetup (1.0.0.48).exe","190919/QBIT-190502/1.0.0.25/Samples/qbpssetup (1.0.0.13).exe","190919/QBIT-190502/1.0.0.25/Samples/qbpssetup_0319_5522.exe","190919/QBIT-190502/1.0.0.25/Samples/qbcpsetup (1.0.0.33).exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.0).exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup.exe","190919/QBIT-190502/1.0.0.25/Samples/qbcpsetup.exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup.exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup.exe.1","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup.exe.2","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup.exe.1","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.45).exe","190919/QBIT-190502/1.0.0.25/Samples/qbcpsetup (1.0.0.62).exe","190919/QBIT-190502/1.0.0.25/Samples/qbcpsetup (1.0.0.62) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.53).exe","190919/QBIT-190502/1.0.0.25/Samples/qbopsetup (1.0.0.42).exe","190919/QBIT-190502/1.0.0.25/Samples/qbcpsetup (1.0.0.0).exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.0).exe","190919/QBIT-190502/1.0.0.25/Samples/qbopsetup (1.0.0.42) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.51).exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.12).exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.2).exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.2) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.2) 3.exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.12) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbpssetup (1.0.0.0).exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.51) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbcpsetup (1.0.0.0) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.53) .exe","190919/QBIT-190502/1.0.0.25/Samples/qbpssetup (1.0.0.13) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.2) 4.exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.2) 5.exe","190919/QBIT-190502/1.0.0.25/Samples/qbcpsetup (1.0.0.22).exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.40).exe","190919/QBIT-190502/1.0.0.25/Samples/qbcpsetup (1.0.0.29).exe","190919/QBIT-190502/1.0.0.25/Samples/qbopsetup (1.0.0.45).exe","190919/QBIT-190502/1.0.0.25/Samples/qbopsetup (1.0.0.45) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.0)2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.40) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbscsetup (1.0.0.0) 3.exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.70).exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.50).exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.50) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.14).exe","190919/QBIT-190502/1.0.0.25/Samples/qbopsetup (1.0.0.30).exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.25).exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.53) 2.exe","190919/QBIT-190502/1.0.0.25/Samples/qbspsetup (1.0.0.50) 3.exe"],"imageFiles":["190919/QBIT-190502/1.0.0.25/Images/ACR-042/QBIT_DriverUpdaterOffer.PNG","190919/QBIT-190502/1.0.0.25/Images/ACR-003/QBIT_003.PNG","190919/QBIT-190502/1.0.0.25/Images/ACR-003/QBIT_004_2.PNG","190919/QBIT-190502/1.0.0.25/Images/ACR-010/QBIT_DriverUpdaterOffer.PNG","190919/QBIT-190502/1.0.0.25/Images/ACR-004/QBIT_004.PNG","190919/QBIT-190502/1.0.0.25/Images/ACR-004/QBIT_004_2.PNG"],"nonDeceptorImageFiles":["190919/QBIT-190502/1.0.0.25/Images/ACR-003/Affiliate_QBIT.PNG"],"guid":"f34771b1-af82-416e-aaa3-73f92362572f_1.0.0.25_1","appID":"QBIT-190502","dateAdded":"190919","deceptorType":"App","name":"QBIT","company":"SYSCLEAN TECHNOLOGIES","version":"1.0.0.25","sigName":"Deceptor:Win32/QBIT!042003010004084097 ","lastKnownStatus":"Deceptor:1.0.0.25","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"Qbit","numInFamily":4,"numInAppID":1,"sortOrder":2021},{"violations":{"ACR-010":"Website claims to download an App to update computer drivers, but instead downloads file detected by Antivirus Companies as malware.\n\n"},"nonDeceptorViolations":{"ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-010":"The app downloaded from download website is detected by Antivirus Companies as malware. The malware may download and install other malicious file in the system. Example of download link is hxxp://driverfixersoftware.com/DriverFixer.exe?\n","ACR-014":"The site makes unsubstantiated claim that downloaded file is an App to update computer drivers, instead it downloads a file detected by Antivirus Companies as malware. \n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"update your drivers\"","reference":"http://driverfixersoftware.com","landingPage":"http://driverfixersoftware.com/index.html","directDownloadingLink":"http://driverfixersoftware.com/DriverFixer.exe?","ipv4":"","ipv6":"","sourceIndex":"2780"},{"howFound":"","reference":"","landingPage":"http://www.driver-fixer.com/index.html","directDownloadingLink":"http://www.driver-fixer.com/DriverFixer.exe?","ipv4":"","ipv6":"","sourceIndex":"2781"},{"howFound":"","reference":"","landingPage":"https://driverfixerapp.com/index.html","ipv4":"","ipv6":"","sourceIndex":"2782"}],"sampleFiles":[],"imageFiles":["190918/Driver-Fixer-190918/190918/Images/ACR-010/010.png","190918/Driver-Fixer-190918/190918/Images/ACR-010/010_2.png","190918/Driver-Fixer-190918/190918/Images/ACR-010/010_3.png"],"nonDeceptorImageFiles":["190918/Driver-Fixer-190918/190918/Images/ACR-161/161.png"],"guid":"027c3ef5-4946-453d-a657-dd453d78a6f5_190918_1","appID":"Driver-Fixer-190918","dateAdded":"190918","deceptorType":"Download Site","name":"Driver Fixer","company":"Driver-Fixer","version":"190918","sigName":"Deceptor:Affiliate/DriverFixer_Com","lastKnownStatus":"190918","type":"Download Site","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2019-09-18T21:00:55.5694661+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2104},{"violations":{"ACR-007":"The app does not provide explicit notification to the targeted consumer.\n","ACR-084":"The app enables the consumer to prevent the targeted consumer from seeing the app in the All Apps Page.\n","ACR-086":"The app does not inform the targeted consumer how or who it transmits data to.\n","ACR-014":"The app's calls itself \"System Framework\", which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n","ACR-167":"The app does not offer a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Cerberus_disguised.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"54f12b7fb188f296fe6f9b3e034465b0","hashSHA1":"b7e814f32528f419fee3ec6edf3e1b6b3c0af931","hashSHA256":"494ac65f3cc919ca2324ce53123bf24e66780da71c494bac0ee0aca84a4d11d2","sourceIndex":"2783","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://alternativeto.net/software/cerberus-1/","reference":"Hunt.Search","landingPage":"https://www.cerberusapp.com/","directDownloadingLink":"https://www.cerberusapp.com/download/Cerberus_disguised.apk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.cerberusapp.com/download/Cerberus_disguised.apk","sourceIndex":"2783"}],"sampleFiles":["190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Samples/Cerberus_disguised.apk"],"imageFiles":["190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-007/Secret Cerberus Different Name.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-014/Secret Cerberus Different Name.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-084/Secret Cerberus Hide App.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-086/Secret Cerberus Different Name.png"],"nonDeceptorImageFiles":["190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-065/Secret Cerberus Install.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-065/Secret Cerberus Different Name.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-065/Secret Cerberus Landing Page.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-065/Secret Cerberus Internal Offers.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-099/Secret Cerberus Different Name.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-099/Secret Cerberus Landing Page.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-099/Secret Cerberus Internal Offers.png","190917/CerberusPhoneSecurityDisguised-190911/3.6.3/Images/ACR-167/Secret Cerberus Landing Page.png"],"guid":"1bc2c651-2953-4011-9b97-5a1af5b1f8b7_3.6.3_1","appID":"CerberusPhoneSecurityDisguised-190911","dateAdded":"190917","deceptorType":"Android App","name":"Cerberus Phone Security","company":"LSDroid","version":"3.6.3","sigName":"Deceptor:Android/CerebusPhoneSecurityDisguisedStalkerware!007014084086","lastKnownStatus":"Deceptor:363","lastKnownDate":"190917","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","monetization":"up-sell to paid","lastUpdate":"2019-09-18T03:12:24.4516711+00:00","notDistributed":false,"familyName":"phonesec-andapp-droit","numInFamily":2,"numInAppID":1,"sortOrder":2105},{"violations":{"ACR-007":"The app does not provide explicit notifications to the targeted consumer.\n","ACR-084":"The app enables the consumer to hide the app from the All Apps page.\n","ACR-086":"The app does not inform the targeted consumer how or who it transmits their data to.\n","ACR-014":"The app calls itself \"System Framework\", in accessibility settings, which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe Internal Offers Page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"In Accessibility settings, the app calls itself \"System Framework\", but it calls itself \"Cerberus\" everywhere else.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe Internal Offers page does not display links to uninstall information.\n","ACR-167":"The app does not provide a refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Cerberus.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"6d2273bcd6cc0cac4b9fab6ca685fa9d","hashSHA1":"bc0b2db6a44396005e04bd9e4f3763e8b5c76021","hashSHA256":"8dbc12619d968342ec4ebbdfcc58f18e0904ad79d53ebb56445c29b31f9f6c26","sourceIndex":"2784","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"https://alternativeto.net/software/cerberus-1/","reference":"Hunt.Search","landingPage":"https://www.cerberusapp.com/","directDownloadingLink":"https://www.cerberusapp.com/download/Cerberus.apk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.cerberusapp.com/download/Cerberus.apk","sourceIndex":"2784"}],"sampleFiles":["190917/CerberusPhoneSecurity-190911/3.6.3/Samples/Cerberus.apk"],"imageFiles":["190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-007/Cerberus App.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-014/Cerberus Different Name.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-084/Cerberus Hide app.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-086/Cerberus App.png"],"nonDeceptorImageFiles":["190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-065/Cerberus Install.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-065/Cerberus App.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-065/Cerberus Landing Page.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-065/Cerberus Internal Offers.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-002/Cerberus Different Name.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-099/Cerberus App.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-099/Cerberus Landing Page.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-099/Cerberus Internal Offers.png","190917/CerberusPhoneSecurity-190911/3.6.3/Images/ACR-167/Cerberus Landing Page.png"],"guid":"de747de3-5930-4004-91d9-777b05c861d3_3.6.3_1","appID":"CerberusPhoneSecurity-190911","dateAdded":"190917","deceptorType":"Android App","name":"Cerberus Phone Security","company":"LSDroid","version":"3.6.3","sigName":"Deceptor:Android/CerebusPhoneSecurityStalkerware!007014084086","lastKnownStatus":"Deceptor:3.6.3","lastKnownDate":"190917","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-17T22:26:04.3614711+00:00","notDistributed":false,"familyName":"phonesec-andapp-droit","numInFamily":2,"numInAppID":1,"sortOrder":2106},{"violations":{"ACR-007":"The app prompts the consumer to hide all app notifications from the targeted consumer.\n","ACR-084":"The app allows the consumer to hide the app from the All Apps Page, which hides its presence from the targeted consumer.\n","ACR-086":"The app does not inform the targeted consumer how or who it transmits data to.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA or the Privacy Policy.\n","ACR-082":"The app enables the consumer to violate many laws.\n","ACR-099":"The landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"TrackingSmartphone_11.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"56c568aab8ce613fa9069fa610777061","hashSHA1":"bfd6447ef8ab944117dbe2b8f43f3164d3dc12f8","hashSHA256":"9e52b2852de54346f1952fddd2296643ff05749780cd9401afe0b8360112879b","sourceIndex":"2785","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"29 mspy alternatives and Similar software\" 'https://www.topbestalternatives.com/mspy/'","reference":"Hunt.Search","landingPage":"https://trackingsmartphone.com/","directDownloadingLink":"https://download2224.mediafire.com/31vumcef86kg/xshnu29raixadic/TrackingSmartphone_11.apk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download2224.mediafire.com/31vumcef86kg/xshnu29raixadic/TrackingSmartphone_11.apk","sourceIndex":"2785"}],"sampleFiles":["190917/TrackingSmartphone-190909/1.0/Samples/TrackingSmartphone_11.apk"],"imageFiles":["190917/TrackingSmartphone-190909/1.0/Images/ACR-007/TrackingSmartphone Notifications.png","190917/TrackingSmartphone-190909/1.0/Images/ACR-084/TrackingSmartphone Hide Icon.png","190917/TrackingSmartphone-190909/1.0/Images/ACR-084/TrackingSmartphone All Apps Page.png","190917/TrackingSmartphone-190909/1.0/Images/ACR-086/TrackingSmartphone App.png"],"nonDeceptorImageFiles":["190917/TrackingSmartphone-190909/1.0/Images/ACR-065/TrackingSmartphone App.png","190917/TrackingSmartphone-190909/1.0/Images/ACR-082/TrackingSmartphone Disclaimer.png","190917/TrackingSmartphone-190909/1.0/Images/ACR-082/TrackingSmartphone Phone recording.png","190917/TrackingSmartphone-190909/1.0/Images/ACR-099/TrackingSmartphone Landing Page.png"],"guid":"7f7a6588-0f12-4341-859d-fda76f09573c_1.0_1","appID":"TrackingSmartphone-190909","dateAdded":"190917","deceptorType":"Android App","name":"Tracking Smartphone","company":"trackingsmartphone.com","version":"1.0","sigName":"Deceptor:Android/TrackingSmartphoneStalkerware!007084086","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190917","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-17T22:17:25.8577596+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2107},{"violations":{"ACR-007":"The app does not show app notifications to the targeted consumer.\n","ACR-009":"The app attempts to coerce the consumer into allowing admin rights by displaying the unsubstantiated message \"Your boss told you to do this.\"\n","ACR-084":"The app hides its icon from the All Apps Page and hides app notifications.\n","ACR-086":"The app does not inform the targeted consumer what and how it transmits their data.\n","ACR-014":"The install displays an unsubstantiated message, \"Your boss told you to do this,\" which misleads the consumer.\nThe app calls itself \"process service\", misleading the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app calls itself \"process service\" during and after the install, which is different than the name displayed on the landing page.\n","ACR-065":"The install does not display links to the EULA or the Privacy Policy.\nThe app does not display links to the EULA or the Privacy Policy.\n","ACR-002":"The app calls itself \"process service\" during the install, which is different than the name displayed on the landing page.\nThe app calls itself \"process service\" after the install, which is different than the name displayed on the landing page.\n","ACR-082":"The app enables the consumer to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"a.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"245c8529c8a85a48f7a44189ae5c29ab","hashSHA1":"919a3226e3e28b1488c9a179d7a3c10b03420a45","hashSHA256":"cf12b594f12d9146b488da9083a9f2937aaff6e74a89c269727a73907d2e8ac1","sourceIndex":"2786","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"mobispy\"","reference":"Hunt.Search","landingPage":"https://mobispy.net/","directDownloadingLink":"https://mobispy.app/?","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mobispy.app/?","sourceIndex":"2786"}],"sampleFiles":["190917/MobiSpy-190906/1.0/Samples/a.apk"],"imageFiles":["190917/MobiSpy-190906/1.0/Images/ACR-007/Mobispy Different Name.png","190917/MobiSpy-190906/1.0/Images/ACR-009/Mobispy Device Admin App.png","190917/MobiSpy-190906/1.0/Images/ACR-014/Mobispy Device Admin App.png","190917/MobiSpy-190906/1.0/Images/ACR-014/Mobispy Device Admin App.png","190917/MobiSpy-190906/1.0/Images/ACR-084/Mobispy All Apps Page.png","190917/MobiSpy-190906/1.0/Images/ACR-084/Mobispy Different Name.png","190917/MobiSpy-190906/1.0/Images/ACR-086/Mobispy Different Name.png"],"nonDeceptorImageFiles":["190917/MobiSpy-190906/1.0/Images/ACR-038/Mobispy Install.png","190917/MobiSpy-190906/1.0/Images/ACR-038/Mobispy Different Name.png","190917/MobiSpy-190906/1.0/Images/ACR-065/Mobispy Install.png","190917/MobiSpy-190906/1.0/Images/ACR-065/Mobispy Different Name.png","190917/MobiSpy-190906/1.0/Images/ACR-002/Mobispy Install.png","190917/MobiSpy-190906/1.0/Images/ACR-002/Mobispy Different Name.png","190917/MobiSpy-190906/1.0/Images/ACR-082/Mobispy Disclaimer.png","190917/MobiSpy-190906/1.0/Images/ACR-099/Mobispy Different Name.png","190917/MobiSpy-190906/1.0/Images/ACR-099/Mobispy Landing Page.png"],"guid":"3821d4d4-349c-40ff-9900-7740b8d3f9b9_1.0_1","appID":"MobiSpy-190906","dateAdded":"190917","deceptorType":"Android App","name":"MobiSpy","company":"mobispy.net","version":"1.0","sigName":"Deceptor:Android/MobiSpyStalkerware!007009084086097","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190917","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-17T22:14:31.5111724+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2108},{"violations":{"ACR-048":"The app hides from the All Apps Page.\n","ACR-007":"The app gives the consumer the ability to hide all app notifications from the targeted consumer.\n","ACR-084":"The app hides itself from the \"All Apps Page\".\n","ACR-086":"The app does not inform the targeted consumer how or who it transmits data to.\n","ACR-097":"The app prompts the consumer to disable Play Protect and prompts the user to whitelist the app from many Antivirus products.\n","ACR-014":"The app names itself \"Internet Service\" which misleads the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app names itself \"Internet Service\", which does not match the app name displayed on the Landing Page.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The app names itself \"Internet Service\", which does not match the app name displayed on the Landing Page.\nThe app names itself \"Internet Service\", which does not match the app name displayed on the Landing Page.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the consumer to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to the uninstall information.\n","ACR-121":"The app offers the consumer the ability to prevent the targeted consumer from being able to uninstall or disable the app.\n"},"samples":[{"isRevoked":"False","fileName":"iKeyMonitor-Android.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"6bc6ee1e3779c933122ec96b24466ff1","hashSHA1":"7b8755851d264ecf540f84367376edd0cc2d5693","hashSHA256":"06011ea8678d1f6c8b0ec1fb113729c8bd0122d5c953dcdbcbd995ee83029019","sourceIndex":"2788","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"\"12 Best iKeyMonitor Alternatives\" 'https://alternative.me/ikeymonitor'","reference":"Hunt.Search","landingPage":"https://ikeymonitor.com/","directDownloadingLink":"https://emcpanel.com/index.php?m=device&a=down_android&id=2","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://emcpanel.com/index.php?m=device&a=down_android&id=2","sourceIndex":"2788"}],"sampleFiles":["190917/iKeyMonitor-190904/1.0/Samples/iKeyMonitor-Android.apk"],"imageFiles":["190917/iKeyMonitor-190904/1.0/Images/ACR-048/iKeyMonitor All Apps Page.png","190917/iKeyMonitor-190904/1.0/Images/ACR-007/iKeyMonitor Hide Notifications.png","190917/iKeyMonitor-190904/1.0/Images/ACR-014/iKeyMonitor Cant be uninstalled.png","190917/iKeyMonitor-190904/1.0/Images/ACR-084/iKeyMonitor All Apps Page.png","190917/iKeyMonitor-190904/1.0/Images/ACR-086/iKeyMonitor Cant be uninstalled.png","190917/iKeyMonitor-190904/1.0/Images/ACR-097/iKeyMonitor Disable play protect.png","190917/iKeyMonitor-190904/1.0/Images/ACR-097/iKeyMonitor Whitelist thing.png"],"nonDeceptorImageFiles":["190917/iKeyMonitor-190904/1.0/Images/ACR-038/iKeyMonitor Different Name.png","190917/iKeyMonitor-190904/1.0/Images/ACR-065/iKeyMonitor Different Name.png","190917/iKeyMonitor-190904/1.0/Images/ACR-065/iKeyMonitor Cant be uninstalled.png","190917/iKeyMonitor-190904/1.0/Images/ACR-002/iKeyMonitor Different Name.png","190917/iKeyMonitor-190904/1.0/Images/ACR-002/iKeyMonitor Cant be uninstalled.png","190917/iKeyMonitor-190904/1.0/Images/ACR-161/iKeyMonitor Testimonials.png","190917/iKeyMonitor-190904/1.0/Images/ACR-082/iKeyMonitor Breaking Laws.png","190917/iKeyMonitor-190904/1.0/Images/ACR-099/iKeyMonitor Cant be uninstalled.png","190917/iKeyMonitor-190904/1.0/Images/ACR-099/iKeyMonitor Bottom of Landing Page.png","190917/iKeyMonitor-190904/1.0/Images/ACR-099/iKeyMonitor Bottom Internal Offers.png","190917/iKeyMonitor-190904/1.0/Images/ACR-121/iKeyMonitor Reboot for no uninstall.png","190917/iKeyMonitor-190904/1.0/Images/ACR-121/iKeyMonitor Root Access.png","190917/iKeyMonitor-190904/1.0/Images/ACR-121/iKeyMonitor Cant be uninstalled.png"],"guid":"e1514d8e-68b1-4618-b8a4-52b73f6600c4_1.0_1","appID":"iKeyMonitor-190904","dateAdded":"190917","deceptorType":"Android App","name":"iKeyMonitor","company":"iKeyMonitor","version":"1.0","sigName":"Deceptor:Android/iKeyMonitorStalkerware!007014048084086097","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190917","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-17T22:07:28.1233265+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2110},{"violations":{"ACR-007":"The app gives the consumer the ability to hide all app notifications from the targeted consumer.\n","ACR-084":"The app hides its icon from the All Apps page.\n","ACR-086":"The app does not inform the targeted consumer how or who it transmits their data to.\n","ACR-097":"The app prompts the consumer to disable Play Protect during the install.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe Internal Offers Page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the consumer to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe Internal Offers Page does not display links to uninstall information.\n","ACR-121":"The app gives the consumer the ability to prevent the targeted consumer from being able to uninstall the app.\n","ACR-167":"The app does not offer a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"easyphonetrack4.0.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"80310c6dd942db2b79339fcd6880f274","hashSHA1":"b4c472fd8d16bd74ee73e6b55baa2bd918912012","hashSHA256":"c174af86a5cd60e1b6869c596eca0e7e41056736c6834b73799983ce5da3dd15","sourceIndex":"2787","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Alternative.me \"Easy Phone Track Alternatives\" 'https://alternative.me/easy-phone-track'","reference":"Hunt.Search","landingPage":"https://easyphonetrack.com/","directDownloadingLink":"http://www.cad-design.ro/easyphonetrack4.0.apk","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.cad-design.ro/easyphonetrack4.0.apk","sourceIndex":"2787"}],"sampleFiles":["190917/EasyPhoneTrack-190906/4.0/Samples/easyphonetrack4.0.apk"],"imageFiles":["190917/EasyPhoneTrack-190906/4.0/Images/ACR-007/Easy Phone Track No Notifications.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-084/Easy Phone Track All Apps.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-086/Easy Phone Track app info.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-097/Easy Phone Track Disable Play Protect.png"],"nonDeceptorImageFiles":["190917/EasyPhoneTrack-190906/4.0/Images/ACR-065/Easy Phone Track Install.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-065/Easy Phone Track app info.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-065/Easy Phone Track Landing Page.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-065/Easy Phone Track Internal Offers.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-161/Easy Phone Track Testimonial.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-082/Easy Phone Track Illegal Maybe.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-099/Easy Phone Track app info.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-099/Easy Phone Track Landing Page.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-099/Easy Phone Track Internal Offers.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-121/Easy Phone Track Not uninstallable.png","190917/EasyPhoneTrack-190906/4.0/Images/ACR-167/Easy Phone Track refund.png"],"guid":"6b3566b4-9724-4a55-a855-70dd3986bed5_4.0_1","appID":"EasyPhoneTrack-190906","dateAdded":"190917","deceptorType":"Android App","name":"Easy Phone Track","company":"MONAPP CALABS LIMITED 2015","version":"4.0","sigName":"Deceptor:Android/EasyPhoneTrackStalkerware!007084086097","lastKnownStatus":"Deceptor:4.0","lastKnownDate":"190917","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-17T22:09:36.1841404+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2111},{"violations":{"ACR-004":"The app provides free scan results, but does not provide a fully functional free trial with free fixes. \n"},"nonDeceptorViolations":{"ACR-065":"The app's install page does not provide links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app's About page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the EULA and Returns and Cancellation Policy.\nThe Internal Offers page does not display links to the EULA.\n","ACR-099":"The app's About page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"cleardisk.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"741c68f3b025893f1e5054b725b3c412","hashSHA1":"6f75d6d1862bb82f45fe92ed825f7393027e6a4a","hashSHA256":"b6e44589a65ee142bd98fabdbc9c0fb5ee4317cb73001bb1d1985dd98bd50644","sourceIndex":"2578","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://nektony.com/clear-disk/","directDownloadingLink":"https://nektony.com/clear-disk/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://nektony.com/clear-disk/download/","sourceIndex":"2578"}],"sampleFiles":["190917/ClearDisk-190522/2.10.1/Samples/cleardisk.dmg"],"imageFiles":["190917/ClearDisk-190522/2.10.1/Images/ACR-004/ClearDisk ACR-004.gif"],"nonDeceptorImageFiles":["190917/ClearDisk-190522/2.10.1/Images/ACR-065/ClearDisk Install Page.png","190917/ClearDisk-190522/2.10.1/Images/ACR-065/ClearDisk About Page.png","190917/ClearDisk-190522/2.10.1/Images/ACR-065/ClearDisk Bottom of Landing Page.png","190917/ClearDisk-190522/2.10.1/Images/ACR-065/ClearDisk Internal Offers Page.png","190917/ClearDisk-190522/2.10.1/Images/ACR-099/ClearDisk About Page.png","190917/ClearDisk-190522/2.10.1/Images/ACR-099/ClearDisk Internal Offers Page.png"],"guid":"0c1d465b-deb2-41a3-88bf-bf8824d58b35_2.10.1_1","appID":"ClearDisk-190522","dateAdded":"190917","deceptorType":"MacOS App","name":"ClearDisk","company":"Nektony","version":"2.10.1","firstVendorContactDate":"200116","firstAppEsteemReplyDate":"200118","firstResolvedDate":"200118","firstResolvedVersion":"2.12.33","resolved":"TRUE","lastKnownStatus":"Deceptor:2.10;2.10.1","lastKnownDate":"190917","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2020-01-18T21:52:52.4648532+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2112},{"violations":{"ACR-004":"The app does not provide free fixes for free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The installer does not provide links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the \nThe Internal Offers page does not display links to the EULA.\n","ACR-099":"The app does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"ClearDisk","fileVersion":"0.","hashMD5":"91b2c687a2a9bc3fa779f8cf43239631","hashSHA1":"adf86790ca964ebdbb4d75ead1841fb048567754","hashSHA256":"1b922c100138b9c79b416b756756716a4dd4b86cc5b1d4511d1fe282c2d16c1a","sourceIndex":"2579","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cleardisk.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"a3500470c3e8aa11fc9b523e1d48bdf8","hashSHA1":"b0508d68fd809079a90634849af50641d56752f9","hashSHA256":"ea300af7ead58bb07710acbb723d571e8d49d7036c60b6364bf89166f661e3a3","sourceIndex":"2579","avBlockList":["Avast Security for Mac (20200116)","Avira Security for Mac (20200116)","Bitdefender Antivirus for Mac (20200116)","ESET Cyber Security Pro for Mac (20200116)","G DATA AntiVirus for Mac (20200116)","McAfee Internet Security for Mac (20200116)","Sophos Home Premium For Mac (20200116)"],"avAllowList":["K7 Antivirus for Mac (20200116)","Kaspersky Internet Security for Mac (20200116)","Norton Security for Mac (20200116)","Trend Micro Antivirus for Mac (20200116)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"Hunt.Search","landingPage":"https://nektony.com/clear-disk/","directDownloadingLink":"https://nektony.com/clear-disk/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"2579"}],"sampleFiles":["190917/ClearDisk-190522/2.10/Samples/ClearDisk","190917/ClearDisk-190522/2.10/Samples/cleardisk.dmg"],"imageFiles":["190917/ClearDisk-190522/2.10/Images/ACR-004/ClearDisk ACR004.gif"],"nonDeceptorImageFiles":["190917/ClearDisk-190522/2.10/Images/ACR-065/ClearDisk Install.png","190917/ClearDisk-190522/2.10/Images/ACR-065/ClearDisk About Page.png","190917/ClearDisk-190522/2.10/Images/ACR-065/ClearDisk Bottom of Landing Page.png","190917/ClearDisk-190522/2.10/Images/ACR-065/ClearDisk Internal Offers.png","190917/ClearDisk-190522/2.10/Images/ACR-099/ClearDisk About Page.png","190917/ClearDisk-190522/2.10/Images/ACR-099/ClearDisk Internal Offers.png"],"guid":"0c1d465b-deb2-41a3-88bf-bf8824d58b35_2.10_1","appID":"ClearDisk-190522","dateAdded":"190917","deceptorType":"MacOS App","name":"ClearDisk","company":"Nektony","version":"2.10","sigName":"Deceptor:MacOS/ClearDisk!004","firstVendorContactDate":"200116","firstAppEsteemReplyDate":"200118","firstResolvedDate":"200118","firstResolvedVersion":"2.12.33","resolved":"TRUE","lastKnownStatus":"Deceptor:2.10;2.10.1","lastKnownDate":"190917","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2020-01-18T21:52:28.0278338+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2113},{"violations":{"ACR-003":"App exaggerates its system health claims and uses word \"Attention - These issues require attention\" that indicates misleading urgency.\n","ACR-004":"App upsells to a subscription service, but does not provide free fixes for the free scan results shown.\n"},"nonDeceptorViolations":{"ACR-171":"The consumer is required to opt-out of additional payment for MaxSecure Antivirus for Mac which was not pre-disclosed.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"MacEnizer.pkg","isInstaller":"True","companyName":"AAVSTRA SOFTWARE PRIVATE LIMITED","productName":"MacEnizer","productVersion":"1.0.3","fileVersion":"1.0.3","hashMD5":"17eeefc562f716e85792effde1486cf4","hashSHA1":"62ba77ff701e505c80df570c3f9c59f7f119a4c4","hashSHA256":"e8018cc508d9157ba79e3e5b8053e1f48108a6732e78ff11b17f5e632967b52d","digitalCertThumbprint":"C0 B4 46 12 A4 41 EB 10 8C D7 A4 C5 FB 95 33 4E 9E 03 C0 C5","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"AAVSTRA SOFTWARE PRIVATE LIMITED (55N38U23GM)","sourceIndex":"2604","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MacEnizer","productName":"MacEnizer","productVersion":"1.0.3","fileVersion":"1.0.3","hashMD5":"2a42ef16ced4347502d7aaee27fcedbb","hashSHA1":"0b9de1a92979f58580a9aafb9fd525cacc0a7810","hashSHA256":"f1db303f92daa359bc39909bdfc141f3e45bad35ec80d7182a844855ff86f942","sourceIndex":"2604","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Optimize your Mac Now\"","reference":"https://macenizer.com/Default.aspx","landingPage":"https://macenizer.com","directDownloadingLink":"https://cdn.macenizer.com/menz/builds/site/MacEnizer.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.macenizer.com/menz/builds/site/MacEnizer.pkg","sourceIndex":"2604"},{"howFound":"","reference":"MacEnator","landingPage":"http://www.macenator.com/Default.aspx","ipv4":"","ipv6":"","sourceIndex":"2605"},{"howFound":"","reference":"MacEntizer","landingPage":"http://www.testlaunch.xyz/Default.aspx","ipv4":"","ipv6":"","sourceIndex":"2606"}],"sampleFiles":["190917/MacEnizer-190916/1.0.3/Samples/MacEnizer.pkg","190917/MacEnizer-190916/1.0.3/Samples/MacEnizer"],"imageFiles":["190917/MacEnizer-190916/1.0.3/Images/ACR-004/scan.png","190917/MacEnizer-190916/1.0.3/Images/ACR-004/004.png","190917/MacEnizer-190916/1.0.3/Images/ACR-004/004_2.png","190917/MacEnizer-190916/1.0.3/Images/ACR-003/scan.png","190917/MacEnizer-190916/1.0.3/Images/ACR-003/003.png"],"nonDeceptorImageFiles":["190917/MacEnizer-190916/1.0.3/Images/ACR-171/171.png","190917/MacEnizer-190916/1.0.3/Images/ACR-168/168.png"],"guid":"c6fcc4a9-4d13-4e82-9b64-73d9ab9a2436_1.0.3_1","appID":"MacEnizer-190916","dateAdded":"190917","deceptorType":"MacOS App","name":"MacEnizer","company":"AAVSTRA SOFTWARE PRIVATE LIMITED","version":"1.0.3","sigName":"Deceptor:MacOS/MacEnizer!004003","firstVendorContactDate":"191007","firstAppEsteemReplyDate":"191007","firstResolvedDate":"191114","firstResolvedVersion":"1.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.3","lastKnownDate":"190917","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-11-14T20:07:28.6032693+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2109},{"violations":{"ACR-004":"App requires payment to fix the items that can't be fixed permanently (junk files).  System Utilities must take great care to avoid any sense of coercing the consumer to take action when they provide free scans. The free trial or free fix should be provided for the issues identified during free scan. \n\n","ACR-084":"The app runs silently in the background, hiding the fact that it is active from the consumer though it is uninstalled\n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its components on the device without the consumer's consent\n"},"nonDeceptorViolations":{"ACR-045":"\"Free download\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word\n","ACR-065":"The app needs to disclose EULA/Terms of Service and Privacy Policy in the app's about page\n","ACR-099":"The needs to disclose uninstall information in the app's about page\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"cleanmymac.com","directDownloadingLink":"https://macpaw.com/download/cleanmymac#_ga=2.87117403.2141817389.1554167358-69013889.1554167358","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://macpaw.com/download/cleanmymac#_ga=2.87117403.2141817389.1554167358-69013889.1554167358","sourceIndex":"2533"}],"sampleFiles":[],"imageFiles":["190914/CleanMyMacX-190401/4.4.7/Images/ACR-004/ACR-004_Software_Does_Not_Provide_Free_Fix.JPG","190914/CleanMyMacX-190401/4.4.7/Images/ACR-004/ACR-004_Software_Does_Not_Provide_Free_Fix2.JPG","190914/CleanMyMacX-190401/4.4.7/Images/ACR-084/ACR-084_Software_Runs_Silently_In_The_Background_Though_It_Is_Uninstalled.JPG","190914/CleanMyMacX-190401/4.4.7/Images/ACR-118/ACR-118_Uninstall_Retains_Executables.JPG"],"nonDeceptorImageFiles":["190914/CleanMyMacX-190401/4.4.7/Images/ACR-065/ACR-065_Software_EULA&PrivacyPolicy_Is_MIssing.JPG","190914/CleanMyMacX-190401/4.4.7/Images/ACR-099/ACR-099_Software_Uninstall_Info_Is_Missing.JPG"],"guid":"84f4cd02-493f-4cd6-b254-cee9e337f4e6_4.4.7_1","appID":"CleanMyMacX-190401","dateAdded":"190914","deceptorType":"MacOS App","name":"Clean My Mac X","company":"MacPaw","version":"4.4.7","sigName":"Deceptor:MacOS/CleanMyMacX!004084118","firstResolvedVersion":"4.5.2.3","resolved":"TRUE","lastKnownStatus":"Deceptor: 4.4.7","lastKnownDate":"190914","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2020-02-25T00:23:49.8050482+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2114},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"aupcsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Auto -PC- Care                                              ","productVersion":"3.0.0.24                                          ","fileVersion":"3.0.0.24            ","hashMD5":"068298d8629d3f2fbd5b41195577f306","hashSHA1":"c2de26fca2d89419549505b0dbf6d29d96bc3ab7","hashSHA256":"81829f4aa6f4edb446d01d0eb672aa3e46bc9d808e3dff600f1862876d234bf4","digitalCertThumbprint":"4588EF25D1E63525A169EA3E136AB305A3862AB0","sourceIndex":"2791","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","Bitdefender Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Norton Security (20190701)","Panda Dome (20190701)","Quick Heal Internet Security (20190701)","Sophos Home Premium (20190701)","Trend Micro Internet Security (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)"],"avAllowList":["F-PROT Antivirus for Windows (20190418)","G DATA INTERNET SECURITY (20190701)","SpyHunter5 (20190418)","Tencent PC Manager (20190701)","VIPRE Advanced Security (20190701)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Auto -PC- Care for DESKTOP-8QAR3KI\\iytr.exe","productName":"Speedup Tool","productVersion":"3.0.0.24","fileVersion":"3.0.0.24","hashMD5":"6a7d598b2a7b7a12a9906fa978d4a261","hashSHA1":"82f32651989aa117bfbb6639009269d0d3a5b0d6","hashSHA256":"fb94f569adea4d4df33d8f91a0d9a99a6b4236c2feb355fa0aa2beae6d2ddc75","digitalCertThumbprint":"4588EF25D1E63525A169EA3E136AB305A3862AB0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC SPEEDUP T00IS INC, OU=PC SPEEDUP T00IS INC, O=PC SPEEDUP T00IS INC, POBox=302013, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"2791","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aupcsetup (3.0.1.91).exe","isInstaller":"True","productVersion":"3.0.1.91","fileVersion":"3.0.1.91","hashMD5":"414fc9ccc1bbb2d20a4a30073a77712e","hashSHA1":"e8c6938ab205b2428f1e31e0479d9d4fd9321b25","hashSHA256":"81aa550ed8b597a54247c8103d3654dcc7f7ad39d2e4d2fb2ef5e08421f9e61d","digitalCertThumbprint":"73B2F14D250002792B436CFA05F632DBD036E1A9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB-INFOLINE-PRIVATE-LIMITED, O=CONNECT-AB-INFOLINE-PRIVATE-LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2792","avBlockList":["Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":["360 Total Security (20190902)"]},{"isRevoked":"False","fileName":"aupcsetup (3.0.1.91) 2.exe","isInstaller":"True","productVersion":"3.0.1.91","fileVersion":"3.0.1.91","hashMD5":"f2468300b71bb08f286ee19d3528dfba","hashSHA1":"939f5d1ceaac08b5a7b2b7dbde3d692e8db6a59a","hashSHA256":"89fa45977280c72b3943fb23d19d633fa9181b00128717c99e0c630713682a4e","digitalCertThumbprint":"73B2F14D250002792B436CFA05F632DBD036E1A9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB-INFOLINE-PRIVATE-LIMITED, O=CONNECT-AB-INFOLINE-PRIVATE-LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2793","avBlockList":["Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":["360 Total Security (20190902)"]},{"isRevoked":"False","fileName":"aupcsetup (3.0.0.24).exe","isInstaller":"True","productVersion":"3.0.0.24","fileVersion":"3.0.0.24","hashMD5":"44c61e75f6408909b37cb00388f832bd","hashSHA1":"61d09251677aff5033cb2a99f8b93dbae8c010d8","hashSHA256":"58281612372173675a3a64ca29921f49e33b09a94cec883c77a09740e7685b54","digitalCertThumbprint":"B9F271241AC49A787A3D1274DA696BFE0E79E728","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Fixers Tools, OU=PC Fixers Tools, O=PC Fixers Tools, POBox=302019, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"2795","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aupcsetup (3.0.0.24) 2.exe","isInstaller":"True","productVersion":"3.0.0.24","fileVersion":"3.0.0.24","hashMD5":"8bc062dae4fea99e906f9df2dcf695b0","hashSHA1":"18280f4508e300bfd092e85048811777b394ac35","hashSHA256":"9fd2dfae0c65fc1bc554ce784d1afde609416de75050ee5a9152439e49b433f5","digitalCertThumbprint":"B9F271241AC49A787A3D1274DA696BFE0E79E728","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Fixers Tools, OU=PC Fixers Tools, O=PC Fixers Tools, POBox=302019, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"2796","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]},{"isRevoked":"False","fileName":"aupcsetup (3.0.0.24) 3.exe","isInstaller":"True","productVersion":"3.0.0.24","fileVersion":"3.0.0.24","hashMD5":"889e901f95d48abf5c308d3c9e89ab6b","hashSHA1":"05b14aaf24a41677ac51e40642a854a8db8578c1","hashSHA256":"5b28ec87a5f74286f03766799251df6cd8373c91aa5b6a847f90cd7e1d0d7831","digitalCertThumbprint":"4588EF25D1E63525A169EA3E136AB305A3862AB0","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC SPEEDUP T00IS INC, OU=PC SPEEDUP T00IS INC, O=PC SPEEDUP T00IS INC, POBox=302013, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"2797","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"most liked and preferred PC protection utility\"","reference":"http://www.autocleanutils.com/","landingPage":"http://www.autocleanutils.com/","directDownloadingLink":"http://dl.autocleanutils.com/aupc/securerc/d2/aupcsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.autocleanutils.com/aupc/securerc/d2/aupcsetup.exe","sourceIndex":"2791"},{"howFound":"","reference":"","landingPage":"http://ussystemutils.live/","directDownloadingLink":"http://dl.ussystemutils.live/aupc/securerc/adch/ussystemutils_live/aupcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2792"},{"howFound":"","reference":"","landingPage":"http://usquickpctools.live/","directDownloadingLink":"http://dl.usquickpctools.live/aupc/securerc/adch/usquickpctools_live/aupcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2793"},{"howFound":"","reference":"","landingPage":"http://ussystemtools.club/","directDownloadingLink":"http://dl.ussystemtools.club/aupc/securerc/adch/ussystemtools_club/aupcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2794"},{"howFound":"","reference":"","landingPage":"http://www.autocleanutils.net/","directDownloadingLink":"http://dl.autocleanutils.net/aupc/securerc/d10/aupcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2795"},{"howFound":"","reference":"","landingPage":"http://www.autocleanutils.org/","directDownloadingLink":"http://dl.autocleanutils.org/aupc/securerc/d8/aupcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2796"},{"howFound":"","reference":"","landingPage":"http://www.autocleanutils.info/","directDownloadingLink":"http://dl.autocleanutils.info/aupc/securerc/d6/aupcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2797"}],"sampleFiles":["190911/AutoPCCare-190402/3.0.0.24/Samples/aupcsetup.exe","190911/AutoPCCare-190402/3.0.0.24/Samples/iytr.exe","190911/AutoPCCare-190402/3.0.0.24/Samples/aupcsetup (3.0.1.91).exe","190911/AutoPCCare-190402/3.0.0.24/Samples/aupcsetup (3.0.1.91) 2.exe","190911/AutoPCCare-190402/3.0.0.24/Samples/aupcsetup (3.0.0.24).exe","190911/AutoPCCare-190402/3.0.0.24/Samples/aupcsetup (3.0.0.24) 2.exe","190911/AutoPCCare-190402/3.0.0.24/Samples/aupcsetup (3.0.0.24) 3.exe"],"imageFiles":["190911/AutoPCCare-190402/3.0.0.24/Images/ACR-042/010.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-048/048.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-003/scan.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-003/main.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-003/048.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-004/scan.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-004/150_171.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-010/010.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-084/084.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-097/startup.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-168/scan.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-168/168.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-057/010.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-055/010.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-059/010.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190911/AutoPCCare-190402/3.0.0.24/Images/ACR-161/161.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-099/099.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-150/150_171.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-171/150_171.png","190911/AutoPCCare-190402/3.0.0.24/Images/ACR-171/171.png"],"guid":"afab20c8-2ca8-434d-b157-b63691874772_3.0.0.24_1","appID":"AutoPCCare-190402","dateAdded":"190911","deceptorType":"App","name":"Auto PC Care","company":"PC SPEEDUP T00IS INC","version":"3.0.0.24","sigName":"Deceptor:Win32/AutoPCCare!003004010042048055057059084097155168","lastKnownStatus":"Deceptor:3.0.0.24","lastKnownDate":"190911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-09-11T19:49:31.8997518+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2041},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"CONNECT-AB INFOLINE PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"spscsetup.exe","isInstaller":"True","productName":"Speedy~SystemCare","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c48e1682829cc5089666d6784a83386c","hashSHA1":"3029b8545b35b19ce5fd05cc989f74c41d42922a","hashSHA256":"e6375edf7808fc7f3b76c84a3dd745fe7aebf2f479067045c239c53647293796","digitalCertThumbprint":"854D035E4E4B594B06BBC2463F52BCB82269C7EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB INFOLINE PRIVATE LIMITED, OU=CONNECT-AB INFOLINE PRIVATE LIMITED, O=CONNECT-AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2798","avBlockList":["Avast Internet Security (20191209)","AVG Internet Security (20191209)","Avira Internet Security (20191209)","Bitdefender Internet Security (20191209)","ESET Internet Security (20191209)","G DATA INTERNET SECURITY (20191209)","K7 Total Security (20191209)","Kaspersky Internet Security (20191209)","Malwarebytes Premium (20191209)","McAfee Total Protection (20191209)","Norton Security (20191209)","Panda Dome (20191209)","Sophos Home Premium (20191209)","Trend Micro Internet Security (20191209)","VirIT eXplorer PRO (20191209)","Webroot SecureAnywhere (20191209)","Windows Defender (20191209)","360 Total Security (20191209)","COMODO Antivirus (20191209)","Dr.Web Security Space (20191209)","Quick Heal Internet Security (20191209)","Tencent PC Manager (20191209)","VIPRE Advanced Security (20191209)"],"avAllowList":[]},{"isRevoked":"False","fileName":"iytr.exe","companyName":"n/a","productName":"PC Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"fcf4da30cc974d71f7d3cc023cec728e","hashSHA1":"22f299bffb0908d45e3a94be958aed52ea687714","hashSHA256":"c2f7916cc47ec3e31e4b2a5efe316c9ba65228b96b4946ef5a137b6eb054c426","digitalCertThumbprint":"854D035E4E4B594B06BBC2463F52BCB82269C7EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB INFOLINE PRIVATE LIMITED, OU=CONNECT-AB INFOLINE PRIVATE LIMITED, O=CONNECT-AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2798","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spscsetup.exe","isInstaller":"True","productName":"Speedy~System~Care","productVersion":"3.0.0.41","fileVersion":"3.0.0.41","hashMD5":"1114a10f7a7e9510b5b9d5d24bc17a94","hashSHA1":"d5a75ac14c5c47ca54795dc31244da47eabf8247","hashSHA256":"d951f6a1ea4b773fa026d6ab86de0519747d0757e14618dcb423058907b52174","digitalCertThumbprint":"35628F0FF7030E467E492FC00CD7F7943DB18E37","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB REACH TECHNOLOGIES PRIVATE LIMITED, O=AB REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2799","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Trend Micro Internet Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["Bitdefender Internet Security (20190815)","Tencent PC Manager (20190815)","VIPRE Advanced Security (20190815)"]},{"isRevoked":"False","fileName":"spscsetup (3.0.0.26).exe","isInstaller":"True","productVersion":"3.0.0.26","fileVersion":"3.0.0.26","hashMD5":"47b621006f27671c57bd54383f62e835","hashSHA1":"7d7bc3e893f08a8b6d156c83467ffeab51535f6f","hashSHA256":"3770c15b7deaf5fd5664d7d6998f9ce0ab9f190bef3004eedd7e2ed4521b421f","digitalCertThumbprint":"2D76635B344EF05E791605316E2D0DBFE1A0B29D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=STELLAR PC SOLUTlONS, OU=STELLAR PC SOLUTlONS, O=STELLAR PC SOLUTlONS, POBox=303802, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2800","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: speed up pc 2018) https://malwarefixes.com/remove-speedy-system-care/#more-33905","landingPage":"http://www.winsyscareutils.org/","directDownloadingLink":"http://dl.winsyscareutils.org/spsc/securerc/b6/spscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.winsyscareutils.org/spsc/securerc/b6/spscsetup.exe","sourceIndex":"2798"},{"howFound":"","reference":"","landingPage":"http://onesystools.org/","directDownloadingLink":"http://dl.onesystools.org/spsc/securerc/c2/spscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2799"},{"howFound":"","reference":"","landingPage":"http://onesystools.net/","directDownloadingLink":"http://dl.onesystools.net/spsc/securerc/c4/spscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2800"}],"sampleFiles":["190911/SpeedySystemCare-180925/1.0.0.0/Samples/spscsetup.exe","190911/SpeedySystemCare-180925/1.0.0.0/Samples/iytr.exe","190911/SpeedySystemCare-180925/1.0.0.0/Samples/spscsetup (3.0.0.41).exe","190911/SpeedySystemCare-180925/1.0.0.0/Samples/spscsetup (3.0.0.26).exe"],"imageFiles":["190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-014/ACR_014_SOFTWARE.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","190911/SpeedySystemCare-180925/1.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG"],"guid":"2fa6aa84-6e6f-4def-961b-7b5a463dd925_1.0.0.0_1","appID":"SpeedySystemCare-180925","dateAdded":"190911","deceptorType":"App","name":"Speedy SystemCare","company":"CONNECT-AB INFOLINE PRIVATE LIMITED","version":"1.0.0.0","sigName":"Deceptor:Win32/SpeedySystemCare!003014010050059","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190911","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2019-09-11T18:44:44.083982+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2040},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"McDonald.exe\".\n","ACR-003":"The application exaggerates the number of registry keys and temporary files during free scan but cannot provide a fully functional free trial, it creates program error thus will stop the App from running.\n","ACR-010":"The app installs a malware file name \"McDonald.exe\" which is installed in the hidden folder \"%Temp%\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-118":"App retains the dropped file \"McDonald.exe\" in %temp% folder after uninstall, and still running in the memory.\n","ACR-014":"The app shows unsubstantiated claim that it will fix problems during free scan, but it creates program error thus will stop the App from running.\nThe App makes unsubstantiated claim that app will clean registries and optimize computer, instead it install a malware file in the system. \n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \n","ACR-002":"The app name is not consistent across App interaction. It shows different names as \"Winfix Cleaner\" and \"Pure System Booster\".\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\WinFix Cleaner\\WinFix_Cleaner.exe","companyName":"WinFix Cleaner","productName":"WinFix Cleaner","productVersion":"0.3","fileVersion":"2.0","hashMD5":"fb60166dc9ef786ea1c73f221c44939d","hashSHA1":"cf5cbdcf28d3e14896aea1505b02e23b7f410576","hashSHA256":"6f0866b9e133800600bc930f629143798e98ebd76f68c46df30952492d442628","digitalCertThumbprint":"2768AE1557100E085E8186A6F6A4429A91B53A92","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SUNNY ASSOCIATE LIMITED, O=SUNNY ASSOCIATE LIMITED, L=WEMBLEY, C=GB","sourceIndex":"2381","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinFixCleaner Setup 2.0.msi","isInstaller":"True","companyName":"WinFix Cleaner","productName":"WinFix Cleaner","productVersion":"2.0","fileVersion":"2.0","hashMD5":"01f0377d2f58b4464e788a9c88c359f8","hashSHA1":"12be702aedb0f242922dc2ead5aa5616a5e4d610","hashSHA256":"d97db23d60a0f92bc07005b13e7d172cf27d6333d41c2be582473e5187f6ea29","digitalCertThumbprint":"2768AE1557100E085E8186A6F6A4429A91B53A92","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SUNNY ASSOCIATE LIMITED, O=SUNNY ASSOCIATE LIMITED, L=WEMBLEY, C=GB","sourceIndex":"2381","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)","McAfee Total Protection (20191204)"],"avAllowList":["Dr.Web Security Space (20191204)"]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Local\\Temp\\McDonald.exe","hashMD5":"f9f44eecec46c89f3acc92f0e08cd6ec","hashSHA1":"a77e02c362ef0021156493fe6f359c2bcec123fe","hashSHA256":"acb1456a171db02dce8e5f7fe1722041cd572fc20c38df402a8341e3433e705d","sourceIndex":"2381","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinFixCleaner Comm Trial Setup 2.0.msi","isInstaller":"True","companyName":"WinFix Cleaner","productName":"WinFix Cleaner","productVersion":"2.0","fileVersion":"2.0","hashMD5":"01f0377d2f58b4464e788a9c88c359f8","hashSHA1":"12be702aedb0f242922dc2ead5aa5616a5e4d610","hashSHA256":"d97db23d60a0f92bc07005b13e7d172cf27d6333d41c2be582473e5187f6ea29","digitalCertThumbprint":"2768AE1557100E085E8186A6F6A4429A91B53A92","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SUNNY ASSOCIATE LIMITED, O=SUNNY ASSOCIATE LIMITED, L=WEMBLEY, C=GB","sourceIndex":"2382","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)","McAfee Total Protection (20191204)"],"avAllowList":["Dr.Web Security Space (20191204)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"If you purchase one of our products, the payment will be handled by a 3rd party payment gateway\"","reference":"https://winfixcleaner.com/privacy.html","landingPage":"https://winfixcleaner.com/","directDownloadingLink":"https://winfixcleaner.com/files/2/WinFixCleaner%20Setup%202.0.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://winfixcleaner.com/files/2/WinFixCleaner%20Setup%202.0.msi","sourceIndex":"2381"},{"howFound":"","reference":"","landingPage":"https://winfixcleaner.com/","directDownloadingLink":"https://winfixcleaner.com/files/2/WinFixCleaner%20Comm%20Trial%20Setup%202.0.msi","ipv4":"","ipv6":"","sourceIndex":"2382"}],"sampleFiles":["190910/WinFixCleaner-190909/2.0.0.0/Samples/WinFix_Cleaner.exe","190910/WinFixCleaner-190909/2.0.0.0/Samples/WinFixCleaner Setup 2.0.msi","190910/WinFixCleaner-190909/2.0.0.0/Samples/McDonald.exe"],"imageFiles":["190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-042/010.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-042/010_2.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-010/010.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-010/010_2.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-014/registry_scan.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-014/error.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-003/registry_scan.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-003/disk_cleaner.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-003/error.png"],"nonDeceptorImageFiles":["190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-065/install.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-065/about.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-099/about.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-002/main.png","190910/WinFixCleaner-190909/2.0.0.0/Images/ACR-002/error.png"],"guid":"d0746962-ff88-4bfc-a762-12ae15c2785a_2.0.0.0_1","appID":"WinFixCleaner-190909","dateAdded":"190910","deceptorType":"App","name":"WinFix Cleaner","company":"SUNNY ASSOCIATE LIMITED","version":"2.0.0.0","sigName":"Deceptor:Win32/WinFixCleaner!042010014118003","lastKnownStatus":"Deceptor:2.0.0.0","lastKnownDate":"200713","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-07-14T02:39:26.6379982+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2115},{"violations":{"ACR-003":"Displays fake threat scamming message and scare user to download additional application to clean up.\n","ACR-014":"Display fake threat information via scamming message, thus scare user to download the additional application for monetizing. e.g downloading Deceptor Qbit application family from different fast changing landing page to evade security product to block: http://dl.osysboostutils.club/qbps/securerc/osysboostutils_club/qbpssetup.exe\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Deceptor monitoring Qbit","reference":"Qbit","landingPage":"http://www.ospeedypcutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.ospeedypcutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2801"},{"howFound":"","reference":"","landingPage":"http://www.osysboostutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.osysboostutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2802"},{"howFound":"","reference":"","landingPage":"http://www.opcboostutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.opcboostutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2803"},{"howFound":"","reference":"","landingPage":"http://www.osyscleantools.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.osyscleantools.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2804"},{"howFound":"","reference":"","landingPage":"http://www.osyscleanutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.osyscleanutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2805"},{"howFound":"","reference":"","landingPage":"http://www.opccleanutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.opccleanutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2806"},{"howFound":"","reference":"","landingPage":"http://www.opcspeedtools.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.opcspeedtools.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2807"},{"howFound":"","reference":"","landingPage":"http://www.opcspeedutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.opcspeedutils.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2808"},{"howFound":"","reference":"","landingPage":"http://www.qbitmypctools.*/lp/brtbm/1/*utm_source=wbtbm&utm_campaign=wbtbm*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.qbitmypctools.*/lp/brtbm/1/*utm_source=wbtbm&utm_campaign=wbtbm*","sourceIndex":"2809"},{"howFound":"","reference":"","landingPage":"http://www.qbitsystems.*/lp/brtbm/1/*utm_source=wbtbm&utm_campaign=wbtbm*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.qbitsystems.*/lp/brtbm/1/*utm_source=wbtbm&utm_campaign=wbtbm*","sourceIndex":"2810"},{"howFound":"","reference":"","landingPage":"http://www.osysspeedtools.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.osysspeedtools.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2811"},{"howFound":"","reference":"","landingPage":"http://www.opcboosttools.*/lp/acsh1/*/utm_campaign=wascshcpi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.opcboosttools.*/lp/acsh1/*/utm_campaign=wascshcpi&*","sourceIndex":"2812"},{"howFound":"","reference":"","landingPage":"http://www.qbitsyspcboost.*/lp/fxmrkt/*utm_campaign=wfxmrkt&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.qbitsyspcboost.*/lp/fxmrkt/*utm_campaign=wfxmrkt&*","sourceIndex":"2813"},{"howFound":"","reference":"","landingPage":"http://www.unifysystemtools.*/lp/gsmob/*utm_campaign=wgsmbi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unifysystemtools.*/lp/gsmob/*utm_campaign=wgsmbi&*","sourceIndex":"2814"},{"howFound":"","reference":"","landingPage":"http://www.unifypctools.*/lp/gsmob/*utm_campaign=wgsmbi&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unifypctools.*/lp/gsmob/*utm_campaign=wgsmbi&*","sourceIndex":"2815"},{"howFound":"","reference":"","landingPage":"http://www.unifysmarttools.*/lp/fxmrkt/*utm_campaign=wfxmrkt&*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unifysmarttools.*/lp/fxmrkt/*utm_campaign=wfxmrkt&*","sourceIndex":"2816"},{"howFound":"security partner share","reference":"one click booster;","landingPage":"http://www.unifypcutils.*/lp/brtbm","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unifypcutils.*/lp/brtbm","sourceIndex":"2817"},{"howFound":"","reference":"one click booster;","landingPage":"http://www.unomastertools.*/lp/brtbm","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unomastertools.*/lp/brtbm","sourceIndex":"2818"},{"howFound":"","reference":"one click booster;","landingPage":"http://www.unosupertools.*/lp/brtbm","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unosupertools.*/lp/brtbm","sourceIndex":"2819"},{"howFound":"","reference":"one click booster;","landingPage":"http://www.unosuperutils.*/lp/brtbm","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unosuperutils.*/lp/brtbm","sourceIndex":"2820"},{"howFound":"","reference":"one click booster;","landingPage":"http://www.unosystemutils.*/lp/brtbm","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unosystemutils.*/lp/brtbm","sourceIndex":"2821"},{"howFound":"","reference":"one click booster;","landingPage":"http://www.unotechnotools.*/lp/brtbm","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unotechnotools.*/lp/brtbm","sourceIndex":"2822"},{"howFound":"","reference":"one click booster;","landingPage":"http://www.unotechytools.*/lp/brtbm","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unotechytools.*/lp/brtbm","sourceIndex":"2823"},{"howFound":"","reference":"one click booster;","landingPage":"http://www.unotechyutils.*/lp/brtbm","ipv4":"","ipv6":"","landingPageWildChar":"http://www.unotechyutils.*/lp/brtbm","sourceIndex":"2824"},{"howFound":"","reference":"hxxps://www.websafetyfirst.com/offer/fr?cep=EHkyt_gPNXxxFtQhSV4hd76mW_vb3v5hplZ5SMFpC_ewtA2gpjCI4I8zw1yxOGLq65Ypixc0xkYBbmjWJZj9uLm7H07gGKb6ttglKHClo7uuDLwAAC0z-iYT9HJSkAhxuGFErFWv51YsDgyqFNdZSV3GHYqASyxzhYBgDYZSa4M1IqD-CsW9MOXfT5FAfCMhkeRVn-XbwUEs5M2oLnCK5jPSUHOwW1UQjBGpBJi0dVIVJQ0ce1e34WXtPqXD7fjm0Mc1o-_c1fy6GJ1LSnKU57Esst-EBXy3W003TROV6zS1zO3pyLWKmGsBMto_stbfkP86cs7WDliCcdKpdbyKKw&lptoken=15d1646b146f81a18608&CampID=%7BCAMPAIGN_ID%7D&SiteId=; http://www.unosystemtools.club/lp/clkdr/?fd=qbop&x-context=abbf3c46279a48928775bd2bba2b2de210d54&utm_source=wclkwtn&utm_campaign=wclkwtn&pxl=WCL3059_WCL2990_RUNT&utm_pubid=68581&x-at=dIIPE7MM3MB1T99O14D9FJ8C&override=1","landingPage":"http://www.unosystemtools.*/lp/clkdr/","ipv4":"","ipv6":"","sourceIndex":"2825"},{"howFound":"","reference":"QBIT System Care","landingPage":"http://www.microsoft.com-windows-optimization.xyz/redirect/?ip=*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.microsoft.com-windows-optimization.xyz/redirect/?ip=69.120.2.76&campid=c797fd22-c8c4-4ff0-8470-ff778fd3166a&zn=869&sc=a8a456ba-edc9-4326-80f5-1759b60ceed2&browser=Chrome&browserversion=Chrome%2072&city=Northport&os=Windows&osv=Windows%2010&model=Desktop&td=tracking.blue&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20WOW64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F72.0.3626.121%20Safari%2F537.36&language=en&connection=CABLE&isp=Optimum%20Online&carrier=&country=US&cep=uheTB-Cc1wFg_jEqdmJA0FfTvBNf5BXamHMiNhpheRiEF3xFM2C9DS6E4aqqqBEgxIdXwcodSrcfG2taq573OwVVEKRiUmUIKJxZoBbnt4BP11KFbWgCaETYVUAVi6gi98eGIPglE9oY5CmXXfNlcVtoLuUtEUbIAnTttXKytK6T5GmLiov0BGO2g7_0JGEZepIexZy62m7nLU24YFgPCyXPE0RTa-V-qwm6fhdXPc23ECB0yKe8A-b0DqV2OQDE3k36cJpt6sZrmImsuPhyUA5fyi7q7BzQ1nXeF50v7hOL8_HMqNm47n8Y8AXio0gXhHv1HbtSucmO8BNVk5OznoOfxHAoNZhuGDGloCqwVHg&lptoken=155f67e162ce0413620a&partner_id=869&pid=869-1dce648f&clickid=6732870881644642493","sourceIndex":"2826"},{"howFound":"","reference":"QBIT System Care ","landingPage":"http://www.microsoft.com-shield-device.live/redirect/?ip=*","ipv4":"","ipv6":"","landingPageWildChar":"http://www.microsoft.com-shield-device.live/redirect/?ip=69.120.2.76&campid=c797fd22-c8c4-4ff0-8470-ff778fd3166a&zn=869&sc=a8a456ba-edc9-4326-80f5-1759b60ceed2&browser=Chrome&browserversion=Chrome%2072&city=Northport&os=Windows&osv=Windows%2010&model=Desktop&td=tracking.blue&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20WOW64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F72.0.3626.121%20Safari%2F537.36&language=en&connection=CABLE&isp=Optimum%20Online&carrier=&country=US&cep=tYQurxIE9isVZ2oCPyGetgAVQK__znkxRFkajYqTl2BSgbPvNqV0g3t761MUdeBcwNHfHAfM1AqyUfUPutxgiFbAKMVSbONdOLZX5w3l85LXh3Rr_40W3phZr1Fite1vSEGkojhl6nvlXXsU9xdEpRD7AUk2pgJYjZVfxIqnXFw00pB63y8yY75jBrlmQZL-W0jjpT4So6lC64VynVoA9pV8ETv-7O56HUnr0_GbNBfjrYYfVNMpz9rNxuaoNd65sAEliYKodsXJ-tVDoJtztyIIjyUydmknyZ2dK-Sh8dmDpSCr9GlU05M5tk7PAhGBdhjBpvrtwZO1BfcBNZ2Y3Xsig9RI1YKEbabQdlApWCk&lptoken=157f68be217c212c9370&partner_id=869&pid=869-9b4a5f8b&clickid=6735412346904117764","sourceIndex":"2827"}],"sampleFiles":[],"imageFiles":["190910/ScamAffiliate-190521/190521/Images/ACR-003/2019-05-21_Qbit.mp4","190910/ScamAffiliate-190521/190521/Images/ACR-014/ScamAffiliate_Qbit_014.PNG","190910/ScamAffiliate-190521/190521/Images/ACR-014/qbit090419.png","190910/ScamAffiliate-190521/190521/Images/ACR-014/qbit090419_2.png"],"nonDeceptorImageFiles":[],"guid":"45a69da7-0632-4604-b826-bb8e2865a8fa_190521_1","appID":"ScamAffiliate-190521","dateAdded":"190910","deceptorType":"Affiliate","name":"ScamAffiliate","company":"Qbit","version":"190521","sigName":"Deceptor:Affiliate/QbitScamAffiliate!003014","lastKnownStatus":"190729","lastKnownDate":"190910","type":"Affiliate","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","lastUpdate":"2019-09-11T18:02:42.434937+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2116},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC CARE TOOLS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"wspsetup.exe","isInstaller":"True","productName":"Win Speedup 2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"7322db973606790af367c7f67bbb731d","hashSHA1":"ceae69afe682e89d9cf951c92b483fb6433da0ed","hashSHA256":"2e045ef29c977dcf1629751fa23e3c3deb8118f04677aed4c2d1cc4177d3c804","digitalCertThumbprint":"5554829AECAE21B5DC5344E8C3C49D41F9F889A1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE LOGlCS, O=SYSCARE LOGlCS, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2828","avBlockList":["360 Total Security (20190822)","Avast Internet Security (20190822)","AVG Internet Security (20190822)","Avira Internet Security (20190822)","Bitdefender Internet Security (20190822)","COMODO Antivirus (20190822)","Dr.Web Security Space (20190822)","ESET Internet Security (20190822)","G DATA INTERNET SECURITY (20190822)","K7 Total Security (20190822)","Kaspersky Internet Security (20190822)","Malwarebytes Premium (20190822)","McAfee Total Protection (20190822)","Norton Security (20190822)","Panda Dome (20190822)","Quick Heal Internet Security (20190822)","Sophos Home Premium (20190822)","Tencent PC Manager (20190822)","Trend Micro Internet Security (20190822)","VIPRE Advanced Security (20190822)","VirIT eXplorer PRO (20190822)","Webroot SecureAnywhere (20190822)","Windows Defender (20190822)"],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp.exe","productName":"SpeedUp Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2370ac3fc50e98241f947415706e7fe7","hashSHA1":"88abb7c65fd518290201d8c081cfbff81e3ed782","hashSHA256":"650be6628cc81fcd8b7be75b64c77662ffa32d06cfbca399c9ddcb48b09d6e8f","digitalCertThumbprint":"5554829AECAE21B5DC5344E8C3C49D41F9F889A1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE LOGlCS, O=SYSCARE LOGlCS, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2828","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"wspsetup_2.exe","isInstaller":"True","fileVersion":"3.0","hashMD5":"2b756416c872c4b599f9d4d05f8eb97d","hashSHA1":"921894f9070a8124e303bef653e8520fe1a1c7cb","hashSHA256":"412125587a4b2a5ea4353cf8f0584a9a9020133f2fb676cebd8aa06b3b8a6ac7","digitalCertThumbprint":"C54E8BB8258BF70ABE059A7EC71F14E757F079CD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=whizsoft services, OU=whizsoft services, O=whizsoft services, POBox=303802, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2828","avBlockList":["360 Total Security (20190822)","Avast Internet Security (20190822)","AVG Internet Security (20190822)","Avira Internet Security (20190822)","Bitdefender Internet Security (20190822)","COMODO Antivirus (20190822)","Dr.Web Security Space (20190822)","ESET Internet Security (20190822)","G DATA INTERNET SECURITY (20190822)","K7 Total Security (20190822)","Kaspersky Internet Security (20190822)","Malwarebytes Premium (20190822)","McAfee Total Protection (20190822)","Norton Security (20190822)","Panda Dome (20190822)","Quick Heal Internet Security (20190822)","Sophos Home Premium (20190822)","Tencent PC Manager (20190822)","Trend Micro Internet Security (20190822)","VIPRE Advanced Security (20190822)","VirIT eXplorer PRO (20190822)","Webroot SecureAnywhere (20190822)","Windows Defender (20190822)"],"avAllowList":[]},{"isRevoked":"False","fileName":"wspsetup (1.0.111.22).exe","isInstaller":"True","productName":"Win-Speed-Up-2018","productVersion":"1.0.111.22","fileVersion":"1.0.111.22","hashMD5":"1abd6f6b58ad8421eb3b46fa28aad1b1","hashSHA1":"2a260c29eb93662755ed9084e8ead47715527e24","hashSHA256":"a9bc3f5abb016a29fe189a35f149bb9a95ad2dab964ccfd1b3344b60af3104cb","digitalCertThumbprint":"BE29E9F9C2E8FF6D10A69877EA7F8976F1DF7F1C","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Connect AB Infoline Private Limited, O=Connect AB Infoline Private Limited, L=New Delhi, S=Delhi, C=IN","sourceIndex":"2828","avBlockList":["360 Total Security (20190610)","Avast Internet Security (20190610)","AVG Internet Security (20190610)","Avira Internet Security (20190610)","COMODO Antivirus (20190610)","Dr.Web Security Space (20190610)","ESET Internet Security (20190610)","G DATA INTERNET SECURITY (20190610)","K7 Total Security (20190610)","Kaspersky Internet Security (20190610)","Malwarebytes Premium (20190610)","McAfee Total Protection (20190610)","Norton Security (20190607)","Panda Dome (20190610)","Sophos Home Premium (20190610)","Trend Micro Internet Security (20190610)","VirIT eXplorer PRO (20190610)","Webroot SecureAnywhere (20190610)","Windows Defender (20190610)"],"avAllowList":["Bitdefender Internet Security (20190610)","Quick Heal Internet Security (20190610)","Tencent PC Manager (20190610)","VIPRE Advanced Security (20190610)"]},{"isRevoked":"False","fileName":"wspsetup (3.0.0.11).exe","isInstaller":"True","productVersion":"3.0.0.11","fileVersion":"3.0.0.11","hashMD5":"a6910d9374df46b478209c7ceb801d94","hashSHA1":"bec924f4b2a427149db3719b6cfe412e6f8b4523","hashSHA256":"36601505289f0b27f05666fcd6ae7bf42277c92a65d6c0004638d8bac7e1c6b5","digitalCertThumbprint":"27301CDDB1733BEA727D0DBDDBFEEDF174AF07DD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WINCARE UTlLlTlES, O=WINCARE UTlLlTlES, STREET=\"47, Shilp Colony, Jhotwara\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2830","avBlockList":["360 Total Security (20191204)","Avast Internet Security (20191204)","AVG Internet Security (20191204)","Avira Internet Security (20191204)","Bitdefender Internet Security (20191204)","COMODO Antivirus (20191204)","Dr.Web Security Space (20191204)","ESET Internet Security (20191204)","G DATA INTERNET SECURITY (20191204)","K7 Total Security (20191204)","Kaspersky Internet Security (20191204)","Malwarebytes Premium (20191204)","McAfee Total Protection (20191204)","Norton Security (20191204)","Panda Dome (20191204)","Quick Heal Internet Security (20191204)","Sophos Home Premium (20191204)","Tencent PC Manager (20191204)","Trend Micro Internet Security (20191204)","VIPRE Advanced Security (20191204)","VirIT eXplorer PRO (20191204)","Webroot SecureAnywhere (20191204)","Windows Defender (20191204)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \" speedup pc 2018\"","landingPage":"http://quickpcupdate.com/","directDownloadingLink":"https://d2g0a2hffvxzzp.cloudfront.net/wsp/securerc/wspsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2g0a2hffvxzzp.cloudfront.net/wsp/securerc/wspsetup.exe","sourceIndex":"2828"},{"howFound":"Hunt.search","reference":"Bad affiliate","landingPage":"https://www.speedysysutils.info/","directDownloadingLink":"http://dl.speedysysutils.info/wsp/securerc/t10/wspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2829"},{"howFound":"","reference":"","landingPage":"http://www.pccleantools.com/","directDownloadingLink":"http://dl.pccleantools.com/wsp/securerc/y2/wspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2830"}],"sampleFiles":["190910/WinSpeedup2018-180424/1.0.0.0/Samples/wspsetup.exe","190910/WinSpeedup2018-180424/1.0.0.0/Samples/bpp.exe","190910/WinSpeedup2018-180424/1.0.0.0/Samples/wspsetup_2.exe","190910/WinSpeedup2018-180424/1.0.0.0/Samples/wspsetup (1.0.111.22).exe","190910/WinSpeedup2018-180424/1.0.0.0/Samples/wspsetup (3.0.0.11).exe"],"imageFiles":["190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-003/ACR-003_software.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-003/ACR-003_software1.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-003/ACR-003_software2.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-088/ACR-088_software.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-092/ACR-092_SOFTWARE.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-099/ACR-099_landingpage.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG","190910/WinSpeedup2018-180424/1.0.0.0/Images/ACR-171/adsinsideapp.JPG"],"guid":"0de65086-92d5-4168-bdb9-acdbe90ee877_1.0.0.0_1","appID":"WinSpeedup2018-180424","dateAdded":"190910","deceptorType":"App","name":"Win Speedup 2018","company":"Win Speedup 2018","version":"1.0.0.0","sigName":"Deceptor:Win32/WinSpeedupPro2018!003010055059","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190910","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-09-10T18:29:15.806178+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2042},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy and privacy policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SYSCARE L0GICS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"pscsetup1.exe","isInstaller":"True","productName":"Power~SystemCare","productVersion":"2.0.3.18","fileVersion":"2.0.3.18","hashMD5":"e644ca0c3e6aa859bc5aa1b88b2ab2c7","hashSHA1":"db60cbfa462f37e2515ab3b6130ef86f3d332c1f","hashSHA256":"6ae323514309e911f4e4efe5edd6550bc7ad5c6f7e64b6f95037e1fb19bd8cb7","digitalCertThumbprint":"7269E835E3698568E46CF7EF84E787022B94ACA9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE L0GICS, O=SYSCARE L0GICS, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2846","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"iytr.exe","companyName":"n/a","productName":"PC Tool","productVersion":"2.0.3.18","fileVersion":"2.0.3.18","hashMD5":"949089b996a74bc1ac2327854ebbdc3a","hashSHA1":"6af8469e83b808ef5dfe8770d8ae09652d87a9fa","hashSHA256":"b0f598fc96695035d40d2cce1579666dec2084687b38d1e571647fac5d5166c1","digitalCertThumbprint":"7269E835E3698568E46CF7EF84E787022B94ACA9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE L0GICS, O=SYSCARE L0GICS, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2846","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pscsetup (2.0.3.20) 2.exe","isInstaller":"True","productVersion":"2.0.3.20","fileVersion":"2.0.3.20","hashMD5":"86b5c401a51f0659eba24e7d4cccc288","hashSHA1":"38e7dd01066f3331e5ed00d44c6914c03dc67bcc","hashSHA256":"4b43626ae5641f1a23305362c589277063df7357274841c2a1e1d5ee1008737a","digitalCertThumbprint":"854D035E4E4B594B06BBC2463F52BCB82269C7EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB INFOLINE PRIVATE LIMITED, OU=CONNECT-AB INFOLINE PRIVATE LIMITED, O=CONNECT-AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2846","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)"],"avAllowList":["COMODO Antivirus (20191128)","Windows Defender (20191128)"]},{"isRevoked":"False","fileName":"pscsetup.exe","isInstaller":"True","productName":"Power~System~Care","productVersion":"3.0.0.26","fileVersion":"3.0.0.26","hashMD5":"ac2b172ef8d394cf60a0163d42272122","hashSHA1":"30c95e40fc7098cb8c3b8a3734d9ba66fb387532","hashSHA256":"d9ff63da91e15edf7390f73534cf1ab53c4b98610a89e465d2ca60e38f48333a","digitalCertThumbprint":"807862BCE8DD33E4EBD2428B0A262296EE1BA053","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=adequate softwares, OU=adequate softwares, O=adequate softwares, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2847","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["Bitdefender Internet Security (20190815)","VIPRE Advanced Security (20190815)"]},{"isRevoked":"False","fileName":"pscsetup (3.0.0.25).exe","isInstaller":"True","productVersion":"3.0.0.25","fileVersion":"3.0.0.25","hashMD5":"aef081eaf00ef0ad15952802024e5f61","hashSHA1":"408d809d65460d7aadb877664c4db9a19ed9effe","hashSHA256":"f71d46d712d80bdc291757ee9d7e3604d21fe1fc8bb111fd15d5acf2f1713380","digitalCertThumbprint":"D20A30B1B5E814DB2E8824E8255C61AC20F430FE","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE TECHNOIOGIES, OU=SYSCARE TECHNOIOGIES, O=SYSCARE TECHNOIOGIES, POBox=302003, STREET=\"421, MANI RAM JI KI KHOTO KA RASTA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302003, C=IN","sourceIndex":"2848","avBlockList":["360 Total Security (20191017)","Avast Internet Security (20191017)","AVG Internet Security (20191017)","Avira Internet Security (20191017)","Bitdefender Internet Security (20191017)","COMODO Antivirus (20191017)","Dr.Web Security Space (20191017)","ESET Internet Security (20191017)","G DATA INTERNET SECURITY (20191017)","K7 Total Security (20191017)","Kaspersky Internet Security (20191017)","Malwarebytes Premium (20191017)","McAfee Total Protection (20191017)","Norton Security (20191017)","Panda Dome (20191017)","Quick Heal Internet Security (20191017)","Sophos Home Premium (20191017)","Tencent PC Manager (20191017)","Trend Micro Internet Security (20191017)","VIPRE Advanced Security (20191017)","VirIT eXplorer PRO (20191017)","Webroot SecureAnywhere (20191017)","Windows Defender (20191017)"],"avAllowList":[]},{"isRevoked":"False","fileName":"pscsetup (2.0.3.20).exe","isInstaller":"True","productVersion":"2.0.3.20","fileVersion":"2.0.3.20","hashMD5":"22432be479de41e4f91085868e74caae","hashSHA1":"2423190c93bb3ab38a6281bd8f891edbfcff0053","hashSHA256":"6cfc5fe9294a1aa60fc7918ae0a85639270bb5c0cd4b509423de90cdf34483b8","digitalCertThumbprint":"854D035E4E4B594B06BBC2463F52BCB82269C7EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB INFOLINE PRIVATE LIMITED, OU=CONNECT-AB INFOLINE PRIVATE LIMITED, O=CONNECT-AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2849","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","COMODO Antivirus (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":[]},{"isRevoked":"False","fileName":"pscsetup (2.0.3.20) 3.exe","isInstaller":"True","productVersion":"2.0.3.20","fileVersion":"2.0.3.20","hashMD5":"4380faf0351940b9fd3b86cff31aeb78","hashSHA1":"83bae82be3348a0b62c85a91b2a5fbc876dbbbc2","hashSHA256":"60ee446e59f8e1dc6355a16619d272ec5c0e5c8c60a80ce5a553e2b0272984cf","digitalCertThumbprint":"854D035E4E4B594B06BBC2463F52BCB82269C7EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB INFOLINE PRIVATE LIMITED, OU=CONNECT-AB INFOLINE PRIVATE LIMITED, O=CONNECT-AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2851","avBlockList":["360 Total Security (20191202)","Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"pscsetup (2.0.3.20) 4.exe","isInstaller":"True","productVersion":"2.0.3.20","fileVersion":"2.0.3.20","hashMD5":"4dff3cdbb6494370f4e7075d93c2d919","hashSHA1":"ba4bf9b8a7a2f0b928883048a6e353147086637a","hashSHA256":"a92f2041a3a25a38b89fda308f9524e8f1047c35472e2e115508900bf8d0126b","digitalCertThumbprint":"854D035E4E4B594B06BBC2463F52BCB82269C7EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB INFOLINE PRIVATE LIMITED, OU=CONNECT-AB INFOLINE PRIVATE LIMITED, O=CONNECT-AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2852","avBlockList":["360 Total Security (20190926)","Avast Internet Security (20190926)","AVG Internet Security (20190926)","Avira Internet Security (20190926)","COMODO Antivirus (20190926)","Dr.Web Security Space (20190926)","ESET Internet Security (20190926)","G DATA INTERNET SECURITY (20190926)","K7 Total Security (20190926)","Kaspersky Internet Security (20190926)","Malwarebytes Premium (20190926)","McAfee Total Protection (20190926)","Norton Security (20190926)","Panda Dome (20190926)","Quick Heal Internet Security (20190926)","Sophos Home Premium (20190926)","Trend Micro Internet Security (20190926)","VirIT eXplorer PRO (20190926)","Webroot SecureAnywhere (20190926)","Windows Defender (20190926)"],"avAllowList":["Bitdefender Internet Security (20190926)","Tencent PC Manager (20190926)","VIPRE Advanced Security (20190926)"]},{"isRevoked":"False","fileName":"pscsetup4 (2.0.3.18).exe","isInstaller":"True","productVersion":"2.0.3.18","fileVersion":"2.0.3.18","hashMD5":"7a35f9113270e9430e1a11f4c025dd76","hashSHA1":"d16a24148eae3ec1dbb839da1f6b606b24a32b9e","hashSHA256":"ea8de5beb640afd32a730261009fde076c7290ce4daa3774c4362a023033b1b8","digitalCertThumbprint":"C54E8BB8258BF70ABE059A7EC71F14E757F079CD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=whizsoft services, OU=whizsoft services, O=whizsoft services, POBox=303802, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2853","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pscsetup3 (2.0.3.18).exe","isInstaller":"True","productVersion":"2.0.3.18","fileVersion":"2.0.3.18","hashMD5":"e1db59cc2c3759687163f13e7a81c55a","hashSHA1":"b17b2d356c077750d5724a8dbc8ec276ce85ccb0","hashSHA256":"792ecc67cb60e395002c855fca89d2f176c6d3657f46fc7433c7ac8907098680","digitalCertThumbprint":"64D76A01A4D1D4561F8983D8F633E0A7FB413BA7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=stellar pc solutions, OU=stellar pc solutions, O=stellar pc solutions, POBox=303802, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2854","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pscsetup5 (2.0.3.18).exe","isInstaller":"True","productVersion":"2.0.3.18","fileVersion":"2.0.3.18","hashMD5":"a8638252859065638d8d39d5c163a439","hashSHA1":"9d0c386140caeb4a876fd19c52ca1ccf26451d72","hashSHA256":"2a394803c4a3edba6b41dc065af2354e6c82d5383300bc7f3a37209c62ae28a6","digitalCertThumbprint":"9EAB75378CF33E180FF6255EA22B5478F5CD0D53","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB-REACH TECHNOLOGIES PRIVATE LIMITED, O=AB-REACH TECHNOLOGIES PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"2855","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.winpccaretools.com/","directDownloadingLink":"http://dl.winpccaretools.com/psc/securerc/m2/pscsetup1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.winpccaretools.com/psc/securerc/m2/pscsetup1.exe","sourceIndex":"2846"},{"howFound":"","reference":"","landingPage":"http://www.supercareutils.com/","directDownloadingLink":"http://dl.supercareutils.com/psc/securerc/o2/pscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2847"},{"howFound":"","reference":"","landingPage":"http://www.onesystools.info/","directDownloadingLink":"http://dl.onesystools.info/psc/securerc/a6/pscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2848"},{"howFound":"","reference":"","landingPage":"http://winsyscaretools.com/","directDownloadingLink":"http://dl.winsyscaretools.com/psc/securerc/p2/pscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2849"},{"howFound":"","reference":"","landingPage":"http://winsyscaretools.org/","directDownloadingLink":"http://dl.winsyscaretools.org/psc/securerc/p10/pscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2850"},{"howFound":"","reference":"","landingPage":"http://www.winsyscaretools.net/","directDownloadingLink":"http://dl.winsyscaretools.net/psc/securerc/p6/pscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2851"},{"howFound":"","reference":"","landingPage":"http://www.winsyscaretools.info/","directDownloadingLink":"http://dl.winsyscaretools.info/psc/securerc/p8/pscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2852"},{"howFound":"","reference":"","landingPage":"http://winpccaretools.net/","directDownloadingLink":"http://dl.winpccaretools.net/psc/securerc/m8/pscsetup4.exe","ipv4":"","ipv6":"","sourceIndex":"2853"},{"howFound":"","reference":"","landingPage":"http://winpccaretools.org/","directDownloadingLink":"http://dl.winpccaretools.org/psc/securerc/m6/pscsetup3.exe","ipv4":"","ipv6":"","sourceIndex":"2854"},{"howFound":"","reference":"","landingPage":"http://winpccaretools.info/","directDownloadingLink":"http://dl.winpccaretools.info/psc/securerc/m10/pscsetup5.exe","ipv4":"","ipv6":"","sourceIndex":"2855"}],"sampleFiles":["190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup1.exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/iytr.exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup (2.0.3.20) 2.exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup (3.0.0.26).exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup (3.0.0.25).exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup (2.0.3.20).exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup (2.0.3.20) 3.exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup (2.0.3.20) 4.exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup4 (2.0.3.18).exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup3 (2.0.3.18).exe","190905/PowerSystemCare-180926/2.0.3.18/Samples/pscsetup5 (2.0.3.18).exe"],"imageFiles":["190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-055/ACR-055_inlineoffer.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-003/ACR-003_software.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-003/ACR-003_software1.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-010/ACR-010_inlineoffer.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-010/ACR-010_adsinsideapp.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-014/ACR-014_software.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-065/ACR-065_internaloffer.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-161/ACR-161_internaloffer.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-088/ACR-088_software.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-092/ACR-092_software.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-099/ACR-099_landingpage.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-099/ACR-099_internaloffer.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-150/ACR-150_internaloffer.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-171/ACR-171_internaloffer.JPG","190905/PowerSystemCare-180926/2.0.3.18/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"c9110af5-2717-42a6-b121-46b7848999ca_2.0.3.18_1","appID":"PowerSystemCare-180926","dateAdded":"190905","deceptorType":"App","name":"PowerSystemCare","company":"SYSCARE L0GICS","version":"2.0.3.18","sigName":"Deceptor:Win32/PowerSystemCare!003010014055059","lastKnownStatus":"Deceptor:2.0.3.18","lastKnownDate":"190905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2019-09-05T19:38:15.3777526+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2043},{"violations":{"ACR-003":"The app shows gauges and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"apccsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Auto~ PC~Cleaner 2019                                       ","productVersion":"3.0.2.22                                          ","fileVersion":"3.0.2.22            ","hashMD5":"d2d231bb34e81d4d16e024e32d0d11a7","hashSHA1":"aab999c30d448392cdc4fc9f75875a311c7fb358","hashSHA256":"d35ad2eabb66fcd7e277d714a90687360230c4dbdad51e6b7a9332216214b1ac","digitalCertThumbprint":"99457DD292B28713B112148E7EC0CAC62AB87FDF","sourceIndex":"2831","avBlockList":["Avast Internet Security (20190513)","AVG Internet Security (20190513)","Avira Internet Security (20190513)","ESET Internet Security (20190513)","G DATA INTERNET SECURITY (20190513)","K7 Total Security (20190513)","Kaspersky Internet Security (20190513)","Malwarebytes Premium (20190513)","McAfee Total Protection (20190513)","Norton Security (20190513)","Panda Dome (20190513)","Sophos Home Premium (20190513)","Trend Micro Internet Security (20190513)","VirIT eXplorer PRO (20190513)","Webroot SecureAnywhere (20190513)","Windows Defender (20190513)","360 Total Security (20190513)","COMODO Antivirus (20190513)","Dr.Web Security Space (20190513)","Quick Heal Internet Security (20190513)"],"avAllowList":["Bitdefender Internet Security (20190513)","F-PROT Antivirus for Windows (20190412)","SpyHunter5 (20190412)","Tencent PC Manager (20190513)","VIPRE Advanced Security (20190513)"]},{"isRevoked":"False","fileName":"apccsetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a0afeaa928d079783b3396ad6c9af782","hashSHA1":"5a55def29f5080e78fee0341317c56b78bcca3a6","hashSHA256":"ec9e0e12f5f0754b572da0ea1c1d33a2c56cb5dabd2dd9ebde833de5d973a4ea","digitalCertThumbprint":"1D62AA7CA85AE39B02DC21D202983FC58DB994EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE SOFTWARES, O=ADEQUATE SOFTWARES, STREET=\"WARD NO. 12, SULTANA,\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2832","avBlockList":["360 Total Security (20190725)","Avast Internet Security (20190725)","AVG Internet Security (20190725)","Avira Internet Security (20190725)","Bitdefender Internet Security (20190725)","COMODO Antivirus (20190725)","Dr.Web Security Space (20190725)","ESET Internet Security (20190725)","G DATA INTERNET SECURITY (20190725)","K7 Total Security (20190725)","Kaspersky Internet Security (20190725)","Malwarebytes Premium (20190725)","McAfee Total Protection (20190725)","Norton Security (20190725)","Panda Dome (20190725)","Quick Heal Internet Security (20190725)","Sophos Home Premium (20190725)","Tencent PC Manager (20190725)","Trend Micro Internet Security (20190725)","VIPRE Advanced Security (20190725)","VirIT eXplorer PRO (20190725)","Webroot SecureAnywhere (20190725)","Windows Defender (20190725)"],"avAllowList":[]},{"isRevoked":"False","fileName":"apccsetup (1.0.0.1).exe","isInstaller":"True","productName":"Auto-PC-Cleaner-2019","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"e9f5191d55802ec5d0d28e64071a3a58","hashSHA1":"4f288b1ec759f1fdd8fbc0577407f367bc5e8fd2","hashSHA256":"d9412f74940a25346ef9a576d7171323b1a02b6c3ba725b3f01ba125789df4e9","digitalCertThumbprint":"07F82589252EBA28A2D080B3025B870F99B289EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADROlT PC SOLUTIONS, O=ADROlT PC SOLUTIONS, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2833","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","Bitdefender Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":[]},{"isRevoked":"False","fileName":"apccsetup (1.0.0.1) 2.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"4093b2f27757ddd0030739cf6b50d6f1","hashSHA1":"9ceb1f18a8ebf775972ffc28f8f79d380ce357cc","hashSHA256":"87941a6baa03df56ea64635f8827c55754a8dde4f82d23e200bee7214ded0c6d","digitalCertThumbprint":"07F82589252EBA28A2D080B3025B870F99B289EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADROlT PC SOLUTIONS, O=ADROlT PC SOLUTIONS, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2834","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":[]},{"isRevoked":"False","fileName":"apccsetup (1.0.0.1) 3.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"9219b9028b574a60b41a6f2918e9c2c3","hashSHA1":"828658f5571f0e7c74391d8b3f0777571c4d8026","hashSHA256":"78aab2c854da3bf679780601d2978d1b01ee3ce555538c25252d8cba4291760f","digitalCertThumbprint":"07F82589252EBA28A2D080B3025B870F99B289EA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADROlT PC SOLUTIONS, O=ADROlT PC SOLUTIONS, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2837","avBlockList":["360 Total Security (20191114)","Avast Internet Security (20191114)","AVG Internet Security (20191114)","Avira Internet Security (20191114)","Bitdefender Internet Security (20191114)","COMODO Antivirus (20191114)","Dr.Web Security Space (20191114)","ESET Internet Security (20191114)","G DATA INTERNET SECURITY (20191114)","K7 Total Security (20191114)","Kaspersky Internet Security (20191114)","Malwarebytes Premium (20191114)","McAfee Total Protection (20191114)","Norton Security (20191114)","Panda Dome (20191114)","Quick Heal Internet Security (20191114)","Sophos Home Premium (20191114)","Tencent PC Manager (20191114)","Trend Micro Internet Security (20191114)","VIPRE Advanced Security (20191114)","VirIT eXplorer PRO (20191114)","Webroot SecureAnywhere (20191114)","Windows Defender (20191114)"],"avAllowList":[]},{"isRevoked":"False","fileName":"apccsetup (3.0.2.23).exe","isInstaller":"True","productVersion":"3.0.2.23","fileVersion":"3.0.2.23","hashMD5":"e60a699ba3073de6a83bef75088d7a6a","hashSHA1":"ba7bff617ff2f8f21c0a9e4c0635a70040726530","hashSHA256":"4f8bec1d880df167e40621c44972253c21cf1b46e8f07d4f269d3cfaa3c441a3","digitalCertThumbprint":"7E7F8AD74A698A497C019C7D648F030345F55AF3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Fixers Tools, OU=PC Fixers Tools, O=PC Fixers Tools, POBox=302019, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"2838","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":["COMODO Antivirus (20191128)"]},{"isRevoked":"False","fileName":"apccsetup (3.0.2.23) 2.exe","isInstaller":"True","productVersion":"3.0.2.23","fileVersion":"3.0.2.23","hashMD5":"4a9c71bb13d6bf87a925fa40ec57ea72","hashSHA1":"0cbce037ef6fadef31f1b3532b1c979af0949bfd","hashSHA256":"d9c1fed198d6e42daabb879ed59666603f3e7f414a9e4c88c382f2bfd948f7c2","digitalCertThumbprint":"99457DD292B28713B112148E7EC0CAC62AB87FDF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tools Inc., O=PC Speedup Tools Inc., STREET=\"104 Surya Nagar, Murli Pura Vishwakarma\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"2839","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":["COMODO Antivirus (20191128)"]},{"isRevoked":"False","fileName":"apccsetup (3.0.2.22).exe","isInstaller":"True","productVersion":"3.0.2.22","fileVersion":"3.0.2.22","hashMD5":"e1ccc416b3ab1c650c4faaca7914d61f","hashSHA1":"8e525aaa81604ac30069a9047d0784c35e440043","hashSHA256":"7389429f95de3c2cc49f1a25df360beea8840de2808cf6cb27a4f8327992cdc4","digitalCertThumbprint":"C04071ED59113B9370CE46E461BE18613EB21D3A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tools Inc., O=PC Speedup Tools Inc., STREET=\"104 Surya Nagar, Murli Pura Vishwakarma\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"2840","avBlockList":["360 Total Security (20191202)","Avast Internet Security (20191202)","AVG Internet Security (20191202)","Avira Internet Security (20191202)","Bitdefender Internet Security (20191202)","COMODO Antivirus (20191202)","Dr.Web Security Space (20191202)","ESET Internet Security (20191202)","G DATA INTERNET SECURITY (20191202)","K7 Total Security (20191202)","Kaspersky Internet Security (20191202)","Malwarebytes Premium (20191202)","McAfee Total Protection (20191202)","Norton Security (20191202)","Panda Dome (20191202)","Quick Heal Internet Security (20191202)","Sophos Home Premium (20191202)","Tencent PC Manager (20191202)","Trend Micro Internet Security (20191202)","VIPRE Advanced Security (20191202)","VirIT eXplorer PRO (20191202)","Webroot SecureAnywhere (20191202)","Windows Defender (20191202)"],"avAllowList":[]},{"isRevoked":"False","fileName":"apccsetup (3.0.2.22) 2.exe","isInstaller":"True","productVersion":"3.0.2.22","fileVersion":"3.0.2.22","hashMD5":"0b7e3a4939a692720db692641f421244","hashSHA1":"4f575c0b49d9b85861bc09e42912973ef7ffd3e0","hashSHA256":"05f64b3e42d36152d9c68071e4eab00420cfe2f6cbef97c0e3a05a396ddb2a08","digitalCertThumbprint":"3C5FD1027288514CC5AE732066F074A71A2F6888","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2841","avBlockList":["360 Total Security (20190926)","Avast Internet Security (20190926)","AVG Internet Security (20190926)","Avira Internet Security (20190926)","COMODO Antivirus (20190926)","Dr.Web Security Space (20190926)","ESET Internet Security (20190926)","G DATA INTERNET SECURITY (20190926)","K7 Total Security (20190926)","Kaspersky Internet Security (20190926)","Malwarebytes Premium (20190926)","McAfee Total Protection (20190926)","Norton Security (20190926)","Panda Dome (20190926)","Quick Heal Internet Security (20190926)","Sophos Home Premium (20190926)","Trend Micro Internet Security (20190926)","VirIT eXplorer PRO (20190926)","Webroot SecureAnywhere (20190926)","Windows Defender (20190926)"],"avAllowList":["Bitdefender Internet Security (20190926)","Tencent PC Manager (20190926)","VIPRE Advanced Security (20190926)"]},{"isRevoked":"False","fileName":"apccsetup (3.0.2.22) 3.exe","isInstaller":"True","productVersion":"3.0.2.22","fileVersion":"3.0.2.22","hashMD5":"95622b7cd1140971f54ed275216dc86a","hashSHA1":"47fb26b61c81b2bc614a99c4ce276c456152413e","hashSHA256":"a1ec7a44fc0c109146824d58c14d1d2c6b2f4d71048d1048761038bd111e9807","digitalCertThumbprint":"5AC1E3ADC05317696D9C178CA5A7440334576525","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics, OU=Syscare Logics, O=Syscare Logics, POBox=302004, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2842","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"apccsetup (3.0.2.23) 3.exe","isInstaller":"True","productVersion":"3.0.2.23","fileVersion":"3.0.2.23","hashMD5":"d0b1a6c252f47e39fdb8a1e6d0550797","hashSHA1":"1ee66602290ebbc0a681ae0d2b0a1ae58e7d8eb2","hashSHA256":"77cf00fb88678304e8d2bceaecfdc8805568eea24fd0cb770a9bda47be2298b1","digitalCertThumbprint":"3C5FD1027288514CC5AE732066F074A71A2F6888","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2843","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"apccsetup (3.0.2.23) 4.exe","isInstaller":"True","productVersion":"3.0.2.23","fileVersion":"3.0.2.23","hashMD5":"717504c0c6349243e40a3aca1a3ed19c","hashSHA1":"4ee6608152520b230859e6b87d0e1d99d139bcb5","hashSHA256":"645f713072565d689738746a68370911707d7c00d1ae9aa6c5f527987ae6d25f","digitalCertThumbprint":"C04071ED59113B9370CE46E461BE18613EB21D3A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tools Inc., O=PC Speedup Tools Inc., STREET=\"104 Surya Nagar, Murli Pura Vishwakarma\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"2844","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"apccsetup (3.0.2.21).exe","isInstaller":"True","productVersion":"3.0.2.21","fileVersion":"3.0.2.21","hashMD5":"6b997dbf1fc3d216646efa1c201f8424","hashSHA1":"a3c6d63fa31fdb4923cf244971c583357401f4dd","hashSHA256":"80303733b1b9bc43ae9d2c1d04f4007462dcef0d41d78c39a808258b0f2ebf7d","digitalCertThumbprint":"7E7F8AD74A698A497C019C7D648F030345F55AF3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Fixers Tools, OU=PC Fixers Tools, O=PC Fixers Tools, POBox=302019, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"2845","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"preferred PC protection utility\"","reference":"http://aacleansysutils.club/","landingPage":"http://aacleansysutils.club/","directDownloadingLink":"http://dl.aacleansysutils.club/apcc/securerc/aacleansysutils_club/apccsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.aacleansysutils.club/apcc/securerc/aacleansysutils_club/apccsetup.exe","sourceIndex":"2831"},{"howFound":"","reference":"","landingPage":"http://ussystemtool.live/","directDownloadingLink":"http://dl.ussystemtool.live/apcc/securerc/ussystemtool_live/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2832"},{"howFound":"","reference":"","landingPage":"http://usquicksysutils.xyz/","directDownloadingLink":"http://dl.usquicksysutils.xyz/apcc/securerc/usquicksysutils_xyz/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2833"},{"howFound":"","reference":"","landingPage":"http://ussysutils.xyz/","directDownloadingLink":"http://dl.ussysutils.xyz/apcc/securerc/ussysutils_xyz/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2834"},{"howFound":"","reference":"","landingPage":"http://aamysystemtools.club/","directDownloadingLink":"http://dl.aamysystemtools.club/apcc/securerc/aamysystemtools_club/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2835"},{"howFound":"","reference":"","landingPage":"http://aamysystemtools.live/","directDownloadingLink":"http://dl.aamysystemtools.live/apcc/securerc/aamysystemtools_live/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2836"},{"howFound":"","reference":"","landingPage":"http://ussystemtools.xyz/","directDownloadingLink":"http://dl.ussystemtools.xyz/apcc/securerc/ussystemtools_xyz/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2837"},{"howFound":"","reference":"","landingPage":"http://aatunepctls.xyz/","directDownloadingLink":"http://dl.aatunepctls.xyz/apcc/securerc/aatunepctls_xyz/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2838"},{"howFound":"","reference":"","landingPage":"http://aatunepctls.club/","directDownloadingLink":"http://dl.aatunepctls.club/apcc/securerc/aatunepctls_club/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2839"},{"howFound":"","reference":"","landingPage":"http://aasmarttools.club/","directDownloadingLink":"http://dl.aasmarttools.club/apcc/securerc/aasmarttools_club/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2840"},{"howFound":"","reference":"","landingPage":"http://aasmarttools.xyz/","directDownloadingLink":"http://dl.aasmarttools.xyz/apcc/securerc/aasmarttools_xyz/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2841"},{"howFound":"","reference":"","landingPage":"http://aasmarttools.live/","directDownloadingLink":"http://dl.aasmarttools.live/apcc/securerc/aasmarttools_live/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2842"},{"howFound":"","reference":"","landingPage":"http://aapctools.xyz/","directDownloadingLink":"http://dl.aapctools.xyz/apcc/securerc/aapctools_xyz/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2843"},{"howFound":"","reference":"","landingPage":"http://aapctools.live/","directDownloadingLink":"http://dl.aapctools.live/apcc/securerc/aapctools_live/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2844"},{"howFound":"","reference":"","landingPage":"http://aapctools.club/","directDownloadingLink":"http://dl.aapctools.club/apcc/securerc/aapctools_club/apccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2845"}],"sampleFiles":["190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup.exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (1.0.0.0).exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (1.0.0.1).exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (1.0.0.1) 2.exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (1.0.0.1) 3.exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (3.0.2.23).exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (3.0.2.23) 2.exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (3.0.2.22).exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (3.0.2.22) 2.exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (3.0.2.22) 3.exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (3.0.2.23) 3.exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (3.0.2.23) 4.exe","190905/AutoPCCleaner2019-190206/3.0.2.22/Samples/apccsetup (3.0.2.21).exe"],"imageFiles":["190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-003/003.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-003/003_2.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-003/003_3.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-004/003.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-004/004.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-010/010.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-084/084.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-168/003.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-168/168.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-055/010.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-059/010.png"],"nonDeceptorImageFiles":["190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-161/161.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-099/099.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-150/171_150.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-171/171_150.png","190905/AutoPCCleaner2019-190206/3.0.2.22/Images/ACR-171/171.png"],"guid":"b4310531-a2a7-4630-b86a-7018a2f27cfb_3.0.2.22_1","appID":"AutoPCCleaner2019-190206","dateAdded":"190905","deceptorType":"App","name":"Auto PC Cleaner 2019","company":"PC Speedup Tools Inc.","version":"3.0.2.22","sigName":"Deceptor:Win32/AutoPCCleaner2019!003004010084168055059 ","lastKnownStatus":"Deceptor:3.0.2.22","lastKnownDate":"190905","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-09-05T20:51:10.9206207+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2044},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Advanced Driver Booster.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Advanced Driver Booster) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Advanced Driver Booster\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays star awards from Tucows, CNET, Top Reviews and Software.Informer that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"fpcsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Full PC Care 2.0                                            ","productVersion":"1.0.0.15                                          ","fileVersion":"1.0.0.15            ","hashMD5":"066e6b09ed6a10d2cf01461f93cb5df9","hashSHA1":"bd1e05d6c79738a1edd38217c9d29be6f2cb5cbb","hashSHA256":"bda951319bea7c6a3691152487d281554790393b7e5f376e0d82778eaaa48080","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","sourceIndex":"2856","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":["COMODO Antivirus (20191128)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Full PC Care 2.0_username\\rgcl.exe","productName":"PC Booster Application","productVersion":"1.0.0.15","fileVersion":"1.0.0.15","hashMD5":"bfcfa04387c8269924774c5805c0a7fe","hashSHA1":"21ec8b859a6146755b80969652ec7e9f7e345070","hashSHA256":"046d603963f3897e4b743f3ea518018e6d20cb100ca2eae5749a19bf548c34d9","digitalCertThumbprint":"3E41C83874E172792C0956F417457FD11F8121FF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2856","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"syscarestore.com\"","reference":"https://www.syscarestore.com/fpc/price","landingPage":"http://www.fullpccare.co/","directDownloadingLink":"https://dl.fullpccare.co/fpc/srcbulid/fullpccare_co/fpcsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.fullpccare.co/fpc/srcbulid/fullpccare_co/fpcsetup.exe","sourceIndex":"2856"}],"sampleFiles":["190904/FullPCCare-190903/1.0.0.15/Samples/fpcsetup.exe","190904/FullPCCare-190903/1.0.0.15/Samples/rgcl.exe"],"imageFiles":["190904/FullPCCare-190903/1.0.0.15/Images/ACR-048/048.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-003/003.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-003/main.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-003/048.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-004/003.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-004/150.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-084/084.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-168/168.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-042/010.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-010/010.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-057/010.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-055/010.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-059/010.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190904/FullPCCare-190903/1.0.0.15/Images/ACR-161/161.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-099/099.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-150/150.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-171/150.png","190904/FullPCCare-190903/1.0.0.15/Images/ACR-171/171.png"],"guid":"7315676f-c0ad-4b13-aa24-646f4f4b4564_1.0.0.15_1","appID":"FullPCCare-190903","dateAdded":"190904","deceptorType":"App","name":"Full PC Care 2.0","company":"ADVANCED PC UTILITIES","version":"1.0.0.15","sigName":"Deceptor:Win32/FullPCCare!048003004084168042010057055059155 ","lastKnownStatus":"Deceptor:1.0.0.15","lastKnownDate":"190904","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-09-04T17:16:46.5411873+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2117},{"violations":{"ACR-007":"The app hides all app notifications from the targeted consumer.\n","ACR-084":"The app hides itself from the All Apps Page and changes its name to \"Update Manager\".\n","ACR-086":"The app does not inform the affected consumer how it collects or transmits data.\n","ACR-097":"The app prompts the consumer to disable Play Protect.\n","ACR-014":"The app uses the name \"Update Manager\", misleading the targeted consumer. The app also names the keylogging service \"Standard Typing Service\", with the description \"Standard Typing Service is a core Android service that improves typing in a number of ways. For improved user experience, please make sure this service is enabled\", which misleads the target consumer.\n"},"nonDeceptorViolations":{"ACR-038":"Before the install the app calls itself \"Update Manager\", but during the install the app calls itself \"Android Monitor\".\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Landing Page does not display links to the Returns and Cancellation Policy.\nThe Internal Offers Page does not display links to the Returns and Cancellation Policy.\n","ACR-002":"Before the install the app calls itself \"Update Manager\", but during the install the app calls itself \"Android Monitor\".\nDuring the install the app calls itself \"Android Monitor\", but after the install the app calls itself \"Update Manager\".\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe Internal Offers page does not display links to uninstall information.\n","ACR-167":"The app does not offer a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"am_1_1567188779.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"ab80b7240696ccb7dc676cd141c81752","hashSHA1":"22e73c4082bd269ed1772cc29a5ea1013978d56a","hashSHA256":"696b78ea404c56571aef1e57f33eb8651fcd70f791bb6ebf09122d9cd0131a69","sourceIndex":"2857","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Recommended by \"Free Android Spy\" 'https://www.freeandroidspy.com/'","reference":"Hunt.Search","landingPage":"https://www.androidmonitor.com/","directDownloadingLink":"http://206.41.116.126/download.php?code=1567188802","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://206.41.116.126/download.php?code=1567188802","sourceIndex":"2857"}],"sampleFiles":["190903/AndroidMonitor-190830/1.0/Samples/am_1_1567188779.apk"],"imageFiles":["190903/AndroidMonitor-190830/1.0/Images/ACR-007/AndroidMonitor Different Name.png","190903/AndroidMonitor-190830/1.0/Images/ACR-014/AndroidMonitor Standard Typing Service 2.png","190903/AndroidMonitor-190830/1.0/Images/ACR-014/AndroidMonitor Standard Typing Service .png","190903/AndroidMonitor-190830/1.0/Images/ACR-014/AndroidMonitor Different Name.png","190903/AndroidMonitor-190830/1.0/Images/ACR-084/AndroidMonitor Different Name.png","190903/AndroidMonitor-190830/1.0/Images/ACR-084/AndroidMonitor All Apps.png","190903/AndroidMonitor-190830/1.0/Images/ACR-086/AndroidMonitor Different Name.png","190903/AndroidMonitor-190830/1.0/Images/ACR-097/AndroidMonitor Disable Play Protect.png"],"nonDeceptorImageFiles":["190903/AndroidMonitor-190830/1.0/Images/ACR-038/AndroidMonitor Install.png","190903/AndroidMonitor-190830/1.0/Images/ACR-038/AndroidMonitor Different Name install.png","190903/AndroidMonitor-190830/1.0/Images/ACR-065/AndroidMonitor Install.png","190903/AndroidMonitor-190830/1.0/Images/ACR-065/AndroidMonitor Different Name.png","190903/AndroidMonitor-190830/1.0/Images/ACR-065/AndroidMonitor Bottom of Landing Page.png","190903/AndroidMonitor-190830/1.0/Images/ACR-065/AndroidMonitor Internal Offers.png","190903/AndroidMonitor-190830/1.0/Images/ACR-002/AndroidMonitor Different Name install.png","190903/AndroidMonitor-190830/1.0/Images/ACR-002/AndroidMonitor Install.png","190903/AndroidMonitor-190830/1.0/Images/ACR-002/AndroidMonitor Install.png","190903/AndroidMonitor-190830/1.0/Images/ACR-002/AndroidMonitor Different Name.png","190903/AndroidMonitor-190830/1.0/Images/ACR-099/AndroidMonitor Different Name.png","190903/AndroidMonitor-190830/1.0/Images/ACR-099/AndroidMonitor Bottom of Landing Page.png","190903/AndroidMonitor-190830/1.0/Images/ACR-099/AndroidMonitor Internal Offers.png","190903/AndroidMonitor-190830/1.0/Images/ACR-167/AndroidMonitor Refund.png"],"guid":"bdd49f93-957b-49d1-9fef-11aabc9d50de_1.0_1","appID":"AndroidMonitor-190830","dateAdded":"190903","deceptorType":"Android App","name":"Android Monitor","company":"Android Monitor","version":"1.0","sigName":"Deceptor:Android/AndroidMonitorStalkerWare!007014084086097","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190903","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-04T00:03:36.2581392+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2123},{"violations":{"ACR-007":"The app hides all app notifications from the targeted consumer.\n","ACR-084":" The app removes itself from the All Apps page and hides from the targeted consumer.\n","ACR-086":"The app does not inform the consumer how it collects and transmits their data.\n","ACR-097":"The app prompts the user to disable Play Protect.\n","ACR-014":"The app names itself \"Update Manager\", misleading the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app calls itself \"Update Manager\" before the install, but it calls itself \"Free Android Spy\" during the install.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Landing Page does not display links to the Returns and Cancellation Policy.\nThe Internal Offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The app calls itself \"Update Manager\" before the install, but it calls itself \"Free Android Spy\" during the install.\nThe app calls itself \"Update Manager\", before and after the install.\n","ACR-099":"The app does not display links to the uninstall information.\nThe Landing Page does not display links to uninstall information.\nThe Internal Offers Page does not display links to uninstall information.\n","ACR-167":"The app does not offer a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"imusic_98_1567178823.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"803ec87ed407bdd67ebe7b0671ffcc15","hashSHA1":"b2547358cee47be929682b443cee669839019f4c","hashSHA256":"afeaae8fdf9bef2cb40a0a5b08483e817cbc309572272e27538494b24a8014e9","sourceIndex":"2858","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Securelist article \"Beware of Stalkerware\" 'https://securelist.com/beware-of-stalkerware/90264/'","reference":"Hunt.Search","landingPage":"https://www.freeandroidspy.com/","directDownloadingLink":"http://206.41.116.199/download.php?code=1567179812","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://206.41.116.199/download.php?code=1567179812","sourceIndex":"2858"}],"sampleFiles":["190903/FreeAndroidSpy-190828/1.0/Samples/imusic_98_1567178823.apk"],"imageFiles":["190903/FreeAndroidSpy-190828/1.0/Images/ACR-007/Free Android Spy All Apps Page.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-007/Free Android Spy Different Name.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-014/Free Android Spy Different Name.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-084/Free Android Spy All Apps Page.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-086/Free Android Spy Different Name.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-097/Free Android Spy Disable Play protect.png"],"nonDeceptorImageFiles":["190903/FreeAndroidSpy-190828/1.0/Images/ACR-038/Free Android Spy Install DIfferent Name.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-038/Free Android Spy First Page of Install.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-065/Free Android Spy First Page of Install.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-065/Free Android Spy Different Name.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-065/Free Android Spy Bottom of Landing Page.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-065/Free Android Spy Internal Offers Bottom.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-002/Free Android Spy First Page of Install.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-002/Free Android Spy Install DIfferent Name.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-002/Free Android Spy Different Name.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-099/Free Android Spy Different Name.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-099/Free Android Spy Bottom of Landing Page.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-099/Free Android Spy Internal Offers Bottom.png","190903/FreeAndroidSpy-190828/1.0/Images/ACR-167/Free Android Spy Refunds.png"],"guid":"1398731d-f3d5-4080-917c-faec4d5729ab_1.0_1","appID":"FreeAndroidSpy-190828","dateAdded":"190903","deceptorType":"Android App","name":"Free Android Spy","company":"Free Android Spy","version":"1.0","sigName":"Deceptor:Android/FreeAndroidSpyStalkerWare!007014084086097","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190903","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-04T00:01:00.0257376+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2122},{"violations":{"ACR-048":"The app prevents itself from being uninstalled by the targeted consumer.\n","ACR-007":"The app allows the person who installed the app to hide all app notifications from the targeted consumer.\n","ACR-084":"The app removes itself from the All Apps page and hides from the targeted consumer.\n","ACR-086":"The app does not inform the affected consumer that it collects or stores their data.\n","ACR-116":"The app cannot be uninstalled using platform standard features.\n","ACR-014":"The app calls itself \"Sync Service\", misleading the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app calls itself \"Sync Service\", which does not match the name of the app on the landing page.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Landing Page does not display links to the Returns and Cancellation Policy.\nThe Internal Offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The app calls itself \"Sync Service\" during and after the install, which is not consistent with the name \"Hoverwatch\", that is displayed on the Landing Page.\nThe app calls itself \"Sync Service\" before and after the install, but calls itself \"Hoverwatch\" during the install.\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the consumer to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe Landing Page does not display links to uninstall information.\nThe Internal Offers page does not display links to uninstall information.\n","ACR-121":"The app does not allow the targeted consumer to uninstall or disable the app.\n","ACR-167":"The app does not offer a refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"setup-nif7.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"0213169357effa5c8baec66806318d4a","hashSHA1":"0f32a78675b936370bd56227bbb941d0faf5cf24","hashSHA256":"f77079a4e9b77ef4e4b4a8afca99163f474e7e8f461231dc3f375c0093bb9a1e","sourceIndex":"2859","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Securelist article \"Beware of Stalkerware\" 'https://securelist.com/beware-of-stalkerware/90264/'","reference":"Hunt.Search","landingPage":"https://www.hoverwatch.com/","directDownloadingLink":"https://hw.cab/nif7","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hw.cab/nif7","sourceIndex":"2859"}],"sampleFiles":["190903/Hoverwatch-190828/6.4.285/Samples/setup-nif7.apk"],"imageFiles":["190903/Hoverwatch-190828/6.4.285/Images/ACR-048/Hoverwatch Cannot be disabled:uninstalled.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-007/Hoverwatch Able to Hide Icon.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-007/Hoverwatch Disable Notifications.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-014/Hoverwatch Cannot be disabled:uninstalled.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-084/Hoverwatch All Apps Page.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-086/Hoverwatch Cannot be disabled:uninstalled.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-086/Hoverwatch All Apps Page.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-116/Hoverwatch Cannot be disabled:uninstalled.png"],"nonDeceptorImageFiles":["190903/Hoverwatch-190828/6.4.285/Images/ACR-038/Hoverwatch Different Name.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-002/Hoverwatch Cannot be disabled:uninstalled.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-002/Hoverwatch Bottom of Landing Page.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-002/Hoverwatch Different Name.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-002/Hoverwatch EULA.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-161/Hoverwatch Testimonials.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-082/Hoverwatch Reports.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-099/Hoverwatch Cannot be disabled:uninstalled.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-099/Hoverwatch Bottom of Landing Page.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-099/Hoverwatch Internal Offers.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-121/Hoverwatch Cannot be disabled:uninstalled.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-167/Hoverwatch Internal Offers.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-167/Hoverwatch Bottom of Landing Page.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-065/Hoverwatch Different Name.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-065/Hoverwatch EULA.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-065/Hoverwatch Cannot be disabled:uninstalled.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-065/Hoverwatch Bottom of Landing Page.png","190903/Hoverwatch-190828/6.4.285/Images/ACR-065/Hoverwatch Internal Offers.png"],"guid":"bbcba840-088d-433f-850b-a968fd823729_6.4.285_1","appID":"Hoverwatch-190828","dateAdded":"190903","deceptorType":"Android App","name":"Hoverwatch","company":"Hoverwatch","version":"6.4.285","sigName":"Deceptor:Android/HoverwatchStalkerWare!00701404808408616","lastKnownStatus":"Deceptor:6.4.285","lastKnownDate":"190903","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-03T23:59:34.6173952+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2121},{"violations":{"ACR-048":"The app hides from the consumer by removing its icon from the All Apps page. This makes it difficult for the targeted consumer to uninstall the app.\n","ACR-007":"The app, by default, hides all app notifications from the targeted consumer.\n","ACR-084":"The app hides its icon from the All Apps page. The app called itself \"Backup\" once installed.\n","ACR-086":"Once installed, the app does not inform the targeted consumer how it collects and transmits data. It only informs the consumer who installs the app, which is insufficient.\n","ACR-097":"The app tells the user to disable Play Protect and all Google Play notifications, which allows the app to evade security investigation or detection. Once installed, the app calls itself \"Backup\" to evade notice by the targeted consumer.\n","ACR-014":"After install, app calls itself \"Backup\", which is misleading to the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"After install, the app calls itself \"Backup\", making it hard for the targeted consumer to identify the app.\n","ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe software does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Internal Offers Page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The application refers to itself as \"Backup\" after it is installed.\nAfter installing, the app refers to itself as \"Backup\".\n","ACR-161":"The landing page displays unverifiable testimonials.\nThe Internal Offers page displays unverifiable testimonials.\n","ACR-082":"Although the EULA and webpage does inform the consumer that they may be breaking the law, the app enables the consumer to easily violate many laws.\n","ACR-099":"The software does not display links to uninstall information.\nThe app does not display links to uninstall information on the landing page.\nThe Internal Offers Page does not display links to uninstall information.\n","ACR-167":"The app does not provide a refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"mon13.0.0.0_new.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"71fc8a2493e556fe6de56a9269918f89","hashSHA1":"97a94bdb20d81af88d77dcb65932c75ab24b8c96","hashSHA256":"8b2961b5fb0ddbd70ef6745c0fc7708a32d6576c964b5e05628e5b6dd4b1ad40","sourceIndex":"2790","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Securelist article \"Beware of Stalkerware\" 'https://securelist.com/beware-of-stalkerware/90264/'","reference":"Hunt.Search","landingPage":"https://www.spappmonitoring.com/","directDownloadingLink":"https://www.spappmonitoring.com/spapp_download/download/download138287","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spappmonitoring.com/spapp_download/download/download138287","sourceIndex":"2790"}],"sampleFiles":["190903/SpyPhoneApp-190823/13.0.0.0/Samples/mon13.0.0.0_new.apk"],"imageFiles":["190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-007/SPAPP Beginning of Install.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-086/SPAPP After Install is Finished.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-084/SPAPP After Install is Finished.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-084/SPAPP No EULA.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-097/SPAPP Disable Play Protect.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-097/SPAPP No EULA.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-014/SPAPP No EULA.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-048/SPAPP After Install is Finished.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-048/SPAPP Before Install is Finished.png"],"nonDeceptorImageFiles":["190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-038/SPAPP App was Blocked.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-038/SPAPP No EULA.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-038/SPAPP Before Install is Finished.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-082/SPAPP 18 or Older.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-082/SPAPP Refund Policy.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-082/SPAPP Recording Phone Calls.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-099/SPAPP No EULA.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-099/SPAPP Bottom of Landing Page.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-099/SPAPP Internal Offers Page.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-161/SPAPP Testimonial.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-161/SPAPP Internal Offers Page.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-065/SPAPP Beginning of Install.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-065/SPAPP No EULA.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-167/SPAPP Refund Policy.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-002/SPAPP Before Install APK.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-002/SPAPP Beginning of Install.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-002/SPAPP No EULA.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-002/SPAPP App was Blocked.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-002/SPAPP No EULA.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-002/SPAPP Before Install APK.png","190903/SpyPhoneApp-190823/13.0.0.0/Images/ACR-065/SPAPP Internal Offers Page.png"],"guid":"4bc50fb1-50ce-4ba8-ae31-e20b880eabe2_13.0.0.0_1","appID":"SpyPhoneApp-190823","dateAdded":"190903","deceptorType":"Android App","name":"SPAPP Monitoring","company":"MONAPP COLABS LIMITED","version":"13.0.0.0","sigName":"Deceptor:Android/SpyPhoneAppStalkerware!007014048084086097","lastKnownStatus":"Deceptor:13.0.0.0","lastKnownDate":"190903","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-13T17:38:47.7373545+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2118},{"violations":{"ACR-048":"The app gives the consumer the ability to prevent the affected consumer from uninstalling the app.\n","ACR-007":"The affected consumer is not informed when the person who installed the app changes the app to a system app; preventing it from being uninstalled. The affected consumer is also not informed when the person who installed the app prevents them from installing anti-virus or system cleaners.\n","ACR-084":"The affected consumer is not informed when the app starts running.\n","ACR-086":"The app does not inform the affected consumer about how it is collecting data.\n","ACR-097":"The app asks the user to disable Play Protect. The app also gives the consumer the ability to prevent the targeted consumer from installing anti-virus software or system cleaners.\n","ACR-014":"During and after install, the app calls itself \"Kernel Installer\", which is misleading to the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app uses the name \"Kernel Dispatcher\" during and after the install, which does not have any relation to the app's name, \"Reptilicus\".\n","ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Internal Offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The app uses the name \"Kernel Dispatcher\" during and after the install, which does not have any relation to the app's name, \"Reptilicus\".\nThe app names itself \"Kernel Dispatcher\", which has no relation to the name on the landing page, \"Reptilicus\".\n","ACR-082":"The app enables the consumer to violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe Landing Page does not display links to uninstall information.\nThe Internal Offers page does not display links to uninstall information.\n","ACR-121":"The app allows the person who installed the application to prevent the affected consumer from completely uninstalling the app.\n","ACR-167":"The app does not offer a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ReptilicusRelease-inst-210.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"8b58cfa79d7a6ba7d95cc0ca7fbb6c06","hashSHA1":"a3a3e118c9e47c949ac995d7638193f63a68c616","hashSHA256":"b04afa264292511d139605687f674e4e65046791a276357d4fcddc526672861a","sourceIndex":"2860","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Securelist article \"Beware of Stalkerware\" 'https://securelist.com/beware-of-stalkerware/90264/'","reference":"Hunt.Search","landingPage":"https://reptilicus.net/","directDownloadingLink":"https://vipfile.uz/fsfl/L4LHL5nsK9QeNDz","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://vipfile.uz/fsfl/L4LHL5nsK9QeNDz","sourceIndex":"2860"}],"sampleFiles":["190903/Reptilicus-190828/210/Samples/ReptilicusRelease-inst-210.apk"],"imageFiles":["190903/Reptilicus-190828/210/Images/ACR-048/Reptilicus Maybe cant be uninstalled.png","190903/Reptilicus-190828/210/Images/ACR-048/Reptilicus Cant uninstall.png","190903/Reptilicus-190828/210/Images/ACR-007/Reptilicus Maybe cant be uninstalled.png","190903/Reptilicus-190828/210/Images/ACR-007/Reptilicus Cant uninstall.png","190903/Reptilicus-190828/210/Images/ACR-007/Reptilicus Conflicted Apps .png","190903/Reptilicus-190828/210/Images/ACR-014/Reptilicus Cant uninstall.png","190903/Reptilicus-190828/210/Images/ACR-014/Reptilicus Different Name.png","190903/Reptilicus-190828/210/Images/ACR-084/Reptilicus Different Name.png","190903/Reptilicus-190828/210/Images/ACR-086/Reptilicus Cant uninstall.png","190903/Reptilicus-190828/210/Images/ACR-097/Reptilicus Block Play Protect.png","190903/Reptilicus-190828/210/Images/ACR-097/Reptilicus Play Protect Disabled.png","190903/Reptilicus-190828/210/Images/ACR-097/Reptilicus Conflicted Apps .png"],"nonDeceptorImageFiles":["190903/Reptilicus-190828/210/Images/ACR-038/Reptilicus Different Name at start of Install.png","190903/Reptilicus-190828/210/Images/ACR-065/Reptilicus Different Name at start of Install.png","190903/Reptilicus-190828/210/Images/ACR-065/Reptilicus Check Box for Legal.png","190903/Reptilicus-190828/210/Images/ACR-065/Reptilicus Other Internal Offers.png","190903/Reptilicus-190828/210/Images/ACR-065/Reptilicus Internal Offers 1.png","190903/Reptilicus-190828/210/Images/ACR-002/Reptilicus Different Name at start of Install.png","190903/Reptilicus-190828/210/Images/ACR-002/Reptilicus Different Name.png","190903/Reptilicus-190828/210/Images/ACR-002/Reptilicus Different Name at start of Install.png","190903/Reptilicus-190828/210/Images/ACR-002/Reptilicus Cant uninstall.png","190903/Reptilicus-190828/210/Images/ACR-082/Reptilicus General Terms.png","190903/Reptilicus-190828/210/Images/ACR-082/Reptilicus Disclaimer.png","190903/Reptilicus-190828/210/Images/ACR-082/Reptilicus Whatsapp calls.png","190903/Reptilicus-190828/210/Images/ACR-082/Reptilicus More Call Recording.png","190903/Reptilicus-190828/210/Images/ACR-099/Reptilicus Check Box for Legal.png","190903/Reptilicus-190828/210/Images/ACR-099/Reptilicus Cant uninstall.png","190903/Reptilicus-190828/210/Images/ACR-099/Reptilicus Bottom of Landing Page.png","190903/Reptilicus-190828/210/Images/ACR-099/Reptilicus Internal Offers 1.png","190903/Reptilicus-190828/210/Images/ACR-099/Reptilicus Other Internal Offers.png","190903/Reptilicus-190828/210/Images/ACR-121/Reptilicus Maybe cant be uninstalled.png","190903/Reptilicus-190828/210/Images/ACR-121/Reptilicus Cant uninstall.png","190903/Reptilicus-190828/210/Images/ACR-167/Reptilicus Refund Policy.png"],"guid":"0c93586a-1226-44d1-a736-6b083f3368d3_210_1","appID":"Reptilicus-190828","dateAdded":"190903","deceptorType":"Android App","name":"Reptilicus","company":"Reptilicus","version":"210","sigName":"Deceptor:Android/ReptilicusStalkerWare!007014048084086097","lastKnownStatus":"Deceptor:210","lastKnownDate":"190903","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-03T23:57:44.2799251+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2119},{"violations":{"ACR-042":" Install does not obtain explicit user action for installing the offered Driver Updater. \n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"bmppsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Boost My-PC Pro                                             ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"fbc400bcd65821fabb884cea5524b113","hashSHA1":"287adb5d667918b32aa266dfb18d97d184808f0e","hashSHA256":"7a9539fca2c19a62136585a2d1220faca5e6a04301871635da89b05b8adf955d","digitalCertThumbprint":"7E7F8AD74A698A497C019C7D648F030345F55AF3","sourceIndex":"2862","avBlockList":["Avast Internet Security (20190523)","AVG Internet Security (20190523)","Avira Internet Security (20190523)","ESET Internet Security (20190523)","G DATA INTERNET SECURITY (20190523)","K7 Total Security (20190523)","Kaspersky Internet Security (20190523)","Malwarebytes Premium (20190523)","McAfee Total Protection (20190523)","Norton Security (20190523)","Panda Dome (20190523)","Sophos Home Premium (20190523)","Trend Micro Internet Security (20190523)","VirIT eXplorer PRO (20190523)","Webroot SecureAnywhere (20190523)","Windows Defender (20190523)","360 Total Security (20190523)","COMODO Antivirus (20190523)","Dr.Web Security Space (20190523)","Quick Heal Internet Security (20190523)","SpyHunter5 (20190425)"],"avAllowList":["Bitdefender Internet Security (20190523)","F-PROT Antivirus for Windows (20190425)","Tencent PC Manager (20190523)","VIPRE Advanced Security (20190523)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Boost My-PC Pro for DESKTOP-8QAR3KI\\rtc.exe","productName":"PC Secure Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"26ebf2cf6420237f7792979024e25ff3","hashSHA1":"b752e01aa524d8a830674b2b16ced52c6b0edb4a","hashSHA256":"50d5581813e697d3a3dc0cd6c3edef7e98252882da73bef1cccaf477c1a0c034","digitalCertThumbprint":"7E7F8AD74A698A497C019C7D648F030345F55AF3","sourceIndex":"2862","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bmppsetup (1.0.0.50).exe","isInstaller":"True","productVersion":"1.0.0.50","fileVersion":"1.0.0.50","hashMD5":"fd10a8afb40789ab9b99aa29377648c0","hashSHA1":"6322bbc9c3e47987240ac8f2744579690067f279","hashSHA256":"b0c70e988e9985d4fc8975660404f920f31ebe7a5b5cacfe87799323824c296d","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2863","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","VirIT eXplorer PRO (20190815)","Windows Defender (20190815)"],"avAllowList":["Bitdefender Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","Webroot SecureAnywhere (20190815)"]},{"isRevoked":"False","fileName":"bmppsetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"64288d4b4252bd887d29842330b40579","hashSHA1":"865c36c632986889ac957530c20b369a1b2fdfdd","hashSHA256":"b6f0679559df4cb24ebb50a5b5ee78a0a5dd75f6496ac1eb9357608b128573d8","digitalCertThumbprint":"34BBAF071CE0C5AD46E234ACACC52A93E7C1AE2E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TWEAK PC TOOLS, OU=IT, O=TWEAK PC TOOLS, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2864","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":[]},{"isRevoked":"False","fileName":"bmppsetup (1.0.0.0) 2.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"04b4301f7a25bb2067ab3997662d67a4","hashSHA1":"657e2d6282f0d5eb12cf776470ff75510b8f48ce","hashSHA256":"f8c56d81881068247cd3df1e333120fee8b6c3e2b6f64daaa36dbac0fa292631","digitalCertThumbprint":"34BBAF071CE0C5AD46E234ACACC52A93E7C1AE2E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TWEAK PC TOOLS, OU=IT, O=TWEAK PC TOOLS, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2865","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":[]},{"isRevoked":"False","fileName":"bmppsetup (1.0.0.50) 2.exe","isInstaller":"True","productVersion":"1.0.0.50","fileVersion":"1.0.0.50","hashMD5":"76366cbc23ccc6f57c0f276de56500bf","hashSHA1":"cc5d2eabf965a116dc19751723b938a27d3b963b","hashSHA256":"5fd053d8a227d8a3b359022dcab78315342eeec8cd6e46dafb195f9ee6e196e3","digitalCertThumbprint":"EAE1B1CCBDBF4E8D74CE59C0FDA20C1438404AF0","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GENNEXT PC LOGICS, OU=IT, O=GENNEXT PC LOGICS, POBox=333028, STREET=WARD NUMBER 12 SULTANA, L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"2866","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":["COMODO Antivirus (20191128)"]},{"isRevoked":"False","fileName":"bmppsetup (1.0.0.50) 3.exe","isInstaller":"True","productVersion":"1.0.0.50","fileVersion":"1.0.0.50","hashMD5":"98d9d6b3995e2b52a3556964847132b4","hashSHA1":"a8bccbe905a36d37d91899902086bd80368e30b2","hashSHA256":"b35feb289a0d422718138ae6a9f4c962de62136bf8675353338c3204ca2c4d7d","digitalCertThumbprint":"B464A711FB2AD3748EB5F6F0E764B79D4DF4E1ED","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TECHNOSOFT SOLUTIONS, OU=IT, O=TECHNOSOFT SOLUTIONS, POBox=303802, STREET=\"291, JYOTI FURNITURE, DHOLI MANDI, CHOMU\", L=Tripolia Chomu, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2867","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":["COMODO Antivirus (20191128)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"To fix these, you need to purchase the activation key\"","reference":"http://bitscleanuputils.xyz/","landingPage":"http://bitscleanuputils.xyz/","directDownloadingLink":"http://dl.bitscleanuputils.xyz/bmpp/securerc/bitscleanuputils_xyz/bmppsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.bitscleanuputils.xyz/bmpp/securerc/bitscleanuputils_xyz/bmppsetup.exe","sourceIndex":"2862"},{"howFound":"","reference":"http://tunetopsystem.club/","landingPage":"http://dl.tunetopsystem.club/bmpp/securerc/tunetopsystem_club/bmppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2863"},{"howFound":"","reference":"","landingPage":"http://qbitsyspcboost.club/","directDownloadingLink":"http://dl.qbitsyspcboost.live/bmpp/securerc/qbitsyspcboost_club/bmppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2864"},{"howFound":"","reference":"","landingPage":"http://qbitsyspcboost.live/","directDownloadingLink":"http://dl.qbitsyspcboost.live/bmpp/securerc/qbitsyspcboost_live/bmppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2865"},{"howFound":"","reference":"","landingPage":"http://qbitoptimizer.live/","directDownloadingLink":"http://dl.qbitoptimizer.live/bmpp/securerc/qbitoptimizer_live/bmppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2866"},{"howFound":"","reference":"","landingPage":"http://qbitoptimizer.club/","directDownloadingLink":"http://dl.qbitoptimizer.club/bmpp/securerc/qbitoptimizer_club/bmppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2867"}],"sampleFiles":["190903/BoostMyPCPro-190226/1.0.0.0/Samples/bmppsetup.exe","190903/BoostMyPCPro-190226/1.0.0.0/Samples/rtc.exe","190903/BoostMyPCPro-190226/1.0.0.0/Samples/bmppsetup (1.0.0.50).exe","190903/BoostMyPCPro-190226/1.0.0.0/Samples/bmppsetup (1.0.0.0).exe","190903/BoostMyPCPro-190226/1.0.0.0/Samples/bmppsetup (1.0.0.0) 2.exe","190903/BoostMyPCPro-190226/1.0.0.0/Samples/bmppsetup (1.0.0.50) 2.exe","190903/BoostMyPCPro-190226/1.0.0.0/Samples/bmppsetup (1.0.0.50) 3.exe"],"imageFiles":["190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-003/003.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-003/003_2.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-003/003_048.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-004/003.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-004/004.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-010/010.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-084/084.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-168/003.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-168/168.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-055/010.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-059/010.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-042/010.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-048/003_048.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-097/097.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-057/010.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-161/161.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-099/099.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-150/150_171.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-171/150_171.png","190903/BoostMyPCPro-190226/1.0.0.0/Images/ACR-171/171.png"],"guid":"95978a38-37bc-4985-bb02-58aa9f74c014_1.0.0.0_1","appID":"BoostMyPCPro-190226","dateAdded":"190903","deceptorType":"App","name":"Boost My PC Pro","company":"PC Fixers Tools","version":"1.0.0.0","sigName":"Deceptor:Win32/BoostMyPCPro!003004010084168055059042048097057155 ","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2045},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Management Tool which were not pre-disclosed.\n","ACR-017":"Microsoft Partner logo needs to disclose “Developed By” or “Using Technologies” and should be verifiable.\n"},"samples":[{"isRevoked":"False","fileName":"mbcpsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"mBytes Clean~ Pro                                           ","productVersion":"1.0.0.2                                           ","fileVersion":"1.0.0.2             ","hashMD5":"608a928f232ea9cad6f349c94de10b75","hashSHA1":"ed4fb9162800568e9ca2679e9c77c469d2beb9c3","hashSHA256":"425ac0f46dacec3e7ab9f8881f09533a0712b0784da022acdf5c825510465d71","digitalCertThumbprint":"135E8FFCA1DC786B30255FEBD50AA6DEC22ECB97","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANER SOFTWARES, OU=IT, O=PC CLEANER SOFTWARES, POBox=333028, STREET=\"Ward No: 12, Sultana\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"392","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","Bitdefender Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\mBytes Clean~ Pro for DESKTOP-8QAR3KI\\rtc.exe","productName":"System CleanUp Tool","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"57a257ee593f57406123c95dd99c0578","hashSHA1":"a2607851279f17f7cfe124eafe69a4667f3bc3a2","hashSHA256":"9eb5d878c174edeb6a5d0fee17a91f93d70ac1661fec8f13ca023de90246e649","digitalCertThumbprint":"135E8FFCA1DC786B30255FEBD50AA6DEC22ECB97","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANER SOFTWARES, OU=IT, O=PC CLEANER SOFTWARES, POBox=333028, STREET=\"Ward No: 12, Sultana\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"392","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.1).exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"e3da130d63eb8e1b2cda937bf71cf1b4","hashSHA1":"9e0e68f682a29bd53c4d42c7b8847c30193586dd","hashSHA256":"7eb11bfa4a123370f3af8e38b71d12aff7b7f878d252ccc1d3f3bb6bcf14d1ff","digitalCertThumbprint":"14361D2E1CAD235DDD1130731A18EC2804147928","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"393","avBlockList":["360 Total Security (20190819)","Avast Internet Security (20190819)","AVG Internet Security (20190819)","Avira Internet Security (20190819)","Bitdefender Internet Security (20190819)","COMODO Antivirus (20190819)","Dr.Web Security Space (20190819)","ESET Internet Security (20190819)","G DATA INTERNET SECURITY (20190819)","K7 Total Security (20190819)","Kaspersky Internet Security (20190819)","Malwarebytes Premium (20190819)","McAfee Total Protection (20190819)","Panda Dome (20190819)","Quick Heal Internet Security (20190819)","Sophos Home Premium (20190819)","Tencent PC Manager (20190819)","Trend Micro Internet Security (20190819)","VIPRE Advanced Security (20190819)","VirIT eXplorer PRO (20190819)","Webroot SecureAnywhere (20190819)","Windows Defender (20190819)","Norton Security (20190819)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.2).exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"38889a22e538aac17f993c1207c76b9f","hashSHA1":"22f3b9275329772c9607c2cd1b317d20745b1a7a","hashSHA256":"2bcb7f7a1164e35dd6eb834e0f76dbda00d4f20aa8ab15bfbde7eeb7901460d9","digitalCertThumbprint":"DD5D238E52F7FF4E7FEA5FD9F088AB9BB09A3B36","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANUP UTILITIES, OU=Back Office, O=PC CLEANUP UTILITIES, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"394","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","Avira Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Norton Security (20190627)","Quick Heal Internet Security (20190627)","Sophos Home Premium (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)"],"avAllowList":["Bitdefender Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","Panda Dome (20190627)","Tencent PC Manager (20190627)","Trend Micro Internet Security (20190627)","VIPRE Advanced Security (20190627)"]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.2) 2.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"891e29b59cfc2eb72b48e8d6b8a804ed","hashSHA1":"acdf121f6ba042322a7f22dbd4df42c598e8ddf2","hashSHA256":"78e176a4344c2f4ba437c3b961d9eb13438da50401909354fbdc24a302767319","digitalCertThumbprint":"39405747CADE5092A3C77D1D25A5F14E0CDD218F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"395","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","Avira Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Norton Security (20190627)","Panda Dome (20190627)","Quick Heal Internet Security (20190627)","Sophos Home Premium (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)"],"avAllowList":["Bitdefender Internet Security (20190627)","Tencent PC Manager (20190627)","Trend Micro Internet Security (20190627)","VIPRE Advanced Security (20190627)"]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.2) 3.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"d805daf74d4d855170df1f0992c75b31","hashSHA1":"8a232415f350889096abf3013cf55db42a5f6b95","hashSHA256":"f3d6912b4be485981ee7a2bad6871eb06c723bb207929957bd1b860150f29526","digitalCertThumbprint":"39405747CADE5092A3C77D1D25A5F14E0CDD218F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"396","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Norton Security (20190701)","Quick Heal Internet Security (20190701)","Sophos Home Premium (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)"],"avAllowList":["Bitdefender Internet Security (20190701)","G DATA INTERNET SECURITY (20190701)","Panda Dome (20190701)","Tencent PC Manager (20190701)","Trend Micro Internet Security (20190701)","VIPRE Advanced Security (20190701)"]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.2) 4.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"466454f6849b076c0c60720ded92d2c0","hashSHA1":"2e54898220a9c147400fec519381018591dec0c5","hashSHA256":"18d4bff42d622ab0ba53621094449ad5c38fee2d97df08a0ba724bc2c9615d76","digitalCertThumbprint":"135E8FFCA1DC786B30255FEBD50AA6DEC22ECB97","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANER SOFTWARES, OU=IT, O=PC CLEANER SOFTWARES, POBox=333028, STREET=\"Ward No: 12, Sultana\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"397","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","G DATA INTERNET SECURITY (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Norton Security (20190701)","Quick Heal Internet Security (20190701)","Sophos Home Premium (20190701)","Trend Micro Internet Security (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)"],"avAllowList":["Bitdefender Internet Security (20190701)","Panda Dome (20190701)","Tencent PC Manager (20190701)","VIPRE Advanced Security (20190701)"]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.1) 2.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"bc3cfe40a158adf818b4601ac8437c7a","hashSHA1":"64bb6100d490178111a84d47858cced885242ab9","hashSHA256":"0c0e568f6ef64cd1b46bdd006d1b0afc43313a02b5e78f60fc924a8345fa1adf","digitalCertThumbprint":"39405747CADE5092A3C77D1D25A5F14E0CDD218F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"398","avBlockList":["360 Total Security (20190704)","Avast Internet Security (20190704)","AVG Internet Security (20190704)","Avira Internet Security (20190704)","COMODO Antivirus (20190704)","Dr.Web Security Space (20190704)","ESET Internet Security (20190704)","G DATA INTERNET SECURITY (20190704)","K7 Total Security (20190704)","Kaspersky Internet Security (20190704)","Malwarebytes Premium (20190704)","McAfee Total Protection (20190704)","Norton Security (20190704)","Panda Dome (20190704)","Quick Heal Internet Security (20190704)","Sophos Home Premium (20190704)","Trend Micro Internet Security (20190704)","VirIT eXplorer PRO (20190704)","Webroot SecureAnywhere (20190704)","Windows Defender (20190704)"],"avAllowList":["Bitdefender Internet Security (20190704)","Tencent PC Manager (20190704)","VIPRE Advanced Security (20190704)"]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.2) 5.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"29fad775e12827053ef19e05f19bb0d3","hashSHA1":"678328efd61800232d5256f82b88f6a287ec7f26","hashSHA256":"1e97ed1c040c69c87faa694df2c0db668a1e032aced872763a30cbe953b99940","digitalCertThumbprint":"DD5D238E52F7FF4E7FEA5FD9F088AB9BB09A3B36","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANUP UTILITIES, OU=Back Office, O=PC CLEANUP UTILITIES, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"399","avBlockList":["360 Total Security (20190704)","Avast Internet Security (20190704)","AVG Internet Security (20190704)","Avira Internet Security (20190704)","COMODO Antivirus (20190704)","Dr.Web Security Space (20190704)","ESET Internet Security (20190704)","G DATA INTERNET SECURITY (20190704)","K7 Total Security (20190704)","Kaspersky Internet Security (20190704)","Malwarebytes Premium (20190704)","McAfee Total Protection (20190704)","Norton Security (20190704)","Panda Dome (20190704)","Quick Heal Internet Security (20190704)","Sophos Home Premium (20190704)","Trend Micro Internet Security (20190704)","VIPRE Advanced Security (20190704)","VirIT eXplorer PRO (20190704)","Webroot SecureAnywhere (20190704)","Windows Defender (20190704)"],"avAllowList":["Bitdefender Internet Security (20190704)","Tencent PC Manager (20190704)"]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.1) 3.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"089c42ca17a2947ceeb05c600bd2c7be","hashSHA1":"729de07e7eddd1a385a352a8ae117dfc13f5e0de","hashSHA256":"72e655937420c7c4974ac637229057d9151d6d09b5d3a62c2a3df147f0a26d2f","digitalCertThumbprint":"14361D2E1CAD235DDD1130731A18EC2804147928","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SMART PC LOGICS, OU=IT, O=SMART PC LOGICS, POBox=110034, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"400","avBlockList":["360 Total Security (20190708)","Avast Internet Security (20190708)","AVG Internet Security (20190708)","Avira Internet Security (20190708)","COMODO Antivirus (20190708)","Dr.Web Security Space (20190708)","ESET Internet Security (20190708)","K7 Total Security (20190708)","Kaspersky Internet Security (20190708)","Malwarebytes Premium (20190708)","McAfee Total Protection (20190708)","Norton Security (20190708)","Panda Dome (20190708)","Quick Heal Internet Security (20190708)","Sophos Home Premium (20190708)","VirIT eXplorer PRO (20190708)","Webroot SecureAnywhere (20190708)","Windows Defender (20190708)"],"avAllowList":["Bitdefender Internet Security (20190708)","G DATA INTERNET SECURITY (20190708)","Tencent PC Manager (20190708)","Trend Micro Internet Security (20190708)","VIPRE Advanced Security (20190708)"]},{"isRevoked":"False","fileName":"mbscsetup (1.0.0.0).exe","isInstaller":"True","productName":"mBytes System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"9c422b00576250ede6aeac1b1843400f","hashSHA1":"3779f6a1a52f38c76581def2aebee82ae3c74300","hashSHA256":"6a44837d8509cb806df37642c16d096557a52a9d8a14ab277b154741001b559a","digitalCertThumbprint":"6E8BA8E3E0F85C4377E5FCE0326E559D8AF92456","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=VINACLE SOFTWARES, OU=it, O=VINACLE SOFTWARES, POBox=302039, STREET=\"B-121, Ganesh Nagar, MD Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"401","avBlockList":["360 Total Security (20190708)","Avast Internet Security (20190708)","AVG Internet Security (20190708)","Avira Internet Security (20190708)","Bitdefender Internet Security (20190708)","COMODO Antivirus (20190708)","Dr.Web Security Space (20190708)","ESET Internet Security (20190708)","G DATA INTERNET SECURITY (20190708)","K7 Total Security (20190708)","Kaspersky Internet Security (20190708)","Malwarebytes Premium (20190708)","McAfee Total Protection (20190708)","Norton Security (20190708)","Panda Dome (20190708)","Quick Heal Internet Security (20190708)","Sophos Home Premium (20190708)","Tencent PC Manager (20190708)","Trend Micro Internet Security (20190708)","VIPRE Advanced Security (20190708)","VirIT eXplorer PRO (20190708)","Webroot SecureAnywhere (20190708)","Windows Defender (20190708)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbscsetup (1.0.0.0) 2.exe","isInstaller":"True","productName":"mBytes System Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"072edb326ec13998e0ea1d965ef7f6a8","hashSHA1":"2190c8edd76f2bff01ce61daa8805e67c9635c41","hashSHA256":"8bf5ba03498535a2dc90899491f9ff4c7422eecab45f253bd139c3bbb7e1c2e6","digitalCertThumbprint":"6E8BA8E3E0F85C4377E5FCE0326E559D8AF92456","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=VINACLE SOFTWARES, OU=it, O=VINACLE SOFTWARES, POBox=302039, STREET=\"B-121, Ganesh Nagar, MD Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"402","avBlockList":["360 Total Security (20190620)","Avast Internet Security (20190620)","AVG Internet Security (20190620)","Avira Internet Security (20190620)","COMODO Antivirus (20190620)","Dr.Web Security Space (20190620)","ESET Internet Security (20190620)","G DATA INTERNET SECURITY (20190620)","K7 Total Security (20190620)","Kaspersky Internet Security (20190620)","Malwarebytes Premium (20190620)","McAfee Total Protection (20190620)","Norton Security (20190620)","Panda Dome (20190620)","Quick Heal Internet Security (20190620)","Sophos Home Premium (20190620)","Trend Micro Internet Security (20190620)","VirIT eXplorer PRO (20190620)","Webroot SecureAnywhere (20190620)","Windows Defender (20190620)"],"avAllowList":["Bitdefender Internet Security (20190620)","Tencent PC Manager (20190620)","VIPRE Advanced Security (20190620)"]},{"isRevoked":"False","fileName":"mbscsetup (1.0.0.0) 3.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1c3cab7164e28c044d6d98946bc3124a","hashSHA1":"e67f6284e93b02cba080d41858f7593aaae57f34","hashSHA256":"c96364c1d16bf044a1f57d905295483eddfe22524fe19adbf7feefcf07add991","digitalCertThumbprint":"6E8BA8E3E0F85C4377E5FCE0326E559D8AF92456","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=VINACLE SOFTWARES, OU=it, O=VINACLE SOFTWARES, POBox=302039, STREET=\"B-121, Ganesh Nagar, MD Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"404","avBlockList":["360 Total Security (20191014)","Avast Internet Security (20191014)","AVG Internet Security (20191014)","Avira Internet Security (20191014)","Bitdefender Internet Security (20191014)","COMODO Antivirus (20191014)","Dr.Web Security Space (20191014)","ESET Internet Security (20191014)","G DATA INTERNET SECURITY (20191014)","K7 Total Security (20191014)","Kaspersky Internet Security (20191014)","Malwarebytes Premium (20191014)","McAfee Total Protection (20191014)","Norton Security (20191014)","Panda Dome (20191014)","Quick Heal Internet Security (20191014)","Sophos Home Premium (20191014)","Tencent PC Manager (20191014)","Trend Micro Internet Security (20191014)","VIPRE Advanced Security (20191014)","VirIT eXplorer PRO (20191014)","Webroot SecureAnywhere (20191014)","Windows Defender (20191014)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.2) 6.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"de65c9a1b873dd71c7d99c530aa1eb44","hashSHA1":"6832888b3a65568db94c19beaba0f09ebf267f86","hashSHA256":"2ba3e10175a526e217fb2894be61a5254b079c70bc351be354c4b9f3dcef5aa2","digitalCertThumbprint":"39405747CADE5092A3C77D1D25A5F14E0CDD218F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"405","avBlockList":["360 Total Security (20191024)","Avast Internet Security (20191024)","AVG Internet Security (20191024)","Avira Internet Security (20191024)","Bitdefender Internet Security (20191024)","COMODO Antivirus (20191024)","Dr.Web Security Space (20191024)","ESET Internet Security (20191024)","G DATA INTERNET SECURITY (20191024)","K7 Total Security (20191024)","Kaspersky Internet Security (20191024)","Malwarebytes Premium (20191024)","McAfee Total Protection (20191024)","Norton Security (20191024)","Panda Dome (20191024)","Quick Heal Internet Security (20191024)","Sophos Home Premium (20191024)","Tencent PC Manager (20191024)","Trend Micro Internet Security (20191024)","VIPRE Advanced Security (20191024)","VirIT eXplorer PRO (20191024)","Webroot SecureAnywhere (20191024)","Windows Defender (20191024)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.2) 7.exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"a18923bbffea6dcc7d85d451fda596aa","hashSHA1":"2339465999905598d33c68ee1dde1bd1497a9bc6","hashSHA256":"2315178d29d4f22120355509fc52a0ba9ea7740e21d0979e44a4a42b3f489bd9","digitalCertThumbprint":"DD5D238E52F7FF4E7FEA5FD9F088AB9BB09A3B36","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CLEANUP UTILITIES, OU=Back Office, O=PC CLEANUP UTILITIES, STREET=\"WZ-563, TOP FLOOR, RISHI NAGAR, RANI BAGH NORTH\", L=WEST DELHI, S=DELHI, PostalCode=110034, C=IN","sourceIndex":"406","avBlockList":["360 Total Security (20191111)","Avast Internet Security (20191111)","AVG Internet Security (20191111)","Avira Internet Security (20191111)","Bitdefender Internet Security (20191111)","COMODO Antivirus (20191111)","Dr.Web Security Space (20191111)","ESET Internet Security (20191111)","G DATA INTERNET SECURITY (20191111)","K7 Total Security (20191111)","Kaspersky Internet Security (20191111)","Malwarebytes Premium (20191111)","McAfee Total Protection (20191111)","Norton Security (20191111)","Panda Dome (20191111)","Quick Heal Internet Security (20191111)","Sophos Home Premium (20191111)","Tencent PC Manager (20191111)","Trend Micro Internet Security (20191111)","VIPRE Advanced Security (20191111)","VirIT eXplorer PRO (20191111)","Webroot SecureAnywhere (20191111)","Windows Defender (20191111)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbcpsetup (1.0.0.1) 4.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"0b63903d691df794fe7482e36885e2e2","hashSHA1":"5cb47be0496c459451345defc4124bc016294653","hashSHA256":"346b7a6f6b1e1100b1fc3760597db136375683f98d09197c1358cb70b4f84ccd","digitalCertThumbprint":"39405747CADE5092A3C77D1D25A5F14E0CDD218F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUICK SPEEDUP TOOLS, OU=IT, O=QUICK SPEEDUP TOOLS, POBox=302012, STREET=\"47, SHILP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"407","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":["COMODO Antivirus (20191128)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"tested with utmost care to keep your PCs\"","reference":"http://unomasterutils.live/","landingPage":"http://unomasterutils.live/","directDownloadingLink":"http://dl.unomasterutils.live/mbcp/securerc/unomasterutils_live/mbcpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.unomasterutils.live/mbcp/securerc/unomasterutils_live/mbcpsetup.exe","sourceIndex":"392"},{"howFound":"","reference":"","landingPage":"http://unotechytools.live/","directDownloadingLink":"http://dl.unotechytools.live/mbcp/securerc/unotechytools_live/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"393"},{"howFound":"","reference":"","landingPage":"http://unifypcutils.live/","directDownloadingLink":"http://dl.unifypcutils.live/mbcp/securerc/unifypcutils_live/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"394"},{"howFound":"","reference":"","landingPage":"http://unotechytools.xyz","directDownloadingLink":"http://dl.unotechytools.xyz/mbcp/securerc/unotechytools_xyz/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"395"},{"howFound":"","reference":"","landingPage":"http://www.unotechyutils.club/","directDownloadingLink":"http://dl.unotechyutils.club/mbcp/securerc/unotechyutils_club/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"396"},{"howFound":"","reference":"","landingPage":"http://unomastertools.club/ ","directDownloadingLink":"http://dl.unomastertools.club/mbcp/securerc/unomastertools_club/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"397"},{"howFound":"","reference":"","landingPage":"http://www.unotechnotools.live/","directDownloadingLink":"http://dl.unotechnotools.live/mbcp/securerc/unotechnotools_live/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"398"},{"howFound":"","reference":"","landingPage":"http://unosystemutils.club/","directDownloadingLink":"http://dl.unosystemutils.club/mbcp/securerc/unosystemutils_club/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"399"},{"howFound":"","reference":"","landingPage":"http://unosuperutils.club/","directDownloadingLink":"http://dl.unosuperutils.club/mbcp/securerc/unosuperutils_club/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"400"},{"howFound":"","reference":"mBytes System Care","landingPage":"http://unopcutils.club/","directDownloadingLink":"http://dl.unopcutils.club/mbsc/securerc/unopcutils_club/mbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"401"},{"howFound":"","reference":"mBytes System Care","landingPage":"http://unosmarttools.club/","directDownloadingLink":"http://dl.unosmarttools.club/mbsc/securerc/unosmarttools_club/mbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"402"},{"howFound":"","reference":"mBytes System Care","landingPage":"http://unifysystemutils.club/","directDownloadingLink":"http://dl.unifysystemutils.club/mbsc/securerc/unifysystemutils_club/mbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"403"},{"howFound":"","reference":"mBytes System Care","landingPage":"http://unifysystools.xyz/","directDownloadingLink":"http://dl.unifysystools.xyz/mbsc/securerc/unifysystools_xyz/mbscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"404"},{"howFound":"","reference":"","landingPage":"http://unifytechyutils.live/","directDownloadingLink":"http://dl.unifytechyutils.live/mbcp/securerc/unifytechyutils_live/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"405"},{"howFound":"","reference":"","landingPage":"http://www.unosystemtools.live/","directDownloadingLink":"http://dl.unosystemtools.live/mbcp/securerc/unosystemtools_live/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"406"},{"howFound":"","reference":"mBytes Clean Pro","landingPage":"http://unotechnoutils.club/","directDownloadingLink":"http://dl.unotechnoutils.club/mbcp/securerc/unotechnoutils_club/mbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"407"}],"sampleFiles":["190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/rtc.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.1).exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.2).exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.2) 2.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.2) 3.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.2) 4.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.1) 2.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.2) 5.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.1) 3.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbscsetup (1.0.0.0).exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbscsetup (1.0.0.0) 2.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbscsetup (1.0.0.0) 3.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.2) 6.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.2) 7.exe","190903/mBytesCleanPro-190606/1.0.0.2/Samples/mbcpsetup (1.0.0.1) 4.exe"],"imageFiles":["190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-042/010.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-048/048.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-003/scan.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-003/main.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-003/048.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-004/scan.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-004/150_171.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-010/010.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-084/084.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-097/097.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-168/scan.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-168/168.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-057/010.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-055/010.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-059/010.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-161/161.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-099/099.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-150/150_171.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-171/150_171.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-171/171.png","190903/mBytesCleanPro-190606/1.0.0.2/Images/ACR-017/017.png"],"guid":"46cdb592-5da1-44a4-a67b-e7a03c71b940_1.0.0.2_1","appID":"mBytesCleanPro-190606","dateAdded":"190903","deceptorType":"App","name":"mBytes Clean Pro","company":"PC CLEANER SOFTWARES","version":"1.0.0.2","sigName":"Deceptor:Win32/mByte!042048003004010084097168057055059155 ","lastKnownStatus":"1.0.0.2","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:19.6057841+00:00","notDistributed":true,"familyName":"Qbit","numInFamily":4,"numInAppID":1,"sortOrder":2023},{"violations":{"ACR-048":" The app hides from the consumer by removing its icon from the All Apps page. This makes it difficult for the targeted consumer to uninstall the app. \n\n","ACR-007":" The app hides all app notifications from the targeted consumer. \n","ACR-084":" The app hides its icon from the All Apps page. The app called itself \"UTW022\" once installed. \n\n","ACR-086":" Once installed, the app does not inform the targeted consumer how it collects and transmits data. It only informs the consumer who installs the app, which is insufficient. \n\n","ACR-014":"After install, the app calls itself \"UTW022\", which is misleading to the targeted consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The name of the app in the installer is \"UTW022\", which has no relationship with \"Mobile Tool\".\n","ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Landing Page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe Internal Offers Page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-002":"The name of the app in the installer is \"UTW022\", which has no relationship to \"Mobile Tool\".\nThe app is named \"UTW022\", which has no relationship to \"Mobile Tool\".\n","ACR-161":"The landing page displays unverifiable testimonials.\n","ACR-082":"The app enables the consumer to easily violate many laws.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe Internal Offers page does not display links to uninstall information.\n","ACR-167":"The app does not offer a 30-day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"a9517b8ecc7dd0d4bc7cdbd2a7df4eb3.apk","isInstaller":"True","fileVersion":"0.","hashMD5":"cffe2e8644383fa355b8bac993590b54","hashSHA1":"67eed208eec6174deba153d0991f2f97739c1cba","hashSHA256":"d2974b2985779df9d6f7d6ad3a990b9db697f3e12cf1be764840097dc2263b0e","sourceIndex":"2861","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Securelist article \"Beware of Stalkerware\" 'https://securelist.com/beware-of-stalkerware/90264/'","reference":"Hunt.Search","landingPage":"https://mtoolapp.net/","directDownloadingLink":"https://mtoolapp.net/klientam/skachat-prilozhenie.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mtoolapp.net/klientam/skachat-prilozhenie.html","sourceIndex":"2861"}],"sampleFiles":["190903/MobileTool-190826/1.4/Samples/a9517b8ecc7dd0d4bc7cdbd2a7df4eb3.apk"],"imageFiles":["190903/MobileTool-190826/1.4/Images/ACR-048/MobileTool Not in the all apps page.png","190903/MobileTool-190826/1.4/Images/ACR-007/MobileTool Not in the all apps page.png","190903/MobileTool-190826/1.4/Images/ACR-014/MobileTool App first page.png","190903/MobileTool-190826/1.4/Images/ACR-084/MobileTool Not in the all apps page.png","190903/MobileTool-190826/1.4/Images/ACR-084/MobileTool Different Name not good.png","190903/MobileTool-190826/1.4/Images/ACR-086/MobileTool App first page.png"],"nonDeceptorImageFiles":["190903/MobileTool-190826/1.4/Images/ACR-038/MobileTool App first page.png","190903/MobileTool-190826/1.4/Images/ACR-065/MobileTool App first page.png","190903/MobileTool-190826/1.4/Images/ACR-065/MobileTool Different Name.png","190903/MobileTool-190826/1.4/Images/ACR-065/MobileTool Bottom of Landing Page.png","190903/MobileTool-190826/1.4/Images/ACR-065/MobileTool Internal Offers.png","190903/MobileTool-190826/1.4/Images/ACR-002/MobileTool App first page.png","190903/MobileTool-190826/1.4/Images/ACR-002/MobileTool Different Name not good.png","190903/MobileTool-190826/1.4/Images/ACR-002/MobileTool Different Name.png","190903/MobileTool-190826/1.4/Images/ACR-082/MobileTool Call Recording Settings.png","190903/MobileTool-190826/1.4/Images/ACR-099/MobileTool Different Name.png","190903/MobileTool-190826/1.4/Images/ACR-099/MobileTool Bottom of Landing Page.png","190903/MobileTool-190826/1.4/Images/ACR-099/MobileTool Internal Offers.png","190903/MobileTool-190826/1.4/Images/ACR-167/MobileTool Bottom of Landing Page.png","190903/MobileTool-190826/1.4/Images/ACR-161/MobileTool Testimonials.png"],"guid":"71acc437-42f8-45ff-8cd1-570f6059ec50_1.4_1","appID":"MobileTool-190826","dateAdded":"190903","deceptorType":"Android App","name":"Mobile Tool","company":"Mobile Tool","version":"1.4","sigName":"Deceptor:Android/MobileToolStalkerWare!007014048084086","lastKnownStatus":"Deceptor:1.4","lastKnownDate":"190903","type":"Android App","category":"SysTools & Utilities","targetOS":"Android","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"up-sell to paid","lastUpdate":"2019-09-03T23:56:20.6007456+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2120},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline\n","ACR-059":"he Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Management Tool which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"mbspsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"mBytes Speedup Pro                                          ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"99dfa553df75c59ac66cfdeb216c277f","hashSHA1":"c6484b2a291e8af57c86cbf65a687c73e3d6adc8","hashSHA256":"9e9ccfd527fab4f05009a64580b45bdb43d341fb12617af4c9c1590b7948331b","digitalCertThumbprint":"658DC7E98D835C1B554C4D0C30C9FAD53659E2B2","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, OU=IT, O=SOFTBITS PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"408","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\mBytes Speedup Pro for DESKTOP-8QAR3KI\\rtc.exe","productName":"System CleanUp Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4753bd5de76423a18bb1ff77d8e575b0","hashSHA1":"dc562a412e8e7b893c0628ea631d15f37dfd6385","hashSHA256":"c40d4b6ba502d92891e22ab5842d6495df7d39babcd384de267a3ea1f5a0d391","digitalCertThumbprint":"658DC7E98D835C1B554C4D0C30C9FAD53659E2B2","sourceIndex":"408","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.0) 2.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ce6816d686dc897c470271104547939e","hashSHA1":"39e0c6e76f021866641ed6c4181aaaeed5a7f91d","hashSHA256":"679c65e424d74dcd69df91af787f2e0973ed5273e6e4ae53279f0927731d3838","digitalCertThumbprint":"658DC7E98D835C1B554C4D0C30C9FAD53659E2B2","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, OU=IT, O=SOFTBITS PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"409","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.0) 3.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"91a21de0bf342a55c8e56766ed067ba6","hashSHA1":"1d36d34a287f81589f89349703873d3148921628","hashSHA256":"359a8760ac6883ee5fa5261c7a66d0ce8266f79f07622d3422cab1acb1ddc70a","digitalCertThumbprint":"553CDDD6B6BF267199379548194D3F2F13C084C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, OU=IT, O=SYSLOGIX SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"410","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","Avira Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Quick Heal Internet Security (20190627)","Sophos Home Premium (20190627)","Trend Micro Internet Security (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)","Norton Security (20190627)"],"avAllowList":["Bitdefender Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","Panda Dome (20190627)","Tencent PC Manager (20190627)","VIPRE Advanced Security (20190627)"]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.0) 4.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"247e685f4923cb1aeaf2ddc5ca843e05","hashSHA1":"a34c4e87a6f45fd19bc84fda9b35db6da405d3cf","hashSHA256":"229db00ec2c6da7dbb35f0728db686893aa33c4a2d855c7125d3d5235e1f3582","digitalCertThumbprint":"553CDDD6B6BF267199379548194D3F2F13C084C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, OU=IT, O=SYSLOGIX SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"411","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","Avira Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Norton Security (20190627)","Quick Heal Internet Security (20190627)","Sophos Home Premium (20190627)","Trend Micro Internet Security (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)"],"avAllowList":["Bitdefender Internet Security (20190627)","Panda Dome (20190627)","Tencent PC Manager (20190627)","VIPRE Advanced Security (20190627)"]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.0) 5.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b3b88155ee63116a63f8cac4afc5a669","hashSHA1":"dd1edef4f01525a42e83cbc2f9709043b54ae10e","hashSHA256":"9b45c18676e6150d30214ccb3a00baf482a2871a10b693e3234adaf630502dbc","digitalCertThumbprint":"658DC7E98D835C1B554C4D0C30C9FAD53659E2B2","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, OU=IT, O=SOFTBITS PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"412","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Norton Security (20190701)","Quick Heal Internet Security (20190701)","Sophos Home Premium (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)"],"avAllowList":["Bitdefender Internet Security (20190701)","G DATA INTERNET SECURITY (20190701)","Panda Dome (20190701)","Tencent PC Manager (20190701)","Trend Micro Internet Security (20190701)","VIPRE Advanced Security (20190701)"]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.0) 6.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"15235f117d3c36b89a93faef28a1ba0f","hashSHA1":"682cfb371f29636cbf3bc42ee734b9cf019cadf7","hashSHA256":"85ae7afc8cf681f50a71310bee3057f5dac21d3644fc534cc42832f7417acb5a","digitalCertThumbprint":"553CDDD6B6BF267199379548194D3F2F13C084C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, OU=IT, O=SYSLOGIX SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"413","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Norton Security (20190701)","Quick Heal Internet Security (20190701)","Sophos Home Premium (20190701)","Trend Micro Internet Security (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)"],"avAllowList":["Bitdefender Internet Security (20190701)","G DATA INTERNET SECURITY (20190701)","Panda Dome (20190701)","Tencent PC Manager (20190701)","VIPRE Advanced Security (20190701)"]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.53).exe","isInstaller":"True","productVersion":"1.0.0.53","fileVersion":"1.0.0.53","hashMD5":"43a91d3a6561d2d76170a4f41ab3e5f1","hashSHA1":"b1649736c88647153af58d83e9c89107c4c009ee","hashSHA256":"005055506f7afc15fd01d3fa9a4f8083d88cc01cdaaa74e458cb281bf4f3038b","digitalCertThumbprint":"553CDDD6B6BF267199379548194D3F2F13C084C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, OU=IT, O=SYSLOGIX SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"414","avBlockList":["360 Total Security (20191014)","Avast Internet Security (20191014)","AVG Internet Security (20191014)","Avira Internet Security (20191014)","Bitdefender Internet Security (20191014)","COMODO Antivirus (20191014)","Dr.Web Security Space (20191014)","ESET Internet Security (20191014)","G DATA INTERNET SECURITY (20191014)","K7 Total Security (20191014)","Kaspersky Internet Security (20191014)","Malwarebytes Premium (20191014)","McAfee Total Protection (20191014)","Norton Security (20191014)","Panda Dome (20191014)","Quick Heal Internet Security (20191014)","Sophos Home Premium (20191014)","Tencent PC Manager (20191014)","Trend Micro Internet Security (20191014)","VIPRE Advanced Security (20191014)","VirIT eXplorer PRO (20191014)","Webroot SecureAnywhere (20191014)","Windows Defender (20191014)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.53) 2.exe","isInstaller":"True","productVersion":"1.0.0.53","fileVersion":"1.0.0.53","hashMD5":"c9981c1234e53abac47fc944b15c1f66","hashSHA1":"7bef95dc356343c377b8ed7ae00259ef84054903","hashSHA256":"377da3d8db7a739e556b8c7a353498d18f8ff27494defc924b64fcb32be001be","digitalCertThumbprint":"553CDDD6B6BF267199379548194D3F2F13C084C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, OU=IT, O=SYSLOGIX SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"415","avBlockList":["360 Total Security (20191024)","Avast Internet Security (20191024)","AVG Internet Security (20191024)","Avira Internet Security (20191024)","Bitdefender Internet Security (20191024)","COMODO Antivirus (20191024)","Dr.Web Security Space (20191024)","ESET Internet Security (20191024)","G DATA INTERNET SECURITY (20191024)","K7 Total Security (20191024)","Kaspersky Internet Security (20191024)","Malwarebytes Premium (20191024)","McAfee Total Protection (20191024)","Norton Security (20191024)","Panda Dome (20191024)","Quick Heal Internet Security (20191024)","Sophos Home Premium (20191024)","Tencent PC Manager (20191024)","Trend Micro Internet Security (20191024)","VIPRE Advanced Security (20191024)","VirIT eXplorer PRO (20191024)","Webroot SecureAnywhere (20191024)","Windows Defender (20191024)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.53) 3.exe","isInstaller":"True","productVersion":"1.0.0.53","fileVersion":"1.0.0.53","hashMD5":"59e6e12910b05227c9e0bed520520a84","hashSHA1":"750e0de1b7899786fd9cf7b43655fe8788e3705a","hashSHA256":"def765a499eba1ae801ae4a5ee48cb23eb9df2b2c9ad6470ea78a855372ad84f","digitalCertThumbprint":"553CDDD6B6BF267199379548194D3F2F13C084C5","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSLOGIX SOFTWARES, OU=IT, O=SYSLOGIX SOFTWARES, POBox=302012, STREET=\"PLOT NO. 940, GANESH NAGAR MAIN, NIWARU ROAD, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"416","avBlockList":["360 Total Security (20191111)","Avast Internet Security (20191111)","AVG Internet Security (20191111)","Avira Internet Security (20191111)","Bitdefender Internet Security (20191111)","COMODO Antivirus (20191111)","Dr.Web Security Space (20191111)","ESET Internet Security (20191111)","G DATA INTERNET SECURITY (20191111)","K7 Total Security (20191111)","Kaspersky Internet Security (20191111)","Malwarebytes Premium (20191111)","McAfee Total Protection (20191111)","Norton Security (20191111)","Panda Dome (20191111)","Quick Heal Internet Security (20191111)","Sophos Home Premium (20191111)","Tencent PC Manager (20191111)","Trend Micro Internet Security (20191111)","VIPRE Advanced Security (20191111)","VirIT eXplorer PRO (20191111)","Webroot SecureAnywhere (20191111)","Windows Defender (20191111)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mbspsetup (1.0.0.0) 7.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1374735681923a81857ad51309473bc7","hashSHA1":"9c796f009bb4caa82117a3ffcf63d6f2d83f7401","hashSHA256":"d8e2383163668a553dc3aa8bef427ae59e4a1522e3ba37375a7879d3c1d3c1cd","digitalCertThumbprint":"658DC7E98D835C1B554C4D0C30C9FAD53659E2B2","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SOFTBITS PC LOGICS, OU=IT, O=SOFTBITS PC LOGICS, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"417","avBlockList":["360 Total Security (20191128)","Avast Internet Security (20191128)","AVG Internet Security (20191128)","Avira Internet Security (20191128)","Bitdefender Internet Security (20191128)","COMODO Antivirus (20191128)","Dr.Web Security Space (20191128)","ESET Internet Security (20191128)","G DATA INTERNET SECURITY (20191128)","K7 Total Security (20191128)","Kaspersky Internet Security (20191128)","Malwarebytes Premium (20191128)","McAfee Total Protection (20191128)","Norton Security (20191128)","Panda Dome (20191128)","Quick Heal Internet Security (20191128)","Sophos Home Premium (20191128)","Tencent PC Manager (20191128)","Trend Micro Internet Security (20191128)","VIPRE Advanced Security (20191128)","VirIT eXplorer PRO (20191128)","Webroot SecureAnywhere (20191128)","Windows Defender (20191128)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"tested with utmost care to keep your PCs\"","reference":"http://www.unifysmartutils.club/","landingPage":"http://www.unifysmartutils.club/","directDownloadingLink":"http://dl.unifysmartutils.club/mbsp/securerc/unifysmartutils_club/mbspsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.unifysmartutils.club/mbsp/securerc/unifysmartutils_club/mbspsetup.exe","sourceIndex":"408"},{"howFound":"","reference":"","landingPage":"http://unopctools.live/","directDownloadingLink":"http://dl.unopctools.live/mbsp/securerc/unopctools_live/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"409"},{"howFound":"","reference":"","landingPage":"http://www.unifysmartutils.xyz/","directDownloadingLink":"http://dl.unifysmartutils.xyz/mbsp/securerc/unifysmartutils_xyz/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"410"},{"howFound":"","reference":"","landingPage":"http://unosmarttools.xyz/","directDownloadingLink":"http://dl.unosmarttools.xyz/mbsp/securerc/unosmarttools_xyz/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"411"},{"howFound":"","reference":"","landingPage":"http://unosystemutils.xyz/","directDownloadingLink":"http://dl.unosystemutils.xyz/mbsp/securerc/unosystemutils_xyz/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"412"},{"howFound":"","reference":"","landingPage":"http://www.unifysmarttools.live/","directDownloadingLink":"http://dl.unifysmarttools.live/mbsp/securerc/unifysmarttools_live/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"413"},{"howFound":"","reference":"","landingPage":"http://systems-cleaner.xyz/","directDownloadingLink":"http://dl.systems-cleaner.xyz/mbsp/securerc/systems-cleaner_xyz/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"414"},{"howFound":"","reference":"","landingPage":"http://www.faster-systools.xyz/","directDownloadingLink":"http://dl.faster-systools.xyz/mbsp/securerc/faster-systools_xyz/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"415"},{"howFound":"","reference":"","landingPage":"http://supers-cleaner.xyz/","directDownloadingLink":"http://dl.supers-cleaner.xyz/mbsp/securerc/supers-cleaner_xyz/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"416"},{"howFound":"","reference":"","landingPage":"http://unotechnoutils.xyz/","directDownloadingLink":"http://dl.unotechnoutils.xyz/mbsp/securerc/unotechnoutils_xyz/mbspsetup.exe","ipv4":"","ipv6":"","sourceIndex":"417"}],"sampleFiles":["190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/rtc.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.0) 2.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.0) 3.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.0) 4.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.0) 5.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.0) 6.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.53).exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.53) 2.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.53) 3.exe","190903/mBytesSpeedupPro-190606/1.0.0.0/Samples/mbspsetup (1.0.0.0) 7.exe"],"imageFiles":["190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-042/010.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-048/048.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-003/scan.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-003/main.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-003/048.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-004/scan.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-004/150_171.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-010/010.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-084/084.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-097/097.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-168/scan.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-168/168.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-057/010.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-055/010.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-059/010.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-161/161.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-099/099.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-150/150_171.png","190903/mBytesSpeedupPro-190606/1.0.0.0/Images/ACR-171/150_171.png"],"guid":"3034040e-8540-431a-aa2d-c315adbcef8f_1.0.0.0_1","appID":"mBytesSpeedupPro-190606","dateAdded":"190903","deceptorType":"App","name":"mBytes Speedup Pro","company":"SOFTBITS PC LOGICS","version":"1.0.0.0","sigName":"Deceptor:Win32/mBytes!042048003004010084097168057055059155 ","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:19.653276+00:00","notDistributed":true,"familyName":"Qbit","numInFamily":4,"numInAppID":1,"sortOrder":2022},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"loadpchost.exe\" or \"SearchIndexr.exe\".\n","ACR-010":"The app installs a malware file name \"loadpchost.exe\" or \"SearchIndexr.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system. The App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"Freedome.exe","isInstaller":"True","companyName":"Load PC Softwares","productName":"loadpcsofts","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"200492092f24b20ce3afae8d3c927730","hashSHA1":"2ffb29f32040657136b71b97b6fef433dbe32c8e","hashSHA256":"40c851a604628017f07e262d6f32915d8d6d2931b11501bdbc350a4eebc6694f","sourceIndex":"2887","avBlockList":["360 Total Security (20191114)","Avast Internet Security (20191114)","AVG Internet Security (20191114)","Avira Internet Security (20191114)","Bitdefender Internet Security (20191114)","COMODO Antivirus (20191114)","Dr.Web Security Space (20191114)","ESET Internet Security (20191114)","G DATA INTERNET SECURITY (20191114)","K7 Total Security (20191114)","Kaspersky Internet Security (20191114)","Malwarebytes Premium (20191114)","McAfee Total Protection (20191114)","Norton Security (20191114)","Panda Dome (20191114)","Quick Heal Internet Security (20191114)","Sophos Home Premium (20191114)","Tencent PC Manager (20191114)","Trend Micro Internet Security (20191114)","VIPRE Advanced Security (20191114)","VirIT eXplorer PRO (20191114)","Webroot SecureAnywhere (20191114)","Windows Defender (20191114)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Load PC Softwares\\Loadpcsofts\\loadpchost.exe","companyName":"Microsoft","productName":"Host Process for Windows Tasks","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4071a29e8d77a9ce944fc7bfa78ded4e","hashSHA1":"73b3f37a69484728985b0ba672b3470098bec1c1","hashSHA256":"8e197adf399956f7375c8ba1962a680b3526696b59d0bc017a2ba892a9fc1503","sourceIndex":"2887","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WRCFree.exe","isInstaller":"True","companyName":"Update Driver LLP","productName":"Update Driver","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"9af79d60b235761105f8f4b36db185d3","hashSHA1":"69d8fbf17ce0fb637094df05df69a8479e6c7a4f","hashSHA256":"aab34d7d2a3f8429134fa7ab68560483a7172cf20f2489417e9968a707c44b97","sourceIndex":"2889","avBlockList":["360 Total Security (20191114)","Avast Internet Security (20191114)","AVG Internet Security (20191114)","Avira Internet Security (20191114)","Bitdefender Internet Security (20191114)","COMODO Antivirus (20191114)","Dr.Web Security Space (20191114)","ESET Internet Security (20191114)","G DATA INTERNET SECURITY (20191114)","K7 Total Security (20191114)","Kaspersky Internet Security (20191114)","Malwarebytes Premium (20191114)","McAfee Total Protection (20191114)","Norton Security (20191114)","Panda Dome (20191114)","Quick Heal Internet Security (20191114)","Sophos Home Premium (20191114)","Tencent PC Manager (20191114)","Trend Micro Internet Security (20191114)","VIPRE Advanced Security (20191114)","VirIT eXplorer PRO (20191114)","Webroot SecureAnywhere (20191114)","Windows Defender (20191114)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Update Driver LLP\\Update Driver\\SearchIndexr.exe","companyName":"Microsoft","fileVersion":"8.2","hashMD5":"c7eb114f5938c9840c56908a06f048f0","hashSHA1":"f2cda78b7d67826d0db2954e5ebc293a1c33b7b4","hashSHA256":"7927eadc9c08e111bd8c35bffcb08039d4fd1ae05445fc2aa511500fe7af4445","sourceIndex":"2889","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WRCFree (1).exe","isInstaller":"True","companyName":"Driver Fix","productName":"Driver Fix","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"82f1e616af050f3b5433ce46b9566e26","hashSHA1":"39a950f22e1f54aaa427ff761d68894650ba67dc","hashSHA256":"525c63ced5e52143556ef41038f9d6e92d4e71b75d9525fa8b0d3f46ca7fd8ae","sourceIndex":"2890","avBlockList":["360 Total Security (20191031)","Avast Internet Security (20191031)","AVG Internet Security (20191031)","Avira Internet Security (20191031)","Bitdefender Internet Security (20191031)","COMODO Antivirus (20191031)","Dr.Web Security Space (20191031)","ESET Internet Security (20191031)","G DATA INTERNET SECURITY (20191031)","K7 Total Security (20191031)","Kaspersky Internet Security (20191031)","Malwarebytes Premium (20191031)","McAfee Total Protection (20191031)","Norton Security (20191031)","Panda Dome (20191031)","Quick Heal Internet Security (20191031)","Sophos Home Premium (20191031)","Tencent PC Manager (20191031)","Trend Micro Internet Security (20191031)","VIPRE Advanced Security (20191031)","VirIT eXplorer PRO (20191031)","Webroot SecureAnywhere (20191031)","Windows Defender (20191031)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"update drivers\"","reference":"http://loadpcsofts.online/","landingPage":"http://loadpcsofts.online/","directDownloadingLink":"https://mega.nz/#!ryxh1KKB!YnWrR5illiev_tFVTUqHr2Wp7HlHTamanYMT7LIh6CA","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/#!ryxh1KKB!YnWrR5illiev_tFVTUqHr2Wp7HlHTamanYMT7LIh6CA","sourceIndex":"2887"},{"howFound":"","reference":"Fix Driver","landingPage":"http://www.fixdriver.xyz/","directDownloadingLink":"https://ln.sync.com/dl/7cb3f4e60/mf8gbppj-9fbq8wqw-2yjcghcj-zptnwhbp/view/default/2526996740011","ipv4":"","ipv6":"","sourceIndex":"2888"},{"howFound":"","reference":"Driver Update","landingPage":"http://update-driver.xyz/","directDownloadingLink":"https://mega.nz/#!7n4jCISa!OdeH8aVBgUfh2ZWiNb-k5JSWxKC2o87POf_i5i8Z7Jc","ipv4":"","ipv6":"","sourceIndex":"2889"},{"howFound":"","reference":"Driver Fix","landingPage":"http://driverfix.xyz/","directDownloadingLink":"https://mega.nz/#!SuATkSiJ!Hu1yX0rv7OrhWrJdacN36ot5Twz1vaHbonQXWsQzTTk","ipv4":"","ipv6":"","sourceIndex":"2890"}],"sampleFiles":["190820/LoadPCSoftwares-190816/1.0.0.0/Samples/Freedome.exe","190820/LoadPCSoftwares-190816/1.0.0.0/Samples/loadpchost.exe","190820/LoadPCSoftwares-190816/1.0.0.0/Samples/WRCFree.exe","190820/LoadPCSoftwares-190816/1.0.0.0/Samples/SearchIndexr.exe","190820/LoadPCSoftwares-190816/1.0.0.0/Samples/WRCFree (1).exe"],"imageFiles":["190820/LoadPCSoftwares-190816/1.0.0.0/Images/ACR-042/010.png","190820/LoadPCSoftwares-190816/1.0.0.0/Images/ACR-042/010_2.png","190820/LoadPCSoftwares-190816/1.0.0.0/Images/ACR-010/010.png","190820/LoadPCSoftwares-190816/1.0.0.0/Images/ACR-010/010_2.png","190820/LoadPCSoftwares-190816/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["190820/LoadPCSoftwares-190816/1.0.0.0/Images/ACR-065/install.png"],"guid":"b531c791-e7cc-4bed-bc5a-a223090433e0_1.0.0.0_1","appID":"LoadPCSoftwares-190816","dateAdded":"190820","deceptorType":"App","name":"Load PC Softwares","company":"2019 - Load PC Softwares","version":"1.0.0.0","sigName":"Deceptor:Win32/LoadPCSoftwares!042010084014","lastKnownStatus":"1.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2124},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"acposetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Advanced~Clean~Pro                                          ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"ba8ec89e788501f1507a0420f57c8fb7","hashSHA1":"c1989a7a2526168c03a447d863e2703073ae9ffe","hashSHA256":"51a8def1a779b0eda74059f8b1428b0a9ef5040084f73ff22fcb25a8e3afc06e","digitalCertThumbprint":"C04071ED59113B9370CE46E461BE18613EB21D3A","sourceIndex":"2883","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Norton Security (20190701)","Panda Dome (20190701)","Quick Heal Internet Security (20190701)","Sophos Home Premium (20190701)","Trend Micro Internet Security (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)"],"avAllowList":["Bitdefender Internet Security (20190701)","F-PROT Antivirus for Windows (20190418)","G DATA INTERNET SECURITY (20190701)","SpyHunter5 (20190418)","Tencent PC Manager (20190701)","VIPRE Advanced Security (20190701)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Advanced~Clean~Pro for DESKTOP-8QAR3KI\\rtc.exe","productName":"PC Secure Tool","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"382237b931503f7e9181df64e0cb857e","hashSHA1":"00ddcbe09eb0dfa811ac000323a7b7b236d0f623","hashSHA256":"1e3bbf017966eca96c27ff516adf2f147aec14ba179ae3c4c5c1de0f2a511d2b","digitalCertThumbprint":"C04071ED59113B9370CE46E461BE18613EB21D3A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tools Inc., O=PC Speedup Tools Inc., STREET=\"104 Surya Nagar, Murli Pura Vishwakarma\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"2883","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"acposetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4842ea7e9c0352cd9b1a295aaf1533c3","hashSHA1":"124882cc6b36aff84c604ce666cea08e4437436b","hashSHA256":"ef51bd83b205139b96220b68f09f2bb8650d52a6fbcc9e76c4c9ceb4e38732a7","digitalCertThumbprint":"C3986A94D2C047D357FD36ABDFE85DB9874E2910","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC SPEEDUP TOOLS INC, O=PC SPEEDUP TOOLS INC, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"2884","avBlockList":["360 Total Security (20190801)","Avast Internet Security (20190801)","AVG Internet Security (20190801)","Avira Internet Security (20190801)","COMODO Antivirus (20190801)","Dr.Web Security Space (20190801)","ESET Internet Security (20190801)","G DATA INTERNET SECURITY (20190801)","K7 Total Security (20190801)","Kaspersky Internet Security (20190801)","Malwarebytes Premium (20190801)","McAfee Total Protection (20190801)","Norton Security (20190801)","Panda Dome (20190801)","Quick Heal Internet Security (20190801)","Sophos Home Premium (20190801)","Trend Micro Internet Security (20190801)","VirIT eXplorer PRO (20190801)","Webroot SecureAnywhere (20190801)","Windows Defender (20190801)"],"avAllowList":["Bitdefender Internet Security (20190801)","Tencent PC Manager (20190801)","VIPRE Advanced Security (20190801)"]},{"isRevoked":"False","fileName":"acposetup (1.0.0.1) 2.exe","isInstaller":"True","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"c9ca34351a7160d7d96fa4f34a561242","hashSHA1":"34398c8b1e1c98baa0e2aa36636d33b2462973fc","hashSHA256":"3446dca734ad9839d39e00c37acdb3a8a369dd567766ba88dc5ea53dbd58f117","digitalCertThumbprint":"68226891FF5B66EF2BBE720218809ABA2DDEA94D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ab Reach TechnoIogies Private Limited, O=Ab Reach TechnoIogies Private Limited, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=JAIPUR, S=RAJASTHAN, PostalCode=110092, C=IN","sourceIndex":"2885","avBlockList":["360 Total Security (20191017)","Avast Internet Security (20191017)","AVG Internet Security (20191017)","Avira Internet Security (20191017)","Bitdefender Internet Security (20191017)","COMODO Antivirus (20191017)","Dr.Web Security Space (20191017)","ESET Internet Security (20191017)","G DATA INTERNET SECURITY (20191017)","K7 Total Security (20191017)","Kaspersky Internet Security (20191017)","Malwarebytes Premium (20191017)","McAfee Total Protection (20191017)","Norton Security (20191017)","Panda Dome (20191017)","Quick Heal Internet Security (20191017)","Sophos Home Premium (20191017)","Tencent PC Manager (20191017)","Trend Micro Internet Security (20191017)","VIPRE Advanced Security (20191017)","VirIT eXplorer PRO (20191017)","Webroot SecureAnywhere (20191017)","Windows Defender (20191017)"],"avAllowList":[]},{"isRevoked":"False","fileName":"acposetup (1.0.0.8).exe","isInstaller":"True","productVersion":"1.0.0.8","fileVersion":"1.0.0.8","hashMD5":"47f0822d1bd136e4fe84254409e1ffb9","hashSHA1":"0ebbcf033bc0194e6649646635f1249f8bdd5451","hashSHA256":"41ff23b30e94935759e82ba3d878deaf6f2e100a273e97d2327496afc6a70c07","digitalCertThumbprint":"1F8666EB18F7EA0789B972D02796A55DBB68AEF7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WHlZSOFT SERVICES, O=WHlZSOFT SERVICES, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2886","avBlockList":["360 Total Security (20191114)","Avast Internet Security (20191114)","AVG Internet Security (20191114)","Avira Internet Security (20191114)","Bitdefender Internet Security (20191114)","COMODO Antivirus (20191114)","Dr.Web Security Space (20191114)","ESET Internet Security (20191114)","G DATA INTERNET SECURITY (20191114)","K7 Total Security (20191114)","Kaspersky Internet Security (20191114)","Malwarebytes Premium (20191114)","McAfee Total Protection (20191114)","Norton Security (20191114)","Panda Dome (20191114)","Quick Heal Internet Security (20191114)","Sophos Home Premium (20191114)","Tencent PC Manager (20191114)","Trend Micro Internet Security (20191114)","VIPRE Advanced Security (20191114)","VirIT eXplorer PRO (20191114)","Webroot SecureAnywhere (20191114)","Windows Defender (20191114)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"most liked and preferred PC protection utility\"","reference":"http://abmysysutils.live/","landingPage":"http://abmysysutils.live/","directDownloadingLink":"http://dl.abmysysutils.live/acpo/securerc/abmysysutils_live/acposetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.abmysysutils.live/acpo/securerc/abmysysutils_live/acposetup.exe","sourceIndex":"2883"},{"howFound":"","reference":"","landingPage":"http://abmypctools.live/","directDownloadingLink":"http://dl.abmypctools.live/acpo/securerc/abmypctools_live/acposetup.exe","ipv4":"","ipv6":"","sourceIndex":"2884"},{"howFound":"","reference":"","landingPage":"http://www.sysbitsoltools.xyz/","directDownloadingLink":"http://dl.sysbitsoltools.xyz/acpo/securerc/sysbitsoltools_xyz/acposetup.exe","ipv4":"","ipv6":"","sourceIndex":"2885"},{"howFound":"","reference":"","landingPage":"http://speedytools.xyz/","directDownloadingLink":"http://dl.speedytools.xyz/acpo/securerc/speedytools_xyz/acposetup.exe","ipv4":"","ipv6":"","sourceIndex":"2886"}],"sampleFiles":["190820/AdvancedCleanPro-190402/1.0.0.1/Samples/acposetup.exe","190820/AdvancedCleanPro-190402/1.0.0.1/Samples/rtc.exe","190820/AdvancedCleanPro-190402/1.0.0.1/Samples/acposetup (1.0.0.0).exe","190820/AdvancedCleanPro-190402/1.0.0.1/Samples/acposetup (1.0.0.1) 2.exe","190820/AdvancedCleanPro-190402/1.0.0.1/Samples/acposetup (1.0.0.8).exe"],"imageFiles":["190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-042/010.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-048/048.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-003/scan.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-003/main.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-003/048.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-004/scan.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-004/150_171.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-010/010.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-084/084.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-097/startup.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-168/scan.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-168/168.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-057/010.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-055/010.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-059/010.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-161/161.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-099/099.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-150/150_171.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-171/150_171.png","190820/AdvancedCleanPro-190402/1.0.0.1/Images/ACR-171/171.png"],"guid":"70e04edc-c452-44b3-b96f-073018e65d2f_1.0.0.1_1","appID":"AdvancedCleanPro-190402","dateAdded":"190820","deceptorType":"App","name":"Advanced Clean Pro","company":"PC Speedup Tools Inc.","version":"1.0.0.1","sigName":"Deceptor:Win32/AdvancedCleanPro:003004010042048055057059084097155168","lastKnownStatus":"Deceptor:1.0.0.1","lastKnownDate":"190820","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-08-21T00:30:55.9392707+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2046},{"violations":{"ACR-003":"The app shows gauges and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user. \n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-068":"The app Requires provide a clear and precise information about its offers to the user. i.e. The price of the product in landing page and internal offer is different.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"pcposetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Power Clean Pro-2019                                        ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"7894f8a600dd54267fea7b5dd88a85f3","hashSHA1":"cb1f48a4d08651d097f4add0e0d4e4ef6146e0de","hashSHA256":"b561e4474c182ec1b4f29425d3a2d9e5963dad613a806e593a462e8b85955237","digitalCertThumbprint":"C3986A94D2C047D357FD36ABDFE85DB9874E2910","sourceIndex":"2891","avBlockList":["Avast Internet Security (20190502)","AVG Internet Security (20190502)","Avira Internet Security (20190502)","ESET Internet Security (20190502)","G DATA INTERNET SECURITY (20190502)","K7 Total Security (20190502)","Kaspersky Internet Security (20190502)","Malwarebytes Premium (20190502)","McAfee Total Protection (20190502)","Norton Security (20190502)","Panda Dome (20190502)","Sophos Home Premium (20190502)","Trend Micro Internet Security (20190502)","VirIT eXplorer PRO (20190502)","Webroot SecureAnywhere (20190502)","Windows Defender (20190502)","360 Total Security (20190502)","COMODO Antivirus (20190502)","Dr.Web Security Space (20190502)","Quick Heal Internet Security (20190502)","SpyHunter5 (20190404)"],"avAllowList":["Bitdefender Internet Security (20190502)","F-PROT Antivirus for Windows (20190404)","Tencent PC Manager (20190502)","VIPRE Advanced Security (20190502)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Power Clean Pro-2019 for DESKTOP-8QAR3KI\\rtc.exe","productName":"System Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"843a3f7a88e02c25cc776e50d120e0b4","hashSHA1":"091ced2d801446b954529536109cc023d502bc6c","hashSHA256":"3073a227339c47e5b4dcb3b8ea0b6d2cb0f4cbacfb755a4cc2163e956596dcda","digitalCertThumbprint":"C3986A94D2C047D357FD36ABDFE85DB9874E2910","sourceIndex":"2891","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcposetup (1.0.0.3).exe","isInstaller":"True","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"1779645c6361c34dd7bae5983fac06cc","hashSHA1":"7d243ec7d4cdb891d38daa97fc69865008d7f110","hashSHA256":"e779d6cc30a95adac68eb11df24a81a037b275bc14ce1af36c4c449b1aecb7c0","digitalCertThumbprint":"63A76B2B78B5CD342CC92EAE604DEDF3B15A292C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Globalsoft logics, O=Globalsoft logics, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2892","avBlockList":["360 Total Security (20191111)","Avast Internet Security (20191111)","AVG Internet Security (20191111)","Avira Internet Security (20191111)","Bitdefender Internet Security (20191111)","COMODO Antivirus (20191111)","Dr.Web Security Space (20191111)","ESET Internet Security (20191111)","G DATA INTERNET SECURITY (20191111)","K7 Total Security (20191111)","Kaspersky Internet Security (20191111)","Malwarebytes Premium (20191111)","McAfee Total Protection (20191111)","Norton Security (20191111)","Panda Dome (20191111)","Quick Heal Internet Security (20191111)","Sophos Home Premium (20191111)","Trend Micro Internet Security (20191111)","VIPRE Advanced Security (20191111)","VirIT eXplorer PRO (20191111)","Webroot SecureAnywhere (20191111)","Windows Defender (20191111)"],"avAllowList":["Tencent PC Manager (20191111)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"To fix these, you need to purchase the activation key\"","reference":"http://aacleansystools.club/","landingPage":"http://aacleansystools.club/","directDownloadingLink":"http://dl.aacleansystools.club/pcpo/securerc/aacleansystools_club/pcposetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.aacleansystools.club/pcpo/securerc/aacleansystools_club/pcposetup.exe","sourceIndex":"2891"},{"howFound":"","reference":"","landingPage":"http://aamysystemtools.xyz/","directDownloadingLink":"http://dl.aamysystemtools.xyz/pcpo/securerc/aamysystemtools_xyz/pcposetup.exe","ipv4":"","ipv6":"","sourceIndex":"2892"}],"sampleFiles":["190819/PowerCleanPro2019-190205/1.0.0.0/Samples/pcposetup.exe","190819/PowerCleanPro2019-190205/1.0.0.0/Samples/rtc.exe","190819/PowerCleanPro2019-190205/1.0.0.0/Samples/pcposetup (1.0.0.3).exe"],"imageFiles":["190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-003/003.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-003/003_call.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-003/003_3.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-004/003.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-004/004.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-168/003.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-084/task.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-010/010.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-055/010.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-059/010.png"],"nonDeceptorImageFiles":["190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-099/099.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-161/161.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-150/150.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-171/150.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-171/171.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-068/150.png","190819/PowerCleanPro2019-190205/1.0.0.0/Images/ACR-068/offer.png"],"guid":"6be8f363-cf53-4eaf-b338-67a6a8190efb_1.0.0.0_1","appID":"PowerCleanPro2019-190205","dateAdded":"190819","deceptorType":"App","name":"Power Clean Pro 2019","company":"PC SPEEDUP TOOLS INC","version":"1.0.0.0","sigName":"Deceptor:Win32/PowerCleanPro2019!003004168084010055059","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190819","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-08-19T21:05:13.4362251+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin ","numInFamily":3,"numInAppID":1,"sortOrder":2125},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service or privacy policy is provided for the download manager.\n","ACR-035":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"UHDmediaplayer_3251260099.exe","isInstaller":"True","companyName":"n/a","productName":"Geb","productVersion":"3.0.5","fileVersion":"0.0","hashMD5":"8df1f85b87723ed7ed22f60969c2ac2c","hashSHA1":"07454458681256779d8d838ef99df50fe32aa6ff","hashSHA256":"4b156a4b7c34dbb245927a012563c8e465c02b55e1802d4d7ac168a481de1a10","digitalCertThumbprint":"CCADB4A92B9F8F1266C70B9F985DAD270C0AF0E3","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=PC Cleaner Tech Sp. Zo.o., O=PC Cleaner Tech Sp. Zo.o., L=Warsaw, S=Mazowiecki, C=PL","sourceIndex":"3227","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Adplexity search \"new tab\"","landingPage":"https://www.videostreamnow.com/uhd-player-lp-1500/?visitId=cbc048fe-7d13-47bc-a97b-70de09cb4989","directDownloadingLink":"http://www.watidondinom.com/kwf890x/UHDmediaplayer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.watidondinom.com/kwf890x/UHDmediaplayer.exe","sourceIndex":"3227"}],"sampleFiles":["190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Samples/UHDmediaplayer_3251260099.exe"],"imageFiles":["190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Images/ACR-039/ACR-039_install.mp4","190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Images/ACR-048/ACR-048_install.mp4"],"nonDeceptorImageFiles":["190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Images/ACR-044/ACR-044_install.JPG","190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Images/ACR-065/ACR-065_install.JPG","190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Images/ACR-035/ACR-035_doc.JPG","190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Images/ACR-036/ACR-036_doc.JPG","190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Images/ACR-037/ACR-037_doc.JPG","190130/PCCleanerTechSPDownloadManager-181108/3.0.5/Images/ACR-152/ACR-152_install.mp4"],"guid":"dc086bae-79fd-48c0-9382-60e1666e14ea_3.0.5_1","appID":"PCCleanerTechSPDownloadManager-181108","dateAdded":"190813","deceptorType":"Bundler","name":"PCCleanerTechSPDownloadManager","company":"PC Cleaner Tech Sp. Zo.o.","version":"3.0.5","sigName":"Deceptor:Win32/PCCleanerTechSPDownloadManager!039048050","lastKnownStatus":"Deceptor:3.0.5,1.2.8.0,1.6","lastKnownDate":"190813","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-08-13T00:00:00+00:00","notDistributed":true,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":532},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-059":"The offer page doesn't clearly mark the app is an optional offer.\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, privacy policy.\n","ACR-035":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-037":"There is no Privacy Policy provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager, it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"UHDmediaplayer_3499774669.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"10953f11dc26ca6e3613463bcca351fe","hashSHA1":"608e805ea13af2781dbb25ba11b20677db14fab4","hashSHA256":"0eabbca6738d7b2e43d7044cd18e85f2499fea3d80b945b0abff69a59e335d68","digitalCertThumbprint":"5927992D53AD8382AC3ECB278C1E6D34B95FD78F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Delivery Max (Alpha Criteria Ltd), O=Delivery Max (Alpha Criteria Ltd), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6618208, C=IL","sourceIndex":"2893","avBlockList":["360 Total Security (20191111)","Avira Internet Security (20191111)","Bitdefender Internet Security (20191111)","COMODO Antivirus (20191111)","Dr.Web Security Space (20191111)","ESET Internet Security (20191111)","G DATA INTERNET SECURITY (20191111)","K7 Total Security (20191111)","Kaspersky Internet Security (20191111)","Malwarebytes Premium (20191111)","McAfee Total Protection (20191111)","Norton Security (20191111)","Panda Dome (20191111)","Quick Heal Internet Security (20191111)","Sophos Home Premium (20191111)","Tencent PC Manager (20191111)","Trend Micro Internet Security (20191111)","VIPRE Advanced Security (20191111)","VirIT eXplorer PRO (20191111)","Webroot SecureAnywhere (20191111)","Windows Defender (20191111)"],"avAllowList":["Avast Internet Security (20191111)","AVG Internet Security (20191111)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Adplexity search \"new tab\"","landingPage":"https://www.videostreamnow.com/uhd-player-lp-1500/?visitId=cbc048fe-7d13-47bc-a97b-70de09cb4989","directDownloadingLink":"http://www.watidondinom.com/o0d0mz*7zvp00/UHDmediaplayer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.watidondinom.com/o0d0mz*7zvp00/UHDmediaplayer.exe","sourceIndex":"2893"}],"sampleFiles":["190813/PCCleanerTechSPDownloadManager-181108/1.6/Samples/UHDmediaplayer_3499774669.exe"],"imageFiles":["190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-039/PCCleanerTechSPDownloadManager Install Process.gif","190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-039/Bundler app.gif","190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-048/PCCleanerTechSPDownloadManager Install Process.gif","190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-059/AVAST_Offer.PNG"],"nonDeceptorImageFiles":["190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-044/PCCleanerTechSPDownloadManager Install First Page.png","190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-065/PCCleanerTechSPDownloadManager Install First Page.png","190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-035/PCCleanerTechSPDownloadManager Install First Page.png","190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-036/PCCleanerTechSPDownloadManager Install First Page.png","190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-037/PCCleanerTechSPDownloadManager Install First Page.png","190813/PCCleanerTechSPDownloadManager-181108/1.6/Images/ACR-152/PCCleanerTechSPDownloadManager Install Process.gif"],"guid":"dc086bae-79fd-48c0-9382-60e1666e14ea_1.6_1","appID":"PCCleanerTechSPDownloadManager-181108","dateAdded":"190813","deceptorType":"Bundler","name":"PCCleanerTechSPDownloadManager","company":"PC Cleaner Tech Sp. Zo.o.","version":"1.6","lastKnownStatus":"Deceptor:3.0.5,1.2.8.0,1.6","lastKnownDate":"190813","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-08-13T23:06:31.2409619+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":531},{"violations":{"ACR-014":"Website offers an app, but instead downloads a download manager without any disclosure.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google searched \"free halo download\"","landingPage":"https://softfamous.com/halo-combat-evolved/","directDownloadingLink":"https://softfamous.com/postdownload-file/halo-combat-evolved/5267/1557/","ipv4":"","ipv6":"","landingPageWildChar":"https://softfamous.com/*","directDownloadingLinkWildChar":"https://softfamous.com/postdownload-file/*","sourceIndex":"2896"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"c1d2455b-f233-4754-ac24-eb44d58c5827_190809_1","appID":"SoftFamous-190410","dateAdded":"190813","deceptorType":"Download Site","name":"SoftFamous","company":"SoftFamous","version":"190809","lastKnownStatus":"Deceptor:190426,190813","lastKnownDate":"190813","type":"Download Site","category":"Games, Personalization & Search, Bundlers & Downloaders","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-08-13T17:27:33.8372672+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2128},{"violations":{"ACR-014":"Website offers an app, but instead downloads a download manager without any disclosure.\n","ACR-155":"Ads are placed such that they masquerade as the intended download buttons for the app, potentially misleading the user into clicking them.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google searched \"free halo download\"","landingPage":"https://softfamous.com/halo-combat-evolved/","directDownloadingLink":"https://softfamous.com/postdownload-file/halo-combat-evolved/5267/1557/","ipv4":"","ipv6":"","landingPageWildChar":"https://softfamous.com/*","directDownloadingLinkWildChar":"https://softfamous.com/postdownload-file/*","sourceIndex":"3097"}],"sampleFiles":[],"imageFiles":["190426/SoftFamous-190410/190410/Images/ACR-155/ADSInserted.png","190426/SoftFamous-190410/190410/Images/ACR-155/ADSInserted1.png"],"nonDeceptorImageFiles":[],"guid":"c1d2455b-f233-4754-ac24-eb44d58c5827_190410_1","appID":"SoftFamous-190410","dateAdded":"190813","deceptorType":"Download Site","name":"SoftFamous","company":"SoftFamous","version":"190410","sigName":"Deceptor:Affiliate/SoftFamous.com!014155","lastKnownStatus":"Deceptor:190426,190813","lastKnownDate":"190813","type":"Download Site","category":"Games, Personalization & Search, Bundlers & Downloaders","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-08-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2129},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service or privacy policy is provided for the download manager.\n","ACR-035":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"UHDmediaplayer.exe","isInstaller":"True","companyName":"Adsology                                                    ","fileVersion":"1.2","hashMD5":"ac5c2d78bd985632a6d9d5c12ec45165","hashSHA1":"42035b1fc2d2173f42adcca0b595b7db8e84023c","hashSHA256":"3d8da9a1cbca97fced570d2946a9e37bc847c38f149f831344cf8e3fabe9d6f9","sourceIndex":"3228","avBlockList":["Avira Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","Trend Micro Internet Security (20190425)","VirIT eXplorer PRO (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","COMODO Antivirus (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)"],"avAllowList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Bitdefender Internet Security (20190425)","ESET Internet Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","Webroot SecureAnywhere (20190425)","Dr.Web Security Space (20190425)","F-PROT Antivirus for Windows (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Adplexity search \"new tab\"","landingPage":"https://www.videostreamnow.com/uhd-player-lp-1500/?visitId=cbc048fe-7d13-47bc-a97b-70de09cb4989","directDownloadingLink":"http://www.watidondinom.com/kwf890x/UHDmediaplayer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.watidondinom.com/kwf890x/UHDmediaplayer.exe","sourceIndex":"3228"}],"sampleFiles":["190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Samples/UHDmediaplayer.exe"],"imageFiles":["190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Images/ACR-039/PCCleanerTechSPDownload Manager Install Process.gif","190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Images/ACR-048/PCCleanerTechSPDownload Manager Install Process.gif"],"nonDeceptorImageFiles":["190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Images/ACR-044/PCCleanerTechSPDownload Manager first Page of install.png","190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Images/ACR-065/PCCleanerTechSPDownload Manager first Page of install.png","190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Images/ACR-035/PCCleanerTechSPDownload Manager first Page of install.png","190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Images/ACR-036/PCCleanerTechSPDownload Manager first Page of install.png","190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Images/ACR-037/PCCleanerTechSPDownload Manager first Page of install.png","190130/PCCleanerTechSPDownloadManager-181108/1.2.8.0/Images/ACR-152/PCCleanerTechSPDownload Manager Install Process.gif"],"guid":"dc086bae-79fd-48c0-9382-60e1666e14ea_1.2.8.0_1","appID":"PCCleanerTechSPDownloadManager-181108","dateAdded":"190813","deceptorType":"Bundler","name":"PCCleanerTechSPDownloadManager","company":"PC Cleaner Tech Sp. Zo.o.","version":"1.2.8.0","sigName":"Deceptor/Win32:PCCleanerTechSPDownloadManager!039048","lastKnownStatus":"Deceptor:3.0.5,1.2.8.0,1.6","lastKnownDate":"190813","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-08-13T00:00:00+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":3,"sortOrder":533},{"violations":{"ACR-017":"Using unverifiable 3rd party award logo for misleading endorsement. The offered app have never pass AppEsteem certification\n","ACR-014":"Website presents the untruthful and unsubstantiated information about the offered app which is corrupted application. The comparison data is misleading and not substantiated. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Fake certified app","reference":"","landingPage":"http://pccleantool.com","ipv4":"","ipv6":"","sourceIndex":"2898"}],"sampleFiles":[],"imageFiles":["190809/PCCleanTool-190809/190809/Images/ACR-014/PCCleanTool_014.PNG","190809/PCCleanTool-190809/190809/Images/ACR-017/PCCleanTool_017.PNG"],"nonDeceptorImageFiles":[],"guid":"1717848b-8757-4a35-ab55-accf7e9360f1_190809_1","appID":"PCCleanTool-190809","dateAdded":"190809","deceptorType":"Affiliate","name":"PCCleanTool","company":"PCCleanTool","version":"190809","sigName":"Deceptor:Affiliate/PCCleanTool!014017","lastKnownStatus":"190809","lastKnownDate":"190809","type":"Affiliate","category":"SysTools & Utilities, Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-08-10T00:45:46.199062+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2130},{"violations":{"ACR-014":"The content presents untruthful information about PC errors can be caused by broken registry entries. It misleads user that downloading the offered app is needed to fix the unsubstantiated claims. It also has inconsistent recommendation: Reimage is highly recommended, but it download advanced system repair.\n\n","ACR-016":"By click the download link, it doesn't direct user to offered app's landing page with more details about the application, instead installer is downloaded directly to system.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"external report about bad affiliate","reference":"ASR; Reimage","landingPage":"http://pc-fix.net/","ipv4":"","ipv6":"","sourceIndex":"2899"}],"sampleFiles":[],"imageFiles":["190808/PCFIX-190808/190808/Images/ACR-014/PCFix_014_1.PNG","190808/PCFIX-190808/190808/Images/ACR-014/PCFix_014_2.PNG"],"nonDeceptorImageFiles":[],"guid":"bde16cc9-5f77-492f-bfb4-cb50c0f5d28d_190808_1","appID":"PCFIX-190808","dateAdded":"190808","deceptorType":"Affiliate Network","name":"PCFIX","company":"PCFIX_NET","version":"190808","sigName":"Deceptor:Affiliate/PCFIX!014016","lastKnownStatus":"190808","lastKnownDate":"190808","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-08-08T21:05:15.0881616+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2131},{"violations":{"ACR-005":"The extension mimics a system toolbar by displaying an unattributed search box.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"2.8.20.18_0.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"334bb27a1c3417c6e6e621ddc9a5f3fcc935532800e9750d96f680a8941013b1","sourceIndex":"3225","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Adplexity search \" new tab\"","landingPage":"https://www.couponsflash.co/edre6?t1=1614235848&t2=63687047191&t3=black%20friday%20ads&t4=&t5=d&t6=www.fingerhut.com&t7=kwd-268400339&t8=306327754065&t9=","directDownloadingLink":"https://chrome.google.com/webstore/detail/coupons-flash/ldmjjicpfnennblckebnfjgagfnkkafo","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/coupons-flash/ldmjjicpfnennblckebnfjgagfnkkafo","sourceIndex":"3225"}],"sampleFiles":["190130/CouponsFlash-181108/2.8.20.18/Samples/2.8.20.18_0.crx"],"imageFiles":["190130/CouponsFlash-181108/2.8.20.18/Images/ACR-005/couponsflash.PNG"],"nonDeceptorImageFiles":[],"guid":"0879c903-7ba1-4b62-b7dd-9e3edc9a009d_2.8.20.18_1","appID":"CouponsFlash-181108","dateAdded":"190806","deceptorType":"Chrome Extension","name":"CouponsFlash","company":"Ito Media","version":"2.8.20.18","sigName":"Deceptor:CRX/CouponsFlash!005","lastKnownStatus":"Deceptor:2.8.18.12,2.8.20.18,2.8.20.1","lastKnownDate":"190806","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-08-06T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2136},{"violations":{"ACR-005":"The extension mimics a system toolbar by displaying an unattributed search dialog at the top of its newtab page. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Coupons-Flash_v2.8.18.12.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"b61db969cf62f30c0e477a39e730e7d6","hashSHA1":"34f6c5be4f2cba7e1de2fb6a7d289767b92ec971","hashSHA256":"7acd80c42546378104d74f5f25b72fbd155201ceec302fdee7873c61ccac7799","storeId":"ldmjjicpfnennblckebnfjgagfnkkafo","sourceIndex":"3224","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Adplexity search \" new tab\"","landingPage":"https://www.couponsflash.co/edre6?t1=1614235848&t2=63687047191&t3=black%20friday%20ads&t4=&t5=d&t6=www.fingerhut.com&t7=kwd-268400339&t8=306327754065&t9=","directDownloadingLink":"https://chrome.google.com/webstore/detail/coupons-flash/ldmjjicpfnennblckebnfjgagfnkkafo","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/coupons-flash/ldmjjicpfnennblckebnfjgagfnkkafo","sourceIndex":"3224"}],"sampleFiles":["190130/CouponsFlash-181108/2.8.18.12/Samples/Coupons-Flash_v2.8.18.12.crx"],"imageFiles":["190130/CouponsFlash-181108/2.8.18.12/Images/ACR-005/ACR-005_software.JPG"],"nonDeceptorImageFiles":[],"guid":"0879c903-7ba1-4b62-b7dd-9e3edc9a009d_2.8.18.12_1","appID":"CouponsFlash-181108","dateAdded":"190806","deceptorType":"Chrome Extension","name":"CouponsFlash","company":"Ito Media","version":"2.8.18.12","sigName":"Deceptor:CRX/CouponsFlash!005","lastKnownStatus":"Deceptor:2.8.18.12,2.8.20.18,2.8.20.1","lastKnownDate":"190806","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-08-06T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2135},{"violations":{"ACR-005":"The extension mimics a system toolbar by displaying an unattributed search box.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"extension_2_8_20_1.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"11507f1bc79d25d4fc2c759b7799ee56","hashSHA1":"ae0c398b4972d019f58b127f21486935382c53ea","hashSHA256":"b403a9b3895addb86bb714af2b6b1df4ee448e7d51fe2bad1a4f13e7d22bd777","sourceIndex":"2902","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Adplexity search \" new tab\"","landingPage":"https://www.couponsflash.co/edre6?t1=1614235848&t2=63687047191&t3=black%20friday%20ads&t4=&t5=d&t6=www.fingerhut.com&t7=kwd-268400339&t8=306327754065&t9=","directDownloadingLink":"https://chrome.google.com/webstore/detail/coupons-flash/aooibaienhimmjcnjagohfjeagejjckp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/coupons-flash/aooibaienhimmjcnjagohfjeagejjckp","sourceIndex":"2902"}],"sampleFiles":["190806/CouponsFlash-181108/2.8.20.1/Samples/extension_2_8_20_1.crx"],"imageFiles":["190806/CouponsFlash-181108/2.8.20.1/Images/ACR-005/CouponsFlash Home Page.png"],"nonDeceptorImageFiles":[],"guid":"0879c903-7ba1-4b62-b7dd-9e3edc9a009d_2.8.20.1_1","appID":"CouponsFlash-181108","dateAdded":"190806","deceptorType":"Chrome Extension","name":"CouponsFlash","company":"Ito Media","version":"2.8.20.1","lastKnownStatus":"Deceptor:2.8.18.12,2.8.20.18,2.8.20.1","lastKnownDate":"190806","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-08-07T00:39:54.6449351+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2134},{"violations":{"ACR-014":"The downloaded App is different from the names of the promoted application. In the landing page, it mentioned name \"MacBooster\" and displays \"MacKeeper\" but when user click the \"Download Now\" it automatically downloads installer for the App name \"Combo Cleaner\".\n","ACR-016":"Although it redirects to the promoted application's landing page, it still automatically downloads the installer for the App Spyhunter when user click the button \"Click here to Download\". When MacOS user click the button \"Download Now\", it automatically downloads the installer for the App Combo Cleaner instead of directing user to promoted application's landing page with more details about the application.\n"},"nonDeceptorViolations":{"ACR-064":"The download button was not clearly-labelled, the button listed is labelled as Start Free Scan.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"submitted potential deceptor","reference":"https://www.pcmalwareexpert.com","landingPage":"https://www.pcmalwareexpert.com","ipv4":"","ipv6":"","sourceIndex":"2903"}],"sampleFiles":[],"imageFiles":["190806/PcMalwareExpertcom-190805/190805/Images/ACR-016/016_1.png","190806/PcMalwareExpertcom-190805/190805/Images/ACR-016/016_2.png","190806/PcMalwareExpertcom-190805/190805/Images/ACR-016/016_3.png","190806/PcMalwareExpertcom-190805/190805/Images/ACR-014/016_3.png"],"nonDeceptorImageFiles":["190806/PcMalwareExpertcom-190805/190805/Images/ACR-064/064_1.png","190806/PcMalwareExpertcom-190805/190805/Images/ACR-064/064_2.png"],"guid":"9450a71c-d9a3-4a15-be73-d6ef79df0ba4_190805_1","appID":"PcMalwareExpertcom-190805","dateAdded":"190806","deceptorType":"Affiliate","name":"PcMalwareExpert_com","company":"2019 Pc Malware Expert","version":"190805","sigName":"Deceptor:Affiliate/PCMalwareExpert!016014","lastKnownStatus":"190805","lastKnownDate":"190806","type":"Affiliate","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2019-08-06T20:41:07.0088447+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2133},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It runs and installs a malware file.\n","ACR-010":"The app downloaded is a fake Toolwiz Care Cleaner app which is a malware file. The malware may download and install other malicious file in the system. \n","ACR-014":"The App makes unsubstantiated claim that app will scan and clean computer, instead it downloads fake Toolwiz Care Cleaner app which is a malware file. The malware may download and install other malicious file in the system.\n"},"nonDeceptorViolations":{"ACR-014":"The App landing and download page randomly changes from the different websites. \n"},"samples":[{"isRevoked":"False","fileName":"Toolwiz_Internet_Installer.exe","isInstaller":"True","companyName":"Toolwiz Internet Installer ","productName":"possibilitie","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"8fd6db3d21cbd3bc691aabba28a45cf7","hashSHA1":"824b7304717476d5bfc6cb96c38646a4bf99f5ba","hashSHA256":"61e6f6e88ea319bc8e6ddf2d756ee6908251c7852b766c29f87e204b54242fa1","digitalCertThumbprint":"2A4DE1B5572881668062D764BA3370CED0643D02","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Olawalex LTD, O=Olawalex LTD, L=Rochester, S=Kent, C=GB, SERIALNUMBER=11141863, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Rochester, OID.1.3.6.1.4.1.311.60.2.1.2=Kent, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"2904","avBlockList":["360 Total Security (20190926)","Avast Internet Security (20190926)","AVG Internet Security (20190926)","Avira Internet Security (20190926)","Bitdefender Internet Security (20190926)","COMODO Antivirus (20190926)","ESET Internet Security (20190926)","G DATA INTERNET SECURITY (20190926)","K7 Total Security (20190926)","Kaspersky Internet Security (20190926)","Malwarebytes Premium (20190926)","McAfee Total Protection (20190926)","Norton Security (20190926)","Panda Dome (20190926)","Quick Heal Internet Security (20190926)","Sophos Home Premium (20190926)","Trend Micro Internet Security (20190926)","VIPRE Advanced Security (20190926)","VirIT eXplorer PRO (20190926)","Webroot SecureAnywhere (20190926)","Windows Defender (20190926)"],"avAllowList":["Dr.Web Security Space (20190926)","Tencent PC Manager (20190926)"]},{"isRevoked":"False","fileName":"Toolwiz_Installer.exe","isInstaller":"True","companyName":"Toolwiz_Installer","productName":"TrackBall","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"6f591528ace62395d7738d85910fee19","hashSHA1":"40ca3cf90fddb672bcbb1ae7664ed9e3d4718ed0","hashSHA256":"d03bd1deb09da1af76d293c6862a19550f1a917609313ddf03b722e586d0d15f","digitalCertThumbprint":"2A4DE1B5572881668062D764BA3370CED0643D02","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Olawalex LTD, O=Olawalex LTD, L=Rochester, S=Kent, C=GB, SERIALNUMBER=11141863, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Rochester, OID.1.3.6.1.4.1.311.60.2.1.2=Kent, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"2905","avBlockList":["360 Total Security (20190926)","Avast Internet Security (20190926)","AVG Internet Security (20190926)","Avira Internet Security (20190926)","Dr.Web Security Space (20190926)","ESET Internet Security (20190926)","G DATA INTERNET SECURITY (20190926)","K7 Total Security (20190926)","Kaspersky Internet Security (20190926)","Malwarebytes Premium (20190926)","McAfee Total Protection (20190926)","Norton Security (20190926)","Panda Dome (20190926)","Quick Heal Internet Security (20190926)","Sophos Home Premium (20190926)","Trend Micro Internet Security (20190926)","VirIT eXplorer PRO (20190926)","Webroot SecureAnywhere (20190926)","Windows Defender (20190926)"],"avAllowList":["Bitdefender Internet Security (20190926)","COMODO Antivirus (20190926)","Tencent PC Manager (20190926)","VIPRE Advanced Security (20190926)"]},{"isRevoked":"False","fileName":"Toolwiz_Internet_Setup.exe","isInstaller":"True","companyName":"Toolwiz Internet Installеr","fileVersion":"1.0","hashMD5":"31c3ea473d0b5a2d94d721b84ecacf95","hashSHA1":"1907a0a0e204cce547796e62e707c2310872f5df","hashSHA256":"ca937553d09faf78104a15bb0f07cfa328f3b99bff9f48e488bd4d4d36ac4368","digitalCertThumbprint":"2A4DE1B5572881668062D764BA3370CED0643D02","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Olawalex LTD, O=Olawalex LTD, L=Rochester, S=Kent, C=GB, SERIALNUMBER=11141863, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Rochester, OID.1.3.6.1.4.1.311.60.2.1.2=Kent, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"2909","avBlockList":["360 Total Security (20190722)","Avast Internet Security (20190722)","AVG Internet Security (20190722)","Avira Internet Security (20190722)","Bitdefender Internet Security (20190722)","COMODO Antivirus (20190722)","Dr.Web Security Space (20190722)","ESET Internet Security (20190722)","G DATA INTERNET SECURITY (20190722)","K7 Total Security (20190722)","Kaspersky Internet Security (20190722)","Malwarebytes Premium (20190722)","McAfee Total Protection (20190722)","Norton Security (20190722)","Panda Dome (20190722)","Quick Heal Internet Security (20190722)","Sophos Home Premium (20190722)","Tencent PC Manager (20190722)","Trend Micro Internet Security (20190722)","VIPRE Advanced Security (20190722)","VirIT eXplorer PRO (20190722)","Webroot SecureAnywhere (20190722)","Windows Defender (20190722)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Toolwiz_Quick_Setup.exe","isInstaller":"True","companyName":"Yogi Yang 007","fileVersion":"3.0","hashMD5":"b29f9628b8d1a5214d3357ba79178eca","hashSHA1":"a4f076b05e00cef3fb8d6830d490f85ad8c484b5","hashSHA256":"62446f40f1e6438d9d77b9cbd74cff8873dc8590e0d0dcb7024f9eff47858063","sourceIndex":"2913","avBlockList":["360 Total Security (20191021)","Avast Internet Security (20191021)","AVG Internet Security (20191021)","Avira Internet Security (20191021)","Bitdefender Internet Security (20191021)","COMODO Antivirus (20191021)","Dr.Web Security Space (20191021)","ESET Internet Security (20191021)","G DATA INTERNET SECURITY (20191021)","K7 Total Security (20191021)","Kaspersky Internet Security (20191021)","Malwarebytes Premium (20191021)","McAfee Total Protection (20191021)","Norton Security (20191021)","Panda Dome (20191021)","Quick Heal Internet Security (20191021)","Sophos Home Premium (20191021)","Tencent PC Manager (20191021)","Trend Micro Internet Security (20191021)","VIPRE Advanced Security (20191021)","VirIT eXplorer PRO (20191021)","Webroot SecureAnywhere (20191021)","Windows Defender (20191021)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Toolwiz.exe","isInstaller":"True","fileVersion":"3.0","hashMD5":"03fb43f89db2de89320d5fbf911e67f5","hashSHA1":"4a2a69c17b4162e63e4b19f3bcafa731ffed8a5b","hashSHA256":"5ce044782d89ba7389f511fe6fa723ba7d8fb28a443392d6036613e6fbb7aaf8","sourceIndex":"2914","avBlockList":["360 Total Security (20191021)","Avast Internet Security (20191021)","AVG Internet Security (20191021)","Avira Internet Security (20191021)","Bitdefender Internet Security (20191021)","COMODO Antivirus (20191021)","Dr.Web Security Space (20191021)","ESET Internet Security (20191021)","G DATA INTERNET SECURITY (20191021)","K7 Total Security (20191021)","Kaspersky Internet Security (20191021)","Malwarebytes Premium (20191021)","McAfee Total Protection (20191021)","Norton Security (20191021)","Panda Dome (20191021)","Quick Heal Internet Security (20191021)","Sophos Home Premium (20191021)","Tencent PC Manager (20191021)","Trend Micro Internet Security (20191021)","VIPRE Advanced Security (20191021)","VirIT eXplorer PRO (20191021)","Webroot SecureAnywhere (20191021)","Windows Defender (20191021)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Toolwiz(1.0.0.0) 2.exe","isInstaller":"True","companyName":"Toolwiz Software","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"40ede0ba066c6ae3f3c12229327b4273","hashSHA1":"76205a0814d4b1872a8948b52464d8450e0a4e00","hashSHA256":"86fb1fa75280ccfa1f7862afb158ba08735fe3d49943fd0340bd891378e6e507","sourceIndex":"2918","avBlockList":["360 Total Security (20190822)","Avast Internet Security (20190822)","AVG Internet Security (20190822)","Avira Internet Security (20190822)","Bitdefender Internet Security (20190822)","COMODO Antivirus (20190822)","Dr.Web Security Space (20190822)","ESET Internet Security (20190822)","G DATA INTERNET SECURITY (20190822)","K7 Total Security (20190822)","Kaspersky Internet Security (20190822)","Malwarebytes Premium (20190822)","McAfee Total Protection (20190822)","Norton Security (20190822)","Panda Dome (20190822)","Quick Heal Internet Security (20190822)","Sophos Home Premium (20190822)","Tencent PC Manager (20190822)","Trend Micro Internet Security (20190822)","VIPRE Advanced Security (20190822)","VirIT eXplorer PRO (20190822)","Webroot SecureAnywhere (20190822)","Windows Defender (20190822)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Toolwiz (1.0.0.0) 3.exe","isInstaller":"True","companyName":"Toolwiz Software","fileVersion":"1.0","hashMD5":"fa32fd77b40cddfbdfc8c0e8dae60476","hashSHA1":"d9b6379830e44684779a81c1c5adb796d8c97f77","hashSHA256":"bf565ff43ac4112430897ea7d838cf170ed26c4c4e68fed10574ffa2d784fe32","digitalCertThumbprint":"EF15184F8EC50B04B13F73EE817D0D6FBCE0DF53","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Geopel Limited, O=Geopel Limited, L=London, C=GB, SERIALNUMBER=11149935, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"2919","avBlockList":["360 Total Security (20191031)","Avast Internet Security (20191031)","AVG Internet Security (20191031)","Avira Internet Security (20191031)","Bitdefender Internet Security (20191031)","COMODO Antivirus (20191031)","Dr.Web Security Space (20191031)","ESET Internet Security (20191031)","G DATA INTERNET SECURITY (20191031)","K7 Total Security (20191031)","Kaspersky Internet Security (20191031)","Malwarebytes Premium (20191031)","McAfee Total Protection (20191031)","Norton Security (20191031)","Panda Dome (20191031)","Quick Heal Internet Security (20191031)","Sophos Home Premium (20191031)","Tencent PC Manager (20191031)","Trend Micro Internet Security (20191031)","VIPRE Advanced Security (20191031)","VirIT eXplorer PRO (20191031)","Webroot SecureAnywhere (20191031)","Windows Defender (20191031)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"optimize computer\"","reference":"https://static.fourstardrywall.com/lander/index-2/index.html","landingPage":"https://static.fourstardrywall.com/lander/index-2/index.html","directDownloadingLink":"http://toolwiz-care-for-windows-7.advancedqtp.com/Toolwiz/Toolwiz_Internet_Installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://toolwiz-care-for-windows-7.advancedqtp.com/Toolwiz/Toolwiz_Internet_Installer.exe","sourceIndex":"2904"},{"howFound":"google search \"optimize computer\"","reference":"https://static.fourstardrywall.com/lander/index-2/index.html","landingPage":"https://static.fourstardrywall.com/lander/index-2/index.html","directDownloadingLink":"http://software-optimize-windows-7.bearfootknivesandgun.com/ToolWiz/Toolwiz_Installer.rar","ipv4":"","ipv6":"","sourceIndex":"2905"},{"howFound":"google search \"optimize computer\"","reference":"","landingPage":"https://what-is-best-cleaner-software-for-windows.drdirt.com/","ipv4":"","ipv6":"","sourceIndex":"2906"},{"howFound":"google search \"optimize computer\"","reference":"","landingPage":"https://how-to-improve-pc-performance.nadyabrand.com/","ipv4":"","ipv6":"","sourceIndex":"2907"},{"howFound":"google search \"optimize computer\"","reference":"","landingPage":"https://solutions-for-slow-pc.positroninc.com/","ipv4":"","ipv6":"","sourceIndex":"2908"},{"howFound":"google search \"PC Cleanup\"","reference":"","landingPage":"","directDownloadingLink":"http://easy-pc-cleaner-free-tool-wiz.pmgza.com/ToolwizSetup/Toolwiz_Internet_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"2909"},{"howFound":"","reference":"","landingPage":"https://best-registry-cleaner-and-pc-optimizer-software.ironram.com/","ipv4":"","ipv6":"","sourceIndex":"2910"},{"howFound":"","reference":"","landingPage":"https://top-10-software-to-speed-up-pc.richmolnar.com/","ipv4":"","ipv6":"","sourceIndex":"2911"},{"howFound":"","reference":"","landingPage":"https://toolwiz-app-download.bar-tal.com/","ipv4":"","ipv6":"","sourceIndex":"2912"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"http://computer-cleaning-software-free-download.testagon.com/ToolWiz_Install/Toolwiz_Quick_Setup.zip","ipv4":"","ipv6":"","sourceIndex":"2913"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://toolwiz-app-download.bar-tal.com/toolwiz/Toolwiz.rar","ipv4":"","ipv6":"","sourceIndex":"2914"},{"howFound":"","reference":"","landingPage":"https://tracker.congressimmigrationbill.com/lander/index-2/index.html","ipv4":"","ipv6":"","sourceIndex":"2915"},{"howFound":"","reference":"","landingPage":"https://toolwiz-software.mutagenix.org/landing/","ipv4":"","ipv6":"","sourceIndex":"2916"},{"howFound":"","reference":"","landingPage":"https://static.supercuoco.com/lander/index-2/index.html","ipv4":"","ipv6":"","sourceIndex":"2917"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://toolwiz-app-download.bar-tal.com/toolwiz/Toolwiz.zip","ipv4":"","ipv6":"","sourceIndex":"2918"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"http://toolwiz-care-download-file.livelyonline.biz/catalogue/Toolwiz.zip","ipv4":"","ipv6":"","sourceIndex":"2919"}],"sampleFiles":["190806/ToolWizCare-190627/1.0.0.0/Samples/Toolwiz_Internet_Installer.exe","190806/ToolWizCare-190627/1.0.0.0/Samples/Toolwiz_Installer.exe","190806/ToolWizCare-190627/1.0.0.0/Samples/Toolwiz_Internet_Setup.exe","190806/ToolWizCare-190627/1.0.0.0/Samples/Toolwiz_Quick_Setup.exe","190806/ToolWizCare-190627/1.0.0.0/Samples/Toolwiz.exe","190806/ToolWizCare-190627/1.0.0.0/Samples/Toolwiz(1.0.0.0) 2.exe","190806/ToolWizCare-190627/1.0.0.0/Samples/Toolwiz (1.0.0.0) 3.exe"],"imageFiles":["190806/ToolWizCare-190627/1.0.0.0/Images/ACR-014/landing.png"],"nonDeceptorImageFiles":["190806/ToolWizCare-190627/1.0.0.0/Images/ACR-014/landing.png","190806/ToolWizCare-190627/1.0.0.0/Images/ACR-014/ram.png","190806/ToolWizCare-190627/1.0.0.0/Images/ACR-014/start.png","190806/ToolWizCare-190627/1.0.0.0/Images/ACR-014/OS.png"],"guid":"556f8d5b-5e8a-474c-ac45-45ac3bea356a_1.0.0.0_1","appID":"ToolWizCare-190627","dateAdded":"190806","deceptorType":"App","name":"ToolWiz Care","company":"Olawalex LTD","version":"1.0.0.0","sigName":"Deceptor:Win32/ToolWizCare!010014042","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2132},{"violations":{"ACR-004":"App offers an ongoing subscription service, but does not offer free fixes for the free scan results shown. App exaggerates its sense of urgency in its free scan results with alarming colors and gauges.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"avastdriverupdater.exe","isInstaller":"True","companyName":"Slimware Utilities Holdings, Inc.","fileVersion":"2.23","hashMD5":"9517246195b07fe8f4e6ad34556699f9","hashSHA1":"cdde928f62803334b14fe9cb59d35745323ce628","hashSHA256":"03c0b95c3aedfff07d292a47402eb9ce4edf96b7a2e53fe58b88ae2c5bd59539","digitalCertThumbprint":"C67DAF3579E281EC9895CD6669BF5A939F186DE0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Avast Software s.r.o., OU=Release Engineering 302, O=Avast Software s.r.o., L=Praha, C=CZ","sourceIndex":"2922","avBlockList":["Avira Internet Security (20190502)","ESET Internet Security (20190502)","K7 Total Security (20190502)","Sophos Home Premium (20190502)","Trend Micro Internet Security (20190502)","VirIT eXplorer PRO (20190502)","Webroot SecureAnywhere (20190502)","Windows Defender (20190502)","Dr.Web Security Space (20190502)"],"avAllowList":["Avast Internet Security (20190502)","AVG Internet Security (20190502)","Bitdefender Internet Security (20190502)","G DATA INTERNET SECURITY (20190502)","Kaspersky Internet Security (20190502)","Malwarebytes Premium (20190502)","McAfee Total Protection (20190502)","Norton Security (20190502)","Panda Dome (20190502)","360 Total Security (20190502)","COMODO Antivirus (20190502)","F-PROT Antivirus for Windows (20190404)","Quick Heal Internet Security (20190502)","SpyHunter5 (20190404)","Tencent PC Manager (20190502)","VIPRE Advanced Security (20190502)"]},{"isRevoked":"False","fileName":"Avast Driver Updater.exe","companyName":"AVAST Software","fileVersion":"2.5","hashMD5":"fe934877a93386ea7a344c68a643c447","hashSHA1":"e63d9ff7c5006077588b3589ade0222228e2a15f","hashSHA256":"6baac60a703445e78ed0f55c032fbdf3b03692e61bd1fe8d6ad1243e240ea46e","digitalCertThumbprint":"C67DAF3579E281EC9895CD6669BF5A939F186DE0","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Avast Software s.r.o., OU=Release Engineering 302, O=Avast Software s.r.o., L=Praha, C=CZ","sourceIndex":"2922","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Inquiry","reference":"request from Insiders","landingPage":"https://www.avast.com/en-us/driver-updater","directDownloadingLink":"https://www.avast.com/en-us/download-thank-you.php?product=DRP&locale=en-us","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.avast.com/en-us/download-thank-you.php?product=DRP&locale=en-us","sourceIndex":"2922"}],"sampleFiles":["190805/AvastDriverUpdater-190204/2.23.1.0/Samples/avastdriverupdater.exe","190805/AvastDriverUpdater-190204/2.23.1.0/Samples/Avast Driver Updater.exe"],"imageFiles":["190805/AvastDriverUpdater-190204/2.23.1.0/Images/ACR-004/avast_registerpaytofix.PNG","190805/AvastDriverUpdater-190204/2.23.1.0/Images/ACR-004/avast_scanresult.PNG","190805/AvastDriverUpdater-190204/2.23.1.0/Images/ACR-004/avast_scanresultsummary.PNG"],"nonDeceptorImageFiles":[],"guid":"2f729aab-f40d-45b0-9179-074299f1f3d9_2.23.1.0_1","appID":"AvastDriverUpdater-190204","dateAdded":"190805","deceptorType":"App","name":"Avast Driver Updater","company":"Avast Software s.r.o.","version":"2.23.1.0","sigName":"Deceptor:Win32/AvastDriverUpdater!004","firstResolvedDate":"190919","firstResolvedVersion":"2.24.1.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.23.1.0;2.24.1.0,NonDeeptor:2.24.1.0","lastKnownDate":"190805","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-09-19T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2139},{"violations":{"ACR-048":"Close button will make the app minimize to system tray. App misses option for user to turn this off in settings or show notification that app is still running in background and instruct user how to close app completely.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable or expired endorsements.\n","ACR-084":"The silence installation option exist in the app. The usage of this silence installation need to be disclosed if this is necessary for app. \"\"Setup_fbc.exe\"/VERYSILENT /SUPPRESSMSGBOXES /NORESTART \"\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose Original filename, Company name, Product name, Product version and File version for \"lz4helper.dll\" executable. \n","ACR-065":"The app needs to disclose Privacy policy during installation.\nThe app needs to disclose EULA/Privacy policy in the software.\nThe app needs to disclose Refund policy in the landing page.\n","ACR-088":"The app performs a system scan automatically without the consumer's action and authorization.\n","ACR-092":"Digital signature is required for all the components.\n","ACR-157":"The certified app should be signed with signing cert that is exclusively used for certified app. Please get the right signing cert ready for this app after it passes all other ACR's and get this final build be signed with right signing cert.\n","ACR-099":"The app needs to disclose uninstall information in the software.\n","ACR-167":"The app needs to disclose Refund policy.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable or expired endorsements.\n"},"samples":[{"isRevoked":"False","fileName":"Setup_fbc.exe","isInstaller":"True","companyName":"FastPcTools                                                 ","productName":"Fast Browser Cleaner                                        ","productVersion":"2.1.1.0                                           ","fileVersion":"2.1.1.0             ","hashMD5":"a92b61b3044dc6cab2ad99692b83f1e3","hashSHA1":"0cd4287d4a61aa9a3abffaf9759fd5f659cef018","hashSHA256":"e64b4e1130cce6362e4a304d48555bc061e9aca76ebafe8a6fbda2e494a20fb1","digitalCertThumbprint":"64975033AB1319FFB9ABAFA6A29057BA0E7D42C5","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"FastPCTools","sourceIndex":"2901","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor app vendor's apps","reference":"FastVideo Download","landingPage":"https://www.fastpctools.com/fbc/","ipv4":"","ipv6":"","sourceIndex":"2901"}],"sampleFiles":["190805/FastBrowserCleaner-190729/2.1.1.0/Samples/Setup_fbc.exe"],"imageFiles":["190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-048/ACR-048_Software_CloseMapsToMinimizeOption.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogo.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-084/ACR-084_Software_SilentInstallationExist.JPG"],"nonDeceptorImageFiles":["190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-038/ACR-038_Install_NoVersionInfo.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-065/ACR-065_Software_NoDocs.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-065/ACR-065_LandingPage_NoRefundPolicy.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-017/ACR-017_LandingPage_MisleadingLogo.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-088/ACR-088_Software_AutoScanPostInstall.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-092/ACR-092_Software_NoDigitalSignature.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-099/ACR-099_Software_NoUninstallInfo.JPG","190805/FastBrowserCleaner-190729/2.1.1.0/Images/ACR-167/ACR-167_Docs_NoRefundPolicy.JPG"],"guid":"8efb0396-feb2-42fa-abe8-824955e41e7d_2.1.1.0_1","appID":"FastBrowserCleaner-190729","dateAdded":"190805","deceptorType":"App","name":"Fast Browser Cleaner","company":"FastPCTools","version":"2.1.1.0","sigName":"Deceptor:Win32/FastBrowserCleaner!084048017","firstVendorContactDate":"190807","firstAppEsteemReplyDate":"190807","firstResolvedDate":"190807","firstResolvedVersion":"2.1.1.1","resolved":"TRUE","lastKnownStatus":"2.1.1.0","lastKnownDate":"190805","type":"Windows Executable","lastUpdate":"2019-08-07T22:32:09.4898675+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2137},{"violations":{"ACR-004":"App offers an ongoing subscription service, but does not offer free fixes for the free scan results shown. For Driver Update utility, it can ask for one time fix payment, but not the term based service payment.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose (Original Filename, Company Name, Product Name File Version and Product Version) version information for the following executable: Icon.exe\n","ACR-065":"The app needs to disclose Privacy Policy during installation\nThe app needs to disclose EULA Or Terms of Service, Returns Policy and Privacy Policy in the app's about page or software\n","ACR-002":"The app needs to have an identical name across all points of the consumer interaction. Needs to update company name as \"AVAST Software\" instead of \"SlimWare Utilities Inc\"\n","ACR-092":"Digital signature is missing for \"Icon.exe\" executable\n","ACR-099":"The app needs to disclose uninstall information in the app's about page or software\nNeeds to disclose uninstall information in the landing page\n"},"samples":[{"isRevoked":"False","fileName":"avastdriverupdater (1).exe","isInstaller":"True","companyName":"Slimware Utilities Holdings Inc.","productName":"Avast Driver Updater","productVersion":"2.24.1.0","fileVersion":"2.24.1.0","hashMD5":"b9ea14a38ea5455e821e6ef88d7a8e6e","hashSHA1":"dbc99a4d92656b61cbbfae89b2e2a8ee1c6bcacc","hashSHA256":"1ca1fd1120765247cc9f19836a38d4140210471a2ef9ea8561364414ce046006","digitalCertThumbprint":"C67DAF3579E281EC9895CD6669BF5A939F186DE0","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Avast Software s.r.o.","sourceIndex":"2768","avBlockList":["Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","K7 Total Security (20190905)","Malwarebytes Premium (20190905)","Panda Dome (20190905)","Sophos Home Premium (20190905)","Trend Micro Internet Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)"],"avAllowList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","G DATA INTERNET SECURITY (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Quick Heal Internet Security (20190905)","Tencent PC Manager (20190905)","VIPRE Advanced Security (20190905)","Kaspersky Internet Security (20190905)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Inquiry","reference":"request from Insiders","landingPage":"https://www.avast.com/en-us/driver-updater","directDownloadingLink":"https://www.avast.com/en-us/download-thank-you.php?product=DRP&locale=en-us","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.avast.com/en-us/download-thank-you.php?product=DRP&locale=en-us","sourceIndex":"2768"}],"sampleFiles":["190805/AvastDriverUpdater-190204/2.24.1.0/Samples/avastdriverupdater (1).exe"],"imageFiles":["190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-004/ACR-004_Software_Offers_Yearly_Subscription.JPG","190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-004/ACR-004_Software_Does_Not_Provide_Free_Fix.JPG"],"nonDeceptorImageFiles":["190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-038/ACR-038_Install_Version_Info_Is_Missing.JPG","190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-065/ACR-065_Install_Privacy_Policy_Is_Missing.JPG","190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-065/ACR-065_Software_EULA&PrivacyPolicy_Is_Missing.JPG","190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-002/ACR-002_Software_Contains_Inconsistent_CompanyName.JPG","190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-092/ACR-092_Software_Digital_Sign_Is_Missing.JPG","190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-099/ACR-099_Software_Uninstall_Info_Is_Missing.JPG","190805/AvastDriverUpdater-190204/2.24.1.0/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info_Is_Missing.JPG"],"guid":"2f729aab-f40d-45b0-9179-074299f1f3d9_2.24.1.0_1","appID":"AvastDriverUpdater-190204","dateAdded":"190805","deceptorType":"App","name":"Avast Driver Updater","company":"Avast Software s.r.o.","version":"2.24.1.0","firstResolvedDate":"190919","firstResolvedVersion":"2.24.1.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.23.1.0;2.24.1.0,NonDeeptor:2.24.1.0","lastKnownDate":"190805","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-09-19T23:08:58.171431+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2138},{"violations":{"ACR-010":"Website claims to download Toolwiz Care Cleaner, but downloads malware instead.\n"},"nonDeceptorViolations":{"ACR-010":"The app downloaded from download website is fake Toolwiz Care Cleaner app. The malware may download and install other malicious file in the system. Example of download link is hxxp://toolwiz-care-for-windows-7.advancedqtp.com/Toolwiz/Toolwiz_Internet_Installer.exe \n","ACR-014":"The site makes unsubstantiated claim that downloaded app is a ToolWiz Care Cleaner, instead it install a malware file in the system. The App landing and download page randomly changes from the different websites.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"optimize computer\"","reference":"https://static.fourstardrywall.com/lander/index-2/index.html","landingPage":"https://static.fourstardrywall.com/lander/index-2/index.html","directDownloadingLink":"http://toolwiz-care-for-windows-7.advancedqtp.com/Toolwiz/Toolwiz_Internet_Installer.exe","ipv4":"","ipv6":"","sourceIndex":"2924"},{"howFound":"google search \"optimize computer\"","reference":"https://static.fourstardrywall.com/lander/index-2/index.html","landingPage":"","directDownloadingLink":"http://software-optimize-windows-7.bearfootknivesandgun.com/ToolWiz/Toolwiz_Installer.rar","ipv4":"","ipv6":"","sourceIndex":"2925"},{"howFound":"google search \"optimize computer\"","reference":"","landingPage":"https://what-is-best-cleaner-software-for-windows.drdirt.com/","ipv4":"","ipv6":"","sourceIndex":"2926"},{"howFound":"google search \"optimize computer\"","reference":"","landingPage":"https://how-to-improve-pc-performance.nadyabrand.com/","ipv4":"","ipv6":"","sourceIndex":"2927"},{"howFound":"google search \"optimize computer\"","reference":"","landingPage":"https://solutions-for-slow-pc.positroninc.com/","ipv4":"","ipv6":"","sourceIndex":"2928"},{"howFound":"google \"PC Cleanup\"","reference":"","landingPage":"","directDownloadingLink":"http://easy-pc-cleaner-free-tool-wiz.pmgza.com/ToolwizSetup/Toolwiz_Internet_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"2929"},{"howFound":"","reference":"","landingPage":"https://best-registry-cleaner-and-pc-optimizer-software.ironram.com/","ipv4":"","ipv6":"","sourceIndex":"2930"},{"howFound":"","reference":"","landingPage":"https://top-10-software-to-speed-up-pc.richmolnar.com/","ipv4":"","ipv6":"","sourceIndex":"2931"},{"howFound":"","reference":"","landingPage":"https://toolwiz-app-download.bar-tal.com/","ipv4":"","ipv6":"","sourceIndex":"2932"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"http://computer-cleaning-software-free-download.testagon.com/ToolWiz_Install/Toolwiz_Quick_Setup.zip","ipv4":"","ipv6":"","sourceIndex":"2933"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://toolwiz-app-download.bar-tal.com/toolwiz/Toolwiz.rar","ipv4":"","ipv6":"","sourceIndex":"2934"},{"howFound":"","reference":"","landingPage":"https://tracker.congressimmigrationbill.com/lander/index-2/index.html","ipv4":"","ipv6":"","sourceIndex":"2935"},{"howFound":"","reference":"","landingPage":"https://toolwiz-software.mutagenix.org/landing/","ipv4":"","ipv6":"","sourceIndex":"2936"},{"howFound":"","reference":"","landingPage":"https://static.supercuoco.com/lander/index-2/index.html","ipv4":"","ipv6":"","sourceIndex":"2937"},{"howFound":"","reference":"","landingPage":"","directDownloadingLink":"https://toolwiz-app-download.bar-tal.com/toolwiz/Toolwiz.zip","ipv4":"","ipv6":"","sourceIndex":"2938"}],"sampleFiles":[],"imageFiles":["190730/ToolWiz-Care-190627/190627/Images/ACR-010/landing.png"],"nonDeceptorImageFiles":["190730/ToolWiz-Care-190627/190627/Images/ACR-014/landing.png","190730/ToolWiz-Care-190627/190627/Images/ACR-014/ram.png","190730/ToolWiz-Care-190627/190627/Images/ACR-014/start.png","190730/ToolWiz-Care-190627/190627/Images/ACR-014/OS.png"],"guid":"6509b2a0-81bc-433f-a07c-e9220ffb5ce2_190627_1","appID":"ToolWiz-Care-190627","dateAdded":"190730","deceptorType":"Download Site","name":"Toolwiz_Care","company":"2019 ToolWiz Care","version":"190627","sigName":"Deceptor:Affiliate/Toolwiz_Care!010","lastKnownStatus":"190628","lastKnownDate":"190730","type":"Download Site","category":"SysTools & Utilities","ageAppropriate":"12+ appropriate","lastUpdate":"2019-07-30T19:30:27.0286309+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2140},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, privacy policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"pc speedup tools inc.\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"cppsetup.exe","isInstaller":"True","companyName":"pc speedup tools inc.","productName":"Clean PC-Pro 2018","productVersion":"1.0.4.87","fileVersion":"1.0.4.87","hashMD5":"451554192d234e3c2757cd80f114cb65","hashSHA1":"9cc8021afcca6e343ea1971b6b52059250b8f24b","hashSHA256":"c6b82248623cb222b12b18a9569aa48c65c42a2d20f945813cd39a3261bf8ddd","digitalCertThumbprint":"4824A866B4233B210C7925B48C336CC9FB78331C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=pc speedup tools inc., O=pc speedup tools inc., STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"2941","avBlockList":["360 Total Security (20191021)","Avast Internet Security (20191021)","AVG Internet Security (20191021)","Avira Internet Security (20191021)","Bitdefender Internet Security (20191021)","COMODO Antivirus (20191021)","Dr.Web Security Space (20191021)","ESET Internet Security (20191021)","G DATA INTERNET SECURITY (20191021)","K7 Total Security (20191021)","Kaspersky Internet Security (20191021)","Malwarebytes Premium (20191021)","McAfee Total Protection (20191021)","Norton Security (20191021)","Panda Dome (20191021)","Quick Heal Internet Security (20191021)","Sophos Home Premium (20191021)","Tencent PC Manager (20191021)","Trend Micro Internet Security (20191021)","VIPRE Advanced Security (20191021)","VirIT eXplorer PRO (20191021)","Webroot SecureAnywhere (20191021)","Windows Defender (20191021)"],"avAllowList":[]},{"isRevoked":"False","fileName":"rclr.exe","companyName":"n/a","productName":"Booster Tool","productVersion":"1.0.4.87","fileVersion":"1.0.4.87","hashMD5":"09a85360e77c09588d46c4df66c44aa2","hashSHA1":"fcebf4fac373daa7ab6d5b32b3d9cc21cc864a6b","hashSHA256":"b4fa390035d70734221d33b15c607f745c69de59160e1d5c62c8f34c5dcc6862","digitalCertThumbprint":"4824A866B4233B210C7925B48C336CC9FB78331C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=pc speedup tools inc., O=pc speedup tools inc., STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"2941","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cppsetup (3.0.0.30).exe","isInstaller":"True","productVersion":"3.0.0.30","fileVersion":"3.0.0.30","hashMD5":"d2f762672c5ad55f5fa53d6d63212c3a","hashSHA1":"6b159d86ab9ff832cde996f44203e5cde6132c04","hashSHA256":"5d9d206d41e0f00789f0c5a8bc515a9f88156a2aad014361a3b7f25a0f9dffe6","digitalCertThumbprint":"FC886C3C889AE32F54F4C96958CFC1E788FE9654","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WlNCARE UTILITIES, O=WlNCARE UTILITIES, POBox=302012, STREET=\"47, Shilp Colony, Jhotwara\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"2942","avBlockList":["360 Total Security (20191021)","Avast Internet Security (20191021)","AVG Internet Security (20191021)","Avira Internet Security (20191021)","Bitdefender Internet Security (20191021)","COMODO Antivirus (20191021)","Dr.Web Security Space (20191021)","ESET Internet Security (20191021)","G DATA INTERNET SECURITY (20191021)","K7 Total Security (20191021)","Kaspersky Internet Security (20191021)","Malwarebytes Premium (20191021)","McAfee Total Protection (20191021)","Norton Security (20191021)","Panda Dome (20191021)","Quick Heal Internet Security (20191021)","Sophos Home Premium (20191021)","Tencent PC Manager (20191021)","Trend Micro Internet Security (20191021)","VIPRE Advanced Security (20191021)","VirIT eXplorer PRO (20191021)","Webroot SecureAnywhere (20191021)","Windows Defender (20191021)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Deceptor Report","reference":"","landingPage":"http://lp.techtipsforpc.com/cldttfpc/?x-context=7da4d0175f8948a0bf4a5386472fa72a_52768&utm_source=cldttfpc&utm_campaign=cldttfpc&pxl=CLD3238_CLD3166_RUNT&utm_pubid=30193&x-at=&override=1","ipv4":"","ipv6":"","sourceIndex":"2941"},{"howFound":"","reference":"","landingPage":"http://onesysutils.com/","directDownloadingLink":"http://dl.onesysutils.com/cpp/securerc/e4/cppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2942"}],"sampleFiles":["190729/CleanPCPro2018-180803/1.0.4.87/Samples/cppsetup.exe","190729/CleanPCPro2018-180803/1.0.4.87/Samples/rclr.exe","190729/CleanPCPro2018-180803/1.0.4.87/Samples/cppsetup (3.0.0.30).exe"],"imageFiles":["190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-055/inline_offer.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-003/acr_003.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-003/acr_003_1.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-010/inline_offer_in_app.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-010/inline_offer.PNG"],"nonDeceptorImageFiles":["190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-065/acr_065_IO.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-065/acr_065_LP.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-161/testimonials_io.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-088/acr_088.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-092/acr_092.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-099/acr_099_LP.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-099/acr_099_IO.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-150/internal_offer_page.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-171/acr_171.PNG","190729/CleanPCPro2018-180803/1.0.4.87/Images/ACR-171/internal_offer_page.PNG"],"guid":"0bc6efc7-568a-4db0-89d0-a8f6b9d9552f_1.0.4.87_1","appID":"CleanPCPro2018-180803","dateAdded":"190729","deceptorType":"App","name":"CleanPCPro2018","company":"pc speedup tools inc","version":"1.0.4.87","sigName":"Deceptor:Win32/CleanPCPro2018!003010055","lastKnownStatus":"Deceptor:1.0.4.87","lastKnownDate":"190729","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-07-29T20:35:03.0166138+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2047},{"violations":{"ACR-014":"The content presents untruthful information about PC errors caused by broken registry entries. It misleads user that downloading the offered app is needed to fix the unsubstantiated\n","ACR-016":"The download button doesn't redirect user to application's website, instead it download the application directly\n"},"nonDeceptorViolations":{"ACR-016":"The download button doesn't redirect user to application's website, instead it download the application directly\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Yahoo search \"Download the PC Repair Tool\"","reference":"","landingPage":"https://repair-windows.com/repair/How_To_Repair_PC_In_3_Simple_Steps/","ipv4":"","ipv6":"","sourceIndex":"2943"}],"sampleFiles":[],"imageFiles":["190729/repairwindowscom-190729/190729/Images/ACR-016/RepaireWindows_Com.PNG","190729/repairwindowscom-190729/190729/Images/ACR-014/RepaireWindows_Com_014.PNG"],"nonDeceptorImageFiles":["190729/repairwindowscom-190729/190729/Images/ACR-016/RepaireWindows_Com.PNG"],"guid":"eba197ff-e175-4575-aa59-62eee6d0799b_190729_1","appID":"repairwindowscom-190729","dateAdded":"190729","deceptorType":"Affiliate","name":"Repairwindows","company":"MediaSmart","version":"190729","sigName":"Deceptor:Affiliate/Repairwindows","lastKnownStatus":"190729","lastKnownDate":"190729","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows 7,Windows 8,Windows Vista,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","lastUpdate":"2019-07-29T18:03:24.1089819+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2141},{"violations":{"ACR-003":"The app shows gauges and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"ocbsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"One Click-Booster                                           ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"eaee20d4e3180aa0d0772c59173064d5","hashSHA1":"2827a26d7110f07f278e7b07c9dc9c7f47d32818","hashSHA256":"dda13f480c8c09c23c0c5ef5412c816d8db668b65d135e95d0f70b62f9948fc4","digitalCertThumbprint":"68226891FF5B66EF2BBE720218809ABA2DDEA94D","sourceIndex":"2944","avBlockList":["Avast Internet Security (20190513)","AVG Internet Security (20190513)","Avira Internet Security (20190513)","ESET Internet Security (20190513)","G DATA INTERNET SECURITY (20190513)","K7 Total Security (20190513)","Kaspersky Internet Security (20190513)","Malwarebytes Premium (20190513)","McAfee Total Protection (20190513)","Norton Security (20190513)","Panda Dome (20190513)","Sophos Home Premium (20190513)","Trend Micro Internet Security (20190513)","VirIT eXplorer PRO (20190513)","Webroot SecureAnywhere (20190513)","Windows Defender (20190513)","360 Total Security (20190513)","COMODO Antivirus (20190513)","Dr.Web Security Space (20190513)","Quick Heal Internet Security (20190513)","SpyHunter5 (20190415)"],"avAllowList":["Bitdefender Internet Security (20190513)","F-PROT Antivirus for Windows (20190415)","Tencent PC Manager (20190513)","VIPRE Advanced Security (20190513)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\One Click-Booster for DESKTOP-8QAR3KI\\rtc.exe","productName":"System Tool","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"e58c272ef79e4b54047470bf2f5f2db9","hashSHA1":"57cb86eb5c3f12ef1c9a8c1bedd2575e0d398048","hashSHA256":"9597aac0b92cab4e48f5ff6ed663f32418066f5c6c12bec1ca11392992130561","digitalCertThumbprint":"68226891FF5B66EF2BBE720218809ABA2DDEA94D","sourceIndex":"2944","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ocbsetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c3e2f26a48c1a9a5d3e41ba3f14c4b17","hashSHA1":"e55cb05612414380dad4ac45d1c0f007e7b7e90e","hashSHA256":"b9bffa1c84408cc0588fce5c4d8c7cdfdb32f6441637a9a2f7b1f6c012c48f97","digitalCertThumbprint":"7B3FE9C59C4394479D9AD23437E6504227A4BBE8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Care Tools, OU=PC Care TooIs, O=PC Care Tools, POBox=302017, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2944","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","Bitdefender Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ocbsetup (3.0.2.46).exe","isInstaller":"True","productVersion":"3.0.2.46","fileVersion":"3.0.2.46","hashMD5":"b044b98f777405c64f547fb00859f45f","hashSHA1":"74aeb89238bddcce2a6af919ee2616d7106c8a23","hashSHA256":"b78c43f1cb1f118cb126df02f6b84224ff746795133c828e84f6088dd193ac2b","digitalCertThumbprint":"C0D0512B66372F40B28A9134C5720EFA36CD0055","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADVANCED PC UTILITIES, OU=IT, O=ADVANCED PC UTILITIES, POBox=302004, STREET=13 SHIVAM APPARTMENT, L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2944","avBlockList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","Sophos Home Premium (20190905)","Tencent PC Manager (20190905)","Trend Micro Internet Security (20190905)","VIPRE Advanced Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ocbsetup (3.0.2.49).exe","isInstaller":"True","productVersion":"3.0.2.49","fileVersion":"3.0.2.49","hashMD5":"3f78a5ed44c2cc5951a30a240053cfab","hashSHA1":"d65154ed758f95169b0cfd610b19bbc04292b669","hashSHA256":"31a86a769f2a9b2fef8d2d2707a95cd9b9ce124785d0aeacaae2b84c7fdec863","digitalCertThumbprint":"30CA64E3299D8774A943E877BE1E2597072BDC97","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TWEAK PC TOOLS, OU=IT, O=TWEAK PC TOOLS, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2947","avBlockList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","COMODO Antivirus (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","Sophos Home Premium (20190905)","Trend Micro Internet Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)"],"avAllowList":["Bitdefender Internet Security (20190905)","Tencent PC Manager (20190905)","VIPRE Advanced Security (20190905)"]},{"isRevoked":"False","fileName":"ocbsetup (1.0.0.21).exe","isInstaller":"True","productVersion":"1.0.0.21","fileVersion":"1.0.0.21","hashMD5":"0cbe75dd7219d715e67a11e7401157a1","hashSHA1":"ca84a211166aa3f1e8fce3d633afef4dc319fe75","hashSHA256":"9759aa9dd83785810ab7b555934a9d468a3ed27d6d5922dfc2e4be2314d6e5d7","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2948","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Sophos Home Premium (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)","Norton Security (20190627)"],"avAllowList":["Avira Internet Security (20190627)","Bitdefender Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","Panda Dome (20190627)","Quick Heal Internet Security (20190627)","Tencent PC Manager (20190627)","Trend Micro Internet Security (20190627)","VIPRE Advanced Security (20190627)"]},{"isRevoked":"False","fileName":"ocbsetup (1.0.0.0) 2.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"b9363e5a3770ec2f5aa987d2466bc7b3","hashSHA1":"e93ac8bbd9ea0f99fdd034f854bae6d0280cb44b","hashSHA256":"42ad923c152a0d813db005c6291ae234191bc14d51878f2a03a99fd3067ecb92","digitalCertThumbprint":"7B3FE9C59C4394479D9AD23437E6504227A4BBE8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Care Tools, OU=PC Care TooIs, O=PC Care Tools, POBox=302017, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2949","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","Avira Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Norton Security (20190627)","Panda Dome (20190627)","Quick Heal Internet Security (20190627)","Sophos Home Premium (20190627)","Trend Micro Internet Security (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)"],"avAllowList":["Bitdefender Internet Security (20190627)","Tencent PC Manager (20190627)","VIPRE Advanced Security (20190627)"]},{"isRevoked":"False","fileName":"ocbsetup (1.0.0.58).exe","isInstaller":"True","productVersion":"1.0.0.58","fileVersion":"1.0.0.58","hashMD5":"281a6e38070fa9408498d3e05f3e01e7","hashSHA1":"af732e7519959ec378bca264ba5c1c3ff20f27c0","hashSHA256":"412196ad46b028c9678a0b6d613affb1659bd25ee57bc096f15ea22904330bd3","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2950","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Quick Heal Internet Security (20190701)","Sophos Home Premium (20190701)","Trend Micro Internet Security (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)","Norton Security (20190701)"],"avAllowList":["Bitdefender Internet Security (20190701)","G DATA INTERNET SECURITY (20190701)","Panda Dome (20190701)","Tencent PC Manager (20190701)","VIPRE Advanced Security (20190701)"]},{"isRevoked":"False","fileName":"ocbsetup (1.0.0.58) 2.exe","isInstaller":"True","productVersion":"1.0.0.58","fileVersion":"1.0.0.58","hashMD5":"ee61e15b5a8a39a7e4c075216ba638e8","hashSHA1":"94cc112553dff0f93cfd20b43545f9b2e64eacc5","hashSHA256":"728fe85e473c561e701287b28a479a874eb566c2e80826991fc543c455b2d354","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2951","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Norton Security (20190701)","Sophos Home Premium (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)"],"avAllowList":["Bitdefender Internet Security (20190701)","G DATA INTERNET SECURITY (20190701)","Panda Dome (20190701)","Quick Heal Internet Security (20190701)","Tencent PC Manager (20190701)","Trend Micro Internet Security (20190701)","VIPRE Advanced Security (20190701)"]},{"isRevoked":"False","fileName":"ocbsetup (1.0.0.21) 2.exe","isInstaller":"True","productVersion":"1.0.0.21","fileVersion":"1.0.0.21","hashMD5":"987be2db0a45d3b13606020195ab24ee","hashSHA1":"d66485726360633a37f68ffd3f52d54492bfdf93","hashSHA256":"0cf093bc715c3f5611dd2de4cdd15d3f48d50aa48249bee52c9a60a2e359b65e","digitalCertThumbprint":"0C97FAD2205B97B8EC62CBB0EA7B7DA172B5CBBC","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCLEAN TECHNOLOGIES, OU=IT, O=SYSCLEAN TECHNOLOGIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2953","avBlockList":["360 Total Security (20191017)","Avast Internet Security (20191017)","AVG Internet Security (20191017)","Avira Internet Security (20191017)","Bitdefender Internet Security (20191017)","COMODO Antivirus (20191017)","Dr.Web Security Space (20191017)","ESET Internet Security (20191017)","G DATA INTERNET SECURITY (20191017)","K7 Total Security (20191017)","Kaspersky Internet Security (20191017)","Malwarebytes Premium (20191017)","McAfee Total Protection (20191017)","Norton Security (20191017)","Panda Dome (20191017)","Quick Heal Internet Security (20191017)","Sophos Home Premium (20191017)","Tencent PC Manager (20191017)","Trend Micro Internet Security (20191017)","VIPRE Advanced Security (20191017)","VirIT eXplorer PRO (20191017)","Webroot SecureAnywhere (20191017)","Windows Defender (20191017)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ocbsetup (1.0.0.0) 3.exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c0c2fdb7afbedb91f7b79295b1c255b2","hashSHA1":"81d06e4dae4dc0ee6d28f296510a09b976c95bd2","hashSHA256":"cd8e0912f3dedf7238b6cf57c5c42de393d3d993d6b263dd4186fd73bf3e4da4","digitalCertThumbprint":"7B3FE9C59C4394479D9AD23437E6504227A4BBE8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Care Tools, OU=PC Care TooIs, O=PC Care Tools, POBox=302017, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"2957","avBlockList":["360 Total Security (20191017)","Avast Internet Security (20191017)","AVG Internet Security (20191017)","Avira Internet Security (20191017)","Bitdefender Internet Security (20191017)","COMODO Antivirus (20191017)","Dr.Web Security Space (20191017)","ESET Internet Security (20191017)","G DATA INTERNET SECURITY (20191017)","K7 Total Security (20191017)","Kaspersky Internet Security (20191017)","Malwarebytes Premium (20191017)","McAfee Total Protection (20191017)","Norton Security (20191017)","Panda Dome (20191017)","Quick Heal Internet Security (20191017)","Sophos Home Premium (20191017)","Tencent PC Manager (20191017)","Trend Micro Internet Security (20191017)","VIPRE Advanced Security (20191017)","VirIT eXplorer PRO (20191017)","Webroot SecureAnywhere (20191017)","Windows Defender (20191017)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"preferred PC protection utility\"","reference":"http://sjsystools.xyz/","landingPage":"http://sjsystools.xyz/","directDownloadingLink":"http://dl.sjsystools.xyz/ocb/securerc/sjsystools_xyz/ocbsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.sjsystools.xyz/ocb/securerc/sjsystools_xyz/ocbsetup.exe","sourceIndex":"2944"},{"howFound":"","reference":"","landingPage":"http://sjpcutils.club/","directDownloadingLink":"http://dl.sjpcutils.club/ocb/securerc/sjpcutils_club/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2945"},{"howFound":"","reference":"","landingPage":"http://awgmactools.club/","directDownloadingLink":"http://dl.awgmactools.club/ocb/securerc/awgmactools_club/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2946"},{"howFound":"","reference":"","landingPage":"http://tunepcsoftware.live/","directDownloadingLink":"http://dl.tunepcsoftware.live/ocb/securerc/tunepcsoftware_live/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2947"},{"howFound":"","reference":"","landingPage":"http://qbitspeedytool.xyz/","directDownloadingLink":"http://dl.qbitspeedytool.xyz/ocb/securerc/qbitspeedytool_xyz/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2948"},{"howFound":"","reference":"","landingPage":"http://sjsystemutils.xyz/","directDownloadingLink":"http://dl.sjsystemutils.xyz/ocb/securerc/sjsystemutils_xyz/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2949"},{"howFound":"","reference":"","landingPage":"http://sjsystemutils.club/","directDownloadingLink":"http://dl.sjsystemutils.club/ocb/securerc/sjsystemutils_club/ocbsetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","sourceIndex":"2950"},{"howFound":"","reference":"","landingPage":"http://sjsystemutils.live/","directDownloadingLink":"http://dl.sjsystemutils.live/ocb/securerc/sjsystemutils_live/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2951"},{"howFound":"","reference":"","landingPage":"http://www.qbitcleanup.xyz/","directDownloadingLink":"http://dl.qbitcleanup.xyz/ocb/securerc/qbitcleanup_xyz/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2952"},{"howFound":"","reference":"","landingPage":"http://qbitsystems.xyz/","directDownloadingLink":"http://dl.qbitsystems.xyz/ocb/securerc/qbitsystems_xyz/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2953"},{"howFound":"","reference":"","landingPage":"http://qbitspeedutils.xyz/","directDownloadingLink":"http://dl.qbitspeedutils.xyz/ocb/securerc/qbitspeedutils_xyz/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2954"},{"howFound":"","reference":"","landingPage":"http://qbitautofixclean.club/","directDownloadingLink":"http://dl.qbitautofixclean.club/ocb/securerc/qbitautofixclean_club/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2955"},{"howFound":"","reference":"","landingPage":"http://www.secure-pctools.fun/","directDownloadingLink":"http://dl.secure-pctools.fun/ocb/securerc/secure-pctools_fun/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2956"},{"howFound":"","reference":"","landingPage":"http://www.pccleantools.net/","directDownloadingLink":"http://dl.pccleantools.net/ocb/securerc/pccleantools_net/ocbsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2957"}],"sampleFiles":["190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup.exe","190725/OneClickBooster-190206/1.0.0.1/Samples/rtc.exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (1.0.0.0).exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (3.0.2.46).exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (3.0.2.49).exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (1.0.0.21).exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (1.0.0.0) 2.exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (1.0.0.58).exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (1.0.0.58) 2.exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (1.0.0.21) 2.exe","190725/OneClickBooster-190206/1.0.0.1/Samples/ocbsetup (1.0.0.0) 3.exe"],"imageFiles":["190725/OneClickBooster-190206/1.0.0.1/Images/ACR-003/003.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-003/003_2.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-003/003_3.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-004/003.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-004/004.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-010/010.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-168/003.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-168/168.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-084/084.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-055/010.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-059/010.png"],"nonDeceptorImageFiles":["190725/OneClickBooster-190206/1.0.0.1/Images/ACR-161/161.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-099/099.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-150/171_150.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-171/171_150.png","190725/OneClickBooster-190206/1.0.0.1/Images/ACR-171/171.png"],"guid":"660a6d79-6783-467f-a526-3b4478d4b17e_1.0.0.1_1","appID":"OneClickBooster-190206","dateAdded":"190725","deceptorType":"App","name":"One Click Booster","company":"Ab Reach TechnoIogies Private Limited","version":"1.0.0.1","sigName":"Deceptor:Win32/OneClickBooster!003004010055059084168","lastKnownStatus":"Deceptor:1.0.0.1","lastKnownDate":"190725","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-07-25T21:38:43.7138981+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin ","numInFamily":3,"numInAppID":1,"sortOrder":2126},{"violations":{"ACR-003":"Displays fake threat scamming message and scare user to download additional application to clean up.\n","ACR-014":"Display fake threat information via scamming message, thus scare user to download the additional application for monetizing\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Aggressive affiliate monitoring \"landing page\" contains WinTonic","reference":"WinTonic","landingPage":"https://tool.kundenbetreuung.tech/de/lp1/index.html?osversion=Windows%207&cep=6v6saOOdUi-4JNm25e3FDKAY2DiSVr3uWzCyiQKo9k1n5DRRODsglufeIiolJNJYIsAnhdtyUvOiJ07hnFG9kLSIXJarO4bnrREQh6io5SuAzpW9cD_lq0-WKeNxNX7po6q1aN458Z07mObiHPA87m18yeJbLi-xsjDhy1D73q2yp_C7KN7aJiyB6kk0LEGiGvFgWYLp2VOJ0E7kjelghhgOt9bztLyL16ENQ8Bp4Rwd9u4qY67NnT_jKoDHgIHLji0ugVLOQBzeOFh7JoY0qdeUEpkGdp5rWsGbGZsT6zILqo4NJEVM3fkOxsmJ7WuGP9DyqfXi4CGz5LDqa6R1Mj0V0pQgzLJHSchYV-c1M-oi17WE1cHS0jx4woCFB8dn&zone=298097&lang=DE&time=1557758658&campaign=152053020&ban=22663062&ssp=&udid=&org=Vereinigte%20Stadtwerke%20Media%20GmbH&advertiser=128334&clickid=15577586471533720442149137596120800","ipv4":"","ipv6":"","landingPageWildChar":"https://tool.kundenbetreuung.tech/*/lp1/index.html?*","sourceIndex":"2958"},{"howFound":"","reference":"","landingPage":"https://tool.kundenbetreuung.tech/de/lp1/index.html?osversion=Windows%207&cep=9KXPUX2JM7RsFu74hfZxOJ-Ofi6pDSziYxk3BCV5udOmJULiAGwvbdzJUCOe14m1RAr7y2xLfyGyqm0ExcMp025G-QPb0TAEptblHbui6CvYl9e88C3GvWPquHoiDpbhq-nG0VTYDD4KLNgbM_bSpVP9BEKE1FAhyqULNDg504PigTO4XeTMhWHgEEKhzPP8xf1MyywgrUsz6_xhm440nlROLxt23iXsc5HtZTSBBVXuVyop9Xem4DNrrp5_B23R3Rglzz1s6fZbTsWNeNJKynZSwaz6kxwe4u9UzPKD_r0BhJh76UTekl5KNfqi07-n6K8BchbmvLpBB3mzrt2rbLBVOl4hDDbJ8MOFrb5cFTM&zone=298097&lang=DE&time=1557876550&campaign=152053020&ban=22663062&ssp=&udid=&org=Genias%20Internet&advertiser=128334&clickid=15578765383585707595142689507619827","directDownloadingLink":"","ipv4":"","ipv6":"","landingPageWildChar":"https://tool.kundenbetreuung.tech/*/lp1/index.html?*","sourceIndex":"2959"},{"howFound":"","reference":"","landingPage":"https://tool.customer-service.tech/fr/lp1/index.html?osversion=Windows%2010&cep=ZPbsmf1lfW6kJXu6T8kEDwfbIx84MOkX5I8cIUlNplkv2lQl2GEIpQQrvuXMuk8tIALigh49bJjHEOcDY7nP1iyURlFL4f5sPgMpyH4UbHIeaqgf2BwHTa_2h3HWKTjN5HJlxOpEN1-t3eyU3HsuvDHyJDJlUuF2HAnd44rj5TPMWfSahL2jozC3YQbk2-oZPA8TJeuWM2VKkpDLlLC4vnTnH_hmE0GztRQiFzmhWIeGpOdmHhIBVN8YJz_dHl5zOBoVJ4udsK8Uqd_jHF7Ux0VXJ3BgxhGz0HlksGpUrlrMXnpEqKNnG3L6YZePtCTDAD0mfKJ-eBPlXDDvC5kABYhoCHq3zbHH4NseuOnHm48&zone=298097&lang=EN&time=1557750692&campaign=152052420&ban=22663060&ssp=&udid=&org=OVH%20Telecom&advertiser=128334&clickid=15577506801841181364068491268168782","ipv4":"","ipv6":"","landingPageWildChar":"https://tool.customer-service.tech/*/lp1/index.html?*","sourceIndex":"2960"},{"howFound":"","reference":"","landingPage":"https://tool.customer-service.tech/fr/lp1/index.html?osversion=Windows%207&cep=bwsQyDv1pvNeiOqAkwH7UOlOXLW8uv9WgJlNTNfSThqDrbYJBddMXO7uSmqUYD9r0I-cv1FSjPtqh2UogRYku3nj0CpPxGGnLQxJ5JrDkKmoW537l3m2NmhTgi2OB6CmkTlP_hKuBdhM56WaAXwnWzw0OXH6AJYAYaY2qFk_83MTO9NuRIjua2CjkEMsVWEDZitJzp-sqcAIIsc3kRGBZn9KScnCI_z7AF4ny2RsXbDhJ0J7HU273tXAfOsimyV9OuVCD03jRdbZuw1ApBtnh32NL_YWvxuYBh1AyTIma9iy_k5-EJf-oK0pxwZLmiGBYjKwBKYvDCrAzB2czsDC_wDrC16HzikacGN_9WjqvZ6xpAFXQs8V2Z4SB3BJ6rVDiTGPQAkDnCsWP19wW2y-PfJVfJT0rbpS9erL5_MVICo&zone=298097&lang=EN&time=1557857726&campaign=152052420&ban=22663060&ssp=&udid=&org=Societe%20Commerciale%20De%20Telecommunication%20Sct%20SAS&advertiser=128334&clickid=15578577133105302540123051929529367","ipv4":"","ipv6":"","landingPageWildChar":"https://tool.customer-service.tech/*/lp1/index.html?*","sourceIndex":"2961"},{"howFound":"","reference":"","landingPage":"https://tool.customer-service.solutions/en/lp1/index.html?osversion=Windows%2010&cep=DONQqCduquKzvrKbdC7LPqLTkqQOycQ5fwgvOFFfsYyaRZKfWKMHwm8RLXCp39AIYjj9epnl8iSuU1C7Xcc0j0EsTPmfmbxD4C07K0-4Xi1t4M02HXDdt4oq9RC5tpbm3gj2ubOxz7BjjDhiubqzM_Utz0VjzAysFzbxZIxamvhP366b77hNM1J5n7zh9WHJ3pW-VpofQ1tTImfceWRRQziy7Ir91iJ8cgwmhljxg4AMctOedscoWPoJDnK7zIt3pCL2bhAQySVsrC1RPNHN937vfQ-cCJThiD8BEyStD3adNyKtCpIHaGHrvcOnV620JViVBxfQj8Oj5pMa1Kn3ehQLjKPzenKpKR4u9w1spK4&zone=1282399&lang=EN&time=1558559387&campaign=152054220&ban=22663064&ssp=&udid=&org=Harbour%20ISP%20Pty&advertiser=128334&clickid=15585593581731669917013922043380680","ipv4":"","ipv6":"","landingPageWildChar":"https://tool.customer-service.solutions/en/lp1/*&cep=*","sourceIndex":"2962"},{"howFound":"PC key word in landing page monitoring","reference":"ditributing Xtron deceptor","landingPage":"https://tool.customer-services.online/_87.251.39.28/v2/index.html?&language=nl&os_name=Windows&&cep=_fp8FijoDP58jvLTIAcVG4nrEEWa6i8kzDAmrOtFjnChpbQyq4fbUKuCRCJ7BxNjmrIaOqD0RqNMyiSPbuf81tbHCzmgKmlWkwO8irERAQp4xKrRJP7nFqdj1TBqJ3FWTRsOq8aOsuDcAtQljbMiFDvsNuJwXWiDDQGW3Tz0cb7UKyK2ClrrmMR8Fc5kuZnVva1_2xjXcQiWr2ugq0uiXzQsaH-_Bpgl6g9fE5ZXgj9PDHy_LdRL3kY1uvgY5WNE12Gt8n6DJqBIFR2vwMJJGc9DlgJC4dDfiN0-SdnLb4ZJ9bPserwrz2DtIEPe0PV0XpJIw_TbulSSVkTVoH55X5yaf6V00tw0KMg5T7siYe84VMtgoy6rtpMDwjPV4T-oNddwZIL9UIkiftI16r8ICagxT6YYEBsaO3wH5-eHvXcJ_DBhELfJTlQ0Nz5wLs_x&lptoken=15c164d408516367908c&zone=1368301&time=1564084587&campaign=163718220&ban=22729596&ssp=&udid=&org=BIT%20BV&advertiser=128334&clickid=15640845301476077340189223518226544","ipv4":"","ipv6":"","landingPageWildChar":"https://tool.customer-services.online/*&cep=*","sourceIndex":"2963"}],"sampleFiles":[],"imageFiles":["190725/ToolTech-190516/190516/Images/ACR-003/2019-05-16_10-50-20_DriverTonic2.mp4","190725/ToolTech-190516/190516/Images/ACR-014/Affiliate_DriverTonic.PNG","190725/ToolTech-190516/190516/Images/ACR-014/Affiliate_DriverTonic_2.PNG"],"nonDeceptorImageFiles":[],"guid":"649e01f0-6ff8-4db5-b363-9f62269023d4_190516_1","appID":"ToolTech-190516","dateAdded":"190725","deceptorType":"Affiliate","name":"ToolTechScam","company":"ToolTech","version":"190516","sigName":"Deceptor:Affiliate/ToolTechScam","lastKnownStatus":"190725","lastKnownDate":"190725","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows Server,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-07-25T21:21:46.9865853+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2142},{"violations":{"ACR-042":"The Application automatically install another file named \"C:\\Program Files (x86)\\Hewlett-Packard\\iGKlPSetup\\iGKlP.exe\" without user's consent. \n","ACR-043":"The Application automatically install another file named \"C:\\Program Files (x86)\\Hewlett-Packard\\iGKlPSetup\\iGKlP.exe\" without user's consent. \n","ACR-003":"App exaggerates the state of system health with alarming colors and words like \"Attension\" and \"threats\" for non-alarming categories.\n","ACR-004":"The App requires customer to purchase the license key to fix the threats found during free scan. App's use of alarming colors and words in free scan results present an exaggerated sense of urgency.\n","ACR-084":"The application installs its own registry autorun to automatically run itself every system startup, without the user's consent.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, privacy policy. \nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, privacy policy. \nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy. \n","ACR-161":"The application's webpage displays testimonial but does not provide any links back to a source so they can be verified\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"The App's main executable does not have a digital signature.\n","ACR-157":"The App's main executable does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-167":"There is no Returns and Cancellation Policy information.\n"},"samples":[{"isRevoked":"False","fileName":"MSTS.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3cfae0f137ce345547fe1e6c618924d4","hashSHA1":"10cbb9b8f1a6fbeb23e706ab5b19629d43b90c7b","hashSHA256":"b5281324b60b168a237dad904ce92ee77bb7e0b90e13875ee3198dbd9bd56f47","digitalCertThumbprint":"27E247AC1E424BA8901E7A8B463F1A9C6947E52F","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=MS SOFT SOLUTIONS LTD, O=MS SOFT SOLUTIONS LTD, L=SMETHWICK, C=GB, SERIALNUMBER=10235449, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB","sourceIndex":"2964","avBlockList":["360 Total Security (20191014)","Avast Internet Security (20191014)","AVG Internet Security (20191014)","Avira Internet Security (20191014)","Bitdefender Internet Security (20191014)","COMODO Antivirus (20191014)","Dr.Web Security Space (20191014)","ESET Internet Security (20191014)","G DATA INTERNET SECURITY (20191014)","K7 Total Security (20191014)","Kaspersky Internet Security (20191014)","Malwarebytes Premium (20191014)","McAfee Total Protection (20191014)","Norton Security (20191014)","Panda Dome (20191014)","Quick Heal Internet Security (20191014)","Sophos Home Premium (20191014)","Tencent PC Manager (20191014)","Trend Micro Internet Security (20191014)","VIPRE Advanced Security (20191014)","VirIT eXplorer PRO (20191014)","Webroot SecureAnywhere (20191014)","Windows Defender (20191014)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MS SOFT SOLUTIONS LTD\\MS Total Security\\MSTS.exe","companyName":"MS SOFT SOLUTIONS LTD","fileVersion":"1.0","hashMD5":"7996f520a104243eda811819c9cee07c","hashSHA1":"c9608396965a32c8639b78fc593e84f10f1cabc8","hashSHA256":"b716e32703f9bd1a5929d9a2744076b6d7d559f533381771df228a09f9c278a3","sourceIndex":"2964","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Hewlett-Packard\\iGKlPSetup\\iGKlP.exe","companyName":"Hewlett-Packard","fileVersion":"1.0","hashMD5":"25cca539dbba76e23ad2cf12677622da","hashSHA1":"9303c3f8f75527c9c9d6e78ce98abea3dec04b89","hashSHA256":"441bc9e38328e5d49d0b26691c2f3ec676fba18506b8261a79587e2fce01b96e","sourceIndex":"2964","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Unified Solution For PC Security\"","reference":"http://www.mstotalsecurity.com/index.php#","landingPage":"http://www.mstotalsecurity.com/index.php#","directDownloadingLink":"http://www.mstotalsecurity.com/MSTS.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.mstotalsecurity.com/MSTS.exe","sourceIndex":"2964"}],"sampleFiles":["190722/MSTotalSecurity-190719/1.0.0.0/Samples/MSTS.exe","190722/MSTotalSecurity-190719/1.0.0.0/Samples/MSTS (main_exe).exe","190722/MSTotalSecurity-190719/1.0.0.0/Samples/iGKlP.exe"],"imageFiles":["190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-003/scan.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-003/main.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-004/004.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-004/main.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-084/autorun.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-168/main.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-043/install3.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-042/install3.png"],"nonDeceptorImageFiles":["190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-161/161.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-065/install.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-065/065.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-163/004.png","190722/MSTotalSecurity-190719/1.0.0.0/Images/ACR-163/call.png"],"guid":"30407744-b406-41d3-a688-8a231102ce37_1.0.0.0_1","appID":"MSTotalSecurity-190719","dateAdded":"190722","deceptorType":"App","name":"MS Total Security","company":"MS SOFT SOLUTIONS LTD","version":"1.0.0.0","sigName":"Deceptor:Win32/MSTotalSecurity!003004084168043042 ","lastKnownStatus":"Deceptor: 1.0.0.0","lastKnownDate":"190722","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-07-22T21:31:45.0935453+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2143},{"violations":{"ACR-003":"The app shows gauges and words \"problems\", \"errors\" & \"issues\" in red colors that indicates misleading urgency. Also, the app states the sentence \"Attention! (number) problems slow down your computer!\" , thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"The App implies that all issues has been fixed during the free fix provided, but when user perform re-scan the App shows new issues again. Also, the App shows a message that the system have number of problems even if the fix already shows zero total of errors.\n","ACR-124":"The option to continue uninstall is not obvious and clear, not presented as if it is clickable to continue uninstall.\n"},"nonDeceptorViolations":{"ACR-002":"The application landing page shows different names such as \"PC Speeder Pro\" and \"PC Booster Pro\".\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":" The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"pcspeederpro.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"PC Speeder Pro                                              ","productVersion":"1.0.0.0","fileVersion":"1.0.0.0     ","hashMD5":"1b2619f2434ab31800984c2c6435e2fa","hashSHA1":"60b69f1d5bbf93acc09754fe161cc860dc8b8108","hashSHA256":"f613372d39fe0caa70ac1c1da25199146b696cfdbcd4c9e7878468e171747d65","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2965","avBlockList":["360 Total Security (20191014)","Avast Internet Security (20191014)","AVG Internet Security (20191014)","Avira Internet Security (20191014)","Bitdefender Internet Security (20191014)","COMODO Antivirus (20191014)","Dr.Web Security Space (20191014)","ESET Internet Security (20191014)","G DATA INTERNET SECURITY (20191014)","K7 Total Security (20191014)","Kaspersky Internet Security (20191014)","Malwarebytes Premium (20191014)","McAfee Total Protection (20191014)","Norton Security (20191014)","Panda Dome (20191014)","Quick Heal Internet Security (20191014)","Sophos Home Premium (20191014)","Tencent PC Manager (20191014)","Trend Micro Internet Security (20191014)","VIPRE Advanced Security (20191014)","VirIT eXplorer PRO (20191014)","Webroot SecureAnywhere (20191014)","Windows Defender (20191014)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC Speeder Pro\\pcspeederpro.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"PC Speeder Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2daa51f3fab337f209b06c492f6eafc4","hashSHA1":"7187b00da116ba887b59e6916b77b59b4437420d","hashSHA256":"e0eb995acda50dbd344dd831e7fe04ab6cb4273ab986b1f01714a83eeb00da69","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2965","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search  \"PC Optimizer Tool\"","reference":"https://www.pcspeederpro.com/en/","landingPage":"https://www.pcspeederpro.com/en/","directDownloadingLink":"https://pcspeederpro.com/downloads/exe/sm/en/pcspeederpro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pcspeederpro.com/downloads/exe/sm/en/pcspeederpro.exe","sourceIndex":"2965"}],"sampleFiles":["190719/PCSpeederPro-190717/1.0/Samples/pcspeederpro.exe","190719/PCSpeederPro-190717/1.0/Samples/pcspeederpro (main_exe).exe"],"imageFiles":["190719/PCSpeederPro-190717/1.0/Images/ACR-003/scan.png","190719/PCSpeederPro-190717/1.0/Images/ACR-003/014.png","190719/PCSpeederPro-190717/1.0/Images/ACR-084/084.png","190719/PCSpeederPro-190717/1.0/Images/ACR-168/scan.png","190719/PCSpeederPro-190717/1.0/Images/ACR-168/014.png","190719/PCSpeederPro-190717/1.0/Images/ACR-168/124.png","190719/PCSpeederPro-190717/1.0/Images/ACR-014/014.png","190719/PCSpeederPro-190717/1.0/Images/ACR-124/124.png"],"nonDeceptorImageFiles":["190719/PCSpeederPro-190717/1.0/Images/ACR-161/161.png","190719/PCSpeederPro-190717/1.0/Images/ACR-099/about.png","190719/PCSpeederPro-190717/1.0/Images/ACR-165/165.png","190719/PCSpeederPro-190717/1.0/Images/ACR-165/165_2.png","190719/PCSpeederPro-190717/1.0/Images/ACR-163/014.png","190719/PCSpeederPro-190717/1.0/Images/ACR-163/124.png"],"guid":"e3aad49c-049b-4e0e-8f78-104292baeb3d_1.0_1","appID":"PCSpeederPro-190717","dateAdded":"190719","deceptorType":"App","name":"PC Speeder Pro","company":"Econosoft Global Services PTE. LTD.","version":"1.0","sigName":"Deceptor:Win32/PCSpeederPro!003084168014124 ","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190719","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-07-19T19:32:48.5629435+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2144},{"violations":{"ACR-003":"The app shows gauges and words \"problems\", \"errors\" & \"issues\" in red colors that indicates misleading urgency. Also, the app states the sentence \"Attention! (number) problems slow down your computer!\" , thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"The App implies that all issues has been fixed during the free fix provided, but when user perform re-scan the App shows new issues again. Also, the App shows a message that the system have number of problems even if the fix already shows zero total of errors.\n","ACR-124":"The option to continue uninstall is not obvious and clear, not presented as if it is clickable to continue uninstall.\n"},"nonDeceptorViolations":{"ACR-002":"The application shows a different name during installation process. It shows name \"Shark PC Protector\" instead of \"Advance PC Solutions\".\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Advance PC Solutions\\advpcsolutions.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"Advance PC Solutions","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"9c40763a8d36d9f7b6f8c12ff435afa0","hashSHA1":"196397817e6a5a56bee7804973451d271b8da487","hashSHA256":"01b28538c520c2bd97c4dc77eac7ab10ffdb05b5ca00e9574fcbe16667a74d54","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2970","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"advpcsolutions.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"Advance PC Solutions                                        ","productVersion":"1.0","fileVersion":"1.0  ","hashMD5":"f00db0d5b4d79d1c228757d98aff56e9","hashSHA1":"941825584e0c8d068c4fcb1bd271b7162dfccae7","hashSHA256":"b20b72cc21dea4c683a4af527cd64f7aee2d8721558c946aff0808a8d54ec235","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2970","avBlockList":["360 Total Security (20191007)","Avast Internet Security (20191007)","AVG Internet Security (20191007)","Avira Internet Security (20191007)","Bitdefender Internet Security (20191007)","COMODO Antivirus (20191007)","Dr.Web Security Space (20191007)","ESET Internet Security (20191007)","G DATA INTERNET SECURITY (20191007)","K7 Total Security (20191007)","Kaspersky Internet Security (20191007)","Malwarebytes Premium (20191007)","McAfee Total Protection (20191007)","Norton Security (20191007)","Panda Dome (20191007)","Quick Heal Internet Security (20191007)","Sophos Home Premium (20191007)","Tencent PC Manager (20191007)","Trend Micro Internet Security (20191007)","VIPRE Advanced Security (20191007)","VirIT eXplorer PRO (20191007)","Webroot SecureAnywhere (20191007)","Windows Defender (20191007)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"SYSTEM JUNK REMOVER\"","reference":"https://www.advancepcsolutions.com/","landingPage":"https://www.advancepcsolutions.com/","directDownloadingLink":"https://advancepcsolutions.com/downloads/exe/sm/en/advpcsolutions.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://advancepcsolutions.com/downloads/exe/sm/en/advpcsolutions.exe","sourceIndex":"2970"}],"sampleFiles":["190711/AdvancePCSolutions-190628/1.0/Samples/advpcsolutions (main_exe) .exe","190711/AdvancePCSolutions-190628/1.0/Samples/advpcsolutions.exe"],"imageFiles":["190711/AdvancePCSolutions-190628/1.0/Images/ACR-003/003.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-003/003_2.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-003/014.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-084/084.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-168/003.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-168/003_2.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-168/014.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-168/124.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-124/124.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-014/014.png"],"nonDeceptorImageFiles":["190711/AdvancePCSolutions-190628/1.0/Images/ACR-002/003.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-002/124.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-161/161.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-099/about.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-163/003_2.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-163/014.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-165/offer.png","190711/AdvancePCSolutions-190628/1.0/Images/ACR-165/price.png"],"guid":"f9024300-e01f-4146-9959-0e53ad218344_1.0_1","appID":"AdvancePCSolutions-190628","dateAdded":"190711","deceptorType":"App","name":"Advance PC Solutions","company":"Econosoft Global Services PTE. LTD.","version":"1.0","sigName":"Deceptor:Win32/AdvancePCSolutions!003014084124168","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2147},{"violations":{"ACR-003":" The app shows gauges and words \"problems\", \"errors\" & \"issues\" in red colors that indicates misleading urgency. Also, the app states the sentence \"Attention! (number) problems slow down your computer!\" , thereby misleading or scaring user to take action. \n","ACR-084":" The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface. \n","ACR-168":" The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user. \n","ACR-014":" The App implies that all issues has been fixed during the free fix provided, but when user perform re-scan the App shows new issues again. Also, the App shows a message that the system have number of problems even if the fix already shows zero total of errors. \n","ACR-124":" The option to continue uninstall is not obvious and clear, not presented as if it is clickable to continue uninstall. \n"},"nonDeceptorViolations":{"ACR-161":" The application's landing page displays testimonials but does not provide any links back to a source so they can be verified. \n","ACR-163":" The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option. \n","ACR-099":" The application has no link or information that shows how it can be uninstalled. \n"},"samples":[{"isRevoked":"False","fileName":"pcboosterpro.exe","isInstaller":"True","companyName":"Econosoft Global Services Pte. Ltd.                         ","productName":"PC Booster Pro                                              ","productVersion":"1.0","fileVersion":"1.0","hashMD5":"412a003dc40811ccca14240a2f4c50a1","hashSHA1":"305c957b5351c1ea1e8f28f192b6bdcff7cf2fad","hashSHA256":"82cb938b37c4532e25d9044e0f19060846fe7f7ffa2227491540877c76e6936e","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2969","avBlockList":["360 Total Security (20191007)","Avast Internet Security (20191007)","AVG Internet Security (20191007)","Avira Internet Security (20191007)","Bitdefender Internet Security (20191007)","COMODO Antivirus (20191007)","Dr.Web Security Space (20191007)","ESET Internet Security (20191007)","G DATA INTERNET SECURITY (20191007)","K7 Total Security (20191007)","Kaspersky Internet Security (20191007)","Malwarebytes Premium (20191007)","McAfee Total Protection (20191007)","Norton Security (20191007)","Panda Dome (20191007)","Quick Heal Internet Security (20191007)","Sophos Home Premium (20191007)","Tencent PC Manager (20191007)","Trend Micro Internet Security (20191007)","VIPRE Advanced Security (20191007)","VirIT eXplorer PRO (20191007)","Webroot SecureAnywhere (20191007)","Windows Defender (20191007)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC Booster Pro\\pcboosterpro.exe","companyName":"Econosoft Global Services Pte. Ltd.","productName":"PC Booster Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a98cbbb11efc39daa0d91e0832d6c469","hashSHA1":"b0c851ade76e3827be0d542fbad3e85fef484a79","hashSHA256":"867feb9afdfb4910276deb4e1b65573dee9402a6d50bfc8c4d4d00ee602513fb","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"2969","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"system junk remover\"","reference":"https://pcboosterpro.net/en/","landingPage":"https://pcboosterpro.net/en/","directDownloadingLink":"https://pcboosterpro.net/downloads/exe/sm/en/pcboosterpro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pcboosterpro.net/downloads/exe/sm/en/pcboosterpro.exe","sourceIndex":"2969"}],"sampleFiles":["190711/PCBoosterPro-190628/1.0/Samples/pcboosterpro.exe","190711/PCBoosterPro-190628/1.0/Samples/pcboosterpro (main_exe).exe"],"imageFiles":["190711/PCBoosterPro-190628/1.0/Images/ACR-003/003.png","190711/PCBoosterPro-190628/1.0/Images/ACR-003/003_2.png","190711/PCBoosterPro-190628/1.0/Images/ACR-014/003_2.png","190711/PCBoosterPro-190628/1.0/Images/ACR-168/003.png","190711/PCBoosterPro-190628/1.0/Images/ACR-168/003_2.png","190711/PCBoosterPro-190628/1.0/Images/ACR-168/124.png","190711/PCBoosterPro-190628/1.0/Images/ACR-124/124.png","190711/PCBoosterPro-190628/1.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["190711/PCBoosterPro-190628/1.0/Images/ACR-163/003_2.png","190711/PCBoosterPro-190628/1.0/Images/ACR-163/124.png","190711/PCBoosterPro-190628/1.0/Images/ACR-161/161.png","190711/PCBoosterPro-190628/1.0/Images/ACR-165/price.png","190711/PCBoosterPro-190628/1.0/Images/ACR-165/offer.png","190711/PCBoosterPro-190628/1.0/Images/ACR-099/about.png"],"guid":"80903b9d-7acf-4528-a4c4-a7fc69da48c6_1.0_1","appID":"PCBoosterPro-190628","dateAdded":"190711","deceptorType":"App","name":"PC Booster Pro","company":"Econosoft Global Services PTE. LTD.","version":"1.0","sigName":"Deceptor:Win32/PCBoosterPro!003014084124168","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190711","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-07-11T21:03:58.175485+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2146},{"violations":{"ACR-048":"App remaps the close functionality.\n","ACR-003":"The application reports outdated drivers as obsolete, stating Outdated drivers impact overall stability of the system. This exaggerated and unsubstantiated claim drives a false sense of urgency with the consumer.  App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-150":"The app displays star awards from Tucows, CNET, Tech Radar and Software.Informer that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Advanced Driver Booster\\adb.exe","companyName":"advanceddriverbooster.com","productName":"Advanced Driver Booster","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ceed32f36ba459465d4aed9b9313814d","hashSHA1":"20a6369f0f389914b656169781fdd4f2c6d45ca5","hashSHA256":"8e4729b3b6f07b23dabf1d6370990ffdcb2fb3d4fbbfb468aa3853baf7b93ac8","digitalCertThumbprint":"0FA2246E3470284C290D7CBD8E8F87366456C75F","sourceIndex":"2966","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"drvdubstrsite.exe","isInstaller":"True","companyName":"advanceddriverbooster.com                                   ","productName":"Advanced Driver Booster                                     ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0","hashMD5":"7d46a7f77463320d6a49e3b943659faf","hashSHA1":"d1b0bc7f8c6aa6a0b940eca8e3f44b4054c0eadf","hashSHA256":"936e64dfb9acca2d79de09bd08c3ba5ee3fc5de3c761a6bae85156f57d8ad557","digitalCertThumbprint":"0FA2246E3470284C290D7CBD8E8F87366456C75F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=QUANTUM TECHNOLOGIES, OU=it, O=QUANTUM TECHNOLOGIES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2966","avBlockList":["360 Total Security (20191007)","Avast Internet Security (20191007)","AVG Internet Security (20191007)","Avira Internet Security (20191007)","Dr.Web Security Space (20191007)","ESET Internet Security (20191007)","G DATA INTERNET SECURITY (20191007)","K7 Total Security (20191007)","Kaspersky Internet Security (20191007)","Malwarebytes Premium (20191007)","McAfee Total Protection (20191007)","Norton Security (20191007)","Panda Dome (20191007)","Quick Heal Internet Security (20191007)","Sophos Home Premium (20191007)","Trend Micro Internet Security (20191007)","VirIT eXplorer PRO (20191007)","Webroot SecureAnywhere (20191007)","Windows Defender (20191007)"],"avAllowList":["Bitdefender Internet Security (20191007)","COMODO Antivirus (20191007)","Tencent PC Manager (20191007)","VIPRE Advanced Security (20191007)"]}],"additionalFiles":[],"sources":[{"howFound":"recommended app of Adroit System Care","reference":"http://advanceddriverbooster.com/","landingPage":"http://advanceddriverbooster.com/","directDownloadingLink":"https://webcf.advanceddriverbooster.com/adbstr/builds/securedu/drvdubstrsite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://webcf.advanceddriverbooster.com/adbstr/builds/securedu/drvdubstrsite.exe","sourceIndex":"2966"}],"sampleFiles":["190711/AdvancedDriverBooster-190709/1.0.0.0/Samples/adb.exe","190711/AdvancedDriverBooster-190709/1.0.0.0/Samples/drvdubstrsite.exe"],"imageFiles":["190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-003/scan.png","190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-003/main.png","190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-004/scan.png","190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-048/048.png","190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-161/161.png","190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-150/150.png","190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-171/150.png","190711/AdvancedDriverBooster-190709/1.0.0.0/Images/ACR-171/171.png"],"guid":"49558f03-4248-4624-9a03-683ad9660680_1.0.0.0_1","appID":"AdvancedDriverBooster-190709","dateAdded":"190711","deceptorType":"App","name":"Advanced Driver Booster","company":"QUANTUM TECHNOLOGIES","version":"1.0.0.0","sigName":"Deceptor:Win32/AdvancedDriverBooster!003004048084","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190711","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-07-11T21:10:06.1645007+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2148},{"violations":{"ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Softonic that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"adscsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Adroit System Care                                          ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"2cca374c3d918f042d3cf2a300d17ca0","hashSHA1":"9f08467ff9d521b34348539c6160c66dabdbf9c9","hashSHA256":"be994b1d0f5a455cc6cf73012a0047b88cad92e4926045ddebd1a889fbde24c6","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","sourceIndex":"2967","avBlockList":["360 Total Security (20191007)","Avast Internet Security (20191007)","AVG Internet Security (20191007)","Avira Internet Security (20191007)","Bitdefender Internet Security (20191007)","COMODO Antivirus (20191007)","Dr.Web Security Space (20191007)","ESET Internet Security (20191007)","G DATA INTERNET SECURITY (20191007)","K7 Total Security (20191007)","Kaspersky Internet Security (20191007)","Malwarebytes Premium (20191007)","McAfee Total Protection (20191007)","Norton Security (20191007)","Panda Dome (20191007)","Quick Heal Internet Security (20191007)","Sophos Home Premium (20191007)","Tencent PC Manager (20191007)","Trend Micro Internet Security (20191007)","VIPRE Advanced Security (20191007)","VirIT eXplorer PRO (20191007)","Webroot SecureAnywhere (20191007)","Windows Defender (20191007)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Adroit System Care_<username>\\rgcl.exe","productName":"Booster Application","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"838b8c7fe640cfbe1e6b86a8a22e14f9","hashSHA1":"6627cbee2af99eb7f3fb081cbba7621514c50930","hashSHA256":"2882122c14af077c2b560dd225f09184c5fd62ea9bc1c90ce716a0c3d09148cf","digitalCertThumbprint":"06E0C4223C29D3FA8FE97925417F9D2F00F3E829","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=INTELLECT SOFTWARES, OU=it, O=INTELLECT SOFTWARES, POBox=302039, STREET=\"Plot No: 31, Maharaja Colony, P.N.B wali gali, Sikar Road\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"2967","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"To fix these, you need to purchase the activation key\"","reference":"http://www.clean-pcfast.xyz/","landingPage":"http://www.clean-pcfast.xyz/","directDownloadingLink":"http://dl.clean-pcfast.xyz/adsc/srcbulid/clean-pcfast_xyz/adscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.clean-pcfast.xyz/adsc/srcbulid/clean-pcfast_xyz/adscsetup.exe","sourceIndex":"2967"}],"sampleFiles":["190711/AdroitSystemCare-190708/1.0.0.0/Samples/adscsetup.exe","190711/AdroitSystemCare-190708/1.0.0.0/Samples/rgcl.exe"],"imageFiles":["190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-048/003_048.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-003/003.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-003/main.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-003/003_2.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-003/003_048.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-004/003.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-004/150_171.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-084/084.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-168/168.png"],"nonDeceptorImageFiles":["190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-161/161.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-099/099.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-150/150_171.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-171/150_171.png","190711/AdroitSystemCare-190708/1.0.0.0/Images/ACR-171/171.png"],"guid":"9337fabd-7bbc-40e5-a0fe-6d10670c56ff_1.0.0.0_1","appID":"AdroitSystemCare-190708","dateAdded":"190711","deceptorType":"App","name":"Adroit System Care","company":"INTELLECT SOFTWARES","version":"1.0.0.0","sigName":"Deceptor:Win32/AdroitSystemCare!003004048084168","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2149},{"violations":{"ACR-003":"The application reports identified system problems by using the color gradient \"red\" to show a sense of urgency, indicating the performance improvement is high which is not substantiate.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App uses the color red in free scan results present an exaggerated sense of urgency.\n","ACR-017":"App uses the Intel Software partner in the product image as if this company endorsed the app instead of the vendor.\n","ACR-014":"App misleads user that some files detected are malware. Also, it uses gradient color bar presents the not truthful result about the system.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, privacy policy. \nThere are no links that shows the app's EULA and/or Terms of Service and Returns and Cancellation Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-017":"App uses the Intel Software partner in the landing page as if this company endorsed the app instead of the vendor.\n"},"samples":[{"isRevoked":"False","fileName":"StrongholdAntiMalware.exe","isInstaller":"True","companyName":"Security Stronghold                                         ","productName":"Stronghold AntiMalware                                      ","productVersion":"1.2","fileVersion":"1.2","hashMD5":"d7f965c1d515fcd6019a0155181079be","hashSHA1":"6474149b8f05b47fdc61e728344618fdc0703b41","hashSHA256":"64e928473b552afdcb135caa5e8b5fdf3283b1c4f5b83596c7351cc0e5b0d1a4","digitalCertThumbprint":"A124DECD64B89E3E2E26D1966371C9A482FF4DBB","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"","sourceIndex":"2968","avBlockList":["Avast Internet Security (20191007)","AVG Internet Security (20191007)","Avira Internet Security (20191007)","ESET Internet Security (20191007)","G DATA INTERNET SECURITY (20191007)","K7 Total Security (20191007)","Kaspersky Internet Security (20191007)","Malwarebytes Premium (20191007)","McAfee Total Protection (20191007)","Norton Security (20191007)","Panda Dome (20191007)","Quick Heal Internet Security (20191007)","Sophos Home Premium (20191007)","Trend Micro Internet Security (20191007)","VirIT eXplorer PRO (20191007)","Webroot SecureAnywhere (20191007)","Windows Defender (20191007)"],"avAllowList":["360 Total Security (20191007)","Bitdefender Internet Security (20191007)","COMODO Antivirus (20191007)","Dr.Web Security Space (20191007)","Tencent PC Manager (20191007)","VIPRE Advanced Security (20191007)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Stronghold AntiMalware\\StrongholdAntiMalware.exe","companyName":"Security Stronghold","productName":"Stronghold AntiMalware","productVersion":"2.3.0.1","fileVersion":"2.3.0.1","hashMD5":"1a874a09ddefe0bf4be9dbc64a8b8ce7","hashSHA1":"79ef1061562e3778c9be16cce76ff1340817cf6d","hashSHA256":"eb6ccdf26af2bff89e56dd8a22d6663a584f544d305faa2db488818cd6e43fad","digitalCertThumbprint":"A124DECD64B89E3E2E26D1966371C9A482FF4DBB","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"WireGeo, LLC\", OU=Software Development, O=\"WireGeo, LLC\", POBox=414056, STREET=\"69-16/1, 28 Army Street\", L=Astrakhan, S=Astrakhan region, PostalCode=414056, C=RU","sourceIndex":"2968","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"PC Optimizer\"","reference":"https://www.securitystronghold.com/gates/remove-quick-pc-optimizer.html","landingPage":"https://www.securitystronghold.com/","directDownloadingLink":"https://www.securitystronghold.com/products/StrongholdAntiMalware.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.securitystronghold.com/products/StrongholdAntiMalware.exe","sourceIndex":"2968"}],"sampleFiles":["190711/StrongholdAntiMalware-190702/1.2.0.0/Samples/StrongholdAntiMalware.exe","190711/StrongholdAntiMalware-190702/1.2.0.0/Samples/StrongholdAntiMalware (main_exe).exe"],"imageFiles":["190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-003/003.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-004/003.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-004/004.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-004/order.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-014/014.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-014/scan.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-017/main.png"],"nonDeceptorImageFiles":["190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-099/about.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-099/099_065.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-065/about.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-065/099_065.png","190711/StrongholdAntiMalware-190702/1.2.0.0/Images/ACR-017/order.png"],"guid":"36080050-9f08-4a43-999b-1fcd89e36cd7_1.2.0.0_1","appID":"StrongholdAntiMalware-190702","dateAdded":"190711","deceptorType":"App","name":"Stronghold AntiMalware","company":"WireGeo, LLC","version":"1.2.0.0","sigName":"Deceptor:Win32/StrongholdAntimalware!003004014017","lastKnownStatus":"Deceptor:1.2.0.0","lastKnownDate":"190711","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-07-11T21:05:45.7806939+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2145},{"violations":{"ACR-004":"App shows free scan results but does not provide free fixes for its subscription-based service.\n"},"nonDeceptorViolations":{"ACR-171":"App does not pre-disclose that the offer is a subscription.\n"},"samples":[{"isRevoked":"False","fileName":"msr_msite.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"90b8c9e8398ac577adc1ea098a89488b","hashSHA1":"f0f210f15229a8dae5d5ccda94c5ada72130dbdd","hashSHA256":"c7baeaae09d6d779d4ddfc3426416663fc310115b45ef85ed498d2077d3a4135","digitalCertThumbprint":"AE 00 4E 8D 29 C4 79 CA 4F 2B D4 30 A5 EC 98 11 C4 26 11 E9 08 97 68 3E 9B F6 A9 69 65 EB F5 FE","digitalCertIssuer":"Apple Certification Authority","digitalCertIssuedTo":"Rahul Gahlot (RZ74UYT742)","sourceIndex":"2770","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"hazel ref.","landingPage":"http://macspacereviver.com/","directDownloadingLink":"http://cdn.macspacereviver.com/msr/builds/msr_msite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.macspacereviver.com/msr/builds/msr_msite.pkg","sourceIndex":"2770"}],"sampleFiles":["190618/MacSpaceReviver-190213/1.5.0/Samples/msr_msite.pkg"],"imageFiles":["190618/MacSpaceReviver-190213/1.5.0/Images/ACR-004/Shows free scan results.png","190618/MacSpaceReviver-190213/1.5.0/Images/ACR-004/Reocurring payment for free scan results.png","190618/MacSpaceReviver-190213/1.5.0/Images/ACR-004/Offer for free results.png"],"nonDeceptorImageFiles":["190618/MacSpaceReviver-190213/1.5.0/Images/ACR-171/Reocurring payment for free scan results.png"],"guid":"bad276c1-6798-4962-9638-5f4f3b7926f4_1.5.0_1","appID":"MacSpaceReviver-190213","dateAdded":"190618","deceptorType":"MacOS App","name":"Mac Space Reviver","company":"Mac Space Reviver","version":"1.5.0","sigName":"Deceptor:MacOS/MacSpaceRevivier!004","firstResolvedDate":"190919","firstResolvedVersion":"1.5.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.4.0;1.5.0","lastKnownDate":"190618","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-09-19T23:06:28.5226503+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2170},{"violations":{"ACR-004":"App shows free scan results but does not provide free fixes for its subscription-based service.\n"},"nonDeceptorViolations":{"ACR-171":"App does not pre-disclose that the offer is a subscription.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Space Reviver","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"6e710b1be6393513b6522e2e6d89ab6cabb15ad9c24aa4c4bd2a7984498bd3eb","sourceIndex":"2769","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"msr_msite.pkg","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9b993f6db84d594e3a08d3333409a8c1853419e5292c27090a2e232cf57433ce","sourceIndex":"2769","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"hazel ref.","landingPage":"http://macspacereviver.com/","directDownloadingLink":"http://cdn.macspacereviver.com/msr/builds/msr_msite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.macspacereviver.com/msr/builds/msr_msite.pkg","sourceIndex":"2769"}],"sampleFiles":["190618/MacSpaceReviver-190213/1.4.0/Samples/Mac Space Reviver","190618/MacSpaceReviver-190213/1.4.0/Samples/msr_msite.pkg"],"imageFiles":["190618/MacSpaceReviver-190213/1.4.0/Images/ACR-004/acr-004 shows free scan results but charges to fix  upsells ongoing service.png","190618/MacSpaceReviver-190213/1.4.0/Images/ACR-004/acr-004 free scan but charge for fix.png","190618/MacSpaceReviver-190213/1.4.0/Images/ACR-004/ACR-071 no predisclosure of recurring.png"],"nonDeceptorImageFiles":[],"guid":"bad276c1-6798-4962-9638-5f4f3b7926f4_1.4.0_1","appID":"MacSpaceReviver-190213","dateAdded":"190618","deceptorType":"MacOS App","name":"Mac Space Reviver","company":"Mac Space Reviver","version":"1.4.0","sigName":"Deceptor:MacOS/MacSpaceReviver!004","firstResolvedDate":"190919","firstResolvedVersion":"1.5.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.4.0;1.5.0","lastKnownDate":"190618","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-09-19T23:07:17.7679428+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2169},{"violations":{"ACR-003":"The application exaggerates registry keys as problems using a voice prompt when the scan is completed, thereby misleading or scaring user to take action.\n","ACR-004":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Jawego Partners LLC\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses Jawego support to monetize the app\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens with information stating that the consumer can get the app at 50% off.\n","ACR-171":"The consumer is required to opt-out of additional payment for disk tools plus which was not pre-disclosed.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"scupsetup_site.exe","isInstaller":"True","companyName":"www.supercleanup.com/                                       ","productName":"Super Cleanup","productVersion":"7.27.0.928","fileVersion":"7.27.0.928","hashMD5":"efb9484d8b140091e00d22643b0ac344","hashSHA1":"24c3b2da5704f8a475bff9d7dde82e048abf59ee","hashSHA256":"bed4bf99a18b0c147e5f386227ab4b159a5cb5276b82cf6fa9cbc2cae4528881","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2551","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)","Windows Defender (20190203)"],"avAllowList":["Bitdefender Internet Security (20190203)","Trend Micro Internet Security (20190203)"]},{"isRevoked":"False","fileName":"supercleanup.exe","companyName":"supercleanup.com","productName":"Super Cleanup","productVersion":"7.27.0.928","fileVersion":"7.27.0.928","hashMD5":"3e7b6554caa137ad0d4177c9a2436274","hashSHA1":"d58747b60e44d1f5fef44328904c0f939bbb7b06","hashSHA256":"3ad91378cbb823824858a6f9f5c4928dddb3c5fddb74c2abcb0063493cb7031d","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2551","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"scupsetup_site (7.27.0.928) 2.exe","isInstaller":"True","companyName":"www.supercleanup.com/                                       ","productVersion":"7.27.0.928","fileVersion":"7.27.0.928","hashMD5":"618fa70501ca2eff92191f0eb230f0f8","hashSHA1":"d5fa57a98204433541aeead487cdb2a9b0ce35a6","hashSHA256":"0938f63e7b74ec366ab77500f8bc59cdbe88d476c716e54484c4be5d9d9fd3a7","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2552","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc cleaner\"","landingPage":"http://www.supercleanup.com/default","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/supercleanup/setups/scupsetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/supercleanup/setups/scupsetup_site.exe","sourceIndex":"2551"},{"howFound":"","reference":"","landingPage":"http://www.supercleanup.com","directDownloadingLink":"http://b34df4ra1.vo.llnwd.net/jp/supercleanup/setups/scupsetup_site.exe","ipv4":"","ipv6":"","sourceIndex":"2552"}],"sampleFiles":["190618/SuperCleanup-180426/7.27.0.928/Samples/scupsetup_site.exe","190618/SuperCleanup-180426/7.27.0.928/Samples/supercleanup.exe","190618/SuperCleanup-180426/7.27.0.928/Samples/scupsetup_site (7.27.0.928) 2.exe"],"imageFiles":["190618/SuperCleanup-180426/7.27.0.928/Images/ACR-003/ACR_003_SOFTWARE.mp4","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-003/ACR-003_software.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-003/ACR-003_software1.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-084/ACR-084_software.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-004/1-004.png","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-004/004.png","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-004/004_2.png"],"nonDeceptorImageFiles":["190618/SuperCleanup-180426/7.27.0.928/Images/ACR-065/ACR-065_software.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-161/ACR-161_software.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-161/ACR-161_software1.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-163/ACR-163_landingpage.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-088/ACR-088_software.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-092/ACR-092_software.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-160/ACR-160_software.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-099/ACR-099_software.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-099/ACR-099_internaloffer.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-168/ACR-168_landingpage.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-120/ACR-120_uninstall.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-171/ACR-171_internaloffer.JPG","190618/SuperCleanup-180426/7.27.0.928/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"3278a7ec-a74e-48e1-866f-61a0479b4429_7.27.0.928_1","appID":"SuperCleanup-180426","dateAdded":"190618","deceptorType":"App","name":"Super Cleanup","company":"www.supercleanup.com","version":"7.27.0.928","sigName":"Deceptor:Win32/SuperCleanup!003084004","lastKnownStatus":"Deceptor:7.27.0.928","lastKnownDate":"190618","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-02-04T00:41:58.5180868+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2168},{"violations":{"ACR-003":"The application exaggerates registry keys with medium severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-004":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix.\t\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n","ACR-014":"App results show an intent to deceive the consumer by implying that improvement potential could be \"medium\" or \"high\" for registry items. Also, because the (i) icon next to improvement potential is not accessible, there is no way for the consumer to substantiate the claim.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Jawego Partners LLC\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get 50% discount for the same program.\n","ACR-171":"The consumer is required to opt-out of additional payment for Disk Tools Plus which was not pre-disclosed.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"pcpboostersetup_site.exe","isInstaller":"True","companyName":"www.pcpowerboost.com/                                       ","productName":"PC Power Booster","productVersion":"4.18.9.1004","fileVersion":"4.18.9.1004","hashMD5":"faa1024e9cec8a32d629f55649e64918","hashSHA1":"18ca2c7ba9ab8e34d02865285db6e261a96c7724","hashSHA256":"b990a8af0f78f2b34c2873e5f72dddb8aa86b86b5164e17533091e2f84ba904c","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2980","avBlockList":["360 Total Security (20190912)","Avast Internet Security (20190912)","AVG Internet Security (20190912)","Avira Internet Security (20190912)","Bitdefender Internet Security (20190912)","COMODO Antivirus (20190912)","Dr.Web Security Space (20190912)","ESET Internet Security (20190912)","G DATA INTERNET SECURITY (20190912)","K7 Total Security (20190912)","Kaspersky Internet Security (20190912)","Malwarebytes Premium (20190912)","McAfee Total Protection (20190912)","Norton Security (20190912)","Panda Dome (20190912)","Quick Heal Internet Security (20190912)","Sophos Home Premium (20190912)","VIPRE Advanced Security (20190912)","VirIT eXplorer PRO (20190912)","Webroot SecureAnywhere (20190912)","Windows Defender (20190912)"],"avAllowList":["Tencent PC Manager (20190912)","Trend Micro Internet Security (20190912)"]},{"isRevoked":"False","fileName":"PCPowerBooster.exe","companyName":"pcpowerboost.com","productName":"PC Power Booster","productVersion":"4.18.9.1004","fileVersion":"4.18.9.1004","hashMD5":"4be2d5ebf8a36228657058c540f8ead2","hashSHA1":"cd60313888af7695cbe8affd6032908723dd032c","hashSHA256":"de30f44fbcffcf0aa61426105c1cdbbf6606276543f7d64a9b5d9abd3cf50e82","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2980","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcpboostersetup_site (4.18.9.1004) 2.exe","isInstaller":"True","companyName":"www.pcpowerboost.com/                                       ","productVersion":"4.18.9.1004","fileVersion":"4.18.9.1004","hashMD5":"ac390ac8e2a5c3b7fed1ecfc6ab3922a","hashSHA1":"bddd677215caf7a8c8beb81eaf2826b25158772d","hashSHA256":"2d04e3d52bab6a0097f78a7a8e99e7918845fef7c27c7a74ca5c4fc14912426b","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2981","avBlockList":["360 Total Security (20190912)","Avast Internet Security (20190912)","AVG Internet Security (20190912)","Avira Internet Security (20190912)","Bitdefender Internet Security (20190912)","COMODO Antivirus (20190912)","Dr.Web Security Space (20190912)","ESET Internet Security (20190912)","G DATA INTERNET SECURITY (20190912)","K7 Total Security (20190912)","Kaspersky Internet Security (20190912)","Malwarebytes Premium (20190912)","McAfee Total Protection (20190912)","Norton Security (20190912)","Panda Dome (20190912)","Quick Heal Internet Security (20190912)","Sophos Home Premium (20190912)","VIPRE Advanced Security (20190912)","VirIT eXplorer PRO (20190912)","Webroot SecureAnywhere (20190912)","Windows Defender (20190912)"],"avAllowList":["Tencent PC Manager (20190912)","Trend Micro Internet Security (20190912)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc registry boost 2018\"","landingPage":"http://www.pcpowerboost.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/pcpowerbooster/setups/pcpboostersetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/pcpowerbooster/setups/pcpboostersetup_site.exe","sourceIndex":"2980"},{"howFound":"","reference":"","landingPage":"http://www.pcpowerboost.com","directDownloadingLink":"http://b34df4ra1.vo.llnwd.net/jp/pcpowerbooster/setups/pcpboostersetup_site.exe","ipv4":"","ipv6":"","sourceIndex":"2981"}],"sampleFiles":["190618/PCPowerBooster-180426/4.18.9.1004/Samples/pcpboostersetup_site.exe","190618/PCPowerBooster-180426/4.18.9.1004/Samples/PCPowerBooster.exe","190618/PCPowerBooster-180426/4.18.9.1004/Samples/pcpboostersetup_site (4.18.9.1004) 2.exe"],"imageFiles":["190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-003/ACR-003_software.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-003/ACR-003_software1.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-003/ACR-003_software2.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-014/ACR-014_software.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-014/ACR-014_software1.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-004/ACR-004_Freefix.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-004/ACR-004_Urgency.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-065/ACR-065_software.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-161/ACR-161_landingpage.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-161/ACR-161_landingpage1.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-163/ACR-163_landingpage.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-088/ACR-088_software.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-092/ACR-092_software.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-099/ACR-099_sofware.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-099/ACR-099_internaloffer.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-168/ACR-168_landingpage.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-120/ACR-120_uninstall.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-171/ACR-171_internaloffer.JPG","190618/PCPowerBooster-180426/4.18.9.1004/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"bdd7d963-8120-4c7a-90cd-33e42a21702e_4.18.9.1004_1","appID":"PCPowerBooster-180426","dateAdded":"190618","deceptorType":"App","name":"PC Power Booster","company":"www.pcpowerboost.com","version":"4.18.9.1004","sigName":"Deceptor:Win32/PCPowerBooster!003084004","lastKnownStatus":"Deceptor:4.18.9.1004","lastKnownDate":"190618","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-19T01:48:10.7896962+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":1,"sortOrder":2150},{"violations":{"ACR-003":"The app exaggerates registry keys as errors of medium damage level , thereby misleading or scaring the consumer to take action.\n","ACR-004":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix.\n","ACR-017":"The application's installer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's internal offer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's uninstall requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monitize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app at a 50% discount.\n","ACR-171":"The consumer is required to opt-out of additional payment for PhotoStudio and Special Disk Cleaning Tool which were not pre-disclosed.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"spccsetup_site.exe","isInstaller":"True","companyName":"www.securepccleaner.com/                                    ","productName":"Secure PC Cleaner","productVersion":"4.5","fileVersion":"4.5","hashMD5":"db1d77cea38fc8c9352d46fc04baccf6","hashSHA1":"791968fa594126314f399dca27a15fcef8beb4cb","hashSHA256":"141f3739f4cdfdf1faceb6bbad10d5b2a5b42082308777a9619e1e507b2de51a","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2549","avBlockList":["360 Total Security (20190909)","Avast Internet Security (20190909)","AVG Internet Security (20190909)","Avira Internet Security (20190909)","Bitdefender Internet Security (20190909)","COMODO Antivirus (20190909)","Dr.Web Security Space (20190909)","ESET Internet Security (20190909)","G DATA INTERNET SECURITY (20190909)","K7 Total Security (20190909)","Kaspersky Internet Security (20190909)","Malwarebytes Premium (20190909)","McAfee Total Protection (20190909)","Norton Security (20190909)","Panda Dome (20190909)","Quick Heal Internet Security (20190909)","Sophos Home Premium (20190909)","Tencent PC Manager (20190909)","VIPRE Advanced Security (20190909)","VirIT eXplorer PRO (20190909)","Webroot SecureAnywhere (20190909)","Windows Defender (20190909)"],"avAllowList":["Trend Micro Internet Security (20190909)"]},{"isRevoked":"False","fileName":"SecurePCCleaner.exe","isInstaller":"True","companyName":"Secure PC Cleaner","productName":"Secure PC Cleaner","productVersion":"4.27.72.926","fileVersion":"4.27.72.926","hashMD5":"c8df5c0050a3cb65bee12da39debd711","hashSHA1":"daa26cb4f410e708b6acc2b7118922e826eb6bbd","hashSHA256":"429d7aa4df7d7cd9de89f18bf331fcc1ca5b4d6dae4cd064f22f0bab4c7e3cfc","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2549","avBlockList":["360 Total Security (20190909)","Avast Internet Security (20190909)","AVG Internet Security (20190909)","Avira Internet Security (20190909)","Bitdefender Internet Security (20190909)","COMODO Antivirus (20190909)","Dr.Web Security Space (20190909)","ESET Internet Security (20190909)","G DATA INTERNET SECURITY (20190909)","K7 Total Security (20190909)","Kaspersky Internet Security (20190909)","Malwarebytes Premium (20190909)","McAfee Total Protection (20190909)","Norton Security (20190909)","Panda Dome (20190909)","Quick Heal Internet Security (20190909)","Sophos Home Premium (20190909)","Tencent PC Manager (20190909)","VIPRE Advanced Security (20190909)","VirIT eXplorer PRO (20190909)","Webroot SecureAnywhere (20190909)","Windows Defender (20190909)"],"avAllowList":["Trend Micro Internet Security (20190909)"]},{"isRevoked":"False","fileName":"spccsetup_site (4.5.0.0).exe","isInstaller":"True","companyName":"www.securepccleaner.com/                                    ","productVersion":"4.5.0.0","fileVersion":"4.5.0.0","hashMD5":"1cdf471f4a92ba7cb1f7f6a3c065dc0b","hashSHA1":"bc14cab120da59a87dc65ba7466b3798275859f8","hashSHA256":"a2e0065d265c8ef1653f52b64afc8dfafe0c6a4211db0ed156580f7721f65330","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software L.L.P., O=Top PC Tools Software L.L.P., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"2549","avBlockList":["360 Total Security (20190708)","Avast Internet Security (20190708)","AVG Internet Security (20190708)","Avira Internet Security (20190708)","Dr.Web Security Space (20190708)","ESET Internet Security (20190708)","K7 Total Security (20190708)","Kaspersky Internet Security (20190708)","Malwarebytes Premium (20190708)","McAfee Total Protection (20190708)","Norton Security (20190708)","Sophos Home Premium (20190708)","VirIT eXplorer PRO (20190708)","Webroot SecureAnywhere (20190708)","Windows Defender (20190708)"],"avAllowList":["Bitdefender Internet Security (20190708)","COMODO Antivirus (20190708)","G DATA INTERNET SECURITY (20190708)","Panda Dome (20190708)","Quick Heal Internet Security (20190708)","Tencent PC Manager (20190708)","Trend Micro Internet Security (20190708)","VIPRE Advanced Security (20190708)"]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.securepccleaner.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/securepccleaner/setups/spccsetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/securepccleaner/setups/spccsetup_site.exe","sourceIndex":"2549"}],"sampleFiles":["190617/SecurePCCleaner-180611/4.27.72.926/Samples/spccsetup_site.exe","190617/SecurePCCleaner-180611/4.27.72.926/Samples/SecurePCCleaner.exe","190617/SecurePCCleaner-180611/4.27.72.926/Samples/spccsetup_site (4.5.0.0).exe"],"imageFiles":["190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-003/ACR-003_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-003/ACR-003_software1.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-017/ACR-017_install.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-017/ACR-017_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-017/ACR-017_internaloffer.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-084/ACR-084_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-168/ACR-168_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-004/004.png","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-004/004_2.png","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-004/004_3.png"],"nonDeceptorImageFiles":["190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-065/ACR-065_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-161/ACR-161_laandingpage.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-161/ACR-161_landingpage1.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-163/ACR-163_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-163/ACR-163_uninstaller.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-163/ACR-163_landingoffer.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-088/ACR-088_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-160/ACR-160_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-099/ACR-099_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-099/ACR-099_internaloffer.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-168/ACR-168_landingoffer.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-120/ACR-120_software.JPG","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-171/004_3.png","190617/SecurePCCleaner-180611/4.27.72.926/Images/ACR-171/171.png"],"guid":"9cf13879-f1f3-4e66-8209-c3a0167064cc_4.27.72.926_1","appID":"SecurePCCleaner-180611","dateAdded":"190617","deceptorType":"App","name":"SecurePCCleaner","company":"Jawego Partners LLC","version":"4.27.72.926","sigName":"Deceptor:Win32/SecurePCCleaner!003017084168004","lastKnownStatus":"4.27.72.926","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-02-04T00:51:51.2528316+00:00","notDistributed":true,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":1,"sortOrder":2151},{"violations":{"ACR-042":"Additional application is installed without the users knowledge after running the installation.\nA few minutes after installing the app another software (Secure Driver Updater or PC Protector Plus) is installed without the user's permission or knowledge. \n","ACR-003":"The application exaggerates empty and invalid registry keys as errors of medium damage level, thereby misleading or scaring user to take action.\n","ACR-004":"App's gradient color bar misleads user with unsubstantiated damage level and requires user to pay for fix these issues that identified during free scan. App urges user to purchase the app with alarming free scan result.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's interface is set to \"do not schedule\" but the app has created multiple schedules tasks in the system's task scheduler.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"Misleads users into believing they have an issue with their computer.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not show any links to EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-161":"The application's displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-163":"The app requires one-to-one interaction to acquire support and does not provide a non interactive option on the landing page.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-160":"The application does not use a certified call center to monitize the app.\n The app is using a uncertified call center (Jawego Support).\n","ACR-099":"The app does not provide uninstall instructions on the landing page.\nThe app does not provide uninstall instructions on the software.\n","ACR-171":"The recurring payment is set for consumer to opt-out.\nThe recurring payment is set for consumer to opt-out.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"Secure PC Tuneup.exe","isInstaller":"True","companyName":"http://www.securepctuneup.com/lpip","productName":"Secure PC Tuneup","productVersion":"5.4","fileVersion":"5.4.0.0","hashMD5":"c9f53dcbb3f8f1c615fed338bf4b0f13","hashSHA1":"3fcda46f770b8f1082807fbc81e7f30a0fe4b309","hashSHA256":"e113b3d4dbfdcbf001d2fa253797927a793a1c263e6c6a1c366cf04aedfc2d62","digitalCertThumbprint":"1E8323CE2B33FA7470E5A2E6CE6F1E12D8DA5CBD","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"TUNEUP PRO SOFTWARE SERVICES LLP","sourceIndex":"2983","avBlockList":["360 Total Security (20190909)","Avast Internet Security (20190909)","AVG Internet Security (20190909)","Avira Internet Security (20190909)","Bitdefender Internet Security (20190909)","COMODO Antivirus (20190909)","Dr.Web Security Space (20190909)","ESET Internet Security (20190909)","G DATA INTERNET SECURITY (20190909)","K7 Total Security (20190909)","Kaspersky Internet Security (20190909)","Malwarebytes Premium (20190909)","McAfee Total Protection (20190909)","Norton Security (20190909)","Panda Dome (20190909)","Quick Heal Internet Security (20190909)","Sophos Home Premium (20190909)","Tencent PC Manager (20190909)","VIPRE Advanced Security (20190909)","VirIT eXplorer PRO (20190909)","Webroot SecureAnywhere (20190909)","Windows Defender (20190909)"],"avAllowList":["Trend Micro Internet Security (20190909)"]},{"isRevoked":"False","fileName":"Secure PC Tuneup.exe","isInstaller":"True","companyName":"SecurePCTuneup.com","productName":"Secure PC Tuneup","productVersion":"5.4","fileVersion":"SecurePCTuneup","hashMD5":"ee0335c0daa642f54daa225e3a878cb1","hashSHA1":"4713d8aa5a9bcf2e084d534ee66e3d6403e0507a","hashSHA256":"4a47c09d0a7cc5ea2c2dd74dafc4d862aa7dbe6fe418ac882333a3c35c125978","digitalCertThumbprint":"3C4CB44C02887FE8F47E3D05123D9442EC69328F","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"WIN TUNEUP SOFTWARE LLP","sourceIndex":"2983","avBlockList":["360 Total Security (20190909)","Avast Internet Security (20190909)","AVG Internet Security (20190909)","Avira Internet Security (20190909)","Bitdefender Internet Security (20190909)","COMODO Antivirus (20190909)","Dr.Web Security Space (20190909)","ESET Internet Security (20190909)","G DATA INTERNET SECURITY (20190909)","K7 Total Security (20190909)","Kaspersky Internet Security (20190909)","Malwarebytes Premium (20190909)","McAfee Total Protection (20190909)","Norton Security (20190909)","Panda Dome (20190909)","Quick Heal Internet Security (20190909)","Sophos Home Premium (20190909)","Tencent PC Manager (20190909)","VIPRE Advanced Security (20190909)","VirIT eXplorer PRO (20190909)","Webroot SecureAnywhere (20190909)","Windows Defender (20190909)"],"avAllowList":["Trend Micro Internet Security (20190909)"]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"www.securepctuneup.com                                      ","productName":"SecurePCTuneup","productVersion":"5.4","fileVersion":"SecurePCTuneup","hashMD5":"037a0152aac84739bfddf6d4673369f4","hashSHA1":"61fb6ed24ad62943981999203cb425fa5b5460d9","hashSHA256":"4f0736fc55623fa4bddbab27d917f10d0e21da2c460121183fb8837283d8d160","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2983","avBlockList":["360 Total Security (20190708)","Avast Internet Security (20190708)","AVG Internet Security (20190708)","Avira Internet Security (20190708)","Bitdefender Internet Security (20190708)","COMODO Antivirus (20190708)","Dr.Web Security Space (20190708)","ESET Internet Security (20190708)","G DATA INTERNET SECURITY (20190708)","K7 Total Security (20190708)","Kaspersky Internet Security (20190708)","Malwarebytes Premium (20190708)","McAfee Total Protection (20190708)","Norton Security (20190708)","Panda Dome (20190708)","Quick Heal Internet Security (20190708)","Sophos Home Premium (20190708)","Tencent PC Manager (20190708)","VIPRE Advanced Security (20190708)","VirIT eXplorer PRO (20190708)","Webroot SecureAnywhere (20190708)","Windows Defender (20190708)"],"avAllowList":["Trend Micro Internet Security (20190708)"]},{"isRevoked":"False","fileName":"setup 12.12.2018.exe","isInstaller":"True","companyName":"www.securepctuneup.com                                      ","fileVersion":"5.4","hashMD5":"ba13dc2ad2361ad0633e1fc60ff51f0a","hashSHA1":"1ae317b741bbce2c2e35086ccb817a10731c381d","hashSHA256":"251d17d5d3a24b5b32244d509f21686592f9f3c758d33fa76116a59cc7b5a1d6","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"2983","avBlockList":["360 Total Security (20190708)","Avast Internet Security (20190708)","AVG Internet Security (20190708)","Avira Internet Security (20190708)","Bitdefender Internet Security (20190708)","COMODO Antivirus (20190708)","Dr.Web Security Space (20190708)","ESET Internet Security (20190708)","G DATA INTERNET SECURITY (20190708)","K7 Total Security (20190708)","Kaspersky Internet Security (20190708)","Malwarebytes Premium (20190708)","McAfee Total Protection (20190708)","Norton Security (20190708)","Panda Dome (20190708)","Quick Heal Internet Security (20190708)","Sophos Home Premium (20190708)","Tencent PC Manager (20190708)","VIPRE Advanced Security (20190708)","VirIT eXplorer PRO (20190708)","Webroot SecureAnywhere (20190708)","Windows Defender (20190708)"],"avAllowList":["Trend Micro Internet Security (20190708)"]},{"isRevoked":"False","fileName":"sptusetup_site (5.4.0.0).exe","isInstaller":"True","companyName":"www.securepctuneup.com                                      ","productVersion":"5.4.0.0","fileVersion":"5.4.0.0","hashMD5":"4fe703c2711cc5955903836bdcadefd4","hashSHA1":"12cf530b42c7a17b0581773fdea576259d8f7bda","hashSHA256":"93dfb81fe193f5e551d43c1401010b21e2550231e9fb89362f00c9000dd79cd6","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software L.L.P., O=Top PC Tools Software L.L.P., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"2984","avBlockList":["360 Total Security (20190715)","Avast Internet Security (20190715)","AVG Internet Security (20190715)","Avira Internet Security (20190715)","Bitdefender Internet Security (20190715)","Dr.Web Security Space (20190715)","ESET Internet Security (20190715)","G DATA INTERNET SECURITY (20190715)","K7 Total Security (20190715)","Kaspersky Internet Security (20190715)","Malwarebytes Premium (20190715)","McAfee Total Protection (20190715)","Norton Security (20190715)","Quick Heal Internet Security (20190715)","Sophos Home Premium (20190715)","VIPRE Advanced Security (20190715)","VirIT eXplorer PRO (20190715)","Webroot SecureAnywhere (20190715)","Windows Defender (20190715)"],"avAllowList":["COMODO Antivirus (20190715)","Panda Dome (20190715)","Tencent PC Manager (20190715)","Trend Micro Internet Security (20190715)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com","landingPage":"http://www.securepctuneup.com/lpip","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/setup_spt.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/setup_spt.exe","sourceIndex":"2983"},{"howFound":"","reference":"","landingPage":"http://www.securepctuneup.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/securepctuneup/setups/sptusetup_site.exe","ipv4":"","ipv6":"","sourceIndex":"2984"}],"sampleFiles":["190617/Secure PC Tuneup-171009/5.4/Samples/setup_spt.exe","190617/Secure PC Tuneup-171009/5.4/Samples/setup_spt 12.28.2017.exe","190617/Secure PC Tuneup-171009/5.4/Samples/setup.exe","190617/Secure PC Tuneup-171009/5.4/Samples/setup 12.12.2018.exe","190617/Secure PC Tuneup-171009/5.4/Samples/sptusetup_site (5.4.0.0).exe"],"imageFiles":["190617/Secure PC Tuneup-171009/5.4/Images/ACR-003/ACR-003.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-003/ACR-003_software.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-003/ACR-003_software1.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-084/ACR-084_1.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-084/ACR-084_2.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-168/ACR-168_software.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-042/ACR-042.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-042/ACR-042_1.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-042/ACR-042_install.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-042/ACR-042_install1.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-004/Secure PC Tuneup Scan Results.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-004/PayToFix.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-014/Secure PC Tuneup Scan Results.PNG"],"nonDeceptorImageFiles":["190617/Secure PC Tuneup-171009/5.4/Images/ACR-161/ACR-161_landingpage.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-161/ACR-161_landingpage1.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-161/ACR-161_landingpage2.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-163/ACR-163_1.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-171/ACR-171_1.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-099/Secure PC Tuneup Landing Page.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-168/ACR-168_landingpage.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-042/ACR-042.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-042/ACR-042_1.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-042/ACR-042_install.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-042/ACR-042_install1.JPG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-163/acr-163_2.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-088/Secure PC Tuneup Scan Results.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-160/Secure PC Tuneup Phone Number.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-065/Secure PC Tuneup About Page.PNG","190617/Secure PC Tuneup-171009/5.4/Images/ACR-099/Secure PC Tuneup About Page.PNG"],"guid":"e9faa56d-b052-455a-86d5-46a4588fc578_5.4_1","appID":"Secure PC Tuneup-171009","dateAdded":"190617","deceptorType":"App","name":"Secure PC Tuneup","company":"SecurePCTuneup.com (\"SPCT\")","version":"5.4","sigName":"Deceptor:Win32/SecurePCTuneup!003042084168","lastKnownStatus":"Deceptor:5.4","lastKnownDate":"190617","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows Vista,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2019-06-17T20:56:20.5986038+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2171},{"violations":{"ACR-003":"The app makes unsubstantiated claims that the improvement potential of the system is medium for registry items, The improvement potential for registry items should remain low regardless of numbers found.\n","ACR-004":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. While free fixes are provided, the fix is only partial and a subscription purchase must be made for the full fix.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's interface is set to \"do not schedule\" but the app has created multiple schedules tasks in the system's task scheduler.\n"},"nonDeceptorViolations":{"ACR-040":"The application is unidentifiable in the install location. The application does not have an identifiable name in the installation location.\n","ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Jawego Partners LLC\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app at a 50% discount.\n","ACR-171":"The consumer is required to opt-out of additional payment for Disk Tools Plus which was not pre-disclosed.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"apctusetup_site.exe","isInstaller":"True","companyName":"www.advancedpctuneup.com/                                   ","productName":"Advanced PC Tuneup","productVersion":"6.27.45.1006","fileVersion":"6.27.45.1006","hashMD5":"8aafca1ddb021a8af49bd7f7f58bd736","hashSHA1":"8f4283b738dcdeac8fff3c5ac95676774d39b03b","hashSHA256":"765f3956119dfb4ebfc7bcf69d3a049cae2b96bd7310d149d7f6cc3e64dcea46","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"422","avBlockList":["360 Total Security (20190909)","Avast Internet Security (20190909)","AVG Internet Security (20190909)","Avira Internet Security (20190909)","Bitdefender Internet Security (20190909)","COMODO Antivirus (20190909)","Dr.Web Security Space (20190909)","ESET Internet Security (20190909)","G DATA INTERNET SECURITY (20190909)","K7 Total Security (20190909)","Kaspersky Internet Security (20190909)","Malwarebytes Premium (20190909)","McAfee Total Protection (20190909)","Norton Security (20190909)","Panda Dome (20190909)","Quick Heal Internet Security (20190909)","Sophos Home Premium (20190909)","VIPRE Advanced Security (20190909)","VirIT eXplorer PRO (20190909)","Webroot SecureAnywhere (20190909)","Windows Defender (20190909)"],"avAllowList":["Tencent PC Manager (20190909)","Trend Micro Internet Security (20190909)"]},{"isRevoked":"False","fileName":"AdvancedPCTuneup.exe","companyName":"AdvancedPCTuneup.com","productName":"Advanced PC Tuneup","productVersion":"6.27.45.1006","fileVersion":"6.27.45.1006","hashMD5":"ded7d1406e4ae1b488c1bb56a166bef7","hashSHA1":"2c939d68c592c8bf083130b214af8cf947eedee2","hashSHA256":"ad28d5488fef7715e3233f773570d4ada170a77190aa51045fc4888c095a9a8f","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"422","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"apctusetup_site (6.27.45.1288).exe","isInstaller":"True","companyName":"www.advancedpctuneup.com/                                   ","productVersion":"6.27.45.1288","fileVersion":"6.27.45.1288","hashMD5":"326082aca76b09e76b09d84772a9d8d4","hashSHA1":"2ca0fcfe5c0593b21762e64fb97389a0872b67a5","hashSHA256":"6f78d62975221fcd29ce204645892cf4a24595fe45540857937ff38c7615d8d8","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software L.L.P., O=Top PC Tools Software L.L.P., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"423","avBlockList":["360 Total Security (20190909)","Avast Internet Security (20190909)","AVG Internet Security (20190909)","Avira Internet Security (20190909)","Bitdefender Internet Security (20190909)","COMODO Antivirus (20190909)","Dr.Web Security Space (20190909)","ESET Internet Security (20190909)","G DATA INTERNET SECURITY (20190909)","K7 Total Security (20190909)","Kaspersky Internet Security (20190909)","Malwarebytes Premium (20190909)","McAfee Total Protection (20190909)","Norton Security (20190909)","Panda Dome (20190909)","Quick Heal Internet Security (20190909)","Sophos Home Premium (20190909)","Trend Micro Internet Security (20190909)","VIPRE Advanced Security (20190909)","VirIT eXplorer PRO (20190909)","Webroot SecureAnywhere (20190909)","Windows Defender (20190909)"],"avAllowList":["Tencent PC Manager (20190909)"]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"existing deceptor review","landingPage":"http://www.advancedpctuneup.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/advancedpctuneup/setups/apctusetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/advancedpctuneup/setups/apctusetup_site.exe","sourceIndex":"422"},{"howFound":"","reference":"","landingPage":"http://www.advancedpctuneup.com","directDownloadingLink":"http://b34df4ra1.vo.llnwd.net/jp/advancedpctuneup/setups/apctusetup_site.exe","ipv4":"","ipv6":"","sourceIndex":"423"}],"sampleFiles":["190617/AdvancedPCTuneup-180618/6.27.45.1006/Samples/apctusetup_site.exe","190617/AdvancedPCTuneup-180618/6.27.45.1006/Samples/AdvancedPCTuneup.exe","190617/AdvancedPCTuneup-180618/6.27.45.1006/Samples/apctusetup_site (6.27.45.1288).exe"],"imageFiles":["190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-003/ACR-003_software.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-003/ACR-003_software1.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-084/084.png","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-004/004.png","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-004/004_2.png","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-004/171_004_017.png"],"nonDeceptorImageFiles":["190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-040/ACR-040_install.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-065/ACR-065_software.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-161/ACR-161_landingpage.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-161/ACR-161_landingpage1.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-163/ACR-163_landingpageoffer.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-088/ACR-088_software.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-092/ACR-092_software.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-160/ACR-160_software.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-099/ACR-099_software.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-099/ACR-099_internaloffer.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-168/ACR-168_landingpageoffer.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-120/ACR-120_uninstall.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-171/ACR-171_internaloffer.JPG","190617/AdvancedPCTuneup-180618/6.27.45.1006/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"1028808a-52c7-4c86-835d-8f6be822af44_6.27.45.1006_1","appID":"AdvancedPCTuneup-180618","dateAdded":"190617","deceptorType":"App","name":"Advanced PC Tuneup","company":"Jawego Partners LLC","version":"6.27.45.1006","sigName":"Deceptor:Win32/AdvancedPCTuneupJawego!003004084","lastKnownStatus":"Deceptor:6.27.45.1006","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2024-11-05T19:20:55.7903717+00:00","notDistributed":true,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":1,"sortOrder":2152},{"violations":{"ACR-004":"The app does not provide free fixes for any free scans that can't be fixed permanent.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n"},"samples":[{"isRevoked":"False","fileName":"ExterminateIt.exe","companyName":"Curio Systems GmbH","fileVersion":"2.20","hashMD5":"9c2a2647fb58a97c0cfcd92f48ab22fc","hashSHA1":"baee048d0e08afc0087eb589bdb44cc41611a5f2","hashSHA256":"629f8da1796ba121b58069c22d9e329bf3430a0f66fa7355bc2b3b2149dbd081","digitalCertThumbprint":"0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=general@curiosys.de, CN=Curio Systems GmbH, OU=Development, O=Curio Systems GmbH, STREET=Prinzregentenstr. 54, L=München, S=Bayern, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Muenchen, OID.1.3.6.1.4.1.311.60.2.1.2=Bayern, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 241770, OID.2.5.4.15=Private Organization","sourceIndex":"3048","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ExterminateItSetup.exe","isInstaller":"True","companyName":"Curio Systems GmbH","fileVersion":"2.20","hashMD5":"30a95f8beeb7d4d9387e26f7552a1e0a","hashSHA1":"09ba22d8933463fa12b68e0ba7c6cca659f5da4a","hashSHA256":"af1d991ae3306f5e6e15f1e993d7451dd99a8f8ed57ee2575e8f22fe29b7e145","digitalCertThumbprint":"0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=general@curiosys.de, CN=Curio Systems GmbH, OU=Development, O=Curio Systems GmbH, STREET=Prinzregentenstr. 54, L=München, S=Bayern, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Muenchen, OID.1.3.6.1.4.1.311.60.2.1.2=Bayern, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 241770, OID.2.5.4.15=Private Organization","sourceIndex":"3048","avBlockList":["Avira Internet Security (20190530)","ESET Internet Security (20190530)","K7 Total Security (20190530)","McAfee Total Protection (20190530)","Norton Security (20190530)","Panda Dome (20190530)","Sophos Home Premium (20190530)","Trend Micro Internet Security (20190530)","VirIT eXplorer PRO (20190530)","Windows Defender (20190530)","Quick Heal Internet Security (20190530)","SpyHunter5 (20190408)"],"avAllowList":["Avast Internet Security (20190530)","AVG Internet Security (20190530)","Bitdefender Internet Security (20190530)","G DATA INTERNET SECURITY (20190530)","Kaspersky Internet Security (20190530)","Malwarebytes Premium (20190530)","Webroot SecureAnywhere (20190530)","360 Total Security (20190530)","COMODO Antivirus (20190530)","Dr.Web Security Space (20190530)","F-PROT Antivirus for Windows (20190408)","Tencent PC Manager (20190530)","VIPRE Advanced Security (20190530)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc tuneup\" page 5 of results https://www.exterminate-it.com/","landingPage":"https://www.exterminate-it.com/","directDownloadingLink":"https://downloads.exterminate-it.com/install/ExterminateItSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.exterminate-it.com/install/ExterminateItSetup.exe","sourceIndex":"3048"}],"sampleFiles":["190307/ExterminateIt-180208/2.20.0.24/Samples/ExterminateIt.exe","190307/ExterminateIt-180208/2.20.0.24/Samples/ExterminateItSetup.exe"],"imageFiles":["190307/ExterminateIt-180208/2.20.0.24/Images/ACR-004/ExterminateIt About Page.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-004/ExterminateIt Activate Page.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-004/ExterminateIt Before Internal Offers.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-004/ExterminateIt Only Available After Buying.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-004/ExterminateIt Scan Results.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-004/ExterminateIt Top of Internal Offers Page.png"],"nonDeceptorImageFiles":["190307/ExterminateIt-180208/2.20.0.24/Images/ACR-065/ExterminateIt About Page.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-065/ExterminateIt Bottom of Landing Page.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-065/ExterminateIt Bottom of Internal Offers Page.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-161/ExterminateIt Top of Landing Page.png","190307/ExterminateIt-180208/2.20.0.24/Images/ACR-161/ExterminateIt Top of Internal Offers Page.png"],"guid":"7adacef8-c958-454d-a2a8-bb3c47c33fd2_2.20.0.24_1","appID":"ExterminateIt-180208","dateAdded":"190616","deceptorType":"App","name":"Exterminate It!","company":"CURIOLAB","version":"2.20.0.24","sigName":"Deceptor:Win32/ExterminateIt!004","firstResolvedVersion":"","lastKnownStatus":"Deceptor:2.12.0.15,2.20.0.24,2.21.0.24","lastKnownDate":"190616","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-16T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2173},{"violations":{"ACR-004":"The app does not provide free fixes for any free scans that can't be fixed permanent.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n"},"samples":[{"isRevoked":"False","fileName":"ExterminateIt.exe","isInstaller":"True","companyName":"Curio Systems GmbH","fileVersion":"2.21","hashMD5":"5ec3b9911952c4cf2c08ac178fff4a12","hashSHA1":"71f672aef81feaa1765f92538747ca3b8498e9dd","hashSHA256":"433791d4a8cf0f0491034783e389dd604da1a1c32ce5a3117d3b6d83009a8c00","digitalCertThumbprint":"0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=general@curiosys.de, CN=Curio Systems GmbH, OU=Development, O=Curio Systems GmbH, STREET=Prinzregentenstr. 54, L=München, S=Bayern, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Muenchen, OID.1.3.6.1.4.1.311.60.2.1.2=Bayern, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 241770, OID.2.5.4.15=Private Organization","sourceIndex":"2986","avBlockList":["COMODO Antivirus (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Panda Dome (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)"],"avAllowList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","Bitdefender Internet Security (20190613)","Dr.Web Security Space (20190613)","G DATA INTERNET SECURITY (20190613)","Kaspersky Internet Security (20190613)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","Trend Micro Internet Security (20190613)","VIPRE Advanced Security (20190613)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc tuneup\" page 5 of results https://www.exterminate-it.com/","landingPage":"https://www.exterminate-it.com/","directDownloadingLink":"https://downloads.exterminate-it.com/install/ExterminateItSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.exterminate-it.com/install/ExterminateItSetup.exe","sourceIndex":"2986"}],"sampleFiles":["190616/ExterminateIt-180208/2.21.0.24/Samples/ExterminateIt.exe"],"imageFiles":["190616/ExterminateIt-180208/2.21.0.24/Images/ACR-004/2019-05-ACR-004_scan.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-004/ACR-004_afterintoffers.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-004/ACR-004_afterscan.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-004/ACR-004_help2.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-004/ACR-004_internaloffersbefore.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-004/ACR-004_help.png"],"nonDeceptorImageFiles":["190616/ExterminateIt-180208/2.21.0.24/Images/ACR-065/ACR-065.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-065/ACR-065pt2.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-065/ACR-065pt3.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-161/ACR-161.png","190616/ExterminateIt-180208/2.21.0.24/Images/ACR-161/ACR-161pt2.png"],"guid":"7adacef8-c958-454d-a2a8-bb3c47c33fd2_2.21.0.24_1","appID":"ExterminateIt-180208","dateAdded":"190616","deceptorType":"App","name":"Exterminate It!","company":"CURIOLAB","version":"2.21.0.24","sigName":"Deceptor:Win32/ExterminateIt!004","firstResolvedVersion":"","lastKnownStatus":"Deceptor:2.12.0.15,2.20.0.24,2.21.0.24","lastKnownDate":"190616","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-16T23:52:49.450689+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2172},{"violations":{"ACR-003":"The app lists tracking cookies as \"threats.\" This misleads consumers and can scare them into purchasing the app to remove these items.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-167":"The application only offers a 14 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"ExterminateItSetup.exe","isInstaller":"True","companyName":"CURIOLAB S.M.B.A.","productName":"Exterminate It! Antimalware","productVersion":"2.12.0.15","fileVersion":"2.12","hashMD5":"f202844e5b9708e5fa22aca08b6caa08","hashSHA1":"0246c4f305f250d08099708cccdaf1021e34994b","hashSHA256":"48c47bc150daef1f06efa092663d13d1b17d263eeea07a418fc9b7014551de5f","digitalCertThumbprint":"9E3F95577B37C74CA2F70C1E1859E798B7FC6B13","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=CURIOLAB S.M.B.A., O=CURIOLAB S.M.B.A., L=Copenhagen K, S=Copenhagen K, C=DK","sourceIndex":"3146","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ExterminateIt.exe","companyName":"CurioLab S.M.B.A.","productName":"Exterminate It! Antimalware","productVersion":"2.12.0.15","fileVersion":"2.12.0.15","hashMD5":"b5dddec5864a6243ab94e3ed765c6b62","hashSHA1":"14a431b8ee511d23e5847efc241987ebae343a35","hashSHA256":"ce20b43bbfcbd40be7e0dec4fa70013b7200d271c56e7e115775b985b0a9425b","digitalCertThumbprint":"9E3F95577B37C74CA2F70C1E1859E798B7FC6B13","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=CURIOLAB S.M.B.A., O=CURIOLAB S.M.B.A., L=Copenhagen K, S=Copenhagen K, C=DK","sourceIndex":"3146","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc tuneup\" page 5 of results https://www.exterminate-it.com/","landingPage":"https://www.exterminate-it.com/","directDownloadingLink":"https://downloads.exterminate-it.com/install/ExterminateItSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://downloads.exterminate-it.com/install/ExterminateItSetup.exe","sourceIndex":"3146"}],"sampleFiles":["190307/ExterminateIt-180208/2.12.0.15/Samples/ExterminateItSetup.exe","190307/ExterminateIt-180208/2.12.0.15/Samples/ExterminateIt.exe"],"imageFiles":["190307/ExterminateIt-180208/2.12.0.15/Images/ACR-003/ACR-003_software.JPG"],"nonDeceptorImageFiles":["190307/ExterminateIt-180208/2.12.0.15/Images/ACR-065/ACR-065_install.JPG","190307/ExterminateIt-180208/2.12.0.15/Images/ACR-065/ACR-065_software.JPG","190307/ExterminateIt-180208/2.12.0.15/Images/ACR-065/ACR-065_landingpage.JPG","190307/ExterminateIt-180208/2.12.0.15/Images/ACR-065/ACR-065_internaloffer.JPG","190307/ExterminateIt-180208/2.12.0.15/Images/ACR-161/ACR-161_landingpage.JPG","190307/ExterminateIt-180208/2.12.0.15/Images/ACR-161/ACR-161_internaloffer.JPG","190307/ExterminateIt-180208/2.12.0.15/Images/ACR-167/ACR-167_docs.JPG"],"guid":"7adacef8-c958-454d-a2a8-bb3c47c33fd2_2.12.0.15_1","appID":"ExterminateIt-180208","dateAdded":"190616","deceptorType":"App","name":"Exterminate It!","company":"CURIOLAB","version":"2.12.0.15","sigName":"Deceptor:Win32/ExterminateIt!003","firstResolvedVersion":"","lastKnownStatus":"Deceptor:2.12.0.15,2.20.0.24,2.21.0.24","lastKnownDate":"190616","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-16T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2174},{"violations":{"ACR-003":"The application reports identified registry keys by using the color gradient \"red\" to show a sense of urgency , thereby misleading or scaring user to take action. \n\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the webpages, but displayed as if Norton is endorsing the app.\n\n"},"nonDeceptorViolations":{"ACR-065":"The internal offer page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-003":"The application reports identified registry keys by using the color gradient \"red\" to show a sense of urgency , thereby misleading or scaring user to take action. \n\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the webpages, but displayed as if Norton is endorsing the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"Advanced PC Care.exe","companyName":"PCVARK SOFTWARE PRIVATE LIMITED","productName":"Advanced PC Care","productVersion":"1.0","fileVersion":"1.0","hashMD5":"5ca0ce0f6db84aecad6dcb2c8367e0c6","hashSHA1":"6e216deeccd371d98b78798678869ced26ec7bab","hashSHA256":"575cced9cc440494469701ec7d5dc62484315b9e62f9a2958a189da7250cafcf","digitalCertThumbprint":"08F19866D6B69F9A1F630BFA58A87C5765B3EE2B","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"PCVARK SOFTWARE PRIVATE LIMITED","sourceIndex":"3791","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.advancedpccare.com/","directDownloadingLink":"http://cdn2525.advancedpccare.com/apc/sitebuild/apcsetupsite.exe","ipv4":"","ipv6":"","sourceIndex":"3791"}],"sampleFiles":[],"imageFiles":["180113/AdvancedPCCare-171011/1.0/Images/ACR-003/acr_003.PNG","180113/AdvancedPCCare-171011/1.0/Images/ACR-017/acr_017_install.PNG"],"nonDeceptorImageFiles":["180113/AdvancedPCCare-171011/1.0/Images/ACR-065/acr_065_O.PNG","180113/AdvancedPCCare-171011/1.0/Images/ACR-065/ACR_065_S.PNG","180113/AdvancedPCCare-171011/1.0/Images/ACR-161/acr_161_landing_page.PNG","180113/AdvancedPCCare-171011/1.0/Images/ACR-099/acr_099.PNG","180113/AdvancedPCCare-171011/1.0/Images/ACR-003/acr_003.PNG","180113/AdvancedPCCare-171011/1.0/Images/ACR-017/acr_017_install.PNG"],"guid":"45d70f66-b606-4561-85bc-d05eb5e5fb91_1.0_1","appID":"AdvancedPCCare-171011","dateAdded":"190613","deceptorType":"App","name":"Advanced PC Care","company":"PCVARK SOFTWARE PRIVATE LIMITED","version":"1.0","sigName":"Deceptor:Win32/AdvancedPCCare!003017","lastKnownStatus":"Deceptor:1.0.0.51333","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":2,"sortOrder":2176},{"violations":{"ACR-003":"The application reports identified registry keys by using the color gradient \"red\" to show a sense of urgency,  indicating the performance improvement is high which is not substantiated. thereby misleading or scaring user to take action. \n\n\n","ACR-004":"Application does not provide free fixes for free scan results.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the webpages, but displayed as if Norton is endorsing the app.\n\n"},"nonDeceptorViolations":{"ACR-065":"The internal offer page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"apc.exe","companyName":"advancedpccare.com","productName":"Advanced PC Care","productVersion":"1.0.0.51333","fileVersion":"1.0.0.51333","hashMD5":"d313e4ce19286982507b4a7e992ab7bb","hashSHA1":"4e59ac97b70023db6179f717a99695f9af90791e","hashSHA256":"6b3fb986648d9a56904cd28328490b9aff5978e46e10bd6dade57a00be3545d5","digitalCertThumbprint":"73EA8C7653738D92D0810FAA8F53E9E349405EA5","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tune-Up PC Tools, O=Tune-Up PC Tools, STREET=\"HOUSE NO. A­54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", STREET=Johari Bazar, L=Jaipur, S=Rajasthan, PostalCode=302004, C=IN","sourceIndex":"2991","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"apcsetapst.exe","isInstaller":"True","companyName":"advancedpccare.com                                          ","productVersion":"1.0.0.51333","fileVersion":"","hashMD5":"92fb399bc4492c3194843bd01f6bcd57","hashSHA1":"c5ed2ea38e13f1b4334045eceed0a8edcadde897","hashSHA256":"e96b0ca513cbb49c2e0bccfb8c9f1c62fea3b4f2f9696e67e8d37cad19e14b53","digitalCertThumbprint":"73EA8C7653738D92D0810FAA8F53E9E349405EA5","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tune-Up PC Tools, O=Tune-Up PC Tools, STREET=\"HOUSE NO. A­54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", STREET=Johari Bazar, L=Jaipur, S=Rajasthan, PostalCode=302004, C=IN","sourceIndex":"2991","avBlockList":["Avast Internet Security (20190309)","AVG Internet Security (20190309)","Avira Internet Security (20190309)","Bitdefender Internet Security (20190309)","ESET Internet Security (20190309)","G DATA INTERNET SECURITY (20190309)","K7 Total Security (20190309)","Kaspersky Internet Security (20190309)","Malwarebytes Premium (20190309)","McAfee Total Protection (20190309)","Norton Security (20190309)","Panda Dome (20190309)","Sophos Home Premium (20190309)","Trend Micro Internet Security (20190309)","VirIT eXplorer PRO (20190309)","Webroot SecureAnywhere (20190309)"],"avAllowList":["Windows Defender (20190309)"]},{"isRevoked":"False","fileName":"apcsetup.exe","isInstaller":"True","companyName":"advpccare.com                                               ","productVersion":"1.0.1.0","fileVersion":"1.0.1.0","hashMD5":"5b48b0d72a5ed2a0c359922eca6dfb37","hashSHA1":"3ae86fdf790da667ec93c65616b0f9059df95246","hashSHA256":"4b5aff5d550066e6a820b209149667d5566946280103744bdb47a0295c003ae1","digitalCertThumbprint":"5A8E4CC43E02754A0C7A5939971F1DAA0FC9A2DA","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC OPTIMIZER UTILITIES, OU=IT, O=PC OPTIMIZER UTILITIES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"2992","avBlockList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","Sophos Home Premium (20190905)","Tencent PC Manager (20190905)","Trend Micro Internet Security (20190905)","VIPRE Advanced Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)","Norton Security (20190905)"],"avAllowList":[]},{"isRevoked":"False","fileName":"apcsetupisrcrow.exe","isInstaller":"True","companyName":"efixmypc.com                                                ","productVersion":"1.0.0.42575","fileVersion":"1.0.0.42575","hashMD5":"90ef26d6ecc9f675e5232bdb73aaf95a","hashSHA1":"67469b066869573ee0d1054e2dd702eb4dfe52f4","hashSHA256":"baf4e604131130ce22d7f8c3c492c80e58b14f9b186e34c308d0a422ee5bdc3f","digitalCertThumbprint":"73EA8C7653738D92D0810FAA8F53E9E349405EA5","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tune-Up PC Tools, O=Tune-Up PC Tools, STREET=\"HOUSE NO. A­54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", STREET=Johari Bazar, L=Jaipur, S=Rajasthan, PostalCode=302004, C=IN","sourceIndex":"2993","avBlockList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Sophos Home Premium (20190905)","Trend Micro Internet Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)"],"avAllowList":["Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","Quick Heal Internet Security (20190905)","Tencent PC Manager (20190905)","VIPRE Advanced Security (20190905)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.advancedpccare.com/","directDownloadingLink":"http://cdn2525.advancedpccare.com/apc/sitebuild/apcsetupsite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn2525.advancedpccare.com/apc/sitebuild/apcsetupsite.exe","sourceIndex":"2991"},{"howFound":"","reference":"","landingPage":"http://www.advpccare.com/","directDownloadingLink":"http://cdn.advpccare.com/apc/apc_updates_is/app/apcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2992"},{"howFound":"","reference":"","landingPage":"http://efixmypc.com/","directDownloadingLink":"http://cdn.efixmypc.com/apc/v10/ppi/apcsetupisrcrow.exe","ipv4":"","ipv6":"","sourceIndex":"2993"}],"sampleFiles":["190613/AdvancedPCCare-171011/1.0.0.51333/Samples/apc.exe","190613/AdvancedPCCare-171011/1.0.0.51333/Samples/apcsetapst.exe","190613/AdvancedPCCare-171011/1.0.0.51333/Samples/apcsetup.exe","190613/AdvancedPCCare-171011/1.0.0.51333/Samples/apcsetupisrcrow.exe"],"imageFiles":["190613/AdvancedPCCare-171011/1.0.0.51333/Images/ACR-017/acr_017_install.PNG","190613/AdvancedPCCare-171011/1.0.0.51333/Images/ACR-003/acr_003.PNG","190613/AdvancedPCCare-171011/1.0.0.51333/Images/ACR-004/Advanced PC Care Purchase Now!.PNG"],"nonDeceptorImageFiles":["190613/AdvancedPCCare-171011/1.0.0.51333/Images/ACR-065/acr_065_O.PNG","190613/AdvancedPCCare-171011/1.0.0.51333/Images/ACR-161/acr_161_landing_page.PNG","190613/AdvancedPCCare-171011/1.0.0.51333/Images/ACR-065/ACR_065_S.PNG","190613/AdvancedPCCare-171011/1.0.0.51333/Images/ACR-099/acr_099.PNG"],"guid":"45d70f66-b606-4561-85bc-d05eb5e5fb91_1.0.0.51333_1","appID":"AdvancedPCCare-171011","dateAdded":"190613","deceptorType":"App","name":"Advanced PC Care","company":"PCVARK SOFTWARE PRIVATE LIMITED","version":"1.0.0.51333","sigName":"Deceptor:Win32/AdvancedPCCare!003004014017","lastKnownStatus":"Deceptor:1.0.0.51333","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2175},{"violations":{"ACR-003":"App exaggerates system healthy condition. empty registry keys, missing shortcuts are listed as \"errors\".\n","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"www.pcpurifier.co","productName":"PCPurifier","productVersion":"3.6","hashMD5":"8728ee591adc04e28d051df0fedf3e3c","hashSHA1":"40040adf68f9662412c9756876c95d1719139341","hashSHA256":"76b5f280e6a2e751610ce765e534f6026f31a1fe19179e9eac4715900c655d50","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","sourceIndex":"2997","avBlockList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","Sophos Home Premium (20190905)","Tencent PC Manager (20190905)","VIPRE Advanced Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)"],"avAllowList":["Trend Micro Internet Security (20190905)"]},{"isRevoked":"False","isInstaller":"True","companyName":"www.pcpurifier.co","productName":"PCPurifier","productVersion":"3.6","hashMD5":"92585205cc20f707de751fdd5dc5578a","hashSHA1":"1f2acf61e63228f3bbb9891fb505e4ee4ee444bb","hashSHA256":"7546d99e7721aec867996a721579fb66ea6ec5d3c9b36063b6ce9a15aa2bb875","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","sourceIndex":"2997","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"www.pcpurifier.co","productName":"PCPurifier","productVersion":"3.6","hashMD5":"949a4c53b45c2c64660fdf80663a1d3e","hashSHA1":"0ec0c9831be92aef93be1d1774b55263789722e0","hashSHA256":"2c8175936d1a2d8c4732667dc68a8f73eb4f8a2f882a1af1bc629b689d8ff43d","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","sourceIndex":"2997","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCPurifier.exe","isInstaller":"True","companyName":"WIN TUNEUP SOFTWARE LLP","productName":"PCPurifier","productVersion":"3.18.81.868","fileVersion":"3.18.81.868","hashMD5":"4f979dcb5e83d2101e61bb55cd5cd2ea","hashSHA1":"99c5e61f5581dd4d4b3028fd378505843f9c5ca6","hashSHA256":"6302b1c1da33d264947af69791a919c72eafc5ee7329ae4857a268cea10bdc3d","digitalCertThumbprint":"3C4CB44C02887FE8F47E3D05123D9442EC69328F","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"WIN TUNEUP SOFTWARE LLP","sourceIndex":"2997","avBlockList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","Sophos Home Premium (20190905)","Tencent PC Manager (20190905)","VIPRE Advanced Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)"],"avAllowList":["Trend Micro Internet Security (20190905)"]},{"isRevoked":"False","fileName":"pcpu_site_C0F9.exe","isInstaller":"True","companyName":"www.pcpurifier.co","productName":"PCPurifier","productVersion":"3.6","hashMD5":"c0f9b3ad069a7f4c79533adc0e3d3af0","hashSHA1":"1d245573d3a4acf6e915b19439f640f3d64e7d73","hashSHA256":"350811a48e9996e85bea3954a0fe50a47283358c7d278776bc4906e434ee68a0","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"IN, Rajasthan, Jaipur, WIN TUNEUP SOFTWARE LLP, WIN TUNEUP SOFTWARE LLP","sourceIndex":"2997","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","Avira Internet Security (20190627)","Bitdefender Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Norton Security (20190627)","Panda Dome (20190627)","Quick Heal Internet Security (20190627)","Sophos Home Premium (20190627)","Tencent PC Manager (20190627)","VIPRE Advanced Security (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)"],"avAllowList":["Trend Micro Internet Security (20190627)"]},{"isRevoked":"False","isInstaller":"True","companyName":"www.pcpurifier.co","productName":"PCPurifier","productVersion":"3.6","hashMD5":"8728ee591adc04e28d051df0fedf3e3c","hashSHA1":"40040adf68f9662412c9756876c95d1719139341","hashSHA256":"76b5f280e6a2e751610ce765e534f6026f31a1fe19179e9eac4715900c655d50","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","sourceIndex":"2998","avBlockList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","Sophos Home Premium (20190905)","Tencent PC Manager (20190905)","VIPRE Advanced Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)"],"avAllowList":["Trend Micro Internet Security (20190905)"]},{"isRevoked":"False","isInstaller":"True","companyName":"www.pcpurifier.co","productName":"PCPurifier","productVersion":"3.6","hashMD5":"92585205cc20f707de751fdd5dc5578a","hashSHA1":"1f2acf61e63228f3bbb9891fb505e4ee4ee444bb","hashSHA256":"7546d99e7721aec867996a721579fb66ea6ec5d3c9b36063b6ce9a15aa2bb875","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","sourceIndex":"2998","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"www.pcpurifier.co","productName":"PCPurifier","productVersion":"3.6","hashMD5":"949a4c53b45c2c64660fdf80663a1d3e","hashSHA1":"0ec0c9831be92aef93be1d1774b55263789722e0","hashSHA256":"2c8175936d1a2d8c4732667dc68a8f73eb4f8a2f882a1af1bc629b689d8ff43d","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","sourceIndex":"2998","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcpusetup (3.54.81.1291).exe","isInstaller":"True","companyName":"www.pcpurifier.com                                          ","productVersion":"3.54.81.1291","fileVersion":"3.54.81.1291","hashMD5":"c0cf354b2c0350830822930a01deddb0","hashSHA1":"e88b83499b10edbb1b0169ce97840e410e33db6e","hashSHA256":"616e16a019bb4531a72c349dd8c2ee6052b7a5cf15ac56c79c14121fb4890910","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software L.L.P., O=Top PC Tools Software L.L.P., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"2999","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","Avira Internet Security (20190627)","Bitdefender Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Norton Security (20190627)","Quick Heal Internet Security (20190627)","Sophos Home Premium (20190627)","Trend Micro Internet Security (20190627)","VIPRE Advanced Security (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)"],"avAllowList":["Panda Dome (20190627)","Tencent PC Manager (20190627)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.ConsumerReport","reference":"After install fake plants vs. Zombie setup, the advertise for PC Purifier pops up","landingPage":"http://www.pcpurifier.co","directDownloadingLink":"http://www.pcpurifier.co/download","ipv4":"169.55.71.151","directDownloadingLinkWildChar":"http://www.pcpurifier.co/download","sourceIndex":"2997"},{"howFound":"Hunt.PartnerReport","reference":"Deceptive ads reported by MalwareBytes","landingPage":"http://pcpurifier.co/1072/1072dl?utm_source=1072&utm_campaign=1072p&utm_pubid=4543&clickid=NDU0M3wxMTEzNTB8VVN8M3wxfHx8fHw&campid=9001","sourceIndex":"2998"},{"howFound":"","reference":"","landingPage":"http://www.pcpurifier.com","directDownloadingLink":"http://b34df4ra1.vo.llnwd.net/jp/pcpurifier/setups/pcpusetup.exe","ipv4":"","ipv6":"","sourceIndex":"2999"}],"sampleFiles":["190612/D-PCPurifier-00016/3.6/Samples/setup_pcp.exe","190612/D-PCPurifier-00016/3.6/Samples/pcpu_site.exe","190612/D-PCPurifier-00016/3.6/Samples/pcpu_site_C0F9.exe","190612/D-PCPurifier-00016/3.6/Samples/pcpusetup (3.54.81.1291).exe"],"imageFiles":["190612/D-PCPurifier-00016/3.6/Images/ACR-003/ACR-003_Software_ExagerratedClaims.JPG","190612/D-PCPurifier-00016/3.6/Images/ACR-003/ACR-003_Software_ExagerratedClaims2.JPG","190612/D-PCPurifier-00016/3.6/Images/ACR-003/ACR-003_Software_ExagerratedClaims3.JPG","190612/D-PCPurifier-00016/3.6/Images/ACR-003/ACR-003_Software_ExagerratedClaims4.JPG","190612/D-PCPurifier-00016/3.6/Images/ACR-168/ACR-168_InlineOffer_NoDisclosureForCallCenters.JPG","190612/D-PCPurifier-00016/3.6/Images/ACR-168/ACR-168_LandingPage_NoDisclosureForCallCenters.JPG","190612/D-PCPurifier-00016/3.6/Images/ACR-168/ACR-168_Software_NoDisclosureForCallCenters.JPG","190612/D-PCPurifier-00016/3.6/Images/ACR-168/ACR-168_Software_NoDisclosureForCallCenters2.JPG"],"nonDeceptorImageFiles":[],"guid":"7381f092-7ae3-4f85-96e5-3ffa34a5f350_3.6_1","appID":"D-PCPurifier-00016","dateAdded":"190612","deceptorType":"App","name":"PCPurifier","company":"www.pcpurifier.co","version":"3.6","sigName":"Deceptor:Win32/PCPurifier!003168","lastKnownStatus":"Deceptor: 3.6","lastKnownDate":"190612","lastUpdate":"2019-06-12T19:16:48.1466224+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2177},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":" The Offer is not clearly marked as an offer or that its optional.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Ab Reach Technologies Private Limited\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":" The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"pocsetup.exe","isInstaller":"True","productName":"Power~Cleaner~2018","productVersion":"1.0.1.2","fileVersion":"1.0.1.2","hashMD5":"1a8de2affd953fdcd372633989b60bb7","hashSHA1":"c24bbbc91e178e329db97ba7e0610e59e671b194","hashSHA256":"e3935ec3925067f37073c31bfc4e519740dd8626d53b1007ac5962ea79700246","digitalCertThumbprint":"9D5D3D50AAB2029AD194B1419C0B47FA9D30581E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ab Reach Technologies Private Limited, O=Ab Reach Technologies Private Limited, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=JAIPUR, S=RAJASTHAN, PostalCode=110092, C=IN","sourceIndex":"2994","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)"]},{"isRevoked":"False","fileName":"ptcr.exe","companyName":"n/a","productName":"PPL","productVersion":"1.0.1.2","fileVersion":"1.0.1.2","hashMD5":"4ef140466f513c5e7f1bcd0e123af538","hashSHA1":"d40a9f26b4c9dc88bfb02992686eb08fc8860698","hashSHA256":"f029bfd219fb295112a91b7c03fd1d62b8520eed0a7989e2d1a771e865ff5d3d","digitalCertThumbprint":"9D5D3D50AAB2029AD194B1419C0B47FA9D30581E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ab Reach Technologies Private Limited, O=Ab Reach Technologies Private Limited, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=JAIPUR, S=RAJASTHAN, PostalCode=110092, C=IN","sourceIndex":"2994","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pocsetup (3.0.2.16).exe","isInstaller":"True","productVersion":"3.0.2.16","fileVersion":"3.0.2.16","hashMD5":"59f141f2b4b448833e887d4f132ed87e","hashSHA1":"6359b9a399b2ec15b9ba0814eb380f4baeeb6e94","hashSHA256":"a16367025feb874456d29b2bfe6cc728b23249ba0235657ddba58f44b845bd3e","digitalCertThumbprint":"7F41579FAC7D7A70763B0EA4256F88FF177603EF","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools, O=Tuneup PC Tools, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"2995","avBlockList":["Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","Bitdefender Internet Security (20190905)","COMODO Antivirus (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","Sophos Home Premium (20190905)","Tencent PC Manager (20190905)","Trend Micro Internet Security (20190905)","VIPRE Advanced Security (20190905)","VirIT eXplorer PRO (20190905)","Webroot SecureAnywhere (20190905)","Windows Defender (20190905)"],"avAllowList":["360 Total Security (20190905)"]},{"isRevoked":"False","fileName":"pocsetup (3.0.2.16) 2.exe","isInstaller":"True","productVersion":"3.0.2.16","fileVersion":"3.0.2.16","hashMD5":"f08473c7e143f83677bf44db25619cfc","hashSHA1":"6945e6967fc259d2cc4a4ef95b6a01801220a587","hashSHA256":"84f589f9f2c97d137773c5a68e98d35173d708c6102cf6c8858caeefaa38e223","digitalCertThumbprint":"E2CEB662252392960152DD8B2FC450A81AF4C390","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=STELLAR PC SOLUTlONS, O=STELLAR PC SOLUTlONS, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"2996","avBlockList":["360 Total Security (20190905)","Avast Internet Security (20190905)","AVG Internet Security (20190905)","Avira Internet Security (20190905)","COMODO Antivirus (20190905)","Dr.Web Security Space (20190905)","ESET Internet Security (20190905)","G DATA INTERNET SECURITY (20190905)","K7 Total Security (20190905)","Kaspersky Internet Security (20190905)","Malwarebytes Premium (20190905)","McAfee Total Protection (20190905)","Norton Security (20190905)","Panda Dome (20190905)","Quick Heal Internet Security (20190905)","Sophos Home Premium (20190905)","Trend Micro Internet Security (20190905)","VirIT eXplorer PRO (20190905)","Windows Defender (20190905)"],"avAllowList":["Bitdefender Internet Security (20190905)","Tencent PC Manager (20190905)","VIPRE Advanced Security (20190905)","Webroot SecureAnywhere (20190905)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword :\"We collect information through active as well as passive manners.\")","landingPage":"http://www.systemlogics.co/","directDownloadingLink":"http://dl.systemlogics.co/poc/securerc/b6/pocsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.systemlogics.co/poc/securerc/b6/pocsetup.exe","sourceIndex":"2994"},{"howFound":"","reference":"","landingPage":"http://aspcutils.xyz/","directDownloadingLink":"http://dl.aspcutils.xyz/poc/securerc/e2/pocsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2995"},{"howFound":"","reference":"","landingPage":"http://www.mysysspeedy.xyz/","directDownloadingLink":"http://dl.mysysspeedy.xyz/poc/securerc/e6/pocsetup.exe","ipv4":"","ipv6":"","sourceIndex":"2996"}],"sampleFiles":["190612/Power-Cleaner2018-180903/1.0.1.2/Samples/pocsetup.exe","190612/Power-Cleaner2018-180903/1.0.1.2/Samples/ptcr.exe","190612/Power-Cleaner2018-180903/1.0.1.2/Samples/pocsetup (3.0.2.16).exe","190612/Power-Cleaner2018-180903/1.0.1.2/Samples/pocsetup (3.0.2.16) 2.exe"],"imageFiles":["190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-014/ACR_014_SOFTWARE.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-088/ACR_088_SOFTWARE.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-092/ACR_092_SOFTWARE.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","190612/Power-Cleaner2018-180903/1.0.1.2/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG"],"guid":"a05e57fb-285a-4fb4-bcec-6cc600fed379_1.0.1.2_1","appID":"Power-Cleaner2018-180903","dateAdded":"190612","deceptorType":"App","name":"Power Cleaner 2018","company":"Ab Reach Technologies Private Limited","version":"1.0.1.2","sigName":"Deceptor:Win32/PowerCleaner2018!003010014055059","lastKnownStatus":"Deceptor:1.0.1.2","lastKnownDate":"190612","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,up-sell to paid,paid","lastUpdate":"2019-06-12T21:42:51.3424165+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2048},{"violations":{"ACR-010":"https://sites.fastspring.com/pcvark/order/confirm is the payment portal for deceptor family Qbit which aggressively uses scamming message to distribute deceptor. See the Qbit deceptor and QbitScamAffiliate https://customer.appesteem.com/deceptors?q=qbit\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Deceptor Qbit monitor","reference":"Qbit","landingPage":"https://sites.fastspring.com/pcvark/order/confirm","ipv4":"","ipv6":"","sourceIndex":"2974"},{"howFound":"Qbit Windows build","reference":"https://store.payproglobal.com/checkout?products[1][id]=51726&products[3][id]=47545&products[2][id]=51761&products[3][promo-id]=10182&offers=47545&x-source=&x-campaign=&x-medium=&x-publisher=&pxl=&lpid=&btnid=&x-pxl=&x-lpid=&x-btnid=&affiliate=&x-at=&x-context=&utm_pubid=&x-pubid=&x-plt=&x-var1=&x-freekey=&x-count=&x-offerpxl=&x-plt=&x-var1=&x-var2=&x-base=&x-uid=&x-fetch=&x-insdt=&x-ip=&x-pdtype=1&x-mpid=47&x-bwos=&x-tid=&x-pcode=qbcp","landingPage":"https://store.payproglobal.com/checkout?x-pcode=*","ipv4":"","ipv6":"","sourceIndex":"2975"},{"howFound":"Qbit Mac Build","reference":"https://store.payproglobal.com/checkout?products[1][id]=51288&products[2][id]=47546&products[2][promo-id]=10185&offers=47546&x-source=&x-campaign=&x-medium=&x-publisher=&pxl=&lpid=&btnid=&x-pxl=&x-lpid=&x-btnid=&affiliate=&x-at=&x-context=&utm_pubid=&x-pubid=&x-plt=&x-var1=&x-freekey=&x-count=&x-offerpxl=&x-var1=&x-var2=&x-base=&x-uid=&x-fetch=&x-insdt=&x-ip=&x-pdtype=2&x-mpid=2&x-bwos=&x-plnid=0&language=en&x-ismac=1&x-pcode=sprmc","landingPage":"https://store.payproglobal.com/checkout?x-pcode=*","ipv4":"","ipv6":"","sourceIndex":"2976"},{"howFound":"mBytes variant mBytes Clean pro, mBytes Speedup Pro, mBytes System Care","reference":"https://store.payproglobal.com/checkout?products[1][id]=53462&products[3][id]=47545&products[2][id]=51761&products[3][promo-id]=10182&offers=47545&x-source=&x-campaign=&x-medium=&x-publisher=&pxl=&lpid=&btnid=&x-pxl=&x-lpid=&x-btnid=&affiliate=&x-at=&x-context=&utm_pubid=&x-pubid=&x-plt=&x-var1=&x-freekey=&x-count=&x-offerpxl=&x-plt=&x-var1=&x-var2=&x-base=&x-uid=&x-fetch=&x-insdt=&x-ip=&x-pdtype=1&x-mpid=47&x-bwos=&x-tid=&x-pcode=mbcp","landingPage":"https://store.payproglobal.com/checkout?x-pcode=*","ipv4":"","ipv6":"","sourceIndex":"2977"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"2978"}],"sampleFiles":[],"imageFiles":["190611/QbitPaymentPortal-190601/190601/Images/ACR-010/QbitPaymentPortal.PNG"],"nonDeceptorImageFiles":[],"guid":"166ce3e4-903b-43e0-b2ee-e2f8362f226c_190601_1","appID":"QbitPaymentPortal-190601","dateAdded":"190611","deceptorType":"Affiliate","name":"QbitFamPaymentPortal","company":"Qbit","version":"190601","lastKnownStatus":"190611","type":"Affiliate","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,in-app purchases,paid","lastUpdate":"2019-06-24T13:40:30.0841954+00:00","notDistributed":false,"familyName":"Deceptor:Affiliate/QbitFamPaymentPortal!010","numInFamily":1,"numInAppID":1,"sortOrder":2178},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Auto~System~ Care for DESKTOP-8QAR3KI\\rtc.exe","productName":"PC Secure Tool","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"4c67b39bbc83cc813277f6f88a03b253","hashSHA1":"a6039d66abe76b0c88062aa1350d4869fbfcc634","hashSHA256":"e312afdc4cbb62329c2c3dc9c01b9b44b7db35415c97c697d5e82e1b0cd792cc","digitalCertThumbprint":"3C5FD1027288514CC5AE732066F074A71A2F6888","sourceIndex":"3000","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"auscsetup.exe","isInstaller":"True","productName":"Auto~System~ Care                            ","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"aa5e0fc957fdcf890d3e04b36b088260","hashSHA1":"729e31b142b45c2dfe8b65f790b4b981ba712739","hashSHA256":"55cf91f7f36ffed74e0550258a555b4ea0a6f557bfbd9a16a00ecc71e9be833b","digitalCertThumbprint":"B603A71CE7F875CF4965EFE9AB63EC327831D0D2","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-CARE-TOOiS, OU=PC-CARE-TOOiS, O=PC-CARE-TOOiS, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"3000","avBlockList":["Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","Bitdefender Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["360 Total Security (20190815)"]},{"isRevoked":"False","fileName":"auscsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Auto~System~ Care                                           ","productVersion":"1.0.0.9                                           ","fileVersion":"1.0.0.9             ","hashMD5":"f2fe870e275d38ac92e10014c08bd94d","hashSHA1":"c49ca7dc42daa43552be03267b6f905946fd3f36","hashSHA256":"1003722d9762eed1776324cd9a648b78bb22630c4f90905beaa8e0a74720de7e","digitalCertThumbprint":"3C5FD1027288514CC5AE732066F074A71A2F6888","sourceIndex":"3001","avBlockList":["360 Total Security (20190708)","Avast Internet Security (20190708)","AVG Internet Security (20190708)","Avira Internet Security (20190708)","Bitdefender Internet Security (20190708)","COMODO Antivirus (20190708)","Dr.Web Security Space (20190708)","ESET Internet Security (20190708)","G DATA INTERNET SECURITY (20190708)","K7 Total Security (20190708)","Kaspersky Internet Security (20190708)","Malwarebytes Premium (20190708)","McAfee Total Protection (20190708)","Norton Security (20190708)","Panda Dome (20190708)","Quick Heal Internet Security (20190708)","Sophos Home Premium (20190708)","SpyHunter5 (20190425)","Tencent PC Manager (20190708)","Trend Micro Internet Security (20190708)","VIPRE Advanced Security (20190708)","VirIT eXplorer PRO (20190708)","Webroot SecureAnywhere (20190708)","Windows Defender (20190708)"],"avAllowList":["F-PROT Antivirus for Windows (20190425)"]},{"isRevoked":"False","fileName":"auscsetup (1.0.0.0).exe","isInstaller":"True","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"e0774aeb9e2bd92c71c068988d43648d","hashSHA1":"89e1275c399d9326495ab4c49603fab75ff2893d","hashSHA256":"de2e616bb42fbdba30a9fe8fc632ac8f17c93e089bd04c9dc4f83fbac0192861","digitalCertThumbprint":"E5EA4480E4236899D0E9279ED30ACCCD4483AC92","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=stellar pc solutions, OU=stellar pc solutions, O=stellar pc solutions, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"3002","avBlockList":["360 Total Security (20190822)","Avast Internet Security (20190822)","AVG Internet Security (20190822)","Avira Internet Security (20190822)","Bitdefender Internet Security (20190822)","COMODO Antivirus (20190822)","Dr.Web Security Space (20190822)","ESET Internet Security (20190822)","G DATA INTERNET SECURITY (20190822)","K7 Total Security (20190822)","Kaspersky Internet Security (20190822)","Malwarebytes Premium (20190822)","McAfee Total Protection (20190822)","Norton Security (20190822)","Panda Dome (20190822)","Quick Heal Internet Security (20190822)","Sophos Home Premium (20190822)","Tencent PC Manager (20190822)","Trend Micro Internet Security (20190822)","VIPRE Advanced Security (20190822)","VirIT eXplorer PRO (20190822)","Webroot SecureAnywhere (20190822)","Windows Defender (20190822)"],"avAllowList":[]},{"isRevoked":"False","fileName":"auscsetup (1.0.0.9) 2.exe","isInstaller":"True","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"699e435a060be18ef2ae39199dbf239b","hashSHA1":"658d17b13021a891dbe001cedf366d88de3b0a7c","hashSHA256":"2ccbb1c79f3b30dbcce6d69c042befc0a74f79e9dd0b6b34be7c96138a004fbb","digitalCertThumbprint":"C3986A94D2C047D357FD36ABDFE85DB9874E2910","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC SPEEDUP TOOLS INC, O=PC SPEEDUP TOOLS INC, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"3003","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Trend Micro Internet Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":["Bitdefender Internet Security (20190902)","Tencent PC Manager (20190902)","VIPRE Advanced Security (20190902)"]},{"isRevoked":"False","fileName":"auscsetup (1.0.0.10).exe","isInstaller":"True","productVersion":"1.0.0.10","fileVersion":"1.0.0.10","hashMD5":"56b129bc28d38fb09e371a71d1ec0879","hashSHA1":"aefd02938543bde4c33a03fab2d92dfcfcd99926","hashSHA256":"95b40e780309890184fc4aeb628865ae77ba0b20dbe23c2a82abc22464fb99f1","digitalCertThumbprint":"63A76B2B78B5CD342CC92EAE604DEDF3B15A292C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Globalsoft logics, O=Globalsoft logics, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3004","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Trend Micro Internet Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":["Bitdefender Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","Tencent PC Manager (20190902)","VIPRE Advanced Security (20190902)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"most liked and preferred PC protection utility\"","reference":"http://abmypctools.xyz/","landingPage":"http://abmypctools.xyz/","directDownloadingLink":"http://dl.abmypctools.xyz/ausc/securerc/abmypctools_xyz/auscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.abmypctools.xyz/ausc/securerc/abmypctools_xyz/auscsetup.exe","sourceIndex":"3000"},{"howFound":"","reference":"","landingPage":"http://sdsysutils.xyz/","directDownloadingLink":"http://dl.sdsysutils.xyz/ausc/securerc/sdsysutils_xyz/auscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3001"},{"howFound":"","reference":"","landingPage":"http://speedypctools.live/","directDownloadingLink":"http://dl.speedypctools.live/ausc/securerc/b2/auscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3002"},{"howFound":"","reference":"","landingPage":"http://www.sdmysystools.xyz/","directDownloadingLink":"http://dl.sdmysystools.xyz/ausc/securerc/sdmysystools_xyz/auscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3003"},{"howFound":"","reference":"","landingPage":"http://abmysysutils.xyz/","directDownloadingLink":"http://dl.abmysysutils.xyz/ausc/securerc/abmysysutils_xyz/auscsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3004"}],"sampleFiles":["190610/AutoSystemCare-190403/1.0.0.9/Samples/rtc.exe","190610/AutoSystemCare-190403/1.0.0.9/Samples/auscsetup (1.0.0.2).exe","190610/AutoSystemCare-190403/1.0.0.9/Samples/auscsetup.exe","190610/AutoSystemCare-190403/1.0.0.9/Samples/auscsetup (1.0.0.0).exe","190610/AutoSystemCare-190403/1.0.0.9/Samples/auscsetup (1.0.0.9) 2.exe","190610/AutoSystemCare-190403/1.0.0.9/Samples/auscsetup (1.0.0.10).exe"],"imageFiles":["190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-042/010.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-048/048.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-003/scan.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-003/main.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-003/048.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-004/scan.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-004/150_171.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-010/010.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-084/084.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-097/startup.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-168/scan.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-168/168.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-057/010.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-055/010.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-059/010.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-161/161.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-099/099.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-150/150_171.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-171/150_171.png","190610/AutoSystemCare-190403/1.0.0.9/Images/ACR-171/171.png"],"guid":"ffe3a47a-6721-4a9e-869e-3f9c715b9e7a_1.0.0.9_1","appID":"AutoSystemCare-190403","dateAdded":"190610","deceptorType":"App","name":"Auto System Care","company":"PC CARE TOOLS","version":"1.0.0.9","sigName":"Deceptor:Win32/AutoSystemCare!042048003004010084097168057055059155 ","lastKnownStatus":"Deceptor:1.0.0.9","lastKnownDate":"190610","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-10T21:45:18.4594276+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2049},{"violations":{"ACR-042":"An additional application is installed without the user's knowledge or consent after running PC SpeedScan Pro installation.\n","ACR-017":"App displays not relevant and not verifiable logo during installation, for example \"Microsoft Partner Gold Application Development\", such logo is issued to software vendor by Microsoft not to application.  \n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to privacy policy information on the about page.\n","ACR-161":"The landing page has customer testimonials that has no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact for support.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n","ACR-160":"Contacted the phone number '1-215-989-4173 provided by PC SpeedScan Pro, got an automated response saying 'thank you for contacting Ascentive business solutions they currently have a high call volume and in order for them to assist I would have to send them an email.'\n","ACR-099":"The application's internal offer webpage has no link to a website that shows or demonstrates how to uninstall the app.\nThe application has no link to a website that shows or demonstrates how to uninstall the app.\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"SpeedScan_setup.exe","isInstaller":"True","companyName":"Ascentive Inc.","productName":"Vanilla-Setup","productVersion":"9.1.1.6","fileVersion":"9.1.1.6","hashMD5":"3dbfe4e51ec402366d9f18593e8398ac","hashSHA1":"81bfbca421f2323c19222928917fec904bca2c51","hashSHA256":"4cfac238669dbfaf624eafaccbfa90c2253579b4144d54f98e39e2623978db8e","digitalCertThumbprint":"DBAFC47C8922A5EE2DE97B2703B85B79CDF9EB94","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Ascentive LLC","sourceIndex":"2923","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCSpeedScan Pro.exe","companyName":"Ascentive LLC","productName":"PC SpeedScan Pro","productVersion":"8.07.0004","fileVersion":"8.7.0.4","hashMD5":"758d640ad4770ee114e687327e6688e3","hashSHA1":"68e4e094ecc9cdc4e22c96555801a8129055e1ce","hashSHA256":"ecfccf92caf1e8a10b83e2c1051444bc491f854c98791fe2ee34cf2ac7012347","digitalCertThumbprint":"DBAFC47C8922A5EE2DE97B2703B85B79CDF9EB94","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Ascentive LLC","sourceIndex":"2923","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com","landingPage":"http://www.ascentive.com/products/pcspeedscan/","directDownloadingLink":"http://www.ascentive.com/ascsetups/ais/van/pcss/800-00/download","ipv4":"","ipv6":"","sourceIndex":"2923"}],"sampleFiles":[],"imageFiles":["190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-017/ACR-007_INTERNAL_OFFERS.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-017/ACR-007_INSTALL.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-017/ACR-007_SOFTWARE.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-017/ACR-007_UNINSTALL.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_1.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_2.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_3.PNG"],"nonDeceptorImageFiles":["190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-163/ACR-163_LANDING_PAGE.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-168/ACR-168_LANDING_PAGE.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_1.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_2.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_3.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-170/ACR-170_SOFTWARE.PNG","190607/PCSpeedScanPro-171016/9.1.1.6/Images/ACR-065/ACR-065_SOFTWARE.PNG"],"guid":"37da1512-4b18-4d02-8afc-fbd23ce17dad_9.1.1.6_1","appID":"PCSpeedScanPro-171016","dateAdded":"190607","deceptorType":"App","name":"PC SpeedScan Pro","company":"Ascentive LLC","version":"9.1.1.6","sigName":"Deceptor:Win32/PCSpeedScanPro!017042","lastKnownStatus":"Deceptor: 9.1.1.6","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows 7,Windows Vista,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2179},{"violations":{"ACR-042":"An additional application is installed without the user's knowledge or consent after running PC SpeedScan Pro installation.\n","ACR-004":"The app requires subscribe recurring service payment to fix the regularly recurring results reported in free scan. \n","ACR-017":"Install displays not relevant and not verifiable logo during installation, for example \"Microsoft Certified Partner\", such logo is issued to software vendor by Microsoft not to application. As well, this happens for BBB (Better Business Bureau) where they give no verification of the logo.\nInstall displays not relevant and not verifiable logo during installation, for example \"Microsoft Partner Gold Application Development\", such logo is issued to software vendor by Microsoft not to application.  \nApp displays not relevant and not verifiable logo during installation, for example \"Microsoft Partner Gold Application Development\", such logo is issued to software vendor by Microsoft not to application.  \nUninstall displays not relevant and not verifiable logo during installation, for example \"Microsoft Partner Gold Application Development\", such logo is issued to software vendor by Microsoft not to application.  \n"},"nonDeceptorViolations":{"ACR-065":"The landing page has no Returns and Cancellation Policy.\nThe application has no link to privacy policy information on the about page.\n","ACR-161":"The landing page has customer testimonials that has no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact for support.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n","ACR-160":"Contacted the phone number '1-215-989-4173 provided by PC SpeedScan Pro, got an automated response saying 'thank you for contacting Ascentive business solutions they currently have a high call volume and in order for them to assist I would have to send them an email.'\n","ACR-099":"The application's internal offer webpage has no link to a website that shows or demonstrates how to uninstall the app.\nThe application has no link to a website that shows or demonstrates how to uninstall the app.\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"PCSpeedScan.exe","companyName":"Ascentive LLC","fileVersion":"8.7","hashMD5":"a4c2afc18ddbfee7b1c2fa0bc2f97758","hashSHA1":"73901c05b59ea0c311bdf38462f7bb70e1012e6e","hashSHA256":"6e0ed57893950c1814a15dc88f372fd281d9857c859cb26e95a2917317852ad1","digitalCertThumbprint":"DBAFC47C8922A5EE2DE97B2703B85B79CDF9EB94","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=50 S 16TH ST STE 3575, L=Philadelphia, S=PA, PostalCode=19102, C=US","sourceIndex":"3005","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Launcher.exe","companyName":"Ascentive LLC","fileVersion":"1.0","hashMD5":"7b50762e453f1a303d5a06e71868687a","hashSHA1":"e97fa05ca82d5ee14f85a153e355ec8064415f84","hashSHA256":"4a23e970bf55d84650621e9e85fd12e235f36d1285bcedfa58a6fd46943c3ba0","digitalCertThumbprint":"DBAFC47C8922A5EE2DE97B2703B85B79CDF9EB94","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=50 S 16TH ST STE 3575, L=Philadelphia, S=PA, PostalCode=19102, C=US","sourceIndex":"3005","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"download.exe","isInstaller":"True","companyName":"Ascentive Inc.                                              ","productVersion":"9.1.1.6","fileVersion":"9.1.1.6","hashMD5":"13d1782120784ca6048aec0ed734f8d8","hashSHA1":"2583697edbcde0791ece06550df527325af93783","hashSHA256":"15cdb4364249e6e13620b744830d8c3d66849359af69513ef4d5ecb9a270e5a3","digitalCertThumbprint":"DBAFC47C8922A5EE2DE97B2703B85B79CDF9EB94","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ascentive LLC, O=Ascentive LLC, STREET=50 S 16TH ST STE 3575, L=Philadelphia, S=PA, PostalCode=19102, C=US","sourceIndex":"3005","avBlockList":["360 Total Security (20190902)","Avast Internet Security (20190902)","AVG Internet Security (20190902)","Avira Internet Security (20190902)","Bitdefender Internet Security (20190902)","COMODO Antivirus (20190902)","Dr.Web Security Space (20190902)","ESET Internet Security (20190902)","G DATA INTERNET SECURITY (20190902)","K7 Total Security (20190902)","Kaspersky Internet Security (20190902)","Malwarebytes Premium (20190902)","McAfee Total Protection (20190902)","Norton Security (20190902)","Panda Dome (20190902)","Quick Heal Internet Security (20190902)","Sophos Home Premium (20190902)","Tencent PC Manager (20190902)","Trend Micro Internet Security (20190902)","VIPRE Advanced Security (20190902)","VirIT eXplorer PRO (20190902)","Webroot SecureAnywhere (20190902)","Windows Defender (20190902)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com","landingPage":"http://www.ascentive.com/products/pcspeedscan/","directDownloadingLink":"http://www.ascentive.com/ascsetups/ais/van/pcss/800-00/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ascentive.com/ascsetups/ais/van/pcss/800-00/download","sourceIndex":"3005"}],"sampleFiles":["190607/PCSpeedScanPro-171016/8.07.0004/Samples/PCSpeedScan.Exe","190607/PCSpeedScanPro-171016/8.07.0004/Samples/Launcher.exe","190607/PCSpeedScanPro-171016/8.07.0004/Samples/download.exe"],"imageFiles":["190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-017/ACR-007_INTERNAL_OFFERS.PNG","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-017/ACR_007_page.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-017/ACR_007_install.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-017/ACR_017.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-017/ACR_007_uninstall.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-042/ACR-042_install_screenshot.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-042/ACR-042_install_screenshot_2.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-042/ACR-042_install_screenshot_3.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-004/ACR-004.mp4"],"nonDeceptorImageFiles":["190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-099/ACR-099_internal_offer_1.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-099/ACR-099_internal_offer_3.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-099/ACR-099_internal_offer_2.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-161/ACR_161-Landing_page.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-163/ACR_163_landing_page.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-065/ACR - 065_landingpage.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-168/ACR_163_landing_page.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_1.PNG","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_2.PNG","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_3.PNG","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-160/ACR-160.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-170/ACR-170.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-065/ACR-065.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-099/ACR-099_software_1.png","190607/PCSpeedScanPro-171016/8.07.0004/Images/ACR-099/ACR-099_software_2.png"],"guid":"37da1512-4b18-4d02-8afc-fbd23ce17dad_8.07.0004_1","appID":"PCSpeedScanPro-171016","dateAdded":"190607","deceptorType":"App","name":"PC SpeedScan Pro","company":"Ascentive LLC","version":"8.07.0004","sigName":"Deceptor:Win32/PCSpeedScanPro!017042004","lastKnownStatus":"Deceptor: 9.1.1.6","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows 7,Windows Vista,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2180},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. After disabling the the scheduled scans in the application settings, the task still exist in the systems task scheduler. The App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links landing page that shows the app's EULA.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n","ACR-167":"The App only refunds for non-working and un-used products purchased.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable certifications.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MS365 Security\\MS365Security.exe","companyName":"MS365 Security","productName":"MS365 Security","productVersion":"4.1.9.0","fileVersion":"4.1.9.0","hashMD5":"cc5c5bf31d6b28d9f2e76885b6ceb51d","hashSHA1":"9ee9609ca939ced2a364ec65d5ac1368b1a5f9c5","hashSHA256":"96e21309796f920d33b90200b9656247c779da12b7180ce99cd4023b27a5e34f","digitalCertThumbprint":"B5CA47377484C6C4CB7B1900D6BA897D2E05787A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Main Source 365 Tech, OU=IT and Security, O=Main Source 365 Tech, STREET=53 E GENESEE ST, L=Melbourne, S=Florida, PostalCode=32936, C=US","sourceIndex":"3007","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MS365SecuritySetup.exe","isInstaller":"True","companyName":"MS365 Security","productName":"MS365 Security","productVersion":"4.1.9","fileVersion":"4.1.9","hashMD5":"096ba65008852ba5bacf065945f3db30","hashSHA1":"0935a8891fec838d173e4471b9437f226a8d4b7a","hashSHA256":"f5ab0a3efff09072ade8a2fefa54f794eb0dd92da5c3e971901b6e45ada7120c","digitalCertThumbprint":"B5CA47377484C6C4CB7B1900D6BA897D2E05787A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Main Source 365 Tech, OU=IT and Security, O=Main Source 365 Tech, STREET=53 E GENESEE ST, L=Melbourne, S=Florida, PostalCode=32936, C=US","sourceIndex":"3007","avBlockList":["360 Total Security (20190829)","Avira Internet Security (20190829)","Bitdefender Internet Security (20190829)","COMODO Antivirus (20190829)","Dr.Web Security Space (20190829)","ESET Internet Security (20190829)","G DATA INTERNET SECURITY (20190829)","K7 Total Security (20190829)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Panda Dome (20190829)","Quick Heal Internet Security (20190829)","Sophos Home Premium (20190829)","Tencent PC Manager (20190829)","Trend Micro Internet Security (20190829)","VIPRE Advanced Security (20190829)","VirIT eXplorer PRO (20190829)","Windows Defender (20190829)"],"avAllowList":["Avast Internet Security (20190829)","AVG Internet Security (20190829)","Webroot SecureAnywhere (20190829)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Cyber Privacy Suite\"","reference":"https://mainsourcetechsol.com/products-and-services/","landingPage":"https://mainsourcetechsol.com/","directDownloadingLink":"https://s3.amazonaws.com/shieldpartners/MS365/MS365SecuritySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/shieldpartners/MS365/MS365SecuritySetup.exe","sourceIndex":"3007"}],"sampleFiles":["190606/MS365Security-190604/4.1.9.0/Samples/MS365Security.exe","190606/MS365Security-190604/4.1.9.0/Samples/MS365SecuritySetup.exe"],"imageFiles":["190606/MS365Security-190604/4.1.9.0/Images/ACR-084/084_2.png","190606/MS365Security-190604/4.1.9.0/Images/ACR-084/084.png","190606/MS365Security-190604/4.1.9.0/Images/ACR-168/main.png"],"nonDeceptorImageFiles":["190606/MS365Security-190604/4.1.9.0/Images/ACR-017/017.png","190606/MS365Security-190604/4.1.9.0/Images/ACR-161/161.png","190606/MS365Security-190604/4.1.9.0/Images/ACR-168/168_2.png","190606/MS365Security-190604/4.1.9.0/Images/ACR-168/168.png","190606/MS365Security-190604/4.1.9.0/Images/ACR-065/017.png","190606/MS365Security-190604/4.1.9.0/Images/ACR-167/167.png"],"guid":"ebcb4dad-bf7a-4ab2-9300-78256057ee68_4.1.9.0_1","appID":"MS365Security-190604","dateAdded":"190606","deceptorType":"App","name":"MS365 Security","company":"Main Source 365 Tech","version":"4.1.9.0","sigName":"Deceptor:Win32/MS365Security!084168","lastKnownStatus":"Deceptor:4.1.9.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2182},{"violations":{"ACR-048":"Bundler remaps \"application close\" to \"minimize.\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"No attribution for the download manager is provided.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-035":" No EULA is provided for this Download Manager.\n","ACR-036":" No EULA is provided for this Download Manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"PCMateFreeSystemCare_3843294415.exe","isInstaller":"True","productName":"Pem","productVersion":"4.1","fileVersion":"5.8.3.7","hashMD5":"81253404c9dd3e167aa24666fa2d033c","hashSHA1":"c45cac11dceef9f8e3b27ac5a44176fcfb57a0a5","hashSHA256":"d1ae3325036bd6c9eb2db561b93a616b1c8ef67ad407d273ddd30b79db45e606","digitalCertThumbprint":"F007CEF627BECF9CECE8C4310B2FC5F21F19A4ED","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Caliber Wave (Alpha Criteria Ltd.), O=Caliber Wave (Alpha Criteria Ltd.), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Israel, PostalCode=6618208, C=IL","sourceIndex":"3017","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeSystemCare.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"607ea42cb65e90da635b85fec1fcd77e","hashSHA1":"ca92336ca68c1e5f3ccde616f42c61bbc38aefe8","hashSHA256":"b2ef75d8b3a92d1d6e8225f53c26a133d1b0e17dfadde5751bef5ec585c1c58a","digitalCertThumbprint":"EAA40C212813D5A23C7CAB368706101A97DC4326","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Beijing Qingruan Chuangxiang Information Technology Co., Ltd.\", O=\"Beijing Qingruan Chuangxiang Information Technology Co., Ltd.\", STREET=\"Rm B-1107,Sanyuan Bridge International Port,Chaoyang District\", STREET=ChaoYangQu, L=Beijing, S=Beijing, PostalCode=100027, C=CN","sourceIndex":"3017","avBlockList":["360 Total Security (20190829)","Avast Internet Security (20190829)","AVG Internet Security (20190829)","Avira Internet Security (20190829)","Bitdefender Internet Security (20190829)","COMODO Antivirus (20190829)","Dr.Web Security Space (20190829)","ESET Internet Security (20190829)","G DATA INTERNET SECURITY (20190829)","K7 Total Security (20190829)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Panda Dome (20190829)","Quick Heal Internet Security (20190829)","Sophos Home Premium (20190829)","Tencent PC Manager (20190829)","Trend Micro Internet Security (20190829)","VIPRE Advanced Security (20190829)","VirIT eXplorer PRO (20190829)","Webroot SecureAnywhere (20190829)","Windows Defender (20190829)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMateFreeSystemCare1.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"44751db825d3e5cb4e3875b01376cfdf","hashSHA1":"04fee339ded5e3cdd230f2a2e93e7ece67c8501a","hashSHA256":"d914e82cea3cffa498462566a1daa65f30c4896fcd0ab5296feaf6cad515295d","digitalCertThumbprint":"58FF66B7503CCDF37B2B276045AF1A8A84963DC9","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=TechEvolve GMBH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TechEvolve GMBH, L=Beijing, S=Beijing, C=CN","sourceIndex":"3017","avBlockList":["Avast Internet Security (20190829)","AVG Internet Security (20190829)","Avira Internet Security (20190829)","COMODO Antivirus (20190829)","Dr.Web Security Space (20190829)","ESET Internet Security (20190829)","K7 Total Security (20190829)","Malwarebytes Premium (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Panda Dome (20190829)","Sophos Home Premium (20190829)","VirIT eXplorer PRO (20190829)","Webroot SecureAnywhere (20190829)","Kaspersky Internet Security (20190801)","Windows Defender (20190829)"],"avAllowList":["360 Total Security (20190829)","Bitdefender Internet Security (20190829)","G DATA INTERNET SECURITY (20190829)","Quick Heal Internet Security (20190829)","Tencent PC Manager (20190829)","Trend Micro Internet Security (20190829)","VIPRE Advanced Security (20190829)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.freesystemsoftware.com/","ipv4":"","ipv6":"","sourceIndex":"3017"}],"sampleFiles":["190606/PCMateFreeSystemCareBundler-181105/4.1/Samples/PCMateFreeSystemCare_3843294415.exe","190606/PCMateFreeSystemCareBundler-181105/4.1/Samples/PCMateFreeSystemCare.exe","190606/PCMateFreeSystemCareBundler-181105/4.1/Samples/PCMateFreeSystemCare1.exe"],"imageFiles":["190606/PCMateFreeSystemCareBundler-181105/4.1/Images/ACR-039/ACR_039_INSTALL.PNG","190606/PCMateFreeSystemCareBundler-181105/4.1/Images/ACR-048/ACR_048_INSTALL.mp4","190606/PCMateFreeSystemCareBundler-181105/4.1/Images/ACR-059/ACR_059_BUNDLER_MADE_OFFERS.PNG"],"nonDeceptorImageFiles":["190606/PCMateFreeSystemCareBundler-181105/4.1/Images/ACR-044/ACR_044_INSTALL.PNG","190606/PCMateFreeSystemCareBundler-181105/4.1/Images/ACR-152/ACR_152_BUNDLER_MADE_OFFERS.mp4"],"guid":"169e68dc-b964-411f-8033-0b54f6dbf6bc_4.1_1","appID":"PCMateFreeSystemCareBundler-181105","dateAdded":"190606","deceptorType":"Bundler","name":"PCMateFreeSystemCareBundler","company":"Caliber Wave (Alpha Criteria Ltd.)","version":"4.1","sigName":"Deceptor:Win32/PCMateFreeSystemCareBundler!039048050059","lastKnownStatus":"Deceptor:4.1","lastKnownDate":"190606","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-06-06T21:13:42.3834549+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":1,"sortOrder":842},{"violations":{"ACR-048":"The install hides the close button, hiding the consumer's ability to close the installer.\n","ACR-003":"The app uses gauges with traffic light colors to indicate to the user that non-urgent categories can have a high concern level.\n","ACR-004":"The app requires subscription service payment to fix the items reported from free scans. The app uses gauges with traffic light colors to exaggerate a sense of urgency.\n","ACR-017":"The installer elevates its consumer trust level by displaying an unverifiable Microsoft partner certification.\nThe app elevates its consumer trust level by displaying an unverifiable Microsoft certification.\nThe Bundler-made offer elevates its consumer trust level by displaying an unverifiable Microsoft certification.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe bundler-made offer does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe bundler-made offer does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"PCCleaners.exe","companyName":"PC Cleaners Inc.","fileVersion":"10.11","hashMD5":"a208e31da6150a5a7b084c9a67338501","hashSHA1":"65ad7a2bffdef711f3b11859dc0031ab8e71947b","hashSHA256":"e218d1f122156536fa3a6d6f7d5d70245f709a04700cd49953cc61db432d7c44","digitalCertThumbprint":"E319C63118364BEE412027B271A70932AFF605DA","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PC Cleaners Inc., L=Newport Beach, S=California, C=US","sourceIndex":"3006","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC_Pro_Installer_2013.exe","isInstaller":"True","companyName":"PC Cleaners","fileVersion":"10.0","hashMD5":"f6f64220b2be1e1a11e4d42e8bc9a357","hashSHA1":"8fad4a16705a7a067ec79788bc87e7c7dd0db21a","hashSHA256":"ad03a9afcd7c275fa9cfff99440e22479d9fad0b51f6769f9fa9ddc722d00336","digitalCertThumbprint":"E319C63118364BEE412027B271A70932AFF605DA","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PC Cleaners Inc., L=Newport Beach, S=California, C=US","sourceIndex":"3006","avBlockList":["Avast Internet Security (20190829)","AVG Internet Security (20190829)","Avira Internet Security (20190829)","Bitdefender Internet Security (20190829)","Dr.Web Security Space (20190829)","ESET Internet Security (20190829)","K7 Total Security (20190829)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Quick Heal Internet Security (20190829)","Sophos Home Premium (20190829)","Tencent PC Manager (20190829)","VIPRE Advanced Security (20190829)","VirIT eXplorer PRO (20190829)","Webroot SecureAnywhere (20190829)","Windows Defender (20190829)"],"avAllowList":["360 Total Security (20190829)","COMODO Antivirus (20190829)","G DATA INTERNET SECURITY (20190829)","Panda Dome (20190829)","Trend Micro Internet Security (20190829)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"","directDownloadingLink":"https://www.pccleanerpro.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pccleanerpro.com/download","sourceIndex":"3006"}],"sampleFiles":["190606/PCCleanerPro2013-190605/10.0.0.0/Samples/PCCleaners.exe","190606/PCCleanerPro2013-190605/10.0.0.0/Samples/PC_Pro_Installer_2013.exe"],"imageFiles":["190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-048/PCCleanerPro Install.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-003/PCCleanerPro Scan Results.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-017/PCCleanerPro Install.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-017/PCCleanerPro Scan Results.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-017/PCCleanerPro Offer.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-004/PCCleanerPro ACR004.mp4"],"nonDeceptorImageFiles":["190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-065/PCCleanerPro About Page.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-065/PCCleanerPro Install.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-065/PCCleanerPro Offer.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-099/PCCleanerPro About Page.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-099/PCCleanerPro Offer.png","190606/PCCleanerPro2013-190605/10.0.0.0/Images/ACR-099/PCCleanerPro Internal Offers.png"],"guid":"28fa8e91-21e5-4640-a3a8-20abe8f43097_10.0.0.0_1","appID":"PCCleanerPro2013-190605","dateAdded":"190606","deceptorType":"App","name":"PC Cleaner Pro","company":"PC Cleaners Inc.","version":"10.0.0.0","sigName":"Deceptor:Win32/PCCleanerPro!048003017004","lastKnownStatus":"10.0.0.0","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2019-06-07T05:35:35.9121823+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2181},{"violations":{"ACR-003":"The app shows gauges indicating the user cache files are \"poor\" which misleads the user and raises urgency. These scan results are unsubstantiated.\n","ACR-004":"The app does not provide free fixes for free scan results and uses bars with \"traffic light\" colors to give an exaggerated sense of urgency to the user.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. \n","ACR-014":"App uses scamming message to scare user system is infected and attempts to lead user to download the app. The app usese red and alarming gauges to imply that non-critial tasks like deleting user cache files could have a large effect on system performance.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not show links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not contain a link to the Returns and Cancellation Policy.\nThe internal offers page does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-088":"The app starts a scan right after the install process is finished.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nInternal Offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Mac Heal Pro","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e2b61f89eec094901c599bed77fd5990cadae8027f086e9eedb81188ff2164e0","sourceIndex":"2565","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mhp_mhpsite.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"129c7acfeb88b4254a61cf516b712e7f5cbf032dd345b7475e99d068db6f6a22","sourceIndex":"2565","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mhp_mhpsite.pkg1.pkg","isInstaller":"True","fileVersion":"1.1.0","hashMD5":"","hashSHA1":"","hashSHA256":"a762754678e4831396c9c4798c62a427775564396e02ef1c503af8a6f5902ff5","digitalCertIssuedTo":"Vikram Sinha (3Q9D99NCQB)","sourceIndex":"2565","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"alfsmhp.pkg","isInstaller":"True","fileVersion":"1.1.0","hashMD5":"","hashSHA1":"","hashSHA256":"b83b9a026c8d355ecaa97ffa378ca0e1f8b72fcd62dab7113f79969305839def","digitalCertIssuedTo":"Vikram Sinha (3Q9D99NCQB)","sourceIndex":"2565","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"machealpro.com","directDownloadingLink":"http://bgtc.machealpro.com/mhp/builds/mhp_mhpsite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://bgtc.machealpro.com/mhp/builds/mhp_mhpsite.pkg","sourceIndex":"2565"}],"sampleFiles":["190605/MacHealPro-190429/1.0.0/Samples/Mac Heal Pro","190605/MacHealPro-190429/1.0.0/Samples/mhp_mhpsite.pkg","190605/MacHealPro-190429/1.0.0/Samples/mhp_mhpsite.pkg1.pkg","190605/MacHealPro-190429/1.0.0/Samples/alfsmhp.pkg"],"imageFiles":["190605/MacHealPro-190429/1.0.0/Images/ACR-004/MacHealPro Scan Results 2.png","190605/MacHealPro-190429/1.0.0/Images/ACR-004/MacHealPro Scan Results 1.png","190605/MacHealPro-190429/1.0.0/Images/ACR-004/MacHealPro Internal Offers.png","190605/MacHealPro-190429/1.0.0/Images/ACR-084/MacHealPro Tasks.png","190605/MacHealPro-190429/1.0.0/Images/ACR-003/MacHealPro Junk Files Scan.png","190605/MacHealPro-190429/1.0.0/Images/ACR-014/MacHealPro Scan Results 1.png","190605/MacHealPro-190429/1.0.0/Images/ACR-014/MacHealPro Scan Results 2.png","190605/MacHealPro-190429/1.0.0/Images/ACR-014/MacHealPro Junk Files Scan.png","190605/MacHealPro-190429/1.0.0/Images/ACR-014/Affiliate_MacHealPro_Qbit.PNG"],"nonDeceptorImageFiles":["190605/MacHealPro-190429/1.0.0/Images/ACR-065/MacHealPro Install.png","190605/MacHealPro-190429/1.0.0/Images/ACR-065/MacHealPro About Page.png","190605/MacHealPro-190429/1.0.0/Images/ACR-065/MacHealPro Bottom of Landing Page.png","190605/MacHealPro-190429/1.0.0/Images/ACR-065/MacHealPro Internal Offers.png","190605/MacHealPro-190429/1.0.0/Images/ACR-088/MacHealPro Auto Scan.gif","190605/MacHealPro-190429/1.0.0/Images/ACR-099/MacHealPro About Page.png","190605/MacHealPro-190429/1.0.0/Images/ACR-099/MacHealPro Bottom of Landing Page.png","190605/MacHealPro-190429/1.0.0/Images/ACR-099/MacHealPro Internal Offers.png"],"guid":"8acc977f-c14c-4571-b886-a0fb13d241ac_1.0.0_1","appID":"MacHealPro-190429","dateAdded":"190605","deceptorType":"MacOS App","name":"Mac Heal Pro","company":"machealpro.com","version":"1.0.0","sigName":"Deceptor:MacOS/MacHealPro!003004014084","lastKnownStatus":"Deceptor:1.0.0;1.1.0","lastKnownDate":"200203","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-02-04T00:28:18.2140608+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2183},{"violations":{"ACR-004":"The app shows free scan results, but only partially cleans (500 megabytes) before requiring the user to pay.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the EULA or the Returns and Cancellation Policy.\nThe internal offers page does not display links to the EULA.\n","ACR-099":"The app does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"duplicate-file-remover-pro.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"95602feb5ceede31bcd8e9b18f1c5b14","hashSHA1":"dc1d863b76b34f1153cb7a9bd7aa37d574d60413","hashSHA256":"1b9c2392c7d8150930b8f99ce23ace1e98d26588572baca824e6adcd86420621","sourceIndex":"2775","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Duplicate File Remover PRO","fileVersion":"0.","hashMD5":"cabf394720ed056aadac0eac8e00271d","hashSHA1":"cf9158b73ade823ee84fd46a11e670c7a6b80967","hashSHA256":"5adbd4b2418e102c5c53e4909d9cc4583d455b31e9b545e045476b714f6b6db1","sourceIndex":"2775","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Same vendor as other deceptor \"ClearDisk\"","reference":"Hunt.Search","landingPage":"https://nektony.com/duplicate-file-remover","directDownloadingLink":"https://nektony.com/duplicate-file-remover/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://nektony.com/duplicate-file-remover/download","sourceIndex":"2775"}],"sampleFiles":["190604/DuplicateFileRemoverPRO-190522/5.6.1/Samples/duplicate-file-remover-pro 38.dmg","190604/DuplicateFileRemoverPRO-190522/5.6.1/Samples/Duplicate File Remover PRO"],"imageFiles":["190604/DuplicateFileRemoverPRO-190522/5.6.1/Images/ACR-004/DuplicateFileFinderPRO ACR004.gif"],"nonDeceptorImageFiles":["190604/DuplicateFileRemoverPRO-190522/5.6.1/Images/ACR-065/DuplicateFileFinderPRO Install.png","190604/DuplicateFileRemoverPRO-190522/5.6.1/Images/ACR-065/DuplicateFileFinderPRO About Page.png","190604/DuplicateFileRemoverPRO-190522/5.6.1/Images/ACR-065/DuplicateFileFinderPRO Bottom of Landing Page.png","190604/DuplicateFileRemoverPRO-190522/5.6.1/Images/ACR-065/DuplicateFileFinderPRO Internal Offers.png","190604/DuplicateFileRemoverPRO-190522/5.6.1/Images/ACR-099/DuplicateFileFinderPRO About Page.png","190604/DuplicateFileRemoverPRO-190522/5.6.1/Images/ACR-099/DuplicateFileFinderPRO Internal Offers.png"],"guid":"902c17c0-9815-4e0b-b084-35e62081b421_5.6.1_1","appID":"DuplicateFileRemoverPRO-190522","dateAdded":"190604","deceptorType":"MacOS App","name":"Duplicate File Remover PRO","company":"Nektony","version":"5.6.1","sigName":"Deceptor:MacOS/DuplicateFileRemoverPro!004","firstResolvedDate":"190919","firstResolvedVersion":"5.6.2","resolved":"TRUE","lastKnownStatus":"Deceptor:5.6.1;NonDeceptor:5.6.2","lastKnownDate":"190604","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2019-09-19T22:20:19.375805+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2190},{"violations":{"ACR-003":"The app shows gauges in yellow/red color and uses words \"strongly outdated\", that indicates misleading urgency, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the recurring service to fix out-of-date driver issues identified during free scan.  App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe landing page has no link or information that shows how to uninstall the app. \n","ACR-167":"In the purchase page it shows 60 days money back guarantee, but from the payment processor refund policy it only shows 30 days\nhttps://store.nero.com/order/checkout.php?CART_ID=cad17749d4ebc794f691b5604a72d180\nhttps://store.nero.com/order/refund_policy.php?CART_ID=cad17749d4ebc794f691b5604a72d180\n"},"samples":[{"isRevoked":"False","fileName":"DriverUpdater.exe","isInstaller":"True","companyName":"Nero AG","fileVersion":"1.0","hashMD5":"b31618cc1e4513b686064bffcf6bb0db","hashSHA1":"a2debd9d3bfcf8f4fa3ef9ea5e4623e330bbd0e1","hashSHA256":"cd06f9bf6ced327fd2a1ef9fb4e6b9ab37f76f37473ffef9b6e49fe83f06e2db","digitalCertThumbprint":"498579084625A247DF4C92B0B2806D7C2AD49A14","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Nero AG, O=Nero AG, STREET=Rueppurrer Str. 1A, L=Karlsruhe, S=BW, PostalCode=76137, C=DE","sourceIndex":"3040","avBlockList":["Avira Internet Security (20190829)","Dr.Web Security Space (20190829)","ESET Internet Security (20190829)","G DATA INTERNET SECURITY (20190829)","K7 Total Security (20190829)","Kaspersky Internet Security (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Panda Dome (20190829)","Quick Heal Internet Security (20190829)","Sophos Home Premium (20190829)","VirIT eXplorer PRO (20190829)","Webroot SecureAnywhere (20190829)","Windows Defender (20190829)"],"avAllowList":["360 Total Security (20190829)","Avast Internet Security (20190829)","AVG Internet Security (20190829)","Bitdefender Internet Security (20190829)","COMODO Antivirus (20190829)","Malwarebytes Premium (20190829)","Tencent PC Manager (20190829)","Trend Micro Internet Security (20190829)","VIPRE Advanced Security (20190829)"]},{"isRevoked":"False","fileName":"Secur360.DriverUpdater_1.0.6906.26775_Setup.exe","companyName":"Nero AG","fileVersion":"1.0","hashMD5":"895a6698958108822d01c0b42f6bdc36","hashSHA1":"c4d01f188d66debf9277126265fa95166b7266b5","hashSHA256":"ea2cee84249c3d5c11274f7146227412edc1cd02fefa53001853c242e79a22b6","digitalCertThumbprint":"498579084625A247DF4C92B0B2806D7C2AD49A14","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Nero AG, O=Nero AG, STREET=Rueppurrer Str. 1A, L=Karlsruhe, S=BW, PostalCode=76137, C=DE","sourceIndex":"3040","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"driver updater\"","reference":"https://www.nero.com/eng/products/driver-updater/?vlang=gb","landingPage":"http://www.secur360.io/eng/?vlang=us","directDownloadingLink":"http://ftp6.nero.com/Secur360_DriverUpdater.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://ftp6.nero.com/Secur360_DriverUpdater.exe","sourceIndex":"3040"}],"sampleFiles":["190604/Secur360DriverUpdater-190313/1.0.18.1128/Samples/DriverUpdater.exe","190604/Secur360DriverUpdater-190313/1.0.18.1128/Samples/Secur360.DriverUpdater_1.0.6906.26775_Setup.exe"],"imageFiles":["190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-004/ACR-004_links.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-004/ACR-004_scan.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-004/ACR-004_shop.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-004/ACR-004_shop_eu.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-004/ACR-004_website.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-003/ACR-003_scan.png"],"nonDeceptorImageFiles":["190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-099/ACR-099_about.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-099/099.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-065/ACR-065_about.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-167/ACR-167_refund.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-167/ACR-167_shop.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-167/USD_shop.png","190604/Secur360DriverUpdater-190313/1.0.18.1128/Images/ACR-167/refund.png"],"guid":"8cd94cd8-bd4f-48b5-83cf-a465d56d3702_1.0.18.1128_1","appID":"Secur360DriverUpdater-190313","dateAdded":"190604","deceptorType":"App","name":"Secur360 Driver Updater","company":"Nero AG","version":"1.0.18.1128","sigName":"Deceptor:Win32/Secur360DriverUpdater!003004","lastKnownStatus":"Deceptor:1.0.6906.29828,1.0.18.1128","lastKnownDate":"190604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-04T23:41:34.6295986+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2188},{"violations":{"ACR-003":"The app shows gauges in yellow/red color and uses words \"strongly outdated\", that indicates misleading urgency, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the recurring service to fix out-of-date driver issues identified during free scan.  App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe landing page has no link or information that shows how to uninstall the app. \n","ACR-167":"In the purchase page it shows 60 days money back guarantee, but from the payment processor refund policy it only shows 30 days\nhttps://store.nero.com/order/checkout.php?CART_ID=cad17749d4ebc794f691b5604a72d180\nhttps://store.nero.com/order/refund_policy.php?CART_ID=cad17749d4ebc794f691b5604a72d180\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Nero\\Secur360 Driver Updater\\DriverUpdater.exe","companyName":"Nero AG","productName":"Secur360 DriverUpdater","productVersion":"1.0.18.1128","fileVersion":"1.0.18.1128","hashMD5":"499e156e366cedfe424fc32339f4d7a1","hashSHA1":"ad0a1642f4f59da86ce74bb10e1b98169f3326e6","hashSHA256":"be5768cdc02c2006b5494b7810deaf99e9a5924079fc621b3aac9e4df295cc00","digitalCertThumbprint":"498579084625A247DF4C92B0B2806D7C2AD49A14","sourceIndex":"3039","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Secur360_DriverUpdater.exe","isInstaller":"True","companyName":"Nero AG","productName":"Secur360 Driver Updater","productVersion":"1.0.6906.29828","fileVersion":"1.0.6906.29828","hashMD5":"f7e09024058606e3bccad262217c832e","hashSHA1":"2089a37fcf60986e319443eb9e2140ca7632da54","hashSHA256":"4f11240771cc27ade8d5781abedb7798c75d0d6588d8b5fb5f258893347c1f43","digitalCertThumbprint":"498579084625A247DF4C92B0B2806D7C2AD49A14","sourceIndex":"3039","avBlockList":["Avira Internet Security (20190509)","Bitdefender Internet Security (20190509)","ESET Internet Security (20190509)","G DATA INTERNET SECURITY (20190509)","K7 Total Security (20190509)","Kaspersky Internet Security (20190509)","McAfee Total Protection (20190509)","Norton Security (20190509)","Sophos Home Premium (20190509)","VirIT eXplorer PRO (20190509)","Webroot SecureAnywhere (20190509)","Windows Defender (20190509)","Dr.Web Security Space (20190509)","Quick Heal Internet Security (20190509)","Tencent PC Manager (20190509)","VIPRE Advanced Security (20190509)"],"avAllowList":["Avast Internet Security (20190509)","AVG Internet Security (20190509)","Malwarebytes Premium (20190509)","Panda Dome (20190509)","Trend Micro Internet Security (20190509)","360 Total Security (20190509)","COMODO Antivirus (20190509)","F-PROT Antivirus for Windows (20190412)","SpyHunter5 (20190412)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"driver updater\"","reference":"https://www.nero.com/eng/products/driver-updater/?vlang=gb","landingPage":"http://www.secur360.io/eng/?vlang=us","directDownloadingLink":"http://ftp6.nero.com/Secur360_DriverUpdater.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://ftp6.nero.com/Secur360_DriverUpdater.exe","sourceIndex":"3039"}],"sampleFiles":["190604/Secur360DriverUpdater-190313/1.0.6906.29828/Samples/DriverUpdater.exe","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Samples/Secur360_DriverUpdater.exe"],"imageFiles":["190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-004/scan.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-004/004.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-004/004_2.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-004/USD_shop.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-004/EUR_shop.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-003/scan.png"],"nonDeceptorImageFiles":["190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-099/about.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-099/099.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-065/about.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-167/USD_shop.png","190604/Secur360DriverUpdater-190313/1.0.6906.29828/Images/ACR-167/refund.png"],"guid":"8cd94cd8-bd4f-48b5-83cf-a465d56d3702_1.0.6906.29828_1","appID":"Secur360DriverUpdater-190313","dateAdded":"190604","deceptorType":"App","name":"Secur360 Driver Updater","company":"Nero AG","version":"1.0.6906.29828","sigName":"Deceptor:Win32/Secur360DriverUpdater!003004","lastKnownStatus":"Deceptor:1.0.6906.29828,1.0.18.1128","lastKnownDate":"190604","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-04T23:42:11.3264281+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2187},{"violations":{"ACR-155":"Download ads for other apps are inserted around the actual download button, masquerading as part of existing committed user workflows.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"https://maiar.soft32.com/free-download/","landingPage":"https://www.soft32.com/?rel=logo","ipv4":"","ipv6":"","sourceIndex":"3046"}],"sampleFiles":[],"imageFiles":["190604/soft32-190515/190515/Images/ACR-155/2019-05-15_16-36-40.png"],"nonDeceptorImageFiles":["190604/soft32-190515/190515/Images/ACR-155/2019-05-15_16-36-40.png"],"guid":"8418cd2f-49b0-4519-8021-a1aac6aaa1d9_190515_1","appID":"soft32-190515","dateAdded":"190604","deceptorType":"Affiliate","name":"soft32","company":"soft32","version":"190515","sigName":"Deceptor:Affiliate/Soft32!155","lastKnownStatus":"Deceptor:190604","lastKnownDate":"190604","type":"Affiliate","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-06-04T18:29:51.9528991+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2186},{"violations":{"ACR-048":"The App remaps the \"application close\" functionality to \"minimize\" and stay in the system tray.\n","ACR-050":"The app creates a task to skip User account controls (UAC) by default and does not disclose this information to the user in the EULA or during installation.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's scan schedule is set to none, however the app has created multiple scheduled task in the windows task scheduler.\n","ACR-014":"App misleads the consumer on the scan results. During the second scan, it shows results on the Browser History, but clicking the \"Review\" button will not show the details. And looking on the Browser History tab, there are no results shown. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no link that shows the app's EULA.\n","ACR-002":"The application's landing page displays a different names for the app than what is installed. The landing page displays the names \"Spartan Sentinel\", \"PC Privacy Spartan\" and \"PC Privacy Shield\".\n","ACR-167":"There is no Returns and Cancellation Policy information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Spartan Sentinel\\SpartanSentinel.exe","companyName":"Urbs disseny i comunicacio S.L","productName":"Spartan Sentinel","productVersion":"3.9.2.0","fileVersion":"3.9.2.0","hashMD5":"b73a23e41f1822b28eb46bde15a41200","hashSHA1":"42adf5e76dd9c02112debc7d3ac20d92746650e6","hashSHA256":"2359d12ba690393e329286c13c3d7fe4253a0d2a12c07631e1c78c48d6f74768","digitalCertThumbprint":"51C0DECBBB067F9A439F58523C8256FE3730C456","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Urbs disseny i comunicacio S.L., O=Urbs disseny i comunicacio S.L., STREET=\"CALLE  Benet Cortada, 32 B-A L-1\", L=Sant Cugat del Valles, S=Barcelona, PostalCode=08174, C=ES","sourceIndex":"3038","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpartanSentinelSetup.exe","isInstaller":"True","companyName":"Urbs disseny i comunicacio S.L","productName":"Spartan Sentinel","productVersion":"3.9.2","fileVersion":"3.9.2","hashMD5":"1fe9d07b3a3f369cb31a6a6232df9921","hashSHA1":"92de5c4aaf4a4dbf5faf718fbb486bc0d93e743c","hashSHA256":"3882c81b2f67eb6bff77c6c43f3df7b57a1022d8b08e60cbd433fc735be33666","digitalCertThumbprint":"51C0DECBBB067F9A439F58523C8256FE3730C456","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Urbs disseny i comunicacio S.L., O=Urbs disseny i comunicacio S.L., STREET=\"CALLE  Benet Cortada, 32 B-A L-1\", L=Sant Cugat del Valles, S=Barcelona, PostalCode=08174, C=ES","sourceIndex":"3038","avBlockList":["360 Total Security (20190829)","Avast Internet Security (20190829)","AVG Internet Security (20190829)","Avira Internet Security (20190829)","COMODO Antivirus (20190829)","Dr.Web Security Space (20190829)","ESET Internet Security (20190829)","G DATA INTERNET SECURITY (20190829)","K7 Total Security (20190829)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Panda Dome (20190829)","Quick Heal Internet Security (20190829)","Sophos Home Premium (20190829)","Trend Micro Internet Security (20190829)","VirIT eXplorer PRO (20190829)","Webroot SecureAnywhere (20190829)","Windows Defender (20190829)"],"avAllowList":["Bitdefender Internet Security (20190829)","Tencent PC Manager (20190829)","VIPRE Advanced Security (20190829)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"identity security suite\"","reference":"https://spartansentinel.net/","landingPage":"https://spartansentinel.net/","directDownloadingLink":"https://www.spartansentinel.net/downloads/SpartanSentinelSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spartansentinel.net/downloads/SpartanSentinelSetup.exe","sourceIndex":"3038"}],"sampleFiles":["190604/SpartanSentinel-190604/3.9.2.0/Samples/SpartanSentinel.exe","190604/SpartanSentinel-190604/3.9.2.0/Samples/SpartanSentinelSetup.exe"],"imageFiles":["190604/SpartanSentinel-190604/3.9.2.0/Images/ACR-050/050.png","190604/SpartanSentinel-190604/3.9.2.0/Images/ACR-084/084.png","190604/SpartanSentinel-190604/3.9.2.0/Images/ACR-048/048.png"],"nonDeceptorImageFiles":["190604/SpartanSentinel-190604/3.9.2.0/Images/ACR-167/checkout.png","190604/SpartanSentinel-190604/3.9.2.0/Images/ACR-167/payment.png","190604/SpartanSentinel-190604/3.9.2.0/Images/ACR-065/065.png","190604/SpartanSentinel-190604/3.9.2.0/Images/ACR-065/065_2.png","190604/SpartanSentinel-190604/3.9.2.0/Images/ACR-002/002.png"],"guid":"230f6758-77b1-4d0d-82d8-5a700cbd06a7_3.9.2.0_1","appID":"SpartanSentinel-190604","dateAdded":"190604","deceptorType":"App","name":"Spartan Sentinel","company":"Urbs disseny i comunicacio S.L.","version":"3.9.2.0","sigName":"Deceptor:Win32/SpartanSentinel!014048050084","lastKnownStatus":"Deceptor:3.9.2.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2185},{"violations":{"ACR-003":"App shows cookies and local storages as \"critical\" fixes and and \"violations\", which exaggerates the severity of the results, thereby misleading or scaring user to take action.\n","ACR-118":"App retains the shortcut link \"My Software Deals\" after uninstallation, which redirects to App's product offer web page.\n","ACR-119":"After uninstall completes, shortcut link \"My Software Deals\" is still left in system and redirects to App's product offer web page.\n","ACR-014":"The app provides no details for its unsubstantiated claims about the system protection and the user's privacy.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe application has no link or information that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"PrivacyProtector2015.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG","fileVersion":"1.1","hashMD5":"11a2737781ec16ec4ea1266aa1473f85","hashSHA1":"2c50501a6101c8db72591b3a75b2cd2dfdd2f971","hashSHA256":"b276ff0a18a783206f87c9abf797256859bb5d7557322a41e6423e59523ae6e9","digitalCertThumbprint":"0633D75BC78692C2C7FC76AB6EBBB56EA693E6C7","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Ashampoo GmbH & Co. KG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ashampoo GmbH & Co. KG, L=Oldenburg, S=Lower Saxony, C=DE","sourceIndex":"3045","avBlockList":["Avast Internet Security (20190829)","AVG Internet Security (20190829)","Avira Internet Security (20190829)","ESET Internet Security (20190829)","G DATA INTERNET SECURITY (20190829)","K7 Total Security (20190829)","Kaspersky Internet Security (20190829)","Malwarebytes Premium (20190829)","McAfee Total Protection (20190829)","Norton Security (20190829)","Quick Heal Internet Security (20190829)","Sophos Home Premium (20190829)","VirIT eXplorer PRO (20190829)","Webroot SecureAnywhere (20190829)","Windows Defender (20190829)"],"avAllowList":["360 Total Security (20190829)","Bitdefender Internet Security (20190829)","COMODO Antivirus (20190829)","Dr.Web Security Space (20190829)","Panda Dome (20190829)","Tencent PC Manager (20190829)","Trend Micro Internet Security (20190829)","VIPRE Advanced Security (20190829)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Privacy Protector\" download","reference":"https://www.ashampoo.com/en/usd/pin/0804/security-software/privacy-protector","landingPage":"https://www.ashampoo.com/en/usd/pin/0804/security-software/privacy-protector","directDownloadingLink":"https://www.ashampoo.com/ashampoo_privacy_protector_2015_sm.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ashampoo.com/ashampoo_privacy_protector_2015_sm.exe","sourceIndex":"3045"}],"sampleFiles":["190604/AshampooPrivacyProtector-190314/1.1.3.93/Samples/PrivacyProtector2015.exe"],"imageFiles":["190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-014/ACR-003.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-003/ACR-003.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-118/118.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-118/ACR-118.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-119/ACR-118.png"],"nonDeceptorImageFiles":["190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-099/099.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-099/ACR-065pt2.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-099/ACR-099pt2.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-099/ACR-099.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-065/ACR-065.png","190604/AshampooPrivacyProtector-190314/1.1.3.93/Images/ACR-065/ACR-065pt2.png"],"guid":"f3e078b4-54e8-4d83-a98a-9f7a44fece09_1.1.3.93_1","appID":"AshampooPrivacyProtector-190314","dateAdded":"190604","deceptorType":"App","name":"Ashampoo Privacy Protector","company":"Ashampoo GmbH ","version":"1.1.3.93","sigName":"Deceptor:Win32/AshampooPrivacyProtector!003014118119","lastKnownStatus":"Deceptor:1.1.3.0,1.1.3.93","lastKnownDate":"201105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2194},{"violations":{"ACR-003":"App shows colored gauges, exaggerates the unsubstantiated number  and severity of the cookies found and tagged as \"critical\", thereby misleading or scaring user to take action.\n","ACR-118":"App retains the shortcut link \"Ashampoo Deals\" after uninstallation, which redirects to App's product offer webpage.\n","ACR-119":"After uninstall completes, shortcut link \"Ashampoo Deals\" is still left in system and redirects to App's product offer webpage.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe application has no link or information that shows how to uninstall the app.\n","ACR-150":"The app displays awards from Computer Gut, Filehorse and software.informer that are unable to be verified.\nThe app displays \"Gold Microsoft Partner\" logo that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"ashampoo_privacy_protector_1.1.3_sm.exe","isInstaller":"True","companyName":"Ashampoo GmbH & Co. KG                                      ","productName":"Ashampoo Privacy Protector                                  ","productVersion":"1.1.3                                             ","fileVersion":"1.1.3               ","hashMD5":"b98f0a63c1107e20413eb996d1380154","hashSHA1":"8f4159ef36525f98128947398bbd8b681faa199b","hashSHA256":"d122ba7305e4954098246219728e020b4358e62edde75e77ccf2287ff38cf208","digitalCertThumbprint":"CBBD0EB04FCABCC8B486D4B20B3CF3B6CF656675","sourceIndex":"3044","avBlockList":["Avast Internet Security (20190513)","AVG Internet Security (20190513)","Avira Internet Security (20190513)","ESET Internet Security (20190513)","G DATA INTERNET SECURITY (20190513)","K7 Total Security (20190513)","Kaspersky Internet Security (20190513)","Malwarebytes Premium (20190513)","McAfee Total Protection (20190513)","Norton Security (20190513)","Panda Dome (20190513)","Sophos Home Premium (20190513)","VirIT eXplorer PRO (20190513)","Webroot SecureAnywhere (20190513)","Windows Defender (20190513)","Dr.Web Security Space (20190513)","Quick Heal Internet Security (20190513)"],"avAllowList":["Bitdefender Internet Security (20190513)","Trend Micro Internet Security (20190513)","360 Total Security (20190513)","COMODO Antivirus (20190513)","F-PROT Antivirus for Windows (20190418)","SpyHunter5 (20190418)","Tencent PC Manager (20190513)","VIPRE Advanced Security (20190513)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Ashampoo\\Ashampoo Privacy Protector\\PrivacyProtector.exe","companyName":"Ashampoo GmbH & Co. KG","productName":"Ashampoo Privacy Protector","productVersion":"1.1.3.107","fileVersion":"1.1.3.107","hashMD5":"7df10dbb17f8b89f5a28f6444d84f260","hashSHA1":"cb0914866d49d4ed198816c48a31b1ebd496e989","hashSHA256":"a1f3c5f0d082dd904a67603746e0e6a6ac76fa37834a861f305c61697f972b0e","digitalCertThumbprint":"0633D75BC78692C2C7FC76AB6EBBB56EA693E6C7","sourceIndex":"3044","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Privacy Protector\" download","reference":"https://www.ashampoo.com/en/usd/pin/0804/security-software/privacy-protector","landingPage":"https://www.ashampoo.com/en/usd/pin/0804/security-software/privacy-protector","directDownloadingLink":"https://cdn1.ashampoo.net/ashampoo/0804/ashampoo_privacy_protector_1.1.3_sm.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn1.ashampoo.net/ashampoo/0804/ashampoo_privacy_protector_1.1.3_sm.exe","sourceIndex":"3044"}],"sampleFiles":["190604/AshampooPrivacyProtector-190314/1.1.3.0/Samples/ashampoo_privacy_protector_1.1.3_sm.exe","190604/AshampooPrivacyProtector-190314/1.1.3.0/Samples/PrivacyProtector.exe"],"imageFiles":["190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-003/003.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-003/014.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-118/118.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-119/118.png"],"nonDeceptorImageFiles":["190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-161/161_150.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-099/099.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-099/help.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-099/099_2.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-150/161_150.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-150/150.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-065/about.png","190604/AshampooPrivacyProtector-190314/1.1.3.0/Images/ACR-065/help.png"],"guid":"f3e078b4-54e8-4d83-a98a-9f7a44fece09_1.1.3.0_1","appID":"AshampooPrivacyProtector-190314","dateAdded":"190604","deceptorType":"App","name":"Ashampoo Privacy Protector","company":"Ashampoo GmbH ","version":"1.1.3.0","sigName":"Deceptor:Win32/AshampooPrivacyProtector!003118119","lastKnownStatus":"Deceptor:1.1.3.0,1.1.3.93","lastKnownDate":"201105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-05T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2193},{"violations":{"ACR-004":"The app only provides a \"Free Scan\" and requires customer to purchase the app to fix the non-permanent issues identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the install page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe app's about page does not continue links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe landing page does not contain links to uninstall information.\nThe app's internal offer's page doesn't contain any links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"avgtuneup.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"81b4a0a4622cdf6b8642fea86dcb5eb4","hashSHA1":"d8ead26024780a8297c3e6ed879429c56c9fcb2c","hashSHA256":"9f250bdc2ad5700613c09115ea71d3020cc230b5423ca81060467795626132b4","sourceIndex":"3041","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AVGTuneUp","fileVersion":"0.","hashMD5":"8f932c369b62001f35d105b41bd6645c","hashSHA1":"9f0941c4b5fd3e94f36ea5849b49ce30daaae242","hashSHA256":"624c98fb0e5c0e48bed535db52b369fe8a54219f9ab638a188fc326fb016e762","sourceIndex":"3041","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"yahoo search, \"mac cleaner software made smart\"","reference":"https://www.avg.com/en-us/avg-tuneup-for-mac","landingPage":"https://www.avg.com/en-us/avg-tuneup-for-mac","directDownloadingLink":"https://www.avg.com/en-us/download-thank-you.php?product=TMP","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.avg.com/en-us/download-thank-you.php?product=TMP","sourceIndex":"3041"}],"sampleFiles":["190604/AVGTuneUpMac-190524/1.1.32/Samples/avgtuneup.dmg","190604/AVGTuneUpMac-190524/1.1.32/Samples/AVGTuneUp"],"imageFiles":["190604/AVGTuneUpMac-190524/1.1.32/Images/ACR-004/2019-05-24_17-12-19 .gif"],"nonDeceptorImageFiles":["190604/AVGTuneUpMac-190524/1.1.32/Images/ACR-065/Screen Shot 2019-05-24 at 4.39.20 PM.png","190604/AVGTuneUpMac-190524/1.1.32/Images/ACR-065/No EULA or Return Links.png","190604/AVGTuneUpMac-190524/1.1.32/Images/ACR-099/AVGTuneupPremium About Page.png","190604/AVGTuneUpMac-190524/1.1.32/Images/ACR-099/AVGTuneupMac Bottom of Landing Page.png","190604/AVGTuneUpMac-190524/1.1.32/Images/ACR-099/Bottom of Internal Offers Page.png"],"guid":"b99c7a65-a7c7-4a03-af71-08b99c0b1f15_1.1.32_1","appID":"AVGTuneUpMac-190524","dateAdded":"190604","deceptorType":"MacOS App","name":"AVG TuneUp Premium","company":"AVG Technologies","version":"1.1.32","sigName":"Deceptor:MacOS/AVGTuneupMac!004","firstResolvedVersion":"2.1.10089","resolved":"TRUE","lastKnownStatus":"Deceptor:1.1.32","lastKnownDate":"201123","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2192},{"violations":{"ACR-155":"Download ads for other app are inserted around the actual download button to masquerade as part of existing committed user workflows.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"google search","landingPage":"http://www.the-best-apps.org/","directDownloadingLink":"http://www.the-best-apps.org/youtube/?gclid=EAIaIQobChMIuNHT-Yqw4gIVKSCtBh08LghqEAMYASAAEgKNIPD_BwE","ipv4":"","ipv6":"","sourceIndex":"3043"}],"sampleFiles":[],"imageFiles":["190604/THEBSTAPP-190522/190522/Images/ACR-155/1.png","190604/THEBSTAPP-190522/190522/Images/ACR-155/2.png"],"nonDeceptorImageFiles":[],"guid":"94921b40-fd30-47eb-9f44-2445ebd0ab50_190522_1","appID":"THEBSTAPP-190522","dateAdded":"190604","deceptorType":"Download Site","name":"THE BEST APPS","company":"THE BEST APP","version":"190522","sigName":"Deceptor:Affiliate/TheBestApps!155","lastKnownStatus":"Deceptor:190604","lastKnownDate":"190604","type":"Download Site","category":"Personalization & Search, SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-06-04T18:44:13.5738952+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2184},{"violations":{},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the app's EULA and Terms of Service.\n","ACR-099":"The app's about page does not contain links to uninstall information.\nThe landing page does not contain links to uninstall information.\nThe app's internal offer's page doesn't contain any links to uninstall information.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"yahoo search, \"mac cleaner software made smart\"","reference":"https://www.avg.com/en-us/avg-tuneup-for-mac","landingPage":"https://www.avg.com/en-us/avg-tuneup-for-mac","directDownloadingLink":"https://www.avg.com/en-us/download-thank-you.php?product=TMP","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.avg.com/en-us/download-thank-you.php?product=TMP","sourceIndex":"2040"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":["190604/AVGTuneUpMac-190524/1.2.60/Images/ACR-065/Screen Shot 2020-01-24 at 1.37.02 PM.png","190604/AVGTuneUpMac-190524/1.2.60/Images/ACR-099/Screen Shot 2020-01-24 at 1.46.46 PM.png","190604/AVGTuneUpMac-190524/1.2.60/Images/ACR-099/Screen Shot 2020-01-24 at 1.50.09 PM.png","190604/AVGTuneUpMac-190524/1.2.60/Images/ACR-099/Screen Shot 2020-01-24 at 1.50.47 PM.png"],"guid":"b99c7a65-a7c7-4a03-af71-08b99c0b1f15_1.2.60_1","appID":"AVGTuneUpMac-190524","dateAdded":"190604","deceptorType":"MacOS App","name":"AVG TuneUp Premium","company":"AVG Technologies","version":"1.2.60","firstResolvedVersion":"2.1.10089","resolved":"TRUE","lastKnownStatus":"Deceptor:1.1.32","lastKnownDate":"201123","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-23T19:43:10.7799858+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2191},{"violations":{"ACR-155":"\"LISTEN NOW\" ads for other apps are inserted above the actual listen button, masquerading as part of existing committed user workflows.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"online spanish pronunciation","landingPage":"https://forvo.com/","ipv4":"","ipv6":"","sourceIndex":"3047"}],"sampleFiles":[],"imageFiles":["190604/FORVO-190514/190514/Images/ACR-155/2019-05-14_18-03-34.png"],"nonDeceptorImageFiles":["190604/FORVO-190514/190514/Images/ACR-155/2019-05-14_18-03-34.png"],"guid":"58618620-bf19-448b-ab18-d19859a3c505_190514_1","appID":"FORVO-190514","dateAdded":"190604","deceptorType":"Affiliate","name":"FORVO","company":"FORVO","version":"190514","sigName":"Deceptor:Affiliate/Forvo!155","lastKnownStatus":"Deceptor:190604","lastKnownDate":"190604","type":"Affiliate","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-06-04T18:26:32.5529421+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2189},{"violations":{"ACR-004":"When the button to fix the issues is selected, the program only fixes a select amount of the total amount of issues and refuses to fix the rest without a purchase from the consumer.\n","ACR-097":"App does not show itself in its own login item manager.\n"},"nonDeceptorViolations":{"ACR-099":"The application's landing page has no link or information that shows how to uninstall the app. \n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"maf_sitenw.pkg","isInstaller":"True","companyName":"praveen kumar","productName":"Mac Auto Fixer","productVersion":"1.7.0 ","fileVersion":"1.7.0 ","hashMD5":"36dd566596bb49f8aa230c037bae9246","hashSHA1":"0f571e91d3eca276bed018f511261882ee929f80","hashSHA256":"c0bef37c187ecfb84f30086b084a7c26dc8025d974477a2d55525d39eba30667","digitalCertThumbprint":"1D 01 27 72 98 1F 70 BE 92 17 A0 E0 CE 56 BD DB 88 A2 8D E7","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"praveen kumar (QUXQNS9D6T)","sourceIndex":"2567","avBlockList":["360 Total Security (20190729)","Avast Internet Security (20190729)","AVG Internet Security (20190729)","Avira Internet Security (20190729)","Bitdefender Internet Security (20190729)","COMODO Antivirus (20190729)","Dr.Web Security Space (20190729)","ESET Internet Security (20190729)","G DATA INTERNET SECURITY (20190729)","Kaspersky Internet Security (20190729)","Tencent PC Manager (20190729)","VIPRE Advanced Security (20190729)","VirIT eXplorer PRO (20190729)","Norton Security (20190729)","Sophos Home Premium (20190729)","Windows Defender (20190729)"],"avAllowList":["Malwarebytes Premium (20190729)","Panda Dome (20190729)","Quick Heal Internet Security (20190729)","Trend Micro Internet Security (20190729)","Webroot SecureAnywhere (20190729)","K7 Total Security (20190729)","McAfee Total Protection (20190704)"]},{"isRevoked":"False","fileName":"Mac Auto Fixer","companyName":"praveen kumar","productName":"Mac Auto Fixer","productVersion":"1.7.0 ","fileVersion":"1.7.0 ","hashMD5":"72b56b612721e9cade89fbadecccc3dc","hashSHA1":"95d4a8a1fbe05176804d52a957be30c3a19e7245","hashSHA256":"498a800b2f200eb30f3e4dbc5ee8090482145caf9147bdc72e987119c6c49c6e","digitalCertIssuer":"Apple Root CA","digitalCertIssuedTo":"praveen kumar (QUXQNS9D6T)","sourceIndex":"2567","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Keep Your Mac Clean\"","reference":"http://www.mac-autofixer.com","landingPage":"http://www.mac-autofixer.com","directDownloadingLink":"http://bgtc.mac-autofixer.com/maf/builds/maf_sitenw.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://bgtc.mac-autofixer.com/maf/builds/maf_sitenw.pkg","sourceIndex":"2567"}],"sampleFiles":["190603/MacAutoFixer-190531/1.7.0/Samples/maf_sitenw.pkg","190603/MacAutoFixer-190531/1.7.0/Samples/Mac Auto Fixer"],"imageFiles":["190603/MacAutoFixer-190531/1.7.0/Images/ACR-004/004.png","190603/MacAutoFixer-190531/1.7.0/Images/ACR-004/004_2.png","190603/MacAutoFixer-190531/1.7.0/Images/ACR-004/171_2.png","190603/MacAutoFixer-190531/1.7.0/Images/ACR-097/097.png"],"nonDeceptorImageFiles":["190603/MacAutoFixer-190531/1.7.0/Images/ACR-171/171.png","190603/MacAutoFixer-190531/1.7.0/Images/ACR-171/171_2.png","190603/MacAutoFixer-190531/1.7.0/Images/ACR-099/099.png"],"guid":"f1b25074-2b90-428d-9d96-e7056ad49b64_1.7.0_1","appID":"MacAutoFixer-190531","dateAdded":"190603","deceptorType":"MacOS App","name":"Mac Auto Fixer","company":"praveen kumar","version":"1.7.0","sigName":"Deceptor:MacOS/MacAutoFixer!004097","lastKnownStatus":"Deceptor:1.7.0","lastKnownDate":"200203","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-02-04T00:26:24.0069335+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2195},{"violations":{"ACR-003":"The application reports outdated drivers as being obsolete.\n","ACR-168":"No disclosure about additional offer may be made during one-to-one interactions.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get an additional 75% Discount on the regular price for Driver Updater.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"duaptdusite.exe","isInstaller":"True","companyName":"driverdetails.com                                           ","productName":"Driver Updater","productVersion":"1.0.1000.45629","fileVersion":"Driver Updater","hashMD5":"f2630316632e86230542becc94e1310c","hashSHA1":"4f48fe6c3966d407bf43838ca674deaf00646210","hashSHA256":"470f8f07406fd357d1778fb0f42bd60eedd121dc66785fcb3452620c7afbaef4","digitalCertThumbprint":"2C642EF2321DFD37F731AFE6CA49D8AA3E8CDD6F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Driver Details, O=Driver Details, STREET=\"3/213 MALVIYA NAGAR,JAIPUR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"3231","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aptdu.exe","companyName":"driverdetails.com","productName":"Driver Updater","productVersion":"1.0.1000.45629","fileVersion":"1.0.1000.45629","hashMD5":"cc0b88ccf95794c464f7df365fc20590","hashSHA1":"e9dc78f5514fa0c26c81f8d8fbb5a1d11a5353a4","hashSHA256":"a734b27767e88691b0d9b3d7c43d0e132e33618a44573ed22907e769db13975f","digitalCertThumbprint":"2C642EF2321DFD37F731AFE6CA49D8AA3E8CDD6F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Driver Details, O=Driver Details, STREET=\"3/213 MALVIYA NAGAR,JAIPUR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"3231","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Driver updater search","reference":"","landingPage":"http://www.driverdetails.com/","directDownloadingLink":"http://cdn.driverdetails.com/du/c4/securedl/duaptdusite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.driverdetails.com/du/c4/securedl/duaptdusite.exe","sourceIndex":"3231"}],"sampleFiles":["190130/DriverUpdater-181024/1.0.1000.45629/Samples/duaptdusite.exe","190130/DriverUpdater-181024/1.0.1000.45629/Samples/aptdu.exe"],"imageFiles":["190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-003/ACR_003_SOFTWARE.PNG","190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-168/ScanResult.JPG"],"nonDeceptorImageFiles":["190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-065/ACR_065_INSTALL.PNG","190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-065/ACR_065_SOFTWARE.PNG","190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-088/ACR_088_SOFTWARE.PNG","190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-099/ACR_099_SOFTWARE.PNG","190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-120/ACR_120_UNINSTALL.PNG","190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","190130/DriverUpdater-181024/1.0.1000.45629/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"de6a8748-21e1-4b4c-b19a-626a23f5831f_1.0.1000.45629_1","appID":"DriverUpdater-181024","dateAdded":"190601","deceptorType":"App","name":"Driver Updater","company":"DriverDetails","version":"1.0.1000.45629","sigName":"Deceptor:Win32/DriverDetails!003168","lastKnownStatus":"Deceptor:1.0.1000.45629,1.0.1000.64133,1.0.1001.2","lastKnownDate":"190601","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-06-01T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2198},{"violations":{"ACR-003":"The application reports outdated drivers as being obsolete, which raises a false sense of urgency. \n","ACR-004":"The app shows free scan results and upsells to a subscription, but does not provide free fixes for the results shown. The app shows gauges as part of the free scan results, raising a false sense of urgency.\n","ACR-014":"The app demonstrates Microsoft's default driver installment dates as if they are obsolete dates, which is misleading to consumers.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission. A browser window is also automatically opened upon installation.\n","ACR-120":"a pop-up ad appears upon uninstallation offering a 75% off deal for the full version of the app\n"},"samples":[{"isRevoked":"False","fileName":"duaptdrv.exe","isInstaller":"True","companyName":"driverdetails.com                                           ","productVersion":"1.0.1001.2","fileVersion":"1.0.1001.2","hashMD5":"4d5fcbeab6f4b7bdd429524d893d1292","hashSHA1":"0b0e782b05475f8cc48ca11dcbee6cdeed03a72b","hashSHA256":"6f9371183d84b58b5923f4173dc1a85b41a1e4a5ecf1b8710948db9e48d23266","digitalCertThumbprint":"E3CB28826A17D23F3A7616B619031AAD6029CA4F","digitalCertIssuer":"CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RANOTECH SOFTWARES, OU=IT, O=RANOTECH SOFTWARES, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"3055","avBlockList":["Avast Internet Security (20190826)","AVG Internet Security (20190826)","Avira Internet Security (20190826)","COMODO Antivirus (20190826)","Dr.Web Security Space (20190826)","ESET Internet Security (20190826)","G DATA INTERNET SECURITY (20190826)","K7 Total Security (20190826)","Kaspersky Internet Security (20190826)","Malwarebytes Premium (20190826)","McAfee Total Protection (20190826)","Panda Dome (20190826)","Quick Heal Internet Security (20190826)","Sophos Home Premium (20190826)","Trend Micro Internet Security (20190826)","VirIT eXplorer PRO (20190826)","Webroot SecureAnywhere (20190826)","Windows Defender (20190826)","Norton Security (20190826)"],"avAllowList":["360 Total Security (20190826)","Bitdefender Internet Security (20190826)","Tencent PC Manager (20190826)","VIPRE Advanced Security (20190826)"]}],"additionalFiles":[],"sources":[{"howFound":"Driver updater search","reference":"","landingPage":"http://www.driverdetails.com/","directDownloadingLink":"http://cdn.driverdetails.com/du/c4/securedl/duaptdusite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.driverdetails.com/du/c4/securedl/duaptdusite.exe","sourceIndex":"3055"}],"sampleFiles":["190601/DriverUpdater-181024/1.0.1001.2/Samples/duaptdrv.exe"],"imageFiles":["190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-003/driverupdater1.PNG","190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-014/driverupdater1.PNG","190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-004/driverupdater1.PNG","190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-004/driverupdater2.PNG","190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-004/acr-004 upsell to subscription.png"],"nonDeceptorImageFiles":["190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-065/driverupdater5.PNG","190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-161/driverupdater4.PNG","190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-088/driverupdater3.PNG","190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-088/driverupdater1.PNG","190601/DriverUpdater-181024/1.0.1001.2/Images/ACR-120/driverupdater6.PNG"],"guid":"de6a8748-21e1-4b4c-b19a-626a23f5831f_1.0.1001.2_1","appID":"DriverUpdater-181024","dateAdded":"190601","deceptorType":"App","name":"Driver Updater","company":"DriverDetails","version":"1.0.1001.2","lastKnownStatus":"Deceptor:1.0.1000.45629,1.0.1000.64133,1.0.1001.2","lastKnownDate":"190601","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-06-01T23:48:54.526865+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2197},{"violations":{"ACR-003":"The application reports outdated drivers as being obsolete, which raises a false sense of urgency. \n","ACR-004":"The app shows free scan results and upsells to a subscription, but does not provide free fixes for the results shown. The app shows gauges as part of the free scan results, raising a false sense of urgency.\n","ACR-014":"The app demonstrates Microsoft's default driver installment dates as if they are obsolete dates, which is misleading to consumers.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission. A browser window is also automatically opened upon installation.\n","ACR-120":"a pop-up ad appears upon uninstallation offering a 75% off deal for the full version of the app\n"},"samples":[{"isRevoked":"False","fileName":"duaptsite.exe","isInstaller":"True","companyName":"driverdetails.com                                           ","fileVersion":"1.0","hashMD5":"5b0be5a238f0bc88a68ee91d743982cf","hashSHA1":"34c7c5d0470cc9c93b7dd3852b80ade594a795c3","hashSHA256":"14d566ad8a576f58262b7e9223c1ca37290a73d3fa05b64caa65d5398cc2531c","digitalCertThumbprint":"766574C25A35B1EE0E16B5511DC5C8083F3CDA14","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DRlVER DETAlLS, O=DRlVER DETAlLS, STREET=3/213 MALVIYA NAGAR, L=Jaipur, S=Rajasthan, PostalCode=302017, C=IN","sourceIndex":"3054","avBlockList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Avira Internet Security (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","Trend Micro Internet Security (20190425)","VirIT eXplorer PRO (20190425)","Webroot SecureAnywhere (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","COMODO Antivirus (20190425)","Dr.Web Security Space (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)"],"avAllowList":["Bitdefender Internet Security (20190425)","F-PROT Antivirus for Windows (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"]},{"isRevoked":"False","fileName":"aptdu.exe","companyName":"driverdetails.com","fileVersion":"1.0","hashMD5":"958465f2504eec4509517bb8b2fe2117","hashSHA1":"5cf18ac97b24fba09dcbf12540a9515042ef1e97","hashSHA256":"17df44776b633dad30f7f50196fd69d540c7ac3928445da6200d95355013f3f9","digitalCertThumbprint":"766574C25A35B1EE0E16B5511DC5C8083F3CDA14","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DRlVER DETAlLS, O=DRlVER DETAlLS, STREET=3/213 MALVIYA NAGAR, L=Jaipur, S=Rajasthan, PostalCode=302017, C=IN","sourceIndex":"3054","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Driver updater search","reference":"","landingPage":"http://www.driverdetails.com/","directDownloadingLink":"http://cdn.driverdetails.com/du/c4/securedl/duaptdusite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.driverdetails.com/du/c4/securedl/duaptdusite.exe","sourceIndex":"3054"}],"sampleFiles":["190601/DriverUpdater-181024/1.0.1000.64133/Samples/duaptsite.exe","190601/DriverUpdater-181024/1.0.1000.64133/Samples/aptdu.exe"],"imageFiles":["190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-003/driverupdater1.PNG","190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-014/driverupdater1.PNG","190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-004/driverupdater1.PNG","190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-004/driverupdater2.PNG","190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-004/acr-004 upsell to subscription.png"],"nonDeceptorImageFiles":["190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-065/driverupdater5.PNG","190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-161/driverupdater4.PNG","190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-088/driverupdater3.PNG","190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-088/driverupdater1.PNG","190601/DriverUpdater-181024/1.0.1000.64133/Images/ACR-120/driverupdater6.PNG"],"guid":"de6a8748-21e1-4b4c-b19a-626a23f5831f_1.0.1000.64133_1","appID":"DriverUpdater-181024","dateAdded":"190601","deceptorType":"App","name":"Driver Updater","company":"DriverDetails","version":"1.0.1000.64133","sigName":"Deceptor:Win32/DriverDetailsDriverUpdater!003004014","lastKnownStatus":"Deceptor:1.0.1000.45629,1.0.1000.64133,1.0.1001.2","lastKnownDate":"190601","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-06-01T23:49:44.354435+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2196},{"violations":{"ACR-004":"App reports the invalid items as problem, that exaggerates the system status with sense of urgency to fix. The app does not provide free fixes for free scan results that is not anticipated to be permanent fix. \n","ACR-124":"The uninstallation process forces the user to wait 7 seconds before being able to continue, adding unnecessary friction for the consumer.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not contain links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not contain links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"regcleaner.exe","isInstaller":"True","companyName":"CleanMyPC Software                                          ","fileVersion":"0.0","hashMD5":"498236d19e63218cac36e23a2b378c5c","hashSHA1":"8b5850383766e4d3abe1d9b5bd17bc653fef853b","hashSHA256":"de7fd896395070cef8bc6fc5c473bb844393e10f7c74d9a6e35e0f5d16208654","digitalCertThumbprint":"85AE07AF3AE422710D7E4D8FD84A54C86300B53C","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CleanMyPC Technology Limited, O=CleanMyPC Technology Limited, STREET=\"ROOM C1D 6/F, WING HING INDUSTRIAL BUILDING\", STREET=14 HING YIP STREET, STREET=\"KWUN TONG, KOWLOON\", L=HONG KONG, S=NA, PostalCode=NA, C=HK","sourceIndex":"3057","avBlockList":["Avast Internet Security (20190826)","AVG Internet Security (20190826)","Avira Internet Security (20190826)","Dr.Web Security Space (20190826)","ESET Internet Security (20190826)","G DATA INTERNET SECURITY (20190826)","K7 Total Security (20190826)","Malwarebytes Premium (20190826)","McAfee Total Protection (20190826)","Norton Security (20190826)","Sophos Home Premium (20190826)","VirIT eXplorer PRO (20190826)","Windows Defender (20190826)"],"avAllowList":["360 Total Security (20190826)","Bitdefender Internet Security (20190826)","COMODO Antivirus (20190826)","Kaspersky Internet Security (20190826)","Panda Dome (20190729)","Quick Heal Internet Security (20190826)","Tencent PC Manager (20190826)","Trend Micro Internet Security (20190826)","VIPRE Advanced Security (20190826)","Webroot SecureAnywhere (20190826)"]},{"isRevoked":"False","fileName":"RCleaner.exe","companyName":"CleanMyPC Tools Software","fileVersion":"4.5","hashMD5":"b9a58de3f7381eb09679953d48c658a4","hashSHA1":"52a89b86002f4321230fff7e922a14dc0976852f","hashSHA256":"dcb78b69d0b01151cc6e033b10c9acc497af999dc8c35fe11830a98231c1abe7","digitalCertThumbprint":"85AE07AF3AE422710D7E4D8FD84A54C86300B53C","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CleanMyPC Technology Limited, O=CleanMyPC Technology Limited, STREET=\"ROOM C1D 6/F, WING HING INDUSTRIAL BUILDING\", STREET=14 HING YIP STREET, STREET=\"KWUN TONG, KOWLOON\", L=HONG KONG, S=NA, PostalCode=NA, C=HK","sourceIndex":"3057","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"ask.com ","landingPage":"http://www.registry-cleaner.net/","directDownloadingLink":"http://download.registry-cleaner.net/download/regcleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.registry-cleaner.net/download/regcleaner.exe","sourceIndex":"3057"}],"sampleFiles":["190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Samples/regcleaner.exe","190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Samples/RCleaner.exe"],"imageFiles":["190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Images/ACR-004/CleanMyPCRegistryCleaner ACR004.gif","190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Images/ACR-124/CleanMyPCRegistryCleaner Uninstall thing.gif"],"nonDeceptorImageFiles":["190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Images/ACR-065/CleanMyPCRegistryCleaner Install.png","190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Images/ACR-065/CleanMyPCRegistryCleaner About.png","190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Images/ACR-065/CleanMyPCRegistryCleaner Bottom of Landing Page.png","190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Images/ACR-099/CleanMyPCRegistryCleaner Bottom of Landing Page.png","190531/CleanMyPCRegistryCleaner-170929/4.5.0.0/Images/ACR-099/CleanMyPCRegistryCleaner Bottom of Internal Offers.png"],"guid":"c70b93ef-20b3-46f2-bd49-d37650a89686_4.5.0.0_1","appID":"CleanMyPCRegistryCleaner-170929","dateAdded":"190531","deceptorType":"App","name":"Clean My PC Registry Cleaner","company":"CleanMyPC Software","version":"4.5.0.0","sigName":"Deceptor:Win32/CleanMyPCRegistryCleaner!004124","lastKnownStatus":"4.5.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2199},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that the system's improvement potential could be \"high\" for registry items found.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Syscare Logics\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how to uninstall the app.\nThe application's internal offer page has no link or information that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"asusetup.exe","isInstaller":"True","companyName":"","productName":"Advanced Speedup 2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3a40b85e5d89126e980aec402b31d841","hashSHA1":"947a1f583aea8e42aa4c24623ef0907489c90f8e","hashSHA256":"16d380e50cf5f6160bf6f37e3699ce3bea17b30a0754a08930ed1f9b71be71b5","digitalCertThumbprint":"85261EC390BEDF2EA0D6D0CD24390C6DE153BC79","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics, OU=Syscare Logics, O=Syscare Logics, POBox=302004, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"3059","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mpr.exe","companyName":"n/a","productName":"Booster Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"baed728010628a11c0011f3e6bc76a66","hashSHA1":"944ecc1ba29bccf613b2c26648c8e9e7043ff58c","hashSHA256":"456b1fb5d90c10cf8eabbb3f359dbe9438e3411952779e1430d17985f0305b84","digitalCertThumbprint":"85261EC390BEDF2EA0D6D0CD24390C6DE153BC79","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics, OU=Syscare Logics, O=Syscare Logics, POBox=302004, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"3059","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"asusetup (1.0.0.2).exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"07727005d93d5a50be4f4680d8966f4a","hashSHA1":"5e06183554f553b3809dd211b87723247c3493c4","hashSHA256":"698a9a11c38763b514fd6fc74ee773c2510b0a88faefaf0e5807d51d39f59af7","digitalCertThumbprint":"85261EC390BEDF2EA0D6D0CD24390C6DE153BC79","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics, OU=Syscare Logics, O=Syscare Logics, POBox=302004, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"3059","avBlockList":["360 Total Security (20190822)","Avast Internet Security (20190822)","AVG Internet Security (20190822)","Avira Internet Security (20190822)","Bitdefender Internet Security (20190822)","COMODO Antivirus (20190822)","Dr.Web Security Space (20190822)","ESET Internet Security (20190822)","G DATA INTERNET SECURITY (20190822)","K7 Total Security (20190822)","Kaspersky Internet Security (20190822)","Malwarebytes Premium (20190822)","McAfee Total Protection (20190822)","Norton Security (20190822)","Panda Dome (20190822)","Quick Heal Internet Security (20190822)","Sophos Home Premium (20190822)","Tencent PC Manager (20190822)","Trend Micro Internet Security (20190822)","VIPRE Advanced Security (20190822)","VirIT eXplorer PRO (20190822)","Webroot SecureAnywhere (20190822)","Windows Defender (20190822)"],"avAllowList":[]},{"isRevoked":"False","fileName":"2_asusetup (1.0.0.2).exe","isInstaller":"True","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"c48aa7f535aa72dee87ebbbdb9ac7331","hashSHA1":"3a50d904bd62a2935e2b39d419bcfeed27ab3f77","hashSHA256":"2fddcbeb97c79a66a8b757c0307fca444b5847932f7b801e71b3654d84266387","digitalCertThumbprint":"85261EC390BEDF2EA0D6D0CD24390C6DE153BC79","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics, OU=Syscare Logics, O=Syscare Logics, POBox=302004, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"3059","avBlockList":["360 Total Security (20190822)","Avast Internet Security (20190822)","AVG Internet Security (20190822)","Avira Internet Security (20190822)","Bitdefender Internet Security (20190822)","COMODO Antivirus (20190822)","Dr.Web Security Space (20190822)","ESET Internet Security (20190822)","G DATA INTERNET SECURITY (20190822)","K7 Total Security (20190822)","Kaspersky Internet Security (20190822)","Malwarebytes Premium (20190822)","McAfee Total Protection (20190822)","Norton Security (20190822)","Panda Dome (20190822)","Quick Heal Internet Security (20190822)","Sophos Home Premium (20190822)","Tencent PC Manager (20190822)","Trend Micro Internet Security (20190822)","VIPRE Advanced Security (20190822)","VirIT eXplorer PRO (20190822)","Webroot SecureAnywhere (20190822)","Windows Defender (20190822)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.mypcclean.online/","directDownloadingLink":"http://dl.mypcclean.online/asu/securerc/b2/asusetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.mypcclean.online/asu/securerc/b2/asusetup.exe","sourceIndex":"3059"}],"sampleFiles":["190530/AdvancedSpeedup2018-180903/1.0.0.0/Samples/asusetup.exe","190530/AdvancedSpeedup2018-180903/1.0.0.0/Samples/mpr.exe","190530/AdvancedSpeedup2018-180903/1.0.0.0/Samples/asusetup (1.0.0.2).exe","190530/AdvancedSpeedup2018-180903/1.0.0.0/Samples/2_asusetup (1.0.0.2).exe"],"imageFiles":["190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-003/ACR-003_software.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-003/ACR-003_software1.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-014/ACR-014_software.JPG"],"nonDeceptorImageFiles":["190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-088/ACR-088_software.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-092/ACR-092_software.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-099/ACR-099_landingpage.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","190530/AdvancedSpeedup2018-180903/1.0.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"3b6e804a-ea5c-4295-bb11-421b2b0c2f7d_1.0.0.0_1","appID":"AdvancedSpeedup2018-180903","dateAdded":"190530","deceptorType":"App","name":"AdvancedSpeedup2018","company":"Advanced Speedup 2018","version":"1.0.0.0","sigName":"Deceptor:Win32/AdvancedSpeedup2018!003010014055","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190530","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-30T21:05:51.961228+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2051},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"ADEQUATE SOFTWARES\" which is not disclosed in the app's offer.\n","ACR-099":"The application's internal offer page has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"qspsetup.exe","isInstaller":"True","productName":"Quick Speedup 2018","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"64f011248d68104b6d9be3c40a3eae4d","hashSHA1":"7af7e46f205c839e50d320d2802f1ae79fca13e1","hashSHA256":"97ff2baf803a7faa311db76b6241401d47309185e6e4670abefeff9f6b6f25d2","digitalCertThumbprint":"BE0B3F5107CE297DF91E3F3CF341B7A7FF743E59","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE SOFTWARES, OU=ADEQUATE SOFTWARES, O=ADEQUATE SOFTWARES, POBox=333028, STREET=\"WARD NO. 12, SULTANA,\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"3060","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Windows Defender (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","Webroot SecureAnywhere (20190228)"]},{"isRevoked":"False","fileName":"mpr.exe","companyName":"n/a","productName":"SpeedUp Tool","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"852588f97a1447f09d04d8cde76ceefc","hashSHA1":"8a1564cbcd876dfe6b5d31f0308c68ebc84718e5","hashSHA256":"e42fa155b591af08bffa90c8de1783e9d307e82e62844578a8cde70758f95b03","digitalCertThumbprint":"BE0B3F5107CE297DF91E3F3CF341B7A7FF743E59","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE SOFTWARES, OU=ADEQUATE SOFTWARES, O=ADEQUATE SOFTWARES, POBox=333028, STREET=\"WARD NO. 12, SULTANA,\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"3060","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"qspsetup (1.0.4.6).exe","isInstaller":"True","productName":"Quick Speed-Up 2018","productVersion":"1.0.4.6","fileVersion":"1.0.4.6","hashMD5":"21863c586197ce1a4a2b210fb47d0aeb","hashSHA1":"ff5010949cdfb45e95de31c231f2c621b4ec344d","hashSHA256":"cde2197f3a1a66d86e0937ff7ac4a13cefabd6c734a489757a4387a64b539807","digitalCertThumbprint":"EE734577E317FCECED654F60B5E335200084CA25","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, OU=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, POBox=110092, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"3060","avBlockList":["360 Total Security (20190822)","Avast Internet Security (20190822)","AVG Internet Security (20190822)","Avira Internet Security (20190822)","Bitdefender Internet Security (20190822)","COMODO Antivirus (20190822)","Dr.Web Security Space (20190822)","ESET Internet Security (20190822)","G DATA INTERNET SECURITY (20190822)","K7 Total Security (20190822)","Kaspersky Internet Security (20190822)","Malwarebytes Premium (20190822)","McAfee Total Protection (20190822)","Norton Security (20190822)","Panda Dome (20190822)","Sophos Home Premium (20190822)","Tencent PC Manager (20190822)","VIPRE Advanced Security (20190822)","VirIT eXplorer PRO (20190822)","Webroot SecureAnywhere (20190822)","Windows Defender (20190822)"],"avAllowList":["Quick Heal Internet Security (20190822)","Trend Micro Internet Security (20190822)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://quickwincleaner.com/","directDownloadingLink":"https://d1rd05egmdspfh.cloudfront.net/qsp/securerc/qspsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1rd05egmdspfh.cloudfront.net/qsp/securerc/qspsetup.exe","sourceIndex":"3060"}],"sampleFiles":["190530/QuickSpeedup2018-180903/1.0.0.9/Samples/qspsetup.exe","190530/QuickSpeedup2018-180903/1.0.0.9/Samples/mpr.exe","190530/QuickSpeedup2018-180903/1.0.0.9/Samples/qspsetup (1.0.4.6).exe"],"imageFiles":["190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-055/ACR-055_inlineoffer.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-003/ACR-003_software.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-003/ACR-003_software1.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-010/ACR-010_inlineoffer.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-010/ACR-010_adsinsideapp.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-014/ACR-014_software.JPG"],"nonDeceptorImageFiles":["190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-065/ACR-065_internaloffer.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-161/ACR-161_internaloffer.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-088/ACR-088_software.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-092/ACR-092_software.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-099/ACR-099_internaloffer.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-099/ACR-099_landingpage.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-150/ACR-150_internaloffer.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-171/ACR-171_internaloffer.JPG","190530/QuickSpeedup2018-180903/1.0.0.9/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"dbe09796-fb9e-4c0d-899a-7e6416b9a660_1.0.0.9_1","appID":"QuickSpeedup2018-180903","dateAdded":"190530","deceptorType":"App","name":"QuickSpeedup2018","company":"Quick Speedup 2018","version":"1.0.0.9","sigName":"Deceptor:QuickSpeedup2018!003010014055","lastKnownStatus":"Deceptor:1.0.0.9","lastKnownDate":"190530","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-30T20:06:09.4959733+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2050},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"GLOBALSOFT LOGICS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"atspsetup.exe","isInstaller":"True","productName":"Auto Speed~Up 2018","productVersion":"1.0.3.5","fileVersion":"1.0.3.5","hashMD5":"e238255fa45db1122cbb0738ebaec1b5","hashSHA1":"5baaef5bc2dfcecfca7aca21a7f6f2a4a61b4a28","hashSHA256":"1a804608a1d3792d567af0475e2b98ac731de0f1588defe29bd958473ad2d5bd","digitalCertThumbprint":"41100EE16D33910FE21F3EA890CD67A58C7869C3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=globalsoft logics, OU=globalsoft logics, O=globalsoft logics, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3062","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"rclr.exe","companyName":"n/a","productName":"Booster Tool","productVersion":"1.0.3.5","fileVersion":"1.0.3.5","hashMD5":"0a778d33446345ca67b4eb395da6617a","hashSHA1":"1652aef43505d22d0976df1eb34070055217182e","hashSHA256":"65b961742812f4850ce8c52ab3f7009663fe6d1542d92a196165864c20b8da42","digitalCertThumbprint":"41100EE16D33910FE21F3EA890CD67A58C7869C3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=globalsoft logics, OU=globalsoft logics, O=globalsoft logics, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3062","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"atspsetup (1.0.4.87).exe","isInstaller":"True","productVersion":"1.0.4.87","fileVersion":"1.0.4.87","hashMD5":"522a28645701047c75101d3d4afd7b5c","hashSHA1":"3488bc1a91d795b85f44622db69b324948477507","hashSHA256":"43e63f1d5417ece87a9a2a66edcdc42d2b2bcd00557b65243475345d864fa702","digitalCertThumbprint":"4824A866B4233B210C7925B48C336CC9FB78331C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=pc speedup tools inc., O=pc speedup tools inc., STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"3062","avBlockList":["Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","Bitdefender Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["360 Total Security (20190815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword: \"The software will be installed as a free trial with limited functionality and will work with all of its features after the purchase of a license key.\")","landingPage":"https://www.pcbooster.pw/","directDownloadingLink":"http://dl.pcbooster.pw/pca/securerc/c8/atspsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.pcbooster.pw/pca/securerc/c8/atspsetup.exe","sourceIndex":"3062"}],"sampleFiles":["190523/AutoSpeedup2018-180903/1.0.3.5/Samples/atspsetup.exe","190523/AutoSpeedup2018-180903/1.0.3.5/Samples/rclr.exe","190523/AutoSpeedup2018-180903/1.0.3.5/Samples/atspsetup (1.0.4.87).exe"],"imageFiles":["190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-014/ACR_014_SOFTWARE.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-088/ACR_088_SOFTWARE.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-092/ACR_092_SOFTWARE.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","190523/AutoSpeedup2018-180903/1.0.3.5/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"a0b1ff13-55b0-4bf7-a895-be1b49466944_1.0.3.5_1","appID":"AutoSpeedup2018-180903","dateAdded":"190523","deceptorType":"App","name":"Auto Speedup 2018","company":"globalsoft logics","version":"1.0.3.5","sigName":"Deceptor:Win32/AutoSpeedup2018!003010014055059","lastKnownStatus":"Deceptor:1.0.3.5","lastKnownDate":"190523","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2019-05-23T19:04:32.8255162+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2052},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy and privacy policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"wincare utilities\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"psusetup.exe","isInstaller":"True","productName":"Power-Speedup-2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ef5a8117cdd1b757682a0bbdcf1b4181","hashSHA1":"8f61717bc2822523b2bf942a04fb13b8a06c1b86","hashSHA256":"a1325087869e5cde3eee4c3d96e092952809f3f346da81acd338aab91880724d","digitalCertThumbprint":"6B29F9B3BDB21067B08D3DA7F049B13F6C4BC8A3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=wincare utilities, OU=wincare utilities, O=wincare utilities, POBox=302012, STREET=\"47, Shilp Colony, Jhotwara\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3064","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Windows Defender (20190228)"],"avAllowList":["Webroot SecureAnywhere (20190228)"]},{"isRevoked":"False","fileName":"ptcr.exe","companyName":"n/a","productName":"PPL","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"0d6cd04075eedd395312c8292a13f3b7","hashSHA1":"f0ec85501ffbbf55523d4564fe0f430c8e49d02a","hashSHA256":"5eeab51524b8a5a43d81b8b5f487d476442a0f6bce2485d52697b6472d8cf22d","digitalCertThumbprint":"6B29F9B3BDB21067B08D3DA7F049B13F6C4BC8A3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=wincare utilities, OU=wincare utilities, O=wincare utilities, POBox=302012, STREET=\"47, Shilp Colony, Jhotwara\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3064","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"psusetup.exe","isInstaller":"True","productName":"Power~Speedup~2018","productVersion":"2.0.1.1","fileVersion":"2.0.1.1","hashMD5":"609467f2569669157734f92bfe35cd9b","hashSHA1":"6846c72fbaf2aad6c37823abf02c7294d6fe50ed","hashSHA256":"c2d5a2b02d9b21dcd44c92aba7e34aba79ac3e166b6ecc5fe48eaa62f5ae0790","digitalCertThumbprint":"8CD37C59CC52537DAD8A09CA7341740B13BDDBD5","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TUNEUP PC T00LS, O=TUNEUP PC T00LS, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"3064","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Trend Micro Internet Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["Bitdefender Internet Security (20190815)","Tencent PC Manager (20190815)","VIPRE Advanced Security (20190815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.speedywinutils.com/","directDownloadingLink":"http://dl.speedywinutils.com/psu/c4/psusetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.speedywinutils.com/psu/c4/psusetup.exe","sourceIndex":"3064"}],"sampleFiles":["190522/PowerSpeedup2018-180903/1.0.0.0/Samples/psusetup.exe","190522/PowerSpeedup2018-180903/1.0.0.0/Samples/ptcr.exe","190522/PowerSpeedup2018-180903/1.0.0.0/Samples/psusetup (2.0.1.1).exe"],"imageFiles":["190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-003/ACR-003_software.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-003/ACR-003_software1.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-014/ACR-014_software.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-088/ACR-088_software.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-092/ACR-092_software.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-099/ACR-099_landingpage.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","190522/PowerSpeedup2018-180903/1.0.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"6c305281-d58c-4040-9dc2-ab3584c8920d_1.0.0.0_1","appID":"PowerSpeedup2018-180903","dateAdded":"190522","deceptorType":"App","name":"Power-Speedup-2018","company":"Power Speedup 2018","version":"1.0.0.0","sigName":"Deceptor:Win32/PowerSpeedup2018!003010014055059","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2053},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"ocssetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"One Click Speedup                                           ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"4866479d6282c395203fd5424b30e8c5","hashSHA1":"82ea07f3a4adac0c70cac92d80cac0d2596c8075","hashSHA256":"b24ef9f17ec0117dab7581f9c8b15941148f85b6c606f140c66d8548af1a4acc","digitalCertThumbprint":"68226891FF5B66EF2BBE720218809ABA2DDEA94D","sourceIndex":"3063","avBlockList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Avira Internet Security (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","Trend Micro Internet Security (20190425)","VirIT eXplorer PRO (20190425)","Webroot SecureAnywhere (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","COMODO Antivirus (20190425)","Dr.Web Security Space (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)"],"avAllowList":["Bitdefender Internet Security (20190425)","F-PROT Antivirus for Windows (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\One Click Speedup for DESKTOP-8QAR3KI\\rtc.exe","productName":"System Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"c1622f0843e02c6d79555c594c6b9cf6","hashSHA1":"0d66de6a0d66dc6c398a639684018ee2a2979c04","hashSHA256":"2d7a43463d2d68c98768161ef7038199c53c957a71e0c26c132e6b794b732d7a","digitalCertThumbprint":"68226891FF5B66EF2BBE720218809ABA2DDEA94D","sourceIndex":"3063","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ocssetup (1.0.0.11).exe","isInstaller":"True","productVersion":"1.0.0.11","fileVersion":"1.0.0.11","hashMD5":"38151bd0223f60a76610bf612cfacb42","hashSHA1":"35a058954a56c172fc23a3a46c95934bf5a2ba32","hashSHA256":"670e17a9c1e007ce2a2c56631fb78014aa568e0078895295b38c58f2e1b35c95","digitalCertThumbprint":"30CA64E3299D8774A943E877BE1E2597072BDC97","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TWEAK PC TOOLS, OU=IT, O=TWEAK PC TOOLS, POBox=302016, STREET=\"FLAT NUMBER 304, RAJ MAHAL APARTMENT, DEVI MARG, BANI PARK\", L=JAIPUR, S=RAJASTHAN, PostalCode=302016, C=IN","sourceIndex":"3063","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Sophos Home Premium (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["Bitdefender Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","Quick Heal Internet Security (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"preferred PC protection utility\"","reference":"http://sjsystemtools.live/","landingPage":"http://sjsystemtools.live/","directDownloadingLink":"http://dl.sjsystemtools.live/ocs/securerc/sjsystemtools_live/ocssetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.sjsystemtools.live/ocs/securerc/sjsystemtools_live/ocssetup.exe","sourceIndex":"3063"}],"sampleFiles":["190522/OneClickSpeedup-190226/1.0.0.0/Samples/ocssetup.exe","190522/OneClickSpeedup-190226/1.0.0.0/Samples/rtc.exe","190522/OneClickSpeedup-190226/1.0.0.0/Samples/ocssetup (1.0.0.11).exe"],"imageFiles":["190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-042/010.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-048/003_048.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-003/003.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-003/003_2.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-003/003_048.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-004/003.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-004/004.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-010/010.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-084/084.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-097/097.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-168/003.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-168/168.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-057/010.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-055/010.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-059/010.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-161/161.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-099/099.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-150/150_171.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-171/150_171.png","190522/OneClickSpeedup-190226/1.0.0.0/Images/ACR-171/171.png"],"guid":"b785684b-7ad2-4fb3-bfd1-b6eea4c6328f_1.0.0.0_1","appID":"OneClickSpeedup-190226","dateAdded":"190522","deceptorType":"App","name":"One Click Speedup","company":"Ab Reach TechnoIogies Private Limited","version":"1.0.0.0","sigName":"Deceptor:Win32/OneClickSpeedup!042048003004010084097168057055059155 ","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190522","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-22T20:35:02.6015693+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2054},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"GLOBALSOFT LOGICS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"aufpsetup.exe","isInstaller":"True","companyName":"AutoFixer Pro 2018","productName":"Auto-Fixer-Pro-2018","productVersion":"3.5.0.0","fileVersion":"3.5.0.0","hashMD5":"7b8bf10314a74dd4b220e545a961140a","hashSHA1":"c8d0f23cadb578bdeb0c988f337ebee7f8f338f2","hashSHA256":"32439e9792f36db0c4b4199c5a9cb024e1fb5e337fd3e0d231e34f7f1220a3ab","digitalCertThumbprint":"B6182845E42D6F2CBC05577460ED682CD41521E6","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TUNEUP PC TOOIS, O=TUNEUP PC TOOIS, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"457","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","Bitdefender Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Quick Heal Internet Security (20190815)","Sophos Home Premium (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm.exe","companyName":"AutoFixer Pro 2018","productName":"PC Fixing Tool","productVersion":"3.5.0.0","fileVersion":"3.5.0.0","hashMD5":"25780b46e11d2c8ef0bdfe86829ffa15","hashSHA1":"7ca24253670c59e4d3eecddadaf1c5ba71d7ceaf","hashSHA256":"4e0eda8fde3de583ec452b7a88c5175567d405b44e43e86b81bb85af5bd493d5","digitalCertThumbprint":"B6182845E42D6F2CBC05577460ED682CD41521E6","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TUNEUP PC TOOIS, O=TUNEUP PC TOOIS, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"457","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"aufpsetup (1.0.7.9).exe","isInstaller":"True","productVersion":"1.0.7.9","fileVersion":"1.0.7.9","hashMD5":"0d6ca5e9376cf66146e51d0e07c98196","hashSHA1":"de290af324950ec2f7222bf6faae7c6c959db256","hashSHA256":"a0057178f603afde27d0c534caae7717e01b2303db4e6c99fbe05c9cf60702fb","digitalCertThumbprint":"4AF99DF2499113E82284865E745BEB3A1911CF9B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GLOBALSOFT LOGICS, O=GLOBALSOFT LOGICS, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"457","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Sophos Home Premium (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["Bitdefender Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","Quick Heal Internet Security (20190815)","Tencent PC Manager (20190815)","Trend Micro Internet Security (20190815)","VIPRE Advanced Security (20190815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc fixer\"","landingPage":"http://www.1clickpcboost.com/","directDownloadingLink":"https://d3lwp437fwpt0z.cloudfront.net/autfixrpro/securerc/b8/aufpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3lwp437fwpt0z.cloudfront.net/autfixrpro/securerc/b8/aufpsetup.exe","sourceIndex":"457"}],"sampleFiles":["190522/AutoFixerPro2018-180420/3.5.0.0/Samples/aufpsetup.exe","190522/AutoFixerPro2018-180420/3.5.0.0/Samples/mysysm.exe","190522/AutoFixerPro2018-180420/3.5.0.0/Samples/aufpsetup (1.0.7.9).exe"],"imageFiles":["190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-003/ACR-003_software.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-003/ACR-003_software1.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-003/ACR-003_software2.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-088/ACR-088_software.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-092/ACR-092_software.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-099/ACR-099_landingpage.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","190522/AutoFixerPro2018-180420/3.5.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"c5234685-8756-4e24-b52d-e8a4176375bf_3.5.0.0_1","appID":"AutoFixerPro2018-180420","dateAdded":"190522","deceptorType":"App","name":"Auto-Fixer-Pro-2018","company":"AutoFixer Pro 2018","version":"3.5.0.0","sigName":"Deceptor:Win32/AutoFixerPro2018!003010055059","lastKnownStatus":"Deceptor:3.5.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T22:02:05.4911677+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2055},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy and privacy policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Speed-Up Tools Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"sppsetup.exe","isInstaller":"True","productName":"Speedy-PC Pro 2018","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"00aea05f4fe8bd2e68dc87abdd9b1f9c","hashSHA1":"4c179bd0ade023c8fa460f6388b440f3df4090a1","hashSHA256":"6cbca4b63fc020c4c85313e368ea36eace563dc7e7217f13db0c3f56329c2287","digitalCertThumbprint":"9BF55393E1186739791B5F981176EF53C1369FAD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speed-Up Tools Inc, O=PC Speed-Up Tools Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"501","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Windows Defender (20190228)"]},{"isRevoked":"False","fileName":"bpp.exe","companyName":"n/a","productName":"SpeedUp Tool","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"ccd6358bfd94bff4412c45059a5147d7","hashSHA1":"267bf268cac08598756e6ddb9555fe6aee540573","hashSHA256":"10aff61482aba232949fddab413440d628cb300a47b6e0b9ba3febc7b9e5f37a","digitalCertThumbprint":"9BF55393E1186739791B5F981176EF53C1369FAD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speed-Up Tools Inc, O=PC Speed-Up Tools Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"501","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"sppsetup.exe (1.0.10.19)","isInstaller":"True","productName":"Speedy-PC Pro 2018","productVersion":"1.0.10.19","fileVersion":"1.0.10.19","hashMD5":"caa60ff7de0936657a8696571a528cf3","hashSHA1":"ce30c1d0f52dd856d2e3601c7032c00e397bf78e","hashSHA256":"83df3637780f9842599d6ad67a64c80b51c56c8acbeb8d9b50157036141403ff","digitalCertThumbprint":"9764089F8634FC4215E931CF619547D348B74CE1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools, OU=Tuneup PC Tools, O=Tuneup PC Tools, POBox=302004, STREET=\"HOUSE NO. A-54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"501","avBlockList":["360 Total Security (20190815)","Avast Internet Security (20190815)","AVG Internet Security (20190815)","Avira Internet Security (20190815)","COMODO Antivirus (20190815)","Dr.Web Security Space (20190815)","ESET Internet Security (20190815)","G DATA INTERNET SECURITY (20190815)","K7 Total Security (20190815)","Kaspersky Internet Security (20190815)","Malwarebytes Premium (20190815)","McAfee Total Protection (20190815)","Norton Security (20190815)","Panda Dome (20190815)","Sophos Home Premium (20190815)","Trend Micro Internet Security (20190815)","VirIT eXplorer PRO (20190815)","Webroot SecureAnywhere (20190815)","Windows Defender (20190815)"],"avAllowList":["Bitdefender Internet Security (20190815)","Quick Heal Internet Security (20190815)","Tencent PC Manager (20190815)","VIPRE Advanced Security (20190815)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.winpcmechanic.com/","directDownloadingLink":"https://d3aosmcqcw4p0z.cloudfront.net/spp/securerc/b10/sppsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3aosmcqcw4p0z.cloudfront.net/spp/securerc/b10/sppsetup.exe","sourceIndex":"501"}],"sampleFiles":["190521/SpeedyPCPro2018-180906/1.0.0.9/Samples/sppsetup.exe","190521/SpeedyPCPro2018-180906/1.0.0.9/Samples/bpp.exe","190521/SpeedyPCPro2018-180906/1.0.0.9/Samples/sppsetup.exe (1.0.10.19)"],"imageFiles":["190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-055/ACR-055_inlineoffer.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-003/ACR-003_software.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-003/ACR-003_software1.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-010/ACR-010_inlineoffer.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-010/ACR-010_adsinsideapp.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-014/ACR-014_software.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-065/ACR-065_internaloffer.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-161/ACR-161_internaloffer.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-088/ACR-088_software.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-092/ACR-092_software.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-099/ACR-099_landingpage.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-099/ACR-099_internaloffer.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-150/ACR-150_internaloffer.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-171/ACR-171_internaloffer.JPG","190521/SpeedyPCPro2018-180906/1.0.0.9/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"a24af5df-2f17-422a-8e6c-db95787ab205_1.0.0.9_1","appID":"SpeedyPCPro2018-180906","dateAdded":"190521","deceptorType":"App","name":"SpeedyPCPro2018","company":"Speedy PC Pro 2018","version":"1.0.0.9","sigName":"Deceptor:Win32/SpeedyPCPro2018!003010014055059","lastKnownStatus":"Deceptor:1.0.0.9","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-23T21:33:54.9446936+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2056},{"violations":{"ACR-003":"App's use of both colors and gauges, and words \"WARNING\" in free scan results to raise a sense of urgency in the user.\n","ACR-004":"The app does not provide free fixes for regularly recurring results. The app uses the colors and gauges to raise a sense of urgency in the user.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy information\n","ACR-002":"The application's landing page displays a different name for the app than what is installed. The landing page displays the name \"PC DOC PRO\" but after downloading the app \"PC First Aid\" was found to be the actual application's name.\nThe application's landing page displays a different name for the app than what is installed. \n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled\nThe application has no link or information that shows how it can be uninstalled\n","ACR-167":"The application's only offers a 10 days from time of purchase of a Platinum license or within 7 days of purchase of a Gold license, as stated in their EULA. \n"},"samples":[{"isRevoked":"False","fileName":"pcfirstaid35.exe","isInstaller":"True","companyName":"NeuroSoft Corp.                                             ","fileVersion":"0.0","hashMD5":"550fa2c16e50f4f1164309073ffdf585","hashSHA1":"ca0dfaf9f33ef5ff4ae659705177c3ac4ee45666","hashSHA256":"3e777f084fac5cdf6d34f034314ac765f03b7dca6b07f01bfd4c4d4279768ed6","digitalCertThumbprint":"BFF47AE9FD43DA7E47E3224F3F7AFE6F5210DD41","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Digital River, Inc.\", OU=eSellerate, O=\"Digital River, Inc.\", L=Minnetonka, S=Minnesota, C=US","sourceIndex":"3066","avBlockList":["360 Total Security (20190812)","Avast Internet Security (20190812)","AVG Internet Security (20190812)","Avira Internet Security (20190812)","COMODO Antivirus (20190812)","ESET Internet Security (20190812)","G DATA INTERNET SECURITY (20190812)","K7 Total Security (20190812)","Kaspersky Internet Security (20190812)","McAfee Total Protection (20190812)","Norton Security (20190812)","Panda Dome (20190812)","Quick Heal Internet Security (20190812)","Sophos Home Premium (20190812)","Trend Micro Internet Security (20190812)","VirIT eXplorer PRO (20190812)","Webroot SecureAnywhere (20190812)","Windows Defender (20190812)"],"avAllowList":["Bitdefender Internet Security (20190812)","Dr.Web Security Space (20190812)","Malwarebytes Premium (20190812)","Tencent PC Manager (20190812)","VIPRE Advanced Security (20190812)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\PC First Aid\\pcfirstaid.exe","companyName":"Neurosoft Corp.","fileVersion":"3.5","hashMD5":"23557b389ff1d3c0f5f45b989d1bec17","hashSHA1":"e4adf701db5b51f7199fed55372664dabcc4bb4d","hashSHA256":"f68483d64673c47cec73e933eda6872a0c3e23f457f86f2d89bcda6dc1941083","sourceIndex":"3066","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Scan your PC for errors\"","reference":"http://www.ouisoft.com/pcdocpro.htm","landingPage":"http://www.ouisoft.com/pcdocpro.htm","directDownloadingLink":"http://get2.esellerate.net/get/est/T3TG78YL1U3TZQ4J/pcfirstaid35.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://get2.esellerate.net/get/est/T3TG78YL1U3TZQ4J/pcfirstaid35.exe","sourceIndex":"3066"}],"sampleFiles":["190518/PCFirstAid-190515/3.5.0.2126/Samples/pcfirstaid35.exe","190518/PCFirstAid-190515/3.5.0.2126/Samples/PCFirstAid.exe"],"imageFiles":["190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-003/004.png","190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-004/004.png","190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-004/004_2.png","190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-004/004_3.png"],"nonDeceptorImageFiles":["190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-002/main3.png","190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-002/002.png","190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-002/004_3.png","190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-099/about.png","190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-065/about.png","190518/PCFirstAid-190515/3.5.0.2126/Images/ACR-167/167.png"],"guid":"9c83d4b7-5b5b-4409-9e2e-d7593ab39942_3.5.0.2126_1","appID":"PCFirstAid-190515","dateAdded":"190518","deceptorType":"App","name":"PC FIRST AID","company":"Neurosoft","version":"3.5.0.2126","sigName":"Deceptor:Win32/PcFirstAid!003004","lastKnownStatus":"Deceptor:3.5.0.2126","lastKnownDate":"190518","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-19T00:51:00.5874314+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2200},{"violations":{"ACR-003":"The application exaggerated number of Windows Update component files (Windows DLL files) as issues, thereby misleading or scaring the user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy information. \n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-035":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy information. There is no customer support link or information.\n","ACR-150":"The app displays five star awards from PC Magazine, CNet, Majorgeeks, PCWorld, CHIP, softpedia and Updatestar that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"error-fixer_setup.exe","isInstaller":"True","companyName":"Coopoint, Ltd.","fileVersion":"2.7","hashMD5":"fdf870f134a6dde597c67aa4ae592e6c","hashSHA1":"59b6188a8b127f65b379e6a3c2c7d0a7037849f0","hashSHA256":"ed69e3337e063f369c2a4e1f6cf6fa5f3ee8ad668c97b5129c424d74c9cd84f2","sourceIndex":"3069","avBlockList":["360 Total Security (20190509)","Avast Internet Security (20190509)","AVG Internet Security (20190509)","Avira Internet Security (20190509)","COMODO Antivirus (20190509)","ESET Internet Security (20190509)","G DATA INTERNET SECURITY (20190509)","K7 Total Security (20190509)","Kaspersky Internet Security (20190509)","Malwarebytes Premium (20190509)","McAfee Total Protection (20190509)","Norton Security (20190509)","Panda Dome (20190509)","Quick Heal Internet Security (20190509)","Sophos Home Premium (20190509)","SpyHunter5 (20190422)","Tencent PC Manager (20190509)","Trend Micro Internet Security (20190509)","VirIT eXplorer PRO (20190509)","Webroot SecureAnywhere (20190509)","Windows Defender (20190509)"],"avAllowList":["Bitdefender Internet Security (20190509)","Dr.Web Security Space (20190509)","F-PROT Antivirus for Windows (20190422)","VIPRE Advanced Security (20190509)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Coopoint\\Error Fixer\\error-fixer.exe","companyName":"Coopoint Ltd","fileVersion":"2.7","hashMD5":"daaf973f54ab7309baabe007b94e178a","hashSHA1":"d896216c850081106c5ef948dfae05c29bfa473e","hashSHA256":"3c6055be36222060d9b09b2074705e69219a8012f5fd4c84229551c1ed748c9b","sourceIndex":"3069","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Fewer Errors & Crashes\"","reference":"https://www.coopoint.com/error-fixer","landingPage":"https://www.coopoint.com/error-fixer","directDownloadingLink":"https://download.coopoint.com/error-fixer/error-fixer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.coopoint.com/error-fixer/error-fixer_setup.exe","sourceIndex":"3069"}],"sampleFiles":["190513/CoopointErrorFixer-190403/2.7.0.1237/Samples/error-fixer_setup.exe","190513/CoopointErrorFixer-190403/2.7.0.1237/Samples/error-fixer.exe"],"imageFiles":["190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-004/scan.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-004/004_3.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-004/004.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-004/004_2.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-004/004_4.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-003/scan.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-003/004_3.png"],"nonDeceptorImageFiles":["190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-161/161_150.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-150/161_150.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-099/about.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-099/099.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-065/install.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-065/about.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-065/099.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-035/099.png","190513/CoopointErrorFixer-190403/2.7.0.1237/Images/ACR-035/support.png"],"guid":"b2de28bf-cf7d-49e5-b921-e257ebad1840_2.7.0.1237_1","appID":"CoopointErrorFixer-190403","dateAdded":"190513","deceptorType":"App","name":"Coopoint Error Fixer","company":"Coopoint, Ltd.","version":"2.7.0.1237","sigName":"Deceptor:Win32/CoopointErrorFixer!003004","lastKnownStatus":"Deceptor:2.7.0.1237;3.2.0.3769","lastKnownDate":"190513","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-14T01:58:37.3077186+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2203},{"violations":{"ACR-084":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Cloud 7 Antivirus\\Cloud7Antivirus.exe","companyName":"Cloud 7 Antivirus","productName":"Cloud 7 Antivirus","productVersion":"4.2.1.0","fileVersion":"4.2.1.0","hashMD5":"1003f3fd849a1f958ba43800eb7f5a92","hashSHA1":"3fe96be3f34098322ef47d5c67b2e6149a641dbc","hashSHA256":"cc978af1df3311eceeb66a396de5e3457a8e51f1c02e804ae30088756ca64ca6","digitalCertThumbprint":"AA10E6FA3EC6264CD232F2808FB3346769A8B7E9","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Cloud 7 Services Company Limited, OU=Software, O=Cloud 7 Services Company Limited, L=Bang Rak, S=Bangkok, C=TH","sourceIndex":"3070","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Cloud7AntivirusSetup.exe","isInstaller":"True","companyName":"Cloud 7 Antivirus","productName":"Cloud 7 Antivirus","productVersion":"4.2.1","fileVersion":"4.2.1","hashMD5":"0d240234667759d0efc4310463415d3a","hashSHA1":"d0ed3c1d6512901bf75b5ff6de8404a9bcf04742","hashSHA256":"572c79db219833a0fa3f9fc29037d5ddd0993c88f121eb6c7b6a30cd70befbbb","digitalCertThumbprint":"AA10E6FA3EC6264CD232F2808FB3346769A8B7E9","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Cloud 7 Services Company Limited, OU=Software, O=Cloud 7 Services Company Limited, L=Bang Rak, S=Bangkok, C=TH","sourceIndex":"3070","avBlockList":["360 Total Security (20190805)","Avira Internet Security (20190805)","Bitdefender Internet Security (20190805)","ESET Internet Security (20190805)","G DATA INTERNET SECURITY (20190805)","K7 Total Security (20190805)","Malwarebytes Premium (20190805)","McAfee Total Protection (20190805)","Norton Security (20190805)","Panda Dome (20190805)","Quick Heal Internet Security (20190805)","Sophos Home Premium (20190805)","Tencent PC Manager (20190805)","Trend Micro Internet Security (20190805)","VIPRE Advanced Security (20190805)","VirIT eXplorer PRO (20190805)","Webroot SecureAnywhere (20190805)","Windows Defender (20190805)"],"avAllowList":["Avast Internet Security (20190805)","AVG Internet Security (20190805)","COMODO Antivirus (20190805)","Dr.Web Security Space (20190805)","Kaspersky Internet Security (20190805)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Deep Threat Scanning\"","reference":"https://www.cloud7antivirus.com/en/feature","landingPage":"https://www.cloud7antivirus.com/","directDownloadingLink":"https://www.cloud7antivirus.com/software/Cloud7AntivirusSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.cloud7antivirus.com/software/Cloud7AntivirusSetup.exe","sourceIndex":"3070"}],"sampleFiles":["190513/Cloud7Antivirus-190513/4.2.1.0/Samples/Cloud7Antivirus.exe","190513/Cloud7Antivirus-190513/4.2.1.0/Samples/Cloud7AntivirusSetup.exe"],"imageFiles":["190513/Cloud7Antivirus-190513/4.2.1.0/Images/ACR-168/168_1.png","190513/Cloud7Antivirus-190513/4.2.1.0/Images/ACR-168/168_2.png","190513/Cloud7Antivirus-190513/4.2.1.0/Images/ACR-084/097 (1).png"],"nonDeceptorImageFiles":["190513/Cloud7Antivirus-190513/4.2.1.0/Images/ACR-168/168.png"],"guid":"f2acaa8c-331e-41b3-8a6a-f2b2d2101608_4.2.1.0_1","appID":"Cloud7Antivirus-190513","dateAdded":"190513","deceptorType":"App","name":"Cloud 7 Antivirus","company":"Cloud 7 Services Company Limited","version":"4.2.1.0","sigName":"Deceptor:Win32/Cloud7Antivirus!084168","lastKnownStatus":"Deceptor:4.2.1.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2204},{"violations":{"ACR-003":"The application exaggerated number of Windows Update component files (Windows DLL files) as issues and invalid registry record as error, thereby misleading or scaring the user to take action.\n","ACR-004":"The App requires customer to pay for subscription service to fix the non-permanent issues identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy information. \n","ACR-161":"Claims awards no outside source mentions. Includes photos of reviewers but only one review. \n","ACR-090":"inflates itself by claiming \"world wide awards\" and shows photos of people who \"reviewed\" the app but there is no way to read them. \n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-035":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy information. There is no customer support link or information.\n"},"samples":[{"isRevoked":"False","fileName":"error-fixer_setup.exe","isInstaller":"True","companyName":"Coopoint, Ltd.","productName":"3.2.0.3769","fileVersion":"3.2.0.3769","hashMD5":"9cdf56d8219ec1bfd5cd60af1bf14579","hashSHA1":"15bab02a6adfa35bd355c4aa79e92765fb0f496d","hashSHA256":"c80082e1f645e32872dfefb9a13bf317a4415ef58c5fb7213ebcc0d01bc84645","sourceIndex":"3068","avBlockList":["360 Total Security (20190805)","Avast Internet Security (20190805)","AVG Internet Security (20190805)","Avira Internet Security (20190805)","Bitdefender Internet Security (20190805)","COMODO Antivirus (20190805)","ESET Internet Security (20190805)","G DATA INTERNET SECURITY (20190805)","K7 Total Security (20190805)","Kaspersky Internet Security (20190805)","Malwarebytes Premium (20190805)","McAfee Total Protection (20190805)","Norton Security (20190805)","Panda Dome (20190805)","Quick Heal Internet Security (20190805)","Sophos Home Premium (20190805)","Tencent PC Manager (20190805)","Trend Micro Internet Security (20190805)","VIPRE Advanced Security (20190805)","VirIT eXplorer PRO (20190805)","Webroot SecureAnywhere (20190805)","Windows Defender (20190805)"],"avAllowList":["Dr.Web Security Space (20190805)"]},{"isRevoked":"False","fileName":"error-fixer.exe","companyName":"Coopoint Ltd","productName":"3.2.0.3769","fileVersion":"3.2.0.3769","hashMD5":"f0b2fee291331a7ff149f330440dc0d8","hashSHA1":"9c6ebdedf35575408822bd4b6d46e2d690c1587a","hashSHA256":"8068ea6246f2c4bf7c6fc1dac81fcd310295e2f04718df4ada084fd0505d8722","sourceIndex":"3068","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Fewer Errors & Crashes\"","reference":"https://www.coopoint.com/error-fixer","landingPage":"https://www.coopoint.com/error-fixer","directDownloadingLink":"https://download.coopoint.com/error-fixer/error-fixer_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.coopoint.com/error-fixer/error-fixer_setup.exe","sourceIndex":"3068"}],"sampleFiles":["190513/CoopointErrorFixer-190403/v3.2/Samples/error-fixer_setup.exe","190513/CoopointErrorFixer-190403/v3.2/Samples/error-fixer.exe"],"imageFiles":["190513/CoopointErrorFixer-190403/v3.2/Images/ACR-004/004_3.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-004/004_2.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-004/004_4.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-004/fix.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-003/scan.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-003/004_3.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-003/scan.png"],"nonDeceptorImageFiles":["190513/CoopointErrorFixer-190403/v3.2/Images/ACR-161/revoiews.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-099/about.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-099/099.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-065/install.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-065/about.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-065/099.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-035/099.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-035/support.png","190513/CoopointErrorFixer-190403/v3.2/Images/ACR-090/revoiews.png"],"guid":"b2de28bf-cf7d-49e5-b921-e257ebad1840_v3.2_1","appID":"CoopointErrorFixer-190403","dateAdded":"190513","deceptorType":"App","name":"Coopoint Error Fixer","company":"Coopoint, Ltd.","version":"v3.2","sigName":"Deceptor:Win32/CoopointErrorFixer!004003","lastKnownStatus":"Deceptor:2.7.0.1237;3.2.0.3769","lastKnownDate":"190513","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-14T01:59:05.7661369+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2202},{"violations":{"ACR-084":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-163":"App does not show non-one-to-one interactive methods for obtaining support or activating software.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n","ACR-167":"There is no Returns and Cancellation Policy information.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Dr. Wolf Internet Security\\Dr.WolfInternetSecurity.exe","companyName":"DIGITAL NOMAD LTD.","productName":"Dr. Wolf Internet Security","productVersion":"4.1.9.0","fileVersion":"4.1.9.0","hashMD5":"3523ca41560199eae0748094408f3655","hashSHA1":"0c2b2b344300f26850fd1e06c37fa26a9fc9ef17","hashSHA256":"7c02c75007b8285c39757fe431c7e9bbbcc666b1ae4fb378ad9b5c85c4dae171","digitalCertThumbprint":"FF2B725000947E6B4374ED6A67CDFD1B8C486038","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=DIGITAL NOMAD LTD., O=DIGITAL NOMAD LTD., L=Sofia, S=Sofia, C=BG","sourceIndex":"3071","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"DIGITAL NOMAD LTD.","productName":"Dr. Wolf Internet Security","productVersion":"4.1.9","fileVersion":"4.1.9","hashMD5":"96fa8b16a87ccb34ff08ca38921c8067","hashSHA1":"b8d6d193d3fe48d2a49cc19684dfb22215ecef40","hashSHA256":"62370cc9eac13be30ee4e0c1794ad2f8a252fa5a3de5cd7f4af2cd0bc871e0d1","digitalCertThumbprint":"FF2B725000947E6B4374ED6A67CDFD1B8C486038","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=DIGITAL NOMAD LTD., O=DIGITAL NOMAD LTD., L=Sofia, S=Sofia, C=BG","sourceIndex":"3071","avBlockList":["360 Total Security (20190805)","Avira Internet Security (20190805)","COMODO Antivirus (20190805)","Dr.Web Security Space (20190805)","ESET Internet Security (20190805)","G DATA INTERNET SECURITY (20190805)","K7 Total Security (20190805)","Malwarebytes Premium (20190805)","McAfee Total Protection (20190805)","Norton Security (20190805)","Panda Dome (20190805)","Quick Heal Internet Security (20190805)","Sophos Home Premium (20190805)","Trend Micro Internet Security (20190805)","VirIT eXplorer PRO (20190805)","Webroot SecureAnywhere (20190805)","Windows Defender (20190805)"],"avAllowList":["Avast Internet Security (20190805)","AVG Internet Security (20190805)","Bitdefender Internet Security (20190805)","Kaspersky Internet Security (20190805)","Tencent PC Manager (20190805)","VIPRE Advanced Security (20190805)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"DEEP THREAT SCANNER\"","reference":"https://www.drwolf.io/about-us","landingPage":"https://www.drwolf.io/","directDownloadingLink":"https://s3.eu-central-1.amazonaws.com/drwolf/internetSecurity/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.eu-central-1.amazonaws.com/drwolf/internetSecurity/setup.exe","sourceIndex":"3071"}],"sampleFiles":["190513/DrWolfInternetSecurity-190513/4.1.9.0/Samples/Dr.WolfInternetSecurity.exe","190513/DrWolfInternetSecurity-190513/4.1.9.0/Samples/setup.exe"],"imageFiles":["190513/DrWolfInternetSecurity-190513/4.1.9.0/Images/ACR-168/main.png","190513/DrWolfInternetSecurity-190513/4.1.9.0/Images/ACR-168/wolf.png","190513/DrWolfInternetSecurity-190513/4.1.9.0/Images/ACR-084/097.png"],"nonDeceptorImageFiles":["190513/DrWolfInternetSecurity-190513/4.1.9.0/Images/ACR-163/163.png","190513/DrWolfInternetSecurity-190513/4.1.9.0/Images/ACR-099/099.png"],"guid":"2860c3ab-9189-4f2f-bf5e-71b19a377d7d_4.1.9.0_1","appID":"DrWolfInternetSecurity-190513","dateAdded":"190513","deceptorType":"App","name":"Dr. Wolf Internet Security","company":"DIGITAL NOMAD LTD.","version":"4.1.9.0","sigName":"Deceptor:Win32/DrWolfInternetSecurity!084168","lastKnownStatus":"Deceptor:4.1.9.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2201},{"violations":{"ACR-042":"","ACR-057":"The means to accept or decline the offers are not clear to the consumer.\n","ACR-055":"Accept and decline options for offers are not clear to the consumer.\nOffer acceptance and declining during install is hidden in a multi-purpose checkbox that's neither obvious nor simple.\n","ACR-059":"Offers are not marked as offers.\n"},"nonDeceptorViolations":{"ACR-002":"Landing page and installer file name are different than the app's name and app installer. \n"},"samples":[{"isRevoked":"False","fileName":"FreeMusicDownloader.exe","isInstaller":"True","companyName":"N/A","productName":"Setup","fileVersion":"0.0","hashMD5":"65068c642cf2268f053b131a23089d10","hashSHA1":"e73bff454fc728fb12a0b7d134a06e6ae53e20ec","hashSHA256":"321715886c9af0eb64aaffe055fc0e8df3cbf3ca981ce2e5ba22e3de47a0e332","digitalCertThumbprint":"345292FF238A484501F6C92832542084699B17E8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Suzhou MorningSun Information Technology LLC, O=Suzhou MorningSun Information Technology LLC, STREET=A305 International Science and Technology Park 5, STREET=328 Xin Hu Road （Suzhou Industrial Park）, L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN","sourceIndex":"3074","avBlockList":["360 Total Security (20190805)","Avast Internet Security (20190805)","AVG Internet Security (20190805)","Avira Internet Security (20190805)","Bitdefender Internet Security (20190805)","COMODO Antivirus (20190805)","Dr.Web Security Space (20190805)","ESET Internet Security (20190805)","G DATA INTERNET SECURITY (20190805)","K7 Total Security (20190805)","Kaspersky Internet Security (20190805)","Malwarebytes Premium (20190805)","McAfee Total Protection (20190805)","Norton Security (20190805)","Panda Dome (20190805)","Quick Heal Internet Security (20190805)","Sophos Home Premium (20190805)","Tencent PC Manager (20190805)","Trend Micro Internet Security (20190805)","VIPRE Advanced Security (20190805)","VirIT eXplorer PRO (20190805)","Webroot SecureAnywhere (20190805)","Windows Defender (20190805)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"freemsuicdownloader","landingPage":"http://getfreemusic.org/free-downloader.html","directDownloadingLink":"http://getfreemusic.org/php/download.php?i=241697103&e=m","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://getfreemusic.org/php/download.php?i=241697103&e=m","sourceIndex":"3074"}],"sampleFiles":["190511/getfreemusic-190503/190503/Samples/FreeMusicDownloader.exe"],"imageFiles":["190511/getfreemusic-190503/190503/Images/ACR-055/2019-04-22_17-57-03.png","190511/getfreemusic-190503/190503/Images/ACR-055/2019-04-22_18-19-35.png","190511/getfreemusic-190503/190503/Images/ACR-055/2019-04-22_18-25-46 New.png","190511/getfreemusic-190503/190503/Images/ACR-057/2019-04-22_17-57-03.png","190511/getfreemusic-190503/190503/Images/ACR-057/2019-04-22_18-19-35.png","190511/getfreemusic-190503/190503/Images/ACR-055/2019-04-22_17-57-03.png","190511/getfreemusic-190503/190503/Images/ACR-055/2019-04-22_18-19-35.png","190511/getfreemusic-190503/190503/Images/ACR-059/2019-04-22_18-19-35.png","190511/getfreemusic-190503/190503/Images/ACR-059/2019-04-22_17-57-03.png"],"nonDeceptorImageFiles":["190511/getfreemusic-190503/190503/Images/ACR-002/2019-04-22_18-30-36.png","190511/getfreemusic-190503/190503/Images/ACR-002/2019-04-22_18-30-55.png","190511/getfreemusic-190503/190503/Images/ACR-002/2019-04-24_17-45-41.png"],"guid":"b92fa49a-e7cc-44ed-81b7-5d82d6cdf0ec_190503_1","appID":"getfreemusic-190503","dateAdded":"190511","deceptorType":"Bundler","name":"getfreemusic Installer","company":"getfreemusic","version":"190503","sigName":"Deceptor:Win32/GetFreeMusicDownloadManager!042055057059","lastKnownStatus":"Deceptor:0.0","lastKnownDate":"190511","type":"Windows Executable","category":"Media players","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","monetization":"display ads","lastUpdate":"2019-05-11T17:59:46.4492642+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2206},{"violations":{"ACR-004":"The app does not provide free fixes for free scans.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy.\nThe app's about page does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not provide links to the EULA.\n","ACR-099":"The app does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Gemini 2","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"c75be44cfb38dbde6574a50ef3fee50c1ec4932b00582c05c600673946689f67","sourceIndex":"2771","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Gemini2.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"64ad76777f0242d3a768239af8da79f7c1b40119a772800876dbbbeaa2b49974","sourceIndex":"2771","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Hazel","landingPage":"https://macpaw.com/gemini","directDownloadingLink":"https://dl.devmate.com/com.macpaw.site.Gemini2/Gemini2.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl.devmate.com/com.macpaw.site.Gemini2/Gemini2.dmg","sourceIndex":"2771"}],"sampleFiles":["190511/Gemini2-190506/2.5.5/Samples/Gemini 2","190511/Gemini2-190506/2.5.5/Samples/Gemini2.dmg"],"imageFiles":["190511/Gemini2-190506/2.5.5/Images/ACR-004/Gemini2 ACR004.gif"],"nonDeceptorImageFiles":["190511/Gemini2-190506/2.5.5/Images/ACR-065/Gemini2 Install 2.png","190511/Gemini2-190506/2.5.5/Images/ACR-065/Gemini2 Install 1.png","190511/Gemini2-190506/2.5.5/Images/ACR-065/Gemini2 About Page.png","190511/Gemini2-190506/2.5.5/Images/ACR-065/Gemini2 Bottom of Internal Offers Page.png","190511/Gemini2-190506/2.5.5/Images/ACR-099/Gemini2 About Page.png"],"guid":"3e6d2cec-15ae-4063-b062-0237d52ef9e3_2.5.5_1","appID":"Gemini2-190506","dateAdded":"190511","deceptorType":"MacOS App","name":"Gemini 2","company":"MacPaw Inc.","version":"2.5.5","sigName":"Deceptor:MacOS/Gemini2!004","firstResolvedDate":"190919","firstResolvedVersion":"2.5.5","resolved":"TRUE","lastKnownStatus":"Deceptor:2.5.5","lastKnownDate":"190511","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2019-09-19T23:01:22.8883039+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2207},{"violations":{"ACR-004":"The app requires the consumer to pay if they want to use the app to delete the files shown in the free scan results.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"DaisyDisk.app.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"14588f4219c70f29c45f034c84493feaa18401539e920f3c90804b9f894f587d","sourceIndex":"1820","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DaisyDisk","companyName":"Software Ambience Corp. (4CBU3JHV97) ","fileVersion":"4.21","hashMD5":"cf439bab31a2f2c62b7c3e49d6c52930","hashSHA1":"49781b0931e95b703b38e980816cb1fd77a1cd15","hashSHA256":"4d56f5341bf5425984bb379650d3a56cf298a7259abf9c6e765a143454b1bda0","digitalCertIssuer":"Apple Root CA ","digitalCertIssuedTo":"Developer ID Application: Software Ambience Corp. (4CBU3JHV97) ","sourceIndex":"1820","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Hazel","landingPage":"https://daisydiskapp.com","directDownloadingLink":"https://daisydiskapp.com/downloads/DaisyDisk.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://daisydiskapp.com/downloads/DaisyDisk.zip","sourceIndex":"1820"}],"sampleFiles":["190511/DaisyDisk-190506/4.21/Samples/DaisyDisk.app.zip","190511/DaisyDisk-190506/4.21/Samples/DaisyDisk"],"imageFiles":["190511/DaisyDisk-190506/4.21/Images/ACR-004/acr-004 notintrial.png","190511/DaisyDisk-190506/4.21/Images/ACR-004/acr-004 notincollections.png","190511/DaisyDisk-190506/4.21/Images/ACR-004/acr-004 results1.png"],"nonDeceptorImageFiles":[],"guid":"55685278-6144-4b67-86a2-fbf94abd3d53_4.21_1","appID":"DaisyDisk-190506","dateAdded":"190511","deceptorType":"MacOS App","name":"Daisy Disk","company":"Software Ambience Corp.","version":"4.21","firstVendorContactDate":"210818","firstAppEsteemReplyDate":"210818","firstResolvedDate":"210907","firstResolvedVersion":"4.21.2","resolved":"TRUE","lastKnownStatus":"Deceptor:4.7.2,4.21","lastKnownDate":"210818","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-09-07T18:39:42.7461818+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2208},{"violations":{"ACR-048":"The app disables the close button, which prevents the consumer from closing the app.\n","ACR-004":"The app requires the consumer to pay if they want to delete the files shown in the free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not have an install process. The \"free trial\" button on the landing page directly downloads the full application.\nThe app's about page does not display links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offers age does not show links to the EULA.\n","ACR-099":"The app's about page does not display links to uninstall information.\nThe landing page does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"DaisyDisk","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"5b65f62d2a9d8fe0e5b08dd169bee2b8475a891653731df28a00fabf2e8740c4","sourceIndex":"3073","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DaisyDisk.zip","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"67e7df4b3caa8c7f20114b9a1ddb22de67f159475468b3e8527f828f06583122","sourceIndex":"3073","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Hazel","landingPage":"https://daisydiskapp.com","directDownloadingLink":"https://daisydiskapp.com/downloads/DaisyDisk.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://daisydiskapp.com/downloads/DaisyDisk.zip","sourceIndex":"3073"}],"sampleFiles":["190511/DaisyDisk-190506/4.7.2/Samples/DaisyDisk","190511/DaisyDisk-190506/4.7.2/Samples/DaisyDisk.zip"],"imageFiles":["190511/DaisyDisk-190506/4.7.2/Images/ACR-048/DaisyDisk 048.png","190511/DaisyDisk-190506/4.7.2/Images/ACR-004/DaisyDisk ACR004.gif"],"nonDeceptorImageFiles":["190511/DaisyDisk-190506/4.7.2/Images/ACR-099/DaisyDisk About Page.png","190511/DaisyDisk-190506/4.7.2/Images/ACR-099/DaisyDisk Bottom of Landing Page.png","190511/DaisyDisk-190506/4.7.2/Images/ACR-099/DaisyDisk Internal Offers.png","190511/DaisyDisk-190506/4.7.2/Images/ACR-065/DaisyDisk Install.gif","190511/DaisyDisk-190506/4.7.2/Images/ACR-065/DaisyDisk About Page.png","190511/DaisyDisk-190506/4.7.2/Images/ACR-065/DaisyDisk Bottom of Landing Page.png","190511/DaisyDisk-190506/4.7.2/Images/ACR-065/DaisyDisk Internal Offers.png"],"guid":"55685278-6144-4b67-86a2-fbf94abd3d53_4.7.2_1","appID":"DaisyDisk-190506","dateAdded":"190511","deceptorType":"MacOS App","name":"Daisy Disk","company":"Software Ambience Corp.","version":"4.7.2","sigName":"Deceptor:MacOS/DaisyDisk!004048","firstVendorContactDate":"210818","firstAppEsteemReplyDate":"210818","firstResolvedDate":"210907","firstResolvedVersion":"4.21.2","resolved":"TRUE","lastKnownStatus":"Deceptor:4.7.2,4.21","lastKnownDate":"210818","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2021-09-07T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2209},{"violations":{"ACR-046":"No disclosures or options during install.\n","ACR-003":"App does not provide substantiation for some disk cleaner scan results.\n","ACR-004":"The App does not provide free fixes for free scan results of Privacy Issues.\n"},"nonDeceptorViolations":{"ACR-045":"Install has no information about the app.\n","ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the Returns and Cancellation Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offers page does not display links to the Returns and Cancellation Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The apps about page does not contain any links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Combo Cleaner","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"2cd15c2c13eb2fc1e8964dfb7b029491e545ab0af60cc3b8c33f91e89363db3e","sourceIndex":"3067","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"combocleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"87b0e620a88feb868de18a04c90d2a154591efd0a9f418ad399dc93ed18e3fb9","sourceIndex":"3067","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Report","reference":"Submitted ae","landingPage":"https://www.combocleaner.com","directDownloadingLink":"https://www.combocleaner.com/files/combocleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.combocleaner.com/files/combocleaner.dmg","sourceIndex":"3067"}],"sampleFiles":["190511/ComboCleaner-181009/1.2.9/Samples/Combo Cleaner","190511/ComboCleaner-181009/1.2.9/Samples/combocleaner.dmg"],"imageFiles":["190511/ComboCleaner-181009/1.2.9/Images/ACR-003/ComboCleaner No Details.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-046/ComboCleaner Install.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-004/ComboCleaner ACR004.gif"],"nonDeceptorImageFiles":["190511/ComboCleaner-181009/1.2.9/Images/ACR-045/ComboCleaner Install.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-065/ComboCleaner After Install.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-065/ComboCleaner Install.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-065/ComboCleaner About Page.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-065/ComboCleaner Bottom of Landing Page.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-065/ComboCleaner Bottom of Internal Offers.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-161/ComboCleaner Internal Offers.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-161/ComboCleaner Bottom of Internal Offers.png","190511/ComboCleaner-181009/1.2.9/Images/ACR-099/ComboCleaner About Page.png"],"guid":"02bd9e7c-104c-4e6f-bdc8-cd10eb7dc425_1.2.9_1","appID":"ComboCleaner-181009","dateAdded":"190511","deceptorType":"MacOS App","name":"Combo Cleaner","company":"UAB RCS LT.","version":"1.2.9","sigName":"Deceptor:MacOS/ComboCleaner!003004046","firstVendorContactDate":"190514","firstAppEsteemReplyDate":"190514","firstResolvedDate":"190514","firstResolvedVersion":"1.2.10","resolved":"TRUE","lastKnownStatus":"Deceptor:1.2.1,1.2.9;NonCertified:1.2.10","lastKnownDate":"190511","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-05-15T00:51:57.7734754+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2210},{"violations":{"ACR-046":"No disclosures or options during install.\n","ACR-003":"App does not provide substantiation for privacy scan... exaggerates urgency with consumer, then requires purchase to see details.\nApp does not provide substantiation for uninstall scan... exaggerates urgency with consumer, then requires purchase to see details.\n"},"nonDeceptorViolations":{"ACR-045":"Install has no information about the app.\n","ACR-065":"No links to EULA or privacy policy during install\nNo links to EULA or privacy policy in help/about\n"},"samples":[{"isRevoked":"False","fileName":"combocleaner (8).dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"89a8df5cddcfa89bf49f446a2013cabc2832a27c17aa7d8e0e75893a46ffdec7","sourceIndex":"3543","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Combo Cleaner","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4e64db40c13730368c05435787451d0767337922748cc8e4aae6ea6be8290f6a","sourceIndex":"3543","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Report","reference":"Submitted ae","landingPage":"https://www.combocleaner.com","directDownloadingLink":"https://www.combocleaner.com/files/combocleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.combocleaner.com/files/combocleaner.dmg","sourceIndex":"3543"}],"sampleFiles":["181009/ComboCleaner-181009/1.2.1/Samples/combocleaner (8).dmg","181009/ComboCleaner-181009/1.2.1/Samples/Combo Cleaner"],"imageFiles":["181009/ComboCleaner-181009/1.2.1/Images/ACR-003/Screen Shot 2018-10-09 at 7.36.05 PM.png","181009/ComboCleaner-181009/1.2.1/Images/ACR-003/Screen Shot 2018-10-09 at 7.40.09 PM.png","181009/ComboCleaner-181009/1.2.1/Images/ACR-046/Screen Shot 2018-10-09 at 7.28.53 PM.png"],"nonDeceptorImageFiles":["181009/ComboCleaner-181009/1.2.1/Images/ACR-045/Screen Shot 2018-10-09 at 7.28.53 PM.png","181009/ComboCleaner-181009/1.2.1/Images/ACR-065/Screen Shot 2018-10-09 at 7.28.53 PM.png","181009/ComboCleaner-181009/1.2.1/Images/ACR-065/Screen Shot 2018-10-09 at 7.44.04 PM.png"],"guid":"02bd9e7c-104c-4e6f-bdc8-cd10eb7dc425_1.2.1_1","appID":"ComboCleaner-181009","dateAdded":"190511","deceptorType":"MacOS App","name":"Combo Cleaner","company":"UAB RCS LT.","version":"1.2.1","sigName":"Deceptor:MacOS/ComboCleaner!003046","firstVendorContactDate":"190514","firstAppEsteemReplyDate":"190514","firstResolvedDate":"190514","firstResolvedVersion":"1.2.10","resolved":"TRUE","lastKnownStatus":"Deceptor:1.2.1,1.2.9;NonCertified:1.2.10","lastKnownDate":"190511","type":"MacOS App","targetOS":"MacOS","targetBrowser":"None","monetization":"up-sell to paid","lastUpdate":"2019-05-14T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2211},{"violations":{"ACR-004":" App exaggerates the registry items as problem and uses of both colors and gauges in free scan results present an exaggerated sense of urgency. \n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's only offers a 14 days returns policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"RegistryCleaner.exe","companyName":"Ascora GmbH","fileVersion":"1.0","hashMD5":"e2fe48558b7cf185ba4c5e8f294e62d4","hashSHA1":"c496675d39b03e6267b4d6d503972f52d886035e","hashSHA256":"054e5a925d6fae773c6ec73f64cd43427fae0751ceed555f6f22be4ef3f15d2e","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2871","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryCleaner-orig.exe","companyName":"Ascora GmbH","fileVersion":"1.0","hashMD5":"57007372121726d9ed9e0f0f88c1978b","hashSHA1":"07a9da348ee92344881a09d8eee7e7bf2ef1b046","hashSHA256":"7907c2198cbafcec4df2b46759499eb30080207cd759a65a45020ba0d1db6f3f","digitalCertThumbprint":"ACBEA2ABB791678D5F0DCC466A93DF4E4C7BAA9D","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg, OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2871","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Kaspersky Internet Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Quick Heal Internet Security (20190422)","Sophos Home Premium (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","Norton Security (20190422)"],"avAllowList":["360 Total Security (20190422)","Bitdefender Internet Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","F-PROT Antivirus for Windows (20190422)","Panda Dome (20190422)","SpyHunter5 (20190422)","Tencent PC Manager (20190422)","Trend Micro Internet Security (20190422)","VIPRE Advanced Security (20190422)"]},{"isRevoked":"False","fileName":"registrycleaner-installer.exe","isInstaller":"True","companyName":"Abelssoft                                                   ","fileVersion":"1.0","hashMD5":"248aee6dae72e85449514176a2f5d257","hashSHA1":"b3a1feffdf8dcd5062cf61a14118646d03261d9f","hashSHA256":"dcfc26b5f7208f3ba0e50f97f22e427e8750c3f82cb43027144e3cf081b53487","digitalCertThumbprint":"974BA7EC6315D77C346D93FC0398B7B127919F84","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Ascora GmbH, O=Ascora GmbH, STREET=Birkenallee 43, L=Ganderkesee, S=Niedersachsen, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Oldenburg (Oldenburg), OID.1.3.6.1.4.1.311.60.2.1.2=Niedersachsen, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 201973, OID.2.5.4.15=Private Organization","sourceIndex":"2871","avBlockList":["Avast Internet Security (20190805)","AVG Internet Security (20190805)","Avira Internet Security (20190805)","Bitdefender Internet Security (20190805)","ESET Internet Security (20190805)","G DATA INTERNET SECURITY (20190805)","K7 Total Security (20190805)","Kaspersky Internet Security (20190805)","Malwarebytes Premium (20190805)","Norton Security (20190805)","Panda Dome (20190805)","Quick Heal Internet Security (20190805)","Sophos Home Premium (20190805)","Tencent PC Manager (20190805)","VIPRE Advanced Security (20190805)","VirIT eXplorer PRO (20190805)","Webroot SecureAnywhere (20190805)","Windows Defender (20190805)"],"avAllowList":["360 Total Security (20190805)","COMODO Antivirus (20190805)","Dr.Web Security Space (20190805)","McAfee Total Protection (20190805)","Trend Micro Internet Security (20190805)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"filehippo.com;searched optimizers: https://filehippo.com/download_pcfresh/ and i found registry cleaner among the product list ","landingPage":"https://www.abelssoft.de/en/windows/System-Utilities/Abelssoft-Registry-Cleaner","directDownloadingLink":"https://www.abelssoft.de/registrycleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.abelssoft.de/registrycleaner.exe","sourceIndex":"2871"}],"sampleFiles":["190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Samples/RegistryCleaner.exe","190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Samples/RegistryCleaner-orig.exe","190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Samples/registrycleaner-installer.exe"],"imageFiles":["190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Images/ACR-004/ACR-004 Guages.png"],"nonDeceptorImageFiles":["190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Images/ACR-065/ACR-065 Install.png","190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Images/ACR-065/ACR-065 No Eula link software.png","190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Images/ACR-099/ACR-099 No uninstall link.png","190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Images/ACR-099/ACR-099 Landing PAge.png","190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Images/ACR-099/ACR-099 Internal Offer.png","190511/AbelssoftRegistryCleaner-180208/1.0.0.0/Images/ACR-167/ACR-167 Cancellations policy.png"],"guid":"d68add8a-8ae9-4773-8987-07de4ca1e120_1.0.0.0_1","appID":"AbelssoftRegistryCleaner-180208","dateAdded":"190511","deceptorType":"App","name":"Abelssoft Registry Cleaner","company":"Ascora GmbH","version":"1.0.0.0","sigName":"Deceptor:Win32/AbelssoftRegistryCleaner!004","firstVendorContactDate":"190814","firstAppEsteemReplyDate":"190815","firstResolvedDate":"190823","firstResolvedVersion":"1.0.0.0 (SHA1:592A5F743B86B61E357ABC1C8F8BD008804F37820E14E4ABCF04459AC46D614F)","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190823","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2019-08-23T22:09:13.0158689+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2212},{"violations":{"ACR-003":"The app uses bars and gauges with \"traffic light\" colors. Bars imply that improvement potential could be \"high\" when the consumer deletes logs.\n","ACR-004":"The app does not provide free fixes for free scans.\n","ACR-084":"The app hides itself from its own uninstaller, which disguises its presence.\n","ACR-014":"App uses red and alarming gauges to imply that non-critial tasks like deleting user cache files could have a large effect on system performance.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not display links to the Returns and Cancellation Policy or the Privacy Policy.\nThe app does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not display links to the Returns and Cancellation Policy.\nThe internal offers page does not display links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nThe internal offers page does not display links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"smrtc_mtwsite.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"921d261fea2b43ef7b031c5aaf0e01dbbaca1efb06c7376a37a80c24dee82301","sourceIndex":"1323","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Smart Mac Cleaner","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"33fe350492c0c00743065b6fe8d71002c54158039a6f7bf18145c37ee1e94ed7","sourceIndex":"1323","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Hazel","landingPage":"http://smart-maccleaner.com","directDownloadingLink":"http://dl.smart-maccleaner.com/smrtc/builds/smrtc_mtwsite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.smart-maccleaner.com/smrtc/builds/smrtc_mtwsite.pkg","sourceIndex":"1323"}],"sampleFiles":["190511/SmartMacCleaner-190506/1.29/Samples/smrtc_mtwsite.pkg","190511/SmartMacCleaner-190506/1.29/Samples/Smart Mac Cleaner"],"imageFiles":["190511/SmartMacCleaner-190506/1.29/Images/ACR-003/SmartMacCleaner Scan Results.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-003/SmartMacCleaner Big Gauge.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-004/SmartMacCleaner ACR004.gif","190511/SmartMacCleaner-190506/1.29/Images/ACR-014/SmartMacCleaner Big Gauge.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-014/SmartMacCleaner Scan Results.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-084/SmartMacCleaner Uninstaller in the App.png"],"nonDeceptorImageFiles":["190511/SmartMacCleaner-190506/1.29/Images/ACR-065/SmartMacCleaner Install.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-065/SmartMacCleaner About Page.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-065/SmartMacCleaner Bottom of Landing Page.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-065/smart-maccleaner.com Internal Offers Page.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-099/SmartMacCleaner About Page.png","190511/SmartMacCleaner-190506/1.29/Images/ACR-099/smart-maccleaner.com Internal Offers Page.png"],"guid":"3e2e83fd-d970-43ab-8876-5fc692c80c13_1.29_1","appID":"SmartMacCleaner-190506","dateAdded":"190511","deceptorType":"MacOS App","name":"Smart Mac Cleaner","company":"Smart Mac Cleaner","version":"1.29","sigName":"Deceptor:MacOS/SmartMacCleaner!003004014084","lastKnownStatus":"Deceptor:1.29","lastKnownDate":"190511","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"up-sell to paid","lastUpdate":"2022-11-11T21:16:46.8881262+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2205},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"epizyHost.exe\".\n","ACR-004":"When trying to fix the registry issues found during the free scan, the app hangs and cannot perform any other option only to close the app.\n","ACR-010":"The app installs a malware file name \"epizyHost.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and fix registry issues, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\n","ACR-002":"The app name is not consistent across in landing pages. It shows 3 different names \"RegistryDoc\", \"RegistryDoctor\", \"RegistryDoc 2018\", \"Epizy Cleanup\" and \"Microsoft Cleanup\".\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n","ACR-150":"The app's landing page displays Lifehack, Engadget, Entrepreneur, The Huffington Post and TNW endorsements that are unable to be verified\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"WRCFree.exe","isInstaller":"True","companyName":"Registry Doctor","productName":"Registry Doctor","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a11177f842b9893530635ca149458efc","hashSHA1":"1cd60b4b881f5c7f9acbe827324cd56557fdc0db","hashSHA256":"b5edb312905f891c993310fee9c6fcd8210eeb639a588e5d6eb35d27528a4a3a","sourceIndex":"3075","avBlockList":["360 Total Security (20190801)","Avast Internet Security (20190801)","AVG Internet Security (20190801)","Avira Internet Security (20190801)","Bitdefender Internet Security (20190801)","COMODO Antivirus (20190801)","Dr.Web Security Space (20190801)","ESET Internet Security (20190801)","G DATA INTERNET SECURITY (20190801)","K7 Total Security (20190801)","Kaspersky Internet Security (20190801)","Malwarebytes Premium (20190801)","McAfee Total Protection (20190801)","Norton Security (20190801)","Panda Dome (20190801)","Quick Heal Internet Security (20190801)","Sophos Home Premium (20190801)","Tencent PC Manager (20190801)","Trend Micro Internet Security (20190801)","VIPRE Advanced Security (20190801)","VirIT eXplorer PRO (20190801)","Webroot SecureAnywhere (20190801)","Windows Defender (20190801)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Registry Doctor\\Registry Doctor\\RegDoc.exe","companyName":"EpizyCleanup","productName":"EpizyCleanup","productVersion":"8.5.5.1","fileVersion":"8.5.5.1","hashMD5":"c078ea7f9bb6b024ea7989f4b160ee72","hashSHA1":"7f7e9a01faee568e43808d95d707b59269ae1918","hashSHA256":"20e94515ce5cdd703a8a458293600315e7e90a8a55ca46089e4ee72bc7042757","sourceIndex":"3075","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Registry Doctor\\Registry Doctor\\background\\epizyHost.exe","companyName":"Microsoft","productName":"Diagnostic Service Host","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"5d8390cc65841f695e6d7652cfcf9635","hashSHA1":"9b6ee5638e889b3c87580708867f494ca720b0e4","hashSHA256":"22eb9f925c5c3786142b1e7d19ac6638a24cdb0593698bbb443c7d56cdefb8f6","sourceIndex":"3075","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Start your PC Faster\"","reference":"http://regdoc.xyz","landingPage":"http://regdoc.xyz","directDownloadingLink":"https://ln.sync.com/dl/50cc9a590/view/default/2526993940011#vujwi8cg-g5mg3eq7-37cy2cjv-vjiqxkec","ipv4":"","ipv6":"","sourceIndex":"3075"}],"sampleFiles":["190509/RegistryDoctor-190503/1.0.0.0/Samples/WRCFree.exe","190509/RegistryDoctor-190503/1.0.0.0/Samples/RegDoc.exe","190509/RegistryDoctor-190503/1.0.0.0/Samples/epizyHost.ex_"],"imageFiles":["190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-042/010.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-004/fixing.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-010/010.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-065/install.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-065/main.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-002/002.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-002/002_2.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-002/168_002.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-150/150.png","190509/RegistryDoctor-190503/1.0.0.0/Images/ACR-168/168_002.png"],"guid":"3f63ec2b-694e-4c33-8789-59f7d77e63e7_1.0.0.0_1","appID":"RegistryDoctor-190503","dateAdded":"190509","deceptorType":"App","name":"Registry Doctor","company":"RegistryDoctor","version":"1.0.0.0","sigName":"Deceptor:Win32/RegistryDoctor!042004010084014 ","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190509","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-09T17:48:45.2517958+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2213},{"violations":{"ACR-010":"Site downloads malware when claiming to offer a Registry Cleaner application.\n"},"nonDeceptorViolations":{"ACR-150":"The website displays Lifehack, Engadget, Entrepreneur, The Huffington Post and TNW endorsements that are unable to be verified.\n","ACR-010":"The app \"Registry Doctor\" downloaded from download website installs a malware file name \"epizyHost.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system. Example of download link is hxxps://ln.sync.com/dl/50cc9a590/view/default/2526993940011#vujwi8cg-g5mg3eq7-37cy2cjv-vjiqxkec\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"The site makes unsubstantiated claim that the download app will scan and fix registry issues, instead it install a malware file in the system.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"Start your PC Faster\"","reference":"http://regdoc.xyz","landingPage":"http://regdoc.xyz","ipv4":"","ipv6":"","sourceIndex":"3076"}],"sampleFiles":[],"imageFiles":["190509/regdocxyz-190503/190503/Images/ACR-010/010.png"],"nonDeceptorImageFiles":["190509/regdocxyz-190503/190503/Images/ACR-010/main.png","190509/regdocxyz-190503/190503/Images/ACR-150/150.png","190509/regdocxyz-190503/190503/Images/ACR-168/168_002.png"],"guid":"b3c2ab55-52a9-4d9a-a101-b9b82bf4101a_190503_1","appID":"regdocxyz-190503","dateAdded":"190509","deceptorType":"Download Site","name":"regdoc.xyz","company":"Registry Doctor","version":"190503","sigName":"Deceptor:Affiliate/Regdoc_xyz!010","lastKnownStatus":"190509","lastKnownDate":"190509","type":"Download Site","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-05-09T17:40:37.0446981+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2214},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"epizyHost.exe\".\n","ACR-004":"When trying to fix the registry issues found during the free scan, the app hangs and cannot perform any other option only to close the app.\n","ACR-010":"The app installs a malware file name \"epizyHost.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and fix registry issues, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\n","ACR-002":"The app name is not consistent across in landing pages. It shows 3 different names \"Regeasyfixer\", \"Pgregclaner\", \"Epizy Cleanup\" and \"Microsoft Cleanup\".\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app's landing page displays Lifehack, Engadget, Entrepreneur, The Huffington Post and TNW endorsements that are unable to be verified.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"WRCFree.exe","isInstaller":"True","companyName":"RegeasyFixer","productName":"RegeasyFixer","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1750ab5813addd3a24d68b74e2a5632a","hashSHA1":"a8f1d24ba3d3ce587f6c2c87d9d57a1e8abfa67e","hashSHA256":"40476ed9d0b6ae65352918275e59cacfe7dac4b307d458edee2723a77c400aac","sourceIndex":"3084","avBlockList":["360 Total Security (20190729)","Avast Internet Security (20190729)","AVG Internet Security (20190729)","Avira Internet Security (20190729)","Bitdefender Internet Security (20190729)","COMODO Antivirus (20190729)","Dr.Web Security Space (20190729)","ESET Internet Security (20190729)","G DATA INTERNET SECURITY (20190729)","K7 Total Security (20190729)","Kaspersky Internet Security (20190729)","Malwarebytes Premium (20190729)","McAfee Total Protection (20190729)","Norton Security (20190729)","Panda Dome (20190729)","Quick Heal Internet Security (20190729)","Sophos Home Premium (20190729)","Tencent PC Manager (20190729)","Trend Micro Internet Security (20190729)","VIPRE Advanced Security (20190729)","VirIT eXplorer PRO (20190729)","Webroot SecureAnywhere (20190729)","Windows Defender (20190729)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\RegeasyFixer\\RegeasyFixer\\Regeasyfixer.exe","companyName":"EpizyCleanup","productName":"EpizyCleanup","productVersion":"8.5.5.1","fileVersion":"8.5.5.1","hashMD5":"856f882c9380a342432cfa121333afa2","hashSHA1":"0ad74343e614da4c10418577fb354344159800c7","hashSHA256":"7cd8828b3c65c62d5e1f9dce7b169389e693008a8b50491543521ebcdc22ca5e","sourceIndex":"3084","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\RegeasyFixer\\RegeasyFixer\\background\\epizyHost.exe","companyName":"Microsoft","productName":"Diagnostic Service Host","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a254300f20f385d064cbcbd7f0858532","hashSHA1":"fd597f1030cd41894c04d8a07d2b9066a1508e0e","hashSHA256":"45abbe7bae1ee1af99ad91117be24cf7147195069fa8d8d4b9cdf3b5554ba9c5","sourceIndex":"3084","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Start your PC Faster\"","reference":"http://www.regeasyfixer.xyz","landingPage":"http://www.regeasyfixer.xyz","directDownloadingLink":"https://mega.nz/#!iqhAmQ6B!znlyBWw7LSQm38a1R8hI5urWf6V7sBlOefF4sJnXDTQ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/#!iqhAmQ6B!znlyBWw7LSQm38a1R8hI5urWf6V7sBlOefF4sJnXDTQ","sourceIndex":"3084"}],"sampleFiles":["190503/Regeasyfixer-190503/1.0.0.0/Samples/WRCFree.exe","190503/Regeasyfixer-190503/1.0.0.0/Samples/Regeasyfixer.exe","190503/Regeasyfixer-190503/1.0.0.0/Samples/epizyHost.ex_"],"imageFiles":["190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-042/010.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-004/fixing.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-010/010.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-065/install.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-065/main.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-002/002.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-002/002_2.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-002/002_168.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-168/002_168.png","190503/Regeasyfixer-190503/1.0.0.0/Images/ACR-150/150.png"],"guid":"ed7ced64-a440-47c1-867b-7a1dcc972058_1.0.0.0_1","appID":"Regeasyfixer-190503","dateAdded":"190503","deceptorType":"App","name":"Regeasyfixer","company":"Regeasyfixer","version":"1.0.0.0","sigName":"Deceptor:Win32/Regeasyfixer!042004010084014 ","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2216},{"violations":{"ACR-010":"Site downloads malware when claiming to offer a Registry Cleaner application.\n"},"nonDeceptorViolations":{"ACR-150":"The website displays Lifehack, Engadget, Entrepreneur, The Huffington Post and TNW endorsements that are unable to be verified.\n\n","ACR-010":"The app \"Regeasyfixer\" downloaded from download website installs a malware file name \"epizyHost.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system. Example of download link is hxxps://mega.nz/#!iqhAmQ6B!znlyBWw7LSQm38a1R8hI5urWf6V7sBlOefF4sJnXDTQ\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"The site makes unsubstantiated claim that the download app will scan and fix registry issues, instead it install a malware file in the system.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"Start your PC Faster\"","reference":"http://www.regeasyfixer.xyz","landingPage":"http://www.regeasyfixer.xyz","ipv4":"","ipv6":"","sourceIndex":"3083"}],"sampleFiles":[],"imageFiles":["190503/regeasyfixerxyz-190503/190503/Images/ACR-010/010.png"],"nonDeceptorImageFiles":["190503/regeasyfixerxyz-190503/190503/Images/ACR-010/main.png","190503/regeasyfixerxyz-190503/190503/Images/ACR-168/002_168.png","190503/regeasyfixerxyz-190503/190503/Images/ACR-150/150.png"],"guid":"9793b261-f9cb-4d2b-98f0-7c303dea5f1c_190503_1","appID":"regeasyfixerxyz-190503","dateAdded":"190503","deceptorType":"Download Site","name":"regeasyfixer.xyz","company":" Regeasyfixer","version":"190503","sigName":"Deceptor:Affiliate/regeasyfixer.xyz!010","lastKnownStatus":"190503","lastKnownDate":"201105","type":"Download Site","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-11-05T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2215},{"violations":{"ACR-155":"Download ad for another app is inserted above the actual download button to masquerade itself as part of existing committed user workflows.\n"},"nonDeceptorViolations":{"ACR-161":"Does not include reference to quotes, so the quotes cannot be proven to be real.\nDoes not include reference to quotes, so the quotes cannot be proven to be real.\n","ACR-017":"App places unverifiable endorsements and awards on landing page\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"free music download","landingPage":"https://getfreemusic.org/free-downloader.html","directDownloadingLink":"https://getfreemusic.org/php/download.php?i=241697103&e=m","ipv4":"","ipv6":"","sourceIndex":"3081"}],"sampleFiles":[],"imageFiles":["190503/getfreemusic-190422/190422/Images/ACR-155/2019-05-03_16-47-25.png","190503/getfreemusic-190422/190422/Images/ACR-155/2019-04-22_16-55-22.png"],"nonDeceptorImageFiles":["190503/getfreemusic-190422/190422/Images/ACR-017/2019-04-22_16-54-17.png","190503/getfreemusic-190422/190422/Images/ACR-161/2019-04-22_16-54-17.png","190503/getfreemusic-190422/190422/Images/ACR-161/2019-04-22_16-54-17.png","190503/getfreemusic-190422/190422/Images/ACR-155/2019-05-03_16-47-25.png","190503/getfreemusic-190422/190422/Images/ACR-155/2019-04-22_16-55-22.png"],"guid":"08df11ca-bc11-4f44-95c9-66ccafd37949_190422_1","appID":"getfreemusic-190422","dateAdded":"190503","deceptorType":"Download Site","name":"getfreemusic.org","company":"getfreemsuic.com","version":"190422","sigName":"Deceptor:Affiliate/GetFreeMusicOrg!155","lastKnownStatus":"Deceptor:190503","lastKnownDate":"190503","type":"Download Site","category":"Media players","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-05-03T23:52:09.9959678+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2217},{"violations":{"ACR-010":"Site downloads malware when claiming to offer a Registry Cleaner application.\n","ACR-084":""},"nonDeceptorViolations":{"ACR-002":"The app name is not consistent across in landing pages. It shows 3 different names \"Better Mechanic\", \"Epizy Cleanup\" and \"Microsoft Cleanup\".\n","ACR-150":"The app's landing page displays Lifehack, Engadget, Entreprenuer, The Huffington Post and TNW endorsements that are unable to be verified.\n","ACR-010":"The app \"Better Mechanic\" downloaded from download website installs a malware file name \"epizyhost.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system. Example of download link is hxxps://mega.nz/#!GyJjnIRA!ERY92JkxwJT3IpMYBqZS2pBdIlO_h4UpFzxOOUsznL0\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"The site makes unsubstantiated claim that the download app will scan and fix registry issues, instead it install a malware file in the system.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"Start your PC Faster\"","reference":"http://bettermechanic.online","landingPage":"http://bettermechanic.online","ipv4":"","ipv6":"","sourceIndex":"3079"}],"sampleFiles":[],"imageFiles":["190503/bettermechaniconline-190503/190503/Images/ACR-010/010.png"],"nonDeceptorImageFiles":["190503/bettermechaniconline-190503/190503/Images/ACR-010/main.png","190503/bettermechaniconline-190503/190503/Images/ACR-002/002.png","190503/bettermechaniconline-190503/190503/Images/ACR-002/002_168.png","190503/bettermechaniconline-190503/190503/Images/ACR-150/150.png","190503/bettermechaniconline-190503/190503/Images/ACR-168/002_168.png"],"guid":"d928d1ff-afd4-4eec-97df-fa39aed61bef_190503_1","appID":"bettermechaniconline-190503","dateAdded":"190503","deceptorType":"Download Site","name":"bettermechanic.online","company":"Better Mechanic","version":"190503","sigName":"Deceptor:Affiliate/bettermechanic.online!084010","lastKnownStatus":"190503","lastKnownDate":"190503","type":"Download Site","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-05-04T00:35:44.7571779+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2218},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"epizyhost.exe\".\n","ACR-004":"When trying to fix the registry issues found during the free scan, the app hangs and cannot perform any other option only to close the app.\n","ACR-010":"The app installs a malware file name \"epizyhost.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and fix registry issues, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \n","ACR-002":"The app name is not consistent across in landing pages. It shows 3 different names \"Better Mechanic\", \"Epizy Cleanup\" and \"Microsoft Cleanup\".\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n","ACR-150":"The app's landing page displays Lifehack, Engadget, Entreprenuer, The Huffington Post and TNW endorsements that are unable to be verified.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"WRCFree.exe","isInstaller":"True","companyName":"Better Mechanic","productName":"Better Mechanic","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"520fc406027d03716c7b576e70222599","hashSHA1":"7753d41c507aeb72d9a0eb03f2d20db4cf3df9aa","hashSHA256":"435150f370ec1160bce9e8c9954a8c1bf28cc7e9a50f9e3c2c9671b7d2b0fca4","sourceIndex":"3080","avBlockList":["360 Total Security (20190729)","Avast Internet Security (20190729)","AVG Internet Security (20190729)","Avira Internet Security (20190729)","Bitdefender Internet Security (20190729)","COMODO Antivirus (20190729)","Dr.Web Security Space (20190729)","ESET Internet Security (20190729)","G DATA INTERNET SECURITY (20190729)","K7 Total Security (20190729)","Kaspersky Internet Security (20190729)","Malwarebytes Premium (20190729)","McAfee Total Protection (20190729)","Norton Security (20190729)","Panda Dome (20190729)","Quick Heal Internet Security (20190729)","Sophos Home Premium (20190729)","Tencent PC Manager (20190729)","Trend Micro Internet Security (20190729)","VIPRE Advanced Security (20190729)","VirIT eXplorer PRO (20190729)","Webroot SecureAnywhere (20190729)","Windows Defender (20190729)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Better Mechanic\\Better Mechanic\\BetterMechanic.exe","companyName":"EpizyCleanup","productName":"EpizyCleanup","productVersion":"8.5.5.1","fileVersion":"8.5.5.1","hashMD5":"e6935cbbff9dcdddf91225835bcb328e","hashSHA1":"0db36b1178bdcdb2ef5dc8d960a7f01b9d627120","hashSHA256":"90dc995dafbe07feb7965ffa00fc2be8fb3ce6f69ce7898eb88ffda5a5a320cc","sourceIndex":"3080","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Better Mechanic\\Better Mechanic\\background\\epizyHost.exe","companyName":"Microsoft","productName":"Diagnostic Service Host","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"1aae6fffa901d399656e3286b3427cb6","hashSHA1":"eba35e75c7a53a91a011c80992f929ea1e54f980","hashSHA256":"95bfdd6f88972bcf003b700db5be7c223554bff5f71ee2df438a57b7230641ee","sourceIndex":"3080","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Start your PC Faster\"","reference":"http://bettermechanic.online","landingPage":"http://bettermechanic.online","directDownloadingLink":"https://mega.nz/#!GyJjnIRA!ERY92JkxwJT3IpMYBqZS2pBdIlO_h4UpFzxOOUsznL0","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mega.nz/#!GyJjnIRA!ERY92JkxwJT3IpMYBqZS2pBdIlO_h4UpFzxOOUsznL0","sourceIndex":"3080"}],"sampleFiles":["190503/BetterMechanic-190503/1.0.0.0/Samples/WRCFree.exe","190503/BetterMechanic-190503/1.0.0.0/Samples/BetterMechanic.exe","190503/BetterMechanic-190503/1.0.0.0/Samples/epizyHost.ex_"],"imageFiles":["190503/BetterMechanic-190503/1.0.0.0/Images/ACR-042/010.png","190503/BetterMechanic-190503/1.0.0.0/Images/ACR-004/fixing.png","190503/BetterMechanic-190503/1.0.0.0/Images/ACR-010/010.png","190503/BetterMechanic-190503/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["190503/BetterMechanic-190503/1.0.0.0/Images/ACR-065/install.png","190503/BetterMechanic-190503/1.0.0.0/Images/ACR-065/main.png","190503/BetterMechanic-190503/1.0.0.0/Images/ACR-002/002.png","190503/BetterMechanic-190503/1.0.0.0/Images/ACR-002/002_168.png","190503/BetterMechanic-190503/1.0.0.0/Images/ACR-168/002_168.png","190503/BetterMechanic-190503/1.0.0.0/Images/ACR-150/150.png"],"guid":"ec9a7446-01bb-43c7-90e5-99fc0aeafb15_1.0.0.0_1","appID":"BetterMechanic-190503","dateAdded":"190503","deceptorType":"App","name":"Better Mechanic","company":"BetterMechanic","version":"1.0.0.0","sigName":"Deceptor:Win32/BetterMechanic!042004010084014","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190503","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-05-04T00:34:07.3250428+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2219},{"violations":{"ACR-010":"Site downloads malware when claiming to offer a Registry Cleaner application.\n"},"nonDeceptorViolations":{"ACR-002":" The app name is not consistent across in landing pages. It shows 3 different names \"PC REGCLEANERS\", \"Epizy Cleanup\" and \"Microsoft Cleanup\". \n\n","ACR-010":"The app \"PC Regcleaners\" downloaded from download website installs a malware file name \"epizyhost.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system. Example of download link is hxxps://ln.sync.com/dl/8a8015090/n55rebrf-kydrh4c8-9b6t763b-9ah6yv6q/view/default/2360223670011\n","ACR-168":" The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user. \n","ACR-014":"The site makes unsubstantiated claim that the download app will scan and fix registry issues, instead it install a malware file in the system.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"Start your PC Faster\"","reference":"pcregcleaners.online","landingPage":"pcregcleaners.online","ipv4":"","ipv6":"","sourceIndex":"3087"}],"sampleFiles":[],"imageFiles":["190502/pcregcleanersonline-190502/5.0.0.0/Images/ACR-010/010.png"],"nonDeceptorImageFiles":["190502/pcregcleanersonline-190502/5.0.0.0/Images/ACR-010/main.png","190502/pcregcleanersonline-190502/5.0.0.0/Images/ACR-002/002.png","190502/pcregcleanersonline-190502/5.0.0.0/Images/ACR-002/002_168.png","190502/pcregcleanersonline-190502/5.0.0.0/Images/ACR-168/002_168.png"],"guid":"cd0bdab6-0662-4784-8392-4e451e915da0_5.0.0.0_1","appID":"pcregcleanersonline-190502","dateAdded":"190502","deceptorType":"Download Site","name":"pcregcleaners.online","company":"PC Regcleaners LLP","version":"5.0.0.0","sigName":"Deceptor:Affiliate/pcregcleaners.online","lastKnownStatus":"190502","lastKnownDate":"201105","type":"Download Site","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-11-05T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2220},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"epizyhost.exe\".\n","ACR-004":"When trying to fix the registry issues found during the free scan, the app hangs and cannot perform any other option only to close the app.\n","ACR-010":"The app installs a malware file name \"epizyhost.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and fix registry issues, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information\n","ACR-002":"The app name is not consistent across in landing pages. It shows 3 different names \"PC REGCLEANERS\", \"Epizy Cleanup\" and \"Microsoft Cleanup\".\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"WRCFree.exe","isInstaller":"True","companyName":"Pcregcleaners LLP","fileVersion":"5.0","hashMD5":"6eccbc5b3d1f8f52a4b1e6632b622a95","hashSHA1":"488f9a5f7eb9ec5c143da6dcd7c0dd2cfb54379c","hashSHA256":"cb147a4d5cd13d5e40ca0b95dbe8ca069128fe1160a54a1793d40735e1735675","sourceIndex":"3086","avBlockList":["360 Total Security (20190725)","Avast Internet Security (20190725)","AVG Internet Security (20190725)","Avira Internet Security (20190725)","Bitdefender Internet Security (20190725)","COMODO Antivirus (20190725)","Dr.Web Security Space (20190725)","ESET Internet Security (20190725)","G DATA INTERNET SECURITY (20190725)","K7 Total Security (20190725)","Kaspersky Internet Security (20190725)","Malwarebytes Premium (20190725)","McAfee Total Protection (20190725)","Norton Security (20190725)","Panda Dome (20190725)","Quick Heal Internet Security (20190725)","Sophos Home Premium (20190725)","Tencent PC Manager (20190725)","Trend Micro Internet Security (20190725)","VIPRE Advanced Security (20190725)","VirIT eXplorer PRO (20190725)","Webroot SecureAnywhere (20190725)","Windows Defender (20190725)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Pcregcleaners LLP\\Pcregcleaners\\background\\epizyhost.exe","companyName":"Epizy Cleaner","fileVersion":"10.5","hashMD5":"d3695488f913da844aa79fb363920898","hashSHA1":"e0b0d38fe690ddee986ba320acdfe508df7d4a09","hashSHA256":"323bce93cfdc7f5688992e0cf10d3a8cc5d60b7f863b90025e34af73db01bf0a","sourceIndex":"3086","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Pcregcleaners LLP\\Pcregcleaners\\PcRegcleaners.exe","companyName":"EpizyCleanup","fileVersion":"8.5","hashMD5":"4b4cc81e8617fce410807983f94212a9","hashSHA1":"880d330102befb1d32780f17f9fb79fa6d052018","hashSHA256":"bc74e5329edff1e50610b52689d2fde3bce0a9065e3442e036ba2105fca2e050","sourceIndex":"3086","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Start your PC Faster\"","reference":"http://pcregcleaners.online/","landingPage":"http://pcregcleaners.online/","directDownloadingLink":"https://ln.sync.com/dl/8a8015090/n55rebrf-kydrh4c8-9b6t763b-9ah6yv6q/view/default/2360223670011","ipv4":"","ipv6":"","landingPageWildChar":"","directDownloadingLinkWildChar":"https://ln.sync.com/dl/8a8015090/n55rebrf-kydrh4c8-9b6t763b-9ah6yv6q/view/default/2360223670011","sourceIndex":"3086"}],"sampleFiles":["190502/PCRegcleaners-190502/5.0.0.0/Samples/WRCFree.exe","190502/PCRegcleaners-190502/5.0.0.0/Samples/epizyhost.ex_","190502/PCRegcleaners-190502/5.0.0.0/Samples/PcRegcleaners.exe"],"imageFiles":["190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-042/010.png","190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-010/010.png","190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-084/084.png","190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-004/fixing.png"],"nonDeceptorImageFiles":["190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-065/install.png","190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-065/main.png","190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-002/002.png","190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-002/002_168.png","190502/PCRegcleaners-190502/5.0.0.0/Images/ACR-168/002_168.png"],"guid":"1e0f2a82-f8b3-40d1-b9b3-29a98402b951_5.0.0.0_1","appID":"PCRegcleaners-190502","dateAdded":"190502","deceptorType":"App","name":"PC Regcleaners","company":"Pcregcleaners LLP","version":"5.0.0.0","sigName":"Deceptor:Win32/PCRegcleaners!042010084014004","lastKnownStatus":"Deceptor:5.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2221},{"violations":{"ACR-004":"The app only provides free fixes for some of the free scans, and then requires the consumer to pay to fix the rest of the free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"Install does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe app does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not show links to the Returns and Cancellation Policy.\nThe internal offers page does not provide links to the EULA.\n","ACR-099":"The app does not provide links to uninstall information.\nThe landing page does not provide links to uninstall information.\nThe internal offers page does not provide links to uninstall information.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable certifications.\n"},"samples":[{"isRevoked":"False","fileName":"SpeedUpMac","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3cca1d24da7db670291062cf4de8e5a9dfabfcd48d6dc1584100f3bbba043562","sourceIndex":"3031","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpeedUpMac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8ccd6071a83a97605810bd833c7cb67123f228e14765b18fba196a07b22aca66","sourceIndex":"3031","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"stellar-info.com/speed-up-mac.php?ClickID=cls7qeqx4nxknwwzzpialzzvfxvszwlveki\t","directDownloadingLink":"http://download.stellardatarecovery.com/Regnow/StellarSpeedUpMac.dmg.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.stellardatarecovery.com/Regnow/StellarSpeedUpMac.dmg.zip","sourceIndex":"3031"}],"sampleFiles":["190501/SpeedUpMac-190501/3.0.0.0/Samples/SpeedUpMac","190501/SpeedUpMac-190501/3.0.0.0/Samples/SpeedUpMac.dmg"],"imageFiles":["190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-004/SpeedUp Mac Top of Internal Offers.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-004/SpeedUp Mac Scan Results.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-004/SpeedUp Mac Only Some Fixes.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-004/SpeedUp Mac Enter Registration Key.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-004/SpeedUp Mac ACR-004.gif"],"nonDeceptorImageFiles":["190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-065/SpeedUp Mac Install.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-065/SpeedUp Mac About Page.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-065/SpeedUp Mac Bottom of Landing Page.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-065/SpeedUp Mac Bottom of Internal Offers.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-017/SpeedUp Mac Bottom of Landing Page.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-099/SpeedUp Mac About Page.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-099/SpeedUp Mac Bottom of Landing Page.png","190501/SpeedUpMac-190501/3.0.0.0/Images/ACR-099/SpeedUp Mac Bottom of Internal Offers.png"],"guid":"368b1db1-8b44-4842-9b29-8bdb3fec3666_3.0.0.0_1","appID":"SpeedUpMac-190501","dateAdded":"190501","deceptorType":"MacOS App","name":"SpeedUp Mac","company":"Stellar Information Technologies Pvt. Ltd.","version":"3.0.0.0","sigName":"Deceptor:MacOS/SpeedUpMac!004","firstVendorContactDate":"190509","firstAppEsteemReplyDate":"190509","firstResolvedVersion":"","lastKnownStatus":"Deceptor:3.0.0.0; 3.0.0.5","lastKnownDate":"190606","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-06-06T20:57:11.035019+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2222},{"violations":{"ACR-004":"The app does not provide free non-permanent fixes for free scan results.\n"},"nonDeceptorViolations":{"ACR-065":"The install does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe software's about page does not show links to the EULA, the Returns and Cancellation Policy, or the Privacy Policy.\nThe landing page does not show a link to the Returns and Cancellation Policy.\n","ACR-099":"The app does not have links to uninstall information.\nThe landing page does not have links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"SmartMacCleaner","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"55a8b22a0c322f4676054e0549c713ca0d4f329c4544e6740286136e582f943d","sourceIndex":"3078","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SmartMacCleaner.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"01795fcf372d601e68414c74f31ce1ed9eb7dd84c4b33aa57b2d0395e4abacbe","sourceIndex":"3078","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Hazel","landingPage":"https://smartpctools.com/smart-mac-cleaner/","directDownloadingLink":"https://smartpctools.com/files/SmartMacCleaner.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://smartpctools.com/files/SmartMacCleaner.dmg","sourceIndex":"3078"}],"sampleFiles":["190501/SmartMacCleaner-190501/1.0/Samples/SmartMacCleaner","190501/SmartMacCleaner-190501/1.0/Samples/SmartMacCleaner.dmg"],"imageFiles":["190501/SmartMacCleaner-190501/1.0/Images/ACR-004/Smart Mac Cleaner Activate Now.png","190501/SmartMacCleaner-190501/1.0/Images/ACR-004/Smart Mac Cleaner Top of Internal Offers.png","190501/SmartMacCleaner-190501/1.0/Images/ACR-004/Smart Mac Cleaner Scan Results.png","190501/SmartMacCleaner-190501/1.0/Images/ACR-004/Smart Mac Cleaner ACR-004.gif"],"nonDeceptorImageFiles":["190501/SmartMacCleaner-190501/1.0/Images/ACR-065/Smart Mac Cleaner Install.png","190501/SmartMacCleaner-190501/1.0/Images/ACR-065/Smart Mac Cleaner About Page.png","190501/SmartMacCleaner-190501/1.0/Images/ACR-065/Smart Mac Cleaner Bottom of Landing Page.png","190501/SmartMacCleaner-190501/1.0/Images/ACR-099/Smart Mac Cleaner About Page.png","190501/SmartMacCleaner-190501/1.0/Images/ACR-099/Smart Mac Cleaner Bottom of Landing Page.png","190501/SmartMacCleaner-190501/1.0/Images/ACR-099/Smart Mac Cleaner Bottom of Internal Offers.png"],"guid":"869af76c-c120-458d-b9ce-550dc15aa5f0_1.0_1","appID":"SmartMacCleaner-190501","dateAdded":"190501","deceptorType":"MacOS App","name":"Smart Mac Cleaner","company":"Smart PC Solutions","version":"1.0","sigName":"Deceptor:MacOS/SmartMacCleaner!004","firstVendorContactDate":"190506","firstAppEsteemReplyDate":"190506","firstResolvedDate":"190506","firstResolvedVersion":"2.0.1","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190501","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-05-07T00:38:45.8431033+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2223},{"violations":{"ACR-003":"Displays fake threat scamming message and scare user to download additional application to clean up.\n","ACR-010":"The offered app “PC Repair Tool” is a Deceptor application (QBIT System Care).\n","ACR-014":"Display fake threat information via scamming message, thus scare user to download the additional application for monetizing.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"Step 2: Install and launch the application\"","reference":"http://www.microsoft.com-maintenance-pc.live/tonic2/?ip=76.22.19.201&city=Bothell&os=Windows%2010&model=Desktop&td=tracking.marketing&zn=&sc=1d5710c9-701e-49c1-9f12-f769f8328be3&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F72.0.3626.81%20Safari%2F537.36&browser=Chrome&browserversion=Chrome%2072&language=en&connection=CABLE&isp=Comcast%20Cable%20Communications%20inc.&carrier=&campid=82c9f84c-da43-4597-b538-cda783516df8&cep=etOioFhcIDvGjftzIqMFeywaMxn5km9kf4OMBPg3GzAn73U_-s73OX9CVxD20dTjUp-F1DnWPoamyXvbwWXOLMLEx_WK7Ajgnda977J8oluZfYEXBdG4_UQxIBgFVGP-eYfFsVhNhfPS1K9ktKY0Lc8IDpk_uj-7Q4SY1qP9TlxM0djpv--mrVgr7o4g9QvSDdQfUVPv3j0NPd-34XE_-g&publisherid=&clickid=","landingPage":"search-central.net/","ipv4":"","ipv6":"","sourceIndex":"3088"}],"sampleFiles":[],"imageFiles":["190501/search-central-net-190429/190429/Images/ACR-003/SearchCentralNet.mp4","190501/search-central-net-190429/190429/Images/ACR-014/014.png","190501/search-central-net-190429/190429/Images/ACR-010/010.png"],"nonDeceptorImageFiles":[],"guid":"347e4fd3-df5f-445c-9d9b-bffea531623d_190429_1","appID":"search-central-net-190429","dateAdded":"190501","deceptorType":"Affiliate","name":"search-central-net","company":"SearchCentralNet","version":"190429","sigName":"Deceptor:Affiliate/SearchCentralNet!003010014","lastKnownStatus":"Deceptor:190429","lastKnownDate":"190501","type":"Affiliate","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2019-05-02T05:01:51.1842161+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2224},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"qbpssetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Qbit- PC-Speedup                                            ","productVersion":"1.0.0.1                                           ","fileVersion":"1.0.0.1             ","hashMD5":"93d0c4c73771bb97e7e0e2b1d713f336","hashSHA1":"4e73c2cfaf9e5513fc37a3a9b38438eb5f94f082","hashSHA256":"7e1311eb4cc0d6c21bda3d43878dacb0be8900892e18a3b7838a8c242e883ae5","digitalCertThumbprint":"E4660F629AA5BC2D2889514F25E8885063FBD1BD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=STELLAR PC SOLUTlONS, O=STELLAR PC SOLUTlONS, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"3089","avBlockList":["360 Total Security (20190530)","Avast Internet Security (20190530)","AVG Internet Security (20190530)","Avira Internet Security (20190530)","Bitdefender Internet Security (20190530)","COMODO Antivirus (20190530)","Dr.Web Security Space (20190530)","ESET Internet Security (20190530)","G DATA INTERNET SECURITY (20190530)","K7 Total Security (20190530)","Kaspersky Internet Security (20190530)","Malwarebytes Premium (20190530)","McAfee Total Protection (20190530)","Norton Security (20190530)","Panda Dome (20190530)","Quick Heal Internet Security (20190530)","Sophos Home Premium (20190530)","Tencent PC Manager (20190530)","Trend Micro Internet Security (20190530)","VIPRE Advanced Security (20190530)","VirIT eXplorer PRO (20190530)","Webroot SecureAnywhere (20190530)","Windows Defender (20190530)"],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\Qbit- PC-Speedup for DESKTOP-8QAR3KI\\rtc.exe","productName":"Secure-PC-Tool","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"b4a8f9f82772c135338c5f2dfddaabc1","hashSHA1":"3e56aee40ac130e218c576a258286aeca6ec8693","hashSHA256":"75cd0246fcd27dbffb6c2ffcc77f6b5c497ed6d167e29162c048a5a865141f44","digitalCertThumbprint":"E4660F629AA5BC2D2889514F25E8885063FBD1BD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=STELLAR PC SOLUTlONS, O=STELLAR PC SOLUTlONS, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"3089","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"PC protection utility\"","reference":"http://www.opcspeedtools.club/","landingPage":"http://www.opcspeedtools.club/","directDownloadingLink":"http://dl.opcspeedtools.club/qbps/securerc/opcspeedtools_club/qbpssetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.opcspeedtools.club/qbps/securerc/opcspeedtools_club/qbpssetup.exe","sourceIndex":"3089"}],"sampleFiles":["190501/QBITPCSpeedup-190429/1.0.0.1/Samples/qbpssetup.exe","190501/QBITPCSpeedup-190429/1.0.0.1/Samples/rtc.exe"],"imageFiles":["190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-042/010.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-048/048.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-003/scan.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-003/main.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-003/048.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-004/scan.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-004/150_171.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-010/010.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-084/084.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-097/startup.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-168/scan.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-168/168.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-057/010.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-055/010.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-059/010.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-017/017.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-161/161.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-099/099.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-150/150_171.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-171/150_171.png","190501/QBITPCSpeedup-190429/1.0.0.1/Images/ACR-171/171.png"],"guid":"3ee82cde-9eb7-4f86-ab2f-5d2a2e9a816c_1.0.0.1_1","appID":"QBITPCSpeedup-190429","dateAdded":"190501","deceptorType":"App","name":"QBIT PC Speedup","company":"STELLAR PC SOLUTlONS","version":"1.0.0.1","sigName":"Deceptor:Win32/QBITPCSpeedup!003004010042048055057059084097155168","lastKnownStatus":"Deceptor:1.0.0.1","lastKnownDate":"190501","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-02T04:59:26.8789333+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2225},{"violations":{"ACR-003":"Displays fake threat scamming message and scare user to download additional application to clean up. \n","ACR-014":"Display fake threat information via scamming message, thus scare user to download the additional application for monetizing \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"certified app monitor","reference":"Wintonic","landingPage":"https://tools.system-repair.online/fr/tool/index.html?osversion=Windows%2010&cep=jZkSadhLO2R4lL2M9z81PZOklcz2kHeXZeB8UeXPvUreBOEcIsX8fvjFGEwEqdKCOM6JWeYHTG2SbWCG_q_03euWbYXAotpNTT4Ggy9y1N1JC8Djfmbj1jLoH_LGyceOqY9Q4JBewCvfdqfLwg-B_Wudr7RjbTQQ48rjLPpo2SgILw4ZGmjfGjwXvpHnJQRh_sul9XmHEwqTD3dRZuE0iyABWJ-21Pxd0GPV0G6SF8DhQntAhozBFVTG4i7SNdoV&pub=5903&pid=5903-a43e09az&sid=6683859948939509882","ipv4":"","ipv6":"","sourceIndex":"3094"},{"howFound":"","reference":"","landingPage":"https://tools.systems-repair.com/fr/tool/index.html?osversion=Windows%208.1&cep=eNqpLed6zEW3Oymm1hMBhJNx7rEnzlOrunsMu6cChxr8mO3qvAwT84HS5S-MMz3Kx6xYNlac-0yki-JTsn-pvuDjZ-f_WT1R0gqYD_Cd19oLlZMe96XzgCPIjAVs3-MBRpvbOqjvQRHSVn6Z3ljxLdC_HgKUC6Zzctp3KETsmKz3H6eeO9S2s5CKP69mhHKty2cir96P50CNmylwky83miS8ehFIJRIdYrsUmAArIQ5bD7UtgLD89IzMAZq751Lb&pub=5903&pid=5903-4a1a27dz&sid=6684596660401602621","ipv4":"","ipv6":"","sourceIndex":"3095"}],"sampleFiles":[],"imageFiles":["190428/system-repair-online-190426/190426/Images/ACR-003/OndSafePCCleaner2019-04-26_18-13-21.mp4","190428/system-repair-online-190426/190426/Images/ACR-014/Affiliate_onesafepcclean.PNG"],"nonDeceptorImageFiles":[],"guid":"1a6da13b-4e44-458a-b7f6-fa1e638a8ca2_190426_1","appID":"system-repair-online-190426","dateAdded":"190428","deceptorType":"Affiliate","name":"system-repair-online","company":"SystemRepairOnline","version":"190426","sigName":"Deceptor:Affiliate:/system-repair-online!003014","lastKnownStatus":"Deceptor:190426","lastKnownDate":"190428","type":"Affiliate","category":"Personalization & Search","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2019-04-29T00:29:23.4108811+00:00","notDistributed":false,"familyName":"system-repair-online","numInFamily":1,"numInAppID":1,"sortOrder":2226},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-107":"App includes malware checking components. It is not clear whether app uses licensed 3rd party license engine or in house developed scan engine. If using 3rd party engine, it needs to disclose in EULA.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app alert the consumer using voice messages, thereby misleading or scaring user to take action.\n","ACR-004":"The app needs to provide free fix for the identified issues as it provides only “Free Scan” and should avoid raising \"Urgency/Priority/Color Graphic\" for the identified issues.\n","ACR-007":"App does not obtain informed consent before disabling Windows Defender process during startup. Need to let user know that Windows Defender is the built-in Windows antivirus and removing this entry will leave system vulnerable.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable or expired endorsements\n","ACR-084":"The silence installation option exist in the app. The usage of this silence installation need to be disclosed if this is necessary for app. \"\"<qbcpsetup.exe>\" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART \" and the app does not show itself in the startup manager\n","ACR-168":"The app displays a support call center phone number, but does not disclose side by side that additional offers may be made on the one-on-one interaction with the consumer and does not provide an equally prominent non-interaction option to the consumer\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-014":"App misleads user that System Performance, Startup/Uninstall and System/Software relate as a high impact on system performance and the color bar raises sense of urgency and priority to the consumer. The app needs to cleanup the words \"error\". Also, the app raises alarm through voice messages and alerts through notifications after the scan is complete.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline\n","ACR-059":"The offer is not marked as Offer, the recommended by \"who\" is not clear. App should: 1. Change to “Recommended by <>”  2. Add at least “Offer” to clearly mark it is an offer\n","ACR-039":"The offered app discloses EULA and Privacy Policy in hyperlink which opens EULA but the consumer required to find the \"Privacy Policy\" at the bottom of the page.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-038":"The app doesn't disclose (Original Filename, Company Name, Product Name File Version and Product Version) version information for the following executables: gmtrs.dll, rtc.exe and qbcpsetup.exe\n","ACR-161":"The quotes and testimonials needs to be verifiable.\n","ACR-088":"The app performs system scan automatically after the installation without consumer's consent\n","ACR-160":"The app needs to use \"Certified\" call center\n","ACR-167":"The app's refund policy mentions 60 days in EULA but the internal offers page mentions 30 days refund policy which contradicts with EULA.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"qbcpsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Qbit-Clean-Pro                                              ","productVersion":"1.0.0.18                                          ","fileVersion":"1.0.0.18            ","hashMD5":"33755927de72f29469dae78a53b16583","hashSHA1":"ca9908c434df695252c0b7e01e6bac78d0fc86d6","hashSHA256":"a11560e9b5a99b592cfbcee72a43d61cbec1f61433fa10db50bfb9576d301031","digitalCertThumbprint":"9A1EDA89340461C3684A1C5567F30E181AADF310","digitalCertIssuer":"Sectigo RSA Code Signing CA","digitalCertIssuedTo":"COMPETENCE TECHNOLOGIES","sourceIndex":"499","avBlockList":["360 Total Security (20190527)","Avast Internet Security (20190527)","AVG Internet Security (20190527)","Avira Internet Security (20190527)","Bitdefender Internet Security (20190527)","COMODO Antivirus (20190527)","Dr.Web Security Space (20190527)","ESET Internet Security (20190527)","G DATA INTERNET SECURITY (20190527)","K7 Total Security (20190527)","Kaspersky Internet Security (20190527)","Malwarebytes Premium (20190527)","McAfee Total Protection (20190527)","Norton Security (20190527)","Panda Dome (20190527)","Quick Heal Internet Security (20190527)","Sophos Home Premium (20190527)","Tencent PC Manager (20190527)","Trend Micro Internet Security (20190527)","VIPRE Advanced Security (20190527)","VirIT eXplorer PRO (20190527)","Webroot SecureAnywhere (20190527)","Windows Defender (20190527)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Scamming Affiliate","reference":"WinTonic","landingPage":"https://tools.system-repair.online/fr/tool/index.html?osversion=Windows%207&cep=GyHYN1Ysms9zdCeP2bCTRhGrgFqd-GI1ppxmxqk-X_T77V1WPi8fu-nW5741SlYiCOcrFVn4Gm5N3yMbvwPDGyCrBvHAGKeLLUalCE6FF2Qy3nZTrYWl-4bJtfHBl8N5brBi5Skxh9gos7C9XdDxX5wXXlqv9B8nv15z7hEI9rCxzC1Tvo5hKPL6Ika0UYEiHZ6OsnQ3nFe4bFkg5GohjHv_gFVgCbGGlmuGUIa7fmqQPAqamFx2juAwJv3-4-ubyBTkESTynlxfrZfmsg5Hx7OTT-JL7feYVfNpWlTxRECOPx2o-w8hMoIiR-9OAZE8GFoiCHte5DHR6nQNF4SVD_eeGQtnxGcTdnNBpyMsIGw&zone=1242784&lang=FR&time=1555379537&campaing=125141820&ban=22635854&ssp=&udid=&org=Free%20SAS&advertiser=76327&clickid=15553795221537553057156133472002819","directDownloadingLink":"http://dl.qbitspeedytool.club/qbcp/securerc/qbitspeedytool_club/qbcpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"499"}],"sampleFiles":["190428/QbitCleanPro-190426/1.0.0.18/Samples/qbcpsetup.exe"],"imageFiles":["190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-039/ACR-039_Install_Does_Not_Disclose_PrivacyPolicy.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-055/ACR-055_Bundler-MadeOffers_Does_Not_Have_AcceptOrDecline_Option.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-042/ACR-042_Install_Offered_Product_Without_Explicit_User_Consent.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-003/ACR-003_Software_Exaggerates_And_Raises_Alarming.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_Results.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-007/ACR-007_Software_Didn't_Provide_Disclaimer_About_Systmer_Might_Be_Vulnerable.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-010/ACR-010_Bundler-MadeOffers_Deceptive_Product.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-014/ACR-014_Software_Raises_Urgency&Priority.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-014/ACR-014_Software_Raises_Urgency&Priority1.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-014/ACR-014_Software_Raises_Urgency&Priority2.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-014/ACR-014_Software_Uses_Exaggerated_Word.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-017/ACR-017_InternalOffers_Unable_To_Verify_Logos.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-004/ACR-004_Software_Raises_Urgency&Priority.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-004/ACR-004_Software_Raises_Urgency&Priority1.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-004/ACR-004_Software_Raises_Urgency&Priority2.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-084/ACR-084_Software_Does_Not_List_Its_Own_App_In_Startup_Manager.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-084/ACR-084_Software_Uses_Silent_Install.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-168/ACR-168_Software_No_Disclosure_About_AdditionalOffers.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-057/ACR-057_Bundler-MadeOffers_Does_Not_AcceptOrDecline_Option.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-059/ACR-059_Bundler-MadeOffers_Not_Clearly_Marked_As_An_Offer.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-155/ACR-155_Bundler-MadeOffers_Committed_Into_Existing_Flow.JPG"],"nonDeceptorImageFiles":["190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-038/ACR-038_Install_Does_Not_Have_CompanyName.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-161/ACR-161_InternalOffers_Unable_To_Verify_Testimonials.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-088/ACR-088_Software_Scans_Automatically_After_Installation.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-160/ACR-160_Software_Uses_Non_Certified_Call_Center.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-167/ACR-167_Docs_RefundPolicy_Needs_To_Be_Consistent.JPG","190428/QbitCleanPro-190426/1.0.0.18/Images/ACR-171/ACR-171_InternalOffers_Additional_Offers_Are_Opt-In_By_Default.JPG"],"guid":"9dd057d6-8002-4540-81fa-9a8b311a5468_1.0.0.18_1","appID":"QbitCleanPro-190426","dateAdded":"190428","deceptorType":"App","name":"QbitCleanPro","company":"COMPETENCE TECHNOLOGIES","version":"1.0.0.18","sigName":"Deceptor:Win32/QbitCleanPro!039055107042003007010014017004084168057059155","lastKnownStatus":"Deceptor:1.0.0.18","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 10,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center,cross-sell other apps,paid","lastUpdate":"2024-10-23T21:49:10.9711683+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2057},{"violations":{"ACR-109":"Installer does not ask for user consent before installing unrelated app, \"Game Spy Arcade\" on to computer.\n","ACR-043":"Installer claims to only install \"Halo, however it also installs \"Game Spy Arcade\", without disclosing the information.\n","ACR-039":"App offered by SoftFamous as \"Halo Combat\", downloaded as \"Halo Combat\". But when run, prompts with a new publisher (\"XLNT Web Services SRL\"), then the UAC prompt renames the app to \"Lepibafame\". When it launches, it's named \"Halo Combat\" with no reference to \"SoftFamous\"\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"halo_combat_evolved_setup1557_1501284728.exe","isInstaller":"True","companyName":"N/A","productName":"Relok","productVersion":"2.6","fileVersion":"5.1.1.2","hashMD5":"c7ec12cb4fb2f3a87a18ac56229589de","hashSHA1":"d74f260ec13750611fb7e0d2b0835aa428906aad","hashSHA256":"69ce5569c656b2f587d7c82f6d138432aab9812678159a75fa1701d828b4a397","digitalCertThumbprint":"978B1463DC688EF2801C3588050BCF339F31F601","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=XLNT Web Services SRL, OU=IT, O=XLNT Web Services SRL, L=Bucuresti, C=RO","sourceIndex":"3096","avBlockList":["360 Total Security (20190722)","Avira Internet Security (20190722)","Bitdefender Internet Security (20190722)","COMODO Antivirus (20190722)","ESET Internet Security (20190722)","G DATA INTERNET SECURITY (20190722)","K7 Total Security (20190722)","Kaspersky Internet Security (20190722)","Malwarebytes Premium (20190722)","McAfee Total Protection (20190722)","Norton Security (20190722)","Panda Dome (20190722)","Quick Heal Internet Security (20190722)","Sophos Home Premium (20190722)","Tencent PC Manager (20190722)","Trend Micro Internet Security (20190722)","VIPRE Advanced Security (20190722)","VirIT eXplorer PRO (20190722)","Webroot SecureAnywhere (20190722)","Windows Defender (20190722)"],"avAllowList":["Avast Internet Security (20190722)","AVG Internet Security (20190722)","Dr.Web Security Space (20190722)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"free halo download","landingPage":"https://softfamous.com/halo-combat-evolved/","directDownloadingLink":"https://softfamous.com/halo-combat-evolved/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://softfamous.com/halo-combat-evolved/download/","sourceIndex":"3096"}],"sampleFiles":["190426/SoftFamousInstaller-190424/2.6/Samples/halo_combat_evolved_setup1557_1501284728.exe"],"imageFiles":["190426/SoftFamousInstaller-190424/2.6/Images/ACR-109/2019-04-24_14-25-09.gif","190426/SoftFamousInstaller-190424/2.6/Images/ACR-109/2019-04-24_14-31-28.png","190426/SoftFamousInstaller-190424/2.6/Images/ACR-039/039 - saved as halo_combat.png","190426/SoftFamousInstaller-190424/2.6/Images/ACR-039/039 named as Halo Combat with no reference to SoftFamous.png","190426/SoftFamousInstaller-190424/2.6/Images/ACR-039/039 shown in uac as Lepibafame.png","190426/SoftFamousInstaller-190424/2.6/Images/ACR-039/039 shown  pass has halo combat and publisher as XLNT Web Services SRL.png","190426/SoftFamousInstaller-190424/2.6/Images/ACR-039/039 offered as halo combat .png","190426/SoftFamousInstaller-190424/2.6/Images/ACR-043/2019-04-24_17-32-52.png","190426/SoftFamousInstaller-190424/2.6/Images/ACR-043/2019-04-24_14-25-09.gif","190426/SoftFamousInstaller-190424/2.6/Images/ACR-043/2019-04-24_14-31-28.png"],"nonDeceptorImageFiles":[],"guid":"94d803cb-6be0-41c7-8e74-00c656ec7bbb_2.6_1","appID":"SoftFamousInstaller-190424","dateAdded":"190426","deceptorType":"Bundler","name":"SoftFamousInstaller","company":"SoftFamous","version":"2.6","sigName":"Deceptor:Win32/SoftFamousDownloadManager!039043109","lastKnownStatus":"Deceptor:2.6","lastKnownDate":"190426","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2019-04-27T00:48:05.23105+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2227},{"violations":{"ACR-003":"The app shows gauges indicating that deleting Languages have high improvement potential. App uses gauges that show that cleaning out cache or deleting languages could have high improvement potential. App uses \"Attention!\" on a red banner to scare the consumer. App uses red text to display the number of items in each section.\n","ACR-004":"The App requires the customer to purchase the app to fix the non-permanent issues identified during a free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-014":"App implies that severity can by \"high\" for items that are not severe.\n"},"nonDeceptorViolations":{"ACR-065":"The landing page does not display links to the Returns and Cancellation Policy.\nThe app does not display links to it's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe internal offers page does not display links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app does not display links to uninstall information.\nthe landing page does not show links to uninstall information.\nThe internal offers page does not show links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"Freshmac","fileVersion":"0.","hashMD5":"27b348131e07b7c6c52b3eedd191a3de","hashSHA1":"bacb21315dd5bb3947cda5b50273705ca0f1f5d2","hashSHA256":"521ae6cfadbbd0a1de800a9fba5fd13ddd503f943d4f976632916a17c09fdc9d","sourceIndex":"1324","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Freshmac.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"4d3c9580ccc55e619e63115ec032bb58","hashSHA1":"c976ceee599c5e8e2ff8784cd0b4bacd4cb4d191","hashSHA256":"de079cc70ebb6ff2fc4427b1c3bf50bd5a5a0300c5623bfd9ebdce376c2e4dcb","sourceIndex":"1324","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"referenced by how-to from Mac Security \"https://macsecurity.net/view/106-uninstall-popcorn-time-adware-from-mac-os-x\"","landingPage":"http://freshmac.com","directDownloadingLink":"http://cdn.freshmac.com/downloads/Freshmac.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.freshmac.com/downloads/Freshmac.pkg","sourceIndex":"1324"}],"sampleFiles":["190422/FreshMac-190417/1/Samples/Freshmac","190422/FreshMac-190417/1/Samples/Freshmac.pkg"],"imageFiles":["190422/FreshMac-190417/1/Images/ACR-003/FreshMac Scan Results.png","190422/FreshMac-190417/1/Images/ACR-014/FreshMac Scan Results.png","190422/FreshMac-190417/1/Images/ACR-004/FreshMac Activate Now.png","190422/FreshMac-190417/1/Images/ACR-004/FreshMac Before Internal Offers.png","190422/FreshMac-190417/1/Images/ACR-004/FreshMac Internal Offers.png","190422/FreshMac-190417/1/Images/ACR-004/FreshMac Scan Results.png"],"nonDeceptorImageFiles":["190422/FreshMac-190417/1/Images/ACR-065/FreshMac Bottom of Landing Page.png","190422/FreshMac-190417/1/Images/ACR-065/FreshMac Scanning.png","190422/FreshMac-190417/1/Images/ACR-065/FreshMac Internal Offers.png","190422/FreshMac-190417/1/Images/ACR-099/FreshMac Scanning.png","190422/FreshMac-190417/1/Images/ACR-099/FreshMac Bottom of Landing Page.png","190422/FreshMac-190417/1/Images/ACR-099/FreshMac Internal Offers.png"],"guid":"39a3915a-896f-405c-936e-69fd1e8b3dc2_1_1","appID":"FreshMac-190417","dateAdded":"190422","deceptorType":"MacOS App","name":"Fresh Mac","company":"Fresh Mac","version":"1","sigName":"Deceptor:MacOS/FreshMac!003004014","lastKnownStatus":"Deceptor:1","lastKnownDate":"190422","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2022-11-11T21:15:02.7900496+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2228},{"violations":{"ACR-048":"App remaps the close functionality.\n","ACR-003":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the landing page.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe application has no link or information that shows how to uninstall the app on the landing page.\n","ACR-066":"The application internal offer webpage displays a another name for the app than what is installed. \n","ACR-017":"The application's webpage elevates its consumer trust level by displaying unverifiable 5 stars logos that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"ErrorFixing.exe","isInstaller":"True","companyName":"Error Fixing","productName":"Error Fixing","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"4be3416e23d5b02204ed4a8f8ffeeb9a","hashSHA1":"55dc3775dda47d72539ccb39aaeb751fda72acdd","hashSHA256":"c57fdaf6b14c6dc8e9fb7fdd4f26f5e1ba39444eeaa5f7a79dee6d4faaa77e57","digitalCertThumbprint":"C87618EAD070D0990C65FC28AEBB7586C965B9C1","sourceIndex":"3053","avBlockList":["360 Total Security (20190520)","Avast Internet Security (20190520)","AVG Internet Security (20190520)","Avira Internet Security (20190520)","Dr.Web Security Space (20190520)","ESET Internet Security (20190520)","K7 Total Security (20190520)","Kaspersky Internet Security (20190520)","McAfee Total Protection (20190520)","Norton Security (20190520)","Panda Dome (20190520)","Sophos Home Premium (20190520)","SpyHunter5 (20190429)","Trend Micro Internet Security (20190520)","VirIT eXplorer PRO (20190520)","Windows Defender (20190520)"],"avAllowList":["Bitdefender Internet Security (20190520)","COMODO Antivirus (20190520)","F-PROT Antivirus for Windows (20190429)","G DATA INTERNET SECURITY (20190520)","Malwarebytes Premium (20190520)","Quick Heal Internet Security (20190520)","Tencent PC Manager (20190520)","VIPRE Advanced Security (20190520)","Webroot SecureAnywhere (20190520)"]},{"isRevoked":"False","fileName":"Errorfixing_setup.exe","isInstaller":"True","companyName":"Xylosma Software","productName":"Errorfixing","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"f149b711e0ac9caeef3d2c58b5407316","hashSHA1":"07c542a41a4855b4cc2d52fae3c9a84527d658ed","hashSHA256":"facb761a4d9a29ac6436d68a4422904cc75bfc7f7f0c2f33cbd9221244fb8873","digitalCertThumbprint":"C87618EAD070D0990C65FC28AEBB7586C965B9C1","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=xylosma software private limited, O=xylosma software private limited, STREET=\"No 14, Horamavu, Agara Village\", L=Bangalore, S=Karnataka, PostalCode=560043, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=120951","sourceIndex":"3053","avBlockList":["360 Total Security (20190520)","Avast Internet Security (20190520)","AVG Internet Security (20190520)","Avira Internet Security (20190520)","COMODO Antivirus (20190520)","Dr.Web Security Space (20190520)","ESET Internet Security (20190520)","G DATA INTERNET SECURITY (20190520)","K7 Total Security (20190520)","Kaspersky Internet Security (20190520)","Malwarebytes Premium (20190520)","McAfee Total Protection (20190520)","Norton Security (20190520)","Panda Dome (20190520)","Quick Heal Internet Security (20190520)","Sophos Home Premium (20190520)","Trend Micro Internet Security (20190520)","VirIT eXplorer PRO (20190520)","Webroot SecureAnywhere (20190520)","Windows Defender (20190520)"],"avAllowList":["Bitdefender Internet Security (20190520)","F-PROT Antivirus for Windows (20190429)","SpyHunter5 (20190429)","Tencent PC Manager (20190520)","VIPRE Advanced Security (20190520)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Xylosma Software\\Errorfixing\\Errorfixing.exe","companyName":"Xylosma Software","productName":"Errorfixing","productVersion":"1.1.0.0","fileVersion":"1.1.0.0","hashMD5":"4bd9eeeb1c0a29044d308c32877542c7","hashSHA1":"3ab69530464b4fa558322ad622b548e6ae7aa6c8","hashSHA256":"4914ae97f79bfbd155f3370e67e32044885c05ec7577c16041c3826552e015a6","digitalCertThumbprint":"C87618EAD070D0990C65FC28AEBB7586C965B9C1","sourceIndex":"3053","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Install program and click Scan button.\"","reference":"https://wikiresolve.com/how-to-fix-error-1320-solved/","landingPage":"https://errorfixing.com/","directDownloadingLink":"https://errorfixing.com/download/595/ErrorFixing.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://errorfixing.com/download/595/ErrorFixing.exe","sourceIndex":"3053"}],"sampleFiles":["190420/ErrorFixing-190412/1.0.0.0/Samples/ErrorFixing.exe","190420/ErrorFixing-190412/1.0.0.0/Samples/Errorfixing_setup.exe"],"imageFiles":["190420/ErrorFixing-190412/1.0.0.0/Images/ACR-003/registry_cleaner.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-004/registry_cleaner.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-004/004_048.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-004/150.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-004/buy.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-048/004_048.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-048/048_2.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-048/048_3.png"],"nonDeceptorImageFiles":["190420/ErrorFixing-190412/1.0.0.0/Images/ACR-065/install.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-065/no_eula.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-065/about.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-065/065.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-099/about.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-099/065.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-099/099.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-017/150.png","190420/ErrorFixing-190412/1.0.0.0/Images/ACR-066/066.png"],"guid":"f6df9b27-159d-49c6-98fc-7fb33139ac79_1.0.0.0_1","appID":"ErrorFixing-190412","dateAdded":"190420","deceptorType":"App","name":"ErrorFixing","company":"xylosma software private limited","version":"1.0.0.0","sigName":"Deceptor:Win32/ErrorFixing!003004048","lastKnownStatus":"Deceptor:1.8.2.0,1.0.0.0","lastKnownDate":"190603","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-03T23:32:36.6913736+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2234},{"violations":{"ACR-043":"The app installs “SPAMfighter Aps” component files without disclosure in EULA.\n","ACR-107":"Third party components from \"SPAMfighter ApS\" are installed without clear license authorization in app's EULA document and install message.\nThird party components from \"SPAMfighter ApS\" are installed without clear license authorization in app's EULA document and install message.\n","ACR-003":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-004":"The App requires customer to purchase the app to fix all non-permanent issues identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's Privacy Policy information.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the landing page.\n","ACR-092":"The installed application has a different publisher name than what is located in the certification information.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe application has no link or information that shows how to uninstall the app on the landing page.\n","ACR-066":"The application internal offer webpage displays a another name for the app than what is installed. \n","ACR-017":"The application's webpage elevates its consumer trust level by displaying unverifiable 5 stars review logos that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"Errorfixing_1.8.2.exe","isInstaller":"True","companyName":"Xylosma Software Private Limited","productName":"Errorfixing","productVersion":"1.8.2.0","fileVersion":"1.8.2.0","hashMD5":"6d4a245498595a4c9414490de1cfb323","hashSHA1":"e616bfcd4a75dd3f0853750380efccd6adb6c17d","hashSHA256":"64f9d69e49a87cc05c0aef07775781d1c262281d7affc6eb1b5571e6ca0b1aa5","digitalCertThumbprint":"C87618EAD070D0990C65FC28AEBB7586C965B9C1","sourceIndex":"3052","avBlockList":["360 Total Security (20190520)","Avast Internet Security (20190520)","AVG Internet Security (20190520)","Avira Internet Security (20190520)","Dr.Web Security Space (20190520)","ESET Internet Security (20190520)","K7 Total Security (20190520)","Kaspersky Internet Security (20190520)","McAfee Total Protection (20190520)","Norton Security (20190520)","Panda Dome (20190520)","Sophos Home Premium (20190520)","SpyHunter5 (20190429)","Trend Micro Internet Security (20190520)","VirIT eXplorer PRO (20190520)","Windows Defender (20190520)"],"avAllowList":["Bitdefender Internet Security (20190520)","COMODO Antivirus (20190520)","F-PROT Antivirus for Windows (20190429)","G DATA INTERNET SECURITY (20190520)","Malwarebytes Premium (20190520)","Quick Heal Internet Security (20190520)","Tencent PC Manager (20190520)","VIPRE Advanced Security (20190520)","Webroot SecureAnywhere (20190520)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Errorfixings\\Errorfixing\\Errorfixing64.exe","companyName":"Xylosma Software Private Limited","productName":"Errorfixing","productVersion":"2.3.125.118","fileVersion":"2.3.125.118","hashMD5":"7a0502ad21643b9ac623d6adcf9f36dc","hashSHA1":"a2d0aeb09b3b2c114ae80b8f900a0182ba031938","hashSHA256":"f51827df0e74e6c2a127e8d1272342b89189a1c4db6ba55973764d9551fb297c","digitalCertThumbprint":"2B4E5D819E20BFCD56E4BCB5A9E4DEFAE945EA8B","digitalCertIssuer":"CN=dummyPFX","digitalCertIssuedTo":"CN=dummyPFX","sourceIndex":"3052","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Install program and click Scan button.\"","reference":"https://wikiresolve.com/how-to-fix-error-1320-solved/","landingPage":"https://errorfixing.com/","directDownloadingLink":"https://errorfixing.com/download/595/Errorfixing_1.8.2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://errorfixing.com/download/595/Errorfixing_1.8.2.exe","sourceIndex":"3052"}],"sampleFiles":["190420/ErrorFixing-190412/1.8.2.0/Samples/Errorfixing_1.8.2.exe","190420/ErrorFixing-190412/1.8.2.0/Samples/Errorfixing64.exe"],"imageFiles":["190420/ErrorFixing-190412/1.8.2.0/Images/ACR-003/scan.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-003/fix.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-004/fix.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-004/004.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-004/004_2.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-004/004_3.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-043/043_107.png"],"nonDeceptorImageFiles":["190420/ErrorFixing-190412/1.8.2.0/Images/ACR-092/092.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-065/eula.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-017/004_3.png","190420/ErrorFixing-190412/1.8.2.0/Images/ACR-066/066.png"],"guid":"f6df9b27-159d-49c6-98fc-7fb33139ac79_1.8.2.0_1","appID":"ErrorFixing-190412","dateAdded":"190420","deceptorType":"App","name":"ErrorFixing","company":"xylosma software private limited","version":"1.8.2.0","sigName":"Deceptor:Win32/ErrorFixing!003004043107","lastKnownStatus":"Deceptor:1.8.2.0,1.0.0.0","lastKnownDate":"190603","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-03T23:32:53.3779967+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2233},{"violations":{"ACR-107":"Website installs Steam client without proper authorization or license from the carrier.\n","ACR-014":"Labels app as Five Nights at Freddy's, however installs Steam instead.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n","ACR-155":"Search offer is inserted into the download flow as displayed as \"you're almost done\", which masquerades as the next step the consumer must perform.\n"},"nonDeceptorViolations":{"ACR-107":"Website installs Steam client without proper authorization or license from the carrier.\n","ACR-014":"Labels app as Five Nights at Freddy's, however installs Steam instead.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"fnaf free download","landingPage":"https://five-nights-at-freddys.jaleco.com/","directDownloadingLink":"http://de9fs8kg27kid.cloudfront.net/Xb1P/AYOkWbiiY/qAyzmlG/five-nights-at-freddys.exe","ipv4":"","ipv6":"","sourceIndex":"3100"}],"sampleFiles":[],"imageFiles":["190420/Jaleco-190417/190417/Images/ACR-107/Unlicsenced App.png","190420/Jaleco-190417/190417/Images/ACR-014/ACR14.png","190420/Jaleco-190417/190417/Images/ACR-014/ACR14(1).png","190420/Jaleco-190417/190417/Images/ACR-059/AdsInserted1.png","190420/Jaleco-190417/190417/Images/ACR-155/AdsInserted1.png"],"nonDeceptorImageFiles":["190420/Jaleco-190417/190417/Images/ACR-107/Unlicsenced App.png","190420/Jaleco-190417/190417/Images/ACR-014/ACR14.png","190420/Jaleco-190417/190417/Images/ACR-014/AdsInserted1.png"],"guid":"9ef18064-45e9-4403-9fc3-69350558b5ee_190417_1","appID":"Jaleco-190417","dateAdded":"190420","deceptorType":"Download Site","name":"Jaleco","company":"Jaleco","version":"190417","sigName":"Deceptor:Affiliate/Jaleco!014059107155","lastKnownStatus":"Deceptor:190420","lastKnownDate":"190420","type":"Download Site","category":"Personalization & Search, Games","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-04-20T14:23:28.2984544+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2232},{"violations":{"ACR-089":"The application automatically opened a browser window after claiming to repair the PC. It automatically opens chat and creates repair ticket number. \n","ACR-014":"The App claims it will perform diagnostic exam of the PC and will repair/fix detected issues, but it did not show any scan result instead it opens browser required user to chat or call the tech support to repair computer issues/problems. \nUsers are led to believe that the downloaded App will perform diagnostic exam of the PC and will repair/fix detected issues.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App. There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App. There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App. There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option. \nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option. \n","ACR-092":"The App's main executable does not have a digital signature.\n","ACR-157":"The App's main executable does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe application has no link or information that shows how to uninstall the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"PCTuneUPPlus_Setup.msi","isInstaller":"True","fileVersion":"0.","hashMD5":"3440d6d987650b74630fce83cf404b2d","hashSHA1":"51169aa0a46e78125dbb0798aecaaf71204ff05c","hashSHA256":"c988b3df75f66f942b76427c9725d4dab66e10dab43712988e2f3c24bdafdc0b","digitalCertThumbprint":"f1168ad3c10097f976d3d90c4ba2f372058fb1e3","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, C=GB","digitalCertIssuedTo":"CN=SafeCare Software Limitada, O=SafeCare Software Limitada, L=San José, S=San José, C=CR","sourceIndex":"3085","avBlockList":["360 Total Security (20190502)","Avast Internet Security (20190502)","AVG Internet Security (20190502)","Avira Internet Security (20190502)","Bitdefender Internet Security (20190502)","Dr.Web Security Space (20190502)","ESET Internet Security (20190502)","G DATA INTERNET SECURITY (20190502)","K7 Total Security (20190502)","Kaspersky Internet Security (20190502)","McAfee Total Protection (20190502)","Norton Security (20190502)","Panda Dome (20190502)","Sophos Home Premium (20190502)","SpyHunter5 (20190429)","Tencent PC Manager (20190502)","Trend Micro Internet Security (20190502)","VIPRE Advanced Security (20190502)","Windows Defender (20190502)"],"avAllowList":["COMODO Antivirus (20190502)","F-PROT Antivirus for Windows (20190429)","Malwarebytes Premium (20190502)","Quick Heal Internet Security (20190502)","VirIT eXplorer PRO (20190502)","Webroot SecureAnywhere (20190502)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\pctuneup.org\\PCTuneUP Plus\\PCTuneUPPlus.exe","productName":"PCTuneUPPlus","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"fff74eeb69af3304d02096c692cb0c88","hashSHA1":"f4729dcd8c85eed8be7bb12c6c5028a7d464c85d","hashSHA256":"7ff7c01bd42837c31db76464ea4b302e0706cd3377a4bc0699f39a319623e964","digitalCertIssuer":"","sourceIndex":"3085","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"SpeedUpMyPC\"","reference":"https://pctuneup.org/pct-plus/lp2.php?gclid=EAIaIQobChMI-eTwi-_c4QIVBtlkCh3cXwqcEAAYASAAEgJhhfD_BwE","landingPage":"https://pctuneup.org/","directDownloadingLink":"https://s3.amazonaws.com/pctuneup-plus/PCTuneUPPlus_Setup.msi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/pctuneup-plus/PCTuneUPPlus_Setup.msi","sourceIndex":"3085"}],"sampleFiles":["190420/PCTuneUpPLUS-190419/1.0.0.0/Samples/PCTuneUPPlus_Setup.msi","190420/PCTuneUpPLUS-190419/1.0.0.0/Samples/PCTuneUPPlus.exe"],"imageFiles":["190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-014/014.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-014/014_2.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-014/014.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-089/163.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-089/014_2.png"],"nonDeceptorImageFiles":["190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-065/install.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-065/065.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-099/065.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-161/161.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-168/014_2.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-163/014_2.png","190420/PCTuneUpPLUS-190419/1.0.0.0/Images/ACR-163/163.png"],"guid":"f43cf33e-dd47-4484-94ef-92c67eefcf03_1.0.0.0_1","appID":"PCTuneUpPLUS-190419","dateAdded":"190420","deceptorType":"App","name":"PCTuneUp PLUS","company":"SafeCare Software Limitada","version":"1.0.0.0","sigName":"Deceptor:Win32/PCTuneupPlus!014089","firstResolvedVersion":"App stops distributing","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190420","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center,cross-sell other apps","lastUpdate":"2019-05-03T01:59:26.9077861+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2231},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"qbcpsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Qbit Clean Pro                                              ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"b60881df3cbd0b321f578cf3bdd1b8cb","hashSHA1":"3a3ca377cf5bb5c28326dae1b579b4bce71eb5a8","hashSHA256":"152f42ee303a567249da09bbc79a6f1facff6456805c8b37a50f51157e4466de","digitalCertThumbprint":"074067B0C482D950E072960711723313080FD305","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE SOFTWARES, O=ADEQUATE SOFTWARES, STREET=\"WARD NO. 12, SULTANA,\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"498","avBlockList":["360 Total Security (20190617)","Avast Internet Security (20190617)","AVG Internet Security (20190617)","Avira Internet Security (20190617)","Bitdefender Internet Security (20190617)","COMODO Antivirus (20190617)","Dr.Web Security Space (20190617)","ESET Internet Security (20190617)","G DATA INTERNET SECURITY (20190617)","K7 Total Security (20190617)","Kaspersky Internet Security (20190617)","Malwarebytes Premium (20190617)","McAfee Total Protection (20190617)","Norton Security (20190617)","Panda Dome (20190617)","Quick Heal Internet Security (20190617)","Sophos Home Premium (20190617)","SpyHunter5 (20190429)","Trend Micro Internet Security (20190617)","VIPRE Advanced Security (20190617)","VirIT eXplorer PRO (20190617)","Webroot SecureAnywhere (20190617)","Windows Defender (20190617)"],"avAllowList":["F-PROT Antivirus for Windows (20190429)","Tencent PC Manager (20190617)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Qbit Clean Pro for DESKTOP-8QAR3KI\\rtc.exe","productName":"PC Secure Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"97c70e1b307e3a1dba4890243dc965cc","hashSHA1":"6b2ec14a17ee66e0bf97cbb002943e3c7683a0f8","hashSHA256":"5a84b10770c4680cdf2708d7ff19026ea99781d244df1c4825493c98a4582cd9","digitalCertThumbprint":"074067B0C482D950E072960711723313080FD305","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADEQUATE SOFTWARES, O=ADEQUATE SOFTWARES, STREET=\"WARD NO. 12, SULTANA,\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"498","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Click the \"Scan now\" button to detect errors and abnormalities\"","reference":"http://www.tunepcutils.live/lp/spdpnflx/?fd=qbcp&x-context=W0W5mvhvbf0Qf&utm_source=spdpnflx&utm_campaign=spdpnflx&pxl=SPD3306_SPD3234_RUNT&utm_pubid=5000306&x-at=XYXYXY&override=1&W0W5mvhvbf0Qf=adv_mG42mvhvb8nZc","landingPage":"http://www.tunepcutils.live/","directDownloadingLink":"http://dl.tunepcutils.live/qbcp/securerc/tunepcutils_live/qbcpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.tunepcutils.live/qbcp/securerc/tunepcutils_live/qbcpsetup.exe","sourceIndex":"498"}],"sampleFiles":["190420/QBITCleanPro-190411/1.0.0.0/Samples/qbcpsetup.exe","190420/QBITCleanPro-190411/1.0.0.0/Samples/rtc.exe"],"imageFiles":["190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-042/010.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-048/048.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-003/scan.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-003/main.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-003/048.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-004/scan.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-004/150_171.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-010/010.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-084/084.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-097/startup.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-168/scan.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-168/168.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-057/010.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-055/010.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-059/010.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-161/161.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-099/099.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-150/150_171.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-171/150_171.png","190420/QBITCleanPro-190411/1.0.0.0/Images/ACR-171/171.png"],"guid":"cafe4043-59ed-4e5d-bfa0-e85047dfb029_1.0.0.0_1","appID":"QBITCleanPro-190411","dateAdded":"190420","deceptorType":"App","name":"QBIT Clean Pro","company":"ADEQUATE SOFTWARES","version":"1.0.0.0","sigName":"Deceptor:Win32/QBITCleanPro!003004010042048055057059084097155168","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:21.9116509+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2230},{"violations":{"ACR-048":"App remaps the close functionality.\n","ACR-003":"The application exaggerates scan results and uses red colors and words \"Attention!\", thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix all non-permanent issues identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":" The application has no link to  show the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verifie\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\n","ACR-066":"The application internal offer webpage displays a another name for the app than what is installed.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\REG Utilities\\Reg Utilities.exe","companyName":"Tuneup System Software Pvt Ltd.","productName":"REG Utilities","productVersion":"2.0.5.3","fileVersion":"2.0.5.3","hashMD5":"050b571d5096c9c7c66f82c2400fab85","hashSHA1":"e28a358ced00d97934468576bde7476e96847fd2","hashSHA256":"c80bc05aa5caec145c647f735d66749c3e06ff247a7f6ec0ee026aaed11031c5","digitalCertThumbprint":"25916017644279C5FF3B09B70F774587B6C24D04","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Tuneup System Software Pvt Ltd, O=Tuneup System Software Pvt Ltd, L=Kanyakumari, S=Tamil Nadu, C=IN","sourceIndex":"3099","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"REGUtilities_Setup_2.2.1-01-CR.exe","isInstaller":"True","companyName":"Tuneup System Software Pvt Ltd.                             ","productName":"REG Utilities                                               ","productVersion":"2.0.5.3                                           ","fileVersion":"2.0.5.3             ","hashMD5":"e3ab4ffb88cddf9d6aab1fbf1033650d","hashSHA1":"346b5fab644188b82d203fc77b6d2df44a7e0a80","hashSHA256":"e187cdd24039e09fba56360c051d104651401294a29eef9b560a2f2d4caa7c93","digitalCertThumbprint":"25916017644279C5FF3B09B70F774587B6C24D04","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Tuneup System Software Pvt Ltd, O=Tuneup System Software Pvt Ltd, L=Kanyakumari, S=Tamil Nadu, C=IN","sourceIndex":"3099","avBlockList":["360 Total Security (20190715)","Avast Internet Security (20190715)","AVG Internet Security (20190715)","Avira Internet Security (20190715)","Bitdefender Internet Security (20190715)","Dr.Web Security Space (20190715)","ESET Internet Security (20190715)","F-PROT Antivirus for Windows (20190429)","G DATA INTERNET SECURITY (20190715)","K7 Total Security (20190715)","Kaspersky Internet Security (20190715)","Malwarebytes Premium (20190715)","McAfee Total Protection (20190715)","Norton Security (20190715)","Panda Dome (20190715)","Quick Heal Internet Security (20190715)","Sophos Home Premium (20190715)","SpyHunter5 (20190429)","VIPRE Advanced Security (20190715)","VirIT eXplorer PRO (20190715)","Windows Defender (20190715)"],"avAllowList":["COMODO Antivirus (20190715)","Tencent PC Manager (20190715)","Trend Micro Internet Security (20190715)","Webroot SecureAnywhere (20190715)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Click the Fix All button\"","reference":"http://www.erroranswers.com/answers/how_0x8013153b.php","landingPage":"http://erroranswers.com/","directDownloadingLink":"http://downloads.erroranswers.com/REGUtilities_Setup_2.2.1-01-CR.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.erroranswers.com/REGUtilities_Setup_2.2.1-01-CR.exe","sourceIndex":"3099"}],"sampleFiles":["190420/REGUtilities-190417/2.0.5.3/Samples/Reg Utilities.exe","190420/REGUtilities-190417/2.0.5.3/Samples/REGUtilities_Setup_2.2.1-01-CR.exe"],"imageFiles":["190420/REGUtilities-190417/2.0.5.3/Images/ACR-048/048.png","190420/REGUtilities-190417/2.0.5.3/Images/ACR-003/scan.png","190420/REGUtilities-190417/2.0.5.3/Images/ACR-003/scan_results.png","190420/REGUtilities-190417/2.0.5.3/Images/ACR-003/main.png","190420/REGUtilities-190417/2.0.5.3/Images/ACR-004/scan.png","190420/REGUtilities-190417/2.0.5.3/Images/ACR-004/004.png","190420/REGUtilities-190417/2.0.5.3/Images/ACR-004/004_2.png"],"nonDeceptorImageFiles":["190420/REGUtilities-190417/2.0.5.3/Images/ACR-066/066.png","190420/REGUtilities-190417/2.0.5.3/Images/ACR-161/161.png","190420/REGUtilities-190417/2.0.5.3/Images/ACR-161/161_2.png"],"guid":"98f2a736-d331-493c-b0cb-fecdd12a130c_2.0.5.3_1","appID":"REGUtilities-190417","dateAdded":"190420","deceptorType":"App","name":"RegUtilities","company":"Tuneup System Software Pvt Ltd","version":"2.0.5.3","sigName":"Deceptor:Win32/RegUtilities!003004048","lastKnownStatus":"Deceptor:2.0.5.3","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2229},{"violations":{"ACR-014":"The content presents untruthful information about system issues can be caused by broken registry entries. It misleads user that downloading the offered app is needed to fix the unsubstantiated claims.\n","ACR-016":"Advanced System Repair application is downloaded silently and automatically.\n"},"nonDeceptorViolations":{"ACR-064":"Advanced System Repair application is downloaded automatically without any user action after about 10 -20 sec user open the websites (listed in this report).\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"using the google search string \"Install program and click Scan button.\"","reference":"","landingPage":"http://pcrepairstoresnearme.com","ipv4":"","ipv6":"","sourceIndex":"3103"},{"howFound":"","reference":"","landingPage":"http://windowserrorfixfree.com","ipv4":"","ipv6":"","sourceIndex":"3104"},{"howFound":"","reference":"","landingPage":"http://404errorfixforfree.com","ipv4":"","ipv6":"","sourceIndex":"3105"},{"howFound":"","reference":"","landingPage":"http://registryerrorfixerwindows10.com","ipv4":"","ipv6":"","sourceIndex":"3106"},{"howFound":"","reference":"","landingPage":"http://pcfixerrors.com","ipv4":"","ipv6":"","sourceIndex":"3107"},{"howFound":"","reference":"","landingPage":"http://fixpcissuesfree.com","ipv4":"","ipv6":"","sourceIndex":"3108"},{"howFound":"","reference":"","landingPage":"http://fixcomputervirus.org","ipv4":"","ipv6":"","sourceIndex":"3109"},{"howFound":"","reference":"","landingPage":"http://fixcomputerfont.org","ipv4":"","ipv6":"","sourceIndex":"3110"},{"howFound":"","reference":"","landingPage":"http://pcfixerprograms.com","ipv4":"","ipv6":"","sourceIndex":"3111"}],"sampleFiles":[],"imageFiles":["190418/SmartPCFixes-190418/190418/Images/ACR-014/Website_014.PNG","190418/SmartPCFixes-190418/190418/Images/ACR-014/Website_014_2.PNG"],"nonDeceptorImageFiles":[],"guid":"a972e200-3e91-444b-b704-905e233ff5f4_190418_1","appID":"SmartPCFixes-190418","dateAdded":"190418","deceptorType":"Affiliate","name":"SmartPCFixes","company":"SmartPCFixes","version":"190418","sigName":"Deceptor:Affiliates/SmartPCFixes!014016","lastKnownStatus":"190418","lastKnownDate":"190418","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"","lastUpdate":"2019-04-18T21:18:04.550932+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2235},{"violations":{"ACR-048":" App remaps the close functionality. \n","ACR-003":" App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. \n\n","ACR-004":" The App requires customer to purchase the app to fix all non-permanent issues identified during free scan. \n\n"},"nonDeceptorViolations":{"ACR-065":" There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App. \n\n There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App. \n\n","ACR-088":" App starts to scan automatically when app launches post-install. \n\n","ACR-099":" The application has no link or information that shows how to uninstall the app. \n\n","ACR-066":" The application internal offer webpage displays a another name for the app than what is installed.  \n\n","ACR-017":" The application's webpage elevates its consumer trust level by displaying unverifiable 5 stars logos that are unable to be verified. \n\n"},"samples":[{"isRevoked":"False","fileName":"MyPCUtilities_setup.exe","isInstaller":"True","companyName":"MyPC Utilities","productName":"MyPC Utilities","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"82c2c8883bd9c98cd207be00ff746526","hashSHA1":"3595e062a33dd5778c08f7be61e50df7f993086e","hashSHA256":"3950e3e25bbc331f18f07042c8bafaf10509c3fc98f65c21657c5653de61d331","digitalCertThumbprint":"C87618EAD070D0990C65FC28AEBB7586C965B9C1","sourceIndex":"2488","avBlockList":["360 Total Security (20190711)","Avira Internet Security (20190711)","Bitdefender Internet Security (20190711)","COMODO Antivirus (20190711)","Dr.Web Security Space (20190711)","ESET Internet Security (20190711)","G DATA INTERNET SECURITY (20190711)","K7 Total Security (20190711)","Kaspersky Internet Security (20190711)","Malwarebytes Premium (20190711)","McAfee Total Protection (20190711)","Norton Security (20190711)","Panda Dome (20190711)","Quick Heal Internet Security (20190711)","Sophos Home Premium (20190711)","Tencent PC Manager (20190711)","Trend Micro Internet Security (20190711)","VIPRE Advanced Security (20190711)","VirIT eXplorer PRO (20190711)","Webroot SecureAnywhere (20190711)","Windows Defender (20190711)","Avast Internet Security (20190711)","AVG Internet Security (20190711)"],"avAllowList":["F-PROT Antivirus for Windows (20190429)","SpyHunter5 (20190429)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MyPC Utilities\\MyPC Utilities\\MyPC Utilities.exe","companyName":"Xylosma Software","productName":"MyPC Utilities","productVersion":"1.1.0.0","fileVersion":"1.1.0.0","hashMD5":"d1ed3e4c30d719a6afe7256ed2a37ebf","hashSHA1":"2d3cf3e20f810f49dd594e2251cb9c9b5db8f4a8","hashSHA256":"3ade89644ec23e22f4510dca4517f5f940ad95473639c7e8baca2fd78b53812b","digitalCertThumbprint":"C87618EAD070D0990C65FC28AEBB7586C965B9C1","sourceIndex":"2488","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"related to the Deceptor App MyPCUtilities (1.8.4.0)","reference":"https://wikierrorfixes.com/registration/","landingPage":"https://wikierrorfixes.com/","directDownloadingLink":"https://wikierrorfixes.com/download/3616/MyPCUtilities_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://wikierrorfixes.com/download/3616/MyPCUtilities_setup.exe","sourceIndex":"2488"}],"sampleFiles":["190417/MyPCUtilities-190415/1.0.0.0/Samples/MyPCUtilities_setup.exe","190417/MyPCUtilities-190415/1.0.0.0/Samples/MyPC Utilities.exe"],"imageFiles":["190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-004/004.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-004/004_2.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-004/004_3.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-003/scan.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-048/048.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-048/048_2.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-048/048_3.png"],"nonDeceptorImageFiles":["190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-065/install.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-065/about.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-099/about.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-017/004_3.png","190417/MyPCUtilities-190415/1.0.0.0/Images/ACR-066/066.png"],"guid":"effa2777-4fb8-4fcb-bc09-2f8e81db89a1_1.0.0.0_1","appID":"MyPCUtilities-190415","dateAdded":"190417","deceptorType":"App","name":"MyPC Utilities","company":"xylosma software private limited","version":"1.0.0.0","sigName":"Deceptor:Win32/MyPCUtilities!003004048","firstResolvedVersion":"7.0.1","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.0;1.0.0.0","lastKnownDate":"190417","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-04-25T04:01:36.0713019+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2237},{"violations":{"ACR-043":" The app installs “SPAMfighter Aps” component files without disclosure in EULA. \n","ACR-107":" Third party components from \"SPAMfighter ApS\" are installed without clear license authorization in app's EULA document and install message. \n\n Third party components from \"SPAMfighter ApS\" are installed without clear license authorization in app's EULA document and install message. \n\n","ACR-003":" App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. \n\n","ACR-004":" The App requires customer to purchase the app to fix all non-permanent issues identified during free scan. \n\n"},"nonDeceptorViolations":{"ACR-065":" There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App. \n\n","ACR-092":" The installed application has a different publisher name than what is located in the certification information. \n\n","ACR-099":" The application has no link or information that shows how to uninstall the app. \n\n The application has no link or information that shows how to uninstall the app. \n\n","ACR-066":" The application internal offer webpage displays a another name for the app than what is installed.  \n\n","ACR-017":" The application's webpage elevates its consumer trust level by displaying unverifiable 5 stars logos that are unable to be verified. \n\n"},"samples":[{"isRevoked":"False","fileName":"MyPC_Utilities.exe","isInstaller":"True","companyName":"Xylosma Software","productName":"MYPC Utilities","productVersion":"1.8.4.0","fileVersion":"1.8.4.0","hashMD5":"c38463f1fe3d0055b77460e25f5a454b","hashSHA1":"9da3e97e460e0852328e6afd31eb1c0d6cb66044","hashSHA256":"33ed3cbc4da40650c821265a5416f08771d6ce89f8098ecc6e3e2f23d2e4d827","digitalCertThumbprint":"C87618EAD070D0990C65FC28AEBB7586C965B9C1","sourceIndex":"2487","avBlockList":["360 Total Security (20190711)","Avast Internet Security (20190711)","AVG Internet Security (20190711)","Avira Internet Security (20190711)","COMODO Antivirus (20190711)","Dr.Web Security Space (20190711)","ESET Internet Security (20190711)","G DATA INTERNET SECURITY (20190711)","K7 Total Security (20190711)","Kaspersky Internet Security (20190711)","Malwarebytes Premium (20190711)","McAfee Total Protection (20190711)","Norton Security (20190711)","Panda Dome (20190711)","Quick Heal Internet Security (20190711)","Sophos Home Premium (20190711)","SpyHunter5 (20190429)","Trend Micro Internet Security (20190711)","VirIT eXplorer PRO (20190711)","Webroot SecureAnywhere (20190711)","Windows Defender (20190711)"],"avAllowList":["Bitdefender Internet Security (20190711)","F-PROT Antivirus for Windows (20190429)","Tencent PC Manager (20190711)","VIPRE Advanced Security (20190711)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\MYPCutilities\\MYPC Utilities\\MYPC Utilities64.exe","companyName":"Xylosma Software","productName":"MYPC Utilities","productVersion":"2.3.125.118","fileVersion":"2.3.125.118","hashMD5":"8a5829a88a5212c9ada77f045df3c4b6","hashSHA1":"f46471eb47c3f89262bf270b09061088f5217246","hashSHA256":"3c2de20db53f3cec45e3b02e3695c55d03fb7c2144878a4b1a7c9ecb244f5026","digitalCertThumbprint":"2B4E5D819E20BFCD56E4BCB5A9E4DEFAE945EA8B","digitalCertIssuer":"CN=dummyPFX","digitalCertIssuedTo":"CN=dummyPFX","sourceIndex":"2487","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Install program and click Scan button.\"","reference":"https://wikierrorsfix.com/how-to-fix-0x800736b3-error-solved/","landingPage":"https://mypcutilities.com/","directDownloadingLink":"https://wikierrorsfix.com/mypc_utilities.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://wikierrorsfix.com/mypc_utilities.exe","sourceIndex":"2487"}],"sampleFiles":["190417/MyPCUtilities-190415/1.8.4.0/Samples/mypc_utilities.exe","190417/MyPCUtilities-190415/1.8.4.0/Samples/MYPC Utilities64.exe"],"imageFiles":["190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-043/043_107.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-107/043_107.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-004/004.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-004/004_2.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-004/004_23.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-004/004_4.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-003/scan.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-003/004.png"],"nonDeceptorImageFiles":["190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-092/092.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-099/099.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-017/004_4.png","190417/MyPCUtilities-190415/1.8.4.0/Images/ACR-066/066.png"],"guid":"effa2777-4fb8-4fcb-bc09-2f8e81db89a1_1.8.4.0_1","appID":"MyPCUtilities-190415","dateAdded":"190417","deceptorType":"App","name":"MyPC Utilities","company":"xylosma software private limited","version":"1.8.4.0","sigName":"Deceptor:Win32/MyPCUtilities!043107004003","firstResolvedVersion":"7.0.1","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.0;1.0.0.0","lastKnownDate":"190417","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-04-25T04:02:05.4717386+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2236},{"violations":{"ACR-003":"Site shows alarming and unsubstantiated messages.\n","ACR-005":"Site shows fake scan results and purports to be Microsoft.\n","ACR-014":"Distributing app with scamming message with fake threat information about system. The download redirect to app based on the parameters passed. The example is hxxp://wod004.com/blog/?cep=0zFGi1k5hnx3-D7NNpPbUspCw38RhuFH0BnIvTAU2-DUGvZe6mYgZKFBg--HMw0alWaPBuUv8Sh9pTvZa-p3ErN8AQldQNubyqx-sxlfK8mbWiQKG_t77XEkCmwnyEn-Tv4a2T61TezX68T65bbwXnaeijASAv16vcxvClj9AGFsvgr3HfFGZnrN4jSdXdk5X-nUQLZCSSIrmeDbPPL-A0gG9f-xDSI0S-uWVgISXmfGhUBqs8kc325ZGiD_M7H5&zoneid=1851483&campaignid=1910190&cost=0.006634&subid=140808978362806272#forward \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"scamming message website","reference":"security report scamming message distributing WinTonic wod004.com","landingPage":"http://wod004.com/blog/#forward","ipv4":"","ipv6":"","landingPageWildChar":"http://wod004.com/blog/*","sourceIndex":"3102"}],"sampleFiles":[],"imageFiles":["190414/Wod004DotCom-190414/190414/Images/ACR-014/Wod004Com_014.PNG","190414/Wod004DotCom-190414/190414/Images/ACR-014/Wod004Com_014_1.PNG","190414/Wod004DotCom-190414/190414/Images/ACR-005/Wod004Com_014_1.PNG","190414/Wod004DotCom-190414/190414/Images/ACR-005/Wod004Com_014.PNG","190414/Wod004DotCom-190414/190414/Images/ACR-003/Wod004Com_014_1.PNG","190414/Wod004DotCom-190414/190414/Images/ACR-003/Wod004Com_014.PNG"],"nonDeceptorImageFiles":[],"guid":"63aa1583-8e37-4f6c-995e-26b58d0c5b51_190414_1","appID":"Wod004DotCom-190414","dateAdded":"190414","deceptorType":"Affiliate","name":"wod004.com","company":"Wod004","version":"190414","sigName":"Deceptor:Affiliate/Wod004Com!014","lastKnownStatus":"190414","lastKnownDate":"190414","type":"Affiliate","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","lastUpdate":"2019-04-19T22:42:55.6204298+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2238},{"violations":{"ACR-014":"App presents untruthful clams about system health using scamming message and fake threat information to deceive user to download the offer and install app \n"},"nonDeceptorViolations":{"ACR-172":"App's affiliate uses scamming message with fake threat about system to promote app. \n","ACR-014":""},"samples":[{"isRevoked":"False","fileName":"wintonic.exe","isInstaller":"True","companyName":"pctonics.com","productName":"Win Tonic","productVersion":"1.0.0.27","fileVersion":"1.0.0.27","hashMD5":"1b38f19a43bd86e2da6e3a2b83f6acd6","hashSHA1":"9f28000b51dc7e28f83ecbe93fb327e6696e4453","hashSHA256":"22fdb7248c8f64c9257ce1e5177bfd4926c2ce6cc1324be23edb3c7e4db27d53","digitalCertThumbprint":"F98B3E715A92F0DD944FD0935F9C0DF2D19BE445","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Tonics Inc, OU=PC Tonics Inc, O=PC Tonics Inc, POBox=302020, STREET=\"48/94, Rajat Path, Mansarover\", L=Jaipur, S=Rajasthan, PostalCode=302020, C=IN","sourceIndex":"3112","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Security Partner Report","reference":"scamming message distributing WinTonic certified build 1.0.0.27 (hxxp://wod004.com/blog/?cep=0zFGi1k5hnx3-D7NNpPbUspCw38RhuFH0BnIvTAU2-DUGvZe6mYgZKFBg--HMw0alWaPBuUv8Sh9pTvZa-p3ErN8AQldQNubyqx-sxlfK8mbWiQKG_t77XEkCmwnyEn-Tv4a2T61TezX68T65bbwXnaeijASAv16vcxvClj9AGFsvgr3HfFGZnrN4jSdXdk5X-nUQLZCSSIrmeDbPPL-A0gG9f-xDSI0S-uWVgISXmfGhUBqs8kc325ZGiD_M7H5&zoneid=1851483&campaignid=1910190&cost=0.006634&subid=140808978362806272#forward)","landingPage":"hxxps://lp.pctonics.com/prsp/?x-context=dK23LUVSG35VVTNL1GUE1C2E&utm_source=wprosupm&utm_campaign=wprosupm&pxl=WPR3094_WPR3025_RUNT&utm_pubid=XXXXX&x-at=XXXXX&override=1","ipv4":"","ipv6":"","sourceIndex":"3112"}],"sampleFiles":["190414/WinTonic-190413/1.0.0.27/Samples/wintonic.exe"],"imageFiles":["190414/WinTonic-190413/1.0.0.27/Images/ACR-014/FakeThreatInfo_014.PNG","190414/WinTonic-190413/1.0.0.27/Images/ACR-014/ScammingMessage_014.PNG","190414/WinTonic-190413/1.0.0.27/Images/ACR-014/WinTonicApril13.mp4"],"nonDeceptorImageFiles":["190414/WinTonic-190413/1.0.0.27/Images/ACR-172/ScammingMessage_014.PNG"],"guid":"0a2ed561-13a9-4956-ae78-aeaa027d2655_1.0.0.27_1","appID":"WinTonic-190413","dateAdded":"190414","deceptorType":"App","name":"WinTonic","company":"Innovana Thinklabs Limited","version":"1.0.0.27","sigName":"Deceptor:Win32/WinTonic!014","firstVendorContactDate":"190415","firstAppEsteemReplyDate":"190415","firstResolvedDate":"190418","firstResolvedVersion":"1.0.0.28","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.27","lastKnownDate":"190414","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-04-18T18:51:54.608739+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2239},{"violations":{"ACR-003":"The app shows gauges indicating that deleting Languages have high improvement potential. App uses gauges that show that cleaning out cache or deleting languages could have high improvement potential. App uses \"Attention!\" on a red banner to scare the consumer. App uses red text to display the amount of items in each section.\n","ACR-004":"The App requires the customer to purchase the app to fix the non-permanent issues identified during a free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-168":"App shows a call center number, but doesn't disclose that additional offers may be made to the caller.\n","ACR-014":"App uses red and alarming gauges to imply that non-critical tasks like deleting pre-installed languages as critical.\n"},"nonDeceptorViolations":{"ACR-065":"Install does not contain links to the app's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nSoftware does not contain links to the app's EULA, Returns and Cancellation Policy, or Privacy Policy.\nThe landing page does not contain links to the Returns and Cancellation Policy.\nThe Internal Offers page does not contain links to the app's Returns and Cancellation Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"No links to uninstall information are displayed on the software.\nNo links to information about how to uninstall application are displayed on the landing page.\nNo links to information on how to uninstall application are displayed on the internal offers page.\n"},"samples":[{"isRevoked":"False","fileName":"Advanced Mac Tuneup","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"a8a8aed7fcd711ad80233fd2ca827c89cfd2f9c05005eb91889a7d5b23e1b6b4","sourceIndex":"2990","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"advancedmactuneup_site.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"88e02aa011961ceda31ca07274b401784ee76b0dc53bd419bfb79b4c337a95b2","sourceIndex":"2990","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.advancedmactuneup.com/","directDownloadingLink":"https://www.advancedmactuneup.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.advancedmactuneup.com/download","sourceIndex":"2990"}],"sampleFiles":["190414/AdvancedMacTuneup-190401/1.0/Samples/Advanced Mac Tuneup","190414/AdvancedMacTuneup-190401/1.0/Samples/advancedmactuneup_site.pkg"],"imageFiles":["190414/AdvancedMacTuneup-190401/1.0/Images/ACR-003/Advanced Mac Tuneup Scan Results.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-014/Advanced Mac Tuneup Scan Results.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-004/Advanced Mac Tuneup Before Internal Offers Page.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-004/Advanced Mac Tuneup Fix All Items with Full Version.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-004/Advanced Mac Tuneup Scan Results.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-004/Advanced Mac Tuneup Top of Internal Offers Page.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-168/Advanced Mac Tuneup Scan Results.png"],"nonDeceptorImageFiles":["190414/AdvancedMacTuneup-190401/1.0/Images/ACR-065/Advanced Mac Tuneup First Page of Install.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-065/Advanced Mac Tuneup Scan Results.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-065/Advanced Mac Tuneup Top of Landing Page.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-065/Advanced Mac Tuneup Bottom of Internal Offers Page.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-161/Advanced Mac Tuneup Bottom of Landing Page.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-160/Advanced Mac Tuneup Scan Results.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-099/Advanced Mac Tuneup Scan Results.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-099/Advanced Mac Tuneup Bottom of Landing Page.png","190414/AdvancedMacTuneup-190401/1.0/Images/ACR-099/Advanced Mac Tuneup Bottom of Internal Offers Page.png"],"guid":"c2567459-db1f-4844-80fa-853db36b94ea_1.0_1","appID":"AdvancedMacTuneup-190401","dateAdded":"190414","deceptorType":"MacOS App","name":"Advanced Mac Tuneup","company":"Systweak Software","version":"1.0","sigName":"Deceptor:MacOS/AdvancedMacTuneup!003004014168","firstResolvedVersion":"2.13","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190414","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-06-14T18:08:46.7083558+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2240},{"violations":{"ACR-004":"The junk cleaning is an ongoing issue. It can't be fixed permanently by one time clean up. It is hard for user to measure the app service value without full function free fix. App stops cleaning \"junk\" after cleaning 500MB of data and then requires the user to pay in order to continue cleaning \"junk\".\n"},"nonDeceptorViolations":{"ACR-065":"The app's install does not show any links to the app's EULA, Returns and Cancellation Policy, or the Privacy Policy.\nThe app's about page does not display any links to the EULA, Returns and Cancellation Policy, or the Privacy Policy.\n","ACR-099":"The app's about page does not show any links to uninstall information.\nApp's landing page does not display and links to uninstall information.\nApp's internal offers page does not display any links to uninstall information.\n"},"samples":[{"isRevoked":"False","fileName":"imymac-powermymac.dmg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"4896522c3cc304e0c564c38a1944c3d35c3a8ad03232817fc361462af2a261c9","sourceIndex":"3051","avBlockList":["Avast Security for Mac (20220913)","Avira Security for Mac (20220913)","Bitdefender Antivirus for Mac (20220913)","ESET Cyber Security Pro for Mac (20220913)","G DATA AntiVirus for Mac (20220913)","McAfee Internet Security for Mac (20220913)","Norton Security for Mac (20220913)","Sophos Home Premium For Mac (20220913)","Trend Micro Antivirus for Mac (20220913)","Webroot SecureAnywhere AntiVirus for Mac (20200213)"],"avAllowList":["K7 Antivirus for Mac (20220913)","Kaspersky Internet Security for Mac (20220913)"]},{"isRevoked":"False","fileName":"iMyMac","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"54314d00f1422559a12e3199f19324bfc94dbd415485dc8e64459222b3def132","sourceIndex":"3051","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"kensaq search \"mac junk cleaner\"","landingPage":"https://www.imymac.com/store/buy-mac-cleaner.html","directDownloadingLink":"https://www.imymac.com/download/imymac-powermymac.dmg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.imymac.com/download/imymac-powermymac.dmg","sourceIndex":"3051"}],"sampleFiles":["190412/iMyMac-190410/1.0.0/Samples/imymac-powermymac.dmg","190412/iMyMac-190410/1.0.0/Samples/iMyMac"],"imageFiles":["190412/iMyMac-190410/1.0.0/Images/ACR-004/iMyMac 46MB to go.png","190412/iMyMac-190410/1.0.0/Images/ACR-004/iMyMac Before Internal Offers.png","190412/iMyMac-190410/1.0.0/Images/ACR-004/iMyMac Before Internal Offers 2.png","190412/iMyMac-190410/1.0.0/Images/ACR-004/iMyMac Internal Offers.png"],"nonDeceptorImageFiles":["190412/iMyMac-190410/1.0.0/Images/ACR-099/iMyMac About Page.png","190412/iMyMac-190410/1.0.0/Images/ACR-099/iMyMac Bottom of Landing Page.png","190412/iMyMac-190410/1.0.0/Images/ACR-099/iMyMac Bottom of Internal Offers.png","190412/iMyMac-190410/1.0.0/Images/ACR-065/iMyMac Install.png","190412/iMyMac-190410/1.0.0/Images/ACR-065/iMyMac About Page.png"],"guid":"d4768486-5756-470a-853a-ed95e7b83aaf_1.0.0_1","appID":"iMyMac-190410","dateAdded":"190412","deceptorType":"MacOS App","name":"iMyMac","company":"iMyMac","version":"1.0.0","sigName":"Deceptor:MacOS/iMyMac!004","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"190603","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-06-03T23:33:20.158395+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2241},{"violations":{"ACR-048":"App remaps the close functionality.\n","ACR-050":"The application appears to circumvent the platform security (UAC) with a scheduled task.\n","ACR-003":"App shows colored gauges, exaggerates the number of scan and severity of the cookies found, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information. \nThe link for the Apps EULA and/or Terms and Privacy Policy information is not working. \nThe link for the Apps EULA and/or Terms and Privacy Policy information is not working. \n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option. The app provide help/support option but is not working.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe link for the Uninstall Instruction is not working. \n","ACR-035":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-036":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-037":"There is no link for the Apps Privacy Policy information.\n","ACR-167":"There is no Returns and Cancellation Policy information.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Advanced Shield\\AdvancedShield.exe","companyName":"Felicity Support LLC","productName":"Advanced Shield","productVersion":"3.7.2.0","fileVersion":"3.7.2.0","hashMD5":"41029aba99a93960ad1c3b0c1153f39b","hashSHA1":"e75dc71f410de3f75f47938c375c053df3fa62d4","hashSHA256":"b4690b97531a1620f26e5f41a946049e1560b442f34270a771ddc6b223124b6b","digitalCertThumbprint":"D0E11A8699382C7D512CD9BC0FAFE1E3D9DBEB7F","sourceIndex":"3114","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdvancedShieldSetup.exe","isInstaller":"True","companyName":"Felicity Support LLC","productName":"Advanced Shield","productVersion":"3.7.2","fileVersion":"3.7.2","hashMD5":"d38621e2a338c98e4fe0debeea823fb1","hashSHA1":"98ad84e8e3f34fd920ef6afc350476289752add8","hashSHA256":"ad38275de0e595ed99291e54c7b6fd4f1cd89c042580a956a04c458d6f1c63ee","digitalCertThumbprint":"D0E11A8699382C7D512CD9BC0FAFE1E3D9DBEB7F","sourceIndex":"3114","avBlockList":["360 Total Security (20190708)","Avast Internet Security (20190708)","AVG Internet Security (20190708)","Avira Internet Security (20190708)","Bitdefender Internet Security (20190708)","COMODO Antivirus (20190708)","Dr.Web Security Space (20190708)","ESET Internet Security (20190708)","G DATA INTERNET SECURITY (20190708)","K7 Total Security (20190708)","Kaspersky Internet Security (20190708)","Malwarebytes Premium (20190708)","McAfee Total Protection (20190708)","Norton Security (20190708)","Panda Dome (20190708)","Quick Heal Internet Security (20190708)","Sophos Home Premium (20190708)","SpyHunter5 (20190425)","Tencent PC Manager (20190708)","Trend Micro Internet Security (20190708)","VIPRE Advanced Security (20190708)","VirIT eXplorer PRO (20190708)","Webroot SecureAnywhere (20190708)","Windows Defender (20190708)"],"avAllowList":["F-PROT Antivirus for Windows (20190425)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"identity security suite\"","reference":"https://advanceprivacyshield.com/","landingPage":"https://advanceprivacyshield.com/","directDownloadingLink":"https://advanceprivacyshield.com/wp-content/uploads/2018/12/AdvancedShieldSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://advanceprivacyshield.com/wp-content/uploads/2018/12/AdvancedShieldSetup.exe","sourceIndex":"3114"}],"sampleFiles":["190412/AdvancedShield-190409/3.7.2.0/Samples/AdvancedShield.exe","190412/AdvancedShield-190409/3.7.2.0/Samples/AdvancedShieldSetup.exe"],"imageFiles":["190412/AdvancedShield-190409/3.7.2.0/Images/ACR-003/scan.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-003/004.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-004/scan.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-004/004.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-168/scan.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-050/050.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-048/048.png"],"nonDeceptorImageFiles":["190412/AdvancedShield-190409/3.7.2.0/Images/ACR-168/168.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-168/168_2.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-161/161.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-099/099.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-099/163.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-167/167.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-065/065.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-065/167.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-065/065_2.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-065/install.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-065/about.png","190412/AdvancedShield-190409/3.7.2.0/Images/ACR-163/163.png"],"guid":"920b55c5-e764-426b-9984-0fbcfc509830_3.7.2.0_1","appID":"AdvancedShield-190409","dateAdded":"190412","deceptorType":"App","name":"Advanced Shield","company":"Felicity Support LLC","version":"3.7.2.0","sigName":"Deceptor:Win32/AdvancedShield!003004048050168","lastKnownStatus":"Deceptor:3.7.2.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2242},{"violations":{"ACR-004":"App shows free scan results, but requires user to purchase an ongoing subscription to fix the issues reported.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"WinThruster.exe","companyName":"Solvusoft","fileVersion":"1.3","hashMD5":"ddaeee70be1a01806e393c74b727c5a0","hashSHA1":"71965fbdb47b7702c8ee8237333852e86909a20b","hashSHA256":"5a93a7127ccfffe52fb9af02c65d4d8d18474c37eef00310504e81e6ab387c17","digitalCertThumbprint":"A00C68444ABFB9A1A0B17D464D6E06727581BB85","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Solvusoft Corporation, O=Solvusoft Corporation, STREET=848 N. Rainbow Blvd., STREET=Suite 3321, L=Las Vegas, S=NV, PostalCode=89107, C=US","sourceIndex":"3116","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup_WinThruster_2018.exe","isInstaller":"True","companyName":"Solvusoft                                                   ","fileVersion":"1.3","hashMD5":"473ee8988bbbe1ee4041318b4bc67a5e","hashSHA1":"45517453ab1d541a79ff16b73d86170720f8b606","hashSHA256":"850f5c5df4bd2f5c0604a3e30098655e0605fe3664560a0895228365e4213b05","digitalCertThumbprint":"A00C68444ABFB9A1A0B17D464D6E06727581BB85","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Solvusoft Corporation, O=Solvusoft Corporation, STREET=848 N. Rainbow Blvd., STREET=Suite 3321, L=Las Vegas, S=NV, PostalCode=89107, C=US","sourceIndex":"3116","avBlockList":["Avira Internet Security (20190325)","Bitdefender Internet Security (20190325)","ESET Internet Security (20190325)","G DATA INTERNET SECURITY (20190325)","K7 Total Security (20190325)","Kaspersky Internet Security (20190325)","Malwarebytes Premium (20190325)","McAfee Total Protection (20190325)","Sophos Home Premium (20190325)","Trend Micro Internet Security (20190325)","VirIT eXplorer PRO (20190325)","Webroot SecureAnywhere (20190325)","Windows Defender (20190325)"],"avAllowList":["Avast Internet Security (20190325)","AVG Internet Security (20190325)","Norton Security (20190325)","Panda Dome (20190325)"]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"https://www.solvusoft.com/en/winthruster/","directDownloadingLink":"https://www.solvusoft.com/file-downloads/builds/static_delivery/installers/winthruster/solvusoft/Setup_WinThruster_2018.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.solvusoft.com/file-downloads/builds/static_delivery/installers/winthruster/solvusoft/Setup_WinThruster_2018.exe","sourceIndex":"3116"}],"sampleFiles":["190409/WinThruster-180608/1.3.5.138/Samples/WinThruster.exe","190409/WinThruster-180608/1.3.5.138/Samples/Setup_WinThruster_2018.exe"],"imageFiles":["190409/WinThruster-180608/1.3.5.138/Images/ACR-004/ACR-004.png","190409/WinThruster-180608/1.3.5.138/Images/ACR-004/acr-004 requires ongoing subscription to fix free scan results.png","190409/WinThruster-180608/1.3.5.138/Images/ACR-004/acr-004 requires payment to fix.gif"],"nonDeceptorImageFiles":["190409/WinThruster-180608/1.3.5.138/Images/ACR-161/ACR-016 LP.png","190409/WinThruster-180608/1.3.5.138/Images/ACR-099/ACR-099.png"],"guid":"e20d7084-9c66-411a-9ff7-01c72f9936de_1.3.5.138_1","appID":"WinThruster-180608","dateAdded":"190409","deceptorType":"App","name":"WinThruster","company":"Solvusoft","version":"1.3.5.138","sigName":"Deceptor:Win32/WinThruster!004","firstVendorContactDate":"190409","firstAppEsteemReplyDate":"190409","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.3.5.138,1.5.6.178","lastKnownDate":"190409","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-04-09T19:28:43.8831461+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2243},{"violations":{"ACR-048":"App remaps the close functionality.\n","ACR-003":"The application exaggerates registry entries as being issues, thereby misleading or scaring user to take action.\n","ACR-004":"The app does not provide free fixes for regularly recurring results.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":" The application's landing page displays a different name for the app than what is installed. The landing page displays the name Error Repair Tool but after downloading the app TechUtilities was found to be the actual application's name.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n"},"samples":[{"isRevoked":"False","fileName":"TechUtilities_Setup_2.1.9-01-CR.exe","isInstaller":"True","companyName":"Seven Servos Software Pvt Ltd.                              ","productName":"TechUtilities","productVersion":"2.0.3.9","fileVersion":"2.0.3.9","hashMD5":"c56992999e4453bf79afec132af62642","hashSHA1":"86500ba964e195d0117bc29320a83a0b4056f611","hashSHA256":"3f34f2bbf3fb73f674c15deb777d3993b41688d50314a1309d1be3ec1417fa3c","digitalCertThumbprint":"46D7BF6AC82C2A98475D3CBCCB6A118A4B03F10A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Seven Servos Software Private Limited, O=Seven Servos Software Private Limited, L=Kanyakumari, S=TamilNadu, C=IN","sourceIndex":"3050","avBlockList":["360 Total Security (20190603)","Avira Internet Security (20190603)","Bitdefender Internet Security (20190603)","COMODO Antivirus (20190603)","Dr.Web Security Space (20190603)","ESET Internet Security (20190603)","G DATA INTERNET SECURITY (20190603)","K7 Total Security (20190603)","Kaspersky Internet Security (20190603)","Malwarebytes Premium (20190603)","McAfee Total Protection (20190603)","Panda Dome (20190603)","Quick Heal Internet Security (20190603)","Sophos Home Premium (20190603)","Tencent PC Manager (20190603)","Trend Micro Internet Security (20190603)","VIPRE Advanced Security (20190603)","VirIT eXplorer PRO (20190603)","Webroot SecureAnywhere (20190603)","Windows Defender (20190603)","Norton Security (20190603)","Avast Internet Security (20190603)","AVG Internet Security (20190603)"],"avAllowList":["F-PROT Antivirus for Windows (20190422)","SpyHunter5 (20190422)"]},{"isRevoked":"False","fileName":"TechUtilities.exe","companyName":"Seven Servos Software Pvt Ltd.","productName":"TechUtilities","productVersion":"2.0.3.9","fileVersion":"2.0.3.9","hashMD5":"361f97b736b4ed9ff0b9936112792c14","hashSHA1":"44816f24d1728fc33935d7074cf3afa1bd4ec8a7","hashSHA256":"9380648690107d7aac2553ad515916092813a84c7acca9ff27e2856321835741","digitalCertThumbprint":"46D7BF6AC82C2A98475D3CBCCB6A118A4B03F10A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Seven Servos Software Private Limited, O=Seven Servos Software Private Limited, L=Kanyakumari, S=TamilNadu, C=IN","sourceIndex":"3050","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google \"browser cleaner\"","landingPage":"http://www.wiki-errors.com/how-to/registry-cleaner.php","directDownloadingLink":"https://www.wiki-errors.com/download4.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.wiki-errors.com/download4.php","sourceIndex":"3050"}],"sampleFiles":["190408/TechUtilities-181112/2.0.3.9/Samples/TechUtilities_Setup_2.1.9-01-CR.exe","190408/TechUtilities-181112/2.0.3.9/Samples/TechUtilities.exe"],"imageFiles":["190408/TechUtilities-181112/2.0.3.9/Images/ACR-048/048.png","190408/TechUtilities-181112/2.0.3.9/Images/ACR-003/003.png","190408/TechUtilities-181112/2.0.3.9/Images/ACR-004/ACR004_freefix.PNG","190408/TechUtilities-181112/2.0.3.9/Images/ACR-004/003.png"],"nonDeceptorImageFiles":["190408/TechUtilities-181112/2.0.3.9/Images/ACR-065/ACR_065_INSTALL.PNG","190408/TechUtilities-181112/2.0.3.9/Images/ACR-065/ACR_065_SOFTWAR.PNG","190408/TechUtilities-181112/2.0.3.9/Images/ACR-002/ACR_002_LANDING_PAGE.mp4"],"guid":"ec439395-053f-4cf7-805c-38e9d350ab18_2.0.3.9_1","appID":"TechUtilities-181112","dateAdded":"190408","deceptorType":"App","name":"Tech Utilities","company":"Seven Servos Software Private Limited","version":"2.0.3.9","sigName":"Deceptor:Win32/TechUtilities!003004048","lastKnownStatus":"Deceptor:2.0.3.9","lastKnownDate":"190603","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-06-03T23:34:41.45046+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2244},{"violations":{"ACR-107":"Website downloads legitimate (but outdated) version of Minecraft, but does not indicate any authorization from the app's publisher aside from mentioning the publisher's name. \n","ACR-014":"Users are led to believe that the version of Minecraft they are downloading is free to play and download, but instead receive a nonfunctional and outdated launcher.\n"},"nonDeceptorViolations":{"ACR-065":"Website contains no obvious links to a EULA or TOS of any kind.\n","ACR-056":"Users are advertised a working version of Minecraft and are given a nonfunctional and outdated launcher.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Googled \"download minecraft free no viruses please thank you\"","landingPage":"https://www.download-free-games.com","ipv4":"","ipv6":"","landingPageWildChar":"https://www.download-free-games.com/star","directDownloadingLinkWildChar":"","sourceIndex":"3101"}],"sampleFiles":[],"imageFiles":["190407/DownloadFreeGames-190405/190405/Images/ACR-107/minecraft1.png","190407/DownloadFreeGames-190405/190405/Images/ACR-107/minecraft2.png","190407/DownloadFreeGames-190405/190405/Images/ACR-014/minecraft1.png","190407/DownloadFreeGames-190405/190405/Images/ACR-014/minecraft2.png"],"nonDeceptorImageFiles":["190407/DownloadFreeGames-190405/190405/Images/ACR-065/minecraft3.png","190407/DownloadFreeGames-190405/190405/Images/ACR-056/minecraft1.png","190407/DownloadFreeGames-190405/190405/Images/ACR-056/minecraft2.png"],"guid":"dbeb3a91-fc83-4f47-a5e6-9871c7d19c41_190405_1","appID":"DownloadFreeGames-190405","dateAdded":"190407","deceptorType":"Download Site","name":"www.download-free-games.com","company":"iWin Inc","version":"190405","sigName":"Deceptor:Affiliate/www.download-free-games.com","lastKnownStatus":"190405","lastKnownDate":"190407","type":"Download Site","category":"Personalization & Search","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"display ads","lastUpdate":"2019-04-20T13:59:56.9536121+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2245},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"SearchIndexr.exe\".\n","ACR-010":"The app installs a malware file name \"SearchIndexr.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system. \n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system.\nThe App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"WRCFree.exe","isInstaller":"True","companyName":"Fix Driver","fileVersion":"1.0","hashMD5":"d8212d38ed446c038c216135ce0ddd0f","hashSHA1":"ab65f220ca48e4c1dd0520ad0c247c772f9f1cfc","hashSHA256":"bb2190f5dca0bb2cfa73a4cf4bb747f308be5bbca4d50cb364bffb283da49bb8","sourceIndex":"3120","avBlockList":["360 Total Security (20190701)","Avast Internet Security (20190701)","AVG Internet Security (20190701)","Avira Internet Security (20190701)","Bitdefender Internet Security (20190701)","COMODO Antivirus (20190701)","Dr.Web Security Space (20190701)","ESET Internet Security (20190701)","G DATA INTERNET SECURITY (20190701)","K7 Total Security (20190701)","Kaspersky Internet Security (20190701)","Malwarebytes Premium (20190701)","McAfee Total Protection (20190701)","Norton Security (20190701)","Panda Dome (20190701)","Quick Heal Internet Security (20190701)","Sophos Home Premium (20190701)","SpyHunter5 (20190418)","Tencent PC Manager (20190701)","Trend Micro Internet Security (20190701)","VIPRE Advanced Security (20190701)","VirIT eXplorer PRO (20190701)","Webroot SecureAnywhere (20190701)","Windows Defender (20190701)"],"avAllowList":["F-PROT Antivirus for Windows (20190418)"]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\Fix Driver\\Fix Driver\\SearchIndexr.exe","companyName":"Microsoft","fileVersion":"8.2","hashMD5":"7c30bc326ed3683cf9f1af347c894dd1","hashSHA1":"6b937c6f8351801b7134077dd29aa758bfee0a88","hashSHA256":"f06d9ef2b0277217267d1d6806c5b4b5596abf83cce985c94e6c84f2c7bd760e","sourceIndex":"3120","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"driver update fix\"","reference":"http://driverfixer.xyz/","landingPage":"http://driverfixer.xyz/","directDownloadingLink":"https://ln.sync.com/dl/7cb3f4e60/mf8gbppj-9fbq8wqw-2yjcghcj-zptnwhbp/view/default/2526996740011","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ln.sync.com/dl/7cb3f4e60/mf8gbppj-9fbq8wqw-2yjcghcj-zptnwhbp/view/default/2526996740011","sourceIndex":"3120"}],"sampleFiles":["190405/A-DriverFixer-190404/1.0.0.0/Samples/WRCFree.exe","190405/A-DriverFixer-190404/1.0.0.0/Samples/SearchIndexr.ex_"],"imageFiles":["190405/A-DriverFixer-190404/1.0.0.0/Images/ACR-010/010.png","190405/A-DriverFixer-190404/1.0.0.0/Images/ACR-042/010.png","190405/A-DriverFixer-190404/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":[],"guid":"ceca2a3b-1723-4b01-9f5f-f36ff3f8acc8_1.0.0.0_1","appID":"A-DriverFixer-190404","dateAdded":"190405","deceptorType":"App","name":"Driver Fixer","company":"Fix Driver","version":"1.0.0.0","sigName":"Deceptor:Win32/DriverFixerXYZ!010014042084","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2019-04-05T15:54:06.961531+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2248},{"violations":{"ACR-010":"Website claims to download driver fixer, but downloads malware instead\n"},"nonDeceptorViolations":{"ACR-010":"The app downloaded from download website is fake driver updater. It installs a malware file name \"SearchIndexr.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.  Example of download link is hxxps://ln.sync.com/dl/7cb3f4e60/mf8gbppj-9fbq8wqw-2yjcghcj-zptnwhbp/view/default/2526996740011\n","ACR-014":"The site makes unsubstantiated claim that downloaded app will scan and update drivers, instead it install a malware file in the system.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"driver update fix\"","reference":"http://driverfixer.xyz/","landingPage":"http://driverfixer.xyz/","ipv4":"","ipv6":"","sourceIndex":"3119"}],"sampleFiles":[],"imageFiles":["190405/DriverFixer-190404/1.0.0.0/Images/ACR-010/010 (1).png"],"nonDeceptorImageFiles":["190405/DriverFixer-190404/1.0.0.0/Images/ACR-010/010.png"],"guid":"a342dd86-2659-4157-a78c-b2565f478fa0_1.0.0.0_1","appID":"DriverFixer-190404","dateAdded":"190405","deceptorType":"Download Site","name":"driverfixer.xyz","company":"Fix Driver","version":"1.0.0.0","sigName":"Deceptor:Affiliate:DriverFixXYZ!010","lastKnownStatus":"Deceptor:190405","lastKnownDate":"190405","type":"Download Site","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2019-04-05T15:57:03.0080642+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2247},{"violations":{"ACR-010":"Site downloads malware when claiming to offer a driver updater\n"},"nonDeceptorViolations":{"ACR-010":"The app downloaded from download website is fake driver updater. It installs a malware file name \"SearchIndexr.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.  Example of download link is hxxps://ln.sync.com/dl/902ac9da0/view/default/2134840010011#wze2uz77-bkghxcrz-sy7hfhkr-tmqukrbk\n","ACR-014":"The site makes unsubstantiated claim that the download app will scan and update drivers, instead it install a malware file in the system.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search \"driver update fix\"","reference":"http://driverupdate.online/","landingPage":"http://driverupdate.online/","ipv4":"","ipv6":"","sourceIndex":"3118"}],"sampleFiles":[],"imageFiles":["190405/DriverUpdate-190404/1.0.0.0/Images/ACR-010/010.png"],"nonDeceptorImageFiles":["190405/DriverUpdate-190404/1.0.0.0/Images/ACR-010/010.png"],"guid":"66f04ad6-74eb-42dd-bf0b-73d058b1b874_1.0.0.0_1","appID":"DriverUpdate-190404","dateAdded":"190405","deceptorType":"Download Site","name":"driverupdate.online","company":"Driver Update Online LLC","version":"1.0.0.0","sigName":"Deceptor:Affiliate/DriverUpdateOnline!010","lastKnownStatus":"Deceptor:190405","lastKnownDate":"190405","type":"Download Site","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2019-04-05T15:57:44.2302272+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2246},{"violations":{"ACR-042":"Unrelated apps are installed without obtaining the consumer's permission through explicit user action. It installs a malware file name \"SearchIndexr.exe\".\n","ACR-010":"The app installs a malware file name \"SearchIndexr.exe\" which is installed in the hidden folder \"AppData\" and memory resident. The malware may download and install other malicious file in the system.\n","ACR-084":"App installs its executable into a hidden directory: c:\\<users>\\AppData folder.\n","ACR-014":"The App makes unsubstantiated claim that app will scan and update drivers, instead it install a malware file in the system.\n"},"nonDeceptorViolations":{"ACR-065":"There is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\nThere is no link for the Apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy information.\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n"},"samples":[{"isRevoked":"False","fileName":"WRCFree.exe","isInstaller":"True","companyName":"Update Drivers","fileVersion":"1.0","hashMD5":"5ad33194f88e1bb8f0b2846ee77fa31e","hashSHA1":"50845b605d6b8718d6d9af073cdfaca788633a50","hashSHA256":"df6f5fd969fcf26d63e056b513e9619e23ce5a193f7f1f02baad4067565115f3","sourceIndex":"3122","avBlockList":["360 Total Security (20190627)","Avast Internet Security (20190627)","AVG Internet Security (20190627)","Avira Internet Security (20190627)","Bitdefender Internet Security (20190627)","COMODO Antivirus (20190627)","Dr.Web Security Space (20190627)","ESET Internet Security (20190627)","G DATA INTERNET SECURITY (20190627)","K7 Total Security (20190627)","Kaspersky Internet Security (20190627)","Malwarebytes Premium (20190627)","McAfee Total Protection (20190627)","Norton Security (20190627)","Panda Dome (20190627)","Quick Heal Internet Security (20190627)","Sophos Home Premium (20190627)","SpyHunter5 (20190415)","Tencent PC Manager (20190627)","Trend Micro Internet Security (20190627)","VIPRE Advanced Security (20190627)","VirIT eXplorer PRO (20190627)","Webroot SecureAnywhere (20190627)","Windows Defender (20190627)"],"avAllowList":["F-PROT Antivirus for Windows (20190415)"]},{"isRevoked":"False","fileName":"C:\\Users\\<username>\\AppData\\Roaming\\UpdateDrivers\\UpdateDrivers\\SearchIndexr.exe","companyName":"Microsoft","fileVersion":"8.2","hashMD5":"ea5164eacd4e34ff28a115bbb636583d","hashSHA1":"11f3f03797200097b1ca2fbc45669060dc988fbb","hashSHA256":"eb1d2d82cebd4c6256a0a2d9ab3fb53deb92d88f73a2dd95059df73c7ea12f59","sourceIndex":"3122","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"driver update fix\"","reference":"https://updatedrivers.xyz/","landingPage":"https://updatedrivers.xyz/","directDownloadingLink":"https://ln.sync.com/dl/05f63fc40/view/default/1780208090011#3u4526zq-9p2yc5j2-ri5q7cmn-mjp49qfm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ln.sync.com/dl/05f63fc40/view/default/1780208090011#3u4526zq-9p2yc5j2-ri5q7cmn-mjp49qfm","sourceIndex":"3122"},{"howFound":"","reference":"","landingPage":"http://driverupdates.xyz/","directDownloadingLink":"https://ln.sync.com/dl/ac3f07650/view/default/2175783820011#h9539vm2-qv93jjc9-4c68j2gq-ua6vqwdw","ipv4":"","ipv6":"","sourceIndex":"3123"}],"sampleFiles":["190404/A-UpdateDrivers-190404/1.0.0.0/Samples/WRCFree.exe","190404/A-UpdateDrivers-190404/1.0.0.0/Samples/SearchIndexr.ex_"],"imageFiles":["190404/A-UpdateDrivers-190404/1.0.0.0/Images/ACR-010/010.png","190404/A-UpdateDrivers-190404/1.0.0.0/Images/ACR-042/010.png","190404/A-UpdateDrivers-190404/1.0.0.0/Images/ACR-084/084.png"],"nonDeceptorImageFiles":[],"guid":"19f7c316-828c-4979-9a39-ec96d05e8378_1.0.0.0_1","appID":"A-UpdateDrivers-190404","dateAdded":"190404","deceptorType":"App","name":"Update Drivers","company":"Update Drivers","version":"1.0.0.0","sigName":"Deceptor:Win32/DriverUpdates!010042014084 ","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2249},{"violations":{"CCR-022":"Call made on 190226 at 3:20PM Eastern Time (US)\n\nViolation 1:  (Screenshot B and C)  At 14:00 into the session, agent says, \"You see all this?  This is what makes the system work slow because whenever you go on the internet and go on different websites, some websites come from bogus things... these things have gotten onto your computer over a period of time, and maybe you have not cleaned the computer.   Your almost 4000 junk files and their all hiding in this location Richard.\"   [Self diagnosis violation]\n\nViolation 2:  {Screenshot A)   At 15:28 into the session, agent says, \"First of all, we need to remove this,  GoTo Opener.  Because this actually comes from 3rd party companies you know who don't have their own remote software.  Have you downloaded this or someone else did it?\"  I respond, \"Someone else did I believe.  We were call other tech support companies as well.  My wife has been at least so she might have let someone on here temporarily.  Similar to how you guys are doing it.  Agent says, \"But this is a 3rd party software and we need to remove this  as well. Hold on.\"  Agent then removes the GoTo Opener himself.  [Self-diagnosis violation]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.callcenter","reference":"Researching call centers","landingPage":"http://www.guruaid.com/","ipv4":"","ipv6":"","landingPageWildChar":"http://www.guruaid.com/*","sourceIndex":"3127"}],"sampleFiles":[],"imageFiles":["190329/Guruaid-190227/190226/Images/CCR-022/A.jpg","190329/Guruaid-190227/190226/Images/CCR-022/B.jpg","190329/Guruaid-190227/190226/Images/CCR-022/C.jpg"],"nonDeceptorImageFiles":[],"guid":"b652e3a4-1dc3-4748-a94c-56752e60a93d_190226_1","appID":"Guruaid-190227","dateAdded":"190329","deceptorType":"Call Center","name":"guruaid.com","company":"Guruaid","version":"190226","sigName":"Deceptor:CallCenter/GuruAid!022","lastKnownDate":"190329","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","lastUpdate":"2019-03-29T02:24:35.0155415+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2251},{"violations":{"ACR-004":"The application shows free results that request pay for subscription fee to fix them.\n","ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying an unverifiable five star review logo.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information. \n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-036":"App does not describe or disclose third party components used in the EULA. The application has the vendor 'Ideakee Inc.' signing the certificates for each installed components but did not disclose that they are the vendor or a partner. \n","ACR-017":"The application's landing page elevates its consumer trust level by displaying multiple software reviewing website logos.\n"},"samples":[{"isRevoked":"False","fileName":"MaxUninstaller_Setup.exe","isInstaller":"True","companyName":"https://www.maxuninstaller.com/                             ","productName":"Max Uninstaller","productVersion":"3.8","fileVersion":"","hashMD5":"e617e5874add4ba24d3dfc04fb03fbb3","hashSHA1":"ac3bc1e11189e071bdb960a8900dd036ee16d441","hashSHA256":"6dd7e45c1b4a5469338d3cabfa176303b58b056ac291fdf069058a446029d820","digitalCertThumbprint":"58EB156CB2B991B1F64E745D015F924D07680A59","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ideakee Inc, O=Ideakee Inc, STREET=\"11-4,Building 7,Hengxiang Garden,No.18 Lijiang Road\", STREET=Qixing, L=Guilin, S=Guangxi, PostalCode=541004, C=CN","sourceIndex":"3125","avBlockList":["360 Total Security (20190624)","Avira Internet Security (20190624)","Dr.Web Security Space (20190624)","ESET Internet Security (20190624)","G DATA INTERNET SECURITY (20190624)","K7 Total Security (20190624)","Malwarebytes Premium (20190624)","McAfee Total Protection (20190624)","Norton Security (20190624)","Panda Dome (20190624)","Quick Heal Internet Security (20190624)","Sophos Home Premium (20190624)","SpyHunter5 (20190429)","VirIT eXplorer PRO (20190624)","Webroot SecureAnywhere (20190624)","Windows Defender (20190624)"],"avAllowList":["Avast Internet Security (20190624)","AVG Internet Security (20190624)","Bitdefender Internet Security (20190624)","COMODO Antivirus (20190624)","F-PROT Antivirus for Windows (20190429)","Kaspersky Internet Security (20190624)","Tencent PC Manager (20190624)","Trend Micro Internet Security (20190624)","VIPRE Advanced Security (20190624)"]},{"isRevoked":"False","fileName":"c:\\program files (x86)\\max uninstaller\\ALMU.exe","companyName":"n/a","productName":"n/a","productVersion":"1.0.0.0","fileVersion":"1.0.0.6","hashMD5":"f7203d7283963ed24c78d586cc8cd0c4","hashSHA1":"3c8cb47826d966d1f2ba384e4094d0473464f906","hashSHA256":"ac9eb558289314e97ec5e62145b3c7003b51c5053f4024c4f87b2333a0a2b530","digitalCertThumbprint":"58EB156CB2B991B1F64E745D015F924D07680A59","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ideakee Inc, O=Ideakee Inc, STREET=\"11-4,Building 7,Hengxiang Garden,No.18 Lijiang Road\", STREET=Qixing, L=Guilin, S=Guangxi, PostalCode=541004, C=CN","sourceIndex":"3125","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.offervault.com/ (Category: Software, Payment: Any)","landingPage":"http://maxuninstaller.com/","directDownloadingLink":"http://maxuninstaller.com/MaxUninstaller_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://maxuninstaller.com/MaxUninstaller_Setup.exe","sourceIndex":"3125"}],"sampleFiles":["190329/MaxUninstaller-180209/3.8/Samples/MaxUninstaller_Setup.exe","190329/MaxUninstaller-180209/3.8/Samples/ALMU.exe"],"imageFiles":["190329/MaxUninstaller-180209/3.8/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-004/MaxUninstaller ACR_004 Software 2.png","190329/MaxUninstaller-180209/3.8/Images/ACR-004/MaxUninstaller ACR_004 Software 3.png","190329/MaxUninstaller-180209/3.8/Images/ACR-004/MaxUninstaller ACR_004 Software.png"],"nonDeceptorImageFiles":["190329/MaxUninstaller-180209/3.8/Images/ACR-065/ACR_065_INSTALL.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-065/ACR_065_SOFTWARE.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-092/ACR_092_SOFTWARE.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-092/ACR_092_SOFTWARE_SCREENSHOT_1.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-092/ACR_092_SOFTWARE_SCREENSHOT_2.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-099/ACR_099_SOFTWARE.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-036/ACR_036_DOCS_SCREENSHOT_1.PNG","190329/MaxUninstaller-180209/3.8/Images/ACR-036/ACR_036_DOCS_SCREENSHOT_2.PNG"],"guid":"f07fb76b-c217-465f-861c-a2d9a402d34c_3.8_1","appID":"MaxUninstaller-180209","dateAdded":"190329","deceptorType":"App","name":"Max Uninstaller","company":"MaxUninstaller Inc.","version":"3.8","sigName":"Deceptor:Win32/MaxUninstaller!004","lastKnownStatus":"Deceptor:3.8","lastKnownDate":"190329","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-30T06:15:05.7889597+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2250},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"qbscsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Qbit-System-Care                                            ","productVersion":"1.0.0.2                                           ","fileVersion":"1.0.0.2             ","hashMD5":"92031172abe7f21e3e5afa34f39556ea","hashSHA1":"36eaf34fd8cc12cc1300245ab2161d5ed7a26bd6","hashSHA256":"60d01c634adae3c9e93e79460279e62b5c2cd5c51b5191924baf2b8f7179d58c","digitalCertThumbprint":"E4660F629AA5BC2D2889514F25E8885063FBD1BD","sourceIndex":"3126","avBlockList":["360 Total Security (20190527)","Avast Internet Security (20190527)","AVG Internet Security (20190527)","Avira Internet Security (20190527)","Bitdefender Internet Security (20190527)","COMODO Antivirus (20190527)","Dr.Web Security Space (20190527)","ESET Internet Security (20190527)","G DATA INTERNET SECURITY (20190527)","K7 Total Security (20190527)","Kaspersky Internet Security (20190527)","Malwarebytes Premium (20190527)","McAfee Total Protection (20190527)","Norton Security (20190527)","Panda Dome (20190527)","Quick Heal Internet Security (20190527)","Sophos Home Premium (20190527)","SpyHunter5 (20190429)","Tencent PC Manager (20190527)","Trend Micro Internet Security (20190527)","VIPRE Advanced Security (20190527)","VirIT eXplorer PRO (20190527)","Webroot SecureAnywhere (20190527)","Windows Defender (20190527)"],"avAllowList":["F-PROT Antivirus for Windows (20190429)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Qbit-System-Care for DESKTOP-8QAR3KI\\rtc.exe","productName":"Secure-PC-Tool","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"8910af26e670016a25e4549e2ef31c3c","hashSHA1":"ffd35586fa156112b57d7fc9c08c85a22d4fa91e","hashSHA256":"e9d768fe56510e94da892034072d3193c7ab693795d0771f5d2d6b510c42efd8","digitalCertThumbprint":"E4660F629AA5BC2D2889514F25E8885063FBD1BD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=STELLAR PC SOLUTlONS, O=STELLAR PC SOLUTlONS, STREET=\"DHOLI MANDI, 291 JYOTI FURNITURE, CHOMU\", L=JAIPUR, S=RAJASTHAN, PostalCode=303802, C=IN","sourceIndex":"3126","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"preferred PC protection utility\"","reference":"http://qbitpcutils.xyz/","landingPage":"http://qbitpcutils.xyz/","directDownloadingLink":"http://dl.qbitpcutils.xyz/qbsc/securerc/qbitpcutils_xyz/qbscsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.qbitpcutils.xyz/qbsc/securerc/qbitpcutils_xyz/qbscsetup.exe","sourceIndex":"3126"}],"sampleFiles":["190329/QBITSystemCare-190328/1.0.0.2/Samples/qbscsetup.exe","190329/QBITSystemCare-190328/1.0.0.2/Samples/rtc.exe"],"imageFiles":["190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-042/010.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-048/048.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-003/scan.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-003/main.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-003/048.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-004/scan.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-004/150.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-010/010.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-084/084.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-097/097.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-168/scan.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-168/168.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-057/010.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-055/010.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-059/010.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-161/161.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-099/099.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-150/150.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-171/150.png","190329/QBITSystemCare-190328/1.0.0.2/Images/ACR-171/171.png"],"guid":"fc8aae14-d456-4fa1-9875-e2ab39dc2f1f_1.0.0.2_1","appID":"QBITSystemCare-190328","dateAdded":"190329","deceptorType":"App","name":"QBIT System Care","company":"STELLAR PC SOLUTlONS","version":"1.0.0.2","sigName":"Deceptor:Win32/QBITSystemCare!042048003004010084097168057055059155 ","lastKnownStatus":"Deceptor:1.0.0.2","lastKnownDate":"190329","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-03-30T06:08:19.0922069+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin ","numInFamily":3,"numInAppID":1,"sortOrder":2127},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"qbspsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Qbit Speedup Pro                                            ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"0cf7b74bc2e200dd080ce48a92b4755b","hashSHA1":"db18b6190854e165385c54a78db692514c6655cf","hashSHA256":"59417758c1aba9f02e10f6baac21776b78f199bb45603256631a95ca9340f65c","digitalCertThumbprint":"B182925B44634CEF4262FE8F8148F0AE990511C3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADROlT PC SOLUTIONS, O=ADROlT PC SOLUTIONS, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"497","avBlockList":["360 Total Security (20190527)","Avast Internet Security (20190527)","AVG Internet Security (20190527)","Avira Internet Security (20190527)","Bitdefender Internet Security (20190527)","COMODO Antivirus (20190527)","Dr.Web Security Space (20190527)","ESET Internet Security (20190527)","G DATA INTERNET SECURITY (20190527)","K7 Total Security (20190527)","Kaspersky Internet Security (20190527)","Malwarebytes Premium (20190527)","McAfee Total Protection (20190527)","Norton Security (20190527)","Panda Dome (20190527)","Quick Heal Internet Security (20190527)","Sophos Home Premium (20190527)","SpyHunter5 (20190429)","Tencent PC Manager (20190527)","Trend Micro Internet Security (20190527)","VIPRE Advanced Security (20190527)","VirIT eXplorer PRO (20190527)","Webroot SecureAnywhere (20190527)","Windows Defender (20190527)"],"avAllowList":["F-PROT Antivirus for Windows (20190429)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Qbit Speedup Pro for DESKTOP-8QAR3KI\\rtc.exe","productName":"PC Secure Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"f0f40580f607b87fcbf93237a9683c41","hashSHA1":"90d2bfff4712b9d082552555113a2ae0efe0d324","hashSHA256":"105a5fef7cc2458f3fdfc798a8d11a7f61377845bb277d3f95d09c14d5d00dd7","digitalCertThumbprint":"B182925B44634CEF4262FE8F8148F0AE990511C3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=ADROlT PC SOLUTIONS, O=ADROlT PC SOLUTIONS, STREET=\"WARD NO. 12, SULTANA\", L=JHUNJHUNU, S=RAJASTHAN, PostalCode=333028, C=IN","sourceIndex":"497","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"preferred PC protection utility\"","reference":"http://tunepc.xyz/","landingPage":"http://tunepc.xyz/","directDownloadingLink":"http://dl.tunepc.xyz/qbsp/securerc/tunepc_xyz/qbspsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.tunepc.xyz/qbsp/securerc/tunepc_xyz/qbspsetup.exe","sourceIndex":"497"}],"sampleFiles":["190329/QBITSpeedupPro-190328/1.0.0.0/Samples/qbspsetup.exe","190329/QBITSpeedupPro-190328/1.0.0.0/Samples/rtc.exe"],"imageFiles":["190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-042/010.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-048/048.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-003/scan.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-003/main.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-003/048.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-004/scan.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-004/150.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-010/010.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-017/017.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-084/084.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-097/097.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-168/scan.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-168/168.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-057/010.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-055/010.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-059/010.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-155/010.png"],"nonDeceptorImageFiles":["190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-161/161.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-099/099.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-150/150.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-171/150.png","190329/QBITSpeedupPro-190328/1.0.0.0/Images/ACR-171/171.png"],"guid":"5f8b39c8-d4e9-4b6e-9c23-e095128f3112_1.0.0.0_1","appID":"QBITSpeedupPro-190328","dateAdded":"190329","deceptorType":"App","name":"QBIT Speedup Pro","company":"ADROlT PC SOLUTIONS","version":"1.0.0.0","sigName":"Deceptor:Win32/QBITSpeedupPro!042048003004010017084097168057055059155","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2026-05-04T14:37:21.8806224+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2058},{"violations":{"ACR-003":"The app shows gauges in yellow/red color and uses words \"strongly outdated\", that indicates misleading urgency, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the recurring service to fix out-of-date driver issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-045":"\"Free version\" highlights \"free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. \n","ACR-065":"The application has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\nhttps://engelmann.com/en/eula/?utm_source=setup&utm_medium=referral&utm_campaign=Aufruf%20aus%20Setup\n","ACR-150":"The app's landing page displays Intel, Adobe, CSA, Microsoft partnership that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"DriverUpdater_1.0.6891.14377_Setup.exe","isInstaller":"True","companyName":"Engelmann Software","productName":"Driver Updater","productVersion":"1.0.6891.14377","fileVersion":"1.0.6891.14377","hashMD5":"55f6cc0e35575e35a48715970348d022","hashSHA1":"4fa6b6addb9de5ace7d6abdd159a3a3e25278ca8","hashSHA256":"b353f572423e820dcdbb56917dddd8589064139b7a49ea48d3dab6775fb7eebe","digitalCertThumbprint":"DF02462D99EB710190EEAEC073AA5A80212168F4","sourceIndex":"3077","avBlockList":["360 Total Security (20190425)","Avira Internet Security (20190425)","Bitdefender Internet Security (20190425)","Dr.Web Security Space (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Quick Heal Internet Security (20190425)","Sophos Home Premium (20190425)","Tencent PC Manager (20190425)","Trend Micro Internet Security (20190425)","VIPRE Advanced Security (20190425)","VirIT eXplorer PRO (20190425)","Windows Defender (20190425)"],"avAllowList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","COMODO Antivirus (20190425)","F-PROT Antivirus for Windows (20190425)","Norton Security (20190425)","Panda Dome (20190425)","SpyHunter5 (20190425)","Webroot SecureAnywhere (20190425)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Engelmann Software\\Driver Updater\\DriverUpdater.exe","companyName":"Engelmann Software","productName":"Driver Updater","productVersion":"1.0.18.1113","fileVersion":"1.0.18.1113","hashMD5":"ced194e177be96c05dc2decce8606596","hashSHA1":"9846e31d4a564bc23d133028d997897304cd429b","hashSHA256":"7c067302f9068900a6e0d700a44c86354bfc4ec91cf54a6bc34940444a0308ff","digitalCertThumbprint":"DF02462D99EB710190EEAEC073AA5A80212168F4","sourceIndex":"3077","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"outdated drivers\"","reference":"https://driver-updater.org/en/","landingPage":"https://driver-updater.org/en/","directDownloadingLink":"http://download.engelmann.com/DriverUpdater_1.0.6891.14377_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.engelmann.com/DriverUpdater_1.0.6891.14377_Setup.exe","sourceIndex":"3077"}],"sampleFiles":["190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Samples/DriverUpdater_1.0.6891.14377_Setup.exe","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Samples/DriverUpdater.exe"],"imageFiles":["190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-004/scan.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-004/004.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-004/004_2.png"],"nonDeceptorImageFiles":["190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-045/045_2.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-045/045.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-065/about.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-065/099.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-099/about.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-099/099.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-167/004_2.png","190327/SecuPertsDriverUpdater-180510/1.0.6891.14377/Images/ACR-150/150.png"],"guid":"fa3d2440-f2ef-4479-ba5c-dd2424daf2fa_1.0.6891.14377_1","appID":"SecuPertsDriverUpdater-180510","dateAdded":"190327","deceptorType":"App","name":"SecuPerts Driver Updater","company":"Engelmann Software GmbH","version":"1.0.6891.14377","sigName":"Deceptor:Win32/SecuPertsDriverUpdater!003004","firstVendorContactDate":"190415","firstAppEsteemReplyDate":"190508","firstResolvedDate":"190508","firstResolvedVersion":"1.0.7065.9982","resolved":"TRUE","lastKnownStatus":"Deceptor: 1.0.6891.14377","lastKnownDate":"190327","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-05-08T16:02:24.0190988+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2252},{"violations":{"ACR-003":"The application exaggerates junk files and registry entries as being problems, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of additional payment for Download Warranty which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"RocketFixio.exe","isInstaller":"True","companyName":"AMS Software                                                ","productName":"RocketFixio                                                 ","productVersion":"4","fileVersion":"4","hashMD5":"3837f5304ee94e34f56739623f4929aa","hashSHA1":"6d11511fc9f376401f820fbc1c8c421eac8767c5","hashSHA256":"52d82cf6af511a93318f74ec1625e0c904a56c2fc54abd88e01dd8b9866e50d1","digitalCertThumbprint":"BF45CBDF999BAB12E2CE12062D37072E606706AD","sourceIndex":"3130","avBlockList":["Avira Internet Security (20190620)","Dr.Web Security Space (20190620)","ESET Internet Security (20190620)","G DATA INTERNET SECURITY (20190620)","K7 Total Security (20190620)","Kaspersky Internet Security (20190620)","Malwarebytes Premium (20190620)","McAfee Total Protection (20190620)","Norton Security (20190620)","Panda Dome (20190620)","Quick Heal Internet Security (20190620)","Sophos Home Premium (20190620)","SpyHunter5 (20190425)","VirIT eXplorer PRO (20190620)","Windows Defender (20190620)"],"avAllowList":["360 Total Security (20190620)","Avast Internet Security (20190620)","AVG Internet Security (20190620)","Bitdefender Internet Security (20190620)","COMODO Antivirus (20190620)","F-PROT Antivirus for Windows (20190425)","Tencent PC Manager (20190620)","Trend Micro Internet Security (20190620)","VIPRE Advanced Security (20190620)","Webroot SecureAnywhere (20190620)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\RocketFixio\\RocketFixio.exe","companyName":"AMS Software","productName":"RocketFixio","productVersion":"4","fileVersion":"4.0.0.1001","hashMD5":"7a223ca498e337850b427f3a56d5fad2","hashSHA1":"7247c53d68e834ba190d5a782523a7e52454d78b","hashSHA256":"6097711393de0e756ec306656b66f6084e0602af8e043fb41d1bca5ddec2012f","digitalCertThumbprint":"BF45CBDF999BAB12E2CE12062D37072E606706AD","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=AMS Software, O=AMS Software, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU","sourceIndex":"3130","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"pc scan clean download\"","reference":"https://rocketfixio.com/download.php","landingPage":"https://rocketfixio.com/","directDownloadingLink":"https://rocketfixio.com/RocketFixio.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://rocketfixio.com/RocketFixio.exe","sourceIndex":"3130"}],"sampleFiles":["190327/RocketFixio-190326/4.0.0.0/Samples/RocketFixio.exe","190327/RocketFixio-190326/4.0.0.0/Samples/RocketFixio(main_exe).exe"],"imageFiles":["190327/RocketFixio-190326/4.0.0.0/Images/ACR-003/result.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-003/junk_files.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-003/registries.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-004/result.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-004/registries.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-004/004.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-004/004_2.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-004/171.png"],"nonDeceptorImageFiles":["190327/RocketFixio-190326/4.0.0.0/Images/ACR-161/161.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-171/171.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-099/099.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-099/about.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-099/099_2.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-065/about.png","190327/RocketFixio-190326/4.0.0.0/Images/ACR-065/099_2.png"],"guid":"aca72778-690b-43b2-93c3-bc6bac630647_4.0.0.0_1","appID":"RocketFixio-190326","dateAdded":"190327","deceptorType":"App","name":"RocketFixio","company":"AMS Software","version":"4.0.0.0","sigName":"Deceptor:Win32/RocketFixio!003004","lastKnownStatus":"Deceptor:4.0.0.0","lastKnownDate":"201117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-17T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2253},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"The app shows gauges indicating the invalid registry items have high impact to system and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app. \n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for McAfee Internet Security and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"qbopsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Qbit Optimizer Pro                                          ","productVersion":"1.0.0.0                                           ","fileVersion":"1.0.0.0             ","hashMD5":"55d38e44cbaf149a843410372599d84d","hashSHA1":"0bc42da6dc968fc1a104b47a19a1d35142b42f5a","hashSHA256":"5b17c97fee4ddc7a4d87d3438601487952b0e60f429d613af158a5d3d00832b7","digitalCertThumbprint":"074067B0C482D950E072960711723313080FD305","sourceIndex":"496","avBlockList":["360 Total Security (20190617)","Avast Internet Security (20190617)","AVG Internet Security (20190617)","Avira Internet Security (20190617)","COMODO Antivirus (20190617)","Dr.Web Security Space (20190617)","ESET Internet Security (20190617)","G DATA INTERNET SECURITY (20190617)","K7 Total Security (20190617)","Kaspersky Internet Security (20190617)","Malwarebytes Premium (20190617)","McAfee Total Protection (20190617)","Norton Security (20190617)","Panda Dome (20190617)","Quick Heal Internet Security (20190617)","Sophos Home Premium (20190617)","SpyHunter5 (20190425)","Trend Micro Internet Security (20190617)","VirIT eXplorer PRO (20190617)","Webroot SecureAnywhere (20190617)","Windows Defender (20190617)"],"avAllowList":["Bitdefender Internet Security (20190617)","F-PROT Antivirus for Windows (20190425)","Tencent PC Manager (20190617)","VIPRE Advanced Security (20190617)"]},{"isRevoked":"False","fileName":"C:\\Program Files\\Qbit Optimizer Pro for DESKTOP-8QAR3KI\\rtc.exe","productName":"PC Secure Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"e837d8067a862b419255497332f8490d","hashSHA1":"13b0407c172cb778f8844c7469d4ba29b7861eb9","hashSHA256":"adce267b9e0e470bb90700f4650c4881c4ae2264ad3de1f9267a62082ba82332","digitalCertThumbprint":"074067B0C482D950E072960711723313080FD305","sourceIndex":"496","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Protect Your Computer\" download","reference":"https://sensorstechforum.com/qbit-optimizer-pro-pup/","landingPage":"http://tunepctop.xyz/","directDownloadingLink":"http://dl.tunepctop.xyz/qbop/securerc/tunepctop_xyz/qbopsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.tunepctop.xyz/qbop/securerc/tunepctop_xyz/qbopsetup.exe","sourceIndex":"496"}],"sampleFiles":["190325/QBITOptimizerPro-190325/1.0.0.0/Samples/qbopsetup.exe","190325/QBITOptimizerPro-190325/1.0.0.0/Samples/rtc.exe"],"imageFiles":["190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-042/010.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-048/048.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-003/scan.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-003/048.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-003/003.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-004/scan.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-004/150_171.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-010/010.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-097/097.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-084/084.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-168/scan.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-168/168.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-057/010.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-055/010.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-059/010.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-155/010.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-017/017.png"],"nonDeceptorImageFiles":["190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-161/161.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-150/150_171.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-171/150_171.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-171/171.png","190325/QBITOptimizerPro-190325/1.0.0.0/Images/ACR-099/099.png"],"guid":"d8271135-bfa2-41be-8762-ee3798b79118_1.0.0.0_1","appID":"QBITOptimizerPro-190325","dateAdded":"190325","deceptorType":"App","name":"QBIT Optimizer Pro","company":"GENNEXT PC LOGICS","version":"1.0.0.0","sigName":"Deceptor:Win32/QBITOptimizerPro!003004042048003004010097084168057055059155017 ","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:21.8495856+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2059},{"violations":{"ACR-003":"App is lack of details to substantiate the claims about the outdated driver. e.g no driver version provided\n","ACR-004":"The App requires customer to purchase the recurring service to fix unsubstantiated out-of-date driver issues identified during free scan.\n","ACR-017":"The application's internal offer page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-017":"The application's landing page elevates its user trust level by displaying endorsements such as intel software partner which is unverifiable. After clicking the endorsement (intel software partner) the hyperlink leads to a page stating their site is being held hostage . \n"},"samples":[{"isRevoked":"False","fileName":"Windows Drivers Download Utility Setup.exe","isInstaller":"True","companyName":"LionSea Software                                            ","productName":"Windows Drivers Download Utility","productVersion":"3.3.2","fileVersion":"0.0","hashMD5":"d9cc90ac7c83d9931abd7b9e2579b22d","hashSHA1":"fac8c8e19b96b367151cebc47df40e0734f9ad99","hashSHA256":"5a0689a96e92db9319da38b3cfb8ae9c0c78d2eaf70c06d78855fa6fbbfbf931","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"3132","avBlockList":["Avast Internet Security (20190617)","AVG Internet Security (20190617)","Avira Internet Security (20190617)","COMODO Antivirus (20190617)","Dr.Web Security Space (20190617)","ESET Internet Security (20190617)","G DATA INTERNET SECURITY (20190617)","K7 Total Security (20190617)","Kaspersky Internet Security (20190617)","Malwarebytes Premium (20190617)","McAfee Total Protection (20190617)","Panda Dome (20190617)","Sophos Home Premium (20190617)","SpyHunter5 (20190422)","Trend Micro Internet Security (20190617)","VirIT eXplorer PRO (20190617)","Webroot SecureAnywhere (20190617)","Windows Defender (20190617)","Norton Security (20190617)"],"avAllowList":["360 Total Security (20190617)","Bitdefender Internet Security (20190617)","F-PROT Antivirus for Windows (20190422)","Quick Heal Internet Security (20190617)","Tencent PC Manager (20190617)","VIPRE Advanced Security (20190617)"]},{"isRevoked":"False","fileName":"Windows Drivers Download Utility.exe","companyName":"LionSea","productName":"Windows Drivers Download Utility","productVersion":"n/a","fileVersion":"3.3.2","hashMD5":"97da74ea3c921c5dd80333e08ffbc6af","hashSHA1":"e815d5ab7f48e64a900377dc45fe4785a90aa5ed","hashSHA256":"74fbdb1294dbc5b639639136da13c3212f84aaff94272a7af8f7cfd9f301a5fc","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"3132","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.lionsea.com/product_windowsdriversdownloadutility.php","directDownloadingLink":"http://www.lionsea.com/download/drivers/Windows_Drivers_Download_Utility_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.lionsea.com/download/drivers/Windows_Drivers_Download_Utility_Setup.exe","sourceIndex":"3132"}],"sampleFiles":["190322/WindowsDriversDownloadUtility-180315/3.3.2/Samples/Windows_Drivers_Download_Utility_Setup.exe","190322/WindowsDriversDownloadUtility-180315/3.3.2/Samples/Windows_Drivers_Download_Utility.exe"],"imageFiles":["190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-003/Unsubstantiated Results.png","190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-003/software.PNG","190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-017/acr_017_IO.PNG","190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-004/Purchase required to fix unsubstantiated results..png"],"nonDeceptorImageFiles":["190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-065/acr_065.PNG","190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-065/acr_065_s.PNG","190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-017/acr_017_LP.PNG","190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-099/acr_099_S.PNG","190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-099/acr_099_LP.PNG","190322/WindowsDriversDownloadUtility-180315/3.3.2/Images/ACR-099/acr_099_IO.PNG"],"guid":"fac71586-d773-4c16-be6e-b08d19f0ac24_3.3.2_1","appID":"WindowsDriversDownloadUtility-180315","dateAdded":"190322","deceptorType":"App","name":"WindowsDriversDownloadUtility","company":"LionSea Software","version":"3.3.2","sigName":"Deceptor:Win32/WindowsDriversDownloadUtility!003004017","lastKnownStatus":"Deceptor:3.3.2","lastKnownDate":"190322","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-23T02:22:12.4337452+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2254},{"violations":{"ACR-004":"App provides free scan results but does not provide free fixes. \n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get 60% off as a limited time offer for  UndeletePlus™.\n","ACR-171":"The application's internal offer webpage has additional offers pre-selected.\n"},"samples":[{"isRevoked":"False","fileName":"UndeletePlus.exe","companyName":"Copyright © 2008-2018 eSupport.com ? All Rights Reserved(","fileVersion":"3.0","hashMD5":"f8e22a56ef2dea45c6476f2269e6ae28","hashSHA1":"24dc5ccdb57e9e2b4cfa655edd3d299b8234774f","hashSHA256":"d16b1a9a65e60b3ea223908446d3969689f25b7029e09e6b3d18b7d413e55947","digitalCertThumbprint":"37D3BDE607ADF8EA3B77EB5163A8968B0C4A5AFA","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"eSupport.com, Inc\", O=\"eSupport.com, Inc\", STREET=8540 DAYTON AVE, L=Fort Myers, S=FL, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=4833921, OID.2.5.4.15=Private Organization","sourceIndex":"3124","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"undeleteplus_setup.exe","isInstaller":"True","companyName":"Copyright © 2015 eSupport.com • All Rights Reserved         ","fileVersion":"3.0","hashMD5":"e0900de212d0ef915c093e15370a578e","hashSHA1":"63160bbb732269994cbfcb2a72dc2dda8366b8e9","hashSHA256":"7c1ef603e94c5354f97648b3c361190ff7a5ae5c61b1263e35359b0765ac8de4","digitalCertThumbprint":"37D3BDE607ADF8EA3B77EB5163A8968B0C4A5AFA","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"eSupport.com, Inc\", O=\"eSupport.com, Inc\", STREET=8540 DAYTON AVE, L=Fort Myers, S=FL, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=4833921, OID.2.5.4.15=Private Organization","sourceIndex":"3124","avBlockList":["Dr.Web Security Space (20190401)","ESET Internet Security (20190401)","K7 Total Security (20190401)","Malwarebytes Premium (20190401)","McAfee Total Protection (20190401)","Sophos Home Premium (20190401)","Webroot SecureAnywhere (20190401)","Windows Defender (20190401)"],"avAllowList":["360 Total Security (20190401)","Avast Internet Security (20190401)","AVG Internet Security (20190401)","Avira Internet Security (20190401)","Bitdefender Internet Security (20190401)","COMODO Antivirus (20190401)","F-PROT Antivirus for Windows (20190401)","G DATA INTERNET SECURITY (20190401)","Kaspersky Internet Security (20190401)","Norton Security (20190401)","Panda Dome (20190401)","Quick Heal Internet Security (20190401)","SpyHunter5 (20190401)","Tencent PC Manager (20190401)","Trend Micro Internet Security (20190401)","VIPRE Advanced Security (20190401)","VirIT eXplorer PRO (20190401)"]}],"additionalFiles":[],"sources":[{"howFound":"Partner.Inquiry","reference":"Kevin at Symantec","landingPage":"https://www.undeleteplus.com/","directDownloadingLink":"https://www.undeleteplus.com/download_browser.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.undeleteplus.com/download_browser.php","sourceIndex":"3124"}],"sampleFiles":["190322/UnDeletePlus-180116/3.0.8.1125/Samples/UndeletePlus.exe","190322/UnDeletePlus-180116/3.0.8.1125/Samples/undeleteplus_setup.exe"],"imageFiles":["190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-004/UndeletePlus Files Found.png","190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-004/UndeletePlus Internal Offers Page.png","190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-004/UndeletePlus Register Now.png","190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-004/UndeletePlus Scan Results.png"],"nonDeceptorImageFiles":["190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-065/UndeletePlus About Page.png","190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-161/UndeletePlus Bottom of Landing Page.png","190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-099/UndeletePlus About Page.png","190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-120/ACR_120_UNINSTALL.PNG","190322/UnDeletePlus-180116/3.0.8.1125/Images/ACR-171/UndeletePlus Internal Offers Page.png"],"guid":"5206c39b-ea1d-4c53-9d21-aa19db9ab2b9_3.0.8.1125_1","appID":"UnDeletePlus-180116","dateAdded":"190322","deceptorType":"App","name":"UndeletePlus","company":"eSupport.com, Inc.","version":"3.0.8.1125","sigName":"Deceptor:Win32/UndeletePlus!004","firstVendorContactDate":"190325","firstAppEsteemReplyDate":"190325","firstResolvedDate":"190401","firstResolvedVersion":"3.0.19.329","resolved":"TRUE","lastKnownStatus":"Deceptor:3.0.8.1125; NonCertified:3.0.19.329","lastKnownDate":"190401","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows Vista,Windows XP,Windows 7,Windows 8,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-04-01T19:25:51.0758536+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2255},{"violations":{"ACR-050":"The application appears to circumvent the platform security (UAC) with a scheduled task.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan.\n","ACR-084":"By default installation, app's setting \"automatic scan disabled\", however it creates scheduled task without disclosing it during installation.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-045":"\"Clean your computer for FREE\" highlights \"Free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove \"free\" word.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The app performs system scan automatically without the consumer's action and authorization.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Tech Cleanup\\TechCleanup.exe","companyName":"Tech Cleanup","productName":"Tech Cleanup","productVersion":"1.0.6653.19442","fileVersion":"1.0.6653.19442","hashMD5":"7907a9859af2b2dab44de4c9054d7edc","hashSHA1":"20ac230ac4dfd4fcf258b2a964ad0f72ef61af76","hashSHA256":"8ca01c9074139cc3def05b0d35779f05bc42a17f9d64d56d66a1783c9908dd8f","digitalCertThumbprint":"B2CCB3B5E8CDEED779973D8A9AC42FA56033ADA6","sourceIndex":"3133","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"TechCleanupSetup.exe","isInstaller":"True","companyName":"Tech Cleanup","productName":"Tech Cleanup","productVersion":"1.0.13","fileVersion":"1.0.13","hashMD5":"f5708894027cf7dff6dabd7d57508229","hashSHA1":"5058ccfceed951c48fbcfd8ad1e09ea7489f75f7","hashSHA256":"ae230950b354c3078744a0dd77b268bcbcd0d9ecc7b54520238d607b7aefe88a","digitalCertThumbprint":"B2CCB3B5E8CDEED779973D8A9AC42FA56033ADA6","sourceIndex":"3133","avBlockList":["360 Total Security (20190617)","Avira Internet Security (20190617)","COMODO Antivirus (20190617)","Dr.Web Security Space (20190617)","ESET Internet Security (20190617)","K7 Total Security (20190617)","Kaspersky Internet Security (20190617)","McAfee Total Protection (20190617)","Panda Dome (20190617)","Quick Heal Internet Security (20190617)","Sophos Home Premium (20190617)","SpyHunter5 (20190422)","Trend Micro Internet Security (20190617)","VirIT eXplorer PRO (20190617)","Windows Defender (20190617)","Norton Security (20190617)"],"avAllowList":["Avast Internet Security (20190617)","AVG Internet Security (20190617)","Bitdefender Internet Security (20190617)","F-PROT Antivirus for Windows (20190422)","G DATA INTERNET SECURITY (20190617)","Malwarebytes Premium (20190617)","Tencent PC Manager (20190617)","VIPRE Advanced Security (20190617)","Webroot SecureAnywhere (20190617)"]}],"additionalFiles":[],"sources":[{"howFound":"Affliate Marketing website","reference":"https://www.offervault.com/affiliate-offers/details/offerId/4340226/tech-cleanup-1-pc-monthly-subscription/","landingPage":"https://techcleanup.com/consumer","directDownloadingLink":"https://cdn.techcleanup.com/techcleanup/release/TechCleanupSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdn.techcleanup.com/techcleanup/release/TechCleanupSetup.exe","sourceIndex":"3133"}],"sampleFiles":["190322/TechCleanup-190320/1.0.13.0/Samples/TechCleanup.exe","190322/TechCleanup-190320/1.0.13.0/Samples/TechCleanupSetup.exe"],"imageFiles":["190322/TechCleanup-190320/1.0.13.0/Images/ACR-004/main.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-004/004.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-004/004_2.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-050/050.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-084/084.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-168/168_app.png"],"nonDeceptorImageFiles":["190322/TechCleanup-190320/1.0.13.0/Images/ACR-161/161.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-168/168.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-168/168_2.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-168/168_3.png","190322/TechCleanup-190320/1.0.13.0/Images/ACR-045/045.png"],"guid":"acd0f6da-8a42-4ded-b323-c03a48087698_1.0.13.0_1","appID":"TechCleanup-190320","dateAdded":"190322","deceptorType":"App","name":"Tech Cleanup","company":"TECH CLEANUP, INC.","version":"1.0.13.0","sigName":"Deceptor:Win32/TechCleanup!004084050168","lastKnownStatus":"Deceptor:1.0.13.0","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2256},{"violations":{"ACR-003":"App does not substantiate scan results.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan.\n"},"nonDeceptorViolations":{"ACR-045":"App claims \"FREE DOWNLOAD\", but the functionality that requires consumer payment in order to be activated is not marked clearly in landing page.\n","ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the App.\nThere are no links that shows the app's EULA and/or Terms of Service on the landing page.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how to uninstall the app. \nThe application has no link or information that shows how to uninstall the app. \n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"WinCleanerScannerSetup.exe","isInstaller":"True","companyName":"Business Logic Corporation                                  ","productName":"WinCleaner OneClick Professional Installer                  ","productVersion":"15.0.0.0                                          ","fileVersion":"15.0.0.0            ","hashMD5":"c32461fd1c248ed3aa1466d4e7c8018e","hashSHA1":"a5092e7e2a180d5ea697a439e4cc36520fea25cd","hashSHA256":"a4cdd74e4f93acdd83b0130d2dc5a1508363b127a6ed9ccd28e1829910aa1932","digitalCertThumbprint":"43CC094A04DD387F7F5B421CEB2384DD60B5D382","sourceIndex":"3134","avBlockList":["360 Total Security (20190613)","Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","Dr.Web Security Space (20190613)","ESET Internet Security (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Panda Dome (20190613)","Quick Heal Internet Security (20190613)","Sophos Home Premium (20190613)","SpyHunter5 (20190422)","Trend Micro Internet Security (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)","Norton Security (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","COMODO Antivirus (20190613)","F-PROT Antivirus for Windows (20190422)","G DATA INTERNET SECURITY (20190613)","Tencent PC Manager (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Business Logic Corporation\\WinCleaner OneClick Pro\\WCClean.exe","companyName":"Business Logic Corporation","productName":"WinCleaner OneClick Professional Clean","productVersion":"15.0.0.0","fileVersion":"15.0.0.0","hashMD5":"1327d30524bd59fa3166da4882c2e848","hashSHA1":"193bb81ab88fc2d73e93478999ed73da9dec1545","hashSHA256":"ac367349be4a8567264fa48c4692fe5af575f802afe213f1718182312ab71398","digitalCertThumbprint":"43CC094A04DD387F7F5B421CEB2384DD60B5D382","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Business Logic Corporation, O=Business Logic Corporation, L=Mississauga, S=Ontario, C=CA","sourceIndex":"3134","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"one-click optimization tool for Windows PC\"","reference":"https://www.wincleaner.org/wincleaner-for-windows.html","landingPage":"https://www.wincleaner.org/index.html","directDownloadingLink":"https://www.wincleaner.org/downloadWCScannerGo.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.wincleaner.org/downloadWCScannerGo.php","sourceIndex":"3134"}],"sampleFiles":["190321/WinCleaner-190318/15.0.0.0/Samples/WinCleanerScannerSetup.exe","190321/WinCleaner-190318/15.0.0.0/Samples/WCClean.exe"],"imageFiles":["190321/WinCleaner-190318/15.0.0.0/Images/ACR-003/003.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-004/004.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-004/004_2.png"],"nonDeceptorImageFiles":["190321/WinCleaner-190318/15.0.0.0/Images/ACR-065/about_2.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-065/065.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-045/045.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-099/about.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-099/about_2.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-099/099.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-161/161.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-168/168.png","190321/WinCleaner-190318/15.0.0.0/Images/ACR-168/168_2.png"],"guid":"9d90940d-6b10-47ce-a105-d84140fbf8f9_15.0.0.0_1","appID":"WinCleaner-190318","dateAdded":"190321","deceptorType":"App","name":"WinCleaner","company":"Business Logic Corporation","version":"15.0.0.0","sigName":"Deceptor:Win32/WinCleaner!003004","lastKnownStatus":"Deceptor:15.0.0.0","lastKnownDate":"190321","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-21T18:23:22.6913931+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2257},{"violations":{"ACR-107":"Third party components from \"Auslogis Labs\" are installed without clear license authorization in app's EULA document and install message.\n","ACR-003":"App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-004":"The app does not provide free fixes for regularly recurring results. The app uses the colors and gauges to raise a sense of urgency in the user.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable Ratings and recommendations from CNet, PCWorld and Discovery.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-068":"The price of the product in landing page and internal offer is different.\nThe price of the product in landing page and internal offer is different.\n"},"samples":[{"isRevoked":"False","fileName":"onechere-setup.exe","isInstaller":"True","companyName":"OneCHere                                                    ","productName":"OneCHere OneCHere                                           ","productVersion":"9.2.0.1                                           ","fileVersion":"9.x                 ","hashMD5":"307c2d5bcdcdb540c857cec17691ad2e","hashSHA1":"2bc44211bf024a5d4fc2ce70d099f9156410adae","hashSHA256":"fe5ca8884c8166c9d60882abcc2f8759812b958db6b1cdd9a5bd6d0a03171073","digitalCertThumbprint":"264C57AAAE420C2D121039F38E3DD8B17A37917A","sourceIndex":"3135","avBlockList":["Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","ESET Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Panda Dome (20190613)","Sophos Home Premium (20190613)","Trend Micro Internet Security (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)","360 Total Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","Quick Heal Internet Security (20190613)","SpyHunter5 (20190418)"],"avAllowList":["Bitdefender Internet Security (20190613)","F-PROT Antivirus for Windows (20190418)","Tencent PC Manager (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\OneCHere\\OneCHere\\OneCHere.exe","companyName":"OneCHere","productName":"OneCHere","productVersion":"9.x","fileVersion":"9.2.0.1","hashMD5":"5818150183a1f350ad6730f1ff6311fa","hashSHA1":"3f90e1958268ab6c1a905b58ff3c63c2d129a198","hashSHA256":"1b0635b585bd5b9c05b7148a9df571cecde11fcb1659eda04a6405538b3b70d2","digitalCertThumbprint":"264C57AAAE420C2D121039F38E3DD8B17A37917A","sourceIndex":"3135","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"one-click optimization tool for Windows PC\"","reference":"https://www.oneclickhere.com/","landingPage":"https://www.oneclickhere.com/","directDownloadingLink":"https://www.oneclickhere.com/wp-content/uploads/2017/onechere-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.oneclickhere.com/wp-content/uploads/2017/onechere-setup.exe","sourceIndex":"3135"}],"sampleFiles":["190320/OneCHere-190318/9.2.0.1/Samples/onechere-setup.exe","190320/OneCHere-190318/9.2.0.1/Samples/OneCHere.exe"],"imageFiles":["190320/OneCHere-190318/9.2.0.1/Images/ACR-004/scan.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-004/004.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-004/004_2.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-004/004_4.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-004/004_3.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-004/checkout.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-004/payment.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-003/scan.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-003/scan_2.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-003/privacy_scan.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-107/107.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-017/install.png"],"nonDeceptorImageFiles":["190320/OneCHere-190318/9.2.0.1/Images/ACR-099/099.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-099/about.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-068/068_1.png","190320/OneCHere-190318/9.2.0.1/Images/ACR-068/068_2.png"],"guid":"cc8e0107-64e4-44e0-be9a-5f8169ace3b2_9.2.0.1_1","appID":"OneCHere-190318","dateAdded":"190320","deceptorType":"App","name":"OneCHere","company":"Artie Group s.r.o.","version":"9.2.0.1","sigName":"Deceptor:Win32/OneCHere!003004017107","lastKnownStatus":"Deceptor:9.2.0.1","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2258},{"violations":{"ACR-003":"The app lists registry issues as \"errors\" in red text. This misleads consumers.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-099":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app displays multiple awards that are unable to be verified.\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsements. The app has 5 start awards from software informer, CNET and softpedia which are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"idooPC.exe","companyName":"http://www.idoosoft.com","productName":"idoo PC Cleaner","productVersion":"3.1.2","fileVersion":"1.0","hashMD5":"af939667e7ef48533b51bbb7d386f3ff","hashSHA1":"4ea2909ea0654596df99434e1f73ae3c51893a92","hashSHA256":"bf6922eaa9990cf092827322383c2f59195c6eb5c1a296d596936fa76c5800e6","digitalCertThumbprint":"085423EED259942F541C07877C261CC8F462C49F","digitalCertIssuer":"CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN","digitalCertIssuedTo":"CN=\"Hengyida Information Technology CO.,LTD.\", E=eastrivergroup@yahoo.com, O=\"Hengyida Information Technology CO.,LTD.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"3137","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"idoo-PC-Cleaner_setup.exe","isInstaller":"True","companyName":"idoosoft","productName":"idoo PC Cleaner","productVersion":"3.1.2","fileVersion":"2,0,1,6","hashMD5":"1d856a4bfd36d55ece8dd9f012811e71","hashSHA1":"acc974c32c8573416ee9fc0d960410ccf27d2083","hashSHA256":"a91a56006170958427329b77d1d3c089d41f3197db43f1cd0d34588f951994f3","digitalCertThumbprint":"085423EED259942F541C07877C261CC8F462C49F","digitalCertIssuer":"CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN","digitalCertIssuedTo":"CN=\"Hengyida Information Technology CO.,LTD.\", E=eastrivergroup@yahoo.com, O=\"Hengyida Information Technology CO.,LTD.\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"3137","avBlockList":["Avira Internet Security (20190613)","ESET Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Norton Security (20190613)","Panda Dome (20190613)","Sophos Home Premium (20190613)","Trend Micro Internet Security (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)","360 Total Security (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","SpyHunter5 (20190418)"],"avAllowList":["Avast Internet Security (20190613)","AVG Internet Security (20190613)","Bitdefender Internet Security (20190613)","F-PROT Antivirus for Windows (20190418)","Quick Heal Internet Security (20190613)","Tencent PC Manager (20190613)","VIPRE Advanced Security (20190613)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc cleaner\" page 5 of results https://alternativeto.net/software/pro-pc-cleaner/ was found on the list of apps provided.","landingPage":"http://www.idoosoft.com/pc-cleaner.htm","directDownloadingLink":"http://www.idoosoft.com/software/idoo-PC-Cleaner_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.idoosoft.com/software/idoo-PC-Cleaner_setup.exe","sourceIndex":"3137"}],"sampleFiles":["190320/idooPCCleanerPro-180208/3.1.2/Samples/idooPC.exe","190320/idooPCCleanerPro-180208/3.1.2/Samples/idoo-PC-Cleaner_setup.exe"],"imageFiles":["190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-003/idoo Total Errors.png","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-003/ACR-003_software.JPG"],"nonDeceptorImageFiles":["190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-065/ACR-065_install.JPG","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-065/ACR-065_software.JPG","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-065/ACR-065_landingpage.JPG","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-065/ACR-065_internaloffer.JPG","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-017/ACR-017_landingpage.JPG","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-099/ACR-099_software.JPG","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-099/ACR-099_landingpage.JPG","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-099/ACR-099_internaloffer.JPG","190320/idooPCCleanerPro-180208/3.1.2/Images/ACR-150/ACR-150_landingpage.JPG"],"guid":"f66862dc-e3d1-4ada-a61f-b5f64deae14a_3.1.2_1","appID":"idooPCCleanerPro-180208","dateAdded":"190320","deceptorType":"App","name":"idoo PC Cleaner","company":"idoo-Software Solutions","version":"3.1.2","sigName":"Deceptor:Win32/IdooPCCleaner!003","lastKnownStatus":"Deceptor:3.1.2","lastKnownDate":"190320","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-20T18:22:27.4977187+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2259},{"violations":{"ACR-003":"App does not substantiate the claims about the outdated driver.\n","ACR-004":"The application shows free scan results for drivers that request pay for subscription fee to fix them.\n","ACR-017":"App uses the Microsoft Certified Logo and Intel Software partner in the product image as if these companies endorsed the app instead of the vendor. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n\n","ACR-002":"The app name is not consistent across all points of user interaction.\n\n","ACR-099":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-035":"The application's EULA refers to the software (DriverNavigator) as DriverDr and the vendor as DriverDr.com. \n\n","ACR-017":"App uses the Microsoft Certified Logo and Intel Software partner in the product image as if these companies endorsed the app instead of the vendor. \n","ACR-057":"App pre-checks the acceptance checkbox for the \"automatic upgrade service\" to be added on the purchase.\n"},"samples":[{"isRevoked":"False","fileName":"DriverNavigator_Setup.exe","isInstaller":"True","companyName":"Easeware                                                    ","productName":"Driver Navigator","productVersion":"3.6.9.0","fileVersion":"3.6.9.0","hashMD5":"cb09e31fe546d4a3f5d3144b4d55180f","hashSHA1":"5514fe6c7b7b77b730863d547f9040dc9631cd45","hashSHA256":"d1ebf613408abae59e0a09d3cac6b888ebfaa3d2448b34dbd84707ed81ba0a2e","digitalCertThumbprint":"CDCDAC0BB5F7515042776019A013E09C5D36E84E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Easeware Technology Limited, O=Easeware Technology Limited, L=Tsimshatsui, S=Kowloon, C=HK","sourceIndex":"3136","avBlockList":["Avast Internet Security (20190613)","AVG Internet Security (20190613)","Avira Internet Security (20190613)","ESET Internet Security (20190613)","G DATA INTERNET SECURITY (20190613)","K7 Total Security (20190613)","Kaspersky Internet Security (20190613)","Malwarebytes Premium (20190613)","McAfee Total Protection (20190613)","Panda Dome (20190613)","Sophos Home Premium (20190613)","VirIT eXplorer PRO (20190613)","Webroot SecureAnywhere (20190613)","Windows Defender (20190613)","COMODO Antivirus (20190613)","Dr.Web Security Space (20190613)","Quick Heal Internet Security (20190613)"],"avAllowList":["Bitdefender Internet Security (20190613)","Norton Security (20190613)","Trend Micro Internet Security (20190613)","360 Total Security (20190613)","F-PROT Antivirus for Windows (20190418)","SpyHunter5 (20190418)","Tencent PC Manager (20190613)","VIPRE Advanced Security (20190613)"]},{"isRevoked":"False","fileName":"DriverNavigator.exe","companyName":"Easeware","productName":"Driver Navigator","productVersion":"3.6.9.0","fileVersion":"3.6.9.0","hashMD5":"cdaa56ed59fec7b7523603c525629169","hashSHA1":"a7417b8279c4007917fb85492f65ae5696d412ee","hashSHA256":"b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be","digitalCertThumbprint":"D35C0226BADD7A507B6C6F25B4B3B35FEA8F539D","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Easeware Technology Limited, O=Easeware Technology Limited, L=Mong Kok, S=Kowloon, C=HK","sourceIndex":"3136","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"https://www.offervault.com/affiliate-offers/details/offerId/3494106/driver-navigator/","landingPage":"https://www.drivernavigator.com/landing.php?pmtid=3","directDownloadingLink":"http://cdn.drivernavigator.com/rw/DriverNavigator_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.drivernavigator.com/rw/DriverNavigator_Setup.exe","sourceIndex":"3136"}],"sampleFiles":["190320/DriverNavigator-180212/3.6.9.0/Samples/DriverNavigator_Setup.exe","190320/DriverNavigator-180212/3.6.9.0/Samples/DriverNavigator.exe"],"imageFiles":["190320/DriverNavigator-180212/3.6.9.0/Images/ACR-003/003.png","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-017/017.png","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-004/DriverNavigator ACR_004 Software 2.png","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-004/DriverNavigator ACR_004 Software 3.png","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-004/DriverNavigator ACR_004 Software 4.png","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-004/DriverNavigator ACR_004 Software 5.png","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-004/DriverNavigator ACR_004 Software.png"],"nonDeceptorImageFiles":["190320/DriverNavigator-180212/3.6.9.0/Images/ACR-065/acr_065_I.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-065/acr_065.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-065/acr_065_LP.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-065/acr_065_IO.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-002/acr_002.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-002/app's_name.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-002/internal_offer.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-002/offer_made.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-017/057_017.png","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-099/acr_099.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-099/acr_099_IO.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-035/signature_name_vender.PNG","190320/DriverNavigator-180212/3.6.9.0/Images/ACR-057/057_017.png"],"guid":"f688d7ad-b8f3-4863-9e26-c09b7ed03527_3.6.9.0_1","appID":"DriverNavigator-180212","dateAdded":"190320","deceptorType":"App","name":"Driver Navigator","company":" Easeware","version":"3.6.9.0","sigName":"Deceptor:Win32/DriverNavigator!003004017","lastKnownStatus":"Deceptor:3.6.9.0","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2260},{"violations":{"ACR-004":"The application shows free scan results that request pay for subscription fee to fix them. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-171":"The application's internal offer webpage has an additional offer option pre-selected.\n"},"samples":[{"isRevoked":"False","fileName":"DriversFix_Setup.exe","isInstaller":"True","companyName":"Drivers-Fix.com","productName":"Drivers Fix","productVersion":"6.3.0.0","fileVersion":"6.3.0.0","hashMD5":"e345d89e01136e84982a83abc00fb362","hashSHA1":"bfa97e136ecb5f57035b091e3b561d40a3d0899b","hashSHA256":"eab8db8927d190a304caaf20f642792f5fade47130a77f3062e1abc1aba9ffcc","digitalCertThumbprint":"CDCDAC0BB5F7515042776019A013E09C5D36E84E","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Easeware Technology Limited","sourceIndex":"3139","avBlockList":["Avast Internet Security (20190607)","AVG Internet Security (20190607)","Avira Internet Security (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Panda Dome (20190607)","Sophos Home Premium (20190607)","Trend Micro Internet Security (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)","COMODO Antivirus (20190607)","Dr.Web Security Space (20190607)","Quick Heal Internet Security (20190607)"],"avAllowList":["Bitdefender Internet Security (20190607)","360 Total Security (20190607)","F-PROT Antivirus for Windows (20190415)","SpyHunter5 (20190415)","Tencent PC Manager (20190607)","VIPRE Advanced Security (20190607)"]},{"isRevoked":"False","fileName":"c:\\program files\\drivers-fix.com\\drivers fix\\DriversFix.exe","companyName":"Drivers-Fix.com","productName":"Drivers Fix","productVersion":"6.3.0","fileVersion":"6.3.0","hashMD5":"6969510f122e1686d96b4afc92d0d24d","hashSHA1":"92cd437c4144795df167e4ca47c9b7c1566214e8","hashSHA256":"d5d724f5c1455e592bcb32192196e290317d9999b6520e7ce7bfb571e0b32959","digitalCertThumbprint":"CDCDAC0BB5F7515042776019A013E09C5D36E84E","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Easeware Technology Limited","sourceIndex":"3139","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com(update my drivers)","landingPage":"http://drivers-fix.com/","directDownloadingLink":"http://cdn.drivers-fix.com/DriversFix_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3139"}],"sampleFiles":["190315/DriversFix-180131/6.3.0.0/Samples/DriversFix_Setup.exe","190315/DriversFix-180131/6.3.0.0/Samples/DriversFix.exe"],"imageFiles":["190315/DriversFix-180131/6.3.0.0/Images/ACR-084/ACR_084_SOFTWARE.PNG","190315/DriversFix-180131/6.3.0.0/Images/ACR-004/DriversFix ACR_004 Software 2 .png","190315/DriversFix-180131/6.3.0.0/Images/ACR-004/DriversFix ACR_004 Software 3 .png","190315/DriversFix-180131/6.3.0.0/Images/ACR-004/DriversFix ACR_004 Software 4 .png","190315/DriversFix-180131/6.3.0.0/Images/ACR-004/DriversFix ACR_004 Software 5.png","190315/DriversFix-180131/6.3.0.0/Images/ACR-004/DriversFix ACR_004 Software.png"],"nonDeceptorImageFiles":["190315/DriversFix-180131/6.3.0.0/Images/ACR-065/ACR_065_INSTALL.PNG","190315/DriversFix-180131/6.3.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","190315/DriversFix-180131/6.3.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","190315/DriversFix-180131/6.3.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","190315/DriversFix-180131/6.3.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","190315/DriversFix-180131/6.3.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG"],"guid":"d81ab3fb-e340-414f-9d26-624858fd7efb_6.3.0.0_1","appID":"DriversFix-180131","dateAdded":"190315","deceptorType":"App","name":"DriversFix","company":"Easeware Technology Limited","version":"6.3.0.0","sigName":"Deceptor:Win32/DriversFix!003084","lastKnownStatus":"Deceptor:6.3.0.0","lastKnownDate":"190315","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-03-15T17:57:05.5738219+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2261},{"violations":{"ACR-004":"App shows free scan results of non-permanent items like registry settings and upsells to a paid version, but does not provide free scans.\n","ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying an unverifiable 5 star rating logo from Softpedia.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the Returns and Cancellation Policy.\n","ACR-161":"The applications's support webpage has testimonials that have no links back to a source so consumers can verify if they're real.\nThe landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":" After uninstalling application a webpage opens with information stating that consumer can get a Special One-time Offer for the same program.\n","ACR-035":"The application EULA has the application name listed as 'SOFTWARE and PROGRAM' instead of using the actual application name.\n"},"samples":[{"isRevoked":"False","fileName":"AdvancedFix_Setup.exe","isInstaller":"True","companyName":"Advanced Fix, Inc.","productName":"Advanced Fix","productVersion":"3.1.3.169","fileVersion":"3.1.3.169","hashMD5":"fa15db8684919366c6120a2161a036ff","hashSHA1":"90ab900a8bf5ce7a3b0877868e257eec15bcc9d2","hashSHA256":"d0a684975aed47db004c7ab0ccda83c6d4991d777eac4b2dff5548825236ad42","digitalCertThumbprint":"FD91D6AD22DB69997F337E59FE09E0FE60FBFAAC","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Ideakee Inc","sourceIndex":"3141","avBlockList":["Avira Internet Security (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Sophos Home Premium (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)","COMODO Antivirus (20190607)","Dr.Web Security Space (20190607)","Quick Heal Internet Security (20190607)","SpyHunter5 (20190412)"],"avAllowList":["Avast Internet Security (20190607)","AVG Internet Security (20190607)","Bitdefender Internet Security (20190607)","Panda Dome (20190607)","Trend Micro Internet Security (20190607)","360 Total Security (20190607)","F-PROT Antivirus for Windows (20190412)","Tencent PC Manager (20190607)","VIPRE Advanced Security (20190607)"]},{"isRevoked":"False","fileName":"AdvancedFix.exe","fileVersion":"3.1","hashMD5":"eccc56b82bf203e838ea8827e9d5a006","hashSHA1":"57bd2d23e5c1651ba22b89119aa0c6f50b535bd6","hashSHA256":"320193e71a1d4913dc81a18d7c4c2d4861d18efd79e87b37fca8f36296874ffc","digitalCertThumbprint":"FD91D6AD22DB69997F337E59FE09E0FE60FBFAAC","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ideakee Inc, O=Ideakee Inc, STREET=\"1104# Asphodel Pavilion,Hengxiang Garden 18 LIjiangRoad\", L=Guilin, S=Guangxi, PostalCode=541004, C=CN","sourceIndex":"3141","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com(fix my computer for free)","landingPage":"http://advancedfix.com/","directDownloadingLink":"http://advancedfix.com/AdvancedFix_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://advancedfix.com/AdvancedFix_Setup.exe","sourceIndex":"3141"}],"sampleFiles":["190313/AdvancedFix-171129/3.1.3.169/Samples/AdvancedFix_Setup.exe","190313/AdvancedFix-171129/3.1.3.169/Samples/AdvancedFix.exe"],"imageFiles":["190313/AdvancedFix-171129/3.1.3.169/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","190313/AdvancedFix-171129/3.1.3.169/Images/ACR-004/AdvancedFix ACR_004 Software.png"],"nonDeceptorImageFiles":["190313/AdvancedFix-171129/3.1.3.169/Images/ACR-161/ACR_161_DOCS.PNG","190313/AdvancedFix-171129/3.1.3.169/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","190313/AdvancedFix-171129/3.1.3.169/Images/ACR-092/ACR_092_SOFTWARE.PNG","190313/AdvancedFix-171129/3.1.3.169/Images/ACR-120/ACR_120_UNINSTALL.PNG","190313/AdvancedFix-171129/3.1.3.169/Images/ACR-035/ACR_035_DOCS.PNG"],"guid":"dcaa6f0a-d876-419e-9abb-4b795d04089a_3.1.3.169_1","appID":"AdvancedFix-171129","dateAdded":"190313","deceptorType":"App","name":"Advanced Fix","company":"Advanced Fix, Inc.","version":"3.1.3.169","sigName":"Deceptor:Win32/AdvancedFix!004017","lastKnownStatus":"Deceptor:3.1.3.169","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2264},{"violations":{"ACR-003":"App does not substantiate scan results.\n","ACR-004":"The app shows free scan results of \"Privacy Issues\", but does not provide free fixes. Results are not substantiated.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the landing page.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer. Only that of the merchant is provided.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe landing page has no link or information that shows how to uninstall the app.\nThe internal offers page has no link or information that shows how to uninstall the app.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"NeptuneSystemCare2017.exe","isInstaller":"True","companyName":"www.neptuneutilities.com","productName":"Neptune SystemCare 2017","productVersion":"2.17","fileVersion":"2.17","hashMD5":"3f0bc32daa07eb9107078d35e83327d5","hashSHA1":"62e6a3caac10136f888b635f087064d43f8b92d2","hashSHA256":"8d49d5955468a78233c5a9af2f5493c34fae710eef5fab027083f2b77d2f550f","digitalCertThumbprint":"2C2F949E391AA236860A95E81E39A30D14F32F2D","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Lespeed Technology Ltd.","sourceIndex":"3142","avBlockList":["Avast Internet Security (20190607)","AVG Internet Security (20190607)","Avira Internet Security (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Panda Dome (20190607)","Sophos Home Premium (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)","Dr.Web Security Space (20190607)","Quick Heal Internet Security (20190607)"],"avAllowList":["Bitdefender Internet Security (20190607)","Trend Micro Internet Security (20190607)","360 Total Security (20190607)","COMODO Antivirus (20190607)","F-PROT Antivirus for Windows (20190412)","SpyHunter5 (20190412)","Tencent PC Manager (20190607)","VIPRE Advanced Security (20190607)"]},{"isRevoked":"False","fileName":"Neptune.exe","companyName":"neptuneutilities.com","fileVersion":"2.1","hashMD5":"07da901e5c1ed796191df83bdce7f32c","hashSHA1":"27e2b3ac4f98942643f6d0a9a558d9125790babd","hashSHA256":"7fb939678434930461e065ff2a0c5aafdac357c920bfdf72253d268cb473de0c","digitalCertThumbprint":"2C2F949E391AA236860A95E81E39A30D14F32F2D","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"3142","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (pc optimizer)","landingPage":"https://www.neptuneutilities.com/system-care-2017.html","directDownloadingLink":"https://www.neptuneutilities.com/storage/app/media/exe/NeptuneSystemCare2017.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.neptuneutilities.com/storage/app/media/exe/NeptuneSystemCare2017.exe","sourceIndex":"3142"}],"sampleFiles":["190313/NeptuneSystemcare2017-171122/2.17/Samples/NeptuneSystemCare2017.exe","190313/NeptuneSystemcare2017-171122/2.17/Samples/Neptune.exe"],"imageFiles":["190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-003/NeptuneSystemCare Scan Results.png","190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-004/NeptuneSystemCare Privacy Risks.png","190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-004/NeptuneSystemCare Scan Results.png"],"nonDeceptorImageFiles":["190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-065/ACR-065_install.JPG","190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-065/ACR-065_software.JPG","190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-065/ACR-065_landingpage.JPG","190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-065/ACR-065_internaloffer.JPG","190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-099/NeptuneSystemCare About Page.png","190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-099/NeptuneSystemCare Bottom of Landing Page.png","190313/NeptuneSystemcare2017-171122/2.17/Images/ACR-099/NeptuneSystemCare Bottom of Internal Offers Page.png"],"guid":"92fa584b-908f-4504-8777-79eb7cd76f97_2.17_1","appID":"NeptuneSystemcare2017-171122","dateAdded":"190313","deceptorType":"App","name":"Neptune Systemcare 2017","company":"Neptune Utilities","version":"2.17","sigName":"Deceptor:Win32/NeptuneSystemcare2017!003004","lastKnownStatus":"Deceptor:2.17","lastKnownDate":"190313","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-13T22:27:01.2030499+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2263},{"violations":{"ACR-014":"Driver Status Bar implies an unfair assertion that drivers can be classified as \"ancient\".\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe landing page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe landing page has no link to a webpage that shows how to uninstall the app.\n\nThe internal offer page has no link to a webpage that shows how to uninstall the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"utililabdusetup.exe","isInstaller":"True","companyName":"Utililab GmbH","productName":"DriverUPDATER","productVersion":"2.00","hashMD5":"6832d0bfda83ee9d4dce5a302766d56d","hashSHA1":"a5aa16ff956cd2faec0686d3a17d450272de9ce3","hashSHA256":"341f6ca613b821941fc2b6f978851c2afec83d3f453fd9c7a6ac4d54dc2e9bbe","digitalCertThumbprint":"0261BB94C20E576E26F8168C0B138C7BB04514A2","digitalCertIssuer":"UTN-USERFirst-Object","digitalCertIssuedTo":"Utililab GmbH","sourceIndex":"3140","avBlockList":["Avira Internet Security (20190607)","ESET Internet Security (20190607)","G DATA INTERNET SECURITY (20190607)","K7 Total Security (20190607)","Kaspersky Internet Security (20190607)","Malwarebytes Premium (20190607)","McAfee Total Protection (20190607)","Norton Security (20190607)","Sophos Home Premium (20190607)","VirIT eXplorer PRO (20190607)","Webroot SecureAnywhere (20190607)","Windows Defender (20190607)","Dr.Web Security Space (20190607)","Quick Heal Internet Security (20190607)","SpyHunter5 (20190412)"],"avAllowList":["Avast Internet Security (20190607)","AVG Internet Security (20190607)","Bitdefender Internet Security (20190607)","Panda Dome (20190607)","Trend Micro Internet Security (20190607)","360 Total Security (20190607)","COMODO Antivirus (20190607)","F-PROT Antivirus for Windows (20190412)","Tencent PC Manager (20190607)","VIPRE Advanced Security (20190607)"]},{"isRevoked":"False","fileName":"utililabdu.exe","companyName":"UTILILAB GmbH, (www.UTILILAB.com)","fileVersion":"1.0","hashMD5":"903c60b949ed80af228c3198a4eeb463","hashSHA1":"c20d7b144ab461559802a3daceb2298a73b79c2c","hashSHA256":"b98f53cade8911d75e9a7698b642ed75dee6b1b8aeb5bdd484982cf5c4237ea2","digitalCertThumbprint":"0261BB94C20E576E26F8168C0B138C7BB04514A2","digitalCertIssuer":"CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US","digitalCertIssuedTo":"CN=Utililab GmbH, O=Utililab GmbH, STREET=Schumannstraße 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE","sourceIndex":"3140","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://utililab.com/driverupdater/","directDownloadingLink":"https://utililab.com/downloads/utililabdusetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://utililab.com/downloads/utililabdusetup.exe","sourceIndex":"3140"}],"sampleFiles":["190313/UTILILABDriverUpdater-171212/2.00/Samples/utililabdusetup.exe","190313/UTILILABDriverUpdater-171212/2.00/Samples/utililabdu.exe"],"imageFiles":["190313/UTILILABDriverUpdater-171212/2.00/Images/ACR-014/Utililab Ancient Driver Bar.png"],"nonDeceptorImageFiles":["190313/UTILILABDriverUpdater-171212/2.00/Images/ACR-161/testimonials.PNG"],"guid":"51db4624-d936-4d3e-b881-113dd59c94c3_2.00_1","appID":"UTILILABDriverUpdater-171212","dateAdded":"190313","deceptorType":"App","name":"DriverUpdater","company":"Utililab GmbH","version":"2.00","sigName":"Deceptor:Win32/DriverUpdater!014","lastKnownStatus":"Deceptor:2.00","lastKnownDate":"201113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-13T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2262},{"violations":{"ACR-042":"App installs files from VIPRE AV, but does not disclose this to the consumer.\n","ACR-048":"App installed itself into add/remove programs under a different name.\n","ACR-003":"Product calls the Google updater malware, which raises a false sense of urgency on the consumer to purchase so they can fix.\n","ACR-017":"Mis-use of a Microsoft partner logo, making it look like Microsoft endorses the app.\n","ACR-084":"App installs its executables into a hidden directory: c:\\ProgramData. Although there is a setting to turn off update check, app leaves the task scheduled even when it's turned off.\n","ACR-118":"App retains files after uninstall, and doesn't prompt consumer with directions for cleanup. Files are in a hidden folder.\n"},"nonDeceptorViolations":{"ACR-040":"Installs in a hidden folder C:\\ProgramData\n","ACR-065":"Software has no links to any docs (EULA, Privacy, Returns)\n","ACR-002":"App is installed as PC Cleaner Pro, but shows up in the add/remove programs as PC Cleaners\n","ACR-161":"User quotes are not clickable, and do not provide data as to where they came from.\n","ACR-170":"App claims to have refund policy but no details can be found.\n","ACR-036":"EULA does not disclose use of third-party AV tools (VIPRE)\n"},"samples":[{"isRevoked":"False","fileName":"PCPro-Installer.exe","isInstaller":"True","companyName":"n/a","productName":"PC Cleaner Pro","productVersion":"19.0.0.21","fileVersion":"19.0.0.21","hashMD5":"010185227c7c93a38c8ea9f223e61dbd","hashSHA1":"23aaa849885dbba161cfe8788a76070b5f4b8232","hashSHA256":"125f79c3d03ed92cbf8e20412dae8f0e98140f9adb0b9567cd32579196800311","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"PC Cleaners Inc.","sourceIndex":"3145","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"feed","landingPage":"https://www.pccleanerpro.com/","directDownloadingLink":"https://www.pccleanerpro.com/install/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pccleanerpro.com/install/","sourceIndex":"3145"}],"sampleFiles":["190308/PCCleanerPro-180121/14.0.18.1.19/Samples/PCPro-Installer.exe"],"imageFiles":["190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-048/ACR-048 different name in add remove programs.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-003/ACR-003 calling google updater malware.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-003/ACR-003 malware scanner warnings on google.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-017/ACR-017 misuse of ms partner.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-084/ACR-084 hidden install.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-084/ACR-084 unable to disable task scheduler.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-118/ACR-118 retains files on uninstall.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-042/ACR-042 undisclosed VIPRE dlls.png"],"nonDeceptorImageFiles":["190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-040/ACR-040 install into hidden folder.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-042/ACR-042 undisclosed VIPRE dlls.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-065/ACR-065 no links to docs.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-002/ACR-002 under different name.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-161/ACR-161 no reference for user quotes.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-170/ACR-170 claim refund policy but no details.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-091/ACR-091 no disclosure of VIPRE.png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-036/ACR-036 no disclosure of third party .png","190308/PCCleanerPro-180121/14.0.18.1.19/Images/ACR-073/AZCR-073 offer is opt-out.png"],"guid":"b364d697-e72f-4b9f-ba18-3061b9078594_14.0.18.1.19_1","appID":"PCCleanerPro-180121","dateAdded":"190308","deceptorType":"App","name":"PC Cleaner Pro 2018","company":"PC Cleaners Inc.","version":"14.0.18.1.19","sigName":"Deceptor:Win32/PCCleanerPro!003017042048084118","lastKnownStatus":"Deceptor:14.0.18.6.11,16.0.016","lastKnownDate":"190308","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-03-09T05:34:13.1707549+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":2268},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app has multiple scheduled tasks set in the system's task schedule and the user is unable to disable them from the application interface.\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The application was installed in a Programdata hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"PCPro-Installer.exe","isInstaller":"True","companyName":"PC Cleaners Inc.","productName":"PC Cleaners Pro","productVersion":"21.0.0.2","fileVersion":"21.0.0.2","hashMD5":"d16d4e92066a4a1107f7eb339d073b42","hashSHA1":"bbe10d9411ed153055378f5c18399af21240a23f","hashSHA256":"736ca4456c2e3e855b912332fcda7ca4595ba8af59a8f1ee5bbb24ac4cea79c9","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., O=PC Cleaners Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3144","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCCleaners.exe","companyName":"PC Cleaners Inc.","productName":"PC Cleaners","productVersion":"15.0.0.1","fileVersion":"15.0.0.1","hashMD5":"cc0d6fb8047b93fee9847e7c1b89b6b4","hashSHA1":"bac30d0017851b28c0cf6bd1cd0d8be71d00f1cd","hashSHA256":"bf95c2ae6fd077b474db92bfc7e4c568b57516bdff095de164eec7c66fce8203","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., O=PC Cleaners Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3144","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"New version review","reference":"Existing deceptor review","landingPage":"http://www.pccleaner.com/","directDownloadingLink":"http://pc-cleaners.com/PCPro-Installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pc-cleaners.com/PCPro-Installer.exe","sourceIndex":"3144"}],"sampleFiles":["190308/PCCleanerPro-180121/21.0.0.2/Samples/PCPro-Installer.exe","190308/PCCleanerPro-180121/21.0.0.2/Samples/PCCleaners.exe"],"imageFiles":["190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-084/ACR-084_software.JPG","190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-084/ACR-084_software1.JPG"],"nonDeceptorImageFiles":["190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-040/ACR-040_install.JPG","190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-065/ACR-065_software.JPG","190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-161/ACR-161_landingpage.JPG","190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-161/ACR-161_internaloffer.JPG","190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-088/ACR-088_software.JPG","190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-099/ACR-099_software.JPG","190308/PCCleanerPro-180121/21.0.0.2/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"b364d697-e72f-4b9f-ba18-3061b9078594_21.0.0.2_1","appID":"PCCleanerPro-180121","dateAdded":"190308","deceptorType":"App","name":"PC Cleaner Pro 2018","company":"PC Cleaners Inc.","version":"21.0.0.2","sigName":"Deceptor:Win32/PCCleanerPro!084","lastKnownStatus":"Deceptor:14.0.18.6.11,16.0.016","lastKnownDate":"190308","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-09T05:34:53.2876653+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":2267},{"violations":{"ACR-042":"App installs files from VIPRE AV, but does not disclose this to the consumer.\n","ACR-003":"Product calls the Google updater malware, which raises a false sense of urgency on the consumer to purchase so they can fix.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The application created tasks for VIPRE utilities.\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The application was installed in ProgramData hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCPro-Installer.exe","isInstaller":"True","companyName":"n/a","productName":"PC Cleaners Pro","productVersion":"21.0.0.2","fileVersion":"n/a","hashMD5":"18faba7ce993e41ec65bbb563d2a706d","hashSHA1":"a071de630703ade89a9ac7e790df67c245df277d","hashSHA256":"5fccbbade78d87cddeade9218da1ddee194b5bd9795923ca009b6059d00168a0","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., O=PC Cleaners Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3143","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCCleaners.exe","companyName":"PC Cleaners Inc.","productName":"PC Cleaners","productVersion":"15.0.0.1","fileVersion":"15.0.0.1","hashMD5":"a114cbbf6ba03ab2f0f37eebc9bb2efc","hashSHA1":"13ec8bf13b0192b2aad0968dfd27594c0b705f88","hashSHA256":"7d88d6c558afa2c68ac1aa60bad6fb8dfa0cb793d75f11b1826571f474f0508c","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., O=PC Cleaners Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3143","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"Existing decepter review","landingPage":"https://www.pccleanerpro.com/","directDownloadingLink":"http://pc-cleaners.com/PCPro-Installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pc-cleaners.com/PCPro-Installer.exe","sourceIndex":"3143"}],"sampleFiles":["190308/PCCleanerPro-180121/14.0.18.6.11/Samples/PCPro-Installer.exe","190308/PCCleanerPro-180121/14.0.18.6.11/Samples/PCCleaners.exe"],"imageFiles":["190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-042/ACR_042_SOFTWARE.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-040/ACR_040_INSTALL.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-088/ACR_088_SOFTWARE.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-099/ACR_099_SOFTWARE.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","190308/PCCleanerPro-180121/14.0.18.6.11/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"b364d697-e72f-4b9f-ba18-3061b9078594_14.0.18.6.11_1","appID":"PCCleanerPro-180121","dateAdded":"190308","deceptorType":"App","name":"PC Cleaner Pro 2018","company":"PC Cleaners Inc.","version":"14.0.18.6.11","sigName":"Deceptor:Win32/PCCleanerPro!003042084","lastKnownStatus":"Deceptor:14.0.18.6.11,16.0.016","lastKnownDate":"190308","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-03-09T05:35:39.859072+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":2266},{"violations":{"ACR-042":"App installs files from VIPRE AV, but does not disclose this to the consumer.\n","ACR-004":"App does not provide free fix for the identified issues identified during “Free Scan”.\n","ACR-017":"Mis-use of a Microsoft partner logo, making it look like Microsoft endorses the app.\n","ACR-084":" Although there is a setting to turn off update check, app leaves the task scheduled even when it's turned off.\n"},"nonDeceptorViolations":{"ACR-040":"Installs in a hidden folder C:\\ProgramData. App installs itself into add/remove programs under a different name.\n","ACR-065":"Software has no links to any docs (EULA, Privacy, Returns)\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links that shows the app's Returns and Cancellation Policy.\n","ACR-002":"App is installed as PC Cleaner Pro, but shows up in the add/remove programs as PC Cleaners\n","ACR-161":"User quotes are not clickable, and do not provide data as to where they came from.\n"},"samples":[{"isRevoked":"False","fileName":"PCCleaners.exe","companyName":"PC Cleaners Inc.","fileVersion":"14.0","hashMD5":"4167e116d74c05f0f3ad7ffef2c55f89","hashSHA1":"c31c6b6b6619660033bf45ce91490c55ee43ffbf","hashSHA256":"5196996bb0bc1caabc47af27cd9db7363d1eb818925a40da8490d9b6c8460b45","digitalCertThumbprint":"1123425B511F1E039176C5A654CC9B278607F57B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaner Inc., O=PC Cleaner Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3049","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"app2_eng.exe","isInstaller":"True","fileVersion":"17.0","hashMD5":"7b43e762ce4e7cbcf61a0eee4f2721ed","hashSHA1":"ab2184beb6f979f847fe50ece6cfa91b3e119520","hashSHA256":"6db4bffa6d10fe97df4984e350e879bd3b0311a4fcb8b0badf9da19291357fdd","digitalCertThumbprint":"1123425B511F1E039176C5A654CC9B278607F57B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaner Inc., O=PC Cleaner Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3049","avBlockList":["Avast Internet Security (20190603)","AVG Internet Security (20190603)","Avira Internet Security (20190603)","Bitdefender Internet Security (20190603)","ESET Internet Security (20190603)","G DATA INTERNET SECURITY (20190603)","K7 Total Security (20190603)","Kaspersky Internet Security (20190603)","Malwarebytes Premium (20190603)","McAfee Total Protection (20190603)","Norton Security (20190603)","Panda Dome (20190603)","Sophos Home Premium (20190603)","VirIT eXplorer PRO (20190603)","Webroot SecureAnywhere (20190603)","Windows Defender (20190603)","COMODO Antivirus (20190603)","Dr.Web Security Space (20190603)","Quick Heal Internet Security (20190603)","SpyHunter5 (20190408)","VIPRE Advanced Security (20190603)"],"avAllowList":["Trend Micro Internet Security (20190603)","360 Total Security (20190603)","F-PROT Antivirus for Windows (20190408)","Tencent PC Manager (20190603)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"feed","landingPage":"https://www.pccleanerpro.com/","directDownloadingLink":"https://www.pccleanerpro.com/install/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.pccleanerpro.com/install/","sourceIndex":"3049"}],"sampleFiles":["190308/PCCleanerPro-180121/16.0.0.16/Samples/PCCleaners.exe","190308/PCCleanerPro-180121/16.0.0.16/Samples/app2_eng.exe"],"imageFiles":["190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-017/ACR-017 Software.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-084/ACR-084 software.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-042/ACR-042.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-004/ACR-004 Software.png"],"nonDeceptorImageFiles":["190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-040/ACR-040 Install.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-040/ACR-002 Install different name.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-042/ACR-042 undisclosed VIPRE dlls.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-065/ACR-065 Software Failure.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-065/ACR-065 Landing Page.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-065/ACR-065 Internal Offer.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-002/ACR-002 Install different name.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-161/ACR-161 no reference for user quotes.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-091/ACR-091 no disclosure of VIPRE.png","190308/PCCleanerPro-180121/16.0.0.16/Images/ACR-073/AZCR-073 offer is opt-out.png"],"guid":"b364d697-e72f-4b9f-ba18-3061b9078594_16.0.0.16_1","appID":"PCCleanerPro-180121","dateAdded":"190308","deceptorType":"App","name":"PC Cleaner Pro 2018","company":"PC Cleaners Inc.","version":"16.0.0.16","lastKnownStatus":"Deceptor:14.0.18.6.11,16.0.016","lastKnownDate":"190308","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-06-03T23:40:40.974245+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":4,"sortOrder":2265},{"violations":{"ACR-003":"The application exaggerates the PC's condition as \"Serious\", thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"updatestarrepair_ENU.exe","isInstaller":"True","companyName":"UpdateStar GmbH                                             ","productName":"UpdateStar Repair 9","productVersion":"9.1.4.0","fileVersion":"9.1.4.0","hashMD5":"41c3a856936ea35d60e2d3d7b33192c1","hashSHA1":"5f57ab820b73856d8f867d725b80335f1a45a94f","hashSHA256":"32ade0ab67b93df1e2db0ee80fa9701d1285901b5b5ac925d3f7136d89698033","digitalCertThumbprint":"BBB39898D0A7A577B4EB5E88DB7C128F2C1F0363","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Gneisenaustr. 44/45, L=Berlin, S=Berlin, PostalCode=10961, C=DE","sourceIndex":"3148","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BoostSpeed.exe","companyName":"UpdateStar","productName":"Repair","productVersion":"9.x","fileVersion":"9.1.4.0","hashMD5":"debbf54cc29b041525df171056b70423","hashSHA1":"496b5de59cdbbaf89d1a135b81e2336452803966","hashSHA256":"663540cfc33c41d7bbe1a862905289fd9b538d9efcc8bf944141ff6b825b0896","digitalCertThumbprint":"BBB39898D0A7A577B4EB5E88DB7C128F2C1F0363","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Gneisenaustr. 44/45, L=Berlin, S=Berlin, PostalCode=10961, C=DE","sourceIndex":"3148","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"http://www.shouldiremoveit.com/","landingPage":"http://client.updatestar.com/en/repair/download/","directDownloadingLink":"http://static.updatestar.net/dl/updatestar/repair/updatestarrepair_ENU.exe","directDownloadingLinkWildChar":"http://static.updatestar.net/dl/updatestar/repair/updatestarrepair_ENU.exe","sourceIndex":"3148"}],"sampleFiles":["190307/D-UpdateStarRepair-170527/9.1.4.0/Samples/updatestarrepair_ENU.exe","190307/D-UpdateStarRepair-170527/9.1.4.0/Samples/BoostSpeed.exe"],"imageFiles":["190307/D-UpdateStarRepair-170527/9.1.4.0/Images/ACR-003/acr_003.PNG","190307/D-UpdateStarRepair-170527/9.1.4.0/Images/ACR-003/acr_003_1.PNG"],"nonDeceptorImageFiles":["190307/D-UpdateStarRepair-170527/9.1.4.0/Images/ACR-065/acr_065_LP.PNG","190307/D-UpdateStarRepair-170527/9.1.4.0/Images/ACR-065/acr_065_S.PNG","190307/D-UpdateStarRepair-170527/9.1.4.0/Images/ACR-065/acr_065_IO.PNG","190307/D-UpdateStarRepair-170527/9.1.4.0/Images/ACR-088/acr_088.PNG","190307/D-UpdateStarRepair-170527/9.1.4.0/Images/ACR-099/acr_099_S.PNG","190307/D-UpdateStarRepair-170527/9.1.4.0/Images/ACR-099/acr_099_IO.PNG"],"guid":"986563f2-4ab9-49e3-91b4-d13412c83ca4_9.1.4.0_1","appID":"D-UpdateStarRepair-170527","dateAdded":"190307","deceptorType":"App","name":"UpdateStar Repair9","company":"UpdateStar GmbH","version":"9.1.4.0","sigName":"Deceptor:Win32/UpdateStarRepair9!003","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.0.0,9.1.4.0,10.0.14.0,10.0.16.0","lastKnownDate":"190307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-08T02:24:53.4121145+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2271},{"violations":{"ACR-003":"App does not show any details regarding the scan results for \"System Stability\" or \"Computer Speed\".\n","ACR-004":"The app does not provide free fixes for regularly recurring results. The app uses the colors and gauges to raise a sense of urgency in the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"Main.exe","companyName":"UpdateStar","fileVersion":"10.0","hashMD5":"ddd8e8bea1222367bc00fa3b9502b1a5","hashSHA1":"eb28a32832f35a50d2eb25cdccfefe6466cc36f8","hashSHA256":"3a3b8479af9a0396ee448610fc2851006c69e580cded4d4c463648ee09560db7","digitalCertThumbprint":"CF4EDDBC378090C3396CA2D2BB7F227F879BAAA9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=UpdateStar GmbH, OU=Support, O=UpdateStar GmbH, STREET=Kreuzbergstr. 37-38, L=Berlin, S=Berlin, PostalCode=10965, C=DE","sourceIndex":"3149","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"updatestarrepair_ENU.exe","isInstaller":"True","companyName":"UpdateStar                                                  ","fileVersion":"10.0","hashMD5":"243433dbd3cf4cd1a2acc150cab451fc","hashSHA1":"dfc78d21844743539200949dba9ad099bec1c2c4","hashSHA256":"54788ab797ed4696d3bc46e43af6574c443ceb3bbdb196075fc2599d9ba2d39d","digitalCertThumbprint":"CF4EDDBC378090C3396CA2D2BB7F227F879BAAA9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=UpdateStar GmbH, OU=Support, O=UpdateStar GmbH, STREET=Kreuzbergstr. 37-38, L=Berlin, S=Berlin, PostalCode=10965, C=DE","sourceIndex":"3149","avBlockList":["Avast Internet Security (20190530)","AVG Internet Security (20190530)","Avira Internet Security (20190530)","ESET Internet Security (20190530)","G DATA INTERNET SECURITY (20190530)","K7 Total Security (20190530)","Kaspersky Internet Security (20190530)","Malwarebytes Premium (20190530)","McAfee Total Protection (20190530)","Norton Security (20190530)","Panda Dome (20190530)","Sophos Home Premium (20190530)","VirIT eXplorer PRO (20190530)","Webroot SecureAnywhere (20190530)","Windows Defender (20190530)","360 Total Security (20190530)","COMODO Antivirus (20190530)","Dr.Web Security Space (20190530)","SpyHunter5 (20190408)"],"avAllowList":["Bitdefender Internet Security (20190530)","Trend Micro Internet Security (20190530)","F-PROT Antivirus for Windows (20190408)","Quick Heal Internet Security (20190530)","Tencent PC Manager (20190530)","VIPRE Advanced Security (20190530)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"http://www.shouldiremoveit.com/","landingPage":"http://client.updatestar.com/en/repair/download/","directDownloadingLink":"http://static.updatestar.net/dl/updatestar/repair/updatestarrepair_ENU.exe","directDownloadingLinkWildChar":"http://static.updatestar.net/dl/updatestar/repair/updatestarrepair_ENU.exe","sourceIndex":"3149"}],"sampleFiles":["190307/D-UpdateStarRepair-170527/10.0.16.0/Samples/Main.exe","190307/D-UpdateStarRepair-170527/10.0.16.0/Samples/updatestarrepair_ENU.exe"],"imageFiles":["190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-003/UpdateStar Not Showing Scan Results 1.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-003/UpdateStar Not Showing Scan Results 2.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-004/UpdateStar Internal Offers Page.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-004/UpdateStar Only Some Fixes.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-004/UpdateStar Register.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-004/UpdateStar Scan Results.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-004/UpdateStar Not Showing Scan Results 1.png"],"nonDeceptorImageFiles":["190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-065/UpdateStar Bottom of Landing Page.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-065/UpdateStar About Page.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-065/UpdateStar Bottom of Internal Offers Page.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-099/UpdateStar About Page.png","190307/D-UpdateStarRepair-170527/10.0.16.0/Images/ACR-099/UpdateStar Bottom of Internal Offers Page.png"],"guid":"986563f2-4ab9-49e3-91b4-d13412c83ca4_10.0.16.0_1","appID":"D-UpdateStarRepair-170527","dateAdded":"190307","deceptorType":"App","name":"UpdateStar Repair9","company":"UpdateStar GmbH","version":"10.0.16.0","sigName":"Deceptor:Win32/UpdateStarRepair9!003004","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.0.0,9.1.4.0,10.0.14.0,10.0.16.0","lastKnownDate":"190307","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-08T02:22:27.3923705+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2272},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"updatestarrepair_ENU","isInstaller":"True","companyName":"UpdateStar GmbH","productName":"UpdateStar Repair9","productVersion":"9.1.0.0","fileVersion":"9.1.0.0","hashMD5":"5d5045219363460f7c72dee4aae0aacf","hashSHA1":"1032b9d9c45e38883627ac703929feffcfa62024","hashSHA256":"099a23afb38532ff90478181c0789f01c59aed06058a957807020cb09c450094","digitalCertThumbprint":"BBB39898D0A7A577B4EB5E88DB7C128F2C1F0363","sourceIndex":"3147","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"http://www.shouldiremoveit.com/","landingPage":"http://client.updatestar.com/en/repair/download/","directDownloadingLink":"http://static.updatestar.net/dl/updatestar/repair/updatestarrepair_ENU.exe","sourceIndex":"3147"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"986563f2-4ab9-49e3-91b4-d13412c83ca4_9.1.0.0._1","appID":"D-UpdateStarRepair-170527","dateAdded":"190307","deceptorType":"App","name":"UpdateStar Repair9","company":"UpdateStar GmbH","version":"9.1.0.0.","sigName":"Deceptor:Win32/UpdateStarRepair!003","firstResolvedVersion":"","lastKnownStatus":"Deceptor:9.1.0.0,9.1.4.0,10.0.14.0,10.0.16.0","lastKnownDate":"190307","type":"Windows Executable","lastUpdate":"2019-03-08T02:25:19.8005434+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2270},{"violations":{"ACR-003":"App exaggerates its system health status claiming registry items are problems\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-116":"The application cannot be uninstalled from the platform standard features.\n","ACR-118":"App retains all executables and auto-launch after uninstallation.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe App has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe application's landing page has no link to the EULA and/or Terms of Service. \n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The application does not have a digital signature. unsigned.\n","ACR-157":"The application has no certificate information it is unsigned.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled. \nThe application has no link or information that shows how it can be uninstalled. \n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"QuickGeniePCTuneUp_Setup_1.2.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"7fc9a123db0d9c72ab2b497014fde7f6","hashSHA1":"639af8f496cef702a86ede580364b9da4d07cd16","hashSHA256":"14d058558dfc4631ef35a0715b2181a3ffb4a27fc27c46f1aa13e75b1d283952","sourceIndex":"3150","avBlockList":["Avast Internet Security (20190530)","AVG Internet Security (20190530)","Avira Internet Security (20190530)","ESET Internet Security (20190530)","G DATA INTERNET SECURITY (20190530)","K7 Total Security (20190530)","Kaspersky Internet Security (20190530)","Malwarebytes Premium (20190530)","McAfee Total Protection (20190530)","Norton Security (20190530)","Panda Dome (20190530)","Sophos Home Premium (20190530)","Trend Micro Internet Security (20190530)","VirIT eXplorer PRO (20190530)","Webroot SecureAnywhere (20190530)","Windows Defender (20190530)","360 Total Security (20190530)","COMODO Antivirus (20190530)","Dr.Web Security Space (20190530)","Quick Heal Internet Security (20190530)","SpyHunter5 (20190408)"],"avAllowList":["Bitdefender Internet Security (20190530)","F-PROT Antivirus for Windows (20190408)","Tencent PC Manager (20190530)","VIPRE Advanced Security (20190530)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\QuickGenie PC TuneUp\\QuickGeniePCTuneUp.exe","companyName":"QuickGenie PC TuneUp","fileVersion":"1.0","hashMD5":"cfe3315637688e8b1b4f388d88928805","hashSHA1":"1004c688c71973085f957162aad86c266305f118","hashSHA256":"de068ae14e907330fd7720500dd4b31212049cf72f3c0bb53f2bbb4be0d53935","sourceIndex":"3150","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"PC Cleaner\"","reference":"https://www.quickgenie.support/products/pctuneup?gclid=EAIaIQobChMIv-6muPbu4AIVzCCtBh3i8wCSEAMYASAAEgJIdvD_BwE","landingPage":"https://quickgenie.support/products/pctuneup","directDownloadingLink":"https://www.quickgenie.support/installer/QuickGeniePCTuneUp_Setup_1.2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.quickgenie.support/installer/QuickGeniePCTuneUp_Setup_1.2.exe","sourceIndex":"3150"}],"sampleFiles":["190307/QuickGeniePCTuneUp-190306/1.0.0.0/Samples/QuickGeniePCTuneUp_Setup_1.2.exe","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Samples/QuickGeniePCTuneUp.exe"],"imageFiles":["190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-003/scan.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-004/004.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-004/registration.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-004/payment.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-004/price.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-168/main.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-168/info.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-118/118_2.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-118/118.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-116/118.png"],"nonDeceptorImageFiles":["190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-065/install.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-065/install_2.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-065/info.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-065/no_eula.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-168/168.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-161/161.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-099/info.png","190307/QuickGeniePCTuneUp-190306/1.0.0.0/Images/ACR-099/099.png"],"guid":"3ce95341-bd7f-4b7e-ba58-834131be8a57_1.0.0.0_1","appID":"QuickGeniePCTuneUp-190306","dateAdded":"190307","deceptorType":"App","name":"QuickGenie PC TuneUp","company":"QuickGenie PC TuneUp","version":"1.0.0.0","sigName":"Deceptor:Win32/QuickGeniePCTuneUp!003004168118116","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2269},{"violations":{"ACR-004":"App exaggerates a sense of urgency by using gauges to show free scan results. App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App requests more than an email to get the free trial.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PCTuner.exe","companyName":"Max Secure Software.","fileVersion":"1.0","hashMD5":"82422e5d369a72b381c9e68c2b03b9b3","hashSHA1":"9e42fd1fd8f2a3d373054b7ce58ac7ef2a88e5d3","hashSHA256":"78a4ca8d0d61b0a8543d84c79cd917f6e2be596e953713e34db1d2fde79c4be1","digitalCertThumbprint":"A853EA59BBEB83336BB28EFC71A89C9F9762B3F6","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=tech@maxpcsecure.com, CN=Max Secure Software India Private Ltd., O=Max Secure Software India Private Ltd., STREET=\"10 windsor terrace, clovervillage, wanawadi\", L=Pune, S=Maharashtra, C=IN, OID.1.3.6.1.4.1.311.60.2.1.2=Maharashtra, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72200PN2003PTC017560, OID.2.5.4.15=Private Organization","sourceIndex":"2972","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MaxPCTunerDM.exe","isInstaller":"True","companyName":"Max Secure Software","fileVersion":"1.0","hashMD5":"6147c91728cdb48f66c7d5aa8506b986","hashSHA1":"3c9bddea40bd2616153f47af9e84f4ab74f759dc","hashSHA256":"e12003f958df6e674cd8184ab1e7949866ec96512b21da7236539a74af5a4159","digitalCertThumbprint":"A853EA59BBEB83336BB28EFC71A89C9F9762B3F6","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=tech@maxpcsecure.com, CN=Max Secure Software India Private Ltd., O=Max Secure Software India Private Ltd., STREET=\"10 windsor terrace, clovervillage, wanawadi\", L=Pune, S=Maharashtra, C=IN, OID.1.3.6.1.4.1.311.60.2.1.2=Maharashtra, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72200PN2003PTC017560, OID.2.5.4.15=Private Organization","sourceIndex":"2972","avBlockList":["Avast Internet Security (20190527)","AVG Internet Security (20190527)","Avira Internet Security (20190527)","ESET Internet Security (20190527)","G DATA INTERNET SECURITY (20190527)","K7 Total Security (20190527)","Kaspersky Internet Security (20190527)","Malwarebytes Premium (20190527)","McAfee Total Protection (20190527)","Sophos Home Premium (20190527)","Trend Micro Internet Security (20190527)","VirIT eXplorer PRO (20190527)","Webroot SecureAnywhere (20190527)","Windows Defender (20190527)","360 Total Security (20190527)","COMODO Antivirus (20190527)","Dr.Web Security Space (20190527)"],"avAllowList":["Bitdefender Internet Security (20190527)","Norton Security (20190527)","Panda Dome (20190527)","F-PROT Antivirus for Windows (20190429)","Quick Heal Internet Security (20190527)","SpyHunter5 (20190429)","Tencent PC Manager (20190527)","VIPRE Advanced Security (20190527)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"Review scam report hxxp://www.ripoffreport.com","landingPage":"http://www.maxpcsecure.com/","directDownloadingLink":"http://www.maxpcsecure.com/MaxPCtunerDM.exe","ipv4":"72.32.190.200","directDownloadingLinkWildChar":"http://www.maxpcsecure.com/MaxPCtunerDM.exe","sourceIndex":"2972"},{"howFound":"ResolvedDeceptorList","reference":"Review scam report hxxp://www.ripoffreport.com","landingPage":"http://www.maxpcsecure.com/","directDownloadingLink":"http://www.maxpcsecure.com/MaxPCTunerX64.exe","ipv4":"72.32.190.200","sourceIndex":"2973"}],"sampleFiles":["190303/D-MaxPCTuner-00024/1.0.0.17/Samples/PCTuner.exe","190303/D-MaxPCTuner-00024/1.0.0.17/Samples/MaxPCTunerDM.exe"],"imageFiles":["190303/D-MaxPCTuner-00024/1.0.0.17/Images/ACR-004/ACR-004 Guages.png","190303/D-MaxPCTuner-00024/1.0.0.17/Images/ACR-004/ACR-004 Phone Number.png","190303/D-MaxPCTuner-00024/1.0.0.17/Images/ACR-004/ACR-004 No free trial..gif"],"nonDeceptorImageFiles":[],"guid":"dcfa4856-3b9e-4207-bec9-742136797a41_1.0.0.17_1","appID":"D-MaxPCTuner-00024","dateAdded":"190303","deceptorType":"App","name":"Max PC Tuner","company":"Max Secure Software","version":"1.0.0.17","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.0.0.12;1.0.0.17","lastKnownDate":"190303","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-06-27T17:32:24.7679056+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2273},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MaxPCtunerDM.exe","isInstaller":"True","companyName":"Max Secure Software","fileVersion":"1.0","hashMD5":"e0699cb85fef32ee2a53de3ed4cdd1c1","hashSHA1":"e70b26cd9e0647b94521aecae448907e56922a00","hashSHA256":"dc9a6b958698c37b0c3b4bb0147df1cbd99918d4e39da674cf84ef56e7fec044","digitalCertThumbprint":"BB846F9FFA461002FDB33FAA216D89A6DF168F29","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Max Secure Software India Pvt. Ltd., O=Max Secure Software India Pvt. Ltd., L=Pune, S=Maharashtra, C=IN, SERIALNUMBER=017560, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"3152","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MaxPCTunerX64.exe","isInstaller":"True","companyName":"Max Secure Software                                         ","fileVersion":"1.0","hashMD5":"03c18759d9cf19cad47492e16429ffdc","hashSHA1":"e2a13ef0919ab7df3d8140aa090d61e4f8bd7663","hashSHA256":"a1a66a629c44d69bd681385f5145594c41020a69be42ad0aa1be716b2bdd9a38","digitalCertThumbprint":"7724FAD5DED94592BA1346C45ABB93EE7ECC2998","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=tech@maxpcsecure.com, CN=Max Secure Software India Pvt. Ltd., OU=Development, O=Max Secure Software India Pvt. Ltd., L=Pune, S=MH, C=IN","sourceIndex":"3152","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"Review scam report hxxp://www.ripoffreport.com","landingPage":"http://www.maxpcsecure.com/","directDownloadingLink":"http://www.maxpcsecure.com/MaxPCtunerDM.exe","ipv4":"72.32.190.200","directDownloadingLinkWildChar":"http://www.maxpcsecure.com/MaxPCtunerDM.exe","sourceIndex":"3152"},{"howFound":"Hunt.Sentiment","reference":"Review scam report hxxp://www.ripoffreport.com","landingPage":"http://www.maxpcsecure.com/","directDownloadingLink":"http://www.maxpcsecure.com/MaxPCTunerX64.exe","ipv4":"72.32.190.200","sourceIndex":"3153"}],"sampleFiles":["190303/D-MaxPCTuner-00024/1.0.0.12/Samples/MaxPCtunerDM.exe","190303/D-MaxPCTuner-00024/1.0.0.12/Samples/MaxPCTunerX64.exe"],"imageFiles":["190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-003/ACR-003_Software_EmptyRegistryAsIssues.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-003/ExaggeratedIssues.JPG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-085/ACR-085_Software_TooMuchInfo.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-168/ACR-168_LandingPage_NoMentionOfAdditionalOffers.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-118/ACR-118_Software_FilesLeftBehind.mp4","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-118/ACR-118_Software_FileLeftBehindAfterInstallation.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-118/KeyInstallerLeftOnDesktopAfterUninstallationCompleted.JPG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-INFO/MaxPCTunerUninstallation.mp4"],"nonDeceptorImageFiles":["190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-065/ACR-065_Software_NoEULA.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-161/ACR-161_LandingPage_NoReference.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-167/ACR-167_LandingPage_30DayRefundNotMentionedinEULA.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-166/ACR-166_LandingPage_AutoRenewalNotMentioned.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-166/ACR-166_LandingPage_LicensePeriodDisplayedFarther.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-003/ACR-003_Software_EmptyRegistryAsIssues.PNG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-003/ExaggeratedIssues.JPG","190303/D-MaxPCTuner-00024/1.0.0.12/Images/ACR-168/ACR-168_LandingPage_NoMentionOfAdditionalOffers.PNG"],"guid":"dcfa4856-3b9e-4207-bec9-742136797a41_1.0.0.12_1","appID":"D-MaxPCTuner-00024","dateAdded":"190303","deceptorType":"App","name":"Max PC Tuner","company":"Max Secure Software","version":"1.0.0.12","sigName":"Deceptor:Win32/MaxPCTuner!003118","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.0.0.12;1.0.0.17","lastKnownDate":"190303","type":"Windows Executable","lastUpdate":"2019-03-04T07:13:00.5639275+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2274},{"violations":{"ACR-003":"The application exaggerates scan results and use words \"pose a security risk!\", thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-150":"The app displays \"Gold Microsoft Partner\" logo that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\OO Software\\SafeErase\\oose.exe","companyName":"O&O Software GmbH","productName":"O&O SafeErase","productVersion":"12.11.228","fileVersion":"12.11.228","hashMD5":"ce1e39b00a29427a8113ea37c185f075","hashSHA1":"60ed03a719da6f1d525812f2f7b755a9ce67fdd6","hashSHA256":"87da0f76518a4de9eb9ab628dd7ac976a9728d47210424206cf399e2eb1ecada","digitalCertThumbprint":"1656105BA801A85FCC7596F417F1C2A3F082B7C9","sourceIndex":"2971","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OOSafeEraseProfessional12ENU","isInstaller":"True","companyName":"O&O Software GmbH","productName":"O&O SafeErase Professional","productVersion":"12.0.0","fileVersion":"10.0.0.0","hashMD5":"c5681bac9616f29b9d93e71f6264de5f","hashSHA1":"486f0894f6e3a53d12f270501d2dc41be2564de8","hashSHA256":"b9d797409c79872aa9748ec0e7255d5260d2dd0c3e7bf9676bfca1b52e512f07","sourceIndex":"2971","avBlockList":["Avast Internet Security (20190527)","AVG Internet Security (20190527)","ESET Internet Security (20190527)","G DATA INTERNET SECURITY (20190527)","K7 Total Security (20190527)","Kaspersky Internet Security (20190527)","Malwarebytes Premium (20190527)","McAfee Total Protection (20190527)","Norton Security (20190527)","Panda Dome (20190527)","Sophos Home Premium (20190527)","Trend Micro Internet Security (20190527)","VirIT eXplorer PRO (20190527)","Webroot SecureAnywhere (20190527)","Windows Defender (20190527)","Dr.Web Security Space (20190527)","Quick Heal Internet Security (20190527)"],"avAllowList":["Avira Internet Security (20190527)","Bitdefender Internet Security (20190527)","360 Total Security (20190527)","COMODO Antivirus (20190527)","F-PROT Antivirus for Windows (20190429)","SpyHunter5 (20190429)","Tencent PC Manager (20190527)","VIPRE Advanced Security (20190527)"]}],"additionalFiles":[],"sources":[{"howFound":"Tech Advisor software review","reference":"https://www.techadvisor.co.uk/download/system-desktop-tools/oo-safeerase-professional-11089-64-bit-3330957/","landingPage":"https://www.oo-software.com/en/safeerase-hard-drive-data-secure-deletion","directDownloadingLink":"https://dl5.oo-software.com/files/stub/OOSafeEraseProfessional12ENU.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dl5.oo-software.com/files/stub/OOSafeEraseProfessional12ENU.exe","sourceIndex":"2971"}],"sampleFiles":["190302/OOSafeErase12-190228/12.11.228.0/Samples/oose.exe","190302/OOSafeErase12-190228/12.11.228.0/Samples/OOSafeEraseProfessional12ENU.exe"],"imageFiles":["190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-003/003.png","190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-004/004.png","190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-004/004_2.png","190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-004/004_3.png"],"nonDeceptorImageFiles":["190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-065/no_eula.png","190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-065/065.png","190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-150/150_3.png","190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-150/150.png","190302/OOSafeErase12-190228/12.11.228.0/Images/ACR-150/150_2.png"],"guid":"c8684d51-88a1-414d-aba3-dcfa6ad1731a_12.11.228.0_1","appID":"OOSafeErase12-190228","dateAdded":"190302","deceptorType":"App","name":"O&O SafeErase 12","company":"O","version":"12.11.228.0","sigName":"Deceptor:Win32/SafeErase12!003004","firstVendorContactDate":"190531","firstAppEsteemReplyDate":"190531","firstResolvedDate":"190614","firstResolvedVersion":"14.2.448","resolved":"TRUE","lastKnownStatus":"Deceptor:12.11.228.0","lastKnownDate":"190302","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-29T00:45:07.6172581+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2275},{"violations":{"ACR-048":"The \"cancel\" and \"exit\" button is disabled during installation without any disclosure about why these standard functional buttons be disabled to users.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. Even after disabling schedule scans within the app the schedules still remains in windows task scheduler.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-035":"The app needs to disclose App's name to the consumer in all the docs.\n","ACR-167":"The app only offers a 7 days return policy.\n","ACR-017":"App displays endorsement logo that is issued to company not to specific app. Such app irrelevant endorsement logo misleads user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\XASecuflex\\XASecuflex.exe","companyName":"XA Technologies LLC","productName":"XASecuflex","productVersion":"4.1.9.0","fileVersion":"4.1.9.0","hashMD5":"62d2aa21f42895142d1ec9f6dc062afc","hashSHA1":"89d85498830cb7d31b4146208bb2dd568e2a7dce","hashSHA256":"e3c01d5c1cc5b845dfe4416e0c3fe84ba0482cf059d82b5cdb06a381aa3cdfdd","digitalCertThumbprint":"D013052006573851A12F3854C28A1635153E9346","sourceIndex":"3115","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"XASecuflexSetup.exe","isInstaller":"True","companyName":"XA Technologies LLC","productName":"XASecuflex","productVersion":"4.1.9","fileVersion":"4.1.9","hashMD5":"635bdc7d80fdc29f4a2f66debe4c5d9a","hashSHA1":"1ea9041e7dba5ae952c979efdc2bdd2937f47c92","hashSHA256":"63b333a89bd2eb72ea4b0f77f5efa76d6dc6ab3ea65061e0a03ebba834cd1f7e","digitalCertThumbprint":"D013052006573851A12F3854C28A1635153E9346","sourceIndex":"3115","avBlockList":["Avast Internet Security (20190328)","AVG Internet Security (20190328)","Avira Internet Security (20190328)","ESET Internet Security (20190328)","G DATA INTERNET SECURITY (20190328)","K7 Total Security (20190328)","Kaspersky Internet Security (20190328)","Malwarebytes Premium (20190328)","McAfee Total Protection (20190328)","Norton Security (20190328)","Panda Dome (20190328)","Sophos Home Premium (20190328)","Trend Micro Internet Security (20190328)","VirIT eXplorer PRO (20190328)","Windows Defender (20190328)"],"avAllowList":["Bitdefender Internet Security (20190328)","Webroot SecureAnywhere (20190328)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Deep Threat Scanning\"","reference":"https://xatechnologies.com/xa-secuflex","landingPage":"https://xatechnologies.com/xa-secuflex","directDownloadingLink":"https://s3.amazonaws.com/shieldpartners/DefenceByte/XASecuflexSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/shieldpartners/DefenceByte/XASecuflexSetup.exe","sourceIndex":"3115"}],"sampleFiles":["190226/XASecuflex-190226/4.1.9.0/Samples/XASecuflex.exe","190226/XASecuflex-190226/4.1.9.0/Samples/XASecuflexSetup.exe"],"imageFiles":["190226/XASecuflex-190226/4.1.9.0/Images/ACR-168/main.png","190226/XASecuflex-190226/4.1.9.0/Images/ACR-168/scan.png","190226/XASecuflex-190226/4.1.9.0/Images/ACR-084/084.png","190226/XASecuflex-190226/4.1.9.0/Images/ACR-048/048.png"],"nonDeceptorImageFiles":["190226/XASecuflex-190226/4.1.9.0/Images/ACR-017/017.png","190226/XASecuflex-190226/4.1.9.0/Images/ACR-167/167.png","190226/XASecuflex-190226/4.1.9.0/Images/ACR-035/eula.png","190226/XASecuflex-190226/4.1.9.0/Images/ACR-035/uninstall.png"],"guid":"296af0db-9b20-4ca7-99b8-c6f552c9efda_4.1.9.0_1","appID":"XASecuflex-190226","dateAdded":"190226","deceptorType":"App","name":"XA SecuFlex","company":"XA Technologies LLC","version":"4.1.9.0","sigName":"Deceptor:Win32/XASecuFlex!048084168","firstVendorContactDate":"190409","firstAppEsteemReplyDate":"190409","firstResolvedDate":"190411","firstResolvedVersion":"4.2.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:4.1.9.0; NonCertified:4.2.0.0","lastKnownDate":"190411","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-04-12T01:29:14.1033355+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2276},{"violations":{"ACR-042":"Install does not obtain explicit user action for installing the offered Driver Updater.\n","ACR-048":"App remaps the close functionality.\n","ACR-003":"App exaggerates its system health claims with scary colors and gauges.\n","ACR-004":"App exaggerates a sense of urgency by using gauges to show free scan results. App requires payment for a subscription service in order to fix free scan results.\n","ACR-005":"App impersonates a system prompt to \"recommend\" Driver Updater.\n","ACR-010":"App offers a Deceptor in its install bundle\nApp offers a Deceptor at runtime.\n","ACR-097":"App does not show itself in its own startup manager.\n","ACR-057":"App pre-checks the acceptance checkbox and presents a \"continue\" prompt to the consumer to install a bundled offer.\n","ACR-014":"App uses red and alarming gauges to imply that non-critial tasks like enhancing system performance and managing startup are critical.\n","ACR-055":"Offer for Driver Updater uses a \"continue\" button for the acceptance, which is not an obvious acceptance.\n","ACR-059":"App doesn't mark its offer as an offer, and doesn't specify who is recommending.\n","ACR-155":"App's \"continue\" button in a bundled offer masquerades as part of the committed install flow.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"scposetup.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"d8bbed18e65b36470e2a6e3dd2d941fb","hashSHA1":"3481c8735a373a9059bcd0c43f6b271afd51e3c0","hashSHA256":"4c33983da472798509187946d2f656fb9c33a5a09b42cba6175f793ae2040b8a","digitalCertThumbprint":"7B3FE9C59C4394479D9AD23437E6504227A4BBE8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Care Tools, OU=PC Care TooIs, O=PC Care Tools, POBox=302017, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"486","avBlockList":["Avast Internet Security (20190523)","AVG Internet Security (20190523)","Avira Internet Security (20190523)","ESET Internet Security (20190523)","G DATA INTERNET SECURITY (20190523)","K7 Total Security (20190523)","Kaspersky Internet Security (20190523)","Malwarebytes Premium (20190523)","McAfee Total Protection (20190523)","Norton Security (20190523)","Panda Dome (20190523)","Sophos Home Premium (20190523)","Trend Micro Internet Security (20190523)","VirIT eXplorer PRO (20190523)","Windows Defender (20190523)","360 Total Security (20190523)","COMODO Antivirus (20190523)","Dr.Web Security Space (20190523)","Quick Heal Internet Security (20190523)","SpyHunter5 (20190425)"],"avAllowList":["Bitdefender Internet Security (20190523)","Webroot SecureAnywhere (20190523)","F-PROT Antivirus for Windows (20190425)","Tencent PC Manager (20190523)","VIPRE Advanced Security (20190523)"]},{"isRevoked":"False","fileName":"sdu.exe","companyName":"Secure Driver Updater.","fileVersion":"2.18","hashMD5":"7bad563ec7e4759381be26a3253b73a5","hashSHA1":"ebf631e3beed77116551b25b42d6c39ea991e67a","hashSHA256":"495646c9687ba8e9b373eae3ee1cf13074c3a6f8b7b9ba00337b55db5d78cc75","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"486","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Query","reference":"es lt","landingPage":"http://bitsspeeduptools.live/","directDownloadingLink":"http://dl.bitsspeeduptools.live/scpo/securerc/bitsspeeduptools_live/scposetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.bitsspeeduptools.live/scpo/securerc/bitsspeeduptools_live/scposetup.exe","sourceIndex":"486"}],"sampleFiles":["190226/SystemCleanPro-190225/1.0.0.1/Samples/scposetup.exe","190226/SystemCleanPro-190225/1.0.0.1/Samples/sdu.exe"],"imageFiles":["190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-055/acr-057 059 no clear way to decline not marked as offer.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-042/acr-057 059 no clear way to decline not marked as offer.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-048/acr-048 remaps exit to close.gif","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-003/a cr-003 004 014 gauges .png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-005/acr-059 005 undisclosed recommender looks like system prompt.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-010/acr-010 offers deceptor.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-010/acr-059 005 undisclosed recommender looks like system prompt.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-014/a cr-003 004 014 gauges .png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-004/acr-004 upsells recurring service.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-004/a cr-003 004 014 gauges .png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-097/acr-097 hides in startup manager.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-057/acr-057 059 no clear way to decline not marked as offer.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-059/acr-057 059 no clear way to decline not marked as offer.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-059/acr-059 005 undisclosed recommender looks like system prompt.png","190226/SystemCleanPro-190225/1.0.0.1/Images/ACR-155/acr-057 059 no clear way to decline not marked as offer.png"],"nonDeceptorImageFiles":[],"guid":"24587c56-8f0e-4459-8b7f-eb799cb0ad8c_1.0.0.1_1","appID":"SystemCleanPro-190225","dateAdded":"190226","deceptorType":"App","name":"System Clean Pro","company":"PC Care Tools","version":"1.0.0.1","sigName":"Deceptor:Win32/SystemCleanPro!003004005010014042048055057059155","lastKnownStatus":"Deceptor:1.0.0.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T18:32:05.1713528+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2060},{"violations":{"ACR-004":"App only provides free fixes for some of the scan results shown and uses the unused scan results to upsell the consumer to a subscription service.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, or the Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, or the Returns and Cancellation Policy.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"registrywizard_setup.exe","isInstaller":"True","companyName":"eSupport.com, Inc                                           ","fileVersion":"3.4","hashMD5":"3aa19a77fe5f92b03400b88cb6290e48","hashSHA1":"7c072e5d1b627690f91ec145e14eea2accaae2ca","hashSHA256":"281498414c0a7d39e8c9b00c58988cc0ec67ba0542e9458992241fbe4ace07b3","digitalCertThumbprint":"37D3BDE607ADF8EA3B77EB5163A8968B0C4A5AFA","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"eSupport.com, Inc\", O=\"eSupport.com, Inc\", STREET=8540 DAYTON AVE, L=Fort Myers, S=FL, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=4833921, OID.2.5.4.15=Private Organization","sourceIndex":"3138","avBlockList":["Avira Internet Security (20190309)","ESET Internet Security (20190309)","K7 Total Security (20190309)","Kaspersky Internet Security (20190309)","Malwarebytes Premium (20190309)","McAfee Total Protection (20190309)","Norton Security (20190309)","Sophos Home Premium (20190309)","Trend Micro Internet Security (20190309)","VirIT eXplorer PRO (20190309)","Webroot SecureAnywhere (20190309)"],"avAllowList":["Avast Internet Security (20190309)","AVG Internet Security (20190309)","Bitdefender Internet Security (20190309)","G DATA INTERNET SECURITY (20190309)","Panda Dome (20190309)","Windows Defender (20190309)"]},{"isRevoked":"False","fileName":"regwiz.exe","companyName":"eSupport.com","fileVersion":"3.4","hashMD5":"bf46f9dabd94c924201480effec9750d","hashSHA1":"80f9c268242d01d5207646f4c1287e95adb46a63","hashSHA256":"63c5d51be8b73453e3cc8e3f3d022b3feb3392bdce2d6afd64e787b02e797a79","digitalCertThumbprint":"37D3BDE607ADF8EA3B77EB5163A8968B0C4A5AFA","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"eSupport.com, Inc\", O=\"eSupport.com, Inc\", STREET=8540 DAYTON AVE, L=Fort Myers, S=FL, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=4833921, OID.2.5.4.15=Private Organization","sourceIndex":"3138","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.top4download.com","landingPage":"https://www.registrywizard.com/","directDownloadingLink":"https://www.registrywizard.com/files/registrywizard_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.registrywizard.com/files/registrywizard_setup.exe","sourceIndex":"3138"}],"sampleFiles":["190223/RegistryWizard-171010/3.4.18.920/Samples/registrywizard_setup.exe","190223/RegistryWizard-171010/3.4.18.920/Samples/regwiz.exe"],"imageFiles":["190223/RegistryWizard-171010/3.4.18.920/Images/ACR-004/Registry Wizard Repair Report.png","190223/RegistryWizard-171010/3.4.18.920/Images/ACR-004/Registry Wizard Scan Results.png","190223/RegistryWizard-171010/3.4.18.920/Images/ACR-004/Regsitry Wizard Internal Offers Page.png","190223/RegistryWizard-171010/3.4.18.920/Images/ACR-004/Regisrty Wizard Does Not Provide Free Fixes For All Scans.gif"],"nonDeceptorImageFiles":["190223/RegistryWizard-171010/3.4.18.920/Images/ACR-065/Registry Wizard About Page.png","190223/RegistryWizard-171010/3.4.18.920/Images/ACR-065/Registry Wizard Bottom Of Landing Page.png","190223/RegistryWizard-171010/3.4.18.920/Images/ACR-065/Registry Wizard Bottom of Internal Offers Page.png","190223/RegistryWizard-171010/3.4.18.920/Images/ACR-099/Registry Wizard About Page.png","190223/RegistryWizard-171010/3.4.18.920/Images/ACR-099/Registry Wizard Bottom Of Landing Page.png","190223/RegistryWizard-171010/3.4.18.920/Images/ACR-099/Registry Wizard Bottom of Internal Offers Page.png"],"guid":"5bb9c25d-3675-41ba-9c1d-4578a56e1e0c_3.4.18.920_1","appID":"RegistryWizard-171010","dateAdded":"190223","deceptorType":"App","name":"Registry Wizard","company":"eSupport.com, Inc.","version":"3.4.18.920","sigName":"Deceptor:Win32/RegistryWizard!004","firstVendorContactDate":"190228","firstAppEsteemReplyDate":"190228","firstResolvedDate":"190320","firstResolvedVersion":"3.5.19.315","resolved":"TRUE","lastKnownStatus":"Deceptor:3.4.18.920","lastKnownDate":"190223","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-20T16:38:28.2430268+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2277},{"violations":{"ACR-003":"The application uses the color red to increase urgency for non-urgent \"issues\" and uses the words errors and problems to raise urgency, thereby misleading or scaring user to take action.\n","ACR-017":"The landing has a link to an award webpage that has logos from 5 star rating website that has no link to verify if they are real.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to the privacy policy information.\nThe application has no link to the EULA or Privacy policy information.\n","ACR-099":"The internal offer shopping cart webpage has no link to uninstall information.\nThe landing page has no link to uninstall information.\nThe application has no link to uninstall information.\n","ACR-167":"The application EULA  has no information that states the company provides a refund with a 30 days or more limit.\n","ACR-064":"The landing page has 'Free Instant Scan' button but does not provide a clearly-labelled download button.\n","ACR-171":"The internal offer shopping cart webpage has an option for 'Extended license' pre-selected.\n","ACR-003":"The application uses the color red to increase urgency for non-urgent \"issues\" and uses the words errors and problems to raise urgency, thereby misleading or scaring user to take action.\n","ACR-017":"The landing has a link to an award webpage that has logos from 5 star rating website that has no link to verify if they are real.\n"},"samples":[{"isRevoked":"False","fileName":"registrywizard_setup.exe","isInstaller":"True","companyName":"eSupport.com, Inc.","productName":"RegistryWizard","productVersion":"3.2.17.331","fileVersion":"3.2.17.331","hashMD5":"8007242e511a9899fe9bc79a836a8cc6","hashSHA1":"8248c08e5ecadceddcc154b8982df03b42453067","hashSHA256":"757159032e4b589cda79203482bee589caa1e20eb30a55f156f70d2f1f8a519b","digitalCertThumbprint":"7C018B1FC905308BFB1ECB7E22339E0739563C24","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G2","digitalCertIssuedTo":"eSupport.com, Inc.","sourceIndex":"3815","avBlockList":["Avast Internet Security (20190309)","AVG Internet Security (20190309)","Avira Internet Security (20190309)","ESET Internet Security (20190309)","G DATA INTERNET SECURITY (20190309)","K7 Total Security (20190309)","Kaspersky Internet Security (20190309)","Malwarebytes Premium (20190309)","McAfee Total Protection (20190309)","Norton Security (20190309)","Panda Dome (20190309)","Sophos Home Premium (20190309)","Trend Micro Internet Security (20190309)","VirIT eXplorer PRO (20190309)","Webroot SecureAnywhere (20190309)","Windows Defender (20190309)"],"avAllowList":["Bitdefender Internet Security (20190309)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.top4download.com","landingPage":"https://www.registrywizard.com/","directDownloadingLink":"https://www.registrywizard.com/files/registrywizard_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3815"}],"sampleFiles":[],"imageFiles":["171027/RegistryWizard-171010/3.2.17.331/Images/ACR-003/ACR-003_SOFTWARE.PNG","171027/RegistryWizard-171010/3.2.17.331/Images/ACR-017/ACR-017_LANDING_PAGE.PNG"],"nonDeceptorImageFiles":["171027/RegistryWizard-171010/3.2.17.331/Images/ACR-065/ACR-065_INSTALL.PNG","171027/RegistryWizard-171010/3.2.17.331/Images/ACR-167/ACR-167_DOCS.PNG","171027/RegistryWizard-171010/3.2.17.331/Images/ACR-064/ACR-064_LANDING_PAGE.PNG","171027/RegistryWizard-171010/3.2.17.331/Images/ACR-171/ACR-171_INTERNAL_OFFERS.PNG","171027/RegistryWizard-171010/3.2.17.331/Images/ACR-003/ACR-003_SOFTWARE.PNG","171027/RegistryWizard-171010/3.2.17.331/Images/ACR-017/ACR-017_LANDING_PAGE.PNG"],"guid":"5bb9c25d-3675-41ba-9c1d-4578a56e1e0c_3.2.17.331_1","appID":"RegistryWizard-171010","dateAdded":"190223","deceptorType":"App","name":"Registry Wizard","company":"eSupport.com, Inc.","version":"3.2.17.331","sigName":"Win32:Deceptor/RegistryWizard!003","firstVendorContactDate":"190228","firstAppEsteemReplyDate":"190228","firstResolvedDate":"190320","firstResolvedVersion":"3.5.19.315","resolved":"TRUE","lastKnownStatus":"Deceptor:3.4.18.920","lastKnownDate":"190223","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-03-20T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2278},{"violations":{"ACR-043":"The app installs “SPAMfighter HTML Engine” component without disclosure in EULA.\n","ACR-003":"The app shows gauges in yellow and red color that indicates misleading urgency, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to pay to fix the non-permanent issues identified during free scan. The update button is not visible but clickable if mouse-over. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-002":"The app name is not consistent across all points of user interaction. It shows 3 different names \"Defencebyte Driver Updater\", Defencebyte Driver Fixer\" and \"WST Driver Updater\".\nThe app name is not consistent across all points of user interaction. It shows 3 different names \"Defencebyte Driver Updater\", Defencebyte Driver Fixer\" and \"WST Driver Updater\".\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get $10 Off the regular price of Defencebyte Driver Updater.\n"},"samples":[{"isRevoked":"False","fileName":"defencebyte_driver_updater.exe","isInstaller":"True","companyName":"WST Driver Updater","productName":"defencebyte Driver Fixer 1800 601 7631","productVersion":"1.4.0","fileVersion":"1.4.0","hashMD5":"eeef1d9962a77ae88cc898ef739d75d2","hashSHA1":"0ac1ca1796a4072b5129771241b8ff29bcab7c2b","hashSHA256":"25e0a0177a2de8a93fad869feb5500b83b72177c524337d250f7dc5954b96016","digitalCertThumbprint":"FED74E482B3E0D2491092097DD4767599D2329DD","sourceIndex":"3170","avBlockList":["Avast Internet Security (20190520)","AVG Internet Security (20190520)","Avira Internet Security (20190520)","ESET Internet Security (20190520)","K7 Total Security (20190520)","Kaspersky Internet Security (20190520)","Malwarebytes Premium (20190520)","McAfee Total Protection (20190520)","Norton Security (20190520)","Panda Dome (20190520)","Sophos Home Premium (20190520)","VirIT eXplorer PRO (20190520)","Webroot SecureAnywhere (20190520)","Windows Defender (20190520)","360 Total Security (20190520)","Dr.Web Security Space (20190520)"],"avAllowList":["Bitdefender Internet Security (20190520)","G DATA INTERNET SECURITY (20190520)","Trend Micro Internet Security (20190520)","COMODO Antivirus (20190520)","F-PROT Antivirus for Windows (20190422)","Quick Heal Internet Security (20190520)","SpyHunter5 (20190422)","Tencent PC Manager (20190520)","VIPRE Advanced Security (20190520)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\defencebyte\\defencebyte Driver Fixer 1800 601 7631\\defencebyte Driver Fixer 1800 601 7631.exe","companyName":"WST Driver Updater","productName":"defencebyte Driver Fixer 1800 601 7631","productVersion":"1.1.174.3","fileVersion":"1.1.174.3","hashMD5":"1067623c6722c634b082bfe1fa78bc2e","hashSHA1":"e965e613468ba902ba4ac75627d7e02b0d833bd4","hashSHA256":"8cc6bf476eca46385ad91754e40e7a96b866addf7ed9c95f3d79c8d9629ea46c","digitalCertThumbprint":"FED74E482B3E0D2491092097DD4767599D2329DD","sourceIndex":"3170","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Update your PC Drivers\"","reference":"http://www.driver-installer.net/","landingPage":"http://www.driver-installer.net/","directDownloadingLink":"http://www.driver-installer.net/software/defencebyte_driver_updater.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.driver-installer.net/software/defencebyte_driver_updater.exe","sourceIndex":"3170"}],"sampleFiles":["190222/DefencebyteDriverUpdater-190219/1.4.0.0/Samples/defencebyte_driver_updater.exe","190222/DefencebyteDriverUpdater-190219/1.4.0.0/Samples/defencebyte Driver Fixer 1800 601 7631.exe"],"imageFiles":["190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-003/003.png","190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-004/004_1.png","190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-004/004.png","190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-004/004_2.png","190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-043/043.png","190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-168/call.png"],"nonDeceptorImageFiles":["190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-002/003.png","190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-002/002.png","190222/DefencebyteDriverUpdater-190219/1.4.0.0/Images/ACR-120/offer.png"],"guid":"c6e4c7ff-75ca-4469-a855-5fc16c7c703b_1.4.0.0_1","appID":"DefencebyteDriverUpdater-190219","dateAdded":"190222","deceptorType":"App","name":"Defencebyte Driver Updater","company":"Defencebyte Pty Ltd","version":"1.4.0.0","sigName":"Deceptor:Win32/DefencebyteDriverUpdater!003004043168","lastKnownStatus":"Deceptor:1.4.0.0","lastKnownDate":"190222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-22T18:13:36.5290347+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2283},{"violations":{"CCR-017":" Call made on 190208 at 3:40PM Eastern Time (US):\n\nViolation 1:  (Screenshot A) At 5:08 into the session after opening MsConfig, agent says, \"A lot of services are being stopped, can you see that?  Most of the drivers are not working sir which are provided to you by the Mircosoft Corporation.\"  [Deceptive Violation:  A driver being stopped doesn't mean there always something wrong with a computer]\n\nViolation 2:  (Screenshot B) at 8:09 into the session the agent says after opening Event Viewer, \"So these are the infections which are running in the background of your computer.\"  I ask, \"These are infections?\" Agent replies, \"Exactly sir.\"  [Deceptive Violation:  The event viewer does not list infections on a computer.]\n\nViolation 3: (Screenshot C)  At 9:10 into the session, agent open CMD and runs NetStat command.  Agent says, \"Let me run a network security scan to find out if everything is secure or not.  Sir I can see that there are some foreign people established on your network.  Can you see that?\"  I reply, \"Yes.\"  [Deceptive Violation:  Netstat displays protocol statistics and current TCP/IP network connections.  Not what agent is claiming]\n\nViolation 4:  (Screenshot D)  At 10:45 into the session, agent opens CMD and runs 'manage-bde -status'.  Agent says, \"Let me find out the status of your protection.  The protection is off on your computer.  Can you see that?  The lock status is totally unlocked.  So these are the foreign people trying to connect to you.\"  [Deceptive violation:    The 'manage -bde' command gives you information about all the drives on the computer and whether or not they are bitlocker-protected]\n","CCR-022":" Call made on 190208 at 3:40PM Eastern Time (US):\n\nViolation 1:  (Screenshot A) At 5:08 into the session after opening MsConfig, agent says, \"A lot of services are being stopped, can you see that?  Most of the drivers are not working sir which are provided to you by the Mircosoft Corporation.\"  [Self Diagnosis Violation]\n\nViolation 2:  (Screenshot B) at 8:09 into the session the agent says after opening Event Viewer, \"So these are the infections which are running in the background of your computer.\"  I ask, \"These are infections?\" Agent replies, \"Exactly sir.\"  [Self Diagnosis Violation]\n\nViolation 3: (Screenshot C)  At 9:10 into the session, agent open CMD and runs NetStat command.  Agent says, \"Let me run a network security scan to find out if everything is secure or not.  Sir I can see that there are some foreign people established on your network.  Can you see that?\"  I reply, \"Yes.\"  [Self Diagnosis Violation]\n\nViolation 4:  (Screenshot D)  At 10:45 into the session, agent opens CMD and runs 'manage-bde -status'.  Agent says, \"Let me find out the status of your protection.  The protection is off on your computer.  Can you see that?  The lock status is totally unlocked.  So these are the foreign people trying to connect to you.\"  [Self Diagnosis Violation]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.callcenter","reference":"Examining Smart Sys Care software","landingPage":"http://easynetexperts.com/plans.html","ipv4":"","ipv6":"","landingPageWildChar":"http://easynetexperts.com/*","sourceIndex":"3172"}],"sampleFiles":[],"imageFiles":["190222/easynetexperts-190208/190208/Images/CCR-017/A.JPG","190222/easynetexperts-190208/190208/Images/CCR-017/B.JPG","190222/easynetexperts-190208/190208/Images/CCR-017/C.JPG","190222/easynetexperts-190208/190208/Images/CCR-017/D.JPG","190222/easynetexperts-190208/190208/Images/CCR-022/A.JPG","190222/easynetexperts-190208/190208/Images/CCR-022/B.JPG","190222/easynetexperts-190208/190208/Images/CCR-022/C.JPG","190222/easynetexperts-190208/190208/Images/CCR-022/D.JPG"],"nonDeceptorImageFiles":[],"guid":"9692c659-2740-474f-b3e6-66202f92e881_190208_1","appID":"easynetexperts-190208","dateAdded":"190222","deceptorType":"Call Center","name":"easynetexperts.com","company":"Easy Net Experts","version":"190208","sigName":"Deceptor:CallCenter/easynetexperts.com!019022","lastKnownStatus":"Deceptor:190222","lastKnownDate":"190222","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","lastUpdate":"2019-02-22T17:32:52.1862136+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2282},{"violations":{"ACR-003":"The application uses the color red to raise urgency for non-urgent issues thereby misleading or scaring the consumer to take action.\n","ACR-004":"App shows free scan results and upsells to a subscription service, but does not offer any way for the consumer to get free fixes for results shown. App uses the color red to raise a sense of urgency for registry issues.\n"},"nonDeceptorViolations":{"ACR-065":"The Internal Offers Page has no links to the EULA or the Returns and Cancellations Policy.\nThe Landing Page has no links to the EULA or the Returns and Cancellations Policy.\nThe install wizard has no link to the privacy policy information.\nThe application has no links to the EULA, Terms of Service, Returns and Cancellation Policy or the Privacy Policy.\n","ACR-161":"The Internal Offers Page has a link to testimonials but no links to verify if they are real.\nThe Landing page a link to testimonials but no links to verify if they are real.\n","ACR-099":"The internal offer shopping cart webpage has no link to uninstall information.\nThe landing page has no link to uninstall information.\nThe application has no link to uninstall information.\n","ACR-171":"The internal offer shopping cart page has an option pre-selected for a license extension from 1 to 3 years.\n","ACR-017":"The landing page places the misleading trust marks and leads user into taking purchasing action based on the misleading information from those marks.\n"},"samples":[{"isRevoked":"False","fileName":"PCFixKit.exe","companyName":"PCFixKit.com","fileVersion":"2.1","hashMD5":"ad4198a3d3660cf3a553cef843d816b3","hashSHA1":"af181116e01e7754e9dcb1b2c225f64dcc9a68e6","hashSHA256":"39df3b6b25bf37749a91a5883e479e4ab0503743944afd6e963f39d8662a1a31","digitalCertThumbprint":"FAA911EF63AEE0956A0AD891F4F536493E2EFB6C","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Guangxi Nanning Shang Yuan Info Tech Ltd, O=Guangxi Nanning Shang Yuan Info Tech Ltd, L=Nanning, C=CN","sourceIndex":"3169","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCFixKit_Setup.exe","isInstaller":"True","companyName":"www.PCFixKit.com                                            ","fileVersion":"0.0","hashMD5":"0fe986d9b237842696599a5f0118f2f2","hashSHA1":"8f4f597a0b285da314ebbe75a9683265fc63f866","hashSHA256":"216444632293ff7abc1e7008b48d2c12198809f67274cd30ee34b898e444df87","digitalCertThumbprint":"FAA911EF63AEE0956A0AD891F4F536493E2EFB6C","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Guangxi Nanning Shang Yuan Info Tech Ltd, O=Guangxi Nanning Shang Yuan Info Tech Ltd, L=Nanning, C=CN","sourceIndex":"3169","avBlockList":["Avira Internet Security (20190520)","ESET Internet Security (20190520)","G DATA INTERNET SECURITY (20190520)","K7 Total Security (20190520)","Kaspersky Internet Security (20190520)","Malwarebytes Premium (20190520)","McAfee Total Protection (20190520)","Panda Dome (20190520)","Sophos Home Premium (20190520)","Trend Micro Internet Security (20190520)","VirIT eXplorer PRO (20190520)","Webroot SecureAnywhere (20190520)","Windows Defender (20190520)","360 Total Security (20190520)","COMODO Antivirus (20190520)","Dr.Web Security Space (20190520)","Quick Heal Internet Security (20190520)","SpyHunter5 (20190422)"],"avAllowList":["Avast Internet Security (20190520)","AVG Internet Security (20190520)","Bitdefender Internet Security (20190520)","Norton Security (20190520)","F-PROT Antivirus for Windows (20190422)","Tencent PC Manager (20190520)","VIPRE Advanced Security (20190520)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.top4download.com","landingPage":"http://www.pcfixkit.com/","directDownloadingLink":"http://www.pcfixkit.com/PCFixKit_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcfixkit.com/PCFixKit_Setup.exe","sourceIndex":"3169"}],"sampleFiles":["190222/PCFixKit-171010/2.1.7.96/Samples/PCFixKit.exe","190222/PCFixKit-171010/2.1.7.96/Samples/PCFixKit_Setup.exe"],"imageFiles":["190222/PCFixKit-171010/2.1.7.96/Images/ACR-003/PCFixKit Status.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-004/PCFixKit Internal Offers Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-004/PCFixKit Not a Registered Copy.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-004/PCFixKit Register Your Software.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-004/PCFixKit Scan Results.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-004/PCFixKit Status.png"],"nonDeceptorImageFiles":["190222/PCFixKit-171010/2.1.7.96/Images/ACR-161/PCFixKit Testimonials.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-161/PCFixKit Bottom of Internal Offers Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-171/PCFixKit Internal Offers Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-065/PCFixKit Bottom of Internal Offers Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-099/PCFixKit Internal Offers Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-017/PCFixKit Bottom of Landing Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-161/PCFixKit Bottom of Landing Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-161/PCFixKit Testimonials.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-065/PCFixKit Bottom of Landing Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-099/PCFixKit Landing Page.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-065/PCFixKit First Page of Install.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-065/PCFixKit Options.png","190222/PCFixKit-171010/2.1.7.96/Images/ACR-099/PCFixKit Options.png"],"guid":"fd462218-aa5f-40fd-9ecc-aa87b0a97690_2.1.7.96_1","appID":"PCFixKit-171010","dateAdded":"190222","deceptorType":"App","name":"PCFixKit","company":"PCFixKit.com.","version":"2.1.7.96","sigName":"Deceptor:Win32/PCFixKit!003004","firstResolvedVersion":"","lastKnownStatus":"Deceptor: 2.1.7.96","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2281},{"violations":{"ACR-003":"The application uses the color 'Red' to increase urgency for non-urgent \"issues\" and it uses the words 'Error(s) and Problems' to raise urgency, thereby misleading or scaring the consumer to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to the privacy policy information.\nThe application has no link to the privacy policy information.\n","ACR-161":"The Landing page has customer reviews but no links to verify if they are real reviews.\n","ACR-092":"The installed application has different publisher name that what is in the signer information.\n","ACR-099":"The internal offer shopping cart webpage has no link to uninstall information.\nThe landing page has no link to uninstall information.\nThe application has no link to uninstall information.\n","ACR-171":"The internal offer shopping cart page has an option pre-selected for a license extension from 1 to 3 years.\n","ACR-017":"The landing page places the misleading trust marks and leads user into taking purchasing action based on the misleading information from those marks.\n"},"samples":[{"isRevoked":"False","fileName":"pcfixkitsetup.exe","isInstaller":"True","companyName":"www.PCFixKit.com                                            ","fileVersion":"0.0","hashMD5":"394c6df7527abfa939cb789b2081e22f","hashSHA1":"ace73b27445928c3bddcde1aaa2f66784b764332","hashSHA256":"1c50888cbe02d2c6e0b58f41abbbc9fd1fc891d6bc657d151235a48a63a6e4c5","digitalCertThumbprint":"81FEDC43201385C777E45D498F5C1E8792FFDA85","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SumYum Info Tech Co.,Ltd.\", O=\"SumYum Info Tech Co.,Ltd.\", STREET=\"Nanning Ming Xiu Road, No. 122 City Brist\", L=Nanning, S=Guangxi, PostalCode=530000, C=CN","sourceIndex":"3131","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.top4download.com","landingPage":"http://www.pcfixkit.com/","directDownloadingLink":"http://www.pcfixkit.com/PCFixKit_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcfixkit.com/PCFixKit_Setup.exe","sourceIndex":"3131"}],"sampleFiles":["190222/PCFixKit-171010/2.1/Samples/pcfixkitsetup.exe"],"imageFiles":["190222/PCFixKit-171010/2.1/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","190222/PCFixKit-171010/2.1/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["190222/PCFixKit-171010/2.1/Images/ACR-171/ACR-171_INTERNAL_OFFERS.PNG","190222/PCFixKit-171010/2.1/Images/ACR-017/ACR-017_LANDING_PAGE.PNG","190222/PCFixKit-171010/2.1/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","190222/PCFixKit-171010/2.1/Images/ACR-065/ACR-065_INSTALL.PNG","190222/PCFixKit-171010/2.1/Images/ACR-092/ACR-092_SOFTWARE.PNG"],"guid":"fd462218-aa5f-40fd-9ecc-aa87b0a97690_2.1_1","appID":"PCFixKit-171010","dateAdded":"190222","deceptorType":"App","name":"PCFixKit","company":"PCFixKit.com.","version":"2.1","sigName":"Deceptor:Win32/PCFixKit!003","firstResolvedVersion":"","lastKnownStatus":"Deceptor: 2.1.7.96","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2280},{"violations":{"ACR-004":"In the application's \"registry cleaner\" function, the app does not fix all free scan results shown, yet upsells to an ongoing subscription service. App does not substantiate free scan results with details.\n","ACR-014":"The app's registry cleaner function provides no substantiation nor details for the issues shown after scan. Additionally, the app claims to fix ten of the invalid registries, yet does not let the user know which ones were fixed. \n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to webpage that shows the EULA and privacy policy information.\nThe application's landing page has no link to webpage that shows the EULA and privacy policy information.\nThe application has no link to webpage that shows the EULA and privacy policy information.\n","ACR-035":"The name of the software is mentioned nowhere in the installer's integrated license agreement. \n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"RegOpt.exe","companyName":"X.M.Y International, LLC","fileVersion":"5.6","hashMD5":"aee342f036247d1be5a6f4f7f489170e","hashSHA1":"6542e7b20e687305156b3ecf233d819f1d462f48","hashSHA256":"d06f6cd11cd4dce1ad125750c644c31926d16d0201d0360b8b7c64ae7362610e","digitalCertThumbprint":"C0121AB2095E9721EEF2451AB7E9E108652B09D3","digitalCertIssuer":"CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN","digitalCertIssuedTo":"CN=Sunny Network Tech LTD., E=support@sunnydigits.com, O=Sunny Network Tech LTD., L=Beijing, S=Beijing, C=CN","sourceIndex":"2894","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinASO_RO_v5.6.1.exe","isInstaller":"True","companyName":"X.M.Y International LLC                                     ","fileVersion":"0.0","hashMD5":"db6e370ac5d1d59797723468607fbfd3","hashSHA1":"9a058a2a0a369fc57e5e5a8fc758ea7a1a789e0e","hashSHA256":"79f8c5ff314e3ee2f378025e6149bc3b5bf9721d93ae8e5c15793db8b62bafce","digitalCertThumbprint":"C0121AB2095E9721EEF2451AB7E9E108652B09D3","digitalCertIssuer":"CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN","digitalCertIssuedTo":"CN=Sunny Network Tech LTD., E=support@sunnydigits.com, O=Sunny Network Tech LTD., L=Beijing, S=Beijing, C=CN","sourceIndex":"2894","avBlockList":["Avira Internet Security (20190520)","K7 Total Security (20190520)","Kaspersky Internet Security (20190520)","Malwarebytes Premium (20190520)","McAfee Total Protection (20190520)","Norton Security (20190520)","Panda Dome (20190520)","Sophos Home Premium (20190520)","Trend Micro Internet Security (20190520)","VirIT eXplorer PRO (20190520)","Webroot SecureAnywhere (20190520)","Windows Defender (20190520)","Quick Heal Internet Security (20190520)","SpyHunter5 (20190422)"],"avAllowList":["Avast Internet Security (20190520)","AVG Internet Security (20190520)","Bitdefender Internet Security (20190520)","ESET Internet Security (20190520)","G DATA INTERNET SECURITY (20190520)","360 Total Security (20190520)","COMODO Antivirus (20190520)","Dr.Web Security Space (20190520)","F-PROT Antivirus for Windows (20190422)","Tencent PC Manager (20190520)","VIPRE Advanced Security (20190520)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"fastchecklist","landingPage":"https://www.winaso.com/registry_optimizer/","directDownloadingLink":"https://www.winaso.com/setup/WinASO_RO_v5.4.0.1.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.winaso.com/setup/WinASO_RO_v5.4.0.1.exe","sourceIndex":"2894"}],"sampleFiles":["190222/WinASORegistryOptimizer-171031/5.6.1/Samples/RegOpt.exe","190222/WinASORegistryOptimizer-171031/5.6.1/Samples/WinASO_RO_v5.6.1.exe"],"imageFiles":["190222/WinASORegistryOptimizer-171031/5.6.1/Images/ACR-014/winaso1.PNG","190222/WinASORegistryOptimizer-171031/5.6.1/Images/ACR-004/winaso1.PNG"],"nonDeceptorImageFiles":["190222/WinASORegistryOptimizer-171031/5.6.1/Images/ACR-035/winaso2.PNG"],"guid":"6fa49ba4-abc3-4284-8729-b10ae7e745b0_5.6.1_1","appID":"WinASORegistryOptimizer-171031","dateAdded":"190222","deceptorType":"App","name":"WinASO Registry Optimizer","company":"X.M.Y. International LLC.","version":"5.6.1","sigName":"Deceptor:Win32/WinASORegistryOptimizer!004014","lastKnownStatus":"Deceptor:5.6.1","lastKnownDate":"190222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-08-13T22:11:26.8805467+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2279},{"violations":{"ACR-048":"During the install process, the install removes the X button so the user is not able to cancel the install process.\n","ACR-004":"App does not provide free fixes for the scan results and provides an exaggerated sense of urgency with alarming colors.\n","ACR-017":"App uses an unverifiable \"Norton Secure\" certification and uses the McAfee certification of another website.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. Even after disabling schedule scans within the app the schedules still remains in windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"The internal offers page does not contain the Terms of Service, Returns and Cancellation Policy, or Privacy Policy.\nThe install does not contain a link to the Returns and Cancellation Policy.\nSoftware does not contain links to their Returns and Cancellations Policy or their Privacy Policy.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"PCActivator_setup.exe","isInstaller":"True","companyName":"AB eCommerce","productName":"PCActivator","productVersion":"1.11.0.6","fileVersion":"1.11.0.6","hashMD5":"36958597bd66dc3f647d33232d77d11e","hashSHA1":"a176481e76e84542cc8d573e561f489a8555042f","hashSHA256":"f66480ca2a0b8b9acb443fc2acb458305975822d09a1448e79738b5d010f8b51","digitalCertThumbprint":"1AA87305E47E854B66772332694D5B54178B407E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB eCommerce Inc, O=AB eCommerce Inc, STREET=3223-B chemin d'oka, L=Ste-Marthe-Sur-Le-Lac, S=Quebec, PostalCode=j0n1p0, C=CA","sourceIndex":"3174","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCActivator.exe","companyName":"AB eCommerce","productName":"PCActivator","productVersion":"1.11.0.6","fileVersion":"1.11.0.6","hashMD5":"94e036fbbd75d6d0e3dfd854dd7e2ff8","hashSHA1":"b86a4610a3af62b13a59df1023a58543805f4238","hashSHA256":"d705da13e432f10ba60976c0f9fb09c7873505d4e33ce445c7e830de2e9aff37","digitalCertThumbprint":"1AA87305E47E854B66772332694D5B54178B407E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB eCommerce Inc, O=AB eCommerce Inc, STREET=3223-B chemin d'oka, L=Ste-Marthe-Sur-Le-Lac, S=Quebec, PostalCode=j0n1p0, C=CA","sourceIndex":"3174","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Optimizer Ads in Softonics","landingPage":"http://www.pcactivator.com/fix/errors.php?error=Computer&gclid=CPzslLaYxdMCFRBEfgod_60FLA","directDownloadingLink":"http://www.pcactivator.com/fix/errors.php?error=Computer&gclid=COHr3eyXxdMCFRVufgodX7QF4Q","ipv4":"52.72.130.228","directDownloadingLinkWildChar":"http://www.pcactivator.com/fix/errors.php?error=Computer&gclid=COHr3eyXxdMCFRVufgodX7QF4Q","sourceIndex":"3174"},{"howFound":"Hunt.Advertising","reference":"Optimizer Ads in Softonics","landingPage":"http://www.pcactivator.com/","directDownloadingLink":"http://www.pcactivator.com/download/PCActivator.exe","ipv4":"52.72.130.228","sourceIndex":"3175"}],"sampleFiles":["190219/D-PCActivator-00044/1.11.0.6/Samples/PCActivator_setup.exe","190219/D-PCActivator-00044/1.11.0.6/Samples/pcactivator.exe"],"imageFiles":["190219/D-PCActivator-00044/1.11.0.6/Images/ACR-017/PCActivator Fake McAfee Certification.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-017/PCActivator Internal Offers Page.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-017/PCActivator Unverifiable Norton Secure Certification.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-048/PCActivator No X Button.gif","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-084/PCActivator Task Scheduler.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-004/PCActivator Preparing to Fix Issues.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-004/PCActivator Register Now.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-004/PCActivator Scan Results.png"],"nonDeceptorImageFiles":["190219/D-PCActivator-00044/1.11.0.6/Images/ACR-065/PCActivator Internal Offers Page.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-065/PCActivator First Page of Install.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-065/PCActivator About Page.png","190219/D-PCActivator-00044/1.11.0.6/Images/ACR-099/PCActivator About Page.png"],"guid":"5107810e-3c27-4fd8-8f66-8d2242f27662_1.11.0.6_1","appID":"D-PCActivator-00044","dateAdded":"190219","deceptorType":"App","name":"PCActivator","company":"AB eCommerce Inc","version":"1.11.0.6","sigName":"Deceptor:Win32/PCActivator!004084048017","firstVendorContactDate":"190221","firstAppEsteemReplyDate":"190221","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.11.0.6","lastKnownDate":"190221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-21T21:00:10.5913197+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2284},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PCActivator.exe","isInstaller":"True","companyName":"AB eCommerce Inc","productName":"PCActivator","productVersion":"1.6.0.1","fileVersion":"1.6.0.1","hashMD5":"9377734b42937bc1754a9cdd8fd959e9","hashSHA1":"8727b08c825c8310664cdd547cdabec06861a768","hashSHA256":"c65c615a56e74860d96d731f08514274955826d70245d6b513e63ee3a1bd0c99","digitalCertThumbprint":"1aa87305e47e854b66772332694d5b54178b407e","sourceIndex":"3177","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Optimizer Ads in Softonics","landingPage":"http://www.pcactivator.com/","directDownloadingLink":"https://pcactivator.com/download/PCActivator.exe","ipv4":"52.72.130.228","directDownloadingLinkWildChar":"https://pcactivator.com/download/PCActivator.exe","sourceIndex":"3177"},{"howFound":"Hunt.Advertising","reference":"Optimizer Ads in Softonics","landingPage":"http://www.pcactivator.com/fix/errors.php?error=Computer&gclid=CPzslLaYxdMCFRBEfgod_60FLA","directDownloadingLink":"http://www.pcactivator.com/fix/errors.php?error=Computer&gclid=COHr3eyXxdMCFRVufgodX7QF4Q","ipv4":"52.72.130.228","ipv6":"","sourceIndex":"3178"}],"sampleFiles":[],"imageFiles":["190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/ExaggeratedIssues1.JPG","190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/ExaggeratedIssues2.JPG","190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/ExaggeratedIssues3.JPG","190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/ExaggeratedIssuesAndSystemHealth.JPG","190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/RaiseUrgencyWithExaggeratedIssues.JPG"],"nonDeceptorImageFiles":["190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/ExaggeratedIssues1.JPG","190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/ExaggeratedIssues2.JPG","190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/ExaggeratedIssues3.JPG","190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/ExaggeratedIssuesAndSystemHealth.JPG","190219/D-PCActivator-00044/1.6.0.6/Images/ACR-003/RaiseUrgencyWithExaggeratedIssues.JPG"],"guid":"5107810e-3c27-4fd8-8f66-8d2242f27662_1.6.0.6_1","appID":"D-PCActivator-00044","dateAdded":"190219","deceptorType":"App","name":"PCActivator","company":"AB eCommerce Inc","version":"1.6.0.6","sigName":"Deceptor:Win32/PCActivator!003","firstVendorContactDate":"190221","firstAppEsteemReplyDate":"190221","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.11.0.6","lastKnownDate":"190221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-21T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2285},{"violations":{"ACR-003":"App exaggerates the state of system health with alarming colors and gauges for non-alarming categories. App does not substantiate claims made in notification popups.\n","ACR-004":"App upsells to a subscription service, but does not provide free fixes for the free scan results shown. App exaggerates free scan results with alarming colors and uses gauges to describe \"improvement potential\".\n","ACR-084":"App does not provide a way to disable the auto-launch of the app\n","ACR-168":"App shows call center phone numbers but does not disclose that additional offers may be given to the consumer.\n","ACR-118":"App retains all executables and auto-launch after uninstallation.\n","ACR-014":"App claims non-critical items like languages, caches, and logs have alarmingly \"high\" improvement potential.\n","ACR-124":"During uninstall, app adds friction by offering a free activiation via a popup.\n"},"nonDeceptorViolations":{"ACR-038":"App installs to two install directories: one that does not refer to the product name.\n","ACR-040":"App installs part of the app in non-standard directory (mt)\n","ACR-163":"App does not show non-one-to-one interactive methods for obtaining support or activating software.\n","ACR-171":"App does not pre-disclose that it has recurring payments. App does not pre-disclose an additional offer, and automatically includes it in the shopping cart.\n"},"samples":[{"isRevoked":"False","fileName":"hlprmt","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"71d64a99c8bab4f0de1dc8fef679168aaabfe80bb09e5fa28b6b50972c443f31","sourceIndex":"2568","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mt_mtwsite.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"1e9cef8cbca647f17e6530da005f33af4e430abcb27265fb75b538401a8fe9cc","sourceIndex":"2568","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"hazel ref.","landingPage":"http://mactweaker.com/","directDownloadingLink":"http://cdn.mactweaker.com/mtw/builds/mt_mtwsite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.mactweaker.com/mtw/builds/mt_mtwsite.pkg","sourceIndex":"2568"}],"sampleFiles":["190215/MacTweaker-190215/1.0.0/Samples/hlprmt","190215/MacTweaker-190215/1.0.0/Samples/mt_mtwsite.pkg"],"imageFiles":["190215/MacTweaker-190215/1.0.0/Images/ACR-003/acr-003 004 014 unsubstantiated popup.png","190215/MacTweaker-190215/1.0.0/Images/ACR-003/acr-003 004 014 language exaggerated results.png","190215/MacTweaker-190215/1.0.0/Images/ACR-003/acr-003 004 014 exaggerated results.png","190215/MacTweaker-190215/1.0.0/Images/ACR-014/acr-003 004 014 exaggerated results.png","190215/MacTweaker-190215/1.0.0/Images/ACR-014/acr-003 004 014 language exaggerated results.png","190215/MacTweaker-190215/1.0.0/Images/ACR-004/acr-003 004 014 exaggerated results.png","190215/MacTweaker-190215/1.0.0/Images/ACR-004/acr-003 004 014 language exaggerated results.png","190215/MacTweaker-190215/1.0.0/Images/ACR-004/acr-004 no free fixes with the free scan.png","190215/MacTweaker-190215/1.0.0/Images/ACR-004/acr-171 late disclosure of recurring and not opt-out for added sticky password.png","190215/MacTweaker-190215/1.0.0/Images/ACR-084/acr-084 no control for auto launch.png","190215/MacTweaker-190215/1.0.0/Images/ACR-084/acr-084 launch with no control.png","190215/MacTweaker-190215/1.0.0/Images/ACR-168/acr-168 no statement on offers will be made.png","190215/MacTweaker-190215/1.0.0/Images/ACR-168/acr-168 124 call center no disclaimer and uninstall friction.gif","190215/MacTweaker-190215/1.0.0/Images/ACR-118/acr-118 retains files.gif","190215/MacTweaker-190215/1.0.0/Images/ACR-124/acr-168 124 call center no disclaimer and uninstall friction.gif"],"nonDeceptorImageFiles":["190215/MacTweaker-190215/1.0.0/Images/ACR-038/non standard install location - mt.png","190215/MacTweaker-190215/1.0.0/Images/ACR-040/non standard install location - mt.png","190215/MacTweaker-190215/1.0.0/Images/ACR-163/acr-168 no statement on offers will be made.png","190215/MacTweaker-190215/1.0.0/Images/ACR-163/acr-168 124 call center no disclaimer and uninstall friction.gif","190215/MacTweaker-190215/1.0.0/Images/ACR-171/acr-171 no pre disclosure of recurring charges.png","190215/MacTweaker-190215/1.0.0/Images/ACR-171/acr-171 late disclosure of recurring and not opt-out for added sticky password.png"],"guid":"595fae72-1c3c-4e7e-ae7f-a85fc6f24b3b_1.0.0_1","appID":"MacTweaker-190215","dateAdded":"190215","deceptorType":"MacOS App","name":"Mac Tweaker","company":"PCVARK software Private Limited","version":"1.0.0","sigName":"Deceptor:MacOS/MacTweaker!003004014084118124168","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"200203","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-02-04T00:24:35.4781891+00:00","notDistributed":true,"familyName":"macoptimizer-macopt-arkin","numInFamily":1,"numInAppID":1,"sortOrder":2291},{"violations":{"ACR-059":"App makes an additional offer that is not as an offer.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"FoxitReader901_US_Setup_Prom.exe","isInstaller":"True","companyName":"n/a","productName":"Foxit Reader Setup","productVersion":"n/a","fileVersion":"1.7.0.0","hashMD5":"e0399aebf13e35bbb2f499d12a82f4ea","hashSHA1":"78d74546d0c3bebff8d1db393745826df8d622a4","hashSHA256":"b3997922b49f7f9aca4c411717d459337b962243c5675ff8159f0d5cc6185441","digitalCertThumbprint":"AD6164B446F23806866D9FDF2086BACCA5E32DF1","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Foxit Software Incorporated, O=Foxit Software Incorporated, L=Fremont, S=California, C=US","sourceIndex":"3181","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FoxitReader901_enu_Setup_Prom.exe","isInstaller":"True","companyName":"Foxit Software Inc.                                         ","fileVersion":"9.0","hashMD5":"1040d634123948886f664afc95ec0a5e","hashSHA1":"e3bf26617594014f4af2ef2b72b4a86060ec229f","hashSHA256":"8130970e6976a953e98f89fcf24783b67d1080f84b961ac2c1cee2051673ff9a","digitalCertThumbprint":"AD6164B446F23806866D9FDF2086BACCA5E32DF1","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Foxit Software Incorporated, O=Foxit Software Incorporated, L=Fremont, S=California, C=US","sourceIndex":"3181","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"External report","reference":"","landingPage":"https://www.foxitsoftware.com/pdf-reader/","ipv4":"","ipv6":"","sourceIndex":"3181"}],"sampleFiles":["190215/FoxitReader-180327/1.7.0.0/Samples/FoxitReader901_US_Setup_Prom.exe","190215/FoxitReader-180327/1.7.0.0/Samples/FoxitReader901_enu_Setup_Prom.exe"],"imageFiles":["190215/FoxitReader-180327/1.7.0.0/Images/ACR-059/inline_offer.PNG","190215/FoxitReader-180327/1.7.0.0/Images/ACR-059/inline_offer_2.PNG","190215/FoxitReader-180327/1.7.0.0/Images/ACR-059/Foxit901.png"],"nonDeceptorImageFiles":["190215/FoxitReader-180327/1.7.0.0/Images/ACR-099/acr_099_S.PNG","190215/FoxitReader-180327/1.7.0.0/Images/ACR-099/acr_099_LP.PNG","190215/FoxitReader-180327/1.7.0.0/Images/ACR-099/acr_099_IO.PNG"],"guid":"5ddcff2c-ad21-4b5a-a383-ab1809f5520c_1.7.0.0_1","appID":"FoxitReader-180327","dateAdded":"190215","deceptorType":"Bundler","name":"FoxitReader Bundler","company":"Foxit Software Incorporated","version":"1.7.0.0","sigName":"Deceptor:Win32/FoxitReader!059","firstResolvedDate":"190606","firstResolvedVersion":"9.5.0.20725","resolved":"TRUE","lastKnownStatus":"Deceptor:1.7.0.0,9.0,190215","lastKnownDate":"190215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2019-06-06T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2290},{"violations":{"ACR-003":"App exaggerates system health with red graphs of high improvement potential.\n","ACR-004":"App shows free scan results and upsells to a subscription service, but does not offer any way for the consumer to get free fixes for results shown. App uses gauges and alarming colors to highlight improvement potential for its free scan results.\n","ACR-084":"App sets auto-launch, but provides the consumer no way to turn it off.\n","ACR-097":"App hides its own behavior by not showing itself in uninstall results and startup results.\n","ACR-014":"App misleads the consumer by claiming that cleaning caches and removing languages have a \"high\" improvement potential.\n"},"nonDeceptorViolations":{"ACR-171":"App does not predisclose recurring charges, and then makes them opt-out on final shopping cart page.\n"},"samples":[{"isRevoked":"False","fileName":"MacOptimizer","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"7fe2cd88cf5573b74c9d7878594979e496a030658663b7e185e8dfa08fa8f695","sourceIndex":"3032","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mo_site.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"8f4bb31a6b0ad066c815c153dcdd3e9ffe64aa327f894199eac19f968c1142ef","sourceIndex":"3032","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"hazel ref.","landingPage":"http://www.optimizeyourmac.com","directDownloadingLink":"http://cdn.optimizeyourmac.com/mopt/builds/mo_site.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.optimizeyourmac.com/mopt/builds/mo_site.pkg","sourceIndex":"3032"}],"sampleFiles":["190215/MacOptimizer-190214/1.6.0/Samples/MacOptimizer","190215/MacOptimizer-190214/1.6.0/Samples/mo_site.pkg"],"imageFiles":["190215/MacOptimizer-190214/1.6.0/Images/ACR-003/acr-003 004 014 exaggerated free scan results.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-003/acr-003 014 004 claiming high potential using gauges.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-014/acr-003 004 014 exaggerated free scan results.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-014/acr-003 014 004 claiming high potential using gauges.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-004/acr-003 004 014 exaggerated free scan results.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-004/acr-003 014 004 claiming high potential using gauges.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-004/acr-071 004 late disclosure of recurring payments.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-084/acr-084 no control for auto launch.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-084/acr-097 084 launched at startup but no control.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-097/acr-097 not showing itself on startup.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-097/acr-097 not showing itself in uninstall.png"],"nonDeceptorImageFiles":["190215/MacOptimizer-190214/1.6.0/Images/ACR-171/acr-171 no predisclosure of recurring payment.png","190215/MacOptimizer-190214/1.6.0/Images/ACR-171/acr-171 004 late disclosure of recurring payments.png"],"guid":"b29de4d1-5b46-4feb-893b-d970b8b2b986_1.6.0_1","appID":"MacOptimizer-190214","dateAdded":"190215","deceptorType":"MacOS App","name":"Mac Optimizer","company":"TechyUtils Software Private Limited","version":"1.6.0","sigName":"Deceptor:MacOS/MacOptimizer!003004014084097","lastKnownStatus":"Deceptor:1.6.0","lastKnownDate":"190606","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T20:53:31.3003062+00:00","notDistributed":true,"familyName":"macoptimize-macopt-arkin","numInFamily":1,"numInAppID":1,"sortOrder":2292},{"violations":{"ACR-005":"The application mimics the system toolbar and displays a non-attributed search in this area.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Smart-Package-Tracker_v2.7.3.35 (1).crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"46265d7f86fcd6c724c7398bce2e932d5880de92f2c71ffe69ac5f6234c57f32","sourceIndex":"3217","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.smartpackagetracker.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/smart-package-tracker/iilbncphejgkekfiendcbbfheaifognd","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/smart-package-tracker/iilbncphejgkekfiendcbbfheaifognd","sourceIndex":"3217"}],"sampleFiles":["190125/SmartPackageTracker-180704/2.7.3.35/Samples/Smart-Package-Tracker_v2.7.3.35 (1).crx"],"imageFiles":["190125/SmartPackageTracker-180704/2.7.3.35/Images/ACR-005/acr_005.PNG"],"nonDeceptorImageFiles":[],"guid":"81208e4e-1ef9-4e0d-9109-f90e98bdb88c_2.7.3.35_1","appID":"SmartPackageTracker-180704","dateAdded":"190215","deceptorType":"Chrome Extension","name":"SmartPackageTracker","company":"www.smartpackagetracker.com","version":"2.7.3.35","sigName":"Deceptor:CRX/SmartPackageTracker!005","lastKnownStatus":"Deceptor:2.7.3.35,2.8.17.22,2.8.20.55","lastKnownDate":"190215","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2019-02-15T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2288},{"violations":{"ACR-155":"App offers a second app that is inserted to masquerade as part of existing committed user workflow.\n"},"nonDeceptorViolations":{"ACR-045":"Does not disclose that default search will redirect to Yahoo and new tab page will be modified.\nDoes not explicitly disclose that default search will redirect to Yahoo and new tab page will be modified.\n","ACR-062":"Does not disclose that they modify the home page of browser.\n"},"samples":[{"isRevoked":"False","fileName":"Smart-Package-Tracker_v2.8.20.55.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"970ec69ddce036eaf918e360b16ceb452a2ae045277a3c8b8b55c98fb49e0324","sourceIndex":"3183","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HuntedAppList","reference":"","landingPage":"https://www.smartpackagetracker.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/smart-package-tracker/iilbncphejgkekfiendcbbfheaifognd","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/smart-package-tracker/iilbncphejgkekfiendcbbfheaifognd","sourceIndex":"3183"}],"sampleFiles":["190215/SmartPackageTracker-180704/2.8.20.55/Samples/Smart-Package-Tracker_v2.8.20.55.crx"],"imageFiles":["190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-155/ACR-155 Landing Page.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-155/ACR-155 Landing Page.gif"],"nonDeceptorImageFiles":["190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-045/Landing Page and Install.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-045/Landing Page and Install #2.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-045/Landing Page and Install #3.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-045/Landing Page.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-045/Landing Page #2.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-045/Landing Page #3.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-062/ACR-062 Landing Page.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-155/ACR-155 Landing Page.png","190215/SmartPackageTracker-180704/2.8.20.55/Images/ACR-155/ACR-155 Landing Page.gif"],"guid":"81208e4e-1ef9-4e0d-9109-f90e98bdb88c_2.8.20.55_1","appID":"SmartPackageTracker-180704","dateAdded":"190215","deceptorType":"Chrome Extension","name":"SmartPackageTracker","company":"www.smartpackagetracker.com","version":"2.8.20.55","sigName":"Deceptor:CRX/SmartPackageTracker!155","lastKnownStatus":"Deceptor:2.7.3.35,2.8.17.22,2.8.20.55","lastKnownDate":"190215","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2019-02-15T15:55:43.7473601+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2287},{"violations":{"ACR-109":"App auto-downloads a secondary install package when the consumer accepts the first offer.\n","ACR-155":"Consumer chose to download an app, and got an additional app downloaded as part of that flow. \n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-064":"Consumer accepted to download one, and received an additional download for a PDF reader.\n"},"samples":[{"isRevoked":"False","fileName":"FoxitReader941_Setup_Prom_IS.exe","isInstaller":"True","fileVersion":"9.4","hashMD5":"bfc10feecf8cc85a49296dafe62ae1b0","hashSHA1":"1b53fd66a2342e83b125b1eabe1f4bc625f24565","hashSHA256":"02260716eefd5c1ed0767542bf6ad640a7c176449d04515f7bdaf05cdef3eb5c","digitalCertThumbprint":"AD6164B446F23806866D9FDF2086BACCA5E32DF1","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Foxit Software Incorporated, O=Foxit Software Incorporated, L=Fremont, S=California, C=US","sourceIndex":"3033","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FoxitReader.exe","companyName":"Foxit Software Inc.","fileVersion":"9.4","hashMD5":"9315c8da90f6a97c7372d1ff38f20bf5","hashSHA1":"8b49c5e3ba05840466beed5b0ed473f8ec9902c3","hashSHA256":"ed132ea900d3be4308d91e0efb2a118ed1936b9da1618ffb5f1990db63554529","digitalCertThumbprint":"AD6164B446F23806866D9FDF2086BACCA5E32DF1","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Foxit Software Incorporated, O=Foxit Software Incorporated, L=Fremont, S=California, C=US","sourceIndex":"3033","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"External report","reference":"","landingPage":"https://www.foxitsoftware.com/pdf-reader/","ipv4":"","ipv6":"","sourceIndex":"3033"}],"sampleFiles":["190215/FoxitReader-180327/9.4.1.16828/Samples/FoxitReader941_Setup_Prom_IS.exe","190215/FoxitReader-180327/9.4.1.16828/Samples/FoxitReader.exe"],"imageFiles":["190215/FoxitReader-180327/9.4.1.16828/Images/ACR-109/Video1.mp4","190215/FoxitReader-180327/9.4.1.16828/Images/ACR-155/Video1.mp4"],"nonDeceptorImageFiles":["190215/FoxitReader-180327/9.4.1.16828/Images/ACR-099/Capture4.png","190215/FoxitReader-180327/9.4.1.16828/Images/ACR-099/Capture5.png","190215/FoxitReader-180327/9.4.1.16828/Images/ACR-099/Capture6.png","190215/FoxitReader-180327/9.4.1.16828/Images/ACR-064/Video1.mp4"],"guid":"5ddcff2c-ad21-4b5a-a383-ab1809f5520c_9.4.1.16828_1","appID":"FoxitReader-180327","dateAdded":"190215","deceptorType":"Bundler","name":"FoxitReader Bundler","company":"Foxit Software Incorporated","version":"9.4.1.16828","sigName":"Deceptor:LandingPage/FoxitReaderBundler!109155","firstResolvedDate":"190606","firstResolvedVersion":"9.5.0.20725","resolved":"TRUE","lastKnownStatus":"Deceptor:1.7.0.0,9.0,190215","lastKnownDate":"190215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2019-06-06T20:51:12.9897231+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2289},{"violations":{"ACR-005":"The application mimics the system toolbar and displays a non-attributed search in this area.\n","ACR-111":"Extension does not explicitly inform the user that they will be manipulating webpage content.\n"},"nonDeceptorViolations":{"ACR-045":"Does not disclose that default search will redirect to Yahoo and new tab page will be modified.\nDoes not disclose that default search will redirect to Yahoo and new tab page will be modified.\n","ACR-054":"Unequal prominence between accept and decline buttons in the post-install offer.\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n"},"samples":[{"isRevoked":"False","fileName":"Smart-Package-Tracker_v2.8.17.35.crx","isInstaller":"True","companyName":"N/A","productName":"N/A","productVersion":"2.8.17.35","fileVersion":"N/A","hashMD5":"4879d761c875702ccb1dbad4efec0109","hashSHA1":"771a3a88e49f2c370697569a01a07e283965e500","hashSHA256":"6daada3a53acefd1ad6cb4062e7950fe912889378ed671885f7f7339d7a09870","sourceIndex":"3182","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.smartpackagetracker.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/smart-package-tracker/iilbncphejgkekfiendcbbfheaifognd","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/smart-package-tracker/iilbncphejgkekfiendcbbfheaifognd","sourceIndex":"3182"}],"sampleFiles":["190215/SmartPackageTracker-180704/2.8.17.22/Samples/Smart-Package-Tracker_v2.8.17.35.crx"],"imageFiles":["190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-005/acr_005.PNG","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-005/SmartPackageTracker ACR_005 Software.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-111/SmartPackageTracker ACR_111 #2.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-111/SmartPackageTracker ACR_111 Software #3.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-111/SmartPackageTracker ACR_111 Software.png"],"nonDeceptorImageFiles":["190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-045/SmartPackageTracker ACR_045 Install and LandingPage.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-045/SmartPackageTracker ACR_045 Install and LandingPage #2.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-045/SmartPackageTracker ACR_045 Install and LandingPage #3.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-045/SmartPackageTracker ACR_045 Install and LandingPage #2.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-045/SmartPackageTracker ACR_045 Install and LandingPage #3.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-045/SmartPackageTracker ACR_045 Install and LandingPage.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-054/SmartPacakgeTracker ACR_054 Landing Page.png","190215/SmartPackageTracker-180704/2.8.17.22/Images/ACR-059/SmartPacakgeTracker ACR_057 Landing Page.png"],"guid":"81208e4e-1ef9-4e0d-9109-f90e98bdb88c_2.8.17.22_1","appID":"SmartPackageTracker-180704","dateAdded":"190215","deceptorType":"Chrome Extension","name":"SmartPackageTracker","company":"www.smartpackagetracker.com","version":"2.8.17.22","sigName":"Deceptor:CRX/SmartPackageTracker!005111","lastKnownStatus":"Deceptor:2.7.3.35,2.8.17.22,2.8.20.55","lastKnownDate":"190215","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2019-02-15T16:03:19.3191247+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2286},{"violations":{"ACR-005":"The application mimics the system toolbar by displaying a non-attributed search on its new tab page. The new tab page has an search dialog, but there is no attribution on the page back to the app.\n"},"nonDeceptorViolations":{"ACR-057":"The application fails to provide the user with clear and simple options to decline the \"Search Secure\" associated offer.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"samples":[{"isRevoked":"False","fileName":"Your-Mail-Tab_v2.8.17.45.crx","isInstaller":"True","companyName":"N/A","productName":"N/A","productVersion":"N/A","fileVersion":"N/A","hashMD5":"45d2a9934b2439551ec5a0d826f7607e","hashSHA1":"a9a9abb6c3bcd9b5fb1d02bfb14ad845197b00dc","hashSHA256":"f0163073a2b21a6c12be381a8bf92f1bc9a03a4d92d09207298a703afdd223a7","sourceIndex":"3188","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.yourmailtab.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/your-mail-tab/bicoodefmmiemjiefchmgkeiedlejnhi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/your-mail-tab/bicoodefmmiemjiefchmgkeiedlejnhi","sourceIndex":"3188"}],"sampleFiles":["190214/YourMailtab-180626/2.8.17.45/Samples/Your-Mail-Tab_v2.8.17.45.crx"],"imageFiles":["190214/YourMailtab-180626/2.8.17.45/Images/ACR-005/YourMailTab ACR_005 Software.png"],"nonDeceptorImageFiles":["190214/YourMailtab-180626/2.8.17.45/Images/ACR-057/YourMailTab ACR_057 LandingPage.png","190214/YourMailtab-180626/2.8.17.45/Images/ACR-059/YourMailTab ACR_059 LandingPage.png","190214/YourMailtab-180626/2.8.17.45/Images/ACR-155/YourMailTab ACR_155 Install.png"],"guid":"262e93ec-a86f-4e0e-aed3-a05e712ceb83_2.8.17.45_1","appID":"YourMailtab-180626","dateAdded":"190214","deceptorType":"Chrome Extension","name":"YourMailtab","company":"http://www.yourmailtab.com/","version":"2.8.17.45","sigName":"Deceptor:CRX/YourMailtab!005","lastKnownStatus":"Deceptor:2.7.3.28,2.8.17.45,2.8.20.51","lastKnownDate":"190214","type":"Chrome Extension","category":"Personalization & Search","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,MacOS","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-02-14T03:58:05.9416757+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2293},{"violations":{"ACR-005":"The application mimics the system toolbar by displaying a non-attributed search on its new tab page. The new tab page has an search dialog, but there is no attribution on the page back to the app.\n"},"nonDeceptorViolations":{"ACR-057":"The application fails to provide the user with clear and simple options to decline the \"Search Secure\" associated offer.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"samples":[{"isRevoked":"False","fileName":"Your-Mail-Tab_v2.8.20.51.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9037befe4775e8b59a4ced9e89a308850e0cc1358eeefeefc662afac13113135","sourceIndex":"3190","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HuntedAppList","reference":"","landingPage":"http://www.yourmailtab.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/your-mail-tab/bicoodefmmiemjiefchmgkeiedlejnhi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/your-mail-tab/bicoodefmmiemjiefchmgkeiedlejnhi","sourceIndex":"3190"}],"sampleFiles":["190214/YourMailtab-180626/2.8.20.51/Samples/Your-Mail-Tab_v2.8.20.51.crx"],"imageFiles":["190214/YourMailtab-180626/2.8.20.51/Images/ACR-005/ACR-005 Software.png"],"nonDeceptorImageFiles":["190214/YourMailtab-180626/2.8.20.51/Images/ACR-057/YourMailTab Search Secure Offer.png","190214/YourMailtab-180626/2.8.20.51/Images/ACR-059/YourMailTab Search Secure Offer.png","190214/YourMailtab-180626/2.8.20.51/Images/ACR-155/YourMailTab Search Secure Offer.png"],"guid":"262e93ec-a86f-4e0e-aed3-a05e712ceb83_2.8.20.51_1","appID":"YourMailtab-180626","dateAdded":"190214","deceptorType":"Chrome Extension","name":"YourMailtab","company":"http://www.yourmailtab.com/","version":"2.8.20.51","sigName":"Deceptor:Win32/YourMailtab!005","lastKnownStatus":"Deceptor:2.7.3.28,2.8.17.45,2.8.20.51","lastKnownDate":"190214","type":"Chrome Extension","category":"Personalization & Search","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,MacOS","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-02-14T03:29:46.7395716+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2294},{"violations":{"ACR-005":"The application mimics the system toolbar by displaying a non-attributed search on its new tab page. The new tab page has an search dialog, but there is no attribution on the page back to the app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Your-Mail-Tab_v2.7.3.28.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"7bb2178e648e401ad17258c4359b8195","hashSHA1":"e90907a5d41e4460c0f07f2049d4adb157c9391e","hashSHA256":"8f0b1068683da1c3a82be92ae571948693b334cb444c370806f0773ad6fe86b3","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3373","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.yourmailtab.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/your-mail-tab/bicoodefmmiemjiefchmgkeiedlejnhi","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/your-mail-tab/bicoodefmmiemjiefchmgkeiedlejnhi","sourceIndex":"3373"}],"sampleFiles":["190110/YourMailtab-180626/2.7.3.28/Samples/Your-Mail-Tab_v2.7.3.28.crx"],"imageFiles":["190110/YourMailtab-180626/2.7.3.28/Images/ACR-005/acr_005_S.PNG"],"nonDeceptorImageFiles":[],"guid":"262e93ec-a86f-4e0e-aed3-a05e712ceb83_2.7.3.28_1","appID":"YourMailtab-180626","dateAdded":"190214","deceptorType":"Chrome Extension","name":"YourMailtab","company":"http://www.yourmailtab.com/","version":"2.7.3.28","sigName":"Deceptor:CRX/YourMailtab!005","lastKnownStatus":"Deceptor:2.7.3.28,2.8.17.45,2.8.20.51","lastKnownDate":"190214","type":"Chrome Extension","category":"Personalization & Search","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8,MacOS","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-02-14T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2295},{"violations":{"ACR-047":"The application deceives the consumer into taking action by providing a start scan option at the end of the installation when the consumer already selected the checkbox option that states \"Don't scan my computer after installation is complete\" at the first stage of the installation.\n","ACR-003":"The application counts errors in event log history of the programs executed before and claims system stability level. The claim to fix those errors that happened before and can improve system stability is not substantiated and exaggerated. It misleads user to take action \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The application does not provide any option to disable scheduled tasks or features.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"Restoro.exe","isInstaller":"True","companyName":"Restoro","productName":"Restoro","productVersion":"2.000","fileVersion":"2.000","hashMD5":"c4fdd536f166a6c91bf8bb46d69462da","hashSHA1":"fa160b6adcaaac4a1e288a96ab440b7c29c8b1c4","hashSHA256":"b05abd3403663d2d4ac498849b24f160f741cd6027c0cf52fe7db9f9ada47387","digitalCertThumbprint":"9EE20944713A5A15893F539626CE020DDDCBFA15","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Restoro Limited, O=Restoro Limited, L=Douglas, C=IM","sourceIndex":"3453","avBlockList":["Avast Internet Security (20190121)","AVG Internet Security (20190121)","Avira Internet Security (20190121)","Bitdefender Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","K7 Total Security (20190121)","Kaspersky Internet Security (20190121)","Malwarebytes Premium (20190121)","Panda Dome (20190121)","Sophos Home Premium (20190121)","Trend Micro Internet Security (20190121)","VirIT eXplorer PRO (20190121)","Windows Defender (20190121)"],"avAllowList":["ESET Internet Security (20190121)","McAfee Total Protection (20190121)","Webroot SecureAnywhere (20190121)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.restoro.com/","directDownloadingLink":"https://cloud.restoro.com/download/Restoro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cloud.restoro.com/download/Restoro.exe","sourceIndex":"3453"}],"sampleFiles":["181222/Restoro-180807/2.0.0.3/Samples/Restoro.exe"],"imageFiles":["181222/Restoro-180807/2.0.0.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","181222/Restoro-180807/2.0.0.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","181222/Restoro-180807/2.0.0.3/Images/ACR-084/ACR_084_SOFTWARE.PNG","181222/Restoro-180807/2.0.0.3/Images/ACR-047/ACR_047_INSTALL.mp4"],"nonDeceptorImageFiles":["181222/Restoro-180807/2.0.0.3/Images/ACR-099/ACR_099_SOFTWARE.PNG"],"guid":"f2701bba-84b1-4466-bae8-500f2ab0eb01_2.0.0.3_1","appID":"Restoro-180807","dateAdded":"190213","deceptorType":"App","name":"Restoro","company":"Restoro Limited","version":"2.0.0.3","sigName":"Deceptor:Win32/Restoro!003084047","firstVendorContactDate":"181222","firstAppEsteemReplyDate":"181222","firstResolvedDate":"190221","firstResolvedVersion":"2.0.1.3","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.0.3, 2.0.1.0,2.0.1.2","lastKnownDate":"190213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-21T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2300},{"violations":{"ACR-003":"App exaggerates system health by calling cached web pages as \"infected\" and \"malicious\"\n","ACR-004":"App shows free scan results, but requires a purchase of a recurring service to fix them. App exaggerates urgency by calling caches web results as \"infected\" and \"malicous\"\n","ACR-084":"App provides no way to stop auto-launch.\n","ACR-118":"App retains executables and auto-launch configuration after app uninstall.\n"},"nonDeceptorViolations":{"ACR-002":"Install claims app source as XXX History Fixer, but publisher is Techyutils\nSoftware claims app source is XXX History Fixer, which does not match publisher\n","ACR-171":"Upsell flow does not predisclose recurring payments\n"},"samples":[{"isRevoked":"False","fileName":"xxxhf_xxxhfsite.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ecb3d989d53f03dde877b287224767c88aabe01d73060ac27e645ad4026f5803","sourceIndex":"2569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"xxxhfhlpr","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"7ec24ae1c4726f120c15f90192a31565cd9ddb5093091f68815ef6f019f31f41","sourceIndex":"2569","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"hazel ref.","landingPage":"http://xxxhistoryfixer.com/","directDownloadingLink":"http://cdn.xxxhistoryfixer.com/xhf/builds/xxxhf_xxxhfsite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.xxxhistoryfixer.com/xhf/builds/xxxhf_xxxhfsite.pkg","sourceIndex":"2569"}],"sampleFiles":["190213/XXXHistoryFixer-190213/1.6.0/Samples/xxxhf_xxxhfsite.pkg","190213/XXXHistoryFixer-190213/1.6.0/Samples/xxxhfhlpr"],"imageFiles":["190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-003/acr-003 -004 -014 exaggerated with infected and malicious.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-004/acr-003 -004 -014 exaggerated with infected and malicious.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-004/acr-171 late disclosure of recurring.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-084/acr-084 no way to stop autolaunch.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-118/acr-118 leaves binaries and autolaunch after uninstall.png"],"nonDeceptorImageFiles":["190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-002/acr-002 install screen claims source.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-002/acr-002 names not matching.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-002/acr-002 different name.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-002/acr-002 names not matching.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-171/acr-171  no predisclosure of recurring.png","190213/XXXHistoryFixer-190213/1.6.0/Images/ACR-171/acr-171 late disclosure of recurring.png"],"guid":"bfa992ee-a4f4-490a-ae80-280a0ca29127_1.6.0_1","appID":"XXXHistoryFixer-190213","dateAdded":"190213","deceptorType":"MacOS App","name":"XXX History Fixer","company":"TechyUtils Software Private Limited","version":"1.6.0","sigName":"Deceptor:MacOS/XXXHistoryFixer!003004084118","lastKnownStatus":"Deceptor:1.6.0","lastKnownDate":"200203","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"Chrome,Firefox,Safari","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid","lastUpdate":"2020-02-04T00:23:58.3519916+00:00","notDistributed":true,"familyName":"unpollute-macclean-arkin","numInFamily":2,"numInAppID":1,"sortOrder":2296},{"violations":{"ACR-003":"App exaggerates system health by calling cached data \"infected\". App provides no substantiation.\n","ACR-004":"App exaggerates urgency by calling cached data \"infected\" and using alarming colors. App provides no substantiation for free scan results. App provides free scan but upsells to paid-only fixes.\n","ACR-084":"App does not let consumer turn off auto-launch of app at startup\n","ACR-118":"App retains auto-launch after uninstall. App retains executables after uninstall.\n","ACR-071":"App's upsell includes a free copy of Memory Optimizer, which cannot be declined.\n","ACR-014":"App does not substantiate scan results. App misleads by calling web cache results as an \"infection\".\n"},"nonDeceptorViolations":{"ACR-038":"Install refers to company as Unpollute My Mac, but docs refer as geek-support, and signing certificate refers to as \"techyutils\" \n","ACR-002":"Install refers to company as Unpollute My Mac, but docs refer as geek-support, and signing certificate refers to as \"techyutils\" \nSoftware refers to app source as Unpollute My Mac, which does not match docs or signing certificate\nDocs refer to app source as support-geeks, but this doesn't match digital signature or software\n","ACR-092":"Digital signature refers to a different source than what the software and landing page claim.\n","ACR-171":"App does not pre-disclose that payment will be recurring until the final shopping cart page.\nUpsell flow claims price is $29.95, and then on final screen, discloses that payment will be recurring.\n"},"samples":[{"isRevoked":"False","fileName":"umm_ummsite.pkg","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"3cbd7297bc4730e4d8751e66716c55cf62daed66170ce72cf24a899ea0ba698b","sourceIndex":"1322","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ummhlpr","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"cd1c0a713a0388e62863a77253de54c9ae58d8b25061c0f197b121d7187f093f","sourceIndex":"1322","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"hazel ref.","landingPage":"http://unpollutemymac.com/","directDownloadingLink":"http://cdn.unpollutemymac.com/prns/builds/umm_ummsite.pkg","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.unpollutemymac.com/prns/builds/umm_ummsite.pkg","sourceIndex":"1322"}],"sampleFiles":["190213/UnpolluteMyMac-190213/1.2.0/Samples/umm_ummsite.pkg","190213/UnpolluteMyMac-190213/1.2.0/Samples/ummhlpr"],"imageFiles":["190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-003/acr-003 -004 using infected to exaggerate health no substantiation.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-004/acr-071 -171 no option for unchecking memoptimizer and no predisclosure of recurring.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-004/acr-004 recurring purchase.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-004/acr-004 -071 no option to fix free scan results and unable to decline free offer.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-004/acr-003 -004 using infected to exaggerate health no substantiation.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-014/acr-003 -004 using infected to exaggerate health no substantiation.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-084/acr-084 no way to disable auto launch.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-118/acr-118 retains components after uninstall.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-118/acr-118 retains executables.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-071/acr-071 -171 no option for unchecking memoptimizer and no predisclosure of recurring.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-071/acr-004 -071 no option to fix free scan results and unable to decline free offer.png"],"nonDeceptorImageFiles":["190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-038/acr-002 techyutils vs unpollutemymac.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-038/acr-002 support-geek vs unpollutemymac.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-038/acr-002 refers to Unpollute My Mac.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-002/acr-002 refers to Unpollute My Mac.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-002/acr-002 support-geek vs unpollutemymac.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-002/acr-002 techyutils vs unpollutemymac.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-092/acr-002 techyutils vs unpollutemymac.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-171/acr-004 recurring purchase.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-171/acr-004 -071 no option to fix free scan results and unable to decline free offer.png","190213/UnpolluteMyMac-190213/1.2.0/Images/ACR-171/acr-071 -171 no option for unchecking memoptimizer and no predisclosure of recurring.png"],"guid":"34a10942-e2f6-49e2-a6e9-813d4a998a9a_1.2.0_1","appID":"UnpolluteMyMac-190213","dateAdded":"190213","deceptorType":"MacOS App","name":"Unpollute My Mac","company":"TechyUtils Software Private Limited","version":"1.2.0","sigName":"Deceptor:MacOS/UnpolluteMyMac!003004071084118171","lastKnownStatus":"Deceptor:1.2.0","lastKnownDate":"190213","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"Chrome,Firefox,Safari","ageAppropriate":"Adults only","monetization":"up-sell to paid,paid","lastUpdate":"2022-11-11T21:17:59.1735022+00:00","notDistributed":true,"familyName":"unpollute-macclean-arkin","numInFamily":2,"numInAppID":1,"sortOrder":2297},{"violations":{"ACR-004":"The app uses gauge and alarming color banner, misleading priority and urgency to user.\n"},"nonDeceptorViolations":{"ACR-045":"App claims \"FREE DOWNLOAD\", but the functionality that requires consumer payment in order to be activated is not marked clearly in landing page.\n","ACR-099":"The app does not disclose uninstall information explicitly in the software.\n"},"samples":[{"isRevoked":"False","fileName":"RestoroMain.exe","isInstaller":"True","companyName":"Restoro","fileVersion":"2.0","hashMD5":"3bfe38a70de265a14ac390b746e74522","hashSHA1":"b4f4a502b52e6fcf0d0ce780bb049e822b9e1023","hashSHA256":"82d3d788d07ef3b531fd2733895fd7eaa5febca90341e4171f357d44fc3f4e6f","digitalCertThumbprint":"9EE20944713A5A15893F539626CE020DDDCBFA15","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Restoro Limited, O=Restoro Limited, L=Douglas, C=IM","sourceIndex":"3176","avBlockList":["Avast Internet Security (20190221)","AVG Internet Security (20190221)","ESET Internet Security (20190221)","K7 Total Security (20190221)","Malwarebytes Premium (20190221)","Panda Dome (20190221)","Sophos Home Premium (20190221)","Webroot SecureAnywhere (20190221)"],"avAllowList":["Avira Internet Security (20190221)","Bitdefender Internet Security (20190221)","G DATA INTERNET SECURITY (20190221)","McAfee Total Protection (20190221)","Norton Security (20190221)","Trend Micro Internet Security (20190221)","VirIT eXplorer PRO (20190221)","Windows Defender (20190221)"]},{"isRevoked":"False","fileName":"RestoroSetup.exe","isInstaller":"True","companyName":"Restoro","fileVersion":"2.0","hashMD5":"d4888777d3faec37d126de1e55c932ae","hashSHA1":"0c8e89939bb700edc46a8e2524458e39f690a59f","hashSHA256":"8e7c6fe656fb76d721df31ed391bab235bea556d7c85e239793dd7df75072f6c","digitalCertThumbprint":"9EE20944713A5A15893F539626CE020DDDCBFA15","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Restoro Limited, O=Restoro Limited, L=Douglas, C=IM","sourceIndex":"3176","avBlockList":["Avast Internet Security (20190221)","AVG Internet Security (20190221)","Avira Internet Security (20190221)","ESET Internet Security (20190221)","G DATA INTERNET SECURITY (20190221)","K7 Total Security (20190221)","Kaspersky Internet Security (20190221)","Malwarebytes Premium (20190221)","Panda Dome (20190221)","Sophos Home Premium (20190221)","VirIT eXplorer PRO (20190221)","Webroot SecureAnywhere (20190221)","Windows Defender (20190221)"],"avAllowList":["Bitdefender Internet Security (20190221)","McAfee Total Protection (20190221)","Norton Security (20190221)","Trend Micro Internet Security (20190221)"]}],"additionalFiles":[],"sources":[{"howFound":"HuntedDeceptorList","reference":"","landingPage":"https://www.restoro.com/","directDownloadingLink":"https://cloud.restoro.com/download/Restoro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cloud.restoro.com/download/Restoro.exe","sourceIndex":"3176"}],"sampleFiles":["190213/Restoro-180807/2.0.1.2/Samples/RestoroMain.exe","190213/Restoro-180807/2.0.1.2/Samples/RestoroSetup.exe"],"imageFiles":["190213/Restoro-180807/2.0.1.2/Images/ACR-004/ACR-004 Guages.png","190213/Restoro-180807/2.0.1.2/Images/ACR-004/ACR-004 Guages 2.png"],"nonDeceptorImageFiles":["190213/Restoro-180807/2.0.1.2/Images/ACR-099/ACR-099 Software.png","190213/Restoro-180807/2.0.1.2/Images/ACR-045/ACR-045 LP.png"],"guid":"f2701bba-84b1-4466-bae8-500f2ab0eb01_2.0.1.2_1","appID":"Restoro-180807","dateAdded":"190213","deceptorType":"App","name":"Restoro","company":"Restoro Limited","version":"2.0.1.2","sigName":"Deceptor:Win32/Restoro!2.0.1.2","firstVendorContactDate":"181222","firstAppEsteemReplyDate":"181222","firstResolvedDate":"190221","firstResolvedVersion":"2.0.1.3","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.0.3, 2.0.1.0,2.0.1.2","lastKnownDate":"190213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-21T20:52:46.9852212+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2298},{"violations":{"ACR-003":"The app counts registry items as errors, raising a false sense of urgency. The app sets junk files impact above \"low\", raising a false sense of urgency.\n","ACR-004":"The app uses different colors and graphs for free scan results and free hardware analysis results to raise the sense of urgency to the user. The app continues to scan for free, but does not provide free fixes after the trial period.\n","ACR-014":"The scan results imply that registry issues and junk files can go beyond \"low\", which is misleading.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Restoro.exe","isInstaller":"True","companyName":"Restoro","productName":"Restoro","productVersion":"2.0.1.0","fileVersion":"2.0.1.0","hashMD5":"257fc8a6ce4c2f521e0f7a021c1b3113","hashSHA1":"e4839390ad8b84b0646d1dd487d02608a346b613","hashSHA256":"38e5e97a925d2c13481efcb790f362a6c950e665a72b55f3714ae35479296be1","digitalCertThumbprint":"9EE20944713A5A15893F539626CE020DDDCBFA15","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Restoro Limited, O=Restoro Limited, L=Douglas, C=IM","sourceIndex":"3185","avBlockList":["Avast Internet Security (20190121)","AVG Internet Security (20190121)","Avira Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","K7 Total Security (20190121)","Kaspersky Internet Security (20190121)","Malwarebytes Premium (20190121)","Norton Security (20190121)","Panda Dome (20190121)","VirIT eXplorer PRO (20190121)","Windows Defender (20190121)"],"avAllowList":["Bitdefender Internet Security (20190121)","ESET Internet Security (20190121)","McAfee Total Protection (20190121)","Sophos Home Premium (20190121)","Trend Micro Internet Security (20190121)","Webroot SecureAnywhere (20190121)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.restoro.com/","directDownloadingLink":"https://cloud.restoro.com/download/Restoro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cloud.restoro.com/download/Restoro.exe","sourceIndex":"3185"}],"sampleFiles":["190213/Restoro-180807/2.0.1.0/Samples/Restoro.exe"],"imageFiles":["190213/Restoro-180807/2.0.1.0/Images/ACR-003/errors and graphs.png","190213/Restoro-180807/2.0.1.0/Images/ACR-004/errors and graphs.png","190213/Restoro-180807/2.0.1.0/Images/ACR-004/gauges hardware analysis.png","190213/Restoro-180807/2.0.1.0/Images/ACR-004/no fixing scan results.png","190213/Restoro-180807/2.0.1.0/Images/ACR-014/errors and graphs.png"],"nonDeceptorImageFiles":[],"guid":"f2701bba-84b1-4466-bae8-500f2ab0eb01_2.0.1.0_1","appID":"Restoro-180807","dateAdded":"190213","deceptorType":"App","name":"Restoro","company":"Restoro Limited","version":"2.0.1.0","sigName":"Deceptor:Win32/Restoro!003004","firstVendorContactDate":"181222","firstAppEsteemReplyDate":"181222","firstResolvedDate":"190221","firstResolvedVersion":"2.0.1.3","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.0.3, 2.0.1.0,2.0.1.2","lastKnownDate":"190213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-21T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2299},{"violations":{"ACR-003":"The app detects certified app \"e4baf59079ebdab27415a755a7143945\" as PUP and portrays the importance as \"High\" effect on system, misleading the consumer to take action.\n","ACR-004":"1. The app doesn't provide complete free fix for all the identified issues identified during free scan \n2. App uses different color bar to differentiate the urgency of items that are not urgent items\n","ACR-017":"Using expired certification logo\n","ACR-165":"The internal offers page does not disclose enough information about the time-bound discounts whether the offered app is free for one year or lifetime.\n"},"nonDeceptorViolations":{"ACR-161":"The quotes and testimonials needs to be verifiable.\n","ACR-171":"The additional offer presented to the consumer is default opt-in instead of opt-out.\n"},"samples":[{"isRevoked":"False","fileName":"spc_site.exe","isInstaller":"True","companyName":"Top PC Tools Software LLP","productName":"Super PC Care","productVersion":"1.0.0.24920","fileVersion":"1.0.0.24920","hashMD5":"b19100c0036f1f45c6da1b3a288c83e9","hashSHA1":"35c50c5dc49672be747b796af5396724225f1790","hashSHA256":"fb6dff5a9b701a53fd406a8f2deca9aec0825888fd22de02a12aedc5d60c3618","digitalCertThumbprint":"96CD9568B8CAEA685C7E8A2C2C0EF5CCC59823F4","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Top PC Tools Software L.L.P.","sourceIndex":"3061","avBlockList":["Avast Internet Security (20190509)","AVG Internet Security (20190509)","Avira Internet Security (20190509)","ESET Internet Security (20190509)","G DATA INTERNET SECURITY (20190509)","K7 Total Security (20190509)","Kaspersky Internet Security (20190509)","Malwarebytes Premium (20190509)","McAfee Total Protection (20190509)","Norton Security (20190509)","Trend Micro Internet Security (20190509)","VirIT eXplorer PRO (20190509)","Webroot SecureAnywhere (20190509)","Windows Defender (20190509)","360 Total Security (20190509)","COMODO Antivirus (20190509)","Dr.Web Security Space (20190509)","Quick Heal Internet Security (20190509)","SpyHunter5 (20190412)"],"avAllowList":["Bitdefender Internet Security (20190509)","Panda Dome (20190509)","Sophos Home Premium (20190509)","F-PROT Antivirus for Windows (20190412)","Tencent PC Manager (20190509)","VIPRE Advanced Security (20190509)"]}],"additionalFiles":[],"sources":[{"howFound":"expired certifed app recheck for ACR-004","reference":"","landingPage":"http://superpccare.com/","directDownloadingLink":"http://cdn.superpccare.com/superpccare/setup/out/spc_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.superpccare.com/superpccare/setup/out/spc_site.exe","sourceIndex":"3061"}],"sampleFiles":["190212/SuperPCCare-190211/1.0.0.24920/Samples/spc_site.exe"],"imageFiles":["190212/SuperPCCare-190211/1.0.0.24920/Images/ACR-003/ACR-003_Software_DetectsFP.JPG","190212/SuperPCCare-190211/1.0.0.24920/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogo.JPG","190212/SuperPCCare-190211/1.0.0.24920/Images/ACR-004/ACR-004_Software_NoFullFreeFix.JPG","190212/SuperPCCare-190211/1.0.0.24920/Images/ACR-004/ACR-004_Software_RaisesUrgency.JPG","190212/SuperPCCare-190211/1.0.0.24920/Images/ACR-004/ACR-004_Software_RaisesUrgency1.JPG","190212/SuperPCCare-190211/1.0.0.24920/Images/ACR-165/ACR-165_InternalOffers_OfferNeedsToBeClear.JPG"],"nonDeceptorImageFiles":["190212/SuperPCCare-190211/1.0.0.24920/Images/ACR-161/ACR-161_InternalOffers_TestimonialsNeedsToBeVerified.JPG","190212/SuperPCCare-190211/1.0.0.24920/Images/ACR-171/ACR-171_InternalOffers_DefaultOptIn.JPG"],"guid":"66f81994-c091-49a3-9e4d-81dc5b8fc48a_1.0.0.24920_1","appID":"SuperPCCare-190211","dateAdded":"190212","deceptorType":"App","name":"SuperPCCare","company":"Top PC Tools Software L.L.P.","version":"1.0.0.24920","sigName":"Deceptor:Win32/SuperPCCare!003004017","firstVendorContactDate":"190405","firstAppEsteemReplyDate":"190405","firstResolvedDate":"190521","firstResolvedVersion":"1.0.25025","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.24920","lastKnownDate":"190212","type":"Windows Executable","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","lastUpdate":"2019-05-28T21:24:11.050199+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2301},{"violations":{"ACR-003":"The app shows gauges and word \"Attention!\" in red colors that indicates misleading urgency. Also, the app states the sentences \"These errors can be critical to the performance of your PC.\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of additional payment for Mcafee Internet Secuity and Advanced Password Manager which were not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\Smart - PC- Care for DESKTOP-8QAR3KI\\mpr.exe","productName":"Booster Tool","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"3b9bc197a5051ef144e6c39e2bb6f37e","hashSHA1":"df0891322d709092b7bae9331fc636673e8adb19","hashSHA256":"574f6e9dac0ccb293aeaeb5fdc923f8c5ef8c4b35657c6e58d1d5aa788b86fa6","digitalCertThumbprint":"EE734577E317FCECED654F60B5E335200084CA25","sourceIndex":"481","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"smpcsetup.exe","isInstaller":"True","companyName":"                                                            ","productName":"Smart - PC- Care                                            ","productVersion":"1.0.0.2                                           ","fileVersion":"1.0.0.2             ","hashMD5":"19281d96f16f0b422faac49df610af74","hashSHA1":"91a0780f705e6dc723500e270d2bca2f0685893c","hashSHA256":"0e4fe961e8af1890f6ba8bc502f784710d187dab3f7958283efa87e12b0de9d0","digitalCertThumbprint":"EE734577E317FCECED654F60B5E335200084CA25","sourceIndex":"481","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"preferred PC protection utility\"","reference":"http://pcclean.site/","landingPage":"http://pcclean.site/","directDownloadingLink":"https://d3lm5g1tw7uodz.cloudfront.net/smpc/securerc/c8/smpcsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3lm5g1tw7uodz.cloudfront.net/smpc/securerc/c8/smpcsetup.exe","sourceIndex":"481"},{"howFound":"","reference":"","landingPage":"http://www.pcclean.win/","directDownloadingLink":"https://d3nn2jdqkkl1jv.cloudfront.net/smpc/securerc/c2/smpcsetup.exe","ipv4":"","ipv6":"","sourceIndex":"482"}],"sampleFiles":["190207/SmartPCCare-190205/1.0.0.2/Samples/mpr.exe","190207/SmartPCCare-190205/1.0.0.2/Samples/smpcsetup.exe"],"imageFiles":["190207/SmartPCCare-190205/1.0.0.2/Images/ACR-003/003.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-003/003_2.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-003/003_3.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-004/003.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-004/171.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-010/010.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-084/084.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-168/003.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-055/010.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-059/010.png"],"nonDeceptorImageFiles":["190207/SmartPCCare-190205/1.0.0.2/Images/ACR-099/099.png","190207/SmartPCCare-190205/1.0.0.2/Images/ACR-171/171.png"],"guid":"4dda64ec-6cc9-4359-bb4f-68d7674fd900_1.0.0.2_1","appID":"SmartPCCare-190205","dateAdded":"190207","deceptorType":"App","name":"Smart PC Care","company":"CONNECT AB INFOLINE PRIVATE LIMITED","version":"1.0.0.2","sigName":"Deceptor:Win32/SmartPCCare!003004010084168055059","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2026-05-04T14:37:21.3940033+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2061},{"violations":{"ACR-048":"app remaps the top right \"close\" icon to \"minimize\" and leaves the app running, with no way for the consumer to control this action.\n","ACR-003":"At end of 30-minute trial, app raises a sense of artifical urgency, claiming that the PC will be slowing down.\n","ACR-009":"App claims that the PC will slow down because the trial ended.\n","ACR-084":"App installs as an auto-start service, with no way for the consumer to control\n","ACR-014":"App claims PC will slow down because the trial ended, but provides no substantiation for this claim.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the app's installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the application that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe landing page has no link or information that shows how it can be uninstalled.\nThe internal offer has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"98a1d3f40daab01596af0a202d6472e9","hashSHA1":"2b3df2d64686bd65fb8f74b68c34ae43d62c86a0","hashSHA256":"11fe600309f07ef37dc3e487e5234ec01f6f324024459124678fbc4fbe782aed","digitalCertThumbprint":"53C25436E29E1443FC21DAEFEC1890F47AD2928F","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Fast Corporate LTD, O=Fast Corporate LTD, L=Kfar Saba, C=IL","sourceIndex":"3209","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fast!.exe","fileVersion":"0.0","hashMD5":"9aaaf78abe64ced12622ef592d2736ce","hashSHA1":"3e507e4bfa638073d933b5edae63ae21b0a80feb","hashSHA256":"2a1d5762721d5f34364cf599a87b30e9a9d623a3a0401aa3fc2372a62ffc33b5","digitalCertThumbprint":"D3648AFDFDB12E4172A23B58B31B7BB21F10BE21","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Fast Corporate LTD, O=Fast Corporate LTD, L=Kfar Saba, C=IL","sourceIndex":"3209","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google ad on BleachBit.org page","landingPage":"https://veryfast.io","ipv4":"","ipv6":"","sourceIndex":"3209"}],"sampleFiles":["190205/VeryFast-181112/2.129/Samples/Setup.exe","190205/VeryFast-181112/2.129/Samples/fast!.exe"],"imageFiles":["190205/VeryFast-181112/2.129/Images/ACR-048/ACR-048 remaps close to minimize.gif","190205/VeryFast-181112/2.129/Images/ACR-003/ACR-003 and -014 unsubstantiated urgency message.png","190205/VeryFast-181112/2.129/Images/ACR-009/ACR-003 and -014 unsubstantiated urgency message.png","190205/VeryFast-181112/2.129/Images/ACR-009/ACR-009 threatening message after trial ends.png","190205/VeryFast-181112/2.129/Images/ACR-014/ACR-003 and -014 unsubstantiated urgency message.png","190205/VeryFast-181112/2.129/Images/ACR-084/ACR-084 installs as service no way to control.png"],"nonDeceptorImageFiles":["190205/VeryFast-181112/2.129/Images/ACR-065/ACR-065_software.JPG","190205/VeryFast-181112/2.129/Images/ACR-065/ACR-065_internaloffer.JPG","190205/VeryFast-181112/2.129/Images/ACR-161/ACR-161_landinfpage.JPG","190205/VeryFast-181112/2.129/Images/ACR-163/ACR-163_landingpage.JPG","190205/VeryFast-181112/2.129/Images/ACR-163/ACR-163_internaloffer.JPG","190205/VeryFast-181112/2.129/Images/ACR-099/ACR-099_software.JPG","190205/VeryFast-181112/2.129/Images/ACR-099/ACR-099_landingpage.JPG","190205/VeryFast-181112/2.129/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"d60412ff-e38e-4ba2-84de-65bf643d2418_2.129_1","appID":"VeryFast-181112","dateAdded":"190205","deceptorType":"App","name":"VeryFast","company":"Fast Corporate Ltd","version":"2.129","sigName":"Deceptor:Win32/VeryFast!003009014048084","firstVendorContactDate":"190205","firstAppEsteemReplyDate":"190206","firstResolvedDate":"190207","firstResolvedVersion":"2.162","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0,2.152,2.129;2.136;NonCertified:2.162","lastKnownDate":"190205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2019-02-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2304},{"violations":{"ACR-042":"The apps installer runs and does not obtaining user permission before installing.\n","ACR-048":"There is a \"cancel\" and a \"close\" button provided but the consumer is unable to click them as they are unavailable.\n","ACR-055":"The app's installer does not allow the user to decline or cancel the installation of the app. The close and cancel buttons are unavailable.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the app's installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the application that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe landing page has no link or information that shows how it can be uninstalled.\nThe internal offer has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"8f43a790150525893f63abb01ca41899","hashSHA1":"09e5cb7ad4ab4cf63dc8b2e1855dd1b71002b799","hashSHA256":"0a421c587c9127c0eb26d2db2a933b1dc612560b123d5dc1dc985b5ca4a48fdd","digitalCertThumbprint":"53C25436E29E1443FC21DAEFEC1890F47AD2928F","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Fast Corporate LTD, O=Fast Corporate LTD, L=Kfar Saba, C=IL","sourceIndex":"3208","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fast!.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"0ed0f8968ac448e6a200814f3f8711c7","hashSHA1":"1ab1f3e44e6d30b000fe7fc1d7b0e8cf69fb57c2","hashSHA256":"abc7c36e463f1ad43af87d4796aaad8bc21b55a9176a709afab6eda32eaf602c","digitalCertThumbprint":"53C25436E29E1443FC21DAEFEC1890F47AD2928F","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Fast Corporate LTD, O=Fast Corporate LTD, L=Kfar Saba, C=IL","sourceIndex":"3208","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google ad on BleachBit.org page","landingPage":"https://veryfast.io","ipv4":"","ipv6":"","sourceIndex":"3208"}],"sampleFiles":["190205/VeryFast-181112/1.0/Samples/Setup.exe","190205/VeryFast-181112/1.0/Samples/fast!.exe"],"imageFiles":["190205/VeryFast-181112/1.0/Images/ACR-055/ACR-055_install.mp4","190205/VeryFast-181112/1.0/Images/ACR-042/ACR-042_install.mp4","190205/VeryFast-181112/1.0/Images/ACR-048/ACR-048_install.mp4"],"nonDeceptorImageFiles":["190205/VeryFast-181112/1.0/Images/ACR-065/ACR-065_software.JPG","190205/VeryFast-181112/1.0/Images/ACR-065/ACR-065_internaloffer.JPG","190205/VeryFast-181112/1.0/Images/ACR-161/ACR-161_landinfpage.JPG","190205/VeryFast-181112/1.0/Images/ACR-163/ACR-163_landingpage.JPG","190205/VeryFast-181112/1.0/Images/ACR-163/ACR-163_internaloffer.JPG","190205/VeryFast-181112/1.0/Images/ACR-099/ACR-099_software.JPG","190205/VeryFast-181112/1.0/Images/ACR-099/ACR-099_landingpage.JPG","190205/VeryFast-181112/1.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"d60412ff-e38e-4ba2-84de-65bf643d2418_1.0_1","appID":"VeryFast-181112","dateAdded":"190205","deceptorType":"App","name":"VeryFast","company":"Fast Corporate Ltd","version":"1.0","sigName":"Deceptor:Win32/VeryFast!042048055","firstVendorContactDate":"190205","firstAppEsteemReplyDate":"190206","firstResolvedDate":"190207","firstResolvedVersion":"2.162","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0,2.152,2.129;2.136;NonCertified:2.162","lastKnownDate":"190205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2019-02-07T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2303},{"violations":{"ACR-003":"App reports out of drivers without substantiated details, just timestamp is not sufficient enough for user.\n","ACR-004":"App requires subscription payment to fix the issues reported during free scan without free trial. App uses the alarming pattern to present driver status with unnecessary urgency with the intent of monetizing.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-120":"The application prompts during uninstall stating that consumer can get a trial for a lower price for the same program.\n\n"},"samples":[{"isRevoked":"False","fileName":"dfsetup_3720.exe","isInstaller":"True","companyName":"DeskToolsSoft","productName":"DriverFinder","productVersion":"3.7.2.0","fileVersion":"3.7.2","hashMD5":"6e8052c3c8ab089e6b9543a96a174bbd","hashSHA1":"b52dd582336547334a54e36e0ab63a1ba4aeb006","hashSHA256":"4154ef917199c381b118d9d5b588e224532b50862d85b62d1bf72b294fb04aad","digitalCertThumbprint":"ACCC9689D87B8A7B63D2F5A03E18D56D62BB9C67","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=DeskToolsSoft B.V., O=DeskToolsSoft B.V., L=Assen, S=Drenthe, C=NL, SERIALNUMBER=01147451, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Assen, OID.1.3.6.1.4.1.311.60.2.1.2=Drenthe, OID.1.3.6.1.4.1.311.60.2.1.3=NL","sourceIndex":"2872","avBlockList":["Avast Internet Security (20190502)","AVG Internet Security (20190502)","Avira Internet Security (20190502)","Bitdefender Internet Security (20190502)","ESET Internet Security (20190502)","G DATA INTERNET SECURITY (20190502)","K7 Total Security (20190502)","Malwarebytes Premium (20190502)","McAfee Total Protection (20190502)","Panda Dome (20190502)","Sophos Home Premium (20190502)","Trend Micro Internet Security (20190502)","VirIT eXplorer PRO (20190502)","Webroot SecureAnywhere (20190502)","Windows Defender (20190502)","COMODO Antivirus (20190502)","Dr.Web Security Space (20190502)","Quick Heal Internet Security (20190502)","Tencent PC Manager (20190502)","VIPRE Advanced Security (20190502)"],"avAllowList":["Kaspersky Internet Security (20190502)","Norton Security (20190502)","360 Total Security (20190502)","F-PROT Antivirus for Windows (20190404)","SpyHunter5 (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://driverfinderpro.com/","directDownloadingLink":"https://driverfinderpro.com/download/dfsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://driverfinderpro.com/download/dfsetup.exe","sourceIndex":"2872"},{"howFound":"deceptor re-review","reference":"","landingPage":"http://www.easydriverpro.com/","directDownloadingLink":"http://www.easydriverpro.com/download.php","ipv4":"","ipv6":"","sourceIndex":"2873"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"2874"}],"sampleFiles":["190205/DriverFinder-171122/3.7.2.0/Samples/dfsetup_3720.exe"],"imageFiles":["190205/DriverFinder-171122/3.7.2.0/Images/ACR-003/DriverFinder_003.PNG","190205/DriverFinder-171122/3.7.2.0/Images/ACR-004/DriverFinder_004_3.PNG","190205/DriverFinder-171122/3.7.2.0/Images/ACR-004/DriverFinder_004_2.PNG","190205/DriverFinder-171122/3.7.2.0/Images/ACR-004/DriverFinder_004_1.PNG","190205/DriverFinder-171122/3.7.2.0/Images/ACR-004/DriverFinder_004_4.PNG"],"nonDeceptorImageFiles":["190205/DriverFinder-171122/3.7.2.0/Images/ACR-120/re-advertised_same_offer.PNG"],"guid":"431f8498-1451-4205-9a48-f77754048271_3.7.2.0_1","appID":"DriverFinder-171122","dateAdded":"190205","deceptorType":"App","name":"DriverFinder","company":"DeskToolsSoft B.V.","version":"3.7.2.0","sigName":"Deceptor:Win32/DriverFinder!003004","firstVendorContactDate":"190812","firstAppEsteemReplyDate":"190823","firstResolvedDate":"190823","firstResolvedVersion":"3.8.0","resolved":"TRUE","lastKnownStatus":"Deceptor:3.7.2.0","lastKnownDate":"190823","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-08-23T21:55:33.8711397+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2305},{"violations":{"ACR-048":"The app disable the standard option (x) to cancel the installation. App needs to disclose the reason why the app can't be cancelled prior to the installation or provide an option to cancel installation to the consumer. \n","ACR-084":"The app installs a service running silently in the background without providing the option for user to disable the service. The service runs even after user close/quit the app. \n","ACR-118":"When the consumer attempts to completely uninstall the app, it retains some of its executable components on the device without the consumer's consent\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose (Original Filename, Company Name, Product Name File Version and Product Version)in the version info for the following executables: fast!.exe, FastSRV.exe, SetupResources.exe, SetupEngine.exe and Setup.exe\n","ACR-065":"The app needs to disclose EULA/Terms of Service, Returns & Cancellation Policy and Privacy Policy during installation.\nThe app needs to disclose EULA/Terms of Service, Returns & Cancellation Policy and Privacy Policy in the app's about page/software.\nThe app needs to disclose EULA/Terms of Service, Returns & Cancellation Policy and Privacy Policy in the internal offers page\n","ACR-161":"The app's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"Digital signature is required for \"Uninstaller.exe\"\n","ACR-099":"The app needs to disclose uninstall information in the app's about page or software\nThe app needs to disclose uninstall information in the landing page.\nThe internal offers page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","hashMD5":"b77fd140de9fb4d8d646b07e2c7fe4c1","hashSHA1":"212d9f9195c017e5e1fb9bf48b8efce4386cc4a5","hashSHA256":"135d53829f7b437426375fcfb3bb6ea5d7b74fa4500d40f32596214e41f490f5","digitalCertThumbprint":"53C25436E29E1443FC21DAEFEC1890F47AD2928F","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Fast Corporate LTD","sourceIndex":"3204","avBlockList":["Avira Internet Security (20190214)","K7 Total Security (20190214)","Kaspersky Internet Security (20190214)","Malwarebytes Premium (20190214)","Panda Dome (20190214)","Sophos Home Premium (20190214)","VirIT eXplorer PRO (20190214)","Webroot SecureAnywhere (20190214)"],"avAllowList":["Bitdefender Internet Security (20190214)","ESET Internet Security (20190214)","G DATA INTERNET SECURITY (20190214)","McAfee Total Protection (20190214)","Norton Security (20190214)","Trend Micro Internet Security (20190214)","Windows Defender (20190214)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search; CleanApp Org Report","reference":"google ad on BleachBit.org page","landingPage":"https://veryfast.io","ipv4":"","ipv6":"","sourceIndex":"3204"}],"sampleFiles":["190205/VeryFast-181112/2.136/Samples/Setup.exe"],"imageFiles":["190205/VeryFast-181112/2.136/Images/ACR-048/ACR-048_Install_Can't_Be_Cancelled.JPG","190205/VeryFast-181112/2.136/Images/ACR-084/ACR-084_Software_Runs_Silently_In_The_Background.JPG","190205/VeryFast-181112/2.136/Images/ACR-118/ACR-118_Uninstall_Retains_App_Components.JPG"],"nonDeceptorImageFiles":["190205/VeryFast-181112/2.136/Images/ACR-038/ACR-038_Install_Needs_Add_Version_Info.JPG","190205/VeryFast-181112/2.136/Images/ACR-065/ACR-065_Install_Does_Not_Contain_EULA&PrivacyPolicy.JPG","190205/VeryFast-181112/2.136/Images/ACR-065/ACR-065_Software_Does_Not_Contain_EULA&PrivacyPolicy.JPG","190205/VeryFast-181112/2.136/Images/ACR-065/ACR-065_InternalOffers_Does_Not_Contain_EULA,PrivacyPolicy&RefundPolicy.JPG","190205/VeryFast-181112/2.136/Images/ACR-161/ACR-161_landinfpage.JPG","190205/VeryFast-181112/2.136/Images/ACR-163/ACR-163_landingpage.JPG","190205/VeryFast-181112/2.136/Images/ACR-092/ACR-092_Software_Does_Not_Contain_Digital_Signature.JPG","190205/VeryFast-181112/2.136/Images/ACR-099/ACR-099_Software_Uninstall_Info_Is_Missing.JPG","190205/VeryFast-181112/2.136/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info_Is_Missing.JPG","190205/VeryFast-181112/2.136/Images/ACR-099/ACR-099_InternalOffers_Uninstall_Info_Is_Missing.JPG"],"guid":"d60412ff-e38e-4ba2-84de-65bf643d2418_2.136_1","appID":"VeryFast-181112","dateAdded":"190205","deceptorType":"App","name":"VeryFast","company":"Fast Corporate Ltd","version":"2.136","sigName":"Deceptor:Win32/VeryFast!048084118","firstVendorContactDate":"190205","firstAppEsteemReplyDate":"190206","firstResolvedDate":"190207","firstResolvedVersion":"2.162","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0,2.152,2.129;2.136;NonCertified:2.162","lastKnownDate":"190205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2019-02-07T17:23:55.5034709+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2302},{"violations":{"ACR-003":"The application exaggerates scan results as errors and damage level without substantiation, misleading the user into taking action against an ambiguous problem. \n","ACR-004":"1. The app requires pay to fix the \"errors\" during free scan. \n2. The app uses gauge and alarming color banner, misleading priority and urgency to user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The privacy policy provided belongs to a previous application that is no longer being distributed by the company.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"There is no EULA provided for this application.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-035":"There is no Privacy Policy and EULA provided for this application.\n","ACR-036":"There is no Privacy Policy and EULA provided for this application.\n","ACR-037":"There is no Privacy Policy provided for this application.\n","ACR-167":"There is no refund policy provided for this application.\n"},"samples":[{"isRevoked":"False","fileName":"Fast PC.exe","isInstaller":"True","productName":"Fast PC","productVersion":"1.0.0.20","fileVersion":"1.0.0.20","hashMD5":"19ebd606c851c1e389236ea852896d34","hashSHA1":"75bf0bdbd653003bea2cfd87f2ef06dc9fd76169","hashSHA256":"742e76919ac57a74e3de39585f8a0aa2cd16ea5553b5a08a70be806b6ad00908","digitalCertThumbprint":"57632D4D7DA6161287F66EE2E132B5ACCEAEB5FE","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Guru Technologies, O=Guru Technologies, STREET=\"2 Reddy Colony, Ramalingapuram\", L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"3210","avBlockList":["Avast Internet Security (20190429)","AVG Internet Security (20190429)","Avira Internet Security (20190429)","Bitdefender Internet Security (20190429)","ESET Internet Security (20190429)","G DATA INTERNET SECURITY (20190429)","K7 Total Security (20190429)","Kaspersky Internet Security (20190429)","Malwarebytes Premium (20190429)","McAfee Total Protection (20190429)","Norton Security (20190429)","Panda Dome (20190429)","Sophos Home Premium (20190429)","Trend Micro Internet Security (20190429)","VirIT eXplorer PRO (20190429)","Webroot SecureAnywhere (20190429)","Windows Defender (20190429)","360 Total Security (20190429)","Dr.Web Security Space (20190429)","Quick Heal Internet Security (20190429)","SpyHunter5 (20190429)","Tencent PC Manager (20190429)","VIPRE Advanced Security (20190429)"],"avAllowList":["COMODO Antivirus (20190429)","F-PROT Antivirus for Windows (20190429)"]},{"isRevoked":"False","fileName":"FastPC_Installer.exe","companyName":"Fast PC                                                     ","productName":"Fast PC","productVersion":"2.0.0.0","fileVersion":"1.0.0.21","hashMD5":"18ff3ca43289661c85c19cfa3be61485","hashSHA1":"fafdd36013d5e380871e38947961b819ae88f2f4","hashSHA256":"c0a3db4dab8fd603bb48c06306341b3f703fd67dbf078736b64d9b804d9e87a1","digitalCertThumbprint":"57632D4D7DA6161287F66EE2E132B5ACCEAEB5FE","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Guru Technologies, O=Guru Technologies, STREET=\"2 Reddy Colony, Ramalingapuram\", L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"3210","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"New version review","reference":"Existing decepter review","landingPage":"https://www.pc-fix-cleaner.com/","directDownloadingLink":"http://www.pc-registry-cleaner.info/en/FastPC.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pc-registry-cleaner.info/en/FastPC.exe","sourceIndex":"3210"}],"sampleFiles":["190203/FastPC-180606/2.0.0.0/Samples/Fast PC.exe","190203/FastPC-180606/2.0.0.0/Samples/FastPC_Installer.exe"],"imageFiles":["190203/FastPC-180606/2.0.0.0/Images/ACR-003/fastpc4.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-003/fastpc5.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-004/fastpc4.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-004/FastPC_PaytoFix.PNG"],"nonDeceptorImageFiles":["190203/FastPC-180606/2.0.0.0/Images/ACR-065/fastpc1.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-065/fastpc2.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-065/fastpc3.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-065/fastpc3.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-099/fastpc2.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-099/fastpc3.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-099/fastpc6.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-099/fastpc3.PNG","190203/FastPC-180606/2.0.0.0/Images/ACR-099/fastpc6.PNG"],"guid":"af019bac-2072-4961-8c1f-972235553d70_2.0.0.0_1","appID":"FastPC-180606","dateAdded":"190203","deceptorType":"App","name":"Fast PC","company":"Guru Technologies","version":"2.0.0.0","sigName":"Deceptor:Win32/FastPC!003004","lastKnownStatus":"Deceptor:2.0.0.0,1.0.0.20,","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2306},{"violations":{"ACR-003":"The application exaggerates Related to ActiveX and COM, Related to User Profile and Related to Startup and Uninstall as being errors, thereby misleading or scaring user to take action.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The privacy policy provided belongs to a previous application that is no longer being distributed by the company.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-092":"There is no EULA provided for this application.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-035":"There is no Privacy Policy and EULA provided for this application.\n","ACR-036":"There is no Privacy Policy and EULA provided for this application.\n","ACR-037":"There is no Privacy Policy provided for this application.\n","ACR-167":"There is no refund policy provided for this application.\n"},"samples":[{"isRevoked":"False","fileName":"FastPC.exe","isInstaller":"True","companyName":"Fast PC                                                     ","productName":"Fast PC","productVersion":"1.0.0.20","fileVersion":"1.0.0.20","hashMD5":"6440630d46cad0a442f74ba763e99276","hashSHA1":"f7219c419f8c2d244fd37fa55794ebdce1fe4b42","hashSHA256":"8650a68539c9abd40021b3406753da90765f8bc4fa801299df7a8992b2701e46","digitalCertThumbprint":"57632D4D7DA6161287F66EE2E132B5ACCEAEB5FE","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Guru Technologies, O=Guru Technologies, STREET=\"2 Reddy Colony, Ramalingapuram\", L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"3261","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","Trend Micro Internet Security (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)","Windows Defender (20190203)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"New version review","reference":"Existing decepter review","landingPage":"https://www.pc-fix-cleaner.com/","directDownloadingLink":"http://www.pc-registry-cleaner.info/en/FastPC.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pc-registry-cleaner.info/en/FastPC.exe","sourceIndex":"3261"}],"sampleFiles":["180606/FastPC-180606/1.0.0.20/Samples/FastPC.exe"],"imageFiles":["180606/FastPC-180606/1.0.0.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180606/FastPC-180606/1.0.0.20/Images/ACR-065/ACR_065_INSTALL.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-065/ACR_065_SOFTWARE.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-099/ACR_099_SOFTWARE.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180606/FastPC-180606/1.0.0.20/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG"],"guid":"af019bac-2072-4961-8c1f-972235553d70_1.0.0.20_1","appID":"FastPC-180606","dateAdded":"190203","deceptorType":"App","name":"Fast PC","company":"Guru Technologies","version":"1.0.0.20","sigName":"Deceptor:Win32/FastPC!003118","lastKnownStatus":"Deceptor:2.0.0.0,1.0.0.20,","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2307},{"violations":{"ACR-004":"App upsells to an ongoing subscription service, but does not offer free fixes for the free scan results shown. App uses exaggerated colors and gauges when showing free scan results, which drives an exaggerated sense of urgency for the consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"avgdriverupdater.exe","isInstaller":"True","companyName":"Slimware Utilities Holdings, Inc.","fileVersion":"2.23","hashMD5":"d33aadcae24c36bb203b5002736c6223","hashSHA1":"becf530d5a029df82c53d0567ac1450dd3d192ff","hashSHA256":"b18147232ef266da4167b700119867431b13421f3837a612e76974d63978a1ed","digitalCertThumbprint":"394BF971E9336680D57FAC06FFD9F3CA96DA2526","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"AVG Technologies CZ, s.r.o.\", OU=Release Engineering 302, O=\"AVG Technologies CZ, s.r.o.\", L=Brno, C=CZ","sourceIndex":"2772","avBlockList":["Avira Internet Security (20190429)","ESET Internet Security (20190429)","G DATA INTERNET SECURITY (20190429)","K7 Total Security (20190429)","Sophos Home Premium (20190429)","VirIT eXplorer PRO (20190429)","Windows Defender (20190429)","Dr.Web Security Space (20190429)"],"avAllowList":["Avast Internet Security (20190429)","AVG Internet Security (20190429)","Bitdefender Internet Security (20190429)","Kaspersky Internet Security (20190429)","Malwarebytes Premium (20190429)","McAfee Total Protection (20190429)","Norton Security (20190429)","Panda Dome (20190429)","Trend Micro Internet Security (20190429)","Webroot SecureAnywhere (20190429)","360 Total Security (20190429)","COMODO Antivirus (20190429)","F-PROT Antivirus for Windows (20190429)","Quick Heal Internet Security (20190429)","SpyHunter5 (20190429)","Tencent PC Manager (20190429)","VIPRE Advanced Security (20190429)"]},{"isRevoked":"False","fileName":"AVG Driver Updater.exe","companyName":"AVG Netherlands B.V","fileVersion":"2.5","hashMD5":"1297157120980c54695b76dfac64451c","hashSHA1":"3fa502a4d9c175f7b600b8cfe39205207d431592","hashSHA256":"bee450b1471b260e063a4c878b15a30d37361676758f747fa9effdf19fca54b7","digitalCertThumbprint":"394BF971E9336680D57FAC06FFD9F3CA96DA2526","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"AVG Technologies CZ, s.r.o.\", OU=Release Engineering 302, O=\"AVG Technologies CZ, s.r.o.\", L=Brno, C=CZ","sourceIndex":"2772","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Query","reference":"Insiders","landingPage":"https://www.avg.com/en-us/avg-driver-updater","directDownloadingLink":"https://www.avg.com/en-us/download-thank-you.php?product=dur&variant=dur-pp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.avg.com/en-us/download-thank-you.php?product=dur&variant=dur-pp","sourceIndex":"2772"}],"sampleFiles":["190203/AVGDriverUpdater-190203/2.23.1.0/Samples/avgdriverupdater.exe","190203/AVGDriverUpdater-190203/2.23.1.0/Samples/AVG Driver Updater.exe"],"imageFiles":["190203/AVGDriverUpdater-190203/2.23.1.0/Images/ACR-004/ACR-004 subscription.png","190203/AVGDriverUpdater-190203/2.23.1.0/Images/ACR-004/ACR_004 free scan.png","190203/AVGDriverUpdater-190203/2.23.1.0/Images/ACR-004/ACR-004 free scan offer.png","190203/AVGDriverUpdater-190203/2.23.1.0/Images/ACR-004/ScanResult_004_2.PNG","190203/AVGDriverUpdater-190203/2.23.1.0/Images/ACR-004/ScanResult_004_1.PNG","190203/AVGDriverUpdater-190203/2.23.1.0/Images/ACR-004/avgdriverupdater_2019-02-03_10-32-59.mp4"],"nonDeceptorImageFiles":[],"guid":"9a7b5b4c-5c0b-437d-a1a7-682a67f6ff8b_2.23.1.0_1","appID":"AVGDriverUpdater-190203","dateAdded":"190203","deceptorType":"App","name":"AVG Driver Updater","company":"AVG Technologies CZ s.r.o.","version":"2.23.1.0","sigName":"Deceptor:Win32/AVGDriverUpdater!004","firstResolvedDate":"190919","firstResolvedVersion":"2.24.1.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.23.1.0","lastKnownDate":"190203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-09-19T22:59:43.3932524+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2308},{"violations":{"ACR-003":"Upon trying to uninstall the app the user is prompted with a scary message about unresolved errors.\n","ACR-004":"App uses gauges and red colors to exaggerate the sense of urgency to repair its free scan results.\n","ACR-017":"The application elevates its user trust level by displaying as if Microsoft is endorsing the app.\nThe application's landing page elevates its user trust level by displaying as if Microsoft is endorsing the app.\n","ACR-117":"App prompts with misleading and scary claims of unresolved \"errors\" upon uninstall.\n","ACR-014":"Displays registry errors as having a \"red\" urgency, which is misleading.\n"},"nonDeceptorViolations":{"ACR-120":"App offers a special deal of a better price on itself during uninstall.\n"},"samples":[{"isRevoked":"False","fileName":"slow-pcfighter_Web.exe","isInstaller":"True","companyName":"SPAMfighter ApS.","fileVersion":"2.2","hashMD5":"1eb1fdadce2dbc8a0095dfddf95133f4","hashSHA1":"dbbe8133affae32054cb2a3db11b4c7479899b5c","hashSHA256":"ff9c2e9ce67e4755316bb6eb8d291b2ea6204787c21874a4e6f4e3a1a0b99b75","digitalCertThumbprint":"DCC81062F8CC5C1BA55BA819B98C915F6A387D19","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SPAMfighter ApS, O=SPAMfighter ApS, L=Brønshøj, C=DK","sourceIndex":"3168","avBlockList":["Avast Internet Security (20190211)","AVG Internet Security (20190211)","Avira Internet Security (20190211)","K7 Total Security (20190211)","Kaspersky Internet Security (20190211)","Malwarebytes Premium (20190211)","Norton Security (20190211)","Sophos Home Premium (20190211)","VirIT eXplorer PRO (20190211)","Webroot SecureAnywhere (20190211)"],"avAllowList":["Bitdefender Internet Security (20190211)","ESET Internet Security (20190211)","G DATA INTERNET SECURITY (20190211)","McAfee Total Protection (20190211)","Panda Dome (20190211)","Trend Micro Internet Security (20190211)","Windows Defender (20190211)"]},{"isRevoked":"False","fileName":"UI.exe","companyName":"SPAMfighter ApS","fileVersion":"2.2","hashMD5":"fdd6aac86cf12493e9d67a4703c46068","hashSHA1":"096b2d3ee37ff0564f2a7430b742b021686fbb18","hashSHA256":"895bcd7a51a4f2132aed0e60a2c990be7e1d97a7324e737336cecb9d69974552","digitalCertThumbprint":"DCC81062F8CC5C1BA55BA819B98C915F6A387D19","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SPAMfighter ApS, O=SPAMfighter ApS, L=Brønshøj, C=DK","sourceIndex":"3168","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"existing deceptor review","landingPage":"https://www.spamfighter.com/SLOW-PCfighter/","directDownloadingLink":"https://www.spamfighter.com/SLOW-PCfighter/Functions/download.asp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spamfighter.com/SLOW-PCfighter/Functions/download.asp","sourceIndex":"3168"}],"sampleFiles":["190201/SLOWPCfighter-180608/2.2.4.0/Samples/slow-pcfighter_Web.exe","190201/SLOWPCfighter-180608/2.2.4.0/Samples/UI.exe"],"imageFiles":["190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-003/ACR-117  -120 -003 second prompt on uninstall scares with errors.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-017/ACR-017 msft logo missleading usage.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-017/ACR-017 msft partner log missue.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-017/ACR-017 landing page msft misleading partner.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-117/ACR-117  -120 -003 second prompt on uninstall scares with errors.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-014/ACR-004 -003 -014 gauges in free scan results.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-014/ACR-004 -003 -014 use of gauges and traffic light colors in free scan results.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-004/ACR-004 -003 -014 gauges in free scan results.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-004/ACR-004 gauges and colors in free scan results.png","190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-004/ACR-004 -003 -014 use of gauges and traffic light colors in free scan results.png"],"nonDeceptorImageFiles":["190201/SLOWPCfighter-180608/2.2.4.0/Images/ACR-120/ACR-117  -120 -003 second prompt on uninstall scares with errors.png"],"guid":"cb9db7c4-0fb9-41c4-bd92-a1473e92c138_2.2.4.0_1","appID":"SLOWPCfighter-180608","dateAdded":"190201","deceptorType":"App","name":"SLOW-PCfighter","company":"SPAMfighter ApS","version":"2.2.4.0","sigName":"Deceptor:Win32/SLOWPCfighter!003004014017117","firstVendorContactDate":"190225","firstResolvedDate":"190225","firstResolvedVersion":"2.2.11.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.2.4.0","lastKnownDate":"190228","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-28T22:30:13.0066527+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2309},{"violations":{"ACR-003":"App does not substantiate with details the junk files it claims to have found.\n","ACR-004":"App does not substantiate its free scan results.\n","ACR-017":"App displays Microsoft Partner log as if Microsoft is endorsing the app.\n","ACR-014":"App does not substantiate the free scan results it shows.\n"},"nonDeceptorViolations":{"ACR-017":"Landing Page displays Microsoft Partner logo as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"Full-DISKfighter_Web.exe","isInstaller":"True","companyName":"SPAMfighter ApS","fileVersion":"1.5","hashMD5":"df98ee8bf6e007c4806644f5da6bbd63","hashSHA1":"5d5152dd0aa8f3b276f515e307129a6fb259314a","hashSHA256":"7f49aad17710bab883cd8a4f266c746c580b5c868a951be7969cf86b5f744f72","digitalCertThumbprint":"DCC81062F8CC5C1BA55BA819B98C915F6A387D19","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SPAMfighter ApS, O=SPAMfighter ApS, L=Brønshøj, C=DK","sourceIndex":"3167","avBlockList":["Avast Internet Security (20190211)","AVG Internet Security (20190211)","K7 Total Security (20190211)","Kaspersky Internet Security (20190211)","Malwarebytes Premium (20190211)","Norton Security (20190211)","Panda Dome (20190211)","Sophos Home Premium (20190211)","VirIT eXplorer PRO (20190211)","Webroot SecureAnywhere (20190211)"],"avAllowList":["Avira Internet Security (20190211)","Bitdefender Internet Security (20190211)","ESET Internet Security (20190211)","G DATA INTERNET SECURITY (20190211)","McAfee Total Protection (20190211)","Trend Micro Internet Security (20190211)","Windows Defender (20190211)"]},{"isRevoked":"False","fileName":"FULLDISKfighter.dll","companyName":"SPAMfighter ApS","fileVersion":"1.5","hashMD5":"74755605b33a88d9c8d5a99f9c3815b8","hashSHA1":"0ca65b91272889fcdf0cff49aab6026059030305","hashSHA256":"0f6db284d4d38c4d8237301f13bb498fff883bee6488781327b56d71c40de5e6","digitalCertThumbprint":"DCC81062F8CC5C1BA55BA819B98C915F6A387D19","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SPAMfighter ApS, O=SPAMfighter ApS, L=Brønshøj, C=DK","sourceIndex":"3167","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FighterLauncher.exe","companyName":"SPAMfighter ApS","fileVersion":"3.1","hashMD5":"3e15e289a68f1e55feacd5dd168ed85f","hashSHA1":"285c14129ec232a17b193f19a068db25a3878e66","hashSHA256":"27a8338f76ba3b09eca8ae6f3f88bac7c27f360c0ecaaa6a01c40fbbb0750c60","digitalCertThumbprint":"0BB05FADCF614CAA0A2B2E6F07F305D93DCE89F4","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SPAMfighter ApS, OU=Application Development, O=SPAMfighter ApS, L=Copenhagen, S=Copenhagen, C=DK","sourceIndex":"3167","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"App from vendor having confirmed deceptor","reference":"DriverFighter","landingPage":"https://www.spamfighter.com/FULL-DISKfighter/","directDownloadingLink":"https://www.spamfighter.com/FULL-DISKfighter/Functions/Download.asp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.spamfighter.com/FULL-DISKfighter/Functions/Download.asp","sourceIndex":"3167"}],"sampleFiles":["190201/Diskfighter-190112/1.5.4.0/Samples/Full-DISKfighter_Web.exe","190201/Diskfighter-190112/1.5.4.0/Samples/FULLDISKfighter.dll","190201/Diskfighter-190112/1.5.4.0/Samples/FighterLauncher.exe"],"imageFiles":["190201/Diskfighter-190112/1.5.4.0/Images/ACR-003/ACR-003 -004 no substantiation of claims.png","190201/Diskfighter-190112/1.5.4.0/Images/ACR-014/ACR-003 -004 no substantiation of claims.png","190201/Diskfighter-190112/1.5.4.0/Images/ACR-017/ACR-017 sw misleading use of msft partner logo.png","190201/Diskfighter-190112/1.5.4.0/Images/ACR-004/ACR-003 -004 no substantiation of claims.png"],"nonDeceptorImageFiles":["190201/Diskfighter-190112/1.5.4.0/Images/ACR-017/ACR-017 landing page msft logo misleading.png"],"guid":"55f75e7f-ec49-40b2-9f99-34212e70d960_1.5.4.0_1","appID":"Diskfighter-190112","dateAdded":"190201","deceptorType":"App","name":"FULL-DISKfighter","company":"SPAMfighter ApS","version":"1.5.4.0","sigName":"Deceptor:Win32/FULLDISKfighter!003004014017","firstVendorContactDate":"190225","firstResolvedDate":"190225","firstResolvedVersion":"1.5.12.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.5.4.0","lastKnownDate":"190228","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-28T22:33:46.6084749+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2310},{"violations":{"ACR-048":"The \"cancel\" and \"exit\" button is disabled during installation without any disclosure about why these standard functional buttons be disabled to users.\n","ACR-003":"App shows colored gauges, exaggerates the number of scan and severity of the cookies found, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-084":"Scheduled scan task remains even if user turns Off the startup automatic scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-088":"App starts to scan automatically when app launches post-install. \n","ACR-068":"The app Requires to provide a clear and precise information about its offers to the user. i.e. The price of the product in landing page and internal offer is different. \nThe app Requires to provide a clear and precise information about its offers to the user. i.e. The price of the product in landing page and internal offer is different. \n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Vision PC Privacy\\VisionPCPrivacy.exe","companyName":"Visionaire","productName":"Vision PC Privacy","productVersion":"3.7.4.0","fileVersion":"3.7.4.0","hashMD5":"136f6294ea9328c0dfb999a83d62888c","hashSHA1":"d550a37634dbb023006a2b7e7189b6e849984683","hashSHA256":"03045f2366dbe8c8f6a7ac983a6a8d7791dad3ff1009e872df6b8d4f0ef761c7","digitalCertThumbprint":"AE5C777C9A9DD96DCD1DB4114F4D64388636C2C3","sourceIndex":"3215","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VisionPCPrivacySetup.exe","isInstaller":"True","companyName":"Visionaire","productName":"Vision PC Privacy","productVersion":"3.7.4","fileVersion":"3.7.4","hashMD5":"73fe37470e3ed883ec50bb97a7bb32ae","hashSHA1":"2373100c0628ca8182aab3935d3c9a36c10c3f3e","hashSHA256":"56333299e1faebfbcf5f9febdb0fd9ddb748ed9a3466201fea0253e2b01a841b","digitalCertThumbprint":"AE5C777C9A9DD96DCD1DB4114F4D64388636C2C3","sourceIndex":"3215","avBlockList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Avira Internet Security (20190425)","Bitdefender Internet Security (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","Trend Micro Internet Security (20190425)","VirIT eXplorer PRO (20190425)","Webroot SecureAnywhere (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","COMODO Antivirus (20190425)","Dr.Web Security Space (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"],"avAllowList":["F-PROT Antivirus for Windows (20190425)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"detects malicious threats in real time\"","reference":"https://visionairesecurity.com/purchase/","landingPage":"https://visionairesecurity.com/","directDownloadingLink":"https://visionairesecurity.com/download/VisionPCPrivacySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://visionairesecurity.com/download/VisionPCPrivacySetup.exe","sourceIndex":"3215"}],"sampleFiles":["190131/VisionPCPrivacy-190131/3.7.4.0/Samples/VisionPCPrivacy.exe","190131/VisionPCPrivacy-190131/3.7.4.0/Samples/VisionPCPrivacySetup.exe"],"imageFiles":["190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-048/048.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-004/004.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-004/wait.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-084/084.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-168/scan.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-003/003_2.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-003/003.png"],"nonDeceptorImageFiles":["190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-168/phone.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-068/phone.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-068/price1.png","190131/VisionPCPrivacy-190131/3.7.4.0/Images/ACR-068/price2.png"],"guid":"a5f737c7-d63a-4248-a808-752273ff068f_3.7.4.0_1","appID":"VisionPCPrivacy-190131","dateAdded":"190131","deceptorType":"App","name":"Vision PC Privacy","company":"Visionaire","version":"3.7.4.0","sigName":"Deceptor:Win32/VisionPCPrivacy!003004048084168","lastKnownStatus":"Deceptor:3.7.4.0","lastKnownDate":"190131","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-31T22:56:47.4647979+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2311},{"violations":{"ACR-048":"The \"cancel\" and \"exit\" button is disabled during installation without any disclosure about why these standard functional buttons be disabled to users.\n","ACR-003":"App shows colored gauges, exaggerates the number of scan and severity of the cookies found, thereby misleading or scaring user to take action.\n","ACR-004":" The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. \n","ACR-084":" Scheduled scan task remains even if user turns Off the startup automatic scan. \n","ACR-168":" The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user. \n"},"nonDeceptorViolations":{"ACR-045":"\"FREE DOWNLOAD\" highlights \"free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove the \"free\" word. \n","ACR-065":"there is no Returns and Cancellation Policy link\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":" App starts to scan automatically when app launches post-install.  \n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"there is no Returns and Cancellation Policy information\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Privacy Hive\\PrivacyHive.exe","companyName":"MineCodes Software Inc","productName":"Privacy Hive","productVersion":"3.7.3.0","fileVersion":"3.7.3.0","hashMD5":"a94c1c3e11a5f843dbb00db4541a5fa0","hashSHA1":"cfc15d03ee30a989c9375cfb24fd47e670820dea","hashSHA256":"b7794b92d2737a7cba9fd0301bdb6108e9515f93994945b8e74bc0e9bb4f6862","digitalCertThumbprint":"1C117A2F26A9A2611A090589C46FA8EFB3F6D2DA","sourceIndex":"3093","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PrivacyHiveSetup.exe","isInstaller":"True","companyName":"MineCodes Software Inc","productName":"Privacy Hive","productVersion":"3.7.3","fileVersion":"3.7.3","hashMD5":"dc3dc022b43ba5d82ae5ac67f31c7710","hashSHA1":"e842dbc7bc2ca290d82cf97208642463a8cdb120","hashSHA256":"63042558bcc0465a5a70de5c5562ed96275ad3720a17199cf77d03e1215efbcc","digitalCertThumbprint":"1C117A2F26A9A2611A090589C46FA8EFB3F6D2DA","sourceIndex":"3093","avBlockList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Avira Internet Security (20190425)","Bitdefender Internet Security (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","Trend Micro Internet Security (20190425)","VirIT eXplorer PRO (20190425)","Webroot SecureAnywhere (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","COMODO Antivirus (20190425)","Dr.Web Security Space (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"],"avAllowList":["F-PROT Antivirus for Windows (20190425)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"detects malicious threats in real time\"","reference":"https://www.privacyhive.com/","landingPage":"https://www.privacyhive.com/","directDownloadingLink":"https://www.privacyhive.com/PrivacyHiveSetup.zip","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.privacyhive.com/PrivacyHiveSetup.zip","sourceIndex":"3093"}],"sampleFiles":["190131/PrivacyHive-190131/3.7.3.0/Samples/PrivacyHive.exe","190131/PrivacyHive-190131/3.7.3.0/Samples/PrivacyHiveSetup.exe"],"imageFiles":["190131/PrivacyHive-190131/3.7.3.0/Images/ACR-048/048.png","190131/PrivacyHive-190131/3.7.3.0/Images/ACR-004/004.png","190131/PrivacyHive-190131/3.7.3.0/Images/ACR-004/004_2.png","190131/PrivacyHive-190131/3.7.3.0/Images/ACR-084/084.png","190131/PrivacyHive-190131/3.7.3.0/Images/ACR-168/scan.png","190131/PrivacyHive-190131/3.7.3.0/Images/ACR-003/scan.png","190131/PrivacyHive-190131/3.7.3.0/Images/ACR-003/004.png"],"nonDeceptorImageFiles":["190131/PrivacyHive-190131/3.7.3.0/Images/ACR-045/045.png","190131/PrivacyHive-190131/3.7.3.0/Images/ACR-161/161.png","190131/PrivacyHive-190131/3.7.3.0/Images/ACR-099/099.png"],"guid":"eb87f6e8-50a8-4a0d-9cf7-6d180c33437e_3.7.3.0_1","appID":"PrivacyHive-190131","dateAdded":"190131","deceptorType":"App","name":"Privacy Hive","company":"MineCodes Software Inc","version":"3.7.3.0","sigName":"Deceptor:Win32/PrivacyHive!003004048084168","firstVendorContactDate":"190415","firstAppEsteemReplyDate":"190415","firstResolvedDate":"190428","firstResolvedVersion":"3.9.3","resolved":"TRUE","lastKnownStatus":"Deceptor:3.7.3.0","lastKnownDate":"190131","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-04-29T01:01:23.3112038+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2312},{"violations":{"ACR-048":"There is no means to cancel or exit the installation and installation process is very fast.\n","ACR-003":"The app shows gauges and words \"problems\", \"errors\" & \"issues\" in red colors that indicates misleading urgency. Also, the app states the sentences \"Attention! Your system has many issues!\" & \"Attention! (number) problems slow down your computer!\" , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"When you immediately tried to close the App, it shows exaggerated number of problems found even if it did not perform scanning of files/system.\n","ACR-124":"The option to continue uninstall is not obvious and clear, not presented as if it is clickable to continue uninstall.\n"},"nonDeceptorViolations":{"ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"App starts to scan automatically when app launches post-install. If you close the application, it will re-open and perform a new scan again in few minutes.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-068":"The app Requires provide a clear and precise information about its offers to the user. i.e. The price of the product in landing page and internal offer is different.\nThe app Requires provide a clear and precise information about its offers to the user. i.e. The price of the product in landing page and internal offer is different.\n"},"samples":[{"isRevoked":"False","fileName":"sscins.exe","isInstaller":"True","companyName":"Smart Sys Care","productName":"Smart Sys Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"5e8d997f786db990e7f244e36e172358","hashSHA1":"98454bd95df695438767170f4bc411fd2ad47187","hashSHA256":"241a272ce144025e13488511b441ec3994f42e950b66c56d0f2865512f02eae3","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"3222","avBlockList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Avira Internet Security (20190425)","Bitdefender Internet Security (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","Trend Micro Internet Security (20190425)","VirIT eXplorer PRO (20190425)","Webroot SecureAnywhere (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","Dr.Web Security Space (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"],"avAllowList":["COMODO Antivirus (20190425)","F-PROT Antivirus for Windows (20190425)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Smart Sys Care\\PC Repair Online\\sscsetup.exe","companyName":"Flawless Technology","productName":"Smart Sys Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"e8abcf9419803071c000391ec26af071","hashSHA1":"0d5d28ee047d57e8c084e900787e8797022dd398","hashSHA256":"42ec94d9a569f2f57642dfb1d82095a0e977bdfed73c6ead043bf4d4ebb46df2","digitalCertThumbprint":"2C3E1295AD33155A2BDA1AC9245EA06EB367F795","sourceIndex":"3222","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google search \"Keep your PC error free\"","reference":"https://smartsyscare.com/","landingPage":"https://smartsyscare.com/","directDownloadingLink":"http://www.smartsyscare.com/downloads/exe/en/sscins.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.smartsyscare.com/downloads/exe/en/sscins.exe","sourceIndex":"3222"}],"sampleFiles":["190130/SmartSysCare-190130/1.0.0.0/Samples/sscins.exe","190130/SmartSysCare-190130/1.0.0.0/Samples/sscsetup.exe"],"imageFiles":["190130/SmartSysCare-190130/1.0.0.0/Images/ACR-003/gauges.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-003/003.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-003/003_2.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-003/003_try_to_clos.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-004/004.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-004/gauges.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-084/task.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-168/gauges.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-168/003.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-168/003_2.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-168/003_try_to_clos.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-048/048.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-124/deal.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-014/014.png"],"nonDeceptorImageFiles":["190130/SmartSysCare-190130/1.0.0.0/Images/ACR-163/gauges.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-163/003.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-163/003_2.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-163/003_try_to_clos.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-163/deal.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-068/price.png","190130/SmartSysCare-190130/1.0.0.0/Images/ACR-068/offer.png"],"guid":"28061d96-bd22-4fcc-b6ae-50cf7a46432d_1.0.0.0_1","appID":"SmartSysCare-190130","dateAdded":"190130","deceptorType":"App","name":"Smart Sys Care","company":"Econosoft Global Services PTE. LTD.","version":"1.0.0.0","sigName":"Deceptor:Win32/SmartSysCare!003004014048084124168","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2313},{"violations":{"ACR-003":"The application exaggerates shared DLLs, invalid Shortcuts and file extensions errors and high damage level, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Super Tuneup Anti-Malware) to the user.\n","ACR-017":"App uses the Microsoft Partner Logo as if Microsoft endorsed the app instead of the vendor.\n","ACR-119":"The application fails to remove all of its monetization components (Live PC Help icon on the desktop that points to a call center) after the user uninstalls it.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Super Tuneup Malware\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC-CARE-TOOiS\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get 50% OFF the regular price of Super Tuneup.\n","ACR-171":"The consumer is required to opt-out of additional payment for Special Disk Cleaning Tools which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"SuperTuneup.exe","companyName":"SuperTuneup.com","fileVersion":"1.0","hashMD5":"e4a52f1f5a1e7519bef3d7303f008339","hashSHA1":"364936fd15b3d3642fe72b246d4ced964ddf4948","hashSHA256":"5a7457edc3f437b3ecbd05be5991466480fd376a0238c9d84121e3ca56fe3506","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3230","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"stuasetup_site_default.exe","isInstaller":"True","companyName":"SuperTuneup.com                                             ","fileVersion":"1.0","hashMD5":"17c2c7e0a66b7303407163cf6c3579fb","hashSHA1":"d583f865c03505d1ce93f00dd3ade015c40a4ecb","hashSHA256":"5fdf7ce77410963536f7f9e00e430f098a2f04d4f75661d5d22584f7c600daf4","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3230","avBlockList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Avira Internet Security (20190425)","Bitdefender Internet Security (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","VirIT eXplorer PRO (20190425)","Webroot SecureAnywhere (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","COMODO Antivirus (20190425)","Dr.Web Security Space (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"],"avAllowList":["Trend Micro Internet Security (20190425)","F-PROT Antivirus for Windows (20190425)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"Super Tuneup Ant-Malware landing page","landingPage":"http://supertuneup.com/","directDownloadingLink":"http://b34df4ra1.vo.llnwd.net/setups/cfmfiles/d1fopdtjcs6au0/downloads/stuasetup_site_default.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://b34df4ra1.vo.llnwd.net/setups/cfmfiles/d1fopdtjcs6au0/downloads/stuasetup_site_default.exe","sourceIndex":"3230"}],"sampleFiles":["190130/SuperTuneup-180912/1.0.1.3042/Samples/SuperTuneup.exe","190130/SuperTuneup-180912/1.0.1.3042/Samples/stuasetup_site_default.exe"],"imageFiles":["190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-055/Capture1.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-003/Capture4.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-003/Capture7.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-003/Capture8.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-010/Capture1.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-014/Capture9.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-017/Capture18.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-119/Capture16.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-059/Capture18.png"],"nonDeceptorImageFiles":["190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-065/Capture2.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-065/Capture 3.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-163/Capture9.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-163/Capture11.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-092/Capture15.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-160/Capture9.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-099/Capture3.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-171/Capture5.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-171/Capture19.png","190130/SuperTuneup-180912/1.0.1.3042/Images/ACR-120/Capture17.png"],"guid":"236584cd-f50b-4f7c-9bfe-e801f2b1d7c4_1.0.1.3042_1","appID":"SuperTuneup-180912","dateAdded":"190130","deceptorType":"App","name":"Super Tuneup","company":"SUPER TUNEUP TECHNOLOGIES LLP","version":"1.0.1.3042","sigName":"Deceptor:Win32/SuperTuneup!003010014017055059119","lastKnownStatus":"Deceptor:1.0,1.0.1.3042","lastKnownDate":"190130","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-31T01:21:41.2793337+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":2,"sortOrder":2154},{"violations":{"ACR-003":"The application exaggerates shared DLLs, invalid Shortcuts and file extensions errors and high damage level, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Super Tuneup Anti-Malware) to the user. The app offers a Deceptor application (Super Tuneup Anti-Malware) to the user.\n","ACR-119":"The application fails to remove all of its monetization components after the user uninstalls it.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Super Tuneup Malware\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC-CARE-TOOiS\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get 50% OFF the regular price of Super Tuneup.\n","ACR-171":"The consumer is required to opt-out of additional payment for Special Disk Cleaning Tools which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"stuasetup_site_default.exe","isInstaller":"True","companyName":"SuperTuneup.com                                             ","fileVersion":"1.0","hashMD5":"17c2c7e0a66b7303407163cf6c3579fb","hashSHA1":"d583f865c03505d1ce93f00dd3ade015c40a4ecb","hashSHA256":"5fdf7ce77410963536f7f9e00e430f098a2f04d4f75661d5d22584f7c600daf4","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3229","avBlockList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Avira Internet Security (20190425)","Bitdefender Internet Security (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","VirIT eXplorer PRO (20190425)","Webroot SecureAnywhere (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","COMODO Antivirus (20190425)","Dr.Web Security Space (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"],"avAllowList":["Trend Micro Internet Security (20190425)","F-PROT Antivirus for Windows (20190425)"]},{"isRevoked":"False","fileName":"SuperTuneup.exe","isInstaller":"True","companyName":"SuperTuneup.com","fileVersion":"1.0","hashMD5":"e4a52f1f5a1e7519bef3d7303f008339","hashSHA1":"364936fd15b3d3642fe72b246d4ced964ddf4948","hashSHA256":"5a7457edc3f437b3ecbd05be5991466480fd376a0238c9d84121e3ca56fe3506","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3229","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"Super Tuneup Ant-Malware landing page","landingPage":"http://supertuneup.com/","directDownloadingLink":"http://b34df4ra1.vo.llnwd.net/setups/cfmfiles/d1fopdtjcs6au0/downloads/stuasetup_site_default.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://b34df4ra1.vo.llnwd.net/setups/cfmfiles/d1fopdtjcs6au0/downloads/stuasetup_site_default.exe","sourceIndex":"3229"}],"sampleFiles":["190130/SuperTuneup-180912/1.0/Samples/stuasetup_site_default.exe","190130/SuperTuneup-180912/1.0/Samples/SuperTuneup.exe"],"imageFiles":["190130/SuperTuneup-180912/1.0/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-014/ACR_014_SOFTWARE.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-119/ACR_119_UNINSTALL.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-059/ACR_059_INLINE OFFER.PNG"],"nonDeceptorImageFiles":["190130/SuperTuneup-180912/1.0/Images/ACR-065/ACR_065_INSTALL.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-163/ACR_163_SOFTWARE.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-160/ACR_160_SOFTWARE.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG","190130/SuperTuneup-180912/1.0/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"236584cd-f50b-4f7c-9bfe-e801f2b1d7c4_1.0_1","appID":"SuperTuneup-180912","dateAdded":"190130","deceptorType":"App","name":"Super Tuneup","company":"SUPER TUNEUP TECHNOLOGIES LLP","version":"1.0","sigName":"Deceptor:Win32/SuperTuneup:003010014055059119","lastKnownStatus":"Deceptor:1.0,1.0.1.3042","lastKnownDate":"190130","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-31T01:22:18.5565467+00:00","notDistributed":true,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":2,"sortOrder":2153},{"violations":{"ACR-048":"The \"cancel\" and \"exit\" button is disabled during installation without any disclosure about why these standard functional buttons be disabled to users.\n","ACR-003":"The App falsely detected the normal file Firefox as a virus, thereby misleading or scaring user to take action. Also the App displays the message \"You wil be unprotected in 30 days!\" , thereby misleading or scaring user to take action. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created multiple scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA. \nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThere are no links in the Landing Page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-035":"There is no EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy in the Landing page.\n","ACR-167":"There is no return policy information.\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement and awards.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\FusionAV\\FusionAV.exe","companyName":"THE TRADING ZONE LLC","productName":"FusionAV","productVersion":"4.1.2.0","fileVersion":"4.1.2.0","hashMD5":"9465617d91f0363d3a6badad3e02c07b","hashSHA1":"ca09f8c68402cdaae7d81723e55eacec9a4b4013","hashSHA256":"02e37175b6a0c022b1d25211b4ab95300b7b4fbf6467e9fc0ed1e535cafd2ab4","digitalCertThumbprint":"9E4010E9003F186E416DBE3A07088AE8BC55429B","sourceIndex":"3234","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FusionAVSetup.exe","isInstaller":"True","companyName":"THE TRADING ZONE LLC","productName":"FusionAV","productVersion":"4.1.2","fileVersion":"4.1.2","hashMD5":"9ba2f482d18efa1fffb24d053e5c289f","hashSHA1":"e68c633a3c197965e5ae0fccb314b3831eefb25e","hashSHA256":"ccb0ca4edfbe876ebd3462a7f1b28cded9d580aef98b28c5d5f917465fe1b2b9","digitalCertThumbprint":"9E4010E9003F186E416DBE3A07088AE8BC55429B","sourceIndex":"3234","avBlockList":["Avast Internet Security (20190425)","AVG Internet Security (20190425)","Avira Internet Security (20190425)","ESET Internet Security (20190425)","G DATA INTERNET SECURITY (20190425)","K7 Total Security (20190425)","Kaspersky Internet Security (20190425)","Malwarebytes Premium (20190425)","McAfee Total Protection (20190425)","Norton Security (20190425)","Panda Dome (20190425)","Sophos Home Premium (20190425)","Trend Micro Internet Security (20190425)","VirIT eXplorer PRO (20190425)","Webroot SecureAnywhere (20190425)","Windows Defender (20190425)","360 Total Security (20190425)","COMODO Antivirus (20190425)","Quick Heal Internet Security (20190425)","SpyHunter5 (20190425)"],"avAllowList":["Bitdefender Internet Security (20190425)","Dr.Web Security Space (20190425)","F-PROT Antivirus for Windows (20190425)","Tencent PC Manager (20190425)","VIPRE Advanced Security (20190425)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"all-in-one-pc security\"","reference":"http://www.zeuscio.com/products.html","landingPage":"http://www.zeuscio.com","directDownloadingLink":"http://www.zeuscio.com/uploads/1/1/0/5/110544961/fusionavsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.zeuscio.com/uploads/1/1/0/5/110544961/fusionavsetup.exe","sourceIndex":"3234"}],"sampleFiles":["190129/FusionAV-190128/4.1.2.0/Samples/FusionAV.exe","190129/FusionAV-190128/4.1.2.0/Samples/FusionAVSetup.exe"],"imageFiles":["190129/FusionAV-190128/4.1.2.0/Images/ACR-048/048.png","190129/FusionAV-190128/4.1.2.0/Images/ACR-003/fusion.png","190129/FusionAV-190128/4.1.2.0/Images/ACR-003/scan_003.PNG","190129/FusionAV-190128/4.1.2.0/Images/ACR-168/main.png","190129/FusionAV-190128/4.1.2.0/Images/ACR-084/task.png"],"nonDeceptorImageFiles":["190129/FusionAV-190128/4.1.2.0/Images/ACR-017/compliant.png","190129/FusionAV-190128/4.1.2.0/Images/ACR-065/privacy.png","190129/FusionAV-190128/4.1.2.0/Images/ACR-163/main.png"],"guid":"1d1f37be-52a9-4562-b9d4-14b643deac30_4.1.2.0_1","appID":"FusionAV-190128","dateAdded":"190129","deceptorType":"App","name":"FusionAV","company":"THE TRADING ZONE LLC","version":"4.1.2.0","sigName":"Deceptor:Win32/FusionAV!003048084168","lastKnownStatus":"Deceptor:4.1.2.0","lastKnownDate":"190129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-29T22:55:46.0329961+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2314},{"violations":{"ACR-043":"App installs \"TurboActive.exe\", \"TurboActive.dll\" and \"TurboActive.dat\" which are WyDay installer digitally signed by a third party, with no disclosure to the user in the EULA, install, or landing page.\n","ACR-003":"The app shows gauges and a picture of a red skull with the word \"critical\" that indicates misleading urgency. Also, the app states the sentence \"Your system health is critical! Please take and immediate action!\", thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the app to completely fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{"ACR-065":"There is no EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy in the App.\nThere is no EULA and/or Terms of Service, Returns and Cancellation Policy in the Landing Page.\n","ACR-088":"App starts to scan automatically when app launches post-install.\n","ACR-099":"There is no uninstall information in the App and Landing Page.\nThere is no uninstall information in the App and Landing Page.\n","ACR-035":"The app needs to disclose app's name in all the docs. There is no EULA/Terms of Service in the Landing page.\n","ACR-167":"30-days refund only shown in the offer but no return policy information in the landing and purchase page.\n"},"samples":[{"isRevoked":"False","fileName":"ACleaner.exe","isInstaller":"True","companyName":"Enoy Services","fileVersion":"1.0","hashMD5":"f81a1c9b47766a7b9e13b89efc6b15bb","hashSHA1":"9cf217e9d7c3779bef5ace6aac855e7334d30798","hashSHA256":"84d99022721c90222857a4bcaffed42de9088cf6c5d25004b01688ed6085adb4","digitalCertThumbprint":"20EAD386A05C655700B061EA1E974EEB444A44A7","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=karim@kubico.com, CN=Envoy Services LTR Limited, O=Envoy Services LTR Limited, STREET=27 Old Gloucester Street, L=London, S=Greater London, C=GB, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=08629734, OID.2.5.4.15=Private Organization","sourceIndex":"3240","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Kaspersky Internet Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Sophos Home Premium (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","360 Total Security (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)"],"avAllowList":["Bitdefender Internet Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","F-PROT Antivirus for Windows (20190422)","Tencent PC Manager (20190422)","VIPRE Advanced Security (20190422)"]},{"isRevoked":"False","fileName":"SimpleDownloadFile.exe","companyName":"Envoy Services","fileVersion":"1.0","hashMD5":"b651bd3919bc4aa8cf30653c21fb264d","hashSHA1":"fe35769fd88cbab9e53f26748036505bc16e9e06","hashSHA256":"9ed05092a8eda40aabe6dc2cd41e0a8a8fbba794c172a71266d645ccd426aa61","digitalCertThumbprint":"20EAD386A05C655700B061EA1E974EEB444A44A7","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=karim@kubico.com, CN=Envoy Services LTR Limited, O=Envoy Services LTR Limited, STREET=27 Old Gloucester Street, L=London, S=Greater London, C=GB, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=08629734, OID.2.5.4.15=Private Organization","sourceIndex":"3240","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"google serch \"pc optimisation\"","reference":"https://myenvoyservices.com/","landingPage":"https://myenvoyservices.com/","directDownloadingLink":"https://ca.dl-myes.com/dl.php?src=page","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://ca.dl-myes.com/dl.php?src=page","sourceIndex":"3240"}],"sampleFiles":["190128/ESPCRepairPro-190125/1.0.0/Samples/ACleaner.exe","190128/ESPCRepairPro-190125/1.0.0/Samples/SimpleDownloadFile.exe"],"imageFiles":["190128/ESPCRepairPro-190125/1.0.0/Images/ACR-003/003.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-003/003_2.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-004/004.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-004/clean.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-004/003_2.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-043/043.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-043/eula.txt"],"nonDeceptorImageFiles":["190128/ESPCRepairPro-190125/1.0.0/Images/ACR-167/clean.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-167/167.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-035/035.png","190128/ESPCRepairPro-190125/1.0.0/Images/ACR-035/eula.txt"],"guid":"e76e65cd-1648-4ca1-b1ec-4d45d59dcfcd_1.0.0_1","appID":"ESPCRepairPro-190125","dateAdded":"190128","deceptorType":"App","name":"Envoy Services PC Repair Pro","company":"Envoy Services LTR Limited","version":"1.0.0","sigName":"Deceptor:Win32/EnvoyServicesPCRepairPro!003004043","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2318},{"violations":{"ACR-109":"Bundler installed \"SoftUpgrade\" and \"interstatnogui\" apps prior to consumer agreeing to the install.\n","ACR-042":"Bundler installs \"Soft Upgrader\" and \"interstatnogui\" without obtaining permission.\n","ACR-043":"Bundler installs SoftUpgrade and interstatnogui and does not disclose.\n","ACR-048":"The close (right side top X) on the bundler when offers are being made does nothing\n","ACR-084":"Bundler installs app into a hidden directory: {Users}\\AppData\\Roaming\\interstatnogui\n","ACR-118":"When bundler completes, it leaves Users\\{user}\\RoamingData\\interstatnogui and {Program Files (x86)\\SoftUpgrade installed. These are not removed, even when carrier uninstalls.\n","ACR-119":"When bundler completes, it leaves Users\\{user}\\RoamingData\\interstatnogui and {Program Files (x86)\\SoftUpgrade installed. These are not removed, even when carrier uninstalls.\n","ACR-075":"the interstatnogui and Smart Upgrade apps remain installed when carrier fails or is declined.\n","ACR-053":"Bundler had four offers with no ability to skip them.\n","ACR-055":"Bundler's offers have inconsistent methods to accept and decline offers.\n","ACR-059":"Offers not marked as offers, or as optional. When offers are \"recommended\", there is no attribution for the recommendation.\n","ACR-039":"First offer masquerades as EULA of carrier app. There is no relationship shown between \"Soft Upgrade\" and \"interstatnogui\" and the carrier.\n"},"nonDeceptorViolations":{"ACR-038":"SoftUpgrade up signed by unknown source llc \"Smart reading\"\n","ACR-040":"Carrier installs into hidden AppData\\Local folder. Bundler installs another app into a hidden AppData\\Roaming folder\n","ACR-065":"Bundler shows no EULA/docs for carrier or for bundler\n","ACR-092":"See ACR-091 for details\n","ACR-157":"All signing certs have been used on nonCertified apps\n","ACR-035":"No EULA, no ToS, no Privacy Policy for the bundler\n","ACR-036":"No bundler EULA, no carrier EULA, so nothing has been disclosed.\n","ACR-037":"No privacy policy.\n","ACR-058":"Bundler does not describe why or how it monetizes Program Files (x86)\\SoftUpgrade and ...\\AppData\\Roaming\\interstatnogui\n","ACR-064":"Bundler auto-installs two apps without any user interaction\n","ACR-152":"Bundler disables the close option during offers\n"},"samples":[{"isRevoked":"False","fileName":"Youtube_Downloader_Guru_Setup.exe","isInstaller":"True","companyName":"YoutubeMusicDownloader.us Inc.                              ","fileVersion":"9.3","hashMD5":"444fcd808aa25c711e686f857b31a527","hashSHA1":"fac08d935c92bed36cbd564a4bb081015f20b9e7","hashSHA256":"3b5b34824e3ea368ebacb354ce7c6045679bdfd2b4c7899e11a47a17179ad01a","digitalCertThumbprint":"BC25057E54D04FEE1FBB8937409991171471DC5D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"Suzhou Qingchen Information Technology Co., Ltd\", O=\"Suzhou Qingchen Information Technology Co., Ltd\", STREET=\"Unit 16-A305,No.328 Xinghu Street, Creative Industrial Park\", STREET=Suzhou Industrial Park, L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN","sourceIndex":"3235","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Kaspersky Internet Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Sophos Home Premium (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","360 Total Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)"],"avAllowList":["Bitdefender Internet Security (20190422)","F-PROT Antivirus for Windows (20190422)","Tencent PC Manager (20190422)","VIPRE Advanced Security (20190422)"]},{"isRevoked":"False","fileName":"MagicCamera_Setup.exe","isInstaller":"True","companyName":"ShiningMorning Inc.                                         ","fileVersion":"8.9","hashMD5":"2c4d5028146812cd378fe2d8d63aa547","hashSHA1":"77b887a1445fc105031891de29fe8a3533a1f00e","hashSHA256":"cd31528ea98d1794cc0f14e9d794c72053b7260b670e5f635a81577c998af27d","digitalCertThumbprint":"635583FD7402FFFCBEDBEC6E3B0D9D9A4D94003B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Su Zhou MorningSun Information Technology LLC., O=Su Zhou MorningSun Information Technology LLC., STREET=A505 International Science and Technology Park 5, STREET=Xinhu Road （Suzhou Industrial Park）, L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN","sourceIndex":"3235","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Kaspersky Internet Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Sophos Home Premium (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","360 Total Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","Quick Heal Internet Security (20190422)"],"avAllowList":["Bitdefender Internet Security (20190422)","F-PROT Antivirus for Windows (20190422)","SpyHunter5 (20190422)","Tencent PC Manager (20190422)","VIPRE Advanced Security (20190422)"]},{"isRevoked":"False","fileName":"Youtube_Music_Downloader_Setup.exe","isInstaller":"True","companyName":"YoutubeMusicDownloader.us Inc.                              ","fileVersion":"9.2","hashMD5":"d145074ce552c3325da38ef714fa8fe9","hashSHA1":"5c812b10ff74a928f195eef48bea7fb789003b39","hashSHA256":"1c3f85b7bd3ca097bb0d624a7f4ceaa54af36b50c185976a511e0d28e9702430","digitalCertThumbprint":"635583FD7402FFFCBEDBEC6E3B0D9D9A4D94003B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Su Zhou MorningSun Information Technology LLC., O=Su Zhou MorningSun Information Technology LLC., STREET=A505 International Science and Technology Park 5, STREET=Xinhu Road （Suzhou Industrial Park）, L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN","sourceIndex":"3235","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Sophos Home Premium (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","Kaspersky Internet Security (20190422)","360 Total Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)"],"avAllowList":["Bitdefender Internet Security (20190422)","F-PROT Antivirus for Windows (20190422)","Tencent PC Manager (20190422)","VIPRE Advanced Security (20190422)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"http://youtubedownloader.guru/","directDownloadingLink":"http://youtubedownloader.guru/php/download.php?i=73193120104","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://youtubedownloader.guru/php/download.php?i=73193120104","sourceIndex":"3235"},{"howFound":"Hunt.Community","reference":"vt search","landingPage":"http://youtubemusicdownloader.us","directDownloadingLink":"http://youtubemusicdownloader.us/download/server1/Youtube_Music_Downloader_Setup.zip","ipv4":"","ipv6":"","sourceIndex":"3236"},{"howFound":"Hunt.Community","reference":"vt search","landingPage":"http://www.shiningmorning.com/","directDownloadingLink":"http://shiningmorning.com/php/download.php?src=online","ipv4":"","ipv6":"","sourceIndex":"3237"}],"sampleFiles":["190128/SuzhouMorningSunBundler-180211/9.3.0.1/Samples/Youtube_Downloader_Guru_Setup.exe","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Samples/MagicCamera_Setup.exe","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Samples/Youtube_Music_Downloader_Setup.exe"],"imageFiles":["190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-053/ACR-053 no skip buttons four offers.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-109/ACR-109 installs SoftUpdate.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-109/ACR-109 installs extra apps wihtout user choice.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-055/ACR-055 inconsistent accept and decline.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-039/ACR-039 first offer looks like EULA of carrier.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-039/ACR-039 no relationship between apps and carrier.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-043/ACR-043 bunder installs softupgrade.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-043/ACR-043 installs extra apps wihtout user choice.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-048/ACR-048 unable to close inbundler.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-084/ACR-084 bundler installs into hidden directory.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-059/ACR-059 offer not marked as offer or optional.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-059/ACR-059 offer not marked as optional.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-059/ACR-059 offer notmarked as offer or optional.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-059/ACR-059 no recommendation attirbution and not clear this is optional.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-075/ACR-075 apps stay installed when carrier fails.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-042/ACR-042 installs SoftUpgrader without permission.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-042/ACR-042 installs extra apps wihtout user choice 2.gif"],"nonDeceptorImageFiles":["190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-038/ACR-038 SoftUpgrade signed by undisclosed source %22llc smartreading%22.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-040/ACR-040 carrier installs into APpData.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-040/ACR-040 installs carrier into hidden directory.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-040/ACR-040 bundler installs interstatnogui into hidden directory.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-042/ACR-042 installs SoftUpgrader without permission.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-042/ACR-042 installs extra apps wihtout user choice 2.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-065/ACR-065 no eula or docs for carrier.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-091/ACR-091 installs softup.exe signed by llc (smart reader).png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-091/ACR-091 installs interstatnogui signed by Camping systems.png","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-064/ACR-064 installs extra apps wihtout user action.gif","190128/SuzhouMorningSunBundler-180211/9.3.0.1/Images/ACR-152/ACR-152 close button not working during offers.gif"],"guid":"984eaf72-c146-4c8b-98f8-cf6f7c997039_9.3.0.1_1","appID":"SuzhouMorningSunBundler-180211","dateAdded":"190128","deceptorType":"Bundler","name":"MorningSun Bundler","company":"Suzhou MorningSun Information Technology LLC","version":"9.3.0.1","sigName":"Deceptor:Win32/MorningSunBundler!053109055039043048084118119059075042","lastKnownStatus":"Deceptor:8.6,9.3.0.1","lastKnownDate":"190128","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-29T02:31:45.9150471+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2315},{"violations":{"ACR-109":"Bundler installed \"SoftUpgrade\" and \"interstatnogui\" apps prior to consumer agreeing to the install.\n","ACR-042":"Bundler installs \"Soft Upgrader\" and \"interstatnogui\" without obtaining permission.\n","ACR-043":"Bundler installs SoftUpgrade and interstatnogui and does not disclose.\n","ACR-048":"The close (right side top X) on the bundler when offers are being made does nothing\n","ACR-084":"Bundler installs app into a hidden directory: {Users}\\AppData\\Roaming\\interstatnogui\n","ACR-118":"When bundler completes, it leaves Users\\{user}\\RoamingData\\interstatnogui and {Program Files (x86)\\SoftUpgrade installed. These are not removed, even when carrier uninstalls.\n","ACR-119":"When bundler completes, it leaves Users\\{user}\\RoamingData\\interstatnogui and {Program Files (x86)\\SoftUpgrade installed. These are not removed, even when carrier uninstalls.\n","ACR-075":"the interstatnogui and Smart Upgrade apps remain installed when carrier fails or is declined.\n","ACR-053":"Bundler had four offers no with ability to skip them.\n","ACR-055":"Bundler's offers have inconsistent methods to accept and decline offers.\n","ACR-059":"Offers not marked as offers, or as optional. When offers are \"recommended\", there is no attribution for the recommendation.\n","ACR-039":"First offer masquerades as EULA of carrier app. There is no relationship shown between \"Soft Upgrade\" and \"interstatnogui\" and the carrier.\n"},"nonDeceptorViolations":{"ACR-038":"SoftUpgrade up signed by unknown source llc \"Smart reading\"\n","ACR-040":"Carrier installs into hidden AppData\\Local folder. Bundler installs another app into a hidden AppData\\Roaming folder\n","ACR-065":"Bundler shows no EULA/docs for carrier or for bundler\n","ACR-092":"See ACR-091 for details\n","ACR-157":"All signing certs have been used on nonCertified apps\n","ACR-035":"No EULA, no ToS, no Privacy Policy for the bundler\n","ACR-036":"No bundler EULA, no carrier EULA, so nothing has been disclosed.\n","ACR-037":"No privacy policy.\n","ACR-058":"Bundler does not describe why or how it monetizes Program Files (x86)\\SoftUpgrade and ...\\AppData\\Roaming\\interstatnogui\n","ACR-064":"Bundler auto-installs two apps without any user interaction\n","ACR-152":"Bundler disables the close option during offers\n"},"samples":[{"isRevoked":"False","fileName":"","isInstaller":"True","companyName":"YoutubeDownloader.guru LLC.                                 ","fileVersion":"8.6","hashMD5":"d7866daa11bfe19b98a2857d1f4ad357","hashSHA1":"015c18ea8a5c9d7044a10c3080a401fb41049d75","hashSHA256":"0c26e2cffa199bcff906c111f05a48185e2d5a52b7c0661c124b7912596270cf","digitalCertThumbprint":"309B825310FECBEE2A454D3D2C4C5671B48852C2","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Suzhou MorningSun Information Technology LLC, O=Suzhou MorningSun Information Technology LLC, STREET=A305 International Science and Technology Park 5, STREET=328 Xin Hu Road （Suzhou Industrial Park）, L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN","sourceIndex":"3533","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Kaspersky Internet Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Sophos Home Premium (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","360 Total Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)"],"avAllowList":["Bitdefender Internet Security (20190422)","F-PROT Antivirus for Windows (20190422)","Tencent PC Manager (20190422)","VIPRE Advanced Security (20190422)"]},{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"YoutubeDownloader.guru                                      ","fileVersion":"8.6","hashMD5":"2a89f8a55922979ebd4cbff40ac23801","hashSHA1":"3a2d497a2c93764cb0cd07af757f3e5bd311d443","hashSHA256":"eb4104c55fa41f2444008b3d2fc0a3f49cf9abf9e9d885464d1735f55a0b0aca","digitalCertThumbprint":"635583FD7402FFFCBEDBEC6E3B0D9D9A4D94003B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Su Zhou MorningSun Information Technology LLC., O=Su Zhou MorningSun Information Technology LLC., STREET=A505 International Science and Technology Park 5, STREET=Xinhu Road （Suzhou Industrial Park）, L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN","sourceIndex":"3533","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","Bitdefender Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Kaspersky Internet Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Sophos Home Premium (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","360 Total Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)","Tencent PC Manager (20190422)","VIPRE Advanced Security (20190422)"],"avAllowList":["F-PROT Antivirus for Windows (20190422)"]},{"isRevoked":"False","fileName":"","isInstaller":"True","companyName":"YoutubeMusicDownloader.us Inc.                              ","fileVersion":"9.2","hashMD5":"232382d54d17df2986e73b882c4ef309","hashSHA1":"ef91bbf78224ca1d06f85c64941d83a2de018945","hashSHA256":"340c7d46f13a83b04eac7e14c97255c7d77a11736e1c6dbb5029df299415f40f","digitalCertThumbprint":"309B825310FECBEE2A454D3D2C4C5671B48852C2","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Suzhou MorningSun Information Technology LLC, O=Suzhou MorningSun Information Technology LLC, STREET=A305 International Science and Technology Park 5, STREET=328 Xin Hu Road （Suzhou Industrial Park）, L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN","sourceIndex":"3534","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Norton Security (20190422)","Panda Dome (20190422)","Sophos Home Premium (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","Kaspersky Internet Security (20190422)","360 Total Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)"],"avAllowList":["Bitdefender Internet Security (20190422)","F-PROT Antivirus for Windows (20190422)","Tencent PC Manager (20190422)","VIPRE Advanced Security (20190422)"]},{"isRevoked":"False","fileName":"","isInstaller":"True","companyName":"ShiningMorning Inc.                                         ","fileVersion":"8.9","hashMD5":"17a236b79d6377a11f4804cbbeb566ef","hashSHA1":"b603d10ff81f4d2a6ab80582117e00f1afea8546","hashSHA256":"512f67e497a1eeb2bd940c2755ed3c008c6c0e4d612426eaf5173e6a72648acc","digitalCertThumbprint":"309B825310FECBEE2A454D3D2C4C5671B48852C2","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Suzhou MorningSun Information Technology LLC, O=Suzhou MorningSun Information Technology LLC, STREET=A305 International Science and Technology Park 5, STREET=328 Xin Hu Road （Suzhou Industrial Park）, L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN","sourceIndex":"3535","avBlockList":["Avast Internet Security (20190422)","AVG Internet Security (20190422)","Avira Internet Security (20190422)","ESET Internet Security (20190422)","G DATA INTERNET SECURITY (20190422)","K7 Total Security (20190422)","Kaspersky Internet Security (20190422)","Malwarebytes Premium (20190422)","McAfee Total Protection (20190422)","Norton Security (20190325)","Panda Dome (20190422)","Sophos Home Premium (20190422)","Trend Micro Internet Security (20190422)","VirIT eXplorer PRO (20190422)","Webroot SecureAnywhere (20190422)","Windows Defender (20190422)","360 Total Security (20190422)","COMODO Antivirus (20190422)","Dr.Web Security Space (20190422)","Quick Heal Internet Security (20190422)","SpyHunter5 (20190422)"],"avAllowList":["Bitdefender Internet Security (20190422)","F-PROT Antivirus for Windows (20190422)","Tencent PC Manager (20190422)","VIPRE Advanced Security (20190422)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"http://youtubedownloader.guru/","directDownloadingLink":"http://youtubedownloader.guru/php/download.php?i=73193120104","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://youtubedownloader.guru/php/download.php?i=73193120104","sourceIndex":"3533"},{"howFound":"Hunt.Community","reference":"vt search","landingPage":"http://youtubemusicdownloader.us","directDownloadingLink":"http://youtubemusicdownloader.us/download/server1/Youtube_Music_Downloader_Setup.zip","ipv4":"","ipv6":"","sourceIndex":"3534"},{"howFound":"Hunt.Community","reference":"vt search","landingPage":"http://www.shiningmorning.com/","directDownloadingLink":"http://shiningmorning.com/php/download.php?src=online","ipv4":"","ipv6":"","sourceIndex":"3535"}],"sampleFiles":["181103/SuzhouMorningSunBundler-180211/8.6/Samples/Youtube_Downloader_Guru_Setup.exe","181103/SuzhouMorningSunBundler-180211/8.6/Samples/Installer.exe","181103/SuzhouMorningSunBundler-180211/8.6/Samples/Youtube_Music_Downloader_Setup_OnSite.exe","181103/SuzhouMorningSunBundler-180211/8.6/Samples/MagicCamera_Setup.exe"],"imageFiles":["181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-053/ACR-053 no skip buttons four offers.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-109/ACR-109 installs SoftUpdate.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-109/ACR-109 installs extra apps wihtout user choice.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-055/ACR-055 inconsistent accept and decline.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-039/ACR-039 first offer looks like EULA of carrier.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-039/ACR-039 no relationship between apps and carrier.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-043/ACR-043 bunder installs softupgrade.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-043/ACR-043 installs extra apps wihtout user choice.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-048/ACR-048 unable to close inbundler.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-084/ACR-084 bundler installs into hidden directory.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-059/ACR-059 offer not marked as offer or optional.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-059/ACR-059 offer not marked as optional.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-059/ACR-059 offer notmarked as offer or optional.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-059/ACR-059 no recommendation attirbution and not clear this is optional.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-075/ACR-075 apps stay installed when carrier fails.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-042/ACR-042 installs SoftUpgrader without permission.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-042/ACR-042 installs extra apps wihtout user choice 2.gif"],"nonDeceptorImageFiles":["181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-038/ACR-038 SoftUpgrade signed by undisclosed source %22llc smartreading%22.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-040/ACR-040 carrier installs into APpData.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-040/ACR-040 installs carrier into hidden directory.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-040/ACR-040 bundler installs interstatnogui into hidden directory.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-042/ACR-042 installs SoftUpgrader without permission.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-042/ACR-042 installs extra apps wihtout user choice 2.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-065/ACR-065 no eula or docs for carrier.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-091/ACR-091 installs softup.exe signed by llc (smart reader).png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-091/ACR-091 installs interstatnogui signed by Camping systems.png","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-064/ACR-064 installs extra apps wihtout user action.gif","181103/SuzhouMorningSunBundler-180211/8.6/Images/ACR-152/ACR-152 close button not working during offers.gif"],"guid":"984eaf72-c146-4c8b-98f8-cf6f7c997039_8.6_1","appID":"SuzhouMorningSunBundler-180211","dateAdded":"190128","deceptorType":"Bundler","name":"MorningSun Bundler","company":"Suzhou MorningSun Information Technology LLC","version":"8.6","sigName":"Deceptor:Win32/MorningSunBundler!053109055039043048084118119059075042","lastKnownStatus":"Deceptor:8.6,9.3.0.1","lastKnownDate":"190128","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2316},{"violations":{"ACR-005":"The extension mimics the system toolbar by displaying an unattributed search dialog at the top of its newtab page.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"2.8.20.68_0.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"ad812bcf73b0cdd78e8aafef3d0ce5b9bb4d236eee9f3bdf2a9107f0c0a22311","sourceIndex":"3238","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Adplexity seach \"New tab\"","landingPage":"https://www.couponclubapp.co/g1omf?utm_source=adwords&utm_campaign=1511345431&utm_term=online+coupons&kid=kwd-10105286&network=d&placement=www.fingerhut.com&aff_sub=00ca1ee128f64f9ca576413b06f58fcd5bd1ec15&offer_id=19&t1=adwords","directDownloadingLink":"https://chrome.google.com/webstore/detail/coupon-club-app/ppkhmpjlhdpckgnoagdoobhdjnibnjgj/related","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/coupon-club-app/ppkhmpjlhdpckgnoagdoobhdjnibnjgj/related","sourceIndex":"3238"}],"sampleFiles":["190128/CouponClub-181108/2.8.20.68/Samples/2.8.20.68_0.crx"],"imageFiles":["190128/CouponClub-181108/2.8.20.68/Images/ACR-005/Coupons Club New Tab Page.png"],"nonDeceptorImageFiles":[],"guid":"9b969036-9f84-4a99-8609-871c7c19d3e5_2.8.20.68_1","appID":"CouponClub-181108","dateAdded":"190128","deceptorType":"Chrome Extension","name":"CouponClub","company":"Ito Media","version":"2.8.20.68","sigName":"Deceptor:CRX/CouponClub!005","lastKnownStatus":"Deceptor:2.8.17.63,2.8.20.68","lastKnownDate":"190128","type":"Windows Executable","category":"Personalization & Search","targetOS":"","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-01-29T02:28:57.8113094+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2319},{"violations":{"ACR-042":"An undisclosed application is silently installed  \"Remo One\" is installed without the consumer's knowledge or consent during Remo Repair MOV install.\n","ACR-084":"1. The silence installation option exist in the app. The usage of this silence installation need to be disclosed if this is necessary for app. \"\"<remo-repair-mov.exe>\" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART \"\n2. The app runs silently in the background, hiding the fact that it is active from the consumer\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components without providing an information on how to remove leftover files from the computer.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose Original Filename and Company Name in the version information for the following executables: remo-repair-mov.exe, rone.exe and ActKey.exe\n","ACR-065":"The app needs to disclose EULA/Terms of Service and Privacy Policy in the app's about page/Software\n","ACR-161":"The user reviews needs to be verifiable to the consumer\nThe user reviews and testimonials needs to be verifiable.\n","ACR-092":"Digital signature is required for the following executables: xmldb.dll and xmldbx64.dll\n","ACR-157":"The certified app should be signed with signing cert that is exclusively used for certified app. This cert \"D57A979477213E75D8B8AF212C2F19D2C61CEED0\" is used in deceptor app \"Remo Repair Zip\". Please get the right signing cert ready for this app after it passes all other ACRs and get this final build be signed with right signing cert.\n","ACR-099":"The app needs to disclose uninstall information in the app’s about page\nThe app needs to disclose uninstall information in the landing page\n","ACR-035":"The app needs to disclose app's name to the consumer in all the docs.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable Microsoft  Partner Logo and 5 Star rating. Needs to add \"Developed By\" or \"Using Technologies\" along with Microsoft logo and provide a hyperlink to verify the logo.\n"},"samples":[{"isRevoked":"False","fileName":"remo-repair-mov.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Repair MOV                                             ","productVersion":"2.0.0.40                                          ","fileVersion":"2.0.0.40            ","hashMD5":"131e2691c66f277804fb28dea8530029","hashSHA1":"c43c721c7345735e187341c28648eb0799feb208","hashSHA256":"c05ac4d4d9a4d40d97a3055a06307d6b2ff95618efb6082dc6e719955ec5d3c6","digitalCertThumbprint":"4080C9CCCEE2559314E0F5393F6E8948348F4096","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Remo Software Private Limited","sourceIndex":"3232","avBlockList":["Avira Internet Security (20190203)","K7 Total Security (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)"],"avAllowList":["Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","Trend Micro Internet Security (20190203)","Windows Defender (20190203)"]}],"additionalFiles":[],"sources":[{"howFound":"Vendor Report Deceptor candidate ","reference":"DS","landingPage":"https://www.remosoftware.com/remo-repair-mov","directDownloadingLink":"https://remocdn1.azureedge.net/remosoftware/remo-repair-mov.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://remocdn1.azureedge.net/remosoftware/remo-repair-mov.exe","sourceIndex":"3232"}],"sampleFiles":["190128/RepairMov-190127/2.0.0.40/Samples/remo-repair-mov.exe"],"imageFiles":["190128/RepairMov-190127/2.0.0.40/Images/ACR-042/ACR-042_Software_Install_Silently_Without_Consumer_Knowledge.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-084/ACR-084_Software_Runs_Silently_In_The_Background.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-084/ACR-084_Software_Uses_Silent_Mode.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-118/ACR-118_Uninstall_Retains_Components.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-118/ACR-118_Uninstall_Retains_Components1.JPG"],"nonDeceptorImageFiles":["190128/RepairMov-190127/2.0.0.40/Images/ACR-038/ACR-038_Install_OriginalFileName_Is_Missing.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-065/ACR-065_Software_EULA&PrivacyPolicy_Is_Missing.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_MS_Logo.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-161/ACR-161_LandingPage_Unable_To_Check_The_Review.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-161/ACR-161_LandingPage_Unable_To_Check_The_Review1.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-161/ACR-161_InternalOffers_Unable_To_Review_Testimonials.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-161/ACR-161_InternalOffers_Unable_To_Review_Testimonials1.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-099/ACR-099_Software_Uninstall_Info_Is_Missing.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info_Is_Missing.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-035/ACR-035_Docs_Does_Not_Disclose_App_Name.JPG","190128/RepairMov-190127/2.0.0.40/Images/ACR-035/ACR-035_Docs_Does_Not_Disclose_App_Name1.JPG"],"guid":"7fbecc13-721b-47cb-a3cd-1c8d71bbe0f3_2.0.0.40_1","appID":"RepairMov-190127","dateAdded":"190128","deceptorType":"App","name":"Remo Repair MOV","company":"Remo Software Private Limited","version":"2.0.0.40","sigName":"Deceptor:Win32/RepairMOV!042084118","firstVendorContactDate":"190129","firstAppEsteemReplyDate":"190129","firstResolvedDate":"190130","firstResolvedVersion":"2.0.0.41","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.0.40;NonCertified:2.0.0.41","lastKnownDate":"190128","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-01-31T00:17:16.1630821+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2317},{"violations":{"ACR-005":"The extension mimics the system toolbar by displaying an unattributed search dialog at the top of its newtab page.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Coupon-Club-App_v2.8.17.63.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"66030eb350997d6d2ef0bb38733582c6","hashSHA1":"c59c95b35e78ee42a176e6882760ed178b2da9a3","hashSHA256":"e6868fe9c80506b091fc977111bf45e0ed7c9f39201878022e377370713353ec","storeId":"ppkhmpjlhdpckgnoagdoobhdjnibnjgj","sourceIndex":"3514","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Adplexity seach \"New tab\"","landingPage":"https://www.couponclubapp.co/g1omf?utm_source=adwords&utm_campaign=1511345431&utm_term=online+coupons&kid=kwd-10105286&network=d&placement=www.fingerhut.com&aff_sub=00ca1ee128f64f9ca576413b06f58fcd5bd1ec15&offer_id=19&t1=adwords","directDownloadingLink":"https://chrome.google.com/webstore/detail/coupon-club-app/ppkhmpjlhdpckgnoagdoobhdjnibnjgj/related","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/coupon-club-app/ppkhmpjlhdpckgnoagdoobhdjnibnjgj/related","sourceIndex":"3514"}],"sampleFiles":["181108/CouponClub-181108/2.8.17.63/Samples/Coupon-Club-App_v2.8.17.63.crx"],"imageFiles":["181108/CouponClub-181108/2.8.17.63/Images/ACR-005/ACR-005_software.JPG"],"nonDeceptorImageFiles":[],"guid":"9b969036-9f84-4a99-8609-871c7c19d3e5_2.8.17.63_1","appID":"CouponClub-181108","dateAdded":"190128","deceptorType":"Chrome Extension","name":"CouponClub","company":"Ito Media","version":"2.8.17.63","sigName":"Deceptor:CRX/CouponClub!005","lastKnownStatus":"Deceptor:2.8.17.63,2.8.20.68","lastKnownDate":"190128","type":"Windows Executable","category":"Personalization & Search","targetOS":"","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-01-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2320},{"violations":{"ACR-004":"The App requires customer to purchase subscription service to download and install updates for the outdated drivers identified during free scan without providing free trial fixes.\n","ACR-017":"The application elevates its consumer trust level by displaying an unverifiable Silver and Gold Microsoft Partner logo in the landing page and offer/billing page.\n"},"nonDeceptorViolations":{"ACR-065":"There is no Returns and Cancellation Policy information. \nThere is no Returns and Cancellation Policy information. \nThere is no Returns and Cancellation Policy information. \n","ACR-167":"There is no Returns and Cancellation Policy information. \n","ACR-017":"The application elevates its consumer trust level by displaying an unverifiable Silver and Gold Microsoft Partner logo in the landing page and offer/billing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\SparkTrust Driver Updater\\DriverUpdater.exe","companyName":"SparkTrust Systems","productName":"SparkTrust Driver Updater","productVersion":"5.0.273","fileVersion":"3.1.0.5","hashMD5":"41b815d632b78a12fabd64d2c5d50d0f","hashSHA1":"48f734b5a0377d4c8db1e932f4ef1ff0b18a66b0","hashSHA256":"c4fb08cde59e7ec7bcf7ab116a0f9a55069b5d4c97337166bcff57681df73ff9","digitalCertThumbprint":"26276D4ACB8051E176480A105BB0880773E2DD3E","sourceIndex":"3241","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SparkTrust Driver Updater Setup.exe","isInstaller":"True","companyName":"SparkTrust Systems                                          ","productName":"SparkTrust Driver Updater                                   ","productVersion":"5.0.273.0                                         ","fileVersion":"5.0.273.0           ","hashMD5":"62c9f5d327c50bf2d0449e584414c557","hashSHA1":"2cd85c9187e289d290147c9613dd2f00e5b0a9ab","hashSHA256":"9ffaeaa4bf44b021d43c9f64898fc2f3000b460bcbf5450a5dbf8f748f8a6fc6","digitalCertThumbprint":"26276D4ACB8051E176480A105BB0880773E2DD3E","sourceIndex":"3241","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Malwarebytes Premium (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","Kaspersky Internet Security (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Trend Micro Internet Security (20190131)","Windows Defender (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"outdated drivers\"","reference":"http://sparktrust.com/lps/update-drivers-free/","landingPage":"https://www.sparktrust.com/sparktrustdriverupdater/","directDownloadingLink":"http://spark.sparktrust.revenuewire.net/stdu/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://spark.sparktrust.revenuewire.net/stdu/download","sourceIndex":"3241"}],"sampleFiles":["190123/SparkTrustDriverUpdater-190122/5.0.273.0/Samples/DriverUpdater.exe","190123/SparkTrustDriverUpdater-190122/5.0.273.0/Samples/SparkTrust Driver Updater Setup.exe"],"imageFiles":["190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-004/scan.png","190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-004/004.png","190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-004/SparkTrustDriverUpdater_PaymentDetails.PNG","190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-004/SparkTrustDriverUpdater_Payment.PNG","190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-017/billing.png"],"nonDeceptorImageFiles":["190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-065/return_policy.png","190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-167/return_policy.png","190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-167/billing.png","190123/SparkTrustDriverUpdater-190122/5.0.273.0/Images/ACR-017/landing_page.png"],"guid":"51d316b8-8cca-4b39-a3f5-4e91c0fb70b4_5.0.273.0_1","appID":"SparkTrustDriverUpdater-190122","dateAdded":"190123","deceptorType":"App","name":"SparkTrust Driver Updater      ","company":"Paretologic Inc","version":"5.0.273.0","sigName":"Deceptor:Win32/SparkTrustDriverUpdater!004017","firstVendorContactDate":"190125","firstAppEsteemReplyDate":"190125","firstResolvedDate":"190128","firstResolvedVersion":"5.0.278.0","resolved":"TRUE","lastKnownStatus":"Deceptor:5.0.273.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-28T20:00:43.5376322+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2321},{"violations":{"ACR-004":"App up-sells to a subscription but offers no free fixes for the free scan results shown.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"antimalwaresetup-ver_{usrid}-dirct.exe","isInstaller":"True","companyName":"Plumbytes Software Lp","fileVersion":"1.0","hashMD5":"7e9b5f41d8478c9897631b72b1af2666","hashSHA1":"5129b4d6014d6fde5845cae03d25538c8b420977","hashSHA256":"8c209496c6b29528ce7431a893448ba11ed740bcba3629913dc33b42b365fb32","digitalCertThumbprint":"9AED4AD5CE57CA4489400D3A0300D0CE9F6C2F44","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Plumbytes Software Lp, O=Plumbytes Software Lp, STREET=5 St Vincent Street, L=EDINBURGH, S=Scotland, PostalCode=EH3 6SW, C=GB","sourceIndex":"3352","avBlockList":["Avast Internet Security (20190415)","AVG Internet Security (20190415)","Avira Internet Security (20190415)","ESET Internet Security (20190415)","G DATA INTERNET SECURITY (20190415)","K7 Total Security (20190415)","Kaspersky Internet Security (20190415)","Malwarebytes Premium (20190415)","McAfee Total Protection (20190415)","Norton Security (20190415)","Sophos Home Premium (20190415)","Trend Micro Internet Security (20190415)","VirIT eXplorer PRO (20190415)","Webroot SecureAnywhere (20190415)","Windows Defender (20190415)","360 Total Security (20190415)","COMODO Antivirus (20190415)","Dr.Web Security Space (20190415)","Quick Heal Internet Security (20190415)","SpyHunter5 (20190415)"],"avAllowList":["Bitdefender Internet Security (20190415)","Panda Dome (20190415)","F-PROT Antivirus for Windows (20190415)","Tencent PC Manager (20190415)","VIPRE Advanced Security (20190415)"]},{"isRevoked":"False","fileName":"Plumbytes.exe","companyName":"Plumbytes Software Lp","fileVersion":"1.0","hashMD5":"1f26138424b1635b1a47254168a162fb","hashSHA1":"db186e49b7c636c30234b26c8a5790ce0146fae5","hashSHA256":"f2c74f2b994f66ebdccab55cb0ba33f6227b779b900798dbe462adbddd48c243","digitalCertThumbprint":"9AED4AD5CE57CA4489400D3A0300D0CE9F6C2F44","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Plumbytes Software Lp, O=Plumbytes Software Lp, STREET=5 St Vincent Street, L=EDINBURGH, S=Scotland, PostalCode=EH3 6SW, C=GB","sourceIndex":"3352","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCert","reference":"reviewing old certifications for acr-004 compliance","landingPage":"https://plumbytes.com","directDownloadingLink":"https://plumbytes.com/url/download-antimalware","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://plumbytes.com/url/download-antimalware","sourceIndex":"3352"}],"sampleFiles":["190121/PlumBytesAntiMalware-190121/1.0.5.3/Samples/antimalwaresetup-ver_{usrid}-dirct.exe","190121/PlumBytesAntiMalware-190121/1.0.5.3/Samples/Plumbytes.exe"],"imageFiles":["190121/PlumBytesAntiMalware-190121/1.0.5.3/Images/ACR-004/acr-004 free scan results without free fix.gif"],"nonDeceptorImageFiles":[],"guid":"eb599cf4-ef44-49a4-ab7a-a2b34494500c_1.0.5.3_1","appID":"PlumBytesAntiMalware-190121","dateAdded":"190121","deceptorType":"App","name":"Plumbytes Anti-Malware","company":"Plumbytes Software LP","version":"1.0.5.3","sigName":"Deceptor:Win32/PlumbytesAntiMalWare!004","lastKnownStatus":"Deceptor:1.0.5.3","lastKnownDate":"190121","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-21T21:27:18.5074164+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2322},{"violations":{"ACR-003":"App exaggerates the scan result using the words \"fix these issues immediately \" and \"Attention Required\" with yellow/red box color/exclamation , thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the product to provide fix for the issues identified during free scan. App uses unsubstantiated alarming message to urge user to take action\n","ACR-118":"When the user attempts to completely uninstall the application, some components are retained on the device without the user's consent.\n","ACR-014":"App claims issues but does nothing to substantiate those claims.\n"},"nonDeceptorViolations":{"ACR-065":"There is no Returns and Cancellation Policy page in the Landing page.\n","ACR-088":"App starts to scan automatically when app launches post-install\n","ACR-167":"The application has a no refund policy page. Though in the purchase page it shows money back guarantee but did not state how many days is the return.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MaxiPcUtilities\\MaxiPCUtilities.exe","companyName":"MaxiPcUtilities","productName":"MaxiPcUtilities","productVersion":"0.3","fileVersion":"0.3","hashMD5":"9b69fe2465f156fb860225240fa76ec3","hashSHA1":"9dbbefeb174fee471837ed4bcd5330eb4f086ac9","hashSHA256":"8da0d67d21f2dac45ec1f021c34d2f14cd48e54653c1f576b0ccb1d80293d233","digitalCertThumbprint":"F16EF908C8C986B986878E23231A11B35B1CEB16","sourceIndex":"3354","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MaxiPcUtilities\\maxipcutilities.exe","isInstaller":"True","hashMD5":"14edabe531e3d90e1f52d037e3d380c3","hashSHA1":"0b6b3bd5e004c6cecf46a39600e39bf74c3f8a79","hashSHA256":"25ffea41caa8cf294f3a88940c4b89dee1739ce0ab4c286fdf99b75693b98d15","digitalCertThumbprint":"F16EF908C8C986B986878E23231A11B35B1CEB16","sourceIndex":"3354","avBlockList":["Avast Internet Security (20190412)","AVG Internet Security (20190412)","Avira Internet Security (20190412)","ESET Internet Security (20190412)","G DATA INTERNET SECURITY (20190412)","K7 Total Security (20190412)","Kaspersky Internet Security (20190412)","Malwarebytes Premium (20190412)","McAfee Total Protection (20190412)","Norton Security (20190412)","Panda Dome (20190412)","Sophos Home Premium (20190412)","Trend Micro Internet Security (20190412)","VirIT eXplorer PRO (20190412)","Webroot SecureAnywhere (20190412)","Windows Defender (20190412)","360 Total Security (20190412)","COMODO Antivirus (20190412)","Dr.Web Security Space (20190412)","Quick Heal Internet Security (20190412)","SpyHunter5 (20190412)"],"avAllowList":["Bitdefender Internet Security (20190412)","F-PROT Antivirus for Windows (20190412)","Tencent PC Manager (20190412)","VIPRE Advanced Security (20190412)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"increase the computer performance\"","reference":"https://www.google.com/search?q=%22increase+the+computer+performance%22&oq=%22increase+the+computer+performance%22&aqs=chrome..69i57j0l5.2851j0j7&sourceid=chrome&ie=UTF-8","landingPage":"https://www.maxipcutilities.com/index.html","directDownloadingLink":"https://maxipcutilities.com/maxipcutilities.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://maxipcutilities.com/maxipcutilities.exe","sourceIndex":"3354"}],"sampleFiles":["190118/MaxiPcUtilities-190115/0.3.0.0/Samples/MaxiPCUtilities(main_exe).exe","190118/MaxiPcUtilities-190115/0.3.0.0/Samples/maxipcutilities.exe"],"imageFiles":["190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-004/004.png","190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-004/004_2.png","190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-014/main.png","190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-014/result.png","190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-003/result.png","190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-003/003.png","190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-118/118.png"],"nonDeceptorImageFiles":["190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-167/return.png","190118/MaxiPcUtilities-190115/0.3.0.0/Images/ACR-065/065.png"],"guid":"702c40b0-36cc-49ed-bc26-addbad9fe649_0.3.0.0_1","appID":"MaxiPcUtilities-190115","dateAdded":"190118","deceptorType":"App","name":"MaxiPcUtilities","company":"Tanama Software Private Limited","version":"0.3.0.0","sigName":"Deceptor:Win32/MaxiPcUtilities!003004014118","lastKnownStatus":"Deceptor:0.3.0.0","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2323},{"violations":{"ACR-048":" The \"close\" and \"exit\" button is disabled during installation without any disclosure about why these standard functional buttons be disabled to users.  \n","ACR-003":"App uses exaggerated claim \"Extremely Old\"  about outdated driver misleads user, raising sense of urgency to user to take action \n","ACR-004":" The App requires customer to purchase subscription service to download and install updates for the outdated drivers identified during free scan without providing free trial fixes.\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The application was installed in ProgramData hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-045":"\"FREE DOWNLOAD\" highlights \"free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove the \"free\" word. \"FREE DOWNLOAD\" highlights \"free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove the \"free\" word.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\ProgramData\\DriverFix\\DriverFix.exe","productName":"DriverFix","productVersion":"1.0.0.0","fileVersion":"4.2018.10.29","hashMD5":"e737ae82d82de6840b7fafa6cc93f5a4","hashSHA1":"d77fb57d7e8832f484821179cddabec1940b616b","hashSHA256":"a3a75ae26384b14e5cc6842c8aadf6a63e5adda5de9a5d8b1fa5a4a0c27ae97a","digitalCertThumbprint":"209FF82EE90F91C28D2B2543ED18E9215BCABB52","sourceIndex":"2594","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\ProgramData\\DriverFix\\driverfixwebdl-5871769614.exe","isInstaller":"True","companyName":"DriverFix","productName":"DriverFix","productVersion":"4.20181218","fileVersion":"4.20181218","hashMD5":"5b53234cf25c5943910ce0c916f2caa5","hashSHA1":"a39a974f59bdbef00ba354ff842a6aa970abb0c5","hashSHA256":"c48a5ae9286094b8a38f7b3e36e8904e655bcf56445a7612fa3cac396b203e98","digitalCertThumbprint":"209FF82EE90F91C28D2B2543ED18E9215BCABB52","sourceIndex":"2594","avBlockList":["Avast Internet Security (20190412)","AVG Internet Security (20190412)","Avira Internet Security (20190412)","Bitdefender Internet Security (20190412)","ESET Internet Security (20190412)","G DATA INTERNET SECURITY (20190412)","K7 Total Security (20190412)","Malwarebytes Premium (20190412)","McAfee Total Protection (20190412)","Panda Dome (20190412)","Sophos Home Premium (20190412)","Trend Micro Internet Security (20190412)","VirIT eXplorer PRO (20190412)","Webroot SecureAnywhere (20190412)","Windows Defender (20190412)","360 Total Security (20190412)","COMODO Antivirus (20190412)","Dr.Web Security Space (20190412)","Quick Heal Internet Security (20190412)","Tencent PC Manager (20190412)","VIPRE Advanced Security (20190412)"],"avAllowList":["Kaspersky Internet Security (20190412)","Norton Security (20190412)","F-PROT Antivirus for Windows (20190412)","SpyHunter5 (20190412)"]}],"additionalFiles":[],"sources":[{"howFound":"google search \"outdated device drivers\"","reference":"https://www.thewindowsclub.com/driverfix-review","landingPage":"http://www.driverfix.com/","directDownloadingLink":"http://www.driverfix.com/download/driverfixwebdl-5871769614.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.driverfix.com/download/driverfixwebdl-5871769614.exe","sourceIndex":"2594"}],"sampleFiles":["190118/DriverFix-190117/4.2018.12.18/Samples/DriverFix.exe","190118/DriverFix-190117/4.2018.12.18/Samples/driverfixwebdl-5871769614.exe"],"imageFiles":["190118/DriverFix-190117/4.2018.12.18/Images/ACR-048/disabled.png","190118/DriverFix-190117/4.2018.12.18/Images/ACR-004/004.png","190118/DriverFix-190117/4.2018.12.18/Images/ACR-004/004_2.png","190118/DriverFix-190117/4.2018.12.18/Images/ACR-004/DriverFix_004.PNG","190118/DriverFix-190117/4.2018.12.18/Images/ACR-003/DriverFix_003.PNG"],"nonDeceptorImageFiles":["190118/DriverFix-190117/4.2018.12.18/Images/ACR-040/progdata.png","190118/DriverFix-190117/4.2018.12.18/Images/ACR-045/045.png","190118/DriverFix-190117/4.2018.12.18/Images/ACR-045/045_2.png","190118/DriverFix-190117/4.2018.12.18/Images/ACR-099/main.png"],"guid":"213d215a-baa2-4237-b1fc-beef868db62a_4.2018.12.18_1","appID":"DriverFix-190117","dateAdded":"190118","deceptorType":"App","name":"DriverFix","company":"Blueroad Trading Limited","version":"4.2018.12.18","sigName":"Deceptor:Win32/DriverFix!004048","firstVendorContactDate":"191002","firstAppEsteemReplyDate":"191003","firstResolvedDate":"191127","firstResolvedVersion":"4.2019.11.24","resolved":"TRUE","lastKnownStatus":"Deceptor:2.2018.12.18","lastKnownDate":"190118","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-11-27T22:19:09.5874545+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2324},{"violations":{"ACR-004":"App up-sells to an ongoing service, but does not provide free fixes for its free scans.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"antimalwaresetup-ver_45a78055.exe","isInstaller":"True","companyName":"FortBytes Software Ltd","fileVersion":"1.0","hashMD5":"9b0486eab2170c26b6de4b75928d533d","hashSHA1":"93f695500e6074d08e5734e9b4f05dfeaedac9fd","hashSHA256":"aedacfe75791db347f5ed25673781f60919934d0b9782187a328e266617e4528","digitalCertThumbprint":"7395BF1ADA48637A9C917C3114D581CDFE236CC6","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=FORTBYTES SOFTWARE LTD, O=FORTBYTES SOFTWARE LTD, STREET=4 Queen Street, L=Edinburgh, S=Scotland, PostalCode=EH2 1JE, C=GB","sourceIndex":"3356","avBlockList":["Avira Internet Security (20190412)","ESET Internet Security (20190412)","G DATA INTERNET SECURITY (20190412)","K7 Total Security (20190412)","Kaspersky Internet Security (20190412)","Malwarebytes Premium (20190412)","McAfee Total Protection (20190412)","Norton Security (20190412)","Sophos Home Premium (20190412)","Trend Micro Internet Security (20190412)","VirIT eXplorer PRO (20190412)","Webroot SecureAnywhere (20190412)","Windows Defender (20190412)","360 Total Security (20190412)","COMODO Antivirus (20190412)","Dr.Web Security Space (20190412)","Quick Heal Internet Security (20190412)"],"avAllowList":["Avast Internet Security (20190412)","AVG Internet Security (20190412)","Bitdefender Internet Security (20190412)","Panda Dome (20190412)","F-PROT Antivirus for Windows (20190412)","SpyHunter5 (20190412)","Tencent PC Manager (20190412)","VIPRE Advanced Security (20190412)"]},{"isRevoked":"False","fileName":"AntiMalware.exe","companyName":"FortBytes Software Ltd","fileVersion":"1.0","hashMD5":"dc5ce3f93f93d41b251994ab1601d156","hashSHA1":"b7973603177343c1f45b34748f4aa2edbf7c3d4a","hashSHA256":"b78bea1d5c2431e738a5cf2562693afaf17a557aac953ab124811b66e48dc5d0","digitalCertThumbprint":"7395BF1ADA48637A9C917C3114D581CDFE236CC6","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=FORTBYTES SOFTWARE LTD, O=FORTBYTES SOFTWARE LTD, STREET=4 Queen Street, L=Edinburgh, S=Scotland, PostalCode=EH2 1JE, C=GB","sourceIndex":"3356","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCert","reference":"Reviewing old certifications for acr-004 compliance","landingPage":"https://fortbytes.com","directDownloadingLink":"https://fortbytes.com/download/antimalware","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://fortbytes.com/download/antimalware","sourceIndex":"3356"}],"sampleFiles":["190116/FortBytesAntiMalware-190116/1.0.5.2/Samples/antimalwaresetup-ver_45a78055.exe","190116/FortBytesAntiMalware-190116/1.0.5.2/Samples/AntiMalware.exe"],"imageFiles":["190116/FortBytesAntiMalware-190116/1.0.5.2/Images/ACR-004/4.png","190116/FortBytesAntiMalware-190116/1.0.5.2/Images/ACR-004/3.png","190116/FortBytesAntiMalware-190116/1.0.5.2/Images/ACR-004/2.png","190116/FortBytesAntiMalware-190116/1.0.5.2/Images/ACR-004/1..png"],"nonDeceptorImageFiles":[],"guid":"2acb6f46-833f-4f24-b2ec-61033511a84c_1.0.5.2_1","appID":"FortBytesAntiMalware-190116","dateAdded":"190116","deceptorType":"App","name":"FortBytes Anti-Malware","company":"FortBytes Software Ltd","version":"1.0.5.2","sigName":"Deceptor:Win32/FortBytesAntiMalware!004","lastKnownStatus":"Deceptor:1.0.5.2","lastKnownDate":"190116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-17T02:49:25.2233972+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2327},{"violations":{"ACR-003":"App exaggerates system health by claiming registry settings are problems. App lists \"registry issues\" like \"Recent Documents\" but does not substantiate why they are issues.\n","ACR-004":"App shows free scan results and up-sells to a paid subscription service, but does not provide free fixes for all the free scan results shown.\n","ACR-014":"App does not substantiate why the \"registry issues\" are issues.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Watchdog.PCCleaner.2018.Setup.exe","isInstaller":"True","companyName":"WatchDogDevelopment.com, LLC","fileVersion":"3.3","hashMD5":"6336043049ec687d0fd234a4beae6dbf","hashSHA1":"9aa368721b75832281ce98c811a1811df5f3f0e0","hashSHA256":"5851c0ad8577eb07ea8418a8702e31ac546b662f369fc530863068a1411d4c8d","digitalCertThumbprint":"ACDCF2DB5DF1B6881492E1D9E8C605C9145681A7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"WatchDogDevelopment.com, LLC\", OU=Software, O=\"WatchDogDevelopment.com, LLC\", POBox=83703, STREET=\"4090 W State St, Suite 28B\", L=Boise, S=Idaho, PostalCode=83703, C=US","sourceIndex":"3180","avBlockList":["Avast Internet Security (20190214)","AVG Internet Security (20190214)","Avira Internet Security (20190214)","Bitdefender Internet Security (20190214)","ESET Internet Security (20190214)","G DATA INTERNET SECURITY (20190214)","K7 Total Security (20190214)","Kaspersky Internet Security (20190214)","Malwarebytes Premium (20190214)","VirIT eXplorer PRO (20190214)","Webroot SecureAnywhere (20190214)"],"avAllowList":["McAfee Total Protection (20190214)","Norton Security (20190214)","Panda Dome (20190214)","Sophos Home Premium (20190214)","Trend Micro Internet Security (20190214)","Windows Defender (20190214)"]},{"isRevoked":"False","fileName":"WatchdogPCCleaner2018.exe","companyName":"WatchDogDevelopment.com, LLC","fileVersion":"3.3","hashMD5":"4eebe20dd54bf996e3d6f13a974b7962","hashSHA1":"cfe4d788a185bd35f1ab3d907b9be8a2425e8192","hashSHA256":"51870f4b42e6a88a83a854a900ceb90fde11a6caeec8e2de2df598e12542f3cc","digitalCertThumbprint":"ACDCF2DB5DF1B6881492E1D9E8C605C9145681A7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"WatchDogDevelopment.com, LLC\", OU=Software, O=\"WatchDogDevelopment.com, LLC\", POBox=83703, STREET=\"4090 W State St, Suite 28B\", L=Boise, S=Idaho, PostalCode=83703, C=US","sourceIndex":"3180","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCert","reference":"reviewing old certifications for acr-004 violations","landingPage":"https://watchdogdevelopment.com/en/home/pc-cleaner","directDownloadingLink":"https://watchdogdevelopment.com/en/download/pc-cleaner","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://watchdogdevelopment.com/en/download/pc-cleaner","sourceIndex":"3180"}],"sampleFiles":["190116/PCCleaner-190116/3.3.9/Samples/Watchdog.PCCleaner.2018.Setup.exe","190116/PCCleaner-190116/3.3.9/Samples/WatchdogPCCleaner2018.exe"],"imageFiles":["190116/PCCleaner-190116/3.3.9/Images/ACR-003/acr-003 registry issues as problems.png","190116/PCCleaner-190116/3.3.9/Images/ACR-003/acr-003 no substantiation.png","190116/PCCleaner-190116/3.3.9/Images/ACR-014/acr-003 no substantiation.png","190116/PCCleaner-190116/3.3.9/Images/ACR-004/acr-004 free-fixes only some free scan results.gif","190116/PCCleaner-190116/3.3.9/Images/ACR-004/acr-004 shows free scan results but does not fix for free.png","190116/PCCleaner-190116/3.3.9/Images/ACR-004/ace-004 upsells to subscription.png"],"nonDeceptorImageFiles":[],"guid":"471b236b-ef3d-4f3f-b05f-2b615378a998_3.3.9_1","appID":"PCCleaner-190116","dateAdded":"190116","deceptorType":"App","name":"Watchdog PC Cleaner","company":"WatchDogDevelopment.com, LLC","version":"3.3.9","sigName":"Deceptor:Win32/PCCleaner!003004014","firstResolvedDate":"190219","firstResolvedVersion":"3.6.9","resolved":"TRUE","lastKnownStatus":"Deceptor:3.3.9;Certified:3.6.9","lastKnownDate":"190219","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-19T22:19:20.4606865+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2326},{"violations":{"ACR-004":"App exaggerates a sense of urgency by using colors and gauges to show free scan results. App upsells to a subscription service but does not offer free fixes for its free scan results.\n","ACR-014":"App's scan results shown on gauges imply that these setting could be far worse, thereby confusing the consumer with the intent to deceive.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Watchdog.PrivacyGuard.Setup.exe","isInstaller":"True","companyName":"WatchDogDevelopment.com, LLC","fileVersion":"3.5","hashMD5":"81d967245d152602ac7ee9f6dc9579d5","hashSHA1":"c78c994a9153f658f95f89bb7186698ff69e0d1b","hashSHA256":"c5db1994239f38cd9f5f8c729210bbb8e35198abbbf7a7e2d099c6d8e5e40340","digitalCertThumbprint":"ACDCF2DB5DF1B6881492E1D9E8C605C9145681A7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"WatchDogDevelopment.com, LLC\", OU=Software, O=\"WatchDogDevelopment.com, LLC\", POBox=83703, STREET=\"4090 W State St, Suite 28B\", L=Boise, S=Idaho, PostalCode=83703, C=US","sourceIndex":"3179","avBlockList":["Avast Internet Security (20190214)","AVG Internet Security (20190214)","Avira Internet Security (20190214)","Bitdefender Internet Security (20190214)","ESET Internet Security (20190214)","G DATA INTERNET SECURITY (20190214)","K7 Total Security (20190214)","Kaspersky Internet Security (20190214)","Malwarebytes Premium (20190214)","Sophos Home Premium (20190214)","VirIT eXplorer PRO (20190214)","Webroot SecureAnywhere (20190214)","Windows Defender (20190214)"],"avAllowList":["McAfee Total Protection (20190214)","Norton Security (20190214)","Panda Dome (20190214)","Trend Micro Internet Security (20190214)"]},{"isRevoked":"False","fileName":"WatchdogPrivacyGuard.exe","companyName":"WatchDogDevelopment.com, LLC","fileVersion":"3.5","hashMD5":"15ab2c57aae3ccfa6bd319c4ce692616","hashSHA1":"9412ff48f8561949609ee98e18c9fe22607f7dec","hashSHA256":"ab868f7d10d652a170f0836d1ae206de67c6ab68a254702c015f8022e5689376","digitalCertThumbprint":"ACDCF2DB5DF1B6881492E1D9E8C605C9145681A7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"WatchDogDevelopment.com, LLC\", OU=Software, O=\"WatchDogDevelopment.com, LLC\", POBox=83703, STREET=\"4090 W State St, Suite 28B\", L=Boise, S=Idaho, PostalCode=83703, C=US","sourceIndex":"3179","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCert","reference":"reviewing out of date certification","landingPage":"https://watchdogdevelopment.com/en/home/privacy-guard","directDownloadingLink":"https://watchdogdevelopment.com/en/download/privacy-guard","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://watchdogdevelopment.com/en/download/privacy-guard","sourceIndex":"3179"}],"sampleFiles":["190116/PrivacyGuard-190116/3.5.8/Samples/Watchdog.PrivacyGuard.Setup.exe","190116/PrivacyGuard-190116/3.5.8/Samples/WatchdogPrivacyGuard.exe"],"imageFiles":["190116/PrivacyGuard-190116/3.5.8/Images/ACR-004/acr-004 uses gauges with free scan results, no abiltiy to fix for free.png","190116/PrivacyGuard-190116/3.5.8/Images/ACR-004/acr-004 uses gauges and requires purchase to clean.png","190116/PrivacyGuard-190116/3.5.8/Images/ACR-004/acr-004 upsells to subscription without offer free fixes.png","190116/PrivacyGuard-190116/3.5.8/Images/ACR-004/acr-004 gauges and traffic light colors mapping status.png","190116/PrivacyGuard-190116/3.5.8/Images/ACR-004/acr-004 acr-014 uses gauges to show free scan results, implies could be worse.png","190116/PrivacyGuard-190116/3.5.8/Images/ACR-014/acr-004 acr-014 uses gauges to show free scan results, implies could be worse.png"],"nonDeceptorImageFiles":[],"guid":"d84ab4d7-6769-48ef-abc0-51d163f528e5_3.5.8_1","appID":"PrivacyGuard-190116","dateAdded":"190116","deceptorType":"App","name":"Watchdog Privacy Guard","company":"WatchDogDevelopment.com, LLC","version":"3.5.8","sigName":"Deceptor:Win32/PrivacyGuard!004014","firstResolvedDate":"190219","firstResolvedVersion":"3.8.8","resolved":"TRUE","lastKnownStatus":"Deceptor:3.5.8;Certified:3.8.8","lastKnownDate":"190219","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows 10","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-19T22:20:09.0680087+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2325},{"violations":{"ACR-043":"App doesn't disclose that it will install/use a third party AV engine.\n","ACR-107":"Third party AV components are installed without clear license authorization in app's EULA document and install message. \n","ACR-048":"The \"cancel\" and \"exit\" button is disabled during installation without any disclosure about why these standard functional buttons be disabled to users. \n","ACR-003":"App exaggerates the PC Scan summary by using the words \"Critical\" and \"HIGH RISK\" all in red color, thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to purchase the product to provide fix for the issues identified during free scan. The free fix option is hidden in the bottom of the payment options with light and smaller words. The free fix email is not received even after request it.\n","ACR-014":"The app makes unsubstantiated claim that the scanned file is \"critical\" during free scan, but no details as to why is a critical issue.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to provide proper company name and product name for main executable file \"NVProtect.exe\"\n","ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages. There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages. There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages. There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. It display error pages.\n","ACR-002":"App's name is inconsistent across interaction points. Name on Installer and Main GUI is \"NOVOSAFE\" while on landing page/purchase page it's \"NovuSafe\".\nApp's name is inconsistent across interaction points. Name on Installer and Main GUI is \"NOVOSAFE\" while on landing page/purchase page it's \"NovuSafe\".\nApp's name is inconsistent across interaction points. Name on Installer and Main GUI is \"NOVOSAFE\" while on landing page/purchase page it's \"NovuSafe\".\n","ACR-035":"No EULA/Terms of Service or Privacy Policy is provided.\n","ACR-037":"There is no Privacy Policy provided for this application.\n","ACR-168":"App doesn't disclose the additional offer may be made during one-one interactive phone call support.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files\\NovuSafe\\novusafe.exe","isInstaller":"True","companyName":"NovuSafe                                                    ","productName":"NovuSafe                                                    ","productVersion":"{code:GetMainAppVer}                              ","fileVersion":"1.0.0.2","hashMD5":"60e3897787cbfa367df0039d671e90a7","hashSHA1":"dcfe71b5a8a939ef781be7ce28e630e0564811f5","hashSHA256":"577907b2f62797d6113015699df7586543a84c0d75e93c0aad38b13c91611d94","digitalCertThumbprint":"84EA093EAECAD4F2CAFD24D9E18F0D3505803917","sourceIndex":"3273","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"C:\\Program Files\\NovuSafe Defender\\NVProtect.exe","companyName":"EEmZ9p0f3K42eBV9LOHIxg====","productName":"M8K9Xd6vDY91dqZqugMfVg====","productVersion":"2.0.2.2","fileVersion":"2.0.2.2","hashMD5":"e27f003418f24e4809b1c59a73ce7840","hashSHA1":"e5df22368506b39ef1315a2d4a7046a4443180b4","hashSHA256":"7f9beac8e0aa0c5e72b763fd8795c17b0889fa16638b1700ae8d931562875445","digitalCertThumbprint":"84EA093EAECAD4F2CAFD24D9E18F0D3505803917","sourceIndex":"3273","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.novusafe.com","directDownloadingLink":"http://web.novusafe.com/tk-0000/tk-0000.php?exec=run","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://web.novusafe.com/tk-0000/tk-0000.php?exec=run","sourceIndex":"3273"}],"sampleFiles":["190115/NovuSafe-190114/1.0.0.2/Samples/NovuSafe.exe","190115/NovuSafe-190114/1.0.0.2/Samples/NVProtect.exe"],"imageFiles":["190115/NovuSafe-190114/1.0.0.2/Images/ACR-004/004.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-004/NovuSafe_004.PNG","190115/NovuSafe-190114/1.0.0.2/Images/ACR-003/main.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-003/004.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-048/cancel_disabled.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-014/critical.png"],"nonDeceptorImageFiles":["190115/NovuSafe-190114/1.0.0.2/Images/ACR-065/eula.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-065/privacy.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-168/number.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-002/main.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-002/install.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-002/landing_page.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-037/privacy.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-038/main_exe.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-035/eula.png","190115/NovuSafe-190114/1.0.0.2/Images/ACR-035/privacy.png"],"guid":"c5d7c81d-7618-4e85-9200-0270855b5705_1.0.0.2_1","appID":"NovuSafe-190114","dateAdded":"190115","deceptorType":"App","name":"NovuSafe","company":"Novusafe LTD","version":"1.0.0.2","sigName":"Deceptor:Win32/NovuSafe!003004014043048","lastKnownStatus":"Deceptor:1.0.0.2","lastKnownDate":"190115","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2019-01-24T16:25:38.7562253+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2328},{"violations":{"ACR-004":"App upsells to an ongoing service and offers non-permanent fixes, yet does not provide free fixes for the free scan results shown.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Install My Faster PC.exe","isInstaller":"True","companyName":"ConsumerSoft                                                ","fileVersion":"7.4","hashMD5":"d82eb488caba8788f4115fd818cff4f5","hashSHA1":"8678b91b3631265a03825f4e29f5cdefc63cf013","hashSHA256":"67b235aa69f3e58eccab386035b5da7e6665d7718938607c5ce0b91503dcde4d","digitalCertThumbprint":"7E61FD4EF7E496D30BF9A8B707729B969A99C1E1","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"ConsumerSoft (Consumer Software International, Inc.)\", O=\"ConsumerSoft (Consumer Software International, Inc.)\", L=New York, S=New York, C=US, SERIALNUMBER=3691613, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New York, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"3370","avBlockList":["Avira Internet Security (20190408)","Bitdefender Internet Security (20190408)","ESET Internet Security (20190408)","G DATA INTERNET SECURITY (20190408)","K7 Total Security (20190408)","Kaspersky Internet Security (20190408)","Malwarebytes Premium (20190408)","McAfee Total Protection (20190408)","Norton Security (20190408)","Sophos Home Premium (20190408)","Trend Micro Internet Security (20190408)","VirIT eXplorer PRO (20190408)","Webroot SecureAnywhere (20190408)","Windows Defender (20190408)","360 Total Security (20190408)","COMODO Antivirus (20190408)","Dr.Web Security Space (20190408)","Tencent PC Manager (20190408)","VIPRE Advanced Security (20190408)"],"avAllowList":["Avast Internet Security (20190408)","AVG Internet Security (20190408)","Panda Dome (20190408)","F-PROT Antivirus for Windows (20190408)","Quick Heal Internet Security (20190408)","SpyHunter5 (20190408)"]},{"isRevoked":"False","fileName":"MyFasterPC.exe","companyName":"ConsumerSoft","fileVersion":"7.4","hashMD5":"bd58453c6fe20514adacb3f66f839d09","hashSHA1":"62845356c9cbcf3a79b434d9a3fceb0957218587","hashSHA256":"c97355c94450ff37a507e9790ed8ff32bbd2c74fdaa7a4270e986682ca4645d3","digitalCertThumbprint":"7E61FD4EF7E496D30BF9A8B707729B969A99C1E1","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"ConsumerSoft (Consumer Software International, Inc.)\", O=\"ConsumerSoft (Consumer Software International, Inc.)\", L=New York, S=New York, C=US, SERIALNUMBER=3691613, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=New York, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"3370","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCust","reference":"review of older certifications with current failures","landingPage":"https://myfasterpc.com/","directDownloadingLink":"https://www.myfasterpc.com/d/7.4.4/Install%20My%20Faster%20PC.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.myfasterpc.com/d/7.4.4/Install%20My%20Faster%20PC.exe","sourceIndex":"3370"}],"sampleFiles":["190114/MyFasterPC-190114/7.4.4.6/Samples/Install My Faster PC.exe","190114/MyFasterPC-190114/7.4.4.6/Samples/MyFasterPC.exe"],"imageFiles":["190114/MyFasterPC-190114/7.4.4.6/Images/ACR-004/acr-004 not all free scan results were fixed for free.png","190114/MyFasterPC-190114/7.4.4.6/Images/ACR-004/acr-004 upsell offer is for an annual subscription.png"],"nonDeceptorImageFiles":[],"guid":"77854ac8-87e5-4b37-98f4-d2281d495dfb_7.4.4.6_1","appID":"MyFasterPC-190114","dateAdded":"190114","deceptorType":"App","name":"My Faster PC","company":"ConsumerSoft","version":"7.4.4.6","sigName":"Deceptor:Win32/MyFasterPC!004","lastKnownStatus":"Deceptor:7.4.4.6","lastKnownDate":"190114","type":"Windows Executable","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-15T02:14:36.8539404+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2330},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\". Bundler also covers desktop with fullscreen image.\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"Bundler app names don't match the name of the app that requests UAC privileges. Bundler also does not inform the consumer that it is a download manager.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-038":"Relationship between findmysoft.com, the carrier and its vendor, the the download manager, and the role of the download manager are unclear. User is asked to accept running (with privileges) a differently-named download manager signed by a previous-undisclosed company, then user is presented with a download screen that does not show that it is Forumer's download manager.\n","ACR-065":"No EULA and/or Terms of Service is provided for the download manager.\n","ACR-002":"Bundler name is not shown in UAC prompt, instead \"Belemafufa Setup\" is shown.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"ccleaner_0565843533.exe","isInstaller":"True","companyName":"Sahosebani                                                  ","fileVersion":"0.0","hashMD5":"0caaf4e4199676610cefaf9321be9f6a","hashSHA1":"f634b62d7bda99ff37c2e8f55a75cf82e7fddbd1","hashSHA256":"96db21c50728e68454a06468ba1ecda645c46b2d0eebf2b15dde188d603e2d58","digitalCertThumbprint":"63337026A09CE85D317E91FCEA5430BB4A3A33A2","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o, OU=IT, O=Innova Media d.o.o, L=Sempeter Pri Gorici, C=SI","sourceIndex":"3366","avBlockList":["Avira Internet Security (20190408)","Bitdefender Internet Security (20190408)","ESET Internet Security (20190408)","G DATA INTERNET SECURITY (20190408)","K7 Total Security (20190408)","Kaspersky Internet Security (20190408)","Malwarebytes Premium (20190408)","McAfee Total Protection (20190408)","Norton Security (20190408)","Panda Dome (20190408)","Sophos Home Premium (20190408)","Trend Micro Internet Security (20190408)","VirIT eXplorer PRO (20190408)","Webroot SecureAnywhere (20190408)","Windows Defender (20190408)","360 Total Security (20190408)","Quick Heal Internet Security (20190408)","SpyHunter5 (20190408)","Tencent PC Manager (20190408)","VIPRE Advanced Security (20190408)"],"avAllowList":["Avast Internet Security (20190408)","AVG Internet Security (20190408)","COMODO Antivirus (20190408)","Dr.Web Security Space (20190408)","F-PROT Antivirus for Windows (20190408)"]}],"additionalFiles":[],"sources":[{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.forumer.it/","landingPage":"http://ccleaner.forumer.it/","directDownloadingLink":"http://www.hebanhadic.com/lqWBP_zR4j0s6qQfz8LgEWiWBvNq2gdN6K+W1qxY3mOSnaIEOU8VekxgHFnq+KLrFbOpVr4tA66dYyV26EiLsM3gKlYSf7bbUJhmlH8X1xmdvqwcmYaxolMpGaQpwhRDCuYm7S0+ADWLcbDgdlfR1enWtkPyPyQCslRhD+1FPiROmLQGyq7OJyw_ElV8iFkuGNwFF+lReUsYzuZUjihL307scohGQwlD9H1BBi0MWKVArzvYygmW13aez+eUFaGbyLCnR8z6yrPbeRDko+ffEXAMtXvUmTly_hiVFLnmEMS_JnExWoVXhbmb_1Y2pCchSHlBeTIjfdLB4jOBSw+qGylpv_xR2IBDj5UfA3VrQ_Vp_8kQMlt4STpXCwa0G_USV95Zmre99X50MxrJIlIEthb4zr9CsOCWyhN9UYO6wrK46lIYaMm6B3Z2rA6XQoSZ4UXu+ZHUvS2JMvJwjgloZb81xQrYs4Vq9a+qKKfZFxByc3OQHoMBjVIPPtFMew45XUhFudYx-G08AAGRwXmuLOoB4dwCwAQcuERXggHZn23eyv+89CfALh3Xd6tmoMEXVUnBemxM2f6Nft1r+DpMWsef9TRfWvEivmPQRaFTC0jQrUCJHAQ==-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.hebanhadic.com/lqWBP_zR4j0s6qQfz8LgEWiWBvNq2gdN6K+W1qxY3mOSnaIEOU8VekxgHFnq+KLrFbOpVr4tA66dYyV26EiLsM3gKlYSf7bbUJhmlH8X1xmdvqwcmYaxolMpGaQpwhRDCuYm7S0+ADWLcbDgdlfR1enWtkPyPyQCslRhD+1FPiROmLQGyq7OJyw_ElV8iFkuGNwFF+lReUsYzuZUjihL307scohGQwlD9H1BBi0MWKVArzvYygmW13aez+eUFaGbyLCnR8z6yrPbeRDko+ffEXAMtXvUmTly_hiVFLnmEMS_JnExWoVXhbmb_1Y2pCchSHlBeTIjfdLB4jOBSw+qGylpv_xR2IBDj5UfA3VrQ_Vp_8kQMlt4STpXCwa0G_USV95Zmre99X50MxrJIlIEthb4zr9CsOCWyhN9UYO6wrK46lIYaMm6B3Z2rA6XQoSZ4UXu+ZHUvS2JMvJwjgloZb81xQrYs4Vq9a+qKKfZFxByc3OQHoMBjVIPPtFMew45XUhFudYx-G08AAGRwXmuLOoB4dwCwAQcuERXggHZn23eyv+89CfALh3Xd6tmoMEXVUnBemxM2f6Nft1r+DpMWsef9TRfWvEivmPQRaFTC0jQrUCJHAQ==-e","sourceIndex":"3366"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.forumer.it/","landingPage":"http://adobe-reader.forumer.it/","directDownloadingLink":"http://www.hebanhadic.com/J6_nUNYpZBdtJ9y+Xv8sr0JrNCTn_GtTmCfrtQOb3rCpYHSu0RV6QRYv_3gjmPcFjW6YoJdXi1TayxJN9RgZx3G9V3TNN_7nZ7l8iuxKzXtJjBL_KXA9WIIQ3faP8QHyAqiOvRipXGHMwlmQWRO40CVkLsEfX+gD0c82CruoFUhI1p65SNjdEhdyNG8eeT3ORJYxIChIIBWl+b0PW7k1eHsJWjbPT5x89ajd3+gsseSPf8iEYuGXbJbUBTyEhWL0mimJA9xYw_pLv_Ikp+jkqRvyfWL8fjR7t9HM6nCn6N3uXfnsbOM4fBRWZOC0+WNTRArj5gb4KtjPC4x0_z0Ipf0fxpjn5A0_eNZvFcc+9RJGN0zEhUiKgASqbpaHuTixvFPbTDzsvv_m0Pq3Sun7ft5RYduuuRV4IihbBS7fZuDKwSym4MH78Db8hmBa0oeps7fHRZ2ACbdlvzopywRTSZOhfV5Cy0MCCSWVYHZkJqkXzZ3DEkOfFC8tc8_U0ux0AH+0BlUZ-G1MAAGRgnq2tSeziQdiAA5co0G3QAe3ONu_T6fm8lgC_0HwcZ7cZxS3gcAWR3_4O9d9efjxFE2w20IpHJv2fmXGL6OXRpirQiyiJ4yRDIBQG-e","ipv4":"","ipv6":"","sourceIndex":"3367"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.forumer.it/","landingPage":"http://skype.forumer.it/","directDownloadingLink":"http://www.hebanhadic.com/PtGa1SrThkkVA9soJyqaLVNv5ZJ9PIaVzMqAmw3tZN+whs2sicJHnkcSGKBquPeiJAvT1pspp3lTyW67AadU_3lVLuGU9i6cZph+5+FAne1YQB0giZoux3ehqHvRI7PVQGbg9syn8jV2qOKZWd+6485kC7uaCrjf2pO88jyLPXUsgOr1bb8j9PNi31YBqyf_gaQ4BPB_dgklDznIoL9iMcwHjYJe1isE6wT9cJ07P3IF10sNqmPvw99ENwVl3oJRFF7zRQLAqSXtj2mpYo4iG3+2Y9ng+6bWSu0_yMpVj2A6dwGRfGCPIsTx9IDFJSrAiC2hiidjxDZJJ48oGSAP1k36NAnWrRYyOlgZ+chTLzVcYSTKQK5sNnjoHUn6QE_0qKLXtTErg8Lui4ufjs0_8iDCGeCfBZZ9+bSS1q9YoPorcAKfsT9KqWSDCWr0F2yVaPhBngFEYnWHvwAR++sr6NeLdtuVxd0uqRRKJAKaX4B5CHkHVck=-G0wAAGRwXmuLvhiZoAygCRFlFpVktn2257kuAV_YzfNSjkWHE6Fj+NYKVm9lHqeOlyJ4PzZvMd8sYeB5LvfzNqh0wjPGSxwhMg==-e","ipv4":"","ipv6":"","sourceIndex":"3368"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.forumer.it/","landingPage":"http://audacity.forumer.it/","directDownloadingLink":"http://www.hebanhadic.com/zICUUcmUMZkbkBQ3FKa1A0N+rBDP+f69eypxsa2y1qPfAIZetOaU10tWapX8fIiiN2SugxcbqBnCcAln+6sW15eIsP2liUNh0QTupdxbSs08BXLLf+vWK_hWhz3QqogwSlGcZ9x+MfiOyJVGAqmFa+qwL6jxjq9RXY1S6jqPQE73YGXNo1g41vEuAK3SO6aFEozWLLwJeU1kQa_onJ0Dh1sp4N34Otorm3IHzJwULrNzqTxv5AKMHobLhmjjUbbwyPE+MrPtWazWuhn2GoFGqI7Ne90f5erE08MwnPiC+UdBguRcCvvY2uskq9Wr3v1XFwI1er2mlvWopLnFtvtg8_3VJ9Lu0CUh9WRhqkjVJsJI6jPJEzxgQmtHqxqQFnXCBxLAJSKcoYAu3gfczDnHxyoIaZ__B91yrHilpl34bFqOt4pysN4pbMXXv9FjuTPEZ07oo71fnwFC0uhNfowFnNQlWphMhQ3unJlwR6PxNsRb8ZukFu81_1VB0bSRtvxfbhtmkSCR-G08AAGRwXmtrNxOVAcEGHLhEFGAD2m1l28f+vvcl0C88rOtWz0U1E6R46oJ_ws3fKNct5V4UuyEzUNly6BpkxJbhNiFoJIwiCIolMQoF-e","ipv4":"","ipv6":"","sourceIndex":"3369"}],"sampleFiles":["190114/ForumerDownloadMnager-180806/2.3/Samples/ccleaner_0565843533.exe"],"imageFiles":["190114/ForumerDownloadMnager-180806/2.3/Images/ACR-039/ForumerDownloadManager UAC Prompt.png","190114/ForumerDownloadMnager-180806/2.3/Images/ACR-048/ACR-048_install.mp4","190114/ForumerDownloadMnager-180806/2.3/Images/ACR-048/ForumerDownloadManager Remapping X Button to Minimize.gif","190114/ForumerDownloadMnager-180806/2.3/Images/ACR-059/ForumerDownloadManager Avast Offer.png"],"nonDeceptorImageFiles":["190114/ForumerDownloadMnager-180806/2.3/Images/ACR-044/FindMySoftDownloadManager Install First Page.PNG","190114/ForumerDownloadMnager-180806/2.3/Images/ACR-038/ForumerDownloadManager Download Install File.gif","190114/ForumerDownloadMnager-180806/2.3/Images/ACR-065/ForumerDownloadManager Install First Page.png","190114/ForumerDownloadMnager-180806/2.3/Images/ACR-002/ForumerDownloadManager UAC Prompt.png","190114/ForumerDownloadMnager-180806/2.3/Images/ACR-152/ForumerDownloadManager Remapping X Button to Minimize.gif"],"guid":"c8d0741d-c3bd-496c-8d09-40ff25b4a0a4_2.3_1","appID":"ForumerDownloadMnager-180806","dateAdded":"190114","deceptorType":"Bundler","name":"ForumerDownloadManager","company":"Innova Media d.o.o","version":"2.3","sigName":"Deceptor:Win32/ForumerDownloadManager!039048059","lastKnownStatus":"Deceptor:4.7.4,2.3","lastKnownDate":"190114","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-01-15T02:27:13.6921105+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":2,"sortOrder":535},{"violations":{"ACR-003":" The app shows gauges and yellow color that indicates misleading urgency. Also, the app states the sentence \"These issues may be severely degrading your PC's stability and performance\", thereby misleading or scaring user to take action. \n","ACR-004":" The App requires customer to pay to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driverkit-ver_66435152.exe","isInstaller":"True","companyName":"DRIVERSOFT LABS LTD","productName":"DriverKit","productVersion":"1.0.4.3","fileVersion":"1.0.4.3","hashMD5":"b8e935bcafc9a8b356c66b3584054641","hashSHA1":"c4517579a8bfae325efb3873d5520f6aa9939f64","hashSHA256":"d69fb02502bfd79cda6296668740f9de47f91e7468d17051787196b94b70c1f5","digitalCertThumbprint":"983AD574A0FE640E93707CBD1E3A4EDF8376FCF3","sourceIndex":"3371","avBlockList":["Avast Internet Security (20190408)","AVG Internet Security (20190408)","Avira Internet Security (20190408)","ESET Internet Security (20190408)","G DATA INTERNET SECURITY (20190408)","K7 Total Security (20190408)","Kaspersky Internet Security (20190408)","Malwarebytes Premium (20190408)","McAfee Total Protection (20190408)","Norton Security (20190408)","Panda Dome (20190408)","Sophos Home Premium (20190408)","Trend Micro Internet Security (20190408)","VirIT eXplorer PRO (20190408)","Webroot SecureAnywhere (20190408)","Windows Defender (20190408)","360 Total Security (20190408)","COMODO Antivirus (20190408)","Dr.Web Security Space (20190408)","Quick Heal Internet Security (20190408)"],"avAllowList":["Bitdefender Internet Security (20190408)","F-PROT Antivirus for Windows (20190408)","SpyHunter5 (20190408)","Tencent PC Manager (20190408)","VIPRE Advanced Security (20190408)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DriverKit\\DriverKit.exe","companyName":"DRIVERSOFT LABS LTD","productName":"DriverKit","productVersion":"1.0.4.3","fileVersion":"1.0.4.3","hashMD5":"81eeb0c5d8d0a27f8c0c0c7e784b6b60","hashSHA1":"41376c646c35e7f08b4aa73c130ae96fba40ab2f","hashSHA256":"b29a681b193e0984223fcc4f8cf403521073063daefe485bbed92b173f884ecb","digitalCertThumbprint":"983AD574A0FE640E93707CBD1E3A4EDF8376FCF3","sourceIndex":"3371","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://driverkit.net/","directDownloadingLink":"https://driverkit.net/download/?usrid=66435152","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://driverkit.net/download/?usrid=66435152","sourceIndex":"3371"}],"sampleFiles":["190114/DriverKit-190111/1.0.4.3/Samples/driverkit-ver_66435152.exe","190114/DriverKit-190111/1.0.4.3/Samples/DriverKit.exe"],"imageFiles":["190114/DriverKit-190111/1.0.4.3/Images/ACR-004/004.png","190114/DriverKit-190111/1.0.4.3/Images/ACR-004/main.png","190114/DriverKit-190111/1.0.4.3/Images/ACR-003/main.png","190114/DriverKit-190111/1.0.4.3/Images/ACR-003/004.png"],"nonDeceptorImageFiles":[],"guid":"183cd7e6-6f41-4c6a-8bb2-84a26b2727c5_1.0.4.3_1","appID":"DriverKit-190111","dateAdded":"190114","deceptorType":"App","name":"Driverkit","company":"DRIVERSOFT LABS LTD","version":"1.0.4.3","sigName":"Deceptor:Win32/Driverkit!003004","lastKnownStatus":"Deceptor:1.0.4.3","lastKnownDate":"190114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-14T22:27:30.6327939+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2331},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"adobe-reader.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"52aed65cee3e2c33cd09197552cbb1fd","hashSHA1":"01444a57d90527ff09af126942047672f97439ad","hashSHA256":"eac9ea0945b30eec1a1c54d902517fc9d4d43d979e4990d84556c16bde91ace1","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3357","avBlockList":["Avira Internet Security (20190408)","Bitdefender Internet Security (20190408)","ESET Internet Security (20190408)","G DATA INTERNET SECURITY (20190408)","K7 Total Security (20190408)","Kaspersky Internet Security (20190408)","Malwarebytes Premium (20190408)","McAfee Total Protection (20190408)","Norton Security (20190408)","Panda Dome (20190408)","Sophos Home Premium (20190408)","Trend Micro Internet Security (20190408)","VirIT eXplorer PRO (20190408)","Webroot SecureAnywhere (20190408)","Windows Defender (20190408)","360 Total Security (20190408)","COMODO Antivirus (20190408)","Quick Heal Internet Security (20190408)","SpyHunter5 (20190408)","Tencent PC Manager (20190408)","VIPRE Advanced Security (20190408)"],"avAllowList":["Avast Internet Security (20190408)","AVG Internet Security (20190408)","Dr.Web Security Space (20190408)","F-PROT Antivirus for Windows (20190408)"]},{"isRevoked":"False","fileName":"audacity.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"2a374ff8f65c08067eec93f1b5f956ad","hashSHA1":"8d4a8b3c69268733c6bdf772194630c1a393af7c","hashSHA256":"c95c3d3c21c2b4186665127353517bf0431d386e2fd0d1931314538b862345eb","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3357","avBlockList":["Avira Internet Security (20190408)","Bitdefender Internet Security (20190408)","ESET Internet Security (20190408)","G DATA INTERNET SECURITY (20190408)","K7 Total Security (20190408)","Kaspersky Internet Security (20190408)","Malwarebytes Premium (20190408)","McAfee Total Protection (20190408)","Norton Security (20190408)","Panda Dome (20190408)","Sophos Home Premium (20190408)","Trend Micro Internet Security (20190408)","VirIT eXplorer PRO (20190408)","Webroot SecureAnywhere (20190408)","Windows Defender (20190408)","360 Total Security (20190408)","Quick Heal Internet Security (20190408)","SpyHunter5 (20190408)","Tencent PC Manager (20190408)","VIPRE Advanced Security (20190408)"],"avAllowList":["Avast Internet Security (20190408)","AVG Internet Security (20190408)","COMODO Antivirus (20190408)","Dr.Web Security Space (20190408)","F-PROT Antivirus for Windows (20190408)"]},{"isRevoked":"False","fileName":"ccleaner.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9339de0ac88a39d78af95c0ce2318a2a","hashSHA1":"e37231053d7ed6ab4e7eb7f6ab08c571ce177ed7","hashSHA256":"00c3ec9909b2939849b31f2d373664c5538ff35908411283a7ad62e994f1582a","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3357","avBlockList":["Avira Internet Security (20190408)","Bitdefender Internet Security (20190408)","ESET Internet Security (20190408)","G DATA INTERNET SECURITY (20190408)","K7 Total Security (20190408)","Kaspersky Internet Security (20190408)","Malwarebytes Premium (20190408)","McAfee Total Protection (20190408)","Norton Security (20190408)","Panda Dome (20190408)","Sophos Home Premium (20190408)","Trend Micro Internet Security (20190408)","VirIT eXplorer PRO (20190408)","Webroot SecureAnywhere (20190408)","Windows Defender (20190408)","360 Total Security (20190408)","COMODO Antivirus (20190408)","Quick Heal Internet Security (20190408)","SpyHunter5 (20190408)","Tencent PC Manager (20190408)","VIPRE Advanced Security (20190408)"],"avAllowList":["Avast Internet Security (20190408)","AVG Internet Security (20190408)","Dr.Web Security Space (20190408)","F-PROT Antivirus for Windows (20190408)"]},{"isRevoked":"False","fileName":"skype.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ab0391a83760771371bda66fe7c8125d","hashSHA1":"6471a3971bb21d3faa1b4b76ab8fe2f7cc1cf45d","hashSHA256":"eb08cc9627de0af797dddc09f7523bb0736c7632a569ba3e4ef4f694c5059f1f","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3357","avBlockList":["Avira Internet Security (20190408)","Bitdefender Internet Security (20190408)","ESET Internet Security (20190408)","G DATA INTERNET SECURITY (20190408)","K7 Total Security (20190408)","Kaspersky Internet Security (20190408)","Malwarebytes Premium (20190408)","McAfee Total Protection (20190408)","Norton Security (20190408)","Panda Dome (20190408)","Sophos Home Premium (20190408)","Trend Micro Internet Security (20190408)","VirIT eXplorer PRO (20190408)","Webroot SecureAnywhere (20190408)","Windows Defender (20190408)","360 Total Security (20190408)","COMODO Antivirus (20190408)","Quick Heal Internet Security (20190408)","SpyHunter5 (20190408)","Tencent PC Manager (20190408)","VIPRE Advanced Security (20190408)"],"avAllowList":["Avast Internet Security (20190408)","AVG Internet Security (20190408)","Dr.Web Security Space (20190408)","F-PROT Antivirus for Windows (20190408)"]}],"additionalFiles":[],"sources":[{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.forumer.it/","landingPage":"http://ccleaner.forumer.it/","directDownloadingLink":"http://www.hebanhadic.com/lqWBP_zR4j0s6qQfz8LgEWiWBvNq2gdN6K+W1qxY3mOSnaIEOU8VekxgHFnq+KLrFbOpVr4tA66dYyV26EiLsM3gKlYSf7bbUJhmlH8X1xmdvqwcmYaxolMpGaQpwhRDCuYm7S0+ADWLcbDgdlfR1enWtkPyPyQCslRhD+1FPiROmLQGyq7OJyw_ElV8iFkuGNwFF+lReUsYzuZUjihL307scohGQwlD9H1BBi0MWKVArzvYygmW13aez+eUFaGbyLCnR8z6yrPbeRDko+ffEXAMtXvUmTly_hiVFLnmEMS_JnExWoVXhbmb_1Y2pCchSHlBeTIjfdLB4jOBSw+qGylpv_xR2IBDj5UfA3VrQ_Vp_8kQMlt4STpXCwa0G_USV95Zmre99X50MxrJIlIEthb4zr9CsOCWyhN9UYO6wrK46lIYaMm6B3Z2rA6XQoSZ4UXu+ZHUvS2JMvJwjgloZb81xQrYs4Vq9a+qKKfZFxByc3OQHoMBjVIPPtFMew45XUhFudYx-G08AAGRwXmuLOoB4dwCwAQcuERXggHZn23eyv+89CfALh3Xd6tmoMEXVUnBemxM2f6Nft1r+DpMWsef9TRfWvEivmPQRaFTC0jQrUCJHAQ==-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.hebanhadic.com/lqWBP_zR4j0s6qQfz8LgEWiWBvNq2gdN6K+W1qxY3mOSnaIEOU8VekxgHFnq+KLrFbOpVr4tA66dYyV26EiLsM3gKlYSf7bbUJhmlH8X1xmdvqwcmYaxolMpGaQpwhRDCuYm7S0+ADWLcbDgdlfR1enWtkPyPyQCslRhD+1FPiROmLQGyq7OJyw_ElV8iFkuGNwFF+lReUsYzuZUjihL307scohGQwlD9H1BBi0MWKVArzvYygmW13aez+eUFaGbyLCnR8z6yrPbeRDko+ffEXAMtXvUmTly_hiVFLnmEMS_JnExWoVXhbmb_1Y2pCchSHlBeTIjfdLB4jOBSw+qGylpv_xR2IBDj5UfA3VrQ_Vp_8kQMlt4STpXCwa0G_USV95Zmre99X50MxrJIlIEthb4zr9CsOCWyhN9UYO6wrK46lIYaMm6B3Z2rA6XQoSZ4UXu+ZHUvS2JMvJwjgloZb81xQrYs4Vq9a+qKKfZFxByc3OQHoMBjVIPPtFMew45XUhFudYx-G08AAGRwXmuLOoB4dwCwAQcuERXggHZn23eyv+89CfALh3Xd6tmoMEXVUnBemxM2f6Nft1r+DpMWsef9TRfWvEivmPQRaFTC0jQrUCJHAQ==-e","sourceIndex":"3357"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.forumer.it/","landingPage":"http://adobe-reader.forumer.it/","directDownloadingLink":"http://www.hebanhadic.com/J6_nUNYpZBdtJ9y+Xv8sr0JrNCTn_GtTmCfrtQOb3rCpYHSu0RV6QRYv_3gjmPcFjW6YoJdXi1TayxJN9RgZx3G9V3TNN_7nZ7l8iuxKzXtJjBL_KXA9WIIQ3faP8QHyAqiOvRipXGHMwlmQWRO40CVkLsEfX+gD0c82CruoFUhI1p65SNjdEhdyNG8eeT3ORJYxIChIIBWl+b0PW7k1eHsJWjbPT5x89ajd3+gsseSPf8iEYuGXbJbUBTyEhWL0mimJA9xYw_pLv_Ikp+jkqRvyfWL8fjR7t9HM6nCn6N3uXfnsbOM4fBRWZOC0+WNTRArj5gb4KtjPC4x0_z0Ipf0fxpjn5A0_eNZvFcc+9RJGN0zEhUiKgASqbpaHuTixvFPbTDzsvv_m0Pq3Sun7ft5RYduuuRV4IihbBS7fZuDKwSym4MH78Db8hmBa0oeps7fHRZ2ACbdlvzopywRTSZOhfV5Cy0MCCSWVYHZkJqkXzZ3DEkOfFC8tc8_U0ux0AH+0BlUZ-G1MAAGRgnq2tSeziQdiAA5co0G3QAe3ONu_T6fm8lgC_0HwcZ7cZxS3gcAWR3_4O9d9efjxFE2w20IpHJv2fmXGL6OXRpirQiyiJ4yRDIBQG-e","ipv4":"","ipv6":"","sourceIndex":"3358"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.forumer.it/","landingPage":"http://skype.forumer.it/","directDownloadingLink":"http://www.hebanhadic.com/PtGa1SrThkkVA9soJyqaLVNv5ZJ9PIaVzMqAmw3tZN+whs2sicJHnkcSGKBquPeiJAvT1pspp3lTyW67AadU_3lVLuGU9i6cZph+5+FAne1YQB0giZoux3ehqHvRI7PVQGbg9syn8jV2qOKZWd+6485kC7uaCrjf2pO88jyLPXUsgOr1bb8j9PNi31YBqyf_gaQ4BPB_dgklDznIoL9iMcwHjYJe1isE6wT9cJ07P3IF10sNqmPvw99ENwVl3oJRFF7zRQLAqSXtj2mpYo4iG3+2Y9ng+6bWSu0_yMpVj2A6dwGRfGCPIsTx9IDFJSrAiC2hiidjxDZJJ48oGSAP1k36NAnWrRYyOlgZ+chTLzVcYSTKQK5sNnjoHUn6QE_0qKLXtTErg8Lui4ufjs0_8iDCGeCfBZZ9+bSS1q9YoPorcAKfsT9KqWSDCWr0F2yVaPhBngFEYnWHvwAR++sr6NeLdtuVxd0uqRRKJAKaX4B5CHkHVck=-G0wAAGRwXmuLvhiZoAygCRFlFpVktn2257kuAV_YzfNSjkWHE6Fj+NYKVm9lHqeOlyJ4PzZvMd8sYeB5LvfzNqh0wjPGSxwhMg==-e","ipv4":"","ipv6":"","sourceIndex":"3359"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.forumer.it/","landingPage":"http://audacity.forumer.it/","directDownloadingLink":"http://www.hebanhadic.com/zICUUcmUMZkbkBQ3FKa1A0N+rBDP+f69eypxsa2y1qPfAIZetOaU10tWapX8fIiiN2SugxcbqBnCcAln+6sW15eIsP2liUNh0QTupdxbSs08BXLLf+vWK_hWhz3QqogwSlGcZ9x+MfiOyJVGAqmFa+qwL6jxjq9RXY1S6jqPQE73YGXNo1g41vEuAK3SO6aFEozWLLwJeU1kQa_onJ0Dh1sp4N34Otorm3IHzJwULrNzqTxv5AKMHobLhmjjUbbwyPE+MrPtWazWuhn2GoFGqI7Ne90f5erE08MwnPiC+UdBguRcCvvY2uskq9Wr3v1XFwI1er2mlvWopLnFtvtg8_3VJ9Lu0CUh9WRhqkjVJsJI6jPJEzxgQmtHqxqQFnXCBxLAJSKcoYAu3gfczDnHxyoIaZ__B91yrHilpl34bFqOt4pysN4pbMXXv9FjuTPEZ07oo71fnwFC0uhNfowFnNQlWphMhQ3unJlwR6PxNsRb8ZukFu81_1VB0bSRtvxfbhtmkSCR-G08AAGRwXmtrNxOVAcEGHLhEFGAD2m1l28f+vvcl0C88rOtWz0U1E6R46oJ_ws3fKNct5V4UuyEzUNly6BpkxJbhNiFoJIwiCIolMQoF-e","ipv4":"","ipv6":"","sourceIndex":"3360"}],"sampleFiles":["190114/ForumerDownloadMnager-180806/4.7.4/Samples/adobe-reader.exe","190114/ForumerDownloadMnager-180806/4.7.4/Samples/audacity.exe","190114/ForumerDownloadMnager-180806/4.7.4/Samples/ccleaner.exe","190114/ForumerDownloadMnager-180806/4.7.4/Samples/skype.exe"],"imageFiles":["190114/ForumerDownloadMnager-180806/4.7.4/Images/ACR-039/ACR-039_install.mp4","190114/ForumerDownloadMnager-180806/4.7.4/Images/ACR-048/ACR-048_install.mp4","190114/ForumerDownloadMnager-180806/4.7.4/Images/ACR-059/ACR-059_bundlermadeoffer.JPG"],"nonDeceptorImageFiles":["190114/ForumerDownloadMnager-180806/4.7.4/Images/ACR-044/ACR-044_install.JPG","190114/ForumerDownloadMnager-180806/4.7.4/Images/ACR-065/ACR-065_install.JPG","190114/ForumerDownloadMnager-180806/4.7.4/Images/ACR-152/ACR-152_bundlermadeoffer.mp4"],"guid":"c8d0741d-c3bd-496c-8d09-40ff25b4a0a4_4.7.4_1","appID":"ForumerDownloadMnager-180806","dateAdded":"190114","deceptorType":"Bundler","name":"ForumerDownloadManager","company":"Innova Media d.o.o","version":"4.7.4","sigName":"Deceptor:Win32/ForumerDownloadManager!039048050059","lastKnownStatus":"Deceptor:4.7.4,2.3","lastKnownDate":"190114","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-01-16T19:12:14.7453845+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":2,"sortOrder":534},{"violations":{"ACR-004":"App creates an exaggerated sense of urgency by using gauges to show free scan results. App upsells to a subscription service, yet does not provide free fixes for the free scan results shown.\n"},"nonDeceptorViolations":{"ACR-088":"App auto-launches into scan without giving the consumer a choice\n"},"samples":[{"isRevoked":"False","fileName":"XATroopSetup.exe","isInstaller":"True","companyName":"Execace Technologies Private Limited","fileVersion":"3.7","hashMD5":"5ccfde736ba5158390d2ac857473d64c","hashSHA1":"c7a44715bc6d5f506997df1d58a666c0ac0fa0b7","hashSHA256":"8ca832b5044982f03ee8a565be860603dc6195099e04698b646b3a274a6681a9","digitalCertThumbprint":"A5FE438C55BF7B7D8B7BF7D98C5F8905232B497B","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA - G2, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Execace Technologies Private Limited, O=Execace Technologies Private Limited, L=Gurgaon, S=Haryana, C=IN","sourceIndex":"3156","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","Trend Micro Internet Security (20190228)"]},{"isRevoked":"False","fileName":"XATroop.exe","companyName":"Execace Technologies Private Limited","fileVersion":"3.7","hashMD5":"a67db470ab7beaf4bb0cd1f3656e65cd","hashSHA1":"ffc99a0c9da99bafa51eec41e2c4d1e5c8f0664a","hashSHA256":"21d4f8a07bf57bb0f0aea33860b59d559f63b1b75fbe64591c8b0e90e8426a26","digitalCertThumbprint":"A5FE438C55BF7B7D8B7BF7D98C5F8905232B497B","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA - G2, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Execace Technologies Private Limited, O=Execace Technologies Private Limited, L=Gurgaon, S=Haryana, C=IN","sourceIndex":"3156","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.OldCust","reference":"Reviewing old certified apps who haven't recertified","landingPage":"https://www.xatroop.com","directDownloadingLink":"https://www.xatroop.com/#Trial-Form","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.xatroop.com/#Trial-Form","sourceIndex":"3156"},{"howFound":"Hunt.OldCust","reference":"Reviewing old certified apps who haven't recertified","landingPage":"https://www.xatroop.com/xa-troop","directDownloadingLink":"https://s3.amazonaws.com/shieldpartners/XATroop/XATroopSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3157"}],"sampleFiles":["190114/XaTroop-190114/3.7.2/Samples/XATroopSetup.exe","190114/XaTroop-190114/3.7.2/Samples/XATroop.exe"],"imageFiles":["190114/XaTroop-190114/3.7.2/Images/ACR-004/acr-004 showing gauges of free scan results at upsell time.png","190114/XaTroop-190114/3.7.2/Images/ACR-004/acr-004 using gauges and traffic light colors on free scan results.png","190114/XaTroop-190114/3.7.2/Images/ACR-004/acr-004 upsell offer is a monthly subscription.png","190114/XaTroop-190114/3.7.2/Images/ACR-004/acr-004 requires payment to fix free scan results.gif","190114/XaTroop-190114/3.7.2/Images/ACR-004/acr-004 gauges used in free scan results.png"],"nonDeceptorImageFiles":["190114/XaTroop-190114/3.7.2/Images/ACR-088/acr-088 auto launches without options.gif"],"guid":"8f30744a-10cc-46ec-89fd-076d7674dfe7_3.7.2_1","appID":"XaTroop-190114","dateAdded":"190114","deceptorType":"App","name":"XA Troop","company":"Execace Technologies","version":"3.7.2","sigName":"Deceptor:Win32/XATroop!004","lastKnownStatus":"Deceptor:3.7.2","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-02T02:20:59.7341204+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2329},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\"\n","ACR-059":"Makes offers not clearly marked as offers\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service, Privacy Policy is provided for download manager (setup wizard).\n","ACR-035":"  No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager. \n\n","ACR-036":"  No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager. \n\n","ACR-037":"  No Privacy Policy is provided for the download manager.\n","ACR-152":" The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"adobe-flash-professional-cs6_3617895136.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"1c7b2af7f10f75162a04ea926122ac1e","hashSHA1":"4920c1700e5b5d22710142945c166888cef04bc9","hashSHA256":"8b2528efa6b51eb867a529c97510393f78e2d36f7f684d9c00107acab92a53e8","digitalCertThumbprint":"FCF897E44549D7D8C7D3FF053066A95EF2CF09A6","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Mode Supreme (Superior Media Ltd), O=Mode Supreme (Superior Media Ltd), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Israel, PostalCode=6618208, C=IL","sourceIndex":"3161","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"],"avAllowList":["Kaspersky Internet Security (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"http://telecharger.benjaminstrahs.com/","landingPage":"http://telecharger.benjaminstrahs.com/en/download-version/-z-m-v-v-m-x-a?pn_xp=","directDownloadingLink":"http://www.newcyclesigns.com/1t2Z42Uj9+ahkqnguEhQB3YFoI6tu6MUpm49bF5MIAV0EOgp0Suop3NnvCQacb6eCo5mBamBQTEiGow+ZmJsHmr+I_YtCoEmoiAGB+kUD0Eanq561JC31l3lXc861Zj6+wdQxjff7lemmw3U2zlDgHFUEOZbIPq2+4y+eYlHu_JPz6y_963FSdlY0pfOFZ4x7hd87WlAv7wOaTjHmuoFAEuCH6Aq5wzDRf7ER7B51mGpdealDw8vToffj6aIRJGLRymbAbrO9Z3H1EWDK8sDtk90ISsh16a945ac+IyX5wFj2uG4hnRv4avFvAOuzSBE3n8o1N71jfiyBwaea08Jh51cqnyxa_cnHGs+U+s+rDM3TYxNvXkvN13rcfSFrmLusYbRHy1kQoruEV3GspM1Q0QAduDICIB_E93W8CuPoXMAXti8WkCP4Iiwui5REllWL5McH23UzASVo7lHslioaagZyLHx7uCpf7zmYXN9S9FLuVI5EPqreAQpSGGZ1TQqVIM1JB7IbsKhSFm_KYxjzJtAS9nP+2AGob2QmkVSe+O+9G_R9903Kz9LD_GzU_cfMXXidLBJN4QvgtPIzxZHgDa9Nhst4z81lc1GvnCbWqmFYvie560=-G18AAGRpXUzzscUH4AEXX0qkHLliGeAx3HNT8oM2TnuLZbOOxTIrQEV_mXouEq9RgvfiqFlJyRjGOTqQxJzMQ7YJYh3uAijXsK3FDNUVsPkb-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.newcyclesigns.com/1t2Z42Uj9+ahkqnguEhQB3YFoI6tu6MUpm49bF5MIAV0EOgp0Suop3NnvCQacb6eCo5mBamBQTEiGow+ZmJsHmr+I_YtCoEmoiAGB+kUD0Eanq561JC31l3lXc861Zj6+wdQxjff7lemmw3U2zlDgHFUEOZbIPq2+4y+eYlHu_JPz6y_963FSdlY0pfOFZ4x7hd87WlAv7wOaTjHmuoFAEuCH6Aq5wzDRf7ER7B51mGpdealDw8vToffj6aIRJGLRymbAbrO9Z3H1EWDK8sDtk90ISsh16a945ac+IyX5wFj2uG4hnRv4avFvAOuzSBE3n8o1N71jfiyBwaea08Jh51cqnyxa_cnHGs+U+s+rDM3TYxNvXkvN13rcfSFrmLusYbRHy1kQoruEV3GspM1Q0QAduDICIB_E93W8CuPoXMAXti8WkCP4Iiwui5REllWL5McH23UzASVo7lHslioaagZyLHx7uCpf7zmYXN9S9FLuVI5EPqreAQpSGGZ1TQqVIM1JB7IbsKhSFm_KYxjzJtAS9nP+2AGob2QmkVSe+O+9G_R9903Kz9LD_GzU_cfMXXidLBJN4QvgtPIzxZHgDa9Nhst4z81lc1GvnCbWqmFYvie560=-G18AAGRpXUzzscUH4AEXX0qkHLliGeAx3HNT8oM2TnuLZbOOxTIrQEV_mXouEq9RgvfiqFlJyRjGOTqQxJzMQ7YJYh3uAijXsK3FDNUVsPkb-e","sourceIndex":"3161"}],"sampleFiles":["190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Samples/adobe-flash-professional-cs6_3617895136.exe"],"imageFiles":["190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-048/2019-01-09_15-59-07_ACR048.gif","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-059/Capture4.PNG"],"nonDeceptorImageFiles":["190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-044/ACR_044_INSTALL.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-044/Capture1.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-065/ACR_065_INSTALL.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-065/Capture1.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-035/ACR_035_DOCS.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-035/Capture3.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-036/ACR_036_DOCS.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-036/Capture3.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-037/ACR_037_DOCS.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-037/Capture3.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-152/ACR_152_BUNDLER-MADE_OFFER.mp4","190110/AdobeFlashProfessionalCS6Bundler-180524/4.2/Images/ACR-152/2019-01-09_15-59-07_ACR048.gif"],"guid":"9f7edeed-334b-489f-9485-07b19d39970a_4.2_1","appID":"AdobeFlashProfessionalCS6Bundler-180524","dateAdded":"190110","deceptorType":"Bundler","name":"Benjaminstrahs Download Manager","company":"par benjaminstrahs, Inc.","version":"4.2","sigName":"Deceptor:Win32/Benjaminstrahs!048050059","lastKnownStatus":"Deceptor:5.5,4.2","lastKnownDate":"190301","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-03-02T02:11:25.5804325+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2344},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\"\n","ACR-059":"Makes offers not clearly marked as offers\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service, Privacy Policy is provided for download manager (setup wizard).\n","ACR-092":"The application does not have a digital signature it is unsigned.\n","ACR-035":"  No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager. \n\n","ACR-036":"  No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager. \n\n","ACR-037":"  No Privacy Policy is provided for the download manager.\n","ACR-152":" The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"adobe-flash-professional-cs6_2591117185.exe","isInstaller":"True","productName":"Behimeca","productVersion":"5.5","fileVersion":"","hashMD5":"9dcf4a34077f8c148ff2c9b688ceed5e","hashSHA1":"d4caada793188c80d80337d71a9726d1798a55cd","hashSHA256":"c584ba71d2a030c5d3a60cc0b041b21edc981e41ce199e4ba3bca0a067e9845d","sourceIndex":"3160","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"],"avAllowList":["VirIT eXplorer PRO (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"http://telecharger.benjaminstrahs.com/","landingPage":"http://telecharger.benjaminstrahs.com/en/download-version/-z-m-v-v-m-x-a?pn_xp=","directDownloadingLink":"http://www.newcyclesigns.com/1t2Z42Uj9+ahkqnguEhQB3YFoI6tu6MUpm49bF5MIAV0EOgp0Suop3NnvCQacb6eCo5mBamBQTEiGow+ZmJsHmr+I_YtCoEmoiAGB+kUD0Eanq561JC31l3lXc861Zj6+wdQxjff7lemmw3U2zlDgHFUEOZbIPq2+4y+eYlHu_JPz6y_963FSdlY0pfOFZ4x7hd87WlAv7wOaTjHmuoFAEuCH6Aq5wzDRf7ER7B51mGpdealDw8vToffj6aIRJGLRymbAbrO9Z3H1EWDK8sDtk90ISsh16a945ac+IyX5wFj2uG4hnRv4avFvAOuzSBE3n8o1N71jfiyBwaea08Jh51cqnyxa_cnHGs+U+s+rDM3TYxNvXkvN13rcfSFrmLusYbRHy1kQoruEV3GspM1Q0QAduDICIB_E93W8CuPoXMAXti8WkCP4Iiwui5REllWL5McH23UzASVo7lHslioaagZyLHx7uCpf7zmYXN9S9FLuVI5EPqreAQpSGGZ1TQqVIM1JB7IbsKhSFm_KYxjzJtAS9nP+2AGob2QmkVSe+O+9G_R9903Kz9LD_GzU_cfMXXidLBJN4QvgtPIzxZHgDa9Nhst4z81lc1GvnCbWqmFYvie560=-G18AAGRpXUzzscUH4AEXX0qkHLliGeAx3HNT8oM2TnuLZbOOxTIrQEV_mXouEq9RgvfiqFlJyRjGOTqQxJzMQ7YJYh3uAijXsK3FDNUVsPkb-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.newcyclesigns.com/1t2Z42Uj9+ahkqnguEhQB3YFoI6tu6MUpm49bF5MIAV0EOgp0Suop3NnvCQacb6eCo5mBamBQTEiGow+ZmJsHmr+I_YtCoEmoiAGB+kUD0Eanq561JC31l3lXc861Zj6+wdQxjff7lemmw3U2zlDgHFUEOZbIPq2+4y+eYlHu_JPz6y_963FSdlY0pfOFZ4x7hd87WlAv7wOaTjHmuoFAEuCH6Aq5wzDRf7ER7B51mGpdealDw8vToffj6aIRJGLRymbAbrO9Z3H1EWDK8sDtk90ISsh16a945ac+IyX5wFj2uG4hnRv4avFvAOuzSBE3n8o1N71jfiyBwaea08Jh51cqnyxa_cnHGs+U+s+rDM3TYxNvXkvN13rcfSFrmLusYbRHy1kQoruEV3GspM1Q0QAduDICIB_E93W8CuPoXMAXti8WkCP4Iiwui5REllWL5McH23UzASVo7lHslioaagZyLHx7uCpf7zmYXN9S9FLuVI5EPqreAQpSGGZ1TQqVIM1JB7IbsKhSFm_KYxjzJtAS9nP+2AGob2QmkVSe+O+9G_R9903Kz9LD_GzU_cfMXXidLBJN4QvgtPIzxZHgDa9Nhst4z81lc1GvnCbWqmFYvie560=-G18AAGRpXUzzscUH4AEXX0qkHLliGeAx3HNT8oM2TnuLZbOOxTIrQEV_mXouEq9RgvfiqFlJyRjGOTqQxJzMQ7YJYh3uAijXsK3FDNUVsPkb-e","sourceIndex":"3160"}],"sampleFiles":["190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Samples/adobe-flash-professional-cs6_2591117185.exe"],"imageFiles":["190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-048/ACR_048_INSTALL.mp4","190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-059/ACR_059_INSTALL.PNG"],"nonDeceptorImageFiles":["190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-044/ACR_044_INSTALL.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-065/ACR_065_INSTALL.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-092/ACR_092_SOFTWARE.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-035/ACR_035_DOCS.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-036/ACR_036_DOCS.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-037/ACR_037_DOCS.PNG","190110/AdobeFlashProfessionalCS6Bundler-180524/5.5/Images/ACR-152/ACR_152_BUNDLER-MADE_OFFER.mp4"],"guid":"9f7edeed-334b-489f-9485-07b19d39970a_5.5_1","appID":"AdobeFlashProfessionalCS6Bundler-180524","dateAdded":"190110","deceptorType":"Bundler","name":"Benjaminstrahs Download Manager","company":"par benjaminstrahs, Inc.","version":"5.5","sigName":"Deceptor:Win32/Benjaminstrahs!048050059","lastKnownStatus":"Deceptor:5.5,4.2","lastKnownDate":"190301","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-03-02T02:11:56.0420978+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2343},{"violations":{"ACR-043":"Multiple third party components are installed which are not disclosed to the user in the EULA and offer or landing page.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application internal offer webpage elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft and Intel is endorsing the app.\n","ACR-059":" The app was not clearly marked as an optional or additional offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the inline offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The Terms of use and Privacy policy provided belongs to 'Threat Support'.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\nThe landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"The installed application has a different publisher name than what is located in the certification information.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n The application's inline offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays logos or partnerships with Microsoft and Intel which are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"Anti-MalwarePro-Installer-2017.exe","isInstaller":"True","companyName":"n/a","productName":"AntiMalware Pro 2018","productVersion":"3.1.0.0","fileVersion":"n/a","hashMD5":"1b46b6d36b6b8c860c30bf9a3e089b08","hashSHA1":"a1d791a9e99d05465f02f0a0e3b61bdb6af4eaea","hashSHA256":"e773eba6c5d9be9be8e61aad34f44dfac326a3ad5909b8eeb85bb20052908cab","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., O=PC Cleaners Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3376","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"],"avAllowList":["Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)"]},{"isRevoked":"False","fileName":"AntiMalwarePro.exe","companyName":"Anti-Malware Inc.","productName":"Anti-Malware Pro","productVersion":"1.6.0.0","fileVersion":"1.4.0.0","hashMD5":"f8066f22c51975098772bd56dcfe652c","hashSHA1":"892faf6f8e20c81e398e989068b8f3257302542b","hashSHA256":"656406071486ebbaec410682f0bdb1f13b5c976a3acc8792395727e6998166d7","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., O=PC Cleaners Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3376","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com (remove spyware tool)","landingPage":"http://antimalwarepro.com/","directDownloadingLink":"http://pc-cleaners.com/Anti-MalwarePro-Installer-2017.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pc-cleaners.com/Anti-MalwarePro-Installer-2017.exe","sourceIndex":"3376"}],"sampleFiles":["190110/Anti-MalwarePro-180316/1.6.0.0/Samples/Anti-MalwarePro-Installer-2017.exe","190110/Anti-MalwarePro-180316/1.6.0.0/Samples/AntiMalwarePro.exe"],"imageFiles":["190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_1.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_2.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_3.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-017/ACR_017_INSTALL.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-017/ACR_017_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-059/ACR_059_INLINE_OFFERS.PNG"],"nonDeceptorImageFiles":["190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-065/ACR_065_INSTALL.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-065/ACR_065_INLINE_OFFERS.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-099/ACR_099_INLINE_OFFERS.PNG","190110/Anti-MalwarePro-180316/1.6.0.0/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG"],"guid":"cb8acf1e-0608-47b0-bbbd-97831742819e_1.6.0.0_1","appID":"Anti-MalwarePro-180316","dateAdded":"190110","deceptorType":"App","name":"Anti-Malware Pro","company":"Anti-Malware Inc.","version":"1.6.0.0","sigName":"Deceptor:Win32/AntiMalwarePro!017043059","lastKnownStatus":"Deceptor:1.6.0.0,3.1.0.0","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-01T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2342},{"violations":{"ACR-043":"Multiple third party components are installed which are not disclosed to the user in the EULA and offer or landing page.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application internal offer webpage elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft and Intel is endorsing the app.\n","ACR-116":"Cannot uninstall app from standard uninstall method.\n","ACR-059":" The app was not clearly marked as an optional or additional offer.\n","ACR-124":"The app provides additional uninstall confirmation prompts and the options to continue uninstall is not clearly shown.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the inline offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The Terms of use and Privacy policy provided belongs to 'Threat Support'.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\nThe landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"The installed application has a different publisher name than what is located in the certification information.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n The application's inline offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays logos or partnerships with Microsoft and Intel which are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"Anti-MalwarePro-Installer-2017.exe","isInstaller":"True","companyName":"N/A","productName":"Anti-Malware Pro","productVersion":"3.1.0.0","fileVersion":"N/A","hashMD5":"21c10bc9df96f1f045e85fd1247f67c4","hashSHA1":"a486d8f4db76cff656e477b5e80479f125084a87","hashSHA256":"a598e3aaaf436088398f31b0af6308214772978c2d895f8be43db8561f94d818","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., O=PC Cleaners Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3159","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"],"avAllowList":["Trend Micro Internet Security (20190209)"]},{"isRevoked":"False","fileName":"AntiMalwarePro.exe","companyName":"Anti-Malware Inc.","productName":"Anti-Malware Pro","productVersion":"1.6.0.0","fileVersion":"1.4.0.0","hashMD5":"547aa665cb75c3c383efca88fd6d9fc5","hashSHA1":"a6ecdd0ec09e99adc5998797d3ccbfe4213d6483","hashSHA256":"69e79fc3a49c1dc28658fbe116f81c9776d99ea82aa1f02f08c4051e23ba41c6","digitalCertThumbprint":"07D084EDD02E4C8FA3CAD1D5542EE5BA939229EA","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=PC Cleaners Inc., O=PC Cleaners Inc., L=Laguna Niguel, S=California, C=US","sourceIndex":"3159","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com (remove spyware tool)","landingPage":"http://antimalwarepro.com/","directDownloadingLink":"http://pc-cleaners.com/Anti-MalwarePro-Installer-2017.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pc-cleaners.com/Anti-MalwarePro-Installer-2017.exe","sourceIndex":"3159"}],"sampleFiles":["190110/Anti-MalwarePro-180316/3.1.0.0/Samples/Anti-MalwarePro-Installer-2017.exe","190110/Anti-MalwarePro-180316/3.1.0.0/Samples/AntiMalwarePro.exe"],"imageFiles":["190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_1.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_2.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_3.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-043/Anti-MalwarePro ACR_043 Install.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-043/Anti-MalwarePro ACR_043 Install2.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-043/Anti-MalwarePro ACR_043 Install3.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-017/ACR_017_INSTALL.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-017/Anti-MalwarePro ACR_017 Install.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-017/ACR_017_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-017/Anti-MalwarePro ACR_017 Software.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-017/Anti-MalwarePro ACR_17 InternalOffers.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-116/Anti-MalwarePro ACR_116 and ACR_048 Uninstall.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-124/Anti-MalwarePro ACR_124 Uninstall.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-059/ACR_059_INLINE_OFFERS.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-059/Anti-MalwarePro ACR_065 and ACR_099 and ACR_059 InlineOffers.png"],"nonDeceptorImageFiles":["190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-065/Anti-MalwarePro ACR_065 Software.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-065/ACR_065_INLINE_OFFERS.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-065/Anti-MalwarePro ACR_065 InlineOffers.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-065/Anti-MalwarePro ACR_065 InternalOffers.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-161/Anti-MalwarePro ACR_161 InternalOffers.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-161/Anti-MalwarePro ACR_161 LandingPage.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-088/Anti-MalwarePro ACR_088 Software.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-092/Anti-MalwarePro ACR_092 Software.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-099/ACR_099_INLINE_OFFERS.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-099/Anti-MalwarePro ACR_065 and ACR_099 InlineOffers.png","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","190110/Anti-MalwarePro-180316/3.1.0.0/Images/ACR-150/Anti-MalwarePro ACR_150 InternalOffers.png"],"guid":"cb8acf1e-0608-47b0-bbbd-97831742819e_3.1.0.0_1","appID":"Anti-MalwarePro-180316","dateAdded":"190110","deceptorType":"App","name":"Anti-Malware Pro","company":"Anti-Malware Inc.","version":"3.1.0.0","sigName":"Deceptor:Win32/AntiMalwarePro!017043059116124","lastKnownStatus":"Deceptor:1.6.0.0,3.1.0.0","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-02T02:16:06.7515867+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2341},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as problems of high risk, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"The application does not have a digital signature.\n","ACR-157":"The application does not have a digital signature.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"No privacy policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app displays five star awards from Softpedia, Shareware and Editor's Choice that are unable to be verified.\nThe app displays five star awards from Softpedia, Shareware and Editor's Choice that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"Chily Registry Cleaner.exe","isInstaller":"True","companyName":"Chily Softech Private Limited","productName":"Chily Registry Cleaner","productVersion":"7.12.01","fileVersion":"na","hashMD5":"740ab60025b2d9021e5078aa0765e7e8","hashSHA1":"f8c0ead9ef15baf0881c11c8f8190f26210489a3","hashSHA256":"67e7550d76f394b5ba518c898f921594604018a3ee18671e08907f9e0b1bbae3","digitalCertThumbprint":"na (unsigned)","digitalCertIssuer":"na (unsigned)","digitalCertIssuedTo":"na (unsigned)","sourceIndex":"3374","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Chily Registry Cleaner.EXE","companyName":"Chily Softech Pvt Ltd","productName":"Chily Registry Cleaner","productVersion":"7, 12, 0, 1","fileVersion":"7, 12, 0, 1","hashMD5":"1810530dabdadca1c753b48287b8fa41","hashSHA1":"554cde756837ac24af3416eda53db80cb202714f","hashSHA256":"78224ec59ccedee3ea62a27560fae5f173f5c201bb3d8eb2e4c94f7326838682","sourceIndex":"3374","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","Windows Defender (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://www.chilyregistrycleaner.com/","directDownloadingLink":"http://www.chilyregistrycleaner.com/downloads/chily-registry-cleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.chilyregistrycleaner.com/downloads/chily-registry-cleaner.exe","sourceIndex":"3374"}],"sampleFiles":["190110/ChilyRegistryCleaner-171026/7.12.01/Samples/chily-registry-cleaner.exe","190110/ChilyRegistryCleaner-171026/7.12.01/Samples/Chily Registry Cleaner.exe"],"imageFiles":["190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-003/ACR-003_software.PNG"],"nonDeceptorImageFiles":["190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-163/ACR-163_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-150/ACR-150_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-065/ACR-065_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-099/ACR-099_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-065/ACR-065_install.PNG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-092/ACR-092_software.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-157/ACR-157_software.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-160/ACR-160_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-065/ACR-065_software.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-099/ACR-065_software.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-065/ACR-065_internaoffer.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-163/ACR-163_internaoffer.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-099/ACR-099_internaoffer.JPG","190110/ChilyRegistryCleaner-171026/7.12.01/Images/ACR-150/ACR-150_internaoffer.JPG"],"guid":"c4a217f2-26d1-4541-9c24-69a4e66a3861_7.12.01_1","appID":"ChilyRegistryCleaner-171026","dateAdded":"190110","deceptorType":"App","name":"Chily Registry Cleaner","company":"chilyregistrycleaner.com","version":"7.12.01","sigName":"Deceptor:Win32/ChilyRegistryCleaner!003","lastKnownStatus":"Deceptor:7.12.01,7.12.0.1","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-03-01T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2340},{"violations":{"ACR-042":"The apps installer proceeds with a silent install, not obtaining user permission before installing.\n","ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. When the user tries to close it app it reappears immediately.\n","ACR-003":"The app displays a popup stating that the computer is in critical state because of malware attack and that the pc antivirus crashed but does not substantiate any such claims, thereby they mislead or scare the user to take action.\n\n","ACR-005":"The popups are displayed as if they system/windows errors by displaying the windows security shield on the popup and labeling popups \"windows security alert\".\n","ACR-009":"The application attempts to coerce the user into taking some action by displaying warning messages and telling the user that their antivirus is going to crash.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application's internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The app name is not consistent in the EULA page and the software.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe application's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's docs provides a phone number for one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from a different source than what was disclosed. The app's digital certificate is signed by \"Fesco3 Corporation\" which is not disclosed in the app's EULA.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n","ACR-017":"The Landing Page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"JunckCleaner.exe","isInstaller":"True","companyName":"Fesco3 Corporation","fileVersion":"1.0","hashMD5":"e668d7c1cca82039f81cbfaafbb928d8","hashSHA1":"08b6b4881c04ec23662f0468ea9400346e492984","hashSHA256":"6439c0a58228a6c003fd86bc7f98ac7e049b342dbfef9b9a3b349ac7d9a52e98","digitalCertThumbprint":"55F6FAC693A8A799750D4141095179E1FF559D89","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Fesco3 Corporation, OU=Devlopment, O=Fesco3 Corporation, STREET=167 Prospect Pl, L=Rutherford, S=NJ, PostalCode=07070, C=US","sourceIndex":"3379","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","Avira Internet Security (20190404)","Bitdefender Internet Security (20190404)","ESET Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","K7 Total Security (20190404)","Kaspersky Internet Security (20190404)","Malwarebytes Premium (20190404)","McAfee Total Protection (20190404)","Norton Security (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","360 Total Security (20190404)","COMODO Antivirus (20190404)","Quick Heal Internet Security (20190404)","SpyHunter5 (20190404)","Tencent PC Manager (20190404)","VIPRE Advanced Security (20190404)"],"avAllowList":["Trend Micro Internet Security (20190404)","Dr.Web Security Space (20190404)","F-PROT Antivirus for Windows (20190404)"]},{"isRevoked":"False","fileName":"JunkCleaner.exe","fileVersion":"1.1","hashMD5":"0980eb17b5335ca5448e65ba54ad2baa","hashSHA1":"13cc0838c69c14d443680c133761c7dbf27b3edf","hashSHA256":"32f95770fb37b3ce843afe97d4e9b1afb76b4875566adc33a3413e36e414ac7c","digitalCertThumbprint":"55F6FAC693A8A799750D4141095179E1FF559D89","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Fesco3 Corporation, OU=Devlopment, O=Fesco3 Corporation, STREET=167 Prospect Pl, L=Rutherford, S=NJ, PostalCode=07070, C=US","sourceIndex":"3379","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.junkcleaner.net/","directDownloadingLink":"http://www.junkcleaner.net/download/JunkCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.junkcleaner.net/download/JunkCleaner.exe","sourceIndex":"3379"}],"sampleFiles":["190110/JunkCleaner-180327/1.1.3.1/Samples/JunkCleanerInstall.exe","190110/JunkCleaner-180327/1.1.3.1/Samples/JunkCleaner.exe"],"imageFiles":["190110/JunkCleaner-180327/1.1.3.1/Images/ACR-048/Junk Cleaner not closing.gif","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-048/ACR-048_software.mp4","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-003/Antivirus Crash Message.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-003/Warning Malware Detected.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-005/Antivirus Crash Message.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-005/Warning Malware Detected.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-009/Antivirus Crash Message.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-009/Warning Malware Detected.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-017/Junk Cleaner Clear Clipboard.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-168/Junk Cleaner Clear Clipboard.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-168/Junk Cleaner Internal Offers Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-168/ACR-168_internaloffer.JPG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-042/Junk Cleaner Silent Download.gif"],"nonDeceptorImageFiles":["190110/JunkCleaner-180327/1.1.3.1/Images/ACR-065/Junk Cleaner Help.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-042/ACR-042_install.mp4","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-161/Junk Cleaner Bottom of Landing Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-161/Junk Cleaner Internal Offers Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-161/ACR-161_internaloffer.JPG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-163/Junk Cleaner Help.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-163/Junk Cleaner Bottom of Landing Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-163/Junk Cleaner Landing Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-163/Junk Cleaner EULA Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-163/Junk Cleaner Internal Offers Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-163/ACR-163_internaloffer.JPG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-092/Junk Cleaner EULA Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-092/Junk Cleaner Installer sigcheck results.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-160/Junk Cleaner Clear Clipboard.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-099/Junk Cleaner Help.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-099/Junk Cleaner Internal Offers Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-099/ACR-099_internaloffer.JPG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-168/Junk Cleaner Bottom of Landing Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-167/Junk Cleaner EULA Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-002/Junk Cleaner EULA Page.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-002/Junk Cleaner Installer sigcheck results.PNG","190110/JunkCleaner-180327/1.1.3.1/Images/ACR-017/Junk Cleaner Bottom of Landing Page.PNG"],"guid":"1cbe90d2-5c25-413c-bc1f-4976e66e7682_1.1.3.1_1","appID":"JunkCleaner-180327","dateAdded":"190110","deceptorType":"App","name":"Junk Cleaner","company":"Pandaje Technical Services Pvt.","version":"1.1.3.1","sigName":"Deceptor:Win32/JunkCleaner!003005009017042048168","lastKnownStatus":"Deceptor:2.1.0.1,1.1.3.1","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,call center","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2335},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\"\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation, and the function of the download manager.\n","ACR-038":"Relationship between findmysoft.com, the carrier and its vendor, the the download manager, and the role of the download manager are unclear. User is asked to accept running (with privileges) a differently-named download manager signed by a previous-undisclosed company, then user is presented with a download screen that claims this is findmysoft.com's Download Manager. App doesn't indicate the source of the carrier.\n","ACR-065":"No EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided for the download manager.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"DownloadManager.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"82d0bd8d1d1d818b554b42694189aaa9","hashSHA1":"19fd68a941c76d1309ff5d392a8c34cf29c24f1d","hashSHA256":"db3280687d42358da45c19a83eabc051060466ed7e7819687547606b7169c738","sourceIndex":"3192","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","Avira Internet Security (20190404)","Bitdefender Internet Security (20190404)","ESET Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","K7 Total Security (20190404)","Kaspersky Internet Security (20190404)","Malwarebytes Premium (20190404)","McAfee Total Protection (20190404)","Norton Security (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","Trend Micro Internet Security (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","360 Total Security (20190404)","COMODO Antivirus (20190404)","Quick Heal Internet Security (20190404)","SpyHunter5 (20190404)","Tencent PC Manager (20190404)","VIPRE Advanced Security (20190404)"],"avAllowList":["Dr.Web Security Space (20190404)","F-PROT Antivirus for Windows (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"findmysoft.com","landingPage":"http://detox-my-pc.findmysoft.com/","directDownloadingLink":"http://www.updatefuntours.com/7jMr0PVqB9dpWGlzLT5jOXs1E2YqVbKhHRzx6dwdmVty+PPb1BgTRH4vcozRRCzE4xr3uFkZQ45T74lQ2VX4t+4xUFKbChcyDY5fSFwfdNAWkpyQksoYLNnx8mI9ALjfluEyz1E41O1qTPkuhC0t4GhKYh3grkL8c6_74aV76jxDmySGHzb1Z_Qji_VcgyRynoKFl+ClHZDajJJUyuDPQXj08Qw0xPACylnI7BfQdBRj9SzUsXMTxjBwUcGpIp9BvZo+Z5s5J9YMvguqfpYmTWhwZXkKNwgFR9BPamHHJFxlLwvR5FOFH5nWDURCAjURe6dXla2xMZc9HYKOcEFX0Kq2ILtBYWy9AgUYsCTwk9n5N88Z9pOSneCVgGbReac5UaB0+XONNLmln8k+NAPfToQuWPyBkbRjGs8AoU3M4Pi47Y+GYSnWKAXenXSLS4QwHEBGJ6uI1lhSr+PBlMUnwHX50PFnXxqcX99qcrrOdrr4i5EzCRc=-G0IAAETdFtP+C4JdrYKhiciDQQwafnDIAftbQRg4BhtjZyoEld84ohK2431SLFZ1sySWyFX_NTRHLyPPtxcCCakp-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.updatefuntours.com/7jMr0PVqB9dpWGlzLT5jOXs1E2YqVbKhHRzx6dwdmVty+PPb1BgTRH4vcozRRCzE4xr3uFkZQ45T74lQ2VX4t+4xUFKbChcyDY5fSFwfdNAWkpyQksoYLNnx8mI9ALjfluEyz1E41O1qTPkuhC0t4GhKYh3grkL8c6_74aV76jxDmySGHzb1Z_Qji_VcgyRynoKFl+ClHZDajJJUyuDPQXj08Qw0xPACylnI7BfQdBRj9SzUsXMTxjBwUcGpIp9BvZo+Z5s5J9YMvguqfpYmTWhwZXkKNwgFR9BPamHHJFxlLwvR5FOFH5nWDURCAjURe6dXla2xMZc9HYKOcEFX0Kq2ILtBYWy9AgUYsCTwk9n5N88Z9pOSneCVgGbReac5UaB0+XONNLmln8k+NAPfToQuWPyBkbRjGs8AoU3M4Pi47Y+GYSnWKAXenXSLS4QwHEBGJ6uI1lhSr+PBlMUnwHX50PFnXxqcX99qcrrOdrr4i5EzCRc=-G0IAAETdFtP+C4JdrYKhiciDQQwafnDIAftbQRg4BhtjZyoEld84ohK2431SLFZ1sySWyFX_NTRHLyPPtxcCCakp-e","sourceIndex":"3192"},{"howFound":"Hunt.DownloadSite","reference":"findmysoft.com","landingPage":"http://skype.findmysoft.com/download/","directDownloadingLink":"http://www.updatefuntours.com/JvKzGsiy3RvpMd6YHauvI8B5RI+nVhPAJ1Wu+hFUjkUYOBtCyyT0SjRMVUkzNPJK9Wgaarg7x6cRfyBSxKQ9kYtFwbEJuBQ5eceXWeHt7stjloux6N_SEk9R2Ns9M6AEFs5GyMPwKoDWmR_joUREl_ZITaTax7DvTuzNe6ySn0ZevBFeRr3bXfmVam5Yn0jJy+qVEKlB7p6tv6Xy2YA88XWyDtAcoIof0wYmceV8VZhz9iL1zaYFdtWQVN35JIpBKf80jNtl3G6Z5ZFu2yt4jWLPgbTP0HxA_CN87FE0boiicbd_NhUNVOLueFpLObXniABZEbL+59FaN1qDlmfFOQ5biftNTzzHImtBJCgIkjWc9M0F143I2PI4OYb3xNdU5jgdb7WuPlGf7vY1kAmrKZS30Oi9_cYiLdMpIYMlNnkpZy9MnMq9RvjSYq7wHAdFlCyK37xsTwe6pa+7fQcihZwwmIna_kuF6P9+ke9SYzFE0nfUfsTR2577ezPeikADyXDcpwea5fqP5gUzQOH24E6jA5LHGA==-G00AAMTaZmyK+qKGYiiGpLeDwQwPe2GDDThwiyDAB7ABbwvbPt5mugSmcu_zK5MyX2UitOdeYEnNMSYIhY2JAvqB70E72s_ejh8B-e","ipv4":"","ipv6":"","sourceIndex":"3193"},{"howFound":"Hunt.DownloadSite","reference":"findmysoft.com","landingPage":"http://winamp.findmysoft.com/","directDownloadingLink":"http://www.updatefuntours.com/hsrgLT+3s7gXupsdaZ8rv_haSohAb8agmAmZXFAjt5+uQ6XADCJH7myEiQ4afuyYJFcUhcbfPOkhj_BaWmSiOhHj2TfNe4pAz5gP+jizWvQXlshN4qeBNhyIfvMmAkfdYR0+2kiFZ66nmJujDQuae2v+wvMfh8cXe4PO3XRJ3PrJnOgl64_NOvgbeK16Vha3OiDLaLa8HEZz9veVDP4PFdg49VWc4_+1YZ7ge_QOFxnTdyBbYHBfSIyCy6qbzN+2SIeXlXVbkriQ_qgg3EPXmIyjRrArExTMDxt9CpcWR1_nzcWWlq6e65pd2YePKb23ibNXnZvNTHQpqOY8gcaipI_I4KpbAnnJmG_zfhG046qdJ7pHo6bcGgGGQzvy7GrFge14216OEOraBH65sLjNLbxtfB47Wans565RPC4MC47mmqVfCH8=-GzkAAETnFtvP2DgtOgPBgLOp4JAD9reCMGAMNsbOVAgqv3FEBbb+fVIs5vPSku68a88+IyAJ9Qo=-e","ipv4":"","ipv6":"","sourceIndex":"3194"},{"howFound":"Hunt.DownloadSite","reference":"findmysoft.com","landingPage":"http://vlc-media-player.findmysoft.com/","directDownloadingLink":"http://www.updatefuntours.com/EH_LPboDkLGVCrRe6juzx4BjEctO0pGxVm+EnG5aWnr7rQBr9B0XzklipULqWDVJh386sPHfSNXmu+r+nier3j5Fr_yJXZXzT1NKnv6R_jcBprbcds_ukhvZacK89cxN9WCbEPoh2dZaKTI_i3EJOprSluYMsO4nMCZ_FW5Yasa2kaDuDNS_YaecZ_6IWeRj0hF6HpZqmjjr7TZ0vF+jHRyKWYcj48LE1ZaU2Len_Z6qYiwnK2OBMLnBaxky2vJXgOrlVpqwUWgpvq8e_sbIikYshcHRHSFYW0b0gWQkEHQfDzF3JW7iNSvpXmyAAAwHc8sXjUO04tqFQBHLG+IfXqqa1MLt658cfGodc0ude2DQ0sAlcrctyUT8zrw2V9yHVDPrE1unHj26XXLPVYzVq7T5P2GY3RJdQbcSAECPxB9ZUZ14XcHhMqikXdQnw2+XE0MFyip4NDcUxWWB7yNCjW0NFh0Z3R96fE+se410jAfZ896KIvypAOvEyWxdRfzhiU6N2qT1MFu_yK7CZudsP4VH6ED3U6Ny88whLaN37RIaCa2xycNueSJ9mVHIwiDYMUT53LRT-G0MAAMTyFtPf_d6HplJVs7kg6DjGAfv3MA6I87AxdqZBYOmNHRRgvd8n1sKCPj0ZydGqde2zzIQxCxwBPQE=-e","ipv4":"","ipv6":"","sourceIndex":"3195"}],"sampleFiles":["190110/FindmysoftDownloadManager-180420/2.3.6/Samples/DownloadManager.exe"],"imageFiles":["190110/FindmysoftDownloadManager-180420/2.3.6/Images/ACR-048/FindMySoftDownloadManager Remapping X button.gif","190110/FindmysoftDownloadManager-180420/2.3.6/Images/ACR-059/FindMySoftDownloadManager Opera Offer.PNG"],"nonDeceptorImageFiles":["190110/FindmysoftDownloadManager-180420/2.3.6/Images/ACR-044/FindMySoftDownloadManager Install First Page.PNG","190110/FindmysoftDownloadManager-180420/2.3.6/Images/ACR-038/FindMySoftDownloadManager Downloading install file.gif","190110/FindmysoftDownloadManager-180420/2.3.6/Images/ACR-065/FindMySoftDownloadManager Install First Page.PNG","190110/FindmysoftDownloadManager-180420/2.3.6/Images/ACR-035/FindMySoftDownloadManager Install First Page.PNG","190110/FindmysoftDownloadManager-180420/2.3.6/Images/ACR-036/FindMySoftDownloadManager Install First Page.PNG","190110/FindmysoftDownloadManager-180420/2.3.6/Images/ACR-152/FindMySoftDownloadManager Remapping X button.gif"],"guid":"497159e5-e343-4592-a2a8-6dd7f9034d39_2.3.6_1","appID":"FindmysoftDownloadManager-180420","dateAdded":"190110","deceptorType":"Bundler","name":"FindmysoftDownloadManager","company":"FindMySoft.com","version":"2.3.6","sigName":"Deceptor:Win32/FindmysoftDownloadManager!048059","lastKnownStatus":"Deceptor:5.4,2.3.6","lastKnownDate":"190213","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-02-14T00:15:51.6694428+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2337},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. When the user tries to close it app it reappears immediately.\n","ACR-003":"The app displays a popup stating that the computer is in critical state because of malware attack and that the pc antivirus crashed but does not substantiate any such claims, thereby they mislead or scare the user to take action.\n\n","ACR-005":"The popups are displayed as if they system/windows errors by displaying the windows security shield on the popup and labeling popups \"windows security alert\".\n","ACR-009":"The application attempts to coerce the user into taking some action by displaying warning messages and telling the user that their antivirus is going to crash.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application's internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-116":"The application cannot be uninstalled using the platform standard features.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe application's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's docs provides a phone number for one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Fesco3 Corporation\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-121":"No options are available to uninstall the app\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"JunkCleanersetup.exe","isInstaller":"True","companyName":"Fesco3","productName":"JunkCleaner","productVersion":"1.0.0","fileVersion":"1.0","hashMD5":"acc3cc0284a5b267d34743127eb08ec8","hashSHA1":"9390fbd5e74eb641022264a70ede8a0cf250f9fe","hashSHA256":"580b0e675a12e45b48869e9287f21507854921f61421111756b68c649eacb2ff","digitalCertThumbprint":"55F6FAC693A8A799750D4141095179E1FF559D89","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Fesco3 Corporation, OU=Devlopment, O=Fesco3 Corporation, STREET=167 Prospect Pl, L=Rutherford, S=NJ, PostalCode=07070, C=US","sourceIndex":"3657","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","Avira Internet Security (20190404)","Bitdefender Internet Security (20190404)","ESET Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","K7 Total Security (20190404)","Kaspersky Internet Security (20190404)","Malwarebytes Premium (20190404)","McAfee Total Protection (20190404)","Norton Security (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","360 Total Security (20190404)","SpyHunter5 (20190404)","Tencent PC Manager (20190404)","VIPRE Advanced Security (20190404)"],"avAllowList":["Trend Micro Internet Security (20190404)","COMODO Antivirus (20190404)","Dr.Web Security Space (20190404)","F-PROT Antivirus for Windows (20190404)","Quick Heal Internet Security (20190404)"]},{"isRevoked":"False","fileName":"JunkCleaner.exe","productName":"Junk Cleaner","productVersion":"1.1.3.1","fileVersion":"1.1.3.1","hashMD5":"04e85f01cfdf4efc6fe3c23fb74ea706","hashSHA1":"31a5a2bb3ab79a67c14319e6c4b3578ea8303a33","hashSHA256":"2c07c7b5fa194f66dad165df8c526726abce70f6461202a0b14cddae8b107783","digitalCertThumbprint":"55F6FAC693A8A799750D4141095179E1FF559D89","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Fesco3 Corporation, OU=Devlopment, O=Fesco3 Corporation, STREET=167 Prospect Pl, L=Rutherford, S=NJ, PostalCode=07070, C=US","sourceIndex":"3657","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.junkcleaner.net/","directDownloadingLink":"http://www.junkcleaner.net/download/JunkCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.junkcleaner.net/download/JunkCleaner.exe","sourceIndex":"3657"}],"sampleFiles":["180331/JunkCleaner-180327/2.1.0.1/Samples/JunkCleanersetup.exe","180331/JunkCleaner-180327/2.1.0.1/Samples/JunkCleaner.exe"],"imageFiles":["180331/JunkCleaner-180327/2.1.0.1/Images/ACR-048/ACR-048_software.mp4","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-003/ACR-003_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-003/ACR-003_software1.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-005/ACR-005_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-005/ACR-005_software1.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-009/ACR-009_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-009/ACR-009_software1.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-017/ACR-017_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-168/ACR-168_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-168/ACR-168_internaloffer.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-116/ACR-116_software.mp4"],"nonDeceptorImageFiles":["180331/JunkCleaner-180327/2.1.0.1/Images/ACR-065/ACR-065_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-042/ACR-042_install.mp4","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-161/ACR-161_landingpage.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-161/ACR-161_internaloffer.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-163/ACR-163_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-163/ACR-163_LANDINGPAGE.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-163/ACR-163_LANDINGPAGE1.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-163/ACR-163_docs.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-163/ACR-163_internaloffer.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-092/ACR-092_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-160/ACR-160_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-099/ACR-099_software.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-099/ACR-099_internaloffer.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-168/ACR-168_LANDINGPAGE.JPG","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-121/ACR-121_uninstall.mp4","180331/JunkCleaner-180327/2.1.0.1/Images/ACR-167/ACR-167_docs.JPG"],"guid":"1cbe90d2-5c25-413c-bc1f-4976e66e7682_2.1.0.1_1","appID":"JunkCleaner-180327","dateAdded":"190110","deceptorType":"App","name":"Junk Cleaner","company":"Pandaje Technical Services Pvt.","version":"2.1.0.1","sigName":"Deceptor:Win32/PandajeJunkCleaner!003005009017042048116168","lastKnownStatus":"Deceptor:2.1.0.1,1.1.3.1","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,call center","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2336},{"violations":{"ACR-118":"When the user attempts to completely uninstall the application, some executables are retained on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"RCSetup_6.3.0.0_121918.exe","isInstaller":"True","companyName":"Marx Softwareentwicklung                                    ","fileVersion":"6.3","hashMD5":"f0b3999ad2ad2f94618304074fcb9ccb","hashSHA1":"286e51f63f03a9b434f8a2f314d9c269eb85e317","hashSHA256":"7d9fe1dadfc32151c8b7a4d6b75fecc17577ec20371940efb3879f244d0f45a2","digitalCertThumbprint":"28D7936E81565BE943FAE4B29781A3A314007C15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tino Marx, OU=Marx Software, O=Tino Marx, POBox=90562, STREET=Jagdweg 28, L=Nuremberg, S=Bavaria, PostalCode=90562, C=DE","sourceIndex":"3380","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","ESET Internet Security (20190404)","K7 Total Security (20190404)","Malwarebytes Premium (20190404)","McAfee Total Protection (20190404)","Norton Security (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","Trend Micro Internet Security (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","Kaspersky Internet Security (20190404)","360 Total Security (20190404)","Quick Heal Internet Security (20190404)","SpyHunter5 (20190404)"],"avAllowList":["Avira Internet Security (20190404)","Bitdefender Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","COMODO Antivirus (20190404)","Dr.Web Security Space (20190404)","F-PROT Antivirus for Windows (20190404)","Tencent PC Manager (20190404)","VIPRE Advanced Security (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.windows8downloads.com/win8-system-utilities/registry-tools/index13-148-75-d.html","landingPage":"https://www.software4u.info/registry-cleanup","directDownloadingLink":"http://docs.software4u.de/files/RCSetup6.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://docs.software4u.de/files/RCSetup6.exe","sourceIndex":"3380"}],"sampleFiles":["190110/RegistryCleanUP6-180327/6.3.0.0/Samples/RCSetup_6.3.0.0_121918.exe"],"imageFiles":["190110/RegistryCleanUP6-180327/6.3.0.0/Images/ACR-118/ACR-118 Fail.gif"],"nonDeceptorImageFiles":["190110/RegistryCleanUP6-180327/6.3.0.0/Images/ACR-065/ACR-065 Failure Install.png","190110/RegistryCleanUP6-180327/6.3.0.0/Images/ACR-065/ACR-065 Failure Software.png","190110/RegistryCleanUP6-180327/6.3.0.0/Images/ACR-065/Eula Failure.png","190110/RegistryCleanUP6-180327/6.3.0.0/Images/ACR-065/ACR-065 Failure Internal Offers.png","190110/RegistryCleanUP6-180327/6.3.0.0/Images/ACR-099/ACR-099 Failure Software.png","190110/RegistryCleanUP6-180327/6.3.0.0/Images/ACR-099/ACR-099 Failure Landing Page.png","190110/RegistryCleanUP6-180327/6.3.0.0/Images/ACR-099/ACR-099 Failure Internal Offer.png"],"guid":"d886af43-401e-4ae9-a478-c3cf69f7cb0c_6.3.0.0_1","appID":"RegistryCleanUP6-180327","dateAdded":"190110","deceptorType":"App","name":"Registry CleanUP 6","company":"Marx Software","version":"6.3.0.0","sigName":"Deceptor:Win32/RegistryCleanUP6!118","lastKnownStatus":"Deceptor:6.2.6.1,6.3.0.0","lastKnownDate":"190110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-10T18:56:01.7247961+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2334},{"violations":{"ACR-118":"When the user attempts to completely uninstall the application, some executables are retained on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"RCSetup6.exe","isInstaller":"True","companyName":"Marx Softwareentwicklung                                    ","productName":"Registry CleanUP 6","productVersion":"6.2.6.1","fileVersion":"6.2","hashMD5":"80a6e2bd2aed32d911e971569fee6a18","hashSHA1":"4f681d7487174bb2d7217e8e42357f8d7bd36916","hashSHA256":"73ec80989e5bb1564e56f98eadf773f26dd258712abc65c5b9c87113505ad1db","digitalCertThumbprint":"3354B1500A675389D0000D27AA608F16ED544F72","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tino Marx, O=Tino Marx, STREET=Jagdweg28, L=Heroldsberg, PostalCode=905662, C=DE","sourceIndex":"3375","avBlockList":["Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Avast Internet Security (20190209)"],"avAllowList":["Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"]},{"isRevoked":"False","fileName":"Software4u.RegistryCleanUP.exe","companyName":"Marx Softwareentwicklung - www.software4u.de","productName":"Registry CleanUP 6","productVersion":"6.2.6.1","fileVersion":"6.2.6.1","hashMD5":"60d105fb8fa1ced769a2e0070464dc1c","hashSHA1":"5bebbbef46f9eb1fc4e34a937508ee6515bbd1ce","hashSHA256":"10ae3e0f9511ca924bc71c922ec3052164733a5d5f410b75e091859e9ba94e22","digitalCertThumbprint":"3354B1500A675389D0000D27AA608F16ED544F72","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tino Marx, O=Tino Marx, STREET=Jagdweg28, L=Heroldsberg, PostalCode=905662, C=DE","sourceIndex":"3375","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.windows8downloads.com/win8-system-utilities/registry-tools/index13-148-75-d.html","landingPage":"https://www.software4u.info/registry-cleanup","directDownloadingLink":"http://docs.software4u.de/files/RCSetup6.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://docs.software4u.de/files/RCSetup6.exe","sourceIndex":"3375"}],"sampleFiles":["190110/RegistryCleanUP6-180327/6.2.6.1/Samples/RCSetup6.exe","190110/RegistryCleanUP6-180327/6.2.6.1/Samples/Software4u.RegistryCleanUP.exe"],"imageFiles":["190110/RegistryCleanUP6-180327/6.2.6.1/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["190110/RegistryCleanUP6-180327/6.2.6.1/Images/ACR-065/ACR_065_INSTALL.PNG","190110/RegistryCleanUP6-180327/6.2.6.1/Images/ACR-065/ACR_065_SOFTWARE.PNG","190110/RegistryCleanUP6-180327/6.2.6.1/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","190110/RegistryCleanUP6-180327/6.2.6.1/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","190110/RegistryCleanUP6-180327/6.2.6.1/Images/ACR-099/ACR_099_SOFTWARE.PNG","190110/RegistryCleanUP6-180327/6.2.6.1/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","190110/RegistryCleanUP6-180327/6.2.6.1/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG"],"guid":"d886af43-401e-4ae9-a478-c3cf69f7cb0c_6.2.6.1_1","appID":"RegistryCleanUP6-180327","dateAdded":"190110","deceptorType":"App","name":"Registry CleanUP 6","company":"Marx Software","version":"6.2.6.1","sigName":"Deceptor:Win32/RegistryCleanUP6!118","lastKnownStatus":"Deceptor:6.2.6.1,6.3.0.0","lastKnownDate":"190110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-10T19:50:43.7497594+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2333},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\"\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-038":"Relationship between findmysoft.com, the carrier and its vendor, the the download manager, and the role of the download manager are unclear. User is asked to accept running (with privileges) a differently-named download manager signed by a previous-undisclosed company, then user is presented with a download screen that claims this is findmysoft.com's Download Manager. App doesn't indicate the source of the carrier.\n","ACR-065":"No EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided for the download manager.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"Detox-My-PC_Basic-1.0_1705296995.exe","isInstaller":"True","productName":"Ricalo","productVersion":"3.0.2","fileVersion":"0.0","hashMD5":"4005939e768ea9e167d5e6fb96f295b8","hashSHA1":"78ac6fa2b86e3e6d79a1ce6b5f4a6fd465d6f91e","hashSHA256":"eea928181ff42696b64f09f65a5fea7851186ec5ae590f3ff488d3249280f7d5","digitalCertThumbprint":"CF3625643F3149C69319DD124E1A98D494EFE6E4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Total Beam (Alpha Criteria Ltd.), O=Total Beam (Alpha Criteria Ltd.), STREET=28A Lilinblum St., L=Tel-Aviv, S=Israel, PostalCode=651307, C=IL","sourceIndex":"3412","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","Avira Internet Security (20190404)","Bitdefender Internet Security (20190404)","ESET Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","K7 Total Security (20190404)","Kaspersky Internet Security (20190404)","Malwarebytes Premium (20190404)","McAfee Total Protection (20190404)","Norton Security (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","Trend Micro Internet Security (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","360 Total Security (20190404)","COMODO Antivirus (20190404)","Dr.Web Security Space (20190404)","Quick Heal Internet Security (20190404)","SpyHunter5 (20190404)","Tencent PC Manager (20190404)","VIPRE Advanced Security (20190404)"],"avAllowList":["F-PROT Antivirus for Windows (20190404)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"findmysoft.com","landingPage":"http://detox-my-pc.findmysoft.com/","directDownloadingLink":"http://www.updatefuntours.com/7jMr0PVqB9dpWGlzLT5jOXs1E2YqVbKhHRzx6dwdmVty+PPb1BgTRH4vcozRRCzE4xr3uFkZQ45T74lQ2VX4t+4xUFKbChcyDY5fSFwfdNAWkpyQksoYLNnx8mI9ALjfluEyz1E41O1qTPkuhC0t4GhKYh3grkL8c6_74aV76jxDmySGHzb1Z_Qji_VcgyRynoKFl+ClHZDajJJUyuDPQXj08Qw0xPACylnI7BfQdBRj9SzUsXMTxjBwUcGpIp9BvZo+Z5s5J9YMvguqfpYmTWhwZXkKNwgFR9BPamHHJFxlLwvR5FOFH5nWDURCAjURe6dXla2xMZc9HYKOcEFX0Kq2ILtBYWy9AgUYsCTwk9n5N88Z9pOSneCVgGbReac5UaB0+XONNLmln8k+NAPfToQuWPyBkbRjGs8AoU3M4Pi47Y+GYSnWKAXenXSLS4QwHEBGJ6uI1lhSr+PBlMUnwHX50PFnXxqcX99qcrrOdrr4i5EzCRc=-G0IAAETdFtP+C4JdrYKhiciDQQwafnDIAftbQRg4BhtjZyoEld84ohK2431SLFZ1sySWyFX_NTRHLyPPtxcCCakp-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.updatefuntours.com/7jMr0PVqB9dpWGlzLT5jOXs1E2YqVbKhHRzx6dwdmVty+PPb1BgTRH4vcozRRCzE4xr3uFkZQ45T74lQ2VX4t+4xUFKbChcyDY5fSFwfdNAWkpyQksoYLNnx8mI9ALjfluEyz1E41O1qTPkuhC0t4GhKYh3grkL8c6_74aV76jxDmySGHzb1Z_Qji_VcgyRynoKFl+ClHZDajJJUyuDPQXj08Qw0xPACylnI7BfQdBRj9SzUsXMTxjBwUcGpIp9BvZo+Z5s5J9YMvguqfpYmTWhwZXkKNwgFR9BPamHHJFxlLwvR5FOFH5nWDURCAjURe6dXla2xMZc9HYKOcEFX0Kq2ILtBYWy9AgUYsCTwk9n5N88Z9pOSneCVgGbReac5UaB0+XONNLmln8k+NAPfToQuWPyBkbRjGs8AoU3M4Pi47Y+GYSnWKAXenXSLS4QwHEBGJ6uI1lhSr+PBlMUnwHX50PFnXxqcX99qcrrOdrr4i5EzCRc=-G0IAAETdFtP+C4JdrYKhiciDQQwafnDIAftbQRg4BhtjZyoEld84ohK2431SLFZ1sySWyFX_NTRHLyPPtxcCCakp-e","sourceIndex":"3412"},{"howFound":"Hunt.DownloadSite","reference":"findmysoft.com","landingPage":"http://skype.findmysoft.com/download/","directDownloadingLink":"http://www.updatefuntours.com/JvKzGsiy3RvpMd6YHauvI8B5RI+nVhPAJ1Wu+hFUjkUYOBtCyyT0SjRMVUkzNPJK9Wgaarg7x6cRfyBSxKQ9kYtFwbEJuBQ5eceXWeHt7stjloux6N_SEk9R2Ns9M6AEFs5GyMPwKoDWmR_joUREl_ZITaTax7DvTuzNe6ySn0ZevBFeRr3bXfmVam5Yn0jJy+qVEKlB7p6tv6Xy2YA88XWyDtAcoIof0wYmceV8VZhz9iL1zaYFdtWQVN35JIpBKf80jNtl3G6Z5ZFu2yt4jWLPgbTP0HxA_CN87FE0boiicbd_NhUNVOLueFpLObXniABZEbL+59FaN1qDlmfFOQ5biftNTzzHImtBJCgIkjWc9M0F143I2PI4OYb3xNdU5jgdb7WuPlGf7vY1kAmrKZS30Oi9_cYiLdMpIYMlNnkpZy9MnMq9RvjSYq7wHAdFlCyK37xsTwe6pa+7fQcihZwwmIna_kuF6P9+ke9SYzFE0nfUfsTR2577ezPeikADyXDcpwea5fqP5gUzQOH24E6jA5LHGA==-G00AAMTaZmyK+qKGYiiGpLeDwQwPe2GDDThwiyDAB7ABbwvbPt5mugSmcu_zK5MyX2UitOdeYEnNMSYIhY2JAvqB70E72s_ejh8B-e","ipv4":"","ipv6":"","sourceIndex":"3413"},{"howFound":"Hunt.DownloadSite","reference":"findmysoft.com","landingPage":"http://winamp.findmysoft.com/","directDownloadingLink":"http://www.updatefuntours.com/hsrgLT+3s7gXupsdaZ8rv_haSohAb8agmAmZXFAjt5+uQ6XADCJH7myEiQ4afuyYJFcUhcbfPOkhj_BaWmSiOhHj2TfNe4pAz5gP+jizWvQXlshN4qeBNhyIfvMmAkfdYR0+2kiFZ66nmJujDQuae2v+wvMfh8cXe4PO3XRJ3PrJnOgl64_NOvgbeK16Vha3OiDLaLa8HEZz9veVDP4PFdg49VWc4_+1YZ7ge_QOFxnTdyBbYHBfSIyCy6qbzN+2SIeXlXVbkriQ_qgg3EPXmIyjRrArExTMDxt9CpcWR1_nzcWWlq6e65pd2YePKb23ibNXnZvNTHQpqOY8gcaipI_I4KpbAnnJmG_zfhG046qdJ7pHo6bcGgGGQzvy7GrFge14216OEOraBH65sLjNLbxtfB47Wans565RPC4MC47mmqVfCH8=-GzkAAETnFtvP2DgtOgPBgLOp4JAD9reCMGAMNsbOVAgqv3FEBbb+fVIs5vPSku68a88+IyAJ9Qo=-e","ipv4":"","ipv6":"","sourceIndex":"3414"},{"howFound":"Hunt.DownloadSite","reference":"findmysoft.com","landingPage":"http://vlc-media-player.findmysoft.com/","directDownloadingLink":"http://www.updatefuntours.com/EH_LPboDkLGVCrRe6juzx4BjEctO0pGxVm+EnG5aWnr7rQBr9B0XzklipULqWDVJh386sPHfSNXmu+r+nier3j5Fr_yJXZXzT1NKnv6R_jcBprbcds_ukhvZacK89cxN9WCbEPoh2dZaKTI_i3EJOprSluYMsO4nMCZ_FW5Yasa2kaDuDNS_YaecZ_6IWeRj0hF6HpZqmjjr7TZ0vF+jHRyKWYcj48LE1ZaU2Len_Z6qYiwnK2OBMLnBaxky2vJXgOrlVpqwUWgpvq8e_sbIikYshcHRHSFYW0b0gWQkEHQfDzF3JW7iNSvpXmyAAAwHc8sXjUO04tqFQBHLG+IfXqqa1MLt658cfGodc0ude2DQ0sAlcrctyUT8zrw2V9yHVDPrE1unHj26XXLPVYzVq7T5P2GY3RJdQbcSAECPxB9ZUZ14XcHhMqikXdQnw2+XE0MFyip4NDcUxWWB7yNCjW0NFh0Z3R96fE+se410jAfZ896KIvypAOvEyWxdRfzhiU6N2qT1MFu_yK7CZudsP4VH6ED3U6Ny88whLaN37RIaCa2xycNueSJ9mVHIwiDYMUT53LRT-G0MAAMTyFtPf_d6HplJVs7kg6DjGAfv3MA6I87AxdqZBYOmNHRRgvd8n1sKCPj0ZydGqde2zzIQxCxwBPQE=-e","ipv4":"","ipv6":"","sourceIndex":"3415"}],"sampleFiles":["180426/FindmysoftDownloadManager-180420/5.4/Samples/Detox-My-PC_Basic-1.0_1705296995.exe"],"imageFiles":["180426/FindmysoftDownloadManager-180420/5.4/Images/ACR-039/ACR-039_install.mp4","180426/FindmysoftDownloadManager-180420/5.4/Images/ACR-048/ACR-048_install.mp4","180426/FindmysoftDownloadManager-180420/5.4/Images/ACR-059/ACR-059_budlermadeoffers.JPG"],"nonDeceptorImageFiles":["180426/FindmysoftDownloadManager-180420/5.4/Images/ACR-044/ACR-044_install.JPG","180426/FindmysoftDownloadManager-180420/5.4/Images/ACR-038/ACR-038_install.mp4","180426/FindmysoftDownloadManager-180420/5.4/Images/ACR-065/ACR-065_install.JPG","180426/FindmysoftDownloadManager-180420/5.4/Images/ACR-035/ACR-035_install -.JPG","180426/FindmysoftDownloadManager-180420/5.4/Images/ACR-152/ACR-048_install.mp4"],"guid":"497159e5-e343-4592-a2a8-6dd7f9034d39_5.4_1","appID":"FindmysoftDownloadManager-180420","dateAdded":"190110","deceptorType":"Bundler","name":"FindmysoftDownloadManager","company":"FindMySoft.com","version":"5.4","sigName":"Deceptor:Win32/FindmysoftDownloadManager!039042048050059","lastKnownStatus":"Deceptor:5.4,2.3.6","lastKnownDate":"190213","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-02-13T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2338},{"violations":{"ACR-003":"The app shows a red meter and \"medium impact\" that indicates misleading urgency. Also, the app states the sentence \"These issues may be severely degrading your PC's stability and performance\", thereby misleading or scaring user to take action.\n","ACR-004":"The App requires customer to pay to fix the non-permanent issues identified during free scan. App's use of both colors and gauges in free scan results present an exaggerated sense of urgency.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"speedkit-ver_4966d685.exe","isInstaller":"True","companyName":"CORETECH SOFTWARE LTD","productName":"SpeedKit","productVersion":"1.0.4.4","fileVersion":"1.0.4.4","hashMD5":"ef9f6ee4ee4c42740fd67314a4c44405","hashSHA1":"d0a1a605211ac418f2f40cf2c4cc4f748307c7aa","hashSHA256":"560a9a0a3fa1c1ec0a8af35fe30f67bed9f0df0a8e48be6139341ec304165ddb","digitalCertThumbprint":"B5FDFE0FC5AFCE085E24B4315C889CBDBB3A9D19","sourceIndex":"3372","avBlockList":["Avast Internet Security (20190404)","AVG Internet Security (20190404)","Avira Internet Security (20190404)","Bitdefender Internet Security (20190404)","ESET Internet Security (20190404)","G DATA INTERNET SECURITY (20190404)","K7 Total Security (20190404)","Kaspersky Internet Security (20190404)","McAfee Total Protection (20190404)","Norton Security (20190404)","Panda Dome (20190404)","Sophos Home Premium (20190404)","Trend Micro Internet Security (20190404)","VirIT eXplorer PRO (20190404)","Webroot SecureAnywhere (20190404)","Windows Defender (20190404)","360 Total Security (20190404)","Dr.Web Security Space (20190404)","Quick Heal Internet Security (20190404)","SpyHunter5 (20190404)","Tencent PC Manager (20190404)","VIPRE Advanced Security (20190404)"],"avAllowList":["Malwarebytes Premium (20190404)","COMODO Antivirus (20190404)","F-PROT Antivirus for Windows (20190404)"]},{"isRevoked":"False","fileName":"SpeedKit.exe","companyName":"CORETECH SOFTWARE LTD","productName":"SpeedKit","productVersion":"1.0.4.4","fileVersion":"1.0.4.4","hashMD5":"a556cc8b95b6d51db2d13a8735c1576a","hashSHA1":"70a66fd03cd32de3442eaeecb8499a706edcc702","hashSHA256":"36f9b0dbe643cbe167cdbcce685504023e7bc2c5d15aa9e3dbbb17c2eb65be02","digitalCertThumbprint":"B5FDFE0FC5AFCE085E24B4315C889CBDBB3A9D19","sourceIndex":"3372","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://speedkit.net/","directDownloadingLink":"https://speedkit.net/download/?usrid=4966d685","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://speedkit.net/download/?usrid=4966d685","sourceIndex":"3372"}],"sampleFiles":["190110/SpeedKit-190110/1.0.4.4/Samples/speedkit-ver_4966d685.exe","190110/SpeedKit-190110/1.0.4.4/Samples/SpeedKit.exe"],"imageFiles":["190110/SpeedKit-190110/1.0.4.4/Images/ACR-004/004.png","190110/SpeedKit-190110/1.0.4.4/Images/ACR-004/main.png","190110/SpeedKit-190110/1.0.4.4/Images/ACR-003/004.png","190110/SpeedKit-190110/1.0.4.4/Images/ACR-003/main.png"],"nonDeceptorImageFiles":[],"guid":"9607a666-e622-47d5-ae83-e34cc33edbed_1.0.4.4_1","appID":"SpeedKit-190110","dateAdded":"190110","deceptorType":"App","name":"SpeedKit","company":"CORETECH SOFTWARE LTD","version":"1.0.4.4","sigName":"Deceptor:Win32/SpeedKit!003004","lastKnownStatus":"Deceptor:1.0.4.4","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2332},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as problems of high risk, thereby misleading or scaring user to take action.\n","ACR-014":"Alarming color gauge provides the unsubstantiated status summary about system. The alarming pattern implies system could be in \"red\" position without updates.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"No privacy policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app displays five star awards from Softpedia, Shareware, and Editor's Choice that are unable to be verified.\nThe app displays five star awards from Softpedia, Shareware and Editor's Choice that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"Chily Registry Cleaner.EXE","isInstaller":"True","companyName":"Chily Softech Pvt Ltd","fileVersion":"7.12","hashMD5":"1810530dabdadca1c753b48287b8fa41","hashSHA1":"554cde756837ac24af3416eda53db80cb202714f","hashSHA256":"78224ec59ccedee3ea62a27560fae5f173f5c201bb3d8eb2e4c94f7326838682","sourceIndex":"3158","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","Windows Defender (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://www.chilyregistrycleaner.com/","directDownloadingLink":"http://www.chilyregistrycleaner.com/downloads/chily-registry-cleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.chilyregistrycleaner.com/downloads/chily-registry-cleaner.exe","sourceIndex":"3158"}],"sampleFiles":["190110/ChilyRegistryCleaner-171026/7.12.0.1/Samples/Chily Registry Cleaner.exe"],"imageFiles":["190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-003/ACR-003_software.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-003/Capture4.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-014/Capture4.PNG"],"nonDeceptorImageFiles":["190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-037/Capture8.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-167/Capture8.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-163/ACR-163_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-163/Capture5.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-150/ACR-150_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-150/Capture9.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-150/Capture10.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-150/Capture11.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-150/Capture13.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-150/Capture15.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-065/ACR-065_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-065/Capture2.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-099/ACR-099_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-099/Capture2.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-065/ACR-065_install.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-065/Capture1.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-160/ACR-160_landingpage.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-160/Capture2.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-065/ACR-065_software.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-065/Capture3.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-099/ACR-065_software.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-099/Capture3.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-065/ACR-065_internaoffer.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-163/ACR-163_internaoffer.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-163/Capture6.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-099/ACR-099_internaoffer.JPG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-099/Capture6.PNG","190110/ChilyRegistryCleaner-171026/7.12.0.1/Images/ACR-150/ACR-150_internaoffer.JPG"],"guid":"c4a217f2-26d1-4541-9c24-69a4e66a3861_7.12.0.1_1","appID":"ChilyRegistryCleaner-171026","dateAdded":"190110","deceptorType":"App","name":"Chily Registry Cleaner","company":"chilyregistrycleaner.com","version":"7.12.0.1","sigName":"Deceptor:Win32/ChilyRegistryCleaner!003014","lastKnownStatus":"Deceptor:7.12.01,7.12.0.1","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-03-02T02:19:35.4584063+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2339},{"violations":{"ACR-004":"App reports the drivers can be updated with alarming pattern. App requires to subscribe the service to update the drivers reported during free scan. \n","ACR-168":"App doesn't disclose the additional offer may be made during one-one interactive phone call support\nApp doesn't disclose the additional offer may be made during one-one interactive phone call support\n","ACR-118":"DLL is not removed after app completes uninstall.\n"},"nonDeceptorViolations":{"ACR-161":"The quotes and testimonials needs to be verifiable.\n","ACR-088":"App starts to scan after it completes install without formally informing user or user action and authorization\n","ACR-160":"App call center is not an certified call center.\n","ACR-171":"App adds additional offer is selected by default. It should be an opt-in option for user.\n","ACR-168":"App doesn't disclose the additional offer may be made during one-one interactive phone call support\n"},"samples":[{"isRevoked":"False","fileName":"driveragent-setup.exe","isInstaller":"True","companyName":"Copyright © 2018 DriverAgent.com • All Rights Reserved      ","productName":"DriverAgent","productVersion":"2.2015.7.14","fileVersion":"2.2015","hashMD5":"07bb2a5fc8da45b98ee0b6bbc3b134fc","hashSHA1":"8b759fb54045aabf2a9b4a0428f50c7f64228117","hashSHA256":"a367e0562e612bc66729f3a4676bad849e5c3c32fad8223b5ea991e11604f5fe","sourceIndex":"3365","avBlockList":["Avira Internet Security (20190401)","ESET Internet Security (20190401)","G DATA INTERNET SECURITY (20190401)","Malwarebytes Premium (20190401)","McAfee Total Protection (20190401)","Norton Security (20190401)","Panda Dome (20190401)","Trend Micro Internet Security (20190401)","VirIT eXplorer PRO (20190401)","Webroot SecureAnywhere (20190401)","Windows Defender (20190401)","Avast Internet Security (20190401)","AVG Internet Security (20190401)","K7 Total Security (20190401)","Kaspersky Internet Security (20190401)","Sophos Home Premium (20190401)","Quick Heal Internet Security (20190401)","Tencent PC Manager (20190401)"],"avAllowList":["Bitdefender Internet Security (20190401)","360 Total Security (20190401)","COMODO Antivirus (20190401)","Dr.Web Security Space (20190401)","F-PROT Antivirus for Windows (20190401)","SpyHunter5 (20190401)","VIPRE Advanced Security (20190401)"]},{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\DriverAgent.com\\DriverAgent.exe","companyName":"Copyright © 2010-2018 DriverAgent.com. All Rights Reserved.","productName":"DriverAgent Application","productVersion":"1.0.0.0","fileVersion":"2.2015","hashMD5":"fc48c74565e245b015f1f0c003b8453d","hashSHA1":"9c4d1835fd392308c7b2b9dfcebb92711e84aca2","hashSHA256":"7e8cb2bdc5a842a713c9ea61af281bb8ad104820bf028334818ba9fbcaf72afe","sourceIndex":"3365","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.driveragent.com","directDownloadingLink":"http://www.driveragent.com/driveragent_download/driveragent-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.driveragent.com/driveragent_download/driveragent-setup.exe","sourceIndex":"3365"}],"sampleFiles":["190105/DriverAgent-181227/2.2015.7.4/Samples/driveragent-setup.exe","190105/DriverAgent-181227/2.2015.7.4/Samples/DriverAgent.exe"],"imageFiles":["190105/DriverAgent-181227/2.2015.7.4/Images/ACR-004/DriverAgent_004_3.PNG","190105/DriverAgent-181227/2.2015.7.4/Images/ACR-004/DriverAgent_004_2.PNG","190105/DriverAgent-181227/2.2015.7.4/Images/ACR-004/DriverAgent_004_1.PNG","190105/DriverAgent-181227/2.2015.7.4/Images/ACR-168/DriverAgent_168.PNG","190105/DriverAgent-181227/2.2015.7.4/Images/ACR-118/DriverAgent_uninstall.PNG"],"nonDeceptorImageFiles":["190105/DriverAgent-181227/2.2015.7.4/Images/ACR-160/DriverAgent_168.PNG","190105/DriverAgent-181227/2.2015.7.4/Images/ACR-171/DriverAgent_004_3.PNG","190105/DriverAgent-181227/2.2015.7.4/Images/ACR-161/testimonials.png","190105/DriverAgent-181227/2.2015.7.4/Images/ACR-168/chat.png"],"guid":"6578c7b6-b169-43a2-9adc-deaf8cdcf6fa_2.2015.7.4_1","appID":"DriverAgent-181227","dateAdded":"190105","deceptorType":"App","name":"DriverAgent","company":"driveragent ltd.","version":"2.2015.7.4","sigName":"Deceptor:Win32/DriverAgent!004168118","firstVendorContactDate":"190115","firstAppEsteemReplyDate":"190115","lastKnownStatus":"Deceptor:2.2015.7.4","lastKnownDate":"190105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-15T16:47:05.3224779+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2345},{"violations":{"ACR-004":"The app uses the alarming pattern and untruth message to urgent use to subscribe the service to update the drivers reported during free scan. \n","ACR-168":"App doesn't disclose \"additional offer may be made\" during one-to-one phone call support.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application's internal offer page has no link or information that shows how it can be uninstalled.\n\nThe application has no link or information that shows how it can be uninstalled.\n\n","ACR-171":"The additional offer \"3PC\" is not disclosed previously, it should be opt-in not opt-out\n","ACR-168":"Additional offer disclosure is not placed next to phone call support\n"},"samples":[{"isRevoked":"False","fileName":"drvagentrspluswebdl.exe","isInstaller":"True","companyName":"eSupport.com, Inc                                           ","productName":"DriverAgent-Plus","productVersion":"3.2017.11.22","fileVersion":"3.2017.11.22","hashMD5":"890082b66be63d2dcfe3a2f7a7ec32f2","hashSHA1":"117cefbc2e7ab6355c02b2abcad6652ac13038f1","hashSHA256":"65d10ae4de8acc2e56b44f95c356e32997bb43cb1515621a7f4e4ab7a4c12e47","digitalCertThumbprint":"7C018B1FC905308BFB1ECB7E22339E0739563C24","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"eSupport.com, Inc.\", O=\"eSupport.com, Inc.\", STREET=120 Water St, L=North Andover, S=MA, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Massachusetts, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=001030216, OID.2.5.4.15=Private Organization","sourceIndex":"3364","avBlockList":["Avast Internet Security (20190401)","Avira Internet Security (20190401)","Bitdefender Internet Security (20190401)","ESET Internet Security (20190401)","G DATA INTERNET SECURITY (20190401)","K7 Total Security (20190401)","Kaspersky Internet Security (20190401)","Malwarebytes Premium (20190401)","McAfee Total Protection (20190401)","Panda Dome (20190401)","Sophos Home Premium (20190401)","Trend Micro Internet Security (20190401)","VirIT eXplorer PRO (20190401)","Webroot SecureAnywhere (20190401)","Windows Defender (20190401)","360 Total Security (20190401)","COMODO Antivirus (20190401)","Dr.Web Security Space (20190401)","Quick Heal Internet Security (20190401)","SpyHunter5 (20190401)","Tencent PC Manager (20190401)","VIPRE Advanced Security (20190401)"],"avAllowList":["AVG Internet Security (20190401)","Norton Security (20190401)","F-PROT Antivirus for Windows (20190401)"]},{"isRevoked":"False","fileName":"DriverAgentPlus.exe","companyName":"n/a","productName":"n/a","productVersion":"1.0.0.0","fileVersion":"3.2017.11.22","hashMD5":"91e896fea04363229410bfebf427628a","hashSHA1":"1b41068a9226f030fd9d51a0d143f842dcd48c8c","hashSHA256":"add0711f50d2decc2cdff7228c12d626238adfb66096e3dec1fe25cb2da46f2e","digitalCertThumbprint":"7C018B1FC905308BFB1ECB7E22339E0739563C24","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=\"eSupport.com, Inc.\", O=\"eSupport.com, Inc.\", STREET=120 Water St, L=North Andover, S=MA, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Massachusetts, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=001030216, OID.2.5.4.15=Private Organization","sourceIndex":"3364","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"drvagentrspluswebdl_190105.exe","isInstaller":"True","companyName":"DriverAgentPlus.com                                         ","productName":"DriverAgent-Plus","productVersion":"3.2017.11.22","fileVersion":"3.2017.11.22","hashMD5":"80baa04fee4d7510411dee9bad6a99e2","hashSHA1":"d8cb7b9f5e4dea7ec593dca0107430e0f81d9860","hashSHA256":"0628997695cf9655c523896f1703472cee08b66eb5ae6bd385433b73105f4ca9","sourceIndex":"3364","avBlockList":["Avast Internet Security (20190401)","AVG Internet Security (20190401)","Avira Internet Security (20190401)","Bitdefender Internet Security (20190401)","ESET Internet Security (20190401)","G DATA INTERNET SECURITY (20190401)","K7 Total Security (20190401)","Kaspersky Internet Security (20190401)","Malwarebytes Premium (20190401)","McAfee Total Protection (20190401)","Norton Security (20190401)","Panda Dome (20190401)","Sophos Home Premium (20190401)","Trend Micro Internet Security (20190401)","VirIT eXplorer PRO (20190401)","Webroot SecureAnywhere (20190401)","Windows Defender (20190401)","360 Total Security (20190401)","COMODO Antivirus (20190401)","Dr.Web Security Space (20190401)","Quick Heal Internet Security (20190401)","SpyHunter5 (20190401)","Tencent PC Manager (20190401)","VIPRE Advanced Security (20190401)"],"avAllowList":["F-PROT Antivirus for Windows (20190401)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.customer","reference":"( WIP with vendor)","landingPage":"http://www.driveragentplus.com/landing/rvb.php?tracking=ISGS&fot=true&banner=%7Bcampaign%7D&adgroup=%7BAdGroup%7D&dyn_param=DriverAgent%20Plus&gclid=EAIaIQobChMI6J6PrrOz1QIVijqBCh1newCyEAAYASAAEgJpo_D_BwE ","ipv4":"","ipv6":"","sourceIndex":"3364"}],"sampleFiles":["190105/D-DriverAgentPlus-170803/3.2017.11.22/Samples/drvagentrspluswebdl.exe","190105/D-DriverAgentPlus-170803/3.2017.11.22/Samples/DriverAgentPlus.exe","190105/D-DriverAgentPlus-170803/3.2017.11.22/Samples/drvagentrspluswebdl_190105.exe"],"imageFiles":["190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-168/RegisterPhone.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-004/DriverAgentPlusPayServiceToFix2.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-004/DriverAgentPlusPayServiceToFix.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-004/DriverAgentPlusScanResult.PNG"],"nonDeceptorImageFiles":["190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-171/Additional_Offer.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-065/acr_065_IO.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-099/acr_099_IO.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-168/LandingPage_CallSupport.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-088/acr_088.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-160/acr_160.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-065/acr_065_S.PNG","190105/D-DriverAgentPlus-170803/3.2017.11.22/Images/ACR-099/acr_099_S.PNG"],"guid":"403f8216-711e-4713-9dee-2829faaea5a2_3.2017.11.22_1","appID":"D-DriverAgentPlus-170803","dateAdded":"190105","deceptorType":"App","name":"DriverAgent-Plus","company":"driveragent ltd.","version":"3.2017.11.22","sigName":"Deceptor:Win32/DriverAgentPlus!004168","firstVendorContactDate":"190115","firstAppEsteemReplyDate":"190115","lastKnownStatus":"3.2017.11.22","lastKnownDate":"190105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,call center,up-sell to paid","lastUpdate":"2019-01-15T16:48:04.5982131+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2346},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. \n","ACR-084":"The application runs silently in the background, hiding the fact that it is active from the user. The user is unable to disable the software from launching on startup using the application interface because there is no option to do so.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"wifiprotector_dbd03fa1baab4edf8717a065e275addb_.exe","isInstaller":"True","companyName":"Optimal Software s.r.o                                      ","productName":"WiFi Protector v.3.3.37.304","productVersion":"3.3.37.304","fileVersion":"3.3.37.304","hashMD5":"4c9036e8bbb337719c477909b5ff0ef4","hashSHA1":"fc06875ee0a68cf609533fc43fc9ae63f50640a9","hashSHA256":"cd315774c4b5a16f7231e007f763a27461be58333e0fcd43ff29ee4a827e4de6","digitalCertThumbprint":"B733BA4C7505FF56B97297E7C12BE1D27C2DC968","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Optimal Software s.r.o., O=Optimal Software s.r.o., STREET=Jablunkovska 2014/40a, L=Cesky Tesin, S=Cesky Tesin, PostalCode=73701, C=CZ","sourceIndex":"3581","avBlockList":["Avast Internet Security (20190325)","AVG Internet Security (20190325)","Avira Internet Security (20190325)","ESET Internet Security (20190325)","G DATA INTERNET SECURITY (20190325)","K7 Total Security (20190325)","Kaspersky Internet Security (20190325)","Malwarebytes Premium (20190325)","McAfee Total Protection (20190325)","Norton Security (20190325)","Panda Dome (20190325)","Sophos Home Premium (20190325)","VirIT eXplorer PRO (20190325)","Webroot SecureAnywhere (20190325)","Windows Defender (20190325)"],"avAllowList":["Bitdefender Internet Security (20190325)","Trend Micro Internet Security (20190325)"]},{"isRevoked":"False","fileName":"wifiProtLauncher.exe","companyName":"Optimal Software s.r.o.","productName":"WiFi Protector","productVersion":"3.3.37.304","fileVersion":"1.52","hashMD5":"6f9dcdae87a2559968d260b3e60d67e5","hashSHA1":"9d4838968a108f102821c86cb188f0e4e7920cb7","hashSHA256":"0f315de5f33e260ab7c675babe52f60d98dee452fa99af8467f00df4588f685f","digitalCertThumbprint":"B733BA4C7505FF56B97297E7C12BE1D27C2DC968","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Optimal Software s.r.o., O=Optimal Software s.r.o., STREET=Jablunkovska 2014/40a, L=Cesky Tesin, S=Cesky Tesin, PostalCode=73701, C=CZ","sourceIndex":"3581","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"https://www.wifiprotector.com/","directDownloadingLink":"https://www.wifiprotector.com/downloads/response.aspx?&requestId=dbd03fa1baab4edf8717a065e275addb&encodedInstallerPath=QzpcaW5ldHB1Ylx3d3dyb290XHByenlzcGllc3prb21wdXRlclxkb3dubG9hZHMvd2lmaXByb3RlY3Rvci5leGU=&edition=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.wifiprotector.com/downloads/response.aspx?&requestId=dbd03fa1baab4edf8717a065e275addb&encodedInstallerPath=QzpcaW5ldHB1Ylx3d3dyb290XHByenlzcGllc3prb21wdXRlclxkb3dubG9hZHMvd2lmaXByb3RlY3Rvci5leGU=&edition=","sourceIndex":"3581"}],"sampleFiles":["180118/WiFiProtector-180116/3.3.37.304/Samples/wifiprotector_dbd03fa1baab4edf8717a065e275addb_.exe","180118/WiFiProtector-180116/3.3.37.304/Samples/wifiProtLauncher.exe"],"imageFiles":["180118/WiFiProtector-180116/3.3.37.304/Images/ACR-048/software.PNG","180118/WiFiProtector-180116/3.3.37.304/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["180118/WiFiProtector-180116/3.3.37.304/Images/ACR-065/acr_065.PNG","180118/WiFiProtector-180116/3.3.37.304/Images/ACR-065/software.PNG","180118/WiFiProtector-180116/3.3.37.304/Images/ACR-161/testimonials.PNG","180118/WiFiProtector-180116/3.3.37.304/Images/ACR-099/acr_099_S.PNG"],"guid":"7ab5f245-9e70-4e49-931c-9965565789f1_3.3.37.304_1","appID":"WiFiProtector-180116","dateAdded":"181230","deceptorType":"App","name":"WifiProtector","company":"Optimal Software s.r.o","version":"3.3.37.304","sigName":"Deceptor:Win32/WifiProtector!048084","lastKnownStatus":"Deceptor:4.0.1.304","lastKnownDate":"181230","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-12-30T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2348},{"violations":{"ACR-048":"The application cannot be closed or disabled as there is no standard platform-provided method. No close button is available on the app.\n","ACR-084":"The application runs silently in the background, hiding the fact that it is active from the user. The user is unable to disable the software from launching on startup using the application interface because there is no option to do so.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to a Returns and Cancellation Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's refund policy only provides a 14 days time period in which a consumer can cancel and get a refund.\n"},"samples":[{"isRevoked":"False","fileName":"wifiprotector_93fe1eb9f8504f3aa278dfe9be668f01_.exe","isInstaller":"True","companyName":"Optimal Software s.r.o.","productName":"Wifi Protector Installer","productVersion":"1.0.1.0","fileVersion":"1.0.1.0","hashMD5":"0d8072706ad436690f71363dbbf5ddbc","hashSHA1":"f721087e4e25807129866b34458220f53e19f99b","hashSHA256":"12be24d613e82bf7d7348bce4b6aa3287aee87fbc4557617c5b0240828df7c38","digitalCertThumbprint":"B733BA4C7505FF56B97297E7C12BE1D27C2DC968","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Optimal Software s.r.o.","sourceIndex":"3798","avBlockList":["Avast Internet Security (20190325)","AVG Internet Security (20190325)","Avira Internet Security (20190325)","ESET Internet Security (20190325)","G DATA INTERNET SECURITY (20190325)","K7 Total Security (20190325)","Kaspersky Internet Security (20190325)","Malwarebytes Premium (20190325)","McAfee Total Protection (20190325)","Norton Security (20190325)","Panda Dome (20190325)","Sophos Home Premium (20190325)","VirIT eXplorer PRO (20190325)","Webroot SecureAnywhere (20190325)","Windows Defender (20190325)"],"avAllowList":["Bitdefender Internet Security (20190325)","Trend Micro Internet Security (20190325)"]}],"additionalFiles":[],"sources":[{"howFound":"Partner.Inquiry","reference":"Kevin at Symantec","landingPage":"https://www.wifiprotector.com/","directDownloadingLink":"https://www.wifiprotector.com/downloads/download.aspx?viewmode=0&devicename&lang=en-US&langobjectlifetime=request&loaddevice=1&aliaspath=%2fwifiprotector%2fdefault-temp&referencedWebsite=www.wifiprotector.com&language=en","ipv4":"","ipv6":"","sourceIndex":"3798"}],"sampleFiles":["180118/WiFiProtector-180116/1.0.1.0/Samples/wifiprotector_45d9535f9e984415a340c3665c623600_.exe"],"imageFiles":["180118/WiFiProtector-180116/1.0.1.0/Images/ACR-048/ACR_048_SOFTWARE.PNG","180118/WiFiProtector-180116/1.0.1.0/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180118/WiFiProtector-180116/1.0.1.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180118/WiFiProtector-180116/1.0.1.0/Images/ACR-065/ACR_065_INSTALL.PNG","180118/WiFiProtector-180116/1.0.1.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180118/WiFiProtector-180116/1.0.1.0/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"7ab5f245-9e70-4e49-931c-9965565789f1_1.0.1.0_1","appID":"WiFiProtector-180116","dateAdded":"181230","deceptorType":"App","name":"WifiProtector","company":"Optimal Software s.r.o","version":"1.0.1.0","sigName":"Deceptor:Win32/WiFiProtector!048084","lastKnownStatus":"Deceptor:4.0.1.304","lastKnownDate":"181230","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-12-30T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":3,"sortOrder":2349},{"violations":{"ACR-003":"The application exaggerates temp files as threats, and the system's health status as medium thereby misleading or scaring user to take action.\n","ACR-007":"App claims to be antimalware, but app \"scan\" appears to not even open the files it claims it is scanning, and no AV engine found after install.\n","ACR-009":"The application attempts to coerce the user into taking some action by displaying fake warning message saying \"Dont uninstall!!, Your pc may be affected by a malicious attack\" which threaten dire consequences if action is not taken.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\nThe application's internal offer page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"The application prompts during uninstall stating that consumer can get the same program for free if they call 1-800-747-6128.\n\n","ACR-171":"The consumer is required to opt-out of additional payment.\n\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"advanced-antimalware-main.exe","isInstaller":"True","companyName":"Advanced AntiMalware Pro                                    ","productName":"Advanced AntiMalware ","productVersion":"1.0","fileVersion":"n/a","hashMD5":"d479b38d52142cc05c7726be1eb78d46","hashSHA1":"c7f2cdcaebd1830f198c4010a21e6af90907b9b7","hashSHA256":"4dfb457b8d952f62db4367e757ff6958496bfd747b6bfe894a8c9c6a72c6c651","digitalCertThumbprint":"AA57DD51C739422FD4885940A6B1FCC32D775761","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Longrun Software Private Limited, O=Longrun Software Private Limited, STREET=706 Plot No 7 Roots Tower, STREET=District Centre Laxmi Nagar, L=New Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"3162","avBlockList":["Avast Internet Security (20190225)","AVG Internet Security (20190225)","Avira Internet Security (20190225)","ESET Internet Security (20190225)","G DATA INTERNET SECURITY (20190225)","K7 Total Security (20190225)","Kaspersky Internet Security (20190225)","Malwarebytes Premium (20190225)","McAfee Total Protection (20190225)","Norton Security (20190225)","Panda Dome (20190225)","Sophos Home Premium (20190225)","Trend Micro Internet Security (20190225)","VirIT eXplorer PRO (20190225)","Webroot SecureAnywhere (20190225)","Windows Defender (20190225)"],"avAllowList":["Bitdefender Internet Security (20190225)"]},{"isRevoked":"False","fileName":"advanced-antimalware-pro.exe","companyName":" Longrun Software Private Limited                              ","productName":"advanced-antimalware-pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"00e586d9a256fd7ff5bc37f6b61c4e7c","hashSHA1":"82fd7c213d085b997fa87e82c550e2e7e0367765","hashSHA256":"89ca593c4890f576036e5367b881f4fc4ff15b6b747c119ceb363cbb558d458e","digitalCertThumbprint":"AA57DD51C739422FD4885940A6B1FCC32D775761","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Longrun Software Private Limited, O=Longrun Software Private Limited, STREET=706 Plot No 7 Roots Tower, STREET=District Centre Laxmi Nagar, L=New Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"3162","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"Google search \"pc cleaner software\" page 12 of the results https://www.ultraheal.com/premium-products.php","landingPage":"http://advancedantimalware.com/","directDownloadingLink":"http://advancedantimalware.com/download/exe/advanced-antimalware-main.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://advancedantimalware.com/download/exe/advanced-antimalware-main.exe","sourceIndex":"3162"}],"sampleFiles":["181230/advancedAntiMalwarePro-180221/1.0/Samples/advanced-antimalware-main.exe","181230/advancedAntiMalwarePro-180221/1.0/Samples/advanced-antimalware-pro.exe"],"imageFiles":["181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-003/acr_003.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-003/acr_003_1.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-003/ACR-003 temp files are not threats.gif","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-007/ACR-007 scan appears to be not scanning files.gif","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-009/treathening_message.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-017/software.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-017/ACR-017 microsoft partner PM.png","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-017/acr_017_IO.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-168/one_one_S.PNG"],"nonDeceptorImageFiles":["181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-065/install.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-065/acr_065_S.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-163/one_one_S.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-163/treathening_message.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-017/acr_017_LP.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-091/different_vendor_name.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-092/different_vendor_name.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-160/I_support.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-099/acr_099_S.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-099/acr_099_LP.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-099/acr_099_IO.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-120/re-advertised.PNG","181230/advancedAntiMalwarePro-180221/1.0/Images/ACR-171/acr_171.PNG"],"guid":"bb0cd672-b1bd-4696-830a-ab983a5f5901_1.0_1","appID":"advancedAntiMalwarePro-180221","dateAdded":"181230","deceptorType":"App","name":"Advanced AntiMalware Pro","company":"Advanced AntiMalware Pro","version":"1.0","sigName":"Deceptor:Win32/AdvancedAntimalwarePro!003007009017168","lastKnownStatus":"Deceptor:6.0","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 10,Windows 8,Windows XP,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-03-02T02:10:09.9788118+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2350},{"violations":{"ACR-003":"The application exaggerates temp files as threats, and the system's health status as medium thereby misleading or scaring user to take action.\n","ACR-004":"Provides no free fixes for scan results shown.\n","ACR-007":"App claims to be antimalware, but app \"scan\" appears to not even open the files it claims it is scanning, and no AV engine found after install.\n","ACR-009":"The application attempts to coerce the user into taking some action by displaying fake warning message saying \"Dont uninstall!!, Your pc may be affected by a malicious attack\" which threaten dire consequences if action is not taken.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\nThe application's internal offer page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n","ACR-014":"Alarming color gauge provides the unsubstantiated status summary about system. The alarming pattern implies system could be in \"red\" position without updates.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"The application prompts during uninstall stating that consumer can get the same program for free if they call 1-800-747-6128.\n\n","ACR-171":"The consumer is required to opt-out of additional payment.\n\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"181219-aampro_setup.exe","isInstaller":"True","companyName":"Advanced AntiMalware Pro","productName":"Advanced AntiMalware Pro","productVersion":"6.0","fileVersion":"","hashMD5":"c6ce297df3587cf0664ff6fd05947f4c","hashSHA1":"ac41c5f75bdd70ed90b247591f1c0e3664771cb8","hashSHA256":"b6403522055d651e6da089470878b99c6bf25f332ff16759e13ae935b3413345","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=sparkpcsupport.com, OU=sparkpcsupport.com, O=sparkpcsupport.com, L=Delhi, S=Delhi, C=IN","sourceIndex":"3163","avBlockList":["Avast Internet Security (20190225)","AVG Internet Security (20190225)","Avira Internet Security (20190225)","ESET Internet Security (20190225)","G DATA INTERNET SECURITY (20190225)","K7 Total Security (20190225)","Kaspersky Internet Security (20190225)","Malwarebytes Premium (20190225)","McAfee Total Protection (20190225)","Norton Security (20190225)","Panda Dome (20190225)","Sophos Home Premium (20190225)","Trend Micro Internet Security (20190225)","VirIT eXplorer PRO (20190225)","Webroot SecureAnywhere (20190225)"],"avAllowList":["Bitdefender Internet Security (20190225)","Windows Defender (20190225)"]},{"isRevoked":"False","fileName":"181219-advanced-antimalware-pro-cta.exe","companyName":"Advanced Antimalware Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4babb99cddcbdbbc510022658855b016","hashSHA1":"c245d15979ca20b9e0b3550fccc40b1a57dd68f6","hashSHA256":"19baceb1155326c2aa276b7f95aedd9fa4792e2c2155196901421b667c5f1550","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=sparkpcsupport.com, OU=sparkpcsupport.com, O=sparkpcsupport.com, L=Delhi, S=Delhi, C=IN","sourceIndex":"3163","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"Google search \"pc cleaner software\" page 12 of the results https://www.ultraheal.com/premium-products.php","landingPage":"http://advancedantimalware.com/","directDownloadingLink":"http://advancedantimalware.com/download/exe/advanced-antimalware-main.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://advancedantimalware.com/download/exe/advanced-antimalware-main.exe","sourceIndex":"3163"}],"sampleFiles":["181230/advancedAntiMalwarePro-180221/6.0/Samples/181219-aampro_setup.exe","181230/advancedAntiMalwarePro-180221/6.0/Samples/181219-advanced-antimalware-pro-cta.exe"],"imageFiles":["181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-003/acr_003.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-003/acr_003_1.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-003/ACR-003 temp files are not threats.gif","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-007/ACR-007 scan appears to be not scanning files.gif","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-009/treathening_message.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-017/software.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-017/ACR-017 microsoft partner PM.png","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-017/acr_017_IO.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-168/one_one_S.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-014/Advanced Antimalware Scan Results.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-004/Advanced Antimalware Buy Page From App.PNG"],"nonDeceptorImageFiles":["181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-065/install.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-065/acr_065_S.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-163/one_one_S.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-163/treathening_message.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-017/acr_017_LP.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-091/different_vendor_name.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-092/different_vendor_name.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-160/I_support.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-099/acr_099_S.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-099/acr_099_LP.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-099/acr_099_IO.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-120/re-advertised.PNG","181230/advancedAntiMalwarePro-180221/6.0/Images/ACR-171/acr_171.PNG"],"guid":"bb0cd672-b1bd-4696-830a-ab983a5f5901_6.0_1","appID":"advancedAntiMalwarePro-180221","dateAdded":"181230","deceptorType":"App","name":"Advanced AntiMalware Pro","company":"Advanced AntiMalware Pro","version":"6.0","sigName":"Deceptor:Win32/AdvancedAntiMalwarePro!003004007009017168014","lastKnownStatus":"Deceptor:6.0","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 10,Windows 8,Windows XP,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-03-02T02:09:22.3539437+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2351},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. \n","ACR-084":"The application runs silently in the background, hiding the fact that it is active from the user. The user is unable to disable the software from launching on startup using the application interface because there is no option to do so.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-002":"The application does not show the correct publication\nThe apps website publisher name differs from the publisher name in sysinternals.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"wifiprotector_008102fe42e94ecaaf7b096a24138afb_.exe","isInstaller":"True","companyName":"Optimal Software s.r.o                                      ","productName":"WiFi Protector","fileVersion":"4.0","hashMD5":"ac89d0178a59380739486213bcd3f6e5","hashSHA1":"53a980ffb9f077d4b46aacf029619d77d61e033d","hashSHA256":"63c46890469a9cdec26401d6a78d5aca7329b879f0eaa11cab188571ac814ffd","digitalCertThumbprint":"4FAFBB69B2ECB65C934C2E650EDD9A4832A4E516","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Safe Download Ltd, OU=IT department, O=Safe Download Ltd, POBox=IM1 1AQ, STREET=4-8 Hope Street, L=Douglas, S=Isle of Man, PostalCode=IM1 1AQ, C=IM","sourceIndex":"3395","avBlockList":["Avast Internet Security (20190325)","AVG Internet Security (20190325)","Avira Internet Security (20190325)","Bitdefender Internet Security (20190325)","ESET Internet Security (20190325)","G DATA INTERNET SECURITY (20190325)","K7 Total Security (20190325)","Kaspersky Internet Security (20190325)","Malwarebytes Premium (20190325)","McAfee Total Protection (20190325)","Norton Security (20190325)","Panda Dome (20190325)","Sophos Home Premium (20190325)","Trend Micro Internet Security (20190325)","VirIT eXplorer PRO (20190325)","Webroot SecureAnywhere (20190325)"],"avAllowList":["Windows Defender (20190325)"]}],"additionalFiles":[],"sources":[{"howFound":"Partner.Inquiry","reference":"Kevin at Symantec","landingPage":"https://www.wifiprotector.com/","directDownloadingLink":"https://www.wifiprotector.com/downloads/download.aspx?viewmode=0&devicename&lang=en-US&langobjectlifetime=request&loaddevice=1&aliaspath=%2fwifiprotector%2fdefault-temp&referencedWebsite=www.wifiprotector.com&language=en","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.wifiprotector.com/downloads/download.aspx?viewmode=0&devicename&lang=en-US&langobjectlifetime=request&loaddevice=1&aliaspath=%2fwifiprotector%2fdefault-temp&referencedWebsite=www.wifiprotector.com&language=en","sourceIndex":"3395"}],"sampleFiles":["181230/WiFiProtector-180116/4.0.1.304/Samples/wifiprotector_008102fe42e94ecaaf7b096a24138afb_.exe"],"imageFiles":["181230/WiFiProtector-180116/4.0.1.304/Images/ACR-048/software.PNG","181230/WiFiProtector-180116/4.0.1.304/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["181230/WiFiProtector-180116/4.0.1.304/Images/ACR-065/acr_065.PNG","181230/WiFiProtector-180116/4.0.1.304/Images/ACR-065/software.PNG","181230/WiFiProtector-180116/4.0.1.304/Images/ACR-002/Capture2.PNG","181230/WiFiProtector-180116/4.0.1.304/Images/ACR-002/Capture1.PNG","181230/WiFiProtector-180116/4.0.1.304/Images/ACR-161/testimonials.PNG","181230/WiFiProtector-180116/4.0.1.304/Images/ACR-099/acr_099_S.PNG"],"guid":"7ab5f245-9e70-4e49-931c-9965565789f1_4.0.1.304_1","appID":"WiFiProtector-180116","dateAdded":"181230","deceptorType":"App","name":"WifiProtector","company":"Optimal Software s.r.o","version":"4.0.1.304","sigName":"Deceptor:Win32/WifiProtector!048084","lastKnownStatus":"Deceptor:4.0.1.304","lastKnownDate":"181230","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-12-31T06:29:55.8828432+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2347},{"violations":{"ACR-004":" The App requires customer to purchase the product to provide fix for the issues identified during free scan. The orange background for issues identified during free scan is used to raise the unnecessary urgency for action.\n\n","ACR-017":" The offer page has logos of awards of reviews that is not clickable which cannot be verified. \n\n","ACR-084":" The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent or without the option for user to disable it in app's setting.\n\n"},"nonDeceptorViolations":{"ACR-163":"The app displays a support call center phone number and live chat but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer. Also tried the live-chat but it is not working. \n","ACR-160":" The app needs to use certified call center if all center is used to monetize the app.\n\n","ACR-099":" The application has no link to uninstall information on the App.\n\n The application has no link to uninstall information on the about page or FAQ page. \n\n","ACR-068":" The App offers options of \"per year\" OR \"per month\" payment method in the landing page, but there is no selection of \"per month\" in the drop-down box. \n\n The App offers options of \"per year\" OR \"per month\" payment method in the landing page, but there is no selection of \"per month\" in the drop-down box. \n\n","ACR-017":" The Landing page has logos of awards of reviews that is not clickable which cannot be verified. \n\n"},"samples":[{"isRevoked":"False","fileName":"PCPrivacyCleaner.exe","isInstaller":"True","companyName":"Avbit Inc.                                                  ","productName":"PC PrivacyCleaner                                           ","productVersion":"3","fileVersion":"3","hashMD5":"e447545c9aca23fe39c40aa94e5b7748","hashSHA1":"7dea73f2887a67ed3946967422c12ea5eac319d1","hashSHA256":"abfb8913a81515473c3d2a8cfe5066eeb5ac9f837af3ae4dfff22a9fd67275df","digitalCertThumbprint":"F00B7815053DA46E8602922164D2F401ADE7632C","sourceIndex":"3361","avBlockList":["Avast Internet Security (20190124)","AVG Internet Security (20190124)","Avira Internet Security (20190124)","Bitdefender Internet Security (20190124)","ESET Internet Security (20190124)","G DATA INTERNET SECURITY (20190124)","K7 Total Security (20190124)","Kaspersky Internet Security (20190124)","Malwarebytes Premium (20190124)","McAfee Total Protection (20190124)","Norton Security (20190124)","Panda Dome (20190124)","Sophos Home Premium (20190124)","Trend Micro Internet Security (20190124)","VirIT eXplorer PRO (20190124)","Webroot SecureAnywhere (20190124)","Windows Defender (20190124)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.avbit.com/","directDownloadingLink":"http://www.avbit.com/ressources/OptiCamp/PCPrivacyCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.avbit.com/ressources/OptiCamp/PCPrivacyCleaner.exe","sourceIndex":"3361"}],"sampleFiles":["181226/PCPrivacyCleaner-181219/3.0/Samples/PCPrivacyCleaner.exe"],"imageFiles":["181226/PCPrivacyCleaner-181219/3.0/Images/ACR-004/fix.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-004/fix2.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-084/084.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-017/awards.png"],"nonDeceptorImageFiles":["181226/PCPrivacyCleaner-181219/3.0/Images/ACR-163/160-163.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-160/160-163.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-068/offer.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-099/099-2.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-099/099.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-099/099.png","181226/PCPrivacyCleaner-181219/3.0/Images/ACR-017/awards.png"],"guid":"26f0138a-0ab8-4f02-b30a-ff5c23d44489_3.0_1","appID":"PCPrivacyCleaner-181219","dateAdded":"181226","deceptorType":"App","name":"PC PrivacyCleaner","company":"Avbit Inc.","version":"3.0","sigName":"Deceptor:Win32/PCPrivacyCleaner!004017084","firstVendorContactDate":"190104","firstAppEsteemReplyDate":"190104","firstResolvedDate":"190115","firstResolvedVersion":"3.1","resolved":"TRUE","lastKnownStatus":"Deceptor:3.0","lastKnownDate":"181226","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-15T21:29:21.9884211+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2352},{"violations":{"ACR-003":"The application exaggerates system, registry, performance and privacy issues as high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-004":"The app displays urgency-inciting and unsubstantiated warnings and issues, and a red colored bar creates an unrealistic sense of urgency. Although the scan itself is free, the app does not allow users to fix alleged issues without \"activating\" the product, which requires a purchased License Key.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent, and there is no option in the app's setting to disable the scheduled task\n","ACR-168":"App doesn't disclose the additional service will be offered during call center one-one interaction\n"},"nonDeceptorViolations":{"ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"PCHealthAid.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"de0b0ae298725ef4f498ecc19c5bcdb7","hashSHA1":"a2656a04de7561950228f38668dd4d9617f28f7d","hashSHA256":"0298d61701c8ed8f9b1d794451988e371e652d81eca01ed6d41bc612c884c60a","digitalCertThumbprint":"25AC97600A58147A4128A15212BAFA865048F2F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPUTER SCIENCE TECH SP Z O O, O=COMPUTER SCIENCE TECH SP Z O O, STREET=Ul. Lucka 20/88, L=Warsaw, S=Masovian, PostalCode=00-845, C=PL","sourceIndex":"3164","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)"]},{"isRevoked":"False","fileName":"PCHealthAid_Installed_Version.exe","fileVersion":"0.0","hashMD5":"8a28b8c65fa54f6d95828e91b6c4b8e7","hashSHA1":"e7619efd06c6f259279c2b5552bd4a0d9b6eead3","hashSHA256":"4476b9356e8d307775f35a241f854644b7618ec5a1266b7b360e894a998bfcab","digitalCertThumbprint":"25AC97600A58147A4128A15212BAFA865048F2F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPUTER SCIENCE TECH SP Z O O, O=COMPUTER SCIENCE TECH SP Z O O, STREET=Ul. Lucka 20/88, L=Warsaw, S=Masovian, PostalCode=00-845, C=PL","sourceIndex":"3164","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCHealthAid_12142018.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"8a89e687a18c4fbd43700a81f1aab487","hashSHA1":"7fcc527eb3f247d359211975352485255994ed5b","hashSHA256":"95ce11c36f138977f03353215e6d84308fe54b40333e325330e57b8e87c51ad6","digitalCertThumbprint":"25AC97600A58147A4128A15212BAFA865048F2F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPUTER SCIENCE TECH SP Z O O, O=COMPUTER SCIENCE TECH SP Z O O, STREET=Ul. Lucka 20/88, L=Warsaw, S=Masovian, PostalCode=00-845, C=PL","sourceIndex":"3164","avBlockList":["Avast Internet Security (20190302)","AVG Internet Security (20190302)","Avira Internet Security (20190302)","ESET Internet Security (20190302)","G DATA INTERNET SECURITY (20190302)","K7 Total Security (20190302)","Kaspersky Internet Security (20190302)","Malwarebytes Premium (20190302)","McAfee Total Protection (20190302)","Norton Security (20190302)","Panda Dome (20190302)","Sophos Home Premium (20190302)","Trend Micro Internet Security (20190302)","VirIT eXplorer PRO (20190302)","Webroot SecureAnywhere (20190302)","Windows Defender (20190302)"],"avAllowList":["Bitdefender Internet Security (20190302)"]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"Existing decepter review","landingPage":"http://pchealthaid.com/","directDownloadingLink":"http://lfip8ejoxhg3et1i.downloadhosts.net/abcdef0501","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://lfip8ejoxhg3et1i.downloadhosts.net/abcdef0501","sourceIndex":"3164"}],"sampleFiles":["181226/PCHealthAid-171012/4.0/Samples/PCHealthAid_r1.exe","181226/PCHealthAid-171012/4.0/Samples/PCHealthAid_Installed_Version_r1.exe","181226/PCHealthAid-171012/4.0/Samples/PCHealthAid_12142018_r1.exe"],"imageFiles":["181226/PCHealthAid-171012/4.0/Images/ACR-003/ACR_003_SOFTWARE.PNG","181226/PCHealthAid-171012/4.0/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_1.PNG","181226/PCHealthAid-171012/4.0/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_2.PNG","181226/PCHealthAid-171012/4.0/Images/ACR-168/PCHealthAid_168.PNG","181226/PCHealthAid-171012/4.0/Images/ACR-004/Capture.PNG","181226/PCHealthAid-171012/4.0/Images/ACR-004/Capture.PNG"],"nonDeceptorImageFiles":["181226/PCHealthAid-171012/4.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","181226/PCHealthAid-171012/4.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","181226/PCHealthAid-171012/4.0/Images/ACR-099/ACR_099_SOFTWARE.PNG"],"guid":"6d5a733e-9abb-4305-b0f6-bae8d61244c9_4.0_1","appID":"PCHealthAid-171012","dateAdded":"181226","deceptorType":"App","name":"PC Health Aid","company":"Comguard Solutions Ltd.","version":"4.0","sigName":"Deceptor:Win32/PCHealthAid!003004084168","lastKnownStatus":"Deceptor:4.0","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-03-02T02:08:36.6760212+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2353},{"violations":{"ACR-004":"The App requires customer to purchase the product to provide fix for the issues identified during free scan.\n","ACR-017":"The Landing page has logos of awards of reviews that is not clickable which cannot be verified.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. And there is no option for user to disable such task in app setting.\n"},"nonDeceptorViolations":{"ACR-163":"The app displays a support call center phone number and live chat but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer. Also tried the live-chat but it is not working.\n","ACR-160":"The app needs to use certified call center if call center is used to monetize the app.\n","ACR-099":"The application has no link to uninstall information on the about page or FAQ page.\n","ACR-068":"The App offers options of \"per year\" OR \"per month\" payment method in the landing page, but there is no selection of \"per month\" in the drop-down box.\nThe App offers options of \"per year\" OR \"per month\" payment method in the landing page, but there is no selection of \"per month\" in the drop-down box.\n","ACR-017":"The Landing page has logos of awards of reviews that is not clickable which cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"PCDriverUpdater.exe","isInstaller":"True","companyName":"Avbit Inc.                                                  ","productName":"PC DriverUpdater                                            ","productVersion":"5.0.190                                           ","fileVersion":"5.0.190             ","hashMD5":"fc968e34a72fbd7679eb3f70a4b7f511","hashSHA1":"103947715cebf7669eb7e2f8f82af4c992d952ed","hashSHA256":"8202394039c0183655988e059d676e915daeae503c071bc91b0472f41ea4df7d","digitalCertThumbprint":"F00B7815053DA46E8602922164D2F401ADE7632C","sourceIndex":"3362","avBlockList":["Avast Internet Security (20190124)","AVG Internet Security (20190124)","Avira Internet Security (20190124)","ESET Internet Security (20190124)","G DATA INTERNET SECURITY (20190124)","K7 Total Security (20190124)","Kaspersky Internet Security (20190124)","Malwarebytes Premium (20190124)","McAfee Total Protection (20190124)","Norton Security (20190124)","Panda Dome (20190124)","Sophos Home Premium (20190124)","Trend Micro Internet Security (20190124)","VirIT eXplorer PRO (20190124)","Webroot SecureAnywhere (20190124)","Windows Defender (20190124)"],"avAllowList":["Bitdefender Internet Security (20190124)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.avbit.com","directDownloadingLink":"http://www.avbit.com/ressources/OptiCamp/PCDriverUpdater.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.avbit.com/ressources/OptiCamp/PCDriverUpdater.exe","sourceIndex":"3362"}],"sampleFiles":["181226/PCDriverUpdater-181219/5.0.190/Samples/PCDriverUpdater.exe"],"imageFiles":["181226/PCDriverUpdater-181219/5.0.190/Images/ACR-004/fix.png","181226/PCDriverUpdater-181219/5.0.190/Images/ACR-004/fix2.png","181226/PCDriverUpdater-181219/5.0.190/Images/ACR-017/awards (1).png","181226/PCDriverUpdater-181219/5.0.190/Images/ACR-084/084.png"],"nonDeceptorImageFiles":["181226/PCDriverUpdater-181219/5.0.190/Images/ACR-099/099.png","181226/PCDriverUpdater-181219/5.0.190/Images/ACR-017/awards.png","181226/PCDriverUpdater-181219/5.0.190/Images/ACR-160/160-163.png","181226/PCDriverUpdater-181219/5.0.190/Images/ACR-163/160-163.png","181226/PCDriverUpdater-181219/5.0.190/Images/ACR-068/offer1.png"],"guid":"fb803c69-79e7-4c67-a727-1be44dddcec8_5.0.190_1","appID":"PCDriverUpdater-181219","dateAdded":"181226","deceptorType":"App","name":"PC DriverUpdater","company":"Avbit Inc.","version":"5.0.190","sigName":"Deceptor:Win32/PCDriverUpdater!004017084","firstVendorContactDate":"190104","firstAppEsteemReplyDate":"190104","firstResolvedDate":"190115","firstResolvedVersion":"5.0.269.0","resolved":"TRUE","lastKnownStatus":"Deceptor:5.0.190","lastKnownDate":"181226","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-15T18:23:40.8283254+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2355},{"violations":{"ACR-009":"The application attempts to coerce the user into taking some action by playing a warning message audio after scan completes, which threaten dire consequences if action is not taken.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the Returns and Cancellation Policy.\nThe application's install wizard has no link to the Terms of Service, Privacy Policy and Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has a testimonials that has no links back to the sources so consumers can verify if they're real.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling the application a webpage opens with information stating that consumer can get 50% off discount for the program that was uninstalled.\n","ACR-171":"The application's internal offer webpage has an additional offer option pre-selected.\n"},"samples":[{"isRevoked":"False","fileName":"PCHealthAid.exe","isInstaller":"True","companyName":"Com Guard Solutions","productName":"PC Health Aid v1.1","productVersion":"1.1","fileVersion":"1.1","hashMD5":"fb55b0445d379f158d62f0a3da11cd40","hashSHA1":"e00c61c033a9bf128c3c2ee10d49b0e5a11ec04c","hashSHA256":"299eac9601738615e813b37f1e674e7ac0f196cf9acaf16ea7029814bea714fe","digitalCertThumbprint":"54ED18C39F57A8D82158A561A9D83DF479849634","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Comguard Limited","sourceIndex":"3165","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PCHealthAid4.3.18","isInstaller":"True","companyName":"Computer Science Tech Sp. Zo.o.","productName":"PC Health Aid","productVersion":"4.0","fileVersion":"0.0","hashMD5":"4d355c3b21d6a5218e76fa10bd687f92","hashSHA1":"bf6d66ba9fa67bda02490083f047b0fff5b4d867","hashSHA256":"17cba6d832580c8443e8044240324c0025c90ea1885795f42c6a02749d413e94","digitalCertThumbprint":"25AC97600A58147A4128A15212BAFA865048F2F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=COMPUTER SCIENCE TECH SP Z O O, O=COMPUTER SCIENCE TECH SP Z O O, STREET=Ul. Lucka 20/88, L=Warsaw, S=Masovian, PostalCode=00-845, C=PL","sourceIndex":"3165","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://softdeluxe.com/","landingPage":"http://pchealthaid.com/","directDownloadingLink":"http://vt1518.downloadhosts.net/abcd0501","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://vt1518.downloadhosts.net/abcd0501","sourceIndex":"3165"}],"sampleFiles":["181226/PCHealthAid-171012/1.1/Samples/PCHealthAid.exe","181226/PCHealthAid-171012/1.1/Samples/PCHealthAid4.3.18.exe"],"imageFiles":["181226/PCHealthAid-171012/1.1/Images/ACR-084/ACR-084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["181226/PCHealthAid-171012/1.1/Images/ACR-171/ACR-171_INTERNAL_OFFERS.PNG","181226/PCHealthAid-171012/1.1/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_1.PNG","181226/PCHealthAid-171012/1.1/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_2.PNG","181226/PCHealthAid-171012/1.1/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_3.PNG","181226/PCHealthAid-171012/1.1/Images/ACR-092/ACR_092_SOFTWARE.PNG","181226/PCHealthAid-171012/1.1/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"6d5a733e-9abb-4305-b0f6-bae8d61244c9_1.1_1","appID":"PCHealthAid-171012","dateAdded":"181226","deceptorType":"App","name":"PC Health Aid","company":"Comguard Solutions Ltd.","version":"1.1","sigName":"Deceptor:Win32/PCHealthAid!009084","lastKnownStatus":"Deceptor:4.0","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-03-02T02:08:13.9752578+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2354},{"violations":{"ACR-003":"App exaggerates the issues by using the bigger font to emphasize \"HIGHLY RECOMMENDED\" to fix the issue.\n","ACR-004":"1) The app doesn't provide complete free fix for the identified issues during “Free Scan”\n2) App uses the alarming colors highlight the action to raise the urgency for fix the issues.\n","ACR-168":"App doesn't disclose the additional offer may be applied during phone call support\n"},"nonDeceptorViolations":{"ACR-002":"App's name is inconsistent across interaction points. Name on GUI is \"System TuneUP\" while on landing page/eula/purchase page it's \"System Tune\". Landing page URL is also still using old name \"Advanced Computer Repair\". \n"},"samples":[{"isRevoked":"False","fileName":"SystemTuneUpPROSetup.exe","isInstaller":"True","companyName":"SYSTEM TUNEUP SRL","productName":"System TuneUp PRO","productVersion":"3.4.5","fileVersion":"3.4.5","hashMD5":"0d697bcb9b9f68d841f7c5928a62cdab","hashSHA1":"7a469606f0911becd0bedd2d2426587cea6611b9","hashSHA256":"aaf2116e9048b85ebfa9fb880d6541b79a94db5df0d70ed90c8512e377d3470a","digitalCertThumbprint":"536C1CEFE3938AD11DA60611DCD4869C1755A343","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SYSTEM TUNEUP SRL, O=SYSTEM TUNEUP SRL, L=STEFANESTII DE JOS, C=RO","sourceIndex":"3452","avBlockList":["Avast Internet Security (20190318)","AVG Internet Security (20190318)","Avira Internet Security (20190318)","ESET Internet Security (20190318)","G DATA INTERNET SECURITY (20190318)","K7 Total Security (20190318)","Kaspersky Internet Security (20190318)","Malwarebytes Premium (20190318)","McAfee Total Protection (20190318)","Norton Security (20190318)","Panda Dome (20190318)","Sophos Home Premium (20190318)","Trend Micro Internet Security (20190318)","VirIT eXplorer PRO (20190318)","Webroot SecureAnywhere (20190318)","Windows Defender (20190318)"],"avAllowList":["Bitdefender Internet Security (20190318)"]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"http://malware-protect.io/advanced-computer-repair.php","directDownloadingLink":"http://malware-protect.io/advanced-computer-repair.php","landingPageWildChar":"","directDownloadingLinkWildChar":"http://malware-protect.io/advanced-computer-repair.php","sourceIndex":"3452"}],"sampleFiles":["181222/systemtune-180810/3.4.5/Samples/SystemTuneUpPROSetup.exe"],"imageFiles":["181222/systemtune-180810/3.4.5/Images/ACR-004/ACR-004_Software_NoFullFreeFix.JPG","181222/systemtune-180810/3.4.5/Images/ACR-168/CallSupport_168.PNG","181222/systemtune-180810/3.4.5/Images/ACR-003/ScanResult2.PNG"],"nonDeceptorImageFiles":["181222/systemtune-180810/3.4.5/Images/ACR-002/ACR-002-Inconsistantname.jpg","181222/systemtune-180810/3.4.5/Images/ACR-002/ACR-002-inconsistantName2.jpg"],"guid":"aea849a0-af17-43aa-ba8e-81a6b33b3980_3.4.5_1","appID":"systemtune-180810","dateAdded":"181222","deceptorType":"App","name":"System TuneUp","company":"System Tune SRL","version":"3.4.5","sigName":"Deceptor:Win32/SystemTuneUp!003004168","lastKnownStatus":"Deceptor:3.4.5","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2356},{"violations":{"ACR-004":"After performing a free scan, app does not provide a free fix for the drivers found (cannot create a restore point, cannot install).\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\nThe landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n"},"samples":[{"isRevoked":"False","fileName":"DriverEasy_Setup.exe","isInstaller":"True","companyName":"Easeware                                                    ","productName":"Driver Easy","productVersion":"5.6.7","fileVersion":"5.6.7.0","hashMD5":"39e8692df90e86d72ab6bad338473112","hashSHA1":"3576322386632c6a755ec70f4fcf37518d4230ac","hashSHA256":"bd27f2f5bb93a9458bb3d7b9056e376f4cb71178b284a961ee747efc42b374cf","digitalCertThumbprint":"CDCDAC0BB5F7515042776019A013E09C5D36E84E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Easeware Technology Limited, O=Easeware Technology Limited, L=Tsimshatsui, S=Kowloon, C=HK","sourceIndex":"3381","avBlockList":["Avira Internet Security (20190121)","Kaspersky Internet Security (20190121)","Webroot SecureAnywhere (20190121)"],"avAllowList":["Bitdefender Internet Security (20190121)","ESET Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","Malwarebytes Premium (20190121)","McAfee Total Protection (20190121)","Norton Security (20190121)","Panda Dome (20190121)","Sophos Home Premium (20190121)","Trend Micro Internet Security (20190121)","VirIT eXplorer PRO (20190121)","Windows Defender (20190121)"]},{"isRevoked":"False","fileName":"DriverEasy.exe","companyName":"Easeware","productName":"DriverEasy","productVersion":"5.6.7","fileVersion":"5.6.7","hashMD5":"b01f5de3cc3b36a20d301ec96f5671b1","hashSHA1":"f8730b92201b1a1c9c48048771078c884df91db9","hashSHA256":"8a3e3b9280a9de9f8d4ad73132dc4d4c9e64eb62548bdc96c97b12c3338e39c0","digitalCertThumbprint":"CDCDAC0BB5F7515042776019A013E09C5D36E84E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Easeware Technology Limited, O=Easeware Technology Limited, L=Tsimshatsui, S=Kowloon, C=HK","sourceIndex":"3381","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.drivereasy.com/","directDownloadingLink":"https://www.drivereasy.com/DriverEasy_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"3381"}],"sampleFiles":["181222/DriverEasy-181102/5.6.7/Samples/DriverEasy_Setup.exe","181222/DriverEasy-181102/5.6.7/Samples/DriverEasy.exe"],"imageFiles":["181222/DriverEasy-181102/5.6.7/Images/ACR-004/ACR004_freefix.PNG","181222/DriverEasy-181102/5.6.7/Images/ACR-004/2018-12-22_20-09-13.gif"],"nonDeceptorImageFiles":["181222/DriverEasy-181102/5.6.7/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","181222/DriverEasy-181102/5.6.7/Images/ACR-161/ACR_161_LANDING_PAGE.PNG"],"guid":"67d1dccc-2092-41ca-8ca5-f4aba0355c98_5.6.7_1","appID":"DriverEasy-181102","dateAdded":"181222","deceptorType":"App","name":"Driver Easy","company":"Easeware Technology Limited","version":"5.6.7","sigName":"Deceptor:Win32/DriverEasy!004","firstVendorContactDate":"181224","firstAppEsteemReplyDate":"181224","firstResolvedDate":"190105","firstResolvedVersion":"5.6.9.7361","resolved":"TRUE","lastKnownStatus":"Deceptor:5.6.7,5.6.8","lastKnownDate":"181222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-06T01:44:36.0819751+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2357},{"violations":{"ACR-004":"App requires to update to pro to fix the issues identified during free scanning, count each cookie as threat to drive the upgrade to pro\n"},"nonDeceptorViolations":{"ACR-161":"The landing page has testimonials that have no links back to a source so they can be verified.\n","ACR-163":"The app's landing page provides a phone number for one-to-one interaction to receive support but does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-171":"The package included the addition time limited offers that is not disclosed and there is not option for user to un-check those time limited offer.\n"},"samples":[{"isRevoked":"False","fileName":"advanced-systemcare-setup.exe","isInstaller":"True","companyName":"IObit Information Technology                                                  ","productName":"Advanced SystemCare 12","productVersion":"12.1.0","fileVersion":"12.1.0.210","hashMD5":"cab219e0b219e5e72374afbf867ec88d","hashSHA1":"333f798da0f04e0bc11ee3cf596545eb82a355ac","hashSHA256":"2a51a7133360d78094cb48f62d7e506827e907e789bc08c56b46dafdeeeb71b9","digitalCertThumbprint":"D50908537B01CB15A944082F4387B78DFFE7989D","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=IObit Information Technology, O=IObit Information Technology, L=Chengdu, S=Sichuan, C=CN","sourceIndex":"3214","avBlockList":["Avast Internet Security (20190121)","AVG Internet Security (20190121)","K7 Total Security (20190121)","Malwarebytes Premium (20190121)","VirIT eXplorer PRO (20190121)"],"avAllowList":["Avira Internet Security (20190121)","Bitdefender Internet Security (20190121)","ESET Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","Kaspersky Internet Security (20190121)","McAfee Total Protection (20190121)","Norton Security (20190121)","Panda Dome (20190121)","Sophos Home Premium (20190121)","Trend Micro Internet Security (20190121)","Webroot SecureAnywhere (20190121)","Windows Defender (20190121)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.iobit.com/en/advancedsystemcarefree.php","directDownloadingLink":"https://download.cnet.com/Advanced-SystemCare-Free/3001-2086_4-10407614.html?part=dl-","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.cnet.com/Advanced-SystemCare-Free/3001-2086_4-10407614.html?part=dl-","sourceIndex":"3214"}],"sampleFiles":["181222/AdvancedSystemCare-181106/12.1.0.210/Samples/advanced-systemcare-setup.exe"],"imageFiles":["181222/AdvancedSystemCare-181106/12.1.0.210/Images/ACR-004/ASC12_1.PNG"],"nonDeceptorImageFiles":["181222/AdvancedSystemCare-181106/12.1.0.210/Images/ACR-161/ACR-161_landingpage.JPG","181222/AdvancedSystemCare-181106/12.1.0.210/Images/ACR-161/ACR-161_landingpage1.JPG","181222/AdvancedSystemCare-181106/12.1.0.210/Images/ACR-163/ACR-163_landingpage.JPG","181222/AdvancedSystemCare-181106/12.1.0.210/Images/ACR-171/NoOptionToUnCheckInShoppingCart.PNG","181222/AdvancedSystemCare-181106/12.1.0.210/Images/ACR-171/OfferPackageNoDisclosure.PNG"],"guid":"6ba41dc4-70cb-429a-8e76-1ea1172e937a_12.1.0.210_1","appID":"AdvancedSystemCare-181106","dateAdded":"181222","deceptorType":"App","name":"Advanced SystemCare","company":"IObit","version":"12.1.0.210","sigName":"Deceptor:Win32/IObitAdvancedSystemCare!004","firstVendorContactDate":"190114","firstAppEsteemReplyDate":"190114","firstResolvedDate":"190131","firstResolvedVersion":"12.2.0.311","resolved":"TRUE","lastKnownStatus":"Deceptor:12.1.0","lastKnownDate":"181222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-01T07:56:20.0343839+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2358},{"violations":{"ACR-004":"1. The app needs to provide free fix for the identified issues identified during “Free Scan” 2. The app should avoid raising \"Urgency/Priority/Color Graphic\" for the identified issues.\n","ACR-168":"The app displays a big font support call center phone number, but does not provide an equally prominent non-interaction option to the consumer.\n"},"nonDeceptorViolations":{"ACR-038":"\nThe app needs to disclose Original filename for the executable \"pc-suite-setup.exe\".\n\n","ACR-035":"The app needs to disclose App's name to the consumer during installation.\n","ACR-168":"The app displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm)\n","ACR-014":" 1)The app needs to cleanup the word \"errors\" in the landing page. 2)The app needs to change \"Outdated\" images to \"Up-to-date\" images in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"pc-suite-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit PCSuite                                            ","productVersion":"10.0.20.0                                         ","fileVersion":"10.x                ","hashMD5":"a33647943c45e77319d4532bd69b516e","hashSHA1":"1bac57deb09035fe983b5cbb0e15a63fa43c1f7d","hashSHA256":"769ac495aed4ac32b9c6cc42254bfa0be38cd9ace6350a419a1684e59f8e5a9e","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"3166","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Trend Micro Internet Security (20190228)","Windows Defender (20190228)"]}],"additionalFiles":[],"sources":[{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-suite/","directDownloadingLink":"http://www.tweakbit.com/pc-suite/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/pc-suite/download/","sourceIndex":"3166"}],"sampleFiles":["181221/TweakBitPCSuite-181220/10.0.20.0/Samples/pc-suite-setup.exe"],"imageFiles":["181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-004/ACR-004_Software_Exaggeration.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-004/ACR-004_Software_Exaggeration1.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-004/ACR-004_Software_Exaggeration2.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-004/ACR-004_Software_Exaggeration3.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-168/ACR-168_Software_No_Non-Interactive_Option_Available.JPG"],"nonDeceptorImageFiles":["181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-038/ACR-038_Install_Original_Filename_Missing.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-014/ACR-014_Landingpage_Exaggeration.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-014/ACR-014_Landingpage_Exaggeration1.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-014/ACR-014_Landingpage_Outdated_Image.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-014/ACR-014_Landingpage_Outdated_Image1.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-168/ACR-168_Landingpage_No_Non-Interactive_Option_Available.JPG","181221/TweakBitPCSuite-181220/10.0.20.0/Images/ACR-035/ACR-035_Docs_Appname_Missing.JPG"],"guid":"e1529074-0419-4f90-9123-0f61a41373e8_10.0.20.0_1","appID":"TweakBitPCSuite-181220","dateAdded":"181221","deceptorType":"App","name":"TweakBitPCSuite","company":"Tweakbit Pty Ltd","version":"10.0.20.0","sigName":"Deceptor:Win32/TweakBitPCSuite!004168","firstVendorContactDate":"190122","firstAppEsteemReplyDate":"190122","firstResolvedDate":"190301","firstResolvedVersion":"10.0.23.0","resolved":"TRUE","lastKnownStatus":"Deceptor:10.0.20.0; NonCertified:10.0.23.0","lastKnownDate":"190301","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-01T20:04:36.2208121+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2359},{"violations":{"ACR-084":"The silence installation option exist in the app. The usage of this silence installation need to be disclosed if this is necessary for app. \"\"pc-booster-setup.exe\" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART \"\n","ACR-168":"The app displays a big font size support call center phone number, but does not provide an equally prominent non-interaction option to the consumer.\n","ACR-165":"The internal offers page does not disclose enough information about the time-bound discounts whether there might be a change in the pricing after 3 months (The renewal price is still based on discounted price or back to original price).\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose original filename for \"pc-booster-setup.exe\" executable.\n","ACR-002":"The app needs to have an identical company name across all points of the consumer interaction. The app needs to disclose the relationship between Tweakbit and Auslogic.\n","ACR-161":"The quotes and testimonials needs to be verifiable.\n","ACR-056":"App features and functionalities provided during installation mentions \"launch and scan\" which contradicts with the app's functionality as the app requires payment for scanning.\n","ACR-160":"The app needs to use certified call center if additional service be offered during one-one call support\n","ACR-035":"The app needs to disclose app's name to the consumer during installation.\n","ACR-168":"The app displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n"},"samples":[{"isRevoked":"False","fileName":"pc-booster-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit PCBooster                                          ","productVersion":"1.8.4.1                                           ","fileVersion":"1.x                 ","hashMD5":"76096b45ee7cd9918e73e53512824006","hashSHA1":"75a9aa9cd8d1d9713ff8f6063ed567fdf3a0b218","hashSHA256":"a58c5823ee98ea3248a328257fcb97d16dfcfb4b5dfa59321ece12a568b8575b","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"3353","avBlockList":["Avira Internet Security (20190121)","K7 Total Security (20190121)","Kaspersky Internet Security (20190121)","Malwarebytes Premium (20190121)","Panda Dome (20190121)","Sophos Home Premium (20190121)","Webroot SecureAnywhere (20190121)"],"avAllowList":["Avast Internet Security (20190121)","Bitdefender Internet Security (20190121)","ESET Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","McAfee Total Protection (20190121)","Norton Security (20190121)","Trend Micro Internet Security (20190121)","VirIT eXplorer PRO (20190121)","Windows Defender (20190121)"]}],"additionalFiles":[],"sources":[{"howFound":"Resolved Deceptor Re-Review","reference":"","landingPage":"https://www.tweakbit.com/pc-booster/","directDownloadingLink":"http://www.tweakbit.com/pc-booster/download/","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tweakbit.com/pc-booster/download/","sourceIndex":"3353"}],"sampleFiles":["181221/TweakBitPCBooster-181220/1.8.4.1/Samples/pc-booster-setup.exe"],"imageFiles":["181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-084/ACR-084_Software_SilentInstallation.JPG","181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-168/ACR-168_InlineOffers_NoNonInteractiveOption.JPG","181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-165/ACR-165_InternalOffers_NeedInfo.JPG"],"nonDeceptorImageFiles":["181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-038/ACR-038_Install_NoOriginalFilename.JPG","181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-002/ACR-002_Install_CompanyNameShouldBeConsistent.JPG","181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-161/ACR-161_LandingPage_TestimonialsNeedsToBeVerifiable.JPG","181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-056/ACR-056_Software_FunctionalityDoesNotMatch.JPG","181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-160/ACR-160_Software_NeedsToUseCertifiedCallCenter.JPG","181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-168/ACR-168_LandingPage_NoDisclosureAboutAdditionalOffers.JPG","181221/TweakBitPCBooster-181220/1.8.4.1/Images/ACR-035/ACR-035_Docs_NoAppName.JPG"],"guid":"1d1429b6-8dc1-4c49-9bf9-f6bb68b84da8_1.8.4.1_1","appID":"TweakBitPCBooster-181220","dateAdded":"181221","deceptorType":"App","name":"TweakBit PCBooster","company":"Tweakbit Pty Ltd","version":"1.8.4.1","sigName":"Deceptor:Win32/TweakBitPCBooster!084168","firstVendorContactDate":"190117","firstAppEsteemReplyDate":"190121","firstResolvedDate":"190121","firstResolvedVersion":"1.8.4.2","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.4.1,NonCertified:1.8.4.2","lastKnownDate":"181221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-21T18:15:01.278893+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2360},{"violations":{"ACR-003":"App makes exaggerated claims about the system's health (displaying the status as \"severe\", and blinking message \"ALERT\" all in red colors); , thereby misleading or scaring the user to take action. \n","ACR-004":"When you try to fix the scanned problems by clicking the word \"Delete All Junk Files\" , it will open a message that you need to purchase the app to use that function. Clicking OK will redirect the user to purchase page \"http://www.seeknclean.com/buy.htm\".\n","ACR-014":"App implies that the Hard disk severity status is \"Severe\", which is misleading.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to uninstall information on the about page or FAQ page.\n","ACR-099":"The application has no link to uninstall information on the about page or FAQ page.\n","ACR-167":"There is no refund policy provided for this application.\n"},"samples":[{"isRevoked":"False","fileName":"seeknclean_setup.exe","isInstaller":"True","companyName":"Digital Millenium Inc","productName":"SeeknClean 2019","productVersion":"11.0.2019","fileVersion":"11.0.2019","hashMD5":"f929ecc010f00898b04c034ad86fba71","hashSHA1":"093422edfe2c49c4729a312ed3b7731167d78109","hashSHA256":"68278d1486bfb42c39a2f9cefdc36ab47d76e2a0732a7db6073494d938ec0837","digitalCertThumbprint":"FC3AEC550C3246CA47C8DB48E78D27E0ADD6D5B4","sourceIndex":"3454","avBlockList":["Avast Internet Security (20190318)","AVG Internet Security (20190318)","Avira Internet Security (20190318)","ESET Internet Security (20190318)","G DATA INTERNET SECURITY (20190318)","Kaspersky Internet Security (20190318)","Malwarebytes Premium (20190318)","McAfee Total Protection (20190318)","Norton Security (20190318)","Panda Dome (20190318)","Sophos Home Premium (20190318)","Trend Micro Internet Security (20190318)","VirIT eXplorer PRO (20190318)","Webroot SecureAnywhere (20190318)","K7 Total Security (20190318)"],"avAllowList":["Bitdefender Internet Security (20190318)","Windows Defender (20190318)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.seeknclean.com/","directDownloadingLink":"http://seeknclean.com/seeknclean_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://seeknclean.com/seeknclean_setup.exe","sourceIndex":"3454"}],"sampleFiles":["181221/SeeknClean2019-181211/11.0.2019/Samples/seeknclean_setup.exe"],"imageFiles":["181221/SeeknClean2019-181211/11.0.2019/Images/ACR-003/003.png","181221/SeeknClean2019-181211/11.0.2019/Images/ACR-004/004.png","181221/SeeknClean2019-181211/11.0.2019/Images/ACR-004/buy.png","181221/SeeknClean2019-181211/11.0.2019/Images/ACR-014/003.png"],"nonDeceptorImageFiles":["181221/SeeknClean2019-181211/11.0.2019/Images/ACR-099/faq.png","181221/SeeknClean2019-181211/11.0.2019/Images/ACR-065/faq.png"],"guid":"a19e38d9-ae7a-4b80-a383-79cd4bd5bb0c_11.0.2019_1","appID":"SeeknClean2019-181211","dateAdded":"181221","deceptorType":"App","name":"SeeknClean 2019","company":"Digital Millenium Inc.","version":"11.0.2019","sigName":"Deceptor:Win32/SeeknClean2019!003004014","lastKnownStatus":"Deceptor:11.0.2019","lastKnownDate":"181221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-12-21T19:09:41.0392969+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2361},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys and dll files as problems, thereby misleading or scaring user to take action. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-092":"\nThe application does not have a digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"DLLCare_Setup.exe","isInstaller":"True","companyName":"n/a","productName":"DLL Care","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"017be7e5635916e848f81029e6ad1fab","hashSHA1":" d317f0301f2ff949f400b4a98c64fc6cc0ad3886","hashSHA256":"ed450335a81dae8404065800d14ebaf4d06ed50a78a6f4f7ec73daa270ca9e69","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3455","avBlockList":["Avast Internet Security (20190318)","AVG Internet Security (20190318)","Avira Internet Security (20190318)","ESET Internet Security (20190318)","G DATA INTERNET SECURITY (20190318)","K7 Total Security (20190318)","Kaspersky Internet Security (20190318)","Malwarebytes Premium (20190318)","McAfee Total Protection (20190318)","Norton Security (20190318)","Panda Dome (20190318)","Sophos Home Premium (20190318)","Trend Micro Internet Security (20190318)","VirIT eXplorer PRO (20190318)","Webroot SecureAnywhere (20190318)","Windows Defender (20190318)"],"avAllowList":["Bitdefender Internet Security (20190318)"]},{"isRevoked":"False","fileName":"DLL Care.exe","companyName":" Beijing VSK Soft Development Co.,Ltd","productName":"DLL Care","productVersion":"1.0","fileVersion":"1.0.0.0","hashMD5":"8f05c5457cc20fc0a165c3d676e01c7f","hashSHA1":"53255db87dae973c7ba9c3f1154a3b457a41cc21","hashSHA256":"3907970fe10addad40d80200f58bb11e17e5e710083917bda3790770efc1f4f5","digitalCertThumbprint":"49B76C0AD6085E2F7385644F36CECC09F320BCF4","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Beijing VSK Soft Development Co.,Ltd","sourceIndex":"3455","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLCare_Setup_1.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3d67f90a6848e163e43a9323bc7be38e","hashSHA1":"8340f72bed3aeb48d54f3d0d7e2114fe75b04059","hashSHA256":"56b413ee80530b296679c1b87f952be49cdfe23f0adbfcacea0dca5aef14e3dd","sourceIndex":"3455","avBlockList":["Avast Internet Security (20190318)","AVG Internet Security (20190318)","Avira Internet Security (20190318)","Bitdefender Internet Security (20190318)","ESET Internet Security (20190318)","G DATA INTERNET SECURITY (20190318)","K7 Total Security (20190318)","Kaspersky Internet Security (20190318)","Malwarebytes Premium (20190318)","McAfee Total Protection (20190318)","Norton Security (20190318)","Panda Dome (20190318)","Sophos Home Premium (20190318)","Trend Micro Internet Security (20190318)","VirIT eXplorer PRO (20190318)","Webroot SecureAnywhere (20190318)","Windows Defender (20190318)"],"avAllowList":[]},{"isRevoked":"False","fileName":"181218-DLLCare.exe","fileVersion":"1.0","hashMD5":"3517f262395dc41efaa75b19c26a3035","hashSHA1":"83f386cb98554672d12f2fe79862c37ce18d8376","hashSHA256":"9ba0e9c2eb0ec7f78079843aebf038d4e87141f78587f55abdb824a6d717ffde","sourceIndex":"3455","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.dllcare.com/","directDownloadingLink":"http://www.dllcare.com/setup/DLLCare_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dllcare.com/setup/DLLCare_Setup.exe","sourceIndex":"3455"}],"sampleFiles":["181218/DLLCare-180201/1.0.0.0/Samples/DLLCare_Setup.exe","181218/DLLCare-180201/1.0.0.0/Samples/DLLCare.exe","181218/DLLCare-180201/1.0.0.0/Samples/DLLCare_Setup_1.exe","181218/DLLCare-180201/1.0.0.0/Samples/181218-DLLCare.exe"],"imageFiles":["181218/DLLCare-180201/1.0.0.0/Images/ACR-003/acr_003.PNG","181218/DLLCare-180201/1.0.0.0/Images/ACR-003/acr_003_1.PNG","181218/DLLCare-180201/1.0.0.0/Images/ACR-003/acr-003_.PNG"],"nonDeceptorImageFiles":["181218/DLLCare-180201/1.0.0.0/Images/ACR-065/software.PNG","181218/DLLCare-180201/1.0.0.0/Images/ACR-099/software.PNG","181218/DLLCare-180201/1.0.0.0/Images/ACR-099/acr_099_LP.PNG","181218/DLLCare-180201/1.0.0.0/Images/ACR-099/acr_099_IO.PNG"],"guid":"37dd403e-358a-48b5-8cc1-c93e6e9d0c00_1.0.0.0_1","appID":"DLLCare-180201","dateAdded":"181218","deceptorType":"App","name":"DLL Care","company":"Dllcare.com","version":"1.0.0.0","sigName":"Deceptor:Win32/DllCare!003","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2362},{"violations":{"ACR-043":"App doesn't disclose that it will install/use Avira Operations' AV engine\n","ACR-003":"The app shows exaggerated number of problems and yet does not explain what such problems are. Additionally, when you click the \"View Full Report\" it will require user to purchase the app.\nThe app shows exaggerated number of problems and yet does not explain what such problems are. Additionally, when you click the \"View Full Report\" it will require user to purchase the app.\n","ACR-004":"When you try to fix the scanned problems by clicking the word \"Next: Resolve all Problems!\" or \"Resolve Now\", it will redirect the user to purchase the app to fully fix the computer. \n","ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying trusted names such as AVIRA.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-045":" \"FREE DOWNLOAD\" highlights \"free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove the \"free\" word.  \n\n \"FREE DOWNLOAD\" highlights \"free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove the \"free\" word.  \n\n","ACR-002":"The app name is not consistent in the EULA page\n","ACR-068":"The app Requires provide a clear and precise information about its offers to the user. The free apps included does not included information if the user will not be charged in the future.\n","ACR-171":"Given the free offer is not clear whether it is lifetime free or first payment term free, the \"free\" addition offers should be opt-in for user to choose\n\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\MajorAV\\MajorAv.exe","companyName":"MajorAV Software co. Ltd","productName":"MajorAV.exe","productVersion":"3.2","fileVersion":"3.2","hashMD5":"61d76949ddb9367a1ac05e9d7f535eec","hashSHA1":"6fdd22e5e9efaefbdf5b1b67430c5c6aabc0d6a7","hashSHA256":"a8c56bc25059f632939c00943575a59a4c3212c853fd402d6dde02231300a9d3","digitalCertThumbprint":"DB77C67E928CE92E4D13E3C1AB741862E1342499","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":" CN, 100096, Beijing, Changping, \"Room 2-818, No. 19, HuangPing Road, Huilongguan\", \"MajorAV Software Co.,ltd\", \"MajorAV Software Co.,ltd\"","sourceIndex":"3355","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"majorav_win_setup.exe","isInstaller":"True","companyName":"MajorAv Software                                            ","productName":"MajorAV                                                     ","productVersion":"v3.2                                              ","fileVersion":"                    ","hashMD5":"6e05aecb3a37a021b65ad58e4ff3ee8c","hashSHA1":"a59a892ad44595f52b0d514427930fcb61a9335d","hashSHA256":"74b4600e18e1950b124f2895f3fd998940c09f2f94cabfdd5a6b516380201ecf","digitalCertThumbprint":"DB77C67E928CE92E4D13E3C1AB741862E1342499","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":" CN, 100096, Beijing, Changping, \"Room 2-818, No. 19, HuangPing Road, Huilongguan\", \"MajorAV Software Co.,ltd\", \"MajorAV Software Co.,ltd\"","sourceIndex":"3355","avBlockList":["Avast Internet Security (20190211)","AVG Internet Security (20190211)","ESET Internet Security (20190211)","G DATA INTERNET SECURITY (20190211)","K7 Total Security (20190211)","Kaspersky Internet Security (20190211)","Malwarebytes Premium (20190211)","McAfee Total Protection (20190211)","Norton Security (20190211)","Panda Dome (20190211)","Sophos Home Premium (20190211)","Trend Micro Internet Security (20190211)","VirIT eXplorer PRO (20190211)","Webroot SecureAnywhere (20190211)","Windows Defender (20190211)"],"avAllowList":["Avira Internet Security (20190211)","Bitdefender Internet Security (20190211)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.majorav.com/","directDownloadingLink":"http://www.majorav.com/download/majorav_win_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.majorav.com/download/majorav_win_setup.exe","sourceIndex":"3355"}],"sampleFiles":["181217/MajorAV-181217/3.2/Samples/majorav_win_setup.exe"],"imageFiles":["181217/MajorAV-181217/3.2/Images/ACR-017/acr-017.png","181217/MajorAV-181217/3.2/Images/ACR-004/fix1.png","181217/MajorAV-181217/3.2/Images/ACR-004/fix_redirect.png","181217/MajorAV-181217/3.2/Images/ACR-084/scheduler2.png","181217/MajorAV-181217/3.2/Images/ACR-003/003.png","181217/MajorAV-181217/3.2/Images/ACR-003/full_report.png","181217/MajorAV-181217/3.2/Images/ACR-043/043.png"],"nonDeceptorImageFiles":["181217/MajorAV-181217/3.2/Images/ACR-002/eula.png","181217/MajorAV-181217/3.2/Images/ACR-045/045.png","181217/MajorAV-181217/3.2/Images/ACR-045/045.png","181217/MajorAV-181217/3.2/Images/ACR-068/promo.png","181217/MajorAV-181217/3.2/Images/ACR-171/MajorAVOffers.PNG"],"guid":"7d7c6434-93d0-41fb-bf33-eb708088db4f_3.2_1","appID":"MajorAV-181217","dateAdded":"181217","deceptorType":"App","name":"MajorAV","company":"MajorAV Software","version":"3.2","sigName":"Deceptor:Win32/MajorAV!003004017043084","firstVendorContactDate":"190111","firstAppEsteemReplyDate":"190111","firstResolvedDate":"190117","firstResolvedVersion":"4.0","resolved":"TRUE","lastKnownStatus":"Deceptor:3.2","lastKnownDate":"190117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-18T03:38:07.9898034+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2363},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's scan schedule is set to do not schedule, however the app has created multiple scheduled task in the windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app' Privacy Policy\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"Application automatically starts a scan after opening without any user action.\n"},"samples":[{"isRevoked":"False","fileName":"EasyDriverPro.exe","isInstaller":"True","companyName":"Probit Software LTD","productName":"Easy Driver Pro","productVersion":"8.2.0","fileVersion":"8.2.0.9","hashMD5":"d3464e964d8dc8ae80263b6553a063a0","hashSHA1":"02b23dbcae18e78225f146651e0a06942132e32d","hashSHA256":"40230d8d795d3cedd9a6d42417acb8d3dbb083ba033634291b0262e448fcc34f","digitalCertThumbprint":"2F96454363E9D65A5F96126673531D9E4A5D1730","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Probit Software LTD, O=Probit Software LTD, L=Netanya, S=Netanya, C=IL","sourceIndex":"3207","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"],"avAllowList":["Norton Security (20190209)","Trend Micro Internet Security (20190209)"]},{"isRevoked":"False","fileName":"c:\\program files (x86)\\probit software\\easy driver pro\\EasyDriverPro.exe","companyName":"Probit Software LTD","productName":"Easy Driver Pro","productVersion":"10.0.0","fileVersion":"3.1.0.5","hashMD5":"b41509267d583165bec3a35cbc65b1fd","hashSHA1":"6644e17c78c4b175ef3f7c83984fc962d768ffff","hashSHA256":"0b4e130e9d0d646781e28afa829ec837d66b794e2d3b40de2a2046d4034e12bb","digitalCertThumbprint":"‎9be8da0e4620e9865fe8dd886f03008dbc5b5535","digitalCertIssuer":" VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Probit Software LTDProbit Software LTD","sourceIndex":"3207","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"EasyDriverPro_MainExecutable.exe","companyName":"Probit Software LTD","productName":"Easy Driver Pro","productVersion":"10.0.0","fileVersion":"4.0","hashMD5":"b41509267d583165bec3a35cbc65b1fd","hashSHA1":"6644e17c78c4b175ef3f7c83984fc962d768ffff","hashSHA256":"0b4e130e9d0d646781e28afa829ec837d66b794e2d3b40de2a2046d4034e12bb","digitalCertThumbprint":"9BE8DA0E4620E9865FE8DD886F03008DBC5B5535","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Probit Software LTD, O=Probit Software LTD, L=Herzeliya, S=Sharon, C=IL","sourceIndex":"3207","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.easydriverpro.com/","directDownloadingLink":"http://www.easydriverpro.com/download.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.easydriverpro.com/download.php","sourceIndex":"3207"}],"sampleFiles":["181214/EasyDriverPro-181203/8.2.0.9/Samples/EasyDriverPro.exe","181214/EasyDriverPro-181203/8.2.0.9/Samples/EasyDriverPro_MainExecutable.exe"],"imageFiles":["181214/EasyDriverPro-181203/8.2.0.9/Images/ACR-084/ACR 84 fail pt. 1.png","181214/EasyDriverPro-181203/8.2.0.9/Images/ACR-084/ACR 84 fail pt. 2.png"],"nonDeceptorImageFiles":["181214/EasyDriverPro-181203/8.2.0.9/Images/ACR-065/Acr 65 Fail.png","181214/EasyDriverPro-181203/8.2.0.9/Images/ACR-088/Windows 10 (Windows 10 Homescreen With Tools) [Running] - Oracle VM VirtualBox 12_7_2018 5_12_31 PM.mp4","181214/EasyDriverPro-181203/8.2.0.9/Images/ACR-065/ACR 65 Fail software.png"],"guid":"8dfc2c7e-9522-4ead-ae66-23b3c5e11434_8.2.0.9_1","appID":"EasyDriverPro-181203","dateAdded":"181214","deceptorType":"App","name":"Easy Driver Pro","company":"Probit Software LTD","version":"8.2.0.9","sigName":"Deceptor:Win32/EasyDriverPro!084","firstVendorContactDate":"190204","firstAppEsteemReplyDate":"190205","firstResolvedDate":"190205","firstResolvedVersion":"","resolved":"TRUE","lastKnownStatus":"Deceptor:8.2.0.9","lastKnownDate":"181214","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-02-05T21:03:16.846432+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2364},{"violations":{"ACR-003":"The application reports system having 11 device drivers and game components needs to be updated, implies the system has medium issue by using alarming color bar, raises sens of urgency for user to take action.\n","ACR-071":"The user is unable to decline the offers \"IObit Uninstaller 8 PRO, Smart Defrag 6 PRO and Protected Folder\" independently. The apps are added as Halloween Sale for the user and is unable to be declined in the shopping cart. The renewal charge is not clear whether these items be free or back to normal price. \n","ACR-014":"Alarming color bar provides the unsubstantiated status summary about system. The alarming pattern implies system could be in \"red\" position without updates.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driver_booster_setup.exe","isInstaller":"True","companyName":"IObit                                                       ","productName":"Driver Booster 6","productVersion":"6.0","fileVersion":"6.0.2","hashMD5":"8a38440a5631df73500db64a8ef6db54","hashSHA1":"a7bf40552d8b5b4786be588c655f895ac3182271","hashSHA256":"aeaf9b6f003f34ea1e96d99c13916df0247e44c2677cef61df9a36e40cdf9b31","digitalCertThumbprint":"D50908537B01CB15A944082F4387B78DFFE7989D","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=IObit Information Technology, O=IObit Information Technology, L=Chengdu, S=Sichuan, C=CN","sourceIndex":"3517","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Sophos Home Premium (20190209)"],"avAllowList":["Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"]},{"isRevoked":"False","fileName":"DriverBooster.exe","companyName":"IObit","productName":"Driver Booster","productVersion":"6.0","fileVersion":"6.0.2.639","hashMD5":"3a9ae522891400f4f343e80200392fbe","hashSHA1":"e534aa3d96bb78fc6f4bb71ef4d236abde60983a","hashSHA256":"cb7ed06982151057f97de7c03471cd10f3aeadfb9bff65e1f07284c7f2dad525","digitalCertThumbprint":"D50908537B01CB15A944082F4387B78DFFE7989D","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=IObit Information Technology, O=IObit Information Technology, L=Chengdu, S=Sichuan, C=CN","sourceIndex":"3517","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.iobit.com/en/driver-booster.php#","directDownloadingLink":"https://files.downloadnow-1.com/s/software/16/22/41/07/driver_booster_setup.exe?token=1541544451_fcb028ee99efb6bed3ac5348cae00f9f&fileName=driver_booster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.downloadnow-1.com/s/software/16/22/41/07/driver_booster_setup.exe?token=1541544451_fcb028ee99efb6bed3ac5348cae00f9f&fileName=driver_booster_setup.exe","sourceIndex":"3517"}],"sampleFiles":["181106/DriverBooster-181106/6.0.2.639/Samples/driver_booster_setup.exe","181106/DriverBooster-181106/6.0.2.639/Samples/DriverBooster.exe"],"imageFiles":["181106/DriverBooster-181106/6.0.2.639/Images/ACR-003/ACR_003_SOFTWARE.PNG","181106/DriverBooster-181106/6.0.2.639/Images/ACR-014/ACR_014_SOFTWARE.PNG","181106/DriverBooster-181106/6.0.2.639/Images/ACR-071/ACR_071_INTERNAL_OFFERS_SCREENSHOT_1.PNG","181106/DriverBooster-181106/6.0.2.639/Images/ACR-071/ACR_071_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":[],"guid":"70f19f5a-08c2-4282-b5b6-1334393ce962_6.0.2.639_1","appID":"DriverBooster-181106","dateAdded":"181214","deceptorType":"App","name":"Driver Booster","company":"IObit Information Technology","version":"6.0.2.639","sigName":"Deceptor:Win32/DriverBooster!003014071","firstVendorContactDate":"190114","firstAppEsteemReplyDate":"190114","firstResolvedDate":"190128","firstResolvedVersion":"6.2.1.263","resolved":"TRUE","lastKnownStatus":"Deceptor:6.1.0.138","lastKnownDate":"181214","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2019-01-28T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2366},{"violations":{"ACR-003":"The application reports system having 16 device drivers and game components needs to be updated, implies the system has medium issue by using alarming color bar, raises sens of urgency for user to take action.\n","ACR-004":"The app does not provide free fixes for regularly recurring results. The app uses different colors and graphs for scan results to raise the sense of urgency to the user. \n","ACR-071":"The user is unable to decline the offers \"IObit Uninstaller 8 PRO, Smart Defrag 6 PRO and Protected Folder\" independently. The apps are added as Halloween Sale for the user and is unable to be declined in the shopping cart. The renewal charge is not clear whether these items be free or back to normal price. \n","ACR-014":"Alarming color bar provides the unsubstantiated status summary about system. The alarming pattern implies system could be in \"red\" position without updates.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driver_booster_setup_i.exe","isInstaller":"True","companyName":"IObit                                                       ","fileVersion":"6.1","hashMD5":"70614dcb66385bda412c89389482be87","hashSHA1":"9469e2273608303a759727ac7ed98f09bf0ee3bb","hashSHA256":"0c1b4befaaf18a0ab02b129f9ef8054f8f8283b9bbca213425832e1b8f691d17","digitalCertThumbprint":"D50908537B01CB15A944082F4387B78DFFE7989D","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=IObit Information Technology, O=IObit Information Technology, L=Chengdu, S=Sichuan, C=CN","sourceIndex":"3243","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Sophos Home Premium (20190209)","Webroot SecureAnywhere (20190209)"],"avAllowList":["Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.iobit.com/en/driver-booster.php#","directDownloadingLink":"https://files.downloadnow-1.com/s/software/16/22/41/07/driver_booster_setup.exe?token=1541544451_fcb028ee99efb6bed3ac5348cae00f9f&fileName=driver_booster_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.downloadnow-1.com/s/software/16/22/41/07/driver_booster_setup.exe?token=1541544451_fcb028ee99efb6bed3ac5348cae00f9f&fileName=driver_booster_setup.exe","sourceIndex":"3243"}],"sampleFiles":["181214/DriverBooster-181106/6.1.0.138/Samples/driver_booster_setup_i.exe"],"imageFiles":["181214/DriverBooster-181106/6.1.0.138/Images/ACR-003/DriverBooster.PNG","181214/DriverBooster-181106/6.1.0.138/Images/ACR-014/ACR_014_SOFTWARE.PNG","181214/DriverBooster-181106/6.1.0.138/Images/ACR-004/DriverBooster.PNG","181214/DriverBooster-181106/6.1.0.138/Images/ACR-004/DriverBoosterNotFree.PNG","181214/DriverBooster-181106/6.1.0.138/Images/ACR-071/ACR_071_INTERNAL_OFFERS_SCREENSHOT_1.PNG","181214/DriverBooster-181106/6.1.0.138/Images/ACR-071/ACR_071_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":[],"guid":"70f19f5a-08c2-4282-b5b6-1334393ce962_6.1.0.138_1","appID":"DriverBooster-181106","dateAdded":"181214","deceptorType":"App","name":"Driver Booster","company":"IObit Information Technology","version":"6.1.0.138","sigName":"Deceptor:Win32/DriverBooster!003004014071","firstVendorContactDate":"190114","firstAppEsteemReplyDate":"190114","firstResolvedDate":"190128","firstResolvedVersion":"6.2.1.263","resolved":"TRUE","lastKnownStatus":"Deceptor:6.1.0.138","lastKnownDate":"181214","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2019-01-28T09:01:23.077326+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2365},{"violations":{"ACR-043":"Third Party Apps were installed.\n","ACR-118":"Still some executables left after uninstall.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"afosetup.exe","isInstaller":"True","companyName":"Systweak Software                                           ","productName":" Advanced File Optimizer","productVersion":"2.1.1000.22102","fileVersion":"Advanced File Optimi","hashMD5":"f6cf18fd75df7e384a2ff971f66dc1d8","hashSHA1":"b04f7fbce2b0d14c5797e1d836fc3a5c2a986010","hashSHA256":"129a4907b355ea5c989b6a42858b34d1e1c24d1b55da82a4fa62d82d827de7f5","digitalCertThumbprint":"D04EC59BF70CCFFA7F86F1C92CB65354C2114E2E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Systweak Software, O=Systweak Software, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"2869","avBlockList":["Avast Internet Security (20190309)","AVG Internet Security (20190309)","Avira Internet Security (20190309)","Bitdefender Internet Security (20190309)","ESET Internet Security (20190309)","G DATA INTERNET SECURITY (20190309)","K7 Total Security (20190309)","Kaspersky Internet Security (20190309)","Malwarebytes Premium (20190309)","McAfee Total Protection (20190309)","Norton Security (20190309)","Panda Dome (20190309)","Sophos Home Premium (20190309)","VirIT eXplorer PRO (20190309)","Webroot SecureAnywhere (20190309)"],"avAllowList":["Trend Micro Internet Security (20190309)","Windows Defender (20190309)"]},{"isRevoked":"False","fileName":"AdvancedFileOptimizer.exe","isInstaller":"True","companyName":"Systweak","productName":"Advanced File Optimizer","productVersion":"2.1.1000.22102","fileVersion":" 2.1.1000.22102","hashMD5":"8527ee16e0d4380bb97df34945e8604d","hashSHA1":"09fbcd6bcf99f122e07da53da012ec7548de674c","hashSHA256":"e21492c716bfcafaae03028f63670bf00e26ab3be61513456a72721d42a1155d","digitalCertThumbprint":"D04EC59BF70CCFFA7F86F1C92CB65354C2114E2E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Systweak Software, O=Systweak Software, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"2869","avBlockList":["Avast Internet Security (20190309)","AVG Internet Security (20190309)","Avira Internet Security (20190309)","ESET Internet Security (20190309)","G DATA INTERNET SECURITY (20190309)","K7 Total Security (20190309)","Kaspersky Internet Security (20190309)","Malwarebytes Premium (20190309)","McAfee Total Protection (20190309)","Norton Security (20190309)","Panda Dome (20190309)","Sophos Home Premium (20190309)","VirIT eXplorer PRO (20190309)","Webroot SecureAnywhere (20190309)"],"avAllowList":["Bitdefender Internet Security (20190309)","Trend Micro Internet Security (20190309)","Windows Defender (20190309)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://advancedfileoptimizer.com/","directDownloadingLink":"http://cdn.k9tools.com/runcamps/afosetup.exe?of=afosetup.exe\t\t","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.k9tools.com/runcamps/afosetup.exe?of=afosetup.exe\t\t","sourceIndex":"2869"}],"sampleFiles":["181211/AdvancedFileOptimizer-181203/2.1.1000.22102/Samples/afosetup.exe","181211/AdvancedFileOptimizer-181203/2.1.1000.22102/Samples/AdvancedFileOptimizer.exe"],"imageFiles":["181211/AdvancedFileOptimizer-181203/2.1.1000.22102/Images/ACR-043/ARC 043.png","181211/AdvancedFileOptimizer-181203/2.1.1000.22102/Images/ACR-118/ACR 118'.png"],"nonDeceptorImageFiles":[],"guid":"95fcedf7-9ccf-4f74-a0fa-2551896ec643_2.1.1000.22102_1","appID":"AdvancedFileOptimizer-181203","dateAdded":"181211","deceptorType":"App","name":"Advanced File Optimizer","company":" Systweak Software","version":"2.1.1000.22102","sigName":"Deceptor:Win32/AdvancedFileOptimizer!043118","firstVendorContactDate":"190521","firstAppEsteemReplyDate":"190529","firstResolvedDate":"190826","firstResolvedVersion":"2.1.1000.27284","resolved":"TRUE","lastKnownStatus":"Deceptor:2.1.1000.22102","lastKnownDate":"181211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2019-08-26T22:04:00.9216126+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2368},{"violations":{"ACR-003":"App exaggerates system is under poor healthy status which is caused by invalid registry entries. Uses big reg banner of \"ATTENTION! XXX ERRORS were found\". to raise urgency for user to take action\n","ACR-014":"App misleads user that items under registry can cause high damage to system healthy. Using gradient color bar presents the not truthful result about the system \n"},"nonDeceptorViolations":{"ACR-065":"No EULA or Terms of Service shown on Landing Page.\nNo EULA or Terms of Service shown in software.\nNo EULA or Terms of Service shown during install.\n","ACR-099":"Uninstall information is not accessible, or shown.\nUninstall information is not shown.\n"},"samples":[{"isRevoked":"False","fileName":"Fast_Setup.exe","isInstaller":"True","companyName":"Fast PC                                                     ","productVersion":"1.0.0.20","fileVersion":"1.0.0.20","hashMD5":"99c5d88348e2216a74b5f7cb5b88b1c5","hashSHA1":"7b0939fc57cf57fa1d84b7c3a9c1b9d827c85c3e","hashSHA256":"3e791f415d828a66cc6e94b5d9f37ba781db9c29339d4960980df8ce0a25326c","digitalCertThumbprint":"57632D4D7DA6161287F66EE2E132B5ACCEAEB5FE","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Guru Technologies, O=Guru Technologies, STREET=\"2 Reddy Colony, Ramalingapuram\", L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"3498","avBlockList":["Avast Internet Security (20190309)","AVG Internet Security (20190309)","Avira Internet Security (20190309)","Bitdefender Internet Security (20190309)","ESET Internet Security (20190309)","G DATA INTERNET SECURITY (20190309)","K7 Total Security (20190309)","Kaspersky Internet Security (20190309)","Malwarebytes Premium (20190309)","McAfee Total Protection (20190309)","Norton Security (20190309)","Panda Dome (20190309)","Sophos Home Premium (20190309)","Trend Micro Internet Security (20190309)","VirIT eXplorer PRO (20190309)","Webroot SecureAnywhere (20190309)","Windows Defender (20190309)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Fast PC.exe","companyName":"Fast PC","productName":"Fast PC","productVersion":"1.0.0.20","fileVersion":"1.0.0.20","hashMD5":"96a03d35f7aa952319b4e799527a6ba0","hashSHA1":"0a4119fccbfc930789f69a0b757597572a619c44","hashSHA256":"46594356e1cb75576d7112fabf957022bb629fdd345344526c85f120a08d3c50","digitalCertThumbprint":"57632D4D7DA6161287F66EE2E132B5ACCEAEB5FE","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Guru Technologies, O=Guru Technologies, STREET=\"2 Reddy Colony, Ramalingapuram\", L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"3498","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Fast_Setup_2.1.exe","isInstaller":"True","companyName":"Fast PC                                                     ","productVersion":"1.0.0.20","fileVersion":"1.0.0.21","hashMD5":"b7991977bf2491598fdea33b0c8f86a6","hashSHA1":"ec0874c04a833f5e7feb3e3e97a993adcfe15e17","hashSHA256":"789934f92b06b77a439071d783da2b286ce555fce2037a15b6ee192b03731b14","digitalCertThumbprint":"57632D4D7DA6161287F66EE2E132B5ACCEAEB5FE","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Guru Technologies, O=Guru Technologies, STREET=\"2 Reddy Colony, Ramalingapuram\", L=Chennai, S=Tamilnadu, PostalCode=600012, C=IN","sourceIndex":"3498","avBlockList":["Avast Internet Security (20190309)","AVG Internet Security (20190309)","Avira Internet Security (20190309)","ESET Internet Security (20190309)","G DATA INTERNET SECURITY (20190309)","K7 Total Security (20190309)","Kaspersky Internet Security (20190309)","Malwarebytes Premium (20190309)","McAfee Total Protection (20190309)","Norton Security (20190309)","Panda Dome (20190309)","Sophos Home Premium (20190309)","Trend Micro Internet Security (20190309)","VirIT eXplorer PRO (20190309)","Webroot SecureAnywhere (20190309)","Windows Defender (20190309)"],"avAllowList":["Bitdefender Internet Security (20190309)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"","landingPage":"https://www.pc-fix-cleaner.com/","directDownloadingLink":"http://www.pc-fix-cleaner.com/en/download.aspx","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pc-fix-cleaner.com/en/download.aspx","sourceIndex":"3498"}],"sampleFiles":["181211/PcFixCleaner-181126/1.0.0.21/Samples/Fast_Setup.exe","181211/PcFixCleaner-181126/1.0.0.21/Samples/Fast PC.exe","181211/PcFixCleaner-181126/1.0.0.21/Samples/Fast_Setup_2.1.exe"],"imageFiles":["181211/PcFixCleaner-181126/1.0.0.21/Images/ACR-014/ACR_003.PNG","181211/PcFixCleaner-181126/1.0.0.21/Images/ACR-003/PCFixCleaner Error exaggerations.PNG","181211/PcFixCleaner-181126/1.0.0.21/Images/ACR-003/ACR_003.PNG"],"nonDeceptorImageFiles":["181211/PcFixCleaner-181126/1.0.0.21/Images/ACR-099/Settings Page.PNG","181211/PcFixCleaner-181126/1.0.0.21/Images/ACR-099/Landing Page.PNG","181211/PcFixCleaner-181126/1.0.0.21/Images/ACR-065/Landing Page.PNG","181211/PcFixCleaner-181126/1.0.0.21/Images/ACR-065/Install Page.PNG","181211/PcFixCleaner-181126/1.0.0.21/Images/ACR-065/Settings Page.PNG"],"guid":"cfe57a95-3f66-4ca0-a9fe-afd284c10343_1.0.0.21_1","appID":"PcFixCleaner-181126","dateAdded":"181211","deceptorType":"App","name":"Fast PC","company":"Fast PC","version":"1.0.0.21","sigName":"Deceptor:Win32/FastPC!003014","lastKnownStatus":"Deceptor:1.0.0.21","lastKnownDate":"181211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-12-11T19:40:56.100552+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2367},{"violations":{"ACR-003":"The application exaggerates junk files, registry items and privacy items as being errors, thereby misleading or scaring user to take action.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe application has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"?Dezillion LLC\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"jsoptimizer.exe","isInstaller":"True","companyName":"Jupiter Support                                             ","productName":"Jupiter Support Optimizer","productVersion":"1.0","fileVersion":"","hashMD5":"63d3d281e5daa6816f9fa1af391b8bbf","hashSHA1":"920f0fffd751c3d9d375cdfff41c216904248d7b","hashSHA256":"32490e301b6fb63db06421f36b5c67cdbe9f9003b813493a457eafd9e8d9d40e","digitalCertThumbprint":"1B9011DFC015873A185D48626D8FDED03C4FDDB3","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=​Dezillion LLC, O=​Dezillion LLC, STREET=\"​7150 E. Camelback Rd. Suite 444,\", L=Scottsdale, S=AZ, PostalCode=85251, C=US","sourceIndex":"3501","avBlockList":["Avast Internet Security (20190302)","AVG Internet Security (20190302)","Avira Internet Security (20190302)","ESET Internet Security (20190302)","G DATA INTERNET SECURITY (20190302)","K7 Total Security (20190302)","Kaspersky Internet Security (20190302)","Malwarebytes Premium (20190302)","McAfee Total Protection (20190302)","Norton Security (20190302)","Panda Dome (20190302)","Sophos Home Premium (20190302)","Trend Micro Internet Security (20190302)","VirIT eXplorer PRO (20190302)","Webroot SecureAnywhere (20190302)","Windows Defender (20190302)"],"avAllowList":["Bitdefender Internet Security (20190302)"]},{"isRevoked":"False","fileName":"Optimizer.exe","companyName":"Jupiter Support","productName":"Optimizer","productVersion":"1.0.4.2","fileVersion":"1.0.4.2","hashMD5":"2b3f7b114cb1e3eac2c0656ab77f0125","hashSHA1":"d8fde846121b73eb93d07d7318bbbe22de9b82ca","hashSHA256":"06cd9526a4f4c2550aaf34d2bbe948e956b1e38b353c0b84d623fd98b5cb9afe","digitalCertThumbprint":"1B9011DFC015873A185D48626D8FDED03C4FDDB3","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=​Dezillion LLC, O=​Dezillion LLC, STREET=\"​7150 E. Camelback Rd. Suite 444,\", L=Scottsdale, S=AZ, PostalCode=85251, C=US","sourceIndex":"3501","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com(fix my computer errors free)","landingPage":"http://www.jupitersupport.com/optimizer/","directDownloadingLink":"http://www.jupitersupport.com/optimizer/jsoptimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.jupitersupport.com/optimizer/jsoptimizer.exe","sourceIndex":"3501"}],"sampleFiles":["181206/JupiterSupportOptimizer-180427/1.042/Samples/jsoptimizer.exe","181206/JupiterSupportOptimizer-180427/1.042/Samples/Optimizer.exe"],"imageFiles":["181206/JupiterSupportOptimizer-180427/1.042/Images/ACR-003/ACR_003_SOFTWARE.PNG","181206/JupiterSupportOptimizer-180427/1.042/Images/ACR-168/ACR_168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["181206/JupiterSupportOptimizer-180427/1.042/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","181206/JupiterSupportOptimizer-180427/1.042/Images/ACR-161/ACR_161_SOFTWARE.PNG","181206/JupiterSupportOptimizer-180427/1.042/Images/ACR-092/ACR_092_SOFTWARE.PNG","181206/JupiterSupportOptimizer-180427/1.042/Images/ACR-099/ACR_099_SOFTWARE.PNG","181206/JupiterSupportOptimizer-180427/1.042/Images/ACR-099/ACR_099_LANDING_PAGE.PNG"],"guid":"728d7e48-65f8-4a99-874b-cd1286d4a032_1.042_1","appID":"JupiterSupportOptimizer-180427","dateAdded":"181206","deceptorType":"App","name":"Jupiter Support Optimizer","company":"JupiterSupport LLC.","version":"1.042","sigName":"Deceptor:Win32/JupiterSupportOptimizer!003168","lastKnownStatus":"Deceptor:1.042","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2371},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable the application from running at user log on from the software setings.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n","ACR-014":"App implies that the registry items damage level could be\"medium or high\", which is misleading.\n"},"nonDeceptorViolations":{"ACR-065":"There are no valid links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SystAid Inc\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n The application's landing page has no links or information that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"reg_shiner.exe","isInstaller":"True","companyName":"Systaid                                                     ","productName":"Reg Shiner","productVersion":"2.0","fileVersion":"0.0","hashMD5":"5b8e01aec499bde4f69123d62276f678","hashSHA1":"b7a0d44fee0dfb19e135cdfbcaaf2d206f6489b1","hashSHA256":"14074caa02fb7732b0e367d744de6bdd0c5662e71e6e3d2ddbe70605f758b7f3","digitalCertThumbprint":"215B4983D744943949F506FCAC9AD04EF00F5ADE","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SystAid Inc., O=SystAid Inc., L=Hillsboro, S=Oregon, C=US","sourceIndex":"3500","avBlockList":["Avast Internet Security (20190302)","AVG Internet Security (20190302)","Avira Internet Security (20190302)","Bitdefender Internet Security (20190302)","ESET Internet Security (20190302)","G DATA INTERNET SECURITY (20190302)","K7 Total Security (20190302)","Kaspersky Internet Security (20190302)","Malwarebytes Premium (20190302)","McAfee Total Protection (20190302)","Norton Security (20190302)","Panda Dome (20190302)","Sophos Home Premium (20190302)","Trend Micro Internet Security (20190302)","VirIT eXplorer PRO (20190302)","Webroot SecureAnywhere (20190302)","Windows Defender (20190302)"],"avAllowList":[]},{"isRevoked":"False","fileName":"RegProCleaner.exe","companyName":"n/a","productName":"RegProCleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a7b230618bff5b1dddc857b21c37cb09","hashSHA1":"720071c9182582491827fe8eec74e13848f66cc7","hashSHA256":"008992c70171d7b7ba0ac4984854798593c9efe8f50f0c222f974420a727d18f","digitalCertThumbprint":"215B4983D744943949F506FCAC9AD04EF00F5ADE","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=SystAid Inc., O=SystAid Inc., L=Hillsboro, S=Oregon, C=US","sourceIndex":"3500","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://pcmatico.com/read_more_reg_shiner.aspx","directDownloadingLink":"https://pcmatico.com/software/reg_shiner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pcmatico.com/software/reg_shiner.exe","sourceIndex":"3500"}],"sampleFiles":["181206/RegShiner-181128/2.0/Samples/reg_shiner.exe","181206/RegShiner-181128/2.0/Samples/RegProCleaner.exe"],"imageFiles":["181206/RegShiner-181128/2.0/Images/ACR-014/ACR-014_software.JPG","181206/RegShiner-181128/2.0/Images/ACR-014/ACR-014_software1.JPG","181206/RegShiner-181128/2.0/Images/ACR-084/ACR-084_software.JPG","181206/RegShiner-181128/2.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["181206/RegShiner-181128/2.0/Images/ACR-065/ACR-065_install.JPG","181206/RegShiner-181128/2.0/Images/ACR-065/ACR-065_software.JPG","181206/RegShiner-181128/2.0/Images/ACR-163/ACR-163_software.JPG","181206/RegShiner-181128/2.0/Images/ACR-163/ACR-163_landingpage.JPG","181206/RegShiner-181128/2.0/Images/ACR-088/ACR-088_software.JPG","181206/RegShiner-181128/2.0/Images/ACR-092/ACR-092_software.JPG","181206/RegShiner-181128/2.0/Images/ACR-160/ACR-160_software.JPG","181206/RegShiner-181128/2.0/Images/ACR-099/ACR-099_software.JPG","181206/RegShiner-181128/2.0/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"ad46d590-d503-46b3-ba88-528e082f9c25_2.0_1","appID":"RegShiner-181128","dateAdded":"181206","deceptorType":"App","name":"RegShiner","company":"Pc Matico","version":"2.0","sigName":"Deceptor:Win32/RegShiner!014084168","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"181206","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2018-12-06T03:23:19.6691601+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2370},{"violations":{"ACR-048":"The close button(top right corner X) on the app does nothing.\n","ACR-003":"The application exaggerates registry related items as being errors and of medium and high priority level, thereby misleading or scaring user to take action.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"App implies that the priority level for system temp and registry related items could be\"moderate or high\", which is misleading.\n"},"nonDeceptorViolations":{"ACR-065":"There are no valid links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"system_care_pro.exe","isInstaller":"True","companyName":"pcmatico                                                    ","productName":"System Care Pro","productVersion":"2.0","fileVersion":"0.0","hashMD5":"3609c5d836b879db4575e38d4f7da41c","hashSHA1":"73f8eb06ae702cab1d39233df17960da95642879","hashSHA256":"16620906a3fc4e3088f761a1e4ce39bc618099dee84c70f03a126957845596f7","sourceIndex":"3499","avBlockList":["Avast Internet Security (20190302)","AVG Internet Security (20190302)","Avira Internet Security (20190302)","ESET Internet Security (20190302)","G DATA INTERNET SECURITY (20190302)","K7 Total Security (20190302)","Kaspersky Internet Security (20190302)","Malwarebytes Premium (20190302)","McAfee Total Protection (20190302)","Norton Security (20190302)","Panda Dome (20190302)","Sophos Home Premium (20190302)","Trend Micro Internet Security (20190302)","VirIT eXplorer PRO (20190302)","Webroot SecureAnywhere (20190302)","Windows Defender (20190302)"],"avAllowList":["Bitdefender Internet Security (20190302)"]},{"isRevoked":"False","fileName":"PC Optimizer.exe","companyName":"n/a","productName":"PC Optimizer","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"8e39c1b530c9ae779e473a76fd4b1b50","hashSHA1":"2d774c7126f1c40db07baa3866382d7dec53b384","hashSHA256":"612c226d389705cecb1a749cd65c4966d16d9756656f4efe0afd589af7badbe3","sourceIndex":"3499","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://pcmatico.com/read_more_system_care_pro.aspx","directDownloadingLink":"https://pcmatico.com/software/system_care_pro.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pcmatico.com/software/system_care_pro.exe","sourceIndex":"3499"}],"sampleFiles":["181206/SystemCarePro-181127/2.0/Samples/system_care_pro.exe","181206/SystemCarePro-181127/2.0/Samples/PC Optimizer.exe"],"imageFiles":["181206/SystemCarePro-181127/2.0/Images/ACR-048/ACR-048_software.mp4","181206/SystemCarePro-181127/2.0/Images/ACR-003/ACR-003_software.JPG","181206/SystemCarePro-181127/2.0/Images/ACR-014/ACR-014_software.JPG","181206/SystemCarePro-181127/2.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["181206/SystemCarePro-181127/2.0/Images/ACR-065/ACR-065_install.JPG","181206/SystemCarePro-181127/2.0/Images/ACR-065/ACR-065_software.JPG","181206/SystemCarePro-181127/2.0/Images/ACR-163/ACR-163_software.JPG","181206/SystemCarePro-181127/2.0/Images/ACR-163/ACR-163_landingpage.JPG","181206/SystemCarePro-181127/2.0/Images/ACR-160/ACR-160_software.JPG","181206/SystemCarePro-181127/2.0/Images/ACR-099/ACR-099_software.JPG","181206/SystemCarePro-181127/2.0/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"cfaaa4b3-194d-4bd3-aaf1-eff8185a55c1_2.0_1","appID":"SystemCarePro-181127","dateAdded":"181206","deceptorType":"App","name":"SystemCarePro","company":"Pc Matico","version":"2.0","sigName":"Deceptor:Win32/SystemCarePro!003014048168","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2369},{"violations":{"ACR-003":"App makes exaggerated claims about the system's health (displaying the status as \"Your PC is Dangerous\", \"Your computer us not fully protected\", \"WARNING!\" all in yellow colors); , thereby misleading or scaring the user to take action.\n"},"nonDeceptorViolations":{"ACR-045":"\"FREE DOWNLOAD\" highlights \"free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove the \"free\" word. \n\"FREE\" highlights \"free\" misleads user. The functionality that requires consumer payment in order to be activated needs to be marked clearly in landing page. Otherwise app should remove the \"free\" word. \n","ACR-065":" There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy \n\n","ACR-161":" The application's landing page displays testimonials that are not specific to the app and does not provide any links back to a source so they can be verified. \n\n","ACR-099":" The application has no link or information that shows how it can be uninstalled.\n\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement tied to different company, but when clicked some shows error pages, different site that is not related to the product or company, redirects back to the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\Anvisoft\\Anvi Smart Defender\\InstallDriver.exe","companyName":"Anvisoft","productName":"Anvisoft Driver Installer","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2b38fc565897b3d49ebfba75dd76c96e","hashSHA1":"d9b71a70e96e79b6ff8879783c192bc8970cd66c","hashSHA256":"61b3ef004ab4789a7caf99f11941732ac08f123737bd4eb79b174b4e9c64bd51","digitalCertThumbprint":"3A79A413B0AE06757C81CBFD2B4204E12E98CBCF","sourceIndex":"3196","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"asdsetup.exe","isInstaller":"True","companyName":"Anvisoft","productName":"Anvi Smart Defender 2","productVersion":"2.5.0.0","fileVersion":"2.5.0.0","hashMD5":"b9f7b4aad8424cfa896eb7a5946b2f8d","hashSHA1":"4e60b963c87957fceee63f0cf1b16a24112ed78a","hashSHA256":"0ffffab8a28245a55d63a249ff09c39d344eeeddc3a959f90ebf42dd37cd01dc","digitalCertThumbprint":"3A79A413B0AE06757C81CBFD2B4204E12E98CBCF","sourceIndex":"3196","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.anvisoft.com/","directDownloadingLink":"https://files.downloadnow.com/s/software/14/47/22/88/asdsetup.exe?token=1544084308_9c8d37dc2de0150a05e66f1a0ded53be&amp;fileName=asdsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.downloadnow.com/s/software/14/47/22/88/asdsetup.exe?token=1544084308_9c8d37dc2de0150a05e66f1a0ded53be&amp;fileName=asdsetup.exe","sourceIndex":"3196"}],"sampleFiles":[],"imageFiles":["181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-003/danger1.jpg","181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-003/danger2.jpg","181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-003/danger3.jpg"],"nonDeceptorImageFiles":["181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-065/no_eula.jpg","181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-161/reviews_awards.jpg","181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-099/danger1.jpg","181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-017/awards.jpg","181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-045/free_download1.jpg","181206/AnviSmartDefender2-181205/2.5.0.0/Images/ACR-045/free2.jpg"],"guid":"74750ba3-b70c-4898-9fce-5293126e5766_2.5.0.0_1","appID":"AnviSmartDefender2-181205","dateAdded":"181206","deceptorType":"App","name":"Anvi Smart Defender PRO","company":"Anvisoft","version":"2.5.0.0","sigName":"Deceptor:Win32/AnviSmartDefenderPro!003","lastKnownStatus":"Deceptor:2.5.0.0","lastKnownDate":"190213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,display ads","lastUpdate":"2019-02-14T00:14:41.8869958+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2372},{"violations":{"CCR-022":"Call received on 11/26/2018 at 4:00pm EST stating that my computer is sending out error message from Microsoft and I need to get these issues addressed right away.\n\nViolation 1:  Agent opened up msconfig and explained that the stopped services were causing issues within my computer and must be fixed. [Self Diagnosis Violation]\n\nViolation 2:  Agent opened Command Prompt and ran Netstat.  Agent then said that these were active connections to my computer from outside my computer and must also be addressed.  [Self Diagnosis Violation]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.callcenter","reference":"Received phone call from V Support","landingPage":"http://vsupportllc.co/","ipv4":"","ipv6":"","landingPageWildChar":"http://vsupportllc.co/*","sourceIndex":"3505"}],"sampleFiles":[],"imageFiles":["181126/VSupport-181126/181126/Images/CCR-022/A.JPG","181126/VSupport-181126/181126/Images/CCR-022/B.JPG"],"nonDeceptorImageFiles":[],"guid":"b87b967d-a8c8-4081-96af-a3ab2611a62e_181126_1","appID":"VSupport-181126","dateAdded":"181126","deceptorType":"Call Center","name":"vsupportllc.co","company":"V Support LLC","version":"181126","sigName":"Deceptor:CallCenter/VSupportLLC!022","lastKnownStatus":"Deceptor:181126","lastKnownDate":"181126","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","lastUpdate":"2018-11-27T04:31:30.3571243+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2373},{"violations":{"ACR-047":"After app install and on every subsequent software start, bundler prompts user with \"Important!\" message to use a \"new version to avoid malfunctions\". This installs the same version of the app, and re-runs the install and the offers that the consumer has previously declined.\n","ACR-048":"There is a \"cancel install\" button that when pressed prompts to be sure, but the installation continues regardless.\n","ACR-075":"Cancelling the installation leaves the carrier and the offers installed.\n","ACR-053":"No skip all option is provided on the multiple offers.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"Makes offers that masquerade as EULAs for the carrier.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"PCTuneUpRegistryCleaner.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.                                              ","productName":"PCTuneUp Registry Cleaner","fileVersion":"","hashMD5":"dbe7dcfce896818bf319e98526857f63","hashSHA1":"39ed08c761cbe3ac02e719f2c03c869f7a3ad92a","hashSHA256":"c2311b3c6e6acac82815172ac0277759c7f396ab64ca61282865635592fc3ae4","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"3506","avBlockList":["Avast Internet Security (20190121)","AVG Internet Security (20190121)","Avira Internet Security (20190121)","Bitdefender Internet Security (20190121)","ESET Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","K7 Total Security (20190121)","Kaspersky Internet Security (20190121)","Malwarebytes Premium (20190121)","McAfee Total Protection (20190121)","Norton Security (20190121)","Panda Dome (20190121)","Sophos Home Premium (20190121)","VirIT eXplorer PRO (20190121)","Webroot SecureAnywhere (20190121)"],"avAllowList":["Trend Micro Internet Security (20190121)","Windows Defender (20190121)"]},{"isRevoked":"False","fileName":"PCTuneUpRegistryCleaner_installed_version.exe","companyName":"n/a","productName":"n/a","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"eeada9fed626f095b50cf119d89dae5f","hashSHA1":"44e26ea8f0ccdbb91d8c8502b18113871583cc45","hashSHA256":"4867b0e428a80674504d43513f008171ef774aec632846f0fa5ab3f882262890","digitalCertThumbprint":"58FF66B7503CCDF37B2B276045AF1A8A84963DC9","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=TechEvolve GMBH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TechEvolve GMBH, L=Beijing, S=Beijing, C=CN","sourceIndex":"3506","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: pc registry fix)","landingPage":"http://www.pctuneupsuite.com/freeregistrycleaner/index.php","directDownloadingLink":"http://www.pctuneupsuite.com/PCTuneUpRegistryCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pctuneupsuite.com/PCTuneUpRegistryCleaner.exe","sourceIndex":"3506"}],"sampleFiles":["181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Samples/PCTuneUpRegistryCleaner.exe","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Samples/PCTuneUpRegistryCleaner_installed_version.exe"],"imageFiles":["181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-053/ACR_053_INSTALL.mp4","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-039/ACR_039_INSTALL.PNG","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-047/ACR_047_INSTALL.mp4","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-048/ACR_048_INSTALL.mp4","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-059/ACR_059_BUNDLER_MADE_OFFERS_SCREENSHOT_1.PNG","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-059/ACR_059_BUNDLER_MADE_OFFERS_SCREENSHOT_2.PNG","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-075/ACR_075_BUNDLER_MADE_OFFERS.mp4"],"nonDeceptorImageFiles":["181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-065/ACR_065_INSTALL.PNG","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-065/ACR_065_SOFTWARE.PNG","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-099/ACR_099_SOFTWARE.PNG","181124/PCTuneUp0RegistryCleaner-181121/8.8.1/Images/ACR-099/ACR_099_LANDING_PAGE.PNG"],"guid":"22827a81-1cf0-4e79-b626-76759b34b7f6_8.8.1_1","appID":"PCTuneUp0RegistryCleaner-181121","dateAdded":"181124","deceptorType":"Bundler","name":"PCTuneUp Registry Cleaner Bundler","company":"RuiQing Software Technology Beijing Inc","version":"8.8.1","sigName":"Deceptor:Win32/PCTuneupRegistryCleanerBundler!039047048053059075","lastKnownStatus":"Deceptor:8.8.1","lastKnownDate":"181124","type":"Windows Executable","category":"Bundlers & Downloaders, SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-11-24T15:22:07.5824301+00:00","notDistributed":false,"familyName":"ruiqing-bundler-ruich","numInFamily":5,"numInAppID":1,"sortOrder":1852},{"violations":{"ACR-003":"App makes exaggerated claims about the system's health (displaying the status as \"DANGER\"; reporting junk files and cache files with cleaning urgency above \"Low\"), thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n","ACR-014":"App implies that the cleaning Urgency level could be\"moderate or high\", which is misleading.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"thepcoptimizer.exe","isInstaller":"True","companyName":"The PC Optimizer","productName":"The PC Optimizer","productVersion":"2.6.5","fileVersion":"2.6.5","hashMD5":"09b22748ce22a412c172a8ddd2c05725","hashSHA1":"228a7f7ec916b36e023a94961ee7ca4b3f9875e2","hashSHA256":"ef427f61be4a4d3c498bef1052bd5745ffb4acb3979386e59b71730a8acb4d5c","digitalCertThumbprint":"546B96AAEE287E9EF4756C3AAD061CF6664792F3","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Adeeba E Services Private Limited, OU=Software & Support, O=Adeeba E Services Private Limited, L=Kolkata, S=West Bengal, C=IN","sourceIndex":"3218","avBlockList":["Avast Internet Security (20190117)","AVG Internet Security (20190117)","Avira Internet Security (20190117)","ESET Internet Security (20190117)","G DATA INTERNET SECURITY (20190117)","K7 Total Security (20190117)","Kaspersky Internet Security (20190117)","Malwarebytes Premium (20190117)","McAfee Total Protection (20190117)","Norton Security (20190117)","Panda Dome (20190117)","Trend Micro Internet Security (20190117)","VirIT eXplorer PRO (20190117)","Webroot SecureAnywhere (20190117)"],"avAllowList":["Bitdefender Internet Security (20190117)","Sophos Home Premium (20190117)","Windows Defender (20190117)"]},{"isRevoked":"False","fileName":"ThePCOptimizer_installed_version.exe","companyName":"The PC Optimizer","productName":"The PC Optimizer","productVersion":"2.6.5.0","fileVersion":"2.6.5.0","hashMD5":"97df8c29e6b4f319696b7b9b9d4aa80d","hashSHA1":"a242817516ab98752a5247e5cb805265644c6bce","hashSHA256":"f999632d1ad1cb53e7955aaa1ffed5fe5c50debb3686ed6707f13e98fa5762cb","digitalCertThumbprint":"546B96AAEE287E9EF4756C3AAD061CF6664792F3","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Adeeba E Services Private Limited, OU=Software & Support, O=Adeeba E Services Private Limited, L=Kolkata, S=West Bengal, C=IN","sourceIndex":"3218","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (fix my computer errors free)","landingPage":"https://www.thepcoptimizer.com/","directDownloadingLink":"https://www.thepcoptimizer.com/software/thepcoptimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"3218"}],"sampleFiles":["181121/ThePCOptimizer-180427/2.6.5/Samples/thepcoptimizer.exe","181121/ThePCOptimizer-180427/2.6.5/Samples/ThePCOptimizer_installed_version.exe"],"imageFiles":["181121/ThePCOptimizer-180427/2.6.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-014/ACR_014_SOFTWARE_SCREENSHOT_1.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-014/ACR_014_SOFTWARE_SCREENSHOT_2.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-014/ACR_014_SOFTWARE_SCREENSHOT_3.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_1.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_2.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-168/ACR_168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["181121/ThePCOptimizer-180427/2.6.5/Images/ACR-065/ACR_065_INSTALL.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-065/ACR_065_SOFTWARE.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-163/ACR_163_SOFTWARE.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-088/ACR_088_SOFTWARE.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-160/ACR_160_SOFTWARE.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-099/ACR_099_SOFTWARE.PNG","181121/ThePCOptimizer-180427/2.6.5/Images/ACR-168/ACR_168_LANDING_PAGE.PNG"],"guid":"c30bfe12-0132-4c33-a252-bee00fb400bc_2.6.5_1","appID":"ThePCOptimizer-180427","dateAdded":"181121","deceptorType":"App","name":"The PC Optimizer","company":"Adeeba E-Services Private Limited","version":"2.6.5","sigName":"Deceptor:Win32/ThePCOptimizer!003014084168","lastKnownStatus":"Deceptor:2.6.5","lastKnownDate":"190130","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-31T02:04:37.4831051+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2374},{"violations":{"ACR-043":"App doesn't disclose that it will install/use ShieldApps' AV engine.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created multiple scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Nanosoft consultancy\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"TechefixSetup.exe","isInstaller":"True","companyName":"Techefix","productName":"Techefix","productVersion":"3.6.6","fileVersion":"3.6.6","hashMD5":"c495dba015b57c191d4bb09fd821fc00","hashSHA1":"f73bb1ea147307084e0f3b0ce2819d8f2cd1882b","hashSHA256":"0ac99ee18378c5b67a6d379b7dbac8dcce64749840640202f5db226a3249eb60","digitalCertThumbprint":"E4AF3425EEFDD164503F5FB7D902382655AD7BB6","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Nanosoft Consultancy, O=Nanosoft Consultancy, STREET=16 B Fern Road, STREET=Kolkata, L=Kolkata, S=West Bengal, PostalCode=700019, C=IN","sourceIndex":"3019","avBlockList":["Avast Internet Security (20190117)","AVG Internet Security (20190117)","Avira Internet Security (20190117)","ESET Internet Security (20190117)","G DATA INTERNET SECURITY (20190117)","K7 Total Security (20190117)","Malwarebytes Premium (20190117)","McAfee Total Protection (20190117)","Norton Security (20190117)","Panda Dome (20190117)","Sophos Home Premium (20190117)","Trend Micro Internet Security (20190117)","VirIT eXplorer PRO (20190117)","Webroot SecureAnywhere (20190117)","Windows Defender (20190117)"],"avAllowList":["Bitdefender Internet Security (20190117)","Kaspersky Internet Security (20190117)"]},{"isRevoked":"False","fileName":"Techefix.exe","companyName":"Techefix","productName":"Techefix","productVersion":"3.6.6.0","fileVersion":"3.6.6.0","hashMD5":"1030cb6f2a0b218613310b1bc1c9ddd5","hashSHA1":"d63d93afbbb3bd43d87ffd98c3e198920e17544b","hashSHA256":"d93d599631157f621ca88748699edc606f31b9b93962c5478f73ff1e7b80ab02","digitalCertThumbprint":"E4AF3425EEFDD164503F5FB7D902382655AD7BB6","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Nanosoft Consultancy, O=Nanosoft Consultancy, STREET=16 B Fern Road, STREET=Kolkata, L=Kolkata, S=West Bengal, PostalCode=700019, C=IN","sourceIndex":"3019","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"malware cleaner\"","landingPage":"http://arinfosoft.com/products.php","directDownloadingLink":"https://s3.amazonaws.com/partnertemporary/Techefix/TechefixSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/partnertemporary/Techefix/TechefixSetup.exe","sourceIndex":"3019"}],"sampleFiles":["181121/TecheFixSmartSecurity-181119/3.6.6/Samples/TechefixSetup.exe","181121/TecheFixSmartSecurity-181119/3.6.6/Samples/Techefix.exe"],"imageFiles":["181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-043/ACR-043_install.JPG","181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-084/ACR-084_software.JPG","181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-065/ACR-065_install.JPG","181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-065/ACR-065_software.JPG","181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-163/ACR-163_software.JPG","181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-092/ACR-092_software.JPG","181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-160/ACR-160_software.JPG","181121/TecheFixSmartSecurity-181119/3.6.6/Images/ACR-099/ACR-099_software.JPG"],"guid":"d83979a1-594f-48e1-87f4-639bffec71a4_3.6.6_1","appID":"TecheFixSmartSecurity-181119","dateAdded":"181121","deceptorType":"App","name":"Techefix","company":"Techefix","version":"3.6.6","sigName":"Deceptor:Win32/Techefix:043084168","lastKnownStatus":"Deceptor:3.6.6","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:10:00.9285782+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2375},{"violations":{"ACR-043":"App doesn't disclose that it will install/use ShieldApps' AV engine.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses A1 technical support which is not certified.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"EssentialAnti-VirusSetup.exe","isInstaller":"True","companyName":"Essential Anti-Virus","productName":"Essential Anti-Virus","productVersion":"3.5.1","fileVersion":"3.5.1.0","hashMD5":"08c98b7eeb0fd87fbb794d07dca62761","hashSHA1":"ddbb4e8db3c6533b909d2d4640c684c7f03b4a79","hashSHA256":"89387d40368eb3d8e35ddb2cb4895c17a3eb656fedb42510a6c629aa51c39910","digitalCertThumbprint":"C8CDF5F6AF10D8B25AAD30AB2B9C069E4806D28F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Essential Software, LLC\", O=\"Essential Software, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"3507","avBlockList":["Avast Internet Security (20190117)","AVG Internet Security (20190117)","Avira Internet Security (20190117)","ESET Internet Security (20190117)","G DATA INTERNET SECURITY (20190117)","K7 Total Security (20190117)","Malwarebytes Premium (20190117)","McAfee Total Protection (20190117)","Norton Security (20190117)","Panda Dome (20190117)","Sophos Home Premium (20190117)","Trend Micro Internet Security (20190117)","VirIT eXplorer PRO (20190117)","Webroot SecureAnywhere (20190117)","Windows Defender (20190117)"],"avAllowList":["Bitdefender Internet Security (20190117)","Kaspersky Internet Security (20190117)"]},{"isRevoked":"False","fileName":"EssentialAnti-Virus.exe","companyName":"Essential Anti-Virus","productName":"Essential Anti-Virus","productVersion":"3.5.1.0","fileVersion":"3.5.1.0","hashMD5":"079430b8a769d0342b9d8582ceb2a38d","hashSHA1":"5e74c89875ea7a669c847ef828ef9efa759b32dc","hashSHA256":"3d54b553c7c4c045854dad497d9b8ee8a7caf1c5d639f7ab2facb45f7b5f442a","digitalCertThumbprint":"C8CDF5F6AF10D8B25AAD30AB2B9C069E4806D28F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Essential Software, LLC\", O=\"Essential Software, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"3507","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: pc registry fix)","landingPage":"http://essential-software.com/anti-virus/","directDownloadingLink":"https://s3.amazonaws.com/secure-eav/EssentialAnti-VirusSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/secure-eav/EssentialAnti-VirusSetup.exe","sourceIndex":"3507"}],"sampleFiles":["181120/EssentialAnti-Virus-181120/3.5.1/Samples/EssentialAnti-VirusSetup.exe","181120/EssentialAnti-Virus-181120/3.5.1/Samples/EssentialAnti-Virus.exe"],"imageFiles":["181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-043/ACR_043_INSTALL.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_1.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_2.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-168/ACR_168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-065/ACR_065_INSTALL.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-065/ACR_065_SOFTWARE.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-168/ACR_168_LANDING_PAGE.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-099/ACR_099_SOFTWARE.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","181120/EssentialAnti-Virus-181120/3.5.1/Images/ACR-160/ACR_160_SOFTWARE.PNG"],"guid":"e35d6670-2b9a-4c71-b056-bddf57080aac_3.5.1_1","appID":"EssentialAnti-Virus-181120","dateAdded":"181120","deceptorType":"App","name":"Essential Anti-Virus","company":"Essential Software, LLC","version":"3.5.1","sigName":"Deceptor:Win32/EssentialAntiVirus!043084168","lastKnownStatus":"Deceptor:351","lastKnownDate":"181120","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-11-20T21:30:00.735408+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2376},{"violations":{"ACR-043":"App doesn't disclose that it will install/use ShieldApps' AV engine\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n"},"samples":[{"isRevoked":"False","fileName":"TechnoSysProSetup.exe","isInstaller":"True","companyName":"TechnoSys Pro","productName":"TechnoSys Pro","productVersion":"3.5.5","fileVersion":"3.5.5.0","hashMD5":"767954f1f7f3ed1954103313f585467f","hashSHA1":"b1817d8ff9960017323d37000fe7d17be1a12b9d","hashSHA256":"3ae0133d1a15f3f23a688f21e85e190cf3a129567a11bcd20a853099934e3555","digitalCertThumbprint":"865924541EBEB127748D1297D7EE3F6CFCB5CB52","digitalCertIssuer":"CN=SSL.com Object CA, OU=www.ssl.com, O=SSL.com, C=US","digitalCertIssuedTo":"CN=\"Technosys (Ajrawat, Gurpreet)\", O=\"Technosys (Ajrawat, Gurpreet)\", STREET=1262 South Rowan Ave Apt 1, L=Los Angeles, S=California, PostalCode=90023, C=US","sourceIndex":"3508","avBlockList":["Avast Internet Security (20190114)","AVG Internet Security (20190114)","Avira Internet Security (20190114)","ESET Internet Security (20190114)","G DATA INTERNET SECURITY (20190114)","K7 Total Security (20190114)","Malwarebytes Premium (20190114)","McAfee Total Protection (20190114)","Norton Security (20190114)","Panda Dome (20190114)","Sophos Home Premium (20190114)","Trend Micro Internet Security (20190114)","VirIT eXplorer PRO (20190114)","Webroot SecureAnywhere (20190114)","Windows Defender (20190114)"],"avAllowList":["Bitdefender Internet Security (20190114)","Kaspersky Internet Security (20190114)"]},{"isRevoked":"False","fileName":"TechnoSysPro.exe","companyName":"TechnoSys Pro","productName":"TechnoSys Pro","productVersion":"3.5.5.0","fileVersion":"3.5.5.0","hashMD5":"3878042b2d9c292fbf3551f9dc1507f5","hashSHA1":"3fece71f82efc5377158fcbd08bbcbb5eff5f447","hashSHA256":"0d7a72a44b381ef31102e8ba80f9ee13b5668ef7eea37df048f0688a3e0fc41a","digitalCertThumbprint":"865924541EBEB127748D1297D7EE3F6CFCB5CB52","digitalCertIssuer":"CN=SSL.com Object CA, OU=www.ssl.com, O=SSL.com, C=US","digitalCertIssuedTo":"CN=\"Technosys (Ajrawat, Gurpreet)\", O=\"Technosys (Ajrawat, Gurpreet)\", STREET=1262 South Rowan Ave Apt 1, L=Los Angeles, S=California, PostalCode=90023, C=US","sourceIndex":"3508","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword: \"If You have downloaded the software for purposes of evaluation, regardless of how labeled, the use of the software is limited to a specified period of time and/or limited functionality and all use will be governed by the terms set forth below.\" ) taken from transgenav privacy shield EULA","landingPage":"https://www.technosyspro.com/","directDownloadingLink":"https://s3.amazonaws.com/partnertemporary/technosys/TechnoSysProSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/partnertemporary/technosys/TechnoSysProSetup.exe","sourceIndex":"3508"}],"sampleFiles":["181117/TechnoSysPro-181112/3.5.5/Samples/TechnoSysProSetup.exe","181117/TechnoSysPro-181112/3.5.5/Samples/TechnoSysPro.exe"],"imageFiles":["181117/TechnoSysPro-181112/3.5.5/Images/ACR-043/ACR_043_INSTALL.PNG","181117/TechnoSysPro-181112/3.5.5/Images/ACR-084/ACR_084_SOFTWARE.PNG","181117/TechnoSysPro-181112/3.5.5/Images/ACR-168/ACR_168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["181117/TechnoSysPro-181112/3.5.5/Images/ACR-065/ACR_065_INSTALL.PNG","181117/TechnoSysPro-181112/3.5.5/Images/ACR-065/ACR_065_SOFTWARE.PNG","181117/TechnoSysPro-181112/3.5.5/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","181117/TechnoSysPro-181112/3.5.5/Images/ACR-163/ACR_163_SOFTWARE.PNG","181117/TechnoSysPro-181112/3.5.5/Images/ACR-160/ACR_160_SOFTWARE.PNG"],"guid":"2fc098b3-71ab-45f8-a89a-af21aa76e85d_3.5.5_1","appID":"TechnoSysPro-181112","dateAdded":"181117","deceptorType":"App","name":"TechnoSysPro","company":"TechnosysPro","version":"3.5.5","sigName":"Deceptor:Win32/TechnoSysPro!043084168","lastKnownStatus":"Deceptor:3.5.5","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2377},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The app exaggerates the User and Password, Profile, Browser History, IM History Cookies and Local Trace Files as being threats , thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"TragensAVPrivacyShieldSetup.exe","isInstaller":"True","companyName":"TragensAV Privacy Shield","productName":"TragensAV Privacy Shield","productVersion":"3.3.1","fileVersion":"3.3.1.0","hashMD5":"a1381c10e5de26eb30df78a764948340","hashSHA1":"e4a724d0185b7f735d1aef02e3f2488cffddfec9","hashSHA256":"a99acc6a3d79ab93781344328e78b9e807fd88e1b3544d18cceb3039aba2698d","digitalCertThumbprint":"4DAF01807736C02959AF2DB1CFAFAD1EED5BC138","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Tragens Systems LLC, O=Tragens Systems LLC, L=Edina, S=Minnesota, C=US","sourceIndex":"3018","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","Norton Security (20190228)","Trend Micro Internet Security (20190228)"]},{"isRevoked":"False","fileName":"TragensAVPrivacyShield.exe","companyName":"TragensAV Privacy Shield","productName":"TragensAV Privacy Shield","productVersion":"3.3.1.0","fileVersion":"3.3.1.0","hashMD5":"68dce6b893fc3eaad878d0f2a9d20999","hashSHA1":"ac4b6e713a289dac788f0b1634d49478f74adcf6","hashSHA256":"4b1a1039f3283f9f27e424e2dc9399a4fa8c5326cba51610f7228c91849cdfb4","digitalCertThumbprint":"4DAF01807736C02959AF2DB1CFAFAD1EED5BC138","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Tragens Systems LLC, O=Tragens Systems LLC, L=Edina, S=Minnesota, C=US","sourceIndex":"3018","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://tragensav.com/","directDownloadingLink":"https://tragensav.com/downloads/TragensAVPrivacyShieldSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://tragensav.com/downloads/TragensAVPrivacyShieldSetup.exe","sourceIndex":"3018"}],"sampleFiles":["181112/TransgensAVPrivacyShield-181112/3.3.1/Samples/TragensAVPrivacyShieldSetup.exe","181112/TransgensAVPrivacyShield-181112/3.3.1/Samples/TragensAVPrivacyShield.exe"],"imageFiles":["181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-050/ACR_050_SOFTWARE.PNG","181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_1.PNG","181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-065/ACR_065_INSTALL.PNG","181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-065/ACR_065_SOFTWARE.PNG","181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-088/ACR_088_SOFTWARE.PNG","181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-099/ACR_099_SOFTWARE.PNG","181112/TransgensAVPrivacyShield-181112/3.3.1/Images/ACR-168/ACR_168_LANDING_PAGE.PNG"],"guid":"e73c6a61-4501-40d1-a076-e13c991c6a34_3.3.1_1","appID":"TransgensAVPrivacyShield-181112","dateAdded":"181112","deceptorType":"App","name":"TragensAV Privacy Shield","company":"Tragens Systems LLC","version":"3.3.1","sigName":"Deceptor:Win32/TragensAVPrivacyShield!003050084","lastKnownStatus":"Deceptor:3.3.1","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-06-06T21:10:39.6936456+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2378},{"violations":{"CCR-022":"Call made on 181009 at 12:52PM Eastern Time (US)\n\nViolation 1:  Agent used 'Event Viewer' (Screenshot A) [Self Diagnosis]\nViolation 2:  Agent used 'Task Manager' (Screenshot C) [Self Diagnosis]\nViolation 3:  Agent used 'Reliability Monitor' (Screenshot B) [Self Diagnosis]\n","CCR-031":"Call made on 181009 at 12:52PM Eastern Time (US)\n\nViolation 1:  Agent offered multi year technical support packages.  (Screenshot D and E) [Maximum allowed service duration is one year, agent offered a 1 year service plan, 2 year plan, and a 3 year plan]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.callcenter","reference":"Examining Reimage software","landingPage":"http://reimagetechsupport.com/","ipv4":"","ipv6":"","landingPageWildChar":"http://reimagetechsupport.com/*","sourceIndex":"3233"}],"sampleFiles":[],"imageFiles":["181109/ReimageTechSupport-181009/181009/Images/CCR-022/A.JPG","181109/ReimageTechSupport-181009/181009/Images/CCR-022/B.JPG","181109/ReimageTechSupport-181009/181009/Images/CCR-022/C.JPG","181109/ReimageTechSupport-181009/181009/Images/CCR-031/D.JPG","181109/ReimageTechSupport-181009/181009/Images/CCR-031/E.JPG"],"nonDeceptorImageFiles":[],"guid":"8786f520-2665-413f-9952-0001631fd915_181009_1","appID":"ReimageTechSupport-181009","dateAdded":"181109","deceptorType":"Call Center","name":"reimagetechsupport.com","company":"Reimage Tech Support","version":"181009","sigName":"Deceptor:CallCenter/ReimageTechSupport!022031","firstVendorContactDate":"181009","firstAppEsteemReplyDate":"181017","firstResolvedDate":"190130","firstResolvedVersion":"190130","resolved":"TRUE","lastKnownStatus":"Deceptor:181009;NonCertified:190130","lastKnownDate":"190130","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","lastUpdate":"2019-01-31T00:04:35.5044149+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2379},{"violations":{"ACR-048":"Bundler remaps \"application close\" to \"minimize.\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"No attribution for the download manager is provided.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-035":"No EULA is provided for this Download Manager.\n","ACR-036":"No EULA is provided for this Download Manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"Game Fire_0664882158.exe","isInstaller":"True","companyName":"Nopus                                                       ","fileVersion":"0.0","hashMD5":"e711bbaa6f767f6ab6fb71637182031a","hashSHA1":"fecd14f2dd82eb83923843d6908a7e989a9bde5f","hashSHA256":"9c25383dede477659370255b6c14c591133c4b7bdb9258ea6c2f64abf36e3c42","digitalCertThumbprint":"F007CEF627BECF9CECE8C4310B2FC5F21F19A4ED","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Caliber Wave (Alpha Criteria Ltd.), O=Caliber Wave (Alpha Criteria Ltd.), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Israel, PostalCode=6618208, C=IL","sourceIndex":"3416","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Game Fire_2972909225.exe","isInstaller":"True","productName":"Fuhofahi","productVersion":"4.1","fileVersion":"1.3.5.0","hashMD5":"ea130e4ecd4d6f1f53f29f5c0fdb597f","hashSHA1":"542402b5b4a24644fb5e463ae537afda6a01985f","hashSHA256":"50a4a3c79329254bd921ea91abfae5c6c5fa98457ce0a049dc23be8e403eacbb","digitalCertThumbprint":"F007CEF627BECF9CECE8C4310B2FC5F21F19A4ED","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Caliber Wave (Alpha Criteria Ltd.), O=Caliber Wave (Alpha Criteria Ltd.), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Israel, PostalCode=6618208, C=IL","sourceIndex":"3416","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://www.smartpcutilities.com/gamefire.html","directDownloadingLink":"http://www.disidohan-hiteh.com/gqn33pt/Game%20Fire.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.disidohan-hiteh.com/gqn33pt/Game%20Fire.exe","sourceIndex":"3416"}],"sampleFiles":["181106/GameFire-181102/3.6/Samples/Game Fire_0664882158.exe","181106/GameFire-181102/3.6/Samples/Game Fire_2972909225.exe"],"imageFiles":["181106/GameFire-181102/3.6/Images/ACR-039/ACR_039_INSTALL.PNG","181106/GameFire-181102/3.6/Images/ACR-048/ACR_048_INSTALL.mp4","181106/GameFire-181102/3.6/Images/ACR-059/ACR_059_BUNDLER_MADE_OFFERS.PNG"],"nonDeceptorImageFiles":["181106/GameFire-181102/3.6/Images/ACR-044/ACR_044_INSTALL.PNG","181106/GameFire-181102/3.6/Images/ACR-152/ACR_152_BUNDLER_MADE_OFFERS.mp4"],"guid":"a1c1385a-8a10-4f91-9de6-1f2dbedea00e_3.6_1","appID":"GameFire-181102","dateAdded":"181106","deceptorType":"App","name":"GameFireBundler","company":"Caliber Wave (Alpha Criteria Ltd.)","version":"3.6","sigName":"Deceptor:Win32/GameFireBundler!039048050059","lastKnownStatus":"Deceptor:3.6","lastKnownDate":"181106","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:37:42.9009682+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":536},{"violations":{"ACR-053":"No skip all option is provided on the multiple offers.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"Makes offers that masquerade as EULAs for the carrier.\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's EULA misleads consumers into thinking it is the EULA for the carrier app.\n"},"samples":[{"isRevoked":"False","fileName":"PCMateFreePrivacyCleaner.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"62587392828972872efccbf8c746c5c5","hashSHA1":"d42f0f0bc3e431cb1742fb237d79c0cea40e21c0","hashSHA256":"cea79ec4a22ae911a8862d8f2285c41345252c4597181e418e6fafca876c4f2f","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"3530","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Windows Defender (20190228)"]},{"isRevoked":"False","fileName":"PCMateFreeRegistryCleaner.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"50584d6154ef56b765b2d27613a330c9","hashSHA1":"5b9b0297288fc1effd84b04db45197f67129f0b5","hashSHA256":"125fa3944ac6121c692114634a53d8541157ad6ef5395183c9b8cf02a10d15a9","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"3530","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Windows Defender (20190228)"]},{"isRevoked":"False","fileName":"PCMateFreeSystemCare.exe","isInstaller":"True","companyName":"PCMate Software, Inc.                                       ","fileVersion":"0.0","hashMD5":"c8927f152512c82ded74c623f0749ab8","hashSHA1":"52e2b666dafcca50f4d3181fddcd0072534ffd15","hashSHA256":"3958ee75ff1d95d5e4fe9fa874c889ce26a7344f39ef1fb48c295d68aa2781c5","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"3530","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Windows Defender (20190228)"]}],"additionalFiles":[],"sources":[{"howFound":"PCMate","reference":"","landingPage":"http://www.freesystemsoftware.com","directDownloadingLink":"http://www.freesystemsoftware.com/PCMateFreeSystemCare.exe","ipv4":"","ipv6":"","landingPageWildChar":"http://www.freesystemsoftware.com/*","directDownloadingLinkWildChar":"http://www.freesystemsoftware.com/PCMateFreeSystemCare.exe","sourceIndex":"3530"}],"sampleFiles":["181106/PCMateSystemCareBundle-181103/8.8.1/Samples/PCMateFreePrivacyCleaner.exe","181106/PCMateSystemCareBundle-181103/8.8.1/Samples/PCMateFreeRegistryCleaner.exe","181106/PCMateSystemCareBundle-181103/8.8.1/Samples/PCMateFreeSystemCare.exe"],"imageFiles":["181106/PCMateSystemCareBundle-181103/8.8.1/Images/ACR-053/ACR_053_INSTALL.mp4","181106/PCMateSystemCareBundle-181103/8.8.1/Images/ACR-039/ACR_039_INSTALL.PNG","181106/PCMateSystemCareBundle-181103/8.8.1/Images/ACR-059/ACR_059_BUNDLER-MADE_OFFERS.PNG"],"nonDeceptorImageFiles":["181106/PCMateSystemCareBundle-181103/8.8.1/Images/ACR-065/ACR_065_INSTALL_SCREENSHOT_1.PNG","181106/PCMateSystemCareBundle-181103/8.8.1/Images/ACR-065/ACR_065_INSTALL_SCREENSHOT_2.PNG"],"guid":"84829196-8d99-4326-b5b2-6c1ed8c3ef22_8.8.1_1","appID":"PCMateSystemCareBundle-181103","dateAdded":"181106","deceptorType":"Bundler","name":"PCMateSystemCareBundle","company":"RuiQing Software Technology Beijing Inc","version":"8.8.1","sigName":"Deceptor:Win32/PCMateSystemCareBundle!039053059","lastKnownStatus":"Deceptor:8.8.1","lastKnownDate":"181106","type":"Windows Executable","category":"SysTools & Utilities, Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps","lastUpdate":"2018-11-06T16:05:37.1952881+00:00","notDistributed":false,"familyName":"ruiqing-bundler-ruich","numInFamily":5,"numInAppID":1,"sortOrder":1853},{"violations":{"ACR-016":"Displayed ads lead to direct downloading and installation of the applications instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the application that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-099":"The application has no links or information that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"maxidiskmx.exe","isInstaller":"True","companyName":"Uniblue Systems Limited                                     ","productName":"MaxiDisk","productVersion":"1.0.9.3","fileVersion":"1.0.9.3","hashMD5":"2819fc62aa1ba31145e32cb8f46f0484","hashSHA1":"66030905e49a62198209d496df01be8488ae5d20","hashSHA256":"52708b725cbd17affb7f1283005c184d34f3ec18e33d6b78045ec85b052b7a96","digitalCertThumbprint":"512E108C5F657DF57585FC9F757B9A5ADCF76376","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Uniblue Systems, O=Uniblue Systems, L=Birkirkara, S=Malta, C=MT","sourceIndex":"3219","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"maxidisk.exe","companyName":"Uniblue Systems Limited","productName":"MaxiDisk","productVersion":"1.0.9.3","fileVersion":"1.0.9.3","hashMD5":"3d0f42c97fb20eaec6f3887eef85528d","hashSHA1":"a9fb3a884787f1ac900cbfbfd9c630219aa84516","hashSHA256":"1af070ef3b5fd11e685b08dc5d42d7fc2811f250774aabe20a5d9723d213e10f","digitalCertThumbprint":"512E108C5F657DF57585FC9F757B9A5ADCF76376","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Uniblue Systems, O=Uniblue Systems, L=Birkirkara, S=Malta, C=MT","sourceIndex":"3219","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.uniblue.com/product/pc/maxidisk/","directDownloadingLink":"https://files.uniblue.com/cm/ub14/maxidiskmx/mx-downloads/setup/maxidiskmx.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.uniblue.com/cm/ub14/maxidiskmx/mx-downloads/setup/maxidiskmx.exe","sourceIndex":"3219"}],"sampleFiles":["181106/MaxiDisk-181102/1.0.9.3/Samples/maxidiskmxsetup.exe","181106/MaxiDisk-181102/1.0.9.3/Samples/maxidisk.exe"],"imageFiles":["181106/MaxiDisk-181102/1.0.9.3/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":["181106/MaxiDisk-181102/1.0.9.3/Images/ACR-065/ACR-065_software.JPG","181106/MaxiDisk-181102/1.0.9.3/Images/ACR-099/ACR-099_software.JPG"],"guid":"1a03f02f-c066-43ff-b442-a4c7aeb02d60_1.0.9.3_1","appID":"MaxiDisk-181102","dateAdded":"181106","deceptorType":"App","name":"MaxiDisk","company":"Uniblue Systems Limited","version":"1.0.9.3","sigName":"Deceptor:Win32/MaxiDisk!016","lastKnownStatus":"Deceptor:1.0.9.3","lastKnownDate":"190130","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-31T02:03:49.2785019+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2380},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service or privacy policy is provided for the download manager.\n","ACR-035":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-037":"No EULA/Terms of Service, and Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"KakaoTalk_Setup.exe.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9b3f3b716e1702f8615bc7d6e1fd6e36","hashSHA1":"79836c444c81a0b13cdc21adb8fd397bf1308fca","hashSHA256":"edbd5306cd82860348c7752319ae746e85b6d9866dfb220501ef8660674746a8","digitalCertThumbprint":"890C585971997B134B45185453578B9EA35F0ECE","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=H&V Media Limited, OU=IT, O=H&V Media Limited, L=Nicosia, S=Nicosia, C=CY","sourceIndex":"3220","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"jre-7u72-windows-x64.exe.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"a563abfe7e1ab8a34e31f02287df4c53","hashSHA1":"b0309ac06e04e03a645bf5b6672fc4018947156d","hashSHA256":"4f14850d3468ea265eaf1c680beed073261f1079e9bccdcda0eb997db492bf1a","digitalCertThumbprint":"890C585971997B134B45185453578B9EA35F0ECE","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=H&V Media Limited, OU=IT, O=H&V Media Limited, L=Nicosia, S=Nicosia, C=CY","sourceIndex":"3220","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"suspicious cert","reference":"","landingPage":"","directDownloadingLink":"http://www.namehpeneni.com/25g82pw/KakaoTalk_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.namehpeneni.com/25g82pw/KakaoTalk_Setup.exe","sourceIndex":"3220"}],"sampleFiles":["181106/HVMediaBundle-181103/2.7.5/Samples/KakaoTalk_Setup.exe.exe","181106/HVMediaBundle-181103/2.7.5/Samples/jre-7u72-windows-x64.exe.exe"],"imageFiles":["181106/HVMediaBundle-181103/2.7.5/Images/ACR-039/ACR-039_install.mp4","181106/HVMediaBundle-181103/2.7.5/Images/ACR-048/ACR-048_install.mp4"],"nonDeceptorImageFiles":["181106/HVMediaBundle-181103/2.7.5/Images/ACR-044/ACR-044_software.JPG","181106/HVMediaBundle-181103/2.7.5/Images/ACR-065/ACR-065_INSTALL.JPG","181106/HVMediaBundle-181103/2.7.5/Images/ACR-035/ACR-035_doc.JPG","181106/HVMediaBundle-181103/2.7.5/Images/ACR-036/ACR-036_doc.JPG","181106/HVMediaBundle-181103/2.7.5/Images/ACR-037/ACR-037_doc.JPG","181106/HVMediaBundle-181103/2.7.5/Images/ACR-152/ACR-152_bundlermadeoffer.mp4"],"guid":"b1df9e93-485e-44d6-9644-98670d4541da_2.7.5_1","appID":"HVMediaBundle-181103","dateAdded":"181106","deceptorType":"Bundler","name":"HVMediaBundle","company":"\"H&V Media Limited\"","version":"2.7.5","sigName":"Deceptor:Win32/HVMediaBundle!039048050","lastKnownStatus":"Deceptor:2.7.5","lastKnownDate":"190130","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2019-01-31T02:03:11.4331194+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2381},{"violations":{"ACR-016":"Clicking the \"Download Now\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google search for \"fix my pc\"","reference":"affiliate of Advanced System Repair","landingPage":"https://www.fixmypcfree.com/","ipv4":"","ipv6":"","sourceIndex":"3221"}],"sampleFiles":[],"imageFiles":["181105/FixMyPCFree-181104/181104/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"e32d549e-3af7-4f1e-b034-9aabf88e5a29_181104_1","appID":"FixMyPCFree-181104","dateAdded":"181105","deceptorType":"Affiliate","name":"fixmypcfree.com","company":"fixmypcfree.com","version":"181104","sigName":"Deceptor:Affiliate/FixMyPCFree!016","firstResolvedDate":"190130","firstResolvedVersion":"190130","resolved":"TRUE","lastKnownStatus":"Deceptor:181105;NonCertified:190130","lastKnownDate":"190130","type":"Affiliate","category":"SysTools & Utilities","targetOS":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-31T02:01:30.0357914+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2382},{"violations":{"ACR-003":"The app exaggerates system configuration settings as issues of \"moderate\" priority, thereby misleading or scaring consumer to take action.\n","ACR-014":"App implies that the registry items, junk files and system configuration priority level could be\"moderate or high\", which is misleading.\n"},"nonDeceptorViolations":{"ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no links or information that shows how to uninstall the app.\nThe application's landing page has no links or information that shows how to uninstall the app.\n","ACR-120":"After uninstalling the application a webpage opens with information stating that the consumer can get the app at half price.\n"},"samples":[{"isRevoked":"False","fileName":"speedupmypcsetup.exe","isInstaller":"True","companyName":"Uniblue Systems Limited                                     ","productName":"SpeedUpMyPC","productVersion":"6.2.1.1255","fileVersion":"6.2.1.1255","hashMD5":"078b1a558ecbebcc6ed1a22fcd31ed47","hashSHA1":"98ef11ec8bb6fb3faf44e41f026474f7a789e261","hashSHA256":"f4ed003908a080532c4127e7e605c4e3c18f23fd5c710c51ab92f46dee90afa5","digitalCertThumbprint":"342A0E801EBFDA96FA204DDBE9D647598777827F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Uniblue Systems Limited, O=Uniblue Systems Limited, STREET=\"Orange Point, Floors 2/3\", STREET=\"Dun Karm Street, Birkirkara Bypass\", L=Birkirkara, S=Malta, PostalCode=BKR9037, C=MT","sourceIndex":"3244","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"speedupmypc.exe","companyName":"Uniblue Systems Limited","productName":"SpeedUpMyPC","productVersion":"6.2.1.1255","fileVersion":"6.2.1.1255","hashMD5":"02943c28c2d46f9b7bac8bf2ad51044d","hashSHA1":"94118504e620f7b994efaae0d9a99f0b0cfd5446","hashSHA256":"d9513625f0bc6fd7d563539d8d2c5d1ad69f518cc21352abf6121b49ea83ae4a","digitalCertThumbprint":"342A0E801EBFDA96FA204DDBE9D647598777827F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Uniblue Systems Limited, O=Uniblue Systems Limited, STREET=\"Orange Point, Floors 2/3\", STREET=\"Dun Karm Street, Birkirkara Bypass\", L=Birkirkara, S=Malta, PostalCode=BKR9037, C=MT","sourceIndex":"3244","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.uniblue.com/product/pc/speedupmypc/","directDownloadingLink":"https://files.uniblue.com/cm/ub14/speedupmypc/sp-products-download/setup/speedupmypc.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.uniblue.com/cm/ub14/speedupmypc/sp-products-download/setup/speedupmypc.exe","sourceIndex":"3244"}],"sampleFiles":["181102/SpeedUpMyPC-181101/6.2.1.1255/Samples/speedupmypcsetup.exe","181102/SpeedUpMyPC-181101/6.2.1.1255/Samples/speedupmypc.exe"],"imageFiles":["181102/SpeedUpMyPC-181101/6.2.1.1255/Images/ACR-003/ACR-003_software.JPG","181102/SpeedUpMyPC-181101/6.2.1.1255/Images/ACR-003/ACR-003_software1.JPG","181102/SpeedUpMyPC-181101/6.2.1.1255/Images/ACR-014/ACR-014_software.JPG","181102/SpeedUpMyPC-181101/6.2.1.1255/Images/ACR-014/ACR-014_software1.JPG"],"nonDeceptorImageFiles":["181102/SpeedUpMyPC-181101/6.2.1.1255/Images/ACR-088/ACR-088_software.JPG","181102/SpeedUpMyPC-181101/6.2.1.1255/Images/ACR-099/ACR-099_software.JPG","181102/SpeedUpMyPC-181101/6.2.1.1255/Images/ACR-099/ACR-099_landingpage.JPG","181102/SpeedUpMyPC-181101/6.2.1.1255/Images/ACR-120/ACR-120_uninstall.JPG"],"guid":"f2d5e2da-09b6-4334-97e8-23c2ba737471_6.2.1.1255_1","appID":"SpeedUpMyPC-181101","dateAdded":"181102","deceptorType":"App","name":"SpeedUpMyPC","company":"Uniblue Systems Limited","version":"6.2.1.1255","sigName":"Deceptor:Win32/SpeedUpMyPC!003014","lastKnownStatus":"Deceptor:6.2.1.1255","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-26T01:35:54.8635806+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2383},{"violations":{"ACR-003":"The app exaggerates browser history, cookies and local traces as issues of high privacy risk, thereby misleading or scaring user to take action.\n","ACR-014":"App implies that the browser history and cookies risk level is high which is misleading.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"privacykeeper.exe","isInstaller":"True","companyName":"Uniblue Systems Limited","productName":"PrivacyKeeper","productVersion":"3.6.0","fileVersion":"3.6.0.0","hashMD5":"350cf19eaa414708a89fcdc7c4451a45","hashSHA1":"15197e7df5e26a84308097e447f4065316e91ed2","hashSHA256":"79bfcda44ff8d7a35a19f0f1a9d7eb3d1d6b4557adad7f0c8f2ff38a3a21caee","digitalCertThumbprint":"F04E5DB0856CA249A50B1C05DBF926F58BBFABB1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Uniblue Systems Limited, O=Uniblue Systems Limited, STREET=\"Orange Point, Floors 2/3\", STREET=\"Dun Karm Street, Birkirkara Bypass\", L=Birkirkara, S=Malta, PostalCode=BKR9037, C=MT","sourceIndex":"3245","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PrivacyKeeper.exe","companyName":"Uniblue Systems Limited","productName":"PrivacyKeeper","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"faea9a44595918a38e6ae838227fb26d","hashSHA1":"91114900667728df03d41b1de4abb1505f44180c","hashSHA256":"299258b1278b814950ad3c516110f7b04ed49e094b2b5581b1a538a886294986","digitalCertThumbprint":"F04E5DB0856CA249A50B1C05DBF926F58BBFABB1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Uniblue Systems Limited, O=Uniblue Systems Limited, STREET=\"Orange Point, Floors 2/3\", STREET=\"Dun Karm Street, Birkirkara Bypass\", L=Birkirkara, S=Malta, PostalCode=BKR9037, C=MT","sourceIndex":"3245","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.uniblue.com/product/pc/privacykeeper/","directDownloadingLink":"https://files.uniblue.com/cm/ub14/privacykeeper/pk-product-download/setup/privacykeeper.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.uniblue.com/cm/ub14/privacykeeper/pk-product-download/setup/privacykeeper.exe","sourceIndex":"3245"}],"sampleFiles":["181102/PrivacyKeeper-181101/3.6.0.0/Samples/privacykeepersetup.exe","181102/PrivacyKeeper-181101/3.6.0.0/Samples/PrivacyKeeper.exe"],"imageFiles":["181102/PrivacyKeeper-181101/3.6.0.0/Images/ACR-003/ACR-003_software.JPG","181102/PrivacyKeeper-181101/3.6.0.0/Images/ACR-003/ACR-003_software1.JPG","181102/PrivacyKeeper-181101/3.6.0.0/Images/ACR-014/ACR-014_software.JPG","181102/PrivacyKeeper-181101/3.6.0.0/Images/ACR-014/ACR-014_software1.JPG"],"nonDeceptorImageFiles":[],"guid":"effb93bf-4700-46d4-9195-de0cdc428998_3.6.0.0_1","appID":"PrivacyKeeper-181101","dateAdded":"181102","deceptorType":"App","name":"PrivacyKeeper","company":"Uniblue Systems Limited","version":"3.6.0.0","sigName":"Deceptor:Win32/PrivacyKeeper!003014","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-26T01:35:19.596659+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2384},{"violations":{"ACR-047":"The app does not allow the consumer to continue the installation without accepting the offer for the default search provider on chrome.\n","ACR-085":"The app does not use encryption to protect the user data during searches.\n","ACR-071":"The user is unable to decline the offer for \"Genieo Home as the default search\" independently. The user has to accept that offer to be able to get the Genieo homepage.\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The application was installed in AppData hidden folder. The consumers wouldn't be able to identify the app's location.\n"},"samples":[{"isRevoked":"False","fileName":"InstallGenieo.exe","isInstaller":"True","companyName":"Genieo Innovation LTD","productName":"Personalization Partner","productVersion":"1.0.500","fileVersion":"1.0.500","hashMD5":"c6317a6be27581b5b96a4919e31f9a64","hashSHA1":"b70b371ae641c5fa369b616123b69b8d589595c6","hashSHA256":"5f3ef48dab28b64e038c11058135140a4dc97af20869022d0db1b3ff0a1df93f","digitalCertThumbprint":"F1611B709F64497C29B09C0D31F7F50A24C44C7C","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Genieo Innovation LTD, O=Genieo Innovation LTD, L=Herzliah, S=Israel, C=IL","sourceIndex":"3536","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","Windows Defender (20190228)"]},{"isRevoked":"False","fileName":"gentray.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"fa6d29250c037a10fcf94e85f8f57663","hashSHA1":"3beaac465be589a08d22a1231932b4d4e5a68259","hashSHA256":"ff895420ff67ca3a07d4d69ab753bb0bd94feb5816c701331294e516ba48cdcc","digitalCertThumbprint":"7A23DBA21278245291296B3E6C837E244B2F308C","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Genieo Innovation LTD, O=Genieo Innovation LTD, L=Herzliah, S=Israel, C=IL","sourceIndex":"3536","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Adware, search","reference":"","landingPage":"http://www.genieo.com","directDownloadingLink":"","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"","sourceIndex":"3536"}],"sampleFiles":["181102/Genieo-181031/1.0.500/Samples/InstallGenieo.exe","181102/Genieo-181031/1.0.500/Samples/gentray.exe"],"imageFiles":["181102/Genieo-181031/1.0.500/Images/ACR-047/ACR-047_install.mp4","181102/Genieo-181031/1.0.500/Images/ACR-085/ACR-085_software.mp4","181102/Genieo-181031/1.0.500/Images/ACR-071/ACR-071_inline offer.mp4"],"nonDeceptorImageFiles":["181102/Genieo-181031/1.0.500/Images/ACR-040/ACR-040_install.JPG"],"guid":"0e496677-a8d8-47d3-83d5-d0fee19d5b17_1.0.500_1","appID":"Genieo-181031","dateAdded":"181102","deceptorType":"App","name":"Genieo","company":"Genieo Innovation LTD","version":"1.0.500","sigName":"Deceptor:Win32/Genieo!047071","lastKnownStatus":"Deceptor:1.0.500","lastKnownDate":"181102","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads,search","lastUpdate":"2018-11-03T04:21:32.6676041+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2385},{"violations":{"ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"No attribution for the download manager is provided.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-092":"The application does not have a digital signature. unsigned.\n","ACR-035":"No EULA or Privacy policy is provided for this Download Manager.\n\n","ACR-036":"No EULA or Privacy policy is provided for this Download Manager.\n","ACR-037":"No privacy policy is provided for this Download Manager.\n"},"samples":[{"isRevoked":"False","fileName":"logintimer_V5gjAS_3654637655.exe","isInstaller":"True","productName":"Nih","productVersion":"3.2","fileVersion":"","hashMD5":"b10522d3732fb9f233443680c46de4ae","hashSHA1":"c01ba290c32c69b61a57c23cf4be8b106a818f6b","hashSHA256":"b397a238d02abdf5dcd2d2c3515d03b7fa9deb2701e20d9152eebd0109c41dab","sourceIndex":"3449","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["VirIT eXplorer PRO (20190228)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://logintimer.updatestar.com/","directDownloadingLink":"http://www.liyatoyyotev.com/k0trmbh/logintimer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.liyatoyyotev.com/k0trmbh/logintimer.exe","sourceIndex":"3449"}],"sampleFiles":["181101/LoginTimerBundler-181101/3.2/Samples/logintimer_V5gjAS_3654637655.exe"],"imageFiles":["181101/LoginTimerBundler-181101/3.2/Images/ACR-039/ACR_039_INSTALL.PNG","181101/LoginTimerBundler-181101/3.2/Images/ACR-059/ACR_059_BUNDLER_MADE_OFFERS.PNG"],"nonDeceptorImageFiles":["181101/LoginTimerBundler-181101/3.2/Images/ACR-044/ACR_044_INSTALL.PNG","181101/LoginTimerBundler-181101/3.2/Images/ACR-092/ACR_092_SOFTWARE.PNG"],"guid":"a7890247-b85f-4a15-82e9-3091211e2abb_3.2_1","appID":"LoginTimerBundler-181101","dateAdded":"181101","deceptorType":"Bundler","name":"LoginTimerBundler","company":"Satheesh.S","version":"3.2","sigName":"Deceptor:Win32/LoginTimerBundler!039050059","lastKnownStatus":"Deceptor:3.2","lastKnownDate":"181101","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:17:07.7712611+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":1,"sortOrder":843},{"violations":{"ACR-003":"The application exaggerates registry related items as being errors and of high priority level, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable the scheduled task from the software interface.\n","ACR-014":"App implies that the registry items priority level could be\"medium or high\", which is misleading.\n","ACR-016":"Displayed ads lead to direct downloading and installation of the applications instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"\"thirdpartyinstaller.exe\" does not have a digital signature.\n","ACR-099":"The application has no links or information that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"registrycleanerkitsetup.exe","isInstaller":"True","companyName":"Uniblue Systems Limited                                     ","productName":"RegistryCleanerKit","productVersion":"1.0.2.2","fileVersion":"1.0.2.2","hashMD5":"09a41ba9f372027873462815fdb4060b","hashSHA1":"c1b470e7d8ed50b936d9c0da480fbd4678988a69","hashSHA256":"e0ed8c654b31c89894169c610e1104cbf069cdde15b57e9ef1c54a0330a432db","digitalCertThumbprint":"512E108C5F657DF57585FC9F757B9A5ADCF76376","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Uniblue Systems, O=Uniblue Systems, L=Birkirkara, S=Malta, C=MT","sourceIndex":"3246","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"registrycleanerkit.exe","companyName":"Uniblue Systems Limited","productName":"RegistryCleanerKit","productVersion":"1.0.2.2","fileVersion":"1.0.2.2","hashMD5":"4c846e513316cba571b971b436c11736","hashSHA1":"d2ae50b994eac83265a602dde16c393e9ca18187","hashSHA256":"097abb0738ca2647394c37a9608c221ed578495b7010c71c28c090ba375a11f1","digitalCertThumbprint":"512E108C5F657DF57585FC9F757B9A5ADCF76376","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Uniblue Systems, O=Uniblue Systems, L=Birkirkara, S=Malta, C=MT","sourceIndex":"3246","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"https://www.uniblue.com/downloads/","landingPage":"https://www.uniblue.com/product/pc/registrycleanerkit/","directDownloadingLink":"https://files.uniblue.com/cm/ub14/registrycleanerkit/rc-downloads/setup/registrycleanerkit.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.uniblue.com/cm/ub14/registrycleanerkit/rc-downloads/setup/registrycleanerkit.exe","sourceIndex":"3246"}],"sampleFiles":["181031/RegistryCleanerKit-181030/1.0.2.2/Samples/registrycleanerkitsetup.exe","181031/RegistryCleanerKit-181030/1.0.2.2/Samples/registrycleanerkit.exe"],"imageFiles":["181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-003/ACR-003_software.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-003/ACR-003_software1.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-003/ACR-003_software2.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-014/ACR-014_software.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-014/ACR-014_software1.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-084/ACR-084_software.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-016/ACR-016_software.mp4"],"nonDeceptorImageFiles":["181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-065/ACR-065_software.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-088/ACR-088_software.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-092/ACR-092_software.JPG","181031/RegistryCleanerKit-181030/1.0.2.2/Images/ACR-099/ACR-099_software.JPG"],"guid":"b8642f31-cf36-45af-9512-a99433d39d4a_1.0.2.2_1","appID":"RegistryCleanerKit-181030","dateAdded":"181031","deceptorType":"App","name":"RegistryCleanerKit","company":"Uniblue Systems Limited","version":"1.0.2.2","sigName":"Deceptor:Win32/RegistryCleanerKit!003014016084","lastKnownStatus":"Deceptor:1.0.2.2","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-26T01:34:41.1656303+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2386},{"violations":{"ACR-003":"The app shows a red meter that indicates misleading urgency. The app also does not provide substantiation for the critical settings category of the scan.\n","ACR-014":"The app shows a red bar that is confusing and does not adequately substantiate its claims of critical settings.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThere are no links on the application that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"PC_Win_Boostersetup.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","productName":"PC-Win-Booster","productVersion":"10.4.1.353","fileVersion":"10.4.1.353","hashMD5":"bd11d4b5e59e484a4a63010c72929c9c","hashSHA1":"7c395c34877e1e8ce437fc8a68118fe08b8d82bb","hashSHA256":"e7c6bd0e41825a9ec118af8d98fac54d726b359e5d47175615d56aff4d7dfe69","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3247","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCWinBooster.exe","companyName":"n/a","productName":"n/a","productVersion":"10.3","fileVersion":"10.3.9.341","hashMD5":"52a4655784eb71fa84d9444ea6e9d86a","hashSHA1":"bbfafdabfa97952d85ecc2d969a74ef9143a70fc","hashSHA256":"092eaed0f04d712128c3cab302bc837e4350646273c8e306fe2b44addaf60173","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3247","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://fr.sorentioapps.com/pc-win-booster","directDownloadingLink":"https://www.sorentioapps.com/downloads/PC_Win_Booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.sorentioapps.com/downloads/PC_Win_Booster.exe","sourceIndex":"3247"}],"sampleFiles":["181031/PCWinBooster-181031/10.4.1.353/Samples/PC_Win_Boostersetup.exe","181031/PCWinBooster-181031/10.4.1.353/Samples/PCWinBooster.exe"],"imageFiles":["181031/PCWinBooster-181031/10.4.1.353/Images/ACR-003/ACR-003_software.JPG","181031/PCWinBooster-181031/10.4.1.353/Images/ACR-003/ACR-003_software1.JPG","181031/PCWinBooster-181031/10.4.1.353/Images/ACR-014/ACR-014_software.JPG","181031/PCWinBooster-181031/10.4.1.353/Images/ACR-014/ACR-014_software1.JPG"],"nonDeceptorImageFiles":["181031/PCWinBooster-181031/10.4.1.353/Images/ACR-065/ACR-065_software.JPG","181031/PCWinBooster-181031/10.4.1.353/Images/ACR-099/ACR-099_software.JPG"],"guid":"ab3193e2-d151-4f74-a3a9-9b6fdbe9d29d_10.4.1.353_1","appID":"PCWinBooster-181031","dateAdded":"181031","deceptorType":"App","name":"PCWinBooster","company":"Sorentio Systems Ltd.","version":"10.4.1.353","sigName":"Deceptor:Win32/PCWinBooster!003014","lastKnownStatus":"Deceptor:10.4.1.353","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-26T01:33:58.9470186+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2387},{"violations":{"ACR-007":"The image displayed in the chrome webstore are misleading the consumer about the extension's functionality.\n","ACR-030":"Clicking outside the injected interstitial does not dismiss it; clicking the back button does not return to the website.\n"},"nonDeceptorViolations":{"ACR-011":"Ad for the extension is not clearly labeled as an ad.\n","ACR-022":"Ad requires explicit closing in order for consumer to continue to the page.\n","ACR-014":"Ad for the extension is misleading the consumer to believe that the extension will provide map and gps information.\nAd for the extension is misleading the consumer to believe that the extension will provide map and gps information.\n"},"samples":[{"isRevoked":"False","fileName":"ExpressDirections_v200.6331.1086.31.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"876348601498ba6b85e4c43043682912","hashSHA1":"3bc5e08c15ed7ed80a795418e08f33a622e24bd0","hashSHA256":"85b8fad0fc08c2cfd5247a714f912a0ba465ecc72f66fc98cc6ee9c24efcb841","sourceIndex":"3272","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"google searched \"Your dealings with Third Party Content, including, but not limited to, your interaction with its advertisements and promotions, your clicking on links provided by Third Party Content, purchase of its goods, or any other type of involvement, are solely between you and the third party. Therefore we do not endorse the advertisements, products or other materials of the Third Party Content. If you interact with the Third Party Content, their terms and conditions and privacy policies apply to your rights and obligations with respect to such interaction\"","landingPage":"http://www.expressdirections.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/expressdirections/mjchijabihjkhmmaaihpgmhkklgakinl?utm_source=inline-install-disabled","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/expressdirections/mjchijabihjkhmmaaihpgmhkklgakinl?utm_source=inline-install-disabled","sourceIndex":"3272"}],"sampleFiles":["181030/ExpressDirections-181024/200.6331.1086.31/Samples/ExpressDirections_v200.6331.1086.31.crx"],"imageFiles":["181030/ExpressDirections-181024/200.6331.1086.31/Images/ACR-007/ACR-007_software.JPG","181030/ExpressDirections-181024/200.6331.1086.31/Images/ACR-030/ACR-030_software.mp4"],"nonDeceptorImageFiles":["181030/ExpressDirections-181024/200.6331.1086.31/Images/ACR-014/ACR-014_landingpage.JPG","181030/ExpressDirections-181024/200.6331.1086.31/Images/ACR-014/ACR-014_adsaboutapp.JPG","181030/ExpressDirections-181024/200.6331.1086.31/Images/ACR-011/ACR-011_landingpage.JPG","181030/ExpressDirections-181024/200.6331.1086.31/Images/ACR-022/ACR-022_software.mp4"],"guid":"7cf87cdf-f9a5-46a5-81db-2f6082275895_200.6331.1086.31_1","appID":"ExpressDirections-181024","dateAdded":"181030","deceptorType":"Chrome Extension","name":"ExpressDirections","company":"ExpressDirections.com","version":"200.6331.1086.31","sigName":"Deceptor:CRX/ExpressDirecrtions!007030","firstVendorContactDate":"181107","firstAppEsteemReplyDate":"181107","firstResolvedDate":"190125","firstResolvedVersion":"200.7835.1047.33","resolved":"TRUE","lastKnownStatus":"Deceptor:200.6331.1086.31","lastKnownDate":"181030","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"inject ads","lastUpdate":"2019-01-25T16:20:30.849932+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2388},{"violations":{"CCR-022":" Call made on 181022 at 2:33PM Eastern Time (US)\n\nAt 8:10 into the session the agent used 'Task Manager' (Screenshot A, B, & C).  Agent says, \"Down here you'll see how many processes are running on your device.\"  I say, \"I see.\"  Agent says, \"You have too many processes.  81 processes running in the background of your device.  You can see we're barely not doing anything and your computer is steadily functioning at about 1/4th the computer's brain.  And that's steadily.   We're not doing anything, we're just idling the computer.  It's like your car at a stop sign or a red light, you're idling at 3 or 4 thousand RPM.  That is what is happening with the computer right now.\" [Self-diagnosis]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.callcenter","reference":"Examining Defender Pro software","landingPage":"https://defendercare.com/plans.php","ipv4":"","ipv6":"","landingPageWildChar":"https://defendercare.com/*","sourceIndex":"3532"}],"sampleFiles":[],"imageFiles":["181029/DefenderCare-181022/181022/Images/CCR-022/A.JPG","181029/DefenderCare-181022/181022/Images/CCR-022/B.JPG","181029/DefenderCare-181022/181022/Images/CCR-022/C.JPG"],"nonDeceptorImageFiles":[],"guid":"194d5b19-7830-417c-bcd4-01780848f268_181022_1","appID":"DefenderCare-181022","dateAdded":"181029","deceptorType":"Call Center","name":"DefenderCare.com","company":"Defendercare.com","version":"181022","sigName":"Deceptor:CallCenter/DefenderCare!022","firstVendorContactDate":"181030","firstAppEsteemReplyDate":"181030","firstResolvedDate":"181105","firstResolvedVersion":"181105","resolved":"TRUE","lastKnownStatus":"Deceptor:181029","lastKnownDate":"181029","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","lastUpdate":"2018-11-05T19:04:56.2678672+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2389},{"violations":{"ACR-005":"The newtab extension does not identify itself, and displays an unattributed search dialog, which leads the consumer to believe that this is the default chrome newtab.\n","ACR-085":"The app does not use encryption to protect the user data during searches.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AmazingTab_v1.0.3.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"bd0cf0a5390ae29e24bde0d83e7d8158","hashSHA1":"c1e746af6c3e974693982addc483b01e557ae998","hashSHA256":"53721616b8e292914b9630431ccfa1ebb836b948e863b6ffd6eec066431d85b9","storeId":"pdlegbidnbccjajjbpfomikgelfbohdd","sourceIndex":"3538","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://info.amazingtab.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/amazingtab/pdlegbidnbccjajjbpfomikgelfbohdd","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/amazingtab/pdlegbidnbccjajjbpfomikgelfbohdd","sourceIndex":"3538"}],"sampleFiles":["181028/AmazingTab-181023/1.0.3/Samples/AmazingTab_v1.0.3.crx"],"imageFiles":["181028/AmazingTab-181023/1.0.3/Images/ACR-085/ACR-085_software.mp4","181028/AmazingTab-181023/1.0.3/Images/ACR-005/ACR-005_software.JPG"],"nonDeceptorImageFiles":[],"guid":"80cfcb0b-0e7c-4994-a215-21d703f483f0_1.0.3_1","appID":"AmazingTab-181023","dateAdded":"181028","deceptorType":"Chrome Extension","name":"AmazingTab","company":"webcoapps","version":"1.0.3","sigName":"Deceptor:CRX/AmazingTab!005","lastKnownStatus":"Deceptor:1.0.3","lastKnownDate":"181028","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2018-10-28T16:30:13.6209963+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2390},{"violations":{"ACR-003":"The application reports outdated driver as being Ancient.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"driverscanner.exe","isInstaller":"True","companyName":"Uniblue Systems Ltd                                         ","productName":"DriverScanner","productVersion":"4.2.1.0","fileVersion":"4.2.1.0","hashMD5":"23f905a612d7a3d95235a8aac603e85d","hashSHA1":"011b48943e00d1806a8362529048e068e5608103","hashSHA256":"bf41d9cea385c1daba1b25e2fb8b79db85b893b12907314709a9b7312df15ef6","digitalCertThumbprint":"512E108C5F657DF57585FC9F757B9A5ADCF76376","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Uniblue Systems, O=Uniblue Systems, L=Birkirkara, S=Malta, C=MT","sourceIndex":"3342","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driverscanner_installed_version.exe","companyName":"Uniblue Systems Ltd","productName":"DriverScanner","productVersion":"4.2.1.0","fileVersion":"4.2.1.0","hashMD5":"d577118d99f4c066ab3a464e72a87b93","hashSHA1":"f34cbee447ac95620b620e0784857287b2250283","hashSHA256":"72bd795f8515f124a98022064cb322d31ff9af14dbb14d05b4ac0e9493323d54","digitalCertThumbprint":"512E108C5F657DF57585FC9F757B9A5ADCF76376","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Uniblue Systems, O=Uniblue Systems, L=Birkirkara, S=Malta, C=MT","sourceIndex":"3342","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Driver search","reference":"","landingPage":"https://www.uniblue.com/downloads/","directDownloadingLink":"https://download.uniblue.com/cm/ub14/driverscanner/ds-downloads/setup/driverscanner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.uniblue.com/cm/ub14/driverscanner/ds-downloads/setup/driverscanner.exe","sourceIndex":"3342"}],"sampleFiles":["181025/DriverScanner-181024/4.2.1.0/Samples/driverscanner.exe","181025/DriverScanner-181024/4.2.1.0/Samples/driverscanner_installed_version.exe"],"imageFiles":["181025/DriverScanner-181024/4.2.1.0/Images/ACR-003/ACR_003_SOFTWARE.PNG","181025/DriverScanner-181024/4.2.1.0/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["181025/DriverScanner-181024/4.2.1.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","181025/DriverScanner-181024/4.2.1.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","181025/DriverScanner-181024/4.2.1.0/Images/ACR-099/ACR_099_SOFTWARE.PNG"],"guid":"953508ba-81ac-42df-8115-e73bf1cb8b4c_4.2.1.0_1","appID":"DriverScanner-181024","dateAdded":"181025","deceptorType":"App","name":"DriverScanner","company":"Uniblue Systems Ltd","version":"4.2.1.0","sigName":"Deceptor:Win32/DriverScanner!003084","lastKnownStatus":"Deceptor:4.2.1.0","lastKnownDate":"181025","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-22T00:39:37.6227927+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2391},{"violations":{"ACR-003":"The application exaggerates junk files, system services and system & network settings as being errors and problems, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-057":"The application fails to provide the user with clear and simple options to  decline the \"All history cleaner\" associated offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"pcspeedup_6a2b06c3a3424764808e2ab361f32a46_.exe","isInstaller":"True","companyName":"Optimal Software s.r.o.                                     ","productName":"PC Speed Up Installer","productVersion":"1.0.6.1","fileVersion":"1.0.6.1","hashMD5":"c1853b04f9f51713f8cccc67bf4ae34d","hashSHA1":"a88d54d4f3bf4429a4a7aa43b0dce5d7140924b8","hashSHA256":"2b28b2b2dec3a62fddcb3373b9699af9a7a718b214b8449032a643c11bfb60a8","digitalCertThumbprint":"B733BA4C7505FF56B97297E7C12BE1D27C2DC968","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Optimal Software s.r.o., O=Optimal Software s.r.o., STREET=Jablunkovska 2014/40a, L=Cesky Tesin, S=Cesky Tesin, PostalCode=73701, C=CZ","sourceIndex":"3539","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Trend Micro Internet Security (20190228)","Windows Defender (20190228)"]},{"isRevoked":"False","fileName":"PCSULauncher.exe","companyName":"Optimal Software s.r.o.","productName":"PC Speed Up","productVersion":"3.9.18.0","fileVersion":"3.9.18.0","hashMD5":"5043e47d9625c91c2c66f1d2da3df055","hashSHA1":"8ec138f403242ac38857874f71ee5e1bffe2cd6e","hashSHA256":"1182f0be75e69db13726568b714ae606eb0e09bda90f1323e225864dc33fbd78","digitalCertThumbprint":"B733BA4C7505FF56B97297E7C12BE1D27C2DC968","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Optimal Software s.r.o., O=Optimal Software s.r.o., STREET=Jablunkovska 2014/40a, L=Cesky Tesin, S=Cesky Tesin, PostalCode=73701, C=CZ","sourceIndex":"3539","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.pcspeedup.com/","directDownloadingLink":"http://www.pcspeedup.com/downloads/download.aspx?referencedWebsite=www.pcspeedup.com&language=en","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcspeedup.com/downloads/download.aspx?referencedWebsite=www.pcspeedup.com&language=en","sourceIndex":"3539"}],"sampleFiles":["181025/D-PPCSpeedUp-170725/1.0.6.1/Samples/pcspeedup_6a2b06c3a3424764808e2ab361f32a46_.exe","181025/D-PPCSpeedUp-170725/1.0.6.1/Samples/PCSULauncher.exe"],"imageFiles":["181025/D-PPCSpeedUp-170725/1.0.6.1/Images/ACR-057/ACR_057_INTERNAL_OFFERS.PNG","181025/D-PPCSpeedUp-170725/1.0.6.1/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","181025/D-PPCSpeedUp-170725/1.0.6.1/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","181025/D-PPCSpeedUp-170725/1.0.6.1/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","181025/D-PPCSpeedUp-170725/1.0.6.1/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["181025/D-PPCSpeedUp-170725/1.0.6.1/Images/ACR-065/ACR_065_INSTALL.PNG","181025/D-PPCSpeedUp-170725/1.0.6.1/Images/ACR-065/ACR_065_SOFTWARE.PNG","181025/D-PPCSpeedUp-170725/1.0.6.1/Images/ACR-099/ACR_099_SOFTWARE.PNG"],"guid":"e5cf2c05-0d3e-4985-8dbb-fd6ba6f3fb7a_1.0.6.1_1","appID":"D-PPCSpeedUp-170725","dateAdded":"181025","deceptorType":"App","name":"PC Speed Up","company":"Optimal Software s.r.o.","version":"1.0.6.1","sigName":"Deceptor:Win32/PCSpeedUp!003057084","lastKnownStatus":"Deceptor:1.0.6.1","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2392},{"violations":{"ACR-003":"The application reports identified junk files, registry (The registry key doesn’t contain any data) as problems with exaggerated numbers and portrayed the importance as “High”, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"1.The application displays a support call center phone number , but does not disclose that additional offers may be made on the one-on-one interaction with the user.\r\n2.The application displays a support call center phone number , but does not provide an equally prominent non-interaction option to the user.\n","ACR-057":"The application fails to provide the user with clear and simple options to  decline the \"All history cleaner\" associated offer.\n"},"nonDeceptorViolations":{"ACR-003":"The application reports identified junk files, registry (The registry key doesn’t contain any data) as problems with exaggerated numbers and portrayed the importance as “High”, thereby misleading or scaring the user to take action.\n","ACR-168":"1.The application displays a support call center phone number , but does not disclose that additional offers may be made on the one-on-one interaction with the user.\r\n2.The application displays a support call center phone number , but does not provide an equally prominent non-interaction option to the user.\n","ACR-057":"The application fails to provide the user with clear and simple options to  decline the \"All history cleaner\" associated offer.\n"},"samples":[{"isRevoked":"False","fileName":"pcspeedup_51f88bc7e794413ab80c89eea78ae16f_InstallStub.exe","isInstaller":"True","companyName":"Optimal Software s.r.o.","productName":"PC Speed Up Installer","productVersion":"1.0.4.0","fileVersion":"1.0.4.0","hashMD5":"15d0d293f273012da3d33b78ee31733d","hashSHA1":"7d82711a61c896fb6e68781b7a12ded9caa9d03e","hashSHA256":"925508de7fe1bbfca53a6cd5f16c25c819d61dc27ed0a450cef9d9074dddec39","digitalCertThumbprint":"22814D03495D33719559D17E12ADC782E4ABEA9B","digitalCertIssuer":"Optimal Software s.r.o.","digitalCertIssuedTo":"Optimal Software s.r.o.","sourceIndex":"3769","dateAdded":"170726","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["Trend Micro Internet Security (20190228)"]},{"isRevoked":"False","fileName":"pcspeedup_51f88bc7e794413ab80c89eea78ae16f_.exe","companyName":"Optimal Software s.r.o.","productName":"PC Speed Up","productVersion":"3.9.16.0","fileVersion":"3.9.16.0","hashMD5":"f8fdb4d4b4c4dd42db2890680a5f8f53","hashSHA1":"3a0e113167c86dd53605d24d9ce3f55a36082d89","hashSHA256":"c7d6e8dc080f1f9d364c4655ce4d67c244e649d9febc829e2bc6e0c422d5e7ff","digitalCertThumbprint":"5C67C6ECB81AE4F297F3AACC1100A7A256BBA28D","digitalCertIssuer":"Optimal Software s.r.o.","digitalCertIssuedTo":"Optimal Software s.r.o.","sourceIndex":"3769","dateAdded":"170726","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.pcspeedup.com/","directDownloadingLink":"http://www.pcspeedup.com/downloads/download.aspx?referencedWebsite=www.pcspeedup.com&language=en","ipv4":"","ipv6":"","sourceIndex":"3769"}],"sampleFiles":["170727/D-PPCSpeedUp-170725/Samples/pcspeedup_1701e984d2c34a7f9319aa2536404a01_.exe","170727/D-PPCSpeedUp-170725/Samples/pcspeedup_51f88bc7e794413ab80c89eea78ae16f_.exe"],"imageFiles":["170727/D-PPCSpeedUp-170725/Images/ACR-003/ACR-003_Software_ExaggeratedClaimsAsJunkFilesAreMentionedAsItemsAndRegistryKeysThatDoesNotContainAnyDataIsConsideredAsProblem.mp4","170727/D-PPCSpeedUp-170725/Images/ACR-003/ACR-003_Software_JunkFilesAreAlsoConsideredAsItems.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-003/ACR-003_Software_RegistryKeysThatDoesNotContainAnyDataIsConsideredAsProblem.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-003/ACR-003_Software_ScanResultScaresTheUserToTakeActionWhichCanBeTonedDown.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.mp4","170727/D-PPCSpeedUp-170725/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4","170727/D-PPCSpeedUp-170725/Images/ACR-057/ACR-057_InternalOffer_RequireAnOptionForTheAllHistoryCleanerToOptOut.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-057/ACR-057_InternalOffer_RequireAnOptionForTheAllHistoryCleanerToOptOut.mp4"],"nonDeceptorImageFiles":["170727/D-PPCSpeedUp-170725/Images/ACR-003/ACR-003_Software_ExaggeratedClaimsAsJunkFilesAreMentionedAsItemsAndRegistryKeysThatDoesNotContainAnyDataIsConsideredAsProblem.mp4","170727/D-PPCSpeedUp-170725/Images/ACR-003/ACR-003_Software_JunkFilesAreAlsoConsideredAsItems.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-003/ACR-003_Software_RegistryKeysThatDoesNotContainAnyDataIsConsideredAsProblem.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-003/ACR-003_Software_ScanResultScaresTheUserToTakeActionWhichCanBeTonedDown.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4","170727/D-PPCSpeedUp-170725/Images/ACR-057/ACR-057_InternalOffer_RequireAnOptionForTheAllHistoryCleanerToOptOut.JPG","170727/D-PPCSpeedUp-170725/Images/ACR-057/ACR-057_InternalOffer_RequireAnOptionForTheAllHistoryCleanerToOptOut.mp4"],"guid":"e5cf2c05-0d3e-4985-8dbb-fd6ba6f3fb7a_1.0.4.0_1","appID":"D-PPCSpeedUp-170725","dateAdded":"181025","deceptorType":"App","name":"PC Speed Up","company":"Optimal Software s.r.o.","version":"1.0.4.0","sigName":"Deceptor;Win32/PPCSpeedup!003084168057","lastKnownStatus":"Deceptor:1.0.6.1","lastKnownDate":"201202","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"call center\",\"paid\"]","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":2,"sortOrder":2393},{"violations":{"ACR-017":"The application's installer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-016":"Displayed ads lead to direct downloading and installation of the applications instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n","ACR-053":"No skip all option is provided on the multiple offers.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"disk-defrag-setup.exe","isInstaller":"True","companyName":"Auslog˜ics                                                  ","productName":"Auslogÿics Disk Deÿfrag","productVersion":"8.0.17.0","fileVersion":"8.0","hashMD5":"53bcb875de02858ea5ad7608ae257fdc","hashSHA1":"77822cd405a3f68c1f8eaa6bddfa824a92fb5b5f","hashSHA256":"00574fee1c30d4df49e50ea3b7a97c792681d4da78017efb734f721242363bfc","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU, SERIALNUMBER=45163028662, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"3202","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskDefrag.exe","companyName":"Auslog˜ics","productName":"Disk Deÿfrag","productVersion":"8.x","fileVersion":"8.0.17.0","hashMD5":"6049c4cc4f5ab2aa7e0d71cf497060df","hashSHA1":"e8a79a85148e37d51c475dbacc48c4c4e0a7ff28","hashSHA256":"f8f9cba6adb6ef54e38e1f5e387e3b62df4835213ea4528393e1c1ba506cff00","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"3202","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"https://www.pissedconsumer.com/auslogics/RT-F.html","landingPage":"https://www.auslogics.com/en/software/disk-defrag/","directDownloadingLink":"http://static.auslogics.com/en/disk-defrag/disk-defrag-setup.exe","ipv4":"198.232.127.32","directDownloadingLinkWildChar":"http://static.auslogics.com/en/disk-defrag/disk-defrag-setup.exe","sourceIndex":"3202"}],"sampleFiles":["181022/D-DiskDefrag-00006/8.0.17.0/Samples/disk-defrag-setup.exe","181022/D-DiskDefrag-00006/8.0.17.0/Samples/DiskDefrag.exe"],"imageFiles":["181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-016/ACR-016_adsinsideapp.mp4","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-053/ACR-053_inlineoffer.JPG","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-053/ACR-053_inlineoffer1.JPG","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-053/ACR-053_inlineoffer2.JPG","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-017/ACR-017_inlineoffer1.JPG","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-017/ACR-017_inlineoffer2.JPG","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-059/ACR-059_inlineoffer.JPG","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-059/ACR-059_inlineoffer1.JPG","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-059/ACR-059_inlineoffer2.JPG"],"nonDeceptorImageFiles":["181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-017/ACR-017_landingpage.JPG","181022/D-DiskDefrag-00006/8.0.17.0/Images/ACR-099/ACR-099_software.JPG"],"guid":"86372e33-ba97-4491-b24d-9e3b75d2becd_8.0.17.0_1","appID":"D-DiskDefrag-00006","dateAdded":"181022","deceptorType":"App","name":"Disk Defrag","company":"Auslogics Labs Pty Ltd","version":"8.0.17.0","sigName":"Deceptor:Win32/DiskDefrag!016053017059","firstVendorContactDate":"190115","firstAppEsteemReplyDate":"190116","firstResolvedDate":"190211","firstResolvedVersion":"8.0.22.0","resolved":"TRUE","lastKnownStatus":"Deceptor:8.0.17.0;NonCertified:8.0.22.0","lastKnownDate":"181022","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-02-11T20:05:32.3399964+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2394},{"violations":{"ACR-043":"Express installation installs another app: BoostSpeed without disclosing it during installation and in app document.\nIn build 7.1.4.0, BoostSpeed is not installed under default anymore\n","ACR-003":"App exaggerates empty reigstry keys, window defender signature backup files and browser cache files as system problems. Fix them need to install another app BoostSpeed.\nIn build 7.1.4.0, exaggerated word \"problem\" has been changed be \"tweaks\". BoostSpeed is still promoted to install to improve system though. \n","ACR-010":"Offer BoostSpeed app in software. BoostSpeed (reference Deceptor:Win32/BoostSpeed!003) is an active deceptor app. \n"},"nonDeceptorViolations":{"ACR-003":"App exaggerates empty reigstry keys, window defender signature backup files and browser cache files as system problems. Fix them need to install another app BoostSpeed.\nIn build 7.1.4.0, exaggerated word \"problem\" has been changed be \"tweaks\". BoostSpeed is still promoted to install to improve system though. \n","ACR-010":"Offer BoostSpeed app in software. BoostSpeed (reference Deceptor:Win32/BoostSpeed!003) is an active deceptor app. \n"},"samples":[{"isRevoked":"False","fileName":"disk-defrag-setup_7140.exe","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"Auslogics Labs Pty Ltd","productVersion":"7.1.2.0","fileVersion":"7.1.2.0","hashMD5":"8428ccceb1135bb0839d884ba058b9f4","hashSHA1":"dd4b594cab214c911a2cd41d713aa9fbd0ac1c68","hashSHA256":"36eba7d4604fcc4b2c5ab3350d787937505cb462c967541dcf774612ff41e48f","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3714","dateAdded":"170719","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"disk-defrag-setup_7140.exe","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"Auslogics Labs Pty Ltd","productVersion":"7.1.4.0","fileVersion":"7.1.4.0","hashMD5":"9a73e76e29902ad1065de421d15e72bd","hashSHA1":"0358586e0dce70cb7d68e3faf4db6bae8fdc6d3e","hashSHA256":"36786ead8ed0929efa61102a6437a16e25f96db8f6429af623cbc8363586c9b9","digitalCertThumbprint":"17ee7405669a017a96d2654d75c96e1f3da96c19","sourceIndex":"3714","dateAdded":"170719","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"https://www.pissedconsumer.com/auslogics/RT-F.html","landingPage":"https://www.auslogics.com/en/software/disk-defrag/","directDownloadingLink":"http://static.auslogics.com/en/disk-defrag/disk-defrag-setup.exe","ipv4":"198.232.127.32","sourceIndex":"3714"}],"sampleFiles":["170921/D-DiskDefrag-00006/7.1/Samples/disk-defrag-setup.exe"],"imageFiles":["170921/D-DiskDefrag-00006/7.1/Images/ACR-043/ACR-043_Install.mp4","170921/D-DiskDefrag-00006/7.1/Images/ACR-043/ACR-043_Install1.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-043/ACR-043_Install2.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-046/ACR-046_Install1.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-046/ACR-046_Install2.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-046/ACR-046_Install3.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-003/ACR-003_Software.mp4","170921/D-DiskDefrag-00006/7.1/Images/ACR-003/ACR-003_Software.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-010/DiskDefragInstallBoostSpeed.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-016/ACR-016_Ads_about_app1.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-016/ACR-016_Ads_about_app2.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-055/ACR-055_Install.PNG"],"nonDeceptorImageFiles":["170921/D-DiskDefrag-00006/7.1/Images/ACR-049/ACR-049_Install.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-161/ACR-161_LandingPage1.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-161/ACR-161_LandingPage2.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-163/ACR-163_LandingPage1.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-163/ACR-163_LandingPage2.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-163/ACR-163_LandingPage3.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-069/ACR-069_LandingPage.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-035/ACR-035_Docs.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-029/ACR-029_Interstitial1.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-029/ACR-029_Interstitial2.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-022/ACR-022_InjectedAds.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-046/ACR-046_Install1.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-046/ACR-046_Install2.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-046/ACR-046_Install3.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-055/ACR-055_Install.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-003/ACR-003_Software.mp4","170921/D-DiskDefrag-00006/7.1/Images/ACR-003/ACR-003_Software.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-010/DiskDefragInstallBoostSpeed.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-016/ACR-016_Ads_about_app1.PNG","170921/D-DiskDefrag-00006/7.1/Images/ACR-016/ACR-016_Ads_about_app2.PNG"],"guid":"86372e33-ba97-4491-b24d-9e3b75d2becd_7.1_1","appID":"D-DiskDefrag-00006","dateAdded":"181022","deceptorType":"App","name":"Disk Defrag","company":"Auslogics Labs Pty Ltd","version":"7.1","sigName":"Deceptor:Win32/DiskDefrag!043003010","firstVendorContactDate":"190115","firstAppEsteemReplyDate":"190116","firstResolvedDate":"190211","firstResolvedVersion":"8.0.22.0","resolved":"TRUE","lastKnownStatus":"Deceptor:8.0.17.0;NonCertified:8.0.22.0","lastKnownDate":"181022","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"Child appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2019-02-11T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2395},{"violations":{"ACR-005":"The newtab extension does not identify itself, and displays an unattributed search dialog, which leads the consumer to believe that this is the default chrome newtab.\n","ACR-085":"The app does not use encryption to protect the user data during searches.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SportMuze-Start_v1.0.1.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"fa6d508e83e63053ef581fab486da2c9","hashSHA1":"89d52ac5c6396b69b36a1aacbc81b9a59c5430cf         pesha1: 89d52ac5c6396b69b36a1aacbc81b9a59c5430c","hashSHA256":"afdd1b121a55f66fca59f25f0d037fd3b42ab5c65544589aab1f4e2beb485152","sourceIndex":"3542","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.goamuze.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/sportmuze-start/nnaaoepanoecdfeceblffbkanjkleipp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/sportmuze-start/nnaaoepanoecdfeceblffbkanjkleipp","sourceIndex":"3542"}],"sampleFiles":["181020/SportMuzeStart-181017/1.0.1/Samples/SportMuze-Start_v1.0.1.crx"],"imageFiles":["181020/SportMuzeStart-181017/1.0.1/Images/ACR-085/ACR-085_software.mp4","181020/SportMuzeStart-181017/1.0.1/Images/ACR-005/ACR-005_software.JPG"],"nonDeceptorImageFiles":[],"guid":"4705326b-e8f3-49f7-903c-85077a6d9e5d_1.0.1_1","appID":"SportMuzeStart-181017","dateAdded":"181020","deceptorType":"Chrome Extension","name":"SportMuzeStart","company":"goAmuze","version":"1.0.1","sigName":"Deceptor:CRX/SportsMuzeStart!005","lastKnownStatus":"Deceptor:1.0.1","lastKnownDate":"181020","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2018-10-20T21:39:46.104279+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2396},{"violations":{"ACR-005":"The newtab page is lacking attribution, which leaves the consumer thinking this extension is part of chrome.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MyMapsTab-addon_v1.0.18.905.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"b1c67d5070fea60765fcfcf5072cb2f0","hashSHA1":"1fd36077d1b6fb560880e944ed95fa4fa45fb0e7","hashSHA256":"f952595f8c4f4e4e7a750f524fc8c28e05c149ba13549ca8712dc858f389ec55","storeId":"objfoicfgjgjfakppndfbbojnkepdjda","sourceIndex":"3540","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://mymapstab.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/mymapstab-addon/objfoicfgjgjfakppndfbbojnkepdjda","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/mymapstab-addon/objfoicfgjgjfakppndfbbojnkepdjda","sourceIndex":"3540"}],"sampleFiles":["181020/MyMapsTab-181019/1.0.18.905/Samples/MyMapsTab-addon_v1.0.18.905.crx"],"imageFiles":["181020/MyMapsTab-181019/1.0.18.905/Images/ACR-005/ACR-005_software.JPG"],"nonDeceptorImageFiles":[],"guid":"496ee20f-60b8-44e9-b7c9-198c5b686f51_1.0.18.905_1","appID":"MyMapsTab-181019","dateAdded":"181020","deceptorType":"Chrome Extension","name":"MyMapsTab","company":"mymapstab.com","version":"1.0.18.905","sigName":"Deceptor:CRX/MyMapsTab!005","lastKnownStatus":"Deceptor:1.0.18.905","lastKnownDate":"181020","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2018-10-20T21:44:32.1577214+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2397},{"violations":{"ACR-005":"The newtab page is lacking attribution, which leaves the consumer thinking this extension is part of chrome.\n","ACR-085":"The app does not use encryption to protect the user data during searches.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"MusixMuze-Start_v1.0.6.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"ab11878fa9379a25c503e702a893aa77","hashSHA1":"6ff1c599a926e585b23911a744d7c9ad464363d3","hashSHA256":"604b40cf2c5750ef7d0bc66932ae827575fc4461267279aee2d1bc142e4f25d1","sourceIndex":"3541","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.goamuze.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/musixmuze-start/ommkepohpokablkapbhgnlmdbbnfeibb","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/musixmuze-start/ommkepohpokablkapbhgnlmdbbnfeibb","sourceIndex":"3541"}],"sampleFiles":["181020/MusixMusicStart-181018/1.0.6/Samples/MusixMuze-Start_v1.0.6.crx"],"imageFiles":["181020/MusixMusicStart-181018/1.0.6/Images/ACR-085/ACR-085_software.mp4","181020/MusixMusicStart-181018/1.0.6/Images/ACR-005/ACR-005_software.JPG"],"nonDeceptorImageFiles":[],"guid":"67080a0e-24b2-49a9-98b5-4d97f79463eb_1.0.6_1","appID":"MusixMusicStart-181018","dateAdded":"181020","deceptorType":"Chrome Extension","name":"MusixMusicStart","company":"goAmuze","version":"1.0.6","sigName":"Deceptor:CRX/MusixMusicStart!005","lastKnownStatus":"Deceptor:1.0.6","lastKnownDate":"181020","type":"Chrome Extension","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2018-10-20T21:41:38.6576171+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2398},{"violations":{"CCR-022":"Call made on 181019 at 12:00PM Eastern Time (US)\n\nViolation 1:  At 7:20 into the session, the agent opens up 'Task Manager' (Screenshot A and B) and says, \"Have a look there. Sir, the CPU is like the brain of the computer and whenever it is at its maximum you may experience slow performance, sometimes it will even freeze up. As you can see on this diagram you have different jumps up and down.   Sir, actually,  it is recommended to check and optimize CPU with a technician to get your computer in a good condition.\"  [Self-diagnosis violation when the agent opened up 'Task Manager']\nViolation 2:  At 8:24 into the session, agent says, \"Alright, now I am opening 'Event Viewer'.  (Screenshot C) Its like a diary of your computer and whenever something happens you'll find the information about it in there.\"   At  9:12 into the session the agent says, \"As you can see you have different warnings and errors there so let me explain you.  Warning's is like a notification about potential problems and error is a notification about a miscorporation between the system and the system elements sir.  As you can see your computer is sending notifications from 2015 sir.\"  [Self-diagnosis violation when the agent opened up 'Event Viewer']\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.callcenter","reference":"Examining Driverupdate","landingPage":"https://slimware.com/purchase/premium-support?","directDownloadingLink":"https://secure.slimwareutilities.com/premsup/cart/recurring","ipv4":"","ipv6":"","landingPageWildChar":"https://slimware.com/premium-support?*","sourceIndex":"3509"}],"sampleFiles":[],"imageFiles":["181019/SlimwarePremiumSupport-181019/181019/Images/CCR-022/A.JPG","181019/SlimwarePremiumSupport-181019/181019/Images/CCR-022/B.JPG","181019/SlimwarePremiumSupport-181019/181019/Images/CCR-022/C.JPG"],"nonDeceptorImageFiles":[],"guid":"92ff097c-9e9f-42ec-bc55-48531406bb52_181019_1","appID":"SlimwarePremiumSupport-181019","dateAdded":"181019","deceptorType":"Call Center","name":"SlimwarePremiumSupport","company":"Slimware Premium Support","version":"181019","sigName":"Deceptor:CallCenter/SlimwarePremiumSupport!022","firstVendorContactDate":"181019","firstAppEsteemReplyDate":"181019","firstResolvedDate":"181116","firstResolvedVersion":"181116","resolved":"TRUE","lastKnownStatus":"Deceptor:181019","lastKnownDate":"181019","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Android","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","lastUpdate":"2018-11-17T18:46:16.4319665+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2399},{"violations":{"ACR-007":"The images displayed in the chrome webstore are misleading the consumer about the extension's functionality.\n","ACR-114":"app uses a different (even though similar) name on the injected ads than it uses in Chrome.\n","ACR-030":"clicking outside the injected interstitial does not dismiss it; clicking the back button does not return to the website\n"},"nonDeceptorViolations":{"ACR-002":"Ads refer to \"CouponRockstar Extension\", but extension is named \"Offers by CouponRockstar\" \n","ACR-027":"The injecting extension name does not match the app: the app is named \"Offers by CouponRockstar\", the interstitial claims \"CouponRockstar Advertisement\", and the details claims \"CouponRockstar Extension\".\n","ACR-011":"ad for the extension is not clearly labeled as an ad.\n","ACR-022":"ad requires explicit closing in order for consumer to continue to the page.\n","ACR-014":"Ad for the extension is misleading the consumer to believe that the extension will provide coupons.\n"},"samples":[{"isRevoked":"False","fileName":"Offers-by-CouponRockstar_v184.5276.1092.31.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"0.","hashMD5":"7178bbc2646019a53dc231ff0d2a4adb","hashSHA1":"278190a60dd44fb8b534978507dc677a5e63ee01","hashSHA256":"35155b4e6967ca13cae2f286d8ae9cc77ffa6471527631c6e70075b303b06e47","storeId":"phoaopdicackjeoflpmciakfpaafpfgh","sourceIndex":"3511","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search privacy policy \"You can opt out of the use of your NPII from being used by Network Advertising Initiative (“NAI”) members. The NAI opt-out tool was developed in conjunction with NAI members for the express purpose of allowing consumers to \"opt out\" of the behavioral advertising delivered by NAI members. If you opt-out of the use of your NPII from being used by NAI members, you will continue to receive ads, however, it will prevent NAI members from delivering ads tailored to your preferences and usage patterns. If you opt out of Interest-Based Advertising (as defined here) by one or more NAI member company, that choice will be stored in “opt-out cookies.” If you ever delete opt-out cookies from your browser (such as by clearing all cookies), buy a new computer, or change web browsers, you'll need to renew your opt-out choices. NAI member companies need to be able to read an \"opt-out\" cookie on your browser to know not to collect and use data for interest-based advertising purposes.\"","landingPage":"https://chrome.google.com/webstore/detail/offers-by-couponrockstar/phoaopdicackjeoflpmciakfpaafpfgh","ipv4":"","ipv6":"","sourceIndex":"3511"}],"sampleFiles":["181018/CouponRockstar-180911/184.5276.1092.31/Samples/Offers-by-CouponRockstar_v184.5276.1092.31.crx"],"imageFiles":["181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-007/ACR-007_inlineoffer.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-007/ACR-007_inlineoffer1.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-114/ACR-114_software.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-114/ACR-114_software1.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-030/ACR-030_injectedinterstitial.mp4"],"nonDeceptorImageFiles":["181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-002/ACR-002_injectedint.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-014/ACR-014_adsaboutapp.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-027/ACR-027_injectedint.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-027/ACR-027_injectedint1.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-011/ACR-011_adsaboutapp.JPG","181018/CouponRockstar-180911/184.5276.1092.31/Images/ACR-022/ACR-022_injectedinterstitial.mp4"],"guid":"c7ea300e-6c13-498f-9675-b2cccbde0a8a_184.5276.1092.31_1","appID":"CouponRockstar-180911","dateAdded":"181018","deceptorType":"Chrome Extension","name":"CouponRockstar","company":"CouponRockstar.com","version":"184.5276.1092.31","sigName":"Deceptor:CRX/CouponRockstar!007030114","firstVendorContactDate":"181107","firstAppEsteemReplyDate":"181107","firstResolvedDate":"181115","firstResolvedVersion":"184.7652.1038.33","resolved":"TRUE","lastKnownStatus":"Deceptor:184.5276.1092.31","lastKnownDate":"181018","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2018-11-16T02:52:07.3284954+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2401},{"violations":{"ACR-083":"Claims to be a newtab application, but also changes default search provider.\n"},"nonDeceptorViolations":{"ACR-001":"Breaks Google's single purpose policy by installing both a newtab and changing search in a single extension.\n","ACR-014":"Claims to help watch movies, but also changes search provider.\n"},"samples":[{"isRevoked":"False","fileName":"All-Movies-Tab_v1.0.7.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"1b0cbd9e7bc45745188a58b9c9d4d3b1","hashSHA1":"bbe608ddea8c2c7eecb7d3ce2f10cf14e544cf0e","hashSHA256":"40bf6e38af1cdaa84e29ebb7d61b07bba877d6d3ae645af5fe6061d33248c5e5","sourceIndex":"3546","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google searched \"we may receive Contact Information, when you voluntarily provide us with such information, if and when you contact us for support. Contact Information shall not be stored and shall be deleted immediately after providing you with the support you requested.\"","landingPage":"http://www.allmoviestab.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/all-movies-tab/nbagecfnimmiibppepkigkpballbmblm","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/all-movies-tab/nbagecfnimmiibppepkigkpballbmblm","sourceIndex":"3546"}],"sampleFiles":["181018/Allmoviestab-181015/1.0.7/Samples/All-Movies-Tab_v1.0.7.crx"],"imageFiles":["181018/Allmoviestab-181015/1.0.7/Images/ACR-083/ACR-051_software.mp4","181018/Allmoviestab-181015/1.0.7/Images/ACR-083/acr-083 no claim to change search.png"],"nonDeceptorImageFiles":["181018/Allmoviestab-181015/1.0.7/Images/ACR-014/acr-083 no claim to change search.png","181018/Allmoviestab-181015/1.0.7/Images/ACR-001/ACR-051_software.mp4"],"guid":"23390524-476e-41b1-8ac6-8454aa130f65_1.0.7_1","appID":"Allmoviestab-181015","dateAdded":"181018","deceptorType":"Chrome Extension","name":"Allmoviestab","company":"www.allmoviestab.com","version":"1.0.7","sigName":"Deceptor:CRX/AllMoviesTab!083","lastKnownStatus":"Deceptor:1.0.7","lastKnownDate":"181018","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2018-10-18T06:19:40.3677561+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2402},{"violations":{"ACR-030":"Clicking outside the injected interstitial does not dismiss it; clicking the back button does not return to the website.\n"},"nonDeceptorViolations":{"ACR-022":"Ad requires explicit closing in order for consumer to continue to the page.\n"},"samples":[{"isRevoked":"False","fileName":"YoyoQuiz_v153.5499.1065.31.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"689157b1ad96835200b328da7f5300b5","hashSHA1":"cb4e09824a39ed0cd1de23315374aae3d7c5558b","hashSHA256":"f13782640b42d72a52f1da44b1513debfa6a906ebb2f35ebdab31819170f7455","storeId":"gkemhapalomnipjhminflfhjcjehjhmp","sourceIndex":"3512","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Apps similar to Packtrakplus","landingPage":"http://www.yoyoquiz.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/yoyoquiz/gkemhapalomnipjhminflfhjcjehjhmp/related?utm_source=inline-install-disabled","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/yoyoquiz/gkemhapalomnipjhminflfhjcjehjhmp/related?utm_source=inline-install-disabled","sourceIndex":"3512"}],"sampleFiles":["181018/YoYoQuiz-181010/153.5499.1065.31/Samples/YoyoQuiz_v153.5499.1065.31.crx"],"imageFiles":["181018/YoYoQuiz-181010/153.5499.1065.31/Images/ACR-030/ACR-030_injectedinterstitials.mp4"],"nonDeceptorImageFiles":["181018/YoYoQuiz-181010/153.5499.1065.31/Images/ACR-022/ACR-022_injectedinterstitials.mp4"],"guid":"f1b6b092-251d-4771-a7c1-6ad3ad816dd8_153.5499.1065.31_1","appID":"YoYoQuiz-181010","dateAdded":"181018","deceptorType":"Chrome Extension","name":"YoYoQuiz","company":"YoYoQuiz","version":"153.5499.1065.31","sigName":"Deceptor:CRX/YoYoQuiz!030","firstVendorContactDate":"181107","firstAppEsteemReplyDate":"181107","firstResolvedDate":"181115","firstResolvedVersion":"153.7650.1081.33","resolved":"TRUE","lastKnownStatus":"Deceptor:153.5499.1065.31","lastKnownDate":"181018","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"inject ads","lastUpdate":"2018-11-16T02:45:43.2625248+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2400},{"violations":{"ACR-016":"Clicking the \"REMOVE IT NOW\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword:free pc fix) Site is an affiliate for Plumbytes Anti-Malware","landingPage":"https://threatrescue.com/","ipv4":"","ipv6":"","landingPageWildChar":"https://threatrescue.com/*","sourceIndex":"3341"}],"sampleFiles":[],"imageFiles":["181015/ThreatRescue-181002/181002/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"5aace6b8-e66f-4db2-b5e7-6cb399339b44_181002_1","appID":"ThreatRescue-181002","dateAdded":"181015","deceptorType":"Affiliate","name":"threatrescue.com","company":"ThreatRescue.com","version":"181002","sigName":"Deceptor:Affiliate/ThreatRescue!016","lastKnownStatus":"Deceptor:181015","lastKnownDate":"181015","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:40:34.5942902+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2403},{"violations":{"ACR-048":" Bundler remaps \"application close\" to \"minimize\".\n","ACR-059":" The Offer is not clearly marked as an offer or optional.\n","ACR-039":"No attribution for the download manager is provided.\n"},"nonDeceptorViolations":{"ACR-044":" Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-092":"The application does not have a digital signature. unsigned.\n","ACR-035":"No EULA or Privacy policy is provided for this Download Manager.\n","ACR-036":"No EULA or Privacy policy is provided for this Download Manager.\n","ACR-037":"No privacy policy is provided for this Download Manager.\n","ACR-152":" The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"logintimer_VGwFt1_3438676415.exe","isInstaller":"True","companyName":"Fef                                                         ","fileVersion":"0.0","hashMD5":"be210ddf0275b512419d49b1c6b2e935","hashSHA1":"2ca68cbfd86bd6455b6d738d8ef4eb8a1ef07262","hashSHA256":"1f011a083c37111b78a8c9c76af6f98f9f916e27db9fb4f0ce4a911e20bbffe4","sourceIndex":"3450","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"logintimer_VK1O8A_1010113883.exe","isInstaller":"True","companyName":"Sesufabo                                                    ","productName":"Kototug","productVersion":"3.3","fileVersion":"","hashMD5":"17e1e98219e094cc23e11225424567fc","hashSHA1":"21337041d9bdf4ccb362b1e728d8dfd538246366","hashSHA256":"8f48c4e835338d4e7989c9506b7bfeafa8340c0bd71945219c20c18fad35dcb8","sourceIndex":"3450","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["VirIT eXplorer PRO (20190228)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"https://logintimer.weebly.com/","landingPage":"https://logintimer.updatestar.com/","directDownloadingLink":"http://www.liyatoyyotev.com/gp1h8t6/logintimer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.liyatoyyotev.com/gp1h8t6/logintimer.exe","sourceIndex":"3450"}],"sampleFiles":["181012/LoginTimerBundler-181010/2.4.9/Samples/logintimer_VGwFt1_3438676415.exe","181012/LoginTimerBundler-181010/2.4.9/Samples/logintimer_VK1O8A_1010113883.exe"],"imageFiles":["181012/LoginTimerBundler-181010/2.4.9/Images/ACR-039/ACR_039_INSTALL.PNG","181012/LoginTimerBundler-181010/2.4.9/Images/ACR-048/ACR_048_INSTALL.mp4","181012/LoginTimerBundler-181010/2.4.9/Images/ACR-059/ACR_059_Bundler-made offers.PNG"],"nonDeceptorImageFiles":["181012/LoginTimerBundler-181010/2.4.9/Images/ACR-044/ACR_044_INSTALL.PNG","181012/LoginTimerBundler-181010/2.4.9/Images/ACR-092/ACR_092_SOFTWARE.PNG","181012/LoginTimerBundler-181010/2.4.9/Images/ACR-152/ACR_152_Bundler-made offers.mp4"],"guid":"dbcb5b1c-f287-4470-9b58-7e7cd0095564_2.4.9_1","appID":"LoginTimerBundler-181010","dateAdded":"181012","deceptorType":"Bundler","name":"Login Timer Bundler","company":"Satheesh.S","version":"2.4.9","sigName":"Deceptor:Win32/LoginTimerBundler!039048050059","lastKnownStatus":"Deceptor:2.4.9","lastKnownDate":"181012","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:16:07.3227756+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":1,"sortOrder":844},{"violations":{"ACR-014":"Site makes unsubstantiated claim that downloaded app will remove the malware.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (Keyword:free pc fix). Site is an affiliate for SpyHunter","landingPage":"https://easyquickremoval.com/","ipv4":"","ipv6":"","landingPageWildChar":"https://easyquickremoval.com/*","sourceIndex":"3340"}],"sampleFiles":[],"imageFiles":["181012/EasyQuickRemoval-181002/181002/Images/ACR-014/ACR_014_ADS_INSIDE_APP.PNG"],"nonDeceptorImageFiles":[],"guid":"8308d107-0ba5-4508-9fc3-03d7c0d26464_181002_1","appID":"EasyQuickRemoval-181002","dateAdded":"181012","deceptorType":"Affiliate","name":"easyquickremoval.com","company":"easyquickremoval.com","version":"181002","sigName":"Deceptor:Affiliate/EasyQuickRemoval!014","lastKnownStatus":"Deceptor:181012,190121","lastKnownDate":"190121","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:42:25.421625+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2404},{"violations":{"ACR-005":"App mimics the system toolbar and displays an unattributed search dialog at the top of its newtab page.\nScreenshot in Chrome webstore has an overlay dialog that misleads consumers to think the webstore is recommending a call to action.\n","ACR-057":"Declining this offer is difficult, with gray \"Take me to my Home Page\" link difficult to see against a white/gray checkered background. \n","ACR-059":"No disclosed recommender.\n","ACR-030":"Missing close button, and doesn't dismiss when clicking outside of interstitial.\n"},"nonDeceptorViolations":{"ACR-001":"Screenshot in Chrome Web Store has \"Add to Chrome\" reference, which breaks Google's policy.\nApp's landing page served up multiple versions of its app, all live in the Chrome web store.\n","ACR-036":"Search relationship with Yahoo! is not disclosed in EULA or Privacy Policy\n","ACR-054":"Unequal prominence between accept and decline buttons in the post-install offer.\n","ACR-067":"the means to opt-out is shown in gray on a white/gray checked background.\n","ACR-027":"Interstitial does not declare it's an ad or offer.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Report","reference":"submit by st","landingPage":"http://www.mapsnow.co/","directDownloadingLink":"https://chrome.google.com/webstore/detail/maps-now/pneinifpbnceaeokglnpppbdkjgccpcb","ipv4":"","ipv6":"","sourceIndex":"3338"},{"howFound":"Hunt.Report","reference":"submit by st","landingPage":"http://www.mapsnow.co/","directDownloadingLink":"https://chrome.google.com/webstore/detail/maps-now/cciojklkaclilfeogabkanheegfcfeng","ipv4":"","ipv6":"","sourceIndex":"3339"}],"sampleFiles":[],"imageFiles":["181011/MapsNow-181011/2.8.6.18/Images/ACR-005/Screen Shot 2018-10-11 at 11.52.22 AM.png","181011/MapsNow-181011/2.8.6.18/Images/ACR-005/Screen Shot 2018-10-11 at 11.49.37 AM.png","181011/MapsNow-181011/2.8.6.18/Images/ACR-057/Screen Shot 2018-10-11 at 12.18.47 PM.png","181011/MapsNow-181011/2.8.6.18/Images/ACR-059/Screen Shot 2018-10-11 at 12.18.47 PM.png","181011/MapsNow-181011/2.8.6.18/Images/ACR-030/Screen Shot 2018-10-11 at 12.18.47 PM.png"],"nonDeceptorImageFiles":["181011/MapsNow-181011/2.8.6.18/Images/ACR-001/Screen Shot 2018-10-11 at 11.49.37 AM.png","181011/MapsNow-181011/2.8.6.18/Images/ACR-054/Screen Shot 2018-10-11 at 12.18.47 PM.png","181011/MapsNow-181011/2.8.6.18/Images/ACR-155/Screen Shot 2018-10-11 at 12.18.47 PM.png","181011/MapsNow-181011/2.8.6.18/Images/ACR-027/Screen Shot 2018-10-11 at 12.18.47 PM.png","181011/MapsNow-181011/2.8.6.18/Images/ACR-067/Screen Shot 2018-10-11 at 12.18.47 PM.png"],"guid":"d257a5f3-a733-4832-808a-d1fef34ee458_2.8.6.18_1","appID":"MapsNow-181011","dateAdded":"181011","deceptorType":"Chrome Extension","name":"MapsNow","company":"Webalytics Media","version":"2.8.6.18","sigName":"Deceptor:CRX/MapsNow!005030057059155","lastKnownStatus":"Deceptor:181011,190121","lastKnownDate":"190121","type":"Chrome Extension","category":"Personalization & Search","targetOS":"None","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2019-01-22T00:43:15.5839553+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2405},{"violations":{"CCR-022":"Call made on 181011 at 2:49PM Eastern Time (US)\n\nViolation 1:  Agent opens command prompt (CMD) and run a 'DIR' command.  While the 'DIR' command is listing directories, the agent pastes 'memory leak slowing down pc & handle'.  At 6:16 into the session,  the agent then says, \" Yeah, it says over here that you do have a memory leak slowing down the PC and you have a handle leak as well.  This handle leak is a software bug.  Do you know what this is?\"  I reply, \"I do not.  No.\"  Agent says, \"Alright, a memory leak is basically a failed, I mean ah, yeah, a failure in a program to release discarded memory.  So if your having this issue probably means, umm, there is an issue with the memory not being discarded and so it can't read it on the ram. That is going to slow down your system.  Apart from that you have the handle leak.  A handle leak is a software bug.  Don't know how exactly you got that because you basically don't have a lot of things on your system.\"  (Screenshot A)\n","CCR-031":"Call made on 181011 at 2:49PM Eastern Time (US)\n\nViolation 1:  Screenshot B.  [Maximum allowed service duration is one year, agent offered a one time fix, 6 month service plan, 1 year service plan and a lifetime service plan]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.callcenter","reference":"Examining Iobit Advanced System Care 11","landingPage":"http://invictus.support/#pricing","ipv4":"","ipv6":"","landingPageWildChar":"http://invictus.support/*","sourceIndex":"3550"}],"sampleFiles":[],"imageFiles":["181011/InvictusPremiumTechSupport-181011/181011/Images/CCR-022/A.JPG","181011/InvictusPremiumTechSupport-181011/181011/Images/CCR-031/B.JPG"],"nonDeceptorImageFiles":[],"guid":"1cdd138a-df39-4aa7-8a48-590de02ada0a_181011_1","appID":"InvictusPremiumTechSupport-181011","dateAdded":"181011","deceptorType":"Call Center","name":"invictus.support","company":"Invictus Premium Tech Support","version":"181011","sigName":"Deceptor:CallCenter/InvictusPremiumTechSupport!022031","lastKnownStatus":"Deceptor:101011","lastKnownDate":"181011","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,MacOS","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","lastUpdate":"2018-10-11T22:57:05.2092497+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2406},{"violations":{"ACR-016":"Clicking the \"Download Free Scanner\" button auto-downloads without making an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: speedup pc fix)","landingPage":"https://www.comolimparspywarespt.com/","ipv4":"","ipv6":"","landingPageWildChar":"https://www.comolimparspywarespt.com/*","sourceIndex":"3337"}],"sampleFiles":[],"imageFiles":["181011/HowToCleanSpyware-180927/180927/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"cda77c58-172c-470f-a276-07db33c804a7_180927_1","appID":"HowToCleanSpyware-180927","dateAdded":"181011","deceptorType":"Affiliate","name":"comolimparspywarespt.com","company":"comolimparspywarespt.com","version":"180927","sigName":"Deceptor:Affiliate/ComoLimparSpywaresPT!016","lastKnownStatus":"Deceptor:181011,190121","lastKnownDate":"190121","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:43:59.2012681+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2407},{"violations":{"ACR-016":"Clicking the \"Download this tool\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google searched \"remove adware from pc\"","landingPage":"https://www.pcmobitech.com/remove-adware-from-windows-7-8-8-1-10/","ipv4":"","ipv6":"","sourceIndex":"3330"}],"sampleFiles":[],"imageFiles":["181010/PCmobiTech-180924/180924/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":[],"guid":"1517ba5e-8b21-478c-aece-094865c669b0_180924_1","appID":"PCmobiTech-180924","dateAdded":"181010","deceptorType":"Affiliate","name":"pcmobitech.com","company":"www.pcmobitech.com","version":"180924","sigName":"Deceptor:Affiliate/PCMobiTech!016","lastKnownStatus":"Deceptor:181010,190121","lastKnownDate":"190121","type":"Affiliate Network","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:49:44.8136513+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2415},{"violations":{"ACR-016":"Clicking the \"download\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.remove-adware.net/","ipv4":"","ipv6":"","landingPageWildChar":"https://www.remove-adware.net/*","sourceIndex":"3331"}],"sampleFiles":[],"imageFiles":["181010/RemovalTips-180926/180926/Images/ACR-016/ACR-016_adsinsideapp.mp4","181010/RemovalTips-180926/180926/Images/ACR-016/2018-10-10_13-20-57.gif"],"nonDeceptorImageFiles":[],"guid":"017bb329-cc49-41bb-969c-1baa574bc0cc_180926_1","appID":"RemovalTips-180926","dateAdded":"181010","deceptorType":"Affiliate","name":"remove-adware.net","company":"Removal Tips","version":"180926","sigName":"Deceptor:Affiliate/RemovalTips!016","firstResolvedDate":"190121","firstResolvedVersion":"190121","resolved":"TRUE","lastKnownStatus":"Deceptor:181010","lastKnownDate":"181010","type":"Affiliate Network","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:48:59.7051234+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2414},{"violations":{"ACR-014":"Site makes unsubstantiated claim that downloaded app will remove them malware\n","ACR-016":"Clicking the \"free download(gratuito descargar)\" button auto-downloads without making an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword:speedup pc fix) ","landingPage":"https://www.comodesinstalarelmalware.org/","ipv4":"","ipv6":"","landingPageWildChar":"https://www.comodesinstalarelmalware.org/*","sourceIndex":"3332"}],"sampleFiles":[],"imageFiles":["181010/RemoveMalware-180927/180927/Images/ACR-014/Screen Shot 2018-10-10 at 4.37.08 PM.png","181010/RemoveMalware-180927/180927/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"e04e468e-5a97-468c-9960-ad086a40694b_180927_1","appID":"RemoveMalware-180927","dateAdded":"181010","deceptorType":"Affiliate","name":"comodesinstalarelmalware.org","company":"comodesinstalarelmalware.org","version":"180927","sigName":"Deceptor:Affiliate/ComodesInstalarelMalware!014016","lastKnownStatus":"Deceptor:181010,190121","lastKnownDate":"190121","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:47:51.2445617+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2413},{"violations":{"ACR-014":"Site claims in the malware description, without substantiation, that the recommended app will remove the malware/adware.\n","ACR-016":"Clicking the \"Click to Free Scan for Boost PC Pro 2018 on PC\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: registry cleaner free)","landingPage":"https://www.removemalwarevirus.com","directDownloadingLink":"","ipv4":"","ipv6":"","landingPageWildChar":"https://www.removemalwarevirus.com/*","sourceIndex":"3516"}],"sampleFiles":[],"imageFiles":["181010/RemoveMalwareVirus-180919/180919/Images/ACR-014/ACR-014 unsubstantiated claim.png","181010/RemoveMalwareVirus-180919/180919/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"6d8a8760-9f01-4dfa-a18a-d7042b20cd77_180919_1","appID":"RemoveMalwareVirus-180919","dateAdded":"181010","deceptorType":"Affiliate","name":"removemalwarevirus.com","company":"RemoveMalwareVirus.com","version":"180919","sigName":"Deceptor:Affiliate/RemoveMalwareVirus!016","firstVendorContactDate":"181108","firstAppEsteemReplyDate":"181108","lastKnownStatus":"Deceptor:180923,181010","lastKnownDate":"181010","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-11-08T16:15:12.7937286+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2412},{"violations":{"ACR-014":" Site claims that adware/spyware will be removed by promoted app, but provides no substantiation for the claim.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"googed searched how to remove Regclean Pro","reference":"","landingPage":"https://www.2-viruses.com/remove-regclean","ipv4":"","ipv6":"","sourceIndex":"3544"}],"sampleFiles":[],"imageFiles":["181010/2Viruses-180917/180917/Images/ACR-014/acr_014.PNG","181010/2Viruses-180917/180917/Images/ACR-014/Screen Shot 2018-10-10 at 12.48.31 PM.png"],"nonDeceptorImageFiles":[],"guid":"02447f25-3f4b-4769-91e8-3855a68996f6_180917_1","appID":"2Viruses-180917","dateAdded":"181010","deceptorType":"Affiliate","name":"2-viruses.com","company":"www.2-viruses.com","version":"180917","sigName":"Deceptor:Affiliate/2-Viruses!014","firstVendorContactDate":"181018","firstAppEsteemReplyDate":"181018","firstResolvedDate":"181019","firstResolvedVersion":"181019","resolved":"TRUE","lastKnownStatus":"Deceptor:180923,181010","lastKnownDate":"181010","type":"Affiliate","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-10-20T01:49:46.2060939+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2419},{"violations":{"ACR-014":"Site makes an unsubstantiated claim that app will detect the malware\n","ACR-016":"Clicking the \"Download PC Threats Scanner\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: super pc cleaner)","landingPage":"https://www.removepcvirusthreats.com/","ipv4":"","ipv6":"","landingPageWildChar":"https://www.removepcvirusthreats.com/*","sourceIndex":"3333"}],"sampleFiles":[],"imageFiles":["181010/RemovePCVirus-180927/180927/Images/ACR-014/Screen Shot 2018-10-10 at 4.31.29 PM.png","181010/RemovePCVirus-180927/180927/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4","181010/RemovePCVirus-180927/180927/Images/ACR-016/2018-10-10_16-28-31.gif"],"nonDeceptorImageFiles":[],"guid":"98b5c2d3-ede2-45c0-b3c7-3392a7ca5a44_180927_1","appID":"RemovePCVirus-180927","dateAdded":"181010","deceptorType":"Affiliate","name":"removepcvirusthreats.com","company":"Removepcvirusthreats.com","version":"180927","sigName":"Deceptor:Affiliate/RemovePCVirusThreats!014016","lastKnownStatus":"Deceptor:181010,190121","lastKnownDate":"190121","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:47:07.9625637+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2411},{"violations":{"ACR-014":"Site claims advertised apps will remove specific adware, but provide no substantiation.\n","ACR-016":"Clicking the \"Download Removal Tool\" button or the \"Download Combo Cleaner\" automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google searched \"is scanguard safe?\"","reference":"","landingPage":"http://cureyoursystem.com","ipv4":"","ipv6":"","landingPageWildChar":"http://cureyoursystem.com/*","sourceIndex":"3328"}],"sampleFiles":[],"imageFiles":["181010/Cureyoursystem-180919/180919/Images/ACR-014/ACR-014_adsinsideapp.JPG","181010/Cureyoursystem-180919/180919/Images/ACR-014/Screen Shot 2018-10-10 at 5.01.09 PM.png","181010/Cureyoursystem-180919/180919/Images/ACR-016/ACR-016_adsinsideapp.mp4","181010/Cureyoursystem-180919/180919/Images/ACR-016/2018-10-10_17-02-25.gif"],"nonDeceptorImageFiles":[],"guid":"0dbf129b-d316-4d08-82c6-0fd41dc62074_180919_1","appID":"Cureyoursystem-180919","dateAdded":"181010","deceptorType":"Affiliate","name":"cureyoursystem.com","company":"http://cureyoursystem.com","version":"180919","sigName":"Deceptor:Affiliate/CureYourSystem!014016","lastKnownStatus":"Deceptor:181010,190121","lastKnownDate":"190121","type":"Affiliate Network","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:52:34.9139002+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2417},{"violations":{"ACR-014":"Site make unsubstantiated claim on its call to action button that the downloaded app will remove\n","ACR-016":"Clicking the \"Download Win Speedup 2018 virus remover\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword:speed up pc 2018)","landingPage":"https://soft2secure.com/knowledgebase/win-speedup-2018","ipv4":"","ipv6":"","sourceIndex":"3334"}],"sampleFiles":[],"imageFiles":["181010/Soft2Secure-180925/180925/Images/ACR-014/Screen Shot 2018-10-10 at 4.11.53 PM.png","181010/Soft2Secure-180925/180925/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"198145a8-2dca-4e63-8d3d-f8dc2a6579cd_180925_1","appID":"Soft2Secure-180925","dateAdded":"181010","deceptorType":"Affiliate","name":"soft2secure.com","company":"Soft2Secure.com","version":"180925","sigName":"Deceptor:Affiliate/Soft2Secure!014016","lastKnownStatus":"Deceptor:181010,190121","lastKnownDate":"190121","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:46:26.7935789+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2410},{"violations":{"ACR-014":"Site makes unsubstantiated claims that app can move specific PUP\n","ACR-016":"Clicking the \"DOWNLOAD SPYHUNTER\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: registry cleaner free)","landingPage":"http://www.spywaretechs.com","ipv4":"","ipv6":"","landingPageWildChar":"http://www.spywaretechs.com/*","sourceIndex":"3335"}],"sampleFiles":[],"imageFiles":["181010/Spywaretechs-180919/180919/Images/ACR-014/014 unsubstantiated claims.png","181010/Spywaretechs-180919/180919/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"da5bd4a6-67f0-4a02-a163-836ef0390791_180919_1","appID":"Spywaretechs-180919","dateAdded":"181010","deceptorType":"Affiliate","name":"spywaretechs.com","company":"SpywareTechs.com","version":"180919","sigName":"Deceptor:Affiliate/SpywareTechs!014016","lastKnownStatus":"Deceptor:180923,181010,190121","lastKnownDate":"190121","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:45:47.170612+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2409},{"violations":{"ACR-014":"Site makes unsubstantiated claims that app can remove specific PUP.\n","ACR-016":"Clicking the \"Anti-Malware download for windows\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"is driver support safe?\"","landingPage":"https://trojan-killer.net","ipv4":"","ipv6":"","landingPageWildChar":"https://trojan-killer.net/*","sourceIndex":"3336"}],"sampleFiles":[],"imageFiles":["181010/TrojanKiller-180917/180917/Images/ACR-014/ACR-014_adsinsideapp (1).JPG","181010/TrojanKiller-180917/180917/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":[],"guid":"e0c80013-c959-4668-8fb5-53ca2ed489f8_180917_1","appID":"TrojanKiller-180917","dateAdded":"181010","deceptorType":"Affiliate","name":"trojan-killer.net","company":"Trojan Killer","version":"180917","sigName":"Deceptor:Affiliate/TrojanKiller!014016","lastKnownStatus":"Deceptor:180924,181010,190121","lastKnownDate":"190121","type":"Affiliate Network","category":"SysTools & Utilities","targetOS":"","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:45:10.2945997+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2408},{"violations":{"ACR-014":"Site makes unsubstantiated claims that app can remove a specific PUP.\n","ACR-016":"Clicking the \"Download Driver Restore Removal Tool\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"http://www.averina.com/instructions-to-remove-driver-restore-ads","landingPage":"http://www.averina.com","ipv4":"","ipv6":"","landingPageWildChar":"http://www.averina.com/*","sourceIndex":"3327"}],"sampleFiles":[],"imageFiles":["181010/AverinaLab-180927/180927/Images/ACR-014/ACR-014_adsinsideapp.JPG","181010/AverinaLab-180927/180927/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":[],"guid":"824efff8-f02a-4ab3-8f13-8a6bfd23c222_180927_1","appID":"AverinaLab-180927","dateAdded":"181010","deceptorType":"Affiliate","name":"averina.com","company":"Averina Lab","version":"180927","sigName":"Deceptor:Affiliate/Averina!014016","lastKnownStatus":"Deceptor:181006,181010,190121","lastKnownDate":"190121","type":"Affiliate Network","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:53:52.348302+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2418},{"violations":{"ACR-014":"Site makes unsubstantiated claims that downloaded app will remove or uninstall the malware\n","ACR-016":"Clicking the \"DOWNLOAD HERE\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: speed up pc 2018)","landingPage":"https://www.howtouninstallmalware.org/","ipv4":"","ipv6":"","landingPageWildChar":"https://www.howtouninstallmalware.org/*","sourceIndex":"3329"}],"sampleFiles":[],"imageFiles":["181010/howtouninstallmalware-180925/180925/Images/ACR-014/Screen Shot 2018-10-10 at 4.16.57 PM.png","181010/howtouninstallmalware-180925/180925/Images/ACR-014/Screen Shot 2018-10-10 at 4.17.58 PM.png","181010/howtouninstallmalware-180925/180925/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"a38edeb6-db78-495a-8a4b-033d2d38acbd_180925_1","appID":"howtouninstallmalware-180925","dateAdded":"181010","deceptorType":"Affiliate","name":"howtouninstallmalware.org","company":"howtouninstallmalware.com","version":"180925","sigName":"Deceptor:Affiiliate/HowToUninstallMalware!014016","lastKnownStatus":"Deceptor:181010,190121","lastKnownDate":"190121","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:51:53.7855294+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2416},{"violations":{"ACR-005":"Screenshot in Chrome webstore has an overlay dialog that misleads consumers to think the webstore is recommending a call to action.\n","ACR-007":"The image displayed in the chrome webstore are misleading the consumer about the extension's functionality.\n","ACR-030":"clicking outside the injected interstitial does not dismiss it; clicking the back button does not return to the website.\n"},"nonDeceptorViolations":{"ACR-001":"Violates Google's policy of not allowing \"install instruction\" messages in the screenshots.\n","ACR-011":"ad for the extension is not clearly labeled as an ad.\n","ACR-022":"ad requires explicit closing in order for consumer to continue to the page.\n","ACR-014":"Ad for the extension is misleading the consumer to believe that the extension will provide map and gps information.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Report","reference":"customer report","landingPage":"https://chrome.google.com/webstore/detail/mapsfox/kdpemibdkmkokkbmihpehffdgcpeckfj?utm_source=inline-install-disabled","ipv4":"","ipv6":"","sourceIndex":"3326"}],"sampleFiles":[],"imageFiles":["181009/MapFox-180911/197.5627.1013.31/Images/ACR-005/ACR-014_adsinsideapp (3) (1).JPG","181009/MapFox-180911/197.5627.1013.31/Images/ACR-007/ACR-007_inlineoffer.JPG","181009/MapFox-180911/197.5627.1013.31/Images/ACR-030/ACR-030_injectedinterstitial.mp4"],"nonDeceptorImageFiles":["181009/MapFox-180911/197.5627.1013.31/Images/ACR-014/ACR-014_adsinsideapp.JPG","181009/MapFox-180911/197.5627.1013.31/Images/ACR-001/ACR-014_adsinsideapp (3).JPG","181009/MapFox-180911/197.5627.1013.31/Images/ACR-011/ACR-011_adsaboutapp.JPG","181009/MapFox-180911/197.5627.1013.31/Images/ACR-022/ACR-022_injectedinterstitial.mp4"],"guid":"82dbc610-777b-4a18-8d82-e830b6593991_197.5627.1013.31_1","appID":"MapFox-180911","dateAdded":"181009","deceptorType":"Chrome Extension","name":"MapsFox","company":"MapsFox.com","version":"197.5627.1013.31","sigName":"Deceptor:CRX/MapsFox!007030","lastKnownStatus":"Deceptor:197.5627.1013.31","lastKnownDate":"190121","type":"Chrome Extension","category":"Personalization & Search","targetOS":"None","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2019-01-22T00:54:35.3204528+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2420},{"violations":{"ACR-014":"","ACR-016":"Clicking the \"Download Removal Tool\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"google searched how to remove wintonic. Affiliate for SpyHunter, WiperSoft, AdGuard","landingPage":"http://www.free-uninstall.org","ipv4":"","ipv6":"","landingPageWildChar":"http://www.free-uninstall.org/*","sourceIndex":"3537"}],"sampleFiles":[],"imageFiles":["181008/freeuninstall-180907/180907/Images/ACR-014/acr_014.PNG","181008/freeuninstall-180907/180907/Images/ACR-016/W10-2018-09-10T17-37-07-812703100Z.mp4"],"nonDeceptorImageFiles":[],"guid":"bf936be9-8e94-45c2-b2d3-243dc62a00d6_180907_1","appID":"freeuninstall-180907","dateAdded":"181008","deceptorType":"Affiliate","name":"free-uninstall.org","company":"free-uninstall.org","version":"180907","sigName":"Deceptor:Affiliate/FreeUninstall!016","firstVendorContactDate":"181010","firstAppEsteemReplyDate":"181010","firstResolvedDate":"181030","firstResolvedVersion":"181030","resolved":"TRUE","lastKnownStatus":"Deceptor:180915,181008","lastKnownDate":"181008","type":"Affiliate","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-10-30T22:12:00.3214578+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2428},{"violations":{"ACR-014":"The affiliate claims that the recommended app will \"quick remove\" and \"remove xxx\" from the user's computer, but the claim cannot be substantiated.\n","ACR-016":"Clicking the \"DOWNLOAD PLUMBYTES ANTI-MALWARE\" button auto-downloads without making an offer to the consumer. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com(malware reviews)","landingPage":"https://malwareless.com","ipv4":"","ipv6":"","landingPageWildChar":"https://malwareless.com/*","sourceIndex":"3554"}],"sampleFiles":[],"imageFiles":["181008/MalwareLess-180910/180910/Images/ACR-014/ACR_014_ADS_INSIDE_APP.PNG","181008/MalwareLess-180910/180910/Images/ACR-014/ACR_014_ADS_INSIDE_APP_2.mp4","181008/MalwareLess-180910/180910/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"4ab94f36-0dd1-4a0e-95ea-2cdd4775aeb4_180910_1","appID":"MalwareLess-180910","dateAdded":"181008","deceptorType":"Affiliate","name":"malwareless.com","company":"malwareless.com","version":"180910","sigName":"Deceptor:Affiliate/MalwareLess!014016","lastKnownStatus":"Deceptor:180915,181008","lastKnownDate":"181008","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-10-08T21:48:11.2916867+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2426},{"violations":{"ACR-014":"Site claims that adware/spyware will be removed by promoted app, but provides no substantiation for the claim.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search is systemkeeper safe?","landingPage":"http://www.pcviruscare.com","ipv4":"","ipv6":"","landingPageWildChar":"http://www.pcviruscare.com/*","sourceIndex":"3548"}],"sampleFiles":[],"imageFiles":["181008/PCVirusCare-180917/180917/Images/ACR-014/ACR-014_adsinsideapp.JPG"],"nonDeceptorImageFiles":[],"guid":"16caa39d-cfca-4d51-bac7-46b1c4e14c0c_180917_1","appID":"PCVirusCare-180917","dateAdded":"181008","deceptorType":"Affiliate","name":"pcviruscare.com","company":"PCVirusCare.com","version":"180917","sigName":"Deceptor:Affiliate/PCVirusCare!014","firstVendorContactDate":"181011","firstAppEsteemReplyDate":"181011","firstResolvedDate":"181010","firstResolvedVersion":"181011","resolved":"TRUE","lastKnownStatus":"Deceptor:180919,181008","lastKnownDate":"181008","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-10-12T01:12:39.6103061+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2425},{"violations":{"CCR-017":"Call made on 181001 at 2:28PM Eastern Time (US)\n\nViolation 1:  At 11:50 into the session, agent opens msino32 in the run box, goes to the System Drivers portion, and starts highlighting all the 'stopped' drivers in the list.   (Screenshot A)  The agent says, \"So you can see the system drivers?\"  I reply, \"Yeah.\"  Agent states, \"These are all the drivers for your networks and for your computer.  You can see this is the brain part of your computer right?  And I can see Robert that most of the driver have been stopped which is not a good sign at all.  Have a look on your screen.  And if I scroll down you will see more drivers which has been stopped.  And I am very surprised to see because these drivers are very important and these drivers give commands to your computer, to your network, and to your printer.  Only then these devices can work.   Otherwise, these device cannot work.  And right now it says more than half of the drivers have been stopped.\" [Misleading:  Using the msinfo32 command in your run box shows you basic information about your computer.  It is completely normal to have 'stopped' drivers]\nViolation 2:  At 13:38 into the session, agent says, \"But you can see the first file, csrss, that file is not running under the name of Alex. (Screenshot B)  Can you tell me what that file is?\"  I respond, \"I do not know.\"  Agent says, \"You do not know.  Okay.  Don't worry, I will go ahead and I will check it out quickly to see what that file is.   Alright?\"  I say, \"Okay\".  (Screenshot C and D)   Agent says, \"So have a look on your screen Robert.  This is csrss which is running inside your computer.  I would appreciate you reading these highlighted lines.\"  I state, \"Okay, I have read it.\"  Agent says,  \"Yeah.  So this trojan is running inside your computer.  And you know this trojan is coming from the internet.  Right?  Because there are so many bad people coming all over the internet correct?\"  I respond,  \"Yes.\" [Misleading:  Csrss.exe is a valid Windows file]\nViolation 3:   At 16:10 into the session, agent says, \"I can see there are so many active connections of foreign address.  You do not know who are they but these are some foreign people who might have access of your computers and your cellphones.  Means whatever you do, you information might be visible.    (Screenshot E)  [Misleading:  Agent runs 'Netstat' in command prompt to give false information about hackers being connected to my computer under foreign addresses.  Netstat displays network connections for the Transmission Control Protocol]\n","CCR-022":"Call made on 181001 at 2:28PM Eastern Time (US)\n\nViolation 1:  At 11:50 into the session, agent opens msino32 in the run box, goes to the System Drivers portion, and starts highlighting all the 'stopped' drivers in the list.   (Screenshot A)  The agent says, \"So you can see the system drivers?\"  I reply, \"Yeah.\"  Agent states, \"These are all the drivers for your networks and for your computer.  You can see this is the brain part of your computer right?  And I can see Robert that most of the driver have been stopped which is not a good sign at all.  Have a look on your screen.  And if I scroll down you will see more drivers which has been stopped.  And I am very surprised to see because these drivers are very important and these drivers give commands to your computer, to your network, and to your printer.  Only then these devices can work.   Otherwise, these device cannot work.  And right now it says more than half of the drivers have been stopped.\" [Misleading and self-diagnosis:  Using the msinfo32 command in your run box shows you basic information about your computer.  It is completely normal to have 'stopped' drivers] \nViolation 2:  At 13:38 into the session, agent says, \"But you can see the first file, csrss, that file is not running under the name of Alex. (Screenshot B)  Can you tell me what that file is?\"  I respond, \"I do not know.\"  Agent says, \"You do not know.  Okay.  Don't worry, I will go ahead and I will check it out quickly to see what that file is.   Alright?\"  I say, \"Okay\".  (Screenshot C and D)   Agent says, \"So have a look on your screen Robert.  This is csrss which is running inside your computer.  I would appreciate you reading these highlighted lines.\"  I state, \"Okay, I have read it.\"  Agent says,  \"Yeah.  So this trojan is running inside your computer.  And you know this trojan is coming from the internet.  Right?  Because there are so many bad people coming all over the internet correct?\"  I respond,  \"Yes.\" [Misleading and Self-diagnosis:  Csrss.exe is a valid Windows file]\nViolation 3:   At 16:10 into the session, agent says, \"I can see there are so many active connections of foreign address.  You do not know who are they but these are some foreign people who might have access of your computers and your cellphones.  Means whatever you do, you information might be visible.    (Screenshot E)  [Misleading and self-diagnosis:  Agent runs 'Netstat' in command prompt to give false information about hackers being connected to my computer under foreign addresses.  Netstat displays network connections for the Transmission Control Protocol]\n","CCR-031":"Call made on 181001 at 2:28PM Eastern Time (US)\n\nViolation 1:  At 21:00 into the session, Agent says, \"So right now you need to quickly renew your securities on your machine so that all these foreign addresses will be blocked.  Right now, right away.\"  At 21:30 I ask, \"I am kind of on a limited budget, how much is this going to cost?   i assume it isn't free.\"  Agent responds,  \"Of course Robert, that is not free.  the securities come in two ways.  Either you can take the security for one year or you can take the security for five years.  That is totally up to you on how long you'd like to do that.\"  I ask, \"What is the price for each year?\"  Agent says, \"I will surely check it out.  If you go for the one year, the one year will cost you this much.  Okay?  But if you extend it to five year it would be just this much\"  (Screenshot F) [Maximum allowed service duration is one year, agent offered a 1 year service plan and a five year plan]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.callcenter","reference":"Examining DriverWhiz","landingPage":"http://premiumtechiesupport.com/support-plans.php","directDownloadingLink":"https://pts-us.nexway.com/cart.html","ipv4":"","ipv6":"","landingPageWildChar":"http://premiumtechiesupport.com/*","sourceIndex":"3553"}],"sampleFiles":[],"imageFiles":["181008/PremiumTechieSupport-181002/181001/Images/CCR-017/A.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-017/B.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-017/C.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-017/D.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-017/E.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-022/A.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-022/B.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-022/C.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-022/D.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-022/E.JPG","181008/PremiumTechieSupport-181002/181001/Images/CCR-031/F.JPG"],"nonDeceptorImageFiles":[],"guid":"987f6f8e-85a6-4790-9392-760c92ebe889_181001_1","appID":"PremiumTechieSupport-181002","dateAdded":"181008","deceptorType":"Call Center","name":"premiumtechiesupport.com","company":"Premium Techie Support","version":"181001","sigName":"Deceptor:CallCenter/PremiumTechieSupport!017022031","firstVendorContactDate":"181008","firstAppEsteemReplyDate":"181008","firstResolvedDate":"181108","firstResolvedVersion":"181108","resolved":"TRUE","lastKnownStatus":"Deceptor:180924,181001,181008,1810026;NonCertified:181108","lastKnownDate":"181008","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,MacOS","targetBrowser":"Safari,Opera,IE,Edge,Firefox,Chrome","lastUpdate":"2018-11-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2424},{"violations":{"ACR-014":"Site claims advertised apps will remove specific adware, but provide no substantiation.\n","ACR-016":"Clicking the \"Driver Assist Removal Tool\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google searched how to remove driver assist ","reference":"","landingPage":"https://www.securitystronghold.com","ipv4":"","ipv6":"","landingPageWildChar":"https://www.securitystronghold.com/*","sourceIndex":"3325"}],"sampleFiles":[],"imageFiles":["181008/Securitystronghold-180912/180912/Images/ACR-014/Screen Shot 2018-09-15 at 11.10.13 AM.png","181008/Securitystronghold-180912/180912/Images/ACR-016/W10-2018-09-13T16-03-35-254048900Z.mp4"],"nonDeceptorImageFiles":[],"guid":"881c4d7b-335c-4332-b9c7-c3d14d7e1148_180912_1","appID":"Securitystronghold-180912","dateAdded":"181008","deceptorType":"Affiliate","name":"securitystronghold.com","company":"securitystronghold.com","version":"180912","sigName":"Deceptor:Affiliate/SecurityStronghold!014016","firstVendorContactDate":"181010","firstAppEsteemReplyDate":"181010","lastKnownStatus":"Deceptor:181008,181030,190121","lastKnownDate":"190121","type":"Affiliate","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","lastUpdate":"2019-01-22T00:55:40.9426041+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2421},{"violations":{"CCR-017":"Call made on 181026 at 10:55AM Eastern Time (US)\n\n Violation 1:  Agent opened the folder ' c:\\Windows\\inf ' and told me these were infected files. (Screenshot B)  [Misleading:  This folder contains 'inf' files.  An INF file is a text file that contains all the information that device installation components used to install a driver. Windows installs drivers using INF files.] \nViolation 2:  Agents opens 'Command Prompt' (CMD) and pretends to run a scan by typing letters then hitting 'Enter' over and over again.  (Screenshot C) [Misleading] \nViolation 3:  Agent opens up my Windows Firewall settings (Screenshot  E and F- Notice firewall is on) and quickly turns them off (Screenshot G) and informs me that I do not have firewall protection (Screenshot H) [Misleading]\n","CCR-022":"Call made on 181026 at 10:55AM Eastern Time (US)   \n\nViolation 1:  Agent used 'System Information - System Drivers' (Screenshot A)  [Self Diagnosis]\nViolation 2:  Agent opened the folder ' c:\\Windows\\inf ' and told me these were infected files.  (Screenshot B)   [Self Diagnosis] \nViolation 3:  Agents opens 'Command Prompt' (CMD) and pretends to run a scan by typing letters then hitting 'Enter' over and over again.  (Screenshot C) [Self Diagnosis] \nViolation 4:  Agents opens 'Command Prompt' (CMD) and runs the command 'Netstat' (Screenshot D) [Self Diagnosis]\n","CCR-031":"Call made on 181026 at 10:55AM Eastern Time (US)\n\nViolation 1:  Agent offered multi year packages.  Agent also claimed not sell 1 year packages.  (Screenshot i)  [ Maximum allowed service duration is one year, agent offered a 3 year service plan, 5 year plan, and a lifetime plan]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.callcenter","reference":"Examining Uniblue SpeedUpMyPc ","landingPage":"http://premiumtechiesupport.com/support-plans.php","directDownloadingLink":"https://pts-us.nexway.com/cart.html","ipv4":"","ipv6":"","landingPageWildChar":"http://premiumtechiesupport.com/*","sourceIndex":"3515"}],"sampleFiles":[],"imageFiles":["181008/PremiumTechieSupport-181002/181026/Images/CCR-017/B.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-017/C.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-017/F.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-017/G.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-017/H.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-017/E.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-022/A.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-022/B.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-022/C.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-022/D.JPG","181008/PremiumTechieSupport-181002/181026/Images/CCR-031/i.JPG"],"nonDeceptorImageFiles":[],"guid":"987f6f8e-85a6-4790-9392-760c92ebe889_181026_1","appID":"PremiumTechieSupport-181002","dateAdded":"181008","deceptorType":"Call Center","name":"premiumtechiesupport.com","company":"Premium Techie Support","version":"181026","sigName":"Deceptor:CallCenter/PremiumTechieSupport!017022031","firstVendorContactDate":"181008","firstAppEsteemReplyDate":"181008","firstResolvedDate":"181108","firstResolvedVersion":"181108","resolved":"TRUE","lastKnownStatus":"Deceptor:180924,181001,181008,1810026;NonCertified:181108","lastKnownDate":"181008","type":"Call Center","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome,Firefox,Edge,IE,Opera,Safari","lastUpdate":"2018-11-08T23:41:58.6546837+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2422},{"violations":{"CCR-017":"Call made on 180924 at 3:03PM Eastern Time (US).\n\nViolation 1: At 9:28 into the session the agent stated (Screenshot A), \"And if you look at the very bottom, do you see on the screen the Microsoft Security and Network Security is expired?  There is a Tiny Banker Trojan found and hackers tools found.  Can you see this?\"  I reply, \"I  can.\"  Agent says, \"If you don't know what a Tiny Banker Trojan I'll go ahead and show it to you so you'll be able to understand. Give me one second.\"  At this time the agent opens up Google and does a search on Tiny Banker Trojan (Screenshot B and C).  At 10:22 into the session the agent says, \"Your already infected.\"  I ask, \"So i have this thing? This Tiny Banker Trojan on my machine right now?\"  Agent responds, \"How can I know?  Cause I am running the scan.  Can you see this?  (Screenshot D)  I say, \"Oh Yeah.\"  Agent states, \"This is actually a scan of your machine that is where it is likely is found in your machine right?  These all are the problems coming through the online sources.  So I'll check the the network status on this computer then you can see that there is a csrss.exe trojan found.  Can you this that? (Screenshot E.  NOTE:  The agent actually types  'csrss.exe trojan found' within the command prompt right in front of me)  [Misleading:  Agent manually pasted invalid commands into the command prompt and masked it by running a file tree directory scan.  Agent then later typed out \"csrss.exe trojan found\" right in front of me without attempting to mask it.  Nothing is expired on my computer and I csrss.exe is a valid Windows file.]                                                                                                                                                                                                                                                                                                                                                                                              \nViolation 2:  At 10:56 into the session, agent says, \"Because you do have so many foreign addresses, they have already established their connection on the machine.  Give me one second.  (Screenshot F) I say, \"Okay\".  Agent says, \"Can you see that?  Those foriegn addresses and your name is also reflecting in the foreign addresses.  So instead of reflecting in the foreign addresses they should be reflecting in the local addresses.  Right?  So these all are the bad users or the hackers trying to hack your computer from all those different locations. So whatever you do on this computer, it maybe gets compromised, lost, or stolen as well.   Alright?  These all are the issues that are coming up in your computer through the online.  You understand me?   I say, \"I do.\"  Agent then says,  \"So keep spending money on the different softwares is not a solution.  Right?  So I'll go ahead and tell you exactly what needs to be done.  So that each and every time you will not be ending up to spend the money because you do not have a firewall. (Screenshot G) Because do you see Windows cannot find firewall?  (Screenshot H)  Can you see that?\" [Misleading:  Agent runs 'Netstat' in command prompt to give false information about hackers being connected to my computer under foreign addresses.  Netstat displays network connections for the Transmission Control Protocol.  Agent also opens the run box and types 'Firewall'.  This will always give the message 'Windows cannot find firewall' because that is an invald command to use in the run box.] \n","CCR-022":"Call made on 180924 at 3:03PM Eastern Time (US).\n\nViolation 1:  At 9:28 into the session the agent stated (Screenshot A), \"And if you look at the very bottom, do you see on the screen the Microsoft Security and Network Security is expired?  There is a Tiny Banker Trojan found and hackers tools found.  Can you see this?\"  I reply, \"I  can.\"  Agent says, \"If you don't know what a Tiny Banker Trojan I'll go ahead and show it to you so you'll be able to understand. Give me one second.\"  At this time the agent opens up Google and does a search on Tiny Banker Trojan (Screenshot B and C).  At 10:22 into the session the agent says, \"Your already infected.\"  I ask, \"So i have this thing? This Tiny Banker Trojan on my machine right now?\"  Agent responds, \"How can I know?  Cause I am running the scan.  Can you see this?  (Screenshot D)  I say, \"Oh Yeah.\"  Agent states, \"This is actually a scan of your machine that is where it is likely is found in your machine right?  These all are the problems coming through the online sources.  So I'll check the the network status on this computer then you can see that there is a csrss.exe trojan found.  Can you this that? (Screenshot E.  NOTE:  The agent actually types  'csrss.exe trojan found' within the command prompt right in front of me)  [Misleading:  Agent manually pasted invalid commands into the command prompt and masked it by running a file tree directory scan.  Agent then later typed out \"csrss.exe trojan found\" right in front of me without attempting to mask it.  Nothing is expired on my computer and I csrss.exe is a valid Windows file.]  \nViolation 2:  At 10:56 into the session, agent says, \"Because you do have so many foriegn addresses, they have already established their connection on the machine.  Give me one second.  (Screenshot F) I say, \"Okay\".  Agent says, \"Can you see that?  Those foriegn addresses and your name is also reflecting in the foreign addresses.  So instead of reflecting in the foreign addresses they should be reflecting in the local addresses.  Right?  So these all are the bad users or the hackers trying to hack your computer from all those different locations. So whatever you do on this computer, it maybe gets compromised, lost, or stolen as well.   Alright?  These all are the issues that are coming up in your computer through the online.  You understand me?   I say, \"I do.\"  Agent then says,  \"So keep spending money on the different softwares is not a solution.  Right?  So I'll go ahead and tell you exactly what needs to be done.  So that each and every time you will not be ending up to spend the money because you do not have a firewall. (Screenshot G) Because do you see Windows cannot find firewall?  (Screenshot H)  Can you see that?\" [Misleading:  Agent runs 'Netstat' in command prompt to give false information about hackers being connected to my computer under foreign addresses.  Netstat displays network connections for the Transmission Control Protocol.  Agent also opens the run box and types 'Firewall'.  This will always give the message 'Windows cannot find firewall' because that is an invald command to use in the run box.]  \n","CCR-031":"Call made on 180924 at 3:03PM Eastern Time (US).\n\nViolation 1:  At 12:17 into the session the agent asks, \"So bacisally I would like to ask you, do you need a security for another 1 year or for a perpetual life forever?\"  I respond,  \"I mean, if I was to go with the security, what would be the prices for like a lifetime perpetual or a one year?\"  Agent responds,  \"Alright, how many computers do you have in total.\"  I say, \"ahhh, one.\"  Agent then type out the prices with notepad and says, \"you can see on your screen sir?\" (Screenshot i) [Maximum allowed service duration is one year, agent offered a perpetual service plan and a three year plan]\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.callcenter","reference":"Examining Driver Tonic","landingPage":"http://premiumtechiesupport.com/support-plans.php","directDownloadingLink":"https://pts-us.nexway.com/cart.html","ipv4":"","ipv6":"","landingPageWildChar":"http://premiumtechiesupport.com/*","directDownloadingLinkWildChar":"","sourceIndex":"3552"}],"sampleFiles":[],"imageFiles":["181008/PremiumTechieSupport-181002/180924/Images/CCR-017/test.gif","181008/PremiumTechieSupport-181002/180924/Images/CCR-017/A.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-017/B.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-017/C.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-017/D.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-017/E.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-017/F.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-017/G.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-017/H.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-031/i.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-022/A.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-022/B.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-022/C.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-022/D.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-022/E.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-022/F.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-022/G.JPG","181008/PremiumTechieSupport-181002/180924/Images/CCR-022/H.JPG"],"nonDeceptorImageFiles":[],"guid":"987f6f8e-85a6-4790-9392-760c92ebe889_180924_1","appID":"PremiumTechieSupport-181002","dateAdded":"181008","deceptorType":"Call Center","name":"premiumtechiesupport.com","company":"Premium Techie Support","version":"180924","sigName":"Deceptor:CallCenter/PremiumTechieSupport!017022031","firstVendorContactDate":"181008","firstAppEsteemReplyDate":"181008","firstResolvedDate":"181108","firstResolvedVersion":"181108","resolved":"TRUE","lastKnownStatus":"Deceptor:180924,181001,181008,1810026;NonCertified:181108","lastKnownDate":"181008","type":"Call Center","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP,MacOS","targetBrowser":"Safari,Opera,IE,Edge,Firefox,Chrome","lastUpdate":"2018-11-08T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":3,"sortOrder":2423},{"violations":{"ACR-016":"Clicking the \"Download Removal Tool\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://it-help.info","ipv4":"","ipv6":"","landingPageWildChar":"http://it-help.info/how-to/*","sourceIndex":"3549"}],"sampleFiles":[],"imageFiles":["181008/Ithelp-180910/180910/Images/ACR-016/W10-2018-09-11T13-14-50-364278000Z.mp4"],"nonDeceptorImageFiles":[],"guid":"3bcec5e3-3ff2-4ea7-a7f2-2b1bb2acb03d_180910_1","appID":"Ithelp-180910","dateAdded":"181008","deceptorType":"Affiliate","name":"it-help.info","company":"http://it-help.info","version":"180910","sigName":"Deceptor:Affilliate/ItInfo!016","firstVendorContactDate":"181011","firstAppEsteemReplyDate":"181011","firstResolvedDate":"181011","firstResolvedVersion":"181011","resolved":"TRUE","lastKnownStatus":"Deceptor:180915,181008","lastKnownDate":"181008","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-10-12T01:07:36.0800418+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2427},{"violations":{"ACR-007":"The images displayed in the chrome webstore are misleading the consumer about the app's functionality.\n","ACR-114":"app uses a different (even though similar) name on the injected ads than it uses in Chrome.\n","ACR-030":"clicking outside the injected interstitial does not dismiss it; clicking the back button does not return to the website\n"},"nonDeceptorViolations":{"ACR-002":"Ads refer to \"Packtrackplus Extension\", but extension is named \"Offers by PackTrackPlus\"\n","ACR-027":"The injecting extension name does not match the app: the app is named \"Offers by packtrackplus\", the interstital claims \"packtrackplus advertisement\", and the details claims \"packtrackplus Extension\".\n","ACR-022":"Ad requires explicit closing in order for consumer to continue to the page\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search privacy policy \"You can opt out of the use of your NPII from being used by Network Advertising Initiative (“NAI”) members. The NAI opt-out tool was developed in conjunction with NAI members for the express purpose of allowing consumers to \"opt out\" of the behavioral advertising delivered by NAI members. If you opt-out of the use of your NPII from being used by NAI members, you will continue to receive ads, however, it will prevent NAI members from delivering ads tailored to your preferences and usage patterns. If you opt out of Interest-Based Advertising (as defined here) by one or more NAI member company, that choice will be stored in “opt-out cookies.” If you ever delete opt-out cookies from your browser (such as by clearing all cookies), buy a new computer, or change web browsers, you'll need to renew your opt-out choices. NAI member companies need to be able to read an \"opt-out\" cookie on your browser to know not to collect and use data for interest-based advertising purposes.\"","landingPage":"http://www.packtrackplus.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/offers-by-packtrackplus/jbdmklhmhcmifepnmdagkieccjhidepf?utm_source=inline-install-disabled","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/offers-by-packtrackplus/jbdmklhmhcmifepnmdagkieccjhidepf?utm_source=inline-install-disabled","sourceIndex":"3513"}],"sampleFiles":[],"imageFiles":["181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-007/ACR-007_inlineoffers.JPG","181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-007/ACR-007_inlineoffers1.JPG","181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-114/ACR-114_software.JPG","181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-114/ACR-114_software1.JPG","181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-030/ACR-030_injectedinterstitial.mp4"],"nonDeceptorImageFiles":["181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-002/ACR-002_injectedinterstitials.JPG","181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-002/ACR-002_injectedinterstitials1.JPG","181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-027/ACR-027_injectedinterstitials.JPG","181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-027/ACR-027_injectedinterstitials1.JPG","181006/OffersByPackTrackPlus-180911/192.4824.1079.31/Images/ACR-022/ACR-022_injectedinterstitials.mp4"],"guid":"54af3b65-d12f-4bd5-b5d6-8dd0cac40b6f_192.4824.1079.31_1","appID":"OffersByPackTrackPlus-180911","dateAdded":"181006","deceptorType":"Chrome Extension","name":"OffersByPackTrackPlus","company":"PackTrackPlus","version":"192.4824.1079.31","sigName":"Deceptor:CRX/OffersByPackTrackPlus!007030032114","firstVendorContactDate":"181107","firstAppEsteemReplyDate":"181107","firstResolvedDate":"181115","firstResolvedVersion":"192.7649.1085.33","resolved":"TRUE","lastKnownStatus":"Deceptor:192.4824.1079.31","lastKnownDate":"181006","type":"Chrome Extension","category":"Personalization & Search","targetOS":"","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"inject ads","lastUpdate":"2018-11-16T02:42:48.936581+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2429},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n","ACR-071":"The user is unable to decline the offer for \"All History Cleaner\" independently. The app is added as a free bonus for the user and is unable to be declined in the shopping cart.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Smart PC Solutions, Inc.\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"drivercommander_2b16c3b8aac648f391729a5a32cd6663_.exe","isInstaller":"True","companyName":"Safe Download Ltd                                           ","productName":"Driver Commander","productVersion":"4.0","fileVersion":"4.0","hashMD5":"0cabb99143cd142d2135f9154c81287a","hashSHA1":"dc7b0c98aad2d9350b2e889231f0d74abca0c89a","hashSHA256":"d69bb06e88432ce65fd0088076131952d1ecd8860ed21471f08080467ba83bb2","digitalCertThumbprint":"12B13B02E0F66FF8B87D9B54C6E04B6C159F78AB","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Smart PC Solutions, Inc.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Smart PC Solutions, Inc.\", L=Alexandria, S=Virginia, C=US","sourceIndex":"3351","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverCommander.exe","companyName":"Safe Download Ltd","productName":"Driver Commander","productVersion":"4.0","fileVersion":"3.1.0.5","hashMD5":"0d4714d9006cd8fe7c4e9d1d21c4313d","hashSHA1":"9b563254fffd55e4f4dba933408647ff98da387e","hashSHA256":"2d05e27bd0fbad6dc9df91fecd2cebea59153ba3a2525446addd9bdf20767f3c","digitalCertThumbprint":"12B13B02E0F66FF8B87D9B54C6E04B6C159F78AB","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Smart PC Solutions, Inc.\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"Smart PC Solutions, Inc.\", L=Alexandria, S=Virginia, C=US","sourceIndex":"3351","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://junkwareremoval.com/rogue/uninstall-driver-commander-removal-guide/","landingPage":"http://drivercommander.com/","directDownloadingLink":"http://www.drivercommander.com/downloads/response.aspx?&requestId=2b16c3b8aac648f391729a5a32cd6663&encodedInstallerPath=QzpcaW5ldHB1Ylx3d3dyb290XHByenlzcGllc3prb21wdXRlclxkb3dubG9hZHMvZHJpdmVyY29tbWFuZGVyLmV4ZQ==&edition=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.drivercommander.com/downloads/response.aspx?&requestId=2b16c3b8aac648f391729a5a32cd6663&encodedInstallerPath=QzpcaW5ldHB1Ylx3d3dyb290XHByenlzcGllc3prb21wdXRlclxkb3dubG9hZHMvZHJpdmVyY29tbWFuZGVyLmV4ZQ==&edition=","sourceIndex":"3351"}],"sampleFiles":["181001/DriverCommander-180928/4.0/Samples/drivercommander_2b16c3b8aac648f391729a5a32cd6663_.exe","181001/DriverCommander-180928/4.0/Samples/DriverCommander.exe"],"imageFiles":["181001/DriverCommander-180928/4.0/Images/ACR-084/ACR_084_SOFTWARE.PNG","181001/DriverCommander-180928/4.0/Images/ACR-118/ACR_118_UNINSTALL.PNG","181001/DriverCommander-180928/4.0/Images/ACR-071/ACR_071_INTERNAL_OFFERS_SCREENSHOT_1.PNG","181001/DriverCommander-180928/4.0/Images/ACR-071/ACR_071_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["181001/DriverCommander-180928/4.0/Images/ACR-065/ACR_065_INSTALL.PNG","181001/DriverCommander-180928/4.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","181001/DriverCommander-180928/4.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","181001/DriverCommander-180928/4.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","181001/DriverCommander-180928/4.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","181001/DriverCommander-180928/4.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","181001/DriverCommander-180928/4.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG"],"guid":"6ee83e31-7e73-4454-b9cf-9a82d7fc876c_4.0_1","appID":"DriverCommander-180928","dateAdded":"181001","deceptorType":"App","name":"Super Ovladac","company":"Smart PC Solutions, Inc.","version":"4.0","sigName":"Deceptor:Win32/DriverCommander!071084118","lastKnownStatus":"Deceptor:4.0","lastKnownDate":"181001","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-21T21:55:54.7778823+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2430},{"violations":{"ACR-014":"Site makes unsubstantiated claims that app can remove specific PUP.\n","ACR-016":"Clicking the \"Download Removal tool\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{"ACR-160":"The affiliate does not use a certified call center to monetize.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://removalbits.com/","ipv4":"","ipv6":"","landingPageWildChar":"http://removalbits.com/*","sourceIndex":"3324"}],"sampleFiles":[],"imageFiles":["180926/RemovalBits-180926/180926/Images/ACR-014/ACR-014_adsaboutapp.JPG","180926/RemovalBits-180926/180926/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":["180926/RemovalBits-180926/180926/Images/ACR-160/ACR-160_software.JPG"],"guid":"ba57f886-10d3-4598-bef4-479b373b6b58_180926_1","appID":"RemovalBits-180926","dateAdded":"180926","deceptorType":"Affiliate","name":"removalbits.com","company":"RemovalBits.com","version":"180926","sigName":"Deceptor:Affiliate/RemovalBits!014016","lastKnownStatus":"Deceptor:181010,190116","lastKnownDate":"190116","type":"Affiliate Network","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:57:30.5653515+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2431},{"violations":{"ACR-016":"Clicking the \"Download Pro APP Remover\" button auto-downloads without making an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google searched hot to remove reimage repair","reference":"","landingPage":"https://howcanremoveit.com","ipv4":"","ipv6":"","landingPageWildChar":"https://howcanremoveit.com/*","sourceIndex":"3323"}],"sampleFiles":[],"imageFiles":["180923/Howcanremoveit-180919/180919/Images/ACR-016/W10-2018-09-20T14-25-45-370389400Z.mp4"],"nonDeceptorImageFiles":[],"guid":"5c7673f8-8481-4947-8e1e-02dbcd81fd12_180919_1","appID":"Howcanremoveit-180919","dateAdded":"180923","deceptorType":"Affiliate","name":"howcanremoveit.com","company":"howcanremoveit.com","version":"180919","sigName":"Deceptor:Affiliate:HowCanRemoveIt!016","lastKnownStatus":"Deceptor:180923,190116","lastKnownDate":"190116","type":"Affiliate","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:58:03.0988557+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2432},{"violations":{"ACR-014":"Site makes unsubstantiated claim that app will remove the adware\n","ACR-016":"Clicking the \"Download Malwarebytes\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: registry cleaner free)","landingPage":"https://www.fixyourbrowser.com","ipv4":"","ipv6":"","landingPageWildChar":"https://www.fixyourbrowser.com/*","sourceIndex":"3322"}],"sampleFiles":[],"imageFiles":["180923/FixYourBrowser-180919/180919/Images/ACR-014/016 014 advertises as direct download and unsubstantiated claim.png","180923/FixYourBrowser-180919/180919/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":[],"guid":"01343ff8-bbaf-498f-bd27-751714716436_180919_1","appID":"FixYourBrowser-180919","dateAdded":"180923","deceptorType":"Affiliate","name":"fixyourbrowser.com","company":"Fixyourbrowser.com","version":"180919","sigName":"Deceptor:Affiliate/FixYourBrowser!014016","lastKnownStatus":"Deceptor:180923,190116","lastKnownDate":"190116","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:58:36.1260727+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2433},{"violations":{"ACR-016":"Clicking the \" Download Gridinsoft anti-malware\" button automatically downloads an executable without preseting the consumer a full offer \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google searched how to remove reimage repair","reference":"","landingPage":"https://deletemalware.net","ipv4":"","ipv6":"","landingPageWildChar":"https://deletemalware.net/*","sourceIndex":"3321"}],"sampleFiles":[],"imageFiles":["180923/Deletemalware-180919/180919/Images/ACR-016/W10-2018-09-21T16-53-08-987953000Z.mp4"],"nonDeceptorImageFiles":[],"guid":"1381eb09-0b84-473e-a9af-5d77bb52b0da_180919_1","appID":"Deletemalware-180919","dateAdded":"180923","deceptorType":"Affiliate","name":"deletemalware.net","company":"deletemalware.net","version":"180919","sigName":"Deceptor:Affiliate/DeleteMalware!016","lastKnownStatus":"Deceptor:180923,190116","lastKnownDate":"190116","type":"Affiliate","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-22T00:59:41.9851357+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2434},{"violations":{"ACR-014":"Ad makes an unsubstantiated claim that app will move the virus. Ad mentions SpyHunter but downloads Wipersoft.\n","ACR-016":" Clicking the \"Download Removal Tool \" button auto-downloads without making an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google searched how to remove re","reference":"","landingPage":"http://www.2-remove-virus.com","ipv4":"","ipv6":"","landingPageWildChar":"http://www.2-remove-virus.com/*","sourceIndex":"3058"}],"sampleFiles":[],"imageFiles":["180923/2Remove-190919/190919/Images/ACR-016/W10-2018-09-20T15-42-15-908411200Z.mp4","180923/2Remove-190919/190919/Images/ACR-014/014 unsubstantiated claim.png"],"nonDeceptorImageFiles":[],"guid":"da50ea84-e09a-498b-b5c6-3a1445afaa5b_190919_1","appID":"2Remove-190919","dateAdded":"180923","deceptorType":"Affiliate","name":"2-remove-virus.com","company":"http://www.2-remove-virus.com","version":"190919","sigName":"Deceptor:Affiliate/2RemoveVirus!014016","firstVendorContactDate":"190502","firstAppEsteemReplyDate":"190504","firstResolvedDate":"190531","firstResolvedVersion":"190531","resolved":"TRUE","lastKnownStatus":"Deceptor:180923,190116","lastKnownDate":"190116","type":"Affiliate","category":"SysTools & Utilities","targetOS":"None","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-05-31T20:34:52.2605113+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2435},{"violations":{"ACR-003":"The application exaggerates privacy and temporary files as being high risk level, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-014":"App implies that issue's importance potential could be \"high\" for privacy and temporary items.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"FitPC.exe","isInstaller":"True","companyName":"PC Health Expert LLC                                        ","productName":"Fit PC","productVersion":"4.1","fileVersion":"4.1","hashMD5":"ff746f6a67796037bf1bdeb28eb01f36","hashSHA1":"4d009e471fa4fdcd42dd1a1b544c998eaebc26c0","hashSHA256":"9dee7cd25ee90577537b6d25487fc7c60bfdd242d30f93ffecd0a5dafcec3053","digitalCertThumbprint":"08CED429BA20386B85785E8079944B4D943FA3E4","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=PC Health Expert LLC, O=PC Health Expert LLC, STREET=5158 Clareton Dr. Ste 1541, L=Agoura Hills, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=CALIFORNIA, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=201630610233, OID.2.5.4.15=Private Organization","sourceIndex":"3239","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FitPC_installed_version.exe","companyName":"PC Health Expert LLC","productName":"Fit PC","productVersion":"4.1.0.0","fileVersion":"4.1.0.0","hashMD5":"482995b09e679b00986305c12e3a5879","hashSHA1":"b34c358b12d76a6902d1b5effc77a747408fd84d","hashSHA256":"67824aafafb04f7aa6d7672095a750800eee1cd1ca3bd894f1721c921f9245c7","digitalCertThumbprint":"08CED429BA20386B85785E8079944B4D943FA3E4","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=PC Health Expert LLC, O=PC Health Expert LLC, STREET=5158 Clareton Dr. Ste 1541, L=Agoura Hills, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=CALIFORNIA, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=201630610233, OID.2.5.4.15=Private Organization","sourceIndex":"3239","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: pc cleaner)","landingPage":"http://pchealthexperts.com/index.php","directDownloadingLink":"http://pchealthexperts.com/download/FitPC.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pchealthexperts.com/download/FitPC.exe","sourceIndex":"3239"}],"sampleFiles":["180917/PCHealthExpertsFitPC-180824/4.1/Samples/FitPC.exe","180917/PCHealthExpertsFitPC-180824/4.1/Samples/FitPC_installed_version.exe"],"imageFiles":["180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-003/ACR_003_SOFTWARE.PNG","180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-014/ACR_014_SOFTWARE.PNG","180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-065/ACR_065_INSTALL.PNG","180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-065/ACR_065_SOFTWARE.PNG","180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-088/ACR_088_SOFTWARE.PNG","180917/PCHealthExpertsFitPC-180824/4.1/Images/ACR-168/ACR_168_LANDING_PAGE.PNG"],"guid":"0ad2b9c5-89e7-4095-b312-86c9198ae0b2_4.1_1","appID":"PCHealthExpertsFitPC-180824","dateAdded":"180917","deceptorType":"App","name":"PC Health Experts Fit PC","company":"PC Health Expert LLC.","version":"4.1","sigName":"Deceptor:Win32/FitPC!003014017084","lastKnownStatus":"Deceptor:4.1","lastKnownDate":"180917","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,call center","lastUpdate":"2019-01-29T00:17:42.3946598+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2436},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. After disabling the the scheduled scans in the application settings, the task still exist in the systems task scheduler.\n"},"nonDeceptorViolations":{"ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled\n"},"samples":[{"isRevoked":"False","fileName":"PCProCleaner.exe","isInstaller":"True","companyName":"Avbit Inc.                                                  ","productName":"PC ProCleaner","productVersion":"5.1.1.0","fileVersion":"5.1.1.0","hashMD5":"c6bc9c2fd3bf43d4e2ef4fd2cccbd974","hashSHA1":"674eb1cc3c6d371bd793c2302b86b58eda73cb2f","hashSHA256":"b251628a0ec932411376d4833c43022b9bb3465fe380afcfb0839ca8fc808aa9","digitalCertThumbprint":"F00B7815053DA46E8602922164D2F401ADE7632C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Avbit Inc., O=Avbit Inc., STREET=5162 Duke St Suite 300, L=Halifax, S=Nova Scotia, PostalCode=B3J 1N7, C=CA","sourceIndex":"3363","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCProCleaner.exe","companyName":"Avbit Inc.","productName":"PC ProCleaner","productVersion":"5.1.1.0","fileVersion":"5.1.1.0","hashMD5":"a0eac83907da0917676a75a54b301393","hashSHA1":"afdfd5adf096b185dd94810a8761f60c9d1a01d5","hashSHA256":"b6ba88401bdc23198aab410b0383283000769e7b2475c0ff25f96701ef042279","digitalCertThumbprint":"F00B7815053DA46E8602922164D2F401ADE7632C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Avbit Inc., O=Avbit Inc., STREET=5162 Duke St Suite 300, L=Halifax, S=Nova Scotia, PostalCode=B3J 1N7, C=CA","sourceIndex":"3363","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc privacy suite\"","landingPage":"https://www.avbit.com/pc-procleaner/","directDownloadingLink":"http://www.avbit.com/ressources/OptiCamp/PCProCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.avbit.com/ressources/OptiCamp/PCProCleaner.exe","sourceIndex":"3363"}],"sampleFiles":["180915/PCProCleaner-180911/5.1.1/Samples/PCProCleanersetup.exe","180915/PCProCleaner-180911/5.1.1/Samples/PCProCleaner.exe"],"imageFiles":["180915/PCProCleaner-180911/5.1.1/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180915/PCProCleaner-180911/5.1.1/Images/ACR-099/ACR-099_software.JPG","180915/PCProCleaner-180911/5.1.1/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"5750c5f0-b0ca-4e64-8510-64c57db2dd59_5.1.1_1","appID":"PCProCleaner-180911","dateAdded":"180915","deceptorType":"App","name":"PCProCleaner","company":"Avbit Inc.","version":"5.1.1","sigName":"Deceptor:Win32/PCProCleaner!084","firstVendorContactDate":"181015","firstAppEsteemReplyDate":"181015","firstResolvedDate":"181023","firstResolvedVersion":"5.3.0","resolved":"TRUE","lastKnownStatus":"Deceptor:5.1.1","lastKnownDate":"190114","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-15T18:22:48.2312327+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2443},{"violations":{"ACR-003":"The app exaggerates numbers that are not phone numbers as such and labels them as issues of medium severity, thereby misleading or scaring the user to take action.\n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying misleading endorsements. Logos are only applicable to the website and not the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy and privacy policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of additional payment for driver updater which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"ipsetupsite.exe","isInstaller":"True","companyName":"IdentityProtector.co                                        ","productName":"Identity Protector","productVersion":"1.0.0.34513","fileVersion":"1.0.0.34513","hashMD5":"6c1a8da0d433708c19358fd2b58991bf","hashSHA1":"e38f88270d7e91c273896788e7df3d5aaab90088","hashSHA256":"82a302c311000def69b5779aa39dc004429e7d72edadc3f67899f12c2a66e4b1","digitalCertThumbprint":"F047924D10DA57DEDE6C250AA538128E6FAFC535","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Identity Protection Services, O=Identity Protection Services, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"3022","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"IdentityProtector.exe","companyName":"IdentityProtector.co","productName":"Identity Protector","productVersion":"1.0.0.34513","fileVersion":"1.0.0.34513","hashMD5":"ab1a8ed3e44d63b4b2304f5e1228ec78","hashSHA1":"a4f6cd9fa058954c310a9c08dea382cb284efb66","hashSHA256":"8977bb778d50e84663a1de0ec72fde44c4547922fc70ef00187fd79e3015d27b","digitalCertThumbprint":"F047924D10DA57DEDE6C250AA538128E6FAFC535","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Identity Protection Services, O=Identity Protection Services, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"3022","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.identityprotector.co/","directDownloadingLink":"http://cdn.identityprotector.co/ip/builds/securedl/ipsetupsite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.identityprotector.co/ip/builds/securedl/ipsetupsite.exe","sourceIndex":"3022"}],"sampleFiles":["180915/IdentityProtector-180906/1.0.0.34513/Samples/ipsetupsite.exe","180915/IdentityProtector-180906/1.0.0.34513/Samples/IdentityProtector.exe"],"imageFiles":["180915/IdentityProtector-180906/1.0.0.34513/Images/ACR-003/ACR-003_software.JPG","180915/IdentityProtector-180906/1.0.0.34513/Images/ACR-017/ACR-017_software.JPG"],"nonDeceptorImageFiles":["180915/IdentityProtector-180906/1.0.0.34513/Images/ACR-065/ACR-065_internaloffer.JPG","180915/IdentityProtector-180906/1.0.0.34513/Images/ACR-088/ACR-088_software.JPG","180915/IdentityProtector-180906/1.0.0.34513/Images/ACR-099/ACR-099_internaloffer.JPG","180915/IdentityProtector-180906/1.0.0.34513/Images/ACR-161/ACR-161_internaloffer.JPG","180915/IdentityProtector-180906/1.0.0.34513/Images/ACR-171/ACR-171_internaloffer.JPG","180915/IdentityProtector-180906/1.0.0.34513/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"6d325c9f-9e2c-4fb0-b77a-9d79419bf9ca_1.0.0.34513_1","appID":"IdentityProtector-180906","dateAdded":"180915","deceptorType":"App","name":"IdentityProtector","company":"identityprotector.co.","version":"1.0.0.34513","sigName":"Deceptor:Win32/IdentityProtector!003017","lastKnownStatus":"Deceptor:1.0.0.34513","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:07:39.5850934+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2444},{"violations":{"ACR-003":"The application exaggerates privacy files and browsing cookies as being errors and problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the webpages, but displayed as if Norton is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-014":"App shows unsubstantiated red gauge.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"sparkpcsupport.com\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon calling the number the agent answered and referred to the company a phone support, he refuses to state the true company name and offers technical support to fix pc issues.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"ppccleanup_setup.exe","isInstaller":"True","companyName":"Perfect PC Cleanup                                          ","productName":"Perfect PC Cleanup","productVersion":"1.0","fileVersion":"","hashMD5":"ed1954e40caf59b1335893e156661fef","hashSHA1":"37c066fcab1f704d8a5de58c3e3ce1942726e396","hashSHA256":"b00129823975a8f54d4c4ff039817038d77690615002571d370180fbc0303a78","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=sparkpcsupport.com, OU=sparkpcsupport.com, O=sparkpcsupport.com, L=Delhi, S=Delhi, C=IN","sourceIndex":"3021","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"perfectpccleanup.exe","companyName":"n/a","productName":"perfectpccleanup","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a5a8241225ad1c50e164ab9f4867fa25","hashSHA1":"37ed314936adbd32c92a157f3857af89efe67b16","hashSHA256":"b573c117ce7526245a23de95cd76d42c02af6014fbe8c84553d2f622df5bb47a","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=sparkpcsupport.com, OU=sparkpcsupport.com, O=sparkpcsupport.com, L=Delhi, S=Delhi, C=IN","sourceIndex":"3021","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword: \"The software installer will offer to place a shortcut to the application so that you can access it conveniently through the Windows desktop or quick launch bar. You will be given an option to opt out of these shortcut creations at the time of installation.\")","landingPage":"http://www.perfectpccleanup.com/index.php","directDownloadingLink":"http://www.perfectpccleanup.com/app/window/product/ppccleanup_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.perfectpccleanup.com/app/window/product/ppccleanup_setup.exe","sourceIndex":"3021"}],"sampleFiles":["180915/PerfectPCCleanup-180903/1.0/Samples/ppccleanup_setup.exe","180915/PerfectPCCleanup-180903/1.0/Samples/perfectpccleanup.exe"],"imageFiles":["180915/PerfectPCCleanup-180903/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-014/ACR_017_SOFTWARE.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-017/ACR_017_SOFTWARE.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180915/PerfectPCCleanup-180903/1.0/Images/ACR-065/ACR_065_INSTALL.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180915/PerfectPCCleanup-180903/1.0/Images/ACR-092/ACR_092_SOFTWARE.PNG"],"guid":"3990ab6c-8266-4acd-934e-ea45df872eb8_1.0_1","appID":"PerfectPCCleanup-180903","dateAdded":"180915","deceptorType":"App","name":"Perfect PC Cleanup","company":"sparkpcsupport.com","version":"1.0","sigName":"Deceptor:Win32/PerfectPCCleanup!003014017084","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-06-06T21:08:33.184593+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2441},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The app exaggerates cookies, Browser History and Local Trace Files as being threats, thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-138":"The application has no link or information that shows how it can be uninstalled\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Eurotrade\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-167":"The app has no mention of a 30 day refund policy on anything paid.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"PrivacyPlusSetup.exe","isInstaller":"True","companyName":"Privacy Plus","productName":"Privacy Plus","productVersion":"3.2.9","fileVersion":"3.2.9","hashMD5":"190881d5af9ee51baaf17f0c07d1b211","hashSHA1":"51353714a83cf323bf59f9314c885d7a76d16ed5","hashSHA256":"1c2a1c06d8c4f8f8598146bcc2e9c018526d3f7118c42fd5fb451bcc439476b3","digitalCertThumbprint":"7CA4559226AD7677D6AA3A0C65C27D7FF4E56EB7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Eurotrade, O=Eurotrade, STREET=1 Aizik Shtern, L=Tel Aviv, S=Hamerkaz, PostalCode=62153, C=IL","sourceIndex":"3557","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PrivacyPlus.exe","companyName":"Privacy Plus","productName":"Privacy Plus","productVersion":"3.2.9.0","fileVersion":"3.2.9.0","hashMD5":"bd3b2be478d1b41f7055da6564c50373","hashSHA1":"8056bdcdfc7ce78ebd57e32e54ce5452784476ad","hashSHA256":"bde8d567a86ec04317dffb2d7779e78378766cd3b3c2119c8f71fb59329d763f","digitalCertThumbprint":"7CA4559226AD7677D6AA3A0C65C27D7FF4E56EB7","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Eurotrade, O=Eurotrade, STREET=1 Aizik Shtern, L=Tel Aviv, S=Hamerkaz, PostalCode=62153, C=IL","sourceIndex":"3557","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc privacy protect\"","landingPage":"http://privacy.plus/index.php","directDownloadingLink":"http://privacy.plus/files/PrivacyPlusSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://privacy.plus/files/PrivacyPlusSetup.exe","sourceIndex":"3557"}],"sampleFiles":["180915/PrivacyPlus-180427/3.2.9/Samples/PrivacyPlusSetup.exe","180915/PrivacyPlus-180427/3.2.9/Samples/PrivacyPlus.exe"],"imageFiles":["180915/PrivacyPlus-180427/3.2.9/Images/ACR-050/ACR-050_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-003/ACR-003_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-003/ACR-003_software1.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-084/ACR-084_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180915/PrivacyPlus-180427/3.2.9/Images/ACR-065/ACR-065_install.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-065/ACR-065_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-065/ACR-065_landingpage.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-163/ACR-163_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-163/ACR-163_landingpage.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-088/ACR-088_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-092/ACR-092_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-160/ACR-160_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-138/ACR-099_software.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-138/ACR-099_landingpage.JPG","180915/PrivacyPlus-180427/3.2.9/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"2ba92235-7b28-4e47-adbf-133d5b0fea2c_3.2.9_1","appID":"PrivacyPlus-180427","dateAdded":"180915","deceptorType":"App","name":"Privacy Plus","company":"Privacy Plus","version":"3.2.9","sigName":"Deceptor:Win32/PrivacyPlus!003084050168","lastKnownStatus":"Deceptor:3.2.9","lastKnownDate":"180915","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-09-15T15:19:47.3552371+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2440},{"violations":{"ACR-014":"Site claims that adware/spyware will be removed by promoted app, but provides no substantiation for the claim.\n","ACR-016":"Clicking the \"Download Gridinsoft Anti-Malware\" button auto-downloads without making an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \" id driver restore safe?\"","landingPage":"https://virus-removal-guide.net/","ipv4":"","ipv6":"","landingPageWildChar":"https://virus-removal-guide.net/*","sourceIndex":"3197"}],"sampleFiles":[],"imageFiles":["180915/Virus-Removal-Guide-180912/180912/Images/ACR-014/Screen Shot 2018-09-15 at 10.40.58 AM.png","180915/Virus-Removal-Guide-180912/180912/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":[],"guid":"c0e0118b-37ed-4114-b4a1-bf689c78c164_180912_1","appID":"Virus-Removal-Guide-180912","dateAdded":"180915","deceptorType":"Affiliate","name":"virus-removal-guide.net","company":"virus-removal-guide.net","version":"180912","sigName":"Deceptor:Affiliate/VirusRemovalGuide!014016","lastKnownStatus":"Deceptor:180915","lastKnownDate":"190206","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-02-14T00:13:47.7747031+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2437},{"violations":{"ACR-003":"The application exaggerates registry files and junk files as being threats, thereby misleading or scaring user to take action.\n","ACR-014":"App implies that issue's level could be \"medium\" or \"high\" for registry items, system junk. internet privacy and system cache.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's internal offer web page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SUPER TUNEUP TECHNOLOGIES LLP\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get 50% OFF the regular price of Super Tune-up Anti-Malware.\n","ACR-171":"The consumer is required to opt-out of additional payment for Special Disk Cleaning Tools which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"stuamsetup.exe","isInstaller":"True","companyName":"Super Tuneup                                                ","productName":"Super Tuneup Anti-Malware","productVersion":"2.1.1000.14155","fileVersion":"Super Tuneup Anti-Ma","hashMD5":"d883a98de0d8a6d41a0fbce7ccbe1c89","hashSHA1":"31acf29ed0938c5ae71f74b930dcb755a3148979","hashSHA256":"cf9612bf86aa7f3c1c802fc390b29872fac3a0791b76e705620ec521b348ab96","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3020","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":["Trend Micro Internet Security (20190228)"]},{"isRevoked":"False","fileName":"StuAM.exe","companyName":"SuperTuneup.com","productName":"Super Tuneup Anti-Malware","productVersion":"2.1.1000.14155","fileVersion":"2.1.1000.14155","hashMD5":"d8a3e1c4cf75e3c81989fad9528bc48f","hashSHA1":"c52a1ecb39b8afaef5752d5d63dad986b2280371","hashSHA256":"56acf1579f849e7a79934bbc5598a45c3dc62f495d9da448e1c9759be7238c3a","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3020","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword used: from \"Indian law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles.\")","landingPage":"http://antimalware.supertuneup.com/","directDownloadingLink":"https://b34df4ra1.vo.llnwd.net/setups/cfmfiles/d1fopdtjcs6au0/downloads/stuam/stuamsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://b34df4ra1.vo.llnwd.net/setups/cfmfiles/d1fopdtjcs6au0/downloads/stuam/stuamsetup.exe","sourceIndex":"3020"}],"sampleFiles":["180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Samples/stuamsetup.exe","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Samples/StuAM.exe"],"imageFiles":["180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-014/ACR_014_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-065/ACR_065_INSTALL.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-065/ACR_065_SOFTWARE.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-163/ACR_163_SOFTWARE.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-088/ACR_088_SOFTWARE.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-092/ACR_092_SOFTWARE.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-160/ACR_160_SOFTWARE.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-099/ACR_099_SOFTWARE.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-120/ACR_120_UNINSTALL.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180915/SuperTuneupAnti-Malware-180906/2.1.1000.14155/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"0b23649d-4296-4f7e-b3ff-9c84aea019e6_2.1.1000.14155_1","appID":"SuperTuneupAnti-Malware-180906","dateAdded":"180915","deceptorType":"App","name":"SuperTuneup Anti-Malware","company":"SUPER TUNEUP TECHNOLOGIES LLP","version":"2.1.1000.14155","sigName":"Deceptor:Win32/SuperTuneupAntiMalware!003014","lastKnownStatus":"Deceptor:2.1.1000.14155","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-06-06T21:09:22.5859799+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2438},{"violations":{"ACR-016":" Clicking the \"Remove Pc Privacy Shield\" button auto-downloads without making an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google searched how to remove PC privacy Shield","reference":"","landingPage":"https://www.shouldiremoveit.com/*","ipv4":"","ipv6":"","landingPageWildChar":"https://www.shouldiremoveit.com/*","sourceIndex":"3559"}],"sampleFiles":[],"imageFiles":["180915/Shouldiremoveit-180912/180912/Images/ACR-016/W10-2018-09-14T20-27-31-312235000Z.mp4"],"nonDeceptorImageFiles":[],"guid":"f3e6f7dd-7342-4e4b-ad43-aa053534b5de_180912_1","appID":"Shouldiremoveit-180912","dateAdded":"180915","deceptorType":"Affiliate","name":"shouldiremoveit.com","company":"www.shouldiremoveit.com","version":"180912","sigName":"Deceptor:Affiliate/ShouldIRemoveIt!016","lastKnownStatus":"Deceptor:180915","lastKnownDate":"180915","type":"Affiliate","category":"SysTools & Utilities","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-09-15T10:01:31.3602027+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2439},{"violations":{"ACR-014":"Site claims to remove adware with app, but provides no substantiation\n","ACR-016":"Clicking the \"DOWNLOAD REMOVAL TOOL\" button auto-downloads without making an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"google searched how to remove total system care","reference":"","landingPage":"http://www.pc-virusremove.com","ipv4":"","ipv6":"","landingPageWildChar":"http://www.pc-virusremove.com/*","sourceIndex":"3558"}],"sampleFiles":[],"imageFiles":["180915/PcVirusremove-180912/180912/Images/ACR-014/Screen Shot 2018-09-15 at 11.31.45 AM.png","180915/PcVirusremove-180912/180912/Images/ACR-016/W10-2018-09-14T14-41-49-986383900Z.mp4"],"nonDeceptorImageFiles":[],"guid":"e32525d8-17a2-4786-967a-3496f387d531_180912_1","appID":"PcVirusremove-180912","dateAdded":"180915","deceptorType":"Affiliate","name":"PcVirusremove","company":"pc-virusremove.com","version":"180912","sigName":"Deceptor:Affiliate/PCVirusRemove!014016","lastKnownStatus":"Deceptor:180915","lastKnownDate":"180915","type":"Affiliate","category":"SysTools & Utilities","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-09-15T10:33:10.9352857+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2442},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"GLOBALSOFT LOGICS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"aomsetup.exe","isInstaller":"True","productName":"Auto Mechanic 2018","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"f97d243b99a56790c9f3538d3b1d0450","hashSHA1":"1d4fddb63f98b4d2fab5c0d69164bbf0a1a51104","hashSHA256":"f07d2d4dfc6e9612f833f2f30480865618d373be422c1770c2ee95a664a064a2","digitalCertThumbprint":"4AF99DF2499113E82284865E745BEB3A1911CF9B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GLOBALSOFT LOGICS, O=GLOBALSOFT LOGICS, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"484","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)"],"avAllowList":["Bitdefender Internet Security (20190228)","Windows Defender (20190228)"]},{"isRevoked":"False","fileName":"bpp.exe","companyName":"n/a","productName":"SpeedUp Tool","productVersion":"1.0.2.0","fileVersion":"1.0.2.0","hashMD5":"7e151c2c5834c5147b67806b93b70464","hashSHA1":"2dfc8dfd3d69e2e3dd09499d84d99b4377b14c53","hashSHA256":"575596a39473efa1039b9f1d6e5fff9fecc71ab89216411ad20d113e3c9eb2fc","digitalCertThumbprint":"4AF99DF2499113E82284865E745BEB3A1911CF9B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GLOBALSOFT LOGICS, O=GLOBALSOFT LOGICS, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"484","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword: \"The software will be installed as a free trial with limited functionality and will work with all of its features after the purchase of a license key.\")","landingPage":"http://www.advancepccleaner.com/","directDownloadingLink":"https://dge2ss9b4veoy.cloudfront.net/aom/securerc/aomsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dge2ss9b4veoy.cloudfront.net/aom/securerc/aomsetup.exe","sourceIndex":"484"}],"sampleFiles":["180908/AutoMechanic2018-180903/1.0.2.0/Samples/aomsetup.exe","180908/AutoMechanic2018-180903/1.0.2.0/Samples/bpp.exe"],"imageFiles":["180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-014/ACR_014_SOFTWARE.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180908/AutoMechanic2018-180903/1.0.2.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"275bd843-fe14-494d-8cbc-9fdae4ab5150_1.0.2.0_1","appID":"AutoMechanic2018-180903","dateAdded":"180908","deceptorType":"App","name":"Auto Mechanic 2018","company":"GLOBALSOFT LOGICS","version":"1.0.2.0","sigName":"Deceptor:AutoMechanic2018!003010014055059","lastKnownStatus":"Deceptor:1.0.2.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2024-10-24T18:43:34.7175461+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2063},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy and privacy policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC-CARE-TOOiS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"scpsetup.exe","isInstaller":"True","productName":"Super Clean-Pro 2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"9f4080890c1ef2ea7f1393d984d3a016","hashSHA1":"c52f305131553af00de46da8dc01b0f49ca805b2","hashSHA256":"6a9aab9fa457a31d183d7b48f932927797400d223244de2844f183c2c2ecb137","digitalCertThumbprint":"AA333EB46D400ECD4D906F1FE92A7E8C9F7D1060","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-CARE-TOOiS, OU=PC-CARE-TOOiS, O=PC-CARE-TOOiS, POBox=302017, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"485","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"ptcr.exe","companyName":"n/a","productName":"Booster Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"8b114877f11d1023976730c62be08cdf","hashSHA1":"0552966ad4615fa29be5ac6b3ec942b52986d22a","hashSHA256":"9fbd1efd2072c5c8180e2bcc9e92485712a5828b99010026381ab042856cbd44","digitalCertThumbprint":"AA333EB46D400ECD4D906F1FE92A7E8C9F7D1060","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-CARE-TOOiS, OU=PC-CARE-TOOiS, O=PC-CARE-TOOiS, POBox=302017, STREET=\"3/213, MALVIYA NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"485","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.mypclogics.com/","directDownloadingLink":"http://dl.mypclogics.com/scp/securerc/b4/scpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.mypclogics.com/scp/securerc/b4/scpsetup.exe","sourceIndex":"485"}],"sampleFiles":["180908/SupercleanPro2018-180903/1.0.0.0/Samples/scpsetup.exe","180908/SupercleanPro2018-180903/1.0.0.0/Samples/ptcr.exe"],"imageFiles":["180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-003/ACR-003_software.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-003/ACR-003_software1.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-014/ACR-014_software.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-088/ACR-088_software.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-092/ACR-092_software.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180908/SupercleanPro2018-180903/1.0.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"ebbf4599-dd5b-40a2-a5f9-35faaff20555_1.0.0.0_1","appID":"SupercleanPro2018-180903","dateAdded":"180908","deceptorType":"App","name":"SupercleanPro2018","company":"Super Clean Pro 2018","version":"1.0.0.0","sigName":"Deceptor:Win32/SupercleanPro2018!003010014055059","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T18:41:06.2680066+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2062},{"violations":{"ACR-014":"The website claims to auto remove the app, but has no substantiation.\n","ACR-016":" Clicking the \"Download Malware Removal Tool\" button automatically downloads an executable without presenting the consumer a full offer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"https://sensorstechforum.com","ipv4":"","ipv6":"","landingPageWildChar":"https://sensorstechforum.com/*","sourceIndex":"3561"}],"sampleFiles":[],"imageFiles":["180908/Sensorstechforum-180906/180906/Images/ACR-014/acr_014.PNG","180908/Sensorstechforum-180906/180906/Images/ACR-016/W10-2018-09-07T15-39-58-977673800Z.mp4"],"nonDeceptorImageFiles":[],"guid":"9eeced0b-0b97-4ea6-bdf8-c4c6fdf21a34_180906_1","appID":"Sensorstechforum-180906","dateAdded":"180908","deceptorType":"Affiliate","name":"sensorstechforum.com","company":"sensorstechforum.com","version":"180906","sigName":"Deceptor:Affiliate/SensorsTechForum!014016","firstVendorContactDate":"180911","firstAppEsteemReplyDate":"180911","firstResolvedDate":"180912","firstResolvedVersion":"180912","resolved":"TRUE","lastKnownStatus":"Deceptor:180906","lastKnownDate":"180908","type":"Affiliate","category":"SysTools & Utilities","targetOS":"","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-09-12T19:07:25.2758709+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2445},{"violations":{"ACR-014":"The website claims the removal tool will detect and remove an application from the user's computer, but claim has no substantiation.\n","ACR-016":"Site's \"ads\" auto-download removal apps without making an offer to the consumer to do so.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"https://howtoremove.guide","ipv4":"","ipv6":"","landingPageWildChar":"https://howtoremove.guide/*","sourceIndex":"3560"}],"sampleFiles":[],"imageFiles":["180907/howtoremoveguide-180906/180906/Images/ACR-014/Screen Shot 2018-09-07 at 5.49.58 PM.png","180907/howtoremoveguide-180906/180906/Images/ACR-014/Screen Shot 2018-09-07 at 5.49.02 PM.png","180907/howtoremoveguide-180906/180906/Images/ACR-016/2018-09-07_17-50-59.gif"],"nonDeceptorImageFiles":[],"guid":"35b4607d-05d9-4444-bfe3-d6beb36d96aa_180906_1","appID":"howtoremoveguide-180906","dateAdded":"180907","deceptorType":"Affiliate","name":"howtoremove.guide","company":"HowToRemove.Guide","version":"180906","sigName":"Deceptor:Affiliate/HowToRemoveGuide!014016","firstVendorContactDate":"180911","firstAppEsteemReplyDate":"180911","firstResolvedDate":"180912","firstResolvedVersion":"180912","resolved":"TRUE","lastKnownStatus":"Deceptor:180907","lastKnownDate":"180907","type":"Affiliate","category":"SysTools & Utilities","targetOS":"","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-09-12T19:13:48.0668711+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2448},{"violations":{"ACR-016":"Clicking the \"Remove it now\" button (ad) automatically launches a download without presenting an offer to the consumer.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"remove driver restore\"","landingPage":"https://www.pcrisk.com/download-spyhunter","ipv4":"","ipv6":"","landingPageWildChar":"https://www.pcrisk.com/*","sourceIndex":"3547"}],"sampleFiles":[],"imageFiles":["180907/PCrisk-180905/180907/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":[],"guid":"9f766aa8-d168-495a-b17a-1a836536d027_180907_1","appID":"PCrisk-180905","dateAdded":"180907","deceptorType":"Affiliate","name":"www.pcrisk.com","company":"PCrisk.com","version":"180907","sigName":"Deceptor:Affiliate/PCRiskCom!016","firstVendorContactDate":"180910","firstAppEsteemReplyDate":"180910","firstResolvedDate":"181018","firstResolvedVersion":"181018","resolved":"TRUE","lastKnownStatus":"Deceptor:180907","lastKnownDate":"180907","type":"Affiliate","category":"SysTools & Utilities","targetOS":"","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-10-18T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2447},{"violations":{"ACR-014":"The affiliate claims that the recommended app will \"quick remove\" and \"remove xxx\" from the user's computer, but the claim cannot be substantiated.\n","ACR-016":"Clicking the \"Download Remover\" button auto-downloads without making an offer to the consumer. \n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"remove driver restore\"","landingPage":"https://www.stopscamware.com","ipv4":"","ipv6":"","landingPageWildChar":"https://www.stopscamware.com/*","sourceIndex":"3198"}],"sampleFiles":[],"imageFiles":["180907/StopScamware-180903/180907/Images/ACR-014/ACR-014_adsinsideapp.JPG","180907/StopScamware-180903/180907/Images/ACR-014/ACR-014_adsinsideapp1.JPG","180907/StopScamware-180903/180907/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":[],"guid":"6fa5263d-1a14-4237-9a1b-d006c2240d2b_180907_1","appID":"StopScamware-180903","dateAdded":"180907","deceptorType":"Affiliate","name":"stopscamware.com","company":"Stop Spamware LLC","version":"180907","sigName":"Deceptor:Affiliate/StopScamware!014016","lastKnownStatus":"Deceptor:180907","lastKnownDate":"190213","type":"Affiliate Network","category":"SysTools & Utilities","targetOS":"","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-02-14T00:08:35.7045858+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2446},{"violations":{"ACR-016":"Clicking the \"Download Removal Tool\" button does not show the consumer a full offer, but automatically downloads Wipersoft.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"remove driversupport\"","landingPage":"http://www.besttechtips.org/spyhunter/","ipv4":"","ipv6":"","landingPageWildChar":"http://www.besttechtips.org/*","sourceIndex":"3350"}],"sampleFiles":[],"imageFiles":["180905/BestTechTips-180831/180905/Images/ACR-016/Video1.mp4","180905/BestTechTips-180831/180905/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":[],"guid":"8e78d5da-cecc-43d2-aa94-cc038f08eab3_180905_1","appID":"BestTechTips-180831","dateAdded":"180905","deceptorType":"Affiliate","name":"www.besttechtips.org","company":"BestTechTips","version":"180905","lastKnownStatus":"Deceptor:180905,190121","lastKnownDate":"180905","type":"Affiliate","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-21T21:58:13.8737817+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2449},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n"},"nonDeceptorViolations":{"ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"WINCARE UTILITIES\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":" The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"wprsetup.exe","isInstaller":"True","productName":"Win~PC Repair 2018","productVersion":"1.0.0.5","fileVersion":"1.0.0.5","hashMD5":"ebc279aa1d6dbc388ce759a8f3610c82","hashSHA1":"0046903ec58b2591093f20848a15763e06a7c6d7","hashSHA256":"9e9c0cac0aa2e1262d23901091857f0886104ce7363975e98f7e9a19941ba296","digitalCertThumbprint":"0DC73689F5402C1A87BFDACC9E9D78D0759B2D6F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WINCARE UTILITIES, O=WINCARE UTILITIES, POBox=302012, STREET=\"47, Shilp Colony, Jhotwara\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"483","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mpr.exe","companyName":"n/a","productName":"SpeedUp Tool","productVersion":"1.0.0.5","fileVersion":"1.0.0.5","hashMD5":"064a57b0d6369cb99d9cbd31c23273cb","hashSHA1":"a968b441aeadfaf8c1cbe535397e5578847bbcce","hashSHA256":"fb42aa6800655e69102afd63c157d7450c3e9dc790d8bd54f187bc4b6fb387fa","digitalCertThumbprint":"0DC73689F5402C1A87BFDACC9E9D78D0759B2D6F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WINCARE UTILITIES, O=WINCARE UTILITIES, POBox=302012, STREET=\"47, Shilp Colony, Jhotwara\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"483","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword: fix pc 2018 privacy policy)","landingPage":"http://advpcrepair.com/","directDownloadingLink":"https://d2sa7p7xmcd3e2.cloudfront.net/wpr/securerc/c4/wprsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2sa7p7xmcd3e2.cloudfront.net/wpr/securerc/c4/wprsetup.exe","sourceIndex":"483"}],"sampleFiles":["180905/Win-PCRepiar2018-180903/1.0.0.5/Samples/wprsetup.exe","180905/Win-PCRepiar2018-180903/1.0.0.5/Samples/mpr.exe"],"imageFiles":["180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-055/ACR_055_INLINE_OFFER.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-010/ACR_010_INLINE_OFFER.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-014/ACR_014_SOFTWARE.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-088/ACR_088_SOFTWARE.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-092/ACR_092_SOFTWARE.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","180905/Win-PCRepiar2018-180903/1.0.0.5/Images/ACR-171/ACR_171_INTERNAL_OFFER.PNG"],"guid":"d8727a11-6542-4b52-9302-f19ba389f032_1.0.0.5_1","appID":"Win-PCRepiar2018-180903","dateAdded":"180905","deceptorType":"App","name":"Win PC Repair 2018","company":"WINCARE UTILITIES","version":"1.0.0.5","sigName":"Deceptor:Win32/WinPCRepair2018!003010014055059","lastKnownStatus":"Deceptor:1.0.0.5","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2024-10-24T18:49:52.6501336+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2064},{"violations":{"ACR-003":"The application exaggerates registry keys with high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-014":"App implies that issue's improvement potential could be \"high\" for registry items.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Fixer Tools\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"ssusetup.exe","isInstaller":"True","companyName":"","productName":"Super- Speedup-2018","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"42bcac9f5a8e38634e6a36f8b6bb0b2f","hashSHA1":"fc7429b1b7da0b2a98e776d546802a508b45c2e3","hashSHA256":"18ac3d4bc7fb7f3a4296e0d11ad7578b10d65f2eea24ff34bbcd5cc3e3b0d10e","digitalCertThumbprint":"16AE7F5E3DC5CD268E1D2401860A371D09652470","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Fixer Tools, OU=PC Fixer Tools, O=PC Fixer Tools, POBox=302019, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"480","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Windows Defender (20190228)"],"avAllowList":["Webroot SecureAnywhere (20190228)"]},{"isRevoked":"False","fileName":"mpr.exe","companyName":"n/a","productName":"Booster Tool","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"bd513332199029e2a0466ae6e2b4055b","hashSHA1":"47173d6c0de74b331c3a417a093402ee3f17fdfe","hashSHA256":"5d37b1c3ebcc4a40c552e0536a19e78cb0a4166250c3eed2326a215e28b986f0","digitalCertThumbprint":"16AE7F5E3DC5CD268E1D2401860A371D09652470","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Fixer Tools, OU=PC Fixer Tools, O=PC Fixer Tools, POBox=302019, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"480","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.mycleanpc.online/","directDownloadingLink":"http://dl.mycleanpc.online/ssu/securerc/b20/ssusetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.mycleanpc.online/ssu/securerc/b20/ssusetup.exe","sourceIndex":"480"}],"sampleFiles":["180904/SuperSpeedup2018-180903/1.0.0.1/Samples/ssusetup.exe","180904/SuperSpeedup2018-180903/1.0.0.1/Samples/mpr.exe"],"imageFiles":["180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-003/ACR-003_software.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-003/ACR-003_software1.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-010/ACR-010_inlineoffer.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-010/ACR-010_adsinsideapp.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-014/ACR-014_software.JPG"],"nonDeceptorImageFiles":["180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-065/ACR-065_internaloffer.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-161/ACR-161_internaloffer.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-161/ACR-161_internaloffer1.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-088/ACR-088_software.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-092/ACR-092_software.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-099/ACR-099_landingpage.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-099/ACR-099_internaloffer.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-150/ACR-150_internaloffer.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-171/ACR-171_internaloffer.JPG","180904/SuperSpeedup2018-180903/1.0.0.1/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"11818d2d-f29c-43c4-bfc7-5f7a6b20c08c_1.0.0.1_1","appID":"SuperSpeedup2018-180903","dateAdded":"180904","deceptorType":"App","name":"Super Speedup 2018","company":"Super Speedup 2018","version":"1.0.0.1","sigName":"Deceptor:Win32/SuperSpeedup2018!003010014","lastKnownStatus":"Deceptor:1.0.0.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T20:24:11.1383526+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2065},{"violations":{"ACR-003":"The scanner result is not substantiated. The view of result details has to pay. \n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SparksGen Limited\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"pc_cleaner.exe","isInstaller":"True","companyName":"PC Cleaner                                                  ","productName":"PC Cleaner","productVersion":"1.0","fileVersion":"0.0","hashMD5":"867ff65bd2790f7e7e5c03548eedb643","hashSHA1":"75ce52988736d146b0da5981eaa0b715b6170738","hashSHA256":"d4187a66df03c9816aa6038fc8dde1234abd34e8c837d6da0d8285bdcf9a3b62","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SparksGen Limited, O=SparksGen Limited, STREET=89 Urquhart Road, L=Aberdeen, S=Aberdeenshire, PostalCode=AB25 1BU, C=GB","sourceIndex":"3023","avBlockList":["Avast Internet Security (20190228)","AVG Internet Security (20190228)","Avira Internet Security (20190228)","Bitdefender Internet Security (20190228)","ESET Internet Security (20190228)","G DATA INTERNET SECURITY (20190228)","K7 Total Security (20190228)","Kaspersky Internet Security (20190228)","Malwarebytes Premium (20190228)","McAfee Total Protection (20190228)","Norton Security (20190228)","Panda Dome (20190228)","Sophos Home Premium (20190228)","Trend Micro Internet Security (20190228)","VirIT eXplorer PRO (20190228)","Webroot SecureAnywhere (20190228)","Windows Defender (20190228)"],"avAllowList":[]},{"isRevoked":"False","fileName":"PC Cleaner.exe","companyName":"n/a","productName":"D Cleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"2947305f50401961d32b6b58bf016c25","hashSHA1":"69132883cca4d55974f7936223c6bca61642762f","hashSHA256":"fb141d0c9631378b31c81fdbc1ad7e9c3631f5b979d021abe08f11426a01d6e9","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SparksGen Limited, O=SparksGen Limited, STREET=89 Urquhart Road, L=Aberdeen, S=Aberdeenshire, PostalCode=AB25 1BU, C=GB","sourceIndex":"3023","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.offered","reference":"http://sensumsoft.com/index.aspx","landingPage":"http://sensumsoft.com/pccleaner.aspx","directDownloadingLink":"http://sensumsoft.com/Downloads/Exe/pc_cleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://sensumsoft.com/Downloads/Exe/pc_cleaner.exe","sourceIndex":"3023"}],"sampleFiles":["180901/PCCleaner-180820/1.0/Samples/pc_cleaner.exe","180901/PCCleaner-180820/1.0/Samples/PC Cleaner.exe"],"imageFiles":["180901/PCCleaner-180820/1.0/Images/ACR-003/ScanResult_003.PNG","180901/PCCleaner-180820/1.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180901/PCCleaner-180820/1.0/Images/ACR-065/ACR-065_install.JPG","180901/PCCleaner-180820/1.0/Images/ACR-065/ACR-065_software.JPG","180901/PCCleaner-180820/1.0/Images/ACR-163/ACR-163_software.JPG","180901/PCCleaner-180820/1.0/Images/ACR-092/ACR-092_software.JPG","180901/PCCleaner-180820/1.0/Images/ACR-160/ACR-160_software.JPG","180901/PCCleaner-180820/1.0/Images/ACR-099/ACR-099_software.JPG","180901/PCCleaner-180820/1.0/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"337ec0b7-c669-4bc6-9d27-14d5f4283696_1.0_1","appID":"PCCleaner-180820","dateAdded":"180901","deceptorType":"App","name":"PC Cleaner","company":" Sensum Soft","version":"1.0","sigName":"Deceptor:Win32/PCCleaner!003168","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-06-06T21:06:38.100203+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2450},{"violations":{"ACR-168":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option. No additional offers disclosed next to phone number\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SparksGen Limited\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-069":"The free service (Defragment and optimize drives) and build in OS is available to do disk defragment. App requires user to pay to do defrag. \n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"disk_tuner.exe","isInstaller":"True","companyName":"Disk Tuner                                                  ","productName":"Disk Tuner","productVersion":"1.0","fileVersion":"0.0","hashMD5":"3105274bf58c7256e166b197f72fca32","hashSHA1":"b1cf6d13ee8ff69d1b00a18005853fe7821c6f78","hashSHA256":"48780f1c79b4320e3b0fa4b99d5f6c4e331f764c98a666ed1757cd42f69cb623","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SparksGen Limited, O=SparksGen Limited, STREET=89 Urquhart Road, L=Aberdeen, S=Aberdeenshire, PostalCode=AB25 1BU, C=GB","sourceIndex":"3248","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Defrager.exe","companyName":"n\\a","productName":"Disk Tuner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"bf1bda006ae91fb92279051d84dc5e06","hashSHA1":"35fe1a6624b9ac8c2ea55ddf47988b785eb23747","hashSHA256":"782c8256814dadac1518f82e76470aee0019ab07a4812d306bea6d906e3d027b","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SparksGen Limited, O=SparksGen Limited, STREET=89 Urquhart Road, L=Aberdeen, S=Aberdeenshire, PostalCode=AB25 1BU, C=GB","sourceIndex":"3248","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.offered","reference":"http://sensumsoft.com/index.aspx","landingPage":"http://sensumsoft.com/disktuner.aspx","directDownloadingLink":"http://sensumsoft.com/Downloads/Exe/disk_tuner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://sensumsoft.com/Downloads/Exe/disk_tuner.exe","sourceIndex":"3248"}],"sampleFiles":["180901/DiskTuner-180820/1.0/Samples/disk_tuner.exe","180901/DiskTuner-180820/1.0/Samples/Defrager.exe"],"imageFiles":["180901/DiskTuner-180820/1.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180901/DiskTuner-180820/1.0/Images/ACR-065/ACR-065_install.JPG","180901/DiskTuner-180820/1.0/Images/ACR-065/ACR-065_software.JPG","180901/DiskTuner-180820/1.0/Images/ACR-163/ACR-163_software.JPG","180901/DiskTuner-180820/1.0/Images/ACR-092/ACR-092_software.JPG","180901/DiskTuner-180820/1.0/Images/ACR-160/ACR-160_software.JPG","180901/DiskTuner-180820/1.0/Images/ACR-099/ACR-099_software.JPG","180901/DiskTuner-180820/1.0/Images/ACR-099/ACR-099_landingpage.JPG","180901/DiskTuner-180820/1.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"16b2129b-064a-4d6b-b921-2541ab7a0de2_1.0_1","appID":"DiskTuner-180820","dateAdded":"180901","deceptorType":"App","name":"Disk Tuner","company":"Sensum Soft","version":"1.0","sigName":"Deceptor:Win32/DiskTuner!168","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-26T01:33:13.1797456+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2451},{"violations":{"ACR-003":"App uses the word \"error\" to refer to registry settings, which artificially inflates the urgency.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"App implies that issue's level could be \"medium\" or \"high\" for registry items, system junk. internet privacy and system cache.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SparksGen Limited\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled\n"},"samples":[{"isRevoked":"False","fileName":"RPC.exe","isInstaller":"True","companyName":"Regprocleaner                                               ","productName":"Regprocleaner","productVersion":"2.0","fileVersion":"0.0","hashMD5":"80d31d347f494a8cc0781b5f51475673","hashSHA1":"53010de30fd91c159aec008654a21c9fc516c527","hashSHA256":"5464b0fe756433caa14b98299d916941cc07e2516408dfd4189637b9e4df3136","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SparksGen Limited, O=SparksGen Limited, STREET=89 Urquhart Road, L=Aberdeen, S=Aberdeenshire, PostalCode=AB25 1BU, C=GB","sourceIndex":"3249","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Regprocleaner.exe","companyName":"n/a","productName":"Regprocleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"8bab96e724259af95ab712b30a36a0cd","hashSHA1":"e837db5a39902a1352cf42a357fd30a4ff47373c","hashSHA256":"ca4e8511a70e5a4ebe6eb9513967d36a73eb7663ee7309d11df22c4adea4ec18","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SparksGen Limited, O=SparksGen Limited, STREET=89 Urquhart Road, L=Aberdeen, S=Aberdeenshire, PostalCode=AB25 1BU, C=GB","sourceIndex":"3249","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search with top keywords for www.systweak.com/registry-cleaner/ on sypfy (searched reg pro clean)","landingPage":"http://sensumsoft.com/regprocleaner.aspx","directDownloadingLink":"http://sensumsoft.com/Downloads/Exe/RPC.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://sensumsoft.com/Downloads/Exe/RPC.exe","sourceIndex":"3249"}],"sampleFiles":["180823/RegProCleaner-180820/2.0/Samples/RPC.exe","180823/RegProCleaner-180820/2.0/Samples/Regprocleaner.exe"],"imageFiles":["180823/RegProCleaner-180820/2.0/Images/ACR-003/ACR-003_software.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-014/ACR-014_software.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-014/ACR-014_software1.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180823/RegProCleaner-180820/2.0/Images/ACR-065/ACR-065_install.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-065/ACR-065_software.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-161/ACR-161_landingpage.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-161/ACR-161_landingpage1.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-163/ACR-163_software.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-092/ACR-092_software.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-160/ACR-160_software.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-099/ACR-099_software.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-099/ACR-099_landingpage.JPG","180823/RegProCleaner-180820/2.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"87145cac-6c07-4612-aff4-c6a64762d0a1_2.0_1","appID":"RegProCleaner-180820","dateAdded":"180823","deceptorType":"App","name":"RegProCleaner","company":"Sensum Soft","version":"2.0","sigName":"Deceptor:Win32/SensumRegProCleaner!003014168","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-26T01:32:40.6544801+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2452},{"violations":{"ACR-003":"The application exaggerates registry keys, system temp files as errors of high level, thereby misleading or scaring user to take action.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"App implies that issue's level could be \"medium\" or \"high\" for registry items, system junk and internet privacy items.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offers that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SparksGen Limited\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"pc_optimizer.exe","isInstaller":"True","companyName":"PC Optimizer                                                ","productName":"PC Optimizer","productVersion":"1.0","fileVersion":"0.0","hashMD5":"bc8298288c8acb893c9cd67c6f73ad2c","hashSHA1":"b98035320af00b95311e1b1ffdb3583d1f333228","hashSHA256":"1b6f6a997e2b7684ca093d5a6a3bfe4e1f7a73ffe1ba1557935a0e7448af99ba","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SparksGen Limited, O=SparksGen Limited, STREET=89 Urquhart Road, L=Aberdeen, S=Aberdeenshire, PostalCode=AB25 1BU, C=GB","sourceIndex":"3250","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC Optimizer.exe","companyName":"n/a","productName":"PC Optimizer","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"37ce50c42560b1112b0d934a16786a03","hashSHA1":"e8d2d3b64d480e9dce84e85d2c8066b5b20bb75b","hashSHA256":"ced44d45e01428697125a8d8e52ad07d9161ea964506033b8aa9208346474cf3","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SparksGen Limited, O=SparksGen Limited, STREET=89 Urquhart Road, L=Aberdeen, S=Aberdeenshire, PostalCode=AB25 1BU, C=GB","sourceIndex":"3250","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.offered","reference":"http://sensumsoft.com/index.aspx","landingPage":"http://sensumsoft.com/pcoptimizer.aspx","directDownloadingLink":"http://sensumsoft.com/Downloads/Exe/pc_optimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://sensumsoft.com/Downloads/Exe/pc_optimizer.exe","sourceIndex":"3250"}],"sampleFiles":["180823/PCOptimizer-180820/1.0/Samples/pc_optimizer.exe","180823/PCOptimizer-180820/1.0/Samples/PC Optimizer.exe"],"imageFiles":["180823/PCOptimizer-180820/1.0/Images/ACR-003/ACR-003_software.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-003/ACR-003_software1.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-014/ACR-014_software.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180823/PCOptimizer-180820/1.0/Images/ACR-065/ACR-065_install.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-065/ACR-065_software.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-065/ACR-065_landingpage.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-065/ACR-065_internaloffer.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-088/ACR-088_software.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-092/ACR-092_software.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-160/ACR-160_software.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-099/ACR-099_software.JPG","180823/PCOptimizer-180820/1.0/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"c7933037-50e4-4608-99af-dac9010d450d_1.0_1","appID":"PCOptimizer-180820","dateAdded":"180823","deceptorType":"App","name":"PC Optimizer","company":"Sensum Soft","version":"1.0","sigName":"Deceptor:Win32/SensumPCOptimizer!003014168","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-26T01:32:08.7547414+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2453},{"violations":{"ACR-003":"The application exaggerates Cookies as being threats, thereby misleading or scaring the consumer to take action.\n","ACR-014":"The app misleads the user by labeling registry keys, browser files and windows settings as threats.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get 50% off PC Malware Cleaner.\n"},"samples":[{"isRevoked":"False","fileName":"PCMalwareCleaner.exe","isInstaller":"True","companyName":"AB eCommerce Inc.","productName":"PC Malware Cleaner","productVersion":"1.0.1.9","fileVersion":"1.0.1.9","hashMD5":"e6756ceba47b6edbd31971c9baa0b878","hashSHA1":"bd81277a33ecb999d22b42fa800e9672f9f3401f","hashSHA256":"5ffae1a230ac0a7a6bc1ab2499369147ebf56474f3d0f522709e25dfd69e6a9b","digitalCertThumbprint":"7BF90EBC66742BF0683E3A9C78689113BCCB253A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB eCommerce Inc, O=AB eCommerce Inc, STREET=3223-B chemin d'oka, L=Ste-Marthe-Sur-Le-Lac, S=Quebec, PostalCode=j0n1p0, C=CA","sourceIndex":"3173","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCMalwareCleaner_Installed_Version.exe","companyName":"Anti-Malware","productName":"Anti-Malware","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3d9a69ceb75db8849505890cdb6c5d26","hashSHA1":"27371ff3a7c20a518b8099382ec739a1e2757e0a","hashSHA256":"19b9b50e6f86c5a23c2084145936ef414f5e8888305aa07d4f55554310269e97","digitalCertThumbprint":"7BF90EBC66742BF0683E3A9C78689113BCCB253A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB eCommerce Inc, O=AB eCommerce Inc, STREET=3223-B chemin d'oka, L=Ste-Marthe-Sur-Le-Lac, S=Quebec, PostalCode=j0n1p0, C=CA","sourceIndex":"3173","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://images.google.com/ (keyword: malware cleaner)","landingPage":"http://www.pcmalwarecleaner.com/","directDownloadingLink":"http://www.pcmalwarecleaner.com/download/PCMalwareCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pcmalwarecleaner.com/download/PCMalwareCleaner.exe","sourceIndex":"3173"}],"sampleFiles":["180820/PCMalwareCleaner-180820/1.0.1.9/Samples/PCMalwareCleaner.exe","180820/PCMalwareCleaner-180820/1.0.1.9/Samples/PCMalwareCleaner_Installed_Version.exe"],"imageFiles":["180820/PCMalwareCleaner-180820/1.0.1.9/Images/ACR-003/ACR_003_SOFTWARE.PNG","180820/PCMalwareCleaner-180820/1.0.1.9/Images/ACR-014/ACR_014_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180820/PCMalwareCleaner-180820/1.0.1.9/Images/ACR-065/ACR_065_SOFTWARE.PNG","180820/PCMalwareCleaner-180820/1.0.1.9/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180820/PCMalwareCleaner-180820/1.0.1.9/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180820/PCMalwareCleaner-180820/1.0.1.9/Images/ACR-099/ACR_099_SOFTWARE.PNG","180820/PCMalwareCleaner-180820/1.0.1.9/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"93628fbc-94f4-4a6c-8545-168039f4a35f_1.0.1.9_1","appID":"PCMalwareCleaner-180820","dateAdded":"180820","deceptorType":"App","name":"PC Malware Cleaner","company":"AB eCommerce Inc.","version":"1.0.1.9","sigName":"Deceptor:Win32/PCMalwareCleaner!003014","firstVendorContactDate":"190221","firstAppEsteemReplyDate":"190221","lastKnownStatus":"Deceptor:1.0.1.9","lastKnownDate":"190221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-02-21T21:00:52.3581371+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2454},{"violations":{"ACR-048":"The application cannot be closed using standard platform-provided methods. When the user tries to close the app there is an option to continue with problems or repair now.\n","ACR-003":"The application exaggerates registry keys, system junk, internet privacy and system cache as errors of medium level, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's internal offer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from scanning on startup from the software interface as that feature is grayed out.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application's internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-117":"App uninstall prompts the user that they can get the app at a 40% discount at uninstall and does not provide a straight forward option for the user to decline the offer and continue the uninstall.\n","ACR-014":"App results show an intent to deceive the consumer by implying that issue's level could be \"medium\" or \"high\" for registry items, system junk. internet privacy and system cache.\n","ACR-124":"The app provides multiple uninstall confirmation prompts and the options to continue uninstall is not clearly shown.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app's docs requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled\n","ACR-120":"Upon trying to uninstall the application a offer opens with information stating that the consumer can get the app at 40% off.\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"advancepcprotector.exe","isInstaller":"True","companyName":"Advance PC Protector                                        ","productName":"Advance PC Protector","productVersion":"1.0","fileVersion":"1.0","hashMD5":"27927b55d46a1a7c9c9728f1a996a3ac","hashSHA1":"e40cc18d0e588ed27eef4995b746fe1aa44dafc1","hashSHA256":"71dfb91f3ca3b352cf4c43eba96fdbe18647a1ca6039736cff56185e7090df7b","digitalCertThumbprint":"A13BFD6D89F3EE248E4C3D07E81FE74D246A2AE1","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AKICK SOFTWARE PRIVATE LIMITED, O=AKICK SOFTWARE PRIVATE LIMITED, STREET=\"BAR BIGHEE, MIRZANHAT\", L=BHAGALPUR, S=BIHAR, C=IN, OID.1.3.6.1.4.1.311.60.2.1.2=BIHAR, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72300BR2015PTC024169, OID.2.5.4.15=Private Organization","sourceIndex":"3551","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"app.exe","companyName":"Akick Software Pvt. Ltd.","productName":"Advance PC Protector","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ffa04f44fc86ee214dd89f2dd2196f04","hashSHA1":"1ba0dd9360d8f44aedb367ceac18977655ee6c51","hashSHA256":"b58ed5ec8fec8b825deb32a84191fce8027d07981168c8cb9a004efb70f165c3","digitalCertThumbprint":"A13BFD6D89F3EE248E4C3D07E81FE74D246A2AE1","digitalCertIssuer":"CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AKICK SOFTWARE PRIVATE LIMITED, O=AKICK SOFTWARE PRIVATE LIMITED, STREET=\"BAR BIGHEE, MIRZANHAT\", L=BHAGALPUR, S=BIHAR, C=IN, OID.1.3.6.1.4.1.311.60.2.1.2=BIHAR, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72300BR2015PTC024169, OID.2.5.4.15=Private Organization","sourceIndex":"3551","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searched SPYFU for www.k9tools.com, found under organic competitors","reference":"Spyfu.com","landingPage":"https://www.advancepcprotector.com/","directDownloadingLink":"https://advancepcprotector.s3.us-east-2.amazonaws.com/app0sd0hfh45dhhdy/advancepcprotector.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://advancepcprotector.s3.us-east-2.amazonaws.com/app0sd0hfh45dhhdy/advancepcprotector.exe","sourceIndex":"3551"}],"sampleFiles":["180816/AdvancedPCProtector-180809/1.0/Samples/advancepcprotector.exe","180816/AdvancedPCProtector-180809/1.0/Samples/app.exe"],"imageFiles":["180816/AdvancedPCProtector-180809/1.0/Images/ACR-048/ACR-048_software.mp4","180816/AdvancedPCProtector-180809/1.0/Images/ACR-003/ACR-003_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-003/ACR-003_software1.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-014/ACR-014_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-017/ACR-017_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-017/ACR-017_uninstall.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-017/ACR-017_internaloffer.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-084/ACR-084_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-168/ACR-168_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-168/ACR-168_internaloffer.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-117/ACR-117_software.mp4","180816/AdvancedPCProtector-180809/1.0/Images/ACR-124/ACR-124_uninstall1.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-124/ACR-124_uninstall2.JPG"],"nonDeceptorImageFiles":["180816/AdvancedPCProtector-180809/1.0/Images/ACR-065/ACR-065_install.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-065/ACR-065_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-017/ACR-017_landingpage.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-161/ACR-161_landingpage.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-163/ACR-163_docs.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-163/ACR-163_landingpage.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-163/ACR-163_internaloffer.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-088/ACR-088_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-160/ACR-160_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-099/ACR-099_software.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-099/ACR-099_internaloffer.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-168/ACR-168_landingpage.JPG","180816/AdvancedPCProtector-180809/1.0/Images/ACR-120/ACR-120_software.mp4"],"guid":"b07e4bf1-6e3d-45d7-9421-82dff3bf82d7_1.0_1","appID":"AdvancedPCProtector-180809","dateAdded":"180816","deceptorType":"App","name":"Advance PC Protector","company":"AKICK SOFTWARE PRIVATE LIMITED","version":"1.0","sigName":"Deceptor:Win32/AdvancePCProtector!003014017048084117168","firstVendorContactDate":"180914","firstAppEsteemReplyDate":"180915","firstResolvedDate":"181010","firstResolvedVersion":"2.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0,1.0.0.1,1.0.0.2","lastKnownDate":"180925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-10-11T06:02:45.0654458+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2455},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-065":"No EULA and/or Terms of Service or Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"Installer_mixcraft_8.1.412.exe","isInstaller":"True","productName":"Geraha","productVersion":"4.5","fileVersion":"2.4.3.7","hashMD5":"d17eaded233cd89fad67b267aaec922e","hashSHA1":"11a128e507e3c0114c482b6898b0acfc57719600","hashSHA256":"67042da73f451eabfb4a23f1c7e474f1e302251ff1a534691fe28db2e180147a","digitalCertThumbprint":"FFA93FC7407192EB6460AD30F7C850DA5C2F65D8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Source Quality (Alpha Criteria Ltd), O=Source Quality (Alpha Criteria Ltd), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6618208, C=IL","sourceIndex":"3417","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Searched SPYFU for qpdownload.com organic competitors","reference":"https://www.soft32.com/","landingPage":"https://mixcraft.soft32.com/","directDownloadingLink":"http://www.bimossic.com/qgRNCFDP7Oa+JiFafZ_kajGhN1Ui_mjBbWpsasbYBwvoX9b0eTtj6AsDuoRKMB2Vj4k+qHSIiXOEYR2ucedLVj1jDM3DIypm9YFrVdzCjt5yQpS5tIpzZ9sXt2WaGm3m_eQrVfhLFD7ok0hR+4Kte+1RFhq_RKuMgbv7203HJCG5ldR2dKqEewr6iOyPK6ZagznpeMTEdmnRGQMxbG2XhWlfVMX1iIuMvg1z3u4O5f8MTPPswu5iIatMBFYon2zowt_WXsBa_rbNqee7UsGLzjxYF5EA_NPYSGuqD7f0V+qNfJSHdTL_UDk3cuOhwSbdWsI4QbaIJHC0TvtVbSXBrJsduZi8okmhq1MWW3PdCP4oeG7i_UqPtRhlp+MmNL3sHg6Joz9IjTL6dSAAmu+0MDKB4_uGUMd74qoTv5G_JueA2RgRh3UG_+HJ8B8FZMlZyhHr81dVA91Ug7QbZcHUr24iLcYQN2xo8ExgJU9EVx0VWg_1Oe6YsO9R_r1Luvh6ZB_VlC5xtxiQzwKGVbeNSNbyK66SCjUmS7j+CZlDpUQV68lKbWv+zuuUeUlCvWu3dbXLJZU_CtxtQoBDKTSML98pLUNRPcE8MW_8de4nBXo6pSQBYfmxvvWdMDb10FH3xX+bYSzF-GywAAMRt7G5Hb4gjPBVU4JAD9m9PJEs02Bg7V9Ag35j4T_XvWRQKuq5cbxMA","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.bimossic.com/qgRNCFDP7Oa+JiFafZ_kajGhN1Ui_mjBbWpsasbYBwvoX9b0eTtj6AsDuoRKMB2Vj4k+qHSIiXOEYR2ucedLVj1jDM3DIypm9YFrVdzCjt5yQpS5tIpzZ9sXt2WaGm3m_eQrVfhLFD7ok0hR+4Kte+1RFhq_RKuMgbv7203HJCG5ldR2dKqEewr6iOyPK6ZagznpeMTEdmnRGQMxbG2XhWlfVMX1iIuMvg1z3u4O5f8MTPPswu5iIatMBFYon2zowt_WXsBa_rbNqee7UsGLzjxYF5EA_NPYSGuqD7f0V+qNfJSHdTL_UDk3cuOhwSbdWsI4QbaIJHC0TvtVbSXBrJsduZi8okmhq1MWW3PdCP4oeG7i_UqPtRhlp+MmNL3sHg6Joz9IjTL6dSAAmu+0MDKB4_uGUMd74qoTv5G_JueA2RgRh3UG_+HJ8B8FZMlZyhHr81dVA91Ug7QbZcHUr24iLcYQN2xo8ExgJU9EVx0VWg_1Oe6YsO9R_r1Luvh6ZB_VlC5xtxiQzwKGVbeNSNbyK66SCjUmS7j+CZlDpUQV68lKbWv+zuuUeUlCvWu3dbXLJZU_CtxtQoBDKTSML98pLUNRPcE8MW_8de4nBXo6pSQBYfmxvvWdMDb10FH3xX+bYSzF-GywAAMRt7G5Hb4gjPBVU4JAD9m9PJEs02Bg7V9Ag35j4T_XvWRQKuq5cbxMA","sourceIndex":"3417"}],"sampleFiles":["180811/Soft32DownloadManager-180808/4.5/Samples/Installer_mixcraft_8.1.412.exe"],"imageFiles":["180811/Soft32DownloadManager-180808/4.5/Images/ACR-039/ACR-039_install.mp4","180811/Soft32DownloadManager-180808/4.5/Images/ACR-048/ACR-048_install.mp4"],"nonDeceptorImageFiles":["180811/Soft32DownloadManager-180808/4.5/Images/ACR-065/ACR-065_install.JPG","180811/Soft32DownloadManager-180808/4.5/Images/ACR-152/ACR-152_install.mp4"],"guid":"9253fa87-e0b5-4096-b624-aa7ca78e2c67_4.5_1","appID":"Soft32DownloadManager-180808","dateAdded":"180811","deceptorType":"Bundler","name":"Soft32DownloadManager","company":"Source Quality (Alpha Criteria Ltd)","version":"4.5","sigName":"Deceptor:Win32/Soft32DownloadManager!038048050","lastKnownStatus":"Deceptor:4.5","lastKnownDate":"180811","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:37:05.6869943+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":537},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"adobe-reader.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"376f73c3b4565791c453f835e500cf8b","hashSHA1":"d6344371a353d3a37d1e6b8e423a9e420f356329","hashSHA256":"161f6e92671cd20f04ac9061cdd4cda5fc9818b7380df608a240551dfa6aff26","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3422","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"easy-video-downloader.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"50ebee7110e30845c557f27c491d77b9","hashSHA1":"f3c73b52d462127fbffc7cdbde4c4c594bda27d1","hashSHA256":"61a63e470e22ff6b5c2b997aadbde0e56351029368476bb307cfa30d3b9337db","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3422","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"shareit.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"d25cbfa74cfb8595bb4e3884611efd74","hashSHA1":"eb19321c910b3d84da245aed7f0ba624f37e5ca4","hashSHA256":"67fe0c010e0226e53c41c01286236b54e092e8c776e56d20092979b00fbeaf32","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3422","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"vlc-media-player.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"c31f837d043fbb632ea1f9893a3b55e8","hashSHA1":"42e55df73d7a6ae6c2961310b8ee763fd3f8aedf","hashSHA256":"1198bb3fca25a0c7f4bec6628d586a3a47755d71343a4b87f19fb93bac06a4b3","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3422","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.secursoft.net/","landingPage":"http://shareit.secursoft.net/","directDownloadingLink":"http://www.hebanhadic.com/LyEvSpHqJvgnGMVNcz6eGduXtXIT3kz7S3vMQmMuV965NR_pYCkZz4Zdsgd7diW+9ZhPZK4_HWtKOauRkllhJFut2+E1JOVd1kLH3E5a0x9cddR+6M46TZkFt3lxPNqlXrX1x6f5WI3aWNjOVlbvQxQc9CwpPpzPBrhh0ZLpiz+osKE9YKFnqoYNvAn37F24KJ3R9O1sIS6KmWFHTSRwUkeQOByQRZjpC_pdsxOFrOPhkC1aPS8x2jAugAiOP+x26LrgYAy6GO3i93bcBfL65mGMzWZarIOO_rghTSunTnXR1db5sqE15ArsQVbV1TPGR5DacL0xpSIO_zMCN_ia1bxHOVlpk7ereNaQIr3XAj7LK9jeKD07oWRJ5KMxhTiCnEi6xNnAa_0eKIfJDM8LTV3hJe+RL7wNt7r2PMMzMEDn6H+tFOse5Lw5wAvhrqG28OchFlvRdY_Arc1nZ9lK1L5wNqgmxDsvtfuRq8FEIGqTb6qzylI=-G04AAGRgnq2tSYjSCdiAA5fEskAHtBvLtk_r83ldAv1C2_l8GY9FljmM_W5PaPpO8uMp_jYStfUMzK56Q_0DNa3d4KACk4iSOE4yBI4z-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.hebanhadic.com/LyEvSpHqJvgnGMVNcz6eGduXtXIT3kz7S3vMQmMuV965NR_pYCkZz4Zdsgd7diW+9ZhPZK4_HWtKOauRkllhJFut2+E1JOVd1kLH3E5a0x9cddR+6M46TZkFt3lxPNqlXrX1x6f5WI3aWNjOVlbvQxQc9CwpPpzPBrhh0ZLpiz+osKE9YKFnqoYNvAn37F24KJ3R9O1sIS6KmWFHTSRwUkeQOByQRZjpC_pdsxOFrOPhkC1aPS8x2jAugAiOP+x26LrgYAy6GO3i93bcBfL65mGMzWZarIOO_rghTSunTnXR1db5sqE15ArsQVbV1TPGR5DacL0xpSIO_zMCN_ia1bxHOVlpk7ereNaQIr3XAj7LK9jeKD07oWRJ5KMxhTiCnEi6xNnAa_0eKIfJDM8LTV3hJe+RL7wNt7r2PMMzMEDn6H+tFOse5Lw5wAvhrqG28OchFlvRdY_Arc1nZ9lK1L5wNqgmxDsvtfuRq8FEIGqTb6qzylI=-G04AAGRgnq2tSYjSCdiAA5fEskAHtBvLtk_r83ldAv1C2_l8GY9FljmM_W5PaPpO8uMp_jYStfUMzK56Q_0DNa3d4KACk4iSOE4yBI4z-e","sourceIndex":"3422"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.secursoft.net/","landingPage":"http://vlc-media-player.secursoft.net/","directDownloadingLink":"http://www.hebanhadic.com/WHdvIDLHW7z_5CixPo4T2F36tk3qw+tRRkIpGDoCwzdC18PoWtl8YI4ocs0YRO2m7rlDUUaBpLGUiMyM1sCFNibQlHj_haprziaoGJCLTtM3RKcOR1L+FTtQHsd3uYGVYwuuboLeimfDK7FM8OW85CFc034UQbjbgIfEbudtpLTOmuQ5lFd7xG9lDgYSx3OOtDhZLnWXzK6E55l9LadFwl6FBjrw7_fckeJVSZ5mAQT6etYonVwdyrWuo__R0AFKge9F4rRn4zPbHzoe6wd6tqV_BbiuA2RZdSwB3lsqUZUeNkHXTpN7W513oy+u0JP2KCO1B2pyl5knmJ+z7Sy_uqjF41e6effaXolZELC4+9vvigMlfoxThh4aT7ePRjNx96333Ryvuos099A2eynJGAZYyw44VBOOTlgss3M5UU1ebwtmCXL_x4tcNOM2_13d2vl7zfrR4Xb28UBgtkS2SoalLVUmQlR+cEMwS4Mt3goU2gxrEyKMrNMwyNp2EG7AMTUliaKw-G1cAAGRgnq2tgUpgNE7YgAOXMKFBA7RhY+w8URpteJ7jEuQLjdu2N8uiJhH8XmqQFNQ_ofbbyvcj_kud3s14OB7H0tMqZN3gG32AVkRJHCcZgqQZ-e","ipv4":"","ipv6":"","sourceIndex":"3423"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.secursoft.net/","landingPage":"http://adobe-reader.secursoft.net/","directDownloadingLink":"http://www.hebanhadic.com/Yg6sz72CoqrRdD2QLcbrUck3CT7HPU9JtCqa5Q_QvJEIDr4kNxcHGyBpwl6juQ93EsSYttnPODbZ3JcCo8E69WJ_rSlk6koAFQ7sR2HvJBMQjnqc0+MEEWdBLXVY00m4_3YXrMtAcTP5dDCCokaLRR4W0L23XyiORMytpVKcsMgssEUzG73lFvbb11Zvey++MWEjf3NOp+Dd6eKBxnUlsmIXgBA2H9sLp+Oh8CiUrOW1_SzrEAciP2shl4J6vS5dFrSs36NC1g7GujiZ4j+MMBSqi_x+EeJMQbst0CjYMceSlD1z2Wc9KXkHGaZBnguCWLyUZ8rWo3ld6ZT8izp_O3hgAM7AES53+KbEg_yWxEmn9JW2sCPpL2dGuAT2jWGW9YaRu+6va5GYQ_c7ALyGjHeqvd4UlblC7+S8uO4pz2sR3R1J864AVW2f3i0NHll2xHKOL4BJEdgGyxlXlXO1PSwCjZMZAEfuPkAOlws4dSQcYb7mGbU=-G1MAAGRwXmtr8+WQwAoINuDAJQp0G3RAu7PN+7S_730J8IuGdd3q2ShJhMMVIr_NiZq_sa_bTMZTWoqNUa8V8njYns4nRQcak4qci4ogyRw=-e","ipv4":"","ipv6":"","sourceIndex":"3424"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"http://www.secursoft.net/","landingPage":"http://easy-video-downloader.secursoft.net/","directDownloadingLink":"http://www.hebanhadic.com/fA47Sp0qmZtDsDfM6xtwouQbd5VI_xnJL5DnfVZpVyyhlQJDF1gvm5TXNhw7Lsezc415mhqZHbtIx99Lxt_khrAkoeLHi_qPulGsb8oGeIjypmxvDXOfE++Vr4FCwmfnUZ6ka2Vhl6BQZeXZa0clEOEPbaLH6MusbahhjxmIlI41_5Jc7M++C_jH2ZjpqMWxKRpv7gWDMUrhQ+BShK_1QjcDa2wFo7jMawtzfEw9skNJBV+ZCwnTvExUS11enDbQlPOCklcnS9EgyKX74xODZqiSGMsCUMluftW3hjq5Q11OAek6PLUfEsDi+T7da4x+V8xsWKLIs3VzjRuBWslovDmx338pLIYWfKpp_b3FIHhXYZ_9_SnIoo+l6FgXTKBEdM2mrAYapejZbUdpQiTid9xYQBKaL+h9nTzsL95H58YjwU5xUWR5Oy8FephXZs5xcJIXj9rAySKpJOdN6O2pgrwSx6vPvTpv6Wq1fotlrwUy8JGMSk3HVrRRnZ7K8RInEkGllyLs-G1wAAGRsXWvX8ESl1gGBQw5cbm3Nw0ADtGBy+HyRxtqe53oJ9Iu6eV7KsShpjHcX5AxN32pH1Vvpx6mWARO4v1F848atiyUaTp7QD6hUkqVpVmB4lgQ=-e","ipv4":"","ipv6":"","sourceIndex":"3425"}],"sampleFiles":["180809/SecurSoftDownloadManager-180806/4.7.4/Samples/adobe-reader.exe","180809/SecurSoftDownloadManager-180806/4.7.4/Samples/easy-video-downloader.exe","180809/SecurSoftDownloadManager-180806/4.7.4/Samples/shareit.exe","180809/SecurSoftDownloadManager-180806/4.7.4/Samples/vlc-media-player.exe"],"imageFiles":["180809/SecurSoftDownloadManager-180806/4.7.4/Images/ACR-039/ACR-039_install.mp4","180809/SecurSoftDownloadManager-180806/4.7.4/Images/ACR-048/ACR-048_install.mp4","180809/SecurSoftDownloadManager-180806/4.7.4/Images/ACR-059/ACR-059_bundlermadeoffer.JPG"],"nonDeceptorImageFiles":["180809/SecurSoftDownloadManager-180806/4.7.4/Images/ACR-044/ACR-044_install.JPG","180809/SecurSoftDownloadManager-180806/4.7.4/Images/ACR-065/ACR-065_install.JPG","180809/SecurSoftDownloadManager-180806/4.7.4/Images/ACR-152/ACR-152_install.mp4"],"guid":"2c7247fd-2d1c-4d23-b976-dc98d2d9646a_4.7.4_1","appID":"SecurSoftDownloadManager-180806","dateAdded":"180809","deceptorType":"Bundler","name":"SecurSoftDownloadManager","company":"Innova Media d.o.o","version":"4.7.4","sigName":"Deceptor:Win32/SecurSoftDownloadManager!039048050059","lastKnownStatus":"Deceptor:4.7.4","lastKnownDate":"180809","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:35:29.14074+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":539},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"itools4_setup_4395_ir.exe","isInstaller":"True","companyName":"Lite                                                        ","fileVersion":"0.0","hashMD5":"75449f880d3e9613c4c46f0deac5df59","hashSHA1":"fe8da5db91af8c86e08dffd851c5f6c3bd7156af","hashSHA256":"c1722d2a240816276c3f58895946c5198525dccc2076e75025c2d8e1cc609ad4","digitalCertThumbprint":"E4B077B218AA3C20B2F1E8E9E93C67CE5562E71D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Mode Supreme (Alpha Criteria Ltd), O=Mode Supreme (Alpha Criteria Ltd), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6618208, C=IL","sourceIndex":"3426","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"jre-8u181-windows-i586.exe","isInstaller":"True","companyName":"Lite                                                        ","fileVersion":"0.0","hashMD5":"82b398ceb25d142c0ffba0f00c1334be","hashSHA1":"1e3508adacc5dc1ea04f05369bc50f654808505d","hashSHA256":"86d5b13a8b693ccecb2b29763ef7835c9cd88a9aa9c4974481c422e1509f0f99","digitalCertThumbprint":"E4B077B218AA3C20B2F1E8E9E93C67CE5562E71D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Mode Supreme (Alpha Criteria Ltd), O=Mode Supreme (Alpha Criteria Ltd), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6618208, C=IL","sourceIndex":"3426","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SHAREit-KCWEB.exe","isInstaller":"True","companyName":"Lite                                                        ","fileVersion":"0.0","hashMD5":"a0ef78ddaa833aea54c5f0f26a2bea0f","hashSHA1":"49215d3e8cc606d432834fdfb1347fbf1dffc201","hashSHA256":"a7e1deda16153f044447d3e7caf1febcbeeaade9ece0749df0e912a4d3402bff","digitalCertThumbprint":"E4B077B218AA3C20B2F1E8E9E93C67CE5562E71D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Mode Supreme (Alpha Criteria Ltd), O=Mode Supreme (Alpha Criteria Ltd), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6618208, C=IL","sourceIndex":"3426","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Silverlight.exe","isInstaller":"True","companyName":"Lite                                                        ","fileVersion":"0.0","hashMD5":"b19f33bf40d53785c5f6bda6da87de46","hashSHA1":"d70110c91cf655667754338bee0c4e0807ce9b91","hashSHA256":"78530a030613abe0d3ef7f5519e4ae32d0879fdade39ba9943537aff1be69f45","digitalCertThumbprint":"E4B077B218AA3C20B2F1E8E9E93C67CE5562E71D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Mode Supreme (Alpha Criteria Ltd), O=Mode Supreme (Alpha Criteria Ltd), STREET=28 Begin Menachem Rd., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6618208, C=IL","sourceIndex":"3426","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"filehorse.com","reference":"filehorse.com","landingPage":"https://www.filehorse.com/download-itools/","directDownloadingLink":"http://www.namehpeneni.com/67Lmx4lmK+eyXDW0Z0oKLBC6T_ixm2uZAd_2MxLaH8_kF5YlIiuzxL8QssRm8JTjPkdJqbGxag7BGLqoLGIqgVFh+6zeusgxcc6f+vt90X7Or8Z_5Mpzxh_R8fv3v8iBYrV9tT1j8O1SZJK+TLd9LRl2Xf_1RZuZ9dRd5sxEQ4UI2wl885UCjsl2k0eD8o_UjwVKtj+WwWkv9P3zpLiEATEUQFX7TyjFky3kUD_FZNA9TW+WQV2OXz_9shRF+_C94kKiP89uaxts9OPs1n0eEk5rK6n2AiL3hRjq+9pZneTqHoW2ahTXocTKWg9b_wtkFs+JS99sgiWo0b56KUMgyrm74I4ZcCwLJMSI_1tUPz2mVxlMDvu6OI+FU9_a4Lqk9WJXDWQv-G1MAAGRwXkzb7g6oQQCHHLD_W5BgwBh4DJ9rpYjTuuvaJkH63hpsiI6iXYS+iP+wOVcUtn0X2rieoh+jl1gbT48FlqgEy_o9BqTzmbgUAg==","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.namehpeneni.com/67Lmx4lmK+eyXDW0Z0oKLBC6T_ixm2uZAd_2MxLaH8_kF5YlIiuzxL8QssRm8JTjPkdJqbGxag7BGLqoLGIqgVFh+6zeusgxcc6f+vt90X7Or8Z_5Mpzxh_R8fv3v8iBYrV9tT1j8O1SZJK+TLd9LRl2Xf_1RZuZ9dRd5sxEQ4UI2wl885UCjsl2k0eD8o_UjwVKtj+WwWkv9P3zpLiEATEUQFX7TyjFky3kUD_FZNA9TW+WQV2OXz_9shRF+_C94kKiP89uaxts9OPs1n0eEk5rK6n2AiL3hRjq+9pZneTqHoW2ahTXocTKWg9b_wtkFs+JS99sgiWo0b56KUMgyrm74I4ZcCwLJMSI_1tUPz2mVxlMDvu6OI+FU9_a4Lqk9WJXDWQv-G1MAAGRwXkzb7g6oQQCHHLD_W5BgwBh4DJ9rpYjTuuvaJkH63hpsiI6iXYS+iP+wOVcUtn0X2rieoh+jl1gbT48FlqgEy_o9BqTzmbgUAg==","sourceIndex":"3426"}],"sampleFiles":["180809/FileHorseDownloadManager-180809/4.8.2/Samples/itools4_setup_4395_ir.exe","180809/FileHorseDownloadManager-180809/4.8.2/Samples/jre-8u181-windows-i586.exe","180809/FileHorseDownloadManager-180809/4.8.2/Samples/SHAREit-KCWEB.exe","180809/FileHorseDownloadManager-180809/4.8.2/Samples/Silverlight.exe"],"imageFiles":["180809/FileHorseDownloadManager-180809/4.8.2/Images/ACR-039/ACR_039_INSTALL.mp4","180809/FileHorseDownloadManager-180809/4.8.2/Images/ACR-048/ACR_048_INSTALL.mp4","180809/FileHorseDownloadManager-180809/4.8.2/Images/ACR-059/ACR_059_BUNDLER-MADE-OFFERS.PNG"],"nonDeceptorImageFiles":["180809/FileHorseDownloadManager-180809/4.8.2/Images/ACR-044/ACR_044_INSTALL.PNG","180809/FileHorseDownloadManager-180809/4.8.2/Images/ACR-065/ACR_065_INSTALL.PNG","180809/FileHorseDownloadManager-180809/4.8.2/Images/ACR-152/ACR_152_BUNDLER-MADE_OFFERS.mp4"],"guid":"4e8c2600-1e90-41f7-8500-f9fa4c2e8b26_4.8.2_1","appID":"FileHorseDownloadManager-180809","dateAdded":"180809","deceptorType":"Bundler","name":"File Horse Download Manager","company":"Mode Supreme (Alpha Criteria Ltd)","version":"4.8.2","sigName":"Deceptor:Win32/FileHorseDownloadManager!039048050059","lastKnownStatus":"Deceptor:4.8.2","lastKnownDate":"180809","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:34:41.3376955+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":540},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"No attribution for the download manager (yepdownload) is shown.\n"},"nonDeceptorViolations":{"ACR-044":"No attribution for the download manager (Yepdownload) is shown. Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-092":"The download manager is unsigned.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"avast-free-antivirus-17-2-3419_3936236040.exe","isInstaller":"True","companyName":"Natohu                                                      ","fileVersion":"0.0","hashMD5":"4eb01beb84b807b97282cf0252ef1da2","hashSHA1":"88a38fe40cc287c1031313949247e13dd439666d","hashSHA256":"ce92d2f1e70ccae9d51fb446b61950222b7d60791c8655b3646a97bf28dabcb2","sourceIndex":"3418","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"recuva-1-53-1087_4143228978.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"ff818f114588b2f94ba60515e2f6f258","hashSHA1":"886acdb18dada2890e075403e9c1ab267a8458b9","hashSHA256":"9ada5e648cbd504158cd80537632f2da43690837550a6c67a99b66ad23d63e0e","sourceIndex":"3418","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Spyfu similar sites to www.networkice.com","reference":"https://yepdownload.com/","landingPage":"https://yepdownload.com/recuva","directDownloadingLink":"http://www.heninocegfib.com/1s8I5l+TkWWBIdULeuKKN1+j9uNubOc9op3ZxenQGBpmgULMvuOJzbu0BgTcmZmu4XKnV5WZuQp6cmt8TjQ9BhnW04qYM+OavYfGNC58HwgWg5R+IlkojwRyLDalphrnxQnMGfjZ5TV4ma32Ue5OmQ8l5eVxJZWbiZsj87oeUZSLIJvZsEMFwrChzdHscEuYNUX4bzBQ0ormX6U77i8UPkU0Pu1QP5ZPFLWt_M9SG0w+VoqoNQIcB0HFMyEwDE+ODMf4lsq0XxY2HVbN7_Ub5LIISDcDTzoU7Wm9mOGMArwr0ArfimkrNHxdo5nbxPOxeCFvbAgGZwH6VOnLD4XYZfOcvl2DIw7zeqpW13uLEcU6FXXC8bC9vFMm9pMrmpWtwYhBP4TSlR1GDVIeOinpu3zHOKZ0hvrVd9cIZKMnl9k2qXkVVMFwK3E_d6s2jRDal_en_a7FuX6oX9h5waCB7txCrHscQw==-GxYAAMRTFptazKbYBeXliSiFfb21hFex4AU=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.heninocegfib.com/1s8I5l+TkWWBIdULeuKKN1+j9uNubOc9op3ZxenQGBpmgULMvuOJzbu0BgTcmZmu4XKnV5WZuQp6cmt8TjQ9BhnW04qYM+OavYfGNC58HwgWg5R+IlkojwRyLDalphrnxQnMGfjZ5TV4ma32Ue5OmQ8l5eVxJZWbiZsj87oeUZSLIJvZsEMFwrChzdHscEuYNUX4bzBQ0ormX6U77i8UPkU0Pu1QP5ZPFLWt_M9SG0w+VoqoNQIcB0HFMyEwDE+ODMf4lsq0XxY2HVbN7_Ub5LIISDcDTzoU7Wm9mOGMArwr0ArfimkrNHxdo5nbxPOxeCFvbAgGZwH6VOnLD4XYZfOcvl2DIw7zeqpW13uLEcU6FXXC8bC9vFMm9pMrmpWtwYhBP4TSlR1GDVIeOinpu3zHOKZ0hvrVd9cIZKMnl9k2qXkVVMFwK3E_d6s2jRDal_en_a7FuX6oX9h5waCB7txCrHscQw==-GxYAAMRTFptazKbYBeXliSiFfb21hFex4AU=","sourceIndex":"3418"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"https://yepdownload.com/","landingPage":"https://yepdownload.com/picasa","directDownloadingLink":"http://www.heninocegfib.com/bGCsFCDA31eBGN0N4ot+VVyiaAUmPWEKNhLwmLylJvj7o0jtUKZx2TXEdSkShxQQuGIcdO66TPQoNdPqwssCmy_5EINihvC2+p__596nfPFS6RqnlSNdzieWRfbtRYBWYR2Lh41XmNgLrdn37tP9JppAUUs4R2UAaZymWKJ1aUtYmWaI3J5kKyrlxzgmKqhXMB+M+6KF9JnyNgM0zEM5ijrB9KSL8NOLsfjd_ehGH9Kn309_OHczjx2AbsYNBL1+KdGlb1XAfxP8+VzsRObpQpTEQGZgNXriHk4expnMfevCYRCG483jRoohwJaNOXo07KSyP5b1hPwz3C+Cvs3kR436OIo4uWBREKFK9VZnMkFoycc4sIt5PgVKvBUJ+5vB5nzulYzsl3pt8Olq5GIKWfTPewtytjCgI_yI40SkajJl13MluvnbL4B7KhVEcRZJ4+hFXlq_MddB9FCeihqkNU0QXgudwBUm7o1LoYNUVVn2gBsZ3I4=-GxYAAMRTFptazKbYBeXliSiFfb21hFex4AU=","ipv4":"","ipv6":"","sourceIndex":"3419"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"https://yepdownload.com/","landingPage":"https://yepdownload.com/adobe-shockwave-player","directDownloadingLink":"http://www.heninocegfib.com/riTgsnKSFJQoTvgoGLVBd5xDF9ha73EFj0CEWs38blyykyqG9sGizSj7Db2XYebBCWxtXJri4gFw+V+NroHdlhmGS8k+KuyL9BrpDrnc7BhKEa7kBtWtuI6nqdhLv9OfNDb7zjZk+lR2fm7H7KM0QMAok+ajwh1skf_bBAM+yLPfY7mEUHrWOXovtJ2w45YWCS5bm0zV_HcQjmZ4iwKBuCfd7Jwj+JGYUoeQ_EKDsP0iEcR98xjbPua5jE6oyx9pDnPzXZ4LP2Xp4cMCTsbUIdRbYf7q+cG4xVyGwMBm4SQ586sh5OVK_dkD6nBd2nw8ZLH_X4WD6MUDhGbnCjFAOFJ21M6sJyMgkoQuFb1eoNITqLx9VmSC1XtVR8lR37VGQUDmQNykZwpT9VRsy+1sdHh5_z7jw+D1257BOsPwUnuuk6wnbjZ8NahjODUmAf2h5oJjeP6E_zitmctMC_Ap_7VTouHN1h80G8aumY9umVJK+aUASbDibDZi76Fq52EcH9um1szI-GxYAAMRTFptazKbYBeXliSiFfb21hFex4AU=","ipv4":"","ipv6":"","sourceIndex":"3420"},{"howFound":"Spyfu similar sites to www.networkice.com","reference":"https://yepdownload.com/","landingPage":"https://yepdownload.com/avast-home","directDownloadingLink":"http://www.heninocegfib.com/_4qlLZ_kgwGViwE42aaetNhdy1NouzcGrPEexgec5__d8q7SH_fzkS55kH6xGrZWKqmo43f85YkPr2HFORuB7tizAMm3COFb12NKjSiZviTH8l_Fffjy8kyjVckKx6bP2I_9LqCy25R9LXJoSES0o1gtj7yY4DSuHi+CuYE2C3zQqle+J1fMHMBtUNW045lMDbAULAm8qsRdjT9eKINk+1hCO3wJdLEuvIgTu81s62Cdw0dCCnuXynIiy0CNV8Jwkc_pudQgS0Du5GJxIFbTPQFxnzfVZsUjaU6iSBjd+CITeaLqZ0HAbWNb21NYbpDGDDNxSMoHj0sFLLxUxD3+sUmfwCiHSTqVg237cgSyGyBmyu7etPZFqX8Ezgv1v0iEtOfCnhibDBPKPzbyOWgmCklaRHPdU_sbMAwZG5Gb7+4hYIPJ_gm6AQthFFEzLLkN7kkLuR4kuIbS7bTkFgYd30nwS77pmKIFX+ibZb7M+4YzYVuDdog=-GxYAAMRTFptazKbYBeXliSiFfb21hFex4AU=","ipv4":"","ipv6":"","sourceIndex":"3421"}],"sampleFiles":["180809/YEPDownloadManager-180806/4.1.6/Samples/avast-free-antivirus-17-2-3419_3936236040.exe","180809/YEPDownloadManager-180806/4.1.6/Samples/recuva-1-53-1087_4143228978.exe"],"imageFiles":["180809/YEPDownloadManager-180806/4.1.6/Images/ACR-039/ACR-039_install.mp4","180809/YEPDownloadManager-180806/4.1.6/Images/ACR-048/ACR-048_install.mp4","180809/YEPDownloadManager-180806/4.1.6/Images/ACR-059/ACR-059_bundlermadeoffer.JPG"],"nonDeceptorImageFiles":["180809/YEPDownloadManager-180806/4.1.6/Images/ACR-044/ACR-044_install.JPG","180809/YEPDownloadManager-180806/4.1.6/Images/ACR-092/ACR-092_software.JPG","180809/YEPDownloadManager-180806/4.1.6/Images/ACR-152/ACR-152_install.mp4"],"guid":"9ad3769e-4258-4069-a689-9a05e045e9b3_4.1.6_1","appID":"YEPDownloadManager-180806","dateAdded":"180809","deceptorType":"Bundler","name":"YEPDownloadManager","company":"yepdownload.com","version":"4.1.6","sigName":"Deceptor:Win32/YEPDownloadManager!039048050059","lastKnownStatus":"Deceptor:4.1.6","lastKnownDate":"180809","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:36:08.4982089+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":538},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\".\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-065":"No EULA and/or Terms of Service or Privacy Policy is provided for the download manager.\n","ACR-035":"No EULA/Terms of Service or Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service or Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"360-total-security_4002887827.exe","isInstaller":"True","companyName":"Kato                                                        ","productName":"Ceho","productVersion":"1.1","fileVersion":"3.8.3.5","hashMD5":"26bd17e9c76b150a91f54e8d12749ab9","hashSHA1":"58f1768543a8c35e9493622ad09a9394f7932432","hashSHA256":"10daacb62c903b8a9e6130d2006e0a568ffe5d2fb631dc21a586ea712a33c33e","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3427","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"http://www.networkice.com/","landingPage":"http://pro-privacy-guard.networkice.com/","directDownloadingLink":"http://www.vaultmegaclear.com/SIObxNdkkP+_GjI0opfeeBeJqdwAK7CcK1r3C8QZ25tBqz3EH7fOFllDhGhp1Qex_BIKKDxmR78uTQF7NxKKET0QdRKnRHOkqwl6T_JVPp6+JOIDmaVg9Wc9uPTu84noR0IT+6Wjkfa1CCzeOTT24qBq3uruzRpFIMFNU2kWpOw7JFR9olrkzRlQ_ftcuZzNgeySvyXFuNWKNbEb1Tya3YZSj_RA5cZi5q04wDggGqBd+7+i6T6b9Fl_tcFrGU0mqaFqdgKz7Tjyaeh9jGW_eHc1nkjQypWr8DJszwbrLe5qHvpSXVMZibwR_gLOsfA9mIwnfcUmPpNpdIIskES6TdZsTAhiEU6B1glWBnylV6EElMR5A35aM2lzufGLWDwj7gQWyGAkoaHHDqzhtTpaaF_Otsbd4KA+CILQTplCzj_sd5GPF4iUb+NQFCQrTLhyGlgJVCyhQtl8L5_0jWUWdGLPsWg8myxRRlF548_KywLy9cioHCaGqkKS8ezCZ8NZ_KOjAzmkUzgMu5VrrWpoZNTOOoBrdA==-G1gAAGRgnq2tSYzCRdiAQw0EIgp0UDuz7Wt9vW5LyC+0XS7X8VTEModvjyt42j7d8AeXd_cYoek3yc+XaLY_L75nGrJfHiXua7mWgacUmESUxAiGxBmCBA==-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.vaultmegaclear.com/SIObxNdkkP+_GjI0opfeeBeJqdwAK7CcK1r3C8QZ25tBqz3EH7fOFllDhGhp1Qex_BIKKDxmR78uTQF7NxKKET0QdRKnRHOkqwl6T_JVPp6+JOIDmaVg9Wc9uPTu84noR0IT+6Wjkfa1CCzeOTT24qBq3uruzRpFIMFNU2kWpOw7JFR9olrkzRlQ_ftcuZzNgeySvyXFuNWKNbEb1Tya3YZSj_RA5cZi5q04wDggGqBd+7+i6T6b9Fl_tcFrGU0mqaFqdgKz7Tjyaeh9jGW_eHc1nkjQypWr8DJszwbrLe5qHvpSXVMZibwR_gLOsfA9mIwnfcUmPpNpdIIskES6TdZsTAhiEU6B1glWBnylV6EElMR5A35aM2lzufGLWDwj7gQWyGAkoaHHDqzhtTpaaF_Otsbd4KA+CILQTplCzj_sd5GPF4iUb+NQFCQrTLhyGlgJVCyhQtl8L5_0jWUWdGLPsWg8myxRRlF548_KywLy9cioHCaGqkKS8ezCZ8NZ_KOjAzmkUzgMu5VrrWpoZNTOOoBrdA==-G1gAAGRgnq2tSYzCRdiAQw0EIgp0UDuz7Wt9vW5LyC+0XS7X8VTEModvjyt42j7d8AeXd_cYoek3yc+XaLY_L75nGrJfHiXua7mWgacUmESUxAiGxBmCBA==-e","sourceIndex":"3427"},{"howFound":"Hunt.DownloadSite","reference":"http://www.networkice.com/","landingPage":"http://360-total-security.networkice.com/","directDownloadingLink":"http://www.cehoronek-taca.com/LkUIAYo7Xj8junbl9fww5wrKOYqGas1Pn+Ye2fagUwMI+VRCPkq+G_oMT9o2_fyENvKH08dtBaTP17ZOLhQK12MNgiwf865f6pVIW80PSdz7SLrRMJHqBYowUP6q9OjImdtojSvgZK41fLf_Fys5urzlNuq3Szq42cVzTsEWObv8KJm+fUrJn11bWZ+xXQZDKbkiFJVxHKtnYNOY4RePaOylrKYgn5IHYERjIWHgA45qqkQXevcVbKhqmChgcOtJ1Ctd50rlZboekNuLehzkh2Cw5qh11gLh+BDG2XYNe+JodwlMa8dhu_2O+ET2RALngV+g1d6tEVtcjkvRGQ54SMxlv0V9+sDz5Gb+pWv_HTJzU_pHVB2EJn9TOXiTFVeuBOJhMgsGEHo_AXGgZWMAk2t0I3T5UQSEHb234jKKHK4nUxdiB6wv8RT9AN+rEim6_U4j7CxGWFeP5j498IrOWCy529+sHyTEAFgHiU6NOnYX6+EYkrwmgVYVtbjNUVCrKdb09kPc0q6ZiNXjPKsJLunEcqTECQ==-G1kAAGRwXmtr8OFQwWzDBhy4ZIkNGqDdVrZ91l3XtgT6on5Z1moqahJhrghUCpFzf_2o_mrvvBxC6izXzjWc70Iby6DKm4m2oHao5JwzxQ0K","ipv4":"","ipv6":"","sourceIndex":"3428"},{"howFound":"Hunt.DownloadSite","reference":"http://www.networkice.com/","landingPage":"http://teamviewer.networkice.com/","directDownloadingLink":"http://www.cehoronek-taca.com/kuGjo_ARL1bMs769Hv8aHBfQq7NCWNi7JUKdjKXSHMk7RE0OxK9ZSuXeZyo_X7tebCLndJGZJQgpP5zEcTw1C39RsteAvrfCrxNZ05tx2EaW2GZFu4xRzNcP4+KDrKppFW3+wvmpm7lOWXHoN8YmLyHcpWQca5F93dJpDEFk2mVxG4zAIluSyuDhoRBoKFJluNVWZy46Aj2w8VbEAtj5UtvbhbEsbFvfLelqEpv2jri7Wt1SxGaZZze0dcYgq45heNhhI5NyX9HHAxuGnE0xFTO59H1D8m4sMS5e5lQTSZaD2rjQj3sQRss4MK3pPH_iAG3Cy_rFPWOYNtMR2r7LWW4Edk7ObwPmTlyiEJRy7a9_e8K+gUUH_KCvBFOQuYZZN_x10XbvTtwencChrTlm_CjMU7zip0oS_NRpnMJttybATgCRnrMCba5CSaJuL4BEQklEeJZ22u0B8JzqXP3675fRH9+FGm8IHqG2Nk8NR3fI6IG3SivyXUxOX+o87Psu2gPUkq2Z7Tjqiw6YlCkSW+hF+6QTNQ==-G1EAAGRwXmuL281EdBMccsD+XSgMNEALbsDORaP2971fQv3CYV23el6ULEEhYL7NCZu_Ua9bfis_6bs0tanRWXbceoyYrD_QyDhNkiTBUCwP","ipv4":"","ipv6":"","sourceIndex":"3429"},{"howFound":"Hunt.DownloadSite","reference":"http://www.networkice.com/","landingPage":"http://folder-lock.networkice.com/","directDownloadingLink":"http://www.cehoronek-taca.com/hjSMz8RaOt3oarT6M85n182SB+7pMi+mRBI4mAok4PZeAuwRtkmHb1iX3tUzrx0KK4cp1qojVtWLKO5sQzBHaak1pMnE+otmHt6lpLmIoj5Vc+spHc3_w8+ls3E1Le4QhFyrdJOw7+7hjKu2KOsZ_G+ydh8n9jXz5cujzVlFazT_OdpHRjgNCXMVUaLOUEscO28wh1XeGrON3E42ziZgXs+Ofa4wQZmYOvLJmg2_XU_IodapYiqKVJi83z9W0RR+1Mtj5nNm9FKLzZ1K6SQhKnPRf28Zwf+mC9A2cAsG7s6k7wkBjm56HRTX6evXBgIYwBF_OgBwVFlMMCCJJPVAvu8TQouN7vY2FUNTcySN1zjGmBiwAPWXvP+zlSLsFqFpICh5ymlPU7ljiX+6uUK11oLh6x__bs+BCG2rsl3Sl788DuJ6j3WHsa2YoP4UFSp0kEiWCBlnir_0gLAsPnyPU3I5JPZtbKOxlGl7nvq88thSjm+drMg=-G1IAAGRgnq2tAU4QT4BDDlxOF2wLKEALNsbOFoX4ZX+_75MAv9Dher3NZ6MmEbxewxOs9oSW_yK_3mLZ4XfCD53yN7K2XiarpXdLACwiSuI4jlEkyQA=","ipv4":"","ipv6":"","sourceIndex":"3430"}],"sampleFiles":["180808/NetworkIceDownloadManager-180427/2.0/Samples/360-total-security_4002887827.exe"],"imageFiles":["180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-039/ACR-039_install.mp4","180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-048/ACR-048_install.mp4","180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-059/ACR-059_bundlermadeoffers.JPG"],"nonDeceptorImageFiles":["180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-044/ACR-044_install.JPG","180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-065/ACR-065_install.JPG","180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-065/ACR-065_docs.JPG","180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-035/ACR-035_docs.JPG","180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-037/ACR-037_docs.JPG","180808/NetworkIceDownloadManager-180427/2.0/Images/ACR-152/ACR-152_install.mp4"],"guid":"03c2bff3-eef0-4d49-8a6f-c4928a71e7e0_2.0_1","appID":"NetworkIceDownloadManager-180427","dateAdded":"180808","deceptorType":"Bundler","name":"NetworkIceDownloadManager","company":"NetworkIce.com","version":"2.0","sigName":"Deceptor:Win32/NetworkIceDownloadManager!039048050059","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"180808","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:33:56.8163491+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":541},{"violations":{"ACR-007":"The logo and name that the app uses misleads the user to think that the app is provided by Instagram.\n","ACR-103":"The app does not have its own value, the app just launches the instagram.com webpage.\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The application was installed in AppData hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The app is named instagram2go but is referred to as \"INSTA TIME\" in the docs.\n","ACR-092":"The app's certificate has been terminated.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"Instagram2go.14.1806.1inst_pa.exe","isInstaller":"True","companyName":"Instagram2go","productName":"n/a","productVersion":"n/a","fileVersion":"14.1806","hashMD5":"a11de375543f3e6b812079002b33f4ee","hashSHA1":"c344134230f645c9431d7514be4575f078192183","hashSHA256":"d324ed92399f59341f32e82e32f6bdfa898bea7e57d828244e09ff7441c7e770","digitalCertThumbprint":"28170E1A36B99A2E4D9AE0DB5AFEBE06C704E217","digitalCertIssuer":"E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US","digitalCertIssuedTo":"E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US","sourceIndex":"3251","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Instagram2go.exe","isInstaller":"True","companyName":"Instagram2go","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"1fb72d33a841c1a2ca406b6f32bc4dc4","hashSHA1":"7d414eac988afcc6aecda2bb377557887bf5e195","hashSHA256":"383365c81c8e5e53dc48f862da529df0781253deec935e947f90d2cce98ac5cd","digitalCertThumbprint":"28170E1A36B99A2E4D9AE0DB5AFEBE06C704E217","digitalCertIssuer":"E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US","digitalCertIssuedTo":"E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US","sourceIndex":"3251","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"install","landingPage":"https://inst.dist-app.com/inst_pa.html?c=inst_pa&cid=$%7BZONEID%7D&subid=35231607740706816","directDownloadingLink":"http://utilsserver.herokuapp.com/appdownloadurl/Instagram2go/inst_pa","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://utilsserver.herokuapp.com/appdownloadurl/Instagram2go/inst_pa","sourceIndex":"3251"}],"sampleFiles":["180801/Instagram2go-180730/14.1806.1.0/Samples/Instagram2go.14.1806.1inst_pa.exe","180801/Instagram2go-180730/14.1806.1.0/Samples/Instagram2go.exe"],"imageFiles":["180801/Instagram2go-180730/14.1806.1.0/Images/ACR-103/ACR-103_software.JPG","180801/Instagram2go-180730/14.1806.1.0/Images/ACR-103/ACR-103_software1.JPG","180801/Instagram2go-180730/14.1806.1.0/Images/ACR-007/ACR-007_software.JPG","180801/Instagram2go-180730/14.1806.1.0/Images/ACR-007/ACR-007_software1.JPG"],"nonDeceptorImageFiles":["180801/Instagram2go-180730/14.1806.1.0/Images/ACR-040/ACR-040_install.JPG","180801/Instagram2go-180730/14.1806.1.0/Images/ACR-065/ACR-065_install.JPG","180801/Instagram2go-180730/14.1806.1.0/Images/ACR-002/ACR-002_docs.JPG","180801/Instagram2go-180730/14.1806.1.0/Images/ACR-092/ACR-092_software.JPG","180801/Instagram2go-180730/14.1806.1.0/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"77c9c3fa-9253-40e0-9c09-8b5dc655110e_14.1806.1.0_1","appID":"Instagram2go-180730","dateAdded":"180801","deceptorType":"App","name":"Instagram2go","company":"Instagram2go","version":"14.1806.1.0","sigName":"Deceptor:Win32/Instagram2go!007103","lastKnownStatus":"Deceptor:14.1806.1.0","lastKnownDate":"190125","type":"Windows Executable","category":"Social Networking & Messaging","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2019-01-26T01:29:24.9187869+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2456},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from scanning on startup from the software interface.\n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\nThe application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's Privacy Policy\n\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"PCShieldSetup.exe","isInstaller":"True","companyName":"Saburi Global Services Pvt Ltd","productName":"PC Shield","productVersion":"3.4.5","fileVersion":"3.4.5.0","hashMD5":"0b226890ae1f0a75e9034e304db09a53","hashSHA1":"d7fc26be4640fec1fe0880e7ab280ad7b7c05baa","hashSHA256":"59bb7199bb4a89265ed52327d1ab827a2f84d4f83b3d78ef0fc618b1a9c7f74a","digitalCertThumbprint":"679F72B99F32FAAE271AB2FD735FE6CBB808BF72","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Saburi Global Services Pvt. Ltd., O=Saburi Global Services Pvt. Ltd., STREET=\"The Verandas, 1202 IRIS Tower,\", STREET=\"Sector 54, Golf Course Road,\", L=gurgaon, S=Haryana, PostalCode=122001, C=IN","sourceIndex":"3510","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCShield.exe","companyName":"Saburi Global Services Pvt Ltd","productName":"PC Shield","productVersion":"3.4.5.0","fileVersion":"3.4.5.0","hashMD5":"eeef6883658e790931411e896bcb6d2e","hashSHA1":"e6622432a83a934683cf52aca409594c4ad43ff8","hashSHA256":"f6264bb131c2ac2d91e7f5831c0137d88f6345824343493075f1ef26b505fd3d","digitalCertThumbprint":"679F72B99F32FAAE271AB2FD735FE6CBB808BF72","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Saburi Global Services Pvt. Ltd., O=Saburi Global Services Pvt. Ltd., STREET=\"The Verandas, 1202 IRIS Tower,\", STREET=\"Sector 54, Golf Course Road,\", L=gurgaon, S=Haryana, PostalCode=122001, C=IN","sourceIndex":"3510","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Complaints","reference":"https://www.ripoffreport.com/reports/computers-internet/antivirus","landingPage":"http://pcshieldav.com/download.php","ipv4":"","ipv6":"","sourceIndex":"3510"}],"sampleFiles":["180730/PCShield-180730/3.4.5.0/Samples/PCShieldSetup.exe","180730/PCShield-180730/3.4.5.0/Samples/PCShield.exe"],"imageFiles":["180730/PCShield-180730/3.4.5.0/Images/ACR-084/acr-084.PNG","180730/PCShield-180730/3.4.5.0/Images/ACR-168/one_one_S.PNG","180730/PCShield-180730/3.4.5.0/Images/ACR-168/acr_099_IO.PNG"],"nonDeceptorImageFiles":["180730/PCShield-180730/3.4.5.0/Images/ACR-065/acr_065_S.PNG","180730/PCShield-180730/3.4.5.0/Images/ACR-065/install.PNG","180730/PCShield-180730/3.4.5.0/Images/ACR-160/one_one_S.PNG","180730/PCShield-180730/3.4.5.0/Images/ACR-099/acr_099_s.PNG","180730/PCShield-180730/3.4.5.0/Images/ACR-099/acr_099_LP.PNG","180730/PCShield-180730/3.4.5.0/Images/ACR-099/acr_099_IO.PNG"],"guid":"e9854202-ac4c-4672-8597-62737839ef62_3.4.5.0_1","appID":"PCShield-180730","dateAdded":"180730","deceptorType":"App","name":"PCShield","company":"Saburi Global Services","version":"3.4.5.0","sigName":"Deceptor:Win32/PCShield!084168","firstVendorContactDate":"181115","firstAppEsteemReplyDate":"181115","firstResolvedDate":"181116","firstResolvedVersion":"4.1.6.0","resolved":"TRUE","lastKnownStatus":"Deceptor:3.4.5.0","lastKnownDate":"180731","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-11-16T16:22:21.6637587+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2457},{"violations":{"ACR-016":"A displayed ad leads to direct downloading of an application instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Unchecking the checkbox for \"install Fast Browser Cleaner\" is not a straightforward option for decline.\n","ACR-059":"The app was not clearly marked as an optional or additional offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's installer has no link to the Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's inline offer has no link to the Privacy Policy.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Shopnoffer\" which is not disclosed in the app's offer\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"fastvc_vc.exe","isInstaller":"True","companyName":"FastPcTools                                                 ","productName":"Fast Video Converter","productVersion":"1.0.0.8","fileVersion":"1.0.0.8","hashMD5":"8a5f01a2df30e31b914831a58112c4a6","hashSHA1":"3d74bc147f2930fabebba517af7ae2d013979ff1","hashSHA256":"4b5b88d6363c29803146729822c842359206b9bc76bd9e6dc243c3d14b319ef8","digitalCertThumbprint":"526063873CE003AADB97C2B13B23317644769C2C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Shopnoffer, O=Shopnoffer, STREET=\"128, G1, Ganesham Apartment\", STREET=Gulabi Nagar, L=Jaipur, S=Rajathan, PostalCode=302006, C=IN","sourceIndex":"2900","avBlockList":["Avira Internet Security (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"],"avAllowList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","Webroot SecureAnywhere (20190209)"]},{"isRevoked":"False","fileName":"FastVideoConverter.exe","companyName":"FastPcTools","productName":"Fast Video Converter","productVersion":"1.0.0.8","fileVersion":"1.0.0.8","hashMD5":"74db942fb405cfd2c087388f8ded5c3d","hashSHA1":"5960934781ce9329fda54b21ea0d8684c75a14af","hashSHA256":"0e675b14fba17c9be234b4f4ac50305b56a93f3e89c22783c3ddbfd0804c5e0d","digitalCertThumbprint":"526063873CE003AADB97C2B13B23317644769C2C","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Shopnoffer, O=Shopnoffer, STREET=\"128, G1, Ganesham Apartment\", STREET=Gulabi Nagar, L=Jaipur, S=Rajathan, PostalCode=302006, C=IN","sourceIndex":"2900","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"fastvc_vc-1008new.exe","isInstaller":"True","companyName":"FastPcTools                                                 ","fileVersion":"1.0","hashMD5":"0b8f1f434ee5f46691cd71e63dc3c896","hashSHA1":"556de04b5ae0e68692dbadc5fa2f8a3e7673be4e","hashSHA256":"9c00905fb2e05c61389a90c9bfd1dacc2dde91a1b389101ef430a3d86c3c352f","digitalCertThumbprint":"64975033AB1319FFB9ABAFA6A29057BA0E7D42C5","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=FastPCTools, O=FastPCTools, STREET=83 Suryanagar Gopalpura Bypass, L=Jaipur, S=Rajasthan, PostalCode=302015, C=IN","sourceIndex":"2900","avBlockList":["Avira Internet Security (20190209)","K7 Total Security (20190209)","Malwarebytes Premium (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Windows Defender (20190209)"],"avAllowList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","Kaspersky Internet Security (20190209)","McAfee Total Protection (20190209)","Webroot SecureAnywhere (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://fastpctools.com/fvc/","directDownloadingLink":"https://d31tgnz2uj9v92.cloudfront.net/fastvc_vc.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d31tgnz2uj9v92.cloudfront.net/fastvc_vc.exe","sourceIndex":"2900"}],"sampleFiles":["180716/FastVideoConverter-180716/1.0.0.8/Samples/fastvc_vc.exe","180716/FastVideoConverter-180716/1.0.0.8/Samples/FastVideoConverter.exe","180716/FastVideoConverter-180716/1.0.0.8/Samples/fastvc_vc-1008new.exe"],"imageFiles":["180716/FastVideoConverter-180716/1.0.0.8/Images/ACR-055/ACR-055_inlineoffer.JPG","180716/FastVideoConverter-180716/1.0.0.8/Images/ACR-059/ACR-059_inlineoffer.JPG","180716/FastVideoConverter-180716/1.0.0.8/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":["180716/FastVideoConverter-180716/1.0.0.8/Images/ACR-065/ACR-065_install.JPG","180716/FastVideoConverter-180716/1.0.0.8/Images/ACR-065/ACR-065_software.JPG","180716/FastVideoConverter-180716/1.0.0.8/Images/ACR-065/ACR-065_inlineoffer.JPG","180716/FastVideoConverter-180716/1.0.0.8/Images/ACR-092/ACR-092_software.JPG","180716/FastVideoConverter-180716/1.0.0.8/Images/ACR-099/ACR-099_software.JPG"],"guid":"bd23f636-8f77-4b19-9604-4f4206fda2c3_1.0.0.8_1","appID":"FastVideoConverter-180716","dateAdded":"180716","deceptorType":"App","name":"Fast Video Converter","company":"FastPcTools","version":"1.0.0.8","sigName":"Deceptor:Win32/FastVideoConverter!016055059","firstVendorContactDate":"190729","firstAppEsteemReplyDate":"190729","firstResolvedDate":"190807","firstResolvedVersion":"1.0.0.9","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.8","lastKnownDate":"190110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-08-07T22:42:34.8068031+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2458},{"violations":{"ACR-003":"The application exaggerates browser cookies and history, invalid registry keys and startup programs as problems of medium and high risk, thereby misleading or scaring user to take action.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"The application fails to provide the user with clear and simple options to accept or decline associated offers.\n","ACR-059":"The in-bundle offer is not marked as optional.\n"},"nonDeceptorViolations":{"ACR-065":"There is a link for a EULA displayed on the offer but it does not work.\nNo links are provided to the app's EULA and/or Terms of Service, Returns and Cancellation Policy in the internal offer\nNo links are provided to the app's EULA and/or Terms of Service, Returns and Cancellation Policy on the landing page.\nNo links are provided to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy during install.\nNo links are provided to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on \nthe software.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"Upon calling the support phone number provided no one answered.\n","ACR-099":"Does not provide uninstall information on the in-bundle offer.\nDoes not provide uninstall information on the internal offer\nDoes not provide uninstall information on the software.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-064":"The app is downloaded when the user clicks on \"free pc error scan\" on the landing page. Not clearly labeled as a download.\n","ACR-067":"unable to opt-out of offer.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"PCRepairClinic.exe","isInstaller":"True","companyName":"inKline Global, Inc.","productName":"PC Repair Clinic","productVersion":"2","fileVersion":"2.0.0.0","hashMD5":"13cb4c66b367b1d3780af0f9f547890b","hashSHA1":"f7ed84148bbaf5be0518ea23d06a078c9d8cb798","hashSHA256":"05dea288027cb92b4a75bc825b63ee4adc55c736e754045b1552f46b439de204","digitalCertThumbprint":"8B878CEDDD6B6AD7C75F9B526AF7B2CD81EAF2A7","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"inKline Global, Inc.","sourceIndex":"3199","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"peb1054.exe","isInstaller":"True","companyName":"inKline Global, Inc.                                        ","fileVersion":"2.0","hashMD5":"a8fb641a129f1e24b75ac89736589f3e","hashSHA1":"e0c9ed425c72b2a58de5cf529bed4748a5abfe15","hashSHA256":"01043414264f253be292ffe91fab209588ea2625fd460ef49e93d1180730a4a0","digitalCertThumbprint":"C4F0195B020EB9B27C8DFFB5EB6DB94608075395","digitalCertIssuer":"CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US","digitalCertIssuedTo":"CN=\"inKline Global, Inc.\", O=\"inKline Global, Inc.\", STREET=P.O. Box 5479, L=Reno, S=NV, PostalCode=89513, C=US","sourceIndex":"3200","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"download.cnet.com","landingPage":"http://www.inklineglobal.com/products/pcrepairclinic/index.html","directDownloadingLink":"http://www.inklineglobal.com/adsales/pcrepairdoctor2/peb1037.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.inklineglobal.com/adsales/pcrepairdoctor2/peb1037.exe","sourceIndex":"3199"},{"howFound":"Hunt.Detractor","reference":"http://www.inklineglobal.com/processdll/thirdparty-csrss.html","landingPage":"https://download.cnet.com/PC-Repair-Clinic/3000-2094_4-10964849.html","ipv4":"","ipv6":"","sourceIndex":"3200"}],"sampleFiles":["180711/PCRepairClinic-171011/2/Samples/peb1037.exe","180711/PCRepairClinic-171011/2/Samples/peb1054.exe"],"imageFiles":["180711/PCRepairClinic-171011/2/Images/ACR-057/ACR-057_in-bundle_offer.PNG","180711/PCRepairClinic-171011/2/Images/ACR-003/ACR-003_software.JPG","180711/PCRepairClinic-171011/2/Images/ACR-003/ACR-003_software1.JPG","180711/PCRepairClinic-171011/2/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180711/PCRepairClinic-171011/2/Images/ACR-163/ACR-163_landingpage.JPG","180711/PCRepairClinic-171011/2/Images/ACR-168/ACR-168_landingpage.JPG","180711/PCRepairClinic-171011/2/Images/ACR-163/ACR-163_software.JPG"],"guid":"bd1ed09c-0f80-4e0f-bf37-70532d2a1743_2_1","appID":"PCRepairClinic-171011","dateAdded":"180711","deceptorType":"App","name":"PC Repair Clinic","company":"INKLINE GLOBAL","version":"2","sigName":"Deceptor:Win32/PCRepairClinic!003057168","lastKnownDate":"190213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-02-14T00:06:36.8565127+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2459},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry items as medium improvement potential, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"The application is unsigned (Not digitally code-signed by the source).\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get 50% OFF the regular price of PC Cleaner Plus.\n"},"samples":[{"isRevoked":"False","fileName":"setup_site.exe","isInstaller":"True","companyName":"www.pccleanerplus.com                                       ","productName":"PC Cleaner Plus","productVersion":"4.9.9.1117","fileVersion":"4.9.9.1117","hashMD5":"44a42a5113a275cb1d025a4f9a93df6a","hashSHA1":"97a75a28d8ec6e2a69fbb1f21a56f6e36f94db1b","hashSHA256":"6c7976a8532f0dd11647837f0ade3bf59cf1db0617caac6dd444bd0e965f0526","sourceIndex":"3564","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCCleanerPlus.exe","companyName":"pccleanerplus.com","productName":"PC Cleaner Plus","productVersion":"4.9.9.1117","fileVersion":"4.9.9.1117","hashMD5":"443075b2205a8a3f925c094c1c79ff1f","hashSHA1":"42ec0ee5cac676e8311656f18d4d9dd3cc1fb1b5","hashSHA256":"1a6bcddad17fa9c045aa1cd0745a424320cb6b26bdb7699e087db671a573ee9a","digitalCertThumbprint":"2E12E42447E4CA78562258545087D79EBF31BDA3","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software LLP, O=Top PC Tools Software LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3564","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.pccleanerplus.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/tpt/pccrp/setups/setup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/tpt/pccrp/setups/setup_site.exe","sourceIndex":"3564"}],"sampleFiles":["180710/PCCleanerPlus-180709/4.9.9.1117/Samples/setup_site.exe","180710/PCCleanerPlus-180709/4.9.9.1117/Samples/PCCleanerPlus.exe"],"imageFiles":["180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-003/ACR_003_SCREENSHOT_1.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_4.PNG"],"nonDeceptorImageFiles":["180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-065/ACR_065_SOFTWARE.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-088/ACR_088_SOFTWARE.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-092/ACR_092_SOFTWARE.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-160/ACR_160_SOFTWARE.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-099/ACR_099_SOFTWARE.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-099/ACR_099_INTERNAL_OFFER.PNG","180710/PCCleanerPlus-180709/4.9.9.1117/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"4520a818-a942-4b64-8b6f-54140afb2ce9_4.9.9.1117_1","appID":"PCCleanerPlus-180709","dateAdded":"180710","deceptorType":"App","name":"PC Cleaner Plus","company":"PCCleanerPlus.com","version":"4.9.9.1117","sigName":"Deceptor:Win32/PCCleanerPlus!003","firstVendorContactDate":"180823","firstAppEsteemReplyDate":"180823","firstResolvedVersion":"","lastKnownStatus":"Deceptor:4.9.9.1117,4.9.9.1161","lastKnownDate":"180710","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-08-23T19:56:49.6688253+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":1,"sortOrder":2156},{"violations":{"ACR-003":"The application exaggerates registry keys with medium severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created a tasks in the systems task scheduler which cannot be disabled from the software's interface\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Jawego Partners LLC \" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get a trial or a lower price for the same program.\n\n","ACR-171":"The consumer is required to opt-out of additional payment for disk tools plus which was not pre-disclosed.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"pctusetup_site.exe","isInstaller":"True","companyName":"www.pcpowertuneup.com/                                      ","productName":"PC Tuneup","productVersion":"3.27.9.1003","fileVersion":"3.27.9.1003","hashMD5":"68575c0518786173d447e4ce633f5aea","hashSHA1":"a25aeb54579124af1a4d006f97ab4318f6b219a5","hashSHA256":"5346c80306e842e20faebe297930046ddb32818748490eda031d5d97502e8ea1","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3574","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCTuneup.exe","companyName":"pcpowertuneup.com","productName":"PC Tuneup","productVersion":"3.27.9.1003","fileVersion":"3.27.9.1003","hashMD5":"ad211e5392d4c2b8a89160250e70bee4","hashSHA1":"756bcb86202f6c5e345cc59aeed7c96ec23389e1","hashSHA256":"db860f52cf6bbc1975069c411a76d1df53ccfdca4554c15380019d35db3e2c29","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3574","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.pcpowertuneup.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/pctuneup/setups/pctusetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/pctuneup/setups/pctusetup_site.exe","sourceIndex":"3574"}],"sampleFiles":["180710/PCTUNEUP-180618/3.27.9.1003/Samples/pctusetup_site.exe","180710/PCTUNEUP-180618/3.27.9.1003/Samples/PCTuneup.exe"],"imageFiles":["180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-003/acr_003.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-003/acr_003_1.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-065/acr_065_S.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-161/testimonials.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-163/one_one_LP.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-088/acr_088.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-092/acr_092.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-099/acr_099_S.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-099/acr_099_io.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-168/one_one_S.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-171/acr_171.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-171/internal_offer_page.PNG","180710/PCTUNEUP-180618/3.27.9.1003/Images/ACR-120/re-advertised.PNG"],"guid":"bb9edfd3-f51f-4edc-9273-dd94279705f0_3.27.9.1003_1","appID":"PCTUNEUP-180618","dateAdded":"180710","deceptorType":"App","name":"PCTUNEUP","company":"Jawego Partners LLC","version":"3.27.9.1003","sigName":"Deceptor:Win32/PCTuneup!003084","lastKnownStatus":"Deceptor:3.27.9.1003","lastKnownDate":"180710","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-07-10T23:38:35.6897586+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":1,"sortOrder":2155},{"violations":{"ACR-005":"The application mimics the system toolbar and displays an unattributed search dialog at the top of the new tab page.\n","ACR-085":"The app does not use encryption to protect the user data.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"ap \"games chrome extension\"","landingPage":"http://tvplusnewtab.com/lp2?pub_id=3686&sub_id=479677297221&srcid=1440299","directDownloadingLink":"https://chrome.google.com/webstore/detail/search-and-newtab-by-tvpl/gkjnpdikedhojkpgepoinamgjogekgkp","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/search-and-newtab-by-tvpl/gkjnpdikedhojkpgepoinamgjogekgkp","sourceIndex":"3575"}],"sampleFiles":[],"imageFiles":["180710/TVPlusNewTab-180705/0.8/Images/ACR-085/ACR-085_software.mp4","180710/TVPlusNewTab-180705/0.8/Images/ACR-005/ACR-005_software.JPG"],"nonDeceptorImageFiles":[],"guid":"06139ba3-5a39-4569-b6a7-45e9f0487198_0.8_1","appID":"TVPlusNewTab-180705","dateAdded":"180710","deceptorType":"Chrome Extension","name":"TVPlusNewTab","company":"Imali Media","version":"0.8","sigName":"Deceptor:CRX/TVPlusNewTab!005","lastKnownStatus":"Deceptor:0.8","lastKnownDate":"180710","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2018-07-10T23:35:41.6198393+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2460},{"violations":{"ACR-007":"The images displayed in the chrome webstore are misleading the consumer about the app's functionality.\n","ACR-085":"Extension does not provide encrypted protection for personal searches.\n","ACR-103":"Consumer must 'type games in the address bar then select TAB' to access the app every time they need to search for a game. Once installed, consumer no longer knows how to do this, making the value prop inaccessible.\n"},"nonDeceptorViolations":{},"samples":[],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"ap \"games chrome extension\"","landingPage":"https://install.thegamesearcher.com/","directDownloadingLink":"https://chrome.google.com/webstore/detail/thegamesearcher/dlnhjnbbdambilmehbahldpieinknapi","ipv4":"","ipv6":"","sourceIndex":"3252"}],"sampleFiles":[],"imageFiles":["180710/TheGameSearcher-180705/1.0.5/Images/ACR-085/ACR_085_SOFTWARE.mp4","180710/TheGameSearcher-180705/1.0.5/Images/ACR-007/ACR_007_INLINE_OFFER_SCREENSHOT_1.PNG","180710/TheGameSearcher-180705/1.0.5/Images/ACR-007/ACR_007_INLINE_OFFER_SCREENSHOT_2.PNG","180710/TheGameSearcher-180705/1.0.5/Images/ACR-103/ACR_103_SOFTWARE.mp4"],"nonDeceptorImageFiles":[],"guid":"f3e92bc9-e084-4222-8bb7-d0b628fccee5_1.0.5_1","appID":"TheGameSearcher-180705","dateAdded":"180710","deceptorType":"Chrome Extension","name":"The Game Searcher","company":"The Game Searcher","version":"1.0.5","sigName":"Deceptor:CRX/TheGameSearcher!007103","lastKnownStatus":"Deceptor:1.0.5","lastKnownDate":"190125","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-01-26T01:28:43.4754691+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2461},{"violations":{"ACR-003":"The application exaggerates registry keys and privacy issues as potential risks, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to prevent the app from launching at user logon from the software settings.\n","ACR-097":"The application's behavior and metadata changes depending on the user's geographical location.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app at a 50% discount.\n"},"samples":[{"isRevoked":"False","fileName":"SystemHealer.exe","isInstaller":"True","companyName":"SystemHealer","productName":"System Healer","productVersion":"4.4.0.3","fileVersion":"4.4.0.3","hashMD5":"53346c00e35e0d7877948a7a1be028fb","hashSHA1":"fa54c305e1f55c9016fd42ace41f421a86951ee0","hashSHA256":"73095ce40b611a12b4cda842e867ba1e3ccece766e27c9c06c012114ca2a0419","digitalCertThumbprint":"3A24E778336A172334B9D3CE1FC95CCBEF5B7FB0","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=System Healer Tech Sp. Zo.o., OU=IT, O=System Healer Tech Sp. Zo.o., L=Warszawa, S=Mazowieckie, C=PL","sourceIndex":"2560","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemHealer.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"0.0","hashMD5":"fa9b1de94b48d78b730d2a0c7c937db0","hashSHA1":"e7c60464c7b8d6454551e6106621ebd0342cbd30","hashSHA256":"a941146fff5b150e345fa4064eabd44c01bf4f34c0a3a38eabdf0c282c9a080c","digitalCertThumbprint":"3A24E778336A172334B9D3CE1FC95CCBEF5B7FB0","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=System Healer Tech Sp. Zo.o., OU=IT, O=System Healer Tech Sp. Zo.o., L=Warszawa, S=Mazowieckie, C=PL","sourceIndex":"2560","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review","landingPage":"https://www.systemhealer.com/","directDownloadingLink":"http://c222.systemhealerhost.biz/351000501/brid%3A1/dlid%3A82eb1340-6fc8-4c20-a8b1-56d57ee43d37/SystemHealer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://c222.systemhealerhost.biz/351000501/brid%3A1/dlid%3A82eb1340-6fc8-4c20-a8b1-56d57ee43d37/SystemHealer.exe","sourceIndex":"2560"}],"sampleFiles":["180703/SystemHealer-180608/4.4.0.3/Samples/SystemHealersetup.exe","180703/SystemHealer-180608/4.4.0.3/Samples/SystemHealer.exe"],"imageFiles":["180703/SystemHealer-180608/4.4.0.3/Images/ACR-003/ACR-003_software1.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-003/ACR-003_software.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-003/ACR-003_software.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-084/ACR-084_software.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-097/ACR-097_location_JM.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-097/ACR-097_location_US.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-097/ACR-097_sigcheck_JM.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-097/ACR-097_sigcheck_US.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180703/SystemHealer-180608/4.4.0.3/Images/ACR-065/ACR-065_software.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-065/ACR-065_internaloffer.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-161/ACR-161_landingpage.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-088/ACR-088_software.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-160/ACR-160_software.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-099/ACR-099_software.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-099/ACR-099_internaloffer.JPG","180703/SystemHealer-180608/4.4.0.3/Images/ACR-120/ACR-120_uninstall.JPG"],"guid":"d0007983-c275-490e-8e71-cdf904420f20_4.4.0.3_1","appID":"SystemHealer-180608","dateAdded":"180703","deceptorType":"App","name":"SystemHealer","company":"SystemHealer","version":"4.4.0.3","sigName":"Deceptor:Win32/SystemHealer!003084097168","lastKnownStatus":"Deceptor:4.4.0.3","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-02-04T00:33:56.7314889+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2462},{"violations":{"ACR-003":"The application exaggerates empty or invalid registry keys, junk files and browser cookies as issues of high impact and uses red color gradient to increase urgency of the issues, thereby misleading or scaring user to take action.\nThe application also labeled the PC Network Security as low due to remote desktop connection being disabled which is misleading.\nThe application also does not provide any details for the reported issues in the sub-categories.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"gargizersetup.exe","isInstaller":"True","companyName":"mycomputermechanics.com                                     ","productName":"Gargizer-System-Repair","productVersion":"1.0.0.38471","fileVersion":"1.0.0.38471","hashMD5":"704abf9b1ccc6fc43855f6a8b8e6a9ba","hashSHA1":"e28f2bd256964ff0fc12708ea47581a25a633115","hashSHA256":"178b445672feeea212b9df86af79c3d93d1221a6258335cea7a2fd6a8cd89d78","digitalCertThumbprint":"2F39E69F52EE1AFECB23329F9B274CDD9ED6DE45","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GarGizer System Repair, O=GarGizer System Repair, STREET=\"1 NEAR SHIV MANDIR, MINDKIYA ROAD,MAKRANA\", L=NAGAUR, S=RAJASTHAN, PostalCode=351505, C=IN","sourceIndex":"3306","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GGZ.exe","companyName":"mycomputermechanics.com","productName":"Gargizer-System-Repair","productVersion":"1.0.0.38471","fileVersion":"1.0.0.38471","hashMD5":"dfee9fb9cfe6c88b4d299a5d05528064","hashSHA1":"d6158a1a21643eb4fdbe6e1a0d292f3e6de7a16b","hashSHA256":"d7b9d9f1a3aa8b21c78ea62229605bd49bb31dab2771fd8046801b32e7221636","digitalCertThumbprint":"2F39E69F52EE1AFECB23329F9B274CDD9ED6DE45","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GarGizer System Repair, O=GarGizer System Repair, STREET=\"1 NEAR SHIV MANDIR, MINDKIYA ROAD,MAKRANA\", L=NAGAUR, S=RAJASTHAN, PostalCode=351505, C=IN","sourceIndex":"3306","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"existing deceptor review","landingPage":"http://gargizer.com/","directDownloadingLink":"http://dvcq5f467m64m.cloudfront.net/securedl/gargizersetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dvcq5f467m64m.cloudfront.net/securedl/gargizersetup.exe","sourceIndex":"3306"}],"sampleFiles":["180703/GargizerSystemRepair-180613/1.0.0.38471/Samples/gargizersetup.exe","180703/GargizerSystemRepair-180613/1.0.0.38471/Samples/GGZ.exe"],"imageFiles":["180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-055/ACR-055_inlineoffer.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-003/ACR-003_software.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-003/ACR-003_software1.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-003/ACR-003_software2.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-010/ACR-010_inlineoffer.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-065/ACR-065_software.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-065/ACR-065_internaloffer.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-088/ACR-088_software.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-099/ACR-099_software.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-099/ACR-099_internaloffer.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-171/ACR-171_internaloffer.JPG","180703/GargizerSystemRepair-180613/1.0.0.38471/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"72d87aca-0609-48ac-abd8-8cc12f67fb96_1.0.0.38471_1","appID":"GargizerSystemRepair-180613","dateAdded":"180703","deceptorType":"App","name":"Gargizer-System-Repair","company":"GarGizer System Repair","version":"1.0.0.38471","sigName":"Deceptor:Win32/GarGizerSystemRepair!003010055059","lastKnownStatus":"Deceptor:1.0.0.38471","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:15:57.9544182+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2066},{"violations":{"ACR-003":"The app makes unsubstantiated claims that the improvement potential of the system is medium for registry items, The improvement potential for registry items should remain low regardless of numbers found.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy,.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app''s landing page provides a phone number for one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Top PC Tools Software LLP\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app at a 50% discount.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"winpurifier_site.exe","isInstaller":"True","companyName":"www.winpurifier.com/                                        ","productName":"Win Purifier","productVersion":"3.6.18.1026","fileVersion":"3.6.18.1026","hashMD5":"54e06cc811c101cf8bd3a374b7c99c70","hashSHA1":"cf24842b7467ec5472a534e7a9ad68232b55312d","hashSHA256":"c2eb29130a1b65dc5fcc9d10584b9da9cc13bc8dc8f9e50d055ab984e3ca48ee","digitalCertThumbprint":"2E12E42447E4CA78562258545087D79EBF31BDA3","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software LLP, O=Top PC Tools Software LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3565","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"winpurifier.exe","companyName":"Win Purifier","productName":"Win Purifier","productVersion":"3.6.18.1026","fileVersion":"3.6.18.1026","hashMD5":"eb53720e0401c1bf0cdcd51c66b69e6c","hashSHA1":"8934a32b9028129199ef2f6d9c0c5f16c2583813","hashSHA256":"e8692725522f37f855eba2592a94c9373e5cab4b9829297a1b4a89c087522e65","digitalCertThumbprint":"2E12E42447E4CA78562258545087D79EBF31BDA3","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software LLP, O=Top PC Tools Software LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3565","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"winpurifier_site_1121.exe","isInstaller":"True","companyName":"www.winpurifier.com/                                        ","productName":"Win Purifier","productVersion":"3.6.18.1121","fileVersion":"Win Purifier","hashMD5":"2325c45c80821d1fe49a8f37cb826bd6","hashSHA1":"34fabbc06091a1a493fa325180c8f96afcafceff","hashSHA256":"18bfbbb47c1a7db4ebfd5dcb91e52e3baf0ff7ab0c5e8c5b0306f83839d47eaf","digitalCertThumbprint":"2E12E42447E4CA78562258545087D79EBF31BDA3","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Top PC Tools Software LLP, O=Top PC Tools Software LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3565","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"180614","landingPage":"http://winpurifier.com","directDownloadingLink":"http://www.winpurifier.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.winpurifier.com/download","sourceIndex":"3565"}],"sampleFiles":["180702/WinPurifier-180614/3.6.181026/Samples/winpurifier_site.exe","180702/WinPurifier-180614/3.6.181026/Samples/winpurifier.exe","180702/WinPurifier-180614/3.6.181026/Samples/winpurifier_site_1121.exe"],"imageFiles":["180702/WinPurifier-180614/3.6.181026/Images/ACR-003/ACR-003_software.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-003/ACR-003_software1.JPG"],"nonDeceptorImageFiles":["180702/WinPurifier-180614/3.6.181026/Images/ACR-065/ACR-065_software.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-065/ACR-065_internaloffer.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-161/ACR-161_landingpage.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-161/ACR-161_landingpage2.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-163/ACR-163_landingpage.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-088/ACR-088_software.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-092/ACR-092_software.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-099/ACR-099_software.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-099/ACR-099_internaloffer.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-168/ACR-168_landingpageoffer.JPG","180702/WinPurifier-180614/3.6.181026/Images/ACR-120/ACR-120_uninstall.JPG"],"guid":"0a622e0d-9993-4666-aa13-b371cf2ed990_3.6.181026_1","appID":"WinPurifier-180614","dateAdded":"180702","deceptorType":"App","name":"Win Purifier","company":"Top PC Tools Software LLP","version":"3.6.181026","sigName":"Deceptor:Win32/WinPurifier!003","firstVendorContactDate":"180802","firstAppEsteemReplyDate":"180803","firstResolvedDate":"180816","firstResolvedVersion":"3.6.18.1151","resolved":"TRUE","lastKnownStatus":"Deceptor:3.6.181026","lastKnownDate":"180702","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-08-16T20:46:03.0570637+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":1,"sortOrder":2157},{"violations":{"ACR-003":" The application exaggerates improvement as \"high\", thereby misleading or scaring user to take action. \n\n","ACR-017":"","ACR-014":"App results show an intent to deceive the consumer by implying that improvement potential could be \"moderate\" or \"high\" for registry items. Also, because the (i) icon next to improvement potential is not accessible, there is no way for the consumer to substantiate the claim.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-002":"The app name is not consistent across all points of user interaction.\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Jawego Partners LLC\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get 50% discount for the same program.\n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"pcoptsetup_site.exe","isInstaller":"True","companyName":"www.singleclickoptimizer.com/                               ","fileVersion":"7.27","hashMD5":"360c7cc8f59eb4575e92f24ea5afa57a","hashSHA1":"0b444056975c5deb2931940dc4a0041ca4c4af6e","hashSHA256":"10d565bbb5298a2d85c6f618f8a4867d2a070ed031463a883376cf18e1b89c51","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3589","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptimizer.exe","companyName":"singleclickoptimizer.com","fileVersion":"7.27","hashMD5":"c7064aa1dc1bc01677dbc33561a598a6","hashSHA1":"3e65c6f08dd432acfe72a48b57662aee2c24e328","hashSHA256":"e3badb38d10c63dae23daad1721ef3ed7c6192cdb67fe9a0452715604a129969","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3589","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptsetup_site_0629.exe","isInstaller":"True","companyName":"www.singleclickoptimizer.com/                               ","fileVersion":"7.27","hashMD5":"a6abb317f6a9a3c2298727645c6c584b","hashSHA1":"de5bb710f8929588166e5669f0e8bf659f9662e3","hashSHA256":"b4377fa627ca7f6273793666ba3464d10ebc0fb36e6830ec2bbd8eee10efb1b9","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3589","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptimizer_0629.exe","companyName":"singleclickoptimizer.com","fileVersion":"7.27","hashMD5":"01a3345a3c1559c2e6974be0272160a5","hashSHA1":"bf5c571df3277c9f7bb8adce2532d2118bce5c09","hashSHA256":"85a3af7b391c8edf591b19393685f9bd7e85dcdbe0544a39d990479b6bf2e5d6","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3589","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.singleclickoptimizer.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/pcoptimizer/setups/pcoptsetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/pcoptimizer/setups/pcoptsetup_site.exe","sourceIndex":"3589"}],"sampleFiles":["180629/PCOptimize-180608/7.27.0.717/Samples/pcoptsetup_site.exe","180629/PCOptimize-180608/7.27.0.717/Samples/pcoptimizer.exe","180629/PCOptimize-180608/7.27.0.717/Samples/pcoptsetup_site_0629.exe","180629/PCOptimize-180608/7.27.0.717/Samples/pcoptimizer_0629.exe"],"imageFiles":["180629/PCOptimize-180608/7.27.0.717/Images/ACR-003/acr003.png","180629/PCOptimize-180608/7.27.0.717/Images/ACR-017/acr_017_io.PNG"],"nonDeceptorImageFiles":["180629/PCOptimize-180608/7.27.0.717/Images/ACR-065/acr_065_S.PNG","180629/PCOptimize-180608/7.27.0.717/Images/ACR-002/acr_002.PNG","180629/PCOptimize-180608/7.27.0.717/Images/ACR-161/testimonials.PNG","180629/PCOptimize-180608/7.27.0.717/Images/ACR-092/acr_092.PNG","180629/PCOptimize-180608/7.27.0.717/Images/ACR-160/one_one_lp.PNG","180629/PCOptimize-180608/7.27.0.717/Images/ACR-099/acr_099_S.PNG","180629/PCOptimize-180608/7.27.0.717/Images/ACR-168/one_one_lp.PNG","180629/PCOptimize-180608/7.27.0.717/Images/ACR-099/acr_099_IO.PNG","180629/PCOptimize-180608/7.27.0.717/Images/ACR-120/re-advertise.PNG"],"guid":"5f2797b9-d635-493e-b6b4-fa3e88ecdb38_7.27.0.717_1","appID":"PCOptimize-180608","dateAdded":"180629","deceptorType":"App","name":"Pc Optimizer","company":"Jawego Partners LLC","version":"7.27.0.717","sigName":"Deceptor/Win32/PCOptimize!003014017","lastKnownStatus":"Deceptor:7.27.0.717","lastKnownDate":"180629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-06-29T17:56:20.6800322+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":1,"sortOrder":2158},{"violations":{"ACR-003":"The application exaggerates registry keys and browser cookies as threats, errors and problems, thereby misleading or scaring user to take action.\nThe app needs to cleanup the word \"errors\" in the internal offers page.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-057":"The application fails to provide the user with clear and simple options to decline (Free File Recovery) associated offer during the payment process. The user is unable to opt out of the offer.\n","ACR-071":"The user is unable to decline the offer for Free File Recovery independently. The app is added as a free bonus for the user and is unable to be declined in the shopping cart.\n","ACR-016":"Displayed ads leads to direct downloading and installation of applications instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n","ACR-055":"Accept and decline for the offer must be obvious. Unchecked the \"Install Tweakbit PCSpeedup to scan for speed issues\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer or that its optional.\n","ACR-124":"The app provides multiple uninstall confirmation prompts and the options to continue uninstall are shown as if they are inactive.\n"},"nonDeceptorViolations":{"ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page provides a one-to-one interaction option to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer provides a one-to-one interaction option to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's uninstaller provides a one-to-one interaction option to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-003":"The app needs to cleanup the words \"errors\"  provided in the landing page.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"pc-repair-kit-setup.exe","isInstaller":"True","companyName":"TweakBit","productName":"PCRepairKit","productVersion":"1.x","fileVersion":"1.8.3.21","hashMD5":"97e369643b65065c16359699df49329f","hashSHA1":"aef96455ffb284c1c4a5ad4dce454d5118f21db9","hashSHA256":"2993c7de1b96515428d37f1261f637aa5d715b91ecfe87fa359fe831013a40ea","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU, SERIALNUMBER=624 255 956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"3555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCRepairKit.exe","companyName":"TweakBit","productName":"PCRepairKit","productVersion":"1.x","fileVersion":"1.8.3.21","hashMD5":"1b678fa6b5f8fbec4a67edde111d49ec","hashSHA1":"815eb58c5ec0223a6b8cec40b81f3207db6235f0","hashSHA256":"8d05323493086d1582f2ace26e9efa5ae9347eb7974ade4ae07e840edd36b94c","digitalCertThumbprint":"0779654A4BB176E3864104E3D2F8FA96359C6877","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU","sourceIndex":"3555","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"New version review","reference":"Existing deceptor review","landingPage":"https://wikifixes.com/","directDownloadingLink":"http://dynamicdownloads.tweakbit.com/prk/speed/pc-repair-kit-setup","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dynamicdownloads.tweakbit.com/prk/speed/pc-repair-kit-setup","sourceIndex":"3555"}],"sampleFiles":["180629/PCRepairKit-180607/1.8.3.21/Samples/pc-repair-kit-setup.exe","180629/PCRepairKit-180607/1.8.3.21/Samples/PCRepairKit.exe"],"imageFiles":["180629/PCRepairKit-180607/1.8.3.21/Images/ACR-055/ACR-055_install.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-003/ACR-003_software.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-003/ACR-003_software1.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-003/ACR-003_internaloffer.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-168/ACR-168_software.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-124/ACR-124_uninstall1.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-124/ACR-124_uninstall.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-059/ACR-059_install.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-057/ACR-057_internaloffer.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-071/ACR-071_internaloffer.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-016/ACR-016_software.mp4"],"nonDeceptorImageFiles":["180629/PCRepairKit-180607/1.8.3.21/Images/ACR-003/ACR-003_landingpage.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-003/ACR-003_landingpage1.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-163/ACR-163_software.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-163/ACR-163_landingpage.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-163/ACR-163_internaloffer.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-163/ACR-163_uninstall.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-088/ACR-088_software.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-160/ACR-160_software.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-099/ACR-099_internaloffer.JPG","180629/PCRepairKit-180607/1.8.3.21/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"a109a4d0-91ff-489e-94b7-1f6c6a4b2c31_1.8.3.21_1","appID":"PCRepairKit-180607","dateAdded":"180629","deceptorType":"App","name":"PCRepairKit","company":"TweakBit","version":"1.8.3.21","sigName":"Deceptor:Win32/PCRepairKit!003016055057059071168","firstVendorContactDate":"180906","firstAppEsteemReplyDate":"180906","firstResolvedDate":"181002","firstResolvedVersion":"1.8.3.40","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.3.21","lastKnownDate":"180629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-10-02T22:39:53.4106171+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2463},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline. \n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":" The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"CONNECT AB INFOLINE PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"aufpsetup.exe","isInstaller":"True","productName":"AutoFixer-Pro2018","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"feff644315bfbb0129b9aa78559c03e5","hashSHA1":"7b93922e55443aec8061f0bf04283e1b6a4a0d0e","hashSHA256":"b9e28533095ce41fd27b924bb38a1c3ede7285d14a82d4a59c658141fd3e5bb3","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"479","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp.exe","companyName":"n/a","productName":"SpeedUp Tool","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"aada8b4d9fb46a22e3f3e4d81679861d","hashSHA1":"180b10b369d988c89bd9a228b9059fc700024d45","hashSHA256":"2267bfb3f964a241e22640a5df847096d00ddec61dd3e7ff1e6a832d162e3306","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"479","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://quickspeeduputils.com/","directDownloadingLink":"https://d1rio3h7entpq.cloudfront.net/autfixrpro/securerc/c6/aufpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1rio3h7entpq.cloudfront.net/autfixrpro/securerc/c6/aufpsetup.exe","sourceIndex":"479"}],"sampleFiles":["180629/AutoFixer-Pro2018-180606/1.0.0.9/Samples/aufpsetup.exe","180629/AutoFixer-Pro2018-180606/1.0.0.9/Samples/bpp.exe"],"imageFiles":["180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-055/ACR_055_INLINE_OFFERS.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-010/ACR_010_INLINE_OFFERS.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-059/ACR_059_INLINE_OFFERS.PNG"],"nonDeceptorImageFiles":["180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-088/ACR_088_SOFTWARE.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-092/ACR_092_SOFTWARE.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180629/AutoFixer-Pro2018-180606/1.0.0.9/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"27fa036b-e0dc-42c5-a00e-4001487411ac_1.0.0.9_1","appID":"AutoFixer-Pro2018-180606","dateAdded":"180629","deceptorType":"App","name":"AutoFixer-Pro2018","company":"CONNECT AB INFOLINE PRIVATE LIMITED","version":"1.0.0.9","sigName":"Deceptor:Win32/AutoFixPro2018!003010055059","lastKnownStatus":"Deceptor:1.0.0.9","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T20:27:40.7235945+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2067},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SYSCARE LOGlCS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"acpsetup.exe","isInstaller":"True","productName":"Auto~Clean~Pro2018","productVersion":"3.5.0.0","fileVersion":"3.5.0.0","hashMD5":"00290285e36c966cfc42592b5dce7806","hashSHA1":"a4501f191ebd02745bed15e48c4cc9d9205b80f4","hashSHA256":"8ea5a5a5c125eb96e889dd22b73d35ed3ae7484aaf33a29c8f12866699357723","digitalCertThumbprint":"5554829AECAE21B5DC5344E8C3C49D41F9F889A1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE LOGlCS, O=SYSCARE LOGlCS, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"478","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm.exe","companyName":"n/a","productName":"PC Fixing Tool","productVersion":"3.5.0.0","fileVersion":"3.5.0.0","hashMD5":"f94ff3731ccb2004f5cb870a05c1c385","hashSHA1":"1a4c04edf486021fb7bd5ced1d85422ffb1f153d","hashSHA256":"c6de7f08cdf6d784069ebd36e4805c906ca888e728ed78e7b607ea6332914dc2","digitalCertThumbprint":"5554829AECAE21B5DC5344E8C3C49D41F9F889A1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE LOGlCS, O=SYSCARE LOGlCS, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"478","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://instantpcupdates.com/","directDownloadingLink":"https://d2jjjh4d8b7avd.cloudfront.net/acp/securerc/p4/acpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2jjjh4d8b7avd.cloudfront.net/acp/securerc/p4/acpsetup.exe","sourceIndex":"478"}],"sampleFiles":["180629/Auto-clean-Pro2018-180605/3.5.0.0/Samples/acpsetup.exe","180629/Auto-clean-Pro2018-180605/3.5.0.0/Samples/mysysm.exe"],"imageFiles":["180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-003/ACR-003_software.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-003/ACR-003_software1.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-003/ACR-003_software2.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-088/ACR-088_software.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-092/ACR-092_software.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-099/ACR-099_software.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180629/Auto-clean-Pro2018-180605/3.5.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"4806cfc2-9249-4f24-a0a2-96955b37479e_3.5.0.0_1","appID":"Auto-clean-Pro2018-180605","dateAdded":"180629","deceptorType":"App","name":"Auto-clean-Pro2018","company":"SYSCARE LOGlCS","version":"3.5.0.0","sigName":"Deceptor:Win32/AutoClean2018!003010055059","lastKnownStatus":"Deceptor:3.5.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T20:33:41.6039587+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2068},{"violations":{"ACR-005":"The application mimics the system toolbar by displaying an unattributed search dialog at the top of the new tab page. The application contains a search dialog, but doesn't have app attribution on the new tab page.\n","ACR-085":"The app does not use encryption to protect the user data.\n","ACR-086":"The privacy policy does not disclose that the app transmits search activity to yahoo.\n"},"nonDeceptorViolations":{"ACR-065":"Missing privacy policy in the Chrome web store\n","ACR-002":"The app name is not consistent across all points of user interaction. The app is referred to as searchthe.world in the about after the extension is installed.\n","ACR-035":"The application's EULA/Terms of Service and Privacy Policy has no mention of the application name and the identity of, and contact information for, the source.\n","ACR-058":"The landing page and the chrome webstore description does not disclose how the app monetizes.\n"},"samples":[{"isRevoked":"False","fileName":"MaptoDirections_v1.0.0.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"dd50717c701728b7b568fff91f9e3588","hashSHA1":"0a83cace856cf56f2cda0f7e556769f9d22b4090","hashSHA256":"eba6c7957f15e3c008cd1535b6a6259c81446bffe7da2f280b127c19b102ca2b","storeId":"hohgmhnldfionknlilmdfobfheikniin","sourceIndex":"3609","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://maptodirections.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/maptodirections/hohgmhnldfionknlilmdfobfheikniin","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/maptodirections/hohgmhnldfionknlilmdfobfheikniin","sourceIndex":"3609"}],"sampleFiles":["180628/Maptodirections-180626/1.0.0/Samples/MaptoDirections_v1.0.0.crx"],"imageFiles":["180628/Maptodirections-180626/1.0.0/Images/ACR-085/ACR-085_.mp4","180628/Maptodirections-180626/1.0.0/Images/ACR-005/ACR-005_software.JPG","180628/Maptodirections-180626/1.0.0/Images/ACR-086/ACR-086_software.mp4"],"nonDeceptorImageFiles":["180628/Maptodirections-180626/1.0.0/Images/ACR-065/ACR-065_install.JPG","180628/Maptodirections-180626/1.0.0/Images/ACR-002/ACR-002_.JPG","180628/Maptodirections-180626/1.0.0/Images/ACR-002/ACR-002_install.JPG","180628/Maptodirections-180626/1.0.0/Images/ACR-035/ACR-035_docs.JPG","180628/Maptodirections-180626/1.0.0/Images/ACR-058/ACR-058_landingpage.JPG","180628/Maptodirections-180626/1.0.0/Images/ACR-058/ACR-058_landingpage1.JPG"],"guid":"ecacb610-f402-428a-876c-869294cb8db3_1.0.0_1","appID":"Maptodirections-180626","dateAdded":"180628","deceptorType":"Chrome Extension","name":"MaptoDirections","company":"Maptodirections.com","version":"1.0.0","sigName":"Deceptor:CRX/MaptoDirections!005086","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"180628","type":"Chrome Extension","category":"Personalization & Search","targetOS":"Chrome","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2018-06-28T20:37:58.5640637+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2465},{"violations":{"ACR-005":"The application mimics the system toolbar by displaying a non-attributed search on its new tab page.\n","ACR-030":"Inline interstitial offer from thank you page page can be closed only by clicking the x button or back button. User should be able to navigate away from interstitial by using all four simply action, like clicking outside, close button, using back button, the address bar.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links in the Chrome webstore that show the app's EULA and/or Terms of Service, Returns and Cancellation Policy\n\n","ACR-054":"The thank you page offer does not provide equal prominence to \"Continue\" and \"no thank you\" options to the consumer.\n","ACR-058":"App doesn't specify that it monetizes through search\n"},"samples":[{"isRevoked":"False","fileName":"Map-My-Travel_v2.7.3.31.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"0.","hashMD5":"b51b8c9f40fb858b6af30ea22d2acfb6","hashSHA1":"a90f35f0fd7b6980caf5e4f56b2c634b84210b45","hashSHA256":"c0f5e902d4ff79e4af23f24398e3c9045be2de5823aff3a5832e55d8060c4959","sourceIndex":"3201","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.mapmytravel1.co/","directDownloadingLink":"https://chrome.google.com/webstore/detail/map-my-travel/dlppnlkkedjdjcihgndljhfimlblpmdf","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/map-my-travel/dlppnlkkedjdjcihgndljhfimlblpmdf","sourceIndex":"3201"}],"sampleFiles":["180628/MapmyTravel-180627/2.7.3.31/Samples/Map-My-Travel_v2.7.3.31.crx"],"imageFiles":["180628/MapmyTravel-180627/2.7.3.31/Images/ACR-005/interactions.PNG","180628/MapmyTravel-180627/2.7.3.31/Images/ACR-030/interstitial.PNG"],"nonDeceptorImageFiles":["180628/MapmyTravel-180627/2.7.3.31/Images/ACR-054/interstitial.PNG","180628/MapmyTravel-180627/2.7.3.31/Images/ACR-065/acr_065.PNG","180628/MapmyTravel-180627/2.7.3.31/Images/ACR-058/Screen Shot 2018-06-28 at 3.53.36 PM.png"],"guid":"1f5366c1-db68-4efd-9581-d68b83f876ca_2.7.3.31_1","appID":"MapmyTravel-180627","dateAdded":"180628","deceptorType":"Chrome Extension","name":"MapmyTravel","company":"http://www.mapmytravel1.co/","version":"2.7.3.31","sigName":"Deceptor:CRX/MapmyTravel!005030","lastKnownStatus":"Deceptor:2.7.3.31","lastKnownDate":"190213","type":"Chrome Extension","category":"Personalization & Search","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-02-14T00:01:36.0069605+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2466},{"violations":{"ACR-042":"Bundled offer \"Search Quick Map Finder\" chrome extension starts to install before user accept it.\n","ACR-085":"Extension does not provide encrypted protection for personal searches.\n","ACR-071":"The user is unable to decline the offer for Search Quick Map Finder independently. In order to install Quick Map Finder consumer must install Search Quick Map Finder.\n","ACR-030":"Inline interstitial offer from landing page can only be closed by using the close button. User should be able to navigate away from interstitial by simple action, like clicking outside, close button, using back button, the address bar.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Quick-Map-Finder_v1.0.0.5.crx","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"3a69b6044590bee2c8cbe8b709b8ddea","hashSHA1":"3b9d340dbec1c0544d883be08643967bc9d0ad66","hashSHA256":"6ea3bcabd5551ab4d0df8d4e3fb3114b493eac11f5b8f1d176a135df14982c45","sourceIndex":"3226","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.quickmapfinder.com/","directDownloadingLink":"https://chrome-extension-downloader.com/1a0403b6a2edaac0e472475622db53cb/https://chrome.google.com/webstore/detail/quick-map-finder/dcikfdhdhopbmggeajbjkabmiomlcpec.crx","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome-extension-downloader.com/1a0403b6a2edaac0e472475622db53cb/https://chrome.google.com/webstore/detail/quick-map-finder/dcikfdhdhopbmggeajbjkabmiomlcpec.crx","sourceIndex":"3226"}],"sampleFiles":["180628/QuickMapFinder-180626/1.0.0.5/Samples/Quick-Map-Finder_v1.0.0.5.crx"],"imageFiles":["180628/QuickMapFinder-180626/1.0.0.5/Images/ACR-042/ACR_042_INSTALL.mp4","180628/QuickMapFinder-180626/1.0.0.5/Images/ACR-085/ACR_085_SOFTWARE.mp4","180628/QuickMapFinder-180626/1.0.0.5/Images/ACR-071/ACR_071_BUNDLER-MADE-OFFERS.mp4","180628/QuickMapFinder-180626/1.0.0.5/Images/ACR-030/ACR_030_INLINE_OFFERS.mp4"],"nonDeceptorImageFiles":["180628/QuickMapFinder-180626/1.0.0.5/Images/ACR-155/ACR_155_INLINE_OFFERS.mp4"],"guid":"8c33100e-c5f7-474e-a6a5-7d1f612c0a81_1.0.0.5_1","appID":"QuickMapFinder-180626","dateAdded":"180628","deceptorType":"Chrome Extension","name":"Quick Map Finder","company":"Castle Rock Capital, Inc","version":"1.0.0.5","sigName":"Deceptor:CRX/QuickMapFinder!030042071155","firstResolvedDate":"190130","firstResolvedVersion":"1.0.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.5;NonCertified:1.0.0.4","lastKnownDate":"180628","type":"Chrome Extension","category":"Personalization & Search","targetOS":"","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2019-01-31T01:35:00.3356029+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2464},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. The application does not provide a close button.\n","ACR-055":"Accept and decline for the offer must be obvious\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The terms and privacy policy provided belongs to Avangate B.V.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get FortKnox Firewall for free using trialpay.\n"},"samples":[{"isRevoked":"False","fileName":"fk-setup.exe","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.                                 ","productName":"FortKnox Personal Firewall","fileVersion":"","hashMD5":"6e98a0285c8fd2673f2242d83891608d","hashSHA1":"6e6c322cb3193a23c60d8b26a01f9e1bb30cc04c","hashSHA256":"5b79248e69a403e6400019d3f16b53b19cc7db29383829123a401ca2982574fa","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3568","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"Existing decepter review","landingPage":"http://www.fortknox-firewall.com/","directDownloadingLink":"http://www.ngt.sk/download/fk-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ngt.sk/download/fk-setup.exe","sourceIndex":"3568"}],"sampleFiles":["180627/FortKnoxFirewall-180620/22.0.500.0/Samples/fk-setup.exe"],"imageFiles":["180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-055/ACR_055_INSTALL.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-048/ACR_048_SOFTWARE.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-059/ACR_059_INLINE_OFFER.PNG"],"nonDeceptorImageFiles":["180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-065/ACR_065_INSTALL.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180627/FortKnoxFirewall-180620/22.0.500.0/Images/ACR-120/ACR_120_SOFTWARE.PNG"],"guid":"ecc360ff-ffdb-45c3-86bd-fde088c849dc_22.0.500.0_1","appID":"FortKnoxFirewall-180620","dateAdded":"180627","deceptorType":"App","name":"FortKnox Firewall","company":"NETGATE Technologies s.r.o.","version":"22.0.500.0","sigName":"Deceptor:Win32/FortKnoxFirewall!055059048","firstVendorContactDate":"180724","firstAppEsteemReplyDate":"180726","firstResolvedDate":"180726","firstResolvedVersion":"22.0.530.0","resolved":"TRUE","lastKnownStatus":"22.0.500.0","lastKnownDate":"180627","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-07-27T02:19:33.7246237+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2467},{"violations":{"ACR-003":"The app exaggerates the system health as being at \"heavy risk\" and stating that \"73 items may damage your pc\". It also states that that the pc driver status is serious, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable these tasks using the software options.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The app only offers a 7 days return policy.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"DriverArmor.exe","isInstaller":"True","companyName":"n/a","productName":"DriverArmor","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"42cb9cd10db7247cf2c30c04088666f6","hashSHA1":"a7112bb3f6b05c7d3e034c72545d598eba6bf727","hashSHA256":"166b8061fdea5b7439a993ee3ffb2640da7bb687c91a7df899eb4d86742786f6","digitalCertThumbprint":"2F681DFEAF8E2BA9EA43B79D229FD5B16504E117","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=iHaveAnswer LLC, O=iHaveAnswer LLC, L=New Rochelle, S=New York, C=US","sourceIndex":"3253","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverArmor.exe","companyName":"I Have Answer LLC","productName":"Driver Armor","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"18c2a6f1a9c7147b74c33b3c6a5a8cc2","hashSHA1":"7420a35f53a04f366cc3b91dd48f2d155621f4de","hashSHA256":"27561b3d043116e6837b9abfb065c47ba4debeb02c8bf329bc8692acaf1c5688","digitalCertThumbprint":"2F681DFEAF8E2BA9EA43B79D229FD5B16504E117","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=iHaveAnswer LLC, O=iHaveAnswer LLC, L=New Rochelle, S=New York, C=US","sourceIndex":"3253","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.driverarmor.com/index.html","directDownloadingLink":"https://www.driverarmor.com/DriverArmor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.driverarmor.com/DriverArmor.exe","sourceIndex":"3253"}],"sampleFiles":["180621/DriverArmor-180621/1.2.0.0/Samples/DriverArmorsetup.exe","180621/DriverArmor-180621/1.2.0.0/Samples/DriverArmor.exe"],"imageFiles":["180621/DriverArmor-180621/1.2.0.0/Images/ACR-003/ACR-003_software.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-003/ACR-003_software1.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-003/ACR-003_software2.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-084/ACR-084_software.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180621/DriverArmor-180621/1.2.0.0/Images/ACR-065/ACR-065_install.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-065/ACR-065_software.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-065/ACR-065_landingpage.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-161/ACR-161_landingpage.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-161/ACR-161_landingpage1.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-088/ACR-088_software.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-160/ACR-160_software.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-099/ACR-099_software.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-168/ACR-168_landingpage.JPG","180621/DriverArmor-180621/1.2.0.0/Images/ACR-167/ACR-167_docs.JPG"],"guid":"8942833c-4b6e-4e98-a278-426a167875ab_1.2.0.0_1","appID":"DriverArmor-180621","dateAdded":"180621","deceptorType":"App","name":"DriverArmor","company":"I Have Answer LLC","version":"1.2.0.0","sigName":"Deceptor:Win32/DriverArmor!003084168","lastKnownStatus":"Deceptor:1.2.0.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2019-01-26T01:28:07.8485931+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2468},{"violations":{"ACR-043":"App doesn't disclose that it will install/use Avira Operations' AV engine\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent or knowledge.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Lespeed Technology Ltd.\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"WiseAntiMalwareSetup.exe","isInstaller":"True","companyName":"WiseCleaner.com                                             ","productName":"Wise Anti Malware","productVersion":"2.1.2","fileVersion":"2.1.2","hashMD5":"a0165d1af00f4be1f7e310933976d475","hashSHA1":"93576e468d5327130a247d4f36bf919e80cd97bc","hashSHA256":"674163d42158daaa95213b330d4e25a427821f944e62fa983e28f1de27483a6d","digitalCertThumbprint":"F66018BD6DA44B00489098A317E127BA9C59C6AD","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"3377","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WiseAntiMalware.exe","companyName":"WiseCleaner.com","productName":"Wise Anti-Malware","productVersion":"2.1","fileVersion":"2.1.2.92","hashMD5":"8081c8436285dff825c1f59213f6a007","hashSHA1":"56247c9566a347f8f3a918940a1ea69ecb3475e8","hashSHA256":"98476d1a890e0fbda8f6a0a6b31f81b31155a1fd98a38179c0949045ddd8bc8c","digitalCertThumbprint":"F66018BD6DA44B00489098A317E127BA9C59C6AD","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Lespeed Technology Ltd., O=Lespeed Technology Ltd., L=Beijing, S=Beijing, C=CN","sourceIndex":"3377","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.submission","reference":"https://www.wisecleaner.com/products.html","landingPage":"https://www.wisecleaner.com/wise-anti-malware.html","directDownloadingLink":"http://www.wisecleaner.com/soft/WiseAntiMalwareSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.wisecleaner.com/soft/WiseAntiMalwareSetup.exe","sourceIndex":"3377"}],"sampleFiles":["180614/WiseAntimalware-180601/2.1.2/Samples/WiseAntiMalwareSetup.exe","180614/WiseAntimalware-180601/2.1.2/Samples/WiseAntiMalware.exe"],"imageFiles":["180614/WiseAntimalware-180601/2.1.2/Images/ACR-043/ACR-043_install.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-043/ACR-043_install1.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-118/ACR-118_uninstall.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-118/ACR-118_uninstall1.JPG"],"nonDeceptorImageFiles":["180614/WiseAntimalware-180601/2.1.2/Images/ACR-065/ACR-065_install.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-065/ACR-065_software.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-065/ACR-065_landingpage.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-065/ACR-065_internaloffer.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-161/ACR-161_landingpage.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-092/ACR-092_software.JPG","180614/WiseAntimalware-180601/2.1.2/Images/ACR-099/ACR-099_software.JPG"],"guid":"887d42e1-c977-4e2e-9db9-c17aaa50c44c_2.1.2_1","appID":"WiseAntimalware-180601","dateAdded":"180614","deceptorType":"App","name":"Wise Anti-Malware","company":"WiseCleaner.com","version":"2.1.2","sigName":"Deceptor:Win32/WiseAntiMalware!043118","firstResolvedDate":"190110","firstResolvedVersion":"2.1.3","resolved":"TRUE","lastKnownStatus":"Deceptor:2.1.2","lastKnownDate":"180614","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-10T19:29:57.4086655+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2469},{"violations":{"ACR-003":"The application exaggerates registry keys as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user\nThe app offers a Deceptor application (Driver Updater) to the user\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC CARE TOOLS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled\nThe application's internal offer page has no link or information that shows how it can be uninstalled\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"bppsetup.exe","isInstaller":"True","companyName":"n/a","productName":"Boost~PC~Pro~2018","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"9097d8fe2c2d342cd8e5f9d29ac50170","hashSHA1":"31e0be01c4b74d46459b15bd9b195a04948dd4ee","hashSHA256":"228ec10b4a2a1e1248f299df04a35cf177c7d634fe324ffd5ad40c22cf07f66b","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"464","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp.exe","companyName":"n/a","productName":"SpeedUp Tool","productVersion":"1.0.0.2","fileVersion":"1.0.0.2","hashMD5":"e139997dc8ad31f176b5503b8d8e1235","hashSHA1":"e0a41cd199d04999c6e5bb767a05089ddead3193","hashSHA256":"5b5416b286540729da1b8e37ff964bd38f3646081c9f68fa0636a3d76d8a7df3","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"464","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp-quickboostutils.exe","fileVersion":"1.0","hashMD5":"7af82d843882944b3658ada42476cb77","hashSHA1":"8be639473a90474e27dc977e06868bfd4086e902","hashSHA256":"2c8a6808fa94481f310b91bb86fae90f9d72b63fc23cce59f17b547f1d806609","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"465","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bppsetup-quickboostutils.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"c3f7e532115e9d712256484c1e9af27c","hashSHA1":"83d0dbef575ff32f3ccb86204ddb9aa6732d4d29","hashSHA256":"ed78fa884582fa1a13eaa35493f04756a60f90c622d1480c9134fb4ca9c265e4","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"465","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcl-mysystemrepair.exe","fileVersion":"1.0","hashMD5":"7cad4d47aeb943b530e6271015328c63","hashSHA1":"b711b018293cc3495b79f1d81171678a3add6cc8","hashSHA256":"48e504a5ff4eb247f2efe4ab53406d21735be4c35ce6e23e42802f1a70ea16bc","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"466","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup-mysystemrepair.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"f2fc8df70668533eb132e3c057a5ee25","hashSHA1":"35cb9c85fa4c1aec0e91ccecc167af190660a9d9","hashSHA256":"1e10f02dac41d3cb33ea970636c8b9717c1f830d6c61e0e8ebbad37def425ccc","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"466","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcl-advancepcoptimizer.exe","fileVersion":"1.0","hashMD5":"6c82a562a8023ba9a19e279297745b50","hashSHA1":"3965be1eaa10a67dc564d721fe682ca0cb4475c5","hashSHA256":"7f2899ac40b3c674e73c246f791ba409a8c4643d7f880a4aa697f40bb7d0f0c3","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"467","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup-advancepcoptimizer.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"a15f2283419590a9f30e0d102f87ca91","hashSHA1":"dc70a20c345213b7891d064397827626ebb8088f","hashSHA256":"963d4d7ce7125fafcdfb21c8de94c4c30559fd99822e1c38f249f77c2c9bd23a","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"467","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp-bootpctools.exe","fileVersion":"1.0","hashMD5":"af309f6f1c7b6a4f0836aee6c2a1214d","hashSHA1":"f4d153ce1817d379aafcd375905197547790ca6a","hashSHA256":"29257e2a1bdb53938225cb64295cf764027244d41abed8f78ea552de38c5b6c8","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"468","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bppsetup-boostpctools.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"c772fe41c086cb88074fe85edcae9fd2","hashSHA1":"26642ce59cdc43d382b14ec32dc0fd4338b7c4da","hashSHA256":"ea88aa38370d1ab4cd761ba31bc45a5f3ab356c128c4a36f93a1f8cc54abb449","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"468","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcl-cleanuppctools.exe","fileVersion":"1.0","hashMD5":"d71079c404e103bbaa09980901ed723b","hashSHA1":"3bfe92ab0010aa25a700096b55cc726f13d462c5","hashSHA256":"6f40a4c8a4f9ce5ab5469b04756910d4219cb675bb66e1003bbcb03d1dfdf698","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"469","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup-cleanuppctools.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"e18f9d4879b7f10f21482c32cbee6b4b","hashSHA1":"540ea8b842f773f5527634755648dae56e225301","hashSHA256":"49e5948b0030ad91720f740ad519207e81e0fe03af10ba1dc801312d8c367f2e","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"469","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm-winspeeduputils.exe","fileVersion":"2.2","hashMD5":"7d5e22cb62d84b02d948df7e928cff1f","hashSHA1":"aaebf5edcff90f449aba5e3a03a1b9fa5e767313","hashSHA256":"1a97db5c38f26334ba2dab5a7b34b32f703baa77e2db4d717197e5698b33bbe2","digitalCertThumbprint":"1FF572198A616BC3BD31162AC36564BFC7FCFBF9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools LC, O=Tuneup PC Tools LC, STREET=\"HOUSE NO. A­54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"470","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"acpsetup-winspeeduputils.exe","isInstaller":"True","fileVersion":"2.2","hashMD5":"fd457bf852f257c930537a6ef9b673f5","hashSHA1":"5ec97376807ed9df9c79485303c8936bb19d87a6","hashSHA256":"c4c73100bffd85ef8733524700e6932e651f58e6bf3f17d9fa86575972a8143e","digitalCertThumbprint":"1FF572198A616BC3BD31162AC36564BFC7FCFBF9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools LC, O=Tuneup PC Tools LC, STREET=\"HOUSE NO. A­54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"470","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","KasperskyPremium (20250121)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm-quickpcupdates.exe","fileVersion":"2.3","hashMD5":"9c615b21e4731068f65ececff79924c5","hashSHA1":"a813087d5911dddc7a0d78796e67865d2aaed105","hashSHA256":"ddb83dcbf3a363fc93af1bc0ee6100d774dc1e28dd4119dad98843c343f3f9ca","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"471","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"acpsetup-quickpcupdates.exe","isInstaller":"True","fileVersion":"2.3","hashMD5":"555724799b259530ba087798de1c331e","hashSHA1":"1b0dcb187a09437af982115b67ba569410a9a7d1","hashSHA256":"03c72cc557c3645aadad93c1c0ed3b51f120adc1dcee30cb5b64fd8905168ccb","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"471","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm-1clickpccare.exe","fileVersion":"2.5","hashMD5":"04eeaae8c0f36d0c30efa1c9ea5a21a7","hashSHA1":"1622f18fb360547181cdecc9975b42b013c22ae6","hashSHA256":"166471f197218c18e9cb8c63d84ab4a59bb0366436941da8ca4235c09a8daa26","digitalCertThumbprint":"39C8E18FEB4B94B4E63A8775850BB585D2E5C7BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB REACH TECHNOLOGIES PRIVATE LIMITED, O=AB REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"acpsetup-1clickpccare.exe","isInstaller":"True","fileVersion":"2.5","hashMD5":"66ed0c678362e6aa89b7aa6be6b8f3b5","hashSHA1":"9a5b85d1f49ea24fbf73d9bc28731fd6f29fe9c5","hashSHA256":"ac8f41716a4ee5fc7e6ae410aacb3cd95f77ffc49f5dbe8317309cc24b2fc8aa","digitalCertThumbprint":"39C8E18FEB4B94B4E63A8775850BB585D2E5C7BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB REACH TECHNOLOGIES PRIVATE LIMITED, O=AB REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"472","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp-mypcboost.exe","fileVersion":"1.0","hashMD5":"ef43e4f7dc4bc72090502d573a60e19e","hashSHA1":"0b650e315c2eae1d6ab383fa1bdd90b95c378ad4","hashSHA256":"ab50548a068937685497fc88f448c6ac2e4c0153df1f70065e1064ca7932bf28","digitalCertThumbprint":"3BAE8CCC4633D1B28A30A8836DA405107C57006A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-FlXER-TOOLS, O=PC-FlXER-TOOLS, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"473","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"acpsetup-mypcboost.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"b5034be1b7dc2e339a0db31dd0f47c24","hashSHA1":"9e8c84f0b753355d7f05d8bcf03a36237e0b5e28","hashSHA256":"d0c4f06b57d3ade14708f5d1c4b6f99427f0a2e1e86466237f7881c5b7e4ab55","digitalCertThumbprint":"3BAE8CCC4633D1B28A30A8836DA405107C57006A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-FlXER-TOOLS, O=PC-FlXER-TOOLS, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"473","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm-winpcspeedup.exe","fileVersion":"3.6","hashMD5":"f16ca84c1c935a13b4d107d4f0a838f9","hashSHA1":"653b3030e2ebfc1e186906ed0831ab6eeaf56c10","hashSHA256":"be3d214e6db12f8cddb20bdceeab71a37da2025bb1ab118b73d9d12d0c557e54","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"474","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"acpsetup-winpcspeedup.exe","isInstaller":"True","fileVersion":"3.6","hashMD5":"f2b3489ce26a5418561914a6d813a83b","hashSHA1":"92d22c5f1c62b3f3f123bea7654c850a35f3d6f6","hashSHA256":"f7e3a6257532dca857b27d70026c4087949940a2bd7d03298f6d5cef1269dbc8","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"474","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm-systemsupdater.exe","fileVersion":"2.4","hashMD5":"2a5643de957b8cef666300efad034cca","hashSHA1":"190d6916f82767cedd2bff8532b8cad19ff4b12c","hashSHA256":"dd2fcc6e3578e9bb6276e6431b47d11b0a6a3f0a7b5c37854fb70f9dc4b26fdc","digitalCertThumbprint":"3BAE8CCC4633D1B28A30A8836DA405107C57006A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-FlXER-TOOLS, O=PC-FlXER-TOOLS, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"475","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"acpsetup-systemsupdater.exe","isInstaller":"True","fileVersion":"2.4","hashMD5":"89cb99fa441000e4b1fdb3f3642c95fe","hashSHA1":"7fd4f393e40de319f3cb43f7887e64bca4fb149b","hashSHA256":"71dc3414bf07da8bcc869eac1b07a8d5cf5ed0268e5f3e1f97237017916549a3","digitalCertThumbprint":"3BAE8CCC4633D1B28A30A8836DA405107C57006A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-FlXER-TOOLS, O=PC-FlXER-TOOLS, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"475","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm-epcsupdates.exe","isInstaller":"True","fileVersion":"3.5","hashMD5":"cb83d1ef0800384b6808788f01a59650","hashSHA1":"9d229cd4d0fbd0d3eb70b61ab73412a384797a65","hashSHA256":"d4c7a2b906e3834b44d39772441871b96672c16ff20fddcfe8129c15f228ef60","digitalCertThumbprint":"39C8E18FEB4B94B4E63A8775850BB585D2E5C7BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB REACH TECHNOLOGIES PRIVATE LIMITED, O=AB REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"476","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"acpsetup-epcsupdates.exe","isInstaller":"True","fileVersion":"3.5","hashMD5":"b80ab751aca9cb2fe5f979f4252e380e","hashSHA1":"adc3cf3f08d6180b0af5f88fd2b171ab4206bea2","hashSHA256":"c7453786e84e45ea2338219e72fcc4b3aefa8a95280e7362197b089643a3845d","digitalCertThumbprint":"39C8E18FEB4B94B4E63A8775850BB585D2E5C7BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB REACH TECHNOLOGIES PRIVATE LIMITED, O=AB REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"476","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp-pcspeeduputils.exe","fileVersion":"1.0","hashMD5":"59c55b3a05bb72b5dbfac070ec678a71","hashSHA1":"0eb3638a5d97cf8f4c5d876fd74d346d7235fd75","hashSHA256":"37852d6c31618f0ab49db8ac3be18e842c43f9e5b112bff7bf414c4ac44b7bc7","digitalCertThumbprint":"61E8DCF8FE3D419F0072A615CBD630034F690885","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics LLP, O=Syscare Logics LLP, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"477","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bppsetup-pcspeeduputils.exe","isInstaller":"True","fileVersion":"1.0","hashMD5":"32ab1203fc8415ea5e619aa8a812dc11","hashSHA1":"76419af67643c3e4a6b12559354f78e651b4f387","hashSHA256":"95215fd7b930b6ab5ef5242beeff7f4d1c9d4cb21a0b09937cba12863a60d24f","digitalCertThumbprint":"61E8DCF8FE3D419F0072A615CBD630034F690885","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics LLP, O=Syscare Logics LLP, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"477","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.submission ","reference":"","landingPage":"http://boostmypcutils.com/","directDownloadingLink":"https://d2m5hmt9e3cfoj.cloudfront.net/bpp/securerc/b4/bppsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2m5hmt9e3cfoj.cloudfront.net/bpp/securerc/b4/bppsetup.exe","sourceIndex":"464"},{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://quickboostutils.com/","directDownloadingLink":"https://dubamrd6c71v0.cloudfront.net/bpp/securerc/b10/bppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"465"},{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://mysystemrepair.com/","directDownloadingLink":"https://dt9tkbzxseyee.cloudfront.net/pcclener/securerc/c2/setup.exe","ipv4":"","ipv6":"","sourceIndex":"466"},{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://advancepcoptimizer.com/","directDownloadingLink":"https://d2daisjhlklr33.cloudfront.net/pcclener/securerc/c4/setup.exe","ipv4":"","ipv6":"","sourceIndex":"467"},{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://boostpctools.com/","directDownloadingLink":"https://d1qak7ipq2md0d.cloudfront.net/bpp/securerc/b6/bppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"468"},{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://cleanuppctools.com/","directDownloadingLink":"https://d1s21jr0fep5su.cloudfront.net/pcclener/securerc/p2/pccsetup.exe","ipv4":"","ipv6":"","sourceIndex":"469"},{"howFound":"Hunt.Submission","reference":"Deceptor submission 180316 - offered by driverdetails' driverupdate","landingPage":"http://winspeeduputils.com/","directDownloadingLink":"https://d12ecykerj9bal.cloudfront.net/acp/securerc/i2/acpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"470"},{"howFound":"Hunt.Submission","reference":"na","landingPage":"http://quickpcupdates.com/","directDownloadingLink":"https://d1fcfsr1rkpyca.cloudfront.net/acp/securerc/b2/acpsetup.exe","ipv4":"","ipv6":"","landingPageWildChar":"","sourceIndex":"471"},{"howFound":"Hunt.Submission","reference":"na","landingPage":"http://1clickpccare.com/","directDownloadingLink":"https://d3blbsdxq8ops5.cloudfront.net/acp/securerc/c8/acpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"472"},{"howFound":"Hunt.Submission","reference":"na","landingPage":"http://www.mypcboost.com/","directDownloadingLink":"https://d3q4pi8j669hdn.cloudfront.net/acp/securerc/n2/acpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"473"},{"howFound":"Hunt.Submission","reference":"na","landingPage":"http://winpcspeedup.com/","directDownloadingLink":"https://d3rki8ksapxem4.cloudfront.net/acp/securerc/p6/acpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"474"},{"howFound":"Hunt.Submission","reference":"na","landingPage":"http://systemsupdater.com/","directDownloadingLink":"https://d2szj1w3aqzku8.cloudfront.net/acp/securerc/b8/acpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"475"},{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://epcsupdates.com/","directDownloadingLink":"https://d3pmtmszdltnp3.cloudfront.net/acp/securerc/c10/acpsetup.exe","ipv4":"","ipv6":"","sourceIndex":"476"},{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://pcspeeduputils.com/","directDownloadingLink":"https://dqp2q7hd10xjq.cloudfront.net/bpp/securerc/bppsetup.exe","ipv4":"","ipv6":"","sourceIndex":"477"}],"sampleFiles":["180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bppsetup.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bpp.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bpp-quickboostutils.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bppsetup-quickboostutils.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/pcl-mysystemrepair.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/setup-mysystemrepair.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/pcl-advancepcoptimizer.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/setup-advancepcoptimizer.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bpp-bootpctools.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bppsetup-boostpctools.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/pcl-cleanuppctools.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/setup-cleanuppctools.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/mysysm-winspeeduputils.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/acpsetup-winspeeduputils.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/mysysm-quickpcupdates.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/acpsetup-quickpcupdates.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/mysysm-1clickpccare.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/acpsetup-1clickpccare.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bpp-mypcboost.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/acpsetup-mypcboost.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/mysysm-winpcspeedup.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/acpsetup-winpcspeedup.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/mysysm-systemsupdater.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/acpsetup-systemsupdater.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/mysysm-epcsupdates.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/acpsetup-epcsupdates.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bpp-pcspeeduputils.exe","180614/BoOstPCPRO2018-180605/1.0.0.2/Samples/bppsetup-pcspeeduputils.exe"],"imageFiles":["180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-055/inline_offer.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-003/acr_003.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-003/acr_003_1.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-010/inline_offer.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-010/acr_010.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-059/inline_offer.PNG"],"nonDeceptorImageFiles":["180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-065/acr_065_io.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-161/testimonials.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-088/acr_088.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-092/acr_092.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-099/acr_099_lp.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-099/acr_099_IO.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-150/acr_150.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-171/acr_171_1.PNG","180614/BoOstPCPRO2018-180605/1.0.0.2/Images/ACR-171/internal_offer_page.PNG"],"guid":"5032a959-8e1e-4db7-adfe-af478883c5b5_1.0.0.2_1","appID":"BoOstPCPRO2018-180605","dateAdded":"180614","deceptorType":"App","name":"PC CARE Evader","company":"PC CARE TOOLS, PC-FIXER-TOOLS, AB REACH, PC Speedup Tool Inc, CONNECT AB","version":"1.0.0.2","sigName":"Deceptor:Win32/PCCareEvader!003010055059","lastKnownStatus":"Deceptor:1.0.0.2","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T20:40:24.3264193+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2069},{"violations":{"ACR-047":"Declining the offer does not allow consumer to continue to the game playing site.\n","ACR-005":"Screenshot in Chrome webstore has an overlay dialog that misleads consumers to think the webstore is recommending a call to action.\n","ACR-057":"No clear way to decline\n","ACR-055":"No way to decline the offer and continue to game site. clicking anywhere on screen leads to extension install.\n","ACR-059":"Not marked as an offer. Not optional.\n","ACR-030":"Consumer cannot not navigate away from the interstitial offer.\n","ACR-025":"Injects a full tab.\n","ACR-032":"Shown without any consumer action.\n","ACR-020":"Because the injection is an in-focus full tab, it is difficult for the consumer to distinguish where the page came from. Attribution is tiny and disappears after a short period of time.\n"},"nonDeceptorViolations":{"ACR-139":"Playing games on the brainyzanygames.com site requires the monetization component to be installed.\n","ACR-001":"Google policy: \"Do not create an extension that requires users to accept bundles of unrelated functionality.\" Requiring an ad injector in order to play games on a website violates this policy.\n","ACR-054":"offer has no way to decline. back button will cause a reload. clicking anywhere on the screen treated as an accept of the offer.\n","ACR-027":"No statement of offer.\n","ACR-156":"app serves up erectile dysfunction pages from child-appropriate websites.\n","ACR-021":"Injected ad is a new tab window, and attribution is limited to name of the extension.\n","ACR-077":"Offer is made from all brainzanygames.com pages; not only from individual game landing pages.\n"},"samples":[{"isRevoked":"False","fileName":"5.3.8.1_0.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"d8b9cd413e1ec42354a2d689aa053a4eeb6d01e018f63f928861fe72d27f6d46","sourceIndex":"3254","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"5.3.8.1_0-arcadegonetwork.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"1ba30aaec45d875007f09de3542c6c42304621a27eb07d7b5779eec4fb49cd8d","sourceIndex":"3255","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"5.3.6.2_0-zanybrainygames.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"db64a51571619443134892a9fe8fdd5d6861a353d067e9327075ebb968d9da00","sourceIndex":"3256","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"5.3.7.1_0-tonoffungames.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"b5d17c8ac65063aa890bc20b9f6d4ae9c1a70c1bcecff44b6a0a1c86f14d5236","sourceIndex":"3257","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"5.5.15.2_0-maxplaidgames.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"a9c9619f093ad9fc696ea78548919de5f7af2dad6d99df01cc0a8285b7934f60","sourceIndex":"3258","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"5.5.19.1_0-gamewowgo.crx","isInstaller":"True","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"9b89b9b493659745be7157e48159284eacf3b9009193cd9e8676508350607b42","sourceIndex":"3259","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"t","landingPage":"www.brainyzanygames.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/brainyzanygames/bpablkdlcmijhlgfeiinaeailfcbjbdc?utm_source=inline-install-disabled","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://chrome.google.com/webstore/detail/brainyzanygames/bpablkdlcmijhlgfeiinaeailfcbjbdc?utm_source=inline-install-disabled","sourceIndex":"3254"},{"howFound":"Hunt.Browsing","reference":"search for similar to brainyzany.com","landingPage":"www.arcadegonetwork.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/arcadegonetwork/commjhakoppbgpaijhfonfaelpimgfca","ipv4":"","ipv6":"","sourceIndex":"3255"},{"howFound":"Hunt.Browsing","reference":"additional","landingPage":"www.zanybrainygames.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/zanybrainygames/ebiidmkcehpghladpgniokncjloakokf","ipv4":"","ipv6":"","sourceIndex":"3256"},{"howFound":"Hunt.Browsing","reference":"ab","landingPage":"www.tonoffungames.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/tonoffungames/najjnadmjbninbhfokkdekimnogndmai","ipv4":"","ipv6":"","sourceIndex":"3257"},{"howFound":"Hunt.Browsing","reference":"ab","landingPage":"ww.maxplaidgames.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/maxplaidgames/fglbooglenjlnkpdmlfkoddlblgmcikl","ipv4":"","ipv6":"","sourceIndex":"3258"},{"howFound":"Hunt.Browsing","reference":"ab","landingPage":"www.gamewowgo.com","directDownloadingLink":"https://chrome.google.com/webstore/detail/gamewowgo/jdookcaahcklolbbfhncijaaklhimfhe","ipv4":"","ipv6":"","sourceIndex":"3259"}],"sampleFiles":["180614/BrainyZanyGames-180614/5.3.8.1/Samples/5.3.8.1_0.crx","180614/BrainyZanyGames-180614/5.3.8.1/Samples/5.3.8.1_0-arcadegonetwork.crx","180614/BrainyZanyGames-180614/5.3.8.1/Samples/5.3.6.2_0-zanybrainygames.crx","180614/BrainyZanyGames-180614/5.3.8.1/Samples/5.3.7.1_0-tonoffungames.crx","180614/BrainyZanyGames-180614/5.3.8.1/Samples/5.5.15.2_0-maxplaidgames.crx","180614/BrainyZanyGames-180614/5.3.8.1/Samples/5.5.19.1_0-gamewowgo.crx"],"imageFiles":["180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-047/require unreleated extension.gif","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-055/require unreleated extension.gif","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-005/Screen Shot 2018-06-28 at 3.57.58 PM.png","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-057/offer has no way to decline.png","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-059/offer has no way to decline.png","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-030/require unreleated extension.gif","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-032/require unreleated extension.gif","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-025/Screen Shot 2018-07-05 at 9.23.42 PM.png","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-020/Screen Shot 2018-07-05 at 9.23.42 PM.png"],"nonDeceptorImageFiles":["180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-001/requires ad extension to play games.png","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-139/require unreleated extension.gif","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-054/offer has no way to decline.png","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-077/require unreleated extension.gif","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-027/offer has no way to decline.png","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-156/Screen Shot 2018-07-05 at 9.43.20 PM.png","180614/BrainyZanyGames-180614/5.3.8.1/Images/ACR-021/Screen Shot 2018-07-05 at 9.23.42 PM.png"],"guid":"609e5b63-8c01-4f0c-8391-d4a654442be4_5.3.8.1_1","appID":"BrainyZanyGames-180614","dateAdded":"180614","deceptorType":"Chrome Extension","name":"BrainyZanyGames","company":"BrainyZanyGames.com","version":"5.3.8.1","sigName":"Deceptor:CRX/BrainyZanyGames!030047055057059","lastKnownStatus":"Deceptor:5.3.8.1","lastKnownDate":"190125","type":"Chrome Extension","category":"Personalization & Search","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"inject ads","lastUpdate":"2019-01-26T01:27:38.5578349+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2470},{"violations":{"ACR-003":"Reporting non substantiated issues in clean system.  For example, the 20 issues under critical setting category. The red meter indicates the misleading urgency. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's Privacy Policy \n\nThere are no links that shows the app's Privacy Policy\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"PC_Win_Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.                                       ","productName":"PCWinBooster","productVersion":"10.2.3.265","fileVersion":"10.2.3.265","hashMD5":"67c0587ed0ddaa35b06c1d480ab34e76","hashSHA1":"bb8d56ccfa9e5a0f21a0faa7a554586009dcf226","hashSHA256":"43679946d9d9638cc00e654fc18104b59967834e6e79f5b7a12f4b2254214261","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3618","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCWinBooster.exe","companyName":"Sorentio Systems Ltd.","productName":"n/a","productVersion":"10.2","fileVersion":"10.2.3.265","hashMD5":"d3e40cd3da89df697b436eb8bfc6fdf2","hashSHA1":"cfff034964ba2f9d2ea28626900c45aab99a3c65","hashSHA256":"59f3c504a8b4627fa39cc8c0248e262e069be37aeded0ccfb5819d37a86cfc40","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Sorentio Systems Ltd, O=Sorentio Systems Ltd, STREET=\"Titoff Place, 24.5 Old Northern Highway\", L=Boston Village, S=Belize  District, PostalCode=000000, C=BZ","sourceIndex":"3618","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://fr.sorentioapps.com/pc-win-booster","directDownloadingLink":"http://www.sorentioapps.com/downloads/PC_Win_Booster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.sorentioapps.com/downloads/PC_Win_Booster.exe","sourceIndex":"3618"}],"sampleFiles":["180611/PCWinBooster-180611/10.2.3.265/Samples/PC_Win_Booster.exe","180611/PCWinBooster-180611/10.2.3.265/Samples/PCWinBooster.exe"],"imageFiles":["180611/PCWinBooster-180611/10.2.3.265/Images/ACR-003/FakeScanningResult.PNG","180611/PCWinBooster-180611/10.2.3.265/Images/ACR-003/ScanningResult.PNG"],"nonDeceptorImageFiles":["180611/PCWinBooster-180611/10.2.3.265/Images/ACR-065/acr_065_I.PNG","180611/PCWinBooster-180611/10.2.3.265/Images/ACR-065/acr_065_S.PNG","180611/PCWinBooster-180611/10.2.3.265/Images/ACR-065/acr_065_LP.PNG","180611/PCWinBooster-180611/10.2.3.265/Images/ACR-099/acr_099_S.PNG","180611/PCWinBooster-180611/10.2.3.265/Images/ACR-099/acr_099_IO.PNG"],"guid":"07507453-4a4c-491e-a2c5-76be512e9d4c_10.2.3.265_1","appID":"PCWinBooster-180611","dateAdded":"180611","deceptorType":"App","name":"PCWinBooster","company":"Sorentio Systems Ltd.","version":"10.2.3.265","sigName":"Deceptor:Win32/PCWinBooster!003","lastKnownStatus":"10.2.3.265","lastKnownDate":"201113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-13T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2472},{"violations":{"ACR-003":"The application exaggerates registry keys as errors and of medium damage level, thereby misleading or scaring user to take action\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement\nThe application elevates its user trust level by displaying unverifiable endorsement\nThe application's internal offer page elevates its user trust level by displaying unverifiable endorsement\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-092":"pp uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application has no link or information that shows how it can be uninstalled.\n\n","ACR-171":"The consumer is required to opt-out of additional payment for disk tools plus which was not pre-disclosed.\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"regtusetup_site.exe","isInstaller":"True","companyName":"http://www.regtuneup.com/                                   ","productName":"Reg Tuneup","productVersion":"3.18.18.869","fileVersion":"Reg Tuneup","hashMD5":"37f0bb68f1f5a1d4f3ba20c5020352c8","hashSHA1":"fc9b35ef3a5ca38debb8adb7901c8e933a057a18","hashSHA256":"b7f8de5758dce912c64e4cd58f22687d427bfedd31184e391664356c5d9592fe","digitalCertThumbprint":"2010AF29CA66CA330A3A06C5AC610061E4BD9A16","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3260","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)","Windows Defender (20190203)"],"avAllowList":["Trend Micro Internet Security (20190203)"]},{"isRevoked":"False","fileName":"RegTuneup.exe","isInstaller":"True","companyName":"Reg Tuneup","productName":"Reg Tuneup","productVersion":"3.18.18.869","fileVersion":"3.18.18.869","hashMD5":"7faf8a7df4df93e633f7934e313eb71b","hashSHA1":"b0a571cfde8032eea155b1659550a1a283192e78","hashSHA256":"adbfe8ad4c802ffceee4d6c07b8bdeab4f8bf3568e1f3124bd06514a824cc1b7","digitalCertThumbprint":"2010AF29CA66CA330A3A06C5AC610061E4BD9A16","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3260","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","ESET Internet Security (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Sophos Home Premium (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)","Windows Defender (20190203)"],"avAllowList":["Bitdefender Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","Panda Dome (20190203)","Trend Micro Internet Security (20190203)"]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.regtuneup.com/","directDownloadingLink":"http://cdn.regtuneup.com/js/regtuneup/setups/regtusetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.regtuneup.com/js/regtuneup/setups/regtusetup_site.exe","sourceIndex":"3260"}],"sampleFiles":["180611/Regtuneup-180611/3.18.18.869/Samples/regtusetup_site.exe","180611/Regtuneup-180611/3.18.18.869/Samples/RegTuneup.exe"],"imageFiles":["180611/Regtuneup-180611/3.18.18.869/Images/ACR-003/acr_003.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-003/acr_003_1.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-017/acr_017_I.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-017/acr_017_S.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-017/acr_017_IO.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-168/one_one_S.PNG"],"nonDeceptorImageFiles":["180611/Regtuneup-180611/3.18.18.869/Images/ACR-065/acr_065_S.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-017/acr_017_LP.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-161/testimonials.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-088/acr_088.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-092/signing_certi.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-160/one_one_S.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-168/one_one_LP.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-099/acr_099_S.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-099/acr_017_IO.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-171/acr_171.PNG","180611/Regtuneup-180611/3.18.18.869/Images/ACR-171/internal_offer_page.PNG"],"guid":"3cb45137-0808-419d-83b5-2fc1256508c1_3.18.18.869_1","appID":"Regtuneup-180611","dateAdded":"180611","deceptorType":"App","name":"Regtuneup","company":"SUPER TUNEUP TECHNOLOGIES LLP","version":"3.18.18.869","sigName":"Deceptor:Win32/Regtuneup!003017168","lastKnownStatus":"Deceptor:3.18.18.869","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 8,Windows Vista,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-26T01:27:04.4823044+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2471},{"violations":{"ACR-003":"The driver healthy score is not substantiated. App uses misleading words to raise urgency. for example: \"highly\" recommend to update \"now\"\n","ACR-017":"The application's installer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's internal offer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the software that shows the app's Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTuner_Install.exe","isInstaller":"True","companyName":"DriverTuner.net                                             ","productName":"DriverTuner","productVersion":"4.5","fileVersion":"0.0","hashMD5":"c4763f6e668ac8b8d1ab3c0d287c707f","hashSHA1":"b42040e5cd62243236a42a151e58c8ccfccbd7e6","hashSHA256":"b97d0c7186bc745039fc23e25d8aee85b745701955fb0abd82008c3a616e72c7","digitalCertThumbprint":"56F2D823E2607C411C04B19FEF2069A0F1876E38","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Speedy HLDGS Limited, O=Speedy HLDGS Limited, L=Mongkok, S=Kowloon, C=HK","sourceIndex":"3617","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverTuner.exe","isInstaller":"True","companyName":"DriverTuner","productName":"DriverTuner","productVersion":"4.5","fileVersion":"4.5","hashMD5":"4fd1aaebc550c49a5c339243bc2cb9ee","hashSHA1":"e48b2a197fd0d39cf2511d8d131cdf0cc7fc6e12","hashSHA256":"654cf52eb3cf23d0f39300f05cbb2f74ab4cf95908edc0efc4944f6a394a0ac1","digitalCertThumbprint":"56F2D823E2607C411C04B19FEF2069A0F1876E38","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Speedy HLDGS Limited, O=Speedy HLDGS Limited, L=Mongkok, S=Kowloon, C=HK","sourceIndex":"3617","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.drivertuner.com/","directDownloadingLink":"http://www.drivertuner.com/download/DriverTuner_Install.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.drivertuner.com/download/DriverTuner_Install.exe","sourceIndex":"3617"}],"sampleFiles":["180611/Drivertuner-180611/4.5/Samples/DriverTuner_Install.exe","180611/Drivertuner-180611/4.5/Samples/DriverTuner.exe"],"imageFiles":["180611/Drivertuner-180611/4.5/Images/ACR-017/ACR-017_install.JPG","180611/Drivertuner-180611/4.5/Images/ACR-017/ACR-017_software.JPG","180611/Drivertuner-180611/4.5/Images/ACR-017/ACR-017_internaloffer.JPG"],"nonDeceptorImageFiles":["180611/Drivertuner-180611/4.5/Images/ACR-065/ACR-065_install.JPG","180611/Drivertuner-180611/4.5/Images/ACR-065/ACR-065_software.JPG","180611/Drivertuner-180611/4.5/Images/ACR-161/ACR-161_landingpage.JPG","180611/Drivertuner-180611/4.5/Images/ACR-099/ACR-099_software.JPG","180611/Drivertuner-180611/4.5/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"773bbcee-b2ea-46a5-820b-05fdc67efaba_4.5_1","appID":"Drivertuner-180611","dateAdded":"180611","deceptorType":"App","name":"Drivertuner","company":"Speedy HLDGS Limited","version":"4.5","sigName":"Deceptor:Win32/DriverTuner!003017","lastKnownStatus":"Deceptor:4.5","lastKnownDate":"180611","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-12T05:29:35.7620713+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2473},{"violations":{"ACR-003":"1. The app exaggerates “Junk Files” as a MEDIUM system impact. The size of junk files matters, not the file counts. The claim that it is medium impact to system is not substantiated  2. The registry issues should stay the lowest no matter how many items found under registry items. 3. The medium impact to system that is caused by default system configuration is lack of substantiated data to support. Please provide your supporting data for this claim otherwise the impact should stay at low (According to our internal and security partner test on these configuration changes, the impact to system is barely felt by user under Win10 and Win7 system) 4. The wheel meter of overview is misleading, it is not clear whether it attempts to say current system speed is medium or potential speed improvement will be medium. The issues found is \"None\" also sounds like a bug.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsements.\n","ACR-085":"Need more information disclosed about data collection-- \"Send Anonymous Info to help improve our service\"\n","ACR-057":"The app fails to provide the consumer with clear and simple options to accept or decline associated offers\n"},"nonDeceptorViolations":{"ACR-045":"\"Send anonymous info to help improve our service\" needs to disclose more information about what it is; what data it collects and how data will be used. The information should be disclosed in EULA as well. \n","ACR-065":"The app needs to disclose the Privacy Policy in the app's about page.\n","ACR-160":"Your own call center need to meet the call center requirement for certified app. Here is the requirement for call center https://customer.appesteem.com/Home/CallCenters.  \n","ACR-099":"The app needs to disclose uninstall information in the app’s about page.\n","ACR-035":"The app needs to disclose App's name to the consumer in all the docs. \n","ACR-171":"1. The additional offer is offered to the consumer as \"Opt-In\" by default instead of \"Opt-Out\". 2. The payment term is not clearly displayed next to price 3. The renewal price is not clear (whether it is still discounted price or back to original price) 4. The free item term is not clear (The  free item needs to be paid or still be free during next term payment). 5. If the free item is only free for first payment term, it should be marked clearly and should be setup as opt-in option for user. \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsements.\n"},"samples":[{"isRevoked":"False","fileName":"pc-speed-up-setup (15).exe","isInstaller":"True","companyName":"TweakBit","productName":"PCSpeedUp","productVersion":"1.x","fileVersion":"1.8.2.25","hashMD5":"ffe73bae72edec4f3d50242e3253e76b","hashSHA1":"4813f020590ce391f457ffd4025c16569b4df145","hashSHA256":"54af5059d9c862cf43387d75f1e19bd1ddc010ab5775425b523a4ccfe25e1b6e","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"3531","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"https://tweakbit.com/land/pc-speed-up/video","directDownloadingLink":"http://downloads.tweakbit.com/en/pc-speed-up/aff/stub/pc-speed-up-setup.exe","landingPageWildChar":"","directDownloadingLinkWildChar":"","sourceIndex":"3531"}],"sampleFiles":["180607/pcspeedup-180417/1.8.2.25/Samples/pc-speed-up-setup (15).exe"],"imageFiles":["180607/pcspeedup-180417/1.8.2.25/Images/ACR-085/PCSpeedUpSetting.PNG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-003/ACR-003_Software_Need_to_clean_up_Exaggerated_Word.JPG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-003/ACR-003_Software_App_Exaggeration.JPG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-003/PCSpeedUpScanResult.PNG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-003/PCSpeedUpOverview.PNG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-057/ACR-057_InternalOffers_Cannot_able_to_Decline_Offer.JPG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-017/ACR-017_Internaloffers_Logo_Unverifiable.JPG"],"nonDeceptorImageFiles":["180607/pcspeedup-180417/1.8.2.25/Images/ACR-045/PCSpeedUpInstall.PNG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-065/ACR-065_Software_Privacypolicy_Not_Disclosed.JPG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-099/ACR-099_Software_Uninstall_Information_Not_Disclosed.JPG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-017/ACR-017_Landingpage_Logo_Unverifiable.jpg","180607/pcspeedup-180417/1.8.2.25/Images/ACR-017/ACR-017_Landingpage_logo_Verifiable.JPG","180607/pcspeedup-180417/1.8.2.25/Images/ACR-171/ACR-171_InternalOffers_DefaultOptIn.JPG"],"guid":"4aa14e2a-7edf-4b69-a8f3-062ceb3eb0da_1.8.2.25_1","appID":"pcspeedup-180417","dateAdded":"180607","deceptorType":"App","name":"PCSpeedup","company":"TweakBit","version":"1.8.2.25","sigName":"Deceptor:Win32/TweakBitPCSpeedup!003017057","firstVendorContactDate":"181008","firstAppEsteemReplyDate":"181008","firstResolvedDate":"181105","firstResolvedVersion":"1.8.3.40","resolved":"TRUE","lastKnownStatus":"1.8.2.25","lastKnownDate":"180607","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,cross-sell other apps,call center","lastUpdate":"2018-11-05T22:24:14.3477307+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2474},{"violations":{"ACR-003":"The app needs to cleanup the word \"problems\" in the software.\nThe app needs to cleanup the word \"errors\" in the internal offers page. Also need to update screenshots. \n","ACR-017":"The logos \"Microsoft Partner\" and \"Norton SECURED verified by veriSign\" are not verifiable..\n","ACR-084":"The silence installation option exist in the app. The usage of this silence installation need to be disclosed if this is necessary for app. \"\"pc-repair-kit-setup (10).exe\" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART \"\n","ACR-059":"The offer is not marked as Offer, the recommended by \"who\" is not clear. App should: 1. Change to “Recommended by PCRepair Kit” or “Recommended” word 2. Add at least “Offer” to clearly mark it is an offer.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose Original filename, company name, product name, product version and file version for the following executables:\"Downloader.exe\", \"pc-repair-kit-setup (10).exe\".\n","ACR-065":"No explicit link to Privacy Policy on the software. \nNo link to EULA in landing page.\n","ACR-163":"Non-interactive support option not easily accessible from the software.\n","ACR-160":"The app vendor needs to use \"Certified\" call center.\n","ACR-099":"The app needs to provide uninstall information explicitly in the software.\n","ACR-035":"The app needs to disclose app's name in all the docs.\n","ACR-171":"The additional offer is offered to the consumer as \"Opt-In\" by default instead of \"Opt-Out\".\n","ACR-003":"The app needs to cleanup the word \"errors\" and it needs to replace the screen shots provided in the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"pc-repair-kit-setup (10).exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit PCRepairKit                                        ","productVersion":"1.8.3.15                                          ","fileVersion":"1.x                 ","hashMD5":"11495329510e0196d4a89edfeb0ac4c2","hashSHA1":"f9be259d6a876f9d3600fff152a112648a22dbd4","hashSHA256":"f0c4311c4e4f9ceabf8d2a4b1bff2880ce916fad0ac2fb779c37f814719e53d0","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"3556","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pc-repair-kit-setup.exe","isInstaller":"True","companyName":"TweakBit","productName":"PCRepairKit","productVersion":"1.8.3.18","fileVersion":"1.8","hashMD5":"8d3d86e0fc340893ff73f246eff0c9b0","hashSHA1":"7265589c9b71f59be3c5b2ba9a50d4726cf92adf","hashSHA256":"cfd5c2082edaf1191a572ee35bd8d025fa9db6352f4c2fe187213b22ab9a7cf1","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU, SERIALNUMBER=624 255 956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"3556","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"https://wikifixes.com/","directDownloadingLink":"http://dynamicdownloads.tweakbit.com/prk/speed/pc-repair-kit-setup","landingPageWildChar":"","directDownloadingLinkWildChar":"http://dynamicdownloads.tweakbit.com/prk/speed/pc-repair-kit-setup","sourceIndex":"3556"}],"sampleFiles":["180607/pcrepairkit-180410/1.8.3.15/Samples/pc-repair-kit-setup (10).exe","180607/pcrepairkit-180410/1.8.3.15/Samples/pc-repair-kit-setup.exe"],"imageFiles":["180607/pcrepairkit-180410/1.8.3.15/Images/ACR-084/ACR-084_Software_SilenceInstallation.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-003/ACR-003_Software_AppExaggerates.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-003/PCRepairKit_Latest.PNG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-003/PCRepairKit_Latest2.PNG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-059/ACR-059_InternalOffers_AdditionalOffersNotClear.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-003/ACR-003_InternalOffers_AppExaggerates2.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-003/ACR-003_InternalOffers_AppExaggerates3.png","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogo.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogos.JPG"],"nonDeceptorImageFiles":["180607/pcrepairkit-180410/1.8.3.15/Images/ACR-038/ACR-038_Install_NoOriginalFileName.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-160/ACR-160_Software_CallCenter.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-065/ACR-065_Software_NoLinkToPrivacyPolicyInSoftware.png","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-099/ACR-099_Software_NoUninstallInfo.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-163/ACR-163_Software_NonInteractiveOptionNotAccessibleForSupport.png","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-035/ACR-035_Docs_NoAppNameInEULA.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-065/ACR-065_Software_NoLinkToEULAInLandingPage.png","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-003/ACR-003_LandingPage_AppExaggerates.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-003/ACR-003_LandingPage_AppExaggerates1.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-003/ACR-003_LandingPage_AppExaggerates2.JPG","180607/pcrepairkit-180410/1.8.3.15/Images/ACR-171/ACR-171_InternalOffers_DefaultOptIn.JPG"],"guid":"3cb62e79-58fe-4c92-9621-9ca8533267ec_1.8.3.15_1","appID":"pcrepairkit-180410","dateAdded":"180607","deceptorType":"App","name":"PCRepair Kit","company":"TweakBit","version":"1.8.3.15","sigName":"Deceptor:Win32/PCRepairKit!084003059017","firstVendorContactDate":"180906","firstAppEsteemReplyDate":"180906","firstResolvedDate":"181002","firstResolvedVersion":"1.8.3.40","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.3.15;1.8.3.18;1.8.3.21","lastKnownDate":"180607","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,cross-sell other apps,call center","lastUpdate":"2018-10-02T22:37:27.738061+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2475},{"violations":{"ACR-017":"The internal offers page elevates its consumer trust level by displaying unverifiable endorsements.\n","ACR-084":"The silence installation option exist in the app. The usage of this silence installation need to be disclosed if this is necessary for app. \"\"pc-booster-setup (9).exe\" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART \".\n"},"nonDeceptorViolations":{"ACR-161":"The quotes and testimonials needs to be verifiable.\n","ACR-157":"App needs to be signed by a signing cert that was never used by any non certified app. Please get a certificate ready for this app after it passes all other ACRs. \n","ACR-099":"The landing page has “How to Uninstall” info, which is disclosed for PCSpeedUp however, the app needs to disclose uninstall info explicitly for “PCBooster”.\n","ACR-035":"The app needs to disclose App's name to the consumer in EULA . Also need to disclose the relationship between Tweatbit and Auslogic. The software is signed by Auslogic while the license agreement is set between user and Tweakbit\n","ACR-171":"The payment information in shopping cart is not clear. 1. The payment is three month term needs to be explicitly displayed next to price. 2. The renewal price  is still based on discounted price or back to original price.\n","ACR-017":"The landing page elevates its consumer trust level by displaying unverifiable endorsements.\n","ACR-168":"The additional services may be offered is missing in the landing page for phone number Ads\n"},"samples":[{"isRevoked":"False","fileName":"pc-booster-setup (9).exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit PCBooster                                          ","productVersion":"1.8.2.25                                          ","fileVersion":"1.x                 ","hashMD5":"004192a4ca26a70b3c4940d450f80044","hashSHA1":"18dce8967b7d44d82653b03e8d4169747b7e26af","hashSHA256":"657884c4232de3fdb62b700a35a6fe2dd8e8af2bd9f6ee4b3642b38700cdabfd","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"3573","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"https://tweakbit.com/pc-booster","directDownloadingLink":"http://downloads.tweakbit.com/en/pc-booster/pc-booster-setup.exe","landingPageWildChar":"","directDownloadingLinkWildChar":"","sourceIndex":"3573"}],"sampleFiles":["180607/pcbooster-180417/1.8.2.25/Samples/pc-booster-setup (9).exe"],"imageFiles":["180607/pcbooster-180417/1.8.2.25/Images/ACR-084/ACR-084_Software_Silent_Installation.JPG","180607/pcbooster-180417/1.8.2.25/Images/ACR-017/ACR-017_Internalofffers_Logo_Unverifiable.JPG","180607/pcbooster-180417/1.8.2.25/Images/ACR-017/ACR-017_Internaloffers_Logo's_Unverifiable1.JPG"],"nonDeceptorImageFiles":["180607/pcbooster-180417/1.8.2.25/Images/ACR-099/ACR-099_LandingPage_Uninstall_Info_Is_Missing.jpg","180607/pcbooster-180417/1.8.2.25/Images/ACR-168/CallCenterSupport.PNG","180607/pcbooster-180417/1.8.2.25/Images/ACR-017/ACR-017_Landingpage_Logo's_Unverifiable.JPG","180607/pcbooster-180417/1.8.2.25/Images/ACR-161/ACR-161_Landingpage_Testimonials_Unverifiable.JPG","180607/pcbooster-180417/1.8.2.25/Images/ACR-171/ShoppingCart.PNG"],"guid":"ddde667c-a6f1-46df-ab68-b6fe500171ef_1.8.2.25_1","appID":"pcbooster-180417","dateAdded":"180607","deceptorType":"App","name":"PCBooster","company":"TweakBit","version":"1.8.2.25","sigName":"Deceptor:Win32/TweakBitPCBooster!017084","firstVendorContactDate":"180614","firstAppEsteemReplyDate":"180614","firstResolvedDate":"180716","firstResolvedVersion":"1.8.2.31","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.2.25, 1.8.2.28","lastKnownDate":"180618","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,call center","lastUpdate":"2018-07-16T13:41:09.0394223+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2476},{"violations":{"ACR-003":"The app needs to tone down (color gradient) and clean up the exaggerated words \"errors\" or \"problems\" in the software.\n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsements.\n","ACR-085":"More information needed for \"Send anonymous info to help improve our service\" \n","ACR-057":"The app fails to provide the consumer with clear and simple options to accept or decline associated offers. If this offer is not forever free, it should not be included by default, let user to opt-in.\n"},"nonDeceptorViolations":{"ACR-045":"More information needs to be disclosed for \"Send anonymous info to help improve our service\" during installation\n","ACR-065":"The app needs to explicitly disclose privacy policy to the consumer in the software.\n","ACR-160":"The app vendor needs to use certified call center for certified app or self certify own call center by following call center requirement. https://customer.appesteem.com/Home/CallCenters\n","ACR-099":"The app needs to disclose uninstall info in the software.\n","ACR-035":"The app needs to disclose App's name to the consumer in all the docs. \n","ACR-171":" The additional offer is presented to the consumer as \"Opt-In\" by default instead of \"Opt-Out\". The payment term need to be explicitly displayed next to price. The renewal price is not clear it will be same as current discounted price or back to original price. \n","ACR-003":"The app needs to clean up the exaggerated words \"errors\" and \" problems\" in the landing page. \n","ACR-017":"The app elevates its consumer trust level by displaying unverifiable endorsements.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\TweakBit\\Driver Updater\\DriverUpdater.exe","companyName":"TweakBit","productName":"Driver Updater","productVersion":"2.x","fileVersion":"2.0.0.5","hashMD5":"6ba2dedc0dc117e3cfe633cdfeb68dd1","hashSHA1":"496dc3f91d5549aa3f7cb1fd4298dbd6b600a14f","hashSHA256":"18d98abd166eef80c5aa6e6013f66d5aff5897b5f383d96868fbe9c52c911e7a","digitalCertThumbprint":"0779654A4BB176E3864104E3D2F8FA96359C6877","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"3572","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driver-updater-setup (2).exe","isInstaller":"True","companyName":"TweakBit","productName":"Driver Updater","productVersion":"2.x","fileVersion":"2.0.0.5","hashMD5":"b00fb02e171a605577e2fbb4d00efbb0","hashSHA1":"1e2769ce591715c71ab898e588af78407a698cd7","hashSHA256":"1e0abe8b34e117cbc792df19210a4195feb72bc9cf969b4f4f50d754d33ac55b","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Tweakbit Pty Ltd","sourceIndex":"3572","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverUpdater.exe","companyName":"TweakBit","fileVersion":"2.0","hashMD5":"3df25ac8bb8738edbc91ccaeafcd4e27","hashSHA1":"add272448e16d9d21877ea9ca230113ead254e68","hashSHA256":"c83307ebb8687b1661074c94b8dc66683bf188ac5017ed659bad05eff874bc46","digitalCertThumbprint":"0779654A4BB176E3864104E3D2F8FA96359C6877","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU","sourceIndex":"3572","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driver-updater-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","fileVersion":"2.0","hashMD5":"8862b6724b86eb87482e922dacc02f9c","hashSHA1":"aa21d62b98ecc6e83ea4d93b1e7ad49c0ada9854","hashSHA256":"2b05aecfdb466af6e52c489bb40adc947d64fbc126fee3144b414b5eddec840c","digitalCertThumbprint":"62FDA664AB04143AE5D9CC2AD7C49FCBCF0DC8EF","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Tweakbit Pty Ltd, O=Tweakbit Pty Ltd, L=Sydney, S=New South Wales, C=AU, SERIALNUMBER=624 255 956, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"3572","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"AppUpdateReview.Certification","landingPage":"https://tweakbit.com/land/driver-updater/sydney","directDownloadingLink":"http://dynamicdownloads.tweakbit.com/driver/cnet/driver-updater-setup","landingPageWildChar":"","directDownloadingLinkWildChar":"http://dynamicdownloads.tweakbit.com/driver/cnet/driver-updater-setup","sourceIndex":"3572"}],"sampleFiles":["180607/driverupdater-180420/2.0.0.5/Samples/driver-updater-setup (2).exe","180607/driverupdater-180420/2.0.0.5/Samples/DriverUpdater.exe","180607/driverupdater-180420/2.0.0.5/Samples/driver-updater-setup.exe"],"imageFiles":["180607/driverupdater-180420/2.0.0.5/Images/ACR-085/DriverUpdaterSetting.PNG","180607/driverupdater-180420/2.0.0.5/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-003/ACR-003_Software_Exaggeration2.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-003/ACR-003_Software_Exaggeration3.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-003/ACR-003_Software_Exaggeration4.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-003/DriverUpdater_updateto2006_ScannerResult.PNG","180607/driverupdater-180420/2.0.0.5/Images/ACR-057/ACR-057_InternalOffers_No_Decline_Option.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-017/ACR-017_InternalOffers_Misleading_Logo2.JPG"],"nonDeceptorImageFiles":["180607/driverupdater-180420/2.0.0.5/Images/ACR-045/DriverUpdaterInstall.PNG","180607/driverupdater-180420/2.0.0.5/Images/ACR-160/ACR-160_Software_CallCenter_Not_Verified.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-065/ACR-065_Software_No_PrivacyPolicy.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-035/ACR-035_Docs_AppName_Missing.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-003/ACR-003_LandingPage_Exaggeration.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-003/ACR-003_LandingPage_Exaggeration2.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-003/ACR-003_LandingPage_Exaggeration3.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-017/ACR-017_LandingPage_Misleading_Logo.JPG","180607/driverupdater-180420/2.0.0.5/Images/ACR-171/ACR-171_InternalOffers_Default_Opt-in.JPG"],"guid":"c2e4435f-970b-4a2b-be98-af060fd8ce52_2.0.0.5_1","appID":"driverupdater-180420","dateAdded":"180607","deceptorType":"App","name":"DriverUpdater","company":"TweakBit","version":"2.0.0.5","sigName":"Deceptor:Win32/TweakBitDriverUpdater!003017057","firstVendorContactDate":"180717","firstAppEsteemReplyDate":"180719","firstResolvedDate":"180724","firstResolvedVersion":"2.0.0.33","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.0.5; 2.0.0.6;2.0.0.10,2.0.0.12,2.0.0.32","lastKnownDate":"180706","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,cross-sell other apps,call center","lastUpdate":"2018-07-24T19:21:21.0625398+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2477},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":" App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC CARE TOOLS\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","productName":"PC-Cleanup-2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"f2fc8df70668533eb132e3c057a5ee25","hashSHA1":"35cb9c85fa4c1aec0e91ccecc167af190660a9d9","hashSHA256":"1e10f02dac41d3cb33ea970636c8b9717c1f830d6c61e0e8ebbad37def425ccc","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"463","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://mysystemrepair.com/","directDownloadingLink":"https://dt9tkbzxseyee.cloudfront.net/pcclener/securerc/c2/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dt9tkbzxseyee.cloudfront.net/pcclener/securerc/c2/setup.exe","sourceIndex":"463"}],"sampleFiles":["180606/PC-Cleanup-2018-180606/1.0.0.0/Samples/setup.exe"],"imageFiles":["180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-055/ACR_055_INLINE_OFFERS.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-010/ACR_010_INLINE_OFFERS.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-059/ACR_059_INLINE_OFFERS.PNG"],"nonDeceptorImageFiles":["180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180606/PC-Cleanup-2018-180606/1.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"ca6ca561-e679-438e-88e0-cfcf8003e5dd_1.0.0.0_1","appID":"PC-Cleanup-2018-180606","dateAdded":"180606","deceptorType":"App","name":"PC-Cleanup-2018","company":"PC CARE TOOLS","version":"1.0.0.0","sigName":"Deceptor:Win32/PCCleanup2018!003010055059","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows Vista,Windows XP,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T20:44:28.7709306+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2070},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Syscare Logics LLP\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"bppsetup (1).exe","isInstaller":"True","companyName":"n/a","productName":"Boost PC-Pro 2018","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"08ac08b4f84f84289a9e81f0d26f56e1","hashSHA1":"862127ad48d5d880c90f1b1fb3860cac5e49557c","hashSHA256":"e927dd0ed9fb5ed294e50641727eead511de01e9fd9b627e88fe16de0312b07d","digitalCertThumbprint":"61E8DCF8FE3D419F0072A615CBD630034F690885","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics LLP, O=Syscare Logics LLP, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"462","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.submission ","reference":"99","landingPage":"http://pccleanuputils.com/","directDownloadingLink":"https://d2qcrwnf76g8hd.cloudfront.net/bpp/securerc/b2/bppsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2qcrwnf76g8hd.cloudfront.net/bpp/securerc/b2/bppsetup.exe","sourceIndex":"462"}],"sampleFiles":["180606/BooSTpcPro2018-180606/1.0.0.1/Samples/bppsetup (1).exe"],"imageFiles":["180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-055/inline_offer.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-003/acr_003.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-003/acr_003_1.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-010/inline_offer.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-010/acr_010.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-059/inline_offer.PNG"],"nonDeceptorImageFiles":["180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-065/acr_065_io.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-161/testimonials.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-088/acr_088.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-092/acr_092.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-099/acr_099_lp.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-099/acr_099_IO.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-150/acr_150.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-171/acr_171_1.PNG","180606/BooSTpcPro2018-180606/1.0.0.1/Images/ACR-171/internal_offer_page.PNG"],"guid":"6d0f6de4-dd1c-407b-bc75-0af8c1f85bb7_1.0.0.1_1","appID":"BooSTpcPro2018-180606","dateAdded":"180606","deceptorType":"App","name":"BoostPCPro2018","company":"Syscare Logics LLP","version":"1.0.0.1","sigName":"Deceptor:Win32/BoostPCPro!003010055059","lastKnownStatus":"Deceptor:1.0.0.1","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T21:05:42.4742666+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2071},{"violations":{"ACR-003":"The application exaggerates registry keys as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Unchecked the \"Install Driver Updater\" is not straightforward option for decline\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified. \n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"CONNECT AB INFOLINE PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"acpsetup (1).exe","isInstaller":"True","companyName":"n/a","productName":"Auto-Cleaner-Pro-2018","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"f2b3489ce26a5418561914a6d813a83b","hashSHA1":"92d22c5f1c62b3f3f123bea7654c850a35f3d6f6","hashSHA256":"f7e3a6257532dca857b27d70026c4087949940a2bd7d03298f6d5cef1269dbc8","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"461","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.submission ","reference":"","landingPage":"http://winpcspeedup.com/","directDownloadingLink":"https://d3rki8ksapxem4.cloudfront.net/acp/securerc/p6/acpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3rki8ksapxem4.cloudfront.net/acp/securerc/p6/acpsetup.exe","sourceIndex":"461"}],"sampleFiles":["180606/AUtoCleAnPro2018-180604/3.6.0.0/Samples/acpsetup (1).exe"],"imageFiles":["180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-055/inline_offer.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-003/acr_003.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-003/acr_003_1.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-010/inline_offer.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-010/acr-010.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-059/inline_offer.PNG"],"nonDeceptorImageFiles":["180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-065/acr_065_IO.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-161/testimonials.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-088/acr_088.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-092/acr_092.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-099/acr_099_LP.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-099/acr_099_IO.PNG","180606/AUtoCleAnPro2018-180604/3.6.0.0/Images/ACR-171/acr_171.PNG"],"guid":"5e4817cf-7705-4cc7-bd44-d23a99cb6b15_3.6.0.0_1","appID":"AUtoCleAnPro2018-180604","dateAdded":"180606","deceptorType":"App","name":"AutoCleanPro","company":"CONNECT AB INFOLINE PRIVATE LIMITED","version":"3.6.0.0","sigName":"Deceptor:AutoCleanPro!003010055059","lastKnownStatus":"Deceptor:3.6.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T21:09:20.9352138+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2072},{"violations":{"ACR-003":"The application exaggerates registry keys as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Unchecked the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"he application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Fixer Tool Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"acpsetup.exe","isInstaller":"True","companyName":"n/a","productName":"Auto CleanupPro 2018","productVersion":"1.0.1.0","fileVersion":"1.0.1.0","hashMD5":"b5034be1b7dc2e339a0db31dd0f47c24","hashSHA1":"9e8c84f0b753355d7f05d8bcf03a36237e0b5e28","hashSHA256":"d0c4f06b57d3ade14708f5d1c4b6f99427f0a2e1e86466237f7881c5b7e4ab55","digitalCertThumbprint":"3BAE8CCC4633D1B28A30A8836DA405107C57006A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-FlXER-TOOLS, O=PC-FlXER-TOOLS, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"458","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.submission ","reference":"","landingPage":"http://www.mypcboost.com/","directDownloadingLink":"https://d3q4pi8j669hdn.cloudfront.net/acp/securerc/n2/acpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3q4pi8j669hdn.cloudfront.net/acp/securerc/n2/acpsetup.exe","sourceIndex":"458"}],"sampleFiles":["180605/AUTOCLEANPRO2018-180604/1.0.1.0/Samples/acpsetup.exe"],"imageFiles":["180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-055/inline_offer.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-003/acr_003.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-003/acr_003_1.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-010/inline_offer.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-010/acr-010.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-059/inline_offer.PNG"],"nonDeceptorImageFiles":["180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-065/acr_065_IO.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-161/testimonials.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-088/acr_088.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-092/acr_092.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-099/acr_099_LP.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-099/acr_099_IO.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-150/acr_150.PNG","180605/AUTOCLEANPRO2018-180604/1.0.1.0/Images/ACR-171/acr_171.PNG"],"guid":"867bf69f-8ee4-45a5-9c0b-8ee8086e7056_1.0.1.0_1","appID":"AUTOCLEANPRO2018-180604","dateAdded":"180605","deceptorType":"App","name":"AutoCleanupPro2018","company":"PC-FlXER-TOOLS","version":"1.0.1.0","sigName":"Deceptor:Win32/AutoCleanupPro2018!003010055059","lastKnownStatus":"Deceptor:1.0.1.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T21:59:55.149502+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2073},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user\nThe app offers a Deceptor application (Driver Updater) to the user\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"AB REACH TECHNOLOGIES PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"acpsetup.exe","isInstaller":"True","productName":"Auto~Clean~Pro2018","productVersion":"3.5.0.0","fileVersion":"3.5.0.0","hashMD5":"b80ab751aca9cb2fe5f979f4252e380e","hashSHA1":"adc3cf3f08d6180b0af5f88fd2b171ab4206bea2","hashSHA256":"c7453786e84e45ea2338219e72fcc4b3aefa8a95280e7362197b089643a3845d","digitalCertThumbprint":"39C8E18FEB4B94B4E63A8775850BB585D2E5C7BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB REACH TECHNOLOGIES PRIVATE LIMITED, O=AB REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"3610","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"99","landingPage":"http://epcsupdates.com/","directDownloadingLink":"https://d3pmtmszdltnp3.cloudfront.net/acp/securerc/c10/acpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3pmtmszdltnp3.cloudfront.net/acp/securerc/c10/acpsetup.exe","sourceIndex":"3610"}],"sampleFiles":["180605/AutoClean-Pro2018-180605/3.5.0.0/Samples/acpsetup.exe"],"imageFiles":["180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-003/ACR-003_software.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-003/ACR-003_software1.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-003/ACR-003_software2.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-088/ACR-088_software.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-092/ACR-092_software.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180605/AutoClean-Pro2018-180605/3.5.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"0877a500-25d7-461f-8fe9-6d8ee2780e8a_3.5.0.0_1","appID":"AutoClean-Pro2018-180605","dateAdded":"180605","deceptorType":"App","name":"AutoClean-Pro2018","company":"AB REACH TECHNOLOGIES PRIVATE LIMITED","version":"3.5.0.0","sigName":"Deceptor:Win32/AutoCleanPro2018!003010055059","lastKnownStatus":"Deceptor:3.5.0.0","lastKnownDate":"180605","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-24T03:54:08.5053432+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2074},{"violations":{"ACR-003":"The application exaggerates registry keys as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"GLOBALSOFT LOGICS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"aufpsetup.exe","isInstaller":"True","companyName":"n/a","productName":"AutoFixer Pro 2018","productVersion":"3.5.0.0","fileVersion":"3.5.0.0","hashMD5":"a7bbad0602ecfd73da902c7c7243b3bf","hashSHA1":"6844112cf161ffd8b69c7eb7408330d558b66afd","hashSHA256":"7f6b60d3aafde8333a6bed56a8f829bcec1df41326475fc175c975881322a3dc","digitalCertThumbprint":"4AF99DF2499113E82284865E745BEB3A1911CF9B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GLOBALSOFT LOGICS, O=GLOBALSOFT LOGICS, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3608","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.community","reference":"New version with different signing cert.","landingPage":"http://www.quickpcspeed.com/","directDownloadingLink":"https://d9vl5hd6lxqxu.cloudfront.net/autfixrpro/securerc/aufpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d9vl5hd6lxqxu.cloudfront.net/autfixrpro/securerc/aufpsetup.exe","sourceIndex":"3608"}],"sampleFiles":["180602/AuutoFixerPro2018-180601/3.5.0.0/Samples/aufpsetup.exe"],"imageFiles":["180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-055/internal_offer.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-003/acr_003.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-003/acr-003_1.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-010/internal_offer.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-010/acr_010_adsinapp.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-059/internal_offer.PNG"],"nonDeceptorImageFiles":["180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-065/acr_065_IO.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-161/testimonials.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-088/acr_088.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-092/signing_certi.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-099/acr_099_LP.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-099/Acr_099_IO.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-150/acr_150.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-171/acr_171.PNG","180602/AuutoFixerPro2018-180601/3.5.0.0/Images/ACR-171/acr_171_1.PNG"],"guid":"734d214d-8cd6-4c6b-99e3-e1d94f2ad615_3.5.0.0_1","appID":"AuutoFixerPro2018-180601","dateAdded":"180602","deceptorType":"App","name":"AutoFixer Pro2018","company":"AutoFixer Pro 2018","version":"3.5.0.0","sigName":"Deceptor:Win32/AutoFixerPro2018!055059010003","lastKnownStatus":"Deceptor:3.5.0.0","lastKnownDate":"180602","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T02:17:14.5647321+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2075},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"AB REACH TECHNOLOGIES PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"acpsetup.exe","isInstaller":"True","productName":"Auto Clean~Pro2018","productVersion":"2.5.0.0","fileVersion":"2.5.0.0","hashMD5":"66ed0c678362e6aa89b7aa6be6b8f3b5","hashSHA1":"9a5b85d1f49ea24fbf73d9bc28731fd6f29fe9c5","hashSHA256":"ac8f41716a4ee5fc7e6ae410aacb3cd95f77ffc49f5dbe8317309cc24b2fc8aa","digitalCertThumbprint":"39C8E18FEB4B94B4E63A8775850BB585D2E5C7BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB REACH TECHNOLOGIES PRIVATE LIMITED, O=AB REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"460","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"Newer version with different signing cert","landingPage":"http://1clickpccare.com/","directDownloadingLink":"https://d3blbsdxq8ops5.cloudfront.net/acp/securerc/c8/acpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3blbsdxq8ops5.cloudfront.net/acp/securerc/c8/acpsetup.exe","sourceIndex":"460"}],"sampleFiles":["180602/AutocleanPro2018-180601/2.5.0.0/Samples/acpsetup.exe"],"imageFiles":["180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-055/ACR-055_inline.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-003/ACR-003_software.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-003/ACR-003_software1.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-003/ACR-003_software2.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-010/ACR-010_inline.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-059/ACR-059_inline.JPG"],"nonDeceptorImageFiles":["180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-088/ACR-088_software.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-092/ACR-092_software.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180602/AutocleanPro2018-180601/2.5.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"c8efad85-c4c2-4a2e-9890-922f83571137_2.5.0.0_1","appID":"AutocleanPro2018-180601","dateAdded":"180602","deceptorType":"App","name":"AutoCleanPro2018","company":"AB REACH TECHNOLOGIES PRIVATE LIMITED","version":"2.5.0.0","sigName":"Deceptor:Win32/AutoCleanPro2018!003010055059","lastKnownStatus":"Deceptor:2.5.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T21:11:09.41942+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2076},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"AB REACH TECHNOLOGIES PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"syssetup.exe","isInstaller":"True","productName":"PCFixer-Pro-2018","productVersion":"2.1.0.0","fileVersion":"2.1.0.0","hashMD5":"5df177817ee27fea0d3d1ec44fc1534c","hashSHA1":"7c862532b5a15621a314703730f98bf11b8c0e9e","hashSHA256":"22f5c9ee7ae864284b112a3941205cb1b82d0b43854c36f70f4533a608bf9d82","digitalCertThumbprint":"39C8E18FEB4B94B4E63A8775850BB585D2E5C7BC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AB REACH TECHNOLOGIES PRIVATE LIMITED, O=AB REACH TECHNOLOGIES PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"455","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.submission","reference":"New version with different signing cert.","landingPage":"http://winpcupdates.com/","directDownloadingLink":"https://d3lsk6rzmw1qjo.cloudfront.net/pcfixrp/securerc/c4/syssetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3lsk6rzmw1qjo.cloudfront.net/pcfixrp/securerc/c4/syssetup.exe","sourceIndex":"455"}],"sampleFiles":["180601/PCFixerPro2018-180601/2.1.0.0/Samples/syssetup.exe"],"imageFiles":["180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-003/ACR-003_software.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-003/ACR-003_software1.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-003/ACR-003_software2.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-088/ACR-088_software.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-092/ACR-092_software.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180601/PCFixerPro2018-180601/2.1.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"271f2aa4-3959-4564-b01f-62a64c4e66b1_2.1.0.0_1","appID":"PCFixerPro2018-180601","dateAdded":"180601","deceptorType":"App","name":"PCFixer-Pro-2018","company":"AB REACH TECHNOLOGIES PRIVATE LIMITED","version":"2.1.0.0","sigName":"Deceptor:Win32/PCFixerPro2018!055059003010","lastKnownStatus":"Deceptor:2.1.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T22:18:00.816046+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2077},{"violations":{"ACR-042":"Bundled offer \"SearchWeb\" chrome extension starts to install before user accept it. \n","ACR-071":"The user is unable to decline the offer for Search Web  independently. In order to install Web genie we have to install search web first.\n","ACR-030":"Inline interstitial offer from landing page can only be closed by using the close button. User should be able to navigate away from interstitial by simple action, like clicking outside, close button, using back button, the address bar.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Search-Web_v1.1.18.427.crx","companyName":"Tightrope Interactive, Inc","productName":"","fileVersion":"0.","hashMD5":"","hashSHA1":"","hashSHA256":"e80508210bef4c8c1132d7901fcfab7bca2bceb49183791d943728766c044cc9","storeId":"https://chrome.google.com/webstore/detail/search-web/cibggofdagodpmpocckiklikfleaogpb","sourceIndex":"3619","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Browsing","reference":"banner ad","landingPage":"http://getwebgenie.com/info/getwebgenie/?source=google-search&campaign=search&c=Protect_Your_Privacy&hc=Protect+Your+Privacy&gclid=EAIaIQobChMIw_6-ndeo2wIVGDZ_Ch3j4AN8EAEYASAAEgJAu_D_BwE","directDownloadingLink":"https://chrome.google.com/webstore/detail/search-web/necjppigmekeaoddceoebjmfmchelnpj","ipv4":"","ipv6":"","sourceIndex":"3619"},{"howFound":"Hunt.Browsing","reference":"AdShield","landingPage":"http://adshield.me/info/adshield_web-with-no-distractions-2steps/?aid=2optflow&source=google-search&c=1083730458&utm_medium=ussrchall&gclid=Cj0KCQjwgMnYBRDRARIsANC2dfmdtuMbis7SruvXSf532aKPzy1934IzMKrGkB_zPtFX15n_A2YmEv4aAmdPEALw_wcB","directDownloadingLink":"https://chrome.google.com/webstore/detail/search-web/cibggofdagodpmpocckiklikfleaogpb","ipv4":"","ipv6":"","sourceIndex":"3620"},{"howFound":"Hunt.Browsing","reference":"installmall.com","landingPage":"http://installmall.com/vlcplayer/win","directDownloadingLink":"https://chrome.google.com/webstore/detail/search-web/iifdnigkhgngfkmapfmbjhihmfkeknmk","ipv4":"","ipv6":"","sourceIndex":"3621"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"3622"}],"sampleFiles":["180601/WebGenie-180528/1.1.18.427/Samples/Search-Web_v1.1.18.427.crx"],"imageFiles":["180601/WebGenie-180528/1.1.18.427/Images/ACR-042/Install_Step4.PNG","180601/WebGenie-180528/1.1.18.427/Images/ACR-042/ACR-155 bait with installmall switch with searchweb.gif","180601/WebGenie-180528/1.1.18.427/Images/ACR-042/ACR-155 bait with adhield switch with searchweb.gif","180601/WebGenie-180528/1.1.18.427/Images/ACR-071/acr_071.PNG","180601/WebGenie-180528/1.1.18.427/Images/ACR-030/W10-2018-05-30T15-18-01-787884400Z.mp4"],"nonDeceptorImageFiles":["180601/WebGenie-180528/1.1.18.427/Images/ACR-155/Install_Step1.PNG","180601/WebGenie-180528/1.1.18.427/Images/ACR-155/Install_Step2.PNG","180601/WebGenie-180528/1.1.18.427/Images/ACR-155/Install_Step3.PNG","180601/WebGenie-180528/1.1.18.427/Images/ACR-155/Install_Step4.PNG","180601/WebGenie-180528/1.1.18.427/Images/ACR-155/Install_Step5.PNG","180601/WebGenie-180528/1.1.18.427/Images/ACR-155/ACR-155 bait with installmall switch with searchweb.gif","180601/WebGenie-180528/1.1.18.427/Images/ACR-155/ACR-155 bait with adhield switch with searchweb.gif"],"guid":"d11dd9b6-cd03-409e-b1be-1bc31f6000a9_1.1.18.427_1","appID":"WebGenie-180528","dateAdded":"180601","deceptorType":"Chrome Extension","name":"TightRope SearchWeb Bundler","company":"Tightrope Interactive","version":"1.1.18.427","sigName":"Deceptor:CRX/TightRopeSearchWebBundler!042071155030","firstVendorContactDate":"180604","firstAppEsteemReplyDate":"180604","firstResolvedDate":"180607","firstResolvedVersion":"vendor confirms \"Search Web\" taken down and will not re-violate","resolved":"TRUE","lastKnownStatus":"Deceptor:1.1.18.427","lastKnownDate":"180601","type":"Chrome Extension","category":"Personalization & Search","targetOS":"","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"search","lastUpdate":"2018-06-07T17:14:42.6476347+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2478},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Speedup Tool Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"acpsetup.exe","isInstaller":"True","productName":"AutoCleaner Pro 2018","productVersion":"2.3.0.0","fileVersion":"2.3.0.0","hashMD5":"555724799b259530ba087798de1c331e","hashSHA1":"1b0dcb187a09437af982115b67ba569410a9a7d1","hashSHA256":"03c72cc557c3645aadad93c1c0ed3b51f120adc1dcee30cb5b64fd8905168ccb","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"459","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"Newer version with different signing cert","landingPage":"http://quickpcupdates.com/","directDownloadingLink":"https://d1fcfsr1rkpyca.cloudfront.net/acp/securerc/b2/acpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1fcfsr1rkpyca.cloudfront.net/acp/securerc/b2/acpsetup.exe","sourceIndex":"459"}],"sampleFiles":["180531/AutoCleanPro2018-180316/2.3.0.0/Samples/acpsetup.exe"],"imageFiles":["180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-003/ACR-003_software.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-003/ACR-003_software1.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-003/ACR-003_software2.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-088/ACR-088_software.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-092/ACR-092_software.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180531/AutoCleanPro2018-180316/2.3.0.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"37fd28b4-1bec-4d1e-bf23-8a9e22e6ddc1_2.3.0.0_1","appID":"AutoCleanPro2018-180316","dateAdded":"180531","deceptorType":"App","name":"AutoCleanPro2018","company":"PC Speedup Tool Inc","version":"2.3.0.0","sigName":"Deceptor:Win32/AutoCleanPro2018!055003010059","lastKnownStatus":"Deceptor:2.3.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T21:11:58.9420758+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":2,"sortOrder":2078},{"violations":{"ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent or knowledge.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"PAVSetup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"0.0","hashMD5":"ca3ef4ac74aee514995bfb92d690d531","hashSHA1":"2af8c88af02c3d0a356ac022cb599a7b09246a67","hashSHA256":"e64633af9826ed25e40d895b95d884ce53df2b60651f914933d7c7bf6d24e52f","digitalCertThumbprint":"34F3695F6425EF397E3B9B9DC08FFEC2F56393AE","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Unistal Systems Pvt. Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Unistal Systems Pvt. Ltd., L=New Delhi, S=Delhi, C=IN","sourceIndex":"3624","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ProtegentAV.exe","isInstaller":"True","companyName":"Unistal Systems Pvt. Ltd.                                   ","productName":"Protegent Antivirus","productVersion":"10.1.0.7","fileVersion":"0.0","hashMD5":"f7d593157e099a2c60f38441cff4cf75","hashSHA1":"dbbfaee0a324cd62e108f2d8ab6ca2c1d9763e08","hashSHA256":"00b6ec49acaa9e7d7d4f58adbd03ce71f98d801d5abab513c3d1a099942595e5","digitalCertThumbprint":"34F3695F6425EF397E3B9B9DC08FFEC2F56393AE","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Unistal Systems Pvt. Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Unistal Systems Pvt. Ltd., L=New Delhi, S=Delhi, C=IN","sourceIndex":"3624","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pgavgui.exe","companyName":"n/a","productName":"Protegent Antivirus","productVersion":"10.1.0.7","fileVersion":"10.1.0.7","hashMD5":"0797085419b9db5dfc8ceb127241fbfd","hashSHA1":"a486a21f54f0c8c6c7196210f02e36b6709d73db","hashSHA256":"3f816c7617238767626c104563e753d6bedc8c81d14b86f525c447ec755b7a37","digitalCertThumbprint":"34F3695F6425EF397E3B9B9DC08FFEC2F56393AE","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Unistal Systems Pvt. Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Unistal Systems Pvt. Ltd., L=New Delhi, S=Delhi, C=IN","sourceIndex":"3624","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"http://www.winsite.com/Utilities/Antivirus","landingPage":"https://www.protegent360.com/protegent-anti-virus.html","directDownloadingLink":"https://www.protegent360.com/setup/PAVSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.protegent360.com/setup/PAVSetup.exe","sourceIndex":"3624"}],"sampleFiles":["180522/ProtegentAntivirus-180522/10.1.0.7/Samples/PAVSetup.exe","180522/ProtegentAntivirus-180522/10.1.0.7/Samples/ProtegentAV.exe","180522/ProtegentAntivirus-180522/10.1.0.7/Samples/pgavgui.exe"],"imageFiles":["180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-118/ACR-118_uninstall.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-118/ACR-118_uninstall1.JPG"],"nonDeceptorImageFiles":["180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-065/ACR-065_install.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-065/ACR-065_software.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-065/ACR-065_internaloffer.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-017/ACR-017_landingpage.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-161/ACR-161_landingpage.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-163/ACR-163_landingpage.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-163/ACR-163_internaloffer.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-099/ACR-099_software.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-099/ACR-099_landingpage.JPG","180522/ProtegentAntivirus-180522/10.1.0.7/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"112ff160-5d4d-42b6-be8d-0cc62fc5cb6a_10.1.0.7_1","appID":"ProtegentAntivirus-180522","dateAdded":"180531","deceptorType":"App","name":"Protegent Antivirus","company":"Unistal Systems Pvt. Ltd","version":"10.1.0.7","sigName":"Deceptor:Win32/ProtegentAntivirus!118","lastKnownStatus":"Deceptor:10.1.0.7;10.5.0.9","lastKnownDate":"180531","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-05-31T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2481},{"violations":{"ACR-043":"Additional program AV Cloud is installed without explicit disclosure what it is relationship with Protegent Antivirus\n","ACR-118":"App installs the files under hidden folder c:\\unistal. And it can't be uninstalled without administrator right.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Returns and Cancellation Policy,  or Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"app calls itsef Protogent AV cloud on install\napp calls itself Protogent AV Cloud \n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The landing page does not display a non-interactive support option as prominent as the one-to-one interaction option. A = phone number, B= installation guide, C = FAQs\nThe app prominently places hotline number for 1-on-1 support while non-interactive support options are hidden\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-017":"Includes photos of unverifiable awards on web-site\nDisplays Tie-ins as if they are endorsements by popular companies\nClaims to be a microsoft partner without evidence\n","ACR-168":"Unable to verify call center. When trying to call the number I get a prompt that the number is bad.\n"},"samples":[{"isRevoked":"False","fileName":"PAVSetup.exe","isInstaller":"True","productVersion":"10.5.0.9","fileVersion":"10.5.0.9","hashMD5":"acd6b2ae0bc79c234dc6b8de3f3fa87a","hashSHA1":"4b6ccbb6416816ae5c596bd355205e666955f8e9","hashSHA256":"86728bd4056d40ed5534024e8b85383b02b8d7811546c7c9fc07b8595b49d725","digitalCertThumbprint":"86514A58E0C5D7FCEA6C884FF2D1AE638B0BF46B","digitalCertIssuer":"CN=Thawte Code Signing CA - G2, O=\"Thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Unistal Systems Pvt. Ltd., O=Unistal Systems Pvt. Ltd., L=New Delhi, S=Delhi, C=IN","sourceIndex":"3056","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"http://www.winsite.com/Utilities/Antivirus","landingPage":"https://www.protegent360.com/protegent-anti-virus.html","directDownloadingLink":"https://www.protegent360.com/protegent-anti-virus-download.html","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.protegent360.com/protegent-anti-virus-download.html","sourceIndex":"3056"}],"sampleFiles":["180531/ProtegentAntivirus-180522/10.5.0.9/Samples/PAVSetup.exe"],"imageFiles":["180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-043/switch.gif","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-118/ProtegentAV.PNG"],"nonDeceptorImageFiles":["180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-065/install EULA.png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-065/home.png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-065/internal offer.png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-002/switch.gif","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-002/home.png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-017/Awards.png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-017/bottom.png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-161/customer reviews.png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-163/help .png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-163/internal offer page.png","180531/ProtegentAntivirus-180522/10.5.0.9/Images/ACR-099/uninstall .png"],"guid":"112ff160-5d4d-42b6-be8d-0cc62fc5cb6a_10.5.0.9_1","appID":"ProtegentAntivirus-180522","dateAdded":"180531","deceptorType":"App","name":"Protegent Antivirus","company":"Unistal Systems Pvt. Ltd","version":"10.5.0.9","lastKnownStatus":"Deceptor:10.1.0.7;10.5.0.9","lastKnownDate":"180531","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-06-01T03:24:41.872216+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2480},{"violations":{"ACR-003":"The application raises urgency level with unsubstantiated levels of urgency (moderate, high and unavoidable), thereby misleading or scaring the user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Amazon and Comodo are endorsing the app.\n"},"nonDeceptorViolations":{"ACR-161":"The application's landing page has testimonials but have no links back to a source so they can be verified.\nThe application's internal offer has testimonials but have no links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app's landing page displays multiple trust logos or awards that are unable to be verified.\nThe app's internal offer displays multiple trust logos or awards that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"rightbackupsetup.exe","isInstaller":"True","companyName":"Systweak Software                                           ","productName":"Right Backup","productVersion":"2.1.1000.6588","fileVersion":"2.1.1000.6588","hashMD5":"e6d9b7ba5513ae4e6e03d1e9fc399ef4","hashSHA1":"4a04b2949996f387310f71d25acf03284e4b5c26","hashSHA256":"c4bd95e5790132c317ae7eb15fef6c0d9a05ea4ac2450675727b8232277e2383","digitalCertThumbprint":"1A6B21086732B8F81289D7024DF9C18942DF0BD9","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Right Backup Software Pvt. Ltd., O=Right Backup Software Pvt. Ltd., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3615","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"Inline offer (advanced file optimizer)","landingPage":"https://www.rightbackup.com/","directDownloadingLink":"http://d34m24xlh61hdw.cloudfront.net/rb/setup/rightbackupsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://d34m24xlh61hdw.cloudfront.net/rb/setup/rightbackupsetup.exe","sourceIndex":"3615"}],"sampleFiles":["180531/RightBackup-180531/2.1.1000.6588/Samples/rightbackupsetup.exe"],"imageFiles":["180531/RightBackup-180531/2.1.1000.6588/Images/ACR-003/ACR-003_software.JPG","180531/RightBackup-180531/2.1.1000.6588/Images/ACR-017/ACR-017_software.JPG"],"nonDeceptorImageFiles":["180531/RightBackup-180531/2.1.1000.6588/Images/ACR-161/ACR-161_landingpage.JPG","180531/RightBackup-180531/2.1.1000.6588/Images/ACR-161/ACR-161_landingpage1.JPG","180531/RightBackup-180531/2.1.1000.6588/Images/ACR-161/ACR-161_internaloffer.JPG","180531/RightBackup-180531/2.1.1000.6588/Images/ACR-099/ACR-099_internaloffer.JPG","180531/RightBackup-180531/2.1.1000.6588/Images/ACR-150/ACR-150_landingpage.JPG","180531/RightBackup-180531/2.1.1000.6588/Images/ACR-150/ACR-150_internaloffer.JPG"],"guid":"56d0adeb-f790-4cff-b562-b83c59b2c1f1_2.1.1000.6588_1","appID":"RightBackup-180531","dateAdded":"180531","deceptorType":"App","name":"Right Backup","company":"Systweak Software","version":"2.1.1000.6588","sigName":"Deceptor:Win32/RightBackup!003017","firstVendorContactDate":"180606","firstAppEsteemReplyDate":"180606","firstResolvedDate":"180612","firstResolvedVersion":"","resolved":"TRUE","lastKnownStatus":"Deceptor:2.1.1000.6668","lastKnownDate":"180531","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-12T18:14:04.6773651+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2479},{"violations":{"ACR-003":"The application exaggerates registry keys with improvement potential and severity as \"high\" thereby misleading or scaring user to take action \n\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager.\n"},"samples":[{"isRevoked":"False","fileName":"acpsetup.exe","isInstaller":"True","companyName":"AutoClean Pro 2018","productName":"AutoClean~Pro~2018","productVersion":"2.2.0.0","fileVersion":"2.2.0.0","hashMD5":"fd457bf852f257c930537a6ef9b673f5","hashSHA1":"5ec97376807ed9df9c79485303c8936bb19d87a6","hashSHA256":"c4c73100bffd85ef8733524700e6932e651f58e6bf3f17d9fa86575972a8143e","digitalCertThumbprint":"1FF572198A616BC3BD31162AC36564BFC7FCFBF9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools LC, O=Tuneup PC Tools LC, STREET=\"HOUSE NO. A­54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"3654","avBlockList":["360 Total Security (20250121)","Avast Premium Security (20250121)","AVG Internet Security (20250121)","Avira Internet Security (20250121)","Bitdefender Internet Security (20250121)","COMODO Antivirus (20250121)","Dr.Web Security Space (20250121)","ESET Internet Security (20250121)","FortectPremium (20250121)","G DATA INTERNET SECURITY (20250121)","K7 Total Security (20250121)","KasperskyPremium (20250121)","Malwarebytes Premium (20250121)","McAfee Total Protection (20250121)","Norton Security (20250121)","Panda Dome (20250121)","Quick Heal Internet Security (20250121)","Sophos Home Premium (20250121)","SpyHunter5 (20250121)","Total AV Antivirus Pro (20250121)","Trend Micro Internet Security (20250121)","VIPRE Advanced Security (20250121)","VirIT eXplorer PRO (20250121)","Webroot SecureAnywhere (20250121)","Windows Defender (20250121)"],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm.exe","companyName":"AutoClean Pro 2018","productName":"PC Fixing Tool","productVersion":"2.2.0.0","fileVersion":"2.2.0.0","hashMD5":"7d5e22cb62d84b02d948df7e928cff1f","hashSHA1":"aaebf5edcff90f449aba5e3a03a1b9fa5e767313","hashSHA256":"1a97db5c38f26334ba2dab5a7b34b32f703baa77e2db4d717197e5698b33bbe2","digitalCertThumbprint":"1FF572198A616BC3BD31162AC36564BFC7FCFBF9","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Tuneup PC Tools LC, O=Tuneup PC Tools LC, STREET=\"HOUSE NO. A­54,SHANTI PATH,TILAK NAGAR,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"3654","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"Deceptor submission 180316 - offered by driverdetails' driverupdate","landingPage":"http://winspeeduputils.com//","directDownloadingLink":"https://d12ecykerj9bal.cloudfront.net/acp/securerc/i2/acpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d12ecykerj9bal.cloudfront.net/acp/securerc/i2/acpsetup.exe","sourceIndex":"3654"}],"sampleFiles":["180531/AutoCleanPro2018-180316/2.2.0.0/Samples/acpsetup.exe","180531/AutoCleanPro2018-180316/2.2.0.0/Samples/mysysm.exe"],"imageFiles":["180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-010/inline_offer.PNG","180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-003/acr_003.PNG","180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-003/acr_003_1.PNG"],"nonDeceptorImageFiles":["180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-065/acr_065_IO.PNG","180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-161/testimonials.PNG","180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-099/acr_099_LP.PNG","180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-099/acr_099_IO.PNG","180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-171/acr_171_a.PNG","180531/AutoCleanPro2018-180316/2.2.0.0/Images/ACR-171/acr-171_b.PNG"],"guid":"37fd28b4-1bec-4d1e-bf23-8a9e22e6ddc1_2.2.0.0_1","appID":"AutoCleanPro2018-180316","dateAdded":"180531","deceptorType":"App","name":"AutoCleanPro2018","company":"PC Speedup Tool Inc","version":"2.2.0.0","sigName":"Deceptor:Win32/AutoCleanPro2018!003010","lastKnownStatus":"Deceptor:2.3.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T00:00:00+00:00","notDistributed":false,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":2,"sortOrder":2079},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The app exaggerates the Browser History, Cookies and Local Trace Files as being threats, thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n"},"nonDeceptorViolations":{"ACR-065":"There are no valid links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Uniwebsal SRL\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app at a 50% discount.\n\n","ACR-035":"No EULA/Terms of Service is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"IncognitoPrivateShieldSetup.exe","isInstaller":"True","companyName":"Incognito Private Shield","productName":"Incognito Private Shield","productVersion":"3.2.0","fileVersion":"3.2.0.0","hashMD5":"7ee3d71b719af922b645e8a87179b712","hashSHA1":"79b576f256e1cc48d7ebcd1fb5b28c0b28b6c516","hashSHA256":"8e3e5528929a9637dc447b6264d21d446d0d2fd412087dd3b32430f3128202cc","digitalCertThumbprint":"CCF63D2B5222E2FC584ECE9BB6204FC83D2457D4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Uniwebsal SRL, OU=IT, O=Uniwebsal SRL, STREET=\"Str. Gheorghe Lazăr, nr. 42 E, ap. 6\", L=Timisoara, S=Timis, PostalCode=300334, C=RO","sourceIndex":"3623","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IncognitoPrivateShield.exe","companyName":"Incognito Private Shield","productName":"Incognito Private Shield","productVersion":"3.2.0.0","fileVersion":"3.2.0.0","hashMD5":"d0fbcc58ec5004d386f6726d99069b1f","hashSHA1":"6ccdea459930bb92859a9af8a039bcc2f4fb907a","hashSHA256":"515cfaeab8b7d33f0ccfe0c7db1af15e67e1edc40a759449cbb1f1bca0604000","digitalCertThumbprint":"CCF63D2B5222E2FC584ECE9BB6204FC83D2457D4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Uniwebsal SRL, OU=IT, O=Uniwebsal SRL, STREET=\"Str. Gheorghe Lazăr, nr. 42 E, ap. 6\", L=Timisoara, S=Timis, PostalCode=300334, C=RO","sourceIndex":"3623","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc privacy cleaner\"","landingPage":"http://private-shield.com/index.html","directDownloadingLink":"http://private-shield.com/IncognitoPrivateShieldSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://private-shield.com/IncognitoPrivateShieldSetup.exe","sourceIndex":"3623"}],"sampleFiles":["180528/IncognitoPrivateShield-180427/3.2.0/Samples/IncognitoPrivateShieldSetup.exe","180528/IncognitoPrivateShield-180427/3.2.0/Samples/IncognitoPrivateShield.exe"],"imageFiles":["180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-050/ACR-050_software.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-003/ACR-003_software.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-003/ACR-003_software1.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-065/ACR-065_install.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-065/ACR-065_install1.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-065/ACR-065_software.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-065/ACR-065_landingpage.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-163/ACR-163_software.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-088/ACR-088_software.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-092/ACR-092_software.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-099/ACR-099_software.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-099/ACR-099_internaloffer.JPG","180528/IncognitoPrivateShield-180427/3.2.0/Images/ACR-120/ACR-120_uninstall.JPG"],"guid":"46252928-8686-4c5a-9c36-139e2a8f0738_3.2.0_1","appID":"IncognitoPrivateShield-180427","dateAdded":"180528","deceptorType":"App","name":"Incognito Private Shield","company":"INCOGNITO PRIVATE SHIELD","version":"3.2.0","sigName":"Deceptor:Win32/IncognitoPrivateShield!003050084","lastKnownStatus":"Deceptor:3.2.0","lastKnownDate":"180528","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-05-28T20:59:20.450819+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2482},{"violations":{"ACR-003":"The application exaggerates System Performance and User Software Related items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straight forward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"CONNECT AB INFOLINE PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"wbpsetup.exe","isInstaller":"True","productName":"Win~Boost~Pro~2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"799d2a9ea95af926ac1f58f4acc2800f","hashSHA1":"6a75aca7aebe73ce269bdf8897b7f39291b6ce52","hashSHA256":"7e81d5f71c0fc26799eff7f543d60e61ae87b2b356bc61d83a66c4e8d28483c3","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"453","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp.exe","companyName":"n/a","productName":"SpeedUp Tool","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"798558a128d16c326b29c26abe39f53f","hashSHA1":"b758a2e256f5ffc247834dabd4bbae1dd64dfd31","hashSHA256":"c57cc17d08c1958cd3afe2cb062e0250630b521a3e4d9e51eee68b477dec0152","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"453","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.ecosia.org (keyword: fix my pc 2018)","landingPage":"http://www.pccleanertools.com/","directDownloadingLink":"https://d87ctjw2f8qh6.cloudfront.net/wbp/securerc/b4/wbpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d87ctjw2f8qh6.cloudfront.net/wbp/securerc/b4/wbpsetup.exe","sourceIndex":"453"}],"sampleFiles":["180522/WinBoostPro2018-180521/1.0.0.0/Samples/wbpsetup.exe","180522/WinBoostPro2018-180521/1.0.0.0/Samples/bpp.exe"],"imageFiles":["180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-055/ACR_055_INLINE_OFFERS.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-010/ACR_010_INLINE_OFFERS.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-059/ACR_059_INLINE_OFFERS.PNG"],"nonDeceptorImageFiles":["180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180522/WinBoostPro2018-180521/1.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"c9cb900f-df22-4827-9aee-4327c11cd05b_1.0.0.0_1","appID":"WinBoostPro2018-180521","dateAdded":"180522","deceptorType":"App","name":"Win Boost Pro 2018","company":"Win Boost Pro 2018.","version":"1.0.0.0","sigName":"Deceptor:Win32/WInBoostPro!003010055059","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T22:37:02.2034661+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2080},{"violations":{"ACR-003":"The application raises a false sense of urgency by reporting application crashes from the system event log as errors. In addition, at end of scan, the app has an audio claiming \"system has errors\".\n\n\n","ACR-117":"App uses a scary popup with a timeout to deter consumer-driven uninstalls. Once continuing, app has yet another screen to deter uninstall.\n","ACR-124":"App shows two confirmation prompts at uninstall.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n\n","ACR-088":"The application starts a scan post installation even after checking the box to disable the scan..\n\n","ACR-160":"The application does not use a certified call center to monetize the app. In order to verify if the call center provides other services you need to be a reimage customer, \n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"Uninstall confirmation prompt substitution app is more than an ad; it's a call to action.\n"},"samples":[{"isRevoked":"False","fileName":"ReimageRepair.exe","isInstaller":"True","companyName":"Reimage","productName":"Reimage Repair","productVersion":"1.542","fileVersion":"1.542","hashMD5":"f4cd621a84574ac442da0d49806900b5","hashSHA1":"04d3a3aa9e210a4e023f0387daca28f175811330","hashSHA256":"ebb4e7cd441d74fd2e9efeb35c77254e8e7e1dddc63eaf552de5c52fbdfbfdb1","digitalCertThumbprint":"EE59E6D511C3B9530DD3393E3458D0C1DF03F23B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Reimage Limited, O=Reimage Limited, L=Dasoupoli, S=Nicosia, C=CY","sourceIndex":"3625","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Reimage.exe","companyName":"reimage","productName":"Reimage. Making PCs work like new, everyday.","productVersion":"1.8.7.2","fileVersion":"1.8.7.2","hashMD5":"f6d3197b7863b8b9f94f0cf5f4071de2","hashSHA1":"b37bc95ad395820ea49c8ca4739004caedb5c57f","hashSHA256":"bf3089382183fb4dc149f323a19f0eb19fcb67730a21510ff310ea93e3c533ee","digitalCertThumbprint":"EE59E6D511C3B9530DD3393E3458D0C1DF03F23B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Reimage Limited, O=Reimage Limited, L=Dasoupoli, S=Nicosia, C=CY","sourceIndex":"3625","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ReimageRepair - affiliate.exe","isInstaller":"True","companyName":"Reimage","fileVersion":"1.5","hashMD5":"20c7e0396de12d823e8b1660650ad999","hashSHA1":"a6d7af8ce2ae317d2fe637d0aca5fd971315cb7b","hashSHA256":"315609f7d22aa3ca237afa9b33aac5f3bc7c44a07c5a6022f06fe653794f577f","digitalCertThumbprint":"EE59E6D511C3B9530DD3393E3458D0C1DF03F23B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Reimage Limited, O=Reimage Limited, L=Dasoupoli, S=Nicosia, C=CY","sourceIndex":"3626","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submitted","reference":"Deceptor Submission 180517","landingPage":"https://www.reimageplus.com","directDownloadingLink":"https://cdnrep.reimageplus.com/rqc/direct/ReimageRepair.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://cdnrep.reimageplus.com/rqc/direct/ReimageRepair.exe","sourceIndex":"3625"},{"howFound":"Hunt.Affiliate","reference":"http://www.thewindowsclub.com/reimage-repair-review","landingPage":"http://www.reimageplus.com/land/sqi/index.php?tracking=twc&banner=direct&adgroup=direct&ads_name=direct&keyword=direct&nms=1&lpx=slm","directDownloadingLink":"http://cdnrep.reimageplus.com/rqc/ns/ReimageRepair.exe","ipv4":"","ipv6":"","sourceIndex":"3626"}],"sampleFiles":["180522/ReimageRepair-180517/1.5.4.2/Samples/ReimageRepair.exe","180522/ReimageRepair-180517/1.5.4.2/Samples/Reimage.exe","180522/ReimageRepair-180517/1.5.4.2/Samples/ReimageRepair - affiliate.exe"],"imageFiles":["180522/ReimageRepair-180517/1.5.4.2/Images/ACR-003/acr_003_Software.PNG","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-117/acr117 deterring uninstall.png","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-117/acr117 second deterring uninstall.png","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-124/acr124 confirmation two.png","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-124/acr124 confirmation one.png"],"nonDeceptorImageFiles":["180522/ReimageRepair-180517/1.5.4.2/Images/ACR-065/software.PNG","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-163/one_one_interaction_LP.PNG","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-088/acr_088.PNG","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-088/acr_088_1.PNG","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-099/software.PNG","180522/ReimageRepair-180517/1.5.4.2/Images/ACR-120/acr117 second deterring uninstall.png"],"guid":"b697a7d8-d56c-4c09-8aa0-1484bf5c741c_1.5.4.2_1","appID":"ReimageRepair-180517","dateAdded":"180522","deceptorType":"App","name":"Reimage","company":"Reimage","version":"1.5.4.2","sigName":"Deceptor:Win32/ReimageRepair!003117","firstVendorContactDate":"180518","firstAppEsteemReplyDate":"180518","firstResolvedDate":"180521","firstResolvedVersion":"1.8.7.4","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.7.2;NonCertified:1.8.7.4","lastKnownDate":"180518","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-05-22T00:10:24.0245492+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2483},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. The application does not provide a close button.\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The Privacy Policy and Terms and Conditions provided belongs to Avangate.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get a free copy of FortKnox Firewall using trialpay.\n"},"samples":[{"isRevoked":"False","fileName":"n/a","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.                                 ","productName":"FortKnox Personal Firewall","fileVersion":"","hashMD5":"24a667299a4611a3ed2c7db4593db3e6","hashSHA1":"ea42b433d837ab22bc04c953313bec710fd223a6","hashSHA256":"4a32a94d11e93dc6f4d1f7a38fff1333f5676ac8fe6b6af0cf75fcb560d3992f","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3571","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FortKnoxGUI.exe","companyName":"NETGATE Technologies s.r.o.","productName":"NETGATE FortKnox Personal Firewall","productVersion":"22, 0, 450, 0","fileVersion":"22, 0, 450, 0","hashMD5":"393033e69caf7a8759613845a4efb672","hashSHA1":"db95a4bf2de0bd9bbbffe0aacbd54273a46da5d0","hashSHA256":"bf6614b9e45ef73c89ae9d78b1303fddebf606d999950ed5c13a87f1e047674f","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3571","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"http://www.netgate.sk/","landingPage":"http://www.fortknox-firewall.com/","directDownloadingLink":"http://www.ngt.sk/download/fk-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ngt.sk/download/fk-setup.exe","sourceIndex":"3571"}],"sampleFiles":["180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Samples/fk-setup.exe","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Samples/FortKnoxGUI.exe"],"imageFiles":["180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-048/ACR_048_SOFTWARE.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-059/ACR_059_INLINE_OFFERS.PNG"],"nonDeceptorImageFiles":["180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-065/ACR_065_INSTALL.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_1.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_2.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180516/FortKnoxPersonalFirewall-180515/22.0.450.0/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"0832535e-8a36-4aa7-8149-7d748e449d73_22.0.450.0_1","appID":"FortKnoxPersonalFirewall-180515","dateAdded":"180516","deceptorType":"App","name":"FortKnox Firewall","company":"NETGATE Technologies s.r.o.","version":"22.0.450.0","sigName":"Deceptor:Win32/FortKnoxPersonalFirewall!048059","firstVendorContactDate":"180724","firstAppEsteemReplyDate":"180726","firstResolvedDate":"180726","firstResolvedVersion":"22.0.530.0","resolved":"TRUE","lastKnownStatus":"Deceptor:22.0.450.0","lastKnownDate":"180516","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-07-27T01:46:23.7172253+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2484},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. The application does not provide a close button.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"aa-setup.exe","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.                                 ","productName":"Amiti Antivirus","fileVersion":"","hashMD5":"a204400879058078adb9f10436579334","hashSHA1":"6992f8844ef5b03838f886db1061f296116199e4","hashSHA256":"70a809c897062bc1585ec792262c6cb5a23334745f586a7062cbca279cd348fa","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3582","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AmitiAntivirus.exe","companyName":"NETGATE Technologies s.r.o.","productName":"NETGATE Amiti Antivirus","productVersion":"24, 0, 930, 0","fileVersion":"24, 0, 930, 0","hashMD5":"62e5cb744b3025a5b90cfbbb337b6878","hashSHA1":"f42f5ffd3689987c8b9b761aeb08b01502e79f2f","hashSHA256":"5ee106f6f89a6ac014df41ebc439db0701c67c95039227dc34187476e74ca68f","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3582","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"Existing decepter review","landingPage":"https://www.netgate.sk/products/amiti-antivirus/","directDownloadingLink":"http://www.ngt.sk/download/aa-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ngt.sk/download/aa-setup.exe","sourceIndex":"3582"}],"sampleFiles":["180514/AmitiAntivirus-180511/24.0.930.0/Samples/aa-setup.exe","180514/AmitiAntivirus-180511/24.0.930.0/Samples/AmitiAntivirus.exe"],"imageFiles":["180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-048/ACR_048_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-065/ACR_065_INSTALL.PNG","180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180514/AmitiAntivirus-180511/24.0.930.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG"],"guid":"0ec4ba24-d7a0-4f04-aafe-c6673011dcbe_24.0.930.0_1","appID":"AmitiAntivirus-180511","dateAdded":"180514","deceptorType":"App","name":"Amiti Antivirus","company":"NETGATE Technologies s.r.o.","version":"24.0.930.0","sigName":"Deceptor:Win32/AmitiAntivirus!048","firstVendorContactDate":"180724","firstAppEsteemReplyDate":"180726","firstResolvedDate":"180726","firstResolvedVersion":"24.0.960.0","resolved":"TRUE","lastKnownStatus":"Deceptor:24.0.930.0","lastKnownDate":"180702","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-07-26T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2488},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The app exaggerates the User and Password, Profile, Browser History, IM History Cookies and Local Trace Files as being threats , thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"MB Media LLC\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from TrustPilot, FileCluster and 100% satisfaction that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"ProPrivacyGuardSetup.exe","isInstaller":"True","companyName":"Pro Privacy Guard","productName":"Pro Privacy Guard","productVersion":"3.4.2","fileVersion":"3.4.2.0","hashMD5":"3e2ddd335a09d5d1de033c6b22df636a","hashSHA1":"cc9e53fa7475281150b8965fc4588954ab174806","hashSHA256":"dc0a8665b0c7c1d6dcf660b506ea7d94b3dfc7d02ad76f57cb95efa3df65d31a","digitalCertThumbprint":"29401407E9312698BE2E29E6C15F11318704BA4C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MB Media LLC, O=MB Media LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"3025","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ProPrivacyGuard.exe","companyName":"Pro Privacy Guard","productName":"Pro Privacy Guard","productVersion":"3.4.2.0","fileVersion":"3.4.2.0","hashMD5":"22fdcd5a52f29911b840e9d76d57a671","hashSHA1":"74fdf48915597532d18634c1f52566c0c5c4e125","hashSHA256":"46bb8767a1c045a087184743a2e07ffa27227d4c407a31d6a5625f3f755949a8","digitalCertThumbprint":"29401407E9312698BE2E29E6C15F11318704BA4C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MB Media LLC, O=MB Media LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"3025","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://proprivacyguard.com/","directDownloadingLink":"https://s3.amazonaws.com/new-ppg/ProPrivacyGuardSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/new-ppg/ProPrivacyGuardSetup.exe","sourceIndex":"3025"}],"sampleFiles":["180514/ProPrivacyGuard-180427/3.4.2/Samples/ProPrivacyGuardSetup.exe","180514/ProPrivacyGuard-180427/3.4.2/Samples/ProPrivacyGuard.exe"],"imageFiles":["180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-050/acr_050.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-003/acr_003.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-003/acr_003_1.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-065/install.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-065/acr_065_S.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-065/internal_offer_page.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-088/acr_088.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-092/acr_092.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-099/ACR_099.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-150/acr_150.PNG","180514/ProPrivacyGuard-180427/3.4.2/Images/ACR-099/ACR_099.PNG"],"guid":"38507865-57c1-4566-af5b-c49112d7d51d_3.4.2_1","appID":"ProPrivacyGuard-180427","dateAdded":"180514","deceptorType":"App","name":"ProPrivacyGuard","company":"MB Media LLC","version":"3.4.2","sigName":"Deceptor:Win32/ProprivacyGuard!003050084","lastKnownStatus":"Deceptor:3.4.2","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:04:59.1590532+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2485},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The app exaggerates the User and Password, Profile, Browser History, IM History Cookies and Local Trace Files as being threats, thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Privacy Policy\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"MB Media LLC\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-150":"The app displays five star awards from TrustPilot, FileCluster and 100% satisfaction that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"ProPrivacyGuardSetup.exe","isInstaller":"True","companyName":"Pro Privacy Guard","productName":"Pro Privacy Guard","productVersion":"3.4.2","fileVersion":"3.4.2.0","hashMD5":"3e2ddd335a09d5d1de033c6b22df636a","hashSHA1":"cc9e53fa7475281150b8965fc4588954ab174806","hashSHA256":"dc0a8665b0c7c1d6dcf660b506ea7d94b3dfc7d02ad76f57cb95efa3df65d31a","digitalCertThumbprint":"29401407E9312698BE2E29E6C15F11318704BA4C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MB Media LLC, O=MB Media LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"3026","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ProPrivacyGuard.exe","companyName":"Pro Privacy Guard","productName":"Pro Privacy Guard","productVersion":"3.4.2","fileVersion":"3.4.2.0","hashMD5":"22fdcd5a52f29911b840e9d76d57a671","hashSHA1":"74fdf48915597532d18634c1f52566c0c5c4e125","hashSHA256":"46bb8767a1c045a087184743a2e07ffa27227d4c407a31d6a5625f3f755949a8","digitalCertThumbprint":"29401407E9312698BE2E29E6C15F11318704BA4C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MB Media LLC, O=MB Media LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"3026","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc privacy cleaner\"","landingPage":"http://proprivacyguard.com/","directDownloadingLink":"https://s3.amazonaws.com/new-ppg/ProPrivacyGuardSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/new-ppg/ProPrivacyGuardSetup.exe","sourceIndex":"3026"}],"sampleFiles":["180514/ProPrivacyGuard-180427/2.6.9/Samples/ProPrivacyGuardSetup.exe","180514/ProPrivacyGuard-180427/2.6.9/Samples/ProPrivacyGuard.exe"],"imageFiles":["180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-050/ACR-050_software1.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-003/ACR-003_software.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-003/ACR-003_software1.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-065/ACR-065_install.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-065/ACR-065_software.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-088/ACR-088_software.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-092/ACR-092_software.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-099/acr_099_Software.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-099/acr_099_Landing_page.JPG","180514/ProPrivacyGuard-180427/2.6.9/Images/ACR-150/acr_150_LP.JPG"],"guid":"38507865-57c1-4566-af5b-c49112d7d51d_2.6.9_1","appID":"ProPrivacyGuard-180427","dateAdded":"180514","deceptorType":"App","name":"ProPrivacyGuard","company":"MB Media LLC","version":"2.6.9","sigName":"Deceptor:Win32/ProPrivacyGuard!003050084","lastKnownStatus":"Deceptor:3.4.2","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:04:24.9267209+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2486},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. The application does not provide a close button.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The Terms and Conditions and Privacy Policy provided belongs to Avangate.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"aa-setup.exe","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.                                 ","productName":"Amiti Antivirus","fileVersion":"","hashMD5":"2f15acd209fe043e2b875f5a4528878f","hashSHA1":"f7bb04ebab1d25f3aa94a9da3502d6ef6b78690f","hashSHA256":"9819396a6b0971a7966051871980163e52929170c5bdea83ef9570b3ca83e92b","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3569","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AmitiAntivirus.exe","companyName":"NETGATE Technologies s.r.o.","productName":"NETGATE Amiti Antivirus","productVersion":"24, 0, 880, 0","fileVersion":"24, 0, 880, 0","hashMD5":"90b97c482f8b5ed4c8665e6bdde13e5c","hashSHA1":"6b9d4b60eccc2c93d753d237f6d40cb97d4bd75b","hashSHA256":"888422cb660b765793f7018243c4f089aaaa98a78bb69c079ae0a0274d9b0739","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3569","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (keyword used:top 2018 antivirus) used the review from this website (https://antivirus.comodo.com/blog/computer-safety/best-free-antivirus-software-of-2018/)","landingPage":"https://www.netgate.sk/products/amiti-antivirus/","directDownloadingLink":"http://www.ngt.sk/download/aa-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ngt.sk/download/aa-setup.exe","sourceIndex":"3569"}],"sampleFiles":["180514/AmitiAntivirus-180511/24.0.880.0/Samples/aa-setup.exe","180514/AmitiAntivirus-180511/24.0.880.0/Samples/AmitiAntivirus.exe"],"imageFiles":["180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-048/ACR_048_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-065/ACR_065_INSTALL.PNG","180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_1.PNG","180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_2.PNG","180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180514/AmitiAntivirus-180511/24.0.880.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG"],"guid":"0ec4ba24-d7a0-4f04-aafe-c6673011dcbe_24.0.880.0_1","appID":"AmitiAntivirus-180511","dateAdded":"180514","deceptorType":"App","name":"Amiti Antivirus","company":"NETGATE Technologies s.r.o.","version":"24.0.880.0","sigName":"Deceptor:Win32/AmitiAntivirus!048","firstVendorContactDate":"180724","firstAppEsteemReplyDate":"180726","firstResolvedDate":"180726","firstResolvedVersion":"24.0.960.0","resolved":"TRUE","lastKnownStatus":"Deceptor:24.0.930.0","lastKnownDate":"180702","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-07-27T01:49:01.9977346+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2487},{"violations":{"ACR-003":"The application exaggerates registry keys as errors and shows the pc health as \"Bad\", thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's Returns and Cancellation Policy and Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Alfredo Anibal Santos Silva\" which is not disclosed in the app's EULA\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-036":"App does not disclose third party components in the EULA.\n","ACR-037":"No privacy policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"UVKSetup.exe","isInstaller":"True","companyName":"Carifred","productName":"Ultra Virus Killer","productVersion":"10.9.2.0","fileVersion":"10.9.2.0","hashMD5":"cbcad43b468cde13957a5ba9f9512889","hashSHA1":"c20403733da8c559e5485cf177eb2bdbfdecf90d","hashSHA256":"e46ffa0959e0d7d264e0a62bbd3b39fc08b669febf95fac409fac447bdd4bfe0","digitalCertThumbprint":"9891FFC6A2D8C841620F064ED4E62D0D228BC2AA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alfredo Anibal Santos Silva, O=Alfredo Anibal Santos Silva, STREET=Résidence les angéliques, STREET=Rue du grand large, L=Port vendres, S=Languedoc - Roussillon, PostalCode=66660, C=FR","sourceIndex":"3627","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UVK_en.exe","companyName":"Carifred.com","productName":"Ultra Virus Killer","productVersion":"10.9.2.0","fileVersion":"10.9.2.0","hashMD5":"a7d9c7836b721a1a989b1b7e1f74151c","hashSHA1":"07a9c92cd1b42a33f7195498ac050f43feeb98a5","hashSHA256":"cd105eb58bb8313e049ffdafe890abccc6a980536e7bd0fd176d37411ca89b9b","digitalCertThumbprint":"9891FFC6A2D8C841620F064ED4E62D0D228BC2AA","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Alfredo Anibal Santos Silva, O=Alfredo Anibal Santos Silva, STREET=Résidence les angéliques, STREET=Rue du grand large, L=Port vendres, S=Languedoc - Roussillon, PostalCode=66660, C=FR","sourceIndex":"3627","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"google search \"fix my computer problems\" link for youtube video https://www.youtube.com/watch?v=5b2Lr0JVOCw","landingPage":"http://www.carifred.com/uvk/","directDownloadingLink":"http://www.carifred.com/uvk/UVKSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.carifred.com/uvk/UVKSetup.exe","sourceIndex":"3627"}],"sampleFiles":["180509/UltraVirusKiller-180508/10.9.2.0/Samples/UVKSetup.exe","180509/UltraVirusKiller-180508/10.9.2.0/Samples/UVK_en.exe"],"imageFiles":["180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-003/ACR-003_software.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-003/ACR-003_software1.JPG"],"nonDeceptorImageFiles":["180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-065/ACR-065_install.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-065/ACR-065_software.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-065/ACR-065_landingpage.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-065/ACR-065_internaloffer.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-092/ACR-092_software.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-099/ACR-099_software.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-099/ACR-099_landingpage.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-099/ACR-099_internaloffer.JPG","180509/UltraVirusKiller-180508/10.9.2.0/Images/ACR-036/ACR-036_software.JPG"],"guid":"6f4f5ddf-2479-4752-a7c2-99f15824bdf4_10.9.2.0_1","appID":"UltraVirusKiller-180508","dateAdded":"180509","deceptorType":"App","name":"Ultra Virus Killer","company":"Carifred","version":"10.9.2.0","sigName":"Deceptor:Win32/UltraVirusKiller!003","firstVendorContactDate":"180517","firstAppEsteemReplyDate":"180517","firstResolvedDate":"180518","firstResolvedVersion":"10.9.4.0","resolved":"TRUE","lastKnownStatus":"Deceptor:10.9.2.0,NonCertified:10.9.4.0","lastKnownDate":"180509","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-05-18T19:23:39.0030977+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2489},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent, and provides no way to control them. \n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The Privacy policy provided belongs to SafeCart®.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Get Live Support Limited\" which is not disclosed in the app's EULA.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a webpage opens displaying information stating that consumer can Buy Now and Save 50% off the regular price.\n"},"samples":[{"isRevoked":"False","fileName":"DriverUpdater.exe","isInstaller":"True","companyName":"Get Live Support Limited                                    ","productName":"Driver Updater 3.1","productVersion":"3.1.0.0","fileVersion":"3.1.0.0","hashMD5":"27c45d2d83ed500cc46bd4921ba651e1","hashSHA1":"617c4e60588fef11afc78346ef57b47a98412a67","hashSHA256":"0bb9850ad2446eb2469aa2631b6d321cb04e4246764a31eb48403dde499e382d","digitalCertThumbprint":"9C2D7002C731924814FFB768DF801E77FC6631DD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Get Live Support Limited, OU=IT Department, O=Get Live Support Limited, STREET=207 Regent Street, L=London, S=England W1H 1DP, PostalCode=W1H 1DP, C=GB","sourceIndex":"3614","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverUpdater_Installed_Version.exe","companyName":"PC Repair Labs","productName":"Driver Updater","productVersion":"3.2","fileVersion":"3.1.0.5","hashMD5":"b36ff1641cf32983259bef69e046dce1","hashSHA1":"a915c7d8e5ca3be10827ce6c13d320daad916202","hashSHA256":"d87e0a6c30b03364bac6f3346da3097029ea8f04d69eee9974b8b05707f35bfb","digitalCertThumbprint":"9C2D7002C731924814FFB768DF801E77FC6631DD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Get Live Support Limited, OU=IT Department, O=Get Live Support Limited, STREET=207 Regent Street, L=London, S=England W1H 1DP, PostalCode=W1H 1DP, C=GB","sourceIndex":"3614","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"https://www.pcrepairlabs.com/","landingPage":"https://www.pcrepairlabs.com/driver-updater/","directDownloadingLink":"http://cu.conontaffy.com/141001106/brid%3A1/ref%3Ahttps%3A%3B%3Bwww.google.com.jm%3B/dlid%3A480a8aa0-18e3-498c-8064-20bb8eca73d4/DriverUpdater.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cu.conontaffy.com/141001106/brid%3A1/ref%3Ahttps%3A%3B%3Bwww.google.com.jm%3B/dlid%3A480a8aa0-18e3-498c-8064-20bb8eca73d4/DriverUpdater.exe","sourceIndex":"3614"}],"sampleFiles":["180503/PCRepairLabsDriverUpdater-180427/3.2/Samples/DriverUpdater.exe","180503/PCRepairLabsDriverUpdater-180427/3.2/Samples/DriverUpdater_Installed_Version.exe"],"imageFiles":["180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_1.PNG","180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-065/ACR_065_INSTALL.PNG","180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-065/ACR_065_SOFTWARE.PNG","180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-088/ACR_088_SOFTWARE.PNG","180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-092/ACR_092_SOFTWARE.PNG","180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-099/ACR_099_SOFTWARE.PNG","180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180503/PCRepairLabsDriverUpdater-180427/3.2/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"de63fc71-8d79-4f5b-b1f7-105e8ec1a459_3.2_1","appID":"PCRepairLabsDriverUpdater-180427","dateAdded":"180503","deceptorType":"App","name":"PC Repair Labs Driver Updater","company":"PC Repair Labs","version":"3.2","sigName":"Deceptor:Win32/PCRepairLabsDriverUpdater!084","firstVendorContactDate":"180618","firstAppEsteemReplyDate":"180618","firstResolvedDate":"180618","firstResolvedVersion":"App stops distributing and download link shutdown. Moved to purchase only mode","resolved":"TRUE","lastKnownStatus":"Deceptor:3.2","lastKnownDate":"180503","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-20T16:39:09.6856291+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2490},{"violations":{"ACR-003":"The application exaggerates Registry, Temporary Files, Caches and Junk files as issues of high danger level, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's uninstall wizard provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"The application does not use a certified call center to monetize the app. When you contact MindbrinK PC Sparkle you get the message saying \"You have reached a number that is not yet set up to receive calls, please try again later.\"\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-037":"The application has no privacy policy provided.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"MINDBRINK_PC_SPARKLE.EXE","isInstaller":"True","companyName":"MindbrinK PC Sparkle","productName":"MindbrinK PC Sparkle","productVersion":"3.0.5","fileVersion":"3.0.5","hashMD5":"16485690db6c9b94bb5bdd2b2bbde4d0","hashSHA1":"b9fe31b3d7a6076d8090fdf246c9cdfdeca734c3","hashSHA256":"bd170bd7a851a213340180d7875765da72228b2f58d0a09218270ed2170aabbd","digitalCertThumbprint":"8D6123C3D462FDC0E42E818C638FA6D0D4BC9C7E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MINDBRINK TECHNOLOGIES INC., O=MINDBRINK TECHNOLOGIES INC., L=MISSISSAUGA, S=Ontario, C=CA","sourceIndex":"3024","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"MindbrinKPCSparkle.exe","companyName":"MindbrinK PC Sparkle","productName":"MindbrinK PC Sparkle","productVersion":"3.0.5.0","fileVersion":"3.0.5.0","hashMD5":"32d2df5f545b243232153738b3840834","hashSHA1":"f1623517bfc5022c2b9df88f1cfcc9cff20fa76c","hashSHA256":"687791f36b191be0faa95f63962b5c6c788af166867be9b14a95fa0296e81cc3","digitalCertThumbprint":"8D6123C3D462FDC0E42E818C638FA6D0D4BC9C7E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MINDBRINK TECHNOLOGIES INC., O=MINDBRINK TECHNOLOGIES INC., L=MISSISSAUGA, S=Ontario, C=CA","sourceIndex":"3024","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (fix my computer errors free)","landingPage":"https://mindbrink.com/Products/PCSparkle.html","directDownloadingLink":"https://mindbrink.com/Products/MINDBRINK_PC_SPARKLE.EXE","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://mindbrink.com/Products/MINDBRINK_PC_SPARKLE.EXE","sourceIndex":"3024"}],"sampleFiles":["180503/MindbrinkPCSparkle-180427/3.0.5/Samples/MINDBRINK_PC_SPARKLE.EXE","180503/MindbrinkPCSparkle-180427/3.0.5/Samples/MindbrinKPCSparkle.exe"],"imageFiles":["180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_1.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-084/ACR_084_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-065/ACR_065_INSTALL.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-065/ACR_065_SOFTWARE.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-163/ACR_163_SOFTWARE.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-163/ACR_163_UNINSTALL.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-099/ACR_099_SOFTWARE.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180503/MindbrinkPCSparkle-180427/3.0.5/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"c8eec6c7-41b7-4e8f-b342-9908063af6e3_3.0.5_1","appID":"MindbrinkPCSparkle-180427","dateAdded":"180503","deceptorType":"App","name":"MindbrinK PC Sparkle","company":"MindbrinK Technologies Inc.","version":"3.0.5","sigName":"Deceptor:Win32/MindbrinKPCSparkle","lastKnownStatus":"Deceptor:3.0.5","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-06-06T21:05:49.0867952+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2491},{"violations":{"ACR-003":"The application exaggerates registry keys, junk files and privacy items as errors, thereby misleading or scaring the user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Ideakee Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from VeriSign Trusted, CNET and SOFTPEDIA that are unable to be verified.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"RegistrySmith_Setup.exe","isInstaller":"True","companyName":"Registry Smith, Inc.                                        ","productName":"Registry Smith 2015","productVersion":"2.1.9.60","fileVersion":"2.1.9.60","hashMD5":"7d15bc995fc20f58502169d2d22ec088","hashSHA1":"7508f4eea4ad638709cba1c1522880edc62c3108","hashSHA256":"78edcd0c43cfe88a7400c77e7ac327bc6cf9959da2109b0bf175814eb396c6a3","digitalCertThumbprint":"FD91D6AD22DB69997F337E59FE09E0FE60FBFAAC","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ideakee Inc, O=Ideakee Inc, STREET=\"1104# Asphodel Pavilion,Hengxiang Garden 18 LIjiangRoad\", L=Guilin, S=Guangxi, PostalCode=541004, C=CN","sourceIndex":"3631","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistrySmith.exe","companyName":"Registry Smith, Inc.","productName":"n/a","productVersion":"2.1.9.60","fileVersion":"2.1.9.60","hashMD5":"7121c7e93960b39f4b272c30e946a098","hashSHA1":"204286ed0e07d39061fb80569031d37d5c7770d2","hashSHA256":"5ac28ca313d653e8e297b61f3a502d3e55991f5bfc44839a3e5dc879e9f35ddf","digitalCertThumbprint":"FD91D6AD22DB69997F337E59FE09E0FE60FBFAAC","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ideakee Inc, O=Ideakee Inc, STREET=\"1104# Asphodel Pavilion,Hengxiang Garden 18 LIjiangRoad\", L=Guilin, S=Guangxi, PostalCode=541004, C=CN","sourceIndex":"3631","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc fixer\"","landingPage":"http://www.registrysmith.com/","directDownloadingLink":"http://www.registrysmith.com/RegistrySmith_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.registrysmith.com/RegistrySmith_Setup.exe","sourceIndex":"3631"}],"sampleFiles":["180502/RegistrySmith-180425/2.1.9.60/Samples/RegistrySmith_Setup.exe","180502/RegistrySmith-180425/2.1.9.60/Samples/RegistrySmith.exe"],"imageFiles":["180502/RegistrySmith-180425/2.1.9.60/Images/ACR-003/ACR-003_software.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-003/ACR-003_software1.JPG"],"nonDeceptorImageFiles":["180502/RegistrySmith-180425/2.1.9.60/Images/ACR-065/ACR-065_install.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-065/ACR-065_software.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-017/ACR-017_landingpage.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-161/ACR-161_landingpage.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-088/ACR-088_software.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-092/ACR-092_software.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-099/ACR-099_software.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-099/ACR-099_landingpage.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-099/ACR-099_internaloffer.JPG","180502/RegistrySmith-180425/2.1.9.60/Images/ACR-150/ACR-150_landingpage.JPG"],"guid":"461d342e-fdf5-4d1b-a493-0eaa128c6ba8_2.1.9.60_1","appID":"RegistrySmith-180425","dateAdded":"180502","deceptorType":"App","name":"Registry Smith","company":"RegistrySmith Inc","version":"2.1.9.60","sigName":"Deceptor:Win32/RegistrySmith!003","lastKnownStatus":"Deceptor:2.1.9.60","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2492},{"violations":{"ACR-003":"The application exaggerates Temporary files, Caches and Junk Files as being high level danger issues, thereby misleading or scaring the user to take action.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"The application does not use a certified call center to monetize the app. Contacted the phone number provided by Doctor PC Cleaner and got an agent that stated that the name of the company is Tech Support, did find out that the company provides other services for example fixing computer issues not just providing service for the app only.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-037":"The application has no privacy policy provided.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"Doctor PC Cleaner setup.exe","isInstaller":"True","companyName":"Doctor PC Cleaner LLC                                       ","productName":"Doctor PC Cleaner","productVersion":"1.0","fileVersion":"1.0.0.0","hashMD5":"a85e226eecff1cd3be96020cafc8374f","hashSHA1":"fd166f2cc1896f3af5505e3e601917a8261d034c","hashSHA256":"8dc027db980ec9b516e2f2941cf0de1fd8b7b147344ffd9a2b334d9c0139be37","digitalCertThumbprint":"7E5E0713C304B3C8E697FE61D96308DFFBABC98A","digitalCertIssuer":"\"CN=Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":" OU=http://certs.godaddy.com/repository/","sourceIndex":"3262","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","Trend Micro Internet Security (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)","Windows Defender (20190203)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Doctor PC Cleaner.exe","companyName":"Doctor PC Cleaner","productName":"Doctor PC Cleaner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"ba3d2ed05d152212b7634fc033323ee3","hashSHA1":"66792e16099957a6254726299b112172931aa135","hashSHA256":"d61600230bad2f06c41bdc1fd8fb936cfc85a414c9a3b76fc50e1833d4d10750","sourceIndex":"3262","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"https://doctorpccleaner.com/","directDownloadingLink":"http://doctorpccleaner.com/download/Doctor%20PC%20Cleaner%20setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://doctorpccleaner.com/download/Doctor%20PC%20Cleaner%20setup.exe","sourceIndex":"3262"}],"sampleFiles":["180502/DoctorPCCleaner-180424/1.0/Samples/Doctor PC Cleaner setup.exe","180502/DoctorPCCleaner-180424/1.0/Samples/Doctor PC Cleaner.exe"],"imageFiles":["180502/DoctorPCCleaner-180424/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-168/ACR_168_SOFTWARE.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180502/DoctorPCCleaner-180424/1.0/Images/ACR-065/ACR_065_INSTALL.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-163/ACR_163_SOFTWARE.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-168/ACR_168_LANDING_PAGE.PNG","180502/DoctorPCCleaner-180424/1.0/Images/ACR-167/ACR_167__DOCS.PNG"],"guid":"0488fa79-9297-4812-a284-638c0f572761_1.0_1","appID":"DoctorPCCleaner-180424","dateAdded":"180502","deceptorType":"App","name":"Doctor PC Cleaner","company":"Doctor PC Cleaner","version":"1.0","sigName":"Deceptor:Win32/DoctorPCCleaner!003118168","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-01-26T01:24:23.517953+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2493},{"violations":{"ACR-043":"Multiple third party components are installed which are not disclosed to the user in the EULA and offer or landing page.\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors and some of high risk, thereby misleading or scaring user to take action\nUpon trying to uninstall the app the user is prompted that there are invalid items that were detected and that these \"errors\" will not be repaired.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The scan scheduler for the app is not active, however the app has created tasks in windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled\nThe application's landing page has no link or information that shows how it can be uninstalled\n","ACR-037":"No privacy policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"File.exe","isInstaller":"True","companyName":"Computer Care Online","productName":"n/a","productVersion":"1.9.0.0","fileVersion":"1.9.0.0","hashMD5":"4a02f69993b2a18c910d66a9622d81c1","hashSHA1":"1bcc0c94151b01b8cc1aeca204844c239ab0b8a0","hashSHA256":"79df4e058ea361b6c4a74a84c58c65ed694fe12d40cd4df24d9b0bbcd4a64a9f","digitalCertThumbprint":"B01A7016AD6C5FA6824D80922957B51B857DC925","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Computer Care, OU=Computer Care - Guyana, O=Computer Care, STREET=\"211 Second Floor, Sharon's Building, 145 Charlotte and King Streets\", L=Georgetown, S=Demerara, PostalCode=00000, C=GY","sourceIndex":"3264","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","Trend Micro Internet Security (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)","Windows Defender (20190203)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Computer Care PC Cleaner64.exe","companyName":"Computer Care Online","productName":"Computer Care PC Cleaner","productVersion":"2.3.125.113","fileVersion":"2.3.125.113","hashMD5":"d9f96eb67669bb04f43626b17a5a31e7","hashSHA1":"800b9b4c958935d427c51c2c26f49793fb35d320","hashSHA256":"0389297a3c57b11ec3cf6c38d9ce38df4e7766407d6b9f53e25d7f82e0b94188","digitalCertThumbprint":"B01A7016AD6C5FA6824D80922957B51B857DC925","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Computer Care, OU=Computer Care - Guyana, O=Computer Care, STREET=\"211 Second Floor, Sharon's Building, 145 Charlotte and King Streets\", L=Georgetown, S=Demerara, PostalCode=00000, C=GY","sourceIndex":"3264","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"slow pc care optimizer\"","landingPage":"https://www.computercare.online/","directDownloadingLink":"https://www.computercare.online/downloads/ComputerCare_PCCleaner1.9.0.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.computercare.online/downloads/ComputerCare_PCCleaner1.9.0.exe","sourceIndex":"3264"}],"sampleFiles":["180502/computerCarePCCleaner-180425/1.9.0.0/Samples/File.exe","180502/computerCarePCCleaner-180425/1.9.0.0/Samples/Computer Care PC Cleaner64.exe"],"imageFiles":["180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-043/ACR-043_install.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-043/ACR-043_install1.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-003/ACR-003_software.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-003/ACR-003_software1.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-003/ACR-003_uninstall.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-065/ACR-065_install.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-065/ACR-065_software.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-065/ACR-065_landingpage.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-099/ACR-099_software.JPG","180502/computerCarePCCleaner-180425/1.9.0.0/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"69f050e5-384b-42e0-b89d-d8ace6b02a24_1.9.0.0_1","appID":"computerCarePCCleaner-180425","dateAdded":"180502","deceptorType":"App","name":"Computer Care PC Cleaner","company":"Computer Care Online","version":"1.9.0.0","sigName":"Deceptor:Win32/ComputerCarePCCleaner!003043084","lastKnownStatus":"Deceptor:1.9.0.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-01-26T01:22:09.7937707+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2495},{"violations":{"ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon calling the number the agent answered and referred to the company as support, she refuses to state the true company name and stated the number i'm seeing on the application is not what she has. \n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"Disk-Tuner.exe","isInstaller":"True","companyName":"SloxSoft LLC.                                               ","productName":"Disk-Tuner","productVersion":"2.0","fileVersion":"0.0","hashMD5":"3bbd383da645be99c0e9b7c5413568cc","hashSHA1":"f6ab80c965d3d188454ca79d5f9d17bd00eaeb22","hashSHA256":"f2fd98d972c25c33c8436763a3586386a9d441bbbe294d3479a63f010ad6e57d","digitalCertThumbprint":"2745E02C8D3EE9D0C0D0598F48BA1A380C73A683","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=SloxSoft LLC, O=SloxSoft LLC, L=Saint Petersburg, S=Florida, C=US","sourceIndex":"3263","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","Trend Micro Internet Security (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)","Windows Defender (20190203)"],"avAllowList":[]},{"isRevoked":"False","fileName":"DiskTuner.exe","companyName":"SloxSoft LLC.","productName":"Disk-Tuner","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"81fcc41c8124983070e239f2f47487a0","hashSHA1":"84c8a2a045b51e92ad6c64527e57f902b0ab7a71","hashSHA256":"bb36ace127ad912da1d9d72e13419b524ae0138c1479bfc6e834495a850216f3","digitalCertThumbprint":"2745E02C8D3EE9D0C0D0598F48BA1A380C73A683","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=SloxSoft LLC, O=SloxSoft LLC, L=Saint Petersburg, S=Florida, C=US","sourceIndex":"3263","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"google searched; privacy cleaner softwares ","landingPage":"http://www.sloxsoft.com/RegTuner/index.php","directDownloadingLink":"http://www.sloxsoft.com/DiskTuner/product/Disk-Tuner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.sloxsoft.com/DiskTuner/product/Disk-Tuner.exe","sourceIndex":"3263"}],"sampleFiles":["180502/DiskTuner-180420/2.0/Samples/Disk-Tuner.exe","180502/DiskTuner-180420/2.0/Samples/DiskTuner.exe"],"imageFiles":["180502/DiskTuner-180420/2.0/Images/ACR-168/one_one_interaction_S.PNG"],"nonDeceptorImageFiles":["180502/DiskTuner-180420/2.0/Images/ACR-065/acr_065_I.PNG","180502/DiskTuner-180420/2.0/Images/ACR-065/acr_065_S.PNG","180502/DiskTuner-180420/2.0/Images/ACR-163/one_one_interaction_S.PNG","180502/DiskTuner-180420/2.0/Images/ACR-160/one_one_interaction_S.PNG","180502/DiskTuner-180420/2.0/Images/ACR-099/software.PNG"],"guid":"68125c7d-da49-4b07-8c62-1ac555db714d_2.0_1","appID":"DiskTuner-180420","dateAdded":"180502","deceptorType":"App","name":"DiskTuner","company":"SloxSoft LLC.","version":"2.0","sigName":"Deceptor:Win32/SloxSoftDiskTuner!168","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-26T01:23:23.9488216+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2494},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC CARE TOOLS\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"","productName":"Advanced PC-Mechanic","productVersion":"1.0.0.1220","fileVersion":"1.0.0.1220","hashMD5":"798feee4bee542ca181b6df94ccd29c8","hashSHA1":"f54bafe1e3d52ac7dbd2cc678356d7afea54ad92","hashSHA256":"f78af63392bbc200b84e62951c6e018e92775ece6aabe450a52ae8f878afdebc","digitalCertThumbprint":"9A4B477114A341614BE07664FFE580B0F1A18C71","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC FlXER TOOLS, O=PC FlXER TOOLS, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"452","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spct.exe","productName":"Advanced PC-Mechanic","productVersion":"1.0.0.1220","fileVersion":"1.0.0.1220","hashMD5":"c5986f4ff3e6b4069758078348747543","hashSHA1":"fdd75669558069f3264888e6cb9e7ba7bbca9863","hashSHA256":"65194273c6e14231b43b45002234eb702de2c367d8153604b3883c6c28652bc7","digitalCertThumbprint":"9A4B477114A341614BE07664FFE580B0F1A18C71","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC FlXER TOOLS, O=PC FlXER TOOLS, STREET=\"218-A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"452","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"registry repair mechanic 2018\"","landingPage":"http://pcmechanicutils.com/","directDownloadingLink":"http://d2d4mkggcj78v0.cloudfront.net/securerc/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://d2d4mkggcj78v0.cloudfront.net/securerc/setup.exe","sourceIndex":"452"}],"sampleFiles":["180502/AdvancedPCMechanic-180425/1.0.0.1220/Samples/setup.exe","180502/AdvancedPCMechanic-180425/1.0.0.1220/Samples/spct.exe"],"imageFiles":["180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-055/ACR-055_inline.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-003/ACR-003_software.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-003/ACR-003_software1.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-003/ACR-003_software2.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-010/ACR-010_inline.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-059/ACR-059_inline.JPG"],"nonDeceptorImageFiles":["180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-065/ACR-065_software.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-065/ACR-065_internaloffer.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-161/ACR-161_internaloffer.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-161/ACR-161_internaloffer1.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-088/ACR-088_software.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-092/ACR-092_software.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-099/ACR-099_software.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-099/ACR-099_internaloffer.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-150/ACR-150_internaloffer.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-171/ACR-171_internaloffer.JPG","180502/AdvancedPCMechanic-180425/1.0.0.1220/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"cf1b50c2-a67c-47c3-8b28-e62c10bd58db_1.0.0.1220_1","appID":"AdvancedPCMechanic-180425","dateAdded":"180502","deceptorType":"App","name":"Advanced PC-Mechanic","company":"Advanced PC Mechanic.","version":"1.0.0.1220","sigName":"Deceptor:Win32/AdvancedPCMechanic:003010055059","lastKnownStatus":"Deceptor:1.0.0.1220","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T22:47:36.2899626+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2081},{"violations":{"ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable scheduled tasks from the application settings, The user is forced to select at least one day for scheduled scans.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays a testimonial but does not provide any links back to a source so that it can be verified.\nThe application's internal offer displays a testimonial but does not provide any links back to a source so that it can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon call the support number provided a automated response says, \"the person you are trying to reach is unavailable at this time.\"\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's docs have no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"diskoptimizerprosetup.exe","isInstaller":"True","companyName":"Xportsoft Technologies","productName":"Disk Optimizer Pro","fileVersion":"0.0","hashMD5":"7c5a04d59f1ec452689e2d3f7b462db8","hashSHA1":"4e7fd51718bd3f1f4e78b5304e96df7bc19b6016","hashSHA256":"4f69a51b6b07cf984bbbd830ac6a8429f69a1f494dfac84a0b0c3fab63ae60de","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Kardhan Road\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"3633","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Disk Optimizer Pro.exe","companyName":"Xportsoft Technologies","productName":"Disk Optimizer Pro","productVersion":"1.0.3.7","fileVersion":"1.0.3.7","hashMD5":"462877ca6c652cd28c660a22ac493866","hashSHA1":"19cba925b3a5fa67f275653aa98e006567d4b3b3","hashSHA256":"df16269fe4353066f11f4e8684d68c90196204ccdd92e465a21bf0d9d2897cc6","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Kardhan Road\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"3633","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search optimizerpro, domain correlation ","reference":"","landingPage":"http://diskoptimizerpro.com","directDownloadingLink":"http://diskoptimizerpro.com/download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://diskoptimizerpro.com/download","sourceIndex":"3633"}],"sampleFiles":["180501/DiskOptimizerPro-180427/1.0.37/Samples/diskoptimizerprosetup.exe","180501/DiskOptimizerPro-180427/1.0.37/Samples/Disk Optimizer Pro.exe"],"imageFiles":["180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-017/ACR-017_software.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-017/ACR-017_software1.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-065/ACR-065_install.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-065/ACR-065_software.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-161/ACR-161_landingpage.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-161/ACR-161_internaloffer.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-163/ACR-163_software.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-163/ACR-163_landingpage.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-160/ACR-160_software.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-099/ACR-099_software.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-099/ACR-099_internaloffer.JPG","180501/DiskOptimizerPro-180427/1.0.37/Images/ACR-167/ACR-167_docs.JPG"],"guid":"853984c9-6951-48ff-91b5-6e348e2e77a7_1.0.37_1","appID":"DiskOptimizerPro-180427","dateAdded":"180501","deceptorType":"App","name":"Disk Optimizer Pro","company":"Xportsoft Technologies","version":"1.0.37","sigName":"Deceptor:Win32/DiskOptimizerPro!017084","lastKnownStatus":"Deceptor:1.0.37","lastKnownDate":"180501","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-05-02T02:30:51.7997914+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2498},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The application exaggerates registry keys as errors, thereby misleading or scaring the user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"Winmetry_Utility_Hub.exe","isInstaller":"True","companyName":"Praknex Solutions Private Limited ","productName":"Winmetry Utility Hub Installer","productVersion":"1.1.5","fileVersion":"0.0","hashMD5":"49c650c7257eca4372c52a71846e3c8d","hashSHA1":"c1894f1db2d5b6af59fcf46008daea86ff8829aa","hashSHA256":"7f03dcc10bfc9669ed0b914db962e9a7d4721084b90b38c53a9450db189fefc2","digitalCertThumbprint":"2519CC387B175F8BA8E87ECDE57DE9CA734342B1","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Praknex Solutions Private Limited, O=Praknex Solutions Private Limited, L=New Delhi, S=Delhi, C=IN","sourceIndex":"3632","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinmetryUtilityHub.exe","companyName":"Praknex Solutions Private Limited","productName":"WinmetryUtilityHub","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4213d309cce26ffd183cb437c12c0c38","hashSHA1":"96b6d148ed78b1b1647a9f97811e48f15588643b","hashSHA256":"00900063ede80426c5ac9b9266bfb6b35ddd38b287c236a75b7444aae70f4c65","digitalCertThumbprint":"2519CC387B175F8BA8E87ECDE57DE9CA734342B1","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=Praknex Solutions Private Limited, O=Praknex Solutions Private Limited, L=New Delhi, S=Delhi, C=IN","sourceIndex":"3632","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"https://www.winmetry.com/","directDownloadingLink":"https://www.winmetry.com/Winmetry_Utility_Hub.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.winmetry.com/Winmetry_Utility_Hub.exe","sourceIndex":"3632"}],"sampleFiles":["180501/WinmetryUtilityHub-180420/1.1.5/Samples/Winmetry_Utility_Hub.exe","180501/WinmetryUtilityHub-180420/1.1.5/Samples/WinmetryUtilityHub.exe"],"imageFiles":["180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-003/ACR-003_software.JPG","180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-050/ACR-050_software.JPG"],"nonDeceptorImageFiles":["180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-065/ACR-065_software.JPG","180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-161/ACR-161_landingpage.JPG","180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-161/ACR-161_landingpage1.JPG","180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-161/ACR-161_internaloffer.JPG","180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-099/ACR-099_software.JPG","180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-099/ACR-099_landingpage.JPG","180501/WinmetryUtilityHub-180420/1.1.5/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"748235d6-d9ea-4cf2-b2bf-2dd5a2795ae0_1.1.5_1","appID":"WinmetryUtilityHub-180420","dateAdded":"180501","deceptorType":"App","name":"Winmetry Utility Hub","company":"Praknex Solutions Private Limited","version":"1.1.5","sigName":"Deceptor:Win32/WinMetryUtilityHub!003050","lastKnownStatus":"Deceptor:1.1.5","lastKnownDate":"180501","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-05-02T02:33:09.6203084+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2496},{"violations":{"ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's internal offers page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's internal offer webpage provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"The application does not use a certified call center to monetize the app. Got a message saying the person you trying to reach is unavailable.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-037":"The application has no privacy policy provided.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"QuickPCStartupSetup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"aeb50a8d14269efaf6bdafcf27e60f92","hashSHA1":"7e3087077e1e837a9fdece4b3a5903508763af8f","hashSHA256":"8f6a98be3924dacaa010da5b45b6f1328a08a5dd8b533e2348792088aad9631b","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Kardhan Road\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"3634","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"QuickPCStartup.exe","companyName":"XportSoft Technologis","productName":"Quick PC Startup","productVersion":"1.1.1.1","fileVersion":"1.1.1.1","hashMD5":"7c363879ff315fc522a83b634603d85f","hashSHA1":"98091ad4da17763f34b13fd02075ab8076f1215c","hashSHA256":"2170653c683780235d51df7bd7d52fcb8be31fa62042ef77c7fc8f382f97bdff","digitalCertThumbprint":"EFEE28C58F71B291CF0D0730F8A4525D2E775263","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET=\"Near Gugga Maadi, Kardhan Road\", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN","sourceIndex":"3634","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Search quickPC","reference":"","landingPage":"http://www.quickpcstartup.com/","directDownloadingLink":"http://www.quickpcstartup.com/download.aspx","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.quickpcstartup.com/download.aspx","sourceIndex":"3634"}],"sampleFiles":["180501/QuickPCStartup-180427/1.1.1.1/Samples/QuickPCStartupSetup.exe","180501/QuickPCStartup-180427/1.1.1.1/Samples/QuickPCStartup.exe"],"imageFiles":["180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-017/ACR_017_SOFTWARE.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-065/ACR_065_INSTALL.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-065/ACR_065_SOFTWARE.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-163/ACR_163_INTERNAL_OFFERS.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-099/ACR_099_SOFTWARE.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180501/QuickPCStartup-180427/1.1.1.1/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"682ab4db-89b3-4602-96f1-a9112e787780_1.1.1.1_1","appID":"QuickPCStartup-180427","dateAdded":"180501","deceptorType":"App","name":"Quick PC Startup","company":"Xportsoft Technologies","version":"1.1.1.1","sigName":"Deceptor:Win32/QuickPCStartup!017","lastKnownStatus":"Deceptor:1.1.1.1","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center,paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2497},{"violations":{"ACR-003":"The application exaggerated empty and invalid registry keys as errors, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's scan schedule is set to do not schedule, however the app has created multiple scheduled task in the windows task scheduler.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Jawego Partners LLC\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon calling the number the agent answered and referred to the company a phone support, he refuses to state the true company name and offers technical support to fix pc issues.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens with information stating that the consumer can get the app at 50% off.\n","ACR-171":"The consumer is required to opt-out of additional payment for Disk Tools Plus which was not pre-disclosed.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"supsetup_site.exe","isInstaller":"True","companyName":"http://www.superpccleanup.com/                              ","productName":"Super PC Cleanup","productVersion":"1.8","fileVersion":"1.8","hashMD5":"186d4b23b88d1f2b4f1898a06d79875b","hashSHA1":"e10512be3794fb86fc0bc4641aee85ea0afb84d7","hashSHA256":"aaf57b7d4b4b369da187dae11327a6f04c3fc0a1a8290057c9f77399c99e40b4","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"451","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SuperPCCleanup.exe","companyName":"Super PC Cleanup","productName":"Super PC Cleanup","productVersion":"1.8.63.463","fileVersion":"1.8.63.463","hashMD5":"b1666e76df781cc8028168351436cf5e","hashSHA1":"7a49db575d4b4f6f9cb3a10f93799eeab92cac6e","hashSHA256":"8b6caa67106d94df7897996e233b5c7e30b472a3ae33febe20f63d3bcf59c7a3","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"451","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"speedup pc\"","landingPage":"http://www.superpccleanup.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/superpccleanup/supsetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/superpccleanup/supsetup_site.exe","sourceIndex":"451"}],"sampleFiles":["180427/SuperPCCleanup-180420/1.8/Samples/supsetup_site.exe","180427/SuperPCCleanup-180420/1.8/Samples/SuperPCCleanup.exe"],"imageFiles":["180427/SuperPCCleanup-180420/1.8/Images/ACR-003/ACR-003_software.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-003/ACR-003_software1.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-003/ACR-003_software2.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-084/ACR-084_software.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180427/SuperPCCleanup-180420/1.8/Images/ACR-065/ACR-065_software.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-161/ACR-161_landingpage.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-161/ACR-161_landingpage1.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-163/ACR-163_software.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-163/ACR-163_landingpage.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-088/ACR-088_software.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-092/ACR-092_software.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-160/ACR-160_software.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-099/ACR-099_software.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-099/ACR-099_interanloffer.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-168/ACR-168_landingpage.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-120/ACR-120_uninstall.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-171/ACR-171_internaloffer.JPG","180427/SuperPCCleanup-180420/1.8/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"45e32fc5-caed-4146-9a91-762d302303cc_1.8_1","appID":"SuperPCCleanup-180420","dateAdded":"180427","deceptorType":"App","name":"Super PC Cleanup","company":"www.superpccleanup.com","version":"1.8","sigName":"Deceptor:Win32/SuperPCCleanup!003084168","lastKnownStatus":"Deceptor:1.8","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T22:49:24.0663487+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2082},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC CARE TOOLS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"bppsetup.exe","isInstaller":"True","companyName":"Boost PC Pro 2018","productName":"BoostPC-Pro-2018","productVersion":"1.0.0.8","fileVersion":"1.0.0.8","hashMD5":"470f79170601e5060225cd5cd7a00a4f","hashSHA1":"775ff2ed9e8473e716d9ce4456e1f41030442000","hashSHA256":"d546be5bb15957d8799a1f52c4c1f792d058a818deb2776e50801218d8db3712","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"450","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp.exe","companyName":"Boost PC Pro 2018","productName":"SpeedUp Tool","productVersion":"1.0.0.8","fileVersion":"1.0.0.8","hashMD5":"61edfea76805449301f394c88533b27f","hashSHA1":"d9596d15849769de98d12e116dd7500b95f3d9cb","hashSHA256":"fa227683c44e8f63328877bf66e1f96ef250d32177a85c0357c42823b5aff94e","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"450","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc fixer\"","landingPage":"http://www.cleanuppcutils.com/","directDownloadingLink":"https://d1dmlsoa2vrc0t.cloudfront.net/bpp/securerc/b8/bppsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1dmlsoa2vrc0t.cloudfront.net/bpp/securerc/b8/bppsetup.exe","sourceIndex":"450"}],"sampleFiles":["180427/BoostPCPro2018-180420/1.0.0.8/Samples/bppsetup.exe","180427/BoostPCPro2018-180420/1.0.0.8/Samples/bpp.exe"],"imageFiles":["180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-055/ACR-055_inlineoffer.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-003/ACR-003_software.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-003/ACR-003_software1.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-003/ACR-003_software2.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-010/ACR-010_inlineoffer.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-010/ACR-010_adsinsideapp.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-065/ACR-065_internaloffer.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-161/ACR-161_internaloffer.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-161/ACR-161_internaloffer1.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-088/ACR-088_software.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-092/ACR-092_software.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-099/ACR-099_landingpage.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-099/ACR-099_internaloffer.JPG","180427/BoostPCPro2018-180420/1.0.0.8/Images/ACR-150/ACR-150_internaloffer.JPG"],"guid":"b1eeeb5f-d37d-4c46-ba04-19cad85fff1e_1.0.0.8_1","appID":"BoostPCPro2018-180420","dateAdded":"180427","deceptorType":"App","name":"BoostPC-Pro-2018","company":"Boost PC Pro 2018","version":"1.0.0.8","sigName":"Deceptor:Win32/BoostPCPro!003010055059","lastKnownStatus":"Deceptor:1.0.0.8","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T22:54:58.317996+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2083},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys temp, cache and junk files as issues of high urgency level and labels the system health status as \"DANGER\", thereby misleading or scaring user to take action.\nUpon trying to uninstall the app the user is prompted with a message to call a phone number to fix the computer \"problems\".\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from scanning on startup from the software interface as that feature is grayed out.\n","ACR-014":"app results show an intent to deceive the consumer by implying that issue's level could be \"high\" for registry items, temp and junk files and system cache.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's uninstall prompts for one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled\n"},"samples":[{"isRevoked":"False","fileName":"SystemOptimizerSetup.exe","isInstaller":"True","companyName":"System Optimizer","productName":"System Optimizer","productVersion":"3.0.3","fileVersion":"3.0.3","hashMD5":"5dbe5f56b8af4d0444fb9bf3d7977137","hashSHA1":"3754682ab068c31cb3c266a049d04829cadafb1c","hashSHA256":"622b3f5df349e0b5e83d96ebaee764004e712421d9eb66a7ae730162500cacef","digitalCertThumbprint":"16D2A71C1F03B2BD2C1261BFAB235153D9845743","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"800 Geeks, Inc\", O=\"800 Geeks, Inc\", STREET=\"201 N Charles St, Suite 2406\", L=Baltimore, S=Maryland, PostalCode=21201, C=US","sourceIndex":"3265","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemOptimizer.exe","companyName":"System Optimizer","productName":"System Optimizer","productVersion":"3.0.3.0","fileVersion":"3.0.3.0","hashMD5":"f8a296c5fa0cf05b9339d4c932ee9e66","hashSHA1":"f344d1a59b85c67b0ed6711707e2f14fb8e69c1f","hashSHA256":"7086bc9a4d5cd73b6f6628696027b902c8d122b25043665db35e09a05519cd87","digitalCertThumbprint":"16D2A71C1F03B2BD2C1261BFAB235153D9845743","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"800 Geeks, Inc\", O=\"800 Geeks, Inc\", STREET=\"201 N Charles St, Suite 2406\", L=Baltimore, S=Maryland, PostalCode=21201, C=US","sourceIndex":"3265","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc privacy guard\"","landingPage":"https://www.1800geeks.com/system-optimizer.html","directDownloadingLink":"https://www.1800geeks.com/software/SystemOptimizerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.1800geeks.com/software/SystemOptimizerSetup.exe","sourceIndex":"3265"}],"sampleFiles":["180427/SystemOptimizer-180427/3.0.3/Samples/SystemOptimizerSetup.exe","180427/SystemOptimizer-180427/3.0.3/Samples/SystemOptimizer.exe"],"imageFiles":["180427/SystemOptimizer-180427/3.0.3/Images/ACR-003/ACR-003_software.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-003/ACR-003_software1.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-003/ACR-003_uninstall.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-014/ACR-014_software.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-014/ACR-014_software 1.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180427/SystemOptimizer-180427/3.0.3/Images/ACR-065/ACR-065_software.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-163/ACR-163_software.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-163/ACR-003_uninstall.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-163/ACR-163_landingpage.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-088/ACR-088_software.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-160/ACR-160_software.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-099/ACR-099_software.JPG","180427/SystemOptimizer-180427/3.0.3/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"26df2b45-709c-4c5c-88ac-cbf6757d8df5_3.0.3_1","appID":"SystemOptimizer-180427","dateAdded":"180427","deceptorType":"App","name":"SystemOptimizer","company":"1800-Geeks Inc","version":"3.0.3","sigName":"Deceptor:Win32/SystemOptimizer!003014084","lastKnownStatus":"Deceptor:3.0.3","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-26T01:21:05.9767216+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2499},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The app exaggerates the User and Password, Profile, Browser History, IM History Cookies and Local Trace Files as being threats , thereby misleading or scaring the consumer to take action.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-014":"App results show an intent to deceive the consumer by implying that User and Password, Profile, Browser History, IM History Cookies and Local Trace Files could be of high performance impact to the system.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. \n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application's landing page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"PrivacyGuardSetup.exe","isInstaller":"True","companyName":"Privacy Guard","productName":"Privacy Guard","productVersion":"3.2.0","fileVersion":"3.2.0","hashMD5":"b12ad2536a1af3a9e62df693102fb577","hashSHA1":"b8ade7e35d2aa9195bd48f704a35312eb57e439c","hashSHA256":"9cd998b5a78b007e3e3d44cd8360cc5c92f8ab1bda0c35f9fc7e3a608b1fcfe2","digitalCertThumbprint":"16D2A71C1F03B2BD2C1261BFAB235153D9845743","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"800 Geeks, Inc\", O=\"800 Geeks, Inc\", STREET=\"201 N Charles St, Suite 2406\", L=Baltimore, S=Maryland, PostalCode=21201, C=US","sourceIndex":"3266","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PrivacyGuard.exe","companyName":"Privacy Guard","productName":"Privacy Guard","productVersion":"3.2.0","fileVersion":"3.2.0","hashMD5":"fc3de84fb3f3b79496f417513255f543","hashSHA1":"75327bc1738b7b018f455c5cebe79eba83534e5f","hashSHA256":"a0a17139c61143be5b46a66f4163444138009fc5da193e02ded0c28595b21499","digitalCertThumbprint":"16D2A71C1F03B2BD2C1261BFAB235153D9845743","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"800 Geeks, Inc\", O=\"800 Geeks, Inc\", STREET=\"201 N Charles St, Suite 2406\", L=Baltimore, S=Maryland, PostalCode=21201, C=US","sourceIndex":"3266","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"geeks privacy guard\"","landingPage":"https://www.1800geeks.com/privacy-guard.html","directDownloadingLink":"http://www.1800geeks.com/software/PrivacyGuardSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.1800geeks.com/software/PrivacyGuardSetup.exe","sourceIndex":"3266"}],"sampleFiles":["180427/PrivacyGuard-180427/3.2.0/Samples/PrivacyGuardSetup.exe","180427/PrivacyGuard-180427/3.2.0/Samples/PrivacyGuard.exe"],"imageFiles":["180427/PrivacyGuard-180427/3.2.0/Images/ACR-050/ACR-050_software.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-003/ACR-003_software.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-003/ACR-003_software1.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-014/ACR-014_software.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-014/ACR-004_software1.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180427/PrivacyGuard-180427/3.2.0/Images/ACR-065/ACR-065_software.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-163/ACR-163_software.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-163/ACR-163_landingpage.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-088/ACR-088_software.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-160/ACR-160_software.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-099/ACR-099_software.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-099/ACR-099_landingpage.JPG","180427/PrivacyGuard-180427/3.2.0/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"7fe03f46-9030-4087-8f36-33f630a244fc_3.2.0_1","appID":"PrivacyGuard-180427","dateAdded":"180427","deceptorType":"App","name":"PrivacyGuard","company":"1800 Geeks LLC.","version":"3.2.0","sigName":"Deceptor:Win32/PrivacyGuard!003014050168","lastKnownStatus":"Deceptor:3.2.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center,paid","lastUpdate":"2019-01-26T01:20:01.5531176+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2500},{"violations":{"ACR-003":"The application exaggerates System Performance issues and System/User Software issues using high color gradient, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offers provided are not clearly marked as offers, and unclear who is making the recommendation for the offers.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The app is referred to as PC Protection Suite on the internal offer page and is installed as Wise-System-Mechanic which will lead to confusion of the consumer as to what was installed.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"CONNECT AB INFOLINE PRIVATE LIMITED\" which is not disclosed in the app's EULA.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","productName":"Wise-System-Mechanic","productVersion":"1.0.0.1343","fileVersion":"1.0.0.1343","hashMD5":"2eb67b07d4022b09d795a233481b3cbe","hashSHA1":"630f13839833f39e5bf275c8fbc04e119bdda3a4","hashSHA256":"2bf1d23e91579277663537f87ac17da450617e47b5f1fbdc924b24c80c167496","digitalCertThumbprint":"D4CC2A4E613CB926B22233E4560DCA805310E4EC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"3267","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)"],"avAllowList":["Trend Micro Internet Security (20190203)","Windows Defender (20190203)"]},{"isRevoked":"False","fileName":"oscm.exe","companyName":"n/a","productVersion":"1.0.0.1343","fileVersion":"1.0.0.1343","hashMD5":"6e9f1bd1001cd3f062b6391ea2e82f0e","hashSHA1":"50735127631ce79b3ab8585ab21a3dbbded688bb","hashSHA256":"9b2563a5de68c4e2712028daf3d2bd1d309fd5e3dc3c3b957cb3961f7c24d5bc","digitalCertThumbprint":"D4CC2A4E613CB926B22233E4560DCA805310E4EC","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"3267","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (registry repair 2018)","landingPage":"http://wisesystemtools.com/","directDownloadingLink":"https://d3lsk6rzmw1qjo.cloudfront.net/wisesysm/securerc/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3lsk6rzmw1qjo.cloudfront.net/wisesysm/securerc/setup.exe","sourceIndex":"3267"}],"sampleFiles":["180426/WiseSystemMechanic-180420/1.0.0.1343/Samples/setup.exe","180426/WiseSystemMechanic-180420/1.0.0.1343/Samples/oscm.exe"],"imageFiles":["180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-055/ACR_055_INLINE_OFFERS.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-003/ACR_003_SOFTWARE.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-059/ACR_059_INLINE_OFFER_SCREENSHOT_1.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-059/ACR_059_INLINE_OFFER_SCREENSHOT_2.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-010/ACR_010_INLINE_OFFER_SCREENSHOT_1.PNG"],"nonDeceptorImageFiles":["180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-065/ACR_065_SOFTWARE.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-002/ACR_002_INTERNAL_OFFERS.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-088/ACR_088_SOFTWARE.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-092/ACR_092_SOFTWARE.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-099/ACR_099_SOFTWARE.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","180426/WiseSystemMechanic-180420/1.0.0.1343/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG"],"guid":"7c687f34-eac3-481f-8f94-207788865a83_1.0.0.1343_1","appID":"WiseSystemMechanic-180420","dateAdded":"180426","deceptorType":"App","name":"Wise System Mechanic","company":"Wise System Mechanic.","version":"1.0.0.1343","sigName":"Deceptor:Win32/WiseSystemMechanic!003010055059","lastKnownStatus":"Deceptor:1.0.0.1343","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-26T01:19:11.2853746+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2501},{"violations":{"ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon dialing the phone number provided by the app the phone rang twice then hung up saying the line is busy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"SmartRegCareSetup.exe","isInstaller":"True","companyName":"GNR Management Services                                     ","productName":"Smart Registry Care","productVersion":"6.9","fileVersion":"","hashMD5":"a1eb249a8f73916721c0669ad01e08d5","hashSHA1":"987d35bd1cd559a0c5c997e7e3a36957e7e3b637","hashSHA256":"80e208c113766f956a4d6287d2e0446204e099b582b8130b0cc8256b2d8b8489","digitalCertThumbprint":"C04167CC677480834C1E7FDC88C8901B6F175C20","digitalCertIssuer":"CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US","digitalCertIssuedTo":"CN=GNR MANAGEMENT SERVICES PVT. LTD., O=GNR MANAGEMENT SERVICES PVT. LTD., L=Delhi, C=IN","sourceIndex":"3027","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (remove computer errors free)","landingPage":"http://smartregistrycare.com/en/","directDownloadingLink":"http://www.smartregistrycare.com/downloads/exe/en/src/SmartRegCareSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.smartregistrycare.com/downloads/exe/en/src/SmartRegCareSetup.exe","sourceIndex":"3027"}],"sampleFiles":["180426/SmartRegistryCare-180420/6.9/Samples/SmartRegCareSetup.exe"],"imageFiles":["180426/SmartRegistryCare-180420/6.9/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180426/SmartRegistryCare-180420/6.9/Images/ACR-065/ACR_065_INSTALL.PNG","180426/SmartRegistryCare-180420/6.9/Images/ACR-065/ACR_065_SOFTWARE.PNG","180426/SmartRegistryCare-180420/6.9/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180426/SmartRegistryCare-180420/6.9/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180426/SmartRegistryCare-180420/6.9/Images/ACR-088/ACR_088_SOFTWARE.PNG","180426/SmartRegistryCare-180420/6.9/Images/ACR-099/ACR_099_SOFTWARE.PNG","180426/SmartRegistryCare-180420/6.9/Images/ACR-099/ACR_099_LANDING_PAGE.PNG"],"guid":"95999fec-09aa-4520-8489-6c7355175d7c_6.9_1","appID":"SmartRegistryCare-180420","dateAdded":"180426","deceptorType":"App","name":"Smart Registry Care","company":"GNR Management Services Inc.","version":"6.9","sigName":"Deceptor:Win32/GNRSmartRegistryCare!118","lastKnownStatus":"Deceptor:6.9","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-06-06T21:03:20.0328876+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2502},{"violations":{"ACR-003":"The application exaggerates ActiveX/COM Components, System Software, Installation String, User MRU List and Deep System Scan as being errors of high damage level, and improvement potential, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from running at user logon from the software interface.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"The application does not have a digital signature it is unsigned.\n","ACR-160":"The application does not use a certified call center to monetize the app. contacted Perfect Registry Optimizer with the phone number they provided on the app and got the message \"The party is not answering Goodbye\".\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"perfectregoptimizer.exe","isInstaller":"True","companyName":"Perfect Registry Optimizer                                  ","productName":"Perfect Registry Optimizer","productVersion":"1.0","fileVersion":"","hashMD5":"80864ccb22b6b7fdd4dea0e047f2361f","hashSHA1":"c65b36e42e70a98c75251af65e2c280b66189923","hashSHA256":"1ec94dba28c8f28fa968825a15442c915a66d1b96dbed84704eda3faa768f9d5","sourceIndex":"3268","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Kaspersky Internet Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","Trend Micro Internet Security (20190203)","VirIT eXplorer PRO (20190203)","Webroot SecureAnywhere (20190203)"],"avAllowList":["Windows Defender (20190203)"]},{"isRevoked":"False","fileName":"perfect-registry-optimizer.exe","companyName":"n/a","productName":"Perfect Registry Optimizer","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"a4e2a13a1d3bea3553ca9697a3924a2e","hashSHA1":"effc0d9eb4a3e7d9e573b9abb2234ce2e9a6cb2a","hashSHA256":"d952eea5e837a86c4e6d5e2a97285cd1462f7b65edd3377e596d6a9fe3337153","sourceIndex":"3268","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (fix my slow computer free)","landingPage":"http://www.perfectregoptimizer.com/","directDownloadingLink":"http://perfectregoptimizer.com/download/exe/perfectregoptimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://perfectregoptimizer.com/download/exe/perfectregoptimizer.exe","sourceIndex":"3268"}],"sampleFiles":["180426/PerfectRegistryOptimizer-180420/2.0.1.0/Samples/perfectregoptimizer.exe","180426/PerfectRegistryOptimizer-180420/2.0.1.0/Samples/perfect-registry-optimizer.exe"],"imageFiles":["180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-065/ACR_065_INSTALL.PNG","180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180426/PerfectRegistryOptimizer-180420/2.0.1.0/Images/ACR-099/ACR_099_SOFTWARE.PNG"],"guid":"2227defe-e838-4993-9379-b240da38af7c_2.0.1.0_1","appID":"PerfectRegistryOptimizer-180420","dateAdded":"180426","deceptorType":"App","name":"Perfect Registry Optimizer","company":"Perfect Registry Optimizer","version":"2.0.1.0","sigName":"Deceptor:Win32/PerfectRegistryOptimizer!003084","lastKnownStatus":"Deceptor:2.0.1.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-01-26T01:18:40.4817425+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2503},{"violations":{"ACR-003":"The application exaggerates registry keys, file system and system resources  as problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"The application is unsigned (Not digitally code-signed by the source)\n","ACR-157":"The application is unsigned (Not digitally code-signed by the source)\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"pcdsetup.exe","isInstaller":"True","companyName":"Hauberk Software                                            ","productName":"Cleaner","productVersion":"4.0","fileVersion":"0.0","hashMD5":"00b51bbb49694077f0bddcc0f0078d74","hashSHA1":"e2ffc6bc8a2b4b062ff1399327de4f9425b9f0ed","hashSHA256":"def42b306b73d14e43f0b1c98f30d657b4cf89106198308f09c9e8d9dabb599c","sourceIndex":"3635","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC_Cleaner.exe","companyName":"Hauberk Software","productName":"Hauberk Cleaner","productVersion":"4.0.0.0","fileVersion":"4.0.0.0","hashMD5":"8cadef8eb7725af9f8aca0876e13ad14","hashSHA1":"bb279546f8b09978a97e9b772cf7d7029c089771","hashSHA256":"9f20fe40236db2e9e0e8bcbfbddebeaa982e02e7df965029173513e4979b6c18","digitalCertThumbprint":"2600E990C527B3C5C23C6A7A1C31A8F6B432E276","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Worldwide Communications SIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Worldwide Communications SIA, L=Riga, S=Riga, C=LV","sourceIndex":"3635","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \" 2018 pc repair cleaner\" ","landingPage":"http://hauberk.de/","directDownloadingLink":"http://hauberk.de/download/pcdsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://hauberk.de/download/pcdsetup.exe","sourceIndex":"3635"}],"sampleFiles":["180426/HauberkCleaner-180420/4.0/Samples/pcdsetup.exe","180426/HauberkCleaner-180420/4.0/Samples/PC_Cleaner.exe"],"imageFiles":["180426/HauberkCleaner-180420/4.0/Images/ACR-003/ACR-003_software.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-003/ACR-003_software1.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-003/ACR-003_software2.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-017/ACR-017_software.JPG"],"nonDeceptorImageFiles":["180426/HauberkCleaner-180420/4.0/Images/ACR-065/ACR-065_install.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-065/ACR-065_software.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-065/ACR-065_landingpage.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-065/ACR-065_internaloffer.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-092/ACR-092_software.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-157/ACR-157_software.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-099/ACR-099_software.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-099/ACR-099_landingpage.JPG","180426/HauberkCleaner-180420/4.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"43b6147e-ab89-4352-af59-aaac570cb0f4_4.0_1","appID":"HauberkCleaner-180420","dateAdded":"180426","deceptorType":"App","name":"Hauberk Cleaner","company":"Hauberk Software","version":"4.0","sigName":"Deceptor:Win32/HauberkCleaner!003017","lastKnownStatus":"Deceptor:4.0","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2504},{"violations":{"ACR-043":"Multiple third party components are installed which are not disclosed to the user in the EULA and offer or landing page. \n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SupportBuddy INC.\" which is not disclosed in the app's EULA.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"Bulwark.AntiMalware.Setup.exe","isInstaller":"True","companyName":"Zemana Ltd.                                                 ","productName":"Advanced Malware Protection","productVersion":"2.74.0.150","fileVersion":"2.74.0.150","hashMD5":"cf78ef768083dac394e1e7f91ddf47ac","hashSHA1":"1de6c573907a10e4c4110ed0178d3e585242b16d","hashSHA256":"ed2b4dc4a5fb39a4914c5c0fd2de9699bf6ecead3da6e64dbaf5267db4e59b43","digitalCertThumbprint":"6A3AA2BB77ED517637583E04A3385EC2D406D870","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Revwiretech Inc., O=Revwiretech Inc., L=Bridgeport, S=Connecticut, C=US","sourceIndex":"3269","avBlockList":["Avast Internet Security (20190203)","AVG Internet Security (20190203)","Avira Internet Security (20190203)","Bitdefender Internet Security (20190203)","ESET Internet Security (20190203)","G DATA INTERNET SECURITY (20190203)","K7 Total Security (20190203)","Malwarebytes Premium (20190203)","McAfee Total Protection (20190203)","Norton Security (20190203)","Panda Dome (20190203)","Sophos Home Premium (20190203)","Trend Micro Internet Security (20190203)","VirIT eXplorer PRO (20190203)","Windows Defender (20190203)"],"avAllowList":["Webroot SecureAnywhere (20190203)","Kaspersky Internet Security (20190203)"]},{"isRevoked":"False","fileName":"ZAM.exe","companyName":"Copyright 2017.","productName":"ZAM","productVersion":"2.74.0.150","fileVersion":"2.74.0.150","hashMD5":"a010dfd62b0f1d8effb4c1f05d54482f","hashSHA1":"f5e7790f3302f4bb039cc8b0bafe8ac7136cb8ed","hashSHA256":"d4d445af8e12b93416387e8022ac58589d0d219854546ce55aed70de107e8143","digitalCertThumbprint":"F021CB1336EAEBA6B09001269B95E0623A0BD794","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=\"WatchDogDevelopment.com, LLC\", O=\"WatchDogDevelopment.com, LLC\", L=Boise, S=Idaho, C=US","sourceIndex":"3269","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"https://www.bulwarklabs.com/","landingPage":"https://www.bulwarklabs.com/bulwark-anti-malware","directDownloadingLink":"https://www.bulwarklabs.com/downloads/anti_malware/Bulwark.AntiMalware.Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bulwarklabs.com/downloads/anti_malware/Bulwark.AntiMalware.Setup.exe","sourceIndex":"3269"}],"sampleFiles":["180426/BulwarkAnti-Malware-180424/2.74.0.150/Samples/Bulwark.AntiMalware.Setup.exe","180426/BulwarkAnti-Malware-180424/2.74.0.150/Samples/ZAM.exe"],"imageFiles":["180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_1.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_2.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-043/ACR_043_INSTALL_SCREENSHOT_3.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-168/ACR_099_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-065/ACR_065_INSTALL.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-065/ACR_065_SOFTWARE.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-092/ACR_092_SOFTWARE.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-099/ACR_099_SOFTWARE.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180426/BulwarkAnti-Malware-180424/2.74.0.150/Images/ACR-168/ACR_168_LANDING_PAGE.PNG"],"guid":"ef0be6ac-cc4c-4a6e-b26a-5a00acc4195f_2.74.0.150_1","appID":"BulwarkAnti-Malware-180424","dateAdded":"180426","deceptorType":"App","name":"Bulwark Anti-Malware","company":"Bulwark Labs","version":"2.74.0.150","sigName":"Deceptor:Win32/BulwarkAntimalware!043168","lastKnownStatus":"Deceptor:2.74.0.150","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-26T01:17:58.0181346+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2505},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user. The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Speed-Up Tools Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"spctsetup.exe","isInstaller":"True","companyName":"Smart PC Tweaker","productName":"Smart PC Tweaker","productVersion":"1.0.0.1112","fileVersion":"1.0.0.1112","hashMD5":"84b8569e2661d077e4a78e456b128f61","hashSHA1":"ef8a56de63b889005a76f9dcc265494d033dd7aa","hashSHA256":"2a6deeb8e3e4232acdf820bc04e1af793e7e97dc327ee7c2c0cec61e71dc8c3d","digitalCertThumbprint":"9BF55393E1186739791B5F981176EF53C1369FAD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speed-Up Tools Inc, O=PC Speed-Up Tools Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"436","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spct.exe","companyName":"Smart PC Tweaker","productName":"n/a","productVersion":"1.0.0.1112","fileVersion":"1.0.0.1112","hashMD5":"cce2eb568facf124e769ab1906425951","hashSHA1":"26d0b22dc6f4aaff2876aadeb6f7d5e0dc4a184a","hashSHA256":"ae868824f0fd90dd2bf078f158c92812106e3ce2af067fc90ea0746cb6663be8","digitalCertThumbprint":"9BF55393E1186739791B5F981176EF53C1369FAD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speed-Up Tools Inc, O=PC Speed-Up Tools Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"436","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc updater cleaner\" page 16 of results","landingPage":"http://www.smartpctweaker.com/","directDownloadingLink":"https://d2j0twbvv254q7.cloudfront.net/securerc/spctsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2j0twbvv254q7.cloudfront.net/securerc/spctsetup.exe","sourceIndex":"436"}],"sampleFiles":["180424/SmartPCTweaker-180419/1.0.0.1112/Samples/spctsetup.exe","180424/SmartPCTweaker-180419/1.0.0.1112/Samples/spct.exe"],"imageFiles":["180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-055/ACR-055_inlineoffer.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-003/ACR-003_software.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-003/ACR-003_software1.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-003/ACR-003_software2.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-010/ACR-010_inlineoffer.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-065/ACR-065_software.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-065/ACR-065_internaloffer.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-161/ACR-161_internaloffer.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-161/ACR-161_internaloffer1.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-088/ACR-088_software.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-092/ACR-092_software.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-099/ACR-099_software.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-099/ACR-099_internaloffer.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-150/ACR-150_internaloffer.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-171/ACR-171_internaloffer.JPG","180424/SmartPCTweaker-180419/1.0.0.1112/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"abc88de0-a6ff-4da5-9835-fa49fd21351a_1.0.0.1112_1","appID":"SmartPCTweaker-180419","dateAdded":"180424","deceptorType":"App","name":"Smart PC Tweaker","company":"Smart PC Tweaker","version":"1.0.0.1112","sigName":"Deceptor:WIn32/SmartPCTweaker!003010055059","lastKnownStatus":"Deceptor:1.0.0.1112","lastKnownDate":"180424","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-05T18:39:21.7602581+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2084},{"violations":{"ACR-003":"The application reports identified errors and problems with exaggerated numbers, thereby misleading or scaring the user to take action.\n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon calling the phone number there was an automotive voice stating \"the number you have dialed has been cancelled.\"\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"InstallShield Setup.exe","isInstaller":"True","companyName":"iHaveAnswer LLC","productName":"RegProtech","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"52f2e69c0106b20bacbc32cd21f89bf6","hashSHA1":"f6dc6d03f0ff2139b8d13e1d478ac9586d39dc41","hashSHA256":"d39504d3c281ad561ecba51ee86f03a6e2f1ce31aa6adeedbbe8ffd9b136ca6f","digitalCertThumbprint":"2F681DFEAF8E2BA9EA43B79D229FD5B16504E117","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=iHaveAnswer LLC, O=iHaveAnswer LLC, L=New Rochelle, S=New York, C=US","sourceIndex":"3270","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegProtech.exe","companyName":"RegProtech","productName":"RegProtech","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"4e339dcdea6776c5a42fced1c6789fff","hashSHA1":"8ace5d7ec7eb55ef707596beb1298946401f02b5","hashSHA256":"d8e2b67c9dad4bfed7384601fa68a72b10f27ceee8660dbf0337e11560223dd1","digitalCertThumbprint":"2F681DFEAF8E2BA9EA43B79D229FD5B16504E117","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=iHaveAnswer LLC, O=iHaveAnswer LLC, L=New Rochelle, S=New York, C=US","sourceIndex":"3270","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"Google searched; privacy cleaner software ","landingPage":"http://www.regprotech.com/","directDownloadingLink":"http://www.regprotech.com/downloads/regprotech-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.regprotech.com/downloads/regprotech-setup.exe","sourceIndex":"3270"}],"sampleFiles":["180424/RegProTech-180420/1.0.0.0/Samples/regprotech-setup.exe","180424/RegProTech-180420/1.0.0.0/Samples/RegProtech.exe"],"imageFiles":["180424/RegProTech-180420/1.0.0.0/Images/ACR-003/acr_003.PNG","180424/RegProTech-180420/1.0.0.0/Images/ACR-003/acr_003_1.PNG","180424/RegProTech-180420/1.0.0.0/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["180424/RegProTech-180420/1.0.0.0/Images/ACR-065/acr_065_1.PNG","180424/RegProTech-180420/1.0.0.0/Images/ACR-065/acr_065_S.PNG","180424/RegProTech-180420/1.0.0.0/Images/ACR-161/testimonials.PNG","180424/RegProTech-180420/1.0.0.0/Images/ACR-163/one_one_interaction_S.PNG","180424/RegProTech-180420/1.0.0.0/Images/ACR-099/acr_099_S.PNG"],"guid":"8f18f400-05dd-4bd5-a35f-b927a8f9fc7c_1.0.0.0_1","appID":"RegProTech-180420","dateAdded":"180424","deceptorType":"App","name":"RegProTech","company":"iHaveAnswer LLC","version":"1.0.0.0","sigName":"Deceptor:Win32/IHaveAnswerRegProTech!003084","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-01-26T01:17:01.9488073+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2506},{"violations":{"ACR-003":"The application exaggerates unused and invalid registry keys as errors and shows the pc status as critical repair needed, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from running at user logon from the software interface as no options are provided.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"No privacy policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"PCRevitalizer.exe","isInstaller":"True","companyName":"Preventon","productName":"PC Revitalizer","productVersion":"1.0.59","fileVersion":"1.0.59","hashMD5":"af8972675d2561cd3a96bae9450c14a7","hashSHA1":"d905d8cb2451eeb60040200e385f0e21592822b3","hashSHA256":"7fa106d6e3cd95420446734ebde7119586eddee76169bc0aaa3e62bfba654fe5","digitalCertThumbprint":"DAF06E48C6FFC0EEEBCA0DA44C401066CB401A8E","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Security Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Security Software Limited, L=London, S=London, C=GB","sourceIndex":"3637","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Preventon.exe","companyName":"Security Software Limited","productName":"Preventon PC Revitalizer","productVersion":"1.0.59","fileVersion":"1.0.59","hashMD5":"23a82c70204f5a95307b8432174ff035","hashSHA1":"aa4e9c01d9f25ea3ae2d53e72b14f25517516d11","hashSHA256":"4f19ca67e4e1a2cb7896c32517f734100be3072f6fe27d8b6511251ad4df7874","digitalCertThumbprint":"DAF06E48C6FFC0EEEBCA0DA44C401066CB401A8E","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Security Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Security Software Limited, L=London, S=London, C=GB","sourceIndex":"3637","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"http://www.preventon.com","landingPage":"http://www.preventon.com/en/pc-revitalizer","directDownloadingLink":"http://download.preventon.com/releases/PCRevitalizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.preventon.com/releases/PCRevitalizer.exe","sourceIndex":"3637"}],"sampleFiles":["180423/PCRevitalizer-180418/1.0.59/Samples/PCRevitalizersetup.exe","180423/PCRevitalizer-180418/1.0.59/Samples/PCRevitalizer.exe"],"imageFiles":["180423/PCRevitalizer-180418/1.0.59/Images/ACR-003/ACR-003_software.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-003/ACR-003_software1.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-003/ACR-003_software2.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-084/ACR-084_software.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-084/ACR-084_software1.JPG"],"nonDeceptorImageFiles":["180423/PCRevitalizer-180418/1.0.59/Images/ACR-065/ACR-065_install.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-065/ACR-065_software.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-065/ACR-065_landingpage.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-065/ACR-065_internaloffer.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-161/ACR-161_landingpage.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-099/ACR-099_software.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-099/ACR-099_landingpage.JPG","180423/PCRevitalizer-180418/1.0.59/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"5a4fc068-69f2-436c-89f9-0ea70854aba4_1.0.59_1","appID":"PCRevitalizer-180418","dateAdded":"180423","deceptorType":"App","name":"PC Revitalizer","company":"Preventon","version":"1.0.59","sigName":"Deceptor:Win32/PCRevitalizer!003084","lastKnownStatus":"Deceptor:1.0.59","lastKnownDate":"180423","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-04-25T01:10:57.8184972+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2507},{"violations":{"ACR-003":"The application exaggerates bad and invalid registry keys as problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"The application is unsigned (Not digitally code-signed by the source)\n","ACR-157":"The application is unsigned (Not digitally code-signed by the source)\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"No privacy policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"installpco.exe","isInstaller":"True","productName":"Pc Cleaner","fileVersion":"0.0","hashMD5":"1bf376e6e0b3926652a3e94b5e13769f","hashSHA1":"83865a5c90143ab90ac077ddbdd61aaf40beb9f4","hashSHA256":"4689821e586c62ce95389cb7bbc0d829f289d3369d4a8434978ec9865054a4c3","sourceIndex":"3029","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PcCleaner.EXE","companyName":"Message Labs Pvt.Ltd.","fileVersion":"2.0","hashMD5":"593f7010ce7dbf78d47bb1539b658a27","hashSHA1":"eb2812cc37b5e53311853c8c482a3af51e54e95f","hashSHA256":"0269d9a16313cc2bd16ca2636bf160942e6e1154200ce9f66cc6476d5d303bd0","sourceIndex":"3029","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"http://www.npav.net/index.html","landingPage":"http://www.npav.net/PC_Optimizer.html","directDownloadingLink":"http://d.npav.net/np/installpco.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://d.npav.net/np/installpco.exe","sourceIndex":"3029"}],"sampleFiles":["180423/PCOptimizer-180417/2.0/Samples/installpco.exe","180423/PCOptimizer-180417/2.0/Samples/PCOptimizer.exe"],"imageFiles":["180423/PCOptimizer-180417/2.0/Images/ACR-003/ACR-003_software.JPG"],"nonDeceptorImageFiles":["180423/PCOptimizer-180417/2.0/Images/ACR-065/ACR-065_install.JPG","180423/PCOptimizer-180417/2.0/Images/ACR-065/ACR-065_software.JPG","180423/PCOptimizer-180417/2.0/Images/ACR-065/ACR-065_landingpage.JPG","180423/PCOptimizer-180417/2.0/Images/ACR-065/ACR-065_internaloffer.JPG","180423/PCOptimizer-180417/2.0/Images/ACR-092/ACR-092_software.JPG","180423/PCOptimizer-180417/2.0/Images/ACR-157/ACR-157_software.JPG","180423/PCOptimizer-180417/2.0/Images/ACR-099/ACR-099_software.JPG","180423/PCOptimizer-180417/2.0/Images/ACR-099/ACR-099_landingpage.JPG","180423/PCOptimizer-180417/2.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"68caac22-964f-4d5c-a115-10add99df008_2.0_1","appID":"PCOptimizer-180417","dateAdded":"180423","deceptorType":"App","name":"PC Optimizer","company":"Net Protector","version":"2.0","sigName":"Deceptor:Win32/NetProtectorPCOptimizer!003","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:01:51.287611+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2509},{"violations":{"ACR-003":"The app exaggerates Browser History and Local Trace Files as being threats, thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from running at user logon or scheduled popup from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app. The company just refers to themselves as support and refuse to provide a company name.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"PCPrivacyProtectorSetup.exe","isInstaller":"True","companyName":"PC Privacy Protector","productName":"PC Privacy Protector","productVersion":"2.3.3","fileVersion":"2.3.3","hashMD5":"bac073d622993ed2095bdba721768b71","hashSHA1":"96956d2eb92565e6f247d948846931c7723d5108","hashSHA256":"63b8ecc91fe83f4641f36ebf194b13886b4edbfa5846c9de5074b85ce6b044be","digitalCertThumbprint":"229651091B9D64D2F51CC0EB8BE73593BEBD6B4F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"CROMSHIELD, LLC.\", O=\"CROMSHIELD, LLC.\", STREET=393 BEACON STREET, L=LOWELL, S=Massachusetts, PostalCode=01850, C=US","sourceIndex":"3028","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCPrivacyProtector.exe","companyName":"PC Privacy Protector","productName":"PC Privacy Protector","productVersion":"2.3.3.0","fileVersion":"2.3.3.0","hashMD5":"7322722e24f7bf48eb9929ecb1b7af4a","hashSHA1":"8aef58d894edf935e732328d2641b867c79d30be","hashSHA256":"5f30803dd88e64ab560bd81c6f4e526b9e9b8f63d06504880aea3f6d4fc672b5","digitalCertThumbprint":"229651091B9D64D2F51CC0EB8BE73593BEBD6B4F","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"CROMSHIELD, LLC.\", O=\"CROMSHIELD, LLC.\", STREET=393 BEACON STREET, L=LOWELL, S=Massachusetts, PostalCode=01850, C=US","sourceIndex":"3028","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc privacy protector\" page 3 of results","landingPage":"https://www.cromshield.com/index.aspx?spid=1","directDownloadingLink":"https://www.cromshield.com/product/exe/PCPrivacyProtector.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.cromshield.com/product/exe/PCPrivacyProtector.exe","sourceIndex":"3028"}],"sampleFiles":["180423/PCPrivacyProtector-180417/2.3.3/Samples/PCPrivacyProtectorsetup.exe","180423/PCPrivacyProtector-180417/2.3.3/Samples/PCPrivacyProtector.exe"],"imageFiles":["180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-003/ACR-003_software.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-084/ACR-084_software.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-084/ACR-084_software1.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-065/ACR-046_install.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-065/ACR-065_software.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-163/ACR-163_software.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-163/ACR-163_landingpage.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-088/ACR-088_software.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-160/ACR-160_software.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-099/ACR-099_software.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-099/ACR-099_landingpage.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-099/ACR-099_software.JPG","180423/PCPrivacyProtector-180417/2.3.3/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"5a2cece8-6d77-49e1-a42d-75300cfb9969_2.3.3_1","appID":"PCPrivacyProtector-180417","dateAdded":"180423","deceptorType":"App","name":"PC Privacy Protector","company":"CROMSHIELD","version":"2.3.3","sigName":"Deceptor:Win32/CromshieldPCPrivacyProtector!003084168","lastKnownStatus":"Deceptor:2.3.3","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-06-06T21:02:32.8117076+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2508},{"violations":{"ACR-003":"The application exaggerates Registry, Temporary files, Caches and Junk files as issues of high damage level, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SupportBuddy INC.\" which is not disclosed in the app's EULA.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses Bulwark Labs which is not certified.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"BulwarkcleaningUtilitySetup.exe","isInstaller":"True","companyName":"Bulwark cleaning Utility","productName":"Bulwark cleaning Utility","productVersion":"3.0.5","fileVersion":"3.0.5","hashMD5":"f4b00fb3530b3f24b466e3039535af66","hashSHA1":"b61a71224be8ef261c8b4562245e733b164954a4","hashSHA256":"eadb144a8f76ce0f42979d43e21e2b0d9a525176e3d11bb6c13a107b9bb6b6f5","digitalCertThumbprint":"67B5209690A5723E57D3C747F12B5828E57B6EF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SupportBuddy INC., O=SupportBuddy INC., L=Bakersfield, S=California, C=US","sourceIndex":"3275","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":[]},{"isRevoked":"False","fileName":"BulwarkcleaningUtility.exe","companyName":"Bulwark cleaning Utility","productName":"Bulwark cleaning Utility","productVersion":"3.0.5.0","fileVersion":"3.0.5.0","hashMD5":"4d3798f4681eea378e0d56471f3560a9","hashSHA1":"b23b3465dacfad58f3e620e4795dcc93b333cbcf","hashSHA256":"55604a51a826264a721723224c708ed892e5489f7d98332e369ea4182b4fc95c","digitalCertThumbprint":"67B5209690A5723E57D3C747F12B5828E57B6EF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SupportBuddy INC., O=SupportBuddy INC., L=Bakersfield, S=California, C=US","sourceIndex":"3275","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"https://www.bulwarklabs.com/","landingPage":"https://www.bulwarklabs.com/bulwark-cleaning-utility","directDownloadingLink":"https://www.bulwarklabs.com/downloads/cleaning_utility/BulwarkcleaningUtilitySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bulwarklabs.com/downloads/cleaning_utility/BulwarkcleaningUtilitySetup.exe","sourceIndex":"3275"}],"sampleFiles":["180423/BulwarkcleaningUtility-180419/3.0.5/Samples/BulwarkcleaningUtilitySetup.exe","180423/BulwarkcleaningUtility-180419/3.0.5/Samples/BulwarkcleaningUtility.exe"],"imageFiles":["180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-003/ACR_003_SCREENSHOT_1.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-003/ACR_003_SCREENSHOT_2.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-084/ACR_084_SOFTWARE.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-168/ACR_168_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-065/ACR_065_INSTALL.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-065/ACR_065_SOFTWARE.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-088/ACR_088_SOFTWARE.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-092/ACR_092_SOFTWARE.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-099/ACR_099_SOFTWARE.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180423/BulwarkcleaningUtility-180419/3.0.5/Images/ACR-168/ACR_168_LANDING_PAGE.PNG"],"guid":"248c9004-4f04-47c4-9a1c-fe6a27d33e66_3.0.5_1","appID":"BulwarkcleaningUtility-180419","dateAdded":"180423","deceptorType":"App","name":"Bulwark Cleaning Utility","company":"Bulwark Labs","version":"3.0.5","sigName":"Deceptor:Win32/BulwarkCleaningUtility!003084168","lastKnownStatus":"Deceptor:3.0.5","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T02:34:36.7266402+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2511},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The app exaggerates the User and Password, Profile, Browser History, IM History Cookies and Local Trace Files as being threats , thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe shopping cart webpage provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"SupportBuddy INC.\" which is not disclosed in the app's EULA.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses Bulwark Labs which is not certified.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"BulwarkPrivacywallSetup.exe","isInstaller":"True","companyName":"Bulwark Privacy wall","fileVersion":"3.2","hashMD5":"aaaa589bb113ecbf23f5ae67e93fdde4","hashSHA1":"3519dd3d7c2b0ef6c90a804e46b5221eca28d848","hashSHA256":"88b580a2bde4af9bccd17936812788a9633a5ede56c87c58e5c95990d5ca465b","digitalCertThumbprint":"67B5209690A5723E57D3C747F12B5828E57B6EF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SupportBuddy INC., O=SupportBuddy INC., L=Bakersfield, S=California, C=US","sourceIndex":"3274","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":[]},{"isRevoked":"False","fileName":"BulwarkPrivacywall.exe","companyName":"Bulwark Privacy wall","fileVersion":"3.2","hashMD5":"c60472750cc2be1e9894be05c959f3cf","hashSHA1":"a98ffa5151104d7e0b7c9a9e7e3ec5225726a759","hashSHA256":"5926498a12987187349b8d9294afa2ea725f5f5c107b894dcef5819e3a1faf05","digitalCertThumbprint":"67B5209690A5723E57D3C747F12B5828E57B6EF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SupportBuddy INC., O=SupportBuddy INC., L=Bakersfield, S=California, C=US","sourceIndex":"3274","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (free spyware and malware removal)","landingPage":"https://www.bulwarklabs.com/bulwark-privacy-wall","directDownloadingLink":"https://www.bulwarklabs.com/downloads/privacy_wall_annual/BulwarkPrivacywallSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.bulwarklabs.com/downloads/privacy_wall_annual/BulwarkPrivacywallSetup.exe","sourceIndex":"3274"}],"sampleFiles":["180423/BulwarkPrivacyWall-180319/3.2.0/Samples/BulwarkPrivacywallSetup.exe","180423/BulwarkPrivacyWall-180319/3.2.0/Samples/BulwarkPrivacywall.exe"],"imageFiles":["180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-050/ACR_050_SOFTWARE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-084/ACR_084_SOFTWARE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-168/ACR_168_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-065/ACR_065_INSTALL.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-163/ACR_163_SOFTWARE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-163/ACR_163_INTERNAL_OFFERS.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180423/BulwarkPrivacyWall-180319/3.2.0/Images/ACR-168/ACR_168_LANDING_PAGE.PNG"],"guid":"96c82806-af19-405e-ac95-3c8bc53b09e5_3.2.0_1","appID":"BulwarkPrivacyWall-180319","dateAdded":"180423","deceptorType":"App","name":"Bulwark Privacy wall","company":"Bulwark Labs","version":"3.2.0","sigName":"Deceptor:Win32/BulwarkPrivacywall","lastKnownStatus":"Deceptor:3.2.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T02:35:10.2812828+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2510},{"violations":{"ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"ParetoLogic Privacy Controls RW.exe","isInstaller":"True","companyName":"ParetoLogic, Inc.","productName":"n/a","productVersion":"n/a","fileVersion":"3.3.0.0","hashMD5":"b91a0673e4d6efe1bdefaaa2795dd5ee","hashSHA1":"ede0c8c613b9b8d80f87f6998ce7f2fc951d04a2","hashSHA256":"e25abe6dafee8455421764e609147a7105fd310138539006a9aa6dcef324b88f","digitalCertThumbprint":"BAD8EFD44857A48682A0ED27D3644382CDCDD4B6","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Paretologic Inc, O=Paretologic Inc, L=Victoria, S=British Columbia, C=CA, PostalCode=V8R 1J6, STREET=1827 Fort St, SERIALNUMBER=BC0684985, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization","sourceIndex":"2979","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Pareto_PC.exe","companyName":"ParetoLogic, Inc.","productName":"ParetoLogic Privacy Controls","productVersion":"3.3.0.0","fileVersion":"3.3.0.0","hashMD5":"7c934b61b82e75358b8a2f7cdeca0f96","hashSHA1":"b51baf90175c4ff138a3e5914dc66ad9e8cb54c8","hashSHA256":"d6dd657cd9fd1c3bff602e0f5e755f093c47f0a4af2aac1b5744b24e6101cb5d","digitalCertThumbprint":"CE47607EB07F7EF4ACBC81C5A727540DA0FBD43A","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Paretologic Inc, O=Paretologic Inc, L=Victoria, S=British Columbia, C=CA","sourceIndex":"2979","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"Google searched; best privacy software 2018","landingPage":"http://www.paretologic.com/product/privacy-controls/","directDownloadingLink":"http://cdn.paretologic.com/privacycontrols/ParetoLogic%20Privacy%20Controls%20RW.exe?response-content-disposition=attachment%3Bfilename%3D%22ParetoLogic%20Privacy%20Controls%20RW.exe%22&Expires=1523989516&Signature=PlhEAcvo6sFCyfVcRRN82OvPZ49XAGU6FTA5Z8L3lBz3rY2MkEkKGpOweBbjLinjKcoVs1IVhgDRFJOeq9vJ7ReSeb7l5V8TGDDLhO46j718Jxt-Z2kQWgetO9WGo-tsAGY9f3iQbeAVZqxV2CsQYjFW145w3rw3MglTx8MOweXaB6oZBIXR164lYSqbLPvps0Bmffv-Zy2YeIkX0fxZoIHQOETfeWUcP5ABTp3aG2xSLoScKM3NuAs6t00L~4SeiPUhGQeqPnosOB21dH7iUjgAHDXQVlw23-mfCh9vx1Bt3vx3gy0x9HLoL2SJTMGv2lhDH1xiUtN5maLacOhYIA__&Key-Pair-Id=APKAIBVORC2OJZUT3IBQ","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.paretologic.com/privacycontrols/ParetoLogic%20Privacy%20Controls%20RW.exe?response-content-disposition=attachment%3Bfilename%3D%22ParetoLogic%20Privacy%20Controls%20RW.exe%22&Expires=1523989516&Signature=PlhEAcvo6sFCyfVcRRN82OvPZ49XAGU6FTA5Z8L3lBz3rY2MkEkKGpOweBbjLinjKcoVs1IVhgDRFJOeq9vJ7ReSeb7l5V8TGDDLhO46j718Jxt-Z2kQWgetO9WGo-tsAGY9f3iQbeAVZqxV2CsQYjFW145w3rw3MglTx8MOweXaB6oZBIXR164lYSqbLPvps0Bmffv-Zy2YeIkX0fxZoIHQOETfeWUcP5ABTp3aG2xSLoScKM3NuAs6t00L~4SeiPUhGQeqPnosOB21dH7iUjgAHDXQVlw23-mfCh9vx1Bt3vx3gy0x9HLoL2SJTMGv2lhDH1xiUtN5maLacOhYIA__&Key-Pair-Id=APKAIBVORC2OJZUT3IBQ","sourceIndex":"2979"}],"sampleFiles":["180421/PrivacyControls-180417/3.3.0.0/Samples/ParetoLogic Privacy Controls RW.exe","180421/PrivacyControls-180417/3.3.0.0/Samples/Pareto_PC.exe"],"imageFiles":["180421/PrivacyControls-180417/3.3.0.0/Images/ACR-017/acr_17_IO.PNG","180421/PrivacyControls-180417/3.3.0.0/Images/ACR-084/acr_084.PNG","180421/PrivacyControls-180417/3.3.0.0/Images/ACR-084/acr_084_1.PNG"],"nonDeceptorImageFiles":["180421/PrivacyControls-180417/3.3.0.0/Images/ACR-065/acr_065_I.PNG","180421/PrivacyControls-180417/3.3.0.0/Images/ACR-065/acr_065_S.PNG","180421/PrivacyControls-180417/3.3.0.0/Images/ACR-017/acr_017_LP.PNG","180421/PrivacyControls-180417/3.3.0.0/Images/ACR-161/acr_161.PNG","180421/PrivacyControls-180417/3.3.0.0/Images/ACR-099/acr_099_S.PNG","180421/PrivacyControls-180417/3.3.0.0/Images/ACR-099/acr_099_LP.PNG","180421/PrivacyControls-180417/3.3.0.0/Images/ACR-099/acr_099_IO.PNG"],"guid":"4b98b86f-d430-427a-a3d3-d902624ac3b4_3.3.0.0_1","appID":"PrivacyControls-180417","dateAdded":"180421","deceptorType":"App","name":"Privacy Controls","company":"ParetoLogic, Inc.","version":"3.3.0.0","sigName":"Deceptor:Win32/ParetoLogicPrivacyControls!017084","firstVendorContactDate":"190603","firstAppEsteemReplyDate":"190603","firstResolvedDate":"190621","firstResolvedVersion":"3.3.1.0","resolved":"TRUE","lastKnownStatus":"Deceptor:3.3.0.0","lastKnownDate":"180420","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 8,Windows 7,Windows Vista,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-21T22:08:28.7821676+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2512},{"violations":{"ACR-003":"The application exaggerates registry keys as errors and problem, thereby misleading or scaring user to take action.\n\n\n","ACR-017":"The application's internal offers page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"Smart_Dll_Errors_Fixer_Pro_Setup.exe","isInstaller":"True","companyName":"LionSea Software                                            ","productName":"Smart Dll Errors Fixer Pro","productVersion":"4.4.9","fileVersion":"0.0","hashMD5":"4349942009811978775472e36a1f56de","hashSHA1":"141a0aad4e640da7047c1de0e595dbdf82a18591","hashSHA256":"32a9d5044028028ee6e184e5b0a104e7b81a7769e478363df2b17523cfce7127","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"3593","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SmartPCFixer.exe","companyName":"n/a","productName":"smartpcfixer","productVersion":"4.2.0.0","fileVersion":"4.0.0.0","hashMD5":"eed85bb5f8b63fef2dc2acdb3a9612bb","hashSHA1":"910796068aefdb04cbed24a7f0672b9824aef9aa","hashSHA256":"d8d996140968af648d13992d463e3a800b271358210df9b33523657e19d3f625","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"3593","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.lionsea.com/product_dllerrorsfixerfixer.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Dll_Errors_Fixer_Pro_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.lionsea.com/download/fixer/Smart_Dll_Errors_Fixer_Pro_Setup.exe","sourceIndex":"3593"}],"sampleFiles":["180420/SmartDLLErrorFixer-180418/4.4.9/Samples/Smart_Dll_Errors_Fixer_Pro_Setup.exe","180420/SmartDLLErrorFixer-180418/4.4.9/Samples/Smart_Dll_Errors_Fixer_Pro.exe"],"imageFiles":["180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-003/acr_003_1.PNG","180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-003/acr_003.PNG","180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-017/acr_017_IO.PNG"],"nonDeceptorImageFiles":["180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-065/acr_065_I.PNG","180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-065/acr_065_S.PNG","180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-017/acr_017_LP.PNG","180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-099/acr_099_S.PNG","180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-099/acr_099_LP.PNG","180420/SmartDLLErrorFixer-180418/4.4.9/Images/ACR-099/acr_099_IO.PNG"],"guid":"1db61708-6529-4b36-994c-8823017a7df8_4.4.9_1","appID":"SmartDLLErrorFixer-180418","dateAdded":"180420","deceptorType":"App","name":"SmartDLLErrorFixer","company":"LionSea Software","version":"4.4.9","sigName":"Deceptor:Win32/SmartDllErrorFixer!003017","lastKnownStatus":"Deceptor:4.4.9","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2513},{"violations":{"ACR-003":"The application exaggerates unused and invalid registry keys as errors and shows the pc status as critical repair needed, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from running at user logon from the software interface as no options are provided.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"UtilTool Limited\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"FullSpeedPC.exe","isInstaller":"True","companyName":"digital-defender","productName":"FullSpeed PC","productVersion":"1.0.59","fileVersion":"1.0.59","hashMD5":"9bd2e7ede8e80465937d11ebcff24fd9","hashSHA1":"d160a91af8b2506fe7b54912de3bf058cc4a79be","hashSHA256":"984ac0c4305efa9ddbf0181fc1a6587a37f4e10f7d388e76ffadc664d66ecbd2","digitalCertThumbprint":"C6D60D84C9156B462E1465E666D76D1E43103F5A","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=UtilTool Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=UtilTool Limited, L=Gibraltar, S=Gibraltar, C=GI","sourceIndex":"3276","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"digital-defender.exe","companyName":"DSEC Soft","productName":"digital-defender FullSpeed PC","productVersion":"1.0.59","fileVersion":"1.0.59","hashMD5":"150b388323f588760dee50d1fd4c0a56","hashSHA1":"2f0445368befcc7aa3c175c1c65880597d04fd9d","hashSHA256":"bd99938b13511e7a708a1b09056b9125a3d7a717ba96dce79d949e1d84bdb352","digitalCertThumbprint":"C6D60D84C9156B462E1465E666D76D1E43103F5A","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=UtilTool Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=UtilTool Limited, L=Gibraltar, S=Gibraltar, C=GI","sourceIndex":"3276","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"http://www.digital-defender.com/","landingPage":"http://digital-defender.com/fullspeed-pc.html","directDownloadingLink":"http://download.digital-defender.com/releases/FullSpeedPC.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.digital-defender.com/releases/FullSpeedPC.exe","sourceIndex":"3276"}],"sampleFiles":["180420/FullSpeedPC-180413/1.0.59/Samples/FullSpeedPCsetup.exe","180420/FullSpeedPC-180413/1.0.59/Samples/FullSpeedPC.exe"],"imageFiles":["180420/FullSpeedPC-180413/1.0.59/Images/ACR-003/ACR-003_software.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-003/ACR-003_software1.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-003/ACR-003_software2.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-084/ACR-084_software.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-084/ACR-084_software1.JPG"],"nonDeceptorImageFiles":["180420/FullSpeedPC-180413/1.0.59/Images/ACR-065/ACR-065_install.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-065/ACR-065_software.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-065/ACR-065_landingpage.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-161/ACR-161_landingpage.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-092/ACR-092_software.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-099/ACR-099_software.JPG","180420/FullSpeedPC-180413/1.0.59/Images/ACR-099/ACR-099_landingpage.JPG"],"guid":"965dee14-bccc-4519-b2a7-48d921e54566_1.0.59_1","appID":"FullSpeedPC-180413","dateAdded":"180420","deceptorType":"App","name":"FullSpeed PC","company":"digital-defender","version":"1.0.59","sigName":"Deceptor:Win32/DigitalDefenderFullSpeedPC!003084","lastKnownStatus":"Deceptor:1.0.59","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T01:05:23.0407876+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2529},{"violations":{"ACR-003":"The application reports outdated drivers as being of high severity. Thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable the software from launching at logon of any user using the application interface as no options are provided.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-037":"No privacy policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PreventonDriverUpdater.exe","isInstaller":"True","companyName":"Preventon","productName":"Preventon Driver Updater","productVersion":"1.0.42","fileVersion":"1.0.42","hashMD5":"637fd35c4a37cb92188c4df987408a01","hashSHA1":"f21ff08a38ba486fbf20533daa85c7b7b665366f","hashSHA256":"f12d59b42f1ca902d2785017930683735f3227f5c972ae68d96b54a1c1183cf1","digitalCertThumbprint":"6D47186FD7CE2F284DF8872A513CB0BB4E1BE78E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Security Software Ltd, O=Security Software Ltd, STREET=2nd Floor Berkeley Square House, STREET=Berkeley Square, L=Mayfair, S=London, PostalCode=W1J 6BD, C=GB","sourceIndex":"3638","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverUpdater.exe","companyName":"Preventon","productName":"Preventon Driver Updater","productVersion":"1.0.42","fileVersion":"1.0.42","hashMD5":"12ee58c3451eab35030231b3fb789216","hashSHA1":"79f4414d99429b7c89a33c98d6ec2ac95f9ca978","hashSHA256":"622a4f3057ebc7a1fbe760015be9edf422cdaa44925dd2513761dab736232728","digitalCertThumbprint":"6D47186FD7CE2F284DF8872A513CB0BB4E1BE78E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Security Software Ltd, O=Security Software Ltd, STREET=2nd Floor Berkeley Square House, STREET=Berkeley Square, L=Mayfair, S=London, PostalCode=W1J 6BD, C=GB","sourceIndex":"3638","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"http://www.preventon.com","landingPage":"http://www.preventon.com/en/driverupdater","directDownloadingLink":"http://preventon.av-updates.net/releases/PreventonDriverUpdater.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://preventon.av-updates.net/releases/PreventonDriverUpdater.exe","sourceIndex":"3638"}],"sampleFiles":["180420/PreventonDriverUpdater-180418/1.0.42/Samples/PreventonDriverUpdater.exe","180420/PreventonDriverUpdater-180418/1.0.42/Samples/DriverUpdater.exe"],"imageFiles":["180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-003/ACR-003_software.JPG","180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-065/ACR-065_install.JPG","180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-065/ACR-065_software.JPG","180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-065/ACR-065_landingpage.JPG","180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-065/ACR-065_internaloffer.JPG","180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-161/ACR-161_landingpage.JPG","180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-099/ACR-099_software.JPG","180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-099/ACR-099_landingpage.JPG","180420/PreventonDriverUpdater-180418/1.0.42/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"4c58a58f-d274-4d16-bcb9-2aade13ff233_1.0.42_1","appID":"PreventonDriverUpdater-180418","dateAdded":"180420","deceptorType":"App","name":"Preventon Driver Updater","company":"Preventon","version":"1.0.42","sigName":"Deceptor:Win32/PreventonDriverUpdater!003084","lastKnownStatus":"Deceptor:1.0.42","lastKnownDate":"180420","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-04-25T01:10:28.5378208+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2528},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods. The application does not provided a close button.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get Spy Emergency for free using TrialPay Program.\n"},"samples":[{"isRevoked":"False","fileName":"se-setup.exe","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.                                 ","productName":"Spy Emergency","fileVersion":"","hashMD5":"25aa705f017dd46d72388f85866e0ca4","hashSHA1":"6196fc023248b77cdb6e28db26b0c1cd5c1b51b2","hashSHA256":"9d0c80b0282a1621b8be7a2aba1e2fc91ef34f83932ecf19e85b0750184b7ec6","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3570","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpyEmergency.exe","companyName":"NETGATE Technologies s.r.o.","productName":"NETGATE Spy Emergency","productVersion":"24, 0, 640, 0","fileVersion":"24, 0, 640, 0","hashMD5":"c1bf21f9a121e4838e36293635c811f1","hashSHA1":"44ae8f1a946d312cf0fd37841893b1cb3c83e835","hashSHA256":"75ba9408517d0cf9007f0845255adcaef424292ffde70a8281217c2e93f1a537","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3570","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (pc fix cleaner)","landingPage":"http://www.spy-emergency.com/","directDownloadingLink":"http://www.ngt.sk/download/se-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ngt.sk/download/se-setup.exe","sourceIndex":"3570"}],"sampleFiles":["180420/SpyEmergency-180418/24.0.640.0/Samples/se-setup.exe","180420/SpyEmergency-180418/24.0.640.0/Samples/SpyEmergency.exe"],"imageFiles":["180420/SpyEmergency-180418/24.0.640.0/Images/ACR-048/ACR_048_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180420/SpyEmergency-180418/24.0.640.0/Images/ACR-065/ACR_065_INSTALL.PNG","180420/SpyEmergency-180418/24.0.640.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180420/SpyEmergency-180418/24.0.640.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180420/SpyEmergency-180418/24.0.640.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180420/SpyEmergency-180418/24.0.640.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180420/SpyEmergency-180418/24.0.640.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180420/SpyEmergency-180418/24.0.640.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180420/SpyEmergency-180418/24.0.640.0/Images/ACR-120/ACR_120_SOFTWARE.PNG"],"guid":"4ad2b46d-1624-469c-b068-4eea0a8454fe_24.0.640.0_1","appID":"SpyEmergency-180418","dateAdded":"180420","deceptorType":"App","name":"Spy Emergency","company":"NETGATE Technologies s.r.o.","version":"24.0.640.0","sigName":"Deceptor:Win32/NetGateSpyEmergency!048","firstVendorContactDate":"180724","firstAppEsteemReplyDate":"180726","firstResolvedDate":"180726","firstResolvedVersion":"24.0.960.0","resolved":"TRUE","lastKnownStatus":"Deceptor:24.0.640.0","lastKnownDate":"180420","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-07-27T01:47:05.7592571+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2527},{"violations":{"ACR-003":"The application exaggerates junk files as errors, thereby misleading or scaring user to take action \n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's Privacy Policy.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon calling the phone number provided the phone doesn't ring it's just a silent static sound in the background. \n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"disktoolsplussetup.exe","isInstaller":"True","companyName":"Jawego Partners LLC                                         ","productName":"Disk Tools Plus","productVersion":"1.0.1989.16704","fileVersion":"1.0","hashMD5":"2c91991be1cf8242b7ba16ef269eaf24","hashSHA1":"8b63bfeee505fb6d9bac7d0b40bef85433647691","hashSHA256":"c7605c3242f58fa9fc58d84eeba79b0f68a01cd17ea13474124ad2723a975103","digitalCertThumbprint":"3BA5855F6CBED51E9868E6866A19F527840DA071","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3277","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Trend Micro Internet Security (20190131)","Windows Defender (20190131)"]},{"isRevoked":"False","fileName":"DiskToolsPlus.exe","companyName":"Jawego Partners LLC","productName":"Disk Tools Plus","productVersion":"n/a","fileVersion":"1.0.1989.16704","hashMD5":"fae1b43ba7a6988e25a4609cb05701a6","hashSHA1":"28ff439a95cb4f043819fcd62c4671311d1861dc","hashSHA256":"5bb47511439cf1f74ebb5fbedd118cd262588c894c10363b340b8ab9933659f1","digitalCertThumbprint":"3BA5855F6CBED51E9868E6866A19F527840DA071","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3277","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.disktoolsplus.com/","directDownloadingLink":"http://cloudfront.disktoolsplus.com/disktoolsplus/setup/disktoolsplussetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cloudfront.disktoolsplus.com/disktoolsplus/setup/disktoolsplussetup.exe","sourceIndex":"3277"}],"sampleFiles":["180418/DiskToolsPlus-180406/1.0.1989.16704/Samples/disktoolsplussetup.exe","180418/DiskToolsPlus-180406/1.0.1989.16704/Samples/DiskToolsPlus.exe"],"imageFiles":["180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-003/acr_003.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-003/acr_003_1.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-003/acr_003_2.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-168/one_one_interaction_S.PNG"],"nonDeceptorImageFiles":["180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-065/install.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-065/acr_065_S.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-163/one_one_interaction_S.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-163/one_one_interaction_LP.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-092/unsigned.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-160/one_one_interaction_S.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-099/acr_099_S.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-099/acr_099_LP.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-099/acr_099_IO.PNG","180418/DiskToolsPlus-180406/1.0.1989.16704/Images/ACR-168/one_one_interaction_LP.PNG"],"guid":"a98f31aa-e36c-4aa4-9932-7d0a2a1c087b_1.0.1989.16704_1","appID":"DiskToolsPlus-180406","dateAdded":"180418","deceptorType":"App","name":"DiskToolsPlus","company":"Jawego Partners LLC","version":"1.0.1989.16704","sigName":"Deceptor:Win32/JawegoDiskToolsPlus!003168","lastKnownStatus":"Deceptor:1.0.1989.16704","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T01:04:25.1569971+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2530},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The app exaggerates the User and Password, Profile, Browser History, IM History Cookies and Local Trace Files as being threats , thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\nThe application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"Contacted the phone number '1-833-736-2444 provided by CTIC Privacy Protector and got a agent that introduced themself as being Online Technical Support, the agent stated that they fix any computer issues or software issues. When agent was asked to state their company name they stated that they will not disclose that information.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The refund policy provided do not last for at least 30 days. The refund period provided is for 7 days.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"CTICPrivacyProtectorSetup.exe","isInstaller":"True","companyName":"CTIC Privacy Protector","productName":"CTIC Privacy Protector","productVersion":"3.4.2","fileVersion":"3.4.2.0","hashMD5":"284e58ea0b7610aa8bde632f27bcc599","hashSHA1":"7b717b63cdf80c670b1fdd48f975e1c0e5b9ef81","hashSHA256":"66d504f1035346c8b86b4d81bc966f91df6819752b1c7ba3f5924ac35f0a1e2c","digitalCertThumbprint":"3F2CA6F1E6EF48EB89027A93A737E3928BF4406D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CTIC GLOBAL, OU=CTIC GLOBAL, O=CTIC GLOBAL, POBox=305 Cheyenne Wyoming 82003, STREET=2714 So. Greeley Hiway, L=Cheyenne, S=Wyoming, PostalCode=82007, C=US","sourceIndex":"3640","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CTICPrivacyProtector.exe","companyName":"CTIC Privacy Protector","productName":"CTIC Privacy Protector","productVersion":"3.4.2.0","fileVersion":"3.4.2.0","hashMD5":"97b6b944ae9d73ca2088aa8c2a41ea5b","hashSHA1":"8f68b8c4ad753fd1654cfb5d16aa71d0dcac4352","hashSHA256":"951be6e43e67a932a3c2a85b573e4ecda31e814291ef730250f4324df76591de","digitalCertThumbprint":"3F2CA6F1E6EF48EB89027A93A737E3928BF4406D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CTIC GLOBAL, OU=CTIC GLOBAL, O=CTIC GLOBAL, POBox=305 Cheyenne Wyoming 82003, STREET=2714 So. Greeley Hiway, L=Cheyenne, S=Wyoming, PostalCode=82007, C=US","sourceIndex":"3640","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com(best privacy eraser software)","landingPage":"https://www.cticprivacyprotector.com/index.php","directDownloadingLink":"https://s3.amazonaws.com/partnertemporary/CTIC/CTICPrivacyProtectorSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/partnertemporary/CTIC/CTICPrivacyProtectorSetup.exe","sourceIndex":"3640"}],"sampleFiles":["180418/CTICPrivacyProtector-180413/3.4.2/Samples/CTICPrivacyProtectorSetup.exe","180418/CTICPrivacyProtector-180413/3.4.2/Samples/CTICPrivacyProtector.exe"],"imageFiles":["180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-050/ACR_050_SOFTWARE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-084/ACR_084_SOFTWARE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-168/ACR_168_SOFTWARE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-168/ACR_168_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-065/ACR_065_INSTALL.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-065/ACR_065_SOFTWARE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-163/ACR_163_SOFTWARE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-099/ACR_099_SOFTWARE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-168/ACR_168_LANDING_PAGE.PNG","180418/CTICPrivacyProtector-180413/3.4.2/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"f87a4fbe-3957-4798-8db6-4445c79a457b_3.4.2_1","appID":"CTICPrivacyProtector-180413","dateAdded":"180418","deceptorType":"App","name":"CTIC Privacy Protector","company":"www.cticprivacyprotector.com","version":"3.4.2","sigName":"Deceptor:Win32/CTICPrivacyProtector!003050084168","lastKnownStatus":"Deceptor:3.4.2","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2531},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":" App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"CONNECT AB INFOLINE PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled. \n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"cppsetup.exe","isInstaller":"True","companyName":"Clean PC Pro 2018","productName":"Clean PC Pro 2018","productVersion":"3.5.0.0","fileVersion":"3.5.0.0","hashMD5":"9b7f2b228908a848faeb174fdced55ec","hashSHA1":"c35342fa52dab3a4e5b37272b0986d1b9a1c52b2","hashSHA256":"cf106c30d0a83a9733ca491769f2afd86a99af0789dc6d9625918769d180451f","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"435","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm.exe","companyName":"Clean PC Pro 2018","productName":"PC Fixing Tool","productVersion":"3.5.0.0","fileVersion":"3.5.0.0","hashMD5":"dc0e232a8582bdf4c81bfbd668fe9921","hashSHA1":"577c63cfa55fa7e161c2d6384158e075fda8f965","hashSHA256":"02b9f0bc6b857d1d86d170747f43f3d4ef6b07c5d9f9b4666a4238bab1f4d722","digitalCertThumbprint":"E04B6DD0A38CA17024C7D7F97241A48056D12B15","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT AB INFOLINE PRIVATE LIMITED, O=CONNECT AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"435","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted.Website","reference":"Deceptor submission 180331","landingPage":"http://lp.techtipsforpc.com/cldttfpc/","directDownloadingLink":"https://d15zzfvesrub8i.cloudfront.net/cpp/securerc/cppsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d15zzfvesrub8i.cloudfront.net/cpp/securerc/cppsetup.exe","sourceIndex":"435"}],"sampleFiles":["180416/CleanPCPro2018-180331/3.5.0.0/Samples/cppsetup.exe","180416/CleanPCPro2018-180331/3.5.0.0/Samples/mysysm.exe"],"imageFiles":["180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-003/ACR-003_software.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-003/ACR-003_software1.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-003/ACR-003_software2.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-010/ACR-010_inlinoffer.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG"],"nonDeceptorImageFiles":["180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-088/ACR-088_software.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-092/ACR-092_software.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180416/CleanPCPro2018-180331/3.5.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"5d1791c5-f8c2-4a06-a68a-cfd2264f1e5f_3.5.0.0_1","appID":"CleanPCPro2018-180331","dateAdded":"180416","deceptorType":"App","name":"Clean PC Pro 2018","company":"CONNECT AB INFOLINE PRIVATE LIMITED","version":"3.5.0.0","sigName":"Deceptor:Win32/CleanPCPro2018!003010","lastKnownStatus":"Deceptor:3.6.0.0","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,display ads","lastUpdate":"2024-11-05T18:41:12.2304858+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":2,"sortOrder":2086},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":" App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"CONNECT AB INFOLINE PRIVATE LIMITED\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled. \n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"cppsetup.exe","isInstaller":"True","companyName":"Clean PC Pro 2018","productName":"Clean PC Pro 2018","productVersion":"3.6.0.0","fileVersion":"3.6","hashMD5":"9f5812e072e7e9c088e9db8a85ff5e18","hashSHA1":"f7156011539f0439a77dacb1c860b4ef7301e580","hashSHA256":"612708097ef84bf051c7c535f8bd99b13c310d09bccf08f11a329fa5cfae7122","digitalCertThumbprint":"45F1366D66DB0B4DDFAAD0022784453C5370C47D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB INFOLINE PRIVATE LIMITED, O=CONNECT-AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"434","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"bpp.exe","companyName":"Clean PC Pro 2018","productName":"Clean PC Pro 2018","productVersion":"3.6.0.0","fileVersion":"3.6","hashMD5":"e679c0179e5bd79906fe9d5ce3096c3b","hashSHA1":"1044737de1c227a2cf83bea267652c6f221216fd","hashSHA256":"f7db71f0a7a5c084f31b8785776d0adc97ff446d41b1cdf7d14c41c5fb803ee1","digitalCertThumbprint":"45F1366D66DB0B4DDFAAD0022784453C5370C47D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CONNECT-AB INFOLINE PRIVATE LIMITED, O=CONNECT-AB INFOLINE PRIVATE LIMITED, STREET=\"706, PLOT NO. 7, ROOTS TOWER\", L=New Delhi, S=New Delhi, PostalCode=110092, C=IN","sourceIndex":"434","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted.Website","reference":"Deceptor submission 180331","landingPage":"http://www.boostpcnow.com/","directDownloadingLink":"https://d3b419ktc3lf0z.cloudfront.net/cpp/securerc/c10/cppsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3b419ktc3lf0z.cloudfront.net/cpp/securerc/c10/cppsetup.exe","sourceIndex":"434"}],"sampleFiles":["180416/CleanPCPro2018-180331/3.6.0.0/Samples/cppsetup.exe","180416/CleanPCPro2018-180331/3.6.0.0/Samples/bpp.exe"],"imageFiles":["180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-055/ACR-055_inlinoffer.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-003/ACR-003_software1.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-003/ACR-003_software2.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-003/ACR-003_software.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-010/ACR-010_inlinoffer.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG"],"nonDeceptorImageFiles":["180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-065/ACR-065_internaloffer1.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-088/ACR-088_software.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-092/ACR-092_software.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180416/CleanPCPro2018-180331/3.6.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"5d1791c5-f8c2-4a06-a68a-cfd2264f1e5f_3.6.0.0_1","appID":"CleanPCPro2018-180331","dateAdded":"180416","deceptorType":"App","name":"Clean PC Pro 2018","company":"CONNECT AB INFOLINE PRIVATE LIMITED","version":"3.6.0.0","sigName":"Deceptor:Win32/CleanPCPro2018!003010055","lastKnownStatus":"Deceptor:3.6.0.0","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,display ads","lastUpdate":"2024-11-05T18:41:53.2608417+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":2,"sortOrder":2085},{"violations":{"ACR-003":"The application shows the computer at risk for having a trial version to coerced the user into taking action. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's Privacy Policy.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n\nThe application has no link or information that shows how it can be uninstalled.\n\nThe application has no link or information that shows how it can be uninstalled.\n\n","ACR-037":"The application does not have a privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"csSetup1.0.7.100.exe","isInstaller":"True","companyName":"CyberScrub                                                  ","productName":"CyberScrub Security","productVersion":"1.0.7.100","fileVersion":"1.0.7.100","hashMD5":"4f92b4c80a73a869c89354e0a00f5d5d","hashSHA1":"dcc0f6a9a9a1574b024d12f12395cc8e389bc446","hashSHA256":"debd898a81b315c1412ce5ccfa63eb711dc98842870fdf27146c113bd7f12b03","digitalCertThumbprint":"AAC5B23137938DC32E9DDD7C364C5A0EB26D6A32","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CyberScrub LLC, O=CyberScrub LLC, STREET=5100 Highlands Parkway SE, L=Smyrna, S=GA, PostalCode=30082, C=US","sourceIndex":"3641","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CP.exe","companyName":"CyberScrub LLC","productName":"CyberScrub (R) Security (TM)","productVersion":"1.0.7.100","fileVersion":"1.0.0.6400","hashMD5":"95d3d91437ff657676d8ab3fe877fb17","hashSHA1":"19d65878e151844a0cdd9b56993b29c53cb214ec","hashSHA256":"aeb0cf09dbc67f9ffbc5cc4a41da76f2a94df5fff9a846fd489f1a192017eec6","digitalCertThumbprint":"AAC5B23137938DC32E9DDD7C364C5A0EB26D6A32","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=CyberScrub LLC, O=CyberScrub LLC, STREET=5100 Highlands Parkway SE, L=Smyrna, S=GA, PostalCode=30082, C=US","sourceIndex":"3641","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"Google searched; best privacy software 2018","landingPage":"http://www.cyberscrub.com/cyberscrub-security-software/","directDownloadingLink":"http://buy.cyberscrub.com/files/csecurity6_287.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://buy.cyberscrub.com/files/csecurity6_287.exe","sourceIndex":"3641"}],"sampleFiles":["180416/CyberScrubSecurity-180413/6.0.1.287/Samples/csSetup1.0.7.100.exe","180416/CyberScrubSecurity-180413/6.0.1.287/Samples/CP.exe"],"imageFiles":["180416/CyberScrubSecurity-180413/6.0.1.287/Images/ACR-003/acr_009.PNG"],"nonDeceptorImageFiles":["180416/CyberScrubSecurity-180413/6.0.1.287/Images/ACR-065/acr_065_S.PNG","180416/CyberScrubSecurity-180413/6.0.1.287/Images/ACR-065/acr_065_I.PNG","180416/CyberScrubSecurity-180413/6.0.1.287/Images/ACR-065/acr_065_LP.PNG","180416/CyberScrubSecurity-180413/6.0.1.287/Images/ACR-099/acr_099_S.PNG","180416/CyberScrubSecurity-180413/6.0.1.287/Images/ACR-099/acr_099_LP.PNG","180416/CyberScrubSecurity-180413/6.0.1.287/Images/ACR-099/acr-099_IO.PNG"],"guid":"7048e6f9-0c8d-407b-940a-b61156eba955_6.0.1.287_1","appID":"CyberScrubSecurity-180413","dateAdded":"180416","deceptorType":"App","name":"cyberScrub","company":"CyberScrub","version":"6.0.1.287","sigName":"Deceptor:Win32/CyberScrub!003","lastKnownStatus":"Deceptor:6.0.1.287","lastKnownDate":"180416","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-04-17T14:52:52.2529782+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2532},{"violations":{"ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page provides one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer provides one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Crawler Group, LLC\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses Premium Technical Support to monetize.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"SpywareClearSetup.exe","isInstaller":"True","companyName":"Crawler Group                                               ","productName":"Spyware Clear","productVersion":"1.1.0.0","fileVersion":"1.3.1.45","hashMD5":"b5a68ac092e57601b70d8291cf454078","hashSHA1":"a959acc3a68ab2f67d632ec90a154107bbc21c56","hashSHA256":"9ec9a31e949b257f6b84d15b11aada7029bcf8833d1f2201f36f6c42aacc0cae","digitalCertThumbprint":"EF0A9B74CAC323619979D23997A52E6293FEBE8B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Crawler Group, LLC\", O=\"Crawler Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"3642","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SpywareClear.exe","companyName":"Crawler Group, LLC","productName":"Spyware Clear","productVersion":"1.3.0.0","fileVersion":"1.3.1.45","hashMD5":"937beeb83da9190d2749d9d9a5aeabae","hashSHA1":"3d87c64214dd5d823ae604c0875c53d6353f21ad","hashSHA256":"4e957234d934b69353df33827eaa6c4d9383b9ebe76d6a34526285119764dd27","digitalCertThumbprint":"EF0A9B74CAC323619979D23997A52E6293FEBE8B","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Crawler Group, LLC\", O=\"Crawler Group, LLC\", L=Wilmington, S=Delaware, C=US","sourceIndex":"3642","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"http://www.cretbird.co.jp/free-soft/","landingPage":"https://www.spywareclear.com/Default.aspx","directDownloadingLink":"http://www.spywareclear.com/dnl/config/274/SpywareClearSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.spywareclear.com/dnl/config/274/SpywareClearSetup.exe","sourceIndex":"3642"}],"sampleFiles":["180412/SpywareClear-180412/1.1.0.0/Samples/SpywareClearSetup.exe","180412/SpywareClear-180412/1.1.0.0/Samples/SpywareClear.exe"],"imageFiles":["180412/SpywareClear-180412/1.1.0.0/Images/ACR-017/ACR-017_internaloffer.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-017/ACR-017_internaloffer1.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-017/ACR-017_software.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-168/ACR-168_software.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-168/ACR-168_internaloffer.JPG"],"nonDeceptorImageFiles":["180412/SpywareClear-180412/1.1.0.0/Images/ACR-017/ACR-017_landingpage.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-163/ACR-163_software.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-163/ACR-163_landingpage.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-163/ACR-163_internaloffer.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-092/ACR-092_software.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-160/ACR-160_software.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-099/ACR-099_software.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180412/SpywareClear-180412/1.1.0.0/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"bd937fbb-eefb-418c-a1af-b2d6710254b7_1.1.0.0_1","appID":"SpywareClear-180412","dateAdded":"180412","deceptorType":"App","name":"Spyware Clear","company":"Xacti CZ, s.r.o.","version":"1.1.0.0","sigName":"Deceptor:Win32/SpywareClear!017168","lastKnownStatus":"Deceptor:1.1.0.0","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2533},{"violations":{"ACR-116":"The application cannot be uninstalled from the platform standard features.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-092":"The application does not have a digital signature.\n\n","ACR-157":"The application does not have a digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-037":"The application does not have a privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"rs_file_repair.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"0.0","hashMD5":"80f07e1c7e86ccb16ba1ad47e965b093","hashSHA1":"d49aa503097f62c2187e8157366c585e49e32215","hashSHA256":"39b03e464bc0b15e98f56386bd60ce80c1b406cd27817f50d924279361e3a9f9","sourceIndex":"1011","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RS File Repair.exe","companyName":"Recovery Software","productName":"RS File Repair","productVersion":"1.1.0.0","fileVersion":"1.1.0.0","hashMD5":"0f66772c0e06f6de9777bef805a68a5d","hashSHA1":"4e86f0b0a71bf903c200433b958522fffca57043","hashSHA256":"9cff8a32ed96a8c05d6b583a0a00e91dbbb2f891b00fab0610e4a2c3dcde7012","sourceIndex":"1011","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"google searched ; softwares to undelete important files","landingPage":"https://recoverhdd.com/file-repair/software-5.html","directDownloadingLink":"https://recoverhdd.com/download/rs_file_repair.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://recoverhdd.com/download/rs_file_repair.exe","sourceIndex":"1011"}],"sampleFiles":["180411/RSFileRepair-180406/1.1/Samples/rs_file_repair.exe","180411/RSFileRepair-180406/1.1/Samples/RS File Repair.exe"],"imageFiles":["180411/RSFileRepair-180406/1.1/Images/ACR-116/acr_116.PNG"],"nonDeceptorImageFiles":["180411/RSFileRepair-180406/1.1/Images/ACR-065/acr_065_I.PNG","180411/RSFileRepair-180406/1.1/Images/ACR-065/acr_065_S.PNG","180411/RSFileRepair-180406/1.1/Images/ACR-065/acr_065_LP.PNG","180411/RSFileRepair-180406/1.1/Images/ACR-065/acr_065_IO.PNG","180411/RSFileRepair-180406/1.1/Images/ACR-092/unsigned.PNG","180411/RSFileRepair-180406/1.1/Images/ACR-157/unsigned.PNG","180411/RSFileRepair-180406/1.1/Images/ACR-099/acr_099_S.PNG","180411/RSFileRepair-180406/1.1/Images/ACR-099/acr_099_LP.PNG","180411/RSFileRepair-180406/1.1/Images/ACR-099/acr_099_IO.PNG"],"guid":"5e115259-2239-4ead-9d35-e53080ef1a07_1.1_1","appID":"RSFileRepair-180406","dateAdded":"180411","deceptorType":"App","name":"RSFilerepair","company":"RECOVERY SOFTWARE","version":"1.1","sigName":"Deceptor:Win32/RSFileRepair!116","firstVendorContactDate":"230707","firstAppEsteemReplyDate":"230707","firstResolvedDate":"230707","firstResolvedVersion":"1.1.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.1","lastKnownDate":"180411","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2023-07-07T19:35:42.2483664+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2534},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user. The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user. The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Speedup Tool Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"dcpsetup.exe","isInstaller":"True","companyName":"Dr. Clean Pro 2018","productName":"Dr.Clean-Pro-2018","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"5ccd1a45c48e4080c6409438fee0ec79","hashSHA1":"b520ffec98a4161b3566f83e960f97cc1b7c66c7","hashSHA256":"3b4c12e72d7f7b9cc394adc2eb5c3e8da9e5e55d616a2e1f54d70f33bfcdf1bb","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"433","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm.exe","companyName":"Dr. Clean Pro 2018","productName":"PC Fixing Tool","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"121ed304d17981b505503cbec7640584","hashSHA1":"054b17fb062b03298fafb24b7b3f29989838e8bd","hashSHA256":"49652c432b1241c552fb4f1d22d90476adcf52f0c87774291b257b0508d2b8ff","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"433","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Downloadsite","reference":"https://www.downloadtyphoon.com/category/system-utilities","landingPage":"http://winoptimizertools.com/","directDownloadingLink":"https://d3vhb4hklrqsr6.cloudfront.net/dcp/securerc/b2/dcpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3vhb4hklrqsr6.cloudfront.net/dcp/securerc/b2/dcpsetup.exe","sourceIndex":"433"}],"sampleFiles":["180411/DrCleanPro2018-180411/3.6.0.0/Samples/dcpsetup.exe","180411/DrCleanPro2018-180411/3.6.0.0/Samples/mysysm.exe"],"imageFiles":["180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-003/ACR-003_software.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-003/ACR-003_software1.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-003/ACR-003_software2.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-010/ACR-010_software.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-088/ACR-088_software.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-092/ACR-092_software.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180411/DrCleanPro2018-180411/3.6.0.0/Images/ACR-171/ACR-171_internaloffer.JPG"],"guid":"e7815187-feb7-4843-a834-87efd863470d_3.6.0.0_1","appID":"DrCleanPro2018-180411","dateAdded":"180411","deceptorType":"App","name":"Dr.Clean-Pro-2018","company":"Dr. Clean Pro 2018","version":"3.6.0.0","sigName":"Deceptor:Win32/DrCleanPro:003010055059","lastKnownStatus":"Deceptor:3.6.0.0","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T18:44:06.1952624+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2087},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n","ACR-003":"The application exaggerates browser history, cookies and local trace files as threats, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"MB Media LLC\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"ProI.D.GuardSetup.exe","isInstaller":"True","companyName":"Pro I.D. Guard","productName":"Pro I.D. Guard","productVersion":"3.2.5","fileVersion":"3.2.5.0","hashMD5":"8fd4f1ddc085f5d695a148d7bb8ed21e","hashSHA1":"e76e9fca524cd52cadb6681ea3b872050c6bae2a","hashSHA256":"08e380eb53f86308ee462560bd4ce9847cffbc435299d274b5109a1581c48f2a","digitalCertThumbprint":"2FD06D2E25DE33F99E75750220275C290D4B7D7F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MB Media LLC, O=MB Media LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"3349","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ProI.D.Guard.exe","companyName":"Pro I.D. Guard","fileVersion":"3.2","hashMD5":"cbae226d613fb43a95a592fac08b5e4e","hashSHA1":"81b603d8aea6e856e0039b8ff1e6ee84ac8ca10f","hashSHA256":"847ce9fe2f7fae1052679513a625ab790942b3d0a6b82fc3272c53aa5311be3f","digitalCertThumbprint":"2FD06D2E25DE33F99E75750220275C290D4B7D7F","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MB Media LLC, O=MB Media LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"3349","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ProI.D.Guard.exe","companyName":"Pro I.D. Guard","productName":"Pro I.D. Guard","productVersion":"3.3.7.0","fileVersion":"3.3.7.0","hashMD5":"712adb4bfe9ad8e1dc9ef47f5f2afb3e","hashSHA1":"f3a1545c019639a4450608b68fe9d173e4c9879b","hashSHA256":"84c4abf9f714701047135e2058c68b04a3f1f0c27a1926786981dc916999de1f","digitalCertThumbprint":"29401407E9312698BE2E29E6C15F11318704BA4C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=MB Media LLC, O=MB Media LLC, L=Wilmington, S=Delaware, C=US","sourceIndex":"3349","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"https://proidguard.com/","directDownloadingLink":"https://s3.amazonaws.com/pig-download-2/ProI.D.GuardSetup.exe?response-content-disposition=attachment%3B%20filename%3D%22ProIDGuardSetup%40g%23source%3Dhp1.exe%22&response-content-type=application%2Foctet-stream&X-Amz-Content-Sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIJPJRAOVS3FON4WA%2F20180410%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180410T172942Z&X-Amz-SignedHeaders=Host&X-Amz-Expires=600&X-Amz-Signature=792cafe0310d21886690a9b4d9f251cce1b975f3dff2174df3b705d1c258a473","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://s3.amazonaws.com/pig-download-2/ProI.D.GuardSetup.exe?response-content-disposition=attachment%3B%20filename%3D%22ProIDGuardSetup%40g%23source%3Dhp1.exe%22&response-content-type=application%2Foctet-stream&X-Amz-Content-Sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIJPJRAOVS3FON4WA%2F20180410%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180410T172942Z&X-Amz-SignedHeaders=Host&X-Amz-Expires=600&X-Amz-Signature=792cafe0310d21886690a9b4d9f251cce1b975f3dff2174df3b705d1c258a473","sourceIndex":"3349"}],"sampleFiles":["180410/PROIDGUARD-180406/3.2.5/Samples/ProIDGuardSetup@g#source=hp1.exe","180410/PROIDGUARD-180406/3.2.5/Samples/ProI.D.Guard.exe","180410/PROIDGUARD-180406/3.2.5/Samples/ProI.D.Guard 3.3.7.exe"],"imageFiles":["180410/PROIDGUARD-180406/3.2.5/Images/ACR-050/ACR-050_software.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-003/ACR-003_software.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-084/ACR-084_software.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-084/ACR-084_software1.JPG"],"nonDeceptorImageFiles":["180410/PROIDGUARD-180406/3.2.5/Images/ACR-065/ACR-065_install.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-065/ACR-065_software.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-065/ACR-065_internaloffer.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-161/ACR-161_landingpage.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-088/ACR-088_software.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-092/ACR-092_software.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-099/ACR-099_software.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-099/ACR-099_landingpage.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-099/ACR-099_internaloffer.JPG","180410/PROIDGUARD-180406/3.2.5/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"2958c249-d5d1-4cb1-8691-16cba49e0c77_3.2.5_1","appID":"PROIDGUARD-180406","dateAdded":"180410","deceptorType":"App","name":"Pro I.D. Guard","company":"Pro I.D. Guard","version":"3.2.5","sigName":"Deceptor:Win32/ProIDGuard!003050084","lastKnownStatus":"Deceptor:3.2.5","lastKnownDate":"180410","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-22T00:03:02.8575672+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2535},{"violations":{"ACR-003":"The application exaggerates system's health of having junk files and \"open/save history\" as \"high risk\", thereby misleading or scaring user to take action \n\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-092":"The application does not have a digital signature.\n\n","ACR-157":"The application does not have a digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-035":"The application's EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy has no mention of the contact information for, the source.\n\n","ACR-037":"The application does not have a privacy policy.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"NetEraserTrial.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"f62fa1a13b2e2c74be42ae79181dccb9","hashSHA1":"d7e005e062065a7df1677312629d097964956dbd","hashSHA256":"464dc2c5861c28bd1074fd7c05047d8bdb64670ca63f24653d2743b7b01023ba","sourceIndex":"3278","avBlockList":["Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Windows Defender (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","Webroot SecureAnywhere (20190131)"]},{"isRevoked":"False","fileName":"NetEraserDemo1.exe","companyName":"webpctools.com","productName":"NetEraser","productVersion":"1.00","fileVersion":"1.00","hashMD5":"10c17c11b9307fa5f239efe5fd30230e","hashSHA1":"90dc973d203474b626e671a2d4e050b8e04c7054","hashSHA256":"2ec9de51409e1e7c88a8a7ca28a60ab40225683aad17eb31f50d958fa1d554ac","sourceIndex":"3278","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"google searched; software to remove duplicate files on my computer","landingPage":"http://www.interneterasersoftware.com/find-duplicate-files/","directDownloadingLink":"http://www.webpctools.com/NetEraserTrial.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.webpctools.com/NetEraserTrial.exe","sourceIndex":"3278"}],"sampleFiles":["180409/NetEraser-180406/1.00/Samples/NetEraserTrial.exe","180409/NetEraser-180406/1.00/Samples/NetEraserDemo1.exe"],"imageFiles":["180409/NetEraser-180406/1.00/Images/ACR-003/acr_003.PNG","180409/NetEraser-180406/1.00/Images/ACR-003/acr_003_1.PNG","180409/NetEraser-180406/1.00/Images/ACR-003/acr_003_2.PNG"],"nonDeceptorImageFiles":["180409/NetEraser-180406/1.00/Images/ACR-065/acr_065_1.PNG","180409/NetEraser-180406/1.00/Images/ACR-065/acr_065_S.PNG","180409/NetEraser-180406/1.00/Images/ACR-065/acr_065_LP.PNG","180409/NetEraser-180406/1.00/Images/ACR-065/acr_065_IO.PNG","180409/NetEraser-180406/1.00/Images/ACR-092/unsigned.PNG","180409/NetEraser-180406/1.00/Images/ACR-157/unsigned.PNG","180409/NetEraser-180406/1.00/Images/ACR-099/acr_099_S.PNG","180409/NetEraser-180406/1.00/Images/ACR-099/acr_099_LP.PNG","180409/NetEraser-180406/1.00/Images/ACR-099/acr_099_IO.PNG","180409/NetEraser-180406/1.00/Images/ACR-035/eula.PNG"],"guid":"cd4e7340-3972-440d-82b2-bb2636ecac67_1.00_1","appID":"NetEraser-180406","dateAdded":"180409","deceptorType":"App","name":"NetEraser","company":"interneterasersoftware.com","version":"1.00","sigName":"Deceptor:Win32/NetEraser!003","lastKnownStatus":"1.00","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T01:03:48.2827931+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2537},{"violations":{"ACR-003":"The application exaggerates invalid registry keys as errors and problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The application is unsigned (Not digitally code-signed by the source)\n","ACR-157":"The application does not have a digital certificate.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-037":"No privacy policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"full_cleaner.exe","isInstaller":"True","companyName":"Full Software Studio                                        ","productName":"Full Cleaner","productVersion":"6.6","fileVersion":"0.0","hashMD5":"6abc2438b0191e1c765ba72d2af9d1bf","hashSHA1":"190b2ce760f36b60877c938c1014f2f5cc08d5c0","hashSHA256":"5fa914e510e09965926a37d3f79844d4c813b072083f539ea0ae6a00d3c9bfef","sourceIndex":"3648","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"cleaner.exe","companyName":"Full Software Studio","productName":"Full Cleaner","productVersion":"6.6","fileVersion":"0.0","hashMD5":"c67d70aa4b2a0b0cf6ec33fe568c4f55","hashSHA1":"bebf4baacb189eb301ccd6c87fe39611cf911f6e","hashSHA256":"242e5d34aa527e1d1a584fe3f7ece99fa5e0ecb6c6e7a3ec3c11858fdf309412","sourceIndex":"3648","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"http://www.full-cleaner.com/","directDownloadingLink":"http://www.full-cleaner.com/full_cleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.full-cleaner.com/full_cleaner.exe","sourceIndex":"3648"}],"sampleFiles":["180409/FullCleaner-180406/6.6/Samples/full_cleaner.exe","180409/FullCleaner-180406/6.6/Samples/cleaner.exe"],"imageFiles":["180409/FullCleaner-180406/6.6/Images/ACR-003/ACR-003_software.JPG","180409/FullCleaner-180406/6.6/Images/ACR-003/ACR-003_software1.JPG"],"nonDeceptorImageFiles":["180409/FullCleaner-180406/6.6/Images/ACR-065/ACR-065_install.JPG","180409/FullCleaner-180406/6.6/Images/ACR-065/ACR-065_software.JPG","180409/FullCleaner-180406/6.6/Images/ACR-065/ACR-065_landingpage.JPG","180409/FullCleaner-180406/6.6/Images/ACR-065/ACR-065_internaloffer.JPG","180409/FullCleaner-180406/6.6/Images/ACR-161/ACR-161_landingpage.JPG","180409/FullCleaner-180406/6.6/Images/ACR-092/ACR-092_software.JPG","180409/FullCleaner-180406/6.6/Images/ACR-157/ACR-157_software.JPG","180409/FullCleaner-180406/6.6/Images/ACR-099/ACR-099_software.JPG","180409/FullCleaner-180406/6.6/Images/ACR-099/ACR-099_landingpage.JPG","180409/FullCleaner-180406/6.6/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"53c406e0-e073-4ea4-a7b8-9fc365a99b30_6.6_1","appID":"FullCleaner-180406","dateAdded":"180409","deceptorType":"App","name":"Full Cleaner","company":"Full Software Studio","version":"6.6","sigName":"Deceptor:Win32/FullCleaner!003","lastKnownStatus":"Deceptor:6.6","lastKnownDate":"180409","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-04-10T17:05:50.6898454+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2538},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n","ACR-059":"The Offer is not clearly marked as an offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"GLOBALSOFT LOGICS\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"apbsetup.exe","isInstaller":"True","companyName":"Auto PC Booster 2018","productName":"Auto PC Booster 2018","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"e9b43995e1960e76a7085bebd0007a21","hashSHA1":"bf7390b37f48368f3704e0d36eee721509c0564d","hashSHA256":"ef83f0ea9bbac2f134d3db246d97b2811b3173ac6372a07719b3ff5760637e3e","digitalCertThumbprint":"4AF99DF2499113E82284865E745BEB3A1911CF9B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GLOBALSOFT LOGICS, O=GLOBALSOFT LOGICS, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"432","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm.exe","companyName":"Auto PC Booster 2018","productName":"PC Fixing Tool","productVersion":"3.6.0.0","fileVersion":"3.6.0.0","hashMD5":"2a9a672c77ec39c75d5aff71ff5bc31b","hashSHA1":"a3b45b88bc52da0432e2ce2c4b786f17815a738d","hashSHA256":"6890945dc9ca812ed7f36a8ecedd8d46eb11dbf837817a628946b7d140488ecb","digitalCertThumbprint":"4AF99DF2499113E82284865E745BEB3A1911CF9B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=GLOBALSOFT LOGICS, O=GLOBALSOFT LOGICS, POBox=302012, STREET=\"47, SHIP COLONY, JHOTWARA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"432","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"PC FIXER 2018\" page 17 of the results","landingPage":"http://www.speeduppcutils.com/","directDownloadingLink":"https://d1l1bw6l3uklnh.cloudfront.net/apb/securerc/nc/apbsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1l1bw6l3uklnh.cloudfront.net/apb/securerc/nc/apbsetup.exe","sourceIndex":"432"}],"sampleFiles":["180409/AutoPCBooster2018-180406/3.6.0.0/Samples/apbsetup.exe","180409/AutoPCBooster2018-180406/3.6.0.0/Samples/mysysm.exe"],"imageFiles":["180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-055/ACR-055_inlineoffer.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-003/ACR-003_software.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-003/ACR-003_software1.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-003/ACR-003_software2.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-088/ACR-088_software.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-092/ACR-092_software.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180409/AutoPCBooster2018-180406/3.6.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"c68ea907-fb5a-41c2-a77c-c72cf1700022_3.6.0.0_1","appID":"AutoPCBooster2018-180406","dateAdded":"180409","deceptorType":"App","name":"Auto PC Booster 2018","company":"Auto PC Booster 2018","version":"3.6.0.0","sigName":"Deceptor:Win32/AutoPCBooster!003010055059","lastKnownStatus":"Deceptor:3.6.0.0","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T18:46:06.0750158+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2088},{"violations":{"ACR-003":"The application exaggerates registry keys as errors, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the standard location. The application was installed in a App data hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The app only provides a 15 days money back guarantee.\n","ACR-150":"The app displays five star awards from Tucows, PC Magazine and Topshareware.com that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"reghelppro.exe","isInstaller":"True","companyName":"foryoursoft.com","productName":"Registry Help","productVersion":"1.8.2.1","fileVersion":"1.8.2.1","hashMD5":"bd3adb85b2d209c515ef7bee8fc5cb24","hashSHA1":"b3992a192a96376085c94d22765067f6c53028f7","hashSHA256":"944968d3ee2c5e8b3976e55b7838bb557ade0261f9e591dedfdcd1c165dbce24","digitalCertThumbprint":"48E9D3EEDB13F5D26B8547811822CDF5C86B9A96","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=WilliamSoftware, O=WilliamSoftware, L=Pierrefonds, S=Quebec, PostalCode=H9H 0B3, C=CA","sourceIndex":"1837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegHelp.exe","companyName":"foryoursoft.com","productName":"Registry Help","productVersion":"1.8.2.1","fileVersion":"1.8.2.1","hashMD5":"b15a1b0e4467f50210bea117c356dd37","hashSHA1":"54b4933621d2c7c46f94c81fda3e0763a8f882cd","hashSHA256":"3e38377a873f7fc30fba396d9a2c76741e190c165e5d9ab437aec4116b2ac251","sourceIndex":"1837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegHelp [2].exe","isInstaller":"True","companyName":"foryoursoft.com","fileVersion":"1.8","hashMD5":"9b11ed5e90b65f1fef4bb0eb98f02487","hashSHA1":"5dcf7ebf64c2f0c60910fde5d15b8f8ffd3d01f2","hashSHA256":"0abc4f122fa46379670b1847d92a970be9f2a616bc3d1dae3739fab53486877f","sourceIndex":"1837","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"reghelpfree [2].exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"6b28158ea6918d1440d7f4cc27765104","hashSHA1":"07e96e2dbcdb693f497b732d6f0de21c421a87d1","hashSHA256":"499fe02ccb7fb6dec7bf421e068d25e52691abd61dc768925cc52379c408ce9f","sourceIndex":"1837","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"www.bestvistadownloads.com","landingPage":"http://foryoursoft.com/reghelp/index.htm","directDownloadingLink":"http://www.foryoursoft.com/download.php?PN=RHP&DIRECT=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.foryoursoft.com/download.php?PN=RHP&DIRECT=1","sourceIndex":"1837"}],"sampleFiles":["180409/RegistryHelpPro-180406/1.8.2.1/Samples/reghelppro.exe","180409/RegistryHelpPro-180406/1.8.2.1/Samples/RegHelp.exe"],"imageFiles":["180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-003/ACR-003_software.JPG"],"nonDeceptorImageFiles":["180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-040/ACR-040_install.mp4","180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-065/ACR-065_install.JPG","180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-065/ACR-065_software.JPG","180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-099/ACR-099_software.JPG","180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-099/ACR-099_landingpage.JPG","180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-099/ACR-099_internaloffer.JPG","180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-167/ACR-167_docs.JPG","180409/RegistryHelpPro-180406/1.8.2.1/Images/ACR-150/ACR-150_landingpage.JPG"],"guid":"4d0b4764-1e59-41bb-9fc1-77d024595bdf_1.8.2.1_1","appID":"RegistryHelpPro-180406","dateAdded":"180409","deceptorType":"App","name":"Registry Help","company":"Foryoursoft.com","version":"1.8.2.1","sigName":"Deceptor:Win32/RegistryHelpPro!003","lastKnownStatus":"Deceptor:1.82","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-07-26T21:43:05.8558499+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2536},{"violations":{"ACR-003":"The application exaggerates invalid registry keys as problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"The application is unsigned (Not digitally code-signed by the source).\n","ACR-157":"The application does not have a digital certificate\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-037":"No privacy policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The consumer is required to opt-out of additional payment for download protection and backup media which was not previously disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"Setup.exe                                        ","isInstaller":"True","companyName":"Digeus, Inc.                                                 ","productName":"Digeus System Optimizer","productVersion":"8.2","fileVersion":"8.2","hashMD5":"286e46a3d228975e7436a77dc7bf36e6","hashSHA1":"6477b94519931f17b18ff77f51801190af56569e","hashSHA256":"166b803a0c2e7330aa6af9d9fe3d3da14ed3863f2e701b5ec642bd8152b4f732","sourceIndex":"3652","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"System Optimizer.exe","companyName":"Digeus, Inc.","productName":"Digeus System Optimizer","productVersion":"8.2.0.0","fileVersion":"8.2.0.0","hashMD5":"74d6c71abfd2cd102428faa81498be21","hashSHA1":"e16f18992cc57d27e63e311ecfab66137af8f2dc","hashSHA256":"6bf583e1fe4e6db577ef890ebf2bc3a63aac3357364fd03106a66aeff23693d7","sourceIndex":"3652","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc optimizer\"","landingPage":"http://www.digeus.com/products/systemoptimizer/system-optimizer.html","directDownloadingLink":"http://www.digeus.com/downloads/systemoptimizer/files/8/sysoptimizer_8_2.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.digeus.com/downloads/systemoptimizer/files/8/sysoptimizer_8_2.exe","sourceIndex":"3652"}],"sampleFiles":["180405/DigeusRegistryCleaner-180405/8.2/Samples/sysoptimizer_8_2.exe","180405/DigeusRegistryCleaner-180405/8.2/Samples/System Optimizer.exe"],"imageFiles":["180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-003/ACR-003_software.JPG"],"nonDeceptorImageFiles":["180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-065/ACR-065_install.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-065/ACR-065_software.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-065/ACR-065_landingpage.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-065/ACR-065_internaloffer.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-092/ACR-092_software.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-157/ACR-157_softwarr.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-099/ACR-099_landingpage.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-099/ACR-099_software.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-099/ACR-099_internaloffer.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-171/ACR-171_internaloffer.JPG","180405/DigeusRegistryCleaner-180405/8.2/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"4251fda5-19dd-4188-8049-6f16df198490_8.2_1","appID":"DigeusRegistryCleaner-180405","dateAdded":"180405","deceptorType":"App","name":"Digeus System Optimizer","company":"Digeus, Inc.","version":"8.2","sigName":"Deceptor:Win32/DigeusSystemOptimizer!003","lastKnownStatus":"Deceptor:8.2","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2539},{"violations":{"ACR-059":"The Offer is not clearly marked as an offer or optional.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of download Manager(setup wizard): it may show offers during installation.\n","ACR-038":"During launch, the app uses a seemingly random name while requesting UAC access\n","ACR-065":"No EULA and/or Terms of Service, Privacy Policy is provided for download manager (setup wizard).\n","ACR-037":"No Privacy Policy document for app. \n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"D:\\SvcFab\\_App\\ServiceApiType_App0\\temp\\tmp4908.tmp","isInstaller":"True","fileVersion":"0.0","hashMD5":"4762b6565f61672808b20cbaa5e6efc5","hashSHA1":"35890737a6af6e22004553f61a149b9b038ec57b","hashSHA256":"82ae7a9fb7c7cb00e29617a3f5d24f244a873d17b75a585ef33764b802fff076","digitalCertThumbprint":"33A721AA15B240CA731036C3249305D46A39E509","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Motus Software Ltd, OU=IT, O=Motus Software Ltd, L=Lewes, C=GB","sourceIndex":"3410","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"","landingPage":"http://pivotanimator.net/Download.php","directDownloadingLink":"http://www.downloadscenterhosting.com/8iXr3C+WOlmmCj4nP5TczdEg5KV6ZeLksWk0GlfXGPentmSTH75tTz6DAq1Sm6m6IgiHM9ZfBozf1ry3V+uwErD2F6JGobSXO+7xTPs09hGlCAILOR2UjNDaLAEqhHyxFmEL6ITUwhiBoE_hMcUgkjDbzEoFxdUqauLZQA+8tsTZipwd63fkJdjAMOGY+xo6yn_V8BUwv3FURvBsMwZQ_ffS9v9ARyxG3FhtAX1e2tvHob+MNJMvH5UfAhUJ7dQW6fcBK5KM+8ZweE0U_sRrynZaT+31oNlYMLwOFg+l2tDtJS8XA_q4SbCfHIoNzZqGyx2uGT7aqnbl4cVy25e28bq8Kf3CZw==-GzEAAMRtbD7ndXtUogKHHDj9kDYPKNgYO88jRTfW+NVn7xCaiU7r8UwHtQA=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.downloadscenterhosting.com/8iXr3C+WOlmmCj4nP5TczdEg5KV6ZeLksWk0GlfXGPentmSTH75tTz6DAq1Sm6m6IgiHM9ZfBozf1ry3V+uwErD2F6JGobSXO+7xTPs09hGlCAILOR2UjNDaLAEqhHyxFmEL6ITUwhiBoE_hMcUgkjDbzEoFxdUqauLZQA+8tsTZipwd63fkJdjAMOGY+xo6yn_V8BUwv3FURvBsMwZQ_ffS9v9ARyxG3FhtAX1e2tvHob+MNJMvH5UfAhUJ7dQW6fcBK5KM+8ZweE0U_sRrynZaT+31oNlYMLwOFg+l2tDtJS8XA_q4SbCfHIoNzZqGyx2uGT7aqnbl4cVy25e28bq8Kf3CZw==-GzEAAMRtbD7ndXtUogKHHDj9kDYPKNgYO88jRTfW+NVn7xCaiU7r8UwHtQA=","sourceIndex":"3410"}],"sampleFiles":["180405/PivotSetup-180330/4.8/Samples/pivot_v4-2.exe"],"imageFiles":["180405/PivotSetup-180330/4.8/Images/ACR-059/offer.PNG"],"nonDeceptorImageFiles":["180405/PivotSetup-180330/4.8/Images/ACR-044/acr_065_I.PNG","180405/PivotSetup-180330/4.8/Images/ACR-038/install.PNG","180405/PivotSetup-180330/4.8/Images/ACR-042/W10-2018-03-30T17-22-25-237573200Z.mp4","180405/PivotSetup-180330/4.8/Images/ACR-065/acr_065_I.PNG","180405/PivotSetup-180330/4.8/Images/ACR-037/docs.PNG","180405/PivotSetup-180330/4.8/Images/ACR-037/docs_1.PNG","180405/PivotSetup-180330/4.8/Images/ACR-152/W10-2018-03-30T18-04-16-889556200Z.mp4"],"guid":"117b1d16-51c0-4fc6-8677-7790391927c5_4.8_1","appID":"PivotSetup-180330","dateAdded":"180405","deceptorType":"Bundler","name":"PivotSetup Bundler","company":"Motus Software Ltd","version":"4.8","sigName":"Deceptor:Win32/PivotSetupBundler!050059042","lastKnownStatus":"Deceptor:4.8","lastKnownDate":"180405","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps,sold in bundle","lastUpdate":"2018-12-26T16:45:16.1241998+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":1,"sortOrder":845},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"Install Driver Updater\" is not straightforward option for decline.\n\n","ACR-059":"The Offer is not clearly marked as an offer. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC CARE TOOLS\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed. \n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"PC Cleanup 2018","productName":"PC Cleanup 2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"7c236022293e0f8adc3f91231ba51752","hashSHA1":"c420e1a15071aa796226daf150a97b424ae44583","hashSHA256":"002da5481a8e97c2b445e5c51b9b8028c7b2c705b4fef1378f396964271e7afd","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"431","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcl.exe","companyName":"PC Cleanup 2018","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"5ddce0fe8f5c05e4f5bb787e039f9821","hashSHA1":"cc9b5e643edffc8e07e4df1272ce700dca0c3a64","hashSHA256":"1bb7fd27aebdef33c1cf3495a9056de2504e1ea482caf440e84272d18f647ca2","digitalCertThumbprint":"77CC98C1F9DD0A79C66FD2BB9F801ECE0E5F3C3D","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC CARE TOOLS, O=PC CARE TOOLS, STREET=\"3/213, MALVIYA NAGAR ROAD, MALVIYA NAGAR\", L=Jaipur, S=RAJASTHAN, PostalCode=302017, C=IN","sourceIndex":"431","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"2018 pc cleaner\" page 15 of results www.updatemypcs.com","landingPage":"http://www.updatemypcs.com/","directDownloadingLink":"https://d3gh3i9wo5gelj.cloudfront.net/pcclener/securerc/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d3gh3i9wo5gelj.cloudfront.net/pcclener/securerc/setup.exe","sourceIndex":"431"}],"sampleFiles":["180405/PCCleanup2018-180403/1.0.0.0/Samples/setup.exe","180405/PCCleanup2018-180403/1.0.0.0/Samples/pcl.exe"],"imageFiles":["180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-055/ACR-059_inlineoffer.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-003/ACR-003_software.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-003/ACR-003_software1.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-003/ACR-003_software2.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-088/ACR-088_software.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-092/ACR-092_software.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-099/ACR-099_software.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180405/PCCleanup2018-180403/1.0.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"a4a192b8-9243-4706-b3a4-814bc13815f5_1.0.0.0_1","appID":"PCCleanup2018-180403","dateAdded":"180405","deceptorType":"App","name":"PC Cleanup 2018","company":"PC Cleanup 2018","version":"1.0.0.0","sigName":"Deceptor:Win32/PCCleanup2018!003010055059","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,cross-sell other apps","lastUpdate":"2024-11-05T18:48:47.7551625+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2089},{"violations":{"ACR-048":"Bundler cannot be closed whenever consumer selects close button during download process.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-092":"Download manager uses a digital certificate from a different source than what was disclosed. The app's digital certificate is signed by \"Supreme Funnel (Alpha Criteria Ltd.)\" which is not disclosed in the app's offer or install or any document.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just displays a message that says we are unable to stop the installation a this point.\n"},"samples":[{"isRevoked":"False","fileName":"D:\\SvcFab\\_App\\ServiceApiType_App0\\temp\\tmp4BC7.tmp","isInstaller":"True","fileVersion":"0.0","hashMD5":"6cf40171dd28a8418311764b66ef50fc","hashSHA1":"757147e62c9dbb53dc21317bd6a6cee3f67e2064","hashSHA256":"4d7e6ad937600c35dbca5d6069a89d6c483c9d499e5a119eed86bcaae8d15440","digitalCertThumbprint":"971E4EF2C3E8F1CD7B99E5E3129F3929A90FF05B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Supreme Funnel (Alpha Criteria Ltd.), O=Supreme Funnel (Alpha Criteria Ltd.), STREET=28A Lilinblum St., L=Tel Aviv, S=Israel, PostalCode=651307, C=IL","sourceIndex":"3431","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"","landingPage":"http://downloadstw.com/","directDownloadingLink":"http://downloadstw.com/?dmdownload=22645","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloadstw.com/?dmdownload=22645","sourceIndex":"3431"}],"sampleFiles":["180405/DownloadstwDownloadManager-180403/4.3.4/Samples/Audacity.exe"],"imageFiles":["180405/DownloadstwDownloadManager-180403/4.3.4/Images/ACR-048/ACR_048_INSTALL.PNG"],"nonDeceptorImageFiles":["180405/DownloadstwDownloadManager-180403/4.3.4/Images/ACR-044/ACR_044_INSTALL.PNG","180405/DownloadstwDownloadManager-180403/4.3.4/Images/ACR-092/ACR_092_SOFTWARE.PNG","180405/DownloadstwDownloadManager-180403/4.3.4/Images/ACR-152/ACR_152_INSTALL.PNG"],"guid":"b4438e47-e6d1-47e0-a638-66263173fa7b_4.3.4_1","appID":"DownloadstwDownloadManager-180403","dateAdded":"180405","deceptorType":"Bundler","name":"Downloadstw Download Manager","company":"Supreme Funnel (Alpha Criteria Ltd.)","version":"4.3.4","sigName":"Deceptor:Win32/Downloadstw!048050","lastKnownStatus":"Deceptor:4.3.4","lastKnownDate":"180405","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:32:25.8450747+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":542},{"violations":{"ACR-048":"Remaps \"application close\" functionality to \"minimize\"\n","ACR-059":"The Offer is not clearly marked as an offer or optional.\n","ACR-039":"Releationship between downloadastro.com, the carrier and its vendor, the the download manager, and the role of the download manager are unclear. User is asked to accept running (with privileges) a differently-named download manager signed by a previous-undisclosed company, then user is presented with a download screen that claims this is downloadastro.com's Download Manager. App doesn't indicate the source of the carrier.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n\n","ACR-038":"During launch, the app uses a seemingly random name while requesting UAC access\n","ACR-065":"No EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided for the download manager.\n","ACR-092":"download manager uses a digital certificate from a different source than what was disclosed. The app's digital certificate is signed by \"Lepide Software Private Limited\" which is not disclosed in the app's offer or install.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"recover_lost_files_0691829196","isInstaller":"True","companyName":"Installer                                                   ","fileVersion":"0.0","hashMD5":"8fc0ae08c269194ccffd4daba4494aca","hashSHA1":"c6f12da36b9a3abbd2ea3bc3e8cae45ef1147446","hashSHA256":"5b13e28236e775353242b2bc568d13cf4bcc553334dd5626fbf064f9093ef844","digitalCertThumbprint":"088E24EA61DF14170B7EEC71114A1C5A68F9EE71","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Dov gil Management Ltd., OU=IT, O=Dov gil Management Ltd., L=Petah Tikva, S=Israel, C=IL","sourceIndex":"3396","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"goodsync_0192966238","isInstaller":"True","companyName":"Installer                                                   ","fileVersion":"0.0","hashMD5":"20f1ccc1006e88ea1376d3ec32756fb6","hashSHA1":"0a9441aad184abf32e3ef9e0d40f9aa149e17af8","hashSHA256":"480f277ecc53c31778968f70813c28aaa2df16c0f4e65a1c2762ade9e5d69c7d","digitalCertThumbprint":"B86A04A1D5C7BCBCE855CCEE59DABCA22F508F13","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=LAM Proactive And Investments Ltd, OU=IT, O=LAM Proactive And Investments Ltd, L=Herzliya, S=Israel, C=IL","sourceIndex":"3396","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"recover_lost_files_2747381557","isInstaller":"True","companyName":"Installer                                                   ","fileVersion":"0.0","hashMD5":"83f24fa1664f075d39955a046b6a909b","hashSHA1":"b0b2a61c508a82ab4dc3530398103f4c5e6d4150","hashSHA256":"b8d51021409d7d05b437e87b4f963506b9e0e2a6b0f1493c45d3ad25e84b50e6","digitalCertThumbprint":"B86A04A1D5C7BCBCE855CCEE59DABCA22F508F13","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=LAM Proactive And Investments Ltd, OU=IT, O=LAM Proactive And Investments Ltd, L=Herzliya, S=Israel, C=IL","sourceIndex":"3396","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spy_emergency_3521384702.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"249fbcea39a1638655b2b52fe3a62492","hashSHA1":"d6a16b7c139b573ab47e6aa5e12cc2fdc1d34ef3","hashSHA256":"4d80a7369a4c4451af1aa320fd7c311370b6e455ad698b5c7383c0fc0c2b934d","digitalCertThumbprint":"DE0FC63014C094E709D2CAC3312AAAC27793325F","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Dov gil Management Ltd., OU=IT, O=Dov gil Management Ltd., L=Petah Tikva, S=PETAH TIKVA, C=IL","sourceIndex":"3398","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"downloadastro.com","landingPage":"http://recover_lost_files.en.downloadastro.com/download/","directDownloadingLink":"http://www.tagbundlescapital.com/CGQUOm7MXLhP+3ak3aFIa+7R4F6raty8yXIIhKu9dcNJyXS6p9d0+pyCGNPJh1l+4SIPlhvmTBuyQ1XFumOvLbokaQxI1SABuon5lNvNBPpcbtVJ2Agbn6U+HmVUF8Rw2w9ELWG5ELdS7jevCrmGLdUvDrS6qmVZ_Ralsgoj8727dBP4C9ZbeJwkaI5NURJ8kbjDubl9XlXReNsyWRE9HRhRc9ZtUOxcJcwzLqXS1Gwrh8XOUBHhr1duw7V6yFByRyoUT1LrcRYXLHhoXz+8HSFn0muo77PY0+PZN+RRveO0mvj1nWoC90GVA8C01KKU0wC2gUADcLkh1rJefi_piHOem8wU6i7w7MMpm+uan_gZOUBXTnYzQCILgR5+pTdY44vxZGg5IguvYUhJydPdzorIG3e6eLKW3Ovz07nDpXOZkNM2tndPqhNL5Xi7GjUqA+mBVrV6GpnBFZDmJjlk9HB7T65MnWqfBXuXIm3FvFR_2BR7JqJZyvQ71O1WSBVeOgVaUKnLsjWqljXEEe2Nd3GBAwulK5NDRXrTEyVItwV6G5pHsOs0ARucS6Lz8mhN_PH2iaKG20bC2VpzFYTJRpkLBysMwDmPrToi_8eieH52bo7k+Pg=-G4IAAES3+X2edlyj6xwREh4aWOrkwOH7oRaF94Tz2ALdWHioCs6D2AxyG3eZo2C7SXujllp+vZIPm4r+Y_YPvtu1DV5LhKMCdwBcnFZ7nryQB2g=","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.tagbundlescapital.com/CGQUOm7MXLhP+3ak3aFIa+7R4F6raty8yXIIhKu9dcNJyXS6p9d0+pyCGNPJh1l+4SIPlhvmTBuyQ1XFumOvLbokaQxI1SABuon5lNvNBPpcbtVJ2Agbn6U+HmVUF8Rw2w9ELWG5ELdS7jevCrmGLdUvDrS6qmVZ_Ralsgoj8727dBP4C9ZbeJwkaI5NURJ8kbjDubl9XlXReNsyWRE9HRhRc9ZtUOxcJcwzLqXS1Gwrh8XOUBHhr1duw7V6yFByRyoUT1LrcRYXLHhoXz+8HSFn0muo77PY0+PZN+RRveO0mvj1nWoC90GVA8C01KKU0wC2gUADcLkh1rJefi_piHOem8wU6i7w7MMpm+uan_gZOUBXTnYzQCILgR5+pTdY44vxZGg5IguvYUhJydPdzorIG3e6eLKW3Ovz07nDpXOZkNM2tndPqhNL5Xi7GjUqA+mBVrV6GpnBFZDmJjlk9HB7T65MnWqfBXuXIm3FvFR_2BR7JqJZyvQ71O1WSBVeOgVaUKnLsjWqljXEEe2Nd3GBAwulK5NDRXrTEyVItwV6G5pHsOs0ARucS6Lz8mhN_PH2iaKG20bC2VpzFYTJRpkLBysMwDmPrToi_8eieH52bo7k+Pg=-G4IAAES3+X2edlyj6xwREh4aWOrkwOH7oRaF94Tz2ALdWHioCs6D2AxyG3eZo2C7SXujllp+vZIPm4r+Y_YPvtu1DV5LhKMCdwBcnFZ7nryQB2g=","sourceIndex":"3396"},{"howFound":"Hunt.DownloadSite","reference":"downloadastro.com","landingPage":"http://smart_defrag_1.en.downloadastro.com/","directDownloadingLink":"http://www.tagbundlescapital.com/fSmWkc8dTbvnVLN_kkpvyvqp_iZjeDOKsEAZbfOKFNfdlLkYl2Xlg3diDpD7lNlJIqF4LSDRcG5M6yPUQTka+Wp+vEViKcaZoa74mNQtCn1q_kEZX3ag6_ZTrYXPeUj4OtNGH_+MsSc+jXISZmAq3cf2vON5isVFK94N+Pi7VmnkS5vxTUMYPPy2c2plQ6OW26A+8GL_NiZvioYmFeU9K0sDvrJhvNL4V0fmLO21z7Uhzibt7VAgRSeVD4bPKLzRD9p32UCBIxzMNCXKU1T+PDJNLfx6BA7KO6Lcr3qLz0wZdWJ7sEe8Fj8cV9xcLBFKAo_VVlSNTdC4ydUDJFruddwfq2Tv2bnafV4dcmkOnnyLYuGaQMZ44UklKsQyjSUrLKb7MwvB1S85ZlRQkF_6bWJQe_72i23ZTJ55NljGpnOfpI6Fos1dpqd9J5i2oOiNQNVRuB_CZIkhG0QlmCZBzZqFTw6ssmpttwlNrtMQr_XSbnkVMqvaeKQUqtlV71YDzgzIaV+Zlh9wMHZDwotcPOA6ZGL1v2miRJf5E0gkXr6GgykofwKTU2IWKg+GQ1mULUiMzi+W6dCW1lcnattHR+2MUK0+uQ==-G3oAAORte69pxJfWFCkThwaW0IwDh7+ygDIZj2Ew0I2Fh3rBoYjNoLYx_btpy0lWGiABqccb+ZRo9++zvtO7lUvQkps4KGg5QkOTWguNG7cgCQ==","ipv4":"","ipv6":"","sourceIndex":"3397"},{"howFound":"Hunt.DownloadSite","reference":"downloadastro.com","landingPage":"http://spy_emergency.en.downloadastro.com/download/","directDownloadingLink":"http://www.repositorytowncycle.com/cs8uipydd_frIt1NhzxK9I9WdWG8_RUhA_jth6YNEcEFgHx8+sZ8G+RwIlUWMbKqIaiWYbRpCu78zzx1ZmxBJ3rpg_hA+OBXecqFqmEej4qpbmdjuRueI2AnWdhxAmmC2vXSOY3l6V8GlkncyXCAZJaJmPkhBgMUdsf5SZh4wvbEJMFrCLw+vktMzgbNgw3pXsNPEh6e6+sDkyQFQ6OickMFBjv+FKPY76nMw0onC17bS50ZTHRpC11buhd5bf1uZQoIm0gaFJAaFIdvaZV4s8faG85bHH4cZwBTpr1a5wQ6F2gBBmwOWQZ_cFkwTr6YRz62YUqLzUy5VDdIMdpDKWRJUM35NLKJo1HFhpoeooA7osnltvP867IvkI9jh1xJ5tkNikZHRk1y3lLPbDU7WZ2W2TReCIEsuVR538iAkzywDayrywt0N4Nc2tSo+l_GcO9aeywjBeR4cG5Sgbb8qh72l_vtF02emNv1grCxonCNfg62NarPNYgtnHWF0Ok6wULL3VCQDMQ2nbrd4xEKHSm+i452x1+XMFheLsrZMedVwwpcfj96ylZFniIPfnBo3lJIRkqT-G3gAAETn1poRQ_pMkTnHHAF0IEGnHDi0soDyLno960E3Fh7qBYciNoPcxpP3cw9L4pR5fZGPCuX+fdQzzlOxBBqzCfcEKQPTPKhR33HRLkA=","ipv4":"","ipv6":"","sourceIndex":"3398"}],"sampleFiles":["180404/NefunBundler-180213/1.5.9/Samples/recover_lost_files_0691829196.exe","180404/NefunBundler-180213/1.5.9/Samples/goodsync_0192966238.exe","180404/NefunBundler-180213/1.5.9/Samples/recover_lost_files_2747381557.exe","180404/NefunBundler-180213/1.5.9/Samples/spy_emergency_3521384702.exe"],"imageFiles":["180404/NefunBundler-180213/1.5.9/Images/ACR-039/ACR-039 relationships unclear.gif","180404/NefunBundler-180213/1.5.9/Images/ACR-048/ACR-152_bundlermadeoffers.mp4","180404/NefunBundler-180213/1.5.9/Images/ACR-059/ACR-059_bundler-madeoffer.JPG"],"nonDeceptorImageFiles":["180404/NefunBundler-180213/1.5.9/Images/ACR-044/ACR-037_install (3).JPG","180404/NefunBundler-180213/1.5.9/Images/ACR-038/ACR-038 name at launch.png","180404/NefunBundler-180213/1.5.9/Images/ACR-038/ACR-038 name at UAC prompt.png","180404/NefunBundler-180213/1.5.9/Images/ACR-042/ACR-042 no consent for continuation install.gif","180404/NefunBundler-180213/1.5.9/Images/ACR-065/ACR-065_install.JPG","180404/NefunBundler-180213/1.5.9/Images/ACR-092/ACR-092_software.JPG","180404/NefunBundler-180213/1.5.9/Images/ACR-092/ACR-092_software1.JPG","180404/NefunBundler-180213/1.5.9/Images/ACR-035/ACR-035_install.JPG","180404/NefunBundler-180213/1.5.9/Images/ACR-036/ACR-036_install.JPG","180404/NefunBundler-180213/1.5.9/Images/ACR-037/ACR-037_install.JPG","180404/NefunBundler-180213/1.5.9/Images/ACR-152/ACR-152_bundlermadeoffers.mp4"],"guid":"8349cd1c-a3ff-4021-9e58-56792877fb53_1.5.9_1","appID":"NefunBundler-180213","dateAdded":"180404","deceptorType":"Bundler","name":"DownloadAstro Download Manager","company":"Dov gil Management Ltd.","version":"1.5.9","sigName":"Deceptor:Win32/DownloadAstro!039042048050059","lastKnownStatus":"Deceptor:1.5.9","lastKnownDate":"180331","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:50:16.7091637+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":543},{"violations":{"ACR-059":"Offer made is not clearly marked as an offer, or that it's optional\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the default location. The application was installed in a App data hidden folder. The consumers wouldn't be able to identify the app's location.\n"},"samples":[{"isRevoked":"False","fileName":"TelevisionFanatic.d2606c14bb804d62a0180259ff36accf.exe","isInstaller":"True","companyName":"Mindspark Interactive Network, Inc.","productName":"TelevisionFanatic","productVersion":"2.7.1.1000","fileVersion":"2.7.1.1000","hashMD5":"5cff518f08aea8bbcceef7f684cf7930","hashSHA1":"5809436d07c3265b8e92bb18b6913b70215550d3","hashSHA256":"25da084ebaf3fef3af5c66491b18c2b75ff4133f579a89c0c6be4371e9db2b0b","digitalCertThumbprint":"7462A393416C0A380202AF7A2EB11C1CE481C344","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Mindspark Interactive Network, O=Mindspark Interactive Network, L=Yonkers, S=New York, C=US","sourceIndex":"3644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"CouponXplorer.0ba9516e7be34fc49feb055724f6c14b.exe","isInstaller":"True","companyName":"Mindspark Interactive Network, Inc.","productName":"CouponXplorer","productVersion":"2.7.1.1000","fileVersion":"2.7.1.1000","hashMD5":"6e9442a68ea8174a816353197fd69685","hashSHA1":"f411698db7b466f4a80676f0273cd9e6e9a4b2c2","hashSHA256":"44a07a3fe4939d665e17df6240277d267dc379a34925b27b1fcc886ac7402157","digitalCertThumbprint":"7462A393416C0A380202AF7A2EB11C1CE481C344","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Mindspark Interactive Network, O=Mindspark Interactive Network, L=Yonkers, S=New York, C=US","sourceIndex":"3644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WeatherBlink.2cd76112a110424fb1dcb79ae7a24dce.exe","isInstaller":"True","companyName":"Mindspark Interactive Network, Inc.","productName":"WeatherBlink","productVersion":"2.7.1.1000","fileVersion":"2.7.1.1000","hashMD5":"9ea5e1fe02d5eabd2f6633d4701d4268","hashSHA1":"974bc05d1a0932f1195f1aa34e04d70e49e24ebf","hashSHA256":"0a2d38ee5403f84a4d5ce9d34bb3b1d59106aa6a113ff2f34be402ca25b3af42","digitalCertThumbprint":"7462A393416C0A380202AF7A2EB11C1CE481C344","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Mindspark Interactive Network, O=Mindspark Interactive Network, L=Yonkers, S=New York, C=US","sourceIndex":"3644","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FromDocToPDF.ad56b3aaeb0e4d77976832ebf578924c.exe","isInstaller":"True","companyName":"Mindspark Interactive Network, Inc.","productName":"FromDocToPDF","productVersion":"2.7.1.1000","fileVersion":"2.7.1.1000","hashMD5":"1bd6c9e8e3a11f03a22017cf246dcd16","hashSHA1":"7f279497422e034302f7e7e416036f184d5eddcc","hashSHA256":"1a3112662b7bfc1620d03c8b3a62f862a316404eb1a04e057ab839dddf75162c","digitalCertThumbprint":"7462A393416C0A380202AF7A2EB11C1CE481C344","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Mindspark Interactive Network","sourceIndex":"3644","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"https://www.iacapps.com/brands/browser/","landingPage":"http://download.televisionfanatic.com/index.jhtml","directDownloadingLink":"http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/100000415.TTAB02.1/nsis/770946-TTAB02.1/170803194405874/msniTelevisionFanatic/TelevisionFanatic.d2606c14bb804d62a0180259ff36accf.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/100000415.TTAB02.1/nsis/770946-TTAB02.1/170803194405874/msniTelevisionFanatic/TelevisionFanatic.d2606c14bb804d62a0180259ff36accf.exe","sourceIndex":"3644"},{"howFound":"Hunt.DownloadSite","reference":"https://www.iacapps.com/brands/browser/","landingPage":"http://www.couponxplorer.com/index.jhtml","directDownloadingLink":"http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/208153579.TTAB02.1/nsis/771030-TTAB02.1/170804102056500/msniCouponXplorer/CouponXplorer.0ba9516e7be34fc49feb055724f6c14b.exe","ipv4":"","ipv6":"","sourceIndex":"3645"},{"howFound":"Hunt.DownloadSite","reference":"https://www.iacapps.com/brands/browser/","landingPage":"http://www.fromdoctopdf.com/index.jhtml","directDownloadingLink":"http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/207743773.TTAB02.1/nsis/782722-TTAB02.1/170913144401775/msniFromDocToPDF/FromDocToPDF.ad56b3aaeb0e4d77976832ebf578924c.exe","ipv4":"","ipv6":"","sourceIndex":"3646"},{"howFound":"Hunt.DownloadSite","reference":"https://www.iacapps.com/brands/browser/","landingPage":"http://www.weatherblink.com/index.jhtml","directDownloadingLink":"http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/100000413.TTAB02.1/nsis/771359-TTAB02.1/170804140848316/msniWeatherBlink/WeatherBlink.2cd76112a110424fb1dcb79ae7a24dce.exe","ipv4":"","ipv6":"","sourceIndex":"3647"}],"sampleFiles":["180404/AskMindsparkBundler-180326/2.7.1.1000/Samples/TelevisionFanatic.d2606c14bb804d62a0180259ff36accf.exe","180404/AskMindsparkBundler-180326/2.7.1.1000/Samples/CouponXplorer.0ba9516e7be34fc49feb055724f6c14b.exe","180404/AskMindsparkBundler-180326/2.7.1.1000/Samples/WeatherBlink.2cd76112a110424fb1dcb79ae7a24dce.exe","180404/AskMindsparkBundler-180326/2.7.1.1000/Samples/FromDocToPDF.ad56b3aaeb0e4d77976832ebf578924c.exe"],"imageFiles":["180404/AskMindsparkBundler-180326/2.7.1.1000/Images/ACR-059/ACR-059 not cear it is an offer.png"],"nonDeceptorImageFiles":["180404/AskMindsparkBundler-180326/2.7.1.1000/Images/ACR-040/ACR_040_INSTALL.gif"],"guid":"9faa8ea0-4b71-4d21-887e-5d64e6e44073_2.7.1.1000_1","appID":"AskMindsparkBundler-180326","dateAdded":"180404","deceptorType":"Bundler","name":"Ask Mindspark Bundler","company":"Mindspark Interactive Network, Inc.","version":"2.7.1.1000","sigName":"Deceptor:Win32/AskMindsparkBundler!059","firstVendorContactDate":"180410","firstAppEsteemReplyDate":"180410","firstResolvedDate":"180410","firstResolvedVersion":"2.7.1.1000","resolved":"TRUE","lastKnownStatus":"Deceptor:2.7.1.1000;nonCertified:2.7.1.1000","lastKnownDate":"180404","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"IE","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-04-10T22:00:55.9510116+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2540},{"violations":{"ACR-109":"rkverify.exe and rkinstaller.exe, two files are signed and published by RelevantKnowledge, were downloaded at the time of bundle was first executed, before any user input. The disclosure and consent on the first screen is too late.\n","ACR-042":"rkverify.exe and rkinstaller.exe are both downloaded/installed prior to obtaining user consent.\n","ACR-047":"After app install and on every subsequent software start, bundler prompts user with \"Important!\" message to use a \"new versoin to avoid malfunctions\". This installs the same version of the app, and re-runs the install and the offers that the consumer has previously declined. \n","ACR-039":"Relationship between AllFreeVideoSoft, the carrier and its vendor, the the download manager, and the role of the download manager are unclear. User is asked to accept running (with privileges) a differently-named download manager signed by a previous-undisclosed company, then user is presented with a download screen that claims this is FAVSOFT Download Manager. App doesn't indicate the source of the carrier.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation. \n","ACR-038":" During launch, the app uses a seemingly random name while requesting UAC access.\n","ACR-065":"No EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided for the download manager.\n","ACR-092":"download manager uses a digital certificate from a different source than what was disclosed. The app's digital certificate is signed by \"RuiQing Software Technology Beijing Inc\" which is not disclosed in the app's offer or install.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"D:\\SvcFab\\_App\\ServiceApiType_App0\\temp\\tmp7EC6.tmp","isInstaller":"True","fileVersion":"0.0","hashMD5":"90f3b56657697a433c41c2070caa13f9","hashSHA1":"a0a2bbe2ccfc1e24b17038eb4689217ca1f27020","hashSHA256":"6217b04c3dc09f1df6b1f5ec3720f45ef7d93fcab0340a1c6dda136af36677eb","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"3446","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"D:\\SvcFab\\_App\\ServiceApiType_App0\\temp\\tmp7A9F.tmp","isInstaller":"True","fileVersion":"0.0","hashMD5":"660f55f17c04bedf26af5251e7bb6739","hashSHA1":"657365765fe072f0fcb8058a997c3dd7c1779e12","hashSHA256":"44c383f782b57398d37e419dd31d390f659453b5abff4d10752c514fdb7262b7","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"3447","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"D:\\SvcFab\\_App\\ServiceApiType_App0\\temp\\tmp7DEF.tmp","isInstaller":"True","fileVersion":"0.0","hashMD5":"b8d4e276f7b68f6a2ffaa6363b6c57ee","hashSHA1":"aa5c23c888d9c633c4ea602fc78a19266a242b13","hashSHA256":"690e570b5f21fc5540a39310347480c6c67d8220a55039c5a350a8510a362568","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"3448","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"RuiQing Hunting","landingPage":"http://allfreevideoconverter.com/freediscburner/index.html","directDownloadingLink":"http://www.allfreevideoconverter.com/download/AllFreeDiscBurner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.allfreevideoconverter.com/download/AllFreeDiscBurner.exe","sourceIndex":"3446"},{"howFound":"Hunt.Community","reference":"RuiQing hunting","landingPage":"","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeDVDtoiPhoneConverter.exe","ipv4":"","ipv6":"","sourceIndex":"3447"},{"howFound":"Hunt.Community","reference":"RuiQing hunting","landingPage":"","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreePDFConverterUtilities.exe","ipv4":"","ipv6":"","sourceIndex":"3448"}],"sampleFiles":["180403/TomSetup-180312/5.6.3.3/Samples/AllFreeDiscBurner.exe","180403/TomSetup-180312/5.6.3.3/Samples/FreeDVDtoiPhoneConverter.exe","180403/TomSetup-180312/5.6.3.3/Samples/FreePDFConverterUtilities.exe"],"imageFiles":["180403/TomSetup-180312/5.6.3.3/Images/ACR-109/ACR_109.PNG","180403/TomSetup-180312/5.6.3.3/Images/ACR-039/ACR-039_install.mp4","180403/TomSetup-180312/5.6.3.3/Images/ACR-047/ACR-047 reprompting.gif","180403/TomSetup-180312/5.6.3.3/Images/ACR-047/ACR-047 important.png","180403/TomSetup-180312/5.6.3.3/Images/ACR-042/ACR_109.PNG"],"nonDeceptorImageFiles":["180403/TomSetup-180312/5.6.3.3/Images/ACR-044/ACR-037_install (1).JPG","180403/TomSetup-180312/5.6.3.3/Images/ACR-038/ACR-038_INSTALL.JPG","180403/TomSetup-180312/5.6.3.3/Images/ACR-038/ACR-038_INSTALL1.JPG","180403/TomSetup-180312/5.6.3.3/Images/ACR-065/ACR-065_install.JPG","180403/TomSetup-180312/5.6.3.3/Images/ACR-092/ACR-092_software.JPG","180403/TomSetup-180312/5.6.3.3/Images/ACR-035/ACR-035_install.JPG","180403/TomSetup-180312/5.6.3.3/Images/ACR-036/ACR-036_install.JPG","180403/TomSetup-180312/5.6.3.3/Images/ACR-037/ACR-037_install.JPG","180403/TomSetup-180312/5.6.3.3/Images/ACR-152/ACR-152_bundlermadeoffers.mp4"],"guid":"7f23e74f-1ad8-46fa-a834-2c05c4d093a8_5.6.3.3_1","appID":"TomSetup-180312","dateAdded":"180403","deceptorType":"Bundler","name":"Ruiqing Bundler","company":"RuiQing Software Technology Beijing Inc","version":"5.6.3.3","sigName":"Deceptor:Win32/TomSetupBundler!039042047050109","lastKnownStatus":"Deceptor:5.6.3.3","lastKnownDate":"180331","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:25:12.1795462+00:00","notDistributed":false,"familyName":"ruiqing-bundler-ruich","numInFamily":5,"numInAppID":1,"sortOrder":1854},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\"\n","ACR-039":"App uses a seemingly random name and certificate that match neither the carrier nor the download manager.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation\n","ACR-065":"No EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided for the download manager.\n","ACR-035":" No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-036":" No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager. \n","ACR-037":" No Privacy Policy is provided for the download manager. \n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"Superdownloads_mv-regclean.exe","isInstaller":"True","productName":"Sunu","productVersion":"3.6","fileVersion":"","hashMD5":"f57049cc5d10103b375690e391ecfa75","hashSHA1":"fc7cd49dc55d993864a617785e0c79fb51be7594","hashSHA256":"33b9468f2329b6bd0d2a7b7f9b0d314f26affb66bb73f605ae9a03f2417ae3f0","digitalCertThumbprint":"1FDADC27897F45E798B05B41657E8BD32A17E522","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Superdownloads_slimdrivers.exe","isInstaller":"True","productName":"Sunu","productVersion":"3.6","fileVersion":"","hashMD5":"c28fb54bb8b018593b460d4d71a4d03e","hashSHA1":"550016d6ef6f94a5a798e7cadde46ac29aeb6bd9","hashSHA256":"cc7ce78773587411bc2402d59cdb700de1357a117793ca1834af6136b8353a2e","digitalCertThumbprint":"1FDADC27897F45E798B05B41657E8BD32A17E522","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Superdownloads_winzip.exe","isInstaller":"True","productName":"Sunu","productVersion":"3.6","fileVersion":"","hashMD5":"d8c5707a9118e76859ca1f58d847f647","hashSHA1":"b6f14a5c93afff56689ee77956ad56d4842db5b8","hashSHA256":"d2707bd5ea5e067522377c5b4e31d59da9931524bcfb02fa4bd9b865ee751f6b","digitalCertThumbprint":"1FDADC27897F45E798B05B41657E8BD32A17E522","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Superdownloads_everest-5-ultimate-edition.exe","isInstaller":"True","productName":"Busimup","productVersion":"1.5","fileVersion":"1.3.5.6","hashMD5":"347f567f16360b2142751fa92c5f3e8f","hashSHA1":"d4e66f27c3e893ac553b78991ca0eb843bb95cae","hashSHA256":"2a9b463d76cdbebb22d710671ac3fd03fc13d1043004292f3471097cf4dbd229","digitalCertThumbprint":"1FDADC27897F45E798B05B41657E8BD32A17E522","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Superdownloads_advanced-rar-repair.exe","isInstaller":"True","productName":"Busimup","productVersion":"1.5","fileVersion":"1.3.5.6","hashMD5":"ef4bbb747b4d97e5855faed6fa523314","hashSHA1":"4464f661ebf674a37148ba2c1fc55dabfd4adedb","hashSHA256":"33df21ed2e1a0e3153b6ec24c4dca7254e99fc8d752fc64573ab7601f20874ef","digitalCertThumbprint":"1FDADC27897F45E798B05B41657E8BD32A17E522","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Superdownloads_disk-drill.exe","isInstaller":"True","productName":"Soh","productVersion":"3.3.6","fileVersion":"","hashMD5":"d6e11b80a851660f44f6bc94129c4cff","hashSHA1":"f5201f725da736ab89778cbc0d77e17245f1799b","hashSHA256":"06be839aa92e3d6201b5a9354065d1e79cb2b3d70c849c7e44d71198daa23176","digitalCertThumbprint":"1FDADC27897F45E798B05B41657E8BD32A17E522","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Superdownloads_imgburn.exe","isInstaller":"True","productName":"Soh","productVersion":"3.3.6","fileVersion":"","hashMD5":"bea3a223ba249963f447006ce74d7e5b","hashSHA1":"46989d40fdefd31e320e50ec4898d5138fdb04c2","hashSHA256":"36eecc4a796162985de0c4215bbdc9b060c5a0c07d4894b872413b75656768e1","digitalCertThumbprint":"1FDADC27897F45E798B05B41657E8BD32A17E522","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Superdownloads_slimdrivers.exe","isInstaller":"True","productName":"Soh","productVersion":"3.3.6","fileVersion":"","hashMD5":"c5cf39520372699ab9a66142e458de1c","hashSHA1":"f9cb9fd50a845741102a26e98e96f1183fa2b7bf","hashSHA256":"48814953393786182f51d7a14857b4f58ae0e49654092f548eeaafd933d94f52","digitalCertThumbprint":"1FDADC27897F45E798B05B41657E8BD32A17E522","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Superdownloads_mv-regclean-180415.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"4aa51c53715695324bb71241ccdbac4a","hashSHA1":"3be1ffe496273a3f9cae4581a4d82a8aff90eec5","hashSHA256":"a7b720b69a214ccb4dd8633237fd374dbb7a9924ed8498db244dc49c78f14aee","digitalCertThumbprint":"9B30EA0A241A095F6D9DA301C9391B6711839D6B","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=NO ZEBRA NETWORK S.A, OU=IT, O=NO ZEBRA NETWORK S.A, L=Curitiba, S=Parana, C=BR","sourceIndex":"3399","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"http://www.superdownloads.com.br/","landingPage":"http://www.superdownloads.com.br/download/104/slimdrivers/","directDownloadingLink":"http://www.cleandownloadcity.com/nMj1008+lxy82HgVDAqlOYqu_LlePDBVY9Njnv17YdBbEqfR39J+ay39HLQ0Q1XcZeDkvgzXKugbEz_EhIgxUAI16VNsQV9hpOPCZeiY0KxsWIdI2Sz48zSPPN7ed16hiT6ppNnH1afLQC_GrxPYGZ38H+XhyAQaWmYUil4gep8R+jSU7ojDRvHFJmcOfIF9_GjHAP3nofm7CwMFHHwym05qBK9jSsvM0tpm6NTsxI5gJ7CN6VW4KEwNOpxOesjw0Wranq7UOJBXRNZC1LADCdt42s8+W6SWq25uY6szhEcuVprrwg_2CABf9HXzrbQvntKL5JjC2yemvOkMA0kMzPExaSVuWMaC98J1aQBzQjJ5xF1ypN1pbM40y9r9n_HySn++u5VxD6BtZvE43_gK9mIRkxiZEGXBkoLKFGxcskBbe0f_QQtRwGw1Vf5lDqSp28vSe1Jg_RQD8VbJ273IY6L7PDuP1VDcsIegzWc8o9MGJnI7kBLijjWi8d+yc537DlOJD4xc-GzAAAERPFhMlCU2oHmxstrOBDThg76cJB7HBcfhcG1GUN6b8RrIFrTevbAOPQuyN4gE=-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.cleandownloadcity.com/nMj1008+lxy82HgVDAqlOYqu_LlePDBVY9Njnv17YdBbEqfR39J+ay39HLQ0Q1XcZeDkvgzXKugbEz_EhIgxUAI16VNsQV9hpOPCZeiY0KxsWIdI2Sz48zSPPN7ed16hiT6ppNnH1afLQC_GrxPYGZ38H+XhyAQaWmYUil4gep8R+jSU7ojDRvHFJmcOfIF9_GjHAP3nofm7CwMFHHwym05qBK9jSsvM0tpm6NTsxI5gJ7CN6VW4KEwNOpxOesjw0Wranq7UOJBXRNZC1LADCdt42s8+W6SWq25uY6szhEcuVprrwg_2CABf9HXzrbQvntKL5JjC2yemvOkMA0kMzPExaSVuWMaC98J1aQBzQjJ5xF1ypN1pbM40y9r9n_HySn++u5VxD6BtZvE43_gK9mIRkxiZEGXBkoLKFGxcskBbe0f_QQtRwGw1Vf5lDqSp28vSe1Jg_RQD8VbJ273IY6L7PDuP1VDcsIegzWc8o9MGJnI7kBLijjWi8d+yc537DlOJD4xc-GzAAAERPFhMlCU2oHmxstrOBDThg76cJB7HBcfhcG1GUN6b8RrIFrTevbAOPQuyN4gE=-e","sourceIndex":"3399"},{"howFound":"Hunt.DownloadSite","reference":"http://www.superdownloads.com.br/","landingPage":"http://www.superdownloads.com.br/download/50/winzip/","directDownloadingLink":"http://www.cleandownloadcity.com/RJxYaYvyqz5sZSP+Xpnv8hLFZkJ5WUnx4bNMeEw05SRtzeZ_mvUpO__MkTBEqRAkG8Y737fqbf9DOWYD+9b4bRtgvmXtvBieAbeHE40Xn_gGi+zMcwBNzIki9gUVY9LDlUBXtR9o7n8UnoFkydtnlk8Dy3uAgAuv9kfoov3E3Ei4Na19Ockjj41DwK8EpR25qXhD_CoyyiNQXKTHWLtWhJUkr3oJTjXsYQMDHQ7zCTlCFHgNi4dfV6B9l_Exjnl84BsxzbvXZ0EfLKg0oD0YLssXgYPMCcieoINsbehTEeRUerhjUycyEjWMlk2K1vcblfQL3PhG5mhAaZs70Z4diWc0mIZfNmh0El6b94yCiwjNvDGqeQgiUfwbGcdcpTXr6fRcUmR71KhZnHNBNaVz1EbpcVIasLijg+fmILUsKUi2mEJFvQEW0M9dUQV1uBehrEIUEuSyhAy5lQ3Tygp82wKEyGK_Q2sKugMM2d+Rl3nL37JxMofxEJtNU1l49+vVdUAkWfGgJ6AUN6VXGQTUtqIQc8Z6z7rUo8HUwSxWCGgn2lpBSHX0huG9VF1gF+KFSuQgK64DN21_Lwx1tHz+DuMPCijBKdzDkFGuo8WGCLrLH0iU1MzEiZkoVESmAT65wdLQFOuv-GysAAERPFpvtTwTTAhLBwAYcONS04XZj2QbKjSd3qsUjrV9F7Mc5AaMC-e","ipv4":"","ipv6":"","sourceIndex":"3400"},{"howFound":"Hunt.DownloadSite","reference":"http://www.superdownloads.com.br/","landingPage":"http://www.superdownloads.com.br/download/147/mv-regclean/","directDownloadingLink":"http://www.cleandownloadcity.com/AR8kfXytKGvxnhisMQ_DPFCW_KXLkUHsmWLgFeKU_CmlJu6DmcAaEGbIiRgLxj3Pyr3HwTAPd+5vQOUwQFjoQYlocP6SHGczcVt2GOgzONvdzHWDoKq5uV+7xGUWUwq6JEPtBEKRc0xpNqExVFujfMGJGWgBzK13SrzeAG_umscgOn1Z5fd33cCrI80VosWbVvFae0gV7RQT0qieK7UjqMOFTUQW1uI3_yoaRVZ1rn_CUeavftM4Om_bjFJv0bIWlbozjs_Q2F8UdWu7AyEBbEx8KuyHyW9TvnD5neQRmNw6LiFQBIL34vIJayGtnZZgP9z50HcMRPRwZjNgYMrgP6CMNDo2FxasxRFI6tzcrYO8wEQLAd6x+CYXg5Kkt73z4kOny_X4oghNXlpfHB_XGEgeFxcgnSeBK7Y2oiEW+MS8Lyoyw_jDB13YPZu9f2ZOz64EV2_+iJuLmzdIxQruFgnp6sFqzIAKAuHTJxx0WK_sNndtiMj3W8lk9DvTtpCpSdgf+sXt-GycAAERveH6cN1oeKEpgIgfsbZmkx+cJct6Y+HsIWWvO8KTDeQM3BRXhAQ==-e","ipv4":"","ipv6":"","sourceIndex":"3401"}],"sampleFiles":["180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_mv-regclean.exe","180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_slimdrivers.exe","180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_winzip.exe","180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_everest-5-ultimate-edition.exe","180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_advanced-rar-repair.exe","180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_disk-drill.exe","180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_imgburn.exe","180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_slimdrivers_new_version.exe","180403/SuperdownloadsBundler-180308/3.6/Samples/Superdownloads_mv-regclean-180415.exe"],"imageFiles":["180403/SuperdownloadsBundler-180308/3.6/Images/ACR-039/ACR_039_INSTALL.gif","180403/SuperdownloadsBundler-180308/3.6/Images/ACR-048/ACR_152_Bundler-made offers.gif"],"nonDeceptorImageFiles":["180403/SuperdownloadsBundler-180308/3.6/Images/ACR-044/ACR_065_INSTALL.PNG","180403/SuperdownloadsBundler-180308/3.6/Images/ACR-042/ACR_042_INSTALL.gif","180403/SuperdownloadsBundler-180308/3.6/Images/ACR-065/ACR_065_INSTALL.PNG","180403/SuperdownloadsBundler-180308/3.6/Images/ACR-035/ACR_035_DOCS.PNG","180403/SuperdownloadsBundler-180308/3.6/Images/ACR-036/ACR_036_DOCS.PNG","180403/SuperdownloadsBundler-180308/3.6/Images/ACR-037/ACR_037_DOCS.PNG","180403/SuperdownloadsBundler-180308/3.6/Images/ACR-152/ACR_152_Bundler-made offers.gif"],"guid":"189849de-0a3f-4760-b29a-d67a7fccb88c_3.6_1","appID":"SuperdownloadsBundler-180308","dateAdded":"180403","deceptorType":"Bundler","name":"Superdownloads Download Manager","company":"NO ZEBRA NETWORK S.A","version":"3.6","sigName":"Deceptor:Win32/Superdownloads!039048050","lastKnownStatus":"Deceptor:3.6,4.7","lastKnownDate":"180415","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:49:36.1998427+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":544},{"violations":{"ACR-048":"Bundler remaps \"application close\" to \"minimize\".\n","ACR-059":"Makes offers not clearly marked as offers\n","ACR-039":"No attribution for the download manager is provided.\n"},"nonDeceptorViolations":{"ACR-044":"No attribution is given to the download manager. Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-092":"The application does not have a digital signature. unsigned.\n","ACR-035":"The download manager's EULA/Terms of Service and Privacy Policy has no mention of the application's name and the identity of, and contact information for, the source.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"advanced-systemcare-setup_2491667483.exe","isInstaller":"True","companyName":"Kamik                                                       ","productName":"Kenaminon","productVersion":"4.0","fileVersion":"2.1.5.1","hashMD5":"50d726f6c2bde77ddd5528cfeb10aae7","hashSHA1":"450f2143dbe0abef2940ff9516d5fae8843e572f","hashSHA256":"ad59da71a5ce89ac3d0031031178524bc0de170d0fd3451b2607314bce684cbc","digitalCertThumbprint":"Unsigned","digitalCertIssuer":"Unsigned","digitalCertIssuedTo":"Unsigned","sourceIndex":"3432","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Advanced_Uninstaller11_1768803194.exe","isInstaller":"True","companyName":"Sosuhu                                                      ","productName":"Samamehuh","productVersion":"2.2","fileVersion":"4.4.3.5","hashMD5":"536f88e6f89c8e760cb56c6edac613a2","hashSHA1":"831e4d1a033d10168fff2bd4226b9721f843fee9","hashSHA256":"17f5a970315b23ce68b944477dae3a2ca3116e072f7b1daa1d80e373c15d8f78","digitalCertThumbprint":"Unsigned","digitalCertIssuer":"Unsigned","digitalCertIssuedTo":"Unsigned","sourceIndex":"3432","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"advanced-system-care-setup_1078387631.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"9c9b6a9e5142e72a378bbbecb610bff8","hashSHA1":"57b74df226ccb40e876de3b211cf24a01e561628","hashSHA256":"81955a70ce1bc1f288149b010109603585c3b831aa553707a8cc97bff6704632","digitalCertThumbprint":"8068D10C74D360B7CB5692514498EE0D8034B68B","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Aivstart Software Ltd, O=Aivstart Software Ltd, STREET=5 St. Vincent Street, L=EDINBURGH, S=Scotland, PostalCode=EH3 6SW, C=GB","sourceIndex":"3438","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"http://qpdownload.com/","landingPage":"http://qpdownload.com/advanced-systemcare/","directDownloadingLink":"http://www.giftnowtoday.com/_0r_3URpw_yAgi5kxIL7E8fuhoTPBntPPeALbVYdcNlFKPmSeuqaLF+prgWt60xSi+_QOUTmSfnSVIhsTOE2Q55I5rLkx4s+jz6IFa+1SToX8T8Sh+9yi52pMGst6ceNGgYimWivknxEweSExcMU6TTolar9bIg8acrBTFU6YdVxwI5ySt11ZeQ_UwDWL_uAhtQKy0c0qVxVcj0mZi3ZA7phmrx9R27lfAXgWfDjaQsMgh6ogYL3K+umI57n9CETailzQNL8dijzhlYc9n4JWJjcUlNQbH5l_LnT3K3zbuRMHLDBH5cqdii2A4YNK_KTaPDkB5UKO8G7ijxt_iLd6uUe8IdY9_O+Tnc6IYkKjDJ6WYg0tngHTBYB6VbBjAy4o8OeI+5sYEGp8Xg2cfGkiUhzNoc5xgQGQEo0IFV_ghGmZTy4JwqBV9UwmaDb1RlmW2NIeqRSPqXd7mEQMrIkRSlokft1ES0xss8hbOCzZCk7ciQz1lO5j3OmnIYIdvlWfO4oAshBAGByqXsQgtxp8bfEQnw6uA==-G1UAAATiZBQTYja77t04xoHDbTcuttFow8bYeSI06sU1TqUKaXBvsakleMMb69OkiSPDXioP","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.giftnowtoday.com/_0r_3URpw_yAgi5kxIL7E8fuhoTPBntPPeALbVYdcNlFKPmSeuqaLF+prgWt60xSi+_QOUTmSfnSVIhsTOE2Q55I5rLkx4s+jz6IFa+1SToX8T8Sh+9yi52pMGst6ceNGgYimWivknxEweSExcMU6TTolar9bIg8acrBTFU6YdVxwI5ySt11ZeQ_UwDWL_uAhtQKy0c0qVxVcj0mZi3ZA7phmrx9R27lfAXgWfDjaQsMgh6ogYL3K+umI57n9CETailzQNL8dijzhlYc9n4JWJjcUlNQbH5l_LnT3K3zbuRMHLDBH5cqdii2A4YNK_KTaPDkB5UKO8G7ijxt_iLd6uUe8IdY9_O+Tnc6IYkKjDJ6WYg0tngHTBYB6VbBjAy4o8OeI+5sYEGp8Xg2cfGkiUhzNoc5xgQGQEo0IFV_ghGmZTy4JwqBV9UwmaDb1RlmW2NIeqRSPqXd7mEQMrIkRSlokft1ES0xss8hbOCzZCk7ciQz1lO5j3OmnIYIdvlWfO4oAshBAGByqXsQgtxp8bfEQnw6uA==-G1UAAATiZBQTYja77t04xoHDbTcuttFow8bYeSI06sU1TqUKaXBvsakleMMb69OkiSPDXioP","sourceIndex":"3432"},{"howFound":"Hunt.DownloadSite","reference":"http://qpdownload.com/","landingPage":"http://qpdownload.com/ak-player/","directDownloadingLink":"http://www.giftnowtoday.com/LvqFCYgm_XJIcdcJtksUuFirxjUVxt_+K1ss8KSRqzjcEUJjq7uN_jD9jFW_UVnhopOY4x2Izf0FAr8Y_8jue12VxMlrdhEb_xbELT_EkvbeQFnQLCgb9pJtYqwVNxz6qQx_6L3AMi_0dy8rjqKnjb_da2w9YuFn_fNuJ8D7ZG52Yeti4UetGDFjBF8hejfhgLnWjt3j4C532lFv46U+vauB7BlwoX1p15wWZmfitRSrHG0IMT31M71ymXTAAUum0yTPNd8gby4WhVIwM0H87ak2yvpJg_2HFy5Ica9e9OnDor+l0GMZ8+fHnfebKc0VzH0liJF5ukhy+TTwrf4YihLypHL4n9Rt+gVgGWvvFU_OwIYgTBLT85NZH9q4gUxEOaZ+P8h866ntNRMgk9fcCHtNzskIFcK99B1zMc5WK+VM_0sJs_jEZBMZCR905Jjbsezw0fNASaT2V3SPDKx7kLmCEMtEsiyhBMCHPt9UsnJ9d_68_0SQLtCbB9P+QLdXyD8DyTEk-GzwAAMQNDqnDeV5oiJafBoccOHxhGlAUBxtj5wpC9dIaZweFDfeWshpUs0WnYyRyMDe9AA==","ipv4":"","ipv6":"","sourceIndex":"3433"},{"howFound":"Hunt.DownloadSite","reference":"http://qpdownload.com/","landingPage":"http://qpdownload.com/advanced-uninstaller-pro/","directDownloadingLink":"http://www.grabapplicationsnow.com/83qnWb0s2ayFIP8B+vydLAynf9lHvLIBCucicCHeAILo8zmMyPx8xEApk8Ry4S0xtuF664VF2N8_ra+22zd__mT6FfvHEMgmuGcT4tjFq38XT6OLT6S1Z29f6DmxzT5XTj+8NCtMnntknwbMdcHs11dGjriUEWu+P185CNJUTnwUz2zFrJv9vdzMU+Trfxvy9zVb011vpV2RxPspIt6Tx29ijIjfJz795OzvSAiiVuunnLJc6YOhSqYnjW2xbU5ZGCFgu1Q+ogD4JazzmzyNZNUfeNuTi5_riRXFx_ACCWLYQ3JNzimsFK80hBE+Q0IymOg7E4WC_26L4WjzYpj28bbdxV1MVtDblNix3wquJ07VG_Y4fatqR85XtkDermbMbRTcVyM+_IJhXk2u_bzsetqawYD3IOgeGJ4WQNIukktUEbCfQOWx6gJ_75wFBYvytNMkiYBdk_ibQ6WyxmIDkHDTd_tb8YfJnixRaBFBeAgKOfOwj9irzrO+RTNjjRhOu0SfOzn3kZ53urEa7EXQmOx9MJ53Gg==-G1cAAEQ3hjHpsAWzadUHgk45cGhpWZZIctGDhyxEzb4JNFzjTKOQBvcWAV25rNHlSm9BxofihdvGTPkE","ipv4":"","ipv6":"","sourceIndex":"3434"},{"howFound":"Hunt.DownloadSite","reference":"http://qpdownload.com/","landingPage":"http://qpdownload.com/cyberlinke-powerdvd/","directDownloadingLink":"http://www.signssendapps.com/xF8RB+reoRFIIiGrGBJtGfuzZZc+1VYmDf59CKDIXJfpPfCfChSlLuhmx5K9OpLlJNPUyVtN7ZJ177oadpL3qJlgF_nzXRcS7cd5KKZAKGeDU_sXNMyTYGfasUhjF+OMbJSOoReO+6y+RUGCokE+3KEHlTsR0uYNIU3XOlsOItMk26SIJ5x_yWvPDoc_ZVPXoBykMvq33B3BFP40JbfLiFZet8odWVAUmJS52meM1tN8psWQn1+fmBPCXWfOSV+vcxZJvFEK6aa+8Dx42aTxlgftRfTsCUY3Q1Q8LiLPHVlcKwA4yKI0tYmgdTT2DeDiU1fGLsFi1CPOyQIfNkTm_AKiGXQ+ft65WabQA512CrGHJ1WN29tEWaQlcyTlBwAsgbrq1Hvmu5SHMMfguhU4SDJ5UYR9be5XsH4l920LcDRFkk1AIUjuu0C7y4NEAj_RR9fqhPgm8Ar7E1wZQ6LJ__o7oBNqQU8T67PXKCLaVdRCe6wkxim9nHRuyLMwpMQ1AodFKGoErdrt1olV4Cai927FNJZ+QvVblOhML_AjQlpOOIOtEKU=-G1kAAMTyFhNXgl+X1N_4C8aMD4ZTDlhbLZDg87YfSO42huDYIhrUy9d4zrZSG723vGi_0mdfg8Fo7Rr2qXQkBQNEM0+K6KCARj4C","ipv4":"","ipv6":"","sourceIndex":"3435"},{"howFound":"Hunt.DownloadSite","reference":"http://qpdownload.com/","landingPage":"http://qpdownload.com/avast-free-antivirus/","directDownloadingLink":"http://www.signssendapps.com/Beg5tINlk_8SEOVTXNPbi4v8m4MvHUXHNDEXXuRlT9bxoh_7gni5jBa1r7A5eJCBa++r+48EwMhdGNIt+eMnjAIYSsl4PhKxJ880S9DYhqVxL287YrZUx5Dxhx_nbA0FVyc6gt57J9V82_dmP7MFYGhykxgCeK7HmKGni9jRaJe6Rg1oaeaK2Ck2YhCPCs80jGD2dsD3hHO6jWoSLlN5enCaMwrT1PMPbxytJj+ZXXd1HvwzxojTllfbPJUr++WNhUkhBPBkpvQf2SYCkdgzdjp9LP5+BrXmtPEDs9bq0CbqTB_ypazd+pzAAx8xfJ4_d2pmhTnQ1QVqZ1IN0goRaYfXpG2Am0L0qq3bPFl9qeXzVJN397JgxmnPOqzB85jVAHyujzhagak9MpkPg_jBRcpemXhANBaiiqd1MbV6GqZMqUtwP1kT9Gsr3SVmXi7CK2EYxHV2vvwSFuVPei+IZVjkIU26qONpNpqoyl8sPBKkrH0c+YUWyc31n9BAd+0Feb4begYHweib5aaVVJlePFdo1e+h1tRCtWJHD7kTgstqN95xu6A=-G14AAES3RjGpMQ7DgkXeg3Mb+x7HHeIJOhHxu908h8+HKPbN13i6pJRG7y1l3oYQzonnRW_TBtUcCEB8LO8VvK_yEw==","ipv4":"","ipv6":"","sourceIndex":"3436"},{"howFound":"Hunt.DownloadSite","reference":"http://qpdownload.com/","landingPage":"http://qpdownload.com/drivercentre-updater/","directDownloadingLink":"http://www.deliverybestclear.com/68riMmu2zq1ULBhjits5374g4gsRqExeONbHrN2s0KVLeNnfRTC9qLZenpxjH8QxcWyWW7Jh2IaH_JuXu4MszkS3E2rSFe3nhjdhQtl_0wTkcuEw5BX9_vyhDBXxK0cn+WikvQHZLf3c2oirFOkkmJ0ThMYRNX2Ti1vR53MVC2HsJ31QqvwzDchDC5MadH5RgTIbKed2bsog2FiwbHZ4TXGotUgFmqJW4NxSev2AFydgKcUBHtwbf5iJBIkJdJH4A3yjs83XVK4Dw1M4yeSdpPmTWa61gHdCWk3yXhbLw4ZhEDOfS8+aRvSN1fmt+cfinMLgQl_EXpgwy3xO7unXsdVgmEm9PtygLecKo7Y2ShFHBg8gVLIWEhJLaoLbOwO9Rh6327WE1MoVp2sbXLVPuCv05lZ1JMAQW7x0boQP4hu5B6SbrqeLppNGMVpskGdaBzKjvz9uIvnTGBeR6JNuK+MTJCH4gcaY8l21vgz+OhA6A0afZBw7NhEqjst5qI+s0u+ktYhhUGunmc_g8EM0O1Vp5vH0Mw==-G1MAAETdFtO3iyEqlmrQtQc9CDrl5oFii8L6QQ5m9xg7DzF4tMZ7jxTT8N4Sbider4XKeJMs1CnZIWjPLKjw8SKgLw==","ipv4":"","ipv6":"","sourceIndex":"3437"},{"howFound":"Hunt.Research","reference":"reviewing progress","landingPage":"http://qpdownload.com/advanced-systemcare/","directDownloadingLink":"http://qpdownload.com/link.php?name=advanced-systemcare","ipv4":"","ipv6":"","sourceIndex":"3438"}],"sampleFiles":["180403/QPDownloadBundler-180308/4.0/Samples/advanced-systemcare-setup_2491667483.exe","180403/QPDownloadBundler-180308/4.0/Samples/Advanced_Uninstaller11_1768803194.exe","180403/QPDownloadBundler-180308/4.0/Samples/advanced-systemcare-setup_1078387631.exe"],"imageFiles":["180403/QPDownloadBundler-180308/4.0/Images/ACR-048/ACR-152_bundlermadeoffer (1).mp4","180403/QPDownloadBundler-180308/4.0/Images/ACR-039/Screen Shot 2018-03-31 at 11.28.26 AM.png","180403/QPDownloadBundler-180308/4.0/Images/ACR-059/ACR-059_bundlermadeoffers.JPG"],"nonDeceptorImageFiles":["180403/QPDownloadBundler-180308/4.0/Images/ACR-044/Screen Shot 2018-03-31 at 11.28.26 AM.png","180403/QPDownloadBundler-180308/4.0/Images/ACR-092/ACR-092_software.JPG","180403/QPDownloadBundler-180308/4.0/Images/ACR-035/ACR-035_docs.JPG","180403/QPDownloadBundler-180308/4.0/Images/ACR-152/ACR-152_bundlermadeoffer.mp4"],"guid":"14b46047-a195-4a54-819e-faef060727d7_4.0_1","appID":"QPDownloadBundler-180308","dateAdded":"180403","deceptorType":"Bundler","name":"QPDownload Download Manager","company":"www.qpdownload.com","version":"4.0","sigName":"Deceptor:Bundler/QPDownload!039048050059","lastKnownStatus":"Deceptor:4.0,4.6","lastKnownDate":"180415","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:30:02.9764387+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":545},{"violations":{"ACR-048":"Installs remaps the standard \"application close\" functionality to \"minimize\".\n","ACR-059":"Offers made are not clearly marked as offers\n","ACR-039":"Download manager uses seemingly random name and certificate that matches neither the carrier nor the source of the download manager.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-038":"During launch, the app uses a seemingly random name while requesting UAC access.\n","ACR-065":"No EULA and/or Terms of Service is provided for the download manager.\n","ACR-092":"download manager uses a digital certificate from a different source than what was disclosed. The app's digital certificate is signed by \"Innova Media d.o.o.\" which is not disclosed in the app's offer or install. \n","ACR-035":"No EULA/Terms of Service is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service is provided for the download manager.\n","ACR-152":" The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"shareit_3504080057.exe","isInstaller":"True","companyName":"Innova Media d.o.o.","productName":"Kesope","productVersion":"5.5","fileVersion":"3.7.1.5","hashMD5":"3935811eec0012938d08c6e16446290f","hashSHA1":"981ad54833670844651c34690c19f9dfacecd8b7","hashSHA256":"d5448475eb774f56161241aad7474dfa52487b41eb18f160e3ff1c363a0c9e96","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3402","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"internet-download-manager_3862310064.exe","isInstaller":"True","companyName":"Logaf                                                       ","productName":"Bam","productVersion":"2.7.0","fileVersion":"0.0","hashMD5":"96c9147c48cf07b4ca76433b379bb881","hashSHA1":"fff2d8b794ec449fc47a48348ceb2051900a0bfd","hashSHA256":"8f87901e31b89cc3ad2567ff0e7a1bf729686cea91d892c69938183692f944a6","digitalCertThumbprint":"9544B467724FD3AEA4CE4FE2E0EBEB0C0814EF22","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Innova Media d.o.o., OU=IT, O=Innova Media d.o.o., L=Sempeter pri Gorici, C=SI","sourceIndex":"3402","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"http://www.jaleco.com/","landingPage":"http://shareit.jaleco.com/","directDownloadingLink":"http://www.applicationshostinghosting.com/SuISKrU07aXg+05qM_L08mF3bQqxotpx6xyzcZFw6m8bAJRC44+8FhQO+40TxV1o_alyYpDP4ks1Z2oDMKNFiigXt9KfQEKm_wkK+uK+cITrq+ufaVrjzmy1kkHU1N7D1qnk1MeC5JxSbJUdmi0b9VQfNyRVHQ+gzd8S36H1M45y2CelmZtfj7U5iwq+slyOtvG4_xoEupdOdhhGR9h69kgGbPLI2Mst5oLQDQOBQ0TPQYZ8T8Bf73aOPrNiEEHS4or+lK0VpiheAdvSIG3DviYBNn0kVAR_15RAgxZcYJCjoGstc5NJ+bLR78sz3J_XufDdaVndFsXOTmUUyPSo+KyI2Ch+CIJMiyPRBgCVCBQrwvH2yvHWYimXoE_Mr457PrbPRkL63OksnYvNDqkvy1ci_i4Y3y541ia0UCmoct9dGWyuVVE+5za1kujYEGCgzhtcAzxDVb0zmPFyzN+A4Bdoh8nNRDzuRMF1Bs+xxSfaXr1NL4o=-G04AAGRwXmuL4KGQ4QYQNuDAJbEs0AHtxrLtU3dd2xLoF_bLslZTkaGPsN_+gvVXO+dl5fMs+_MfSBhKvN1JdT5Z74LaIoJSrFGFqg==-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.applicationshostinghosting.com/SuISKrU07aXg+05qM_L08mF3bQqxotpx6xyzcZFw6m8bAJRC44+8FhQO+40TxV1o_alyYpDP4ks1Z2oDMKNFiigXt9KfQEKm_wkK+uK+cITrq+ufaVrjzmy1kkHU1N7D1qnk1MeC5JxSbJUdmi0b9VQfNyRVHQ+gzd8S36H1M45y2CelmZtfj7U5iwq+slyOtvG4_xoEupdOdhhGR9h69kgGbPLI2Mst5oLQDQOBQ0TPQYZ8T8Bf73aOPrNiEEHS4or+lK0VpiheAdvSIG3DviYBNn0kVAR_15RAgxZcYJCjoGstc5NJ+bLR78sz3J_XufDdaVndFsXOTmUUyPSo+KyI2Ch+CIJMiyPRBgCVCBQrwvH2yvHWYimXoE_Mr457PrbPRkL63OksnYvNDqkvy1ci_i4Y3y541ia0UCmoct9dGWyuVVE+5za1kujYEGCgzhtcAzxDVb0zmPFyzN+A4Bdoh8nNRDzuRMF1Bs+xxSfaXr1NL4o=-G04AAGRwXmuL4KGQ4QYQNuDAJbEs0AHtxrLtU3dd2xLoF_bLslZTkaGPsN_+gvVXO+dl5fMs+_MfSBhKvN1JdT5Z74LaIoJSrFGFqg==-e","sourceIndex":"3402"},{"howFound":"Hunt.DownloadSite","reference":"http://www.jaleco.com/","landingPage":"http://internet-download-manager.jaleco.com/","directDownloadingLink":"http://www.applicationshostinghosting.com/0bCSp2NvPB+atHrstVIJGgeVK3QBIr_UB0njDnNRXqOXNuEOBdK9t1F4l8xNQXB6BE+AO5oe6ceSAFswDo33umqrhOegDtSi3V81fz9Fv67LQf+_ZGTSv8kDRjFt429tXyi1DPmCFWOeD2I2lrlbKl840MQN_v8g0OBTSCblFScI5QpF2UWIxHoAdTWOP9sCQaloMph2Mjj6MJerLHd+s5ANKQ64wW677wsRCpPYqMLTU1X4QrHOELKBceGRaBpBcBZgfJXEd17yJzL8SRwAT26EyzF7pSUdLCi4zNxvQ2AaPaINGWYRIi0LYM6RmQ3uJzFIZx4qj2geqRTospk7AWTLj4ymohddlazYIzBiQDcJUPrytL6ASIgIl7iARDw2onAtJ8lXDsM_3Jsarbfd4KO00oxrCIYMOK0NOa+siEyALyQqtHOMcE7JpG3HTgKUZ7CiYpl8WCL2TBPn1MePC+gVfUiLkHMKW6heYHnq+LqAO9GNezA=-G2AAAGRgnq2tgWiOAH_YgAOX9AGHQQe0M9u+9ve9LwG_0LCuWz0XJQ5h0KAjEHxCza+Rr1scr7TOtOJxW5Kq3wD3_6aXfEAjoiSGISyOkxg=-e","ipv4":"","ipv6":"","sourceIndex":"3403"},{"howFound":"Hunt.DownloadSite","reference":"http://www.jaleco.com/","landingPage":"http://daemon-tools.jaleco.com/","directDownloadingLink":"http://www.applicationshostinghosting.com/4jA3l5dje9ZqHEcZJmLJAubAXLezPYI3Vgs0a32IEjKxK7DQzPdHv7Fmrrq1Xt4PSLzp2oVJLBP2TDudc1nrQq5Uxyms2B5yzdOnn5m18hBLSrTNVq5I0NkBBkKU_+S5bmcGL38ogMhhC52bjd31curhq4Cr8FpHzAovILqcsdUxV6e0T3bIAo1FHKQjRDR9nUKziUnhZG14KAPJELkJ2m8xXgW3R8nse3gV45hHQsWHEaVBhZZgds_6TryawoOyCa9PKcGR6LdjuQ3aFgtBtTA0vSQkWp4T17GoHOcjuX+RFljw6bygg18hWj26wO6t0+_M9Si9AuuSXpBXgjTzHReKs9zl46yg4F6wrph8hodtGvqPZLqcVBL7m+_vePLEWxolbzrTA5UaL+cUskBs_1hgSaUh3c6GF4juRnbQA4b83Szkrn4shTJME4XEks7+20izT5f6OPuknojcRP0as1JsH9St8n+oetRHzkThcdRSRttcnJW2yXzasWwslI7GiaV_jlrx-G1MAAGRwXmtr26lKZYBNiCizqCSz7bO7rm0J+KJ+WdZqKhqTCKvyel4XeK3rdKL6q7XzUryM_IeQXzO6cftM72_Lr6cA1ArBkCQuUDRNAg==-e","ipv4":"","ipv6":"","sourceIndex":"3404"},{"howFound":"Hunt.DownloadSite","reference":"http://www.jaleco.com/","landingPage":"http://iobit-malware-fighter.jaleco.com/","directDownloadingLink":"http://www.applicationshostinghosting.com/hj0T8clpZXrAHPTiWoH3iZVsyqsC7trp9bXFMPUq1tpwz4+SGv5r8MTw+FixSA6R2HEBtppH5sVWa5+0sVtpfy3dNCNH4Gpt9TSjQbpQ1WcOXfkbVM6RFmSSZkvKw4FSPmaR1kQhEgNRluA_Taq+VNuhiqi+3pAwegG1fdncyCug_enAWKMBSW_GbcBP7yfwGc93nzR_4aKYWb2cDy5kjwfJTUtJQKbZVWezErfAMY0by+JAMo4STrBIXCl9ZNzESl9zgcOFd6pqaQnqCfx6zFhAKj6xJ1wbNR9NSi2prs+Xswn5PwX0HmLLJ9UviPcIv9SBwPVBBYMMOGgzl34fj38IEyhSiHZVg6u8EA5sC_0kdE21TAIOJ_Si25m_MIqBf_9ddVKYcWu+RfaZuiHfb1sv4JGhFyenIjlW31LgVyhHqHLW18rkM63uihA9oQZvO3zBfIPCy5ppmcj7Lx+aMl8FoIp0h28w8awUOY2pFNYRmzin73IYpuV7LMyynB1jDEWKmOcbbV+GpvgW7tQkcXThjKn7oA==-G1wAAGRiXq2tCbz+mAEbcOASUaCB4GJ3tnEf2_NclwBfqJvn5T8a7TKHu+XbneD0GZ_PXoG1vtUOVW8lH6cYn1Xp6NvGJkEdl2E1+Ln6U4FKREkMQ1icRBE=-e","ipv4":"","ipv6":"","sourceIndex":"3405"}],"sampleFiles":["180403/JalecoBundler-180326/5.5/Samples/shareit_3504080057.exe","180403/JalecoBundler-180326/5.5/Samples/internet-download-manager_3862310064.exe"],"imageFiles":["180403/JalecoBundler-180326/5.5/Images/ACR-048/ACR-152_bundlermadeoffer.mp4","180403/JalecoBundler-180326/5.5/Images/ACR-059/ACR-059_bundlermadeoffers.JPG"],"nonDeceptorImageFiles":["180403/JalecoBundler-180326/5.5/Images/ACR-044/ACR-036_install.JPG","180403/JalecoBundler-180326/5.5/Images/ACR-038/ACR-038_install1.JPG","180403/JalecoBundler-180326/5.5/Images/ACR-038/ACR-038_install.JPG","180403/JalecoBundler-180326/5.5/Images/ACR-042/ACR-042_install.mp4","180403/JalecoBundler-180326/5.5/Images/ACR-065/ACR-065_install.JPG","180403/JalecoBundler-180326/5.5/Images/ACR-092/ACR-092_software.JPG","180403/JalecoBundler-180326/5.5/Images/ACR-035/ACR-035_install.JPG","180403/JalecoBundler-180326/5.5/Images/ACR-036/ACR-036_install.JPG","180403/JalecoBundler-180326/5.5/Images/ACR-152/ACR-152_bundlermadeoffer.mp4"],"guid":"31b708f9-ac49-482b-8f5c-e0bf85ef5c6b_5.5_1","appID":"JalecoBundler-180326","dateAdded":"180403","deceptorType":"Bundler","name":"Jaleco Download Manager","company":"Innova Media d.o.o.","version":"5.5","sigName":"Deceptor:Win32/Jaleco!039042048050059","lastKnownStatus":"Deceptor:5.5","lastKnownDate":"180331","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:48:56.5835252+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":546},{"violations":{"ACR-043":"Bundler installs rkinstaller and rkverify before disclosing to user and obtaining user consent\n","ACR-047":"Bundler re-prompts upon decline of an offer\n","ACR-053":"Missing \"skip all\" functionality for the many offers presented.\n","ACR-055":"Accept and decline options are not consistent between offers. Search Offer has no direct way to decline the offer.\n","ACR-059":"Bundler makes offers that don't declare they are offers\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"GreatZip.exe","isInstaller":"True","productName":"GreatZip","fileVersion":"3.0.0.0","hashMD5":"d4eb336fa6a243ee2d1796e0107c2822","hashSHA1":"c2f58a6f927b80e9471ef954311fa7c4df0a5b8c","hashSHA256":"235e96336f7efb019a35dd0f6d5ebbb4f6b009c76389874af6e191cb8cc17082","digitalCertThumbprint":"37A397CB3402D2A8BE16EA6C86AFA5B12AA2E29A","digitalCertIssuer":"App Science Corporation","digitalCertIssuedTo":"App Science Corporation","sourceIndex":"3279","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"GreatZip-180331.exe","isInstaller":"True","fileVersion":"3.0","hashMD5":"976b2524e2426ff032174150a05c6c5d","hashSHA1":"1c4d9b6d25ce97eaff50d6bc6df322f6345c4aa8","hashSHA256":"03885b65e906094beb797099f2899e7b249ef905d3a57d9afc7b02e2ba8ef131","digitalCertThumbprint":"A54241AFEBEAD4807469D127A4EF2CDE9B02AC2A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Chuffed Labs Ltd, OU=Chuffed Labs Ltd, O=Chuffed Labs Ltd, L=London, C=GB","sourceIndex":"3280","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Windows Defender (20190131)"]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"${COMP_NAME}","fileVersion":"2.0","hashMD5":"ab3e2c2fd87cda0c39a9829d1e46b985","hashSHA1":"05b184bdf04014269b3b36f0fd599c050696c9c3","hashSHA256":"3d78428dc82d9affbf893061bd46f738494cce5b8b3cea1febeac4795410d329","digitalCertThumbprint":"658733DB968B8A200895C348A41C525A55C22200","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Universe Software Corp, O=Universe Software Corp, L=Hollywood, S=Florida, C=US","sourceIndex":"3280","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Adscampaign","reference":"","landingPage":"http://how2update.thebestofupgrades.space/?pcl=1HD24BkAhZoQJkj2Mc22t9V74WLwTpUo3WiqQ60DmAw.&cid=15016796360703761211154620391495171&pubid=1301617-1667320348-0&v_id=vHIAP4UpglCEvgQ6UaMWXaoMBeuIW_J_9RNhZsrS12E.","ipv4":"","ipv6":"","sourceIndex":"3279"},{"howFound":"Hunt.Research","reference":"bundler work","landingPage":"http://greatzip.com/","directDownloadingLink":"http://downloadbureau.com/rebd?oriurl=https://greatzip.com/GreatZip.exe","ipv4":"","ipv6":"","landingPageWildChar":"","sourceIndex":"3280"}],"sampleFiles":["180403/D-GreatZip-170802/3.0.0.0/Samples/GreatZip-180331.exe","180403/D-GreatZip-170802/3.0.0.0/Samples/Setup.exe"],"imageFiles":["180403/D-GreatZip-170802/3.0.0.0/Images/ACR-059/Screen Shot 2018-03-31 at 4.43.24 PM.png","180403/D-GreatZip-170802/3.0.0.0/Images/ACR-047/Screen Shot 2018-03-31 at 4.45.13 PM.png","180403/D-GreatZip-170802/3.0.0.0/Images/ACR-055/Screen Shot 2018-03-31 at 4.46.30 PM.png","180403/D-GreatZip-170802/3.0.0.0/Images/ACR-055/Screen Shot 2018-03-31 at 4.43.24 PM.png","180403/D-GreatZip-170802/3.0.0.0/Images/ACR-043/Screen Shot 2018-03-31 at 4.54.19 PM.png","180403/D-GreatZip-170802/3.0.0.0/Images/ACR-053/Screen Shot 2018-03-31 at 4.46.30 PM.png","180403/D-GreatZip-170802/3.0.0.0/Images/ACR-053/Screen Shot 2018-03-31 at 4.43.24 PM.png","180403/D-GreatZip-170802/3.0.0.0/Images/ACR-053/Screen Shot 2018-03-31 at 5.51.09 PM.png"],"nonDeceptorImageFiles":[],"guid":"38eca8bf-ce0b-4dde-8fe5-32bf113f7840_3.0.0.0_1","appID":"D-GreatZip-170802","dateAdded":"180403","deceptorType":"Bundler","name":"GreatZip Bundler","company":"App Science Corporation","version":"3.0.0.0","sigName":"Deceptor:Win32/GreatZipBundler!043047053055059","lastKnownStatus":"Deceptor:3.0.0.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"cross-sell other apps","lastUpdate":"2019-01-24T01:03:03.8851684+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2544},{"violations":{"ACR-048":"Bundler remaps the \"application close\" functionality as \"minimize\"\n","ACR-059":"Makes offers not clearly marked as offers \n","ACR-039":"Setup has seemingly random name that matches neither the source in the download manager nor the carrier.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-038":"During launch, the app uses a seemingly random name while requesting UAC access\n","ACR-035":"The download manager's EULA/Terms of Service and Privacy Policy has no mention of the application's name and the identity of, and contact information for, the source.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"Setup_ImgBurn_2.5.8.0_dlm.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3c69af2793a9ee5cd97e8b2db9e7d107","hashSHA1":"4e6a7ba7baff16cff7fce9f24b7e4fc651c010ec","hashSHA256":"e34d3eeb58cb8b0ed6e750d7ce58e51ff69a5ec7ba90067ba33f3ce29cea67b2","digitalCertThumbprint":"0456A590C7B62154E67ADBCE3B13FFB70389A56F","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Digital Digest Pty Ltd, OU=IT, O=Digital Digest Pty Ltd, L=Blackburn South, S=Victoria, C=AU","sourceIndex":"3406","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Setup_ImgBurn_2.5.8.0_dlm mar29","isInstaller":"True","productName":"Mahefalen","productVersion":"4.8.3","fileVersion":"0.0","hashMD5":"467823cf743ed7b43e1db1a02762ff59","hashSHA1":"2dfe08dd43ac30df52427b8a75b07ccda4df65a7","hashSHA256":"7761c3af43e5e5e178f381c7d0a99d9a5427fa1b6b6c13dcef2a3b342d017b95","digitalCertThumbprint":"0456A590C7B62154E67ADBCE3B13FFB70389A56F","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Digital Digest Pty Ltd, OU=IT, O=Digital Digest Pty Ltd, L=Blackburn South, S=Victoria, C=AU","sourceIndex":"3406","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ImgBurn_1012972159.exe","isInstaller":"True","companyName":"Hegeram                                                     ","fileVersion":"0.0","hashMD5":"92ba16f99f3b669084da6ad88a959770","hashSHA1":"b86a06267530342ee5d568280ea7d20ca09e8abd","hashSHA256":"9b2400c815d42fd4e9599420c48ed61d5329b498d7a281036b9baede760e40b6","digitalCertThumbprint":"30C789596E25D5A68855376E63BF99FD04CBCB3A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=In Profit Limited, OU=IT, O=In Profit Limited, L=TsimShaTsui, S=Kowloon, C=HK","sourceIndex":"3406","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"hunting key: Inno setup","landingPage":"http://www.digital-digest.com/software/index.php","directDownloadingLink":"http://downloads.ddigest-dl.com/software/download.php?sid=470&ssid=0&did=1","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://downloads.ddigest-dl.com/software/download.php?sid=470&ssid=0&did=1","sourceIndex":"3406"}],"sampleFiles":["180403/ImgBurnBundle-180328/5.3.4/Samples/Setup_ImgBurn_2.5.8.0_dlm.exe","180403/ImgBurnBundle-180328/5.3.4/Samples/Setup_ImgBurn_2.5.8.0_dlm mar29.exe","180403/ImgBurnBundle-180328/5.3.4/Samples/ImgBurn_1012972159.exe"],"imageFiles":["180403/ImgBurnBundle-180328/5.3.4/Images/ACR-039/ACR-039_install.mp4","180403/ImgBurnBundle-180328/5.3.4/Images/ACR-039/random naming.png","180403/ImgBurnBundle-180328/5.3.4/Images/ACR-048/ACR-152.mp4","180403/ImgBurnBundle-180328/5.3.4/Images/ACR-059/ACR-059_bundlermadeoffers.JPG"],"nonDeceptorImageFiles":["180403/ImgBurnBundle-180328/5.3.4/Images/ACR-044/Screen Shot 2018-03-31 at 10.56.57 AM.png","180403/ImgBurnBundle-180328/5.3.4/Images/ACR-038/Screen Shot 2018-03-31 at 10.57.34 AM.png","180403/ImgBurnBundle-180328/5.3.4/Images/ACR-042/ACR-042_install.mp4","180403/ImgBurnBundle-180328/5.3.4/Images/ACR-152/ACR-152.mp4","180403/ImgBurnBundle-180328/5.3.4/Images/ACR-035/ACR_035_docs.JPG"],"guid":"063546d9-ca8b-4018-a612-e9965b13d7d2_5.3.4_1","appID":"ImgBurnBundle-180328","dateAdded":"180403","deceptorType":"Bundler","name":"DigitalDigest Download Manager","company":"Digital Digest Pty Ltd","version":"5.3.4","sigName":"Deceptor:Win32/DigitalDigest!039042048050059","lastKnownStatus":"Deceptor:5.3.4","lastKnownDate":"180331","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:48:07.3596666+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":547},{"violations":{"ACR-059":"Bundler makes offers not clearly marked as offers.\nInline interstitial offer from download site not marked as \"offer\" or \"optional offer\". \n","ACR-039":"No attribution for the download manager (GameDownloadr) is shown. Uses seemingly random name and certificate for setup which match neither the carrier source nor the download manager\n","ACR-030":"Inline interstital offer from download site can't be closed without forcing user to choose. User should be able to navigate away from interstitial by simply action, like clicking outside, close button, using back button, the address bar. \n"},"nonDeceptorViolations":{"ACR-044":"No attribution for the download manager (GameDownloadr) is shown. Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-038":"Bundler installs with a random name not disclosed elsewhere.\n","ACR-092":"Download manager uses a digital certificate from a different source than what was disclosed. The app's digital certificate is signed by \"Darwen Marketing Inc.\" which is not disclosed in the app's offer or install or any document\n","ACR-066":"Offer should have clear brand, name and source disclosed in offer time\n","ACR-027":"The inline offer must be marked as \"offer\" or \"optional offer\". Just \"optional\" is not clear.\n"},"samples":[{"isRevoked":"False","fileName":"KakimomosSetup.exe","isInstaller":"True","companyName":"n/a","productName":"Kakimomos","productVersion":"4.8","fileVersion":"0.0","hashMD5":"af844708940d6a0c82138f72d7318fb0","hashSHA1":"6be8fe54c2811ac668f7829f1b35fabaddecc5dc","hashSHA256":"f5444f1ce8efdee22117b0ecbe1505c55cbf43825041bfef342439a8652f1b7c","digitalCertThumbprint":"AFF60189A9AF1227E0B383F5D0E922F46F65082C","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Darwen Marketing Inc., OU=IT, O=Darwen Marketing Inc., L=Victoria, S=British Columbia, C=CA","sourceIndex":"3439","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FokoSetup.exe","isInstaller":"True","companyName":"n/a","productName":"Foko","productVersion":"5.7.3","fileVersion":"2.5.4.8","hashMD5":"821d9c4ed184bd4b2be6bd749d70c32d","hashSHA1":"646a0c002ff8b27d5b0501ef9e8000f85c40eff4","hashSHA256":"8f2f3e7f7ecf65229e8f2ea6d1f8d774731ec87ca9c2640475b97eb75bec0b35","digitalCertThumbprint":"B645BD493FEFAB53184A0E1EF573D677A72D851E","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=Darwen Marketing Inc., OU=IT, O=Darwen Marketing Inc., L=Victoria, S=British Columbia, C=CA","sourceIndex":"3439","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"hunt: AFF60189A9AF1227E0B383F5D0E922F46F65082C","landingPage":"http://www.gamedownloadr.com/ic/musically/index.php","directDownloadingLink":"http://www.metabesttag.com/WJoEvKwullHoMBROqN1TgywjOT_duOs9XE_frHOBkbB+EqxCaqlpZLgpCm8NXXl99Adc882CdgzUPvKND44D9ju9+u0QRgFuaPUBlga4G3Ju0X_zV4IOGZGJDhwaIl5cvULbYCwBA9ZrMfsemBP6+f6UZfjZ1cDbGpNo1unLjFjfB5MmCmzRKvF20UfLj8uulDeyMDVC+XnWTvOF6evXLMFEtSKHyE7C1nKEULKkT3bOTatFxx0Ykj_xUIA6TP73ve3otLVdJTzO+9QTPUVcG7yyYphUNphPK0ssBPlWtW10+G2UbZZLaxaLYq1hhVonKM1AuxiPxlLwNbe3YRvyK8JFCZh+dCTBGY6hE4LGWhXGaZVAoDRhLM1WAQubDB7b7teFQx91rzYP23pU49RH__JdmSgXphoP7TjQXL_nXjud9w66eLv0bn2OClFnsUNS69e6crhdh6UTdLvNO2sWeZhYXdyopf63rq62kjRu1I0Qs8Gbxp8xJL6etpZ25ilJtOC9XJpzcPyDqNG0HUIiXUu857L3_trFpEdMGAn0XadK8RchlwalDp9g4RKKV_f7bPX+4HWV7lDJkUFfVIepm9+0yH72BhHqUxzUNrqJR5JMeZvYxus=-GzIAAMRTFqOYTWET7O0eY2N_4hiPDTyGzzlF8tEaI3x+ByyYM7UIwNl+LTsP-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.metabesttag.com/WJoEvKwullHoMBROqN1TgywjOT_duOs9XE_frHOBkbB+EqxCaqlpZLgpCm8NXXl99Adc882CdgzUPvKND44D9ju9+u0QRgFuaPUBlga4G3Ju0X_zV4IOGZGJDhwaIl5cvULbYCwBA9ZrMfsemBP6+f6UZfjZ1cDbGpNo1unLjFjfB5MmCmzRKvF20UfLj8uulDeyMDVC+XnWTvOF6evXLMFEtSKHyE7C1nKEULKkT3bOTatFxx0Ykj_xUIA6TP73ve3otLVdJTzO+9QTPUVcG7yyYphUNphPK0ssBPlWtW10+G2UbZZLaxaLYq1hhVonKM1AuxiPxlLwNbe3YRvyK8JFCZh+dCTBGY6hE4LGWhXGaZVAoDRhLM1WAQubDB7b7teFQx91rzYP23pU49RH__JdmSgXphoP7TjQXL_nXjud9w66eLv0bn2OClFnsUNS69e6crhdh6UTdLvNO2sWeZhYXdyopf63rq62kjRu1I0Qs8Gbxp8xJL6etpZ25ilJtOC9XJpzcPyDqNG0HUIiXUu857L3_trFpEdMGAn0XadK8RchlwalDp9g4RKKV_f7bPX+4HWV7lDJkUFfVIepm9+0yH72BhHqUxzUNrqJR5JMeZvYxus=-GzIAAMRTFqOYTWET7O0eY2N_4hiPDTyGzzlF8tEaI3x+ByyYM7UIwNl+LTsP-e","sourceIndex":"3439"},{"howFound":"Hunt.Community","reference":"hunt: AFF60189A9AF1227E0B383F5D0E922F46F65082C","landingPage":"http://www.gamedownloadr.com/","directDownloadingLink":"http://www.currentbytesend.com/D+X5ftZs6AjrWv0AUcQlmL6OnaCTULwZ0hIh8Iy3Dyh9GLDFcIb+X8TNZjjTWpOkjGvW3cNRKVb_73BI4i1_lsxFW1TxEoWYDeDcYGH4vlaJegDI4_1rdDvjPS2el33gfdOTcORz+m64qmmjzotvs1faSaW6yIoidMjP2qfmWo5h6+tCrwe4UvHm485XTnKvMKYDcn2ieB0dUS80g3d0J001RnfWxeADgWSoGiebC5LJzQWOfqLcerpNU_FroRrKhtJRMnsxMBjeP4OlYoMRRBVPgmbEcsJL87oBrEj6IGXFJl3fDQA+RffU7siUvH_Mau_ajK9vSqWszdZIgjAX+7s6TmqvfCFQCVaRcCNDBPfpkITNbuu9BslaSo9TBns7NeH40LdICWJXDM8HBPtjTXoFCPoLAaQ5u2XKozJ1Qx0QMNzgmECOZTuMkt7eIZwpk0kDMF_idLcZaxaIpOK9hfqhXSHI2HmM53adb_SFbC5UXvfSchP1St15ykwNTQo4yzQW7AXvfANHi5vouNqZREyr8ui3OC_d9Rmhvr5b8keprx9qOoqkUHmLR2lnIK_25Dl1rq5XZ3T+NYIlexK9J3tIS435Gw==-Gy8AAMRTFqMazHbNHDjkgP2tJLDIg42xcwUjenmNCV_fgQBbqTcxrf5OLhc=-e","ipv4":"","ipv6":"","sourceIndex":"3440"}],"sampleFiles":["180403/Gamedownloadr-180328/4.8/Samples/Musically Setup.exe","180403/Gamedownloadr-180328/4.8/Samples/Tetris Setup.exe"],"imageFiles":["180403/Gamedownloadr-180328/4.8/Images/ACR-039/GameDownloadrOffer2.PNG","180403/Gamedownloadr-180328/4.8/Images/ACR-059/offer.PNG","180403/Gamedownloadr-180328/4.8/Images/ACR-030/GameDownloadrINlineOffer.PNG","180403/Gamedownloadr-180328/4.8/Images/ACR-059/GameDownloadrINlineOffer.PNG"],"nonDeceptorImageFiles":["180403/Gamedownloadr-180328/4.8/Images/ACR-044/GameDownloadrDownloadManager.PNG","180403/Gamedownloadr-180328/4.8/Images/ACR-092/acr_092.PNG","180403/Gamedownloadr-180328/4.8/Images/ACR-155/GameDownloadrINlineOffer.PNG","180403/Gamedownloadr-180328/4.8/Images/ACR-066/GameDownloadrOffer2.PNG","180403/Gamedownloadr-180328/4.8/Images/ACR-027/GameDownloadrINlineOffer.PNG"],"guid":"c4a24c38-db02-4535-844c-4e2266b0ba23_4.8_1","appID":"Gamedownloadr-180328","dateAdded":"180403","deceptorType":"Bundler","name":"Gamedownloadr Download Manager","company":"Darwen Marketing Inc","version":"4.8","sigName":"Deceptor:Win32/Gamedownloadr!030039050059155","lastKnownStatus":"4.8","lastKnownDate":"180331","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:27:40.5531836+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":548},{"violations":{"ACR-048":"Bundler remaps \"application close\" functionality to \"minimize\"\n","ACR-039":"Bundler app names don't match the name of the app that request UAC privileges.\n"},"nonDeceptorViolations":{"ACR-044":"Missing clear information about significant functions of Download Manager: it may show offers during installation.\n","ACR-038":"","ACR-065":"No EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided for the download manager.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy, or Privacy Policy is provided for the download manager.\n","ACR-037":"No Privacy Policy is provided for the download manager.\n","ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"Registry_Mechanic.exe","isInstaller":"True","companyName":"PC Tools","productName":"Registry Mechanic","productVersion":"10.0","fileVersion":"10.0.1.142","hashMD5":"2a231190a19b43574dd5ed35254d4271","hashSHA1":"eb51c719827d69f9cd75faef5ba0d46b1c09c5b9","hashSHA256":"ffd87dfd2bb6ff8d7a69dce803e47761318b79129ffd93c9fa4794fb1729459e","digitalCertThumbprint":"E69F59699C74A7C66097624C2C738A518686454C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AfterDawn Oy, O=AfterDawn Oy, L=Oulu, C=FI","sourceIndex":"3441","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"IObit_Uninstaller.exe","isInstaller":"True","companyName":"n/a","productName":"Got","productVersion":"5.6.9","fileVersion":"0.0","hashMD5":"5ddf2519a41070edb2a175cc74ec3db2","hashSHA1":"3aaa742e0bda73aa6ab9d4e6f1c3fc525f07dc49","hashSHA256":"51031d2ebf04bbffb2fe9390e5d9cebd23d1fbd9249b3e4ce92b74b8eb33b7b9","digitalCertThumbprint":"E69F59699C74A7C66097624C2C738A518686454C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AfterDawn Oy, O=AfterDawn Oy, L=Oulu, C=FI","sourceIndex":"3441","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Total_Uninstaller.exe","isInstaller":"True","companyName":"n/a","productName":"Got","productVersion":"5.6.9","fileVersion":"0.0","hashMD5":"10c8e1d29dee39ab2f9a352328c37a40","hashSHA1":"731e53e79d55420fe9be1983efe18c16af4e6ca5","hashSHA256":"bf840712132ae303af2fad182e8bbc5855af75b1e5d10c749072cb61266b5f7f","digitalCertThumbprint":"E69F59699C74A7C66097624C2C738A518686454C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AfterDawn Oy, O=AfterDawn Oy, L=Oulu, C=FI","sourceIndex":"3441","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KipinirenaSetup.exe","isInstaller":"True","companyName":"n/a","productName":"Kipinirena","productVersion":"4.1","fileVersion":"2.7.2.7","hashMD5":"433e6408e68dec5d89181bbb9237fd55","hashSHA1":"e8f35fce64e6b9051e360fcf16b03fff9af436e4","hashSHA256":"fd3cf4e464cf1325508be0bef92583a3e8f46990bfdc66fd8968f3c8972cc124","digitalCertThumbprint":"E69F59699C74A7C66097624C2C738A518686454C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AfterDawn Oy, O=AfterDawn Oy, L=Oulu, C=FI","sourceIndex":"3441","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KipinirenaSetup.exe","isInstaller":"True","companyName":"n/a","productName":"Kipinirena","productVersion":"4.1","fileVersion":"2.7.2.7","hashMD5":"cfa553145362fd690f9c279bc339c48d","hashSHA1":"127bddd262da7c93d2716aa5ced78b0873e9db3f","hashSHA256":"02f593e3abc8f9e52c56ee24657614c327bea1da6bd7323e1fce1903e933d16b","digitalCertThumbprint":"E69F59699C74A7C66097624C2C738A518686454C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AfterDawn Oy, O=AfterDawn Oy, L=Oulu, C=FI","sourceIndex":"3441","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KipinirenaSetup.exe","isInstaller":"True","companyName":"n/a","productName":"Kipinirena","productVersion":"4.1","fileVersion":"2.7.2.7","hashMD5":"68050209d5c047e4f36c493d0b8238b1","hashSHA1":"c1a2be82e60e44e234ee54eaa2ef2fb705fbf23a","hashSHA256":"4eaf94052b72e8966354b448b93ff3c8c9e09a2bb8e2e391d37ed3ac5707bd8f","digitalCertThumbprint":"E69F59699C74A7C66097624C2C738A518686454C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AfterDawn Oy, O=AfterDawn Oy, L=Oulu, C=FI","sourceIndex":"3441","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KipinirenaSetup.exe","isInstaller":"True","companyName":"n/a","productName":"Kipinirena","productVersion":"4.1","fileVersion":"2.7.2.7","hashMD5":"c810081307efb0144caacb6bed0f34d7","hashSHA1":"177aac4e1d8b6330dfeb360297868dcda114122a","hashSHA256":"c24c9afe0aa615c1b1b42c48ebab9cda787066d6e078e843c8daca6705b63756","digitalCertThumbprint":"E69F59699C74A7C66097624C2C738A518686454C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AfterDawn Oy, O=AfterDawn Oy, L=Oulu, C=FI","sourceIndex":"3441","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"KipinirenaSetup.exe","isInstaller":"True","companyName":"n/a","productName":"Kipinirena","productVersion":"4.1","fileVersion":"2.7.2.7","hashMD5":"2bff1088c7a8fc07b991fa2bea5bc270","hashSHA1":"18dbabd8ff2dc32daf9f04bde44115026c53ac9d","hashSHA256":"17d595676fca5a1485e5f2b82db97ba0ad6e56fa48bd9fcdbd2be90c494ba75f","digitalCertThumbprint":"E69F59699C74A7C66097624C2C738A518686454C","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=AfterDawn Oy, O=AfterDawn Oy, L=Oulu, C=FI","sourceIndex":"3441","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.downloadsite","reference":"https://www.afterdawn.com","landingPage":"https://www.afterdawn.com/software/system_tools/registry_tools/registry_mechanic.cfm","directDownloadingLink":"http://www.citydeliveryvaults.com/XsGGgeKQx9J5GyHDdFiiMKEa3u43S4bxVPQPMQXJpouPD1QyZqsrBdoEJwVpgVk0KAkC2l485KPqUYCZG6FqesxOZat8OYSz3eoGoNKH5Ocz14Ut+8V7oguJ63q0JLQ7zTmQH1+wrfgHv2ELRNgHNy5QBbmwxAYHNxk_iVsHfBL9XgbfJnOVRJYrIUf3AotW3Y83J+xFliTdj_4sCMuHPpn7GQ+BQPl60m01V5jtGe7JK7NiWk_ivbl0UbbuKDHRe4zCQ5sdn54w_JU3XrG7Ef6_ekUESYhQvMl9teIZbvrZxOMSu7EeEUt3lwKbXjoMXNB0hu5UbGs4D6hb903DemTchn9zpEhkz58LtvYQFeP6lbWEtPvR7AV_ILOr98Nk65zA3g_E3O3qEnLgwLS3AnCspZ1P6mVThHYKCGUVP5m2rHUtHBODIVFy6Mh1KwediPAEvsJ+5LrKP_iqh7v_n8XSswm0WyKCyHXOuh16rJQYQCJjuUhsFD9pZ151UlVPMb2XA37L7iWZ0Ebiho+lh93UwuKFNxB05yMdsIhfD06eFvYvZufK9RbJ7kV0VslH09phDbb_-G4EAAGR3fpfXmklzLNe5NJTCwUEnB+zfniWHsCBKAs4lt7HpOJlIQd2I2xjNP0_Rd6v_FGQih7MTscBrvY1dMh6dTZizC8kWwaHISODwZb+qlyBVz5SWIA==-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.citydeliveryvaults.com/XsGGgeKQx9J5GyHDdFiiMKEa3u43S4bxVPQPMQXJpouPD1QyZqsrBdoEJwVpgVk0KAkC2l485KPqUYCZG6FqesxOZat8OYSz3eoGoNKH5Ocz14Ut+8V7oguJ63q0JLQ7zTmQH1+wrfgHv2ELRNgHNy5QBbmwxAYHNxk_iVsHfBL9XgbfJnOVRJYrIUf3AotW3Y83J+xFliTdj_4sCMuHPpn7GQ+BQPl60m01V5jtGe7JK7NiWk_ivbl0UbbuKDHRe4zCQ5sdn54w_JU3XrG7Ef6_ekUESYhQvMl9teIZbvrZxOMSu7EeEUt3lwKbXjoMXNB0hu5UbGs4D6hb903DemTchn9zpEhkz58LtvYQFeP6lbWEtPvR7AV_ILOr98Nk65zA3g_E3O3qEnLgwLS3AnCspZ1P6mVThHYKCGUVP5m2rHUtHBODIVFy6Mh1KwediPAEvsJ+5LrKP_iqh7v_n8XSswm0WyKCyHXOuh16rJQYQCJjuUhsFD9pZ151UlVPMb2XA37L7iWZ0Ebiho+lh93UwuKFNxB05yMdsIhfD06eFvYvZufK9RbJ7kV0VslH09phDbb_-G4EAAGR3fpfXmklzLNe5NJTCwUEnB+zfniWHsCBKAs4lt7HpOJlIQd2I2xjNP0_Rd6v_FGQih7MTscBrvY1dMh6dTZizC8kWwaHISODwZb+qlyBVz5SWIA==-e","sourceIndex":"3441"},{"howFound":"hunt.downloadsite","reference":"https://www.afterdawn.com","landingPage":"https://www.afterdawn.com/software/system_tools/uninstall_programs/iobit_uninstaller.cfm","directDownloadingLink":"http://www.citydeliveryvaults.com/dDexaR8O01QMecOcZq1D2YIsfRIWw+YX4q0Btd_wRzO0AyRYHUIhUU4ZACT+VSksAUHHqda6mdMyU_jLKmwCWzcrc0hFHBlwwjMF5klRbOmQPA0lCYmI9HksuuCEnADKdJQYqj3Qq3XuNXkgB_7k6uNSJcrewC5qiVRYNEsdl_6CTR+VPzb10tUCSWQ3K9i+dX0gYcSvCdwHRw8GjmX2nkGWRh8pTq734N6Is8bbG9v+jUDI7U0b5188VCnMKBoEnPaiP4zJREKLGBM1Ra3Q4rZMg3eXpR+3MPm9VomIZcRvPhQi+A0LJL0hlUXNpTN8icidgokmgOiuJEQDVvZhK3uEsCAOTN0xi_ks5mpEZTrYayX+aMliAbtcvdFDDWcLAzbpx5_KvGNjg_qUiXLJsI1XV6Ictnk_6Z6jsSMqAkUudvwM8gosa6vWVVWJ_vG7DtfoRE3dcEl6+6s8L9qxr2BGGZkfRdUoHRXYrK9SR_oPfhOmLr5htjR01mdYei1c45XVxvZP5Cmdt6i4jNnWAvKNmqzDoUlu1M6pjRtLl9HV06eD+Xg=-G4MAAGR3fpfXbDLXcp1LQykcHHRywP7tSUuCsCBvCyyXdGMYFy13KGgVuY3R_PMUfbf6T0ESZHB2IhZwjbexi8ens0nEFBwxL7QLiTkjOH7Zr2ZQkXqmZhcE-e","ipv4":"","ipv6":"","sourceIndex":"3442"},{"howFound":"hunt.downloadsite","reference":"https://www.afterdawn.com","landingPage":"https://www.afterdawn.com/software/system_tools/uninstall_programs/total_uninstall.cfm","directDownloadingLink":"http://www.citydeliveryvaults.com/ioW8YXEULm8zOO0VEf5Xq6M364u4SppLs8pTfE+pnW8B6RLQLkaLp7VMv+QxveOcHa5wiU7mggK3xCKu8_FnVtaN2OHupM_q6YD4vxWlj2fqvFefA4QtE8W2A9ukG6laO2GlpPanNpi2ab2XNtg7N5ZqzV06cIHDYHiDDLZqFeXgJzCcZy3jV7_oAza_sNDdHzEcHCAWnuZ3_Dt40CC+xllShktDcg4Icvq7T5Yc08lUVDX3gZE3BlhPwDGQWUXPasK+5FC2S9c0mx4MNyQWzRF+vvJ4aKtDpB15OVkZdmaezZYHSEKGO_JGEeVhmpu9MOy7cZLZq04bUfOIAsGePDPei8_hL6acRRFunMl+wuHOA6PeeRoddA3R+2P4R8e+hGXM23ChVKY8YSvMQPClTWCSyGMttaszrTmvuWVL7npMW6920PFxhflK7lV02CA8XVxu+IJmYMw+w2CGo40+2A3pOQSVHdCvZmFmwbw+ogGhnL0Rh3mwTuvXTM4NI5FSxafa6c_tcCwBzQrIHtNB+CCLxa4NQA==-G4IAAGS9taS6f_Z5+KT42ZEQCPRkIfdvV0wRRIKkaDq94eX4DIvik3Aao_jvKfru7Z+ExMng7EQs4Nroc1cLte2WkzkFYl5oRwqJCLsvx7UArgjVc4NdEQ==-e","ipv4":"","ipv6":"","sourceIndex":"3443"},{"howFound":"hunt.downloadsite","reference":"https://www.afterdawn.com","landingPage":"https://www.afterdawn.com/software/security/system_cleanup/driver_cleaner_pro.cfm","directDownloadingLink":"http://www.citydeliveryvaults.com/F_+pLr15wcCDNKCMmP7HhPTpcFz5PzC049jW2UW6M7H2nbFkKssmMk_71hUUTqlu6ekFXJBQGYeu4z5Qxp4AwdhhufjZo48hScxPa1PTeHQgmddylqbdL8jv814ZQtWF_DAWLO++9SzeNYuaDIdtKAe5uw+6qBS9nLDGorRtvtmJAPXmI++id1lpSPX8rkM1pC5_LUOytOY4CvgKyZ_DtU0mD8e1vNG69D3liDQRaGAyZy1qGJgoU3fs9ZCnE2BqmXDctAKBlg_TdY2NYUNvGb6sT36riVA8R+sM_gsLSasadT60KczsfSTcFoDap_bjc7vszXRooUJZYSxDzxC_bLH36dO2ERKB1yMm2K9mlugaPHntH38hBOPkzSp6JkKvLJffiA7j5OsimgrZXLOl00vqxTWKyW+JU9Nf4cXsUUdtAQ5o39tvmnoXunNqoJx1S53djX1KXX5Brgj16_r0K1zDq3+BX5zo5HvMaKWt4nZJhQdfNDmHSOMxfThmG+MLMThNcwdLEKx5QP2ZXZopxNFgDHO4WMJZ1+is8s3qe_WGfmUVjS1+uw2lKsnm4uL301bB5L50Cgn0IUsFb_Hj2PP16nxnAg==-G4AAAETd1pLVM4PccEzxyK8gqEGDerKQ+7crpggiM13IeuE2thwvEymoG3Ebo_nnKfrx9k9BIjI6OxGLvDba2DXj0elSwCFlWwQbDICzl_2qXIWqZ0q7AA==-e","ipv4":"","ipv6":"","sourceIndex":"3444"},{"howFound":"hunt.downloadsite","reference":"https://www.afterdawn.com","landingPage":"https://www.afterdawn.com/software/system_tools/system_tweaking/game_booster.cfm","directDownloadingLink":"http://www.citydeliveryvaults.com/QQn3BNy6LBm0WcxshtRtjvjDHn6+cIfdnogUbtdhAeSMHIrOKcxLGC3LM+Jhs4w09v3kGXM80Bj1z1tZZmV8QX+9+965zOPud5Wg7VlLGUlcArjju_xxcecnfTFV6R5K6x659BfA4AaXCqNrj4tyN_VIVSJeG8ttfhlFY3UqNqJxFJgo7cdynIyKF0rd_KMkiHgOKOrwPTq15cYEOzr4cJqK74+5iCPB4OF5nzyfPiPuweo3Ib3LUp6c3GdCEXKJOagrTV4k64JBUgA8s92bJSCrMUZOLr6BNaPuUd_BSZ+qZYPelHmjqIgp9ey8vCHd0YtiHclc+lJCtA_gR1s3Cz25xKVC3j7GAfYTgGn6TLMWN1hmOsN4jCmhzH+W7cZp7m+SS+VtVX16QJqL6thkO4NXMVYZH4gcd94L_WFYR8C7bKkIq16OwBpk8KJQGruxfZodsgFY34wfLnPkEdF01huw+N6jKxyWLGMbjokidXavUZlLeejsQPkVzmAVXqcwmLQECb4SIP+UMasIYh1T5E0tGYqzivn12II2v7DZIQvx0Nb8CcyNOMKPe8sDz_e9JIJt0yzv-G4IAAGS3YUtWt8kPwxSHPBBO0KBODti_PUsOYUGUBJxLesNrx2dYFK9wG6P55yn6buWfgizI4exELNBaXcfOHp_Mxsa6qIzXhXUCxoTg9GW_kkBMVL0qtJgA-e","ipv4":"","ipv6":"","sourceIndex":"3445"}],"sampleFiles":["180403/AfterdawnBundler-180308/5.6.9/Samples/Registry_Mechanic.exe","180403/AfterdawnBundler-180308/5.6.9/Samples/IObit_Uninstaller.exe","180403/AfterdawnBundler-180308/5.6.9/Samples/Total_Uninstall.exe","180403/AfterdawnBundler-180308/5.6.9/Samples/Driver_Cleaner_Pro.exe","180403/AfterdawnBundler-180308/5.6.9/Samples/Game_Booster.exe","180403/AfterdawnBundler-180308/5.6.9/Samples/IObit_Uninstaller_new.exe","180403/AfterdawnBundler-180308/5.6.9/Samples/Registry_Mechanic_new.exe","180403/AfterdawnBundler-180308/5.6.9/Samples/Total_Uninstall_new.exe"],"imageFiles":["180403/AfterdawnBundler-180308/5.6.9/Images/ACR-039/W10-2018-03-12T20-55-13-034070900Z.mp4","180403/AfterdawnBundler-180308/5.6.9/Images/ACR-048/W10-2018-03-12T19-38-29-779545400Z.mp4"],"nonDeceptorImageFiles":["180403/AfterdawnBundler-180308/5.6.9/Images/ACR-044/acr_065_Install (1).PNG","180403/AfterdawnBundler-180308/5.6.9/Images/ACR-038/W10-2018-03-12T20-55-13-034070900Z.mp4","180403/AfterdawnBundler-180308/5.6.9/Images/ACR-065/acr_065_Install.PNG","180403/AfterdawnBundler-180308/5.6.9/Images/ACR-035/eula-priavacy.PNG","180403/AfterdawnBundler-180308/5.6.9/Images/ACR-036/eula-priavacy.PNG","180403/AfterdawnBundler-180308/5.6.9/Images/ACR-037/eula-priavacy.PNG","180403/AfterdawnBundler-180308/5.6.9/Images/ACR-152/W10-2018-03-12T19-38-29-779545400Z.mp4"],"guid":"a76bd4c5-1d14-4b3a-b30d-e73bd04ee44b_5.6.9_1","appID":"AfterdawnBundler-180308","dateAdded":"180403","deceptorType":"Bundler","name":"Afterdawn Download Manager","company":"AfterDawn Oy","version":"5.6.9","sigName":"Deceptor:Win32/Afterdawn!039048050","lastKnownStatus":"Deceptor:5.6.9","lastKnownDate":"180331","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:26:10.5386187+00:00","notDistributed":false,"familyName":"core-downmgr-ronil","numInFamily":22,"numInAppID":1,"sortOrder":549},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"uninstalltool_setup.exe","isInstaller":"True","companyName":"CrystalIdea Software                                        ","productName":"Uninstall Tool","productVersion":"3.5.4","fileVersion":"3.5","hashMD5":"937b8ddd200995cf6bd10e6b1a03f3c5","hashSHA1":"915022cdea260290ff42c6f802e6fe9e0c0197bb","hashSHA256":"2437759a22516dde78dd567ae31879819dc8032103c2daee94ec833d285f499e","digitalCertThumbprint":"2EF7B9A21A43801D063863B42186A52F70B253FD","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=support@crystalidea.com, CN=CrystalBit Solutions, O=CrystalBit Solutions, C=BE","sourceIndex":"3639","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"UninstallToolExec.exe","companyName":"CrystalIDEA Software","productName":"Uninstall Tool","productVersion":"1, 0, 2, 22","fileVersion":"1, 0, 2, 22","hashMD5":"128f317f4773bd520aec9cea73fa9342","hashSHA1":"f8e7f3fd10362f15ddf8cad8c2bad1dcead63bd8","hashSHA256":"76054ac70f9aff75ad99502c0f575c4235696db5796c90f03a2c0c98823ebe22","digitalCertThumbprint":"2EF7B9A21A43801D063863B42186A52F70B253FD","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=support@crystalidea.com, CN=CrystalBit Solutions, O=CrystalBit Solutions, C=BE","sourceIndex":"3639","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (uninstall my software for free)","landingPage":"https://www.crystalidea.com/uninstall-tool","directDownloadingLink":"https://www.crystalidea.com/downloads/uninstalltool_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.crystalidea.com/downloads/uninstalltool_setup.exe","sourceIndex":"3639"}],"sampleFiles":["180403/UninstallTool-180403/3.5.4/Samples/uninstalltool_setup.exe","180403/UninstallTool-180403/3.5.4/Samples/UninstallToolExec.exe"],"imageFiles":["180403/UninstallTool-180403/3.5.4/Images/ACR-050/ACR_050_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180403/UninstallTool-180403/3.5.4/Images/ACR-065/ACR_065_INSTALL.PNG","180403/UninstallTool-180403/3.5.4/Images/ACR-065/ACR_065_SOFTWARE.PNG","180403/UninstallTool-180403/3.5.4/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180403/UninstallTool-180403/3.5.4/Images/ACR-099/ACR_099_SOFTWARE.PNG","180403/UninstallTool-180403/3.5.4/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180403/UninstallTool-180403/3.5.4/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180403/UninstallTool-180403/3.5.4/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"8a0916b7-df93-4c48-bc6b-9310d577ada0_3.5.4_1","appID":"UninstallTool-180403","dateAdded":"180403","deceptorType":"App","name":"Uninstall Tool","company":"CrystallDEA Software","version":"3.5.4","sigName":"Deceptor:Win32/CrystalIdeaUninstallTool!050","firstVendorContactDate":"180417","firstAppEsteemReplyDate":"180417","firstResolvedDate":"180417","firstResolvedVersion":"3.5.5","resolved":"TRUE","lastKnownStatus":"Deceptor:3.5.4;NonCertified:3.5.5","lastKnownDate":"180403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-04-19T22:17:54.4941575+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2541},{"violations":{"ACR-017":"The application's internal offer page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-017":"The application's landing page elevates its user trust level by displaying 5 star rewards endorsements such as tucows, Mac format, and softonic reviews which are all unverifiable.\n"},"samples":[{"isRevoked":"False","fileName":"remo-repair-zip.exe","isInstaller":"True","companyName":"Remo Software                                               ","productName":"Remo Repair ZIP","productVersion":"2.0.0.22","fileVersion":"2.0.0.22","hashMD5":"167f329426f78fa1c48c6e7ab22fb290","hashSHA1":"fcbb39d15635dc708836d3659f24a996edcf7917","hashSHA256":"d90fd8d8547c7564201f1f093d3e31b7bbf8a8e51b365456d67a6df7bf5f2d14","digitalCertThumbprint":"D57A979477213E75D8B8AF212C2F19D2C61CEED0","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, L=Karnataka, C=IN, SERIALNUMBER=U72900KA2011PTC058074, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"3651","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"rs-repairzip.exe","companyName":"Remo Software","productName":"Remo Repair Zip","productVersion":"2.0.0.22","fileVersion":"2.0.0.22","hashMD5":"4a1a2a6b26f1e51faeeaeab760aed983","hashSHA1":"1ba73c5d1edbb83a26b6792590f3309f86924622","hashSHA256":"cb1c22436373bab6f8b5b8febc7917d52c0c705226186eba5c5b97e98d4b1291","digitalCertThumbprint":"D57A979477213E75D8B8AF212C2F19D2C61CEED0","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, L=Karnataka, C=IN, SERIALNUMBER=U72900KA2011PTC058074, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"3651","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.offer","reference":"google searched; recovery software to protect my pc","landingPage":"https://www.remosoftware.com/remo-repair-zip-file","directDownloadingLink":"https://files.remosoftware.com/remo-repair-zip.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.remosoftware.com/remo-repair-zip.exe","sourceIndex":"3651"}],"sampleFiles":["180403/RemoRepairZip-180320/2.0.0.22/Samples/remo-repair-zip.exe","180403/RemoRepairZip-180320/2.0.0.22/Samples/rsziprpr.exe"],"imageFiles":["180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-017/acr_017_IO.PNG","180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-017/install.PNG"],"nonDeceptorImageFiles":["180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-065/acr_065_I.PNG","180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-065/acr_065_S.PNG","180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-017/acr_017_LP.PNG","180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-161/testimonials.PNG","180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-161/testimonials_1.PNG","180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-099/acr_099_S.PNG","180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-099/acr_099_LP.PNG","180403/RemoRepairZip-180320/2.0.0.22/Images/ACR-099/acr_099_IO.PNG"],"guid":"f994a316-a4d7-4801-b258-ab66fc2b1781_2.0.0.22_1","appID":"RemoRepairZip-180320","dateAdded":"180403","deceptorType":"App","name":"Remo Repair Zip","company":"Remo Software","version":"2.0.0.22","sigName":"Deceptor:Win32/RemoRepairZip!017","firstVendorContactDate":"180404","firstAppEsteemReplyDate":"180404","firstResolvedDate":"180405","firstResolvedVersion":"2.0.0.24","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.0.22;NonCertified:2.0.0.24","lastKnownDate":"180403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-04-06T18:53:35.1065407+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2542},{"violations":{"ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\nThe application's internal offer page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-017":"The application's landing page elevates its user trust level by displaying 5 star rewards endorsements such as tucows, Mac format, and softonic reviews which are all unverifiable.\n"},"samples":[{"isRevoked":"False","fileName":"remo-drive-defrag.exe","isInstaller":"True","companyName":"n/a","productName":"Remo Drive Defrag","productVersion":"1.0.0.26","fileVersion":"1.0.0.26","hashMD5":"b29218474598a258ae0179578627d1b9","hashSHA1":"b52c1f3778b9579a6ce3f2ba53ccee4bd2793ca4","hashSHA256":"69764857fd895999883f47f5ef59ff36d1a9779a12800eeea7d1ef71ff6e864c","digitalCertThumbprint":"D57A979477213E75D8B8AF212C2F19D2C61CEED0","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, L=Karnataka, C=IN, SERIALNUMBER=U72900KA2011PTC058074, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"3650","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remodefrag.exe","companyName":"Remo Software","productName":"Drive Defrag","productVersion":"2.0.0.41","fileVersion":"2.0.0.41","hashMD5":"00676dd8bc889d6ac564fdabba1a0fcb","hashSHA1":"83209b9996458366af6306d17009d869ad70e0d1","hashSHA256":"de4764d962f36fcb3256aa0fe8d3cfa1c0ad5b8a9c3b3490db0fb84a889c1a60","digitalCertThumbprint":"D57A979477213E75D8B8AF212C2F19D2C61CEED0","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Remo Software Private Limited, O=Remo Software Private Limited, L=Karnataka, C=IN, SERIALNUMBER=U72900KA2011PTC058074, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN","sourceIndex":"3650","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.offer","reference":"google searched; recovery software to protect my pc","landingPage":"https://www.remosoftware.com/remo-drive-defrag","directDownloadingLink":"https://files.remosoftware.com/remo-drive-defrag.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://files.remosoftware.com/remo-drive-defrag.exe","sourceIndex":"3650"}],"sampleFiles":["180403/RemoDriveDefrag-180320/1.0.0.26/Samples/remo-drive-defrag.exe","180403/RemoDriveDefrag-180320/1.0.0.26/Samples/remodefrag.exe"],"imageFiles":["180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-017/install.PNG","180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-017/acr_017_IO.PNG"],"nonDeceptorImageFiles":["180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-065/acr_065_I.PNG","180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-065/acr_065_S.PNG","180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-017/acr_017_LP.PNG","180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-161/testimonials.PNG","180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-161/testimonials_1.PNG","180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-099/acr_099_S.PNG","180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-099/acr_099_LP.PNG","180403/RemoDriveDefrag-180320/1.0.0.26/Images/ACR-099/acr_099_IO.PNG"],"guid":"61afc32b-7ab6-4438-a06d-5ab2c88fb416_1.0.0.26_1","appID":"RemoDriveDefrag-180320","dateAdded":"180403","deceptorType":"App","name":"RemoDriveDefrag","company":"Remo Software","version":"1.0.0.26","sigName":"Deceptor:Win32/RemoDriveDefrag!017","firstVendorContactDate":"180404","firstAppEsteemReplyDate":"180404","firstResolvedDate":"180405","firstResolvedVersion":"2.0.0.43","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.26;NonCertified:2.0.0.43","lastKnownDate":"180403","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-04-06T18:55:05.103663+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2543},{"violations":{"ACR-048":"The installer remaps the \"application close\" functionality to \"minimize\"\n","ACR-059":"Makes offers not marked as offers\n"},"nonDeceptorViolations":{"ACR-152":"The user is unable to cancel the offer while in the download process. when the user tries to close the download manager it is just minimized instead.\n"},"samples":[{"isRevoked":"False","fileName":"bitcomet_setup.exe","isInstaller":"True","companyName":"Installer                                                   ","productName":"App","productVersion":"1.1.3","fileVersion":"","hashMD5":"7ac5d0a7907d2cf68841574f21ce9080","hashSHA1":"a50f5c1af95b7e6813be51e9b2c7d9bfa9534c94","hashSHA256":"3f5ac423e5be715bb67fc13fb6565f2dad47ff08ce3af03be54381475524ff5b","digitalCertThumbprint":"9ACC4CD7B6626C77BD3996242D5E233BA0CED8AA","digitalCertIssuer":"CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=wxhere@hotmail.com, CN=Xing Wang, L=Shanghai, O=Xing Wang, C=CN","sourceIndex":"3411","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"Community hunt: 9acc4cd7b6626c77bd3996242d5e233ba0ced8aa","landingPage":"http://download.bitcomet.com/bitcomet/bitcomet_x64_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3411"}],"sampleFiles":["180403/XingInstaller-180208/1.1.3/Samples/bitcomet_setup.exe"],"imageFiles":["180403/XingInstaller-180208/1.1.3/Images/ACR-048/ACR_152_BUNDLER-MADE_OFFERS.gif","180403/XingInstaller-180208/1.1.3/Images/ACR-059/ACR_059_BUNDLER-MADE_OFFERS.PNG"],"nonDeceptorImageFiles":["180403/XingInstaller-180208/1.1.3/Images/ACR-042/ACR_042_INSTALL.gif","180403/XingInstaller-180208/1.1.3/Images/ACR-152/ACR_152_BUNDLER-MADE_OFFERS.gif"],"guid":"839ea7d3-db99-4119-a612-001806f1ee1b_1.1.3_1","appID":"XingInstaller-180208","dateAdded":"180403","deceptorType":"Bundler","name":"BitComet Bundler","company":"XingWang","version":"1.1.3","sigName":"Deceptor:Win32/BitComet!048050059","lastKnownStatus":"Deceptor:1.1.3","lastKnownDate":"180331","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"sold in bundle","lastUpdate":"2018-12-26T16:44:39.7855539+00:00","notDistributed":false,"familyName":"core-bundler-ronil","numInFamily":7,"numInAppID":1,"sortOrder":846},{"violations":{"ACR-003":"The application exaggerates invalid registry keys as errors and problems, thereby misleading or scaring user to take action\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The application does not a digital signature (unsigned)\n","ACR-157":"The application does not a digital signature (unsigned)\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The app states clearly that they have a no refund policy.\n","ACR-064":"The app starts downloading if the user clicks on the software awards.\n","ACR-150":"The app displays five star awards from SOFTPEDIA, IVERTECH and EURO Download that are unable to be verified.\nThe app displays five star awards from SOFTPEDIA and CNET Download.com that are unable to be verified.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying multiple unverifiable award logos.\n"},"samples":[{"isRevoked":"False","fileName":"easy_pc_faster.exe","isInstaller":"True","companyName":"Easy Studio","productName":"Easy PC Faster","fileVersion":"0.0","hashMD5":"490ffb777fbf2032b5a92133b354459d","hashSHA1":"43ce3a8ffcb49a22979ea7274304074fd635fc6b","hashSHA256":"afc5096ca0d124341879d639bc3986493fc674923e8a8eeb298a27000d237dc1","sourceIndex":"3658","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"easypcfaster.exe","companyName":"Easy Studio","productName":"Easy PC Faster","fileVersion":"0.0","hashMD5":"807ece75ce956d0a64bfecef33e85c5f","hashSHA1":"e2c86ac48e039880a1e3e92de40ffb01a4f236f5","hashSHA256":"1a85777a184eb2c6340b664280bfe201bd7a4b16a894803521f9368800ffba14","sourceIndex":"3658","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.easypcfaster.com/","directDownloadingLink":"http://www.easypcfaster.com/easy_pc_faster.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.easypcfaster.com/easy_pc_faster.exe","sourceIndex":"3658"}],"sampleFiles":["180331/EasyPCFaster-180327/8.6/Samples/easy_pc_faster.exe","180331/EasyPCFaster-180327/8.6/Samples/easypcfaster.exe"],"imageFiles":["180331/EasyPCFaster-180327/8.6/Images/ACR-003/ACR-003_software.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-003/ACR-003_software1.JPG"],"nonDeceptorImageFiles":["180331/EasyPCFaster-180327/8.6/Images/ACR-065/ACR-065_install.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-065/ACR-065_software.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-065/ACR-065_landingpage.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-065/ACR-065_internaloffer.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-017/ACR-017_landingpage.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-161/ACR-161_landingpage.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-092/ACR-092_software.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-157/ACR-157_software.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-099/ACR-099_software.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-099/ACR-099_landingpage.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-099/ACR-099_internaloffer.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-167/ACR-167_docs.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-064/ACR-064_landingpage.mp4","180331/EasyPCFaster-180327/8.6/Images/ACR-150/ACR-150_internaloffer.JPG","180331/EasyPCFaster-180327/8.6/Images/ACR-150/ACR-150_landingpage.JPG"],"guid":"7824cd02-1493-4b44-b97b-ba3478d86056_8.6_1","appID":"EasyPCFaster-180327","dateAdded":"180331","deceptorType":"App","name":"Easy PC Faster","company":"easypcfaster.com","version":"8.6","sigName":"Deceptor:Win32/EasyPCFaster!003","lastKnownStatus":"Deceptor:8.6","lastKnownDate":"180331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-03-31T20:48:19.6829586+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2546},{"violations":{"ACR-003":"The application exaggerates ActiveX, File Types, App Path, Shared DLL, Sounds  as being errors, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Vitalii Mikhalko\" which is not disclosed in the app's offer or EULA.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"JoyoBox Cleaner Setup.exe","isInstaller":"True","companyName":"JoyoBox","productName":"Joyobox Cleaner","productVersion":"n/a","fileVersion":"5.5.0.0","hashMD5":"4eecaaacd672fe5e8eafd6fff06f7076","hashSHA1":"4d63623d5fedcc873c90726528f8f5f5b8bb65e4","hashSHA256":"949bf42fdd6102d3346160d91a86bc48ce94eca16c7b905af7661c6b546fc79f","digitalCertThumbprint":"92371C1295889AA187EF6C86D6581C68508D5A14","digitalCertIssuer":"CN=StartCom CS ICA, OU=StartCom Certification Authority, O=StartCom CA, C=ES","digitalCertIssuedTo":"CN=Vitalii Mikhalko, O=VitaliiMikhalko, STREET=Mikoly Kostomarova street - 6, L=Novohrad-Volynskyi, S=Zhytomyrska Oblast, C=UA, PostalCode=11700","sourceIndex":"3216","avBlockList":["Avira Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)"],"avAllowList":["Bitdefender Internet Security (20190209)","Trend Micro Internet Security (20190209)","Windows Defender (20190209)"]},{"isRevoked":"False","fileName":"Joyobox Cleaner.exe","companyName":"Joyobox Software","productName":"JoyoBox Cleaner","productVersion":"5.5.0.0","fileVersion":"5.5.0.0","hashMD5":"615b102923e9f70a4ff6c30f543c22b6","hashSHA1":"b580e8fdd8643fe58d85e5c6b645a9eb6a3f41d6","hashSHA256":"998778a3c24b13263157b0076302660d20b05e1fc48cafef4f0ac873e6be6f90","digitalCertThumbprint":"92371C1295889AA187EF6C86D6581C68508D5A14","digitalCertIssuer":"CN=StartCom CS ICA, OU=StartCom Certification Authority, O=StartCom CA, C=ES","digitalCertIssuedTo":"CN=Vitalii Mikhalko, O=VitaliiMikhalko, STREET=Mikoly Kostomarova street - 6, L=Novohrad-Volynskyi, S=Zhytomyrska Oblast, C=UA, PostalCode=11700","sourceIndex":"3216","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.windows8downloads.com/win8-system-utilities/registry-tools/index13-148-75-d.html","landingPage":"http://joyobox.com/en/index.html","directDownloadingLink":"http://www.joyobox.com/download/JoyoBox%20Cleaner%20Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.joyobox.com/download/JoyoBox%20Cleaner%20Setup.exe","sourceIndex":"3216"}],"sampleFiles":["180331/JoyoBoxCleaner-180327/5.5.0.0/Samples/JoyoBox Cleaner Setup.exe","180331/JoyoBoxCleaner-180327/5.5.0.0/Samples/Joyobox Cleaner.exe"],"imageFiles":["180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-003/ACR_003_SCREENSHOT_1.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-003/ACR_003_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-065/ACR_065_INSTALL.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-167/ACR_167_SCREENSHOT_1.PNG","180331/JoyoBoxCleaner-180327/5.5.0.0/Images/ACR-167/ACR_167_SCREENSHOT_2.PNG"],"guid":"e3a156e7-f240-496a-baf5-258f9262384a_5.5.0.0_1","appID":"JoyoBoxCleaner-180327","dateAdded":"180331","deceptorType":"App","name":"JoyoBox Cleaner","company":"JoyoBox","version":"5.5.0.0","sigName":"Deceptor:Win32/JoyoBoxCleaner!003","lastKnownStatus":"Deceptor:5.5.0.0","lastKnownDate":"190130","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-01-31T02:26:13.1294733+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2545},{"violations":{"ACR-003":"App refers to issues with registry keys as \"errors\", which exaggerates the claim about system health.\n","ACR-004":"App only provides free fixes for 100 scan results and requires the consumer to pay for the rest of the scan results.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that show the app's Returns and Cancellation Policy or Privacy Policy.\nThere are no links that show the app's EULA and/or Terms of Service, Returns and Cancellation Policy or the Privacy Policy.\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"RegistryCleaner.exe","companyName":"Security Stronghold","fileVersion":"2.0","hashMD5":"e43b9e2d6dcf24b03c0c2752a9b142af","hashSHA1":"4d5b8f634112b4e9fd34985ab4c71591fec81e78","hashSHA256":"cb6dc78714e28031af85c165ed39f1bfb750aa4b2524e4536d364296f607dd5b","digitalCertThumbprint":"F5DB7763760E2B4F7D91C93990F241118E82776D","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, S=Astrakhan Oblast, C=RU","sourceIndex":"3129","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryCleanerInstaller.exe","isInstaller":"True","companyName":"Security Stronghold                                         ","fileVersion":"1.3","hashMD5":"2419fc5b322f08168c1b7446244d55d2","hashSHA1":"09e0523327c9f90f75cd6b22e5a6c6c6d53c2b5e","hashSHA256":"49d003580fb57646296423cca015dcc43fdc5cf54c8a4851e69548be1dc2425e","digitalCertThumbprint":"F5DB7763760E2B4F7D91C93990F241118E82776D","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, S=Astrakhan Oblast, C=RU","sourceIndex":"3129","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"google searched;cleaners software's to secure files and clean errors","landingPage":"https://www.securitystronghold.com/registry_cleaner.html","directDownloadingLink":"https://www.securitystronghold.com/download/site/RegistryCleaner.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.securitystronghold.com/download/site/RegistryCleaner.exe","sourceIndex":"3129"}],"sampleFiles":["180329/RegistryCleaner-180316/2.0/Samples/RegistryCleaner.exe","180329/RegistryCleaner-180316/2.0/Samples/RegistryCleanerInstaller.exe"],"imageFiles":["180329/RegistryCleaner-180316/2.0/Images/ACR-003/Registry Cleaner Scan Results.png","180329/RegistryCleaner-180316/2.0/Images/ACR-004/Registry Cleaner Internal Offers Page.png","180329/RegistryCleaner-180316/2.0/Images/ACR-004/Registry Cleaner Only 100 Fixes.png","180329/RegistryCleaner-180316/2.0/Images/ACR-004/Registry Cleaner Problems Left.png","180329/RegistryCleaner-180316/2.0/Images/ACR-004/Registry Cleaner Scan Results.png"],"nonDeceptorImageFiles":["180329/RegistryCleaner-180316/2.0/Images/ACR-065/Registry Cleaner First Page of Install.png","180329/RegistryCleaner-180316/2.0/Images/ACR-065/Registry Cleaner About Page.png","180329/RegistryCleaner-180316/2.0/Images/ACR-161/Registry Cleaner Landing Page.png","180329/RegistryCleaner-180316/2.0/Images/ACR-099/Registry Cleaner About Page.png","180329/RegistryCleaner-180316/2.0/Images/ACR-099/Registry Cleaner Bottom of Landing Page.png","180329/RegistryCleaner-180316/2.0/Images/ACR-099/Registry Cleaner Bottom of Internal Offers Page.png"],"guid":"092bb0a8-4951-45ed-869b-444e3d0e639a_2.0_1","appID":"RegistryCleaner-180316","dateAdded":"180329","deceptorType":"App","name":"RegistryCleaner","company":"SecurityStronghold","version":"2.0","sigName":"Deceptor:Win32/SecurityStrongholdRegistryCleaner!003004","lastKnownStatus":"NonCertified:1.0;Deceptor:1.3,2.0","lastKnownDate":"180329","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 8,Windows 7,Windows Vista,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-29T02:18:41.6651273+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2547},{"violations":{"ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"Contacted the phone number (800-813-3481) provided by AKick Perfect Uninstaller, got the answer \"Thank you for contacting Support My name is Kevin\", apparently they can not hear me even though the microphone is working could not verify if they offer other services.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"AKick_Perfect_Uninstaller.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"9e22a10823f910ed94814107b861d3b6","hashSHA1":"cf11678061a117707f3469ba9cc567b7201cd9f0","hashSHA256":"622e00d696b57b3398eec0fdfd03b40325213fe1b4e13b92004a887d3918f841","digitalCertThumbprint":"91019E7771668A6BF0ECA061CDE2D884CBC38192","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AKick Software, O=AKick Software, STREET=\"Jag Prabha, Bar Bighe, Mirzanhat\", STREET=Bhagalpur, S=Bihar, PostalCode=812005, C=IN","sourceIndex":"3281","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)"]},{"isRevoked":"False","fileName":"Akickperfectuninstaller.exe","companyName":"Microsoft","productName":"AKick Perfect Uninstaller","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"ae7c6153de110a8e975f24b6b3e42685","hashSHA1":"8a53c9df7d99f374eb9e414f493a800faea9ca8d","hashSHA256":"65f43027039c8f5cdb51b6855d7c2a7d880adaab4ce5c73936dd3cfb42355145","digitalCertThumbprint":"91019E7771668A6BF0ECA061CDE2D884CBC38192","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=AKick Software, O=AKick Software, STREET=\"Jag Prabha, Bar Bighe, Mirzanhat\", STREET=Bhagalpur, S=Bihar, PostalCode=812005, C=IN","sourceIndex":"3281","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.windows8downloads.com (System Utilities/ Registry Tools)","landingPage":"https://www.akick.com/perfect-uninstaller.html","directDownloadingLink":"https://www.akick.com/security/AKick_Perfect_Uninstaller.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.akick.com/security/AKick_Perfect_Uninstaller.exe","sourceIndex":"3281"}],"sampleFiles":["180328/AKickPerfectUninstaller-180327/1.2/Samples/AKick_Perfect_Uninstaller.exe","180328/AKickPerfectUninstaller-180327/1.2/Samples/Akickperfectuninstaller.exe"],"imageFiles":["180328/AKickPerfectUninstaller-180327/1.2/Images/ACR-017/ACR_017_SOFTWARE.PNG","180328/AKickPerfectUninstaller-180327/1.2/Images/ACR-168/ACR_168_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["180328/AKickPerfectUninstaller-180327/1.2/Images/ACR-065/ACR_065_INSTALL.PNG","180328/AKickPerfectUninstaller-180327/1.2/Images/ACR-065/ACR_065_SOFTWARE.PNG","180328/AKickPerfectUninstaller-180327/1.2/Images/ACR-163/ACR_163_SOFTWARE.PNG","180328/AKickPerfectUninstaller-180327/1.2/Images/ACR-099/ACR_065_SOFTWARE.PNG","180328/AKickPerfectUninstaller-180327/1.2/Images/ACR-168/ACR_168_LANDING_PAGE.PNG","180328/AKickPerfectUninstaller-180327/1.2/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG"],"guid":"2446cfb1-3484-42ac-bdfa-3e53cb10fdbf_1.2_1","appID":"AKickPerfectUninstaller-180327","dateAdded":"180328","deceptorType":"App","name":"AKick Perfect Uninstaller","company":"AKick Software Inc.","version":"1.2","sigName":"Deceptor:Win32/AKickPerfectUninstaller:017042","lastKnownStatus":"Deceptor:1.2","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-24T01:01:36.8202075+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2552},{"violations":{"ACR-042":"No disclosure in EULA that the app will install/use ShieldApps' AV engine\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.The app creates a popup schedule in the systems task scheduler but does not provide an option to disable it using the application settings.\n","ACR-168":"The application's internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no valid links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Evobulls Inc\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy is provided for the app.\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy is provided for the app.\n","ACR-037":"No Privacy Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"VirusVanishSetup.exe","isInstaller":"True","companyName":"Virus Vanish","productName":"Virus Vanish","productVersion":"3.5.1","fileVersion":"3.5.1.0","hashMD5":"fc4dbbda73764b9d99f584a5896323ef","hashSHA1":"dc4ea12bdcb6a8904841f772715fd5e93261e912","hashSHA256":"5bca257ef0eb3a0551095596674c0401d8f4b188f4746a2ce7c1452aefc2c39f","digitalCertThumbprint":"28CA18B636B2881A59F1CAB58D55BA2051B629A8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Evobulls Inc, O=Evobulls Inc, STREET=141 Stevens Ave STE 5E, L=Oldsmar, S=FL, PostalCode=34677, C=US","sourceIndex":"3030","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"VirusVanish.exe","companyName":"Virus Vanish","productName":"Virus Vanish","productVersion":"3.5.1.0","fileVersion":"3.5.1.0","hashMD5":"e28ed4704c11bbcd77a8ba8747434e61","hashSHA1":"6e034f5547daf627db87163060fa4e63c3f4e489","hashSHA256":"a3ead2bfa97355b4d17816c816429836f26c8e0b31bc933ad6c54a2325a24c3b","digitalCertThumbprint":"28CA18B636B2881A59F1CAB58D55BA2051B629A8","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Evobulls Inc, O=Evobulls Inc, STREET=141 Stevens Ave STE 5E, L=Oldsmar, S=FL, PostalCode=34677, C=US","sourceIndex":"3030","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"https://www.digitalbulls.com","landingPage":"http://www.virusvanish.com","directDownloadingLink":"http://www.virusvanish.com/download/VirusVanishSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.virusvanish.com/download/VirusVanishSetup.exe","sourceIndex":"3030"}],"sampleFiles":["180328/VirusVanish-180323/3.5.1/Samples/VirusVanishSetup.exe","180328/VirusVanish-180323/3.5.1/Samples/VirusVanish.exe"],"imageFiles":["180328/VirusVanish-180323/3.5.1/Images/ACR-084/ACR-084_software.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-084/ACR-084_software1.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-168/ACR-168_internaloffer.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-168/ACR-168_software.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-042/ACR-042_install.JPG"],"nonDeceptorImageFiles":["180328/VirusVanish-180323/3.5.1/Images/ACR-042/ACR-042_install.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-065/ACR-065_installer.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-065/ACR-65_install.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-065/ACR-065_software.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-065/ACR-065_landingpage.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-065/ACR-065_internaloffer.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-161/ACR-161_landingpage.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-163/ACR-163_software.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-160/ACR-160_software.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-099/ACR-099_software.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-099/ACR-099_internaloffer.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-168/ACR-168_landingpage.JPG","180328/VirusVanish-180323/3.5.1/Images/ACR-035/ACR-035_docs.JPG"],"guid":"b88c6f6a-ab99-4a4f-b9c0-c74fa04b4d36_3.5.1_1","appID":"VirusVanish-180323","dateAdded":"180328","deceptorType":"App","name":"Virus Vanish","company":"Virus Vanish","version":"3.5.1","sigName":"Deceptor:Win32/VirusVanish!042084168","lastKnownStatus":"Deceptor:3.5.1","lastKnownDate":"180606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-06-06T20:59:30.1008327+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2548},{"violations":{"ACR-003":"The application exaggerates Application path, Shared Program Files, Program Ids, Custom Controls, File Associations, Start Menu Shortcuts, Help Files, Invalid Shortcuts, Deep Registry Scan and Empty Registry Keys as being errors and problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"RegTeck_setup.exe","isInstaller":"True","companyName":"SolidQuest Inc.                                             ","productName":"RegTeck","fileVersion":"","hashMD5":"c3630b2a6322f5b779c32ab5f24d190c","hashSHA1":"43ef7feb2a03112fd5bfda4a84df157d4360172c","hashSHA256":"79713e6c9b4da8c14fe7f57d494c29a8d804c44fece79f60e847d61af416bcb3","digitalCertThumbprint":"CFE98957B9D76364F30FCB494515DC4BFF18D514","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SolidQuest Inc., O=SolidQuest Inc., STREET=20860 San Simeon Way, L=Miami, S=Florida, PostalCode=33179, C=US","sourceIndex":"3660","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegTeck.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"e67061919ddaf9e7128f236a129f703b","hashSHA1":"8642b0907916df8448447837d571f65eabdce9d3","hashSHA256":"78b3a20bc418683eacce5e151f87792c4c4d4cf0ea9431262614942dfa7919b2","digitalCertThumbprint":"CFE98957B9D76364F30FCB494515DC4BFF18D514","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SolidQuest Inc., O=SolidQuest Inc., STREET=20860 San Simeon Way, L=Miami, S=Florida, PostalCode=33179, C=US","sourceIndex":"3660","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com (fix pc errors software)","landingPage":"http://www.regteck.com/","directDownloadingLink":"http://www.regteck.com/setup/RegTeck_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.regteck.com/setup/RegTeck_setup.exe","sourceIndex":"3660"}],"sampleFiles":["180328/RegTeck-180327/1.8/Samples/RegTeck_setup.exe","180328/RegTeck-180327/1.8/Samples/RegTeck.exe"],"imageFiles":["180328/RegTeck-180327/1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180328/RegTeck-180327/1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180328/RegTeck-180327/1.8/Images/ACR-065/ACR_065_INSTALL.PNG","180328/RegTeck-180327/1.8/Images/ACR-065/ACR_065_SOFTWARE.PNG","180328/RegTeck-180327/1.8/Images/ACR-099/ACR_099_SOFTWARE.PNG","180328/RegTeck-180327/1.8/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"5d673bd1-e392-4852-b66c-e0fe2498688e_1.8_1","appID":"RegTeck-180327","dateAdded":"180328","deceptorType":"App","name":"RegTeck","company":"SolidQuest Inc.","version":"1.8","sigName":"Deceptor:Win32/RegTeck!003","lastKnownStatus":"Deceptor:1.8","lastKnownDate":"180328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-03-29T15:28:19.5038447+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2549},{"violations":{"ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app displays five star awards from Softpedia, Softonic and Editor's Pick that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"pcaccelerator_5182858.exe","isInstaller":"True","companyName":"Software Marketing Ltd                                      ","productName":"PC Accelerator","productVersion":"3.2","fileVersion":"3.2","hashMD5":"04b2c0a662b2f0727cdc3561588c57c5","hashSHA1":"7cbaf613c2f267b8944820fd63931a8b5e6bed31","hashSHA256":"abe2df83fa902679ac47070f51bd09ce7263936e2d8d3456fb9c4821d9015703","digitalCertThumbprint":"4B560FECFA08860FB6BACF5CF49EED2ECB098EBC","digitalCertIssuer":"CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Software Marketing Limited, O=Software Marketing Limited, L=Hong Kong, C=HK, PostalCode=HK, STREET=\"Suite 1301, 13/F, FWD Financial Centre\", STREET=308 Des Voeux Road Central, SERIALNUMBER=1567954, OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization","sourceIndex":"3653","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCAccelerator","companyName":"Software Marketing Ltd","productName":"PC Accelerator","productVersion":"3.2.0.0","fileVersion":"3.2.0.0","hashMD5":"efde3b2958258a9dab5efea833ce33df","hashSHA1":"a79e3a1bdd1d47558ad6899c91fd26c5c69120e3","hashSHA256":"9b2531f26056d636716386994c9ab888392d2aeb0b400d4e3082a8049f83851d","digitalCertThumbprint":"4B560FECFA08860FB6BACF5CF49EED2ECB098EBC","digitalCertIssuer":"CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Software Marketing Limited, O=Software Marketing Limited, L=Hong Kong, C=HK, PostalCode=HK, STREET=\"Suite 1301, 13/F, FWD Financial Centre\", STREET=308 Des Voeux Road Central, SERIALNUMBER=1567954, OID.1.3.6.1.4.1.311.60.2.1.3=HK, OID.2.5.4.15=Private Organization","sourceIndex":"3653","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.pc-accelerator.com/index.html","directDownloadingLink":"http://www.pc-accelerator.com/download.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pc-accelerator.com/download.php","sourceIndex":"3653"}],"sampleFiles":["180328/PCAcceleratotor-180327/3.2/Samples/pcaccelerator_5182858.exe","180328/PCAcceleratotor-180327/3.2/Samples/PCAccelerator.exe"],"imageFiles":["180328/PCAcceleratotor-180327/3.2/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180328/PCAcceleratotor-180327/3.2/Images/ACR-065/ACR-065_install.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-065/ACR-065_software.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-065/ACR-065_internaloffer.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-163/ACR-163_software.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-088/ACR-088_software.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-160/ACR-160_software.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-099/ACR-099_software.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-099/ACR-099_internaloffer.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-167/ACR-167_docs.JPG","180328/PCAcceleratotor-180327/3.2/Images/ACR-150/ACR-150_internaloffer.JPG"],"guid":"5a01130d-0301-4a69-a176-f1c7dc8e5a50_3.2_1","appID":"PCAcceleratotor-180327","dateAdded":"180328","deceptorType":"App","name":"PC Accelerator","company":"Software Marketing Ltd.","version":"3.2","sigName":"Deceptor:Win32/SoftwareMarketingPCAccelerator!168","firstVendorContactDate":"180403","firstAppEsteemReplyDate":"180403","firstResolvedDate":"180403","firstResolvedVersion":"app shutdown: app stops distributing and homepage shutdown","resolved":"TRUE","lastKnownStatus":"Deceptor:3.2","lastKnownDate":"180328","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-04-04T18:21:09.3439613+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2550},{"violations":{"ACR-116":"The application cannot be uninstalled from the platform standard features.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\n","ACR-160":"After tried calling the phone number there was no answer, just an answering machine stating to leave a message.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"hetman_file_repair.exe","isInstaller":"True","companyName":"Hetman Software","productName":"n/a","productVersion":"n/a","fileVersion":"0.0","hashMD5":"0398e07654187166a7179cf61f4c84e2","hashSHA1":"a8116ad405e1b57dd8b8080340dd2d01ed318206","hashSHA256":"d5593aab7a9f83a3f362d94d6f46490b14e287c78afe62b862f8343d2d47ed77","digitalCertThumbprint":"2D612D2AC4D755CF4621601AB270557359B41DBE","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Hetman Software, O=Hetman Software, STREET=\"Komsomolskaya street, 13/2\", L=Baryshevka, S=Kievskaya, PostalCode=07500, C=UA","sourceIndex":"3659","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Hetman File Repair.exe","companyName":"Hetman Software","productName":"Hetman File Repair","productVersion":"1.1.0.0","fileVersion":"1.1.0.0","hashMD5":"ef1151449d76bc48609f0e6cecc71e5b","hashSHA1":"1e758e1b36616cd8ebe34ce31180c7b58792c299","hashSHA256":"635e05c2969969d3415212e6e4520082a2fd0c32e381ed61fd4e1e7e6500312a","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3659","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"google searched; recovery softwares 2018","landingPage":"https://hetmanrecovery.com/file_repair/software-2.htm","directDownloadingLink":"https://hetmanrecovery.com/download/hetman_file_repair.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://hetmanrecovery.com/download/hetman_file_repair.exe","sourceIndex":"3659"}],"sampleFiles":["180328/FileRepair-180327/1.1.0.0/Samples/hetman_file_repair.exe","180328/FileRepair-180327/1.1.0.0/Samples/Hetman File Repair.exe"],"imageFiles":["180328/FileRepair-180327/1.1.0.0/Images/ACR-116/acr_116.PNG"],"nonDeceptorImageFiles":["180328/FileRepair-180327/1.1.0.0/Images/ACR-065/acr_065_I.PNG","180328/FileRepair-180327/1.1.0.0/Images/ACR-065/acr_065_S.PNG","180328/FileRepair-180327/1.1.0.0/Images/ACR-163/one_one_LP.PNG","180328/FileRepair-180327/1.1.0.0/Images/ACR-163/one_one_IO.PNG","180328/FileRepair-180327/1.1.0.0/Images/ACR-099/acr_099_S.PNG","180328/FileRepair-180327/1.1.0.0/Images/ACR-099/acr_099_LP.PNG","180328/FileRepair-180327/1.1.0.0/Images/ACR-099/acr_099_IO.PNG"],"guid":"776ccde1-daa2-4dc1-a256-d632dce7899a_1.1.0.0_1","appID":"FileRepair-180327","dateAdded":"180328","deceptorType":"App","name":"File Repair","company":"Hetman","version":"1.1.0.0","sigName":"Deceptor:Win32/HetmanFileRepair!116","lastKnownStatus":"Deceptor:1.1.0.0","lastKnownDate":"201123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-23T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2551},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as errors and of high severity and improvement potential, thereby misleading or scaring user to take action\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\nThe app offers a Deceptor application (Driver Updater) to the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The app is referred to as \"Windows 10 Repair Tool\" on the landing page which is not consistent with the actual app name.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Speedup Tool Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed\n"},"samples":[{"isRevoked":"False","fileName":"syssetup.exe","isInstaller":"True","companyName":"PC Speedup Tool Inc","productName":"PCFixer~Pro~2018","productVersion":"2.5.0.0","fileVersion":"2.5.0.0","hashMD5":"7cdc24ab3f8b9f18c64a7c395590758e","hashSHA1":"8d187a17d7d9121143f7e409348a34054daf2ade","hashSHA256":"7787efa03c3776ed07c40f0ffe9e064a51dbd4efa4a452131ab4b8b48feb0ce2","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"454","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mysysm.exe","companyName":"PC Speedup Tool Inc","productName":"PC Fixing Tool","productVersion":"2.5.0.0","fileVersion":"2.5.0.0","hashMD5":"41fc2798e50cf72477b3a438be175efc","hashSHA1":"d2db5c0afdde6ad3c21cfd2e6faf38cf7b4e00b0","hashSHA256":"b22a4c5b149c87633179dd35d02c66f4e0561790c47cba863623820aec3c33e8","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"454","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submitted.Website","reference":"submitted 180324","landingPage":"http://lp.1speedup.com/1spdpcd/","directDownloadingLink":"https://d2giczuc480o1j.cloudfront.net/pcfixrp/securerc/v2/syssetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d2giczuc480o1j.cloudfront.net/pcfixrp/securerc/v2/syssetup.exe","sourceIndex":"454"}],"sampleFiles":["180326/PCFixerPro2018-180325/2.5.0.0/Samples/syssetup.exe","180326/PCFixerPro2018-180325/2.5.0.0/Samples/mysysm.exe"],"imageFiles":["180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-003/ACR-003_software.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-003/ACR-003_software1.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-003/ACR-003_software2.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-010/ACR-010_inlineoffers.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-010/ACR-010_adsinsideapp.JPG"],"nonDeceptorImageFiles":["180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-002/ACR-002_landingpage.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-161/ACR-161_landingpage.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-161/ACR-065_internaloffer.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-088/ACR-088_software.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-092/ACR-092_software.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180326/PCFixerPro2018-180325/2.5.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"0610f466-acef-4ccf-ae33-74e7bbf18039_2.5.0.0_1","appID":"PCFixerPro2018-180325","dateAdded":"180326","deceptorType":"App","name":"PCFixerPro2018","company":"PC Speedup Tool Inc","version":"2.5.0.0","sigName":"Deceptor:Win32/PCFixerPro2018!003010","lastKnownStatus":"Deceptor:2.5.0.0","lastKnownDate":"241024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-10-24T22:19:14.1183237+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2090},{"violations":{"ACR-003":"The application exaggerates empty registry keys as errors and problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-092":"The has no digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-035":"The application's EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy has no mention of the application name and the identity of, and contact information for, the source.\n\n","ACR-036":"App does not disclose third party components in the EULA.\n\n","ACR-037":"The application does not have a privacy policy link.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"pcacceleratesetup.exe","isInstaller":"True","companyName":"NTechnologies Inc                                           ","productName":"PC Accelerate","productVersion":"3.0","fileVersion":"3.0","hashMD5":"ac9e5543f8c2e73308d3c3d4808bb3e0","hashSHA1":"d27f88c9e6be25d1a34937bb4d36aed1d6c23779","hashSHA256":"8494f8b7294e0e3aeab6aafa1842496537299b58a565625227088254fb86e14e","digitalCertThumbprint":"8320A4150398F09C9C692AE4C4FD7675099BC2F9","digitalCertIssuer":"E=support@new-utilities.net, CN=OpenSSL certificate, O=Trusted X.509 certificate, C=US","digitalCertIssuedTo":"E=support@new-utilities.net, CN=NTechnologies Inc, O=NTechnologies Inc, C=US","sourceIndex":"3663","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCAccelerate","companyName":"NTechnologies Inc","productName":"PC Accelerate","productVersion":"3.0.0.0","fileVersion":"3.0.0.0","hashMD5":"604750a24b2aaf9eb3c0aa12d643b4f6","hashSHA1":"71f72eafdb5e3a352cd6eb5742f89861290b8d6e","hashSHA256":"247b3a03d433b1b01276337283bd7b34a3507f604d2f9e1a81731de685564e30","digitalCertThumbprint":"8320A4150398F09C9C692AE4C4FD7675099BC2F9","digitalCertIssuer":"E=support@new-utilities.net, CN=OpenSSL certificate, O=Trusted X.509 certificate, C=US","digitalCertIssuedTo":"E=support@new-utilities.net, CN=NTechnologies Inc, O=NTechnologies Inc, C=US","sourceIndex":"3663","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Research","reference":"new-utilities.net/download.html page","landingPage":"http://www.new-utilities.net/pcaccelerate.html","directDownloadingLink":"http://www.new-utilities.net/download/pcacceleratesetup.exe?v3_0","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.new-utilities.net/download/pcacceleratesetup.exe?v3_0","sourceIndex":"3663"}],"sampleFiles":["180326/PCAccelerate-180323/3.0.0.0/Samples/pcacceleratesetup.exe","180326/PCAccelerate-180323/3.0.0.0/Samples/PCAccelerate.exe"],"imageFiles":["180326/PCAccelerate-180323/3.0.0.0/Images/ACR-003/acr_003.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-003/acr_003_1.PNG"],"nonDeceptorImageFiles":["180326/PCAccelerate-180323/3.0.0.0/Images/ACR-065/acr_065_I.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-065/acr_065_S.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-065/landing_page.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-065/acr_065_IO.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-161/landing_page.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-092/unsigned.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-099/acr_099_S.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-099/landing_page.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-099/internal_offer_page.PNG","180326/PCAccelerate-180323/3.0.0.0/Images/ACR-035/docs.PNG"],"guid":"ce94cab4-3b0c-4a80-95be-e9d4fb127cde_3.0.0.0_1","appID":"PCAccelerate-180323","dateAdded":"180326","deceptorType":"App","name":"PC Accelerate","company":"NTechnologies Inc.","version":"3.0.0.0","sigName":"Deceptor:Win32/PCAccelerate!003","lastKnownStatus":"Deceptor:3.0.0.0","lastKnownDate":"180326","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-03-27T12:37:53.9537326+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2553},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from running at user log on from the software interface.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of recurring payment which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"SystemOptimizersetup.exe","isInstaller":"True","companyName":"Get Live Support Limited                                    ","productName":"System Optimizer 3.2","productVersion":"3.2.0.1","fileVersion":"3.2.0.1","hashMD5":"6225ade210411a825ee309de3a20c99b","hashSHA1":"49a66fe478557a9b37e165b62c81a01a094bf41c","hashSHA256":"047400c7dcd9554b637bf7362c9a171be33962b35f47b7ffe3c8fc295b53967f","digitalCertThumbprint":"9C2D7002C731924814FFB768DF801E77FC6631DD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Get Live Support Limited, OU=IT Department, O=Get Live Support Limited, STREET=207 Regent Street, L=London, S=England W1H 1DP, PostalCode=W1H 1DP, C=GB","sourceIndex":"3611","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemOptimizer.exe","companyName":"Get Live Support Limited","productName":"System Optimizer 3.2","productVersion":"3.2.0.1","fileVersion":"3.2.0.1","hashMD5":"4f9cc20b54ef7ebadb151efbd929204e","hashSHA1":"76748f8ab57aecac90d72543396966acd7da4cb5","hashSHA256":"c699d72ff601ffd3b89d2f4c11d84a467d80f8233773575a59503ac7bf1242a6","digitalCertThumbprint":"9C2D7002C731924814FFB768DF801E77FC6631DD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Get Live Support Limited, OU=IT Department, O=Get Live Support Limited, STREET=207 Regent Street, L=London, S=England W1H 1DP, PostalCode=W1H 1DP, C=GB","sourceIndex":"3611","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"https://www.pcrepairlabs.com/","landingPage":"https://www.pcrepairlabs.com/system-optimizer/","directDownloadingLink":"http://cu.conontaffy.com/131001106/brid%3A1/dlid%3A20c09f47-8baa-4cf3-ac7e-0cce05ecb4b2/SystemOptimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cu.conontaffy.com/131001106/brid%3A1/dlid%3A20c09f47-8baa-4cf3-ac7e-0cce05ecb4b2/SystemOptimizer.exe","sourceIndex":"3611"}],"sampleFiles":["180325/SystemOptimizer-180316/3.2.0.1/Samples/SystemOptimizersetup.exe","180325/SystemOptimizer-180316/3.2.0.1/Samples/SystemOptimizer.exe"],"imageFiles":["180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-065/ACR-065_install.JPG","180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-065/ACR-065_software.JPG","180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-065/ACR-065_internaloffer.JPG","180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-088/ACR-088_software.JPG","180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-099/ACR-099_software.JPG","180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-099/ACR-099_internaloffer.JPG","180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-171/ACR-099_software.JPG","180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-171/ACR-171_internaloffer.JPG","180325/SystemOptimizer-180316/3.2.0.1/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"4b1900d6-7116-4ba1-9d51-b8cf19ac5d7a_3.2.0.1_1","appID":"SystemOptimizer-180316","dateAdded":"180325","deceptorType":"App","name":"System Optimizer 3.2","company":"PC Repair Labs Limited","version":"3.2.0.1","sigName":"Deceptor:Win32/SystemOptimizer!084","firstVendorContactDate":"180618","firstAppEsteemReplyDate":"180618","firstResolvedDate":"180618","firstResolvedVersion":"App stops distributing, download link shutdown. Move to purchase only mode","resolved":"TRUE","lastKnownStatus":"Deceptor:3.2.0.1","lastKnownDate":"180325","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-20T16:46:25.7129267+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2554},{"violations":{"ACR-003":"The application exaggerates registry keys and file extensions as being registry errors, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-092":"The application has no digital signature information it is unsigned.\n","ACR-157":"The application has no digital signature information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-037":"There is no Privacy Policy provided for the application.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"newutilitiessetup.exe","isInstaller":"True","companyName":"NTechnologies Inc                                           ","productName":"New Utilities","productVersion":"4.0","fileVersion":"4.0","hashMD5":"441aabdff247098b703c4c7a9b7bf9d2","hashSHA1":"6d031e6d53cf68f8479928116f67dc961d6c54d1","hashSHA256":"f94232a6935ba946c408c352cb4366b51a2f147678caebdc940ed5150b0111b2","digitalCertThumbprint":"8320A4150398F09C9C692AE4C4FD7675099BC2F9","digitalCertIssuer":"E=support@new-utilities.net, CN=OpenSSL certificate, O=Trusted X.509 certificate, C=US","digitalCertIssuedTo":"E=support@new-utilities.net, CN=NTechnologies Inc, O=NTechnologies Inc, C=US","sourceIndex":"337","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"NewUtilities.exe","companyName":"NTechnologies Inc","productName":"New Utilities","productVersion":"4.0.0.0","fileVersion":"4.0.0.0","hashMD5":"47171ce2052b7954ea31102726fd979b","hashSHA1":"d6209c7146ea275049e9a29c18516f24beda4583","hashSHA256":"455940a7e3ba1b4295305b13cdf329cddefebcb7c87d81a5f021ce82c0068db8","digitalCertThumbprint":"8320A4150398F09C9C692AE4C4FD7675099BC2F9","digitalCertIssuer":"E=support@new-utilities.net, CN=OpenSSL certificate, O=Trusted X.509 certificate, C=US","digitalCertIssuedTo":"E=support@new-utilities.net, CN=NTechnologies Inc, O=NTechnologies Inc, C=US","sourceIndex":"337","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://www.bitsdujour.com/ (PC Utilities Category)","landingPage":"http://www.new-utilities.net/","directDownloadingLink":"http://www.new-utilities.net/download/newutilitiessetup.exe?v4_0","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.new-utilities.net/download/newutilitiessetup.exe?v4_0","sourceIndex":"337"}],"sampleFiles":["180323/NewUtilities-180322/4.0/Samples/newutilitiessetup.exe","180323/NewUtilities-180322/4.0/Samples/NewUtilities.exe"],"imageFiles":["180323/NewUtilities-180322/4.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180323/NewUtilities-180322/4.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180323/NewUtilities-180322/4.0/Images/ACR-065/ACR_065_INSTALL.PNG","180323/NewUtilities-180322/4.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180323/NewUtilities-180322/4.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180323/NewUtilities-180322/4.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180323/NewUtilities-180322/4.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180323/NewUtilities-180322/4.0/Images/ACR-157/ACR_157_SOFTWARE.PNG","180323/NewUtilities-180322/4.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180323/NewUtilities-180322/4.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180323/NewUtilities-180322/4.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180323/NewUtilities-180322/4.0/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"691da4bc-b760-41c8-a6c7-27b010878b85_4.0_1","appID":"NewUtilities-180322","dateAdded":"180323","deceptorType":"App","name":"New Utilities","company":"NTechnologies Inc","version":"4.0","sigName":"Deceptor:Win32/NewUtilities!003","lastKnownStatus":"Deceptor:4.0","lastKnownDate":"241126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-26T23:34:30.2467812+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2555},{"violations":{"ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-058":"Main landing page does not disclose that the app monetizes through cross-selling other apps.\n"},"samples":[{"isRevoked":"False","fileName":"fmrtsitesetup.exe","isInstaller":"True","companyName":"FreeMalwareRemovalTool.Com                                  ","productName":"Free Malware Removal Tool","productVersion":"1.0.0.42197","fileVersion":"Free Malware Removal","hashMD5":"e4b8c69f3a6f4edc060be82a3949fbe8","hashSHA1":"3f031f7481f5c436718bf80fd8acbd9ff0c6a52d","hashSHA256":"18d07bcf9e6cdf31c0f2eba8cc760e9b947c6757976d11d0754a92ddad53fb7d","digitalCertThumbprint":"8A285AC451D5F6A865D7A5B68B3A2A22451529B1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=How To Remove It, O=How To Remove It, STREET=\"74­, GREEN PARK VISTAR, DADI KA PHATAK, BENAD ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3668","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FMRT.exe","companyName":"FreeMalwareRemovalTool.com","productName":"Free Malware Removal Tool","productVersion":"1.0.0.42197","fileVersion":"1.0.0.42197","hashMD5":"460b796fa8e71922b477a1090570d7c2","hashSHA1":"9b929391ba8fbc7711fb01c28fe5e19864394092","hashSHA256":"a766558b9a552b3d8648db9d8c31263a1c6c6bed15908fa54354248f105e831e","digitalCertThumbprint":"8A285AC451D5F6A865D7A5B68B3A2A22451529B1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=How To Remove It, O=How To Remove It, STREET=\"74­, GREEN PARK VISTAR, DADI KA PHATAK, BENAD ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3668","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://info.dogpile.com (remove spyware tool)","landingPage":"http://freemalwareremovaltool.com/","directDownloadingLink":"https://d19v7x158tl0yn.cloudfront.net/fmrt/fmrtsitesetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d19v7x158tl0yn.cloudfront.net/fmrt/fmrtsitesetup.exe","sourceIndex":"3668"}],"sampleFiles":["180322/FreeMalwareRemovalTool-180316/1.0.0.42197/Samples/fmrtsitesetup.exe","180322/FreeMalwareRemovalTool-180316/1.0.0.42197/Samples/FMRT.exe"],"imageFiles":["180322/FreeMalwareRemovalTool-180316/1.0.0.42197/Images/ACR-010/ACR_010_ADS_INSIDE_APP.PNG","180322/FreeMalwareRemovalTool-180316/1.0.0.42197/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":["180322/FreeMalwareRemovalTool-180316/1.0.0.42197/Images/ACR-088/ACR_088_SOFTWARE.PNG","180322/FreeMalwareRemovalTool-180316/1.0.0.42197/Images/ACR-092/ACR_092_SOFTWARE.PNG","180322/FreeMalwareRemovalTool-180316/1.0.0.42197/Images/ACR-058/ACR_058_LANDING_PAGE.PNG"],"guid":"efb2effa-4cb3-4f5e-a402-37e400afd86c_1.0.0.42197_1","appID":"FreeMalwareRemovalTool-180316","dateAdded":"180322","deceptorType":"App","name":"Free Malware Removal Tool","company":"FreeMalwareRemovalTool.Com","version":"1.0.0.42197","sigName":"Deceptor:Win32/FreeMalwareRemovalTool!010016","lastKnownStatus":"Deceptor:1.0.0.52740","lastKnownDate":"201123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2020-11-23T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2562},{"violations":{"ACR-003":"The application exaggerates system's health condition eg, improvement potential as high for fixing registry issues .thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user.\n","ACR-059":"The app was not clearly marked as an optional or additional offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Speed-Up Tools Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application's inline offer has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-159":"There is no mention on the landing page that payment will be required to activate the full functionality of the app.\n","ACR-171":"The consumer is required to opt-out of additional payment for Advanced Password Manager, which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"mpcmsetup.exe","isInstaller":"True","productName":"My PC Mechanic","productVersion":"1.0.0.1112","fileVersion":"1.0.0.1112","hashMD5":"7df7a163010272a7d7ae8372cfecb0e3","hashSHA1":"63d8d6daeaf8252eeba54759878128e0acae8c78","hashSHA256":"c5051ac718a23a1c07ac8d25c440c8963f4b1d2a37d27ad1e535417fcf4dee61","digitalCertThumbprint":"9BF55393E1186739791B5F981176EF53C1369FAD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speed-Up Tools Inc, O=PC Speed-Up Tools Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"428","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spct.exe","companyName":"n/a","productName":"n/a","productVersion":"1.0.0.1112","fileVersion":"1.0.0.1112","hashMD5":"96118a3fb0770aabd85bce5ec8c2e538","hashSHA1":"4566ff90f4cb2807f9d0c6276fecb910d72ab775","hashSHA256":"1a2268516128e5a41d59895ce3f402b208cc12885196bc25d4d7cf9f99872bd6","digitalCertThumbprint":"9BF55393E1186739791B5F981176EF53C1369FAD","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speed-Up Tools Inc, O=PC Speed-Up Tools Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=JAIPUR, S=RAJASTHAN, PostalCode=302013, C=IN","sourceIndex":"428","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com (fix my registry)","landingPage":"http://tuneupmypcs.com/","directDownloadingLink":"https://d1cypjn87nln6r.cloudfront.net/securerc/mpcmsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d1cypjn87nln6r.cloudfront.net/securerc/mpcmsetup.exe","sourceIndex":"428"}],"sampleFiles":["180322/MyPCMechanic-180316/1.0.0.1112/Samples/mpcmsetup.exe","180322/MyPCMechanic-180316/1.0.0.1112/Samples/spct.exe"],"imageFiles":["180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-003/ACR_003_SOFTWARE.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-010/ACR_-010_INLINE_OFFERS.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-059/ACR_059_INLINE_OFFERS.PNG"],"nonDeceptorImageFiles":["180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-065/ACR_065_SOFTWARE.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-088/ACR_088_SOFTWARE.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-092/ACR_092_SOFTWARE.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-099/ACR_099_INLINE_OFFERS.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-099/ACR_099_SOFTWARE.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-159/ACR_159_LANDING_PAGE.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-171/ACR_171_INTERNAL_OFFER_SCREENSHOT_1.PNG","180322/MyPCMechanic-180316/1.0.0.1112/Images/ACR-171/ACR_171_INTERNAL_OFFER_SCREENSHOT_2.PNG"],"guid":"55d5d297-ed1d-4c47-8bc8-c2e49c87f617_1.0.0.1112_1","appID":"MyPCMechanic-180316","dateAdded":"180322","deceptorType":"App","name":"My PC Mechanic","company":"My PC Mechanic.","version":"1.0.0.1112","sigName":"Deceptor:Win32/MyPCMechanic!003010059","lastKnownStatus":"Deceptor:1.0.0.1112","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2024-11-05T19:04:05.2378306+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2093},{"violations":{"ACR-003":"The application exaggerates Registry Items (Enhance System Performance and System/User Software Related) as high improvement potential as well as using the color gradient \"red\" , thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Universal Driver Updater) to the user.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Syscare Logics LLP\" which is not disclosed in the app's EULA.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-171":"The consumer is required to opt-out of additional payments for McAfee AntiVirus and Advanced Password Manager, which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"msmsetup.exe","isInstaller":"True","productName":"My System Mechanic","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"6daf37d86ab89dca5118f7267eb6a531","hashSHA1":"9ff69f7b8f2c1e62e0814461f49c486791035833","hashSHA256":"f54556a331e190ca566550f9af28830bd555ddcf7b5a3bd3906f92d2722e787f","digitalCertThumbprint":"61E8DCF8FE3D419F0072A615CBD630034F690885","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics LLP, O=Syscare Logics LLP, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"429","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"scad.exe","companyName":"n/a","productName":"Cleaning Tool","productVersion":"1.0.0.9","fileVersion":"1.0.0.9","hashMD5":"d066bc02fbcc14e04db2a5b48588d094","hashSHA1":"e59932a02fa019ab8822f418f3b01210115aee4d","hashSHA256":"7b71523dd73b22212e66d6cd7d7716415225348a69766ee25cee1ad205cf2eb6","digitalCertThumbprint":"61E8DCF8FE3D419F0072A615CBD630034F690885","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Syscare Logics LLP, O=Syscare Logics LLP, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"429","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com (fix my registry)","landingPage":"http://epcbooster.com/","directDownloadingLink":"https://d13f3nlx7v7o65.cloudfront.net/site/msmsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d13f3nlx7v7o65.cloudfront.net/site/msmsetup.exe","sourceIndex":"429"}],"sampleFiles":["180322/MySystemMechanic-180316/1.0.0.9/Samples/msmsetup.exe","180322/MySystemMechanic-180316/1.0.0.9/Samples/scad.exe"],"imageFiles":["180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-003/ACR_003_SOFTWARE.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-010/ACR_010_SOFTWARE.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-084/ACR_084_SOFTWARE.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-016/ACR_016_ADS_INSIDE_APP.mp4"],"nonDeceptorImageFiles":["180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-088/ACR_088_SOFTWARE.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-092/ACR_092_SOFTWARE.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180322/MySystemMechanic-180316/1.0.0.9/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"bcddf9ea-7668-4c39-a549-6de62f6668f8_1.0.0.9_1","appID":"MySystemMechanic-180316","dateAdded":"180322","deceptorType":"App","name":"My System Mechanic","company":"My System Mechanic.","version":"1.0.0.9","sigName":"Deceptor:Win32/MySystemMechanic!003010016084","lastKnownStatus":"Deceptor:1.0.0.9","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T19:00:58.9252773+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2092},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as high severity and high improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver updater) to the user\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The installed application has a different publisher name than what is located in the certification information.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards from Tucows, CNET and Chip Download that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment.\n"},"samples":[{"isRevoked":"False","fileName":"pcssetup.exe","isInstaller":"True","companyName":"Speedup PC 2018","productName":"Speed~Up~PC~2018","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"70d0cce0127ec8f8ac104f9c2c7e680d","hashSHA1":"fc082738454a8169bd101283c03287b80ddd5fb6","hashSHA256":"64a09dd0ed1d1d8fe79a28279c619d7b5ee77f76a96881c6f945dbe7c5ec5489","digitalCertThumbprint":"5554829AECAE21B5DC5344E8C3C49D41F9F889A1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE LOGlCS, O=SYSCARE LOGlCS, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"430","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"oscm.exe","companyName":"Speedup PC 2018","productName":"Speed~Up~PC~2018","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"3e5f12f075c89c029ec3e2ee52ca2bfd","hashSHA1":"b055c04ef489c78eaa409393dda431a582b75d55","hashSHA256":"6e89a0d763314912de2522cc631cd1c3086e192e68ff60feaa738af33919d120","digitalCertThumbprint":"5554829AECAE21B5DC5344E8C3C49D41F9F889A1","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=SYSCARE LOGlCS, O=SYSCARE LOGlCS, STREET=\"B-52,SWEET HOME,SETHI COLONY,JAWAHAR NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302004, C=IN","sourceIndex":"430","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"Deceptor submission 180316","landingPage":"https://d3952tlv48p4xq.cloudfront.net/spedupc/securerc/c10/pcssetup.exe","directDownloadingLink":"https://d12ecykerj9bal.cloudfront.net/acp/securerc/i2/acpsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d12ecykerj9bal.cloudfront.net/acp/securerc/i2/acpsetup.exe","sourceIndex":"430"}],"sampleFiles":["180322/SpeedUpPC2018-180316/2.0.0.0/Samples/pcssetup.exe","180322/SpeedUpPC2018-180316/2.0.0.0/Samples/oscm.exe"],"imageFiles":["180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-003/ACR-003_software.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-003/ACR-003_software1.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-003/ACR-003_software2.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-010/ACR-010_inlineoffer.JPG"],"nonDeceptorImageFiles":["180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-065/ACR-065_software.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-065/ACR-065_Internaloffer.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-161/ACR-161_internaloffer.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-092/ACR-092_software.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-099/ACR-099_software.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-099/ACR-099_Internaloffer.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-150/ACR-150_internaloffer.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-171/ACR-171_internaloffer.JPG","180322/SpeedUpPC2018-180316/2.0.0.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"ccf7ad0e-ed42-42e4-b3a7-617fabcc00ac_2.0.0.0_1","appID":"SpeedUpPC2018-180316","dateAdded":"180322","deceptorType":"App","name":"Speedup PC 2018","company":"Syscare Logics","version":"2.0.0.0","sigName":"Deceptor:Win32/SpeedupPC2018!003010","lastKnownStatus":"Deceptor:2.0.0.0","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T18:54:56.7343237+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2091},{"violations":{"ACR-014":"The app misleads the user by labeling registry keys, browser files and windows settings as threats.\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"HOW TO REMOVE IT\" which is not disclosed in the app's offer.\n","ACR-058":"The app does not disclose that it monetizes through cross-selling other apps\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"fmrtsitesetup.exe","isInstaller":"True","companyName":"FreeMalwareRemovalTool.Com                                  ","productName":"Free Malware Removal Tool","productVersion":"1.0.0.52740","fileVersion":"1.0.0.52740","hashMD5":"1bae97a3d23856fe9489c38a19ae6463","hashSHA1":"99b2a58443471db09c25acbcec56a4e22b4e704a","hashSHA256":"caf30100395b06cd526e1e1779cb2cc29969e708b385dc63cf927e7f93895162","digitalCertThumbprint":"44B866F5A738C02705107C0DED3D2CB096934AE4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=HOW TO REMOVE IT, O=HOW TO REMOVE IT, STREET=\"74-GREEN PARK VISTAR,DADI KA PHATAK,BENAD ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3578","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FMRT.exe","companyName":"FreeMalwareRemovalTool.com","productName":"Free Malware Removal Tool","productVersion":"1.0.0.52740","fileVersion":"1.0.0.52740","hashMD5":"cf36a2ce369ecb487a6fc6e74fc1ba13","hashSHA1":"41905be8c9a27ca4be36fdb6d1a0a5f75ed7f947","hashSHA256":"ad256e56529f0fec60aabe3b80f1d60353aee97bd3343f6150c86ddfee583bff","digitalCertThumbprint":"44B866F5A738C02705107C0DED3D2CB096934AE4","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=HOW TO REMOVE IT, O=HOW TO REMOVE IT, STREET=\"74-GREEN PARK VISTAR,DADI KA PHATAK,BENAD ROAD\", L=JAIPUR, S=RAJASTHAN, PostalCode=302012, C=IN","sourceIndex":"3578","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"Existing decepter review","landingPage":"http://freemalwareremovaltool.com/","directDownloadingLink":"https://d19v7x158tl0yn.cloudfront.net/fmrt/fmrtsitesetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://d19v7x158tl0yn.cloudfront.net/fmrt/fmrtsitesetup.exe","sourceIndex":"3578"}],"sampleFiles":["180322/FreeMalwareRemovalTool-180316/1.0.0.52740/Samples/fmrtsitesetup.exe","180322/FreeMalwareRemovalTool-180316/1.0.0.52740/Samples/FMRT.exe"],"imageFiles":["180322/FreeMalwareRemovalTool-180316/1.0.0.52740/Images/ACR-059/ACR-059_inlineoffer.JPG","180322/FreeMalwareRemovalTool-180316/1.0.0.52740/Images/ACR-014/ACR-014_software1.JPG","180322/FreeMalwareRemovalTool-180316/1.0.0.52740/Images/ACR-014/ACR-014_software.JPG"],"nonDeceptorImageFiles":["180322/FreeMalwareRemovalTool-180316/1.0.0.52740/Images/ACR-092/ACR-092_software.JPG","180322/FreeMalwareRemovalTool-180316/1.0.0.52740/Images/ACR-058/ACR-058_landingpage.JPG","180322/FreeMalwareRemovalTool-180316/1.0.0.52740/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"guid":"efb2effa-4cb3-4f5e-a402-37e400afd86c_1.0.0.52740_1","appID":"FreeMalwareRemovalTool-180316","dateAdded":"180322","deceptorType":"App","name":"Free Malware Removal Tool","company":"FreeMalwareRemovalTool.Com","version":"1.0.0.52740","sigName":"Deceptor:Win32/FreeMalwareRemovalTool!014059","lastKnownStatus":"Deceptor:1.0.0.52740","lastKnownDate":"201123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2020-11-23T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2561},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys and dll files as errors of high damage level, thereby misleading or scaring user to take action.\nUpon trying to uninstall the app the user is prompted that they can fix 100 errors for free.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-117":"App uninstall prompts the user :that it will fix critial errors amd optimize registry for free\" to deter the user from uninstalling the app.\n","ACR-124":"The option to continue uninstall is not obvious and clear, not presented as if it is clickable to continue uninstall.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCOptimizerBuddySetup.exe","isInstaller":"True","companyName":"RST Technologies","productName":"PC Optimizer Buddy","productVersion":"2.5.0","fileVersion":"2.5.0","hashMD5":"88b07557a80c0b2a093e5b2310fe85b7","hashSHA1":"4d27720846ab89358c1cd17f0ea62e968113a0c7","hashSHA256":"d426d67191a54315333f7aa98ae675caa14ba9da034c788b45fce94c4920fcbe","digitalCertThumbprint":"E013F97187900F4EBF6D7ADC42729686C2A93FE5","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"RST Ventures, LLC\", O=\"RST Ventures, LLC\", STREET=10734 WHITE BRIDGE LN, STREET=Ste 1700, L=SUGAR LAND, S=Texas, PostalCode=77498, C=US","sourceIndex":"3667","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCOptimizerBuddy.exe","companyName":"RST Technologies","productName":"PCOptimizerBuddy","productVersion":"2.5.0.0","fileVersion":"2.5.0.0","hashMD5":"2cd52c1e32565b41059fcd77902deb68","hashSHA1":"8f35182f1631015e8db31f154fdd1649d7afcfb4","hashSHA256":"3848ed18c5eb3b916569b2eda061277ecc0d3bebdbc61d62fa32ac2d241dfb53","digitalCertThumbprint":"E013F97187900F4EBF6D7ADC42729686C2A93FE5","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"RST Ventures, LLC\", O=\"RST Ventures, LLC\", STREET=10734 WHITE BRIDGE LN, STREET=Ste 1700, L=SUGAR LAND, S=Texas, PostalCode=77498, C=US","sourceIndex":"3667","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"slow pc optimizer\" page 5 of results http://pcoptimizerbuddy.com/","landingPage":"http://pcoptimizerbuddy.com/","directDownloadingLink":"http://pcoptimizerbuddy.com/PCOptimizerBuddySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pcoptimizerbuddy.com/PCOptimizerBuddySetup.exe","sourceIndex":"3667"}],"sampleFiles":["180322/PcOptimizerBuddy-180316/2.5.0/Samples/PCOptimizerBuddySetup.exe","180322/PcOptimizerBuddy-180316/2.5.0/Samples/PCOptimizerBuddy.exe"],"imageFiles":["180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-003/ACR-003_software.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-003/ACR-003_software1.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-003/ACR-003_software2.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-003/ACR-003_uninstall.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-168/ACR-168_software.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-117/ACR-117_uninstall.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-124/ACR-124_uninstall.JPG"],"nonDeceptorImageFiles":["180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-065/ACR-065_install.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-065/ACR-065_software.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-163/ACR-163_software.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-088/ACR-088_software.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-160/ACR-160_software.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-099/ACR-099_software.JPG","180322/PcOptimizerBuddy-180316/2.5.0/Images/ACR-167/ACR-167_docs.JPG"],"guid":"a912cd7e-89f6-4f4a-bfed-9c01a8f0b179_2.5.0_1","appID":"PcOptimizerBuddy-180316","dateAdded":"180322","deceptorType":"App","name":"PcOptimizerBuddy","company":"PCOptimizerBuddy.com","version":"2.5.0","sigName":"Deceptor:Win32/PCOptimizerBuddy!003117168","lastKnownStatus":"Deceptor:2.5.0","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2559},{"violations":{"ACR-003":"The application exaggerates Empty registry keys, shared DLLs, file extensions etc. as problems, thereby misleading or scaring user to take action.\n","ACR-116":"The application cannot be uninstall using the platform standard features.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"TurboSoft Systems LTD\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"Registrykit_setup.exe","isInstaller":"True","companyName":"RegistryKit.com                                             ","productName":"Registry Kit","productVersion":"2.0","fileVersion":"","hashMD5":"b1d6029b005e90f8562205f9d45b1eaf","hashSHA1":"29f59e728663fe6639d7d5a60460e1c0efa616ef","hashSHA256":"337280ccfa0b239e707dfe614558d91fb08a2a4aa9be62fdbe007d27d4662cf8","digitalCertThumbprint":"68E81CFE0967DFDE7FD341847A7A5E3A5932DBE9","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TurboSoft Systems LTD, O=TurboSoft Systems LTD, STREET=Sheung Wan, L=Hongkong, S=Hongkong, PostalCode=HK, C=HK","sourceIndex":"3666","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryKit.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"636fdc272630e4639f23293e35674b15","hashSHA1":"ce4c499eae8bd340d3f7c038d957e1cba3e7635b","hashSHA256":"1c3fc024a3750548b2d4b10e926629ab843ad3d490521629b06cb292db23e99c","digitalCertThumbprint":"68E81CFE0967DFDE7FD341847A7A5E3A5932DBE9","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=TurboSoft Systems LTD, O=TurboSoft Systems LTD, STREET=Sheung Wan, L=Hongkong, S=Hongkong, PostalCode=HK, C=HK","sourceIndex":"3666","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com (free pc cleaner and repair)","landingPage":"http://registrykit.com/","directDownloadingLink":"http://registrykit.com/Registrykit_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://registrykit.com/Registrykit_setup.exe","sourceIndex":"3666"}],"sampleFiles":["180322/RegistryKit-180316/2.0/Samples/Registrykit_setup.exe","180322/RegistryKit-180316/2.0/Samples/RegistryKit.exe"],"imageFiles":["180322/RegistryKit-180316/2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180322/RegistryKit-180316/2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180322/RegistryKit-180316/2.0/Images/ACR-116/ACR_116_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180322/RegistryKit-180316/2.0/Images/ACR-065/ACR_065_INSTALL.PNG","180322/RegistryKit-180316/2.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180322/RegistryKit-180316/2.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180322/RegistryKit-180316/2.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180322/RegistryKit-180316/2.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180322/RegistryKit-180316/2.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180322/RegistryKit-180316/2.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180322/RegistryKit-180316/2.0/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"3d116f69-ec51-4e76-b7ac-a27b9ae0eb7c_2.0_1","appID":"RegistryKit-180316","dateAdded":"180322","deceptorType":"App","name":"Registry Kit","company":"RegistryKit.com","version":"2.0","sigName":"Deceptor:Win32/RegistryKit!003116","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"180322","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-03-24T00:07:48.0166136+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2558},{"violations":{"ACR-003":"The application reports outdated drivers as being ancient and reports the out of date driver as a problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"The installed application has a different publisher name than what is located in the certification information.\n","ACR-160":"The application does not use a certified call center to monitize the app. Upon calling the phone number provided but the call disconnects as soon as it starts ringing.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of additional payment for \"special disk cleaning tools\".\n"},"samples":[{"isRevoked":"False","fileName":"sdusetup_new.exe","isInstaller":"True","companyName":"http://www.superdriverupdater.com/                          ","productName":"Super Driver Updater","productVersion":"2.1.1086.16321","fileVersion":"2.1","hashMD5":"6c70ea4d9b6ee5b7ebcb957746c8cae1","hashSHA1":"6c944eeaea88e0d026f8a623bb866879b160b1e6","hashSHA256":"abd0563544a9ed870d4f6687f234e6b4a78ad9b5b7155d07274067863fdfe484","digitalCertThumbprint":"81AF25E634A445EA24024E90095C65663DCAF188","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=The Phone Support Pvt. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=The Phone Support Pvt. Ltd., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3283","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":["Trend Micro Internet Security (20190131)"]},{"isRevoked":"False","fileName":"sdu.exe","companyName":"SuperDriverUdpater.com","productName":"Super Driver Updater","productVersion":"2.1.1086.16321","fileVersion":"2.1.1086.16321","hashMD5":"0a927c487ef8f93ae992ef145cd1789e","hashSHA1":"e11f2d764683e3d24f979940d7df98b10d642968","hashSHA256":"4d38b466207658a942e1a389ea310c3829f8a673556f889af2d93ef9dfe58862","digitalCertThumbprint":"81AF25E634A445EA24024E90095C65663DCAF188","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=The Phone Support Pvt. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=The Phone Support Pvt. Ltd., L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"3283","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"driver optimizer\" page 5 of the results www.spyware-techie.com/super-driver-updater-removal-guide. search for super driver updater from that reference.","landingPage":"http://www.superdriverupdater.com/","directDownloadingLink":"http://cloudfront.systweak.com/downloads/superdriverupdater/sdusetup_new.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cloudfront.systweak.com/downloads/superdriverupdater/sdusetup_new.exe","sourceIndex":"3283"}],"sampleFiles":["180322/SuperDriverUpdater-180316/2.1.1086.16321/Samples/sdusetup_new.exe","180322/SuperDriverUpdater-180316/2.1.1086.16321/Samples/sdu.exe"],"imageFiles":["180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-003/ACR-003_software.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-003/ACR-003_software1.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-017/ACR-017_install.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-017/ACR-017_software.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-017/ACR-017_software1.JPG"],"nonDeceptorImageFiles":["180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-065/ACR-065_software.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-065/ACR-065_internaloffer.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-163/ACR-163_software.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-163/ACR-163_landingpage.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-163/ACR-163_internaloffer.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-092/ACR-092_software.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-160/ACR-160_software.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-099/ACR-099_software.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-099/ACR-099_internaloffer.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-171/ACR-171_internaloffer.JPG","180322/SuperDriverUpdater-180316/2.1.1086.16321/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"4d1772a5-6e59-4c5c-af34-913beffadaf7_2.1.1086.16321_1","appID":"SuperDriverUpdater-180316","dateAdded":"180322","deceptorType":"App","name":"Super Driver Updater","company":"Super Driver Updater","version":"2.1.1086.16321","sigName":"Deceptor:Win32/SuperDriverUpdater!003017","lastKnownStatus":"Deceptor:2.1.1086.16321","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:59:52.760158+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2557},{"violations":{"ACR-003":"The application exaggerates temp files,browsing history , invalid registry entries as problems, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created multiple scheduled tasks which cannot be disabled from the software interface.\n","ACR-016":"Displayed ads lead to direct downloading and installation of the applications instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays testimonials but they are not specific to the app being sold.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-036":"The app uses multiple third party files that are not described and disclosed in the EULA, Terms of Service.\n","ACR-037":"No privacy policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The consumer is required to opt-out of additional payment for download protection which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"WindowsCareGenius.exe","companyName":"Tenorshare.com","productName":"Windows Care Genius","productVersion":"3.9","fileVersion":"3.9.6.357","hashMD5":"f4d169d1f4a2e9a731f236ee7e8e8231","hashSHA1":"0c303fb7c8f79696c71fda1392d584ff672ff83d","hashSHA256":"04be6bcbd2f17d454c36a44c58a087fbe43bbc678438b389cc03f1b3f7f1c724","sourceIndex":"3282","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"windows-care-genius-trial.exe","isInstaller":"True","companyName":"tenorshare.com                                              ","productName":"Windows Care Genius","productVersion":"3.95","fileVersion":"3.95","hashMD5":"3e0568431d73428cb3e28c2a263bc4be","hashSHA1":"702c4ed63dbdab225db2675207a3bd76c6bbe760","hashSHA256":"1d894f49930d7dd68277fe86e1972cb2bdee575546df92860b64b5d4be456cc7","digitalCertThumbprint":"49DE5C951646DF99480A98AE51028E3FBA0D355E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Tenorshare Co.,Ltd.\", O=\"Tenorshare Co.,Ltd.\", L=Shenzhen, S=Guangdong, C=CN","sourceIndex":"3282","avBlockList":["Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"slow pc optimizer\" page 9 of the results https://www.tenorshare.com/windows-system-tuneup.html","landingPage":"https://www.tenorshare.com/windows-system-tuneup.html","directDownloadingLink":"https://download.tenorshare.com/downloads/windows-care-genius-trial.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://download.tenorshare.com/downloads/windows-care-genius-trial.exe","sourceIndex":"3282"}],"sampleFiles":["180322/WindowsCareGenius-180316/3.95/Samples/WindowsCareGenius.exe","180322/WindowsCareGenius-180316/3.95/Samples/windows-care-genius-trial.exe"],"imageFiles":["180322/WindowsCareGenius-180316/3.95/Images/ACR-003/ACR-003_software.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-084/ACR-084_software.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-084/ACR-084_software1.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":["180322/WindowsCareGenius-180316/3.95/Images/ACR-065/ACR-065_install.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-065/ACR-065_software.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-065/ACR-065_landingpage.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-065/ACR-065_internaloffer.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-161/ACR-161_internaloffer.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-099/ACR-099_software.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-036/ACR-036_docs.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-036/ACR-036_docs1.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-171/ACR-171_internaloffer.JPG","180322/WindowsCareGenius-180316/3.95/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"45c5548d-0b5a-4066-8386-803b56534551_3.95_1","appID":"WindowsCareGenius-180316","dateAdded":"180322","deceptorType":"App","name":"WindowsCareGenius","company":"Tenorshare Co.,Ltd","version":"3.95","sigName":"Deceptor:Win32/WindowsCareGenius!003016084","lastKnownStatus":"Deceptor:3.95","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T01:00:48.5596366+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2556},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys and disk fragmentation as errors of serious and critical status, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays a testimonial but does not provide any links back to a source so they can be verified.\n","ACR-092":"The application does not have a digital signature.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"lsp_setup.exe","isInstaller":"True","companyName":"LightSpeedPC™                                               ","productName":"LightSpeedPC","productVersion":"","fileVersion":"0.0","hashMD5":"ea893c7b60e01acfb17cfbd3f47d6ba4","hashSHA1":"5a90b97d47df40ac5745ec3e7227f46d45435454","hashSHA256":"4ebd55df7a14bc9a3e9827730b7bb59b495e600b15668004c8e01b28473f3b38","sourceIndex":"3669","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"LightSpeedPC.exe","companyName":"LightspeedPC™","productName":"LightspeedPC","productVersion":"8.13.1.0","fileVersion":"8.13.1.0","hashMD5":"2c87db0f6ca0766046277e268975b686","hashSHA1":"92fb27f44bc41ddb1bcbd220753e19870a16bed3","hashSHA256":"049ff6fd09eb61bf3a619dc31cdad533034b0518e526f1df979cdfc271772030","sourceIndex":"3669","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.DownloadSite","reference":"https://www.downloadtyphoon.com","landingPage":"http://www.lightspeedpc.com/","directDownloadingLink":"http://www.lightspeedpc.com/win_users/lsp_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.lightspeedpc.com/win_users/lsp_setup.exe","sourceIndex":"3669"}],"sampleFiles":["180322/LightSpeedPC-180316/8.13.1.0/Samples/lsp_setup.exe","180322/LightSpeedPC-180316/8.13.1.0/Samples/LightSpeedPC.exe"],"imageFiles":["180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-003/ACR-003_software.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-003/ACR-003_software1.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-003/ACR-003_software2.JPG"],"nonDeceptorImageFiles":["180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-065/ACR-065_install.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-065/ACR-065_software.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-065/ACR-065_internaloffer.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-161/ACR-161_landingpage.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-092/ACR-092_software.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-099/ACR-099_software.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-099/ACR-099_landingpage.JPG","180322/LightSpeedPC-180316/8.13.1.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"d53b0305-cc11-498e-89cc-100b1deded13_8.13.1.0_1","appID":"LightSpeedPC-180316","dateAdded":"180322","deceptorType":"App","name":"LightSpeedPC","company":"Lightspeed Computer","version":"8.13.1.0","sigName":"Deceptor:Win32/LightSpeed!003","lastKnownStatus":"Deceptor:8.13.1.0","lastKnownDate":"180322","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-03-23T17:40:10.7913477+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2560},{"violations":{"ACR-003":"The application exaggerates the system health status as \"DANGER\" and shows the cleaning urgency as high and also labeling registry keys as errors, thereby misleading or scaring user to take action.\nUpon trying to uninstall the app the user is prompted that they can fix 100 errors for free.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.The app creates a popup schedule in the systems task scheduler but does not provide an option to disable it using the application settings.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-124":"The option to continue the uninstall is not clearly marked as an active option, leaves the consumer guessing of what to do next to complete the uninstall.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy as no installer flow is provided for the app.\nThere are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The app is referred to as Computer-Optimizer on the landing page and is installed as Defencebye which will lead to confusion of the consumer as to what was installed.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Defencebyte Pty Ltd\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application only provides a 15 days refund policy\n\n"},"samples":[{"isRevoked":"False","fileName":"DefencebyteSetup.exe","isInstaller":"True","companyName":"Defencebyte","productName":"Defencebyte","productVersion":"2.5.4","fileVersion":"2.5.4","hashMD5":"cbeb2e9c49dc79efa9bc6fb28355e3f9","hashSHA1":"c4701a13b45e6bd09bf588513b19d8063ab05020","hashSHA256":"83eedad7f4c017c8e5f39932db9ce146cbd2ddbfdfe1dc94daa636d6cdef434b","digitalCertThumbprint":"BB281246CF067ECC344145F05B3D5AED97DB2E3A","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Defencebyte Pty Ltd, O=Defencebyte Pty Ltd, STREET=G16, STREET=\"Portico Plaza, 17-19 Aurelia Street\", L=Toongabbie, S=NSW, PostalCode=2146, C=AU","sourceIndex":"3670","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Defencebyte.exe","companyName":"Defencebyte","productName":"Defencebyte","productVersion":"2.5.4.0","fileVersion":"2.5.4.0","hashMD5":"926b115a91f38d380a3035dac07e54ca","hashSHA1":"f4453d518bf3a55cb1e98e779256c8a999bf89e0","hashSHA256":"740460b0a3c6c011f64a4372e647bb851c3c355b87f710b2cebf13112f823cb2","digitalCertThumbprint":"BB281246CF067ECC344145F05B3D5AED97DB2E3A","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Defencebyte Pty Ltd, O=Defencebyte Pty Ltd, STREET=G16, STREET=\"Portico Plaza, 17-19 Aurelia Street\", L=Toongabbie, S=NSW, PostalCode=2146, C=AU","sourceIndex":"3670","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"slow pc optimizer\" page 5 of results www.computer-optimizer.com","landingPage":"www.computer-optimizer.com","directDownloadingLink":"http://www.computer-optimizer.com/computer-optimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.computer-optimizer.com/computer-optimizer.exe","sourceIndex":"3670"}],"sampleFiles":["180322/ComputerOptimizer-180316/2.5.4/Samples/computer-optimizer.exe","180322/ComputerOptimizer-180316/2.5.4/Samples/Defencebyte.exe"],"imageFiles":["180322/ComputerOptimizer-180316/2.5.4/Images/ACR-003/ACR-003_software.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-003/ACR-003_software1.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-003/ACR-003_software2.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-003/ACR-003_uninstall.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-084/ACR-084_software.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-168/ACR-168_software.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-124/ACR-124_uninstall.JPG"],"nonDeceptorImageFiles":["180322/ComputerOptimizer-180316/2.5.4/Images/ACR-042/ACR-042_install.mp4","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-065/ACR-065_software.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-002/ACR-002_landingpage.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-161/ACR-161_landingpage.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-163/ACR-163_software.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-163/ACR-163_landingpage.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-092/ACR-092_software.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-160/ACR-160_software.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-099/ACR-099_software.JPG","180322/ComputerOptimizer-180316/2.5.4/Images/ACR-167/ACR-167_docs.JPG"],"guid":"ce83a872-2dfd-4589-a0cb-fe9a56b02c66_2.5.4_1","appID":"ComputerOptimizer-180316","dateAdded":"180322","deceptorType":"App","name":"Defencebyte Computer Optimizer","company":"Defencebyte","version":"2.5.4","sigName":"Deceptor:Win32/DefencebyteComputerOptimizer!003042018168","lastKnownStatus":"Deceptor:2.5.4","lastKnownDate":"180322","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-03-23T14:15:07.1232765+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2563},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys and file associations as issues of serious and critical status, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft and Intel is endorsing the app.\n","ACR-084":"The user is unable to disable the application from running on startup from the software interface as no options are provided.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app displays logos or partnerships with Microsoft and Intel which are unable to be verified.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Intel is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"Speedy HLDGS","productName":"PCEasyNow","productVersion":"5.1","fileVersion":"0.0","hashMD5":"304f0befca67a47b8f9f44262e5fc446","hashSHA1":"3ea7c87c27694ae0aad40f9ae4969a63e8b1c8d3","hashSHA256":"b30d092fa0ab884860ef770cbfa0124d3dac2b3922d3b7b256d42525bae54ed0","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"3671","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCEasyNow.exe","companyName":"Speedy HLDGS","productName":"pceasynow","productVersion":"5.1.0.0","fileVersion":"5.1.0.0","hashMD5":"1d454fc0031d2ab6e92c760faeddf241","hashSHA1":"8c6b069ab0565240a44921468dd94f8dac4bc4cd","hashSHA256":"ef832ecbdbe114ef49cbb4b39e6962e174e225a9c92b48e50ef0e0fff7c2add7","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"3671","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://www.pceasynow.com/","directDownloadingLink":"http://www.pceasynow.com/download/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.pceasynow.com/download/setup.exe","sourceIndex":"3671"}],"sampleFiles":["180316/PCEasyNow-180315/5.1/Samples/setup.exe","180316/PCEasyNow-180315/5.1/Samples/PCEasyNow.exe"],"imageFiles":["180316/PCEasyNow-180315/5.1/Images/ACR-003/ACR-003_software.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-003/ACR-003_software1.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-017/ACR-017_install.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-017/ACR-017_software.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-017/ACR-017_internaloffer.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180316/PCEasyNow-180315/5.1/Images/ACR-065/ACR-065_install.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-065/ACR-065_software.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-017/ACR-017_landingpage.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-161/ACR-161_landingpage.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-099/ACR-099_software.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-099/ACR-99_internaloffer.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-167/ACR-167_docs.JPG","180316/PCEasyNow-180315/5.1/Images/ACR-150/ACR-150_internaloffer.JPG"],"guid":"3835ecf3-b505-4322-90f5-dbcefb8b50a2_5.1_1","appID":"PCEasyNow-180315","dateAdded":"180316","deceptorType":"App","name":"PCEasyNow","company":"Speedy HLDGS Limited Co., Ltd","version":"5.1","sigName":"Deceptor:Win32/PCEasyNow!003017084","lastKnownStatus":"Deceptor:5.1","lastKnownDate":"180316","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-03-16T21:05:20.0542189+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2564},{"violations":{"ACR-043":"Multiple third party components are installed which are not disclosed to the user in the EULA and offer or landing page\n","ACR-003":"The application exaggerates empty and invalid registry keys and dll files as errors , thereby misleading or scaring user to take action.\nUpon trying to uninstall the app the user is prompted that there are invalid items that were detected and that these \"errors\" will not be repaired.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The scan scheduler for the app is not active, however the app has created a task in windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-036":"App does not disclose third party components that was used in the EULA.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PC Optimizer_Setup.exe","isInstaller":"True","companyName":"Baisvik","productName":"PC Optimizer","productVersion":"1.9.0.0","fileVersion":"1.9.0.0","hashMD5":"7d3cd1a393f17444f62ad7fa75dbed7f","hashSHA1":"b0d294a5b3a8d919b1c45271946d9f1c7735db05","hashSHA256":"ad894114e9dc4d323614116490438548f0544bc8472d5cea71d69d618263a2b6","digitalCertThumbprint":"C21EF1F7D70E2CF72BCDF619B8314B87B0D6B020","digitalCertIssuer":"CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=info@baisvik.com, CN=Baisvik, O=Baisvik, C=UA","sourceIndex":"3672","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC Optimizer.exe","companyName":"Baisvik","productName":"PC Optimizer","productVersion":"2.3.125.113","fileVersion":"2.3.125.113","hashMD5":"ae989ce2dca3daf73b9c0a63a7a7cd38","hashSHA1":"55dd9081ec6d25c5a3f724179eab37482a686d63","hashSHA256":"18669cf52d882a5d2883fb89c1ffdce19fafb28ee2ab2e42d5a596743b8b452b","digitalCertThumbprint":"C21EF1F7D70E2CF72BCDF619B8314B87B0D6B020","digitalCertIssuer":"CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=info@baisvik.com, CN=Baisvik, O=Baisvik, C=UA","sourceIndex":"3672","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"driver fixer optimizer\" second link in the results http://baisvik.com/en/products/pc-optimizer/download-pc-optimizer","landingPage":"http://baisvik.com/en/products/pc-optimizer","directDownloadingLink":"http://download.baisvik.com/pc-optimizer/baisvik-pc-optimizer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.baisvik.com/pc-optimizer/baisvik-pc-optimizer.exe","sourceIndex":"3672"}],"sampleFiles":["180315/BiasvikPCOptimizer-180314/1.9.0.0/Samples/baisvik-pc-optimizer.exe","180315/BiasvikPCOptimizer-180314/1.9.0.0/Samples/PC Optimizer64.exe"],"imageFiles":["180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-043/ACR-043_install.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-043/ACR-043_install1.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-043/ACR-043_install2.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-003/ACR-003_software.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-003/ACR-003_software1.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-003/ACR-003_software2.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-003/ACR-003_uninstall.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-065/ACR-065_install.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-065/ACR-065_software.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-099/ACR-099_software.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-036/ACR-036_install.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-036/ACR-036_install1.JPG","180315/BiasvikPCOptimizer-180314/1.9.0.0/Images/ACR-036/ACR-036_install2.JPG"],"guid":"70ef9b13-8e1b-4f23-ba06-b08e1af79417_1.9.0.0_1","appID":"BiasvikPCOptimizer-180314","dateAdded":"180315","deceptorType":"App","name":"PC Optimizer","company":" Baisvik, LLC","version":"1.9.0.0","sigName":"Deceptor:Win32/BaisvikPCOptimizer","lastKnownStatus":"Deceptor:1.9.0.0","lastKnownDate":"180315","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-03-16T00:40:56.629427+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2565},{"violations":{"ACR-003":"App labels the drivers that can be updated as high severity, it also displays misleading driver age, thus it raises urgency and misleads user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy in the docs\n"},"samples":[{"isRevoked":"False","fileName":"Driver FixerSetup.exe","isInstaller":"True","companyName":"Baisvik","productName":"Driver Fixer","productVersion":"1.6.0","fileVersion":"1.6.0","hashMD5":"2a4669d52fcaecf276e6711a3f0caa4b","hashSHA1":"05188b13d2aa6aa8e371c0e8575623db456223f3","hashSHA256":"08f5ba9c295c8a0fe01e76cd33632ae808507dbb11836c241b7313c082c9fc20","digitalCertThumbprint":"C21EF1F7D70E2CF72BCDF619B8314B87B0D6B020","digitalCertIssuer":"CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=info@baisvik.com, CN=Baisvik, O=Baisvik, C=UA","sourceIndex":"3284","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Driver Fixer.exe","companyName":"Baisvik","productName":"Driver Fixer","productVersion":"1.1.162.1","fileVersion":"1.1.162.1","hashMD5":"626f878d566859c02d31ae8a7aaf08d6","hashSHA1":"bdaddf730a350607c7bfb4e3dc248abd6b70a2f4","hashSHA256":"7ea767bd29108d60956b607f857898b3c7e2926d51eced0c4afb9c3476e97358","digitalCertThumbprint":"C21EF1F7D70E2CF72BCDF619B8314B87B0D6B020","digitalCertIssuer":"CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL","digitalCertIssuedTo":"E=info@baisvik.com, CN=Baisvik, O=Baisvik, C=UA","sourceIndex":"3284","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"http://baisvik.com/en/products/pc-optimizer/download-pc-optimizer","landingPage":"http://baisvik.com/en/products/driver-fixer","directDownloadingLink":"http://driverupdater.baisvik.com/downloads/driver-fixer/1/baisvik-driver-fixer-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://driverupdater.baisvik.com/downloads/driver-fixer/1/baisvik-driver-fixer-setup.exe","sourceIndex":"3284"}],"sampleFiles":["180315/BiasvikDriverFixer-180314/1.6.0/Samples/baisvik-driver-fixer-setup.exe","180315/BiasvikDriverFixer-180314/1.6.0/Samples/Driver Fixer.exe"],"imageFiles":["180315/BiasvikDriverFixer-180314/1.6.0/Images/ACR-003/ACR-003_software.JPG"],"nonDeceptorImageFiles":["180315/BiasvikDriverFixer-180314/1.6.0/Images/ACR-065/ACR-065_install.JPG","180315/BiasvikDriverFixer-180314/1.6.0/Images/ACR-065/ACR-065_software.JPG","180315/BiasvikDriverFixer-180314/1.6.0/Images/ACR-099/ACR-099_software.JPG","180315/BiasvikDriverFixer-180314/1.6.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"b653524c-6522-4b07-a175-19c20dcda7aa_1.6.0_1","appID":"BiasvikDriverFixer-180314","dateAdded":"180315","deceptorType":"App","name":"Driver Fixer","company":"Baisvik, LLC","version":"1.6.0","sigName":"Deceptor:Win32/BaisvikDriverFixer!003","lastKnownStatus":"Deceptor:1.6.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:59:11.7884304+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2566},{"violations":{"ACR-003":"The application exaggerates Empty registry keys, invalid file Associations and file extensions as being problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The privacy policy link provided belongs to Safecart not CheeseSoft Ltd.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"AdvancedPCTweaker_Setup.exe","isInstaller":"True","companyName":"AdvancedPCTweaker.com, Inc.                                 ","productName":"Advanced PC Tweaker","productVersion":"4.2","fileVersion":"4.2","hashMD5":"fd90749ac0fafb90ebe282160ce93c9c","hashSHA1":"37a6cf345be2365f3ab04d84eb7d2bca1924592b","hashSHA256":"306c623f5310924b602302fd3e2b31a28a7e52dd0b2acc99cd803b6e95350336","digitalCertThumbprint":"28AFA2A8F01A287FE446C4C10334F0DE4C86B135","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Guangxi Nanning Qiwang Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Guangxi Nanning Qiwang Co. Ltd., L=Nanning, S=Guangxi, C=CN","sourceIndex":"3285","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Windows Defender (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","Webroot SecureAnywhere (20190131)"]},{"isRevoked":"False","fileName":"AdvancedPCTweaker.exe","companyName":"AdvancedPCTweaker.com, Inc.","productName":"AdvancedPCTweaker.exe","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"a89cdf10854e75c3d9aa7d6e2dadbdac","hashSHA1":"bc548e949c2fd61fd786cc3df51d0a5fe98064ec","hashSHA256":"3cd53f5b04838773d7f657ceb491e34402c637f6f3851c3e14e1f2e9bfb5b12d","sourceIndex":"3285","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://www.cheesesoft.com/","landingPage":"http://www.cheesesoft.com/products/advanced-pc-tweaker/","directDownloadingLink":"http://www.cheesesoft.com/products/download/AdvancedPCTweaker_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.cheesesoft.com/products/download/AdvancedPCTweaker_Setup.exe","sourceIndex":"3285"}],"sampleFiles":["180314/AdvancedPCTweaker-180313/4.2/Samples/AdvancedPCTweaker_Setup.exe","180314/AdvancedPCTweaker-180313/4.2/Samples/AdvancedPCTweaker.exe"],"imageFiles":["180314/AdvancedPCTweaker-180313/4.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180314/AdvancedPCTweaker-180313/4.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180314/AdvancedPCTweaker-180313/4.2/Images/ACR-065/ACR_065_INSTALL.PNG","180314/AdvancedPCTweaker-180313/4.2/Images/ACR-065/ACR_065_SOFTWARE.PNG","180314/AdvancedPCTweaker-180313/4.2/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180314/AdvancedPCTweaker-180313/4.2/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180314/AdvancedPCTweaker-180313/4.2/Images/ACR-092/ACR_092_SOFTWARE.PNG","180314/AdvancedPCTweaker-180313/4.2/Images/ACR-099/ACR_099_SOFTWARE.PNG","180314/AdvancedPCTweaker-180313/4.2/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180314/AdvancedPCTweaker-180313/4.2/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"843bc0fd-14c8-4f3e-bb3b-c2d9721516b2_4.2_1","appID":"AdvancedPCTweaker-180313","dateAdded":"180314","deceptorType":"App","name":"Advanced PC Tweaker","company":"CheeseSoft Ltd.","version":"4.2","sigName":"Deceptor:Win32/AdvancedPCTweaker","lastKnownStatus":"Deceptor:4.2","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:58:33.4168887+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2567},{"violations":{"ACR-118":"When the user attempts to completely uninstall the application, some components are retained on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DriverChecker_Setup.exe","isInstaller":"True","companyName":"driverchecker.com, Inc.                                     ","productName":"Driver Checker","productVersion":"2.7.5","fileVersion":"2.7.5","hashMD5":"53c32576d5c9063a49df81efcbe72465","hashSHA1":"5521f6912b7d3cfac77d43a8367dc6bca997b34f","hashSHA256":"4d6efdda6f65a7369983e46ee00274a69466ee750e4a1604177d69aaa3c674fe","digitalCertThumbprint":"28AFA2A8F01A287FE446C4C10334F0DE4C86B135","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Guangxi Nanning Qiwang Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Guangxi Nanning Qiwang Co. Ltd., L=Nanning, S=Guangxi, C=CN","sourceIndex":"3286","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Sophos Home Premium (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","Panda Dome (20190131)","Trend Micro Internet Security (20190131)"]},{"isRevoked":"False","fileName":"DriverChecker.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"37c17e8e48c7c3504aeba1721c5e84fb","hashSHA1":"ecf6ae01236fea61da3a9a2afaf6351b1593f3eb","hashSHA256":"cc43861d36b674f040ffa04e2c6f2c3d18ce59f207127da5b0943063cbe36f3a","digitalCertThumbprint":"28AFA2A8F01A287FE446C4C10334F0DE4C86B135","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Guangxi Nanning Qiwang Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Guangxi Nanning Qiwang Co. Ltd., L=Nanning, S=Guangxi, C=CN","sourceIndex":"3286","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"http://www.cheesesoft.com/","landingPage":"http://www.cheesesoft.com/products/driver-checker/","directDownloadingLink":"http://www.cheesesoft.com/products/download/DriverChecker_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.cheesesoft.com/products/download/DriverChecker_Setup.exe","sourceIndex":"3286"}],"sampleFiles":["180313/DriverChecker-180313/2.7.5/Samples/DriverChecker_Setup.exe","180313/DriverChecker-180313/2.7.5/Samples/DriverChecker.exe"],"imageFiles":["180313/DriverChecker-180313/2.7.5/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180313/DriverChecker-180313/2.7.5/Images/ACR-065/ACR_065_INSTALL.PNG","180313/DriverChecker-180313/2.7.5/Images/ACR-065/ACR_065_SOFTWARE.PNG","180313/DriverChecker-180313/2.7.5/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180313/DriverChecker-180313/2.7.5/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180313/DriverChecker-180313/2.7.5/Images/ACR-092/ACR_092_SOFTWARE.PNG","180313/DriverChecker-180313/2.7.5/Images/ACR-099/ACR_099_SOFTWARE.PNG","180313/DriverChecker-180313/2.7.5/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180313/DriverChecker-180313/2.7.5/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"9ccb25ae-a339-4133-bc42-e964253d8539_2.7.5_1","appID":"DriverChecker-180313","dateAdded":"180313","deceptorType":"App","name":"Driver Checker","company":"CheeseSoft Ltd.","version":"2.7.5","sigName":"Deceptor:Win32/DriverChecker!118","lastKnownStatus":"Deceptor:2.7.5","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:57:55.9825364+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2568},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as high severity and improvement potential, thereby misleading or scaring user to take action.\n","ACR-010":"The app offers a Deceptor application (Driver Updater) to the user. The app offers a Deceptor application (Driver Updater) to the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"PC Speedup Tool Inc\" which is not disclosed in the app's offer.\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced password manager which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"setup-ccl.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"0.0","hashMD5":"fded4006cf0735b3730fdb0747d7303a","hashSHA1":"8af2f5396382ebeba37968d12481de4ac13fa113","hashSHA256":"111df587163526d858261c113b8fb940b7b5c4b9c95ed17a6bb6b4e10ea37de3","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"426","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ctsc.exe","companyName":"n/a","productName":"Cleaning Tool","productVersion":"1.0.0.19","fileVersion":"1.0.0.19","hashMD5":"81eb979e9b60b64aacb902e309e88bdf","hashSHA1":"40fc6f313e57287aa184d314e29eb96842c7471e","hashSHA256":"c2029a72753d2075f2251026479e6a08cf8e2c55e45e3606e94263f4b5fee660","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"426","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://techpcutils.com/","directDownloadingLink":"http://du7ignve99kgq.cloudfront.net/securerc/setup-ccl.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://du7ignve99kgq.cloudfront.net/securerc/setup-ccl.exe","sourceIndex":"426"}],"sampleFiles":["180310/CCCleaner-180306/1.0.0.19/Samples/setup-ccl.exe","180310/CCCleaner-180306/1.0.0.19/Samples/ctsc.exe"],"imageFiles":["180310/CCCleaner-180306/1.0.0.19/Images/ACR-003/acr_003.PNG","180310/CCCleaner-180306/1.0.0.19/Images/ACR-003/acr_003_1.PNG","180310/CCCleaner-180306/1.0.0.19/Images/ACR-010/adds_in_app.PNG"],"nonDeceptorImageFiles":["180310/CCCleaner-180306/1.0.0.19/Images/ACR-161/testimonials.IO.PNG","180310/CCCleaner-180306/1.0.0.19/Images/ACR-092/acr_092.PNG","180310/CCCleaner-180306/1.0.0.19/Images/ACR-099/acr_099_lp.PNG","180310/CCCleaner-180306/1.0.0.19/Images/ACR-099/acr_099_IO.PNG","180310/CCCleaner-180306/1.0.0.19/Images/ACR-065/acr_065_IO.PNG","180310/CCCleaner-180306/1.0.0.19/Images/ACR-171/acr_171.PNG","180310/CCCleaner-180306/1.0.0.19/Images/ACR-171/internal_offeR_page.PNG"],"guid":"02fe9e24-eb62-4927-a837-0760bfe8ae6f_1.0.0.19_1","appID":"CCCleaner-180306","dateAdded":"180310","deceptorType":"App","name":"CCCleaner","company":"PC Speedup Tool Inc","version":"1.0.0.19","sigName":"Deceptor:Win32/CCCleaner!003010","lastKnownStatus":"Deceptor:1.0.0.19","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T19:09:23.4729811+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":2,"sortOrder":2094},{"violations":{"ACR-003":"The application exaggerates registry keys and pup's items as high severity and improvement potential, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The applications internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application has no link or information that shows how it can be uninstalled.\n\n","ACR-171":"The consumer is required to opt-out of additional payment.\n\n"},"samples":[{"isRevoked":"False","fileName":"cclsetup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"7a797b1670f12ff7a313c4bd227cbdca","hashSHA1":"105a2fb64a174f633266039843d6e17852d7406b","hashSHA256":"d7bc54673992b99e63f7d90e524cf2807f86d563a17a13552e9f1c6357df9e90","digitalCertThumbprint":"6550A0F40D969DA7B6010E4E8C83467FE24EEA36","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC-SPEED-UP-TOOLS, O=PC-SPEED-UP-TOOLS, STREET=\"104 Surya Nagar, Murlipura\", L=JAIPUR, S=RAJASTHAN, PostalCode=302039, C=IN","sourceIndex":"427","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ctsc.exe","companyName":"n/a","productName":"Cleaning Tool","productVersion":"1.0.0.19","fileVersion":"1.0.0.19","hashMD5":"81eb979e9b60b64aacb902e309e88bdf","hashSHA1":"40fc6f313e57287aa184d314e29eb96842c7471e","hashSHA256":"c2029a72753d2075f2251026479e6a08cf8e2c55e45e3606e94263f4b5fee660","digitalCertThumbprint":"6C1064FCA7323D8C0779D2AA53ED9C3D76632955","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=PC Speedup Tool Inc, O=PC Speedup Tool Inc, STREET=\"104 SURYA NAGAR, MURLI PURA VISHWAKARMA\", L=Jaipur, S=Rajasthan, PostalCode=302013, C=IN","sourceIndex":"427","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"adplexity: \"audio driver\"","landingPage":"http://techpcutils.com/","directDownloadingLink":"http://cdn.ccleaner.online/ccl/securerc/apst/cclsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.ccleaner.online/ccl/securerc/apst/cclsetup.exe","sourceIndex":"427"}],"sampleFiles":["180310/CCCleaner-180306/1.0.0.2502/Samples/cclsetup.exe","180310/CCCleaner-180306/1.0.0.2502/Samples/ctsc.exe"],"imageFiles":["180310/CCCleaner-180306/1.0.0.2502/Images/ACR-003/acr_003.PNG","180310/CCCleaner-180306/1.0.0.2502/Images/ACR-003/acr_003_1.PNG"],"nonDeceptorImageFiles":["180310/CCCleaner-180306/1.0.0.2502/Images/ACR-065/acr_065_IO.PNG","180310/CCCleaner-180306/1.0.0.2502/Images/ACR-161/acr_161.PNG","180310/CCCleaner-180306/1.0.0.2502/Images/ACR-088/acr_088.PNG","180310/CCCleaner-180306/1.0.0.2502/Images/ACR-099/acr_099_LP.PNG","180310/CCCleaner-180306/1.0.0.2502/Images/ACR-099/acr_099_io.PNG","180310/CCCleaner-180306/1.0.0.2502/Images/ACR-171/acr_171_1.PNG","180310/CCCleaner-180306/1.0.0.2502/Images/ACR-171/acr_171_2.PNG"],"guid":"02fe9e24-eb62-4927-a837-0760bfe8ae6f_1.0.0.2502_1","appID":"CCCleaner-180306","dateAdded":"180310","deceptorType":"App","name":"CCCleaner","company":"PC Speedup Tool Inc","version":"1.0.0.2502","sigName":"Deceptor:Win32/PCSpeedUpCCCleaner!003","lastKnownStatus":"Deceptor:1.0.0.19","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T19:08:28.7336117+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":2,"sortOrder":2095},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable the application from running at user log on from the software preferences.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which would have allowed the user to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-054":"The app does not provide an equal prominence  to \"register\" or \"remind me later\" to the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"OneSystemCaresetup.exe","isInstaller":"True","companyName":"One System Care Ltd                                   ","productName":"One System Care","productVersion":"4.4.0.3","fileVersion":"4.4.0.3","hashMD5":"7aff543f4df2fef22eaa66d7716079e5","hashSHA1":"f3e1046ea6838f3ccae00c3e46b0056a9d96366f","hashSHA256":"46f6e88ac704d56bd528d77006bb01e7c42b1fc78e4b01ae652eee98e5a1dc80","digitalCertThumbprint":"0BCD4E150CC85DA0D474180606A211E789489CA0","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=One System Care Sp. Zo.o., OU=IT Division, O=One System Care Sp. Zo.o., L=Warszawa, S=Warszawa, C=PL","sourceIndex":"3287","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":[]},{"isRevoked":"False","fileName":"OneSystemCare.exe","companyName":"One System Care Ltd","productName":"One System Care","productVersion":"4.4.0.3","fileVersion":"4.4.0.3","hashMD5":"65b7a52111f9f9bb2460fca0ff7bf0d9","hashSHA1":"4dd07e7cd216b125685898c0d6129761623cd293","hashSHA256":"9a8c186c68483b02fcf390f702d8a44bbc200828beec000a2ce0f9454ab9891d","digitalCertThumbprint":"unsigned","digitalCertIssuer":"unsigned","digitalCertIssuedTo":"unsigned","sourceIndex":"3287","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc care software\" page 5 of results https://www.onesystemcare.com","landingPage":"https://www.onesystemcare.com","directDownloadingLink":"http://h554.onesystemhost.org/331000501/OneSystemCare.exe?b=33&download=1&vtsid=1000501&bannerId=69&userId=8d502a91-81a7-4e19-800f-2cbf0268913d&visitId=a20b4e24-7900-43bf-9404-a822a9f20677","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://h554.onesystemhost.org/331000501/OneSystemCare.exe?b=33&download=1&vtsid=1000501&bannerId=69&userId=8d502a91-81a7-4e19-800f-2cbf0268913d&visitId=a20b4e24-7900-43bf-9404-a822a9f20677","sourceIndex":"3287"}],"sampleFiles":["180310/OneSystemCare-180222/4.4.0.3/Samples/OneSystemCaresetup.exe","180310/OneSystemCare-180222/4.4.0.3/Samples/OneSystemCare.exe"],"imageFiles":["180310/OneSystemCare-180222/4.4.0.3/Images/ACR-084/ACR-084_software.JPG","180310/OneSystemCare-180222/4.4.0.3/Images/ACR-016/ACR-016_adsinsideapp.mp4"],"nonDeceptorImageFiles":["180310/OneSystemCare-180222/4.4.0.3/Images/ACR-065/ACR-065_software.JPG","180310/OneSystemCare-180222/4.4.0.3/Images/ACR-065/ACR-065_internaloffer.JPG","180310/OneSystemCare-180222/4.4.0.3/Images/ACR-161/ACR-161_landingpage.JPG","180310/OneSystemCare-180222/4.4.0.3/Images/ACR-088/ACR-088_software.JPG","180310/OneSystemCare-180222/4.4.0.3/Images/ACR-099/ACR-099_software.JPG","180310/OneSystemCare-180222/4.4.0.3/Images/ACR-099/ACR-099_landingpage.JPG","180310/OneSystemCare-180222/4.4.0.3/Images/ACR-054/ACR-054_internaloffer.JPG"],"guid":"574ff39b-d141-417b-8ccd-e05f709ed4c5_4.4.0.3_1","appID":"OneSystemCare-180222","dateAdded":"180310","deceptorType":"App","name":"One System Care","company":"One System Care Ltd","version":"4.4.0.3","sigName":"Deceptor:Win32/OneSystemCare!016084","lastKnownStatus":"Deceptor:4.4.0.3","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-24T00:57:22.8979544+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2569},{"violations":{"ACR-003":"The application exaggerates ActiveX,OLE,COM Entries, System Software Settings, MRU and History Lists, Shared Programs, File Extensions, File Associations, System Services and empty registry keys as problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no digital signature information it is unsigned.\n","ACR-157":"The application has no digital signature information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n","ACR-171":"The additional offer should be opt-in.\n"},"samples":[{"isRevoked":"False","fileName":"regtweaker.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"bb6a3737cf11e9982b35ea16c2fea551","hashSHA1":"fca1c8d3f03058353482f6d392a49a716e252cff","hashSHA256":"d8043460d5fe1ac16f0463bc7d8ca9218e7754f0295987e4b4dc1db4d55a421e","sourceIndex":"3673","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegTweaker.exe","companyName":"n/a","productName":"RegTweaker","productVersion":"3.2.2","fileVersion":"3.2.2","hashMD5":"2e5280f904fe6320263c7b2e3f561e30","hashSHA1":"80903f109e94adbe0c5e4737ac976954da93406b","hashSHA256":"77826cc0a431605b5a49082c9951f344b735bc3089e928deb2432ea9be4eb7b1","sourceIndex":"3673","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com (free software for computer cleanup) and http://www.sofotex.com/ (Category: PC Utilities/ Registry Tools)","landingPage":"http://www.regtweaker.com/","directDownloadingLink":"http://www.regtweaker.com/regtweaker.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.regtweaker.com/regtweaker.exe","sourceIndex":"3673"}],"sampleFiles":["180308/RegTweaker-180301/3.2.2/Samples/regtweaker.exe","180308/RegTweaker-180301/3.2.2/Samples/RegTweaker.exe"],"imageFiles":["180308/RegTweaker-180301/3.2.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_4.PNG"],"nonDeceptorImageFiles":["180308/RegTweaker-180301/3.2.2/Images/ACR-065/ACR_065_INSTALL.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-065/ACR_065_SOFTWARE.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-091/ACR_091_SOFTWARE.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-092/ACR_092_SOFTWARE.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-157/ACR_157_SOFTWARE.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-099/ACR_065_SOFTWARE.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-167/ACR_167_DOCS.PNG","180308/RegTweaker-180301/3.2.2/Images/ACR-171/ShoppingCart.PNG"],"guid":"701b6beb-9cdf-4091-9b8e-62ff097aa84a_3.2.2_1","appID":"RegTweaker-180301","dateAdded":"180308","deceptorType":"App","name":"Reg Tweaker","company":"RegTweaker.com","version":"3.2.2","sigName":"Deceptor:Win32/RegTweaker!003","lastKnownStatus":"3.2.2","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2570},{"violations":{"ACR-003":"The application exaggerates registry keys as errors, thereby misleading or scaring user to take action.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-092":"The application does not have a digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-035":"The application does not have a EULA/Terms of Service, Returns and Cancellation Policy, and Privacy Policy. \n","ACR-037":"The application does not have a Privacy Policy. \n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"DataownerclubWindowsErrorRepair.EXE","isInstaller":"True","companyName":"Dataownerclub                                               ","productName":"DataownerclubWindowsErrorRepair","productVersion":"3.7","fileVersion":"0.0","hashMD5":"5e4e63a6de5c1588615ea2d108fcf1c7","hashSHA1":"cb9b0f1ceed0a4d5469106b4f8c772a591d98b07","hashSHA256":"bb095b36153227c342120f7783b0fd002fbe5ee0d932bc87649abb4ad2649d58","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3677","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FixSystemError.exe","companyName":"Dataownerclub","productName":"FixSystemError","productVersion":"3.7","fileVersion":"3.7","hashMD5":"9a894488fcb02e1fb63a614ae7c2373b","hashSHA1":"0bf0b10a2b1b116d4de030e54f220851ae11189b","hashSHA256":"f3d9ad772f5c874ba67049e783a9778225ac575c0498cf7e14b493fbb77d7476","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3677","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.submission ","reference":"","landingPage":"https://www.dataownerclub.com/windows-error-repair.html","directDownloadingLink":"https://www.dataownerclub.com/Dataownerclub-Windows-Error-Repair-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.dataownerclub.com/Dataownerclub-Windows-Error-Repair-setup.exe","sourceIndex":"3677"}],"sampleFiles":["180302/DataownerclubWindowsErrorRepair-180228/3.7/Samples/Dataownerclub-Windows-Error-Repair-setup.exe","180302/DataownerclubWindowsErrorRepair-180228/3.7/Samples/FixSystemError.exe"],"imageFiles":["180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-003/acr_003.PNG"],"nonDeceptorImageFiles":["180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-065/acr_065_I.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-065/acr_065_S.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-065/acr_065_LP.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-065/acr_065_IO.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-161/testimonials.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-091/unsigned.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-092/unsigned.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-099/acr_099_S.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-099/acr_099_LP.PNG","180302/DataownerclubWindowsErrorRepair-180228/3.7/Images/ACR-099/acr_099_IO.PNG"],"guid":"3cda87c5-080e-4a1d-961f-241cf24250f9_3.7_1","appID":"DataownerclubWindowsErrorRepair-180228","dateAdded":"180302","deceptorType":"App","name":"Dataownerclub Windows Error Repair","company":"DataOwnerClub","version":"3.7","sigName":"Deceptor:Win32/DataownerclubWindowsErrorRepair!003","lastKnownStatus":"Deceptor:3.7","lastKnownDate":"180228","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-03-02T20:44:22.0177235+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2571},{"violations":{"ACR-043":"App doesn't disclose that it will install/use ShieldApps' AV engine\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app created multiple scheduled tasks which cannot be disabled from the software interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no valid links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":" App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Alivenet Solution Pvt Ltd\" which is not disclosed in the app's offer. \n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses A1 technical support which is not certified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"A1AntivirusSetup.exe","isInstaller":"True","companyName":"A1 Shield","productName":"A1 Antivirus","productVersion":"3.6.1.0","fileVersion":"3.6.1.0","hashMD5":"7e8e6414fbe01df9051825f9d0214d56","hashSHA1":"2961c5cbc7db5a8b1ed54ec63793c4f46df42864","hashSHA256":"9afb78f8e8f213aa4dd49bd0e4a6cb053c5d3758aa03538cc45f7c5f6b1e5996","digitalCertThumbprint":"EDB687D39FFFDD658A8721A786A2AA4DB16D4BF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Alivenet Solution Pvt Ltd, O=Alivenet Solution Pvt Ltd, L=New Delhi, S=Delhi, C=IN","sourceIndex":"3678","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"A1Antivirus.exe","companyName":"A1 Shield","productName":"A1 Antivirus","productVersion":"3.6.1.0","fileVersion":"3.6.1.0","hashMD5":"dc0620a709e62e0805631ded703e3af0","hashSHA1":"a36931f5e0aa78a8e6af651c27b1e2cee30b3bfa","hashSHA256":"08a57ecc93e3091b2eefad18d693e3e50d783b5f91f3cdb9b3f8f68123f91f14","digitalCertThumbprint":"EDB687D39FFFDD658A8721A786A2AA4DB16D4BF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Alivenet Solution Pvt Ltd, O=Alivenet Solution Pvt Ltd, L=New Delhi, S=Delhi, C=IN","sourceIndex":"3678","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.offer","reference":"https://a1shield.com/product-details?products_ID=3","landingPage":"https://a1shield.com/product-details?products_ID=4#","directDownloadingLink":"https://a1shield.com/public/uploads/downloader/A1AntivirusSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://a1shield.com/public/uploads/downloader/A1AntivirusSetup.exe","sourceIndex":"3678"}],"sampleFiles":["180301/A1Antivirus-180221/3.6.1/Samples/A1AntivirusSetup.exe","180301/A1Antivirus-180221/3.6.1/Samples/A1Antivirus.exe"],"imageFiles":["180301/A1Antivirus-180221/3.6.1/Images/ACR-043/Screen Shot 2018-02-23 at 2.48.42 PM.png","180301/A1Antivirus-180221/3.6.1/Images/ACR-084/ACR-084_software.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-084/ACR-084_software1.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180301/A1Antivirus-180221/3.6.1/Images/ACR-065/ACR-065_software.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-065/ACR-065_install.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-065/ACR-065_install1.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-163/ACR-163_software.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-091/ACR-091_software.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-091/ACR-091_software1.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-092/ACR-092_software.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-092/ACR-092_software1.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-160/ACR-160_software.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-099/ACR-099_software.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-099/ACR-099_landingpage.JPG","180301/A1Antivirus-180221/3.6.1/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"d733b7e1-b9f4-4260-bb51-9095046a4e11_3.6.1_1","appID":"A1Antivirus-180221","dateAdded":"180301","deceptorType":"App","name":"A1 Antivirus","company":"A1 Shield","version":"3.6.1","sigName":"Deceptor/A1Antivirus!043084168","lastKnownStatus":"Deceptor:3.6.1","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2572},{"violations":{"ACR-003":"The application exaggerates an empty folder as a threat and shows the system status as critically infected, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to remove any scheduled scans using the software's interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"sparkpcsupport.com\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses its own call center which is not certified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app's landing page displays multiple endorsement logos that are unable to be verified.\nThe app's internal offer page displays multiple endorsement logos that are unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additional payment for extended download service, which was not pre-disclosed.\n","ACR-017":"The application's docs elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's landing page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app. It also displays other endorsements from CNET, PC Magazine, Majorgeeks and PC World that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"ultraheal-pc-security.exe","isInstaller":"True","companyName":"Longrun Software Private Limited","productName":"Ultraheal PC Security","productVersion":"6.0","fileVersion":"0.0","hashMD5":"d202cbdd454fab5bda9f9998eb5c35c6","hashSHA1":"e468debf2ebc219d9a55d7089011fcd539b5ee55","hashSHA256":"9f188f9bdcfa1cd403914494660d78181cf737df33325ff4c8b3631f8ae17b61","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=sparkpcsupport.com, OU=sparkpcsupport.com, O=sparkpcsupport.com, L=Delhi, S=Delhi, C=IN","sourceIndex":"3679","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"uhpcslaunch.exe","companyName":"Longrun Software Private Limited","productName":"Ultraheal PC Security","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"f6a69c33c4244b1c18b8e0d39a08cb23","hashSHA1":"939a2b3d572462d02d2ee26349cd8f06a1ba80b4","hashSHA256":"5bf191d0189e7ec1db6c7ac374985e483fdf0f039f1858c32a440757d28d3e25","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=sparkpcsupport.com, OU=sparkpcsupport.com, O=sparkpcsupport.com, L=Delhi, S=Delhi, C=IN","sourceIndex":"3679","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc cleaner software\" page 12 of the results https://www.ultraheal.com/premium-products.php","landingPage":"https://www.ultraheal.com/pc-security.php","directDownloadingLink":"https://www.ultraheal.com/download/exe/ultraheal-pc-security.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.ultraheal.com/download/exe/ultraheal-pc-security.exe","sourceIndex":"3679"}],"sampleFiles":["180227/UltraHealPCSecurity-180221/6.0/Samples/ultraheal-pc-security.exe","180227/UltraHealPCSecurity-180221/6.0/Samples/uhpcslaunch.exe"],"imageFiles":["180227/UltraHealPCSecurity-180221/6.0/Images/ACR-003/ACR-003_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-003/ACR-003_software1.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-003/ACR-003_software2.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-017/ACR-017_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-084/ACR-084_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-168/ACR-168_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-168/ACR-168_internaloffer.JPG"],"nonDeceptorImageFiles":["180227/UltraHealPCSecurity-180221/6.0/Images/ACR-065/ACR-065_install.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-065/ACR-065_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-017/ACR-017_docs.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-017/ACR-017_landingpage.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-017/ACR-017_landingpage1.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-163/ACR-163_internaloffer.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-091/ACR-091_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-091/ACR-091_software1.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-092/ACR-092_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-092/ACR-092_software1.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-160/ACR-160_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-099/ACR-099_software.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-099/ACR-099_internaloffer.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-150/ACR-150_landingpage.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-150/ACR-150_internaloffer.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-171/ACR-171_internaloffer.JPG","180227/UltraHealPCSecurity-180221/6.0/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"ec50c70e-542f-4a85-a01a-159bd0041858_6.0_1","appID":"UltraHealPCSecurity-180221","dateAdded":"180227","deceptorType":"App","name":"Ultraheal PC Security","company":"Longrun Software Private Limited","version":"6.0","sigName":"Deceptor:Win32/UltrahealPCSecurity!003017084168","lastKnownStatus":"Deceptor:6.0","lastKnownDate":"180227","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-02-27T22:48:02.7149592+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2573},{"violations":{"ACR-003":"The application exaggerates registry keys as problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsements tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's internal offer page elevates its user trust level by displaying unverifiable endorsements tied to the company, but displayed as if Microsoft is endorsing the app. The internal offer page displays McAfee and Norton logo which cannot be verified.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is also unable to remove the task using the app's standard interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application's internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-117":"App uninstall prompts the user :Don't uninstall, Don't let harmful PC errors\" to deter the user from uninstalling the app.\n","ACR-124":"Uninstallation prompt does not have a clear button to continue uninstallation. It also presents a Uninstalltion confirmation prompt is twice.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's uninstall prompt shows one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's internal offer requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Longrun Software Private Limited\" which is not disclosed in the app's offer and install.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-120":"The application prompt during uninstall that the consumer can get the same software free.\n","ACR-150":"The app's landing page displays McAfee, Norton and Microsoft Partner logos that are unable to be verified.\nThe app's internal offer page displays McAfee, Norton and Microsoft Partner logos that are unable to be verified.\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsements tied to the company, but displayed as if Microsoft is endorsing the app. The landing page displays McAfee and Norton logo which cannot be verified.\n"},"samples":[{"isRevoked":"False","fileName":"advanced-pc-doctor.exe","isInstaller":"True","companyName":"Advanced PC Doctor                                          ","productName":"Advanced PC Doctor","productVersion":"1.0","fileVersion":"0.0","hashMD5":"0f0ab8e575d6f6be588e5336d21bf4b5","hashSHA1":"da0792363762ac10b3ea956a94da683c14cc63c3","hashSHA256":"0614aa90529ba06b92a5e44fd98f9c631da4818e3218dee916e067a147474902","digitalCertThumbprint":"AA57DD51C739422FD4885940A6B1FCC32D775761","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Longrun Software Private Limited, O=Longrun Software Private Limited, STREET=706 Plot No 7 Roots Tower, STREET=District Centre Laxmi Nagar, L=New Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"3288","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"advanced-pc-doctor.exe","companyName":"Advanced PC Doctor","productName":"advanced-pc-doctor","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"91c60852a5a1f3a490ff21c5100cf75c","hashSHA1":"47b359aaafb0a830c845fbccbf34020e1a19404a","hashSHA256":"ad61851b1cc76e612230b3f2282a861c00918567a660da57bbafc56d848f2c51","digitalCertThumbprint":"AA57DD51C739422FD4885940A6B1FCC32D775761","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Longrun Software Private Limited, O=Longrun Software Private Limited, STREET=706 Plot No 7 Roots Tower, STREET=District Centre Laxmi Nagar, L=New Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"3288","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc cleaner software\" page 12 of the results https://www.ultraheal.com/premium-products.php","landingPage":"http://advancedpcdoctor.com/","directDownloadingLink":"http://advancedpcdoctor.com/download/advanced-pc-doctor.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://advancedpcdoctor.com/download/advanced-pc-doctor.exe","sourceIndex":"3288"}],"sampleFiles":["180226/AdvancedPCDoctor-189221/1.0/Samples/advanced-pc-doctor.exe"],"imageFiles":["180226/AdvancedPCDoctor-189221/1.0/Images/ACR-003/ACR-003_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-003/ACR-003_software1.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-017/ACR-017_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-017/ACR-017_software1.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-017/ACR-017_internaloffer.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-084/ACR-084_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-168/ACR-168_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-168/ACR-168_internaloffer.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-117/ACR-117_UNINSTALL.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-124/ACR-124_UNINSTALL.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-124/ACR-124_uninstall1.JPG"],"nonDeceptorImageFiles":["180226/AdvancedPCDoctor-189221/1.0/Images/ACR-065/ACR-065_install.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-065/ACR-065_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-017/ACR-017_landingpage.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-161/ACR-161_landingpage.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-161/ACR-161_landingpage1.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-161/ACR-161_internaloffer.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-161/ACR-161_internaloffer1.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-163/ACR-163_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-163/ACR-163_UNINSTALL.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-163/ACR-163_internaloffer.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-088/ACR-088_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-091/ACR-091_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-091/ACR-091_software1.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-092/ACR-092_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-092/ACR-092_software1.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-160/ACR-160_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-099/ACR-099_software.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-120/ACR-120_UNINSTALL.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-150/ACR-150_landingpage.JPG","180226/AdvancedPCDoctor-189221/1.0/Images/ACR-150/ACR-150_internaloffer.JPG"],"guid":"b7065695-854d-462f-a59c-e944862987ad_1.0_1","appID":"AdvancedPCDoctor-189221","dateAdded":"180226","deceptorType":"App","name":"Advanced PC Doctor","company":"Advanced PC Doctor","version":"1.0","sigName":"Deceptor:Win32/AdvancedPCDoctor!003017084117168","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-01-24T00:56:41.9153461+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2574},{"violations":{"ACR-003":"The app exaggerates the local trace files (document history, broken shortcuts, clipboard) as threats and portrays the importance as “High”, thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no valid links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-056":"The application's functionality and features does not match what was offered to the consumer. The app is described as an antivirus solution in the offer but the user gets a privacy cleaner.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Alivenet Solution Pvt Ltd\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses A1 technical support which is not certified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"A1PrivacySetup.exe","isInstaller":"True","companyName":"A1 Privacy","productName":" A1 Shield","productVersion":"3.3.6","fileVersion":"3.3.6.0","hashMD5":"aeb5a3a6d798206d138823724303cf53","hashSHA1":"f0d2b7f9a30add227e6e6ca955aad34babfceb89","hashSHA256":"61fdd8bea93f79d778715420240a435be80385a9971435637d4ea7f5424631f9","digitalCertThumbprint":"EDB687D39FFFDD658A8721A786A2AA4DB16D4BF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Alivenet Solution Pvt Ltd, O=Alivenet Solution Pvt Ltd, L=New Delhi, S=Delhi, C=IN","sourceIndex":"3681","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"A1Privacy.exe","isInstaller":"True","companyName":"A1 Privacy","productName":" A1 Shield","productVersion":"3.3.6.0","fileVersion":"3.3.6.0","hashMD5":"14e773bfc6a5c78d90d1352617a74a85","hashSHA1":"855c393ac87275c0fb71cc84227071f55b594a27","hashSHA256":"7473bc7bf1e6373a02cc2d9f99f167e6333b0c631c38c62edae8129a6626207a","digitalCertThumbprint":"EDB687D39FFFDD658A8721A786A2AA4DB16D4BF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Alivenet Solution Pvt Ltd, O=Alivenet Solution Pvt Ltd, L=New Delhi, S=Delhi, C=IN","sourceIndex":"3681","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.offer","reference":"https://a1shield.com/product-details?products_ID=3#","landingPage":"https://a1shield.com/product-details?products_ID=1","directDownloadingLink":"https://a1shield.com/public/uploads/downloader/A1PrivacySetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://a1shield.com/public/uploads/downloader/A1PrivacySetup.exe","sourceIndex":"3681"}],"sampleFiles":["180226/A1PCPrivacy-180221/3.3.6/Samples/A1PrivacySetup.exe","180226/A1PCPrivacy-180221/3.3.6/Samples/A1Privacy.exe"],"imageFiles":["180226/A1PCPrivacy-180221/3.3.6/Images/ACR-003/ACR-003_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-003/ACR-003_software1.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-003/ACR-003_software2.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-084/ACR-084_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-084/ACR-084_software1.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180226/A1PCPrivacy-180221/3.3.6/Images/ACR-065/ACR-065_install.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-065/ACR-065_install1.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-065/ACR-065_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-163/ACR-163_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-056/ACR-056_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-056/ACR-056_software (2).JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-088/ACR-088_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-091/ACR-091_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-091/ACR-091_software1.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-092/ACR-092_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-092/ACR-092_software1.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-160/ACR-160_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-099/ACR-099_software.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-099/ACR-099_landingpage.JPG","180226/A1PCPrivacy-180221/3.3.6/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"5c549136-06be-49b2-8ecd-80c1fae14726_3.3.6_1","appID":"A1PCPrivacy-180221","dateAdded":"180226","deceptorType":"App","name":"A1 Privacy","company":"A1 Shield","version":"3.3.6","sigName":"Deceptor:Win32/A1Privacy!003084168","lastKnownStatus":"Deceptor:3.3.6","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2575},{"violations":{"ACR-003":"The application reports outdated drivers as being obsolete.\n","ACR-017":"The app elevates its user trust level by displaying misleading endorsement. \"Norton secured\" logo is for website that is being secured by Symantec SSL Certificate, it doesn't apply to application.\nThe app elevates its user trust level by displaying misleading endorsement. \"Norton secured\" logo is for website that is being secured by Symantec SSL Certificate, it doesn't apply to application.\nThe app elevates its user trust level by displaying misleading endorsement. \"Norton secured\" logo is for website that is being secured by Symantec SSL Certificate, it doesn't apply to application.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Auslogics Labs Pty Ltd\" which is not disclosed in the app's offer and install.\n","ACR-160":"Contacted the phone number provided by TweakBit Driver Updater and go the automated response message saying 'thank you for contacting 24/7 live assist'\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-171":"The consumer is required to opt-out of additional payment for the offer 'TweakBit PC Booster'.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"driver-updater-setup.exe","isInstaller":"True","companyName":"TweakBit                                                    ","productName":"TweakBit Driver Updater","productVersion":" 2.0.0.0","fileVersion":"2.x","hashMD5":"fc57ea0e09c779ea5af56e8a44e5a58d","hashSHA1":"47b8de8ec28cca95a31f363e22dba333e664ef82","hashSHA256":"7dd4c163e996c76c2ef679b8cf66b4366ef5c26cac63f508ed407562c3b9e609","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU, SERIALNUMBER=45163028662, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=AU","sourceIndex":"3664","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverUpdater.exe","companyName":"TweakBit","productName":"Driver Updater","productVersion":"2.x","fileVersion":"2.0.0.0","hashMD5":"838233c252aeca0274f9c5ac968a575e","hashSHA1":"685d72c7cb62f70e8387b7ca6f37ec6b8b64ddd4","hashSHA256":"0bce44c3f248443265504b9ee0a388e9c40543336235f59f97e50fd05e6bbc37","digitalCertThumbprint":"1B0DA8E340197C8CEC3BB39EFBA042FF21B9724D","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=Auslogics Labs Pty Ltd, O=Auslogics Labs Pty Ltd, L=Sydney, C=AU","sourceIndex":"3664","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (best driver update software)","landingPage":"https://www.tweakbit.com/driver-updater/","directDownloadingLink":"http://static.tweakbit.com/en/driver-updater/driver-updater-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://static.tweakbit.com/en/driver-updater/driver-updater-setup.exe","sourceIndex":"3664"}],"sampleFiles":["180223/TweakBitDriverUpdater-180222/2.0.0.0/Samples/driver-updater-setup.exe","180223/TweakBitDriverUpdater-180222/2.0.0.0/Samples/DriverUpdater.exe"],"imageFiles":["180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-017/ACR_017_INSTALL.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-017/ACR_017_SOFTWARE.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-017/ACR_017_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-091/ACR_091_SOFTWARE_SCREENSHOT_1.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-091/ACR_091_SOFTWARE_SCREENSHOT_2.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-092/ACR_092_SOFTWARE_SCREENSHOT_1.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-092/ACR_092_SOFTWARE_SCREENSHOT_2.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-168/ACR_168_LANDING_PAGE.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180223/TweakBitDriverUpdater-180222/2.0.0.0/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"58d79ebc-b299-4457-ae9f-c51c53b60f32_2.0.0.0_1","appID":"TweakBitDriverUpdater-180222","dateAdded":"180223","deceptorType":"App","name":"TweakBit Driver Updater","company":"TweakBit","version":"2.0.0.0","sigName":"Deceptor:Win32/TweakBitDriverUpdater!003017","firstVendorContactDate":"180323","firstAppEsteemReplyDate":"180325","firstResolvedDate":"180325","firstResolvedVersion":"2.0.0.4","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.0.0","lastKnownDate":"180223","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 8,Windows 10,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-03-25T18:11:05.5053665+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2576},{"violations":{"ACR-050":"The app uses the task scheduler to bypass User Account Controls (UAC) at application launch. App did not disclose this information to the user in the EULA or during installation.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"wsc_x8_free.exe","isInstaller":"True","companyName":"Ultimate Systems, Inc.                                                                                                                                                                                                                                                                                      ","productName":"WinSysClean X8 Free","productVersion":"18.00 0, 0","fileVersion":"18.00","hashMD5":"31671b0a97e3bc148f69965693f63106","hashSHA1":"6d2fdf4a405666c0d3e0111c55013616f20562e3","hashSHA256":"b49c1e6741d9189407dc6edb1f5f4654422ffbd297693ec376c7edc603979943","digitalCertThumbprint":"2CBA194C47961A133EFE845EE9AF4FAAC91AE1A3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ultimate Systems, O=Ultimate Systems, STREET=Intr. IOAN VASII, L=Timisoara, S=Timis, PostalCode=300133, C=RO","sourceIndex":"3655","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinSysClean.EXE","companyName":"Ultimate Systems, SRL","productName":"WinSysClean« X8","productVersion":"18.0.0.920","fileVersion":"18.0.0.920","hashMD5":"c8d5cfbac8940fa6880ad077c155927a","hashSHA1":"7a3eda637db72ce30c1a89d307fde359ca66ae1e","hashSHA256":"4480528b1fe11c6f6a2a8721b3b118a3450c1039f395c94d0ac613f99336e11d","digitalCertThumbprint":"2CBA194C47961A133EFE845EE9AF4FAAC91AE1A3","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Ultimate Systems, O=Ultimate Systems, STREET=Intr. IOAN VASII, L=Timisoara, S=Timis, PostalCode=300133, C=RO","sourceIndex":"3655","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"google searched; cleaner software for cleaning registry errors; page 8 , https://www.usro.net/products/winsysclean/","landingPage":"https://www.usro.net/products/winsysclean/","directDownloadingLink":"http://dl.usro.net/wsc_x8_free.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.usro.net/wsc_x8_free.exe","sourceIndex":"3655"}],"sampleFiles":["180222/WinSysClean-180221/18.00 0, 0/Samples/wsc_x8_free.exe","180222/WinSysClean-180221/18.00 0, 0/Samples/WinSysClean.exe"],"imageFiles":["180222/WinSysClean-180221/18.00 0, 0/Images/ACR-050/W10-2018-02-22T16-36-29-131716500Z.mp4","180222/WinSysClean-180221/18.00 0, 0/Images/ACR-050/acr_084.PNG"],"nonDeceptorImageFiles":["180222/WinSysClean-180221/18.00 0, 0/Images/ACR-065/acr_065.PNG","180222/WinSysClean-180221/18.00 0, 0/Images/ACR-065/acr_065_S.PNG","180222/WinSysClean-180221/18.00 0, 0/Images/ACR-065/acr_065_LP.PNG","180222/WinSysClean-180221/18.00 0, 0/Images/ACR-065/acr_065_IO.PNG","180222/WinSysClean-180221/18.00 0, 0/Images/ACR-161/testimonials.PNG","180222/WinSysClean-180221/18.00 0, 0/Images/ACR-099/acr_099_S.PNG","180222/WinSysClean-180221/18.00 0, 0/Images/ACR-099/acr_099_LP.PNG","180222/WinSysClean-180221/18.00 0, 0/Images/ACR-099/acr_099_IO.PNG"],"guid":"a4a81c62-0568-41a0-b314-3528bc066cd5_18.00 0, 0_1","appID":"WinSysClean-180221","dateAdded":"180222","deceptorType":"App","name":"WinSysClean-180222","company":" Ultimate Systems, Inc.","version":"18.00 0, 0","sigName":"Deceptor:Win32/WinSysClean!050","firstResolvedDate":"190110","firstResolvedVersion":"19.00","resolved":"TRUE","lastKnownStatus":"Deceptor:18.00","lastKnownDate":"180222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-01-10T00:00:00+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2577},{"violations":{"ACR-003":"App makes exaggerated claims about the system's health (displaying the status as \"DANGER\"; reporting junk files and cache files with cleaning urgency above \"Low\"), thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's interface is set to \"do not schedule\" but the app has created a scheduled task in the system's task scheduler. The user is also unable to prevent the app from launching on startup as the option is disabled.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no valid links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nupon uninstallation The app provides one-to-one interaction option to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Alivenet Solution Pvt Ltd\" which is not disclosed in the app's offer and install.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses A1 technical support which is not certified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"A1OptimizerSetup.exe","isInstaller":"True","companyName":" A1 Shield","productName":"A1 Optimizer","productVersion":"3.1.6","fileVersion":"3.1.6.0","hashMD5":"457e3a87b7df91787164928e52aea15c","hashSHA1":"72dafe51ce18eee774d9220397dad4aa7d208072","hashSHA256":"ec936804d3b2d4055837dddf238a9b80f1e039bd0921951a8dea75aa4da05d2a","digitalCertThumbprint":"EDB687D39FFFDD658A8721A786A2AA4DB16D4BF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Alivenet Solution Pvt Ltd, O=Alivenet Solution Pvt Ltd, L=New Delhi, S=Delhi, C=IN","sourceIndex":"3685","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"A1Optimizer.exe","companyName":" A1 Shield","productName":"A1 Optimizer","productVersion":"3.1.6.0","fileVersion":"3.1.6.0","hashMD5":"6f5176f063a796f0b29392e1489113e1","hashSHA1":"22ca11be254ebddbf32f1b4e6ad6cd9743a251d1","hashSHA256":"c6a3be9765cd41570c0bca186a614ac19bce5981e89957ef190ae541792e1224","digitalCertThumbprint":"EDB687D39FFFDD658A8721A786A2AA4DB16D4BF5","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Alivenet Solution Pvt Ltd, O=Alivenet Solution Pvt Ltd, L=New Delhi, S=Delhi, C=IN","sourceIndex":"3685","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"pc optimizer software\" page 15 of the results https://a1shield.com/product-details?products_ID=3","landingPage":"https://a1shield.com/product-details?products_ID=3","directDownloadingLink":"https://a1shield.com/public/uploads/downloader/A1OptimizerSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://a1shield.com/public/uploads/downloader/A1OptimizerSetup.exe","sourceIndex":"3685"}],"sampleFiles":["180222/A1Optimizer-180221/3.1.6/Samples/A1OptimizerSetup.exe","180222/A1Optimizer-180221/3.1.6/Samples/A1Optimizer.exe"],"imageFiles":["180222/A1Optimizer-180221/3.1.6/Images/ACR-003/ACR-003_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-003/ACR-003_software1.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-003/ACR-003_software2.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-084/ACR-084_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-084/ACR-084_software1.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180222/A1Optimizer-180221/3.1.6/Images/ACR-065/ACR-065_install.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-065/ACR-065_install1.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-065/ACR-065_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-163/ACR-163_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-163/ACR-163_uninstall.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-088/ACR-088_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-091/ACR-091_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-091/ACR-091_software1.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-092/ACR-092_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-092/ACR-092_software1.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-160/ACR-160_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-099/ACR-099_software.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-099/ACR-099_landingpage.JPG","180222/A1Optimizer-180221/3.1.6/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"2afb2ecc-0e21-4ad4-b1cb-d119d0b1f056_3.1.6_1","appID":"A1Optimizer-180221","dateAdded":"180222","deceptorType":"App","name":"A1 Optimizer","company":"A1 Shield","version":"3.1.6","sigName":"Deceptor:Win32/A1Optimizer!003084168","lastKnownStatus":"Deceptor:3.1.6","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2579},{"violations":{"ACR-003":"The application reports outdated drivers as obsolete, stating Outdated drivers impact overall stability of the system. This exaggerated and unsubstantiated claim drives a false sense of urgency with the consumer.\n","ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying multiple unverifiable award logos.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-171":"The consumer is required to opt-out of additional payment for the offer 'Advanced Password Manager'.\n\n"},"samples":[{"isRevoked":"False","fileName":"drivertudusite.exe","isInstaller":"True","companyName":"driver-tuneup.com                                           ","productName":"Driver Tuneup","productVersion":"1.0.0.38780","fileVersion":"Driver Tuneup","hashMD5":"8891fc79e85419f591cee95820a004fe","hashSHA1":"587b71aac5cdf7307f351ee9717e9354f2b397e3","hashSHA256":"96fbaebdee3331f3f82d71f4512eee6550c559df2a931b1228558c5ce74df274","digitalCertThumbprint":"E0B8DD0F016256B24441DF5A43D6F01B7C6CCA7E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Driver Updater Tools Inc, O=Driver Updater Tools Inc, STREET=\"218 A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"3684","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"drivertuneup.exe","companyName":"driver-tuneup.com","productName":"Driver Tuneup","productVersion":"1.0.0.38780","fileVersion":"1.0.0.38780","hashMD5":"6c7b761f37c560a517f234ee70c40854","hashSHA1":"1e5454b938bb6f7732920dc190c6b0068f745472","hashSHA256":"fea84ecc1591ca06220a2fc53671f5687a4340444550a48f1a365aeded9980fd","digitalCertThumbprint":"E0B8DD0F016256B24441DF5A43D6F01B7C6CCA7E","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Driver Updater Tools Inc, O=Driver Updater Tools Inc, STREET=\"218 A,PADMAWATI COLONY,KINGS ROAD,NIRMAN NAGAR\", L=JAIPUR, S=RAJASTHAN, PostalCode=302019, C=IN","sourceIndex":"3684","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com (free scan tune up)","landingPage":"http://driver-tuneup.com/","directDownloadingLink":"http://cdn.driver-tuneup.com/dtup/securedl/drivertudusite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.driver-tuneup.com/dtup/securedl/drivertudusite.exe","sourceIndex":"3684"}],"sampleFiles":["180222/DriverTuneup-180221/1.0.0.38780/Samples/drivertudusite.exe","180222/DriverTuneup-180221/1.0.0.38780/Samples/drivertuneup.exe"],"imageFiles":["180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-003/ACR_003_SOFTWARE.PNG","180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-065/ACR_065_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-065/ACR_065_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-161/ACR_017_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-161/ACR_017_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-099/ACR_099_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-099/ACR_099_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180222/DriverTuneup-180221/1.0.0.38780/Images/ACR-171/ACR_171_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"a382ed54-cd8c-4a5b-94b3-9efc44a38848_1.0.0.38780_1","appID":"DriverTuneup-180221","dateAdded":"180222","deceptorType":"App","name":"Driver Tuneup","company":"Driver Updater Tools Inc","version":"1.0.0.38780","sigName":"Deceptor:Win32/DriverTuneup!003017","lastKnownStatus":"Deceptor:1.0.0.38780","lastKnownDate":"180222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-22T23:53:31.4098171+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2578},{"violations":{"ACR-003":"The application exaggerates Temp files and browser cookies as errors, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"Bitzcare 5.0.exe","companyName":"BITZPRO INC","productName":"Bitzcare 5.0","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"3276cea1a414ba7d39d6874181b431b9","hashSHA1":"fe88485328323d6655b0782fd3b9cf7bb04b3051","hashSHA256":"682fe477009019e268e009c596c837a8eb609e1883c8271aa6da97ccfe221aae","digitalCertThumbprint":"FF088BE2F053AF2600944FB44847BEEDC91FACE9","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=BITZPRO INC, O=BITZPRO INC, L=MARKHAM, S=Ontario, C=CA, PostalCode=L6C3B6, STREET=21 olivia drive, SERIALNUMBER=2495307, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization","sourceIndex":"3686","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Bitzcare.exe","isInstaller":"True","companyName":"Bitzpro Inc.","productName":"Bitzcare 5.0","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"8a3aa40a2491f3d6eb02892c619044c1","hashSHA1":"2cf123b38343ced69d4dc78470f130db129c7e13","hashSHA256":"cea87ffad189db0534bdc26080de958cd0e67f4b8177393211a74c8f3bc77469","digitalCertThumbprint":"FF088BE2F053AF2600944FB44847BEEDC91FACE9","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=BITZPRO INC, O=BITZPRO INC, L=MARKHAM, S=Ontario, C=CA, PostalCode=L6C3B6, STREET=21 olivia drive, SERIALNUMBER=2495307, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization","sourceIndex":"3686","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"","landingPage":"http://bitzcare.com/","directDownloadingLink":"http://files.downloadnow.com/s/software/15/59/43/67/Bitzcare.exe?token=1518158360_6fe7ccdfaf1be942df217de03ad806b6&fileName=Bitzcare.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://files.downloadnow.com/s/software/15/59/43/67/Bitzcare.exe?token=1518158360_6fe7ccdfaf1be942df217de03ad806b6&fileName=Bitzcare.exe","sourceIndex":"3686"}],"sampleFiles":["180220/Bitzcare5-180208/1.0.0/Samples/Bitzcare 5.0.exe","180220/Bitzcare5-180208/1.0.0/Samples/Bitzcare.exe"],"imageFiles":["180220/Bitzcare5-180208/1.0.0/Images/ACR-003/ACR-003_software.JPG","180220/Bitzcare5-180208/1.0.0/Images/ACR-003/ACR-003_software1.JPG"],"nonDeceptorImageFiles":["180220/Bitzcare5-180208/1.0.0/Images/ACR-065/ACR-065_install.JPG","180220/Bitzcare5-180208/1.0.0/Images/ACR-065/ACR-065_software.JPG","180220/Bitzcare5-180208/1.0.0/Images/ACR-161/ACR-161_landingpage.JPG","180220/Bitzcare5-180208/1.0.0/Images/ACR-099/ACR-099_software.JPG","180220/Bitzcare5-180208/1.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180220/Bitzcare5-180208/1.0.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"f50890d8-be4a-43e6-bf75-e38324a6f085_1.0.0_1","appID":"Bitzcare5-180208","dateAdded":"180220","deceptorType":"App","name":"Bitzcare 5.0","company":"Bitzpro Inc.","version":"1.0.0","sigName":"Deceptor:Win32/BitzCare!003","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"180220","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-21T00:18:28.6481348+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2581},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys, system configuration and junk files as problems, thereby misleading or scaring user to take action.\n","ACR-168":"The application's internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"RC.exe","fileVersion":"1.1","hashMD5":"dc3fe69b2c9f42ce9b6a7255f50eac3a","hashSHA1":"f46bbab9f4612b99331f109b6f44d75e8a416d17","hashSHA256":"909c68b38ed8e383f58d891d52a3ae83c809370f3176c8464030f725632fdd07","digitalCertThumbprint":"CEEB0ACF8F6BE7C3CE8F6A0857F66D5ED38B1F8A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Advister Media Ltd, O=Advister Media Ltd, STREET=8 Lefkou Anastasiadi, L=Nicosia, S=Strovolos, PostalCode=2012, C=CY","sourceIndex":"3289","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dllkit-setup.exe","isInstaller":"True","companyName":"DllKit","productName":"DllKit PRO","productVersion":"1.0.1.3","fileVersion":"1.0.1.3","hashMD5":"7e4a193b32fa6b9adec47790fb5a9f3f","hashSHA1":"fc6d477c38d00f4daa0f2d4978ff28e55908dc5b","hashSHA256":"5e3d4424aff617230ebfd3c3d023b409462f7b15ddf71f04949ddd63df0f2aed","digitalCertThumbprint":"14670CB6F05FEC45C10CC4B6A0FEBB118FEB2008","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DllKitster Ltd, O=DllKitster Ltd, STREET=4 Queen Street, L=Edinburgh, S=Scotland, PostalCode=EH2 1JE, C=GB","sourceIndex":"3289","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":[]},{"isRevoked":"False","fileName":"DllKitPRO.exe","companyName":"DllKit","productName":"DllKit PRO","productVersion":"1.1.6618.33536","fileVersion":"1.1.6618.33536","hashMD5":"95184039780f0110fb8f165fdd705a43","hashSHA1":"799d5be5c9e03fca37e5e242b66b97316e6c7d63","hashSHA256":"9655fedb2badf83affc75d923d6f9ca7176cfd6aa22f720bf02739839fa76eb9","digitalCertThumbprint":"14670CB6F05FEC45C10CC4B6A0FEBB118FEB2008","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DllKitster Ltd, O=DllKitster Ltd, STREET=4 Queen Street, L=Edinburgh, S=Scotland, PostalCode=EH2 1JE, C=GB","sourceIndex":"3289","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dllkit-setup3618","isInstaller":"True","companyName":"DllKit","productName":"DllKit PRO","productVersion":"1.0.1.3","fileVersion":"1.0.1.3","hashMD5":"df379e697668d398b709c1ec779fcc3a","hashSHA1":"5ff98a6cc2fa68a97b55c0d62fa0b893c0c831fb","hashSHA256":"86a22ce000b3ac72b9c1167393e26744212a3faef2e0f89038f5170e1e7972a7","digitalCertThumbprint":"14670CB6F05FEC45C10CC4B6A0FEBB118FEB2008","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=DllKitster Ltd, O=DllKitster Ltd, STREET=4 Queen Street, L=Edinburgh, S=Scotland, PostalCode=EH2 1JE, C=GB","sourceIndex":"3289","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"fix dll issues\" page 3 of results https://dllkit.com","landingPage":"https://dllkit.com/en/","directDownloadingLink":"http://www.dllkit.com/download/dllkit/?cid=usrid_13d85f6f-testmo_b-cid_dllkit-direct","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dllkit.com/download/dllkit/?cid=usrid_13d85f6f-testmo_b-cid_dllkit-direct","sourceIndex":"3289"}],"sampleFiles":["180220/DllkitPRO-180208/1.0.0.0/Samples/dllkit-setup.exe","180220/DllkitPRO-180208/1.0.0.0/Samples/DllKitPRO.exe","180220/DllkitPRO-180208/1.0.0.0/Samples/dllkit-setup3618.exe"],"imageFiles":["180220/DllkitPRO-180208/1.0.0.0/Images/ACR-003/ACR-003_software -1.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-168/ACR-168_internaloffer.JPG"],"nonDeceptorImageFiles":["180220/DllkitPRO-180208/1.0.0.0/Images/ACR-065/ACR-065_software.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-163/ACR-163_software.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-163/ACR-163_landingpage.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-163/ACR-163_internaloffer.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-160/ACR-160_software.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-099/ACR-099_software.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180220/DllkitPRO-180208/1.0.0.0/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"1eeeb016-ec94-4683-b2b0-7c6683b6eeae_1.0.0.0_1","appID":"DllkitPRO-180208","dateAdded":"180220","deceptorType":"App","name":"DllkitPRO","company":"DllKitster Ltd","version":"1.0.0.0","sigName":"Deceptor:Win32/DllKitPro!003168","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:55:53.0085478+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2580},{"violations":{"ACR-003":"The application exaggerates registry keys and file associations as problem, thereby misleading or scaring user to take action.\n","ACR-017":"The internal offer page elevates its user trust level by displaying endorsement such as Intel software but after clicking the endorsement the hyperlink leads to a error page so there is no way to verify the endorsement\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled\nThe landing page has no link or information that shows how it can be uninstalled.\nThe internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The docs page elevates its user trust level by displaying endorsement such as Intel software but after clicking the endorsement the hyperlink leads to a error page so there is no way to verify the endorsement.\nThe landing page elevates its user trust level by displaying endorsement such as Intel software but after clicking the endorsement the hyperlink leads to a error page so there is no way to verify the endorsement.\n"},"samples":[{"isRevoked":"False","fileName":"smart_disk_defrag_pro_setup.exe","isInstaller":"True","companyName":"LionSea Software                                            ","productName":"Smart Disk Defrag Pro","productVersion":"4.3.0","fileVersion":"4.3.0","hashMD5":"7902c2ec55d3aff5987afebd862489da","hashSHA1":"b2a849a8fd0dce3b0cdfaf1cb1cc9c7579b95cea","hashSHA256":"7bcd1ef7a52bc346df2b4f38123b901f14db8997b8a9e8a4cb06840137a09f77","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"3607","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SmartPCFixer.exe","companyName":"LionSea Software      ","productName":"smartpcfixer","productVersion":"4.2.0.0","fileVersion":"4.0.0.0","hashMD5":"7401331b7787f5bacb73c3b027e6f92f","hashSHA1":"1a4a8a89a781fe1ae8ac03519dec9abafb54d9db","hashSHA256":"86595c4d95831cdf0c009f4b411059cf1a5c2f2f70b3b02fc031c9a9512f9b2d","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"LionSea Software co., ltd\", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=\"LionSea Software co., ltd\", L=beijing, S=beijing, C=CN","sourceIndex":"3607","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.lionsea.com/product_diskdefragfixer.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Disk_Defrag_Pro_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.lionsea.com/download/fixer/Smart_Disk_Defrag_Pro_Setup.exe","sourceIndex":"3607"}],"sampleFiles":["180220/SmartDiskDefrag-180220/4.3.0/Samples/Smart_Disk_Defrag_Pro_Setup.exe","180220/SmartDiskDefrag-180220/4.3.0/Samples/Smart_Disk_Defrag_Pro.exe"],"imageFiles":["180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-003/acr_003.PNG","180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-017/acr_017_LP.PNG"],"nonDeceptorImageFiles":["180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-065/acr_065.1.PNG","180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-065/acr_065.PNG","180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-017/acr_017_D.PNG","180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-017/acr_017_L.PNG","180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-099/acr_099.PNG","180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-099/acr_099_LP.PNG","180220/SmartDiskDefrag-180220/4.3.0/Images/ACR-099/acr_099_io.PNG"],"guid":"2d5be609-dbe6-4c6d-9b4b-592c6d42c283_4.3.0_1","appID":"SmartDiskDefrag-180220","dateAdded":"180220","deceptorType":"App","name":"SmartDiskDefragPro","company":"LionSea Software","version":"4.3.0","sigName":"Deceptor:Win32/SmartDiskDefragPro!003017","lastKnownStatus":"Deceptor:4.3.0","lastKnownDate":"180220","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-06-29T03:03:59.3206902+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2514},{"violations":{"ACR-048":"The application cannot be closed or disabled using standard platform-provided methods.\n\n","ACR-007":"App uses the Internet Explorer and Google Chrome icons in its SearchBar interface, making it seem the app is a Microsoft and/or Google component.\n","ACR-017":"App uses Internet Explorer and Google's Chrome icons, making it appear as if the app is endorsed by these companies.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from scanning on startup from the software interface.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's Returns and Cancellation Policy, Privacy Policy\n\n"},"samples":[{"isRevoked":"False","fileName":"Discover_Setup.exe","isInstaller":"True","companyName":"WebDiscover Media                                           ","productName":"WebDiscoverBrowser","productVersion":"v3.15.2","fileVersion":"v3.15.2","hashMD5":"0536b2f1b65352945b76054345b69957","hashSHA1":"68dec388cde2e108faf4446ccb15db5a870e5462","hashSHA256":"9133489c01f003819fcc25396e268b36540edb2089e4f4db9a69d6eaae293456","digitalCertThumbprint":"17483D394F018453AB9D173E3F580510EBE2696E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US","sourceIndex":"3636","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"browser.exe","productName":"Browser","productVersion":"59.0.3043.0","fileVersion":"59.0.3043.0","hashMD5":"b5cae1908c22e4c9f57a7cda4aefaf70","hashSHA1":"01ef7897de2729d059c2c2b6d89b3bdf9afdaef3","hashSHA256":"4956cadac7032e9246ccc59d0bebe0fd203420ed2e0e79737b24b6ad1a90cf2b","digitalCertThumbprint":"17483D394F018453AB9D173E3F580510EBE2696E","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US","sourceIndex":"3636","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Discover_Setup3718.exe","isInstaller":"True","companyName":"WebDiscover Media                                           ","productName":"WebDiscoverBrowser","productVersion":"v4.19.2","fileVersion":"v4.19.2","hashMD5":"e674210e62310bd300aa20739342f654","hashSHA1":"bc1480777e22507b089eff5b13a477d4085de871","hashSHA256":"263fae6b2c2e2bd48b2653d45ca24d4934ae84c4a3453438c9b70a7fe4be7f44","digitalCertThumbprint":"BB1B401359CBB4BC8ECB44B39D343596681CC2D9","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US","sourceIndex":"3636","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Research","reference":"chromium browsers and bars","landingPage":"http://getdiscoverbrowser.com/","directDownloadingLink":"http://getdiscoverbrowser.com/Discover_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://getdiscoverbrowser.com/Discover_Setup.exe","sourceIndex":"3636"}],"sampleFiles":["180219/WebDiscover-180217/v3.15.2/Samples/Discover_Setup.exe","180219/WebDiscover-180217/v3.15.2/Samples/browser.exe","180219/WebDiscover-180217/v3.15.2/Samples/Discover_Setup3718.exe"],"imageFiles":["180219/WebDiscover-180217/v3.15.2/Images/ACR-048/acr_048.PNG","180219/WebDiscover-180217/v3.15.2/Images/ACR-007/acr_007_S.PNG","180219/WebDiscover-180217/v3.15.2/Images/ACR-017/acr_017_S.PNG","180219/WebDiscover-180217/v3.15.2/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["180219/WebDiscover-180217/v3.15.2/Images/ACR-065/acr_065_S.PNG"],"guid":"0df87ac1-f84e-49b6-82fc-a07c83e5bdde_v3.15.2_1","appID":"WebDiscover-180217","dateAdded":"180219","deceptorType":"App","name":"WebDiscover","company":"WebDiscover Media","version":"v3.15.2","sigName":"Deceptor:Win32/WebDiscover!007017048084","firstVendorContactDate":"180313","firstAppEsteemReplyDate":"180313","firstResolvedDate":"180413","firstResolvedVersion":"4.25.2","resolved":"TRUE","lastKnownStatus":"Deceptor:v3.15.2,v4.19.2","lastKnownDate":"180307","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows 10,Windows 8,Windows Vista,Windows 7,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2018-04-25T18:46:40.471083+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2582},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app creates schedule to scan everyday and the user is unable to disable the scheduled scan.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses its own call center which is uncertified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"PCSpeedCare-Setup.exe","isInstaller":"True","companyName":"PCSpeedcare Inc.                                            ","productName":"PCSpeedcare","productVersion":"7.1.3.21","fileVersion":"7.1.3.21","hashMD5":"778c93ec9172eef222e09ef3482d590c","hashSHA1":"8909998db9548984a053626eade9cd23cb7fa0d5","hashSHA256":"ed8993be5566e90fab0f054b577db4a2a858c9a7a90e4f6ddfdaa7a74f393b17","digitalCertThumbprint":"FCB61D9EC8FBA2F3FBDDDD082846135CE2392359","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=PARADISE ISLAND PARTNERS INC., O=PARADISE ISLAND PARTNERS INC., L=Punta Gorda, S=Florida, C=US, SERIALNUMBER=P17000085125, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"3687","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCSpeedCare.exe","companyName":"PCSpeedcare Inc.","productName":"PCSpeedcare","productVersion":"","fileVersion":"0.0","hashMD5":"6dcc539cce8a8e7d88fc24873eec685b","hashSHA1":"557a6488ad483ac129327a0a5648440d174b1fe6","hashSHA256":"b276e2e7e50b3d88f7c2bbb5fb5bbcf2465936e0d670c93c6c971651f5463dba","digitalCertThumbprint":"FCB61D9EC8FBA2F3FBDDDD082846135CE2392359","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=PARADISE ISLAND PARTNERS INC., O=PARADISE ISLAND PARTNERS INC., L=Punta Gorda, S=Florida, C=US, SERIALNUMBER=P17000085125, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"3687","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"adplexity to HDSetup to offer in bundler","landingPage":"https://pcspeedcare.com/lp/pc2/clean/clean-up-pc?tid1=NDgwOXwxMzAxMDF8VVN8MXwxfHxZMmhoYmcqWjI5cFgySnZlbTlmZDJsdVgyTm98ZHNzNjhqMTJjNzNmfHx8&tid2=11489&tid3=4809","directDownloadingLink":"https://pcspeedcare.com/lp/pc2/download.php?tid1=NDgwOXwxMzAxMDF8VVN8MXwxfHxZMmhoYmcqWjI5cFgySnZlbTlmZDJsdVgyTm98ZHNzNjhqMTJjNzNmfHx8&tid2=pc2clean:11489&tid3=4809&raven_site_id=5&raven_uid=3b8cd9f1e66910ec","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://pcspeedcare.com/lp/pc2/download.php?tid1=NDgwOXwxMzAxMDF8VVN8MXwxfHxZMmhoYmcqWjI5cFgySnZlbTlmZDJsdVgyTm98ZHNzNjhqMTJjNzNmfHx8&tid2=pc2clean:11489&tid3=4809&raven_site_id=5&raven_uid=3b8cd9f1e66910ec","sourceIndex":"3687"}],"sampleFiles":["180219/PCSpeedCare-180218/7.1.3.21/Samples/PCSpeedCare-Setup.exe","180219/PCSpeedCare-180218/7.1.3.21/Samples/PCSpeedCare.exe"],"imageFiles":["180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-084/ACR-084_software.JPG","180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-065/ACR-065_install.JPG","180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-065/ACR-065_software.JPG","180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-065/ACR-065_internaloffer.JPG","180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-160/ACR-160_software.JPG","180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-099/ACR-099_software.JPG","180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-099/ACR-099_landingpage.JPG","180219/PCSpeedCare-180218/7.1.3.21/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"eee72cac-ba38-4725-8139-18eef12f74e4_7.1.3.21_1","appID":"PCSpeedCare-180218","dateAdded":"180219","deceptorType":"App","name":"PC Speed Care","company":"PCSpeedCare, Inc.","version":"7.1.3.21","sigName":"Deceptor:Win32/PCSpeedCare!084168","lastKnownStatus":"Deceptor:7.1.3.21","lastKnownDate":"210331","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-03-31T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2584},{"violations":{"ACR-059":"The installer offer is not marked as an optional or additional offer and contains an unattributed \"recommendation\".\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the inline offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-161":"The application's landing page displays testimonials that are not specific to the app and does not provide any links back to a source so they can be verified.\n","ACR-092":"The app installer is not signed by the source.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's docs have no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"audsetup.exe","isInstaller":"True","companyName":"Anvisoft","productName":"Anvi Ultimate Defrag","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"329191ed1cec3e7b285e20019ec18d92","hashSHA1":"0665de1ad83715cc6e68d00ed700c469944a5925","hashSHA256":"fbbf0aafd0898310d377d20f96d418f669c8ac91ad4d4e1a6659792aa4bd313d","sourceIndex":"3290","avBlockList":["Avira Internet Security (20190131)","ESET Internet Security (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","McAfee Total Protection (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Avast Internet Security (20190128)","Bitdefender Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","Malwarebytes Premium (20190131)","Windows Defender (20190131)"]},{"isRevoked":"False","fileName":"AUD.exe","companyName":"Anvisoft","productName":"Anvi Ultimate Defrag","productVersion":"1.2.0.0","fileVersion":"1.2.0.1305","hashMD5":"b4322d397191ed45c4d2fc4d9aa47074","hashSHA1":"35d07901a4f3f3dadf92eecdb21e0aa75d24b879","hashSHA256":"5f449e3e0481b2b34381f4522965a17e3e1378984afb6e64635fd61e47a92e72","digitalCertThumbprint":"3A79A413B0AE06757C81CBFD2B4204E12E98CBCF","digitalCertIssuer":"CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN","digitalCertIssuedTo":"CN=\"Anvei Technology Co., LTD\", E=admin@anvisoft.com, O=\"Anvei Technology Co., LTD\", L=Chengdu, S=Sichuan, C=CN","sourceIndex":"3290","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliate","reference":"pcsoftwaresbay.com  disk defragmenter software reports","landingPage":"http://www.anvisoft.com/ultimate-defrag.html","directDownloadingLink":"http://download.cnet.com/Anvi-Ultimate-Defrag/3000-2094_4-75914146.html?part=dl-&subj=dl&tag=button","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.cnet.com/Anvi-Ultimate-Defrag/3000-2094_4-75914146.html?part=dl-&subj=dl&tag=button","sourceIndex":"3290"}],"sampleFiles":["180219/UltimateDefrag-180215/1.2/Samples/audsetup.exe","180219/UltimateDefrag-180215/1.2/Samples/AUD.exe"],"imageFiles":["180219/UltimateDefrag-180215/1.2/Images/ACR-059/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180219/UltimateDefrag-180215/1.2/Images/ACR-065/ACR-065_install.JPG","180219/UltimateDefrag-180215/1.2/Images/ACR-065/ACR-065_software.JPG","180219/UltimateDefrag-180215/1.2/Images/ACR-065/ACR-065_inlineoffer.JPG","180219/UltimateDefrag-180215/1.2/Images/ACR-161/ACR-161_landingpage.JPG","180219/UltimateDefrag-180215/1.2/Images/ACR-092/ACR-092_software.JPG","180219/UltimateDefrag-180215/1.2/Images/ACR-099/ACR-099_software.JPG","180219/UltimateDefrag-180215/1.2/Images/ACR-099/ACR-099_landingpage.JPG","180219/UltimateDefrag-180215/1.2/Images/ACR-099/ACR-099_internaloffer.JPG","180219/UltimateDefrag-180215/1.2/Images/ACR-167/ACR-167_docs.JPG"],"guid":"98a21639-0e28-4149-8d22-d308e115c635_1.2_1","appID":"UltimateDefrag-180215","dateAdded":"180219","deceptorType":"App","name":"Ultimate Defrag","company":"AnviSoft","version":"1.2","sigName":"Deceptor:Win32/UltimateDefrag!059","lastKnownStatus":"Deceptor:1.2","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2019-01-24T00:55:16.0583804+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2583},{"violations":{"ACR-043":"App installs \"search the web\" icons and corresponding SearchBar app, which was not disclosed.\n","ACR-048":"App icons named \"search the web\", and not \"BrowserIO\", making it dfificult for the consumer to remove. App installed in hidden directory, making it hard for the consumer to find.\n","ACR-007":"App uses the Internet Explorer and Google Chrome icons in its SearchBar interface, making it seem the app is a Microsoft and/or Google component.\n","ACR-017":"App uses Microsoft's Internet Explorer and Google's Chrome icons, making it appear the app is endorsed by these companies.\n","ACR-039":"App installs SearchBar and installs a desktop shortcut and taskbar shortcut called \"search the web\". There is no indication that this is related to app\n"},"nonDeceptorViolations":{"ACR-040":"App installs into hidden folder {users}\\AppData\\Local\\BrowserIO\n","ACR-045":"App presents itself as a browser, but the main functionality seems to be a search bar.\nApp clams on landing page that the purpose is a browser.\n","ACR-056":"App's \"About\" launches a list of features that do not exist in the app.\n","ACR-092":"Installer and search bar signed by different company than was disclosed in offer.\n","ACR-035":"EULA declares EightPoint Technologies as source, Landing page declares BrowserIO as source.\n"},"samples":[{"isRevoked":"False","fileName":"D:\\SvcFab\\_App\\ServiceApiType_App0\\temp\\tmp4920.tmp","isInstaller":"True","companyName":"GlobalSign","fileVersion":"1.39","hashMD5":"f6017fe61aa286df58e624f838eed1e5","hashSHA1":"1c59c2351fcab880d7f66cc8d35255c478b6cdac","hashSHA256":"ef8106a268d2f9b66262448b04be6431e4bab19e4704ee2785e1b59d1eaf072f","digitalCertThumbprint":"BF5B8DD65FAD47324A36D42A8369F5C26E252A6D","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Architecture Software, O=Architecture Software, L=Incline Village, S=Nevada, C=US","sourceIndex":"3682","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"D:\\SvcFab\\_App\\ServiceApiType_App0\\temp\\tmpDAC4.tmp","fileVersion":"1.39","hashMD5":"2a8db03b8d28155697ea1d2b56627419","hashSHA1":"5a1c8efea82de5ea044df6a703839b52e0a918ba","hashSHA256":"c9ab951b76f10f3a55bd4b8f95a836189c1c3c130d82f5716e688630598ed124","digitalCertThumbprint":"BF5B8DD65FAD47324A36D42A8369F5C26E252A6D","digitalCertIssuer":"CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE","digitalCertIssuedTo":"CN=Architecture Software, O=Architecture Software, L=Incline Village, S=Nevada, C=US","sourceIndex":"3682","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Partner.Inquiry","reference":"Andrew at sophos","landingPage":"http://browserio.com/","directDownloadingLink":"http://www.searchincognitopro.com/cgi/adk/chrdl.cgi?domain=browserio.com&implementation_id=bio-sb-website&source=organic&adprovider=browserio&user_id=b20b22d6-30ad-4d12-8615-735eab4b825d&dfn=BrowserIOSetup","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.searchincognitopro.com/cgi/adk/chrdl.cgi?domain=browserio.com&implementation_id=bio-sb-website&source=organic&adprovider=browserio&user_id=b20b22d6-30ad-4d12-8615-735eab4b825d&dfn=BrowserIOSetup","sourceIndex":"3682"}],"sampleFiles":["180216/BrowserIO-180216/1.39.0.1/Samples/BrowserIOSetup.exe","180216/BrowserIO-180216/1.39.0.1/Samples/SearchBar.exe"],"imageFiles":["180216/BrowserIO-180216/1.39.0.1/Images/ACR-039/ACR-038 installs searchbar shortcuts not browserio.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-043/ACR-043 installs searchbar as well as browserio.gif","180216/BrowserIO-180216/1.39.0.1/Images/ACR-048/ACR-048 icons not named with app name, app installed into hidden directory.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-048/ACR-048 installs in hidden directory.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-007/ACR-007 misleading logos and icons.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-017/ACR-017 not really endorsed by MS or Google.png"],"nonDeceptorImageFiles":["180216/BrowserIO-180216/1.39.0.1/Images/ACR-040/ACR-040 installsin hidden directory.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-042/ACR-042 browserio landing page claims browser.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-045/ACR-045 browserio landing page claims browser.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-056/ACR-056 search bar about features don't match product.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-091/ACR-091 digital signature not match.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-091/ACR-091 terms of service says EightPoint Technologies.png","180216/BrowserIO-180216/1.39.0.1/Images/ACR-092/ACR-092 digital signature not offer.png"],"guid":"df916937-8ff2-4443-ab12-ce4d27d57ed9_1.39.0.1_1","appID":"BrowserIO-180216","dateAdded":"180216","deceptorType":"App","name":"BrowserIO","company":"Eightpoint Technologies, Ltd.","version":"1.39.0.1","sigName":"Deceptor:Win32/BrowserIO!007017039042043048","firstVendorContactDate":"180216","firstAppEsteemReplyDate":"180216","firstResolvedDate":"180223","firstResolvedVersion":"stopped all distribution. browserio.com and landing pages disabled. no way for consumers to get browserio.","resolved":"TRUE","lastKnownStatus":"Deceptor:1.39.0.1","lastKnownDate":"180216","type":"Windows Executable","category":"Personalization & Search","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"search","lastUpdate":"2018-02-23T18:06:10.6842982+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2587},{"violations":{"ACR-003":"The application exaggerates file extensions and COM/ActiveX as errors and set them to high priority, thereby misleading or scaring user to take action. \n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-092":"The application does not have a digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-037":"There is no privacy policy provided for the app. \n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-159":"No disclosure that payment would be required to access the full functionality of the software.\n"},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","productName":"PCCleaner","productVersion":"1.0","fileVersion":"1.0","hashMD5":"ff4334d9f1333cd5e08b3def4b32059f","hashSHA1":"a414275b19d99c51fc6a303a4dab14a742b39e67","hashSHA256":"315f9a5fcd45dc3a3cad55d74e59a445b9758319bf286cb9ae9bb3cb1d56e15b","sourceIndex":"3690","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCCleaner.exe","productName":"PCCleaner","productVersion":"0.0","fileVersion":"0.0","hashMD5":"c2bfacc9cff59b87b407847c2a20018b","hashSHA1":"f91c3a9578394fd5f83410d50fd991d8329c0aac","hashSHA256":"d1d2cd2c94c04c3791147ab4631bca4df82f66f6a3b3ee1544794aa50b4d92b1","sourceIndex":"3690","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://registrynerds.com/","directDownloadingLink":"http://registrynerds.com/dl.php","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://registrynerds.com/dl.php","sourceIndex":"3690"}],"sampleFiles":["180216/PC-Cleaner-180208/1.0/Samples/Setup.exe","180216/PC-Cleaner-180208/1.0/Samples/PCCleaner.exe"],"imageFiles":["180216/PC-Cleaner-180208/1.0/Images/ACR-003/acr_003.PNG"],"nonDeceptorImageFiles":["180216/PC-Cleaner-180208/1.0/Images/ACR-065/acr_065.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-065/acr-065_S.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-065/landing_page_1.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-065/acr_065_IO.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-091/unsigned.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-092/unsigned.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-099/acr_099_S.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-099/acr_099_LP.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-099/acr_099_IO.PNG","180216/PC-Cleaner-180208/1.0/Images/ACR-159/acr_159.PNG"],"guid":"052523fd-7d0a-4dc3-92d8-2e9a822a65e6_1.0_1","appID":"PC-Cleaner-180208","dateAdded":"180216","deceptorType":"App","name":"PC-Cleaner","company":"registrynerds.com","version":"1.0","sigName":"Deceptor:Win32/RegistryNerdsPCCleaner!003","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"180216","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-16T21:59:54.4062782+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2586},{"violations":{"ACR-003":"The application exaggerates temp files and registry keys as errors and sets their priority to medium, thereby misleading or scaring user to take action. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"The application prompts during uninstall stating that consumer can get the same software at a 75% discount.\n\n"},"samples":[{"isRevoked":"False","fileName":"Installer.exe","isInstaller":"True","companyName":"Enigma Software Group USA, LLC.","productName":"reghunter-installer","productVersion":"2.0.499.2213","fileVersion":"2.0.499.2213","hashMD5":"fcd8094754cb7f15127275c4e64597c1","hashSHA1":"e7cf5169252675bf070543ef64f174c1064d831c","hashSHA256":"1e763132a2ab9741d9aa411b64c71eeae526e9d0c47f5f6b86cc015f39757dea","digitalCertThumbprint":"B2B973A3D06BFF1D22B6BA736CBE55C38F188D8E","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Enigma Software Group USA, LLC\", O=\"Enigma Software Group USA, LLC\", L=Clearwater, S=Florida, C=US, SERIALNUMBER=L09000121159, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"3680","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegHunter.exe","companyName":"Enigma Software Group USA, LLC.","productName":"RegHunter","productVersion":"2.3.3.2065","fileVersion":"1.3.16.13","hashMD5":"803aef69ce70f1674dc505bac0d70f6e","hashSHA1":"a10b1fbe3a9ec2082ca05bbcaa58711f877977fe","hashSHA256":"50f8d55e84b04143da54e89ea1df63ff5432d9dbcae9caffca8f4c42b3789e3d","digitalCertThumbprint":"B2B973A3D06BFF1D22B6BA736CBE55C38F188D8E","digitalCertIssuer":"CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Enigma Software Group USA, LLC\", O=\"Enigma Software Group USA, LLC\", L=Clearwater, S=Florida, C=US, SERIALNUMBER=L09000121159, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US","sourceIndex":"3680","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Community.Submission","reference":"","landingPage":"https://www.enigmasoftware.com/products/reghunter/","directDownloadingLink":"http://download2.enigmasoftware.com/reghunter-free-download/enigmasoftware.com/RegHunter-Installer.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download2.enigmasoftware.com/reghunter-free-download/enigmasoftware.com/RegHunter-Installer.exe","sourceIndex":"3680"}],"sampleFiles":["180216/Reghunter-180214/2.0.499.2213/Samples/RegHunter-Installer.exe","180216/Reghunter-180214/2.0.499.2213/Samples/RegHunter.exe"],"imageFiles":["180216/Reghunter-180214/2.0.499.2213/Images/ACR-003/acr_003.PNG"],"nonDeceptorImageFiles":["180216/Reghunter-180214/2.0.499.2213/Images/ACR-065/acr_065.PNG","180216/Reghunter-180214/2.0.499.2213/Images/ACR-099/acr_099_S.PNG","180216/Reghunter-180214/2.0.499.2213/Images/ACR-099/acr_099_IO.PNG","180216/Reghunter-180214/2.0.499.2213/Images/ACR-120/readvertised.PNG"],"guid":"066673e8-ccc5-4f30-b5d1-ae1df8cc54ba_2.0.499.2213_1","appID":"Reghunter-180214","dateAdded":"180216","deceptorType":"App","name":"Reghunter","company":"Enigma Software Group USA, LLC.","version":"2.0.499.2213","sigName":"Deceptor/Win32/EnigmaRegHunter!003","firstVendorContactDate":"180222","firstAppEsteemReplyDate":"180222","firstResolvedDate":"180227","firstResolvedVersion":"2.0.537.2441","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0.499.2213;NonCertified:2.0.537.2441","lastKnownDate":"180216","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-27T20:30:59.8354233+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2585},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-092":"The application does not have a digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offers page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-171":"The consumer is required to opt-out of recurring payment.\n\n","ACR-017":"The landing page elevates its user trust level by displaying endorsements such as cnet,5 star review on dowwnload.com, PCmag.com and net editors pick which are all unverifiable.\n\n"},"samples":[{"isRevoked":"False","fileName":"Windows Doctor 3.0.0.0 .exe","isInstaller":"True","companyName":"WindowsDoctor International LLC","productName":"Windows Doctor 3.0.0.0 ","productVersion":"n/a","fileVersion":"n/a","hashMD5":"a349edf1710fa0598531e8b339c51549","hashSHA1":"d16ecf3da9effa9b8afccb7463997640d46f58ee","hashSHA256":"0bbdf148eaf1479697272be3724af3408e310b2c4c540a86232e810ff9642460","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3770","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":" Windows Doctor.exe","companyName":" WindowsDoctor.com","productName":" Windows Doctor","productVersion":"3.0.0.0","fileVersion":"3.0.0.0","hashMD5":"305e1120f914ac1d34213c1416112a9b","hashSHA1":"7ad4afae754d70539c93fe62e4c8321143f3f455","hashSHA256":"210709a1be8ea05c7de0a7f3e5aa1d1f47314b36647be3907a94cadefbe9bbbe","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3770","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://windowsdoctor.com/","directDownloadingLink":"http://www.windowsdoctor.com/windowsdoctor3000.exe","ipv4":"","ipv6":"","sourceIndex":"3770"}],"sampleFiles":["180212/WindowsDoctor3000-180202/3.0.0.0/Samples/windowsdoctor3000.exe","180212/WindowsDoctor3000-180202/3.0.0.0/Samples/WindowsDoctor.exe"],"imageFiles":["180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-003/acr_003.PNG"],"nonDeceptorImageFiles":["180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-065/acr_065.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-065/acr_065_S.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-065/acr_065_LP.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-065/acr_065_IO.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-161/testimonials.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-099/acr_099.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-099/landing_page.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-099/internal_page.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-171/acr_171.PNG","180212/WindowsDoctor3000-180202/3.0.0.0/Images/ACR-017/acr_017_11.PNG"],"guid":"9c999475-fbdd-4cb7-8eed-753a639a3d21_3.0.0.0_1","appID":"WindowsDoctor3000-180202","dateAdded":"180212","deceptorType":"App","name":"WindowsDoctor","company":"Sunnydigits Software Co., Ltd.","version":"3.0.0.0","sigName":"Deceptor:Win32/WindowsDoctor!003","lastKnownStatus":"Deceptor:3.0.0.0","lastKnownDate":"180207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:24:57.2995309+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2588},{"violations":{"ACR-003":"The application exaggerates 1 out of date driver as a problem, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application only offers a 14 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"updatestardrivers.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"4421d402b12c94db2a28ee2243e695b4","hashSHA1":"398545a61a6f78cf60ce35b529f7de9c30d20d81","hashSHA256":"9ae92670c6343ac07217be68f75eff77a6fbb29ed9f542227fb835a9d2177766","digitalCertThumbprint":"BBB39898D0A7A577B4EB5E88DB7C128F2C1F0363","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Gneisenaustr. 44/45, L=Berlin, S=Berlin, PostalCode=10961, C=DE","sourceIndex":"3661","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"c:\\program files (x86)\\updatestar drivers\\drivers.exe","companyName":"n/a","productName":"UpdateStar Drivers","productVersion":"9, 0, 0, 0","fileVersion":"9, 0, 0, 0","hashMD5":"6715ab8f3275a4030cb2ce3e8ea7d270","hashSHA1":"392adc7035111729aaa92775ebce6ce9e11bc559","hashSHA256":"c2c6771221512e30e3ba1d6c6787a7e6441320a1f44df5b61cc496b04c764f6f","digitalCertThumbprint":"BBB39898D0A7A577B4EB5E88DB7C128F2C1F0363","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Gneisenaustr. 44/45, L=Berlin, S=Berlin, PostalCode=10961, C=DE","sourceIndex":"3661","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"http://client.updatestar.com/en/drivers/overview/","directDownloadingLink":"http://static.updatestar.net/dl/updatestar/drivers/updatestardrivers.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://static.updatestar.net/dl/updatestar/drivers/updatestardrivers.exe","sourceIndex":"3661"}],"sampleFiles":["180212/UpdateStarDrivers-180211/9.0.0/Samples/updatestardrivers.exe","180212/UpdateStarDrivers-180211/9.0.0/Samples/drivers.exe"],"imageFiles":["180212/UpdateStarDrivers-180211/9.0.0/Images/ACR-003/ACR_003_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180212/UpdateStarDrivers-180211/9.0.0/Images/ACR-065/ACR_065_INSTALL.PNG","180212/UpdateStarDrivers-180211/9.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180212/UpdateStarDrivers-180211/9.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_1.PNG","180212/UpdateStarDrivers-180211/9.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_2.PNG","180212/UpdateStarDrivers-180211/9.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180212/UpdateStarDrivers-180211/9.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180212/UpdateStarDrivers-180211/9.0.0/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"509b0a30-8b9b-42c7-9fe7-abf4f8067e81_9.0.0_1","appID":"UpdateStarDrivers-180211","dateAdded":"180212","deceptorType":"App","name":"UpdateStar Drivers","company":"UpdateStar","version":"9.0.0","sigName":"Deceptor:Win32/UpdateStarDrivers!003084","firstVendorContactDate":"180327","firstAppEsteemReplyDate":"180327","firstResolvedDate":"180327","firstResolvedVersion":"10.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:9.0.0;NonCertified:10.0.0","lastKnownDate":"180212","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-03-28T16:10:24.18291+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2589},{"violations":{"ACR-042":"The apps installer proceeds with a silent install, not obtaining user permission before installing.\n","ACR-043":"App installs \"StartApps.exe\", which is a PC Optimizer Pro installer digitally signed by a third party, with no disclosure to the user in the EULA, install, or landing page.\n","ACR-084":"User is unable to disable the scheduled update task using the application interface, even when unchecking the box.\n"},"nonDeceptorViolations":{"ACR-065":"No installer is provided with links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\nThe application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-036":"App does not describe or disclose third party components used in the EULA.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"slowpcfixersetup.exe","isInstaller":"True","companyName":"Weblance","productName":"Slow PC Fixer","productVersion":"2, 0, 2, 2","fileVersion":"2, 0, 2, 2","hashMD5":"536cd54c6814e29eaa654d33ae4c4af0","hashSHA1":"850c771a5c1b21c134109e2f6e2294750696751c","hashSHA256":"a4e1be70053eb9acd639d735de2ccc8bbd03e85af2dc96829cfff552bcc19371","digitalCertThumbprint":"12E50F54C8824B06C16711EFCCEC0BC6A76BDE7A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Weblance, O=Weblance, STREET=\"955/1, 1st floor\", STREET=Opp. Saini Bhawan, L=Ambala City, S=Haryana, PostalCode=134002, C=IN","sourceIndex":"3291","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":[]},{"isRevoked":"False","fileName":"Slow PC Fixer.exe","companyName":"Weblance","productName":"Slow PC Fixer","productVersion":"2, 0, 2, 2","fileVersion":"2, 0, 2, 2","hashMD5":"77e5679fc355d843669e3c228e33c204","hashSHA1":"1a39fbdecacc9ae0097cb44595d4c38569193c85","hashSHA256":"baafdb4a6f819805f4469338aa51283434918964d01d0c5052754b1ab2d8e290","digitalCertThumbprint":"12E50F54C8824B06C16711EFCCEC0BC6A76BDE7A","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Weblance, O=Weblance, STREET=\"955/1, 1st floor\", STREET=Opp. Saini Bhawan, L=Ambala City, S=Haryana, PostalCode=134002, C=IN","sourceIndex":"3291","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com search \"slow pc fixer\" page 2 of results https://www.slowpcfixer.com/","landingPage":"https://www.slowpcfixer.com/","directDownloadingLink":"https://www.slowpcfixer.com/slowpcfixersetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.slowpcfixer.com/slowpcfixersetup.exe","sourceIndex":"3291"}],"sampleFiles":["180208/SlowPCFixer-180205/2.0.2.2/Samples/slowpcfixersetup.exe","180208/SlowPCFixer-180205/2.0.2.2/Samples/Slow PC Fixer.exe"],"imageFiles":["180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-043/ACR-043_install.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-043/ACR-043_install.mp4","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-084/ACR-084_software.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-042/ACR-042_install.mp4"],"nonDeceptorImageFiles":["180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-042/ACR-042_install.mp4","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-065/ACR-065_software.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-161/ACR-161_landingpage.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-161/ACR-161_landingpage1.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-161/ACR-161_internaloffer.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-088/ACR-088_software.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-099/ACR-099_software.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-099/ACR-099_landingpage.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-099/ACR-099_internaloffer.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-168/ACR-168_landingpage.JPG","180208/SlowPCFixer-180205/2.0.2.2/Images/ACR-036/ACR-036_docs.JPG"],"guid":"aa3adc2a-1474-4412-9daa-c1e2579a2517_2.0.2.2_1","appID":"SlowPCFixer-180205","dateAdded":"180208","deceptorType":"App","name":"Slow PC Fixer","company":"Weblance","version":"2.0.2.2","sigName":"Deceptor:Win32/SlowPCFixer!042043084","lastKnownStatus":"Deceptor:2.0.2.2","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:54:36.3333216+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2590},{"violations":{"ACR-003":"The application exaggerates Invalid Paths, Invalid Shared DLLS, Classes Section, Invalid File Associations and Invalid Application Paths as errors and problems, thereby misleading or scaring user to take action.\n","ACR-117":"During uninstall a prompt shows with the message \"Warning: Registry Repair Pro has found 366 registry errors on this computer\", before uninstall can be completed there is the choices of Repair All Errors or Keep these Errors \n","ACR-118":"When the user attempts to completely uninstall the application, some components are retained on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get the full version of Registry Pro for free.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application has no refund policy.\n","ACR-159":"There is no mention on the landing page that payment will be required to activate the full functionality of the app. The buy now option on the landing page downloads the app.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying an unverifiable 5 star review rating logos.\n"},"samples":[{"isRevoked":"False","fileName":"registryrepair_t.exe","isInstaller":"True","companyName":"3B Software, Inc.                                           ","productName":"Registry Repair Pro","fileVersion":"0.0","hashMD5":"a8e4cac1f00607dce5da2a79b7caacf1","hashSHA1":"1943c5ed342ed6f8eff929e46bc3848066f04b35","hashSHA256":"8d8db168901d24ad0e625220615116b6e392ae02802c7c7e75f5346c26cdc010","digitalCertThumbprint":"B4C51CEDDA61F12A582BB262B01D4BDB5EEC964A","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=3B Software, O=3B Software, STREET=3030 Matlock Road, L=Arlington, S=Texas, PostalCode=76015, C=US","sourceIndex":"3292","avBlockList":["Avira Internet Security (20190131)","ESET Internet Security (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","VirIT eXplorer PRO (20190131)","Avast Internet Security (20190131)","AVG Internet Security (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","Trend Micro Internet Security (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"]},{"isRevoked":"False","fileName":"c:\\program files (x86)\\3b software\\registry repair pro\\RegistryRepairPro.exe","companyName":"3B Software, Inc.","productName":"Registry Repair Pro","productVersion":"4.5.0.0","fileVersion":"4.5.0.0","hashMD5":"4f13198e02e497e101482586fc661083","hashSHA1":"ecd7191590118998fa7d7f6a0a8c02092fb7ff84","hashSHA256":"24e689d91c89401e1d394c12e905d602fcdff829e001a7bbcda4579bec5fad26","digitalCertThumbprint":"B4C51CEDDA61F12A582BB262B01D4BDB5EEC964A","digitalCertIssuer":"CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=3B Software, O=3B Software, STREET=3030 Matlock Road, L=Arlington, S=Texas, PostalCode=76015, C=US","sourceIndex":"3292","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com (Registry Repair software)","landingPage":"http://www.registryrepairpro.com/","directDownloadingLink":"http://www.registryrepairpro.com/download/registryrepair_t.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.registryrepairpro.com/download/registryrepair_t.exe","sourceIndex":"3292"}],"sampleFiles":["180208/RegistryRepairPro-180205/4.5.0.0/Samples/registryrepair_t.exe","180208/RegistryRepairPro-180205/4.5.0.0/Samples/RegistryRepairPro.exe"],"imageFiles":["180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-117/ACR_117_UNINSTALL.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-065/ACR_065_INSTALL.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_1.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_2.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_3.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-088/ACR_088_SOFTWARE.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_1.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_2.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_3.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-120/ACR_120_UNINSTALL.PNG","180208/RegistryRepairPro-180205/4.5.0.0/Images/ACR-159/ACR_159_LANDING_PAGE.PNG"],"guid":"a5d9c9ef-8a18-418f-88c9-e86582db7fbd_4.5.0.0_1","appID":"RegistryRepairPro-180205","dateAdded":"180208","deceptorType":"App","name":"Registry Repair Pro","company":"3B Software, Inc.","version":"4.5.0.0","sigName":"Deceptor:Win32/RegistryRepairPro!003117118","lastKnownStatus":"Deceptor:4.5.0.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-01-24T00:54:00.8015196+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2591},{"violations":{"ACR-003":"The app uses alarming \"danger level\" gauges to drive a false sense of urgency to Registry items. The application exaggerates Windows Registry Application Path, Windows Registry COM/ActiveX, Windows shared DLLs, Windows Registry File Extensions and MS-DOS Program shortcuts as errors and problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying multiple unverifiable logos from software review websites.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n","ACR-003":"The app uses alarming \"danger level\" gauges to drive a false sense of urgency to Registry items. The application exaggerates Windows Registry Application Path, Windows Registry COM/ActiveX, Windows shared DLLs, Windows Registry File Extensions and MS-DOS Program shortcuts as errors and problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying multiple unverifiable logos from software review websites.\n"},"samples":[{"isRevoked":"False","fileName":"PCTuneUpSetup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"a62d04a794b5d3178b3946612dea7040","hashSHA1":"78fd49c6a502b661acbfdba39a2820125b3c342b","hashSHA256":"c04dc1fc7b22e3714c4ef3ce833125cfbc06715569edee495b329e8e55ef22cd","digitalCertThumbprint":"A25E74D169F728626CB0F974B8F7DC28C7E0C7C6","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NNJ Corporation, O=NNJ Corporation, L=San Diego, S=California, C=US","sourceIndex":"3718","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"c:\\program files (x86)\\pc tune-up\\PCTuneUp.exe","companyName":"Large Software","productName":"PC Tune-Up","productVersion":"3.3.0.0","fileVersion":"3.3.0.0","hashMD5":"d8d036536e74218a4f675c68c9aa3e91","hashSHA1":"96a00aabbb327577621a6c7fb4e17ae8876c1fef","hashSHA256":"fb831be151495ae4a9265d9914e053798cd6ab36171634ede37c8173aa878ee9","digitalCertThumbprint":"A25E74D169F728626CB0F974B8F7DC28C7E0C7C6","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NNJ Corporation, O=NNJ Corporation, L=San Diego, S=California, C=US","sourceIndex":"3718","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com(speed up my pc software)","landingPage":"https://www.largesoftware.com/pc-tune-up/","directDownloadingLink":"https://www.largesoftware.com/downloads/Products/PCTuneUp/PCTuneUpSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.largesoftware.com/downloads/Products/PCTuneUp/PCTuneUpSetup.exe","sourceIndex":"3718"}],"sampleFiles":["180208/PCTune-Up-180206/3.3.0.0/Samples/PCTuneUpSetup.exe","180208/PCTune-Up-180206/3.3.0.0/Samples/PCTuneUp.exe"],"imageFiles":["180208/PCTune-Up-180206/3.3.0.0/Images/ACR-048/INSTALL.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-048/SOFTWARE.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-116/UNINSTALL_SCREENSHOT_1.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-116/UNINSTALL_SCREENSHOT_2.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-116/UNINSTALL_SCREENSHOT_3.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-039/INSTALL.PNG"],"nonDeceptorImageFiles":["180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_1.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_2.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_3.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_4.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_5.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_INSTALL.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_1.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_2.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_3.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_4.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_1.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_2.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_3.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_4.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_5.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180208/PCTune-Up-180206/3.3.0.0/Images/ACR-017/ACR_017_LANDING_PAGE.PNG"],"guid":"9557cddd-fca8-4a2c-9b6a-591648fab688_3.3.0.0_1","appID":"PCTune-Up-180206","dateAdded":"180208","deceptorType":"App","name":"PC Tune-Up","company":"Large Software","version":"3.3.0.0","sigName":"Deceptor:Win32/NNJPCTuneup!003","firstVendorContactDate":"180209","firstAppEsteemReplyDate":"180210","firstResolvedDate":"180210","firstResolvedVersion":"5.1","resolved":"TRUE","lastKnownStatus":"Deceptor:3.3.0.0","lastKnownDate":"180206","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-02-15T00:34:29.303599+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2592},{"violations":{"ACR-003":"The application exaggerates Temporary internet files and folders as potential privacy risks using high (red) colour gradient, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-003":"The application exaggerates Temporary internet files and folders as potential privacy risks using high (red) colour gradient, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"myuninstallerpro6.exe","isInstaller":"True","companyName":"Large Software                                              ","productName":"My Uninstaller Pro","productVersion":"3.0","fileVersion":"3.0","hashMD5":"0a8d473c76bfcf7c7602c0b94506f2d6","hashSHA1":"c5ef04f5db855d8878e4b43ff79b95fb30ebf499","hashSHA256":"ab5087a956e71707730f9db628b4b668e4bd1a0e0c4063b79b3c7309da823ab5","digitalCertThumbprint":"A25E74D169F728626CB0F974B8F7DC28C7E0C7C6","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NNJ Corporation, O=NNJ Corporation, L=San Diego, S=California, C=US","sourceIndex":"3786","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"c:\\program files (x86)\\my uninstaller pro\\MyUninstallerPro.exe","companyName":"Large Software","productName":"My Uninstaller Pro","productVersion":"3.0.0.0","fileVersion":"3.0.0.0","hashMD5":"d6f6d4e66d3a02a00c27d2d35e118d96","hashSHA1":"7ceb50d006e6033ed0e4a318ac35fd146ec38a04","hashSHA256":"df9d5d34aca9322717584dc5d36e4fda414f5a420b242ca0abe1ac93c6a8c528","digitalCertThumbprint":"A25E74D169F728626CB0F974B8F7DC28C7E0C7C6","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NNJ Corporation, O=NNJ Corporation, L=San Diego, S=California, C=US","sourceIndex":"3786","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"https://www.largesoftware.com","landingPage":"https://www.largesoftware.com/my-uninstaller-pro/","directDownloadingLink":"https://www.largesoftware.com/downloads/Products/My_Uninstaller_Pro/myuninstallerpro6.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://www.largesoftware.com/downloads/Products/My_Uninstaller_Pro/myuninstallerpro6.exe","sourceIndex":"3786"}],"sampleFiles":["180208/MyUninstallerPro-180207/3.0/Samples/myuninstallerpro6.exe","180208/MyUninstallerPro-180207/3.0/Samples/MyUninstallerPro.exe"],"imageFiles":["180208/MyUninstallerPro-180207/3.0/Images/ACR-048/INSTALL.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-048/SOFTWARE.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-003/ACR_003_SOFTWARE.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-116/UNINSTALL_SCREENSHOT_1.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-116/UNINSTALL_SCREENSHOT_2.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-116/UNINSTALL_SCREENSHOT_3.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-039/INSTALL.PNG"],"nonDeceptorImageFiles":["180208/MyUninstallerPro-180207/3.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_1.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-065/ACR_065_LANDING_PAGE_SCREENSHOT_2.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-099/ACR_099_INTERNAL_SCREENSHOT_1.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-099/ACR_099_INTERNAL_SCREENSHOT_2.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_1.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-099/ACR_099_LANDING_PAGE_SCREENSHOT_2.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180208/MyUninstallerPro-180207/3.0/Images/ACR-003/ACR_003_SOFTWARE.PNG"],"guid":"ff978463-bc38-4e1d-9762-4027d8bd9edd_3.0_1","appID":"MyUninstallerPro-180207","dateAdded":"180208","deceptorType":"App","name":"My Uninstaller Pro","company":"Large Software","version":"3.0","sigName":"Deceptor:Win32/MyUninstallerPro!003","firstVendorContactDate":"180209","firstAppEsteemReplyDate":"180210","firstResolvedDate":"180210","firstResolvedVersion":"3.3","resolved":"TRUE","lastKnownStatus":"Deceptor:3.0","lastKnownDate":"180207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:19:29.0303402+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2593},{"violations":{"ACR-003":"The application exaggerates missing and invalid empty registry keys as problems and high danger levels, thereby misleading or scaring user to take action \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-092":"The application does not have a digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application has no mention of a refund policy but only for 7 days. \n\n","ACR-171":"The consumer is required to opt-out of additional payment.\n\n","ACR-003":"The application exaggerates missing and invalid empty registry keys as problems and high danger levels, thereby misleading or scaring user to take action \n"},"samples":[{"isRevoked":"False","fileName":"AdvRegDocPro_9.4.8.10_9600000001.exe","isInstaller":"True","companyName":"Elcor Software","fileVersion":"9.4.8.10","hashMD5":"09e285a9bc85ca8851453ac2914de0b9","hashSHA1":"cb3a2eec7e0b1a32b981b44112ea730fa5521b50","hashSHA256":"f02556c5586152244436a63d1bbcd480766b83c2fd877bf7869e973bdf545df3","sourceIndex":"3783","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdvRegDocPro.exe","companyName":"Elcor Software","fileVersion":"9.4.8.10","hashMD5":"8f772e2398a0e5c5ed1a986c96126d30","hashSHA1":"791915b6a7f3190c22b7602a51474aeca3e3c403","hashSHA256":"f07d976a774a1207a1bf9320029a65a8a1815352ba0f3bc6fb00b6acdc290bd7","sourceIndex":"3783","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.elcor.net/ard.php","directDownloadingLink":"http://www.elcor.net/download/AdvRegDoctorProSetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.elcor.net/download/AdvRegDoctorProSetup.exe","sourceIndex":"3783"}],"sampleFiles":["180208/AdvancedRegistryDoctor-180206/9.4.8.10/Samples/AdvRegDoctorProSetup.exe","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Samples/AdvRegDocPro.exe"],"imageFiles":["180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-003/acr_003.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-097/software.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-103/software.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-116/uninstall.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-116/uninstall_1.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-059/internal_offer_page.PNG"],"nonDeceptorImageFiles":["180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-065/internal_offer_page.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-065/landing_page.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-065/acr-065.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-065/acr_065_S.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-092/unsigned.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-099/internal_offer_page.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-099/acr_099_LP.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-099/acr_099_S.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-167/return_policy.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-171/acr_171.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-171/acr_171_2.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-003/acr_003.PNG","180208/AdvancedRegistryDoctor-180206/9.4.8.10/Images/ACR-059/internal_offer_page.PNG"],"guid":"b0a44535-caee-43e2-ace5-fdc7c1acf4c7_9.4.8.10_1","appID":"AdvancedRegistryDoctor-180206","dateAdded":"180208","deceptorType":"App","name":"Advanced Registry Doctor ","company":" Elcor Software","version":"9.4.8.10","sigName":"Deceptor:Win32/AdvancedRegistryDoctor!003","lastKnownStatus":"Deceptor:9.4.8.10","lastKnownDate":"180206","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:21:27.3694467+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2594},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry items as medium improvement potential, thereby misleading or scaring user to take action. The app also has an audio prompt upon scan completion which tells the user that it has detected \"problems\" that need attention, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's scan schedule is set to do not schedule, however the app has created multiple scheduled task in the windows task scheduler. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon call the contact number provided, the user is prompted no one is available.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens with information stating that the consumer can get the app at 50% off.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"pctusetup_site.exe","isInstaller":"True","companyName":"www.pcpowertuneup.com                                     ","productName":"PC Tuneup","productVersion":"3.18.9.935","fileVersion":"3.18","hashMD5":"22526a3276218bdde59548ae71e44075","hashSHA1":"d6ab2599dd43e388aab8d149b39cfb8d299a22b4","hashSHA256":"30f9c395beec928ec99cddbed256b2f9638d9ddbe568f441d3e959ed4f662db1","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SYS SECURE PC SOFTWARE LLP, O=SYS SECURE PC SOFTWARE LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"425","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCTuneup.exe","companyName":"pcpowertuneup.com","productName":"PC Tuneup","productVersion":"3.18.9.935","fileVersion":"3.18.9.935","hashMD5":"24a7a35fa21ddef3e0c84e3aa1a4fb8c","hashSHA1":"2b56c9075d620462e37ae0c7d50b4dfd6c31edb9","hashSHA256":"946875c31dba1519ddf5f2ba04d9fa2726a5db7d1b22e1c0b36c220527047991","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SYS SECURE PC SOFTWARE LLP, O=SYS SECURE PC SOFTWARE LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"425","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com search for \"pc registry tuneup\" page 5 of results page.","landingPage":"http://www.pcpowertuneup.com/","directDownloadingLink":"https://g4a2uta3m.vo.llnwd.net/js/pcpowertuneup/setups/pctusetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://g4a2uta3m.vo.llnwd.net/js/pcpowertuneup/setups/pctusetup_site.exe","sourceIndex":"425"}],"sampleFiles":["180208/PCTuneup-180205/3.18.9.935/Samples/pctusetup_site.exe","180208/PCTuneup-180205/3.18.9.935/Samples/PCTuneup.exe"],"imageFiles":["180208/PCTuneup-180205/3.18.9.935/Images/ACR-003/ACR-003_software.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-003/ACR-003_software1.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-003/ACR-003_software2.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-003/ACR_003_software_voice_prompt.mp4","180208/PCTuneup-180205/3.18.9.935/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180208/PCTuneup-180205/3.18.9.935/Images/ACR-065/ACR-065_software.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-161/ACR-161_landingpage.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-161/ACR-161_landingpage1.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-163/ACR-163_landingpage.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-088/ACR-088_software.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-160/ACR-160_software.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-099/ACR-099_software.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-099/ACR-099_internaloffer.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-168/ACR-168_landingpageoffer.JPG","180208/PCTuneup-180205/3.18.9.935/Images/ACR-120/ACR-120_uninstall.JPG"],"guid":"6d108c16-fa82-446e-8da3-5c35661b2a71_3.18.9.935_1","appID":"PCTuneup-180205","dateAdded":"180208","deceptorType":"App","name":"PC Tuneup","company":"www.pcpowertuneup.com","version":"3.18.9.935","sigName":"Deceptor:Win32/PCPowerTuneUp!003084","lastKnownStatus":"Deceptor:3.18.9.935","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2024-11-05T19:17:36.6106255+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2096},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry items as medium improvement potential, thereby misleading or scaring user to take action. App has an audio-based prompt claiming \"detected problems\", raising a false sense of urgency.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app's scan schedule is set to do not schedule, however the app has created scheduled task in the windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-040":"The application is unidentifiable in the install location. The application does not have an identifiable name in the installation location.\n","ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon call the contact number provided, the user is prompted no one is available.\n","ACR-099":"The application's internal offer page has no link or information that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens with information stating that consumer can get the app at 50% off.\n","ACR-171":"The consumer is required to opt-out of recurring payment.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"apctusetup_site.exe","isInstaller":"True","companyName":"www.advancedpctuneup.com/                                   ","productName":"Advanced PC Tuneup","productVersion":"6.18.45.900","fileVersion":"6.18","hashMD5":"a71ac855853253092581152fd9c877a8","hashSHA1":"8f65d5ab0789bbc5216e6a91536e0bf589a25886","hashSHA256":"6e84fe41046605570c635eaf562845204df3b7e69bb35781b2219cdff5ec4cb2","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SYS SECURE PC SOFTWARE LLP, O=SYS SECURE PC SOFTWARE LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"424","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdvancedPCTuneup.exe","companyName":"AdvancedPCTuneup.com","productName":"Advanced PC Tuneup","productVersion":"6.18.45.900","fileVersion":"6.18.45.900","hashMD5":"acce04eeba58c8c1a9968514fb24b7a0","hashSHA1":"09b7dde61ee2e7c8c0f6a5b33c6e9aa39fa9cff3","hashSHA256":"245f4cda94320ed5830a259dce0def3ee8ed1fda8c110c41807b2b3d3beb9298","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=SYS SECURE PC SOFTWARE LLP, O=SYS SECURE PC SOFTWARE LLP, L=Jaipur, S=Rajasthan, C=IN","sourceIndex":"424","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com search for \"pc registry tuneup\", page 4 result.","landingPage":"http://www.advancedpctuneup.com/","directDownloadingLink":"http://cdn.advancedpctuneup.com/js/advancedpctuneup/apctusetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cdn.advancedpctuneup.com/js/advancedpctuneup/apctusetup_site.exe","sourceIndex":"424"}],"sampleFiles":["180208/AdvancedPCTuneup-180205/6.18.45.900/Samples/apctusetup_site.exe","180208/AdvancedPCTuneup-180205/6.18.45.900/Samples/AdvancedPCTuneup.exe"],"imageFiles":["180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-003/ACR-003_software.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-003/ACR-003_software1.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-003/ACR-003_software2.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-003/ACR_003_software_voice_prompt.mp4","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-040/ACR-040_install.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-065/ACR-065_software.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-161/ACR-161_landingpage.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-161/ACR-161_landingpage2.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-163/ACR-163_landingpage.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-088/ACR-088_software.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-160/ACR-160_software.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-099/ACR-099_software.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-099/ACR-099_internaloffer.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-168/ACR-168_landingpage.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-120/ACR-120_uninstall.JPG","180208/AdvancedPCTuneup-180205/6.18.45.900/Images/ACR-171/ACR-171_internaloffer.JPG"],"guid":"658e8d00-d0df-4e4c-8513-4c8386b61da0_6.18.45.900_1","appID":"AdvancedPCTuneup-180205","dateAdded":"180208","deceptorType":"App","name":"Advanced PC Tuneup","company":"advancedpctuneup.com","version":"6.18.45.900","sigName":"Deceptor:Win32/AdvancedPCTuneup!003084","lastKnownStatus":"Deceptor:6.18.45.900","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2024-11-05T19:18:58.0916251+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2097},{"violations":{"ACR-003":"The application exaggerates registry keys as a problem, and also refers to the systems health as critical and hazardous, thereby misleading or scaring user to take action.\n","ACR-168":"The internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application made mention of a refund but only for seven (7) days. \n\n","ACR-003":"The application exaggerates registry keys as a problem, and also refers to the systems health as critical and hazardous, thereby misleading or scaring user to take action.\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"Cyboscan.exe","isInstaller":"True","companyName":"Dsouza Technology Solutions Pvt Ltd","productName":"Cyboscan","productVersion":"1.7","fileVersion":"1.7","hashMD5":"e5173364fd03c248a0a7990534e0d93e","hashSHA1":"ed520fc380151f37eee39fb9b7ad3e5bd5303e39","hashSHA256":"8e416a60140b5e8b6a31c0d228b46c3276a9c8bf323167da39aa07b64cd4ed14","digitalCertThumbprint":"A3F8904C1ACEECB729BAB7EEAA10D1AA852EB507","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Dsouza Technology Solutions Pvt Ltd","sourceIndex":"3809","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC Optimizer.exe","companyName":"Dsouza Technology Solutions Pvt Ltd","productName":"Cyboscan","productVersion":" 1.1.0.0","fileVersion":" 1.1.0.0","hashMD5":"81a10d4e638733e033a0f90b7a51b101","hashSHA1":"9c2aac6780c9d6a84f47b9a504b266953910eb0d","hashSHA256":"518e29ae725df2284c63050609678fce8f2f92d6fa599b6a69d5da3359ef1a08","digitalCertThumbprint":"A3F8904C1ACEECB729BAB7EEAA10D1AA852EB507","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Dsouza Technology Solutions Pvt Ltd","sourceIndex":"3809","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"google.com keyword: free Pc optimization software ","landingPage":"https://cyboscan.com/","directDownloadingLink":"https://cyboscan.com/setup/Cyboscan_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3809"}],"sampleFiles":["180202/cyboscan-180130/1.7/Samples/Cyboscan_Setup.exe","180202/cyboscan-180130/1.7/Samples/PC Optimizer.exe"],"imageFiles":["180202/cyboscan-180130/1.7/Images/ACR-042/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-042/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-043/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-043/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-046/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-046/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-046/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-047/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-047/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-047/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-107/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-107/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-107/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-107/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-048/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-048/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-048/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-003/acr_003.PNG","180202/cyboscan-180130/1.7/Images/ACR-003/acr_003_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-084/software_084.PNG","180202/cyboscan-180130/1.7/Images/ACR-086/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-089/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-097/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-103/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-168/one_one_IO.PNG","180202/cyboscan-180130/1.7/Images/ACR-168/one_to_one_LP.PNG","180202/cyboscan-180130/1.7/Images/ACR-116/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-116/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-117/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-117/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-118/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-118/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-119/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-119/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-057/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-071/internal_offer.PNG"],"nonDeceptorImageFiles":["180202/cyboscan-180130/1.7/Images/ACR-065/acr_065.PNG","180202/cyboscan-180130/1.7/Images/ACR-065/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-163/one_one_IO.PNG","180202/cyboscan-180130/1.7/Images/ACR-163/one_to_one_LP.PNG","180202/cyboscan-180130/1.7/Images/ACR-099/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-099/landing_page.PNG","180202/cyboscan-180130/1.7/Images/ACR-099/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-167/refund.PNG","180202/cyboscan-180130/1.7/Images/ACR-046/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-046/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-046/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-047/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-047/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-047/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-107/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-107/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-107/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-107/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-003/acr_003.PNG","180202/cyboscan-180130/1.7/Images/ACR-003/acr_003_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-005/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-007/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-009/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-010/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/install.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/install_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/software.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/uninstall.PNG","180202/cyboscan-180130/1.7/Images/ACR-017/uninstall_1.PNG","180202/cyboscan-180130/1.7/Images/ACR-168/one_one_IO.PNG","180202/cyboscan-180130/1.7/Images/ACR-168/one_to_one_LP.PNG","180202/cyboscan-180130/1.7/Images/ACR-057/internal_offer.PNG","180202/cyboscan-180130/1.7/Images/ACR-071/internal_offer.PNG"],"guid":"7c975ad5-6276-4bdc-b1af-f29d652a71d3_1.7_1","appID":"cyboscan-180130","dateAdded":"180202","deceptorType":"App","name":"cyboscan","company":"   Dsouza Technology Solutions Pvt Ltd","version":"1.7","sigName":"Deceptor:Win32/CyboScan!003168","lastKnownStatus":"Deceptor:1.7","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2600},{"violations":{"ACR-003":"The application exaggerates registry key issues as errors, thereby misleading or scaring user to take action.\n\nThe upsell/interal offer page exaggerates registry key issues as errors, thereby misleading or scaring user to take action.\n\n","ACR-017":"One time reminder popup represents a company parnertship as if it's an app partnership\ninternal offer/upsell page represents company ms/intel/amazon partnerships as if they are app partnerships\n"},"nonDeceptorViolations":{"ACR-065":"Install has no links that show the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nSoftware has no links that show the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":" ZookaWare.exe","isInstaller":"True","companyName":"  Zookaware, LLC.","productName":" ZookaWare","productVersion":" 5.0.1","fileVersion":" 5.0.1","hashMD5":"a4e800c4d7ea753c48386df1f7b36fae","hashSHA1":"554e1683360ae069e5e498ce1dd867233443b7ef","hashSHA256":"f09359fc5c9ee33f4bd5db49b200d8d18774308cfd5a6940bb7f0936c8e66f11","digitalCertThumbprint":" 05AB98A7DD9556B8150069925A6DDF9047BA2874","digitalCertIssuer":" Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"  Zookaware, LLC.","sourceIndex":"3694","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":" ZookaWare.exe","companyName":"  Zookaware, LLC.","productName":" ZookaWare","productVersion":"5.0.0.57","fileVersion":"5.0.0.57","hashMD5":"0c994923d93fe73aa6188581221bc16b","hashSHA1":"4f601c883f6467a687bc12b064965e7a5cd9925b","hashSHA256":"70d1650e84e100b287b710bffa609133fb23123dffbf5c1f11f80b42398bc77a","digitalCertThumbprint":"05AB98A7DD9556B8150069925A6DDF9047BA2874","digitalCertIssuer":" Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"  Zookaware, LLC.","sourceIndex":"3694","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"mysearch.com \"registry error\" led to ad from www.windowstechies.com/Registry","landingPage":"https://zookaware.com/?p=speedzooka","directDownloadingLink":"https://zookaware.com/download/zookawaresetup.exe","ipv4":"","ipv6":"","sourceIndex":"3694"}],"sampleFiles":["180202/ZookawarePCCleaner-180129/5.0.1/Samples/zookawaresetup.exe","180202/ZookawarePCCleaner-180129/5.0.1/Samples/ZookaWare.exe"],"imageFiles":["180202/ZookawarePCCleaner-180129/5.0.1/Images/ACR-003/acr_003.PNG","180202/ZookawarePCCleaner-180129/5.0.1/Images/ACR-003/ACR-003 registry error.png","180202/ZookawarePCCleaner-180129/5.0.1/Images/ACR-003/ACR-003 registry errors.png","180202/ZookawarePCCleaner-180129/5.0.1/Images/ACR-017/ACR-017 ms logo not tied to company.png","180202/ZookawarePCCleaner-180129/5.0.1/Images/ACR-017/ACR-017 logos not tied to company.png"],"nonDeceptorImageFiles":["180202/ZookawarePCCleaner-180129/5.0.1/Images/ACR-065/install.PNG","180202/ZookawarePCCleaner-180129/5.0.1/Images/ACR-065/acr_065_S.PNG","180202/ZookawarePCCleaner-180129/5.0.1/Images/ACR-099/acr_099.PNG"],"guid":"99aeaaf2-e16a-474a-96c3-687c1a97a46f_5.0.1_1","appID":"ZookawarePCCleaner-180129","dateAdded":"180202","deceptorType":"App","name":" ZookaWare","company":"Zookaware, LLC","version":"5.0.1","sigName":"Deceptor:Win32/Zookaware!003017","firstVendorContactDate":"180207","firstAppEsteemReplyDate":"180207","firstResolvedDate":"180209","firstResolvedVersion":"5.1.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:5.0.1,NonCertified:5.0.0.65,5.1.0.0","lastKnownDate":"180201","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows Vista,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T02:58:00.3239546+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2595},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no valid links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n","ACR-150":"The app's internal offer page displays Microsoft Certified Partner logo that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"FixCleanRepairinstaller.exe","isInstaller":"True","companyName":"Applon Inc","productName":"FixCleanRepair","productVersion":"1.0.0.0","fileVersion":"1, 0, 0, 0","hashMD5":"245ee0ced4e0a4b284eb83f3396ffbcc","hashSHA1":"affd40efed83dd8efa33167798dc7780dfb09df2","hashSHA256":"19305efd122b1bc9ce332d019c610a41a7653320fe9c755c7e595bf2ea92d7b3","digitalCertThumbprint":"AEE3117F0AACBD4AFD5D52BAD19D06DFEACB781F","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Applon inc","sourceIndex":"3294","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)"]},{"isRevoked":"False","fileName":"FixCleanRepair.exe","companyName":"Howard Media","productName":"FixCleanRepair","productVersion":"2.0.0.0","fileVersion":"2.0.0.0","hashMD5":"792ffc85fcb76a5d973d051baf2b245b","hashSHA1":"dfd9b07c69defd39af5a74c1250698352e63ecb9","hashSHA256":"c8e2f80421184288a45d6de71ee941fe58540494fb4bb1bd1ecf1e335008205b","digitalCertThumbprint":"AEE3117F0AACBD4AFD5D52BAD19D06DFEACB781F","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Applon inc","sourceIndex":"3294","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (repair my pc)","landingPage":"http://www.fixcleanrepair.com/","directDownloadingLink":"http://www.fixcleanrepair.com/downloadf/go","ipv4":"","ipv6":"","sourceIndex":"3294"}],"sampleFiles":["180202/FixCleanRepair-180201/1.0.0.0/Samples/FixCleanRepairinstaller.exe","180202/FixCleanRepair-180201/1.0.0.0/Samples/FixCleanRepair.exe"],"imageFiles":["180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-003/ACR-003_software.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-003/ACR-003_software1.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-017/ACR-017_internaloffer.JPG"],"nonDeceptorImageFiles":["180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-065/ACR-065_install.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-065/ACR-065_software.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-065/ACR-065_internaloffer1.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-065/ACR-065_internaloffer2.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-161/ACR-161_landingpage.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-099/ACR-099_software.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-099/ACR-099_landingpage.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-099/ACR-099_internaloffer.JPG","180202/FixCleanRepair-180201/1.0.0.0/Images/ACR-150/ACR-150_internaloffer.JPG"],"guid":"8c6a5089-5bca-461e-9aed-80dd4a36e464_1.0.0.0_1","appID":"FixCleanRepair-180201","dateAdded":"180202","deceptorType":"App","name":"Fix Clean Repair","company":"Applon Inc","version":"1.0.0.0","sigName":"Deceptor:Win32/FixCleanRepair!003017","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:52:29.4629989+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2599},{"violations":{"ACR-003":"The application exaggerates registry keys and file associations as problem, thereby misleading or scaring user to take action.\n\n\n","ACR-017":"The internal offer page elevates its user trust level by displaying endorsement such as Intel software but after clicking the endorsement the hyperlink leads to a error page so there is no way to verify the endorsement. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-171":"The consumer is required to opt-out of additional payment.\n\n","ACR-017":"The docs page elevates its user trust level by displaying endorsement such as Intel software but after clicking the endorsement the hyperlink leads to a error page so there is no way to verify the endorsement. \nThe landing page elevates its user trust level by displaying endorsement such as Intel software but after clicking the endorsement the hyperlink leads to a error page so there is no way to verify the endorsement. \n\n"},"samples":[{"isRevoked":"False","fileName":"SmartPCFixer.exe","companyName":"LionSea Software co., ltd","productName":"smartpcfixer.exe","productVersion":"4.2.0.0","fileVersion":"4.2.0.0","hashMD5":"b3b7e9b7e26fffb67b9b0ecdf8ed08bd","hashSHA1":"10d2037fee10ca0f5c37fbba3ae29290920b2df2","hashSHA256":"bf9df54b3178c4da7f51c2b47fc355fdf2643195a7f46d9977e9e339ceb77bb2","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3606","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Smart Bad Pool Header Fixer Pro Setup","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"Smart Bad Pool Header Fixer Pro","productVersion":"4.5.4","fileVersion":"4.5.4","hashMD5":"8c787ca0e2eecf2cda1adf92b66f9a96","hashSHA1":"8b00e55583aa9ff520e4d29df569f005beffd40e","hashSHA256":"602cff7f04dc977b9b06cd1ebe4c2c6df5838a1b8c54dd04fc0740ceedbafa6f","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3606","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.lionsea.com/product_badpoolheaderfixerpro.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Bad_Pool_Header_Fixer_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3606"}],"sampleFiles":["180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Samples/Smart_Bad_Pool_Header_Fixer_Pro.exe","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Samples/Smart_Bad_Pool_Header_Fixer_Pro_Setup.exe"],"imageFiles":["180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-003/acr_003.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-017/acr_017_IO.PNG"],"nonDeceptorImageFiles":["180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-065/install.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-065/software.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-017/acr_017_DC.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-017/acr_017_dc_.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-017/acr_017_LP.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-099/acr_099_S.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-099/acr_099_LP.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-099/acr_099_IO.PNG","180202/SmartBadPoolHeaderFixerUtility-180131/4.5.4/Images/ACR-171/ACR_171.PNG"],"guid":"5f5864fb-f0a2-498d-b3cc-610d66dbc882_4.5.4_1","appID":"SmartBadPoolHeaderFixerUtility-180131","dateAdded":"180202","deceptorType":"App","name":"Bad Pool Header Fixer Utility","company":"LionSea Software","version":"4.5.4","sigName":"Deceptor:Win32/BadPoolHeaderFixer!003017","lastKnownStatus":"Deceptor:4.5.4","lastKnownDate":"180131","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T03:04:49.9016613+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2515},{"violations":{"ACR-003":"The application exaggerates file extensions and empty registry keys as errors and problems, thereby misleading or scaring user to take action.\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays awards that are unable to be verified. The app displays 5 star best buy awards and software of the the year 2016 that are unable to be verified.\nThe app displays a Microsoft Certified Partner logo that is unable to be verified.\n","ACR-171":"The consumer is required to opt-out of additions payment.\nThe consumer is required to opt-out of additions payment.\n","ACR-003":"The application exaggerates file extensions and empty registry keys as errors and problems, thereby misleading or scaring user to take action.\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsements. The app displays 5 star best buy awards and software of the year 2016 that are unable to be verified as they are not clickable.\n"},"samples":[{"isRevoked":"False","fileName":"AdvancedFileFixer_Setup.exe","isInstaller":"True","companyName":"advancedfilefixer.com","productName":"Advanced File Fixer","productVersion":"2.8","fileVersion":"n/a","hashMD5":"5f0e213e40c1d134f9eae85de7b28e4b","hashSHA1":"4d2cae4bf33552207840aadf4fa23e42640250af","hashSHA256":"b48b89b51da220e4470d7f0d712fbff0dca22dc191fa58190b233da7d525b107","digitalCertThumbprint":"F20E3F2F4D98A17D00601E28B510B5E2382DDECA","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Ideakee Inc","sourceIndex":"3695","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdvancedFileFixer.exe","companyName":"advancedfilefixer.com","productName":"Advanced File Fixer","productVersion":"1.0.0.0","fileVersion":"3.0.0.1080","hashMD5":"5d384d8f1e17e5d2a66fe51c516d6f12","hashSHA1":"7bdd2ee8c252156f84652d1b1e50e58f1a7ec89b","hashSHA256":"80f540a244020632485931617547784fdc31263ef037ea001e057931e38a97b8","digitalCertThumbprint":"F20E3F2F4D98A17D00601E28B510B5E2382DDECA","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Ideakee Inc","sourceIndex":"3695","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Google search \"Windows file fixer\" page 4 of the list of results.","landingPage":"http://advancedfilefixer.com/","directDownloadingLink":"http://advancedfilefixer.com/AdvancedFileFixer_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3695"}],"sampleFiles":["180202/AdvancedFileFixer-180131/2.8/Samples/AdvancedFileFixer_Setup.exe","180202/AdvancedFileFixer-180131/2.8/Samples/AdvancedFileFixer.exe"],"imageFiles":["180202/AdvancedFileFixer-180131/2.8/Images/ACR-042/ACR-042_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-043/ACR-043_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-046/ACR-046_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-046/ACR-046_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-047/ACR-047_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-047/ACR-047_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-107/ACR-107_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-107/ACR-107_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-107/ACR-107_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-048/ACR-048_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-048/ACR-048_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-003/ACR-003_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-003/ACR-003_software1.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-005/ACR-005_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-005/ACR-005_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-005/ACR-005_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-005/ACR-005_uninstall.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-007/ACR-007_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-007/ACR-007_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-007/ACR-007_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-007/ACR-007_uninstall.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-009/ACR-009_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-009/ACR-009_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-009/ACR-009_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-009/ACR-009_uninstall.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-010/ACR-010_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-010/ACR-010_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-010/ACR-010_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-010/ACR-010_uninstall.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-017/ACR-017_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-017/ACR-017_landingpage.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-084/ACR-084_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-086/ACR-086_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-116/ACR-116_uninstall.JPG"],"nonDeceptorImageFiles":["180202/AdvancedFileFixer-180131/2.8/Images/ACR-065/ACR-065_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-065/ACR-065_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-161/ACR-161_landingpage.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-099/ACR-099_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-099/ACR-099_landingpage.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-099/ACR-099_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-150/ACR-150_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-150/ACR-150_landingpage.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-171/ACR-171_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-171/ACR-171_landingpage.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-046/ACR-046_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-046/ACR-046_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-047/ACR-047_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-047/ACR-047_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-107/ACR-107_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-107/ACR-107_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-107/ACR-107_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-003/ACR-003_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-003/ACR-003_software1.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-005/ACR-005_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-005/ACR-005_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-005/ACR-005_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-005/ACR-005_uninstall.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-007/ACR-007_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-007/ACR-007_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-007/ACR-007_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-007/ACR-007_uninstall.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-009/ACR-009_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-009/ACR-009_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-009/ACR-009_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-009/ACR-009_uninstall.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-010/ACR-010_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-010/ACR-010_install.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-010/ACR-010_software.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-010/ACR-010_uninstall.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-017/ACR-017_internaloffer.JPG","180202/AdvancedFileFixer-180131/2.8/Images/ACR-017/ACR-017_landingpage.JPG"],"guid":"c7fd7f86-c526-4249-9a01-bc76d57098d5_2.8_1","appID":"AdvancedFileFixer-180131","dateAdded":"180202","deceptorType":"App","name":"Advanced File Fixer","company":"advancedfilefixer.com","version":"2.8","sigName":"Deceptor:Win32/AdvancedFileFixer!003017","lastKnownStatus":"Deceptor:2.8","lastKnownDate":"201202","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-12-02T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2602},{"violations":{"ACR-084":"The application runs silently in the background, hiding the fact that it is active from the user.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which allows the user to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get 'FixIt for 50% off the regular price.\n","ACR-171":"The application's internal offer webpage has an additional offer option pre-selected.\n"},"samples":[{"isRevoked":"False","fileName":"FixIt.exe","isInstaller":"True","companyName":"FixIt","productName":"Fix It","productVersion":"4.4.0.3","fileVersion":"4.4.0.3","hashMD5":"24ae4469927eadffa14fc0fabe017bd6","hashSHA1":"13ef0933da88bcef83da4d733e985d8b55d2eaae","hashSHA256":"30e27037dc430145bd8827f3962f46967b4690195b399ff91900cbdfd2078380","digitalCertThumbprint":"68577D3B977CCD36B9C1AC66215DA268445F888B","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"CLEVER SYSTEMS SP. ZO.O.","sourceIndex":"3293","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":[]},{"isRevoked":"False","fileName":"c:\\program files (x86)\\fixit\\FixIt.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"ebde389e04c37eae32b298c5017dbedb","hashSHA1":"c94a20c63c3df8982f33e6063815cb935c37096d","hashSHA256":"3f4f27474644d0e7e98e4dfd4999b8f2c0507c937f8f32aa70eeb936d1e01c5b","sourceIndex":"3293","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Adplexity: \"scan\"","landingPage":"https://www.fix-it-soft.com/windows-lp-1001","directDownloadingLink":"http://dl.fixit-softhost.com/371000501/lpid%3Alp-1001/brid%3A1/dlid%3Af8a33425-fefe-4834-8054-9f1a6576a333/visitId%3A12872441-8996-4943-9bcd-e6602ee7e87a/Fixit.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://dl.fixit-softhost.com/371000501/lpid%3Alp-1001/brid%3A1/dlid%3Af8a33425-fefe-4834-8054-9f1a6576a333/visitId%3A12872441-8996-4943-9bcd-e6602ee7e87a/Fixit.exe","sourceIndex":"3293"}],"sampleFiles":["180202/Fixit-180129/4.4.0.3/Samples/FixIt.exe","180202/Fixit-180129/4.4.0.3/Samples/Fix-It_installed_version.exe"],"imageFiles":["180202/Fixit-180129/4.4.0.3/Images/ACR-084/ACR_084_SOFTWARE.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-016/ACR_016_ADS_INSIDE_APP.PNG"],"nonDeceptorImageFiles":["180202/Fixit-180129/4.4.0.3/Images/ACR-088/ACR_088_SOFTWARE.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-065/ACR_065_INSTALL.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-065/ACR_065_SOFTWARE.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-120/ACR_120_UNINSTALL.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-099/ACR_099_SOFTWARE.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180202/Fixit-180129/4.4.0.3/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG"],"guid":"3e240c0a-ed24-4f0a-8034-4fd82fca8518_4.4.0.3_1","appID":"Fixit-180129","dateAdded":"180202","deceptorType":"App","name":"FixIt PC Cleaner","company":"CLEVER SYSTEMS SP. ZO.O.","version":"4.4.0.3","sigName":"Deceptor:Win32/FixitPCCleaner!016084","lastKnownStatus":"Deceptor:4.4.0.3","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-24T00:53:21.9487002+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2598},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, or Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-092":"The app does not have a digital signature.(Unsigned)\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-035":"There is no EULA and/or Terms of Service, or Privacy Policy provided for the app.\n","ACR-036":"There is no EULA and/or Terms of Service, or Privacy Policy provided for the app.\n","ACR-037":"No privacy policy is provided for the app.\n","ACR-167":"The application has a no refund policy\n\n","ACR-003":"The application exaggerates empty and invalid registry keys problems, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"PremiumBoosterInstall.exe","isInstaller":"True","companyName":"Elcor Software","productName":"Premium Booster","productVersion":"3.8.0.9900","fileVersion":"3.8.0.9900","hashMD5":"ec02aea1513a1747db264038cc7a323a","hashSHA1":"eeaa274de2b4104de4717267f557d5ebb193516a","hashSHA256":"fbf9a322ab404ca1f56274cbda7b57d7ab14162eece6a0a93c4459451639db3f","digitalCertThumbprint":"Unsigned","digitalCertIssuer":"Unsigned","digitalCertIssuedTo":"Unsigned","sourceIndex":"3706","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PremiumBooster.exe","companyName":"Elcor Software","productName":"Premium Booster","productVersion":"3.8.0.9900","fileVersion":"3.8.0.9900","hashMD5":"32fc2b7f30b3a29bf36bc9e2eb25beb8","hashSHA1":"6ece28131592cbadde54afa15a33dcb84fa8a20c","hashSHA256":"71b9602c651a35cdbc9f810b301ed5cf2a304b584c29885d5ed7ca091efed17a","digitalCertThumbprint":"Unsigned","digitalCertIssuer":"Unsigned","digitalCertIssuedTo":"Unsigned","sourceIndex":"3706","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (pc optimizer)","landingPage":"http://www.premiumbooster.com/","directDownloadingLink":"http://www.premiumbooster.com/download/PremiumBoosterInstall.exe","ipv4":"","ipv6":"","sourceIndex":"3706"}],"sampleFiles":["180202/PremiumBooster-180130/3.8.0.9900/Samples/PremiumBoosterInstall.exe","180202/PremiumBooster-180130/3.8.0.9900/Samples/PremiumBooster.exe"],"imageFiles":["180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-042/ACR-042_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-043/ACR-043_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-046/ACR-046_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-046/ACR-046_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-047/ACR-047_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-047/ACR-047_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-107/ACR-107_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-107/ACR-107_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-107/ACR-107_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-048/ACR-048_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-048/ACR-048_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-003/ACR-003_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-003/ACR-003_software2.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-003/ACR_003_software1.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-005/ACR-005_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-005/ACR-005_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-005/ACR-005_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-005/ACR-005_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-007/ACR-007_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-007/ACR-007_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-007/ACR-007_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-007/ACR-007_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-009/ACR-009_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-009/ACR-009_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-009/ACR-009_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-009/ACR-009_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-010/ACR-010_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-010/ACR-010_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-010/ACR-010_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-010/ACR-010_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-017/ACR-017_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-017/ACR-017_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-017/ACR-017_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-017/ACR-017_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-084/ACR-084_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-086/ACR-086_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-089/ACR-089_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-103/ACR-103_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-116/ACR-116_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-117/ACR-117_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-118/ACR-118_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-119/ACR-119_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-122/ACR-122_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-057/ACR-057_internaloffer.JPG"],"nonDeceptorImageFiles":["180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-065/ACR-065_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-065/ACR-065_landingpage.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-065/ACR-065_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-065/ACR-065_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-161/ACR-161_landingpage.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-092/ACR-092_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-099/ACR-099_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-099/ACR-099_landingpage.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-099/ACR-099_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-167/ACR-167_docs.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-046/ACR-046_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-046/ACR-046_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-047/ACR-047_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-047/ACR-047_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-107/ACR-107_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-107/ACR-107_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-107/ACR-107_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-003/ACR-003_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-003/ACR-003_software2.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-003/ACR_003_software1.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-005/ACR-005_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-005/ACR-005_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-005/ACR-005_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-005/ACR-005_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-007/ACR-007_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-007/ACR-007_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-007/ACR-007_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-007/ACR-007_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-009/ACR-009_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-009/ACR-009_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-009/ACR-009_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-009/ACR-009_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-010/ACR-010_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-010/ACR-010_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-010/ACR-010_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-010/ACR-010_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-017/ACR-017_internaloffer.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-017/ACR-017_install.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-017/ACR-017_software.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-017/ACR-017_uninstall.JPG","180202/PremiumBooster-180130/3.8.0.9900/Images/ACR-057/ACR-057_internaloffer.JPG"],"guid":"9159542a-1343-4292-97d7-bfd3cf12572b_3.8.0.9900_1","appID":"PremiumBooster-180130","dateAdded":"180202","deceptorType":"App","name":"Premium Booster","company":"Elcor Software","version":"3.8.0.9900","sigName":"Deceptor:Win32/ElcorPremiumBooster!003","lastKnownStatus":"Deceptor:3.8.0.9900","lastKnownDate":"180130","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:39:27.3337352+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2597},{"violations":{"ACR-003":"The application exaggerates Registry files as errors and problems, thereby misleading or scaring user to take action. The 15 days free trial is expired immediately after first time installation. It is not working as it claims.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\nThe application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-092":"The application has no signed certificate information it is unsigned.\n","ACR-157":"The application has no signed certificate information it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-037":"The application has no privacy policy.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n","ACR-003":"The application exaggerates Registry files as errors and problems, thereby misleading or scaring user to take action. The 15 days free trial is expired immediately after first time installation. It is not working as it claims.\n"},"samples":[{"isRevoked":"False","fileName":"registrycleaner.exe","isInstaller":"True","companyName":"AthTek Software","productName":"AthTek RegistryCleaner","hashMD5":"42709d7b323169494c1f23e6a0fda82a","hashSHA1":"d1aad745b37b08db4c2534f4b3421b64daa87b02","hashSHA256":"0d5715128d88916be6db0e7c12b3405fb4a6b4b13fe7341c33f519f124631bae","sourceIndex":"3787","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"c:\\program files\\athtek\\registrycleaner\\ARC64.exe","companyName":"AthTek Software","productName":"AthTek RegistryCleaner","productVersion":"2, 0, 0, 100","fileVersion":"2, 0, 0, 100","hashMD5":"a544c3b6196fd96cf6205c3818293547","hashSHA1":"9f24a3c21a04648030d11f9417ea4a3ea52c5b79","hashSHA256":"438aff2e85a352621a58e1593a7a332a1c013431db78a417e18dabb4fd415b5c","sourceIndex":"3787","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com (Speed up my computer)","landingPage":"http://www.athtek.com/registrycleaner.html#.WnOA04jwbCd","directDownloadingLink":"http://www.athtek.com/download/registrycleaner.exe","ipv4":"","ipv6":"","sourceIndex":"3787"}],"sampleFiles":["180202/AthTekRegistryCleaner-180201/2.0/Samples/registrycleaner.exe","180202/AthTekRegistryCleaner-180201/2.0/Samples/ARC64.exe"],"imageFiles":["180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-042/INSTALL.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_3.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-046/INSTALL.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-048/INSTALL.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-048/SOFTWARE.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-116/UNINSTALL_SCREENSHOT_1.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-116/UNINSTALL_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-065/ACR_065_LANDING_PAGE.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-065/ACR_065_INSTALL.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-092/ACR_092_SOFTWARE.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-157/ACR_157_SOFTWARE.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-167/ACR_167_DOCS.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_1.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_2.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-046/INTERNAL_OFFERS_SCREENSHOT_3.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-046/INSTALL.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180202/AthTekRegistryCleaner-180201/2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG"],"guid":"7e8b05ab-3823-42c9-b1fa-ec6be67bb891_2.0_1","appID":"AthTekRegistryCleaner-180201","dateAdded":"180202","deceptorType":"App","name":"AthTek RegistryCleaner","company":"AthTek Software","version":"2.0","sigName":"Deceptor:Win32/AthTekRegistryCleaner!003","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"180201","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:19:27.3302827+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2601},{"violations":{"ACR-043":"Multiple third party components are installed which are not disclosed to the user in the EULA and offer or landing page\n","ACR-003":"The application exaggerates empty and invalid registry keys and windows startup items as errors , thereby misleading or scaring user to take action.\n\nUpon trying to uninstall the app the user is prompted that there are invalid items that were detected and that these \"errors\" will not be repaired.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying unverifiable or expired endorsements.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The scan scheduler for the app is not active, however the app has created tasks in windows task scheduler.\n","ACR-057":"The application fails to provide the user with clear and simple options to decline (Free winsweeper) associated offer during the payment process.\n","ACR-071":"The user is unable to decline the offer for winsweeper independently. The app is added as a free bonus for the user and is unable to be declined in the shopping cart.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer page displays a testimonial but does not provide any link back to a source so it can be verified.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landingpage has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-167":"The application's docs have no mention of a 30 days refund policy.\n","ACR-150":"The app displays multiple five star awards that are unable to be verified\n","ACR-003":"The application exaggerates empty and invalid registry keys and windows startup items as errors , thereby misleading or scaring user to take action.\n\nUpon trying to uninstall the app the user is prompted that there are invalid items that were detected and that these \"errors\" will not be repaired.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying unverifiable or expired endorsements.\n","ACR-057":"The application fails to provide the user with clear and simple options to decline (Free winsweeper) associated offer during the payment process.\n","ACR-071":"The user is unable to decline the offer for winsweeper independently. The app is added as a free bonus for the user and is unable to be declined in the shopping cart.\n"},"samples":[{"isRevoked":"False","fileName":"WinMaximizer_Setup_2015.exe","companyName":"Accelersoft","productName":"WinMaximizer","productVersion":"1.6.35.0","fileVersion":"1.6.35.0","hashMD5":"d8fea3884a1f51f02a1d4d15eba3068d","hashSHA1":"b035386e1adef130cf4cf8938fb9074c3b164148","hashSHA256":"14b53ec20c07d9337ec6328573482a451b0b1cc63611cf8dcf6af09ac1833208","digitalCertThumbprint":"0DB79D9F5DD9D84594E4CBF08099A4BCF2F682C0","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Accelersoft","sourceIndex":"3808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinMaximizer64.exe","companyName":"Accelersoft","productName":"WinMaximizer","productVersion":"2.3.125.39","fileVersion":"2.3.125.39","hashMD5":"817cf17d9886cdb2eaaa428b768bb7c6","hashSHA1":"c15cc7ead8cde6f8599b106281944273de31e683","hashSHA256":"1460554a7f442b07b89c0c38e7bb8c820bc648d064ab6191a2dad45a0f639fe3","digitalCertThumbprint":"DB79D9F5DD9D84594E4CBF08099A4BCF2F682C0","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Accelersoft","sourceIndex":"3808","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"en.freedownloadmanager.org (pc optimizer)","landingPage":"http://www.winmaximizer.com/index.html","directDownloadingLink":"https://s3.amazonaws.com/aw1/downloads/winmaximizer/WinMaximizer_Setup_2015.exe","ipv4":"","ipv6":"","sourceIndex":"3808"}],"sampleFiles":["180202/WinMaximizer-180129/1.6.35.0/Samples/WinMaximizer_Setup_2015.exe","180202/WinMaximizer-180129/1.6.35.0/Samples/WinMaximizer64.exe"],"imageFiles":["180202/WinMaximizer-180129/1.6.35.0/Images/ACR-042/ACR-042_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-043/ACR-043_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-043/ACR-043_install1.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-043/ACR-043_install2.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-046/ACR-046_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-046/ACR-046_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-047/ACR-047_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-047/ACR-047_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-107/ACR-107_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-107/ACR-107_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-107/ACR-107_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-048/ACR-048_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-048/ACR-048_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-003/ACR-003_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-003/ACR-003_software1.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-003/ACR-003_software2.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-003/ACR-003_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-005/ACR-005_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-005/ACR-005_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-005/ACR-005_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-005/ACR-005_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-007/ACR-007_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-007/ACR-007_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-007/ACR-007_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-007/ACR-007_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-009/ACR-009_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-009/ACR-009_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-009/ACR-009_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-009/ACR-009_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-010/ACR-010_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-010/ACR-010_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-010/ACR-010_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-010/ACR-010_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-017/ACR-017_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-017/ACR-017_internaloffer1.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-084/ACR-084_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-086/ACR-086_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-089/ACR-089_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-097/ACR-097_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-103/ACR-103_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-116/ACR-116_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-117/ACR-117_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-118/ACR-118_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-119/ACR-119_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-057/ACR-057_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-057/ACR-057_internaloffer2.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-057/ACR-057_landingpage.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-057/ACR-057_landingpage1.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-071/ACR-071_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-071/ACR-071_internaloffer2.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-071/ACR-071_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-071/ACR-071_landingpage.JPG"],"nonDeceptorImageFiles":["180202/WinMaximizer-180129/1.6.35.0/Images/ACR-065/ACR-065_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-065/ACR-065_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-065/ACR-065_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-161/ACR-161_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-099/ACR-099_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-099/ACR-099_landingpage.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-099/ACR-099_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-150/ACR-150_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-150/ACR-150_internaloffer1.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-046/ACR-046_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-046/ACR-046_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-047/ACR-047_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-047/ACR-047_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-107/ACR-107_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-107/ACR-107_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-107/ACR-107_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-003/ACR-003_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-003/ACR-003_software1.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-003/ACR-003_software2.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-003/ACR-003_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-005/ACR-005_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-005/ACR-005_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-005/ACR-005_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-005/ACR-005_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-007/ACR-007_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-007/ACR-007_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-007/ACR-007_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-007/ACR-007_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-009/ACR-009_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-009/ACR-009_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-009/ACR-009_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-009/ACR-009_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-010/ACR-010_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-010/ACR-010_install.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-010/ACR-010_software.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-010/ACR-010_uninstall.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-017/ACR-017_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-017/ACR-017_internaloffer1.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-057/ACR-057_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-057/ACR-057_internaloffer2.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-057/ACR-057_landingpage.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-057/ACR-057_landingpage1.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-071/ACR-071_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-071/ACR-071_internaloffer2.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-071/ACR-071_internaloffer.JPG","180202/WinMaximizer-180129/1.6.35.0/Images/ACR-071/ACR-071_landingpage.JPG"],"guid":"6169ce52-d72e-4f51-9604-88fd2042c5da_1.6.35.0_1","appID":"WinMaximizer-180129","dateAdded":"180202","deceptorType":"App","name":"WinMaximizer","company":"Accelersoft","version":"1.6.35.0","sigName":"Deceptor:Win32/WinMaximizer!003017043057071084","lastKnownStatus":"Deceptor:1.6.35.0","lastKnownDate":"201124","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-24T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2596},{"violations":{"ACR-010":"The app offers a Deceptor application (Orange Antivirus) to the user.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable these tasks using the software's interface.\n","ACR-059":"The app was not clearly marked as an optional or additional offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landingpage that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the inline offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links that shows the app's Privacy Policy.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's inline offer has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-171":"The consumer is required to opt-out of recurring payment.\n","ACR-010":"The app offers a Deceptor application (Orange Antivirus) to the user.\n","ACR-059":"The app was not clearly marked as an optional or additional offer.\n"},"samples":[{"isRevoked":"False","fileName":"drivermax.installer.exe","isInstaller":"True","companyName":"Innovative Solutions Grup SRL","productName":"DriverMax","productVersion":"9.41.0.273","fileVersion":"9.41.0.273","hashMD5":"cc044c17921e379e2d63a7f7bebe203b","hashSHA1":"c9b987d91519b4a20d0659d70ebc9b6581068f1d","hashSHA256":"0cd497165e1d4bb749927677b70e8f3277f0823f455def496a13d9db12c4cc58","digitalCertThumbprint":"B22EAC044566F5B3DC42412639D863C0D8BC5799","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Innovative Solutions Grup SRL","sourceIndex":"3719","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"drivermax.exe","companyName":"Innovative Solutions Grup SRL","productName":"DriverMax","productVersion":"9.41","fileVersion":"9.41.0.273","hashMD5":"f5e167f1663759cbaa84a8f2da0d0fd4","hashSHA1":"e8502598007c30e5b6ca551cfa4279678b8f790a","hashSHA256":"7070538c61ddee3020c5da4765191a1a2ed71e803adc19085fba2de137a71cef","digitalCertThumbprint":"B22EAC044566F5B3DC42412639D863C0D8BC5799","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"Innovative Solutions Grup SRL","sourceIndex":"3719","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"http://www.innovative-sol.com/drivermax/","directDownloadingLink":"http://www.drivermax.com/soft/dmx/drivermax.exe","ipv4":"","ipv6":"","sourceIndex":"3719"}],"sampleFiles":["180129/DriverMax-180128/9.41/Samples/drivermax.installer.exe","180129/DriverMax-180128/9.41/Samples/drivermax.exe"],"imageFiles":["180129/DriverMax-180128/9.41/Images/ACR-042/ACR-042_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-043/ACR-042_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-043/ACR-042_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-046/ACR-046_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-046/ACR-046_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-047/ACR-047_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-047/ACR-047_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-107/ACR-107_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-107/ACR-107_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-107/ACR-107_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-048/ACR-048_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-048/ACR-048_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-003/ACR-003_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-003/ACR-003_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-003/ACR-003_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-003/ACR-003_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-005/ACR-005_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-005/ACR-005_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-005/ACR-005_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-005/ACR-005_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-007/ACR-007_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-007/ACR-007_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-007/ACR-007_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-007/ACR-007_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-009/ACR-009_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-009/ACR-009_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-009/ACR-009_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-009/ACR-009_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-010/ACR-059_inlineoffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-017/ACR-017_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-017/ACR-017_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-017/ACR-017_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-017/ACR-017_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-084/ACR-084_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-084/ACR-084_software1.JPG","180129/DriverMax-180128/9.41/Images/ACR-086/ACR-086_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-089/ACR-089_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-103/ACR-103_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-104/ACR-104_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-116/ACR-116_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-117/ACR-117_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-118/ACR-118_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-119/ACR-119_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-122/ACR-122_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-057/ACR-057_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-071/ACR-071_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-059/ACR-059_inlineoffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-010/ACR-059_inlineoffer.JPG"],"nonDeceptorImageFiles":["180129/DriverMax-180128/9.41/Images/ACR-065/ACR-065_internaloffer1.JPG","180129/DriverMax-180128/9.41/Images/ACR-065/ACR-065_inlineoffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-065/ACR-065_landingpage.JPG","180129/DriverMax-180128/9.41/Images/ACR-065/ACR-065_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-065/ACR-065_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-099/ACR-099_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-099/ACR-099_inlineoffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-099/ACR-099_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-171/ACR-171_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-046/ACR-046_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-046/ACR-046_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-047/ACR-047_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-047/ACR-047_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-107/ACR-107_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-107/ACR-107_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-107/ACR-107_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-003/ACR-003_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-003/ACR-003_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-003/ACR-003_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-003/ACR-003_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-005/ACR-005_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-005/ACR-005_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-005/ACR-005_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-005/ACR-005_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-007/ACR-007_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-007/ACR-007_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-007/ACR-007_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-007/ACR-007_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-009/ACR-009_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-009/ACR-009_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-009/ACR-009_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-009/ACR-009_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-010/ACR-059_inlineoffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-017/ACR-017_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-017/ACR-017_install.JPG","180129/DriverMax-180128/9.41/Images/ACR-017/ACR-017_software.JPG","180129/DriverMax-180128/9.41/Images/ACR-017/ACR-017_uninstall.JPG","180129/DriverMax-180128/9.41/Images/ACR-057/ACR-057_internaloffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-059/ACR-059_inlineoffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-010/ACR-059_inlineoffer.JPG","180129/DriverMax-180128/9.41/Images/ACR-071/ACR-071_internaloffer.JPG"],"guid":"4af41a02-dc5f-4345-82d3-1615e6889fa3_9.41_1","appID":"DriverMax-180128","dateAdded":"180129","deceptorType":"App","name":"DriverMax","company":"Innovative Solutions Group SRL","version":"9.41","sigName":"Deceptor:Win32/DriverMax!010084","firstVendorContactDate":"180211","firstAppEsteemReplyDate":"180213","firstResolvedDate":"180213","firstResolvedVersion":"9.42.0.278","resolved":"TRUE","lastKnownStatus":"Deceptor:9.41;NonCertified:9.42.0.278","lastKnownDate":"180129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:34:00.017454+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2603},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys, junk files and system settings as errors, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from running on startup from the software interface as no options are provided.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"After uninstalling the application a webpage opens with an offer for the user to get the app at 50% discount.\n","ACR-167":"The application's docs have no mention of a 30 days refund policy.\n","ACR-003":"The application exaggerates empty and invalid registry keys, junk files and system settings as errors, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"Sweeptools pc cleaner.exe","isInstaller":"True","companyName":"Secure Download","productName":"SweepTools PC Cleaner","productVersion":"1.14","fileVersion":"na","hashMD5":"8299d11093c0b877ac85d442b0cd758e","hashSHA1":"15090a7eea7d55b3600968b5b1ae68ac87afdebb","hashSHA256":"0f66b1b37d59e3c049af995af4bbf0015796d79d22da50071108a58a53d3bf3e","digitalCertThumbprint":"D5B5A8E2CC87977EC2E08B429825BD41A4B8A9C5","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Secure Download","sourceIndex":"3746","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC Cleaner.exe","companyName":"Secure Download","productName":"SweepTools PC Cleaner","productVersion":"na","fileVersion":"na","hashMD5":"8065cc9b2663a14ca02c9115ba8263c2","hashSHA1":"6ccc2efad40abe8350a462e04b36ecfae3620676","hashSHA256":"a18598c205cde497786f02957a62d2a338a73233d87e333a38f074d11131df9e","digitalCertThumbprint":"D5B5A8E2CC87977EC2E08B429825BD41A4B8A9C5","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Secure Download","sourceIndex":"3746","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"www.google.com","landingPage":"http://www.sweeptools.com/","directDownloadingLink":"https://d1ilsuay6emcxv.cloudfront.net/1.13/setup.1.13.exe","ipv4":"","ipv6":"","sourceIndex":"3746"}],"sampleFiles":["180127/SweeperToolsPCCleaner-171013/1.14/Samples/setup.1.13.exe","180127/SweeperToolsPCCleaner-171013/1.14/Samples/PC Cleaner.exe"],"imageFiles":["180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-042/ACR-042_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-043/ACR-043_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-046/ACR-046_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-046/ACR-046_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-047/ACR-047_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-047/ACR-047_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-107/ACR-107_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-107/ACR-107_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-107/ACR-107_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-048/ACR-048_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-048/ACR-048_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-050/ACR-050_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-050/ACR-050_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-051/ACR-051_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-051/ACR-051_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-003/ACR-003_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-003/ACR-003_software1.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-003/ACR-003_software2.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-003/ACR-003_software3.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-005/ACR-005_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-005/ACR-005_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-005/ACR-005_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-005/ACR-005_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-007/ACR-007_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-007/ACR-007_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-007/ACR-007_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-007/ACR-007_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-009/ACR-009_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-009/ACR-009_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-009/ACR-009_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-009/ACR-009_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-010/ACR-010_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-010/ACR-010_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-010/ACR-010_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-010/ACR-010_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-017/ACR-017_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-017/ACR-017_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-017/ACR-017_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-017/ACR-017_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-084/ACR-084_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-086/ACR-086_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-089/ACR-089_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-097/ACR-097_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-103/ACR-103_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-104/ACR-104_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-116/ACR-116_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-117/ACR-117_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-118/ACR-118_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-119/ACR-119_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-122/ACR-122_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-057/ACR-057_internaloffer.JPG"],"nonDeceptorImageFiles":["180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-065/ACR-065_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-065/ACR-065_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-161/ACR-161_landingpage.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-088/ACR-088_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-099/ACR-099_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-099/ACR-099_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-120/ACR-120_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-167/ACR-167_docs.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-046/ACR-046_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-046/ACR-046_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-047/ACR-047_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-047/ACR-047_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-107/ACR-107_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-107/ACR-107_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-107/ACR-107_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-003/ACR-003_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-003/ACR-003_software1.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-003/ACR-003_software2.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-003/ACR-003_software3.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-005/ACR-005_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-005/ACR-005_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-005/ACR-005_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-005/ACR-005_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-007/ACR-007_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-007/ACR-007_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-007/ACR-007_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-007/ACR-007_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-009/ACR-009_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-009/ACR-009_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-009/ACR-009_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-009/ACR-009_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-010/ACR-010_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-010/ACR-010_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-010/ACR-010_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-010/ACR-010_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-017/ACR-017_internaloffer.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-017/ACR-017_install.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-017/ACR-017_software.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-017/ACR-017_uninstall.JPG","180127/SweeperToolsPCCleaner-171013/1.14/Images/ACR-057/ACR-057_internaloffer.JPG"],"guid":"fa0359a4-28e1-464e-8dd9-833203c3eddb_1.14_1","appID":"SweeperToolsPCCleaner-171013","dateAdded":"180127","deceptorType":"App","name":"SweepTools PC Cleaner","company":"SecureDownload Ltd. ","version":"1.14","sigName":"Deceptor:Win32/SweepToolsPCCleaner!003084","lastKnownStatus":"Deceptor:1.14","lastKnownDate":"180126","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:27:57.6163224+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2604},{"violations":{"ACR-047":"The installer prompts the user to resume a previously cancelled installation.\n","ACR-003":"The application exaggerates shared DLLs, ActiveX and Component, Application Paths and file extensions etc. as problems, thereby misleading or scaring user to take action.\n","ACR-004":"The app does not provide free fixes for regularly recurring results. The app uses different colors and graphs for scan results to raise the sense of urgency to the user.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-014":"App misleads user that items under registry can cause high damage to system healthy. Using gradient color bar presents the not truthful result about the system\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-017":"The application elevates its consumer trust level by displaying unverifiable five star review logos.\n"},"samples":[{"isRevoked":"False","fileName":"181217-SpeedyFixer.exe","productName":"SpeedyFixer","productVersion":"7.4.0.0","fileVersion":"7.4.0.0","hashMD5":"db2d38dca39495553df509546d1f8835","hashSHA1":"e974e5178eac0e3913917b43640dde758306b57e","hashSHA256":"942686ad46baf35424bce8081f30c2d2019174607aed9311be962f69cbd04625","digitalCertThumbprint":"4B05C459734AA6D9C14101DE7D8A5F8792B3BA17","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Blue Century Software Co., Ltd\", O=\"Blue Century Software Co., Ltd\", L=Beijing, C=CN, SERIALNUMBER=91110114576855722Q, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"3456","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"181217-SpeedyFixer_Setup.exe","isInstaller":"True","companyName":"Blue Century Software                                       ","productName":"7.4","fileVersion":"0.0","hashMD5":"5538aed193dd0f7b66b862da9f1bd9e0","hashSHA1":"5d64b6dc4c2eef83026b72650e621130aefa2250","hashSHA256":"28c6beee1307d00b1afe7571f5a52c8802580fc8f3780c78936080ea45b93b74","digitalCertThumbprint":"4B05C459734AA6D9C14101DE7D8A5F8792B3BA17","digitalCertIssuer":"CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=\"Blue Century Software Co., Ltd\", O=\"Blue Century Software Co., Ltd\", L=Beijing, C=CN, SERIALNUMBER=91110114576855722Q, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CN","sourceIndex":"3456","avBlockList":["Avira Internet Security (20190211)","ESET Internet Security (20190211)","K7 Total Security (20190211)","Kaspersky Internet Security (20190211)","McAfee Total Protection (20190211)","Panda Dome (20190211)","Sophos Home Premium (20190211)","VirIT eXplorer PRO (20190211)","Webroot SecureAnywhere (20190211)"],"avAllowList":["Bitdefender Internet Security (20190211)","G DATA INTERNET SECURITY (20190211)","Malwarebytes Premium (20190211)","Trend Micro Internet Security (20190211)","Windows Defender (20190211)","Avast Internet Security (20190211)","AVG Internet Security (20190211)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"https://www.speedyfixer.com/download.php","directDownloadingLink":"http://www.speedyfixer.com/download/SpeedyFixer_Setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.speedyfixer.com/download/SpeedyFixer_Setup.exe","sourceIndex":"3456"}],"sampleFiles":["180127/SpeedyFixer-180123/7.4/Samples/181217-SpeedyFixer.exe","180127/SpeedyFixer-180123/7.4/Samples/181217-SpeedyFixer_Setup.exe"],"imageFiles":["180127/SpeedyFixer-180123/7.4/Images/ACR-047/ACR_047_INSTALL.mp4","180127/SpeedyFixer-180123/7.4/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_4.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_5.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-017/ACR_017_SOFTWARE.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-004/Speedy Post Scan.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-014/Speedy Post Scan.PNG"],"nonDeceptorImageFiles":["180127/SpeedyFixer-180123/7.4/Images/ACR-065/ACR_065_INSTALL.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-065/SpeedyFixer Settings.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180127/SpeedyFixer-180123/7.4/Images/ACR-099/SpeedyFixer Settings.PNG"],"guid":"bb58985f-e48f-4bf9-b90e-08d61054b199_7.4_1","appID":"SpeedyFixer-180123","dateAdded":"180127","deceptorType":"App","name":"SpeedyFixer","company":"Blue Century Software Co. Ltd","version":"7.4","sigName":"Deceptor:Win32/SpeedyFixer!003004014017047","lastKnownStatus":"Deceptor:7.4","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2605},{"violations":{"ACR-047":"The installer prompts the user to resume a previously cancelled installation.\n","ACR-003":"The application exaggerates shared DLLs, ActiveX and Component, Application Paths and file extensions etc. as problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-047":"The installer prompts the user to resume a previously cancelled installation.\n","ACR-003":"The application exaggerates shared DLLs, ActiveX and Component, Application Paths and file extensions etc. as problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its consumer trust level by displaying unverifiable five star review logos.\n"},"samples":[{"isRevoked":"False","fileName":"SpeedyFixer_Setup.exe","isInstaller":"True","companyName":"Blue Century Software","productName":"SpeedyFixer","productVersion":"7.3","hashMD5":"0c33cbdce9be1270acc637180e31cc69","hashSHA1":"23fff273e3449249684fc75a348b8a7288b466a6","hashSHA256":"2eda6d7ebe994518c0bc9740949aef405291dce7dc5c1d83138894399de6a0cb","digitalCertThumbprint":"4B05C459734AA6D9C14101DE7D8A5F8792B3BA17","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Blue Century Software Co., Ltd","sourceIndex":"3745","avBlockList":["Avira Internet Security (20190211)","ESET Internet Security (20190211)","K7 Total Security (20190211)","Kaspersky Internet Security (20190211)","Malwarebytes Premium (20190211)","McAfee Total Protection (20190211)","Panda Dome (20190211)","Sophos Home Premium (20190211)","Trend Micro Internet Security (20190211)","VirIT eXplorer PRO (20190211)"],"avAllowList":["AVG Internet Security (20190211)","Bitdefender Internet Security (20190211)","G DATA INTERNET SECURITY (20190211)","Webroot SecureAnywhere (20190211)","Windows Defender (20190211)","Avast Internet Security (20190211)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"https://www.speedyfixer.com/download.php","directDownloadingLink":"http://www.speedyfixer.com/download/SpeedyFixer_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3745"}],"sampleFiles":["180127/SpeedyFixer-180123/7.3/Samples/SpeedyFixer_Setup.exe"],"imageFiles":["180127/SpeedyFixer-180123/7.3/Images/ACR-042/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-043/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-046/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-047/ACR_047_INSTALL.mp4","180127/SpeedyFixer-180123/7.3/Images/ACR-048/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-048/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-050/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-050/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_4.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_5.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-010/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-010/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-017/ACR_017_SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-084/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-086/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-089/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-097/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-103/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-104/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-116/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-116/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-117/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-117/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-118/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-118/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-119/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-119/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-122/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-122/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-057/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-057/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-071/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-071/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180127/SpeedyFixer-180123/7.3/Images/ACR-065/ACR_065_INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-046/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-047/ACR_047_INSTALL.mp4","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_4.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_5.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-005/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-007/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/INSTALL.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/UNINSTALL_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-009/UNINSTALL_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-010/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-010/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-017/ACR_017_SOFTWARE.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-057/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-057/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-071/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_1.PNG","180127/SpeedyFixer-180123/7.3/Images/ACR-071/INTERNAL_OFFER_WEBPAGE_SCREENSHOT_2.PNG"],"guid":"bb58985f-e48f-4bf9-b90e-08d61054b199_7.3_1","appID":"SpeedyFixer-180123","dateAdded":"180127","deceptorType":"App","name":"SpeedyFixer","company":"Blue Century Software Co. Ltd","version":"7.3","sigName":"Deceptor:Win32/SpeedyFixer!003017047","lastKnownStatus":"Deceptor:7.4","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2606},{"violations":{"ACR-003":"The application exaggerates system's health condition eg, improvement potential as high for fixing registry issues .thereby misleading or scaring user to take action. \n\n\n","ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying unverifiable 5 stars review logos that are unable to be verified.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-171":"App uses opt-out on a last-minute offer for Advanced Password Manager in the shopping cart.\n"},"samples":[{"isRevoked":"False","fileName":"1Click System Mechanic.exe","isInstaller":"True","companyName":" CONNECT AB INFOLINE PRIVATE LIMITED","productName":"1Click System Mechanic","productVersion":"1.0.0.1331","fileVersion":"1.0.0.1331","hashMD5":"8f0d407656b7c234d93919233814cc93","hashSHA1":"2fd19fcc643efaf2edf97fc909c12e2c59be0b28","hashSHA256":"8b91f4326552312b5cce3ba5fbb83526798fcef7d0b7b00cf66f6ce4f7bf1f71","digitalCertThumbprint":"D4CC2A4E613CB926B22233E4560DCA805310E4EC","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"CONNECT AB INFOLINE PRIVATE LIMITED","sourceIndex":"420","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"","isInstaller":"True","productName":"1Click-System-Mechanic","productVersion":"1.0.0.1331","fileVersion":"1.0.0.1331","hashMD5":"e72658bcb42668f47f14795ef9e0eccc","hashSHA1":"6ad69582e829706bff97f36026bed02493f10c59","hashSHA256":"35b4f60e18240c831975169601192a257e6add24f815768afbaed8c7dd3a8b6a","digitalCertThumbprint":"C2E093F941135A3E9959E440DD81541B4447D889","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Tuneup PC Tool Ltd","sourceIndex":"421","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"vt","landingPage":"http://www.efixsystemutils.com/","directDownloadingLink":"https://d5ybw0gcf0j3u.cloudfront.net/securerc/setup1.exe","ipv4":"","ipv6":"","sourceIndex":"420"},{"howFound":"Hunt.Search","reference":"similar to efixsystemutils.com","landingPage":"http://www.esecurepcutils.com/","directDownloadingLink":"https://dbn1zlkijqstu.cloudfront.net/securerc/esecpctil/setup1.exe","ipv4":"","ipv6":"","sourceIndex":"421"}],"sampleFiles":["180127/1ClickSystemMechanic-180123/1.0.0.1331/Samples/setup1.exe","180127/1ClickSystemMechanic-180123/1.0.0.1331/Samples/setup1 (1).exe"],"imageFiles":["180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-003/acr_003.PNG","180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-003/acr_003_1.PNG","180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-017/acr_017.PNG"],"nonDeceptorImageFiles":["180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-065/acr_065.PNG","180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-065/acr_065_IO.PNG","180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-161/testimonials.PNG","180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-099/acr_099_s.PNG","180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-099/acr_099_io.PNG","180127/1ClickSystemMechanic-180123/1.0.0.1331/Images/ACR-171/ACR-171 preselects last minute offer in shopping cart.gif"],"guid":"9d9a3bfa-eec3-4459-acfd-a9472282f6f3_1.0.0.1331_1","appID":"1ClickSystemMechanic-180123","dateAdded":"180127","deceptorType":"App","name":"1ClickSystemMechanic","company":" CONNECT AB INFOLINE PRIVATE LIMITED","version":"1.0.0.1331","sigName":"Deceptor:Win32/1ClickSystemMechanic!003017","lastKnownStatus":"Deceptor:1.0.0.1331","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T21:38:46.8443881+00:00","notDistributed":true,"familyName":"autoclean-winreg-arkin","numInFamily":63,"numInAppID":1,"sortOrder":2098},{"violations":{"ACR-003":" The application exaggerates privacy traces and temporary junk files as an error and problems, thereby misleading or scaring user to take action.The application also uses the colour gradient red to state a false sense of urgency.  \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from scanning on startup from the software interface as no options are available.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\nThe internal offer page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\n","ACR-037":"Privacy policy states that app collects personally identifiable information, but doesn't describe what is collected or how it will be used.\n"},"samples":[{"isRevoked":"False","fileName":" High PC Booster.exe","isInstaller":"True","companyName":" sparkpcsupport.com","productName":" High PC Booster","productVersion":"1.0 ","fileVersion":"1.0","hashMD5":"80ed620fc405677a28a2ff8a35fa1eb5","hashSHA1":" 1bf8c4019dfd5dc89391473cb91b385fa91d5944","hashSHA256":"93e3650fae0c922b027fe8885e583ac2f307eac00922ea1215836a678afb60b0","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":" thawte SHA256 Code Signing CA","digitalCertIssuedTo":" sparkpcsupport.com","sourceIndex":"3691","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"high-pc-booster.exe","companyName":" sparkpcsupport.com","productName":"high-pc-booster","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"7df83d0922dd8467badd36456f4ccc5d","hashSHA1":" 5431bd2ceb1a78cd7b7200351b5c577453d86f35","hashSHA256":"14cb87416e447eda0558bc1c0b5dfe53f1c25ad9d0d43d542c7636ae05738dc9","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":" thawte SHA256 Code Signing CA","digitalCertIssuedTo":" sparkpcsupport.com","sourceIndex":"3691","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"https://www.highpcbooster.com/","directDownloadingLink":"https://www.highpcbooster.com/download.php?src=website-home","ipv4":"","ipv6":"","sourceIndex":"3691"}],"sampleFiles":["180125/HighPCBooster-180124/1.0.0.0/Samples/high_pc_booster.exe","180125/HighPCBooster-180124/1.0.0.0/Samples/high-pc-booster.exe"],"imageFiles":["180125/HighPCBooster-180124/1.0.0.0/Images/ACR-003/acr_003.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-003/acr_003_1.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-084/acr_084.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-168/one_one_interaction_S.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-168/one_one_S.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-168/one_one_interaction_io.PNG"],"nonDeceptorImageFiles":["180125/HighPCBooster-180124/1.0.0.0/Images/ACR-065/acr_065_I.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-065/acr_065_S.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-088/acr_088.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-163/one_one_interaction_S.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-163/one_one_interaction_io.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-161/testimonials.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-161/testimonials_io.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-160/one_one_S.PNG","180125/HighPCBooster-180124/1.0.0.0/Images/ACR-099/acr_099.PNG"],"guid":"4fb5f60e-1d9e-4aed-9f98-a007bd77bd2e_1.0.0.0_1","appID":"HighPCBooster-180124","dateAdded":"180125","deceptorType":"App","name":"High PC Booster","company":"Spark PC Support","version":"1.0.0.0","sigName":"Deceptor:Win32/HighPCBooster!003084168","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2608},{"violations":{"ACR-003":" The application exaggerates empty and invalid registry keys, activeX and COM as errors, thereby misleading or scaring user to take action. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-092":"\nThe application does not have a digital signature.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":" WinMend Registry Cleaner.exe","isInstaller":"True","companyName":" WinMend.com","productName":" WinMend Registry Cleaner","productVersion":"2.2.0.0","fileVersion":"2.2.0.0","hashMD5":"e4df255dc14aca946e25a4398f7f5372","hashSHA1":"f22b586677bf76d304c1cd77eeb49fa664cd4bdb","hashSHA256":"11a4b8e155c9725fa05016044961378ce2d55dec842398db9e9ec0f8ae7ff93c","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3692","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":" WinMend Registry Cleaner.exe","companyName":"WinMend.com        ","productName":" WinMend Registry Cleaner","productVersion":"2.2.0.0","fileVersion":"2.2.0.0","hashMD5":"b493fcdf09e3292f4a8a34a074a01ad4","hashSHA1":"5f5a9807b44ecc8bb0bf589e9cd9d45b864700ac","hashSHA256":"a24c8ddc73b2ffce637ed73a0ef4073d6cc3b7fe4c9a06d23b31a1611d564a7","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3692","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.winmend.com/registry-cleaner/","directDownloadingLink":"http://www.winmend.com/pad/download/WinMend-Registry-Cleaner.exe","ipv4":"","ipv6":"","sourceIndex":"3692"}],"sampleFiles":["180125/WinMendRegistryCleaner-180124/2.2.0.0/Samples/WinMend-Registry-Cleaner.exe","180125/WinMendRegistryCleaner-180124/2.2.0.0/Samples/RegistryCleaner.exe"],"imageFiles":["180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-003/acr_003.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-003/acr_003_1.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-065/acr_065_I.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-065/acr_065_S.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-065/acr_065_LP.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-065/acr_.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-091/unsigned.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-092/unsigned.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-099/I_about_us.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-099/___.PNG","180125/WinMendRegistryCleaner-180124/2.2.0.0/Images/ACR-099/acr_099.PNG"],"guid":"6d9958ca-4956-40a2-ba1d-9ed9e08427e9_2.2.0.0_1","appID":"WinMendRegistryCleaner-180124","dateAdded":"180125","deceptorType":"App","name":"WinMendRegistryCleaner","company":" WinMend.com ","version":"2.2.0.0","sigName":"Deceptor:Win32/WinMendRegistryCleaner!003084","lastKnownStatus":"Deceptor:2.2.0.0","lastKnownDate":"180125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T03:24:30.9977479+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2607},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable scheduled tasks using the software.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links  to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer.\nDoes not show any links  to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the landing page.\nDoes not show any links  to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nDoes not show any links  to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-161":"The application's displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-099":"No uninstall information is provided on the landing page.\nNo uninstall information is provided on the landing page.\nNo uninstall information is provided on the software.\n","ACR-120":"Uninstall offers the consumer the same app at a discounted price to deter uninstall.\n","ACR-035":"No EULA/Terms of Service or Returns and Cancellation Policy is provided for the app.\n","ACR-159":"No disclosure that payment would be required to access the full functionality of the software.\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":" Registry Winner.exe","isInstaller":"True","companyName":" ALIKET SOFTWARE CO., LTD.","productName":" Registry Winner","productVersion":" 7.1.12.18","fileVersion":" 7.1.12.18","hashMD5":"982cd8613985dcf336229dd611ecae9a","hashSHA1":"ead49d17755430612646863a184a03c5dcb9ae71","hashSHA256":"7414b7522824b90e4dd7c9a2a730efb3a1f7ca3255031ae6207c3b3225104ee1","digitalCertThumbprint":" AE9DE47850C6BEFE8EBD10FE2F264CFBC90A4C10","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":" ALIKET SOFTWARE CO., LTD.","sourceIndex":"3747","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"www.google.com","landingPage":"http://registrywinner.com/","directDownloadingLink":"http://www.registrywinner.com/RegistryWinner_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3747"}],"sampleFiles":["180123/RegistryWinner-171025/7.1.12.18/Samples/RegistryWinner_Setup.exe"],"imageFiles":["180123/RegistryWinner-171025/7.1.12.18/Images/ACR-003/ACR-003_software.PNG","180123/RegistryWinner-171025/7.1.12.18/Images/ACR-003/ACR-003_software2.PNG","180123/RegistryWinner-171025/7.1.12.18/Images/ACR-084/ACR-084_software.PNG","180123/RegistryWinner-171025/7.1.12.18/Images/ACR-084/ACR-084_software2.PNG"],"nonDeceptorImageFiles":["180123/RegistryWinner-171025/7.1.12.18/Images/ACR-065/ACR-065_install.PNG","180123/RegistryWinner-171025/7.1.12.18/Images/ACR-065/ACR-065_software.PNG","180123/RegistryWinner-171025/7.1.12.18/Images/ACR-161/161.PNG","180123/RegistryWinner-171025/7.1.12.18/Images/ACR-120/ACR-120_uninstall.PNG","180123/RegistryWinner-171025/7.1.12.18/Images/ACR-003/ACR-003_software.PNG","180123/RegistryWinner-171025/7.1.12.18/Images/ACR-003/ACR-003_software2.PNG"],"guid":"9601964a-c57d-4eb4-bf05-9a66fea2ff3f_7.1.12.18_1","appID":"RegistryWinner-171025","dateAdded":"180123","deceptorType":"App","name":"Registry Winner","company":"Aliket Software Co., Ltd.","version":"7.1.12.18","sigName":"Deceptor:Win32/RegistryWinner!003084","lastKnownStatus":"Deceptor:7.1.12.18","lastKnownDate":"180123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:27:57.3068333+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2609},{"violations":{"ACR-003":"The application exaggerates registry keys as an error and a problem, thereby misleading or scaring user to take action \n\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"Uninstall confirmation prompt offers the same app to the user for free. \n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","isInstaller":"True","productName":" Registry First Aid","productVersion":" 11.0.2","fileVersion":" 11.0.2","hashMD5":"e9bfc72b6aace3beb37e13de5dba95a0","hashSHA1":"ae169f20a8e7fa6f55bd1ca2a9b2ac42a8a3249b","hashSHA256":"32c19d350ac395fc942e3288461071fa1a2202fbed5f4d28b3842c56d0cca689","digitalCertThumbprint":" 79BEA3241654F458A65741874C0CEDAE245D0FB4","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":" Rose City Software","sourceIndex":"3689","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"PUPnMB","landingPage":"http://www.rosecitysoftware.com/reg1aid/","directDownloadingLink":"http://www.rosecitydownloads.com/rfasetup.exe","ipv4":"","ipv6":"","sourceIndex":"3689"}],"sampleFiles":["180123/RegistryFirstAid-180121/11.0.2/Samples/rfasetup.exe"],"imageFiles":["180123/RegistryFirstAid-180121/11.0.2/Images/ACR-003/acr_003.PNG","180123/RegistryFirstAid-180121/11.0.2/Images/ACR-003/acr_003_1.PNG"],"nonDeceptorImageFiles":["180123/RegistryFirstAid-180121/11.0.2/Images/ACR-065/acr_065.PNG","180123/RegistryFirstAid-180121/11.0.2/Images/ACR-065/acr_065_S.PNG","180123/RegistryFirstAid-180121/11.0.2/Images/ACR-161/testimonials.PNG","180123/RegistryFirstAid-180121/11.0.2/Images/ACR-161/acr_161.PNG","180123/RegistryFirstAid-180121/11.0.2/Images/ACR-099/......PNG","180123/RegistryFirstAid-180121/11.0.2/Images/ACR-120/re-advertised.PNG"],"guid":"3832c7da-9c91-4be9-9c45-d3bf233ee66f_11.0.2_1","appID":"RegistryFirstAid-180121","dateAdded":"180123","deceptorType":"App","name":"Registry First Aid ","company":"Rose City Software","version":"11.0.2","sigName":"Deceptor:Win32/RegistryFirstAid!003","firstVendorContactDate":"180201","firstAppEsteemReplyDate":"180201","firstResolvedDate":"180219","firstResolvedVersion":"11.1.0.2492","resolved":"TRUE","lastKnownStatus":"Deceptor:11.0.2;NonCertified:11.1.0.2492","lastKnownDate":"180123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-02-19T16:24:18.1776774+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2611},{"violations":{"ACR-003":"The application exaggerates Scheduler Tasks, Services, Windows Search, Windows Defragmentation, ActiveX and Class Items Shared DLLs performance items as SERIOUS , thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The application also runs silently in the background, hiding the fact that it is active from the user, the user is unable to disable the software pop-up notifications using the application interface because there is no option to do so.\n","ACR-168":"The application displays multiple support call center phone numbers but does not disclose that additional offers may be made on the one-on-one interaction with the user. The application runs silently in the background, hiding the fact that it is active from the user. The user is unable to disable pop-up notifications using the application interface because there is no option to do so.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to a webpage that shows the Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-160":"Contacted PCKeeper Live with the phone number '1-866-988-6766' and got an automated response message \"saying thank you for contacting PCKeeper customer support, we apologize but we do not provide phone support for PCKeeper anymore.\"\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get a special discount for PCKeeper Live.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"PCKeeper Installer.exe","isInstaller":"True","companyName":"Essentware","productName":"Pckeeper Installer","productVersion":"1.1.1149.8","fileVersion":"1.1.1149.8","hashMD5":"929c9d6ace84a5d7701fb0e399c12179","hashSHA1":"cefabfb0cad2284369b50906ed1aab5d22369d7c","hashSHA256":"98e03121e41ccdea270d8d0e51b5f039889ea6d5ca0d5bfeca9aa2d7ab0ebdbf","digitalCertThumbprint":"A02CA455B5B1936A29CEBC63E2E74D8F0249B6B9","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"ESSENTWARE S.A.","sourceIndex":"3662","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"https://pckeeper.com/download-live","directDownloadingLink":"https://app.pckeeper.com/paramss=phexafc9d2dbb4b5c5ac92979eb29a9cd2e8cb90b1b5d1c7cde1d0d7ccc0dedec2c6d2dfd2d1a0a998d1d9e5cdcdd8dac6cfd6c0d1d5c9ced0a8&trt=33_22515","ipv4":"","ipv6":"","sourceIndex":"3662"}],"sampleFiles":["180123/PCKeeperLive-180113/1.1.1149.8/Samples/PCKeeper Installer.exe"],"imageFiles":["180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_4.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_5.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-084/ACR_084_SOFTWARE.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-168/ACR_168_SOFTWARE.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-168/ACR_084_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-065/ACR_065_INSTALL.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-099/ACR_099_SOFTWARE.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-120/ACR_120_UNINSTALL.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-167/ACR_167_DOCS.PNG","180123/PCKeeperLive-180113/1.1.1149.8/Images/ACR-065/ACR_065_SOFTWARE.PNG"],"guid":"0da5abd6-5a9a-4127-89fb-69e35626fca6_1.1.1149.8_1","appID":"PCKeeperLive-180113","dateAdded":"180123","deceptorType":"App","name":"PCKeeper Live","company":"EssentWare S.A.","version":"1.1.1149.8","sigName":"Deceptor:Win32/PCKeeper!003084168","firstVendorContactDate":"180125","firstAppEsteemReplyDate":"180125","firstResolvedDate":"180327","firstResolvedVersion":"stopped all distribution: see www.pckeeper.com","resolved":"TRUE","lastKnownStatus":"Deceptor:1.1.1149.8","lastKnownDate":"180123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2018-03-28T15:40:53.6587648+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2612},{"violations":{"ACR-003":"The application exaggerates registry keys and file associations as problems,and also labels the systems health as \"HIGH\" thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-017":"The application elevates its user trust level by displaying endorsements such as Microsoft partner network, and intel software Partner which are unable to verify. \n\nThe landing page elevates its user trust level by displaying endorsements such as Microsoft partner network, and intel software Partner which are unable to be verified. \n\n"},"samples":[{"isRevoked":"False","fileName":"Smart Registry Errors Fixer Pro.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"Smart Registry Errors Fixer Pro","productVersion":"4.5.8","fileVersion":"4.5.8","hashMD5":"7a0df194b8e311b2fbf6a49d92cc25a9","hashSHA1":" b509c5dcd77e05ed0324518566fb04ae7fb8dabd","hashSHA256":"a45d4d386b174a88a701c20d7811d03267c43ea8437938e23e7a89f6a96e5d62","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3605","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search ","reference":"","landingPage":"http://www.lionsea.com/product_registryerrorsfixerpro.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Registry_Errors_Fixer_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3605"}],"sampleFiles":["180123/RegistryErrorsFixerUtility-180123/4.5.8/Samples/Smart_Registry_Errors_Fixer_Pro_Setup.exe"],"imageFiles":["180123/RegistryErrorsFixerUtility-180123/4.5.8/Images/ACR-003/acr_003.PNG"],"nonDeceptorImageFiles":["180123/RegistryErrorsFixerUtility-180123/4.5.8/Images/ACR-065/acr_065_I.PNG","180123/RegistryErrorsFixerUtility-180123/4.5.8/Images/ACR-065/acr_065_S.PNG","180123/RegistryErrorsFixerUtility-180123/4.5.8/Images/ACR-017/acr_017_LP.PNG","180123/RegistryErrorsFixerUtility-180123/4.5.8/Images/ACR-017/acr_017_LP.PNG","180123/RegistryErrorsFixerUtility-180123/4.5.8/Images/ACR-099/acr-099_S.PNG"],"guid":"97e24a32-8815-4e76-b7f6-37fba177dc78_4.5.8_1","appID":"RegistryErrorsFixerUtility-180123","dateAdded":"180123","deceptorType":"App","name":"Registry Errors Fixer Utility","company":" LionSea Software co., ltd","version":"4.5.8","sigName":"Deceptor:Win32/RegistryErrorsFixerUtility!003","lastKnownStatus":"Deceptor:4.5.8","lastKnownDate":"180123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-06-29T03:05:21.2321967+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2516},{"violations":{"ACR-003":"Unnecessary scaring of consumer about Internet Explorer on Windows 10, where the OS disables by default. Summary status does not show consumer how it was calculated, and is misleading without that detail adjacent. It is very difficult for the consumer to figure out how to navigate to the details of what has been called out, which makes the claims unsubstantiated.\n","ACR-084":"Scheduled scan task remains even if user selects no scheduled scan.\n","ACR-097":"App reports significantly different results when installed on a virtual machine, evading security review without disclosing this behavior.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option. \n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe landing page has no link or information that shows how it can be uninstalled.\n\nThe internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get a trial or a lower price for the same program.\n\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"PC Protector Plus.exe","isInstaller":"True","companyName":"WIN TUNEUP SOFTWARE LLP","productName":"PC Protector Plus","productVersion":"2.1.1000.20873","fileVersion":"2.1.1000.20873","hashMD5":"0559f40e3a4f3dbfb1a9bfafb3e572f3","hashSHA1":"df8ad1e84fcbe53a73368ef89ebd0edd02065827","hashSHA256":"eb19ce2e3781db56991af176b17e89ae4d2913667250cac9e1e6ee1a94908e63","digitalCertThumbprint":"ADEB0D4D55EDADD03D661EEBB019F3F413DB729D","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"WIN TUNEUP SOFTWARE LLP","sourceIndex":"3587","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Partner.Inquiry","reference":"Kevin at Symantec","landingPage":"http://pcprotectorplus.com/","directDownloadingLink":"http://pcprotectorplus.com/download","ipv4":"","ipv6":"","sourceIndex":"3587"}],"sampleFiles":["180120/PCProtectorPlus-180117/2.1.1000.20873/Samples/pcppstsetup.exe"],"imageFiles":["180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-003/ACR-003 unnecessary scare consumer with fake warning.png","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-003/ACR-003 no way to substantiate claim.png","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-084/ACR-084 no way to disable daily scan.png","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-097/Screen Shot 2018-01-19 at 2.08.04 PM.png","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-168/one_one_interaction_SW.PNG"],"nonDeceptorImageFiles":["180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-065/acr_065.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-161/testimonials.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-163/one_one_interaction_SW.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-163/one_one_interaction_DC.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-163/one_one_interaction_LP.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-099/acr-099.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-099/acr_099_LP.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-099/acr_099_IO.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-168/one_one_interaction_LP.PNG","180120/PCProtectorPlus-180117/2.1.1000.20873/Images/ACR-120/re-advertised_offer.PNG"],"guid":"f195a665-6c66-46f9-84b8-83618ac5d691_2.1.1000.20873_1","appID":"PCProtectorPlus-180117","dateAdded":"180120","deceptorType":"App","name":"PC Protector Plus","company":"Jawego Partners LLC","version":"2.1.1000.20873","sigName":"Deceptor:Win32/PCProtectorPlus!003084097168","lastKnownStatus":"Deceptor:2.1.1001.23282","lastKnownDate":"180702","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-07-02T00:00:00+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":2,"sortOrder":2160},{"violations":{"ACR-042":"Installer proceeds without obtaining explicit user permission before installing. If Chrome is present, installs a disabled chrome extension.\n","ACR-043":"No mention in ToS or EULA about third party components included.\n","ACR-048":"No ability to stop or cancel install, which proceeds with no user interaction.\n","ACR-003":"App has a built-in escalating severity in system status. App uses Red Severity to highlight paid features of its product (real-time protection). App calls out Yellow Severity for enabling/paying for additional features of its product. App shows high severity in popup for all features. App shows Yellow Severity to uninstall applications. All of these, without any way for a consumer to verify before purchase, mislead consumers and raise a false sense of urgency.\n","ACR-118":"Uninstall leaves an automatically-installed chrome extension (TotalAV Web Shield) installed.\n","ACR-119":"Uninstall leaves TotalAV WebShield chrome extension installed\n","ACR-055":"No way to decline the install or accept the EULA... install proceeds without any user prompting.\n"},"nonDeceptorViolations":{"ACR-065":"No EULA on landing page before download.\nNo EULA, ToS, Returns, or Privacy policy as part of install.\n","ACR-092":"Many unsigned components are installed with the app\n","ACR-036":"Material functionality provided by third parties is not disclosed.\n","ACR-058":"Does not disclose that the TotalAV Web Shield monetizes through search\n","ACR-055":"No way to decline the install or accept the EULA... install proceeds without any user prompting.\n","ACR-003":"App has a built-in escalating severity in system status. App uses Red Severity to highlight paid features of its product (real-time protection). App calls out Yellow Severity for enabling/paying for additional features of its product. App shows high severity in popup for all features. App shows Yellow Severity to uninstall applications. All of these, without any way for a consumer to verify before purchase, mislead consumers and raise a false sense of urgency.\n"},"samples":[{"isRevoked":"False","fileName":"TotalAV.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"1.38.12.0","hashMD5":"20777a3a60676a82363ec0d0c3cb1f67","hashSHA1":"435b251306b43883c69dce03825dd551e8aebbd5","hashSHA256":"322fb4da01edee3c3ddef29c88bb512ef28be086d7cd6bdfdf4562d4149bc449","digitalCertThumbprint":"50EDF214E766FCD134D4891E2269623C70864CF6","digitalCertIssuer":"VeriSign Class 3 Public Primary Certification Authority - G5","digitalCertIssuedTo":"SS Protect Limited","sourceIndex":"3788","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCProtect.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"1.38.12.0","hashMD5":"822868b4b24b8b3651acf1bb194e758c","hashSHA1":"37e3ae8308890ea241b6edfaadee876271737d0f","hashSHA256":"874c7eacff943b3c1f83cf414db47aeb1cb70e9df4a765a08159f475a2bfd9d0","digitalCertThumbprint":"50EDF214E766FCD134D4891E2269623C70864CF6","digitalCertIssuer":"VeriSign Class 3 Public Primary Certification Authority - G5","digitalCertIssuedTo":"SS Protect Limited","sourceIndex":"3789","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ScanGuard.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"1.38.12.0","hashMD5":"98f576cad28e7eed37f684b4bd289257","hashSHA1":"6e9885e70527be591571b7651d90602e7fc01657","hashSHA256":"2fda9bf1a9b2e8a796229eb5d9ca89fefa0a57391b73166e66ab8186891fbec4","digitalCertThumbprint":"50EDF214E766FCD134D4891E2269623C70864CF6","digitalCertIssuer":"VeriSign Class 3 Public Primary Certification Authority - G5","digitalCertIssuedTo":"SS Protect Limited","sourceIndex":"3790","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"https://www.totalav.com/free-download","directDownloadingLink":"https://www.totalav.com/download","ipv4":"","ipv6":"","sourceIndex":"3788"},{"howFound":"Hunt.Search","reference":"similar to TotalAV","landingPage":"https://www.pcprotect.com/free-download","directDownloadingLink":"https://www.pcprotect.com/download","ipv4":"","ipv6":"","sourceIndex":"3789"},{"howFound":"Hunt.Search","reference":"similar to TotalAV","landingPage":"https://www.scanguard.com/free-download","directDownloadingLink":"https://www.scanguard.com/download","ipv4":"","ipv6":"","sourceIndex":"3790"}],"sampleFiles":["180120/TotalAV-180113/1.8/Samples/TotalAV.exe","180120/TotalAV-180113/1.8/Samples/PCProtect.exe","180120/TotalAV-180113/1.8/Samples/ScanGuard.exe"],"imageFiles":["180120/TotalAV-180113/1.8/Images/ACR-042/ACR-042 install doesn't obtain user permission before installing.gif","180120/TotalAV-180113/1.8/Images/ACR-042/ACR-042 installs disabled chrome extension.png","180120/TotalAV-180113/1.8/Images/ACR-043/ACR-043 avira components.png","180120/TotalAV-180113/1.8/Images/ACR-043/ACR-043 eula.png","180120/TotalAV-180113/1.8/Images/ACR-048/ACR-048 no way to cancel install.gif","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 escalating severity.gif","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 high severity on everything in popup.png","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 medium severity to uninstall two apps.png","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 no functioning demo.gif","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 quick scan yellow severity details.png","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 red severity for RTP %22feature%22.png","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 scary popup.gif","180120/TotalAV-180113/1.8/Images/ACR-055/ACR-055 no way to decline the install or accept the eula.gif"],"nonDeceptorImageFiles":["180120/TotalAV-180113/1.8/Images/ACR-065/ACR-065 landing page missing uninstall and eula.png","180120/TotalAV-180113/1.8/Images/ACR-092/ACR-092 unsigned components.png","180120/TotalAV-180113/1.8/Images/ACR-036/ACR-036 eula.png","180120/TotalAV-180113/1.8/Images/ACR-036/ACR-036 undisclosed material functionality.png","180120/TotalAV-180113/1.8/Images/ACR-058/ACR-058 Web Shield monetizing through search.gif","180120/TotalAV-180113/1.8/Images/ACR-055/ACR-055 no way to decline the install or accept the eula.gif","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 escalating severity.gif","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 high severity on everything in popup.png","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 medium severity to uninstall two apps.png","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 no functioning demo.gif","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 quick scan yellow severity details.png","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 red severity for RTP %22feature%22.png","180120/TotalAV-180113/1.8/Images/ACR-003/ACR-003 scary popup.gif"],"guid":"c5d9969f-957c-4f90-99fc-f062fa8fb813_1.8_1","appID":"TotalAV-180113","dateAdded":"180120","deceptorType":"App","name":"TotalAV, PCProtect, ScanGuard","company":"SS Protect Limited","version":"1.8","sigName":"Deceptor:Win32/TotalAV!003042043048118119","firstVendorContactDate":"180124","firstAppEsteemReplyDate":"180124","firstResolvedDate":"180127","firstResolvedVersion":"1.39.31.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8","lastKnownDate":"180120","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-02-15T00:19:26.8303114+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2613},{"violations":{"ACR-003":"Unnecessary scaring of consumer about Internet Explorer on Windows 10, where the OS disables by default. Summary status does not show consumer how it was calculated, and is misleading without that detail adjacent. It is very difficult for the consumer to figure out how to navigate to the details of what has been called out, which makes the claims unsubstantiated.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's internal offer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. There are no schedules set within the software, however the app has created multiple tasks in the systems task scheduler which cannot be disabled from the software's interface.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's uninstall  provides a phone number for one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's docs provides a phone number for one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app's landing page provides a phone number for one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app at a 50% discount.\n","ACR-171":"The consumer is required to opt-out of additional payment for disk tools plus which was not pre-disclosed.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"pcpp_site.exe","isInstaller":"True","companyName":"Jawego                                                      ","productName":"PC Protector Plus","productVersion":"2.1.1001.23282","fileVersion":"2.1.1001.23282","hashMD5":"7149ddedbff7ebb5f9b0e0105ccdef6c","hashSHA1":"76f5f06d573017584b9cb38a4184e4c7ac9d99b9","hashSHA256":"c5566a253c1c044b2eec905b7699e4f223da6451fbb0908a921e634a2050e605","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3580","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCProtectorPlus.exe","companyName":"Jawego","productName":"PC Protector Plus","productVersion":"2.1.1001.23282","fileVersion":"2.1.1001.23282","hashMD5":"89a53497848fea4ddb8532df604c6673","hashSHA1":"b393575cff9c696a55ea2f639d4a0d902e44733f","hashSHA256":"540283643259859db51b498f02fb392691b285fbcf3d497f4c145df214a563e0","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3580","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"existing deceptor review","landingPage":"http://pcprotectorplus.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/pcprotectorplus/setups/pcpp_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/pcprotectorplus/setups/pcpp_site.exe","sourceIndex":"3580"}],"sampleFiles":["180120/PCProtectorPlus-180117/2.1.1001.23282/Samples/pcpp_site.exe","180120/PCProtectorPlus-180117/2.1.1001.23282/Samples/PCProtectorPlus.exe"],"imageFiles":["180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-003/ACR-003_software.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-003/ACR-003_software1.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-003/ACR-003_software2.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-017/ACR-017_software.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-017/ACR-017_internaloffer.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-084/ACR-084_software.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-065/ACR-065_software.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-161/ACR-161_landingpage.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-161/ACR-161_landingpage1.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-163/ACR-163_software.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-163/ACR-163_uninstall.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-163/ACR-163_docs.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-163/ACR-163_landingpage.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-160/ACR-160_software.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-099/ACR-099_software.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-099/ACR-099_landingpage.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-099/ACR-099_internaloffer.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-168/ACR-168_landingpage.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-120/ACR-120_uninstall.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-171/ACR-171_internaloffer.JPG","180120/PCProtectorPlus-180117/2.1.1001.23282/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"f195a665-6c66-46f9-84b8-83618ac5d691_2.1.1001.23282_1","appID":"PCProtectorPlus-180117","dateAdded":"180120","deceptorType":"App","name":"PC Protector Plus","company":"Jawego Partners LLC","version":"2.1.1001.23282","sigName":"Deceptor:Win32/PCProtectorPlus!003017084168","lastKnownStatus":"Deceptor:2.1.1001.23282","lastKnownDate":"180702","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-07-03T03:14:34.5607083+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":2,"sortOrder":2159},{"violations":{"ACR-109":"rkverify.exe and rkinstaller.exe, two files are signed and published by RelevantKnowledge, were downloaded at the time of bundle was first executed, before any user disclosure or consent. \n","ACR-043":"","ACR-047":"After app install and on every subsequent software start, bundler prompts user with \"Important!\" message to use a \"new versoin to avoid malfunctions\". This installs the same version of the app, and re-runs the install and the offers that the consumer has previously declined. \n","ACR-048":"There is a \"cancel install\" button that when pressed prompts to be sure, but the installation continues regardless.\n","ACR-071":"Search offer from Yahoo has several separately-installed components. Since there is no way for the user to uninstall these as a group, they are considered separate offers, and require a way for the user to independently accept or decline them.\n","ACR-075":"Cancelling the installation leaves the carrier and the offers installed.\n","ACR-059":"Offer not clearly marked as an offer. Instead, it is presented as a component of the carrier.\n","ACR-039":"Makes offers that masquerade as EULAs for the carrier\n"},"nonDeceptorViolations":{"ACR-065":"Carrier app has no EULA screen. The first offer's EULA misleads consumers into thinking it is the EULA for the carrier app.\n","ACR-092":"Bundler uses a single code signing certificate for all packages, not disclosed in carrier information.\n","ACR-035":"No docs for the bundler; no way to contact RuiQing.\n","ACR-036":"No docs to describe the third party components auto-installed by the bundler.\n","ACR-037":"No privacy policy to describe the information collected by the bundler during the install process.\n","ACR-071":"Search offer from Yahoo has several separately-installed components. Since there is no way for the user to uninstall these as a group, they are considered separate offers, and require a way for the user to independently accept or decline them.\n"},"samples":[{"isRevoked":"False","fileName":"FreeShortcutRemover.exe","isInstaller":"True","companyName":"FreeShortcutRemover Co., Ltd.","productName":"Free Shortcut Remover","hashMD5":"af28992a3702c9111e5680cc925b5744","hashSHA1":"d5132bb32312bdbc687013814318d5f2498d3698","hashSHA256":"31021abd1ad3004fbd3432f0f98e6708f85effb036abda64557b9cc759f98af2","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"RuiQing Software Technology Beijing Inc","sourceIndex":"3518","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"AdvancedPDFUtilitiesFree.exe","isInstaller":"True","companyName":"PDFCore Co., Ltd.                                           ","fileVersion":"0.0","hashMD5":"610f5da59dc86796e94fc178a9c5f8d4","hashSHA1":"ee7fd8c91eb33af939842b58822ba7c01c502e4e","hashSHA256":"723f50fefbd4de0b3ebd958271b259df5a51254dd9717859e4f46f878bb8993c","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=RuiQing Software Technology Beijing Inc, O=RuiQing Software Technology Beijing Inc, STREET=\"No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District\", STREET=BeiDuan ErCeng A215, L=Beijing, S=Beijing, PostalCode=100096, C=CN","sourceIndex":"3518","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeYouTubeToMp3WmaConverter.exe","isInstaller":"True","companyName":"FreeAudioVideoSoftTech, Inc.","productName":"Free YouTube to MP3 WMA Converter","hashMD5":"e6a8c4a61f7f272facc8981722d7d690","hashSHA1":"e816532e02c8092a09f80adc6f442667f2bba467","hashSHA256":"3ffd3f06c77296ab0e27eb6adda7c97c99b986f45376b66f796fff5d7359f94c","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"RuiQing Software Technology Beijing Inc","sourceIndex":"3519","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCBoosterFreeAntiSpyware.exe","isInstaller":"True","companyName":"PC Booster, Inc.","productName":"PCBooster Free AntiSpyware","hashMD5":"32dac09346ec905b57279fc488fded89","hashSHA1":"5d58f64372a61b90773bf3f4b453abd38af8bab6","hashSHA256":"1168ebd05c9857642f7b9c6466b2599f8efefae2bea305d8c4eceeff1716147d","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"RuiQing Software Technology Beijing Inc","sourceIndex":"3520","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"FreeSecurityMaster.exe","isInstaller":"True","companyName":"TensionSoft Corporation.","productName":"Free Security Master","hashMD5":"bcd0ea7bc8c2179eb18347c627e73ba5","hashSHA1":"ef12e20a92e134dd54824c71fbad0f2d61f7842a","hashSHA256":"297a2cbc976005224d53396b15a6cb4fa722ca08015bcfc1141dc058473d8c85","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"RuiQing Software Technology Beijing Inc","sourceIndex":"3521","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCTuneUpRegistryCleaner.exe","isInstaller":"True","companyName":"PCTuneUp, Inc.","productName":"PCTuneUp Registry Cleaner","hashMD5":"dbe7dcfce896818bf319e98526857f63","hashSHA1":"39ed08c761cbe3ac02e719f2c03c869f7a3ad92a","hashSHA256":"c2311b3c6e6acac82815172ac0277759c7f396ab64ca61282865635592fc3ae4","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"RuiQing Software Technology Beijing Inc","sourceIndex":"3522","avBlockList":["Avast Internet Security (20190121)","AVG Internet Security (20190121)","Avira Internet Security (20190121)","Bitdefender Internet Security (20190121)","ESET Internet Security (20190121)","G DATA INTERNET SECURITY (20190121)","K7 Total Security (20190121)","Kaspersky Internet Security (20190121)","Malwarebytes Premium (20190121)","McAfee Total Protection (20190121)","Norton Security (20190121)","Panda Dome (20190121)","Sophos Home Premium (20190121)","VirIT eXplorer PRO (20190121)","Webroot SecureAnywhere (20190121)"],"avAllowList":["Trend Micro Internet Security (20190121)","Windows Defender (20190121)"]},{"isRevoked":"False","fileName":"MediaProSoftFreeOCR.exe","isInstaller":"True","companyName":"MediaProSoft Co., Ltd.","productName":"MediaProSoft Free OCR","hashMD5":"1c53a0aefb4e17597a97c931d264bbec","hashSHA1":"37dfeab022bfaaaf84aa3f5c478bf5649cadd657","hashSHA256":"0712dfb02ef7372e925f44c6bba1a97fe5f0b418439595f898e9de080d87b359","digitalCertThumbprint":"1BA7C745EEAF0F0B7940D2FFDE64841E764A2B68","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"RuiQing Software Technology Beijing Inc","sourceIndex":"3523","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.shortcutremover.com","directDownloadingLink":"http://www.shortcutremover.com/download.php?app=freeshortcutremover","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.shortcutremover.com/download.php?app=freeshortcutremover","sourceIndex":"3518"},{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.freeaudiovideosoft.com/downloader-for-windows/free-youtube-to-mp3-converter/","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeYouTubeToMp3WmaConverter.exe","ipv4":"","ipv6":"","sourceIndex":"3519"},{"howFound":"Hunt.Community","reference":"App signed by RuiQing software technology Beijing Inc.","landingPage":"http://pc-booster.net/freeantispyware/overview.php","directDownloadingLink":"http://www.pc-booster.net/PCBoosterFreeAntiSpyware.exe","ipv4":"","ipv6":"","sourceIndex":"3520"},{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.freesecuritymaster.com/","directDownloadingLink":"http://www.freesecuritymaster.com/FreeSecurityMaster.exe","ipv4":"","ipv6":"","sourceIndex":"3521"},{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.pctuneupsuite.com/freeregistrycleaner/index.php","directDownloadingLink":"http://www.pctuneupsuite.com/PCTuneUpRegistryCleaner.exe","ipv4":"","ipv6":"","sourceIndex":"3522"},{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.coolfreestudio.com/freeocr/index.php","directDownloadingLink":"http://www.coolfreestudio.com/MediaProSoftFreeOCR.exe","ipv4":"","ipv6":"","sourceIndex":"3523"},{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.pdfcore.com/","directDownloadingLink":"http://www.pdfcore.com/AdvancedPDFUtilitiesFree.exe","ipv4":"","ipv6":"","sourceIndex":"3524"},{"howFound":"Hunt.Community","reference":"App signed by RuiQing software technology Beijing Inc.","landingPage":"https://free-sound-editor.com/","directDownloadingLink":"http://www.towerstodayvault.com/WQEuKfyViXSDRxjyjVHqcL8OBjrfpupo1Oe69BkgmNF+frlNxmIngVKiNPBRv45nE97_fmX9Z2OSc7zJaGZEn7YYzAbByaPTL2KH9NZv7BTs5tOtmX5J9h07VfqeDyOSsOM7JV+ZdJWMjw3sL6gCxdQ6msKjbFUfuzKhRioij8m0Iaqv1qWd1lwFOLySyGiKrttlN_KNOSgav2T8qTLAJaxZRijcTSB22ElJxNTO4CBGvTkjMlc+gufY4rbZkR0FofLA57zC04zFlWahRP6kCDcKR8XMeCRsV58QVRd0IUnJ7dLoetpuBFCoyUTV1xUp5oUnAilt5V5isL04V2VnE+RKpbF6+F39HetMwfz_4QpYz3uryuJvqekYiz4F8OzmitEqnHDpm5Y_JFCoLrYTOzj4SkkZFdc0gap282vbehbMIxE5988=-GzsAAARycUjbhAokwO5BojzGxv7k4HoH7IAd4zJyfFpjOBFiBcpS7LnNMzdPIKXrA_MA","ipv4":"","ipv6":"","sourceIndex":"3525"},{"howFound":"Hunt.Community","reference":"App signed by RuiQing software technology Beijing Inc.","landingPage":"http://www.freedriverbackup.com/","directDownloadingLink":"http://www.towerstodayvault.com/gvLZiUidsfwFvYZ1Av2XVP4AcWEJsvwf_40SEzDbQx3Bw9d93oIFTzjUk31GFv2OQJPl98dM9z_Izcy56+G7dV7EZ6ytgyqCq8t94NZUyBfv7B1bHuIpwEjMm7AWEy3YSWnIyiBU0hbeYDQHu887n3lIZJEAcaLjU7RMVx27Z60MYLi2zQDey8fSDdrqeQk_RE1VvsIO+PmeCh1TdJp2nTGmiVV8CnxzGWrpuIM4jubs0GnXRet1YClN8F7kRhFkScjtHdEJWfk_ipxJWNwdvpd0IW7Xp+F5NZkBVHzUO+DL866Wov+ArWxiKhPztlL8y_TKhNtqQ4lhnZemQai2zwrcsl5hyaqNFiYunS03qaBrDYiMZ55gnk4U_Ex6ne3lmoi2rnhUCEw0GfPGXd1zBEH1ClIVsQ==-GzoAAAR0YzE+9COmousiCEIzDiRQ+i4Ks4kOJnJCQevwvDHjQ9t26G66nPpLuRBcPh4=","ipv4":"","ipv6":"","sourceIndex":"3526"},{"howFound":"Hunt.Community","reference":"RuiQing Hunting","landingPage":"http://allfreevideoconverter.com/freediscburner/index.html","directDownloadingLink":"http://www.allfreevideoconverter.com/download/AllFreeDiscBurner.exe","ipv4":"","ipv6":"","sourceIndex":"3527"},{"howFound":"Hunt.Community","reference":"RuiQing hunting","landingPage":"","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreeDVDtoiPhoneConverter.exe","ipv4":"","ipv6":"","sourceIndex":"3528"},{"howFound":"Hunt.Community","reference":"RuiQing hunting","landingPage":"","directDownloadingLink":"http://www.freeaudiovideosoft.com/files/FreePDFConverterUtilities.exe","ipv4":"","ipv6":"","sourceIndex":"3529"}],"sampleFiles":["180119/RuiQingBundler-180118/8.8.1/Samples/FreeShortcutRemover.exe","180119/RuiQingBundler-180118/8.8.1/Samples/AdvancedPDFUtilitiesFree.exe","180119/RuiQingBundler-180118/8.8.1/Samples/FreeYouTubeToMp3WmaConverter.exe","180119/RuiQingBundler-180118/8.8.1/Samples/PCBoosterFreeAntiSpyware.exe","180119/RuiQingBundler-180118/8.8.1/Samples/FreeSecurityMaster.exe","180119/RuiQingBundler-180118/8.8.1/Samples/PCTuneUpRegistryCleaner.exe","180119/RuiQingBundler-180118/8.8.1/Samples/MediaProSoftFreeOCR.exe"],"imageFiles":["180119/RuiQingBundler-180118/8.8.1/Images/ACR-039/ACR-065 first offer misleading EULA.png","180119/RuiQingBundler-180118/8.8.1/Images/ACR-047/ACR-047 important.png","180119/RuiQingBundler-180118/8.8.1/Images/ACR-047/ACR-047 reprompting.gif","180119/RuiQingBundler-180118/8.8.1/Images/ACR-048/ACR-048 user cannot cancel install.gif","180119/RuiQingBundler-180118/8.8.1/Images/ACR-059/ACR-059 not clearly marked as offer.png","180119/RuiQingBundler-180118/8.8.1/Images/ACR-075/ACR-075 cancel leaves app installed.gif","180119/RuiQingBundler-180118/8.8.1/Images/ACR-071/ACR-071 no independent selection.png"],"nonDeceptorImageFiles":["180119/RuiQingBundler-180118/8.8.1/Images/ACR-065/ACR-065 no eula for carrier.png","180119/RuiQingBundler-180118/8.8.1/Images/ACR-065/ACR-065 first offer misleading EULA.png","180119/RuiQingBundler-180118/8.8.1/Images/ACR-092/ACR-092 single bundler cert undisclosed.JPG","180119/RuiQingBundler-180118/8.8.1/Images/ACR-037/ACR-037 no privacy describing captures.gif","180119/RuiQingBundler-180118/8.8.1/Images/ACR-071/ACR-071 no independent selection.png","180119/RuiQingBundler-180118/8.8.1/Images/ACR-073/ACR-072 opt out on unrelated offer.png","180119/RuiQingBundler-180118/8.8.1/Images/ACR-074/ACR-073 no skip all.png"],"guid":"20b6f064-209e-49ab-b44f-81bb72b2b97c_8.8.1_1","appID":"RuiQingBundler-180118","dateAdded":"180119","deceptorType":"Bundler","name":"RuiQing Bundler","company":"RuiQing Software Technology, Beijing Inc.","version":"8.8.1","sigName":"Deceptor:Win32/RuiQingBundler!039043047048059075109","lastKnownStatus":"Deceptor:8.8.1","lastKnownDate":"180331","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows 8,Windows Vista,Windows 7,Windows 10,Windows XP","targetBrowser":"Chrome,Firefox,IE","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"sold in bundle,cross-sell other apps,search","lastUpdate":"2018-11-06T16:06:55.606939+00:00","notDistributed":false,"familyName":"ruiqing-bundler-ruich","numInFamily":5,"numInAppID":1,"sortOrder":1855},{"violations":{"ACR-003":"The app reports \"out of date drivers\" but no way to substantiate this: no details provided. The app also prompts the user the download the new drivers  to fix the device problem which is misleading and raises the urgency for the user to take action.\n","ACR-084":"The application runs silently in the background, hiding the fact that it is active from the user. The user is unable to disable the software from launching on startup using the application interface as the task is still active in task scheduler after the option is disabled using the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the install that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-002":"The app name is not consistent across all points of user interaction. The app's EULA is labeled \"THREATFIRE END USER LICENSE AGREEMENT\", yet the name of the app is \"OSpeedy Driver Updater\" and the vendor name is \"Speedy HLDGS Limited\".\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n","ACR-035":"The app's EULA is labeled \"THREATFIRE END USER LICENSE AGREEMENT\" which is not consistent with the app name or the vendor name used for the app.\n","ACR-167":"The application's Docs have no mention of a 30 days returns and cancellation policy that provides at least a 30-day refund of anything paid, and a cancellation of any recurring service.\n","ACR-003":"The app reports \"out of date drivers\" but no way to substantiate this: no details provided. The app also prompts the user the download the new drivers  to fix the device problem which is misleading and raises the urgency for the user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"OSpeedyDriverUpdater.exe","isInstaller":"True","companyName":"Speedy HLDGS Limited","productName":"OSpeedy Driver Updater","productVersion":"4.2.0.1","fileVersion":"N/A","hashMD5":"1a3b84c62e88792925e3b0582b086728","hashSHA1":"2ad586138a96de894b2df02276399bf5d9e08a7f","hashSHA256":"f66b8bc766ae1a5440830b1d6292cc92125cad7c4ad97a50d7f41679f4f9ccc0","digitalCertThumbprint":"6BC0E04DDB8CBAD41B77BFEB8CC44723E5D82D07","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Speedy HLDGS Limited","sourceIndex":"3811","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.ospeedy.com/driver-updater/","directDownloadingLink":"http://download.ospeedy.com/download/driverupdater/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3811"}],"sampleFiles":["180117/OSpeedyDriverUpdater-180113/4.2.0.1/Samples/setup.exe"],"imageFiles":["180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-003/ACR-003_software.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-084/ACR-084_software.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-084/ACR-084_software1.JPG"],"nonDeceptorImageFiles":["180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-065/ACR-065_install.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-065/ACR-065_software.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-002/ACR-002_docs.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-161/ACR-161_landingpage.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-161/ACR-161_landingpage1.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-099/ACR-099_software.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-035/ACR-035_DOCS.JPG","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-167/ACR-167_docs.txt","180117/OSpeedyDriverUpdater-180113/4.2.0.1/Images/ACR-003/ACR-003_software.JPG"],"guid":"14850343-42e5-4d22-bc90-709244be1216_4.2.0.1_1","appID":"OSpeedyDriverUpdater-180113","dateAdded":"180117","deceptorType":"App","name":"OSpeedy Driver Updater","company":"OSPEEDY.COM","version":"4.2.0.1","sigName":"Deceptor:Win32/OSpeedyDriverUpdater!003084","lastKnownStatus":"Deceptor:4.2.0.1","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2614},{"violations":{"ACR-003":"The application exaggerates shared DLLs, File Extension and empty registry keys as issues using high colour gradient, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-002":"The application's vendor name is not consistent across all points of user interaction, the EULA Provides the name THREATFIRE as the vendor name when the real vendor name is Speedy HLDGS Limited.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-035":"The application's EULA is the heading \"THREATFIRE END USER LICENSE AGREEMENT\" which is not the app name or the vendor name used for the app.\n","ACR-167":"The application's docs has no mention of a 30 days refund policy.\n","ACR-003":"The application exaggerates shared DLLs, File Extension and empty registry keys as issues using high colour gradient, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"Speedy HLDGS Limited","productName":"OSpeedy System Optimizer","productVersion":"6.5.1.0","fileVersion":"","hashMD5":"8856353b62dc2a3d8e4da38dbfc517f9","hashSHA1":"8d9095e860b2831a667f5c28cc54cd59bd470b2d","hashSHA256":"8a3c6a75ead7b2d75bbdd060b6d55c85bf37683e42b090a2152d652dd10a949f","digitalCertThumbprint":"6BC0E04DDB8CBAD41B77BFEB8CC44723E5D82D07","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Speedy HLDGS Limited","sourceIndex":"3799","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.ospeedy.com/system-optimizer/","directDownloadingLink":"http://www.ospeedy.com/download/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3799"}],"sampleFiles":["180116/OSpeedySystemOptimizer-180113/6.5.1.0/Samples/setup (2).exe"],"imageFiles":["180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-003/ACR_003_SOFTWARE.PNG","180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-017/ACR_017_INSTALL.PNG","180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-017/ACR_017_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-065/ACR_065_INSTALL.PNG","180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-002/ACR_002_DOCS.PNG","180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-035/ACR_035_DOCS.PNG","180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-003/ACR_003_SOFTWARE.PNG","180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-017/ACR_017_INSTALL.PNG","180116/OSpeedySystemOptimizer-180113/6.5.1.0/Images/ACR-017/ACR_017_SOFTWARE.PNG"],"guid":"b1bdb473-1c39-4246-850e-5fafa3b7f01a_6.5.1.0_1","appID":"OSpeedySystemOptimizer-180113","dateAdded":"180116","deceptorType":"App","name":"OSpeedy System Optimizer","company":"Speedy HLDGS Limited","version":"6.5.1.0","sigName":"Deceptor:Win32/OSpeedySystemOptimizer!003017","lastKnownStatus":"Deceptor:6.5.1.0","lastKnownDate":"180116","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:16:31.5238872+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2615},{"violations":{"ACR-003":"The application exaggerates keyboard drivers as out-of-date saying this driver can cause problems, system slowdowns and blue screen errors, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get 50% OFF the regular registration price for the program.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying multiple unverifiable 5 star rating logos.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTurboSetup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"ccb991aa344770af28d26c17f35aefee","hashSHA1":"c02e87dc30261a24612b0b76eddb907b1aa506f6","hashSHA256":"9374287d17aa5dc01e55eeeaeb83bbea6959b5207ceffd7eb33a13352ddd5736","digitalCertThumbprint":"9D7675BFC7E77889AF1D5C34CB02698BC722079C","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"DeskToolsSoft B.V","sourceIndex":"3688","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Community","reference":"MB210signed","landingPage":"http://www.driverturbo.com/","directDownloadingLink":"http://www.driverturbo.com/download.php","ipv4":"","ipv6":"","sourceIndex":"3688"}],"sampleFiles":["180115/DriverTurbo-180113/3.3.0/Samples/DriverTurboSetup.exe"],"imageFiles":["180115/DriverTurbo-180113/3.3.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","180115/DriverTurbo-180113/3.3.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","180115/DriverTurbo-180113/3.3.0/Images/ACR-017/ACR_017_SOFTWARE.PNG","180115/DriverTurbo-180113/3.3.0/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180115/DriverTurbo-180113/3.3.0/Images/ACR-065/ACR_065_INSTALL.PNG","180115/DriverTurbo-180113/3.3.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","180115/DriverTurbo-180113/3.3.0/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","180115/DriverTurbo-180113/3.3.0/Images/ACR-099/ACR_099_SOFTWARE.PNG","180115/DriverTurbo-180113/3.3.0/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"eebc8350-023e-482a-8be0-c2333e961e93_3.3.0_1","appID":"DriverTurbo-180113","dateAdded":"180115","deceptorType":"App","name":"Driver Turbo","company":"DeskToolsSoft B.V","version":"3.3.0","sigName":"Deceptor:Win32/DriverTurbo!003017118","firstVendorContactDate":"180219","firstAppEsteemReplyDate":"180219","firstResolvedDate":"180219","firstResolvedVersion":"3.5.0","resolved":"TRUE","lastKnownStatus":"Deceptor:3.3.0","lastKnownDate":"180115","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-02-19T20:06:22.2922179+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2616},{"violations":{"ACR-084":"The application runs silently in the background, hiding the fact that it is active from the user. The user is unable to disable the software from launching on startup using the application interface as the task is still active in task scheduler after the option is disabled using the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThere are no links on the internal offer page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"PCManagerPro.exe","isInstaller":"True","companyName":"PC Manager Pro","productName":"PC Manager Pro","productVersion":"3.2","fileVersion":"3.2","hashMD5":"21b9b882e065173c7c16ba317107de59","hashSHA1":"7a005176fb2c6d9e0a451cb66e002d6cad499a24","hashSHA256":"3335990f0e01fab04f267b7853b2a3f17df1e1e5b14fccb865de69aff56f2b14","digitalCertThumbprint":"572931C6DB6492B5A703EFB486C59B1717DEBB74","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA","digitalCertIssuedTo":"Smart PC Solutions, Inc.","sourceIndex":"3696","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org search for pc optimizer","landingPage":"http://www.pcmanagerpro.com/","directDownloadingLink":"http://download.pcmanagerpro.com/PCManagerPro.exe","ipv4":"","ipv6":"","sourceIndex":"3696"}],"sampleFiles":["180113/PCManagerPro-180111/3.2/Samples/PCManagerPro.exe"],"imageFiles":["180113/PCManagerPro-180111/3.2/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":["180113/PCManagerPro-180111/3.2/Images/ACR-065/ACR-065_internaloffer.JPG","180113/PCManagerPro-180111/3.2/Images/ACR-065/ACR-065_install.JPG","180113/PCManagerPro-180111/3.2/Images/ACR-065/ACR-065_software.JPG","180113/PCManagerPro-180111/3.2/Images/ACR-088/ACR-088_software.JPG","180113/PCManagerPro-180111/3.2/Images/ACR-099/ACR-099_internaloffer.JPG","180113/PCManagerPro-180111/3.2/Images/ACR-099/ACR-099_software.JPG"],"guid":"e824bd53-1e4e-4a3f-b003-690825f98df2_3.2_1","appID":"PCManagerPro-180111","dateAdded":"180113","deceptorType":"App","name":"PC Manager Pro","company":"PC Manager Pro","version":"3.2","sigName":"Deceptor:Win32/PCManagerPro!084","firstResolvedVersion":"App shutdown","resolved":"TRUE","lastKnownStatus":"Deceptor:3.2","lastKnownDate":"180111","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:42:00.3853814+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2617},{"violations":{"ACR-050":"The app creates a task to skip User account controls (UAC) by default and does not disclose this information to the user in the EULA or during installation.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is also unable to disable these tasks using the standard application interface.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-099":"The application's internal offer page has no link or information that shows how the app can be uninstalled.\n\nThe application has no link or information that shows how it can be uninstalled.\n"},"samples":[{"isRevoked":"False","fileName":"gu5setup 1.8.2018","isInstaller":"True","companyName":"Glarysoft Ltd","productName":"Glary Utilities 5","productVersion":"5.91.0.112","fileVersion":"5.91.0.112","hashMD5":"ee5111a91b309091ddf5487c47cd243b","hashSHA1":"16c08f04f468404a84e59dc5b73600e85e0b3558","hashSHA256":"09a050de5db9633e8241fb393de4544c5924e0db0fb705f3bfde379895925466","digitalCertThumbprint":"885AF2EEE811C8079ABF7B0C8B012D3A5DAFF4E6","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Glarysoft LTD","sourceIndex":"3720","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"http://download.cnet.com/Glary-Utilities/3000-18512_4-10508531.html","landingPage":"http://www.glarysoft.com/","directDownloadingLink":"https://download.glarysoft.com/gu5setup.exe","ipv4":"","ipv6":"","sourceIndex":"3720"}],"sampleFiles":["180112/D-K7-GlaryUtilities-171020/5.91.0.112/Samples/gu5setup 1.8.2018.exe"],"imageFiles":["180112/D-K7-GlaryUtilities-171020/5.91.0.112/Images/ACR-050/ACR-050_software.JPG","180112/D-K7-GlaryUtilities-171020/5.91.0.112/Images/ACR-084/ACR-084_software.JPG"],"nonDeceptorImageFiles":[],"guid":"f521a128-73be-4cf0-9a4e-7a14a12fdb9f_5.91.0.112_1","appID":"D-K7-GlaryUtilities-171020","dateAdded":"180112","deceptorType":"App","name":"Glary Utilities 5","company":"Glarysoft Ltd","version":"5.91.0.112","sigName":"NonCertified:Win32/GlaryUtilities5","firstVendorContactDate":"180206","firstAppEsteemReplyDate":"180206","firstResolvedDate":"180206","firstResolvedVersion":"5.9.2","resolved":"TRUE","lastKnownStatus":"Deceptor:5.9.1.0.112;NonCertified:5.9.2","lastKnownDate":"180207","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:33:27.3298734+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2619},{"violations":{"ACR-003":"The application reports out of date drivers as high severity without substantiated details and some misleading info (e.g the app claims a out of date driver, its new version drivers are older than the current installed). It misleads the user to take action. \n","ACR-084":"The application runs silently in the background, hiding the fact that it is active from the user. The user is unable to disable the software from launching on startup using the application interface as no options are provided.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"After clicking on EULA and Privacy Policy links in installation both lead to webpage errors (Error establishing a database connection)\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"DriverBoosterInstaller.exe","isInstaller":"True","companyName":"Energizer Softech ltd","productName":"Driver Booster","productVersion":"NA","fileVersion":"1.0.39.0","hashMD5":"bdd257282057f8ddd586d67bce5f1d6e","hashSHA1":"9ecc51a512e6ea604c08567d8a21976375de3fda","hashSHA256":"e3e924dff18adc52598cfb984f24987376a19eba26e2359103457a1c326e15e9","digitalCertThumbprint":"0742B3737EBBDDDB11889C1F6E358DCF16DE9A1C","digitalCertIssuer":"COMODO Code Signing CA","digitalCertIssuedTo":"Energizer Softech Pvt ltd","sourceIndex":"3295","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"App was offered by Driver Booster","landingPage":"http://www.pcbooster.com/driver-booster","directDownloadingLink":"http://download.pcbooster.com/driver/DriverBoosterInstaller.exe","ipv4":"","ipv6":"","sourceIndex":"3295"}],"sampleFiles":["180112/Driver Booster-170926/1.0.39.0/Samples/DriverBoosterInstaller.exe"],"imageFiles":["180112/Driver Booster-170926/1.0.39.0/Images/ACR-003/ACR-003 High Severity Drivers.PNG","180112/Driver Booster-170926/1.0.39.0/Images/ACR-003/ACR-003 Older driver 2.PNG","180112/Driver Booster-170926/1.0.39.0/Images/ACR-003/ACR-003 Older driver.PNG","180112/Driver Booster-170926/1.0.39.0/Images/ACR-168/ACR-168 APP.PNG"],"nonDeceptorImageFiles":["180112/Driver Booster-170926/1.0.39.0/Images/ACR-163/ACR-163 Interaction Landing Page.PNG","180112/Driver Booster-170926/1.0.39.0/Images/ACR-168/ACR-168 Landing Page.PNG","180112/Driver Booster-170926/1.0.39.0/Images/ACR-065/ACR-065 Driver Booster Install Privacy error.PNG","180112/Driver Booster-170926/1.0.39.0/Images/ACR-065/ACR-065 Driver Booster Install eula error.PNG","180112/Driver Booster-170926/1.0.39.0/Images/ACR-163/ACR-163 Interaction App.PNG"],"guid":"15f7d8f4-a825-4bb3-bb04-62aff4000eca_1.0.39.0_1","appID":"Driver Booster-170926","dateAdded":"180112","deceptorType":"App","name":"Driver Booster","company":"PC Booster Energizertech Ltd","version":"1.0.39.0","sigName":"Deceptor:Win32/DriverBooster!003084168","lastKnownStatus":"Deceptor:1.0.39.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:51:54.0176727+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2618},{"violations":{"ACR-042":"An unrelated object is installed without the consumer's knowledge or consent\n","ACR-043":"\"Online File Converter\" is installed without disclosure during installation and EULA document.\n","ACR-007":"The app pretends to be another vendor's or platform app to dupe the consumer into taking some action based on a misplaced trust level\n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake, unverifiable or expired endorsements\n","ACR-118":"File convert components are left on user system after app is uninstalled\n","ACR-119":"Monetization components are not removed after app is uninstalled.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to provide company name and product name for the following executables: \"FoxPDF.exe\", \"OfficeLinks.exe\", \"XlsXViewer.exe\".\n","ACR-065":"The app needs to disclose the EULA/Terms of Service and Privacy Policy during installation.\nThe app needs to disclose the EULA/Terms of Service and Privacy Policy in the software.\n","ACR-088":"App opens free-convert website without user authorization after app installation is completed.\n","ACR-092":"Digital signature is required for the following executables: \"FoxPDF.exe\", \"OfficeLinks.exe\", \"Uninstall.exe\", \"XlsXViewer.exe\", \"XlsXViewer.exe\".\n","ACR-099":"The app needs to disclose uninstall information in the software.\nThe app needs to disclose uninstall information in the landing page.\n","ACR-007":"The app pretends to be another vendor's or platform app to dupe the consumer into taking some action based on a misplaced trust level\n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake, unverifiable or expired endorsements\n"},"samples":[{"isRevoked":"False","fileName":"XlsXViewer.exe","isInstaller":"True","companyName":"FoxPDF Software Inc","fileVersion":"2","hashMD5":"a5f7738d7d726f37cb0a5bab50ab43d0","hashSHA1":"10c2bc2009bea56e17e2a35a181c111850461b43","hashSHA256":"ff175ca7c23a3d3c2b9f99252b645453bf1f5edf5d5c80bc171be6161d7ce4f8","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"3708","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"security partner report","reference":"Sophos","landingPage":"http://www.foxpdf.com/XlsX-Viewer/XlsX-Viewer.html","ipv4":"","ipv6":"","sourceIndex":"3708"}],"sampleFiles":["180111/XlsXViewer-180109/2.0/Samples/XlsXViewer.exe"],"imageFiles":["180111/XlsXViewer-180109/2.0/Images/ACR-042/ACR-042_Install_Component_Without_User_Consent.mp4","180111/XlsXViewer-180109/2.0/Images/ACR-042/ACR-042_Install_Component_Without_User_consent.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-043/XlsXView_OnlineFileConverter2.PNG","180111/XlsXViewer-180109/2.0/Images/ACR-007/ACR-007_Software_Misleading_Logo.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-007/XlsXView_OnlineFileConverter1.PNG","180111/XlsXViewer-180109/2.0/Images/ACR-017/ACR-017_LandingPage_Misleading_Logo.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-017/ACR-017_LandingPage_Misleading_Logo2.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-017/ACR-017_Software_Misleading_Logo.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-118/FileConvertMonitization.PNG","180111/XlsXViewer-180109/2.0/Images/ACR-119/FileConvertMonitization.PNG"],"nonDeceptorImageFiles":["180111/XlsXViewer-180109/2.0/Images/ACR-038/ACR-038_Install_AppSource_Required.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-065/ACR-065_Install_NoEULA_PrivacyPolicy.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-065/ACR-065_Software_NoEULA_PrivacyPolicy.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-088/freeconvert.PNG","180111/XlsXViewer-180109/2.0/Images/ACR-092/ACR-092_Software_DigitalSignature_Not_Available.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-099/ACR-099_LandingPage_NoUninstall_Info.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-099/ACR-099_Software_NoUninstall_Info.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-007/ACR-007_Software_Misleading_Logo.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-007/XlsXView_OnlineFileConverter1.PNG","180111/XlsXViewer-180109/2.0/Images/ACR-017/ACR-017_LandingPage_Misleading_Logo.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-017/ACR-017_LandingPage_Misleading_Logo2.JPG","180111/XlsXViewer-180109/2.0/Images/ACR-017/ACR-017_Software_Misleading_Logo.JPG"],"guid":"0d26f29c-0686-41d3-9f1b-30d030b623e8_2.0_1","appID":"XlsXViewer-180109","dateAdded":"180111","deceptorType":"App","name":"XlsXViewer","company":"FoxPDF Software Inc","version":"2.0","sigName":"Deceptor:Win32/XlsXViewer!007017042043118119","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"180110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows Server,Windows 10,Windows XP,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"display ads","lastUpdate":"2018-02-15T00:38:57.603704+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2620},{"violations":{"ACR-048":"The application scheduled tasks cannot be disabled using standard platform-provided methods. Scheduled tasks are still active even after disabling it using the software provided method.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements. The app display \"Gold Microsoft Partner\" logo which is unable to be verified.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-124":"App presents more than one uninstall confirmation prompts. In order to completely uninstall the app, user needs to provides positive confirmation to the first prompt and provides negative confirmation to the second prompt.  It introduces unnecessary friction for user.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no links that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy on the internal offer.\n","ACR-161":"The application has testimonials on the landing page that have no links back to a source so consumers can verify if they are real.\nThe application has testimonials on the internal offer that have no links back to a source so consumers can verify if they are real.\n","ACR-099":"The application has no link or information that shows how to uninstall the app on the software.\nThe application has no link or information that shows how to uninstall the app on the internal offer.\n","ACR-150":"The app displays \"Gold Microsoft Partner\" logo and five star rated user reviews that cannot be verified.\nThe app displays \"Gold Microsoft Partner\" logo and five star reviews that are unable to be verified.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements. The app displays \"Gold Microsoft Partner\" logo which cannot  be verified.\n"},"samples":[{"isRevoked":"False","fileName":"drivereasy.exe","isInstaller":"True","companyName":"Easeware Technology Limited","productName":"Driver Easy","productVersion":"5.5.5","fileVersion":"5.5.5.0","hashMD5":"42e661f5b4251eeb00e6c968ef0750ba","hashSHA1":"f591dc7dfcf8a02b6ca7421d0d7704bbce520e17","hashSHA256":"5fc6da14dfc124a000c0143400c5a04d677bc5ad9c651a038cccc96fd4fb8b42","digitalCertThumbprint":"CDCDAC0BB5F7515042776019A013E09C5D36E84E","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Easeware Technology Limited","sourceIndex":"3800","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DriverEasy_Setup.exe","isInstaller":"True","companyName":"Easeware Technology Limited","productName":"Driver Easy","productVersion":"5.5.6","fileVersion":"5.5.6.0","hashMD5":"5a28d4598c91fc1285fb4a692bff8b99","hashSHA1":"1602080781e3a621a7c1b4eae537b5ac337865ab","hashSHA256":"5e98d9517695c2db03307cfe89d1c85d0d41ca92305643843a2bb10a8edbcf25","digitalCertThumbprint":"cdcdac0bb5f7515042776019a013e09c5d36e84e","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"HK, Kowloon, Tsimshatsui, Easeware Technology Limited, Easeware Technology Limited","sourceIndex":"3800","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (drivers)","landingPage":"https://www.drivereasy.com/","directDownloadingLink":"http://files.downloadnow-1.com/s/software/15/97/86/80/DriverEasy_Setup.exe?token=1511223535_2f2e13d94a2b5da09195a3ee126885d5&fileName=DriverEasy_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3800"}],"sampleFiles":["180110/DriverEasy-171120/5.5.5/Samples/DriverEasy_Setup.exe","180110/DriverEasy-171120/5.5.5/Samples/DriverEasy_Setup_6.exe"],"imageFiles":["180110/DriverEasy-171120/5.5.5/Images/ACR-048/ACR-048_software.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-048/ACR-048_software1.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-017/ACR-017_internaloffer.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-017/ACR-017_landingpage.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-084/ACR-084_software.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-084/ACR-084_software1.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-124/DriverEasy_Uninst1.PNG","180110/DriverEasy-171120/5.5.5/Images/ACR-124/DriverEasy_Uninst2.PNG"],"nonDeceptorImageFiles":["180110/DriverEasy-171120/5.5.5/Images/ACR-065/ACR-065_internal_offer.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-065/ACR-065_install.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-065/ACR-065_software.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-161/ACR-161_internaloffer.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-161/ACR-161_landingpage.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-099/ACR-099_software.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-150/ACR-150_internaloffer.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-150/ACR-150_landingpage.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-150/ACR-150_landingpage1.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-017/ACR-017_internaloffer.JPG","180110/DriverEasy-171120/5.5.5/Images/ACR-017/ACR-017_landingpage.JPG"],"guid":"4f27fdcb-d791-4e98-b9de-3f1e279f448f_5.5.5_1","appID":"DriverEasy-171120","dateAdded":"180110","deceptorType":"App","name":"Driver Easy","company":"Easeware Technology Limited","version":"5.5.5","sigName":"Deceptor:Win32/DriverEasy!048084017097","firstVendorContactDate":"180116","firstAppEsteemReplyDate":"180116","firstResolvedDate":"180116","firstResolvedVersion":"5.6.0.6935","resolved":"TRUE","lastKnownStatus":"Deceptor:5.5.5","lastKnownDate":"180110","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:16:30.4108324+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2621},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries as errors and problems (e.g. in red).\n\n"},"nonDeceptorViolations":{"ACR-040":"The application is not installed in the default location. The application was installed in a App data hidden folder. The consumers wouldn't be able to identify the app's location.\n","ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n\n","ACR-099":"The landing page has no link to a webpage that shows how to uninstall the app.\n\nThe application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-167":"The application requires payment prior to demonstrating its value and does not provide a trial.\n\n"},"samples":[{"isRevoked":"False","fileName":"PC MightyMax.exe","companyName":"PC MightyMax, Inc.","productName":"PC MightyMax","productVersion":"1.9.0","fileVersion":"1.9.0","hashMD5":"baab39605f4a0224e60b92a73966c4d","hashSHA1":"3b60104d55c61367680acf6fe7fa2b350f179090","hashSHA256":"5132ee9939381f1515e8355467e6799e7db6ab5a7174fbe1b61d802a36414c5b","digitalCertThumbprint":"EF10DE27A8014C452B62D65E203ED1FEE4AE610C","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"PC MightyMax, Inc.","sourceIndex":"2515","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.pcmightymax.net/","directDownloadingLink":"http://pcmm-downloads.s3.amazonaws.com/PCMightyMax2015.exe?Signature=Rj%2BKMOSG3IKxcO85V%2F80nwWUC08%3D&Expires=1507997257&AWSAccessKeyId=AKIAJBQOLJGIMHKWDHRQ&response-content-disposition=attachment%3B%20filename%3D%22PCMightyMax2015_249.EXE%22","ipv4":"","ipv6":"","sourceIndex":"2515"}],"sampleFiles":["180105/PC MightyMax-171013/1.9.0/Samples/PCMightyMax2015_249.EXE"],"imageFiles":["180105/PC MightyMax-171013/1.9.0/Images/ACR-003/acr_003.PNG","180105/PC MightyMax-171013/1.9.0/Images/ACR-003/acr_003_1.PNG"],"nonDeceptorImageFiles":["180105/PC MightyMax-171013/1.9.0/Images/ACR-167/acr_167.PNG","180105/PC MightyMax-171013/1.9.0/Images/ACR-040/acr_040.PNG"],"guid":"cfc3c7e8-3d7e-490d-a848-4b3bed32b59f_1.9.0_1","appID":"PC MightyMax-171013","dateAdded":"180105","deceptorType":"App","name":"PC MightyMax  ","company":"PC MightyMax, Inc.","version":"1.9.0","sigName":"Deceptor:Win32/PCMightyMax!003","lastKnownStatus":"Deceptor:1.9.0","lastKnownDate":"200318","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-03-18T20:43:43.3483357+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2624},{"violations":{"ACR-003":"App calls the drivers that can be updated obsolete, which is based on the misleading dates for DriverVer INF file, thus it raises urgency and misleads user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsements tied to the webpage, but displayed as if they endorsed the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-160":"The application does not use a certified call center to monetize the app. The app uses Premium Technical Support to monetize.\n"},"samples":[{"isRevoked":"False","fileName":"pinnacledusite.exe","isInstaller":"True","companyName":"Pinnacle PC Performance","productName":"Pinnacle Driver Update","productVersion":"1.0.0.20462","fileVersion":"1.0.0.20462","hashMD5":"6b7a0de72f076b1a7a72eb9a9e51f4e4","hashSHA1":"1da3ead8de5cb5fa06d8b4a4be2bc4eaaf5c0043","hashSHA256":"3a2b2c7864f1ae2e021196852f754db3e0e8bde2abfa22d1be3f00bebb053787","digitalCertThumbprint":"82467AC05052315D2F4E2F7CFF448F9D26393406","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Pinnacle PC Performance","sourceIndex":"3296","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offered","reference":"App was offered by Pinnacle PC Performance","landingPage":"http://pinnaclepcperformance.com/driverupdater/","directDownloadingLink":"http://cdn.pinnaclepcperformance.com/du/pdu/securedl/pinnacledusite.exe","ipv4":"","ipv6":"","sourceIndex":"3296"}],"sampleFiles":["180105/Pinnacle Driver Updater-170927/1.0.0.20462/Samples/pinnacledusite.exe"],"imageFiles":["180105/Pinnacle Driver Updater-170927/1.0.0.20462/Images/ACR-003/Pinnacle_003.PNG","180105/Pinnacle Driver Updater-170927/1.0.0.20462/Images/ACR-017/ACR-017_software.JPG","180105/Pinnacle Driver Updater-170927/1.0.0.20462/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180105/Pinnacle Driver Updater-170927/1.0.0.20462/Images/ACR-163/ACR-163_software.JPG","180105/Pinnacle Driver Updater-170927/1.0.0.20462/Images/ACR-160/ACR-160_software.JPG"],"guid":"8597ec92-a6c4-4e34-9e10-15531c0c9045_1.0.0.20462_1","appID":"Pinnacle Driver Updater-170927","dateAdded":"180105","deceptorType":"App","name":"Pinnacle Driver Updater","company":"Pinnacle PC Performance","version":"1.0.0.20462","sigName":"Deceptor:Win32/PinnacleDriverUpdater!003017168","lastKnownStatus":"Deceptor:1.0.0.20462","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:25:40.0345154+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2623},{"violations":{"ACR-003":"The application exaggerates Internet speed, Memory levels, registry issues, system clutter and internet clutter  as a HIGH system impact issues without substantiated details. therefore misleading or scaring user to take action.\n","ACR-017":"App displays Microsoft certified partner logo which is meant for software vendor, not application. This misleads user to impression that application is certified by microsoft\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the Terms of Service.\nThe application's internal offer webpage has no link to a website that shows the Terms of Service.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"Contacted the phone number (877)354-2953) provided by System Checkup and got a automated response message say the name of the company is iolo Technologies technical support and premium services.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-064":"The application's landing page has the download button displayed has \"Scan Now\" instead of using the word Download.\n","ACR-066":"The application internal offer webpage displays a another name for the app than what is installed. The installed application is System Checkup and when the fix issues now option is selected from the app a webpage opens and displays System Mechanic as the offer to purchase.\nThe application landing page does not specify that the application name is System Checkup.\n","ACR-159":"The application's landing page does not specify that the app will have to be purchased in order to fix the issues found.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"SCUDownloader.exe","isInstaller":"True","companyName":"iolo technologies","productName":"SystemCheckup","productVersion":"4.0.0.145","fileVersion":"4.0.0.145","hashMD5":"325708286c73e20fbef971cf5f318110","hashSHA1":"489422a3521e6fe1d32a86b2b2a5ee572920b272","hashSHA256":"eaee1bddf112899b05e1cc968fb2c7fb269cb18dc87dd13c366914cee8de42bf","digitalCertThumbprint":"CB9FBF1BD2D6C275A9F3A870C0846679EB822157","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"iolo technologies, LLC","sourceIndex":"3562","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"adplexity: search for \"system repair\" on landing page","landingPage":"iolo.com","directDownloadingLink":"http://download.iolo.net/scu/4/general_iolohome_en/SCUDownloader.exe","ipv4":"","ipv6":"","sourceIndex":"3562"}],"sampleFiles":["180105/SystemChecker-180102/4.0.0.145/Samples/SCUDownloader.exe"],"imageFiles":["180105/SystemChecker-180102/4.0.0.145/Images/ACR-003/ACR_003_SOFTWARE.PNG","180105/SystemChecker-180102/4.0.0.145/Images/ACR-017/SystemChecker_017.PNG","180105/SystemChecker-180102/4.0.0.145/Images/ACR-084/ACR_084_SOFTWARE.PNG","180105/SystemChecker-180102/4.0.0.145/Images/ACR-168/ACR_168_SOFTWARE.PNG","180105/SystemChecker-180102/4.0.0.145/Images/ACR-118/ACR_118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180105/SystemChecker-180102/4.0.0.145/Images/ACR-163/ACR_163_SOFTWARE.PNG","180105/SystemChecker-180102/4.0.0.145/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180105/SystemChecker-180102/4.0.0.145/Images/ACR-168/ACR_168_LANDING_PAGE.PNG","180105/SystemChecker-180102/4.0.0.145/Images/ACR-064/ACR_064_LANDING_PAGE.PNG","180105/SystemChecker-180102/4.0.0.145/Images/ACR-159/ACR_159_LANDING_PAGE.PNG"],"guid":"ea0f244f-2842-41bd-9199-ad86cff31fcc_4.0.0.145_1","appID":"SystemChecker-180102","dateAdded":"180105","deceptorType":"App","name":"System Checkup","company":"iolo technologies, LLC","version":"4.0.0.145","sigName":"Deceptor:Win32/SystemChecker!003017084168118","firstVendorContactDate":"180409","firstAppEsteemReplyDate":"180409","firstResolvedDate":"180907","firstResolvedVersion":"5.0.1.125","resolved":"TRUE","lastKnownStatus":"Deceptor:4.0.0.145","lastKnownDate":"180102","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-09-07T23:46:54.4694725+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2622},{"violations":{"ACR-003":"The app exaggerates empty and invalid registry keys as problems,thereby misleading or scaring the user to take action to fix them.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install\nThe app does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software\n","ACR-099":"no uninstall instructions are provided on the internal offer.\nno uninstall instructions are provided on the landing page.\nno uninstall instructions are provided on the software.\n"},"samples":[{"isRevoked":"False","fileName":"Smartactivexerrorfixer.exe","isInstaller":"True","companyName":"LionSea Software","productName":"Smart ActiveX Errors Fixer Pro","productVersion":"4.5.0","fileVersion":"na","hashMD5":"6c56edb444a5b6b12703ef82dbc18ae5","hashSHA1":"daffbd43314869caf6b161b257a7ddc60f895d0d","hashSHA256":"e5589fbc18cd07c12d1e9cbfb30e1cef60eda0dc3fd91ae318f5b0bbcf471b74","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3604","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"www.softdeluxe.com","landingPage":"http://www.lionsea.com/product_activexerrorspro.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_ActiveX_Errors_Fixer_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3604"}],"sampleFiles":["180105/SmartActiveXErrorsFixer-171012/4.5.0/Samples/Smart_ActiveX_Errors_Fixer_Pro_Setup.exe"],"imageFiles":["180105/SmartActiveXErrorsFixer-171012/4.5.0/Images/ACR-003/ACR-003_SOFTWARE.PNG","180105/SmartActiveXErrorsFixer-171012/4.5.0/Images/ACR-003/ACR-003_SOFTWARE2.PNG"],"nonDeceptorImageFiles":[],"guid":"a0c51d92-173e-40fe-b67f-2dace62b53b5_4.5.0_1","appID":"SmartActiveXErrorsFixer-171012","dateAdded":"180105","deceptorType":"App","name":"Smart ActiveX Errors Fixer","company":" LionSea Software Co., LTD","version":"4.5.0","sigName":"Deceptor:Win32/SmartActiveXErrorsFixer!003","lastKnownStatus":"Deceptor:4.5.0","lastKnownDate":"180105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T03:05:57.91753+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2517},{"violations":{"ACR-084":"The application creates undisclosed scheduled task without the user's knowledge and consent and the user is unable to disable the task from the application interface.\n\n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains an executable on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's installer has no links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThere are no links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-088":"The application starts a scan post installation without explicit user interaction or permission\n","ACR-099":"The application has no link or information that shows how to uninstall the app on the software.\n\nThe application has no link or information that shows how to uninstall the app on the internal offer.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"easyspeedpc.exe","isInstaller":"True","companyName":"Probit Software LTD","productName":"Easy Speed PC","productVersion":"8.2.0","fileVersion":"8.2.0.641","hashMD5":"a97405966e74d32b4948a06daec8cf3f","hashSHA1":"4646d6ff1321851096efa3104247cd374b19284e","hashSHA256":"997b426c2bd1b3ce418ef2df0190e989177d6e403ba7f22a782108e1b527fa51","digitalCertThumbprint":"94441E6279373C98300811E2183083B8119C0042","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Probit Software LTD","sourceIndex":"3318","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"https://en.freedownloadmanager.org (registry)","landingPage":"http://www.easyspeedpc.com/","directDownloadingLink":"http://download.easyspeedpc.com/publishers/3/848/EasySpeedPC.exe","ipv4":"","ipv6":"","sourceIndex":"3318"}],"sampleFiles":["180104/EasySpeedPC-171117/8.2.0/Samples/EasySpeedPC.exe"],"imageFiles":["180104/EasySpeedPC-171117/8.2.0/Images/ACR-084/ACR-084_software.JPG","180104/EasySpeedPC-171117/8.2.0/Images/ACR-084/ACR-084_software2.JPG","180104/EasySpeedPC-171117/8.2.0/Images/ACR-084/ACR-084_software1.JPG","180104/EasySpeedPC-171117/8.2.0/Images/ACR-118/ACR-118_uninstall.JPG"],"nonDeceptorImageFiles":["180104/EasySpeedPC-171117/8.2.0/Images/ACR-065/ACR-065_install.JPG","180104/EasySpeedPC-171117/8.2.0/Images/ACR-065/ACR-065_software.JPG","180104/EasySpeedPC-171117/8.2.0/Images/ACR-088/ACR-088_software.JPG","180104/EasySpeedPC-171117/8.2.0/Images/ACR-099/ACR-065_software.JPG","180104/EasySpeedPC-171117/8.2.0/Images/ACR-099/ACR-099_internaloffer.JPG"],"guid":"02243007-72bb-43b0-9688-902c7cd45e6c_8.2.0_1","appID":"EasySpeedPC-171117","dateAdded":"180104","deceptorType":"App","name":"Easy Speed PC","company":"Probit Software LTD","version":"8.2.0","sigName":"Deceptor:Win32/EasySpeedPC!084118","lastKnownStatus":"Deceptor:8.2.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:05:03.7528059+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2627},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n\n"},"nonDeceptorViolations":{"ACR-065":"The app does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer.\nThe app does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the landing page.\nThe app does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nThe app does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The is also no mention of a 30 day money back guarantee as no Eula, terms of service or cancellation policy is provided for the app.\n","ACR-092":"The app does not have a digital signature. Unsigned by the publisher.\n","ACR-099":"no uninstall instructions are displayed on the internal offer\nno uninstall instructions are displayed on the landing page.\nno uninstall instructions are displayed on the software.\n","ACR-167":"The is no mention of a 30 day money back guarantee as no Eula, terms of service or cancellation policy is provided for the app.\n"},"samples":[{"isRevoked":"False","fileName":"PCTurboBoost.exe","isInstaller":"True","companyName":"Consumer Products","productName":"PC Turbo Boost","productVersion":"1.0","fileVersion":"na","hashMD5":"8cd21ebe185c339266f49aeba84ae466","hashSHA1":"8e5fa21dda89f12b062119e9511961be893f446e","hashSHA256":"d864a93b760c3d812509cfa3b4d1035e7641be6fc8673cd567ff9396aba164b8","digitalCertThumbprint":"unsigned","digitalCertIssuer":"unsigned","digitalCertIssuedTo":"unsigned","sourceIndex":"3297","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com","landingPage":"http://pcturboboost.com/","directDownloadingLink":"http://www.pcturboboost.com/trial/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3297"}],"sampleFiles":["180104/PCTurboBoost-171012/1.0/Samples/setup.exe"],"imageFiles":["180104/PCTurboBoost-171012/1.0/Images/ACR-003/ACR-003_SOFTWARE.PNG","180104/PCTurboBoost-171012/1.0/Images/ACR-003/ACR-003_software2.PNG","180104/PCTurboBoost-171012/1.0/Images/ACR-003/ACR-003_software3.PNG"],"nonDeceptorImageFiles":[],"guid":"9529b728-db61-416f-a7c9-d5368a3aafb1_1.0_1","appID":"PCTurboBoost-171012","dateAdded":"180104","deceptorType":"App","name":"PC Turbo Boost","company":"PC Turbo Boost","version":"1.0","sigName":"Deceptor:Win32/PCTurboBoost!003","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:25:04.3060546+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2626},{"violations":{"ACR-003":"The application raises urgency without any explanation of levels of urgency (moderate, high and unavoidable), thereby misleading or scaring the user to take action.\n","ACR-168":"The application displays a support call center phone number on the software but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n.\n","ACR-161":"The application's landing page has testimonials but have no links back to a source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon calling the support phone number provided the user is asked to leave a voice message.\n\n","ACR-099":"The software has no link or information that shows how it can be uninstalled.\nThe application's landing page has no link or information that shows how it can be uninstalled.\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n","ACR-150":"The app displays multiple trust logos or awards that are unable to be verified.\nThe app displays multiple trust logos or awards that are unable to be verified.\n","ACR-168":"The application displays a support call center phone number on the landing page but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"rightbackupsetup.exe","isInstaller":"True","companyName":"Systweak Software","productName":"Right Backup","productVersion":"2.1.1000.6256","fileVersion":"2.1.1000.6256","hashMD5":"cbb02775829b98a56acd9da70ac33fbb","hashSHA1":"3681b84ce3a87d4bba574aa6e6e673fd8a913082","hashSHA256":"28bb1909e3c8e9bf9af1ede4ee1c9bd087feb290628ad135426cef63bf02509a","digitalCertThumbprint":"129967B35E4DC69FA34BF2C15E582E721DE59A57","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Right Backup Software Pvt. Ltd.","sourceIndex":"3616","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"App.offered","reference":"Inline offer (advanced file optimizer)","landingPage":"https://www.rightbackup.com/","directDownloadingLink":"https://d34m24xlh61hdw.cloudfront.net/rb/setup/rightbackupsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3616"}],"sampleFiles":["180104/RightBackup-171211/2.1.1000.6256/Samples/rightbackupsetup.exe"],"imageFiles":["180104/RightBackup-171211/2.1.1000.6256/Images/ACR-003/ACR-003_software.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["180104/RightBackup-171211/2.1.1000.6256/Images/ACR-065/ACR-065_software.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-161/ACR-161_landingpage.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-161/ACR-161_landingpage1.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-163/ACR-163_software.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-163/ACR-163_landingpage.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-168/ACR-168_landingpage.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-150/ACR-150_landingpage.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-150/ACR-150_internaloffer.JPG","180104/RightBackup-171211/2.1.1000.6256/Images/ACR-150/ACR-150_internaloffer1.JPG"],"guid":"298e0be4-959d-4b0d-96b9-379968c58dde_2.1.1000.6256_1","appID":"RightBackup-171211","dateAdded":"180104","deceptorType":"App","name":"Right Backup","company":" Systweak Software","version":"2.1.1000.6256","sigName":"Deceptor:Win32/RightBackup!003168","firstVendorContactDate":"180606","firstAppEsteemReplyDate":"180606","firstResolvedDate":"180612","firstResolvedVersion":"2.1.1000.6668","resolved":"TRUE","lastKnownStatus":"Deceptor:2.1.1000.6256","lastKnownDate":"171211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-06-12T18:03:31.2633441+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2625},{"violations":{"ACR-048":"The application cannot be closed using standard platform-provided methods, application conceals its presence in the icon tray. The application has to be terminated from the Task Manager because it cannot be closed from the icon tray, right clicking the application icon from icon tray does not give an option to close the application.\n","ACR-003":"The application uses the color red and the word problems to increase urgency for non-urgent \"issues\", thereby misleading or scaring user to take action.\n","ACR-007":"The application's internal offer shopping cart webpage elevates its consumer trust level by displaying fake and unverifiable review ratings.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\nThe application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to privacy policy information.\nThe application has no link to privacy policy information on the about page.\n","ACR-002":"The EULA, Privacy policy, Terms of use and returns policy for the application has a different name listed.\nThe internal offer shopping cart webpage has a different name listed for the application than what was provided on the landing page\n","ACR-161":"The internal offer shopping cart webpage has a customer reviews that has no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The application support webpage provides a contact number for support but does not provide an email address as a secondary means of contact for support.\nThe application's internal offer webpage provides a contact number for support but does not provide an email address as a secondary means of contact for support.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact for support.\nThe application provides a contact number for support but does not provide an email address as a secondary means of contact for support.\n","ACR-056":"The application's landing page specifies that 'Microsoft and java updates can be managed but the installed application has no feature that does this.\n","ACR-088":"The application opens websites for twitter, gmail and facebook automatically with the browser Internet Explorer every 5-10 seconds without user action or authorization.\n","ACR-092":"The application has a different vendor name in the certification information than the name for the installed application.\n","ACR-160":"Called the phone number '1-800-311-5942' provided by the application and got a voicemail box message saying to leave a message because the person cannot be reached,\n","ACR-099":"The internal offer shopping cart webpage has no link to uninstall information.\nThe application's landing page has no link to webpage that shows how to uninstall the app.\nThe application has no link to uninstall information listed on the about page of the installed application.\n","ACR-035":"The application's EULA has no mention of the name application provided on the landing page and the EULA has no contact information for the application company vendor.\n","ACR-066":"The internal offer shopping cart page has a different name for the software than what is provided on the landing page.\n","ACR-007":"The application's landing page fraudulently elevates its consumer trust level by displaying fake and unverifiable review ratings.\n","ACR-017":"the application's landing page elevates its consumer trust level by displaying a logo that states ''We are Intel Software Partner\".\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"allpcoptimizer.exe","isInstaller":"True","companyName":"AllPCOptimizer","productName":"AllPCOptimizer","productVersion":"2.00.0000","fileVersion":"2.00.0000","hashMD5":"03e29bb5932f8d8cf55a961ebf13ccef","hashSHA1":"212d3eb422615dc6fe6e6088496628900d21d425","hashSHA256":"41a05a348d636bbe73122837f6e9069c15a4400ae69ef7b4c86e82a49bdbe635","digitalCertThumbprint":"1B4E5CED65ADCD17E5B837A92CD5144AC9FCF125","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Isecure Software LLC","sourceIndex":"3298","avBlockList":["Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","VirIT eXplorer PRO (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://softdeluxe.com/","landingPage":"http://allpcoptimizer.com/","directDownloadingLink":"http://allpcoptimizer.com/download/allpcoptimizer.exe","ipv4":"","ipv6":"","sourceIndex":"3298"}],"sampleFiles":["180103/AllPCOptimizer-171016/2.00.0000/Samples/allpcoptimizer.exe"],"imageFiles":["180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-007/ACR-007_INTERNAL_OFFERS.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-048/ACR-048_SOFTWARE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-163/ACR-163_DOCS.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-002/ACR-002_INTERNAL_OFFERS_SCREENSHOT_1.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-002/ACR-002_INTERNAL_OFFERS_SCREENSHOT_2.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-161/ACR-161_INTERNAL_OFFERS.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-163/ACR-163_INTERNAL_OFFERS.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-066/ACR-066_INTERNAL_OFFERS.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-066/ACR-066_SCREENSHOT_FOR_LANDING_PAGE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-007/ACR-007_LANDING_PAGE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-017/ACR-017_LANDING_PAGE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-163/ACR-163_LANDING_PAGE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-168/ACR-168_LANDING_PAGE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-065/ACR-065_INSTALL.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-163/ACR-163_SOFTWARE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-056/ACR-056_SOFTWARE_SCREENSHOT_1.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-056/ACR-056_SOFTWARE_SCREENSHOT_2.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-092/ACR-092_SOFTWARE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-065/ACR-065_SOFTWARE.PNG","180103/AllPCOptimizer-171016/2.00.0000/Images/ACR-099/ACR-099_SOFTWARE.PNG"],"guid":"2a909983-108d-453f-8c4d-435d689804fd_2.00.0000_1","appID":"AllPCOptimizer-171016","dateAdded":"180103","deceptorType":"App","name":"All PC Optimizer","company":"Win PC Fast","version":"2.00.0000","sigName":"Deceptor:Win32/AllPCOptimizer!003017048168","lastKnownStatus":"Deceptor:2.00.0000","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:24:29.8819508+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2631},{"violations":{"ACR-003":"The application exaggerates System Registry health status as 'DANGER' then displaying cleaning urgency as being high, thereby misleading or scaring user to take action.\n","ACR-009":"The application attempts to coerce the user into taking some action by playing a warning audio message after scan completes, which threaten dire consequences if action is not taken.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's landing page has no link to the EULA and Returns and Cancellation Policy.\nThe application's install wizard has no link to the Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application's support webpage provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-160":"Contacted the phone number 1-877-777-5592 provided by 'Ultimate PC Optimizer PC', got a tech support rep that stated the name of the company is 'App Support' and they are located in Quebec, Canada. \n","ACR-099":"The application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-003":"The application exaggerates System Registry health status as 'DANGER' then displaying cleaning urgency as being high, thereby misleading or scaring user to take action.\n","ACR-009":"The application attempts to coerce the user into taking some action by playing a warning audio message after scan completes, which threaten dire consequences if action is not taken.\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"UltimatePCOptimizer2016Setup.exe","isInstaller":"True","companyName":"ATSH Ltd","productName":"Ultimate PC Optimizer 2016","productVersion":"3.0.3","fileVersion":"3.0.3","hashMD5":"71cc8075813f2ecdc00e8eb2f6ef41a7","hashSHA1":"ab25c34d8654d15ce1aacd51e046a2511d2469f1","hashSHA256":"62b9858fca3d4f141b4104c7a5be4aaab40205dea1083efc3b60a959c774f91a","digitalCertThumbprint":"7CA4559226AD7677D6AA3A0C65C27D7FF4E56EB7","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Eurotrade","sourceIndex":"3736","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://softdeluxe.com/","landingPage":"http://ultimatepcoptimizer.com/","directDownloadingLink":"http://7500.biz/files/upo/UltimatePCOptimizer2016Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3736"}],"sampleFiles":["180103/UltimatePCOptimizer2016-171012/3.0.3/Samples/UltimatePCOptimizer2016Setup.exe"],"imageFiles":["180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-003/ACR_003_SOFTWARE.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-084/ACR-084_SOFTWARE.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-168/ACR-168_LANDING_PAGE.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-163/ACR_163_DOCS.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-163/ACR-163_SOFTWARE.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-092/ACR-092_SOFTWARE.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-003/ACR_003_SOFTWARE.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-168/ACR-168_LANDING_PAGE.PNG","180103/UltimatePCOptimizer2016-171012/3.0.3/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"guid":"62faf736-0b0e-441c-ac60-b1b6747c942c_3.0.3_1","appID":"UltimatePCOptimizer2016-171012","dateAdded":"180103","deceptorType":"App","name":"Ultimate PC Optimizer 2016","company":"ATSH Ltd","version":"3.0.3","sigName":"Deceptor:Win32/UltimatePCOptimizer!003009084168","lastKnownStatus":"Deceptor:3.0.3","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows Vista,Windows 7,Windows XP,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2629},{"violations":{"ACR-003":"The application exaggerates system registry and drivers as high improvement potential as well as using the color gradient \"red\" , thereby misleading or scaring user to take action.\n\n","ACR-017":"The application elevates its user trust level by displaying fake awards, and unverifiable endorsements. the page displays brothersoft and chip online which are not clickable so there's no way to verify the app. \n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n"},"nonDeceptorViolations":{"ACR-065":"The internal offer page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe landing page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-161":"The internal offer page has testimonials that have no links back to a source so consumers can verify if they're real.\n\nThe landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-003":"The application exaggerates system registry and drivers as high improvement potential as well as using the color gradient \"red\" , thereby misleading or scaring user to take action.\n\n","ACR-017":"The application elevates its user trust level by displaying fake, and unverifiable endorsements. The landing page displays the endorsement \"chip online\" which is not clickable so there is no way to verify the application.\n\n"},"samples":[{"isRevoked":"False","fileName":"UTILILAB System Optimizer.exe","companyName":"Utililab GmbH","productName":"UTILILAB System Optimizer","productVersion":"3.5","fileVersion":"3.0.0.0","hashMD5":"890682fe942ba4e2e37e7e4068d6bc6a","hashSHA1":"0544dee786ea69c5f7610d9c76d245343b13cde5","hashSHA256":"16fcafedbbc05fc1592796e47b15b2c112058e6952fb7340b86ff2e2980ec682","digitalCertThumbprint":"0261BB94C20E576E26F8168C0B138C7BB04514A2","digitalCertIssuer":"UTN-USERFirst-Object","digitalCertIssuedTo":"Utililab GmbH","sourceIndex":"3773","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.utililab.com/uso/","directDownloadingLink":"https://www.utililab.com/softwares/usosetup.exe","ipv4":"","ipv6":"","sourceIndex":"3773"}],"sampleFiles":["180103/UTILILABSystemOptimizer-171011/3.5/Samples/usosetup.exe"],"imageFiles":["180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-003/acr_003.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-017/acr_017.1.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-017/acr_017.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-017/acr_017_landing_page.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-161/acr_161_offer_page.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-161/acr_161_landing_page.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-003/acr_003.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-017/acr_017.1.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-017/acr_017.PNG","180103/UTILILABSystemOptimizer-171011/3.5/Images/ACR-017/acr_017_landing_page.PNG"],"guid":"0ced018b-bcf5-47bc-908f-3047ba1089ca_3.5_1","appID":"UTILILABSystemOptimizer-171011","dateAdded":"180103","deceptorType":"App","name":"UTILILAB System Optimizer","company":"Utililab GmbH","version":"3.5","sigName":"Deceptor:Win32/UtililabSystemOptimizer!003017084","lastKnownStatus":"Deceptor:3.5","lastKnownDate":"201124","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows XP,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-11-24T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2628},{"violations":{"ACR-003":"The application exaggerates COM/ActiveX Entries, shared DLLs, File/Path References, Empty Registry Keys, Application Paths and File Association as problems and errors, thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying an unverifiable 5 star review logo.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-118":"When the user attempts to completely uninstall the application, app retains some of its components on the device without the user's consent.\n","ACR-055":"The application provides the cancel option as a means to finish installation instead of providing the actual option to just cancel the installation.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the Returns and Cancellation Policy.\nThe application's install wizard has no link to the Terms of Service and Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the Terms of Service and Returns and Cancellation Policy.\n","ACR-161":"The application privacy policy webpage has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"There is no information that specifies that the application has a refund policy.\n","ACR-064":"The landing page provides the download button as 'Click Here to Start a FREE Scan' instead of specifying that it is the button as 'Download'.\n"},"samples":[{"isRevoked":"False","fileName":"wisepcdoctor_Standard_Setup.exe","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"05ad86f34864958fee237e53bd338622","hashSHA1":"e1f2fc5b141722d93288fa8265182fbbad047a20","hashSHA256":"218a4384f44564f0c4bde7d3e7213b6921ee2b783ad2d064dc3b3ea227e0722","digitalCertThumbprint":"AF650236740634FBD9991904B96E79B73C24E362","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Honlyn (Macao Commercial Offshore) Limited","sourceIndex":"3693","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://softdeluxe.com/","landingPage":"http://reguse.com/","directDownloadingLink":"http://www.reguse.com/ReguseSpanish_Installer.exe","ipv4":"","ipv6":"","sourceIndex":"3693"}],"sampleFiles":["180103/RegUse-171012/1.1.0.3/Samples/ReguseSpanish_Installer.exe"],"imageFiles":["180103/RegUse-171012/1.1.0.3/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","180103/RegUse-171012/1.1.0.3/Images/ACR-055/ACR-055_SOFTWARE.mp4","180103/RegUse-171012/1.1.0.3/Images/ACR-055/ACR-055_SOFTWARE_SCREENSHOT_1.PNG","180103/RegUse-171012/1.1.0.3/Images/ACR-055/ACR-055_SOFTWARE_SCREENSHOT_2.PNG","180103/RegUse-171012/1.1.0.3/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","180103/RegUse-171012/1.1.0.3/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","180103/RegUse-171012/1.1.0.3/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_3.PNG","180103/RegUse-171012/1.1.0.3/Images/ACR-084/ACR-084_SOFTWARE.PNG","180103/RegUse-171012/1.1.0.3/Images/ACR-118/ACR-118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["180103/RegUse-171012/1.1.0.3/Images/ACR-161/ACR_161_DOCS.PNG","180103/RegUse-171012/1.1.0.3/Images/ACR-064/ACR-064_LANDING_PAGE.PNG"],"guid":"5e1f000c-8b60-437a-8a98-6a684158ffad_1.1.0.3_1","appID":"RegUse-171012","dateAdded":"180103","deceptorType":"App","name":"RegUse","company":"Honlyn (Macao Commercial Offshore) Limited","version":"1.1.0.3","sigName":"Deceptor:Win32/RegUse!003017084118","lastKnownStatus":"Deceptor:1.1.0.3","lastKnownDate":"201124","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-11-24T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2630},{"violations":{"ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n","ACR-118":"When the user attempts to completely uninstall the application, it retains some of its components on the device without the user's consent\n\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n\n","ACR-160":"Tried calling the call center no answer, Unable to verify if its ATS or not. There was no answering machine. \n","ACR-099":"The landing page has no link to a webpage that shows how to uninstall the app.\n\nThe application has no link to a webpage that shows how to uninstall the app.\n\nThe internal offer page has no link to a webpage that shows how to uninstall the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"PC Cleaner.exe","isInstaller":"True","companyName":"SparksGen Limited","productName":"PC Cleaner","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"55ddb5ae06e7112960d2a4e4d0dc168b","hashSHA1":"0e61b4e99349e11ca150414faee3336e3adbe4a2","hashSHA256":"67df5093226542b7bd12adcbe3281d027d1c4769a8343a634ac1632174b679c5","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SparksGen Limited","sourceIndex":"3300","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://maxwaresoft.com/pc-cleaner.php","directDownloadingLink":"http://maxwaresoft.com/download/install/pc_cleaner.exe","ipv4":"","ipv6":"","sourceIndex":"3300"}],"sampleFiles":["180102/PC Cleaner-171012/1.0.0/Samples/pc_cleaner.exe"],"imageFiles":["180102/PC Cleaner-171012/1.0.0/Images/ACR-168/one_one_interaction.PNG","180102/PC Cleaner-171012/1.0.0/Images/ACR-118/uninstall_software_retained_exe.PNG"],"nonDeceptorImageFiles":["180102/PC Cleaner-171012/1.0.0/Images/ACR-161/acr_161.PNG","180102/PC Cleaner-171012/1.0.0/Images/ACR-163/one_one_interaction.PNG"],"guid":"43a61fe9-a425-48bf-bff8-433a15749217_1.0.0_1","appID":"PC Cleaner-171012","dateAdded":"180102","deceptorType":"App","name":"PC Cleaner","company":"SparksGen Limited","version":"1.0.0","sigName":"Deceptor:Win32/PCCleaner!118168","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:23:01.175558+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2633},{"violations":{"ACR-003":"The application exaggerates System Performance issues and System/User Software issues using high color gradient, thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying an unverifiable 5 stars review logos. \n","ACR-057":"The application fails to provide the user with clear and simple options to accept or decline associated offers.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"spcmsetup8.exe","isInstaller":"True","productName":"Smart-PC-Mechanic","productVersion":"1.0.0.1010","fileVersion":"1.0.0.1010","hashMD5":"94cb50289bb156ffb49e3390a1ca2940","hashSHA1":"d2d2e27101388a0c457f4db2d859d65a1b5c4908","hashSHA256":"921d7707e62f17cd0c283d019426c23430f5e637aa7ad16b2c6b2270fd4b01c1","digitalCertThumbprint":"C2E093F941135A3E9959E440DD81541B4447D889","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Tuneup PC Tool Ltd","sourceIndex":"3299","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Windows Defender (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Adplexity: search for \"fix\" on landing page","landingPage":"lp.smartpcmechanics.com/ytz","directDownloadingLink":"https://d3bxh2vomloo25.cloudfront.net/securerc/c6/spcmsetup8.exe","ipv4":"","ipv6":"","sourceIndex":"3299"}],"sampleFiles":["180102/SmartPCMechanics-171229/1.0.0.1010/Samples/spcmsetup8.exe"],"imageFiles":["180102/SmartPCMechanics-171229/1.0.0.1010/Images/ACR-003/ACR_003_SOFTWARE.PNG","180102/SmartPCMechanics-171229/1.0.0.1010/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","180102/SmartPCMechanics-171229/1.0.0.1010/Images/ACR-057/ACR_057_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["180102/SmartPCMechanics-171229/1.0.0.1010/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG"],"guid":"358c41f9-0325-4623-ad88-9559a30ed7b1_1.0.0.1010_1","appID":"SmartPCMechanics-171229","dateAdded":"180102","deceptorType":"App","name":"Smart-PC-Mechanic","company":"Smart PC Mechanic","version":"1.0.0.1010","sigName":"Deceptor:Win32/SmartPCMechanic!003057017","lastKnownStatus":"1.0.0.1010","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-24T00:23:44.051542+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2632},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors of high risk, thereby misleading and scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\nThe scan scheduler for the app is not active, however the app has created tasks in windows task scheduler.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"No links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy is provided on landing page. Only Privacy policy is provided.\nNo links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided on install\nNo links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy is provided on the software.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction in order to receive support and does not provide a non-interactive option on the software.\n","ACR-099":"No uninstall information provided on the software.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"Chica PC Fix.exe","isInstaller":"True","companyName":"ChicaLogic, Inc.","productName":"Chica PC Fix","productVersion":"1.7.78.0","fileVersion":"1.7.78.0","hashMD5":"2f22221caaac5e998afa66858d8e2f2b","hashSHA1":"6fe63d97b8647aa40c407cee701953f370620b4e","hashSHA256":"31ff42838f9c0fc0afec84106559782c64186ffba419dcd685c39c09884e8cc7","digitalCertThumbprint":"1646CBB27CB9672097262FB5B5CD7B7C737DF35F","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Chicalogic, Inc.","sourceIndex":"3301","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"download.cnet.com (fix my pc)","landingPage":"http://www.chicalogic.com/products/pc-fix","directDownloadingLink":"http://download.chicalogic.com/PC-fix/ChicaPC-fix.exe","ipv4":"","ipv6":"","sourceIndex":"3301"}],"sampleFiles":["180102/ChicaPCFix-171010/1.7.78/Samples/ChicaPC-fix.exe"],"imageFiles":["180102/ChicaPCFix-171010/1.7.78/Images/ACR-003/ACR-003_software.PNG","180102/ChicaPCFix-171010/1.7.78/Images/ACR-003/ACR-003_software2.PNG","180102/ChicaPCFix-171010/1.7.78/Images/ACR-084/ACR-084_software.JPG","180102/ChicaPCFix-171010/1.7.78/Images/ACR-084/ACR-084_software1.JPG","180102/ChicaPCFix-171010/1.7.78/Images/ACR-168/ACR-168_software.PNG"],"nonDeceptorImageFiles":["180102/ChicaPCFix-171010/1.7.78/Images/ACR-163/ACR-163_LANDING_PAGE.PNG","180102/ChicaPCFix-171010/1.7.78/Images/ACR-168/ACR-168_landing_page.PNG","180102/ChicaPCFix-171010/1.7.78/Images/ACR-163/ACR-163_software.PNG"],"guid":"64936047-7648-45cb-86cc-821aca313769_1.7.78_1","appID":"ChicaPCFix-171010","dateAdded":"180102","deceptorType":"App","name":"ChicaPC-Fix ","company":"ChicaLogic, Inc.","version":"1.7.78","sigName":"Deceptor:Win32/ChicaPC-Fix!003084168","lastKnownStatus":"1.7.78","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:20:54.5170553+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2634},{"violations":{"ACR-003":"App claims high and unsubstantiated improvement potential for minor cleaning activites.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"amc_amcapstm.pkg","isInstaller":"True","companyName":"AdvancedMacCleaner","productName":"Advanced Mac Cleaner","productVersion":"1.13.1","fileVersion":"1.13","hashMD5":"3e2cd92a72f6c7b49dd5b95665f51a4d","hashSHA1":"fddc9e82d72df738fad5a2853daa176c6fcc1864","hashSHA256":"32d5a01e74fa315193e55b5864e62bc99292a937a2a0ba936688343679fae089","sourceIndex":"3010","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Mac Cleaner","landingPage":"http://www.advancedmaccleaner.com/","ipv4":"","ipv6":"","sourceIndex":"3010"},{"howFound":"Hunt.Affiliatetracking","reference":"Ads contains Virus","landingPage":"http://lp.cleanmymac.online/ppcash/3/?x-context=XXXXX&utm_source=mpch&utm_campaign=mpch_ww&pxl=MPC2391_MPC2342_RUNT&utm_pubid=66213&x-at=XXXXX&override=1&alert=2","directDownloadingLink":"http://cdn2121.advancedmaccleaner.com/amc/builds/amc_rb_amclp.pkg","ipv4":"","ipv6":"","sourceIndex":"3011"}],"sampleFiles":["171229/D-AdvancedMacCleaner-170813/1.13/Samples/amc_amcapstm.pkg"],"imageFiles":["171229/D-AdvancedMacCleaner-170813/1.13/Images/ACR-003/ACR-003 claims high improvement.png"],"nonDeceptorImageFiles":[],"guid":"04f59dd4-3f2a-4495-a80c-37e7632ae821_1.13_1","appID":"D-AdvancedMacCleaner-170813","dateAdded":"171229","deceptorType":"App","name":"Advanced Mac Cleaner","company":"AdvancedMacCleaner","version":"1.13","sigName":"Deceptor:MacOS/AdvancedMacCleaner!003","lastKnownStatus":"Deceptor: 1.13.1","lastKnownDate":"190606","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:18:41.8704728+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2636},{"violations":{"ACR-107":"Bundler installs Adobe Flash, which does not allow bundlers to install its app.\n","ACR-007":"Bundler gives the impression it's from Adobe\n","ACR-017":"App install purports to come from, and endorsed by, Adobe\n","ACR-057":"The offers are auto-accepted when user selects \"next\"\n","ACR-053":"No skip all capability on the multiple offers\n","ACR-059":"Offers not marked as optional or promoted\n"},"nonDeceptorViolations":{"ACR-065":"Does not show EULA/Terms of service or Privacy policy of the bundler during the install. Only shows these for the carrier and the offers.\nLanding page has a built-in EULA, but no privacy policy\n","ACR-002":"Bundler does not provide its name or its source.\nEULA does not contain source information: two references (fplayer.com and macvideoplayer.com), both inaccessible.\nLanding page does not make it clear that this is a bundle, or what the app is.\n","ACR-099":"No uninstall information on landing page\n","ACR-035":"Invalid contact information in EULA\n","ACR-079":"Extra confirmation prompt on landing page when trying to leave\n","ACR-058":"Landing page does not make it clear that consumer is downloading a bundled app\n","ACR-066":"Landing page does not show app name of the bundler.\n","ACR-107":"Landing page auto-\"detects\" problems with Flash in Chrome, not following Adobe's required approach of detecting for updates\n","ACR-003":"Landing page leads consumer to believe they have an issue with Flash, even though on Chrome this functionality is already provided.\n"},"samples":[{"isRevoked":"False","fileName":"Player.dmg","isInstaller":"True","hashMD5":"9132933266b08592b0b149ff74120946","hashSHA1":"3bf913ce3e61fffbf8b46c0f264709fa7e13c172","hashSHA256":"dbd576043fd27fbc7e7e8c771778d2bc9786b09a466e0595fe96d210355eca4c","sourceIndex":"3302","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Adplexity: search for \"flash\" on landing page","landingPage":"http://www.largetrust.tech/LvlpujcCwbq?pb=http:%2f%2f7fcaw.voluumtrk3.com%2fpostback%3fcid%3dwTB9BQI041PJEPNA1C72F9EU&TC=&a=1&c=6518c725-cc8b-e711-a367-f7801280a94b&s=0741e502-d8d2-441f-9686-06219f787903&h=ShJEQxAJEAADBwYdBwUfAQtmAw8LAg4NBwMcCwABBQEABR8DCggDBhMcFF5CEQgGAwUGAgABCwYeEFAUCxIAAgMLUQUBAxxTVQ9QHlcFAgccUQUBBR5UBQsGAAIOB1MKBlARGhNcRlMQCRBaR0JBChkYRURFHF9XQ1dTQ0BGQUYdQlRTXhUeEUFVEQwTAAEDA1YHAgEbVQhSBR8HBgNVGwgGDgEfAwQAAg9XBw4ACwMBEB8UQVNfFQgCAwEfFFJURhUIR0BHVks%253D&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tLzBjODNiYWExLTI4NTQtNDAzOC1hM2MwLTYyNTBjMWE0NDkwZi85NGZiNTk5ZC0wZDNiLTRhYTAtOTgyMy0wMDhmZmY4Njc2MWQvUGxheWVyLmRtZz9wYj1odHRwOiUyZiUyZjdmY2F3LnZvbHV1bXRyazMuY29tJTJmcG9zdGJhY2slM2ZjaWQlM2R3VEI5QlFJMDQxUEpFUE5BMUM3MkY5RVUmVEM9JmM9NjUxOGM3MjUtY2M4Yi1lNzExLWEzNjctZjc4MDEyODBhOTRiJnM9MDc0MWU1MDItZDhkMi00NDFmLTk2ODYtMDYyMTlmNzg3OTAz","directDownloadingLink":"https://s3.amazonaws.com/0c83baa1-2854-4038-a3c0-6250c1a4490f/94fb599d-0d3b-4aa0-9823-008fff86761d/Player.dmg?pb=http:%2f%2f7fcaw.voluumtrk3.com%2fpostback%3fcid%3dwTB9BQI041PJEPNA1C72F9EU&TC=&c=6518c725-cc8b-e711-a367-f7801280a94b&s=0741e502-d8d2-441f-9686-06219f787903, http://www.largetrust.tech/LvlpujcCwbq?pb=http:%2f%2f7fcaw.voluumtrk3.com%2fpostback%3fcid%3dwTB9BQI041PJEPNA1C72F9EU&TC=&a=1&c=6518c725-cc8b-e711-a367-f7801280a94b&s=0741e502-d8d2-441f-9686-06219f787903&h=ShJEQxAJEAADBwYdBwUfAQtmAw8LAg4NBwMcCwABBQEABR8DCggDBhMcFF5CEQgGAwUGAgABCwYeEFAUCxIAAgMLUQUBAxxTVQ9QHlcFAgccUQUBBR5UBQsGAAIOB1MKBlARGhNcRlMQCRBaR0JBChkYRURFHF9XQ1dTQ0BGQUYdQlRTXhUeEUFVEQwTAAEDA1YHAgEbVQhSBR8HBgNVGwgGDgEfAwQAAg9XBw4ACwMBEB8UQVNfFQgCAwEfFFJURhUIR0BHVks%253D&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tLzBjODNiYWExLTI4NTQtNDAzOC1hM2MwLTYyNTBjMWE0NDkwZi85NGZiNTk5ZC0wZDNiLTRhYTAtOTgyMy0wMDhmZmY4Njc2MWQvUGxheWVyLmRtZz9wYj1odHRwOiUyZiUyZjdmY2F3LnZvbHV1bXRyazMuY29tJTJmcG9zdGJhY2slM2ZjaWQlM2R3VEI5QlFJMDQxUEpFUE5BMUM3MkY5RVUmVEM9JmM9NjUxOGM3MjUtY2M4Yi1lNzExLWEzNjctZjc4MDEyODBhOTRiJnM9MDc0MWU1MDItZDhkMi00NDFmLTk2ODYtMDYyMTlmNzg3OTAz","ipv4":"","ipv6":"","sourceIndex":"3302"}],"sampleFiles":["171229/FPlayer-171229/1.0/Samples/Player.dmg"],"imageFiles":["171229/FPlayer-171229/1.0/Images/ACR-053/ACR-053 no skip all.png","171229/FPlayer-171229/1.0/Images/ACR-107/ACR-107 adobe does not allow.png","171229/FPlayer-171229/1.0/Images/ACR-107/ACR-107 bundler installing flash.png","171229/FPlayer-171229/1.0/Images/ACR-007/ACR-065 - no eula for bundler.png","171229/FPlayer-171229/1.0/Images/ACR-017/ACR-065 - no eula for bundler.png","171229/FPlayer-171229/1.0/Images/ACR-057/ACR-073 default action is accept.png","171229/FPlayer-171229/1.0/Images/ACR-059/ACR-059 not clear an offer.png"],"nonDeceptorImageFiles":["171229/FPlayer-171229/1.0/Images/ACR-065/ACR-065 - no eula for bundler.png","171229/FPlayer-171229/1.0/Images/ACR-065/ACR-065 no privacy policy on lp.png","171229/FPlayer-171229/1.0/Images/ACR-107/ACR-107 and -003 not authorized, scary.gif","171229/FPlayer-171229/1.0/Images/ACR-002/ACR-002 hiding app name and source.png","171229/FPlayer-171229/1.0/Images/ACR-002/ACR-065 - no eula for bundler.png","171229/FPlayer-171229/1.0/Images/ACR-002/ACR-065 no privacy policy on lp.png","171229/FPlayer-171229/1.0/Images/ACR-003/ACR-107 and -003 not authorized, scary.gif","171229/FPlayer-171229/1.0/Images/ACR-079/ACR-079 confirmation prompt on lp.gif","171229/FPlayer-171229/1.0/Images/ACR-073/ACR-073 default action is accept.png","171229/FPlayer-171229/1.0/Images/ACR-074/ACR-053 no skip all.png","171229/FPlayer-171229/1.0/Images/ACR-074/ACR-059 not clear an offer.png"],"guid":"22c0b4b4-cdf3-4a73-a7d7-58f34d24ee50_1.0_1","appID":"FPlayer-171229","dateAdded":"171229","deceptorType":"MacOS App","name":"FPlayer Bundle","company":"FPlayer.com","version":"1.0","sigName":"Deceptor:MacOS/FPlayer!007017057107","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"190123","type":"MacOS App","category":"Bundlers & Downloaders","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","monetization":"cross-sell other apps","lastUpdate":"2019-01-24T00:20:01.8285572+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2635},{"violations":{"ACR-003":"The application uses the words errors and problems to increase urgency for non-urgent \"issues\", thereby misleading or scaring user to take action. \n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying an irrelevant and  unverifiable Intel Software Partner logo. \n","ACR-084":"App creates scheduled task for regular scanning although its setting shows \"disable schedule\" \n","ACR-168":"The application's internal offer webpage provides the ability to register the app for free, after registering the application a webpage loads that displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user. \n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to privacy policy information.\nThe application has no link to webpage that shows the privacy policy information on the about page.\n","ACR-161":"The landing page has a reviews and testimonials that has no links back to the sources so consumers can verify if they're real. \n\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":" After uninstalling the application a webpage opens with information stating that consumer can get the same app for a discounted price. \n","ACR-003":"The application uses the words errors and problems to increase urgency for non-urgent \"issues\", thereby misleading or scaring user to take action. \n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying an irrelevant and  unverifiable Intel Software Partner logo. \n","ACR-168":"The application's internal offer webpage provides the ability to register the app for free, after registering the application a webpage loads that displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user. \n"},"samples":[{"isRevoked":"False","fileName":"regacesetup.exe","isInstaller":"True","companyName":"WebMinds, Inc.","productName":"RegAce System Suite","productVersion":"3.3.1.0","fileVersion":"3.3.1.0","hashMD5":"0f7ae2d44985dfc18a8b5494ef9fc4ac","hashSHA1":"e67e80cdfadf441cbc642b93e4a84801975e96e7","hashSHA256":"31223e73275d8c91a38fb671cf9dee606f3668f23463f5eaef5b108df07e352b","digitalCertThumbprint":"3944547F600CEC96A83284407040A545F4B8703C","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"WebMinds, Inc.","sourceIndex":"3816","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.google.com","landingPage":"https://www.regace.com","directDownloadingLink":"https://www.regace.com/download_start.php","ipv4":"","ipv6":"","sourceIndex":"3816"}],"sampleFiles":[],"imageFiles":["171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-017/ACR-017_INTERNAL_OFFERS.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-084/RegAceScheduledTask.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-065/ACR_065_INSTALL.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-065/ACR_065_SOFTWARE.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_1.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_2.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_3.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_4.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-170/ACR-170_SOFTWARE.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-120/ACR-120_UNINSTALL.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-017/ACR-017_INTERNAL_OFFERS.PNG","171228/RegAceSystemSuite-171019/3.3.1.0/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG"],"guid":"9755050a-9dc3-4166-8644-5fb774932a8c_3.3.1.0_1","appID":"RegAceSystemSuite-171019","dateAdded":"171228","deceptorType":"App","name":"RegAce System Suite","company":"Webminds Inc.","version":"3.3.1.0","sigName":"Deceptor:Win32/RegAceSystemSuite!003017084168","firstVendorContactDate":"180108","firstAppEsteemReplyDate":"180108","firstResolvedDate":"180108","firstResolvedVersion":"App shutdown: App is discontinued, its homepage is redirected to easy PC optimizer app's homepage easypcoptimizer.com.","resolved":"TRUE","lastKnownStatus":"Deceptor: 3.3.1.0","lastKnownDate":"171019","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center,paid,up-sell to paid","lastUpdate":"2018-02-15T00:12:26.7512648+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2638},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys, junk files, fragmented files and broken shortcuts as problems, thereby misleading or scaring user to take action.\n","ACR-168":"The software displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the install that shows the app's Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The app's UELA provides a one-to-one interaction option for support and no non-interactive options are provided.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nUpon trying to uninstall the app the user is provided with a one-to-one interactive option to receive support, and no non-interactive options are provided.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon calling calling phone number provided the user gets a message that the number is not setup to receive calls.\n\n","ACR-099":"The application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"Macro PC Cleaner.exe","isInstaller":"True","companyName":"Hiteksquad Corp.","productName":"Macro PC Cleaner","productVersion":"7.5.0.500","fileVersion":"7.5.0.500","hashMD5":"544651c8ce3844eb4c3809fe4de7b32d","hashSHA1":"41a98313c9f99ec1d7da6c3e1a36b1c43f0cd0cd","hashSHA256":"f077a2f0659d9d3ea85d8e086b861815cf5b068e9687488214699bbdd2bf2913","digitalCertThumbprint":"545E176C535AC30168807C705D9356CB4F05730D","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"HITEKSQUAD CORP.","sourceIndex":"3009","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"Yahoo.com","landingPage":"http://www.macropccleaner.com/","directDownloadingLink":"http://www.macropccleaner.com/MacroPCCleanerSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3009"}],"sampleFiles":["171228/Macro PC Cleaner 7-170929/7.5.0.500/Samples/MacroPCCleanerSetup.exe"],"imageFiles":["171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-003/ACR-003_1.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-003/ACR-003_PROBLEMS.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-168/ACR-168_software.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-168/ACR-168_internaloffer.JPG"],"nonDeceptorImageFiles":["171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-163/ACR-163_Doc.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-161/ACR-161_landingpage.JPG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-161/ACR-161_landingpage1.JPG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-163/ACR-163_Landing_Page.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-168/ACR-168_landing_page.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-065/ACR-065_install.JPG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-163/ACR-163_Software.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-160/ACR-160_software.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-065/ACR-065_software.JPG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-163/ACR-163_uninstall.PNG","171228/Macro PC Cleaner 7-170929/7.5.0.500/Images/ACR-163/ACR-163_internaloffer.JPG"],"guid":"8789aa70-ffc5-4da3-abaa-b2e71412ecf4_7.5.0.500_1","appID":"Macro PC Cleaner 7-170929","dateAdded":"171228","deceptorType":"App","name":"Macro PC Cleaner","company":"Macro PC Cleaner","version":"7.5.0.500","sigName":"Deceptor:Win32/MacroPCCleaner!003168","lastKnownStatus":"Deceptor:7.5.0.500","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-06-06T21:19:50.3407874+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2639},{"violations":{"ACR-003":"App exaggerates system healthy condition. E.g. improvement potential is HIGH for fixing invalid registry items, thereby misleading or scaring the user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer page.\n","ACR-161":"The application's internal offer page displays testimonials but does not provide any links back to a source so they can be verified.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n.\n","ACR-099":"The application's internal offer page has no links or information that shows how the app can be uninstalled.\n"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"PC-Speedup-Tools-Inc","productName":"Advance -System Care","productVersion":"1.0.0.2509","fileVersion":"1.0.0.2509","hashMD5":"20b872df4f82905ba4826c27cad2081a","hashSHA1":"87d99c6906086b8d5bdd08afb347fedb66254214","hashSHA256":"523af85fa62f24188f0c18577ac1105e38acf779a2c7afe06a063c2686763e6d","digitalCertThumbprint":"521F79D58CC37E181D78D51E738E85939A6A5E4D","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"PC-Speedup-Tools-Inc","sourceIndex":"3303","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Deceptive ads reported by MalwareBytes","landingPage":"http://www.systembooster.info/ad/3/?x-context=MjE5OHwxMTEwMjF8VVN8M3wxfHx8fHw&utm_source=adron&utm_campaign=adron&pxl=ADR1513_ADR1483_RUNT&utm_pubid=8960&x-plt=XXXXX&x-var1=XXXXX","directDownloadingLink":"http://cdn.pcbooster.biz/asc/p10/securerc/ascsetup.exe","sourceIndex":"3303"}],"sampleFiles":["171228/D-AdvanceSystemCare-00036/1.0.0.2509/Samples/ascsetup 12.27.17.exe"],"imageFiles":["171228/D-AdvanceSystemCare-00036/1.0.0.2509/Images/ACR-003/ACR-003_software.JPG","171228/D-AdvanceSystemCare-00036/1.0.0.2509/Images/ACR-003/ACR-003_software1.JPG"],"nonDeceptorImageFiles":["171228/D-AdvanceSystemCare-00036/1.0.0.2509/Images/ACR-161/ACR-161_internaloffer.JPG"],"guid":"a4292241-c877-4d9b-8283-0ac48e9e5fc7_1.0.0.2509_1","appID":"D-AdvanceSystemCare-00036","dateAdded":"171228","deceptorType":"App","name":"Advance System Care","company":"Syscare-Logics","version":"1.0.0.2509","sigName":"Deceptor:Win32/AdvanceSystemCare!003","lastKnownStatus":"Deceptor:1.0.0.2509","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-24T00:19:23.9150343+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2640},{"violations":{"ACR-003":"The application reports outdated drivers as obsolete, stating drivers are not performing at their full potential which could cause conflict or errors. The drivers that are available are older than the drivers installed. The application uses the color gradient \"red\" thereby misleading or scaring the user to take action.\n\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-161":"The application has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\n","ACR-160":"The application does not use a certified call center to monetize the app.Call the call center and tech support agent states that the name of their company is Premium tech support.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get a trial or a lower price for the same program.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"Universal Driver Updater.exe","companyName":"PC SPEEDUP TOOLS","productName":"Universal Driver Updater","productVersion":"1.1.0.2","fileVersion":"1.1.0.2","hashMD5":"d0c58526d8242d635ffe91acd4760e87","hashSHA1":"f11e01aab35563ccdbf7cbcd5b20642ec1d3a873","hashSHA256":"f252a943dd182605fa9b47172567f986e6b905d20f7cae2a8c4e52a6f7ac3c7d","digitalCertThumbprint":"6476CADDEE0D7A23CDB006E481E5A36637C64C24","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"PC SPEEDUP TOOLS","sourceIndex":"2516","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.universaldriverupdater.com/","directDownloadingLink":"http://cdn.universaldriverupdater.com/udu/c2/securedl/udusite.exe","ipv4":"","ipv6":"","sourceIndex":"2516"}],"sampleFiles":["171228/UniversalDriverUpdater-171010/1.1.0.2/Samples/udusite.exe"],"imageFiles":["171228/UniversalDriverUpdater-171010/1.1.0.2/Images/ACR-017/acr_017.1.PNG","171228/UniversalDriverUpdater-171010/1.1.0.2/Images/ACR-003/Acr_003.PNG","171228/UniversalDriverUpdater-171010/1.1.0.2/Images/ACR-003/acr-003_1.PNG","171228/UniversalDriverUpdater-171010/1.1.0.2/Images/ACR-017/acr_017.PNG","171228/UniversalDriverUpdater-171010/1.1.0.2/Images/ACR-168/acr_168.PNG"],"nonDeceptorImageFiles":["171228/UniversalDriverUpdater-171010/1.1.0.2/Images/ACR-161/acr_161_landing_page.PNG","171228/UniversalDriverUpdater-171010/1.1.0.2/Images/ACR-163/one_one_interaction.PNG","171228/UniversalDriverUpdater-171010/1.1.0.2/Images/ACR-120/re-advertised_same_app.PNG"],"guid":"568e258a-8020-43d3-8fb9-1adfb867a4d5_1.1.0.2_1","appID":"UniversalDriverUpdater-171010","dateAdded":"171228","deceptorType":"App","name":"Universal Driver Updater","company":"PC SPEEDUP TOOLS","version":"1.1.0.2","sigName":"Deceptor:Win32/UniversalDriverUpdater!003017168","lastKnownStatus":"Deceptor:1.1.0.2","lastKnownDate":"171228","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-03-18T20:42:18.0659338+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2637},{"violations":{"ACR-003":"The application exaggerates registry keys as an error and file association as a problem. The application also states PC health as high thereby misleading or scaring user to take action.\n\n\n","ACR-017":"The internal offer page elevates its user trust level by displaying company endorsements as if they are app endorsements, such as Microsoft partner logo and Intel software logo.\n\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n\nThe application's internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-167":"The application has no link to a webpage that shows how to uninstall the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"Smart Access Violation Fixer Pro.exe","isInstaller":"True","companyName":" LionSea Software co., ltd","productName":"Smart Access Violation Fixer Pro","productVersion":"4.5.6","fileVersion":"0.0.0","hashMD5":"b0a91b1a4af1e8ecc6766578556434c2","hashSHA1":"74bfb96787d61256ec11cea60c91a36703bc5d58","hashSHA256":"d6bc6116f242dab7fea27215d862a34a6e6cd4fe99146c5e235ed2d558843ec1","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":" LionSea Software co., ltd","sourceIndex":"3603","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.lionsea.com/product_accessviolationfixerpro.php","directDownloadingLink":"http://www.lionsea.com/product_accessviolationfixerpro.php","ipv4":"","ipv6":"","sourceIndex":"3603"}],"sampleFiles":[],"imageFiles":["171228/SmartAccessViolationFixer-171204/4.5.6/Images/ACR-003/acr_003.PNG","171228/SmartAccessViolationFixer-171204/4.5.6/Images/ACR-017/acr_017_OP.PNG"],"nonDeceptorImageFiles":[],"guid":"426d4413-d77f-4429-80df-d5762111da3b_4.5.6_1","appID":"SmartAccessViolationFixer-171204","dateAdded":"171228","deceptorType":"App","name":"Smart Access Violation Fixer ","company":"LionSea Software co., ltd","version":"4.5.6","sigName":"Deceptor:Win32/SmartAccessViolationFixer!003017","lastKnownStatus":"Deceptor:4.5.6","lastKnownDate":"171228","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-06-29T03:06:20.4336885+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2518},{"violations":{"ACR-003":"The application displays the systems performance as \"Poor\" and exaggerates empty registry keys as an severe impact thereby misleading or scaring user to take action \n\n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\nThe internal offers page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe internal offer page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option. \nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n \nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":" ErrorFix Kit.exe","isInstaller":"True","companyName":"Advister Media Ltd","productName":" ErrorFix Kit","productVersion":"1.0.1.2","fileVersion":"1.0.1.2","hashMD5":"1faa6cbee2967c4f934bcf608337bae2","hashSHA1":"2bbabde56964507f6fd19a2c440ef5323510321c","hashSHA256":"55d763e614574b1fd69056ca2cb3bd1c86964f2aaee2e4abe4a2bed91dff6b9a","digitalCertThumbprint":"CEEB0ACF8F6BE7C3CE8F6A0857F66D5ED38B1F8A","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Advister Media Ltd","sourceIndex":"2517","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Partner","reference":"","landingPage":"https://errorkit.com/","directDownloadingLink":"https://errorkit.com/download/errorfix-kit/installer/?cid=usrid_2a125374-errorkit-direct","ipv4":"","ipv6":"","sourceIndex":"2517"}],"sampleFiles":["171224/ErrorFitKit-171221/1.0.1.9/Samples/errorfixkit-setup.exe"],"imageFiles":["171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-003/acr_003.PNG","171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-003/acr_003_1.PNG","171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-168/one_one_interaction_SW.PNG","171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-168/one_one_interaction_IO.PNG"],"nonDeceptorImageFiles":["171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-163/one_one_interaction_SW.PNG","171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-163/one_one_interaction_DC.PNG","171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-163/one_one_interaction_LP.PNG","171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-163/one_one_interaction_IO.PNG","171224/ErrorFitKit-171221/1.0.1.9/Images/ACR-168/one_one_interaction_LP.PNG"],"guid":"c20566a8-bea5-4af0-8141-09fc353e5a4e_1.0.1.9_1","appID":"ErrorFitKit-171221","dateAdded":"171224","deceptorType":"App","name":"ErrorFixKit","company":"Advister Media Ltd","version":"1.0.1.9","sigName":"Deceptor:Win32/ErrorFix!003168","lastKnownStatus":"Deceptor:1.0.1.9","lastKnownDate":"200318","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-03-18T20:41:20.2724655+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2641},{"violations":{"ACR-003":"The application exaggerates the systems cleaning urgency level as \"High\" thereby misleading or scaring user to take action .\n","ACR-007":"The apps icon resembles that of internet Explorer from Microsoft which would mislead consumers to think the app is from Microsoft. \nSoftware's icon is so similar to Internet Explorer, misleading user that this app might be from IE Microsoft.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and Privacy Policy link .\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-064":"Landing page doesn't have a clearly-labelled download button, button presented on the page is labelled as \"start scan\". \n","ACR-159":"A trial period was not offered, the functionally is actually behind a paywall which would be surprising to consumers.There isn't anything on landing page that states the consumer has to pay it only says (scan now ). \n","ACR-007":"The app icon resembles that of internet Explore from Microsoft which would mislead consumers to think the app is from Microsoft. \n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsements. The landing page displays endorsements such as top rated which is not clickable and Norton which has a hyperlink but the page result stays the website is not yet tested. \n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"EasyCleanPC.exe","isInstaller":"True","companyName":"MB Media LLC","productName":"EasyCleanPC","productVersion":"3.2.0","fileVersion":"3.2.0","hashMD5":"d581628970f63f3925a543b02af8e5d3","hashSHA1":"ccd16707d8f58b892eaf8d97231f0e4fdad7ac43","hashSHA256":"e581aadf2d234aa27e7e79b53d6f808b61782efecd357a6a6220d59287e77856","digitalCertThumbprint":"CED439F3CEE92623A532C96879B83EF0188BA65F","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"MB Media LLC","sourceIndex":"3008","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"Top4download.com","landingPage":"https://easycleanpc.com/","directDownloadingLink":"https://s3.amazonaws.com/easy-setup1/EasyCleanPCSetup.exe?response-content-disposition=attachment%3B%20filename%3D%22EasyCleanPCSetup%40g%23source%3Dhp1.exe%22&response-content-type=application%2Foctet-stream&X-Amz-Content-Sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIJPJRAOVS3FON4WA%2F20171009%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20171009T162605Z&X-Amz-SignedHeaders=Host&X-Amz-Expires=600&X-Amz-Signature=6b982b5e0c2080d3d90c1a43cea9073f48e11223736f9af837bcf175542263bd","ipv4":"","ipv6":"","sourceIndex":"3008"}],"sampleFiles":["171224/EasyCleanPC-171009/3.2.0/Samples/EasyCleanPCSetup.exe"],"imageFiles":["171224/EasyCleanPC-171009/3.2.0/Images/ACR-007/app_logo.PNG","171224/EasyCleanPC-171009/3.2.0/Images/ACR-003/acr_003_1.PNG","171224/EasyCleanPC-171009/3.2.0/Images/ACR-007/app_logo.PNG","171224/EasyCleanPC-171009/3.2.0/Images/ACR-084/acr_084_disgusing_it's_presence.PNG"],"nonDeceptorImageFiles":["171224/EasyCleanPC-171009/3.2.0/Images/ACR-007/acr_007.PNG","171224/EasyCleanPC-171009/3.2.0/Images/ACR-017/acr_017.PNG","171224/EasyCleanPC-171009/3.2.0/Images/ACR-163/acr_163.PNG"],"guid":"feb7f22a-801c-432a-853d-4a08968a4e19_3.2.0_1","appID":"EasyCleanPC-171009","dateAdded":"171224","deceptorType":"App","name":"EasyCleanPC","company":"MB Media LLC","version":"3.2.0","sigName":"Deceptor:Win32/EasyCleanPC!003007084","lastKnownStatus":"Deceptor:3.2.0","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center,paid","lastUpdate":"2019-06-06T21:21:13.0766435+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2642},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from scanning on startup from the software interface.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, on the install.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer. Only privacy policy of the merchant is provided.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.The application also has no mention of a 30 days refund policy.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\nThe application has no link or information that shows how to uninstall the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-171":"The consumer is required to opt-out of recurring payment.\nThe consumer is required to opt-out of recurring payment.\n"},"samples":[{"isRevoked":"False","fileName":"SuperUpdater.exe","isInstaller":"True","companyName":"Super PC Tools Ltd","productName":"Super Updater","productVersion":"3.1.0.0","fileVersion":"3.1.0.0","hashMD5":"df0b59adbea894423d6e5c79114bb211","hashSHA1":"ae76ec7a4e20c37fbb33ba0557edc64b1c429675","hashSHA256":"547c8ffbd6aca302f502ad2ac520189931a1bcf9e761b41ddc2b144179267269","digitalCertThumbprint":"91861DE34C9B5A9612B39DD8C04311B23FE5D060","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"Super PC Tools Limited","sourceIndex":"3613","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (pc optimizer)","landingPage":"https://www.superpctools.com/super-updater/","directDownloadingLink":"http://dl.superpcdownload.net/221001623/SuperUpdater.exe","ipv4":"","ipv6":"","sourceIndex":"3613"}],"sampleFiles":["171222/SuperUpdater-171129/3.1.0.0/Samples/SuperUpdater.exe"],"imageFiles":["171222/SuperUpdater-171129/3.1.0.0/Images/ACR-084/ACR-084_software.JPG","171222/SuperUpdater-171129/3.1.0.0/Images/ACR-084/ACR-084_software2.JPG"],"nonDeceptorImageFiles":["171222/SuperUpdater-171129/3.1.0.0/Images/ACR-065/ACR-065_install.JPG","171222/SuperUpdater-171129/3.1.0.0/Images/ACR-065/ACR-065_software.JPG","171222/SuperUpdater-171129/3.1.0.0/Images/ACR-065/ACR-065_internaloffer.JPG","171222/SuperUpdater-171129/3.1.0.0/Images/ACR-170/ACR-170_software.JPG","171222/SuperUpdater-171129/3.1.0.0/Images/ACR-088/ACR-088_software.JPG","171222/SuperUpdater-171129/3.1.0.0/Images/ACR-171/ACR-171_landingpage.JPG","171222/SuperUpdater-171129/3.1.0.0/Images/ACR-171/ACR-171_internaloffer.JPG"],"guid":"864513d4-7740-4159-87e1-f107c6f07f4d_3.1.0.0_1","appID":"SuperUpdater-171129","dateAdded":"171222","deceptorType":"App","name":"Super Updater","company":"Super PC Tools Ltd","version":"3.1.0.0","sigName":"Deceptor:Win32/SuperUpdater!084","firstVendorContactDate":"180618","firstAppEsteemReplyDate":"180618","firstResolvedDate":"180618","firstResolvedVersion":"App stops distributing and download link shutdown. Move to purchase only mode","resolved":"TRUE","lastKnownStatus":"Deceptor:3.1.0.0","lastKnownDate":"171129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-20T16:43:21.6550302+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2643},{"violations":{"ACR-003":"The application calls out registry items as errors and \"high-risk errors\", thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page fraudulently elevates its consumer trust level by displaying unverifiable logos of awards and endorsements.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no signing certificate in the certification information (unsigned)\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-171":"The application's internal offer webpage has additional offers pre-selected.\n","ACR-003":"The application calls out registry items as errors and \"high-risk errors\", thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page fraudulently elevates its consumer trust level by displaying unverifiable logos of awards and endorsements.\n"},"samples":[{"isRevoked":"False","fileName":"perfectbooster.exe","isInstaller":"True","companyName":"Perfect Booster International LLC.","productName":"n/a","productVersion":"n/a","hashMD5":"2e8171a6be78394e4cd1cc0d7cb473e4","hashSHA1":"f02c31d19719f2f33666c887952b327efaa189fa","hashSHA256":"8b63068ab0f23f8c6fa0918761bdb1191a6fc901bff2ae91e0f00f6ae54b5e51","sourceIndex":"3748","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com(fix my computer)","landingPage":"http://www.perfectbooster.com/","directDownloadingLink":"http://www.perfectbooster.com/perfectbooster.exe","ipv4":"","ipv6":"","sourceIndex":"3748"}],"sampleFiles":["171219/PerfectBooster-171206/2.5/Samples/perfectbooster.exe"],"imageFiles":["171219/PerfectBooster-171206/2.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","171219/PerfectBooster-171206/2.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","171219/PerfectBooster-171206/2.5/Images/ACR-017/ACR_017_LANDING_PAGE.PNG"],"nonDeceptorImageFiles":["171219/PerfectBooster-171206/2.5/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","171219/PerfectBooster-171206/2.5/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG","171219/PerfectBooster-171206/2.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","171219/PerfectBooster-171206/2.5/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","171219/PerfectBooster-171206/2.5/Images/ACR-017/ACR_017_LANDING_PAGE.PNG"],"guid":"197f3f2d-08c3-4221-ac2e-d4a40582533b_2.5_1","appID":"PerfectBooster-171206","dateAdded":"171219","deceptorType":"App","name":"Perfect Booster","company":"Perfect Booster International LLC.","version":"2.5","sigName":"Deceptor:Win32/PerfectBooster!003","lastKnownStatus":"Deceptor:2.5","lastKnownDate":"201124","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-11-24T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2644},{"violations":{"ACR-048":"The application cannot be closed or disabled as there are no standard platform-provided methods. No close button is available on the app\n","ACR-003":"The application exaggerates windows temp,internet explore cache and etc as errors , thereby misleading or scaring user to take action\n","ACR-055":"Accept and decline for the offer must be obvious. Uncheck the \"yes i would like to install spy emergency antivirus\" is not straightforward option for decline\n","ACR-059":"The Offer is not clearly marked as an offer. Unclear who is recommending the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n"},"samples":[{"isRevoked":"False","fileName":"rc-setup.exe","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.                                 ","productName":"NETGATE Registry Cleaner","productVersion":"n/a","fileVersion":"0.0","hashMD5":"c690fcf9aa477f2e4d39a6d027f5cb4c","hashSHA1":"a0d27040fc8a5d93e7979d009bda044430aefcaf","hashSHA256":"dd1231d8f31c2217869f0d6653e760e95ca1b3063d7c00cd0f67ebd1557dccf8","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3566","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"RegistryCleaner.exe","companyName":"NETGATE Technologies s.r.o.","productName":"NETGATE Registry Cleaner","productVersion":"17, 0, 970, 0","fileVersion":"17, 0, 970, 0","hashMD5":"4e85b3192e7334d9882fc8103e34d8f0","hashSHA1":"f86c19c93407e8e28cc64edef0e39284376a87c7","hashSHA256":"de70cade3213685094a8aadc90051042783400a506964b8bbf5049dc35c78854","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=NETGATE Technologies s.r.o., O=NETGATE Technologies s.r.o., L=Prievidza, S=Slovakia, C=SK","sourceIndex":"3566","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.netgate.sk/products/registry-cleaner/","directDownloadingLink":"http://www.ngt.sk/download/rc-setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.ngt.sk/download/rc-setup.exe","sourceIndex":"3566"}],"sampleFiles":["171219/NetgateRegistryCleaner-171206/17.0.970.0/Samples/rc-setup.exe","171219/NetgateRegistryCleaner-171206/17.0.970.0/Samples/RegistryCleaner.exe"],"imageFiles":["171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-055/inline_offer.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-048/software.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-003/acr_003.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-003/acr_003_1.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-003/acr_003_2.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-059/inline_offer.PNG"],"nonDeceptorImageFiles":["171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-065/acr_065_I.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-065/acr_065_S.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-065/acr_065_LP.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-099/acr_099_S.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-099/acr_099_LP.PNG","171219/NetgateRegistryCleaner-171206/17.0.970.0/Images/ACR-099/acr_099_IO.PNG"],"guid":"913f6e62-18c5-4f76-ab09-24d33185e751_17.0.970.0_1","appID":"NetgateRegistryCleaner-171206","dateAdded":"171219","deceptorType":"App","name":"NetagteRegistryCleaner","company":"NETGATE Technologies s.r.o.","version":"17.0.970.0","sigName":"Deceptor:Win32/NetagteRegistryCleaner!003048055059","firstVendorContactDate":"180813","firstAppEsteemReplyDate":"180814","firstResolvedDate":"180815","firstResolvedVersion":"18.0.170.0","resolved":"TRUE","lastKnownStatus":"Deceptor:17.0.970.0","lastKnownDate":"180703","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-08-15T17:53:47.4638731+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2645},{"violations":{"ACR-084":"The application runs silently in the background, hiding the fact that it is active from the user. The user is unable to disable the software from launching on startup using the application interface as the task is still active in task scheduler after the option is disabled using the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's Returns and Cancellation Policy, Privacy Policy.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial. The app does disclose a 30 day money back guarantee.\n","ACR-099":"The application has no links or information on the software that shows how it can be uninstalled.\n\nThe application has no links or information on the internal offer that shows how it can be uninstalled.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n"},"samples":[{"isRevoked":"False","fileName":"easydriverpro.exe","isInstaller":"True","companyName":"Probit Software LTD","productName":"Easy Driver Pro","productVersion":"8.2.0","fileVersion":"8.2.0.7","hashMD5":"26dc6b708da3f09f3c7e2be929c8487f","hashSHA1":"d61318cd57d0c5515ea95f57d44bc3723b61aae8","hashSHA256":"92311306684ffe1e42c58c5edd243a5bcddc241a88e8797fbf9709dab888133f","digitalCertThumbprint":"94441E6279373C98300811E2183083B8119C0042","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Probit Software LTD","sourceIndex":"3206","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"en.freedownloadmanager.org (driver)","landingPage":"http://www.easydriverpro.com/","directDownloadingLink":"http://download.easydriverpro.com/publishers/3/882/EasyDriverPro.exe","ipv4":"","ipv6":"","sourceIndex":"3206"}],"sampleFiles":["171219/EasyDriverPro-171205/8.2.0/Samples/EasyDriverPro.exe"],"imageFiles":["171219/EasyDriverPro-171205/8.2.0/Images/ACR-084/ACR-084_software.JPG","171219/EasyDriverPro-171205/8.2.0/Images/ACR-084/ACR-084_SOFTWARE1.JPG"],"nonDeceptorImageFiles":["171219/EasyDriverPro-171205/8.2.0/Images/ACR-065/ACR-065_install.JPG","171219/EasyDriverPro-171205/8.2.0/Images/ACR-065/ACR-065_software.JPG"],"guid":"4834245e-ddd4-4b85-8397-106d5a3ab536_8.2.0_1","appID":"EasyDriverPro-171205","dateAdded":"171219","deceptorType":"App","name":"Easy Driver Pro","company":"Probit Software LTD","version":"8.2.0","sigName":"Deceptor:Win32/EasyDriverPro!084","firstVendorContactDate":"190204","firstAppEsteemReplyDate":"190205","firstResolvedDate":"190205","resolved":"TRUE","lastKnownStatus":"Deceptor:8.2.0","lastKnownDate":"171205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-02-05T21:04:07.7281482+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2647},{"violations":{"ACR-048":"The application cannot be closed or disabled as there are no standard platform-provided methods. No close button is available on the app.\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installation that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nOnly that of the merchant is provided.\n\n","ACR-099":"The application has no link or information on the software that shows how it can be uninstalled.\n\nThe application has no link or information on the landing page that shows how it can be uninstalled.\nThe application has no link or information that shows how it can be uninstalled.\nThe application has no link or information on the internal offer that shows how it can be uninstalled.\n\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"Netgate registry cleaner","isInstaller":"True","companyName":"NETGATE Technologies s.r.o.","productName":"NETGATE Registry Cleaner","productVersion":"17.0.210.0","fileVersion":"n/a","hashMD5":"e619b3b4a82829c4d23fa229f809c10b","hashSHA1":"ca3ae70c832b5c67c86d8eebbe8979756ab404f3","hashSHA256":"31ed136787c2664f803d99bcef492acade91c1d671a8b63e6d19482532b71fe4","digitalCertThumbprint":"EE72D2D2AA91B008053D0AE82868CA39E28F81D1","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"NETGATE Technologies s.r.o.","sourceIndex":"3774","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (registry)","landingPage":"http://www.netgate.sk/products/registry-cleaner/","directDownloadingLink":"http://www.ngt.sk/download/rc-setup.exe","ipv4":"","ipv6":"","sourceIndex":"3774"}],"sampleFiles":["171219/NetgateRegistryCleaner-171206/17.0.210.0/Samples/rc-setup.exe"],"imageFiles":["171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-048/ACR-048_software.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-003/ACR-003_software.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-003/ACR-003_software1.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-003/ACR-003_software2.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-003/ACR-003_software3.JPG"],"nonDeceptorImageFiles":["171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-065/ACR-065_internaloffer.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-065/ACR-065_internaloffer1.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-065/ACR-065_landingpage.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-065/ACR-065_landingpage1.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-065/ACR-065_install.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-065/ACR-065_software.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-003/ACR-003_software.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-003/ACR-003_software1.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-003/ACR-003_software2.JPG","171219/NetgateRegistryCleaner-171206/17.0.210.0/Images/ACR-003/ACR-003_software3.JPG"],"guid":"913f6e62-18c5-4f76-ab09-24d33185e751_17.0.210.0_1","appID":"NetgateRegistryCleaner-171206","dateAdded":"171219","deceptorType":"App","name":"NetagteRegistryCleaner","company":"NETGATE Technologies s.r.o.","version":"17.0.210.0","sigName":"Deceptor:Win32/NetgateRegistryCleaner!003048","firstVendorContactDate":"180813","firstAppEsteemReplyDate":"180814","firstResolvedDate":"180815","firstResolvedVersion":"18.0.170.0","resolved":"TRUE","lastKnownStatus":"Deceptor:17.0.970.0","lastKnownDate":"180703","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-08-15T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2646},{"violations":{"ACR-003":"The application uses the word 'Problems' to increase urgency for non-urgent \"issues”, thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying unverifiable Microsoft Partner and Intel Software Partner logos.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the Returns and Cancellation Policy.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-150":"The application's internal offer webpage displays logos or awards that cannot be verified.\n","ACR-171":"The application's internal offer webpage has an additional offer option pre-selected.\n","ACR-017":"The application's landing page fraudulently elevates its consumer trust level by displaying unverifiable Microsoft Partner Network and Intel Software Partner logos.\n"},"samples":[{"isRevoked":"False","fileName":"Smart_System_Idle_Process_Problem_Fixer_Pro_Setup.exe","isInstaller":"True","companyName":"LionSea Software","productName":"Smart System Idle Process Problem Fixer Pro","productVersion":"4.4.4","hashMD5":"c1ff15d7b9955dd6c687a03a8aabf198","hashSHA1":"da70d964d2a15f76647e4d37b3e3c37246467481","hashSHA256":"25afbad70a6aec3c32dd7f60a0c919dcfe46736af20cde8f3cb64de82ec10255","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3602","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"http://softdeluxe.com/ (System Optimizers)","landingPage":"http://www.lionsea.com/product_systemidleprocessproblemfixerpro.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_System_Idle_Process_Problem_Fixer_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3602"}],"sampleFiles":["171219/SystemIdleProcessProblemFixerPro-171205/4.4.4/Samples/Smart_System_Idle_Process_Problem_Fixer_Pro_Setup.exe"],"imageFiles":["171219/SystemIdleProcessProblemFixerPro-171205/4.4.4/Images/ACR-003/ACR_003_SOFTWARE.PNG","171219/SystemIdleProcessProblemFixerPro-171205/4.4.4/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["171219/SystemIdleProcessProblemFixerPro-171205/4.4.4/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","171219/SystemIdleProcessProblemFixerPro-171205/4.4.4/Images/ACR-150/ACR_150_INTERNAL_OFFERS.PNG","171219/SystemIdleProcessProblemFixerPro-171205/4.4.4/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG"],"guid":"b115c67f-0ddf-4fa1-902e-2a95dfab9875_4.4.4_1","appID":"SystemIdleProcessProblemFixerPro-171205","dateAdded":"171219","deceptorType":"App","name":"Smart System Idle Process Problem Fixer Pro","company":"LionSea Software co., ltd","version":"4.4.4","sigName":"Deceptor:Win32/SmartSystemIdle!003017","lastKnownStatus":"Deceptor:4.4.4","lastKnownDate":"171205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2018-06-29T03:06:51.763905+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2519},{"violations":{"ACR-003":"The application exaggerates registry keys as an error and file association as a problem. The application also states PC health as high thereby misleading or scaring user to take action.\n\n\n","ACR-017":"The internal offer page fraudulently elevates its user trust level by displaying fake endorsements such as Microsoft partner logo and Intel software logo which are  unverifiable.\n\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\n\nThe application's internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-167":"The application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-017":"The landing page fraudulently elevates its user trust level by displaying fake endorsements such as Microsoft partner logo and Intel software logo which are  unverifiable.\n\nThe application fraudulently elevates its user trust level by displaying fake endorsements such as Microsoft partner logo and Intel software logo which are  unverifiable.\n"},"samples":[{"isRevoked":"False","fileName":"Smart Javascript Error Fixer Pro.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"Smart Javascript Error Fixer Pro","productVersion":"4.6.5","fileVersion":"0.0.0","hashMD5":"d0144a042c6b1573d371acb3b544c602","hashSHA1":"8518b5f5244bd10d141b406c63aa75ee5a272e88","hashSHA256":"4acd5aacbe313b76c6943e6a9718a7d13b84f850bd929dd2f9820afa56f21449","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3601","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.lionsea.com/product_javascripterrorfixerfixer.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Javascript_Error_Fixer_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3601"}],"sampleFiles":["171219/SmartJavascriptErrorFixer-171205/4.6.5/Samples/Smart_Javascript_Error_Fixer_Pro_Setup.exe"],"imageFiles":["171219/SmartJavascriptErrorFixer-171205/4.6.5/Images/ACR-003/acr_003.PNG","171219/SmartJavascriptErrorFixer-171205/4.6.5/Images/ACR-017/acr_017_OP.PNG"],"nonDeceptorImageFiles":["171219/SmartJavascriptErrorFixer-171205/4.6.5/Images/ACR-017/acr_017_LP.PNG","171219/SmartJavascriptErrorFixer-171205/4.6.5/Images/ACR-017/acr_017_LP.PNG"],"guid":"9256fac2-4186-4ee4-8b6b-24af90d3644c_4.6.5_1","appID":"SmartJavascriptErrorFixer-171205","dateAdded":"171219","deceptorType":"App","name":"Smart Javascript Error Fixer Pro","company":"LionSea Software co., ltd","version":"4.6.5","sigName":"Deceptor:Win32/SmartJavascriptError!003017","lastKnownStatus":"4.6.5","lastKnownDate":"171205","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T03:07:19.5780446+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2520},{"violations":{"ACR-003":"App returns a list of drivers to update, but no way to substantiate this list: no details provided. App claims drivers are \"out of date\", but provides no details to validate.\n","ACR-017":"Install shows MSFT partner logo as if MSFT endorsed DriverUpdate\nSoftware shows MSFT partner logo as if MSFT endorsed DriverUpdate\nIn-bundle offer shows MSFT partner logo as if MSFT endorsed DriverUpdate\n","ACR-097":"When running on a virtual machine, app does not report \"out of date\" for the same drivers/driver info that it reports out of date on a native hosted os. There is no mention of this variance in behavior in EULA or in the product.\n","ACR-059":"Offer for SlimCleaner not clearly marked as optional/promoted\n"},"nonDeceptorViolations":{"ACR-088":"App auto-pops a browser window post-scan to get consumer to register to view scan results.\n","ACR-003":"App returns a list of drivers to update, but no way to substantiate this list: no details provided. App claims drivers are \"out of date\", but provides no details to validate.\n","ACR-017":"Landing page shows MSFT partner logo as if MSFT endorsed DriverUpdate\n","ACR-059":"Offer for SlimCleaner not clearly marked as optional/promoted\n"},"samples":[{"isRevoked":"False","fileName":"DriverUpdate-setup.exe","isInstaller":"True","companyName":"Slimware Utilities Holdings, Inc.","productName":"DriverUpdate","productVersion":"2.10.0","fileVersion":"2.10.0","hashMD5":"ffa09a43087b853364cd75cf4c21acbb","hashSHA1":"f40b611112edac61506792d113e26d71d6cd09e9","hashSHA256":"d7b588186dbc4a8beb6af3bb6ff164df2ffd9dd5d13e3a0009a80952ff517a71","digitalCertThumbprint":"87855F52F4925206C616EEA64994C46A88E5E908","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Slimware Utilities Holdings, Inc.","sourceIndex":"3812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driverupdate.exe","companyName":"SlimWare Utilities, Inc.","productName":"DriverUpdate","productVersion":"5.2.3","fileVersion":"5.2.3","hashMD5":"fd1f17b80a65fd51dd25493a85482aea","hashSHA1":"616aeeebfe0654c1722a18db120f95aa4e719a32","hashSHA256":"28ab7acd799c582e8032f7bc5bbd00c5990c163732786e31b00621cfba34e7e4","digitalCertThumbprint":"33E24FE66E0117FDD4278699AD423EF2669FD258","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Slimware Utilities Holdings, Inc.","sourceIndex":"3812","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"driverupdate-setup.exe","isInstaller":"True","companyName":"Slimware Utilities Holdings, Inc.","productName":"DriverUpdate","productVersion":"2.10.2","fileVersion":"2.10.2","hashMD5":"43414ed10c28a5474274c7af662d8cfd","hashSHA1":"ce419ca4e1a640f72ba004eab88e20a0cb04d135","hashSHA256":"80a0af4e577d334edceeb3ca3d8d865a4fa098369ade0b36598781f914c2b9b8","digitalCertThumbprint":"33E24FE66E0117FDD4278699AD423EF2669FD258","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Slimware Utilities Holdings, Inc.","sourceIndex":"3812","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"driver update","landingPage":"https://slimware.com/driverupdate","directDownloadingLink":"https://slimware.com/download/driverupdate","ipv4":"","ipv6":"","sourceIndex":"3812"}],"sampleFiles":["171218/DriverUpdate-171218/2.10.0/Samples/DriverUpdate-setup-2nd.exe","171218/DriverUpdate-171218/2.10.0/Samples/DriverUpdate.exe","171218/DriverUpdate-171218/2.10.0/Samples/DriverUpdate-setup.exe"],"imageFiles":["171218/DriverUpdate-171218/2.10.0/Images/ACR-003/ACR-003 unsubstantiated list.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-003/ACR-003 unsubstantiated out of date.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-003 unsubstantiated out of date.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-017 offer ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-059/ACR-017 offer ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-017 landing page ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-017 install ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-017 install summary ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-003 unsubstantiated out of date.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-059/ACR-017 offer ms logo.png"],"nonDeceptorImageFiles":["171218/DriverUpdate-171218/2.10.0/Images/ACR-088/ACR-087 popup for user registration.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-088/ACR-087 popup for user registration.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-003/ACR-003 unsubstantiated list.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-003/ACR-003 unsubstantiated out of date.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-003 unsubstantiated out of date.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-017 offer ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-059/ACR-017 offer ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-017 landing page ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-017 install ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-017 install summary ms logo.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-017/ACR-003 unsubstantiated out of date.png","171218/DriverUpdate-171218/2.10.0/Images/ACR-059/ACR-017 offer ms logo.png"],"guid":"afce5b78-33b5-4e3f-8d8b-2b6caade1809_2.10.0_1","appID":"DriverUpdate-171218","dateAdded":"171218","deceptorType":"App","name":"DriverUpdate","company":"Slimware Utilities Holding, Inc.","version":"2.10.0","sigName":"Deceptor:Win32/DriverUpdate!003017097","firstVendorContactDate":"171218","firstAppEsteemReplyDate":"171218","firstResolvedDate":"180209","firstResolvedVersion":"2.12.0","resolved":"TRUE","lastKnownStatus":"Deceptor:2.10.0,2.10.2. NonCertified:2.12.0","lastKnownDate":"180204","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,call center","lastUpdate":"2018-02-15T00:13:29.4938281+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2648},{"violations":{"ACR-017":"The application elevates its user trust level by displaying fake, unverifiable or expired endorsements.\nThe application displays \"Microsoft Partner Gold Application development\" logo's as well as multiple five star \"Awards\" that are unable to be verified.\n","ACR-084":"The application cannot be disabled using the standard application interface as after disabling \"launch on system startup\" the task is still active in the systems task scheduler.\n","ACR-168":"The application displays a support call center phone number on the software but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\nThe application displays a support call center phone number on the internal offer but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which allows the user to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the landing page that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the inline offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The applications landing page has testimonials but there are no links to the source so they can be verified.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option on the software.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option on the landing page.\nThe app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option on the internal offer.\n","ACR-160":"The application does not use a certified call center to monetize the app.\nWhen calling the number provided the message prompts that the party is unavailable.\n","ACR-099":"The application has no link or information on the software that shows how it can be uninstalled.\n\nThe application has no link or information on the landing page that shows how it can be uninstalled.\nThe inline offer has no link or information that shows how it can be uninstalled.\nThe application has no link or information on the internal offer that shows how it can be uninstalled.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\nThe application displays \"Microsoft Partner Gold Application development\" logo's as well as multiple five star \"Awards for Excellence Performance\" that are unable to be verified.\n","ACR-168":"The application displays a support call center phone number on the landing page but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"AdvancedFileOptimizer.exe","isInstaller":"True","companyName":"Systweak Software","productName":"Advanced File Optimizer","productVersion":"2.1.1000.17205","fileVersion":"Advanced File Optimi","hashMD5":"7df893748b733cd99fa6fd0145c135a0","hashSHA1":"81991c750b78e8b32d8d597006df76cd27120e5d","hashSHA256":"2582617eed09a4d10df1444c785f27cd321270512c529ff1308c5138354800c2","digitalCertThumbprint":"ADB59019C4C36E227FB67E0A9B0C9A57D46A6E8E","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Systweak Software","sourceIndex":"2870","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (pc optimizer)","landingPage":"http://advancedfileoptimizer.com/","directDownloadingLink":"http://cdn.k9tools.com/runcamps/afosetup.exe?of=afosetup.exe","ipv4":"","ipv6":"","sourceIndex":"2870"}],"sampleFiles":["171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Samples/afosetup.exe"],"imageFiles":["171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-017/ACR-017_internaloffer.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-017/ACR-017_internaloffer1.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-084/ACR-084_software.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-084/ACR-084_software1.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-168/ACR-168_software.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-168/ACR-168_internaloffer.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-016/ACR-016_adsinsideapp.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-016/ACR-016_adsinsideapp1.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-016/ACR-016_adsinsideapp2.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-016/ACR-016_adsinsideapp3.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-016/ACR-016_adsinsideapp4.JPG"],"nonDeceptorImageFiles":["171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-065/ACR-065_software.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-065/ACR-065_landingpage.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-065/ACR_065_inlineoffer.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-065/ACR-065_internaloffer.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-017/ACR-017_landingpage.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-017/ACR-017_landingpage1.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-161/ACR-161_landingpage.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-161/ACR-161_landingpage1.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-163/ACR-163_software.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-163/ACR-163_landingpage.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-163/ACR-163_internaloffer.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-160/ACR-160_software.JPG","171216/AdvancedFileOptimizer-171208/2.1.1000.17205/Images/ACR-168/ACR-168_landingpage.JPG"],"guid":"3c481835-c617-4efc-a20b-ee0650c2ce4a_2.1.1000.17205_1","appID":"AdvancedFileOptimizer-171208","dateAdded":"171216","deceptorType":"App","name":"Advanced File Optimizer","company":"Systweak Software","version":"2.1.1000.17205","sigName":"Deceptor:Win32/AdvancedFileOptimizer!016017084168","firstVendorContactDate":"190521","firstAppEsteemReplyDate":"190529","firstResolvedDate":"190826","firstResolvedVersion":"2.1.1000.27284","resolved":"TRUE","lastKnownStatus":"Deceptor:2.1.1000.17205","lastKnownDate":"190826","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-08-26T22:02:01.3386161+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2650},{"violations":{"ACR-003":"The application exaggerates shared DLLs, COM and ActiveX, Invalid Shortcuts, and File Extensions to be Registry Errors, the application then states that registry problems are still in the system causing instability, error messages and lack of performance thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage elevates its consumer trust level by displaying an unverifiable Intel Software Partner logo.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA.\nThe application's internal offer webpage has no link to a website that shows the EULA.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-064":"The application's landing page has the download button displayed has \"Try Now!\" instead of using the word Download.\n"},"samples":[{"isRevoked":"False","fileName":"RegistryCleaner.exe","isInstaller":"True","companyName":"Security Stronghold","productName":"Security Stronghold Registry Cleaner","productVersion":"1.0","fileVersion":"1.3","hashMD5":"2419fc5b322f08168c1b7446244d55d2","hashSHA1":"09e0523327c9f90f75cd6b22e5a6c6c6d53c2b5e","hashSHA256":"49d003580fb57646296423cca015dcc43fdc5cf54c8a4851e69548be1dc2425e","digitalCertThumbprint":"F5DB7763760E2B4F7D91C93990F241118E82776D","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G2","digitalCertIssuedTo":"Security Stronghold LLC","sourceIndex":"3128","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com(Speed up my computer)","landingPage":"https://www.securitystronghold.com/registry_cleaner.html","directDownloadingLink":"https://www.securitystronghold.com/download/site/RegistryCleaner.exe","ipv4":"","ipv6":"","sourceIndex":"3128"}],"sampleFiles":["171216/RegistryCleaner-171208/1.0/Samples/RegistryCleaner.exe"],"imageFiles":["171216/RegistryCleaner-171208/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","171216/RegistryCleaner-171208/1.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","171216/RegistryCleaner-171208/1.0/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":[],"guid":"c9d9f99a-3040-4af1-9e12-765cc7fcd2d7_1.0_1","appID":"RegistryCleaner-171208","dateAdded":"171216","deceptorType":"App","name":"Security Stronghold Registry Cleaner","company":"Security Stronghold LLC ","version":"1.0","sigName":"Deceptor:Win32/RegistryCleaner!003017","lastKnownStatus":"Deceptor:1.0","lastKnownDate":"171208","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-03-29T02:20:15.5967879+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2649},{"violations":{"ACR-003":"App exaggerates system healthy condition as URGENT based on the invalid registry items and junk, cache, temp files identified. It raises misleading urgency for user to take action fixing them. \n","ACR-084":"App creates scheduled task without disclosure in document (EULA/ToS) or during app installation. The scheduled task is on even \"do not schedule\" is selected in app setting.\n\n"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition as URGENT based on the invalid registry items and junk, cache, temp files identified. It raises misleading urgency for user to take action fixing them. \n"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"PPC-software","productName":"PPC-software","productVersion":"3.2.1","fileVersion":"3.2.1.0","hashMD5":"efd6e0125edda94ed57904fddbceab2a","hashSHA1":"3c1a85ddc2d9cf0ecbcadd7a3082d2e3bbd8bd1b","hashSHA256":"473a6350ab37888546bb4fdd0fa10345887473d16040d27d0336a5c9604923fe","digitalCertThumbprint":"ac76d26cb6352773f1b0445ffc247ed198071639","sourceIndex":"3703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PPC-software","productName":"PPC-software","productVersion":"n/a","fileVersion":"3.1.5","hashMD5":"dbfe0376b0197f60cc57f027a4d7cb3f","hashSHA1":"d6ba892679c0f744251b24161a49d13098e0c876","hashSHA256":"916e01a0e94dbb1e9ac13c83cad45400dd74e598f09d1c9ed97194874664433f","digitalCertThumbprint":"c3c83521f00e7ca0bd656e3c469c5fd381026970","sourceIndex":"3703","avBlockList":["360 Total Security (20220519)","Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","COMODO Antivirus (20220519)","Dr.Web Security Space (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","Trend Micro Internet Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["Bitdefender Internet Security (20220519)","Tencent PC Manager (20220519)","VIPRE Advanced Security (20220519)"]},{"isRevoked":"False","fileName":"PPC-software.exe","isInstaller":"True","companyName":"PPC-software","productName":"PPC-software","productVersion":"3.2.6.0","fileVersion":"3.2.6.0","hashMD5":"6cb7828d4065ebc4734d2cc0877e609f","hashSHA1":"904e258dc3c13abc541ad325c67c1bf609f30eb3","hashSHA256":"890895ed2578c04fe30314e021826ba8880c9a21991be97ca91203103816d21c","digitalCertThumbprint":"F917BDA3E37F3F903538C46921B26849E16717AB","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"SAND DOLLAR MEDIA LLC","sourceIndex":"3703","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PPC-software","productName":"PPC-software","productVersion":"3.2.1","fileVersion":"3.2.1.0","hashMD5":"efd6e0125edda94ed57904fddbceab2a","hashSHA1":"3c1a85ddc2d9cf0ecbcadd7a3082d2e3bbd8bd1b","hashSHA256":"473a6350ab37888546bb4fdd0fa10345887473d16040d27d0336a5c9604923fe","digitalCertThumbprint":"ac76d26cb6352773f1b0445ffc247ed198071639","sourceIndex":"3704","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PPC-software","productName":"PPC-software","productVersion":"n/a","fileVersion":"3.1.5","hashMD5":"dbfe0376b0197f60cc57f027a4d7cb3f","hashSHA1":"d6ba892679c0f744251b24161a49d13098e0c876","hashSHA256":"916e01a0e94dbb1e9ac13c83cad45400dd74e598f09d1c9ed97194874664433f","digitalCertThumbprint":"c3c83521f00e7ca0bd656e3c469c5fd381026970","sourceIndex":"3704","avBlockList":["360 Total Security (20220519)","Avast Premium Security (20220519)","AVG Internet Security (20220519)","Avira Internet Security (20220519)","COMODO Antivirus (20220519)","Dr.Web Security Space (20220519)","ESET Internet Security (20220519)","G DATA INTERNET SECURITY (20220519)","K7 Total Security (20220519)","Kaspersky Internet Security (20220519)","Malwarebytes Premium (20220519)","McAfee Total Protection (20220519)","Norton Security (20220519)","Panda Dome (20220519)","Quick Heal Internet Security (20220519)","Sophos Home Premium (20220519)","SpyHunter5 (20220519)","Total AV Antivirus Pro (20220519)","Trend Micro Internet Security (20220519)","VirIT eXplorer PRO (20220519)","Webroot SecureAnywhere (20220519)","Windows Defender (20220519)"],"avAllowList":["Bitdefender Internet Security (20220519)","Tencent PC Manager (20220519)","VIPRE Advanced Security (20220519)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Deceptive ads reported by MalwareBytes","landingPage":"http://my-pc-cleaner.org/dl-ppc/?OTA3fDExMTk5OHxVU3wzfDF8fHx8fA&rwp_campaignid=9088&rwp_clk=OTA3fDExMTk5OHxVU3wzfDF8fHx8fA&rwp_clkid=58f44cab374b3&rwp_pubid=907&rwp_al=g0gle&rwp_lpid=2","directDownloadingLink":"https://s3.amazonaws.com/safe-new-ppc-w/mk33g0gle/PPC-softwareSetup.exe?response-content-disposition=attachment%3B%20filename%3D%22PPC-softwareSetup%40g%2Bclk2%3D58f44cab374b3.exe%22&response-content-type=application%2Foctet-stream&X-Amz-Content-Sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIJPJRAOVS3FON4WA%2F20170418%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20170418T002132Z&X-Amz-SignedHeaders=Host&X-Amz-Expires=600&X-Amz-Signature=8df27fe6a75fe927526a6429bb5967474fdaf9c18aedc2a62877d745b6026ccc","sourceIndex":"3703"},{"howFound":"Hunt.PartnerReport","reference":"Deceptive ads reported by MalwareBytes","landingPage":"https://propccleaner.com/","sourceIndex":"3704"}],"sampleFiles":[],"imageFiles":["171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/ExaggeratedIssues.JPG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/ProPCCleaner_003.PNG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/ProPCCleaner_003_2.PNG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/ProPCCleaner_003_3.PNG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/RaiseUrgencyWithExaggeratedIssues.JPG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/SharedDLLTempFileReportedAsRegistryIssues.JPG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-084/ProPCCleaner_084.PNG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-INFO/PPCCleaner.mp4"],"nonDeceptorImageFiles":["171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/ExaggeratedIssues.JPG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/ProPCCleaner_003.PNG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/ProPCCleaner_003_2.PNG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/ProPCCleaner_003_3.PNG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/RaiseUrgencyWithExaggeratedIssues.JPG","171215/D-PPCCleaner-00034/3.2.1.0/Images/ACR-003/SharedDLLTempFileReportedAsRegistryIssues.JPG"],"guid":"f0c99452-e6cf-4287-9b94-130fc72e026e_3.2.1.0_1","appID":"D-PPCCleaner-00034","dateAdded":"171215","deceptorType":"App","name":"PROPCCleaner","company":"PPC-software","version":"3.2.1.0","sigName":"Deceptor:Win32/PPCCleaner!003084","firstVendorContactDate":"170807","firstAppEsteemReplyDate":"170807","firstResolvedDate":"171215","firstResolvedVersion":"3.3.4","resolved":"TRUE","lastKnownStatus":"Deceptor:3.2.1.0;3.2.6.0","lastKnownDate":"171107","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:39:57.4273909+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2651},{"violations":{"ACR-003":"The application uses the word 'Errors' to increase urgency for non-urgent \"issues”, the application displays the message saying 'Warning: some errors are dangerous, please fix them immediately for better system performance' thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying multiple unverifiable 5 star review rating logos.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or the Terms of Service.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no digitally signed certificate or any certificate it is unsigned.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-003":"The application uses the word 'Errors' to increase urgency for non-urgent \"issues”, the application displays the message saying 'Warning: some errors are dangerous, please fix them immediately for better system performance' thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page elevates its consumer trust level by displaying two unverifiable 5 star review rating logos.\n"},"samples":[{"isRevoked":"False","fileName":"pc_manager.exe","isInstaller":"True","companyName":"PC Manager Studio","productName":"PC Manager","hashMD5":"9c516dbf360dbcc9087b2728bb6d9836","hashSHA1":"c12214df1340d53a2131ca33c7fff97110afc422","hashSHA256":"379f904db8e536863f7202f8bd766a4812b21ae266d81dd6a37002bb2fcc3042","sourceIndex":"3737","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com(Speed up my computer)","landingPage":"http://www.pc-manager.org/","directDownloadingLink":"http://www.pc-manager.org/pc_manager.exe","ipv4":"","ipv6":"","sourceIndex":"3737"}],"sampleFiles":["171214/PCManager-171213/9.5/Samples/pc_manager.exe"],"imageFiles":["171214/PCManager-171213/9.5/Images/ACR-003/ACR_003_SOFTWARE.PNG","171214/PCManager-171213/9.5/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","171214/PCManager-171213/9.5/Images/ACR-017/ACR_017_LANDING_PAGE.PNG"],"nonDeceptorImageFiles":["171214/PCManager-171213/9.5/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","171214/PCManager-171213/9.5/Images/ACR-003/ACR_003_SOFTWARE.PNG","171214/PCManager-171213/9.5/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","171214/PCManager-171213/9.5/Images/ACR-017/ACR_017_LANDING_PAGE.PNG"],"guid":"f5848caf-9798-46ef-abbd-0c2ae7654148_9.5_1","appID":"PCManager-171213","dateAdded":"171214","deceptorType":"App","name":"PC Manager","company":"PC Manager Studio","version":"9.5","sigName":"Deceptor:Win32/PCManager!003017","lastKnownStatus":"Deceptor:9.5","lastKnownDate":"171213","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-02-15T00:29:57.7047192+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2652},{"violations":{"ACR-017":"The internal offer page elevates its user trust level by displaying fake, unverifiable endorsements. Microsoft partner network and Intel software partner endorsement were displayed on the internal offer page but are unverifiable links does not lead to any valid website.\n","ACR-084":"The scheduled task can't be removed even user chooses to disable the schedule task.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe landing page has no link to a webpage that shows how to uninstall the app.\n\nThe internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-167":"The application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-017":"The landing page fraudulently elevates its user trust level by displaying fake, unverifiable endorsements. Microsoft partner network and Intel software partner endorsement were displayed on the landing page but are unverifiable links does not lead to any valid website.\nThe application fraudulently elevates its user trust level by displaying fake, unverifiable endorsements. Microsoft partner network and Intel software partner endorsement were displayed on the docs page but are unverifiable links does not lead to any valid website.\n"},"samples":[{"isRevoked":"False","fileName":" ComputerDriversDownloadUtility.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":" Computer Drivers Download Utility","productVersion":"3.6.0","hashMD5":"872e62c6def1a127ea183bdfd421ba27","hashSHA1":"e6a195e699033a3871aa32982636307c5b76c5c0","hashSHA256":"ceeea7cca3ce7a0158f33ca9a4893a97c0e08f88912f0ac13532858e5c8fc89c","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3721","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.lionsea.com/product_computerdriversdownloadutility.php","directDownloadingLink":"http://www.lionsea.com/download/drivers/Computer_Drivers_Download_Utility_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3721"}],"sampleFiles":["171214/ComputerDriversDownloadUtility-171213/3.6.0/Samples/Computer_Drivers_Download_Utility_Setup.exe"],"imageFiles":["171214/ComputerDriversDownloadUtility-171213/3.6.0/Images/ACR-017/acr_017_DC.PNG","171214/ComputerDriversDownloadUtility-171213/3.6.0/Images/ACR-017/acr_017_IO.PNG","171214/ComputerDriversDownloadUtility-171213/3.6.0/Images/ACR-017/acr_017_LP.PNG","171214/ComputerDriversDownloadUtility-171213/3.6.0/Images/ACR-084/ComputerDriverDownload.PNG"],"nonDeceptorImageFiles":["171214/ComputerDriversDownloadUtility-171213/3.6.0/Images/ACR-017/acr_017_DC.PNG","171214/ComputerDriversDownloadUtility-171213/3.6.0/Images/ACR-017/acr_017_IO.PNG","171214/ComputerDriversDownloadUtility-171213/3.6.0/Images/ACR-017/acr_017_LP.PNG"],"guid":"ee88959e-76fa-4570-bddb-012d19545da8_3.6.0_1","appID":"ComputerDriversDownloadUtility-171213","dateAdded":"171214","deceptorType":"App","name":"Computer Drivers Download Utility","company":"LionSea Software co., ltd","version":"3.6.0","sigName":"Deceptor:Win32/ComputerDriversDownloadUtility!017084","lastKnownStatus":"Deceptor:3.6.0","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2653},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable the from starting on user log on from the application interface.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, on the install.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer. Only privacy policy of the merchant is provided.\n\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\n\nThe application has no link or information that shows how to uninstall the app.\n\n","ACR-171":"The consumer is required to opt-out of recurring payment.\nThe consumer is required to opt-out of recurring payment.\n"},"samples":[{"isRevoked":"False","fileName":"SuperOptimizer.exe","isInstaller":"True","companyName":"Super PC Tools ltd","productName":"Super Optimizer","productVersion":"3.2.0.1","fileVersion":"3.2.0.1","hashMD5":"a59244e162bd03e51cdb51a4e73808ec","hashSHA1":"92d6d744f4aadd1362b0d9978a1af2c34c0ecc75","hashSHA256":"a5e9c4d3683306b104eb461a6493b7c8aeaa38e6604c288c2f558b35fde4d4c5","digitalCertThumbprint":"46ED3D98C2CE6FE7CAB32F5E242D71CB1D0E17FE","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Super PC Tools Limited","sourceIndex":"3612","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SuperOptimizer.exe","isInstaller":"True","companyName":"Super PC Tools ltd","productName":"Super Optimizer","productVersion":"3.2.0.1","fileVersion":"3.2.0.1","hashMD5":"3ad1d3239777bcd0a1e6eb0d7a15baaf","hashSHA1":"155a5e19d02bd879ced22a8461ea2273e178db59","hashSHA256":"e16a0ff0b4b298eb7c32fdde4a0cca10090cf1f4b379eb20171d3ba7ff4db1d7","digitalCertThumbprint":"46ed3d98c2ce6fe7cab32f5e242d71cb1d0e17fe","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Super PC Tools Limited","sourceIndex":"3612","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://superpctools.com/en/super-optimizer/","directDownloadingLink":"http://dl.superpcdownload.net/211001623/SuperOptimizer.exe","ipv4":"","ipv6":"","sourceIndex":"3612"}],"sampleFiles":["171212/Superoptimizer-171127/3.2.0.1/Samples/SuperOptimizer.exe","171212/Superoptimizer-171127/3.2.0.1/Samples/SuperOptimizer_3AD1.exe"],"imageFiles":["171212/Superoptimizer-171127/3.2.0.1/Images/ACR-084/ACR-084_software.JPG","171212/Superoptimizer-171127/3.2.0.1/Images/ACR-084/ACR-084_software1.JPG"],"nonDeceptorImageFiles":["171212/Superoptimizer-171127/3.2.0.1/Images/ACR-065/ACR-065_install.JPG","171212/Superoptimizer-171127/3.2.0.1/Images/ACR-065/ACR-065_software.JPG","171212/Superoptimizer-171127/3.2.0.1/Images/ACR-065/ACR-065_internaloffer.JPG","171212/Superoptimizer-171127/3.2.0.1/Images/ACR-171/ACR-171_landingpage.JPG","171212/Superoptimizer-171127/3.2.0.1/Images/ACR-171/ACR-171_internaloffer.JPG"],"guid":"0ec09ef2-fa1e-4b54-b552-29e87f25930d_3.2.0.1_1","appID":"Superoptimizer-171127","dateAdded":"171212","deceptorType":"App","name":"Super Optimizer","company":"Super PC Tools ltd","version":"3.2.0.1","sigName":"Deceptor:Win32/SuperOptimizer!084","firstVendorContactDate":"180618","firstAppEsteemReplyDate":"180618","firstResolvedDate":"180618","firstResolvedVersion":"App stops distributing, download link shutdown. Move to purchase mode only","resolved":"TRUE","lastKnownStatus":"3.2.0.1","lastKnownDate":"171129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-20T16:45:15.7533229+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2654},{"violations":{"ACR-043":"App installs undisclosed components from ESET and AVIRA\n","ACR-107":"No permission has been granted from AVIRA or ESET to use their AV engine components\n","ACR-050":"App automatically disables Windows Defender from executing\n","ACR-097":"App auto-disables Defender\n","ACR-118":"Uninstall leaves executables on the computer\n"},"nonDeceptorViolations":{"ACR-065":"No links to EULA/Terms of Service and Privacy on the landing page\n","ACR-001":"Auto-disables Defender, which is not allowed\n","ACR-092":"Installer is not digitally signed\n","ACR-093":"App automatically disabled Defender without obtaining explicit user consent\n","ACR-036":"EULA does not disclose AVIRA and ESET AV Engine usage\n","ACR-107":"No permission has been granted from AVIRA or ESET to use their AV engine components\n"},"samples":[{"isRevoked":"False","fileName":"SheedAVSetup.exe","isInstaller":"True","companyName":"SheedSoft Ltd.","productName":"Sheed A.V.","productVersion":"2.30, 0, 0","fileVersion":"2.3","hashMD5":"a8c82f511092e628e4fe0fc66bc2678d","hashSHA1":"df4d0fa9d3eb759323086d111bad795b92a3ff1d","hashSHA256":"7e65b5c160f74ec5ff2ef7d533344823d1d283d9cc4e04f34aa2a80fe949ac59","sourceIndex":"3722","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Partner.Submission","reference":"AV-C report ","landingPage":"http://sheedantivirus.ir","directDownloadingLink":"http://dl.sheedantivirus.ir/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3722"}],"sampleFiles":["171212/SheedAntivirus-171211/2.3.0.0/Samples/SheedAVSetup.exe"],"imageFiles":["171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-043/ACR-107 avira engine installed.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-043/ACR-107 unauthorized use of avira and eset.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-036/ACR-107 unauthorized use of avira and eset.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-043/ACR-107 avira engine installed.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-043/ACR-107 unauthorized use of avira and eset.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-107/ACR-107 unauthorized use of avira and eset.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-001/ACR-050 disables Defender.gif","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-093/ACR-050 disables Defender.gif","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-097/ACR-050 disables Defender.gif","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-050/ACR-050 disables Defender.gif","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-097/ACR-050 disables Defender.gif","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-118/acr-118 retained files after uninstall.png"],"nonDeceptorImageFiles":["171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-001/ACR-050 disables Defender.gif","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-092/acr-092 not signed installer.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-093/ACR-050 disables Defender.gif","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-036/ACR-107 unauthorized use of avira and eset.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-036/ACR-107 unauthorized use of avira and eset.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-043/ACR-107 avira engine installed.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-043/ACR-107 unauthorized use of avira and eset.png","171212/SheedAntivirus-171211/2.3.0.0/Images/ACR-107/ACR-107 unauthorized use of avira and eset.png"],"guid":"fd26938b-2d25-4165-83b2-c5d08d9a3d9b_2.3.0.0_1","appID":"SheedAntivirus-171211","dateAdded":"171212","deceptorType":"App","name":"Sheed A.V.","company":"SheedSoft Ltd.","version":"2.3.0.0","sigName":"Deceptor:Win32/SheedAV!043050097107118","lastKnownStatus":"Deceptor:2.3.0.0","lastKnownDate":"171211","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:32:57.7848195+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2655},{"violations":{"ACR-003":"The application exaggerates registry keys as an error or a problem, thereby misleading or scaring user to take action .\n\n\n","ACR-017":"The offer page  fraudently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-017":"The application fraudently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\nThe landing page fraudently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n"},"samples":[{"isRevoked":"False","fileName":"SmartScriptErrorFixer.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"SmartScriptErrorFixer","productVersion":"4.2.0.0","fileVersion":"1.0.0.1","hashMD5":"cc5b250ff1169926948c0809e0f7a0af","hashSHA1":"3a7c1feec1b7895a718f9ea042990382da42229d","hashSHA256":"48008706b90442f57ea1987cb71b5d46889d0eb08a0bd8a82f1785a252a1b9ba","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3600","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"\"REGISTRY\"","landingPage":"http://www.lionsea.com/product_scripterrorfixerpro.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Script_Error_Fixer_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3600"}],"sampleFiles":["171212/SmartScriptErrirFixer-171115/4.2.0.0/Samples/Smart_Script_Error_Fixer_Pro_Setup.exe"],"imageFiles":["171212/SmartScriptErrirFixer-171115/4.2.0.0/Images/ACR-003/acr_003.PNG"],"nonDeceptorImageFiles":["171212/SmartScriptErrirFixer-171115/4.2.0.0/Images/ACR-017/false awards,endorsements.PNG"],"guid":"597e99c6-ef39-499c-97b0-ca57a2c0de9d_4.2.0.0_1","appID":"SmartScriptErrirFixer-171115","dateAdded":"171212","deceptorType":"App","name":"SmartScriptErrorFixer","company":"LionSea Software co., ltd","version":"4.2.0.0","sigName":"Deceptor:Win32/SmartScriptErrorFixer!003017","lastKnownStatus":"Deceptor:4.2.0.0,4.3.6.0","lastKnownDate":"171221","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T03:08:02.4391471+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2521},{"violations":{"ACR-003":"The app reports identified \"Shared DLL's\" and \"Empty Registry Keys\" as errors with exaggerated numbers, thereby misleading or scaring the consumer to take action.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Registry Cleaner V7.exe","isInstaller":"True","companyName":"Madcrosoft UK","productName":"Registry Cleaner V7","productVersion":"7.0.9.4","fileVersion":"7.0.9.4","hashMD5":"b2df5c304cec929ef498b12445e9c9c1","hashSHA1":"fd336d86e6c70e278c6af69e592fd6d79d2e3e33","hashSHA256":"a559efe8e6186721cb65ce0edee955808400c745e46498fa5378b2cdb287e0ab","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"3304","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.madcrosoft.com/","directDownloadingLink":"http://download.cnet.com/Registry-Cleaner/3001-2094_4-10769192.html","ipv4":"","ipv6":"","sourceIndex":"3304"}],"sampleFiles":["171212/D-K7-RegistryCleanerV7-171020/7.0.9.4/Samples/Registry Cleaner V7.exe"],"imageFiles":["171212/D-K7-RegistryCleanerV7-171020/7.0.9.4/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLL&EmptyRegistryKeys_As_Errors.JPG","171212/D-K7-RegistryCleanerV7-171020/7.0.9.4/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLL&EmptyRegistryKeys_As_Errors1.JPG","171212/D-K7-RegistryCleanerV7-171020/7.0.9.4/Images/ACR-003/ACR-003_Software_Exaggeration.mp4"],"nonDeceptorImageFiles":[],"guid":"41e592c1-72f3-4c7b-aec0-705f5d2ddf8f_7.0.9.4_1","appID":"D-K7-RegistryCleanerV7-171020","dateAdded":"171212","deceptorType":"App","name":"Registry Cleaner 7","company":"Madcrosoft UK","version":"7.0.9.4","sigName":"Deceptor:Win32/RegistryCleaner7!003","lastKnownStatus":"Deceptor:7.0.9.4","lastKnownDate":"190123","lastUpdate":"2019-01-24T00:18:03.2972597+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2656},{"violations":{"ACR-050":"The application blocks or circumvents the operating system in-built security mechanisms. The task scheduler shows where the application skips multiple UAC prompts.\n\n","ACR-017":"The application elevates its user trust level by displaying fake, unverifiable endorsements. Install displays a Microsoft logo as well as a GEO trust logo with no link to verify the logos. \n\nThe application elevates its user trust level by displaying fake, unverifiable endorsements. Uninstall page displays a Microsoft logo as well as a GEO trust logo with no link to verify the logos. \n"},"nonDeceptorViolations":{"ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe landing page has no link to a webpage that shows how to uninstall the app.\n\nThe internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-171":"The consumer is required to opt-out of recurring payment.\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable endorsements. Landing page displays a Microsoft logo as well as a GEO trust logo with no link to verify the logo's. \nThe application fraudulently elevates its user trust level by displaying fake, unverifiable endorsements. Doc's page displays a Microsoft logo as well as a GEO trust logo with no link to verify the logo's. \n"},"samples":[{"isRevoked":"False","fileName":"simpliclean.exe","isInstaller":"True","companyName":"Simplitec GmbH","productName":"simpliclean","productVersion":"2.6.0.89","fileVersion":" 2.3.0.104","hashMD5":"0d48c5a26de0f64c65348e1ab52c6dfa","hashSHA1":"ed535dca4551b399c4ea564a0314c08c2d85a9f5","hashSHA256":"24e1fe37c25cdfea97f0d281a98c33cef0ade465c40f387d89f4e411cc7307c9","digitalCertThumbprint":"E47C4F8664AE62293A2FC8A6766CC0B1DF2B00EE","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Simplitec GmbH","sourceIndex":"3802","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://www.simplitec.com/en/power-suite","directDownloadingLink":"https://www.simplitec.com/en/power-suite","ipv4":"","ipv6":"","sourceIndex":"3802"}],"sampleFiles":["171211/simpliclean-171129/2.6.0.89/Samples/2.6.0.89 simpliclean.exe"],"imageFiles":["171211/simpliclean-171129/2.6.0.89/Images/ACR-050/acr_050.PNG","171211/simpliclean-171129/2.6.0.89/Images/ACR-017/acr_017_1.PNG","171211/simpliclean-171129/2.6.0.89/Images/ACR-017/acr_017_1.PNG","171211/simpliclean-171129/2.6.0.89/Images/ACR-017/acr_017.PNG","171211/simpliclean-171129/2.6.0.89/Images/ACR-017/acr_017_U.PNG"],"nonDeceptorImageFiles":["171211/simpliclean-171129/2.6.0.89/Images/ACR-171/acr_171.PNG","171211/simpliclean-171129/2.6.0.89/Images/ACR-017/acr_017_1.PNG","171211/simpliclean-171129/2.6.0.89/Images/ACR-017/acr_017_1.PNG","171211/simpliclean-171129/2.6.0.89/Images/ACR-017/acr_017.PNG","171211/simpliclean-171129/2.6.0.89/Images/ACR-017/acr_017_U.PNG"],"guid":"6f8389a5-e3d3-46ae-a45b-c0a19221d319_2.6.0.89_1","appID":"simpliclean-171129","dateAdded":"171211","deceptorType":"App","name":"Simpliclean","company":"Simplitec GmbH","version":"2.6.0.89","sigName":"Deceptor:Win32/Simpliclean!017050","firstVendorContactDate":"171218","firstAppEsteemReplyDate":"171218","firstResolvedDate":"171218","firstResolvedVersion":"2.6.0.145","resolved":"TRUE","lastKnownStatus":"Deceptor:2.6.0.89","lastKnownDate":"171129","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:15:57.4910433+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2657},{"violations":{"ACR-043":"One or more third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page. Ex.: changeq.exe, common.dll, etc…\n","ACR-084":"1. The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n2. The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-118":"When the user attempts to completely uninstall the application, app retains some of its components on the device without the consumer's consent\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"WinMend-Disk-Cleaner.exe","isInstaller":"True","companyName":"WinMend.com","fileVersion":"","hashMD5":"3f254858635bf1a0a72ab0c161e342e5","hashSHA1":"b1b48475c8990e3b01dcb3dbe9571ce954dae2e7","hashSHA256":"5922b6b63a3fdff153189dbc67c267de4f86c9ecd56c9872552ba7ed2b5c90c3","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"2518","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.majorgeeks.com/","directDownloadingLink":"http://www.majorgeeks.com/mg/get/winmend_disk_cleaner,1.html","ipv4":"","ipv6":"","sourceIndex":"2518"}],"sampleFiles":["171211/D-K7-DiskCleaner-171020/2.0.0.0/Samples/WinMend-Disk-Cleaner.exe"],"imageFiles":["171211/D-K7-DiskCleaner-171020/2.0.0.0/Images/ACR-043/ACR-043_Software_ThirdParty_Executables_Used_Without_The_Consumers_Knowledge.JPG","171211/D-K7-DiskCleaner-171020/2.0.0.0/Images/ACR-084/ACR-084.mp4","171211/D-K7-DiskCleaner-171020/2.0.0.0/Images/ACR-084/ACR-084_Software_Runs_Silently_Without_The_Consumers_Knowledge.JPG","171211/D-K7-DiskCleaner-171020/2.0.0.0/Images/ACR-084/ACR-084_Software_ScheduledTask_Created_Without_The_Consumers_Knowledge.JPG","171211/D-K7-DiskCleaner-171020/2.0.0.0/Images/ACR-118/ACR-118.mp4","171211/D-K7-DiskCleaner-171020/2.0.0.0/Images/ACR-118/ACR-118_Uninstall_Retains_Executables_Without_The_Consumer's_Knowldege.JPG"],"nonDeceptorImageFiles":[],"guid":"523e14d3-b8b6-4757-83b9-aa7f1cdacb4b_2.0.0.0_1","appID":"D-K7-DiskCleaner-171020","dateAdded":"171211","deceptorType":"App","name":"WinMend Disk Cleaner","company":"Winmend.com","version":"2.0.0.0","sigName":"Deceptor:Win32/WinMendDiskCleaner!043084118","lastKnownStatus":"Deceptor:2.0.0.0","lastKnownDate":"200318","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid","lastUpdate":"2020-03-18T20:40:37.5580734+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2658},{"violations":{"ACR-003":"The application exaggerates empty or invalid registry keys, junk files and browser cookies as issues of high impact and uses red color gradient to increase urgency of the issues, thereby misleading or scaring user to take action.\nThe application also labeled the PC Network Security as low due to remote desktop connection being disabled which is misleading.\nThe application also does not provide any details for the reported issues in the sub-categories.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\nThe application displays five star awards from Tucows and Cnet which are false or unable to be verified.\n","ACR-084":"The application cannot be disabled by the standard application interface as after disabling \"launch on system startup\" the task is still active in the systems task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no links or information that shows how it can be uninstalled.\nThe application has no links or information that shows how it can be uninstalled.\nThe application has no links or information that shows how it can be uninstalled.\n","ACR-150":"The app displays five star awards that are unable to be verified.\n\n"},"samples":[{"isRevoked":"False","fileName":"gargizersetup.exe","isInstaller":"True","companyName":"www.gargizer.com","productName":"Gargizer System Repair","productVersion":"1.0.0.38471","fileVersion":"1.0.0.38471","hashMD5":"f6cec4f5654f624026494107f86e6c09","hashSHA1":"59a88ad03db9923278661d4f8fc566460786a3d5","hashSHA256":"0c1b7fb9a6712237d7f873d095f262973ddf65bdd561a6334f29e41157ef844b","digitalCertThumbprint":"2F39E69F52EE1AFECB23329F9B274CDD9ED6DE45","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"GarGizer System Repair","sourceIndex":"3305","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Windows Defender (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.submission","reference":"submitted by PC Pitstop","landingPage":"http://gargizer.com/","directDownloadingLink":"http://dvcq5f467m64m.cloudfront.net/securedl/gargizersetup.exe","ipv4":"","ipv6":"","sourceIndex":"3305"}],"sampleFiles":["171208/GargizerSystemRepair-171204/1.0.0.38471/Samples/gargizersetup.exe"],"imageFiles":["171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-003/ACR-003_software.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-003/ACR-003_software1.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-003/ACR-003_software2.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-003/ACR-003_software3.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-003/ACR-003_software4.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-017/ACR-017_internaloffer.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-084/ACR-084_software.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-084/ACR-084_software1.JPG"],"nonDeceptorImageFiles":["171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-065/ACR-065_software.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-065/ACR-065_internaloffer.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-161/ACR-161_internaloffer.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-161/ACR-161_internaloffer2.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-088/ACR-088_software.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-099/ACR-099_software.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-099/ACR-099_landingpage.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-099/ACR-099_internaloffer.JPG","171208/GargizerSystemRepair-171204/1.0.0.38471/Images/ACR-150/ACR-150_internaloffer.JPG"],"guid":"6c246cca-791d-464d-86e9-84686f34ec6f_1.0.0.38471_1","appID":"GargizerSystemRepair-171204","dateAdded":"171208","deceptorType":"App","name":"Gargizer System Repair","company":"gargizer.com","version":"1.0.0.38471","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:17:25.1983462+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2659},{"violations":{"ACR-003":"The application reports identified system problems with exaggerated numbers, thereby misleading or scaring the user to take action. The app is collecting numbers that are not phone numbers and call them as such which leads to exaggerated results. Users are being warned of plenty “Identity Traces” on the machine.\n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying misleading endorsements. Logos are only applicable to the website and not the app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"apmsetupsite.exe","isInstaller":"True","companyName":"AdvancedPasswordManager.com","productName":"Advanced Password Manager","productVersion":"1.0.0.24022","fileVersion":"Advanced Password Ma","hashMD5":"3667526b01d58e9482c6a6ce06b778c8","hashSHA1":"f53e4e1f0a8255e697cbfbabf455022595ba6b71","hashSHA256":"fa4843cbdd1a193ad29fd1a30bd7a1b2d98a9fa6088a2bf39e2c5a7a09c8d746","digitalCertThumbprint":"de4e8602056525627d0ffed29baa7eb4ceeecc30","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"IN, 302039, RAJASTHAN, JAIPUR, \"104,SURAáNAGAR,OPPáROADáNOá5á,NEARáPRINCEáSCHOOL,MURLIPURAáSCHEME\", ADVANCED PASSWORD MANAGER, ADVANCED PASSWORD MANAGER","sourceIndex":"3683","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"www.advancedpasswordmanager.com","directDownloadingLink":"http://cdn.advancedpasswordmanager.com/apm/c2/securedl/apmsetupsite.exe","ipv4":"","ipv6":"","sourceIndex":"3683"}],"sampleFiles":["171208/advancedpasswordmanager-171208/1.0.0.24022/Samples/apmsetupsite.exe"],"imageFiles":["171208/advancedpasswordmanager-171208/1.0.0.24022/Images/ACR-003/ACR-003_Software_ExaggeratedResults.png","171208/advancedpasswordmanager-171208/1.0.0.24022/Images/ACR-017/ACR-017_Software_MisleadingLogos.png"],"nonDeceptorImageFiles":[],"guid":"81bad3af-02c7-42e6-af55-f40bb1adf055_1.0.0.24022_1","appID":"advancedpasswordmanager-171208","dateAdded":"171208","deceptorType":"App","name":"Advanced Password Manager","company":"PCVARK SOFTWARE PRIVATE LIMITED","version":"1.0.0.24022","sigName":"Deceptor:Win32/AdvancedPasswordManager!003017","firstVendorContactDate":"180220","firstAppEsteemReplyDate":"180220","firstResolvedDate":"180222","firstResolvedVersion":"1.0.0.24023","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.24022","lastKnownDate":"171208","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-23T06:48:44.8806003+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2660},{"violations":{"ACR-047":"When installation is canceled by the user, a shortcut on the desktop is created to resume installation.\n","ACR-048":"Installs even if consumer select no at UAC prompt.\n"},"nonDeceptorViolations":{"ACR-047":"Offers in landing page require repeated confirmation to skip.\n"},"samples":[{"isRevoked":"False","fileName":"gang-beasts_0853657119.exe","isInstaller":"True","companyName":"Bones","productName":"Leli","productVersion":"3.7.8","fileVersion":"                    ","hashMD5":"04bf61cee292347d5e13fd5eb8bc315f","hashSHA1":"eaad79294e77e0862d6f58f899cb10cb108c991f","hashSHA256":"bc2c451e3ab3315842c4cb34b7e81116c87d1ca4a34a07b58f6cb3fe63df98c0","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"3461","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Gaming","reference":"Kids looking for free steam apps","landingPage":"https://gang-beasts.jaleco.com/download","directDownloadingLink":"http://www.currentfungift.com/W710A1DYv+fk8AUGurAZFfzYwoXYXaDmaKuvyfY_F7Bi59AGPcFwtPQgmJsKAjd0J1u2IWNDL9kMMZVHmTt18A9yTvtsfqyYZ+ZwoCwDIPBDs8DaQPQ7iDB7+fjInWU+K6VBY9Xx5e5BAWlK2xCay1OSdOGW5gzahxa6Z1IPmx48VRTBTR++OR7V6u9TcR+bBnQHB986lLuT3_vHmgNC_v4efu6O64IPKOfWMsSgbVDwy4tti1MlAnB1atxs94NGFftSweQoyxKxuAH5+9YJrv_NU433MvoOLO7FntE80EPaSwJRUnbWbaToH6TkYSxDHHhOytsybNN+haaYxWzdozVIsP6Cvs2VSj2yjGaNAABkFdJN7PA9telE9cu5Li6Kc3xj6vaWPsRZU+pOeioGCqJtovQjvANWxsbqnvXtVu2w5OVJ+gmCjEOV7fokwd2gJ6M+7CWJrHAHdx+d8t3nv8noZ21+7mEBMuA70y55dBhZ0sSw_rYvi0iZSxmc7i6GseY3InjKqK7SSGw3ApDZ+94ArO8fZg==-G1kAAGRgnq2tAU5isw_YgAOXdJEAH1CGGzDnqsHxfc8k0C807fvRro86ieBpA58xATN6dTfU_Tv5ecXtqq3f_tJecRH5pX0burKdH9CJKMHSiDM4Cw==-e","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.currentfungift.com/W710A1DYv+fk8AUGurAZFfzYwoXYXaDmaKuvyfY_F7Bi59AGPcFwtPQgmJsKAjd0J1u2IWNDL9kMMZVHmTt18A9yTvtsfqyYZ+ZwoCwDIPBDs8DaQPQ7iDB7+fjInWU+K6VBY9Xx5e5BAWlK2xCay1OSdOGW5gzahxa6Z1IPmx48VRTBTR++OR7V6u9TcR+bBnQHB986lLuT3_vHmgNC_v4efu6O64IPKOfWMsSgbVDwy4tti1MlAnB1atxs94NGFftSweQoyxKxuAH5+9YJrv_NU433MvoOLO7FntE80EPaSwJRUnbWbaToH6TkYSxDHHhOytsybNN+haaYxWzdozVIsP6Cvs2VSj2yjGaNAABkFdJN7PA9telE9cu5Li6Kc3xj6vaWPsRZU+pOeioGCqJtovQjvANWxsbqnvXtVu2w5OVJ+gmCjEOV7fokwd2gJ6M+7CWJrHAHdx+d8t3nv8noZ21+7mEBMuA70y55dBhZ0sSw_rYvi0iZSxmc7i6GseY3InjKqK7SSGw3ApDZ+94ArO8fZg==-G1kAAGRgnq2tAU5isw_YgAOXdJEAH1CGGzDnqsHxfc8k0C807fvRro86ieBpA58xATN6dTfU_Tv5ecXtqq3f_tJecRH5pX0burKdH9CJKMHSiDM4Cw==-e","sourceIndex":"3461"}],"sampleFiles":[],"imageFiles":["171130/D-Jaleco-170610/3.7.8/Images/ACR-047/ACR-047_Installs_ShorcutForResumingInstallation1.JPG","171130/D-Jaleco-170610/3.7.8/Images/ACR-047/ACR-047_Installs_ShorcutForResumingInstallation2.JPG","171130/D-Jaleco-170610/3.7.8/Images/ACR-048/ACR-048_Installs_BrowserExtensionInstallingExecutable.JPEG","171130/D-Jaleco-170610/3.7.8/Images/ACR-048/ACR-048_Installs_UACControlsBypassed.JPEG","171130/D-Jaleco-170610/3.7.8/Images/ACR-048/ACR-048_Installs_UnableToOptOutOfInstallation.mp4"],"nonDeceptorImageFiles":[],"guid":"9ea200cc-c1cb-46bd-97d0-e965fd4114ad_3.7.8_1","appID":"D-Jaleco-170610","dateAdded":"171130","deceptorType":"App","name":"Jaleco Download Manager","company":"Jaleco.com","version":"3.7.8","sigName":"Deceptor:Win32/Jaleco!042043047048109","lastKnownStatus":"Deceptor: 3.7.8","lastKnownDate":"181215","type":"Windows Executable","category":"Bundlers & Downloaders, Games","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2018-12-15T06:02:01.2369488+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2661},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries as errors or problems (e.g. in red), or over counting the items with exaggerated numbers when there is no fully-functional free trial provided, to mislead and/or scare the user. \n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n","ACR-084":"App doesn't have a scheduler option to disable it's task but is running in the windows scheduler task.\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the user\n\n"},"nonDeceptorViolations":{"ACR-065":"Install is missing Eula and privacy policy links.\nSoftware is missing Eula and privacy policy links.\n","ACR-163":"One to one interaction is needed in order to purchase, activate or receive support.\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-160":"Tried calling the call center there was no answer, kept saying the line is busy and then the call ended. \n","ACR-099":"Landing page is missing uninstall link.\nSoftware is missing uninstall link.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n"},"samples":[{"isRevoked":"False","fileName":"Setup.exe","isInstaller":"True","companyName":"GoPcPro","productName":"N/A","productVersion":"N/A","fileVersion":"2.1.1","hashMD5":"b5ae922d8617f55eefc876a9532eb994","hashSHA1":"364eab60f2bade53d7376cd4aa2ba317eb20542e","hashSHA256":"cf18f91a4bd12f331640f8a8f8e7db5fc082e72157b9db4df5ada23d9c66bba8","digitalCertThumbprint":"N/A","digitalCertIssuer":"N/A","digitalCertIssuedTo":"N/A","sourceIndex":"3308","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://en.gopcpro.com/","directDownloadingLink":"http://www.gopcpro.com/gopcproinst/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3308"}],"sampleFiles":["171127/GoPcPro-171016/12.8.14.4.11/Samples/setup.exe"],"imageFiles":["171127/GoPcPro-171016/12.8.14.4.11/Images/ACR-017/acr_017_offer_page.PNG","171127/GoPcPro-171016/12.8.14.4.11/Images/ACR-017/acr_017_offer_page_1.PNG","171127/GoPcPro-171016/12.8.14.4.11/Images/ACR-003/acr_003.PNG","171127/GoPcPro-171016/12.8.14.4.11/Images/ACR-003/acr_003_damage level.PNG","171127/GoPcPro-171016/12.8.14.4.11/Images/ACR-084/acr_084.PNG","171127/GoPcPro-171016/12.8.14.4.11/Images/ACR-168/one_to_one_interaction.PNG"],"nonDeceptorImageFiles":["171127/GoPcPro-171016/12.8.14.4.11/Images/ACR-017/acr_017.PNG","171127/GoPcPro-171016/12.8.14.4.11/Images/ACR-163/one_to_one_interaction.PNG"],"guid":"a5a3a068-0ff7-45df-8992-0d1a15834703_12.8.14.4.11_1","appID":"GoPcPro-171016","dateAdded":"171127","deceptorType":"App","name":"GoPcPro","company":"GoPcPro","version":"12.8.14.4.11","sigName":"Deceptor:Win32/GoPCPro!003017084168","lastKnownStatus":"Deceptor:12.8.14.4.11","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,call center","lastUpdate":"2019-01-24T00:13:39.7823384+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2663},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action. The application reports also identified these errors with exaggerated numbers, thereby misleading or scaring the user to take action.\n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake, unverifiable endorsements.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy on the internal offer page.\nThe app does not provide any links to the app's EULA and/or Terms of Service on the landing page.\nThe app does not provide any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nThe app does not provide any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide an easy to find interaction for cancellation or returns.\n","ACR-092":"The app does not have a digital signature. (unsigned)\n","ACR-099":"No uninstall information is provided on the internal offer page.\nNo uninstall instructions are provided on the landing page.\nNo uninstall information is provided on the software.\n","ACR-150":"The app provides a Microsoft. partner logo that is unable to be verified\nThe app provides multiple endorsements that are unable to be verified on the landing page.\n","ACR-159":"There was no mention on the landing page that payment will be required to activated the full functionality of the app.\n","ACR-017":"The app displays 5 star ratings from reputable sources to enhance the user trust level so they would take action.\n"},"samples":[{"isRevoked":"False","fileName":"Regalive.exe","isInstaller":"True","companyName":"RegAlive","productName":"RegAlive","productVersion":"","fileVersion":"1.0.0.0","hashMD5":"f63f750681392bd61cb8241c43f271f8","hashSHA1":"8fbba47359ebc3c99622ef7e0daa9b1cf0d424c6","hashSHA256":"7a605385979730368d914efb398507346bf3a6040872593f8dc209bf108f73f8","digitalCertThumbprint":"NA unsigned","digitalCertIssuer":"NA unsigned","digitalCertIssuedTo":"NA unsigned","sourceIndex":"3307","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com","landingPage":"http://www.regalive.com/","directDownloadingLink":"http://regalive.com/download/RegAlive_Setup.zip","ipv4":"","ipv6":"","sourceIndex":"3307"}],"sampleFiles":["171127/RegAlivePCOptimizer-171016/1.0.0/Samples/setup.exe"],"imageFiles":["171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-017/ACR_017.jpg","171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-003/ACR-003_software.PNG"],"nonDeceptorImageFiles":["171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-150/ACR-150_INTERNAL_OFFER.PNG","171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-065/ACR-065_internal_offer.PNG","171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-017/ACR-017_landing_page.PNG","171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-150/ACR-150_landing_page.PNG","171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-065/ACR-065_landing_page.PNG","171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-065/ACR-065_INSTALL.PNG","171127/RegAlivePCOptimizer-171016/1.0.0/Images/ACR-065/ACR-065_software.PNG"],"guid":"274ec51d-7d01-4934-8d96-e63a6e1f3236_1.0.0_1","appID":"RegAlivePCOptimizer-171016","dateAdded":"171127","deceptorType":"App","name":"RegAlive PC Optimizer","company":"Regalive","version":"1.0.0","sigName":"Deceptor:Win32/RegAlivePCOptimizer!003017","lastKnownStatus":"Deceptor:1.0.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:14:30.1824888+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2662},{"violations":{"ACR-043":" One or more third party components are installed without being disclosed to the user in the EULA \n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake, unverifiable endorsements.\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"AKick PC Booster.exe","isInstaller":"True","companyName":"AKick Software Pvt. Ltd.","productName":"Akick PC Booster","productVersion":"1.3.0","fileVersion":"","hashMD5":"ff6353048419f9f6d8228088dad421ee","hashSHA1":"8e6b8202923ec503fefbc4a609f8ee631b080e1c","hashSHA256":"0f2caa97529bd6f9716554b571f1f8a96b7df93e34a1f0a2c31e092abe33ac2b","digitalCertThumbprint":"91019E7771668A6BF0ECA061CDE2D884CBC38192","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"AKick Software","sourceIndex":"3309","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)","Windows Defender (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"https://www.akick.com/booster.html","directDownloadingLink":"https://www.akick.com/security/AKick%20PC%20Booster.exe","ipv4":"","ipv6":"","sourceIndex":"3309"}],"sampleFiles":["171126/D-K7-AkickPCBooster-171120/1.3.0/Samples/AKick PC Booster.exe"],"imageFiles":["171126/D-K7-AkickPCBooster-171120/1.3.0/Images/ACR-017/ACR-017_Software_Misleading_Logo.JPG","171126/D-K7-AkickPCBooster-171120/1.3.0/Images/ACR-043/ACR-043_Install_ThirdParty_Component.JPG","171126/D-K7-AkickPCBooster-171120/1.3.0/Images/ACR-168/ACR-168_Software_Additional_Offers_Not_Disclosed.JPG"],"nonDeceptorImageFiles":[],"guid":"6c65f152-782c-46c1-9e45-59b147c84797_1.3.0_1","appID":"D-K7-AkickPCBooster-171120","dateAdded":"171126","deceptorType":"App","name":"Akick PC Booster","company":"AKick Software Pvt. Ltd.","version":"1.3.0","sigName":"Deceptor:Win32/AkickPCBooster!017168043","lastKnownStatus":"Deceptor:1.3.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:13:01.2052653+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2666},{"violations":{"ACR-003":"App exaggeratedly claims optimization items and raises misleading urgency to clean them using color gradient.\n","ACR-084":"The app runs silently in the background, hiding the fact that it is active from the consumer\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PC-Shower.exe","isInstaller":"True","companyName":"Arafasoft Inc.","productName":"PC Shower 2014","productVersion":"","fileVersion":"","hashMD5":"25184dcd382ad209b9b3a0e25046b870","hashSHA1":"98b81839766cddd46a5fe5ed48fa7e90f3b198ef","hashSHA256":"3949a0c9463150ef22ceea08709e5f6b0c23ae9379caee5dffac371ed2d53058","digitalCertThumbprint":"EE082437187F349042615626C4B97D4FB56E58A8","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Wael Arafa","sourceIndex":"3012","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.arafasoft.com/pcshower2014.html","directDownloadingLink":"http://www.arafasoft.com/PC-Shower.exe","ipv4":"","ipv6":"","sourceIndex":"3012"}],"sampleFiles":["171126/D-K7-PcShower2014-171111/1.5.0/Samples/PC-Shower.exe"],"imageFiles":["171126/D-K7-PcShower2014-171111/1.5.0/Images/ACR-084/ACR-084_Software_Runs_Silently_In_The_Background.JPG","171126/D-K7-PcShower2014-171111/1.5.0/Images/ACR-084/ACR-084_Software_Runs_Silently_In_The_Background.mp4","171126/D-K7-PcShower2014-171111/1.5.0/Images/ACR-003/PCShower2014.PNG","171126/D-K7-PcShower2014-171111/1.5.0/Images/ACR-003/PCShower2014_diskclean.PNG","171126/D-K7-PcShower2014-171111/1.5.0/Images/ACR-003/PCShower2014_registryclean.PNG"],"nonDeceptorImageFiles":[],"guid":"09942c57-2a74-4230-98ba-78d97b6e8c1b_1.5.0_1","appID":"D-K7-PcShower2014-171111","dateAdded":"171126","deceptorType":"App","name":"PC Shower 2014","company":"Arafasoft Inc.","version":"1.5.0","sigName":"Deceptor:Win32/PCShower2014!003084","lastKnownStatus":"Deceptor:1.5.0","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:17:56.9887841+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2665},{"violations":{"ACR-003":"The app exaggerates \"Shared DLL\" and \"Registry Key\" as an error and portrays the importance as a \"HIGH\" system impact issue, thereby misleading or scaring user to take action \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"RegShowerD.exe","isInstaller":"True","companyName":"Arafasoft Inc.","productName":"Registry Shower 2012","productVersion":"","fileVersion":"","hashMD5":"52fab85b4d3c982d6469c4ece74045e9","hashSHA1":"8f8c1271420a3b8f8fccd52eee73d999a3bffc7a","hashSHA256":"6e20f05a6095ca1a61ed1615495f1c4a2226342a7536888ed3699ec505e34da0","digitalCertThumbprint":"EE082437187F349042615626C4B97D4FB56E58A8","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Wael Arafa","sourceIndex":"3013","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.arafasoft.com/indexr.html","directDownloadingLink":"http://www.arafasoft.com/RegShowerD.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.arafasoft.com/RegShowerD.exe","sourceIndex":"3013"}],"sampleFiles":["171126/D-K7-RegShowerD-171111/7.0/Samples/RegShowerD.exe"],"imageFiles":["171126/D-K7-RegShowerD-171111/7.0/Images/ACR-003/ACR-003_Software_Exaggerates.JPG","171126/D-K7-RegShowerD-171111/7.0/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLL_As_High_System_Impact_Issue.JPG","171126/D-K7-RegShowerD-171111/7.0/Images/ACR-003/ACR-003_Software_Exaggerates.mp4"],"nonDeceptorImageFiles":[],"guid":"8bd72cc5-1b94-4e48-b078-a5a4fa249ca2_7.0_1","appID":"D-K7-RegShowerD-171111","dateAdded":"171126","deceptorType":"App","name":"Registry Shower 2012","company":"Arafasoft inc.","version":"7.0","sigName":"Deceptor:Win32/RegistryShower!003","lastKnownStatus":"Deceptor:7.0","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:17:21.93794+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2664},{"violations":{"ACR-003":"The application uses the color red, the word errors and color gradient to increase urgency for fixing the working properly drivers, misleads user to take action.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\nThe application fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to the EULA and the privacy policy information.\nThe application has no link to webpage that shows the EULA and privacy policy information.\n","ACR-161":"The application's internal offer webpage has customer reviews that has no links back to the sources so consumers can verify if they're real.\nThe landing page has customer reviews that has no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The application's privacy policy webpage provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's internal offer webpage provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-099":"The application;s internal offer webpage has no link to a website that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling the application a webpage opens with information stating that consumer can now get the app for free with TrialPay.\n","ACR-064":"The application's landing page has the download button listed as 'Start Free Driver Scan Now! and Try First' instead of displaying the button as just 'Download'.\n","ACR-003":"The application uses the color red, the word errors and color gradient to increase urgency for fixing the working properly drivers, misleads user to take action.\n","ACR-017":"The application landing page fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"driverhivetrialsetup.exe","isInstaller":"True","companyName":"Bootstrap Development, LLC.","productName":"DriverHive","productVersion":"3.0.7.1244","fileVersion":"3.0.7.1244","hashMD5":"a85d2642966186d0769963ce46d6b7ae","hashSHA1":"c2ac3d30834ec364632e5755a57054372e3eb368","hashSHA256":"73757ff05ddb553a8c1aca875c775e2075f551e0d9e0f8a86ce9e078a1ab5cc8","digitalCertThumbprint":"116BE43C6CD59B1C0DA6AF734ECD73DEA757203E","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"Bootstrap Development, LLC","sourceIndex":"3813","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.google.com","landingPage":"http://www.driverhive.com/","directDownloadingLink":"http://dl.bootstrapdevelopment.com/trial/driverhivetrialsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3813"}],"sampleFiles":[],"imageFiles":["171125/DriverHive-171020/3.0.7.1244/Images/ACR-003/ACR-003_SOFTWARE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-017/ACR-017_INTERNAL_OFFERS.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-017/ACR-017_LANDING_PAGE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-017/ACR-017_SOFTWARE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["171125/DriverHive-171020/3.0.7.1244/Images/ACR-065/ACR-065_INSTALL.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-161/ACR-161_INTERNAL_OFFERS.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-163/ACR-163_DOCS.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-163/ACR-163_INTERNAL_OFFERS.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-170/ACR-170_SOFTWARE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-120/ACR-120_UNINSTALL.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-064/ACR-064_LANDING_PAGE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-003/ACR-003_SOFTWARE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-017/ACR-017_INTERNAL_OFFERS.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-017/ACR-017_LANDING_PAGE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-017/ACR-017_SOFTWARE.PNG","171125/DriverHive-171020/3.0.7.1244/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG"],"guid":"7afe7d65-e09a-4af5-90e3-d03873f4d9d6_3.0.7.1244_1","appID":"DriverHive-171020","dateAdded":"171125","deceptorType":"App","name":"DriverHive","company":"Bootstrap Development, LLC","version":"3.0.7.1244","sigName":"Deceptor:Win32/DriverHive!003017168","lastKnownStatus":"Deceptor:3.0.7.1244","lastKnownDate":"171020","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-02-15T00:13:26.6801676+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2672},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors and problems, thereby misleading or scaring user to take action. The application reports also identified the errors with exaggerated numbers, thereby misleading or scaring the user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nDoes not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide an easy to find interactions for cancellation or returns.\n","ACR-099":"No uninstall instructions are displayed on the internal offer\nNo uninstall instructions are displayed on the landing page.\nNo uninstall instructions are displayed on the software\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors and problems, thereby misleading or scaring user to take action. The application reports also identified the errors with exaggerated numbers, thereby misleading or scaring the user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"ErrorWiz.exe","isInstaller":"True","companyName":"SolidQuest Inc.","productName":"ErrorWiz","productVersion":"1.8","fileVersion":"na","hashMD5":"c138ab2ea910757fc3a4500cfb468dc4","hashSHA1":"7cc128ecf645a412994d80d32eade3fa88f1a555","hashSHA256":"37872b63443bffe967f220b731e73feedbf82796631a8c3289d60eaa1b939bee","digitalCertThumbprint":"CFE98957B9D76364F30FCB494515DC4BFF18D514","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SolidQuest Inc.","sourceIndex":"3723","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://www.errorwiz.com/","directDownloadingLink":"http://www.error-wiz.com/setup/ErrorWiz_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3723"}],"sampleFiles":[],"imageFiles":["171125/ErrorWiz-171024/1.8/Images/ACR-003/ACR-003_software.PNG","171125/ErrorWiz-171024/1.8/Images/ACR-003/ACR-003_software2.PNG"],"nonDeceptorImageFiles":["171125/ErrorWiz-171024/1.8/Images/ACR-065/ACR-065_install.PNG","171125/ErrorWiz-171024/1.8/Images/ACR-065/ACR-065_software.PNG","171125/ErrorWiz-171024/1.8/Images/ACR-003/ACR-003_software.PNG","171125/ErrorWiz-171024/1.8/Images/ACR-003/ACR-003_software2.PNG"],"guid":"df53b9f6-f50a-4b38-aa7c-b8b4e094221f_1.8_1","appID":"ErrorWiz-171024","dateAdded":"171125","deceptorType":"App","name":"ErrorWiz","company":"SolidQuest Inc.","version":"1.8","sigName":"Deceptor:Win32/ErrorWiz!003","lastKnownStatus":"Deceptor:1.8","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2670},{"violations":{"ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"nonDeceptorViolations":{"ACR-161":"Unable to verify the original review for the quotes that were listed, quotes are not clickable. No hyperlink was provided. \n","ACR-163":"Landing page requires one to one interaction in order to return, purchase or activate the app. \nSoftware requires one to one interaction in order to return, purchase or activate the app. \n","ACR-160":"Called the call center and the agent state the name of the company is PC power speed. Application has it's own support center but its not ATS (advance tech support).\n","ACR-099":"Landing page is missing uninstall link.\nSoftware is missing uninstall link.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"PC Power Speed.exe","isInstaller":"True","companyName":"Crawler Group, LLC","productName":"PC Power Speed","productVersion":"2.1.0.0","fileVersion":"2.1.0.108","hashMD5":"4db20f37dba0308d90a873b53fd0381f","hashSHA1":"249c6dfbaf576f826304d6dede0485ccd1eb98a5","hashSHA256":"e8ab00cb1ce32cb1b993dfd935701b317f4a103cfc9032c95f59f1dfd49b0a34","digitalCertThumbprint":"8671915258CA6BD614603E42073B0942113AB754","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Crawler Group, LLC","sourceIndex":"3311","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.pcpowerspeed.com/registrycleaner/productdetail.aspx","directDownloadingLink":"http://www.pcpowerspeed.com/dnl/config/24/PCPowerSpeedSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3311"}],"sampleFiles":["171125/PCPowerSpeed-171023/2.1.0.108/Samples/PCPowerSpeedSetup.exe"],"imageFiles":["171125/PCPowerSpeed-171023/2.1.0.108/Images/ACR-017/acr_017.PNG","171125/PCPowerSpeed-171023/2.1.0.108/Images/ACR-168/one_to_one_interaction_SW.PNG"],"nonDeceptorImageFiles":["171125/PCPowerSpeed-171023/2.1.0.108/Images/ACR-017/acr_017_LP.PNG","171125/PCPowerSpeed-171023/2.1.0.108/Images/ACR-161/acr_161.PNG","171125/PCPowerSpeed-171023/2.1.0.108/Images/ACR-163/one_to_one_interaction_LP.PNG","171125/PCPowerSpeed-171023/2.1.0.108/Images/ACR-168/one_to_one_interaction_LP.PNG","171125/PCPowerSpeed-171023/2.1.0.108/Images/ACR-163/one_to_one_interaction_SW.PNG"],"guid":"3c371e68-d4e8-4243-bc17-6580bf32e8d2_2.1.0.108_1","appID":"PCPowerSpeed-171023","dateAdded":"171125","deceptorType":"App","name":"PC Power Speed","company":"Crawler Group, LLC","version":"2.1.0.108","sigName":"Deceptor:Win32/PCPowerSpeed!017168","lastKnownStatus":"Deceptor:2.1.0.108","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center,up-sell to paid,paid","lastUpdate":"2019-01-24T00:10:26.5485407+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2669},{"violations":{"ACR-048":"The user is unable to stop the application from launching at startup from the software's interface.\n","ACR-016":"The promoted app is downloaded directly from the advertisements inside the app \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-161":"The application has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how to uninstall the app on the software.\nThe application has no link or information that shows how to uninstall the app on the internal offer.\n","ACR-171":"The consumer is required to opt-out of recurring payment.\nThe consumer is required to opt-out of recurring payment.\n"},"samples":[{"isRevoked":"False","fileName":"SuperPCCleaner.exe","isInstaller":"True","companyName":"Super Clean System Limited","productName":"Super PC Cleaner","productVersion":"4.4.0.3","fileVersion":"4.4.0.3","hashMD5":"1264f00be87d37b7d09f2691d6097e77","hashSHA1":"7f21c9364bc92ba3b514c1d3fca20ca4a80ba0f4","hashSHA256":"279c95716d5a2c99e8029a323e09274362f710694c07f28ce510744c30d17604","digitalCertThumbprint":"0EE0ABB12DBC8C30B04880A77CA6F48166FF26D5","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"PC Cleaner Tech Sp. Zo.o.","sourceIndex":"3310","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","Bitdefender Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Windows Defender (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"en.freedownloadmanager.org (pc cleaner)","landingPage":"http://supercleansystem.com/","directDownloadingLink":"http://cd.supercleanhost.net/231000501/brid%3A1/SuperPCCleaner.exe","ipv4":"","ipv6":"","sourceIndex":"3310"}],"sampleFiles":["171125/SuperPCCleaner-171124/4.4.0.3/Samples/SuperPCCleaner.exe"],"imageFiles":["171125/SuperPCCleaner-171124/4.4.0.3/Images/ACR-048/ACR-048_software.JPG","171125/SuperPCCleaner-171124/4.4.0.3/Images/ACR-048/ACR-048_software1.JPG","171125/SuperPCCleaner-171124/4.4.0.3/Images/ACR-016/SuperPCCleaner_AdsDownload.PNG"],"nonDeceptorImageFiles":["171125/SuperPCCleaner-171124/4.4.0.3/Images/ACR-065/ACR-065_software.JPG","171125/SuperPCCleaner-171124/4.4.0.3/Images/ACR-161/ACR-161_landingpage.JPG","171125/SuperPCCleaner-171124/4.4.0.3/Images/ACR-171/ACR-171_INTERNALOFFER.JPG","171125/SuperPCCleaner-171124/4.4.0.3/Images/ACR-171/ACR-171_INTERNALOFFER.JPG","171125/SuperPCCleaner-171124/4.4.0.3/Images/ACR-088/ACR-088_software.JPG"],"guid":"7aad4291-eb63-45c4-b1d0-2b3edad283e9_4.4.0.3_1","appID":"SuperPCCleaner-171124","dateAdded":"171125","deceptorType":"App","name":"Super PC Cleaner","company":"Woggle Trading Limited","version":"4.4.0.3","sigName":"Deceptor:Win32/SuperPCCleaner!048016","lastKnownStatus":"Deceptor:4.4.0.3","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:11:02.2396062+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2668},{"violations":{"ACR-003":"The application uses the color red and the word errors to increase urgency for non-urgent \"issues\",thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page fraudulently elevates its consumer trust level by displaying a unverifiable 5 star ratings,  endorsements and company logos.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to the EULA and privacy policy information.\nThe application has no link to webpage that shows the EULA and privacy policy information.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n","ACR-099":"The application's internal offer website has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-159":"The application's landing page has no mention that the app will be a trial version or payment will be made to get full features.\n","ACR-003":"The application uses the color red and the word errors to increase urgency for non-urgent \"issues\",thereby misleading or scaring user to take action.\n","ACR-017":"The application's landing page fraudulently elevates its consumer trust level by displaying a unverifiable 5 star ratings,  endorsements and company logos.\n"},"samples":[{"isRevoked":"False","fileName":"tuneup360_full798.exe","isInstaller":"True","companyName":"Wondershare Software Co.,Ltd","productName":"TuneUp360","productVersion":"7.0.2.0","fileVersion":"7.0.2.0","hashMD5":"32bbdc7da136f9c4f672f973169cb635","hashSHA1":"a993361acbe6038edd9327d753ae18fae5dc3f17","hashSHA256":"0099ff8a7bacb1dd86151c6adb9b13aa02456c2186fce4f9f04fd53add466a85","digitalCertThumbprint":"B78229667AB70DC2993F3DF26B35FB29B9B3F793","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Wondershare Software Co., Ltd.","sourceIndex":"3724","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.google.com","landingPage":"http://www.tuneup360.com/","directDownloadingLink":"http://download.tuneup360.com/cbs_down/tuneup360_full798.exe","ipv4":"","ipv6":"","sourceIndex":"3724"}],"sampleFiles":[],"imageFiles":["171125/TuneUp360-171024/7.0.2/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","171125/TuneUp360-171024/7.0.2/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","171125/TuneUp360-171024/7.0.2/Images/ACR-017/ACR-017_LANDING_PAGE.PNG"],"nonDeceptorImageFiles":["171125/TuneUp360-171024/7.0.2/Images/ACR-065/ACR-065_INSTALL.PNG","171125/TuneUp360-171024/7.0.2/Images/ACR-170/ACR-170_SOFTWARE.PNG","171125/TuneUp360-171024/7.0.2/Images/ACR-159/ACR-159_LANDING_PAGE_SCREENSHOT_1.PNG","171125/TuneUp360-171024/7.0.2/Images/ACR-159/ACR-159_LANDING_PAGE_SCREENSHOT_2.PNG","171125/TuneUp360-171024/7.0.2/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","171125/TuneUp360-171024/7.0.2/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","171125/TuneUp360-171024/7.0.2/Images/ACR-017/ACR-017_LANDING_PAGE.PNG"],"guid":"b9b54eff-fc7a-4eb0-8f37-73d9442351b9_7.0.2_1","appID":"TuneUp360-171024","dateAdded":"171125","deceptorType":"App","name":"TuneUp360","company":"TuneUp360","version":"7.0.2","sigName":"Deceptor:Win32/TuneUp360!003","lastKnownStatus":"Deceptor:7.0.2","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2667},{"violations":{"ACR-003":"The application reports identified registry errors and file association problems with exaggerated numbers; used the colour gradient \"red\", and states the system urgency as high thereby misleading or scaring the user to take action.\n","ACR-017":"The internal offer page fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe landing page has no link to a webpage that shows how to uninstall the app.\n\nThe internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable logos such as Microsoft partner network and Mcafee. \n"},"samples":[{"isRevoked":"False","fileName":"Smart Speed up Windows.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"Smart Speed up Windows","productVersion":" 4.4.5","hashMD5":"2e53dec9e0461671cfcf6db8cf4e7923","hashSHA1":"131e6174a0dbefb707f9673a10a98fd3b173b1d0","hashSHA256":"c861e1ab5edd36af88ae87435f1c83abf27016aa554216090c7ed2b9bb603546","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3599","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search ","reference":"","landingPage":"http://www.lionsea.com/product_speedupwindowsfixerpro.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Speed_Up_Windows_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3599"}],"sampleFiles":["171125/SmartSpeedUpWindows-171124/4.4.5/Samples/Smart_Speed_Up_Windows_Pro_Setup.exe"],"imageFiles":["171125/SmartSpeedUpWindows-171124/4.4.5/Images/ACR-003/acr_003.PNG","171125/SmartSpeedUpWindows-171124/4.4.5/Images/ACR-017/acr_017_IO.PNG"],"nonDeceptorImageFiles":["171125/SmartSpeedUpWindows-171124/4.4.5/Images/ACR-017/acr_017.PNG"],"guid":"695042c4-5b43-4fb9-b0d7-b3244507e267_4.4.5_1","appID":"SmartSpeedUpWindows-171124","dateAdded":"171125","deceptorType":"App","name":"Smart Speed Up Windows","company":"LionSea Software co., ltd","version":"4.4.5","sigName":"Deceptor:Win32/SmartSpeedUpWindows!003017","lastKnownStatus":"Deceptor:4.4.5","lastKnownDate":"171124","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T03:08:34.7564097+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2522},{"violations":{"ACR-003":"The application uses the words 'errors and problems' to increase urgency for non-urgent \"issues”, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the Terms of Service and Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the Terms of Service and Returns and Cancellation Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-171":"The application's internal offer webpage has an additional offer option pre-selected.\n","ACR-003":"The application uses the words 'errors and problems' to increase urgency for non-urgent \"issues”, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"ErrorTeck_setup.exe","isInstaller":"True","companyName":"SolidQuest Inc.","productName":"ErrorTeck","hashMD5":"cbfaf3ba67f30d8dcf6148227c669f85","hashSHA1":"d1d2d6b9b07375f6896f9c51bf924f3f123b2587","hashSHA256":"d4717ac559b2e4573e33cba6631fccc144f75d19d992ebb71639ad8ed9afcae9","digitalCertThumbprint":"CFE98957B9D76364F30FCB494515DC4BFF18D514","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SolidQuest Inc.","sourceIndex":"3749","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com(speed up my pc)","landingPage":"http://www.errorteck.com/","directDownloadingLink":"http://www.errorteck.com/setup/ErrorTeck_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3749"}],"sampleFiles":[],"imageFiles":["171125/ErrorTeck-171122/1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","171125/ErrorTeck-171122/1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["171125/ErrorTeck-171122/1.8/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","171125/ErrorTeck-171122/1.8/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG","171125/ErrorTeck-171122/1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","171125/ErrorTeck-171122/1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG"],"guid":"0d52ff58-21a4-43d3-97f1-0770e1d8e02f_1.8_1","appID":"ErrorTeck-171122","dateAdded":"171125","deceptorType":"App","name":"ErrorTeck","company":"SolidQuest Inc.","version":"1.8","sigName":"Deceptor:Win32/ErrorTeck!003","lastKnownStatus":"Deceptor:1.8","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2671},{"violations":{"ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\nThe application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA.\nThe application's internal offer webpage has no link to a website that shows the EULA.\n","ACR-161":"The landing page has user reviews that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\nAfter uninstalling the application a webpage loads that provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's internal offer webpage provides one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-092":"The application has no digital signature (unsigned).\n","ACR-160":"The application does not use a certified call center to monetize the app. Contacted the phone number 1-800-256-3286 provided by Disk Tuner and got the customer support for the product Garcina Cambogia dietary supplement.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"disk_tuner.exe","isInstaller":"True","companyName":"Safeapzz","productName":"Disk Tuner","productVersion":"1.0.0.0","hashMD5":"2e4a1418dd5c1bfde0420f0fd4ce040c","hashSHA1":"ecf133b5b95b5cb5a5644b90def6755f51474514","hashSHA256":"ad07ee8ead48c2afba21ba18a30d8ad9d1835a3763ab0185b607e39525660c22","sourceIndex":"3312","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Kaspersky Internet Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Windows Defender (20190131)","Norton Security (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","Webroot SecureAnywhere (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"google.com(fix my pc)","landingPage":"https://safeapzz.com/read_more_disk_tuner.aspx","directDownloadingLink":"https://safeapzz.com/software/disk_tuner/disk_tuner.exe","ipv4":"","ipv6":"","sourceIndex":"3312"}],"sampleFiles":["171125/DiskTuner-171116/1.0.0.0/Samples/disk_tuner.exe"],"imageFiles":["171125/DiskTuner-171116/1.0.0.0/Images/ACR-168/ACR_168_SOFTWARE.PNG","171125/DiskTuner-171116/1.0.0.0/Images/ACR-168/ACR_168_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["171125/DiskTuner-171116/1.0.0.0/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_1.PNG","171125/DiskTuner-171116/1.0.0.0/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_2.PNG","171125/DiskTuner-171116/1.0.0.0/Images/ACR-161/ACR_161_LANDING_PAGE_SCREENSHOT_3.PNG","171125/DiskTuner-171116/1.0.0.0/Images/ACR-163/ACR_163_SOFTWARE.PNG","171125/DiskTuner-171116/1.0.0.0/Images/ACR-163/ACR_163_UNINSTALL.PNG","171125/DiskTuner-171116/1.0.0.0/Images/ACR-163/ACR_163_INTERNAL_OFFERS.PNG","171125/DiskTuner-171116/1.0.0.0/Images/ACR-168/ACR_168_LANDING_PAGE.PNG"],"guid":"1eaed265-fa8a-4488-b9a1-1b3ec751c071_1.0.0.0_1","appID":"DiskTuner-171116","dateAdded":"171125","deceptorType":"App","name":"Disk Tuner","company":"Safeapzz","version":"1.0.0.0","sigName":"Deceptor:Win32/DiskTuner!168","lastKnownStatus":"Deceptor:1.0.0.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:09:11.4765037+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2673},{"violations":{"ACR-003":" The application exaggerates scanned items as an error or a problem, application also displays a message stating problems would cause a decrease in PC stability and proformance thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe internal offer page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe landing page has no link to a webpage that shows how to uninstall the app.\n\nThe internal offer page has no link to a webpage that shows how to uninstall the app.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.The return policy is determined and differs based on the subscription chosen by the consumer .Below shows the refund policy offered:\nFor 7-Day Trial : This plan comes with a 7-day money back guarantee. You can get full money back within 7 days of purchase.\nFor Monthly and Yearly Subscription : These 2 plans come with a 14-day money back guarantee. You can get full money back within 14 days of purchase. \n\n"},"samples":[{"isRevoked":"False","fileName":"DLLSuite.exe","isInstaller":"True","companyName":"Beijing VSK Soft Development Co.,Ltd","productName":"DLLSuite","productVersion":"9.0.0.0","fileVersion":"9.0.0.14","hashMD5":"cfa1e59ac4c3c4665806023d04fd6a3e","hashSHA1":"c0fec10f5e7c6fc17ecabb2a8404680cef6ff85b","hashSHA256":"cfab3452edbf4f726294fe0d11e0459390823551862607439acd7d87b03a5eef","digitalCertThumbprint":"49B76C0AD6085E2F7385644F36CECC09F320BCF4","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Beijing VSK Soft Development Co.,Ltd","sourceIndex":"3457","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DLLSuite_12122018.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"028803be6da59bad65401494cf95ed69","hashSHA1":"0a4bd6f9afdd1c56ed504d6f0c36b36a241c32ca","hashSHA256":"4f35d89575e04eadc65726f02232ce827bb30c5a5be3b49dd87ad7142779208e","digitalCertThumbprint":"49B76C0AD6085E2F7385644F36CECC09F320BCF4","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=\"Beijing VSK Soft Development Co.,Ltd\", OU=IT, O=\"Beijing VSK Soft Development Co.,Ltd\", L=Beijing, S=Beijing, C=CN","sourceIndex":"3457","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.vsksoft.com/","directDownloadingLink":"http://www.vsksoft.com/software/DLLSuite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.vsksoft.com/software/DLLSuite.exe","sourceIndex":"3457"}],"sampleFiles":["171124/DLLSuite-171116/9.0/Samples/DLLSuite.exe","171124/DLLSuite-171116/9.0/Samples/DLLSuite_12122018.exe"],"imageFiles":["171124/DLLSuite-171116/9.0/Images/ACR-003/acr_003.PNG"],"nonDeceptorImageFiles":["171124/DLLSuite-171116/9.0/Images/ACR-167/refund.PNG"],"guid":"1626e29a-d926-4428-9e2c-48b09f84dfdf_9.0_1","appID":"DLLSuite-171116","dateAdded":"171124","deceptorType":"App","name":"Dll Suite","company":"Beijing VSK Soft Development Co.,Ltd","version":"9.0","sigName":"Deceptor:Win32/DllSuite!003","lastKnownStatus":"Deceptor:9.0","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2674},{"violations":{"ACR-003":"The application reports identified registry errors and file association problems with exaggerated numbers; used the colour gradient \"red\", and states the system urgency as high thereby misleading or scaring the user to take action.\n\n","ACR-017":"The internal offer page fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe application has no link to a webpage that shows how to uninstall the app.\n\nThe application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n\n"},"samples":[{"isRevoked":"False","fileName":"Smart Appcrash Fixer Pro.exe","isInstaller":"True","companyName":"LionSea Software co., ltd","productName":"Smart Appcrash Fixer Pro","productVersion":"4.3.1","fileVersion":"1.0.0.1","hashMD5":"155f009138688afe65a4758bbf15de36","hashSHA1":"fc13fda73dd017e4e3f0c6d1206698c4e9b7b5bb","hashSHA256":"afe8f4f995625bb3eaef20eb49631d225c80ed319dbe67b5f49bb0ad6db93351","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3598","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.lionsea.com/product_appcrashfixerpro.php","directDownloadingLink":"http://www.lionsea.com/download/fixer/Smart_Appcrash_Fixer_Pro_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3598"}],"sampleFiles":["171124/AppcrashFixer-171117/4.3.1/Samples/Smart_Appcrash_Fixer_Pro_Setup.exe"],"imageFiles":["171124/AppcrashFixer-171117/4.3.1/Images/ACR-003/acr_003.PNG","171124/AppcrashFixer-171117/4.3.1/Images/ACR-017/acr_017.PNG"],"nonDeceptorImageFiles":["171124/AppcrashFixer-171117/4.3.1/Images/ACR-017/acr_017_LP.PNG"],"guid":"dafdfe7a-0e38-48bc-8d70-cc1da9e60722_4.3.1_1","appID":"AppcrashFixer-171117","dateAdded":"171124","deceptorType":"App","name":"Smart Appcrash Fixer Pro","company":"LionSea Software co., ltd","version":"4.3.1","sigName":"Deceptor:Win32/SmartAppcrashFixerPro!003017","lastKnownStatus":"Deceptor:4.3.1","lastKnownDate":"171117","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows Vista,Windows 8,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T03:09:20.5483342+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2523},{"violations":{"ACR-043":"One or more third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which allows the consumer to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which allows the consumer to make an informed decision whether to accept or decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"DriverTalent_setup.exe","isInstaller":"True","companyName":"OSToto Co. Ltd.","productName":"Driver Talent","productVersion":"6.5.56.164","fileVersion":"6.5.56.164","hashMD5":"5adce8282f6c9fd837c1cfc5047a31b7","hashSHA1":"dc92a06aa067794266d63660b523e9864b2aea52","hashSHA256":"4ad5640133b0da9e2e5c5514c1aef41dceb4b10aa424af6d734160d4b117d906","digitalCertThumbprint":"1439D6BD763B63B3FCDA5393B1998A17EAA7898B","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"OSTOTO CO. LIMITED","sourceIndex":"3784","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.drivethelife.com/","directDownloadingLink":"http://www.drivethelife.com/free-drivers-download-utility.html","ipv4":"","ipv6":"","sourceIndex":"3784"}],"sampleFiles":[],"imageFiles":["171124/D-K7-DriverTalent-171024/6.5.56.164/Images/ACR-043/ACR-043_Install_ThirdParty_Components.JPG","171124/D-K7-DriverTalent-171024/6.5.56.164/Images/ACR-016/ACR-016_AdsInsideApp_Leads_To_Downloads.JPG","171124/D-K7-DriverTalent-171024/6.5.56.164/Images/ACR-016/ACR-016_AdsInsideApp_Leads_To_Downloads.mp4"],"nonDeceptorImageFiles":["171124/D-K7-DriverTalent-171024/6.5.56.164/Images/ACR-016/ACR-016_AdsInsideApp_Leads_To_Downloads.JPG","171124/D-K7-DriverTalent-171024/6.5.56.164/Images/ACR-016/ACR-016_AdsInsideApp_Leads_To_Downloads.mp4"],"guid":"7a320163-c3e2-45f8-be44-3425ee44a7db_6.5.56.164_1","appID":"D-K7-DriverTalent-171024","dateAdded":"171124","deceptorType":"App","name":"Driver Talent","company":"OSToto Co. Ltd.","version":"6.5.56.164","sigName":"Deceptor:Win32/DriverTalent!016043","firstVendorContactDate":"171213","firstAppEsteemReplyDate":"171213","firstResolvedDate":"171221","firstResolvedVersion":"6.5.61.174","resolved":"TRUE","lastKnownStatus":"Deceptor:6.5.56.164","lastKnownDate":"171123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid","lastUpdate":"2018-02-15T00:20:56.9180433+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2675},{"violations":{"ACR-003":"The application exaggerates registry keys as an error or a problem, thereby misleading or scaring user to take action. The application reports identified errors or problems with exaggerated numbers, thereby misleading or scaring the user to take action\"\n\n","ACR-007":"The application pretends to be another vendor's or platform app to dupe the user into taking some action based on a misplaced trust level.The applications icons resembles the windows icon.\n\nThe application pretends to be another vendor's or platform app to dupe the user into taking some action based on a misplaced trust level.The applications icons resembles the windows icon.\n\nThe application pretends to be another vendor's or platform app to dupe the user into taking some action based on a misplaced trust level.The applications icons resembles the windows icon.\n\n","ACR-017":"The application fraudently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.Unable to disable pop-up within the app that's informing consumer of problems found.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\nThe internal offer page has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\n\nThe application has no link to a webpage that shows how to uninstall the app.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-003":"The application exaggerates registry keys as an error or a problem, thereby misleading or scaring user to take action. The application reports identified errors or problems with exaggerated numbers, thereby misleading or scaring the user to take action\"\n\n","ACR-007":"The application pretends to be another vendor's or platform app to dupe the user into taking some action based on a misplaced trust level.The applications icons resembles the windows icon.\n\nThe application pretends to be another vendor's or platform app to dupe the user into taking some action based on a misplaced trust level.The applications icons resembles the windows icon.\n\n","ACR-017":"The application fraudently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n\nThe application fraudently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n"},"samples":[{"isRevoked":"False","fileName":"WindowsClear.exe","isInstaller":"True","companyName":"WeiSiTianYu Software Develop Service Center","productName":"WindowsClear","productVersion":"5.2.6.335","fileVersion":"5.2.6.335","hashMD5":"66d440ff3e6544bc57dd82b07b033151","hashSHA1":"8e46b8bf5d8a5cf5963ffe7b596cfdf566736b4f","hashSHA256":"9688579cf3bf6b5d5b97c41786aef46c44713ee0c0bfdff924dc679e5086a7c4","digitalCertThumbprint":"0FE4D2B962A69A9A32A71BD92730EE2E13C425B4","digitalCertIssuer":"WoSign Code Signing Authority","digitalCertIssuedTo":"WeiSiTianYu Software Develop Service Center","sourceIndex":"3750","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"","directDownloadingLink":"http://www.windowsclear.com/Download/WindowsClear.exe","ipv4":"","ipv6":"","landingPageWildChar":"http://www.windowsclear.com/downloadoptions.php","sourceIndex":"3750"}],"sampleFiles":["171123/WindowsClear-171121/5.2.6.335/Samples/WindowsClear.exe"],"imageFiles":["171123/WindowsClear-171121/5.2.6.335/Images/ACR-003/acr_003.1.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-003/acr_003.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/ACR_007_dC.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/ACR_007_IO.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/ACR_007_LP.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/acr_007_IL.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/acr_007.SW.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-017/acr_017_LP.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-017/acr_017_LP.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-017/acr_017_io.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-017/acr_017_LP.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-084/acr_003.1.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["171123/WindowsClear-171121/5.2.6.335/Images/ACR-003/acr_003.1.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-003/acr_003.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/ACR_007_dC.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/ACR_007_IO.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/ACR_007_LP.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/acr_007_IL.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-007/acr_007.SW.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-017/acr_017_LP.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-017/acr_017_LP.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-017/acr_017_io.PNG","171123/WindowsClear-171121/5.2.6.335/Images/ACR-017/acr_017_LP.PNG"],"guid":"4db6e120-526e-4995-9ef2-12d1e5d65d0f_5.2.6.335_1","appID":"WindowsClear-171121","dateAdded":"171123","deceptorType":"App","name":"WindowsClear","company":"WeiSiTianYu Software Develop Service Center","version":"5.2.6.335","sigName":"Deceptor:Win32/WindowsClear!003007017084","lastKnownStatus":"Deceptor:5.2.6.335","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2676},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys, browser history and junk files as errors, thereby misleading or scaring the user to take action.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake or unverifiable endorsements. The awards presented by the software are unable to be verified as they are not clickable.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the landing page.\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer.\n","ACR-161":"The application has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial. The app has no mention of a 30 day money back guarantee.\n","ACR-092":"The application does not have a digital signature. (unsigned)\n","ACR-099":"The application has no link or information that shows how to uninstall the app.\n\nThe application has no link or information that shows how to uninstall the app on the internal offer.\n\n","ACR-035":"No EULA/Terms of Service, Returns and Cancellation Policy is provided for the app.\n\n","ACR-036":"No EULA/Terms of Service, Returns and Cancellation Policy is provided for the app.\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n","ACR-150":"The app displays logos or awards that are unable to be verified.\n\nThe app displays logos or awards that are unable to be verified.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake or unverifiable endorsements. The awards presented by the software are unable to be verified as they are not clickable.\n"},"samples":[{"isRevoked":"False","fileName":"FastPCTweaker.exe","isInstaller":"True","companyName":"PCTweaker Technologies","productName":"Fast PC Tweaker","productVersion":"2.5.0.1","fileVersion":"2.5.0.1","hashMD5":"32e5ada6d3f2eedcb9e85fa5250efdea","hashSHA1":"e12fd3473f69640daeb60276eb45c4c63856d1ed","hashSHA256":"d2c06ca50a1a3ea75d21265fecf51b52f19ff110e410c02bbd4beb405e911c65","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3313","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org (pc tweak)","landingPage":"http://www.fastpctweaker.com/","directDownloadingLink":"http://www.fastpctweaker.com/FastPCTweaker_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3313"}],"sampleFiles":["171123/FastPCTweaker-171121/2.5.0.1/Samples/FastPCTweaker_Setup.exe"],"imageFiles":["171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-003/ACR-003_software.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-003/ACR-003_software1.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-003/ACR-003_software2.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-003/ACR-003_software3.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-017/ACR-017_internaloffer.JPG"],"nonDeceptorImageFiles":["171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-065/ACR-065_install.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-065/ACR-065_software.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-065/ACR-065_landingpage.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-065/ACR-065_internaloffer.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-017/ACR-017_landingpage.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-161/ACR-161_landingpage.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-161/ACR-161_landingpage1.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-170/ACR-170_software.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-091/ACR-091_software.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-092/ACR-092_software.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-150/ACR-150_landingpage.JPG","171123/FastPCTweaker-171121/2.5.0.1/Images/ACR-150/ACR-150_internaloffer.JPG"],"guid":"e672ff60-5a6a-4d80-a11a-d2e4f926e094_2.5.0.1_1","appID":"FastPCTweaker-171121","dateAdded":"171123","deceptorType":"App","name":"Fast PC Tweaker","company":"PCTweaker Technologies","version":"2.5.0.1","sigName":"Deceptor:Win32/PCFastTweaker!003017","lastKnownStatus":"Deceptor:2.5.0.1","lastKnownDate":"171121","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:08:24.7082925+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2677},{"violations":{"ACR-003":"The application uses the color red and the word errors to increase urgency for non-urgent \"issues”, thereby misleading or scaring user to take action. The application keep showing more errors each time a new scan is started after fixing them.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying an unverifiable Intel Software Partner logo.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"The application has no certificate information (unsigned)\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get a lower price for the same program.\n","ACR-064":"The application's landing page has the download button displayed as \"Free Scan Your PC Now for Errors\" instead of using the word Download.\n","ACR-171":"The application's internal offer webpage has an additional offer option pre-selected.\n","ACR-017":"The application's landing page fraudulently elevates its consumer trust level by displaying an unverifiable Intel Software Partner logo.\n"},"samples":[{"isRevoked":"False","fileName":"easytweaker_setup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"780b58e0c4dab44689f6d5c9bb22c00d","hashSHA1":"4b3659d0f9305a2ee8af2f913648ea2475cd850a","hashSHA256":"6be4781854d6efbea46c6ac3a9c981b729bb59094a1a4445980c506bf471d38e","sourceIndex":"3314","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com(speed up my computer)","landingPage":"http://www.easytweaker.com/","directDownloadingLink":"http://www.easytweaker.com/easytweaker_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3314"}],"sampleFiles":[],"imageFiles":["171123/EasyTweaker-171120/2.1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","171123/EasyTweaker-171120/2.1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","171123/EasyTweaker-171120/2.1.8/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_3.PNG","171123/EasyTweaker-171120/2.1.8/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["171123/EasyTweaker-171120/2.1.8/Images/ACR-161/ACR_017_INTERNAL_OFFERS.PNG","171123/EasyTweaker-171120/2.1.8/Images/ACR-017/ACR_017_LANDING_PAGE.PNG","171123/EasyTweaker-171120/2.1.8/Images/ACR-120/ACR_120_UNINSTALL.PNG","171123/EasyTweaker-171120/2.1.8/Images/ACR-064/ACR_064_LANDING_PAGE.PNG","171123/EasyTweaker-171120/2.1.8/Images/ACR-171/ACR_171_INTERNAL_OFFERS.PNG"],"guid":"15ead270-afb3-48d1-86af-89ae9d942a9f_2.1.8_1","appID":"EasyTweaker-171120","dateAdded":"171123","deceptorType":"App","name":"Easy Tweaker","company":"EasyTweaker.com","version":"2.1.8","sigName":"Deceptor:Win32/EasyTweaker!003017","lastKnownStatus":"Deceptor:2.1.8","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:07:56.4160695+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2678},{"violations":{"ACR-046":"The application does not display the Disclosures and options that clearly demonstrates how to enable or disable additional options.\n","ACR-003":"The application uses the word problems to increase urgency for non-urgent \"issues”, the application also states that \"The problems would cause decreased PC stability and performance\" thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the EULA, Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's landing page has no link to the EULA and/or Terms of Service, Returns and Cancellation Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-035":"The application's Privacy Policy, Terms of Use, Refunds & Returns does not include the name of the App and contact information for the source.\n","ACR-167":"The application's returns and cancellation policy does not provide a 30-day money back guarantee only a 14 days refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"DllTool.exe","isInstaller":"True","productName":"DLL Tool","productVersion":"2.0","hashMD5":"660b0490504e73a4ad82cfe0a45889c8","hashSHA1":"faa8bbd11a49ec2f09f8621db2cef0ba7ebf6df3","hashSHA256":"71543fac7e2cfce0ce5f31e5ed3da4041ad050b74c94b96beabf874fe2aaadf2","digitalCertThumbprint":"49B76C0AD6085E2F7385644F36CECC09F320BCF4","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Beijing VSK Soft Development Co.,Ltd","sourceIndex":"3497","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DllTool_12122018.exe","isInstaller":"True","productName":"","productVersion":"2.0","fileVersion":"0.0","hashMD5":"7a3026cfe1e52faf2f6a80b0d473d7f1","hashSHA1":"596e107d7dcde6786d9105ed46a2054bb049612c","hashSHA256":"96fcd00eae68d7f7b35302c07c075d5d35c515af17f26902ee86fde0f34edd6b","sourceIndex":"3497","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com(fix my computer)","landingPage":"http://www.dlltool.com/","directDownloadingLink":"http://www.dlltool.com/download/DllTool.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.dlltool.com/download/DllTool.exe","sourceIndex":"3497"}],"sampleFiles":["171123/DLLTool-171121/2.0/Samples/DllTool.exe","171123/DLLTool-171121/2.0/Samples/DllTool_12122018.exe"],"imageFiles":["171123/DLLTool-171121/2.0/Images/ACR-046/ACR_046_INSTALL_SCREENSHOT_1.PNG","171123/DLLTool-171121/2.0/Images/ACR-046/ACR_046_INSTALL_SCREENSHOT_2.PNG","171123/DLLTool-171121/2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","171123/DLLTool-171121/2.0/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["171123/DLLTool-171121/2.0/Images/ACR-167/ACR_167_DOCS.PNG"],"guid":"b759149c-06e0-42cd-8a43-7e6fbdeb0243_2.0_1","appID":"DLLTool-171121","dateAdded":"171123","deceptorType":"App","name":"DLL Tool","company":"www.dlltool.com","version":"2.0","sigName":"Deceptor:Win32/DllTool!003046","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2679},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent and schedule cannot be disabled from the software's interface.\n\n"},"nonDeceptorViolations":{"ACR-065":"The application has no links to show the apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install\nThe application has no links to show the apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer page.\nThe application has no links to show the apps EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-002":"The app's name is not consistent within the app's EULA. The app is referred to as 'registrynurse' and also 'registrymender' which is confusing.\n","ACR-161":"The application has testimonials but have no links back to the source so they cannot be verified.\n","ACR-092":"The app has no digital signature (unsigned)\n","ACR-099":"No uninstall information is provided on the software.\nNo uninstall information is provided on the landing page.\nNo uninstall information is provided on the internal offer page.\n"},"samples":[{"isRevoked":"False","fileName":"Registrymender.exe","isInstaller":"True","companyName":"RegistryMender Computer Service, Ltd.","productName":"RegistryMender","productVersion":"3.0.0.0","fileVersion":"3.0.0.0","hashMD5":"6a79d9cddf35d9c6d761e6c0ee2664b5","hashSHA1":"94efb6dfa83496f2ca841e303ec6362f3b89c263","hashSHA256":"f0225a84ba971f78d90683b918b5571eb47b096cb4d8d0a5c76260426756b318","digitalCertThumbprint":"Unsigned","digitalCertIssuer":"Unsigned","digitalCertIssuedTo":"Unsigned","sourceIndex":"3315","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search ","reference":"www.yahoo.com (Registry repair)","landingPage":"http://www.registrymender.com/","directDownloadingLink":"http://www.registrymender.com/download/RegistryMender_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.registrymender.com/download/RegistryMender_setup.exe","sourceIndex":"3315"}],"sampleFiles":["171121/RegistryMender-171115/3.0.0.0/Samples/RegistryMender_setup 1.9.2018.exe"],"imageFiles":["171121/RegistryMender-171115/3.0.0.0/Images/ACR-003/ACR-003_software.JPG","171121/RegistryMender-171115/3.0.0.0/Images/ACR-084/ACR-084_software.JPG","171121/RegistryMender-171115/3.0.0.0/Images/ACR-084/ACR-084_software1.JPG"],"nonDeceptorImageFiles":["171121/RegistryMender-171115/3.0.0.0/Images/ACR-065/ACR-065_install.JPG","171121/RegistryMender-171115/3.0.0.0/Images/ACR-065/ACR-065_internal_offer.JPG","171121/RegistryMender-171115/3.0.0.0/Images/ACR-065/ACR-065_software.JPG","171121/RegistryMender-171115/3.0.0.0/Images/ACR-002/ACR-002_doc.JPG","171121/RegistryMender-171115/3.0.0.0/Images/ACR-161/ACR-161_landing_page.JPG"],"guid":"5a6be2ae-7ec8-42c0-8292-f5608d789da5_3.0.0.0_1","appID":"RegistryMender-171115","dateAdded":"171121","deceptorType":"App","name":"RegistryMender","company":"RegistryMender Computer Service, Ltd.","version":"3.0.0.0","sigName":"Deceptor:Win32/RegistryMender!003","lastKnownStatus":"Deceptor:3.0.0.0","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-24T00:07:18.0234634+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2680},{"violations":{"ACR-003":"The application uses the word Problems to increase urgency for non-urgent \"issues\",thereby misleading or scaring user to take action.\n","ACR-124":"The application prompts during uninstall stating that consumer can get application for free and then after declining the offer a second prompt shows saying send a Feedback.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to the EULA and privacy policy information.\nThe application has no link to webpage that shows the EULA and privacy policy information.\n","ACR-161":"The landing page has customer testimonials that has no links back to the sources so consumers can verify if they're real.\n","ACR-092":"The installed application has a different publisher name than what is located in the certification information of the app.\n","ACR-099":"The application's internal offer page has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"The application prompts during uninstall stating that consumer can get the same app for free with TrialPay.\n","ACR-167":"The application's EULA and Privacy policy has no mention of a 30 day refund policy.\n"},"samples":[{"isRevoked":"False","fileName":"registry-clean-expert.exe","isInstaller":"True","companyName":"iExpert","productName":"Registry Clean Expert","productVersion":"4.9.0.0","fileVersion":"4.9.0.0","hashMD5":"f7daee5fa592411be6703c2cac95966f","hashSHA1":"c2076ae606fe29a11f72c95f874827ff15a7be88","hashSHA256":"b719536b36b9b434630dee2e9c512c48588adeb382debfceb44b4d3b26cacc58","digitalCertThumbprint":"85AE07AF3AE422710D7E4D8FD84A54C86300B53C","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"CleanMyPC Technology Limited","sourceIndex":"3316","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.google.com","landingPage":"http://www.registry-clean.net/","directDownloadingLink":"http://update.registry-clean.net/download/registry-clean-expert.exe","ipv4":"","ipv6":"","sourceIndex":"3316"}],"sampleFiles":["171121/RegistryCleanExpert-171025/4.9.0.0/Samples/registry-clean-expert.exe"],"imageFiles":["171121/RegistryCleanExpert-171025/4.9.0.0/Images/ACR-003/ACR-003_SOFTWARE.PNG","171121/RegistryCleanExpert-171025/4.9.0.0/Images/ACR-124/ACR-124_UNINSTALL_PROMPT_2.PNG","171121/RegistryCleanExpert-171025/4.9.0.0/Images/ACR-124/ACR_124_UNINSTALL_PROMPT_1.PNG"],"nonDeceptorImageFiles":["171121/RegistryCleanExpert-171025/4.9.0.0/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","171121/RegistryCleanExpert-171025/4.9.0.0/Images/ACR-065/ACR-065_INSTALL.PNG","171121/RegistryCleanExpert-171025/4.9.0.0/Images/ACR-092/ACR-092_SOFTWARE.PNG","171121/RegistryCleanExpert-171025/4.9.0.0/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"a5ec11f8-275d-4a38-873f-99e5b763abe8_4.9.0.0_1","appID":"RegistryCleanExpert-171025","dateAdded":"171121","deceptorType":"App","name":"Registry Clean Expert","company":"iExpert Software.","version":"4.9.0.0","sigName":"Deceptor:Win32/RegistryCleanExpert!003","lastKnownStatus":"Deceptor:4.9.0.0","lastKnownDate":"171025","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2019-01-24T00:06:38.6577781+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2681},{"violations":{"ACR-003":"The app exaggerates registry issues as an error ,and does not provide a detailed report of files to review \"system items\". \n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake, unverifiable or expired endorsements\nThe app fraudulently elevates its consumer trust level by displaying fake, unverifiable or expired endorsements\n","ACR-168":"1.The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n2.The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\K7User\\Desktop\\PCFixSpeedSetup.exe","isInstaller":"True","companyName":"Crawler Group","productName":"PC Fix Speed","productVersion":"2.2.0.107","fileVersion":"2.2.0.107","hashMD5":"d4fa4a3e057f64760e53c4870e5b975d","hashSHA1":"0dee845f462b2ea4a6c98e7f487995043e26d750","hashSHA256":"efdab215613921ba21ef03159844558731a63a7d0d8d3cef5418be43dc1da37d","digitalCertThumbprint":"8671915258CA6BD614603E42073B0942113AB754","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Crawler Group LLC","sourceIndex":"3317","avBlockList":["Avast Internet Security (20190131)","AVG Internet Security (20190131)","Avira Internet Security (20190131)","ESET Internet Security (20190131)","G DATA INTERNET SECURITY (20190131)","K7 Total Security (20190131)","Malwarebytes Premium (20190131)","McAfee Total Protection (20190131)","Norton Security (20190131)","Panda Dome (20190131)","Sophos Home Premium (20190131)","Trend Micro Internet Security (20190131)","VirIT eXplorer PRO (20190131)","Webroot SecureAnywhere (20190131)"],"avAllowList":["Bitdefender Internet Security (20190131)","Windows Defender (20190131)"]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.pcfixspeed.com/registrycleaner/productdetail.aspx","directDownloadingLink":"http://www.pcfixspeed.com/dnl/config/42/PCFixSpeedSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3317"}],"sampleFiles":["171120/D-K7-PCFixSpeed-171113/2.2.0.107/Samples/PCFixSpeedSetup.exe"],"imageFiles":["171120/D-K7-PCFixSpeed-171113/2.2.0.107/Images/ACR-003/ACR-003_software_Exaggeration(3).JPG","171120/D-K7-PCFixSpeed-171113/2.2.0.107/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171120/D-K7-PCFixSpeed-171113/2.2.0.107/Images/ACR-003/ACR-003_Software_NoOption_ToReview_Files.JPG","171120/D-K7-PCFixSpeed-171113/2.2.0.107/Images/ACR-003/ACR-003_Software_Exaggeration.mp4","171120/D-K7-PCFixSpeed-171113/2.2.0.107/Images/ACR-017/ACR-017_InternalOffers_MisleadingLogo.JPG","171120/D-K7-PCFixSpeed-171113/2.2.0.107/Images/ACR-017/ACR-017_Software_MisleadingLogo.JPG","171120/D-K7-PCFixSpeed-171113/2.2.0.107/Images/ACR-168/ACR-168_Software_NoEqual_Prominence.JPG"],"nonDeceptorImageFiles":[],"guid":"64061b02-e075-4658-b685-729eb5e287da_2.2.0.107_1","appID":"D-K7-PCFixSpeed-171113","dateAdded":"171120","deceptorType":"App","name":"PC Fix Speed","company":"Crawler Group LLC","version":"2.2.0.107","sigName":"Deceptor:Win32/PCFixSpeed!003017168","lastKnownStatus":"Deceptor:2.2.0.107","lastKnownDate":"190123","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-24T00:06:08.0429827+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2682},{"violations":{"ACR-043":"One or more third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page\n","ACR-048":"The option to select/deselect the startup-on-logon is disabled \n","ACR-003":"The app reports identified \"Shared DLL\", \"Temp Files\" and \"Thumbnail\" as issues with exaggerated numbers and raises the urgency level as \"HIGH\" system impact issue, thereby misleading or scaring the consumer to take action\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"EasyCleanPCSetup@g#source=hp1.exe","isInstaller":"True","companyName":"Easy Clean PC","productName":"Easy Clean PC","productVersion":"3.2.0","fileVersion":"3.2.0","hashMD5":"d581628970f63f3925a543b02af8e5d3","hashSHA1":"ccd16707d8f58b892eaf8d97231f0e4fdad7ac43","hashSHA256":"e581aadf2d234aa27e7e79b53d6f808b61782efecd357a6a6220d59287e77856","digitalCertThumbprint":"E581AADF2D234AA27E7E79B53D6F808B61782EFECD357A6A6220D59287E77856","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"MB Media LLC","sourceIndex":"3014","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"https://easycleanpc.com/","directDownloadingLink":"https://easycleanpc.com/startscan","ipv4":"","ipv6":"","sourceIndex":"3014"}],"sampleFiles":["171120/D-K7-EasyCleanPc-171120/3.2.0/Samples/EasyCleanPCSetup@g#source=hp1.exe"],"imageFiles":["171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-003/ACR-003_Software_Exaggerates_Count.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-003/ACR-003_Software_Exaggerates_Raises_Urgency_At_High.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLLs.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-003/ACR-003_Software_Exaggerates_SystemHealthStatus_As_Urgent.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-003/ACR-003_Software_Exaggerates_SystemHealthStatus_As_Urgent1.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-003/ACR-003_Software_Exaggerates_TempFiles.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-003/ACR-003_Software_Exaggerates_Thumbnails.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-003/ACR-003_Software_Exaggerates_Count.mp4","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-043/ACR-043_Install_Third_Party_Components_Without_The_Consumers_Knowledge.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-048/ACR-048_Software_Doesn't_Provide_Control_To_The_Consumer.JPG","171120/D-K7-EasyCleanPc-171120/3.2.0/Images/ACR-084/ACR-084_Software_Schedule_Scan_Without_The_Consumer_Knowledge.JPG"],"nonDeceptorImageFiles":[],"guid":"094b89e2-4f1d-4630-9bc4-a218ab74ca78_3.2.0_1","appID":"D-K7-EasyCleanPc-171120","dateAdded":"171120","deceptorType":"App","name":"EasyCleanPC","company":"EasyCleanPC","version":"3.2.0","sigName":"Deceptor:Win32/EasyCleanPC!003043048084","lastKnownStatus":"Deceptor:3.2.0","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-06-06T21:16:42.5467822+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2683},{"violations":{"ACR-003":"The app exaggerates \"Shared DLLs and Recent Docs\" as an errors, thereby misleading or scaring consumer to take action \n"},"nonDeceptorViolations":{"ACR-003":"The app exaggerates \"Shared DLLs and Recent Docs\" as an errors, thereby misleading or scaring consumer to take action \n"},"samples":[{"isRevoked":"False","fileName":"SimnetRegistryRepair2011.exe","isInstaller":"True","companyName":"Simnet Ltd.","productName":"Simnet Registry Repair","productVersion":"","fileVersion":"","hashMD5":"ba5db80005757cd08f6a711fe417c08e","hashSHA1":"27a397c85a3c0d92a3111d76b2dd611862cf8c08","hashSHA256":"82bd1e7b7b19ecb5952b0908926b6fdf10be82663e86b1cbeadd0b24726b2660","digitalCertThumbprint":"4C6F54803A0F2ACAF1972FE7AB16177DF5F30756","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Simnet Bilgisayar Yazilim Hiz. San. ve Tic. Ltd. Sti.","sourceIndex":"3792","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.simnetsoftware.com/products/simnet-registry-repair.html","directDownloadingLink":"http://www.simnetsoftware.com/products/downloads/simnet-registry-repair.html","ipv4":"","ipv6":"","sourceIndex":"3792"}],"sampleFiles":["171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Samples/SimnetRegistryRepair2011.exe"],"imageFiles":["171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Images/ACR-003/ACR-003_Software_Exaggeration(2).JPG","171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Images/ACR-003/ACR-003_Software_Exaggeration(3).JPG","171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Images/ACR-003/ACR-003_Software_Exaggeration.mp4"],"nonDeceptorImageFiles":["171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Images/ACR-003/ACR-003_Software_Exaggeration(2).JPG","171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Images/ACR-003/ACR-003_Software_Exaggeration(3).JPG","171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171119/D-K7-SimnetRegistryRepair-171115/3.1.1.2/Images/ACR-003/ACR-003_Software_Exaggeration.mp4"],"guid":"bfe5a6eb-e7b5-4832-83e7-53eeea8cbf25_3.1.1.2_1","appID":"D-K7-SimnetRegistryRepair-171115","dateAdded":"171119","deceptorType":"App","name":"Simnet Registry Repair","company":"Simnet Ltd.","version":"3.1.1.2","sigName":"Deceptor:Win32/SimnetRegistryRepair!003","lastKnownStatus":"Deceptor;3.1.1.2","lastKnownDate":"171115","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:18:29.8299667+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2684},{"violations":{"ACR-043":"Third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page. Ex.: clamscan.exe, libclamav.dll, etc.\n","ACR-107":"The app uses antivirus component “clamscan.exe” and “libclamav.dll” which is an open source from “ClamAV” without disclosure and honoring open source licenses.\n","ACR-003":"The app exaggerates “Restricted Settings” as a MEDIUM system impact issue, thereby misleading or scaring the user to take action.\n","ACR-017":"The app fraudently elevates its consumer trust level by displaying unverifiable reviews.\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-107":"The app uses antivirus component “clamscan.exe” and “libclamav.dll” which is an open source from “ClamAV” without disclosure and honoring open source licenses.\n","ACR-003":"The app exaggerates “Restricted Settings” as a MEDIUM system impact issue, thereby misleading or scaring the user to take action.\n","ACR-017":"The app fraudently elevates its consumer trust level by displaying unverifiable reviews.\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Program Files (x86)\\ASP\\AdvancedSystemProtector.exe","isInstaller":"True","productName":"ASP","productVersion":"2.2.1004.23071","fileVersion":"2.2.1004.23071","hashMD5":"9eeb1acdd55e2a9b97105138cc2ae681","hashSHA1":"3b122c5e5588851200b519fe4fada6d0856b7d68","hashSHA256":"7fed13de5ca541b310cab8501af0cb87dba850f32500554bbde235233e2b081e","digitalCertThumbprint":"354084EB2F4CDA316DB55CD9054EFAF71C227D42","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Systweak Software","sourceIndex":"3725","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Systweek","landingPage":"https://www.systweak.com/advanced-system-protector/","ipv4":"","ipv6":"","sourceIndex":"3725"}],"sampleFiles":[],"imageFiles":["171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-043/ACR-043_Software_ClamAVScan_Installed_Without_Discolsure.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-043/ACR-043_Software_ClamAVScan_Installed_Without_Discolsure.mp4","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-003/ACR-003_Software_ExaggeratesInternetExplorerRestrictionsAsItem.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-003/ACR-003_Software_ExaggeratesInternetExplorerRestrictionsAsItem.mp4","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-003/ACR-003_Software_ExaggeratesInternetExplorerRestrictionsAsItem1.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-017/ACR-017_InternalOffer_Unable_To_Verify_Review.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-168/ACR-168_Software_DisclosureNotMentionedAboutAdditionalOffersMightBeApplicable&NoEqualProminenceGivenForOtherInteractiveOptions1.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-168/ACR-168_Softwarwe_DisclosureNotMentionedAboutAdditionalOffersMightBeApplicable&NoEqualProminenceGivenForOtherInteractiveOptions.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-168/ACR-168_Softwarwe_DisclosureNotMentionedAboutAdditionalOffersMightBeApplicable&NoEqualProminenceGivenForOtherInteractiveOptions.mp4"],"nonDeceptorImageFiles":["171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-003/ACR-003_Software_ExaggeratesInternetExplorerRestrictionsAsItem.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-003/ACR-003_Software_ExaggeratesInternetExplorerRestrictionsAsItem.mp4","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-003/ACR-003_Software_ExaggeratesInternetExplorerRestrictionsAsItem1.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-017/ACR-017_InternalOffer_Unable_To_Verify_Review.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-168/ACR-168_Software_DisclosureNotMentionedAboutAdditionalOffersMightBeApplicable&NoEqualProminenceGivenForOtherInteractiveOptions1.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-168/ACR-168_Softwarwe_DisclosureNotMentionedAboutAdditionalOffersMightBeApplicable&NoEqualProminenceGivenForOtherInteractiveOptions.JPG","171118/D-AdvancedSystemProtector-170912/2.2.1004.23071/Images/ACR-168/ACR-168_Softwarwe_DisclosureNotMentionedAboutAdditionalOffersMightBeApplicable&NoEqualProminenceGivenForOtherInteractiveOptions.mp4"],"guid":"f4ea05e2-57d0-404b-9050-fc25a47be937_2.2.1004.23071_1","appID":"D-AdvancedSystemProtector-170912","dateAdded":"171118","deceptorType":"App","name":"Advanced System Protector","company":"Systweak Software","version":"2.2.1004.23071","sigName":"Deceptor:Win32/AdvancedSystemProtector!003017043107168","firstVendorContactDate":"170914","firstAppEsteemReplyDate":"170914","firstResolvedDate":"171119","firstResolvedVersion":"2.3.1000.23511","resolved":"TRUE","lastKnownStatus":"Deceptor: 2.2.1004.23071","lastKnownDate":"170912","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"Firefox, Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, call center","lastUpdate":"2018-02-15T00:31:59.0100068+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2686},{"violations":{"ACR-042":"App should provide an option for Users to view the Terms and Conditions,Privacy policy,Installation location,etc before installing the App\n","ACR-048":"The option to select/deselect the startup-on-logon is disabled\n","ACR-003":"The application exaggerates \"Recent files\" and \"shared dlls\" as a problem, and labels it as \"Danger\" thereby misleading or scaring user to take action \n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-038":"Company name is missing for few of the binaries like Ca100.exe, Splash.exe, etc.\n","ACR-065":"The app needs to disclose the EULA,Terms of Service,Returns & Cancellation Policy and Privacy Policy in the app's about page.\n","ACR-163":"The app displays a support call center phone number, but does not provide equivalent prominent  non interactive option to the consumer.\n","ACR-092":"Digital signature is required for some of the executables. E.g. \"Setup.dll“,\"CPUGuardian.resources.dll“, “Splash.resources.dll“, etc.\n","ACR-035":"The App does not present to the user, EULA or Terms of use or Privacy policy.\n","ACR-003":"The application exaggerates \"Recent files\" and \"shared dlls\" as a problem, and labels it as \"Danger\" thereby misleading or scaring user to take action \n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"CPUGuardianSetup.exe","isInstaller":"True","companyName":"CPU Guardian","productName":"CPU Guardian","productVersion":"3.1.4","fileVersion":"3.1.4.0","hashMD5":"bd908f741e5ce33d06bbaa2910b33408","hashSHA1":"006dc0df29a2910d7399b727b2859f60d880df9e","hashSHA256":"89b8e426dd3be93a1c667f6c147ce0e213b8d2de1f2c7995ba0a073c10b034b5","digitalCertThumbprint":"252747FA9528A4F9D0E0ACBEBC3801CE9CAB90F0","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Secure Software Center","sourceIndex":"3738","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"bad certs:252747fa9528a4f9d0e0acbebc3801ce9cab90f0","landingPage":"","directDownloadingLink":"http://setup.shieldapps.ml/registry/cpuguardian/s/CPUGuardianSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3738"}],"sampleFiles":["171118/CPUGuard-171115/3.1.4/Samples/CPUGuardianSetup.exe"],"imageFiles":["171118/CPUGuard-171115/3.1.4/Images/ACR-042/ACR-042_Install_InstallsAndScansWithoutProvidingOptions.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-042/ACR-042_Install_InstallsAndScansWithoutProvidingOptions.mp4","171118/CPUGuard-171115/3.1.4/Images/ACR-048/ACR-048_Software_UnableToUseOption.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim.mp4","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim01.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim02.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim03.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim04.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim05.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-168/ACR-168_Software_DisclosureRequiredForAnyAdditionalOffer01.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-168/ACR-168_Software_DisclosureRequiredForAnyAdditionalOffer02.JPG"],"nonDeceptorImageFiles":["171118/CPUGuard-171115/3.1.4/Images/ACR-065/ACR-065_Software_EulaAndPrivacypolicyRequired.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-163/ACR-163_Software_NonOneToOneInteractiveOptionsRequired.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim.mp4","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim01.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim02.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim03.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim04.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-003/ACR-003_Software_ExaggeratedClaim05.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-168/ACR-168_Software_DisclosureRequiredForAnyAdditionalOffer01.JPG","171118/CPUGuard-171115/3.1.4/Images/ACR-168/ACR-168_Software_DisclosureRequiredForAnyAdditionalOffer02.JPG"],"guid":"8956b079-701c-4b2e-a15b-1a720d53a7c0_3.1.4_1","appID":"CPUGuard-171115","dateAdded":"171118","deceptorType":"App","name":"CPU Guardian","company":"CPU Guardian","version":"3.1.4","sigName":"Deceptor:Win32/CPUGuardian!003042168048","lastKnownStatus":"Deceptor:3.1.4","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,call center,up-sell to paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2687},{"violations":{"ACR-007":"The app displays \"intel\" logo out of context to mislead the consumer into taking some action based on a misplaced trust level.\n","ACR-017":"The app fraudently elevates its user trust level by displaying fake \"FileCluster award\" and unverifiable \"cnet\" endorsements.\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer knowledge and consent.\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the application, it deliberately retains a executable on the device without the consumer's consent\n"},"nonDeceptorViolations":{"ACR-007":"The app displays \"intel\" logo out of context to mislead the consumer into taking some action based on a misplaced trust level.\n","ACR-017":"The app fraudently elevates its user trust level by displaying fake \"FileCluster award\" and unverifiable \"cnet\" endorsements.\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\K7User\\Desktop\\RegCleanProSetup.exe","isInstaller":"True","companyName":"systweak.com","productName":"RegClean Pro","productVersion":"6.21","fileVersion":"RegClean Pro","hashMD5":"d1f7ebaa637f0246f9016b342fb689e3","hashSHA1":"319010e82990be260e3a35acb2f35cdf14b5b108","hashSHA256":"762aac5cf4e851fd10cd62d747be8d90aba76e6486a40b1dbe593e77a0ab56a7","digitalCertThumbprint":"354084EB2F4CDA316DB55CD9054EFAF71C227D42","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Systweak Software","sourceIndex":"3752","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Systweek","landingPage":"https://www.systweak.com/registry-cleaner/","ipv4":"","ipv6":"","sourceIndex":"3752"}],"sampleFiles":[],"imageFiles":["171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-007/ACR-007_Software_Intel_Logo.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-007/ACR-007_Software_Intel_Logo.mp4","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-017/ACR-017_Internal_Offer_CNET_Comment_Unverifiable.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-017/ACR-017_Internal_Offer_FileCluster_Award.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-017/ACR-017_Internal_Offer_FileCluster_Award.mp4","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-017/ACR-017_Internal_Offer_FileCluster_Award_Fake.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-084/ACR-084_Software_Undisclosed_Task.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-084/ACR-084_Software_Undisclosed_Task.mp4","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-168/ACR-168_Software_Phone_Number.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-168/ACR-168_Software_Support_Number.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-118/ACR-118_Uninstall_Retains_Executables.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-118/ACR-118_Uninstall_Retains_Executables.mp4"],"nonDeceptorImageFiles":["171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-007/ACR-007_Software_Intel_Logo.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-007/ACR-007_Software_Intel_Logo.mp4","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-017/ACR-017_Internal_Offer_CNET_Comment_Unverifiable.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-017/ACR-017_Internal_Offer_FileCluster_Award.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-017/ACR-017_Internal_Offer_FileCluster_Award.mp4","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-017/ACR-017_Internal_Offer_FileCluster_Award_Fake.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-168/ACR-168_Software_Phone_Number.JPG","171118/D-RegCleanPro-170912/8.3.81.594/Images/ACR-168/ACR-168_Software_Support_Number.JPG"],"guid":"4948dee3-f171-4280-af01-7883ba317004_8.3.81.594_1","appID":"D-RegCleanPro-170912","dateAdded":"171118","deceptorType":"App","name":"RegClean Pro","company":"Systweak Software","version":"8.3.81.594","sigName":"Deceptor:Win32/RegCleanPro!007017084168118","firstVendorContactDate":"170914","firstAppEsteemReplyDate":"170914","firstResolvedDate":"170926","firstResolvedVersion":"8.3.81.847","resolved":"TRUE","lastKnownStatus":"Deceptor:8.3.81.594","lastKnownDate":"170929","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2018-02-15T00:26:58.5115605+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2685},{"violations":{"ACR-003":"The application exaggerates registry entries, system files and junk files as being HIGH/MEDIUM issue and having severe system impact, claims system in POOR performance which can not be substantiated  thereby misleading or scaring user to take action.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's internal offer webpage provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"The application uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Adp Marketing Ltd\" which is not disclosed in the app's offer or EULA.\n","ACR-160":"The application does not use a certified call center to monetize the app.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"dllrepairkit-setup.exe","isInstaller":"True","companyName":"n/a","productName":"DllRepair Kit 2018","productVersion":"1.4.1.2","fileVersion":"1.4.1.2","hashMD5":"ff61e24c08c4b95d29ad3f0f6afcb5b1","hashSHA1":"8b52ab8d6201bc55f70ce24c68de761fe8d93d6a","hashSHA256":"b5e729d937458bf9d73e4044c5a168476e75a88dec1f52e843480f2689d0b320","digitalCertThumbprint":"D20D5B08A6ACD6E8A78C29105E41267711962938","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Adp Marketing Ltd, O=Adp Marketing Ltd, STREET=20 Rhondda Grove, L=London, S=London, PostalCode=E3 5AP, C=GB","sourceIndex":"2520","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"DllRepairKIT.exe","companyName":"n/a","productName":"DllRepair KIT","productVersion":"1.1.6596.23164","fileVersion":"1.1.6596.23164","hashMD5":"3016a1abcee7469ff9102e8766a637e2","hashSHA1":"0125fcc0a8928aeaa299d66fcbc88cddf1b32118","hashSHA256":"cd3dc07b3c28af2a2c8f624fd68c857906c06a690a9f75c19c55fe26ed4bc2b7","digitalCertThumbprint":"D20D5B08A6ACD6E8A78C29105E41267711962938","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Adp Marketing Ltd, O=Adp Marketing Ltd, STREET=20 Rhondda Grove, L=London, S=London, PostalCode=E3 5AP, C=GB","sourceIndex":"2520","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"Existing decepter review","landingPage":"https://dllrepairkit.com/","directDownloadingLink":"https://dllrepairkit.com/download/?cid=main-download","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dllrepairkit.com/download/?cid=main-download","sourceIndex":"2520"}],"sampleFiles":["171117/D-DLLRepairKit-170611/1.4.1.2/Samples/dllrepairkit-setup.exe","171117/D-DLLRepairKit-170611/1.4.1.2/Samples/DllRepairKIT.exe"],"imageFiles":["171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_1.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-003/ACR_003_SOFTWARE_SCREENSHOT_2.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-168/ACR_168_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-065/ACR_065_SOFTWARE.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-163/ACR_163_SOFTWARE.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-163/ACR_163_INTERNAL_OFFERS.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-088/ACR_088_SOFTWARE.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-092/ACR_092_SOFTWARE.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-099/ACR_099_SOFTWARE.PNG","171117/D-DLLRepairKit-170611/1.4.1.2/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG"],"guid":"585f5dc2-598a-4b2e-b46d-e0faf46da16e_1.4.1.2_1","appID":"D-DLLRepairKit-170611","dateAdded":"171117","deceptorType":"App","name":"DllRepairKit","company":"DLLRepairKit.com","version":"1.4.1.2","sigName":"Deceptor:Win32/DLLRepairKit!003168","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.4.1.2","lastKnownDate":"200318","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2020-03-18T20:38:32.8151279+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2689},{"violations":{"ACR-003":"Exaggerated claims about system health, a pop-up message says \"The issues may be threatening your PC\" and mentioned as \"Critical\".  Scares and misleads the user to take action.\n","ACR-168":"Need to add disclaimer if any additional offers would be made. Ex.: \"Additional offers might be made during phone support\".\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"dllrepairkit-setup.exe","isInstaller":"True","companyName":"Adventure Day Projects Lp","productName":"DllRepair KIT Installer","productVersion":"1.0.1.2","fileVersion":"1.0.1.2","hashMD5":"159cb72c139ad61de32af3f4ddb776d0","hashSHA1":"6546db6250491a73ec5ce3b764c8d6b76dd7d328","hashSHA256":"0995e20513d8f770e776fecd4b511a71bd20701253dca4636da8fe7d65ef77c4","digitalCertThumbprint":"56CFAD2EEA7418D32831A699A52A437420B79AD0","digitalCertIssuer":"Adventure Day Projects Lp","digitalCertIssuedTo":"Adventure Day Projects Lp","sourceIndex":"2519","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Onboarding.Callcenter","reference":"App supported by call center ATS","landingPage":"https://dllrepairkit.com/","directDownloadingLink":"https://dllrepairkit.com/download/?cid=direct-download","ipv4":"138.197.201.215","ipv6":"","sourceIndex":"2519"}],"sampleFiles":["171117/D-DLLRepairKit-170611/1.0.1.2/Samples/dllrepairkit-setup.exe"],"imageFiles":["171117/D-DLLRepairKit-170611/1.0.1.2/Images/ACR-003/ACR_003_Software_ExaggeratedAndForcesUserToPurchase.mp4","171117/D-DLLRepairKit-170611/1.0.1.2/Images/ACR-003/ACR_003_Software_ExaggeratedAndForcesUserToPurchase_1.JPG","171117/D-DLLRepairKit-170611/1.0.1.2/Images/ACR-003/ACR_003_Software_ExaggeratedAndForcesUserToPurchase_2.JPG","171117/D-DLLRepairKit-170611/1.0.1.2/Images/ACR-003/ACR_003_Software_ExaggeratedAndForcesUserToPurchase_3.JPG","171117/D-DLLRepairKit-170611/1.0.1.2/Images/ACR-168/ACR_168_Software_NeedToAddDisclaimerAboutAdditionalOffers.JPG","171117/D-DLLRepairKit-170611/1.0.1.2/Images/ACR-168/ACR_168_Software_NeedToAddDisclaimerAboutAdditionalOffers.mp4"],"nonDeceptorImageFiles":[],"guid":"585f5dc2-598a-4b2e-b46d-e0faf46da16e_1.0.1.2_1","appID":"D-DLLRepairKit-170611","dateAdded":"171117","deceptorType":"App","name":"DllRepairKit","company":"DLLRepairKit.com","version":"1.0.1.2","sigName":"Deceptor:Win32/DllRepairKit!003168","firstResolvedVersion":"","lastKnownStatus":"Deceptor:1.4.1.2","lastKnownDate":"200318","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-03-18T20:39:59.3316162+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2688},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys, browser cookies and junk files as errors and problems, thereby misleading or scaring user to take action. The application reports also identified these errors with exaggerated numbers, thereby misleading or scaring the user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links to the app's  EULA and/or Terms of Service, Returns and Cancellation Policy on the internal offer.\nDoes not show any links to the app's  EULA and/or Terms of Service, Returns and Cancellation Policy on the landing page.\nDoes not show any links to the app's  EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nDoes not show any links to the app's  EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide an easy to find interactions for cancellation or returns.\n","ACR-092":"The app does not have a digital signature. (unsigned)\n","ACR-099":"No uninstall instructions are available on the internal offer.\nNo uninstall instructions are available on the landing page.\nNo uninstall instructions are available on the software\n","ACR-150":"The app shows Better Business Bureau (BBB) accredited but is unable to be verified as it is not clickable.\n"},"samples":[{"isRevoked":"False","fileName":"RegUtility.exe","isInstaller":"True","companyName":"Regutility.com","productName":"RegUtility","productVersion":"4.1","fileVersion":"na","hashMD5":"6d4d7489f032ba359c83f2406fb59e75","hashSHA1":"5457dd7eeaa339e3f0fb5770476cfd36f07b1b4f","hashSHA256":"be53dd6ef51f1741b72dc940bed3e5fe03ce40ac155482b856972003178dbae8","digitalCertThumbprint":"na (unsigned)","digitalCertIssuer":"na (unsigned)","digitalCertIssuedTo":"na (unsigned)","sourceIndex":"3016","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://www.regutility.com/","directDownloadingLink":"http://www.regutility.com/RegUtility_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3016"}],"sampleFiles":["171115/RegUtility-171025/4.1/Samples/RegUtility_Setup.exe"],"imageFiles":["171115/RegUtility-171025/4.1/Images/ACR-003/ACR-003_software.PNG","171115/RegUtility-171025/4.1/Images/ACR-003/ACR-003_software1.PNG"],"nonDeceptorImageFiles":["171115/RegUtility-171025/4.1/Images/ACR-150/ACR-150_inline_offer.PNG","171115/RegUtility-171025/4.1/Images/ACR-065/ACR-065_install.PNG","171115/RegUtility-171025/4.1/Images/ACR-065/home.PNG"],"guid":"fd4333f2-6ebc-4f20-88b4-bdd02f6d2e74_4.1_1","appID":"RegUtility-171025","dateAdded":"171115","deceptorType":"App","name":"RegUtility","company":"Regutility.com","version":"4.1","sigName":"Deceptor:Win32/RegUtility!003","lastKnownStatus":"Deceptor: 4.1","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-06-06T21:15:02.8021087+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2690},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health,  e.g. reporting junk files and registry entries as errors, with damage level above \"Low\" , raising misleading urgency for user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"nonDeceptorViolations":{"ACR-065":"Eula and terms of condition links does not work.\nEula links does not work.\nSoftware is missing Eula and Privacy policy links.\n","ACR-163":"One to one interaction is needed in order to purchase , activate or receive support. \n","ACR-160":"Called the call center the agent answered i asked about the application and the agent replied saying they do not sell anything there they only fix computers (MAC,WINDOWS,etc). asked the agent for the name of the company he stated they do not have a specific name its just Computer Repairs.\n","ACR-099":"Landing page is missing uninstall link.\nSoftware is missing uninstall links.\n","ACR-003":"The application makes exaggerated claims about the system's health,  e.g. reporting junk files and registry entries as errors, with damage level above \"Low\" , raising misleading urgency for user to take action.\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"DrakonsOptimizerPro.exe","isInstaller":"True","companyName":"Drakons by 365techRUS","productName":"DrakonsOptimizerPro","productVersion":" 2.4.7","fileVersion":" 2.4.7","hashMD5":"1f7b8aa0ead5c2665c069f8a312e8687","hashSHA1":"7becd8a5a7e9c3c213e7141509c677b7716517d2","hashSHA256":"86cf27ac0dd17c78adb28b92cfac0ebc79d5864e960a85d6bfae7dd009ffc685","sourceIndex":"3726","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://drakons.net/optimizer-feature.html","directDownloadingLink":"http://drakons.net/DrakonsOptimizerProSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3726"}],"sampleFiles":["171114/DrakonsOptimizerPro-171026/2.4.7.0/Samples/DrakonsOptimizerProSetup.exe"],"imageFiles":["171114/DrakonsOptimizerPro-171026/2.4.7.0/Images/ACR-003/acr_003.PNG","171114/DrakonsOptimizerPro-171026/2.4.7.0/Images/ACR-003/acr_003_1.PNG","171114/DrakonsOptimizerPro-171026/2.4.7.0/Images/ACR-084/acr_084.PNG","171114/DrakonsOptimizerPro-171026/2.4.7.0/Images/ACR-168/one_one_interaction_SW.PNG"],"nonDeceptorImageFiles":["171114/DrakonsOptimizerPro-171026/2.4.7.0/Images/ACR-163/one_one_interaction_SW.PNG","171114/DrakonsOptimizerPro-171026/2.4.7.0/Images/ACR-003/acr_003.PNG","171114/DrakonsOptimizerPro-171026/2.4.7.0/Images/ACR-003/acr_003_1.PNG","171114/DrakonsOptimizerPro-171026/2.4.7.0/Images/ACR-168/one_one_interaction_SW.PNG"],"guid":"219cd955-7065-4340-a7dc-54e7a1879208_2.4.7.0_1","appID":"DrakonsOptimizerPro-171026","dateAdded":"171114","deceptorType":"App","name":"DrakonsOptimizerPro","company":"Drakons by 365techRUS","version":"2.4.7.0","sigName":"Deceptor:Win32/DrakonOptimizerPro!003084168","lastKnownStatus":"Deceptor:2.4.7","lastKnownDate":"171026","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-02-15T00:31:57.743779+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2696},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries with a severity level above \"Low\" (e.g. \"Medium\", \"High\", \"Danger\", etc.), to mislead and/or scare the user\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\nThe application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and Privacy policy links.\n","ACR-163":"One to one interaction is needed in order to return, purchase or receive support.\nOne to one interaction is needed in order to return, purchase or receive support.\n","ACR-160":"Tried calling the call center and there is no answer, there was an answering machine stating to leave a message.\n","ACR-099":"Software is missing uninstall link.\n","ACR-120":"The same app was re-advertised with a 50% OFF which would be confusing and misleading for the consumer. \n","ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries with a severity level above \"Low\" (e.g. \"Medium\", \"High\", \"Danger\", etc.), to mislead and/or scare the user\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\nThe application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"K9-Disk Speedup.exe","isInstaller":"True","companyName":"The Phone Support Pvt. Ltd.","productName":"K9-Disk Speedup","productVersion":"1.0.1008.16578","fileVersion":"3.0.0.0","hashMD5":"cddf9ac8c218634601bcfea710abd35f","hashSHA1":"ade5a4f5a94abb57249d3d252258e268ef6d7f37","hashSHA256":"253d3e9e9fcb5ecbbb95ee04630330fec82553611f5a9849d837a40745ded40d","digitalCertThumbprint":"81AF25E634A445EA24024E90095C65663DCAF188","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"The Phone Support Pvt. Ltd.","sourceIndex":"3739","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.k9tools.com/k9dsu/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/images/k9tools/k9dsu/k9dsusetup.exe","ipv4":"","ipv6":"","sourceIndex":"3739"}],"sampleFiles":["171114/K9-DiskSpeedup-171025/1.0.1008.16578/Samples/k9dsusetup.exe"],"imageFiles":["171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-003/acr_003.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-017/acr_017_OP.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-017/acr_017_install.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-168/One_one_interaction_LP.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-168/One_one_interaction_SW.PNG"],"nonDeceptorImageFiles":["171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-163/One_one_interaction_LP.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-163/One_one_interaction_SW.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-120/re_advertised_same_app.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-003/acr_003.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-017/acr_017_OP.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-017/acr_017_install.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-168/One_one_interaction_LP.PNG","171114/K9-DiskSpeedup-171025/1.0.1008.16578/Images/ACR-168/One_one_interaction_SW.PNG"],"guid":"621a58fa-3871-4169-a832-861c8c54ff5c_1.0.1008.16578_1","appID":"K9-DiskSpeedup-171025","dateAdded":"171114","deceptorType":"App","name":"K9-Disk Speedup","company":"The Phone Support Pvt. Ltd.","version":"1.0.1008.16578","sigName":"Deceptor:Win32/K9DiskSpeedup!003017","lastKnownStatus":"Deceptor:1.0.1008.16578","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2695},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries with a severity level above \"Low\" (e.g. \"Medium\", \"High\", \"Danger\", etc.), to mislead and/or scare the user\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\nThe application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and Privacy policy links.\n","ACR-163":"One to one interaction is needed in order to return, purchase or receive support.\nOne to one interaction is needed in order to return, purchase or receive support.\n","ACR-160":"Tried calling the call center there was no answer, there was an answering machine saying to leave a message. \n","ACR-099":"Software is missing uninstall link.\n","ACR-120":"The same app was re-advertised for 50% OFF which would be confusing for the consumer and let them feel misled at first.\n","ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries with a severity level above \"Low\" (e.g. \"Medium\", \"High\", \"Danger\", etc.), to mislead and/or scare the user\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\nThe application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"K9-PCFixer.exe","isInstaller":"True","companyName":"The Phone Support Pvt. Ltd.","productName":"K9-PCFixer","productVersion":"1.8.243.233","fileVersion":"1.8.243.233","hashMD5":"bf724e11ce8691836b1beb9efb9c4347","hashSHA1":"a77bdd49e4d732fc3779b59c4bf80d8a4426f32b","hashSHA256":"007fb6dbc52b24828d9ee2d6f0092dcfecc273a1f5b579f52f38451a243154cd","digitalCertThumbprint":"52EE199C35AF329561ADB2D6F3202287505235BD","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"The Phone Support Pvt. Ltd.","sourceIndex":"3710","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.k9pcfixer.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/images/k9tools/k9pcfixer/k9pcfsetup_site_default.exe","ipv4":"","ipv6":"","sourceIndex":"3710"}],"sampleFiles":[],"imageFiles":["171114/K9PCFixer-171026/1.8.243.233/Images/ACR-003/acr_003.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-003/acr_003_1.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-017/acr_017_OP.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-017/acr_017_Inst.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-084/ACR_084.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-168/One_one_interaction_LW.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-168/One_one_interaction_SW.PNG"],"nonDeceptorImageFiles":["171114/K9PCFixer-171026/1.8.243.233/Images/ACR-163/One_one_interaction_LW.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-163/One_one_interaction_SW.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-120/re_advertised_app.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-003/acr_003.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-003/acr_003_1.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-017/acr_017_OP.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-017/acr_017_Inst.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-168/One_one_interaction_LW.PNG","171114/K9PCFixer-171026/1.8.243.233/Images/ACR-168/One_one_interaction_SW.PNG"],"guid":"49f96d32-4c92-45e8-bb6c-5ef72f7cd5a7_1.8.243.233_1","appID":"K9PCFixer-171026","dateAdded":"171114","deceptorType":"App","name":"K9-PCFixer","company":"The Phone Support Pvt. Ltd.","version":"1.8.243.233","sigName":"Deceptor:Win32/K9PCFixer!003084168017","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2694},{"violations":{"ACR-003":"The application uses high color gradient to increase urgency for non-urgent, low impactful \"issues\",thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\nThe application's install wizard fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\nThe application fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to webpage that shows the EULA and privacy policy information.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application provides a contact number for support during uninstall but does not provide an email address as a secondary means of contact.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-160":"Contacted the phone number (855) 716-7017 provided by K9-PCUtilities and got an automated response message saying please leave a message.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get a 50% off for the same program.\n","ACR-167":"The application's internal offer webpage has a refund policy that states that the consumer has 14 days to request a refund.\n","ACR-003":"The application uses high color gradient to increase urgency for non-urgent, low impactful \"issues\",thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\nThe application's install wizard fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\nThe application fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\n","ACR-168":"The landing page displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"K9Tools","productName":"K9-PCUtilities","productVersion":"1.0.1008.16576","fileVersion":"K9-PCUtilities 1.0","hashMD5":"a11437d8f7573afbd71b565f5ab92629","hashSHA1":"8c18f1ce92b9a40186ea41b92acb1f4db39e4c44","hashSHA256":"daf9a4ce399244e03c0708e201fd843f8dd9406624ca3dc3544c8a9aeb7bd0a2","digitalCertThumbprint":"52EE199C35AF329561ADB2D6F3202287505235BD","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"The Phone Support Pvt. Ltd.","sourceIndex":"3754","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://en.freedownloadmanager.org","landingPage":"http://www.k9tools.com/k9utilities/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/images/k9tools/pcutils/site/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3754"}],"sampleFiles":["171114/K9PCUtilities-171026/1.0.1008.16576/Samples/setup.exe"],"imageFiles":["171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-003/ACR-003_SOFTWARE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-017/ACR-017_INTERNAL_OFFERS.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-017/ACR-017_INSTALL.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-017/ACR-017_SOFTWARE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-168/ACR-168_LANDING_PAGE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-163/ACR-163_LANDING_PAGE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-163/ACR-163_SOFTWARE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-163/ACR-163_UNINSTALL.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-170/ACR-170_SOFTWARE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-092/ACR-092_SOFTWARE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-120/ACR-120_UNINSTALL.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-167/ACR-167_DOCS.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-003/ACR-003_SOFTWARE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-017/ACR-017_INTERNAL_OFFERS.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-017/ACR-017_INSTALL.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-017/ACR-017_SOFTWARE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-168/ACR-168_LANDING_PAGE.PNG","171114/K9PCUtilities-171026/1.0.1008.16576/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"guid":"8d50da26-0942-4e31-a591-0dc5eb42467e_1.0.1008.16576_1","appID":"K9PCUtilities-171026","dateAdded":"171114","deceptorType":"App","name":"K9-PCUtilities","company":"k9tools.com","version":"1.0.1008.16576","sigName":"Deceptor:Win32/K9PCUtilities!003017168","lastKnownStatus":"Deceptor:1.0.1008.16576","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2693},{"violations":{"ACR-003":"The application uses the color red and the word Errors to increase urgency for non-urgent \"issues\",thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to the EULA and privacy policy information.\nThe application has no link to webpage that shows the EULA and privacy policy information.\n","ACR-161":"The landing page has testimonials that has no links back to a source so consumers can verify if they're real.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-159":"The application's landing page does not specify that the consumer will make any payments before downloading application.\n","ACR-171":"The application's internal offer webpage has additional offers pre-selected.\n","ACR-003":"The application uses the color red and the word Errors to increase urgency for non-urgent \"issues\",thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"RegistryWiseCleaner_setup.exe","isInstaller":"True","companyName":"Registry Wise Cleaner","productName":"Registry Wise Cleaner","productVersion":"1.01","fileVersion":"1.01","hashMD5":"af09f64078d45b1825a78b1aa7577e4d","hashSHA1":"75e3d552e920485b69e2c1ba991c538bd0f77124","hashSHA256":"d80ed940d64d5cc03b87b87f5bb989032cd3975c593976053343de7f4a7910fe","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"3775","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://en.freedownloadmanager.org/","landingPage":"http://registrywisecleaner.com/","directDownloadingLink":"http://registrywisecleaner.com/RegistryWiseCleaner_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3775"}],"sampleFiles":["171114/RegistryWiseCleaner-171025/1.01/Samples/RegistryWiseCleaner_setup.exe"],"imageFiles":["171114/RegistryWiseCleaner-171025/1.01/Images/ACR-003/ACR-003_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171114/RegistryWiseCleaner-171025/1.01/Images/ACR-065/ACR-065_INSTALL.PNG","171114/RegistryWiseCleaner-171025/1.01/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","171114/RegistryWiseCleaner-171025/1.01/Images/ACR-171/ACR-171_INTERNAL_OFFERSS.PNG","171114/RegistryWiseCleaner-171025/1.01/Images/ACR-003/ACR-003_SOFTWARE.PNG"],"guid":"4a660714-861a-4840-8c9d-c39bb1902ca4_1.01_1","appID":"RegistryWiseCleaner-171025","dateAdded":"171114","deceptorType":"App","name":"Registry Wise Cleaner","company":"RegistryWiseCleaner.com","version":"1.01","sigName":"Deceptor:Win32/RegistryWiseCleaner!003","lastKnownStatus":"Deceptor:1.01","lastKnownDate":"171025","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows Vista,Windows XP,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-02-15T00:22:57.7680245+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2691},{"violations":{"ACR-003":"The app exaggerates \"Shared DLL\" and \"MRU List\" as critical problem, raises misleading urgency for user to take action \n"},"nonDeceptorViolations":{"ACR-003":"The app exaggerates \"Shared DLL\" and \"MRU List\" as critical problem, raises misleading urgency for user to take action \n"},"samples":[{"isRevoked":"False","fileName":"PCFastCC.exe","isInstaller":"True","hashMD5":"d73fd1f19345fe8d7a3ad387c07e757a","hashSHA1":"f70ad69638b4738e2d84226fd4e7448d4e01d451","hashSHA256":"45879f3d7bf0e21ff14caa658c0cb588cec60aab3d0e9a565e099ee635cf4837","digitalCertThumbprint":"5B45245A4139FAA70324DA1222EDC57B8494C61E","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"HelpySoft LLC","sourceIndex":"3803","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.pcfastcc.com/","directDownloadingLink":"http://www.pcfastcc.com/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3803"}],"sampleFiles":["171114/D-K7-PcFastcc-171113/1.0.0.6/Samples/PCFastCC.exe"],"imageFiles":["171114/D-K7-PcFastcc-171113/1.0.0.6/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_RegistryKeys_As_A_Problem.JPG","171114/D-K7-PcFastcc-171113/1.0.0.6/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_RegistryKeys_As_A_Problem.mp4","171114/D-K7-PcFastcc-171113/1.0.0.6/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_RegistryKeys_As_A_Problem1.JPG","171114/D-K7-PcFastcc-171113/1.0.0.6/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLL_As_Issues.JPG"],"nonDeceptorImageFiles":["171114/D-K7-PcFastcc-171113/1.0.0.6/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_RegistryKeys_As_A_Problem.JPG","171114/D-K7-PcFastcc-171113/1.0.0.6/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_RegistryKeys_As_A_Problem.mp4","171114/D-K7-PcFastcc-171113/1.0.0.6/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_RegistryKeys_As_A_Problem1.JPG","171114/D-K7-PcFastcc-171113/1.0.0.6/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLL_As_Issues.JPG"],"guid":"5e2fecec-0999-47d4-b439-43e66dfd3364_1.0.0.6_1","appID":"D-K7-PcFastcc-171113","dateAdded":"171114","deceptorType":"App","name":"PCFastCC","company":"PCFastcc","version":"1.0.0.6","sigName":"Deceptor:Win32/PCFastCC!003","lastKnownStatus":"Deceptor: 1.0.0.6","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2697},{"violations":{"ACR-043":"Another component is installed which are not disclosed to the user in the EULA and offer or landing page\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors and problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nDoes not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-099":"No uninstalling information is provided on the bundler's offer.\nNo uninstalling information is provided on the internal offer.\nNo uninstalling information is provided on the landing page.\nNo uninstalling information is provided on the software\n","ACR-035":"The app does not provide a Returns and Cancellation Policy or a Privacy Policy.\n","ACR-036":"The app does not provide a Returns and Cancellation Policy or a Privacy Policy.\n","ACR-037":"The app does not provide a Privacy Policy.\n","ACR-064":"The app downloads when the us clicks on instant scan on the landing page (not clearly labeled as a download)\n","ACR-159":"There was no disclosure that payment would be required to access full functionality of the software.\n"},"samples":[{"isRevoked":"False","fileName":"RegistryExpert.exe","isInstaller":"True","companyName":"Optimal Software s.r.o.","productName":"Registry Expert","productVersion":"1.0.2318","fileVersion":"1.0.2318","hashMD5":"3c1f6a5cacf033d141aef4c6990196ef","hashSHA1":"1bc080a8c2255946d93af019c2194c06c3a1783e","hashSHA256":"ab121babe435731e810d8c41471af4334963b8327cadf43f54993e1e0265e53c","digitalCertThumbprint":"13745D96257E3F88148594A63E9A2B0BB259E0A3","digitalCertIssuer":"DigiCert High Assurance Code Signing CA-1","digitalCertIssuedTo":"Optimal Software s.r.o.","sourceIndex":"3015","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com","landingPage":"http://www.registryexpert.com/","directDownloadingLink":"https://www.wifiprotector.com/downloads/response.aspx?&requestId=465c609bfac74e13b664cab063d44d37&encodedInstallerPath=QzpcaW5ldHB1Ylx3d3dyb290XHByenlzcGllc3prb21wdXRlclxkb3dubG9hZHMvUmVnaXN0cnlFeHBlcnQuZXhl&edition=","ipv4":"","ipv6":"","sourceIndex":"3015"}],"sampleFiles":["171114/RegistryExpert-171026/1.0.2318/Samples/RegistryExpert_465c609bfac74e13b664cab063d44d37_.exe"],"imageFiles":["171114/RegistryExpert-171026/1.0.2318/Images/ACR-043/ACR-043_install.PNG","171114/RegistryExpert-171026/1.0.2318/Images/ACR-043/ACR-043_install2.PNG","171114/RegistryExpert-171026/1.0.2318/Images/ACR-003/ACR-003_software.PNG","171114/RegistryExpert-171026/1.0.2318/Images/ACR-003/RegistryExpert.PNG"],"nonDeceptorImageFiles":["171114/RegistryExpert-171026/1.0.2318/Images/ACR-064/ACR-064_landing_page.PNG","171114/RegistryExpert-171026/1.0.2318/Images/ACR-065/ACR-065_install.PNG","171114/RegistryExpert-171026/1.0.2318/Images/ACR-065/ACR-065_software.PNG"],"guid":"a8339d85-737b-4865-8a36-df3db2384745_1.0.2318_1","appID":"RegistryExpert-171026","dateAdded":"171114","deceptorType":"App","name":"Registry Expert","company":"Optimal Software s. r. o.","version":"1.0.2318","sigName":"Deceptor:Win32/RegistryExpert!003","lastKnownStatus":"Deceptor:1.0.2318","lastKnownDate":"190606","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-06-06T21:16:10.9188584+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2692},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable scheduled tasks using the software.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links  to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer.\nDoes not show any links  to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the landing page.\nDoes not show any links  to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nDoes not show any links  to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-099":"No uninstall information is provided on the landing page.\nNo uninstall information is provided on the landing page.\nNo uninstall information is provided on the software.\n","ACR-120":"Uninstall offers the consumer the same app at a discounted price to deter uninstall.\n","ACR-035":"No EULA/Terms of Service or Returns and Cancellation Policy is provided for the app.\n","ACR-159":"No disclosure that payment would be required to access the full functionality of the software.\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"Registry Winner.exe","isInstaller":"True","companyName":"RegistryWinner.com","productName":"Registry Winner","productVersion":"7.1.10.12","fileVersion":"7.1.10.12","hashMD5":"c9e8c6fd661e8aef00d9aecdd0a98f49","hashSHA1":"0c56d8179a8e77ad962ed355300606be9d1f420e","hashSHA256":"40a042cb411f0a63345f79d2ed62b74b2cd7634b8304a5e29a3814263bf61f49","digitalCertThumbprint":"E88F1FCC65D395C5615C957BA8F31A38E4314CF9","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"ALIKET SOFTWARE CO., LTD.","sourceIndex":"3753","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"www.google.com","landingPage":"http://registrywinner.com/","directDownloadingLink":"http://www.registrywinner.com/RegistryWinner_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3753"}],"sampleFiles":["171114/RegistryWinner-171025/7.1.10.12/Samples/RegistryWinner_Setup.exe"],"imageFiles":["171114/RegistryWinner-171025/7.1.10.12/Images/ACR-003/ACR-003_software.PNG","171114/RegistryWinner-171025/7.1.10.12/Images/ACR-003/ACR-003_software2.PNG","171114/RegistryWinner-171025/7.1.10.12/Images/ACR-084/ACR-084_software.PNG","171114/RegistryWinner-171025/7.1.10.12/Images/ACR-084/ACR-084_software2.PNG"],"nonDeceptorImageFiles":["171114/RegistryWinner-171025/7.1.10.12/Images/ACR-065/ACR-065_install.PNG","171114/RegistryWinner-171025/7.1.10.12/Images/ACR-065/ACR-065_software.PNG","171114/RegistryWinner-171025/7.1.10.12/Images/ACR-120/ACR-120_uninstall.PNG","171114/RegistryWinner-171025/7.1.10.12/Images/ACR-003/ACR-003_software.PNG","171114/RegistryWinner-171025/7.1.10.12/Images/ACR-003/ACR-003_software2.PNG"],"guid":"9601964a-c57d-4eb4-bf05-9a66fea2ff3f_7.1.10.12_1","appID":"RegistryWinner-171025","dateAdded":"171114","deceptorType":"App","name":"Registry Winner","company":"RegistryWinner.com","version":"7.1.10.12","sigName":"Deceptor:Win32/RegistryWinner!003084","lastKnownStatus":"Deceptor: 7.1.10.12","lastKnownDate":"171025","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:26:57.9789583+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2610},{"violations":{"ACR-043":"One or more components digitally signed by third parties are installed without being disclosed to the consumer in the EULA and offer or landing page\n","ACR-003":"The app exaggerates \"Temp Files\", \"Shared DLL\" and \"Thumbnails\"  as a Danger and raises the urgency level as a \"HIGH\" system impact issue, thereby misleading or scaring user to take action \n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer\n"},"nonDeceptorViolations":{"ACR-170":"No interactive way for cancellation and returns\n","ACR-088":"App install discloses full scan after install, but there is no way for a user to unselect this option.\n","ACR-003":"The app exaggerates \"Temp Files\", \"Shared DLL\" and \"Thumbnails\"  as a Danger and raises the urgency level as a \"HIGH\" system impact issue, thereby misleading or scaring user to take action \n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer\n"},"samples":[{"isRevoked":"False","fileName":"Watchdog.PCCleaner.Setup.exe","isInstaller":"True","companyName":"Watchdog Development","productName":"Watchdog PC Cleaner","productVersion":"3.1.6","fileVersion":"3.1.6.0","hashMD5":"a22c481877e265a334db2d0881d6ed41","hashSHA1":"821a0e78ca3b1ce8586aeb5f2cc65119a618f9b9","hashSHA256":"c5aa9c692ed1984f77c693cc270df9c1a311457ceace4b817887bd16c2aa5ae0","digitalCertThumbprint":"F021CB1336EAEBA6B09001269B95E0623A0BD794","digitalCertIssuer":"thawte SHA256 Code Signing CA","digitalCertIssuedTo":"WatchDogDevelopment.com LLC","sourceIndex":"3756","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"https://www.watchdogdevelopment.com/en/home/pc-cleaner","directDownloadingLink":"https://www.watchdogdevelopment.com/en/download/pc-cleaner","ipv4":"","ipv6":"","sourceIndex":"3756"}],"sampleFiles":["171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Samples/Watchdog.PCCleaner.Setup.exe"],"imageFiles":["171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-043/ACR-043_Install_ThirdParty_Component_Used_Without_The_Consumer_Knowledge.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_Count.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLL.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_System_Issues_As_A_High.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_System_Issues_As_Danger.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_System_Issues_As_Danger.mp4","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_TempFiles.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_Thumbnails.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-084/ACR-084_Software_Creates_Schedule_Scan_Without_The_Consumer_Knowledge.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-084/ACR-084_Software_Creates_Schedule_Scan_Without_The_Consumer_Knowledge.mp4","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-168/ACR-168_Software_Didn't_Disclose_Additional_Offers_Might_Be_Applicable.JPG"],"nonDeceptorImageFiles":["171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-170/ACR-170 no interactive way for returns.png","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-088/ACR-088 no option for not do scan at install.png","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_Count.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLL.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_System_Issues_As_A_High.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_System_Issues_As_Danger.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_System_Issues_As_Danger.mp4","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_TempFiles.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-003/ACR-003_Software_Exaggerates_Thumbnails.JPG","171113/D-K7-WatchdogPCCleaner-171113/3.1.6.0/Images/ACR-168/ACR-168_Software_Didn't_Disclose_Additional_Offers_Might_Be_Applicable.JPG"],"guid":"4060be00-4c84-448b-b3a4-70de64dcdb4a_3.1.6.0_1","appID":"D-K7-WatchdogPCCleaner-171113","dateAdded":"171113","deceptorType":"App","name":"Watchdog PC Cleaner","company":"Watchdog Development","version":"3.1.6.0","sigName":"Deceptor:WatchdogPCCleaner!003084168043","firstVendorContactDate":"171221","firstAppEsteemReplyDate":"171222","firstResolvedDate":"171226","firstResolvedVersion":"3.2.8","resolved":"TRUE","lastKnownStatus":"NonCertified:3.2.9.0","lastKnownDate":"180102","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-02-15T00:26:28.4499077+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2701},{"violations":{"ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake, unverifiable or expired endorsements\nThe app fraudulently elevates its consumer trust level by displaying fake, unverifiable or expired endorsements\n","ACR-168":"1.The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n2.The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PCRxSetup.exe","isInstaller":"True","companyName":"PCRx.com LLC","productName":"PCRx","productVersion":"2.0.0.105","fileVersion":"2.0.0.105","hashMD5":"7f95a55c4fdec81287ecfe7f1b28ea5e","hashSHA1":"b2d622ac6aab112125de89b1bbd29cd331287e40","hashSHA256":"16e71404840800f1e5b4d5c63c9a840ef5c1a8f8649621d7f6e54d9dc53e5111","digitalCertThumbprint":"8671915258CA6BD614603E42073B0942113AB754","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Crawler Group LLC","sourceIndex":"3343","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://www.pcrx.com/registrycleaner/","directDownloadingLink":"http://www.pcrx.com/dnl/config/4/PCRxSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3343"}],"sampleFiles":["171113/D-K7-PCRXRegistryCleaner-171109/2.0.0.105/Samples/PCRxSetup.exe"],"imageFiles":["171113/D-K7-PCRXRegistryCleaner-171109/2.0.0.105/Images/ACR-017/ACR-017_InternalOffer_Misleading_Logo.JPG","171113/D-K7-PCRXRegistryCleaner-171109/2.0.0.105/Images/ACR-017/ACR-017_Software_Misleading_Logo.mp4","171113/D-K7-PCRXRegistryCleaner-171109/2.0.0.105/Images/ACR-017/ACR-017_software_Misleading_Logo.JPG","171113/D-K7-PCRXRegistryCleaner-171109/2.0.0.105/Images/ACR-168/ACR-168_Software_NoEqualProminence.JPG"],"nonDeceptorImageFiles":[],"guid":"91c407f3-6aff-4f43-b93a-a2434066bfb9_2.0.0.105_1","appID":"D-K7-PCRXRegistryCleaner-171109","dateAdded":"171113","deceptorType":"App","name":"PCRx","company":"Crawler Group LLC","version":"2.0.0.105","sigName":"Deceptor:PCRx!017168","lastKnownStatus":"Deceptor:2.0.0.105","lastKnownDate":"171109","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7, Windows 8, Windows Vista, Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid","lastUpdate":"2019-01-22T00:26:38.1560859+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2702},{"violations":{"ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\nThe application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the user\n","ACR-119":"The application fails to remove all of its monetization components after the user uninstalls it\n\n\n"},"nonDeceptorViolations":{"ACR-065":"Offer page is missing Eula and privacy policy links\nSoftware is missing Eula and privacy policy links\n","ACR-163":"One to one interaction is needed in order to purchase, activate or get support.\nOne to one interaction is needed in order to purchase, activate or get support.\n","ACR-160":"Tried calling the call center and there was no answer but there was an answering machine stating to leave a message. \n","ACR-099":"Landing page is missing uninstall links. \nSoftware is missing uninstall links. \n","ACR-120":"The same app was re-advertised for a 50% OFF which would make the consumer feel they were cheated earlier as well as it being confusing.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the user\n\n"},"samples":[{"isRevoked":"False","fileName":"K9-DriverUpdater.exe","isInstaller":"True","companyName":"SUPER TUNEUP TECHNOLOGIES LLP","productName":"K9-DriverUpdater","productVersion":"1.0.1086.16665","fileVersion":"1.0.1086.16665","hashMD5":"94f2ca247a2b65579f24cd656210ea26","hashSHA1":"19cbb2e0908b3b2156fd2b35a48d000bb5892523","hashSHA256":"8bccf51642ff17cfca3762f3ede193ae29627f08e6d2e3976a6bbc36fdc14219","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"SUPER TUNEUP TECHNOLOGIES LLP","sourceIndex":"3776","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"","reference":"","landingPage":"http://www.k9tools.com/k9du/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/images/k9tools/k9du/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3776"}],"sampleFiles":[],"imageFiles":["171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-017/acr_17_OP.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-017/acr_017_LP.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-017/acr_017_install.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-084/acr_084.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-168/one_to_one_interaction_LP.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-168/one_to_one_interaction_SW.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-119/acr_119.PNG"],"nonDeceptorImageFiles":["171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-163/one_to_one_interaction_LP.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-163/one_to_one_interaction_SW.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-120/re-advertising_same_app.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-017/acr_17_OP.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-017/acr_017_LP.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-017/acr_017_install.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-168/one_to_one_interaction_LP.PNG","171113/k9-DriverUpdater-171027/1.0.1086.16665/Images/ACR-168/one_to_one_interaction_SW.PNG"],"guid":"0ea33a8e-b68e-493f-8a90-b37c44d6fda5_1.0.1086.16665_1","appID":"k9-DriverUpdater-171027","dateAdded":"171113","deceptorType":"App","name":"K9-DriverUpdater","company":"SUPER TUNEUP TECHNOLOGIES LLP","version":"1.0.1086.16665","sigName":"Deceptor:Win32/K9DriverUpdater!017084168","lastKnownStatus":"Deceptor: 1.0.1086.16665","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,call center","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2699},{"violations":{"ACR-003":"Popups with summary status don't show subcategory breakdown\nSummary \"score\" does not show consumer how it was calculated, and is misleading without that detail adjacent.\nIt is very difficult for the consumer to figure out how to navigate to the details of what has been called out, which makes the claims unsubstantiated.\nClaiming that no Antivirus is \"serious\" without mentioning the built-in antivirus capabilites of OSX is exaggerating the claim of bad system health.\n","ACR-084":"There is no way for consumer to stop the pop-up ads, urging upsells to the paid version.\n","ACR-016":"internal ad (doesn't meet qualifications for an offer) for \"Internet Security\" directly installs when pressing \"Install Internet Security\".\n","ACR-059":"Internal offers read as ads and not offers.\n"},"nonDeceptorViolations":{"ACR-065":"Internal offers don't have links to EULA and Privacy policy. Product selection page has misleading (unclickable) link to \"Advanced Buyer Protection Policy\"\nMissing EULA and privacy links on \"About\" page.\n","ACR-098":"Once initial scan is run, there is no way for the consumer to re-initiate a scan.\n","ACR-160":"Call center is not certified, and not self-certified\n","ACR-169":"Many examples of bad affiliates leading to landing page; landing page does not acknowledge this.\n","ACR-058":"Main landing page does not disclose that this app must be purchased\n","ACR-159":"landing page is not clear that payment is required for consumer to obtain functionality\n","ACR-003":"Popups with summary status don't show subcategory breakdown\nSummary \"score\" does not show consumer how it was calculated, and is misleading without that detail adjacent.\nIt is very difficult for the consumer to figure out how to navigate to the details of what has been called out, which makes the claims unsubstantiated.\nClaiming that no Antivirus is \"serious\" without mentioning the built-in antivirus capabilites of OSX is exaggerating the claim of bad system health.\n","ACR-059":"Internal offers read as ads and not offers.\n","ACR-016":"Ad on EULA page downloads app without a full offer/landing page\n"},"samples":[{"isRevoked":"False","fileName":"MacKeeper.3.16.19.dmg","isInstaller":"True","companyName":"KROMTECH ALLIANCE CORP.","productName":"MacKeeper","productVersion":"3.16.19","fileVersion":"3.16.19","hashMD5":"ad9432d2e62886806ee09f637464dca4","hashSHA1":"af72c1856219b985a7da044ecbdddb364941b2b4","hashSHA256":"57eaf9d755b9929b181263af7f028dc2a0b75b1436851f02bf449d72f6b1a362","digitalCertThumbprint":"6E9532A675132B426F06F736EDD51177F08B1E35","digitalCertIssuer":"Developer ID Installer: KROMTECH ALLIANCE CORP. (64424ZBYX5)","digitalCertIssuedTo":"Developer ID Installer: KROMTECH ALLIANCE CORP. (64424ZBYX5)","sourceIndex":"3794","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliatetracking","reference":"","landingPage":"http://www.mackeeper.com","ipv4":"","ipv6":"","sourceIndex":"3794"}],"sampleFiles":[],"imageFiles":["171113/D-MacKeeper-170813/3.16.8/Images/ACR-003/ACR-003 no way to ignore for calculation.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-003/ACR-003 summary status doesn't show how score was calcuated.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-016/ACR-016 launch dowload from ad.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-059/ACR-016 launch dowload from ad.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-016/ACR-065 internal offers need eula.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-059/ACR-016 launch dowload from ad.png"],"nonDeceptorImageFiles":["171113/D-MacKeeper-170813/3.16.8/Images/ACR-065/ACR-065 internal offers need eula.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-065/ACR-065 unclickable returns policy.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-016/ACR-065 internal offers need eula.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-065/ACR-065 missing eula and privacy links.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-160/ACR-160 call center not certified nor self-certified.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-169/ACR-169 affiliate program.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-058/ACR-159 not clear payment required.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-058/ACR-159 not clear payment required.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-159/ACR-159 example of not being able to clean without activation.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-159/ACR-159 not clear payment required.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-003/ACR-003 no way to ignore for calculation.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-003/ACR-003 summary status doesn't show how score was calcuated.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-059/ACR-016 launch dowload from ad.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-016/ACR-016 launch dowload from ad.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-059/ACR-016 launch dowload from ad.png","171113/D-MacKeeper-170813/3.16.8/Images/ACR-016/ACR-065 internal offers need eula.png"],"guid":"f24ce79a-6173-4412-8dea-ecb74fc2d81d_3.16.8_1","appID":"D-MacKeeper-170813","dateAdded":"171113","deceptorType":"App","name":"MacKeeper","company":"Kromtech Alliance Corp ","version":"3.16.8","sigName":"Deceptor:MacOS/MacKeeper!003","firstVendorContactDate":"171115","firstAppEsteemReplyDate":"171115","firstResolvedDate":"171221","firstResolvedVersion":"3.19.15","resolved":"TRUE","lastKnownStatus":"NonCertified:3.19.15","lastKnownDate":"171221","type":"MacOS App","category":"SysTools & Utilities","targetOS":"MacOS","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-02-15T00:17:57.5876333+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2700},{"violations":{"ACR-042":"Reimage Protector is installed without disclosure and get permission through explicit user action.\n","ACR-003":"Application exaggerates \"Shared DLL\", Junk files as an errors without details, thereby misleading or scaring the user to take action\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"One-to-one interactive technical support is offered during uninstall. There is no disclosure about additional offer may be made during phone call support.  \n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to webpage that shows the EULA and privacy policy information.\n","ACR-161":"The application's internal offer webpage has testimonials that has no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The application uninstall screen provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-099":"Uninstall information is not clearly identifiable after the app has been installed.\n","ACR-171":"The application's internal offer webpage has an additional offer option pre-selected.\n","ACR-003":"Application exaggerates \"Shared DLL\", Junk files as an errors without details, thereby misleading or scaring the user to take action\n","ACR-168":"One-to-one interactive technical support is offered during uninstall. There is no disclosure about additional offer may be made during phone call support.  \n"},"samples":[{"isRevoked":"False","fileName":"ReimageExpress.exe","isInstaller":"True","companyName":"Reimage«","productName":"Reimage Express","productVersion":"1.043","fileVersion":"1.043","hashMD5":"1a35501d6ce730abdfac2efbf62db5b5","hashSHA1":"e63b8e19afabd43c52fdfbb68e62ea28adb0c75a","hashSHA256":"32041c5e4a2976f606843eb4d58225c002048ff6e7cc787c987fe8b4a7a13183","digitalCertThumbprint":"DB5F9D0E08A8B48297CF848935FA4526251F631C","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Reimage Limited","sourceIndex":"3755","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.google.com","landingPage":"http://www.reimage-express.com/","directDownloadingLink":"https://cdnrep.reimage.com/re/b/ReimageExpress.exe","ipv4":"","ipv6":"","sourceIndex":"3755"}],"sampleFiles":[],"imageFiles":["171113/ReimageExpress-171030/1.0.4.3/Images/ACR-042/ACR-042_INSTALL_SCREENSHOT_2.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-003/ReimageExpress_Exaggerated.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-003/ReimageExpress_NoDetails2.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-003/ReimageExpress_Nodetails.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-084/ACR-084_SOFTWARE.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-168/ReimageExpressPhoneCall.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-118/ACR-118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["171113/ReimageExpress-171030/1.0.4.3/Images/ACR-161/ACR-161_INTERNAL_OFFERS.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-163/ACR-163_UNINSTALL.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-171/ACR-171_INTERNAL_OFFERS.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-003/ReimageExpress_Exaggerated.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-003/ReimageExpress_NoDetails2.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-003/ReimageExpress_Nodetails.PNG","171113/ReimageExpress-171030/1.0.4.3/Images/ACR-168/ReimageExpressPhoneCall.PNG"],"guid":"c2379beb-1bb3-47f2-a78a-204850a003b2_1.0.4.3_1","appID":"ReimageExpress-171030","dateAdded":"171113","deceptorType":"App","name":"Reimage Express","company":"Reimage, Inc.","version":"1.0.4.3","sigName":"Deceptor:Win32/ReimageExpress!003042168118","firstResolvedVersion":"App stops distributing and homepage shutdown","resolved":"TRUE","lastKnownStatus":"Deceptor: 1.043 ","lastKnownDate":"171113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2018-02-15T00:26:28.5749065+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2698},{"violations":{"ACR-003":"The app exaggerates \"Shared DLL\" and \"Registry Keys\" as a problems and portrays the importance as a \"HIGH\" system impact issue, thereby misleading or scaring consumer to take action \n","ACR-084":"The app runs silently in the background, hiding the fact that it is active from the consumer.\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"nonDeceptorViolations":{"ACR-003":"The app exaggerates \"Shared DLL\" and \"Registry Keys\" as a problems and portrays the importance as a \"HIGH\" system impact issue, thereby misleading or scaring consumer to take action \n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"FIXIO_PC_Cleaner_2015_Installer.exe","isInstaller":"True","companyName":"LULU Software Limited","productName":"FIXIO PC Cleaner Installer","productVersion":"1.0.0.236","fileVersion":"1.0.0.236","hashMD5":"3547a6212c6ed1e8f45b4402daa08bb6","hashSHA1":"0568f1511065631d27f9e899411f01eb816a6140","hashSHA256":"124b99a3ca26466ef666fd5a9fc97d6d6f4877c548307b675171930affe2506a","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"3757","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"http://fixio.com/","directDownloadingLink":"http://fixio.com/gettrial.aspx","ipv4":"","ipv6":"","sourceIndex":"3757"}],"sampleFiles":[],"imageFiles":["171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_Items_As_Problems.JPG","171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_Items_As_Problems.mp4","171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_Items_As_Problems1.JPG","171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-084/ACR-084_Software_Runs_Silently_In_The_Background.JPG","171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-084/ACR-084_Software_Runs_Silently_In_The_Background.mp4","171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-168/ACR-168_InternalOffers_Didn't_Disclose_Additional_Offers_Are_Applicable.JPG"],"nonDeceptorImageFiles":["171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_Items_As_Problems.JPG","171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_Items_As_Problems.mp4","171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-003/ACR-003_Software_Exaggerates_Identified_Items_As_Problems1.JPG","171108/D-K7-FIXIOPCCleaner-171108/1.0.0.236/Images/ACR-168/ACR-168_InternalOffers_Didn't_Disclose_Additional_Offers_Are_Applicable.JPG"],"guid":"714a845b-1436-43fe-8b7e-a7acb7a231c1_1.0.0.236_1","appID":"D-K7-FIXIOPCCleaner-171108","dateAdded":"171108","deceptorType":"App","name":"FIXIO PC Cleaner","company":"LULU Software Limited","version":"1.0.0.236","sigName":"Deceptor:Win32/FIXIOPCCleaner!003084168","firstVendorContactDate":"171122","firstAppEsteemReplyDate":"171122","firstResolvedDate":"171127","firstResolvedVersion":"app shutdown: retired app and not developing and distributing by vendor anymore . Took down softonic page.","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.236","lastKnownDate":"171108","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid, call center","lastUpdate":"2018-02-15T00:26:27.5411578+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2703},{"violations":{"ACR-003":"Raise urgency for user to take action by using exaggerated issue count without details. For example reporting Junk files without details, reporting invalid registry key items as problem to system.\n","ACR-017":"Certifications and endorsements were implied that don't apply to the app. The endorsement logos are not clickable for more details for user to verify.\n","ACR-084":"App scheduler is turn off in the the software but is running in windows task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing uninstall link\n","ACR-161":" Quotes Included from external sources can't be verified. Quotes are not clickable. \n","ACR-099":"Application is missing an uninstall link.\n"},"samples":[{"isRevoked":"False","fileName":"SpeedMaxPc.exe","isInstaller":"True","companyName":"MaxTuneUp LLC","productName":"SpeedMaxPc","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"61ec304023c79b65fec63cf816254dca","hashSHA1":"2f0e9f5135e1ba3f8940ed18318bc594ac0dd307","hashSHA256":"e318d9433ffa6de3dc501d950ce4193c40bbb822293319cb05613ad3ae5d3c7d","digitalCertThumbprint":"7B59634EC13D5EDDE351CF7D56FA8EB2E605A52E","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"MaxTuneUp LLC","sourceIndex":"3344","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search ","reference":"","landingPage":"http://speedmaxpc.com/","directDownloadingLink":"http://smp.speedmaxpc.com/download.php?affid=smp&dl=speedmaxpc.exe","ipv4":"","ipv6":"","sourceIndex":"3344"}],"sampleFiles":[],"imageFiles":["171107/SpeedMaxPc-171005/1.0.0.3/Images/ACR-017/acr_017.PNG","171107/SpeedMaxPc-171005/1.0.0.3/Images/ACR-017/acr_017_.PNG","171107/SpeedMaxPc-171005/1.0.0.3/Images/ACR-003/SpeedMaxPC_ACR_003.PNG","171107/SpeedMaxPc-171005/1.0.0.3/Images/ACR-003/SpeedMaxPC_ACR_003_2.PNG","171107/SpeedMaxPc-171005/1.0.0.3/Images/ACR-084/acr_084_software.PNG"],"nonDeceptorImageFiles":["171107/SpeedMaxPc-171005/1.0.0.3/Images/ACR-161/acr_161.PNG"],"guid":"fe1ebcd2-834e-4a35-8d0a-5fbed7fba44c_1.0.0.3_1","appID":"SpeedMaxPc-171005","dateAdded":"171107","deceptorType":"App","name":"SpeedMaxPc","company":"MaxTuneUp LLC","version":"1.0.0.3","sigName":"Deceptor:Win32/SpeedMaxPC!003017084","lastKnownStatus":"Deceptor: 1.0.0.3","lastKnownDate":"171106","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-22T00:21:47.8312076+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2704},{"violations":{"ACR-003":"","ACR-084":"App creates scheduled task to scan system while showing there is no scheduled tasks configured in its setting section.\n"},"nonDeceptorViolations":{"ACR-065":"The installation has no link to the privacy policy \nThe application has no link to EULA or Privacy Policy information \n","ACR-170":"The application only allows issues to be repaired if purchased or registered \n","ACR-003":""},"samples":[{"isRevoked":"False","fileName":"yodot-speedup-pc.exe","isInstaller":"True","companyName":"Versacor Offshore Software Private Limited","productName":"Yodot Speed Up PC","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"6d6bff8b21e05e535bbd71164c0262b5","hashSHA1":"e3359f75d30cdac6ec52358c95d4c4cf63fb07ba","hashSHA256":"f2f37969c1d587f738d9db757389d233b36551796a90598eec685370ba46e2ac","digitalCertThumbprint":"D22B77B18C2C3318D726439474EB05F555216F9A","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Versacor Offshore Software Private Limited","sourceIndex":"3778","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"yodot-speedup-pc.exe","isInstaller":"True","companyName":"Yodot Software","productName":"Yodot Speed Up PC","productVersion":"1.0.0.5","fileVersion":"1.0.0.5","hashMD5":"43a8ed24e818acedf0618c356e99c3e4","hashSHA1":"98275f2c0414acf361f6a09285eb687731c5894a","hashSHA256":"201aefaccb91649b19165361f6e3d0f9b3a52a4e017c0a3d40ad8d531a5ee73b","digitalCertThumbprint":"D22B77B18C2C3318D726439474EB05F555216F9A","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Versacor Offshore Software Private Limited","sourceIndex":"3778","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com","landingPage":"https://www.yodot.com/speed-up-pc/","directDownloadingLink":"https://f106c2fdc37239d65fa2-3e4b8066b303917e64532803215a9d58.ssl.cf2.rackcdn.com/yodot-speedup-pc.exe","ipv4":"","ipv6":"","sourceIndex":"3778"}],"sampleFiles":[],"imageFiles":["171106/Yodot Speed Up PC-171005/1.0.0.1/Images/ACR-003/ACR-003_SOFTWARE.PNG","171106/Yodot Speed Up PC-171005/1.0.0.1/Images/ACR-084/ACR-084_SOFTWARE_SCREENSHOT_1.PNG","171106/Yodot Speed Up PC-171005/1.0.0.1/Images/ACR-084/ACR-084_SOFTWARE_SCREENSHOT_2.PNG"],"nonDeceptorImageFiles":["171106/Yodot Speed Up PC-171005/1.0.0.1/Images/ACR-065/ACR-065_INSTALL.PNG","171106/Yodot Speed Up PC-171005/1.0.0.1/Images/ACR-065/ACR-065_SOFTWARE_ABOUT_PAGE.PNG","171106/Yodot Speed Up PC-171005/1.0.0.1/Images/ACR-170/ACR-170_SOFTWARE_APPLICATION_HAS_TO_BE_PURCHASED_TO_FIX_ISSUES.mp4","171106/Yodot Speed Up PC-171005/1.0.0.1/Images/ACR-099/ACR-099_SOFTWARE.PNG","171106/Yodot Speed Up PC-171005/1.0.0.1/Images/ACR-003/ACR-003_SOFTWARE.PNG"],"guid":"2a1abe59-1bdc-418f-a927-c92ce84b6395_1.0.0.1_1","appID":"Yodot Speed Up PC-171005","dateAdded":"171106","deceptorType":"App","name":"Yodot Speed Up PC","company":"© Yodot Software, All Rights Reserved","version":"1.0.0.1","sigName":"Deceptor:Win32/YodotSpeedUpPC!003084","firstVendorContactDate":"171102","firstAppEsteemReplyDate":"171102","firstResolvedDate":"171106","firstResolvedVersion":"1.0.0.7","resolved":"TRUE","lastKnownStatus":"Deceptor: 1.0.0.1","lastKnownDate":"171005","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:22:27.1418868+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2705},{"violations":{"ACR-003":"Raise urgency for user to take action by using exaggerated issue count without details. For example 246 Junk files reported without details.\n","ACR-017":"App included not relevant logo to imply the endorsement which doesn't apply to app itself.  \n","ACR-084":"Scheduled task won't be removed after user set no schedule task in setting page\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"remo-optimizer.exe","isInstaller":"True","companyName":"Remo Software","productName":"Remo Optimizer Downloader","productVersion":"2.0.1.147","fileVersion":"2.0.1.147","hashMD5":"bc41dd336a3d592ec44c928595fe4f35","hashSHA1":"e0f43618d87d6c22c94180d6a9b03a72345a47ed","hashSHA256":"0c9fdc4c876a2f1fbb67b8e1e10fd68e6e3dbe5c71971ec99267a6b8184d4765","digitalCertThumbprint":"7D326D334C97A4E0751C00D34968A2EE2181E912","digitalCertIssuer":"Remo Software Private Limited","digitalCertIssuedTo":"Remo Software Private Limited","sourceIndex":"3711","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"remo-optimizer_30.exe","isInstaller":"True","companyName":"Remo Software","productName":"Remo Optimizer Downloader","productVersion":"3.0.0.1","fileVersion":"3.0.0.1","hashMD5":"63fb011282780c89506cbee95b82ff2e","hashSHA1":"0ac4f271120256b4d2f54e91f33d0f9ba3eff8b1","hashSHA256":"a2e5130f19ad2f3e25b927e910f73bf685c35802bc5f3a79fe8b23a5d8cfbb1b","digitalCertThumbprint":"7d326d334c97a4e0751c00d34968a2ee2181e912","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Remo Software Private Limited","sourceIndex":"3711","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Onboarding.Callcenter","reference":"App supported by call center ATS","landingPage":"http://www.remooptimizer.com/","directDownloadingLink":"http://www.remooptimizer.com/free-download/remo-optimizer.exe","ipv4":"","ipv6":"","sourceIndex":"3711"}],"sampleFiles":["171106/D-RemoOptimizer-170611/2.0.1.148/Samples/remo-optimizer.exe","171106/D-RemoOptimizer-170611/2.0.1.148/Samples/remo-optimizer_30.exe"],"imageFiles":["171106/D-RemoOptimizer-170611/2.0.1.148/Images/ACR-017/REMO_30.PNG","171106/D-RemoOptimizer-170611/2.0.1.148/Images/ACR-003/ACR-003_Software_IssuesQuiteExxagerating.mp4","171106/D-RemoOptimizer-170611/2.0.1.148/Images/ACR-003/ACR-003_Software_IssuesQuiteExxagerating_1.JPG","171106/D-RemoOptimizer-170611/2.0.1.148/Images/ACR-003/ACR-003_Software_IssuesQuiteExxagerating_2.JPG","171106/D-RemoOptimizer-170611/2.0.1.148/Images/ACR-003/REMO_30_JunkFileNoDetails.PNG","171106/D-RemoOptimizer-170611/2.0.1.148/Images/ACR-003/RemoOptimizerExaggeratedIssueCount.PNG","171106/D-RemoOptimizer-170611/2.0.1.148/Images/ACR-084/REMO_ScheduledTask.PNG","171106/D-RemoOptimizer-170611/2.0.1.148/Images/ACR-084/RemoOptimizerScheduledTask.PNG"],"nonDeceptorImageFiles":[],"guid":"95eab35c-93de-4e03-9b99-a1bf30e8386b_2.0.1.148_1","appID":"D-RemoOptimizer-170611","dateAdded":"171106","deceptorType":"App","name":"RemoOptimizer","company":"Remo Software","version":"2.0.1.148","sigName":"Deceptor:Win32/RemoOptimizer!003084017","firstVendorContactDate":"171107","firstAppEsteemReplyDate":"171107","firstResolvedDate":"171108","firstResolvedVersion":"3.0.0.3","resolved":"TRUE","lastKnownStatus":"Deceptor: 2.0.1.148 ; 2.0.1.150 ; 3.0.0.1","lastKnownDate":"171106","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:36:58.0240902+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2706},{"violations":{"ACR-003":"Exaggerated claims system health, for example, reporting identified browser history records, windows temp files as threat.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying unverifiable endorsements.\n","ACR-084":"Scheduler is turn off in the app but is running in task scheduler.\n"},"nonDeceptorViolations":{"ACR-065":"Missing Privacy policies link in install window. \nMissing Privacy policies and Eula link in software page.\n","ACR-163":"App requires one to one interaction in order to obtain a refund,activate or receive support.\n","ACR-099":"No uninstall link listed on Lading Page.\nNo uninstall link listed in software page.\n","ACR-120":"The same app was Re-Advertised with a lower price which would be confusing for the consumer and would make the consumer feel misled earlier.\n","ACR-166":"The app's license renewal is not presented to user as an opt in offer during purchase. \n","ACR-171":"Offers that has recurring payments have to be opt-out.\n","ACR-003":"Exaggerated claims system health, for example, reporting identified browser history records, windows temp files as threat.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying unverifiable endorsements.\n"},"samples":[{"isRevoked":"False","fileName":"Safebytes Security Suite.exe","isInstaller":"True","companyName":"SafeBytes Software Inc.","productName":"Safebytes Security Suite","productVersion":"3.3.7.0","fileVersion":"3.3.7.0","hashMD5":"baef36c9c3438db84e9e87b06459f891","hashSHA1":"6b8375f2cfca5e697dbf7f13e71a4cc1161fce8f","hashSHA256":"18234d6a2164a7f12916235e633c4b6dac6c29ea2e1ab3a9d7ae69858d225d27","digitalCertThumbprint":"E8A1F90F188A3B30E824644D1550398BC40EB894","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Safebytes Software Inc.","sourceIndex":"3759","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"https://safebytes.com/products/safebytes-security-suite/","directDownloadingLink":"https://safebytes.com/downloads/SafeBytesSecuritySuiteSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3759"}],"sampleFiles":["171103/SafeBtyes Security Suite-171003/3.3.7/Samples/SafeBytesSecuritySuiteSetup.exe"],"imageFiles":["171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-003/SafeBytesSecuritySuiteThreatReport.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-017/SafeBytesSecuritySuiteunverifiableendorsements.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-065/Missing_Privacy_policies.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-065/acr_065.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-163/acr_163.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-099/acr_099_landing_page.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-099/acr_099.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-120/after_trying_to_uninstall.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-166/SafeBytesSecurityRenewPayment.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-171/SafeBytesSecurityRenewPayment.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-171/acr_171_internal_offers.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-003/SafeBytesSecuritySuiteThreatReport.PNG","171103/SafeBtyes Security Suite-171003/3.3.7/Images/ACR-017/SafeBytesSecuritySuiteunverifiableendorsements.PNG"],"guid":"f68a6f3d-c3e1-4ed1-b759-78689685c3bf_3.3.7_1","appID":"SafeBtyes Security Suite-171003","dateAdded":"171103","deceptorType":"App","name":"Safebytes Security Suite","company":"Safebytes Software Inc.","version":"3.3.7","sigName":"Deceptor:Win32/SafeBytesSecuritySuite!003017084","firstVendorContactDate":"171027","firstAppEsteemReplyDate":"171027","firstResolvedDate":"171103","firstResolvedVersion":"3.4.2","resolved":"TRUE","lastKnownStatus":"Deceptor: 3.3.7","lastKnownDate":"171003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-02-15T00:25:57.4233418+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2707},{"violations":{"ACR-042":"Consumer was not told that the software \"Get Tech Support/My Phone Support\" would be installed on the computer\n","ACR-043":"No disclosure that the software \"Get Tech Support/My Phone Support\" would be installed on the computer.\n","ACR-003":"App uses color gradient to over emphasize the issues to raise urgency of fixing issues, misleads consumer to take action.\n","ACR-007":"Misleading consumer with not verified partner logo, awards, certification marks.\n","ACR-017":"Misleading consumer with not verified partner logo\nMisleading consumer with not verified partner logo, awards, certification marks.\n","ACR-168":"No disclosure about additional offers may be applied if the consumer call the toll free number\n","ACR-118":"The app leaves the application behind called \"MFPCReminder\" after uninstalling\n"},"nonDeceptorViolations":{"ACR-157":"","ACR-160":"unable to verify if company is a verified call center at this time please review \n\n","ACR-167":"App specifies they have a 30 day money back satisfaction guarantee but is stating that the My Faster PC is non-refundable in the Billing Policy and EULA\n","ACR-003":"App uses color gradient to over emphasize the issues to raise urgency of fixing issues, misleads consumer to take action.\n","ACR-007":"Misleading consumer with not verified partner logo, awards, certification marks.\n","ACR-017":"Misleading consumer with not verified partner logo\nMisleading consumer with not verified partner logo, awards, certification marks.\n","ACR-168":"No disclosure about additional offers may be applied if the consumer call the toll free number\n"},"samples":[{"isRevoked":"False","fileName":"Install My Faster PC.exe","isInstaller":"True","companyName":"Consumer Software International LLC","productName":"My Faster PC","productVersion":"7.4","fileVersion":"0.0.0.0","hashMD5":"eafbb81bebb7ad1897e6e7b15fbbf7ac","hashSHA1":"4b916a9493a9f7341cb45f301cead9f117c40c81","hashSHA256":"5cb5e831812519689658a572c5bde36a75892802acca7d1c4b13aa9ff35b7996","digitalCertThumbprint":"6A53569E048ED50057EC9CC82693F21B45174041","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Consumer Software International","sourceIndex":"3760","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"webcrawler search","landingPage":"http://myfasterpc.com/repair/","directDownloadingLink":"http://www.myfasterpc.com/d/7.4/Install%20My%20Faster%20PC.exe","ipv4":"","ipv6":"","sourceIndex":"3760"}],"sampleFiles":["171103/MyFasterPC-170921/7.4.0.21/Samples/Install%20My%20Faster%20PC.exe"],"imageFiles":["171103/MyFasterPC-170921/7.4.0.21/Images/ACR-042/ACR -- 042.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-042/ACR -- 042.PNG (2).PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-042/ACR -- 042.PNG (3).PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-043/043.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-043/acr 043 (1).PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-003/ACR 003.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-007/ACR 007.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-017/ACR 017 Docs.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-017/ACR 017 Landing Page.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-168/ACR-168.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-118/Capture tf.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-118/Capturejfv.PNG"],"nonDeceptorImageFiles":["171103/MyFasterPC-170921/7.4.0.21/Images/ACR-170/ACR-170.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-120/ACR 120.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-167/30 days guarantee order page.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-167/ACR 167.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-167/Policy and 30 Days Refund Policy.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-003/ACR 003.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-007/ACR 007.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-017/ACR 017 Docs.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-017/ACR 017 Landing Page.PNG","171103/MyFasterPC-170921/7.4.0.21/Images/ACR-168/ACR-168.PNG"],"guid":"9552a130-de60-4bc0-ba66-a987ecf10241_7.4.0.21_1","appID":"MyFasterPC-170921","dateAdded":"171103","deceptorType":"App","name":"MyFasterPC","company":"Consumer Software International, LLC","version":"7.4.0.21","sigName":"Deceptor:Win32/MyFasterPC!042043003168118","firstVendorContactDate":"171009","firstAppEsteemReplyDate":"171009","firstResolvedDate":"171102","firstResolvedVersion":"7.4.1.23","resolved":"TRUE","lastKnownStatus":"Deceptor: 7.4.0.21","lastKnownDate":"210308","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows 7\",\"Windows 8\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"call center\",\"up-sell to paid\",\"paid\"]","lastUpdate":"2021-03-08T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2708},{"violations":{"ACR-017":"The app elevates its user trust level by displaying misleading endorsement. \"Norton secured\" logo is for website that is being secured by Symantec SSL Certificate, it doesn't apply to application.\n","ACR-168":"The application displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"nonDeceptorViolations":{"ACR-017":"The app elevates its user trust level by displaying misleading endorsement. \"Norton secured\" logo is for website that is being secured by Symantec SSL Certificate, it doesn't apply to application.\n","ACR-168":"The application displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"pc-booster-setup.exe","isInstaller":"True","companyName":"TweakBit","productName":"TweakBit PCBooster","productVersion":"1.8.2.5","fileVersion":"1.8.2.5","hashMD5":"6800caf6c1b741557e6cd00471d96a05","hashSHA1":"e7db101a03581b5f574dffda1cabd72d2be43de0","hashSHA256":"3897418b8059da69af391c3a5e407c1e3a2e130791cfae6f2d195ad0ffbf70b8","digitalCertThumbprint":"4504B0BC1E162E34124E03923BE03009A7518CB8","digitalCertIssuer":"Auslogics Labs Pty Ltd","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"3729","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"https://tweakbit.com/pc-booster/","ipv4":"","ipv6":"","sourceIndex":"3729"}],"sampleFiles":["171103/D-PCBooster-170829/1.8.2.5/Samples/pc-booster-setup.exe"],"imageFiles":["171103/D-PCBooster-170829/1.8.2.5/Images/ACR-017/ACR-017_Install_Norton_Seal.JPG","171103/D-PCBooster-170829/1.8.2.5/Images/ACR-017/ACR-017_Install_Norton_Seal.mp4","171103/D-PCBooster-170829/1.8.2.5/Images/ACR-168/ACR-168_Software_Support_Number.JPG"],"nonDeceptorImageFiles":["171103/D-PCBooster-170829/1.8.2.5/Images/ACR-017/ACR-017_Install_Norton_Seal.JPG","171103/D-PCBooster-170829/1.8.2.5/Images/ACR-017/ACR-017_Install_Norton_Seal.mp4","171103/D-PCBooster-170829/1.8.2.5/Images/ACR-168/ACR-168_Software_Support_Number.JPG"],"guid":"c035edd4-ea9b-4d9f-abac-4826a6acee26_1.8.2.5_1","appID":"D-PCBooster-170829","dateAdded":"171103","deceptorType":"App","name":"TweakBit PCBooster","company":"TweakBit","version":"1.8.2.5","sigName":"Deceptor:Win32/PCBooster!017168","firstVendorContactDate":"171017","firstAppEsteemReplyDate":"171017","firstResolvedDate":"171026","firstResolvedVersion":"1.8.2.8","resolved":"TRUE","lastKnownStatus":"Deceptor: 1.8.2.5","lastKnownDate":"170913","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 10\",\"Windows 8\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\"]","lastUpdate":"2018-02-15T00:31:27.1310319+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2710},{"violations":{"ACR-003":"1.The app reports identified issues with exaggerated numbers, thereby misleading or scaring the consumer to take action.\n2.The app exaggerates \"Recent Documents\", \"History\", \"Start Menu History\", etc.. as \"Threat\", thereby misleading or scaring the consumer to take action.\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the cosumer.\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which allows the consumer to make an informed decision whether to accept or decline the offer.\n"},"nonDeceptorViolations":{"ACR-003":"1.The app reports identified issues with exaggerated numbers, thereby misleading or scaring the consumer to take action.\n2.The app exaggerates \"Recent Documents\", \"History\", \"Start Menu History\", etc.. as \"Threat\", thereby misleading or scaring the consumer to take action.\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the cosumer.\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which allows the consumer to make an informed decision whether to accept or decline the offer.\n"},"samples":[{"isRevoked":"False","fileName":"pc-suite-setup.exe","isInstaller":"True","companyName":"TweakBit","productName":"TweakBit PCSuite 9","productVersion":"9.1.2.0","fileVersion":"9.1.2.0","hashMD5":"7558b58894dd87ffc6c67f73b2c42d80","hashSHA1":"bd9701edf0d8e6b24806a49b44a9b30f031ea187","hashSHA256":"29a733370781eaca30469779ec96fc8de7cfde4c02fda32479cf97aac6b91336","digitalCertThumbprint":"17EE7405669A017A96D2654D75C96E1F3DA96C19","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"3761","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"tweakbit pc-suite-setup.exe","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"TweakBit PCSuite 9","productVersion":"9.1.2.0","fileVersion":"9.1.2.0","hashMD5":"7aa9551458c643fc7d46d75a9a67adac","hashSHA1":"ccc6ac67bbf22bb401884007532a22fa95883b07","hashSHA256":"4b081576bf62d5505f8953adc8b8f60bc949b8e4ad937fa1f7acad206ad6c4e7","digitalCertThumbprint":"17EE7405669A017A96D2654D75C96E1F3DA96C19","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"3761","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Auslogic/Tweakbit","landingPage":"https://www.tweakbit.com/pc-suite/","ipv4":"","ipv6":"","sourceIndex":"3761"}],"sampleFiles":["171103/D-PCSuite-170912/9.1.2.0/Samples/pc-suite-setup.exe","https://appesteemstorage.blob.core.windows.net/downloads/AppQueue/DeceptorReview/D-PCSuite-170912/9.1.2.0/pc-suite-setup%20(1).exe"],"imageFiles":["171103/D-PCSuite-170912/9.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_As_Threat.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Number_Of_Threat.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Number_Of_Threat.mp4","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Numbers.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-168/ACR-168_Internal_Offer_Support_Number.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-168/ACR-168_Software_Phone_Number.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-168/ACR-168_Software_Phone_Number.mp4","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-168/ACR-168_Software_Support_Number.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-016/ACR-016_Ads_Inside_App_Direct_Download.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-016/ACR-016_Ads_Inside_App_Direct_Download.mp4"],"nonDeceptorImageFiles":["171103/D-PCSuite-170912/9.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_As_Threat.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Number_Of_Threat.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Number_Of_Threat.mp4","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Numbers.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-168/ACR-168_Internal_Offer_Support_Number.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-168/ACR-168_Software_Phone_Number.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-168/ACR-168_Software_Phone_Number.mp4","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-168/ACR-168_Software_Support_Number.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-016/ACR-016_Ads_Inside_App_Direct_Download.JPG","171103/D-PCSuite-170912/9.1.2.0/Images/ACR-016/ACR-016_Ads_Inside_App_Direct_Download.mp4"],"guid":"3333ae88-7191-4d00-9252-12f92a101528_9.1.2.0_1","appID":"D-PCSuite-170912","dateAdded":"171103","deceptorType":"App","name":"TweakBit PCSuite 9","company":"TweakBit","version":"9.1.2.0","sigName":"Deceptor:Win32/PCSuite!003016168","firstVendorContactDate":"171017","firstAppEsteemReplyDate":"171017","firstResolvedDate":"171103","firstResolvedVersion":"9.2.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:9.1.2.0","lastKnownDate":"170912","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2018-02-15T00:25:56.9067942+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2709},{"violations":{"ACR-003":"App exaggerates system healthy condition. Shared DLL invalid registry keys, empty registry keys,missing shortcuts are listed as \"errors\".\n","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"PC Booster Energizertech Ltd","hashMD5":"3d7ac77f134d49bda883edd76c354ab2","hashSHA1":"a0ff067bf2116ac3a5aa23071e84691a4f8b0822","hashSHA256":"b89462d2ae80cee8c8ba224b4e98652284fc9531c30d4bb9bf88e5a21ceacad9","digitalCertThumbprint":"0742B3737EBBDDDB11889C1F6E358DCF16DE9A1C","sourceIndex":"3345","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PC Booster Energizertech Ltd","hashMD5":"adc4891c69c82af55e1b3b179e215584","hashSHA1":"4c0e23bba69569da68bbdb4ad7770bc8431e4c54","hashSHA256":"721345015897d0694188b10ecf98eb9eee414ba476bd938bad0f8438bd11e477","digitalCertThumbprint":"0742b3737ebbdddb11889c1f6e358dcf16de9a1c","sourceIndex":"3345","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PC Booster","productName":"PC Booster","productVersion":"2.0.5.0","fileVersion":"2.0.5.0","hashMD5":"1b92dabff71b8bd6f39dbd23324b4b3c","hashSHA1":"6b5a5586086b166de37a92e01b9732737537a705","hashSHA256":"49180b41e22240267aa973f5ddd68c56f29bea618f9ebd4f47472637dd7796ce","digitalCertThumbprint":"0742b3737ebbdddb11889c1f6e358dcf16de9a1c","sourceIndex":"3345","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PC Booster","productName":"PC Booster","productVersion":"2.0.3.7","fileVersion":"2.0.3.7","hashMD5":"095a814623ee59796a1b9d7a44481cdf","hashSHA1":"5ba9cfb36518e21129ee96c15662b4c2865235fc","hashSHA256":"f670be1ad7e037b9ec87f63bf0e726064d23def39f3ab0065b294e48cd4525b1","digitalCertThumbprint":"0742b3737ebbdddb11889c1f6e358dcf16de9a1c","sourceIndex":"3345","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PC Booster Energizertech Ltd","hashMD5":"3d7ac77f134d49bda883edd76c354ab2","hashSHA1":"a0ff067bf2116ac3a5aa23071e84691a4f8b0822","hashSHA256":"b89462d2ae80cee8c8ba224b4e98652284fc9531c30d4bb9bf88e5a21ceacad9","digitalCertThumbprint":"0742B3737EBBDDDB11889C1F6E358DCF16DE9A1C","sourceIndex":"3346","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PC Booster Energizertech Ltd","hashMD5":"adc4891c69c82af55e1b3b179e215584","hashSHA1":"4c0e23bba69569da68bbdb4ad7770bc8431e4c54","hashSHA256":"721345015897d0694188b10ecf98eb9eee414ba476bd938bad0f8438bd11e477","digitalCertThumbprint":"0742b3737ebbdddb11889c1f6e358dcf16de9a1c","sourceIndex":"3346","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PC Booster","productName":"PC Booster","productVersion":"2.0.5.0","fileVersion":"2.0.5.0","hashMD5":"1b92dabff71b8bd6f39dbd23324b4b3c","hashSHA1":"6b5a5586086b166de37a92e01b9732737537a705","hashSHA256":"49180b41e22240267aa973f5ddd68c56f29bea618f9ebd4f47472637dd7796ce","digitalCertThumbprint":"0742b3737ebbdddb11889c1f6e358dcf16de9a1c","sourceIndex":"3346","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PC Booster","productName":"PC Booster","productVersion":"2.0.3.7","fileVersion":"2.0.3.7","hashMD5":"095a814623ee59796a1b9d7a44481cdf","hashSHA1":"5ba9cfb36518e21129ee96c15662b4c2865235fc","hashSHA256":"f670be1ad7e037b9ec87f63bf0e726064d23def39f3ab0065b294e48cd4525b1","digitalCertThumbprint":"0742b3737ebbdddb11889c1f6e358dcf16de9a1c","sourceIndex":"3346","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Daniel report deceptor candidate","landingPage":"http://www.pcbooster.com/repair/","directDownloadingLink":"http://files.pcbooster.com/b/PCBoosterSetup1.exe","ipv4":"104.25.17.37","sourceIndex":"3345"},{"howFound":"Hunt.PartnerReport","reference":"Daniel report deceptor candidate","landingPage":"http://www.pcbooster.com/solutions/pc-booster/","directDownloadingLink":"http://download.pcbooster.com/2015/web/PCBoosterSetup.exe","ipv4":"104.25.18.37","sourceIndex":"3346"}],"sampleFiles":[],"imageFiles":["171102/D-PCBooster-00028/2.0/Images/ACR-003/ACR-003_Software_ExaggeratedClaims1.PNG","171102/D-PCBooster-00028/2.0/Images/ACR-003/ACR-003_Software_ExaggeratedClaims2.PNG","171102/D-PCBooster-00028/2.0/Images/ACR-003/ACR-003_Software_ExaggeratedClaims3.PNG","171102/D-PCBooster-00028/2.0/Images/ACR-003/ExaggeratedErrors.JPG","171102/D-PCBooster-00028/2.0/Images/ACR-003/ExaggeratedErrors2.JPG","171102/D-PCBooster-00028/2.0/Images/ACR-168/ACR-168_LandingPage_Didn'tDiscloseAdditionalOffersMayBeApplicable.PNG","171102/D-PCBooster-00028/2.0/Images/ACR-168/ACR-168_Software_Didn'tDiscloseAdditionalOffersMayBeApplicable.PNG","171102/D-PCBooster-00028/2.0/Images/ACR-168/ACR-168_Software_OneToOneRemoteSupportWithoutProperExplanation1.PNG","171102/D-PCBooster-00028/2.0/Images/ACR-168/ACR-168_Software_OneToOneRemoteSupportWithoutProperExplanation2.PNG"],"nonDeceptorImageFiles":[],"guid":"031a3beb-a181-4de8-b764-97cf2f54a425_2.0_1","appID":"D-PCBooster-00028","dateAdded":"171102","deceptorType":"App","name":"PCBooster","company":"PC Booster Energizertech Ltd","version":"2.0","sigName":"Deceptor: Win32/PCBooster!003168","firstVendorContactDate":"180115","firstAppEsteemReplyDate":"180116","firstResolvedDate":"181211","firstResolvedVersion":"App stops distributing and homepage shutdown","resolved":"TRUE","lastKnownStatus":"Deceptor:2.0","lastKnownDate":"170403","lastUpdate":"2019-01-22T00:20:18.1307994+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2711},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"LionSea Software co. ltd","productName":"SmartPCFixer","productVersion":"5.2.0.0","hashMD5":"75b9457bb7bb3f0dcd065c67823bf743","hashSHA1":"fab7d18f71a0b78204112fc0279165e162c37a8b","hashSHA256":"7e2835cc6614749c4f46a7817181178ececefbff47b9a20b8ee6cb0e93c72dd1","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","sourceIndex":"3595","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"smartpcfix.exe","isInstaller":"True","companyName":"LionSea Software co. ltd","productName":"SmartPCFixer","productVersion":"4.2","fileVersion":"na","hashMD5":"b073e4ecb20ee8c3b3438fee7d4a208f","hashSHA1":"9e8a0feae7aa690dc2bf4dd09f639291fc05611a","hashSHA256":"f00432788f14910d432132a22da7e6a2252c6f44f0cb6b0622044fd9937dda4b","digitalCertThumbprint":"6537B50F8404D3C5A98EF9084415B145DA652757","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3596","avBlockList":["Avast Premium Security (20210617)","AVG Internet Security (20210617)","Avira Internet Security (20210617)","Bitdefender Internet Security (20210617)","COMODO Antivirus (20210617)","Dr.Web Security Space (20210617)","ESET Internet Security (20210617)","G DATA INTERNET SECURITY (20210617)","K7 Total Security (20210617)","Kaspersky Internet Security (20210617)","Malwarebytes Premium (20210617)","McAfee Total Protection (20210617)","Norton Security (20210617)","Panda Dome (20210617)","Sophos Home Premium (20210617)","SpyHunter5 (20210617)","Tencent PC Manager (20210617)","Total AV Antivirus Pro (20210617)","Trend Micro Internet Security (20210617)","VIPRE Advanced Security (20210617)","VirIT eXplorer PRO (20210617)","Webroot SecureAnywhere (20210617)","Windows Defender (20210617)"],"avAllowList":["360 Total Security (20210617)","Quick Heal Internet Security (20210617)"]},{"isRevoked":"False","isInstaller":"True","companyName":"LionSea Software co. ltd","productName":"SmartPCFixer","productVersion":"5.2.0.0","hashMD5":"75b9457bb7bb3f0dcd065c67823bf743","hashSHA1":"fab7d18f71a0b78204112fc0279165e162c37a8b","hashSHA256":"7e2835cc6614749c4f46a7817181178ececefbff47b9a20b8ee6cb0e93c72dd1","digitalCertThumbprint":"90C0FBE6FA521B7F0789E349B0F367B3C7D4AA95","sourceIndex":"3596","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Yahoo search \"PC Keep Clean\"","landingPage":"http://www.smartpcfixer.com/","directDownloadingLink":"http://www.smartpcfixer.com/download/setup.exe","ipv4":"173.192.57.82","sourceIndex":"3595"},{"howFound":"Hunt.Advertising","reference":"Yahoo search \"PC Keep Clean\"","landingPage":"http://www.smartpcfixer.com/support/45/pc-clean","directDownloadingLink":"http://www.smartpcfixer.com/download/setup.exe","ipv4":"173.192.57.82","sourceIndex":"3596"}],"sampleFiles":[],"imageFiles":["171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_Software_EvidenceRemoved.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_Software_RepeatedValues.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_Software_RepeatedValues.mp4","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_ExaggerateInvalidRegistryKeyAsCritical.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_Software_AmbiguousMeaning.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ExaggareteInvalidRegistryCacheFileJunkFileAsSeriousProblem.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-017/ACR-017_LandingPage_ExageratedClaims.mp4","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-017/ACR-017_LandingPage_LatestUpdateClaim.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-017/ACR-017_LandingPage_UnreferencedExageratedClaims1.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-017/ACR-017_LandingPage_UnreferencedExageratedClaims2.PNG"],"nonDeceptorImageFiles":["171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-065/ACR-065_LandingPage_CompanyAddressBeijing.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-065/ACR-065_LandingPage_CompanyAddressHongkong.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-065/ACR-065_Software_NoAboutPage.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-035/ACR-035_Software_ThreatFireEULA.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-054/ACR-054_InlineOffers_NonProminentButtons1.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-054/ACR-054_InlineOffers_NonProminentButtons2.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-058/ACR-058_LandingPage_DosentSayItsPaidApp.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-058/ACR-058_LandingPage_OnlySevenDays.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_Software_EvidenceRemoved.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_Software_RepeatedValues.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_Software_RepeatedValues.mp4","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_ExaggerateInvalidRegistryKeyAsCritical.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ACR-003_Software_AmbiguousMeaning.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-003/ExaggareteInvalidRegistryCacheFileJunkFileAsSeriousProblem.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-017/ACR-017_LandingPage_ExageratedClaims.mp4","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-017/ACR-017_LandingPage_LatestUpdateClaim.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-017/ACR-017_LandingPage_UnreferencedExageratedClaims1.PNG","171102/D-SmartPCFixer-00015/5.2.0.0/Images/ACR-017/ACR-017_LandingPage_UnreferencedExageratedClaims2.PNG"],"guid":"950a1047-fe05-430c-8799-22e29dcfcc1f_5.2.0.0_1","appID":"D-SmartPCFixer-00015","dateAdded":"171102","deceptorType":"App","name":"SmartPCFixer","company":"Speedy HLDGS Limited","version":"5.2.0.0","sigName":"Deceptor:Wn32/SmartPCFixer!003","lastKnownStatus":"Deceptor:3.5","lastKnownDate":"180629","type":"Windows Executable","lastUpdate":"2018-06-29T03:11:01.0987928+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":2,"sortOrder":2525},{"violations":{"ACR-003":"The application exaggerates registry keys as high with status level as critical  , thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\nThe application's internal offer page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Speedy HLDGS Limited\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"0.0","hashMD5":"10b56c4d49d0f655bfc3df562019ace9","hashSHA1":"618cecc0a06c5d154368a7f07ab9e89be867af98","hashSHA256":"da68755696bfcc9ec6000e8a727ae3410900e9b22bd2a5f8d8b487fd54ed380a","digitalCertThumbprint":"56F2D823E2607C411C04B19FEF2069A0F1876E38","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Speedy HLDGS Limited, O=Speedy HLDGS Limited, L=Mongkok, S=Kowloon, C=HK","sourceIndex":"3594","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SmartPCFixer.exe","companyName":"n/a","productName":"SmartPCFixer.exe","productVersion":"5.5.0.0","fileVersion":"5.5.0.0","hashMD5":"37f7bee29e2efb1652b998b29bb4e6d8","hashSHA1":"4c8c7d7abe099dc00e05092e321f8384b08d579e","hashSHA256":"c8eeff11700e4ea75e56cafdb5c82780e388f8235f8bc9ead93aa60cc9f5e90e","digitalCertThumbprint":"56F2D823E2607C411C04B19FEF2069A0F1876E38","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Speedy HLDGS Limited, O=Speedy HLDGS Limited, L=Mongkok, S=Kowloon, C=HK","sourceIndex":"3594","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.smartpcfixer.com/","directDownloadingLink":"http://www.smartpcfixer.com/download/setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.smartpcfixer.com/download/setup.exe","sourceIndex":"3594"}],"sampleFiles":["171102/D-SmartPCFixer-00015/3.5/Samples/setup.exe","171102/D-SmartPCFixer-00015/3.5/Samples/SmartPCFixer.exe"],"imageFiles":["171102/D-SmartPCFixer-00015/3.5/Images/ACR-003/acr_003.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-003/acr_003_1.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-017/acr_017_I.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-017/acr_017_S.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-017/acr_017_IO.PNG"],"nonDeceptorImageFiles":["171102/D-SmartPCFixer-00015/3.5/Images/ACR-065/install.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-065/acr_065_S.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-017/acr_017_LP.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-092/certi_signature.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-099/acr_099_s.PNG","171102/D-SmartPCFixer-00015/3.5/Images/ACR-099/acr_099_IO.PNG"],"guid":"950a1047-fe05-430c-8799-22e29dcfcc1f_3.5_1","appID":"D-SmartPCFixer-00015","dateAdded":"171102","deceptorType":"App","name":"SmartPCFixer","company":"Speedy HLDGS Limited","version":"3.5","sigName":"Deceptor:Win32/SmartPCFixer!003017","lastKnownStatus":"Deceptor:3.5","lastKnownDate":"180629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T15:45:18.4255581+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":2,"sortOrder":2524},{"violations":{"ACR-003":"App claims that working properly drivers need a critical update, urge user to update via pop ups","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App claims that working properly drivers need a critical update, urge user to update via pop ups"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Xionix Inc.","productName":"DriverHound","productVersion":"2.1.1.13","fileVersion":"2.1.1.13","hashMD5":"3edda3a64cd47ed1a0f2321e2f196154","hashSHA1":"474478f5816ec84cdd901bfc2bca5a64bf8dbd1b","hashSHA256":"b4dbb1249083561d03488aa9bf43ba54ca02746f06e0dc305358fee5913c7208","digitalCertThumbprint":"1D3965A3F8B0145B926F60C357E8328227023253","sourceIndex":"3489","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Xionix Inc.","productName":"DriverHound","productVersion":"2.1.1.13","fileVersion":"2.1.1.13","hashMD5":"3edda3a64cd47ed1a0f2321e2f196154","hashSHA1":"474478f5816ec84cdd901bfc2bca5a64bf8dbd1b","hashSHA256":"b4dbb1249083561d03488aa9bf43ba54ca02746f06e0dc305358fee5913c7208","digitalCertThumbprint":"1D3965A3F8B0145B926F60C357E8328227023253","sourceIndex":"3490","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Yahoo search  \"Registry Tool\", leads to deceptor from xionix, DriverHound is from same company","landingPage":"http://www.xionix.com/products/driverhound/reviews.php","directDownloadingLink":"http://www.xionnix.com/downloads/driverhound-setup.exe","ipv4":"198.1.117.247","sourceIndex":"3489"},{"howFound":"Hunt.Advertising","reference":"Yahoo search  \"Registry Tool\", leads to deceptor from xionix, DriverHound is from same company","landingPage":"http://www.driverhound.com/","directDownloadingLink":"http://www.driverhound.com/downloads/driverhound-setup.exe","ipv4":"142.4.18.78","sourceIndex":"3490"}],"sampleFiles":[],"imageFiles":["171102/D-DriverHound-00027/2.1.1.13/Images/ACR-003/IdentifiedDriverNeedToUpdate.JPG","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-003/popupalertonrightbottomurgeforcriticalupdate.JPG","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-005/ACR-005_Software_AsksToRegisterPostInstallation.JPG","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-007/ACR-007_LandingPage_UnableToVerify.mp4","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-007/ACR-007_LandingPage_UnableToVerify_1.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-007/ACR-007_LandingPage_UnableToVerify_2.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-017/ACR-017_LandingPage_NotClickableAndUnableToVerify.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-017/ACR-017_LandingPage_NotClickableAndUnableToVerify.mp4","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-016/ACR-016_Software_AdsLeadToDownloads_1.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-016/ACR-016_Software_AdsLeadToDownloads_2.jpeg"],"nonDeceptorImageFiles":["171102/D-DriverHound-00027/2.1.1.13/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-065/ACR-065_Software_NoEulaNoPrivacyPolicyNoUninstallInformation.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-065/ACR-065_landingPage_NoReturnPolicy.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-161/ACR-161_LandingPage_NoLinkForReviews.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-092/ACR-092_Software_NotDigitallySigned.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-098/ACR-098_Software_NoClose.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-099/ACR-099_LandingPage_NoUninstallInformation.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-099/ACR-099_Software_NoUninstallInformation.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-037/ACR-037_Docs_NoReturnPolicy.JPG","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-159/ACR-159_LandingPage_NoPaymentInfo_1.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-159/ACR-159_LandingPage_NoPaymentInfo_2.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-159/ACR-159_LandingPage_NoPaymentInfo_3.JPG","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-003/IdentifiedDriverNeedToUpdate.JPG","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-003/popupalertonrightbottomurgeforcriticalupdate.JPG","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-005/ACR-005_Software_AsksToRegisterPostInstallation.JPG","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-007/ACR-007_LandingPage_UnableToVerify.mp4","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-007/ACR-007_LandingPage_UnableToVerify_1.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-007/ACR-007_LandingPage_UnableToVerify_2.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-017/ACR-017_LandingPage_NotClickableAndUnableToVerify.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-017/ACR-017_LandingPage_NotClickableAndUnableToVerify.mp4","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-016/ACR-016_Software_AdsLeadToDownloads_1.jpeg","171102/D-DriverHound-00027/2.1.1.13/Images/ACR-016/ACR-016_Software_AdsLeadToDownloads_2.jpeg"],"guid":"ef364638-1387-4b48-a4e1-609ae360551b_2.1.1.13_1","appID":"D-DriverHound-00027","dateAdded":"171102","deceptorType":"App","name":"DriverHound","company":"Xionix Inc.","version":"2.1.1.13","sigName":"Deceptor:Win32/DriverHound!003","lastKnownStatus":"Deceptor:2.1.1.13","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:28:31.6668407+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2714},{"violations":{"ACR-003":"App exaggerates browser caches, empty registry keys, etc. as \"issues\". At first scan, there is a prompt for \"Skip Scan and Fix All Issues Now\" which drives a false sense of urgency.","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made. The call center number doesn't share equal prominence with a non-interactive methods of support.","ACR-117":"c:\\Config.msi directory is left, and installer is left and protected. This sometimes blocks the uninstall, and always blocks consumer from removing the installer.","ACR-118":"Upon uninstall, app leaves executable files in the folder, as well in c:\\config.msi directory. Uninstall also drives unexpected restart system without any prompting.","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates browser caches, empty registry keys, etc. as \"issues\". At first scan, there is a prompt for \"Skip Scan and Fix All Issues Now\" which drives a false sense of urgency.","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made. The call center number doesn't share equal prominence with a non-interactive methods of support."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"US Tech Support LLC","productName":"PC Optimizer","productVersion":"1.8.0.0","fileVersion":"1.8.0.0","hashMD5":"26f210973665e84794107393df0f0f9e","hashSHA1":"d82e8ac507004e4c180dd7bfa7e6a075573a538a","hashSHA256":"2c2c1f6883b2cfef38be411ce6ae13a887f143a95904e0827d053079b6c030cb","digitalCertThumbprint":"d2abdd184bf379af56a66a86c2f14380e851fecc","sourceIndex":"3674","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Google \"fix my pc\"","landingPage":"www.mycleanpc.com","directDownloadingLink":"http://software.ustechsupport.com/downloader?id=6abd364af202459baf66e1b592414be0","ipv4":"34.194.245.97","sourceIndex":"3674"},{"howFound":"Hunt.Advertising","reference":"Google \"fix my pc\"","landingPage":"www.mycleanpc.com","directDownloadingLink":"http://software.ustechsupport.com/downloader?id=5c5229cec4d44b7db644fae07470cc55","ipv4":"54.81.201.18","sourceIndex":"3675"},{"howFound":"Hunt.Advertising","reference":"Google \"fix my pc\"","landingPage":"www.mycleanpc.com","directDownloadingLink":"http://download.ustechsupport.com/packages/PCOSetup_1.8.0.0.exe","ipv4":"54.81.201.18","sourceIndex":"3676"}],"sampleFiles":[],"imageFiles":["171102/D-MyCleanPC-00003/1.1/Images/ACR-003/ACR-003_Software.mp4","171102/D-MyCleanPC-00003/1.1/Images/ACR-003/ACR-003_Software_1.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-003/ExaggeratingSystemHealth.PNG","171102/D-MyCleanPC-00003/1.1/Images/ACR-003/ExaggeratingSystemHealth_1.PNG","171102/D-MyCleanPC-00003/1.1/Images/ACR-017/ACR-017_LandingPage.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-084/ACR-084_Software.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-084/ACR-084_Software.mp4","171102/D-MyCleanPC-00003/1.1/Images/ACR-168/NoDisclosureForAdditionalOfferInActivePhoneCall.PNG","171102/D-MyCleanPC-00003/1.1/Images/ACR-168/NoDisclosureForAdditionalOfferInSupportPhoneCall.PNG","171102/D-MyCleanPC-00003/1.1/Images/ACR-117/FileLeftAfterUninstallationIsProtected.PNG","171102/D-MyCleanPC-00003/1.1/Images/ACR-118/ACR-118_Uninstall.mp4","171102/D-MyCleanPC-00003/1.1/Images/ACR-118/ACR-118_Uninstall.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-055/ACR-055_Install.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-055/ACR-055_LandingPage.jpeg"],"nonDeceptorImageFiles":["171102/D-MyCleanPC-00003/1.1/Images/ACR-065/ACR-065_Software.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-163/ACR-163_LandingPage.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-163/ACR-163_Software.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-153/ACR-153_Software.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-099/ACR-099_Uninstall.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-121/ACR-121_Uninstall.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-054/ACR-054_Software.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-055/ACR-055_Install.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-055/ACR-055_LandingPage.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-003/ACR-003_Software.mp4","171102/D-MyCleanPC-00003/1.1/Images/ACR-003/ACR-003_Software_1.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-003/ExaggeratingSystemHealth.PNG","171102/D-MyCleanPC-00003/1.1/Images/ACR-003/ExaggeratingSystemHealth_1.PNG","171102/D-MyCleanPC-00003/1.1/Images/ACR-017/ACR-017_LandingPage.jpeg","171102/D-MyCleanPC-00003/1.1/Images/ACR-168/NoDisclosureForAdditionalOfferInActivePhoneCall.PNG","171102/D-MyCleanPC-00003/1.1/Images/ACR-168/NoDisclosureForAdditionalOfferInSupportPhoneCall.PNG"],"guid":"50f6efde-13bd-4253-9b19-a7ed403fb6ca_1.1_1","appID":"D-MyCleanPC-00003","dateAdded":"171102","deceptorType":"App","name":"MyCleanPC","company":"USTechSupport LLC","version":"1.1","sigName":"Deceptor:Win32/MyCleanPC!003117118168","firstVendorContactDate":"170501","firstAppEsteemReplyDate":"170501","firstResolvedDate":"170508","firstResolvedVersion":"1.2.0.0","resolved":"TRUE","lastKnownStatus":"Not Deceptor: 1.2.0.0","lastKnownDate":"170508","lastUpdate":"2018-03-09T01:05:38.656553+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2712},{"violations":{"ACR-003":"App exaggerates system healthy considtion. Empty registry keys are exaggerated as high impact issues.","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made. The call center number doesn't share equal prominence with a non-interactive methods of support.","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy considtion. Empty registry keys are exaggerated as high impact issues.","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made. The call center number doesn't share equal prominence with a non-interactive methods of support."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"TweakBit FixMyPC","productVersion":"1.8.1.3","fileVersion":"1.8.1.3","hashMD5":"b739b244ba1f1c9ffcf191307e8034bc","hashSHA1":"2e65fb6e5c091a2b2cb3f625b0b7bfc81e8c989b","hashSHA256":"553281e54c12dff3a0b8e1246fd07534df79ccdefa7447c8abbc28ad31821bf0","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3154","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"TweakBit FixMyPC","productVersion":"1.8.1.4","fileVersion":"1.8.1.4","hashMD5":"09cd15aa7d5ac3fab588858ec4777330","hashSHA1":"e41814a2488ccfcd87c6239026e8b95a45e3f4c7","hashSHA256":"f5b0c34df51a562d13bd1faa8cbca3b097ddf295087586600e3669cda0b28199","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3154","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Google \"fix my slow pc\", product from same company","landingPage":"https://www.tweakbit.com/fix-my-pc/","directDownloadingLink":"http://downloads.tweakbit.com/en/fix-my-pc/default/fix-my-pc-setup.exe","ipv4":"45.79.194.109","sourceIndex":"3154"}],"sampleFiles":["171102/D-FixMyPC-00009/1.8/Samples/fix-my-pc-setup.exe"],"imageFiles":["171102/D-FixMyPC-00009/1.8/Images/ACR-047/ACR-047_Install_UnnecessaryWebPagePopsUp.PNG","171102/D-FixMyPC-00009/1.8/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-003/ACR-003_Software_ExaggeratedClaims2.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-003/ACR-003_Software_PopUpWindow.jpg","171102/D-FixMyPC-00009/1.8/Images/ACR-007/ACR-007_Install_MisleadingSeal.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-007/ACR-007_Software_MisleadingSeal2.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-007/ACR-007_Uninstall_MisleadingSeal3.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-017/ACR-017_LandingPage_MisleadingButtons.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-168/NoDisclosureForAdditionalOfferMayBeMade.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-117/ACR-117_Uninstall_UnclearUninstallButton.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-057/ACR-057_InternalOffer_UnableToOptOut.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-014/ACR-014_AdsInsideApp_MisleadingTerms.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-016/ACR-016_AdsInsideApp_ConfusingDownloads.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-016/ACR-016_AdsInsideApp_NoLandingPage.JPG","171102/D-FixMyPC-00009/1.8/Images/ACR-016/ACR-016_AdsInsideApp_SilentInstallation.mp4","171102/D-FixMyPC-00009/1.8/Images/ACR-053/ACR-053_Install_BundleOffer1.Jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-053/ACR-053_Install_BundleOffer2.Jpeg"],"nonDeceptorImageFiles":["171102/D-FixMyPC-00009/1.8/Images/ACR-044/ACR-044_Install_OfferTextUnclear.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-161/ACR-161_LandingPage_QuotesWithoutReferences.JPG","171102/D-FixMyPC-00009/1.8/Images/ACR-161/ACR-161_LandingPage_QuotesWithoutReferences2.JPG","171102/D-FixMyPC-00009/1.8/Images/ACR-163/ACR-163_LandingPage_CallCenter.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-163/ACR-163_LandingPage_CallCenter2.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-163/ACR-163_LandingPage_CallCenter3.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-163/ACR-163_Software_CallCenter.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-163/ACR-163_Software_CallCenter2.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-163/ACR-163_Software_CallCenter3.JPG","171102/D-FixMyPC-00009/1.8/Images/ACR-088/ACR-088_Software_AutomaticScanAfterInstallation.mp4","171102/D-FixMyPC-00009/1.8/Images/ACR-054/ACR-054_BundlerMadeOffer_UnequalProminenceForButtons.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-054/ACR-054_BundlerMadeOffer_UnequalProminenceForButtons2.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-068/ACR-068_BundlerMadeOffers_LandingPageAfterClickingOnShorcut.JPeG","171102/D-FixMyPC-00009/1.8/Images/ACR-068/ACR-068_BundlerMadeOffers_Shotcuts.JPeG","171102/D-FixMyPC-00009/1.8/Images/ACR-159/ACR-159_LandingPage_UnclearOffer.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-047/ACR-047_Install_UnnecessaryWebPagePopsUp.PNG","171102/D-FixMyPC-00009/1.8/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-003/ACR-003_Software_ExaggeratedClaims2.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-003/ACR-003_Software_PopUpWindow.jpg","171102/D-FixMyPC-00009/1.8/Images/ACR-007/ACR-007_Install_MisleadingSeal.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-007/ACR-007_Software_MisleadingSeal2.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-007/ACR-007_Uninstall_MisleadingSeal3.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-017/ACR-017_LandingPage_MisleadingButtons.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-168/NoDisclosureForAdditionalOfferMayBeMade.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-057/ACR-057_InternalOffer_UnableToOptOut.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-014/ACR-014_AdsInsideApp_MisleadingTerms.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-016/ACR-016_AdsInsideApp_ConfusingDownloads.jpeg","171102/D-FixMyPC-00009/1.8/Images/ACR-016/ACR-016_AdsInsideApp_NoLandingPage.JPG","171102/D-FixMyPC-00009/1.8/Images/ACR-016/ACR-016_AdsInsideApp_SilentInstallation.mp4"],"guid":"2b3f6cb6-df62-4b33-93e7-78cf60d7ec2a_1.8_1","appID":"D-FixMyPC-00009","dateAdded":"171102","deceptorType":"App","name":"FixMyPC","company":"TweakBit","version":"1.8","sigName":"Deceptor:Win32/FixMyPC!003168","firstVendorContactDate":"170526","firstAppEsteemReplyDate":"170526","firstResolvedDate":"170530","resolved":"TRUE","lastKnownStatus":"Stopped Distribution:1.8.1.4","lastKnownDate":"190301","lastUpdate":"2019-03-02T02:24:21.4821421+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2713},{"violations":{"ACR-107":"An additional software was installed/used \"ClamAV\", which was not disclosed in the Eula or terms of use. \n","ACR-017":"App displays endorsement logo that is issued to company not to specific app. Such app irrelevant endorsement logo misleads user.\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and privacy policy link. \n","ACR-163":"One to one interaction is needed in order to purchase, activate or receive support. \nOne to one interaction is needed in order to purchase, activate or receive support. \n","ACR-160":"Tried calling the call center but there was no answer. There was an answering machine stating to leave a message. \n","ACR-099":"Software is missing uninstall link.\n","ACR-120":"The same app was re_advertised with a 50% OFF which would make consumers feel they were cheated earlier as well as it being very confusing.\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"K9-PCProtector.exe","isInstaller":"True","companyName":"SUPER TUNEUP TECHNOLOGIES LLP","productName":"K9-PCProtector","productVersion":"1.0.0.16535","fileVersion":"1.0.0.16535","hashMD5":"1606ae90b062a90a494c364c1e77b19b","hashSHA1":"72178360bd117a304cdc66698b951a3d51c9582d","hashSHA256":"6209b103f52692af313fdb1c0cb8181d6d3791b10d3c47a718ecbfab9534b0a5","digitalCertThumbprint":"12CC10CC6D8256C5697C03056340069F4BD3D398","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"SUPER TUNEUP TECHNOLOGIES LLP","sourceIndex":"2547","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.k9tools.com/K9antispyware/","directDownloadingLink":"http://d3fc4oxws4oqm1.cloudfront.net/k9pcp/k9pcp_site_default.exe","ipv4":"","ipv6":"","sourceIndex":"2547"}],"sampleFiles":["171031/K9-PCProtector-171030/1.0.0.16535/Samples/k9pcp_site_default.exe"],"imageFiles":["171031/K9-PCProtector-171030/1.0.0.16535/Images/ACR-017/K9.PNG","171031/K9-PCProtector-171030/1.0.0.16535/Images/ACR-107/acr_107.PNG","171031/K9-PCProtector-171030/1.0.0.16535/Images/ACR-168/one_to_one_interaction_SW.PNG"],"nonDeceptorImageFiles":["171031/K9-PCProtector-171030/1.0.0.16535/Images/ACR-163/one_to_one_interaction_LP.PNG","171031/K9-PCProtector-171030/1.0.0.16535/Images/ACR-168/one_to_one_interaction_LP.PNG","171031/K9-PCProtector-171030/1.0.0.16535/Images/ACR-163/one_to_one_interaction_SW.PNG","171031/K9-PCProtector-171030/1.0.0.16535/Images/ACR-120/re_advertised.PNG"],"guid":"7f001a69-2ffb-41b2-a573-153d3260320b_1.0.0.16535_1","appID":"K9-PCProtector-171030","dateAdded":"171031","deceptorType":"App","name":"K9-PCProtector","company":"SUPER TUNEUP TECHNOLOGIES LLP","version":"1.0.0.16535","sigName":"Deceptor:Win32/K9PCProtector!017107168","lastKnownStatus":"Deceptor: 1.0.0.16535","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-02-04T00:53:43.3965168+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2716},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action. The application reports also identified them as high risk errors, further misleading and scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nDoes not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software\n","ACR-163":"The software requires one-to-one interaction in order to receive support that is displayed prominently on the landing page and no non-interactive options are provided. \nThe software requires one-to-one interaction in order to receive support that is displayed prominently on the software and no non-interactive options are provided. \n","ACR-160":"Got no answer upon calling the support contact number provided.\n","ACR-099":"No uninstall information is provided on the internal offer page.\nNo uninstall information is provided on the landing page\nNo uninstall information is provided on the software\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"MYPCTuneUp.exe","isInstaller":"True","companyName":"MYSecurityCenter Ltd.","productName":"MYPCTuneUp","productVersion":"1.9.43.0","fileVersion":"1.9.43.0","hashMD5":"c81e74d406a28a69e69197832a25eb92","hashSHA1":"d903c18898b697c490f479d6843df38215cb33f4","hashSHA256":"845865826d34b46c060a500edcd9eaeb275359abc8d251df01db6d451c9f25eb","digitalCertThumbprint":"B1B580742F13D04D2187008FBC649D085DC55897","digitalCertIssuer":"DigiCert SHA2 Assured ID Code Signing CA","digitalCertIssuedTo":"Perlego Holdings Ltd.","sourceIndex":"3567","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"https://www.mysecuritycenter.com/gb/products/my-pc-tuneup","directDownloadingLink":"http://download.mysecuritycenter.com/MPCTU/MYPCTuneUp_en_eshop.exe","ipv4":"","ipv6":"","sourceIndex":"3567"}],"sampleFiles":[],"imageFiles":["171031/MYPCTuneUp-171030/1.9.43/Images/ACR-003/ACR-003_software.JPG","171031/MYPCTuneUp-171030/1.9.43/Images/ACR-003/ACR-003_software2.JPG","171031/MYPCTuneUp-171030/1.9.43/Images/ACR-084/ACR-084_software.JPG","171031/MYPCTuneUp-171030/1.9.43/Images/ACR-084/ACR-084_software1.JPG","171031/MYPCTuneUp-171030/1.9.43/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["171031/MYPCTuneUp-171030/1.9.43/Images/ACR-163/ACR-163_LANDING_PAGE.JPG","171031/MYPCTuneUp-171030/1.9.43/Images/ACR-168/ACR-168_landing_page.JPG","171031/MYPCTuneUp-171030/1.9.43/Images/ACR-163/ACR-163_software.JPG","171031/MYPCTuneUp-171030/1.9.43/Images/ACR-160/ACR-160_software.JPG"],"guid":"7a3aaaa2-4b35-44e3-bd66-a97f02e588f8_1.9.43_1","appID":"MYPCTuneUp-171030","dateAdded":"171031","deceptorType":"App","name":"MYPCTuneUp","company":"MYSecurityCenter Ltd.","version":"1.9.43","sigName":"Deceptor:Win32/MYPCTuneUp!003084168","firstVendorContactDate":"180806","firstAppEsteemReplyDate":"180806","firstResolvedDate":"180813","firstResolvedVersion":"3.4.3","resolved":"TRUE","lastKnownStatus":"Deceptor:1.9.43","lastKnownDate":"171030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-08-14T16:31:32.4265898+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2715},{"violations":{"ACR-003":"The app exaggerates \"Empty Registry Key\", \"Temp Files\", \"Junk Files\" as a HIGH system impact issue with exaggerated numbers, thereby misleading or scaring the consumer to take action\n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake, unverifiable or expired endorsements\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\K7User\\Desktop\\OneSafe_PC_Cleaner.exe","isInstaller":"True","companyName":"","productName":"OneSafe PC Cleaner","productVersion":"4","fileVersion":"4","hashMD5":"2074b7475fb2766e652b50dbc9539d62","hashSHA1":"3e61a5febb2d8a5719b64fb1c054dc4f4a1eda1e","hashSHA256":"fb8a855254b0914886e5331cb31cf8579a7b60ba1f4c1aaa8c3749966cd3cee5","digitalCertThumbprint":"FA613B842AAABBE881761B58721B45EE0ABEF778","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"AVANQUEST SOFTWARE","sourceIndex":"3576","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"","landingPage":"https://onesafe-pc-cleaner.en.softonic.com/?ex=DSK-309.5","directDownloadingLink":"","ipv4":"","ipv6":"","sourceIndex":"3576"},{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.onesafesoftware.com/?OSV=Windows%2010","ipv4":"","ipv6":"","sourceIndex":"3577"}],"sampleFiles":[],"imageFiles":["171030/D-K7-OneSafePcCleaner-171024/4/Images/ACR-017/ACR-017_Software_Misleading_Certification.JPG","171030/D-K7-OneSafePcCleaner-171024/4/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171030/D-K7-OneSafePcCleaner-171024/4/Images/ACR-003/ACR-003_Software_Exaggeration.mp4","171030/D-K7-OneSafePcCleaner-171024/4/Images/ACR-003/ACR-003_Software_Exaggeration_2.JPG","171030/D-K7-OneSafePcCleaner-171024/4/Images/ACR-003/ACR-003_Software_Exaggeration_3.JPG","171030/D-K7-OneSafePcCleaner-171024/4/Images/ACR-003/ACR-003_Software_Exaggeration_4.JPG","171030/D-K7-OneSafePcCleaner-171024/4/Images/ACR-003/ACR_003_Software_Exaggeration_5.JPG"],"nonDeceptorImageFiles":[],"guid":"cbbdd149-0e29-414c-956b-6c01a412d78b_4_1","appID":"D-K7-OneSafePcCleaner-171024","dateAdded":"171030","deceptorType":"App","name":"OneSafe PC Cleaner","company":"Avanquest Software","version":"4","sigName":"Deceptor:Win32/OneSafePcCleaner!003017","firstResolvedDate":"170306","firstResolvedVersion":"5.1","resolved":"TRUE","lastKnownStatus":"Deceptor: 4.0","lastKnownDate":"171024","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, up-sell to paid","lastUpdate":"2018-07-06T19:21:28.7970992+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2717},{"violations":{"ACR-003":"The app used color gradient to mislead consumer to believe they have an issue. The app referred to the items as problems. \n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n"},"nonDeceptorViolations":{"ACR-065":" Offer page doesn't have link for Eula.  \n\n No link for Eula in the landing page. \n\n No link for Eula in the installation process. \n\n No link for Eula in the software page. \n\n","ACR-099":" Landing page doesn't provide an uninstall link. \n\n Software doesn't provide an uninstall link. \n\n","ACR-003":"The app used color gradient to mislead consumer to believe they have an issue. The app referred to the items as problems. \n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\n"},"samples":[{"isRevoked":"False","fileName":"1ClickPCFix.exe","isInstaller":"True","companyName":"Digital River, Inc.","productName":"1ClickPCFix","productVersion":"1.0.0.0","fileVersion":"5.0.0.61","hashMD5":"ab4881856799607de060af80e2b82330","hashSHA1":"e0ebc8a86ce234e7146cb07263e451dfc90e38cb","hashSHA256":"d2e312187bbc69982d8e7c8ff8d1e7c882027ec08c7b16407f69e12ee20420e5","digitalCertThumbprint":"86E8C435C19CBB57149D97260EF64BA777559E71","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Neurosoft Tech Pvt Ltd","sourceIndex":"3727","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://pc1clickfix.com/","directDownloadingLink":"http://www.pc1clickfix.com/version34/aweber/1ClickPCfix.exe","ipv4":"","ipv6":"","sourceIndex":"3727"}],"sampleFiles":[],"imageFiles":["171028/1Click PC Fix-171006/4.1/Images/ACR-003/acr_003.PNG","171028/1Click PC Fix-171006/4.1/Images/ACR-003/acr_003_color_gradient.PNG","171028/1Click PC Fix-171006/4.1/Images/ACR-017/acr_007.PNG"],"nonDeceptorImageFiles":["171028/1Click PC Fix-171006/4.1/Images/ACR-003/acr_003.PNG","171028/1Click PC Fix-171006/4.1/Images/ACR-003/acr_003_color_gradient.PNG","171028/1Click PC Fix-171006/4.1/Images/ACR-017/acr_007.PNG"],"guid":"a048148e-2759-489b-9a2d-16f8cf5e4830_4.1_1","appID":"1Click PC Fix-171006","dateAdded":"171028","deceptorType":"App","name":"1ClickPCFix","company":"Neurosoft Tech Pvt Ltd","version":"4.1","sigName":"Deceptor:Win32/1ClickPCFix!003","firstVendorContactDate":"180115","firstAppEsteemReplyDate":"180116","firstResolvedDate":"180116","firstResolvedVersion":"App Shutdown:Vendor discontinued app and took down landing page and all distribution","resolved":"TRUE","lastKnownStatus":"Deceptor:4.1","lastKnownDate":"171006","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:31:57.2703601+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2718},{"violations":{"ACR-003":"The application exaggerates empty registry keys, junk files and browser cookies as errors and problems, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide any links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":"The app requires payment prior to demonstrating its value and and does not offer a trail, throttle or any other means. The app does not provide a easy-to-find interactive option for cancellation or returns.\n","ACR-099":"The app does not provide any uninstall information on the internal offer.\nThe app does not provide any uninstall information on the landing page.\nThe app does not provide any uninstall information on the software.\n","ACR-167":"The app does not disclose a 30-day refund policy in the EULA, Terms of Service or  Privacy Policy\n","ACR-159":"There was no mention that payment would be required to unlock all functionality on the software.\n","ACR-003":"The application exaggerates empty registry keys, junk files and browser cookies as errors and problems, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"Systimizer.exe","isInstaller":"True","companyName":"Developer Tribe (Pvt) Ltd.","productName":"Systimizer","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"311f08b98a17f144dbd82d3fdaa22ce7","hashSHA1":"9517f271fbe40c21db09d9d1a24909a1063b8dd3","hashSHA256":"f60ca87df0735ede759617340251f5b906f842f53366e8a507089cc0e43c0d29","digitalCertThumbprint":"B67A6AC0D8A08BD83D015F0830AA4671D2D207C3","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Developer Tribe (Private) Limited","sourceIndex":"3741","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.yahoo.com","landingPage":"https://www.systimizer.com/","directDownloadingLink":"https://www.systimizer.com/systimizer_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3741"}],"sampleFiles":["171027/Systimizer-171005/1.0.0.1/Samples/systimizer_setup.exe"],"imageFiles":["171027/Systimizer-171005/1.0.0.1/Images/ACR-003/ACR-003_1.PNG","171027/Systimizer-171005/1.0.0.1/Images/ACR-003/ACR-003_Software.PNG"],"nonDeceptorImageFiles":["171027/Systimizer-171005/1.0.0.1/Images/ACR-003/ACR-003_1.PNG","171027/Systimizer-171005/1.0.0.1/Images/ACR-003/ACR-003_Software.PNG"],"guid":"15f0bf4a-d1ca-478b-997e-213fc6f6660b_1.0.0.1_1","appID":"Systimizer-171005","dateAdded":"171027","deceptorType":"App","name":"Systimizer","company":"Developer Tribe (Pvt) Ltd.","version":"1.0.0.1","sigName":"Deceptor:Win32/Systimizer!003","firstVendorContactDate":"171026","firstAppEsteemReplyDate":"171026","firstResolvedDate":"171027","firstResolvedVersion":"1.0.0.2","resolved":"TRUE","lastKnownStatus":"Deceptor: 1.0.0.1","lastKnownDate":"171005","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-02-15T00:28:57.0578779+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2720},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"SafeBytes Software Inc.","productName":"TotalSystemCare","productVersion":"1.8.0.0","fileVersion":"1.8.0.0","hashMD5":"37c041a40cc840a9a2d50ad5ae68727e","hashSHA1":"82fc7d4195278d39f6b4d8d730c64bc7fa29792b","hashSHA256":"07a4a20fb062427365067ab181451c4a9b5f7cb9d40e1aca8ebe410f7f26f1ed","digitalCertThumbprint":"FA4EFC18EDEDFEFB80E691836003FA624688B8C7","sourceIndex":"3806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"SafeBytes Software Inc.","productName":"TotalSystemCare","productVersion":"1.8.0.0","fileVersion":"1.8.0.0","hashMD5":"7dbeaf1d4e532baa908238ed2cab9e72","hashSHA1":"c85ca4ed0a9e2e1cb59e67d57a4e6b57c19e751d","hashSHA256":"782a40964f5dfb201dfc64fc88021e6cdcdbd4d19be22602c5afb1fb5ad4682b","digitalCertThumbprint":"FA4EFC18EDEDFEFB80E691836003FA624688B8C7","sourceIndex":"3806","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"SafeBytes Software Inc.","productName":"TotalSystemCare","productVersion":"1.8.0.0","fileVersion":"1.8.0.0","hashMD5":"37c041a40cc840a9a2d50ad5ae68727e","hashSHA1":"82fc7d4195278d39f6b4d8d730c64bc7fa29792b","hashSHA256":"07a4a20fb062427365067ab181451c4a9b5f7cb9d40e1aca8ebe410f7f26f1ed","digitalCertThumbprint":"FA4EFC18EDEDFEFB80E691836003FA624688B8C7","sourceIndex":"3807","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"SafeBytes Software Inc.","productName":"TotalSystemCare","productVersion":"1.8.0.0","fileVersion":"1.8.0.0","hashMD5":"7dbeaf1d4e532baa908238ed2cab9e72","hashSHA1":"c85ca4ed0a9e2e1cb59e67d57a4e6b57c19e751d","hashSHA256":"782a40964f5dfb201dfc64fc88021e6cdcdbd4d19be22602c5afb1fb5ad4682b","digitalCertThumbprint":"FA4EFC18EDEDFEFB80E691836003FA624688B8C7","sourceIndex":"3807","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Daniel report deceptor candidate","landingPage":"http://www.speedupmypcfree.com/","directDownloadingLink":"http://download.totalsystemcare.com/rw/TotalSystemCare-Setup.exe","ipv4":"52.84.246.85","sourceIndex":"3806"},{"howFound":"Hunt.PartnerReport","reference":"Daniel report deceptor candidate","landingPage":"https://safebytes.com/products/total-system-care/","directDownloadingLink":"http://download.totalsystemcare.org/TotalSystemCare-Setup.exe","ipv4":"52.84.246.59","sourceIndex":"3807"}],"sampleFiles":["171027/D-TotalSystemCare-00008/1.8.0.0/Samples/TotalSystemCare-Setup.exe"],"imageFiles":["171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-046/ACR-046_LandingPage_NoDescription.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues.mp4","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_1.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_2.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/ClaimRegistryIssuesHasHighImpactToSystem.JPG","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/RaiseUrgencyToFixExaggeratedIssu.JPG","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-055/ACR-055_Software_ButtonMisleading_1.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-055/ACR-055_Software_ButtonMisleading_2.jpeg"],"nonDeceptorImageFiles":["171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-045/ACR-045_LandingPage_PaymentDetailsNotSpecified.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-045/ACR-045_Software_PaymentDetailsNotSpecified.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-065/ACR-065_SoftwareNoAbout.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-163/ACR-163_LandingPage_Support.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-163/ACR-163_Software_Support.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-092/ACR-092_Software_NotSigned.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-054/ACR-054_Software_NoEqualProminence_1.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-054/ACR-054_Software_NoEqualProminence_2.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-054/ACR-054_Software_NoEqualProminence_3.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-054/ACR-054_Software_NoEqualProminence_4.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-054/ACR-054_Software_NoEqualProminence_5.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-159/ACR-159_InternalOffer_NotClear.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-159/ACR-159_Uninstall_NotClear.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-046/ACR-046_LandingPage_NoDescription.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-055/ACR-055_Software_ButtonMisleading_1.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-055/ACR-055_Software_ButtonMisleading_2.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues.mp4","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_1.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_2.jpeg","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/ClaimRegistryIssuesHasHighImpactToSystem.JPG","171027/D-TotalSystemCare-00008/1.8.0.0/Images/ACR-003/RaiseUrgencyToFixExaggeratedIssu.JPG"],"guid":"5a4b9356-24cf-41dc-bd0c-9ab6031a5b2a_1.8.0.0_1","appID":"D-TotalSystemCare-00008","dateAdded":"171027","deceptorType":"App","name":"TotalSystemCare","company":"SafeBytes Software Inc.","version":"1.8.0.0","sigName":"Deceptor:Win32/TotalSystemCare!003","firstVendorContactDate":"170427","firstAppEsteemReplyDate":"170427","firstResolvedDate":"170531","firstResolvedVersion":"1.10.0.1","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.0.0","lastKnownDate":"170316","lastUpdate":"2018-02-15T00:14:56.8155144+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2721},{"violations":{"ACR-168":"The internal offer shopping cart webpage displays a support call center phone number but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\nThe application displays a \"mytechguru\" support call center phone number but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The installed application has no install date in the Microsoft windows Programs and features\n","ACR-065":"The internal offer shopping cart page has no link to the EULA or the Privacy policy.\nThe landing page has no link to the EULA or the Privacy policy \nThe install wizard has no privacy policy link\nThe application has no link to the EULA or the Privacy policy \n","ACR-163":"The Internal offers shopping cart page has a phone number for live help but does not provide a email address as secondary means of interaction.\nThe software has phone number for live help but does not provide a email address as secondary means of interaction\n","ACR-160":"Contacted the phone number (877)518-6912 provided by Apogee PC Pro, got a automated response message saying they are 'My Tech Guru'.\n","ACR-099":"The internal offer shopping cart has no link to uninstall information\nThe Landing page has no link to uninstall information\nThe application has no link to uninstall information\n","ACR-168":"The internal offer shopping cart webpage displays a support call center phone number but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\nThe application displays a \"mytechguru\" support call center phone number but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"ApogeePCPRO.exe","isInstaller":"True","companyName":"Apogee LLC","productName":"Apogee PC Pro","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"e27dbf4f785b2a929baa5e6f8a45a8a1","hashSHA1":"b3445b7b37d3423e9af957012eefa49daf7de7c0","hashSHA256":"4131be3020a92e22d2c190480b13718a2f46040032a80f74932bff536dc38c20","digitalCertThumbprint":"732200A294FF1C019E47749DC22FAC4B207A358E","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"R&B ADVERTISERS PRIVATE LIMITED","sourceIndex":"3804","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.top4download.com/","landingPage":"http://www.apogeepcpro.com/","directDownloadingLink":"http://www.apogeepcpro.com/download/ApogeePCPRO.exe","ipv4":"","ipv6":"","sourceIndex":"3804"}],"sampleFiles":["171027/Apogee PC Pro-171006/1.0.0.0/Samples/ApogeePCPRO.exe"],"imageFiles":["171027/Apogee PC Pro-171006/1.0.0.0/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG","171027/Apogee PC Pro-171006/1.0.0.0/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171027/Apogee PC Pro-171006/1.0.0.0/Images/ACR-038/ACR-038_INSTALL.PNG","171027/Apogee PC Pro-171006/1.0.0.0/Images/ACR-065/ACR-065_INSTALL.PNG","171027/Apogee PC Pro-171006/1.0.0.0/Images/ACR-163/ACR-163_INTERNAL_OFFERS.PNG","171027/Apogee PC Pro-171006/1.0.0.0/Images/ACR-163/ACR-163_SOFTWARE.PNG","171027/Apogee PC Pro-171006/1.0.0.0/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG","171027/Apogee PC Pro-171006/1.0.0.0/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"guid":"ee16a229-15cb-4d17-bd6c-dd10a176af8c_1.0.0.0_1","appID":"Apogee PC Pro-171006","dateAdded":"171027","deceptorType":"App","name":"Apogee PC Pro","company":"Apogee PC Pro","version":"1.0.0.0","sigName":"Deceptor:Win32/Apogee!168","lastKnownStatus":"Deceptor: 1.0.0.0","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2722},{"violations":{"ACR-048":"The application cannot be closed when 'Register' is selected during a scanning process, or after scan is completed when the 'Repair All' option is selected\n\n","ACR-003":"The application is using the word \"Problems\" to raise urgency on items that are not problems. \n\n"},"nonDeceptorViolations":{"ACR-065":"Landing page has no link to the EULA, Terms of Service, Returns and Cancellation Policy, Privacy Policy\nThe application has no link to the privacy policy on the setup wizard\nThe application has no link to the Privacy policy or EULA \n","ACR-161":"The Landing page has customer testimonials but they have no link to verify if they are real\n","ACR-092":"The application has unsigned executables (setup).\n","ACR-099":"Shopping cart webpage has no uninstall information link\nThe Landing page has no link to uninstall information on either the top or bottom of the webpage\nThe application has no link to uninstall information and also application has no about page\n","ACR-150":"The landing page has logos that makes claims of endorsements that cannot be verified\n","ACR-007":"The landing page has trust marks and logos that seem to be used in unauthorized ways\n","ACR-017":"The Landing page has representations and endorsements which cannot be verified\n"},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"YeahBit INC.","productName":"YeahBit PC SpeedUp","productVersion":"4.0.5","fileVersion":"n/a","hashMD5":"c6a3a5bd9bb952f2c4ceb39c8f2a73d2","hashSHA1":"1a2b7b5e9541e161f387d911415b43b38e7dcf2d","hashSHA256":"cd4cbc941766d66959d19d79418062c5ebb67b76c51ee35533f6a9ddbe550cd4","digitalCertThumbprint":"n/a","digitalCertIssuer":"n/a","digitalCertIssuedTo":"n/a","sourceIndex":"2548","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.top4download.com","landingPage":"http://www.yeahbit.com","directDownloadingLink":"http://www.yeahbit.com/products/YeahbitPCSpeedUp/setup.exe","ipv4":"","ipv6":"","sourceIndex":"2548"}],"sampleFiles":["171027/YeahBit PC SpeedUp 4-171004/4.0.5/Samples/setup.exe"],"imageFiles":["171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-003/ACR-003_SOFTWARE.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-048/ACR-048_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-099/ACR-099_INTERNAL_OFFERS_SCREENSHOT_1.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-099/ACR-099_INTERNAL_OFFERS_SCREENSHOT_2.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-007/ACR-007_LANDING_PAGE.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-017/ACR-017_LANDING_PAGE.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-150/ACR-150_LANDING_PAGE.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-065/ACR-065_LANDING_PAGE.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-099/ACR-099_LANDING_PAGE_SCREENSHOT_1.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-099/ACR-099_LANDING_PAGE_SCREENSHOT_2.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-065/ACR-065_INSTALL.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-091/ACR-091_SOFTWARE.PNG","171027/YeahBit PC SpeedUp 4-171004/4.0.5/Images/ACR-092/e23792270d0246d826047738bd9a98bc7d86fa753bb6437f6bf997ceb67b6529.png"],"guid":"16fbabb2-0471-4b28-9606-0e8ab42e54c6_4.0.5_1","appID":"YeahBit PC SpeedUp 4-171004","dateAdded":"171027","deceptorType":"App","name":"YeahBit PC SpeedUp 4","company":"YeahBit INC.","version":"4.0.5","sigName":"Deceptor:Win32/YeahBit!003048","lastKnownStatus":"Deceptor: 4.0.5","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2020-02-04T00:53:00.6037917+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2719},{"violations":{"ACR-003":"The application exaggerates invalid registry items, junk files as errors and problems, the heat color bar indicates the items having the high level impacts to system, presents user with misleading urgency to fix and clean up the issues. \n\n"},"nonDeceptorViolations":{"ACR-065":"The app does not show any links to EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software. \n","ACR-170":"The app requires payment prior to demonstrating its value and and does not offer a trail, throttle or any other means. The app does not provide a easy-to-find interactive option for cancellation or returns. \n\n","ACR-099":"The app does not provide details for uninstall on the software.\n","ACR-159":"There was no mention that payment would be required to unlock all functionality of the software on the landing page.\n","ACR-003":"The application exaggerates invalid registry items, junk files as errors and problems, the heat color bar indicates the items having the high level impacts to system, presents user with misleading urgency to fix and clean up the issues. \n\n"},"samples":[{"isRevoked":"False","fileName":"Reginout System Utilities.exe","isInstaller":"True","companyName":"SORCIM Technologies Pvt Ltd","productName":"RegInOut System Utilities","productVersion":"5.0","fileVersion":"5.0","hashMD5":"cb6aaeba6e0a2ff12993530ddd72f90a","hashSHA1":"c5cf6ce0495484d226465dc737752b5aba630c03","hashSHA256":"42ed017bdf5ab0271fd0cd4e19d558616cc3c20f9af95061acecfc3a53fb041c","digitalCertThumbprint":"54E50322E8751609AF6AB79BDC7300F96BDDAD08","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"SORCIM Technologies Pvt Ltd","sourceIndex":"3777","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com","landingPage":"https://www.reginout.com/","directDownloadingLink":"https://www.reginout.com/rio_setup.exe","ipv4":"","ipv6":"","sourceIndex":"3777"}],"sampleFiles":["171026/Reginout System Utilities-171006/5.0/Samples/rio_setup.exe"],"imageFiles":["171026/Reginout System Utilities-171006/5.0/Images/ACR-003/ACR-003_software.PNG","171026/Reginout System Utilities-171006/5.0/Images/ACR-003/ACR-003_software2.PNG"],"nonDeceptorImageFiles":["171026/Reginout System Utilities-171006/5.0/Images/ACR-003/ACR-003_software.PNG","171026/Reginout System Utilities-171006/5.0/Images/ACR-003/ACR-003_software2.PNG"],"guid":"6b93bfaf-be66-4fcb-9909-50d2e52893af_5.0_1","appID":"Reginout System Utilities-171006","dateAdded":"171026","deceptorType":"App","name":"Reginout System Utilities","company":"Sorcim Technologies (Pvt) Ltd","version":"5.0","sigName":"Deceptor:Win32/ReginoutSystemUtilities!003","firstVendorContactDate":"171023","firstAppEsteemReplyDate":"171023","firstResolvedDate":"171026","firstResolvedVersion":"5.0.0.1","resolved":"TRUE","lastKnownStatus":"Deceptor: 5.0","lastKnownDate":"171006","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-02-15T00:22:27.2512415+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2723},{"violations":{"ACR-107":"Application uses ClamAV(antivirus) without disclosing it in the Eula and honoring the same level license requirement.\n","ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting non issue item as threat. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and privacy Policy links.\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n","ACR-099":"Software is missing uninstall link. \n","ACR-120":"The same app was Re-advertised which would make the consumer feel mislead earlier. \n","ACR-107":"Application uses ClamAV(antivirus) without disclosing it in the Eula and honoring the same level license requirement.\n","ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting non issue item as threat. \n"},"samples":[{"isRevoked":"False","fileName":"Simple Malware Protector.exe","isInstaller":"True","companyName":"Corel Corporation","productName":"Simple Malware Protector","productVersion":"2.1.1000.22181","fileVersion":"2.1.1000.22181","hashMD5":"a13d689861c7dccf786bc4c799de948e","hashSHA1":"d69d261baa9de55298e23a1eed96bb0ccc5bd0cb","hashSHA256":"d542ceee95bbb467ffc20504ad56c8b9602c23eab83642e07fb1c15dea770e12","digitalCertThumbprint":"D42F6E3FCA6EB3CEB91CEE7FD15FF7087B89D624","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Corel Corporation","sourceIndex":"3814","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.simplestar.com/simple-malware-protector/","directDownloadingLink":"http://dl.simplestar.com/tools/simplestar/releases/ddd99fd1-abc2-4ebb-88e5-9dc680576a67_2.1.1000.22181/or/0/SimpleMalwareProtectorSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3814"}],"sampleFiles":["171025/SimpleMalwareProtector-171025/2.1.1000.22181/Samples/SimpleMalwareProtectorSetup.exe"],"imageFiles":["171025/SimpleMalwareProtector-171025/2.1.1000.22181/Images/ACR-107/acr_107.PNG","171025/SimpleMalwareProtector-171025/2.1.1000.22181/Images/ACR-003/acr_003.PNG","171025/SimpleMalwareProtector-171025/2.1.1000.22181/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["171025/SimpleMalwareProtector-171025/2.1.1000.22181/Images/ACR-120/re-advertised_same_app.PNG","171025/SimpleMalwareProtector-171025/2.1.1000.22181/Images/ACR-107/acr_107.PNG","171025/SimpleMalwareProtector-171025/2.1.1000.22181/Images/ACR-003/acr_003.PNG"],"guid":"8db880da-4d55-4f73-bf95-786e20b48532_2.1.1000.22181_1","appID":"SimpleMalwareProtector-171025","dateAdded":"171025","deceptorType":"App","name":"Simple Malware Protector ","company":"Corel Corporation","version":"2.1.1000.22181","sigName":"Deceptor:Win32/SimpleMalwareProtector!003084107","firstVendorContactDate":"171101","firstAppEsteemReplyDate":"171101","firstResolvedDate":"171120","firstResolvedVersion":"2.1.1000.23539","resolved":"TRUE","lastKnownStatus":"Deceptor:2.1.1000.22181","lastKnownDate":"171025","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:12:57.1305259+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2724},{"violations":{"ACR-003":"The application uses the word problems to increase urgency for non-urgent \"issues\",thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-167":"The application's EULA has no mention of a 30 days refund policy.\n","ACR-064":"The application's landing page has the download button displayed has 'Click Here to Start a FREE Scan\".\n","ACR-171":"The application's internal offer webpage has an additional offer option pre-selected.\n","ACR-003":"The application uses the word problems to increase urgency for non-urgent \"issues\",thereby misleading or scaring user to take action.\n","ACR-017":"The application's internal offer webpage fraudulently elevates its consumer trust level by displaying a unverifiable Microsoft Partner logo.\n"},"samples":[{"isRevoked":"False","fileName":"Regwork.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"28908ef2ac37a945c17cd1eb6a2bdd5f","hashSHA1":"acc6f337a59f3c2b6f4f06755d59df158e19dce7","hashSHA256":"0b919bf0ba245dcce2547d8bd6937d0c4733f829105c86a737940cd44aac45be","digitalCertThumbprint":"9025765AF43B106D310BAEA723A8BAF64B94C899","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Honlyn (Macao Commercial Offshore) Limited","sourceIndex":"3817","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.google.com","landingPage":"https://www.regwork.com/","directDownloadingLink":"http://mainregweb.s3.amazonaws.com/Regwork.exe","ipv4":"","ipv6":"","sourceIndex":"3817"}],"sampleFiles":["171024/RegWork-171023/1.2.0.4/Samples/Regwork.exe"],"imageFiles":["171024/RegWork-171023/1.2.0.4/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-017/ACR-017_INTERNAL_OFFERS_SCREENSHOT_1.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-017/ACR-017_INTERNAL_OFFERS_SCREENSHOT_2.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-118/ACR-118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["171024/RegWork-171023/1.2.0.4/Images/ACR-170/ACR-170_SOFTWARE.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-167/ACR-167_DOCS.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-064/ACR-064_LANDING_PAGE.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-171/ACR-171_INTERNAL_OFFERS.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_1.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-003/ACR-003_SOFTWARE_SCREENSHOT_2.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-017/ACR-017_INTERNAL_OFFERS_SCREENSHOT_1.PNG","171024/RegWork-171023/1.2.0.4/Images/ACR-017/ACR-017_INTERNAL_OFFERS_SCREENSHOT_2.PNG"],"guid":"b853c0fc-74e3-457d-b371-f98bc19aa257_1.2.0.4_1","appID":"RegWork-171023","dateAdded":"171024","deceptorType":"App","name":"RegWork","company":"RegWork","version":"1.2.0.4","sigName":"Deceptor:Win32/RegWork!003017118","lastKnownStatus":"Deceptor: 1.2.0.4","lastKnownDate":"210421","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2021-04-21T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":1,"sortOrder":2726},{"violations":{"ACR-003":"The application exaggerates empty registry keys, junk files and browser history and cookies as errors and problems, thereby misleading or scaring user to take action.\n","ACR-017":"The application fraudulently elevates its user trust level by displaying unverifiable endorsements\n"},"nonDeceptorViolations":{"ACR-065":"Does not show links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nDoes not show links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide an easy to find interactions for cancellation or returns.\n","ACR-092":"The app's digital signature is signed by a separate source and is not disclosed in the EULA, Terms of use or the Privacy Policy.\n","ACR-099":"No uninstall information is provided on the internal offer page.\nNo uninstall information is provided on the landing page.\nNo uninstall information is provided on the software.\n","ACR-150":"The app displays Microsoft Partner logo along with McAfee and Norton that are unable to be verified.\n"},"samples":[{"isRevoked":"False","fileName":"RegistryNuke 2014.exe","isInstaller":"True","companyName":"RegistryNuke, Inc.","productName":"RegistryNuke 2014","productVersion":"2.1.6.80","fileVersion":"2.1.6.80","hashMD5":"552f64fd5fb4a25ee5fbf84801921396","hashSHA1":"cbd924213dfcb8fd732c5ad818b69c328d0d2845","hashSHA256":"6fc2fef7a548c62b7977524dc82c69f4fda317f7bf34bbedaeae8e1ca766fed9","digitalCertThumbprint":"FD91D6AD22DB69997F337E59FE09E0FE60FBFAAC","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"Ideakee Inc","sourceIndex":"3347","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.google.com","landingPage":"http://registrynuke.com/","directDownloadingLink":"http://registrynuke.com/RegistryNuke_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3347"}],"sampleFiles":[],"imageFiles":["171024/RegistryNuke2014-171023/2.1.6.80/Images/ACR-017/ACR-017_internal_offer.PNG","171024/RegistryNuke2014-171023/2.1.6.80/Images/ACR-003/ACR-003.PNG","171024/RegistryNuke2014-171023/2.1.6.80/Images/ACR-003/ACR-003_.PNG","171024/RegistryNuke2014-171023/2.1.6.80/Images/ACR-003/REgistryNuke_ACR003.PNG"],"nonDeceptorImageFiles":["171024/RegistryNuke2014-171023/2.1.6.80/Images/ACR-150/ACR-150_internal_offer.PNG","171024/RegistryNuke2014-171023/2.1.6.80/Images/ACR-065/ACR-065_INSTALL.PNG","171024/RegistryNuke2014-171023/2.1.6.80/Images/ACR-092/ACR-092_software.PNG","171024/RegistryNuke2014-171023/2.1.6.80/Images/ACR-065/ACR-065_software.PNG"],"guid":"a6d31562-c7ad-4d64-afeb-ce41bd04bb55_2.1.6.80_1","appID":"RegistryNuke2014-171023","dateAdded":"171024","deceptorType":"App","name":"RegistryNuke 2014","company":"RegistryNuke.com","version":"2.1.6.80","sigName":"Deceptor:Win32/RegistryNuke!003017","lastKnownStatus":"Deceptor: 2.1.6.80","lastKnownDate":"171023","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-22T00:18:05.0200536+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2727},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action. The application reports also identified errors with exaggerated numbers and red color gradient, thereby misleading or scaring the user to take action.\n\nThe application show the exaggerated scan results with said errors (found by the software) on internal offer page also, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is also unable to disable these tasks from the software's interface. \n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nThe app does not provide any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\nThe app does not provide any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer page.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide an easy to find interactions for cancellation or returns.\n","ACR-099":"No uninstall information is provided on the software\nNo uninstall information is provided on the landing page\nNo uninstall information is provided on the internal offer page\n","ACR-150":"The app's landing page displays awards that are unable to be verified as they are not clickable.\nThe app's landing page displays a BBB logo that are unable to be verified as they are not clickable.\n","ACR-159":"The was no mention that payment would be required to unlock the full functionality of the software.\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action. The application reports also identified errors with exaggerated numbers and red color gradient, thereby misleading or scaring the user to take action.\n\nThe application show the exaggerated scan results with said errors (found by the software) on internal offer page also, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"RegGenie.exe","isInstaller":"True","companyName":"RegGenie.com","productName":"RegGenie","productVersion":"3.0","fileVersion":"3.0.1.2","hashMD5":"32c14cd20db870198f9a30ddc3aa9bdc","hashSHA1":"ff7d7e3d725f22b17d8137735d6886dd6e354165","hashSHA256":"4999649d98bfffef0a3d98d69cefef91c0b7f8c579dc23e6aaebb33019793c6e","digitalCertThumbprint":"B43D926C331FAFEEE7F3284ABED98F545270DD9E","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"RegGenie.com","sourceIndex":"3785","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://www.reggenie.com/","directDownloadingLink":"http://www.reggenie.com/download/RegGenieSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3785"}],"sampleFiles":["171024/RegGenie-171019/3.0/Samples/RegGenieSetup.exe"],"imageFiles":["171024/RegGenie-171019/3.0/Images/ACR-003/ACR-003_internal_offer.PNG","171024/RegGenie-171019/3.0/Images/ACR-003/ACR-003_software.PNG","171024/RegGenie-171019/3.0/Images/ACR-003/ACR-003_software2.PNG","171024/RegGenie-171019/3.0/Images/ACR-084/ACR-084_software.PNG","171024/RegGenie-171019/3.0/Images/ACR-084/ACR-084_software2.PNG","171024/RegGenie-171019/3.0/Images/ACR-084/ACR-084_software3.PNG"],"nonDeceptorImageFiles":["171024/RegGenie-171019/3.0/Images/ACR-065/ACR-065_install.PNG","171024/RegGenie-171019/3.0/Images/ACR-065/ACR-065_software.PNG","171024/RegGenie-171019/3.0/Images/ACR-170/ACR-170_software.PNG","171024/RegGenie-171019/3.0/Images/ACR-150/ACR-150_INTERNAL_OFFER.PNG","171024/RegGenie-171019/3.0/Images/ACR-150/ACR-150_landing.PNG","171024/RegGenie-171019/3.0/Images/ACR-003/ACR-003_internal_offer.PNG","171024/RegGenie-171019/3.0/Images/ACR-003/ACR-003_software.PNG","171024/RegGenie-171019/3.0/Images/ACR-003/ACR-003_software2.PNG"],"guid":"2ceb1ecf-6e5c-453a-b764-43905606c51d_3.0_1","appID":"RegGenie-171019","dateAdded":"171024","deceptorType":"App","name":"RegGenie","company":"RegGenie.com","version":"3.0","sigName":"Deceptor:Win32/RegGenie!003084","lastKnownStatus":"Deceptor: 3.0","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2728},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action. The application reports also identified the registry damage as medium, thereby misleading or scaring the user to take action.\n","ACR-017":"The application elevates its user trust level by displaying fake or unverifiable endorsements\n","ACR-168":"The application/offer displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"Does not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the internal offer.\nDoes not show any links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software\n","ACR-163":"The app requires one-to-one interaction in order to receive support. The app does not provide a non-interactive option.\nThe app requires one-to-one interaction in order to receive support. The app does not provide a non-interactive option.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide an easy to find interactions for cancellation or returns.\n","ACR-092":"The app is unsigned by the source disclosed in the offer.\n","ACR-160":"Upon calling the phone number provided it says the number is not currently setup to receive phone calls. Try again later.\n","ACR-099":"The app does not provide any uninstall instructions in the internal offer page.\nThe app does not provide any uninstall instructions in the software\n","ACR-017":"The application elevates its user trust level by displaying fake or unverifiable endorsements\n","ACR-168":"The application/offer displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"KT PC Optimizer.exe","isInstaller":"True","companyName":"Kevin Technocrats","productName":"KT PC OPTIMIZER","productVersion":"1.0.0","fileVersion":"1.0.0","hashMD5":"cbaa51825f482e5aff32aafdae37bd6a","hashSHA1":"b86304e87dedec4f0dad7452a227d90edf28b079","hashSHA256":"da63f50212ec5c2fd545820387e1582dd59f9c0cc835b2af263a49b6fc83f114","digitalCertThumbprint":"na unsigned","digitalCertIssuer":"na unsigned","digitalCertIssuedTo":"na unsigned","sourceIndex":"3348","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://ktpcoptimizer.com/en/en/index.html","directDownloadingLink":"http://ktpcoptimizer.com/en/en/KT%20PC%20OPTIMIZER.exe","ipv4":"","ipv6":"","sourceIndex":"3348"}],"sampleFiles":[],"imageFiles":["171024/KTPCOptimizer-171020/1.0.0/Images/ACR-017/ACR-017_internal_offer.PNG","171024/KTPCOptimizer-171020/1.0.0/Images/ACR-003/ACR-003_software.PNG","171024/KTPCOptimizer-171020/1.0.0/Images/ACR-168/ACR-168_software.PNG"],"nonDeceptorImageFiles":["171024/KTPCOptimizer-171020/1.0.0/Images/ACR-017/ACR-017_landing_page.PNG","171024/KTPCOptimizer-171020/1.0.0/Images/ACR-163/ACR-163_landing_page.PNG","171024/KTPCOptimizer-171020/1.0.0/Images/ACR-168/ACR-168_landing_page.PNG","171024/KTPCOptimizer-171020/1.0.0/Images/ACR-163/ACR-163_software.PNG"],"guid":"63e21b40-993d-44b0-b6fa-7c9be4f99fe4_1.0.0_1","appID":"KTPCOptimizer-171020","dateAdded":"171024","deceptorType":"App","name":"KT PC OPTIMIZER","company":"Kevin Technocrats","version":"1.0.0","sigName":"Deceptor:Win32/KTPCOptimizer!003017168","lastKnownStatus":"Deceptor: 1.0.0","lastKnownDate":"171020","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-22T00:05:39.7809092+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2729},{"violations":{"ACR-017":"App or landing page displays unverifiable certification logos and/or testimonials or third-party endorsements to fraudulently elevate the app's user trust level. Does not provide a hyperlink to verify any type of endorsement and its validity.\nThe application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and privacy policy link.\n","ACR-161":"The original review was not referenced from the listed quotes.\n","ACR-163":"","ACR-170":" The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-088":"A scan post-install was started without user action.\n","ACR-160":"Tried calling the call center and there was no answer. There was an answering machine stating to leave a message. \n","ACR-099":"Landing page is missing uninstall link. \nSoftware is missing uninstall link.\n","ACR-120":"The same app was re-advertised which is confusing and would make the consumer feel mislead / cheated earlier. \n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"Super Cleanup.exe","isInstaller":"True","companyName":"SUPER TUNEUP TECHNOLOGIES LLP","productName":"Super Cleanup","productVersion":"7.9.0.881","fileVersion":"7.9.0.881","hashMD5":"9a7ed34786ec281107b567188e62c84c","hashSHA1":"dfe8e313120d4bce6412c1c782e1b226ced03120","hashSHA256":"17fe1cb64af165b0212f4d14af47b5c0fac2d85ae6671a8c3411388a0d4c5d2e","digitalCertThumbprint":"2010AF29CA66CA330A3A06C5AC610061E4BD9A16","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"SUPER TUNEUP TECHNOLOGIES LLP","sourceIndex":"2553","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"scupsetup_site.exe","isInstaller":"True","companyName":"www.supercleanup.com/","productName":"Super Cleanup","productVersion":"7.9.0.881","fileVersion":"Super Cleanup","hashMD5":"3080cce1b47a1b0c6b3d5186f011e082","hashSHA1":"f870e02f0616bf95c18ca7bc39fe8ee5a5eab9e0","hashSHA256":"e0d62bd0a83514a58664a29f2a9b46b9e6f92d4db303316ff6ad00af5176239c","digitalCertThumbprint":"2010AF29CA66CA330A3A06C5AC610061E4BD9A16","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"SUPER TUNEUP TECHNOLOGIES LLP","sourceIndex":"2553","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.supercleanup.com","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/js/supercleanup/setups/scupsetup_site.exe","ipv4":"","ipv6":"","sourceIndex":"2553"}],"sampleFiles":[],"imageFiles":["171024/SuperCleaner-171019/7.9.0.881/Images/ACR-017/acr_017_offer_page.PNG","171024/SuperCleaner-171019/7.9.0.881/Images/ACR-017/acr_017.PNG","171024/SuperCleaner-171019/7.9.0.881/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["171024/SuperCleaner-171019/7.9.0.881/Images/ACR-161/acr_161.PNG","171024/SuperCleaner-171019/7.9.0.881/Images/ACR-168/one_one_interaction.PNG","171024/SuperCleaner-171019/7.9.0.881/Images/ACR-120/re-advertising_same_app.PNG"],"guid":"ced3408f-8bae-4bb2-931f-044c2997ed83_7.9.0.881_1","appID":"SuperCleaner-171019","dateAdded":"171024","deceptorType":"App","name":"Super Cleanup ","company":"SUPER TUNEUP TECHNOLOGIES LLP","version":"7.9.0.881","sigName":"Deceptor:Win32/SuperCleaner!017084","lastKnownStatus":"Deceptor: 7.9.0.881","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows XP,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-02-04T00:41:14.1366563+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2725},{"violations":{"ACR-003":"The application exaggerates Junk and temporary files windows and system as high improvement potential as well, thereby misleading or scaring user to take action.\n","ACR-017":"The application's installer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\nThe application's internal offer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"The application's install wizard has no link to the Returns and Cancellation Policy, Privacy Policy.\nThe application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's uninstall wizard provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-160":"The application does not use a certified call center to monetize the app. Tried calling the call center and there was no answer, there was a answering machine stating to leave a message.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"Existing decepter review","landingPage":"http://www.pcsuiteplus.com/","directDownloadingLink":"http://cloudfront.pcsuiteplus.com/pcsuiteplus/setup/pcsuiteplussetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://cloudfront.pcsuiteplus.com/pcsuiteplus/setup/pcsuiteplussetup.exe","sourceIndex":"3586"}],"sampleFiles":[],"imageFiles":["171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-003/ACR_003_SOFTWARE.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-017/ACR_017_INSTALL.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-017/ACR_017_SOFTWARE.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-065/ACR_065_INSTALL.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-065/ACR_065_SOFTWARE.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-163/ACR_163_SOFTWARE.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-163/ACR_163_UNINSTALL.PNG","171024/PCSuitePlus-171020/1.0.1827.16844/Images/ACR-163/ACR_163_LANDING_PAGE.PNG"],"guid":"fba5d31e-abb2-448a-a3a4-b624d0b3e400_1.0.1827.16844_1","appID":"PCSuitePlus-171020","dateAdded":"171024","deceptorType":"App","name":"PC Suite Plus","company":" Jawego Partners LLC","version":"1.0.1827.16844","sigName":"Deceptor:Win32/PCSuitePlus!003017084","lastKnownDate":"180702","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-07-02T19:49:01.2455352+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":2,"sortOrder":2162},{"violations":{"ACR-003":"The application exaggerates scanned items as a HIGH or MEDIUM system impact issue, thereby misleading or scaring the user to take action\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\nThe application fraudulently elevates its user trust level by displaying unverifiable endorsements\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n","ACR-168":"App doesn't disclose the additional offer may be made during phone call support alongside with phone number. \n\n"},"nonDeceptorViolations":{"ACR-065":"Software doesn't have a Eula and privacy policy link.\n","ACR-161":"The original review was not referenced for the quotes that were listed. Unable to verify quotes, quotes are not clickable\n","ACR-163":"Landing page requires one to one interaction in order to purchase, active or receive support.\nSoftware requires one to one interaction in order to purchase, active or receive support.\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-160":"Tried calling the call center and there was no answer, there was a answering machine stating to leave a message.\n","ACR-099":"Land page is missing uninstall link.\n","ACR-120":"App attempts to sell more services during app uninstall, it advertise its phone call service which leads more additional offers may be made during consumer phone call.\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"PC Suite Plus.exe","isInstaller":"True","companyName":"Jawego Partners LLC","productName":"PC Suite Plus","fileVersion":"3.0.0.0","hashMD5":"dcf54be3e1b253fbfdbc9b03128355d7","hashSHA1":"60720427ec3d94b77b365ab54b21fa475dcdd1ed","hashSHA256":"b48de0168a8bac3fc47121fff900c2123dacb784f3ac93ea89950038090d5443","digitalCertThumbprint":"97D24D954F734166AFF4BC2E390ACE9476383699","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":" Jawego Partners LLC","sourceIndex":"3585","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.pcsuiteplus.com/","directDownloadingLink":"http://cloudfront.pcsuiteplus.com/pcsuiteplus/setup/pcsuiteplussetup.exe","ipv4":"","ipv6":"","sourceIndex":"3585"}],"sampleFiles":[],"imageFiles":["171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-017/acr_017_offer_page.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-017/acr_017.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-003/acr_003.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-084/acr_084.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-168/PCSuitePlus.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-168/PCSuitePlus_Reg.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-168/PCSuitePlus_Reg2.PNG"],"nonDeceptorImageFiles":["171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-161/acr_161.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-163/one_one_interaction_landing_page.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-163/one_one_interaction_software.PNG","171024/PCSuitePlus-171020/1.0.18277.16844/Images/ACR-120/PCSuitePlus_Uninstall.PNG"],"guid":"fba5d31e-abb2-448a-a3a4-b624d0b3e400_1.0.18277.16844_1","appID":"PCSuitePlus-171020","dateAdded":"171024","deceptorType":"App","name":"PC Suite Plus","company":" Jawego Partners LLC","version":"1.0.18277.16844","sigName":"Deceptor:Win32/PCSuitePlus!003084168017","lastKnownDate":"180702","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-07-02T19:49:21.3170638+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":2,"sortOrder":2161},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys, junk files and browser cookies as errors, thereby misleading or scaring user to take action. The application showed the PC health at 5% out of 100% and reported errors with exaggerated numbers, thereby misleading or scaring the user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not provide a link to the app's EULA and/or Terms of Service, Returns and Cancellation Policy on the internal offers page.\nThe app does not provide a link to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the landing page\nThe app does not provide a link to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install\nThe app does not provide a link to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide an easy to find interactions for cancellation or returns.\n","ACR-099":"no uninstall information is provided on the internal offer page.\nno uninstall information is provided on the landing page\nno uninstall information is provided on the software\n","ACR-037":"The app does not present a privacy policy.\n","ACR-167":"No disclosure that a 30-day refund on anything paid is available to the consumer.\n","ACR-150":"The app displays award that are unable to be verified as they are not clickable on the internal offer page.\nThe app displays award that are unable to be verified as they are not clickable on the landing page.\n"},"samples":[{"isRevoked":"False","fileName":"Fast Windows Tweaker.exe","isInstaller":"True","companyName":"PCTweaker Technologies","productName":"FastWindowsTweaker","productVersion":"2.5.0.1","fileVersion":"2.5.0.1","hashMD5":"4ff659fda57c08785bef1b8c7a581e94","hashSHA1":"b5d36eec4b6d9541cacd68504e853a5f7de6f3ad","hashSHA256":"eabb332786a54944e64ad47fd414c809cec9bc7fdf079b35b7fa55fd71419220","digitalCertThumbprint":"NA unsigned","digitalCertIssuer":"NA unsigned","digitalCertIssuedTo":"NA unsigned","sourceIndex":"3382","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://www.fastwindowstweaker.com/","directDownloadingLink":"http://www.fastwindowstweaker.com/FastWindowsTweaker_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3382"}],"sampleFiles":[],"imageFiles":["171018/FastWindowsTweaker-171017/2.5.0.1/Images/ACR-003/ACR-003_software.PNG","171018/FastWindowsTweaker-171017/2.5.0.1/Images/ACR-003/ACR-003_software2.PNG"],"nonDeceptorImageFiles":["171018/FastWindowsTweaker-171017/2.5.0.1/Images/ACR-150/ACR-150_INTERNAL_OFFER.PNG","171018/FastWindowsTweaker-171017/2.5.0.1/Images/ACR-150/ACR-150_landing_page.PNG"],"guid":"a7f8d4b6-8fe1-491f-b2f5-b14c3c7b79ff_2.5.0.1_1","appID":"FastWindowsTweaker-171017","dateAdded":"171018","deceptorType":"App","name":"Fast Windows Tweaker","company":"PCTweaker Technologies","version":"2.5.0.1","sigName":"Deceptor:Win32/FastWindowsTweaker!003","lastKnownStatus":"Deceptor: 2.5.0.1","lastKnownDate":"171017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-03T02:58:30.2728945+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2732},{"violations":{"ACR-003":"The application makes exaggerated claims about the system's health, e.g. reporting junk files and registry entries with a severity level above \"Low\" (e.g. \"Medium\", \"High\", \"Danger\", etc.), to mislead and/or scare the user to take action.\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements\n\nApp has not verifiable endorsement logo, which mislead user the app recommended by the endorsement source. \n\nApp has not verifiable endorsement logo, which mislead user the app recommended by the endorsement source. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and Privacy policy links. \n","ACR-161":"The original review was not referenced, unable to verify whether or not the review is valid because it is not clickable. \n","ACR-163":"Landing page requires one to one interaction in order for consumer to purchase, active or receive support.\nSoftware requires one to one interaction in order for consumer to purchase, active or receive support.\n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-160":"Tried calling the call center and there wasn't an answer , there was an answering machine stating to leave a message. \n","ACR-099":"Landing page is missing uninstall link.\nSoftware is missing uninstall link.\n","ACR-120":"The same app was re-advertised which is confusing and would make the consumer feel cheated/ misled earlier. \n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"SecurePCCleaner.exe","isInstaller":"True","companyName":" SYS SECURE PC SOFTWARE LLP","productName":"Secure Pc Cleaner","productVersion":"4.18.72.870","fileVersion":"4.18.72.870","hashMD5":"f061af1ae05b980baa5a75cb04d0cc90","hashSHA1":"9f9d61da8aee4b3927ce093c81c64bc1bd9eb056","hashSHA256":"eb6cd7e28ed2283f8226db57ef3c0c51e5aa06a80b6d20d47ee92716961a758e","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":" SYS SECURE PC SOFTWARE LLP","sourceIndex":"2550","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"spc_site.exe","isInstaller":"True","companyName":"www.securepccleaner.com/","productName":"Secure PC Cleaner","productVersion":"4.5","fileVersion":"Secure PC Cleaner","hashMD5":"565385bd457032c6ba1eb4ab97ff1ff3","hashSHA1":"cdfac49bb600abde2f2dafd703394d107ad6d8b8","hashSHA256":"e9924982065a90dea99090f79a8da36055b8754abf32fcb8123d0da412da3a68","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"SYS SECURE PC SOFTWARE LLP","sourceIndex":"2550","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.securepccleaner.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/spc_site.exe","ipv4":"","ipv6":"","sourceIndex":"2550"}],"sampleFiles":["171018/SecurePcCleaner-171017/4.18.72.870/Samples/spc_site.exe"],"imageFiles":["171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-017/acr_017_offer_page.PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-017/acr_007_install (1).PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-003/acr_003.PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-003/acr_003_1.PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-017/acr_007_software (1).PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-084/acr_084.PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-168/one_to_one_interaction.PNG"],"nonDeceptorImageFiles":["171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-161/acr_161.PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-163/one_to_one_interaction_1.PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-168/one_to_one_interaction_1.PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-163/one_to_one_interaction.PNG","171018/SecurePcCleaner-171017/4.18.72.870/Images/ACR-120/re_advertised_same_app.PNG"],"guid":"ca23d8bd-0a4b-4bb3-9ffc-776225cd57ba_4.18.72.870_1","appID":"SecurePcCleaner-171017","dateAdded":"171018","deceptorType":"App","name":"SecurePCCleaner","company":"SYS SECURE PC SOFTWARE LLP","version":"4.18.72.870","sigName":"Deceptor:Win32/SecurePCCleaner!003084017168","lastKnownStatus":"Deceptor: 4.18.72.870","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2020-02-04T00:50:52.7520256+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2730},{"violations":{"ACR-003":"The application exaggerates missing registry, files as an error,  exaggerates number of \"error\", claims the registry damage level as high, thereby misleading or scaring the user to take action.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\nThe application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to privacy policy information.\nThe application has no link to privacy policy information on the about page.\n","ACR-161":"The application's privacy policy webpage has customer reviews that has no links back to the sources so consumers can verify if they're real.\nThe landing page has customer reviews that has no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The application's internal offer webpage provides contact numbers for support but does not provide an email address as a secondary means of contact.\nThe application provides a webpage after being installed with contact numbers for support but does not provide an email address as a secondary means of contact.\nThe application provides contact numbers for support but does not provide an email address as a secondary means of contact.\nThe application provides a webpage after being uninstalled, with contact numbers for support but does not provide an email address as a secondary means of contact.\n","ACR-170":"The application requires payment prior to demonstrating its value and does not provide a trial.\n","ACR-087":"The application decreases the computer performance by taking up high CPU Usage.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-160":"Contacted the phone number '800-256-3286' provided by PC Optimizer and got customer service for the product 'Natural Weight Loss Supplement Garcina Cambogia Extract'.\n","ACR-099":"The application's shopping cart webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"pc_optimizer.exe","isInstaller":"True","companyName":"Safeapzz","productName":"PC Optimizer","productVersion":"2.0","fileVersion":"0.0.0.0","hashMD5":"bb048ca8617352772f7b1eec4650114d","hashSHA1":"5f1137212c3d756ae7ef449b455e8bbfd12fa3d0","hashSHA256":"e9f21ef216e1475a517b2eed2ab01e3bcc70a03cac883646077d0b304a8a3479","digitalCertThumbprint":"C84F8AEEEF57A0052B88B5D1E071A3234093CB46","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"SparksGen Limited","sourceIndex":"3271","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"www.google.com","landingPage":"https://safeapzz.com/read_more_pc_optimizer.aspx","directDownloadingLink":"https://safeapzz.com/software/pc_optimizer/pc_optimizer.exe","ipv4":"","ipv6":"","sourceIndex":"3271"}],"sampleFiles":[],"imageFiles":["171018/PCOptimizer-171017/2.0/Images/ACR-168/ACR-163_INTERNAL_OFFERS.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-003/ACR-003_SOFTWARE.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-168/ACR-168_SOFTWARE.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-118/ACR-118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["171018/PCOptimizer-171017/2.0/Images/ACR-161/ACR-161_DOCS_SCREENSHOT_1.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-161/ACR-161_DOCS_SCREENSHOT_2.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-161/ACR-161_DOCS_SCREENSHOT_3.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-163/ACR-163_INTERNAL_OFFERS.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_1.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_2.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_3.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-163/ACR-163_INSTALL.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-065/ACR-065_INSTALL.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-163/ACR-163_SOFTWARE.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-087/ACR-087_SOFTWARE.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-092/ACR-092_SOFTWARE.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-170/ACR-170_SOFTWARE.PNG","171018/PCOptimizer-171017/2.0/Images/ACR-163/ACR-163_UNINSTALL.PNG"],"guid":"8c13e73b-5737-4d13-a89d-503c5e6c14d7_2.0_1","appID":"PCOptimizer-171017","dateAdded":"171018","deceptorType":"App","name":"PC Optimizer","company":" Safeapzz","version":"2.0","sigName":"Deceptor:Win32/SafeapzzPCOpimizer!003168118","lastKnownStatus":"Deceptor: 2.0","lastKnownDate":"190125","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 8,Windows 10,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-26T01:15:51.2630973+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2731},{"violations":{"ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable the task from the app interface as that option is not provided.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not show any links to the EULA and/or Returns and Cancellation Policy on the landing page.\nThe app does not show any links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install\nThe app does not show any links to the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide an easy to find interactions for cancellation or returns.\n","ACR-099":"No uninstall instructions are provided on the landing page.\nNo uninstall instructions are provided on the software.\n","ACR-167":"No disclosure for a 30-day refund policy is presented for the app.\n","ACR-159":"There was no mention that payment would be required to unlock the full functionality of the software.\n","ACR-003":"The application exaggerates empty and invalid registry keys as errors, thereby misleading or scaring user to take action.\n"},"samples":[{"isRevoked":"False","fileName":"MaxPerforma Optimizer.exe","isInstaller":"True","companyName":"AVSoftware Ltd","productName":"MaxPerforma Optimizer","productVersion":"4.7.1.0","fileVersion":"4.7.1.0","hashMD5":"83fd5f3e9b0da6804b34057911ffc762","hashSHA1":"8a1422c7096708da3a97f1d8b166a4e1fbf87900","hashSHA256":"e9609ef57e34e7045d2307a3ce3806868ac2603483a8c78717e567ebf73a7f62","digitalCertThumbprint":"575E090BD6E592BF14AA53361C43EACD1CC33E55","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"AVSoftware EOOD","sourceIndex":"3758","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"en.freedownloadmanager.org","landingPage":"http://www.maxperforma.com/","directDownloadingLink":"http://download.maxperforma.com/setup.exe","ipv4":"","ipv6":"","sourceIndex":"3758"}],"sampleFiles":["171017/MaxPerformaOptimizer-171017/4.7.1.0/Samples/setup.exe"],"imageFiles":["171017/MaxPerformaOptimizer-171017/4.7.1.0/Images/ACR-003/ACR-003_software.PNG","171017/MaxPerformaOptimizer-171017/4.7.1.0/Images/ACR-084/ACR-084_software.PNG","171017/MaxPerformaOptimizer-171017/4.7.1.0/Images/ACR-084/ACR-084_software2.PNG"],"nonDeceptorImageFiles":["171017/MaxPerformaOptimizer-171017/4.7.1.0/Images/ACR-003/ACR-003_software.PNG"],"guid":"faa6e267-3a89-458b-a334-760562f45659_4.7.1.0_1","appID":"MaxPerformaOptimizer-171017","dateAdded":"171017","deceptorType":"App","name":"MaxPerforma Optimizer","company":"MaxPerforma Optimizer","version":"4.7.1.0","sigName":"Deceptor:Win32/MaxPerformaOptimizer!003084","lastKnownStatus":"Deceptor:4.7.1.0","lastKnownDate":"171017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:25:59.278872+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2736},{"violations":{"ACR-003":"The application exaggerates the number of invalid registry keys, lists the normal browser extensions as problems, browser history and junk files as problems. The overall exaggerated scanning result leads misleading urgency for user to take action fixing the problems. \n"},"nonDeceptorViolations":{"ACR-065":"Does not show links to  the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the install.\nDoes not show links to  the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-170":"The app requires payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n","ACR-099":"No uninstall information is provided on the internal offer.\nNo uninstall information is provided on the landing page.\nNo uninstall information is provided on the software\n","ACR-167":"App's refund policy does not provided a 30-day refund disclosure.\n"},"samples":[{"isRevoked":"False","fileName":"PC Win Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.","productName":"PC Win Booster","productVersion":"9.9.7.865","fileVersion":"9.9.7.865","hashMD5":"9583afbc75a1dd04a7f0b2f8cd596e1b","hashSHA1":"8e5688e188f82e3e1d70ac6b500b74e690b885c8","hashSHA256":"a1db6b337fd65472d510c9b433407698f861f3fd63e28a0a36ec548872882e62","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Sorentio Systems Ltd","sourceIndex":"3385","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PC Win Booster.exe","isInstaller":"True","companyName":"Sorentio Systems Ltd.","productName":"PC Win Booster","productVersion":"9.9.9.877","fileVersion":"9.9.9.877","hashMD5":"ed4dca70d3536238e734c63440caca94","hashSHA1":"3f15131104c111f6f1253cd78ca0f8451aa048d1","hashSHA256":"a7aab800960020cbb896221edb4e76d2a7a8a6b8a7803a61d2667fb79b028bdf","digitalCertThumbprint":"22A9EA6431E55144D53F3880265F2156B54B97F8","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Sorentio Systems Ltd","sourceIndex":"3385","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"HUNT.SEARCH","reference":"http://softdeluxe.com","landingPage":"http://sorentioapps.com/pc-win-booster","directDownloadingLink":"http://sorentioapps.com/downloads/PC_Win_Booster.exe","ipv4":"","ipv6":"","sourceIndex":"3385"}],"sampleFiles":[],"imageFiles":["171017/PCWINBooster-171013/9.9.7.865/Images/ACR-003/ACR-003.PNG","171017/PCWINBooster-171013/9.9.7.865/Images/ACR-003/ACR-003_2.PNG","171017/PCWINBooster-171013/9.9.7.865/Images/ACR-003/PCWinBooster.PNG"],"nonDeceptorImageFiles":["171017/PCWINBooster-171013/9.9.7.865/Images/ACR-167/ACR-167.PNG"],"guid":"9d538a53-d424-465d-8485-dfd1540c2d75_9.9.7.865_1","appID":"PCWINBooster-171013","dateAdded":"171017","deceptorType":"App","name":"PC Win Booster","company":"Sorentio Systems Ltd.","version":"9.9.7.865","sigName":"Deceptor:Win32/PCWinBooster!003","lastKnownStatus":"Deceptor: 9.9.7.865","lastKnownDate":"171016","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 8,Windows 7,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-03T02:43:43.7749075+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2735},{"violations":{"ACR-048":"User can't disable the scheduled task even user is provided such option in app setting. The scheduled task is still enabled even user chooses not run when windows start up\n\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\nThe application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to privacy policy information.\nThe application has no link to privacy policy information.\n","ACR-161":"The landing page has user reviews that has no links back to the sources so consumers can verify if they're real.\n","ACR-163":"The application's internal offer webpage provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application provides a contact number for support but does not provide an email address as a secondary means of contact.\nThe application provides a webpage with contact numbers for support after being uninstalled but does not provide an email address as a secondary means of contact.\n","ACR-092":"The installed application has a different publisher name that what is located in the certification information.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application has no link to a webpage that shows how to uninstall the app.\n","ACR-168":"The application's internal offer webpage displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\nThe application displays a support call center phone number but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"reg_pro_cleaner.exe","isInstaller":"True","companyName":"SAFEAPZZ","productName":"Reg Pro Cleaner","productVersion":"3.0","fileVersion":"0.0.0.0","hashMD5":"6a96e1758e99720a96ad66251a9a3b5a","hashSHA1":"bee1bb1a6554d479b1bd189d38e5078da594c07b","hashSHA256":"261cc319bc943a4f2b3d702c66b79ad501b451b57d1317e19b355cc70a98f4f9","digitalCertThumbprint":"C84F8AEEEF57A0052B88B5D1E071A3234093CB46","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"SparksGen Limited","sourceIndex":"3384","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"https://safeapzz.com/","landingPage":"https://safeapzz.com/read_more_reg_pro_cleaner.aspx","directDownloadingLink":"https://safeapzz.com/software/reg_pro_cleaner/reg_pro_cleaner.exe","ipv4":"","ipv6":"","sourceIndex":"3384"}],"sampleFiles":[],"imageFiles":["171017/RegProCleaner-171017/3.0/Images/ACR-048/RegProCleaner_048.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-168/ACR-168_SOFTWARE_SCREENSHOT_1.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-168/ACR-168_SOFTWARE_SCREENSHOT_2.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-118/ACR-118_UNINSTALL.PNG"],"nonDeceptorImageFiles":["171017/RegProCleaner-171017/3.0/Images/ACR-065/ACR-065_INSTALL.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_1.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_2.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-161/ACR-161_LANDING_PAGE_SCREENSHOT_3.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-163/ACR-163_INTERNAL_OFFERS.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-163/ACR-163_SOFTWARE_SCREENSHOT_1.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-163/ACR-163_SOFTWARE_SCREENSHOT_2.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-163/ACR-163_UNINSTALL.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-092/ACR-092_SOFTWARE.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-168/ACR-168_SOFTWARE_SCREENSHOT_1.PNG","171017/RegProCleaner-171017/3.0/Images/ACR-168/ACR-168_SOFTWARE_SCREENSHOT_2.PNG"],"guid":"86afbf4f-eea2-408f-aa10-5ae6b3d5941c_3.0_1","appID":"RegProCleaner-171017","dateAdded":"171017","deceptorType":"App","name":"Reg Pro Cleaner","company":"Safeapzz","version":"3.0","sigName":"Deceptor:Win32/RegProCleaner!048168118","lastKnownStatus":"Deceptor: 3.0","lastKnownDate":"171017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-03T02:45:57.9900779+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2734},{"violations":{"ACR-003":"The application exaggerates scanned registry invalid items as errors, claims it has more than low level damage to system, misleads user to take action \n\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements.\nApp contains several unverifiable endorsement logo, for example Microsoft Partner, this should be clickable and leads to more details for any endorsement logo, certification mark or logo. \n","ACR-084":"With app default setting \"Do not schedule\" for scanning schedule, app secretly creates scheduled tasks without any disclosure.\n\n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and privacy policy links.\n","ACR-161":"The original review from the external consumer review was not referenced, unable to verify the quotes because they are not clickable. \n","ACR-163":"One to one interaction is needed in order to receive support, activate or purchase the application. \nOne to one interaction is needed in order to receive support, activate or purchase the application. \n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n\n","ACR-160":"Tried calling the call center and got a answering machine stating to leave a message.\n","ACR-099":"Software is missing uninstall link. \n","ACR-120":"The same app was re-advertised which is confusing and would make the consumer feel misled earlier. \n","ACR-168":"The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n\n"},"samples":[{"isRevoked":"False","fileName":"regtusetup_site.exe","isInstaller":"True","companyName":"SUPER TUNEUP TECHNOLOGIES LLP","productName":"Reg Tuneup","productVersion":"3.9.18.869","fileVersion":"3.9.18.869","hashMD5":"fca5ef83ceb8c38c182370f433b1c450","hashSHA1":" 23cd75b038a930e197b104943656e4ab98fed615","hashSHA256":"a3cce1c5d97a09891323e3811ece6f0380ce129604e7eb8f2f119babe794d886","digitalCertThumbprint":"2010AF29CA66CA330A3A06C5AC610061E4BD9A16","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"SUPER TUNEUP TECHNOLOGIES LLP","sourceIndex":"3383","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.regtuneup.com/","directDownloadingLink":"http://cdn.regtuneup.com/js/regtuneup/setups/regtusetup_site.exe","ipv4":"","ipv6":"","sourceIndex":"3383"}],"sampleFiles":["171017/RegTuneup-171017/3.9.18.869/Samples/regtusetup_site.exe"],"imageFiles":["171017/RegTuneup-171017/3.9.18.869/Images/ACR-017/acr_017.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-003/RegTuneup.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-003/acr_003.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-017/acr_007_software.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-084/RegTuneup_084.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-168/one_to_one_interaction.PNG"],"nonDeceptorImageFiles":["171017/RegTuneup-171017/3.9.18.869/Images/ACR-161/acr_161.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-163/one_to_one_interaction_1.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-168/one_to_one_interaction_1.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-163/one_to_one_interaction.PNG","171017/RegTuneup-171017/3.9.18.869/Images/ACR-120/re-advertised_same_app.PNG"],"guid":"d427a243-52f1-4eda-9fc0-fcc417e125b5_3.9.18.869_1","appID":"RegTuneup-171017","dateAdded":"171017","deceptorType":"App","name":"RegTuneup","company":" SUPER TUNEUP TECHNOLOGIES LLP","version":"3.9.18.869","sigName":"Deceptor:Win32/RegTuneup!003084168","lastKnownStatus":"Deceptor: 3.9.18.869","lastKnownDate":"171017","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-03T02:50:55.1161073+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2733},{"violations":{"ACR-003":"The application exaggerates \"Shared DLL\", \"Missing Registry\" and \"VMWare Software\" as an error and portrays the importance as a HIGH or MEDIUM system impact issue, thereby misleading or scaring the user to take action\n","ACR-084":"The app runs silently in the background despite the consumer uninstalled the app, hiding the fact that it is active from the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components \"Auto Shutdown\" and \"Common.dll\" on the device without explicitily prompting the consumer to close the app.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"WinASO_RO_v5.3.1.exe","isInstaller":"True","companyName":"X.M.Y International LLC","productName":"WinASO Registry Optimizer","productVersion":"5.3.1","fileVersion":"5.3.1","hashMD5":"069324266b453af17ad9240350cc1b13","hashSHA1":"da6e9b739db530371d0d13ff368b7bcef4485315","hashSHA256":"02343a0ea327e8abadafa8f357dde77ae49e9195b428b5c2cdd496d07fa6a1a6","digitalCertThumbprint":"c0121ab2095e9721eef2451ab7e9e108652b09d3","digitalCertIssuer":"WoSign Class 3 Code Signing CA G2","digitalCertIssuedTo":"CN, Beijing, Beijing, Sunny Network Tech LTD., support@sunnydigits.com, Sunny Network Tech LTD","sourceIndex":"3171","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinASO_RO_v5.4.0.1.exe","isInstaller":"True","companyName":"X.M.Y International LLC","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"7978992a67c58904fb24c34d14b69268","hashSHA1":"3524a98a98455e0e698dc41d30e697fc8dec1d71","hashSHA256":"d1cf92b9cf71f1f32c9313412485b68cf6cb3c0cb6d0a8b41468ce5d3e560dce","digitalCertThumbprint":"C0121AB2095E9721EEF2451AB7E9E108652B09D3","digitalCertIssuer":"WoSign Class 3 Code Signing CA G2","digitalCertIssuedTo":"Sunny Network Tech LTD.","sourceIndex":"3171","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submission ","reference":"submission from software.informer.com","landingPage":"https://www.winaso.com/registry_optimizer/","ipv4":"","ipv6":"","sourceIndex":"3171"}],"sampleFiles":["171016/D-WinASORegistryOptimizer-170913/5.3.0/Samples/WinASO_RO_v5.4.0.1.exe"],"imageFiles":["171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-003/ACR-003_Software_Exaggerates_Missing_DLL_As_Error.JPG","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-003/ACR-003_Software_Exaggerates_Missing_DLL_As_Error1.JPG","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-003/ACR-003_Software_Exaggerates_SharedDLL_As_Error.JPG","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-003/ACR-003_Software_Exaggerates_VMWare_As_Danger.JPG","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-003/ACR-003_Software_Exaggeration.mp4","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-084/ACR-084_Software_AutoShutdown_Runs_Silently_Despite_Consumer_Uninstalled_The_App.JPG","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-084/ACR-084_Software_AutoShutdown_Runs_Silently_Despite_Consumer_Uninstalled_The_App.mp4","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-118/ACR-118_Uninstall_AutoShutdown_Executable_Retains_The_Components.JPG","171016/D-WinASORegistryOptimizer-170913/5.3.0/Images/ACR-118/ACR-118_Uninstall_AutoShutdown_Executable_Retains_The_Components.mp4"],"nonDeceptorImageFiles":[],"guid":"28ef17c2-099f-4e06-8b24-4c1200a4ac40_5.3.0_1","appID":"D-WinASORegistryOptimizer-170913","dateAdded":"171016","deceptorType":"App","name":"WinASORegistryOptimizer","company":"X.M.Y International LLC","version":"5.3.0","sigName":"Deceptor:Win32/WinASORegistryOptimizer!003084118","firstVendorContactDate":"170926","firstAppEsteemReplyDate":"170926","firstResolvedDate":"171016","firstResolvedVersion":"5.4.0.1","resolved":"TRUE","lastKnownStatus":"Deceptor: 5.3.0","lastKnownDate":"190222","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 2000, Windows 2008","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2019-02-22T17:54:15.3857986+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2737},{"violations":{"ACR-003":"The application exaggerates missing registry, files as an error and portrays the registry damage level as “Medium”, thereby misleading or scaring the user to take action.\n","ACR-084":"Schedule is turn off in the software window but is running in windows task scheduler. \n"},"nonDeceptorViolations":{"ACR-065":"No EULA/ToS, Privacy Policy/Return Police. \n","ACR-161":"Unable to verify the original review that was referenced. \n","ACR-170":"The app required payment prior to  demonstrating its value and does not provide a trial , throttle or any other means. The app does not provide easy to find interactions for cancellation or returns.\n","ACR-099":"No uninstall link is listed on the landing page.\nNo uninstall link is listed on the software page \n","ACR-120":"The same app was Re-advertised which is confusing to consumers, a lower price was also offered which would make the consumer's feel they were mislead earlier.\n","ACR-167":"A return and cancellation policy was not offered which would only make the consumer go through difficulties when trying to cancel. \n","ACR-064":"The download button was not clearly-labelled, the button listed is labelled as Start Free Scan.\n"},"samples":[{"isRevoked":"False","fileName":"PerfectRegistrysetup.exe","isInstaller":"True","companyName":" Raxco Software, Inc.","productName":"PerfectRegistry","productVersion":"2.0.0","fileVersion":"2.0.0","hashMD5":"2b45a4eb975087f4cee7a59c3299a4c","hashSHA1":"454235aa2728eb93dfab4933f239f4fc8e1022d0","hashSHA256":"ab56199cb664cbaa11d45fbb540ec1e2b9cab2cd29a623bcc1e4e614bee47411","digitalCertThumbprint":"55FDD210D058482D13F9F63845EB6077B468190E","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Raxco Software, Inc.","sourceIndex":"3643","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.raxco.com/home/products/perfectregistry","directDownloadingLink":"http://ftp.raxco.com/pub/download/pr2/PRsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3643"}],"sampleFiles":[],"imageFiles":["171010/PerfectRegistry-171009/2.0/Images/ACR-003/acr_003.PNG","171010/PerfectRegistry-171009/2.0/Images/ACR-003/acr_003_1.PNG","171010/PerfectRegistry-171009/2.0/Images/ACR-084/acr_084_disgusing_presence.PNG"],"nonDeceptorImageFiles":["171010/PerfectRegistry-171009/2.0/Images/ACR-161/PerfectRegistry.PNG","171010/PerfectRegistry-171009/2.0/Images/ACR-064/ACR_064.PNG","171010/PerfectRegistry-171009/2.0/Images/ACR-120/when_uninstalling.PNG"],"guid":"8fa9ec00-dbcc-48c2-a4bd-b9c65baa8818_2.0_1","appID":"PerfectRegistry-171009","dateAdded":"171010","deceptorType":"App","name":"PerfectRegistry","company":"Raxco Software, Inc.","version":"2.0","sigName":"Deceptor:Win32/PerfectRegistry!003084","firstVendorContactDate":"180205","firstAppEsteemReplyDate":"180205","firstResolvedDate":"180318","firstResolvedVersion":"2.0.0.3127","resolved":"TRUE","lastKnownStatus":"Deceptor: 2.0","lastKnownDate":"171009","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-04-12T23:24:21.1168054+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2738},{"violations":{"ACR-168":"The application displays a support call center phone number, but does not disclose that additional offers may be made \n"},"nonDeceptorViolations":{"ACR-065":"The Application has no link to the Privacy policy on the installation window \nThe Application has no link to the Privacy policy or EULA on the About window\n","ACR-163":"The application only has a phone number but no email address to offer a secondary means of getting support\n","ACR-099":"The Landing page has no uninstall information link on both the top and bottom of the website\nThe application has no uninstall information link on the About page\n"},"samples":[{"isRevoked":"False","fileName":"Akick_PC_Optimizer.exe","isInstaller":"True","companyName":"AKick Software Inc.","productName":"Akick PC Optimizer","productVersion":"1.2.0.0","fileVersion":"1.2.0.0","hashMD5":"1efff4b4bc582859f1f21919fe9559f0","hashSHA1":"ee7b9d9ca4ac933a8ec0f6bed307ceb8abce13ba","hashSHA256":"5833c74fc84fadf0870cc8ee0f08e92216fb0e524ea49640fb9b88a2918b80f6","digitalCertThumbprint":"91019E7771668A6BF0ECA061CDE2D884CBC38192","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"AKick Software","sourceIndex":"3386","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com","landingPage":"https://www.akick.com/optimizer.html","directDownloadingLink":"https://www.akick.com/security/Akick_PC_Optimizer.exe","ipv4":"","ipv6":"","sourceIndex":"3386"}],"sampleFiles":[],"imageFiles":["171010/AKickPCOptimizer-171003/1.2.0.0/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171010/AKickPCOptimizer-171003/1.2.0.0/Images/ACR-099/ACR-099_LANDING_PAGE.PNG","171010/AKickPCOptimizer-171003/1.2.0.0/Images/ACR-065/ACR-065_INSTALL.PNG","171010/AKickPCOptimizer-171003/1.2.0.0/Images/ACR-163/ACR-163_SOFTWARE.PNG","171010/AKickPCOptimizer-171003/1.2.0.0/Images/ACR-065/ACR-065_SOFTWARE.PNG","171010/AKickPCOptimizer-171003/1.2.0.0/Images/ACR-099/ACR-099_SOFTWARE.PNG"],"guid":"31ee9c71-e1d6-478a-bc34-3c3964f6cc10_1.2.0.0_1","appID":"AKickPCOptimizer-171003","dateAdded":"171010","deceptorType":"App","name":"AKick PC Optimizer","company":"Akick Software Inc.","version":"1.2.0.0","sigName":"Deceptor:Win32/AkickPCOptimizer!168","lastKnownStatus":"Deceptor: 1.2.0.0","lastKnownDate":"171003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10,Windows 7,Windows 8,Windows Vista,Windows XP","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-03T02:41:04.9705037+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2739},{"violations":{"ACR-168":"The internal offer only allows consumer to call but does not disclose that additional offers may be made \n\nThe application displays a call center phone number, but does not disclose that additional offers may be made. There is no non-interactive mean to purchase and active. User must to make a call to purchase or active.\n"},"nonDeceptorViolations":{"ACR-065":"The install wizard has no link to privacy policy\nThe application about page has no link to privacy policy\n","ACR-161":"The Landing page has customer reviews that has no links back to their sources so consumers can verify they're real\nThe application has customer reviews that has no links back to their sources so consumers can verify they're real\n","ACR-163":"In order to purchase or register the application consumer has to call a phone number\nThe application has phone number to call in order consumers need help but no email address.\n","ACR-170":"The application does not allow the issues to be fixed unless consumer calls .\n","ACR-160":"Contacted PC HomeRun on the phone number 1-800-709-9235 and asked them what is the name of the company and they stated they are 'Technical Support'\n","ACR-099":"The Landing page has no uninstall information link\nThe application has no uninstall information link on the about page.\n","ACR-167":"Eula and the Privacy Policy has no refund policy \n","ACR-168":"The landing page displays a call center phone number, but does not disclose that additional offers may be made.\n"},"samples":[{"isRevoked":"False","fileName":"pc-optimizer.exe","isInstaller":"True","companyName":"PC HomeRun.","productName":"PCHomeRun Optimizer","productVersion":"1.0","fileVersion":"0.0.0.0","hashMD5":"e344e6f1cb3e7bb3e1d2f64966f383a0","hashSHA1":"fcefc91765ca09cf78fff6f864ba887ba23a4dfe","hashSHA256":"a32b673d307056b0a40f9c3cdaf3cd0d06ef418d8b22a1c7a4eab0a91a260c03","digitalCertThumbprint":"1B9011DFC015873A185D48626D8FDED03C4FDDB3","digitalCertIssuer":"COMODO Code Signing CA 2","digitalCertIssuedTo":"​Dezillion LLC","sourceIndex":"3387","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.top4download.com/","landingPage":"http://pchomerun.com/products/optimizer.html","directDownloadingLink":"http://pchomerun.com/download/pc-optimizer.exe","ipv4":"","ipv6":"","sourceIndex":"3387"}],"sampleFiles":[],"imageFiles":["171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-168/ACR-168_INTERNAL_OFFERS.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-163/ACR-163_INTERNAL_OFFERS.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-168/ACR-168_LANDING_PAGE.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-065/ACR-065_INSTALL.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-161/ACR-161_SOFTWARE.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-163/ACR-163_SOFTWARE.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-170/ACR-170_SOFTWARE.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-065/ACR-065_SOFTWARE.PNG","171008/PCHomeRun Optimizer-171005/1.0/Images/ACR-099/ACR-099_SOFTWARE.PNG"],"guid":"ceeaf6aa-4e9f-4d28-a565-72f961ce50c4_1.0_1","appID":"PCHomeRun Optimizer-171005","dateAdded":"171008","deceptorType":"App","name":"PC HomeRun Optimizer","company":"PC HomeRun","version":"1.0","sigName":"Deceptor:Win32/PCHomeRun!168","lastKnownStatus":"Deceptor: 1.0","lastKnownDate":"171005","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-01-03T02:39:53.2704434+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2740},{"violations":{"ACR-003":"The application exaggerates invalid registry items with high urgency and claims system registry healthy is danger, thereby misleading or scaring user to take action. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent\n","ACR-168":"No disclosure that additional offers may be made to the consumer as a result of one-to-one interaction.\n"},"nonDeceptorViolations":{"ACR-065":"App does not provide links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy during install.\nApp does not provide links to the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy on the software.\n","ACR-002":"There is no mention of Secursoft srl who signed the certificate for the app in the EULA.\n","ACR-163":"The app only provides a phone number (one-to-one interaction) for support. No non-interactive options are provided.\n","ACR-170":"The app requires payment prior to demonstrating its value to the consumer. No trials, throttles, partial delivery or any other means are provided.\n","ACR-092":"The app's digital code-signature has a different name than the vendor and it not disclosed in the EULA/Terms of Use.\n","ACR-160":"unable to verify. Please check.\n","ACR-099":"No uninstall information is available on the software\n","ACR-120":"Upon uninstalling the app the consumer is presented a a discount of 50% of the same app.\n","ACR-167":"No mention of a 30-day refund policy in EULA, Terms of Service or Privacy Policy.\n","ACR-171":"The recurring payment is pre-checked (opt-out)\n"},"samples":[{"isRevoked":"False","fileName":"Cleaner Pro.exe","isInstaller":"True","companyName":"Cleaner Pro","productName":"Cleaner Pro","productVersion":"2.6.2","fileVersion":"2.6.2","hashMD5":"3ce34d0daa84007ec9e3fed121c7a315","hashSHA1":"955183f1333e410a71c019de2580b288af22aaeb","hashSHA256":"365730abad6fd70c393ec3d0f8e4704a20549c94ab59cd04a8e0d0a5ed34562f","digitalCertThumbprint":"22A544D06814A2A0B941802ADF54D049EF5878F9","digitalCertIssuer":"GlobalSign CodeSigning CA - SHA256 - G2","digitalCertIssuedTo":"Secursoft srl","sourceIndex":"3388","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.dogpile.com","landingPage":"https://www.cleanerpro.net/","directDownloadingLink":"http://www.cleanerpro.net/download/CleanerProSetup.exe","ipv4":"","ipv6":"","sourceIndex":"3388"}],"sampleFiles":[],"imageFiles":["171008/Cleaner Pro-171004/2.6.2/Images/ACR-003/ACR-003_software.PNG","171008/Cleaner Pro-171004/2.6.2/Images/ACR-003/ACR-003_software2.PNG","171008/Cleaner Pro-171004/2.6.2/Images/ACR-084/ACR-084_software.PNG","171008/Cleaner Pro-171004/2.6.2/Images/ACR-084/ACR-084_task_scheduler.PNG","171008/Cleaner Pro-171004/2.6.2/Images/ACR-168/ACR-168_software.PNG"],"nonDeceptorImageFiles":["171008/Cleaner Pro-171004/2.6.2/Images/ACR-171/ACR-171_internal_offer.PNG","171008/Cleaner Pro-171004/2.6.2/Images/ACR-163/ACR-163_software.PNG","171008/Cleaner Pro-171004/2.6.2/Images/ACR-170/ACR-170_software.PNG","171008/Cleaner Pro-171004/2.6.2/Images/ACR-120/ACR-120_uninstall.PNG"],"guid":"f351921b-06ae-4038-abb1-0dd5856b9c67_2.6.2_1","appID":"Cleaner Pro-171004","dateAdded":"171008","deceptorType":"App","name":"Cleaner Pro","company":"Cleaner Pro","version":"2.6.2","sigName":"Deceptor:Win32.CleanerPro!003084168","lastKnownStatus":"Deceptor: 2.6.2","lastKnownDate":"171004","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2019-01-03T02:38:08.6734029+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2741},{"violations":{"ACR-003":"Exaggerated claims that are misleading, scaring the consumer to take action.\n","ACR-016":"A displayed ad leads to direct downloading and installation of an app.\n"},"nonDeceptorViolations":{"ACR-065":"No link to Privacy Policy during installation.\nEULA/Terms of Service/Returns & Cancellation Policy/Privacy Policy is not disclosed on the software.\n","ACR-088":"The app started performing the system scans post install without user action.\n","ACR-099":"Uninstall information not disclosed on the software.\n","ACR-017":"No link to verify logos and reviews.\n"},"samples":[{"isRevoked":"False","fileName":"ppcpsetupsite.exe","isInstaller":"True","companyName":"Pinnacle PC Performance","productName":"Pinnacle PC Performance","productVersion":"1.0.0.23082","fileVersion":"1.0.0.23082","hashMD5":"6bf3ce3aef6d1c082e7c117b2193ac48","hashSHA1":"660434a8333139ff7ec4d577b9e90cbadad2751a","hashSHA256":"736ae3abbe2c80efe349ddec28aea81c740d7c3ea0f2b6c0fd2e8a063000471f","digitalCertThumbprint":"82467AC05052315D2F4E2F7CFF448F9D26393406","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Pinnacle PC Performance","sourceIndex":"3389","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"www.windows7download.com","landingPage":"http://pinnaclepcperformance.com/","directDownloadingLink":"http://cdn.pinnaclepcperformance.com/ppcp/securerc/ppcpsetupsite.exe","ipv4":"","ipv6":"","sourceIndex":"3389"}],"sampleFiles":[],"imageFiles":["171007/Pinnacle PC Performance-170926/1.0.0.23082/Images/ACR-016/ACR-016_AdsInsideApp_InstallsDirectlyWithoutTakingTheConsumerToLandingPage.jpg","171007/Pinnacle PC Performance-170926/1.0.0.23082/Images/ACR-003/ACR-003_ExaggeratedClaims.jpg"],"nonDeceptorImageFiles":["171007/Pinnacle PC Performance-170926/1.0.0.23082/Images/ACR-017/ACR-017_LandingPage_NoLinkToVerifyLogos.jpg","171007/Pinnacle PC Performance-170926/1.0.0.23082/Images/ACR-017/ACR-017_LandingPage_NoLinkToVerifyReviews.jpg","171007/Pinnacle PC Performance-170926/1.0.0.23082/Images/ACR-065/ACR-065_Install_NoLinkToPrivacyPolicy.jpg","171007/Pinnacle PC Performance-170926/1.0.0.23082/Images/ACR-065/ACR-065_Software_MissingEULA,PrivacyPolicy,CancellationPolicy.JPG","171007/Pinnacle PC Performance-170926/1.0.0.23082/Images/ACR-099/ACR-099_Software_MissingUninstallInfo.JPG"],"guid":"294893ae-5b37-4675-acb5-9266daa8feaf_1.0.0.23082_1","appID":"Pinnacle PC Performance-170926","dateAdded":"171007","deceptorType":"App","name":"Pinnacle PC Performance","company":"Pinnacle PC Performance","version":"1.0.0.23082","sigName":"Deceptor:Win32/PinnaclePCPerformance!003","lastKnownStatus":"Deceptor:1.0.0.23082","lastKnownDate":"171006","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,cross-sell other apps","lastUpdate":"2019-01-03T02:33:10.0619473+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2742},{"violations":{"ACR-003":"The application exaggeratedly claim registry invalid items as error and raises misleading urgency for non-urgent registry invalid items for user to take action.\n","ACR-017":"The internal offer shopping cart page places the misleading trust marks and leads user into taking purchasing action based on the misleading information from those marks.\n"},"nonDeceptorViolations":{"ACR-065":"The application install process has no link to privacy policy \n","ACR-002":"The Eula has different name than what the installed application has in the digital signature.\n","ACR-170":"The application will not allow issues to be fixed unless it is registered first and doesn't have return policy.\n","ACR-092":"The application has has a different vendor/publisher in the EULA than what is mentioned in the installer.\n","ACR-099":"Internal offer webpage has no uninstall information link \nThe application has no uninstall information \n","ACR-150":"Shopping cart webpage has a icon stating that the app is a 'Microsoft Certified Partner' but it not clickable to be able to verify if it is true.\n"},"samples":[{"isRevoked":"False","fileName":"WiseFixer.exe","companyName":"FoxthSoft","productName":"WiseFixer","productVersion":"4.0","fileVersion":"0.0.0.0","hashMD5":"30842583d5d42afca6753ced0f5939ee","hashSHA1":"6e6a9510a9e376d975f4019ecf62b90bec21e497","hashSHA256":"5f5b345e93a0058f3bbcb7e419c725a43782c728d74e355d6501af9ed844054f","digitalCertThumbprint":"6537B50F8404D3C5A98EF9084415B145DA652757","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"3597","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.top4download.com/","landingPage":"http://wisefixer.com/","directDownloadingLink":"http://www.wisefixer.com/download/WiseFixer.exe","ipv4":"","ipv6":"","sourceIndex":"3597"}],"sampleFiles":[],"imageFiles":["171006/WiseFixer-171004/4.0/Images/ACR-017/ACR-017_INTERNAL_OFFERS.PNG","171006/WiseFixer-171004/4.0/Images/ACR-003/ACR-003_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171006/WiseFixer-171004/4.0/Images/ACR-002/ACR- 002_DOCS.PNG","171006/WiseFixer-171004/4.0/Images/ACR-150/ACR-150_INTERNAL_OFFERS.PNG","171006/WiseFixer-171004/4.0/Images/ACR-099/ACR-099_INTERNAL_OFFERS.PNG","171006/WiseFixer-171004/4.0/Images/ACR-065/ACR-065_INSTALL.PNG","171006/WiseFixer-171004/4.0/Images/ACR-092/ACR-092_SOFTWARE.PNG","171006/WiseFixer-171004/4.0/Images/ACR-170/ACR-170_SOFTWARE.PNG"],"guid":"9c8871ce-343a-4ab1-b751-cc00c3351dfc_4.0_1","appID":"WiseFixer-171004","dateAdded":"171006","deceptorType":"App","name":"WiseFixer","company":"Foxth Software Co., Ltd","version":"4.0","sigName":"Deceptor:Win32/WiseFixer!003","lastKnownStatus":"Deceptor: 4.0","lastKnownDate":"171004","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid","lastUpdate":"2018-06-29T03:10:09.9626112+00:00","notDistributed":false,"familyName":"smartfixer-winreg-lionchi","numInFamily":14,"numInAppID":1,"sortOrder":2526},{"violations":{"ACR-042":"Additional app was installed without consumers permission through explicit user action. \n","ACR-043":"My Phone Support was installed but was not disclosed in the Offer.\n","ACR-168":"Software did not disclose that \"additional offers may apply\" when using the one to one interaction \n","ACR-118":"After uninstalling software, the executable was retain in the default location.\n"},"nonDeceptorViolations":{"ACR-163":"Landing page requires one to one interaction in order to require refund, purchase and to receive support.\nSoftware requires one to one interaction in order to require refund, purchase and to receive support.\n","ACR-160":"Call the call center and the agent is not familiar with the Software name. Agent states the name of the company is My phone support. \n","ACR-099":"Software is missing Uninstall link.\n","ACR-169":"Affiliation was not clearly and conspicuously  disclosed on the landing page \n","ACR-017":"Endorsements and certifications are misleading and fraudulent, unable to verify endorsements and certifications. Endorsements are clickable but leads to error page \n","ACR-168":"Landing page did not disclose that \"additional offers may apply\" when using the one to one interaction \n"},"samples":[{"isRevoked":"False","fileName":"Install_Clean_PC_Max","isInstaller":"True","companyName":"Consumer Software International","productName":"Clean PC Max","productVersion":"2.0","fileVersion":"2.0.0.0","hashMD5":"dbb7751c86223378e2ebb5ef20eb7383","hashSHA1":"c6a74418d62f8140b112dacddbe1979a0b621762","hashSHA256":"36724e5feaea53ca4a204d68cc8c607c89ded0d971ba106f8ad5ff46144f9578","digitalCertThumbprint":"8F4363D1FB7008F0226E6E28D3BD74AEB7C2019D","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Consumer Software International","sourceIndex":"3390","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://www.cleanpcmax.com/","directDownloadingLink":"http://www.cleanpcmax.com/d/2/Install%20Clean%20PC%20Max.exe","ipv4":"","ipv6":"","sourceIndex":"3390"}],"sampleFiles":[],"imageFiles":["171006/Clean PC Max-171006/2.0.0/Images/ACR-043/CleanPCMax.PNG","171006/Clean PC Max-171006/2.0.0/Images/ACR-168/acr_168_Software.PNG","171006/Clean PC Max-171006/2.0.0/Images/ACR-118/acr_118.PNG","171006/Clean PC Max-171006/2.0.0/Images/ACR-042/acr_042.PNG"],"nonDeceptorImageFiles":["171006/Clean PC Max-171006/2.0.0/Images/ACR-017/acr_017_landing_page.PNG","171006/Clean PC Max-171006/2.0.0/Images/ACR-168/acr_168_landing_page.PNG","171006/Clean PC Max-171006/2.0.0/Images/ACR-042/acr_042.PNG"],"guid":"67f5af9e-c21e-47e1-a42a-1e13e69852d1_2.0.0_1","appID":"Clean PC Max-171006","dateAdded":"171006","deceptorType":"App","name":"Clean PC Max","company":"Consumer Software International","version":"2.0.0","sigName":"Deceptor:Win32/CleanPCMax!042043168118","lastKnownStatus":"Deceptor:2.0.0","lastKnownDate":"171006","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center","lastUpdate":"2019-01-03T02:27:41.3791015+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2744},{"violations":{"ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumers knowledge even when there is no scheduled scan enabled\n","ACR-168":"The application displays a support call center phone number, but does not disclose that additional offers may be made\n"},"nonDeceptorViolations":{"ACR-065":"Inline Offer Application \"PC OptiDriver has no link for the EULA or Privacy Policy on the about page \nThe Application has no link to the Privacy policy or EULA on the about page\n","ACR-163":"Landing page for PC OptiDriver displays a phone number, but doesn't disclose that additional offers (support contracts) will be made.\nLanding page displays a phone number, but doesn't disclose that additional offers (support contracts) will be made.\nApplication is stating that consumer should call now to activate toll free, no email option is available\n","ACR-160":"unable to verify if company has a certified call center at this time please review \n","ACR-099":"The application has no link to uninstall information \n","ACR-035":"Contact information and name of App is missing from terms of use, Privacy policy and the EULA\n","ACR-168":"The application displays a support call center phone number, but does not disclose that additional offers may be made\n"},"samples":[{"isRevoked":"False","fileName":"PCOptiClean_Setup.exe","isInstaller":"True","companyName":"Seguro Software, LLC","productName":"PC OptiClean","productVersion":"4.1","fileVersion":"4.1.0.0","hashMD5":"806ac70e6ec4c4a2821bd095ffdffc4a","hashSHA1":"b92b8469775039a6f6d646abd5215851418abfe2","hashSHA256":"f46fecd2a7c464e95f216769b001665b714ecd1744eeec446a261af7eb632bf2","digitalCertThumbprint":"EB08AB74C33E123481B8FE1DE9E193BB235D1690","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"Seguro Software, LLC","sourceIndex":"3740","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"https://www.top4download.com/","landingPage":"http://www.pcopticlean.com/","directDownloadingLink":"http://www.pcopticlean.com/download/PCOptiClean_Setup.exe","ipv4":"","ipv6":"","sourceIndex":"3740"}],"sampleFiles":["171006/PC OptiClean-171002/4.1/Samples/PCOptiClean_Setup.exe"],"imageFiles":["171006/PC OptiClean-171002/4.1/Images/ACR-084/ACR-084_SOFTWARE.PNG","171006/PC OptiClean-171002/4.1/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171006/PC OptiClean-171002/4.1/Images/ACR-065/ACR-065_INLINE_OFFERS.PNG","171006/PC OptiClean-171002/4.1/Images/ACR-065/ACR-065_SOFTWARE.PNG","171006/PC OptiClean-171002/4.1/Images/ACR-099/ACR-065_SOFTWARE.PNG","171006/PC OptiClean-171002/4.1/Images/ACR-163/ACR-163_INLINE_OFFERS.PNG","171006/PC OptiClean-171002/4.1/Images/ACR-163/ACR-163_LANDING_PAGE.PNG","171006/PC OptiClean-171002/4.1/Images/ACR-163/ACR-163_SOFTWARE.PNG","171006/PC OptiClean-171002/4.1/Images/ACR-099/ACR-065_SOFTWARE.PNG","171006/PC OptiClean-171002/4.1/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"guid":"476ff1eb-384f-4dc8-9b3a-599c863077b2_4.1_1","appID":"PC OptiClean-171002","dateAdded":"171006","deceptorType":"App","name":"PC OptiClean","company":"Seguro Software, LLC","version":"4.1","sigName":"Deceptor:Win32/PCOptiClean!084168","firstVendorContactDate":"171122","firstAppEsteemReplyDate":"171212","firstResolvedDate":"171208","firstResolvedVersion":"Non Deceptor: 4.1","resolved":"TRUE","lastKnownStatus":"Deceptor: 4.1","lastKnownDate":"171006","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Adults only","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-02-15T00:28:57.120333+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2743},{"violations":{"ACR-003":"The application exaggerates tracking cookies and personal data as threats with high impact level, thereby misleading or scaring user to take action.\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n\n","ACR-088":"The application starts a scan post installation without user interaction or permission\n\n","ACR-092":"The application does not have a digital signature.\n\n","ACR-157":"The application does not have a digital signature.\n\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-171":"The consumer is required to opt-out of additional payment for insurance service which was not pre-disclosed.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"1-click-pc-care_full1017.exe","isInstaller":"True","companyName":"Wondershare                                                 ","productName":"Wondershare 1-Click PC Care 8","productVersion":"8.2.1.0","fileVersion":"8.2.1.0","hashMD5":"df8754fccdd69d0e72aa84fa884bdd11","hashSHA1":"046eba84bf324889e784e5b7bd3f7be5029c613f","hashSHA256":"e4207ffc8fedef6d5ccbcd2d451ac1700d2ba0eb429ba60a5d05145642688e6b","sourceIndex":"2554","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BoostSpeed.exe","companyName":"Wondershare","productName":"1-Click PC Care","productVersion":"8.x","fileVersion":"8.2.1.0","hashMD5":"67b217f7e0e3aa538ffe8e7f3182e636","hashSHA1":"d30925bb9f4ea4b8f971e1fad226536dcafa8a85","hashSHA256":"463cb36cadb2176f24669c95cadee10a2baee72882636c8c31483849e0a63024","digitalCertThumbprint":"5680FD70B18C637B1BB62AF132D6193DA4DFC847","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=\"Wondershare software CO., LIMITED\", OU=IT, O=\"Wondershare software CO., LIMITED\", L=Shenzhen, S=Guangdong, C=CN","sourceIndex":"2554","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"https://www.wondershare.net/ad/1-click-pc-care/","directDownloadingLink":"http://download.wondershare.net/cbs_down/1-click-pc-care_full1017.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.wondershare.net/cbs_down/1-click-pc-care_full1017.exe","sourceIndex":"2554"}],"sampleFiles":["171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Samples/1-click-pc-care_full1017.exe","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Samples/BoostSpeed.exe"],"imageFiles":["171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-003/acr_003.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-003/acr_003_1.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-003/acr_003_2.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-017/acr_017.PNG"],"nonDeceptorImageFiles":["171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-065/install.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-065/acr_065_S.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-161/testimonials.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-088/acr_088.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-092/signing_certi.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-157/signing_certi.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-099/acr_099_S.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-099/acr_099_IO.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-168/one_one_lp.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-160/one_one_lp.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-171/acr_171.PNG","171005/Wondershare 1-Click PC Care-171004/8.2.1.0/Images/ACR-171/acr_171_1.PNG"],"guid":"b06b6d17-3efc-42a0-b0f6-54145bead4b1_8.2.1.0_1","appID":"Wondershare 1-Click PC Care-171004","dateAdded":"171005","deceptorType":"App","name":"wondershare 1 click pc ","company":"Wondershare","version":"8.2.1.0","sigName":"Deceptor:Win32/wondershare1clickpc!003017","lastKnownStatus":"Deceptor:8.2.1.0","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows Vista,Windows 7","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2745},{"violations":{"ACR-003":"The application exaggerates junk files, cookies and empty registry keys as errors thereby misleading or scaring user to take action. The application reports identified errors with exaggerated numbers and displays the pc health as dangerous, thereby misleading or scaring the user to take action.\n","ACR-168":"There is no mention that additional offers may be made as a result of one-to-one interactions.\n"},"nonDeceptorViolations":{"ACR-065":"The app does not show any links to the app's  EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"The app's landing page only provides phone numbers for one-to-one interaction to receive support. No non-interactive options are provided.\n","ACR-160":"Unable to verify\n","ACR-099":"The app does not provide any uninstall instruction on the software.\nThe app does not provide any uninstall instruction on the internal offer.\n","ACR-167":"App does not offer a 30-day refund policy any anything paid. Not mentioned in EULA, Privacy Policy or Terms Of Service.\n","ACR-159":"No mention that the consumer will be required to pay to access full functionality of the software. No trial is provided.\n","ACR-003":"The application exaggerates junk files, cookies and empty registry keys as errors thereby misleading or scaring user to take action. The application reports identified errors with exaggerated numbers and displays the pc health as dangerous, thereby misleading or scaring the user to take action.\n","ACR-168":"There is no mention that additional offers may be made as a result of one-to-one interactions.\n"},"samples":[{"isRevoked":"False","fileName":"1-Click PC Care.exe","isInstaller":"True","companyName":"Wondershare Software Co.,Ltd","productName":"Wondershare 1-Click PC Care","productVersion":"7.5.0.11","fileVersion":"7.5.0.11","hashMD5":"24a6ec3b3378f203145baf747b8df1be","hashSHA1":"77c64cef09a88060fd38d7af9f39a2e94f6eb00a","hashSHA256":"fc4cbd04a22d0e6a71e58f79ab1b0fb79971c1db38a1694915894999ef4ed39a","digitalCertThumbprint":"B78229667AB70DC2993F3DF26B35FB29B9B3F793","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Wondershare Software Co., Ltd.","sourceIndex":"3742","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"yahoo.com","landingPage":"https://www.wondershare.net/ad/1-click-pc-care/","directDownloadingLink":"http://download.wondershare.net/cbs_down/1-click-pc-care_full1017.exe","ipv4":"","ipv6":"","sourceIndex":"3742"}],"sampleFiles":["171005/Wondershare 1-Click PC Care-171004/7.5.0/Samples/1-click-pc-care_full1017.exe"],"imageFiles":["171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-003/1ClickPCScanResult.PNG","171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-003/ACR-003_software.PNG","171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-003/ACR-003_software2.PNG","171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-168/ACR-168_landing_page.PNG"],"nonDeceptorImageFiles":["171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-163/ACR-163_LANDING_PAGE.PNG","171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-170/ACR-170_software.PNG","171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-003/1ClickPCScanResult.PNG","171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-003/ACR-003_software.PNG","171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-003/ACR-003_software2.PNG","171005/Wondershare 1-Click PC Care-171004/7.5.0/Images/ACR-168/ACR-168_landing_page.PNG"],"guid":"b06b6d17-3efc-42a0-b0f6-54145bead4b1_7.5.0_1","appID":"Wondershare 1-Click PC Care-171004","dateAdded":"171005","deceptorType":"App","name":"wondershare 1 click pc ","company":"Wondershare","version":"7.5.0","sigName":"Deceptor:Win32/Wondershare1-ClickPCCare!003","lastKnownStatus":"Deceptor:8.2.1.0","lastKnownDate":"210113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":true,"numInFamily":0,"numInAppID":2,"sortOrder":2746},{"violations":{"ACR-003":"The application exaggerates that cache, cookies, history and temp files and empty registry keys as an error or a problem, thereby misleading or scaring user to take action.\n"},"nonDeceptorViolations":{"ACR-065":"App's landing page does not provide any links to a EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nApp's does not provide any links to a EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application reviews are unable to be verified at the referenced sources.\n","ACR-170":"The app does not provide a interactive option for cancellation or returns nor does it provide any trial periods, throttles, partial delivery or any other means to demonstrate its value prior to payment.\n","ACR-092":"The application does not have a digital signature (unsigned)\n","ACR-157":"The app does not have a digital signature (unsigned)\n","ACR-099":"No uninstall instructions are provided on the landing page.\nNo uninstall instructions are provided on the app.\n","ACR-037":"App did not provide a privacy policy\n"},"samples":[{"isRevoked":"False","fileName":"Speedmypc.com System Optimizer.exe","isInstaller":"True","companyName":"","productName":"Speedmypc.com System Optimizer","productVersion":"1.0","fileVersion":"1.0.0.0","hashMD5":"06f01e9ce0e185e6cc0ba6ca8982a71d","hashSHA1":"1ac1b1ffaa7bc7b0fab83324fbaedb7d544fb9e9","hashSHA256":"987dad1a890f08a2ef169927b3430f3630a4ee7511ccdfe25091f04ccf19f04b","digitalCertThumbprint":"N\\A","digitalCertIssuer":"Unsigned","digitalCertIssuedTo":"Unsigned","sourceIndex":"3391","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"yahoo.com","landingPage":"http://www.speedmypc.com/","directDownloadingLink":"http://www.speedmypc.com/speedmypc_install.exe","ipv4":"","ipv6":"","sourceIndex":"3391"}],"sampleFiles":[],"imageFiles":["171005/Speedmypc.com System Optimizer-170928/1.0/Images/ACR-003/ACR-003_ERRORS.PNG","171005/Speedmypc.com System Optimizer-170928/1.0/Images/ACR-003/ACR-003_PC_Problems.PNG"],"nonDeceptorImageFiles":["171005/Speedmypc.com System Optimizer-170928/1.0/Images/ACR-161/ACR-161_REVIEWS.PNG","171005/Speedmypc.com System Optimizer-170928/1.0/Images/ACR-170/ACR-170.PNG"],"guid":"a41cfb37-f9c8-40a2-8db6-5e74e762fc3b_1.0_1","appID":"Speedmypc.com System Optimizer-170928","dateAdded":"171005","deceptorType":"App","name":"Speedmypc.com System Optimizer","company":"Speedmypc.com","version":"1.0","sigName":"Deceptor:Win32/SpeedMyPCSystemOptimizer!003","lastKnownStatus":"Deceptor: 1.0","lastKnownDate":"170925","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2019-01-03T02:24:37.8382232+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2747},{"violations":{"ACR-107":"App has antivirus component based on open source solution (ClamAV) without disclaiming and honoring open source license.\n","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers will be made\n","ACR-165":"No disclosure about cancellation details \n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to the EULA or the Privacy Policy on the about page\n","ACR-170":"In order to remove threats, application is stating that it must be registered or purchased. No trial period offered and no return policy\n","ACR-092":"Not every installed executable file is code signed. \n","ACR-160":"Unable to verify if application has a certified call center please review \n","ACR-099":"The Landing Page has no link to the uninstall information\nThe application has no link to uninstall information on the about page \n","ACR-036":"App doesn't disclose the third party component (ClamAV, OpenSSL) in the EULA.\n","ACR-171":"Renewal offer is opt in by default \n\n"},"samples":[{"isRevoked":"False","fileName":"SpyRemoverPro.exe","isInstaller":"True","companyName":"Simple Leads LLC","productName":"SpyRemover Pro","productVersion":"1.0.1.5","fileVersion":"1.0.1.5","hashMD5":"9356db6a54a4d2fc4a4218aee467a8d4","hashSHA1":"a236474e7127bfae9204449670fa4b8458400551","hashSHA256":"6a61e8c772a31be6f733025533f6f65cc49dbae1b9ab9b9c805c5694524269ba","digitalCertThumbprint":"0C6ECD0A77FC23820C1EB806A6742E8169099846","digitalCertIssuer":"DigiCert SHA2 High Assurance Code Signing CA","digitalCertIssuedTo":"Simple Leads LLC","sourceIndex":"2587","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"info.dogpile.com","landingPage":"https://www.fixmypcerror.com/","directDownloadingLink":"https://s3-us-west-2.amazonaws.com/spy-remover-pro/SpyRemoverPro.exe","ipv4":"","ipv6":"","sourceIndex":"2587"}],"sampleFiles":["171004/SpyRemoverPro-171003/1.0.1.5/Samples/SpyRemoverPro.exe"],"imageFiles":["171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-107/SpyRemoverPro_ClamAVOpenSource.PNG","171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-168/ACR-168_SOFTWARE.PNG"],"nonDeceptorImageFiles":["171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-171/SpyRemoverPro_RenewOfferNotOptIn.PNG","171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-099/ACR-099_LANDING_PAGE.PNG","171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-092/ACR-092_SOFTWARE.PNG","171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-092/ACR-092_SOFTWARE_SCREENSHOT_2.PNG","171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-170/ACR-170_SOFTWARE.PNG","171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-065/ACR-065_SOFTWARE.PNG","171004/SpyRemoverPro-171003/1.0.1.5/Images/ACR-099/ACR-099_SOFTWARE.PNG"],"guid":"f0e5fa97-e4fc-4dde-904e-b117aa93a46d_1.0.1.5_1","appID":"SpyRemoverPro-171003","dateAdded":"171004","deceptorType":"App","name":"SpyRemover Pro","company":"World Tech Media LLC","version":"1.0.1.5","sigName":"Deceptor:Win32/SpyremoverPro!107168","lastKnownStatus":"Deceptor: 1.0.1.5","lastKnownDate":"171003","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,call center","lastUpdate":"2019-12-10T23:31:11.4574571+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2748},{"violations":{"ACR-048":"The scheduled task in scheduler is still active even after user removes the daily update from app setting. \n","ACR-003":" The application exaggerates empty registry keys, older drivers and junk files as problems, thereby misleading or scaring user to take action. The application reports identified problems with exaggerated numbers, thereby misleading or scaring the user to take action\n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying unverifiable Microsoft Partner logo \n"},"nonDeceptorViolations":{"ACR-065":"App does not provide a link to the EULA and/or Terms of service, returns and cancellation policy or privacy policy.\n","ACR-170":"The app requires payment prior to demonstrating its value and does not provide any trials, throttles or any other means, nor does it an interactive method for cancellations or returns.\n","ACR-167":"The app does not state that the consumer will be provided with a refund within 30-days of purchase. EULA states that the consumer will have to make contact and they will determine of the consumer is eligible for a refund.\n","ACR-171":"The app has a recurring annual charge of $49.9 but the consumer is not able to opt-out.\n"},"samples":[{"isRevoked":"False","fileName":"OSpeedy system optimizer.exe","isInstaller":"True","companyName":"Speedy HLDGS Limited","productName":"System Optimizer","productVersion":"7.0","fileVersion":"na","hashMD5":"c92d90d101f3681818f7a06a2cc18cb5","hashSHA1":"8e910d835a28b4ba5dfc820f8192d7f4353fa49c","hashSHA256":"f1c12ed678e54470a2d33c34ae5e3f9c9d93b4031b9b50fa7789014cfd1d41d9","digitalCertThumbprint":"8CC82BECF0DC086DE93F979F13AE3618341F7ECB","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"2555","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"Speedy Hldgs Limited","productName":"System Optimizer","productVersion":"7.0","fileVersion":"n/a","hashMD5":"74d71937c1ac2019628c1a733e4883a7","hashSHA1":"403757ffbf1c45b2bd9a1ce1dd97634fa092fb66","hashSHA256":"72d36a2816f40c184f89fb662e0397d1457c09fc4756928c2e99a3f23264b706","digitalCertThumbprint":"8CC82BECF0DC086DE93F979F13AE3618341F7ECB","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"LionSea Software co., ltd","sourceIndex":"2555","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"hunt.search","reference":"Yahoo.com","landingPage":"http://www.ospeedy.com/system-optimizer/","directDownloadingLink":"http://download.ospeedy.com/download/systemoptimizer/setup.exe","ipv4":"","ipv6":"","sourceIndex":"2555"}],"sampleFiles":["171004/Speedy System Optimizer-171003/7.0/Samples/setup.exe","171004/Speedy System Optimizer-171003/7.0/Samples/setup (2).exe"],"imageFiles":["171004/Speedy System Optimizer-171003/7.0/Images/ACR-003/ACR-003_1.PNG","171004/Speedy System Optimizer-171003/7.0/Images/ACR-003/ACR-003_PROBLEMS.PNG","171004/Speedy System Optimizer-171003/7.0/Images/ACR-003/SpeedySystemOptimizerScanResult.PNG","171004/Speedy System Optimizer-171003/7.0/Images/ACR-003/SpeedySystemOptimizerScanResult1.PNG","171004/Speedy System Optimizer-171003/7.0/Images/ACR-017/ACR-017_software.PNG","171004/Speedy System Optimizer-171003/7.0/Images/ACR-048/SpeedySystemOptimizerNoControlForScheduledTask.PNG"],"nonDeceptorImageFiles":["171004/Speedy System Optimizer-171003/7.0/Images/ACR-171/ACR-171_Landing_page.PNG","171004/Speedy System Optimizer-171003/7.0/Images/ACR-170/ACR-170_software.PNG"],"guid":"a9116c56-db11-4b65-95f2-c7f447fddb2c_7.0_1","appID":"Speedy System Optimizer-171003","dateAdded":"171004","deceptorType":"App","name":"Speedy System Optimizer","company":"Speedy HLDGS Limited","version":"7.0","sigName":"Deceptor:Win32/oSpeedySystemOptimizer!003048","lastKnownStatus":"Deceptor: 7.0","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2020-02-04T00:39:22.941763+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2749},{"violations":{"ACR-084":"By default installation, app creates scheduled task without disclosing it during installation and displays no scheduled task setup in app settings\n\n","ACR-168":"No disclosure about addition offer may made during toll free phone call support \n","ACR-118":"After uninstalling application an executable was left over of the same app\n"},"nonDeceptorViolations":{"ACR-065":"No Link to the Privacy Policy during installation \nNo link to Privacy Policy or EULA\n","ACR-161":"The Landing Page has Customer reviews but no link to verify if they are real reviews from real customers\n","ACR-099":"There is no link or information of how to uninstall the application\nApplication has no information or link of how to uninstall it, app has no About page\n"},"samples":[{"isRevoked":"False","fileName":"Swift_PC_Optimizer_13.exe","isInstaller":"True","companyName":"Secure Bit Technologies Private Limited","productName":"Swift PC Optimizer","productVersion":"1.3","fileVersion":"1.3.0.0","hashMD5":"3a9b746086c89e8808ea7406d7c977ee","hashSHA1":"67d7f5577eb7905d8fcf4da5f46508fe6231f404","hashSHA256":"6e4dcaa14f61b7bf99cfd2a51c8a4684627a168d1355c3c25bd5ff760994c00c","digitalCertThumbprint":"FFF2D3D096F7FE77F4A2E0BF87146076C1BA893A","digitalCertIssuer":"Go Daddy Secure Certificate Authority - G2","digitalCertIssuedTo":"Secure Bit Technologies Private Limited","sourceIndex":"3392","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"yahoo.com","landingPage":"https://swiftpcoptimizer.com/","directDownloadingLink":"https://gsf-cf.softonic.com/67d/7f5/577eb7905d8fcf4da5f46508fe6231f404/Swift_PC_Optimizer_13.exe?SD_used=0&channel=WEB&fdh=no&id_file=69710683&instance=softonic_en&type=PROGRAM&Expires=1506997328&Signature=DHFwXLgSbxFCIJ93rD~QZpGZiEcyyOSUEPNCHUm8ANqrYA4tSK8AmLyccpaNlJP7909WErvKLiKstIaDz98VqGZYrU1c8QAqO2bSnYbaVnIkBeG8GPmJWF5pohLfVGiPfq8XpsHukmGb36eE1LPub3rPkkDLzwwyK2Ps6xVkOaw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Swift_PC_Optimizer_13.exe","ipv4":"","ipv6":"","sourceIndex":"3392"}],"sampleFiles":[],"imageFiles":["171003/SwiftPCOptimizer-171002/1.3/Images/ACR-084/SwiftPCOptimizerNoScheduledTask.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-168/SwiftPCOptimizerPhoneSupport.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-118/ACR-118_UNINSTALL_SCREENSHOT_1.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-118/ACR-118_UNINSTALL_SCREENSHOT_2.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-118/ACR-118_UNINSTALL_SCREENSHOT_3.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-118/ACR-118_UNINSTALL_SCREENSHOT_4.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-118/ACR-118_UNINSTALL_SCREENSHOT_5.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-118/ACR-118_UNINSTALL_SCREENSHOT_6.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-118/ACR-118_UNINSTALL_SCREENSHOT_7.PNG"],"nonDeceptorImageFiles":["171003/SwiftPCOptimizer-171002/1.3/Images/ACR-161/ACR-161_LANDING_PAGE.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-099/ACR-099_LANDING_PAGE.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-065/ACR-065_INSTALL.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-065/ACR-065_SOFTWARE.PNG","171003/SwiftPCOptimizer-171002/1.3/Images/ACR-099/ACR-099_SOFTWARE.PNG"],"guid":"32f9df30-be2c-4ccd-bf28-7bab5d44399d_1.3_1","appID":"SwiftPCOptimizer-171002","dateAdded":"171003","deceptorType":"App","name":"Swift PC Optimizer","company":"Secure Bit Technologies Private Limited","version":"1.3","sigName":"Deceptor:Win32/SwiftPCOptimer!084118168","lastKnownStatus":"Deceptor: 1.3","lastKnownDate":"171002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,call center","lastUpdate":"2019-01-02T22:36:46.2925573+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2750},{"violations":{"ACR-003":"The app exaggerates \"Harmful PC Errors\", thereby misleading or scaring user to take action \n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake and unverifiable review ratings.\nThe app fraudulently elevates its consumer trust level by Microsoft Partner Logo\n","ACR-168":"No disclosure that additional offers may be made on the one-on-one interaction with the consumer\n","ACR-124":"The app requests more than one uninstallation prompts to the consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose company name for all the executables. E.g.: “bold-uninstaller.resources.dll“, “Tweakerbit-Uninstaller-Pro.resources.dll“, etc.\n","ACR-065":"The app needs to disclose \"Refund Policy\" in the landing page.\nThe app needs to disclose the EULA and Privacy Policy in the Software/app's about page.\n","ACR-161":"The testimonials are lack of reference\n","ACR-092":"Digital signature is required for all the executables. E.g.: “bold-uninstaller.resources.dll“, “Tweakerbit-Uninstaller-Pro.resources.dll“, etc.\n","ACR-069":"App has no extra value than program and features in system that provide standard uninstall option for all installed programs. No fair enough justification for its payment. \n\n","ACR-099":"The app needs to disclose uninstall information in the landing page.\n","ACR-120":"During uninstallation, the app offers same product to the consumer at a free of cost.\n","ACR-167":"The app’s return policy is 14 days instead of 30 days.\n","ACR-171":"Recurring payments must be offered as opt-in option to the consumer.\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n"},"samples":[{"isRevoked":"False","fileName":"Tweakerbit_Uninstaller_Pro.exe","isInstaller":"True","companyName":"Tweakerbit Uninstaller Pro","productName":"Tweakerbit Uninstaller Pro","productVersion":"1","fileVersion":"","hashMD5":"35c1371b4de1a09fd11b0bc45125296f","hashSHA1":"ac51f7048121eb3a3830ad12378157f232d910f2","hashSHA256":"00926b799512b427151d53003916b30e32706ae12bd42039f6f4961ee167c094","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SparksGen Limited","sourceIndex":"3393","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliatetracking","reference":"Tweakerbit","landingPage":"http://www.tweakerbit.com/tweakerbit-uninstaller.php","directDownloadingLink":"https://tweakerbit.com/download/exe/tbup/Tweakerbit_Uninstaller_Pro.exe","ipv4":"","ipv6":"","sourceIndex":"3393"}],"sampleFiles":[],"imageFiles":["171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-017/ACR-017_InternalOffers_Unable_To_Verify_Review_Ratings.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-017/UninstallPro_ACR-017.PNG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-168/UninstallPro_Uninstallation_PhoneOffer.PNG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-003/ACR-003_Uninstallation_App_Exaggerates_As_Harmful_PC_Erros_Are_Left.jpg","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-003/ACR-003_Uninstallation_App_Exaggerates_As_Harmful_PC_Erros_Are_Left.mp4","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-124/ACR-124_Uninstallation_Prompts_More_Than_Once.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-124/ACR-124_Uninstallation_Prompts_More_Than_Once1.JPG"],"nonDeceptorImageFiles":["171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-167/ACR-167_LandingPage_14days_RefundOrCancellationOrMoneyBackPolicy.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-171/ACR-171_InternalOffers_Auto_Renewal_Option_Is_By_Default_Selected.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials1.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-099/ACR-099_LandingPage_Uninstallation_Information_Is_Missing.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-168/ACR-168_LandingPage_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_During_PhoneCall.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-168/ACR-168_LandingPage_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_To_The_Consumer_During_Phonecall.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-168/ACR-168_Software_Didn't_Provide_Other_Non-Interactive_Option_To_The_Consumer.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-065/ACR-065_LandingPage_RefundPolicy_Is_Missing.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-065/ACR-065_Software_EULA&PrivacyPolicy_Is_Missing.JPG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-069/UninstallPro_ACR-017.PNG","171002/TweakerbitUninstallerPro-170930/1.0/Images/ACR-120/ACR-120_Uninstallation_Prompts_Free_App_To_The_Consumer.JPG"],"guid":"7a11f24f-0fd4-434f-b97c-d081905f245b_1.0_1","appID":"TweakerbitUninstallerPro-170930","dateAdded":"171002","deceptorType":"App","name":"Tweakerbit Uninstaller Pro","company":"Tweakerbit","version":"1.0","sigName":"Deceptor: Win32/TweakerbitUninstallerPro!003017168","lastKnownStatus":"Deceptor: 1.0","lastKnownDate":"171001","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, call center","lastUpdate":"2019-01-02T22:36:08.2135906+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2751},{"violations":{"ACR-043":"Soft Installer Pro download manager is installed without disclosed\n","ACR-048":"The app cannot be closed or disabled using standard platform-provided methods.\n","ACR-010":"Soft Installer Pro distribute the deceptor program TweakerBit Antimalware and TweakerBit Registry Optimizer\n","ACR-103":"The app is like a batch installer for \"TweakerBit antimalware\" and does not have any instrinsic value.\n"},"nonDeceptorViolations":{"ACR-044":"The installed apps (Soft Installer Pro and Tweakerbit Antimalware) are not properly disclosed and not visible to user before installation. \n","ACR-065":"Missing EULA and Privacy policy during installation.\nMissing EULA and Privacy policy in software.\n","ACR-088":"The App runs automatically without the consumer's authorization.\n","ACR-095":"Explicit User consent is not obtained before \"TweakerBit Antimalware\" is installed.\n","ACR-098":"The app prevents consumer from pausing or stoping the download.\n","ACR-099":"Uninstallation information missing in software.\n","ACR-019":"App is distributed via scamming in aggressive affiliate channel\n"},"samples":[{"isRevoked":"False","fileName":"soft-installer-1500-5.exe","isInstaller":"True","companyName":"Longrun Software Private Limited","productName":"Soft Installer Pro","productVersion":"1","fileVersion":"","hashMD5":"96ff9832ce6d2fb7554969892680f3d4","hashSHA1":"70356c3ad64ec119c8a8f89ce778991ab74f2839","hashSHA256":"a13502e2090af957508d5b184513af3b822d7c13bfd9714f9b30fed0a318d81d","digitalCertThumbprint":"AA57DD51C739422FD4885940A6B1FCC32D775761","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Longrun Software Private Limited","sourceIndex":"3394","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliatetracking","reference":"http://microsoft.com-web-security-safety-analysis.download/check/index.htm","landingPage":"http://lpage.tweakerbit.com/ch5/redir.php?utm_source=flex&utm_campaign=tbit-english-US&utm_medium=cpi&aff=1500&pubid=1500&subid=5&uid=G3gZQq1hbNigp&bid=5000882&cid=dLMFRGKHS2DLQMK8H0V86V8K&ectrackingguid=G3gZQq1hbNigp","ipv4":"","ipv6":"","sourceIndex":"3394"}],"sampleFiles":[],"imageFiles":["171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-043/SoftInstallerComponent.PNG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-010/SoftInstaller.PNG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-103/ACR-103_Software_NoIntrinsicValue.JPG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-048/ACR-048_Software_NoCloseOption.mp4","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-048/ACR-048_Software_NoCloseOptions.JPG"],"nonDeceptorImageFiles":["171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-019/AdsScam.PNG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-019/AdsScam1.PNG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-044/SoftInstaller.PNG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-044/SoftInstaller1.PNG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-065/ACR-065_Install_NoEulaOrPrivacyPolicy.JPG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-065/ACR-065_Software_NoEulaOrPrivacyPolicy.JPG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-088/ACR-088_Software_RunsAutomaticallyAfterInstallation.JPG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-095/ACR-095_Software_ThirdPartyAppInstalledWithoutUserConsent.JPG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-098/ACR-098_Software_UnableToStopDownloads.JPG","171002/TweakerbitSoftInstaller-170930/1.0/Images/ACR-099/ACR-099_Uninstall_NoUninstallInformation.JPG"],"guid":"9af80d89-6ef6-40f6-bf56-9b7d2338916d_1.0_1","appID":"TweakerbitSoftInstaller-170930","dateAdded":"171002","deceptorType":"App","name":"Soft Installer Pro","company":"Soft Installer Pro","version":"1.0","sigName":"Deceptor:Win32/SoftInstallerPro!043048010","lastKnownStatus":"Deceptor: 1.0","lastKnownDate":"171001","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"cross-sell other apps","lastUpdate":"2019-01-02T22:33:32.7056095+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2752},{"violations":{"ACR-003":"The app reports identified \"Registry Key\"  as and error with exaggerated numbers and portrayed the importance as “High”, thereby misleading or scaring the user to take action.\nThe app exaggerates \"Registry Keys\" as an error, thereby misleading or scaring user to take action \n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake and unverifiable review ratings.\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n","ACR-124":"The app prompts more than one uninstallation prompts to the consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to disclose company name for all the executables. E.g.: “Tweakerbit_Registry_Optimizer.resources.dll“, “UltraRegistryCare.resources.dll“, etc.\n","ACR-065":"The app needs to disclose \"Refund Policy\" in the landing page.\nThe app needs to disclose the Privacy Policy during installation.\n","ACR-161":"The testimonials needs to be genuine and verifiable.\n","ACR-088":"The app performs a system scan automatically without the consumer's action and authorization.\n","ACR-092":"Digital signature is required for all) the executables. E.g. “Tweakerbit_Registry_Optimizer.resources.dll“, “UltraRegistryCare.resources.dll“, etc.\n","ACR-099":"The app needs to disclose uninstall information in the landing page.\nThe app needs to disclose uninstall information in the app’s about page.\n","ACR-120":"During uninstallation, the app offers same product to the consumer at a free of cost.\n","ACR-167":"The app’s return policy is 14 days instead of 30 days.\n","ACR-054":"The app does not provide an equal prominence \"Activate Now\" and \"Exit\" options to the consumer.\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n"},"samples":[{"isRevoked":"False","fileName":"Tweakerbit Registry Optimizer.exe","isInstaller":"True","companyName":"Tweakerbit Registry Optimizer","productName":"Tweakerbit Registry Optimizer","productVersion":"1","fileVersion":"","hashMD5":"7d34b5b40ad648ed7abb06145771e597","hashSHA1":"3a266551045f2ab45a46a2daa34148ba3a72499a","hashSHA256":"44cc160557b080518920a5c9f45292253e16e9aa264d8c09b12344a8ff15e12f","digitalCertThumbprint":"5205F798524F4DDCB460D1F12D3811F8BA067352","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"SparksGen Limited","sourceIndex":"3464","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliatetracking","reference":"Tweakerbit","landingPage":"http://www.tweakerbit.com/tweakerbit-registry-optimizer.php","directDownloadingLink":"https://tweakerbit.com/download/exe/tbro/Tweakerbit%20Registry%20Optimizer.exe","ipv4":"","ipv6":"","sourceIndex":"3464"}],"sampleFiles":[],"imageFiles":["171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-017/ACR-017_InternalOffers_Unable_To_Verify_5StarRating.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-003/ACR-003_Software_Exaggerates_Registry_Issues_As_High.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-003/ACR-003_Software_Exaggeration.mp4","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-003/ACR-003_Software_Exaggeration2.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-003/ACR-003_Software_Exaggeration3.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-003/ACR-003_Software_Exaggeration4.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-003/ACR-003_Uninstall_Exaggeration5.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-168/ACR-168_LandingPage_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_To_The_Consumer_During_Phonecall.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-168/ACR-168_Software_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_To_The_Consumer_During_Phonecall.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-168/ACR-168_Software_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_To_The_Consumer_During_Phonecall1.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-168/ACR-168_Software_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_To_The_Consumer_During_Phonecall2.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-124/ACR-124_Uninstallation_Prompts_More_Than_Once.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-124/ACR-124_Uninstallation_Prompts_More_Than_Once1.JPG"],"nonDeceptorImageFiles":["171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-167/ACR-167_LandingPage_14days_RefundOrCancellationOrMoneyBackPolicy.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-167/ACR-167_LandingPage_No_RefundOrMoneyBackPolicy.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-054/ACR-054_InlineOffers_No_Equal_Prominence.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-054/ACR-054_InlineOffers_No_Equal_Prominence1.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonials1.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-065/ACR-065_Install_PrivacyPolicy_Is_Missing.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-065/ACR-065_Software_EULA&PrivacyPolicy_Is_Missing.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-088/ACR-088_Software_Scans_Automatically.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-099/ACR-099_LandingPage_Uninstall_Information_Is_Missing.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-099/ACR-099_Software_Uninstallation_Information_Is_Missing.JPG","171002/TweakerbitRegistryOptimizer-170930/1.0/Images/ACR-120/ACR-120_Uninstallation_Prompts_Free_App_To_The_Consumer.JPG"],"guid":"acd10997-ca11-4deb-beb4-c5ced97c0bbf_1.0_1","appID":"TweakerbitRegistryOptimizer-170930","dateAdded":"171002","deceptorType":"App","name":"Tweakerbit Registry Optimizer","company":"Tweakerbit","version":"1.0","sigName":"Deceptor:Win32/TweakerbitRegistryOptimizer!003017168","lastKnownStatus":"Deceptor: 1.0","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, call center","lastUpdate":"2018-12-15T05:48:41.5989739+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2753},{"violations":{"ACR-003":"The app reports chrome logs as PUP with exaggerated numbers, claims system not protected although it has default system security Windows Defender enabled, raise misleading sense of urgency. App misleads and scares the user to take action\n","ACR-017":"The app fraudently elevates its user trust level by displaying fake and unverifiable Norton SSL certificate logo.\nThe app fraudulently elevates its user trust level by Microsoft Partner logo and DigiCerts Trusted logo. \n","ACR-168":"1. The app/offer displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n2. The app/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n","ACR-124":"1. Uninstallation prompt does not have a clear button to continue uninstallation.\n2. Uninstalltion confirmation prompt is shown twice.\n"},"nonDeceptorViolations":{"ACR-065":"Returns and cancelation  policy needs to disclosed in landing page.\nThe app needs to disclose the EULA and Privacy Policy on the app's about page.\n","ACR-088":"App starts performs scan automatically without consumer's action or authorization.\n","ACR-092":"Digital certificate is required for some binaries like \"AAMP_Uninstaller.resources.dll\", \"Ionic.Zip.dll\", etc .\n","ACR-099":"Uninstallation information missing in app's landing page.\nUninstallation information missing in app's about page.\n","ACR-120":"During uninstallation, offers the same app to the consumer for free.\n","ACR-167":"1. Affliation Cancelation policy docs contains minimum 14 days return policy instead of 30 days.\n2. App's inline offer contains 60 days return policy logo while EULA during installation mentions only 30 days.\n","ACR-054":"\"No, I want to uninstall\" and \"Cancel\" button are not equally prominent.\n","ACR-068":"The app's buying page and landing page have different pricing.\n","ACR-019":"App is distributed via scamming from aggressive affiliate channel\n","ACR-171":"Recurring Payments requires consumer to Opt-out.\n","ACR-017":"The app fraudulently elevates its user trust level by unverifiable reviews.\n","ACR-168":"1. The app/offer displays a support call center phone number, but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n2. The app/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n"},"samples":[{"isRevoked":"False","fileName":"tweakerbit-antimalware.exe","isInstaller":"True","companyName":"Tweakerbit Antimalware","productName":"Tweakerbit Antimalware","productVersion":"3.1","fileVersion":"","hashMD5":"ab414ec3fc314c9d15f57e5eab908edf","hashSHA1":"cc46e4002114de917576545aa2c3d97ce0acb99a","hashSHA256":"00b7f069340c114d1b2c380ef1cfa033af9b69201f7f45713157d973c64f1f9f","digitalCertThumbprint":"AA57DD51C739422FD4885940A6B1FCC32D775761","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Longrun Software Private Limited","sourceIndex":"3466","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliatetracking","reference":"http://microsoft.com-web-security-safety-analysis.download/check/index.htm","landingPage":"http://lpage.tweakerbit.com/ch5/redir.php?utm_source=flex&utm_campaign=tbit-english-US&utm_medium=cpi&aff=1500&pubid=1500&subid=5&uid=G3gZQq1hbNigp&bid=5000882&cid=dLMFRGKHS2DLQMK8H0V86V8K&ectrackingguid=G3gZQq1hbNigp","directDownloadingLink":"https://tweakerbit.com/download/exe/tbam/askforsactivation/tweakerbit-antimalware.exe","ipv4":"","ipv6":"","sourceIndex":"3465"},{"howFound":"Hunt.Affiliatetracking","reference":"Tweakerbit","landingPage":"http://www.tweakerbit.com/tweakerbit-antimalware.php","directDownloadingLink":"https://tweakerbit.com/download/exe/tbam/askforsactivation/tweakerbit-antimalware.exe","ipv4":"","ipv6":"","sourceIndex":"3466"}],"sampleFiles":[],"imageFiles":["171002/TweakerbitAntimalware-170930/3.1/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-003/ACR-003_Software_ExaggeratedClaims2.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-003/ACR-003_Software_ExaggeratedClaims3.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-003/ScanResult.PNG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-017/ACR-017.PNG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-168/ACR-168_InternalOffer_ConfusingPricing.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-168/ACR-168_InternalOffer_ConfusingPricing2.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-168/ACR-168_LandingPage_CallCenterWithoutDisclosure.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-168/ACR-168_Software_CallCenterNumbersWithoutDisclosure.mp4","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-168/ACR-168_Software_CallCenterWithoutDisclosure.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-168/ACR-168_Software_CallCenterWithoutDisclosure2.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-124/ACR-124_Uninstall_2.UninstallationConfirmationPrompt1.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-124/ACR-124_Uninstall_2.UninstallationConfirmationPrompt2.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-124/ACR-124_Uninstall_UninstallButtonIsNotClear.JPG"],"nonDeceptorImageFiles":["171002/TweakerbitAntimalware-170930/3.1/Images/ACR-019/AdsScam.PNG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-167/ACR-167_Docs_AffliateReturnsPolicyIs14Days.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-167/ACR-167_Docs_EULADuringInstalltionContains30DaysReturns.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-167/ACR-167_Docs_InlineOfferContains60DaysReturnsLogo.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-171/ACR-171_InternalOffers_RecurringPaymentsIsOptedIn.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-054/ACR-054_InlineOffer_unqualProminence.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-017/ACR-017_InlineOffer_NortonSecured.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-017/ACR-017_LandinPage_UnverifiableReviews.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-088/ACR-088_Software_AutoScanAfterInstall.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-092/ACR-092_Software_DigitalSignaturesRequiredForAllBinaries.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-065/ACR-065_LandingPage_MissingReturnAndCancellationPolicy.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-065/ACR-065_Software_MissingEULAAndPrivacyPolicyInAboutPage.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-099/ACR-099_LandingPage_UninstallInformationNotProvided.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-099/ACR-099_Software_UninstallInformationNotProvided.JPG","171002/TweakerbitAntimalware-170930/3.1/Images/ACR-120/ACR-120_Uninstall_ReofferingTheSameAppForFree.JPG"],"guid":"8ad92720-e3aa-43cd-95c4-42f9bdd76070_3.1_1","appID":"TweakerbitAntimalware-170930","dateAdded":"171002","deceptorType":"App","name":"Tweakerbit Antimalware","company":"Tweakerbit","version":"3.1","sigName":"Deceptor:Win32/TweakerbitAntimalware!003017168","lastKnownStatus":"Deceptor: 3.1","lastKnownDate":"181215","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-12-15T05:47:34.2241452+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2754},{"violations":{"ACR-003":"The app exaggerates \"Google Update\" and \"VirtualBox\" registry entries as an error, thereby misleading or scaring consumer to take action \nThe app exaggeratedly claims system having high severity issues because of invalid registry items. The issue severity color bar raises misleading urgency. It misleads and scares consumer to take action \n","ACR-017":"The app fraudulently elevates its consumer trust level by displaying fake and unverifiable endorsements.\n","ACR-168":"1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n1. The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer (Unable to confirm).\n2. The app displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n"},"nonDeceptorViolations":{"ACR-038":"The app needs to have a company name and product name for all the executables. E.g.: mpclsetup.exe, mpc.exe, etc.\n","ACR-065":"The app needs to disclose the EULA/Terms of Service, Returns & Cancellation Policy and Privacy Policy in the app's about page.\n","ACR-161":"The testimonials are lack of reference.\n\n","ACR-099":"The app needs to disclose uninstall information in the app’s about page.\n","ACR-054":"The app does not provide equal prominence to \"Activate Now\" and \"Close\" options to the consumer.\n","ACR-067":"The app does not provide an option to Opt-Out \"McAfee\" app in the internal offers.\n","ACR-159":"The app did not disclose about that the app is free or it is chargeable in the landing page.\n","ACR-019":"App is distributed via scamming ads in aggressive affiliate channel\n"},"samples":[{"isRevoked":"False","fileName":"mpclsetup.exe","isInstaller":"True","companyName":"PC Fixer Tools LP","productName":"Master PC Cleaner","productVersion":"1.0.0.4309","fileVersion":"1.0.0.4309","hashMD5":"7189d96606ebc68d4a9800282c8f5903","hashSHA1":"03e637334a45e4cf16e32eb37f68c87270fdda83","hashSHA256":"9b01f98fa5c4bc74de9698464855e261551f63caf8c3a66cc157c7a27c26185f","digitalCertThumbprint":"CD05050D23DEB195B43849E662E7F6F73B5F70A2","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"PC Fixer Tools LP","sourceIndex":"3467","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"mpclsetup.exe","isInstaller":"True","companyName":"","productName":"Master PC Cleaner","productVersion":"1.0.0.4302","fileVersion":"1.0.0.4302","hashMD5":"c2bb142a2d52c8bcd7941d22c3854885","hashSHA1":"cb1252180520d7adecc5e99ba422cf2eccb616b2","hashSHA256":"d6051c94dc802fecb2ad7dcee9af7766ca3a340c1b8ab9c715f67c6f599212b0","digitalCertThumbprint":"956332F3848CBBA6A93CB5007FD39C7E0A0FDC7B","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Tuneup PC Tools Ltd","sourceIndex":"3468","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliatetracking","reference":"","landingPage":"http://lp.masterpccleaner.com/adsph/?x-context=dHJ0PI6L4ULVPLK8HVDULRCK&utm_source=wadphegl&utm_campaign=wadphegl&pxl=WAD2596_WAD2537_RUNT&utm_pubid=6f411fa5-f7b4-4a4b-966e-ea2cf2a762da&x-at=968525&override=1","directDownloadingLink":"https://dnmpc.s3.amazonaws.com/mpclsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"https://dnmpc.s3.amazonaws.com/mpclsetup.exe","sourceIndex":"3467"},{"howFound":"Hunt.Affiliatetracking","reference":"MasterPCCleaner","landingPage":"http://masterpccleaner.com/","directDownloadingLink":"https://dnmpc.s3.amazonaws.com/mpclsetup.exe","ipv4":"","ipv6":"","sourceIndex":"3468"}],"sampleFiles":[],"imageFiles":["171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-017/ACR-017_InternalOffers_Unable_To_Verify_Endorsements.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-003/ACR-003_InlineOffers_Exaggeration.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-003/ACR-003_Software_Exaggeration.mp4","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-003/ACR-003_Software_Exaggeration1.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-003/ACR-003_Software_Exaggeration2.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-003/ACR-003_Software_Exaggeration3.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-003/ScanResult.PNG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-168/ACR-168_InlineOffers_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_During_Phone_Call2.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-168/ACR-168_Software_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_During_Phone_Call.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-168/ACR-168_Software_Didn't_Disclose_Additional_Offers_Might_Be_Applicable_During_Phone_Call1.JPG"],"nonDeceptorImageFiles":["171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-019/AdsScam.PNG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-019/AdsScam1.PNG.jpg","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-161/ACR-161_InternalOffers_Unable_To_Verify_Testimonials.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-161/ACR-161_InternalOffers_Unable_To_Verify_Testimonials1.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-161/ACR-161_InternalOffers_Unable_To_Verify_Testimonials3.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-067/ACR-067_InternalOffers_Unable_To_Opt-Out_Offerd_App.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-054/ACR-054_InlineOffers_No_Equal_Prominence.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-159/ACR-159_LandingPage_Didnt_Disclose_The_App_Is_FreeOrCharegable.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-065/ACR-065_Software_EULA&PrivacyPolicy_Is_Missing.JPG","171002/MasterPCCleaner-170930/1.0.0.4302/Images/ACR-099/ACR-099_Software_Uninstall_Information_Is_Missing.JPG"],"guid":"3f61975e-d74d-4b55-8808-c029b4f3cff1_1.0.0.4302_1","appID":"MasterPCCleaner-170930","dateAdded":"171002","deceptorType":"App","name":"Master PC Cleaner","company":"Tuneup PC Tools Ltd","version":"1.0.0.4302","sigName":"Deceptor:Win32/MasterPCCleaner!003168","lastKnownStatus":"Deceptor: 1.0.0.4302","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid, call center","lastUpdate":"2018-12-15T05:46:28.6894581+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2755},{"violations":{"ACR-003":"App is misleading consumer with color gradient and labeling issue as inferior. Issue is just relating to a mouse driver. \n"},"nonDeceptorViolations":{"ACR-163":"Landing page only provides one to one interactions for support\nApp has no email address beside the number listed \n","ACR-160":"Call center is not certified \n","ACR-099":"Uninstall information is not easily accessible \n","ACR-159":"Nothing on the Landing page clearly states the software will require a payment in order to be activated it only says download Driver Assist  \n","ACR-003":"App is misleading consumer with color gradient and labeling issue as inferior. Issue is just relating to a mouse driver. \n"},"samples":[{"isRevoked":"False","fileName":"Driver Assist.exe","isInstaller":"True","companyName":"SafeBytes Software Inc.","productName":"Driver Assist ","productVersion":"3.8.0.1","fileVersion":"3.8.0.1","hashMD5":"922b647a2b86ec0afd82ae24daa5aa6c","hashSHA1":"a999ca54af068a697d1bc4e262f147c1828331a8","hashSHA256":"31425f85e5b820d25dbde31d8a1c540456824827101bbee909aea0f0308d0138","digitalCertThumbprint":"FF3512D17BA70290732457F060E447A814953F10","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":" SafeBytes Software Inc.","sourceIndex":"3743","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Driver Assist.exe","isInstaller":"True","companyName":"SafeBytes Software Inc.","productName":"Driver Assist ","productVersion":"3.8.0.2","fileVersion":"3.8.0.2","hashMD5":"753d5b59b691175cc05c3acc03e2725c","hashSHA1":"ebcb14b6b457ade9040e37b5996a40cafed6c90b","hashSHA256":"ac8bdb7d75a6baeb095b4c13d751a1bc8a35f3b92369830d658c03a6bae167de","digitalCertThumbprint":"FF3512D17BA70290732457F060E447A814953F10","digitalCertIssuer":"Symantec Class 3 Extended Validation Code Signing CA - G2","digitalCertIssuedTo":"SafeBytes Software Inc.","sourceIndex":"3743","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Offer","reference":"PC Cleaner Pro referred this application ","landingPage":"https://www.driverassist.com/features/","directDownloadingLink":"http://download.driverassist.com/DriverAssist-Setup.exe?_ga=2.209002775.48882259.1506357861-993322725.1506357861","ipv4":"","ipv6":"","sourceIndex":"3743"}],"sampleFiles":[],"imageFiles":["171002/DriverAssist-2017925/3.8.0.1/Images/ACR-003/ACR_003 (scaring consumers).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-003/ARC-003 (exaggerating).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-084/30449fa10b9d7f8a2723454b772fc9e4e11e18ae4eb6e1c77fa7de9396d05224.png","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-168/1_to_1 interaction (landingpage).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-168/1_to_1 interaction (landingpage)2.PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-168/1_to_1 interaction (software).PNG"],"nonDeceptorImageFiles":["171002/DriverAssist-2017925/3.8.0.1/Images/ACR-163/1_to_1 interaction (landingpage).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-163/1_to_1 interaction (landingpage)2.PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-163/1_to_1 interaction (software).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-160/call center.PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-099/Uninstall (landing page ).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-099/Uninstall (landing page )2.PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-167/return policy (docs).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-159/acr-159 (landing page).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-003/ACR_003 (scaring consumers).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-003/ARC-003 (exaggerating).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-168/1_to_1 interaction (landingpage).PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-168/1_to_1 interaction (landingpage)2.PNG","171002/DriverAssist-2017925/3.8.0.1/Images/ACR-168/1_to_1 interaction (software).PNG"],"guid":"ba8184ee-a6df-4617-ae6a-69db5fcd9230_3.8.0.1_1","appID":"DriverAssist-2017925","dateAdded":"171002","deceptorType":"App","name":"Driver Assist ","company":"SafeBytes Software Inc.","version":"3.8.0.1","sigName":"Deceptor:Win32/DriverAssist!003","firstVendorContactDate":"171027","firstAppEsteemReplyDate":"171027","firstResolvedDate":"171117","firstResolvedVersion":"3.9.0.12","resolved":"TRUE","lastKnownStatus":"Deceptor: 3.8.0.1","lastKnownDate":"171002","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:28:28.816597+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2756},{"violations":{"ACR-003":"The app uses red color gradient to over emphasize the issues to raise urgency of fixing issues, misleads consumer to take action. App also states that \"PC on risk !\"\n","ACR-017":"The application elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft and Norton are endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The app creates a task to run scans and does not provide any options for the user to disable the scheduler.\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the installer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified..\n","ACR-163":"The app requires one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"sparkpcsupport.com\" which is not disclosed in the app's offer.\n","ACR-160":"The app does not use a certified call center to monetize the app. Upon call the the number provided it says \"the party is not answering, goodbye\".\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app for free if they call the phone number provided.\n","ACR-017":"The application's landing page elevates its user trust level by displaying unverifiable endorsements tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"samples":[{"isRevoked":"False","fileName":"pcslaunch_setup.exe","isInstaller":"True","companyName":"PC Smart Cleanup                                            ","productName":"PC Smart Cleanup","productVersion":"5.0","fileVersion":"0.0","hashMD5":"fee87c7f3dac6c0354d86c532374816b","hashSHA1":"5470dccf68a9f30186274591dd91bcb96595990c","hashSHA256":"74091833e13231ab2c586bd997c947bf6c37b8d3b5426c84c2d1d1aa6194d3fa","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=sparkpcsupport.com, OU=sparkpcsupport.com, O=sparkpcsupport.com, L=Delhi, S=Delhi, C=IN","sourceIndex":"3470","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)"],"avAllowList":["Bitdefender Internet Security (20190209)","Windows Defender (20190209)"]},{"isRevoked":"False","fileName":"pc-smart-cleanup.exe","companyName":"n/a","productName":"PC Smart Cleanup","productVersion":"1.0.0.3","fileVersion":"1.0.0.3","hashMD5":"c201e93a29f8dc3c663cf62ca940227a","hashSHA1":"4535d33de90fa566b121bf895b5c35587d253116","hashSHA256":"58fb466995bee384ab143e7629f30d4186056a5ec4d0b7d0730aef9d4f514ba9","digitalCertThumbprint":"365C552E9259FAF487A61ACD436BBC3E9806E72A","digitalCertIssuer":"CN=thawte SHA256 Code Signing CA, O=\"thawte, Inc.\", C=US","digitalCertIssuedTo":"CN=sparkpcsupport.com, OU=sparkpcsupport.com, O=sparkpcsupport.com, L=Delhi, S=Delhi, C=IN","sourceIndex":"3470","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"existing deceptor review","landingPage":"http://pcsmartcleanup.com/","directDownloadingLink":"http://pcsmartcleanup.com/product/winapp/en/pcslaunch_setup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pcsmartcleanup.com/product/winapp/en/pcslaunch_setup.exe","sourceIndex":"3470"}],"sampleFiles":["170929/PC Smart Cleanup-170928/5.0/Samples/pcslaunch_setup.exe","170929/PC Smart Cleanup-170928/5.0/Samples/pc-smart-cleanup.exe"],"imageFiles":["170929/PC Smart Cleanup-170928/5.0/Images/ACR-003/ACR-003_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-003/ACR-003_software1.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-017/ACR-017_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-017/ACR-017_software1.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-017/ACR-017_software2.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-084/ACR-084_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-168/ACR-168_software.JPG"],"nonDeceptorImageFiles":["170929/PC Smart Cleanup-170928/5.0/Images/ACR-065/ACR-065_install.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-065/ACR-065_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-017/ACR-017_landingpage.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-161/ACR-161_landingpage.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-161/ACR-161_landingpage1.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-163/ACR-163_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-088/ACR-088_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-092/ACR-092_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-160/ACR-160_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-099/ACR-099_software.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-099/ACR-099_internaloffer.JPG","170929/PC Smart Cleanup-170928/5.0/Images/ACR-120/ACR-120_uninstall.JPG"],"guid":"18527bee-a94c-441e-b3c0-bf63e4648010_5.0_1","appID":"PC Smart Cleanup-170928","dateAdded":"170929","deceptorType":"App","name":"PC Smart Cleanup","company":"sparkpcsupport.com","version":"5.0","sigName":"Deceptor:Win32/PCSmartCleanup!003017084168","lastKnownStatus":"Deceptor:5.0","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-12-15T05:43:44.229627+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2759},{"violations":{"ACR-003":"Exaggerated Claim - The word danger is used to highlight registry issues which is misleading the enduser to purchase the product.\n","ACR-084":"By default installation, app's setting displays no task scheduled yet, however it creates scheduled task without disclosing it during installation. \n\n"},"nonDeceptorViolations":{"ACR-003":"Exaggerated Claim - The word danger is used to highlight registry issues which is misleading the enduser to purchase the product.\n"},"samples":[{"isRevoked":"False","fileName":"PCRegistryShieldSetup.exe","isInstaller":"True","companyName":"ShieldApps","productName":"PC Registry Shield","productVersion":"3.1.2","fileVersion":"3.1.2.0","hashMD5":"98b614afc0b5d71d028b839300b755bd","hashSHA1":"653ecaf2ee528da202e8ddd9365c403c69774f39","hashSHA256":"3582cdcdb733a575f741498bae133bc458952178479ec0c57899e1745408d55d","digitalCertThumbprint":"3FE7C1C3ADCF58D5F4DEBC64EE500ED031D80E6D","digitalCertIssuer":"Shieldapps","digitalCertIssuedTo":"Shieldapps","sourceIndex":"3698","dateAdded":"170722","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Onboarding.Callcenter","reference":"App supported by call center ATS","landingPage":"http://shieldapps.com/products/pc-registry-shield/","ipv4":"","ipv6":"","sourceIndex":"3698"}],"sampleFiles":[],"imageFiles":["170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-047/ACR-047_Software_Exaggerated_Before_Closing_The_App_Given_Disclaimer_As_Danger.JPG","170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Regisrty_Issues_Highlighted_As_Danger.JPG","170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Regisrty_Issues_Highlighted_As_Danger.mp4","170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Regisrty_Issues_Highlighted_As_High.JPG","170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-084/ShieldRegistryHiddenScheduledTask.PNG"],"nonDeceptorImageFiles":["170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-047/ACR-047_Software_Exaggerated_Before_Closing_The_App_Given_Disclaimer_As_Danger.JPG","170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Regisrty_Issues_Highlighted_As_Danger.JPG","170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Regisrty_Issues_Highlighted_As_Danger.mp4","170929/D-PCRegistryShield-170611/3.1.2.0/Images/ACR-003/ACR-003_Software_Exaggerated_Regisrty_Issues_Highlighted_As_High.JPG"],"guid":"61eb2acc-a585-42a9-ad04-57372078caf8_3.1.2.0_1","appID":"D-PCRegistryShield-170611","dateAdded":"170929","deceptorType":"App","name":"PCRegistryShield","company":"ShieldApps","version":"3.1.2.0","sigName":"Deceptor:Win32/PCRegistryShield!003084","firstVendorContactDate":"171220","firstAppEsteemReplyDate":"171220","firstResolvedDate":"171220","firstResolvedVersion":"App shutdown: App stops distributing and homepage shutdown","resolved":"TRUE","lastKnownStatus":"Deceptor: 3.1.2.0","lastKnownDate":"170928","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"Child appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-02-15T00:40:27.9912396+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2761},{"violations":{"ACR-003":"Exaggerated claims system health, for example, reporting identified browser history records, windows temp files as threat. \n\n","ACR-017":"The application fraudulently elevates its user trust level by displaying unverifiable endorsements.\n","ACR-084":"By default installation, app setting shows no scheduled task setup. However it creates scheduled task (e.g. PCPrivacyShield_Popup runs evreyday at 5:00pm) and leaves user no option to disable it.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PCPrivacyShieldSetup.exe","isInstaller":"True","companyName":"ShieldApps","productName":"PC Privacy Shield","productVersion":"3.3.3","fileVersion":"3.3.3.0","hashMD5":"669c0a63251249de22e3067763610709","hashSHA1":"c5fdf5abc04133249c4dbdf1ce2a44765f1496fb","hashSHA256":"ffd990045b9005cf4190cf4f699603b2be1a249dfd6a269239c55caffda897c6","digitalCertThumbprint":"3FE7C1C3ADCF58D5F4DEBC64EE500ED031D80E6D","digitalCertIssuer":"Shieldapps","digitalCertIssuedTo":"Shieldapps","sourceIndex":"3712","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCPrivacyShieldSetup.exe","isInstaller":"True","companyName":"ShieldApps","productName":"PC Privacy Shield","productVersion":"3.4.1","fileVersion":"3.4.1.0","hashMD5":"673fb4a60d309dc162bffd74ab79cd58","hashSHA1":"bec00cce563947f5025379ca74023c6a1e150b2b","hashSHA256":"793426ceb8a80ec7d2c05474b2ee2169702797e694c3daac8f3fbaea99bbd303","digitalCertThumbprint":"45018F903636392DEC5D2E1A281C577BCDBA226F","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"ShieldApps Software Innovations (MOL Venture Inc)","sourceIndex":"3712","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Onboard.Callcenter","reference":"App supported by ATS","landingPage":"http://shieldapps.com/products/pc-privacy-shield/","ipv4":"","ipv6":"","sourceIndex":"3712"}],"sampleFiles":["170929/D-PCPrivacyShield-170611/3.3.3/Samples/PCPrivacyShieldSetup.exe","170929/D-PCPrivacyShield-170611/3.3.3/Samples/PCPrivacyShieldSetup(1).exe"],"imageFiles":["170929/D-PCPrivacyShield-170611/3.3.3/Images/ACR-003/ACR-003_Software_ScanResultAsThreatWhileClosingApp.JPG","170929/D-PCPrivacyShield-170611/3.3.3/Images/ACR-003/ACR-003_Software_ScanResultAsThreatWhileClosingApp.mp4","170929/D-PCPrivacyShield-170611/3.3.3/Images/ACR-017/ACR-007_Software_Without_Context_onto_Landing_page.JPG","170929/D-PCPrivacyShield-170611/3.3.3/Images/ACR-084/ShieldPrivacyPopupScheduledTask.PNG"],"nonDeceptorImageFiles":[],"guid":"f81dbdb9-1e94-43ac-8d8f-805d93c8562e_3.3.3_1","appID":"D-PCPrivacyShield-170611","dateAdded":"170929","deceptorType":"App","name":"PCPrivacyShield","company":"ShieldApps","version":"3.3.3","sigName":"Deceptor:Win32/PCPrivacyShield!003084017","firstVendorContactDate":"171109","firstAppEsteemReplyDate":"171111","firstResolvedDate":"171111","firstResolvedVersion":"3.4.4.0","resolved":"TRUE","lastKnownStatus":"Deceptor: 3.3.9","lastKnownDate":"171110","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"Child appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-02-15T00:35:58.2840005+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2762},{"violations":{"ACR-003":"Exaggerated claims about system health, raise urgency to mislead user to take actions\n","ACR-084":"Scheduled task installed without disclosure during installation and app's configuration setting page\n"},"nonDeceptorViolations":{"ACR-003":"Exaggerated claims about system health, raise urgency to mislead user to take actions\n"},"samples":[{"isRevoked":"False","fileName":"PCCleaningUtilitySetup.exe","isInstaller":"True","companyName":"ShieldApps","productName":"PC Cleaning Utility","productVersion":"3.1.2.0","fileVersion":"3.1.2.0","hashMD5":"4d0ffe43360f05f8d3be203ba719e4bd","hashSHA1":"bd7899c74d4b60d0cd987f14b762390ed3a8e5ea","hashSHA256":"79683deaae35fbe129210fefa24060568c4b1e089d33af39a914f596244e3563","digitalCertThumbprint":"3fe7c1c3adcf58d5f4debc64ee500ed031d80e6d","digitalCertIssuer":"US, California, Encino, Shieldapps, Shieldapps","digitalCertIssuedTo":"US, California, Encino, Shieldapps, Shieldapps","sourceIndex":"3728","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"PCCleaningUtilitySetup_EA964.exe","isInstaller":"True","companyName":"ShieldApps","productName":"PC Cleaning Utility","productVersion":"3.1.6.0","fileVersion":"3.1.6.0","hashMD5":"ea964637b20d042cc8d29d7ec0382f8d","hashSHA1":"a991b376bf3e54847ecbd06617c65bcc1492ae4f","hashSHA256":"432c38e89424a7754ba71417a5d8644edd5e05e1b789403a953c3cf3a16b9a6c","digitalCertThumbprint":"867537bcf79dd6e37ea842c0fab64b8a06380966","digitalCertIssuer":"DigiCert EV Code Signing CA (SHA2)","digitalCertIssuedTo":"Private Organization, US, California, C3633215, Ste 27734, 5042 Wilshire Blvd, 90036, US, California, Los Angeles, ShieldApps Software Innovations (MOL Venture Inc), ShieldApps Software Innovations (MOL Venture Inc)","sourceIndex":"3728","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Onboarding.Callcenter","reference":"App supported by call center ATS","landingPage":"http://shieldapps.com/products/pc-cleaning-utility/","ipv4":"","ipv6":"","sourceIndex":"3728"}],"sampleFiles":[],"imageFiles":["170929/D-PCCleaningUtility-170611/3.1.2.0/Images/ACR-003/PCCleaningUtility.PNG","170929/D-PCCleaningUtility-170611/3.1.2.0/Images/ACR-003/RaiseUrgencyforUserToTakeAction.PNG","170929/D-PCCleaningUtility-170611/3.1.2.0/Images/ACR-084/PopupTaskScheduledWithoutConfigurationToChange.PNG","170929/D-PCCleaningUtility-170611/3.1.2.0/Images/ACR-084/PopupTaskScheduledWithoutConfigurationToChange1.PNG","170929/D-PCCleaningUtility-170611/3.1.2.0/Images/ACR-168/PCCleaningUtility.PNG"],"nonDeceptorImageFiles":["170929/D-PCCleaningUtility-170611/3.1.2.0/Images/ACR-003/PCCleaningUtility.PNG","170929/D-PCCleaningUtility-170611/3.1.2.0/Images/ACR-003/RaiseUrgencyforUserToTakeAction.PNG","170929/D-PCCleaningUtility-170611/3.1.2.0/Images/ACR-168/PCCleaningUtility.PNG"],"guid":"47fb52ac-e46c-473f-a384-f0fc3b19c0e2_3.1.2.0_1","appID":"D-PCCleaningUtility-170611","dateAdded":"170929","deceptorType":"App","name":"PCCleaningUtility","company":"ShieldApps","version":"3.1.2.0","sigName":"Deceptor:Win32/PCCleaningUtility!003084","firstVendorContactDate":"171219","firstAppEsteemReplyDate":"171219","firstResolvedDate":"171220","firstResolvedVersion":"3.2.7","resolved":"TRUE","lastKnownStatus":"Deceptor: 3.1.6.0","lastKnownDate":"170928","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\",\"enterprise\"]","ageAppropriate":"Child appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-02-15T00:31:27.2876202+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2763},{"violations":{"ACR-003":"App uses color gradient to over emphasize the issues to raise urgency of fixing issues, misleads consumer to take action. App also states that \"PC on risk !\"\nApp Prompts the consumer to \"Don't Uninstall. Your PC may slow down! Don't let your PC with unwanted issues and crash down.\n","ACR-017":"App displays fraudulent Microsoft partner Logo on the software.\n","ACR-168":"App does not disclose that additional offers may be made as a result of one-to-one interactions\n","ACR-117":"App uninstall prompts that the PC may slow down and or crash down if uninstalled\n"},"nonDeceptorViolations":{"ACR-065":"The App install does not provide links to EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe Software does not provide links to EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-163":"App does not provide a non-interactive option for support or for activation of the software, only provides one-to-one interactive option.\nApp does not provide a non-interactive option for support along with the one-to-one interactive option which is provided.\n","ACR-170":"App requires payment to be actives before demonstrating its value and does not provide a non-interactive option for cancellation or returns\n","ACR-092":"App certificate was issued to Longrun Software Private Limited, however the company is not stated in any of the application docs. (EULA, Privacy Policy or Terms of use).\n","ACR-160":"Unable to verify, Please follow up.\n","ACR-150":"App endorsements and/or partnerships are not two-way. Unable to be verified.\n","ACR-159":"Apps landing page did not disclose that the software requires payment for full functionality prior to download and no trial period is offered.\n","ACR-171":"the offer's recurring payment is set to opt-out. Should be opt-in\n","ACR-017":"Non of the endorsement posted on the webpage are able to verified as they are not clickable\n"},"samples":[{"isRevoked":"False","fileName":"pc-smart-cleanup-en.exe","isInstaller":"True","companyName":"PC Smart Cleanup                                            ","fileVersion":"0.0","hashMD5":"e9275dffc527152756b681c6b29959fc","hashSHA1":"81c8800eedbfb11cf4f5c7f48581ec0b4ebdf690","hashSHA256":"3f5b3194b01ffb99ab17e0f9f7f743f661fd222f3634c256140b31ae528b8c20","digitalCertThumbprint":"AA57DD51C739422FD4885940A6B1FCC32D775761","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Longrun Software Private Limited, O=Longrun Software Private Limited, STREET=706 Plot No 7 Roots Tower, STREET=District Centre Laxmi Nagar, L=New Delhi, S=Delhi, PostalCode=110092, C=IN","sourceIndex":"3469","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"],"avAllowList":["Trend Micro Internet Security (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.search","reference":"yahoo.com","landingPage":"http://pcsmartcleanup.com/","directDownloadingLink":"http://pcsmartcleanup.com/download/english/pc-smart-cleanup-en.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://pcsmartcleanup.com/download/english/pc-smart-cleanup-en.exe","sourceIndex":"3469"}],"sampleFiles":["170929/PC Smart Cleanup-170928/4.1/Samples/pc-smart-cleanup-en.exe"],"imageFiles":["170929/PC Smart Cleanup-170928/4.1/Images/ACR-003/ACR-003_APP.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-003/ACR_003_APP_POPUP.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-017/ACR-017_1.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-168/ACR-168_INTERACTION.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-003/ACR-003_Uninstall.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-117/ACR-117_uninstall.PNG"],"nonDeceptorImageFiles":["170929/PC Smart Cleanup-170928/4.1/Images/ACR-017/ACR-017_2.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-150/ACR-150.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-159/ACR-159.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-171/ACR-171.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-065/ACR_065_install.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-163/ACR-163_APP.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-092/ACR-092_certificate.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-170/ACR-170_APP.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-065/ACR_065_Software.PNG","170929/PC Smart Cleanup-170928/4.1/Images/ACR-163/ACR-163_UNINSTALL.PNG"],"guid":"18527bee-a94c-441e-b3c0-bf63e4648010_4.1_1","appID":"PC Smart Cleanup-170928","dateAdded":"170929","deceptorType":"App","name":"PC Smart Cleanup","company":"sparkpcsupport.com","version":"4.1","sigName":"Deceptor:Win32/PCSmartCleanup!003168017117","lastKnownStatus":"Deceptor:5.0","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-12-15T05:44:29.2059799+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2758},{"violations":{"ACR-048":"App installs hidden file under hidden folder C:\\EXTROYAN\\Windows. The standard uninstall method is not available.\n","ACR-003":"Must display the list of malicious content that was found on the system and not just merely show the number of them. Full functionality must be provided in the evaluation copy also.\n","ACR-010":"Disables certain security features of the Operating system \n"},"nonDeceptorViolations":{"ACR-003":"Must display the list of malicious content that was found on the system and not just merely show the number of them. Full functionality must be provided in the evaluation copy also.\n","ACR-010":"Disables certain security features of the Operating system \n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\Cypher\\Desktop\\TEXPLORE_INST_1139.EXE","isInstaller":"True","hashMD5":"dedd5d337138d6150b2014d77af2ff82","hashSHA1":"0f946984b3585e2aae0b4a4975417b87a3ea6524","hashSHA256":"3d55bf3037d65531dd6da529b21d5a90d73230899bf2c37df4c8c7a2a56f8261","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"3781","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Partner","reference":"Cyren researcher","landingPage":"http://www.troyanexplore.com.ar/","ipv4":"","ipv6":"","sourceIndex":"3781"}],"sampleFiles":["170929/D-Texplore-170614/4.6.0.0/Samples/TEXPLORE_INST_1139.EXE"],"imageFiles":["170929/D-Texplore-170614/4.6.0.0/Images/ACR-048/ACR-048_NotListedInPrograms.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-048/ACR-048_UnconventionalInstallationPath01.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-048/ACR-048_UnconventionalInstallationPath02.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR-003_NeedToProvideFullFunctionality01.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR-003_NeedToProvideFullFunctionality02.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR-003_NeedToProvideFullFunctionality03.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR-003_NeedToProvideFullFunctionality04.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR_003_NeedToProvideFullFunctionality.mp4","170929/D-Texplore-170614/4.6.0.0/Images/ACR-010/DisableSecuritySetting.JPG"],"nonDeceptorImageFiles":["170929/D-Texplore-170614/4.6.0.0/Images/ACR-045/DisableSecuritySetting.JPG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR-003_NeedToProvideFullFunctionality01.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR-003_NeedToProvideFullFunctionality02.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR-003_NeedToProvideFullFunctionality03.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR-003_NeedToProvideFullFunctionality04.PNG","170929/D-Texplore-170614/4.6.0.0/Images/ACR-003/ACR_003_NeedToProvideFullFunctionality.mp4","170929/D-Texplore-170614/4.6.0.0/Images/ACR-010/DisableSecuritySetting.JPG"],"guid":"fb177d7a-2dc0-4177-9759-2a359ad6c61c_4.6.0.0_1","appID":"D-Texplore-170614","dateAdded":"170929","deceptorType":"App","name":"TExploreAV","company":"TExplore","version":"4.6.0.0","sigName":"Deceptor:Win32/TExplore!003010048","firstVendorContactDate":"170912","firstAppEsteemReplyDate":"170912","firstResolvedDate":"170921","firstResolvedVersion":"11.53","resolved":"TRUE","lastKnownStatus":"Deceptor:4.6.0.0","lastKnownDate":"170622","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 8\",\"Windows 10\",\"Windows 7\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\",\"enterprise\"]","ageAppropriate":"Child appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-02-15T00:21:58.7576113+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2760},{"violations":{"ACR-003":"The app exaggerates registry issues as an error or a problem, thereby misleading or scaring consumer to take action .\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumers knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-040":"The app installs its components \"WINCTL5.OCX\", \"WINLCTL6.DLL\", \"WINUTIL8.DLL\"  to \"C:\\Windows\\SysWOW64\" instead of standard location \"C:\\Program Files (x86)\\Winferno\\RegistryPowerCleaner\" without the consumers knowledge.\n","ACR-065":"The app needs to disclose EULA, Returns & Cancellation Policy on the landing page.\nThe app needs to disclose Privacy Policy on software.\n","ACR-002":"The app needs to have an identical name across all points of user interaction. E.g.: The company name of app's component is not identical \"Winferno.com \", \"Capital Intellect Inc\", \"Winferno\".\n","ACR-092":"Digital signature is required for all the executables which are installed along with the application.\n","ACR-099":"The app requires to disclose uninstall information on the landing page.\nThe app requires to disclose uninstall information on the software.\n","ACR-068":"The app Requires provide a clear and precise information about its offers to the user. i.e. The price of the product in landing page and internal offer is different.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\K7User\\Desktop\\RPC2015-TI.exe","isInstaller":"True","companyName":"Winferno.com","productName":"Winferno Registry Power Cleaner","productVersion":"2015","fileVersion":"","hashMD5":"d25983fb7db904f0445b840a2259a857","hashSHA1":"be3058590b5647268e416bdb45e49ad735060c73","hashSHA256":"09b0d9b7cb591a0ef37158a5de87a3639bf2ff6d26ebd7635f98dfb674d0822a","digitalCertThumbprint":"8E1D272A0E96193110017BCF982B3E5DC2B19B56","digitalCertIssuer":"VeriSign Class 3 Code Signing 2010 CA","digitalCertIssuedTo":"Capital Intellect Inc","sourceIndex":"3458","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Informer.com","landingPage":"http://www.winferno.com/downloads.aspx","ipv4":"","ipv6":"","sourceIndex":"3458"}],"sampleFiles":[],"imageFiles":["170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-003/ACR-003_ExaggeratedReportMisleadsUserTakeAction.JPG","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-003/ACR-003_Software_Exaggerates_As_Errors.JPG","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-003/ACR-003_Software_Exaggerates_As_Errors.mp4","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-084/ACR-084_Software_Undisclosed_Scheduled_Task.JPG","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-084/ACR-084_Software_Undisclosed_Scheduled_Task.mp4"],"nonDeceptorImageFiles":["170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-068/ACR-068_Landing_Page_Confusing_Offer.JPG","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-065/ACR-065_Landing_Page_No_Eula_Return_Policy.JPG","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-065/ACR-065_Software_Need_To_Disclose_Privacy_Policy.JPG","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-099/ACR-099_Landing_Page_No_Uninstall_Info.JPG","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.JPG","170929/RegistryPowerCleaner-170928/0.0.0.0/Images/ACR-099/ACR-099_Software_No_Uninstall_Info.mp4"],"guid":"35765095-5762-4335-9a8e-1119b6d3acec_0.0.0.0_1","appID":"RegistryPowerCleaner-170928","dateAdded":"170929","deceptorType":"App","name":"Winferno Registry Power Cleaner","company":"Capital Intellect Inc","version":"0.0.0.0","sigName":"Deceptor:Win32/RegistryPowerCleaner!003084","lastKnownStatus":"Deceptor: 2015.01.0011","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2018-12-15T07:03:23.0398571+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2757},{"violations":{"ACR-003":"App exaggerates empty reigstry keys are Medium/High impact issue to system stability and computer speed.","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates empty reigstry keys are Medium/High impact issue to system stability and computer speed."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Auslogics","productName":"BoostSpeed","productVersion":"9.x","fileVersion":"9.1.2.0","hashMD5":"d33b1f49c44a35ee212a353aca7aef63","hashSHA1":"58d11f0c8089c98dc76e29a68deecc6ecee23e4b","hashSHA256":"72bb30818602751ad36c59aafc0fb5ef68598d7730b191edd68e501f3d31f3ca","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3782","dateAdded":"170804","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"boost_speed_stub_installer.exe","isInstaller":"True","companyName":"Auslogics","productName":"BoostSpeed","productVersion":"9.x","fileVersion":"9.1.4.0","hashMD5":"3a5a9d11a438e9dea454d4f1d1d5a502","hashSHA1":"58fc329754c9508c083b54dcfc24d4960b204c78","hashSHA256":"6939258f19dbbe1b14ee4ddde1fe2608947b40fc0b832f090182345ea6eabdb8","digitalCertThumbprint":"17ee7405669a017a96d2654d75c96e1f3da96c19","digitalCertIssuer":"AU, Private Organization, 163 028 662, AU, New South Wales, Sydney, Auslogics Labs Pty Ltd, Auslogics Labs Pty Ltd","digitalCertIssuedTo":"AU, Private Organization, 163 028 662, AU, New South Wales, Sydney, Auslogics Labs Pty Ltd, Auslogics Labs Pty Ltd","sourceIndex":"3782","dateAdded":"170804","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"https://www.pissedconsumer.com/auslogics/RT-F.html","landingPage":"https://www.auslogics.com/en/software/boost-speed/","directDownloadingLink":"http://static.auslogics.com/en/boost-speed/9/boost_speed_stub_installer.exe","ipv4":"198.232.127.32","sourceIndex":"3782"}],"sampleFiles":["170921/D-BoostSpeed9-00005/9.x/Samples/boost_speed_stub_installer.exe","170921/D-BoostSpeed9-00005/9.x/Samples/boost_speed_stub_installer_3A5A.exe"],"imageFiles":["170921/D-BoostSpeed9-00005/9.x/Images/ACR-048/ACR-048_Install.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-048/ACR-048_Install.mp4","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_LandingPage.mp4","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_Software.mp4","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_LandingPage.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_Software1.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_Software2.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ExaggeratedHighImpactIssue.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-165/ACR-165_LandingPage.PNG"],"nonDeceptorImageFiles":["170921/D-BoostSpeed9-00005/9.x/Images/ACR-065/ACR-065_Install.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-065/ACR-065_LandingPage.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-065/ACR-065_Software.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-161/ACR-161_Install.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-161/ACR-161_LandingPage1.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-161/ACR-161_LandingPage2.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-163/ACR-163_LandingPage.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-035/ACR-035_Docs.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-167/ACR-167_Docs1.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-167/ACR-167_Docs2.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-054/ACR-054_InternalOffers1.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-054/ACR-054_InternalOffers2.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-054/ACR-054_InternalOffers3.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-058/ACR-058_LandingPage.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-029/ACR-029_Interstitial.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_LandingPage.mp4","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_Software.mp4","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_LandingPage.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_Software1.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ACR-003_Software2.PNG","170921/D-BoostSpeed9-00005/9.x/Images/ACR-003/ExaggeratedHighImpactIssue.PNG"],"guid":"cbe4d02c-6099-4626-b0a0-4559e92f8ba9_9.x_1","appID":"D-BoostSpeed9-00005","dateAdded":"170921","deceptorType":"App","name":"BoostSpeed","company":"Auslogics","version":"9.x","sigName":"Deceptor:Win32/BoostSpeed!003","firstVendorContactDate":"170315","firstAppEsteemReplyDate":"170315","firstResolvedDate":"170920","firstResolvedVersion":"NotDeceptor: 9.2.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor:9.1.4.0","lastKnownDate":"170920","lastUpdate":"2018-02-15T00:21:57.4244169+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2764},{"violations":{"ACR-003":"The app exaggerates the \"Missing file\" ,\"Path not found\" as registry errors and portrays the importance as \"Medium”, thereby misleading or scaring the consumer to take action.\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent.\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n\n","ACR-118":"When the consumer attempts to completely uninstall the application, it deliberately retains some of its components on the device without the consumer's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"CPerformer_4993.exe","isInstaller":"True","hashMD5":"e5e3432d7f32d6cee6f23398cdb7707b","hashSHA1":"9a3b89c8a28a71c42df7dd932501228fca3e4061","hashSHA256":"17de2eaa08fa7857f7deef28846044b97c7538f7d40ca995f44786bd2fa83b9d","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"3459","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Submission ","reference":"submission from software.informer.com","landingPage":"http://www.pcperformer.com/","ipv4":"","ipv6":"","sourceIndex":"3459"}],"sampleFiles":[],"imageFiles":["170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-003/ACR-003_Software_ExaggeratedErrors.mp4","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-003/ACR-003_Software_ExaggeratedErrors_1.JPG","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-003/ACR-003_Software_ExaggeratedErrors_2.JPG","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-003/ACR-003_Software_ExaggeratedErrors_3.JPG","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-003/ACR-003_Software_ExaggeratedErrors_4.JPG","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsentInspiteOfChoosingDoNotSchedule.JPG","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsentInspiteOfChoosingDoNotSchedule.mp4","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-118/ACR-118_Uninstall_BinariesLeftBehindAfterUninstallation.mp4","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-118/ACR-118_Uninstall_BinariesLeftBehindAfterUninstallation_1.JPG","170915/D-PCPerformer-170913/12.0.0.218/Images/ACR-118/ACR-118_Uninstall_BinariesLeftBehindAfterUninstallation_2.JPG"],"nonDeceptorImageFiles":[],"guid":"5105ca94-1584-4f9a-9a6e-c19953fb0983_12.0.0.218_1","appID":"D-PCPerformer-170913","dateAdded":"170915","deceptorType":"App","name":"PC Performer","company":"PerformerSoft","version":"12.0.0.218","sigName":"Deceptor:Win32/PCPerformer!003084168118","lastKnownStatus":"Deceptor: 12.0.0.218","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center, paid","lastUpdate":"2018-12-15T07:00:22.4413948+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2765},{"violations":{"ACR-003":"The app reports identified issues with exaggerated numbers and portrays the importance as \"Medium\", thereby misleading or scaring the consumer to take action.\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"nonDeceptorViolations":{"ACR-003":"The app reports identified issues with exaggerated numbers and portrays the importance as \"Medium\", thereby misleading or scaring the consumer to take action.\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"C:\\Users\\K7User\\Desktop\\asosetup.exe","isInstaller":"True","companyName":"ASO3","productName":"Advanced System Optimizer","productVersion":"3.9.3636.16880","fileVersion":"Advanced System Opti","hashMD5":"915e9a7549ce83832df3519c326d36da","hashSHA1":"396c7aa479e7cfd714e569569d1c6fa9984b70fc","hashSHA256":"4a60b5217d115ed1d55237142440e654f837ea802bd6d931f651e951fbcfaecb","digitalCertThumbprint":"48F571D383DB36041A88045E8586D1FB437E6069","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Systweak Software","sourceIndex":"3697","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"Systweek","landingPage":"https://www.systweak.com/advanced-system-optimizer/","ipv4":"","ipv6":"","sourceIndex":"3697"}],"sampleFiles":[],"imageFiles":["170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues.mp4","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_1.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_2.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_3.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_4.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_5.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_6.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_7.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_8.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.mp4","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4"],"nonDeceptorImageFiles":["170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues.mp4","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_1.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_2.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_3.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_4.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_5.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_6.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_7.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_8.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170913/D-AdvancedSystemOptimizer-170912/3.9.3636.16880/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4"],"guid":"72ef2778-99f4-4bdb-81be-bc652d575147_3.9.3636.16880_1","appID":"D-AdvancedSystemOptimizer-170912","dateAdded":"170913","deceptorType":"App","name":"Advanced System Optimizer","company":"Systweak Software","version":"3.9.3636.16880","sigName":"Deceptor:Win32/AdvancedSystemOptimizer!003084168","firstVendorContactDate":"170914","firstAppEsteemReplyDate":"170914","firstResolvedDate":"171006","firstResolvedVersion":"3.9.3645.16880","resolved":"TRUE","lastKnownStatus":"Deceptor:3.9.3636.16880","lastKnownDate":"170912","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"call center, paid","lastUpdate":"2018-02-15T00:40:58.288506+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2766},{"violations":{"ACR-043":"Third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page. Ex.: libclamav_llvm.dll, libclamunrar.dll, etc.\n","ACR-107":"App has antivirus component based on open source solution (ClamAV) without disclaiming and honoring open source license.\n","ACR-168":"The app support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"nonDeceptorViolations":{"ACR-107":"App has antivirus component based on open source solution (ClamAV) without disclaiming and honoring open source license.\n","ACR-168":"The app support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"TeflonSecuritySuite.exe","isInstaller":"True","companyName":"Teflon Tech","productName":"Teflon Security Suite","productVersion":"1.0.1.9","fileVersion":"1.0.1.9","hashMD5":"3ec18ba382d6286061cb1c0c97c1c9bb","hashSHA1":"bc501af9527a5157f626604717a0961b3f1d4e6c","hashSHA256":"e05409eac4b42e2eeba3b5e19157d1bc66630ef77574f0fbd12900961f836a5a","digitalCertThumbprint":"B89574F09D46FCACF8514572B8928F82AF5153E3","digitalCertIssuer":"MEGIDDO TECNOLOGIA SOCIEDAD CIVIL","digitalCertIssuedTo":"MEGIDDO TECNOLOGIA SOCIEDAD CIVIL","sourceIndex":"3734","dateAdded":"170904","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Partner","reference":"Security researcher reports","landingPage":"www.teflonsecurity.com","ipv4":"","ipv6":"","sourceIndex":"3734"}],"sampleFiles":["170904/D-TeflonSecurity-170902/Samples/TeflonSecuritySuite.exe"],"imageFiles":["170904/D-TeflonSecurity-170902/Images/ACR-043/ACR-043_Install_ClamWin_Antivirus_Engine.JPG","170904/D-TeflonSecurity-170902/Images/ACR-043/ACR-043_Install_ClamWin_Antivirus_Engine.mp4","170904/D-TeflonSecurity-170902/Images/ACR-168/ACR-168_Software_Support_Number.JPG"],"nonDeceptorImageFiles":["170904/D-TeflonSecurity-170902/Images/ACR-168/ACR-168_Software_Support_Number.JPG"],"guid":"feedf14e-3b07-4c4a-969d-1c4d8c48abcb_1.0.1.9_1","appID":"D-TeflonSecurity-170902","dateAdded":"170904","deceptorType":"App","name":"Teflon Security Suite","company":"MEGIDDO TECNOLOGIA SOCIEDAD CIVIL","version":"1.0.1.9","sigName":"Deceptor:Win32/TeflonSecurity!107043168","lastKnownStatus":"Deceptor: 1.0.1.9","lastKnownDate":"170903","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\"]","lastUpdate":"2018-02-15T00:30:57.1363+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2767},{"violations":{"ACR-003":"The app exaggerates the local trace files (Recycle bin, temp files, history) as issues/threats and portrays the importance as “High”, thereby misleading or scaring the consumer to take action.\n","ACR-017":"The app elevates its user trust level by displaying unverifiable endorsements.\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumers knowledge and consent.\n","ACR-168":"1.The app displays a support call center phone number , but does not disclose that additional offers may be made on the one-on-one interaction with the consumers. \r\n2.The app displays a support call center phone number , but does not provide an equally prominent non-interaction option to the consumers.\n"},"nonDeceptorViolations":{"ACR-003":"The app exaggerates the local trace files (Recycle bin, temp files, history) as issues/threats and portrays the importance as “High”, thereby misleading or scaring the consumer to take action.\n","ACR-017":"The app elevates its user trust level by displaying unverifiable endorsements.\n","ACR-168":"1.The app displays a support call center phone number , but does not disclose that additional offers may be made on the one-on-one interaction with the consumers. \r\n2.The app displays a support call center phone number , but does not provide an equally prominent non-interaction option to the consumers.\n"},"samples":[{"isRevoked":"False","fileName":"PrivacyDR2016Setup.exe","isInstaller":"True","companyName":"EuroTrade A.L. Ltd","productName":"Privacy Dr 2016","productVersion":"3.1.7","fileVersion":"3.1.7","hashMD5":"3636853cb50719f8d43fc920871b18ec","hashSHA1":"fa12a16fc7b1b6dcb344c5958b6fb290ca55107a","hashSHA256":"a4c99bd1c49e2477d3522a93034aa6f40fe8c4a6391da61a410bce8468dd03e5","digitalCertThumbprint":"7CA4559226AD7677D6AA3A0C65C27D7FF4E56EB7","digitalCertIssuer":"Eurotrade","digitalCertIssuedTo":"Eurotrade","sourceIndex":"3717","dateAdded":"170904","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"shouldiremoveit.com","landingPage":"http://www.privacydr.com/","ipv4":"","ipv6":"","sourceIndex":"3717"}],"sampleFiles":["170904/D-PrivacyDR-170902/Samples/PrivacyDR2016Setup.exe"],"imageFiles":["170904/D-PrivacyDR-170902/Images/ACR-003/ACR-003_Software_Exaggerates_As_Threat.JPG","170904/D-PrivacyDR-170902/Images/ACR-003/ACR-003_Software_Exaggerates_As_Threat.mp4","170904/D-PrivacyDR-170902/Images/ACR-003/ACR-003_Software_Exaggerates_Local_System_Trace.JPG","170904/D-PrivacyDR-170902/Images/ACR-003/ACR-003_Software_Exaggerating_System_Health.JPG","170904/D-PrivacyDR-170902/Images/ACR-017/ACR-017_Software_Unverifiable_endorsements.JPG","170904/D-PrivacyDR-170902/Images/ACR-084/ACR-084_Software_Undisclosed_Scheduled_Task.JPG","170904/D-PrivacyDR-170902/Images/ACR-084/ACR-084_Software_Undisclosed_Scheduled_Task.mp4","170904/D-PrivacyDR-170902/Images/ACR-168/ACR-168_Software_Support_Number.JPG"],"nonDeceptorImageFiles":["170904/D-PrivacyDR-170902/Images/ACR-003/ACR-003_Software_Exaggerates_As_Threat.JPG","170904/D-PrivacyDR-170902/Images/ACR-003/ACR-003_Software_Exaggerates_As_Threat.mp4","170904/D-PrivacyDR-170902/Images/ACR-003/ACR-003_Software_Exaggerates_Local_System_Trace.JPG","170904/D-PrivacyDR-170902/Images/ACR-003/ACR-003_Software_Exaggerating_System_Health.JPG","170904/D-PrivacyDR-170902/Images/ACR-017/ACR-017_Software_Unverifiable_endorsements.JPG","170904/D-PrivacyDR-170902/Images/ACR-168/ACR-168_Software_Support_Number.JPG"],"guid":"c4e61b10-be94-4c8a-b18e-e5f4bcb606ff_3.1.7_1","appID":"D-PrivacyDR-170902","dateAdded":"170904","deceptorType":"App","name":"Privacy Dr","company":"EuroTrade A.L. Ltd","version":"3.1.7","sigName":"Deceptor:Win32/PrivacyDr!003084168017","lastKnownStatus":"Deceptor:3.1.7","lastKnownDate":"210113","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\",\"up-sell to paid\",\"call center\"]","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2768},{"violations":{"ACR-043":"Third party components are installed which are not disclosed to the consumer in the EULA and offer or landing page. Ex.: \"libclamav.dll\" and \"clamscan.exe\", etc.\n","ACR-047":"The app offers to purchase despite the consumer's attempt to close the application each and every time.\n","ACR-107":"App has antivirus component based on open source solution (ClamAV) without disclaiming and honoring open source license.\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"nonDeceptorViolations":{"ACR-047":"The app offers to purchase despite the consumer's attempt to close the application each and every time.\n","ACR-107":"App has antivirus component based on open source solution (ClamAV) without disclaiming and honoring open source license.\n","ACR-168":"The app displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"wzmp_8.exe","isInstaller":"True","companyName":"WinZip International LLC","productName":"WinZip Malware Protector","productVersion":"2.1.1000.22182","fileVersion":"WinZip Malware Prote","hashMD5":"e47cea9396fe46888221027775b93a99","hashSHA1":"bc37b314f6d653dbe2d4388989d4d385b88319a9","hashSHA256":"39bc4623f02319e78b0ee284f267a1bd5288aeb728f92d67637aebc0273da9db","digitalCertThumbprint":"55DAAE5131F2066E44C3947AABA2C4E6A512AE15","digitalCertIssuer":"Corel Corporation","digitalCertIssuedTo":"Corel Corporation","sourceIndex":"3751","dateAdded":"170901","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"","landingPage":"http://www.winzipsystemtools.com/malware-protector.html","ipv4":"","ipv6":"","sourceIndex":"3751"}],"sampleFiles":[],"imageFiles":["170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-043/ACR-043_Install_ThirdPartyComponentsNotDisclosed.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-043/ACR-043_Install_ThirdPartyComponentsNotDisclosed.mp4","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-107/ACR-043_Install_ThirdPartyComponentsNotDisclosed.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-047/ACR-047_InlineOffer_PurchaseOfferOnClose.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-047/ACR-047_InlineOffer_PurchaseOfferOnClose.mp4","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-107/ACR-043_Install_ThirdPartyComponentsNotDisclosed.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-017/ACR-017_Install_Norton_Seal.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-017/ACR-017_Install_Norton_Seal.mp4","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-084/ACR-084_Software_TaskSchedulerEventAddedWithoutInformingCustomer.mp4","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-084/ACR-084_software_TaskSchedulerEventAddedWithoutInformingCustomer.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-168/ACR-168_Software_CallCenterNumberWithoutDisclaimer.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-168/ACR-168_Software_CallCenterNumberWithoutDisclaimer.mp4","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-168/ACR-168_Software_CallCenterNumberWithoutDisclaimer2.JPG"],"nonDeceptorImageFiles":["170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-047/ACR-047_InlineOffer_PurchaseOfferOnClose.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-047/ACR-047_InlineOffer_PurchaseOfferOnClose.mp4","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-107/ACR-043_Install_ThirdPartyComponentsNotDisclosed.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-017/ACR-017_Install_Norton_Seal.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-017/ACR-017_Install_Norton_Seal.mp4","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-168/ACR-168_Software_CallCenterNumberWithoutDisclaimer.JPG","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-168/ACR-168_Software_CallCenterNumberWithoutDisclaimer.mp4","170831/D-WinZipMalwareProtector-170830/2.1.1000.22182/Images/ACR-168/ACR-168_Software_CallCenterNumberWithoutDisclaimer2.JPG"],"guid":"3bdad596-2d64-4f32-aadf-575b57b9f5ca_2.1.1000.22182_1","appID":"D-WinZipMalwareProtector-170830","dateAdded":"170831","deceptorType":"App","name":"WinZip Malware Protector","company":"WinZip International LLC","version":"2.1.1000.22182","sigName":"Deceptor:Win32/WinZipMalwareProtector!043084107168047","firstVendorContactDate":"171101","firstAppEsteemReplyDate":"171101","firstResolvedDate":"171117","firstResolvedVersion":"2.1.1000.23536","resolved":"TRUE","lastKnownStatus":"Deceptor: 2.1.1000.22182","lastKnownDate":"170831","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\"]","lastUpdate":"2018-02-15T00:26:58.5443912+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2769},{"violations":{"ACR-003":"The app exaggerates \"shared program\", \"Com/ActiveX\", \"temporary internet files\", \"invalid shortcuts\"  as an errors/problems and misleads user to believe these items slowing computer with alerting note, thereby misleading or scaring consumer to take action.\n"},"nonDeceptorViolations":{"ACR-003":"The app exaggerates \"shared program\", \"Com/ActiveX\", \"temporary internet files\", \"invalid shortcuts\"  as an errors/problems and misleads user to believe these items slowing computer with alerting note, thereby misleading or scaring consumer to take action.\n"},"samples":[{"isRevoked":"False","fileName":"OptimizerPro.exe","isInstaller":"True","companyName":"PC Utilities Pro","productName":"PC Utilities Pro","productVersion":"3.0.1.0","fileVersion":"3.0.1.0","hashMD5":"fd0887c831d9963b0a66ee65b4a6215f","hashSHA1":"97bc18080027f74408619b56815956e37e0c41e0","hashSHA256":"c986e2ecafafeafb7a55c77ddecedaa7138d4abffe5ab3a6eecc3d54e272d581","digitalCertThumbprint":"E62110B9941B6913AAE2BFA28865554B16D62BD3","digitalCertIssuer":"Go Daddy Secure Certification Authority","digitalCertIssuedTo":"Subeo Tech Inc.","sourceIndex":"3735","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"OptimizerPro_745c.exe","isInstaller":"True","companyName":"PC Utilities Pro","productName":"PC Utilities Pro","productVersion":"3.3.1.7","fileVersion":"3.3.1.7","hashMD5":"745c36d681fe1ff886a41bf405db0164","hashSHA1":"d42a81b02455503963a96c077df2ccfe7e23f07d","hashSHA256":"2ae5dc10a46f1caa04d2582b50cfc54f5268061bf818e78f6421b945a97d0c74","digitalCertThumbprint":"9dea923f939c82252096885a4616a227f69f2824","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"PC Utilities Software Limited","sourceIndex":"3735","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.pcutilitiespro.com/en/optimizer-pro/","directDownloadingLink":"http://www.pcutilitiespro.com/en/download-optimizer-pro/","ipv4":"","ipv6":"","sourceIndex":"3735"}],"sampleFiles":["170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Samples/OptimizerPro.exe","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Samples/OptimizerPro_745c.exe"],"imageFiles":["170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggerate_As_Errors.JPG","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggerate_As_Errors.mp4","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggerated_claims.JPG","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggeration_Might_Scare_Consumer.JPG","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/Summary.PNG"],"nonDeceptorImageFiles":["170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggerate_As_Errors.JPG","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggerate_As_Errors.mp4","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggerated_claims.JPG","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggeration.JPG","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/ACR-003_Software_Exaggeration_Might_Scare_Consumer.JPG","170817/D-PCUtilitiesProOptimizerPro-170815/3.0.1.0/Images/ACR-003/Summary.PNG"],"guid":"c5d5efd7-6b96-473f-9112-1b44ebc00cd8_3.0.1.0_1","appID":"D-PCUtilitiesProOptimizerPro-170815","dateAdded":"170817","deceptorType":"App","name":"PCUtilitiesProOptimizerPro","company":"PC UTILITIES PRO SOFTWARE LIMITED","version":"3.0.1.0","sigName":"Deceptor:Win32/PCUtilitiesProOptimizerPro!003","firstResolvedDate":"171129","firstResolvedVersion":"3.3.1.7","resolved":"TRUE","lastKnownStatus":"Deceptor: 3.0.1.0","lastKnownDate":"171121","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:30:34.3015368+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2770},{"violations":{"ACR-003":"The app exaggerates legitimate system files as \"Dangerous Files\", thereby misleading or scaring consumer to take action.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"removeitpro_trial_DEA0.exe","isInstaller":"True","companyName":"InCode Solutions","productVersion":"16.18","hashMD5":"dea0949a2d65189e059f5360e58e26b9","hashSHA1":"327229c289acc9e4e810f39428dd90fc9d47c23f","hashSHA256":"ba1f865be5b6fd60d3393ab51435c048802e8264110b4cc5c08a5893b7d31147","digitalCertThumbprint":"264515fad7ea12a3d5d18e3d920cc517b94235cf","digitalCertIssuer":"HR, 51221, Kostrena, Kostrena, Zuknica 31, Damjan Irgolic, Damjan Irgolic","digitalCertIssuedTo":"HR, 51221, Kostrena, Kostrena, Zuknica 31, Damjan Irgolic, Damjan Irgolic","sourceIndex":"3460","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.incodesolutions.com/","ipv4":"","ipv6":"","sourceIndex":"3460"}],"sampleFiles":[],"imageFiles":["170816/D-RemoveITPro-170812/16.24/Images/ACR-003/ACR-003_Software_Danger.PNG","170816/D-RemoveITPro-170812/16.24/Images/ACR-003/ACR-003_Software_FalselyDetected.PNG","170816/D-RemoveITPro-170812/16.24/Images/ACR-003/ACR-003_Software_FalselyDetected02.JPG","170816/D-RemoveITPro-170812/16.24/Images/ACR-003/ACR-003_Software_FalselyDetected03.JPG","170816/D-RemoveITPro-170812/16.24/Images/ACR-003/ACR-003_Software_SuspiciousFalse.mp4","170816/D-RemoveITPro-170812/16.24/Images/ACR-003/RemoveITProNoTrustWorthyScanResult.PNG","170816/D-RemoveITPro-170812/16.24/Images/ACR-003/RemoveITPro_NonTrustWorthyResult1.PNG"],"nonDeceptorImageFiles":[],"guid":"429afc7c-ce6f-4d63-a49d-981c40876c78_16.24_1","appID":"D-RemoveITPro-170812","dateAdded":"170816","deceptorType":"App","name":"RemoveIT Pro","company":"InCode Solutions","version":"16.24","sigName":"Deceptor: Win32/RemoveITPro!003","lastKnownStatus":"Deceptor: 16.0.2.136","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10,Windows Server","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid","lastUpdate":"2018-12-15T06:53:55.0353123+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2772},{"violations":{"ACR-003":"App exaggeratedly claims potential improvement with cleaning log and cache files, misleads user to take action.\n","ACR-168":"No disclosure about additional offer may be made during call center service.\n"},"nonDeceptorViolations":{"ACR-003":"App exaggeratedly claims potential improvement with cleaning log and cache files, misleads user to take action.\n","ACR-168":"No disclosure about additional offer may be made during call center service.\n"},"samples":[{"isRevoked":"False","fileName":"tuneupmymac_macsite_D2DA.pkg","isInstaller":"True","companyName":"Systweak Software Private Limited","productName":"TuneupMyMac","productVersion":"1.18","fileVersion":"1.18","hashMD5":"d2da29e8df9c1c68bc4d18c7e9545b20","hashSHA1":"547730177de2716673875561cdb2572f8765c5ce","hashSHA256":"40e138319d5fd57e19ee32bc3e9d100f9f2eec814e257cc3a9da3f2e4d386b04","digitalCertThumbprint":"D55E8E22FEE6BE3DB90450999F410C4A20D34047","digitalCertIssuer":"Developer ID Installer: Systweak Software Limited (TEJH3V76BJ)","digitalCertIssuedTo":"Developer ID Installer: Systweak Software Limited (TEJH3V76BJ)","sourceIndex":"3805","dateAdded":"170816","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"","landingPage":"http://www.tuneupmymac.com","ipv4":"","ipv6":"","sourceIndex":"3805"}],"sampleFiles":["170816/D-TuneupMyMac-170813/Samples/tuneupmymac_macsite.pkg"],"imageFiles":["170816/D-TuneupMyMac-170813/Images/ACR-003/TuneupMyMacExit.PNG","170816/D-TuneupMyMac-170813/Images/ACR-168/TuneupMyMacScanResult.PNG"],"nonDeceptorImageFiles":["170816/D-TuneupMyMac-170813/Images/ACR-003/TuneupMyMacExit.PNG","170816/D-TuneupMyMac-170813/Images/ACR-168/TuneupMyMacScanResult.PNG"],"guid":"8f01f566-4d7c-4d7f-8f22-e9e4d0eb5f99_1.18_1","appID":"D-TuneupMyMac-170813","dateAdded":"170816","deceptorType":"App","name":"TuneupMyMac","company":"Systweak Software Private Limited","version":"1.18","sigName":"Deceptor:MacOS/TuneupMyMac!003168","firstVendorContactDate":"170827","firstAppEsteemReplyDate":"170827","firstResolvedDate":"170827","firstResolvedVersion":"1.19","resolved":"TRUE","lastKnownStatus":"Deceptor: 1.18","lastKnownDate":"170814","type":"MacOS App","category":"[\"SysTools & Utilities\"]","targetOS":"[\"MacOS\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\",\"up-sell to paid\",\"call center\"]","lastUpdate":"2018-02-15T00:14:56.9248669+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2771},{"violations":{"ACR-043":"One or more third party components are installed which are not disclosed to the user in the EULA or landing page.\n","ACR-003":"The application exaggerates the local trace files (Recycle bin, temp files, history) as issues/threats and portrays the importance as “High”, thereby misleading or scaring the consumer to take action.\n","ACR-017":" The application fraudulently elevates its user trust level by displaying unverifiable  endorsements. \n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the consumers knowledge and consent.\n","ACR-168":" 1.The application displays a support call center phone number , but does not disclose that additional offers may be made on the one-on-one interaction with the user.\n2.The application displays a support call center phone number , but does not provide an equally prominent non-interaction option to the user. \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PCMAXPrivacyShieldSetup_regular.exe","isInstaller":"True","companyName":"PC MAX Privacy Shield","productName":"PC MAX Privacy Shield","productVersion":"3.2.0","fileVersion":"3.2.0.0","hashMD5":"179eac4daa60596fadb743cfcedc2a80","hashSHA1":"8c9345506d6128dbba171e95a2fd077e9a363e42","hashSHA256":"a49a8a4efb261edf812151947e5b02ffb368a67db3945bf38de1cde0228a740f","digitalCertThumbprint":"EEF140381C3C48E966B74C9FF895A9DD6A7B49D1","digitalCertIssuer":"MTI Software Solutions","digitalCertIssuedTo":"MTI Software Solutions","sourceIndex":"3471","dateAdded":"170809","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"Should I remove it.com","landingPage":"http://www.pcmaxprivacyshield.com/","ipv4":"","ipv6":"","sourceIndex":"3471"}],"sampleFiles":[],"imageFiles":["170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-043/ACR-043_Install_ThirdPartyComponentsInstalledWithoutDisclosure.mp4","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues.mp4","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_1.JPG","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_2.JPG","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_3.JPG","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-003/ACR-003_Software_ExaggeratedIssues_4.JPG","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-003/ThreatAlert.PNG","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-017/ACR-017_Software_UnverifibaleEndorsement.JPG","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-017/ACR-017_Software_UnverifibaleEndorsement.mp4","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.JPG","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.mp4","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170813/D-PCMAXPrivacyShield-170808/3.2.0.0/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4"],"nonDeceptorImageFiles":[],"guid":"92ee5887-a3ef-4b5b-8251-c9b7c1389826_3.2.0.0_1","appID":"D-PCMAXPrivacyShield-170808","dateAdded":"170813","deceptorType":"App","name":"PC MAX Privacy Shield","company":"PC MAX Privacy Shield","version":"3.2.0.0","sigName":"Deceptor:Win32/PCMaxPrivacyShield!003043168017084","lastKnownStatus":"Deceptor: 3.2.0.0","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,call center","lastUpdate":"2018-12-15T05:42:20.3127896+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2774},{"violations":{"ACR-003":"The application exaggerates “Video System Tweaks & Network Tweaks” as a “Critical” or \"Serious\" system impact issue, thereby misleading or scaring the user to take action.\n","ACR-084":"The application runs silently in the background, hiding the fact that it is active from the consumer. \n* fixed in 12.3.0.27\n","ACR-168":"1. The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n2. The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n*fixed in 12.3.0.27\n","ACR-118":"When the user attempts to uninstall the application, it deliberately retains \"VersionUpdater.exe\" on the device without the user's consent.\n*fixed in 12.3.0.27\n"},"nonDeceptorViolations":{"ACR-003":"The application exaggerates “Video System Tweaks & Network Tweaks” as a “Critical” or \"Serious\" system impact issue, thereby misleading or scaring the user to take action.\n","ACR-168":"1. The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\n2. The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the user\n*fixed in 12.3.0.27\n"},"samples":[{"isRevoked":"False","fileName":"SystemKeeperInst.exe","isInstaller":"True","companyName":"Monterix","productName":"System Keeper","productVersion":"12.3.0.24","fileVersion":"12.3.0.24","hashMD5":"ff3b96988d38fd83685f1b05bd7cc484","hashSHA1":"29b0ce88263a0839042207ada876d654a0fb8666","hashSHA256":"fc206830ef97143aa11b6eddef34275c15c5e1cd061da982514a4c03bd5c4fcf","digitalCertThumbprint":"A858700679126F51623B26108E83D4E70BF36ED2","digitalCertIssuer":"Monterix LLC","digitalCertIssuedTo":"Monterix LLC","sourceIndex":"3705","dateAdded":"170809","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.systemkeeper.software/","ipv4":"","ipv6":"","sourceIndex":"3705"}],"sampleFiles":["170813/D-SystemKeeper-170808/12.3.0.24/Samples/SystemKeeperInst.exe"],"imageFiles":["170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-003/ACR-003_Software_ExaggeratedIssuesAndDoesNotDiscloseActualIssues.JPG","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-003/ACR-003_Software_ExaggeratedIssuesAndDoesNotDiscloseActualIssues.mp4","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-003/SystemKeeper.PNG","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-084/ACR-084_Software_PermenantProcess.JPG","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-084/ACR-084_Software_PermenantProcess.mp4","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-168/ACR-168_Software_OneToOneMoreProminent03.JPG","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-118/ACR-118_Software_UpdaterFileLeftBehind.JPG","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-118/ACR-118_Software_UpdaterFileLeftBehind.mp4"],"nonDeceptorImageFiles":["170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-003/ACR-003_Software_ExaggeratedIssuesAndDoesNotDiscloseActualIssues.JPG","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-003/ACR-003_Software_ExaggeratedIssuesAndDoesNotDiscloseActualIssues.mp4","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-003/SystemKeeper.PNG","170813/D-SystemKeeper-170808/12.3.0.24/Images/ACR-168/ACR-168_Software_OneToOneMoreProminent03.JPG"],"guid":"0e139e7e-928a-4846-b1bd-57124c6dc758_12.3.0.24_1","appID":"D-SystemKeeper-170808","dateAdded":"170813","deceptorType":"App","name":"SystemKeeper","company":"Monterix","version":"12.3.0.24","sigName":"Deceptor:Win32/SystemKeeper!003168084118","firstVendorContactDate":"170824","firstAppEsteemReplyDate":"170824","firstResolvedDate":"170909","firstResolvedVersion":"12.0.0.30","resolved":"TRUE","lastKnownStatus":"Deceptor: 12.3.0.27","lastKnownDate":"170912","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\",\"Windows Server\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\",\"call center\"]","lastUpdate":"2018-02-15T00:39:28.598391+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2773},{"violations":{"ACR-043":"One or more third party components are installed which are not disclosed to the user in the EULA or landing page.\n","ACR-003":"App flags multiple clean programs as Trojans, misleads user about system compromising.\n","ACR-168":"1.The application displays a support call center phone number , but does not disclose that additional offers may be made on the one-on-one interaction with the user.\r\n2.The application displays a support call center phone number , but does not provide an equally prominent non-interaction option to the user.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"PCMAXAntivirusSetup_regular.exe","isInstaller":"True","companyName":"PC MAX Antivirus","productName":"PC MAX Antivirus","productVersion":"3.5.1","fileVersion":"3.5.1.0","hashMD5":"50897b9aff11c95ecd364328f324004c","hashSHA1":"ee6351e662fdb3f80e66fc9611e5b09c3139f383","hashSHA256":"e76969210534218cd6229953ec4111053eb052f983fef89eb911d246c9c735d6","digitalCertThumbprint":"EEF140381C3C48E966B74C9FF895A9DD6A7B49D1","digitalCertIssuer":"MTI Software Solutions","digitalCertIssuedTo":"MTI Software Solutions","sourceIndex":"3472","dateAdded":"170809","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.pcmaxantivirus.com/","ipv4":"","ipv6":"","sourceIndex":"3472"}],"sampleFiles":[],"imageFiles":["170813/D-PCMAXAntivirus-170808/3.5.1.0/Images/ACR-003/NotTrustWorthyScanningResult.PNG","170813/D-PCMAXAntivirus-170808/3.5.1.0/Images/ACR-043/ACR-043_Install_ThirdPartyComponentsInstalledWithoutDisclosure.mp4","170813/D-PCMAXAntivirus-170808/3.5.1.0/Images/ACR-043/ACR-043_Install_ThirdPartyComponentsInstalledWithoutDisclosure_3.JPG","170813/D-PCMAXAntivirus-170808/3.5.1.0/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170813/D-PCMAXAntivirus-170808/3.5.1.0/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4"],"nonDeceptorImageFiles":[],"guid":"be495cb5-c56b-46c5-a8da-6136acdf53c7_3.5.1.0_1","appID":"D-PCMAXAntivirus-170808","dateAdded":"170813","deceptorType":"App","name":"PC MAX Antivirus","company":"PC MAX Antivirus","version":"3.5.1.0","sigName":"Deceptor:Win32/PCMaxAntivirus!003043168","lastKnownStatus":"Deceptor: 3.5.1","lastKnownDate":"181215","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 10\",\"Windows 8\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\",\"call center\"]","lastUpdate":"2018-12-15T05:41:27.7491694+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2775},{"violations":{"ACR-003":"The app exaggerates \"Driver issues\" as \"Critical\" system impact issue on app purchase page, thereby misleading or scaring the consumer to take action.\nThe app exaggerates \"Driver issues\" as a HIGH system impact issue, thereby misleading or scaring the consumer to take action.\n","ACR-084":"The application creates undisclosed scheduled task \"VersionUpdater.exe\" to perform action without the user's knowledge and consent.\n","ACR-168":"1.The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\r\n2. The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n","ACR-118":"When the consumer attempts to completely uninstall the app, it deliberately retains some of its components \"VersionUpdater.exe\" & \"FileLib.exe\" on the device without the consumer's consent.\n","ACR-122":"The app's component \"VersionUpdater.exe\" remains to be active despite the consumer's attempt to uninstall the app.\n"},"nonDeceptorViolations":{"ACR-003":"The app exaggerates \"Driver issues\" as \"Critical\" system impact issue on app purchase page, thereby misleading or scaring the consumer to take action.\nThe app exaggerates \"Driver issues\" as a HIGH system impact issue, thereby misleading or scaring the consumer to take action.\n","ACR-168":"1.The application/offer displays a support call center phone number or other interactive option, but does not disclose that additional offers may be made on the one-on-one interaction with the consumer.\r\n2. The application/offer displays a support call center phone number or other interactive option, but does not provide an equally prominent non-interaction option to the consumer.\n"},"samples":[{"isRevoked":"False","fileName":"DriverUpdaterInst.exe","isInstaller":"True","companyName":"Monterix","productName":"Driver Updater","productVersion":"11.2.0.12","fileVersion":"11.2.0.12","hashMD5":"c142acf07f619b50ebae72623d7371cd","hashSHA1":"3546e80f21177a38f2b078eacb252625090c4e08","hashSHA256":"3cc202068b224da91c3e78aeb5da1c5d13b6f5c65f094fad4c01c987abfb3c17","digitalCertThumbprint":"A858700679126F51623B26108E83D4E70BF36ED2","digitalCertIssuer":"Monterix LLC","digitalCertIssuedTo":"Monterix LLC","sourceIndex":"3793","dateAdded":"170809","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","reference":"","landingPage":"http://www.driverupdater.software/","ipv4":"","ipv6":"","sourceIndex":"3793"}],"sampleFiles":["170813/D-DriverUpdater-170808/11.2.0.12/Samples/DriverUpdaterInst.exe"],"imageFiles":["170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-003/ACR-003_Internal_Offer_Exaggerates_Driver_Issue_As_Critical.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-003/ACR-003_Software_Exaggerates_Driver_Issue_As_High_Risk.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-003/ACR-003_Software_Exaggerates_Driver_Issue_As_High_Risk.mp4","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-003/PopupAlert.PNG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-084/ACR-084_Software_Undisclosed_Scheduled_Task.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-084/ACR-084_Software_Undisclosed_Scheduled_Task.mp4","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-168/ACR-168_Software_Customer_Care_Number.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-118/ACR-118_Software_Retains_Some_Binaries.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-118/ACR-118_Software_Retains_Some_Binaries.mp4","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-118/ACR-118_Software_Retains_Some_Executables.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-122/ACR-122_Uninstall_VersionUpdater_Remains_Active.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-122/ACR-122_Uninstall_VersionUpdater_Remains_Active.mp4"],"nonDeceptorImageFiles":["170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-003/ACR-003_Internal_Offer_Exaggerates_Driver_Issue_As_Critical.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-003/ACR-003_Software_Exaggerates_Driver_Issue_As_High_Risk.JPG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-003/ACR-003_Software_Exaggerates_Driver_Issue_As_High_Risk.mp4","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-003/PopupAlert.PNG","170813/D-DriverUpdater-170808/11.2.0.12/Images/ACR-168/ACR-168_Software_Customer_Care_Number.JPG"],"guid":"078155ed-dbea-41cd-8fbe-593eb91f0fd1_11.2.0.12_1","appID":"D-DriverUpdater-170808","dateAdded":"170813","deceptorType":"App","name":"DriverUpdater","company":"Monterix","version":"11.2.0.12","sigName":"Deceptor:Win32/DriverUpdater!003084168118122","firstResolvedDate":"170909","firstResolvedVersion":"11.2.0.17","resolved":"TRUE","lastKnownStatus":"Deceptor: 11.2.0.12","lastKnownDate":"170912","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\",\"call center\"]","lastUpdate":"2018-02-15T00:17:58.299555+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2776},{"violations":{"ACR-003":"The application reports identified registry (Empty Value) as errors with exaggerated numbers and portrayed the importance as “High”, thereby misleading or scaring the consumer to take action.\n","ACR-017":"The application fraudulently elevates its consumer trust level by displaying unverifiable endorsements.\nThe application fraudulently elevates its consumer trust level by displaying unverifiable endorsements.\n","ACR-104":"The application redirects consumer's web search queries or clicked URLs without the consumer's knowledge and consent\n","ACR-016":"A displayed ad leads to direct downloading and installation of an application instead of redirecting to a landing page which allows the consumer to make an informed decision whether to accept or decline the offer.\r\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pcspsetupsite.exe","isInstaller":"True","companyName":"                                                            ","productName":"PC-Speedup-Pro","productVersion":"1.0.0.28552","fileVersion":"1.0.0.28552","hashMD5":"28f880225be53319ba9414beef101c99","hashSHA1":"c06f2b24ce441db0a80a42988b18f33f006f15d7","hashSHA256":"ff2677b46d1e1c6173c5e243df8406cc4ec80cb8626657afacee34c6c4907c81","digitalCertThumbprint":"ED8FE194A0EF2B1984C252D5552545B8039BBF28","digitalCertIssuer":"PC Fixer-Tools","digitalCertIssuedTo":"PC Fixer-Tools","sourceIndex":"3473","dateAdded":"170803","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliatetracking","reference":"","landingPage":"","directDownloadingLink":"http://cdn.pcspeeduppro.net/pcspnet/c2/securedl/pcspsetupsite.exe","ipv4":"","ipv6":"","sourceIndex":"3473"}],"sampleFiles":[],"imageFiles":["170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-016/ACR-016_SoftwareDownloadsAutomaticallyWithinApplication.JPG","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-016/ACR-016_SoftwareDownloadsAutomaticallyWithinApplication.mp4","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-003/ACR-003_Software_Exaggerated.mp4","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-003/ACR-003_Software_Exaggerated_1.JPG","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-003/ACR-003_Software_Exaggerated_2.JPG","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-003/ACR-003_Software_Exaggerated_3.JPG","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-003/ACR-003_Software_Exaggerated_4.JPG","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-017/ACR-017_SoftwareMisleadingConsumerRating.JPG","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-017/ACR-017_SoftwareMisleadingConsumerRating.mp4","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-017/ACR-017_Uninstall_MisleadingConsumerRating.JPG","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-017/ACR-017_Uninstall_MisleadingConsumerRating.mp4","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-104/ACR-104_SoftwareHyperlinkRedirectingToADifferentProductLandingPage.JPG","170804/D-PCSpeedupPro-170802/1.0.0.28552/Images/ACR-104/ACR-104_SoftwareHyperlinkRedirectingToADifferentProductLandingPage.mp4"],"nonDeceptorImageFiles":[],"guid":"9a2b8f1d-1534-4870-a9d6-239436be5877_1.0.0.28552_1","appID":"D-PCSpeedupPro-170802","dateAdded":"170804","deceptorType":"App","name":"PC-Speedup-Pro","company":"PC-Speedup-Pro","version":"1.0.0.28552","sigName":"Deceptor:Win32/PCSpeedupPro!003017104016","lastKnownStatus":"Deceptor: 1.0.0.28552","lastKnownDate":"181215","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 8\",\"Windows 7\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-12-15T05:39:30.0654247+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2777},{"violations":{"ACR-109":"\"McAfee Security Scan\" & \"Intel Security True Key\" are installed regardless of the consumer's choice.\n","ACR-042":"An unrelated object \"Weather Buddy\" is installed without the consumer's knowledge or consent.\n","ACR-043":"\"McAfee Security Scan\" & \"Intel Security True Key\" applications are installed which are not disclosed to the consumer.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"flashplayer_setup.exe","isInstaller":"True","productName":"FlashPlayer Setup","productVersion":"1.0.0.0","fileVersion":"1.0.0.0","hashMD5":"6832f7e298b12dcb2c103429ba75fd13","hashSHA1":"1c78106c5a2bce6bfdf9cc479f574e9c111a51d3","hashSHA256":"227d462e988104b318d0bed5a9742d90bc9f4993c7fbe2f6ba5004de35333118","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"3474","dateAdded":"170803","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Affiliatetracking","reference":"","landingPage":"","directDownloadingLink":"https://freesoftwarestation.com/campaign/hitpromise3/?ID=acsh17&sub=acsh17&subid=1525237&S2=15017214380403726695277605522769149","ipv4":"","ipv6":"","sourceIndex":"3474"}],"sampleFiles":[],"imageFiles":["170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-043/ACR-043_Installs_Third_party_applications_which_are_not_disclosed_to_the_user.JPG","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-109/ACR-109_Installs_App_regardless_of_the_consumer's_choice.JPG","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-109/ACR-109_Installs_App_regardless_of_the_consumer's_option.JPG","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-109/ACR-109_Installs_Application_regardless_of_the_consumer's_choice.JPG","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-109/ACR-109_Installs_Application_regardless_of_the_consumer's_choice.mp4","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-042/ACR-042_Installs_WeatherBuddy_is_installed_without_the_user's_concent.JPG","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-042/ACR-042_Installs_WeatherBuddy_is_installed_without_the_user's_consent.mp4","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-042/ACR-042_Installs_WeatherBuddy_is_installed_without_the_user's_knowledge.JPG"],"nonDeceptorImageFiles":["170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-042/ACR-042_Installs_WeatherBuddy_is_installed_without_the_user's_concent.JPG","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-042/ACR-042_Installs_WeatherBuddy_is_installed_without_the_user's_consent.mp4","170804/D-FakeFlash-170802/1.0.0.0/Images/ACR-042/ACR-042_Installs_WeatherBuddy_is_installed_without_the_user's_knowledge.JPG"],"guid":"a0269e71-ba34-43ab-9e8a-1194dbad336a_1.0.0.0_1","appID":"D-FakeFlash-170802","dateAdded":"170804","deceptorType":"App","name":"flashplayer_setup.exe","company":"flashplayer_setup.exe","version":"1.0.0.0","sigName":"Deceptor:Win32/FakeFlash!109043042","lastKnownStatus":"Deceptor: 1.0.0.0","lastKnownDate":"181215","type":"Windows Executable","category":"[\"Bundlers & Downloaders\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"cross-sell other apps\"]","lastUpdate":"2018-12-15T05:38:17.5663082+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2778},{"violations":{"ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from scanning on startup from the software interface.\n\n","ACR-014":"The value claims of App is not substantiated and not truthful.  \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-160":"The application does not use a certified call center to monetize the app.\n\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-120":"After uninstalling application a webpage opens with information stating that consumer can get 50% discount for the same program.\n\n","ACR-168":"The application displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n\n"},"samples":[{"isRevoked":"False","fileName":"driverupdaterplus_site.exe","isInstaller":"True","companyName":"Jawego Partners LLC                                         ","fileVersion":"2.81","hashMD5":"04f0b3d14e4b8deaeee7cf05fc1e2a39","hashSHA1":"54f93bd8e97314618386dd73e0339e359a6b7720","hashSHA256":"5f9a8a0a054da181a811460452acb2d01d014fecb92fac1ad7135d71cf41da2d","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"389","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"dup.exe","isInstaller":"True","companyName":"Jawego Partners LLC","fileVersion":"2.81","hashMD5":"91f4e388df0723c641836e641d8f4891","hashSHA1":"d44943914606e08bcf554c2d2814a4ef52fde3f5","hashSHA256":"eb5a51ce1073adaef74dfc8eae198f1ec6d5772cba5276bf2234c6917da2dc69","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"389","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.driverupdaterplus.com/downloadnow","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/driverupdaterplus/setups/driverupdaterplus_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/driverupdaterplus/setups/driverupdaterplus_site.exe","sourceIndex":"389"}],"sampleFiles":["170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Samples/driverupdaterplus_site.exe","170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Samples/dup.exe"],"imageFiles":["170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-084/acr_084.PNG","170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-014/DU_014.PNG"],"nonDeceptorImageFiles":["170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-065/acr_065_S.PNG","170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-160/one_one_S.PNG","170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-099/acr_099_S.PNG","170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-099/acr_099_LP.PNG","170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-099/acr_099_IO.PNG","170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-168/one_one_lp.PNG","170802/D-DriverUpdaterPlus-170621/2.81.1086.17597/Images/ACR-120/re-advertise.PNG"],"guid":"52f21798-82c2-4edc-a718-aa5ec99da0bb_2.81.1086.17597_1","appID":"D-DriverUpdaterPlus-170621","dateAdded":"170802","deceptorType":"App","name":"DriverUpdaterPlus","company":"SYS SECURE PC SOFTWARE LLP","version":"2.81.1086.17597","sigName":"Deceptor:Win32/Driverupdaterplus!014084","lastKnownStatus":"Deceptor:2.81.1086.17597","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T23:19:48.8411323+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2780},{"violations":{"ACR-043":"Third party component installed are not disclosed in EULA or during installation.\n","ACR-084":"App creates scheduled task for \"Auto Startup\", though \"Launch at window startup and start a driver scan\" option is checked out in app settings. \n","ACR-168":"No disclosure about additional offers may be made during phone call support, and no non-interactive option provided together with interactive option\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"driverupdaterplus_site.exe","isInstaller":"True","companyName":"Jawego Partners LLC","productName":"Driver Updater Plus","productVersion":"2.7.1086.17187","fileVersion":"Driver Updater Plus","hashMD5":"089ae72e096185f10cb59f459af99134","hashSHA1":"722cd60127603c8a283d02b565e3ba5c7f3e01db","hashSHA256":"6506d7762c7cbe3b356877b6c4d4d4ca86bc6eee84aa1ccf7a93d8f0893f07ff","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"SYS SECURE PC SOFTWARE LLP","sourceIndex":"388","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Complaint","reference":"https://safecart.pissedconsumer.com/newest-member-of-screwed-by-safe-cart-201703081018237.html?b5187&utm_expid=139295969-18.9Xi-IQvtSiu4tFzKTeGu_A.1&utm_referrer=https%3A%2F%2Fsafecart.pissedconsumer.com%2F","landingPage":"http://www.driverupdaterplus.com/","ipv4":"","ipv6":"","sourceIndex":"388"}],"sampleFiles":[],"imageFiles":["170802/D-DriverUpdaterPlus-170621/2.7.1086.17187/Images/ACR-043/ACR-043_Install_ThirdPartyComponent.JPG","170802/D-DriverUpdaterPlus-170621/2.7.1086.17187/Images/ACR-043/ACR-043_Install_ThirdPartyComponent.mp4","170802/D-DriverUpdaterPlus-170621/2.7.1086.17187/Images/ACR-084/ACR-084_Software_scheduledTaskForAutoStartup.JPG","170802/D-DriverUpdaterPlus-170621/2.7.1086.17187/Images/ACR-084/ACR-084_Software_scheduledTaskForAutoStartup.mp4","170802/D-DriverUpdaterPlus-170621/2.7.1086.17187/Images/ACR-168/NoDiscosureAdditionalOfferMayApply.PNG"],"nonDeceptorImageFiles":[],"guid":"52f21798-82c2-4edc-a718-aa5ec99da0bb_2.7.1086.17187_1","appID":"D-DriverUpdaterPlus-170621","dateAdded":"170802","deceptorType":"App","name":"DriverUpdaterPlus","company":"SYS SECURE PC SOFTWARE LLP","version":"2.7.1086.17187","sigName":"Deceptor:Win32/DriverUpdaterPlus!168084043","lastKnownStatus":"Deceptor:2.81.1086.17597","lastKnownDate":"241105","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2024-11-05T23:20:58.935969+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2779},{"violations":{"ACR-109":" \"Search Manager\" Chrome extension is installed regardless of the consumer's choice.\n","ACR-042":"An unrelated object (\"Search Manager\" Chrome extension) is installed without providing option for user to choose and get consumer's consent.\n","ACR-047":"The installer prompts the user to resume a previously cancelled installation by creating shortcut \"Continue HD Video Play\" on the desktop.\n","ACR-048":"Installer proceeds to install, even if the consumer select \"No\" at UAC prompt.\n","ACR-051":"\"Search Manage\" chrome extension doesn't exist in chrome extension store, It is installed via non standard API \n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"HDVideoPlayer.exe","isInstaller":"True","companyName":"Astro Network (Alpha Criteria Ltd.)","productName":"Lereg","productVersion":"3.2.2","fileVersion":"3.3.1.6","hashMD5":"3fa592adda30b3c2564b022aa891dce5","hashSHA1":"4f65ad1477ad4e048691ed28a0ebde94a557f0c6","hashSHA256":"1e050b42de30d23511fd067d82999aa09be3926e41e743bd83cd8d92795cedc0","digitalCertThumbprint":"95da403811a09ac5cbf10156fcc401710f682e05","digitalCertIssuer":"IL, Tel-Aviv, Astro Network (Alpha Criteria Ltd.), Astro Network (Alpha Criteria Ltd.)","digitalCertIssuedTo":"IL, Tel-Aviv, Astro Network (Alpha Criteria Ltd.), Astro Network (Alpha Criteria Ltd.)","sourceIndex":"3475","dateAdded":"170807","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"HDSetup_0237163857.exe","isInstaller":"True","companyName":"                                                            ","productName":"Mab","productVersion":"2.1","fileVersion":"5.4.1.6","hashMD5":"9339231e0814a898e537c42c5d52b0ac","hashSHA1":"6b74276f0c03415448872050b450cd01587ed0d7","hashSHA256":"81abc21cba0607db78915ca74c42b9b13faa936e824679975dd40acc345fc595","digitalCertThumbprint":"NA","digitalCertIssuer":"NA","digitalCertIssuedTo":"NA","sourceIndex":"3476","dateAdded":"170729","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"HDVideoPlayer.exe","isInstaller":"True","companyName":"Astro Network (Alpha Criteria Ltd.)","productName":"Lereg","productVersion":"3.2.2","fileVersion":"3.3.1.6","hashMD5":"3fa592adda30b3c2564b022aa891dce5","hashSHA1":"4f65ad1477ad4e048691ed28a0ebde94a557f0c6","hashSHA256":"1e050b42de30d23511fd067d82999aa09be3926e41e743bd83cd8d92795cedc0","digitalCertThumbprint":"95da403811a09ac5cbf10156fcc401710f682e05","digitalCertIssuer":"IL, Tel-Aviv, Astro Network (Alpha Criteria Ltd.), Astro Network (Alpha Criteria Ltd.)","digitalCertIssuedTo":"IL, Tel-Aviv, Astro Network (Alpha Criteria Ltd.), Astro Network (Alpha Criteria Ltd.)","sourceIndex":"3476","dateAdded":"170807","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"HDVideoPlayer.exe","isInstaller":"True","companyName":"Astro Network (Alpha Criteria Ltd.)","productName":"Lereg","productVersion":"3.2.2","fileVersion":"3.3.1.6","hashMD5":"3fa592adda30b3c2564b022aa891dce5","hashSHA1":"4f65ad1477ad4e048691ed28a0ebde94a557f0c6","hashSHA256":"1e050b42de30d23511fd067d82999aa09be3926e41e743bd83cd8d92795cedc0","digitalCertThumbprint":"95da403811a09ac5cbf10156fcc401710f682e05","digitalCertIssuer":"IL, Tel-Aviv, Astro Network (Alpha Criteria Ltd.), Astro Network (Alpha Criteria Ltd.)","digitalCertIssuedTo":"IL, Tel-Aviv, Astro Network (Alpha Criteria Ltd.), Astro Network (Alpha Criteria Ltd.)","sourceIndex":"3477","dateAdded":"170807","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"","landingPage":"","directDownloadingLink":"http://getupgrade.yourfreetoupdatingsite.download/?pcl=FNzGJEYlZMCjYdBaeEshPNn1ZxY2cTFGETFARQnc6h4.&cid=15012124121114560520181007515144114&pubid=409893&v_id=ywHxKHdt3ae-FU-AJCFsAgbhdXc-0gEE0pP7rdq9Fu0.","ipv4":"","ipv6":"","sourceIndex":"3475"},{"howFound":"Hunt.Advertising","reference":"search for flash","landingPage":"http://adexc.net/networking/?ref_prm=4404&cid=1501284545311021441993217407778738&pubid=357917&ad_spv=919","directDownloadingLink":"http://app4com.thebest4updatesgame.download/?pcl=1HD24BkAhZoQJkj2Mc22t9V74WLwTpUo3WiqQ60DmAw.&cid=1501284545311021441993217407778738&pubid=357917&v_id=AjQV7ghaXtPI1VcXjzo4uCAo1w4ZI9Wz8ZbtRQJcLo4.","ipv4":"","ipv6":"","sourceIndex":"3476"},{"howFound":"Hunt.Advertising","reference":"search for flash","landingPage":"http://8iom.plainingibwtn.download/71328/195/uunc","ipv4":"","ipv6":"","sourceIndex":"3477"}],"sampleFiles":[],"imageFiles":["170801/D-HDSetupDownloader-170728/2.1/Images/ACR-109/ACR-109_Installs_Search_Manager_Extension_Added.JPG","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-109/ACR-109_Installs_Search_Manager_Extension_Added.mp4","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-109/ACR-109_Installs_Yahoo_Powered_Search_Manager.JPG","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-047/ACR-047_Installs_Resume_Cancelled_Installation.JPG","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-048/ACR-048_Installs_Even_When_User_Selects_No.JPG","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-048/ACR-048_Installs_Even_When_User_Selects_No.mp4","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-051/HDSetupSearchManageExtNotStandardedInstall.PNG","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-042/ACR-042_Installs_Without_User_Consent.JPG","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-042/ACR-042_Installs_Without_User_Consent1.JPG"],"nonDeceptorImageFiles":["170801/D-HDSetupDownloader-170728/2.1/Images/ACR-042/ACR-042_Installs_Without_User_Consent.JPG","170801/D-HDSetupDownloader-170728/2.1/Images/ACR-042/ACR-042_Installs_Without_User_Consent1.JPG"],"guid":"44cbcccd-9e5a-4611-adfd-7a3db5be3ec3_2.1_1","appID":"D-HDSetupDownloader-170728","dateAdded":"170801","deceptorType":"App","name":"HDSetup.exe","company":"n/a","version":"2.1","sigName":"Deceptor:Win32/HDSetupDownloader!109042047048051","lastKnownStatus":"Deceptor: 2.1","lastKnownDate":"181215","type":"Windows Executable","category":"Bundlers & Downloaders","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"Chrome","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"none","lastUpdate":"2018-12-15T05:37:26.0121094+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2781},{"violations":{"ACR-003":"Upon scan completion the software gives a voice prompt which telling the consumer that the program has detected problems on the computer\".\n","ACR-017":"The application's installer elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"There are no links on the software that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThere are no links on the internal offer that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app's landing page provides a phone number for one-to-one interaction to receive support and does not display a non-interactive support option as prominent as the one-to-one interaction option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\nThe application's internal offer has no link or information that shows how it can be uninstalled.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app at a 50% discount.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"existing deceptor review","landingPage":"http://pccleanplus.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/pccleanplus/setups/pccpsetup_p9jwsite.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/pccleanplus/setups/pccpsetup_p9jwsite.exe","sourceIndex":"3584"}],"sampleFiles":[],"imageFiles":["170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-003/ACR-003_software.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-003/ACR-003_software1.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-017/ACR-017_install.JPG"],"nonDeceptorImageFiles":["170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-065/ACR-065_software.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-065/ACR-065_internaloffer.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-161/ACR-161_landingpage.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-163/ACR-163_landingpage.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-088/ACR-088_software.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-099/ACR-099_software.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-099/ACR-099_internaloffer.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-168/ACR-168_landingpage.JPG","170731/D-PCCleanPlus-170728/3.36.99.1001/Images/ACR-120/ACR-120_uninstall.JPG"],"guid":"65f5f500-c3e9-4b19-ac14-b924889ee657_3.36.99.1001_1","appID":"D-PCCleanPlus-170728","dateAdded":"170731","deceptorType":"App","name":"PC Clean Plus","company":"pccleanplus.com","version":"3.36.99.1001","sigName":"Deceptor:Win32/PCCleanPlus!003017","lastKnownStatus":"Deceptor:3.18.99.753","lastKnownDate":"171030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-07-02T19:58:57.6473826+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":3,"sortOrder":2165},{"violations":{"ACR-003":"The application exaggerates missing registry, files as an error and portrays the registry damage level as “Medium”, thereby misleading or scaring the user to take action.\n","ACR-017":"The application fraudently elevates its user trust level by displaying  unverifiable Ratings.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"1.The application displays a support call center phone number , but does not disclose that additional offers may be made on the one-on-one interaction with the user.\r\n2.The application displays a support call center phone number , but does not provide an equally prominent non-interaction option to the user.\n","ACR-057":"The application fails to provide the user with clear and simple options to  decline (Free photo studio) associated offer during the payment process.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"pccpsetup_p9jwsite.exe","isInstaller":"True","companyName":"pccleanplus.com","productName":"PC Clean Plus","productVersion":"3.6","fileVersion":"PC Clean Plus","hashMD5":"5f0766297a6b1f023df6bb850b4eef2e","hashSHA1":"0368bfbc8faedff5b1baefce5b0fcd82cce8a603","hashSHA256":"b119e5ba0e145d29871e13905c42b76a34c5645a635ae6abb864de8dba008c3c","digitalCertThumbprint":"0F634001CE6585F3BA9EFECDCE021D7386BC0299","digitalCertIssuer":"Jawego Partners LLC","digitalCertIssuedTo":"Jawego Partners LLC","sourceIndex":"3579","dateAdded":"170729","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"AfterDownload.com thank you page","landingPage":"http://pccleanplus.com/","ipv4":"","ipv6":"","sourceIndex":"3579"}],"sampleFiles":[],"imageFiles":["170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-057/ACR-057_InternalOffer_OfferNotClear.mp4","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-057/ACR-057_InternalOffer_OfferNotClear_1.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-057/ACR-057_InternalOffer_OfferNotClear_2.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser.mp4","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser_1.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser_2.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser_3.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser_4.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser_5.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-017/ACR-017_Software_UnverifiableRating.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-017/ACR-017_Software_UnverifiableRating.mp4","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.mp4","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170731/D-PCCleanPlus-170728/3.6.99.402/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4"],"nonDeceptorImageFiles":[],"guid":"65f5f500-c3e9-4b19-ac14-b924889ee657_3.6.99.402_1","appID":"D-PCCleanPlus-170728","dateAdded":"170731","deceptorType":"App","name":"PC Clean Plus","company":"pccleanplus.com","version":"3.6.99.402","sigName":"Deceptor:Win32/PCCleanPlus!003084017168057","lastKnownStatus":"Deceptor:3.18.99.753","lastKnownDate":"171030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,call center","lastUpdate":"2018-07-03T15:22:19.3909917+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":3,"sortOrder":2163},{"violations":{"ACR-003":" The application exaggerates missing registry, files as an error and portrays the registry damage level as “Medium”, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n"},"nonDeceptorViolations":{"ACR-065":"Software is missing Eula and privacy policy link.\n","ACR-160":"Tried calling the call center and there was no answer.There was a machine saying to leave a message.\n","ACR-099":"Landing page is missing Uninstall link.\nsoftware is missing Uninstall link.\n","ACR-120":"The same app was re-advertised with a 50% OFF which would make consumers fell they were cheated earlier as well as it being confusing. \n"},"samples":[{"isRevoked":"False","fileName":"PC Clean Plus.exe","isInstaller":"True","companyName":"SUPER TUNEUP TECHNOLOGIES LLP","productName":"PC Clean Plus","productVersion":"3.18.99.753","fileVersion":"3.6.0.0 ","hashMD5":"520731607a386e6c7df63690bdcc605d","hashSHA1":"4ce545b9845b8b1b9829b0271742076410556bbf","hashSHA256":"9739d22edf7335a6e1d7225879b2a35f442b5f7b96fc83210efec4e0ba39a80c","digitalCertThumbprint":"2010AF29CA66CA330A3A06C5AC610061E4BD9A16","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"SUPER TUNEUP TECHNOLOGIES LLP","sourceIndex":"3583","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Search","reference":"","landingPage":"http://pccleanplus.com/","directDownloadingLink":"http://cdn.pccleanplus.com/js/pccleanplus/cf/pccp/setup/pccpsetup_p9jwsite.exe","ipv4":"","ipv6":"","sourceIndex":"3583"}],"sampleFiles":["170731/D-PCCleanPlus-170728/3.18.99.753/Samples/pccpsetup_p9jwsite.exe"],"imageFiles":["170731/D-PCCleanPlus-170728/3.18.99.753/Images/ACR-003/acr_003.PNG","170731/D-PCCleanPlus-170728/3.18.99.753/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["170731/D-PCCleanPlus-170728/3.18.99.753/Images/ACR-120/re_advertized.PNG"],"guid":"65f5f500-c3e9-4b19-ac14-b924889ee657_3.18.99.753_1","appID":"D-PCCleanPlus-170728","dateAdded":"170731","deceptorType":"App","name":"PC Clean Plus","company":"pccleanplus.com","version":"3.18.99.753","sigName":"Deceptor:Win32/PCCleanPlus!003084","lastKnownStatus":"Deceptor:3.18.99.753","lastKnownDate":"171030","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-07-02T20:02:40.1438711+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":3,"sortOrder":2164},{"violations":{"ACR-003":"The application exaggerates  missing registry, files as an error and portrays the registry damage level as “Medium”, thereby misleading or scaring the user to take action.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent.\n","ACR-168":"1.The application displays a support call center phone number , but does not disclose that additional offers may be made on the one-on-one interaction with the user.\r\n2.The application displays a support call center phone number , but does not provide an equally prominent non-interaction option to the user.\n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains some of its components on the device without the user's consent.\n","ACR-057":"The application fails to provide the user with clear and simple options to  decline (Free photo studio)  associated offer during the payment process.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"setup.exe","isInstaller":"True","companyName":"www.singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.693","fileVersion":"PC Optimizer","hashMD5":"e61de4f98d7efa94a3bb2ea4ff53f90e","hashSHA1":"ef07f302337f1eb170c88cad4424549b2e01586c","hashSHA256":"ea1fb132445db86075cb5eabbf35937dbccc3964f8a116c87e315a4fccd0e295","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"SYS SECURE PC SOFTWARE LLP","sourceIndex":"2556","dateAdded":"170728","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptimizer.exe","companyName":"singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.693","fileVersion":"7.2.0.693","hashMD5":"7f7051a5b71970ecdb01d0df6f058d57","hashSHA1":"d975be4a80f789350b165e86975420cacc776c44","hashSHA256":"d6361365564bf516783ef8875341c8f90ceb8ee61486e951dc9c4e6907a1ac3a","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"SYS SECURE PC SOFTWARE LLP","sourceIndex":"2556","dateAdded":"170728","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptimizer_BCE3.exe","companyName":"www.singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.705","fileVersion":"PC Optimizer","hashMD5":"bce33aa4441b674fe2c767fe8ebbf8a4","hashSHA1":"3021df02a8949047ad3d046c07f286f0d1a5c944","hashSHA256":"409799c68c89f7da0927bc48a5407e8751deeb5a23f77e2016afb2d3e5a57901","digitalCertThumbprint":"2142de9b6ba4c7bb42844fc02fbfe987e1b74d8c","digitalCertIssuer":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","sourceIndex":"2556","dateAdded":"170810","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptimizer.exe","companyName":"singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.693","fileVersion":"7.2.0.693","hashMD5":"7f7051a5b71970ecdb01d0df6f058d57","hashSHA1":"d975be4a80f789350b165e86975420cacc776c44","hashSHA256":"d6361365564bf516783ef8875341c8f90ceb8ee61486e951dc9c4e6907a1ac3a","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"SYS SECURE PC SOFTWARE LLP","sourceIndex":"2557","dateAdded":"170728","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_A0C7.exe","isInstaller":"True","companyName":"www.singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.693","fileVersion":"PC Optimizer","hashMD5":"a0c72c0f8b8adaec44a49af47ba707c9","hashSHA1":"eb3bf10064dd9d580f101154791a002da86884bf","hashSHA256":"762ba3c9c363970809dd462e04d2eddcbd47dbb43b8775d29851b2e5284e0be2","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"SYS SECURE PC SOFTWARE LLP","sourceIndex":"2557","dateAdded":"170802","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_34B8.exe","isInstaller":"True","companyName":"www.singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.705","fileVersion":"PC Optimizer","hashMD5":"34b82a866555227b14d583b6092b9c7e","hashSHA1":"38ebe6c66cb8f982c7aa86b9194a9dee1f4dd99d","hashSHA256":"45d9275e9133a93d1df57f279a5599575674ca65b0ae02b62f7dcad6922edf69","digitalCertThumbprint":"2142de9b6ba4c7bb42844fc02fbfe987e1b74d8c","digitalCertIssuer":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","sourceIndex":"2557","dateAdded":"170808","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_8CEC.exe","isInstaller":"True","companyName":"www.singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.705","fileVersion":"PC Optimizer","hashMD5":"8cec88c4c456d7ff72ff03821eb2c47e","hashSHA1":"38e39e1ccc948994526d6c8d9d9c403c1ee589a6","hashSHA256":"28f7e027cb79c71cc479bf75dcb332c94034b843169a047c866b44291adc0d1f","digitalCertThumbprint":"2142de9b6ba4c7bb42844fc02fbfe987e1b74d8c","digitalCertIssuer":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","sourceIndex":"2557","dateAdded":"170810","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptimizer_BCE3.exe","companyName":"www.singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.705","fileVersion":"PC Optimizer","hashMD5":"bce33aa4441b674fe2c767fe8ebbf8a4","hashSHA1":"3021df02a8949047ad3d046c07f286f0d1a5c944","hashSHA256":"409799c68c89f7da0927bc48a5407e8751deeb5a23f77e2016afb2d3e5a57901","digitalCertThumbprint":"2142de9b6ba4c7bb42844fc02fbfe987e1b74d8c","digitalCertIssuer":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","sourceIndex":"2557","dateAdded":"170810","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptimizer.exe","companyName":"singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.693","fileVersion":"7.2.0.693","hashMD5":"7f7051a5b71970ecdb01d0df6f058d57","hashSHA1":"d975be4a80f789350b165e86975420cacc776c44","hashSHA256":"d6361365564bf516783ef8875341c8f90ceb8ee61486e951dc9c4e6907a1ac3a","digitalCertThumbprint":"2142DE9B6BA4C7BB42844FC02FBFE987E1B74D8C","digitalCertIssuer":"SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"SYS SECURE PC SOFTWARE LLP","sourceIndex":"2558","dateAdded":"170728","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pcoptimizer_BCE3.exe","companyName":"www.singleclickoptimizer.com","productName":"PC Optimizer","productVersion":"7.2.0.705","fileVersion":"PC Optimizer","hashMD5":"bce33aa4441b674fe2c767fe8ebbf8a4","hashSHA1":"3021df02a8949047ad3d046c07f286f0d1a5c944","hashSHA256":"409799c68c89f7da0927bc48a5407e8751deeb5a23f77e2016afb2d3e5a57901","digitalCertThumbprint":"2142de9b6ba4c7bb42844fc02fbfe987e1b74d8c","digitalCertIssuer":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","digitalCertIssuedTo":"IN, Rajasthan, Jaipur, SYS SECURE PC SOFTWARE LLP, SYS SECURE PC SOFTWARE LLP","sourceIndex":"2558","dateAdded":"170810","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Ads generated http://getupgrade.yourfreetoupdatingsite.download/thankyou.php?channel_id=8003","landingPage":"http://www.singleclickoptimizer.com/1072/1072st/?utm_source=1072&utm_campaign=1072sco&utm_pubid=585&clickid=NTg1fDEyNDYwMHxVU3wzfDF8fHw1NWk0amlwMmdvYWt8fA&campid=10451","ipv4":"","ipv6":"","sourceIndex":"2556"},{"howFound":"Hunt.Advertising","reference":"Ads generated http://getupgrade.yourfreetoupdatingsite.download/thankyou.php?channel_id=8003","landingPage":"http://www.singleclickoptimizer.com/","ipv4":"","ipv6":"","sourceIndex":"2557"},{"howFound":"","reference":"","landingPage":"","ipv4":"","ipv6":"","sourceIndex":"2558"}],"sampleFiles":["170729/D-SingleClickOptimizer-170727/7.2.0.693/Samples/pcoptimizer_BCE3.exe","170729/D-SingleClickOptimizer-170727/7.2.0.693/Samples/setup.exe","170729/D-SingleClickOptimizer-170727/7.2.0.693/Samples/setup_34B8.exe","170729/D-SingleClickOptimizer-170727/7.2.0.693/Samples/setup_8CEC.exe"],"imageFiles":["170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-057/ACR-057_InternalOffer_InspiteOfOfferingAnOptionToOptOutForTheFreeProductItDoesNotOptOutDuringPayment.mp4","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-057/ACR-057_InternalOffer_OfferNotClear_1.JPG","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-057/ACR-057_InternalOffer_OfferNotClear_2.JPG","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser.mp4","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser_1.JPG","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-003/ACR-003_Software_ExaggeratedRegistryErrorsAndScanResultScaresTheUser_2.JPG","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.JPG","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-084/ACR-084_Software_ScheduledTaskCreatedWithoutUserConsent.mp4","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.JPG","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-168/ACR-168_Software_RequireDisclosureAboutAdditionalOffersThatWillBeProvidedDuringPhoneCallAndRequireAnEquallyProminentNonInteractiveOption.mp4","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-118/ACR-118_Uninstall_RetainsExecutableOnTheSystemWithoutUserConsent.JPG","170729/D-SingleClickOptimizer-170727/7.2.0.693/Images/ACR-118/ACR-118_Uninstall_RetainsExecutableOnTheSystemWithoutUserConsent.mp4"],"nonDeceptorImageFiles":[],"guid":"ea2322b2-0a58-4641-b899-1489b71ce703_7.2.0.693_1","appID":"D-SingleClickOptimizer-170727","dateAdded":"170729","deceptorType":"App","name":"PC Optimizer","company":"SYS SECURE PC SOFTWARE LLP","version":"7.2.0.693","sigName":"Deceptor:Win32/SingleClickOptimizer!003084168118057","lastKnownStatus":"Deceptor: 7.2.0.705","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,call center","lastUpdate":"2020-02-04T00:37:12.696016+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2782},{"violations":{"ACR-048":"App does not provide option for user to disable scheduled scanning, limits the user ability to disable scanning task.\n","ACR-003":"Exaggerated alerting message, misleading urgency for use to take action.\n"},"nonDeceptorViolations":{"ACR-003":"Exaggerated alerting message, misleading urgency for use to take action.\n"},"samples":[{"isRevoked":"False","fileName":"PCSpeedMaximizer.exe","isInstaller":"True","companyName":"Avanquest Software","productName":"PC Speed Maximizer","productVersion":"4.1","fileVersion":"4.1","hashMD5":"11620fc9b5ce635edaf9aec56f2048a0","hashSHA1":"a6f7866104498cc614b19595ab42cac000d53381","hashSHA256":"074e31771686ff82d9e2c9dbab6c0be180eea63b001e202d26cae50ad0c43b71","digitalCertThumbprint":"FA613B842AAABBE881761B58721B45EE0ABEF778","digitalCertIssuer":"AVANQUEST SOFTWARE","digitalCertIssuedTo":"AVANQUEST SOFTWARE","sourceIndex":"3767","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"App has low reputation in forum discussion should I remove it","landingPage":"http://www.pcspeedmaximizer.com/","ipv4":"","ipv6":"","sourceIndex":"3767"}],"sampleFiles":["170726/D-PCSpeedMaximizer-170611/4.1/Samples/PCSpeedMaximizer.exe"],"imageFiles":["170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-048/ForceToChooseScheduledScanning.PNG","170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-003/PCSpeedMaximizerFixWarning.PNG","170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-003/PCSpeedMaximizerScanningResult.PNG","170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-168/ACR-168_InternalOffers_CallCenterNumberDisclose.JPG","170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-168/ACR-168_InternalOffers_CallCenterNumberDisclosure.mp4"],"nonDeceptorImageFiles":["170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-003/PCSpeedMaximizerFixWarning.PNG","170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-003/PCSpeedMaximizerScanningResult.PNG","170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-168/ACR-168_InternalOffers_CallCenterNumberDisclose.JPG","170726/D-PCSpeedMaximizer-170611/4.1/Images/ACR-168/ACR-168_InternalOffers_CallCenterNumberDisclosure.mp4"],"guid":"28d5f97e-f547-4a70-91d9-51c22e0ea4e8_4.1_1","appID":"D-PCSpeedMaximizer-170611","dateAdded":"170726","deceptorType":"App","name":"PCSpeedMaximizer","company":"Avanquest Software","version":"4.1","sigName":"Deceptor:Win32/PCSpeedMaximizer!003048","firstVendorContactDate":"170802","firstAppEsteemReplyDate":"170802","firstResolvedDate":"170808","firstResolvedVersion":"NotDeceptor: 4.3.0.0","resolved":"TRUE","lastKnownStatus":"Deceptor: 4.1","lastKnownDate":"170909","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 10\",\"Windows 7\",\"Windows 8\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"Child appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-02-15T00:25:00.5000043+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2783},{"violations":{"ACR-003":"Scan result Shown as \"Problem issue\" without showing  details of the issues to end user.\n","ACR-168":"Additional offer may be made during customer phone call is not disclosed\nAdditional offer during customer support phone call is not disclosed.\n","ACR-057":"Bundled free software can't be de-selected\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SystemBooster.exe","isInstaller":"True","companyName":"oTweak Software, LLC","productName":"SystemBooster","hashMD5":"59078f619b0f3019076c4c0442bd1ef5","hashSHA1":"7afc749e14fd207ad584da03264e920fdeb91bdd","hashSHA256":"874acbc13626eba21aa7920ad944392aee4bde6f44f5a67231180ceabcb6f413","digitalCertThumbprint":"d7a9812afab49f3994272d2d5e89175721cc0b94","digitalCertIssuer":"Private Organization, 1156196030110, RU, Rostovskaya Oblast, RU, Rostovskaya Oblast, Rostov-on-Don, Dneprovski 124b-75, \"oTweak Software, LLC\", \"oTweak Software, LLC\"","digitalCertIssuedTo":"Private Organization, 1156196030110, RU, Rostovskaya Oblast, RU, Rostovskaya Oblast, Rostov-on-Don, Dneprovski 124b-75, \"oTweak Software, LLC\", \"oTweak Software, LLC\"","sourceIndex":"3504","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SystemBooster.exe","isInstaller":"True","companyName":" n/a","productName":" n/a","productVersion":" n/a","fileVersion":" n/a","hashMD5":"59078f619b0f3019076c4c0442bd1ef5","hashSHA1":"7afc749e14fd207ad584da03264e920fdeb91bdd","hashSHA256":"874acbc13626eba21aa7920ad944392aee4bde6f44f5a67231180ceabcb6f413","digitalCertThumbprint":"D7A9812AFAB49F3994272D2D5E89175721CC0B94","digitalCertIssuer":"GlobalSign Extended Validation CodeSigning CA - SHA256 - G3","digitalCertIssuedTo":"oTweak Software, LLC","sourceIndex":"3504","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertise","reference":"Ads promoted in MediaGet app","landingPage":"http://www.omnitweak.com/sbp/details/","ipv4":"","ipv6":"","sourceIndex":"3504"}],"sampleFiles":[],"imageFiles":["170721/D-SystemBoosterOmniTweak-170618/10.1.0.7/Images/ACR-057/ACR-057_Internal_offer_NoWayToRejectFreeSoftwareOffer.JPG","170721/D-SystemBoosterOmniTweak-170618/10.1.0.7/Images/ACR-057/ACR-057_Internal_offer_NoWayToRejectOffer_&_ACR-007_HyperLinkToVerifyLogo.mp4","170721/D-SystemBoosterOmniTweak-170618/10.1.0.7/Images/ACR-003/ff57c541201bd6f937de0e5cc2c1d04cd48c1f8c3186fd1a474a2ad5c4131098.jpg","170721/D-SystemBoosterOmniTweak-170618/10.1.0.7/Images/ACR-003/86e7d5dd567e0a91bbd3fd04388149f9301c62a9e3a82859ad5a42604d8fa8f2.mp4","170721/D-SystemBoosterOmniTweak-170618/10.1.0.7/Images/ACR-003/9d3b02f9b57ff79eeb010b2226b4ceb2f5c5dc673865ea5a97b3a3b0755a4666.jpg","170721/D-SystemBoosterOmniTweak-170618/10.1.0.7/Images/ACR-168/dc73e0cfb286bbc79651445548c7c06f292646647ec959601b70e6eddc744123.jpg","170721/D-SystemBoosterOmniTweak-170618/10.1.0.7/Images/ACR-168/55fcad184bf9144dd9968344dfcfb3d1ef2778add4d0a2a9416d9016ceb9bf5e.jpg","170721/D-SystemBoosterOmniTweak-170618/10.1.0.7/Images/ACR-168/710deb45d855d771b69e18f082a82d90f07295f60b2decc15f57f94b81f9418f.jpg"],"nonDeceptorImageFiles":[],"guid":"f294d82f-63e7-49d8-ae26-16ce748e2e12_10.1.0.7_1","appID":"D-SystemBoosterOmniTweak-170618","dateAdded":"170721","deceptorType":"App","name":"SystemBooster","company":"Tweak Software, LLC","version":"10.1.0.7","sigName":"Deceptor:Win32/SystemBooster!003168","firstVendorContactDate":"180629","firstAppEsteemReplyDate":"180629","firstResolvedDate":"180629","firstResolvedVersion":"10.2.0.3","resolved":"TRUE","lastKnownStatus":"Deceptor: 10.1.0.7","lastKnownDate":"180629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-11-29T02:35:09.5639962+00:00","notDistributed":false,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2784},{"violations":{"ACR-043":"Component digitally signed by third party is installed without being disclosed to the user in any document.E.g. lua5.1.dll.\n","ACR-048":"The application starts downloading the update automatically after “3 Seconds”, despite the user selecting “Upgrade Now” or “Remind me later’ options.\n","ACR-083":"The application uses its update mechanism to install another app without user's action.\n","ACR-118":"When the user attempts to completely uninstall the application, it deliberately retains some of its components on the device without the user's consent.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"Speeditupfree-SecureDownload.exe","isInstaller":"True","productName":"Setup Factory Runtime","productVersion":"9.2.0.0","fileVersion":"9.2.0.0","hashMD5":"47ed6e67ef32282571ddbd6732eb6c52","hashSHA1":"1a2a39fe5361c23fd3186ec570b3f0bc7a16d568","hashSHA256":"2d8a23c2863c65397ea0e7e09aa1f8f3c64a15d40d8a796eddd4157525644f70","digitalCertThumbprint":"6168A34A070AC55D88EA2A89EAB23B87DE50F7B5","digitalCertIssuer":"MicroSmarts LLC","digitalCertIssuedTo":"MicroSmarts LLC","sourceIndex":"3503","dateAdded":"170718","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"kids: search for game boosters","landingPage":"http://speeditupfree.com/","ipv4":"","ipv6":"","sourceIndex":"3503"}],"sampleFiles":[],"imageFiles":["170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-043/ACR-043_Install_ComponentDigitallySignedByThirdParty.jpg","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-043/ACR-043_Install_ComponentDigitallySignedByThirdParty.mp4","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-043/InstalledNonDisclosureComponents.PNG","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-083/ACR-083_Install_TriedToDownloads&InstallAdditionalSoftware.JPG","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-083/ACR-083_Software_AllowsBonusSoftwareDuringUpdation.JPG","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-048/ACR-048_Software_DownloadsUpdateEvenIfUserDidn'tChooseAnything.JPG","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-118/ACR-118_Uninstall_RetainsFilesPostUnInstall.JPG","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-118/ACR-118_Uninstall_RetainsSomeFiles.JPG","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-118/ACR-118_Uninstall_RetainsSomeFiles.mp4","170719/D-SpeedItUpFree-170717/9.2.0.0/Images/ACR-118/InstalledNonDisclosureComponentsandLeftAfterUninstall.PNG"],"nonDeceptorImageFiles":[],"guid":"47e128e6-a6c8-4732-ab29-ca0d95701025_9.2.0.0_1","appID":"D-SpeedItUpFree-170717","dateAdded":"170719","deceptorType":"App","name":"SpeedItUpFree","company":"MicroSmarts, LLC","version":"9.2.0.0","sigName":"Deceptor:Win32/SpeedItUpFree!043048017083118","lastKnownStatus":"Deceptor:3.01","lastKnownDate":"180629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,in-app purchases","lastUpdate":"2018-12-03T05:14:14.8059559+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2786},{"violations":{"ACR-042":"The apps installer proceeds with a silent install, not obtaining user permission before installing.\n","ACR-017":"The application's internal offer webpage elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n"},"nonDeceptorViolations":{"ACR-065":"The application has no link to a webpage that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\nThe application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy.\n","ACR-161":"The application's internal offer webpage has testimonials that have no links back to the sources so consumers can verify if they're real.\n","ACR-099":"The application has no link to a webpage that shows how to uninstall the app.\nThe application's landing page has no link to a webpage that shows how to uninstall the app.\nThe application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n"},"samples":[{"isRevoked":"False","fileName":"speeditupfreepro-fastinstall.exe","isInstaller":"True","companyName":"n/a","productName":"Media Installer","productVersion":"8, 0, 1, 2","fileVersion":"8, 0, 1, 2","hashMD5":"2bcf78532d207ee467e3f052f7d50181","hashSHA1":"e5163bea68d522f5a38daadb7e8a075fdc0d1fda","hashSHA256":"955b7d0947d9eb5bce0e2e39e62be969978d1c2fb4668b3e317613ae2bdf8735","digitalCertThumbprint":"E47F3A75205089D7A35B6F7D7E1D9DFD1E9C4B38","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SkyFi TV, LLC\", O=\"SkyFi TV, LLC\", STREET=980 North Michigan Ave ste1400, L=Chicago, S=Illinois, PostalCode=60611, C=US","sourceIndex":"3502","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"speeditupextreme.exe","companyName":"SkyFi TV, LLC","productName":"Speeditup Extreme","productVersion":"3, 0, 0, 1","fileVersion":"3, 0, 0, 1","hashMD5":"565edaf5432c9b3d11072b64a49b9f51","hashSHA1":"22bd278324e21bf9caf409d68eeb6e9dbdfc7c32","hashSHA256":"55369b415af55bb4b82c24552684b0b289f1609d83b131a79d232a9988b44eac","digitalCertThumbprint":"E47F3A75205089D7A35B6F7D7E1D9DFD1E9C4B38","digitalCertIssuer":"CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=\"SkyFi TV, LLC\", O=\"SkyFi TV, LLC\", STREET=980 North Michigan Ave ste1400, L=Chicago, S=Illinois, PostalCode=60611, C=US","sourceIndex":"3502","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review","reference":"existing deceptor review","landingPage":"http://speeditupfree.com/","directDownloadingLink":"http://www.speeditupfreepro.com/fastinstall/speeditupfreepro-fastinstall.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.speeditupfreepro.com/fastinstall/speeditupfreepro-fastinstall.exe","sourceIndex":"3502"}],"sampleFiles":["170719/D-SpeedItUpFree-170717/3.01/Samples/speeditupfreepro-fastinstall.exe","170719/D-SpeedItUpFree-170717/3.01/Samples/speeditupextreme.exe"],"imageFiles":["170719/D-SpeedItUpFree-170717/3.01/Images/ACR-042/ACR_042_INSTALL.mp4","170719/D-SpeedItUpFree-170717/3.01/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG"],"nonDeceptorImageFiles":["170719/D-SpeedItUpFree-170717/3.01/Images/ACR-065/ACR_065_SOFTWARE.PNG","170719/D-SpeedItUpFree-170717/3.01/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","170719/D-SpeedItUpFree-170717/3.01/Images/ACR-161/ACR_161_INTERNAL_OFFERS.PNG","170719/D-SpeedItUpFree-170717/3.01/Images/ACR-099/ACR_099_SOFTWARE.PNG","170719/D-SpeedItUpFree-170717/3.01/Images/ACR-099/ACR_099_LANDING_PAGE.PNG","170719/D-SpeedItUpFree-170717/3.01/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG"],"guid":"47e128e6-a6c8-4732-ab29-ca0d95701025_3.01_1","appID":"D-SpeedItUpFree-170717","dateAdded":"170719","deceptorType":"App","name":"SpeedItUpFree","company":"MicroSmarts, LLC","version":"3.01","sigName":"Deceptor:Win32/SpeedItUpFree!017042","lastKnownStatus":"Deceptor:3.01","lastKnownDate":"180629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-12-03T05:14:47.5561381+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2785},{"violations":{"ACR-003":"Exaggerated claims about system healthy, for example, using \"errors\" for empty registry items.\n","ACR-084":"App creates scheduled task to scan system while showing there is no scheduled tasks configured in its setting section\n"},"nonDeceptorViolations":{"ACR-003":"Exaggerated claims about system healthy, for example, using \"errors\" for empty registry items.\n"},"samples":[{"isRevoked":"False","fileName":"QuickPCOptimizer_Setup.exe","isInstaller":"True","companyName":"DeskToolsSoft","productName":"QuickPCOptimizer","productVersion":"3.2.0","fileVersion":"                    ","hashMD5":"a6f5e61652e8c5a0eda6ba276f528ebb","hashSHA1":"e2a6792a08f1a3d1daddff491f369d461815b72c","hashSHA256":"b34be57fb4889f0b333120b4004e29bb6ecf5760bcd85a39725e40b1c1913f73","digitalCertThumbprint":"C098898BD0603F210B0CC4AAE3352A7EDFE6A044","digitalCertIssuer":"DeskToolsSoft B.V.","digitalCertIssuedTo":"DeskToolsSoft B.V.","sourceIndex":"3699","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Partner","reference":"ESET researcher Daniel Report ","landingPage":"quickpcoptimizer.com","ipv4":"","ipv6":"","sourceIndex":"3699"}],"sampleFiles":["170626/D-QuickPCOptimizer-170621/Samples/QuickPCOptimizer_Setup.exe"],"imageFiles":["170626/D-QuickPCOptimizer-170621/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.JPG","170626/D-QuickPCOptimizer-170621/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170626/D-QuickPCOptimizer-170621/Images/ACR-084/ACR-084_Software_PopUpAlerts.JPG","170626/D-QuickPCOptimizer-170621/Images/ACR-084/ACR-084_Software_ScheduledTask.JPG","170626/D-QuickPCOptimizer-170621/Images/ACR-168/ACR-168_InternalOffers_ChatWindows.JPG","170626/D-QuickPCOptimizer-170621/Images/ACR-168/ACR-168_InternalOffers_ChatWindows.mp4"],"nonDeceptorImageFiles":["170626/D-QuickPCOptimizer-170621/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.JPG","170626/D-QuickPCOptimizer-170621/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170626/D-QuickPCOptimizer-170621/Images/ACR-168/ACR-168_InternalOffers_ChatWindows.JPG","170626/D-QuickPCOptimizer-170621/Images/ACR-168/ACR-168_InternalOffers_ChatWindows.mp4"],"guid":"9840f523-daf1-48de-957b-66ca2f3a7359_3.2.0_1","appID":"D-QuickPCOptimizer-170621","dateAdded":"170626","deceptorType":"App","name":"QuickPCOptimizer","company":"DeskToolsSoft. Inc.","version":"3.2.0","sigName":"Deceptor:Win32/QuickPCOptimizer!003084","lastKnownStatus":"Deceptor:3.2.0","lastKnownDate":"170622","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows Vista\",\"Windows XP\",\"Windows 7\",\"Windows 8\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\",\"enterprise\"]","ageAppropriate":"Child appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-02-15T00:40:27.5515053+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2787},{"violations":{"ACR-003":"1. Require to tone down scan results. Missing registry entries are mentioned as errors. 2. Mentioning \"system health is low\" even before scan misleads the consumer.\n","ACR-017":"Require Links to verify endorsments\n","ACR-168":"Require to disclose if additional offers will be made\n"},"nonDeceptorViolations":{"ACR-003":"1. Require to tone down scan results. Missing registry entries are mentioned as errors. 2. Mentioning \"system health is low\" even before scan misleads the consumer.\n","ACR-017":"Require Links to verify endorsments\n","ACR-168":"Require to disclose if additional offers will be made\n"},"samples":[{"isRevoked":"False","fileName":"RegistryCleaner.exe","isInstaller":"True","hashMD5":"e1e3993874532f1845b8f749d7910b48","hashSHA1":"8209f7361cd65e72bf04b5e8f729b96dd6f4dcd6","hashSHA256":"16b56bfaaa407e975b03b66ad63b9ff2f6ce2041e7a91501e20214dd4f97ba5d","digitalCertThumbprint":"D7A9812AFAB49F3994272D2D5E89175721CC0B94","digitalCertIssuer":"oTweak Software LLC","digitalCertIssuedTo":"oTweak Software LLC","sourceIndex":"3768","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertise","reference":"Ads promoted in MediaGet app","landingPage":"http://www.omnitweak.com/rcp/details/","ipv4":"","ipv6":"","sourceIndex":"3768"}],"sampleFiles":[],"imageFiles":["170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-047/ACR-047_InternalOffers_HelpLeadingtoBuyingPage.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-047/ACR-047_InternalOffers_HelpLeadingtoBuyingPage.mp4","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims2.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims2.mp4","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims3.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-017/ACR-017_LandingPage_RequireLinksToVerifyEndorsments.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-017/ACR-017_LandingPage_RequireLinksToVerifyEndorsments.mp4","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-017/ACR-017_LandingPage_RequireLinksToVerifyEndorsments2.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-168/ACR-168_Software_CallCenterNumberNeedsDisclaimer.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-057/ACR-057_InternalOffers_UnableToOptOutOfOffer.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-057/ACR-057_InternalOffers_UnableToOptOutOfOffer.mp4"],"nonDeceptorImageFiles":["170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-047/ACR-047_InternalOffers_HelpLeadingtoBuyingPage.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-047/ACR-047_InternalOffers_HelpLeadingtoBuyingPage.mp4","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims2.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims2.mp4","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-003/ACR-003_Software_ExaggeratedClaims3.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-017/ACR-017_LandingPage_RequireLinksToVerifyEndorsments.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-017/ACR-017_LandingPage_RequireLinksToVerifyEndorsments.mp4","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-017/ACR-017_LandingPage_RequireLinksToVerifyEndorsments2.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-168/ACR-168_Software_CallCenterNumberNeedsDisclaimer.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-057/ACR-057_InternalOffers_UnableToOptOutOfOffer.JPG","170625/D-RegistryCleanerOmniTweak-170618/10.1.0.5/Images/ACR-057/ACR-057_InternalOffers_UnableToOptOutOfOffer.mp4"],"guid":"bdb8fa72-c4af-4508-b473-a14756aa5313_10.1.0.5_1","appID":"D-RegistryCleanerOmniTweak-170618","dateAdded":"170625","deceptorType":"App","name":"RegistryCleanerOmniTweak","company":"oTweak Software LLC.","version":"10.1.0.5","sigName":"Deceptor:Win32/RegistryCleanerOmniTweak!003168","firstVendorContactDate":"171126","firstAppEsteemReplyDate":"171128","firstResolvedDate":"171128","firstResolvedVersion":"10.2.1","resolved":"TRUE","lastKnownStatus":"Deceptor:10.0.1.5","lastKnownDate":"170623","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows 8,Windows 10,Windows Vista","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-02-15T00:24:57.7722827+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2788},{"violations":{"ACR-003":"Using \"errors\" for these registry items is exaggerating the system health claims, and it misleading.\n","ACR-084":"App creates scheduled task to scan system while showing there is no scheduled tasks configured in its setting section\n","ACR-168":"When displaying phone number, app doesn't disclose that additional offers may be made.\n","ACR-118":"Retains a executable file in %temp% folder and also add a new Lnk file to desktop after uninstallation.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"setup_r1.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"b00393f9f0e301f804a1d7da6cb66ab0","hashSHA1":"5f8b01d47006b9bb84f293962b047921c938ad14","hashSHA256":"481e02a0e7b113c12b136c6407bb23566abc869e2dcf0b3b3bc629eb03b0470b","digitalCertThumbprint":"8F1C1BFC2D1EA65F11AB8435AE58BB3B49D388FA","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL","sourceIndex":"3242","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)"],"avAllowList":["Windows Defender (20190209)"]},{"isRevoked":"False","fileName":"setup (1)_r1.exe","isInstaller":"True","fileVersion":"0.0","hashMD5":"3a4f64963f508654a2e9680721de914e","hashSHA1":"c355934bf35c006766d1a74c6cddcd21db36015f","hashSHA256":"56a907e40e3bc5f2c64558b350e1a460b93bbfb759232b73c4e8a13b4d8f7a20","digitalCertThumbprint":"8F1C1BFC2D1EA65F11AB8435AE58BB3B49D388FA","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL","sourceIndex":"3242","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)","Windows Defender (20190209)"],"avAllowList":[]},{"isRevoked":"False","fileName":"WinRepairPro_r1.exe","isInstaller":"True","companyName":"WinRepair Pro","fileVersion":"3.6","hashMD5":"6d6eaad56a03739e590402d0addaae8f","hashSHA1":"8658d2c8c880cfa57c18bc7b75d4d9448d4f2585","hashSHA256":"fe4f44781a9f4531cdba39b17277780ac22f0b69da7f418f5e06b09af71852b4","digitalCertThumbprint":"8F1C1BFC2D1EA65F11AB8435AE58BB3B49D388FA","digitalCertIssuer":"CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US","digitalCertIssuedTo":"CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL","sourceIndex":"3242","avBlockList":["Avast Internet Security (20190209)","AVG Internet Security (20190209)","Avira Internet Security (20190209)","Bitdefender Internet Security (20190209)","ESET Internet Security (20190209)","G DATA INTERNET SECURITY (20190209)","K7 Total Security (20190209)","Kaspersky Internet Security (20190209)","Malwarebytes Premium (20190209)","McAfee Total Protection (20190209)","Norton Security (20190209)","Panda Dome (20190209)","Sophos Home Premium (20190209)","Trend Micro Internet Security (20190209)","VirIT eXplorer PRO (20190209)","Webroot SecureAnywhere (20190209)"],"avAllowList":["Windows Defender (20190209)"]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Partner","reference":"Deceptor candidate reported by Daniel from ESET","landingPage":"http://winrepairpro.com/","directDownloadingLink":"http://winrepairpro.com/download?pub_id=&sub_id=&srcid=","ipv4":"108.59.81.209","ipv6":"","directDownloadingLinkWildChar":"http://winrepairpro.com/download?pub_id=&sub_id=&srcid=","sourceIndex":"3242"}],"sampleFiles":["170612/D-WinRepairPro-170606/3.6.18.275/Samples/setup_r1.exe","170612/D-WinRepairPro-170606/3.6.18.275/Samples/setup (1)_r1.exe","170612/D-WinRepairPro-170606/3.6.18.275/Samples/WinRepairPro_r1.exe"],"imageFiles":["170612/D-WinRepairPro-170606/3.6.18.275/Images/ACR-003/ACR-003_Software_Uses_Error_word.JPG","170612/D-WinRepairPro-170606/3.6.18.275/Images/ACR-003/ACR-003_Software_uses_error_word.mp4","170612/D-WinRepairPro-170606/3.6.18.275/Images/ACR-084/ScheduledTaskEvenSettingShowsNoScheduling.JPG","170612/D-WinRepairPro-170606/3.6.18.275/Images/ACR-084/ScheduledTaskEvenSettingShowsNoScheduling1.JPG","170612/D-WinRepairPro-170606/3.6.18.275/Images/ACR-168/ACR-168_Software_not_disclosed_about_making_offer.JPG","170612/D-WinRepairPro-170606/3.6.18.275/Images/ACR-168/ACR-168_Software_number_not_disclosed_about_offer.mp4","170612/D-WinRepairPro-170606/3.6.18.275/Images/ACR-118/ACR-118_Uninstall_Retains_a_binary_&_adds_a_new_Lnk.JPG","170612/D-WinRepairPro-170606/3.6.18.275/Images/ACR-118/ACR-118_Uninstall_retains_a_executable_&_adds_Lnk.mp4"],"nonDeceptorImageFiles":[],"guid":"ef3e9c14-2daf-44c2-a0e5-4449e3d04801_3.6.18.275_1","appID":"D-WinRepairPro-170606","dateAdded":"170612","deceptorType":"App","name":"WinRepair Pro","company":"WinRepairPro.com","version":"3.6.18.275","sigName":"Deceptor:Win32/WinRepairPro!003168118084","lastKnownStatus":"Deceptor:3.6.18.275","lastKnownDate":"181215","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer,enterprise","ageAppropriate":"Child appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2019-01-28T18:15:10.6905601+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2789},{"violations":{"ACR-051":"App changes browser settings directly without calling browser standard API","ACR-097":"App attempts to evade sandbox hook monitoring and behave differently","ACR-057":"User can't decline offer to proceed installation"},"nonDeceptorViolations":{"ACR-057":"User can't decline offer to proceed installation"},"samples":[{"isRevoked":"False","fileName":"soso_setup_2.0.1.26.exe","isInstaller":"True","companyName":"Sivi Technology Limited","productName":"SoSoDesk","productVersion":"2.0.1.26656","fileVersion":"2.0.1.26656","hashMD5":"4f9a0ab9ad72ae8e34cf5e0feaab92db","hashSHA1":"ff22a77a03c10e2ad244923f4e94d64e00551a94","hashSHA256":"b245ce75758d46a3bc698f92d1847f4bf082958e01a0314d05f4972b5b5fdb82","digitalCertThumbprint":"709f0719c14c85dc4d22142ab8d10b9638295c45","sourceIndex":"3478","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"ZhouJun from Huorong, Andrew from Sophos","landingPage":"https://sosodesktop.com","sourceIndex":"3478"}],"sampleFiles":[],"imageFiles":["170605/D-SoSoDesk-170602/2.0.1.26656/Images/ACR-051/ModifyBrowserSettingDirectly.JPG","170605/D-SoSoDesk-170602/2.0.1.26656/Images/ACR-057/ForceToChooseOfferDuringInstallation.JPG"],"nonDeceptorImageFiles":["170605/D-SoSoDesk-170602/2.0.1.26656/Images/ACR-057/ForceToChooseOfferDuringInstallation.JPG"],"guid":"f360adf3-1fd6-4b84-b744-0168818b0606_2.0.1.26656_1","appID":"D-SoSoDesk-170602","dateAdded":"170605","deceptorType":"App","name":"SoSoDesk","company":"BYSENDA TECHNOLOGY INC","version":"2.0.1.26656","sigName":"Deceptor:Win32/SoSoDeck!051057097","lastKnownStatus":"Deceptor:2.0.1.26656","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:35:50.5311701+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2790},{"violations":{"ACR-051":"App changes browser settings directly without calling browser standard API","ACR-097":"App attempts to evade sandbox hook monitoring and behave differently","ACR-057":"User can't decline offer to proceed installation"},"nonDeceptorViolations":{"ACR-057":"User can't decline offer to proceed installation"},"samples":[{"isRevoked":"False","fileName":"siviewer_setup_2.2.0.16654.exe","isInstaller":"True","companyName":"Sivi Technology Limited","productName":"SIViewer","productVersion":"2.2.0.16654","fileVersion":"2.2.0.16654","hashMD5":"886dce39eab3b2b9b83934290c69cf67","hashSHA1":"9a36f7fdc7d993966be48f2e745b0f286054c0bb","hashSHA256":"e2db0f7b1c61cefa08863622f7dcb1bbebe6ac6ea47faf4f2c15b69752e9a7d2","digitalCertThumbprint":"8858121234e3677baae67002b7e0f835a2b3867a","sourceIndex":"3479","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"ZhouJun from Huorong, Andrew from Sophos","landingPage":"http://siviewer.com","sourceIndex":"3479"}],"sampleFiles":[],"imageFiles":["170605/D-SIViewer-170602/2.2.0.16654/Images/ACR-051/BrowserSettingChanges.png","170605/D-SIViewer-170602/2.2.0.16654/Images/ACR-051/DropExtModifyBrowserSettingDirectly.JPG","170605/D-SIViewer-170602/2.2.0.16654/Images/ACR-051/ModifyBrowserSettingDirectly1.JPG","170605/D-SIViewer-170602/2.2.0.16654/Images/ACR-057/CannotDeclineOffer.JPG","170605/D-SIViewer-170602/2.2.0.16654/Images/ACR-057/CannotDeclineOffer1.JPG"],"nonDeceptorImageFiles":["170605/D-SIViewer-170602/2.2.0.16654/Images/ACR-057/CannotDeclineOffer.JPG","170605/D-SIViewer-170602/2.2.0.16654/Images/ACR-057/CannotDeclineOffer1.JPG"],"guid":"f6efb85e-6aca-422f-b22f-67c14715a307_2.2.0.16654_1","appID":"D-SIViewer-170602","dateAdded":"170605","deceptorType":"App","name":"SIViewer","company":"SIViewer","version":"2.2.0.16654","sigName":"Deceptor:Win32/SIViewer!051057097","lastKnownStatus":"Deceptor:2.2.0.16654","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:35:09.4502293+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2791},{"violations":{"ACR-051":"App changes browser settings directly without calling browser standard API","ACR-097":"App attempts to evade sandbox hook monitoring and behave differently","ACR-057":"User can't decline offer to proceed installation"},"nonDeceptorViolations":{"ACR-057":"User can't decline offer to proceed installation"},"samples":[{"isRevoked":"False","fileName":"ozip_setup_2.0.1.26.exe","isInstaller":"True","companyName":"Sivi Technology Limited","productName":"OZIP","productVersion":"2.0.1.26656","fileVersion":"2.0.1.26656","hashMD5":"b34995c701820d02e5bd8f38e9ffe8cd","hashSHA1":"320570a1d24d7fce822cac70e40f493ce52bde60","hashSHA256":"c36a7c4a1792d844c1d17f91e1589d2ae6841676377f6cf50aefa0762c9b5621","digitalCertThumbprint":"cbd45a6e8fecd976b29ba7afe266f93d6b5334bb","sourceIndex":"3480","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"ZhouJun from Huorong, Andrew from Sophos","landingPage":"http://ozipcompression.com","sourceIndex":"3480"}],"sampleFiles":[],"imageFiles":["170605/D-OZIP-170602/2.0.1.26656/Images/ACR-051/ModifyBrowserSettingDirectly.JPG","170605/D-OZIP-170602/2.0.1.26656/Images/ACR-051/ModifyBrowserSettingDirectly1.JPG","170605/D-OZIP-170602/2.0.1.26656/Images/ACR-057/CannotDeclineOffer.JPG","170605/D-OZIP-170602/2.0.1.26656/Images/ACR-057/CannotDeclineOffer1.JPG"],"nonDeceptorImageFiles":["170605/D-OZIP-170602/2.0.1.26656/Images/ACR-057/CannotDeclineOffer.JPG","170605/D-OZIP-170602/2.0.1.26656/Images/ACR-057/CannotDeclineOffer1.JPG"],"guid":"0f917ac5-beab-4d84-935f-f01751d4dc0d_2.0.1.26656_1","appID":"D-OZIP-170602","dateAdded":"170605","deceptorType":"App","name":"OZIP","company":"Zoekyu Technology Limited","version":"2.0.1.26656","sigName":"Deceptor:Win32/OZIP!051057097","lastKnownStatus":"Deceptor:2.0.1.26656","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:34:28.5215767+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2792},{"violations":{"ACR-051":"App changes browser settings directly without calling browser standard API","ACR-097":"App attempts to evade sandbox hook monitoring and behave differently","ACR-057":"User can't decline offer to proceed installation"},"nonDeceptorViolations":{"ACR-057":"User can't decline offer to proceed installation"},"samples":[{"isRevoked":"False","fileName":"HolaInput_setup.exe","isInstaller":"True","companyName":"Zoekyu Technology Ltd","productName":"HolaInput","fileVersion":"1.0.1.100","hashMD5":"485cea424fac3fe1f353788a39066d4e","hashSHA1":"2a8d9d7210f216f00aa9c7d301d7ceb95aa37fad","hashSHA256":"e0e3ce21da7e05444787131225b847edbe3decb0702f6a9e07ed52f475b01786","digitalCertThumbprint":"6fd50285101079a77ef63c020edbc559b0990e92","sourceIndex":"3481","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"ZhouJun from Huorong, Andrew from Sophos","landingPage":"http://holainput.com","sourceIndex":"3481"}],"sampleFiles":[],"imageFiles":["170605/D-HolaInput-170602/1.0.1.100/Images/ACR-051/ModifyBrowserSettingDirectly.JPG","170605/D-HolaInput-170602/1.0.1.100/Images/ACR-051/ModifyBrowserSettingDirectly1.JPG","170605/D-HolaInput-170602/1.0.1.100/Images/ACR-057/CannotDeclineOffer.JPG","170605/D-HolaInput-170602/1.0.1.100/Images/ACR-057/CannotDeclineOffer1.JPG"],"nonDeceptorImageFiles":["170605/D-HolaInput-170602/1.0.1.100/Images/ACR-057/CannotDeclineOffer.JPG","170605/D-HolaInput-170602/1.0.1.100/Images/ACR-057/CannotDeclineOffer1.JPG"],"guid":"2b9d35f7-26d5-45ff-b966-9555b8221ee6_1.0.1.100_1","appID":"D-HolaInput-170602","dateAdded":"170605","deceptorType":"App","name":"HolaInput","company":"Hongkong zoekyu Technology Limited","version":"1.0.1.100","sigName":"Deceptor:Win32/HolaInput!051057097","lastKnownStatus":"Deceptor:1.0.1.100","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:33:38.4431665+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2793},{"violations":{"ACR-051":"App changes browser settings directly without calling browser standard API","ACR-097":"App attempts to evade sandbox hook monitoring and behave differently","ACR-057":"User can't decline offer to proceed installation"},"nonDeceptorViolations":{"ACR-057":"User can't decline offer to proceed installation"},"samples":[{"isRevoked":"False","fileName":"fvp_Setup_new_ver_2.1.8.exe","isInstaller":"True","companyName":"Sivi Technology Limited","productName":"FVP ImageViewer","productVersion":"2.1.8.26664","fileVersion":"2.1.8.26664","hashMD5":"cf3858cbb1678a8d3654bc40c559bad6","hashSHA1":"08731ac376f3d6af690d45214d4644f3c42930a1","hashSHA256":"4951300f81e9e71d537372f0fc18b80eb082582a50641bef25c4ab92966b997e","digitalCertThumbprint":"fd4c6a26929f2208fcd6b70f8002c7ea346a93b3","sourceIndex":"3482","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"ZhouJun from Huorong, Andrew from Sophos","landingPage":"https://www.fvpimageviewer.com","sourceIndex":"3482"}],"sampleFiles":[],"imageFiles":["170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-042/ACR-042_ChromeSettingsChanged01.PNG","170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-042/ACR-042_ChromeSettingsChanged02.PNG","170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-042/ACR-042_ChromeSettingsChanged03.PNG","170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-042/ACR-042_FeaturesInstalledWithoutPermission.mp4","170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-051/ChangeBrowserSettingDirectly.JPG","170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-057/ACR-057_ForcedToChangeTheBrowserStartPage.PNG","170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-057/ACR-057_ForcedToAcceptExtraFeatures.mp4"],"nonDeceptorImageFiles":["170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-057/ACR-057_ForcedToChangeTheBrowserStartPage.PNG","170605/D-FVPImageViewer-170602/2.1.8.26664/Images/ACR-057/ACR-057_ForcedToAcceptExtraFeatures.mp4"],"guid":"379734e1-7b6f-4318-885b-ee9015efbbb9_2.1.8.26664_1","appID":"D-FVPImageViewer-170602","dateAdded":"170605","deceptorType":"App","name":"FVP ImageViewer","company":"Jyulam Technology Inc.","version":"2.1.8.26664","sigName":"Deceptor:Win32/FVPImageViewer!051057097","lastKnownStatus":"Deceptor:2.1.8.26664","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:31:22.593412+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2794},{"violations":{"ACR-051":"App changes browser settings directly without calling browser standard API","ACR-097":"App attempts to evade sandbox hook monitoring and behave differently","ACR-057":"User can't decline offer to proceed installation"},"nonDeceptorViolations":{"ACR-057":"User can't decline offer to proceed installation"},"samples":[{"isRevoked":"False","fileName":"wifi_setup_1.0.12.exe","isInstaller":"True","companyName":"Sivi Technology Limited","productName":"DealWifi(Deal Wifi Hotspot)","productVersion":"1.0.12.26699","fileVersion":"1.0.12.26699","hashMD5":"8bf713f8dddf2dc98f3d1092d8b30713","hashSHA1":"0f6df3d425c0f2e60eca1cd8a20106c305296f23","hashSHA256":"2e0204f1ca031d6dcc8243b0eed15143b6468634edcde1cbaa49cb0db523008e","digitalCertThumbprint":"bb418f232e3022562f48a0ce7c523babe37bd993","sourceIndex":"3462","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"ZhouJun from Huorong, Andrew from Sophos","landingPage":"http://dealwifi.com","sourceIndex":"3462"}],"sampleFiles":[],"imageFiles":["170605/D-DealWifi-170602/1.0.12.26699/Images/ACR-051/BrowserNewTabPageChanges.JPG","170605/D-DealWifi-170602/1.0.12.26699/Images/ACR-051/BrowserSettingChanges.JPG","170605/D-DealWifi-170602/1.0.12.26699/Images/ACR-051/DropExtModifyBrowserSettingDirectly.JPG","170605/D-DealWifi-170602/1.0.12.26699/Images/ACR-057/CannotDeclineOffer.JPG","170605/D-DealWifi-170602/1.0.12.26699/Images/ACR-057/CannotDeclineOffer1.JPG"],"nonDeceptorImageFiles":["170605/D-DealWifi-170602/1.0.12.26699/Images/ACR-057/CannotDeclineOffer.JPG","170605/D-DealWifi-170602/1.0.12.26699/Images/ACR-057/CannotDeclineOffer1.JPG"],"guid":"d10353b7-b499-4873-8048-9f3e275d2e15_1.0.12.26699_1","appID":"D-DealWifi-170602","dateAdded":"170605","deceptorType":"App","name":"DealWifi(Deal Wifi Hotspot)","company":"RAFO TECHNOLOGY INC","version":"1.0.12.26699","sigName":"Deceptor:Win32/DealWifi!051057097","lastKnownStatus":"Deceptor:1.0.12.26699","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:58:03.9992994+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2795},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","fileName":"SystemHealer.exe","isInstaller":"True","companyName":"System Healer Tech Sp. Zo.o.","productName":"SystemHealer","fileVersion":"4.4.0.3","hashMD5":"3f87e8754b63a7bad1cf5e92d05c68e5","hashSHA1":"48dfbfabb5479932f46cb177b36a683e47b3f05e","hashSHA256":"72b09973146953141c09c9ead00701f80d0f7c29c2c8dbd3c093b80fe985b9a8","digitalCertThumbprint":"28F2A1C01735D51AB23EE00FB631CCA8AC4C9AFB","sourceIndex":"2559","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"http://www.shouldiremoveit.com/","landingPage":"http://systemhealer.com/installation-activation/","directDownloadingLink":"http://da.systemhealerhost.net/351000501/SystemHealer.exe","sourceIndex":"2559"}],"sampleFiles":[],"imageFiles":["170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-007/ACR-007_InternalOffers_MissingHyperlinksToVerifyLogos.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-007/ACR-007_InternalOffers_MissingHyperlinksToVerifyLogos.mp4","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-168/NoDisclosureAboutAdditionalOfferDuringCall.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-057/ACR-057_InternalOffers_NoOptionToOptOut.mp4","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-057/ACR-057_InternalOffers_NoOptionToOptOut_1.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-057/ACR-057_InternalOffers_NoOptionToOptOut_2.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-016/ACR-016_AdsInsideApp_AdsLeadToDownload.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-016/ACR-016_AdsInsideApp_AdsLeadToDownload.mp4"],"nonDeceptorImageFiles":["170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-007/ACR-007_InternalOffers_MissingHyperlinksToVerifyLogos.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-007/ACR-007_InternalOffers_MissingHyperlinksToVerifyLogos.mp4","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-168/NoDisclosureAboutAdditionalOfferDuringCall.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-057/ACR-057_InternalOffers_NoOptionToOptOut.mp4","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-057/ACR-057_InternalOffers_NoOptionToOptOut_1.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-057/ACR-057_InternalOffers_NoOptionToOptOut_2.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-016/ACR-016_AdsInsideApp_AdsLeadToDownload.JPG","170601/D-SystemHealer-170527/4.4.0.3/Images/ACR-016/ACR-016_AdsInsideApp_AdsLeadToDownload.mp4"],"guid":"78ff2caf-9854-40da-958d-88e0bdd7fc98_4.4.0.3_1","appID":"D-SystemHealer-170527","dateAdded":"170601","deceptorType":"App","name":"SystemHealer","company":"System Healer Tech Sp. Zo.o.","version":"4.4.0.3","sigName":"Deceptor:Win32/SystemHealer!016168","lastKnownStatus":"Deceptor:4.4.0.3","lastKnownDate":"200203","lastUpdate":"2020-02-04T00:35:17.2998669+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2797},{"violations":{"ACR-003":"App exaggerates system healthy condition caused by invalid registry items.\n"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition caused by invalid registry items.\n"},"samples":[{"isRevoked":"False","fileName":"Setup_WinThruster_2016.exe","isInstaller":"True","companyName":"Solvusoft Corporation","productName":"WinThruster","productVersion":"1.16.80.0","fileVersion":"1.16.80.0","hashMD5":"ff705fcacbc099bdbfa7a3b916a8822f","hashSHA1":"8194bb2b9553b5eda3cf74b13444b60977cbdcc3","hashSHA256":"64b46a0d05b19c1c86d8ac8257e356780ad7a327b9fc9ebd3c5db5631efc69dd","digitalCertThumbprint":"4D684D6D595F2C32381A7B1BF27903933F8D79A6","sourceIndex":"3762","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Submission","landingPage":"http://www.solvusoft.com/en/winthruster/","directDownloadingLink":"http://www.solvusoft.com/file-downloads/builds/static_delivery/installers/winthruster/spf/100716_build/Setup_WinThruster_2016.exe","sourceIndex":"3762"}],"sampleFiles":[],"imageFiles":["170601/D-WinThruster-170527/1.16.80. 0/Images/ACR-003/ACR-003_ExaggeratedClaim.mp4","170601/D-WinThruster-170527/1.16.80. 0/Images/ACR-003/ACR-003_ExaggeratedClaim01.JPG","170601/D-WinThruster-170527/1.16.80. 0/Images/ACR-003/ACR-003_FewIssuesResolved01.JPG","170601/D-WinThruster-170527/1.16.80. 0/Images/ACR-003/ACR-003_FewIssuesResolved02.JPG"],"nonDeceptorImageFiles":["170601/D-WinThruster-170527/1.16.80. 0/Images/ACR-003/ACR-003_ExaggeratedClaim.mp4","170601/D-WinThruster-170527/1.16.80. 0/Images/ACR-003/ACR-003_ExaggeratedClaim01.JPG","170601/D-WinThruster-170527/1.16.80. 0/Images/ACR-003/ACR-003_FewIssuesResolved01.JPG","170601/D-WinThruster-170527/1.16.80. 0/Images/ACR-003/ACR-003_FewIssuesResolved02.JPG"],"guid":"dea9515b-ad39-4a95-a216-4db2632f8352_1.16.80. 0_1","appID":"D-WinThruster-170527","dateAdded":"170601","deceptorType":"App","name":"WinThruster","company":"Solvusoft Corporation","version":"1.16.80. 0","sigName":"Deceptor:Win32/WinTruster!003","firstVendorContactDate":"170903","firstAppEsteemReplyDate":"171003","firstResolvedDate":"171117","firstResolvedVersion":"1.26.1.0","resolved":"TRUE","lastKnownStatus":"Deceptor:1.16.80.0","lastKnownDate":"170527","type":"Windows Executable","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 10,Windows 8","targetBrowser":"None","lastUpdate":"2018-02-15T00:25:28.486064+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2796},{"violations":{"ACR-003":"App exaggerates system healthy condition caused by invalid registry items, junk files\n"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition caused by invalid registry items, junk files\n"},"samples":[{"isRevoked":"False","fileName":"system_cleaner_setup.exe","isInstaller":"True","companyName":"Pointstone Software, LLC","productName":"SystemCleaner","fileVersion":"7.7.34.730","hashMD5":"b1a871df14adcf52a83d9c47623f8ad5","hashSHA1":"d59f403d2d44fa9051d31b4d6a25bdc079480c53","hashSHA256":"2b77382b9a5e7bfd73ac14de603f4086cbe77ba343e3becd8c93f1b63f5ac9d9","digitalCertThumbprint":"4e87202c46e90b3606541662c7a2db4fc00ef455","sourceIndex":"3700","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"system_cleaner_setup.exe","isInstaller":"True","companyName":"Pointstone Software, LLC","productName":"SystemCleaner","productVersion":"7.7.32..720","fileVersion":"7.5.8.330","hashMD5":"4d5f5c0ec459e559c9937fd428c070d1","hashSHA1":"7f52bd320f56cd5c1db126b858815714670ad3f6","hashSHA256":"0ced437f90d3586e03e7d250af5e76bf051d26cba74ea4bf341d74b5c38dadef","digitalCertThumbprint":"4E87202C46E90B3606541662C7A2DB4FC00EF455","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Pointstone Software, LLC","sourceIndex":"3700","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Search: Cleaner Tools","landingPage":"http://www.pointstone.com/products/systemcleaner/","sourceIndex":"3700"}],"sampleFiles":[],"imageFiles":["170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-047/ACR-047_InternalOffers_SameOfferIsShownTwice.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-047/ACR-047_InternalOffers_SameOfferIsShownTwice2.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-047/ACR-047_InternalOffers_SameOfferRepeated.mp4","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_Empty_Registry_Shows_As_Errors.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_Possible_Problems_Found.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_Possible_Problems_Found_1.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_SharedDllsShownAsError.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_TemporaryInternetFileShownAsError.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_WindowsErrorReportingShownAsError.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_Logos_1.JPG"],"nonDeceptorImageFiles":["170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-065/ACR-065_Install_Missing_PrivacyPolicy&Eula_In_About_Page.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-065/ACR-065_LandingPage_Missing_Returns&CancellationPolicy.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-065/ACR-065_Software_Missing_PrivacyPolicy.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-161/ACR-161_LandingPage_Unable_To_Verify_Testimonals.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-161/ACR-161_LandingPage__Unable_To_Verify_Testimonals_1.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-170/ACR-170_LandingPage_30Days_Moneyback_Not_Diclosed.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-099/ACR-099_LandingPage_Uninstall_Information_Not_Available.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-099/ACR-099_Software_Uninstall_Information_Missing.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-054/ACR-054_InlineOffer_No_Equal_Prominance.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-068/ACR-068_InternalOffer_ConsfusingOffer2.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-068/ACR-068_InternalOffers_ConfusingOffers.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-159/ACR-159_LandingPage_NoDifferenceBetweenLiteAndFullVersion.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-047/ACR-047_InternalOffers_SameOfferIsShownTwice.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-047/ACR-047_InternalOffers_SameOfferIsShownTwice2.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-047/ACR-047_InternalOffers_SameOfferRepeated.mp4","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_Empty_Registry_Shows_As_Errors.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_Possible_Problems_Found.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_Possible_Problems_Found_1.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_SharedDllsShownAsError.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_TemporaryInternetFileShownAsError.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-003/ACR-003_Software_Exaggerated_WindowsErrorReportingShownAsError.JPG","170530/D-SystemCleaner-00052/7.7.34.730/Images/ACR-017/ACR-017_LandingPage_Unable_To_Verify_Logos_1.JPG"],"guid":"a997d0b7-8c2b-4e2e-b9ab-77397d0424bb_7.7.34.730_1","appID":"D-SystemCleaner-00052","dateAdded":"170530","deceptorType":"App","name":"SystemCleaner","company":"Pointstone Software, LLC","version":"7.7.34.730","sigName":"Deceptor:Win32/SystemCleaner!003","firstVendorContactDate":"171031","firstAppEsteemReplyDate":"171031","firstResolvedDate":"180108","firstResolvedVersion":"7.8.0.900","resolved":"TRUE","lastKnownStatus":"Deceptor:7.7.34.730","lastKnownDate":"170526","lastUpdate":"2018-02-15T00:39:58.9996512+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2798},{"violations":{"ACR-003":"App exaggerates system healthy condition, reports high impact caused by registry issues, raise urgency to fix","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition, reports high impact caused by registry issues, raise urgency to fix"},"samples":[{"isRevoked":"False","fileName":"Slow_PCFighter.exe","isInstaller":"True","companyName":"SPAMfighter ApS.","productName":"SLOW-Pcfighter","productVersion":"2.1.32.0","fileVersion":"2.1.32.0","hashMD5":"e0356bba0b0b127db18d2fb247997c8f","hashSHA1":"70dc743907ed501095a6885bf8f4149d339adfb1","hashSHA256":"aa92083211e1650a67010f8634ab34797ba1f9e70a392a445d80aa206952e917","digitalCertThumbprint":"0bb05fadcf614caa0a2b2e6f07f305d93dce89f4","sourceIndex":"3763","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Security partner symantec report","landingPage":"http://www.spamfighter.com/SLOW-PCfighter/","directDownloadingLink":"http://download.spamfighter.com/slow-pcfighter/slow-pcfighter_Web.exe","sourceIndex":"3763"}],"sampleFiles":["170507/D-SlowPCFighter-00045/Samples/Slow_PCFighter.exe"],"imageFiles":["170507/D-SlowPCFighter-00045/Images/ACR-003/ExaggeratedRegistryErrors.JPG","170507/D-SlowPCFighter-00045/Images/ACR-003/ExaggeratedRegistryIssuesAsModerate_HighImpactToSystemPerformance.JPG","170507/D-SlowPCFighter-00045/Images/ACR-003/RaiseUrgencyWithExaggeratedHighImpactErrors.JPG","170507/D-SlowPCFighter-00045/Images/ACR-INFO/SlowPCFigherScanResult.mp4"],"nonDeceptorImageFiles":["170507/D-SlowPCFighter-00045/Images/ACR-003/ExaggeratedRegistryErrors.JPG","170507/D-SlowPCFighter-00045/Images/ACR-003/ExaggeratedRegistryIssuesAsModerate_HighImpactToSystemPerformance.JPG","170507/D-SlowPCFighter-00045/Images/ACR-003/RaiseUrgencyWithExaggeratedHighImpactErrors.JPG"],"guid":"c3b27915-efcb-4676-90d8-0928fbea1de9_2.1.32.0_1","appID":"D-SlowPCFighter-00045","dateAdded":"170507","deceptorType":"App","name":"SLOW-Pcfighter","company":"SPAMfighter ApS.","version":"2.1.32.0","sigName":"Deceptor:Win32/SlowPCFighter!003","firstVendorContactDate":"170509","firstAppEsteemReplyDate":"170509","firstResolvedDate":"170517","firstResolvedVersion":"2.1.34.0","resolved":"TRUE","lastKnownStatus":"Not Deceptor:2.1.34.0","lastKnownDate":"170517","lastUpdate":"2018-02-15T00:25:27.6833805+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2799},{"violations":{"ACR-043":" One or more third party components are installed which are not disclosed to the user in the EULA and offer or landing page. Ex.: ComponentFactory.Krypton.Toolkit.dll, Interop.IWshRuntimeLibrary.dll, etc. \n\n","ACR-003":" The app exaggerates \"RecentDocs\", \"Junk Files\" and \"Shareddlls\" as an issue with exaggerated numbers and portrayed the importance as \"High\", thereby misleading or scaring consumer to take action  \n\n","ACR-084":"The app creates undisclosed scheduled tasks to perform actions without the consumer's knowledge and consent\n","ACR-168":" The app displays a support call center phone number but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer. \n\n"},"nonDeceptorViolations":{"ACR-003":" The app exaggerates \"RecentDocs\", \"Junk Files\" and \"Shareddlls\" as an issue with exaggerated numbers and portrayed the importance as \"High\", thereby misleading or scaring consumer to take action  \n\n","ACR-168":" The app displays a support call center phone number but does not provide an equally prominent non-interaction option to the user and also, does not disclose that additional offers may be made on the one-on-one interaction with the consumer. \n\n"},"samples":[{"isRevoked":"False","fileName":"registrydrsetup.exe","isInstaller":"True","companyName":"EuroTrade A.L. Ltd","productName":"Registry Dr","productVersion":"3.0.3","fileVersion":"3.0.3","hashMD5":"f5385a96c72ef7a0147e018bacf5f577","hashSHA1":"8958538d3f155b8a8653f3c4b7c24de3dca07b28","hashSHA256":"0205f63f01c2b038b659fcb91c4b2e8eb054e83994fd49a611fd19afc567315f","digitalCertThumbprint":"7CA4559226AD7677D6AA3A0C65C27D7FF4E56EB7","digitalCertIssuer":"Eurotrade","digitalCertIssuedTo":"Eurotrade","sourceIndex":"3779","dateAdded":"170904","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"www.shouldiremoveit.com","landingPage":"http://www.registrydr.com/","ipv4":"","ipv6":"","sourceIndex":"3779"},{"howFound":"Hunt.Advertising","reference":"Search: Tools Cleaner","landingPage":"http://registrydr.com/","directDownloadingLink":"http://www.registrydr.com/files/registrydrsetup.exe","ipv4":"163.172.53.245","ipv6":"","sourceIndex":"3780"}],"sampleFiles":["170507/D-RegistryDR-170902/Samples/registrydrsetup.exe"],"imageFiles":["170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_Danger.JPG","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim.mp4","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim01.JPG","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim02.JPG","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim03.JPG","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim04.JPG","170507/D-RegistryDR-170902/Images/ACR-009/ACR-009_Software_Danger.JPG","170507/D-RegistryDR-170902/Images/ACR-009/ACR-009_Software_Danger.mp4","170507/D-RegistryDR-170902/Images/ACR-084/ACR-084_Software_UndisclosedTaskScheduled.JPG","170507/D-RegistryDR-170902/Images/ACR-084/ACR-084_Software_UndisclosedTaskScheduled.mp4","170507/D-RegistryDR-170902/Images/ACR-168/ACR-168.PNG"],"nonDeceptorImageFiles":["170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_Danger.JPG","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim.mp4","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim01.JPG","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim02.JPG","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim03.JPG","170507/D-RegistryDR-170902/Images/ACR-003/ACR-003_Software_ExagggeratedClaim04.JPG","170507/D-RegistryDR-170902/Images/ACR-009/ACR-009_Software_Danger.JPG","170507/D-RegistryDR-170902/Images/ACR-009/ACR-009_Software_Danger.mp4","170507/D-RegistryDR-170902/Images/ACR-168/ACR-168.PNG"],"guid":"56b50358-f00c-44c6-935b-bdd6b3e77bdd_3.0.3_1","appID":"D-RegistryDR-170902","dateAdded":"170507","deceptorType":"App","name":"Registry Dr","company":"EuroTrade A.L. Ltd","version":"3.0.3","sigName":"Deceptor:Win32/RegistryDr!043003084168","lastKnownStatus":"Deceptor: 3.0.3","lastKnownDate":"210113","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\",\"Windows Server\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\",\"call center\",\"up-sell to paid\"]","lastUpdate":"2021-01-13T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2800},{"violations":{"ACR-003":"App exaggerates system healthy condition, reports high impact caused by registry issues, raise urgency to fix","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made.","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition, reports high impact caused by registry issues, raise urgency to fix","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Tuneup PC Tools Inc","productName":"Smart System Care","productVersion":"1.0.0.27694","fileVersion":"1.0.0.27694","hashMD5":"3aa2ef28ca991e3e58dc20084198a672","hashSHA1":"44808552c70e9dd7512d42718d6be063d9914219","hashSHA256":"8321c53fb055c51b1ab1fafbdb1d073e67accee1d06aca40295026635c8fffa5","digitalCertThumbprint":"629a7f2f8149eeaf536ab6e0f7cb5dab3e3f7a7e","sourceIndex":"3483","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Tuneup PC Tools Inc","productName":"Smart System Care","productVersion":"1.0.0.25380","fileVersion":"1.0.0.25380","hashMD5":"9af995878554188b6fc80bbb21477d75","hashSHA1":"5843cbfd55b47b0c65ac7840cc687f66e627a85c","hashSHA256":"f368c91278850226d06464a17c0acede0beb5b03f0f71b4a43faa30a3aac8eba","digitalCertThumbprint":"629a7f2f8149eeaf536ab6e0f7cb5dab3e3f7a7e","sourceIndex":"3483","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Tuneup PC Tools Inc","productName":"Smart System Care","productVersion":"1.0.0.27694","fileVersion":"1.0.0.27694","hashMD5":"cf9c4ba5ac4ab3f1ffced40376376f05","hashSHA1":"ceeab4cd81a3d12b2d03d7afff9af6c30fb74d4e","hashSHA256":"8f1aedda1a1b6496b0c086261fae96216b9c3fa215b781ae76d6b8ee43b4d1bb","digitalCertThumbprint":"629a7f2f8149eeaf536ab6e0f7cb5dab3e3f7a7e","sourceIndex":"3483","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Tuneup PC Tools Inc","productName":"Smart System Care","productVersion":"1.0.0.27694","fileVersion":"1.0.0.27694","hashMD5":"3aa2ef28ca991e3e58dc20084198a672","hashSHA1":"44808552c70e9dd7512d42718d6be063d9914219","hashSHA256":"8321c53fb055c51b1ab1fafbdb1d073e67accee1d06aca40295026635c8fffa5","digitalCertThumbprint":"629a7f2f8149eeaf536ab6e0f7cb5dab3e3f7a7e","sourceIndex":"3484","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Tuneup PC Tools Inc","productName":"Smart System Care","productVersion":"1.0.0.25380","fileVersion":"1.0.0.25380","hashMD5":"9af995878554188b6fc80bbb21477d75","hashSHA1":"5843cbfd55b47b0c65ac7840cc687f66e627a85c","hashSHA256":"f368c91278850226d06464a17c0acede0beb5b03f0f71b4a43faa30a3aac8eba","digitalCertThumbprint":"629a7f2f8149eeaf536ab6e0f7cb5dab3e3f7a7e","sourceIndex":"3484","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Tuneup PC Tools Inc","productName":"Smart System Care","productVersion":"1.0.0.27694","fileVersion":"1.0.0.27694","hashMD5":"cf9c4ba5ac4ab3f1ffced40376376f05","hashSHA1":"ceeab4cd81a3d12b2d03d7afff9af6c30fb74d4e","hashSHA256":"8f1aedda1a1b6496b0c086261fae96216b9c3fa215b781ae76d6b8ee43b4d1bb","digitalCertThumbprint":"629a7f2f8149eeaf536ab6e0f7cb5dab3e3f7a7e","sourceIndex":"3484","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Daniel report deceptor candidate a while back. The build I checked before is a free clean tool with Driver Updater Ads. Today's build is active required and with phone center support","landingPage":"http://www.syscarelogics.biz/","directDownloadingLink":"http://cdn.syscarelogics.biz/ssc/b2/securedl/sscsetupsite.exe","ipv4":"208.111.179.129","sourceIndex":"3483"},{"howFound":"Hunt.PartnerReport","reference":"Daniel report deceptor candidate a while back. The build I checked before is a free clean tool with Driver Updater Ads. Today's build is active required and with phone center support","landingPage":"http://www.systembooster.online/snic/2/?utm_source=scua3&utm_campaign=scua3&pxl=SCU1882_SCU1844_SCU974&override=1","directDownloadingLink":"http://cdn.systembooster.online/ssc/b4/securedl/sscscua3.exe","ipv4":"208.111.179.1","sourceIndex":"3484"}],"sampleFiles":[],"imageFiles":["170506/D-SmartSystemCare-00038/1.0.0.27694/Images/ACR-003/ExaggeratedRegistryInvalidEntryAsIssueAndHighImpactToSystem.JPG","170506/D-SmartSystemCare-00038/1.0.0.27694/Images/ACR-168/NoDisclosureForAdditionalOfferInCallCenterSupport.JPG","170506/D-SmartSystemCare-00038/1.0.0.27694/Images/ACR-INFO/SmartSystemCareScanningResult.mp4"],"nonDeceptorImageFiles":["170506/D-SmartSystemCare-00038/1.0.0.27694/Images/ACR-003/ExaggeratedRegistryInvalidEntryAsIssueAndHighImpactToSystem.JPG","170506/D-SmartSystemCare-00038/1.0.0.27694/Images/ACR-168/NoDisclosureForAdditionalOfferInCallCenterSupport.JPG"],"guid":"49686d00-e3eb-44ce-bb5c-a9c5ac88bff5_1.0.0.27694_1","appID":"D-SmartSystemCare-00038","dateAdded":"170506","deceptorType":"App","name":"Smart System Care","company":"Tuneup PC Tools Inc","version":"1.0.0.27694","sigName":"Deceptor:Win32/SmartSystemCare!0030168","lastKnownStatus":"Deceptor:1.0.0.27694","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:30:45.6269598+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2801},{"violations":{"ACR-043":"SmartMonitor program is not disclosed in app landing page and during installation.\nnote: fixed in build 3.0.0.4 (Sept 07 2017)\n","ACR-003":"App exaggerates invalid registry entries as errors, raises urgency and misleads user to take action to fix them.\nnote: fixed in build 3.0.0.4 (Sept 07 2017)\n","ACR-084":"App creates hidden scheduled task for smart monitoring and updating while showing there is no scheduled tasks configured in its setting section\n"},"nonDeceptorViolations":{"ACR-003":"App exaggerates invalid registry entries as errors, raises urgency and misleads user to take action to fix them.\nnote: fixed in build 3.0.0.4 (Sept 07 2017)\n"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"SimpleStar","productName":"Simple PC Optimizer","productVersion":"2.16.1.2","fileVersion":"2.16.1.2","hashMD5":"d75700fb3d8a4d5226e92c14897bad83","hashSHA1":"9a88b1c57d33e7fa4de55b2b5ea7c24c519ccc14","hashSHA256":"971f5a057de0fad60dd956e2260d1199d2b4ba261ce4f56fa1a9943547e4a6ee","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3701","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Optimizer Ads in Softonics","landingPage":"http://simplestar.com/simple-pc-optimizer/","directDownloadingLink":"http://dl.simplestar.com/reviversoft/advanced_product_releases/901e1177-a039-42d6-af46-41a48527bf7a_2.16.1.2/sa/0/SimplePCOptimizerSetup.exe","ipv4":"23.204.103.27","sourceIndex":"3701"}],"sampleFiles":["170428/D-SimplePCOptimizer-00043/2.16.1.2/Samples/SimplePCOptimizerSetup.exe"],"imageFiles":["170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-043/SmartMonitorInstalledWithoutDisclosure.JPG","170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-003/ExaggeratedErrorsRaiseUrgencyToFIx.JPG","170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-003/ExaggeratedErrorsRaiseUrgencyToFIx2.JPG","170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-003/ExaggeratedRegsitryErrors.JPG","170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-003/ExaggeratedRegsitryErrors2.JPG","170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-084/RegularScheduledTaskCreatedEvenUserSetDoNotSchedule.JPG"],"nonDeceptorImageFiles":["170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-003/ExaggeratedErrorsRaiseUrgencyToFIx.JPG","170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-003/ExaggeratedErrorsRaiseUrgencyToFIx2.JPG","170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-003/ExaggeratedRegsitryErrors.JPG","170428/D-SimplePCOptimizer-00043/2.16.1.2/Images/ACR-003/ExaggeratedRegsitryErrors2.JPG"],"guid":"5ab67bdf-ef6c-4610-bfe1-a7c55869ba7e_2.16.1.2_1","appID":"D-SimplePCOptimizer-00043","dateAdded":"170428","deceptorType":"App","name":"Simple PC Optimizer","company":"SimpleStar","version":"2.16.1.2","sigName":"Deceptor:Win32/SimplePCOptimizer!003048084","firstVendorContactDate":"170426","firstAppEsteemReplyDate":"170426","firstResolvedDate":"170918","firstResolvedVersion":"NotDeceptor:3.1.0.12","resolved":"TRUE","lastKnownStatus":"Deceptor: 3.0.0.4","lastKnownDate":"170918","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 8\",\"Windows 10\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\"]","ageAppropriate":"12+ appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-02-15T00:39:58.0091022+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2802},{"violations":{"ACR-003":"Exaggretedly claims system potetntial at risk based on invalid registry entries, junk files, no AdBlock TurnOn","ACR-119":"Changed browser home page and search engine are not reverted back or let user to decide during uninstallation","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"Exaggretedly claims system potetntial at risk based on invalid registry entries, junk files, no AdBlock TurnOn"},"samples":[{"isRevoked":"False","fileName":"YAC_setup.exe","isInstaller":"True","companyName":"Elex do Brasil Participações Ltda","productName":"YAC Security Protection","productVersion":"6.7.141.30075","fileVersion":"6.7.141.30075","hashMD5":"1a126b528993fd081e9a1cda4ca2a96a","hashSHA1":"82a85987d97be74d7e1453cad286ecfd6fa8c7c9","hashSHA256":"07195e3f8961a702be5f4f24776a4854e8f02562523a4c513c2aa37d1bfc83c8","digitalCertThumbprint":"c94ce34c0b799ba99cd97620fa14ef5a91f98931","sourceIndex":"3485","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Brooke from google report","landingPage":"http://www.yacdl.com/download.html","directDownloadingLink":"http://d14fonhxjxi7yb.cloudfront.net/YAC_setup.exe","ipv4":"52.84.50.95","sourceIndex":"3485"},{"howFound":"Hunt.Search","reference":"search for YAC in google","landingPage":"https://yet-another-cleaner.en.uptodown.com/windows","ipv4":"","ipv6":"","sourceIndex":"3486"}],"sampleFiles":[],"imageFiles":["170427/D-YAC-00042/6.7.141.30075/Images/ACR-003/ExaggeratedSystemRisk.JPG","170427/D-YAC-00042/6.7.141.30075/Images/ACR-119/HomePageNotChangeBackAfterUninstallation.JPG","170427/D-YAC-00042/6.7.141.30075/Images/ACR-119/HomePageNotChangeBackAfterUninstallationIE11.JPG","170427/D-YAC-00042/6.7.141.30075/Images/ACR-119/SearchProviderChangesNotChangeBackAfterUninstallationIE11.JPG","170427/D-YAC-00042/6.7.141.30075/Images/ACR-INFO/ChangesInIE11AfterUninstallation.mp4","170427/D-YAC-00042/6.7.141.30075/Images/ACR-INFO/ChangesToChrome_IE11.mp4","170427/D-YAC-00042/6.7.141.30075/Images/ACR-INFO/NewTabAndHomePageCanBeChangedViaChromeSetting.mp4","170427/D-YAC-00042/6.7.141.30075/Images/ACR-INFO/YACUninstallation.mp4"],"nonDeceptorImageFiles":["170427/D-YAC-00042/6.7.141.30075/Images/ACR-003/ExaggeratedSystemRisk.JPG"],"guid":"489d2172-28f4-4a70-aa80-7ecab1228ec5_6.7.141.30075_1","appID":"D-YAC-00042","dateAdded":"170427","deceptorType":"App","name":"YAC (Yet Another Cleaner)","company":"Elex do Brasil Participaτ⌡es Ltda","version":"6.7.141.30075","sigName":"Deceptor:Win32/YAC!003119","firstVendorContactDate":"170504","firstAppEsteemReplyDate":"170504","lastKnownStatus":"Deceptor:6.7.141.30075","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:30:09.165102+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2803},{"violations":{"ACR-043":"\"SmartMonitor\" program is not disclosed in app landing page and during installation","ACR-048":"\"x\" Button can't close App","ACR-003":"App exaggerates invalid registry entries is high impact error, raises urgency and misleads uesr to take action to fix them.","ACR-084":"App creates hidden scheduled task for smart monitoring and updating while showing there is no scheduled tasks configured in its setting section","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates invalid registry entries is high impact error, raises urgency and misleads uesr to take action to fix them."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"SimpleStar","productName":"Simple Registry Cleaner","productVersion":"4.12.1.4","fileVersion":"4.12.1.4","hashMD5":"536c8d3055b2f364384a6ed4d11ba184","hashSHA1":"afc30c31b9ff06f7d89961955384112570e17762","hashSHA256":"418fa186c29c40389e7942d6953061019d1a4a53ea0894edc0b128f98eddd747","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3795","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"SimpleStar","productName":"Simple Registry Cleaner","productVersion":"4.12.1.4","fileVersion":"4.12.1.4","hashMD5":"5538bc6887811d6c0781ffe5ab8e4848","hashSHA1":"d0b6f633c4d088d076f85718cec6de42c31f9a9c","hashSHA256":"341b94f939f019251d8395749c2853cdf7dc5d2f43f794617bd38018d20c03b8","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3795","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"SimpleStar","productName":"Simple Registry Cleaner","productVersion":"4.12.1.4","fileVersion":"4.12.1.4","hashMD5":"8f38d9764a6d8a9cf4a328a65b5f7652","hashSHA1":"ca13adbbba7f847466dd386feffd36607b1bc589","hashSHA256":"827dff78c9d5847f37a4939c748f7c97fad19497e4fd32ce0282a4dcc68365e6","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3795","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"SimpleStar","productName":"Simple Registry Cleaner","productVersion":"4.12.1.4","fileVersion":"4.12.1.4","hashMD5":"536c8d3055b2f364384a6ed4d11ba184","hashSHA1":"afc30c31b9ff06f7d89961955384112570e17762","hashSHA256":"418fa186c29c40389e7942d6953061019d1a4a53ea0894edc0b128f98eddd747","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3796","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"SimpleStar","productName":"Simple Registry Cleaner","productVersion":"4.12.1.4","fileVersion":"4.12.1.4","hashMD5":"5538bc6887811d6c0781ffe5ab8e4848","hashSHA1":"d0b6f633c4d088d076f85718cec6de42c31f9a9c","hashSHA256":"341b94f939f019251d8395749c2853cdf7dc5d2f43f794617bd38018d20c03b8","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3796","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"SimpleStar","productName":"Simple Registry Cleaner","productVersion":"4.12.1.4","fileVersion":"4.12.1.4","hashMD5":"8f38d9764a6d8a9cf4a328a65b5f7652","hashSHA1":"ca13adbbba7f847466dd386feffd36607b1bc589","hashSHA256":"827dff78c9d5847f37a4939c748f7c97fad19497e4fd32ce0282a4dcc68365e6","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3796","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Cleaner Ads in CNET","landingPage":"http://www.simplestar.com/simple-registry-cleaner/","directDownloadingLink":"http://dl.simplestar.com/reviversoft/advanced_product_releases/cb8515e6-387f-4479-8a59-e10b93d63800_4.12.1.4/sa/0/SimpleRegistryCleanerSetup.exe","ipv4":"23.32.46.59","sourceIndex":"3795"},{"howFound":"Hunt.Advertising","reference":"Cleaner Ads in CNET","landingPage":"http://www.simplestar.com/simple-registry-cleaner/lp/ggl/sspcrc-ss/?lang=en&gclid=CJeIlpbWu9MCFReVfgodTCIAnw","directDownloadingLink":"http://dl.simplestar.com/utils/SimpleRegistryCleanerSetup_ppc2.exe","ipv4":"23.32.46.58","sourceIndex":"3796"}],"sampleFiles":["170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Samples/SimpleRegistryCleaner.exe","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Samples/SimpleRegistryCleanerSetup.exe","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Samples/SimpleRegistryCleanerSetup_ppc2.exe"],"imageFiles":["170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-043/SimpleStarSmartMonitorInstalledWithoutDisclosure.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-048/UserCantCloseApp_xButtonDontCloseApp.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-003/ClaimHighImpactCausedByInvalidRegsitryEntries.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-003/DamageLevelHighCausedByInvalidRegsitryEntries.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-003/ExaggeratedRegistryErrors.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-003/ExaggeratedSystemHealthToRaiseUrgency.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-084/CreateScheduledTaskWhileShowingNOScheduleTaskSetupInSoftware.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-INFO/SimpleRegistryCleaner.mp4"],"nonDeceptorImageFiles":["170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-003/ClaimHighImpactCausedByInvalidRegsitryEntries.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-003/DamageLevelHighCausedByInvalidRegsitryEntries.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-003/ExaggeratedRegistryErrors.JPG","170427/D-SimpleRegistryCleaner-00041/4.12.1.4/Images/ACR-003/ExaggeratedSystemHealthToRaiseUrgency.JPG"],"guid":"0c96732a-6433-401e-9b15-d7a3f42e5446_4.12.1.4_1","appID":"D-SimpleRegistryCleaner-00041","dateAdded":"170427","deceptorType":"App","name":"Simple Registry Cleaner","company":"SimpleStar","version":"4.12.1.4","sigName":"Deceptor:Win32/SimpleRegistryCleaner!003043048084","firstVendorContactDate":"170426","firstAppEsteemReplyDate":"170426","firstResolvedDate":"170919","firstResolvedVersion":"NotDeceptor: 4.18.1.4","resolved":"TRUE","lastKnownStatus":"Deceptor: 4.12.1.4;4.18.0.2","lastKnownDate":"170907","lastUpdate":"2018-02-15T00:17:57.4469922+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2804},{"violations":{"ACR-003":"Upon scan completion the software gives a voice prompt which telling the consumer that the program has detected problems on the computer\".\n","ACR-007":"The application's install wizard displays logo that looks like the Microsoft logo to dupe the user into taking some action based on a misplaced trust level.\nThe application displays logo that looks like the Microsoft logo to dupe the user into taking some action based on a misplaced trust level.\nThe application's internal offer webpage displays logo that looks like the Microsoft logo to dupe the user into taking some action based on a misplaced trust level.\n"},"nonDeceptorViolations":{"ACR-002":"The install folder name is different than the application name, hence making it difficult for the consumer to find the installed app folder.\n","ACR-161":"The application's landing page displays testimonials but does not provide any links back to a source so they can be verified.\n","ACR-163":"The app's landing page provides a phone number for one-to-one interaction to receive support and does not display a non-interactive support option.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Jawego Partners LLC\" which is not disclosed in the app's offer.\n","ACR-160":"Contacted the phone number 855-761-8856 which was provided by the app but got voicemail box automated response. The app does not use a certified call center to monetize.\n","ACR-099":"The application has no links or information that shows how to uninstall the app.\nThe application's internal offer has no links or information that shows how to uninstall the app.\n","ACR-120":"After uninstalling the application a webpage opens stating that consumer can get the same app at a 50% discount.\n","ACR-150":"The application's landing page has a logo that states the app is developed by Microsoft, but places a disclaimer stating they are  not affiliated with Microsoft, nor claim direct affiliation.\nThe application's internal offer page has a logo that states the app is developed by Microsoft, but places a disclaimer stating they are  not affiliated with Microsoft, nor claim direct affiliation.\n","ACR-171":"The consumer is required to opt-out of additional payment for advanced Disk Tools Plus which was not pre-disclosed.\n","ACR-007":"The application's EULA webpage displays logo that looks like the Microsoft logo to dupe the user into taking some action based on a misplaced trust level.\nThe application's landing page displays logo that looks like the Microsoft logo to dupe the user into taking some action based on a misplaced trust level.\n","ACR-168":"The application's landing page displays a support call center phone number but does not disclose that additional offers may be made as a result of one-on-one interaction with the user.\n"},"samples":[{"isRevoked":"False","fileName":"wtuprsetup_site.exe","isInstaller":"True","companyName":"http://www.wintuneuppro.com/                                ","productName":"Win Tuneup Pro","productVersion":"2.27.36.723","fileVersion":"2.27.36.723","hashMD5":"6c4572f62aa774aa823e918e772d852b","hashSHA1":"8ccf204e7663d0a71b065fa3a188e08d7accf70b","hashSHA256":"55135a9ba299af9ef61bf40dce575270fee1d7c2f01c46e5e0b127965fe3e703","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3588","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"WinTuneupPro.exe","companyName":"Win Tuneup Pro","productName":"Win Tuneup Pro","productVersion":"2.27.36.723","fileVersion":"2.27.36.723","hashMD5":"39de6e660050250a40b21abff4c98797","hashSHA1":"a0089288694b40bc0dd0a640d986f1bb17badc0d","hashSHA256":"4f03e1f265f75232c1faf195b5452925b54b4395e32e04e519b740248540582b","digitalCertThumbprint":"698153E4452BA7099733AB70F34D5E68AB0AF82A","digitalCertIssuer":"CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US","digitalCertIssuedTo":"CN=Jawego Partners LLC, O=Jawego Partners LLC, L=Lake Oswego, S=Oregon, C=US","sourceIndex":"3588","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.wintuneuppro.com/","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/jp/wintuneuppro/setups/wtuprsetup_site.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://y31uv4ra1.vo.llnwd.net/jp/wintuneuppro/setups/wtuprsetup_site.exe","sourceIndex":"3588"}],"sampleFiles":["170426/D-WinTuneupPro-00040/2.27.36.723/Samples/wtuprsetup_site.exe","170426/D-WinTuneupPro-00040/2.27.36.723/Samples/WinTuneupPro.exe"],"imageFiles":["170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-003/ACR-003_software.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-007/ACR-007_install.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-007/ACR-007_software.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-007/ACR-007_internaloffer.JPG"],"nonDeceptorImageFiles":["170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-002/ACR-002_software.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-007/ACR-007_docs.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-007/ACR-007_landingpage.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-161/ACR-161_landingpage.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-163/ACR-163_landingpage.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-088/ACR-088_software.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-092/ACR-092_software.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-160/ACR-160_software.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-099/ACR-099_software.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-099/ACR-099_internaloffer.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-168/ACR-168_landingpage.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-120/ACR-120_uninstall.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-150/ACR-150_landingpage.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-150/ACR-150_internaloffer.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-171/ACR-171_internaloffer.JPG","170426/D-WinTuneupPro-00040/2.27.36.723/Images/ACR-171/ACR-171_internaloffer1.JPG"],"guid":"3199cfc0-eeeb-4b91-beda-944becb9d1b1_2.27.36.723_1","appID":"D-WinTuneupPro-00040","dateAdded":"170426","deceptorType":"App","name":"Win Tuneup Pro","company":"Jawego Partners LLC","version":"2.27.36.723","sigName":"Deceptor:Win32/WinTuneupPro!003007","lastKnownStatus":"Deceptor:2.27.36.723","lastKnownDate":"180629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid,call center","lastUpdate":"2018-06-29T17:58:24.9887671+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":2,"sortOrder":2166},{"violations":{"ACR-003":"App exaggerates invalid registry items as errors and claims errors impacting system performance.","ACR-084":"App creates hidden scheduled task while showing there is no scheduled tasks configured in its setting section","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made.","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates invalid registry items as errors and claims errors impacting system performance.","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"WIN TUNEUP SOFTWARE LLP","productName":"Win Tuneup Pro","productVersion":"2.7.36.580","hashMD5":"5e9d78586ef0151972521a92a995df05","hashSHA1":"0e29969188b3e42932c8dd28b3102586d163302f","hashSHA256":"060ebf7a215a01889c6fc7c484f5562c52879c5964e4781d97e955ab4533b6f1","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","sourceIndex":"3591","dateAdded":"170827","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"TUNEUP PRO SOFTWARE SERVICES LLP","productName":"Win Tuneup Pro","productVersion":"2.7.36.580","fileVersion":"2.7.36.580","hashMD5":"903caa02e43cc27744a24cc36800caed","hashSHA1":"baefcb23f58e3fb519245e4874d6ed4f7929bb35","hashSHA256":"d820b0351e86be35ca930728c1e175234bfffba0b4e141c5f13352890017e9c0","digitalCertThumbprint":"1e8323ce2b33fa7470e5a2e6ce6f1e12d8da5cbd","sourceIndex":"3591","dateAdded":"170827","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"setup_wtp_A993.exe","isInstaller":"True","companyName":"WIN TUNEUP SOFTWARE LLP","productName":"Win Tuneup Pro","productVersion":"2.7.36.723","fileVersion":"2.7.36.723","hashMD5":"a9939c6fb15f8e9200f06881fbabbf26","hashSHA1":"62f85369f637cbad85585869358e1cf4c0a8bf66","hashSHA256":"4d2d5956071353af718501af1f2e01ce8b06a79bce0f024c5b164d6f3e1687ad","digitalCertThumbprint":"3c4cb44c02887fe8f47e3d05123d9442ec69328f","digitalCertIssuer":"IN, Rajasthan, Jaipur, WIN TUNEUP SOFTWARE LLP, WIN TUNEUP SOFTWARE LLP","digitalCertIssuedTo":"IN, Rajasthan, Jaipur, WIN TUNEUP SOFTWARE LLP, WIN TUNEUP SOFTWARE LLP","sourceIndex":"3592","dateAdded":"170827","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Optimizer Ads in Softonics","landingPage":"http://www.wintuneuppro.com/sn/fastpc?utm_source=p9stsec1&utm_campaign=p9stsec1_bfld_us7","directDownloadingLink":"http://y31uv4ra1.vo.llnwd.net/setup_wtp.exe","ipv4":"208.111.179.129","sourceIndex":"3591"},{"howFound":"Hunt.Advertising","reference":"Track bad affiliates","landingPage":"http://wintuneuppro.com/1029/1029st?utm_source=1029sp&utm_campaign=1029spst&utm_pubid=10296b7326758da1f790c4ad32f696&utm_subid=1916","ipv4":"","ipv6":"","sourceIndex":"3592"}],"sampleFiles":[],"imageFiles":["170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-003/ReportRegistryInvalidItemAsErrors.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-003/ReportRegistryInvalidItemAsErrors2.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-084/ScheduleTaskEvenUserChooseNoScheduleScanJPG.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-168/NoDisclosureAdditionalOfferDuringCall.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-168/PopupAlerts.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-168/PopupAlerts2.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-INFO/WinTuneupPro.mp4","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-INFO/WinTuneupPro2.mp4"],"nonDeceptorImageFiles":["170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-003/ReportRegistryInvalidItemAsErrors.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-003/ReportRegistryInvalidItemAsErrors2.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-168/NoDisclosureAdditionalOfferDuringCall.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-168/PopupAlerts.JPG","170426/D-WinTuneupPro-00040/2.7.36.580/Images/ACR-168/PopupAlerts2.JPG"],"guid":"3199cfc0-eeeb-4b91-beda-944becb9d1b1_2.7.36.580_1","appID":"D-WinTuneupPro-00040","dateAdded":"170426","deceptorType":"App","name":"Win Tuneup Pro","company":"Jawego Partners LLC","version":"2.7.36.580","sigName":"Deceptor:Win32/WinTuneupPro!003168084","lastKnownStatus":"Deceptor:2.27.36.723","lastKnownDate":"180629","type":"Windows Executable","lastUpdate":"2018-06-29T16:14:06.2389752+00:00","notDistributed":false,"familyName":"singleclick-winreg-wegus","numInFamily":18,"numInAppID":2,"sortOrder":2167},{"violations":{"ACR-003":"App exaggerates system healthy condition, reports high impact caused by registry issues, raise urgency to fix","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made."},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition, reports high impact caused by registry issues, raise urgency to fix","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"pc speedup tools ltd","productName":"US System Care","productVersion":"1.0.0.5742","hashMD5":"c54a9a69e816a65e06364bb14c845f9c","hashSHA1":"b6d675b17a08e17be619428d774b6c78729ccc55","hashSHA256":"1a235684a45001ff0b5bc52d11567e6006112d8e10e6fa617c0c016f1b7b8c76","digitalCertThumbprint":"923dfb08badc16d3f2f7a2e4bbf0796b84bff21e","sourceIndex":"3463","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"uspcworks.com","productName":"US System Care","productVersion":"1.0.0.5742","fileVersion":"1.0.0.5742","hashMD5":"04db861a3ab3b48aadd8e424dca1d257","hashSHA1":"824c308bb6a2fdabdd8769e32946fccb8a74bb77","hashSHA256":"9176438b465db65e316d2a62e59ab130e4b302e915ade5bccab5108551305ef2","digitalCertThumbprint":"923dfb08badc16d3f2f7a2e4bbf0796b84bff21e","sourceIndex":"3463","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Daniel report similar app with certified ASC from PCVARK, USSystemCare is classified as Deceptor. ASC also has few work items to work on...","landingPage":"http://www.uspcworks.com/","directDownloadingLink":"http://cdn2.uspcworks.com/ussc/c2/securerc/usscsetupunad1.exe","ipv4":"208.111.179.1","sourceIndex":"3463"}],"sampleFiles":[],"imageFiles":["170424/D-USSystemCare-00037/1.0.0.5742/Images/ACR-003/ExaggeratedIssuesAlertsHighImpactCausedbyInvalidRegistryEntries.JPG","170424/D-USSystemCare-00037/1.0.0.5742/Images/ACR-168/NoDisclosureAboutAdditionalOfferDuringCall.JPG"],"nonDeceptorImageFiles":["170424/D-USSystemCare-00037/1.0.0.5742/Images/ACR-003/ExaggeratedIssuesAlertsHighImpactCausedbyInvalidRegistryEntries.JPG","170424/D-USSystemCare-00037/1.0.0.5742/Images/ACR-168/NoDisclosureAboutAdditionalOfferDuringCall.JPG"],"guid":"5a46b7da-bbd9-4d17-aceb-c877a45f8882_1.0.0.5742_1","appID":"D-USSystemCare-00037","dateAdded":"170424","deceptorType":"App","name":"US System Care","company":"pc speedup tools ltd","version":"1.0.0.5742","sigName":"Deceptor:Win32/USSystemCare!003","lastKnownStatus":"Deceptor:1.0.0.5742","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:56:10.9498647+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2805},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Defender Security Limited","productName":"PC Medic","productVersion":"2.0.0","fileVersion":"2.10.10.41","hashMD5":"262886091c7fa2d76b0ddd0e0b8fd657","hashSHA1":"d2fca8c997b4e14a792bd9631698786767b581af","hashSHA256":"fd9d7edbee2d3025e3b33278aed7990e487d9a654aafc8cb9dc35e566b2d76f3","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3487","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Defender Security Limited","productName":"PC Medic","hashMD5":"01dcaeba652740dee6497c789ce61975","hashSHA1":"761f3be1ab94fb0e173397d77882e598b63bdeb0","hashSHA256":"a7d626016d9e271bc43f86c933b395efe7fd182d08540a0c79d6bfb856300a35","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3487","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"KeySolutionsIO Inc.","productName":"Vanilla-Setup","productVersion":"4.1.1.6","fileVersion":"4.1.1.6","hashMD5":"1eed3ee1dc1f4620f71b872778179cca","hashSHA1":"2f4a1d85b1644ec2b72ab8dd9963725b3880b877","hashSHA256":"3c8e73bf646f127a06b62597881fb58ecfd7d35314a710653313c328d009bd24","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3487","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Defender Security Limited","productName":"PC Medic 2.1.1SP2","productVersion":"2.1.1","fileVersion":"2.10.10.41","hashMD5":"67b4ecfa5a6ce26de7ce05b0f3df6e2f","hashSHA1":"04329a49f72fbd7c8a92dd34e2bc42a70b407ce2","hashSHA256":"c37416d5081cb2aedc45efbcacbe4b79a6c00c86f2d19a56eeb8f73a665ac3e0","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3487","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Defender Security Limited","productName":"PC Medic","hashMD5":"2ea660117651519186d82a34282bb6ab","hashSHA1":"662948cd65faf495c3e0906666ca4631ca250d8a","hashSHA256":"06f9e68ab91e3fb57dc2dfaab6dfd47691a19b8798c7739933ac6287f5b7a9a0","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3487","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"KeySolutionsIO Inc.","productName":"Vanilla-Setup","productVersion":"4.1.1.6","fileVersion":"4.1.1.6","hashMD5":"b5f303461ba8c965d6b7c96a55f63403","hashSHA1":"b48b79ad7165e3d1a7e67d7011b2f344ebb7063f","hashSHA256":"7d5555c1332c2ee8d9d763f6c389ba6b5901704dcea64e8a75a697af21dfac9b","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3487","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Defender Security Limited","productName":"PC Medic","productVersion":"2.0.0","fileVersion":"2.10.10.41","hashMD5":"262886091c7fa2d76b0ddd0e0b8fd657","hashSHA1":"d2fca8c997b4e14a792bd9631698786767b581af","hashSHA256":"fd9d7edbee2d3025e3b33278aed7990e487d9a654aafc8cb9dc35e566b2d76f3","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3488","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Defender Security Limited","productName":"PC Medic","hashMD5":"01dcaeba652740dee6497c789ce61975","hashSHA1":"761f3be1ab94fb0e173397d77882e598b63bdeb0","hashSHA256":"a7d626016d9e271bc43f86c933b395efe7fd182d08540a0c79d6bfb856300a35","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3488","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"KeySolutionsIO Inc.","productName":"Vanilla-Setup","productVersion":"4.1.1.6","fileVersion":"4.1.1.6","hashMD5":"1eed3ee1dc1f4620f71b872778179cca","hashSHA1":"2f4a1d85b1644ec2b72ab8dd9963725b3880b877","hashSHA256":"3c8e73bf646f127a06b62597881fb58ecfd7d35314a710653313c328d009bd24","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3488","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Defender Security Limited","productName":"PC Medic 2.1.1SP2","productVersion":"2.1.1","fileVersion":"2.10.10.41","hashMD5":"67b4ecfa5a6ce26de7ce05b0f3df6e2f","hashSHA1":"04329a49f72fbd7c8a92dd34e2bc42a70b407ce2","hashSHA256":"c37416d5081cb2aedc45efbcacbe4b79a6c00c86f2d19a56eeb8f73a665ac3e0","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3488","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Defender Security Limited","productName":"PC Medic","hashMD5":"2ea660117651519186d82a34282bb6ab","hashSHA1":"662948cd65faf495c3e0906666ca4631ca250d8a","hashSHA256":"06f9e68ab91e3fb57dc2dfaab6dfd47691a19b8798c7739933ac6287f5b7a9a0","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3488","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"KeySolutionsIO Inc.","productName":"Vanilla-Setup","productVersion":"4.1.1.6","fileVersion":"4.1.1.6","hashMD5":"b5f303461ba8c965d6b7c96a55f63403","hashSHA1":"b48b79ad7165e3d1a7e67d7011b2f344ebb7063f","hashSHA256":"7d5555c1332c2ee8d9d763f6c389ba6b5901704dcea64e8a75a697af21dfac9b","digitalCertThumbprint":"1806F793D1247D2AE9D24B49CE8E8591587600B0","sourceIndex":"3488","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"App advertising in Chip.de when we review apps in downloader website, the name and its icon are too similar to Window Defender","landingPage":"https://defender-pro.com/pc2/clean/clean-up-pc/?c=tpc1&ag=36426139860&kw=pc%20cleaner&p=www.chip.de&ap=none&ad=1&gclid=CI6st4juktMCFUWXfgodIGoJtw","sourceIndex":"3487"},{"howFound":"Hunt.Advertising","reference":"App advertising in Chip.de when we review apps in downloader website, the name and its icon are too similar to Window Defender","landingPage":"https://defender-pro.com/download/pc-medic/","sourceIndex":"3488"}],"sampleFiles":[],"imageFiles":["170424/D-PCMedic-00029/2.1.1/Images/ACR-048/UpdateButtonGrayOutForceUserToChoseRegularScan.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/ExaggeratedIssueFoundAboutSystem.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/ExaggeratedIssueFoundAboutSystem2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/NotsubstantiatedClaimAboutEnhancePCSpeedByCleanupRegistryKey.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/NotsubstantiatedClaimAboutEnhancePCSpeedByCleanupRegistryKey2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-168/ACR-168_LandingPage_NoDisclaimerForCallCenters.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-168/ACR-168_LandingPage_NoDisclaimerForCallCenters2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-168/ACR-168_Software_NoDisclaimerForCallCenter.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-168/ACR-168_Software_NoDisclaimerForCallCenter2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-059/ACR-059_InternalOffer_InsuranceIsNotMentionedAsOptional.JPG"],"nonDeceptorImageFiles":["170424/D-PCMedic-00029/2.1.1/Images/ACR-065/ACR-065_Software_NoEulaOrPrivacyPolicy.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-161/ACR-161_LandingPage_NoLinksToQuotes.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-099/ACR-099_LandingPage_NoUninstalltionGuidelines.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-099/ACR-099_Software_NoUninstalltionGuidelines.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-068/ACR-068_InternalOffers_ConfusingDiscount.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-068/ACR-068_InternalOffers_ConfusingDiscount2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-068/ACR-068_InternalOffers_UnclearOptionalProduct.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-159/ACR-159_LandingPages_UnclearDifferenceBetweenPaidAndFree.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/ExaggeratedIssueFoundAboutSystem.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/ExaggeratedIssueFoundAboutSystem2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/NotsubstantiatedClaimAboutEnhancePCSpeedByCleanupRegistryKey.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-003/NotsubstantiatedClaimAboutEnhancePCSpeedByCleanupRegistryKey2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-168/ACR-168_LandingPage_NoDisclaimerForCallCenters.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-168/ACR-168_LandingPage_NoDisclaimerForCallCenters2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-168/ACR-168_Software_NoDisclaimerForCallCenter.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-168/ACR-168_Software_NoDisclaimerForCallCenter2.JPG","170424/D-PCMedic-00029/2.1.1/Images/ACR-059/ACR-059_InternalOffer_InsuranceIsNotMentionedAsOptional.JPG"],"guid":"ccc0987e-819f-4e42-b519-d9bc6a5b1963_2.1.1_1","appID":"D-PCMedic-00029","dateAdded":"170424","deceptorType":"App","name":"PC Medic","company":"Defender Security Limited","version":"2.1.1","sigName":"Deceptor:Win32/PCMedic!003048168","lastKnownStatus":"Deceptor:2.1.1","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:29:25.8175431+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2806},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"ReviverSoft","productName":"Security Reviver","productVersion":"2.1.1000.21719","hashMD5":"c976d9f04b3382830cd9585d4553ce9e","hashSHA1":"fce3a7ffd168602a19dd5d52f4e924a01b4a72fb","hashSHA256":"eb784a18210754269e730f7d91c33a5eafacea9e64f45f1607e752fc0fc8258e","digitalCertThumbprint":"D42F6E3FCA6EB3CEB91CEE7FD15FF7087B89D624","sourceIndex":"3713","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"SecurityReviverSetup.exe","isInstaller":"True","companyName":"Security Reviver","productName":"Security Reviver","productVersion":"2.1.1000.22180","fileVersion":"Security Reviver","hashMD5":"7888c6420f9aba0a51153b9d4195a5c5","hashSHA1":"523c39679f727117a3556757eb7c614fbfa34656","hashSHA256":"2da23f82a4e2f53cafc2c1bc0844daf02b3a4a0dfd06c818fb966b51a73b7c17","digitalCertThumbprint":"D42F6E3FCA6EB3CEB91CEE7FD15FF7087B89D624","digitalCertIssuer":"Symantec Class 3 SHA256 Code Signing CA","digitalCertIssuedTo":"Corel Corporation","sourceIndex":"3713","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Search: system optimizer leads to  Battery optimizer lead to Reviver products","landingPage":"http://www.reviversoft.com/security-reviver/","directDownloadingLink":"http://dl.reviversoft.com/reviversoft/advanced_product_releases/f243e2c9-3f19-4800-a00d-a4cefc9fd31d_2.1.1000.21719/or/0/SecurityReviverSetup.exe","ipv4":"23.32.46.75","sourceIndex":"3713"}],"sampleFiles":[],"imageFiles":["170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-047/ACR-047_InlineOffers_OnCloseOfferToPurchase.PNG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-047/ACR-047_InlineOffers_OnCloseOfferToPurchase.mp4","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/ACR-003_Software_FoldersAndNonExecutablesCountedAsIssue.mp4","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/ACR-003_Software_FoldersAndNonExecutablesCountedAsIssue1.PNG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/ACR-003_Software_FoldersAndNonExecutablesCountedAsIssue2.PNG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/NormalRegistryKeyReportingAsInfectedItem.JPG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/ReportMRTasRogueSecurityProgram.JPG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/RogueResult.JPG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/SevereIssueReported.JPG"],"nonDeceptorImageFiles":["170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-065/ACR-065_Install_NoPrivacyPolicy.PNG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-065/ACR-065_Software_NoEULAInAboutPage.PNG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-047/ACR-047_InlineOffers_OnCloseOfferToPurchase.PNG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-047/ACR-047_InlineOffers_OnCloseOfferToPurchase.mp4","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/ACR-003_Software_FoldersAndNonExecutablesCountedAsIssue.mp4","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/ACR-003_Software_FoldersAndNonExecutablesCountedAsIssue1.PNG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/ACR-003_Software_FoldersAndNonExecutablesCountedAsIssue2.PNG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/NormalRegistryKeyReportingAsInfectedItem.JPG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/ReportMRTasRogueSecurityProgram.JPG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/RogueResult.JPG","170421/D-SecurityReviver-00019/2.1.1000.21719/Images/ACR-003/SevereIssueReported.JPG"],"guid":"60b6d1a3-68ef-4fe2-b0fe-53088ce1bfb0_2.1.1000.21719_1","appID":"D-SecurityReviver-00019","dateAdded":"170421","deceptorType":"App","name":"SecurityReviver","company":"ReviverSoft","version":"2.1.1000.21719","sigName":"Deceptor:Win32/SecurityReviver!003","firstVendorContactDate":"170426","firstAppEsteemReplyDate":"170426","firstResolvedDate":"171120","firstResolvedVersion":"2.1.1000.23537","resolved":"TRUE","lastKnownStatus":"Deceptor:2.1.1000.21719","lastKnownDate":"170410","lastUpdate":"2018-02-15T00:35:30.1201379+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2807},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Max Secure Software","productName":"Max Secure Software DownloadManager Application","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"63c024104c1d85a4e8235edeebbc1366","hashSHA1":"fb171299ebe35e99ca6eb043d58ddf69194d3a0e","hashSHA256":"36dbb8ada07f0815da6a909728e819bcf72789a189f5cc5e6a8a767d364375cd","digitalCertThumbprint":"6E2C1F7FA0D4E83154355E0728FD812472B83989","sourceIndex":"3628","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Max Secure Software","productName":"Max Registry Cleaner","productVersion":"6.0.0.065","fileVersion":"6.0.0.065","hashMD5":"6dc1f433f7cff00f85c9a5d0a0f6f086","hashSHA1":"3b64c0f63cb2f0b2d8e51e5d16acc7153375ae06","hashSHA256":"d54884b8ed593cdcd9b957fc567df67c8bccbd1ff435a934e98cc5b10c10e989","digitalCertThumbprint":"6E2C1F7FA0D4E83154355E0728FD812472B83989","sourceIndex":"3628","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Max Secure Software","productName":"Max Secure Software DownloadManager Application","productVersion":"1.0.0.1","fileVersion":"1.0.0.1","hashMD5":"63c024104c1d85a4e8235edeebbc1366","hashSHA1":"fb171299ebe35e99ca6eb043d58ddf69194d3a0e","hashSHA256":"36dbb8ada07f0815da6a909728e819bcf72789a189f5cc5e6a8a767d364375cd","digitalCertThumbprint":"6E2C1F7FA0D4E83154355E0728FD812472B83989","sourceIndex":"3629","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Max Secure Software","productName":"Max Registry Cleaner","productVersion":"6.0.0.065","fileVersion":"6.0.0.065","hashMD5":"6dc1f433f7cff00f85c9a5d0a0f6f086","hashSHA1":"3b64c0f63cb2f0b2d8e51e5d16acc7153375ae06","hashSHA256":"d54884b8ed593cdcd9b957fc567df67c8bccbd1ff435a934e98cc5b10c10e989","digitalCertThumbprint":"6E2C1F7FA0D4E83154355E0728FD812472B83989","sourceIndex":"3629","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"Review scam report hxxp://www.ripoffreport.com","landingPage":"http://www.maxpcsecure.com/","directDownloadingLink":"http://www.maxpcsecure.com/MaxRCDM.exe","ipv4":"72.32.190.200","sourceIndex":"3628"},{"howFound":"Hunt.Sentiment","reference":"Review scam report hxxp://www.ripoffreport.com","landingPage":"http://www.maxpcsecure.com/","directDownloadingLink":"http://www.maxpcsecure.com/MaxRegistrycleanerx64.exe","ipv4":"72.32.190.200","sourceIndex":"3629"}],"sampleFiles":[],"imageFiles":["170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-043/ACR-043_Software_TeamViewer.mp4","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-043/ACR-043_Software_TeamViewer1.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-043/ACR-043_Software_TeamViewer2.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ACR-003_Software_EmptyRegistryValues.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ACR-003_Software_ExaggeratedIssues.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ACR-003_Software_ExaggeratedIssues2.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ExaggeratedIssueWithEmptyRegistryValues.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-118/ACR-118_Software_FilesLeftBehindAfterUninstall.mp4","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-118/KeyInstallerLeftAfterUninstallationCompleted.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-INFO/KeyInstallerFileLeftOnDesktopAfterMaxRegistryCleanerUninstallation.mp4"],"nonDeceptorImageFiles":["170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-065/ACR-065_Software_NoEULAInAboutPage.PNG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-161/ACR-161_LandingPage_AwardsWithNoLink.PNG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-088/ACR-088_Software_ImmediateScanAfterInstall.mp4","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-099/ACR-099_Software_UninstallInformationNotProvided.PNG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-167/ACR-167_LandingPage_No30DayRefundMentioned.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-166/ACR-166_LandingPage_ActivationPeriodMentionedWayDownThePage.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-166/ACR-166_LandingPage_AutoRenewalNotMentionedInPaymentPage.PNG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ACR-003_Software_ExaggeratedClaims.mp4","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ACR-003_Software_EmptyRegistryValues.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ACR-003_Software_ExaggeratedIssues.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ACR-003_Software_ExaggeratedIssues2.JPG","170421/D-MaxRegistryCleaner-00023/6.0.0.065/Images/ACR-003/ExaggeratedIssueWithEmptyRegistryValues.JPG"],"guid":"3d1bb105-acc5-4210-a053-119b86cc618a_6.0.0.065_1","appID":"D-MaxRegistryCleaner-00023","dateAdded":"170421","deceptorType":"App","name":"Max Registry Cleaner","company":"Max Secure Software","version":"6.0.0.065","sigName":"Deceptor:Win32/MaxRegistryCleaner!003043118","firstVendorContactDate":"171127","firstAppEsteemReplyDate":"171127","firstResolvedDate":"180510","firstResolvedVersion":"6.0.0.68","resolved":"TRUE","lastKnownStatus":"Deceptor:6.0.0.065;NonCertified:6.0.0.68","lastKnownDate":"170410","lastUpdate":"2018-05-11T02:58:15.2614359+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2808},{"violations":{"ACR-003":"The application exaggerates COM/ACTIVEX , Shared DLL's as registry problems, thereby misleading or scaring the user to take action\n","ACR-017":"The application's internal offer page elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable scheduled tasks from the application settings. \n"},"nonDeceptorViolations":{"ACR-065":"There are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy.\n\nThere are no links that shows the app's EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy\n\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Pinery Limited\" which is not disclosed in the app's offer.\n","ACR-099":"The application has no link or information that shows how it can be uninstalled.\n\nThe application's landing page has no link or information that shows how it can be uninstalled.\n\nThe application's internal offer page has no link or information that shows how it can be uninstalled.\n\n","ACR-167":"The application's has no mention of a 30 days refund policy.\n\n","ACR-171":"he consumer is required to opt-out of additional payment for advanced error fix system which was not pre-disclosed.\n"},"samples":[{"isRevoked":"False","fileName":"ImproveSpeedPC.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"0.0","hashMD5":"88486912ed4298a843a10318b0cfb177","hashSHA1":"7f77697f60b6b0cb61aa65c365900a66eb8847f8","hashSHA256":"11090a51226a36d444ab8ed86815e8d4d1cc6ee7afdc69a872d78de7474de346","digitalCertThumbprint":"0A60AE92F37EE51917DFDB4AE6B5FEBEA2E7A2EF","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Pinery Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Pinery Limited, L=Hong Kong, S=Hong Kong, C=HK","sourceIndex":"3590","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"ImproveSpeedPC1.exe","companyName":"ImproveSpeedPC","productName":"ImproveSpeedPC","productVersion":"1.2.3.1","fileVersion":"1.2.3.1","hashMD5":"52ba451180fbaca70a5e627dead5da15","hashSHA1":"20d23182e0d710e6ce0c8bb0793d0ea0da5b7e59","hashSHA256":"7091ef409b27f7d370ca9c41f1dbcdf4b990bdc6453d3b64e3e803702b107c17","digitalCertThumbprint":"0A60AE92F37EE51917DFDB4AE6B5FEBEA2E7A2EF","digitalCertIssuer":"CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=\"VeriSign, Inc.\", C=US","digitalCertIssuedTo":"CN=Pinery Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Pinery Limited, L=Hong Kong, S=Hong Kong, C=HK","sourceIndex":"3590","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"deceptor review ","reference":"existing deceptor review ","landingPage":"http://www.improvespeedpc.com/","directDownloadingLink":"http://www.improvespeedpc.com/ImproveSpeedPC.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://www.improvespeedpc.com/ImproveSpeedPC.exe","sourceIndex":"3590"}],"sampleFiles":["170421/D-ImproveSpeedPC-00022/1.2.3.1/Samples/ImproveSpeedPC.exe","170421/D-ImproveSpeedPC-00022/1.2.3.1/Samples/ImproveSpeedPC1.exe"],"imageFiles":["170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-003/acr_003.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-003/acr_003_1.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-017/internal_offer_page.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-084/acr_084.PNG"],"nonDeceptorImageFiles":["170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-065/acr_065_LP.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-065/acr_065_IO.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-065/ACR_065_S.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-161/testimonials.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-092/certi_information.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-099/acr_099_S.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-099/acr_099_LP.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-099/acr_099_IO.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-167/refund.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-171/acr_171.PNG","170421/D-ImproveSpeedPC-00022/1.2.3.1/Images/ACR-171/internal_offer_page.PNG"],"guid":"2face65e-6cce-4017-8f31-7d0663fffc72_1.2.3.1_1","appID":"D-ImproveSpeedPC-00022","dateAdded":"170421","deceptorType":"App","name":"ImprovedSpeedPC","company":"Pinery Limited","version":"1.2.3.1","sigName":"Deceptor:Win32/ImprovedSpeedPC!003017084","lastKnownStatus":"Deceptor:1.2.3.1","lastKnownDate":"180629","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 10,Windows 8,Windows 7,Windows Vista","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-06-29T16:19:47.6161588+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2809},{"violations":{"ACR-003":"App exaggerates system healthy condition. Shared DLL invalid registry keys, Temp file are listed as \"Issues\", raises urgency to fix them to improve PC speed which is not substantiated","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition. Shared DLL invalid registry keys, Temp file are listed as \"Issues\", raises urgency to fix them to improve PC speed which is not substantiated"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"ImproveSpeedPC","productName":"ImproveSpeedPC","productVersion":"1.2.3.1","fileVersion":"1.2.3.1","hashMD5":"52ba451180fbaca70a5e627dead5da15","hashSHA1":"20d23182e0d710e6ce0c8bb0793d0ea0da5b7e59","hashSHA256":"7091ef409b27f7d370ca9c41f1dbcdf4b990bdc6453d3b64e3e803702b107c17","sourceIndex":"3733","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"ImproveSpeedPC","productName":"ImproveSpeedPC","hashMD5":"88486912ed4298a843a10318b0cfb177","hashSHA1":"7f77697f60b6b0cb61aa65c365900a66eb8847f8","hashSHA256":"11090a51226a36d444ab8ed86815e8d4d1cc6ee7afdc69a872d78de7474de346","sourceIndex":"3733","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Search: Speed PC","landingPage":"http://www.improvespeedpc.com/download.aspx","directDownloadingLink":"http://www.improvespeedpc.com/ImproveSpeedPC.exe","ipv4":"104.31.94.144","sourceIndex":"3733"}],"sampleFiles":["170421/D-ImproveSpeedPC-00022/Samples/ImproveSpeedPC.exe"],"imageFiles":["170421/D-ImproveSpeedPC-00022/Images/ACR-003/ACR-003_Software_Exaggerated.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-003/ExaggeratedIssues1.JPG","170421/D-ImproveSpeedPC-00022/Images/ACR-003/SharedDLLRegistryKeyAsIssues.JPG","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-003_Software_Exaggerated.mp4","170421/D-ImproveSpeedPC-00022/Images/ACR-007/ACR-007_LandingPage_NotClickable_1.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-007/ACR-007_LandingPage_NotClickable_2.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-007_LandingPage_NotClickable.mp4","170421/D-ImproveSpeedPC-00022/Images/ACR-017/ACR-017_LandingPage_NotAbleToverify.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-017_LandingPage_NotAbleToverify.mp4","170421/D-ImproveSpeedPC-00022/Images/ACR-085/ACR-085_LandingPage_CustomersNotGivenPrivacy.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-003_Software_Exaggerated.mp4","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-007_LandingPage_NotClickable.mp4","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-017_LandingPage_NotAbleToverify.mp4"],"nonDeceptorImageFiles":["170421/D-ImproveSpeedPC-00022/Images/ACR-065/ACR-065_LandingPage_NoEulaAndPrivacyPolicy.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-065/ACR-065_Software_NoAboutAndSoNoEulaAndPrivacyPolicy_1.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-065/ACR-065_Software_NoAboutAndSoNoEulaAndPrivacyPolicy_2.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-161/ACR-161_LandingPage_Nolink.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-170/ACR-170_Software_NoInfoAboutMoneyBackGuarantee.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-088/ACR-088_Install_AutomaticScan.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-092/ACR-092_Software_NotDigitallySigned_1.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-092/ACR-092_Software_NotDigitallySigned_2.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-098/ACR-098_Software_NoControl_2.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-098/ACR-098_Software_NoControl_3.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-099/ACR-099_LandingPage_NoUninstallInformation.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-099/ACR-099_Software_NoUninstallInformation_1.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-099/ACR-099_Software_NoUninstallInformation_2.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-037/ACR-037_Docs_NoEulaAndPrivacyPolicy.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-167/ACR-167_Docs_NoInfoAboutMoneyBackGuarantee_1.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-167/ACR-167_Docs_NoInfoAboutMoneyBackGuarantee_2.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-159/ACR-159_LandingPage_NotMentionedAboutPayment_1.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-159/ACR-159_LandingPage_NotMentionedAboutPayment_2.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-003/ACR-003_Software_Exaggerated.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-003/ExaggeratedIssues1.JPG","170421/D-ImproveSpeedPC-00022/Images/ACR-003/SharedDLLRegistryKeyAsIssues.JPG","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-003_Software_Exaggerated.mp4","170421/D-ImproveSpeedPC-00022/Images/ACR-007/ACR-007_LandingPage_NotClickable_1.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-007/ACR-007_LandingPage_NotClickable_2.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-007_LandingPage_NotClickable.mp4","170421/D-ImproveSpeedPC-00022/Images/ACR-017/ACR-017_LandingPage_NotAbleToverify.jpeg","170421/D-ImproveSpeedPC-00022/Images/ACR-INFO/ACR-017_LandingPage_NotAbleToverify.mp4"],"guid":"2face65e-6cce-4017-8f31-7d0663fffc72_0.0.0.0_1","appID":"D-ImproveSpeedPC-00022","dateAdded":"170421","deceptorType":"App","name":"ImprovedSpeedPC","company":"Pinery Limited","version":"0.0.0.0","sigName":"Deceptor:Win32/ImproveSpeedPC!003","lastKnownStatus":"Deceptor:1.2.3.1","lastKnownDate":"180629","type":"Windows Executable","lastUpdate":"2018-06-29T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2810},{"violations":{"ACR-003":"App exaggerates system healthy condition. E.g. improvement potential is HIGH by fixing invalid registry keys, raises misleading urgency for user to fix them\n"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition. E.g. improvement potential is HIGH by fixing invalid registry keys, raises misleading urgency for user to fix them\n"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Syscare-Logics","productName":"Advanced-PCFixer","productVersion":"1.0.0.26704","fileVersion":"1.0.0.26704","hashMD5":"15edbf84b55dd45f1659787570781636","hashSHA1":"ac0e19f5a21a76e1e1231557e01fb0598d52bd56","hashSHA256":"984b9b0f47df2ff5cc9953d1c33692a6cd9a4afe9918470875257c9813085617","digitalCertThumbprint":"6b835c2121ca3060ac17227eb8bd00358690d864","sourceIndex":"3715","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Syscare-Logics","productName":"Advanced-PCFixer","productVersion":"1.0.0.25633","fileVersion":"1.0.0.25633","hashMD5":"e810f08991048ec65637702b05047b35","hashSHA1":"d69f76c15f5b58bc9602dfe5861a3437fdc17661","hashSHA256":"895d45d2dff0885d6e50ad2d64ad4f206c962d58e3ddbbc5e89761e269da040f","digitalCertThumbprint":"6b835c2121ca3060ac17227eb8bd00358690d864","sourceIndex":"3715","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Syscare-Logics","productName":"Advanced-PCFixer","productVersion":"1.0.0.26704","fileVersion":"1.0.0.26704","hashMD5":"15edbf84b55dd45f1659787570781636","hashSHA1":"ac0e19f5a21a76e1e1231557e01fb0598d52bd56","hashSHA256":"984b9b0f47df2ff5cc9953d1c33692a6cd9a4afe9918470875257c9813085617","digitalCertThumbprint":"6b835c2121ca3060ac17227eb8bd00358690d864","sourceIndex":"3716","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Syscare-Logics","productName":"Advanced-PCFixer","productVersion":"1.0.0.25633","fileVersion":"1.0.0.25633","hashMD5":"e810f08991048ec65637702b05047b35","hashSHA1":"d69f76c15f5b58bc9602dfe5861a3437fdc17661","hashSHA256":"895d45d2dff0885d6e50ad2d64ad4f206c962d58e3ddbbc5e89761e269da040f","digitalCertThumbprint":"6b835c2121ca3060ac17227eb8bd00358690d864","sourceIndex":"3716","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Deceptive ads reported by MalwareBytes","landingPage":"http://www.systembooster.info/ad/3/?x-context=MjE5OHwxMTEwMjF8VVN8M3wxfHx8fHw&utm_source=adron&utm_campaign=adron&pxl=ADR1513_ADR1483_RUNT&utm_pubid=8960&x-plt=XXXXX&x-var1=XXXXX","sourceIndex":"3715"},{"howFound":"Hunt.PartnerReport","reference":"Deceptive ads reported by MalwareBytes","landingPage":"http://www.systembooster.info/","sourceIndex":"3716"}],"sampleFiles":[],"imageFiles":["170420/D-AdvancedPCFixer-00036/1.0.0.26704/Images/ACR-003/959a9e5ffaf35ea6ca421a039b725613ee237ebb3ec97328ac37d562a98967d3.jpg","170420/D-AdvancedPCFixer-00036/1.0.0.26704/Images/ACR-003/a3de4b1dffa93b8437b8f887c832f9e45a42e0c849c8ecc7cf6dcdebca691393.jpg","170420/D-AdvancedPCFixer-00036/1.0.0.26704/Images/ACR-003/fe96122c769cac486cce491a1817594ab162a04411ce873da6aa2b28ef16a1af.jpg"],"nonDeceptorImageFiles":["170420/D-AdvancedPCFixer-00036/1.0.0.26704/Images/ACR-003/959a9e5ffaf35ea6ca421a039b725613ee237ebb3ec97328ac37d562a98967d3.jpg","170420/D-AdvancedPCFixer-00036/1.0.0.26704/Images/ACR-003/a3de4b1dffa93b8437b8f887c832f9e45a42e0c849c8ecc7cf6dcdebca691393.jpg","170420/D-AdvancedPCFixer-00036/1.0.0.26704/Images/ACR-003/fe96122c769cac486cce491a1817594ab162a04411ce873da6aa2b28ef16a1af.jpg"],"guid":"e559401e-312b-46e9-9349-9fe626135f9e_1.0.0.26704_1","appID":"D-AdvancedPCFixer-00036","dateAdded":"170420","deceptorType":"App","name":"AdvancedPCFixer","company":"Syscare-Logics","version":"1.0.0.26704","sigName":"Deceptor:Win32/AdvancedPCFixer!003","firstResolvedDate":"171129","firstResolvedVersion":"1.0.0.2509","resolved":"TRUE","lastKnownStatus":"Deceptor:1.0.0.26704","lastKnownDate":"170416","lastUpdate":"2018-02-15T00:34:58.3530459+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2811},{"violations":{"ACR-003":"Ads mislead consumers - just saying \"may\" be out of date is still misleading","ACR-005":"Ads look like system errors","ACR-010":"Ads for deceptive apps (example: Deceptor:Win32/PCPurifier!003168)","ACR-014":"Information shown in ad cannot be substantiated. Options of \"Yes\" and \"Fix\" buttons are confusing and misleading. \"No\" and \"Yes\" button clicking lead same result. Advertising not free app as \"Free\".    ","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"Ads mislead consumers - just saying \"may\" be out of date is still misleading","ACR-005":"Ads look like system errors","ACR-010":"Ads for deceptive apps (example: Deceptor:Win32/PCPurifier!003168)","ACR-014":"Information shown in ad cannot be substantiated. Options of \"Yes\" and \"Fix\" buttons are confusing and misleading. \"No\" and \"Yes\" button clicking lead same result. Advertising not free app as \"Free\".    "},"samples":[{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://www.1-1ads.com/js/show_ads_supp.js","sourceIndex":"3766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://ic-dc.deliverydlcenter.com/pr/72e8e276-8bc5-11e6-a5ec-0695da005429/typ_2.html","sourceIndex":"3766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://ic-dc.deliverydlcenter.com/pr/72e8e276-8bc5-11e6-a5ec-0695da005429/typ_1.html","sourceIndex":"3766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://ic-dc.deliverydlcenter.com/pr/*/typ_2.html","sourceIndex":"3766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://ic-dc.deliverydlcenter.com/pr/*/typ_1.html","sourceIndex":"3766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://ic-dc.deliverydlcenter.com/pr/72e8e276-8bc5-11e6-a5ec-0695da005429/inp_2.html","sourceIndex":"3766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://ic-dc.deliverydlcenter.com/pr/72e8e276-8bc5-11e6-a5ec-0695da005429/inp_1.html","sourceIndex":"3766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://ic-dc.deliverydlcenter.com/pr/*/inp_2.html","sourceIndex":"3766","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","hashMD5":"","hashSHA1":"","hashSHA256":"","uriToBlock":"http://ic-dc.deliverydlcenter.com/pr/*/inp_1.html","sourceIndex":"3766","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"MalwareBytes report on deceptive ads","directDownloadingLink":"www.1-1ads.com/js/show_ads_supp.js","ipv4":"184.168.221.79","sourceIndex":"3766"}],"sampleFiles":[],"imageFiles":["170417/D-DisplayCore-ADN001/Images/ACR-003/DeceptiveAds6.JPG","170417/D-DisplayCore-ADN001/Images/ACR-003/deceptivead1.png","170417/D-DisplayCore-ADN001/Images/ACR-005/DeceptiveAds_3.JPG","170417/D-DisplayCore-ADN001/Images/ACR-005/deceptivead2.png","170417/D-DisplayCore-ADN001/Images/ACR-010/AdsForDeceptiveApp.JPG","170417/D-DisplayCore-ADN001/Images/ACR-010/AdsForDeceptiveApp_8.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/DeceptiveAds_1.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/DeceptiveAds_2.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/DeceptiveAds_4.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/DeceptiveAds_9.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/deceptivead3.png","170417/D-DisplayCore-ADN001/Images/ACR-INFO/D-DisplayCore-ADN001.mp4"],"nonDeceptorImageFiles":["170417/D-DisplayCore-ADN001/Images/ACR-003/DeceptiveAds6.JPG","170417/D-DisplayCore-ADN001/Images/ACR-003/deceptivead1.png","170417/D-DisplayCore-ADN001/Images/ACR-005/DeceptiveAds_3.JPG","170417/D-DisplayCore-ADN001/Images/ACR-005/deceptivead2.png","170417/D-DisplayCore-ADN001/Images/ACR-010/AdsForDeceptiveApp.JPG","170417/D-DisplayCore-ADN001/Images/ACR-010/AdsForDeceptiveApp_8.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/DeceptiveAds_1.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/DeceptiveAds_2.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/DeceptiveAds_4.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/DeceptiveAds_9.JPG","170417/D-DisplayCore-ADN001/Images/ACR-014/deceptivead3.png"],"guid":"a6475ff1-10de-4732-94ce-02e12e708e78_0.0.0.0_1","appID":"D-DisplayCore-ADN001","dateAdded":"170417","deceptorType":"AdNetwork","name":"displayCore","company":"ironSourc Ltd.","version":"0.0.0.0","sigName":"Deceptor:AdNetwork/DispalyCore!003005014010","firstVendorContactDate":"170416","firstAppEsteemReplyDate":"170416","firstResolvedDate":"170518","resolved":"TRUE","lastKnownStatus":"Not Deceptor","lastKnownDate":"170518","lastUpdate":"2018-02-15T00:25:27.040448+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2812},{"violations":{"ACR-003":"App exaggerates system healthy condition. Shared DLL invalid registry keys, empty registry keys,missing shortcuts are listed as \"errors\".\n","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made.\n"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition. Shared DLL invalid registry keys, empty registry keys,missing shortcuts are listed as \"errors\".\n","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made.\n"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Speedbit Technology","hashMD5":"1f66d2c3ed6eb8d576e3272516fac219","hashSHA1":"21be91281fb72f08e039d3cbdd901d1b8bc6728c","hashSHA256":"0a386107bff6fd7ef153a24821cb35502d75d07493fdb000b3e458bcbc4c8e8b","digitalCertThumbprint":"6b6bba6ba7af6cc4ca25802a46e9d06636070396","sourceIndex":"3797","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Boost My PC","productName":"Boost My PC","productVersion":"1.0.3.0","fileVersion":"1.0.3.0","hashMD5":"c8e8db03854369f4969ba79c392ed25f","hashSHA1":"6e0f4b1df83e3c1ed8007bad290b525eb62c53a3","hashSHA256":"509ba9bdd1829d7091d79b7e90159c9098d60145a843e2c3eb98d3d93a1cc62d","digitalCertThumbprint":"6b6bba6ba7af6cc4ca25802a46e9d06636070396","sourceIndex":"3797","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"Boostmypc.exe","isInstaller":"True","companyName":"Speedbit Technology","productName":"Boost My PC","productVersion":"2.0.1.6","fileVersion":"na","hashMD5":"09b94597b0c6dd97e63db5f93207f6b2","hashSHA1":"5c4e7f217c74aad512125c985bd6e07ced96f2b7","hashSHA256":"3e82790062c84e8bba03674d035630c86ee0a4f2acbbf3c7e24a9c02684476a3","digitalCertThumbprint":"6B6BBA6BA7AF6CC4CA25802A46E9D06636070396","digitalCertIssuer":"COMODO RSA Code Signing CA","digitalCertIssuedTo":"Speedbit Technology","sourceIndex":"3797","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Daniel report deceptor candidate","landingPage":"http://www.boostmypc.com","directDownloadingLink":"http://download.boostmypc.com/BoostMyPCsetup.exe","ipv4":"54.230.141.81","sourceIndex":"3797"}],"sampleFiles":[],"imageFiles":["170412/D-BoostMyPC-00033/1.0/Images/ACR-003/ExaggeratedErrors.JPG","170412/D-BoostMyPC-00033/1.0/Images/ACR-003/ExaggeratedErrors2.JPG","170412/D-BoostMyPC-00033/1.0/Images/ACR-168/NoDisclosureAboutAdditionalOfferMayApplyDuringCall.JPG","170412/D-BoostMyPC-00033/1.0/Images/ACR-INFO/BoostMyPC.mp4"],"nonDeceptorImageFiles":["170412/D-BoostMyPC-00033/1.0/Images/ACR-003/ExaggeratedErrors.JPG","170412/D-BoostMyPC-00033/1.0/Images/ACR-003/ExaggeratedErrors2.JPG","170412/D-BoostMyPC-00033/1.0/Images/ACR-168/NoDisclosureAboutAdditionalOfferMayApplyDuringCall.JPG"],"guid":"6abedd86-c012-4c5d-9d26-e4443e3f7fb8_1.0_1","appID":"D-BoostMyPC-00033","dateAdded":"170412","deceptorType":"App","name":"Boost My PC","company":"Speedbit","version":"1.0","sigName":"Deceptor:Win32/BoostMyPC!003168","lastKnownStatus":"Deceptor:4.0.0.3","lastKnownDate":"200203","type":"Windows Executable","lastUpdate":"2020-02-03T00:00:00+00:00","notDistributed":false,"numInFamily":0,"numInAppID":2,"sortOrder":2814},{"violations":{"ACR-017":"The application internal offer webpage elevates its user trust level by displaying unverifiable endorsement tied to the company, but displayed as if Microsoft is endorsing the app.\n","ACR-084":"The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. The user is unable to disable application from running at user log on from the software interface.\n"},"nonDeceptorViolations":{"ACR-065":"The application's internal offer webpage has no link to a website that shows the EULA and/or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The Privacy Policy and EULA provided belongs to DriverUpdatePlus.\n","ACR-161":"The landing page has testimonials that have no links back to a source so consumers can verify if they're real.\n","ACR-163":"The application's landing page provides a contact number for support but does not provide an email address as a secondary means of contact.\n","ACR-088":"The application starts a scan post installation without user interaction or permission.\n","ACR-092":"App uses digital certificates from different source than what was disclosed. The app's digital certificate is signed by \"Speedbit Technology Pvt Ltd\" which is not disclosed in the app's offer.\n","ACR-160":"The application does not use a certified call center to monetize the app. Upon contacting Boost My PC it was confirmed that they also offer Driver Update Plus and technical support for PC.\n","ACR-099":"The application's internal offer webpage has no link to a webpage that shows how to uninstall the app.\n","ACR-120":"After uninstalling application a web page opens with information stating that consumer can get the full version for Boost My PC at half price.\n"},"samples":[{"isRevoked":"False","fileName":"Boost My PC.exe","companyName":"Boost My PC","fileVersion":"4.0","hashMD5":"4683bf0e38bfef57033278edc15b5b9f","hashSHA1":"2860d9ff20c0d4b38b9af4d3b7b53d318dea269a","hashSHA256":"9c69ad7192f915f06783bfa590d838941738a4c1571521815a79878406a4594d","digitalCertThumbprint":"912DFD2B20915AB5CA9BF28F8BEA24D4ADC17038","digitalCertIssuer":"CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB","digitalCertIssuedTo":"CN=Speedbit Technology Pvt Ltd, O=Speedbit Technology Pvt Ltd, STREET=H No-1626, STREET=\"Sector-15, Part-II\", L=Gurgaon, S=Haryana, PostalCode=122001, C=IN, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=054791","sourceIndex":"2561","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"BoostMyPCsetup.exe","isInstaller":"True","companyName":"n/a","productName":"n/a","productVersion":"n/a","fileVersion":"n/a","hashMD5":"b8c0e651ee4bbd34c945b4724cf95a1b","hashSHA1":"1fae30730842da09ebbf50a55cc06c5d8c4cf6cb","hashSHA256":"bfe5d183d8007fbdb4043b46f13268180987379457383556faa38f68d9434838","digitalCertThumbprint":"912DFD2B20915AB5CA9BF28F8BEA24D4ADC17038","digitalCertIssuer":"COMODO RSA Extended Validation Code Signing CA","digitalCertIssuedTo":"Speedbit Technology Pvt Ltd","sourceIndex":"2561","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"New version review","reference":"Existing decepter review","landingPage":"http://www.boostmypc.com/","directDownloadingLink":"http://download.boostmypc.com/BoostMyPCsetup.exe","ipv4":"","ipv6":"","directDownloadingLinkWildChar":"http://download.boostmypc.com/BoostMyPCsetup.exe","sourceIndex":"2561"}],"sampleFiles":["170412/D-BoostMyPC-00033/4.0.0.3/Samples/Boost My PC.exe","170412/D-BoostMyPC-00033/4.0.0.3/Samples/BoostMyPCsetup.exe"],"imageFiles":["170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-017/ACR_017_INTERNAL_OFFERS.PNG","170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-084/ACR_084_SOFTWARE.PNG"],"nonDeceptorImageFiles":["170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-065/ACR_065_INTERNAL_OFFERS.PNG","170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-161/ACR_161_LANDING_PAGE.PNG","170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-163/ACR_163_LANDING_PAGE.PNG","170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-088/ACR_088_SOFTWARE.PNG","170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-092/ACR_092_SOFTWARE.PNG","170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-099/ACR_099_INTERNAL_OFFERS.PNG","170412/D-BoostMyPC-00033/4.0.0.3/Images/ACR-120/ACR_120_UNINSTALL.PNG"],"guid":"6abedd86-c012-4c5d-9d26-e4443e3f7fb8_4.0.0.3_1","appID":"D-BoostMyPC-00033","dateAdded":"170412","deceptorType":"App","name":"Boost My PC","company":"Speedbit","version":"4.0.0.3","sigName":"Deceptor:Win32/BoostMyPC!084017","lastKnownStatus":"Deceptor:4.0.0.3","lastKnownDate":"200203","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid","lastUpdate":"2020-02-04T00:32:27.7834363+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":2,"sortOrder":2813},{"violations":{"ACR-003":"App exaggerates system healthy condition, reports system condition is severe because of invalid registry keys identified.\n\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Xionix Inc.","productName":"RegServe","productVersion":"7.1.4.0","fileVersion":"7.1.4.0","hashMD5":"d41b65841198422271c2e75556e518f2","hashSHA1":"fbc5d823830711d14905b9ff2f4654290ca5fdcd","hashSHA256":"6b38b42cc18450cbf40ba911d46e090ba0d1a4139e1f0ccd735ad4db0ecb70ea","digitalCertThumbprint":"1D3965A3F8B0145B926F60C357E8328227023253","sourceIndex":"3491","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Xionix Inc.","productName":"RegServe","productVersion":"7.1.4.0","fileVersion":"7.1.4.0","hashMD5":"d41b65841198422271c2e75556e518f2","hashSHA1":"fbc5d823830711d14905b9ff2f4654290ca5fdcd","hashSHA256":"6b38b42cc18450cbf40ba911d46e090ba0d1a4139e1f0ccd735ad4db0ecb70ea","digitalCertThumbprint":"1D3965A3F8B0145B926F60C357E8328227023253","sourceIndex":"3492","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Xionix Inc.","productName":"RegServe","productVersion":"7.1.4.0","fileVersion":"7.1.4.0","hashMD5":"d41b65841198422271c2e75556e518f2","hashSHA1":"fbc5d823830711d14905b9ff2f4654290ca5fdcd","hashSHA256":"6b38b42cc18450cbf40ba911d46e090ba0d1a4139e1f0ccd735ad4db0ecb70ea","digitalCertThumbprint":"1D3965A3F8B0145B926F60C357E8328227023253","sourceIndex":"3493","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Yahoo search  \"Registry Tool\"","landingPage":"http://www.editors-top-choice.com/software/registry-cleaners/?tid=msn","directDownloadingLink":"http://www.editors-top-choice.com/software/registry-cleaners/downloads/regserve-setup.exe","ipv4":"(192.254.234.164","sourceIndex":"3491"},{"howFound":"Hunt.Advertising","reference":"Yahoo search  \"Registry Tool\"","landingPage":"http://www.regserve.com/","directDownloadingLink":"http://www.regserve.com/downloads/regserve-setup.exe","ipv4":"198.1.117.248","sourceIndex":"3492"},{"howFound":"Hunt.Advertising","reference":"Yahoo search  \"Registry Tool\"","landingPage":"http://www.xionix.com/products/regserve/","directDownloadingLink":"http://www.xionix.com/downloads/regserve-setup.exe","ipv4":"198.1.117.247","sourceIndex":"3493"}],"sampleFiles":[],"imageFiles":["170402/D-RegServe-00025/7.1.4.0/Images/ACR-003/ACR-003_Software_ExaggeratedErrors.PNG","170402/D-RegServe-00025/7.1.4.0/Images/ACR-003/RegServ_recheck.PNG"],"nonDeceptorImageFiles":[],"guid":"99bca280-4dd0-4bb6-9cd9-c0278a5e7546_7.1.4.0_1","appID":"D-RegServe-00025","dateAdded":"170402","deceptorType":"App","name":"RegServe","company":"Xionix, Inc.","version":"7.1.4.0","sigName":"Deceptor:Win32/RegServe!003","lastKnownStatus":"Deceptor:7.1.4.0","lastKnownDate":"181215","lastUpdate":"2018-12-15T05:27:57.3060298+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2815},{"violations":{"ACR-042":"separate program \"SmartMonitor\" is installeded without providing option for user to choose during installation","ACR-043":"\"SmartMonitor\" program is not disclosed in app landing page and during installation","ACR-003":"App exaggerates Shared DLL invalid registry key is high impact problem, raises urgency and misleads uesr to take action to fix them.","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates Shared DLL invalid registry key is high impact problem, raises urgency and misleads uesr to take action to fix them."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"ReviverSoft","productName":"PC Reviver","productVersion":"2.16.1.2","fileVersion":"2.16.1.2","hashMD5":"09a2fc29c2886a492961b0b6488bc222","hashSHA1":"6cb85bff0fa293f413e7dd8e61b3643caf007046","hashSHA256":"61e7ba48426493cb3b4c3b721ff5395d9a8d56007d2c48344c749bbcf114daef","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3764","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"system optimizer leads to  Battery optimizer lead to Reviver products","landingPage":"http://www.reviversoft.com/","directDownloadingLink":"http://dl.reviversoft.com/reviversoft/advanced_product_releases/b926051d-59db-4504-8c3c-9bc935e0c9cf_2.16.1.2/sa/0/PCReviverSetup.exe","ipv4":"23.32.46.75","sourceIndex":"3764"}],"sampleFiles":["170401/D-PCReviver-00018/2.16.1.2/Samples/PCReviverSetup.exe"],"imageFiles":["170401/D-PCReviver-00018/2.16.1.2/Images/ACR-042/ACR-042_Installs_UndisclosedAppInstalled.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-043/ACR-043_Installs_UndisclosedAppInstalled.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-047/ACR-047_InlineOffer_OfferDuringCloseTime.mp4","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-047/ACR-047_InlineOffers_OfferDuringClosingTime.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ACR-003_Software_exageratedClaims.mp4","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ACR-003_Software_ExagerratedClaims.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ACR-003_Software_ExagerratedClaims2.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ACR-003_Software_ExagerratedClaims3.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ExaggeratedIssuesFound.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-007/ACR-007_LandingPage_LogosRedirectToDifferentProduct.mp4","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-007/ACR-007_LandingPage_MisleadingLogos.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-017/ACR-017_LandingPage_MisleadingLogos.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-017/ACR-017_LandingPage_MisleadingLogos.mp4","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-039/ACR-039_Installs_UndisclosedSoftwareInstalled.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-039/ACR-039_Installs_UnknownCompanyNameInRegistryEntry.JPG"],"nonDeceptorImageFiles":["170401/D-PCReviver-00018/2.16.1.2/Images/ACR-065/ACR-065_Software_NoEula&PrivacyPolicy.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-056/ACR-056_Software_MissingFeatures.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-120/ACR-120_Uninstallation_DiscountAfterUninstallation.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-035/ACR-035_Docs_NoContactDetailsInEula.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-054/ACR-054_InlineOffers_UnequalProminence.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-047/ACR-047_InlineOffer_OfferDuringCloseTime.mp4","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-047/ACR-047_InlineOffers_OfferDuringClosingTime.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ACR-003_Software_exageratedClaims.mp4","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ACR-003_Software_ExagerratedClaims.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ACR-003_Software_ExagerratedClaims2.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ACR-003_Software_ExagerratedClaims3.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-003/ExaggeratedIssuesFound.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-007/ACR-007_LandingPage_LogosRedirectToDifferentProduct.mp4","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-007/ACR-007_LandingPage_MisleadingLogos.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-017/ACR-017_LandingPage_MisleadingLogos.JPG","170401/D-PCReviver-00018/2.16.1.2/Images/ACR-017/ACR-017_LandingPage_MisleadingLogos.mp4"],"guid":"e61dfd42-38b2-4fff-ae67-130a3bd66f97_2.16.1.2_1","appID":"D-PCReviver-00018","dateAdded":"170401","deceptorType":"App","name":"PC Reviver","company":"ReviverSoft","version":"2.16.1.2","sigName":"Deceptor:Win32/PCReviver!042043003","firstVendorContactDate":"170426","firstAppEsteemReplyDate":"170426","firstResolvedDate":"170913","firstResolvedVersion":"NotDeceptor: 3.1.0.12","resolved":"TRUE","lastKnownStatus":"Deceptor:2.16.1.2","lastKnownDate":"170329","lastUpdate":"2018-02-15T00:25:27.5896342+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2816},{"violations":{"ACR-003":"App exaggerates system healthy considtion. Junk files, empty registry keys, no timeout waiting for program close during shut down exaggerated as issues.\n"},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"c61d08ae6d18cc244c7c932309510561","hashSHA1":"d8e07f8fbd8b6269cc8f0854f0acdad0e7242de1","hashSHA256":"e7e57ee2bf9ac996b9fac2d24b837150ae64c2531468453eb6ca9c92cbce82ba","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"3114bdf6242d9089edfc2467fdc0c898","hashSHA1":"aaa46926b8c842d65d0a46675582722584ee091e","hashSHA256":"436d4b2a4053a9c3cce6c889d1b086055c60f33960cc486c6089fd352637e7ca","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"1c3f9cf3f1792aa851758b6a7eafb50a","hashSHA1":"0d3c0feea2bb13e51aea95c0c9603113dbdb6463","hashSHA256":"12afa47a66704ee88740ef10fd6a0a3d9f999ae1ae584bae11f16003c256899f","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"ebbffca745bf2eb0aa9603083676a2ef","hashSHA1":"d5571f3218634d8503c9b6567c08a623feb49fda","hashSHA256":"1a0747af10ab86913bff045bf303e2532ce60989ff88f0cbcf748d47efda6700","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"d6f0d311efcffaf98527888d30366adb","hashSHA1":"01634b5f57958b2188359b51ed1455138b2a90fd","hashSHA256":"f2e5e15f2955648a3a6d8fb60cfeeee28cd96344f77c2a8a0f63fe3968f752b9","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"87f5e3651f80283658d9f88f9b67452c","hashSHA1":"df6574002d336cc8511713412e85ce8dfab26d34","hashSHA256":"bc7c0243d1c3533a74a49f16928cff3302c2ff8b9670f1b6676208199afffed6","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.1.1.0","fileVersion":"1.1.1.0","hashMD5":"d74c4161cb8e931e869dfb416c40faa9","hashSHA1":"9b23c96f11b8d1e91c1a570383ad7a37bea18796","hashSHA256":"3c2615d5343b5b3a5ba2ccc980e7944c6ba7bef19a6e86c94b73d1400ae7f44b","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"optispeed-setup_1.exe","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"3114bdf6242d9089edfc2467fdc0c898","hashSHA1":"aaa46926b8c842d65d0a46675582722584ee091e","hashSHA256":"436d4b2a4053a9c3cce6c889d1b086055c60f33960cc486c6089fd352637e7ca","digitalCertThumbprint":"1bb7282f8f5abb4a1b786347d33a697efa962e9e","sourceIndex":"3494","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"c61d08ae6d18cc244c7c932309510561","hashSHA1":"d8e07f8fbd8b6269cc8f0854f0acdad0e7242de1","hashSHA256":"e7e57ee2bf9ac996b9fac2d24b837150ae64c2531468453eb6ca9c92cbce82ba","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"3114bdf6242d9089edfc2467fdc0c898","hashSHA1":"aaa46926b8c842d65d0a46675582722584ee091e","hashSHA256":"436d4b2a4053a9c3cce6c889d1b086055c60f33960cc486c6089fd352637e7ca","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"1c3f9cf3f1792aa851758b6a7eafb50a","hashSHA1":"0d3c0feea2bb13e51aea95c0c9603113dbdb6463","hashSHA256":"12afa47a66704ee88740ef10fd6a0a3d9f999ae1ae584bae11f16003c256899f","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"ebbffca745bf2eb0aa9603083676a2ef","hashSHA1":"d5571f3218634d8503c9b6567c08a623feb49fda","hashSHA256":"1a0747af10ab86913bff045bf303e2532ce60989ff88f0cbcf748d47efda6700","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"d6f0d311efcffaf98527888d30366adb","hashSHA1":"01634b5f57958b2188359b51ed1455138b2a90fd","hashSHA256":"f2e5e15f2955648a3a6d8fb60cfeeee28cd96344f77c2a8a0f63fe3968f752b9","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.x","fileVersion":"1.1.1.0","hashMD5":"87f5e3651f80283658d9f88f9b67452c","hashSHA1":"df6574002d336cc8511713412e85ce8dfab26d34","hashSHA256":"bc7c0243d1c3533a74a49f16928cff3302c2ff8b9670f1b6676208199afffed6","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3495","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"OptiSpeed","productName":"OptiSpeed","productVersion":"1.1.1.0","fileVersion":"1.1.1.0","hashMD5":"d74c4161cb8e931e869dfb416c40faa9","hashSHA1":"9b23c96f11b8d1e91c1a570383ad7a37bea18796","hashSHA256":"3c2615d5343b5b3a5ba2ccc980e7944c6ba7bef19a6e86c94b73d1400ae7f44b","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3495","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.PartnerReport","reference":"Andrew report deceptor candidate due to consumer report in VT","landingPage":"http://optimize-windows.net/","directDownloadingLink":"http://static.optimize-windows.net/en/optispeed/openlink/stub/optispeed-setup.exe","ipv4":"198.232.125.160","sourceIndex":"3494"},{"howFound":"Hunt.PartnerReport","reference":"Andrew report deceptor candidate due to consumer report in VT","landingPage":"http://optimize-windows.net/","directDownloadingLink":"http://downloads.optimize-windows.net/go/speedtestoptimar24usld/en/optispeed/stub/optispeed-setup.exe","ipv4":"45.79.194.109","sourceIndex":"3495"}],"sampleFiles":["170331/D-OptiSpeed-00020/1.x/Samples/12afa47a66704ee88740ef10fd6a0a3d9f999ae1ae584bae11f16003c256899f.exe","170331/D-OptiSpeed-00020/1.x/Samples/1a0747af10ab86913bff045bf303e2532ce60989ff88f0cbcf748d47efda6700.exe","170331/D-OptiSpeed-00020/1.x/Samples/bc7c0243d1c3533a74a49f16928cff3302c2ff8b9670f1b6676208199afffed6.exe","170331/D-OptiSpeed-00020/1.x/Samples/e3320de5678ada36b2c7ef15f2b654f216eed013b9a3873111316fa29aeecf19.exe","170331/D-OptiSpeed-00020/1.x/Samples/f2e5e15f2955648a3a6d8fb60cfeeee28cd96344f77c2a8a0f63fe3968f752b9.exe"],"imageFiles":["170331/D-OptiSpeed-00020/1.x/Images/ACR-003/ClaimEmptyRegistryKeyAsIssue.PNG","170331/D-OptiSpeed-00020/1.x/Images/ACR-003/ClaimWaitForUserConfirmToShutdownAsAnIssueImpactSinghutDownSpeed.PNG","170331/D-OptiSpeed-00020/1.x/Images/ACR-003/ExaggerateIssues.PNG","170331/D-OptiSpeed-00020/1.x/Images/ACR-003/SystemDiagnosticsResultMisleadingUserWithExaggeratedIssues.PNG"],"nonDeceptorImageFiles":[],"guid":"8758fe04-1d72-4a3a-a539-4e13845ef6e5_1.x_1","appID":"D-OptiSpeed-00020","dateAdded":"170331","deceptorType":"App","name":"OptiSpeed","company":"OptiSpeed","version":"1.x","sigName":"Deceptor:Win32/OptiSpeed!003","lastKnownStatus":"Deceptor:1.1.1.0","lastKnownDate":"181215","category":"SysTools & Utilities","targetOS":"Windows XP,Windows Vista,Windows 7,Windows 8,Windows 10","targetBrowser":"None","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"paid,up-sell to paid","lastUpdate":"2018-12-15T05:26:35.8279031+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2817},{"violations":{"ACR-042":"separate program \"SmartMonitor\" is installeded without providing option for user to choose during installation","ACR-043":"\"SmartMonitor\" program is not disclosed in app landing page and during installation","ACR-003":"App exaggerates Shared DLL invalid registry key is high impact problem, raises urgency and misleads uesr to take action to fix them.","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates Shared DLL invalid registry key is high impact problem, raises urgency and misleads uesr to take action to fix them."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"ReviverSoft","productName":"Registry Reviver","productVersion":"4.12.1.4","fileVersion":"4.12.1.4","hashMD5":"8e7104e74ab77bcace85cbc627263133","hashSHA1":"e8914ea8c396619eb09b8d9e52a8aa60417bda46","hashSHA256":"24c13085ac7e329868703b68c3b9188ded058e61d0891d4ee8e3b698e4a67780","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3818","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"ReviverSoft","productName":"Registry Reviver","productVersion":"4.12.1.4","fileVersion":"4.12.1.4","hashMD5":"8e7104e74ab77bcace85cbc627263133","hashSHA1":"e8914ea8c396619eb09b8d9e52a8aa60417bda46","hashSHA256":"24c13085ac7e329868703b68c3b9188ded058e61d0891d4ee8e3b698e4a67780","digitalCertThumbprint":"d42f6e3fca6eb3ceb91cee7fd15ff7087b89d624","sourceIndex":"3819","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Google Search: optimizer leads to  Battery optimizer lead to Reviver products","landingPage":"http://www.reviversoft.com/registry-reviver/?utm_source=product&utm_medium=BO&utm_campaign=cp&CID=P-BO","directDownloadingLink":"http://dl.reviversoft.com/reviversoft/advanced_product_releases/b81400f3-a658-4828-8c3e-f98cb4c01564_4.12.1.4/sa/0/RegistryReviverSetup.exe","ipv4":"23.32.46.75","sourceIndex":"3818"},{"howFound":"Hunt.Advertising","reference":"Google Search: optimizer leads to  Battery optimizer lead to Reviver products","landingPage":"http://www.reviversoft.com/","directDownloadingLink":"http://dl.reviversoft.com/reviversoft/advanced_product_releases/b81400f3-a658-4828-8c3e-f98cb4c01564_4.12.1.4/sa/0/RegistryReviverSetup.exe","ipv4":"23.32.46.75","sourceIndex":"3819"}],"sampleFiles":["170330/D-RegistryReviver-00017/4.12.1.4/Samples/RegistryReviverSetup.exe"],"imageFiles":["170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-042/ACR-042_Install_AdditionalSoftwareInstalled.mp4","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-042/ACR-042_Installs_UndisclosedAppInstalled.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-043/ACR-043_Install_AdditionalSoftwareInstalled.mp4","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-043/ACR-043_Installs_UndisclosedAppInstalled.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-047/ACR-047_InlineOffer_OfferOnClosingApplication.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-003/ACR-003_Software_ExagerratedClaims.mp4","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-003/ACR-003_Software_ExagerratedClaims.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-003/ACR-003_Software_ExagerratedClaims2.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-017/ACR-017_LandingPages_MisleadingLogos.JPG"],"nonDeceptorImageFiles":["170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-161/ACR-161_LandingPager_MissingReferenceToReviews.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-161/ACR-161_LandingPager_MissingReferenceToReviews2.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-088/ACR-088_Software_AutoScanPostInstall.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-088/ACR-088_Software_ThankYouLandingPage&AutoScanPostInstall.mp4","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-098/ACR-098_Software_UnableToCloseApplication.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-120/ACR-120_Uninstall_DiscountAfterUninstallation.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-035/ACR-035_Docs_NoContactDetailsInEula.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-068/ACR-068_InternalOffer_ConfusingTextForOffer.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-159/ACR-159_LandingPage_NoDifferenceBetweenPaidAndFreeVersion.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-047/ACR-047_InlineOffer_OfferOnClosingApplication.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-003/ACR-003_Software_ExagerratedClaims.mp4","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-003/ACR-003_Software_ExagerratedClaims.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-003/ACR-003_Software_ExagerratedClaims2.JPG","170330/D-RegistryReviver-00017/4.12.1.4/Images/ACR-017/ACR-017_LandingPages_MisleadingLogos.JPG"],"guid":"ce37e85b-9b80-4331-9c37-9b8ce6f0d5ad_4.12.1.4_1","appID":"D-RegistryReviver-00017","dateAdded":"170330","deceptorType":"App","name":"Registry Reviver","company":"ReviverSoft","version":"4.12.1.4","sigName":"Deceptor:Win32/RegistryReviver!042043003","firstVendorContactDate":"170426","firstAppEsteemReplyDate":"170426","firstResolvedDate":"170915","firstResolvedVersion":"NotDeceptor:4.18.1.4","resolved":"TRUE","lastKnownStatus":"Deceptor:4.12.1.4","lastKnownDate":"170918","lastUpdate":"2018-02-15T00:10:56.9300609+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2818},{"violations":{},"nonDeceptorViolations":{},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"SpeedyPCPro","productName":"SpeedyPCPro","fileVersion":"3.3.24.0","hashMD5":"da7defb1c2709558ce1083a9c2a9bcf6","hashSHA1":"b24c8cedb3071472f2c20a2eb091b79f4e1bae54","hashSHA256":"dc28eba6e8a8019b621c19f8a6120f4924498c9b9e5bd8c165cf01a42b1740e7","digitalCertThumbprint":"db4d7f6c409b5a26d6ffa5ed7df700ef884cfa67","sourceIndex":"500","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Yahoo search for \"fix my pc\", \"fix my pc for free\"","landingPage":"http://www.speedypc.com/","sourceIndex":"500"}],"sampleFiles":[],"imageFiles":[],"nonDeceptorImageFiles":[],"guid":"b30834c7-8ad2-4546-b57b-ab767c7cbc2e_3.3.24.0_1","appID":"D-SpeedyPCPro-00012","dateAdded":"170327","deceptorType":"App","name":"SpeedyPCPro","company":"SpeedyPC Software","version":"3.3.24.0","sigName":"Deceptor:Win32/SpeedyPCPro!083003","firstVendorContactDate":"170327","firstAppEsteemReplyDate":"170327","firstResolvedDate":"170509","firstResolvedVersion":"3.3.28.0","resolved":"TRUE","lastKnownStatus":"Not Deceptor:3.3.28.0","lastKnownDate":"241023","lastUpdate":"2024-10-23T21:42:37.4348468+00:00","notDistributed":true,"familyName":"","numInFamily":0,"numInAppID":1,"sortOrder":2819},{"violations":{"ACR-003":"App exaggerates system healthy condition caused by invalid registry items","ACR-083":"3rd party antivirus component installed in separate folder without disclosure upfront","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates system healthy condition caused by invalid registry items"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Paretologic Inc","productName":"RegCurePro","fileVersion":"3.3.24.0","hashMD5":"36042f0609e1b507ea8c06ca301eaf18","hashSHA1":"2636654200c00371675f519daf5629293161d5dd","hashSHA256":"1a5c7cbea1323dcca23609ffdf029822a7142f20cb703fa4513d65010d494b5f","digitalCertThumbprint":"DB4D7F6C409B5A26D6FFA5ED7DF700EF884CFA67","sourceIndex":"3702","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Yahoo search for \"fix my pc\", \"fix my pc for free\"","landingPage":"http://www.errorsfixer.com/repairtool/errors.php?keyword=Fix%20My%20Pc&qs=%22fix%20my%20pc%22","sourceIndex":"3702"}],"sampleFiles":["170327/D-RegCurePro-00011/Samples/RegCureProSetup_4d84cee6-8a82-4bc8-a3bf-784999927c92_.exe"],"imageFiles":["170327/D-RegCurePro-00011/Images/ACR-003/ACR-003_Software_EachTempFileCountedAsProblem.PNG","170327/D-RegCurePro-00011/Images/ACR-003/ACR-003_exaggeratedsystemissue.PNG","170327/D-RegCurePro-00011/Images/ACR-INFO/ACR-003_Software_ExaggeratedProblem.mp4","170327/D-RegCurePro-00011/Images/ACR-083/ACR-083_Software_ExcessiveDownloadsWithoutIntimation1.PNG","170327/D-RegCurePro-00011/Images/ACR-083/ACR-083_Software_ExcessiveDownloadsWithoutIntimation2.PNG","170327/D-RegCurePro-00011/Images/ACR-INFO/ACR-083_Software_ExtraAppDownload.mp4","170327/D-RegCurePro-00011/Images/ACR-055/ACR-055_Install_ButtonsDisabled.PNG","170327/D-RegCurePro-00011/Images/ACR-INFO/ACR-003_Software_ExaggeratedProblem.mp4","170327/D-RegCurePro-00011/Images/ACR-INFO/ACR-083_Software_ExtraAppDownload.mp4","170327/D-RegCurePro-00011/Images/ACR-INFO/ACR-088_Software_AutostartingScanAfterInstall.mp4"],"nonDeceptorImageFiles":["170327/D-RegCurePro-00011/Images/ACR-065/ACR-065_Software_NoEula.PNG","170327/D-RegCurePro-00011/Images/ACR-161/ACR-161_LandingPage_NoCitation.PNG","170327/D-RegCurePro-00011/Images/ACR-088/ACR-088_Software_AutostartingScanAfterInstall.PNG","170327/D-RegCurePro-00011/Images/ACR-INFO/ACR-088_Software_AutostartingScanAfterInstall.mp4","170327/D-RegCurePro-00011/Images/ACR-167/ACR-167_LandingPage_NoTimeRangeMentionedForRefundInEula.PNG","170327/D-RegCurePro-00011/Images/ACR-055/ACR-055_Install_ButtonsDisabled.PNG","170327/D-RegCurePro-00011/Images/ACR-003/ACR-003_Software_EachTempFileCountedAsProblem.PNG","170327/D-RegCurePro-00011/Images/ACR-003/ACR-003_exaggeratedsystemissue.PNG","170327/D-RegCurePro-00011/Images/ACR-INFO/ACR-003_Software_ExaggeratedProblem.mp4"],"guid":"20a8191d-ec8e-4398-befd-2fefb057497b_3.3.24.0_1","appID":"D-RegCurePro-00011","dateAdded":"170327","deceptorType":"App","name":"RegCurePro","company":"Paretologic Inc","version":"3.3.24.0","sigName":"Deceptor:Win32/RegCurePro!083003","firstVendorContactDate":"170327","firstAppEsteemReplyDate":"170327","firstResolvedDate":"170509","firstResolvedVersion":"3.3.28.0","resolved":"TRUE","lastKnownStatus":"Not Deceptor:3.3.28.0","lastKnownDate":"170509","lastUpdate":"2018-02-15T00:39:57.5367546+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2820},{"violations":{"ACR-003":"Internal offers to upgrade to paid show state of system as \"Poor\", misleading user with a false sense of urgency.\nInternal ads for additional software uses a red \"missing\", misleading the consumer with a false sense of urgency\nSoftware mischaracterizes speed issues as \"severe\", misleading the consumer with a false sense of urgency. Details show individual registry settings as \"High\" severity.\n","ACR-017":"Internal offer misrepresents a company partnership as if it applies to the app.\nInstall misrepresents company-held partnerships as if they apply to the app\nSoftware misrepresents company-held partnerships as if they apply to the app\nUninstall misrepresents company-held partnerships as if they apply to the app\n","ACR-168":"Internal offer's call center phone number does not disclose that additional offers will be made during the call.\nApp displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made.\n","ACR-016":"Ads for \"missing\" apps lead directly to installations\n"},"nonDeceptorViolations":{"ACR-065":"Missing link to uninstall instructions\nSoftware has no links to EULA, Privacy, Returns, Uninstall\nShopping cart does not provide links to privacy policy and uninstall instructions\n","ACR-171":"Shopping cart pre-checks PC Booster, which was not disclosed on landing page as included, and appears to offer the same value prop as the app.\n"},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"TweakBit PCSpeedUp","productVersion":"1.8.1.3","fileVersion":"1.8.1.3","hashMD5":"dae421629c55ac4b2948e04abb5b7dd4","hashSHA1":"9540a4947451b4854684aa1d8ffcae26a4323d00","hashSHA256":"15d077cb70b665134324218c71baa9b68bd1f3161f0cb5e85534288ecb3b3e5e","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3649","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"TweakBit PCSpeedUp","productVersion":"1.8.1.4","fileVersion":"1.8.1.4","hashMD5":"f77d5c98439be5d44bf3541b40ca0675","hashSHA1":"08aff10a7034e8ed3b40120154d910609d41dd98","hashSHA256":"427120f4dd5014d7edee084ef4a315546b3de6db0e8b5c62d81e53c42a2a3fd6","digitalCertThumbprint":"1BB7282F8F5ABB4A1B786347D33A697EFA962E9E","sourceIndex":"3649","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","fileName":"pc-speed-up-setup - 1.8.2.19.exe","isInstaller":"True","companyName":"Auslogics Labs Pty Ltd","productName":"TweakBit PCSpeedUp","productVersion":"1.8.2.19","fileVersion":"1.8.2.19","hashMD5":"eb93e973ce97d2c15dadc6551cedc755","hashSHA1":"ee34ddde0bc587e780d8d8be6f41860e65db852b","hashSHA256":"4ae98b24020ca637d2ced4c72921be8596cf88dd472569cae3c4e8c1e568df53","digitalCertThumbprint":"2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029","digitalCertIssuer":"Entrust.net Certification Authority (2048)","digitalCertIssuedTo":"Auslogics Labs Pty Ltd","sourceIndex":"3649","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Google \"fix my slow pc\", product from same company","landingPage":"https://www.tweakbit.com/pc-speed-up/","directDownloadingLink":"http://downloads.tweakbit.com/en/pc-speed-up/default/pc-speed-up-setup.exe","ipv4":"45.79.194.109","sourceIndex":"3649"}],"sampleFiles":["170322/D-PCSpeedUp-00008/1.8/Samples/pc-speed-up-setup.exe","170322/D-PCSpeedUp-00008/1.8/Samples/pc-speed-up-setup - 1.8.2.19.exe"],"imageFiles":["170322/D-PCSpeedUp-00008/1.8/Images/ACR-003/ACR-003 internal offer.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-017/ACR-017 internal offer.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-168/ACR-168 internal offer.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-016/ACR-016 ads.gif","170322/D-PCSpeedUp-00008/1.8/Images/ACR-003/ACR-003 internal ads.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-017/ACR-017 install.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-003/ACR-003 software.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-003/ACR-003 software details.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-017/ACR-017 software.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-168/ACR-168 software.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-017/ACR-017 uinstall.png"],"nonDeceptorImageFiles":["170322/D-PCSpeedUp-00008/1.8/Images/ACR-065/ACR-065 missing uninstallation.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-065/ACR-065 no links to anything.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-065/ACR-065 no privacy or uninstall.png","170322/D-PCSpeedUp-00008/1.8/Images/ACR-171/ACR-171 prechecked PC Booster.png"],"guid":"0be0e2f1-398e-4eaf-9484-5bbfd5877e0a_1.8_1","appID":"D-PCSpeedUp-00008","dateAdded":"170322","deceptorType":"App","name":"PCSpeedUp","company":"TweakBit","version":"1.8","sigName":"Deceptor:Win32/PCSpeedUp!003016017168","firstVendorContactDate":"170526","firstAppEsteemReplyDate":"170526","firstResolvedDate":"180406","firstResolvedVersion":"1.8.2.24","resolved":"TRUE","lastKnownStatus":"Deceptor:1.8.1.3,18.2.22;NonCertified:1.8.2.24","lastKnownDate":"180113","type":"Windows Executable","category":"SysTools & Utilities","targetOS":"Windows XP,Windows 7,Windows Vista,Windows 8,Windows 10,Windows Server,MacOS","targetCustomer":"consumer","ageAppropriate":"12+ appropriate","monetization":"up-sell to paid,paid,call center","lastUpdate":"2018-04-06T19:07:05.3486647+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2821},{"violations":{"ACR-003":"App claims that their promoted apps are \"missing\". App claims to \"repair\" errors in system event log.","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made. The call center number doesn't share equal prominence with a non-interactive methods of support.","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App claims that their promoted apps are \"missing\". App claims to \"repair\" errors in system event log.","ACR-168":"App displays a call center phone number, but doesn't disclose that additional offers (support contracts) will be made. The call center number doesn't share equal prominence with a non-interactive methods of support."},"samples":[],"additionalFiles":[],"sources":[],"sampleFiles":[],"imageFiles":["170322/D-PCRepairKit-00010/Images/ACR-048/ACR-048_Install_Installation_Shortcut.PNG","170322/D-PCRepairKit-00010/Images/ACR-048/ACR-048_Install_No_Indication_Of_Internet_Requirement_1.PNG","170322/D-PCRepairKit-00010/Images/ACR-048/ACR-048_Install_No_Indication_Of_Internet_Requirement_2.PNG","170322/D-PCRepairKit-00010/Images/ACR-048/ACR-048_Install__Confusing_Dialog.PNG","170322/D-PCRepairKit-00010/Images/ACR-INFO/ACR-048_Install_InsallationShortcut.mp4","170322/D-PCRepairKit-00010/Images/ACR-003/ACR-003_Software__Event_Log_As_Threats1.PNG","170322/D-PCRepairKit-00010/Images/ACR-003/ACR-003_Software__Event_Log_As_Threats2.PNG","170322/D-PCRepairKit-00010/Images/ACR-003/ACR-003_Software__Extra_App_Listed_As_A_Missing_Component.PNG","170322/D-PCRepairKit-00010/Images/ACR-003/ACR-003_Software__Extra_App_Listed_As_Protection_Deficiency.PNG","170322/D-PCRepairKit-00010/Images/ACR-INFO/ACR-003_Software_Exaggerated_Health_Issue.mp4","170322/D-PCRepairKit-00010/Images/ACR-016/ACR-016_AdsAboutApp_Cannot_Stop_Download_After_It_Starts.PNG","170322/D-PCRepairKit-00010/Images/ACR-016/ACR-016_AdsAboutApp__Download_Directly_Launched.PNG","170322/D-PCRepairKit-00010/Images/ACR-055/ACR-055_Software__Decline_Button_Less_Prominent1.PNG","170322/D-PCRepairKit-00010/Images/ACR-055/ACR-055_Software__Decline_Button_Less_Prominent2.PNG","170322/D-PCRepairKit-00010/Images/ACR-055/ACR-055_Software__Decline_Button_Less_Prominent3.PNG","170322/D-PCRepairKit-00010/Images/ACR-055/ACR-055_Software__Negative_Push.PNG","170322/D-PCRepairKit-00010/Images/ACR-124/ACR-124_Uninstall__Close_Button_Disabled.PNG","170322/D-PCRepairKit-00010/Images/ACR-124/ACR-124_Uninstall__Feedback_Response_Mandatory.PNG","170322/D-PCRepairKit-00010/Images/ACR-124/ACR-124_Uninstall__Forced_Feedback.PNG","170322/D-PCRepairKit-00010/Images/ACR-INFO/ACR-003_Software_Exaggerated_Health_Issue.mp4","170322/D-PCRepairKit-00010/Images/ACR-INFO/ACR-048_Install_InsallationShortcut.mp4","170322/D-PCRepairKit-00010/Images/ACR-165/ACR-165_LandingPage_1.PNG","170322/D-PCRepairKit-00010/Images/ACR-165/ACR-165_LandingPage_2.PNG"],"nonDeceptorImageFiles":["170322/D-PCRepairKit-00010/Images/ACR-002/ACR-002_Doc_App_Name_Not_Mentioned.PNG","170322/D-PCRepairKit-00010/Images/ACR-002/ACR-002_Software_Company_Name_Confusion1.PNG","170322/D-PCRepairKit-00010/Images/ACR-002/ACR-002_Software_Company_Name_Confusion2.PNG","170322/D-PCRepairKit-00010/Images/ACR-002/ACR-002_Software_No_Eula.PNG","170322/D-PCRepairKit-00010/Images/ACR-161/ACR-161_LandingPage_No_Reference.PNG","170322/D-PCRepairKit-00010/Images/ACR-163/ACR-163_LandingPage_Non-One-To-One_Not_Prominent.PNG","170322/D-PCRepairKit-00010/Images/ACR-163/ACR-163_Software_Non-One-To-One_Not_Prominent.PNG","170322/D-PCRepairKit-00010/Images/ACR-055/ACR-055_Software__Decline_Button_Less_Prominent1.PNG","170322/D-PCRepairKit-00010/Images/ACR-055/ACR-055_Software__Decline_Button_Less_Prominent2.PNG","170322/D-PCRepairKit-00010/Images/ACR-055/ACR-055_Software__Decline_Button_Less_Prominent3.PNG","170322/D-PCRepairKit-00010/Images/ACR-055/ACR-055_Software__Negative_Push.PNG","170322/D-PCRepairKit-00010/Images/ACR-003/ACR-003_Software__Event_Log_As_Threats1.PNG","170322/D-PCRepairKit-00010/Images/ACR-003/ACR-003_Software__Event_Log_As_Threats2.PNG","170322/D-PCRepairKit-00010/Images/ACR-003/ACR-003_Software__Extra_App_Listed_As_A_Missing_Component.PNG","170322/D-PCRepairKit-00010/Images/ACR-003/ACR-003_Software__Extra_App_Listed_As_Protection_Deficiency.PNG","170322/D-PCRepairKit-00010/Images/ACR-INFO/ACR-003_Software_Exaggerated_Health_Issue.mp4","170322/D-PCRepairKit-00010/Images/ACR-016/ACR-016_AdsAboutApp_Cannot_Stop_Download_After_It_Starts.PNG","170322/D-PCRepairKit-00010/Images/ACR-016/ACR-016_AdsAboutApp__Download_Directly_Launched.PNG"],"guid":"1dbffeb8-9f85-46ed-97b0-38b1f420e4d6_1.8.1.4_1","appID":"D-PCRepairKit-00010","dateAdded":"170322","deceptorType":"App","name":"PCRepairKit","company":"TweakBit","version":"1.8.1.4","sigName":"Deceptor:Win32/PCRepairKit!003168","firstVendorContactDate":"170526","firstAppEsteemReplyDate":"170526","firstResolvedDate":"170602","firstResolvedVersion":"1.8.2.0","resolved":"TRUE","lastKnownStatus":"Not Deceptor: 1.8.2.0","lastKnownDate":"170602","lastUpdate":"2018-02-15T00:28:27.7047554+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2822},{"violations":{"ACR-003":"App exaggerates empty reigstry keys are HIGH damage level errors. Uses big reg banner of \"ATTENTION! XXX ERRORS were found\".","ACR-INFO":"Example video"},"nonDeceptorViolations":{"ACR-003":"App exaggerates empty reigstry keys are HIGH damage level errors. Uses big reg banner of \"ATTENTION! XXX ERRORS were found\"."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"CK Technologies Pvt Ltd","productName":"PC Fix Cleaner","productVersion":"3.0.11","fileVersion":"1.0.0","hashMD5":"38fa83faab584cecf24c7db44f9d366d","hashSHA1":"3543db7015428e4c83b95cf0897e3aed8b657a3b","hashSHA256":"a5ea8b4bd0a63e55d929b0a6c0bac1b1027c4c412596303fff5900cf4b557d42","digitalCertThumbprint":"9e6f3021281967c657dd01feeca3a37c6ca05e69","sourceIndex":"3730","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"CK Technologies Pvt Ltd","productName":"PC Fix Cleaner","productVersion":"3.0.9","fileVersion":"1.0.0","hashMD5":"0744a747cffff93ddd4b8a78e015b535","hashSHA1":"d95207ee86acf7709d07066b9705a285cb30ea7d","hashSHA256":"999b548d623f92096afb95b326fd0dcdfe72f3a9f6075145bf109bb47ae0220b","digitalCertThumbprint":"081176e5d744e6116339c0b3c9610a1d9dd7c7f9","sourceIndex":"3730","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"CK Technologies Pvt Ltd","productName":"PC Fix Cleaner","productVersion":"3.0.11","fileVersion":"1.0.0","hashMD5":"38fa83faab584cecf24c7db44f9d366d","hashSHA1":"3543db7015428e4c83b95cf0897e3aed8b657a3b","hashSHA256":"a5ea8b4bd0a63e55d929b0a6c0bac1b1027c4c412596303fff5900cf4b557d42","digitalCertThumbprint":"9e6f3021281967c657dd01feeca3a37c6ca05e69","sourceIndex":"3731","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"CK Technologies Pvt Ltd","productName":"PC Fix Cleaner","productVersion":"3.0.9","fileVersion":"1.0.0","hashMD5":"0744a747cffff93ddd4b8a78e015b535","hashSHA1":"d95207ee86acf7709d07066b9705a285cb30ea7d","hashSHA256":"999b548d623f92096afb95b326fd0dcdfe72f3a9f6075145bf109bb47ae0220b","digitalCertThumbprint":"081176e5d744e6116339c0b3c9610a1d9dd7c7f9","sourceIndex":"3731","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"CK Technologies Pvt Ltd","productName":"PC Fix Cleaner","productVersion":"3.0.11","fileVersion":"1.0.0","hashMD5":"38fa83faab584cecf24c7db44f9d366d","hashSHA1":"3543db7015428e4c83b95cf0897e3aed8b657a3b","hashSHA256":"a5ea8b4bd0a63e55d929b0a6c0bac1b1027c4c412596303fff5900cf4b557d42","digitalCertThumbprint":"9e6f3021281967c657dd01feeca3a37c6ca05e69","sourceIndex":"3732","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"CK Technologies Pvt Ltd","productName":"PC Fix Cleaner","productVersion":"3.0.9","fileVersion":"1.0.0","hashMD5":"0744a747cffff93ddd4b8a78e015b535","hashSHA1":"d95207ee86acf7709d07066b9705a285cb30ea7d","hashSHA256":"999b548d623f92096afb95b326fd0dcdfe72f3a9f6075145bf109bb47ae0220b","digitalCertThumbprint":"081176e5d744e6116339c0b3c9610a1d9dd7c7f9","sourceIndex":"3732","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","reference":"Google “help me fix my pc”","landingPage":"http://download.cnet.com/PC-Fix-Cleaner/3000-18512_4-75335507.html","directDownloadingLink":"http://files.downloadnow.com/s/software/14/42/41/17/pcfix-v307-en.exe?token=1489345753_8e9a3c0ce7f67b657891d94d912b011e&fileName=pcfix-v307-en.exe","ipv4":"124.155.222.201","sourceIndex":"3730"},{"howFound":"Hunt.Advertising","reference":"Google \"help me fix my pc\"","landingPage":"https://www.pc-fix-cleaner.com/","directDownloadingLink":"http://www.pc-fix-cleaner.com/en/download.aspx","ipv4":"118.139.189.155","sourceIndex":"3731"},{"howFound":"Hunt.Advertising","reference":"Google \"help me fix my pc\"","landingPage":"https://www.pc-fix-cleaner.com/","directDownloadingLink":"http://www.pc-fix-cleaner.com/files/pcfix-v309-en.exe","ipv4":"118.139.189.155","sourceIndex":"3732"}],"sampleFiles":["170312/D-PCFixCleaner-00004/Samples/pcfix-v307-en.exe","170312/D-PCFixCleaner-00004/Samples/pcfix-v309-en.exe"],"imageFiles":["170312/D-PCFixCleaner-00004/Images/ACR-003/EmptyRegistryKeyRatedAsHighDamageLevel.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-003/Exaggerated_Errors.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-INFO/ACR-003_Exaggerated_Errors.mp4","170312/D-PCFixCleaner-00004/Images/ACR-007/AutomaticDownload.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-INFO/ACR-007_AutomaticDownload.mp4","170312/D-PCFixCleaner-00004/Images/ACR-017/AutomaticDownload.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-055/Misleading.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-055/Misleading_1.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-055/Misleading_2.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-055/Misleading_3.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-INFO/ACR-003_Exaggerated_Errors.mp4","170312/D-PCFixCleaner-00004/Images/ACR-INFO/ACR-007_AutomaticDownload.mp4"],"nonDeceptorImageFiles":["170312/D-PCFixCleaner-00004/Images/ACR-045/PaymentNotMentioned.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-045/Paymentnotmentioned_1.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-065/NoEULA.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-065/NoEULA_NoPrivacy.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-065/NoPrivacy.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-092/NotSigned.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-098/AutomaticDownload.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-054/NoEqualProminence.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-054/NoEqualProminence_1.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-064/AutomaticDownload.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-068/OfferNotClear.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-055/Misleading.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-055/Misleading_1.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-055/Misleading_2.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-055/Misleading_3.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-003/EmptyRegistryKeyRatedAsHighDamageLevel.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-003/Exaggerated_Errors.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-INFO/ACR-003_Exaggerated_Errors.mp4","170312/D-PCFixCleaner-00004/Images/ACR-007/AutomaticDownload.jpeg","170312/D-PCFixCleaner-00004/Images/ACR-INFO/ACR-007_AutomaticDownload.mp4","170312/D-PCFixCleaner-00004/Images/ACR-017/AutomaticDownload.jpeg"],"guid":"9c26d781-66d8-4f12-8d67-03b381168f5b_3.0_1","appID":"D-PCFixCleaner-00004","dateAdded":"170312","deceptorType":"App","name":"PC Fix Cleaner","company":"CK Technologies Pvt Ltd","version":"3.0","sigName":"Deceptor:Win32/PCFixCleaner!003","lastKnownStatus":"Deceptor:3.0.11","lastKnownDate":"170311","lastUpdate":"2018-02-15T00:30:58.2448563+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2823},{"violations":{"ACR-003":"Calls Registry items \"threats\", which is exaggeration. Number of malware or PUA \"threats\" is over counted: a folder its subfolder count as two malware items.","ACR-084":"App creates hidden scheduled task that user cant change without payment"},"nonDeceptorViolations":{"ACR-003":"Calls Registry items \"threats\", which is exaggeration. Number of malware or PUA \"threats\" is over counted: a folder its subfolder count as two malware items."},"samples":[{"isRevoked":"False","isInstaller":"True","companyName":"PC Cleaner Inc.","productName":"PC Cleaner Pro","productVersion":"16.0.0.34","fileVersion":"16.0.0.34","hashMD5":"637d04f2ec2855f5070bb64f2f61b6cc","hashSHA1":"fd60922d84b131abe2fe8de23f167f1cfbd7c282","hashSHA256":"38c35f0d5ddb786343958a8297c479de3fe118795a1e478ccbfe4d17e80b1e65","digitalCertThumbprint":"1123425B511F1E039176C5A654CC9B278607F57B","sourceIndex":"3765","avBlockList":[],"avAllowList":[]},{"isRevoked":"False","isInstaller":"True","companyName":"PC Cleaner Inc.","productName":"PC Cleaner Pro","productVersion":"17.0.0.14","fileVersion":"17.0.0.14","hashMD5":"ce4e0861afe5ea2d2579e985e6f99bef","hashSHA1":"b01c5e4de359fd72a3c8e1b36af9601519b12f0c","hashSHA256":"15d980f3c65945d18f7f0f68974d5c80a2d35f93785309a78d7ede650a59859c","digitalCertThumbprint":"1123425b511f1e039176c5a654cc9b278607f57b","sourceIndex":"3765","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Advertising","landingPage":"http://www.pccleaner.com/","sourceIndex":"3765"}],"sampleFiles":["170226/D-PCCleaner-00002/Samples/PCPro-Installer.exe","170226/D-PCCleaner-00002/Samples/PCPro-Installer_17.exe"],"imageFiles":["170226/D-PCCleaner-00002/Images/ACR-003/MisleadUserSystemHealth.PNG","170226/D-PCCleaner-00002/Images/ACR-084/SetupScheduledTaskWithoutDisclosingToUserAndCantChange.JPG"],"nonDeceptorImageFiles":["170226/D-PCCleaner-00002/Images/ACR-003/MisleadUserSystemHealth.PNG"],"guid":"ab6e9d77-954f-449a-8fd0-974aaf75286a_16.0_1","appID":"D-PCCleaner-00002","dateAdded":"170226","deceptorType":"App","name":"PC Cleaner Pro","company":"PC Cleaner Inc.","version":"16.0","sigName":"Deceptor:Win32/PCCleaner!003084","firstVendorContactDate":"170420","firstAppEsteemReplyDate":"170420","firstResolvedDate":"170509","firstResolvedVersion":"17.0.0.18","resolved":"TRUE","lastKnownStatus":"Not Deceptor: 17.0.0.18","lastKnownDate":"170509","lastUpdate":"2018-02-15T00:25:27.4802568+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2824},{"violations":{"ACR-042":"Separate app IObit Uninstaller installed and shortcut placed on desktop without user permission. In action center, if click \"Get Spyware protection\", it downloads malware fighter without user consent. Clicking \"fix all\" in the Malware Fighter installs additional apps DriverBoost and Smart Defrag.\n","ACR-003":"Over-exaggerates problems, registry errors, privacy issues (e.g., av backup signatures shown as privacy issues; scares and misleads user that no 3rd party consumer that there is no 3rd party antivirus, when Defender is active)\n","ACR-118":"Liveupdate left installed and running active after uninstallation. Several executable files also left behind after uninstallation.\n"},"nonDeceptorViolations":{"ACR-003":"Over-exaggerates problems, registry errors, privacy issues (e.g., av backup signatures shown as privacy issues; scares and misleads user that no 3rd party consumer that there is no 3rd party antivirus, when Defender is active)\n"},"samples":[{"isRevoked":"False","fileName":"advanced-systemcare-setup.exe","isInstaller":"True","companyName":"Iobit","productName":"Advanced SystemCare 10","productVersion":"10.2.0","fileVersion":"10.2.0.721","hashMD5":"bef2433a0f9d09377bbf163a2cfc1051","hashSHA1":"58b734999c6fdf7633870b007ab3f5e06acdc78a","hashSHA256":"4a08c803449d1aa4bfc7df4ca21fa03d6aa674bd439ee17ca53e0928ff2a3ca1","digitalCertThumbprint":"72E43BDF20C3532371DD5A0A4BB27E0B3DA44248","sourceIndex":"3744","avBlockList":[],"avAllowList":[]}],"additionalFiles":[],"sources":[{"howFound":"Hunt.Sentiment","reference":"https://www.pissedconsumer.com/company/iobit/terrible-activation-plan-made-me-call-to-activate-then-pushed-very-hard-to-up-sell-20141217571395.html","landingPage":"http://www.iobit.com/en/advancedsystemcarefree.php","directDownloadingLink":"http://files.downloadnow-1.com/s/software/15/70/66/01/advanced-systemcare-setup.exe?token=1488197923_ac8bad679f6e704da2fa2384ab8ed11f&fileName=advanced-systemcare-setup.exe","ipv4":"23.204.103.139","sourceIndex":"3744"}],"sampleFiles":["170226/D-AdvancedSystemCare-00001/Samples/advanced-systemcare-setup.exe"],"imageFiles":["170226/D-AdvancedSystemCare-00001/Images/ACR-042/InstallNonAgreedComponents.png","170226/D-AdvancedSystemCare-00001/Images/ACR-042/InstallNonAgreedComponents_1.png","170226/D-AdvancedSystemCare-00001/Images/ACR-003/ACR-003_Install.png","170226/D-AdvancedSystemCare-00001/Images/ACR-003/MisleadUserSystemHealth.png","170226/D-AdvancedSystemCare-00001/Images/ACR-003/MisleadUserSystemHealth_1.png","170226/D-AdvancedSystemCare-00001/Images/ACR-017/ACR-017_LandingPage.jpeg","170226/D-AdvancedSystemCare-00001/Images/ACR-118/ActiveComponentsLeftAfterUninstallation.png","170226/D-AdvancedSystemCare-00001/Images/ACR-INFO/Deceptor_ASC_1.mp4","170226/D-AdvancedSystemCare-00001/Images/ACR-INFO/Deceptor_ASC_2.mp4","170226/D-AdvancedSystemCare-00001/Images/ACR-INFO/Deceptor_ASC_3.mp4"],"nonDeceptorImageFiles":["170226/D-AdvancedSystemCare-00001/Images/ACR-003/ACR-003_Install.png","170226/D-AdvancedSystemCare-00001/Images/ACR-003/MisleadUserSystemHealth.png","170226/D-AdvancedSystemCare-00001/Images/ACR-003/MisleadUserSystemHealth_1.png","170226/D-AdvancedSystemCare-00001/Images/ACR-017/ACR-017_LandingPage.jpeg"],"guid":"6a703dfa-cb03-403e-a93c-ada6fcbb0324_10.2_1","appID":"D-AdvancedSystemCare-00001","dateAdded":"170226","deceptorType":"App","name":"Advanced SystemCare 10","company":"IObit","version":"10.2","sigName":"Deceptor:Win32/AdvancedSystemCare!042003017118","firstVendorContactDate":"170309","firstAppEsteemReplyDate":"170309","firstResolvedDate":"170323","firstResolvedVersion":"10.2.0.729","resolved":"TRUE","lastKnownStatus":"Not Deceptor: 10.2.0.729","lastKnownDate":"170323","type":"Windows Executable","category":"[\"SysTools & Utilities\"]","targetOS":"[\"Windows XP\",\"Windows Vista\",\"Windows 7\",\"Windows 10\",\"Windows 8\"]","targetBrowser":"[\"None\"]","targetCustomer":"[\"consumer\",\"enterprise\"]","ageAppropriate":"Child appropriate","monetization":"[\"paid\",\"up-sell to paid\"]","lastUpdate":"2018-02-15T00:28:27.463316+00:00","notDistributed":false,"numInFamily":0,"numInAppID":1,"sortOrder":2825}],"version":"1"}